1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801 2802 2803 2804 2805 2806 2807 2808 2809 2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864 2865 2866 2867 2868 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 2886 2887 2888 2889 2890 2891 2892 2893 2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062 3063 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111 3112 3113 3114 3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 3127 3128 3129 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144 3145 3146 3147 3148 3149 3150 3151 3152 3153 3154 3155 3156 3157 3158 3159 3160 3161 3162 3163 3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175 3176 3177 3178 3179 3180 3181 3182 3183 3184 3185 3186 3187 3188 3189 3190 3191 3192 3193 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263 3264 3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279 3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 3345 3346 3347 3348 3349 3350 3351 3352 3353 3354 3355 3356 3357 3358 3359 3360 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375 3376 3377 3378 3379 3380 3381 3382 3383 3384 3385 3386 3387 3388 3389 3390 3391 3392 3393 3394 3395 3396 3397 3398 3399 3400 3401 3402 3403 3404 3405 3406 3407 3408 3409 3410 3411 3412 3413 3414 3415 3416 3417 3418 3419 3420 3421 3422 3423 3424 3425 3426 3427 3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 3442 3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453 3454 3455 3456 3457 3458 3459 3460 3461 3462 3463 3464 3465 3466 3467 3468 3469 3470 3471 3472 3473 3474 3475 3476 3477 3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 3490 3491 3492 3493 3494 3495 3496 3497 3498 3499 3500 3501 3502 3503 3504 3505 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517 3518 3519 3520 3521 3522 3523 3524 3525 3526 3527 3528 3529 3530 3531 3532 3533 3534 3535 3536 3537 3538 3539 3540 3541 3542 3543 3544 3545 3546 3547 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 3591 3592 3593 3594 3595 3596 3597 3598 3599 3600 3601 3602 3603 3604 3605 3606 3607 3608 3609 3610 3611 3612 3613 3614 3615 3616 3617 3618 3619 3620 3621 3622 3623 3624 3625 3626 3627 3628 3629 3630 3631 3632 3633 3634 3635 3636 3637 3638 3639 3640 3641 3642 3643 3644 3645 3646 3647 3648 3649 3650 3651 3652 3653 3654 3655 3656 3657 3658 3659 3660 3661 3662 3663 3664 3665 3666 3667 3668 3669 3670 3671 3672 3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683 3684 3685 3686 3687 3688 3689 3690 3691 3692 3693 3694 3695 3696 3697 3698 3699 3700 3701 3702 3703 3704 3705 3706 3707 3708 3709 3710 3711 3712 3713 3714 3715 3716 3717 3718 3719 3720 3721 3722 3723 3724 3725 3726 3727 3728 3729 3730 3731 3732 3733 3734 3735 3736 3737 3738 3739 3740 3741 3742 3743 3744 3745 3746 3747 3748 3749 3750 3751 3752 3753 3754 3755 3756 3757 3758 3759 3760 3761 3762 3763 3764 3765 3766 3767 3768 3769 3770 3771 3772 3773 3774 3775 3776 3777 3778 3779 3780 3781 3782 3783 3784 3785 3786 3787 3788 3789 3790 3791 3792 3793 3794 3795 3796 3797 3798 3799 3800 3801 3802 3803 3804 3805 3806 3807 3808 3809 3810 3811 3812 3813 3814 3815 3816 3817 3818 3819 3820 3821 3822 3823 3824 3825 3826 3827 3828 3829 3830 3831 3832 3833 3834 3835 3836 3837 3838 3839 3840 3841 3842 3843 3844 3845 3846 3847 3848 3849 3850 3851 3852 3853 3854 3855 3856 3857 3858 3859 3860 3861 3862 3863 3864 3865 3866 3867 3868 3869 3870 3871 3872 3873 3874 3875 3876 3877 3878 3879 3880 3881 3882 3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 3895 3896 3897 3898 3899 3900 3901 3902 3903 3904 3905 3906 3907 3908 3909 3910 3911 3912 3913 3914 3915 3916 3917 3918 3919 3920 3921 3922 3923 3924 3925 3926 3927 3928 3929 3930 3931 3932 3933 3934 3935 3936 3937 3938 3939 3940 3941 3942 3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 3953 3954 3955 3956 3957 3958 3959 3960 3961 3962 3963 3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 3974 3975 3976 3977 3978 3979 3980 3981 3982 3983 3984 3985 3986 3987 3988 3989 3990 3991 3992 3993 3994 3995 3996 3997 3998 3999 4000 4001 4002 4003 4004 4005 4006 4007 4008 4009 4010 4011 4012 4013 4014 4015 4016 4017 4018 4019 4020 4021 4022 4023 4024 4025 4026 4027 4028 4029 4030 4031 4032 4033 4034 4035 4036 4037 4038 4039 4040 4041 4042 4043 4044 4045 4046 4047 4048 4049 4050 4051 4052 4053 4054 4055 4056 4057 4058 4059 4060 4061 4062 4063 4064 4065 4066 4067 4068 4069 4070 4071 4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 4106 4107 4108 4109 4110 4111 4112 4113 4114 4115 4116 4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 4157 4158 4159 4160 4161 4162 4163 4164 4165 4166 4167 4168 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196 4197 4198 4199 4200 4201 4202 4203 4204 4205 4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221 4222 4223 4224 4225 4226 4227 4228 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259 4260 4261 4262 4263 4264 4265 4266 4267 4268 4269 4270 4271 4272 4273 4274 4275 4276 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349 4350 4351 4352 4353 4354 4355 4356 4357 4358 4359 4360 4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 4383 4384 4385 4386 4387 4388 4389 4390 4391 4392 4393 4394 4395 4396 4397 4398 4399 4400 4401 4402 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 4441 4442 4443 4444 4445 4446 4447 4448 4449 4450 4451 4452 4453 4454 4455 4456 4457 4458 4459 4460 4461 4462 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540 4541 4542 4543 4544 4545 4546 4547 4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 4579 4580 4581 4582 4583 4584 4585 4586 4587 4588 4589 4590 4591 4592 4593 4594 4595 4596 4597 4598 4599 4600 4601 4602 4603 4604 4605 4606 4607 4608 4609 4610 4611 4612 4613 4614 4615 4616 4617 4618 4619 4620 4621 4622 4623 4624 4625 4626 4627 4628 4629 4630 4631 4632 4633 4634 4635 4636 4637 4638 4639 4640 4641 4642 4643 4644 4645 4646 4647 4648 4649 4650 4651 4652 4653 4654 4655 4656 4657 4658 4659 4660 4661 4662 4663 4664 4665 4666 4667 4668 4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688 4689 4690 4691 4692 4693 4694 4695 4696 4697 4698 4699 4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 4721 4722 4723 4724 4725 4726 4727 4728 4729 4730 4731 4732 4733 4734 4735 4736 4737 4738 4739 4740 4741 4742 4743 4744 4745 4746 4747 4748 4749 4750 4751 4752 4753 4754 4755 4756 4757 4758 4759 4760 4761 4762 4763 4764 4765 4766 4767 4768 4769 4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786 4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 4797 4798 4799 4800 4801 4802 4803 4804 4805 4806 4807 4808 4809 4810 4811 4812 4813 4814 4815 4816 4817 4818 4819 4820 4821 4822 4823 4824 4825 4826 4827 4828 4829 4830 4831 4832 4833 4834 4835 4836 4837 4838 4839 4840 4841 4842 4843 4844 4845 4846 4847 4848 4849 4850 4851 4852 4853 4854 4855 4856 4857 4858 4859 4860 4861 4862 4863 4864 4865 4866 4867 4868 4869 4870 4871 4872 4873 4874 4875 4876 4877 4878 4879 4880 4881 4882 4883 4884 4885 4886 4887 4888 4889 4890 4891 4892 4893 4894 4895 4896 4897 4898 4899 4900 4901 4902 4903 4904 4905 4906 4907 4908 4909 4910 4911 4912 4913 4914 4915 4916 4917 4918 4919 4920 4921 4922 4923 4924 4925 4926 4927 4928 4929 4930 4931 4932 4933 4934 4935 4936 4937 4938 4939 4940 4941 4942 4943 4944 4945 4946 4947 4948 4949 4950 4951 4952 4953 4954 4955 4956 4957 4958 4959 4960 4961 4962 4963 4964 4965 4966 4967 4968 4969 4970 4971 4972 4973 4974 4975 4976 4977 4978 4979 4980 4981 4982 4983 4984 4985 4986 4987 4988 4989 4990 4991 4992 4993 4994 4995 4996 4997 4998 4999 5000 5001 5002 5003 5004 5005 5006 5007 5008 5009 5010 5011 5012 5013 5014 5015 5016 5017 5018 5019 5020 5021 5022 5023 5024 5025 5026 5027 5028 5029 5030 5031 5032 5033 5034 5035 5036 5037 5038 5039 5040 5041 5042 5043 5044 5045 5046 5047 5048 5049 5050 5051 5052 5053 5054 5055 5056 5057 5058 5059 5060 5061 5062 5063 5064 5065 5066 5067 5068 5069 5070 5071 5072 5073 5074 5075 5076 5077 5078 5079 5080 5081 5082 5083 5084 5085 5086 5087 5088 5089 5090 5091 5092 5093 5094 5095 5096 5097 5098 5099 5100 5101 5102 5103 5104 5105 5106 5107 5108 5109 5110 5111 5112 5113 5114 5115 5116 5117 5118 5119 5120 5121 5122 5123 5124 5125 5126 5127 5128 5129 5130 5131 5132 5133 5134 5135 5136 5137 5138 5139 5140 5141 5142 5143 5144 5145 5146 5147 5148 5149 5150 5151 5152 5153 5154 5155 5156 5157 5158 5159 5160 5161 5162 5163 5164 5165 5166 5167 5168 5169 5170 5171 5172 5173 5174 5175 5176 5177 5178 5179 5180 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 5198 5199 5200 5201 5202 5203 5204 5205 5206 5207 5208 5209 5210 5211 5212 5213 5214 5215 5216 5217 5218 5219 5220 5221 5222 5223 5224 5225 5226 5227 5228 5229 5230 5231 5232 5233 5234 5235 5236 5237 5238 5239 5240 5241 5242 5243 5244 5245 5246 5247 5248 5249 5250 5251 5252 5253 5254 5255 5256 5257 5258 5259 5260 5261 5262 5263 5264 5265 5266 5267 5268 5269 5270 5271 5272 5273 5274 5275 5276 5277 5278 5279 5280 5281 5282 5283 5284 5285 5286 5287 5288 5289 5290 5291 5292 5293 5294 5295 5296 5297 5298 5299 5300 5301 5302 5303 5304 5305 5306 5307 5308 5309 5310 5311 5312 5313 5314 5315 5316 5317 5318 5319 5320 5321 5322 5323 5324 5325 5326 5327 5328 5329 5330 5331 5332 5333 5334 5335 5336 5337 5338 5339 5340 5341 5342 5343 5344 5345 5346 5347 5348 5349 5350 5351 5352 5353 5354 5355 5356 5357 5358 5359 5360 5361 5362 5363 5364 5365 5366 5367 5368 5369 5370 5371 5372 5373 5374 5375 5376 5377 5378 5379 5380 5381 5382 5383 5384 5385 5386 5387 5388 5389 5390 5391 5392 5393 5394 5395 5396 5397 5398 5399 5400 5401 5402 5403 5404 5405 5406 5407 5408 5409 5410 5411 5412 5413 5414 5415 5416 5417 5418 5419 5420 5421 5422 5423 5424 5425 5426 5427 5428 5429 5430 5431 5432 5433 5434 5435 5436 5437 5438 5439 5440 5441 5442 5443 5444 5445 5446 5447 5448 5449 5450 5451 5452 5453 5454 5455 5456 5457 5458 5459 5460 5461 5462 5463 5464 5465 5466 5467 5468 5469 5470 5471 5472 5473 5474 5475 5476 5477 5478 5479 5480 5481 5482 5483 5484 5485 5486 5487 5488 5489 5490 5491 5492 5493 5494 5495 5496 5497 5498 5499 5500 5501 5502 5503 5504 5505 5506 5507 5508 5509 5510 5511 5512 5513 5514 5515 5516 5517 5518 5519 5520 5521 5522 5523 5524 5525 5526 5527 5528 5529 5530 5531 5532 5533 5534 5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 5546 5547 5548 5549 5550 5551 5552 5553 5554 5555 5556 5557 5558 5559 5560 5561 5562 5563 5564 5565 5566 5567 5568 5569 5570 5571 5572 5573 5574 5575 5576 5577 5578 5579 5580 5581 5582 5583 5584 5585 5586 5587 5588 5589 5590 5591 5592 5593 5594 5595 5596 5597 5598 5599 5600 5601 5602 5603 5604 5605 5606 5607 5608 5609 5610 5611 5612 5613 5614 5615 5616 5617 5618 5619 5620 5621 5622 5623 5624 5625 5626 5627 5628 5629 5630 5631 5632 5633 5634 5635 5636 5637 5638 5639 5640 5641 5642 5643 5644 5645 5646 5647 5648 5649 5650 5651 5652 5653 5654 5655 5656 5657 5658 5659 5660 5661 5662 5663 5664 5665 5666 5667 5668 5669 5670 5671 5672 5673 5674 5675 5676 5677 5678 5679 5680 5681 5682 5683 5684 5685 5686 5687 5688 5689 5690 5691 5692 5693 5694 5695 5696 5697 5698 5699 5700 5701 5702 5703 5704 5705 5706 5707 5708 5709 5710 5711 5712 5713 5714 5715 5716 5717 5718 5719 5720 5721 5722 5723 5724 5725 5726 5727 5728 5729 5730 5731 5732 5733 5734 5735 5736 5737 5738 5739 5740 5741 5742 5743 5744 5745 5746 5747 5748 5749 5750 5751 5752 5753 5754 5755 5756 5757 5758 5759 5760 5761 5762 5763 5764 5765 5766 5767 5768 5769 5770 5771 5772 5773 5774 5775 5776 5777 5778 5779 5780 5781 5782 5783 5784 5785 5786 5787 5788 5789 5790 5791 5792 5793 5794 5795 5796 5797 5798 5799 5800 5801 5802 5803 5804 5805 5806 5807 5808 5809 5810 5811 5812 5813 5814 5815 5816 5817 5818 5819 5820 5821 5822 5823 5824 5825 5826 5827 5828 5829 5830 5831 5832 5833 5834 5835 5836 5837 5838 5839 5840 5841 5842 5843 5844 5845 5846 5847 5848 5849 5850 5851 5852 5853 5854 5855 5856 5857 5858 5859 5860 5861 5862 5863 5864 5865 5866 5867 5868 5869 5870 5871 5872 5873 5874 5875 5876 5877 5878 5879 5880 5881 5882 5883 5884 5885 5886 5887 5888 5889 5890 5891 5892 5893 5894 5895 5896 5897 5898 5899 5900 5901 5902 5903 5904 5905 5906 5907 5908 5909 5910 5911 5912 5913 5914 5915 5916 5917 5918 5919 5920 5921 5922 5923 5924 5925 5926 5927 5928 5929 5930 5931 5932 5933 5934 5935 5936 5937 5938 5939 5940 5941 5942 5943 5944 5945 5946 5947 5948 5949 5950 5951 5952 5953 5954 5955 5956 5957 5958 5959 5960 5961 5962 5963 5964 5965 5966 5967 5968 5969 5970 5971 5972 5973 5974 5975 5976 5977 5978 5979 5980 5981 5982 5983 5984 5985 5986 5987 5988 5989 5990 5991 5992 5993 5994 5995 5996 5997 5998 5999 6000 6001 6002 6003 6004 6005 6006 6007 6008 6009 6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 6034 6035 6036 6037 6038 6039 6040 6041 6042 6043 6044 6045 6046 6047 6048 6049 6050 6051 6052 6053 6054 6055 6056 6057 6058 6059 6060 6061 6062 6063 6064 6065 6066 6067 6068 6069 6070 6071 6072 6073 6074 6075 6076 6077 6078 6079 6080 6081 6082 6083 6084 6085 6086 6087 6088 6089 6090 6091 6092 6093 6094 6095 6096 6097 6098 6099 6100 6101 6102 6103 6104 6105 6106 6107 6108 6109 6110 6111 6112 6113 6114 6115 6116 6117 6118 6119 6120 6121 6122 6123 6124 6125 6126 6127 6128 6129 6130 6131 6132 6133 6134 6135 6136 6137 6138 6139 6140 6141 6142 6143 6144 6145 6146 6147 6148 6149 6150 6151 6152 6153 6154 6155 6156 6157 6158 6159 6160 6161 6162 6163 6164 6165 6166 6167 6168 6169 6170 6171 6172 6173 6174 6175 6176 6177 6178 6179 6180 6181 6182 6183 6184 6185 6186 6187 6188 6189 6190 6191 6192 6193 6194 6195 6196 6197 6198 6199 6200 6201 6202 6203 6204 6205 6206 6207 6208 6209 6210 6211 6212 6213 6214 6215 6216 6217 6218 6219 6220 6221 6222 6223 6224 6225 6226 6227 6228 6229 6230 6231 6232 6233 6234 6235 6236 6237 6238 6239 6240 6241 6242 6243 6244 6245 6246 6247 6248 6249 6250 6251 6252 6253 6254 6255 6256 6257 6258 6259 6260 6261 6262 6263 6264 6265 6266 6267 6268 6269 6270 6271 6272 6273 6274 6275 6276 6277 6278 6279 6280 6281 6282 6283 6284 6285 6286 6287 6288 6289 6290 6291 6292 6293 6294 6295 6296 6297 6298 6299 6300 6301 6302 6303 6304 6305 6306 6307 6308 6309 6310 6311 6312 6313 6314 6315 6316 6317 6318 6319 6320 6321 6322 6323 6324 6325 6326 6327 6328 6329 6330 6331 6332 6333 6334 6335 6336 6337 6338 6339 6340 6341 6342 6343 6344 6345 6346 6347 6348 6349 6350 6351 6352 6353 6354 6355 6356 6357 6358 6359 6360 6361 6362 6363 6364 6365 6366 6367 6368 6369 6370 6371 6372 6373 6374 6375 6376 6377 6378 6379 6380 6381 6382 6383 6384 6385 6386 6387 6388 6389 6390 6391 6392 6393 6394 6395 6396 6397 6398 6399 6400 6401 6402 6403 6404 6405 6406 6407 6408 6409 6410 6411 6412 6413 6414 6415 6416 6417 6418 6419 6420 6421 6422 6423 6424 6425 6426 6427 6428 6429 6430 6431 6432 6433 6434 6435 6436 6437 6438 6439 6440 6441 6442 6443 6444 6445 6446 6447 6448 6449 6450 6451 6452 6453 6454 6455 6456 6457 6458 6459 6460 6461 6462 6463 6464 6465 6466 6467 6468 6469 6470 6471 6472 6473 6474 6475 6476 6477 6478 6479 6480 6481 6482 6483 6484 6485 6486 6487 6488 6489 6490 6491 6492 6493 6494 6495 6496 6497 6498 6499 6500 6501 6502 6503 6504 6505 6506 6507 6508 6509 6510 6511 6512 6513 6514 6515 6516 6517 6518 6519 6520 6521 6522 6523 6524 6525 6526 6527 6528 6529 6530 6531 6532 6533 6534 6535 6536 6537 6538 6539 6540 6541 6542 6543 6544 6545 6546 6547 6548 6549 6550 6551 6552 6553 6554 6555 6556 6557 6558 6559 6560 6561 6562 6563 6564 6565 6566 6567 6568 6569 6570 6571 6572 6573 6574 6575 6576 6577 6578 6579 6580 6581 6582 6583 6584 6585 6586 6587 6588 6589 6590 6591 6592 6593 6594 6595 6596 6597 6598 6599 6600 6601 6602 6603 6604 6605 6606 6607 6608 6609 6610 6611 6612 6613 6614 6615 6616 6617 6618 6619 6620 6621 6622 6623 6624 6625 6626 6627 6628 6629 6630 6631 6632 6633 6634 6635 6636 6637 6638 6639 6640 6641 6642 6643 6644 6645 6646 6647 6648 6649 6650 6651 6652 6653 6654 6655 6656 6657 6658 6659 6660 6661 6662 6663 6664 6665 6666 6667 6668 6669 6670 6671 6672 6673 6674 6675 6676 6677 6678 6679 6680 6681 6682 6683 6684 6685 6686 6687 6688 6689 6690 6691 6692 6693 6694 6695 6696 6697 6698 6699 6700 6701 6702 6703 6704 6705 6706 6707 6708 6709 6710 6711 6712 6713 6714 6715 6716 6717 6718 6719 6720 6721 6722 6723 6724 6725 6726 6727 6728 6729 6730 6731 6732 6733 6734 6735 6736 6737 6738 6739 6740 6741 6742 6743 6744 6745 6746 6747 6748 6749 6750 6751 6752 6753 6754 6755 6756 6757 6758 6759 6760 6761 6762 6763 6764 6765 6766 6767 6768 6769 6770 6771 6772 6773 6774 6775 6776 6777 6778 6779 6780 6781 6782 6783 6784 6785 6786 6787 6788 6789 6790 6791 6792 6793 6794 6795 6796 6797 6798 6799 6800 6801 6802 6803 6804 6805 6806 6807 6808 6809 6810 6811 6812 6813 6814 6815 6816 6817 6818 6819 6820 6821 6822 6823 6824 6825 6826 6827 6828 6829 6830 6831 6832 6833 6834 6835 6836 6837 6838 6839 6840 6841 6842 6843 6844 6845 6846 6847 6848 6849 6850 6851 6852 6853 6854 6855 6856 6857 6858 6859 6860 6861 6862 6863 6864 6865 6866 6867 6868 6869 6870 6871 6872 6873 6874 6875 6876 6877 6878 6879 6880 6881 6882 6883 6884 6885 6886 6887 6888 6889 6890 6891 6892 6893 6894 6895 6896 6897 6898 6899 6900 6901 6902 6903 6904 6905 6906 6907 6908 6909 6910 6911 6912 6913 6914 6915 6916 6917 6918 6919 6920 6921 6922 6923 6924 6925 6926 6927 6928 6929 6930 6931 6932 6933 6934 6935 6936 6937 6938 6939 6940 6941 6942 6943 6944 6945 6946 6947 6948 6949 6950 6951 6952 6953 6954 6955 6956 6957 6958 6959 6960 6961 6962 6963 6964 6965 6966 6967 6968 6969 6970 6971 6972 6973 6974 6975 6976 6977 6978 6979 6980 6981 6982 6983 6984 6985 6986 6987 6988 6989 6990 6991 6992 6993 6994 6995 6996 6997 6998 6999 7000 7001 7002 7003 7004 7005 7006 7007 7008 7009 7010 7011 7012 7013 7014 7015 7016 7017 7018 7019 7020 7021 7022 7023 7024 7025 7026 7027 7028 7029 7030 7031 7032 7033 7034 7035 7036 7037 7038 7039 7040 7041 7042 7043 7044 7045 7046 7047 7048 7049 7050 7051 7052 7053 7054 7055 7056 7057 7058 7059 7060 7061 7062 7063 7064 7065 7066 7067 7068 7069 7070 7071 7072 7073 7074 7075 7076 7077 7078 7079 7080 7081 7082 7083 7084 7085 7086 7087 7088 7089 7090 7091 7092 7093 7094 7095 7096 7097 7098 7099 7100 7101 7102 7103 7104 7105 7106 7107 7108 7109 7110 7111 7112 7113 7114 7115 7116 7117 7118 7119 7120 7121 7122 7123 7124 7125 7126 7127 7128 7129 7130 7131 7132 7133 7134 7135 7136 7137 7138 7139 7140 7141 7142 7143 7144 7145 7146 7147 7148 7149 7150 7151 7152 7153 7154 7155 7156 7157 7158 7159 7160 7161 7162 7163 7164 7165 7166 7167 7168 7169 7170 7171 7172 7173 7174 7175 7176 7177 7178 7179 7180 7181 7182 7183 7184 7185 7186 7187 7188 7189 7190 7191 7192 7193 7194 7195 7196 7197 7198 7199 7200 7201 7202 7203 7204 7205 7206 7207 7208 7209 7210 7211 7212 7213 7214 7215 7216 7217 7218 7219 7220 7221 7222 7223 7224 7225 7226 7227 7228 7229 7230 7231 7232 7233 7234 7235 7236 7237 7238 7239 7240 7241 7242 7243 7244 7245 7246 7247 7248 7249 7250 7251 7252 7253 7254 7255 7256 7257 7258 7259 7260 7261 7262 7263 7264 7265 7266 7267 7268 7269 7270 7271 7272 7273 7274 7275 7276 7277 7278 7279 7280 7281 7282 7283 7284 7285 7286 7287 7288 7289 7290 7291 7292 7293 7294 7295 7296 7297 7298 7299 7300 7301 7302 7303 7304 7305 7306 7307 7308 7309 7310 7311 7312 7313 7314 7315 7316 7317 7318 7319 7320 7321 7322 7323 7324 7325 7326 7327 7328 7329 7330 7331 7332 7333 7334 7335 7336 7337 7338 7339 7340 7341 7342 7343 7344 7345 7346 7347 7348 7349 7350 7351 7352 7353 7354 7355 7356 7357 7358 7359 7360 7361 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 7380 7381 7382 7383 7384 7385 7386 7387 7388 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 7399 7400 7401 7402 7403 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 7414 7415 7416 7417 7418 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 7436 7437 7438 7439 7440 7441 7442 7443 7444 7445 7446 7447 7448 7449 7450 7451 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 7462 7463 7464 7465 7466 7467 7468 7469 7470 7471 7472 7473 7474 7475 7476 7477 7478 7479 7480 7481 7482 7483 7484 7485 7486 7487 7488 7489 7490 7491 7492 7493 7494 7495 7496 7497 7498 7499 7500 7501 7502 7503 7504 7505 7506 7507 7508 7509 7510 7511 7512 7513 7514 7515 7516 7517 7518 7519 7520 7521 7522 7523 7524 7525 7526 7527 7528 7529 7530 7531 7532 7533 7534 7535 7536 7537 7538 7539 7540 7541 7542 7543 7544 7545 7546 7547 7548 7549 7550 7551 7552 7553 7554 7555 7556 7557 7558 7559 7560 7561 7562 7563 7564 7565 7566 7567 7568 7569 7570 7571 7572 7573 7574 7575 7576 7577 7578 7579 7580 7581 7582 7583 7584 7585 7586 7587 7588 7589 7590 7591 7592 7593 7594 7595 7596 7597 7598 7599 7600 7601 7602 7603 7604 7605 7606 7607 7608 7609 7610 7611 7612 7613 7614 7615 7616 7617 7618 7619 7620 7621 7622 7623 7624 7625 7626 7627 7628 7629 7630 7631 7632 7633 7634 7635 7636 7637 7638 7639 7640 7641 7642 7643 7644 7645 7646 7647 7648 7649 7650 7651 7652 7653 7654 7655 7656 7657 7658 7659 7660 7661 7662 7663 7664 7665 7666 7667 7668 7669 7670 7671 7672 7673 7674 7675 7676 7677 7678 7679 7680 7681 7682 7683 7684 7685 7686 7687 7688 7689 7690 7691 7692 7693 7694 7695 7696 7697 7698 7699 7700 7701 7702 7703 7704 7705 7706 7707 7708 7709 7710 7711 7712 7713 7714 7715 7716 7717 7718 7719 7720 7721 7722 7723 7724 7725 7726 7727 7728 7729 7730 7731 7732 7733 7734 7735 7736 7737 7738 7739 7740 7741 7742 7743 7744 7745 7746 7747 7748 7749 7750 7751 7752 7753 7754 7755 7756 7757 7758 7759 7760 7761 7762 7763 7764 7765 7766 7767 7768 7769 7770 7771 7772 7773 7774 7775 7776 7777 7778 7779 7780 7781 7782 7783 7784 7785 7786 7787 7788 7789 7790 7791 7792 7793 7794 7795 7796 7797 7798 7799 7800 7801 7802 7803 7804 7805 7806 7807 7808 7809 7810 7811 7812 7813 7814 7815 7816 7817 7818 7819 7820 7821 7822 7823 7824 7825 7826 7827 7828 7829 7830 7831 7832 7833 7834 7835 7836 7837 7838 7839 7840 7841 7842 7843 7844 7845 7846 7847 7848 7849 7850 7851 7852 7853 7854 7855 7856 7857 7858 7859 7860 7861 7862 7863 7864 7865 7866 7867 7868 7869 7870 7871 7872 7873 7874 7875 7876 7877 7878 7879 7880 7881 7882 7883 7884 7885 7886 7887 7888 7889 7890 7891 7892 7893 7894 7895 7896 7897 7898 7899 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 7921 7922 7923 7924 7925 7926 7927 7928 7929 7930 7931 7932 7933 7934 7935 7936 7937 7938 7939 7940 7941 7942 7943 7944 7945 7946 7947 7948 7949 7950 7951 7952 7953 7954 7955 7956 7957 7958 7959 7960 7961 7962 7963 7964 7965 7966 7967 7968 7969 7970 7971 7972 7973 7974 7975 7976 7977 7978 7979 7980 7981 7982 7983 7984 7985 7986 7987 7988 7989 7990 7991 7992 7993 7994 7995 7996 7997 7998 7999 8000 8001 8002 8003 8004 8005 8006 8007 8008 8009 8010 8011 8012 8013 8014 8015 8016 8017 8018 8019 8020 8021 8022 8023 8024 8025 8026 8027 8028 8029 8030 8031 8032 8033 8034 8035 8036 8037 8038 8039 8040 8041 8042 8043 8044 8045 8046 8047 8048 8049 8050 8051 8052 8053 8054 8055 8056 8057 8058 8059 8060 8061 8062 8063 8064 8065 8066 8067 8068 8069 8070 8071 8072 8073 8074 8075 8076 8077 8078 8079 8080 8081 8082 8083 8084 8085 8086 8087 8088 8089 8090 8091 8092 8093 8094 8095 8096 8097 8098 8099 8100 8101 8102 8103 8104 8105 8106 8107 8108 8109 8110 8111 8112 8113 8114 8115 8116 8117 8118 8119 8120 8121 8122 8123 8124 8125 8126 8127 8128 8129 8130 8131 8132 8133 8134 8135 8136 8137 8138 8139 8140 8141 8142 8143 8144 8145 8146 8147 8148 8149 8150 8151 8152 8153 8154 8155 8156 8157 8158 8159 8160 8161 8162 8163 8164 8165 8166 8167 8168 8169 8170 8171 8172 8173 8174 8175 8176 8177 8178 8179 8180 8181 8182 8183 8184 8185 8186 8187 8188 8189 8190 8191 8192 8193 8194 8195 8196 8197 8198 8199 8200 8201 8202 8203 8204 8205 8206 8207 8208 8209 8210 8211 8212 8213 8214 8215 8216 8217 8218 8219 8220 8221 8222 8223 8224 8225 8226 8227 8228 8229 8230 8231 8232 8233 8234 8235 8236 8237 8238 8239 8240 8241 8242 8243 8244 8245 8246 8247 8248 8249 8250 8251 8252 8253 8254 8255 8256 8257 8258 8259 8260 8261 8262 8263 8264 8265 8266 8267 8268 8269 8270 8271 8272 8273 8274 8275 8276 8277 8278 8279 8280 8281 8282 8283 8284 8285 8286 8287 8288 8289 8290 8291 8292 8293 8294 8295 8296 8297 8298 8299 8300 8301 8302 8303 8304 8305 8306 8307 8308 8309 8310 8311 8312 8313 8314 8315 8316 8317 8318 8319 8320 8321 8322 8323 8324 8325 8326 8327 8328 8329 8330 8331 8332 8333 8334 8335 8336 8337 8338 8339 8340 8341 8342 8343 8344 8345 8346 8347 8348 8349 8350 8351 8352 8353 8354 8355 8356 8357 8358 8359 8360 8361 8362 8363 8364 8365 8366 8367 8368 8369 8370 8371 8372 8373 8374 8375 8376 8377 8378 8379 8380 8381 8382 8383 8384 8385 8386 8387 8388 8389 8390 8391 8392 8393 8394 8395 8396 8397 8398 8399 8400 8401 8402 8403 8404 8405 8406 8407 8408 8409 8410 8411 8412 8413 8414 8415 8416 8417 8418 8419 8420 8421 8422 8423 8424 8425 8426 8427 8428 8429 8430 8431 8432 8433 8434 8435 8436 8437 8438 8439 8440 8441 8442 8443 8444 8445 8446 8447 8448 8449 8450 8451 8452 8453 8454 8455 8456 8457 8458 8459 8460 8461 8462 8463 8464 8465 8466 8467 8468 8469 8470 8471 8472 8473 8474 8475 8476 8477 8478 8479 8480 8481 8482 8483 8484 8485 8486 8487 8488 8489 8490 8491 8492 8493 8494 8495 8496 8497 8498 8499 8500 8501 8502 8503 8504 8505 8506 8507 8508 8509 8510 8511 8512 8513 8514 8515 8516 8517 8518 8519 8520 8521 8522 8523 8524 8525 8526 8527 8528 8529 8530 8531 8532 8533 8534 8535 8536 8537 8538 8539 8540 8541 8542 8543 8544 8545 8546 8547 8548 8549 8550 8551 8552 8553 8554 8555 8556 8557 8558 8559 8560 8561 8562 8563 8564 8565 8566 8567 8568 8569 8570 8571 8572 8573 8574 8575 8576 8577 8578 8579 8580 8581 8582 8583 8584 8585 8586 8587 8588 8589 8590 8591 8592 8593 8594 8595 8596 8597 8598 8599 8600 8601 8602 8603 8604 8605 8606 8607 8608 8609 8610 8611 8612 8613 8614 8615 8616 8617 8618 8619 8620 8621 8622 8623 8624 8625 8626 8627 8628 8629 8630 8631 8632 8633 8634 8635 8636 8637 8638 8639 8640 8641 8642 8643 8644 8645 8646 8647 8648 8649 8650 8651 8652 8653 8654 8655 8656 8657 8658 8659 8660 8661 8662 8663 8664 8665 8666 8667 8668 8669 8670 8671 8672 8673 8674 8675 8676 8677 8678 8679 8680 8681 8682 8683 8684 8685 8686 8687 8688 8689 8690 8691 8692 8693 8694 8695 8696 8697 8698 8699 8700 8701 8702 8703 8704 8705 8706 8707 8708 8709 8710 8711 8712 8713 8714 8715 8716 8717 8718 8719 8720 8721 8722 8723 8724 8725 8726 8727 8728 8729 8730 8731 8732 8733 8734 8735 8736 8737 8738 8739 8740 8741 8742 8743 8744 8745 8746 8747 8748 8749 8750 8751 8752 8753 8754 8755 8756 8757 8758 8759 8760 8761 8762 8763 8764 8765 8766 8767 8768 8769 8770 8771 8772 8773 8774 8775 8776 8777 8778 8779 8780 8781 8782 8783 8784 8785 8786 8787 8788 8789 8790 8791 8792 8793 8794 8795 8796 8797 8798 8799 8800 8801 8802 8803 8804 8805 8806 8807 8808 8809 8810 8811 8812 8813 8814 8815 8816 8817 8818 8819 8820 8821 8822 8823 8824 8825 8826 8827 8828 8829 8830 8831 8832 8833 8834 8835 8836 8837 8838 8839 8840 8841 8842 8843 8844 8845 8846 8847 8848 8849 8850 8851 8852 8853 8854 8855 8856 8857 8858 8859 8860 8861 8862 8863 8864 8865 8866 8867 8868 8869 8870 8871 8872 8873 8874 8875 8876 8877 8878 8879 8880 8881 8882 8883 8884 8885 8886 8887 8888 8889 8890 8891 8892 8893 8894 8895 8896 8897 8898 8899 8900 8901 8902 8903 8904 8905 8906 8907 8908 8909 8910 8911 8912 8913 8914 8915 8916 8917 8918 8919 8920 8921 8922 8923 8924 8925 8926 8927 8928 8929 8930 8931 8932 8933 8934 8935 8936 8937 8938 8939 8940 8941 8942 8943 8944 8945 8946 8947 8948 8949 8950 8951 8952 8953 8954 8955 8956 8957 8958 8959 8960 8961 8962 8963 8964 8965 8966 8967 8968 8969 8970 8971 8972 8973 8974 8975 8976 8977 8978 8979 8980 8981 8982 8983 8984 8985 8986 8987 8988 8989 8990 8991 8992 8993 8994 8995 8996 8997 8998 8999 9000 9001 9002 9003 9004 9005 9006 9007 9008 9009 9010 9011 9012 9013 9014 9015 9016 9017 9018 9019 9020 9021 9022 9023 9024 9025 9026 9027 9028 9029 9030 9031 9032 9033 9034 9035 9036 9037 9038 9039 9040 9041 9042 9043 9044 9045 9046 9047 9048 9049 9050 9051 9052 9053 9054 9055 9056 9057 9058 9059 9060 9061 9062 9063 9064 9065 9066 9067 9068 9069 9070 9071 9072 9073 9074 9075 9076 9077 9078 9079 9080 9081 9082 9083 9084 9085 9086 9087 9088 9089 9090 9091 9092 9093 9094 9095 9096 9097 9098 9099 9100 9101 9102 9103 9104 9105 9106 9107 9108 9109 9110 9111 9112 9113 9114 9115 9116 9117 9118 9119 9120 9121 9122 9123 9124 9125 9126 9127 9128 9129 9130 9131 9132 9133 9134 9135 9136 9137 9138 9139 9140 9141 9142 9143 9144 9145 9146 9147 9148 9149 9150 9151 9152 9153 9154 9155 9156 9157 9158 9159 9160 9161 9162 9163 9164 9165 9166 9167 9168 9169 9170 9171 9172 9173 9174 9175 9176 9177 9178 9179 9180 9181 9182 9183 9184 9185 9186 9187 9188 9189 9190 9191 9192 9193 9194 9195 9196 9197 9198 9199 9200 9201 9202 9203 9204 9205 9206 9207 9208 9209 9210 9211 9212 9213 9214 9215 9216 9217 9218 9219 9220 9221 9222 9223 9224 9225 9226 9227 9228 9229 9230 9231 9232 9233 9234 9235 9236 9237 9238 9239 9240 9241 9242 9243 9244 9245 9246 9247 9248 9249 9250 9251 9252 9253 9254 9255 9256 9257 9258 9259 9260 9261 9262 9263 9264 9265 9266 9267 9268 9269 9270 9271 9272 9273 9274 9275 9276 9277 9278 9279 9280 9281 9282 9283 9284 9285 9286 9287 9288 9289 9290 9291 9292 9293 9294 9295 9296 9297 9298 9299 9300 9301 9302 9303 9304 9305 9306 9307 9308 9309 9310 9311 9312 9313 9314 9315 9316 9317 9318 9319 9320 9321 9322 9323 9324 9325 9326 9327 9328 9329 9330 9331 9332 9333 9334 9335 9336 9337 9338 9339 9340 9341 9342 9343 9344 9345 9346 9347 9348 9349 9350 9351 9352 9353 9354 9355 9356 9357 9358 9359 9360 9361 9362 9363 9364 9365 9366 9367 9368 9369 9370 9371 9372 9373 9374 9375 9376 9377 9378 9379 9380 9381 9382 9383 9384 9385 9386 9387 9388 9389 9390 9391 9392 9393 9394 9395 9396 9397 9398 9399 9400 9401 9402 9403 9404 9405 9406 9407 9408 9409 9410 9411 9412 9413 9414 9415 9416 9417 9418 9419 9420 9421 9422 9423 9424 9425 9426 9427 9428 9429 9430 9431 9432 9433 9434 9435 9436 9437 9438 9439 9440 9441 9442 9443 9444 9445 9446 9447 9448 9449 9450 9451 9452 9453 9454 9455 9456 9457 9458 9459 9460 9461 9462 9463 9464 9465 9466 9467 9468 9469 9470 9471 9472 9473 9474 9475 9476 9477 9478 9479 9480 9481 9482 9483 9484 9485 9486 9487 9488 9489 9490 9491 9492 9493 9494 9495 9496 9497 9498 9499 9500 9501 9502 9503 9504 9505 9506 9507 9508 9509 9510 9511 9512 9513 9514 9515 9516 9517 9518 9519 9520 9521 9522 9523 9524 9525 9526 9527 9528 9529 9530 9531 9532 9533 9534 9535 9536 9537 9538 9539 9540 9541 9542 9543 9544 9545 9546 9547 9548 9549 9550 9551 9552 9553 9554 9555 9556 9557 9558 9559 9560 9561 9562 9563 9564 9565 9566 9567 9568 9569 9570 9571 9572 9573 9574 9575 9576 9577 9578 9579 9580 9581 9582 9583 9584 9585 9586 9587 9588 9589 9590 9591 9592 9593 9594 9595 9596 9597 9598 9599 9600 9601 9602 9603 9604 9605 9606 9607 9608 9609 9610 9611 9612 9613 9614 9615 9616 9617 9618 9619 9620 9621 9622 9623 9624 9625 9626 9627 9628 9629 9630 9631 9632 9633 9634 9635 9636 9637 9638 9639 9640 9641 9642 9643 9644 9645 9646 9647 9648 9649 9650 9651 9652 9653 9654 9655 9656 9657 9658 9659 9660 9661 9662 9663 9664 9665 9666 9667 9668 9669 9670 9671 9672 9673 9674 9675 9676 9677 9678 9679 9680 9681 9682 9683 9684 9685 9686 9687 9688 9689 9690 9691 9692 9693 9694 9695 9696 9697 9698 9699 9700 9701 9702 9703 9704 9705 9706 9707 9708 9709 9710 9711 9712 9713 9714 9715 9716 9717 9718 9719 9720 9721 9722 9723 9724 9725 9726 9727 9728 9729 9730 9731 9732 9733 9734 9735 9736 9737 9738 9739 9740 9741 9742 9743 9744 9745 9746 9747 9748 9749 9750 9751 9752 9753 9754 9755 9756 9757 9758 9759 9760 9761 9762 9763 9764 9765 9766 9767 9768 9769 9770 9771 9772 9773 9774 9775 9776 9777 9778 9779 9780 9781 9782 9783 9784 9785 9786 9787 9788 9789 9790 9791 9792 9793 9794 9795 9796 9797 9798 9799 9800 9801 9802 9803 9804 9805 9806 9807 9808 9809 9810 9811 9812 9813 9814 9815 9816 9817 9818 9819 9820 9821 9822 9823 9824 9825 9826 9827 9828 9829 9830 9831 9832 9833 9834 9835 9836 9837 9838 9839 9840 9841 9842 9843 9844 9845 9846 9847 9848 9849 9850 9851 9852 9853 9854 9855 9856 9857 9858 9859 9860 9861 9862 9863 9864 9865 9866 9867 9868 9869 9870 9871 9872 9873 9874 9875 9876 9877 9878 9879 9880 9881 9882 9883 9884 9885 9886 9887 9888 9889 9890 9891 9892 9893 9894 9895 9896 9897 9898 9899 9900 9901 9902 9903 9904 9905 9906 9907 9908 9909 9910 9911 9912 9913 9914 9915 9916 9917 9918 9919 9920 9921 9922 9923 9924 9925 9926 9927 9928 9929 9930 9931 9932 9933 9934 9935 9936 9937 9938 9939 9940 9941 9942 9943 9944 9945 9946 9947 9948 9949 9950 9951 9952 9953 9954 9955 9956 9957 9958 9959 9960 9961 9962 9963 9964 9965 9966 9967 9968 9969 9970 9971 9972 9973 9974 9975 9976 9977 9978 9979 9980 9981 9982 9983 9984 9985 9986 9987 9988 9989 9990 9991 9992 9993 9994 9995 9996 9997 9998 9999 10000 10001 10002 10003 10004 10005 10006 10007 10008 10009 10010 10011 10012 10013 10014 10015 10016 10017 10018 10019 10020 10021 10022 10023 10024 10025 10026 10027 10028 10029 10030 10031 10032 10033 10034 10035 10036 10037 10038 10039 10040 10041 10042 10043 10044 10045 10046 10047 10048 10049 10050 10051 10052 10053 10054 10055 10056 10057 10058 10059 10060 10061 10062 10063 10064 10065 10066 10067 10068 10069 10070 10071 10072 10073 10074 10075 10076 10077 10078 10079 10080 10081 10082 10083 10084 10085 10086 10087 10088 10089 10090 10091 10092 10093 10094 10095 10096 10097 10098 10099 10100 10101 10102 10103 10104 10105 10106 10107 10108 10109 10110 10111 10112 10113 10114 10115 10116 10117 10118 10119 10120 10121 10122 10123 10124 10125 10126 10127 10128 10129 10130 10131 10132 10133 10134 10135 10136 10137 10138 10139 10140 10141 10142 10143 10144 10145 10146 10147 10148 10149 10150 10151 10152 10153 10154 10155 10156 10157 10158 10159 10160 10161 10162 10163 10164 10165 10166 10167 10168 10169 10170 10171 10172 10173 10174 10175 10176 10177 10178 10179 10180 10181 10182 10183 10184 10185 10186 10187 10188 10189 10190 10191 10192 10193 10194 10195 10196 10197 10198 10199 10200 10201 10202 10203 10204 10205 10206 10207 10208 10209 10210 10211 10212 10213 10214 10215 10216 10217 10218 10219 10220 10221 10222 10223 10224 10225 10226 10227 10228 10229 10230 10231 10232 10233 10234 10235 10236 10237 10238 10239 10240 10241 10242 10243 10244 10245 10246 10247 10248 10249 10250 10251 10252 10253 10254 10255 10256 10257 10258 10259 10260 10261 10262 10263 10264 10265 10266 10267 10268 10269 10270 10271 10272 10273 10274 10275 10276 10277 10278 10279 10280 10281 10282 10283 10284 10285 10286 10287 10288 10289 10290 10291 10292 10293 10294 10295 10296 10297 10298 10299 10300 10301 10302 10303 10304 10305 10306 10307 10308 10309 10310 10311 10312 10313 10314 10315 10316 10317 10318 10319 10320 10321 10322 10323 10324 10325 10326 10327 10328 10329 10330 10331 10332 10333 10334 10335 10336 10337 10338 10339 10340 10341 10342 10343 10344 10345 10346 10347 10348 10349 10350 10351 10352 10353 10354 10355 10356 10357 10358 10359 10360 10361 10362 10363 10364 10365 10366 10367 10368 10369 10370 10371 10372 10373 10374 10375 10376 10377 10378 10379 10380 10381 10382 10383 10384 10385 10386 10387 10388 10389 10390 10391 10392 10393 10394 10395 10396 10397 10398 10399 10400 10401 10402 10403 10404 10405 10406 10407 10408 10409 10410 10411 10412 10413 10414 10415 10416 10417 10418 10419 10420 10421 10422 10423 10424 10425 10426 10427 10428 10429 10430 10431 10432 10433 10434 10435 10436 10437 10438 10439 10440 10441 10442 10443 10444 10445 10446 10447 10448 10449 10450 10451 10452 10453 10454 10455 10456 10457 10458 10459 10460 10461 10462 10463 10464 10465 10466 10467 10468 10469 10470 10471 10472 10473 10474 10475 10476 10477 10478 10479 10480 10481 10482 10483 10484 10485 10486 10487 10488 10489 10490 10491 10492 10493 10494 10495 10496 10497 10498 10499 10500 10501 10502 10503 10504 10505 10506 10507 10508 10509 10510 10511 10512 10513 10514 10515 10516 10517 10518 10519 10520 10521 10522 10523 10524 10525 10526 10527 10528 10529 10530 10531 10532 10533 10534 10535 10536 10537 10538 10539 10540 10541 10542 10543 10544 10545 10546 10547 10548 10549 10550 10551 10552 10553 10554 10555 10556 10557 10558 10559 10560 10561 10562 10563 10564 10565 10566 10567 10568 10569 10570 10571 10572 10573 10574 10575 10576 10577 10578 10579 10580 10581 10582 10583 10584 10585 10586 10587 10588 10589 10590 10591 10592 10593 10594 10595 10596 10597 10598 10599 10600 10601 10602 10603 10604 10605 10606 10607 10608 10609 10610 10611 10612 10613 10614 10615 10616 10617 10618 10619 10620 10621 10622 10623 10624 10625 10626 10627 10628 10629 10630 10631 10632 10633 10634 10635 10636 10637 10638 10639 10640 10641 10642 10643 10644 10645 10646 10647 10648 10649 10650 10651 10652 10653 10654 10655 10656 10657 10658 10659 10660 10661 10662 10663 10664 10665 10666 10667 10668 10669 10670 10671 10672 10673 10674 10675 10676 10677 10678 10679 10680 10681 10682 10683 10684 10685 10686 10687 10688 10689 10690 10691 10692 10693 10694 10695 10696 10697 10698 10699 10700 10701 10702 10703 10704 10705 10706 10707 10708 10709 10710 10711 10712 10713 10714 10715 10716 10717 10718 10719 10720 10721 10722 10723 10724 10725 10726 10727 10728 10729 10730 10731 10732 10733 10734 10735 10736 10737 10738 10739 10740 10741 10742 10743 10744 10745 10746 10747 10748 10749 10750 10751 10752 10753 10754 10755 10756 10757 10758 10759 10760 10761 10762 10763 10764 10765 10766 10767 10768 10769 10770 10771 10772 10773 10774 10775 10776 10777 10778 10779 10780 10781 10782 10783 10784 10785 10786 10787 10788 10789 10790 10791 10792 10793 10794 10795 10796 10797 10798 10799 10800 10801 10802 10803 10804 10805 10806 10807 10808 10809 10810 10811 10812 10813 10814 10815 10816 10817 10818 10819 10820 10821 10822 10823 10824 10825 10826 10827 10828 10829 10830 10831 10832 10833 10834 10835 10836 10837 10838 10839 10840 10841 10842 10843 10844 10845 10846 10847 10848 10849 10850 10851 10852 10853 10854 10855 10856 10857 10858 10859 10860 10861 10862 10863 10864 10865 10866 10867 10868 10869 10870 10871 10872 10873 10874 10875 10876 10877 10878 10879 10880 10881 10882 10883 10884 10885 10886 10887 10888 10889 10890 10891 10892 10893 10894 10895 10896 10897 10898 10899 10900 10901 10902 10903 10904 10905 10906 10907 10908 10909 10910 10911 10912 10913 10914 10915 10916 10917 10918 10919 10920 10921 10922 10923 10924 10925 10926 10927 10928 10929 10930 10931 10932 10933 10934 10935 10936 10937 10938 10939 10940 10941 10942 10943 10944 10945 10946 10947 10948 10949 10950 10951 10952 10953 10954 10955 10956 10957 10958 10959 10960 10961 10962 10963 10964 10965 10966 10967 10968 10969 10970 10971 10972 10973 10974 10975 10976 10977 10978 10979 10980 10981 10982 10983 10984 10985 10986 10987 10988 10989 10990 10991 10992 10993 10994 10995 10996 10997 10998 10999 11000 11001 11002 11003 11004 11005 11006 11007 11008 11009 11010 11011 11012 11013 11014 11015 11016 11017 11018 11019 11020 11021 11022 11023 11024 11025 11026 11027 11028 11029 11030 11031 11032 11033 11034 11035 11036 11037 11038 11039 11040 11041 11042 11043 11044 11045 11046 11047 11048 11049 11050 11051 11052 11053 11054 11055 11056 11057 11058 11059 11060 11061 11062 11063 11064 11065 11066 11067 11068 11069 11070 11071 11072 11073 11074 11075 11076 11077 11078 11079 11080 11081 11082 11083 11084 11085 11086 11087 11088 11089 11090 11091 11092 11093 11094 11095 11096 11097 11098 11099 11100 11101 11102 11103 11104 11105 11106 11107 11108 11109 11110 11111 11112 11113 11114 11115 11116 11117 11118 11119 11120 11121 11122 11123 11124 11125 11126 11127 11128 11129 11130 11131 11132 11133 11134 11135 11136 11137 11138 11139 11140 11141 11142 11143 11144 11145 11146 11147 11148 11149 11150 11151 11152 11153 11154 11155 11156 11157 11158 11159 11160 11161 11162 11163 11164 11165 11166 11167 11168 11169 11170 11171 11172 11173 11174 11175 11176 11177 11178 11179 11180 11181 11182 11183 11184 11185 11186 11187 11188 11189 11190 11191 11192 11193 11194 11195 11196 11197 11198 11199 11200 11201 11202 11203 11204 11205 11206 11207 11208 11209 11210 11211 11212 11213 11214 11215 11216 11217 11218 11219 11220 11221 11222 11223 11224 11225 11226 11227 11228 11229 11230 11231 11232 11233 11234 11235 11236 11237 11238 11239 11240 11241 11242 11243 11244 11245 11246 11247 11248 11249 11250 11251 11252 11253 11254 11255 11256 11257 11258 11259 11260 11261 11262 11263 11264 11265 11266 11267 11268 11269 11270 11271 11272 11273 11274 11275 11276 11277 11278 11279 11280 11281 11282 11283 11284 11285 11286 11287 11288 11289 11290 11291 11292 11293 11294 11295 11296 11297 11298 11299 11300 11301 11302 11303 11304 11305 11306 11307 11308 11309 11310 11311 11312 11313 11314 11315 11316 11317 11318 11319 11320 11321 11322 11323 11324 11325 11326 11327 11328 11329 11330 11331 11332 11333 11334 11335 11336 11337 11338 11339 11340 11341 11342 11343 11344 11345 11346 11347 11348 11349 11350 11351 11352 11353 11354 11355 11356 11357 11358 11359 11360 11361 11362 11363 11364 11365 11366 11367 11368 11369 11370 11371 11372 11373 11374 11375 11376 11377 11378 11379 11380 11381 11382 11383 11384 11385 11386 11387 11388 11389 11390 11391 11392 11393 11394 11395 11396 11397 11398 11399 11400 11401 11402 11403 11404 11405 11406 11407 11408 11409 11410 11411 11412 11413 11414 11415 11416 11417 11418 11419 11420 11421 11422 11423 11424 11425 11426 11427 11428 11429 11430 11431 11432 11433 11434 11435 11436 11437 11438 11439 11440 11441 11442 11443 11444 11445 11446 11447 11448 11449 11450 11451 11452 11453 11454 11455 11456 11457 11458 11459 11460 11461 11462 11463 11464 11465 11466 11467 11468 11469 11470 11471 11472 11473 11474 11475 11476 11477 11478 11479 11480 11481 11482 11483 11484 11485 11486 11487 11488 11489 11490 11491 11492 11493 11494 11495 11496 11497 11498 11499 11500 11501 11502 11503 11504 11505 11506 11507 11508 11509 11510 11511 11512 11513 11514 11515 11516 11517 11518 11519 11520 11521 11522 11523 11524 11525 11526 11527 11528 11529 11530 11531 11532 11533 11534 11535 11536 11537 11538 11539 11540 11541 11542 11543 11544 11545 11546 11547 11548 11549 11550 11551 11552 11553 11554 11555 11556 11557 11558 11559 11560 11561 11562 11563 11564 11565 11566 11567 11568 11569 11570 11571 11572 11573 11574 11575 11576 11577 11578 11579 11580 11581 11582 11583 11584 11585 11586 11587 11588 11589 11590 11591 11592 11593 11594 11595 11596 11597 11598 11599 11600 11601 11602 11603 11604 11605 11606 11607 11608 11609 11610 11611 11612 11613 11614 11615 11616 11617 11618 11619 11620 11621 11622 11623 11624 11625 11626 11627 11628 11629 11630 11631 11632 11633 11634 11635 11636 11637 11638 11639 11640 11641 11642 11643 11644 11645 11646 11647 11648 11649 11650 11651 11652 11653 11654 11655 11656 11657 11658 11659 11660 11661 11662 11663 11664 11665 11666 11667 11668 11669 11670 11671 11672 11673 11674 11675 11676 11677 11678 11679 11680 11681 11682 11683 11684 11685 11686 11687 11688 11689 11690 11691 11692 11693 11694 11695 11696 11697 11698 11699 11700 11701 11702 11703 11704 11705 11706 11707 11708 11709 11710 11711 11712 11713 11714 11715 11716 11717 11718 11719 11720 11721 11722 11723 11724 11725 11726 11727 11728 11729 11730 11731 11732 11733 11734 11735 11736 11737 11738 11739 11740 11741 11742 11743 11744 11745 11746 11747 11748 11749 11750 11751 11752 11753 11754 11755 11756 11757 11758 11759 11760 11761 11762 11763 11764 11765 11766 11767 11768 11769 11770 11771 11772 11773 11774 11775 11776 11777 11778 11779 11780 11781 11782 11783 11784 11785 11786 11787 11788 11789 11790 11791 11792 11793 11794 11795 11796 11797 11798 11799 11800 11801 11802 11803 11804 11805 11806 11807 11808 11809 11810 11811 11812 11813 11814 11815 11816 11817 11818 11819 11820 11821 11822 11823 11824 11825 11826 11827 11828 11829 11830 11831 11832 11833 11834 11835 11836 11837 11838 11839 11840 11841 11842 11843 11844 11845 11846 11847 11848 11849 11850 11851 11852 11853 11854 11855 11856 11857 11858 11859 11860 11861 11862 11863 11864 11865 11866 11867 11868 11869 11870 11871 11872 11873 11874 11875 11876 11877 11878 11879 11880 11881 11882 11883 11884 11885 11886 11887 11888 11889 11890 11891 11892 11893 11894 11895 11896 11897 11898 11899 11900 11901 11902 11903 11904 11905 11906 11907 11908 11909 11910 11911 11912 11913 11914 11915 11916 11917 11918 11919 11920 11921 11922 11923 11924 11925 11926 11927 11928 11929 11930 11931 11932 11933 11934 11935 11936 11937 11938 11939 11940 11941 11942 11943 11944 11945 11946 11947 11948 11949 11950 11951 11952 11953 11954 11955 11956 11957 11958 11959 11960 11961 11962 11963 11964 11965 11966 11967 11968 11969 11970 11971 11972 11973 11974 11975 11976 11977 11978 11979 11980 11981 11982 11983 11984 11985 11986 11987 11988 11989 11990 11991 11992 11993 11994 11995 11996 11997 11998 11999 12000 12001 12002 12003 12004 12005 12006 12007 12008 12009 12010 12011 12012 12013 12014 12015 12016 12017 12018 12019 12020 12021 12022 12023 12024 12025 12026 12027 12028 12029 12030 12031 12032 12033 12034 12035 12036 12037 12038 12039 12040 12041 12042 12043 12044 12045 12046 12047 12048 12049 12050 12051 12052 12053 12054 12055 12056 12057 12058 12059 12060 12061 12062 12063 12064 12065 12066 12067 12068 12069 12070 12071 12072 12073 12074 12075 12076 12077 12078 12079 12080 12081 12082 12083 12084 12085 12086 12087 12088 12089 12090 12091 12092 12093 12094 12095 12096 12097 12098 12099 12100 12101 12102 12103 12104 12105 12106 12107 12108 12109 12110 12111 12112 12113 12114 12115 12116 12117 12118 12119 12120 12121 12122 12123 12124 12125 12126 12127 12128 12129 12130 12131 12132 12133 12134 12135 12136 12137 12138 12139 12140 12141 12142 12143 12144 12145 12146 12147 12148 12149 12150 12151 12152 12153 12154 12155 12156 12157 12158 12159 12160 12161 12162 12163 12164 12165 12166 12167 12168 12169 12170 12171 12172 12173 12174 12175 12176 12177 12178 12179 12180 12181 12182 12183 12184 12185 12186 12187 12188 12189 12190 12191 12192 12193 12194 12195 12196 12197 12198 12199 12200 12201 12202 12203 12204 12205 12206 12207 12208 12209 12210 12211 12212 12213 12214 12215 12216 12217 12218 12219 12220 12221 12222 12223 12224 12225 12226 12227 12228 12229 12230 12231 12232 12233 12234 12235 12236 12237 12238 12239 12240 12241 12242 12243 12244 12245 12246 12247 12248 12249 12250 12251 12252 12253 12254 12255 12256 12257 12258 12259 12260 12261 12262 12263 12264 12265 12266 12267 12268 12269 12270 12271 12272 12273 12274 12275 12276 12277 12278 12279 12280 12281 12282 12283 12284 12285 12286 12287 12288 12289 12290 12291 12292 12293 12294 12295 12296 12297 12298 12299 12300 12301 12302 12303 12304 12305 12306 12307 12308 12309 12310 12311 12312 12313 12314 12315 12316 12317 12318 12319 12320 12321 12322 12323 12324 12325 12326 12327 12328 12329 12330 12331 12332 12333 12334 12335 12336 12337 12338 12339 12340 12341 12342 12343 12344 12345 12346 12347 12348 12349 12350 12351 12352 12353 12354 12355 12356 12357 12358 12359 12360 12361 12362 12363 12364 12365 12366 12367 12368 12369 12370 12371 12372 12373 12374 12375 12376 12377 12378 12379 12380 12381 12382 12383 12384 12385 12386 12387 12388 12389 12390 12391 12392 12393 12394 12395 12396 12397 12398 12399 12400 12401 12402 12403 12404 12405 12406 12407 12408 12409 12410 12411 12412 12413 12414 12415 12416 12417 12418 12419 12420 12421 12422 12423 12424 12425 12426 12427 12428 12429 12430 12431 12432 12433 12434 12435 12436 12437 12438 12439 12440 12441 12442 12443 12444 12445 12446 12447 12448 12449 12450 12451 12452 12453 12454 12455 12456 12457 12458 12459 12460 12461 12462 12463 12464 12465 12466 12467 12468 12469 12470 12471 12472 12473 12474 12475 12476 12477 12478 12479 12480 12481 12482 12483 12484 12485 12486 12487 12488 12489 12490 12491 12492 12493 12494 12495 12496 12497 12498 12499 12500 12501 12502 12503 12504 12505 12506 12507 12508 12509 12510 12511 12512 12513 12514 12515 12516 12517 12518 12519 12520 12521 12522 12523 12524 12525 12526 12527 12528 12529 12530 12531 12532 12533 12534 12535 12536 12537 12538 12539 12540 12541 12542 12543 12544 12545 12546 12547 12548 12549 12550 12551 12552 12553 12554 12555 12556 12557 12558 12559 12560 12561 12562 12563 12564 12565 12566 12567 12568 12569 12570 12571 12572 12573 12574 12575 12576 12577 12578 12579 12580 12581 12582 12583 12584 12585 12586 12587 12588 12589 12590 12591 12592 12593 12594 12595 12596 12597 12598 12599 12600 12601 12602 12603 12604 12605 12606 12607 12608 12609 12610 12611 12612 12613 12614 12615 12616 12617 12618 12619 12620 12621 12622 12623 12624 12625 12626 12627 12628 12629 12630 12631 12632 12633 12634 12635 12636 12637 12638 12639 12640 12641 12642 12643 12644 12645 12646 12647 12648 12649 12650 12651 12652 12653 12654 12655 12656 12657 12658 12659 12660 12661 12662 12663 12664 12665 12666 12667 12668 12669 12670 12671 12672 12673 12674 12675 12676 12677 12678 12679 12680 12681 12682 12683 12684 12685 12686 12687 12688 12689 12690 12691 12692 12693 12694 12695 12696 12697 12698 12699 12700 12701 12702 12703 12704 12705 12706 12707 12708 12709 12710 12711 12712 12713 12714 12715 12716 12717 12718 12719 12720 12721 12722 12723 12724 12725 12726 12727 12728 12729 12730 12731 12732 12733 12734 12735 12736 12737 12738 12739 12740 12741 12742 12743 12744 12745 12746 12747 12748 12749 12750 12751 12752 12753 12754 12755 12756 12757 12758 12759 12760 12761 12762 12763 12764 12765 12766 12767 12768 12769 12770 12771 12772 12773 12774 12775 12776 12777 12778 12779 12780 12781 12782 12783 12784 12785 12786 12787 12788 12789 12790 12791 12792 12793 12794 12795 12796 12797 12798 12799 12800 12801 12802 12803 12804 12805 12806 12807 12808 12809 12810 12811 12812 12813 12814 12815 12816 12817 12818 12819 12820 12821 12822 12823 12824 12825 12826 12827 12828 12829 12830 12831 12832 12833 12834 12835 12836 12837 12838 12839 12840 12841 12842 12843 12844 12845 12846 12847 12848 12849 12850 12851 12852 12853 12854 12855 12856 12857 12858 12859 12860 12861 12862 12863 12864 12865 12866 12867 12868 12869 12870 12871 12872 12873 12874 12875 12876 12877 12878 12879 12880 12881 12882 12883 12884 12885 12886 12887 12888 12889 12890 12891 12892 12893 12894 12895 12896 12897 12898 12899 12900 12901 12902 12903 12904 12905 12906 12907 12908 12909 12910 12911 12912 12913 12914 12915 12916 12917 12918 12919 12920 12921 12922 12923 12924 12925 12926 12927 12928 12929 12930 12931 12932 12933 12934 12935 12936 12937 12938 12939 12940 12941 12942 12943 12944 12945 12946 12947 12948 12949 12950 12951 12952 12953 12954 12955 12956 12957 12958 12959 12960 12961 12962 12963 12964 12965 12966 12967 12968 12969 12970 12971 12972 12973 12974 12975 12976 12977 12978 12979 12980 12981 12982 12983 12984 12985 12986 12987 12988 12989 12990 12991 12992 12993 12994 12995 12996 12997 12998 12999 13000 13001 13002 13003 13004 13005 13006 13007 13008 13009 13010 13011 13012 13013 13014 13015 13016 13017 13018 13019 13020 13021 13022 13023 13024 13025 13026 13027 13028 13029 13030 13031 13032 13033 13034 13035 13036 13037 13038 13039 13040 13041 13042 13043 13044 13045 13046 13047 13048 13049 13050 13051 13052 13053 13054 13055 13056 13057 13058 13059 13060 13061 13062 13063 13064 13065 13066 13067 13068 13069 13070 13071 13072 13073 13074 13075 13076 13077 13078 13079 13080 13081 13082 13083 13084 13085 13086 13087 13088 13089 13090 13091 13092 13093 13094 13095 13096 13097 13098 13099 13100 13101 13102 13103 13104 13105 13106 13107 13108 13109 13110 13111 13112 13113 13114 13115 13116 13117 13118 13119 13120 13121 13122 13123 13124 13125 13126 13127 13128 13129 13130 13131 13132 13133 13134 13135 13136 13137 13138 13139 13140 13141 13142 13143 13144 13145 13146 13147 13148 13149 13150 13151 13152 13153 13154 13155 13156 13157 13158 13159 13160 13161 13162 13163 13164 13165 13166 13167 13168 13169 13170 13171 13172 13173 13174 13175 13176 13177 13178 13179 13180 13181 13182 13183 13184 13185 13186 13187 13188 13189 13190 13191 13192 13193 13194 13195 13196 13197 13198 13199 13200 13201 13202 13203 13204 13205 13206 13207 13208 13209 13210 13211 13212 13213 13214 13215 13216 13217 13218 13219 13220 13221 13222 13223 13224 13225 13226 13227 13228 13229 13230 13231 13232 13233 13234 13235 13236 13237 13238 13239 13240 13241 13242 13243 13244 13245 13246 13247 13248 13249 13250 13251 13252 13253 13254 13255 13256 13257 13258 13259 13260 13261 13262 13263 13264 13265 13266 13267 13268 13269 13270 13271 13272 13273 13274 13275 13276 13277 13278 13279 13280 13281 13282 13283 13284 13285 13286 13287 13288 13289 13290 13291 13292 13293 13294 13295 13296 13297 13298 13299 13300 13301 13302 13303 13304 13305 13306 13307 13308 13309 13310 13311 13312 13313 13314 13315 13316 13317 13318 13319 13320 13321 13322 13323 13324 13325 13326 13327 13328 13329 13330 13331 13332 13333 13334 13335 13336 13337 13338 13339 13340 13341 13342 13343 13344 13345 13346 13347 13348 13349 13350 13351 13352 13353 13354 13355 13356 13357 13358 13359 13360 13361 13362 13363 13364 13365 13366 13367 13368 13369 13370 13371 13372 13373 13374 13375 13376 13377 13378 13379 13380 13381 13382 13383 13384 13385 13386 13387 13388 13389 13390 13391 13392 13393 13394 13395 13396 13397 13398 13399 13400 13401 13402 13403 13404 13405 13406 13407 13408 13409 13410 13411 13412 13413 13414 13415 13416 13417 13418 13419 13420 13421 13422 13423 13424 13425 13426 13427 13428 13429 13430 13431 13432 13433 13434 13435 13436 13437 13438 13439 13440 13441 13442 13443 13444 13445 13446 13447 13448 13449 13450 13451 13452 13453 13454 13455 13456 13457 13458 13459 13460 13461 13462 13463 13464 13465 13466 13467 13468 13469 13470 13471 13472 13473 13474 13475 13476 13477 13478 13479 13480 13481 13482 13483 13484 13485 13486 13487 13488 13489 13490 13491 13492 13493 13494 13495 13496 13497 13498 13499 13500 13501 13502 13503 13504 13505 13506 13507 13508 13509 13510 13511 13512 13513 13514 13515 13516 13517 13518 13519 13520 13521 13522 13523 13524 13525 13526 13527 13528 13529 13530 13531 13532 13533 13534 13535 13536 13537 13538 13539 13540 13541 13542 13543 13544 13545 13546 13547 13548 13549 13550 13551 13552 13553 13554 13555 13556 13557 13558 13559 13560 13561 13562 13563 13564 13565 13566 13567 13568 13569 13570 13571 13572 13573 13574 13575 13576 13577 13578 13579 13580 13581 13582 13583 13584 13585 13586 13587 13588 13589 13590 13591 13592 13593 13594 13595 13596 13597 13598 13599 13600 13601 13602 13603 13604 13605 13606 13607 13608 13609 13610 13611 13612 13613 13614 13615 13616 13617 13618 13619 13620 13621 13622 13623 13624 13625 13626 13627 13628 13629 13630 13631 13632 13633 13634 13635 13636 13637 13638 13639 13640 13641 13642 13643 13644 13645 13646 13647 13648 13649 13650 13651 13652 13653 13654 13655 13656 13657 13658 13659 13660 13661 13662 13663 13664 13665 13666 13667 13668 13669 13670 13671 13672 13673 13674 13675 13676 13677 13678 13679 13680 13681 13682 13683 13684 13685 13686 13687 13688 13689 13690 13691 13692 13693 13694 13695 13696 13697 13698 13699 13700 13701 13702 13703 13704 13705 13706 13707 13708 13709 13710 13711 13712 13713 13714 13715 13716 13717 13718 13719 13720 13721 13722 13723 13724 13725 13726 13727 13728 13729 13730 13731 13732 13733 13734 13735 13736 13737 13738 13739 13740 13741 13742 13743 13744 13745 13746 13747 13748 13749 13750 13751 13752 13753 13754 13755 13756 13757 13758 13759 13760 13761 13762 13763 13764 13765 13766 13767 13768 13769 13770 13771 13772 13773 13774 13775 13776 13777 13778 13779 13780 13781 13782 13783 13784 13785 13786 13787 13788 13789 13790 13791 13792 13793 13794 13795 13796 13797 13798 13799 13800 13801 13802 13803 13804 13805 13806 13807 13808 13809 13810 13811 13812 13813 13814 13815 13816 13817 13818 13819 13820 13821 13822 13823 13824 13825 13826 13827 13828 13829 13830 13831 13832 13833 13834 13835 13836 13837 13838 13839 13840 13841 13842 13843 13844 13845 13846 13847 13848 13849 13850 13851 13852 13853 13854 13855 13856 13857 13858 13859 13860 13861 13862 13863 13864 13865 13866 13867 13868 13869 13870 13871 13872 13873 13874 13875 13876 13877 13878 13879 13880 13881 13882 13883 13884 13885 13886 13887 13888 13889 13890 13891 13892 13893 13894 13895 13896 13897 13898 13899 13900 13901 13902 13903 13904 13905 13906 13907 13908 13909 13910 13911 13912 13913 13914 13915 13916 13917 13918 13919 13920 13921 13922 13923 13924 13925 13926 13927 13928 13929 13930 13931 13932 13933 13934 13935 13936 13937 13938 13939 13940 13941 13942 13943 13944 13945 13946 13947 13948 13949 13950 13951 13952 13953 13954 13955 13956 13957 13958 13959 13960 13961 13962 13963 13964 13965 13966 13967 13968 13969 13970 13971 13972 13973 13974 13975 13976 13977 13978 13979 13980 13981 13982 13983 13984 13985 13986 13987 13988 13989 13990 13991 13992 13993 13994 13995 13996 13997 13998 13999 14000 14001 14002 14003 14004 14005 14006 14007 14008 14009 14010 14011 14012 14013 14014 14015 14016 14017 14018 14019 14020 14021 14022 14023 14024 14025 14026 14027 14028 14029 14030 14031 14032 14033 14034 14035 14036 14037 14038 14039 14040 14041 14042 14043 14044 14045 14046 14047 14048 14049 14050 14051 14052 14053 14054 14055 14056 14057 14058 14059 14060 14061 14062 14063 14064 14065 14066 14067 14068 14069 14070 14071 14072 14073 14074 14075 14076 14077 14078 14079 14080 14081 14082 14083 14084 14085 14086 14087 14088 14089 14090 14091 14092 14093 14094 14095 14096 14097 14098 14099 14100 14101 14102 14103 14104 14105 14106 14107 14108 14109 14110 14111 14112 14113 14114 14115 14116 14117 14118 14119 14120 14121 14122 14123 14124 14125 14126 14127 14128 14129 14130 14131 14132 14133 14134 14135 14136 14137 14138 14139 14140 14141 14142 14143 14144 14145 14146 14147 14148 14149 14150 14151 14152 14153 14154 14155 14156 14157 14158 14159 14160 14161 14162 14163 14164 14165 14166 14167 14168 14169 14170 14171 14172 14173 14174 14175 14176 14177 14178 14179 14180 14181 14182 14183 14184 14185 14186 14187 14188 14189 14190 14191 14192 14193 14194 14195 14196 14197 14198 14199 14200 14201 14202 14203 14204 14205 14206 14207 14208 14209 14210 14211 14212 14213 14214 14215 14216 14217 14218 14219 14220 14221 14222 14223 14224 14225 14226 14227 14228 14229 14230 14231 14232 14233 14234 14235 14236 14237 14238 14239 14240 14241 14242 14243 14244 14245 14246 14247 14248 14249 14250 14251 14252 14253 14254 14255 14256 14257 14258 14259 14260 14261 14262 14263 14264 14265 14266 14267 14268 14269 14270 14271 14272 14273 14274 14275 14276 14277 14278 14279 14280 14281 14282 14283 14284 14285 14286 14287 14288 14289 14290 14291 14292 14293 14294 14295 14296 14297 14298 14299 14300 14301 14302 14303 14304 14305 14306 14307 14308 14309 14310 14311 14312 14313 14314 14315 14316 14317 14318 14319 14320 14321 14322 14323 14324 14325 14326 14327 14328 14329 14330 14331 14332 14333 14334 14335 14336 14337 14338 14339 14340 14341 14342 14343 14344 14345 14346 14347 14348 14349 14350 14351 14352 14353 14354 14355 14356 14357 14358 14359 14360 14361 14362 14363 14364 14365 14366 14367 14368 14369 14370 14371 14372 14373 14374 14375 14376 14377 14378 14379 14380 14381 14382 14383 14384 14385 14386 14387 14388 14389 14390 14391 14392 14393 14394 14395 14396 14397 14398 14399 14400 14401 14402 14403 14404 14405 14406 14407 14408 14409 14410 14411 14412 14413 14414 14415 14416 14417 14418 14419 14420 14421 14422 14423 14424 14425 14426 14427 14428 14429 14430 14431 14432 14433 14434 14435 14436 14437 14438 14439 14440 14441 14442 14443 14444 14445 14446 14447 14448 14449 14450 14451 14452 14453 14454 14455 14456 14457 14458 14459 14460 14461 14462 14463 14464 14465 14466 14467 14468 14469 14470 14471 14472 14473 14474 14475 14476 14477 14478 14479 14480 14481 14482 14483 14484 14485 14486 14487 14488 14489 14490 14491 14492 14493 14494 14495 14496 14497 14498 14499 14500 14501 14502 14503 14504 14505 14506 14507 14508 14509 14510 14511 14512 14513 14514 14515 14516 14517 14518 14519 14520 14521 14522 14523 14524 14525 14526 14527 14528 14529 14530 14531 14532 14533 14534 14535 14536 14537 14538 14539 14540 14541 14542 14543 14544 14545 14546 14547 14548 14549 14550 14551 14552 14553 14554 14555 14556 14557 14558 14559 14560 14561 14562 14563 14564 14565 14566 14567 14568 14569 14570 14571 14572 14573 14574 14575 14576 14577 14578 14579 14580 14581 14582 14583 14584 14585 14586 14587 14588 14589 14590 14591 14592 14593 14594 14595 14596 14597 14598 14599 14600 14601 14602 14603 14604 14605 14606 14607 14608 14609 14610 14611 14612 14613 14614 14615 14616 14617 14618 14619 14620 14621 14622 14623 14624 14625 14626 14627 14628 14629 14630 14631 14632 14633 14634 14635 14636 14637 14638 14639 14640 14641 14642 14643 14644 14645 14646 14647 14648 14649 14650 14651 14652 14653 14654 14655 14656 14657 14658 14659 14660 14661 14662 14663 14664 14665 14666 14667 14668 14669 14670 14671 14672 14673 14674 14675 14676 14677 14678 14679 14680 14681 14682 14683 14684 14685 14686 14687 14688 14689 14690 14691 14692 14693 14694 14695 14696 14697 14698 14699 14700 14701 14702 14703 14704 14705 14706 14707 14708 14709 14710 14711 14712 14713 14714 14715 14716 14717 14718 14719 14720 14721 14722 14723 14724 14725 14726 14727 14728 14729 14730 14731 14732 14733 14734 14735 14736 14737 14738 14739 14740 14741 14742 14743 14744 14745 14746 14747 14748 14749 14750 14751 14752 14753 14754 14755 14756 14757 14758 14759 14760 14761 14762 14763 14764 14765 14766 14767 14768 14769 14770 14771 14772 14773 14774 14775 14776 14777 14778 14779 14780 14781 14782 14783 14784 14785 14786 14787 14788 14789 14790 14791 14792 14793 14794 14795 14796 14797 14798 14799 14800 14801 14802 14803 14804 14805 14806 14807 14808 14809 14810 14811 14812 14813 14814 14815 14816 14817 14818 14819 14820 14821 14822 14823 14824 14825 14826 14827 14828 14829 14830 14831 14832 14833 14834 14835 14836 14837 14838 14839 14840 14841 14842 14843 14844 14845 14846 14847 14848 14849 14850 14851 14852 14853 14854 14855 14856 14857 14858 14859 14860 14861 14862 14863 14864 14865 14866 14867 14868 14869 14870 14871 14872 14873 14874 14875 14876 14877 14878 14879 14880 14881 14882 14883 14884 14885 14886 14887 14888 14889 14890 14891 14892 14893 14894 14895 14896 14897 14898 14899 14900 14901 14902 14903 14904 14905 14906 14907 14908 14909 14910 14911 14912 14913 14914 14915 14916 14917 14918 14919 14920 14921 14922 14923 14924 14925 14926 14927 14928 14929 14930 14931 14932 14933 14934 14935 14936 14937 14938 14939 14940 14941 14942 14943 14944 14945 14946 14947 14948 14949 14950 14951 14952 14953 14954 14955 14956 14957 14958 14959 14960 14961 14962 14963 14964 14965 14966 14967 14968 14969 14970 14971 14972 14973 14974 14975 14976 14977 14978 14979 14980 14981 14982 14983 14984 14985 14986 14987 14988 14989 14990 14991 14992 14993 14994 14995 14996 14997 14998 14999 15000 15001 15002 15003 15004 15005 15006 15007 15008 15009 15010 15011 15012 15013 15014 15015 15016 15017 15018 15019 15020 15021 15022 15023 15024 15025 15026 15027 15028 15029 15030 15031 15032 15033 15034 15035 15036 15037 15038 15039 15040 15041 15042 15043 15044 15045 15046 15047 15048 15049 15050 15051 15052 15053 15054 15055 15056 15057 15058 15059 15060 15061 15062 15063 15064 15065 15066 15067 15068 15069 15070 15071 15072 15073 15074 15075 15076 15077 15078 15079 15080 15081 15082 15083 15084 15085 15086 15087 15088 15089 15090 15091 15092 15093 15094 15095 15096 15097 15098 15099 15100 15101 15102 15103 15104 15105 15106 15107 15108 15109 15110 15111 15112 15113 15114 15115 15116 15117 15118 15119 15120 15121 15122 15123 15124 15125 15126 15127 15128 15129 15130 15131 15132 15133 15134 15135 15136 15137 15138 15139 15140 15141 15142 15143 15144 15145 15146 15147 15148 15149 15150 15151 15152 15153 15154 15155 15156 15157 15158 15159 15160 15161 15162 15163 15164 15165 15166 15167 15168 15169 15170 15171 15172 15173 15174 15175 15176 15177 15178 15179 15180 15181 15182 15183 15184 15185 15186 15187 15188 15189 15190 15191 15192 15193 15194 15195 15196 15197 15198 15199 15200 15201 15202 15203 15204 15205 15206 15207 15208 15209 15210 15211 15212 15213 15214 15215 15216 15217 15218 15219 15220 15221 15222 15223 15224 15225 15226 15227 15228 15229 15230 15231 15232 15233 15234 15235 15236 15237 15238 15239 15240 15241 15242 15243 15244 15245 15246 15247 15248 15249 15250 15251 15252 15253 15254 15255 15256 15257 15258 15259 15260 15261 15262 15263 15264 15265 15266 15267 15268 15269 15270 15271 15272 15273 15274 15275 15276 15277 15278 15279 15280 15281 15282 15283 15284 15285 15286 15287 15288 15289 15290 15291 15292 15293 15294 15295 15296 15297 15298 15299 15300 15301 15302 15303 15304 15305 15306 15307 15308 15309 15310 15311 15312 15313 15314 15315 15316 15317 15318 15319 15320 15321 15322 15323 15324 15325 15326 15327 15328 15329 15330 15331 15332 15333 15334 15335 15336 15337 15338 15339 15340 15341 15342 15343 15344 15345 15346 15347 15348 15349 15350 15351 15352 15353 15354 15355 15356 15357 15358 15359 15360 15361 15362 15363 15364 15365 15366 15367 15368 15369 15370 15371 15372 15373 15374 15375 15376 15377 15378 15379 15380 15381 15382 15383 15384 15385 15386 15387 15388 15389 15390 15391 15392 15393 15394 15395 15396 15397 15398 15399 15400 15401 15402 15403 15404 15405 15406 15407 15408 15409 15410 15411 15412 15413 15414 15415 15416 15417 15418 15419 15420 15421 15422 15423 15424 15425 15426 15427 15428 15429 15430 15431 15432 15433 15434 15435 15436 15437 15438 15439 15440 15441 15442 15443 15444 15445 15446 15447 15448 15449 15450 15451 15452 15453 15454 15455 15456 15457 15458 15459 15460 15461 15462 15463 15464 15465 15466 15467 15468 15469 15470 15471 15472 15473 15474 15475 15476 15477 15478 15479 15480 15481 15482 15483 15484 15485 15486 15487 15488 15489 15490 15491 15492 15493 15494 15495 15496 15497 15498 15499 15500 15501 15502 15503 15504 15505 15506 15507 15508 15509 15510 15511 15512 15513 15514 15515 15516 15517 15518 15519 15520 15521 15522 15523 15524 15525 15526 15527 15528 15529 15530 15531 15532 15533 15534 15535 15536 15537 15538 15539 15540 15541 15542 15543 15544 15545 15546 15547 15548 15549 15550 15551 15552 15553 15554 15555 15556 15557 15558 15559 15560 15561 15562 15563 15564 15565 15566 15567 15568 15569 15570 15571 15572 15573 15574 15575 15576 15577 15578 15579 15580 15581 15582 15583 15584 15585 15586 15587 15588 15589 15590 15591 15592 15593 15594 15595 15596 15597 15598 15599 15600 15601 15602 15603 15604 15605 15606 15607 15608 15609 15610 15611 15612 15613 15614 15615 15616 15617 15618 15619 15620 15621 15622 15623 15624 15625 15626 15627 15628 15629 15630 15631 15632 15633 15634 15635 15636 15637 15638 15639 15640 15641 15642 15643 15644 15645 15646 15647 15648 15649 15650 15651 15652 15653 15654 15655 15656 15657 15658 15659 15660 15661 15662 15663 15664 15665 15666 15667 15668 15669 15670 15671 15672 15673 15674 15675 15676 15677 15678 15679 15680 15681 15682 15683 15684 15685 15686 15687 15688 15689 15690 15691 15692 15693 15694 15695 15696 15697 15698 15699 15700 15701 15702 15703 15704 15705 15706 15707 15708 15709 15710 15711 15712 15713 15714 15715 15716 15717 15718 15719 15720 15721 15722 15723 15724 15725 15726 15727 15728 15729 15730 15731 15732 15733 15734 15735 15736 15737 15738 15739 15740 15741 15742 15743 15744 15745 15746 15747 15748 15749 15750 15751 15752 15753 15754 15755 15756 15757 15758 15759 15760 15761 15762 15763 15764 15765 15766 15767 15768 15769 15770 15771 15772 15773 15774 15775 15776 15777 15778 15779 15780 15781 15782 15783 15784 15785 15786 15787 15788 15789 15790 15791 15792 15793 15794 15795 15796 15797 15798 15799 15800 15801 15802 15803 15804 15805 15806 15807 15808 15809 15810 15811 15812 15813 15814 15815 15816 15817 15818 15819 15820 15821 15822 15823 15824 15825 15826 15827 15828 15829 15830 15831 15832 15833 15834 15835 15836 15837 15838 15839 15840 15841 15842 15843 15844 15845 15846 15847 15848 15849 15850 15851 15852 15853 15854 15855 15856 15857 15858 15859 15860 15861 15862 15863 15864 15865 15866 15867 15868 15869 15870 15871 15872 15873 15874 15875 15876 15877 15878 15879 15880 15881 15882 15883 15884 15885 15886 15887 15888 15889 15890 15891 15892 15893 15894 15895 15896 15897 15898 15899 15900 15901 15902 15903 15904 15905 15906 15907 15908 15909 15910 15911 15912 15913 15914 15915 15916 15917 15918 15919 15920 15921 15922 15923 15924 15925 15926 15927 15928 15929 15930 15931 15932 15933 15934 15935 15936 15937 15938 15939 15940 15941 15942 15943 15944 15945 15946 15947 15948 15949 15950 15951 15952 15953 15954 15955 15956 15957 15958 15959 15960 15961 15962 15963 15964 15965 15966 15967 15968 15969 15970 15971 15972 15973 15974 15975 15976 15977 15978 15979 15980 15981 15982 15983 15984 15985 15986 15987 15988 15989 15990 15991 15992 15993 15994 15995 15996 15997 15998 15999 16000 16001 16002 16003 16004 16005 16006 16007 16008 16009 16010 16011 16012 16013 16014 16015 16016 16017 16018 16019 16020 16021 16022 16023 16024 16025 16026 16027 16028 16029 16030 16031 16032 16033 16034 16035 16036 16037 16038 16039 16040 16041 16042 16043 16044 16045 16046 16047 16048 16049 16050 16051 16052 16053 16054 16055 16056 16057 16058 16059 16060 16061 16062 16063 16064 16065 16066 16067 16068 16069 16070 16071 16072 16073 16074 16075 16076 16077 16078 16079 16080 16081 16082 16083 16084 16085 16086 16087 16088 16089 16090 16091 16092 16093 16094 16095 16096 16097 16098 16099 16100 16101 16102 16103 16104 16105 16106 16107 16108 16109 16110 16111 16112 16113 16114 16115 16116 16117 16118 16119 16120 16121 16122 16123 16124 16125 16126 16127 16128 16129 16130 16131 16132 16133 16134 16135 16136 16137 16138 16139 16140 16141 16142 16143 16144 16145 16146 16147 16148 16149 16150 16151 16152 16153 16154 16155 16156 16157 16158 16159 16160 16161 16162 16163 16164 16165 16166 16167 16168 16169 16170 16171 16172 16173 16174 16175 16176 16177 16178 16179 16180 16181 16182 16183 16184 16185 16186 16187 16188 16189 16190 16191 16192 16193 16194 16195 16196 16197 16198 16199 16200 16201 16202 16203 16204 16205 16206 16207 16208 16209 16210 16211 16212 16213 16214 16215 16216 16217 16218 16219 16220 16221 16222 16223 16224 16225 16226 16227 16228 16229 16230 16231 16232 16233 16234 16235 16236 16237 16238 16239 16240 16241 16242 16243 16244 16245 16246 16247 16248 16249 16250 16251 16252 16253 16254 16255 16256 16257 16258 16259 16260 16261 16262 16263 16264 16265 16266 16267 16268 16269 16270 16271 16272 16273 16274 16275 16276 16277 16278 16279 16280 16281 16282 16283 16284 16285 16286 16287 16288 16289 16290 16291 16292 16293 16294 16295 16296 16297 16298 16299 16300 16301 16302 16303 16304 16305 16306 16307 16308 16309 16310 16311 16312 16313 16314 16315 16316 16317 16318 16319 16320 16321 16322 16323 16324 16325 16326 16327 16328 16329 16330 16331 16332 16333 16334 16335 16336 16337 16338 16339 16340 16341 16342 16343 16344 16345 16346 16347 16348 16349 16350 16351 16352 16353 16354 16355 16356 16357 16358 16359 16360 16361 16362 16363 16364 16365 16366 16367 16368 16369 16370 16371 16372 16373 16374 16375 16376 16377 16378 16379 16380 16381 16382 16383 16384 16385 16386 16387 16388 16389 16390 16391 16392 16393 16394 16395 16396 16397 16398 16399 16400 16401 16402 16403 16404 16405 16406 16407 16408 16409 16410 16411 16412 16413 16414 16415 16416 16417 16418 16419 16420 16421 16422 16423 16424 16425 16426 16427 16428 16429 16430 16431 16432 16433 16434 16435 16436 16437 16438 16439 16440 16441 16442 16443 16444 16445 16446 16447 16448 16449 16450 16451 16452 16453 16454 16455 16456 16457 16458 16459 16460 16461 16462 16463 16464 16465 16466 16467 16468 16469 16470 16471 16472 16473 16474 16475 16476 16477 16478 16479 16480 16481 16482 16483 16484 16485 16486 16487 16488 16489 16490 16491 16492 16493 16494 16495 16496 16497 16498 16499 16500 16501 16502 16503 16504 16505 16506 16507 16508 16509 16510 16511 16512 16513 16514 16515 16516 16517 16518 16519 16520 16521 16522 16523 16524 16525 16526 16527 16528 16529 16530 16531 16532 16533 16534 16535 16536 16537 16538 16539 16540 16541 16542 16543 16544 16545 16546 16547 16548 16549 16550 16551 16552 16553 16554 16555 16556 16557 16558 16559 16560 16561 16562 16563 16564 16565 16566 16567 16568 16569 16570 16571 16572 16573 16574 16575 16576 16577 16578 16579 16580 16581 16582 16583 16584 16585 16586 16587 16588 16589 16590 16591 16592 16593 16594 16595 16596 16597 16598 16599 16600 16601 16602 16603 16604 16605 16606 16607 16608 16609 16610 16611 16612 16613 16614 16615 16616 16617 16618 16619 16620 16621 16622 16623 16624 16625 16626 16627 16628 16629 16630 16631 16632 16633 16634 16635 16636 16637 16638 16639 16640 16641 16642 16643 16644 16645 16646 16647 16648 16649 16650 16651 16652 16653 16654 16655 16656 16657 16658 16659 16660 16661 16662 16663 16664 16665 16666 16667 16668 16669 16670 16671 16672 16673 16674 16675 16676 16677 16678 16679 16680 16681 16682 16683 16684 16685 16686 16687 16688 16689 16690 16691 16692 16693 16694 16695 16696 16697 16698 16699 16700 16701 16702 16703 16704 16705 16706 16707 16708 16709 16710 16711 16712 16713 16714 16715 16716 16717 16718 16719 16720 16721 16722 16723 16724 16725 16726 16727 16728 16729 16730 16731 16732 16733 16734 16735 16736 16737 16738 16739 16740 16741 16742 16743 16744 16745 16746 16747 16748 16749 16750 16751 16752 16753 16754 16755 16756 16757 16758 16759 16760 16761 16762 16763 16764 16765 16766 16767 16768 16769 16770 16771 16772 16773 16774 16775 16776 16777 16778 16779 16780 16781 16782 16783 16784 16785 16786 16787 16788 16789 16790 16791 16792 16793 16794 16795 16796 16797 16798 16799 16800 16801 16802 16803 16804 16805 16806 16807 16808 16809 16810 16811 16812 16813 16814 16815 16816 16817 16818 16819 16820 16821 16822 16823 16824 16825 16826 16827 16828 16829 16830 16831 16832 16833 16834 16835 16836 16837 16838 16839 16840 16841 16842 16843 16844 16845 16846 16847 16848 16849 16850 16851 16852 16853 16854 16855 16856 16857 16858 16859 16860 16861 16862 16863 16864 16865 16866 16867 16868 16869 16870 16871 16872 16873 16874 16875 16876 16877 16878 16879 16880 16881 16882 16883 16884 16885 16886 16887 16888 16889 16890 16891 16892 16893 16894 16895 16896 16897 16898 16899 16900 16901 16902 16903 16904 16905 16906 16907 16908 16909 16910 16911 16912 16913 16914 16915 16916 16917 16918 16919 16920 16921 16922 16923 16924 16925 16926 16927 16928 16929 16930 16931 16932 16933 16934 16935 16936 16937 16938 16939 16940 16941 16942 16943 16944 16945 16946 16947 16948 16949 16950 16951 16952 16953 16954 16955 16956 16957 16958 16959 16960 16961 16962 16963 16964 16965 16966 16967 16968 16969 16970 16971 16972 16973 16974 16975 16976 16977 16978 16979 16980 16981 16982 16983 16984 16985 16986 16987 16988 16989 16990 16991 16992 16993 16994 16995 16996 16997 16998 16999 17000 17001 17002 17003 17004 17005 17006 17007 17008 17009 17010 17011 17012 17013 17014 17015 17016 17017 17018 17019 17020 17021 17022 17023 17024 17025 17026 17027 17028 17029 17030 17031 17032 17033 17034 17035 17036 17037 17038 17039 17040 17041 17042 17043 17044 17045 17046 17047 17048 17049 17050 17051 17052 17053 17054 17055 17056 17057 17058 17059 17060 17061 17062 17063 17064 17065 17066 17067 17068 17069 17070 17071 17072 17073 17074 17075 17076 17077 17078 17079 17080 17081 17082 17083 17084 17085 17086 17087 17088 17089 17090 17091 17092 17093 17094 17095 17096 17097 17098 17099 17100 17101 17102 17103 17104 17105 17106 17107 17108 17109 17110 17111 17112 17113 17114 17115 17116 17117 17118 17119 17120 17121 17122 17123 17124 17125 17126 17127 17128 17129 17130 17131 17132 17133 17134 17135 17136 17137 17138 17139 17140 17141 17142 17143 17144 17145 17146 17147 17148 17149 17150 17151 17152 17153 17154 17155 17156 17157 17158 17159 17160 17161 17162 17163 17164 17165 17166 17167 17168 17169 17170 17171 17172 17173 17174 17175 17176 17177 17178 17179 17180 17181 17182 17183 17184 17185 17186 17187 17188 17189 17190 17191 17192 17193 17194 17195 17196 17197 17198 17199 17200 17201 17202 17203 17204 17205 17206 17207 17208 17209 17210 17211 17212 17213 17214 17215 17216 17217 17218 17219 17220 17221 17222 17223 17224 17225 17226 17227 17228 17229 17230 17231 17232 17233 17234 17235 17236 17237 17238 17239 17240 17241 17242 17243 17244 17245 17246 17247 17248 17249 17250 17251 17252 17253 17254 17255 17256 17257 17258 17259 17260 17261 17262 17263 17264 17265 17266 17267 17268 17269 17270 17271 17272 17273 17274 17275 17276 17277 17278 17279 17280 17281 17282 17283 17284 17285 17286 17287 17288 17289 17290 17291 17292 17293 17294 17295 17296 17297 17298 17299 17300 17301 17302 17303 17304 17305 17306 17307 17308 17309 17310 17311 17312 17313 17314 17315 17316 17317 17318 17319 17320 17321 17322 17323 17324 17325 17326 17327 17328 17329 17330 17331 17332 17333 17334 17335 17336 17337 17338 17339 17340 17341 17342 17343 17344 17345 17346 17347 17348 17349 17350 17351 17352 17353 17354 17355 17356 17357 17358 17359 17360 17361 17362 17363 17364 17365 17366 17367 17368 17369 17370 17371 17372 17373 17374 17375 17376 17377 17378 17379 17380 17381 17382 17383 17384 17385 17386 17387 17388 17389 17390 17391 17392 17393 17394 17395 17396 17397 17398 17399 17400 17401 17402 17403 17404 17405 17406 17407 17408 17409 17410 17411 17412 17413 17414 17415 17416 17417 17418 17419 17420 17421 17422 17423 17424 17425 17426 17427 17428 17429 17430 17431 17432 17433 17434 17435 17436 17437 17438 17439 17440 17441 17442 17443 17444 17445 17446 17447 17448 17449 17450 17451 17452 17453 17454 17455 17456 17457 17458 17459 17460 17461 17462 17463 17464 17465 17466 17467 17468 17469 17470 17471 17472 17473 17474 17475 17476 17477 17478 17479 17480 17481 17482 17483 17484 17485 17486 17487 17488 17489 17490 17491 17492 17493 17494 17495 17496 17497 17498 17499 17500 17501 17502 17503 17504 17505 17506 17507 17508 17509 17510 17511 17512 17513 17514 17515 17516 17517 17518 17519 17520 17521 17522 17523 17524 17525 17526 17527 17528 17529 17530 17531 17532 17533 17534 17535 17536 17537 17538 17539 17540 17541 17542 17543 17544 17545 17546 17547 17548 17549 17550 17551 17552 17553 17554 17555 17556 17557 17558 17559 17560 17561 17562 17563 17564 17565 17566 17567 17568 17569 17570 17571 17572 17573 17574 17575 17576 17577 17578 17579 17580 17581 17582 17583 17584 17585 17586 17587 17588 17589 17590 17591 17592 17593 17594 17595 17596 17597 17598 17599 17600 17601 17602 17603 17604 17605 17606 17607 17608 17609 17610 17611 17612 17613 17614 17615 17616 17617 17618 17619 17620 17621 17622 17623 17624 17625 17626 17627 17628 17629 17630 17631 17632 17633 17634 17635 17636 17637 17638 17639 17640 17641 17642 17643 17644 17645 17646 17647 17648 17649 17650 17651 17652 17653 17654 17655 17656 17657 17658 17659 17660 17661 17662 17663 17664 17665 17666 17667 17668 17669 17670 17671 17672 17673 17674 17675 17676 17677 17678 17679 17680 17681 17682 17683 17684 17685 17686 17687 17688 17689 17690 17691 17692 17693 17694 17695 17696 17697 17698 17699 17700 17701 17702 17703 17704 17705 17706 17707 17708 17709 17710 17711 17712 17713 17714 17715 17716 17717 17718 17719 17720 17721 17722 17723 17724 17725 17726 17727 17728 17729 17730 17731 17732 17733 17734 17735 17736 17737 17738 17739 17740 17741 17742 17743 17744 17745 17746 17747 17748 17749 17750 17751 17752 17753 17754 17755 17756 17757 17758 17759 17760 17761 17762 17763 17764 17765 17766 17767 17768 17769 17770 17771 17772 17773 17774 17775 17776 17777 17778 17779 17780 17781 17782 17783 17784 17785 17786 17787 17788 17789 17790 17791 17792 17793 17794 17795 17796 17797 17798 17799 17800 17801 17802 17803 17804 17805 17806 17807 17808 17809 17810 17811 17812 17813 17814 17815 17816 17817 17818 17819 17820 17821 17822 17823 17824 17825 17826 17827 17828 17829 17830 17831 17832 17833 17834 17835 17836 17837 17838 17839 17840 17841 17842 17843 17844 17845 17846 17847 17848 17849 17850 17851 17852 17853 17854 17855 17856 17857 17858 17859 17860 17861 17862 17863 17864 17865 17866 17867 17868 17869 17870 17871 17872 17873 17874 17875 17876 17877 17878 17879 17880 17881 17882 17883 17884 17885 17886 17887 17888 17889 17890 17891 17892 17893 17894 17895 17896 17897 17898 17899 17900 17901 17902 17903 17904 17905 17906 17907 17908 17909 17910 17911 17912 17913 17914 17915 17916 17917 17918 17919 17920 17921 17922 17923 17924 17925 17926 17927 17928 17929 17930 17931 17932 17933 17934 17935 17936 17937 17938 17939 17940 17941 17942 17943 17944 17945 17946 17947 17948 17949 17950 17951 17952 17953 17954 17955 17956 17957 17958 17959 17960 17961 17962 17963 17964 17965 17966 17967 17968 17969 17970 17971 17972 17973 17974 17975 17976 17977 17978 17979 17980 17981 17982 17983 17984 17985 17986 17987 17988 17989 17990 17991 17992 17993 17994 17995 17996 17997 17998 17999 18000 18001 18002 18003 18004 18005 18006 18007 18008 18009 18010 18011 18012 18013 18014 18015 18016 18017 18018 18019 18020 18021 18022 18023 18024 18025 18026 18027 18028 18029 18030 18031 18032 18033 18034 18035 18036 18037 18038 18039 18040 18041 18042 18043 18044 18045 18046 18047 18048 18049 18050 18051 18052 18053 18054 18055 18056 18057 18058 18059 18060 18061 18062 18063 18064 18065 18066 18067 18068 18069 18070 18071 18072 18073 18074 18075 18076 18077 18078 18079 18080 18081 18082 18083 18084 18085 18086 18087 18088 18089 18090 18091 18092 18093 18094 18095 18096 18097 18098 18099 18100 18101 18102 18103 18104 18105 18106 18107 18108 18109 18110 18111 18112 18113 18114 18115 18116 18117 18118 18119 18120 18121 18122 18123 18124 18125 18126 18127 18128 18129 18130 18131 18132 18133 18134 18135 18136 18137 18138 18139 18140 18141 18142 18143 18144 18145 18146 18147 18148 18149 18150 18151 18152 18153 18154 18155 18156 18157 18158 18159 18160 18161 18162 18163 18164 18165 18166 18167 18168 18169 18170 18171 18172 18173 18174 18175 18176 18177 18178 18179 18180 18181 18182 18183 18184 18185 18186 18187 18188 18189 18190 18191 18192 18193 18194 18195 18196 18197 18198 18199 18200 18201 18202 18203 18204 18205 18206 18207 18208 18209 18210 18211 18212 18213 18214 18215 18216 18217 18218 18219 18220 18221 18222 18223 18224 18225 18226 18227 18228 18229 18230 18231 18232 18233 18234 18235 18236 18237 18238 18239 18240 18241 18242 18243 18244 18245 18246 18247 18248 18249 18250 18251 18252 18253 18254 18255 18256 18257 18258 18259 18260 18261 18262 18263 18264 18265 18266 18267 18268 18269 18270 18271 18272 18273 18274 18275 18276 18277 18278 18279 18280 18281 18282 18283 18284 18285 18286 18287 18288 18289 18290 18291 18292 18293 18294 18295 18296 18297 18298 18299 18300 18301 18302 18303 18304 18305 18306 18307 18308 18309 18310 18311 18312 18313 18314 18315 18316 18317 18318 18319 18320 18321 18322 18323 18324 18325 18326 18327 18328 18329 18330 18331 18332 18333 18334 18335 18336 18337 18338 18339 18340 18341 18342 18343 18344 18345 18346 18347 18348 18349 18350 18351 18352 18353 18354 18355 18356 18357 18358 18359 18360 18361 18362 18363 18364 18365 18366 18367 18368 18369 18370 18371 18372 18373 18374 18375 18376 18377 18378 18379 18380 18381 18382 18383 18384 18385 18386 18387 18388 18389 18390 18391 18392 18393 18394 18395 18396 18397 18398 18399 18400 18401 18402 18403 18404 18405 18406 18407 18408 18409 18410 18411 18412 18413 18414 18415 18416 18417 18418 18419 18420 18421 18422 18423 18424 18425 18426 18427 18428 18429 18430 18431 18432 18433 18434 18435 18436 18437 18438 18439 18440 18441 18442 18443 18444 18445 18446 18447 18448 18449 18450 18451 18452 18453 18454 18455 18456 18457 18458 18459 18460 18461 18462 18463 18464 18465 18466 18467 18468 18469 18470 18471 18472 18473 18474 18475 18476 18477 18478 18479 18480 18481 18482 18483 18484 18485 18486 18487 18488 18489 18490 18491 18492 18493 18494 18495 18496 18497 18498 18499 18500 18501 18502 18503 18504 18505 18506 18507 18508 18509 18510 18511 18512 18513 18514 18515 18516 18517 18518 18519 18520 18521 18522 18523 18524 18525 18526 18527 18528 18529 18530 18531 18532 18533 18534 18535 18536 18537 18538 18539 18540 18541 18542 18543 18544 18545 18546 18547 18548 18549 18550 18551 18552 18553 18554 18555 18556 18557 18558 18559 18560 18561 18562 18563 18564 18565 18566 18567 18568 18569 18570 18571 18572 18573 18574 18575 18576 18577 18578 18579 18580 18581 18582 18583 18584 18585 18586 18587 18588 18589 18590 18591 18592 18593 18594 18595 18596 18597 18598 18599 18600 18601 18602 18603 18604 18605 18606 18607 18608 18609 18610 18611 18612 18613 18614 18615 18616 18617 18618 18619 18620 18621 18622 18623 18624 18625 18626 18627 18628 18629 18630 18631 18632 18633 18634 18635 18636 18637 18638 18639 18640 18641 18642 18643 18644 18645 18646 18647 18648 18649 18650 18651 18652 18653 18654 18655 18656 18657 18658 18659 18660 18661 18662 18663 18664 18665 18666 18667 18668 18669 18670 18671 18672 18673 18674 18675 18676 18677 18678 18679 18680 18681 18682 18683 18684 18685 18686 18687 18688 18689 18690 18691 18692 18693 18694 18695 18696 18697 18698 18699 18700 18701 18702 18703 18704 18705 18706 18707 18708 18709 18710 18711 18712 18713 18714 18715 18716 18717 18718 18719 18720 18721 18722 18723 18724 18725 18726 18727 18728 18729 18730 18731 18732 18733 18734 18735 18736 18737 18738 18739 18740 18741 18742 18743 18744 18745 18746 18747 18748 18749 18750 18751 18752 18753 18754 18755 18756 18757 18758 18759 18760 18761 18762 18763 18764 18765 18766 18767 18768 18769 18770 18771 18772 18773 18774 18775 18776 18777 18778 18779 18780 18781 18782 18783 18784 18785 18786 18787 18788 18789 18790 18791 18792 18793 18794 18795 18796 18797 18798 18799 18800 18801 18802 18803 18804 18805 18806 18807 18808 18809 18810 18811 18812 18813 18814 18815 18816 18817 18818 18819 18820 18821 18822 18823 18824 18825 18826 18827 18828 18829 18830 18831 18832 18833 18834 18835 18836 18837 18838 18839 18840 18841 18842 18843 18844 18845 18846 18847 18848 18849 18850 18851 18852 18853 18854 18855 18856 18857 18858 18859 18860 18861 18862 18863 18864 18865 18866 18867 18868 18869 18870 18871 18872 18873 18874 18875 18876 18877 18878 18879 18880 18881 18882 18883 18884 18885 18886 18887 18888 18889 18890 18891 18892 18893 18894 18895 18896 18897 18898 18899 18900 18901 18902 18903 18904 18905 18906 18907 18908 18909 18910 18911 18912 18913 18914 18915 18916 18917 18918 18919 18920 18921 18922 18923 18924 18925 18926 18927 18928 18929 18930 18931 18932 18933 18934 18935 18936 18937 18938 18939 18940 18941 18942 18943 18944 18945 18946 18947 18948 18949 18950 18951 18952 18953 18954 18955 18956 18957 18958 18959 18960 18961 18962 18963 18964 18965 18966 18967 18968 18969 18970 18971 18972 18973 18974 18975 18976 18977 18978 18979 18980 18981 18982 18983 18984 18985 18986 18987 18988 18989 18990 18991 18992 18993 18994 18995 18996 18997 18998 18999 19000 19001 19002 19003 19004 19005 19006 19007 19008 19009 19010 19011 19012 19013 19014 19015 19016 19017 19018 19019 19020 19021 19022 19023 19024 19025 19026 19027 19028 19029 19030 19031 19032 19033 19034 19035 19036 19037 19038 19039 19040 19041 19042 19043 19044 19045 19046 19047 19048 19049 19050 19051 19052 19053 19054 19055 19056 19057 19058 19059 19060 19061 19062 19063 19064 19065 19066 19067 19068 19069 19070 19071 19072 19073 19074 19075 19076 19077 19078 19079 19080 19081 19082 19083 19084 19085 19086 19087 19088 19089 19090 19091 19092 19093 19094 19095 19096 19097 19098 19099 19100 19101 19102 19103 19104 19105 19106 19107 19108 19109 19110 19111 19112 19113 19114 19115 19116 19117 19118 19119 19120 19121 19122 19123 19124 19125 19126 19127 19128 19129 19130 19131 19132 19133 19134 19135 19136 19137 19138 19139 19140 19141 19142 19143 19144 19145 19146 19147 19148 19149 19150 19151 19152 19153 19154 19155 19156 19157 19158 19159 19160 19161 19162 19163 19164 19165 19166 19167 19168 19169 19170 19171 19172 19173 19174 19175 19176 19177 19178 19179 19180 19181 19182 19183 19184 19185 19186 19187 19188 19189 19190 19191 19192 19193 19194 19195 19196 19197 19198 19199 19200 19201 19202 19203 19204 19205 19206 19207 19208 19209 19210 19211 19212 19213 19214 19215 19216 19217 19218 19219 19220 19221 19222 19223 19224 19225 19226 19227 19228 19229 19230 19231 19232 19233 19234 19235 19236 19237 19238 19239 19240 19241 19242 19243 19244 19245 19246 19247 19248 19249 19250 19251 19252 19253 19254 19255 19256 19257 19258 19259 19260 19261 19262 19263 19264 19265 19266 19267 19268 19269 19270 19271 19272 19273 19274 19275 19276 19277 19278 19279 19280 19281 19282 19283 19284 19285 19286 19287 19288 19289 19290 19291 19292 19293 19294 19295 19296 19297 19298 19299 19300 19301 19302 19303 19304 19305 19306 19307 19308 19309 19310 19311 19312 19313 19314 19315 19316 19317 19318 19319 19320 19321 19322 19323 19324 19325 19326 19327 19328 19329 19330 19331 19332 19333 19334 19335 19336 19337 19338 19339 19340 19341 19342 19343 19344 19345 19346 19347 19348 19349 19350 19351 19352 19353 19354 19355 19356 19357 19358 19359 19360 19361 19362 19363 19364 19365 19366 19367 19368 19369 19370 19371 19372 19373 19374 19375 19376 19377 19378 19379 19380 19381 19382 19383 19384 19385 19386 19387 19388 19389 19390 19391 19392 19393 19394 19395 19396 19397 19398 19399 19400 19401 19402 19403 19404 19405 19406 19407 19408 19409 19410 19411 19412 19413 19414 19415 19416 19417 19418 19419 19420 19421 19422 19423 19424 19425 19426 19427 19428 19429 19430 19431 19432 19433 19434 19435 19436 19437 19438 19439 19440 19441 19442 19443 19444 19445 19446 19447 19448 19449 19450 19451 19452 19453 19454 19455 19456 19457 19458 19459 19460 19461 19462 19463 19464 19465 19466 19467 19468 19469 19470 19471 19472 19473 19474 19475 19476 19477 19478 19479 19480 19481 19482 19483 19484 19485 19486 19487 19488 19489 19490 19491 19492 19493 19494 19495 19496 19497 19498 19499 19500 19501 19502 19503 19504 19505 19506 19507 19508 19509 19510 19511 19512 19513 19514 19515 19516 19517 19518 19519 19520 19521 19522 19523 19524 19525 19526 19527 19528 19529 19530 19531 19532 19533 19534 19535 19536 19537 19538 19539 19540 19541 19542 19543 19544 19545 19546 19547 19548 19549 19550 19551 19552 19553 19554 19555 19556 19557 19558 19559 19560 19561 19562 19563 19564 19565 19566 19567 19568 19569 19570 19571 19572 19573 19574 19575 19576 19577 19578 19579 19580 19581 19582 19583 19584 19585 19586 19587 19588 19589 19590 19591 19592 19593 19594 19595 19596 19597 19598 19599 19600 19601 19602 19603 19604 19605 19606 19607 19608 19609 19610 19611 19612 19613 19614 19615 19616 19617 19618 19619 19620 19621 19622 19623 19624 19625 19626 19627 19628 19629 19630 19631 19632 19633 19634 19635 19636 19637 19638 19639 19640 19641 19642 19643 19644 19645 19646 19647 19648 19649 19650 19651 19652 19653 19654 19655 19656 19657 19658 19659 19660 19661 19662 19663 19664 19665 19666 19667 19668 19669 19670 19671 19672 19673 19674 19675 19676 19677 19678 19679 19680 19681 19682 19683 19684 19685 19686 19687 19688 19689 19690 19691 19692 19693 19694 19695 19696 19697 19698 19699 19700 19701 19702 19703 19704 19705 19706 19707 19708 19709 19710 19711 19712 19713 19714 19715 19716 19717 19718 19719 19720 19721 19722 19723 19724 19725 19726 19727 19728 19729 19730 19731 19732 19733 19734 19735 19736 19737 19738 19739 19740 19741 19742 19743 19744 19745 19746 19747 19748 19749 19750 19751 19752 19753 19754 19755 19756 19757 19758 19759 19760 19761 19762 19763 19764 19765 19766 19767 19768 19769 19770 19771 19772 19773 19774 19775 19776 19777 19778 19779 19780 19781 19782 19783 19784 19785 19786 19787 19788 19789 19790 19791 19792 19793 19794 19795 19796 19797 19798 19799 19800 19801 19802 19803 19804 19805 19806 19807 19808 19809 19810 19811 19812 19813 19814 19815 19816 19817 19818 19819 19820 19821 19822 19823 19824 19825 19826 19827 19828 19829 19830 19831 19832 19833 19834 19835 19836 19837 19838 19839 19840 19841 19842 19843 19844 19845 19846 19847 19848 19849 19850 19851 19852 19853 19854 19855 19856 19857 19858 19859 19860 19861 19862 19863 19864 19865 19866 19867 19868 19869 19870 19871 19872 19873 19874 19875 19876 19877 19878 19879 19880 19881 19882 19883 19884 19885 19886 19887 19888 19889 19890 19891 19892 19893 19894 19895 19896 19897 19898 19899 19900 19901 19902 19903 19904 19905 19906 19907 19908 19909 19910 19911 19912 19913 19914 19915 19916 19917 19918 19919 19920 19921 19922 19923 19924 19925 19926 19927 19928 19929 19930 19931 19932 19933 19934 19935 19936 19937 19938 19939 19940 19941 19942 19943 19944 19945 19946 19947 19948 19949 19950 19951 19952 19953 19954 19955 19956 19957 19958 19959 19960 19961 19962 19963 19964 19965 19966 19967 19968 19969 19970 19971 19972 19973 19974 19975 19976 19977 19978 19979 19980 19981 19982 19983 19984 19985 19986 19987 19988 19989 19990 19991 19992 19993 19994 19995 19996 19997 19998 19999 20000 20001 20002 20003 20004 20005 20006 20007 20008 20009 20010 20011 20012 20013 20014 20015 20016 20017 20018 20019 20020 20021 20022 20023 20024 20025 20026 20027 20028 20029 20030 20031 20032 20033 20034 20035 20036 20037 20038 20039 20040 20041 20042 20043 20044 20045 20046 20047 20048 20049 20050 20051 20052 20053 20054 20055 20056 20057 20058 20059 20060 20061 20062 20063 20064 20065 20066 20067 20068 20069 20070 20071 20072 20073 20074 20075 20076 20077 20078 20079 20080 20081 20082 20083 20084 20085 20086 20087 20088 20089 20090 20091 20092 20093 20094 20095 20096 20097 20098 20099 20100 20101 20102 20103 20104 20105 20106 20107 20108 20109 20110 20111 20112 20113 20114 20115 20116 20117 20118 20119 20120 20121 20122 20123 20124 20125 20126 20127 20128 20129 20130 20131 20132 20133 20134 20135 20136 20137 20138 20139 20140 20141 20142 20143 20144 20145 20146 20147 20148 20149 20150 20151 20152 20153 20154 20155 20156 20157 20158 20159 20160 20161 20162 20163 20164 20165 20166 20167 20168 20169 20170 20171 20172 20173 20174 20175 20176 20177 20178 20179 20180 20181 20182 20183 20184 20185 20186 20187 20188 20189 20190 20191 20192 20193 20194 20195 20196 20197 20198 20199 20200 20201 20202 20203 20204 20205 20206 20207 20208 20209 20210 20211 20212 20213 20214 20215 20216 20217 20218 20219 20220 20221 20222 20223 20224 20225 20226 20227 20228 20229 20230 20231 20232 20233 20234 20235 20236 20237 20238 20239 20240 20241 20242 20243 20244 20245 20246 20247 20248 20249 20250 20251 20252 20253 20254 20255 20256 20257 20258 20259 20260 20261 20262 20263 20264 20265 20266 20267 20268 20269 20270 20271 20272 20273 20274 20275 20276 20277 20278 20279 20280 20281 20282 20283 20284 20285 20286 20287 20288 20289 20290 20291 20292 20293 20294 20295 20296 20297 20298 20299 20300 20301 20302 20303 20304 20305 20306 20307 20308 20309 20310 20311 20312 20313 20314 20315 20316 20317 20318 20319 20320 20321 20322 20323 20324 20325 20326 20327 20328 20329 20330 20331 20332 20333 20334 20335 20336 20337 20338 20339 20340 20341 20342 20343 20344 20345 20346 20347 20348 20349 20350 20351 20352 20353 20354 20355 20356 20357 20358 20359 20360 20361 20362 20363 20364 20365 20366 20367 20368 20369 20370 20371 20372 20373 20374 20375 20376 20377 20378 20379 20380 20381 20382 20383 20384 20385 20386 20387 20388 20389 20390 20391 20392 20393 20394 20395 20396 20397 20398 20399 20400 20401 20402 20403 20404 20405 20406 20407 20408 20409 20410 20411 20412 20413 20414 20415 20416 20417 20418 20419 20420 20421 20422 20423 20424 20425 20426 20427 20428 20429 20430 20431 20432 20433 20434 20435 20436 20437 20438 20439 20440 20441 20442 20443 20444 20445 20446 20447 20448 20449 20450 20451 20452 20453 20454 20455 20456 20457 20458 20459 20460 20461 20462 20463 20464 20465 20466 20467 20468 20469 20470 20471 20472 20473 20474 20475 20476 20477 20478 20479 20480 20481 20482 20483 20484 20485 20486 20487 20488 20489 20490 20491 20492 20493 20494 20495 20496 20497 20498 20499 20500 20501 20502 20503 20504 20505 20506 20507 20508 20509 20510 20511 20512 20513 20514 20515 20516 20517 20518 20519 20520 20521 20522 20523 20524 20525 20526 20527 20528 20529 20530 20531 20532 20533 20534 20535 20536 20537 20538 20539 20540 20541 20542 20543 20544 20545 20546 20547 20548 20549 20550 20551 20552 20553 20554 20555 20556 20557 20558 20559 20560 20561 20562 20563 20564 20565 20566 20567 20568 20569 20570 20571 20572 20573 20574 20575 20576 20577 20578 20579 20580 20581 20582 20583 20584 20585 20586 20587 20588 20589 20590 20591 20592 20593 20594 20595 20596 20597 20598 20599 20600 20601 20602 20603 20604 20605 20606 20607 20608 20609 20610 20611 20612 20613 20614 20615 20616 20617 20618 20619 20620 20621 20622 20623 20624 20625 20626 20627 20628 20629 20630 20631 20632 20633 20634 20635 20636 20637 20638 20639 20640 20641 20642 20643 20644 20645 20646 20647 20648 20649 20650 20651 20652 20653 20654 20655 20656 20657 20658 20659 20660 20661 20662 20663 20664 20665 20666 20667 20668 20669 20670 20671 20672 20673 20674 20675 20676 20677 20678 20679 20680 20681 20682 20683 20684 20685 20686 20687 20688 20689 20690 20691 20692 20693 20694 20695 20696 20697 20698 20699 20700 20701 20702 20703 20704 20705 20706 20707 20708 20709 20710 20711 20712 20713 20714 20715 20716 20717 20718 20719 20720 20721 20722 20723 20724 20725 20726 20727 20728 20729 20730 20731 20732 20733 20734 20735 20736 20737 20738 20739 20740 20741 20742 20743 20744 20745 20746 20747 20748 20749 20750 20751 20752 20753 20754 20755 20756 20757 20758 20759 20760 20761 20762 20763 20764 20765 20766 20767 20768 20769 20770 20771 20772 20773 20774 20775 20776 20777 20778 20779 20780 20781 20782 20783 20784 20785 20786 20787 20788 20789 20790 20791 20792 20793 20794 20795 20796 20797 20798 20799 20800 20801 20802 20803 20804 20805 20806 20807 20808 20809 20810 20811 20812 20813 20814 20815 20816 20817 20818 20819 20820 20821 20822 20823 20824 20825 20826 20827 20828 20829 20830 20831 20832 20833 20834 20835 20836 20837 20838 20839 20840 20841 20842 20843 20844 20845 20846 20847 20848 20849 20850 20851 20852 20853 20854 20855 20856 20857 20858 20859 20860 20861 20862 20863 20864 20865 20866 20867 20868 20869 20870 20871 20872 20873 20874 20875 20876 20877 20878 20879 20880 20881 20882 20883 20884 20885 20886 20887 20888 20889 20890 20891 20892 20893 20894 20895 20896 20897 20898 20899 20900 20901 20902 20903 20904 20905 20906 20907 20908 20909 20910 20911 20912 20913 20914 20915 20916 20917 20918 20919 20920 20921 20922 20923 20924 20925 20926 20927 20928 20929 20930 20931 20932 20933 20934 20935 20936 20937 20938 20939 20940 20941 20942 20943 20944 20945 20946 20947 20948 20949 20950 20951 20952 20953 20954 20955 20956 20957 20958 20959 20960 20961 20962 20963 20964 20965 20966 20967 20968 20969 20970 20971 20972 20973 20974 20975 20976 20977 20978 20979 20980 20981 20982 20983 20984 20985 20986 20987 20988 20989 20990 20991 20992 20993 20994 20995 20996 20997 20998 20999 21000 21001 21002 21003 21004 21005 21006 21007 21008 21009 21010 21011 21012 21013 21014 21015 21016 21017 21018 21019 21020 21021 21022 21023 21024 21025 21026 21027 21028 21029 21030 21031 21032 21033 21034 21035 21036 21037 21038 21039 21040 21041 21042 21043 21044 21045 21046 21047 21048 21049 21050 21051 21052 21053 21054 21055 21056 21057 21058 21059 21060 21061 21062 21063 21064 21065 21066 21067 21068 21069 21070 21071 21072 21073 21074 21075 21076 21077 21078 21079 21080 21081 21082 21083 21084 21085 21086 21087 21088 21089 21090 21091 21092 21093 21094 21095 21096 21097 21098 21099 21100 21101 21102 21103 21104 21105 21106 21107 21108 21109 21110 21111 21112 21113 21114 21115 21116 21117 21118 21119 21120 21121 21122 21123 21124 21125 21126 21127 21128 21129 21130 21131 21132 21133 21134 21135 21136 21137 21138 21139 21140 21141 21142 21143 21144 21145 21146 21147 21148 21149 21150 21151 21152 21153 21154 21155 21156 21157 21158 21159 21160 21161 21162 21163 21164 21165 21166 21167 21168 21169 21170 21171 21172 21173 21174 21175 21176 21177 21178 21179 21180 21181 21182 21183 21184 21185 21186 21187 21188 21189 21190 21191 21192 21193 21194 21195 21196 21197 21198 21199 21200 21201 21202 21203 21204 21205 21206 21207 21208 21209 21210 21211 21212 21213 21214 21215 21216 21217 21218 21219 21220 21221 21222 21223 21224 21225 21226 21227 21228 21229 21230 21231 21232 21233 21234 21235 21236 21237 21238 21239 21240 21241 21242 21243 21244 21245 21246 21247 21248 21249 21250 21251 21252 21253 21254 21255 21256 21257 21258 21259 21260 21261 21262 21263 21264 21265 21266 21267 21268 21269 21270 21271 21272 21273 21274 21275 21276 21277 21278 21279 21280 21281 21282 21283 21284 21285 21286 21287 21288 21289 21290 21291 21292 21293 21294 21295 21296 21297 21298 21299 21300 21301 21302 21303 21304 21305 21306 21307 21308 21309 21310 21311 21312 21313 21314 21315 21316 21317 21318 21319 21320 21321 21322 21323 21324 21325 21326 21327 21328 21329 21330 21331 21332 21333 21334 21335 21336 21337 21338 21339 21340 21341 21342 21343 21344 21345 21346 21347 21348 21349 21350 21351 21352 21353 21354 21355 21356 21357 21358 21359 21360 21361 21362 21363 21364 21365 21366 21367 21368 21369 21370 21371 21372 21373 21374 21375 21376 21377 21378 21379 21380 21381 21382 21383 21384 21385 21386 21387 21388 21389 21390 21391 21392 21393 21394 21395 21396 21397 21398 21399 21400 21401 21402 21403 21404 21405 21406 21407 21408 21409 21410 21411 21412 21413 21414 21415 21416 21417 21418 21419 21420 21421 21422 21423 21424 21425 21426 21427 21428 21429 21430 21431 21432 21433 21434 21435 21436 21437 21438 21439 21440 21441 21442 21443 21444 21445 21446 21447 21448 21449 21450 21451 21452 21453 21454 21455 21456 21457 21458 21459 21460 21461 21462 21463 21464 21465 21466 21467 21468 21469 21470 21471 21472 21473 21474 21475 21476 21477 21478 21479 21480 21481 21482 21483 21484 21485 21486 21487 21488 21489 21490 21491 21492 21493 21494 21495 21496 21497 21498 21499 21500 21501 21502 21503 21504 21505 21506 21507 21508 21509 21510 21511 21512 21513 21514 21515 21516 21517 21518 21519 21520 21521 21522 21523 21524 21525 21526 21527 21528 21529 21530 21531 21532 21533 21534 21535 21536 21537 21538 21539 21540 21541 21542 21543 21544 21545 21546 21547 21548 21549 21550 21551 21552 21553 21554 21555 21556 21557 21558 21559 21560 21561 21562 21563 21564 21565 21566 21567 21568 21569 21570 21571 21572 21573 21574 21575 21576 21577 21578 21579 21580 21581 21582 21583 21584 21585 21586 21587 21588 21589 21590 21591 21592 21593 21594 21595 21596 21597 21598 21599 21600 21601 21602 21603 21604 21605 21606 21607 21608 21609 21610 21611 21612 21613 21614 21615 21616 21617 21618 21619 21620 21621 21622 21623 21624 21625 21626 21627 21628 21629 21630 21631 21632 21633 21634 21635 21636 21637 21638 21639 21640 21641 21642 21643 21644 21645 21646 21647 21648 21649 21650 21651 21652 21653 21654 21655 21656 21657 21658 21659 21660 21661 21662 21663 21664 21665 21666 21667 21668 21669 21670 21671 21672 21673 21674 21675 21676 21677 21678 21679 21680 21681 21682 21683 21684 21685 21686 21687 21688 21689 21690 21691 21692 21693 21694 21695 21696 21697 21698 21699 21700 21701 21702 21703 21704 21705 21706 21707 21708 21709 21710 21711 21712 21713 21714 21715 21716 21717 21718 21719 21720 21721 21722 21723 21724 21725 21726 21727 21728 21729 21730 21731 21732 21733 21734 21735 21736 21737 21738 21739 21740 21741 21742 21743 21744 21745 21746 21747 21748 21749 21750 21751 21752 21753 21754 21755 21756 21757 21758 21759 21760 21761 21762 21763 21764 21765 21766 21767 21768 21769 21770 21771 21772 21773 21774 21775 21776 21777 21778 21779 21780 21781 21782 21783 21784 21785 21786 21787 21788 21789 21790 21791 21792 21793 21794 21795 21796 21797 21798 21799 21800 21801 21802 21803 21804 21805 21806 21807 21808 21809 21810 21811 21812 21813 21814 21815 21816 21817 21818 21819 21820 21821 21822 21823 21824 21825 21826 21827 21828 21829 21830 21831 21832 21833 21834 21835 21836 21837 21838 21839 21840 21841 21842 21843 21844 21845 21846 21847 21848 21849 21850 21851 21852 21853 21854 21855 21856 21857 21858 21859 21860 21861 21862 21863 21864 21865 21866 21867 21868 21869 21870 21871 21872 21873 21874 21875 21876 21877 21878 21879 21880 21881 21882 21883 21884 21885 21886 21887 21888 21889 21890 21891 21892 21893 21894 21895 21896 21897 21898 21899 21900 21901 21902 21903 21904 21905 21906 21907 21908 21909 21910 21911 21912 21913 21914 21915 21916 21917 21918 21919 21920 21921 21922 21923 21924 21925 21926 21927 21928 21929 21930 21931 21932 21933 21934 21935 21936 21937 21938 21939 21940 21941 21942 21943 21944 21945 21946 21947 21948 21949 21950 21951 21952 21953 21954 21955 21956 21957 21958 21959 21960 21961 21962 21963 21964 21965 21966 21967 21968 21969 21970 21971 21972 21973 21974 21975 21976 21977 21978 21979 21980 21981 21982 21983 21984 21985 21986 21987 21988 21989 21990 21991 21992 21993 21994 21995 21996 21997 21998 21999 22000 22001 22002 22003 22004 22005 22006 22007 22008 22009 22010 22011 22012 22013 22014 22015 22016 22017 22018 22019 22020 22021 22022 22023 22024 22025 22026 22027 22028 22029 22030 22031 22032 22033 22034 22035 22036 22037 22038 22039 22040 22041 22042 22043 22044 22045 22046 22047 22048 22049 22050 22051 22052 22053 22054 22055 22056 22057 22058 22059 22060 22061 22062 22063 22064 22065 22066 22067 22068 22069 22070 22071 22072 22073 22074 22075 22076 22077 22078 22079 22080 22081 22082 22083 22084 22085 22086 22087 22088 22089 22090 22091 22092 22093 22094 22095 22096 22097 22098 22099 22100 22101 22102 22103 22104 22105 22106 22107 22108 22109 22110 22111 22112 22113 22114 22115 22116 22117 22118 22119 22120 22121 22122 22123 22124 22125 22126 22127 22128 22129 22130 22131 22132 22133 22134 22135 22136 22137 22138 22139 22140 22141 22142 22143 22144 22145 22146 22147 22148 22149 22150 22151 22152 22153 22154 22155 22156 22157 22158 22159 22160 22161 22162 22163 22164 22165 22166 22167 22168 22169 22170 22171 22172 22173 22174 22175 22176 22177 22178 22179 22180 22181 22182 22183 22184 22185 22186 22187 22188 22189 22190 22191 22192 22193 22194 22195 22196 22197 22198 22199 22200 22201 22202 22203 22204 22205 22206 22207 22208 22209 22210 22211 22212 22213 22214 22215 22216 22217 22218 22219 22220 22221 22222 22223 22224 22225 22226 22227 22228 22229 22230 22231 22232 22233 22234 22235 22236 22237 22238 22239 22240 22241 22242 22243 22244 22245 22246 22247 22248 22249 22250 22251 22252 22253 22254 22255 22256 22257 22258 22259 22260 22261 22262 22263 22264 22265 22266 22267 22268 22269 22270 22271 22272 22273 22274 22275 22276 22277 22278 22279 22280 22281 22282 22283 22284 22285 22286 22287 22288 22289 22290 22291 22292 22293 22294 22295 22296 22297 22298 22299 22300 22301 22302 22303 22304 22305 22306 22307 22308 22309 22310 22311 22312 22313 22314 22315 22316 22317 22318 22319 22320 22321 22322 22323 22324 22325 22326 22327 22328 22329 22330 22331 22332 22333 22334 22335 22336 22337 22338 22339 22340 22341 22342 22343 22344 22345 22346 22347 22348 22349 22350 22351 22352 22353 22354 22355 22356 22357 22358 22359 22360 22361 22362 22363 22364 22365 22366 22367 22368 22369 22370 22371 22372 22373 22374 22375 22376 22377 22378 22379 22380 22381 22382 22383 22384 22385 22386 22387 22388 22389 22390 22391 22392 22393 22394 22395 22396 22397 22398 22399 22400 22401 22402 22403 22404 22405 22406 22407 22408 22409 22410 22411 22412 22413 22414 22415 22416 22417 22418 22419 22420 22421 22422 22423 22424 22425 22426 22427 22428 22429 22430 22431 22432 22433 22434 22435 22436 22437 22438 22439 22440 22441 22442 22443 22444 22445 22446 22447 22448 22449 22450 22451 22452 22453 22454 22455 22456 22457 22458 22459 22460 22461 22462 22463 22464 22465 22466 22467 22468 22469 22470 22471 22472 22473 22474 22475 22476 22477 22478 22479 22480 22481 22482 22483 22484 22485 22486 22487 22488 22489 22490 22491 22492 22493 22494 22495 22496 22497 22498 22499 22500 22501 22502 22503 22504 22505 22506 22507 22508 22509 22510 22511 22512 22513 22514 22515 22516 22517 22518 22519 22520 22521 22522 22523 22524 22525 22526 22527 22528 22529 22530 22531 22532 22533 22534 22535 22536 22537 22538 22539 22540 22541 22542 22543 22544 22545 22546 22547 22548 22549 22550 22551 22552 22553 22554 22555 22556 22557 22558 22559 22560 22561 22562 22563 22564 22565 22566 22567 22568 22569 22570 22571 22572 22573 22574 22575 22576 22577 22578 22579 22580 22581 22582 22583 22584 22585 22586 22587 22588 22589 22590 22591 22592 22593 22594 22595 22596 22597 22598 22599 22600 22601 22602 22603 22604 22605 22606 22607 22608 22609 22610 22611 22612 22613 22614 22615 22616 22617 22618 22619 22620 22621 22622 22623 22624 22625 22626 22627 22628 22629 22630 22631 22632 22633 22634 22635 22636 22637 22638 22639 22640 22641 22642 22643 22644 22645 22646 22647 22648 22649 22650 22651 22652 22653 22654 22655 22656 22657 22658 22659 22660 22661 22662 22663 22664 22665 22666 22667 22668 22669 22670 22671 22672 22673 22674 22675 22676 22677 22678 22679 22680 22681 22682 22683 22684 22685 22686 22687 22688 22689 22690 22691 22692 22693 22694 22695 22696 22697 22698 22699 22700 22701 22702 22703 22704 22705 22706 22707 22708 22709 22710 22711 22712 22713 22714 22715 22716 22717 22718 22719 22720 22721 22722 22723 22724 22725 22726 22727 22728 22729 22730 22731 22732 22733 22734 22735 22736 22737 22738 22739 22740 22741 22742 22743 22744 22745 22746 22747 22748 22749 22750 22751 22752 22753 22754 22755 22756 22757 22758 22759 22760 22761 22762 22763 22764 22765 22766 22767 22768 22769 22770 22771 22772 22773 22774 22775 22776 22777 22778 22779 22780 22781 22782 22783 22784 22785 22786 22787 22788 22789 22790 22791 22792 22793 22794 22795 22796 22797 22798 22799 22800 22801 22802 22803 22804 22805 22806 22807 22808 22809 22810 22811 22812 22813 22814 22815 22816 22817 22818 22819 22820 22821 22822 22823 22824 22825 22826 22827 22828 22829 22830 22831 22832 22833 22834 22835 22836 22837 22838 22839 22840 22841 22842 22843 22844 22845 22846 22847 22848 22849 22850 22851 22852 22853 22854 22855 22856 22857 22858 22859 22860 22861 22862 22863 22864 22865 22866 22867 22868 22869 22870 22871 22872 22873 22874 22875 22876 22877 22878 22879 22880 22881 22882 22883 22884 22885 22886 22887 22888 22889 22890 22891 22892 22893 22894 22895 22896 22897 22898 22899 22900 22901 22902 22903 22904 22905 22906 22907 22908 22909 22910 22911 22912 22913 22914 22915 22916 22917 22918 22919 22920 22921 22922 22923 22924 22925 22926 22927 22928 22929 22930 22931 22932 22933 22934 22935 22936 22937 22938 22939 22940 22941 22942 22943 22944 22945 22946 22947 22948 22949 22950 22951 22952 22953 22954 22955 22956 22957 22958 22959 22960 22961 22962 22963 22964 22965 22966 22967 22968 22969 22970 22971 22972 22973 22974 22975 22976 22977 22978 22979 22980 22981 22982 22983 22984 22985 22986 22987 22988 22989 22990 22991 22992 22993 22994 22995 22996 22997 22998 22999 23000 23001 23002 23003 23004 23005 23006 23007 23008 23009 23010 23011 23012 23013 23014 23015 23016 23017 23018 23019 23020 23021 23022 23023 23024 23025 23026 23027 23028 23029 23030 23031 23032 23033 23034 23035 23036 23037 23038 23039 23040 23041 23042 23043 23044 23045 23046 23047 23048 23049 23050 23051 23052 23053 23054 23055 23056 23057 23058 23059 23060 23061 23062 23063 23064 23065 23066 23067 23068 23069 23070 23071 23072 23073 23074 23075 23076 23077 23078 23079 23080 23081 23082 23083 23084 23085 23086 23087 23088 23089 23090 23091 23092 23093 23094 23095 23096 23097 23098 23099 23100 23101 23102 23103 23104 23105 23106 23107 23108 23109 23110 23111 23112 23113 23114 23115 23116 23117 23118 23119 23120 23121 23122 23123 23124 23125 23126 23127 23128 23129 23130 23131 23132 23133 23134 23135 23136 23137 23138 23139 23140 23141 23142 23143 23144 23145 23146 23147 23148 23149 23150 23151 23152 23153 23154 23155 23156 23157 23158 23159 23160 23161 23162 23163 23164 23165 23166 23167 23168 23169 23170 23171 23172 23173 23174 23175 23176 23177 23178 23179 23180 23181 23182 23183 23184 23185 23186 23187 23188 23189 23190 23191 23192 23193 23194 23195 23196 23197 23198 23199 23200 23201 23202 23203 23204 23205 23206 23207 23208 23209 23210 23211 23212 23213 23214 23215 23216 23217 23218 23219 23220 23221 23222 23223 23224 23225 23226 23227 23228 23229 23230 23231 23232 23233 23234 23235 23236 23237 23238 23239 23240 23241 23242 23243 23244 23245 23246 23247 23248 23249 23250 23251 23252 23253 23254 23255 23256 23257 23258 23259 23260 23261 23262 23263 23264 23265 23266 23267 23268 23269 23270 23271 23272 23273 23274 23275 23276 23277 23278 23279 23280 23281 23282 23283 23284 23285 23286 23287 23288 23289 23290 23291 23292 23293 23294 23295 23296 23297 23298 23299 23300 23301 23302 23303 23304 23305 23306 23307 23308 23309 23310 23311 23312 23313 23314 23315 23316 23317 23318 23319 23320 23321 23322 23323 23324 23325 23326 23327 23328 23329 23330 23331 23332 23333 23334 23335 23336 23337 23338 23339 23340 23341 23342 23343 23344 23345 23346 23347 23348 23349 23350 23351 23352 23353 23354 23355 23356 23357 23358 23359 23360 23361 23362 23363 23364 23365 23366 23367 23368 23369 23370 23371 23372 23373 23374 23375 23376 23377 23378 23379 23380 23381 23382 23383 23384 23385 23386 23387 23388 23389 23390 23391 23392 23393 23394 23395 23396 23397 23398 23399 23400 23401 23402 23403 23404 23405 23406 23407 23408 23409 23410 23411 23412 23413 23414 23415 23416 23417 23418 23419 23420 23421 23422 23423 23424 23425 23426 23427 23428 23429 23430 23431 23432 23433 23434 23435 23436 23437 23438 23439 23440 23441 23442 23443 23444 23445 23446 23447 23448 23449 23450 23451 23452 23453 23454 23455 23456 23457 23458 23459 23460 23461 23462 23463 23464 23465 23466 23467 23468 23469 23470 23471 23472 23473 23474 23475 23476 23477 23478 23479 23480 23481 23482 23483 23484 23485 23486 23487 23488 23489 23490 23491 23492 23493 23494 23495 23496 23497 23498 23499 23500 23501 23502 23503 23504 23505 23506 23507 23508 23509 23510 23511 23512 23513 23514 23515 23516 23517 23518 23519 23520 23521 23522 23523 23524 23525 23526 23527 23528 23529 23530 23531 23532 23533 23534 23535 23536 23537 23538 23539 23540 23541 23542 23543 23544 23545 23546 23547 23548 23549 23550 23551 23552 23553 23554 23555 23556 23557 23558 23559 23560 23561 23562 23563 23564 23565 23566 23567 23568 23569 23570 23571 23572 23573 23574 23575 23576 23577 23578 23579 23580 23581 23582 23583 23584 23585 23586 23587 23588 23589 23590 23591 23592 23593 23594 23595 23596 23597 23598 23599 23600 23601 23602 23603 23604 23605 23606 23607 23608 23609 23610 23611 23612 23613 23614 23615 23616 23617 23618 23619 23620 23621 23622 23623 23624 23625 23626 23627 23628 23629 23630 23631 23632 23633 23634 23635 23636 23637 23638 23639 23640 23641 23642 23643 23644 23645 23646 23647 23648 23649 23650 23651 23652 23653 23654 23655 23656 23657 23658 23659 23660 23661 23662 23663 23664 23665 23666 23667 23668 23669 23670 23671 23672 23673 23674 23675 23676 23677 23678 23679 23680 23681 23682 23683 23684 23685 23686 23687 23688 23689 23690 23691 23692 23693 23694 23695 23696 23697 23698 23699 23700 23701 23702 23703 23704 23705 23706 23707 23708 23709 23710 23711 23712 23713 23714 23715 23716 23717 23718 23719 23720 23721 23722 23723 23724 23725 23726 23727 23728 23729 23730 23731 23732 23733 23734 23735 23736 23737 23738 23739 23740 23741 23742 23743 23744 23745 23746 23747 23748 23749 23750 23751 23752 23753 23754 23755 23756 23757 23758 23759 23760 23761 23762 23763 23764 23765 23766 23767 23768 23769 23770 23771 23772 23773 23774 23775 23776 23777 23778 23779 23780 23781 23782 23783 23784 23785 23786 23787 23788 23789 23790 23791 23792 23793 23794 23795 23796 23797 23798 23799 23800 23801 23802 23803 23804 23805 23806 23807 23808 23809 23810 23811 23812 23813 23814 23815 23816 23817 23818 23819 23820 23821 23822 23823 23824 23825 23826 23827 23828 23829 23830 23831 23832 23833 23834 23835 23836 23837 23838 23839 23840 23841 23842 23843 23844 23845 23846 23847 23848 23849 23850 23851 23852 23853 23854 23855 23856 23857 23858 23859 23860 23861 23862 23863 23864 23865 23866 23867 23868 23869 23870 23871 23872 23873 23874 23875 23876 23877 23878 23879 23880 23881 23882 23883 23884 23885 23886 23887 23888 23889 23890 23891 23892 23893 23894 23895 23896 23897 23898 23899 23900 23901 23902 23903 23904 23905 23906 23907 23908 23909 23910 23911 23912 23913 23914 23915 23916 23917 23918 23919 23920 23921 23922 23923 23924 23925 23926 23927 23928 23929 23930 23931 23932 23933 23934 23935 23936 23937 23938 23939 23940 23941 23942 23943 23944 23945 23946 23947 23948 23949 23950 23951 23952 23953 23954 23955 23956 23957 23958 23959 23960 23961 23962 23963 23964 23965 23966 23967 23968 23969 23970 23971 23972 23973 23974 23975 23976 23977 23978 23979 23980 23981 23982 23983 23984 23985 23986 23987 23988 23989 23990 23991 23992 23993 23994 23995 23996 23997 23998 23999 24000 24001 24002 24003 24004 24005 24006 24007 24008 24009 24010 24011 24012 24013 24014 24015 24016 24017 24018 24019 24020 24021 24022 24023 24024 24025 24026 24027 24028 24029 24030 24031 24032 24033 24034 24035 24036 24037 24038 24039 24040 24041 24042 24043 24044 24045 24046 24047 24048 24049 24050 24051 24052 24053 24054 24055 24056 24057 24058 24059 24060 24061 24062 24063 24064 24065 24066 24067 24068 24069 24070 24071 24072 24073 24074 24075 24076 24077 24078 24079 24080 24081 24082 24083 24084 24085 24086 24087 24088 24089 24090 24091 24092 24093 24094 24095 24096 24097 24098 24099 24100 24101 24102 24103 24104 24105 24106 24107 24108 24109 24110 24111 24112 24113 24114 24115 24116 24117 24118 24119 24120 24121 24122 24123 24124 24125 24126 24127 24128 24129 24130 24131 24132 24133 24134 24135 24136 24137 24138 24139 24140 24141 24142 24143 24144 24145 24146 24147 24148 24149 24150 24151 24152 24153 24154 24155 24156 24157 24158 24159 24160 24161 24162 24163 24164 24165 24166 24167 24168 24169 24170 24171 24172 24173 24174 24175 24176 24177 24178 24179 24180 24181 24182 24183 24184 24185 24186 24187 24188 24189 24190 24191 24192 24193 24194 24195 24196 24197 24198 24199 24200 24201 24202 24203 24204 24205 24206 24207 24208 24209 24210 24211 24212 24213 24214 24215 24216 24217 24218 24219 24220 24221 24222 24223 24224 24225 24226 24227 24228 24229 24230 24231 24232 24233 24234 24235 24236 24237 24238 24239 24240 24241 24242 24243 24244 24245 24246 24247 24248 24249 24250 24251 24252 24253 24254 24255 24256 24257 24258 24259 24260 24261 24262 24263 24264 24265 24266 24267 24268 24269 24270 24271 24272 24273 24274 24275 24276 24277 24278 24279 24280 24281 24282 24283 24284 24285 24286 24287 24288 24289 24290 24291 24292 24293 24294 24295 24296 24297 24298 24299 24300 24301 24302 24303 24304 24305 24306 24307 24308 24309 24310 24311 24312 24313 24314 24315 24316 24317 24318 24319 24320 24321 24322 24323 24324 24325 24326 24327 24328 24329 24330 24331 24332 24333 24334 24335 24336 24337 24338 24339 24340 24341 24342 24343 24344 24345 24346 24347 24348 24349 24350 24351 24352 24353 24354 24355 24356 24357 24358 24359 24360 24361 24362 24363 24364 24365 24366 24367 24368 24369 24370 24371 24372 24373 24374 24375 24376 24377 24378 24379 24380 24381 24382 24383 24384 24385 24386 24387 24388 24389 24390 24391 24392 24393 24394 24395 24396 24397 24398 24399 24400 24401 24402 24403 24404 24405 24406 24407 24408 24409 24410 24411 24412 24413 24414 24415 24416 24417 24418 24419 24420 24421 24422 24423 24424 24425 24426 24427 24428 24429 24430 24431 24432 24433 24434 24435 24436 24437 24438 24439 24440 24441 24442 24443 24444 24445 24446 24447 24448 24449 24450 24451 24452 24453 24454 24455 24456 24457 24458 24459 24460 24461 24462 24463 24464 24465 24466 24467 24468 24469 24470 24471 24472 24473 24474 24475 24476 24477 24478 24479 24480 24481 24482 24483 24484 24485 24486 24487 24488 24489 24490 24491 24492 24493 24494 24495 24496 24497 24498 24499 24500 24501 24502 24503 24504 24505 24506 24507 24508 24509 24510 24511 24512 24513 24514 24515 24516 24517 24518 24519 24520 24521 24522 24523 24524 24525 24526 24527 24528 24529 24530 24531 24532 24533 24534 24535 24536 24537 24538 24539 24540 24541 24542 24543 24544 24545 24546 24547 24548 24549 24550 24551 24552 24553 24554 24555 24556 24557 24558 24559 24560 24561 24562 24563 24564 24565 24566 24567 24568 24569 24570 24571 24572 24573 24574 24575 24576 24577 24578 24579 24580 24581 24582 24583 24584 24585 24586 24587 24588 24589 24590 24591 24592 24593 24594 24595 24596 24597 24598 24599 24600 24601 24602 24603 24604 24605 24606 24607 24608 24609 24610 24611 24612 24613 24614 24615 24616 24617 24618 24619 24620 24621 24622 24623 24624 24625 24626 24627 24628 24629 24630 24631 24632 24633 24634 24635 24636 24637 24638 24639 24640 24641 24642 24643 24644 24645 24646 24647 24648 24649 24650 24651 24652 24653 24654 24655 24656 24657 24658 24659 24660 24661 24662 24663 24664 24665 24666 24667 24668 24669 24670 24671 24672 24673 24674 24675 24676 24677 24678 24679 24680 24681 24682 24683 24684 24685 24686 24687 24688 24689 24690 24691 24692 24693 24694 24695 24696 24697 24698 24699 24700 24701 24702 24703 24704 24705 24706 24707 24708 24709 24710 24711 24712 24713 24714 24715 24716 24717 24718 24719 24720 24721 24722 24723 24724 24725 24726 24727 24728 24729 24730 24731 24732 24733 24734 24735 24736 24737 24738 24739 24740 24741 24742 24743 24744 24745 24746 24747 24748 24749 24750 24751 24752 24753 24754 24755 24756 24757 24758 24759 24760 24761 24762 24763 24764 24765 24766 24767 24768 24769 24770 24771 24772 24773 24774 24775 24776 24777 24778 24779 24780 24781 24782 24783 24784 24785 24786 24787 24788 24789 24790 24791 24792 24793 24794 24795 24796 24797 24798 24799 24800 24801 24802 24803 24804 24805 24806 24807 24808 24809 24810 24811 24812 24813 24814 24815 24816 24817 24818 24819 24820 24821 24822 24823 24824 24825 24826 24827 24828 24829 24830 24831 24832 24833 24834 24835 24836 24837 24838 24839 24840 24841 24842 24843 24844 24845 24846 24847 24848 24849 24850 24851 24852 24853 24854 24855 24856 24857 24858 24859 24860 24861 24862 24863 24864 24865 24866 24867 24868 24869 24870 24871 24872 24873 24874 24875 24876 24877 24878 24879 24880 24881 24882 24883 24884 24885 24886 24887 24888 24889 24890 24891 24892 24893 24894 24895 24896 24897 24898 24899 24900 24901 24902 24903 24904 24905 24906 24907 24908 24909 24910 24911 24912 24913 24914 24915 24916 24917 24918 24919 24920 24921 24922 24923 24924 24925 24926 24927 24928 24929 24930 24931 24932 24933 24934 24935 24936 24937 24938 24939 24940 24941 24942 24943 24944 24945 24946 24947 24948 24949 24950 24951 24952 24953 24954 24955 24956 24957 24958 24959 24960 24961 24962 24963 24964 24965 24966 24967 24968 24969 24970 24971 24972 24973 24974 24975 24976 24977 24978 24979 24980 24981 24982 24983 24984 24985 24986 24987 24988 24989 24990 24991 24992 24993 24994 24995 24996 24997 24998 24999 25000 25001 25002 25003 25004 25005 25006 25007 25008 25009 25010 25011 25012 25013 25014 25015 25016 25017 25018 25019 25020 25021 25022 25023 25024 25025 25026 25027 25028 25029 25030 25031 25032 25033 25034 25035 25036 25037 25038 25039 25040 25041 25042 25043 25044 25045 25046 25047 25048 25049 25050 25051 25052 25053 25054 25055 25056 25057 25058 25059 25060 25061 25062 25063 25064 25065 25066 25067 25068 25069 25070 25071 25072 25073 25074 25075 25076 25077 25078 25079 25080 25081 25082 25083 25084 25085 25086 25087 25088 25089 25090 25091 25092 25093 25094 25095 25096 25097 25098 25099 25100 25101 25102 25103 25104 25105 25106 25107 25108 25109 25110 25111 25112 25113 25114 25115 25116 25117 25118 25119 25120 25121 25122 25123 25124 25125 25126 25127 25128 25129 25130 25131 25132 25133 25134 25135 25136 25137 25138 25139 25140 25141 25142 25143 25144 25145 25146 25147 25148 25149 25150 25151 25152 25153 25154 25155 25156 25157 25158 25159 25160 25161 25162 25163 25164 25165 25166 25167 25168 25169 25170 25171 25172 25173 25174 25175 25176 25177 25178 25179 25180 25181 25182 25183 25184 25185 25186 25187 25188 25189 25190 25191 25192 25193 25194 25195 25196 25197 25198 25199 25200 25201 25202 25203 25204 25205 25206 25207 25208 25209 25210 25211 25212 25213 25214 25215 25216 25217 25218 25219 25220 25221 25222 25223 25224 25225 25226 25227 25228 25229 25230 25231 25232 25233 25234 25235 25236 25237 25238 25239 25240 25241 25242 25243 25244 25245 25246 25247 25248 25249 25250 25251 25252 25253 25254 25255 25256 25257 25258 25259 25260 25261 25262 25263 25264 25265 25266 25267 25268 25269 25270 25271 25272 25273 25274 25275 25276 25277 25278 25279 25280 25281 25282 25283 25284 25285 25286 25287 25288 25289 25290 25291 25292 25293 25294 25295 25296 25297 25298 25299 25300 25301 25302 25303 25304 25305 25306 25307 25308 25309 25310 25311 25312 25313 25314 25315 25316 25317 25318 25319 25320 25321 25322 25323 25324 25325 25326 25327 25328 25329 25330 25331 25332 25333 25334 25335 25336 25337 25338 25339 25340 25341 25342 25343 25344 25345 25346 25347 25348 25349 25350 25351 25352 25353 25354 25355 25356 25357 25358 25359 25360 25361 25362 25363 25364 25365 25366 25367 25368 25369 25370 25371 25372 25373 25374 25375 25376 25377 25378 25379 25380 25381 25382 25383 25384 25385 25386 25387 25388 25389 25390 25391 25392 25393 25394 25395 25396 25397 25398 25399 25400 25401 25402 25403 25404 25405 25406 25407 25408 25409 25410 25411 25412 25413 25414 25415 25416 25417 25418 25419 25420 25421 25422 25423 25424 25425 25426 25427 25428 25429 25430 25431 25432 25433 25434 25435 25436 25437 25438 25439 25440 25441 25442 25443 25444 25445 25446 25447 25448 25449 25450 25451 25452 25453 25454 25455 25456 25457 25458 25459 25460 25461 25462 25463 25464 25465 25466 25467 25468 25469 25470 25471 25472 25473 25474 25475 25476 25477 25478 25479 25480 25481 25482 25483 25484 25485 25486 25487 25488 25489 25490 25491 25492 25493 25494 25495 25496 25497 25498 25499 25500 25501 25502 25503 25504 25505 25506 25507 25508 25509 25510 25511 25512 25513 25514 25515 25516 25517 25518 25519 25520 25521 25522 25523 25524 25525 25526 25527 25528 25529 25530 25531 25532 25533 25534 25535 25536 25537 25538 25539 25540 25541 25542 25543 25544 25545 25546 25547 25548 25549 25550 25551 25552 25553 25554 25555 25556 25557 25558 25559 25560 25561 25562 25563 25564 25565 25566 25567 25568 25569 25570 25571 25572 25573 25574 25575 25576 25577 25578 25579 25580 25581 25582 25583 25584 25585 25586 25587 25588 25589 25590 25591 25592 25593 25594 25595 25596 25597 25598 25599 25600 25601 25602 25603 25604 25605 25606 25607 25608 25609 25610 25611 25612 25613 25614 25615 25616 25617 25618 25619 25620 25621 25622 25623 25624 25625 25626 25627 25628 25629 25630 25631 25632 25633 25634 25635 25636 25637 25638 25639 25640 25641 25642 25643 25644 25645 25646 25647 25648 25649 25650 25651 25652 25653 25654 25655 25656 25657 25658 25659 25660 25661 25662 25663 25664 25665 25666 25667 25668 25669 25670 25671 25672 25673 25674 25675 25676 25677 25678 25679 25680 25681 25682 25683 25684 25685 25686 25687 25688 25689 25690 25691 25692 25693 25694 25695 25696 25697 25698 25699 25700 25701 25702 25703 25704 25705 25706 25707 25708 25709 25710 25711 25712 25713 25714 25715 25716 25717 25718 25719 25720 25721 25722 25723 25724 25725 25726 25727 25728 25729 25730 25731 25732 25733 25734 25735 25736 25737 25738 25739 25740 25741 25742 25743 25744 25745 25746 25747 25748 25749 25750 25751 25752 25753 25754 25755 25756 25757 25758 25759 25760 25761 25762 25763 25764 25765 25766 25767 25768 25769 25770 25771 25772 25773 25774 25775 25776 25777 25778 25779 25780 25781 25782 25783 25784 25785 25786 25787 25788 25789 25790 25791 25792 25793 25794 25795 25796 25797 25798 25799 25800 25801 25802 25803 25804 25805 25806 25807 25808 25809 25810 25811 25812 25813 25814 25815 25816 25817 25818 25819 25820 25821 25822 25823 25824 25825 25826 25827 25828 25829 25830 25831 25832 25833 25834 25835 25836 25837 25838 25839 25840 25841 25842 25843 25844 25845 25846 25847 25848 25849 25850 25851 25852 25853 25854 25855 25856 25857 25858 25859 25860 25861 25862 25863 25864 25865 25866 25867 25868 25869 25870 25871 25872 25873 25874 25875 25876 25877 25878 25879 25880 25881 25882 25883 25884 25885 25886 25887 25888 25889 25890 25891 25892 25893 25894 25895 25896 25897 25898 25899 25900 25901 25902 25903 25904 25905 25906 25907 25908 25909 25910 25911 25912 25913 25914 25915 25916 25917 25918 25919 25920 25921 25922 25923 25924 25925 25926 25927 25928 25929 25930 25931 25932 25933 25934 25935 25936 25937 25938 25939 25940 25941 25942 25943 25944 25945 25946 25947 25948 25949 25950 25951 25952 25953 25954 25955 25956 25957 25958 25959 25960 25961 25962 25963 25964 25965 25966 25967 25968 25969 25970 25971 25972 25973 25974 25975 25976 25977 25978 25979 25980 25981 25982 25983 25984 25985 25986 25987 25988 25989 25990 25991 25992 25993 25994 25995 25996 25997 25998 25999 26000 26001 26002 26003 26004 26005 26006 26007 26008 26009 26010 26011 26012 26013 26014 26015 26016 26017 26018 26019 26020 26021 26022 26023 26024 26025 26026 26027 26028 26029 26030 26031 26032 26033 26034 26035 26036 26037 26038 26039 26040 26041 26042 26043 26044 26045 26046 26047 26048 26049 26050 26051 26052 26053 26054 26055 26056 26057 26058 26059 26060 26061 26062 26063 26064 26065 26066 26067 26068 26069 26070 26071 26072 26073 26074 26075 26076 26077 26078 26079 26080 26081 26082 26083 26084 26085 26086 26087 26088 26089 26090 26091 26092 26093 26094 26095 26096 26097 26098 26099 26100 26101 26102 26103 26104 26105 26106 26107 26108 26109 26110 26111 26112 26113 26114 26115 26116 26117 26118 26119 26120 26121 26122 26123 26124 26125 26126 26127 26128 26129 26130 26131 26132 26133 26134 26135 26136 26137 26138 26139 26140 26141 26142 26143 26144 26145 26146 26147 26148 26149 26150 26151 26152 26153 26154 26155 26156 26157 26158 26159 26160 26161 26162 26163 26164 26165 26166 26167 26168 26169 26170 26171 26172 26173 26174 26175 26176 26177 26178 26179 26180 26181 26182 26183 26184 26185 26186 26187 26188 26189 26190 26191 26192 26193 26194 26195 26196 26197 26198 26199 26200 26201 26202 26203 26204 26205 26206 26207 26208 26209 26210 26211 26212 26213 26214 26215 26216 26217 26218 26219 26220 26221 26222 26223 26224 26225 26226 26227 26228 26229 26230 26231 26232 26233 26234 26235 26236 26237 26238 26239 26240 26241 26242 26243 26244 26245 26246 26247 26248 26249 26250 26251 26252 26253 26254 26255 26256 26257 26258 26259 26260 26261 26262 26263 26264 26265 26266 26267 26268 26269 26270 26271 26272 26273 26274 26275 26276 26277 26278 26279 26280 26281 26282 26283 26284 26285 26286 26287 26288 26289 26290 26291 26292 26293 26294 26295 26296 26297 26298 26299 26300 26301 26302 26303 26304 26305 26306 26307 26308 26309 26310 26311 26312 26313 26314 26315 26316 26317 26318 26319 26320 26321 26322 26323 26324 26325 26326 26327 26328 26329 26330 26331 26332 26333 26334 26335 26336 26337 26338 26339 26340 26341 26342 26343 26344 26345 26346 26347 26348 26349 26350 26351 26352 26353 26354 26355 26356 26357 26358 26359 26360 26361 26362 26363 26364 26365 26366 26367 26368 26369 26370 26371 26372 26373 26374 26375 26376 26377 26378 26379 26380 26381 26382 26383 26384 26385 26386 26387 26388 26389 26390 26391 26392 26393 26394 26395 26396 26397 26398 26399 26400 26401 26402 26403 26404 26405 26406 26407 26408 26409 26410 26411 26412 26413 26414 26415 26416 26417 26418 26419 26420 26421 26422 26423 26424 26425 26426 26427 26428 26429 26430 26431 26432 26433 26434 26435 26436 26437 26438 26439 26440 26441 26442 26443 26444 26445 26446 26447 26448 26449 26450 26451 26452 26453 26454 26455 26456 26457 26458 26459 26460 26461 26462 26463 26464 26465 26466 26467 26468 26469 26470 26471 26472 26473 26474 26475 26476 26477 26478 26479 26480 26481 26482 26483 26484 26485 26486 26487 26488 26489 26490 26491 26492 26493 26494 26495 26496 26497 26498 26499 26500 26501 26502 26503 26504 26505 26506 26507 26508 26509 26510 26511 26512 26513 26514 26515 26516 26517 26518 26519 26520 26521 26522 26523 26524 26525 26526 26527 26528 26529 26530 26531 26532 26533 26534 26535 26536 26537 26538 26539 26540 26541 26542 26543 26544 26545 26546 26547 26548 26549 26550 26551 26552 26553 26554 26555 26556 26557 26558 26559 26560 26561 26562 26563 26564 26565 26566 26567 26568 26569 26570 26571 26572 26573 26574 26575 26576 26577 26578 26579 26580 26581 26582 26583 26584 26585 26586 26587 26588 26589 26590 26591 26592 26593 26594 26595 26596 26597 26598 26599 26600 26601 26602 26603 26604 26605 26606 26607 26608 26609 26610 26611 26612 26613 26614 26615 26616 26617 26618 26619 26620 26621 26622 26623 26624 26625 26626 26627 26628 26629 26630 26631 26632 26633 26634 26635 26636 26637 26638 26639 26640 26641 26642 26643 26644 26645 26646 26647 26648 26649 26650 26651 26652 26653 26654 26655 26656 26657 26658 26659 26660 26661 26662 26663 26664 26665 26666 26667 26668 26669 26670 26671 26672 26673 26674 26675 26676 26677 26678 26679 26680 26681 26682 26683 26684 26685 26686 26687 26688 26689 26690 26691 26692 26693 26694 26695 26696 26697 26698 26699 26700 26701 26702 26703 26704 26705 26706 26707 26708 26709 26710 26711 26712 26713 26714 26715 26716 26717 26718 26719 26720 26721 26722 26723 26724 26725 26726 26727 26728 26729 26730 26731 26732 26733 26734 26735 26736 26737 26738 26739 26740 26741 26742 26743 26744 26745 26746 26747 26748 26749 26750 26751 26752 26753 26754 26755 26756 26757 26758 26759 26760 26761 26762 26763 26764 26765 26766 26767 26768 26769 26770 26771 26772 26773 26774 26775 26776 26777 26778 26779 26780 26781 26782 26783 26784 26785 26786 26787 26788 26789 26790 26791 26792 26793 26794 26795 26796 26797 26798 26799 26800 26801 26802 26803 26804 26805 26806 26807 26808 26809 26810 26811 26812 26813 26814 26815 26816 26817 26818 26819 26820 26821 26822 26823 26824 26825 26826 26827 26828 26829 26830 26831 26832 26833 26834 26835 26836 26837 26838 26839 26840 26841 26842 26843 26844 26845 26846 26847 26848 26849 26850 26851 26852 26853 26854 26855 26856 26857 26858 26859 26860 26861 26862 26863 26864 26865 26866 26867 26868 26869 26870 26871 26872 26873 26874 26875 26876 26877 26878 26879 26880 26881 26882 26883 26884 26885 26886 26887 26888 26889 26890 26891 26892 26893 26894 26895 26896 26897 26898 26899 26900 26901 26902 26903 26904 26905 26906 26907 26908 26909 26910 26911 26912 26913 26914 26915 26916 26917 26918 26919 26920 26921 26922 26923 26924 26925 26926 26927 26928 26929 26930 26931 26932 26933 26934 26935 26936 26937 26938 26939 26940 26941 26942 26943 26944 26945 26946 26947 26948 26949 26950 26951 26952 26953 26954 26955 26956 26957 26958 26959 26960 26961 26962 26963 26964 26965 26966 26967 26968 26969 26970 26971 26972 26973 26974 26975 26976 26977 26978 26979 26980 26981 26982 26983 26984 26985 26986 26987 26988 26989 26990 26991 26992 26993 26994 26995 26996 26997 26998 26999 27000 27001 27002 27003 27004 27005 27006 27007 27008 27009 27010 27011 27012 27013 27014 27015 27016 27017 27018 27019 27020 27021 27022 27023 27024 27025 27026 27027 27028 27029 27030 27031 27032 27033 27034 27035 27036 27037 27038 27039 27040 27041 27042 27043 27044 27045 27046 27047 27048 27049 27050 27051 27052 27053 27054 27055 27056 27057 27058 27059 27060 27061 27062 27063 27064 27065 27066 27067 27068 27069 27070 27071 27072 27073 27074 27075 27076 27077 27078 27079 27080 27081 27082 27083 27084 27085 27086 27087 27088 27089 27090 27091 27092 27093 27094 27095 27096 27097 27098 27099 27100 27101 27102 27103 27104 27105 27106 27107 27108 27109 27110 27111 27112 27113 27114 27115 27116 27117 27118 27119 27120 27121 27122 27123 27124 27125 27126 27127 27128 27129 27130 27131 27132 27133 27134 27135 27136 27137 27138 27139 27140 27141 27142 27143 27144 27145 27146 27147 27148 27149 27150 27151 27152 27153 27154 27155 27156 27157 27158 27159 27160 27161 27162 27163 27164 27165 27166 27167 27168 27169 27170 27171 27172 27173 27174 27175 27176 27177 27178 27179 27180 27181 27182 27183 27184 27185 27186 27187 27188 27189 27190 27191 27192 27193 27194 27195 27196 27197 27198 27199 27200 27201 27202 27203 27204 27205 27206 27207 27208 27209 27210 27211 27212 27213 27214 27215 27216 27217 27218 27219 27220 27221 27222 27223 27224 27225 27226 27227 27228 27229 27230 27231 27232 27233 27234 27235 27236 27237 27238 27239 27240 27241 27242 27243 27244 27245 27246 27247 27248 27249 27250 27251 27252 27253 27254 27255 27256 27257 27258 27259 27260 27261 27262 27263 27264 27265 27266 27267 27268 27269 27270 27271 27272 27273 27274 27275 27276 27277 27278 27279 27280 27281 27282 27283 27284 27285 27286 27287 27288 27289 27290 27291 27292 27293 27294 27295 27296 27297 27298 27299 27300 27301 27302 27303 27304 27305 27306 27307 27308 27309 27310 27311 27312 27313 27314 27315 27316 27317 27318 27319 27320 27321 27322 27323 27324 27325 27326 27327 27328 27329 27330 27331 27332 27333 27334 27335 27336 27337 27338 27339 27340 27341 27342 27343 27344 27345 27346 27347 27348 27349 27350 27351 27352 27353 27354 27355 27356 27357 27358 27359 27360 27361 27362 27363 27364 27365 27366 27367 27368 27369 27370 27371 27372 27373 27374 27375 27376 27377 27378 27379 27380 27381 27382 27383 27384 27385 27386 27387 27388 27389 27390 27391 27392 27393 27394 27395 27396 27397 27398 27399 27400 27401 27402 27403 27404 27405 27406 27407 27408 27409 27410 27411 27412 27413 27414 27415 27416 27417 27418 27419 27420 27421 27422 27423 27424 27425 27426 27427 27428 27429 27430 27431 27432 27433 27434 27435 27436 27437 27438 27439 27440 27441 27442 27443 27444 27445 27446 27447 27448 27449 27450 27451 27452 27453 27454 27455 27456 27457 27458 27459 27460 27461 27462 27463 27464 27465 27466 27467 27468 27469 27470 27471 27472 27473 27474 27475 27476 27477 27478 27479 27480 27481 27482 27483 27484 27485 27486 27487 27488 27489 27490 27491 27492 27493 27494 27495 27496 27497 27498 27499 27500 27501 27502 27503 27504 27505 27506 27507 27508 27509 27510 27511 27512 27513 27514 27515 27516 27517 27518 27519 27520 27521 27522 27523 27524 27525 27526 27527 27528 27529 27530 27531 27532 27533 27534 27535 27536 27537 27538 27539 27540 27541 27542 27543 27544 27545 27546 27547 27548 27549 27550 27551 27552 27553 27554 27555 27556 27557 27558 27559 27560 27561 27562 27563 27564 27565 27566 27567 27568 27569 27570 27571 27572 27573 27574 27575 27576 27577 27578 27579 27580 27581 27582 27583 27584 27585 27586 27587 27588 27589 27590 27591 27592 27593 27594 27595 27596 27597 27598 27599 27600 27601 27602 27603 27604 27605 27606 27607 27608 27609 27610 27611 27612 27613 27614 27615 27616 27617 27618 27619 27620 27621 27622 27623 27624 27625 27626 27627 27628 27629 27630 27631 27632 27633 27634 27635 27636 27637 27638 27639 27640 27641 27642 27643 27644 27645 27646 27647 27648 27649 27650 27651 27652 27653 27654 27655 27656 27657 27658 27659 27660 27661 27662 27663 27664 27665 27666 27667 27668 27669 27670 27671 27672 27673 27674 27675 27676 27677 27678 27679 27680 27681 27682 27683 27684 27685 27686 27687 27688 27689 27690 27691 27692 27693 27694 27695 27696 27697 27698 27699 27700 27701 27702 27703 27704 27705 27706 27707 27708 27709 27710 27711 27712 27713 27714 27715 27716 27717 27718 27719 27720 27721 27722 27723 27724 27725 27726 27727 27728 27729 27730 27731 27732 27733 27734 27735 27736 27737 27738 27739 27740 27741 27742 27743 27744 27745 27746 27747 27748 27749 27750 27751 27752 27753 27754 27755 27756 27757 27758 27759 27760 27761 27762 27763 27764 27765 27766 27767 27768 27769 27770 27771 27772 27773 27774 27775 27776 27777 27778 27779 27780 27781 27782 27783 27784 27785 27786 27787 27788 27789 27790 27791 27792 27793 27794 27795 27796 27797 27798 27799 27800 27801 27802 27803 27804 27805 27806 27807 27808 27809 27810 27811 27812 27813 27814 27815 27816 27817 27818 27819 27820 27821 27822 27823 27824 27825 27826 27827 27828 27829 27830 27831 27832 27833 27834 27835 27836 27837 27838 27839 27840 27841 27842 27843 27844 27845 27846 27847 27848 27849 27850 27851 27852 27853 27854 27855 27856 27857 27858 27859 27860 27861 27862 27863 27864 27865 27866 27867 27868 27869 27870 27871 27872 27873 27874 27875 27876 27877 27878 27879 27880 27881 27882 27883 27884 27885 27886 27887 27888 27889 27890 27891 27892 27893 27894 27895 27896 27897 27898 27899 27900 27901 27902 27903 27904 27905 27906 27907 27908 27909 27910 27911 27912 27913 27914 27915 27916 27917 27918 27919 27920 27921 27922 27923 27924 27925 27926 27927 27928 27929 27930 27931 27932 27933 27934 27935 27936 27937 27938 27939 27940 27941 27942 27943 27944 27945 27946 27947 27948 27949 27950 27951 27952 27953 27954 27955 27956 27957 27958 27959 27960 27961 27962 27963 27964 27965 27966 27967 27968 27969 27970 27971 27972 27973 27974 27975 27976 27977 27978 27979 27980 27981 27982 27983 27984 27985 27986 27987 27988 27989 27990 27991 27992 27993 27994 27995 27996 27997 27998 27999 28000 28001 28002 28003 28004 28005 28006 28007 28008 28009 28010 28011 28012 28013 28014 28015 28016 28017 28018 28019 28020 28021 28022 28023 28024 28025 28026 28027 28028 28029 28030 28031 28032 28033 28034 28035 28036 28037 28038 28039 28040 28041 28042 28043 28044 28045 28046 28047 28048 28049 28050 28051 28052 28053 28054 28055 28056 28057 28058 28059 28060 28061 28062 28063 28064 28065 28066 28067 28068 28069 28070 28071 28072 28073 28074 28075 28076 28077 28078 28079 28080 28081 28082 28083 28084 28085 28086 28087 28088 28089 28090 28091 28092 28093 28094 28095 28096 28097 28098 28099 28100 28101 28102 28103 28104 28105 28106 28107 28108 28109 28110 28111 28112 28113 28114 28115 28116 28117 28118 28119 28120 28121 28122 28123 28124 28125 28126 28127 28128 28129 28130 28131 28132 28133 28134 28135 28136 28137 28138 28139 28140 28141 28142 28143 28144 28145 28146 28147 28148 28149 28150 28151 28152 28153 28154 28155 28156 28157 28158 28159 28160 28161 28162 28163 28164 28165 28166 28167 28168 28169 28170 28171 28172 28173 28174 28175 28176 28177 28178 28179 28180 28181 28182 28183 28184 28185 28186 28187 28188 28189 28190 28191 28192 28193 28194 28195 28196 28197 28198 28199 28200 28201 28202 28203 28204 28205 28206 28207 28208 28209 28210 28211 28212 28213 28214 28215 28216 28217 28218 28219 28220 28221 28222 28223 28224 28225 28226 28227 28228 28229 28230 28231 28232 28233 28234 28235 28236 28237 28238 28239 28240 28241 28242 28243 28244 28245 28246 28247 28248 28249 28250 28251 28252 28253 28254 28255 28256 28257 28258 28259 28260 28261 28262 28263 28264 28265 28266 28267 28268 28269 28270 28271 28272 28273 28274 28275 28276 28277 28278 28279 28280 28281 28282 28283 28284 28285 28286 28287 28288 28289 28290 28291 28292 28293 28294 28295 28296 28297 28298 28299 28300 28301 28302 28303 28304 28305 28306 28307 28308 28309 28310 28311 28312 28313 28314 28315 28316 28317 28318 28319 28320 28321 28322 28323 28324 28325 28326 28327 28328 28329 28330 28331 28332 28333 28334 28335 28336 28337 28338 28339 28340 28341 28342 28343 28344 28345 28346 28347 28348 28349 28350 28351 28352 28353 28354 28355 28356 28357 28358 28359 28360 28361 28362 28363 28364 28365 28366 28367 28368 28369 28370 28371 28372 28373 28374 28375 28376 28377 28378 28379 28380 28381 28382 28383 28384 28385 28386 28387 28388 28389 28390 28391 28392 28393 28394 28395 28396 28397 28398 28399 28400 28401 28402 28403 28404 28405 28406 28407 28408 28409 28410 28411 28412 28413 28414 28415 28416 28417 28418 28419 28420 28421 28422 28423 28424 28425 28426 28427 28428 28429 28430 28431 28432 28433 28434 28435 28436 28437 28438 28439 28440 28441 28442 28443 28444 28445 28446 28447 28448 28449 28450 28451 28452 28453 28454 28455 28456 28457 28458 28459 28460 28461 28462 28463 28464 28465 28466 28467 28468 28469 28470 28471 28472 28473 28474 28475 28476 28477 28478 28479 28480 28481 28482 28483 28484 28485 28486 28487 28488 28489 28490 28491 28492 28493 28494 28495 28496 28497 28498 28499 28500 28501 28502 28503 28504 28505 28506 28507 28508 28509 28510 28511 28512 28513 28514 28515 28516 28517 28518 28519 28520 28521 28522 28523 28524 28525 28526 28527 28528 28529 28530 28531 28532 28533 28534 28535 28536 28537 28538 28539 28540 28541 28542 28543 28544 28545 28546 28547 28548 28549 28550 28551 28552 28553 28554 28555 28556 28557 28558 28559 28560 28561 28562 28563 28564 28565 28566 28567 28568 28569 28570 28571 28572 28573 28574 28575 28576 28577 28578 28579 28580 28581 28582 28583 28584 28585 28586 28587 28588 28589 28590 28591 28592 28593 28594 28595 28596 28597 28598 28599 28600 28601 28602 28603 28604 28605 28606 28607 28608 28609 28610 28611 28612 28613 28614 28615 28616 28617 28618 28619 28620 28621 28622 28623 28624 28625 28626 28627 28628 28629 28630 28631 28632 28633 28634 28635 28636 28637 28638 28639 28640 28641 28642 28643 28644 28645 28646 28647 28648 28649 28650 28651 28652 28653 28654 28655 28656 28657 28658 28659 28660 28661 28662 28663 28664 28665 28666 28667 28668 28669 28670 28671 28672 28673 28674 28675 28676 28677 28678 28679 28680 28681 28682 28683 28684 28685 28686 28687 28688 28689 28690 28691 28692 28693 28694 28695 28696 28697 28698 28699 28700 28701 28702 28703 28704 28705 28706 28707 28708 28709 28710 28711 28712 28713 28714 28715 28716 28717 28718 28719 28720 28721 28722 28723 28724 28725 28726 28727 28728 28729 28730 28731 28732 28733 28734 28735 28736 28737 28738 28739 28740 28741 28742 28743 28744 28745 28746 28747 28748 28749 28750 28751 28752 28753 28754 28755 28756 28757 28758 28759 28760 28761 28762 28763 28764 28765 28766 28767 28768 28769 28770 28771 28772 28773 28774 28775 28776 28777 28778 28779 28780 28781 28782 28783 28784 28785 28786 28787 28788 28789 28790 28791 28792 28793 28794 28795 28796 28797 28798 28799 28800 28801 28802 28803 28804 28805 28806 28807 28808 28809 28810 28811 28812 28813 28814 28815 28816 28817 28818 28819 28820 28821 28822 28823 28824 28825 28826 28827 28828 28829 28830 28831 28832 28833 28834 28835 28836 28837 28838 28839 28840 28841 28842 28843 28844 28845 28846 28847 28848 28849 28850 28851 28852 28853 28854 28855 28856 28857 28858 28859 28860 28861 28862 28863 28864 28865 28866 28867 28868 28869 28870 28871 28872 28873 28874 28875 28876 28877 28878 28879 28880 28881 28882 28883 28884 28885 28886 28887 28888 28889 28890 28891 28892 28893 28894 28895 28896 28897 28898 28899 28900 28901 28902 28903 28904 28905 28906 28907 28908 28909 28910 28911 28912 28913 28914 28915 28916 28917 28918 28919 28920 28921 28922 28923 28924 28925 28926 28927 28928 28929 28930 28931 28932 28933 28934 28935 28936 28937 28938 28939 28940 28941 28942 28943 28944 28945 28946 28947 28948 28949 28950 28951 28952 28953 28954 28955 28956 28957 28958 28959 28960 28961 28962 28963 28964 28965 28966 28967 28968 28969 28970 28971 28972 28973 28974 28975 28976 28977 28978 28979 28980 28981 28982 28983 28984 28985 28986 28987 28988 28989 28990 28991 28992 28993 28994 28995 28996 28997 28998 28999 29000 29001 29002 29003 29004 29005 29006 29007 29008 29009 29010 29011 29012 29013 29014 29015 29016 29017 29018 29019 29020 29021 29022 29023 29024 29025 29026 29027 29028 29029 29030 29031 29032 29033 29034 29035 29036 29037 29038 29039 29040 29041 29042 29043 29044 29045 29046 29047 29048 29049 29050 29051 29052 29053 29054 29055 29056 29057 29058 29059 29060 29061 29062 29063 29064 29065 29066 29067 29068 29069 29070 29071 29072 29073 29074 29075 29076 29077 29078 29079 29080 29081 29082 29083 29084 29085 29086 29087 29088 29089 29090 29091 29092 29093 29094 29095 29096 29097 29098 29099 29100 29101 29102 29103 29104 29105 29106 29107 29108 29109 29110 29111 29112 29113 29114 29115 29116 29117 29118 29119 29120 29121 29122 29123 29124 29125 29126 29127 29128 29129 29130 29131 29132 29133 29134 29135 29136 29137 29138 29139 29140 29141 29142 29143 29144 29145 29146 29147 29148 29149 29150 29151 29152 29153 29154 29155 29156 29157 29158 29159 29160 29161 29162 29163 29164 29165 29166 29167 29168 29169 29170 29171 29172 29173 29174 29175 29176 29177 29178 29179 29180 29181 29182 29183 29184 29185 29186 29187 29188 29189 29190 29191 29192 29193 29194 29195 29196 29197 29198 29199 29200 29201 29202 29203 29204 29205 29206 29207 29208 29209 29210 29211 29212 29213 29214 29215 29216 29217 29218 29219 29220 29221 29222 29223 29224 29225 29226 29227 29228 29229 29230 29231 29232 29233 29234 29235 29236 29237 29238 29239 29240 29241 29242 29243 29244 29245 29246 29247 29248 29249 29250 29251 29252 29253 29254 29255 29256 29257 29258 29259 29260 29261 29262 29263 29264 29265 29266 29267 29268 29269 29270 29271 29272 29273 29274 29275 29276 29277 29278 29279 29280 29281 29282 29283 29284 29285 29286 29287 29288 29289 29290 29291 29292 29293 29294 29295 29296 29297 29298 29299 29300 29301 29302 29303 29304 29305 29306 29307 29308 29309 29310 29311 29312 29313 29314 29315 29316 29317 29318 29319 29320 29321 29322 29323 29324 29325 29326 29327 29328 29329 29330 29331 29332 29333 29334 29335 29336 29337 29338 29339 29340 29341 29342 29343 29344 29345 29346 29347 29348 29349 29350 29351 29352 29353 29354 29355 29356 29357 29358 29359 29360 29361 29362 29363 29364 29365 29366 29367 29368 29369 29370 29371 29372 29373 29374 29375 29376 29377 29378 29379 29380 29381 29382 29383 29384 29385 29386 29387 29388 29389 29390 29391 29392 29393 29394 29395 29396 29397 29398 29399 29400 29401 29402 29403 29404 29405 29406 29407 29408 29409 29410 29411 29412 29413 29414 29415 29416 29417 29418 29419 29420 29421 29422 29423 29424 29425 29426 29427 29428 29429 29430 29431 29432 29433 29434 29435 29436 29437 29438 29439 29440 29441 29442 29443 29444 29445 29446 29447 29448 29449 29450 29451 29452 29453 29454 29455 29456 29457 29458 29459 29460 29461 29462 29463 29464 29465 29466 29467 29468 29469 29470 29471 29472 29473 29474 29475 29476 29477 29478 29479 29480 29481 29482 29483 29484 29485 29486 29487 29488 29489 29490 29491 29492 29493 29494 29495 29496 29497 29498 29499 29500 29501 29502 29503 29504 29505 29506 29507 29508 29509 29510 29511 29512 29513 29514 29515 29516 29517 29518 29519 29520 29521 29522 29523 29524 29525 29526 29527 29528 29529 29530 29531 29532 29533 29534 29535 29536 29537 29538 29539 29540 29541 29542 29543 29544 29545 29546 29547 29548 29549 29550 29551 29552 29553 29554 29555 29556 29557 29558 29559 29560 29561 29562 29563 29564 29565 29566 29567 29568 29569 29570 29571 29572 29573 29574 29575 29576 29577 29578 29579 29580 29581 29582 29583 29584 29585 29586 29587 29588 29589 29590 29591 29592 29593 29594 29595 29596 29597 29598 29599 29600 29601 29602 29603 29604 29605 29606 29607 29608 29609 29610 29611 29612 29613 29614 29615 29616 29617 29618 29619 29620 29621 29622 29623 29624 29625 29626 29627 29628 29629 29630 29631 29632 29633 29634 29635 29636 29637 29638 29639 29640 29641 29642 29643 29644 29645 29646 29647 29648 29649 29650 29651 29652 29653 29654 29655 29656 29657 29658 29659 29660 29661 29662 29663 29664 29665 29666 29667 29668 29669 29670 29671 29672 29673 29674 29675 29676 29677 29678 29679 29680 29681 29682 29683 29684 29685 29686 29687 29688 29689 29690 29691 29692 29693 29694 29695 29696 29697 29698 29699 29700 29701 29702 29703 29704 29705 29706 29707 29708 29709 29710 29711 29712 29713 29714 29715 29716 29717 29718 29719 29720 29721 29722 29723 29724 29725 29726 29727 29728 29729 29730 29731 29732 29733 29734 29735 29736 29737 29738 29739 29740 29741 29742 29743 29744 29745 29746 29747 29748 29749 29750 29751 29752 29753 29754 29755 29756 29757 29758 29759 29760 29761 29762 29763 29764 29765 29766 29767 29768 29769 29770 29771 29772 29773 29774 29775 29776 29777 29778 29779 29780 29781 29782 29783 29784 29785 29786 29787 29788 29789 29790 29791 29792 29793 29794 29795 29796 29797 29798 29799 29800 29801 29802 29803 29804 29805 29806 29807 29808 29809 29810 29811 29812 29813 29814 29815 29816 29817 29818 29819 29820 29821 29822 29823 29824 29825 29826 29827 29828 29829 29830 29831 29832 29833 29834 29835 29836 29837 29838 29839 29840 29841 29842 29843 29844 29845 29846 29847 29848 29849 29850 29851 29852 29853 29854 29855 29856 29857 29858 29859 29860 29861 29862 29863 29864 29865 29866 29867 29868 29869 29870 29871 29872 29873 29874 29875 29876 29877 29878 29879 29880 29881 29882 29883 29884 29885 29886 29887 29888 29889 29890 29891 29892 29893 29894 29895 29896 29897 29898 29899 29900 29901 29902 29903 29904 29905 29906 29907 29908 29909 29910 29911 29912 29913 29914 29915 29916 29917 29918 29919 29920 29921 29922 29923 29924 29925 29926 29927 29928 29929 29930 29931 29932 29933 29934 29935 29936 29937 29938 29939 29940 29941 29942 29943 29944 29945 29946 29947 29948 29949 29950 29951 29952 29953 29954 29955 29956 29957 29958 29959 29960 29961 29962 29963 29964 29965 29966 29967 29968 29969 29970 29971 29972 29973 29974 29975 29976 29977 29978 29979 29980 29981 29982 29983 29984 29985 29986 29987 29988 29989 29990 29991 29992 29993 29994 29995 29996 29997 29998 29999 30000 30001 30002 30003 30004 30005 30006 30007 30008 30009 30010 30011 30012 30013 30014 30015 30016 30017 30018 30019 30020 30021 30022 30023 30024 30025 30026 30027 30028 30029 30030 30031 30032 30033 30034 30035 30036 30037 30038 30039 30040 30041 30042 30043 30044 30045 30046 30047 30048 30049 30050 30051 30052 30053 30054 30055 30056 30057 30058 30059 30060 30061 30062 30063 30064 30065 30066 30067 30068 30069 30070 30071 30072 30073 30074 30075 30076 30077 30078 30079 30080 30081 30082 30083 30084 30085 30086 30087 30088 30089 30090 30091 30092 30093 30094 30095 30096 30097 30098 30099 30100 30101 30102 30103 30104 30105 30106 30107 30108 30109 30110 30111 30112 30113 30114 30115 30116 30117 30118 30119 30120 30121 30122 30123 30124 30125 30126 30127 30128 30129 30130 30131 30132 30133 30134 30135 30136 30137 30138 30139 30140 30141 30142 30143 30144 30145 30146 30147 30148 30149 30150 30151 30152 30153 30154 30155 30156 30157 30158 30159 30160 30161 30162 30163 30164 30165 30166 30167 30168 30169 30170 30171 30172 30173 30174 30175 30176 30177 30178 30179 30180 30181 30182 30183 30184 30185 30186 30187 30188 30189 30190 30191 30192 30193 30194 30195 30196 30197 30198 30199 30200 30201 30202 30203 30204 30205 30206 30207 30208 30209 30210 30211 30212 30213 30214 30215 30216 30217 30218 30219 30220 30221 30222 30223 30224 30225 30226 30227 30228 30229 30230 30231 30232 30233 30234 30235 30236 30237 30238 30239 30240 30241 30242 30243 30244 30245 30246 30247 30248 30249 30250 30251 30252 30253 30254 30255 30256 30257 30258 30259 30260 30261 30262 30263 30264 30265 30266 30267 30268 30269 30270 30271 30272 30273 30274 30275 30276 30277 30278 30279 30280 30281 30282 30283 30284 30285 30286 30287 30288 30289 30290 30291 30292 30293 30294 30295 30296 30297 30298 30299 30300 30301 30302 30303 30304 30305 30306 30307 30308 30309 30310 30311 30312 30313 30314 30315 30316 30317 30318 30319 30320 30321 30322 30323 30324 30325 30326 30327 30328 30329 30330 30331 30332 30333 30334 30335 30336 30337 30338 30339 30340 30341 30342 30343 30344 30345 30346 30347 30348 30349 30350 30351 30352 30353 30354 30355 30356 30357 30358 30359 30360 30361 30362 30363 30364 30365 30366 30367 30368 30369 30370 30371 30372 30373 30374 30375 30376 30377 30378 30379 30380 30381 30382 30383 30384 30385 30386 30387 30388 30389 30390 30391 30392 30393 30394 30395 30396 30397 30398 30399 30400 30401 30402 30403 30404 30405 30406 30407 30408 30409 30410 30411 30412 30413 30414 30415 30416 30417 30418 30419 30420 30421 30422 30423 30424 30425 30426 30427 30428 30429 30430 30431 30432 30433 30434 30435 30436 30437 30438 30439 30440 30441 30442 30443 30444 30445 30446 30447 30448 30449 30450 30451 30452 30453 30454 30455 30456 30457 30458 30459 30460 30461 30462 30463 30464 30465 30466 30467 30468 30469 30470 30471 30472 30473 30474 30475 30476 30477 30478 30479 30480 30481 30482 30483 30484 30485 30486 30487 30488 30489 30490 30491 30492 30493 30494 30495 30496 30497 30498 30499 30500 30501 30502 30503 30504 30505 30506 30507 30508 30509 30510 30511 30512 30513 30514 30515 30516 30517 30518 30519 30520 30521 30522 30523 30524 30525 30526 30527 30528 30529 30530 30531 30532 30533 30534 30535 30536 30537 30538 30539 30540 30541 30542 30543 30544 30545 30546 30547 30548 30549 30550 30551 30552 30553 30554 30555 30556 30557 30558 30559 30560 30561 30562 30563 30564 30565 30566 30567 30568 30569 30570 30571 30572 30573 30574 30575 30576 30577 30578 30579 30580 30581 30582 30583 30584 30585 30586 30587 30588 30589 30590 30591 30592 30593 30594 30595 30596 30597 30598 30599 30600 30601 30602 30603 30604 30605 30606 30607 30608 30609 30610 30611 30612 30613 30614 30615 30616 30617 30618 30619 30620 30621 30622 30623 30624 30625 30626 30627 30628 30629 30630 30631 30632 30633 30634 30635 30636 30637 30638 30639 30640 30641 30642 30643 30644 30645 30646 30647 30648 30649 30650 30651 30652 30653 30654 30655 30656 30657 30658 30659 30660 30661 30662 30663 30664 30665 30666 30667 30668 30669 30670 30671 30672 30673 30674 30675 30676 30677 30678 30679 30680 30681 30682 30683 30684 30685 30686 30687 30688 30689 30690 30691 30692 30693 30694 30695 30696 30697 30698 30699 30700 30701 30702 30703 30704 30705 30706 30707 30708 30709 30710 30711 30712 30713 30714 30715 30716 30717 30718 30719 30720 30721 30722 30723 30724 30725 30726 30727 30728 30729 30730 30731 30732 30733 30734 30735 30736 30737 30738 30739 30740 30741 30742 30743 30744 30745 30746 30747 30748 30749 30750 30751 30752 30753 30754 30755 30756 30757 30758 30759 30760 30761 30762 30763 30764 30765 30766 30767 30768 30769 30770 30771 30772 30773 30774 30775 30776 30777 30778 30779 30780 30781 30782 30783 30784 30785 30786 30787 30788 30789 30790 30791 30792 30793 30794 30795 30796 30797 30798 30799 30800 30801 30802 30803 30804 30805 30806 30807 30808 30809 30810 30811 30812 30813 30814 30815 30816 30817 30818 30819 30820 30821 30822 30823 30824 30825 30826 30827 30828 30829 30830 30831 30832 30833 30834 30835 30836 30837 30838 30839 30840 30841 30842 30843 30844 30845 30846 30847 30848 30849 30850 30851 30852 30853 30854 30855 30856 30857 30858 30859 30860 30861 30862 30863 30864 30865 30866 30867 30868 30869 30870 30871 30872 30873 30874 30875 30876 30877 30878 30879 30880 30881 30882 30883 30884 30885 30886 30887 30888 30889 30890 30891 30892 30893 30894 30895 30896 30897 30898 30899 30900 30901 30902 30903 30904 30905 30906 30907 30908 30909 30910 30911 30912 30913 30914 30915 30916 30917 30918 30919 30920 30921 30922 30923 30924 30925 30926 30927 30928 30929 30930 30931 30932 30933 30934 30935 30936 30937 30938 30939 30940 30941 30942 30943 30944 30945 30946 30947 30948 30949 30950 30951 30952 30953 30954 30955 30956 30957 30958 30959 30960 30961 30962 30963 30964 30965 30966 30967 30968 30969 30970 30971 30972 30973 30974 30975 30976 30977 30978 30979 30980 30981 30982 30983 30984 30985 30986 30987 30988 30989 30990 30991 30992 30993 30994 30995 30996 30997 30998 30999 31000 31001 31002 31003 31004 31005 31006 31007 31008 31009 31010 31011 31012 31013 31014 31015 31016 31017 31018 31019 31020 31021 31022 31023 31024 31025 31026 31027 31028 31029 31030 31031 31032 31033 31034 31035 31036 31037 31038 31039 31040 31041 31042 31043 31044 31045 31046 31047 31048 31049 31050 31051 31052 31053 31054 31055 31056 31057 31058 31059 31060 31061 31062 31063 31064 31065 31066 31067 31068 31069 31070 31071 31072 31073 31074 31075 31076 31077 31078 31079 31080 31081 31082 31083 31084 31085 31086 31087 31088 31089 31090 31091 31092 31093 31094 31095 31096 31097 31098 31099 31100 31101 31102 31103 31104 31105 31106 31107 31108 31109 31110 31111 31112 31113 31114 31115 31116 31117 31118 31119 31120 31121 31122 31123 31124 31125 31126 31127 31128 31129 31130 31131 31132 31133 31134 31135 31136 31137 31138 31139 31140 31141 31142 31143 31144 31145 31146 31147 31148 31149 31150 31151 31152 31153 31154 31155 31156 31157 31158 31159 31160 31161 31162 31163 31164 31165 31166 31167 31168 31169 31170 31171 31172 31173 31174 31175 31176 31177 31178 31179 31180 31181 31182 31183 31184 31185 31186 31187 31188 31189 31190 31191 31192 31193 31194 31195 31196 31197 31198 31199 31200 31201 31202 31203 31204 31205 31206 31207 31208 31209 31210 31211 31212 31213 31214 31215 31216 31217 31218 31219 31220 31221 31222 31223 31224 31225 31226 31227 31228 31229 31230 31231 31232 31233 31234 31235 31236 31237 31238 31239 31240 31241 31242 31243 31244 31245 31246 31247 31248 31249 31250 31251 31252 31253 31254 31255 31256 31257 31258 31259 31260 31261 31262 31263 31264 31265 31266 31267 31268 31269 31270 31271 31272 31273 31274 31275 31276 31277 31278 31279 31280 31281 31282 31283 31284 31285 31286 31287 31288 31289 31290 31291 31292 31293 31294 31295 31296 31297 31298 31299 31300 31301 31302 31303 31304 31305 31306 31307 31308 31309 31310 31311 31312 31313 31314 31315 31316 31317 31318 31319 31320 31321 31322 31323 31324 31325 31326 31327 31328 31329 31330 31331 31332 31333 31334 31335 31336 31337 31338 31339 31340 31341 31342 31343 31344 31345 31346 31347 31348 31349 31350 31351 31352 31353 31354 31355 31356 31357 31358 31359 31360 31361 31362 31363 31364 31365 31366 31367 31368 31369 31370 31371 31372 31373 31374 31375 31376 31377 31378 31379 31380 31381 31382 31383 31384 31385 31386 31387 31388 31389 31390 31391 31392 31393 31394 31395 31396 31397 31398 31399 31400 31401 31402 31403 31404 31405 31406 31407 31408 31409 31410 31411 31412 31413 31414 31415 31416 31417 31418 31419 31420 31421 31422 31423 31424 31425 31426 31427 31428 31429 31430 31431 31432 31433 31434 31435 31436 31437 31438 31439 31440 31441 31442 31443 31444 31445 31446 31447 31448 31449 31450 31451 31452 31453 31454 31455 31456 31457 31458 31459 31460 31461 31462 31463 31464 31465 31466 31467 31468 31469 31470 31471 31472 31473 31474 31475 31476 31477 31478 31479 31480 31481 31482 31483 31484 31485 31486 31487 31488 31489 31490 31491 31492 31493 31494 31495 31496 31497 31498 31499 31500 31501 31502 31503 31504 31505 31506 31507 31508 31509 31510 31511 31512 31513 31514 31515 31516 31517 31518 31519 31520 31521 31522 31523 31524 31525 31526 31527 31528 31529 31530 31531 31532 31533 31534 31535 31536 31537 31538 31539 31540 31541 31542 31543 31544 31545 31546 31547 31548 31549 31550 31551 31552 31553 31554 31555 31556 31557 31558 31559 31560 31561 31562 31563 31564 31565 31566 31567 31568 31569 31570 31571 31572 31573 31574 31575 31576 31577 31578 31579 31580 31581 31582 31583 31584 31585 31586 31587 31588 31589 31590 31591 31592 31593 31594 31595 31596 31597 31598 31599 31600 31601 31602 31603 31604 31605 31606 31607 31608 31609 31610 31611 31612 31613 31614 31615 31616 31617 31618 31619 31620 31621 31622 31623 31624 31625 31626 31627 31628 31629 31630 31631 31632 31633 31634 31635 31636 31637 31638 31639 31640 31641 31642 31643 31644 31645 31646 31647 31648 31649 31650 31651 31652 31653 31654 31655 31656 31657 31658 31659 31660 31661 31662 31663 31664 31665 31666 31667 31668 31669 31670 31671 31672 31673 31674 31675 31676 31677 31678 31679 31680 31681 31682 31683 31684 31685 31686 31687 31688 31689 31690 31691 31692 31693 31694 31695 31696 31697 31698 31699 31700 31701 31702 31703 31704 31705 31706 31707 31708 31709 31710 31711 31712 31713 31714 31715 31716 31717 31718 31719 31720 31721 31722 31723 31724 31725 31726 31727 31728 31729 31730 31731 31732 31733 31734 31735 31736 31737 31738 31739 31740 31741 31742 31743 31744 31745 31746 31747 31748 31749 31750 31751 31752 31753 31754 31755 31756 31757 31758 31759 31760 31761 31762 31763 31764 31765 31766 31767 31768 31769 31770 31771 31772 31773 31774 31775 31776 31777 31778 31779 31780 31781 31782 31783 31784 31785 31786 31787 31788 31789 31790 31791 31792 31793 31794 31795 31796 31797 31798 31799 31800 31801 31802 31803 31804 31805 31806 31807 31808 31809 31810 31811 31812 31813 31814 31815 31816 31817 31818 31819 31820 31821 31822 31823 31824 31825 31826 31827 31828 31829 31830 31831 31832 31833 31834 31835 31836 31837 31838 31839 31840 31841 31842 31843 31844 31845 31846 31847 31848 31849 31850 31851 31852 31853 31854 31855 31856 31857 31858 31859 31860 31861 31862 31863 31864 31865 31866 31867 31868 31869 31870 31871 31872 31873 31874 31875 31876 31877 31878 31879 31880 31881 31882 31883 31884 31885 31886 31887 31888 31889 31890 31891 31892 31893 31894 31895 31896 31897 31898 31899 31900 31901 31902 31903 31904 31905 31906 31907 31908 31909 31910 31911 31912 31913 31914 31915 31916 31917 31918 31919 31920 31921 31922 31923 31924 31925 31926 31927 31928 31929 31930 31931 31932 31933 31934 31935 31936 31937 31938 31939 31940 31941 31942 31943 31944 31945 31946 31947 31948 31949 31950 31951 31952 31953 31954 31955 31956 31957 31958 31959 31960 31961 31962 31963 31964 31965 31966 31967 31968 31969 31970 31971 31972 31973 31974 31975 31976 31977 31978 31979 31980 31981 31982 31983 31984 31985 31986 31987 31988 31989 31990 31991 31992 31993 31994 31995 31996 31997 31998 31999 32000 32001 32002 32003 32004 32005 32006 32007 32008 32009 32010 32011 32012 32013 32014 32015 32016 32017 32018 32019 32020 32021 32022 32023 32024 32025 32026 32027 32028 32029 32030 32031 32032 32033 32034 32035 32036 32037 32038 32039 32040 32041 32042 32043 32044 32045 32046 32047 32048 32049 32050 32051 32052 32053 32054 32055 32056 32057 32058 32059 32060 32061 32062 32063 32064 32065 32066 32067 32068 32069 32070 32071 32072 32073 32074 32075 32076 32077 32078 32079 32080 32081 32082 32083 32084 32085 32086 32087 32088 32089 32090 32091 32092 32093 32094 32095 32096 32097 32098 32099 32100 32101 32102 32103 32104 32105 32106 32107 32108 32109 32110 32111 32112 32113 32114 32115 32116 32117 32118 32119 32120 32121 32122 32123 32124 32125 32126 32127 32128 32129 32130 32131 32132 32133 32134 32135 32136 32137 32138 32139 32140 32141 32142 32143 32144 32145 32146 32147 32148 32149 32150 32151 32152 32153 32154 32155 32156 32157 32158 32159 32160 32161 32162 32163 32164 32165 32166 32167 32168 32169 32170 32171 32172 32173 32174 32175 32176 32177 32178 32179 32180 32181 32182 32183 32184 32185 32186 32187 32188 32189 32190 32191 32192 32193 32194 32195 32196 32197 32198 32199 32200 32201 32202 32203 32204 32205 32206 32207 32208 32209 32210 32211 32212 32213 32214 32215 32216 32217 32218 32219 32220 32221 32222 32223 32224 32225 32226 32227 32228 32229 32230 32231 32232 32233 32234 32235 32236 32237 32238 32239 32240 32241 32242 32243 32244 32245 32246 32247 32248 32249 32250 32251 32252 32253 32254 32255 32256 32257 32258 32259 32260 32261 32262 32263 32264 32265 32266 32267 32268 32269 32270 32271 32272 32273 32274 32275 32276 32277 32278 32279 32280 32281 32282 32283 32284 32285 32286 32287 32288 32289 32290 32291 32292 32293 32294 32295 32296 32297 32298 32299 32300 32301 32302 32303 32304 32305 32306 32307 32308 32309 32310 32311 32312 32313 32314 32315 32316 32317 32318 32319 32320 32321 32322 32323 32324 32325 32326 32327 32328 32329 32330 32331 32332 32333 32334 32335 32336 32337 32338 32339 32340 32341 32342 32343 32344 32345 32346 32347 32348 32349 32350 32351 32352 32353 32354 32355 32356 32357 32358 32359 32360 32361 32362 32363 32364 32365 32366 32367 32368 32369 32370 32371 32372 32373 32374 32375 32376 32377 32378 32379 32380 32381 32382 32383 32384 32385 32386 32387 32388 32389 32390 32391 32392 32393 32394 32395 32396 32397 32398 32399 32400 32401 32402 32403 32404 32405 32406 32407 32408 32409 32410 32411 32412 32413 32414 32415 32416 32417 32418 32419 32420 32421 32422 32423 32424 32425 32426 32427 32428 32429 32430 32431 32432 32433 32434 32435 32436 32437 32438 32439 32440 32441 32442 32443 32444 32445 32446 32447 32448 32449 32450 32451 32452 32453 32454 32455 32456 32457 32458 32459 32460 32461 32462 32463 32464 32465 32466 32467 32468 32469 32470 32471 32472 32473 32474 32475 32476 32477 32478 32479 32480 32481 32482 32483 32484 32485 32486 32487 32488 32489 32490 32491 32492 32493 32494 32495 32496 32497 32498 32499 32500 32501 32502 32503 32504 32505 32506 32507 32508 32509 32510 32511 32512 32513 32514 32515 32516 32517 32518 32519 32520 32521 32522 32523 32524 32525 32526 32527 32528 32529 32530 32531 32532 32533 32534 32535 32536 32537 32538 32539 32540 32541 32542 32543 32544 32545 32546 32547 32548 32549 32550 32551 32552 32553 32554 32555 32556 32557 32558 32559 32560 32561 32562 32563 32564 32565 32566 32567 32568 32569 32570 32571 32572 32573 32574 32575 32576 32577 32578 32579 32580 32581 32582 32583 32584 32585 32586 32587 32588 32589 32590 32591 32592 32593 32594 32595 32596 32597 32598 32599 32600 32601 32602 32603 32604 32605 32606 32607 32608 32609 32610 32611 32612 32613 32614 32615 32616 32617 32618 32619 32620 32621 32622 32623 32624 32625 32626 32627 32628 32629 32630 32631 32632 32633 32634 32635 32636 32637 32638 32639 32640 32641 32642 32643 32644 32645 32646 32647 32648 32649 32650 32651 32652 32653 32654 32655 32656 32657 32658 32659 32660 32661 32662 32663 32664 32665 32666 32667 32668 32669 32670 32671 32672 32673 32674 32675 32676 32677 32678 32679 32680 32681 32682 32683 32684 32685 32686 32687 32688 32689 32690 32691 32692 32693 32694 32695 32696 32697 32698 32699 32700 32701 32702 32703 32704 32705 32706 32707 32708 32709 32710 32711 32712 32713 32714 32715 32716 32717 32718 32719 32720 32721 32722 32723 32724 32725 32726 32727 32728 32729 32730 32731 32732 32733 32734 32735 32736 32737 32738 32739 32740 32741 32742 32743 32744 32745 32746 32747 32748 32749 32750 32751 32752 32753 32754 32755 32756 32757 32758 32759 32760 32761 32762 32763 32764 32765 32766 32767 32768 32769 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 32780 32781 32782 32783 32784 32785 32786 32787 32788 32789 32790 32791 32792 32793 32794 32795 32796 32797 32798 32799 32800 32801 32802 32803 32804 32805 32806 32807 32808 32809 32810 32811 32812 32813 32814 32815 32816 32817 32818 32819 32820 32821 32822 32823 32824 32825 32826 32827 32828 32829 32830 32831 32832 32833 32834 32835 32836 32837 32838 32839 32840 32841 32842 32843 32844 32845 32846 32847 32848 32849 32850 32851 32852 32853 32854 32855 32856 32857 32858 32859 32860 32861 32862 32863 32864 32865 32866 32867 32868 32869 32870 32871 32872 32873 32874 32875 32876 32877 32878 32879 32880 32881 32882 32883 32884 32885 32886 32887 32888 32889 32890 32891 32892 32893 32894 32895 32896 32897 32898 32899 32900 32901 32902 32903 32904 32905 32906 32907 32908 32909 32910 32911 32912 32913 32914 32915 32916 32917 32918 32919 32920 32921 32922 32923 32924 32925 32926 32927 32928 32929 32930 32931 32932 32933 32934 32935 32936 32937 32938 32939 32940 32941 32942 32943 32944 32945 32946 32947 32948 32949 32950 32951 32952 32953 32954 32955 32956 32957 32958 32959 32960 32961 32962 32963 32964 32965 32966 32967 32968 32969 32970 32971 32972 32973 32974 32975 32976 32977 32978 32979 32980 32981 32982 32983 32984 32985 32986 32987 32988 32989 32990 32991 32992 32993 32994 32995 32996 32997 32998 32999 33000 33001 33002 33003 33004 33005 33006 33007 33008 33009 33010 33011 33012 33013 33014 33015 33016 33017 33018 33019 33020 33021 33022 33023 33024 33025 33026 33027 33028 33029 33030 33031 33032 33033 33034 33035 33036 33037 33038 33039 33040 33041 33042 33043 33044 33045 33046 33047 33048 33049 33050 33051 33052 33053 33054 33055 33056 33057 33058 33059 33060 33061 33062 33063 33064 33065 33066 33067 33068 33069 33070 33071 33072 33073 33074 33075 33076 33077 33078 33079 33080 33081 33082 33083 33084 33085 33086 33087 33088 33089 33090 33091 33092 33093 33094 33095 33096 33097 33098 33099 33100 33101 33102 33103 33104 33105 33106 33107 33108 33109 33110 33111 33112 33113 33114 33115 33116 33117 33118 33119 33120 33121 33122 33123 33124 33125 33126 33127 33128 33129 33130 33131 33132 33133 33134 33135 33136 33137 33138 33139 33140 33141 33142 33143 33144 33145 33146 33147 33148 33149 33150 33151 33152 33153 33154 33155 33156 33157 33158 33159 33160 33161 33162 33163 33164 33165 33166 33167 33168 33169 33170 33171 33172 33173 33174 33175 33176 33177 33178 33179 33180 33181 33182 33183 33184 33185 33186 33187 33188 33189 33190 33191 33192 33193 33194 33195 33196 33197 33198 33199 33200 33201 33202 33203 33204 33205 33206 33207 33208 33209 33210 33211 33212 33213 33214 33215 33216 33217 33218 33219 33220 33221 33222 33223 33224 33225 33226 33227 33228 33229 33230 33231 33232 33233 33234 33235 33236 33237 33238 33239 33240 33241 33242 33243 33244 33245 33246 33247 33248 33249 33250 33251 33252 33253 33254 33255 33256 33257 33258 33259 33260 33261 33262 33263 33264 33265 33266 33267 33268 33269 33270 33271 33272 33273 33274 33275 33276 33277 33278 33279 33280 33281 33282 33283 33284 33285 33286 33287 33288 33289 33290 33291 33292 33293 33294 33295 33296 33297 33298 33299 33300 33301 33302 33303 33304 33305 33306 33307 33308 33309 33310 33311 33312 33313 33314 33315 33316 33317 33318 33319 33320 33321 33322 33323 33324 33325 33326 33327 33328 33329 33330 33331 33332 33333 33334 33335 33336 33337 33338 33339 33340 33341 33342 33343 33344 33345 33346 33347 33348 33349 33350 33351 33352 33353 33354 33355 33356 33357 33358 33359 33360 33361 33362 33363 33364 33365 33366 33367 33368 33369 33370 33371 33372 33373 33374 33375 33376 33377 33378 33379 33380 33381 33382 33383 33384 33385 33386 33387 33388 33389 33390 33391 33392 33393 33394 33395 33396 33397 33398 33399 33400 33401 33402 33403 33404 33405 33406 33407 33408 33409 33410 33411 33412 33413 33414 33415 33416 33417 33418 33419 33420 33421 33422 33423 33424 33425 33426 33427 33428 33429 33430 33431 33432 33433 33434
|
diff --minimal -Nru a/Documentation/DocBook/Makefile b/Documentation/DocBook/Makefile
--- a/Documentation/DocBook/Makefile Tue Feb 12 18:59:50 2002
+++ b/Documentation/DocBook/Makefile Tue Feb 12 18:59:50 2002
@@ -2,7 +2,7 @@
kernel-api.sgml parportbook.sgml kernel-hacking.sgml \
kernel-locking.sgml via-audio.sgml mousedrivers.sgml sis900.sgml \
deviceiobook.sgml procfs-guide.sgml tulip-user.sgml \
- writing_usb_driver.sgml
+ writing_usb_driver.sgml lsm.sgml
PS := $(patsubst %.sgml, %.ps, $(BOOKS))
PDF := $(patsubst %.sgml, %.pdf, $(BOOKS))
@@ -42,6 +42,9 @@
$(TOPDIR)/scripts/docproc:
$(MAKE) -C $(TOPDIR)/scripts docproc
+lsm.sgml: lsm.tmpl
+ $(TOPDIR)/scripts/docgen <$< >$@
+
mousedrivers.sgml: mousedrivers.tmpl
$(TOPDIR)/scripts/docgen <$< >$@
@@ -125,6 +128,7 @@
$(TOPDIR)/kernel/printk.c \
$(TOPDIR)/kernel/sched.c \
$(TOPDIR)/kernel/sysctl.c \
+ $(TOPDIR)/security/security.c \
$(TOPDIR)/lib/string.c \
$(TOPDIR)/lib/vsprintf.c \
$(TOPDIR)/net/netsyms.c
diff --minimal -Nru a/Documentation/DocBook/deviceiobook.tmpl b/Documentation/DocBook/deviceiobook.tmpl
--- a/Documentation/DocBook/deviceiobook.tmpl Tue Feb 12 18:59:50 2002
+++ b/Documentation/DocBook/deviceiobook.tmpl Tue Feb 12 18:59:50 2002
@@ -224,9 +224,4 @@
</chapter>
- <chapter id="pubfunctions">
- <title>Public Functions Provided</title>
-!Einclude/asm-i386/io.h
- </chapter>
-
</book>
diff --minimal -Nru a/Documentation/DocBook/kernel-api.tmpl b/Documentation/DocBook/kernel-api.tmpl
--- a/Documentation/DocBook/kernel-api.tmpl Tue Feb 12 18:59:50 2002
+++ b/Documentation/DocBook/kernel-api.tmpl Tue Feb 12 18:59:50 2002
@@ -181,6 +181,11 @@
!Efs/devfs/base.c
</chapter>
+ <chapter id="security">
+ <title>Security Framework</title>
+!Esecurity/security.c
+ </chapter>
+
<chapter id="pmfuncs">
<title>Power Management</title>
!Ekernel/pm.c
diff --minimal -Nru a/Documentation/DocBook/lsm.tmpl b/Documentation/DocBook/lsm.tmpl
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/Documentation/DocBook/lsm.tmpl Tue Feb 12 18:59:50 2002
@@ -0,0 +1,271 @@
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN"[]>
+<article class="whitepaper" id="LinuxSecurityModule" lang="en">
+ <artheader>
+ <title>Linux Security Modules: General Security Hooks for Linux</title>
+ <authorgroup>
+ <author>
+ <firstname>Stephen</firstname>
+ <surname>Smalley</surname>
+ <affiliation>
+ <orgname>NAI Labs</orgname>
+ <address><email>ssmalley@nai.com</email></address>
+ </affiliation>
+ </author>
+ <author>
+ <firstname>Timothy</firstname>
+ <surname>Fraser</surname>
+ <affiliation>
+ <orgname>NAI Labs</orgname>
+ <address><email>tfraser@nai.com</email></address>
+ </affiliation>
+ </author>
+ <author>
+ <firstname>Chris</firstname>
+ <surname>Vance</surname>
+ <affiliation>
+ <orgname>NAI Labs</orgname>
+ <address><email>cvance@nai.com</email></address>
+ </affiliation>
+ </author>
+ </authorgroup
+ </artheader>
+
+<sect1><title>Introduction</title>
+
+<para>
+In March 2001, the National Security Agency (NSA) gave a presentation
+about Security-Enhanced Linux (SELinux) at the 2.5 Linux Kernel
+Summit. SELinux is an implementation of flexible and fine-grained
+nondiscretionary access controls in the Linux kernel, originally
+implemented as its own particular kernel patch. Several other
+security projects (e.g. RSBAC, Medusa) have also developed flexible
+access control architectures for the Linux kernel, and various
+projects have developed particular access control models for Linux
+(e.g. LIDS, DTE, SubDomain). Each project has developed and
+maintained its own kernel patch to support its security needs.
+</para>
+
+<para>
+In response to the NSA presentation, Linus Torvalds made a set of
+remarks that described a security framework he would be willing to
+consider for inclusion in the mainstream Linux kernel. He described a
+general framework that would provide a set of security hooks to
+control operations on kernel objects and a set of opaque security
+fields in kernel data structures for maintaining security attributes.
+This framework could then be used by loadable kernel modules to
+implement any desired model of security. Linus also suggested the
+possibility of migrating the Linux capabilities code into such a
+module.
+</para>
+
+<para>
+The Linux Security Modules (LSM) project was started by WireX to
+develop such a framework. LSM is a joint development effort by
+several security projects, including Immunix, SELinux, SGI and Janus,
+and several individuals, including Greg Kroah-Hartman and James
+Morris, to develop a Linux kernel patch that implements this
+framework. The patch is currently tracking the 2.4 series and is
+targeted for integration into the 2.5 development series. This
+technical report provides an overview of the framework and the example
+capabilities security module provided by the LSM kernel patch.
+</para>
+
+</sect1>
+
+<sect1 id="framework"><title>LSM Framework</title>
+
+<para>
+The LSM kernel patch provides a general kernel framework to support
+security modules. In particular, the LSM framework is primarily
+focused on supporting access control modules, although future
+development is likely to address other security needs such as
+auditing. By itself, the framework does not provide any additional
+security; it merely provides the infrastructure to support security
+modules. The LSM kernel patch also moves most of the capabilities
+logic into an optional security module, with the system defaulting
+to the traditional superuser logic. This capabilities module
+is discussed further in <XRef LinkEnd="cap">.
+</para>
+
+<para>
+The LSM kernel patch adds security fields to kernel data structures
+and inserts calls to hook functions at critical points in the kernel
+code to manage the security fields and to perform access control. It
+also adds functions for registering and unregistering security
+modules, and adds a general <function>security</function> system call
+to support new system calls for security-aware applications.
+</para>
+
+<para>
+The LSM security fields are simply <type>void*</type> pointers. For
+process and program execution security information, security fields
+were added to <structname>struct task_struct</structname> and
+<structname>struct linux_binprm</structname>. For filesystem security
+information, a security field was added to
+<structname>struct super_block</structname>. For pipe, file, and socket
+security information, security fields were added to
+<structname>struct inode</structname> and
+<structname>struct file</structname>. For packet and network device security
+information, security fields were added to
+<structname>struct sk_buff</structname> and
+<structname>struct net_device</structname>. For System V IPC security
+information, security fields were added to
+<structname>struct kern_ipc_perm</structname> and
+<structname>struct msg_msg</structname>; additionally, the definitions
+for <structname>struct msg_msg</structname>, <structname>struct
+msg_queue</structname>, and <structname>struct
+shmid_kernel</structname> were moved to header files
+(<filename>include/linux/msg.h</filename> and
+<filename>include/linux/shm.h</filename> as appropriate) to allow
+the security modules to use these definitions.
+</para>
+
+<para>
+Each LSM hook is a function pointer in a global table,
+security_ops. This table is a
+<structname>security_operations</structname> structure as defined by
+<filename>include/linux/security.h</filename>. Detailed documentation
+for each hook is included in this header file. At present, this
+structure consists of a collection of substructures that group related
+hooks based on the kernel object (e.g. task, inode, file, sk_buff,
+etc) as well as some top-level hook function pointers for system
+operations. This structure is likely to be flattened in the future
+for performance. The placement of the hook calls in the kernel code
+is described by the "called:" lines in the per-hook documentation in
+the header file. The hook calls can also be easily found in the
+kernel code by looking for the string "security_ops->".
+
+</para>
+
+<para>
+Linus mentioned per-process security hooks in his original remarks as a
+possible alternative to global security hooks. However, if LSM were
+to start from the perspective of per-process hooks, then the base
+framework would have to deal with how to handle operations that
+involve multiple processes (e.g. kill), since each process might have
+its own hook for controlling the operation. This would require a
+general mechanism for composing hooks in the base framework.
+Additionally, LSM would still need global hooks for operations that
+have no process context (e.g. network input operations).
+Consequently, LSM provides global security hooks, but a security
+module is free to implement per-process hooks (where that makes sense)
+by storing a security_ops table in each process' security field and
+then invoking these per-process hooks from the global hooks.
+The problem of composition is thus deferred to the module.
+</para>
+
+<para>
+The global security_ops table is initialized to a set of hook
+functions provided by a dummy security module that provides
+traditional superuser logic. A <function>register_security</function>
+function (in <filename>security/security.c</filename>) is provided to
+allow a security module to set security_ops to refer to its own hook
+functions, and an <function>unregister_security</function> function is
+provided to revert security_ops to the dummy module hooks. This
+mechanism is used to set the primary security module, which is
+responsible for making the final decision for each hook.
+</para>
+
+<para>
+LSM also provides a simple mechanism for stacking additional security
+modules with the primary security module. It defines
+<function>register_security</function> and
+<function>unregister_security</function> hooks in the
+<structname>security_operations</structname> structure and provides
+<function>mod_reg_security</function> and
+<function>mod_unreg_security</function> functions that invoke these
+hooks after performing some sanity checking. A security module can
+call these functions in order to stack with other modules. However,
+the actual details of how this stacking is handled are deferred to the
+module, which can implement these hooks in any way it wishes
+(including always returning an error if it does not wish to support
+stacking). In this manner, LSM again defers the problem of
+composition to the module.
+</para>
+
+<para>
+Although the LSM hooks are organized into substructures based on
+kernel object, all of the hooks can be viewed as falling into two
+major categories: hooks that are used to manage the security fields
+and hooks that are used to perform access control. Examples of the
+first category of hooks include the
+<function>alloc_security</function> and
+<function>free_security</function> hooks defined for each kernel data
+structure that has a security field. These hooks are used to allocate
+and free security structures for kernel objects. The first category
+of hooks also includes hooks that set information in the security
+field after allocation, such as the <function>post_lookup</function>
+hook in <structname>struct inode_security_ops</structname>. This hook
+is used to set security information for inodes after successful lookup
+operations. An example of the second category of hooks is the
+<function>permission</function> hook in
+<structname>struct inode_security_ops</structname>. This hook checks
+permission when accessing an inode.
+</para>
+
+<para>
+LSM adds a general <function>security</function> system call that
+simply invokes the <function>sys_security</function> hook. This
+system call and hook permits security modules to implement new system
+calls for security-aware applications. The interface is similar to
+socketcall, but also has an <parameter>id</parameter> to help identify
+the security module whose call is being invoked.
+</para>
+
+</sect1>
+
+<sect1 id="cap"><title>LSM Capabilities Module</title>
+
+<para>
+The LSM kernel patch moves most of the existing POSIX.1e capabilities
+logic into an optional security module stored in the file
+<filename>security/capability.c</filename>. This change allows
+users who do not want to use capabilities to omit this code entirely
+from their kernel, instead using the dummy module for traditional
+superuser logic or any other module that they desire. This change
+also allows the developers of the capabilities logic to maintain and
+enhance their code more freely, without needing to integrate patches
+back into the base kernel.
+</para>
+
+<para>
+In addition to moving the capabilities logic, the LSM kernel patch
+could move the capability-related fields from the kernel data
+structures into the new security fields managed by the security
+modules. However, at present, the LSM kernel patch leaves the
+capability fields in the kernel data structures. In his original
+remarks, Linus suggested that this might be preferable so that other
+security modules can be easily stacked with the capabilities module
+without needing to chain multiple security structures on the security field.
+It also avoids imposing extra overhead on the capabilities module
+to manage the security fields. However, the LSM framework could
+certainly support such a move if it is determined to be desirable,
+with only a few additional changes described below.
+</para>
+
+<para>
+At present, the capabilities logic for computing process capabilities
+on <function>execve</function> and <function>set*uid</function>,
+checking capabilities for a particular process, saving and checking
+capabilities for netlink messages, and handling the
+<function>capget</function> and <function>capset</function> system
+calls have been moved into the capabilities module. There are still a
+few locations in the base kernel where capability-related fields are
+directly examined or modified, but the current version of the LSM
+patch does allow a security module to completely replace the
+assignment and testing of capabilities. These few locations would
+need to be changed if the capability-related fields were moved into
+the security field. The following is a list of known locations that
+still perform such direct examination or modification of
+capability-related fields:
+<itemizedlist>
+<listitem><para><filename>fs/open.c</filename>:<function>sys_access</function></para></listitem>
+<listitem><para><filename>fs/lockd/host.c</filename>:<function>nlm_bind_host</function></para></listitem>
+<listitem><para><filename>fs/nfsd/auth.c</filename>:<function>nfsd_setuser</function></para></listitem>
+<listitem><para><filename>fs/proc/array.c</filename>:<function>task_cap</function></para></listitem>
+</itemizedlist>
+</para>
+
+</sect1>
+
+</article>
diff --minimal -Nru a/Makefile b/Makefile
--- a/Makefile Tue Feb 12 18:59:50 2002
+++ b/Makefile Tue Feb 12 18:59:50 2002
@@ -1,7 +1,7 @@
VERSION = 2
PATCHLEVEL = 5
SUBLEVEL = 4
-EXTRAVERSION =
+EXTRAVERSION =-lsm
KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)
@@ -118,11 +118,11 @@
#export RAMDISK = -DRAMDISK=512
-CORE_FILES =kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o
+CORE_FILES =kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o security/vmlinux-obj.o
NETWORKS =net/network.o
LIBS =$(TOPDIR)/lib/lib.a
-SUBDIRS =kernel lib drivers mm fs net ipc
+SUBDIRS =kernel lib drivers mm fs net ipc security
DRIVERS-n :=
DRIVERS-y :=
@@ -244,6 +244,10 @@
include arch/$(ARCH)/Makefile
+
+# if we have a StackGuard compiler, then we need to turn off the canary death handler stuff
+CFLAGS += $(shell if $(CC) -fno-canary-all-functions -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then echo "-fno-canary-all-functions"; fi)
+CFLAGS += $(shell if $(CC) -mno-terminator-canary -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then echo "-mno-terminator-canary"; fi)
export CPPFLAGS CFLAGS AFLAGS
diff --minimal -Nru a/arch/i386/boot/compressed/Makefile b/arch/i386/boot/compressed/Makefile
--- a/arch/i386/boot/compressed/Makefile Tue Feb 12 18:59:50 2002
+++ b/arch/i386/boot/compressed/Makefile Tue Feb 12 18:59:50 2002
@@ -11,6 +11,10 @@
ZLDFLAGS = -e startup_32
+# if we have a StackGuard compiler, then we need to turn off the canary death handler stuff
+CFLAGS += $(shell if $(CC) -fno-canary-all-functions -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then echo "-fno-canary-all-functions"; fi)
+CFLAGS += $(shell if $(CC) -mno-terminator-canary -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then echo "-mno-terminator-canary"; fi)
+
#
# ZIMAGE_OFFSET is the load offset of the compression loader
# BZIMAGE_OFFSET is the load offset of the high loaded compression loader
diff --minimal -Nru a/arch/i386/config.in b/arch/i386/config.in
--- a/arch/i386/config.in Tue Feb 12 18:59:50 2002
+++ b/arch/i386/config.in Tue Feb 12 18:59:50 2002
@@ -407,4 +407,5 @@
endmenu
+source security/Config.in
source lib/Config.in
diff --minimal -Nru a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S
--- a/arch/i386/kernel/entry.S Tue Feb 12 18:59:50 2002
+++ b/arch/i386/kernel/entry.S Tue Feb 12 18:59:50 2002
@@ -683,7 +683,7 @@
.long SYMBOL_NAME(sys_getdents64) /* 220 */
.long SYMBOL_NAME(sys_fcntl64)
.long SYMBOL_NAME(sys_ni_syscall) /* reserved for TUX */
- .long SYMBOL_NAME(sys_ni_syscall) /* Reserved for Security */
+ .long SYMBOL_NAME(sys_security) /* Reserved for Security */
.long SYMBOL_NAME(sys_gettid)
.long SYMBOL_NAME(sys_readahead) /* 225 */
.long SYMBOL_NAME(sys_setxattr)
diff --minimal -Nru a/arch/i386/kernel/ioport.c b/arch/i386/kernel/ioport.c
--- a/arch/i386/kernel/ioport.c Tue Feb 12 18:59:50 2002
+++ b/arch/i386/kernel/ioport.c Tue Feb 12 18:59:50 2002
@@ -14,6 +14,7 @@
#include <linux/smp.h>
#include <linux/smp_lock.h>
#include <linux/stddef.h>
+#include <linux/security.h>
/* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */
static void set_bitmap(unsigned long *bitmap, short base, short extent, int new_value)
@@ -56,11 +57,18 @@
{
struct thread_struct * t = ¤t->thread;
struct tss_struct * tss = init_tss + smp_processor_id();
+ int retval;
if ((from + num <= from) || (from + num > IO_BITMAP_SIZE*32))
return -EINVAL;
if (turn_on && !capable(CAP_SYS_RAWIO))
return -EPERM;
+
+ retval = security_ops->ioperm(from, num, turn_on);
+ if (retval) {
+ return retval;
+ }
+
/*
* If it's the first ioperm() call in this thread's lifetime, set the
* IO bitmap up. ioperm() is much less timing critical than clone(),
@@ -103,6 +111,7 @@
struct pt_regs * regs = (struct pt_regs *) &unused;
unsigned int level = regs->ebx;
unsigned int old = (regs->eflags >> 12) & 3;
+ int retval;
if (level > 3)
return -EINVAL;
@@ -111,6 +120,11 @@
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
}
+ retval = security_ops->iopl(old, level);
+ if (retval) {
+ return retval;
+ }
+
regs->eflags = (regs->eflags & 0xffffcfff) | (level << 12);
return 0;
}
diff --minimal -Nru a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
--- a/arch/i386/kernel/process.c Tue Feb 12 18:59:50 2002
+++ b/arch/i386/kernel/process.c Tue Feb 12 18:59:50 2002
@@ -55,6 +55,14 @@
int hlt_counter;
/*
+ * Return saved PC of a blocked thread.
+ */
+unsigned long thread_saved_pc(struct task_struct *tsk)
+{
+ return ((unsigned long *)tsk->thread.esp)[3];
+}
+
+/*
* Powermanagement idle function, if any..
*/
void (*pm_idle)(void);
diff --minimal -Nru a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c
--- a/arch/i386/kernel/ptrace.c Tue Feb 12 18:59:50 2002
+++ b/arch/i386/kernel/ptrace.c Tue Feb 12 18:59:50 2002
@@ -13,6 +13,7 @@
#include <linux/errno.h>
#include <linux/ptrace.h>
#include <linux/user.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
@@ -158,6 +159,9 @@
if (request == PTRACE_TRACEME) {
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
+ goto out;
+ ret = security_ops->ptrace(current->p_pptr, current);
+ if (ret)
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
diff --minimal -Nru a/arch/ia64/config.in b/arch/ia64/config.in
--- a/arch/ia64/config.in Tue Feb 12 18:59:50 2002
+++ b/arch/ia64/config.in Tue Feb 12 18:59:50 2002
@@ -262,3 +262,6 @@
fi
endmenu
+
+source security/Config.in
+
diff --minimal -Nru a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c
--- a/arch/ia64/ia32/sys_ia32.c Tue Feb 12 18:59:50 2002
+++ b/arch/ia64/ia32/sys_ia32.c Tue Feb 12 18:59:50 2002
@@ -48,6 +48,7 @@
#include <linux/personality.h>
#include <linux/stat.h>
#include <linux/ipc.h>
+#include <linux/security.h>
#include <asm/types.h>
#include <asm/uaccess.h>
@@ -3177,6 +3178,7 @@
unsigned int old;
unsigned long addr;
mm_segment_t old_fs = get_fs ();
+ int retval;
if (level != 3)
return(-EINVAL);
@@ -3186,6 +3188,11 @@
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
}
+ retval = security_ops->iopl(old,level);
+ if (retval) {
+ return retval;
+ }
+
set_fs(KERNEL_DS);
fd = sys_open("/dev/mem", O_SYNC | O_RDWR, 0);
set_fs(old_fs);
diff --minimal -Nru a/arch/ia64/kernel/entry.S b/arch/ia64/kernel/entry.S
--- a/arch/ia64/kernel/entry.S Tue Feb 12 18:59:50 2002
+++ b/arch/ia64/kernel/entry.S Tue Feb 12 18:59:50 2002
@@ -1130,8 +1130,8 @@
data8 sys_getdents64
data8 sys_getunwind // 1215
data8 sys_readahead
+ data8 sys_security
data8 sys_tkill
- data8 ia64_ni_syscall
data8 ia64_ni_syscall
data8 ia64_ni_syscall // 1220
data8 ia64_ni_syscall
diff --minimal -Nru a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
--- a/arch/ia64/kernel/ptrace.c Tue Feb 12 18:59:50 2002
+++ b/arch/ia64/kernel/ptrace.c Tue Feb 12 18:59:50 2002
@@ -15,6 +15,7 @@
#include <linux/ptrace.h>
#include <linux/smp_lock.h>
#include <linux/user.h>
+#include <linux/security.h>
#include <asm/pgtable.h>
#include <asm/processor.h>
@@ -822,6 +823,9 @@
if (request == PTRACE_TRACEME) {
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
+ goto out;
+ ret = security_ops->ptrace(current->p_pptr, current);
+ if (ret)
goto out;
current->ptrace |= PT_PTRACED;
ret = 0;
diff --minimal -Nru a/drivers/char/tty_io.c b/drivers/char/tty_io.c
--- a/drivers/char/tty_io.c Tue Feb 12 18:59:50 2002
+++ b/drivers/char/tty_io.c Tue Feb 12 18:59:50 2002
@@ -1453,6 +1453,10 @@
if (!waitqueue_active(&tty->read_wait))
tty->minimum_to_wake = 1;
if (filp->f_owner.pid == 0) {
+ retval = security_ops->file_ops->set_fowner(filp);
+ if (retval)
+ return retval;
+
filp->f_owner.pid = (-tty->pgrp) ? : current->pid;
filp->f_owner.uid = current->uid;
filp->f_owner.euid = current->euid;
diff --minimal -Nru a/fs/attr.c b/fs/attr.c
--- a/fs/attr.c Tue Feb 12 18:59:50 2002
+++ b/fs/attr.c Tue Feb 12 18:59:50 2002
@@ -12,6 +12,7 @@
#include <linux/dnotify.h>
#include <linux/fcntl.h>
#include <linux/quotaops.h>
+#include <linux/security.h>
/* Taken over from the old code... */
@@ -128,10 +129,14 @@
attr->ia_mtime = now;
lock_kernel();
- if (inode->i_op && inode->i_op->setattr)
- error = inode->i_op->setattr(dentry, attr);
- else {
+ if (inode->i_op && inode->i_op->setattr) {
+ error = security_ops->inode_ops->setattr(dentry, attr);
+ if (!error)
+ error = inode->i_op->setattr(dentry, attr);
+ } else {
error = inode_change_ok(inode, attr);
+ if (!error)
+ error = security_ops->inode_ops->setattr(dentry, attr);
if (!error) {
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
diff --minimal -Nru a/fs/buffer.c b/fs/buffer.c
--- a/fs/buffer.c Tue Feb 12 18:59:50 2002
+++ b/fs/buffer.c Tue Feb 12 18:59:50 2002
@@ -2545,15 +2545,20 @@
asmlinkage long sys_bdflush(int func, long data)
{
+ int error;
+
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
+ error = security_ops->bdflush(func, data);
+ if( error )
+ return error;
+
if (func == 1) {
/* do_exit directly and let kupdate to do its work alone. */
do_exit(0);
#if 0 /* left here as it's the only example of lazy-mm-stuff used from
a syscall that doesn't care about the current mm context. */
- int error;
struct mm_struct *user_mm;
/*
diff --minimal -Nru a/fs/dnotify.c b/fs/dnotify.c
--- a/fs/dnotify.c Tue Feb 12 18:59:50 2002
+++ b/fs/dnotify.c Tue Feb 12 18:59:50 2002
@@ -45,6 +45,7 @@
struct dnotify_struct **prev;
struct inode *inode;
int turning_off = (arg & ~DN_MULTISHOT) == 0;
+ int error;
if (!turning_off && !dir_notify_enable)
return -EINVAL;
@@ -75,6 +76,13 @@
}
if (turning_off)
goto out;
+
+ error = security_ops->file_ops->set_fowner(filp);
+ if (error) {
+ write_unlock(&dn_lock);
+ return error;
+ }
+
filp->f_owner.pid = current->pid;
filp->f_owner.uid = current->uid;
filp->f_owner.euid = current->euid;
diff --minimal -Nru a/fs/dquot.c b/fs/dquot.c
--- a/fs/dquot.c Tue Feb 12 18:59:50 2002
+++ b/fs/dquot.c Tue Feb 12 18:59:50 2002
@@ -1356,6 +1356,9 @@
error = -EIO;
if (!f->f_op || !f->f_op->read || !f->f_op->write)
goto out_f;
+ error = security_ops->quota_on(f);
+ if (error)
+ goto out_f;
inode = f->f_dentry->d_inode;
error = -EACCES;
if (!S_ISREG(inode->i_mode))
@@ -1449,6 +1452,10 @@
if (!sb)
goto out;
}
+
+ ret = security_ops->quotactl (cmds, type, id, sb);
+ if (ret)
+ goto out;
ret = -EINVAL;
switch (cmds) {
diff --minimal -Nru a/fs/exec.c b/fs/exec.c
--- a/fs/exec.c Tue Feb 12 18:59:50 2002
+++ b/fs/exec.c Tue Feb 12 18:59:50 2002
@@ -611,6 +611,7 @@
{
int mode;
struct inode * inode = bprm->file->f_dentry->d_inode;
+ int retval;
mode = inode->i_mode;
/*
@@ -640,27 +641,10 @@
bprm->e_gid = inode->i_gid;
}
- /* We don't have VFS support for capabilities yet */
- cap_clear(bprm->cap_inheritable);
- cap_clear(bprm->cap_permitted);
- cap_clear(bprm->cap_effective);
-
- /* To support inheritance of root-permissions and suid-root
- * executables under compatibility mode, we raise all three
- * capability sets for the file.
- *
- * If only the real uid is 0, we only raise the inheritable
- * and permitted sets of the executable file.
- */
-
- if (!issecure(SECURE_NOROOT)) {
- if (bprm->e_uid == 0 || current->uid == 0) {
- cap_set_full(bprm->cap_inheritable);
- cap_set_full(bprm->cap_permitted);
- }
- if (bprm->e_uid == 0)
- cap_set_full(bprm->cap_effective);
- }
+ /* fill in binprm security blob */
+ retval = security_ops->bprm_ops->set_security(bprm);
+ if (retval)
+ return retval;
memset(bprm->buf,0,BINPRM_BUF_SIZE);
return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);
@@ -683,16 +667,9 @@
void compute_creds(struct linux_binprm *bprm)
{
- kernel_cap_t new_permitted, working;
int do_unlock = 0;
- new_permitted = cap_intersect(bprm->cap_permitted, cap_bset);
- working = cap_intersect(bprm->cap_inheritable,
- current->cap_inheritable);
- new_permitted = cap_combine(new_permitted, working);
-
- if (bprm->e_uid != current->uid || bprm->e_gid != current->gid ||
- !cap_issubset(new_permitted, current->cap_permitted)) {
+ if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) {
current->mm->dumpable = 0;
lock_kernel();
@@ -704,32 +681,17 @@
bprm->e_uid = current->uid;
bprm->e_gid = current->gid;
}
- if(!capable(CAP_SETPCAP)) {
- new_permitted = cap_intersect(new_permitted,
- current->cap_permitted);
- }
}
do_unlock = 1;
}
-
- /* For init, we want to retain the capabilities set
- * in the init_task struct. Thus we skip the usual
- * capability rules */
- if (current->pid != 1) {
- current->cap_permitted = new_permitted;
- current->cap_effective =
- cap_intersect(new_permitted, bprm->cap_effective);
- }
-
- /* AUD: Audit candidate if current->cap_effective is set */
-
current->suid = current->euid = current->fsuid = bprm->e_uid;
current->sgid = current->egid = current->fsgid = bprm->e_gid;
if(do_unlock)
unlock_kernel();
- current->keep_capabilities = 0;
+
+ security_ops->bprm_ops->compute_creds(bprm);
}
@@ -875,6 +837,7 @@
bprm.sh_bang = 0;
bprm.loader = 0;
bprm.exec = 0;
+ bprm.security = NULL;
if ((bprm.argc = count(argv, bprm.p / sizeof(void *))) < 0) {
allow_write_access(file);
fput(file);
@@ -887,6 +850,10 @@
return bprm.envc;
}
+ retval = security_ops->bprm_ops->alloc_security(&bprm);
+ if (retval)
+ goto out;
+
retval = prepare_binprm(&bprm);
if (retval < 0)
goto out;
@@ -905,9 +872,11 @@
goto out;
retval = search_binary_handler(&bprm,regs);
- if (retval >= 0)
+ if (retval >= 0) {
/* execve success */
+ security_ops->bprm_ops->free_security(&bprm);
return retval;
+ }
out:
/* Something went wrong, return the inode and free the argument pages*/
@@ -920,6 +889,9 @@
if (page)
__free_page(page);
}
+
+ if (bprm.security)
+ security_ops->bprm_ops->free_security(&bprm);
return retval;
}
diff --minimal -Nru a/fs/fcntl.c b/fs/fcntl.c
--- a/fs/fcntl.c Tue Feb 12 18:59:50 2002
+++ b/fs/fcntl.c Tue Feb 12 18:59:50 2002
@@ -11,6 +11,7 @@
#include <linux/smp_lock.h>
#include <linux/slab.h>
#include <linux/iobuf.h>
+#include <linux/security.h>
#include <asm/poll.h>
#include <asm/siginfo.h>
@@ -296,11 +297,11 @@
unlock_kernel();
break;
case F_GETLK:
- err = fcntl_getlk(fd, (struct flock *) arg);
+ err = fcntl_getlk(filp, (struct flock *) arg);
break;
case F_SETLK:
case F_SETLKW:
- err = fcntl_setlk(fd, cmd, (struct flock *) arg);
+ err = fcntl_setlk(filp, cmd, (struct flock *) arg);
break;
case F_GETOWN:
/*
@@ -314,6 +315,13 @@
break;
case F_SETOWN:
lock_kernel();
+
+ err = security_ops->file_ops->set_fowner(filp);
+ if (err) {
+ unlock_kernel();
+ break;
+ }
+
filp->f_owner.pid = arg;
filp->f_owner.uid = current->uid;
filp->f_owner.euid = current->euid;
@@ -362,6 +370,12 @@
if (!filp)
goto out;
+ err = security_ops->file_ops->fcntl(filp, cmd, arg);
+ if (err) {
+ fput(filp);
+ return err;
+ }
+
err = do_fcntl(fd, cmd, arg, filp);
fput(filp);
@@ -380,15 +394,20 @@
if (!filp)
goto out;
+ err = security_ops->file_ops->fcntl(filp, cmd, arg);
+ if (err) {
+ fput(filp);
+ return err;
+ }
+ err = -EBADF;
+
switch (cmd) {
case F_GETLK64:
- err = fcntl_getlk64(fd, (struct flock64 *) arg);
+ err = fcntl_getlk64(filp, (struct flock64 *) arg);
break;
case F_SETLK64:
- err = fcntl_setlk64(fd, cmd, (struct flock64 *) arg);
- break;
case F_SETLKW64:
- err = fcntl_setlk64(fd, cmd, (struct flock64 *) arg);
+ err = fcntl_setlk64(filp, cmd, (struct flock64 *) arg);
break;
default:
err = do_fcntl(fd, cmd, arg, filp);
@@ -420,6 +439,10 @@
(fown->euid ^ p->suid) && (fown->euid ^ p->uid) &&
(fown->uid ^ p->suid) && (fown->uid ^ p->uid))
return;
+
+ if (security_ops->file_ops->send_sigiotask(p, fown, fd, reason))
+ return;
+
switch (fown->signum) {
siginfo_t si;
default:
diff --minimal -Nru a/fs/file_table.c b/fs/file_table.c
--- a/fs/file_table.c Tue Feb 12 18:59:50 2002
+++ b/fs/file_table.c Tue Feb 12 18:59:50 2002
@@ -13,6 +13,7 @@
#include <linux/smp_lock.h>
#include <linux/iobuf.h>
#include <linux/fs.h>
+#include <linux/security.h>
/* sysctl tunables... */
struct files_stat_struct files_stat = {0, 0, NR_FILE};
@@ -43,6 +44,12 @@
files_stat.nr_free_files--;
new_one:
memset(f, 0, sizeof(*f));
+ if (security_ops->file_ops->alloc_security(f)) {
+ list_add(&f->f_list, &free_list);
+ files_stat.nr_free_files++;
+ file_list_unlock();
+ return NULL;
+ }
atomic_set(&f->f_count,1);
f->f_version = ++event;
f->f_uid = current->fsuid;
@@ -112,6 +119,8 @@
if (file->f_op && file->f_op->release)
file->f_op->release(inode, file);
+ security_ops->file_ops->free_security (file);
+
fops_put(file->f_op);
if (file->f_mode & FMODE_WRITE)
put_write_access(inode);
@@ -145,6 +154,7 @@
void put_filp(struct file *file)
{
if(atomic_dec_and_test(&file->f_count)) {
+ security_ops->file_ops->free_security(file);
file_list_lock();
list_del(&file->f_list);
list_add(&file->f_list, &free_list);
diff --minimal -Nru a/fs/inode.c b/fs/inode.c
--- a/fs/inode.c Tue Feb 12 18:59:50 2002
+++ b/fs/inode.c Tue Feb 12 18:59:50 2002
@@ -17,6 +17,7 @@
#include <linux/swapctl.h>
#include <linux/prefetch.h>
#include <linux/locks.h>
+#include <linux/security.h>
/*
* New inode.c implementation.
@@ -88,6 +89,14 @@
inode = (struct inode *) kmem_cache_alloc(inode_cachep, SLAB_KERNEL);
if (inode) {
+ inode->i_security = NULL;
+ if (security_ops->inode_ops->alloc_security(inode)) {
+ if (inode->i_sb->s_op->destroy_inode)
+ inode->i_sb->s_op->destroy_inode(inode);
+ else
+ kmem_cache_free(inode_cachep, (inode));
+ return NULL;
+ }
inode->i_sb = sb;
inode->i_dev = sb->s_dev;
inode->i_blkbits = sb->s_blocksize_bits;
@@ -118,6 +127,7 @@
{
if (inode_has_buffers(inode))
BUG();
+ security_ops->inode_ops->free_security(inode);
if (inode->i_sb->s_op->destroy_inode)
inode->i_sb->s_op->destroy_inode(inode);
else
@@ -1055,6 +1065,8 @@
if (inode->i_data.nrpages)
truncate_inode_pages(&inode->i_data, 0);
+
+ security_ops->inode_ops->delete(inode);
if (op && op->delete_inode) {
void (*delete)(struct inode *) = op->delete_inode;
diff --minimal -Nru a/fs/ioctl.c b/fs/ioctl.c
--- a/fs/ioctl.c Tue Feb 12 18:59:50 2002
+++ b/fs/ioctl.c Tue Feb 12 18:59:50 2002
@@ -8,6 +8,7 @@
#include <linux/smp_lock.h>
#include <linux/file.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include <asm/ioctls.h>
@@ -57,6 +58,14 @@
if (!filp)
goto out;
error = 0;
+
+ /* Call the Linux Security Module to perform its checks. */
+ error = security_ops->file_ops->ioctl(filp, cmd, arg);
+ if (error) {
+ fput(filp);
+ goto out;
+ }
+
lock_kernel();
switch (cmd) {
case FIOCLEX:
diff --minimal -Nru a/fs/locks.c b/fs/locks.c
--- a/fs/locks.c Tue Feb 12 18:59:50 2002
+++ b/fs/locks.c Tue Feb 12 18:59:50 2002
@@ -1289,6 +1289,11 @@
fl->fl_next = *before;
*before = fl;
list_add(&fl->fl_link, &file_lock_list);
+
+ error = security_ops->file_ops->set_fowner(filp);
+ if (error)
+ goto out_unlock;
+
filp->f_owner.pid = current->pid;
filp->f_owner.uid = current->uid;
filp->f_owner.euid = current->euid;
@@ -1339,6 +1344,11 @@
&& !(filp->f_mode & 3))
goto out_putf;
+ error = security_ops->file_ops->lock(filp, cmd,
+ (cmd & LOCK_NB) ? 0 : 1);
+ if (error)
+ goto out_putf;
+
lock_kernel();
error = flock_lock_file(filp, type,
(cmd & (LOCK_UN | LOCK_NB)) ? 0 : 1);
@@ -1353,9 +1363,8 @@
/* Report the first existing lock that would conflict with l.
* This implements the F_GETLK command of fcntl().
*/
-int fcntl_getlk(unsigned int fd, struct flock *l)
+int fcntl_getlk(struct file *filp, struct flock *l)
{
- struct file *filp;
struct file_lock *fl, file_lock;
struct flock flock;
int error;
@@ -1367,19 +1376,14 @@
if ((flock.l_type != F_RDLCK) && (flock.l_type != F_WRLCK))
goto out;
- error = -EBADF;
- filp = fget(fd);
- if (!filp)
- goto out;
-
error = flock_to_posix_lock(filp, &file_lock, &flock);
if (error)
- goto out_putf;
+ goto out;
if (filp->f_op && filp->f_op->lock) {
error = filp->f_op->lock(filp, F_GETLK, &file_lock);
if (error < 0)
- goto out_putf;
+ goto out;
else if (error == LOCK_USE_CLNT)
/* Bypass for NFS with no locking - 2.0.36 compat */
fl = posix_test_lock(filp, &file_lock);
@@ -1399,10 +1403,10 @@
*/
error = -EOVERFLOW;
if (fl->fl_start > OFFT_OFFSET_MAX)
- goto out_putf;
+ goto out;
if ((fl->fl_end != OFFSET_MAX)
&& (fl->fl_end > OFFT_OFFSET_MAX))
- goto out_putf;
+ goto out;
#endif
flock.l_start = fl->fl_start;
flock.l_len = fl->fl_end == OFFSET_MAX ? 0 :
@@ -1414,8 +1418,6 @@
if (!copy_to_user(l, &flock, sizeof(flock)))
error = 0;
-out_putf:
- fput(filp);
out:
return error;
}
@@ -1423,12 +1425,11 @@
/* Apply the lock described by l to an open file descriptor.
* This implements both the F_SETLK and F_SETLKW commands of fcntl().
*/
-int fcntl_setlk(unsigned int fd, unsigned int cmd, struct flock *l)
+int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l)
{
- struct file *filp;
struct file_lock *file_lock = locks_alloc_lock(0);
struct flock flock;
- struct inode *inode;
+ struct inode *inode = filp->f_dentry->d_inode;
int error;
if (file_lock == NULL)
@@ -1441,17 +1442,6 @@
if (copy_from_user(&flock, l, sizeof(flock)))
goto out;
- /* Get arguments and validate them ...
- */
-
- error = -EBADF;
- filp = fget(fd);
- if (!filp)
- goto out;
-
- error = -EINVAL;
- inode = filp->f_dentry->d_inode;
-
/* Don't allow mandatory locks on files that may be memory mapped
* and shared.
*/
@@ -1461,23 +1451,25 @@
if (mapping->i_mmap_shared != NULL) {
error = -EAGAIN;
- goto out_putf;
+ goto out;
}
}
+ /* Get arguments and validate them ...
+ */
error = flock_to_posix_lock(filp, file_lock, &flock);
if (error)
- goto out_putf;
+ goto out;
error = -EBADF;
switch (flock.l_type) {
case F_RDLCK:
if (!(filp->f_mode & FMODE_READ))
- goto out_putf;
+ goto out;
break;
case F_WRLCK:
if (!(filp->f_mode & FMODE_WRITE))
- goto out_putf;
+ goto out;
break;
case F_UNLCK:
break;
@@ -1495,23 +1487,26 @@
}
}
if (!(filp->f_mode & 3))
- goto out_putf;
+ goto out;
break;
#endif
default:
error = -EINVAL;
- goto out_putf;
+ goto out;
}
+ error = security_ops->file_ops->lock(filp, file_lock->fl_type,
+ cmd == F_SETLKW);
+ if (error)
+ goto out;
+
if (filp->f_op && filp->f_op->lock != NULL) {
error = filp->f_op->lock(filp, cmd, file_lock);
if (error < 0)
- goto out_putf;
+ goto out;
}
error = posix_lock_file(filp, file_lock, cmd == F_SETLKW);
-out_putf:
- fput(filp);
out:
locks_free_lock(file_lock);
return error;
@@ -1521,9 +1516,8 @@
/* Report the first existing lock that would conflict with l.
* This implements the F_GETLK command of fcntl().
*/
-int fcntl_getlk64(unsigned int fd, struct flock64 *l)
+int fcntl_getlk64(struct file *filp, struct flock64 *l)
{
- struct file *filp;
struct file_lock *fl, file_lock;
struct flock64 flock;
int error;
@@ -1535,19 +1529,15 @@
if ((flock.l_type != F_RDLCK) && (flock.l_type != F_WRLCK))
goto out;
- error = -EBADF;
- filp = fget(fd);
- if (!filp)
- goto out;
error = flock64_to_posix_lock(filp, &file_lock, &flock);
if (error)
- goto out_putf;
+ goto out;
if (filp->f_op && filp->f_op->lock) {
error = filp->f_op->lock(filp, F_GETLK, &file_lock);
if (error < 0)
- goto out_putf;
+ goto out;
else if (error == LOCK_USE_CLNT)
/* Bypass for NFS with no locking - 2.0.36 compat */
fl = posix_test_lock(filp, &file_lock);
@@ -1570,8 +1560,6 @@
if (!copy_to_user(l, &flock, sizeof(flock)))
error = 0;
-out_putf:
- fput(filp);
out:
return error;
}
@@ -1579,12 +1567,11 @@
/* Apply the lock described by l to an open file descriptor.
* This implements both the F_SETLK and F_SETLKW commands of fcntl().
*/
-int fcntl_setlk64(unsigned int fd, unsigned int cmd, struct flock64 *l)
+int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l)
{
- struct file *filp;
struct file_lock *file_lock = locks_alloc_lock(0);
struct flock64 flock;
- struct inode *inode;
+ struct inode *inode = filp->f_dentry->d_inode;
int error;
if (file_lock == NULL)
@@ -1597,16 +1584,6 @@
if (copy_from_user(&flock, l, sizeof(flock)))
goto out;
- /* Get arguments and validate them ...
- */
-
- error = -EBADF;
- filp = fget(fd);
- if (!filp)
- goto out;
-
- error = -EINVAL;
- inode = filp->f_dentry->d_inode;
/* Don't allow mandatory locks on files that may be memory mapped
* and shared.
@@ -1617,23 +1594,25 @@
if (mapping->i_mmap_shared != NULL) {
error = -EAGAIN;
- goto out_putf;
+ goto out;
}
}
+ /* Get arguments and validate them ...
+ */
error = flock64_to_posix_lock(filp, file_lock, &flock);
if (error)
- goto out_putf;
+ goto out;
error = -EBADF;
switch (flock.l_type) {
case F_RDLCK:
if (!(filp->f_mode & FMODE_READ))
- goto out_putf;
+ goto out;
break;
case F_WRLCK:
if (!(filp->f_mode & FMODE_WRITE))
- goto out_putf;
+ goto out;
break;
case F_UNLCK:
break;
@@ -1641,18 +1620,21 @@
case F_EXLCK:
default:
error = -EINVAL;
- goto out_putf;
+ goto out;
}
+ error = security_ops->file_ops->lock(filp, file_lock->fl_type,
+ cmd == F_SETLKW64);
+ if (error)
+ goto out;
+
if (filp->f_op && filp->f_op->lock != NULL) {
error = filp->f_op->lock(filp, cmd, file_lock);
if (error < 0)
- goto out_putf;
+ goto out;
}
error = posix_lock_file(filp, file_lock, cmd == F_SETLKW64);
-out_putf:
- fput(filp);
out:
locks_free_lock(file_lock);
return error;
diff --minimal -Nru a/fs/namei.c b/fs/namei.c
--- a/fs/namei.c Tue Feb 12 18:59:50 2002
+++ b/fs/namei.c Tue Feb 12 18:59:50 2002
@@ -22,6 +22,7 @@
#include <linux/dnotify.h>
#include <linux/smp_lock.h>
#include <linux/personality.h>
+#include <linux/security.h>
#include <asm/namei.h>
#include <asm/uaccess.h>
@@ -198,14 +199,23 @@
int permission(struct inode * inode,int mask)
{
+ int retval;
+ int submask;
+
+ /* Ordinary permission routines do not understand MAY_APPEND. */
+ submask = mask & ~MAY_APPEND;
+
if (inode->i_op && inode->i_op->permission) {
- int retval;
lock_kernel();
- retval = inode->i_op->permission(inode, mask);
+ retval = inode->i_op->permission(inode, submask);
unlock_kernel();
- return retval;
+ } else {
+ retval = vfs_permission(inode, submask);
}
- return vfs_permission(inode, mask);
+ if (retval)
+ return retval;
+
+ return security_ops->inode_ops->permission(inode, mask);
}
/*
@@ -304,8 +314,10 @@
unlock_kernel();
if (result)
dput(dentry);
- else
+ else {
result = dentry;
+ security_ops->inode_ops->post_lookup(dir, result);
+ }
}
up(&dir->i_sem);
return result;
@@ -334,7 +346,7 @@
*/
static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
{
- int err;
+ int err = -ELOOP;
if (current->link_count >= 5)
goto loop;
if (current->total_link_count >= 40)
@@ -343,6 +355,9 @@
current->state = TASK_RUNNING;
schedule();
}
+ err = security_ops->inode_ops->follow_link(dentry, nd);
+ if (err)
+ goto loop;
current->link_count++;
current->total_link_count++;
UPDATE_ATIME(dentry->d_inode);
@@ -351,7 +366,7 @@
return err;
loop:
path_release(nd);
- return -ELOOP;
+ return err;
}
static inline int __follow_up(struct vfsmount **mnt, struct dentry **base)
@@ -776,9 +791,10 @@
lock_kernel();
dentry = inode->i_op->lookup(inode, new);
unlock_kernel();
- if (!dentry)
+ if (!dentry) {
dentry = new;
- else
+ security_ops->inode_ops->post_lookup(inode, dentry);
+ } else
dput(new);
}
out:
@@ -947,14 +963,20 @@
if (!dir->i_op || !dir->i_op->create)
goto exit_lock;
+ error = security_ops->inode_ops->create(dir, dentry, mode);
+ if (error)
+ goto exit_lock;
+
DQUOT_INIT(dir);
lock_kernel();
error = dir->i_op->create(dir, dentry, mode);
unlock_kernel();
exit_lock:
up(&dir->i_zombie);
- if (!error)
+ if (!error) {
inode_dir_notify(dir, DN_CREATE);
+ security_ops->inode_ops->post_create(dir, dentry, mode);
+ }
return error;
}
@@ -982,6 +1004,11 @@
acc_mode = ACC_MODE(flag);
+ /* Allow the LSM permission hook to distinguish append
+ access from general write access. */
+ if (flag & O_APPEND)
+ acc_mode |= MAY_APPEND;
+
/*
* The simplest case - just a plain lookup.
*/
@@ -1160,6 +1187,9 @@
* stored in nd->last.name and we will have to putname() it when we
* are done. Procfs-like symlinks just set LAST_BIND.
*/
+ error = security_ops->inode_ops->follow_link(dentry, nd);
+ if (error)
+ goto exit_dput;
UPDATE_ATIME(dentry->d_inode);
error = dentry->d_inode->i_op->follow_link(dentry, nd);
dput(dentry);
@@ -1226,14 +1256,20 @@
if (!dir->i_op || !dir->i_op->mknod)
goto exit_lock;
+ error = security_ops->inode_ops->mknod(dir, dentry, mode, dev);
+ if (error)
+ goto exit_lock;
+
DQUOT_INIT(dir);
lock_kernel();
error = dir->i_op->mknod(dir, dentry, mode, dev);
unlock_kernel();
exit_lock:
up(&dir->i_zombie);
- if (!error)
+ if (!error) {
inode_dir_notify(dir, DN_CREATE);
+ security_ops->inode_ops->post_mknod(dir, dentry, mode, dev);
+ }
return error;
}
@@ -1295,16 +1331,22 @@
if (!dir->i_op || !dir->i_op->mkdir)
goto exit_lock;
- DQUOT_INIT(dir);
mode &= (S_IRWXUGO|S_ISVTX);
+ error = security_ops->inode_ops->mkdir(dir, dentry, mode);
+ if (error)
+ goto exit_lock;
+
+ DQUOT_INIT(dir);
lock_kernel();
error = dir->i_op->mkdir(dir, dentry, mode);
unlock_kernel();
exit_lock:
up(&dir->i_zombie);
- if (!error)
+ if (!error) {
inode_dir_notify(dir, DN_CREATE);
+ security_ops->inode_ops->post_mkdir(dir,dentry, mode);
+ }
return error;
}
@@ -1387,11 +1429,14 @@
else if (d_mountpoint(dentry))
error = -EBUSY;
else {
- lock_kernel();
- error = dir->i_op->rmdir(dir, dentry);
- unlock_kernel();
- if (!error)
- dentry->d_inode->i_flags |= S_DEAD;
+ error = security_ops->inode_ops->rmdir(dir, dentry);
+ if (!error) {
+ lock_kernel();
+ error = dir->i_op->rmdir(dir, dentry);
+ unlock_kernel();
+ if (!error)
+ dentry->d_inode->i_flags |= S_DEAD;
+ }
}
double_up(&dir->i_zombie, &dentry->d_inode->i_zombie);
if (!error) {
@@ -1458,11 +1503,14 @@
if (d_mountpoint(dentry))
error = -EBUSY;
else {
- lock_kernel();
- error = dir->i_op->unlink(dir, dentry);
- unlock_kernel();
- if (!error)
- d_delete(dentry);
+ error = security_ops->inode_ops->unlink(dir, dentry);
+ if (!error) {
+ lock_kernel();
+ error = dir->i_op->unlink(dir, dentry);
+ unlock_kernel();
+ if (!error)
+ d_delete(dentry);
+ }
}
}
}
@@ -1528,6 +1576,10 @@
if (!dir->i_op || !dir->i_op->symlink)
goto exit_lock;
+ error = security_ops->inode_ops->symlink(dir, dentry, oldname);
+ if (error)
+ goto exit_lock;
+
DQUOT_INIT(dir);
lock_kernel();
error = dir->i_op->symlink(dir, dentry, oldname);
@@ -1535,8 +1587,10 @@
exit_lock:
up(&dir->i_zombie);
- if (!error)
+ if (!error) {
inode_dir_notify(dir, DN_CREATE);
+ security_ops->inode_ops->post_symlink(dir, dentry, oldname);
+ }
return error;
}
@@ -1602,6 +1656,10 @@
if (!dir->i_op || !dir->i_op->link)
goto exit_lock;
+ error = security_ops->inode_ops->link(old_dentry, dir, new_dentry);
+ if (error)
+ goto exit_lock;
+
DQUOT_INIT(dir);
lock_kernel();
error = dir->i_op->link(old_dentry, dir, new_dentry);
@@ -1609,8 +1667,10 @@
exit_lock:
up(&dir->i_zombie);
- if (!error)
+ if (!error) {
inode_dir_notify(dir, DN_CREATE);
+ security_ops->inode_ops->post_link(old_dentry, dir, new_dentry);
+ }
return error;
}
@@ -1731,6 +1791,10 @@
if (error)
return error;
+ error = security_ops->inode_ops->rename(old_dir, old_dentry, new_dir, new_dentry);
+ if (error)
+ return error;
+
DQUOT_INIT(old_dir);
DQUOT_INIT(new_dir);
down(&old_dir->i_sb->s_vfs_rename_sem);
@@ -1769,8 +1833,11 @@
double_up(&old_dir->i_zombie,
&new_dir->i_zombie);
- if (!error)
+ if (!error) {
d_move(old_dentry,new_dentry);
+ security_ops->inode_ops->post_rename(old_dir, old_dentry,
+ new_dir, new_dentry);
+ }
out_unlock:
up(&old_dir->i_sb->s_vfs_rename_sem);
return error;
@@ -1801,6 +1868,10 @@
if (!old_dir->i_op || !old_dir->i_op->rename)
return -EPERM;
+ error = security_ops->inode_ops->rename(old_dir, old_dentry, new_dir, new_dentry);
+ if (error)
+ return error;
+
DQUOT_INIT(old_dir);
DQUOT_INIT(new_dir);
double_down(&old_dir->i_zombie, &new_dir->i_zombie);
@@ -1815,6 +1886,7 @@
if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME)) {
d_move(old_dentry, new_dentry);
}
+ security_ops->inode_ops->post_rename(old_dir, old_dentry, new_dir, new_dentry);
return 0;
}
diff --minimal -Nru a/fs/namespace.c b/fs/namespace.c
--- a/fs/namespace.c Tue Feb 12 18:59:50 2002
+++ b/fs/namespace.c Tue Feb 12 18:59:50 2002
@@ -287,6 +287,10 @@
struct super_block * sb = mnt->mnt_sb;
int retval = 0;
+ retval = security_ops->sb_ops->umount(mnt, flags);
+ if (retval)
+ return retval;
+
/*
* If we may have to abort operations to get out of this
* mount, and they will themselves hold resources we must
@@ -336,6 +340,7 @@
DQUOT_OFF(sb);
acct_auto_close(sb);
unlock_kernel();
+ security_ops->sb_ops->umount_close(mnt);
spin_lock(&dcache_lock);
}
retval = -EBUSY;
@@ -345,6 +350,8 @@
retval = 0;
}
spin_unlock(&dcache_lock);
+ if (retval)
+ security_ops->sb_ops->umount_busy(mnt);
up_write(¤t->namespace->sem);
return retval;
}
@@ -470,6 +477,10 @@
if (IS_DEADDIR(nd->dentry->d_inode))
goto out_unlock;
+ err = security_ops->sb_ops->check_sb(mnt, nd);
+ if (err)
+ goto out_unlock;
+
spin_lock(&dcache_lock);
if (IS_ROOT(nd->dentry) || !d_unhashed(nd->dentry)) {
struct list_head head;
@@ -482,6 +493,8 @@
spin_unlock(&dcache_lock);
out_unlock:
up(&nd->dentry->d_inode->i_zombie);
+ if (!err)
+ security_ops->sb_ops->post_addmount(mnt, nd);
return err;
}
@@ -552,6 +565,8 @@
if (!err)
nd->mnt->mnt_flags=mnt_flags;
up_write(&sb->s_umount);
+ if (!err)
+ security_ops->sb_ops->post_remount(nd->mnt, flags, data);
return err;
}
@@ -736,6 +751,10 @@
if (retval)
return retval;
+ retval = security_ops->sb_ops->mount(dev_name, &nd, type_page, flags, data_page);
+ if (retval)
+ goto dput_out;
+
if (flags & MS_REMOUNT)
retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
data_page);
@@ -746,6 +765,7 @@
else
retval = do_add_mount(&nd, type_page, flags, mnt_flags,
dev_name, data_page);
+dput_out:
path_release(&nd);
return retval;
}
diff --minimal -Nru a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
--- a/fs/nfsd/nfsctl.c Tue Feb 12 18:59:50 2002
+++ b/fs/nfsd/nfsctl.c Tue Feb 12 18:59:50 2002
@@ -234,6 +234,10 @@
goto done;
}
+ err = security_ops->nfsservctl(cmd, arg);
+ if (err)
+ goto done;
+
switch(cmd) {
case NFSCTL_SVC:
err = nfsctl_svc(&arg->ca_svc);
diff --minimal -Nru a/fs/open.c b/fs/open.c
--- a/fs/open.c Tue Feb 12 18:59:50 2002
+++ b/fs/open.c Tue Feb 12 18:59:50 2002
@@ -15,6 +15,7 @@
#include <linux/slab.h>
#include <linux/tty.h>
#include <linux/iobuf.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -28,6 +29,9 @@
retval = -ENOSYS;
if (sb->s_op && sb->s_op->statfs) {
memset(buf, 0, sizeof(struct statfs));
+ retval = security_ops->sb_ops->statfs(sb);
+ if (retval)
+ return retval;
lock_kernel();
retval = sb->s_op->statfs(sb, buf);
unlock_kernel();
diff --minimal -Nru a/fs/proc/base.c b/fs/proc/base.c
--- a/fs/proc/base.c Tue Feb 12 18:59:50 2002
+++ b/fs/proc/base.c Tue Feb 12 18:59:50 2002
@@ -336,7 +336,7 @@
};
#define MAY_PTRACE(p) \
-(p==current||(p->p_pptr==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED))
+(p==current||(p->p_pptr==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0))
static int mem_open(struct inode* inode, struct file* file)
diff --minimal -Nru a/fs/read_write.c b/fs/read_write.c
--- a/fs/read_write.c Tue Feb 12 18:59:50 2002
+++ b/fs/read_write.c Tue Feb 12 18:59:50 2002
@@ -11,6 +11,7 @@
#include <linux/uio.h>
#include <linux/smp_lock.h>
#include <linux/dnotify.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -125,6 +126,13 @@
file = fget(fd);
if (!file)
goto bad;
+
+ retval = security_ops->file_ops->llseek(file);
+ if (retval) {
+ fput(file);
+ goto bad;
+ }
+
retval = -EINVAL;
if (origin <= 2) {
loff_t res = llseek(file, offset, origin);
@@ -150,6 +158,11 @@
file = fget(fd);
if (!file)
goto bad;
+
+ retval = security_ops->file_ops->llseek(file);
+ if (retval)
+ goto out_putf;
+
retval = -EINVAL;
if (origin > 2)
goto out_putf;
@@ -184,8 +197,11 @@
if (!ret) {
ssize_t (*read)(struct file *, char *, size_t, loff_t *);
ret = -EINVAL;
- if (file->f_op && (read = file->f_op->read) != NULL)
- ret = read(file, buf, count, &file->f_pos);
+ if (file->f_op && (read = file->f_op->read) != NULL) {
+ ret = security_ops->file_ops->permission (file, MAY_READ);
+ if (!ret)
+ ret = read(file, buf, count, &file->f_pos);
+ }
}
}
if (ret > 0)
@@ -211,8 +227,11 @@
if (!ret) {
ssize_t (*write)(struct file *, const char *, size_t, loff_t *);
ret = -EINVAL;
- if (file->f_op && (write = file->f_op->write) != NULL)
- ret = write(file, buf, count, &file->f_pos);
+ if (file->f_op && (write = file->f_op->write) != NULL) {
+ ret = security_ops->file_ops->permission (file, MAY_WRITE);
+ if (!ret)
+ ret = write(file, buf, count, &file->f_pos);
+ }
}
}
if (ret > 0)
@@ -338,8 +357,11 @@
if (!file)
goto bad_file;
if (file->f_op && (file->f_mode & FMODE_READ) &&
- (file->f_op->readv || file->f_op->read))
- ret = do_readv_writev(VERIFY_WRITE, file, vector, count);
+ (file->f_op->readv || file->f_op->read)) {
+ ret = security_ops->file_ops->permission (file, MAY_READ);
+ if (!ret)
+ ret = do_readv_writev(VERIFY_WRITE, file, vector, count);
+ }
fput(file);
bad_file:
@@ -358,8 +380,11 @@
if (!file)
goto bad_file;
if (file->f_op && (file->f_mode & FMODE_WRITE) &&
- (file->f_op->writev || file->f_op->write))
- ret = do_readv_writev(VERIFY_READ, file, vector, count);
+ (file->f_op->writev || file->f_op->write)) {
+ ret = security_ops->file_ops->permission (file, MAY_WRITE);
+ if (!ret)
+ ret = do_readv_writev(VERIFY_READ, file, vector, count);
+ }
fput(file);
bad_file:
@@ -392,6 +417,11 @@
goto out;
if (pos < 0)
goto out;
+
+ ret = security_ops->file_ops->permission (file, MAY_READ);
+ if (ret)
+ goto out;
+
ret = read(file, buf, count, &pos);
if (ret > 0)
inode_dir_notify(file->f_dentry->d_parent->d_inode, DN_ACCESS);
@@ -422,6 +452,10 @@
if (!file->f_op || !(write = file->f_op->write))
goto out;
if (pos < 0)
+ goto out;
+
+ ret = security_ops->file_ops->permission (file, MAY_WRITE);
+ if (ret)
goto out;
ret = write(file, buf, count, &pos);
diff --minimal -Nru a/fs/readdir.c b/fs/readdir.c
--- a/fs/readdir.c Tue Feb 12 18:59:50 2002
+++ b/fs/readdir.c Tue Feb 12 18:59:50 2002
@@ -20,6 +20,11 @@
int res = -ENOTDIR;
if (!file->f_op || !file->f_op->readdir)
goto out;
+
+ res = security_ops->file_ops->permission(file, MAY_READ);
+ if (res)
+ goto out;
+
down(&inode->i_sem);
down(&inode->i_zombie);
res = -ENOENT;
diff --minimal -Nru a/fs/stat.c b/fs/stat.c
--- a/fs/stat.c Tue Feb 12 18:59:50 2002
+++ b/fs/stat.c Tue Feb 12 18:59:50 2002
@@ -11,6 +11,7 @@
#include <linux/smp_lock.h>
#include <linux/highuid.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -20,9 +21,14 @@
static __inline__ int
do_revalidate(struct dentry *dentry)
{
+ int error;
struct inode * inode = dentry->d_inode;
- if (inode->i_op && inode->i_op->revalidate)
+ if (inode->i_op && inode->i_op->revalidate) {
+ error = security_ops->inode_ops->revalidate(dentry);
+ if (error)
+ return error;
return inode->i_op->revalidate(dentry);
+ }
return 0;
}
@@ -36,6 +42,10 @@
if (res)
return res;
+ res = security_ops->inode_ops->stat(inode);
+ if (res)
+ return res;
+
stat->dev = kdev_t_to_nr(inode->i_dev);
stat->ino = inode->i_ino;
stat->mode = inode->i_mode;
@@ -267,8 +277,11 @@
error = -EINVAL;
if (inode->i_op && inode->i_op->readlink &&
!(error = do_revalidate(nd.dentry))) {
- UPDATE_ATIME(inode);
- error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
+ error = security_ops->inode_ops->readlink(nd.dentry);
+ if (!error) {
+ UPDATE_ATIME(inode);
+ error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
+ }
}
path_release(&nd);
}
diff --minimal -Nru a/fs/super.c b/fs/super.c
--- a/fs/super.c Tue Feb 12 18:59:50 2002
+++ b/fs/super.c Tue Feb 12 18:59:50 2002
@@ -30,6 +30,8 @@
#include <asm/uaccess.h>
+#include <linux/security.h>
+
#include <linux/kmod.h>
#define __NO_VERSION__
#include <linux/module.h>
@@ -265,6 +267,11 @@
struct super_block *s = kmalloc(sizeof(struct super_block), GFP_USER);
if (s) {
memset(s, 0, sizeof(struct super_block));
+ if (security_ops->sb_ops->alloc_security(s)) {
+ kfree(s);
+ s = NULL;
+ goto out;
+ }
INIT_LIST_HEAD(&s->s_dirty);
INIT_LIST_HEAD(&s->s_locked_inodes);
INIT_LIST_HEAD(&s->s_files);
@@ -280,6 +287,7 @@
sema_init(&s->s_dquot.dqoff_sem, 1);
s->s_maxbytes = MAX_NON_LFS;
}
+out:
return s;
}
@@ -291,6 +299,7 @@
*/
static inline void destroy_super(struct super_block *s)
{
+ security_ops->sb_ops->free_security(s);
kfree(s);
}
diff --minimal -Nru a/fs/xattr.c b/fs/xattr.c
--- a/fs/xattr.c Tue Feb 12 18:59:50 2002
+++ b/fs/xattr.c Tue Feb 12 18:59:50 2002
@@ -82,11 +82,16 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
+ error = security_ops->inode_ops->setxattr(d, kname, kvalue,
+ size, flags);
+ if (error)
+ goto out;
lock_kernel();
error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
unlock_kernel();
}
+out:
xattr_free(kvalue, size);
return error;
}
@@ -153,6 +158,9 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {
+ error = security_ops->inode_ops->getxattr(d, kname);
+ if (error)
+ goto out;
lock_kernel();
error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
unlock_kernel();
@@ -161,6 +169,7 @@
if (kvalue && error > 0)
if (copy_to_user(value, kvalue, size))
error = -EFAULT;
+out:
xattr_free(kvalue, size);
return error;
}
@@ -222,6 +231,9 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
+ error = security_ops->inode_ops->listxattr(d);
+ if (error)
+ goto out;
lock_kernel();
error = d->d_inode->i_op->listxattr(d, klist, size);
unlock_kernel();
@@ -230,6 +242,7 @@
if (klist && error > 0)
if (copy_to_user(list, klist, size))
error = -EFAULT;
+out:
xattr_free(klist, size);
return error;
}
@@ -291,10 +304,14 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->removexattr) {
+ error = security_ops->inode_ops->removexattr(d, kname);
+ if (error)
+ goto out;
lock_kernel();
error = d->d_inode->i_op->removexattr(d, kname);
unlock_kernel();
}
+out:
return error;
}
diff --minimal -Nru a/include/asm-i386/processor.h b/include/asm-i386/processor.h
--- a/include/asm-i386/processor.h Tue Feb 12 18:59:50 2002
+++ b/include/asm-i386/processor.h Tue Feb 12 18:59:50 2002
@@ -435,14 +435,7 @@
/* Copy and release all segment info associated with a VM */
extern void copy_segments(struct task_struct *p, struct mm_struct * mm);
extern void release_segments(struct mm_struct * mm);
-
-/*
- * Return saved PC of a blocked thread.
- */
-static inline unsigned long thread_saved_pc(struct task_struct *tsk)
-{
- return ((unsigned long *)tsk->thread->esp)[3];
-}
+extern unsigned long thread_saved_pc(struct task_struct *tsk);
unsigned long get_wchan(struct task_struct *p);
#define KSTK_EIP(tsk) (((unsigned long *)(4096+(unsigned long)(tsk)->thread_info))[1019])
diff --minimal -Nru a/include/asm-i386/smplock.h b/include/asm-i386/smplock.h
--- a/include/asm-i386/smplock.h Tue Feb 12 18:59:50 2002
+++ b/include/asm-i386/smplock.h Tue Feb 12 18:59:50 2002
@@ -15,7 +15,7 @@
#else
#ifdef CONFIG_PREEMPT
#define kernel_locked() preempt_get_count()
-#define global_irq_holder 0
+#define global_irq_holder 0xFF /* XXX: NO_PROC_ID */
#else
#define kernel_locked() 1
#endif
diff --minimal -Nru a/include/linux/binfmts.h b/include/linux/binfmts.h
--- a/include/linux/binfmts.h Tue Feb 12 18:59:50 2002
+++ b/include/linux/binfmts.h Tue Feb 12 18:59:50 2002
@@ -27,6 +27,7 @@
struct file * file;
int e_uid, e_gid;
kernel_cap_t cap_inheritable, cap_permitted, cap_effective;
+ void *security;
int argc, envc;
char * filename; /* Name of binary */
unsigned long loader, exec;
diff --minimal -Nru a/include/linux/fs.h b/include/linux/fs.h
--- a/include/linux/fs.h Tue Feb 12 18:59:50 2002
+++ b/include/linux/fs.h Tue Feb 12 18:59:50 2002
@@ -70,6 +70,7 @@
#define MAY_EXEC 1
#define MAY_WRITE 2
#define MAY_READ 4
+#define MAY_APPEND 8
#define FMODE_READ 1
#define FMODE_WRITE 2
@@ -450,6 +451,7 @@
atomic_t i_writecount;
unsigned int i_attr_flags;
+ void *i_security;
__u32 i_generation;
union {
/* struct umsdos_inode_info umsdos_i; */
@@ -483,6 +485,7 @@
int pid; /* pid or -pgrp where SIGIO should be sent */
uid_t uid, euid; /* uid/euid of process setting the owner */
int signum; /* posix.1b rt signal to be delivered on IO */
+ void *security;
};
struct file {
@@ -500,6 +503,7 @@
int f_error;
unsigned long f_version;
+ void *f_security;
/* needed for tty driver, and maybe others */
void *private_data;
@@ -581,11 +585,11 @@
#include <linux/fcntl.h>
-extern int fcntl_getlk(unsigned int, struct flock *);
-extern int fcntl_setlk(unsigned int, unsigned int, struct flock *);
+extern int fcntl_getlk(struct file *, struct flock *);
+extern int fcntl_setlk(struct file *, unsigned int, struct flock *);
-extern int fcntl_getlk64(unsigned int, struct flock64 *);
-extern int fcntl_setlk64(unsigned int, unsigned int, struct flock64 *);
+extern int fcntl_getlk64(struct file *, struct flock64 *);
+extern int fcntl_setlk64(struct file *, unsigned int, struct flock64 *);
/* fs/locks.c */
extern void locks_init_lock(struct file_lock *);
@@ -693,6 +697,7 @@
struct semaphore s_lock;
int s_count;
atomic_t s_active;
+ void *s_security;
struct list_head s_dirty; /* dirty inodes */
struct list_head s_locked_inodes;/* inodes being synced */
diff --minimal -Nru a/include/linux/input.h b/include/linux/input.h
--- a/include/linux/input.h Tue Feb 12 18:59:50 2002
+++ b/include/linux/input.h Tue Feb 12 18:59:50 2002
@@ -490,7 +490,7 @@
#define BUS_USB 0x03
#define BUS_HIL 0x04
-#define BUS_ISA 0x10
+/* #define BUS_ISA 0x10 conflicts with sysctl.h */
#define BUS_I8042 0x11
#define BUS_XTKBD 0x12
#define BUS_RS232 0x13
diff --minimal -Nru a/include/linux/ip.h b/include/linux/ip.h
--- a/include/linux/ip.h Tue Feb 12 18:59:50 2002
+++ b/include/linux/ip.h Tue Feb 12 18:59:50 2002
@@ -58,6 +58,7 @@
#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
+#define IPOPT_CIPSO (6 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_RR (7 |IPOPT_CONTROL)
#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY)
diff --minimal -Nru a/include/linux/ipc.h b/include/linux/ipc.h
--- a/include/linux/ipc.h Tue Feb 12 18:59:50 2002
+++ b/include/linux/ipc.h Tue Feb 12 18:59:50 2002
@@ -63,6 +63,7 @@
gid_t cgid;
mode_t mode;
unsigned long seq;
+ void *security;
};
#endif /* __KERNEL__ */
diff --minimal -Nru a/include/linux/msg.h b/include/linux/msg.h
--- a/include/linux/msg.h Tue Feb 12 18:59:50 2002
+++ b/include/linux/msg.h Tue Feb 12 18:59:50 2002
@@ -63,6 +63,36 @@
#ifdef __KERNEL__
+/* one msg_msg structure for each message */
+struct msg_msg {
+ struct list_head m_list;
+ long m_type;
+ int m_ts; /* message text size */
+ struct msg_msgseg* next;
+ void *security;
+ /* the actual message follows immediately */
+};
+
+#define DATALEN_MSG (PAGE_SIZE-sizeof(struct msg_msg))
+#define DATALEN_SEG (PAGE_SIZE-sizeof(struct msg_msgseg))
+
+/* one msq_queue structure for each present queue on the system */
+struct msg_queue {
+ struct kern_ipc_perm q_perm;
+ time_t q_stime; /* last msgsnd time */
+ time_t q_rtime; /* last msgrcv time */
+ time_t q_ctime; /* last change time */
+ unsigned long q_cbytes; /* current number of bytes on queue */
+ unsigned long q_qnum; /* number of messages in queue */
+ unsigned long q_qbytes; /* max number of bytes on queue */
+ pid_t q_lspid; /* pid of last msgsnd */
+ pid_t q_lrpid; /* last receive pid */
+
+ struct list_head q_messages;
+ struct list_head q_receivers;
+ struct list_head q_senders;
+};
+
asmlinkage long sys_msgget (key_t key, int msgflg);
asmlinkage long sys_msgsnd (int msqid, struct msgbuf *msgp, size_t msgsz, int msgflg);
asmlinkage long sys_msgrcv (int msqid, struct msgbuf *msgp, size_t msgsz, long msgtyp, int msgflg);
diff --minimal -Nru a/include/linux/netdevice.h b/include/linux/netdevice.h
--- a/include/linux/netdevice.h Tue Feb 12 18:59:50 2002
+++ b/include/linux/netdevice.h Tue Feb 12 18:59:50 2002
@@ -419,6 +419,7 @@
/* this will get initialized at each interface type init routine */
struct divert_blk *divert;
#endif /* CONFIG_NET_DIVERT */
+ void *security;
};
diff --minimal -Nru a/include/linux/sched.h b/include/linux/sched.h
--- a/include/linux/sched.h Tue Feb 12 18:59:50 2002
+++ b/include/linux/sched.h Tue Feb 12 18:59:50 2002
@@ -339,6 +339,8 @@
void *notifier_data;
sigset_t *notifier_mask;
+ void *security;
+
/* Thread group tracking */
u32 parent_exec_id;
u32 self_exec_id;
@@ -650,7 +652,9 @@
* New privilege checks should use this interface, rather than suser() or
* fsuser(). See include/linux/capability.h for defined capabilities.
*/
-
+/* capable prototype and code moved to security.[hc] */
+#include <linux/security.h>
+#if 0
static inline int capable(int cap)
{
#if 1 /* ok now */
@@ -664,6 +668,7 @@
}
return 0;
}
+#endif /* if 0 */
/*
* Routines for handling mm_structs
diff --minimal -Nru a/include/linux/security.h b/include/linux/security.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/include/linux/security.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1480 @@
+/*
+ * Linux Security plug
+ *
+ * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
+ * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
+ * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
+ * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Due to this file being licensed under the GPL there is controversy over
+ * whether this permits you to write a module that #includes this file
+ * without placing your module under the GPL. Please consult a lawyer for
+ * advice before doing this.
+ *
+ */
+
+#ifndef __LINUX_SECURITY_H
+#define __LINUX_SECURITY_H
+
+#ifdef __KERNEL__
+
+#include <linux/fs.h>
+#include <linux/binfmts.h>
+#include <linux/signal.h>
+#include <linux/resource.h>
+#include <linux/sem.h>
+#include <linux/sysctl.h>
+#include <linux/shm.h>
+#include <linux/msg.h>
+
+
+/*
+ * Values used in the task_security_ops calls
+ */
+/* setuid or setgid, id0 == uid or gid */
+#define LSM_SETID_ID 1
+
+/* setreuid or setregid, id0 == real, id1 == eff */
+#define LSM_SETID_RE 2
+
+/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
+#define LSM_SETID_RES 4
+
+/* setfsuid or setfsgid, id0 == fsuid or fsgid */
+#define LSM_SETID_FS 8
+
+/**
+ * struct binprm_security_ops - Security hooks for program execution operations.
+ * @alloc_security:
+ * Allocate and attach a security structure to the @bprm->security field.
+ * The security field is initialized to NULL when the bprm structure is
+ * allocated.
+ * @bprm contains the linux_binprm structure to be modified.
+ * Return 0 if operation was successful.
+ * @free_security:
+ * @bprm contains the linux_binprm structure to be modified.
+ * Deallocate and clear the @bprm->security field.
+ * @compute_creds:
+ * Compute and set the security attributes of a process being transformed
+ * by an execve operation based on the old attributes (current->security)
+ * and the information saved in @bprm->security by the set_security hook.
+ * Since this hook function (and its caller) are void, this hook can not
+ * return an error. However, it can leave the security attributes of the
+ * process unchanged if an access failure occurs at this point. It can
+ * also perform other state changes on the process (e.g. closing open
+ * file descriptors to which access is no longer granted if the attributes
+ * were changed).
+ * @bprm contains the linux_binprm structure.
+ * @set_security:
+ * Save security information in the bprm->security field, typically based
+ * on information about the bprm->file, for later use by the compute_creds
+ * hook. This hook may also optionally check permissions (e.g. for
+ * transitions between security domains).
+ * This hook may be called multiple times during a single execve, e.g. for
+ * interpreters. The hook can tell whether it has already been called by
+ * checking to see if @bprm->security is non-NULL. If so, then the hook
+ * may decide either to retain the security information saved earlier or
+ * to replace it.
+ * @bprm contains the linux_binprm structure.
+ * Return 0 if the hook is successful and permission is granted.
+ *
+ * These are the security hooks for program execution operations.
+ */
+struct binprm_security_ops {
+ int (*alloc_security) (struct linux_binprm *bprm);
+ void (*free_security) (struct linux_binprm *bprm);
+ void (*compute_creds) (struct linux_binprm *bprm);
+ int (*set_security) (struct linux_binprm *bprm);
+};
+
+/**
+ * struct super_block_security_ops - Security hooks for filesystem operations.
+ * @alloc_security:
+ * Allocate and attach a security structure to the sb->s_security field.
+ * The s_security field is initialized to NULL when the structure is
+ * allocated.
+ * @sb contains the super_block structure to be modified.
+ * Return 0 if operation was successful.
+ * @free_security:
+ * Deallocate and clear the sb->s_security field.
+ * @sb contains the super_block structure to be modified.
+ * @statfs:
+ * Check permission before obtaining filesystem statistics for the @sb
+ * filesystem.
+ * @sb contains the super_block structure for the filesystem.
+ * Return 0 if permission is granted.
+ * @mount:
+ * Check permission before an object specified by @dev_name is mounted on
+ * the mount point named by @nd. For an ordinary mount, @dev_name
+ * identifies a device if the file system type requires a device. For a
+ * remount (@flags & MS_REMOUNT), @dev_name is irrelevant. For a
+ * loopback/bind mount (@flags & MS_BIND), @dev_name identifies the
+ * pathname of the object being mounted.
+ * @dev_name contains the name for object being mounted.
+ * @nd contains the nameidata structure for mount point object.
+ * @type contains the filesystem type.
+ * @flags contains the mount flags.
+ * @data contains the filesystem-specific data.
+ * Return 0 if permission is granted.
+ * @check_sb:
+ * Check permission before the device with superblock @mnt->sb is mounted
+ * on the mount point named by @nd.
+ * @mnt contains the vfsmount for device being mounted.
+ * @nd contains the nameidata object for the mount point.
+ * Return 0 if permission is granted.
+ * @umount:
+ * Check permission before the @mnt file system is unmounted.
+ * @mnt contains the mounted file system.
+ * @flags contains the unmount flags, e.g. MNT_FORCE.
+ * Return 0 if permission is granted.
+ * @umount_close:
+ * Close any files in the @mnt mounted filesystem that are held open by
+ * the security module. This hook is called during an umount operation
+ * prior to checking whether the filesystem is still busy.
+ * @mnt contains the mounted filesystem.
+ * @umount_busy:
+ * Handle a failed umount of the @mnt mounted filesystem, e.g. re-opening
+ * any files that were closed by umount_close. This hook is called during
+ * an umount operation if the umount fails after a call to the
+ * umount_close hook.
+ * @mnt contains the mounted filesystem.
+ * @post_remount:
+ * Update the security module's state when a filesystem is remounted.
+ * This hook is only called if the remount was successful.
+ * @mnt contains the mounted file system.
+ * @flags contains the new filesystem flags.
+ * @data contains the filesystem-specific data.
+ * @post_mountroot:
+ * Update the security module's state when the root filesystem is mounted.
+ * This hook is only called if the mount was successful.
+ * @post_addmount:
+ * Update the security module's state when a filesystem is mounted.
+ * This hook is called any time a mount is successfully grafetd to
+ * the tree.
+ * @mnt contains the mounted filesystem.
+ * @mountpoint_nd contains the nameidata structure for the mount point.
+ *
+ * These are the security hooks for filesystem operations.
+ */
+struct super_block_security_ops {
+ int (*alloc_security) (struct super_block *sb);
+ void (*free_security) (struct super_block *sb);
+ int (*statfs) (struct super_block *sb);
+ int (*mount) (char * dev_name, struct nameidata *nd, char * type,
+ unsigned long flags, void * data);
+ int (*check_sb) (struct vfsmount *mnt, struct nameidata *nd);
+ int (*umount) (struct vfsmount *mnt, int flags);
+ void (*umount_close) (struct vfsmount *mnt);
+ void (*umount_busy) (struct vfsmount *mnt);
+ void (*post_remount) (struct vfsmount *mnt, unsigned long flags,
+ void *data);
+ void (*post_mountroot) (void);
+ void (*post_addmount) (struct vfsmount *mnt, struct nameidata
+ *mountpoint_nd);
+};
+
+/**
+ * struct inode_security_ops - Security hooks for inode operations.
+ * @alloc_security:
+ * Allocate and attach a security structure to @inode->i_security. The
+ * i_security field is initialized to NULL when the inode structure is
+ * allocated.
+ * @inode contains the inode structure.
+ * Return 0 if operation was successful.
+ * @free_security:
+ * @inode contains the inode structure.
+ * Deallocate the inode security structure and set @inode->i_security to
+ * NULL.
+ * @create:
+ * Check permission to create a regular file.
+ * @dir contains inode structure of the parent of the new file.
+ * @dentry contains the dentry structure for the file to be created.
+ * @mode contains the file mode of the file to be created.
+ * Return 0 if permission is granted.
+ * @post_create:
+ * Set the security attributes on a newly created regular file. This hook
+ * is called after a file has been successfully created.
+ * @dir contains the inode structure of the parent directory of the new file.
+ * @dentry contains the the dentry structure for the newly created file.
+ * @mode contains the file mode.
+ * @link:
+ * Check permission before creating a new hard link to a file.
+ * @old_dentry contains the dentry structure for an existing link to the file.
+ * @dir contains the inode structure of the parent directory of the new link.
+ * @new_dentry contains the dentry structure for the new link.
+ * Return 0 if permission is granted.
+ * @post_link:
+ * Set security attributes for a new hard link to a file.
+ * @old_dentry contains the dentry structure for the existing link.
+ * @dir contains the inode structure of the parent directory of the new file.
+ * @new_dentry contains the dentry structure for the new file link.
+ * @unlink:
+ * Check the permission to remove a hard link to a file.
+ * @dir contains the inode structure of parent directory of the file.
+ * @dentry contains the dentry structure for file to be unlinked.
+ * Return 0 if permission is granted.
+ * @symlink:
+ * Check the permission to create a symbolic link to a file.
+ * @dir contains the inode structure of parent directory of the symbolic link.
+ * @dentry contains the dentry structure of the symbolic link.
+ * @old_name contains the pathname of file.
+ * Return 0 if permission is granted.
+ * @post_symlink:
+ * @dir contains the inode structure of the parent directory of the new link.
+ * @dentry contains the dentry structure of new symbolic link.
+ * @old_name contains the pathname of file.
+ * Set security attributes for a newly created symbolic link. Note that
+ * @dentry->d_inode may be NULL, since the filesystem might not
+ * instantiate the dentry (e.g. NFS).
+ * @mkdir:
+ * Check permissions to create a new directory in the existing directory
+ * associated with inode strcture @dir.
+ * @dir containst the inode structure of parent of the directory to be created.
+ * @dentry contains the dentry structure of new directory.
+ * @mode contains the mode of new directory.
+ * Return 0 if permission is granted.
+ * @post_mkdir:
+ * Set security attributes on a newly created directory.
+ * @dir contains the inode structure of parent of the directory to be created.
+ * @dentry contains the dentry structure of new directory.
+ * @mode contains the mode of new directory.
+ * @rmdir:
+ * Check the permission to remove a directory.
+ * @dir contains the inode structure of parent of the directory to be removed.
+ * @dentry contains the dentry structure of directory to be removed.
+ * Return 0 if permission is granted.
+ * @mknod:
+ * Check permissions when creating a special file (or a socket or a fifo
+ * file created via the mknod system call). Note that if mknod operation
+ * is being done for a regular file, then the create hook will be called
+ * and not this hook.
+ * @dir contains the inode structure of parent of the new file.
+ * @dentry contains the dentry structure of the new file.
+ * @mode contains the mode of the new file.
+ * @dev contains the the device number.
+ * Return 0 if permission is granted.
+ * @post_mknod:
+ * Set security attributes on a newly created special file (or socket or
+ * fifo file created via the mknod system call).
+ * @dir contains the inode structure of parent of the new node.
+ * @dentry contains the dentry structure of the new node.
+ * @mode contains the mode of the new node.
+ * @dev contains the the device number.
+ * @rename:
+ * Check for permission to rename a file or directory.
+ * @old_dir contains the inode structure for parent of the old link.
+ * @old_dentry contains the dentry structure of the old link.
+ * @new_dir contains the inode structure for parent of the new link.
+ * @new_dentry contains the dentry structure of the new link.
+ * Return 0 if permission is granted.
+ * @post_rename:
+ * Set security attributes on a renamed file or directory.
+ * @old_dir contains the inode structure for parent of the old link.
+ * @old_dentry contains the dentry structure of the old link.
+ * @new_dir contains the inode structure for parent of the new link.
+ * @new_dentry contains the dentry structure of the new link.
+ * @readlink:
+ * Check the permission to read the symbolic link.
+ * @dentry contains the dentry structure for the file link.
+ * Return 0 if permission is granted.
+ * @follow_link:
+ * Check permission to follow a symbolic link when looking up a pathname.
+ * @dentry contains the dentry structure for the link.
+ * @nd contains the nameidata structure for the parent directory.
+ * Return 0 if permission is granted.
+ * @permission:
+ * Check permission before accessing an inode. This hook is called by the
+ * existing Linux permission function, so a security module can use it to
+ * provide additional checking for existing Linux permission checks.
+ * Notice that this hook is called when a file is opened (as well as many
+ * other operations), whereas the file_security_ops permission hook is
+ * called when the actual read/write operations are performed.
+ * @inode contains the inode structure to check.
+ * @mask contains the permission mask.
+ * Return 0 if permission is granted.
+ * @revalidate:
+ * Revalidate the inode attributes. This hook can be used by a security
+ * module to revalidate the attributes stored in the i_security field to
+ * maintain consistency when the file is remote.
+ * @dentry contains the dentry structure associated with the inode.
+ * Return 0 if successful.
+ * @setattr:
+ * Check permission before setting file attributes. Note that the kernel
+ * call to notify_change is performed from several locations, whenever
+ * file attributes change (such as when a file is truncated, chown/chmod
+ * operations, transferring disk quotas, etc).
+ * @dentry contains the dentry structure for the file.
+ * @attr is the iattr structure containing the new file attributes.
+ * Return 0 if permission is granted.
+ * @stat:
+ * Check permission before obtaining file attributes.
+ * @inode contains the inode structure for the file.
+ * Return 0 if permission is granted.
+ * @post_lookup:
+ * Set the security attributes for a file after it has been looked up.
+ * @inode contains the inode structure for parent directory.
+ * @d contains the dentry structure for the file.
+ * @delete:
+ * @inode contains the inode structure for deleted inode.
+ * This hook is called when a deleted inode is released (i.e. an inode
+ * with no hard links has its use count drop to zero). A security module
+ * can use this hook to release any persistent label associated with the
+ * inode.
+ * @setxattr:
+ * Check permission before setting the extended attributes
+ * @value identified by @name for @dentry.
+ * Return 0 if permission is granted.
+ * @getxattr:
+ * Check permission before obtaining the extended attributes
+ * identified by @name for @dentry.
+ * Return 0 if permission is granted.
+ * @listxattr:
+ * Check permission before obtaining the list of extended attribute
+ * names for @dentry.
+ * Return 0 if permission is granted.
+ * @removexattr:
+ * Check permission before removing the extended attribute
+ * identified by @name for @dentry.
+ * Return 0 if permission is granted.
+ *
+ * These are the security hooks for inode operations.
+ */
+struct inode_security_ops {
+ int (*alloc_security) (struct inode *inode);
+ void (*free_security) (struct inode *inode);
+ int (*create) (struct inode *dir, struct dentry *dentry, int mode);
+ void (*post_create) (struct inode *dir, struct dentry *dentry,
+ int mode);
+ int (*link) (struct dentry *old_dentry, struct inode *dir,
+ struct dentry *new_dentry);
+ void (*post_link) (struct dentry *old_dentry, struct inode *dir,
+ struct dentry *new_dentry);
+ int (*unlink) (struct inode *dir, struct dentry *dentry);
+ int (*symlink) (struct inode *dir, struct dentry *dentry,
+ const char *old_name);
+ void (*post_symlink) (struct inode *dir, struct dentry *dentry,
+ const char *old_name);
+ int (*mkdir) (struct inode *dir, struct dentry *dentry, int mode);
+ void (*post_mkdir) (struct inode *dir, struct dentry *dentry,
+ int mode);
+ int (*rmdir) (struct inode *dir, struct dentry *dentry);
+ int (*mknod) (struct inode *dir, struct dentry *dentry, int mode,
+ dev_t dev);
+ void (*post_mknod) (struct inode *dir, struct dentry *dentry,
+ int mode, dev_t dev);
+ int (*rename) (struct inode *old_dir, struct dentry *old_dentry,
+ struct inode *new_dir, struct dentry *new_dentry);
+ void (*post_rename) (struct inode *old_dir, struct dentry *old_dentry,
+ struct inode *new_dir, struct dentry *new_dentry);
+ int (*readlink) (struct dentry *dentry);
+ int (*follow_link) (struct dentry *dentry, struct nameidata *nd);
+ int (*permission) (struct inode *inode, int mask);
+ int (*revalidate) (struct dentry *dentry);
+ int (*setattr) (struct dentry *dentry, struct iattr *attr);
+ int (*stat) (struct inode *inode);
+ void (*post_lookup) (struct inode *inode, struct dentry *d);
+ void (*delete) (struct inode *inode);
+ int (*setxattr) (struct dentry *dentry, char *name, void *value,
+ size_t size, int flags);
+ int (*getxattr) (struct dentry *dentry, char *name);
+ int (*listxattr) (struct dentry *dentry);
+ int (*removexattr) (struct dentry *dentry, char *name);
+};
+
+/**
+ * struct file_security_ops - Security hooks for file operations
+ * @permission:
+ * Check file permissions before accessing an open file. This hook is
+ * called by various operations that read or write files. A security
+ * module can use this hook to perform additional checking on these
+ * operations, e.g. to revalidate permissions on use to support privilege
+ * bracketing or policy changes. Notice that this hook is used when the
+ * actual read/write operations are performed, whereas the
+ * inode_security_ops hook is called when a file is opened (as well as
+ * many other operations).
+ * Caveat: Although this hook can be used to revalidate permissions for
+ * various system call operations that read or write files, it does not
+ * address the revalidation of permissions for memory-mapped files.
+ * Security modules must handle this separately if they need such
+ * revalidation.
+ * @file contains the file structure being accessed.
+ * @mask contains the requested permissions.
+ * Return 0 if permission is granted.
+ * @alloc_security:
+ * Allocate and attach a security structure to the file->f_security field.
+ * The security field is initialized to NULL when the structure is first
+ * created.
+ * @file contains the file structure to secure.
+ * Return 0 if the hook is successful and permission is granted.
+ * @free_security:
+ * Deallocate and free any security structures stored in file->f_security.
+ * @file contains the file structure being modified.
+ * @llseek:
+ * Check permission before re-positioning the file offset in @file.
+ * @file contains the file structure being modified.
+ * Return 0 if permission is granted.
+ * @ioctl:
+ * @file contains the file structure.
+ * @cmd contains the operation to perform.
+ * @arg contains the operational arguments.
+ * Check permission for an ioctl operation on @file. Note that @arg can
+ * sometimes represents a user space pointer; in other cases, it may be a
+ * simple integer value. When @arg represents a user space pointer, it
+ * should never be used by the security module.
+ * Return 0 if permission is granted.
+ * @mmap :
+ * Check permissions for a mmap operation. The @file may be NULL, e.g.
+ * if mapping anonymous memory.
+ * @file contains the file structure for file to map (may be NULL).
+ * @prot contains the requested permissions.
+ * @flags contains the operational flags.
+ * Return 0 if permission is granted.
+ * @mprotect:
+ * Check permissions before changing memory access permissions.
+ * @vma contains the memory region to modify.
+ * @prot contains the requested permissions.
+ * Return 0 if permission is granted.
+ * @lock:
+ * Check permission before performing file locking operations.
+ * Note: this hook mediates both flock and fcntl style locks.
+ * @file contains the file structure.
+ * @cmd contains the posix-translated lock operation to perform
+ * (e.g. F_RDLCK, F_WRLCK).
+ * @blocking indicates if the request is for a blocking lock.
+ * Return 0 if permission is granted.
+ * @fcntl:
+ * Check permission before allowing the file operation specified by @cmd
+ * from being performed on the file @file. Note that @arg can sometimes
+ * represents a user space pointer; in other cases, it may be a simple
+ * integer value. When @arg represents a user space pointer, it should
+ * never be used by the security module.
+ * @file contains the file structure.
+ * @cmd contains the operation to be performed.
+ * @arg contains the operational arguments.
+ * Return 0 if permission is granted.
+ * @set_fowner:
+ * Save owner security information (typically from current->security) in
+ * file->f_security for later use by the send_sigiotask hook.
+ * @file contains the file structure to update.
+ * Return 0 on success.
+ * @send_sigiotask:
+ * Check permission for the file owner @fown to send SIGIO to the process
+ * @tsk. Note that this hook is always called from interrupt. Note that
+ * the fown_struct, @fown, is never outside the context of a struct file,
+ * so the file structure (and associated security information) can always
+ * be obtained:
+ * (struct file *)((long)fown - offsetof(struct file,f_owner));
+ * @tsk contains the structure of task receiving signal.
+ * @fown contains the file owner information.
+ * @fd contains the file descriptor.
+ * @reason contains the operational flags.
+ * Return 0 if permission is granted.
+ * @receive:
+ * This hook allows security modules to control the ability of a process
+ * to receive an open file descriptor via socket IPC.
+ * @file contains the file structure being received.
+ * Return 0 if permission is granted.
+ *
+ * These are the security hooks for file operations.
+ */
+struct file_security_ops {
+ int (*permission) (struct file * file, int mask);
+ int (*alloc_security) (struct file * file);
+ void (*free_security) (struct file * file);
+ int (*llseek) (struct file * file);
+ int (*ioctl) (struct file * file, unsigned int cmd, unsigned long arg);
+ int (*mmap) (struct file * file, unsigned long prot,
+ unsigned long flags);
+ int (*mprotect) (struct vm_area_struct * vma, unsigned long prot);
+ int (*lock) (struct file * file, unsigned int cmd, int blocking);
+ int (*fcntl) (struct file * file, unsigned int cmd, unsigned long arg);
+ int (*set_fowner) (struct file * file);
+ int (*send_sigiotask) (struct task_struct * tsk,
+ struct fown_struct * fown, int fd, int reason);
+ int (*receive) (struct file * file);
+};
+
+struct sched_param;
+/**
+ * struct task_security_ops - Security hooks for task operations.
+ * @create:
+ * Check permission before creating a child process. See the clone(2)
+ * manual page for definitions of the @clone_flags.
+ * @clone_flags contains the flags indicating what should be shared.
+ * Return 0 if permission is granted.
+ * @alloc_security:
+ * @p contains the task_struct for child process.
+ * Allocate and attach a security structure to the p->security field. The
+ * security field is initialized to NULL when the task structure is
+ * allocated.
+ * Return 0 if operation was successful.
+ * @free_security:
+ * @p contains the task_struct for process.
+ * Deallocate and clear the p->security field.
+ * @setuid:
+ * Check permission before setting one or more of the user identity
+ * attributes of the current process. The @flags parameter indicates
+ * which of the set*uid system calls invoked this hook and how to
+ * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID
+ * definitions at the beginning of this file for the @flags values and
+ * their meanings.
+ * @id0 contains a uid.
+ * @id1 contains a uid.
+ * @id2 contains a uid.
+ * @flags contains one of the LSM_SETID_* values.
+ * Return 0 if permission is granted.
+ * @post_setuid:
+ * Update the module's state after setting one or more of the user
+ * identity attributes of the current process. The @flags parameter
+ * indicates which of the set*uid system calls invoked this hook. If
+ * @flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other
+ * parameters are not used.
+ * @old_ruid contains the old real uid (or fs uid if LSM_SETID_FS).
+ * @old_euid contains the old effective uid (or -1 if LSM_SETID_FS).
+ * @old_suid contains the old saved uid (or -1 if LSM_SETID_FS).
+ * @flags contains one of the LSM_SETID_* values.
+ * Return 0 on success.
+ * @setgid:
+ * Check permission before setting one or more of the group identity
+ * attributes of the current process. The @flags parameter indicates
+ * which of the set*gid system calls invoked this hook and how to
+ * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID
+ * definitions at the beginning of this file for the @flags values and
+ * their meanings.
+ * @id0 contains a gid.
+ * @id1 contains a gid.
+ * @id2 contains a gid.
+ * @flags contains one of the LSM_SETID_* values.
+ * Return 0 if permission is granted.
+ * @setpgid:
+ * Check permission before setting the process group identifier of the
+ * process @p to @pgid.
+ * @p contains the task_struct for process being modified.
+ * @pgid contains the new pgid.
+ * Return 0 if permission is granted.
+ * @getpgid:
+ * Check permission before getting the process group identifier of the
+ * process @p.
+ * @p contains the task_struct for the process.
+ * Return 0 if permission is granted.
+ * @getsid:
+ * Check permission before getting the session identifier of the process
+ * @p.
+ * @p contains the task_struct for the process.
+ * Return 0 if permission is granted.
+ * @setgroups:
+ * Check permission before setting the supplementary group set of the
+ * current process to @grouplist.
+ * @gidsetsize contains the number of elements in @grouplist.
+ * @grouplist contains the array of gids.
+ * Return 0 if permission is granted.
+ * @setnice:
+ * Check permission before setting the nice value of @p to @nice.
+ * @p contains the task_struct of process.
+ * @nice contains the new nice value.
+ * Return 0 if permission is granted.
+ * @setrlimit:
+ * Check permission before setting the resource limits of the current
+ * process for @resource to @new_rlim. The old resource limit values can
+ * be examined by dereferencing (current->rlim + resource).
+ * @resource contains the resource whose limit is being set.
+ * @new_rlim contains the new limits for @resource.
+ * Return 0 if permission is granted.
+ * @setscheduler:
+ * Check permission before setting scheduling policy and/or parameters of
+ * process @p based on @policy and @lp.
+ * @p contains the task_struct for process.
+ * @policy contains the scheduling policy.
+ * @lp contains the scheduling parameters.
+ * Return 0 if permission is granted.
+ * @getscheduler:
+ * Check permission before obtaining scheduling information for process
+ * @p.
+ * @p contains the task_struct for process.
+ * Return 0 if permission is granted.
+ * @kill:
+ * Check permission before sending signal @sig to @p. @info can be NULL,
+ * the constant 1, or a pointer to a siginfo structure. If @info is 1 or
+ * SI_FROMKERNEL(info) is true, then the signal should be viewed as coming
+ * from the kernel and should typically be permitted.
+ * SIGIO signals are handled separately by the send_sigiotask hook in
+ * file_security_ops.
+ * @p contains the task_struct for process.
+ * @info contains the signal information.
+ * @sig contains the signal value.
+ * Return 0 if permission is granted.
+ * @wait:
+ * Check permission before allowing a process to reap a child process @p
+ * and collect its status information.
+ * @p contains the task_struct for process.
+ * Return 0 if permission is granted.
+ * @prctl:
+ * Check permission before performing a process control operation on the
+ * current process.
+ * @option contains the operation.
+ * @arg2 contains a argument.
+ * @arg3 contains a argument.
+ * @arg4 contains a argument.
+ * @arg5 contains a argument.
+ * Return 0 if permission is granted.
+ * @kmod_set_label:
+ * Set the security attributes in current->security for the kernel module
+ * loader thread, so that it has the permissions needed to perform its
+ * function.
+ *
+ * These are the security hooks for task operations.
+ */
+struct task_security_ops {
+ int (*create) (unsigned long clone_flags);
+ int (*alloc_security) (struct task_struct *p);
+ void (*free_security) (struct task_struct *p);
+ int (*setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
+ int (*post_setuid) (uid_t old_ruid/* or fsuid */, uid_t old_euid,
+ uid_t old_suid, int flags);
+ int (*setgid) (gid_t id0, gid_t id1, gid_t id2, int flags);
+ int (*setpgid) (struct task_struct *p, pid_t pgid);
+ int (*getpgid) (struct task_struct *p);
+ int (*getsid) (struct task_struct *p);
+ int (*setgroups) (int gidsetsize, gid_t *grouplist);
+ int (*setnice) (struct task_struct *p, int nice);
+ int (*setrlimit) (unsigned int resource, struct rlimit *new_rlim);
+ int (*setscheduler) (struct task_struct *p, int policy,
+ struct sched_param *lp);
+ int (*getscheduler) (struct task_struct *p);
+ int (*kill) (struct task_struct *p, struct siginfo *info, int sig);
+ int (*wait) (struct task_struct *p);
+ int (*prctl) (int option, unsigned long arg2, unsigned long arg3,
+ unsigned long arg4, unsigned long arg5);
+ void (*kmod_set_label) (void);
+};
+
+struct sk_buff;
+/**
+ * struct socket_security_ops - Security hooks for socket operations.
+ * @create:
+ * Check permissions prior to creating a new socket.
+ * @family contains the requested protocol family.
+ * @type contains the requested communications type.
+ * @protocol contains the requested protocol.
+ * Return 0 if permission is granted.
+ * @post_create:
+ * This hook allows a module to update or allocate a per-socket security
+ * structure. Note that the security field was not added directly to the
+ * socket structure, but rather, the socket security information is stored
+ * in the associated inode. Typically, the inode alloc_security hook will
+ * allocate and and attach security information to
+ * sock->inode->i_security. This hook may be used to update the
+ * sock->inode->i_security field with additional information that wasn't
+ * available when the inode was allocated.
+ * @sock contains the newly created socket structure.
+ * @family contains the requested protocol family.
+ * @type contains the requested communications type.
+ * @protocol contains the requested protocol.
+ * @bind:
+ * Check permission before socket protocol layer bind operation is
+ * performed and the socket @sock is bound to the address specified in the
+ * @address parameter.
+ * @sock contains the socket structure.
+ * @address contains the address to bind to.
+ * @addrlen contains the length of address.
+ * Return 0 if permission is granted.
+ * @connect:
+ * Check permission before socket protocol layer connect operation
+ * attempts to connect socket @sock to a remote address, @address.
+ * @sock contains the socket structure.
+ * @address contains the address of remote endpoint.
+ * @addrlen contains the length of address.
+ * Return 0 if permission is granted.
+ * @listen:
+ * Check permission before socket protocol layer listen operation.
+ * @sock contains the socket structure.
+ * @backlog contains the maximum length for the pending connection queue.
+ * Return 0 if permission is granted.
+ * @accept:
+ * Check permission before accepting a new connection. Note that the new
+ * socket, @newsock, has been created and some information copied to it,
+ * but the accept operation has not actually been performed. This hook
+ * also allows a security module to copy security information into the
+ * newly created socket's inode.
+ * @sock contains the listening socket structure.
+ * @newsock contains the newly created server socket for connection.
+ * Return 0 if permission is granted.
+ * @sendmsg:
+ * Check permission before transmitting a message to another socket.
+ * @sock contains the socket structure.
+ * @msg contains the message to be transmitted.
+ * @size contains the size of message.
+ * Return 0 if permission is granted.
+ * @recvmsg:
+ * Check permission before receiving a message from a socket.
+ * @sock contains the socket structure.
+ * @msg contains the message structure.
+ * @size contains the size of message structure.
+ * @flags contains the operational flags.
+ * Return 0 if permission is granted.
+ * @getsockname:
+ * Check permission before the local address (name) of the socket object
+ * @sock is retrieved.
+ * @sock contains the socket structure.
+ * Return 0 if permission is granted.
+ * @getpeername:
+ * Check permission before the remote address (name) of a socket object
+ * @sock is retrieved.
+ * @sock contains the socket structure.
+ * Return 0 if permission is granted.
+ * @getsockopt:
+ * Check permissions before retrieving the options associated with socket
+ * @sock.
+ * @sock contains the socket structure.
+ * @level contains the protocol level to retrieve option from.
+ * @optname contains the name of option to retrieve.
+ * Return 0 if permission is granted.
+ * @setsockopt:
+ * Check permissions before setting the options associated with socket
+ * @sock.
+ * @sock contains the socket structure.
+ * @level contains the protocol level to set options for.
+ * @optname contains the name of the option to set.
+ * Return 0 if permission is granted.
+ * @shutdown:
+ * Checks permission before all or part of a connection on the socket
+ * @sock is shut down.
+ * @sock contains the socket structure.
+ * @how contains the flag indicating how future sends and receives are handled.
+ * Return 0 if permission is granted.
+ * @sock_rcv_skb:
+ * Check permissions on incoming network packets. This hook is distinct
+ * from the network input hooks of ip_security_ops since it is the first
+ * time that the incoming sk_buff @skb has been associated with a
+ * particular socket, @sk. Security modules should not try to dereference
+ * @sk->socket if the socket is in a time wait state
+ * (@sk->state == TCP_TIME_WAIT), since the @sk refers to a tcp_tw_bucket
+ * structure in that case. Also, even if the socket is not in this state,
+ * @sk->socket may be NULL, e.g. a newly created server socket for a
+ * connection that has not yet been accepted by a process.
+ * @sk contains the sock (not socket) associated with the incoming sk_buff.
+ * @skb contains the incoming network data.
+ * Return 0 if permission is granted.
+ * @unix_stream_connect:
+ * Check permissions before establishing a Unix domain stream connection
+ * between @sock and @other.
+ * @sock contains the socket structure.
+ * @other contains the peer socket structure.
+ * Return 0 if permission is granted.
+ * @unix_may_send:
+ * Check permissions before connecting or sending datagrams from @sock to
+ * @other.
+ * @sock contains the socket structure.
+ * @sock contains the peer socket structure.
+ * Return 0 if permission is granted.
+ *
+ * These are the security hooks for socket operations.
+ *
+ * The @unix_stream_connect and @unix_may_send hooks were necessary because
+ * Linux provides an alternative to the conventional file name space for Unix
+ * domain sockets. Whereas binding and connecting to sockets in the file name
+ * space is mediated by the typical file permissions (and caught by the mknod
+ * and permission hooks in inode_security_ops), binding and connecting to
+ * sockets in the abstract name space is completely unmediated. Sufficient
+ * control of Unix domain sockets in the abstract name space isn't possible
+ * using only the socket layer hooks, since we need to know the actual target
+ * socket, which is not looked up until we are inside the af_unix code.
+ */
+struct socket_security_ops {
+ int (*create) (int family, int type, int protocol);
+ void (*post_create) (struct socket * sock, int family, int type,
+ int protocol);
+ int (*bind) (struct socket * sock, struct sockaddr * address,
+ int addrlen);
+ int (*connect) (struct socket * sock, struct sockaddr * address,
+ int addrlen);
+ int (*listen) (struct socket * sock, int backlog);
+ int (*accept) (struct socket * sock, struct socket * newsock);
+ int (*sendmsg) (struct socket * sock, struct msghdr * msg, int size);
+ int (*recvmsg) (struct socket * sock, struct msghdr * msg, int size,
+ int flags);
+ int (*getsockname) (struct socket * sock);
+ int (*getpeername) (struct socket * sock);
+ int (*getsockopt) (struct socket * sock, int level, int optname);
+ int (*setsockopt) (struct socket * sock, int level, int optname);
+ int (*shutdown) (struct socket * sock, int how);
+ int (*sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
+ int (*unix_stream_connect) (struct socket * sock,
+ struct socket * other);
+ int (*unix_may_send) (struct socket * sock, struct socket * other);
+};
+
+/**
+ * struct skb_security_ops - Lifecycle hooks for network buffers.
+ * @alloc_security:
+ * This hook is called by the &sk_buff allocator when a new buffer is
+ * being allocated. An LSM module may allocate and assign a new security
+ * blob for the &sk_buff via this hook.
+ * @skb contains the buffer being allocated.
+ * Return 0 if successful, or -ENOMEM on out of memory condition.
+ * @clone:
+ * This hook is called when an &sk_buff is being cloned, and may be used,
+ * for example, to increment a reference count on the associated security
+ * blob. The security blob in the @newskb will not have been allocated.
+ * @newskb contains the newly cloned buffer.
+ * @oldskb contains the buffer being cloned.
+ * Returns 0 on success -ENOMEM on failure.
+ * @copy:
+ * This hook is called when an &sk_buff header is being copied, which
+ * occurs during the skb_copy() and pskb_copy() functions in
+ * <net/core/skbuff.c>
+ * @newskb contains the newly copied buffer.
+ * @oldskb contains the buffer being copied.
+ * @set_owner_w:
+ * This hook is called when the ownership of an &sk_buff is being assigned
+ * to a sending socket. Typically, this would be used to copy security
+ * attributes from the sending socket to the &sk_buff.
+ * @skb contains the buffer being owned.
+ * @sk contains sock to which ownership is being assigned.
+ * @free_security:
+ * This hook is called when an &sk_buff is being destroyed, and should be
+ * used to free any associated security blob.
+ * @skb contains the buffer being destroyed.
+ *
+ * These are the lifecycle hooks for network buffers. They are used to help
+ * manage the lifecycle of security blobs for &sk_buff structures, and are not
+ * intended to be used for access decisions.
+ */
+struct skb_security_ops {
+ int (*alloc_security) (struct sk_buff *skb);
+ int (*clone) (struct sk_buff *newskb, const struct sk_buff *oldskb);
+ void (*copy) (struct sk_buff *newskb, const struct sk_buff *oldskb);
+ void (*set_owner_w) (struct sk_buff *skb, struct sock *sk);
+ void (*free_security) (struct sk_buff *skb);
+};
+
+struct net_device;
+typedef unsigned int (*ip_opfn)(unsigned int hooknum, struct sk_buff **skb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *));
+/**
+ * struct ip_security_ops - IPv4 networking hooks.
+ * @preroute_first:
+ * Hooks declared with the &ip_opfn function pointer make use of the
+ * Netfilter API for intercepting packets as they traverse the IP layer.
+ * Each Netfilter hook is grabbed twice, before and after packets are
+ * passed through the standard iptables-based packet filtering and
+ * mangling mechanisms.
+ * Parameters for these hooks are as follows;
+ * @hooknum contains the hook the packet arrived on.
+ * @skb contains the &sk_buff containing the packet.
+ * @in contains the incoming netdevice associated with the packet.
+ * @out contains the outgoing netdevice associated with the packet.
+ * @okfn contains the used internally by Netfilter.
+ * These hooks may return NF_ACCEPT to allow the packet through and
+ * NF_DROP to drop the packet.
+ * Further information on the Netfilter API may be found in the Netfilter
+ * Hacking HOWTO at http://netfilter.samba.org/
+ * @preroute_last:
+ * Netfilter API, see @preroute_first for more information.
+ * @input_first:
+ * Netfilter API, see @preroute_first for more information.
+ * @input_last:
+ * Netfilter API, see @preroute_first for more information.
+ * @forward_first:
+ * Netfilter API, see @preroute_first for more information.
+ * @forward_last:
+ * Netfilter API, see @preroute_first for more information.
+ * @output_first:
+ * Netfilter API, see @preroute_first for more information.
+ * @output_last:
+ * Netfilter API, see @preroute_first for more information.
+ * @postroute_first:
+ * Netfilter API, see @preroute_first for more information.
+ * @postroute_last:
+ * Netfilter API, see @preroute_first for more information.
+ * @fragment:
+ * This is called for each fragment generated when an outgoing packet is
+ * being fragmented, and may be used to copy security attributes from the
+ * original packet to each fragment.
+ * @newskb contains the newly created fragment.
+ * @oldskb contains the original packet being fragmented.
+ * @defragment:
+ * This hook is called when an incoming fragment is about to be inserted
+ * into a reassembly queue. It's purpose is to enable the validation of
+ * security attributes for each fragment. An LSM module using this hook
+ * will likely need to maintain its own fragment queue information, handle
+ * fragment expiration and implement DoS countermeasures.
+ * @skb contains the incoming fragment.
+ * Returns 0 on success.
+ * @encapsulate:
+ * This hook is called when an IP packet is encapsulated, and may be used
+ * to update security attributes prior to reprocessing via the local_out
+ * or forward hooks.
+ * @skb contains the encapsulated packet.
+ * @decapsulate:
+ * This hook is called when a packet is decapsulated, and may be used to
+ * process security attributes at each level of encapsulation. An example
+ * of this would be keeping track of nested security associations for an
+ * incoming packet.
+ * @skb contains the decapsulated packet.
+ * @decode_options:
+ * This hook is used for processing IP security options at the network
+ * layer when labeled networking (e.g. CIPSO) is implemented.
+ * For outgoing packets, IP options passed down from the application or
+ * transport layers may be verified here prior the packet being built.
+ * For incoming packets, IP options may be verified and their values
+ * recorded via the &sk_buff security blob for later processing.
+ * @skb contains the &sk_buff containing IP packet (usually NULL for outgoing).
+ * @optptr contains the &ip_options structure.
+ * @pp_ptr contains the parameter problem pointer.
+ * Returns 0 on success.
+ * A non-zero return value will cause an ICMP parameter problem message to
+ * be generated and transmitted to the sender. The @pp_ptr parameter may
+ * be used to point to the offending option parameter.
+ *
+ * These are the IPv4 networking hooks.
+ */
+struct ip_security_ops {
+ ip_opfn preroute_first;
+ ip_opfn preroute_last;
+ ip_opfn input_first;
+ ip_opfn input_last;
+ ip_opfn forward_first;
+ ip_opfn forward_last;
+ ip_opfn output_first;
+ ip_opfn output_last;
+ ip_opfn postroute_first;
+ ip_opfn postroute_last;
+ void (*fragment) (struct sk_buff *newskb,
+ const struct sk_buff *oldskb);
+ int (*defragment) (struct sk_buff *skb);
+ void (*encapsulate) (struct sk_buff *skb);
+ void (*decapsulate) (struct sk_buff *skb);
+ int (*decode_options) (struct sk_buff *skb, const char *optptr,
+ unsigned char **pp_ptr);
+};
+
+/**
+ * struct netdev_security_ops - Security hooks for network devices.
+ * @unregister:
+ * Update the module's state when a network device is unregistered,
+ * deallocating the dev->security field if it was previously allocated.
+ * @dev contains the network device
+ *
+ * These are the hooks for network device operations. Since it would be quite
+ * invasive to provide hooks in every location where a network device might be
+ * probed or initialized, there are no separate hooks for allocation or
+ * initialization. Security modules can allocate and initialize the
+ * dev->security field on the first access to the device, but should be careful
+ * to use nonblocking allocation.
+ */
+struct netdev_security_ops {
+ void (*unregister) (struct net_device *dev);
+};
+
+/**
+ * struct module_security_ops - Security hooks for kernel module operations.
+ * @create_module:
+ * Check the permission before allocating space for a module.
+ * @name contains the module name.
+ * @size contains the module size.
+ * Return 0 if permission is granted.
+ * @init_module:
+ * Check permission before initializing a module.
+ * @mod contains a pointer to the module being initialized.
+ * Return 0 if permission is granted.
+ * @delete_module:
+ * Check permission before removing a module.
+ * @mod contains a pointer to the module being deleted.
+ * Return 0 if permission is granted.
+ *
+ * These are the hooks for kernel module operations. All hooks are called with
+ * the big kernel lock held, and @delete_module is also called with the
+ * unload_lock held.
+ */
+struct module_security_ops {
+ int (*create_module) (const char *name, size_t size);
+ int (*init_module) (struct module *mod);
+ int (*delete_module) (const struct module *mod);
+};
+
+/**
+ * struct ipc_security_ops - Security hooks affecting all System V IPC operations.
+ * @permission:
+ * Check user, group, and other permissions for access to IPC
+ * @ipcp contains the IPC permission set
+ * @flag contains the desired (requested) permission set
+ * Return 0 if permission is granted.
+ * @getinfo:
+ * Check permission to retrieve information on previously allocated IPC
+ * resources. Called by the IPC resource control syscalls, shmctl,
+ * msgctl, semctl with a @cmd argument of: IPC_INFO, SEM_INFO, MSG_INFO,
+ * or SHM_INFO as appropriate.
+ * @id contains the resource identifier
+ * @cmd contains the operation to be performed
+ * Return 0 if permission is granted.
+ *
+ * These are the security hooks for all System V IPC operations.
+ */
+struct ipc_security_ops {
+ int (*permission) (struct kern_ipc_perm *ipcp, short flag);
+ int (*getinfo) (int id, int cmd);
+};
+
+/**
+ * struct msg_msg_security_ops - Security hooks for individual messages held in System V IPC message queues
+ * @alloc_security:
+ * Allocate and attach a security structure to the msg->security field.
+ * The security field is initialized to NULL when the structure is first
+ * created.
+ * @msg contains the message structure to be modified.
+ * Return 0 if operation was successful and permission is granted.
+ * @free_security:
+ * Deallocate the security structure for this message.
+ * @msg contains the message structure to be modified.
+ *
+ * These are the security hooks for individual messages held in System V IPC
+ * message queues.
+ */
+struct msg_msg_security_ops {
+ int (*alloc_security) (struct msg_msg *msg);
+ void (*free_security) (struct msg_msg *msg);
+};
+
+/**
+ * struct msg_queue_security_ops - Security hooks for System V IPC Message Queues
+ * @alloc_security:
+ * Allocate and attach a security structure to the
+ * msq->q_perm.security field. The security field is initialized to
+ * NULL when the structure is first created.
+ * @msq contains the message queue structure to be modified.
+ * Return 0 if operation was successful and permission is granted.
+ * @free_security:
+ * Deallocate security structure for this message queue.
+ * @msq contains the message queue structure to be modified.
+ * @associate:
+ * Check permission when a message queue is requested through the
+ * msgget system call. This hook is only called when returning the
+ * message queue identifier for an existing message queue, not when a
+ * new message queue is created.
+ * @msq contains the message queue to act upon.
+ * @msqid contains the resource identifier.
+ * @msqflg contains the operation control flags.
+ * Return 0 if permission is granted.
+ * @msgctl:
+ * Check permission when a message control operation specified by @cmd
+ * is to be performed on the message queue @msq, with identifier
+ * @msqid.
+ * @msq contains the message queue to act upon.
+ * @msqid contains the resource identifier.
+ * @cmd contains the operation to be performed.
+ * Return 0 if permission is granted.
+ * @msgsnd:
+ * Check permission before a message, @msg, is enqueued on the message
+ * queue, @msq, whose identifier is specified by the value of @msqid.
+ * @msq contains the message queue to send message to.
+ * @msg contains the message to be enqueued.
+ * @msqid contains resource identifier.
+ * @msqflg contains operational flags.
+ * Return 0 if permission is granted.
+ * @msgrcv:
+ * Check permission before a message, @msg, is removed from the message
+ * queue, @msq, whose identifier is specified by the value of @msqid. The
+ * @target task structure contains a pointer to the process that will be
+ * receiving the message (not equal to the current process when inline
+ * receives are being performed).
+ * @msq contains the message queue to retrieve message from.
+ * @msg contains the message destination.
+ * @target contains the task structure for recipient process.
+ * @type contains the type of message requested.
+ * @mode contains the operational flags.
+ * Return 0 if permission is granted.
+ *
+ * These are the security hooks for System V IPC message queues.
+ */
+struct msg_queue_security_ops {
+ int (*alloc_security) (struct msg_queue *msq);
+ void (*free_security) (struct msg_queue *msq);
+ int (*associate) (struct msg_queue *msq, int msqid, int msqflg);
+ int (*msgctl) (struct msg_queue *msq, int msqid, int cmd);
+ int (*msgsnd) (struct msg_queue *msq, struct msg_msg *msg, int msqid,
+ int msqflg);
+ int (*msgrcv) (struct msg_queue *msq, struct msg_msg *msg,
+ struct task_struct *target, long type, int mode);
+};
+
+/**
+ * struct shm_security_ops - Security hooks for System V Shared Memory Segments
+ * @alloc_security:
+ * Allocate and attach a security structure to the shp->shm_perm.security
+ * field. The security field is initialized to NULL when the structure is
+ * first created.
+ * @shp contains the shared memory structure to be modified.
+ * Return 0 if operation was successful and permission is granted.
+ * @free_security:
+ * Deallocate the security struct for this memory segment.
+ * @shp contains the shared memory structure to be modified.
+ * @associate:
+ * Check permission when a shared memory region is requested through the
+ * shmget system call. This hook is only called when returning the shared
+ * memory region identifier for an existing region, not when a new shared
+ * memory region is created.
+ * @shp contains the shared memory structure to be modified.
+ * @shmid contains the resource identifier.
+ * @shmflg contains the operation control flags.
+ * Return 0 if permission is granted.
+ * @shmctl:
+ * Check permission when a shared memory control operation specified by
+ * @cmd is to be performed on the shared memory region @shp, with
+ * identifier @shmid.
+ * @shp contains shared memory structure to be modified.
+ * @shmid contains the resource identifier.
+ * @cmd contains the operation to be performed.
+ * Return 0 if permission is granted.
+ * @shmat:
+ * Check permissions prior to allowing the shmat system call to attach the
+ * shared memory segment @shp, identified by @shmid, to the data segment
+ * of the calling process. The attaching address is specified by @shmaddr.
+ * @shp contains the shared memory structure to be modified.
+ * @shmid contains the resource identifier.
+ * @shmaddr contains the address to attach memory region to.
+ * @shmflg contains the operational flags.
+ * Return 0 if permission is granted.
+ *
+ * These are the security hooks for System V shared memory segments.
+ */
+struct shm_security_ops {
+ int (*alloc_security) (struct shmid_kernel *shp);
+ void (*free_security) (struct shmid_kernel *shp);
+ int (*associate) (struct shmid_kernel *shp, int shmid, int shmflg);
+ int (*shmctl) (struct shmid_kernel *shp, int shmid, int cmd);
+ int (*shmat) (struct shmid_kernel *shp, int shmid, char *shmaddr,
+ int shmflg);
+};
+
+/**
+ * struct sem_security_ops - Security hooks for System V Semaphores
+ * @alloc_security:
+ * Allocate and attach a security structure to the sma->sem_perm.security
+ * field. The security field is initialized to NULL when the structure is
+ * first created.
+ * @sma contains the semaphore structure
+ * Return 0 if operation was successful and permission is granted.
+ * @free_security:
+ * deallocate security struct for this semaphore
+ * @sma contains the semaphore structure.
+ * @associate:
+ * Check permission when a semaphore is requested through the semget
+ * system call. This hook is only called when returning the semaphore
+ * identifier for an existing semaphore, not when a new one must be
+ * created.
+ * @sma contains the semaphore structure.
+ * @semid contains the resource identifier.
+ * @semflg contains the operation control flags.
+ * Return 0 if permission is granted.
+ * @semctl:
+ * Check permission when a semaphore operation specified by @cmd is to be
+ * performed on the semaphore @sma, with identifier @semid.
+ * @sma contains the semaphore structure.
+ * @semid contains the resource identifier.
+ * @cmd contains the operation to be performed.
+ * Return 0 if permission is granted.
+ * @semop
+ * Check permissions before performing operations on members of the
+ * semaphore set @sma, identified by @semid. If the @alter flag is
+ * nonzero, the semaphore set may be modified.
+ * @sma contains the semaphore structure.
+ * @semid contains the resource identifier.
+ * @sops contains the operations to perform.
+ * @nsops contains the number of operations to perform.
+ * @alter contains the flag indicating whether changes are to be made.
+ * Return 0 if permission is granted.
+ *
+ * These are the security hooks for System V semaphores.
+ */
+struct sem_security_ops {
+ int (*alloc_security) (struct sem_array *sma);
+ void (*free_security) (struct sem_array *sma);
+ int (*associate) (struct sem_array *sma, int semid, int semflg);
+ int (*semctl) (struct sem_array *sma, int semid, int cmd);
+ int (*semop) (struct sem_array *sma, int semid, struct sembuf *sops,
+ unsigned nsops, int alter);
+};
+
+/* forward declares to avoid warnings */
+struct nfsctl_arg;
+struct swap_info_struct;
+/**
+ * struct security_operations - main security structure
+ * @sethostname:
+ * Check permission before the hostname is set to @hostname.
+ * @hostname contains the new hostname
+ * Return 0 if permission is granted.
+ * @setdomainname:
+ * Check permission before the domainname is set to @domainname.
+ * @domainname contains the new domainname
+ * Return 0 if permission is granted.
+ * @reboot:
+ * Check permission before rebooting or enabling/disabling the
+ * Ctrl-Alt-Del key sequence.
+ * The values for @cmd are defined in the reboot(2) manual page.
+ * @cmd contains the reboot command.
+ * Return 0 if permission is granted.
+ * @ioperm:
+ * Check permission before setting port input/output permissions for the
+ * process for @num bytes starting from the port address @from to the
+ * value @turn_on.
+ * @from contains the starting port address.
+ * @num contains the number of bytes starting from @from.
+ * @turn_on contains the permissions value.
+ * Return 0 if permission is granted.
+ * @iopl:
+ * Check permission before changing the I/O privilege level of the current
+ * process from @old to @level.
+ * @old contains the old level.
+ * @level contains the new level.
+ * Return 0 if permission is granted.
+ * @ptrace:
+ * Check permission before allowing the @parent process to trace the
+ * @child process.
+ * Security modules may also want to perform a process tracing check
+ * during an execve in the set_security or compute_creds hooks of
+ * binprm_security_ops if the process is being traced and its security
+ * attributes would be changed by the execve.
+ * @parent contains the task_struct structure for parent process.
+ * @child contains the task_struct structure for child process.
+ * Return 0 if permission is granted.
+ * @capget:
+ * Get the @effective, @inheritable, and @permitted capability sets for
+ * the @target process. The hook may also perform permission checking to
+ * determine if the current process is allowed to see the capability sets
+ * of the @target process.
+ * @target contains the task_struct structure for target process.
+ * @effective contains the effective capability set.
+ * @inheritable contains the inheritable capability set.
+ * @permitted contains the permitted capability set.
+ * Return 0 if the capability sets were successfully obtained.
+ * @capset_check:
+ * Check permission before setting the @effective, @inheritable, and
+ * @permitted capability sets for the @target process.
+ * Caveat: @target is also set to current if a set of processes is
+ * specified (i.e. all processes other than current and init or a
+ * particular process group). Hence, the capset_set hook may need to
+ * revalidate permission to the actual target process.
+ * @target contains the task_struct structure for target process.
+ * @effective contains the effective capability set.
+ * @inheritable contains the inheritable capability set.
+ * @permitted contains the permitted capability set.
+ * Return 0 if permission is granted.
+ * @capset_set:
+ * Set the @effective, @inheritable, and @permitted capability sets for
+ * the @target process. Since capset_check cannot always check permission
+ * to the real @target process, this hook may also perform permission
+ * checking to determine if the current process is allowed to set the
+ * capability sets of the @target process. However, this hook has no way
+ * of returning an error due to the structure of the sys_capset code.
+ * @target contains the task_struct structure for target process.
+ * @effective contains the effective capability set.
+ * @inheritable contains the inheritable capability set.
+ * @permitted contains the permitted capability set.
+ * @acct:
+ * Check permission before enabling or disabling process accounting. If
+ * accounting is being enabled, then @file refers to the open file used to
+ * store accounting records. If accounting is being disabled, then @file
+ * is NULL.
+ * @file contains the file structure for the accounting file (may be NULL).
+ * Return 0 if permission is granted.
+ * @sysctl:
+ * Check permission before accessing the @table sysctl variable in the
+ * manner specified by @op.
+ * @table contains the ctl_table structure for the sysctl variable.
+ * @op contains the operation (001 = search, 002 = write, 004 = read).
+ * Return 0 if permission is granted.
+ * @capable:
+ * Check whether the @tsk process has the @cap capability.
+ * @tsk contains the task_struct for the process.
+ * @cap contains the capability <include/linux/capability.h>.
+ * Return 0 if the capability is granted for @tsk.
+ * @sys_security:
+ * Security modules may use this hook to implement new system calls for
+ * security-aware applications. The interface is similar to socketcall,
+ * but with an @id parameter to help identify the security module whose
+ * call is being invoked. The module is responsible for interpreting the
+ * parameters, and must copy in the @args array from user space if it is
+ * used.
+ * @id contains the security module identifier.
+ * @call contains the call value.
+ * @args contains the call arguments (user space pointer).
+ * The module should return -ENOSYS if it does not implement any new
+ * system calls.
+ * @swapon:
+ * Check permission before enabling swapping to the file or block device
+ * identified by @swap.
+ * @swap contains the swap_info_struct structure for the swap file and device.
+ * Return 0 if permission is granted.
+ * @swapoff:
+ * Check permission before disabling swapping to the file or block device
+ * identified by @swap.
+ * @swap contains the swap_info_struct structure for the swap file and device.
+ * Return 0 if permission is granted.
+ * @nfsservctl:
+ * Check permission before having the kernel NFS daemon perform command
+ * @cmd with arguments @arg.
+ * See the nfsservctl(2) manual page for an explanation of @cmd and @arg
+ * values.
+ * @cmd contains the command value.
+ * @arg contains the command arguments.
+ * Return 0 if permission is granted.
+ * @quotactl:
+ * Check permission before performing the quota operation identified by
+ * @cmd for the specified @type, @id, and @sb. The @sb parameter may be
+ * NULL, e.g. for the Q_SYNC and Q_GETSTATS commands.
+ * @cmd contains the command value.
+ * @type contains the type of quota (USRQUOTA or GRPQUOTA).
+ * @id contains the user or group identifier.
+ * @sb contains the super_block structure for the filesystem (may be NULL).
+ * Return 0 if permission is granted.
+ * @quota_on:
+ * Check permission before enabling quotas for a file system using @f as
+ * the quota file.
+ * @f contains the open file for storing quotas.
+ * Return 0 if permission is granted.
+ * @bdflush:
+ * Check permission before tuning the bdflush parameter.
+ * See the bdflush(2) manual page for an explanation of the @func and
+ * @data parameters. The @data parameter should only be used by the
+ * module if it is an input value.
+ * @func contains the tuning function.
+ * @data contains the tuning parameter pointer (user space pointer) or value.
+ * Return 0 if permission is granted.
+ * @syslog:
+ * Check permission before accessing the kernel message ring or changing
+ * logging to the console.
+ * See the syslog(2) manual page for an explanation of the @type values.
+ * @type contains the type of action.
+ * Return 0 if permission is granted.
+ * @netlink_send:
+ * Save security information for a netlink message so that permission
+ * checking can be performed when the message is processed. The security
+ * information can either be saved using the existing eff_cap field of the
+ * netlink_skb_parms structure or it can be saved using the skbuff
+ * lsm_security field.
+ * @skb contains the sk_buff structure for the netlink message.
+ * Return 0 if the information was successfully saved.
+ * @netlink_recv:
+ * Check permission before processing the received netlink message in
+ * @skb.
+ * @skb contains the sk_buff structure for the netlink message.
+ * Return 0 if permission is granted.
+ * @bprm_ops:
+ * struct binprm_security_ops
+ * @sb_ops:
+ * struct super_block_security_ops
+ * @inode_ops:
+ * struct inode_security_ops
+ * @file_ops:
+ * struct file_security_ops
+ * @task_ops:
+ * struct task_security_ops
+ * @socket_ops:
+ * struct socket_security_ops
+ * @skb_ops:
+ * struct skb_security_ops
+ * @ip_ops:
+ * struct ip_security_ops
+ * @netdev_ops:
+ * struct netdev_security_ops
+ * @module_ops:
+ * struct module_security_ops
+ * @ipc_ops:
+ * struct ipc_security_ops
+ * @msg_msg_ops:
+ * struct msg_msg_security_ops
+ * @msg_queue_ops:
+ * struct msg_queue_security_ops
+ * @shm_ops:
+ * struct shm_security_ops
+ * @sem_ops:
+ * struct sem_security_ops
+ * @register_security:
+ * allow module stacking.
+ * @name contains the name of the security module being stacked.
+ * @ops contains a pointer to the struct security_operations of the module to stack.
+ * @unregister_security:
+ * remove a stacked module.
+ * @name contains the name of the security module being unstacked.
+ * @ops contains a pointer to the struct security_operations of the module to unstack.
+ *
+ * This is the main security structure.
+ */
+struct security_operations {
+ int (*sethostname) (char *hostname);
+ int (*setdomainname) (char *domainname);
+ int (*reboot) (unsigned int cmd);
+ int (*ioperm) (unsigned long from, unsigned long num, int turn_on);
+ int (*iopl) (unsigned int old, unsigned int level);
+ int (*ptrace) (struct task_struct *parent, struct task_struct *child);
+ int (*capget) (struct task_struct *target, kernel_cap_t *effective,
+ kernel_cap_t *inheritable, kernel_cap_t *permitted);
+ int (*capset_check) (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted);
+ void (*capset_set) (struct task_struct *target,
+ kernel_cap_t *effective, kernel_cap_t *inheritable,
+ kernel_cap_t *permitted);
+ int (*acct) (struct file *file);
+ int (*sysctl) (ctl_table * table, int op);
+ int (*capable) (struct task_struct *tsk, int cap);
+ int (*sys_security) (unsigned int id, unsigned call,
+ unsigned long *args);
+ int (*swapon) (struct swap_info_struct *swap);
+ int (*swapoff) (struct swap_info_struct *swap);
+ int (*nfsservctl) (int cmd, struct nfsctl_arg *arg);
+ int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
+ int (*quota_on) (struct file *f);
+ int (*bdflush) (int func, long data);
+ int (*syslog) (int type);
+ int (*netlink_send) (struct sk_buff *skb);
+ int (*netlink_recv) (struct sk_buff *skb);
+
+ struct binprm_security_ops * bprm_ops;
+ struct super_block_security_ops * sb_ops;
+ struct inode_security_ops * inode_ops;
+ struct file_security_ops * file_ops;
+ struct task_security_ops * task_ops;
+ struct socket_security_ops * socket_ops;
+ struct skb_security_ops * skb_ops;
+ struct ip_security_ops * ip_ops;
+ struct netdev_security_ops * netdev_ops;
+ struct module_security_ops * module_ops;
+ struct ipc_security_ops * ipc_ops;
+ struct msg_msg_security_ops * msg_msg_ops;
+ struct msg_queue_security_ops * msg_queue_ops;
+ struct shm_security_ops * shm_ops;
+ struct sem_security_ops * sem_ops;
+
+ /* allow module stacking */
+ int (*register_security) (const char *name, struct security_operations *ops);
+ int (*unregister_security) (const char *name, struct security_operations *ops);
+};
+
+
+/* prototypes */
+extern int security_scaffolding_startup (void);
+extern int register_security (struct security_operations *ops);
+extern int unregister_security (struct security_operations *ops);
+extern int mod_reg_security (const char *name, struct security_operations *ops);
+extern int mod_unreg_security (const char *name, struct security_operations *ops);
+extern int capable (int cap);
+
+/* global variables */
+extern struct security_operations *security_ops;
+
+
+#endif /* __KERNEL__ */
+
+#endif /* ! __LINUX_SECURITY_H */
+
diff --minimal -Nru a/include/linux/shm.h b/include/linux/shm.h
--- a/include/linux/shm.h Tue Feb 12 18:59:50 2002
+++ b/include/linux/shm.h Tue Feb 12 18:59:50 2002
@@ -71,6 +71,19 @@
};
#ifdef __KERNEL__
+struct shmid_kernel /* private to the kernel */
+{
+ struct kern_ipc_perm shm_perm;
+ struct file * shm_file;
+ int id;
+ unsigned long shm_nattch;
+ unsigned long shm_segsz;
+ time_t shm_atim;
+ time_t shm_dtim;
+ time_t shm_ctim;
+ pid_t shm_cprid;
+ pid_t shm_lprid;
+};
/* shm_mode upper byte flags */
#define SHM_DEST 01000 /* segment will be destroyed on last detach */
diff --minimal -Nru a/include/linux/skbuff.h b/include/linux/skbuff.h
--- a/include/linux/skbuff.h Tue Feb 12 18:59:50 2002
+++ b/include/linux/skbuff.h Tue Feb 12 18:59:50 2002
@@ -217,6 +217,8 @@
#ifdef CONFIG_NET_SCHED
__u32 tc_index; /* traffic control index */
#endif
+
+ void *lsm_security; /* replaces the above security field */
};
#define SK_WMEM_MAX 65535
diff --minimal -Nru a/include/net/sock.h b/include/net/sock.h
--- a/include/net/sock.h Tue Feb 12 18:59:50 2002
+++ b/include/net/sock.h Tue Feb 12 18:59:50 2002
@@ -1136,6 +1136,7 @@
skb->sk = sk;
skb->destructor = sock_wfree;
atomic_add(skb->truesize, &sk->wmem_alloc);
+ security_ops->skb_ops->set_owner_w(skb, sk);
}
static inline void skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
@@ -1147,15 +1148,20 @@
static inline int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
{
+ int err = 0;
+
/* Cast skb->rcvbuf to unsigned... It's pointless, but reduces
number of warnings when compiling with -W --ANK
*/
if (atomic_read(&sk->rmem_alloc) + skb->truesize >= (unsigned)sk->rcvbuf)
return -ENOMEM;
+ err = security_ops->socket_ops->sock_rcv_skb(sk, skb);
+ if (err)
+ return err;
+
#ifdef CONFIG_FILTER
if (sk->filter) {
- int err = 0;
struct sk_filter *filter;
/* It would be deadlock, if sock_queue_rcv_skb is used
diff --minimal -Nru a/init/do_mounts.c b/init/do_mounts.c
--- a/init/do_mounts.c Tue Feb 12 18:59:50 2002
+++ b/init/do_mounts.c Tue Feb 12 18:59:50 2002
@@ -837,6 +837,7 @@
sys_umount("/dev", 0);
sys_mount(".", "/", NULL, MS_MOVE, NULL);
sys_chroot(".");
+ security_ops->sb_ops->post_mountroot();
mount_devfs_fs ();
}
diff --minimal -Nru a/init/main.c b/init/main.c
--- a/init/main.c Tue Feb 12 18:59:50 2002
+++ b/init/main.c Tue Feb 12 18:59:50 2002
@@ -27,6 +27,7 @@
#include <linux/iobuf.h>
#include <linux/bootmem.h>
#include <linux/tty.h>
+#include <linux/security.h>
#include <asm/io.h>
#include <asm/bugs.h>
@@ -360,6 +361,7 @@
fork_init(mempages);
proc_caches_init();
+ security_scaffolding_startup();
vfs_caches_init(mempages);
buffer_init(mempages);
page_cache_init(mempages);
diff --minimal -Nru a/ipc/msg.c b/ipc/msg.c
--- a/ipc/msg.c Tue Feb 12 18:59:50 2002
+++ b/ipc/msg.c Tue Feb 12 18:59:50 2002
@@ -52,34 +52,6 @@
struct msg_msgseg* next;
/* the next part of the message follows immediately */
};
-/* one msg_msg structure for each message */
-struct msg_msg {
- struct list_head m_list;
- long m_type;
- int m_ts; /* message text size */
- struct msg_msgseg* next;
- /* the actual message follows immediately */
-};
-
-#define DATALEN_MSG (PAGE_SIZE-sizeof(struct msg_msg))
-#define DATALEN_SEG (PAGE_SIZE-sizeof(struct msg_msgseg))
-
-/* one msq_queue structure for each present queue on the system */
-struct msg_queue {
- struct kern_ipc_perm q_perm;
- time_t q_stime; /* last msgsnd time */
- time_t q_rtime; /* last msgrcv time */
- time_t q_ctime; /* last change time */
- unsigned long q_cbytes; /* current number of bytes on queue */
- unsigned long q_qnum; /* number of messages in queue */
- unsigned long q_qbytes; /* max number of bytes on queue */
- pid_t q_lspid; /* pid of last msgsnd */
- pid_t q_lrpid; /* last receive pid */
-
- struct list_head q_messages;
- struct list_head q_receivers;
- struct list_head q_senders;
-};
#define SEARCH_ANY 1
#define SEARCH_EQUAL 2
@@ -117,18 +89,28 @@
static int newque (key_t key, int msgflg)
{
int id;
+ int retval;
struct msg_queue *msq;
msq = (struct msg_queue *) kmalloc (sizeof (*msq), GFP_KERNEL);
if (!msq)
return -ENOMEM;
+
+ msq->q_perm.mode = (msgflg & S_IRWXUGO);
+ msq->q_perm.key = key;
+
+ msq->q_perm.security = NULL;
+ retval = security_ops->msg_queue_ops->alloc_security(msq);
+ if (retval) {
+ kfree(msq);
+ return retval;
+ }
+
id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni);
if(id == -1) {
kfree(msq);
return -ENOSPC;
}
- msq->q_perm.mode = (msgflg & S_IRWXUGO);
- msq->q_perm.key = key;
msq->q_stime = msq->q_rtime = 0;
msq->q_ctime = CURRENT_TIME;
@@ -146,6 +128,9 @@
static void free_msg(struct msg_msg* msg)
{
struct msg_msgseg* seg;
+
+ security_ops->msg_msg_ops->free_security(msg);
+
seg = msg->next;
kfree(msg);
while(seg != NULL) {
@@ -200,6 +185,12 @@
len -= alen;
src = ((char*)src)+alen;
}
+
+ msg->security = NULL;
+ err = security_ops->msg_msg_ops->alloc_security(msg);
+ if (err)
+ goto out_err;
+
return msg;
out_err:
@@ -285,6 +276,8 @@
msq = msg_rmid(id);
+ security_ops->msg_queue_ops->free_security(msq);
+
expunge_all(msq,-EIDRM);
ss_wakeup(&msq->q_senders,1);
msg_unlock(id);
@@ -321,8 +314,12 @@
BUG();
if (ipcperms(&msq->q_perm, msgflg))
ret = -EACCES;
- else
- ret = msg_buildid(id, msq->q_perm.seq);
+ else {
+ int qid = msg_buildid(id, msq->q_perm.seq);
+ ret = security_ops->msg_queue_ops->associate(msq, qid, msgflg);
+ if (!ret)
+ ret = qid;
+ }
msg_unlock(id);
}
up(&msg_ids.sem);
@@ -444,6 +441,11 @@
* due to padding, it's not enough
* to set all member fields.
*/
+
+ err = security_ops->ipc_ops->getinfo(msqid, cmd);
+ if (err)
+ return err;
+
memset(&msginfo,0,sizeof(msginfo));
msginfo.msgmni = msg_ctlmni;
msginfo.msgmax = msg_ctlmax;
@@ -494,6 +496,10 @@
if (ipcperms (&msq->q_perm, S_IRUGO))
goto out_unlock;
+ err = security_ops->msg_queue_ops->msgctl(msq, msqid, cmd);
+ if (err)
+ goto out_unlock;
+
kernel_to_ipc64_perm(&msq->q_perm, &tbuf.msg_perm);
tbuf.msg_stime = msq->q_stime;
tbuf.msg_rtime = msq->q_rtime;
@@ -541,6 +547,11 @@
{
if (setbuf.qbytes > msg_ctlmnb && !capable(CAP_SYS_RESOURCE))
goto out_unlock_up;
+
+ err = security_ops->msg_queue_ops->msgctl(msq, msqid, cmd);
+ if (err)
+ goto out_unlock_up;
+
msq->q_qbytes = setbuf.qbytes;
ipcp->uid = setbuf.uid;
@@ -560,6 +571,10 @@
break;
}
case IPC_RMID:
+ err = security_ops->msg_queue_ops->msgctl(msq, msqid, cmd);
+ if (err)
+ goto out_unlock_up;
+
freeque (msqid);
break;
}
@@ -606,7 +621,8 @@
struct msg_receiver* msr;
msr = list_entry(tmp,struct msg_receiver,r_list);
tmp = tmp->next;
- if(testmsg(msg,msr->r_msgtype,msr->r_mode)) {
+ if(testmsg(msg,msr->r_msgtype,msr->r_mode) &&
+ !security_ops->msg_queue_ops->msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) {
list_del(&msr->r_list);
if(msr->r_maxsize < msg->m_ts) {
msr->r_msg = ERR_PTR(-E2BIG);
@@ -657,6 +673,10 @@
if (ipcperms(&msq->q_perm, S_IWUGO))
goto out_unlock_free;
+ err = security_ops->msg_queue_ops->msgsnd(msq, msg, msqid, msgflg);
+ if (err)
+ goto out_unlock_free;
+
if(msgsz + msq->q_cbytes > msq->q_qbytes ||
1 + msq->q_qnum > msq->q_qbytes) {
struct msg_sender s;
@@ -755,7 +775,8 @@
found_msg=NULL;
while (tmp != &msq->q_messages) {
msg = list_entry(tmp,struct msg_msg,m_list);
- if(testmsg(msg,msgtyp,mode)) {
+ if(testmsg(msg,msgtyp,mode) &&
+ !security_ops->msg_queue_ops->msgrcv(msq, msg, current, msgtyp, mode)) {
found_msg = msg;
if(mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
found_msg=msg;
@@ -773,6 +794,7 @@
err=-E2BIG;
goto out_unlock;
}
+
list_del(&msg->m_list);
msq->q_qnum--;
msq->q_rtime = CURRENT_TIME;
diff --minimal -Nru a/ipc/sem.c b/ipc/sem.c
--- a/ipc/sem.c Tue Feb 12 18:59:50 2002
+++ b/ipc/sem.c Tue Feb 12 18:59:50 2002
@@ -62,6 +62,7 @@
#include <linux/spinlock.h>
#include <linux/init.h>
#include <linux/proc_fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include "util.h"
@@ -114,6 +115,7 @@
static int newary (key_t key, int nsems, int semflg)
{
int id;
+ int retval;
struct sem_array *sma;
int size;
@@ -128,6 +130,17 @@
return -ENOMEM;
}
memset (sma, 0, size);
+
+ sma->sem_perm.mode = (semflg & S_IRWXUGO);
+ sma->sem_perm.key = key;
+
+ sma->sem_perm.security = NULL;
+ retval = security_ops->sem_ops->alloc_security(sma);
+ if (retval) {
+ ipc_free(sma, size);
+ return retval;
+ }
+
id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni);
if(id == -1) {
ipc_free(sma, size);
@@ -135,9 +148,6 @@
}
used_sems += nsems;
- sma->sem_perm.mode = (semflg & S_IRWXUGO);
- sma->sem_perm.key = key;
-
sma->sem_base = (struct sem *) &sma[1];
/* sma->sem_pending = NULL; */
sma->sem_pending_last = &sma->sem_pending;
@@ -175,8 +185,12 @@
err = -EINVAL;
else if (ipcperms(&sma->sem_perm, semflg))
err = -EACCES;
- else
- err = sem_buildid(id, sma->sem_perm.seq);
+ else {
+ int semid = sem_buildid(id, sma->sem_perm.seq);
+ err = security_ops->sem_ops->associate(sma, semid, semflg);
+ if (!err)
+ err = semid;
+ }
sem_unlock(id);
}
@@ -397,6 +411,7 @@
int size;
sma = sem_rmid(id);
+ security_ops->sem_ops->free_security(sma);
/* Invalidate the existing undo structures for this semaphore set.
* (They will be freed without any further action in sem_exit()
@@ -451,6 +466,10 @@
struct seminfo seminfo;
int max_id;
+ err = security_ops->ipc_ops->getinfo(semid, cmd);
+ if (err)
+ return err;
+
memset(&seminfo,0,sizeof(seminfo));
seminfo.semmni = sc_semmni;
seminfo.semmns = sc_semmns;
@@ -492,6 +511,11 @@
err = -EACCES;
if (ipcperms (&sma->sem_perm, S_IRUGO))
goto out_unlock;
+
+ err = security_ops->sem_ops->semctl(sma, semid, cmd);
+ if (err)
+ goto out_unlock;
+
id = sem_buildid(semid, sma->sem_perm.seq);
kernel_to_ipc64_perm(&sma->sem_perm, &tbuf.sem_perm);
@@ -535,6 +559,11 @@
if (ipcperms (&sma->sem_perm, (cmd==SETVAL||cmd==SETALL)?S_IWUGO:S_IRUGO))
goto out_unlock;
+ err = security_ops->sem_ops->semctl(sma, semid, cmd);
+ if (err)
+ goto out_unlock;
+
+ err = -EACCES;
switch (cmd) {
case GETALL:
{
@@ -725,6 +754,10 @@
goto out_unlock;
}
+ err = security_ops->sem_ops->semctl(sma, semid, cmd);
+ if (err)
+ goto out_unlock;
+
switch(cmd){
case IPC_RMID:
freeary(semid);
@@ -882,6 +915,12 @@
error = -EACCES;
if (ipcperms(&sma->sem_perm, alter ? S_IWUGO : S_IRUGO))
goto out_unlock_free;
+
+ error = security_ops->sem_ops->semop(sma, semid, sops, nsops, alter);
+ if (error)
+ goto out_unlock_free;
+ error = -EACCES;
+
if (undos) {
/* Make sure we have an undo structure
* for this process and this semaphore set.
diff --minimal -Nru a/ipc/shm.c b/ipc/shm.c
--- a/ipc/shm.c Tue Feb 12 18:59:50 2002
+++ b/ipc/shm.c Tue Feb 12 18:59:50 2002
@@ -23,24 +23,11 @@
#include <linux/file.h>
#include <linux/mman.h>
#include <linux/proc_fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include "util.h"
-struct shmid_kernel /* private to the kernel */
-{
- struct kern_ipc_perm shm_perm;
- struct file * shm_file;
- int id;
- unsigned long shm_nattch;
- unsigned long shm_segsz;
- time_t shm_atim;
- time_t shm_dtim;
- time_t shm_ctim;
- pid_t shm_cprid;
- pid_t shm_lprid;
-};
-
#define shm_flags shm_perm.mode
static struct file_operations shm_file_operations;
@@ -124,6 +111,9 @@
{
shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT;
shm_rmid (shp->id);
+
+ security_ops->shm_ops->free_security(shp);
+
shmem_lock(shp->shm_file, 0);
fput (shp->shm_file);
kfree (shp);
@@ -192,6 +182,17 @@
shp = (struct shmid_kernel *) kmalloc (sizeof (*shp), GFP_USER);
if (!shp)
return -ENOMEM;
+
+ shp->shm_perm.key = key;
+ shp->shm_flags = (shmflg & S_IRWXUGO);
+
+ shp->shm_perm.security = NULL;
+ error = security_ops->shm_ops->alloc_security(shp);
+ if (error) {
+ kfree(shp);
+ return error;
+ }
+
sprintf (name, "SYSV%08x", key);
file = shmem_file_setup(name, size);
error = PTR_ERR(file);
@@ -202,8 +203,7 @@
id = shm_addid(shp);
if(id == -1)
goto no_id;
- shp->shm_perm.key = key;
- shp->shm_flags = (shmflg & S_IRWXUGO);
+
shp->shm_cprid = current->pid;
shp->shm_lprid = 0;
shp->shm_atim = shp->shm_dtim = 0;
@@ -248,8 +248,12 @@
err = -EINVAL;
else if (ipcperms(&shp->shm_perm, shmflg))
err = -EACCES;
- else
- err = shm_buildid(id, shp->shm_perm.seq);
+ else {
+ int shmid = shm_buildid(id, shp->shm_perm.seq);
+ err = security_ops->shm_ops->associate(shp, shmid, shmflg);
+ if (!err)
+ err = shmid;
+ }
shm_unlock(id);
}
up(&shm_ids.sem);
@@ -387,6 +391,10 @@
{
struct shminfo64 shminfo;
+ err = security_ops->ipc_ops->getinfo(shmid, cmd);
+ if (err)
+ return err;
+
memset(&shminfo,0,sizeof(shminfo));
shminfo.shmmni = shminfo.shmseg = shm_ctlmni;
shminfo.shmmax = shm_ctlmax;
@@ -405,6 +413,10 @@
{
struct shm_info shm_info;
+ err = security_ops->ipc_ops->getinfo(shmid, cmd);
+ if (err)
+ return err;
+
memset(&shm_info,0,sizeof(shm_info));
down(&shm_ids.sem);
shm_lockall();
@@ -430,6 +442,11 @@
shp = shm_lock(shmid);
if(shp==NULL)
return -EINVAL;
+
+ err = security_ops->shm_ops->shmctl(shp, shmid, cmd);
+ if (err)
+ goto out_unlock;
+
if(cmd==SHM_STAT) {
err = -EINVAL;
if (shmid > shm_ids.max_id)
@@ -472,6 +489,11 @@
err = shm_checkid(shp,shmid);
if(err)
goto out_unlock;
+
+ err = security_ops->shm_ops->shmctl(shp, shmid, cmd);
+ if (err)
+ goto out_unlock;
+
if(cmd==SHM_LOCK) {
shmem_lock(shp->shm_file, 1);
shp->shm_flags |= SHM_LOCKED;
@@ -502,6 +524,11 @@
err = shm_checkid(shp, shmid);
if(err)
goto out_unlock_up;
+
+ err = security_ops->shm_ops->shmctl(shp, shmid, cmd);
+ if (err)
+ goto out_unlock_up;
+
if (current->euid != shp->shm_perm.uid &&
current->euid != shp->shm_perm.cuid &&
!capable(CAP_SYS_ADMIN)) {
@@ -533,6 +560,11 @@
err = shm_checkid(shp,shmid);
if(err)
goto out_unlock_up;
+
+ err = security_ops->shm_ops->shmctl(shp, shmid, cmd);
+ if (err)
+ goto out_unlock_up;
+
err=-EPERM;
if (current->euid != shp->shm_perm.uid &&
current->euid != shp->shm_perm.cuid &&
@@ -623,6 +655,13 @@
shm_unlock(shmid);
return -EACCES;
}
+
+ err = security_ops->shm_ops->shmat(shp, shmid, shmaddr, shmflg);
+ if (err) {
+ shm_unlock(shmid);
+ return err;
+ }
+
file = shp->shm_file;
size = file->f_dentry->d_inode->i_size;
shp->shm_nattch++;
diff --minimal -Nru a/ipc/util.c b/ipc/util.c
--- a/ipc/util.c Tue Feb 12 18:59:50 2002
+++ b/ipc/util.c Tue Feb 12 18:59:50 2002
@@ -19,6 +19,7 @@
#include <linux/vmalloc.h>
#include <linux/slab.h>
#include <linux/highuid.h>
+#include <linux/security.h>
#if defined(CONFIG_SYSVIPC)
@@ -263,7 +264,7 @@
!capable(CAP_IPC_OWNER))
return -1;
- return 0;
+ return security_ops->ipc_ops->permission(ipcp, flag);
}
/*
diff --minimal -Nru a/kernel/acct.c b/kernel/acct.c
--- a/kernel/acct.c Tue Feb 12 18:59:50 2002
+++ b/kernel/acct.c Tue Feb 12 18:59:50 2002
@@ -182,6 +182,10 @@
goto out_err;
}
+ error = security_ops->acct(file);
+ if (error)
+ goto out_err;
+
error = 0;
lock_kernel();
if (acct_file) {
@@ -209,7 +213,8 @@
out:
return error;
out_err:
- filp_close(file, NULL);
+ if (file)
+ filp_close(file, NULL);
goto out;
}
diff --minimal -Nru a/kernel/capability.c b/kernel/capability.c
--- a/kernel/capability.c Tue Feb 12 18:59:50 2002
+++ b/kernel/capability.c Tue Feb 12 18:59:50 2002
@@ -59,9 +59,7 @@
}
if (!error) {
- data.permitted = cap_t(target->cap_permitted);
- data.inheritable = cap_t(target->cap_inheritable);
- data.effective = cap_t(target->cap_effective);
+ error = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
}
if (target != current)
@@ -90,9 +88,7 @@
for_each_task(target) {
if (target->pgrp != pgrp)
continue;
- target->cap_effective = *effective;
- target->cap_inheritable = *inheritable;
- target->cap_permitted = *permitted;
+ security_ops->capset_set(target, effective, inheritable, permitted);
}
read_unlock(&tasklist_lock);
}
@@ -111,9 +107,7 @@
for_each_task(target) {
if (target == current || target->pid == 1)
continue;
- target->cap_effective = *effective;
- target->cap_inheritable = *inheritable;
- target->cap_permitted = *permitted;
+ security_ops->capset_set(target, effective, inheritable, permitted);
}
read_unlock(&tasklist_lock);
}
@@ -170,30 +164,12 @@
target = current;
}
-
- /* verify restrictions on target's new Inheritable set */
- if (!cap_issubset(inheritable,
- cap_combine(target->cap_inheritable,
- current->cap_permitted))) {
- goto out;
- }
-
- /* verify restrictions on target's new Permitted set */
- if (!cap_issubset(permitted,
- cap_combine(target->cap_permitted,
- current->cap_permitted))) {
- goto out;
- }
-
- /* verify the _new_Effective_ is a subset of the _new_Permitted_ */
- if (!cap_issubset(effective, permitted)) {
- goto out;
- }
+ error = security_ops->capset_check(target, &effective, &inheritable, &permitted);
+ if (error)
+ goto out;
/* having verified that the proposed changes are legal,
we now put them into effect. */
- error = 0;
-
if (pid < 0) {
if (pid == -1) /* all procs other than current and init */
cap_set_all(&effective, &inheritable, &permitted);
@@ -202,10 +178,7 @@
cap_set_pg(-pid, &effective, &inheritable, &permitted);
goto spin_out;
} else {
- /* FIXME: do we need to have a write lock here..? */
- target->cap_effective = effective;
- target->cap_inheritable = inheritable;
- target->cap_permitted = permitted;
+ security_ops->capset_set(target, &effective, &inheritable, &permitted);
}
out:
diff --minimal -Nru a/kernel/exit.c b/kernel/exit.c
--- a/kernel/exit.c Tue Feb 12 18:59:50 2002
+++ b/kernel/exit.c Tue Feb 12 18:59:50 2002
@@ -14,6 +14,7 @@
#include <linux/personality.h>
#include <linux/tty.h>
#include <linux/namespace.h>
+#include <linux/security.h>
#ifdef CONFIG_BSD_PROCESS_ACCT
#include <linux/acct.h>
#endif
@@ -39,6 +40,7 @@
wait_task_inactive(p);
#endif
atomic_dec(&p->user->processes);
+ security_ops->task_ops->free_security(p);
free_uid(p->user);
unhash_process(p);
@@ -603,6 +605,10 @@
if (((p->exit_signal != SIGCHLD) ^ ((options & __WCLONE) != 0))
&& !(options & __WALL))
continue;
+
+ if (security_ops->task_ops->wait(p))
+ continue;
+
flag = 1;
switch (p->state) {
case TASK_STOPPED:
diff --minimal -Nru a/kernel/fork.c b/kernel/fork.c
--- a/kernel/fork.c Tue Feb 12 18:59:50 2002
+++ b/kernel/fork.c Tue Feb 12 18:59:50 2002
@@ -24,6 +24,7 @@
#include <linux/file.h>
#include <linux/binfmts.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/pgtable.h>
#include <asm/pgalloc.h>
@@ -625,6 +626,10 @@
goto fork_out;
}
+ retval = security_ops->task_ops->create(clone_flags);
+ if (retval)
+ goto fork_out;
+
retval = -ENOMEM;
p = dup_task_struct(current);
if (!p)
@@ -703,13 +708,16 @@
p->array = NULL;
p->lock_depth = -1; /* -1 = no lock */
p->start_time = jiffies;
+ p->security = NULL;
INIT_LIST_HEAD(&p->local_pages);
retval = -ENOMEM;
+ if (security_ops->task_ops->alloc_security(p))
+ goto bad_fork_cleanup;
/* copy all the process information */
if (copy_files(clone_flags, p))
- goto bad_fork_cleanup;
+ goto bad_fork_cleanup_security;
if (copy_fs(clone_flags, p))
goto bad_fork_cleanup_files;
if (copy_sighand(clone_flags, p))
@@ -816,6 +824,8 @@
exit_fs(p); /* blocking */
bad_fork_cleanup_files:
exit_files(p); /* blocking */
+bad_fork_cleanup_security:
+ security_ops->task_ops->free_security(p);
bad_fork_cleanup:
put_exec_domain(p->thread_info->exec_domain);
if (p->binfmt && p->binfmt->module)
diff --minimal -Nru a/kernel/kmod.c b/kernel/kmod.c
--- a/kernel/kmod.c Tue Feb 12 18:59:50 2002
+++ b/kernel/kmod.c Tue Feb 12 18:59:50 2002
@@ -133,7 +133,7 @@
/* Give kmod all effective privileges.. */
curtask->euid = curtask->fsuid = 0;
curtask->egid = curtask->fsgid = 0;
- cap_set_full(curtask->cap_effective);
+ security_ops->task_ops->kmod_set_label();
/* Allow execve args to be in kernel space. */
set_fs(KERNEL_DS);
diff --minimal -Nru a/kernel/module.c b/kernel/module.c
--- a/kernel/module.c Tue Feb 12 18:59:50 2002
+++ b/kernel/module.c Tue Feb 12 18:59:50 2002
@@ -11,6 +11,7 @@
#include <linux/kmod.h>
#include <linux/seq_file.h>
#include <linux/fs.h>
+#include <linux/security.h>
/*
* Originally by Anonymous (as far as I know...)
@@ -312,6 +313,12 @@
error = -EEXIST;
goto err1;
}
+
+ /* check that we have permission to do this */
+ error = security_ops->module_ops->create_module(name, size);
+ if (error)
+ goto err1;
+
if ((mod = (struct module *)module_map(size)) == NULL) {
error = -ENOMEM;
goto err1;
@@ -499,6 +506,12 @@
goto err3;
}
+ /* check that we have permission to do this */
+ error = security_ops->module_ops->init_module(mod);
+ if (error)
+ goto err3;
+ error = -EINVAL;
+
if (module_arch_init(mod))
goto err3;
@@ -619,6 +632,12 @@
spin_lock(&unload_lock);
if (!__MOD_IN_USE(mod)) {
+ /* check that we have permission to do this */
+ error = security_ops->module_ops->delete_module(mod);
+ if (error) {
+ spin_unlock(&unload_lock);
+ goto out;
+ }
mod->flags |= MOD_DELETED;
spin_unlock(&unload_lock);
free_module(mod, 0);
@@ -647,6 +666,13 @@
spin_unlock(&unload_lock);
mod->flags &= ~MOD_VISITED;
} else {
+ /* check that we have permission to do this
+ * an error is not propagated if perm fails
+ */
+ if (security_ops->module_ops->delete_module(mod)) {
+ spin_unlock(&unload_lock);
+ continue;
+ }
mod->flags |= MOD_DELETED;
spin_unlock(&unload_lock);
free_module(mod, 1);
diff --minimal -Nru a/kernel/printk.c b/kernel/printk.c
--- a/kernel/printk.c Tue Feb 12 18:59:50 2002
+++ b/kernel/printk.c Tue Feb 12 18:59:50 2002
@@ -165,6 +165,10 @@
char c;
int error = 0;
+ error = security_ops->syslog(type);
+ if( error )
+ return error;
+
switch (type) {
case 0: /* Close log */
break;
diff --minimal -Nru a/kernel/ptrace.c b/kernel/ptrace.c
--- a/kernel/ptrace.c Tue Feb 12 18:59:50 2002
+++ b/kernel/ptrace.c Tue Feb 12 18:59:50 2002
@@ -41,7 +41,9 @@
int ptrace_attach(struct task_struct *task)
{
+ int retval;
task_lock(task);
+ retval = -EPERM;
if (task->pid <= 1)
goto bad;
if (task == current)
@@ -53,7 +55,6 @@
(current->uid != task->uid) ||
(current->gid != task->egid) ||
(current->gid != task->sgid) ||
- (!cap_issubset(task->cap_permitted, current->cap_permitted)) ||
(current->gid != task->gid)) && !capable(CAP_SYS_PTRACE))
goto bad;
rmb();
@@ -62,6 +63,9 @@
/* the same process cannot be attached many times */
if (task->ptrace & PT_PTRACED)
goto bad;
+ retval = security_ops->ptrace(current, task);
+ if (retval)
+ goto bad;
/* Go */
task->ptrace |= PT_PTRACED;
@@ -82,7 +86,7 @@
bad:
task_unlock(task);
- return -EPERM;
+ return retval;
}
int ptrace_detach(struct task_struct *child, unsigned int data)
diff --minimal -Nru a/kernel/sched.c b/kernel/sched.c
--- a/kernel/sched.c Tue Feb 12 18:59:50 2002
+++ b/kernel/sched.c Tue Feb 12 18:59:50 2002
@@ -19,6 +19,7 @@
#include <linux/smp_lock.h>
#include <linux/interrupt.h>
#include <linux/completion.h>
+#include <linux/security.h>
#include <asm/mmu_context.h>
#define BITMAP_SIZE ((((MAX_PRIO+7)/8)+sizeof(long)-1)/sizeof(long))
@@ -969,6 +970,7 @@
asmlinkage long sys_nice(int increment)
{
+ int retval;
long nice;
/*
@@ -990,6 +992,11 @@
nice = -20;
if (nice > 19)
nice = 19;
+
+ retval = security_ops->task_ops->setnice(current, nice);
+ if (retval)
+ return retval;
+
set_user_nice(current, nice);
return 0;
}
@@ -1062,6 +1069,10 @@
!capable(CAP_SYS_NICE))
goto out_unlock;
+ retval = security_ops->task_ops->setscheduler(p, policy, &lp);
+ if (retval)
+ goto out_unlock;
+
array = p->array;
if (array)
deactivate_task(p, task_rq(p));
@@ -1107,8 +1118,11 @@
retval = -ESRCH;
read_lock(&tasklist_lock);
p = find_process_by_pid(pid);
- if (p)
- retval = p->policy;
+ if (p) {
+ retval = security_ops->task_ops->getscheduler(p);
+ if (!retval)
+ retval = p->policy;
+ }
read_unlock(&tasklist_lock);
out_nounlock:
@@ -1130,6 +1144,11 @@
retval = -ESRCH;
if (!p)
goto out_unlock;
+
+ retval = security_ops->task_ops->getscheduler(p);
+ if (retval)
+ goto out_unlock;
+
lp.sched_priority = p->rt_priority;
read_unlock(&tasklist_lock);
@@ -1230,13 +1249,21 @@
retval = -ESRCH;
read_lock(&tasklist_lock);
p = find_process_by_pid(pid);
- if (p)
- jiffies_to_timespec(p->policy & SCHED_FIFO ?
- 0 : NICE_TO_TIMESLICE(p->__nice), &t);
+ if (!p)
+ goto out_unlock;
+
+ retval = security_ops->task_ops->getscheduler(p);
+ if (retval)
+ goto out_unlock;
+
+ jiffies_to_timespec(p->policy & SCHED_FIFO ?
+ 0 : NICE_TO_TIMESLICE(p->__nice), &t);
read_unlock(&tasklist_lock);
- if (p)
- retval = copy_to_user(interval, &t, sizeof(t)) ? -EFAULT : 0;
+ retval = copy_to_user(interval, &t, sizeof(t)) ? -EFAULT : 0;
out_nounlock:
+ return retval;
+out_unlock:
+ read_unlock(&tasklist_lock);
return retval;
}
diff --minimal -Nru a/kernel/signal.c b/kernel/signal.c
--- a/kernel/signal.c Tue Feb 12 18:59:50 2002
+++ b/kernel/signal.c Tue Feb 12 18:59:50 2002
@@ -545,6 +545,9 @@
ret = -EPERM;
if (bad_signal(sig, info, t))
goto out_nolock;
+ ret = security_ops->task_ops->kill(t, info, sig);
+ if (ret)
+ goto out_nolock;
/* The null signal is a permissions and process existance probe.
No signal is actually delivered. Same goes for zombies. */
diff --minimal -Nru a/kernel/sys.c b/kernel/sys.c
--- a/kernel/sys.c Tue Feb 12 18:59:50 2002
+++ b/kernel/sys.c Tue Feb 12 18:59:50 2002
@@ -15,6 +15,7 @@
#include <linux/init.h>
#include <linux/highuid.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include <asm/io.h>
@@ -212,6 +213,7 @@
read_lock(&tasklist_lock);
for_each_task(p) {
+ int no_nice;
if (!proc_sel(p, which, who))
continue;
if (p->uid != current->euid &&
@@ -221,10 +223,17 @@
}
if (error == -ESRCH)
error = 0;
- if (niceval < p->__nice && !capable(CAP_SYS_NICE))
+ if (niceval < p->__nice && !capable(CAP_SYS_NICE)) {
error = -EACCES;
- else
- set_user_nice(p, niceval);
+ continue;
+ }
+ no_nice = security_ops->task_ops->setnice(p, niceval);
+ if (no_nice) {
+ error = no_nice;
+ continue;
+ }
+ set_user_nice(p, niceval);
+
}
read_unlock(&tasklist_lock);
@@ -271,11 +280,17 @@
asmlinkage long sys_reboot(int magic1, int magic2, unsigned int cmd, void * arg)
{
char buffer[256];
+ int retval;
/* We only trust the superuser with rebooting the system. */
if (!capable(CAP_SYS_BOOT))
return -EPERM;
+ retval = security_ops->reboot(cmd);
+ if (retval) {
+ return retval;
+ }
+
/* For safety, we require "magic" arguments. */
if (magic1 != LINUX_REBOOT_MAGIC1 ||
(magic2 != LINUX_REBOOT_MAGIC2 && magic2 != LINUX_REBOOT_MAGIC2A &&
@@ -380,6 +395,11 @@
int old_egid = current->egid;
int new_rgid = old_rgid;
int new_egid = old_egid;
+ int retval;
+
+ retval = security_ops->task_ops->setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
+ if (retval)
+ return retval;
if (rgid != (gid_t) -1) {
if ((old_rgid == rgid) ||
@@ -421,6 +441,11 @@
asmlinkage long sys_setgid(gid_t gid)
{
int old_egid = current->egid;
+ int retval;
+
+ retval = security_ops->task_ops->setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
+ if (retval)
+ return retval;
if (capable(CAP_SETGID))
{
@@ -445,52 +470,6 @@
return 0;
}
-/*
- * cap_emulate_setxuid() fixes the effective / permitted capabilities of
- * a process after a call to setuid, setreuid, or setresuid.
- *
- * 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
- * {r,e,s}uid != 0, the permitted and effective capabilities are
- * cleared.
- *
- * 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
- * capabilities of the process are cleared.
- *
- * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
- * capabilities are set to the permitted capabilities.
- *
- * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should
- * never happen.
- *
- * -astor
- *
- * cevans - New behaviour, Oct '99
- * A process may, via prctl(), elect to keep its capabilities when it
- * calls setuid() and switches away from uid==0. Both permitted and
- * effective sets will be retained.
- * Without this change, it was impossible for a daemon to drop only some
- * of its privilege. The call to setuid(!=0) would drop all privileges!
- * Keeping uid 0 is not an option because uid 0 owns too many vital
- * files..
- * Thanks to Olaf Kirch and Peter Benie for spotting this.
- */
-static inline void cap_emulate_setxuid(int old_ruid, int old_euid,
- int old_suid)
-{
- if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
- (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
- !current->keep_capabilities) {
- cap_clear(current->cap_permitted);
- cap_clear(current->cap_effective);
- }
- if (old_euid == 0 && current->euid != 0) {
- cap_clear(current->cap_effective);
- }
- if (old_euid != 0 && current->euid == 0) {
- current->cap_effective = current->cap_permitted;
- }
-}
-
static int set_user(uid_t new_ruid, int dumpclear)
{
struct user_struct *new_user, *old_user;
@@ -536,6 +515,11 @@
asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
{
int old_ruid, old_euid, old_suid, new_ruid, new_euid;
+ int retval;
+
+ retval = security_ops->task_ops->setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
+ if (retval)
+ return retval;
new_ruid = old_ruid = current->uid;
new_euid = old_euid = current->euid;
@@ -572,11 +556,7 @@
current->suid = current->euid;
current->fsuid = current->euid;
- if (!issecure(SECURE_NO_SETUID_FIXUP)) {
- cap_emulate_setxuid(old_ruid, old_euid, old_suid);
- }
-
- return 0;
+ return security_ops->task_ops->post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
}
@@ -596,6 +576,11 @@
{
int old_euid = current->euid;
int old_ruid, old_suid, new_ruid, new_suid;
+ int retval;
+
+ retval = security_ops->task_ops->setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
+ if (retval)
+ return retval;
old_ruid = new_ruid = current->uid;
old_suid = current->suid;
@@ -616,11 +601,7 @@
current->fsuid = current->euid = uid;
current->suid = new_suid;
- if (!issecure(SECURE_NO_SETUID_FIXUP)) {
- cap_emulate_setxuid(old_ruid, old_euid, old_suid);
- }
-
- return 0;
+ return security_ops->task_ops->post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
}
@@ -633,6 +614,11 @@
int old_ruid = current->uid;
int old_euid = current->euid;
int old_suid = current->suid;
+ int retval;
+
+ retval = security_ops->task_ops->setuid(ruid, euid, suid, LSM_SETID_RES);
+ if (retval)
+ return retval;
if (!capable(CAP_SETUID)) {
if ((ruid != (uid_t) -1) && (ruid != current->uid) &&
@@ -661,11 +647,7 @@
if (suid != (uid_t) -1)
current->suid = suid;
- if (!issecure(SECURE_NO_SETUID_FIXUP)) {
- cap_emulate_setxuid(old_ruid, old_euid, old_suid);
- }
-
- return 0;
+ return security_ops->task_ops->post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
}
asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
@@ -684,6 +666,12 @@
*/
asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
{
+ int retval;
+
+ retval = security_ops->task_ops->setgid(rgid, egid, sgid, LSM_SETID_RES);
+ if (retval)
+ return retval;
+
if (!capable(CAP_SETGID)) {
if ((rgid != (gid_t) -1) && (rgid != current->gid) &&
(rgid != current->egid) && (rgid != current->sgid))
@@ -732,6 +720,11 @@
asmlinkage long sys_setfsuid(uid_t uid)
{
int old_fsuid;
+ int retval;
+
+ retval = security_ops->task_ops->setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
+ if (retval)
+ return retval;
old_fsuid = current->fsuid;
if (uid == current->uid || uid == current->euid ||
@@ -746,24 +739,9 @@
current->fsuid = uid;
}
- /* We emulate fsuid by essentially doing a scaled-down version
- * of what we did in setresuid and friends. However, we only
- * operate on the fs-specific bits of the process' effective
- * capabilities
- *
- * FIXME - is fsuser used for all CAP_FS_MASK capabilities?
- * if not, we might be a bit too harsh here.
- */
-
- if (!issecure(SECURE_NO_SETUID_FIXUP)) {
- if (old_fsuid == 0 && current->fsuid != 0) {
- cap_t(current->cap_effective) &= ~CAP_FS_MASK;
- }
- if (old_fsuid != 0 && current->fsuid == 0) {
- cap_t(current->cap_effective) |=
- (cap_t(current->cap_permitted) & CAP_FS_MASK);
- }
- }
+ retval = security_ops->task_ops->post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
+ if (retval)
+ return retval;
return old_fsuid;
}
@@ -774,6 +752,11 @@
asmlinkage long sys_setfsgid(gid_t gid)
{
int old_fsgid;
+ int retval;
+
+ retval = security_ops->task_ops->setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS);
+ if (retval)
+ return retval;
old_fsgid = current->fsgid;
if (gid == current->gid || gid == current->egid ||
@@ -862,6 +845,10 @@
}
ok_pgid:
+ err = security_ops->task_ops->setpgid(p, pgid);
+ if (err)
+ goto out;
+
p->pgrp = pgid;
err = 0;
out:
@@ -882,8 +869,11 @@
p = find_task_by_pid(pid);
retval = -ESRCH;
- if (p)
- retval = p->pgrp;
+ if (p) {
+ retval = security_ops->task_ops->getpgid(p);
+ if (!retval)
+ retval = p->pgrp;
+ }
read_unlock(&tasklist_lock);
return retval;
}
@@ -907,8 +897,11 @@
p = find_task_by_pid(pid);
retval = -ESRCH;
- if(p)
- retval = p->session;
+ if(p) {
+ retval = security_ops->task_ops->getsid(p);
+ if (!retval)
+ retval = p->session;
+ }
read_unlock(&tasklist_lock);
return retval;
}
@@ -966,12 +959,19 @@
asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist)
{
+ gid_t groups[NGROUPS];
+ int retval;
+
if (!capable(CAP_SETGID))
return -EPERM;
if ((unsigned) gidsetsize > NGROUPS)
return -EINVAL;
- if(copy_from_user(current->groups, grouplist, gidsetsize * sizeof(gid_t)))
+ if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t)))
return -EFAULT;
+ retval = security_ops->task_ops->setgroups(gidsetsize, groups);
+ if (retval)
+ return retval;
+ memcpy(current->groups, groups, gidsetsize * sizeof(gid_t));
current->ngroups = gidsetsize;
return 0;
}
@@ -1026,20 +1026,25 @@
asmlinkage long sys_sethostname(char *name, int len)
{
+ char nodename[__NEW_UTS_LEN+1];
int errno;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
if (len < 0 || len > __NEW_UTS_LEN)
return -EINVAL;
+ if (copy_from_user(nodename, name, len))
+ return -EFAULT;
+ nodename[len] = 0;
+
+ errno = security_ops->sethostname(nodename);
+ if (errno)
+ return errno;
+
down_write(&uts_sem);
- errno = -EFAULT;
- if (!copy_from_user(system_utsname.nodename, name, len)) {
- system_utsname.nodename[len] = 0;
- errno = 0;
- }
+ memcpy(system_utsname.nodename, nodename, len+1);
up_write(&uts_sem);
- return errno;
+ return 0;
}
asmlinkage long sys_gethostname(char *name, int len)
@@ -1065,19 +1070,23 @@
*/
asmlinkage long sys_setdomainname(char *name, int len)
{
+ char domainname[__NEW_UTS_LEN+1];
int errno;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
if (len < 0 || len > __NEW_UTS_LEN)
return -EINVAL;
+ if (copy_from_user(domainname, name, len))
+ return -EFAULT;
+ domainname[len] = 0;
+
+ errno = security_ops->setdomainname(domainname);
+ if (errno)
+ return errno;
down_write(&uts_sem);
- errno = -EFAULT;
- if (!copy_from_user(system_utsname.domainname, name, len)) {
- errno = 0;
- system_utsname.domainname[len] = 0;
- }
+ memcpy(system_utsname.domainname, domainname, len+1);
up_write(&uts_sem);
return errno;
}
@@ -1116,6 +1125,7 @@
asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit *rlim)
{
struct rlimit new_rlim, *old_rlim;
+ int retval;
if (resource >= RLIM_NLIMITS)
return -EINVAL;
@@ -1130,6 +1140,11 @@
if (new_rlim.rlim_cur > NR_OPEN || new_rlim.rlim_max > NR_OPEN)
return -EPERM;
}
+
+ retval = security_ops->task_ops->setrlimit(resource, &new_rlim);
+ if (retval)
+ return retval;
+
*old_rlim = new_rlim;
return 0;
}
@@ -1206,6 +1221,10 @@
{
int error = 0;
int sig;
+
+ error = security_ops->task_ops->prctl(option, arg2, arg3, arg4, arg5);
+ if (error)
+ return error;
switch (option) {
case PR_SET_PDEATHSIG:
diff --minimal -Nru a/kernel/sysctl.c b/kernel/sysctl.c
--- a/kernel/sysctl.c Tue Feb 12 18:59:50 2002
+++ b/kernel/sysctl.c Tue Feb 12 18:59:50 2002
@@ -387,6 +387,11 @@
static inline int ctl_perm(ctl_table *table, int op)
{
+ int error;
+ error = security_ops->sysctl(table, op);
+ if(error) {
+ return error;
+ }
return test_perm(table->mode, op);
}
diff --minimal -Nru a/kernel/uid16.c b/kernel/uid16.c
--- a/kernel/uid16.c Tue Feb 12 18:59:50 2002
+++ b/kernel/uid16.c Tue Feb 12 18:59:50 2002
@@ -12,6 +12,7 @@
#include <linux/prctl.h>
#include <linux/init.h>
#include <linux/highuid.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -128,6 +129,7 @@
asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t *grouplist)
{
old_gid_t groups[NGROUPS];
+ gid_t new_groups[NGROUPS];
int i;
if (!capable(CAP_SETGID))
@@ -137,7 +139,11 @@
if (copy_from_user(groups, grouplist, gidsetsize * sizeof(old_gid_t)))
return -EFAULT;
for (i = 0 ; i < gidsetsize ; i++)
- current->groups[i] = (gid_t)groups[i];
+ new_groups[i] = (gid_t)groups[i];
+ i = security_ops->task_ops->setgroups(gidsetsize, new_groups);
+ if (i)
+ return i;
+ memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t));
current->ngroups = gidsetsize;
return 0;
}
diff --minimal -Nru a/mm/filemap.c b/mm/filemap.c
--- a/mm/filemap.c Tue Feb 12 18:59:50 2002
+++ b/mm/filemap.c Tue Feb 12 18:59:50 2002
@@ -25,6 +25,7 @@
#include <linux/iobuf.h>
#include <linux/compiler.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/pgalloc.h>
#include <asm/uaccess.h>
@@ -1700,6 +1701,10 @@
if (retval)
goto fput_in;
+ retval = security_ops->file_ops->permission (in_file, MAY_READ);
+ if (retval)
+ goto fput_in;
+
/*
* Get output file, and verify that it is ok..
*/
@@ -1714,6 +1719,10 @@
goto fput_out;
out_inode = out_file->f_dentry->d_inode;
retval = locks_verify_area(FLOCK_VERIFY_WRITE, out_inode, out_file, out_file->f_pos, count);
+ if (retval)
+ goto fput_out;
+
+ retval = security_ops->file_ops->permission (out_file, MAY_WRITE);
if (retval)
goto fput_out;
diff --minimal -Nru a/mm/memory.c b/mm/memory.c
--- a/mm/memory.c Tue Feb 12 18:59:50 2002
+++ b/mm/memory.c Tue Feb 12 18:59:50 2002
@@ -44,6 +44,7 @@
#include <linux/iobuf.h>
#include <linux/highmem.h>
#include <linux/pagemap.h>
+#include <linux/security.h>
#include <asm/pgalloc.h>
#include <asm/uaccess.h>
diff --minimal -Nru a/mm/mmap.c b/mm/mmap.c
--- a/mm/mmap.c Tue Feb 12 18:59:50 2002
+++ b/mm/mmap.c Tue Feb 12 18:59:50 2002
@@ -14,6 +14,7 @@
#include <linux/file.h>
#include <linux/fs.h>
#include <linux/personality.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include <asm/pgalloc.h>
@@ -477,6 +478,10 @@
}
}
+ error = security_ops->file_ops->mmap(file, prot, flags);
+ if (error)
+ return error;
+
/* Clear old maps */
error = -ENOMEM;
munmap_back:
diff --minimal -Nru a/mm/mprotect.c b/mm/mprotect.c
--- a/mm/mprotect.c Tue Feb 12 18:59:50 2002
+++ b/mm/mprotect.c Tue Feb 12 18:59:50 2002
@@ -9,6 +9,7 @@
#include <linux/shm.h>
#include <linux/mman.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include <asm/pgalloc.h>
@@ -301,6 +302,10 @@
error = -EACCES;
goto out;
}
+
+ error = security_ops->file_ops->mprotect(vma, prot);
+ if (error)
+ goto out;
if (vma->vm_end > end) {
error = mprotect_fixup(vma, &prev, nstart, end, newflags);
diff --minimal -Nru a/mm/oom_kill.c b/mm/oom_kill.c
--- a/mm/oom_kill.c Tue Feb 12 18:59:50 2002
+++ b/mm/oom_kill.c Tue Feb 12 18:59:50 2002
@@ -89,7 +89,7 @@
* Superuser processes are usually more important, so we make it
* less likely that we kill those.
*/
- if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
+ if (!security_ops->capable(p,CAP_SYS_ADMIN) ||
p->uid == 0 || p->euid == 0)
points /= 4;
@@ -99,7 +99,7 @@
* tend to only have this flag set on applications they think
* of as important.
*/
- if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
+ if (!security_ops->capable(p,CAP_SYS_RAWIO))
points /= 4;
#ifdef DEBUG
printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
@@ -150,7 +150,7 @@
p->flags |= PF_MEMALLOC | PF_MEMDIE;
/* This process has hardware access, be more careful. */
- if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO)) {
+ if (!security_ops->capable(p,CAP_SYS_RAWIO)) {
force_sig(SIGTERM, p);
} else {
force_sig(SIGKILL, p);
diff --minimal -Nru a/mm/swapfile.c b/mm/swapfile.c
--- a/mm/swapfile.c Tue Feb 12 18:59:50 2002
+++ b/mm/swapfile.c Tue Feb 12 18:59:50 2002
@@ -735,6 +735,13 @@
}
prev = type;
}
+
+ err = security_ops->swapoff(p);
+ if (err) {
+ swap_list_unlock();
+ goto out_dput;
+ }
+
err = -EINVAL;
if (type < 0) {
swap_list_unlock();
@@ -908,6 +915,9 @@
goto bad_swap_2;
p->swap_file = swap_file;
+ error = security_ops->swapon(p);
+ if (error)
+ goto bad_swap_2;
error = -EINVAL;
if (S_ISBLK(swap_file->f_dentry->d_inode->i_mode)) {
diff --minimal -Nru a/net/core/dev.c b/net/core/dev.c
--- a/net/core/dev.c Tue Feb 12 18:59:50 2002
+++ b/net/core/dev.c Tue Feb 12 18:59:50 2002
@@ -100,6 +100,7 @@
#include <linux/init.h>
#include <linux/kmod.h>
#include <linux/module.h>
+#include <linux/security.h>
#if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO)
#include <linux/wireless.h> /* Note : will define WIRELESS_EXT */
#include <net/iw_handler.h>
@@ -2534,6 +2535,8 @@
#ifdef CONFIG_NET_DIVERT
free_divert_blk(dev);
#endif
+
+ security_ops->netdev_ops->unregister(dev);
if (dev->features & NETIF_F_DYNALLOC) {
#ifdef NET_REFCNT_DEBUG
diff --minimal -Nru a/net/core/rtnetlink.c b/net/core/rtnetlink.c
--- a/net/core/rtnetlink.c Tue Feb 12 18:59:50 2002
+++ b/net/core/rtnetlink.c Tue Feb 12 18:59:50 2002
@@ -316,7 +316,7 @@
sz_idx = type>>2;
kind = type&3;
- if (kind != 2 && !cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) {
+ if (kind != 2 && security_ops->netlink_recv(skb)) {
*errp = -EPERM;
return -1;
}
diff --minimal -Nru a/net/core/scm.c b/net/core/scm.c
--- a/net/core/scm.c Tue Feb 12 18:59:50 2002
+++ b/net/core/scm.c Tue Feb 12 18:59:50 2002
@@ -22,6 +22,7 @@
#include <linux/net.h>
#include <linux/interrupt.h>
#include <linux/netdevice.h>
+#include <linux/security.h>
#include <asm/system.h>
#include <asm/uaccess.h>
@@ -216,6 +217,9 @@
for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
{
int new_fd;
+ err = security_ops->file_ops->receive(fp[i]);
+ if (err)
+ break;
err = get_unused_fd();
if (err < 0)
break;
diff --minimal -Nru a/net/core/skbuff.c b/net/core/skbuff.c
--- a/net/core/skbuff.c Tue Feb 12 18:59:50 2002
+++ b/net/core/skbuff.c Tue Feb 12 18:59:50 2002
@@ -52,6 +52,7 @@
#include <linux/rtnetlink.h>
#include <linux/init.h>
#include <linux/highmem.h>
+#include <linux/security.h>
#include <net/protocol.h>
#include <net/dst.h>
@@ -190,6 +191,11 @@
if (data == NULL)
goto nodata;
+ if (security_ops->skb_ops->alloc_security(skb)) {
+ kfree(data);
+ goto nodata;
+ }
+
/* XXX: does not include slab overhead */
skb->truesize = size + sizeof(struct sk_buff);
@@ -249,6 +255,7 @@
#ifdef CONFIG_NET_SCHED
skb->tc_index = 0;
#endif
+ skb->lsm_security = NULL;
}
static void skb_drop_fraglist(struct sk_buff *skb)
@@ -326,6 +333,7 @@
#ifdef CONFIG_NETFILTER
nf_conntrack_put(skb->nfct);
#endif
+ security_ops->skb_ops->free_security(skb);
skb_headerinit(skb, NULL, 0); /* clean state */
kfree_skbmem(skb);
}
@@ -354,6 +362,11 @@
if (!n)
return NULL;
}
+
+ if (security_ops->skb_ops->clone(n, skb)) {
+ skb_head_to_pool(n);
+ return NULL;
+ }
#define C(x) n->x = skb->x
@@ -441,6 +454,7 @@
#ifdef CONFIG_NET_SCHED
new->tc_index = old->tc_index;
#endif
+ security_ops->skb_ops->copy(new, old);
}
/**
diff --minimal -Nru a/net/ipv4/devinet.c b/net/ipv4/devinet.c
--- a/net/ipv4/devinet.c Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/devinet.c Tue Feb 12 18:59:50 2002
@@ -55,6 +55,7 @@
#include <linux/sysctl.h>
#endif
#include <linux/kmod.h>
+#include <linux/security.h>
#include <net/ip.h>
#include <net/route.h>
diff --minimal -Nru a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
--- a/net/ipv4/ip_fragment.c Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ip_fragment.c Tue Feb 12 18:59:50 2002
@@ -37,6 +37,7 @@
#include <linux/udp.h>
#include <linux/inet.h>
#include <linux/netfilter_ipv4.h>
+#include <linux/security.h>
/* NOTE. Logic of IP defragmentation is parallel to corresponding IPv6
* code now. If you change something here, _PLEASE_ update ipv6/reassembly.c
@@ -372,7 +373,11 @@
{
struct sk_buff *prev, *next;
int flags, offset;
- int ihl, end;
+ int ihl, end, ret;
+
+ ret = security_ops->ip_ops->defragment(skb);
+ if (ret)
+ goto err;
if (qp->last_in & COMPLETE)
goto err;
diff --minimal -Nru a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
--- a/net/ipv4/ip_gre.c Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ip_gre.c Tue Feb 12 18:59:50 2002
@@ -651,6 +651,7 @@
skb->nf_debug = 0;
#endif
#endif
+ security_ops->ip_ops->decapsulate(skb);
ipgre_ecn_decapsulate(iph, skb);
netif_rx(skb);
read_unlock(&ipgre_lock);
@@ -880,6 +881,7 @@
skb->nf_debug = 0;
#endif
#endif
+ security_ops->ip_ops->encapsulate(skb);
IPTUNNEL_XMIT();
tunnel->recursion--;
diff --minimal -Nru a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
--- a/net/ipv4/ip_options.c Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ip_options.c Tue Feb 12 18:59:50 2002
@@ -433,7 +433,11 @@
opt->router_alert = optptr - iph;
break;
case IPOPT_SEC:
+ case IPOPT_CIPSO:
case IPOPT_SID:
+ if (security_ops->ip_ops->decode_options(skb, optptr, &pp_ptr))
+ goto error;
+ break;
default:
if (!skb && !capable(CAP_NET_RAW)) {
pp_ptr = optptr;
diff --minimal -Nru a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
--- a/net/ipv4/ip_output.c Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ip_output.c Tue Feb 12 18:59:50 2002
@@ -872,6 +872,7 @@
skb2->nf_debug = skb->nf_debug;
#endif
#endif
+ security_ops->ip_ops->fragment(skb2, skb);
/*
* Put this fragment into the sending queue.
diff --minimal -Nru a/net/ipv4/ipip.c b/net/ipv4/ipip.c
--- a/net/ipv4/ipip.c Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ipip.c Tue Feb 12 18:59:50 2002
@@ -500,6 +500,7 @@
skb->nf_debug = 0;
#endif
#endif
+ security_ops->ip_ops->decapsulate(skb);
ipip_ecn_decapsulate(iph, skb);
netif_rx(skb);
read_unlock(&ipip_lock);
@@ -647,6 +648,8 @@
skb->nf_debug = 0;
#endif
#endif
+
+ security_ops->ip_ops->encapsulate(skb);
IPTUNNEL_XMIT();
tunnel->recursion--;
diff --minimal -Nru a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
--- a/net/ipv4/ipmr.c Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ipmr.c Tue Feb 12 18:59:50 2002
@@ -1100,6 +1100,7 @@
nf_conntrack_put(skb->nfct);
skb->nfct = NULL;
#endif
+ security_ops->ip_ops->encapsulate(skb);
}
static inline int ipmr_forward_finish(struct sk_buff *skb)
@@ -1445,6 +1446,7 @@
nf_conntrack_put(skb->nfct);
skb->nfct = NULL;
#endif
+ security_ops->ip_ops->decapsulate(skb);
netif_rx(skb);
dev_put(reg_dev);
return 0;
@@ -1512,6 +1514,7 @@
nf_conntrack_put(skb->nfct);
skb->nfct = NULL;
#endif
+ security_ops->ip_ops->decapsulate(skb);
netif_rx(skb);
dev_put(reg_dev);
return 0;
diff --minimal -Nru a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
--- a/net/ipv4/netfilter/ip_queue.c Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/netfilter/ip_queue.c Tue Feb 12 18:59:50 2002
@@ -490,7 +490,7 @@
RCV_SKB_FAIL(-EINVAL);
if (type <= IPQM_BASE)
return;
- if(!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN))
+ if (security_ops->netlink_recv(skb))
RCV_SKB_FAIL(-EPERM);
if (nlq->peer.pid && !nlq->peer.died
&& (nlq->peer.pid != nlh->nlmsg_pid)) {
diff --minimal -Nru a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
--- a/net/ipv4/tcp_ipv4.c Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/tcp_ipv4.c Tue Feb 12 18:59:50 2002
@@ -1646,6 +1646,9 @@
if(!ipsec_sk_policy(sk,skb))
goto discard_and_relse;
+ if (security_ops->socket_ops->sock_rcv_skb(sk, skb))
+ goto discard_and_relse;
+
if (sk->state == TCP_TIME_WAIT)
goto do_time_wait;
diff --minimal -Nru a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
--- a/net/netlink/af_netlink.c Tue Feb 12 18:59:50 2002
+++ b/net/netlink/af_netlink.c Tue Feb 12 18:59:50 2002
@@ -597,7 +597,12 @@
check them, when this message will be delivered
to corresponding kernel module. --ANK (980802)
*/
- NETLINK_CB(skb).eff_cap = current->cap_effective;
+
+ err = security_ops->netlink_send(skb);
+ if (err) {
+ kfree_skb(skb);
+ goto out;
+ }
err = -EFAULT;
if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
diff --minimal -Nru a/net/socket.c b/net/socket.c
--- a/net/socket.c Tue Feb 12 18:59:50 2002
+++ b/net/socket.c Tue Feb 12 18:59:50 2002
@@ -547,6 +547,10 @@
int err;
struct scm_cookie scm;
+ err = security_ops->socket_ops->sendmsg(sock, msg, size);
+ if (err)
+ return err;
+
err = scm_send(sock, msg, &scm);
if (err >= 0) {
err = sock->ops->sendmsg(sock, msg, size, &scm);
@@ -558,6 +562,11 @@
int sock_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags)
{
struct scm_cookie scm;
+ int err;
+
+ err = security_ops->socket_ops->recvmsg(sock, msg, size, flags);
+ if (err)
+ return err;
memset(&scm, 0, sizeof(scm));
@@ -867,6 +876,7 @@
int sock_create(int family, int type, int protocol, struct socket **res)
{
int i;
+ int err;
struct socket *sock;
/*
@@ -890,6 +900,10 @@
}
family = PF_PACKET;
}
+
+ err = security_ops->socket_ops->create(family, type, protocol);
+ if (err)
+ return err;
#if defined(CONFIG_KMOD) && defined(CONFIG_NET)
/* Attempt to load a protocol module if the find failed.
@@ -936,6 +950,8 @@
*res = sock;
+ security_ops->socket_ops->post_create(sock, family, type, protocol);
+
out:
net_family_read_unlock();
return i;
@@ -1045,8 +1061,14 @@
if((sock = sockfd_lookup(fd,&err))!=NULL)
{
- if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
+ if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) {
+ err = security_ops->socket_ops->bind(sock, (struct sockaddr *)address, addrlen);
+ if (err) {
+ sockfd_put(sock);
+ return err;
+ }
err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
+ }
sockfd_put(sock);
}
return err;
@@ -1067,6 +1089,13 @@
if ((sock = sockfd_lookup(fd, &err)) != NULL) {
if ((unsigned) backlog > SOMAXCONN)
backlog = SOMAXCONN;
+
+ err = security_ops->socket_ops->listen(sock, backlog);
+ if (err) {
+ sockfd_put(sock);
+ return err;
+ }
+
err=sock->ops->listen(sock, backlog);
sockfd_put(sock);
}
@@ -1103,6 +1132,10 @@
newsock->type = sock->type;
newsock->ops = sock->ops;
+ err = security_ops->socket_ops->accept(sock, newsock);
+ if (err)
+ goto out_release;
+
err = sock->ops->accept(sock, newsock, sock->file->f_flags);
if (err < 0)
goto out_release;
@@ -1157,8 +1190,14 @@
err = move_addr_to_kernel(uservaddr, addrlen, address);
if (err < 0)
goto out_put;
+
+ err = security_ops->socket_ops->connect(sock, (struct sockaddr *)address, addrlen);
+ if (err)
+ goto out_put;
+
err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
sock->file->f_flags);
+
out_put:
sockfd_put(sock);
out:
@@ -1179,6 +1218,11 @@
sock = sockfd_lookup(fd, &err);
if (!sock)
goto out;
+
+ err = security_ops->socket_ops->getsockname(sock);
+ if (err)
+ goto out_put;
+
err = sock->ops->getname(sock, (struct sockaddr *)address, &len, 0);
if (err)
goto out_put;
@@ -1203,6 +1247,12 @@
if ((sock = sockfd_lookup(fd, &err))!=NULL)
{
+ err = security_ops->socket_ops->getpeername(sock);
+ if (err) {
+ sockfd_put(sock);
+ return err;
+ }
+
err = sock->ops->getname(sock, (struct sockaddr *)address, &len, 1);
if (!err)
err=move_addr_to_user(address,len, usockaddr, usockaddr_len);
@@ -1331,6 +1381,12 @@
if ((sock = sockfd_lookup(fd, &err))!=NULL)
{
+ err = security_ops->socket_ops->setsockopt(sock,level,optname);
+ if (err) {
+ sockfd_put(sock);
+ return err;
+ }
+
if (level == SOL_SOCKET)
err=sock_setsockopt(sock,level,optname,optval,optlen);
else
@@ -1352,6 +1408,13 @@
if ((sock = sockfd_lookup(fd, &err))!=NULL)
{
+ err = security_ops->socket_ops->getsockopt(sock, level,
+ optname);
+ if (err) {
+ sockfd_put(sock);
+ return err;
+ }
+
if (level == SOL_SOCKET)
err=sock_getsockopt(sock,level,optname,optval,optlen);
else
@@ -1373,6 +1436,12 @@
if ((sock = sockfd_lookup(fd, &err))!=NULL)
{
+ err = security_ops->socket_ops->shutdown(sock, how);
+ if (err) {
+ sockfd_put(sock);
+ return err;
+ }
+
err=sock->ops->shutdown(sock, how);
sockfd_put(sock);
}
diff --minimal -Nru a/net/unix/af_unix.c b/net/unix/af_unix.c
--- a/net/unix/af_unix.c Tue Feb 12 18:59:50 2002
+++ b/net/unix/af_unix.c Tue Feb 12 18:59:50 2002
@@ -109,6 +109,7 @@
#include <linux/poll.h>
#include <linux/smp_lock.h>
#include <linux/rtnetlink.h>
+#include <linux/security.h>
#include <asm/checksum.h>
@@ -792,6 +793,12 @@
err = -EPERM;
if (!unix_may_send(sk, other))
goto out_unlock;
+
+ err = security_ops->socket_ops->unix_may_send(sk->socket,
+ other->socket);
+ if (err)
+ goto out_unlock;
+
} else {
/*
* 1003.1g breaking connected state with AF_UNSPEC
@@ -956,6 +963,12 @@
goto restart;
}
+ err = security_ops->socket_ops->unix_stream_connect(sock, other->socket);
+ if (err) {
+ unix_state_wunlock(sk);
+ goto out_unlock;
+ }
+
/* The way is open! Fastly set all the necessary fields... */
sock_hold(sk);
@@ -1249,6 +1262,11 @@
err = -EPIPE;
if (other->shutdown&RCV_SHUTDOWN)
+ goto out_unlock;
+
+ err = security_ops->socket_ops->unix_may_send(sk->socket,
+ other->socket);
+ if (err)
goto out_unlock;
if (unix_peer(other) != sk &&
diff --minimal -Nru a/security/Config.help b/security/Config.help
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/Config.help Tue Feb 12 18:59:50 2002
@@ -0,0 +1,78 @@
+CONFIG_SECURITY_CAPABILITIES
+ This enables the "default" Linux capabilities functionality.
+ If you are unsure how to answer this question, answer Y.
+
+CONFIG_SECURITY_IP
+ This option enables the Netfilter-based IP networking hooks.
+
+ Answer Y to this if using an LSM module which uses these
+ hooks, otherwise, answer N.
+
+CONFIG_SECURITY_OWLSM
+ This enables the LSM port of the Openwall kernel patch. This is NOT
+ official Openwall. For more information on the Openwall kernel patch
+ go to <http://www.openwall.com/>
+
+CONFIG_OWLSM_RLIMIT_NPROC
+ This option is an LSM port of the Openwall CONFIG_SECURE_RLIMIT_NPROC
+ patch. It is derived from Openwall but is not official Openwall. This
+ option is only valid if you have chosen to build the LSM port of
+ Openwall (CONFIG_SECURITY_OWLSM).
+
+ Linux lets you set a limit on how many processes a user can have, via
+ a setrlimit(2) call with RLIMIT_NPROC. Unfortunately, this limit is
+ only looked at when a new process is created on fork(2). If a process
+ changes its UID, it might exceed the limit for its new UID. This is
+ not a security issue by itself, as changing the UID is a privileged
+ operation. However, there're privileged programs that want to switch
+ to a user's context, including setting up some resource limits. The
+ only fork(2) required (if at all) is done before switching the UID,
+ and thus doesn't result in a check against RLIMIT_NPROC. Enable this
+ option to enforce RLIMIT_NPROC on execve(2) calls.
+
+ If you are unsure how to answer this question, answer N.
+
+CONFIG_OWLSM_LINK
+ This option is an LSM port of the Openwall CONFIG_SECURE_LINK patch.
+ It is derived from Openwall but is not official Openwall. This option
+ is only valid if you have chosen to build the LSM port of Openwall
+ (CONFIG_SECURITY_OWLSM).
+
+ There's a very common attack that involves a malicious user creating
+ a symbolic link in /tmp, with a carefully chosen name, pointing at
+ another user's file. When the victim then writes to that file name,
+ without the required precautions, they inadvertently write to the
+ wrong file. Enabling this option reduces the impact of this class of
+ holes (some get fixed, many others allow for DoS attacks only, most
+ of the rest become harder to exploit) by preventing a process from
+ following a link which is in a +t directory, unless the link owner
+ is trusted (that is, it's the user we're running as or the directory
+ owner). To prevent from using a hard link in an attack instead, this
+ option does not allow users to create hard links to files they don't
+ own. This might break things. Say Y if security is more important.
+
+CONFIG_OWLSM_FD
+ This option is an LSM port of the Openwall CONFIG_SECURE_FD_0_1_2
+ patch. It is derived from Openwall but is not official Openwall.
+ This option is only valid if you have chosen to build the LSM port of
+ Openwall (CONFIG_SECURITY_OWLSM).
+
+ File descriptors 0, 1, and 2 have a special meaning for the C library
+ and lots of programs. Thus, they're often referenced by number. Still,
+ it is normally possible to execute a program with one or more of these
+ fd's closed, and any open(2) calls it might do will happily provide
+ these fd numbers. The program (or the libraries it is linked with)
+ will continue using the fd's for their usual purposes, in reality
+ accessing files the program has just opened. If such a program is
+ installed SUID and/or SGID, then we might have a security problem.
+ Enable this option to ensure that fd's 0, 1, and 2 are always open on
+ execution of a SUID/SGID binary.
+
+CONFIG_SECURITY_DTE
+ This enables Domain and Type Enforcement. It assigns labels to
+ files and processes. File labels are called types, and process
+ labels are called domains. DTE controls transitions and signal
+ access between domains, and access from domains to types. For
+ more information, please see <http://www.cs.wm.edu/~hallyn/dte>
+
+ If you're unsure, answer N.
diff --minimal -Nru a/security/Config.in b/security/Config.in
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/Config.in Tue Feb 12 18:59:50 2002
@@ -0,0 +1,16 @@
+#
+# Security configuration
+#
+mainmenu_option next_comment
+comment 'Security options'
+tristate 'Capabilities Support' CONFIG_SECURITY_CAPABILITIES
+dep_tristate 'IP Networking Support' CONFIG_SECURITY_IP $CONFIG_NETFILTER
+source security/selinux/Config.in
+dep_tristate 'LSM port of Openwall (EXPERIMENTAL)' CONFIG_SECURITY_OWLSM $CONFIG_EXPERIMENTAL
+if [ "$CONFIG_SECURITY_OWLSM" = "y" -o "$CONFIG_SECURITY_OWLSM" = "m" ]; then
+ bool ' Add RLIMITS_NPROC check to execve' CONFIG_OWLSM_RLIMIT_NPROC
+ bool ' Restricted links in /tmp' CONFIG_OWLSM_LINK
+ bool ' Special handling of fd 0, 1, and 2' CONFIG_OWLSM_FD
+fi
+dep_tristate 'Domain and Type Enforcement (EXPERIMENTAL)' CONFIG_SECURITY_DTE $CONFIG_EXPERIMENTAL
+endmenu
diff --minimal -Nru a/security/Makefile b/security/Makefile
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/Makefile Tue Feb 12 18:59:50 2002
@@ -0,0 +1,29 @@
+#
+# Makefile for the kernel security code
+#
+
+# The target object and module list name.
+O_TARGET := vmlinux-obj.o
+
+# subdirectory list
+subdir-$(CONFIG_SECURITY_SELINUX) += selinux
+subdir-$(CONFIG_SECURITY_DTE) += dte
+
+# Objects that export symbols
+export-objs := security.o
+
+# Object file lists
+obj-y := security.o dummy.o
+
+# Must precede capabilities in order to stack properly.
+ifeq ($(CONFIG_SECURITY_SELINUX),y)
+ obj-$(CONFIG_SECURITY_SELINUX) += selinux/selinux-obj.o
+endif
+obj-$(CONFIG_SECURITY_CAPABILITIES) += capability.o
+obj-$(CONFIG_SECURITY_IP) += lsm_ip_glue.o
+obj-$(CONFIG_SECURITY_OWLSM) += owlsm.o
+ifeq ($(CONFIG_SECURITY_DTE),y)
+ obj-y += dte/dte_plug.o
+endif
+
+include $(TOPDIR)/Rules.make
diff --minimal -Nru a/security/Makefile.in b/security/Makefile.in
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/Makefile.in Tue Feb 12 18:59:50 2002
@@ -0,0 +1,27 @@
+
+# Beginnings of a kbuild-2.5 makefile --- offer@sgi.com
+
+
+
+# security.o has exportable symbols.
+expsyms(security.o)
+
+# Always build the framework
+select(security.o)
+select(dummy.o)
+
+
+# the pre-existing capabilities code.
+select(CONFIG_M CONFIG_SECURITY_CAPABILITIES capability.o)
+
+
+select(CONFIG_M CONFIG_SECURITY_IP lsm_ip_glue.o)
+
+# OpenWall
+select(CONFIG_M CONFIG_SECURITY_OWLSM owlsm.o)
+
+# NSA/NAI SELinux
+link_subdirs(selinux)
+
+# Domain Type Enforcement
+link_subdirs(dte)
diff --minimal -Nru a/security/capability.c b/security/capability.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/capability.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1361 @@
+/*
+ * Capabilities Linux Security Module
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/file.h>
+#include <linux/mm.h>
+#include <linux/smp_lock.h>
+#include <linux/netfilter.h>
+#include <linux/netlink.h>
+
+/* flag to keep track of how we were registered */
+static int secondary;
+
+static int cap_sethostname (char *hostname)
+{
+ return 0;
+}
+
+static int cap_setdomainname (char *domainname)
+{
+ return 0;
+}
+
+static int cap_reboot (unsigned int cmd)
+{
+ return 0;
+}
+
+static int cap_ioperm (unsigned long from, unsigned long num, int turn_on)
+{
+ return 0;
+}
+
+static int cap_iopl (unsigned int old, unsigned int level)
+{
+ return 0;
+}
+
+static int cap_capable (struct task_struct *tsk, int cap)
+{
+ /* Derived from include/linux/sched.h:capable. */
+ if (cap_raised (tsk->cap_effective, cap))
+ return 0;
+ else
+ return -EPERM;
+}
+
+static int cap_sys_security (unsigned int id, unsigned int call,
+ unsigned long *args)
+{
+ return -ENOSYS;
+}
+
+static int cap_swapon (struct swap_info_struct *swap)
+{
+ return 0;
+}
+
+static int cap_swapoff (struct swap_info_struct *swap)
+{
+ return 0;
+}
+
+static int cap_nfsservctl (int cmd, struct nfsctl_arg *arg)
+{
+ return 0;
+}
+
+static int cap_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+ return 0;
+}
+
+static int cap_quota_on (struct file *f)
+{
+ return 0;
+}
+
+static int cap_bdflush (int func, long data)
+{
+ return 0;
+}
+
+static int cap_syslog (int type)
+{
+ return 0;
+}
+
+static int cap_netlink_send (struct sk_buff *skb)
+{
+ NETLINK_CB (skb).eff_cap = current->cap_effective;
+ return 0;
+}
+
+static int cap_netlink_recv (struct sk_buff *skb)
+{
+ if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
+ return -EPERM;
+ return 0;
+}
+
+static int cap_ptrace (struct task_struct *parent, struct task_struct *child)
+{
+ /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */
+ if (!cap_issubset (child->cap_permitted, current->cap_permitted) &&
+ !capable (CAP_SYS_PTRACE))
+ return -EPERM;
+ else
+ return 0;
+}
+
+static int cap_capget (struct task_struct *target, kernel_cap_t * effective,
+ kernel_cap_t * inheritable, kernel_cap_t * permitted)
+{
+ /* Derived from kernel/capability.c:sys_capget. */
+ *effective = cap_t (target->cap_effective);
+ *inheritable = cap_t (target->cap_inheritable);
+ *permitted = cap_t (target->cap_permitted);
+ return 0;
+}
+
+static int cap_capset_check (struct task_struct *target,
+ kernel_cap_t * effective,
+ kernel_cap_t * inheritable,
+ kernel_cap_t * permitted)
+{
+ /* Derived from kernel/capability.c:sys_capset. */
+ /* verify restrictions on target's new Inheritable set */
+ if (!cap_issubset (*inheritable,
+ cap_combine (target->cap_inheritable,
+ current->cap_permitted))) {
+ return -EPERM;
+ }
+
+ /* verify restrictions on target's new Permitted set */
+ if (!cap_issubset (*permitted,
+ cap_combine (target->cap_permitted,
+ current->cap_permitted))) {
+ return -EPERM;
+ }
+
+ /* verify the _new_Effective_ is a subset of the _new_Permitted_ */
+ if (!cap_issubset (*effective, *permitted)) {
+ return -EPERM;
+ }
+
+ return 0;
+}
+
+static void cap_capset_set (struct task_struct *target,
+ kernel_cap_t * effective,
+ kernel_cap_t * inheritable,
+ kernel_cap_t * permitted)
+{
+ target->cap_effective = *effective;
+ target->cap_inheritable = *inheritable;
+ target->cap_permitted = *permitted;
+}
+
+static int cap_acct (struct file *file)
+{
+ return 0;
+}
+
+static int cap_sysctl (ctl_table * table, int op)
+{
+ return 0;
+}
+
+static int cap_binprm_alloc_security (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static int cap_binprm_set_security (struct linux_binprm *bprm)
+{
+ /* Copied from fs/exec.c:prepare_binprm. */
+
+ /* We don't have VFS support for capabilities yet */
+ cap_clear (bprm->cap_inheritable);
+ cap_clear (bprm->cap_permitted);
+ cap_clear (bprm->cap_effective);
+
+ /* To support inheritance of root-permissions and suid-root
+ * executables under compatibility mode, we raise all three
+ * capability sets for the file.
+ *
+ * If only the real uid is 0, we only raise the inheritable
+ * and permitted sets of the executable file.
+ */
+
+ if (!issecure (SECURE_NOROOT)) {
+ if (bprm->e_uid == 0 || current->uid == 0) {
+ cap_set_full (bprm->cap_inheritable);
+ cap_set_full (bprm->cap_permitted);
+ }
+ if (bprm->e_uid == 0)
+ cap_set_full (bprm->cap_effective);
+ }
+ return 0;
+}
+
+static void cap_binprm_free_security (struct linux_binprm *bprm)
+{
+ return;
+}
+
+/* Copied from fs/exec.c */
+static inline int must_not_trace_exec (struct task_struct *p)
+{
+ return (p->ptrace & PT_PTRACED) && !(p->ptrace & PT_PTRACE_CAP);
+}
+
+static void cap_binprm_compute_creds (struct linux_binprm *bprm)
+{
+ /* Derived from fs/exec.c:compute_creds. */
+ kernel_cap_t new_permitted, working;
+ int do_unlock = 0;
+
+ new_permitted = cap_intersect (bprm->cap_permitted, cap_bset);
+ working = cap_intersect (bprm->cap_inheritable,
+ current->cap_inheritable);
+ new_permitted = cap_combine (new_permitted, working);
+
+ if (!cap_issubset (new_permitted, current->cap_permitted)) {
+ current->mm->dumpable = 0;
+
+ lock_kernel ();
+ if (must_not_trace_exec (current)
+ || atomic_read (¤t->fs->count) > 1
+ || atomic_read (¤t->files->count) > 1
+ || atomic_read (¤t->sig->count) > 1) {
+ if (!capable (CAP_SETPCAP)) {
+ new_permitted = cap_intersect (new_permitted,
+ current->
+ cap_permitted);
+ }
+ }
+ do_unlock = 1;
+ }
+
+ /* For init, we want to retain the capabilities set
+ * in the init_task struct. Thus we skip the usual
+ * capability rules */
+ if (current->pid != 1) {
+ current->cap_permitted = new_permitted;
+ current->cap_effective =
+ cap_intersect (new_permitted, bprm->cap_effective);
+ }
+
+ /* AUD: Audit candidate if current->cap_effective is set */
+
+ if (do_unlock)
+ unlock_kernel ();
+
+ current->keep_capabilities = 0;
+}
+
+static int cap_sb_alloc_security (struct super_block *sb)
+{
+ return 0;
+}
+
+static void cap_sb_free_security (struct super_block *sb)
+{
+ return;
+}
+
+static int cap_sb_statfs (struct super_block *sb)
+{
+ return 0;
+}
+
+static int cap_mount (char *dev_name, struct nameidata *nd, char *type,
+ unsigned long flags, void *data)
+{
+ return 0;
+}
+
+static int cap_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+ return 0;
+}
+
+static int cap_umount (struct vfsmount *mnt, int flags)
+{
+ return 0;
+}
+
+static void cap_umount_close (struct vfsmount *mnt)
+{
+ return;
+}
+
+static void cap_umount_busy (struct vfsmount *mnt)
+{
+ return;
+}
+
+static void cap_post_remount (struct vfsmount *mnt, unsigned long flags,
+ void *data)
+{
+ return;
+}
+
+static void cap_post_mountroot (void)
+{
+ return;
+}
+
+static void cap_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+{
+ return;
+}
+
+static int cap_inode_alloc_security (struct inode *inode)
+{
+ return 0;
+}
+
+static void cap_inode_free_security (struct inode *inode)
+{
+ return;
+}
+
+static int cap_inode_create (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return 0;
+}
+
+static void cap_inode_post_create (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return;
+}
+
+static int cap_inode_link (struct dentry *old_dentry, struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static void cap_inode_post_link (struct dentry *old_dentry, struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return;
+}
+
+static int cap_inode_unlink (struct inode *inode, struct dentry *dentry)
+{
+ return 0;
+}
+
+static int cap_inode_symlink (struct inode *inode, struct dentry *dentry,
+ const char *name)
+{
+ return 0;
+}
+
+static void cap_inode_post_symlink (struct inode *inode, struct dentry *dentry,
+ const char *name)
+{
+ return;
+}
+
+static int cap_inode_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return 0;
+}
+
+static void cap_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return;
+}
+
+static int cap_inode_rmdir (struct inode *inode, struct dentry *dentry)
+{
+ return 0;
+}
+
+static int cap_inode_mknod (struct inode *inode, struct dentry *dentry,
+ int major, dev_t minor)
+{
+ return 0;
+}
+
+static void cap_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+ int major, dev_t minor)
+{
+ return;
+}
+
+static int cap_inode_rename (struct inode *old_inode, struct dentry *old_dentry,
+ struct inode *new_inode, struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static void cap_inode_post_rename (struct inode *old_inode,
+ struct dentry *old_dentry,
+ struct inode *new_inode,
+ struct dentry *new_dentry)
+{
+ return;
+}
+
+static int cap_inode_readlink (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int cap_inode_follow_link (struct dentry *dentry,
+ struct nameidata *nameidata)
+{
+ return 0;
+}
+
+static int cap_inode_permission (struct inode *inode, int mask)
+{
+ return 0;
+}
+
+static int cap_inode_revalidate (struct dentry *inode)
+{
+ return 0;
+}
+
+static int cap_inode_setattr (struct dentry *dentry, struct iattr *iattr)
+{
+ return 0;
+}
+
+static int cap_inode_stat (struct inode *inode)
+{
+ return 0;
+}
+
+static void cap_post_lookup (struct inode *ino, struct dentry *d)
+{
+ return;
+}
+
+static void cap_delete (struct inode *ino)
+{
+ return;
+}
+
+static int cap_inode_setxattr (struct dentry *dentry, char *name, void *value,
+ size_t size, int flags)
+{
+ return 0;
+}
+
+static int cap_inode_getxattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static int cap_inode_listxattr (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int cap_inode_removexattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static int cap_file_permission (struct file *file, int mask)
+{
+ return 0;
+}
+
+static int cap_file_alloc_security (struct file *file)
+{
+ return 0;
+}
+
+static void cap_file_free_security (struct file *file)
+{
+ return;
+}
+
+static int cap_file_llseek (struct file *file)
+{
+ return 0;
+}
+
+static int cap_file_ioctl (struct file *file, unsigned int command,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static int cap_file_mmap (struct file *file, unsigned long prot,
+ unsigned long flags)
+{
+ return 0;
+}
+
+static int cap_file_mprotect (struct vm_area_struct *vma, unsigned long prot)
+{
+ return 0;
+}
+
+static int cap_file_lock (struct file *file, unsigned int cmd, int blocking)
+{
+ return 0;
+}
+
+static int cap_file_fcntl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static int cap_file_set_fowner (struct file *file)
+{
+ return 0;
+}
+
+static int cap_file_send_sigiotask (struct task_struct *tsk,
+ struct fown_struct *fown, int fd,
+ int reason)
+{
+ return 0;
+}
+
+static int cap_file_receive (struct file *file)
+{
+ return 0;
+}
+
+static int cap_task_create (unsigned long clone_flags)
+{
+ return 0;
+}
+
+static int cap_task_alloc_security (struct task_struct *p)
+{
+ return 0;
+}
+
+static void cap_task_free_security (struct task_struct *p)
+{
+ return;
+}
+
+static int cap_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+ return 0;
+}
+
+/* moved from kernel/sys.c. */
+/*
+ * cap_emulate_setxuid() fixes the effective / permitted capabilities of
+ * a process after a call to setuid, setreuid, or setresuid.
+ *
+ * 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
+ * {r,e,s}uid != 0, the permitted and effective capabilities are
+ * cleared.
+ *
+ * 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
+ * capabilities of the process are cleared.
+ *
+ * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
+ * capabilities are set to the permitted capabilities.
+ *
+ * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should
+ * never happen.
+ *
+ * -astor
+ *
+ * cevans - New behaviour, Oct '99
+ * A process may, via prctl(), elect to keep its capabilities when it
+ * calls setuid() and switches away from uid==0. Both permitted and
+ * effective sets will be retained.
+ * Without this change, it was impossible for a daemon to drop only some
+ * of its privilege. The call to setuid(!=0) would drop all privileges!
+ * Keeping uid 0 is not an option because uid 0 owns too many vital
+ * files..
+ * Thanks to Olaf Kirch and Peter Benie for spotting this.
+ */
+static inline void cap_emulate_setxuid (int old_ruid, int old_euid,
+ int old_suid)
+{
+ if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
+ (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
+ !current->keep_capabilities) {
+ cap_clear (current->cap_permitted);
+ cap_clear (current->cap_effective);
+ }
+ if (old_euid == 0 && current->euid != 0) {
+ cap_clear (current->cap_effective);
+ }
+ if (old_euid != 0 && current->euid == 0) {
+ current->cap_effective = current->cap_permitted;
+ }
+}
+
+static int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid,
+ int flags)
+{
+ switch (flags) {
+ case LSM_SETID_RE:
+ case LSM_SETID_ID:
+ case LSM_SETID_RES:
+ /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */
+ if (!issecure (SECURE_NO_SETUID_FIXUP)) {
+ cap_emulate_setxuid (old_ruid, old_euid, old_suid);
+ }
+ break;
+ case LSM_SETID_FS:
+ {
+ uid_t old_fsuid = old_ruid;
+
+ /* Copied from kernel/sys.c:setfsuid. */
+
+ /*
+ * FIXME - is fsuser used for all CAP_FS_MASK capabilities?
+ * if not, we might be a bit too harsh here.
+ */
+
+ if (!issecure (SECURE_NO_SETUID_FIXUP)) {
+ if (old_fsuid == 0 && current->fsuid != 0) {
+ cap_t (current->cap_effective) &=
+ ~CAP_FS_MASK;
+ }
+ if (old_fsuid != 0 && current->fsuid == 0) {
+ cap_t (current->cap_effective) |=
+ (cap_t (current->cap_permitted) &
+ CAP_FS_MASK);
+ }
+ }
+ break;
+ }
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int cap_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
+{
+ return 0;
+}
+
+static int cap_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+ return 0;
+}
+
+static int cap_task_getpgid (struct task_struct *p)
+{
+ return 0;
+}
+
+static int cap_task_getsid (struct task_struct *p)
+{
+ return 0;
+}
+
+static int cap_task_setgroups (int gidsetsize, gid_t * grouplist)
+{
+ return 0;
+}
+
+static int cap_task_setnice (struct task_struct *p, int nice)
+{
+ return 0;
+}
+
+static int cap_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
+{
+ return 0;
+}
+
+static int cap_task_setscheduler (struct task_struct *p, int policy,
+ struct sched_param *lp)
+{
+ return 0;
+}
+
+static int cap_task_getscheduler (struct task_struct *p)
+{
+ return 0;
+}
+
+static int cap_task_wait (struct task_struct *p)
+{
+ return 0;
+}
+
+static int cap_task_kill (struct task_struct *p, struct siginfo *info, int sig)
+{
+ return 0;
+}
+
+static int cap_task_prctl (int option, unsigned long arg2, unsigned long arg3,
+ unsigned long arg4, unsigned long arg5)
+{
+ return 0;
+}
+
+static void cap_task_kmod_set_label (void)
+{
+ cap_set_full (current->cap_effective);
+ return;
+}
+
+static unsigned int cap_ip_preroute_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_preroute_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_input_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_input_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_forward_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_forward_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_output_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_output_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_postroute_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_postroute_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static void cap_ip_fragment (struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ return;
+}
+
+static int cap_ip_defragment (struct sk_buff *skb)
+{
+ return 0;
+}
+
+static void cap_ip_encapsulate (struct sk_buff *skb)
+{
+ return;
+}
+
+static void cap_ip_decapsulate (struct sk_buff *skb)
+{
+ return;
+}
+
+static int cap_ip_decode_options (struct sk_buff *skb, const char *optptr,
+ unsigned char **pp_ptr)
+{
+ if (!skb && !capable (CAP_NET_RAW)) {
+ (const unsigned char *) *pp_ptr = optptr;
+ return -EPERM;
+ }
+ return 0;
+}
+
+static void cap_netdev_unregister (struct net_device *dev)
+{
+ return;
+}
+
+static int cap_socket_create (int family, int type, int protocol)
+{
+ return 0;
+}
+
+static void cap_socket_post_create (struct socket *sock, int family, int type,
+ int protocol)
+{
+ return;
+}
+
+static int cap_socket_bind (struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ return 0;
+}
+
+static int cap_socket_connect (struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ return 0;
+}
+
+static int cap_socket_listen (struct socket *sock, int backlog)
+{
+ return 0;
+}
+
+static int cap_socket_accept (struct socket *sock, struct socket *newsock)
+{
+ return 0;
+}
+
+static int cap_socket_sendmsg (struct socket *sock, struct msghdr *msg,
+ int size)
+{
+ return 0;
+}
+
+static int cap_socket_recvmsg (struct socket *sock, struct msghdr *msg,
+ int size, int flags)
+{
+ return 0;
+}
+
+static int cap_socket_getsockname (struct socket *sock)
+{
+ return 0;
+}
+
+static int cap_socket_getpeername (struct socket *sock)
+{
+ return 0;
+}
+
+static int cap_socket_setsockopt (struct socket *sock, int level, int optname)
+{
+ return 0;
+}
+
+static int cap_socket_getsockopt (struct socket *sock, int level, int optname)
+{
+ return 0;
+}
+
+static int cap_socket_shutdown (struct socket *sock, int how)
+{
+ return 0;
+}
+
+static int cap_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
+{
+ return 0;
+}
+
+static int cap_socket_unix_stream_connect (struct socket *sock,
+ struct socket *other)
+{
+ return 0;
+}
+
+static int cap_socket_unix_may_send (struct socket *sock, struct socket *other)
+{
+ return 0;
+}
+
+static int cap_module_create_module (const char *name_user, size_t size)
+{
+ return 0;
+}
+
+static int cap_module_init_module (struct module *mod_user)
+{
+ return 0;
+}
+
+static int cap_module_delete_module (const struct module *mod)
+{
+ return 0;
+}
+
+static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
+{
+ return 0;
+}
+
+static int cap_ipc_getinfo (int id, int cmd)
+{
+ return 0;
+}
+
+static int cap_msg_msg_alloc_security (struct msg_msg *msg)
+{
+ return 0;
+}
+
+static void cap_msg_msg_free_security (struct msg_msg *msg)
+{
+ return;
+}
+
+static int cap_msg_queue_alloc_security (struct msg_queue *msq)
+{
+ return 0;
+}
+
+static void cap_msg_queue_free_security (struct msg_queue *msq)
+{
+ return;
+}
+
+static int cap_msg_queue_associate (struct msg_queue *msq, int msgid,
+ int msgflg)
+{
+ return 0;
+}
+
+static int cap_msg_queue_msgctl (struct msg_queue *msq, int msgid, int cmd)
+{
+ return 0;
+}
+
+static int cap_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
+ int msgid, int msgflg)
+{
+ return 0;
+}
+
+static int cap_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
+ struct task_struct *target, long type,
+ int mode)
+{
+ return 0;
+}
+
+static int cap_shm_alloc_security (struct shmid_kernel *shp)
+{
+ return 0;
+}
+
+static void cap_shm_free_security (struct shmid_kernel *shp)
+{
+ return;
+}
+
+static int cap_shm_associate (struct shmid_kernel *shp, int shmid, int shmflg)
+{
+ return 0;
+}
+
+static int cap_shm_shmctl (struct shmid_kernel *shp, int shmid, int cmd)
+{
+ return 0;
+}
+
+static int cap_shm_shmat (struct shmid_kernel *shp, int shmid, char *shmaddr,
+ int shmflg)
+{
+ return 0;
+}
+
+static int cap_sem_alloc_security (struct sem_array *sma)
+{
+ return 0;
+}
+
+static void cap_sem_free_security (struct sem_array *sma)
+{
+ return;
+}
+
+static int cap_sem_associate (struct sem_array *sma, int semid, int semflg)
+{
+ return 0;
+}
+
+static int cap_sem_semctl (struct sem_array *sma, int semid, int cmd)
+{
+ return 0;
+}
+
+static int cap_sem_semop (struct sem_array *sma, int semid, struct sembuf *sops,
+ unsigned nsops, int alter)
+{
+ return 0;
+}
+
+static int cap_skb_alloc_security (struct sk_buff *skb)
+{
+ return 0;
+}
+
+static int cap_skb_clone (struct sk_buff *newskb, const struct sk_buff *oldskb)
+{
+ return 0;
+}
+
+static void cap_skb_copy (struct sk_buff *newskb, const struct sk_buff *oldskb)
+{
+ return;
+}
+
+static void cap_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+ return;
+}
+
+static void cap_skb_free_security (struct sk_buff *skb)
+{
+ return;
+}
+
+static int cap_register (const char *name, struct security_operations *ops)
+{
+ return -EINVAL;
+}
+
+static int cap_unregister (const char *name, struct security_operations *ops)
+{
+ return -EINVAL;
+}
+
+static struct binprm_security_ops cap_binprm_ops = {
+ alloc_security: cap_binprm_alloc_security,
+ free_security: cap_binprm_free_security,
+ compute_creds: cap_binprm_compute_creds,
+ set_security: cap_binprm_set_security,
+};
+
+static struct super_block_security_ops cap_sb_ops = {
+ alloc_security: cap_sb_alloc_security,
+ free_security: cap_sb_free_security,
+ statfs: cap_sb_statfs,
+ mount: cap_mount,
+ check_sb: cap_check_sb,
+ umount: cap_umount,
+ umount_close: cap_umount_close,
+ umount_busy: cap_umount_busy,
+ post_remount: cap_post_remount,
+ post_mountroot: cap_post_mountroot,
+ post_addmount: cap_post_addmount,
+};
+
+static struct inode_security_ops cap_inode_ops = {
+ alloc_security: cap_inode_alloc_security,
+ free_security: cap_inode_free_security,
+ create: cap_inode_create,
+ post_create: cap_inode_post_create,
+ link: cap_inode_link,
+ post_link: cap_inode_post_link,
+ unlink: cap_inode_unlink,
+ symlink: cap_inode_symlink,
+ post_symlink: cap_inode_post_symlink,
+ mkdir: cap_inode_mkdir,
+ post_mkdir: cap_inode_post_mkdir,
+ rmdir: cap_inode_rmdir,
+ mknod: cap_inode_mknod,
+ post_mknod: cap_inode_post_mknod,
+ rename: cap_inode_rename,
+ post_rename: cap_inode_post_rename,
+ readlink: cap_inode_readlink,
+ follow_link: cap_inode_follow_link,
+ permission: cap_inode_permission,
+ revalidate: cap_inode_revalidate,
+ setattr: cap_inode_setattr,
+ stat: cap_inode_stat,
+ post_lookup: cap_post_lookup,
+ delete: cap_delete,
+ setxattr: cap_inode_setxattr,
+ getxattr: cap_inode_getxattr,
+ listxattr: cap_inode_listxattr,
+ removexattr: cap_inode_removexattr,
+};
+
+static struct file_security_ops cap_file_ops = {
+ permission: cap_file_permission,
+ alloc_security: cap_file_alloc_security,
+ free_security: cap_file_free_security,
+ llseek: cap_file_llseek,
+ ioctl: cap_file_ioctl,
+ mmap: cap_file_mmap,
+ mprotect: cap_file_mprotect,
+ lock: cap_file_lock,
+ fcntl: cap_file_fcntl,
+ set_fowner: cap_file_set_fowner,
+ send_sigiotask: cap_file_send_sigiotask,
+ receive: cap_file_receive,
+};
+
+static struct task_security_ops cap_task_ops = {
+ create: cap_task_create,
+ alloc_security: cap_task_alloc_security,
+ free_security: cap_task_free_security,
+ setuid: cap_task_setuid,
+ post_setuid: cap_task_post_setuid,
+ setgid: cap_task_setgid,
+ setpgid: cap_task_setpgid,
+ getpgid: cap_task_getpgid,
+ getsid: cap_task_getsid,
+ setgroups: cap_task_setgroups,
+ setnice: cap_task_setnice,
+ setrlimit: cap_task_setrlimit,
+ setscheduler: cap_task_setscheduler,
+ getscheduler: cap_task_getscheduler,
+ wait: cap_task_wait,
+ kill: cap_task_kill,
+ prctl: cap_task_prctl,
+ kmod_set_label: cap_task_kmod_set_label,
+};
+
+static struct socket_security_ops cap_socket_ops = {
+ create: cap_socket_create,
+ post_create: cap_socket_post_create,
+ bind: cap_socket_bind,
+ connect: cap_socket_connect,
+ listen: cap_socket_listen,
+ accept: cap_socket_accept,
+ sendmsg: cap_socket_sendmsg,
+ recvmsg: cap_socket_recvmsg,
+ getsockname: cap_socket_getsockname,
+ getpeername: cap_socket_getpeername,
+ getsockopt: cap_socket_getsockopt,
+ setsockopt: cap_socket_setsockopt,
+ shutdown: cap_socket_shutdown,
+ sock_rcv_skb: cap_sock_rcv_skb,
+ unix_stream_connect: cap_socket_unix_stream_connect,
+ unix_may_send: cap_socket_unix_may_send,
+};
+
+static struct skb_security_ops cap_skb_ops = {
+ alloc_security: cap_skb_alloc_security,
+ clone: cap_skb_clone,
+ copy: cap_skb_copy,
+ set_owner_w: cap_skb_set_owner_w,
+ free_security: cap_skb_free_security,
+};
+
+static struct ip_security_ops cap_ip_ops = {
+ preroute_first: cap_ip_preroute_first,
+ preroute_last: cap_ip_preroute_last,
+ input_first: cap_ip_input_first,
+ input_last: cap_ip_input_last,
+ forward_first: cap_ip_forward_first,
+ forward_last: cap_ip_forward_last,
+ output_first: cap_ip_output_first,
+ output_last: cap_ip_output_last,
+ postroute_first: cap_ip_postroute_first,
+ postroute_last: cap_ip_postroute_last,
+ fragment: cap_ip_fragment,
+ defragment: cap_ip_defragment,
+ encapsulate: cap_ip_encapsulate,
+ decapsulate: cap_ip_decapsulate,
+ decode_options: cap_ip_decode_options,
+};
+
+static struct netdev_security_ops cap_netdev_ops = {
+ unregister: cap_netdev_unregister,
+};
+
+static struct module_security_ops cap_module_ops = {
+ create_module: cap_module_create_module,
+ init_module: cap_module_init_module,
+ delete_module: cap_module_delete_module,
+
+};
+
+static struct ipc_security_ops cap_ipc_ops = {
+ permission: cap_ipc_permission,
+ getinfo: cap_ipc_getinfo,
+};
+
+static struct msg_msg_security_ops cap_msg_ops = {
+ alloc_security: cap_msg_msg_alloc_security,
+ free_security: cap_msg_msg_free_security,
+};
+
+static struct msg_queue_security_ops cap_msg_queue_ops = {
+ alloc_security: cap_msg_queue_alloc_security,
+ free_security: cap_msg_queue_free_security,
+ associate: cap_msg_queue_associate,
+ msgctl: cap_msg_queue_msgctl,
+ msgsnd: cap_msg_queue_msgsnd,
+ msgrcv: cap_msg_queue_msgrcv,
+};
+
+static struct shm_security_ops cap_shm_ops = {
+ alloc_security: cap_shm_alloc_security,
+ free_security: cap_shm_free_security,
+ associate: cap_shm_associate,
+ shmctl: cap_shm_shmctl,
+ shmat: cap_shm_shmat,
+};
+
+static struct sem_security_ops cap_sem_ops = {
+ alloc_security: cap_sem_alloc_security,
+ free_security: cap_sem_free_security,
+ associate: cap_sem_associate,
+ semctl: cap_sem_semctl,
+ semop: cap_sem_semop,
+};
+
+static struct security_operations capability_ops = {
+ sethostname: cap_sethostname,
+ setdomainname: cap_setdomainname,
+ reboot: cap_reboot,
+ ioperm: cap_ioperm,
+ iopl: cap_iopl,
+ ptrace: cap_ptrace,
+ capget: cap_capget,
+ capset_check: cap_capset_check,
+ capset_set: cap_capset_set,
+ acct: cap_acct,
+ sysctl: cap_sysctl,
+ capable: cap_capable,
+ sys_security: cap_sys_security,
+ swapon: cap_swapon,
+ swapoff: cap_swapoff,
+ nfsservctl: cap_nfsservctl,
+ quotactl: cap_quotactl,
+ quota_on: cap_quota_on,
+ bdflush: cap_bdflush,
+ syslog: cap_syslog,
+ netlink_send: cap_netlink_send,
+ netlink_recv: cap_netlink_recv,
+
+ bprm_ops: &cap_binprm_ops,
+ sb_ops: &cap_sb_ops,
+ inode_ops: &cap_inode_ops,
+ file_ops: &cap_file_ops,
+ task_ops: &cap_task_ops,
+ socket_ops: &cap_socket_ops,
+ skb_ops: &cap_skb_ops,
+ ip_ops: &cap_ip_ops,
+ netdev_ops: &cap_netdev_ops,
+ module_ops: &cap_module_ops,
+ ipc_ops: &cap_ipc_ops,
+ msg_msg_ops: &cap_msg_ops,
+ msg_queue_ops: &cap_msg_queue_ops,
+ shm_ops: &cap_shm_ops,
+ sem_ops: &cap_sem_ops,
+
+ register_security: cap_register,
+ unregister_security: cap_unregister,
+};
+
+#if defined(CONFIG_SECURITY_CAPABILITIES_MODULE)
+#define MY_NAME THIS_MODULE->name
+#else
+#define MY_NAME "capability"
+#endif
+
+static int __init capability_init (void)
+{
+ /* register ourselves with the security framework */
+ if (register_security (&capability_ops)) {
+ printk (KERN_INFO
+ "Failure registering capabilities with the kernel\n");
+ /* try registering with primary module */
+ if (mod_reg_security (MY_NAME, &capability_ops)) {
+ printk (KERN_INFO "Failure registering capabilities "
+ "with primary security module.\n");
+ return -EINVAL;
+ }
+ secondary = 1;
+ }
+ printk (KERN_INFO "Capability LSM initialized\n");
+ return 0;
+}
+
+static void __exit capability_exit (void)
+{
+ /* remove ourselves from the security framework */
+ if (secondary) {
+ if (mod_unreg_security (MY_NAME, &capability_ops))
+ printk (KERN_INFO "Failure unregistering capabilities "
+ "with primary module.\n");
+ return;
+ }
+
+ if (unregister_security (&capability_ops)) {
+ printk (KERN_INFO
+ "Failure unregistering capabilities with the kernel\n");
+ }
+}
+
+module_init (capability_init);
+module_exit (capability_exit);
+
+MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
+MODULE_LICENSE("GPL");
diff --minimal -Nru a/security/dte/Makefile b/security/dte/Makefile
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/Makefile Tue Feb 12 18:59:50 2002
@@ -0,0 +1,15 @@
+#
+# Makefile for the DTE code
+#
+
+O_TARGET := vmlinux-obj.o
+
+obj-$(CONFIG_SECURITY_DTE) := dte_plug.o
+
+dte-objs := dte.o inode.o mount.o read_policy.o task.o \
+ module.o path.o syscall.o
+
+include $(TOPDIR)/Rules.make
+
+dte_plug.o: $(dte-objs)
+ $(LD) -r -o $@ $(dte-objs)
diff --minimal -Nru a/security/dte/Makefile.in b/security/dte/Makefile.in
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/Makefile.in Tue Feb 12 18:59:50 2002
@@ -0,0 +1,6 @@
+
+# Beginnings of a kbuild-2.5 makefile --- offer@sgi.com
+
+objlink(CONFIG_SECURITY_DTE dte_plug.o dte.o inode.o mount.o read_policy.o task.o module.o path.o syscall.o)
+
+select(CONFIG_SECURITY_DTE dte_plug.o)
diff --minimal -Nru a/security/dte/dte.c b/security/dte/dte.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/dte.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1217 @@
+/*
+ * Domain and Type Enforcement Security plug
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This essentially a copy of the capability_plug.h file, with a few
+ * mods. The dte functions to plug in here are in dte-funcs.c
+ *
+ * author: Serge Hallyn <hallyn@cs.wm.edu>
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+#include <linux/fs.h>
+#include <asm/uaccess.h>
+#include <linux/netfilter.h>
+#include <linux/netlink.h>
+
+
+extern int dte_initialized;
+struct security_operations *dte_secondary_ops;
+
+/*
+ * Prototypes for functions defined in dte-funcs.c
+ */
+
+extern int dte_sys_security(unsigned int id, unsigned int call,
+ unsigned long *args);
+extern void dte_post_mountroot (void);
+extern void dte_post_addmount (struct vfsmount *mnt, struct nameidata *nd);
+extern int dte_binprm_alloc_security (struct linux_binprm *bprm);
+extern void dte_binprm_free_security (struct linux_binprm *bprm);
+extern int dte_binprm_set_security (struct linux_binprm *bprm);
+extern int dte_inode_alloc_security (struct inode *inode);
+extern void dte_inode_free_security (struct inode *inode);
+extern void dte_inode_post_create (struct inode *inode, struct dentry *dentry, int mask);
+extern int dte_inode_permission (struct inode *inode, int mask);
+extern int dte_task_alloc_security (struct task_struct *p);
+extern void dte_task_free_security (struct task_struct *p);
+extern void dte_post_lookup (struct inode *ino, struct dentry *d);
+extern int dte_sb_alloc_security (struct super_block *sb);
+extern void dte_sb_free_security (struct super_block *sb);
+extern int dte_mount (char * dev_name, struct nameidata *nd, char * type,
+ unsigned long flags, void * data);
+extern int dte_umount (struct vfsmount *mnt, int flags);
+extern int dte_check_sb (struct vfsmount *mnt, struct nameidata *nd);
+extern void dte_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+ int major, dev_t minor);
+extern void dte_inode_post_symlink (struct inode *inode, struct dentry *dentry,
+ const char *name);
+extern void dte_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask);
+extern int dte_task_kill (struct task_struct *p, struct siginfo *info, int sig);
+
+/* flag to keep track of how we were registered */
+/*static int secondary;*/
+
+/*
+ * Stub functions for the default security function pointers in case no
+ * security model is loaded */
+static int dte_sethostname (char *hostname)
+{
+ return 0;
+}
+
+static int dte_setdomainname (char *domainname)
+{
+ return 0;
+}
+
+static int dte_reboot (unsigned int cmd)
+{
+ return 0;
+}
+
+static int dte_ioperm (unsigned long from, unsigned long num, int turn_on)
+{
+ return 0;
+}
+
+static int dte_iopl (unsigned int old, unsigned int level)
+{
+ return 0;
+}
+
+/*
+ * not sure about this one
+ * For now, I will assume that if there is a dte_secondary_ops, then it
+ * will do the right thing for capable(). This is true as of now,
+ * since capability.c does the *right* thing, and owlsm.c does what
+ * we used to do.
+ * If no dte_secondary_ops, do same thing dummy.c did.
+ */
+static int dte_capable (struct task_struct *tsk, int cap)
+{
+ int rc;
+
+ if (dte_secondary_ops) {
+ rc = dte_secondary_ops->capable(tsk, cap);
+ return rc;
+ }
+ if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0)
+ /* capability granted */
+ return 0;
+
+ /* capability denied */
+ return -EPERM;
+}
+
+static int dte_swapon (struct swap_info_struct *swap)
+{
+ return 0;
+}
+
+static int dte_swapoff (struct swap_info_struct *swap)
+{
+ return 0;
+}
+
+static int dte_nfsservctl (int cmd, struct nfsctl_arg *arg)
+{
+ return 0;
+}
+
+static int dte_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+ return 0;
+}
+
+static int dte_quota_on (struct file *f)
+{
+ return 0;
+}
+
+static int dte_bdflush (int func, long data)
+{
+ return 0;
+}
+
+static int dte_syslog (int type)
+{
+ return 0;
+}
+
+static int dte_netlink_send (struct sk_buff *skb)
+{
+ NETLINK_CB (skb).eff_cap = current->cap_effective;
+ return 0;
+}
+
+static int dte_netlink_recv (struct sk_buff *skb)
+{
+ if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
+ return -EPERM;
+ return 0;
+}
+
+static int dte_ptrace (struct task_struct *parent, struct task_struct *child)
+{
+ int rc = 0;
+
+ if (dte_secondary_ops)
+ rc = dte_secondary_ops->ptrace(parent, child);
+
+ return rc;
+}
+
+static int dte_capget (struct task_struct *target, kernel_cap_t * effective,
+ kernel_cap_t * inheritable, kernel_cap_t * permitted)
+{
+ int rc = 0;
+
+ if (dte_secondary_ops)
+ rc = dte_secondary_ops->capget(target, effective, inheritable, permitted);
+
+ return rc;
+}
+
+static int dte_capset_check (struct task_struct *target,
+ kernel_cap_t * effective,
+ kernel_cap_t * inheritable,
+ kernel_cap_t * permitted)
+{
+ int rc = 0;
+
+ if (dte_secondary_ops)
+ rc = dte_secondary_ops->capset_check(target, effective,
+ inheritable, permitted);
+
+ return rc;
+}
+
+static void dte_capset_set (struct task_struct *target,
+ kernel_cap_t * effective,
+ kernel_cap_t * inheritable,
+ kernel_cap_t * permitted)
+{
+ if (dte_secondary_ops)
+ dte_secondary_ops->capset_set(target, effective,
+ inheritable, permitted);
+}
+
+static int dte_acct (struct file *file)
+{
+ return 0;
+}
+
+static int dte_sysctl (ctl_table * table, int op)
+{
+ return 0;
+}
+
+/* Copied from fs/exec.c */
+static inline int must_not_trace_exec (struct task_struct *p)
+{
+ return (p->ptrace & PT_PTRACED)
+ && dte_capable (p->p_pptr, CAP_SYS_PTRACE);
+}
+
+static void dte_binprm_compute_creds (struct linux_binprm *bprm)
+{
+ if (dte_secondary_ops)
+ dte_secondary_ops->bprm_ops->compute_creds(bprm);
+}
+
+static int dte_sb_statfs (struct super_block *sb)
+{
+ return 0;
+}
+
+static void dte_umount_close (struct vfsmount *mnt)
+{
+ return;
+}
+
+static void dte_umount_busy (struct vfsmount *mnt)
+{
+ return;
+}
+
+static void dte_post_remount (struct vfsmount *mnt, unsigned long flags,
+ void *data)
+{
+ return;
+}
+
+static int dte_inode_create (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return 0;
+}
+
+static int dte_inode_link (struct dentry *old_dentry, struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static void dte_inode_post_link (struct dentry *old_dentry, struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return;
+}
+
+static int dte_inode_unlink (struct inode *inode, struct dentry *dentry)
+{
+ return 0;
+}
+
+static int dte_inode_symlink (struct inode *inode, struct dentry *dentry,
+ const char *name)
+{
+ return 0;
+}
+
+static int dte_inode_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return 0;
+}
+
+static int dte_inode_rmdir (struct inode *inode, struct dentry *dentry)
+{
+ return 0;
+}
+
+static int dte_inode_mknod (struct inode *inode, struct dentry *dentry,
+ int major, dev_t minor)
+{
+ return 0;
+}
+
+static int dte_inode_rename (struct inode *old_inode, struct dentry *old_dentry,
+ struct inode *new_inode, struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static void dte_inode_post_rename (struct inode *old_inode,
+ struct dentry *old_dentry,
+ struct inode *new_inode,
+ struct dentry *new_dentry)
+{
+ return;
+}
+
+static int dte_inode_readlink (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int dte_inode_follow_link (struct dentry *dentry,
+ struct nameidata *nameidata)
+{
+ int rc = 0;
+
+ if (dte_secondary_ops)
+ rc = dte_secondary_ops->inode_ops->follow_link(dentry, nameidata);
+
+ return rc;
+}
+
+static int dte_inode_revalidate (struct dentry *inode)
+{
+ return 0;
+}
+
+static int dte_inode_setattr (struct dentry *dentry, struct iattr *iattr)
+{
+ return 0;
+}
+
+static int dte_inode_stat (struct inode *inode)
+{
+ return 0;
+}
+
+static void dte_delete (struct inode *ino)
+{
+ return;
+}
+
+static int dte_inode_setxattr (struct dentry *dentry, char *name, void *value,
+ size_t size, int flags)
+{
+ return 0;
+}
+
+static int dte_inode_getxattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static int dte_inode_listxattr (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int dte_inode_removexattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static int dte_file_permission (struct file *file, int mask)
+{
+ return 0;
+}
+
+static int dte_file_alloc_security (struct file *file)
+{
+ return 0;
+}
+
+static void dte_file_free_security (struct file *file)
+{
+ return;
+}
+
+static int dte_file_llseek (struct file *file)
+{
+ return 0;
+}
+
+static int dte_file_ioctl (struct file *file, unsigned int command,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static int dte_file_mmap (struct file *file, unsigned long prot,
+ unsigned long flags)
+{
+ return 0;
+}
+
+static int dte_file_mprotect (struct vm_area_struct *vma, unsigned long prot)
+{
+ return 0;
+}
+
+static int dte_file_lock (struct file *file, unsigned int cmd, int blocking)
+{
+ return 0;
+}
+
+static int dte_file_fcntl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static int dte_file_set_fowner (struct file *file)
+{
+ return 0;
+}
+
+static int dte_file_send_sigiotask (struct task_struct *tsk,
+ struct fown_struct *fown, int fd,
+ int reason)
+{
+ return 0;
+}
+
+static int dte_file_receive (struct file *file)
+{
+ return 0;
+}
+
+static int dte_task_create (unsigned long clone_flags)
+{
+ return 0;
+}
+
+static int dte_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+ return 0;
+}
+
+/* moved from kernel/sys.c. */
+/*
+ * dte_emulate_setxuid() fixes the effective / permitted capabilities of
+ * a process after a call to setuid, setreuid, or setresuid.
+ *
+ * 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
+ * {r,e,s}uid != 0, the permitted and effective capabilities are
+ * cleared.
+ *
+ * 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
+ * capabilities of the process are cleared.
+ *
+ * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
+ * capabilities are set to the permitted capabilities.
+ *
+ * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should
+ * never happen.
+ *
+ * -astor
+ *
+ * cevans - New behaviour, Oct '99
+ * A process may, via prctl(), elect to keep its capabilities when it
+ * calls setuid() and switches away from uid==0. Both permitted and
+ * effective sets will be retained.
+ * Without this change, it was impossible for a daemon to drop only some
+ * of its privilege. The call to setuid(!=0) would drop all privileges!
+ * Keeping uid 0 is not an option because uid 0 owns too many vital
+ * files..
+ * Thanks to Olaf Kirch and Peter Benie for spotting this.
+ */
+static inline void dte_emulate_setxuid (int old_ruid, int old_euid,
+ int old_suid)
+{
+ if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
+ (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
+ !current->keep_capabilities) {
+ cap_clear (current->cap_permitted);
+ cap_clear (current->cap_effective);
+ }
+ if (old_euid == 0 && current->euid != 0) {
+ cap_clear (current->cap_effective);
+ }
+ if (old_euid != 0 && current->euid == 0) {
+ current->cap_effective = current->cap_permitted;
+ }
+}
+
+static int dte_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid,
+ int flags)
+{
+ int rc = 0;
+ if (dte_secondary_ops)
+ return dte_secondary_ops->task_ops->post_setuid(old_ruid, old_euid,
+ old_suid, flags);
+ return rc;
+}
+
+static int dte_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
+{
+ return 0;
+}
+
+static int dte_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+ return 0;
+}
+
+static int dte_task_getpgid (struct task_struct *p)
+{
+ return 0;
+}
+
+static int dte_task_getsid (struct task_struct *p)
+{
+ return 0;
+}
+
+static int dte_task_setgroups (int gidsetsize, gid_t * grouplist)
+{
+ return 0;
+}
+
+static int dte_task_setnice (struct task_struct *p, int nice)
+{
+ return 0;
+}
+
+static int dte_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
+{
+ return 0;
+}
+
+static int dte_task_setscheduler (struct task_struct *p, int policy,
+ struct sched_param *lp)
+{
+ return 0;
+}
+
+static int dte_task_getscheduler (struct task_struct *p)
+{
+ return 0;
+}
+
+static int dte_task_wait (struct task_struct *p)
+{
+ return 0;
+}
+
+static int dte_task_prctl (int option, unsigned long arg2, unsigned long arg3,
+ unsigned long arg4, unsigned long arg5)
+{
+ return 0;
+}
+
+static void dte_task_kmod_set_label (void)
+{
+ if (dte_secondary_ops)
+ dte_secondary_ops->task_ops->kmod_set_label();
+}
+
+static unsigned int dte_ip_preroute_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_preroute_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_input_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_input_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_forward_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_forward_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_output_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_output_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_postroute_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_postroute_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static void dte_ip_fragment (struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ return;
+}
+
+static int dte_ip_defragment (struct sk_buff *skb)
+{
+ return 0;
+}
+
+static void dte_ip_encapsulate (struct sk_buff *skb)
+{
+ return;
+}
+
+static void dte_ip_decapsulate (struct sk_buff *skb)
+{
+ return;
+}
+
+static int dte_ip_decode_options (struct sk_buff *skb, const char *optptr,
+ unsigned char **pp_ptr)
+{
+ if (!skb && !capable (CAP_NET_RAW)) {
+ (const unsigned char *) *pp_ptr = optptr;
+ return -EPERM;
+ }
+ return 0;
+}
+
+static void dte_netdev_unregister (struct net_device *dev)
+{
+ return;
+}
+
+static int dte_socket_create (int family, int type, int protocol)
+{
+ return 0;
+}
+
+static void dte_socket_post_create (struct socket *sock, int family, int type,
+ int protocol)
+{
+ return;
+}
+
+static int dte_socket_bind (struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ return 0;
+}
+
+static int dte_socket_connect (struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ return 0;
+}
+
+static int dte_socket_listen (struct socket *sock, int backlog)
+{
+ return 0;
+}
+
+static int dte_socket_accept (struct socket *sock, struct socket *newsock)
+{
+ return 0;
+}
+
+static int dte_socket_sendmsg (struct socket *sock, struct msghdr *msg,
+ int size)
+{
+ return 0;
+}
+
+static int dte_socket_recvmsg (struct socket *sock, struct msghdr *msg,
+ int size, int flags)
+{
+ return 0;
+}
+
+static int dte_socket_getsockname (struct socket *sock)
+{
+ return 0;
+}
+
+static int dte_socket_getpeername (struct socket *sock)
+{
+ return 0;
+}
+
+static int dte_socket_setsockopt (struct socket *sock, int level, int optname)
+{
+ return 0;
+}
+
+static int dte_socket_getsockopt (struct socket *sock, int level, int optname)
+{
+ return 0;
+}
+
+static int dte_socket_shutdown (struct socket *sock, int how)
+{
+ return 0;
+}
+
+static int dte_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
+{
+ return 0;
+}
+
+static int dte_socket_unix_stream_connect (struct socket *sock,
+ struct socket *other)
+{
+ return 0;
+}
+
+static int dte_socket_unix_may_send (struct socket *sock, struct socket *other)
+{
+ return 0;
+}
+
+static int dte_module_create_module (const char *name_user, size_t size)
+{
+ return 0;
+}
+
+static int dte_module_init_module (struct module *mod_user)
+{
+ return 0;
+}
+
+static int dte_module_delete_module (const struct module *mod)
+{
+ return 0;
+}
+
+static int dte_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
+{
+ return 0;
+}
+
+static int dte_ipc_getinfo (int id, int cmd)
+{
+ return 0;
+}
+
+static int dte_msg_msg_alloc_security (struct msg_msg *msg)
+{
+ return 0;
+}
+
+static void dte_msg_msg_free_security (struct msg_msg *msg)
+{
+ return;
+}
+
+static int dte_msg_queue_alloc_security (struct msg_queue *msq)
+{
+ return 0;
+}
+
+static void dte_msg_queue_free_security (struct msg_queue *msq)
+{
+ return;
+}
+
+static int dte_msg_queue_associate (struct msg_queue *msq, int msgid,
+ int msgflg)
+{
+ return 0;
+}
+
+static int dte_msg_queue_msgctl (struct msg_queue *msq, int msgid, int cmd)
+{
+ return 0;
+}
+
+static int dte_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
+ int msgid, int msgflg)
+{
+ return 0;
+}
+
+static int dte_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
+ struct task_struct *target, long type,
+ int mode)
+{
+ return 0;
+}
+
+static int dte_shm_alloc_security (struct shmid_kernel *shp)
+{
+ return 0;
+}
+
+static void dte_shm_free_security (struct shmid_kernel *shp)
+{
+ return;
+}
+
+static int dte_shm_associate (struct shmid_kernel *shp, int shmid, int shmflg)
+{
+ return 0;
+}
+
+static int dte_shm_shmctl (struct shmid_kernel *shp, int shmid, int cmd)
+{
+ return 0;
+}
+
+static int dte_shm_shmat (struct shmid_kernel *shp, int shmid, char *shmaddr,
+ int shmflg)
+{
+ return 0;
+}
+
+static int dte_sem_alloc_security (struct sem_array *sma)
+{
+ return 0;
+}
+
+static void dte_sem_free_security (struct sem_array *sma)
+{
+ return;
+}
+
+static int dte_sem_associate (struct sem_array *sma, int semid, int semflg)
+{
+ return 0;
+}
+
+static int dte_sem_semctl (struct sem_array *sma, int semid, int cmd)
+{
+ return 0;
+}
+
+static int dte_sem_semop (struct sem_array *sma, int semid, struct sembuf *sops,
+ unsigned nsops, int alter)
+{
+ return 0;
+}
+
+static int dte_skb_alloc_security (struct sk_buff *skb)
+{
+ return 0;
+}
+
+static int dte_skb_clone (struct sk_buff *newskb, const struct sk_buff *oldskb)
+{
+ return 0;
+}
+
+static void dte_skb_copy (struct sk_buff *newskb, const struct sk_buff *oldskb)
+{
+ return;
+}
+
+static void dte_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+ return;
+}
+
+static void dte_skb_free_security (struct sk_buff *skb)
+{
+ return;
+}
+
+static int dte_register (const char *name, struct security_operations *ops)
+{
+ int rc;
+
+ if (dte_secondary_ops) {
+ rc = dte_secondary_ops->register_security(name, ops);
+ printk("DTE: registering +tertiary module %s returned %d.\n",
+ name, rc);
+ return rc;
+ }
+ if (strcmp(name,"capability")==0 ||
+ strcmp(name, "owlsm")==0) {
+ dte_secondary_ops = ops;
+ printk(KERN_NOTICE "DTE: Registering security module %s.\n", name);
+ return 0;
+ }
+ printk(KERN_NOTICE
+ "Only capability and openwall modules may be registered with DTE.\n");
+ printk(KERN_NOTICE "DTE: module %s may not be loaded.\n", name);
+ return -EINVAL;
+}
+
+static int dte_unregister (const char *name, struct security_operations *ops)
+{
+ if (!dte_secondary_ops) {
+ printk(KERN_NOTICE "DTE: no secondary module %s.\n", name);
+ return -EINVAL;
+ } else if (ops == dte_secondary_ops) {
+ dte_secondary_ops = NULL;
+ printk(KERN_NOTICE "DTE: unregistering module %s.\n", name);
+ return 0;
+ } else
+ return dte_secondary_ops->unregister_security(name, ops);
+}
+
+static struct binprm_security_ops dte_binprm_ops = {
+ alloc_security: dte_binprm_alloc_security,
+ free_security: dte_binprm_free_security,
+ compute_creds: dte_binprm_compute_creds,
+ set_security: dte_binprm_set_security,
+};
+
+static struct super_block_security_ops dte_sb_ops = {
+ alloc_security: dte_sb_alloc_security,
+ free_security: dte_sb_free_security,
+ statfs: dte_sb_statfs,
+ mount: dte_mount,
+ check_sb: dte_check_sb,
+ umount: dte_umount,
+ umount_close: dte_umount_close,
+ umount_busy: dte_umount_busy,
+ post_remount: dte_post_remount,
+ post_mountroot: dte_post_mountroot,
+ post_addmount: dte_post_addmount,
+};
+
+static struct inode_security_ops dte_inode_ops = {
+ alloc_security: dte_inode_alloc_security,
+ free_security: dte_inode_free_security,
+ create: dte_inode_create,
+ post_create: dte_inode_post_create,
+ link: dte_inode_link,
+ post_link: dte_inode_post_link,
+ unlink: dte_inode_unlink,
+ symlink: dte_inode_symlink,
+ post_symlink: dte_inode_post_symlink,
+ mkdir: dte_inode_mkdir,
+ post_mkdir: dte_inode_post_mkdir,
+ rmdir: dte_inode_rmdir,
+ mknod: dte_inode_mknod,
+ post_mknod: dte_inode_post_mknod,
+ rename: dte_inode_rename,
+ post_rename: dte_inode_post_rename,
+ readlink: dte_inode_readlink,
+ follow_link: dte_inode_follow_link,
+ permission: dte_inode_permission,
+ revalidate: dte_inode_revalidate,
+ setattr: dte_inode_setattr,
+ stat: dte_inode_stat,
+ post_lookup: dte_post_lookup,
+ delete: dte_delete,
+ setxattr: dte_inode_setxattr,
+ getxattr: dte_inode_getxattr,
+ listxattr: dte_inode_listxattr,
+ removexattr: dte_inode_removexattr,
+};
+
+static struct file_security_ops dte_file_ops = {
+ permission: dte_file_permission,
+ alloc_security: dte_file_alloc_security,
+ free_security: dte_file_free_security,
+ llseek: dte_file_llseek,
+ ioctl: dte_file_ioctl,
+ mmap: dte_file_mmap,
+ mprotect: dte_file_mprotect,
+ lock: dte_file_lock,
+ fcntl: dte_file_fcntl,
+ set_fowner: dte_file_set_fowner,
+ send_sigiotask: dte_file_send_sigiotask,
+ receive: dte_file_receive,
+};
+
+static struct task_security_ops dte_task_ops = {
+ create: dte_task_create,
+ alloc_security: dte_task_alloc_security,
+ free_security: dte_task_free_security,
+ setuid: dte_task_setuid,
+ post_setuid: dte_task_post_setuid,
+ setgid: dte_task_setgid,
+ setpgid: dte_task_setpgid,
+ getpgid: dte_task_getpgid,
+ getsid: dte_task_getsid,
+ setgroups: dte_task_setgroups,
+ setnice: dte_task_setnice,
+ setrlimit: dte_task_setrlimit,
+ setscheduler: dte_task_setscheduler,
+ getscheduler: dte_task_getscheduler,
+ wait: dte_task_wait,
+ kill: dte_task_kill,
+ prctl: dte_task_prctl,
+ kmod_set_label: dte_task_kmod_set_label,
+};
+
+static struct socket_security_ops dte_socket_ops = {
+ create: dte_socket_create,
+ post_create: dte_socket_post_create,
+ bind: dte_socket_bind,
+ connect: dte_socket_connect,
+ listen: dte_socket_listen,
+ accept: dte_socket_accept,
+ sendmsg: dte_socket_sendmsg,
+ recvmsg: dte_socket_recvmsg,
+ getsockname: dte_socket_getsockname,
+ getpeername: dte_socket_getpeername,
+ getsockopt: dte_socket_getsockopt,
+ setsockopt: dte_socket_setsockopt,
+ shutdown: dte_socket_shutdown,
+ sock_rcv_skb: dte_sock_rcv_skb,
+ unix_stream_connect: dte_socket_unix_stream_connect,
+ unix_may_send: dte_socket_unix_may_send,
+};
+
+static struct skb_security_ops dte_skb_ops = {
+ alloc_security: dte_skb_alloc_security,
+ clone: dte_skb_clone,
+ copy: dte_skb_copy,
+ set_owner_w: dte_skb_set_owner_w,
+ free_security: dte_skb_free_security,
+};
+
+static struct ip_security_ops dte_ip_ops = {
+ preroute_first: dte_ip_preroute_first,
+ preroute_last: dte_ip_preroute_last,
+ input_first: dte_ip_input_first,
+ input_last: dte_ip_input_last,
+ forward_first: dte_ip_forward_first,
+ forward_last: dte_ip_forward_last,
+ output_first: dte_ip_output_first,
+ output_last: dte_ip_output_last,
+ postroute_first: dte_ip_postroute_first,
+ postroute_last: dte_ip_postroute_last,
+ fragment: dte_ip_fragment,
+ defragment: dte_ip_defragment,
+ encapsulate: dte_ip_encapsulate,
+ decapsulate: dte_ip_decapsulate,
+ decode_options: dte_ip_decode_options,
+};
+
+static struct netdev_security_ops dte_netdev_ops = {
+ unregister: dte_netdev_unregister,
+};
+
+static struct module_security_ops dte_module_ops = {
+ create_module: dte_module_create_module,
+ init_module: dte_module_init_module,
+ delete_module: dte_module_delete_module,
+
+};
+
+static struct ipc_security_ops dte_ipc_ops = {
+ permission: dte_ipc_permission,
+ getinfo: dte_ipc_getinfo,
+};
+
+static struct msg_msg_security_ops dte_msg_ops = {
+ alloc_security: dte_msg_msg_alloc_security,
+ free_security: dte_msg_msg_free_security,
+};
+
+static struct msg_queue_security_ops dte_msg_queue_ops = {
+ alloc_security: dte_msg_queue_alloc_security,
+ free_security: dte_msg_queue_free_security,
+ associate: dte_msg_queue_associate,
+ msgctl: dte_msg_queue_msgctl,
+ msgsnd: dte_msg_queue_msgsnd,
+ msgrcv: dte_msg_queue_msgrcv,
+};
+
+static struct shm_security_ops dte_shm_ops = {
+ alloc_security: dte_shm_alloc_security,
+ free_security: dte_shm_free_security,
+ associate: dte_shm_associate,
+ shmctl: dte_shm_shmctl,
+ shmat: dte_shm_shmat,
+};
+
+static struct sem_security_ops dte_sem_ops = {
+ alloc_security: dte_sem_alloc_security,
+ free_security: dte_sem_free_security,
+ associate: dte_sem_associate,
+ semctl: dte_sem_semctl,
+ semop: dte_sem_semop,
+};
+
+struct security_operations dte_security_ops = {
+ sethostname: dte_sethostname,
+ setdomainname: dte_setdomainname,
+ reboot: dte_reboot,
+ ioperm: dte_ioperm,
+ iopl: dte_iopl,
+ ptrace: dte_ptrace,
+ capget: dte_capget,
+ capset_check: dte_capset_check,
+ capset_set: dte_capset_set,
+ acct: dte_acct,
+ sysctl: dte_sysctl,
+ capable: dte_capable,
+ sys_security: dte_sys_security,
+ swapon: dte_swapon,
+ swapoff: dte_swapoff,
+ nfsservctl: dte_nfsservctl,
+ quotactl: dte_quotactl,
+ quota_on: dte_quota_on,
+ bdflush: dte_bdflush,
+ syslog: dte_syslog,
+ netlink_send: dte_netlink_send,
+ netlink_recv: dte_netlink_recv,
+
+ bprm_ops: &dte_binprm_ops,
+ sb_ops: &dte_sb_ops,
+ inode_ops: &dte_inode_ops,
+ file_ops: &dte_file_ops,
+ task_ops: &dte_task_ops,
+ socket_ops: &dte_socket_ops,
+ skb_ops: &dte_skb_ops,
+ ip_ops: &dte_ip_ops,
+ netdev_ops: &dte_netdev_ops,
+ module_ops: &dte_module_ops,
+ ipc_ops: &dte_ipc_ops,
+ msg_msg_ops: &dte_msg_ops,
+ msg_queue_ops: &dte_msg_queue_ops,
+ shm_ops: &dte_shm_ops,
+ sem_ops: &dte_sem_ops,
+
+ register_security: dte_register,
+ unregister_security: dte_unregister,
+};
+
+extern void setup_dte_module(void);
+
+static int __init dte_plug_init (void)
+{
+ /* register ourselves with the security framework */
+ if (register_security (&dte_security_ops)) {
+ printk (KERN_INFO "Failure registering DTE with the kernel\n");
+ return -EINVAL;
+ }
+ dte_initialized = 0;
+ dte_secondary_ops = NULL;
+#ifdef MODULE
+ printk(KERN_NOTICE "Setting up DTE...\n");
+ setup_dte_module();
+ printk(KERN_NOTICE "Finished setting up DTE.\n");
+#endif
+ printk(KERN_INFO "Domain and Type Enforcement Plug initialized\n");
+ return 0;
+}
+
+static void __exit dte_plug_exit (void)
+{
+ if (unregister_security (&dte_security_ops)) {
+ printk(KERN_INFO "Failure unregistering DTE with the kernel\n");
+ }
+}
+
+module_init (dte_plug_init);
+module_exit (dte_plug_exit);
+
+MODULE_AUTHOR("Serge Hallyn");
+MODULE_DESCRIPTION("Linux DTE Security Module");
+MODULE_LICENSE("GPL");
diff --minimal -Nru a/security/dte/dte.h b/security/dte/dte.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/dte.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,283 @@
+#ifndef __DTE_H
+#define __DTE_H
+
+/*
+ * Domain and Type Enforcement Security plug
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * author: Serge Hallyn <hallyn@cs.wm.edu>
+ */
+
+#include <linux/fs.h>
+#include <asm/uaccess.h>
+#include <linux/file.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/mount.h>
+
+/* type access */
+#define DTE_READ 1
+#define DTE_WRITE 2
+#define DTE_EXECUTE 4
+#define DTE_APPEND 8
+#define DTE_READDIR 16
+#define DTE_CREATE 32
+#define DTE_DESCEND 64
+
+/* same thing */
+#define DTE_FR 1
+#define DTE_FW 2
+#define DTE_FX 4
+#define DTE_FA 8
+#define DTE_DR 16
+#define DTE_DW 32
+#define DTE_DX 64
+
+#define DTE_ACCESS_GRANTED 0
+#define DTE_FR_DENIED 1
+#define DTE_FW_DENIED 2
+#define DTE_FX_DENIED 3
+#define DTE_FA_DENIED 4
+#define DTE_DR_DENIED 5
+#define DTE_DW_DENIED 6
+#define DTE_DX_DENIED 7
+#define DTE_ERR_NOHASH 8
+#define DTE_ERR_NOENT 8
+
+/* domain access */
+#define DTE_EXEC 1
+#define DTE_AUTO 2
+
+#define dte_fr_access(x) (x & DTE_READ)
+#define dte_fw_access(x) (x & DTE_WRITE)
+#define dte_fx_access(x) (x & DTE_EXECUTE)
+#define dte_create_access(x) (x & DTE_CREATE)
+#define dte_dw_access(x) (x & DTE_CREATE)
+#define dte_descend_access(x) (x & DTE_DESCEND)
+#define dte_dx_access(x) (x & DTE_DESCEND)
+#define dte_readdir_access(x) (x & DTE_READDIR)
+#define dte_dr_access(x) (x & DTE_READDIR)
+
+#define dte_exec_access(x) (x & DTE_EXEC)
+#define dte_auto_access(x) (x & DTE_AUTO)
+
+#define NAME_ALLOC_LEN(len) ((len+16) & ~15)
+
+/*
+ * SECTION
+ * mapnodes:
+ * mirror the dentry tree as far down as type assignment rules go.
+ * Every inode whose (first-loaded) name is subject to a type
+ * assignment rule will point to a mapnode.
+ */
+struct dte_map_node {
+ char *name;
+ int namelen;
+ char *etype, *utype;
+ int num_kids;
+ struct dte_map_node **kids;
+ struct dte_map_node *hash_next;
+};
+
+/*
+ * SECTION
+ * mount restrictions/pretend stuff
+ */
+
+#define DTE_MOUNT_PRETEND 1
+#define DTE_MOUNT_RESTRICT 2
+struct dte_mntr {
+ unsigned char maj, min;
+ char summ[8]; /* for hashing, convenience: "maj,min" */
+ char *path;
+ char how;
+ struct dte_mntr *hash_next;
+};
+
+/*
+ * SECTION
+ * dte-lsm security labels
+ */
+struct dte_inode_sec {
+ char *etype;
+ char *utype;
+ struct dte_map_node *map;
+ char initialized;
+ struct semaphore s_sem;
+};
+
+struct dte_task_sec {
+ struct dte_domain_t *dte_domain;
+ struct dte_domain_t *dte_back;
+};
+
+struct dte_sb_sec {
+ char initialized;
+ struct semaphore s_sem;
+
+ /* hierarchical type assignment */
+ /* this may become a list, to deal with cloned fs trees */
+ struct vfsmount *mnt_parent;
+ struct dentry *mountpoint;
+
+ /* type assignment through external attributes */
+ /* use a inode->type file... */
+ int ntypes;
+ char **type_conv; /* type conversion array */
+ struct file *fp; /* the file storing ino->type */
+ char fp_ready;
+ int offset; /* offset into file where inodes start */
+};
+
+/* entry points into domains */
+/* this used to be done by filenames. However we no longer have access at
+ * run-time to filenames. So we determine entry points by typename. Ugh.
+ */
+struct dte_ep {
+ char *type;
+ struct dte_ep *hash_next;
+};
+
+/*
+ * the next two are hashed by domain name
+ */
+struct dte_ea {
+ struct dte_domain_t *other_domain; /* points into dte_domain_cache */
+ unsigned char access;
+ struct dte_ea *hash_next;
+};
+
+/*
+ * since domains may send any signals to themselves, we use the
+ * domain being defined as recv_domain for ->0 definitions. That
+ * is, if d->sa[j]->recv_domain==d, then d->sa[j]->sig may be sent
+ * to anyone
+ */
+struct dte_sa {
+ struct dte_domain_t *recv_domain;
+ int signal; /* 0 means all signals */
+ struct dte_sa *hash_next;
+};
+
+struct dte_gateway {
+ char *type; /* dte type of files which may be used to enter a domain */
+ struct dte_domain_t *domain;
+ struct dte_gateway *hash_next;
+};
+
+/*
+ * hashed by type name
+ */
+struct dte_ta {
+ char *type; /* points into dte_type_cache */
+ unsigned char access;
+ struct dte_ta *hash_next;
+};
+
+struct dte_domain_t {
+ char *name;
+ int namelen;
+ int num_ep;
+ struct dte_ep *ep;
+ int num_ta;
+ struct dte_ta *ta;
+ int num_ea;
+ struct dte_ea *ea;
+ int num_sa;
+ struct dte_sa *sa;
+ int num_gw; /* number of gateways */
+ struct dte_gateway *gw; /* gateways into other domains */
+ struct dte_domain_t *hash_next;
+};
+
+/*
+ * SECTION
+ * defs/structs to aid in reading policy file
+ */
+
+/* states reached during the reading of /etc/dte.conf */
+#define DTE_STATE_TYPES 1
+#define DTE_STATE_DOMAINS 2
+#define DTE_STATE_DEFS 3
+#define DTE_STATE_SPECD 4
+#define DTE_STATE_TA 5 /* type assigns */
+#define DTE_STATE_DONE 30
+
+struct dte_fdata {
+ struct file *fin;
+ int numbufs; /* how many buffers have been read? */
+ int state;
+ char buffer[4096];
+ int buflen; /* how much was actually read into buffer */
+ int eof; /* have we reached end of file? */
+ char *blin, *elin; /* start and end of current line */
+ char *mark; /* after buffer read, points to prev eob */
+ int len; /* length of current line */
+ mm_segment_t *fs;
+};
+
+/* from read_policy.c: */
+unsigned int dte_hash(const char *s, int n);
+unsigned int dte_hash_c(char *c, char *ce, int n);
+int read_dte_config(void);
+int dte_setup_gateways(void);
+#ifdef CONFIG_DTE_VERBOSE
+void show_dte(void);
+#endif
+char *dte_get_type(char *c, char *ce);
+
+/* from inode.c: */
+void dte_copy_ino_sec(struct inode *p, struct inode *c);
+void dte_post_lookup (struct inode *ino, struct dentry *d);
+int dte_inode_alloc_security (struct inode *inode);
+void dte_inode_free_security (struct inode *inode);
+void dte_inode_post_create (struct inode *inode, struct dentry *dentry,
+ int mask);
+void dte_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+ int major, dev_t minor);
+void dte_inode_post_symlink (struct inode *inode, struct dentry *dentry,
+ const char *name);
+void dte_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask);
+int dte_inode_permission (struct inode *inode, int mask);
+int find_type_conv(char **conv_array, int array_size, char *type);
+
+/* from mount.c: */
+void hierarchical_setup(struct vfsmount *mnt);
+void dte_post_mountroot (void);
+void dte_post_addmount (struct vfsmount *mnt, struct nameidata *nd);
+int dte_sb_alloc_security (struct super_block *sb);
+void dte_sb_free_security (struct super_block *sb);
+void dte_setup_eafile(struct super_block *sb, struct vfsmount *mnt);
+int dte_mount (char * dev_name, struct nameidata *nd, char * type,
+ unsigned long flags, void * data);
+int dte_check_sb (struct vfsmount *mnt, struct nameidata *nd);
+int dte_mount (char * dev_name, struct nameidata *nd, char * type,
+ unsigned long flags, void * data);
+int dte_umount (struct vfsmount *mnt, int flags);
+int dte_check_sb (struct vfsmount *mnt, struct nameidata *nd);
+
+/* from path.c: */
+struct dte_map_node *dte_find_map_node_create(char *path);
+int dte_c_maptohash(struct dte_map_node *p);
+char * dte_d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
+ char *buffer, int buflen);
+struct dte_map_node *mapnode_getkid(struct dte_map_node *m,
+ const unsigned char *name);
+
+/* from syscall.c: */
+int dte_sys_security(unsigned int id, unsigned int call,
+ unsigned long *args);
+
+/* from task.c: */
+int dte_binprm_alloc_security (struct linux_binprm *bprm);
+void dte_binprm_free_security (struct linux_binprm *bprm);
+int dte_binprm_set_security (struct linux_binprm *bprm);
+int dte_task_alloc_security (struct task_struct *p);
+void dte_task_free_security (struct task_struct *p);
+int dte_task_kill (struct task_struct *p, struct siginfo *info, int sig);
+#endif
diff --minimal -Nru a/security/dte/inode.c b/security/dte/inode.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/inode.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,374 @@
+/*
+ * security/dte/inode.c
+ * DTE security module functions. These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+extern int dte_initialized;
+extern int dte_debug;
+extern int dte_bitchmode;
+
+void dte_copy_ino_sec(struct inode *p, struct inode *c)
+{
+ struct dte_inode_sec *ps, *cs;
+
+ ps = (struct dte_inode_sec *)p->i_security;
+ cs = (struct dte_inode_sec *)c->i_security;
+ if (!cs) {
+ dte_inode_alloc_security(c);
+ cs = (struct dte_inode_sec *)c->i_security;
+ }
+ cs->etype = ps->etype;
+ cs->utype = ps->utype;
+ cs->map = ps->map;
+ sema_init(&cs->s_sem, 1);
+ cs->initialized = 1;
+}
+
+static inline void dte_real_postlookup (struct inode *ino,
+ struct dentry *d, int create)
+{
+ struct inode *di; /* inode taken from child dentry */
+ /*
+ * p is security field for parent inode
+ * c is security field for child inode
+ */
+ struct dte_inode_sec *p, *c;
+ struct dte_sb_sec *sb_sec; /* superblock security field */
+ long long offset;
+ unsigned char buf[2];
+ int et, ret;
+ mm_segment_t old_fs;
+
+#ifdef CONFIG_DTE_DEBUG
+ printk(KERN_NOTICE "dte_real_postlookup: called on %s.\n", d->d_iname);
+#endif
+
+ if (!dte_initialized) return;
+ if (!d || !(di = d->d_inode)) {
+ return;
+ }
+ c = (struct dte_inode_sec *) di->i_security;
+ p = (struct dte_inode_sec *) ino->i_security;
+#if 1
+ if (!p) /* this ought never happen */
+ panic("no security object on parent inode %lu!\n",ino->i_ino);
+ if (!c) {
+ printk(KERN_NOTICE "no security object on child inode %s!\n",
+ d->d_iname);
+ dte_inode_alloc_security(di);
+ c = di->i_security;
+ }
+#endif
+ down(&c->s_sem);
+ if (c->initialized) {
+ up(&c->s_sem);
+ return;
+ }
+
+ sb_sec = (struct dte_sb_sec *)di->i_sb->s_security;
+ if (!sb_sec) {
+ panic("dte_post_lookup: no s_security on inode's sb, %lu.\n", di->i_ino);
+ }
+
+ /* assign types using the hierarchical scheme */
+
+#ifdef CONFIG_DTE_DEBUG
+ printk(KERN_NOTICE "dte_real_postlookup: looking up %s.\n", d->d_iname);
+#endif
+
+ c->map = NULL;
+ c->utype = c->etype = p->utype;
+ c->initialized = 1;
+
+ if (p->map && p->map->num_kids) {
+ c->map = mapnode_getkid(p->map, d->d_name.name);
+ if (c->map) {
+ if (c->map->etype)
+ c->etype = c->map->etype;
+ if (c->map->utype)
+ c->utype = c->map->utype;
+ }
+ }
+
+ if (create || !sb_sec->fp_ready) {
+ up(&c->s_sem);
+ return;
+ }
+
+ /*
+ * Read types from ea file
+ * We leave the mapnodes as are, but, if a valid type is found, we use
+ * that for both etype and utype
+ *
+ * An alternative would be to use it only for etype. Not sure which is
+ * best.
+ */
+ c->map = NULL;
+ if (sb_sec->ntypes<128) {
+ offset = sb_sec->offset+di->i_ino;
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = sb_sec->fp->f_op->read(sb_sec->fp, buf, 1, &offset);
+ set_fs(old_fs);
+ if (ret<0)
+ printk(KERN_NOTICE "dte_post_lookup: read(1) returned %d.\n", ret);
+ et = (int)(*((unsigned char *)buf));
+ } else {
+ offset = sb_sec->offset+2*di->i_ino;
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = sb_sec->fp->f_op->read(sb_sec->fp, buf, 2, &offset);
+ set_fs(old_fs);
+ if (ret<0)
+ printk(KERN_NOTICE "dte_post_lookup: read(2) returned %d.\n", ret);
+ et = (int)(*((unsigned short *)buf));
+ }
+
+ if (et!=sb_sec->ntypes) {
+ c->utype = c->etype = sb_sec->type_conv[et];
+ c->initialized = 1;
+ }
+ up(&c->s_sem);
+}
+
+void dte_post_lookup (struct inode *ino, struct dentry *d) {
+ dte_real_postlookup(ino, d, 0);
+}
+
+int dte_inode_alloc_security (struct inode *inode)
+{
+ struct dte_inode_sec *s;
+
+ s = inode->i_security = kmalloc(sizeof(struct dte_inode_sec), GFP_KERNEL);
+ if (!s)
+ panic("Out of memory, kmalloc failed.\n");
+ s->map = NULL;
+ s->etype = s->utype = NULL;
+ s->initialized = 0;
+ sema_init(&s->s_sem, 1);
+
+ return 0;
+}
+
+void dte_inode_free_security (struct inode *inode)
+{
+ if (inode->i_security)
+ kfree(inode->i_security);
+ inode->i_security = NULL;
+}
+
+/*
+ * we'll optimize this later
+ */
+inline int find_type_conv(char **conv_array, int array_size, char *type)
+{
+ int i;
+
+ for (i=0; i<array_size; i++) {
+ if (strcmp(conv_array[i], type)==0)
+ return i;
+ }
+
+ printk(KERN_ERR "dte: type not listed in superblock ea type list: %s.\n", type);
+ printk(KERN_ERR "dte: returning type 0, which is %s.\n", conv_array[0]);
+ return 0;
+}
+
+static void dte_inode_real_post_create (struct inode *inode, struct dentry *dentry)
+{
+ long long offset;
+ unsigned char buf[2];
+ int et, ret;
+ mm_segment_t old_fs;
+ unsigned short *usp;
+ struct dte_inode_sec *isec;
+ struct dte_sb_sec *sb_sec;
+
+ if (!dte_initialized)
+ return;
+ dte_real_postlookup(inode, dentry, 1);
+
+ sb_sec = (struct dte_sb_sec *)dentry->d_sb->s_security;
+
+ if (sb_sec->fp_ready) {
+ /* write ea */
+ isec = (struct dte_inode_sec *)dentry->d_inode->i_security;
+ et = find_type_conv(sb_sec->type_conv, sb_sec->ntypes, isec->etype);
+
+ if (sb_sec->ntypes<128) {
+ buf[0] = (unsigned char) et;
+ offset = sb_sec->offset+dentry->d_inode->i_ino;
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = sb_sec->fp->f_op->write(sb_sec->fp, buf, 1, &offset);
+ set_fs(old_fs);
+ if (ret<0)
+ printk(KERN_NOTICE "dte_post_lookup: write(1) returned %d.\n", ret);
+ } else {
+ usp = (unsigned short *) buf;
+ *usp = (unsigned short) et;
+ offset = sb_sec->offset+2*dentry->d_inode->i_ino;
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = sb_sec->fp->f_op->write(sb_sec->fp, buf, 2, &offset);
+ set_fs(old_fs);
+ if (ret<0)
+ printk(KERN_NOTICE "dte_post_lookup: write(2) returned %d.\n", ret);
+ }
+ }
+}
+
+void dte_inode_post_create (struct inode *inode, struct dentry *dentry, int mask)
+{
+ dte_inode_real_post_create(inode, dentry);
+}
+
+void dte_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+ int major, dev_t minor)
+{
+ dte_inode_real_post_create(inode, dentry);
+}
+
+void dte_inode_post_symlink (struct inode *inode, struct dentry *dentry,
+ const char *name)
+{
+ dte_inode_real_post_create(inode, dentry);
+}
+
+void dte_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ dte_inode_real_post_create(inode, dentry);
+}
+
+#ifdef CONFIG_DTE_VERBOSE
+#define DENY_ACCESS(str) { \
+ printk(KERN_NOTICE "denied: %s to %s as %s\n", ts->dte_domain->name, \
+ s->etype, str); \
+ return -EACCES;}
+#else
+#define DENY_ACCESS(str) {return -EACCES;}
+#endif
+
+#define BITCH_ACCESS(str) { \
+ printk(KERN_NOTICE "Would be denied: %s to %s as %s\n", ts->dte_domain->name, \
+ s->etype, str); \
+ return 0;}
+
+static inline int dte_bitch_inode_permission (struct inode *inode, int mask)
+{
+ struct dte_inode_sec *s = inode->i_security;
+ struct dte_task_sec *ts = current->security;
+ struct dte_domain_t *d;
+ struct dte_ta *ta;
+ int h;
+
+ if (!dte_initialized) return 0; /* only during setup, particularly
+ dte.conf and dteeaf */
+ if (!s || !s->etype) {
+ printk(KERN_NOTICE "dte_inode_permission: inode has no i_security or et.\n");
+ return 0;
+ }
+ if (!ts) {
+ printk(KERN_NOTICE "dte_inode_permission: task has no task_security.\n");
+ return 0;
+ }
+ d = ts->dte_domain;
+ if (!d) {
+ printk(KERN_NOTICE "dte_inode_permission: task has no dte_domain.\n");
+ return 0;
+ }
+ h = dte_hash(s->etype, ts->dte_domain->num_ta);
+ ta = &d->ta[h];
+ while (ta && ta->type != s->etype)
+ ta = ta->hash_next;
+ if (!ta) {
+ printk(KERN_NOTICE "dte_inode_permission: can't find type access. Would deny!\n");
+ return 0;
+ }
+ if (S_ISDIR(inode->i_mode)) {
+ if ((mask&MAY_EXEC) && !(dte_descend_access(ta->access)))
+ BITCH_ACCESS("dir x");
+ if ((mask&MAY_WRITE) && !(dte_create_access(ta->access)))
+ BITCH_ACCESS("dir w");
+ if ((mask&MAY_READ) && !(dte_readdir_access(ta->access)))
+ BITCH_ACCESS("dir r");
+ } else {
+ if ((mask&MAY_WRITE) && !(dte_fw_access(ta->access)))
+ BITCH_ACCESS("file w");
+ if ((mask&MAY_READ) && !(dte_fr_access(ta->access)))
+ BITCH_ACCESS("file r");
+ }
+ return 0;
+}
+
+static inline int dte_real_inode_permission(struct inode *inode, int mask)
+{
+ struct dte_inode_sec *s = inode->i_security;
+ struct dte_task_sec *ts = current->security;
+ struct dte_domain_t *d;
+ struct dte_ta *ta;
+ int h;
+
+ if (!dte_initialized) return 0; /* only during setup, particularly
+ dte.conf and dteeaf */
+ if (!s || !s->etype) {
+ return 0;
+ }
+ if (!ts) {
+ printk(KERN_NOTICE "dte_inode_permission: task has no task_security.\n");
+ return 0;
+ }
+ d = ts->dte_domain;
+ if (!d) {
+ printk(KERN_NOTICE "dte_inode_permission: task has no dte_domain.\n");
+ return 0;
+ }
+ h = dte_hash(s->etype, ts->dte_domain->num_ta);
+ ta = &d->ta[h];
+ while (ta && ta->type != s->etype)
+ ta = ta->hash_next;
+ if (!ta) {
+ return -EACCES;
+ }
+ if (S_ISDIR(inode->i_mode)) {
+ if ((mask&MAY_EXEC) && !(dte_descend_access(ta->access)))
+ DENY_ACCESS("dir x");
+ if ((mask&MAY_WRITE) && !(dte_create_access(ta->access)))
+ DENY_ACCESS("dir w");
+ if ((mask&MAY_READ) && !(dte_readdir_access(ta->access)))
+ DENY_ACCESS("dir r");
+ } else {
+ if ((mask&MAY_WRITE) && !(dte_fw_access(ta->access)))
+ DENY_ACCESS("file w");
+ if ((mask&MAY_READ) && !(dte_fr_access(ta->access)))
+ DENY_ACCESS("file r");
+ }
+ return 0;
+}
+
+int dte_inode_permission (struct inode *inode, int mask)
+{
+ if (dte_bitchmode)
+ return dte_bitch_inode_permission(inode, mask);
+ else
+ return dte_real_inode_permission(inode, mask);
+}
diff --minimal -Nru a/security/dte/module.c b/security/dte/module.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/module.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,162 @@
+/*
+ * security/dte/module.c
+ * DTE security module functions. These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+extern int dte_initialized;
+extern struct dte_map_node *dte_root_mapnode;
+extern struct dte_domain_t *default_domain;
+
+/* a version of walk_dcache_tree which also crosses mounts */
+/* it's called only at dte init, so it also sets up the superblocks */
+void dte_walk_dcache_tree_full(struct vfsmount *pmnt, struct dentry *parent)
+{
+ struct dentry *this_parent = parent;
+ struct vfsmount *mnt;
+ struct list_head *next;
+ mm_segment_t old_fs;
+
+ /*
+ * check for external attributes file
+ * handle the 'true parent' hookups
+ */
+ printk(KERN_NOTICE "dte_walk_dcache_tree_full: called on %s.\n",
+ pmnt->mnt_devname);
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ dte_setup_eafile(pmnt->mnt_sb, pmnt);
+ set_fs(old_fs);
+ hierarchical_setup(pmnt);
+ printk(KERN_NOTICE "dte_walk_dcache_tree_full: did setup on %s.\n",
+ pmnt->mnt_devname);
+
+repeat:
+ next = this_parent->d_subdirs.next;
+resume:
+ while (next != &this_parent->d_subdirs) {
+ struct list_head *tmp = next;
+ struct dentry *dentry = list_entry(tmp, struct dentry, d_child);
+ next = tmp->next;
+
+ if (dentry->d_inode) {
+#ifdef CONFIG_DTE_DEBUG
+ printk(KERN_NOTICE "dte_walk_dcache_tree_full: allocing sec on %s.\n",
+ dentry->d_iname);
+#endif
+ dte_inode_alloc_security(dentry->d_inode);
+#ifdef CONFIG_DTE_DEBUG
+ printk(KERN_NOTICE "dte_walk_dcache_tree_full: starting lookup on %s.\n",
+ dentry->d_iname);
+#endif
+ dte_post_lookup(this_parent->d_inode, dentry);
+#ifdef CONFIG_DTE_DEBUG
+ printk(KERN_NOTICE "dte_walk_dcache_tree_full: finished lookup on %s.\n",
+ dentry->d_iname);
+#endif
+ }
+ if (dentry->d_mounted) {
+ mnt = lookup_mnt(pmnt, dentry);
+ /* if it's a bind or we've already assigned this fs, skip */
+ if (mnt && !mnt->mnt_root->d_inode->i_security &&
+ mnt->mnt_root == mnt->mnt_sb->s_root) {
+ printk(KERN_NOTICE "dte_walk_dcache_tree_full: setting root for %s.\n",
+ mnt->mnt_devname);
+ dte_copy_ino_sec(dentry->d_inode, mnt->mnt_root->d_inode);
+ printk(KERN_NOTICE "dte_walk_dcache_tree_full: descending to %s.\n",
+ mnt->mnt_devname);
+ dte_walk_dcache_tree_full(mnt, mnt->mnt_root);
+ } else if (mnt) {
+ printk(KERN_NOTICE "walk_dcache_tree_full: not descending %s.\n",
+ mnt->mnt_devname);
+ if (mnt->mnt_root->d_inode->i_security) {
+ printk(KERN_NOTICE "walk_dcache_tree_full: i_sec set for %s.\n",
+ mnt->mnt_devname);
+ }
+ if (mnt->mnt_root != mnt->mnt_sb->s_root) {
+ printk(KERN_NOTICE "walk_dcache_tree_full: s_root!=mnt_root,%s.\n",
+ mnt->mnt_devname);
+ }
+ } else {
+ printk(KERN_NOTICE "walk_dcache_tree_full: no mnt under %s,%s.\n",
+ pmnt->mnt_devname, dentry->d_iname);
+ }
+ }
+ if (!list_empty(&dentry->d_subdirs)) {
+ this_parent = dentry;
+ goto repeat;
+ }
+ }
+ /*
+ * All done at this level ... ascend and resume the search.
+ */
+ if (this_parent != parent) {
+ next = this_parent->d_child.next;
+ this_parent = this_parent->d_parent;
+ goto resume;
+ }
+/* spin_unlock(&dcache_lock);*/
+}
+
+void setup_dte_module(void)
+{
+ struct vfsmount *root_mnt;
+ struct super_block *root_sb;
+ struct dte_sb_sec *root_sbsec;
+ struct task_struct *taskp;
+ struct dte_task_sec *task_sec;
+ struct dte_inode_sec *root_ino_sec;
+
+ read_dte_config();
+
+ dte_setup_gateways();
+ if (dte_c_maptohash(dte_root_mapnode)!=1) {
+ printk(KERN_EMERG "Uh-oh : Trouble hashing mapnodes.\n");
+ }
+
+ /*
+ * Might want to work on making the next step more intelligent: Try to
+ * assign the *appropriate* domains?
+ */
+ lock_kernel();
+ for_each_task(taskp) {
+ taskp->security = kmalloc(sizeof(struct dte_task_sec), GFP_KERNEL);
+ task_sec = (struct dte_task_sec *)taskp->security;
+ task_sec->dte_domain = default_domain;
+ task_sec->dte_back = NULL;
+ }
+
+ root_mnt = current->fs->rootmnt;
+ root_sb = root_mnt->mnt_sb;
+ dte_sb_alloc_security(root_sb);
+ root_sbsec = (struct dte_sb_sec *)root_sb->s_security;
+
+ dte_inode_alloc_security(root_mnt->mnt_root->d_inode);
+ root_ino_sec = (struct dte_inode_sec *)
+ root_mnt->mnt_root->d_inode->i_security;
+ root_ino_sec->map = dte_root_mapnode;
+ root_ino_sec->etype = dte_root_mapnode->etype;
+ root_ino_sec->utype = dte_root_mapnode->utype;
+
+ dte_initialized = 1;
+ dte_walk_dcache_tree_full(root_mnt, root_sb->s_root);
+ unlock_kernel();
+}
+
diff --minimal -Nru a/security/dte/mount.c b/security/dte/mount.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/mount.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,501 @@
+/*
+ * security/dte/mount.c
+ * DTE security module functions. These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+extern int dte_initialized;
+extern int num_dte_mount_r;
+extern struct dte_mntr **dte_mount_r;
+extern struct dte_map_node *dte_root_mapnode;
+extern int dte_bitchmode;
+extern struct dte_domain_t *dte_init_domain;
+
+static int xtoi(char *c)
+{
+ int ret = 0;
+
+ while (*c==' ') c++;
+
+ while (*c!='\n' && *c!='\0' && *c!=' ') {
+ ret *= 16;
+ switch(*c) {
+ case 'a':
+ case 'A': ret += 10; break;
+ case 'b':
+ case 'B': ret += 11; break;
+ case 'c':
+ case 'C': ret += 12; break;
+ case 'd':
+ case 'D': ret += 13; break;
+ case 'e':
+ case 'E': ret += 14; break;
+ case 'f':
+ case 'F': ret += 15; break;
+ default: ret += ((*c)-'0');
+ }
+ c++;
+ }
+ return ret;
+}
+
+/* allocate and free the super-block's DTE security blob */
+int dte_sb_alloc_security (struct super_block *sb)
+{
+ struct dte_sb_sec *sb_sec;
+
+ /* temp test */
+ printk(KERN_NOTICE "dte_sb_alloc_security: called on (%3d,%3d).\n",
+ major(sb->s_dev), minor(sb->s_dev));
+ if (sb->s_security)
+ panic("dte_sb_alloc_security: already alloc'ed!\n");
+ /* end temp test */
+ sb_sec = sb->s_security = kmalloc(sizeof(struct dte_sb_sec), GFP_KERNEL);
+ if (!sb_sec) {
+ panic("dte_sb_alloc_security: out of memory.");
+ }
+ memset(sb_sec,0,sizeof(struct dte_sb_sec));
+ sb_sec->fp = kmalloc(sizeof(struct file), GFP_KERNEL);
+ sema_init(&sb_sec->s_sem, 1);
+ return 0;
+}
+
+void dte_sb_free_security (struct super_block *sb)
+{
+ struct dte_sb_sec *sb_sec;
+
+ printk(KERN_NOTICE "dte_sb_free_security: starting (%3d,%3d).\n",
+ major(sb->s_dev), minor(sb->s_dev));
+ sb_sec = (struct dte_sb_sec *)sb->s_security;
+ sb_sec->initialized=0;
+ kfree(sb_sec->type_conv);
+ kfree(sb_sec);
+ sb->s_security = NULL;
+ printk(KERN_NOTICE "dte_sb_free_security: done (%3d,%3d).\n",
+ major(sb->s_dev), minor(sb->s_dev));
+}
+
+/*
+ * Look for the ea file
+ * It will be in the root directory, named 'dteeaf'
+ *
+ * Note: mnt is null only when called from post_mountroot, in which case
+ * sb->s_root is in fact root, and there's no fallback for deftype other
+ * than the default utype (no parent inode)
+ */
+void dte_setup_eafile(struct super_block *sb, struct vfsmount *mnt)
+{
+ char *devname;
+ struct dentry *dentry;
+ char buf[1024], *bufp, *bufp2;
+ struct dte_sb_sec *sb_sec;
+ struct dte_inode_sec *p;
+ long long offset;
+ int i, err;
+ struct file *fp;
+
+ if (!dte_initialized)
+ return;
+
+ sb_sec = sb->s_security;
+ if (!sb_sec) {
+ printk(KERN_ERR "dte_setup_eafile: no s_security on the superblock! (%3d/%3d)\n",
+ major(sb->s_dev), minor(sb->s_dev));
+ dte_sb_alloc_security(sb);
+ sb_sec = (struct dte_sb_sec *)sb->s_security;
+ }
+ if (sb_sec->initialized)
+ return;
+
+ if (mnt) {
+ p = (struct dte_inode_sec *)
+ mnt->mnt_mountpoint->d_inode->i_security;
+ devname = mnt->mnt_devname;
+ dentry = lookup_one_len("dteeaf", mnt->mnt_root, 6);
+ err = PTR_ERR(dentry);
+ if (IS_ERR(dentry) || !dentry->d_inode) {
+ printk(KERN_NOTICE "dte_setup_eafile: error opening ea file for %s, %d.\n",
+ devname, err);
+ return;
+ }
+ } else {
+ devname = "/dev/root";
+ dentry = lookup_one_len("dteeaf", sb->s_root, 6);
+ err = PTR_ERR(dentry);
+ if (IS_ERR(dentry) || !dentry->d_inode) {
+ printk(KERN_NOTICE "dte_setup_eafile: error opening ea file for %s, %d.\n",
+ devname, err);
+ return;
+ }
+ }
+
+ err = init_private_file(sb_sec->fp, dentry, FMODE_READ|FMODE_WRITE);
+ fp = sb_sec->fp;
+ fp->f_flags = O_RDWR | O_SYNC;
+ if (err)
+ {
+ printk(KERN_NOTICE "dte_setup_eafile: no dte ea file for %s, %d.\n",
+ devname, err);
+ } else if (!fp->f_op || !fp->f_op->read || !fp->f_op->write) {
+ printk(KERN_NOTICE "dte_setup_eafile: no rw support for %s's ea file.\n",
+ devname);
+ dput(fp->f_dentry);
+ } else {
+ /* read type table from the ea file */
+ offset = 0;
+ fp->f_op->read(fp, buf, 1024, &offset);
+ sb_sec->ntypes = xtoi(buf);
+ printk(KERN_NOTICE "dte_setup_eafile: there were %d types, buf %4s.\n",
+ sb_sec->ntypes, buf);
+ sb_sec->type_conv = kmalloc(sb_sec->ntypes*sizeof(char *), GFP_KERNEL);
+ memset(sb_sec->type_conv, 0, sb_sec->ntypes*sizeof(char *));
+ bufp2 = bufp = buf+4;
+ for (i=0; i<sb_sec->ntypes; i++) {
+ while (*bufp2!='\n') bufp2++;
+ sb_sec->type_conv[i] = dte_get_type(bufp, bufp2);
+ if (!sb_sec->type_conv[i]) {
+ *bufp2 = '\0';
+ panic("dev %s: can't find type number %d, %s.\n",
+ devname, i, bufp);
+ }
+ bufp = ++bufp2;
+ }
+ sb_sec->offset = bufp2-buf;
+ sb_sec->initialized = 1;
+ sb_sec->fp_ready = 1;
+ }
+ printk(KERN_NOTICE "dte_setup_eafile: done\n");
+}
+
+/*
+ * hierarchical_setup: hook up the superblock->true_parents.
+ * called from dte_post_addmount, dte_post_mountroot, and
+ * dte_walk_dcache_tree_full.
+ * only wants to run on first mount of a device.
+ */
+void hierarchical_setup(struct vfsmount *mnt)
+{
+ struct dte_mntr *r;
+ struct nameidata nd2;
+ char path[500], devp[500];
+ long retval=0;
+ struct super_block *sb = mnt->mnt_sb;
+ struct dte_sb_sec *sb_sec;
+
+ if (!dte_initialized)
+ return;
+ sb_sec = (struct dte_sb_sec *)sb->s_security;
+ if (atomic_read(&sb->s_active)>1 && sb_sec && sb_sec->mnt_parent)
+ return;
+
+ if (!sb_sec) {
+ printk(KERN_ERR "hierarch_setup: no s_security on the superblock! (%3d/%3d)\n",
+ major(sb->s_dev), minor(sb->s_dev));
+ dte_sb_alloc_security(sb);
+ sb_sec = (struct dte_sb_sec *)sb->s_security;
+ }
+ /* here's one of the saddest parts about doing this with lsm:
+ * I have to find the mntr a second time
+ */
+ if (num_dte_mount_r) {
+ sprintf(devp,"%3d,%3d",major(sb->s_dev),minor(sb->s_dev));
+ /*
+ * now look for a restriction on this device ...
+ */
+ r = dte_mount_r[dte_hash(devp,num_dte_mount_r)];
+ while (r && strcmp(devp,r->summ))
+ r = r->hash_next;
+ } else {
+ /* no pretends, use the given parents */
+ sb_sec->mnt_parent = mntget(mnt->mnt_parent);
+ sb_sec->mountpoint = dget(mnt->mnt_mountpoint);
+ return;
+ }
+
+ if (r && r->how=='p') {
+ /*
+ * got a pretend mount to hook up
+ */
+ /* make sure we check against the real pathname, no bind trickery */
+ printk(KERN_NOTICE "hooking up pretend for %s.\n",devp);
+ if (path_init(r->path,
+ LOOKUP_FOLLOW|LOOKUP_POSITIVE|LOOKUP_DIRECTORY, &nd2))
+ retval = path_walk(r->path, &nd2);
+ if (retval) {
+ printk(KERN_NOTICE "dte_mount: path pretend %s does not exist!\n",
+ r->path);
+ /* so use the given parents */
+ sb_sec->mnt_parent = mntget(mnt->mnt_parent);
+ sb_sec->mountpoint = dget(mnt->mnt_mountpoint);
+ } else {
+ /* debug */
+ dte_d_path(nd2.dentry,nd2.mnt,path,500);
+ printk(KERN_NOTICE "dte_mount: mounting %s at %s.\n",devp,path);
+ /* /debug */
+ sb_sec->mnt_parent = mntget(nd2.mnt);
+ sb_sec->mountpoint = dget(nd2.dentry);
+ path_release(&nd2);
+ }
+ }
+}
+
+static void dte_walk_dcache_tree(struct dentry *parent)
+{
+ struct dentry *this_parent = parent;
+ struct list_head *next;
+
+repeat:
+ next = this_parent->d_subdirs.next;
+resume:
+ while (next != &this_parent->d_subdirs) {
+ struct list_head *tmp = next;
+ struct dentry *dentry = list_entry(tmp, struct dentry, d_child);
+ next = tmp->next;
+
+ if (dentry->d_inode) {
+ dte_inode_alloc_security(dentry->d_inode);
+ dte_post_lookup(this_parent->d_inode, dentry);
+ }
+ if (!list_empty(&dentry->d_subdirs)) {
+ this_parent = dentry;
+ goto repeat;
+ }
+ }
+ /*
+ * All done at this level ... ascend and resume the search.
+ */
+ if (this_parent != parent) {
+ next = this_parent->d_child.next;
+ this_parent = this_parent->d_parent;
+ goto resume;
+ }
+}
+
+void dte_post_mountroot (void)
+{
+ struct super_block *sb;
+ struct dte_inode_sec *s;
+ struct dte_task_sec *task_sec;
+ struct task_struct *p;
+ mm_segment_t old_fs;
+
+ read_dte_config();
+ if (!current->fs || !current->fs->rootmnt || !current->fs->rootmnt->mnt_sb) {
+ printk(KERN_NOTICE "dte_post_mountroot: no sb\n");
+ return;
+ }
+ sb = current->fs->rootmnt->mnt_sb;
+ if (!sb->s_root || !sb->s_root->d_inode) {
+ printk(KERN_NOTICE "dte_post_mountroot: dammit, no root d or inode.\n");
+ return;
+ }
+ s = sb->s_root->d_inode->i_security;
+ s->map = dte_root_mapnode;
+ s->etype = dte_root_mapnode->etype;
+ s->utype = dte_root_mapnode->utype;
+
+ if (dte_c_maptohash(dte_root_mapnode)!=1) {
+ printk(KERN_EMERG "Uh-oh : Trouble hashing mapnodes.\n");
+ }
+
+ dte_walk_dcache_tree(sb->s_root);
+
+ /*
+ * assign default label to running processes, of which there should
+ * be two : idle task and init
+ */
+ for_each_task(p) {
+ p->security = kmalloc(sizeof(struct dte_task_sec), GFP_KERNEL);
+ task_sec = (struct dte_task_sec *)p->security;
+ task_sec->dte_domain = dte_init_domain;
+ task_sec->dte_back = NULL;
+ }
+
+ /* setup gateways (for auto switches) from entry point data */
+ dte_setup_gateways();
+
+ if (!dte_root_mapnode || !dte_root_mapnode->etype ||
+ !dte_root_mapnode->utype)
+ panic("Whoa: DTE: no root etype/utype set. Stopping.\n");
+
+#ifdef CONFIG_DTE_VERBOSE
+ show_dte();
+#endif
+
+ printk(KERN_NOTICE "dte_post_mountroot: almost finished.\n");
+ dte_initialized = 1;
+ /* external attribute file setup */
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ dte_setup_eafile(sb, NULL);
+ set_fs(old_fs);
+ /* hierarchical type assignment setup */
+ hierarchical_setup(current->fs->rootmnt);
+ printk(KERN_NOTICE "dte_post_mountroot: finished.\n");
+}
+
+void dte_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+{
+ struct dte_inode_sec *p;
+ struct dentry *mntroot = mnt->mnt_root;
+ mm_segment_t old_fs;
+
+ if (!dte_initialized)
+ return ;
+
+ printk(KERN_NOTICE "dte_post_addmount: Called on %s.\n",
+ mnt->mnt_devname);
+ if (!mnt->mnt_root) {
+ printk(KERN_NOTICE "dte_post_addmount: no root dentry for dev %s.\n",
+ mnt->mnt_devname);
+ return;
+ }
+
+ /*
+ * check for external attributes file
+ */
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ dte_setup_eafile(mnt->mnt_sb, mnt);
+ set_fs(old_fs);
+
+ /*
+ * handle the 'true parent' hookups
+ */
+ hierarchical_setup(mnt);
+
+ /*
+ * lots of oops checks, but mainly just set the security and type info
+ * on the root inode
+ */
+ if (!mntroot->d_inode) {
+ printk(KERN_NOTICE "dte_post_addmount: no inode for root dentry for %s.\n",
+ mnt->mnt_devname);
+ return;
+ }
+ p = (struct dte_inode_sec *)mntroot->d_inode->i_security;
+ if (!p) {
+ /* this would only happen if dte was not yet initialized when
+ * the fs was first loaded */
+ printk(KERN_NOTICE
+ "dte_post_addmount: root dentry+inode, but no i_sec for %s.\n",
+ mnt->mnt_devname);
+ printk(KERN_NOTICE
+ "dte_post_addmount: this is for inode %lu, dentry %s.\n",
+ mntroot->d_inode->i_ino, mntroot->d_name.name);
+ dte_copy_ino_sec(nd->dentry->d_inode, mntroot->d_inode);
+ dte_walk_dcache_tree(mntroot);
+ return;
+ }
+
+ if (p->etype)
+ return;
+ dte_copy_ino_sec(nd->dentry->d_inode, mntroot->d_inode);
+}
+
+int dte_mount (char * dev_name, struct nameidata *nd, char * type,
+ unsigned long flags, void * data)
+{
+ return 0;
+}
+
+int dte_umount (struct vfsmount *mnt, int flags)
+{
+ struct super_block *sb = mnt->mnt_sb;
+ struct dte_sb_sec *sb_sec = sb->s_security;
+
+ printk(KERN_NOTICE "dte_umount: cleaning up ea fp and parents for %s (0).\n",
+ mnt->mnt_devname);
+ down(&sb_sec->s_sem);
+ if (atomic_read(&sb->s_active) != 1) {
+ up(&sb_sec->s_sem);
+ return 0;
+ }
+ if (!sb_sec) {
+ up(&sb_sec->s_sem);
+ return 0;
+ }
+ if (!sb_sec->mountpoint) {
+ up(&sb_sec->s_sem);
+ return 0;
+ }
+
+ printk(KERN_NOTICE "dte_umount: cleaning up ea fp and parents for %s (1).\n",
+ mnt->mnt_devname);
+ if (sb_sec->fp_ready) {
+ printk(KERN_NOTICE "dte_umount: dput'ing eafp.\n");
+ dput(sb_sec->fp->f_dentry);
+ sb_sec->fp_ready = 0;
+ printk(KERN_NOTICE "dte_umount: dput'ed eafp.\n");
+ }
+ if (sb_sec->fp) {
+ kfree(sb_sec->fp);
+ sb_sec->fp = NULL;
+ }
+ dput(sb_sec->mountpoint);
+ mntput(sb_sec->mnt_parent);
+ sb_sec->mountpoint = NULL;
+ sb_sec->mnt_parent = NULL;
+ printk(KERN_NOTICE "dte_umount: done with %s (2).\n",
+ mnt->mnt_devname);
+ up(&sb_sec->s_sem);
+ return 0;
+}
+
+int dte_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+ struct super_block *sb = mnt->mnt_sb;
+ struct dte_mntr *r;
+ char path[500];
+ char devp[500];
+ int retval;
+
+#ifdef CONFIG_DTE_VERBOSE
+ printk(KERN_NOTICE "dte_check_sb: called (%3d,%3d).\n",
+ major(sb->s_dev),minor(sb->s_dev));
+#endif
+
+ if (dte_initialized && num_dte_mount_r) {
+ retval = -EPERM;
+
+ sprintf(devp,"%3d,%3d",major(sb->s_dev),minor(sb->s_dev));
+
+ /*
+ * now look for a restriction on this device ...
+ */
+ r = dte_mount_r[dte_hash(devp,num_dte_mount_r)];
+ while (r && strcmp(devp,r->summ) && r->hash_next)
+ r = r->hash_next;
+ if (r && strcmp(devp, r->summ)==0) {
+ dte_d_path(nd->dentry, nd->mnt, path, 500);
+ if (r->how=='r' && strcmp(r->path, path)) {
+ printk(KERN_NOTICE "dte_check_sb: dte forbids mounting %s except at %s.\n",
+ r->summ, r->path);
+/* up(&nd.dentry->d_inode->i_zombie);*/
+ if (dte_bitchmode) {
+ printk(KERN_NOTICE "dte_check_sb: would deny.\n");
+ return 0;
+ }
+ return retval;
+ }
+ }
+ }
+ return 0;
+}
diff --minimal -Nru a/security/dte/path.c b/security/dte/path.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/path.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,277 @@
+/*
+ * security/dte/path.c
+ * DTE security module functions. These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+struct dte_map_node *dte_root_mapnode;
+int num_dte_map_nodes;
+extern kmem_cache_t *dte_map_cache; /* dte_map_node cache */
+
+/*
+* dte_d_path:
+* This version of __d_path follows the dte rules for deciding a
+* pathname. It always uses the real root, and (when implemented, will)
+* follows the pretend mounts.
+ */
+char * dte_d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
+ char *buffer, int buflen)
+{
+ char * end = buffer+buflen;
+ char * retval;
+ int namelen;
+ struct dte_sb_sec *sb_sec;
+
+ *--end = '\0';
+ buflen--;
+ if (!IS_ROOT(dentry) && list_empty(&dentry->d_hash)) {
+ buflen -= 10;
+ end -= 10;
+ memcpy(end, " (deleted)", 10);
+ }
+
+ /* Get '/' right */
+ retval = end-1;
+ *retval = '/';
+
+ if (!dentry)
+ panic("dentry is NULL.\n");
+ if (!vfsmnt)
+ panic("vfsmnt is NULL.\n");
+
+ for (;;) {
+ struct dentry * parent;
+
+ if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
+ /* Global root? */
+ if (vfsmnt->mnt_parent == vfsmnt)
+ goto global_root;
+
+ sb_sec = (struct dte_sb_sec *)vfsmnt->mnt_sb->s_security;
+ if (!sb_sec) {
+ printk(KERN_ERR "at %s(maj %d/min %d): superblock has no dte_sec.\n",
+ dentry->d_iname, major(vfsmnt->mnt_sb->s_dev),
+ minor(vfsmnt->mnt_sb->s_dev));
+ dentry = vfsmnt->mnt_mountpoint;
+ vfsmnt = vfsmnt->mnt_parent;
+ } else {
+ dentry = sb_sec->mountpoint;
+ vfsmnt = sb_sec->mnt_parent;
+ }
+ continue;
+ }
+ parent = dentry->d_parent;
+ namelen = dentry->d_name.len;
+ buflen -= namelen + 1;
+ if (buflen < 0)
+ break;
+ end -= namelen;
+ memcpy(end, dentry->d_name.name, namelen);
+ *--end = '/';
+ retval = end;
+ dentry = parent;
+ }
+global_root:
+ namelen = dentry->d_name.len;
+ buflen -= namelen;
+ if (buflen >= 0) {
+ retval -= namelen-1; /* hit the slash */
+ memcpy(retval, dentry->d_name.name, namelen);
+ }
+ return retval;
+}
+
+#define map_strcmp(node, str, inlen) \
+ (strncmp(node->name, str, inlen)!=0 || inlen!=node->namelen)
+
+/*
+ * called in read_policy.c:read_ta()
+ */
+struct dte_map_node *dte_find_map_node_create(char *path)
+{
+ int done, len;
+ char *ptr, *ptre; /* string pointer, end of string pointer */
+ struct dte_map_node *c, *p; /* child, parent map nodes */
+ struct dte_map_node *tn, *tp; /* temp map node, and its hashprev */
+ char *str;
+
+ ptre=path;
+ /* we insist on having full pathnames! */
+ if (*ptre!='/') {
+ panic("dte_find_map_node - sent pathname w/out leading /");
+ }
+
+ if (!num_dte_map_nodes)
+ panic("dte_find_map_node_create: root map node not yet created!\n");
+
+ done = 0;
+ p = dte_root_mapnode;
+ while (!done) {
+ ptr = ++ptre;
+ while (*ptre!='/' && *ptre!='\0') ptre++;
+ if (*ptre=='\0') done=1;
+ len = ptre-ptr;
+ if (len<=1) continue;
+ if (!p->num_kids) {
+ p->kids = kmalloc(sizeof(struct dte_map_node **),GFP_KERNEL);
+ if (!p->kids) {
+ printk(KERN_NOTICE "dte-map-create: out of memory.\n");
+ return 0;
+ }
+ p->kids[0] = NULL;
+ }
+ tn = tp = p->kids[0];
+ if (!tn) {
+ /* The parent map node has no children yet */
+ c = kmem_cache_alloc(dte_map_cache, GFP_KERNEL);
+ if (!c)
+ panic("dte_find_map_node_create: out of memory.\n");
+ p->kids[0] = c;
+ p->num_kids = 1;
+ c->etype = c->utype = NULL;
+ c->hash_next = NULL;
+ c->kids = NULL;
+ c->num_kids = 0;
+ str = kmalloc(NAME_ALLOC_LEN(len), GFP_KERNEL);
+ if (!str)
+ panic("dte_find_map_node_create: out of memory.\n");
+ memcpy(str,ptr,len);
+ str[len]=0;
+ c->name = str;
+ c->namelen = len;
+ p = c;
+ continue;
+ }
+ while (tn) {
+ if (map_strcmp(tn,ptr,len)==0) {
+ /* this map node exists */
+ p = tn;
+ break;
+ }
+ tp = tn;
+ tn = tn->hash_next;
+ }
+ if (tn)
+ /* this piece existed and we've set the parentmap (p) */
+ continue;
+ /* this piece does not exist in the map node tree yet. */
+ tp->hash_next = kmem_cache_alloc(dte_map_cache, GFP_KERNEL);
+ tp = tp->hash_next;
+ if (!tp) {
+ printk(KERN_NOTICE "dte_find_map_node_create: out of memory.\n");
+ return 0;
+ }
+ tp->etype = tp->utype = NULL;
+ tp->hash_next = NULL;
+ tp->kids = NULL;
+ tp->num_kids = 0;
+ str = (char *) kmalloc(NAME_ALLOC_LEN(len), GFP_KERNEL);
+ if (!str) {
+ printk(KERN_NOTICE "dte_find_map_node_create: out of memory.\n");
+ return NULL;
+ }
+ memcpy(str,ptr,len);
+ str[len]=0;
+ tp->name = str;
+ tp->namelen = len;
+ /* can't yet create accurate hash: don't know num_kids for sure */
+ p->num_kids++;
+ p = tp;
+ }
+ return p;
+}
+
+/* convert the map_node tree to a hash table. We keep the siblings
+ * as a linked list while reading it in
+ *
+ * this requires at dte_read_policy:
+ * mapnode->hash_next = NULL;
+ */
+int dte_c_maptohash(struct dte_map_node *p)
+{
+ struct dte_map_node *tmp;
+ struct dte_map_node **tmparray;
+ int i, lo;
+ unsigned int h;
+
+ if (!p->num_kids) return 0;
+
+ /* first realloc the parent's child array from 1 to num_kids */
+ tmparray = kmalloc((p->num_kids*sizeof(struct dte_map_node *)),
+ GFP_KERNEL);
+ if (!tmparray) {
+ printk(KERN_NOTICE "dte_c_maptohash: out of mem.\n");
+ return -ENOMEM;
+ }
+ tmparray[0] = p->kids[0];
+ kfree(p->kids);
+ tmp = tmparray[0];
+ for (i=1; i<p->num_kids; i++) {
+ tmp = tmp->hash_next;
+ tmparray[i] = tmp;
+ }
+
+ p->kids = kmalloc((p->num_kids*sizeof(struct dte_map_node *)),
+ GFP_KERNEL);
+ if (!p->kids) {
+ printk(KERN_NOTICE "dte_c_maptohash: out of mem.\n");
+ return -ENOMEM;
+ }
+ memset(p->kids,0,p->num_kids*sizeof(struct dte_map_node *));
+
+ lo = 0;
+ for (i=0; i<p->num_kids; i++) {
+ h = dte_hash(tmparray[i]->name,p->num_kids);
+ tmp = p->kids[h];
+ while (tmp && tmp->hash_next)
+ tmp = tmp->hash_next;
+ if (tmp) {
+ while (p->kids[lo])
+ lo++;
+ p->kids[lo] = tmparray[i];
+ tmp->hash_next = tmparray[i];
+ tmp->hash_next->hash_next = NULL;
+ lo++;
+ } else {
+ p->kids[h] = tmparray[i];
+ p->kids[h]->hash_next = NULL;
+ }
+ }
+ kfree(tmparray);
+
+ for (i=0; i<p->num_kids; i++)
+ dte_c_maptohash(p->kids[i]);
+
+ return 1;
+}
+
+struct dte_map_node *mapnode_getkid(struct dte_map_node *m,
+ const unsigned char *name)
+{
+ struct dte_map_node *tmp;
+ unsigned int h;
+
+ h = dte_hash(name, m->num_kids);
+ tmp = m->kids[h];
+ while (tmp && strcmp(name, tmp->name)!=0)
+ tmp = tmp->hash_next;
+
+ return tmp;
+}
diff --minimal -Nru a/security/dte/read_policy.c b/security/dte/read_policy.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/read_policy.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1448 @@
+/*
+ * security/dte/read_policy.c
+ * DTE security module functions. These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn <hallyn@cs.wm.edu>
+ */
+
+/*
+ * CONFIG_DTE_VERBOSE: prints some helpful info, ie when access is denied
+ * CONFIG_DTE_DEBUG: prints painful amount of debugging info
+ */
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+kmem_cache_t *dte_type_cache, /* cache of typenames */
+*dte_path_cache, /* cache of pathnames */
+*dte_domain_cache,/* cache of domains */
+*dte_ep_cache, /* entry point cache */
+*dte_ea_cache, /* entry access cache */
+*dte_sa_cache, /* signal access cache */
+*dte_mntr_cache, /* mount restricts */
+*dte_map_cache; /* dte_map_node cache */
+
+/*
+ * Secondary_ops to allow using capability, and hopefully the openwall
+ * modules as secondary modules. Needless to say, example gratefully
+ * taken from selinux.
+ */
+extern struct security_operations *dte_secondary_ops;
+
+/*
+ * SECTION
+ * dte_types pretends to be an array of typenames.
+ *
+ * we grab space for the actual names out of a kernel cache. when
+ * we grab a slab, dte_type_names points to the start of it. As we
+ * add typenames, dte_type_names move to point to the first free spot
+ * in the slab, and sizeof_type_names lists the free space left in the
+ * slab.
+ *
+ * num_dte_types gives the number of types. It can't grow
+ * larger than pagesize (8192)/sizeof(char*), because
+ * the array sits on a 4096-byte kernel page
+ *
+ * The same layout is used for dte pathnames.
+ */
+char **dte_types, **dte_paths; /* arrays pointing to actual names */
+char *dte_type_names; /* only used at boot, this is where dte_types \ */
+char *dte_path_names; /* and dte_paths point into */
+int num_dte_types, num_dte_paths;
+int sizeof_dte_types, sizeof_dte_paths; /* space used in current 4096k block */
+
+extern struct dte_map_node *dte_root_mapnode;
+extern int num_dte_map_nodes;
+
+struct dte_mntr **dte_mount_r;
+int num_dte_mount_r;
+
+int dte_initialized;
+int dte_debug;
+struct dte_domain_t *dte_init_domain;
+struct dte_domain_t **dte_domains; /* 8192 bytes */
+int num_dte_domains;
+int dte_bitchmode;
+
+/*
+ * DTE really should not be compiled as a module. The reason is that there is
+ * no good way to determine domains for running processes, or types for loaded
+ * files.
+ *
+ * Domains for running processes could be solved by running through the process
+ * tree, and determining labels based upon the name of the executed file. Two
+ * problems are the determination of the exec'd filename, and the possibility
+ * of a parent process dying before the child. The child's parent will be
+ * reassigned, and the result could be completely wrong.
+ *
+ * For now (perhaps forever), if you insist on using dte as a module, all
+ * running processes will be assigned a default domain. My first solution, to
+ * get this running, is to use init_domain as default_domain. If it seems
+ * worth it, I could make it separately specifiable in the config file.
+ *
+ * I'm afraid just starting at root and walking the whole path *is* the best
+ * solution for setting up the inode->type and inode->mapnode pointers. Since
+ * "rootfs" is a loose concept these days, I will simply use the rootfs of the
+ * process loading the module. Who knows, maybe it'll allow for some cool
+ * trickery of setting up a new namespace before setting up dte.
+ */
+struct dte_domain_t *default_domain;
+
+#define DTE_DEBUG(x) printk(KERN_NOTICE x);
+#define DTE_DEBUG2(x,y) printk(KERN_NOTICE x,y);
+#define DTE_NO_MEM(x) { \
+ printk(KERN_NOTICE "%s: out of memory", x); \
+ return 0; \
+}
+
+static int atoi(char *c, char *ce)
+{
+ int ret = 0;
+
+ while (c<ce) {
+ ret *= 10;
+ ret += ((*c)-'0');
+ c++;
+ }
+ return ret;
+}
+
+unsigned int dte_hash(const char *s, int n)
+{
+ unsigned int sum;
+
+ if (!s) return 0;
+ sum = *s++;
+ while (*s) {
+ sum = (sum << 4) | (sum >> (8*sizeof(unsigned long)-4));
+ sum ^= *s++;
+ }
+ return (sum % (unsigned int)n);
+}
+
+unsigned int dte_hash_c(char *c, char *ce, int n)
+{
+ unsigned int sum;
+
+ if (!c || !ce) return 0;
+ sum = *c++;
+ while (c < ce) {
+ sum = (sum << 4) | (sum >> (8*sizeof(unsigned long)-4));
+ sum ^= *c++;
+ }
+ return (sum % (unsigned int)n);
+}
+
+static int strcmp_c(char *s, char *c, char *ce)
+{
+ while (c<ce) {
+ if (*s++!=*c++)
+ return 1;
+ }
+ if (*s!='\0')
+ return 1;
+ return 0;
+}
+
+static int dte_add_typename(char *s, char *e)
+{
+ int len = e-s;
+
+ if (sizeof_dte_types+len+1 > 4096) {
+ /* grab a new slab to throw this onto */
+ dte_type_names = kmem_cache_alloc(dte_type_cache,GFP_KERNEL);
+ if (!dte_type_names) {
+ printk(KERN_NOTICE "dte_add_typename: insufficient memory for names.\n");
+ return 0;
+ }
+ sizeof_dte_types = 0;
+ }
+ sizeof_dte_types += len+1;
+ if (num_dte_types > 2048) {
+ printk(KERN_NOTICE "2048 types? MY LORD! Sorry, the dte_types array\n");
+ printk(KERN_NOTICE "doesn't expand (yet). No more types possible.\n");
+ return 0;
+ }
+ dte_types[num_dte_types++] = dte_type_names;
+ while (s<e) {
+ *dte_type_names = *s;
+ dte_type_names++;
+ s++;
+ }
+ sizeof_dte_types += len+1;
+ *dte_type_names = '\0';
+ dte_type_names++;
+ return 1;
+}
+
+static char *dte_add_pathname(char *s, char *e)
+{
+ int len = e-s;
+ int i=0;
+
+ /* avoid duplicates */
+ while (i<num_dte_paths) {
+ if (strcmp_c(dte_paths[i],s,e)==0)
+ return dte_paths[i];
+ i++;
+ }
+
+ if (sizeof_dte_paths+len+1 > 4096) {
+ /* grab a new slab to throw this onto */
+ dte_path_names = kmem_cache_alloc(dte_path_cache,GFP_KERNEL);
+ if (!dte_path_names) {
+ printk(KERN_NOTICE "dte_add_pathname: insufficient memory for names.\n");
+ return NULL;
+ }
+ sizeof_dte_paths = 0;
+ }
+ sizeof_dte_paths += len+1;
+ if (num_dte_paths > 2048) {
+ printk(KERN_NOTICE "2048 paths? MY LORD! Sorry, the dte_paths array\n");
+ printk(KERN_NOTICE "doesn't expand (yet). No more paths possible.\n");
+ return NULL;
+ }
+ dte_paths[num_dte_paths++] = dte_path_names;
+ while (s<e) {
+ *dte_path_names = *s;
+ dte_path_names++;
+ s++;
+ }
+ sizeof_dte_paths += len+1;
+ *dte_path_names = '\0';
+ dte_path_names++;
+ return dte_paths[num_dte_paths-1];
+}
+
+static int dte_add_domain(char *s, char *e)
+{
+ struct dte_domain_t *d;
+ char *c;
+
+ d = dte_domains[num_dte_domains] = kmem_cache_alloc(dte_domain_cache,
+ GFP_KERNEL);
+ if (!d)
+ panic("dte_add_domain: out of memory.\n");
+ c = d->name = kmalloc(e-s+1,GFP_KERNEL);
+ if (!c)
+ panic("dte_add_domain: out of memory (name).\n");
+ d->namelen = (e-s);
+ while (s<e)
+ *c++ = *s++;
+ *c = '\0';
+ d->num_ep = d->num_ta = d->num_ea = d->num_sa = d->num_gw = 0;
+ d->ep = NULL;
+ d->ta = NULL;
+ d->ea = NULL;
+ d->sa = NULL;
+ d->gw = NULL;
+ d->hash_next = NULL;
+ num_dte_domains++;
+ return 1;
+}
+
+static struct dte_domain_t *dte_get_domain(char *c, char *ce)
+{
+ struct dte_domain_t *d;
+ int len = ce-c;
+ int h;
+
+ h = dte_hash_c(c,ce,num_dte_domains);
+ if (h<0 || h>num_dte_domains)
+ return NULL;
+ d = dte_domains[h];
+ if (!d)
+ return NULL;
+ while (d->hash_next && (strncmp(d->name,c,len) || d->namelen!=len))
+ d = d->hash_next;
+ if (strncmp(d->name,c,len) || d->namelen!=len)
+ return NULL;
+ return d;
+}
+
+/* this is only called at boot, so not too worried about speed */
+/* hey wait - that's no longer true! It's called from setup_eafile*/
+/*
+ * TODO
+ * will have to sort or hash these now!
+ * */
+char *dte_get_type(char *c, char *ce)
+{
+ int i;
+
+ for (i=0; i<num_dte_types; i++) {
+ if (!strcmp_c(dte_types[i], c, ce))
+ return dte_types[i];
+ }
+ return 0;
+}
+
+static void sort_domains(void)
+{
+ int i, lo, h, nd=num_dte_domains;
+ struct dte_domain_t **d, *t;
+
+ d = (struct dte_domain_t **)kmalloc(nd*sizeof(struct dte_domain_t *),GFP_KERNEL);
+ if (!d)
+ panic("sort_domains: out of memory.\n");
+
+ for (i=0; i<nd; i++) {
+ d[i] = dte_domains[i];
+ dte_domains[i] = NULL;
+ }
+ /* lo keeps the lowest dte_domain which might be null */
+ /* used only in case of hash collisions */
+ lo = 0;
+ for (i=0; i<nd; i++) {
+ h = dte_hash(d[i]->name, nd);
+ if (dte_domains[h]) {
+ /* hash collision */
+ while (dte_domains[lo])
+ lo++;
+ dte_domains[lo] = d[i];
+ lo++;
+ t = dte_domains[h];
+ while (t->hash_next) {
+ t = t->hash_next;
+ }
+ t->hash_next = d[i];
+ } else
+ dte_domains[h] = d[i];
+ }
+ kfree(d);
+}
+
+/*
+ * set up the gateways for auto switches
+ * in 2.3.28, we then removed the auto ea's from domain->ea.
+ * since we've already set up hashes, and since the overhead
+ * of having the ea's seems minimal, maybe we should just
+ * keep them in there?
+ *
+ * The easiest alternative would be to switch the policy language
+ * to separate autos from execs. Maybe I should do that?
+ */
+int dte_setup_gateways(void)
+{
+ struct dte_domain_t *d;
+ struct dte_ep *ep;
+ struct dte_gateway *gw;
+ int h, i, j, k, lo, n;
+
+ for (i=0; i<num_dte_domains; i++) {
+ d = dte_domains[i];
+ /* calculate number of gateways */
+ for (j=0; j<d->num_ea; j++)
+ if (d->ea[j].access == DTE_AUTO)
+ d->num_gw += d->ea[j].other_domain->num_ep;
+ /* allocate the space */
+ d->gw = kmalloc(d->num_gw * sizeof(struct dte_gateway), GFP_KERNEL);
+ if (!d->gw) {
+ panic("dte gateway setup: out of memory.\n");
+ }
+ memset(d->gw,0,d->num_gw * sizeof(struct dte_gateway));
+ /* set up the hash table
+ * note that auto access to two domains which share an entry point
+ * amounts to undefined (well, defined by hash function behavior)
+ * behavior. This will be warned against by the policy setup GUI
+ */
+ lo = 0;
+ for (j=0; j<d->num_ea; j++)
+ if (d->ea[j].access == DTE_AUTO) {
+ ep = d->ea[j].other_domain->ep;
+ n = d->ea[j].other_domain->num_ep;
+ for (k=0; k<n; k++) {
+ h = dte_hash(ep[k].type, d->num_gw);
+ gw = &d->gw[h];
+ while (gw->type && gw->hash_next)
+ gw = gw->hash_next;
+ if (gw->type) {
+ while (d->gw[lo].type)
+ lo++;
+ /* d->gw[lo] = kmem_cache_alloc();*/
+ gw->hash_next = &d->gw[lo];
+ /* lo++;*/
+ d->gw[lo].type = ep[k].type;
+ d->gw[lo].domain = d->ea[j].other_domain;
+ d->gw[lo].hash_next = NULL;
+ lo++;
+ } else {
+ d->gw[h].type = ep[k].type;
+ d->gw[h].domain = d->ea[j].other_domain;
+ d->gw[h].hash_next = NULL;
+ }
+ }
+ }
+ }
+ return 1;
+}
+
+#ifdef CONFIG_DTE_VERBOSE
+static void dte_show_assigns(struct dte_map_node *n, int tab)
+{
+ int i;
+ char line[40];
+
+ if (!n) return;
+ for (i=0; i<tab && i<39; i++)
+ line[i] = ' ';
+ line[i]='\0';
+ printk(KERN_NOTICE "%sname: %s len %d\n",line,n->name,n->namelen);
+ printk(KERN_NOTICE "%setype: %s\n",line,n->etype ? n->etype : "");
+ printk(KERN_NOTICE "%sutype: %s\n",line,n->utype ? n->utype : "");
+ printk(KERN_NOTICE "%s%d children%c\n",line,n->num_kids,
+ n->num_kids ? ':' : '.');
+ for (i=0; i<n->num_kids; i++)
+ dte_show_assigns(n->kids[i],tab+2);
+}
+
+void show_dte(void)
+{
+ int i, j;
+ struct dte_domain_t *d;
+
+ printk("types:\n");
+ for (i=0; i<num_dte_types; i++)
+ printk("%s\n", dte_types[i]);
+ printk("paths:\n");
+ for (i=0; i<num_dte_paths; i++)
+ printk("%s\n", dte_paths[i]);
+ printk("domains:\n");
+ for (i=0; i<num_dte_domains; i++) {
+ d = dte_domains[i];
+ printk("domain %d is %s.\n", i, d->name);
+ printk(" %d entry points: ", d->num_ep);
+ for (j=0; j<d->num_ep; j++)
+ printk("%s ", d->ep[j].type);
+ printk("\n");
+ printk(" %d type accesses: ", d->num_ta);
+ for (j=0; j<d->num_ta; j++)
+ printk("%d->%s ",(int)d->ta[j].access, d->ta[j].type);
+ printk("\n");
+ printk(" %d domain access: ",d->num_ea);
+ for (j=0; j<d->num_ea; j++)
+ printk("%d->%s ",(int)d->ea[j].access, d->ea[j].other_domain->name);
+ printk("\n");
+ printk(" %d gateways: ",d->num_gw);
+ for (j=0; j<d->num_gw; j++) {
+ printk("j is %d.\n", j);
+ if (!d->gw) printk("gateway array null.\n");
+ if (!d->gw[j].domain) printk("gateway's domain is null.\n");
+ if (!d->gw[j].domain->name) printk("gw.domain->name is null.\n");
+ printk("%s->%s ",d->gw[j].type, d->gw[j].domain->name);
+ }
+ printk("\n");
+ printk(" %d signals: ",d->num_sa);
+ for (j=0; j<d->num_sa; j++)
+ printk("%d->%s ",d->sa[j].signal,
+ (d->sa[j].recv_domain==d) ? "all" : d->sa[j].recv_domain->name);
+ printk("\n\n");
+ }
+ printk("Type assignments:\n");
+ dte_show_assigns(dte_root_mapnode,2);
+}
+#endif
+
+/*
+ * fill up the buffer from file. We save the current data sitting
+ * after stat->blin, so the first line will be complete.
+ *
+ * Since we might be in the middle of reading a line, we set
+ * stat->mark to the previous end of buffer, so we can continue
+ * at mark+1.
+ * tmplen is the size from start of last line to end of buffer (before read)
+ * newlen is numchars read in
+ */
+static int dte_fread_buf(struct dte_fdata *stat)
+{
+ mm_segment_t *fs;
+ int i, tmplen, newlen;
+
+ DTE_DEBUG("dte_fread_buf: starting.\n");
+ if (stat->blin == stat->buffer) {
+ printk(KERN_NOTICE "dte_fread_buf: error: current line is size of buffer.\n");
+ /* probably not the safest way to handle it, but gotta think what is: */
+ printk(KERN_NOTICE "skipping this line...\n");
+ stat->blin = stat->buffer+stat->buflen;
+ }
+ if (stat->elin > stat->blin)
+ tmplen = stat->elin-stat->blin;
+ else
+ tmplen=0;
+ fs = &get_fs();
+ set_fs(KERNEL_DS);
+ /* we assume stat.blin points to the beginning of the unfinished line */
+ /* memset(stat.buffer,0,4096);*/
+ for (i=0; i<tmplen; i++)
+ *(stat->buffer+i) = *(stat->blin+i);
+ stat->buflen = tmplen;
+ newlen = stat->fin->f_op->read(stat->fin,stat->buffer+tmplen,
+ 4096-tmplen, &stat->fin->f_pos);
+ stat->numbufs++;
+ if (newlen <= 4096-tmplen) {
+ stat->eof = 1;
+ if (newlen<=0)
+ return 0;
+ }
+ stat->buflen += newlen;
+ set_fs(*fs);
+ stat->blin = stat->buffer;
+ stat->mark = stat->buffer+tmplen;
+ DTE_DEBUG("dte_fread_buf: done.\n");
+ return 1;
+}
+
+/*
+ * puts stat.elin at the end of the line started with stat.blin
+ * skips blank lines or comments
+ * comments are not allowed to begin mid-line
+ * returns 0 if the line is incomplete (iow more of the file needs
+ * to be read into stat.buffer)
+ */
+static int dte_find_endline(struct dte_fdata *stat)
+{
+ char c;
+ int reread = 0;
+
+start:
+ stat->elin = stat->blin;
+ c = *(stat->elin);
+ while (c==' ' || c=='\t') {
+ if (stat->elin >= stat->buffer+stat->buflen) {
+ if (reread)
+ return 0;
+ if (!dte_fread_buf(stat)) {
+ printk(KERN_NOTICE "dte_find_endline: premature end of file.\n");
+ return 0;
+ }
+ reread++;
+ stat->elin = stat->mark;
+ }
+ c = *(++stat->elin);
+ }
+ if (c=='#' || c=='\n') {
+ /* go to start of next line */
+ while (c!='\n') {
+ if (stat->elin >= stat->buffer+stat->buflen) {
+ if (reread)
+ return 0;
+ if (!dte_fread_buf(stat)) {
+ printk(KERN_NOTICE "dte_find_endline: premature end of file.\n");
+ return 0;
+ }
+ reread++;
+ stat->elin = stat->mark;
+ }
+ c = *(++stat->elin);
+ }
+ stat->blin = stat->elin+1;
+ goto start;
+ }
+
+ while (c!='\n') {
+ if (stat->elin >= stat->buffer+stat->buflen) {
+ if (reread)
+ return 0;
+ if (!dte_fread_buf(stat)) {
+ printk(KERN_NOTICE "dte_find_endline: premature end of file.\n");
+ return 0;
+ }
+ reread++;
+ stat->elin = stat->mark;
+ }
+ c = *(++stat->elin);
+ }
+ return 1;
+}
+
+/*
+* places stat->elin at true eol, and makes sure the whole line is read
+* into the buffer in the process.
+*
+* true eol here means we take into account '\'.
+*
+* also sets blin if the incoming blin was for a comment line
+*/
+static int dte_find_true_eol(struct dte_fdata *stat)
+{
+ char c;
+ int reread = 0;
+
+start:
+ stat->elin = stat->blin;
+ c = *(stat->elin);
+ while (c==' ' || c=='\t') {
+ if (stat->elin >= stat->buffer+stat->buflen) {
+ if (reread)
+ return 0;
+ if (!dte_fread_buf(stat)) {
+ printk(KERN_NOTICE "findtrueeol: premature end of file.\n");
+ return 0;
+ }
+ reread++;
+ stat->elin = stat->mark;
+ }
+ c = *(++stat->elin);
+ }
+ if (c=='#' || c=='\n') {
+ /* go to start of next line */
+ while (c!='\n') {
+ if (stat->elin >= stat->buffer+stat->buflen) {
+ if (reread)
+ return 0;
+ if (!dte_fread_buf(stat)) {
+ printk(KERN_NOTICE "findtrueeol: premature end of file.\n");
+ return 0;
+ }
+ reread++;
+ stat->elin = stat->mark;
+ }
+ c = *(++stat->elin);
+ }
+ stat->blin = stat->elin+1;
+ goto start;
+ }
+
+ /* no comments allowed between '\'-connected lines */
+ while (1) {
+ while (c!='\n' && c!='\\') {
+ if (stat->elin >= stat->buffer+stat->buflen) {
+ if (reread)
+ return 0;
+ if (!dte_fread_buf(stat)) {
+ printk(KERN_NOTICE "findtrueeol: premature end of file.\n");
+ return 0;
+ }
+ reread++;
+ stat->elin = stat->mark;
+ }
+ c = *(++stat->elin);
+ }
+ if (c=='\n')
+ return 1;
+ /* find end of this line, go to first char on next line */
+ while (c!='\n') {
+ if (stat->elin >= stat->buffer+stat->buflen) {
+ if (reread)
+ return 0;
+ if (!dte_fread_buf(stat)) {
+ printk(KERN_NOTICE "findtrueeol: premature end of file.\n");
+ return 0;
+ }
+ reread++;
+ stat->elin = stat->mark;
+ }
+ c = *(++stat->elin);
+ }
+ c = *(++stat->elin);
+ }
+}
+
+
+static int read_types(struct dte_fdata *stat)
+{
+ char *c, *ce;
+
+ stat->state = DTE_STATE_TYPES;
+ c = stat->blin;
+ dte_find_true_eol(stat);
+ /* we know there are now no comments, full line is in buffer, and
+ * stat->elin is eol after all '\'-connected lines. */
+ while (*c==' ' || *c=='\t') c++;
+ if (strncmp(c,"types ",6))
+ return -1;
+ c += 6;
+ while (1) {
+ while (*c==' ' || *c=='\t') c++;
+ if (*c=='\n') {
+ stat->blin = stat->elin+1;
+ stat->state = DTE_STATE_DOMAINS;
+ /* done reading types */
+ return 1;
+ }
+ ce = c;
+ while (*ce!='\\' && *ce!=' ' && *ce!='\t' && *ce!='\n')
+ ce++;
+ if (c!=ce) {
+ /* regardless what ce is, there's a word between c and ce-1 */
+ if (!dte_add_typename(c,ce)) {
+ *ce='\0';
+ printk(KERN_NOTICE "at typename %s.\n", c);
+ panic("Error adding typename.\n");
+ }
+ }
+ if (*ce=='\\') {
+ /* continue on the next line */
+ do { ce++;} while (*ce!='\n');
+ } else if (*ce=='\n') {
+ /* end of line, end of types */
+ if (ce!=stat->elin) {
+ panic("bad input on types line.\n");
+ }
+ /* set up for the next stuff to be read in */
+ stat->blin = stat->elin+1;
+ stat->state = DTE_STATE_DOMAINS;
+ /* done reading types */
+ return 1;
+ }
+ c = ce+1;
+ }
+ /* not reached */
+}
+
+static int read_domains(struct dte_fdata *stat)
+{
+ char *c, *ce;
+
+ if (stat->state != DTE_STATE_DOMAINS)
+ panic("domains line out of order in /etc/dte.conf.\n");
+
+ c = stat->blin;
+ dte_find_true_eol(stat);
+ /* we know there are now no comments, full line is in buffer, and
+ * stat->elin is eol after all '\'-connected lines. */
+ while (*c==' ' || *c=='\t') c++;
+ if (strncmp(c,"domains ",6))
+ return -1;
+ c += 8;
+ while (1) {
+ while (*c==' ' || *c=='\t') c++;
+ if (*c=='\n') {
+ stat->blin = stat->elin+1;
+ stat->state = DTE_STATE_DEFS;
+ return 1;
+ }
+ ce = c;
+ while (*ce!='\\' && *ce!=' ' && *ce!='\t' && *ce!='\n')
+ ce++;
+ if (c!=ce) {
+ /* regardless what ce is, there's a word between c and ce-1 */
+ if (!dte_add_domain(c,ce)) {
+ *ce = '\0';
+ printk(KERN_NOTICE "At domain %s.\n", c);
+ panic("Error adding domain name.\n");
+ }
+ }
+ if (*ce=='\\') {
+ /* continue on the next line */
+ do { ce++; } while (*ce!='\n');
+ } else if (*ce=='\n') {
+ /* end of line, end of types */
+ if (ce!=stat->elin)
+ panic("bad input on domains line.\n");
+ /* set up for the next stuff to be read in */
+ stat->blin = stat->elin+1;
+ stat->state = DTE_STATE_DEFS;
+ return 1;
+ }
+ c = ce+1;
+ }
+ /* not reached */
+}
+
+static int read_def_d(struct dte_fdata *stat)
+{
+ char *c, *ce;
+
+ c = stat->blin;
+ while (*c==' ' || *c=='\t')
+ c++;
+ if (strncmp(c,"default_d ",10))
+ panic ("read_def_d: no default domain here!\n");
+
+ c += 10;
+ while (*c==' ' || *c=='\t')
+ c++;
+ ce = c;
+ while (*ce!=' ' && *ce!='\t' && *ce!='\n')
+ ce++;
+ dte_init_domain = dte_get_domain(c,ce);
+ if (!dte_init_domain) {
+ *ce = '\0';
+ printk(KERN_NOTICE "at default domain: %s.\n", c);
+ panic("Bad default domain: does not exist.\n");
+ }
+ default_domain = dte_init_domain;
+ stat->blin = stat->elin+1;
+ return 1;
+}
+
+static int read_def_t(struct dte_fdata *stat, int w)
+{
+ char *c, *ce, *t;
+
+ c = stat->blin;
+ while (*c==' ' || *c=='\t')
+ c++;
+ if (strncmp(c,"default_",8) || *(c+9)!='t')
+ panic ("read_def_t: no default type here!\n");
+
+ c += 11;
+ while (*c==' ' || *c=='\t')
+ c++;
+ ce = c;
+ while (*ce!=' ' && *ce!='\t' && *ce!='\n')
+ ce++;
+ t = dte_get_type(c,ce);
+
+ if (!num_dte_map_nodes) {
+ dte_root_mapnode = kmem_cache_alloc(dte_map_cache, GFP_KERNEL);
+ num_dte_map_nodes++;
+ dte_root_mapnode->name = kmalloc(2,GFP_KERNEL);
+ sprintf(dte_root_mapnode->name, "/");
+ dte_root_mapnode->namelen = 1;
+ dte_root_mapnode->etype = NULL;
+ dte_root_mapnode->utype = NULL;
+ dte_root_mapnode->num_kids = 0;
+ dte_root_mapnode->hash_next = NULL;
+ dte_root_mapnode->kids = NULL;
+ }
+
+ switch (w) {
+ case 1: dte_root_mapnode->etype = t;
+ DTE_DEBUG2("dte_root_etype set to %s.\n",t);
+ break;
+ case 2: dte_root_mapnode->utype = t;
+ DTE_DEBUG2("dte_root_utype set to %s.\n",t);
+ break;
+ case 3: dte_root_mapnode->etype = dte_root_mapnode->utype = t;
+ DTE_DEBUG2("dte_root_rtype set to %s.\n",t);
+ break;
+ default: printk(KERN_NOTICE "read_def_t: this can't be. w!={1,2,3}.\n");
+ return 0;
+ }
+ stat->blin = stat->elin+1;
+ stat->state = DTE_STATE_SPECD; /* might be one more def_t, that's ok */
+ return 1;
+}
+
+static unsigned char dte_convert_ta(char c)
+{
+ switch(c) {
+ default : return 0;
+ case 'R':
+ case 'r': return (unsigned char) DTE_FR;
+ case 'W':
+ case 'w': return (unsigned char) DTE_FW;
+ case 'x':
+ case 'X': return (unsigned char) DTE_FX;
+ case 'a':
+ case 'A': return (unsigned char) DTE_FA;
+ case 'd': /* d: directory descend */
+ case 'D': return (unsigned char) DTE_DX;
+ case 'c':
+ case 'C': return (unsigned char) DTE_DW;
+ case 'l': /* l: as in ls - yeah, i'm reaching */
+ case 'L': return (unsigned char) DTE_DR;
+ }
+}
+
+#define DTE_P_ERR(which) printk(KERN_NOTICE \
+ "read_specd: no opening paren for %s.\n",which);
+
+#define MEM_ERROR(which) printk(KERN_NOTICE \
+ "read_specd: insufficent memory for %s.\n",which);
+
+#define DTE_W_ERR(wnum,wdom) printk(KERN_NOTICE \
+ "read_specd: wrong number of %s specified for domain %s.\n",\
+ wnum,wdom);
+
+static int read_specd(struct dte_fdata *stat)
+{
+ char *c, *ce;
+ int h, n, p, w;
+ int lo, state=0;
+ struct dte_domain_t *d;
+ int have_num;
+
+ dte_find_true_eol(stat);
+ c = stat->blin;
+ while (*c==' ' || *c=='\t')
+ c++;
+ if (strncmp(c,"spec_domain ",12)) {
+ /* debug */
+ int i;
+ printk(KERN_NOTICE "\nHere's the current line:\n");
+ for (i=0; i<20; i++)
+ printk(KERN_NOTICE "%c", *(c+i));
+ printk(KERN_NOTICE "\n\n");
+ panic("read_specd: no domain spec here...\n");
+ }
+
+ w = lo = p = 0;
+ d = NULL;
+ c += 12;
+ have_num=0;
+ while (state < 5) {
+ /* first the domain name being defined */
+ while (*c==' ' || *c=='\t')
+ c++;
+ if (*c=='\\') {
+ do {c++;} while (*c!='\n');
+ c++;
+ continue;
+ }
+ if (state>0 && *c==')') {
+ switch(state) {
+ default: break;
+ case 1: if (w!=d->num_ep) {
+ DTE_W_ERR("entry points",d->name);
+ panic("domain_spec\n");
+ }
+ break;
+ case 2: if (w!=d->num_ta) {
+ DTE_W_ERR("type accesses",d->name);
+ panic("domain_spec\n");
+ }
+ break;
+ case 3: if (w!=d->num_ea) {
+ DTE_W_ERR("domain accesses",d->name);
+ panic("domain_spec\n");
+ }
+ break;
+ case 4: if (w!=d->num_sa) {
+ DTE_W_ERR("signal accesses",d->name);
+ panic("domain_spec\n");
+ }
+ break;
+ }
+ state++;
+ c++;
+ have_num = p = 0;
+ continue;
+ }
+ if (*c=='(') {
+ if (p) {
+ panic("read_specd: unmatched '('.\n");
+ }
+ if (state==0)
+ /* easier to have it always or never allowed, and unnecessary */
+ panic("read_specd: no '(' for spec_domain name.\n");
+ p++;
+ c++;
+ continue;
+ }
+ switch(state) {
+ /* We're sure now that c sits on first char of next valid word */
+ case 0: ce = c;
+ while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+ ce++;
+ d = dte_get_domain(c,ce);
+ if (!d) {
+ *ce = '\0';
+ printk(KERN_NOTICE "domain %s.\n", c);
+ panic("dte_specd: invalid domain.\n");
+ }
+ c = ce; /* ce is the char *after* word. */
+ state++;
+ break;
+
+ case 1: ce = c;
+ if (!p) DTE_P_ERR("entry points");
+ while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+ ce++;
+ if (!have_num) {
+ n = atoi(c,ce);
+ d->num_ep = n;
+ d->ep = (struct dte_ep*) kmalloc(n*sizeof(struct dte_ep),
+ GFP_KERNEL);
+ if (!d->ep) {
+ MEM_ERROR("entry points");
+ panic("domain_spec\n");
+ }
+ memset(d->ep,0,n*sizeof(struct dte_ep));
+ lo = w = 0; /* w is which one is being defined */
+ have_num++;
+ c = ce;
+ } else {
+ struct dte_ep *e;
+ char *t;
+
+ if (w >= d->num_ep) {
+ DTE_W_ERR("entry points",d->name);
+ panic("domain_spec\n");
+ }
+ t = dte_get_type(c,ce);
+ if (!t) {
+ *ce = '\0';
+ printk(KERN_NOTICE "at domain %s gateway %s.\n",
+ d->name, c);
+ panic("domain_spec\n");
+ }
+ h = dte_hash(t,d->num_ep);
+ e = &d->ep[h];
+ while (e->type && e->hash_next)
+ e = e->hash_next;
+ if (e->type) {
+ while (d->ep[lo].type) lo++;
+ d->ep[lo].type = t;
+ e->hash_next = &d->ep[lo];
+ lo++;
+ } else
+ e->type = t;
+ w++;
+ c = ce;
+ }
+ break;
+ case 2: ce = c;
+ if (!p) DTE_P_ERR("type access specs");
+ while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+ ce++;
+ if (!have_num) {
+ n = atoi(c,ce);
+ d->num_ta = n;
+ d->ta = (struct dte_ta*) kmalloc(n*sizeof(struct dte_ta),
+ GFP_KERNEL);
+ if (!d->ta) {
+ MEM_ERROR("entry points");
+ panic("domain_spec\n");
+ }
+ memset(d->ta,0,n*sizeof(struct dte_ta));
+ have_num++;
+ lo = w = 0; /* w is which one is being defined */
+ c = ce;
+ } else {
+ struct dte_ta *ta;
+ char *t;
+ unsigned char access = 0;
+
+ if (w >= d->num_ta) {
+ DTE_W_ERR("type access",d->name);
+ panic("domain_spec\n");
+ }
+ /* must be exactly:
+ * rwx->typename (rwx can be any type access combo)
+ */
+ while (*c!='-') {
+ access |= dte_convert_ta(*c);
+ c++;
+ }
+ c += 2; /* get passed '->' */
+ t = dte_get_type(c,ce);
+ if (!t) {
+ printk(KERN_NOTICE "bad type in domain spec %s.\n",
+ d->name);
+ panic("domain_spec\n");
+ }
+ h = dte_hash(t,d->num_ta);
+ ta = &d->ta[h];
+ while (ta->type && ta->hash_next)
+ ta = ta->hash_next;
+ if (ta->type) {
+ while (d->ta[lo].type) lo++;
+ d->ta[lo].type = t;
+ d->ta[lo].access = access;
+ ta->hash_next = &d->ta[lo];
+ lo++;
+ } else {
+ ta->type = t;
+ ta->access = access;
+ }
+ w++;
+ c = ce;
+ }
+ break;
+ case 3: ce = c;
+ if (!p) DTE_P_ERR("domain access specs");
+ if (!have_num) {
+ while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+ ce++;
+ n = atoi(c,ce);
+ d->num_ea = n;
+ d->ea = (struct dte_ea*) kmalloc(n*sizeof(struct dte_ea)
+ ,GFP_KERNEL);
+ if (!d->ea) {
+ MEM_ERROR("domain access");
+ panic("domain_spec\n");
+ }
+ memset(d->ea,0,n*sizeof(struct dte_ea));
+ have_num++;
+ c = ce;
+ lo = w = 0;
+ } else {
+ struct dte_ea *ea;
+ struct dte_domain_t *dest;
+ unsigned char access;
+
+ if (w >= d->num_ea) {
+ DTE_W_ERR("domain access",d->name);
+ panic("domain_spec\n");
+ }
+ /* first comes 'exec' or 'auto' */
+ ce = c;
+ while (*ce!='-') ce++;
+ if (!strncmp(c,"exec",4) && (ce-c==4))
+ access = DTE_EXEC;
+ else access = DTE_AUTO;
+ c = ce += 2;
+ while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+ ce++;
+ dest = dte_get_domain(c,ce);
+ if (!dest) {
+ printk(KERN_NOTICE "bad d in domain accesses for %s.\n",
+ d->name);
+ panic("fatal...\n");
+ }
+ h = dte_hash(dest->name,d->num_ea);
+ ea = &d->ea[h];
+ while (ea->other_domain && ea->hash_next)
+ ea = ea->hash_next;
+ if (ea->other_domain) {
+ while (d->ea[lo].other_domain) lo++;
+ d->ea[lo].other_domain = dest;
+ d->ea[lo].access = access;
+ ea->hash_next = &d->ea[lo];
+ lo++;
+ } else {
+ ea->other_domain = dest;
+ ea->access = access;
+ }
+ w++;
+ c = ce;
+ }
+ break;
+ case 4: ce = c;
+ if (!p) DTE_P_ERR("signal access specs");
+ if (!have_num) {
+ while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+ ce++;
+ n = atoi(c,ce);
+ d->num_sa = n;
+ d->sa = (struct dte_sa*) kmalloc(n*sizeof(struct dte_sa),
+ GFP_KERNEL);
+ if (!d->sa) {
+ MEM_ERROR("signal access");
+ panic("domain_spec\n");
+ }
+ memset(d->sa,0,n*sizeof(struct dte_sa));
+ lo = w = 0;
+ c = ce;
+ have_num++;
+ } else {
+ struct dte_sa *sa;
+ struct dte_domain_t *dest;
+ int signal;
+
+ if (w >= d->num_sa) {
+ DTE_W_ERR("signal access",d->name);
+ panic("domain_spec\n");
+ }
+ ce = c;
+ while (*ce!='-') ce++;
+ signal = atoi(c,ce);
+ c = ce +=2;
+ while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+ ce++;
+ if (*c!='0' || ce-c>1) {
+ dest = dte_get_domain(c,ce);
+ if (!dest || dest==d) {
+ printk(KERN_NOTICE "bad d in signal access for %s.\n",
+ d->name);
+ panic("domain_spec\n");
+ }
+ } else
+ dest = d;
+ h = dte_hash(dest->name, d->num_sa);
+ sa = &d->sa[h];
+ while (sa->recv_domain && sa->hash_next)
+ sa = sa->hash_next;
+ if (sa->recv_domain) {
+ while (d->sa[lo].recv_domain) lo++;
+ d->sa[lo].recv_domain = dest;
+ d->sa[lo].signal = signal;
+ sa->hash_next = &d->sa[lo];
+ lo++;
+ } else {
+ sa->recv_domain = dest;
+ sa->signal = signal;
+ }
+ w++;
+ c = ce;
+ }
+ break;
+ default: printk("bad case.\n");
+ panic("domain_spec\n");
+ break;
+ }
+ }
+
+ stat->blin = stat->elin+1;
+ return 1;
+}
+
+/* format of ta:
+* assign -X type path1 path2 ... pathn
+* where x is e,r or u. no combos.
+* line may be split by \
+ */
+static int read_ta(struct dte_fdata *stat)
+{
+ char *t, *c, *ce;
+ char *p;
+ char assign;
+ struct dte_map_node *tmpmap;
+
+ dte_find_true_eol(stat);
+ c = stat->blin;
+ while (*c==' ' || *c=='\t')
+ c++;
+ if (strncmp(c,"assign ",7))
+ panic("read_ta: no type assign here...\n");
+
+ while (*c!='-') c++;
+ c++;
+ assign = *c;
+ ce = c += 2;
+
+ while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+ ce++;
+
+ t = dte_get_type(c,ce);
+ if (!t) {
+ ce = '\0';
+ panic("dte: bad type %s in type assignment.\n", c);
+ }
+
+ while (1) {
+ c = ce;
+ while (*c==' ' || *c == '\t') c++;
+ if (*c=='\n') {
+ stat->blin = stat->elin+1;
+ return 1;
+ }
+ if (*c=='\\') {
+ do {c++;} while (*c!='\n');
+ c++;
+ continue;
+ }
+ ce = c;
+
+ while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+ ce++;
+ p = dte_add_pathname(c,ce);
+
+ tmpmap = dte_find_map_node_create(p);
+ if (!tmpmap)
+ panic("This shouldn't happen: couldn't creat map node for %s.\n",p);
+
+ switch(assign) {
+ case 'e': tmpmap->etype = t; break;
+ case 'u': tmpmap->utype = t; break;
+ default : tmpmap->etype = tmpmap->utype = t;
+ break;
+ }
+
+ c = ce;
+ }
+}
+
+int read_mntr(struct dte_fdata *stat)
+{
+ char *c, *ce;
+ char how;
+ int maj, min;
+ struct dte_mntr *r;
+ int len;
+
+ DTE_DEBUG("read_mntr: starting.\n");
+ dte_find_true_eol(stat);
+ c = stat->blin;
+ while (*c==' ' || *c=='\t')
+ c++;
+ if (!strncmp(c,"pretend ",8))
+ how = 'p';
+ else if (!strncmp(c,"restrict ",9))
+ how = 'r';
+ else {
+ printk(KERN_NOTICE "read_mntr: no mount restriction here...\n");
+ return 0;
+ }
+ while (*c!=' ' && *c!='\t')
+ c++;
+ while (*c==' ' || *c=='\t')
+ c++;
+ /*
+ * in this case, we'll always be comparing copies of path/dev names,
+ * so we'll never be able to compare by array offsets. So we just
+ * allocate mem for device names right here
+ *
+ * we don't allow '\' to split lines in this case - shouldn't really be
+ * necessary...
+ *
+ * First, get device:
+ */
+ while (*c==' ' && *c=='\t') c++;
+ ce = c;
+ while (*ce!=' ' && *ce!='\t') ce++;
+ maj = atoi(c,ce);
+ c=++ce;
+ while (*c==' ' && *c=='\t') c++;
+ ce = c;
+ while (*ce!=' ' && *ce!='\t') ce++;
+ min = atoi(c,ce);
+
+ /* grab a mntr struct from cache */
+ r = kmem_cache_alloc(dte_mntr_cache, GFP_KERNEL);
+ if (!r)
+ DTE_NO_MEM("dte_read_mntr");
+ r->maj = (unsigned char)maj;
+ r->min = (unsigned char)min;
+ sprintf(r->summ, "%3d,%3d",maj,min);
+
+ c = ++ce;
+ while (*c==' ' || *c=='\t')
+ c++;
+ ce = c;
+ while (*ce!=' ' && *ce!='\t' && *ce!='\n' && *ce!='\0')
+ ce++;
+ len = ce-c;
+ r->path = (char *)kmalloc(NAME_ALLOC_LEN(len), GFP_KERNEL);
+ if (!r->path)
+ DTE_NO_MEM("dte_read_mntr");
+ memcpy(r->path,c,len);
+ r->path[len] = 0;
+
+ r->how = how;
+ num_dte_mount_r++;
+ r->hash_next = dte_mount_r[0];
+ dte_mount_r[0] = r;
+
+ stat->blin = stat->elin+1;
+
+ DTE_DEBUG("read_mntr: returning.\n");
+ return 1;
+}
+
+/*
+ * read_dte_config: read the config file.
+ */
+int read_dte_config(void)
+{
+ struct dte_fdata stat;
+ char *c;
+ int line = 0;
+
+ /* initialization of variables and memcaches */
+ num_dte_domains = 0;
+ printk(KERN_NOTICE "before kmalloc\n");
+ dte_domains = kmalloc(8192,GFP_KERNEL);
+ printk(KERN_NOTICE "after kmalloc\n");
+ dte_type_cache = kmem_cache_create("dte_type_names",4096,0,0,NULL,NULL);
+ printk(KERN_NOTICE "after kmem_cache_create\n");
+ dte_path_cache = kmem_cache_create("dte_path_names",4096,0,0,NULL,NULL);
+ dte_domain_cache = kmem_cache_create("dte_domains",sizeof(struct dte_domain_t),
+ 0,0,NULL,NULL);
+ dte_ep_cache = kmem_cache_create("dte_ep_cache",sizeof(struct dte_ep),
+ 0,0,NULL,NULL);
+ dte_ea_cache = kmem_cache_create("dte_ea_cache",sizeof(struct dte_ea),
+ 0,0,NULL,NULL);
+ dte_sa_cache = kmem_cache_create("dte_sa_cache",sizeof(struct dte_sa),
+ 0,0,NULL,NULL);
+ dte_map_cache = kmem_cache_create("dte_map_cache",sizeof(struct dte_map_node),
+ 0,0,NULL,NULL);
+ dte_mntr_cache = kmem_cache_create("dte_mount_r",sizeof(struct dte_mntr),
+ 0,0,NULL,NULL);
+ printk(KERN_NOTICE "after all kmem_cache_creates\n");
+ if (!dte_type_cache || !dte_path_cache || !dte_domain_cache || !dte_ep_cache
+ || !dte_ea_cache || !dte_sa_cache || !dte_map_cache
+ || !dte_mntr_cache || !dte_domains) {
+ printk(KERN_NOTICE "read_dte_config: insufficient memory for caches.\n");
+ return -ENOMEM;
+ }
+
+ num_dte_map_nodes = 0;
+ dte_root_mapnode = NULL;
+ num_dte_types = sizeof_dte_types = 0;
+ num_dte_paths = sizeof_dte_paths = 0;
+ dte_types = kmalloc(8192,GFP_KERNEL);/* this is just an array of pointers */
+ dte_paths = kmalloc(8192,GFP_KERNEL);/* into slabs coming from next two */
+ printk(KERN_NOTICE "before kmme_cache_alloc\n");
+ dte_type_names = kmem_cache_alloc(dte_type_cache,GFP_KERNEL);
+ printk(KERN_NOTICE "after kmme_cache_alloc\n");
+ dte_path_names = kmem_cache_alloc(dte_path_cache,GFP_KERNEL);
+ if (!dte_types || !dte_paths || !dte_type_names || !dte_path_names) {
+ printk(KERN_NOTICE "read_dte_config: insufficient memory for names.\n");
+ return -ENOMEM;
+ }
+ printk(KERN_NOTICE "after all kmem_cache_allocs\n");
+
+ printk(KERN_NOTICE "before filp_open\n");
+/* lock_kernel();*/
+ stat.fin = filp_open("/etc/dte.conf",00,O_RDONLY);
+/* unlock_kernel();*/
+ printk(KERN_NOTICE "after filp_open\n");
+ if (IS_ERR(stat.fin) || stat.fin==NULL)
+ panic( "Error opening /etc/dte.conf for reading.\n");
+
+ if (stat.fin->f_op==NULL || stat.fin->f_op->read==NULL)
+ panic("/etc/dte.conf or root fs not readable.\n");
+
+ stat.numbufs=0;
+ stat.fin->f_pos = 0;
+ stat.blin = stat.elin = stat.buffer+4095;
+ stat.buflen = stat.eof = 0;
+ dte_bitchmode = 0;
+
+ printk(KERN_NOTICE "before dte_fread_buf\n");
+ if (dte_fread_buf(&stat)!=1)
+ panic("Error reading dte policy file.\n");
+ printk(KERN_NOTICE "after dte_fread_buf\n");
+
+ while (stat.state != DTE_STATE_DONE &&
+ !(stat.eof && stat.blin >= stat.buffer+stat.buflen)) {
+
+ if (stat.blin >= stat.buffer+stat.buflen) {
+ /* end of file */
+ return 0;
+ }
+
+ dte_find_endline(&stat);
+ c = stat.blin;
+ while (*c==' ') c++;
+ if (strncmp(c,"types ",6)==0)
+ read_types(&stat);
+ else if (strncmp(c,"domains ",8)==0) {
+ read_domains(&stat);
+ sort_domains();
+ } else if (strncmp(c,"default_d ",10)==0)
+ read_def_d(&stat);
+ else if (strncmp(c,"default_et ",11)==0)
+ read_def_t(&stat,1);
+ else if (strncmp(c,"default_ut ",11)==0)
+ read_def_t(&stat,2);
+ else if (strncmp(c,"default_rt ",11)==0)
+ read_def_t(&stat,3);
+ else if (strncmp(c,"spec_domain ",12)==0)
+ read_specd(&stat);
+ else if (strncmp(c,"assign ",7)==0)
+ read_ta(&stat);
+ else if (strncmp(c,"pretend ",8)==0)
+ read_mntr(&stat);
+ else if (strncmp(c,"restrict ",9)==0)
+ read_mntr(&stat);
+ else if (strncmp(c,"bitch\n",6)==0) {
+ dte_bitchmode = 1;
+ stat.blin = stat.elin+1;
+ } else
+ panic("bad input line.\n");
+ line++;
+ }
+
+ fput(stat.fin);
+
+ return 1;
+}
diff --minimal -Nru a/security/dte/syscall.c b/security/dte/syscall.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/syscall.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,276 @@
+/*
+ * security/dte/syscall.c
+ *
+ * DTE security module functions. These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+extern int num_dte_domains;
+extern struct dte_domain_t **dte_domains;
+
+#define min(x,y) ( x<y ? x : y )
+/*
+ * for do_gettype: data is:
+ * 1. (char *) filename
+ * 2. (char *) buffer
+ * 3. (int) buflen
+ */
+struct dte_gt_struct {
+ char *fnam;
+ char *buf;
+ int buflen;
+};
+static long dte_do_gettype(void *data)
+{
+ struct dte_gt_struct gs;
+ char *fnam;
+ long err;
+ int len;
+ struct nameidata nd;
+ struct dte_inode_sec *s;
+
+ err = -EFAULT;
+ if (copy_from_user(&gs, data, sizeof(struct dte_gt_struct)))
+ goto out;
+ fnam = getname(gs.fnam);
+ err = PTR_ERR(fnam);
+ if (IS_ERR(fnam))
+ goto out;
+ err = 0;
+ if (path_init(fnam,LOOKUP_POSITIVE|LOOKUP_FOLLOW,&nd))
+ err = path_walk(fnam, &nd);
+ putname(fnam);
+ if (err)
+ goto out;
+
+ err = permission(nd.dentry->d_inode,MAY_READ);
+ if (err)
+ goto dput_and_out;
+
+ err = -ENOENT;
+ if (!nd.dentry->d_inode)
+ goto dput_and_out;
+ s = (struct dte_inode_sec *) nd.dentry->d_inode->i_security;
+ if (!s)
+ goto dput_and_out;
+ if (!s->etype) {
+ if (gs.buflen<10) {
+ copy_to_user(gs.buf, "no etype.", gs.buflen);
+ gs.buf[gs.buflen] = '\0';
+ } else
+ copy_to_user(gs.buf, "no etype.", 10);
+ goto dput_and_out;
+ }
+ len = min(strlen(s->etype)+1, gs.buflen-1);
+ if (copy_to_user(gs.buf, s->etype, len))
+ err = -EFAULT;
+ else {
+ err = 0;
+ /* gs.buf[len] = '\0';*/ /* just to be SURE */
+ }
+
+dput_and_out:
+ path_release(&nd);
+out:
+ return err;
+}
+
+struct dte_gd_struct {
+ unsigned int pid;
+ char *buf;
+ int buflen;
+};
+static long dte_do_getdomain(void *data)
+{
+ struct dte_gd_struct gd;
+ struct task_struct *p;
+ struct dte_task_sec *ts;
+ int err, len;
+
+ err = -EFAULT;
+ if (copy_from_user(&gd, data, sizeof(struct dte_gd_struct)))
+ goto out;
+ err = -1;
+ p = find_task_by_pid(gd.pid);
+ if (!p) goto out;
+ ts = p->security;
+ if (!ts || !ts->dte_domain) goto out;
+
+ err = -EFAULT;
+ len = min(strlen(ts->dte_domain->name)+1, gd.buflen-1);
+ if (!copy_to_user(gd.buf, ts->dte_domain->name, len)) {
+ err = 0;
+/* gd.buf[len] = '\0';*/
+ }
+
+out:
+ return err;
+}
+
+static int dte_may_exec_to(struct dte_domain_t *a, struct dte_domain_t *b)
+{
+ struct dte_ea *ea;
+ char *bn = b->name;
+ int h;
+
+ h = dte_hash(bn, a->num_ea);
+ ea = &a->ea[h];
+ while (ea->other_domain && strcmp(ea->other_domain->name, bn)!=0 &&
+ ea->hash_next)
+ ea = ea->hash_next;
+ if (ea->other_domain && strcmp(ea->other_domain->name, bn)==0 &&
+ dte_exec_access(ea->access))
+ return 1;
+
+ return 0;
+}
+
+static struct dte_domain_t *get_domain(char *name)
+{
+ struct dte_domain_t *d;
+ int h;
+
+ h = dte_hash(name,num_dte_domains);
+ if (h<0 || h>num_dte_domains)
+ return NULL;
+ d = dte_domains[h];
+ if (!d)
+ return NULL;
+ while (d->hash_next && strcmp(d->name,name))
+ d = d->hash_next;
+ if (strcmp(d->name,name))
+ return NULL;
+ return d;
+}
+
+/*
+ * Modules apparently can't use errno, so I can't use unistd.h
+ * directly. Ergo, define my own execve.
+ */
+#define __NR_execve 11
+#define __syscall_return(type, res) \
+do { \
+ return (type) (res); \
+} while (0)
+#define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3) \
+type name(type1 arg1,type2 arg2,type3 arg3) \
+{ \
+long __res; \
+__asm__ volatile ("int $0x80" \
+ : "=a" (__res) \
+ : "0" (__NR_##name),"b" ((long)(arg1)),"c" ((long)(arg2)), \
+ "d" ((long)(arg3))); \
+__syscall_return(type,__res); \
+}
+
+static inline _syscall3(int,execve,const char *,file,char **,argv,char **,envp)
+/*
+ * Note on dte_d_exec:
+ * here is a major switch from my previous version. I delay checking the
+ * validity of the domain switch until well into the execve, in the
+ * binprm_alloc_security, in fact. In order to check it here, the current
+ * domain needs to have the ability to access the file being executed so
+ * that I can check the type of the file. This should not be necessary, as
+ * only the domain being switched to should need this permission.
+ *
+ * Note that this cannot work for auto domain switches. There the source
+ * domain must be able to reach the entry point, for us to even figure out
+ * that there is a required auto switch.
+ */
+struct dte_exec_struct{
+ char *fnam;
+ char **argv;
+ char **envp;
+ char *domain;
+};
+static long dte_do_exec(void *data)
+{
+ struct dte_exec_struct es;
+ char *fnam;
+ long err;
+ char *d;
+ struct dte_task_sec *ts;
+ struct dte_domain_t *dest;
+
+ err = -EFAULT;
+ if (copy_from_user(&es, data, sizeof(struct dte_exec_struct)))
+ goto out;
+ fnam = getname(es.fnam);
+ err = PTR_ERR(fnam);
+ if (IS_ERR(fnam))
+ goto out;
+
+ d = getname(es.domain);
+ err = PTR_ERR(d);
+ if (IS_ERR(d))
+ goto out_putf;
+ dest = get_domain(d);
+ if (!dest) {
+ printk(KERN_NOTICE "Error: no domain named %s.\n", d);
+ putname(d);
+ err = -EINVAL;
+ goto out_putf;
+ }
+ putname(d);
+
+ ts = current->security;
+ if (!dte_may_exec_to(ts->dte_domain, dest)) {
+ printk(KERN_NOTICE "dte: domain %s may not exec to domain %s.\n",
+ ts->dte_domain->name, dest->name);
+ err = -EACCES;
+ goto out_putf;
+ }
+
+ ts->dte_back = ts->dte_domain;
+ ts->dte_domain = dest;
+
+ printk(KERN_NOTICE "dte: requesting exec from %s to %s on %s.\n",
+ ts->dte_back->name, ts->dte_domain->name, fnam);
+ putname(fnam);
+ err = execve(es.fnam, es.argv, es.envp);
+
+ /*
+ * uh-oh - we had an error...
+ * reset the domain to original
+ */
+ if (ts->dte_back) {
+ ts->dte_domain = ts->dte_back;
+ ts->dte_back = NULL;
+ }
+ goto out;
+
+out_putf:
+ putname(fnam);
+out:
+ return err;
+}
+
+/*asmlinkage*/
+int dte_sys_security(unsigned int id, unsigned int call,
+ unsigned long *args)
+{
+ switch(call) {
+ case 1: return (int)dte_do_gettype(args);
+ case 2: return (int)dte_do_getdomain(args);
+ case 3: return (int)dte_do_exec(args);
+ default: return -ENOSYS;
+ }
+}
+
diff --minimal -Nru a/security/dte/task.c b/security/dte/task.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dte/task.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,268 @@
+/*
+ * security/dte/task.c
+ *
+ * DTE security module functions. These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+extern int dte_initialized;
+extern int dte_bitchmode;
+extern struct security_operations *dte_secondary_ops;
+
+/*
+ * check whether current domain is required to switch domains
+ * on execution of filename, if yes switch and return 0.
+ * If error reading file, return < 0, else return > 0
+ */
+static int dte_auto_switch(char *type)
+{
+ int h;
+ struct dte_task_sec *ts = current->security;
+ struct dte_domain_t *curd = ts->dte_domain;
+ struct dte_gateway *gw;
+
+ /* no gateways, no auto switches: */
+ if (!curd->num_gw)
+ return 1;
+
+ h = dte_hash(type, curd->num_gw);
+ gw = &curd->gw[h];
+ while (gw) {
+ if (strcmp(gw->type, type)==0)
+ break;
+ gw = gw->hash_next;
+ }
+ if (gw) {
+ if (ts->dte_back) {
+ printk(KERN_NOTICE "auto switch overriding exec switch to %s.\n",
+ curd->name);
+ printk(KERN_NOTICE "switching domains: %s to %s on exec %s.\n",
+ ts->dte_back->name, gw->domain->name, type);
+ ts->dte_domain = gw->domain;
+ } else {
+ printk(KERN_NOTICE "switching domains: %s to %s on exec %s.\n",
+ curd->name, gw->domain->name, type);
+ ts->dte_back = ts->dte_domain;
+ ts->dte_domain = gw->domain;
+ }
+ return 0;
+ }
+ return 1;
+}
+
+static int dte_check_x(struct dte_domain_t *d, char *type)
+{
+ struct dte_ta *ta;
+ int h;
+
+ h = dte_hash(type, d->num_ta);
+ ta = &d->ta[h];
+ while (ta && ta->type!=type)
+ ta = ta->hash_next;
+
+ if (ta && (ta->access&DTE_FX))
+ return 0; /* x granted */
+ if (dte_bitchmode) {
+ printk(KERN_NOTICE "Would be denied: access from %s to %s as execute.\n",
+ d->name, type);
+ return 0;
+ }
+ return 1; /* x denied */
+}
+
+static int dte_domain_has_ep(struct dte_domain_t *d, char *t)
+{
+ struct dte_ep *e;
+ int h;
+
+ h = dte_hash(t, d->num_ep);
+ e = &d->ep[h];
+ while (e->type && strcmp(e->type, t)!=0 && e->hash_next)
+ e = e->hash_next;
+ if (e->type && strcmp(e->type, t)==0)
+ return 1;
+ return 0;
+}
+
+int dte_binprm_alloc_security (struct linux_binprm *bprm)
+{
+ int rc = 0;
+ bprm->security = NULL;
+ if (dte_secondary_ops)
+ rc = dte_secondary_ops->bprm_ops->alloc_security(bprm);
+
+ return rc;
+}
+
+void dte_binprm_free_security (struct linux_binprm *bprm)
+{
+ return;
+}
+
+int dte_binprm_set_security (struct linux_binprm *bprm)
+{
+ struct dte_inode_sec *s = bprm->file->f_dentry->d_inode->i_security;
+ struct dte_task_sec *ts = current->security;
+ int ret = 0;
+
+ if (dte_secondary_ops)
+ ret = dte_secondary_ops->bprm_ops->set_security(bprm);
+ if (ret)
+ return ret;
+
+ if (!s || !s->etype) {
+ printk(KERN_NOTICE "dte_binprm_set_security: on exec of %s - no etype.\n",
+ bprm->filename);
+#if 0
+ return -EACCES;
+#else
+ /* don't want to return -eaccess, as the file probably doesn't
+ * exist, and that could be misleading info for the user */
+ return 0;
+#endif
+ }
+
+ if (!dte_auto_switch(s->etype)) {
+ printk(KERN_NOTICE "dte: auto switch to %s on exec %s in %s.\n",
+ ts->dte_domain->name, bprm->filename, ts->dte_back->name);
+ } else if (ts->dte_back &&
+ !dte_domain_has_ep(ts->dte_domain, s->etype)) {
+ printk(KERN_NOTICE "dte: type %s is not ep to domain %s.\n",
+ s->etype, ts->dte_domain->name);
+ ts->dte_domain = ts->dte_back;
+ ts->dte_back = NULL;
+ return -EACCES;
+ }
+
+ ret = dte_check_x(ts->dte_domain, s->etype);
+ if (ret) {
+ /* not allowed */
+ printk(KERN_NOTICE "dte: domain %s may not execute type %s.\n",
+ ts->dte_domain->name, s->etype);
+ if (ts->dte_back) {
+ ts->dte_domain = ts->dte_back;
+ ts->dte_back = NULL;
+ }
+ return ret;
+ }
+
+#if 0
+ if (ts->dte_back)
+ printk(KERN_NOTICE "dte_binprm_set_sec: finalized trans from %s to %s.\n",
+ ts->dte_back->name, ts->dte_domain->name);
+#endif
+ ts->dte_back = NULL;
+
+ return 0;
+}
+
+int dte_task_alloc_security (struct task_struct *p)
+{
+ struct dte_task_sec *ps, *cs;
+
+ ps = p->security = kmalloc(sizeof(struct dte_task_sec), GFP_KERNEL);
+ cs = current->security;
+
+ if (!ps)
+ return -ENOMEM;
+
+ if (cs)
+ ps->dte_domain = cs->dte_domain;
+ else
+ ps->dte_domain = NULL;
+ ps->dte_back = NULL;
+ return 0;
+}
+
+void dte_task_free_security (struct task_struct *p)
+{
+ if (p->security) {
+ kfree(p->security);
+ p->security = NULL;
+ }
+}
+
+int dte_task_kill (struct task_struct *p, struct siginfo *info, int sig)
+{
+ int h;
+ struct dte_sa *sa;
+ struct dte_task_sec *sts, /* sending task security */
+ *rts; /* receiv task security */
+ struct dte_domain_t *std, /* sending task domain */
+ *rtd; /* receiv task domain */
+
+ if (!dte_initialized)
+ return 0;
+
+ /* following lsm documentation advice: */
+ if (info && ((unsigned long)info==1 || SI_FROMKERNEL(info)))
+ return 0;
+
+ if (!p) {
+ printk(KERN_ERR "dte_task_kill: sending signal to null.\n");
+ return 0;
+ }
+
+#ifdef CONFIG_DTE_DEBUG
+ printk(KERN_NOTICE "dte_task_kill: from %d to %d sig %d.\n",
+ current->pid, p->pid, sig);
+#endif
+
+ sts = (struct dte_task_sec *)current->security;
+ rts = (struct dte_task_sec *)p->security;
+ if (!sts)
+ panic("dte_kill: sending task has no security blob.\n");
+ if (!rts)
+ panic("dte_kill: recv task has no security blob.\n");
+ std = sts->dte_domain;
+ rtd = rts->dte_domain;
+ if (std == rtd)
+ return 0; /* any signals allowed as far as we're concerned */
+ if (!std || !rtd)
+ BUG();
+ if (!std->num_sa)
+ goto signal_reject; /* no signals at all, save some time */
+
+ /* signals to anyone: */
+ h = dte_hash(std->name, std->num_sa);
+ sa = &std->sa[h];
+ while (sa) {
+ if (sa->recv_domain==std)
+ if (sa->signal==0 || sa->signal==sig)
+ return 0;
+ sa = sa->hash_next;
+ }
+
+ /* signals to requested receiving domain: */
+ h = dte_hash(rtd->name, std->num_sa);
+ sa = &std->sa[h];
+ while (sa) {
+ if (sa->recv_domain==rtd)
+ if (sa->signal==0 || sa->signal==sig)
+ return 0;
+ sa = sa->hash_next;
+ }
+
+signal_reject:
+ printk(KERN_NOTICE "DTE: refusing signal %d from %d(%s) to %d(%s).\n",
+ sig, current->pid, sts->dte_domain->name, p->pid,
+ rts->dte_domain->name);
+ return -EPERM;
+}
diff --minimal -Nru a/security/dummy.c b/security/dummy.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/dummy.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1139 @@
+/*
+ * Stub functions for the default security function pointers in case no
+ * security model is loaded.
+ *
+ * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
+ * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/netfilter.h>
+#include <linux/netlink.h>
+
+static int dummy_sethostname (char *hostname)
+{
+ return 0;
+}
+
+static int dummy_setdomainname (char *domainname)
+{
+ return 0;
+}
+
+static int dummy_reboot (unsigned int cmd)
+{
+ return 0;
+}
+
+static int dummy_ioperm (unsigned long from, unsigned long num, int turn_on)
+{
+ return 0;
+}
+
+static int dummy_iopl (unsigned int old, unsigned int level)
+{
+ return 0;
+}
+
+static int dummy_ptrace (struct task_struct *parent, struct task_struct *child)
+{
+ return 0;
+}
+
+static int dummy_capget (struct task_struct *target, kernel_cap_t * effective,
+ kernel_cap_t * inheritable, kernel_cap_t * permitted)
+{
+ return 0;
+}
+
+static int dummy_capset_check (struct task_struct *target,
+ kernel_cap_t * effective,
+ kernel_cap_t * inheritable,
+ kernel_cap_t * permitted)
+{
+ return 0;
+}
+
+static void dummy_capset_set (struct task_struct *target,
+ kernel_cap_t * effective,
+ kernel_cap_t * inheritable,
+ kernel_cap_t * permitted)
+{
+ return;
+}
+
+static int dummy_acct (struct file *file)
+{
+ return 0;
+}
+
+static int dummy_capable (struct task_struct *tsk, int cap)
+{
+ if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0)
+ /* capability granted */
+ return 0;
+
+ /* capability denied */
+ return -EPERM;
+}
+
+static int dummy_sysctl (ctl_table * table, int op)
+{
+ return 0;
+}
+
+static int dummy_sys_security (unsigned int id, unsigned int call,
+ unsigned long *args)
+{
+ return -ENOSYS;
+}
+
+static int dummy_swapon (struct swap_info_struct *swap)
+{
+ return 0;
+}
+
+static int dummy_swapoff (struct swap_info_struct *swap)
+{
+ return 0;
+}
+
+static int dummy_nfsservctl (int cmd, struct nfsctl_arg *arg)
+{
+ return 0;
+}
+
+static int dummy_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+ return 0;
+}
+
+static int dummy_quota_on (struct file *f)
+{
+ return 0;
+}
+
+static int dummy_bdflush (int func, long data)
+{
+ return 0;
+}
+
+static int dummy_syslog (int type)
+{
+ return 0;
+}
+
+static int dummy_netlink_send (struct sk_buff *skb)
+{
+ if (current->euid == 0)
+ cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN);
+ else
+ NETLINK_CB (skb).eff_cap = 0;
+ return 0;
+}
+
+static int dummy_netlink_recv (struct sk_buff *skb)
+{
+ if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
+ return -EPERM;
+ return 0;
+}
+
+static int dummy_binprm_alloc_security (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static void dummy_binprm_free_security (struct linux_binprm *bprm)
+{
+ return;
+}
+
+static void dummy_binprm_compute_creds (struct linux_binprm *bprm)
+{
+ return;
+}
+
+static int dummy_binprm_set_security (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static int dummy_sb_alloc_security (struct super_block *sb)
+{
+ return 0;
+}
+
+static void dummy_sb_free_security (struct super_block *sb)
+{
+ return;
+}
+
+static int dummy_sb_statfs (struct super_block *sb)
+{
+ return 0;
+}
+
+static int dummy_mount (char *dev_name, struct nameidata *nd, char *type,
+ unsigned long flags, void *data)
+{
+ return 0;
+}
+
+static int dummy_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+ return 0;
+}
+
+static int dummy_umount (struct vfsmount *mnt, int flags)
+{
+ return 0;
+}
+
+static void dummy_umount_close (struct vfsmount *mnt)
+{
+ return;
+}
+
+static void dummy_umount_busy (struct vfsmount *mnt)
+{
+ return;
+}
+
+static void dummy_post_remount (struct vfsmount *mnt, unsigned long flags,
+ void *data)
+{
+ return;
+}
+
+
+static void dummy_post_mountroot (void)
+{
+ return;
+}
+
+static void dummy_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+{
+ return;
+}
+
+static int dummy_inode_alloc_security (struct inode *inode)
+{
+ return 0;
+}
+
+static void dummy_inode_free_security (struct inode *inode)
+{
+ return;
+}
+
+static int dummy_inode_create (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return 0;
+}
+
+static void dummy_inode_post_create (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return;
+}
+
+static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static void dummy_inode_post_link (struct dentry *old_dentry,
+ struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return;
+}
+
+static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry)
+{
+ return 0;
+}
+
+static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry,
+ const char *name)
+{
+ return 0;
+}
+
+static void dummy_inode_post_symlink (struct inode *inode,
+ struct dentry *dentry, const char *name)
+{
+ return;
+}
+
+static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return 0;
+}
+
+static void dummy_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return;
+}
+
+static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry)
+{
+ return 0;
+}
+
+static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry,
+ int major, dev_t minor)
+{
+ return 0;
+}
+
+static void dummy_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+ int major, dev_t minor)
+{
+ return;
+}
+
+static int dummy_inode_rename (struct inode *old_inode,
+ struct dentry *old_dentry,
+ struct inode *new_inode,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static void dummy_inode_post_rename (struct inode *old_inode,
+ struct dentry *old_dentry,
+ struct inode *new_inode,
+ struct dentry *new_dentry)
+{
+ return;
+}
+
+static int dummy_inode_readlink (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int dummy_inode_follow_link (struct dentry *dentry,
+ struct nameidata *nameidata)
+{
+ return 0;
+}
+
+static int dummy_inode_permission (struct inode *inode, int mask)
+{
+ return 0;
+}
+
+static int dummy_inode_revalidate (struct dentry *inode)
+{
+ return 0;
+}
+
+static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr)
+{
+ return 0;
+}
+
+static int dummy_inode_stat (struct inode *inode)
+{
+ return 0;
+}
+
+static void dummy_post_lookup (struct inode *ino, struct dentry *d)
+{
+ return;
+}
+
+static void dummy_delete (struct inode *ino)
+{
+ return;
+}
+
+static int dummy_inode_setxattr (struct dentry *dentry, char *name, void *value,
+ size_t size, int flags)
+{
+ return 0;
+}
+
+static int dummy_inode_getxattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static int dummy_inode_listxattr (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int dummy_inode_removexattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static int dummy_file_permission (struct file *file, int mask)
+{
+ return 0;
+}
+
+static int dummy_file_alloc_security (struct file *file)
+{
+ return 0;
+}
+
+static void dummy_file_free_security (struct file *file)
+{
+ return;
+}
+
+static int dummy_file_llseek (struct file *file)
+{
+ return 0;
+}
+
+static int dummy_file_ioctl (struct file *file, unsigned int command,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static int dummy_file_mmap (struct file *file, unsigned long prot,
+ unsigned long flags)
+{
+ return 0;
+}
+
+static int dummy_file_mprotect (struct vm_area_struct *vma, unsigned long prot)
+{
+ return 0;
+}
+
+static int dummy_file_lock (struct file *file, unsigned int cmd, int blocking)
+{
+ return 0;
+}
+
+static int dummy_file_fcntl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static int dummy_file_set_fowner (struct file *file)
+{
+ return 0;
+}
+
+static int dummy_file_send_sigiotask (struct task_struct *tsk,
+ struct fown_struct *fown, int fd,
+ int reason)
+{
+ return 0;
+}
+
+static int dummy_file_receive (struct file *file)
+{
+ return 0;
+}
+
+static int dummy_task_create (unsigned long clone_flags)
+{
+ return 0;
+}
+
+static int dummy_task_alloc_security (struct task_struct *p)
+{
+ return 0;
+}
+
+static void dummy_task_free_security (struct task_struct *p)
+{
+ return;
+}
+
+static int dummy_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+ return 0;
+}
+
+static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+ return 0;
+}
+
+static int dummy_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
+{
+ return 0;
+}
+
+static int dummy_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+ return 0;
+}
+
+static int dummy_task_getpgid (struct task_struct *p)
+{
+ return 0;
+}
+
+static int dummy_task_getsid (struct task_struct *p)
+{
+ return 0;
+}
+
+static int dummy_task_setgroups (int gidsetsize, gid_t * grouplist)
+{
+ return 0;
+}
+
+static int dummy_task_setnice (struct task_struct *p, int nice)
+{
+ return 0;
+}
+
+static int dummy_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
+{
+ return 0;
+}
+
+static int dummy_task_setscheduler (struct task_struct *p, int policy,
+ struct sched_param *lp)
+{
+ return 0;
+}
+
+static int dummy_task_getscheduler (struct task_struct *p)
+{
+ return 0;
+}
+
+static int dummy_task_wait (struct task_struct *p)
+{
+ return 0;
+}
+
+static int dummy_task_kill (struct task_struct *p, struct siginfo *info,
+ int sig)
+{
+ return 0;
+}
+
+static int dummy_task_prctl (int option, unsigned long arg2, unsigned long arg3,
+ unsigned long arg4, unsigned long arg5)
+{
+ return 0;
+}
+
+static void dummy_task_kmod_set_label (void)
+{
+ return;
+}
+
+static unsigned int dummy_ip_preroute_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_preroute_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_input_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_input_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_forward_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_forward_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_output_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_output_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_postroute_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_postroute_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static void dummy_ip_fragment (struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ return;
+}
+
+static int dummy_ip_defragment (struct sk_buff *skb)
+{
+ return 0;
+}
+
+static void dummy_ip_decapsulate (struct sk_buff *skb)
+{
+ return;
+}
+
+static void dummy_ip_encapsulate (struct sk_buff *skb)
+{
+ return;
+}
+
+static int dummy_ip_decode_options (struct sk_buff *skb, const char *optptr,
+ unsigned char **pp_ptr)
+{
+ if (!skb && !capable (CAP_NET_RAW)) {
+ (const unsigned char *) *pp_ptr = optptr;
+ return -EPERM;
+ }
+ return 0;
+}
+
+static void dummy_netdev_unregister (struct net_device *dev)
+{
+ return;
+}
+
+static int dummy_socket_create (int family, int type, int protocol)
+{
+ return 0;
+}
+
+static void dummy_socket_post_create (struct socket *sock, int family, int type,
+ int protocol)
+{
+ return;
+}
+
+static int dummy_socket_bind (struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ return 0;
+}
+
+static int dummy_socket_connect (struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ return 0;
+}
+
+static int dummy_socket_listen (struct socket *sock, int backlog)
+{
+ return 0;
+}
+
+static int dummy_socket_accept (struct socket *sock, struct socket *newsock)
+{
+ return 0;
+}
+
+static int dummy_socket_sendmsg (struct socket *sock, struct msghdr *msg,
+ int size)
+{
+ return 0;
+}
+
+static int dummy_socket_recvmsg (struct socket *sock, struct msghdr *msg,
+ int size, int flags)
+{
+ return 0;
+}
+
+static int dummy_socket_getsockname (struct socket *sock)
+{
+ return 0;
+}
+
+static int dummy_socket_getpeername (struct socket *sock)
+{
+ return 0;
+}
+
+static int dummy_socket_setsockopt (struct socket *sock, int level, int optname)
+{
+ return 0;
+}
+
+static int dummy_socket_getsockopt (struct socket *sock, int level, int optname)
+{
+ return 0;
+}
+
+static int dummy_socket_shutdown (struct socket *sock, int how)
+{
+ return 0;
+}
+
+static int dummy_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
+{
+ return 0;
+}
+
+static int dummy_socket_unix_stream_connect (struct socket *sock,
+ struct socket *other)
+{
+ return 0;
+}
+
+static int dummy_socket_unix_may_send (struct socket *sock,
+ struct socket *other)
+{
+ return 0;
+}
+
+static int dummy_module_create_module (const char *name_user, size_t size)
+{
+ return 0;
+}
+
+static int dummy_module_init_module (struct module *mod_user)
+{
+ return 0;
+}
+
+static int dummy_module_delete_module (const struct module *mod)
+{
+ return 0;
+}
+
+static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
+{
+ return 0;
+}
+
+static int dummy_ipc_getinfo (int id, int cmd)
+{
+ return 0;
+}
+
+static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
+{
+ return 0;
+}
+
+static void dummy_msg_msg_free_security (struct msg_msg *msg)
+{
+ return;
+}
+
+static int dummy_msg_queue_alloc_security (struct msg_queue *msq)
+{
+ return 0;
+}
+
+static void dummy_msg_queue_free_security (struct msg_queue *msq)
+{
+ return;
+}
+
+static int dummy_msg_queue_associate (struct msg_queue *msq, int msqid,
+ int msqflg)
+{
+ return 0;
+}
+
+static int dummy_msg_queue_msgctl (struct msg_queue *msq, int msqid, int cmd)
+{
+ return 0;
+}
+
+static int dummy_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
+ int msqid, int msgflg)
+{
+ return 0;
+}
+
+static int dummy_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
+ struct task_struct *target, long type,
+ int mode)
+{
+ return 0;
+}
+
+static int dummy_shm_alloc_security (struct shmid_kernel *shp)
+{
+ return 0;
+}
+
+static void dummy_shm_free_security (struct shmid_kernel *shp)
+{
+ return;
+}
+
+static int dummy_shm_associate (struct shmid_kernel *shp, int shmid, int shmflg)
+{
+ return 0;
+}
+
+static int dummy_shm_shmctl (struct shmid_kernel *shp, int shmid, int cmd)
+{
+ return 0;
+}
+
+static int dummy_shm_shmat (struct shmid_kernel *shp, int shmid, char *shmaddr,
+ int shmflg)
+{
+ return 0;
+}
+
+static int dummy_sem_alloc_security (struct sem_array *sma)
+{
+ return 0;
+}
+
+static void dummy_sem_free_security (struct sem_array *sma)
+{
+ return;
+}
+
+static int dummy_sem_associate (struct sem_array *sma, int semid, int semflg)
+{
+ return 0;
+}
+
+static int dummy_sem_semctl (struct sem_array *sma, int semid, int cmd)
+{
+ return 0;
+}
+
+static int dummy_sem_semop (struct sem_array *sma, int semid,
+ struct sembuf *sops, unsigned nsops, int alter)
+{
+ return 0;
+}
+
+static int dummy_skb_alloc_security (struct sk_buff *skb)
+{
+ return 0;
+}
+
+static int dummy_skb_clone (struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ return 0;
+}
+
+static void dummy_skb_copy (struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ return;
+}
+
+static void dummy_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+ return;
+}
+
+static void dummy_skb_free_security (struct sk_buff *skb)
+{
+ return;
+}
+
+static int dummy_register (const char *name, struct security_operations *ops)
+{
+ return -EINVAL;
+}
+
+static int dummy_unregister (const char *name, struct security_operations *ops)
+{
+ return -EINVAL;
+}
+
+static struct binprm_security_ops dummy_binprm_ops = {
+ alloc_security: dummy_binprm_alloc_security,
+ free_security: dummy_binprm_free_security,
+ compute_creds: dummy_binprm_compute_creds,
+ set_security: dummy_binprm_set_security,
+};
+
+static struct super_block_security_ops dummy_sb_ops = {
+ alloc_security: dummy_sb_alloc_security,
+ free_security: dummy_sb_free_security,
+ statfs: dummy_sb_statfs,
+ mount: dummy_mount,
+ check_sb: dummy_check_sb,
+ umount: dummy_umount,
+ umount_close: dummy_umount_close,
+ umount_busy: dummy_umount_busy,
+ post_remount: dummy_post_remount,
+ post_mountroot: dummy_post_mountroot,
+ post_addmount: dummy_post_addmount,
+};
+
+static struct inode_security_ops dummy_inode_ops = {
+ alloc_security: dummy_inode_alloc_security,
+ free_security: dummy_inode_free_security,
+ create: dummy_inode_create,
+ post_create: dummy_inode_post_create,
+ link: dummy_inode_link,
+ post_link: dummy_inode_post_link,
+ unlink: dummy_inode_unlink,
+ symlink: dummy_inode_symlink,
+ post_symlink: dummy_inode_post_symlink,
+ mkdir: dummy_inode_mkdir,
+ post_mkdir: dummy_inode_post_mkdir,
+ rmdir: dummy_inode_rmdir,
+ mknod: dummy_inode_mknod,
+ post_mknod: dummy_inode_post_mknod,
+ rename: dummy_inode_rename,
+ post_rename: dummy_inode_post_rename,
+ readlink: dummy_inode_readlink,
+ follow_link: dummy_inode_follow_link,
+ permission: dummy_inode_permission,
+ revalidate: dummy_inode_revalidate,
+ setattr: dummy_inode_setattr,
+ stat: dummy_inode_stat,
+ post_lookup: dummy_post_lookup,
+ delete: dummy_delete,
+ setxattr: dummy_inode_setxattr,
+ getxattr: dummy_inode_getxattr,
+ listxattr: dummy_inode_listxattr,
+ removexattr: dummy_inode_removexattr,
+};
+
+static struct file_security_ops dummy_file_ops = {
+ permission: dummy_file_permission,
+ alloc_security: dummy_file_alloc_security,
+ free_security: dummy_file_free_security,
+ llseek: dummy_file_llseek,
+ ioctl: dummy_file_ioctl,
+ mmap: dummy_file_mmap,
+ mprotect: dummy_file_mprotect,
+ lock: dummy_file_lock,
+ fcntl: dummy_file_fcntl,
+ set_fowner: dummy_file_set_fowner,
+ send_sigiotask: dummy_file_send_sigiotask,
+ receive: dummy_file_receive,
+};
+
+static struct task_security_ops dummy_task_ops = {
+ create: dummy_task_create,
+ alloc_security: dummy_task_alloc_security,
+ free_security: dummy_task_free_security,
+ setuid: dummy_task_setuid,
+ post_setuid: dummy_task_post_setuid,
+ setgid: dummy_task_setgid,
+ setpgid: dummy_task_setpgid,
+ getpgid: dummy_task_getpgid,
+ getsid: dummy_task_getsid,
+ setgroups: dummy_task_setgroups,
+ setnice: dummy_task_setnice,
+ setrlimit: dummy_task_setrlimit,
+ setscheduler: dummy_task_setscheduler,
+ getscheduler: dummy_task_getscheduler,
+ wait: dummy_task_wait,
+ kill: dummy_task_kill,
+ prctl: dummy_task_prctl,
+ kmod_set_label: dummy_task_kmod_set_label,
+};
+
+static struct socket_security_ops dummy_socket_ops = {
+ create: dummy_socket_create,
+ post_create: dummy_socket_post_create,
+ bind: dummy_socket_bind,
+ connect: dummy_socket_connect,
+ listen: dummy_socket_listen,
+ accept: dummy_socket_accept,
+ sendmsg: dummy_socket_sendmsg,
+ recvmsg: dummy_socket_recvmsg,
+ getsockname: dummy_socket_getsockname,
+ getpeername: dummy_socket_getpeername,
+ getsockopt: dummy_socket_getsockopt,
+ setsockopt: dummy_socket_setsockopt,
+ shutdown: dummy_socket_shutdown,
+ sock_rcv_skb: dummy_sock_rcv_skb,
+ unix_stream_connect: dummy_socket_unix_stream_connect,
+ unix_may_send: dummy_socket_unix_may_send,
+};
+
+static struct skb_security_ops dummy_skb_ops = {
+ alloc_security: dummy_skb_alloc_security,
+ clone: dummy_skb_clone,
+ copy: dummy_skb_copy,
+ set_owner_w: dummy_skb_set_owner_w,
+ free_security: dummy_skb_free_security,
+};
+
+static struct ip_security_ops dummy_ip_ops = {
+ preroute_first: dummy_ip_preroute_first,
+ preroute_last: dummy_ip_preroute_last,
+ input_first: dummy_ip_input_first,
+ input_last: dummy_ip_input_last,
+ forward_first: dummy_ip_forward_first,
+ forward_last: dummy_ip_forward_last,
+ output_first: dummy_ip_output_first,
+ output_last: dummy_ip_output_last,
+ postroute_first: dummy_ip_postroute_first,
+ postroute_last: dummy_ip_postroute_last,
+ fragment: dummy_ip_fragment,
+ defragment: dummy_ip_defragment,
+ encapsulate: dummy_ip_encapsulate,
+ decapsulate: dummy_ip_decapsulate,
+ decode_options: dummy_ip_decode_options,
+};
+
+static struct netdev_security_ops dummy_netdev_ops = {
+ unregister: dummy_netdev_unregister,
+};
+
+static struct module_security_ops dummy_module_ops = {
+ create_module: dummy_module_create_module,
+ init_module: dummy_module_init_module,
+ delete_module: dummy_module_delete_module,
+
+};
+
+static struct ipc_security_ops dummy_ipc_ops = {
+ permission: dummy_ipc_permission,
+ getinfo: dummy_ipc_getinfo,
+};
+
+static struct msg_msg_security_ops dummy_msg_msg_ops = {
+ alloc_security: dummy_msg_msg_alloc_security,
+ free_security: dummy_msg_msg_free_security,
+};
+
+static struct msg_queue_security_ops dummy_msg_queue_ops = {
+ alloc_security: dummy_msg_queue_alloc_security,
+ free_security: dummy_msg_queue_free_security,
+ associate: dummy_msg_queue_associate,
+ msgctl: dummy_msg_queue_msgctl,
+ msgsnd: dummy_msg_queue_msgsnd,
+ msgrcv: dummy_msg_queue_msgrcv,
+};
+
+static struct shm_security_ops dummy_shm_ops = {
+ alloc_security: dummy_shm_alloc_security,
+ free_security: dummy_shm_free_security,
+ associate: dummy_shm_associate,
+ shmctl: dummy_shm_shmctl,
+ shmat: dummy_shm_shmat,
+};
+
+static struct sem_security_ops dummy_sem_ops = {
+ alloc_security: dummy_sem_alloc_security,
+ free_security: dummy_sem_free_security,
+ associate: dummy_sem_associate,
+ semctl: dummy_sem_semctl,
+ semop: dummy_sem_semop,
+};
+
+struct security_operations dummy_security_ops = {
+ sethostname: dummy_sethostname,
+ setdomainname: dummy_setdomainname,
+ reboot: dummy_reboot,
+ ioperm: dummy_ioperm,
+ iopl: dummy_iopl,
+ ptrace: dummy_ptrace,
+ capget: dummy_capget,
+ capset_check: dummy_capset_check,
+ capset_set: dummy_capset_set,
+ acct: dummy_acct,
+ capable: dummy_capable,
+ sysctl: dummy_sysctl,
+ sys_security: dummy_sys_security,
+ swapon: dummy_swapon,
+ swapoff: dummy_swapoff,
+ nfsservctl: dummy_nfsservctl,
+ quotactl: dummy_quotactl,
+ quota_on: dummy_quota_on,
+ bdflush: dummy_bdflush,
+ syslog: dummy_syslog,
+ netlink_send: dummy_netlink_send,
+ netlink_recv: dummy_netlink_recv,
+
+ bprm_ops: &dummy_binprm_ops,
+ sb_ops: &dummy_sb_ops,
+ inode_ops: &dummy_inode_ops,
+ file_ops: &dummy_file_ops,
+ task_ops: &dummy_task_ops,
+ socket_ops: &dummy_socket_ops,
+ skb_ops: &dummy_skb_ops,
+ ip_ops: &dummy_ip_ops,
+ ipc_ops: &dummy_ipc_ops,
+ netdev_ops: &dummy_netdev_ops,
+ module_ops: &dummy_module_ops,
+ msg_msg_ops: &dummy_msg_msg_ops,
+ msg_queue_ops: &dummy_msg_queue_ops,
+ shm_ops: &dummy_shm_ops,
+ sem_ops: &dummy_sem_ops,
+
+ register_security: dummy_register,
+ unregister_security: dummy_unregister,
+};
+
diff --minimal -Nru a/security/lsm_ip_glue.c b/security/lsm_ip_glue.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/lsm_ip_glue.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,157 @@
+/*
+ * Nefilter IPv4 Operations Glue Module for LSM
+ *
+ * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/security.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4.h>
+
+#define NF_IP_PRI_LSM_FIRST (NF_IP_PRI_FIRST + 20)
+#define NF_IP_PRI_LSM_LAST (NF_IP_PRI_LAST - 20)
+
+static unsigned int
+preroute_first(unsigned int hooknum, struct sk_buff **pskb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return security_ops->ip_ops->preroute_first(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+preroute_last(unsigned int hooknum, struct sk_buff **pskb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return security_ops->ip_ops->preroute_last(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+input_first(unsigned int hooknum, struct sk_buff **pskb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return security_ops->ip_ops->input_first(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+input_last(unsigned int hooknum, struct sk_buff **pskb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return security_ops->ip_ops->input_last(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+forward_first(unsigned int hooknum, struct sk_buff **pskb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return security_ops->ip_ops->forward_first(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+forward_last(unsigned int hooknum, struct sk_buff **pskb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return security_ops->ip_ops->forward_last(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+output_first(unsigned int hooknum, struct sk_buff **pskb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return security_ops->ip_ops->output_first(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+output_last(unsigned int hooknum, struct sk_buff **pskb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return security_ops->ip_ops->output_last(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+postroute_first(unsigned int hooknum, struct sk_buff **pskb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return security_ops->ip_ops->postroute_first(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+postroute_last(unsigned int hooknum, struct sk_buff **pskb,
+ const struct net_device *in, const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return security_ops->ip_ops->postroute_last(hooknum, pskb, in, out, okfn);
+}
+
+static struct nf_hook_ops lsm_ip_ops[] = {
+ { { NULL, NULL }, preroute_first,
+ PF_INET, NF_IP_PRE_ROUTING, NF_IP_PRI_LSM_FIRST },
+
+ { { NULL, NULL }, preroute_last,
+ PF_INET, NF_IP_PRE_ROUTING, NF_IP_PRI_LSM_LAST },
+
+ { { NULL, NULL }, input_first,
+ PF_INET, NF_IP_LOCAL_IN, NF_IP_PRI_LSM_FIRST },
+
+ { { NULL, NULL }, input_last,
+ PF_INET, NF_IP_LOCAL_IN, NF_IP_PRI_LSM_LAST },
+
+ { { NULL, NULL }, forward_first,
+ PF_INET, NF_IP_FORWARD, NF_IP_PRI_LSM_FIRST },
+
+ { { NULL, NULL }, forward_last,
+ PF_INET, NF_IP_FORWARD, NF_IP_PRI_LSM_LAST },
+
+ { { NULL, NULL }, output_first,
+ PF_INET, NF_IP_LOCAL_OUT, NF_IP_PRI_LSM_FIRST },
+
+ { { NULL, NULL }, output_last,
+ PF_INET, NF_IP_LOCAL_OUT, NF_IP_PRI_LSM_LAST },
+
+ { { NULL, NULL }, postroute_first,
+ PF_INET, NF_IP_POST_ROUTING, NF_IP_PRI_LSM_FIRST },
+
+ { { NULL, NULL }, postroute_last,
+ PF_INET, NF_IP_POST_ROUTING, NF_IP_PRI_LSM_LAST }
+};
+
+static int __init init(void)
+{
+ int i;
+
+ /* Hook registration never returns error (for now) */
+ for (i = 0; i < sizeof(lsm_ip_ops)/sizeof(struct nf_hook_ops); i++)
+ nf_register_hook(&lsm_ip_ops[i]);
+
+ return 0;
+}
+
+static void __exit fini(void)
+{
+ unsigned int i;
+
+ for (i = 0; i < sizeof(lsm_ip_ops)/sizeof(struct nf_hook_ops); i++)
+ nf_unregister_hook(&lsm_ip_ops[i]);
+}
+
+module_init(init);
+module_exit(fini);
+
+MODULE_DESCRIPTION("Nefilter IPv4 Operations Glue for Linux Security Module");
+MODULE_LICENSE("GPL");
+
diff --minimal -Nru a/security/owlsm.c b/security/owlsm.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/owlsm.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1199 @@
+/*
+ * This is NOT Openwall, however, it is some of the Openwall kernel patch
+ * ported to LSM. For more information regarding the Openwall project
+ * can be found at http://www.openwall.com/
+ *
+ * Copyright (C) 2001 Emily Ratliff <ratliff@austin.ibm.com>
+ * Copyright (C) 2001 Nick Bellinger, Esquire <nickb@attheoffice.org>
+ * Copyright (C) 2001 Chris Wright <chris@wirex.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/stat.h>
+#include <linux/netfilter.h>
+#include <linux/netlink.h>
+#include <linux/ctype.h>
+#include <linux/file.h>
+
+#include "owlsm.h"
+
+/* flag to keep track of how we were registered */
+static int secondary;
+
+static int owlsm_sethostname (char *hostname)
+{
+ return 0;
+}
+
+static int owlsm_setdomainname (char *domainname)
+{
+ return 0;
+}
+
+static int owlsm_reboot (unsigned int cmd)
+{
+ return 0;
+}
+
+static int owlsm_ioperm (unsigned long from, unsigned long num, int turn_on)
+{
+ return 0;
+}
+
+static int owlsm_iopl (unsigned int old, unsigned int level)
+{
+ return 0;
+}
+
+static int owlsm_ptrace (struct task_struct *parent, struct task_struct *child)
+{
+ return 0;
+}
+
+static int owlsm_capget (struct task_struct *target, kernel_cap_t * effective,
+ kernel_cap_t * inheritable, kernel_cap_t * permitted)
+{
+ return 0;
+}
+
+static int owlsm_capset_check (struct task_struct *target,
+ kernel_cap_t * effective,
+ kernel_cap_t * inheritable,
+ kernel_cap_t * permitted)
+{
+ return 0;
+}
+
+static void owlsm_capset_set (struct task_struct *target,
+ kernel_cap_t * effective,
+ kernel_cap_t * inheritable,
+ kernel_cap_t * permitted)
+{
+ return;
+}
+
+static int owlsm_acct (struct file *file)
+{
+ return 0;
+}
+
+static int owlsm_capable (struct task_struct *tsk, int cap)
+{
+ /* from dummy.c */
+ if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0)
+ /* capability granted */
+ return 0;
+
+ /* capability denied */
+ return -EPERM;
+}
+
+static int owlsm_sysctl (ctl_table * table, int op)
+{
+ return 0;
+}
+
+static int owlsm_sys_security (unsigned int id, unsigned int call,
+ unsigned long *args)
+{
+ return -ENOSYS;
+}
+
+static int owlsm_swapon (struct swap_info_struct *swap)
+{
+ return 0;
+}
+
+static int owlsm_swapoff (struct swap_info_struct *swap)
+{
+ return 0;
+}
+
+static int owlsm_nfsservctl (int cmd, struct nfsctl_arg *arg)
+{
+ return 0;
+}
+
+static int owlsm_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+ return 0;
+}
+
+static int owlsm_quota_on (struct file *f)
+{
+ return 0;
+}
+
+static int owlsm_bdflush (int func, long data)
+{
+ return 0;
+}
+
+static int owlsm_syslog (int type)
+{
+ return 0;
+}
+
+static int owlsm_netlink_send (struct sk_buff *skb)
+{
+ /* from dummy.c */
+ if (current->euid == 0)
+ cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN);
+ else
+ NETLINK_CB (skb).eff_cap = 0;
+ return 0;
+}
+
+static int owlsm_netlink_recv (struct sk_buff *skb)
+{
+ /* from dummy.c */
+ if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
+ return -EPERM;
+ return 0;
+}
+
+static int owlsm_binprm_alloc_security(struct linux_binprm *bprm)
+{
+ int exec_return, fd_return;
+
+ exec_return = do_owlsm_exec_rlimit(bprm);
+ fd_return = do_owlsm_sfd_alloc(bprm);
+
+ return (exec_return || fd_return) ? -EPERM : 0;
+}
+
+static void owlsm_binprm_free_security (struct linux_binprm *bprm)
+{
+ return do_owlsm_sfd_free(bprm);
+}
+
+static void owlsm_binprm_compute_creds (struct linux_binprm *bprm)
+{
+ return do_owlsm_sfd_compute(bprm);
+}
+
+static int owlsm_binprm_set_security (struct linux_binprm *bprm)
+{
+ return do_owlsm_sfd_set(bprm);
+}
+
+static int owlsm_sb_alloc_security (struct super_block *sb)
+{
+ return 0;
+}
+
+static void owlsm_sb_free_security (struct super_block *sb)
+{
+ return;
+}
+
+static int owlsm_sb_statfs (struct super_block *sb)
+{
+ return 0;
+}
+
+static int owlsm_sb_mount (char *devname, struct nameidata *nd, char *type,
+ unsigned long flags, void *data)
+{
+ return 0;
+}
+
+static int owlsm_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+ return 0;
+}
+
+static int owlsm_sb_umount (struct vfsmount *mnt, int flags)
+{
+ return 0;
+}
+
+static void owlsm_sb_umount_close (struct vfsmount *mnt)
+{
+ return;
+}
+
+static void owlsm_sb_umount_busy (struct vfsmount *mnt)
+{
+ return;
+}
+static void owlsm_sb_post_remount (struct vfsmount *mnt, unsigned long flags,
+ void *data)
+{
+ return;
+}
+
+static void owlsm_sb_post_mountroot (void)
+{
+ return;
+}
+
+static void owlsm_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+{
+ return;
+}
+
+static int owlsm_inode_alloc_security (struct inode *inode)
+{
+ return 0;
+}
+
+static void owlsm_inode_free_security (struct inode *inode)
+{
+ return;
+}
+
+static int owlsm_inode_create (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return 0;
+}
+
+static void owlsm_inode_post_create (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return;
+}
+
+static int owlsm_inode_link (struct dentry *old_dentry, struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return do_owlsm_link(old_dentry, inode, new_dentry);
+}
+
+static void owlsm_inode_post_link (struct dentry *old_dentry,
+ struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return;
+}
+
+static int owlsm_inode_unlink (struct inode *inode, struct dentry *dentry)
+{
+ return 0;
+}
+
+static int owlsm_inode_symlink (struct inode *inode, struct dentry *dentry,
+ const char *name)
+{
+ return 0;
+}
+
+static void owlsm_inode_post_symlink (struct inode *inode,
+ struct dentry *dentry, const char *name)
+{
+ return;
+}
+
+static int owlsm_inode_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return 0;
+}
+
+static void owlsm_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return;
+}
+
+static int owlsm_inode_rmdir (struct inode *inode, struct dentry *dentry)
+{
+ return 0;
+}
+
+static int owlsm_inode_mknod (struct inode *inode, struct dentry *dentry,
+ int major, dev_t minor)
+{
+ return 0;
+}
+
+static void owlsm_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+ int major, dev_t minor)
+{
+ return;
+}
+
+static int owlsm_inode_rename (struct inode *old_inode,
+ struct dentry *old_dentry,
+ struct inode *new_inode,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static void owlsm_inode_post_rename (struct inode *old_inode,
+ struct dentry *old_dentry,
+ struct inode *new_inode,
+ struct dentry *new_dentry)
+{
+ return;
+}
+
+static int owlsm_inode_readlink (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int owlsm_inode_follow_link (struct dentry *dentry,
+ struct nameidata *nameidata)
+{
+ return do_owlsm_follow_link(dentry, nameidata);
+}
+
+static int owlsm_inode_permission (struct inode *inode, int mask)
+{
+ return 0;
+}
+
+static int owlsm_inode_revalidate (struct dentry *inode)
+{
+ return 0;
+}
+
+static int owlsm_inode_setattr (struct dentry *dentry, struct iattr *iattr)
+{
+ return 0;
+}
+
+static int owlsm_inode_stat (struct inode *inode)
+{
+ return 0;
+}
+
+static void owlsm_post_lookup (struct inode *ino, struct dentry *d)
+{
+ return;
+}
+
+static void owlsm_delete (struct inode *ino)
+{
+ return;
+}
+
+static int owlsm_inode_setxattr (struct dentry *dentry, char *name, void *value,
+ size_t size, int flags)
+{
+ return 0;
+}
+
+static int owlsm_inode_getxattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static int owlsm_inode_listxattr (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int owlsm_inode_removexattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static int owlsm_file_permission (struct file *file, int mask)
+{
+ return 0;
+}
+
+static int owlsm_file_alloc_security (struct file *file)
+{
+ return 0;
+}
+
+static void owlsm_file_free_security (struct file *file)
+{
+ return;
+}
+
+static int owlsm_file_llseek (struct file *file)
+{
+ return 0;
+}
+
+static int owlsm_file_ioctl (struct file *file, unsigned int command ,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static int owlsm_file_mmap (struct file *file, unsigned long prot,
+ unsigned long flags)
+{
+ return 0;
+}
+
+static int owlsm_file_mprotect (struct vm_area_struct *vma, unsigned long prot)
+{
+ return 0;
+}
+
+static int owlsm_file_lock (struct file *file, unsigned int cmd, int blocking)
+{
+ return 0;
+}
+
+static int owlsm_file_fcntl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static int owlsm_file_set_fowner (struct file *file)
+{
+ return 0;
+}
+
+static int owlsm_file_send_sigiotask (struct task_struct *tsk,
+ struct fown_struct *fown,
+ int fd, int reason)
+{
+ return 0;
+}
+
+static int owlsm_file_receive (struct file *file)
+{
+ return 0;
+}
+
+static int owlsm_task_create (unsigned long clone_flags)
+{
+ return 0;
+}
+
+static int owlsm_task_alloc_security (struct task_struct *p)
+{
+ return 0;
+}
+
+static void owlsm_task_free_security (struct task_struct *p)
+{
+ return;
+}
+
+static int owlsm_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+ return 0;
+}
+
+static int owlsm_task_post_setuid(uid_t old_ruid, uid_t old_euid,
+ uid_t old_suid, int flags)
+{
+ return 0;
+}
+
+static int owlsm_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
+{
+ return 0;
+}
+
+static int owlsm_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+ return 0;
+}
+
+static int owlsm_task_getpgid (struct task_struct *p)
+{
+ return 0;
+}
+
+static int owlsm_task_getsid (struct task_struct *p)
+{
+ return 0;
+}
+
+static int owlsm_task_setgroups (int gidsetsize, gid_t *grouplist)
+{
+ return 0;
+}
+
+static int owlsm_task_setnice (struct task_struct *p, int nice)
+{
+ return 0;
+}
+
+static int owlsm_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
+{
+ return 0;
+}
+
+static int owlsm_task_setscheduler (struct task_struct *p, int policy,
+ struct sched_param *lp)
+{
+ return 0;
+}
+
+static int owlsm_task_getscheduler (struct task_struct *p)
+{
+ return 0;
+}
+
+static int owlsm_task_wait (struct task_struct *p)
+{
+ return 0;
+}
+
+static int owlsm_task_kill (struct task_struct *p, struct siginfo *info, int sig)
+{
+ return 0;
+}
+
+static int owlsm_task_prctl (int option, unsigned long arg2, unsigned long arg3,
+ unsigned long arg4, unsigned long arg5)
+{
+ return 0;
+}
+
+static void owlsm_task_kmod_set_label (void)
+{
+ return;
+}
+
+static unsigned int owlsm_ip_preroute_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_preroute_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_input_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_input_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_forward_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_forward_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_output_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_output_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_postroute_first (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_postroute_last (unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static void owlsm_ip_fragment (struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ return;
+}
+
+static int owlsm_ip_defragment (struct sk_buff *skb)
+{
+ return 0;
+}
+
+static void owlsm_ip_encapsulate (struct sk_buff *skb)
+{
+ return;
+}
+
+static void owlsm_ip_decapsulate (struct sk_buff *skb)
+{
+ return;
+}
+
+static int owlsm_decode_options (struct sk_buff *skb, const char *optptr,
+ unsigned char **pp_ptr)
+{
+ /* from dummy.c */
+ if (!skb && !capable (CAP_NET_RAW)) {
+ (const unsigned char *) *pp_ptr = optptr;
+ return -EPERM;
+ }
+ return 0;
+}
+
+static void owlsm_netdev_unregister (struct net_device *dev)
+{
+ return;
+}
+
+static int owlsm_socket_create (int family, int type, int protocol)
+{
+ return 0;
+}
+static void owlsm_socket_post_create (struct socket *sock, int family,
+ int type, int protocol)
+{
+ return;
+}
+
+static int owlsm_socket_bind (struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ return 0;
+}
+
+static int owlsm_socket_connect (struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ return 0;
+}
+
+static int owlsm_socket_listen (struct socket *sock, int backlog)
+{
+ return 0;
+}
+
+static int owlsm_socket_accept (struct socket *sock, struct socket *newsock)
+{
+ return 0;
+}
+
+static int owlsm_socket_sendmsg (struct socket *sock, struct msghdr *msg,
+ int size)
+{
+ return 0;
+}
+
+static int owlsm_socket_recvmsg (struct socket *sock, struct msghdr *msg,
+ int size, int flags)
+{
+ return 0;
+}
+
+static int owlsm_socket_getsockname (struct socket *sock)
+{
+ return 0;
+}
+
+static int owlsm_socket_getpeername (struct socket *sock)
+{
+ return 0;
+}
+
+static int owlsm_socket_setsockopt (struct socket *sock, int level, int optname)
+{
+ return 0;
+}
+
+static int owlsm_socket_getsockopt (struct socket *sock, int level, int optname)
+{
+ return 0;
+}
+
+static int owlsm_socket_shutdown (struct socket *sock, int how)
+{
+ return 0;
+}
+
+static int owlsm_socket_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
+{
+ return 0;
+}
+
+static int owlsm_socket_unix_stream_connect (struct socket *sock,
+ struct socket *other)
+{
+ return 0;
+}
+
+static int owlsm_socket_unix_may_send (struct socket *sock,
+ struct socket *other)
+{
+ return 0;
+}
+
+static int owlsm_module_create_module (const char *name_user, size_t size)
+{
+ return 0;
+}
+
+static int owlsm_module_init_module (struct module *mod)
+{
+ return 0;
+}
+
+static int owlsm_module_delete_module (const struct module *mod)
+{
+ return 0;
+}
+
+static int owlsm_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
+{
+ return 0;
+}
+
+static int owlsm_ipc_getinfo (int id, int cmd)
+{
+ return 0;
+}
+
+static int owlsm_msg_msg_alloc_security (struct msg_msg *msg)
+{
+ return 0;
+}
+
+static void owlsm_msg_msg_free_security (struct msg_msg *msg)
+{
+ return;
+}
+
+static int owlsm_msg_queue_alloc_security (struct msg_queue *msq)
+{
+ return 0;
+}
+
+static void owlsm_msg_queue_free_security (struct msg_queue *msq)
+{
+ return;
+}
+
+static int owlsm_msg_queue_associate (struct msg_queue *msq, int msgid,
+ int msgflg)
+{
+ return 0;
+}
+
+static int owlsm_msg_queue_msgctl (struct msg_queue *msq, int msgid, int cmd)
+{
+ return 0;
+}
+
+static int owlsm_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
+ int msgid, int msgflg)
+{
+ return 0;
+}
+
+static int owlsm_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
+ struct task_struct *target,
+ long type, int mode)
+{
+ return 0;
+}
+
+static int owlsm_shm_alloc_security (struct shmid_kernel *shp)
+{
+ return 0;
+}
+
+static void owlsm_shm_free_security (struct shmid_kernel *shp)
+{
+ return;
+}
+
+static int owlsm_shm_associate (struct shmid_kernel *shp, int shmid, int shmflg)
+{
+ return 0;
+}
+
+static int owlsm_shm_shmctl (struct shmid_kernel *shp, int shmid, int cmd)
+{
+ return 0;
+}
+
+static int owlsm_shm_shmat (struct shmid_kernel *shp, int shmid, char *shmaddr,
+ int shmflg)
+{
+ return 0;
+}
+
+static int owlsm_sem_alloc_security (struct sem_array *sma)
+{
+ return 0;
+}
+
+static void owlsm_sem_free_security (struct sem_array *sma)
+{
+ return;
+}
+
+static int owlsm_sem_associate (struct sem_array *sma, int semid, int semflg)
+{
+ return 0;
+}
+
+static int owlsm_sem_semctl (struct sem_array *sma, int semid, int cmd)
+{
+ return 0;
+}
+
+static int owlsm_sem_semop (struct sem_array *sma, int semid,
+ struct sembuf *sops, unsigned nsops, int alter)
+{
+ return 0;
+}
+
+static int owlsm_skb_alloc_security (struct sk_buff *skb)
+{
+ return 0;
+}
+
+static int owlsm_skb_clone (struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ return 0;
+}
+
+static void owlsm_skb_copy (struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ return;
+}
+
+static void owlsm_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+ return;
+}
+
+static void owlsm_skb_free_security (struct sk_buff *skb)
+{
+ return;
+}
+
+static int owlsm_register (const char *name, struct security_operations *ops)
+{
+ return -EINVAL;
+}
+
+static int owlsm_unregister (const char *name, struct security_operations *ops)
+{
+ return -EINVAL;
+}
+
+static struct binprm_security_ops owlsm_binprm_ops = {
+ alloc_security: owlsm_binprm_alloc_security,
+ free_security: owlsm_binprm_free_security,
+ compute_creds: owlsm_binprm_compute_creds,
+ set_security: owlsm_binprm_set_security,
+};
+
+static struct super_block_security_ops owlsm_sb_ops = {
+ alloc_security: owlsm_sb_alloc_security,
+ free_security: owlsm_sb_free_security,
+ statfs: owlsm_sb_statfs,
+ mount: owlsm_sb_mount,
+ check_sb: owlsm_sb_check_sb,
+ umount: owlsm_sb_umount,
+ umount_close: owlsm_sb_umount_close,
+ umount_busy: owlsm_sb_umount_busy,
+ post_remount: owlsm_sb_post_remount,
+ post_mountroot: owlsm_sb_post_mountroot,
+ post_addmount: owlsm_sb_post_addmount,
+};
+
+static struct inode_security_ops owlsm_inode_ops = {
+ alloc_security: owlsm_inode_alloc_security,
+ free_security: owlsm_inode_free_security,
+ create: owlsm_inode_create,
+ post_create: owlsm_inode_post_create,
+ link: owlsm_inode_link,
+ post_link: owlsm_inode_post_link,
+ unlink: owlsm_inode_unlink,
+ symlink: owlsm_inode_symlink,
+ post_symlink: owlsm_inode_post_symlink,
+ mkdir: owlsm_inode_mkdir,
+ post_mkdir: owlsm_inode_post_mkdir,
+ rmdir: owlsm_inode_rmdir,
+ mknod: owlsm_inode_mknod,
+ post_mknod: owlsm_inode_post_mknod,
+ rename: owlsm_inode_rename,
+ post_rename: owlsm_inode_post_rename,
+ readlink: owlsm_inode_readlink,
+ follow_link: owlsm_inode_follow_link,
+ permission: owlsm_inode_permission,
+ revalidate: owlsm_inode_revalidate,
+ setattr: owlsm_inode_setattr,
+ stat: owlsm_inode_stat,
+ post_lookup: owlsm_post_lookup,
+ delete: owlsm_delete,
+ setxattr: owlsm_inode_setxattr,
+ getxattr: owlsm_inode_getxattr,
+ listxattr: owlsm_inode_listxattr,
+ removexattr: owlsm_inode_removexattr,
+};
+
+static struct file_security_ops owlsm_file_ops = {
+ permission: owlsm_file_permission,
+ alloc_security: owlsm_file_alloc_security,
+ free_security: owlsm_file_free_security,
+ llseek: owlsm_file_llseek,
+ ioctl: owlsm_file_ioctl,
+ mmap: owlsm_file_mmap,
+ mprotect: owlsm_file_mprotect,
+ lock: owlsm_file_lock,
+ fcntl: owlsm_file_fcntl,
+ set_fowner: owlsm_file_set_fowner,
+ send_sigiotask: owlsm_file_send_sigiotask,
+ receive: owlsm_file_receive,
+};
+
+static struct task_security_ops owlsm_task_ops = {
+ create: owlsm_task_create,
+ alloc_security: owlsm_task_alloc_security,
+ free_security: owlsm_task_free_security,
+ setuid: owlsm_task_setuid,
+ post_setuid: owlsm_task_post_setuid,
+ setgid: owlsm_task_setgid,
+ setpgid: owlsm_task_setpgid,
+ getpgid: owlsm_task_getpgid,
+ getsid: owlsm_task_getsid,
+ setgroups: owlsm_task_setgroups,
+ setnice: owlsm_task_setnice,
+ setrlimit: owlsm_task_setrlimit,
+ setscheduler: owlsm_task_setscheduler,
+ getscheduler: owlsm_task_getscheduler,
+ wait: owlsm_task_wait,
+ kill: owlsm_task_kill,
+ prctl: owlsm_task_prctl,
+ kmod_set_label: owlsm_task_kmod_set_label,
+};
+
+static struct socket_security_ops owlsm_socket_ops = {
+ create: owlsm_socket_create,
+ post_create: owlsm_socket_post_create,
+ bind: owlsm_socket_bind,
+ connect: owlsm_socket_connect,
+ listen: owlsm_socket_listen,
+ accept: owlsm_socket_accept,
+ sendmsg: owlsm_socket_sendmsg,
+ recvmsg: owlsm_socket_recvmsg,
+ getsockname: owlsm_socket_getsockname,
+ getpeername: owlsm_socket_getpeername,
+ getsockopt: owlsm_socket_getsockopt,
+ setsockopt: owlsm_socket_setsockopt,
+ shutdown: owlsm_socket_shutdown,
+ sock_rcv_skb: owlsm_socket_sock_rcv_skb,
+ unix_stream_connect: owlsm_socket_unix_stream_connect,
+ unix_may_send: owlsm_socket_unix_may_send,
+};
+
+static struct skb_security_ops owlsm_skb_ops = {
+ alloc_security: owlsm_skb_alloc_security,
+ clone: owlsm_skb_clone,
+ copy: owlsm_skb_copy,
+ set_owner_w: owlsm_skb_set_owner_w,
+ free_security: owlsm_skb_free_security,
+};
+
+static struct ip_security_ops owlsm_ip_ops = {
+ preroute_first: owlsm_ip_preroute_first,
+ preroute_last: owlsm_ip_preroute_last,
+ input_first: owlsm_ip_input_first,
+ input_last: owlsm_ip_input_last,
+ forward_first: owlsm_ip_forward_first,
+ forward_last: owlsm_ip_forward_last,
+ output_first: owlsm_ip_output_first,
+ output_last: owlsm_ip_output_last,
+ postroute_first: owlsm_ip_postroute_first,
+ postroute_last: owlsm_ip_postroute_last,
+ fragment: owlsm_ip_fragment,
+ defragment: owlsm_ip_defragment,
+ encapsulate: owlsm_ip_encapsulate,
+ decapsulate: owlsm_ip_decapsulate,
+ decode_options: owlsm_decode_options,
+};
+
+static struct netdev_security_ops owlsm_netdev_ops = {
+ unregister: owlsm_netdev_unregister,
+};
+
+static struct module_security_ops owlsm_module_ops = {
+ create_module: owlsm_module_create_module,
+ init_module: owlsm_module_init_module,
+ delete_module: owlsm_module_delete_module,
+
+};
+
+static struct ipc_security_ops owlsm_ipc_ops = {
+ permission: owlsm_ipc_permission,
+ getinfo: owlsm_ipc_getinfo,
+};
+
+static struct msg_msg_security_ops owlsm_msg_ops = {
+ alloc_security: owlsm_msg_msg_alloc_security,
+ free_security: owlsm_msg_msg_free_security,
+};
+
+static struct msg_queue_security_ops owlsm_msg_queue_ops = {
+ alloc_security: owlsm_msg_queue_alloc_security,
+ free_security: owlsm_msg_queue_free_security,
+ associate: owlsm_msg_queue_associate,
+ msgctl: owlsm_msg_queue_msgctl,
+ msgsnd: owlsm_msg_queue_msgsnd,
+ msgrcv: owlsm_msg_queue_msgrcv,
+};
+
+static struct shm_security_ops owlsm_shm_ops = {
+ alloc_security: owlsm_shm_alloc_security,
+ free_security: owlsm_shm_free_security,
+ associate: owlsm_shm_associate,
+ shmctl: owlsm_shm_shmctl,
+ shmat: owlsm_shm_shmat,
+};
+
+static struct sem_security_ops owlsm_sem_ops = {
+ alloc_security: owlsm_sem_alloc_security,
+ free_security: owlsm_sem_free_security,
+ associate: owlsm_sem_associate,
+ semctl: owlsm_sem_semctl,
+ semop: owlsm_sem_semop,
+};
+
+static struct security_operations owlsm_ops = {
+ sethostname: owlsm_sethostname,
+ setdomainname: owlsm_setdomainname,
+ reboot: owlsm_reboot,
+ ioperm: owlsm_ioperm,
+ iopl: owlsm_iopl,
+ ptrace: owlsm_ptrace,
+ capget: owlsm_capget,
+ capset_check: owlsm_capset_check,
+ capset_set: owlsm_capset_set,
+ acct: owlsm_acct,
+ sysctl: owlsm_sysctl,
+ capable: owlsm_capable,
+ sys_security: owlsm_sys_security,
+ swapon: owlsm_swapon,
+ swapoff: owlsm_swapoff,
+ nfsservctl: owlsm_nfsservctl,
+ quotactl: owlsm_quotactl,
+ quota_on: owlsm_quota_on,
+ bdflush: owlsm_bdflush,
+ syslog: owlsm_syslog,
+ netlink_send: owlsm_netlink_send,
+ netlink_recv: owlsm_netlink_recv,
+
+ bprm_ops: &owlsm_binprm_ops,
+ sb_ops: &owlsm_sb_ops,
+ inode_ops: &owlsm_inode_ops,
+ file_ops: &owlsm_file_ops,
+ task_ops: &owlsm_task_ops,
+ socket_ops: &owlsm_socket_ops,
+ skb_ops: &owlsm_skb_ops,
+ ip_ops: &owlsm_ip_ops,
+ netdev_ops: &owlsm_netdev_ops,
+ module_ops: &owlsm_module_ops,
+ ipc_ops: &owlsm_ipc_ops,
+ msg_msg_ops: &owlsm_msg_ops,
+ msg_queue_ops: &owlsm_msg_queue_ops,
+ shm_ops: &owlsm_shm_ops,
+ sem_ops: &owlsm_sem_ops,
+
+ register_security: owlsm_register,
+ unregister_security: owlsm_unregister,
+};
+
+#if defined(CONFIG_SECURITY_owlsm_MODULE)
+#define MY_NAME THIS_MODULE->name
+#else
+#define MY_NAME "owlsm"
+#endif
+
+static int __init owlsm_init (void)
+{
+ /* register ourselves with the security framework */
+ if (register_security (&owlsm_ops)) {
+ printk (KERN_INFO
+ "Failure registering owlsm module with the kernel\n");
+ /* try registering with primary module */
+ if (mod_reg_security (MY_NAME, &owlsm_ops)) {
+ printk (KERN_INFO "Failure registering owlsm module "
+ "with primary security module.\n");
+ return -EINVAL;
+ }
+ secondary = 1;
+ }
+ printk(KERN_INFO "owlsm LSM initialized\n");
+ return 0;
+}
+
+static void __exit owlsm_exit (void)
+{
+ /* remove ourselves from the security framework */
+ if (secondary) {
+ if (mod_unreg_security (MY_NAME, &owlsm_ops))
+ printk (KERN_INFO "Failure unregistering owlsm module "
+ "with primary module.\n");
+ return;
+ }
+
+ if (unregister_security (&owlsm_ops)) {
+ printk (KERN_INFO
+ "Failure unregistering owlsm module with the kernel\n");
+ }
+}
+
+module_init (owlsm_init);
+module_exit (owlsm_exit);
+
+MODULE_DESCRIPTION("LSM implementation of the Openwall kernel patch");
+MODULE_LICENSE("GPL");
diff --minimal -Nru a/security/owlsm.h b/security/owlsm.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/owlsm.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,277 @@
+#ifndef _OWLSM_H
+#define _OWLSM_H
+
+/*
+ * This is NOT Openwall, however, it is some of the Openwall functionality
+ * ported to LSM. For more information regarding the Openwall project
+ * can be found at http://www.openwall.com/
+ */
+
+#include <linux/config.h>
+#include <linux/major.h>
+
+#define security_alert(normal_msg, flood_msg, args...) \
+({ \
+ static unsigned long warning_time = 0, no_flood_yet = 0; \
+ static spinlock_t security_alert_lock = SPIN_LOCK_UNLOCKED; \
+ \
+ spin_lock(&security_alert_lock); \
+ \
+/* Make sure at least one minute passed since the last warning logged */\
+ if (!warning_time || jiffies - warning_time > 60 * HZ) { \
+ warning_time = jiffies; no_flood_yet = 1; \
+ printk(KERN_ALERT "Security: " normal_msg "\n", ## args);\
+ } else if (no_flood_yet) { \
+ warning_time = jiffies; no_flood_yet = 0; \
+ printk(KERN_ALERT "Security: more " flood_msg \
+ ", logging disabled for a minute\n"); \
+ } \
+ \
+ spin_unlock(&security_alert_lock); \
+})
+
+/*
+ * Conditional defines for Openwall LSM helper functions
+ */
+
+#ifdef CONFIG_OWLSM_RLIMIT_NPROC
+static inline int do_owlsm_exec_rlimit(struct linux_binprm *bprm)
+{
+ /*
+ * This check is similar to that done in kernel/fork.c, except
+ * that we are not going to allocate a new task slot here.
+ *
+ * Note that we can only exceed the limit if our UID has changed.
+ */
+ if (current->user) {
+ if (atomic_read(¤t->user->processes)
+ > current->rlim[RLIMIT_NPROC].rlim_cur) {
+ return -EAGAIN;
+ }
+ }
+ return 0;
+}
+#else
+static inline int do_owlsm_exec_rlimit(struct linux_binprm *bprm)
+{
+ return 0;
+}
+#endif /* CONFIG_OWLSM_RLIMIT_NPROC */
+
+#ifdef CONFIG_OWLSM_LINK
+/*
+ * Don't allow users to create hard links to files they don't own,
+ * unless they have CAP_FOWNER.
+ *
+ * The last two checks are here as a workaround for atd(8), to be
+ * removed one day.
+ */
+static inline int do_owlsm_link(struct dentry *old_dentry, struct inode *inode,
+ struct dentry *new_dentry)
+{
+ struct inode* i = old_dentry->d_inode;
+
+ if (current->fsuid != i->i_uid && !capable(CAP_FOWNER) &&
+ current->uid != i->i_uid && current->uid) {
+ security_alert("denied hard link to %d.%d "
+ "for UID %d, EUID %d, process %s:%d",
+ "hard links denied", i->i_uid, i->i_gid,
+ current->uid, current->euid,
+ current->comm, current->pid);
+ return -EPERM;
+ }
+ return 0;
+
+}
+
+/*
+ * Don't follow links that we don't own in +t
+ * directories, unless the link is owned by the
+ * owner of the directory.
+ */
+static inline int do_owlsm_follow_link(struct dentry *dentry,
+ struct nameidata *nameidata)
+{
+ struct inode *inode = dentry->d_inode;
+ struct inode *parent = dentry->d_parent->d_inode;
+ if (S_ISLNK(inode->i_mode) &&
+ (parent->i_mode & S_ISVTX) &&
+ inode->i_uid != parent->i_uid &&
+ current->fsuid != inode->i_uid) {
+ security_alert("not followed symlink of %d.%d "
+ "by UID %d, EUID %d, process %s:%d",
+ "symlinks not followed",
+ inode->i_uid, inode->i_gid,
+ current->uid, current->euid,
+ current->comm, current->pid);
+ return -EPERM;
+ }
+ return 0;
+}
+#else
+static inline int do_owlsm_link(struct dentry *old_dentry, struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+static inline int do_owlsm_follow_link(struct dentry *dentry,
+ struct nameidata *nameidata)
+{
+ return 0;
+}
+#endif /* CONFIG_OWLSM_LINK */
+
+#ifdef CONFIG_OWLSM_FD
+/* Helper struct and functions for OWLSM_FD */
+
+struct secure_fds {
+ int fd_mask;
+ int priv_change;
+ struct file *fd_null;
+};
+
+static inline int tweak_fd_open_null(struct linux_binprm *bprm)
+{
+ int dev;
+ struct inode *i;
+ struct dentry *d;
+ struct file *f;
+ struct secure_fds *sfds = (struct secure_fds *) bprm->security;
+
+ if(!(i = get_empty_inode()))
+ return -ENOMEM;
+ if(!(d = dget(d_alloc_root(i)))) {
+ iput(i);
+ return -ENOMEM;
+ }
+ if(!(f = get_empty_filp())) {
+ dput(d);
+ iput(i);
+ return -ENFILE;
+ }
+
+ dev = MKDEV(MEM_MAJOR, 3); /* /dev/null */
+
+ i->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
+ i->i_uid = current->fsuid;
+ i->i_gid = current->fsgid;
+ i->i_blksize = PAGE_SIZE;
+ i->i_blocks = 0;
+ i->i_atime = i->i_mtime = i->i_ctime = CURRENT_TIME;
+ i->i_op = &page_symlink_inode_operations;
+ i->i_state = I_DIRTY; /* so that mark_inode_dirty() won't touch us */
+
+ f->f_flags = O_RDWR;
+ f->f_mode = FMODE_READ | FMODE_WRITE;
+ f->f_dentry = d;
+ f->f_pos = 0;
+ f->f_reada = 0;
+
+ init_special_inode(i, i->i_mode, dev);
+ i->i_fop->open(i, f);
+ sfds->fd_null = f;
+ return 0;
+}
+
+static int tweak_fd_0_1_2(struct linux_binprm *bprm)
+{
+ int fd, new, retval;
+ struct secure_fds *sfds = (struct secure_fds *) bprm->security;
+ struct file *f = (struct file *) sfds->fd_null;
+
+ for(fd = 0 ; fd <= 2 ; fd++) {
+ if(current->files->fd[fd]) continue;
+
+ if((new = get_unused_fd()) != fd) {
+ if(new >= 0) put_unused_fd(new);
+ return -EMFILE;
+ }
+ if(f) {
+ atomic_inc(&f->f_count);
+ } else {
+ if((retval = tweak_fd_open_null(bprm))) {
+ return retval;
+ }
+ }
+
+ fd_install(fd, sfds->fd_null);
+ sfds->fd_mask |= 1 << fd;
+ }
+ return 0;
+}
+
+/* End helper stuff */
+
+static inline int do_owlsm_sfd_alloc(struct linux_binprm *bprm)
+{
+ struct secure_fds *s_fds;
+
+ s_fds = kmalloc(sizeof(struct secure_fds), GFP_KERNEL);
+ if (!s_fds)
+ return -ENOMEM;
+
+ s_fds->fd_mask = 0;
+ s_fds->fd_null = NULL;
+ s_fds->priv_change = 0;
+ bprm->security = (void *)s_fds;
+ return 0;
+}
+
+static inline int do_owlsm_sfd_set(struct linux_binprm *bprm)
+{
+ struct secure_fds *s_fds = (struct secure_fds *)bprm->security;
+
+ if (bprm->e_uid != current->euid || !in_group_p(bprm->e_gid)) {
+ s_fds->priv_change = 1;
+ return tweak_fd_0_1_2(bprm);
+ }
+ return 0;
+}
+
+static inline void do_owlsm_sfd_free(struct linux_binprm *bprm)
+{
+ int i;
+ struct secure_fds *s_fds = ( struct secure_fds *) &bprm->security;
+
+ if (s_fds->fd_mask) {
+ for (i = 0; i <= 2; i++) {
+ if ( s_fds->fd_mask & (1 << i ))
+ (void) sys_close(i);
+ }
+ }
+
+ kfree(bprm->security);
+}
+
+static inline void do_owlsm_sfd_compute(struct linux_binprm *bprm)
+{
+ struct secure_fds *sfds = (struct secure_fds *) bprm->security;
+
+ /* Take care of close-on-exec files */
+ if ( sfds->priv_change ) {
+ (void) tweak_fd_0_1_2(bprm);
+ }
+}
+#else
+static inline int do_owlsm_sfd_alloc (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static inline void do_owlsm_sfd_free(struct linux_binprm *bprm)
+{
+ return;
+}
+
+static inline int do_owlsm_sfd_set (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static inline void do_owlsm_sfd_compute (struct linux_binprm *bprm)
+{
+ return;
+}
+#endif /* CONFIG_OWLSM_FD */
+
+#endif /* _OWLSM_H */
diff --minimal -Nru a/security/security.c b/security/security.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/security.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,260 @@
+/*
+ * Security plug functions
+ *
+ * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
+ * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/security.h>
+
+#define SECURITY_SCAFFOLD_VERSION "1.0.0"
+
+extern struct security_operations dummy_security_ops; /* lives in dummy.c */
+
+struct security_operations *security_ops; /* Initialized to NULL */
+
+/* This macro checks that all pointers in a struct are non-NULL. It
+ * can be fooled by struct padding for object tile alignment and when
+ * pointers to data and pointers to functions aren't the same size.
+ * Yes it's ugly, we'll replace it if it becomes a problem.
+ */
+#define VERIFY_STRUCT(struct_type, s, e) \
+ do { \
+ unsigned long * __start = (unsigned long *)(s); \
+ unsigned long * __end = __start + \
+ sizeof(struct_type)/sizeof(unsigned long *); \
+ while (__start != __end) { \
+ if (!*__start) { \
+ printk(KERN_INFO "%s is missing something\n",\
+ #struct_type); \
+ e++; \
+ break; \
+ } \
+ __start++; \
+ } \
+ } while (0)
+
+static int inline verify (struct security_operations *ops)
+{
+ int err;
+
+ /* verify the security_operations structure exists */
+ if (!ops) {
+ printk (KERN_INFO "Passed a NULL security_operations "
+ "pointer, " __FUNCTION__ " failed.\n");
+ return -EINVAL;
+ }
+
+ /* Perform a little sanity checking on our inputs */
+ err = 0;
+
+ /* This first check scans the whole security_ops struct for
+ * missing structs or functions.
+ */
+ VERIFY_STRUCT(struct security_operations, ops, err);
+
+ VERIFY_STRUCT(struct binprm_security_ops, ops->bprm_ops, err);
+ VERIFY_STRUCT(struct super_block_security_ops, ops->sb_ops, err);
+ VERIFY_STRUCT(struct inode_security_ops, ops->inode_ops, err);
+ VERIFY_STRUCT(struct file_security_ops, ops->file_ops, err);
+ VERIFY_STRUCT(struct task_security_ops, ops->task_ops, err);
+ VERIFY_STRUCT(struct socket_security_ops, ops->socket_ops, err);
+ VERIFY_STRUCT(struct skb_security_ops, ops->skb_ops, err);
+ VERIFY_STRUCT(struct ip_security_ops, ops->ip_ops, err);
+ VERIFY_STRUCT(struct netdev_security_ops, ops->netdev_ops, err);
+ VERIFY_STRUCT(struct module_security_ops, ops->module_ops, err);
+ VERIFY_STRUCT(struct ipc_security_ops, ops->ipc_ops, err);
+ VERIFY_STRUCT(struct msg_msg_security_ops, ops->msg_msg_ops, err);
+ VERIFY_STRUCT(struct msg_queue_security_ops, ops->msg_queue_ops, err);
+ VERIFY_STRUCT(struct shm_security_ops, ops->shm_ops, err);
+ VERIFY_STRUCT(struct sem_security_ops, ops->sem_ops, err);
+
+ if (err) {
+ printk (KERN_INFO "Not enough functions specified in the "
+ "security_operation structure, " __FUNCTION__
+ " failed.\n");
+ return -EINVAL;
+ }
+ return 0;
+}
+
+/**
+ * security_scaffolding_startup - initialzes the security scaffolding framework
+ *
+ * This should be called early in the kernel initialization sequence.
+ */
+int security_scaffolding_startup (void)
+{
+ printk (KERN_INFO "Security Scaffold v" SECURITY_SCAFFOLD_VERSION
+ " initialized\n");
+
+ security_ops = &dummy_security_ops;
+
+ return 0;
+}
+
+/**
+ * register_security - registers a security framework with the kernel
+ * @ops: a pointer to the struct security_options that is to be registered
+ *
+ * This function is to allow a security module to register itself with the
+ * kernel security subsystem. Some rudimentary checking is done on the @ops
+ * value passed to this function. A call to unregister_security() should be
+ * done to remove this security_options structure from the kernel.
+ *
+ * If the @ops structure does not contain function pointers for all hooks in
+ * the structure, or there is already a security module registered with the
+ * kernel, an error will be returned. Otherwise 0 is returned on success.
+ */
+int register_security (struct security_operations *ops)
+{
+
+ if (verify (ops)) {
+ printk (KERN_INFO __FUNCTION__ " could not verify "
+ "security_operations structure.\n");
+ return -EINVAL;
+ }
+ if (security_ops != &dummy_security_ops) {
+ printk (KERN_INFO "There is already a security "
+ "framework initialized, " __FUNCTION__ " failed.\n");
+ return -EINVAL;
+ }
+
+ security_ops = ops;
+
+ return 0;
+}
+
+/**
+ * unregister_security - unregisters a security framework with the kernel
+ * @ops: a pointer to the struct security_options that is to be registered
+ *
+ * This function removes a struct security_operations variable that had
+ * previously been registered with a successful call to register_security().
+ *
+ * If @ops does not match the valued previously passed to register_security()
+ * an error is returned. Otherwise the default security options is set to the
+ * the dummy_security_ops structure, and 0 is returned.
+ */
+int unregister_security (struct security_operations *ops)
+{
+ if (ops != security_ops) {
+ printk (KERN_INFO __FUNCTION__ ": trying to unregister "
+ "a security_opts structure that is not "
+ "registered, failing.\n");
+ return -EINVAL;
+ }
+
+ security_ops = &dummy_security_ops;
+
+ return 0;
+}
+
+/**
+ * mod_reg_security - allows security modules to be "stacked"
+ * @name: a pointer to a string with the name of the security_options to be registered
+ * @ops: a pointer to the struct security_options that is to be registered
+ *
+ * This function allows security modules to be stacked if the currently loaded
+ * security module allows this to happen. It passes the @name and @ops to the
+ * register_security function of the currently loaded security module.
+ *
+ * The return value depends on the currently loaded security module, with 0 as
+ * success.
+ */
+int mod_reg_security (const char *name, struct security_operations *ops)
+{
+ if (verify (ops)) {
+ printk (KERN_INFO __FUNCTION__ " could not verify "
+ "security operations.\n");
+ return -EINVAL;
+ }
+
+ if (ops == security_ops) {
+ printk (KERN_INFO __FUNCTION__ " security operations "
+ "already registered.\n");
+ return -EINVAL;
+ }
+
+ return security_ops->register_security (name, ops);
+}
+
+/**
+ * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
+ * @name: a pointer to a string with the name of the security_options to be removed
+ * @ops: a pointer to the struct security_options that is to be removed
+ *
+ * This function allows security modules that have been successfully registered
+ * with a call to mod_reg_security() to be unloaded from the system.
+ * This calls the currently loaded security module's unregister_security() call
+ * with the @name and @ops variables.
+ *
+ * The return value depends on the currently loaded security module, with 0 as
+ * success.
+ */
+int mod_unreg_security (const char *name, struct security_operations *ops)
+{
+ if (ops == security_ops) {
+ printk (KERN_INFO __FUNCTION__ " invalid attempt to unregister "
+ " primary security ops.\n");
+ return -EINVAL;
+ }
+
+ return security_ops->unregister_security (name, ops);
+}
+
+/**
+ * capable - calls the currently loaded security module's capable() function with the specified capability
+ * @cap: the requested capability level.
+ *
+ * This function calls the currently loaded security module's cabable()
+ * function with a pointer to the current task and the specified @cap value.
+ *
+ * This allows the security module to implement the capable function call
+ * however it chooses to.
+ */
+int capable (int cap)
+{
+ if (security_ops->capable (current, cap)) {
+ /* capability denied */
+ return 0;
+ }
+
+ /* capability granted */
+ current->flags |= PF_SUPERPRIV;
+ return 1;
+}
+
+/**
+ * sys_security - security syscall multiplexor.
+ * @id: module id
+ * @call: call identifier
+ * @args: arg list for call
+ *
+ * Similar to sys_socketcall. Can use id to help identify which module user
+ * app is talking to.
+ *
+ */
+asmlinkage long sys_security (unsigned int id, unsigned int call,
+ unsigned long *args)
+{
+ return security_ops->sys_security (id, call, args);
+}
+
+EXPORT_SYMBOL (register_security);
+EXPORT_SYMBOL (unregister_security);
+EXPORT_SYMBOL (mod_reg_security);
+EXPORT_SYMBOL (mod_unreg_security);
+EXPORT_SYMBOL (capable);
+EXPORT_SYMBOL (security_ops);
diff --minimal -Nru a/security/selinux/Config.help b/security/selinux/Config.help
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/Config.help Tue Feb 12 18:59:50 2002
@@ -0,0 +1,41 @@
+CONFIG_SECURITY_SELINUX
+ This enables the NSA Security-Enhanced Linux (SELinux) security module,
+ which provides fine-grained and flexible nondiscretionary access
+ controls, including support for a generalization of Type Enforcement,
+ Role-Based Access Control and optionally Multi-Level Security. To use
+ this security module, you should obtain the SELinux archive from
+ http://www.nsa.gov/selinux and follow the README instructions in it.
+ That archive provides additional components needed by SELinux, such as
+ the checkpolicy policy compiler, the example security policy
+ configuration, the setfiles file labeling utility, the example
+ file_contexts configuration, and a set of new and modified daemons and
+ utility programs extended to deal with security contexts.
+ If you want to use SELinux, say Y here. Although you can enable
+ SELinux as a module, we don't recommend it. You should also enable
+ the Capabilities security module and the NetFilter-based IP networking
+ hooks.
+
+CONFIG_SECURITY_SELINUX_DEVELOP
+ This causes the NSA SELinux security module to be built as a
+ development module. The development module starts in permissive mode,
+ logging permission failures but not enforcing them. You can use
+ permissive mode in order to determine what additional permissions are
+ needed for your particular system and can then revise your policy
+ configuration accordingly. You can subseqently run the avc_toggle
+ program to switch into enforcing mode. Once in enforcing mode, you can
+ only switch back to permissive mode if authorized by the policy (in the
+ example policy, only the administrator role can do this). Once you are
+ satisfied that your policy configuration is sufficient for your system,
+ you should either run avc_toggle from an rc script to switch into
+ enforcing mode during initialization, or you should rebuild the kernel
+ without this option so that it is always in enforcing mode. The first
+ option leaves open the possibility of switching back to permissive mode
+ by an administrator, while the latter option provides stricter security.
+ If unsure, say Y.
+
+CONFIG_SECURITY_SELINUX_MLS
+ This enables the Multi-Level Security (MLS) policy component in the NSA
+ SELinux security module. This policy component is considered
+ experimental and has not been configured for use. If you want to
+ experiment with it, see the README.MLS file in the SELinux archive.
+ If unsure, say N.
diff --minimal -Nru a/security/selinux/Config.in b/security/selinux/Config.in
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/Config.in Tue Feb 12 18:59:50 2002
@@ -0,0 +1,7 @@
+tristate 'NSA SELinux Support' CONFIG_SECURITY_SELINUX
+if [ "$CONFIG_SECURITY_SELINUX" != "n" ]; then
+ bool ' NSA SELinux Development Module' CONFIG_SECURITY_SELINUX_DEVELOP
+ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+ bool ' NSA SELinux MLS policy (EXPERIMENTAL)' CONFIG_SECURITY_SELINUX_MLS
+ fi
+fi
diff --minimal -Nru a/security/selinux/Makefile b/security/selinux/Makefile
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/Makefile Tue Feb 12 18:59:50 2002
@@ -0,0 +1,29 @@
+#
+# Makefile for building the SELinux module as part of the kernel tree.
+#
+
+O_TARGET := selinux-obj.o
+
+subdir-$(CONFIG_SELINUX) := flask ss
+
+selinux-objs := avc.o psid.o hooks.o syscalls.o ss.o
+
+obj-y := $(selinux-objs)
+obj-m := $(O_TARGET)
+
+EXTRA_CFLAGS += -Iinclude
+
+ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/)
+
+include $(TOPDIR)/Rules.make
+
+ss.o:
+ make -C ss ss.o
+ cp ss/ss.o ss.o
+
+symlinks:
+ rm -f include/asm arch/machine
+ (cd include; ln -sf asm-$(ARCH) asm)
+
+fastdep: symlinks
+
diff --minimal -Nru a/security/selinux/Makefile.in b/security/selinux/Makefile.in
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/Makefile.in Tue Feb 12 18:59:50 2002
@@ -0,0 +1,16 @@
+
+# Beginnings of a kbuild-2.5 makefile --- offer@sgi.com
+
+KBUILD_INCLUDE_PATHS=security/selinux/include
+
+objlink(CONFIG_SECURITY_SELINUX selinux-obj.o \
+ avc.o psid.o \
+ hooks.o \
+ syscalls.o ss/ss.o)
+
+extra_cflags_all(-Isecurity/selinux/include)
+
+link_subdirs(ss)
+
+select(CONFIG_Y CONFIG_SECURITY_SELINUX selinux-obj.o)
+
diff --minimal -Nru a/security/selinux/avc.c b/security/selinux/avc.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/avc.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1146 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author: Stephen Smalley, NAI Labs, <ssmalley@nai.com>
+ *
+ * The access vector cache was originally written while I was employed by NSA,
+ * and has undergone some revisions since I joined NAI Labs, but is largely
+ * unchanged.
+ */
+
+/*
+ * Implementation of the kernel access vector cache (AVC).
+ */
+
+#include <linux/types.h>
+#include <linux/flask/avc.h>
+#include <linux/flask/avc_ss.h>
+#include <linux/flask/class_to_string.h>
+#include <linux/flask/common_perm_to_string.h>
+#include <linux/flask/av_inherit.h>
+#include <linux/flask/av_perm_to_string.h>
+#include <linux/stddef.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/fs.h>
+#include <linux/dcache.h>
+#include <linux/skbuff.h>
+#include <net/sock.h>
+#include <linux/un.h>
+#include <net/af_unix.h>
+#include <linux/ip.h>
+#include <linux/udp.h>
+#include <linux/tcp.h>
+#include "selinux_plug.h"
+
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+int avc_debug_always_allow = 1;
+#endif
+
+spinlock_t avc_lock = SPIN_LOCK_UNLOCKED;
+
+typedef struct avc_node {
+ struct avc_entry ae;
+ struct avc_node *next;
+} avc_node_t;
+
+static struct avc_node *avc_node_freelist = NULL;
+
+#define AVC_CACHE_SLOTS 512
+#define AVC_CACHE_MAXNODES 410
+
+typedef struct {
+ avc_node_t *slots[AVC_CACHE_SLOTS];
+ __u32 lru_hint; /* LRU hint for reclaim scan */
+ __u32 activeNodes;
+ __u32 latest_notif; /* latest revocation notification */
+} avc_cache_t;
+
+
+static avc_cache_t avc_cache;
+
+#define AVC_HASH(ssid,tsid,tclass) \
+((ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1))
+
+static char *avc_audit_buffer = NULL;
+
+unsigned avc_cache_stats[AVC_NSTATS];
+
+/*
+ * Display the cache statistics
+ */
+void avc_dump_stats(char *tag)
+{
+ printk("%s avc: entry: %d lookups == %d hits + %d misses (%d discards)\n",
+ tag,
+ avc_cache_stats[AVC_ENTRY_LOOKUPS],
+ avc_cache_stats[AVC_ENTRY_HITS],
+ avc_cache_stats[AVC_ENTRY_MISSES],
+ avc_cache_stats[AVC_ENTRY_DISCARDS]);
+
+ printk("%s avc: cav: %d lookups == %d hits + %d misses\n",
+ tag,
+ avc_cache_stats[AVC_CAV_LOOKUPS],
+ avc_cache_stats[AVC_CAV_HITS],
+ avc_cache_stats[AVC_CAV_MISSES]);
+
+ printk("%s avc: cav: %d/%d probe/hit ratio\n",
+ tag,
+ avc_cache_stats[AVC_CAV_PROBES],
+ avc_cache_stats[AVC_CAV_HITS]);
+}
+
+
+/*
+ * Display an access vector in human-readable form.
+ */
+void avc_dump_av(
+ security_class_t tclass,
+ access_vector_t av)
+{
+ char **common_pts = 0;
+ access_vector_t common_base = 0;
+ int i, i2, perm;
+
+
+ if (av == 0) {
+ printk(" null");
+ return;
+ }
+
+ for (i = 0; i < AV_INHERIT_SIZE; i++) {
+ if (av_inherit[i].tclass == tclass) {
+ common_pts = av_inherit[i].common_pts;
+ common_base = av_inherit[i].common_base;
+ break;
+ }
+ }
+
+ printk(" {");
+ i = 0;
+ perm = 1;
+ while (perm < common_base) {
+ if (perm & av)
+ printk(" %s", common_pts[i]);
+ i++;
+ perm <<= 1;
+ }
+
+ while (i < sizeof(access_vector_t) * 8) {
+ if (perm & av) {
+ for (i2 = 0; i2 < AV_PERM_TO_STRING_SIZE; i2++) {
+ if ((av_perm_to_string[i2].tclass == tclass) &&
+ (av_perm_to_string[i2].value == perm))
+ break;
+ }
+ if (i2 < AV_PERM_TO_STRING_SIZE)
+ printk(" %s", av_perm_to_string[i2].name);
+ }
+ i++;
+ perm <<= 1;
+ }
+
+ printk(" }");
+}
+
+
+/*
+ * Display a SID pair and a class in human-readable form.
+ */
+void avc_dump_query(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass) /* IN */
+{
+ int rc;
+ security_context_t scontext;
+ __u32 scontext_len;
+
+ rc = security_sid_to_context(ssid, &scontext, &scontext_len);
+ if (rc)
+ printk("ssid=%d", ssid);
+ else {
+ printk("scontext=%s", scontext);
+ kfree(scontext);
+ }
+
+ rc = security_sid_to_context(tsid, &scontext, &scontext_len);
+ if (rc)
+ printk(" tsid=%d", tsid);
+ else {
+ printk(" tcontext=%s", scontext);
+ kfree(scontext);
+ }
+ printk(" tclass=%s", class_to_string[tclass]);
+}
+
+
+/*
+ * Initialize the cache.
+ */
+void avc_init(void)
+{
+ avc_node_t *new;
+ int i;
+
+ for (i = 0; i < AVC_NSTATS; i++)
+ avc_cache_stats[i] = 0;
+
+ for (i = 0; i < AVC_CACHE_SLOTS; i++)
+ avc_cache.slots[i] = 0;
+ avc_cache.lru_hint = 0;
+ avc_cache.activeNodes = 0;
+ avc_cache.latest_notif = 0;
+
+ for (i = 0; i < AVC_CACHE_MAXNODES; i++) {
+ new = (avc_node_t *) kmalloc(sizeof(avc_node_t),
+ GFP_ATOMIC);
+ if (!new) {
+ printk("avc: only able to allocate %d entries\n", i);
+ break;
+ }
+ memset(new, 0, sizeof(avc_node_t));
+ new->next = avc_node_freelist;
+ avc_node_freelist = new;
+ }
+
+ printk("AVC: allocated %d bytes during initialization.\n",
+ i * sizeof(avc_node_t));
+
+ avc_audit_buffer = (char *)__get_free_page(GFP_ATOMIC);
+ if (!avc_audit_buffer)
+ panic("AVC: unable to allocate audit buffer\n");
+}
+
+#if 0
+static void avc_hash_eval(char *tag)
+{
+ int i, chain_len, max_chain_len, slots_used;
+ avc_node_t *node;
+
+ spin_lock(&avc_lock);
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ node = avc_cache.slots[i];
+ if (node) {
+ slots_used++;
+ chain_len = 0;
+ while (node) {
+ chain_len++;
+ node = node->next;
+ }
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ spin_unlock(&avc_lock);
+
+ printk("\n%s avc: %d entries and %d/%d buckets used, longest chain length %d\n",
+ tag, avc_cache.activeNodes, slots_used, AVC_CACHE_SLOTS, max_chain_len);
+}
+#else
+#define avc_hash_eval(t)
+#endif
+
+/*
+ * Display the contents of the cache in human-readable form.
+ */
+void avc_dump_cache(char *tag)
+{
+ int i, chain_len, max_chain_len, slots_used;
+ avc_node_t *node;
+
+ avc_dump_stats(tag);
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ node = avc_cache.slots[i];
+ if (node) {
+ printk("\n%s avc: slot %d:\n", tag, i);
+ slots_used++;
+ chain_len = 0;
+ while (node) {
+ avc_dump_query(node->ae.ssid, node->ae.tsid, node->ae.tclass);
+ printk(" allowed");
+ avc_dump_av(node->ae.tclass, node->ae.allowed);
+ printk("\n");
+
+ chain_len++;
+ node = node->next;
+ }
+
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ printk("\n%s avc: %d entries and %d/%d buckets used, longest chain length %d\n",
+ tag, avc_cache.activeNodes, slots_used, AVC_CACHE_SLOTS, max_chain_len);
+
+ printk("%s avc: latest_notif=%d\n", tag, avc_cache.latest_notif);
+}
+
+
+/*
+ * Reclaim a node from the cache for use.
+ */
+static inline avc_node_t *avc_reclaim_node(void)
+{
+ avc_node_t *prev, *cur;
+ int hvalue, try;
+
+ hvalue = avc_cache.lru_hint;
+ for (try = 0; try < 2; try++) {
+ do {
+ prev = NULL;
+ cur = avc_cache.slots[hvalue];
+ while (cur) {
+ if (!cur->ae.used)
+ goto found;
+
+ cur->ae.used = 0;
+
+ prev = cur;
+ cur = cur->next;
+ }
+ hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1);
+ } while (hvalue != avc_cache.lru_hint);
+ }
+
+ panic("avc_reclaim_node");
+
+found:
+ avc_cache.lru_hint = hvalue;
+
+ if (prev == NULL)
+ avc_cache.slots[hvalue] = cur->next;
+ else
+ prev->next = cur->next;
+
+ return cur;
+}
+
+
+/*
+ * Claim a node for use for a particular
+ * SID pair and class.
+ */
+static inline avc_node_t *avc_claim_node(
+ security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass)
+{
+ avc_node_t *new;
+ int hvalue;
+
+
+ hvalue = AVC_HASH(ssid, tsid, tclass);
+ if (avc_node_freelist) {
+ new = avc_node_freelist;
+ avc_node_freelist = avc_node_freelist->next;
+ avc_cache.activeNodes++;
+ } else {
+ new = avc_reclaim_node();
+ if (!new)
+ return NULL;
+ }
+
+ new->ae.used = 1;
+ new->ae.ssid = ssid;
+ new->ae.tsid = tsid;
+ new->ae.tclass = tclass;
+ new->next = avc_cache.slots[hvalue];
+ avc_cache.slots[hvalue] = new;
+
+ return new;
+}
+
+
+/*
+ * Search for a node that has the specified
+ * SID pair and class.
+ */
+static inline avc_node_t *avc_search_node(
+ security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ int *probes)
+{
+ avc_node_t *cur;
+ int hvalue;
+ int tprobes = 1;
+
+
+ hvalue = AVC_HASH(ssid, tsid, tclass);
+ cur = avc_cache.slots[hvalue];
+ while (cur != NULL &&
+ (ssid != cur->ae.ssid ||
+ tclass != cur->ae.tclass ||
+ tsid != cur->ae.tsid)) {
+ tprobes++;
+ cur = cur->next;
+ }
+
+ if (cur == NULL) {
+ /* cache miss */
+ return NULL;
+ }
+
+ /* cache hit */
+ if (probes)
+ *probes = tprobes;
+
+ cur->ae.used = 1;
+
+ return cur;
+}
+
+
+/*
+ * Look up an AVC entry that is valid for the
+ * `requested' permissions between the SID pair
+ * (`ssid', `tsid'), interpreting the permissions
+ * based on `tclass'. If a valid AVC entry exists,
+ * then this function updates `aeref' to refer to the
+ * entry and returns 0. Otherwise, this function
+ * returns -ENOENT.
+ */
+int avc_lookup(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t requested, /* IN */
+ avc_entry_ref_t *aeref) /* OUT */
+{
+ avc_node_t *node;
+ int probes;
+
+ avc_cache_stats_incr(AVC_CAV_LOOKUPS);
+ node = avc_search_node(ssid, tsid, tclass,&probes);
+
+ if (node && ((node->ae.decided & requested) == requested)) {
+ avc_cache_stats_incr(AVC_CAV_HITS);
+ avc_cache_stats_add(AVC_CAV_PROBES,probes);
+ aeref->ae = &node->ae;
+ return 0;
+ }
+
+ avc_cache_stats_incr(AVC_CAV_MISSES);
+ return -ENOENT;
+}
+
+
+/*
+ * Insert an AVC entry for the SID pair
+ * (`ssid', `tsid') and class `tclass'.
+ * The access vectors and the sequence number are
+ * normally provided by the security server in
+ * response to a security_compute_av call. If the
+ * sequence number `seqno' is not less than the latest
+ * revocation notification, then the function copies
+ * the access vectors into a cache entry, updates
+ * `aeref' to refer to the entry, and returns 0.
+ * Otherwise, this function returns -EAGAIN.
+ */
+int avc_insert(security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ struct avc_entry *ae, /* IN */
+ __u32 seqno, /* IN */
+ avc_entry_ref_t *aeref) /* OUT */
+{
+ avc_node_t *node;
+
+ if (seqno < avc_cache.latest_notif) {
+ printk("avc: seqno %d < latest_notif %d\n", seqno,
+ avc_cache.latest_notif);
+ return -EAGAIN;
+ }
+
+ node = avc_claim_node(ssid, tsid, tclass);
+ if (!node) {
+ return -ENOMEM;
+ }
+
+ node->ae.allowed = ae->allowed;
+ node->ae.decided = ae->decided;
+ node->ae.auditallow = ae->auditallow;
+ node->ae.auditdeny = ae->auditdeny;
+ aeref->ae = &node->ae;
+ return 0;
+}
+
+#define print_ipv4_addr(_addr,_port,_name1,_name2) { \
+ if ((_addr)) \
+ printk(" %s=%d.%d.%d.%d", (_name1), \
+ NIPQUAD((_addr))); \
+ if ((_port)) \
+ printk(" %s=%d", (_name2), ntohs((_port))); \
+ }
+
+
+/*
+ * Copied from fs/dcache.c:d_path and hacked up to
+ * avoid need for vfsmnt, root, and rootmnt parameters.
+ */
+char * avc_d_path(struct dentry *dentry,
+ char *buffer, int buflen)
+{
+ char * end = buffer+buflen;
+ char * retval;
+ int namelen;
+
+ *--end = '\0';
+ buflen--;
+ if (!IS_ROOT(dentry) && list_empty(&dentry->d_hash)) {
+ buflen -= 10;
+ end -= 10;
+ memcpy(end, " (deleted)", 10);
+ }
+
+ /* Get '/' right */
+ retval = end-1;
+ *retval = '/';
+
+ for (;;) {
+ struct dentry * parent;
+
+ if (IS_ROOT(dentry)) {
+ goto global_root;
+ }
+ parent = dentry->d_parent;
+ namelen = dentry->d_name.len;
+ if (!namelen)
+ goto skip;
+ buflen -= namelen + 1;
+ if (buflen < 0)
+ break;
+ end -= namelen;
+ memcpy(end, dentry->d_name.name, namelen);
+ *--end = '/';
+ retval = end;
+skip:
+ dentry = parent;
+ if (!dentry)
+ break;
+ }
+ return retval;
+global_root:
+ namelen = dentry->d_name.len;
+ buflen -= namelen;
+ if (buflen >= 0) {
+ retval -= namelen-1; /* hit the slash */
+ memcpy(retval, dentry->d_name.name, namelen);
+ }
+ return retval;
+}
+
+/*
+ * Copied from net/core/utils.c:net_ratelimit and modified for
+ * use by the AVC audit facility.
+ */
+
+int avc_msg_cost = 5*HZ;
+int avc_msg_burst = 10*5*HZ;
+
+/*
+ * This enforces a rate limit: not more than one kernel message
+ * every 5secs to make a denial-of-service attack impossible.
+ */
+int avc_ratelimit(void)
+{
+ static spinlock_t ratelimit_lock = SPIN_LOCK_UNLOCKED;
+ static unsigned long toks = 10*5*HZ;
+ static unsigned long last_msg;
+ static int missed;
+ unsigned long flags;
+ unsigned long now = jiffies;
+
+ spin_lock_irqsave(&ratelimit_lock, flags);
+ toks += now - last_msg;
+ last_msg = now;
+ if (toks > avc_msg_burst)
+ toks = avc_msg_burst;
+ if (toks >= avc_msg_cost) {
+ int lost = missed;
+ missed = 0;
+ toks -= avc_msg_cost;
+ spin_unlock_irqrestore(&ratelimit_lock, flags);
+ if (lost)
+ printk(KERN_WARNING "AVC: %d messages suppressed.\n", lost);
+ return 1;
+ }
+ missed++;
+ spin_unlock_irqrestore(&ratelimit_lock, flags);
+ return 0;
+}
+
+
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+
+static inline int check_avc_ratelimit(void)
+{
+ if (avc_debug_always_allow)
+ /* If permissive, then never suppress messages. */
+ return 1;
+ else
+ return avc_ratelimit();
+}
+
+#else
+
+static inline int check_avc_ratelimit(void)
+{
+ return avc_ratelimit();
+}
+
+#endif
+
+
+
+/*
+ * Audit the granting or denial of permissions.
+ */
+void avc_audit(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t audited, /* IN */
+ struct avc_entry *ae, /* IN */
+ __u32 denied, /* IN */
+ avc_audit_data_t *a) /* IN */
+{
+ char *p;
+
+ if (!check_avc_ratelimit())
+ return;
+
+ printk("\navc: %s ", denied ? "denied" : "granted");
+ avc_dump_av(tclass,audited);
+ printk(" for ");
+ if (current && current->pid) {
+ printk(" pid=%d", current->pid);
+ if (current->mm) {
+ struct vm_area_struct *vma = current->mm->mmap;
+
+ while (vma) {
+ if ((vma->vm_flags & VM_EXECUTABLE) &&
+ vma->vm_file) {
+ p = d_path(vma->vm_file->f_dentry,
+ vma->vm_file->f_vfsmnt,
+ avc_audit_buffer,
+ PAGE_SIZE);
+ printk(" exe=%s", p);
+ break;
+ }
+ vma = vma->vm_next;
+ }
+ }
+ }
+ if (a) {
+ switch (a->type) {
+ case AVC_AUDIT_DATA_IPC:
+ printk(" IPCID=%d", a->u.ipc_id);
+ break;
+ case AVC_AUDIT_DATA_CAP:
+ printk(" capability=%d", a->u.cap);
+ break;
+ case AVC_AUDIT_DATA_FS:
+ if (a->u.fs.dentry) {
+ struct inode *inode = a->u.fs.dentry->d_inode;
+
+ p = avc_d_path(a->u.fs.dentry,
+ avc_audit_buffer,
+ PAGE_SIZE);
+ if (p)
+ printk(" path=%s", p);
+
+ if (inode) {
+ printk(" dev=%s ino=%ld",
+ kdevname(inode->i_dev),
+ inode->i_ino);
+ }
+ }
+
+ if (a->u.fs.inode) {
+ struct inode *inode = a->u.fs.inode;
+ struct dentry *dentry = d_find_alias(inode);
+
+ if (dentry) {
+ p = avc_d_path(dentry,
+ avc_audit_buffer,
+ PAGE_SIZE);
+ if (p)
+ printk(" path=%s", p);
+ dput(dentry);
+ }
+
+ printk(" dev=%s ino=%ld",
+ kdevname(inode->i_dev),inode->i_ino);
+ }
+ break;
+ case AVC_AUDIT_DATA_NET:
+ if (a->u.net.sk) {
+ struct sock *sk = a->u.net.sk;
+
+ switch (sk->family) {
+ case AF_INET:
+ print_ipv4_addr(sk->rcv_saddr,
+ sk->sport,
+ "laddr", "lport");
+ print_ipv4_addr(sk->daddr,
+ sk->dport,
+ "faddr", "fport");
+ break;
+ case AF_UNIX:
+ if (sk->protinfo.af_unix.dentry) {
+ p = d_path(sk->protinfo.af_unix.dentry,
+ sk->protinfo.af_unix.mnt,
+ avc_audit_buffer,
+ PAGE_SIZE);
+ printk(" path=%s", p);
+ } else if (sk->protinfo.af_unix.addr) {
+ p = avc_audit_buffer;
+ memcpy(p,
+ sk->protinfo.af_unix.addr->name->sun_path,
+ sk->protinfo.af_unix.addr->len-sizeof(short));
+ if (*p == 0) {
+ *p = '@';
+ p += sk->protinfo.af_unix.addr->len-sizeof(short);
+ *p = 0;
+ }
+ printk(" path=%s",
+ avc_audit_buffer);
+ }
+ break;
+ }
+ }
+ if (a->u.net.daddr) {
+ printk(" daddr=%d.%d.%d.%d",
+ NIPQUAD(a->u.net.daddr));
+ if (a->u.net.port)
+ printk(" dest=%d", ntohs(a->u.net.port));
+ } else if (a->u.net.port)
+ printk(" port=%d", ntohs(a->u.net.port));
+ if (a->u.net.skb) {
+ struct sk_buff *skb = a->u.net.skb;
+
+ if (skb->nh.iph) {
+ __u16 source = 0, dest = 0;
+ __u8 protocol = skb->nh.iph->protocol;
+
+
+ if (protocol == IPPROTO_TCP &&
+ skb->h.th) {
+ source = skb->h.th->source;
+ dest = skb->h.th->dest;
+ }
+ if (protocol == IPPROTO_UDP &&
+ skb->h.uh) {
+ source = skb->h.uh->source;
+ dest = skb->h.uh->dest;
+ }
+
+ print_ipv4_addr(skb->nh.iph->saddr,
+ source,
+ "saddr", "source");
+ print_ipv4_addr(skb->nh.iph->daddr,
+ dest,
+ "daddr", "dest");
+ }
+ }
+ if (a->u.net.netif)
+ printk(" netif=%s", a->u.net.netif);
+ break;
+ }
+ }
+ printk(" ");
+ avc_dump_query(ssid, tsid, tclass);
+ printk("\n");
+}
+
+
+typedef struct avc_callback_node
+{
+ int (*callback)(__u32 event,
+ security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t *out_retained);
+ __u32 events;
+ security_id_t ssid;
+ security_id_t tsid;
+ security_class_t tclass;
+ access_vector_t perms;
+ struct avc_callback_node *next;
+} avc_callback_node_t;
+
+static avc_callback_node_t *avc_callbacks = NULL;
+
+
+/*
+ * Register a callback for events in the set `events'
+ * related to the SID pair (`ssid', `tsid') and
+ * and the permissions `perms', interpreting
+ * `perms' based on `tclass'.
+ */
+int avc_add_callback(
+ int (*callback)(__u32 event,
+ security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t *out_retained),
+ __u32 events,
+ security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms)
+{
+ avc_callback_node_t *c;
+
+ c = (avc_callback_node_t *) kmalloc(sizeof(avc_callback_node_t),
+ GFP_ATOMIC);
+ if (!c)
+ return -ENOMEM;
+
+ c->callback = callback;
+ c->events = events;
+ c->ssid = ssid;
+ c->tsid = tsid;
+ c->perms = perms;
+ c->next = avc_callbacks;
+ avc_callbacks = c;
+ return 0;
+}
+
+
+#define AVC_SIDCMP(x,y) \
+((x) == (y) || (x) == SECSID_WILD || (y) == SECSID_WILD)
+
+
+/*
+ * Update the cache entry `node' based on the
+ * event `event' and permissions `perms'.
+ */
+static inline void avc_update_node(
+ __u32 event,
+ avc_node_t *node,
+ access_vector_t perms)
+{
+ switch (event) {
+ case AVC_CALLBACK_GRANT:
+ node->ae.allowed |= perms;
+ break;
+ case AVC_CALLBACK_TRY_REVOKE:
+ case AVC_CALLBACK_REVOKE:
+ node->ae.allowed &= ~perms;
+ break;
+ case AVC_CALLBACK_AUDITALLOW_ENABLE:
+ node->ae.auditallow |= perms;
+ break;
+ case AVC_CALLBACK_AUDITALLOW_DISABLE:
+ node->ae.auditallow &= ~perms;
+ break;
+ case AVC_CALLBACK_AUDITDENY_ENABLE:
+ node->ae.auditdeny |= perms;
+ break;
+ case AVC_CALLBACK_AUDITDENY_DISABLE:
+ node->ae.auditdeny &= ~perms;
+ break;
+ }
+}
+
+
+/*
+ * Update any cache entries that match the
+ * SID pair (`ssid', `tsid') and class `tclass'
+ * based on the event `event' and permissions
+ * `perms'.
+ */
+static int avc_update_cache(
+ __u32 event, /* IN */
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms) /* IN */
+{
+ avc_node_t *node;
+ int i;
+
+ spin_lock(&avc_lock);
+
+ if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
+ /* apply to all matching nodes */
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ for (node = avc_cache.slots[i]; node;
+ node = node->next) {
+ if (AVC_SIDCMP(ssid, node->ae.ssid) &&
+ AVC_SIDCMP(tsid, node->ae.tsid) &&
+ tclass == node->ae.tclass) {
+ avc_update_node(event,node,perms);
+ }
+ }
+ }
+ } else {
+ /* apply to one node */
+ node = avc_search_node(ssid, tsid, tclass, 0);
+ if (node) {
+ avc_update_node(event,node,perms);
+ }
+ }
+
+ spin_unlock(&avc_lock);
+
+ return 0;
+}
+
+/*
+ * Update the cache state and invoke any
+ * registered callbacks that match the
+ * SID pair (`ssid', `tsid') and class `tclass'
+ * based on the event `event' and permissions
+ * `perms'. Increase the latest revocation
+ * notification sequence number if appropriate.
+ */
+static int avc_control(
+ __u32 event, /* IN */
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno, /* IN */
+ access_vector_t *out_retained) /* OUT */
+{
+ avc_callback_node_t *c;
+ access_vector_t tretained = 0, cretained = 0;
+ int rc;
+
+ /*
+ * try_revoke only removes permissions from the cache
+ * state if they are not retained by the object manager.
+ * Hence, try_revoke must wait until after the callbacks have
+ * been invoked to update the cache state.
+ */
+ if (event != AVC_CALLBACK_TRY_REVOKE)
+ avc_update_cache(event,ssid,tsid,tclass,perms);
+
+ for (c = avc_callbacks; c; c = c->next)
+ {
+ if ((c->events & event) &&
+ AVC_SIDCMP(c->ssid, ssid) &&
+ AVC_SIDCMP(c->tsid, tsid) &&
+ c->tclass == tclass &&
+ (c->perms & perms)) {
+ cretained = 0;
+ rc = c->callback(event, ssid, tsid, tclass,
+ (c->perms & perms),
+ &cretained);
+ if (rc)
+ return rc;
+ tretained |= cretained;
+ }
+ }
+
+ if (event == AVC_CALLBACK_TRY_REVOKE) {
+ /* revoke any unretained permissions */
+ perms &= ~tretained;
+ avc_update_cache(event,ssid,tsid,tclass,perms);
+ *out_retained = tretained;
+ }
+
+ spin_lock(&avc_lock);
+ if (seqno > avc_cache.latest_notif)
+ avc_cache.latest_notif = seqno;
+ spin_unlock(&avc_lock);
+
+ return 0;
+}
+
+
+/* Grant previously denied permissions */
+int avc_ss_grant(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno) /* IN */
+{
+ return avc_control(AVC_CALLBACK_GRANT,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
+
+
+/*
+ * Try to revoke previously granted permissions, but
+ * only if they are not retained as migrated permissions.
+ * Return the subset of permissions that are retained.
+ */
+int avc_ss_try_revoke(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno, /* IN */
+ access_vector_t *out_retained) /* OUT */
+{
+ return avc_control(AVC_CALLBACK_TRY_REVOKE,
+ ssid, tsid, tclass, perms, seqno, out_retained);
+}
+
+
+/*
+ * Revoke previously granted permissions, even if
+ * they are retained as migrated permissions.
+ */
+int avc_ss_revoke(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno) /* IN */
+{
+ return avc_control(AVC_CALLBACK_REVOKE,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
+
+
+/*
+ * Flush the cache and revalidate all migrated permissions.
+ */
+int avc_ss_reset(__u32 seqno)
+{
+ avc_callback_node_t *c;
+ int rc;
+ avc_node_t *node, *tmp;
+ int i;
+
+ avc_hash_eval("reset");
+
+ spin_lock(&avc_lock);
+
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ node = avc_cache.slots[i];
+ while (node) {
+ tmp = node;
+ node = node->next;
+ tmp->ae.ssid = tmp->ae.tsid = SECSID_NULL;
+ tmp->ae.tclass = SECCLASS_NULL;
+ tmp->ae.allowed = tmp->ae.decided = 0;
+ tmp->ae.auditallow = tmp->ae.auditdeny = 0;
+ tmp->ae.used = 0;
+ tmp->next = avc_node_freelist;
+ avc_node_freelist = tmp;
+ avc_cache.activeNodes--;
+ }
+ avc_cache.slots[i] = 0;
+ }
+ avc_cache.lru_hint = 0;
+
+ spin_unlock(&avc_lock);
+
+ for (i = 0; i < AVC_NSTATS; i++)
+ avc_cache_stats[i] = 0;
+
+ for (c = avc_callbacks; c; c = c->next) {
+ if (c->events & AVC_CALLBACK_RESET) {
+ rc = c->callback(AVC_CALLBACK_RESET,
+ 0, 0, 0, 0, 0);
+ if (rc)
+ return rc;
+ }
+ }
+
+ spin_lock(&avc_lock);
+ if (seqno > avc_cache.latest_notif)
+ avc_cache.latest_notif = seqno;
+ spin_unlock(&avc_lock);
+
+ return 0;
+}
+
+
+/* Enable or disable auditing of granted permissions */
+int avc_ss_set_auditallow(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno, /* IN */
+ __u32 enable)
+{
+ if (enable)
+ return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+ else
+ return avc_control(AVC_CALLBACK_AUDITALLOW_DISABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
+
+
+/* Enable or disable auditing of denied permissions */
+int avc_ss_set_auditdeny(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno, /* IN */
+ __u32 enable)
+{
+ if (enable)
+ return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+ else
+ return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
+
+
+/*
+ * Toggle the AVC between being permissive and
+ * enforcing permissions.
+ */
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+long sys_avc_toggle(void)
+{
+ extern int ss_initialized;
+ int error;
+
+ error = task_has_system(current, SYSTEM__AVC_TOGGLE);
+ if (error)
+ return error;
+ avc_debug_always_allow = !avc_debug_always_allow;
+ if (!avc_debug_always_allow) {
+ avc_ss_reset(avc_cache.latest_notif);
+ if (!ss_initialized) {
+ error = security_init();
+ if (error)
+ panic("SELinux: Could not initialize\n");
+ }
+ }
+ return avc_debug_always_allow;
+}
+
+long sys_avc_enforcing(void)
+{
+ return !avc_debug_always_allow;
+}
+#else
+long sys_avc_toggle(void)
+{
+ return 0;
+}
+
+long sys_avc_enforcing(void)
+{
+ return 1;
+}
+#endif
+
+
diff --minimal -Nru a/security/selinux/flask/Makefile b/security/selinux/flask/Makefile
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/Makefile Tue Feb 12 18:59:50 2002
@@ -0,0 +1,32 @@
+#
+# Makefile for building the SELinux module as part of the kernel.
+#
+
+AWK = awk
+
+CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
+ else if [ -x /bin/bash ]; then echo /bin/bash; \
+ else echo sh; fi ; fi)
+
+FLASK_H_DEPEND = security_classes initial_sids
+AV_H_DEPEND = access_vectors
+IDIR = ../include/linux/flask
+
+FLASK_H_FILES = av_inherit.h av_perm_to_string.h av_permissions.h class_to_string.h common_perm_to_string.h flask.h initial_sid_to_string.h
+FLASK_IH_FILES := $(addprefix $(IDIR)/,$(FLASK_H_FILES))
+
+all: ../include/linux/flask/flask.h ../include/linux/flask/av_permissions.h
+
+../include/linux/flask/flask.h: $(FLASK_H_DEPEND)
+ $(CONFIG_SHELL) ./mkflask.sh $(AWK) $(FLASK_H_DEPEND)
+ install flask.h class_to_string.h initial_sid_to_string.h $(IDIR)
+
+../include/linux/flask/av_permissions.h: $(AV_H_DEPEND)
+ $(CONFIG_SHELL) ./mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
+ install av_inherit.h common_perm_to_string.h av_perm_to_string.h av_permissions.h $(IDIR)
+
+clean:
+ rm -f $(FLASK_H_FILES)
+ rm -f $(FLASK_IH_FILES)
+
+include $(TOPDIR)/Rules.make
diff --minimal -Nru a/security/selinux/flask/access_vectors b/security/selinux/flask/access_vectors
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/access_vectors Tue Feb 12 18:59:50 2002
@@ -0,0 +1,346 @@
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ poll
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ transition
+ append
+ access
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ poll
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ transition
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ create
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ getattr
+ setattr
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld
+ sigkill
+ sigstop
+ signal
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ notify_perm
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ register_avc
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ net_io_control
+ route_control
+ arp_control
+ rarp_control
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
diff --minimal -Nru a/security/selinux/flask/initial_sids b/security/selinux/flask/initial_sids
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/initial_sids Tue Feb 12 18:59:50 2002
@@ -0,0 +1,39 @@
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+sid security
+sid unlabeled
+sid fs
+sid file
+sid file_labels
+sid init
+sid proc
+sid any_socket
+sid port
+sid netif
+sid netmsg
+sid node
+sid icmp_socket
+sid tcp_socket
+sid proc_kmsg
+sid proc_kcore
+sid sysctl_modprobe
+sid sysctl
+sid sysctl_fs
+sid sysctl_kernel
+sid sysctl_net
+sid sysctl_net_unix
+sid sysctl_vm
+sid sysctl_dev
+sid kmod
+sid devpts
+sid nfs
+sid policy
+sid tmpfs
+sid devfs
+
+# FLASK
diff --minimal -Nru a/security/selinux/flask/mkaccess_vector.sh b/security/selinux/flask/mkaccess_vector.sh
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/mkaccess_vector.sh Tue Feb 12 18:59:50 2002
@@ -0,0 +1,250 @@
+#!/bin/sh -
+#
+
+# FLASK
+
+set -e
+
+#subproject id
+subproject="FLASK"
+
+awk=$1
+shift
+
+# output files
+av_permissions="av_permissions.h"
+av_inherit="av_inherit.h"
+common_perm_to_string="common_perm_to_string.h"
+av_perm_to_string="av_perm_to_string.h"
+
+cat $* | $awk "
+BEGIN {
+ outfile = \"$av_permissions\"
+ subproject = \"$subproject\"
+ inheritfile = \"$av_inherit\"
+ cpermfile = \"$common_perm_to_string\"
+ avpermfile = \"$av_perm_to_string\"
+ "'
+ nextstate = "COMMON_OR_AV";
+ printf("/* This file is automatically generated. Do not edit. */\n") > outfile;
+ printf("/* This file is automatically generated. Do not edit. */\n") > inheritfile;
+ printf("/* This file is automatically generated. Do not edit. */\n") > cpermfile;
+ printf("/* This file is automatically generated. Do not edit. */\n") > avpermfile;
+;
+ printf("/* %s */\n\n", subproject) > outfile;
+
+ printf("/* %s */\n\n", subproject) > cpermfile;
+
+ printf("/* %s */\n\n", subproject) > inheritfile;
+ printf("typedef struct\n") > inheritfile;
+ printf("{\n") > inheritfile;
+ printf(" security_class_t tclass;\n") > inheritfile;
+ printf(" char **common_pts;\n") > inheritfile;
+ printf(" access_vector_t common_base;\n") > inheritfile;
+ printf("} av_inherit_t;\n\n") > inheritfile;
+ printf("static av_inherit_t av_inherit[] = {\n") > inheritfile;
+
+ printf("/* %s */\n\n", subproject) > avpermfile;
+ printf("typedef struct\n") > avpermfile;
+ printf("{\n") > avpermfile;
+ printf(" security_class_t tclass;\n") > avpermfile;
+ printf(" access_vector_t value;\n") > avpermfile;
+ printf(" char *name;\n") > avpermfile;
+ printf("} av_perm_to_string_t;\n\n") > avpermfile;
+ printf("static av_perm_to_string_t av_perm_to_string[] = {\n") > avpermfile;
+ }
+/^[ \t]*#/ {
+ next;
+ }
+$1 == "common" {
+ if (nextstate != "COMMON_OR_AV")
+ {
+ printf("Parse error: Unexpected COMMON definition on line %d\n", NR);
+ next;
+ }
+
+ if ($2 in common_defined)
+ {
+ printf("Duplicate COMMON definition for %s on line %d.\n", $2, NR);
+ next;
+ }
+ common_defined[$2] = 1;
+
+ tclass = $2;
+ common_name = $2;
+ permission = 1;
+
+ printf("static char *common_%s_perm_to_string[] =\n{\n", $2) > cpermfile;
+
+ nextstate = "COMMON-OPENBRACKET";
+ next;
+ }
+$1 == "class" {
+ if (nextstate != "COMMON_OR_AV" &&
+ nextstate != "CLASS_OR_CLASS-OPENBRACKET")
+ {
+ printf("Parse error: Unexpected class definition on line %d\n", NR);
+ next;
+ }
+
+ tclass = $2;
+
+ if (tclass in av_defined)
+ {
+ printf("Duplicate access vector definition for %s on line %d\n", tclass, NR);
+ next;
+ }
+ av_defined[tclass] = 1;
+
+ inherits = "";
+ permission = 1;
+
+ nextstate = "INHERITS_OR_CLASS-OPENBRACKET";
+ next;
+ }
+$1 == "inherits" {
+ if (nextstate != "INHERITS_OR_CLASS-OPENBRACKET")
+ {
+ printf("Parse error: Unexpected INHERITS definition on line %d\n", NR);
+ next;
+ }
+
+ if (!($2 in common_defined))
+ {
+ printf("COMMON %s is not defined (line %d).\n", $2, NR);
+ next;
+ }
+
+ inherits = $2;
+ permission = common_base[$2];
+
+ for (combined in common_perms)
+ {
+ split(combined,separate, SUBSEP);
+ if (separate[1] == inherits)
+ {
+ printf("#define %s__%s", toupper(tclass), toupper(separate[2])) > outfile;
+ spaces = 40 - (length(separate[2]) + length(tclass));
+ if (spaces < 1)
+ spaces = 1;
+ for (i = 0; i < spaces; i++)
+ printf(" ") > outfile;
+ printf("0x%08xUL\n", common_perms[combined]) > outfile;
+ }
+ }
+ printf("\n") > outfile;
+
+ printf(" { SECCLASS_%s, common_%s_perm_to_string, 0x%08xUL },\n", toupper(tclass), inherits, permission) > inheritfile;
+
+ nextstate = "CLASS_OR_CLASS-OPENBRACKET";
+ next;
+ }
+$1 == "{" {
+ if (nextstate != "INHERITS_OR_CLASS-OPENBRACKET" &&
+ nextstate != "CLASS_OR_CLASS-OPENBRACKET" &&
+ nextstate != "COMMON-OPENBRACKET")
+ {
+ printf("Parse error: Unexpected { on line %d\n", NR);
+ next;
+ }
+
+ if (nextstate == "INHERITS_OR_CLASS-OPENBRACKET")
+ nextstate = "CLASS-CLOSEBRACKET";
+
+ if (nextstate == "CLASS_OR_CLASS-OPENBRACKET")
+ nextstate = "CLASS-CLOSEBRACKET";
+
+ if (nextstate == "COMMON-OPENBRACKET")
+ nextstate = "COMMON-CLOSEBRACKET";
+ }
+/[a-z][a-z_]*/ {
+ if (nextstate != "COMMON-CLOSEBRACKET" &&
+ nextstate != "CLASS-CLOSEBRACKET")
+ {
+ printf("Parse error: Unexpected symbol %s on line %d\n", $1, NR);
+ next;
+ }
+
+ if (nextstate == "COMMON-CLOSEBRACKET")
+ {
+ if ((common_name,$1) in common_perms)
+ {
+ printf("Duplicate permission %s for common %s on line %d.\n", $1, common_name, NR);
+ next;
+ }
+
+ common_perms[common_name,$1] = permission;
+
+ printf("#define COMMON_%s__%s", toupper(common_name), toupper($1)) > outfile;
+
+ printf(" \"%s\",\n", $1) > cpermfile;
+ }
+ else
+ {
+ if ((tclass,$1) in av_perms)
+ {
+ printf("Duplicate permission %s for %s on line %d.\n", $1, tclass, NR);
+ next;
+ }
+
+ av_perms[tclass,$1] = permission;
+
+ if (inherits != "")
+ {
+ if ((inherits,$1) in common_perms)
+ {
+ printf("Permission %s in %s on line %d conflicts with common permission.\n", $1, tclass, inherits, NR);
+ next;
+ }
+ }
+
+ printf("#define %s__%s", toupper(tclass), toupper($1)) > outfile;
+
+ printf(" { SECCLASS_%s, %s__%s, \"%s\" },\n", toupper(tclass), toupper(tclass), toupper($1), $1) > avpermfile;
+ }
+
+ spaces = 40 - (length($1) + length(tclass));
+ if (spaces < 1)
+ spaces = 1;
+
+ for (i = 0; i < spaces; i++)
+ printf(" ") > outfile;
+ printf("0x%08xUL\n", permission) > outfile;
+ permission = permission * 2;
+ }
+$1 == "}" {
+ if (nextstate != "CLASS-CLOSEBRACKET" &&
+ nextstate != "COMMON-CLOSEBRACKET")
+ {
+ printf("Parse error: Unexpected } on line %d\n", NR);
+ next;
+ }
+
+ if (nextstate == "COMMON-CLOSEBRACKET")
+ {
+ common_base[common_name] = permission;
+ printf("};\n\n") > cpermfile;
+ }
+
+ printf("\n") > outfile;
+
+ nextstate = "COMMON_OR_AV";
+ }
+END {
+ if (nextstate != "COMMON_OR_AV" && nextstate != "CLASS_OR_CLASS-OPENBRACKET")
+ printf("Parse error: Unexpected end of file\n");
+
+ printf("\n/* %s */\n", subproject) > outfile;
+
+ printf("\n/* %s */\n", subproject) > cpermfile;
+
+ printf("};\n\n") > inheritfile;
+ printf("#define AV_INHERIT_SIZE (sizeof(av_inherit)/sizeof(av_inherit_t))\n\n") > inheritfile;
+ printf("\n/* %s */\n", subproject) > inheritfile;
+
+ printf("};\n\n") > avpermfile;
+ printf("#define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t))\n\n") > avpermfile;
+ printf("\n/* %s */\n", subproject) > avpermfile;
+ }'
+
+# FLASK
diff --minimal -Nru a/security/selinux/flask/mkflask.sh b/security/selinux/flask/mkflask.sh
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/mkflask.sh Tue Feb 12 18:59:50 2002
@@ -0,0 +1,99 @@
+#!/bin/sh -
+#
+
+# FLASK
+
+set -e
+
+awk=$1
+shift 1
+
+# output file
+output_file="flask.h"
+debug_file="class_to_string.h"
+debug_file2="initial_sid_to_string.h"
+
+cat $* | $awk "
+BEGIN {
+ outfile = \"$output_file\"
+ debugfile = \"$debug_file\"
+ debugfile2 = \"$debug_file2\"
+ "'
+ nextstate = "CLASS";
+
+ printf("/* This file is automatically generated. Do not edit. */\n") > outfile;
+
+ printf("#ifndef _LINUX_FLASK_H_\n") > outfile;
+ printf("#define _LINUX_FLASK_H_\n") > outfile;
+ printf("\n#include <linux/flask/flask_types.h>\n") > outfile;
+
+ printf("\n/*\n * Security object class definitions\n */\n") > outfile;
+ printf("/* This file is automatically generated. Do not edit. */\n") > debugfile;
+ printf("/*\n * Security object class definitions\n */\n") > debugfile;
+ printf("static char *class_to_string[] =\n{\n") > debugfile;
+ printf(" \"null\",\n") > debugfile;
+ printf("/* This file is automatically generated. Do not edit. */\n") > debugfile2;
+ printf("static char *initial_sid_to_string[] =\n{\n") > debugfile2;
+ printf(" \"null\",\n") > debugfile2;
+ }
+/^[ \t]*#/ {
+ next;
+ }
+$1 == "class" {
+ if (nextstate != "CLASS")
+ {
+ printf("Parse error: Unexpected class definition on line %d\n", NR);
+ next;
+ }
+
+ if ($2 in class_found)
+ {
+ printf("Duplicate class definition for %s on line %d.\n", $2, NR);
+ next;
+ }
+ class_found[$2] = 1;
+
+ class_value++;
+
+ printf("#define SECCLASS_%s", toupper($2)) > outfile;
+ for (i = 0; i < 40 - length($2); i++)
+ printf(" ") > outfile;
+ printf("%d\n", class_value) > outfile;
+
+ printf(" \"%s\",\n", $2) > debugfile;
+ }
+$1 == "sid" {
+ if (nextstate == "CLASS")
+ {
+ nextstate = "SID";
+ printf("};\n\n") > debugfile;
+ printf("\n/*\n * Security identifier indices for initial entities\n */\n") > outfile;
+ }
+
+ if ($2 in sid_found)
+ {
+ printf("Duplicate SID definition for %s on line %d.\n", $2, NR);
+ next;
+ }
+ sid_found[$2] = 1;
+ sid_value++;
+
+ printf("#define SECINITSID_%s", toupper($2)) > outfile;
+ for (i = 0; i < 37 - length($2); i++)
+ printf(" ") > outfile;
+ printf("%d\n", sid_value) > outfile;
+ printf(" \"%s\",\n", $2) > debugfile2;
+ }
+END {
+ if (nextstate != "SID")
+ printf("Parse error: Unexpected end of file\n");
+
+ printf("\n#define SECINITSID_NUM") > outfile;
+ for (i = 0; i < 34; i++)
+ printf(" ") > outfile;
+ printf("%d\n", sid_value) > outfile;
+ printf("\n#endif\n") > outfile;
+ printf("};\n\n") > debugfile2;
+ }'
+
+# FLASK
diff --minimal -Nru a/security/selinux/flask/security_classes b/security/selinux/flask/security_classes
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/security_classes Tue Feb 12 18:59:50 2002
@@ -0,0 +1,43 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
diff --minimal -Nru a/security/selinux/hooks.c b/security/selinux/hooks.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/hooks.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,4338 @@
+/*
+ * NSA Security-Enhanced Linux (SELinux) security module
+ *
+ * This file contains the SELinux hook function implementations.
+ *
+ * Authors: Stephen Smalley, NAI Labs, <ssmalley@nai.com>
+ * Chris Vance, <cvance@nai.com>
+ * Wayne Salamon, <wsalamon@nai.com>
+ *
+ * Copyright (C) 2001 Networks Associates Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/errno.h>
+#include <linux/sched.h>
+#include <linux/security.h>
+#include <linux/capability.h>
+#include <linux/flask/avc.h>
+#include <linux/flask/psid.h>
+#include <linux/flask/syscalls.h>
+#include <linux/mm.h>
+#include <linux/mman.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/spinlock.h>
+#include <linux/file.h>
+#include <linux/ext2_fs.h>
+#include <net/ip.h> /* for sysctl_local_port_range[] */
+#include <asm/uaccess.h>
+#include <asm/semaphore.h>
+#include <asm/ioctls.h>
+#include <linux/bitops.h>
+#include <linux/interrupt.h>
+#include <linux/netfilter.h> /* for network interface checks */
+#include <linux/netdevice.h> /* for network interface checks */
+#include <linux/netlink.h>
+#include "selinux_plug.h"
+
+
+/* Original (dummy) security module. */
+static struct security_operations *original_ops = NULL;
+
+/* Minimal support for a secondary security module,
+ just to allow the use of the capability plug. */
+static struct security_operations *secondary_ops = NULL;
+
+/*
+ * Tables to map the CTL table name to a security ID.
+ * The members of this struct are used to define a signature for
+ * matching the sysctl field to a specific SID. Because the ctl_name
+ * values are not unique, we rely on the procname even though it is
+ * not guaranteed to be present. So far we only care about sysctl
+ * fields that have an associated procname.
+ * These ctl tables are defined in sysctl.c, except where noted.
+ */
+static ctl_sid ctl_sid_kern_table[] = {
+ {KERN_OSTYPE, "ostype", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_OSRELEASE, "osrelease", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_VERSION, "version", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_NODENAME, "hostname", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_DOMAINNAME, "domainname", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_PANIC, "panic", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_CAP_BSET, "cap-bound", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_REALROOTDEV, "real-rot-dev", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_SPARC_REBOOT, "reboot-cmd", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_SPARC_STOP_A, "stop-a", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_PPC_HTABRECLAIM, "htab-reclaim",SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_PPC_ZEROPAGED, "zero-paged", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_PPC_POWERSAVE_NAP, "powersave-nap", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_PPC_L2CR, "l2cr", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_CTLALTDEL, "ctrl-alt-del", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_PRINTK, "printk", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_MODPROBE, "modprobe", SECINITSID_SYSCTL_MODPROBE, NULL},
+ {KERN_HOTPLUG, "hotplug", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_SG_BIG_BUFF, "sg-big-buff", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_ACCT, "acct", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_RTSIGNR, "rtsig-nr", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_RTSIGMAX, "rtsig-max", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_SHMMAX, "shmmax", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_SHMALL, "shmall", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_SHMMNI, "shmmni", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_MSGMAX, "msgmax", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_MSGMNI, "msgmni", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_MSGMNB, "msgmnb", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_SEM, "sem", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_SYSRQ, "sysrq", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_MAX_THREADS, "threads-max", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_RANDOM, "random", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_OVERFLOWUID, "overflowuid", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_OVERFLOWGID, "overflowgid", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_IEEE_EMULATION_WARNINGS, "ieee_emulation_warnings", SECINITSID_SYSCTL_KERNEL, NULL},
+ {KERN_S390_USER_DEBUG_LOGGING, "userprocess_debug", SECINITSID_SYSCTL_KERNEL, NULL},
+ {0}
+};
+
+static ctl_sid ctl_sid_vm_table[] = {
+ {VM_FREEPG, "freepages", SECINITSID_SYSCTL_VM, NULL},
+ {VM_BDFLUSH, "bdflush", SECINITSID_SYSCTL_VM, NULL},
+ {VM_OVERCOMMIT_MEMORY, "overcommit_memory", SECINITSID_SYSCTL_VM, NULL},
+ {VM_BUFFERMEM, "buffermem", SECINITSID_SYSCTL_VM, NULL},
+ {VM_PAGECACHE, "pagecache", SECINITSID_SYSCTL_VM, NULL},
+ {VM_PAGERDAEMON, "kswapd", SECINITSID_SYSCTL_VM, NULL},
+ {VM_PGT_CACHE, "pagetable_cache", SECINITSID_SYSCTL_VM, NULL},
+ {VM_PAGE_CLUSTER, "page-cluster", SECINITSID_SYSCTL_VM, NULL},
+ {0}
+};
+
+static ctl_sid ctl_sid_net_table[] = {
+ /* The Net ctl table is defined in net/sysctl_net.c */
+ {NET_CORE, "core", SECINITSID_SYSCTL_NET, NULL},
+ {NET_802, "802", SECINITSID_SYSCTL_NET, NULL},
+ {NET_ETHER, "ethernet", SECINITSID_SYSCTL_NET, NULL},
+ {NET_IPV4, "ipv4", SECINITSID_SYSCTL_NET, NULL},
+ {NET_IPV6, "ipv6", SECINITSID_SYSCTL_NET, NULL},
+ {NET_TR, "token-ring", SECINITSID_SYSCTL_NET, NULL},
+ {NET_ECONET, "econet", SECINITSID_SYSCTL_NET, NULL},
+ {NET_UNIX, "unix", SECINITSID_SYSCTL_NET_UNIX, NULL},
+ {0}
+};
+
+static ctl_sid ctl_sid_fs_table[] = {
+ {FS_NRINODE, "inode-nr", SECINITSID_SYSCTL_FS, NULL},
+ {FS_STATINODE, "inode-state", SECINITSID_SYSCTL_FS, NULL},
+ {FS_NRFILE, "file-nr", SECINITSID_SYSCTL_FS, NULL},
+ {FS_MAXFILE, "file-max", SECINITSID_SYSCTL_FS, NULL},
+ {FS_NRSUPER, "super-nr", SECINITSID_SYSCTL_FS, NULL},
+ {FS_MAXSUPER, "super-max", SECINITSID_SYSCTL_FS, NULL},
+ {FS_NRDQUOT, "dquot-nr", SECINITSID_SYSCTL_FS, NULL},
+ {FS_MAXDQUOT, "dquot-max", SECINITSID_SYSCTL_FS, NULL},
+ {FS_DENTRY, "dentry-state", SECINITSID_SYSCTL_FS, NULL},
+ {FS_OVERFLOWUID, "overflowuid", SECINITSID_SYSCTL_FS, NULL},
+ {FS_OVERFLOWGID, "overflowgid", SECINITSID_SYSCTL_FS, NULL},
+ {FS_LEASES, "leases-enable", SECINITSID_SYSCTL_FS, NULL},
+ {FS_DIR_NOTIFY, "dir-notify-enable", SECINITSID_SYSCTL_FS, NULL},
+ {FS_LEASE_TIME, "lease-break-time", SECINITSID_SYSCTL_FS, NULL},
+ {0}
+};
+
+static ctl_sid ctl_sid_root_table[] = {
+ {CTL_KERN, "kernel", SECINITSID_SYSCTL_KERNEL, ctl_sid_kern_table},
+ {CTL_VM, "vm", SECINITSID_SYSCTL_VM, ctl_sid_vm_table},
+ {CTL_NET, "net", SECINITSID_SYSCTL_NET, ctl_sid_net_table},
+ {CTL_PROC, "proc", SECINITSID_SYSCTL, NULL},
+ {CTL_FS, "fs", SECINITSID_SYSCTL_FS, ctl_sid_fs_table},
+ {CTL_DEBUG, "debug", SECINITSID_SYSCTL, NULL},
+ {CTL_DEV, "dev", SECINITSID_SYSCTL_DEV, NULL},
+ {0}
+};
+
+/* Lists of security blobs created by this module.
+ Used to deallocate all security blobs and clear security
+ fields when the module exits. */
+static LIST_HEAD(task_security_head);
+static LIST_HEAD(inode_security_head);
+static LIST_HEAD(file_security_head);
+static LIST_HEAD(msg_security_head);
+static LIST_HEAD(ipc_security_head);
+static LIST_HEAD(superblock_security_head);
+static LIST_HEAD(netdev_security_head);
+
+/* Allocate and free functions for each kind of security blob. */
+
+static struct semaphore task_alloc_semaphore;
+
+static int task_alloc_security(struct task_struct *task)
+{
+ struct task_security_struct *tsec;
+ int rc = 0;
+
+ if (safe_down(&task_alloc_semaphore))
+ return -ENOMEM;
+
+ tsec = task->security;
+ if (tsec && tsec->magic == SELINUX_MAGIC)
+ goto out;
+
+ tsec = kmalloc(sizeof(struct task_security_struct), SAFE_ALLOC);
+ if (!tsec) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ memset(tsec, 0, sizeof(struct task_security_struct));
+ tsec->magic = SELINUX_MAGIC;
+ tsec->task = task;
+ list_add(&tsec->list, &task_security_head);
+ tsec->osid = tsec->sid = SECINITSID_UNLABELED;
+ task->security = tsec;
+
+out:
+ safe_up(&task_alloc_semaphore);
+ return rc;
+}
+
+static void task_free_security(struct task_struct *task)
+{
+ struct task_security_struct *tsec = task->security;
+
+ if (!tsec || tsec->magic != SELINUX_MAGIC)
+ return;
+
+ task->security = NULL;
+ list_del(&tsec->list);
+ kfree(tsec);
+}
+
+static struct semaphore inode_alloc_semaphore;
+
+static int inode_alloc_security(struct inode *inode)
+{
+ struct task_security_struct *tsec = current->security;
+ struct inode_security_struct *isec;
+ int rc = 0;
+
+ if (safe_down(&inode_alloc_semaphore))
+ return -ENOMEM;
+ isec = inode->i_security;
+ if (isec && isec->magic == SELINUX_MAGIC)
+ goto out;
+ isec = kmalloc(sizeof(struct inode_security_struct), SAFE_ALLOC);
+ if (!isec) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ memset(isec, 0, sizeof(struct inode_security_struct));
+ init_MUTEX(&isec->sem);
+ isec->magic = SELINUX_MAGIC;
+ isec->inode = inode;
+ list_add(&isec->list, &inode_security_head);
+ isec->sid = SECINITSID_UNLABELED;
+ if (tsec && tsec->magic == SELINUX_MAGIC)
+ isec->task_sid = tsec->sid;
+ else
+ isec->task_sid = SECINITSID_UNLABELED;
+ inode->i_security = isec;
+
+out:
+ safe_up(&inode_alloc_semaphore);
+ return rc;
+}
+
+static void inode_free_security(struct inode *inode)
+{
+ struct inode_security_struct *isec = inode->i_security;
+
+ if (!isec || isec->magic != SELINUX_MAGIC)
+ return;
+
+ inode->i_security = NULL;
+ list_del(&isec->list);
+ kfree(isec);
+}
+
+static struct semaphore file_alloc_semaphore;
+
+static int file_alloc_security(struct task_struct *task, struct file *file)
+{
+ struct task_security_struct *tsec = task->security;
+ struct file_security_struct *fsec;
+ int rc = 0;
+
+ if (safe_down(&file_alloc_semaphore))
+ return -ENOMEM;
+ fsec = file->f_security;
+ if (fsec && fsec->magic == SELINUX_MAGIC)
+ goto out;
+
+ fsec = kmalloc(sizeof(struct file_security_struct), SAFE_ALLOC);
+ if (!fsec) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ memset(fsec, 0, sizeof(struct file_security_struct));
+ fsec->magic = SELINUX_MAGIC;
+ fsec->file = file;
+ list_add(&fsec->list, &file_security_head);
+ if (tsec && tsec->magic == SELINUX_MAGIC) {
+ fsec->sid = tsec->sid;
+ fsec->fown_sid = tsec->sid;
+ } else {
+ fsec->sid = SECINITSID_UNLABELED;
+ fsec->fown_sid = SECINITSID_UNLABELED;
+ }
+ file->f_security = fsec;
+
+out:
+ safe_up(&file_alloc_semaphore);
+ return rc;
+}
+
+static void file_free_security(struct file *file)
+{
+ struct file_security_struct *fsec = file->f_security;
+
+ if (!fsec || fsec->magic != SELINUX_MAGIC)
+ return;
+
+ file->f_security = NULL;
+ list_del(&fsec->list);
+ kfree(fsec);
+}
+
+static struct semaphore sb_alloc_semaphore;
+
+static int superblock_alloc_security(struct super_block *sb)
+{
+ struct superblock_security_struct *sbsec;
+ int rc = 0;
+
+ if (safe_down(&sb_alloc_semaphore))
+ return -ENOMEM;
+ sbsec = sb->s_security;
+ if (sbsec && sbsec->magic == SELINUX_MAGIC)
+ goto out;
+
+ sbsec = kmalloc(sizeof(struct superblock_security_struct), SAFE_ALLOC);
+ if (!sbsec) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ memset(sbsec, 0, sizeof(struct superblock_security_struct));
+ init_MUTEX(&sbsec->sem);
+ sbsec->magic = SELINUX_MAGIC;
+ sbsec->sb = sb;
+ list_add(&sbsec->list, &superblock_security_head);
+ sbsec->sid = SECINITSID_UNLABELED;
+ sb->s_security = sbsec;
+out:
+ safe_up(&sb_alloc_semaphore);
+ return rc;
+}
+
+static void superblock_free_security(struct super_block *sb)
+{
+ struct superblock_security_struct *sbsec = sb->s_security;
+
+ if (!sbsec || sbsec->magic != SELINUX_MAGIC)
+ return;
+
+ if (sbsec->uses_psids && sbsec->psidtab)
+ psid_release(sb);
+
+ sb->s_security = NULL;
+ list_del(&sbsec->list);
+ kfree(sbsec);
+}
+
+static struct semaphore netdev_alloc_semaphore;
+
+static int netdev_alloc_security(struct net_device *dev)
+{
+ struct netdev_security_struct *nsec;
+ int rc = 0;
+
+ if (safe_down(&netdev_alloc_semaphore))
+ return -ENOMEM;
+ nsec = dev->security;
+ if (nsec && nsec->magic == SELINUX_MAGIC)
+ goto out;
+
+ nsec = kmalloc(sizeof(struct netdev_security_struct), SAFE_ALLOC);
+ if (!nsec) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ memset(nsec, 0, sizeof(struct netdev_security_struct));
+ nsec->magic = SELINUX_MAGIC;
+ nsec->dev = dev;
+ list_add(&nsec->list, &netdev_security_head);
+ nsec->sid = nsec->default_msg_sid = SECINITSID_UNLABELED;
+ dev->security = nsec;
+out:
+ safe_up(&netdev_alloc_semaphore);
+ return rc;
+}
+
+static void netdev_free_security(struct net_device *dev)
+{
+ struct netdev_security_struct *nsec = dev->security;
+
+ if (!nsec || nsec->magic != SELINUX_MAGIC)
+ return;
+
+ dev->security = NULL;
+ list_del(&nsec->list);
+ kfree(nsec);
+}
+
+/* The security server must be initialized before
+ any labeling or access decisions can be provided. */
+static inline int ss_precondition(void)
+{
+ extern int ss_initialized;
+
+ return ss_initialized;
+}
+
+/* The file system's label must be initialized prior to use.
+ If the file system is persistent, then its persistent label mapping
+ must be initialized before labels for files in it can be obtained. */
+int superblock_precondition(struct super_block *sb)
+{
+ struct superblock_security_struct *sbsec = sb->s_security;
+ int rc;
+
+ rc = ss_precondition();
+ if (rc <= 0)
+ return rc;
+
+ if (sbsec && sbsec->magic == SELINUX_MAGIC) {
+ if (sbsec->initialized)
+ return 1; /* ready for service */
+ } else {
+ rc = superblock_alloc_security(sb);
+ if (rc)
+ return rc;
+ sbsec = sb->s_security;
+ }
+
+ if (test_and_set_bit(0, &sbsec->initializing))
+ return 0; /* currently initializing */
+
+ if ((strcmp(sb->s_type->name, "ext2") == 0) ||
+ (strcmp(sb->s_type->name, "ext3") == 0) ||
+ (strcmp(sb->s_type->name, "reiserfs") == 0)) {
+ /* PSIDs only work for persistent file systems with
+ persistent inode numbers. */
+ if (in_interrupt()) {
+ sbsec->initializing = 0;
+ return 0; /* in interrupt, handle later */
+ }
+
+ rc = psid_init(sb);
+ if (rc) {
+ printk("superblock_precondition: psid_init returned "
+ "%d, retrying... (filesystem=%s, pid=%d)\n",
+ -rc, sb->s_root->d_name.name, current->pid);
+ sbsec->initializing = 0;
+ return 0;
+ }
+ sbsec->uses_psids = 1;
+ } else if (strcmp(sb->s_type->name, "proc") == 0)
+ sbsec->sid = SECINITSID_PROC;
+ else if (strcmp(sb->s_type->name, "devpts") == 0)
+ sbsec->sid = SECINITSID_DEVPTS;
+ else if (strcmp(sb->s_type->name, "nfs") == 0)
+ sbsec->sid = SECINITSID_NFS;
+ else if ( (strcmp(sb->s_type->name, "tmpfs") == 0) ||
+ (strcmp(sb->s_type->name, "shm") == 0))
+ sbsec->sid = SECINITSID_TMPFS;
+ else if ( (strcmp(sb->s_type->name, "devfs") == 0))
+ sbsec->sid = SECINITSID_DEVFS;
+ else if ( (strcmp(sb->s_type->name, "pipefs") == 0) ||
+ (strcmp(sb->s_type->name, "sockfs") == 0))
+ sbsec->uses_task = 1;
+
+ sbsec->initialized = 1;
+
+ return 1;
+}
+
+/*
+ * Set the SID on a /proc entry.
+ * The top-level directory is labeled with the proc initial SID.
+ * The kmsg and kcore files are labeled with the kmsg and kcore initial SIDs.
+ * The /proc/sys entries are labeled consistently with the sysctl variables.
+ * The /proc/PID entries are labeled with the SID of the owning process.
+ * Most entries simply inherit their SID from the parent directory SID.
+ *
+ * Precondition: the inode_security_struct has been allocated
+ * and initialized by inode_precondition.
+ */
+static void procfs_set_sid(struct dentry *dentry)
+{
+ struct task_security_struct *tsec;
+ struct inode_security_struct *isec, *pisec;
+ struct dentry *parent;
+ unsigned int pid, c;
+ struct task_struct *task;
+ const char *name;
+ int len, len2, rc;
+
+ if (!dentry->d_inode)
+ return;
+
+ /* Initialize the SID to the proc initial SID. */
+ isec = dentry->d_inode->i_security;
+ if (!isec)
+ return;
+ isec->sid = SECINITSID_PROC;
+
+ name = dentry->d_name.name;
+ len = dentry->d_name.len;
+
+ parent = dentry->d_parent;
+ if (!parent || parent == dentry) {
+ /* /proc. Done. */
+ return;
+ }
+
+ /* Ensure that the parent entry's attributes are set. */
+ rc = inode_precondition(parent->d_inode);
+ if (rc <= 0)
+ return;
+ pisec = parent->d_inode->i_security;
+
+ /* Inherit the SID from the parent by default. */
+ isec->sid = pisec->sid;
+
+ if (pisec->ctl) {
+ /* A /proc/sys entry. Search the parent's table
+ for this entry to find its SID. */
+ struct ctl_sid *ctl;
+ for (ctl = pisec->ctl; ctl->ctl_name; ctl++) {
+ len2 = strlen(ctl->procname);
+ if (len == len2 && !memcmp(name, ctl->procname, len)) {
+ isec->sid = ctl->sid;
+ isec->ctl = ctl->child;
+ break;
+ }
+ }
+ return;
+ }
+
+ if (parent->d_parent != parent) {
+ /* This entry is not in the top-level /proc directory.
+ Simply return, inheriting from the parent. */
+ return;
+ }
+
+ /* Check for /proc/kmsg and /proc/kcore. */
+ if (len == 4 && !memcmp(name, "kmsg", 4)) {
+ isec->sid = SECINITSID_PROC_KMSG;
+ return;
+ }
+ if (len == 5 && !memcmp(name, "kcore", 5)) {
+ isec->sid = SECINITSID_PROC_KCORE;
+ return;
+ }
+
+ /* Check for /proc/sys. */
+ if (len == 3 && !memcmp(name, "sys", 3)) {
+ isec->sid = SECINITSID_SYSCTL;
+ isec->ctl = ctl_sid_root_table;
+ return;
+ }
+
+ /* For /proc/PID entries, use the SID of the owning process.
+ Derived from fs/proc/base.c:proc_pid_lookup. */
+#define MAX_MULBY10 ((~0U-9)/10)
+ pid = 0;
+ while (len-- > 0) {
+ c = *name - '0';
+ name++;
+ if (c > 9)
+ return;
+ if (pid >= MAX_MULBY10)
+ return;
+ pid *= 10;
+ pid += c;
+ if (!pid)
+ return;
+ }
+
+ read_lock(&tasklist_lock);
+ task = find_task_by_pid(pid);
+ if (task)
+ get_task_struct(task);
+ read_unlock(&tasklist_lock);
+ if (!task)
+ return;
+
+ rc = task_precondition(task);
+ if (rc <= 0) {
+ printk("task_precondition failed, rc=%d, pid=%d\n", -rc, task->pid);
+ put_task_struct(task);
+ return;
+ }
+ tsec = task->security;
+ isec->sid = tsec->sid;
+ put_task_struct(task);
+
+ return;
+}
+
+extern char * avc_d_path(struct dentry *dentry,
+ char *buffer, int buflen);
+
+/* The inode's security attributes must be initialized before first use. */
+int inode_precondition(struct inode *inode)
+{
+ struct superblock_security_struct *sbsec = NULL;
+ struct inode_security_struct *isec = inode->i_security;
+ struct task_security_struct *tsec;
+ security_id_t sid;
+ char *buffer, *path;
+ struct dentry *dentry;
+ int rc;
+
+ rc = ss_precondition();
+ if (rc <= 0)
+ return rc;
+
+ if (isec && isec->magic == SELINUX_MAGIC) {
+ if (isec->initialized)
+ return 1;
+ } else {
+ rc = inode_alloc_security(inode);
+ if (rc)
+ return rc;
+ isec = inode->i_security;
+ }
+
+ if (test_and_set_bit(0, &isec->initializing))
+ return 0; /* currently initializing */
+
+ if (inode->i_sb) {
+ rc = superblock_precondition(inode->i_sb);
+ if (rc <= 0) {
+ isec->initializing = 0;
+ return rc;
+ }
+ sbsec = inode->i_sb->s_security;
+ }
+
+ if (inode->i_sock) {
+ struct socket *sock = SOCKET_I(inode);
+ if (sock->sk) {
+ isec->sclass = socket_type_to_security_class(sock->sk->family, sock->sk->type);
+ } else {
+ /* else TCP control message? */
+ isec->sclass = SECCLASS_SOCKET;
+ }
+ } else {
+ isec->sclass = inode_mode_to_security_class(inode->i_mode);
+ }
+
+ if (sbsec) {
+ if (sbsec->uses_psids) {
+ if (in_interrupt()) {
+ isec->initializing = 0;
+ return 0; /* in interrupt, handle later */
+ }
+
+ rc = psid_to_sid(inode, &isec->sid);
+ if (rc) {
+ printk("inode_precondition: psid_to_sid returned %d for inode %p\n", -rc, inode);
+ isec->initializing = 0;
+ return rc;
+ }
+ } else if (sbsec->uses_task) {
+ isec->sid = isec->task_sid;
+ } else {
+ if (in_interrupt()) {
+ isec->initializing = 0;
+ return 0; /* in interrupt, handle later */
+ }
+
+ /* Inherit from the file system */
+ isec->sid = sbsec->sid;
+ }
+
+ if (sbsec->sid == SECINITSID_PROC) {
+ /* Handle procfs entries. */
+ dentry = d_find_alias(inode);
+ if (dentry) {
+ procfs_set_sid(dentry);
+ dput(dentry);
+ }
+ }
+ if (sbsec->sid == SECINITSID_DEVFS) {
+ /* Handle devfs entries. */
+ dentry = d_find_alias(inode);
+ if (dentry) {
+ buffer = (char*)__get_free_page(GFP_KERNEL);
+ if (buffer) {
+ path = avc_d_path(dentry, buffer,
+ PAGE_SIZE);
+ if (path) {
+ security_devfs_sid(path,
+ isec->sclass,
+ &isec->sid);
+ }
+ free_page((unsigned long)buffer);
+ }
+ dput(dentry);
+ }
+ }
+ if (sbsec->sid == SECINITSID_DEVPTS) {
+ dentry = d_find_alias(inode);
+ if (dentry) {
+ tsec = current->security;
+ rc = security_transition_sid(tsec->sid,
+ SECINITSID_DEVPTS,
+ SECCLASS_CHR_FILE, &sid);
+ if( !rc ) {
+ isec->sid = sid;
+ }
+ dput(dentry);
+ }
+ }
+ if (sbsec->sid == SECINITSID_TMPFS) {
+ tsec = current->security;
+ rc = security_transition_sid(tsec->sid,
+ SECINITSID_TMPFS,
+ isec->sclass,
+ &sid);
+ if( !rc )
+ isec->sid = sid;
+ }
+ }
+
+ isec->initialized = 1;
+
+ return 1;
+}
+
+/* The task's security attributes must be initialized before first use. */
+int task_precondition(struct task_struct *task)
+{
+ struct task_security_struct *tsec = task->security, *psec;
+ struct task_struct *parent = task->p_pptr;
+ struct vm_area_struct *vma = NULL;
+ struct inode *inode = NULL;
+ struct inode_security_struct *isec;
+ security_id_t newsid;
+ security_context_t context;
+ char *buffer = NULL, *path = NULL;
+ __u32 len;
+ int rc;
+
+ rc = ss_precondition();
+ if (rc <= 0)
+ return rc;
+
+ if (tsec && tsec->magic == SELINUX_MAGIC)
+ return 1;
+
+ if (in_interrupt()) {
+ return 0; /* in interrupt, handle later */
+ }
+
+ parent = task->p_pptr;
+ if (parent == task) {
+ rc = task_alloc_security(task);
+ if (rc)
+ return rc;
+ tsec = task->security;
+ tsec->osid = tsec->sid = SECINITSID_KERNEL;
+ goto out;
+ }
+
+ rc = task_precondition(parent);
+ if (rc <= 0)
+ return rc;
+ psec = parent->security;
+
+ rc = task_alloc_security(task);
+ if (rc)
+ return rc;
+ tsec = task->security;
+
+ /* Default to the attributes of my parent. */
+ tsec->osid = psec->osid;
+ tsec->sid = psec->sid;
+
+ /* Try to determine the executable. */
+ if (!task->mm)
+ goto out;
+ for (vma = task->mm->mmap; vma; vma = vma->vm_next) {
+ if ((vma->vm_flags & VM_EXECUTABLE) &&
+ vma->vm_file) {
+ break;
+ }
+ }
+ if (!vma)
+ goto out;
+
+ /* Try to obtain the executable's security attributes. */
+ inode = vma->vm_file->f_dentry->d_inode;
+ if (!inode)
+ goto out;
+ rc = inode_precondition(inode);
+ if (rc <= 0) {
+ /* May be in the midst of initializing the PSID mapping. */
+ task_free_security(task);
+ return rc;
+ }
+ isec = inode->i_security;
+
+ /* Compute my attributes based on the attributes of my
+ parent and my executable. */
+ rc = security_transition_sid(psec->sid,
+ isec->sid,
+ SECCLASS_PROCESS,
+ &newsid);
+ if (rc) {
+ printk("task_precondition: security_transition_sid returned %d\n", -rc);
+ goto out;
+ }
+
+ tsec->sid = newsid;
+
+
+out:
+ /* Typically, a task's attributes are initially assigned
+ by task_alloc_security and changed upon program execution
+ by bprm_compute_creds. So task_precondition should
+ only determine a task's attributes if the task
+ was created prior to the initialization of this module.
+ Show all such assignments until we are sure that they
+ occur correctly both in the static case and the dynamically
+ loaded case. */
+
+ if (vma) {
+ buffer = (char*)__get_free_page(GFP_KERNEL);
+ if (buffer) {
+ path = d_path(vma->vm_file->f_dentry,
+ vma->vm_file->f_vfsmnt,
+ buffer, PAGE_SIZE);
+ }
+ }
+
+ rc = security_sid_to_context(tsec->sid, &context, &len);
+ if (rc) {
+ printk("task_precondition: assigning SID %d to pid %d exe=%s\n", tsec->sid, task->pid, path ? path : "none");
+ } else {
+ printk("task_precondition: assigning context %s to pid %d exe=%s\n", context, task->pid, path ? path : "none");
+ kfree(context);
+ }
+ if (buffer)
+ free_page((unsigned long)buffer);
+
+ return 1;
+}
+
+/* The file's security attributes must be initialized before first use. */
+int file_precondition(struct file *file)
+{
+ struct file_security_struct *fsec = file->f_security;
+ int rc;
+
+ rc = ss_precondition();
+ if (rc <= 0)
+ return rc;
+
+ if (fsec && fsec->magic == SELINUX_MAGIC)
+ return 1;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+
+ rc = file_alloc_security(current, file);
+ if (rc)
+ return rc;
+
+ return 1;
+}
+
+/* The network interface security attributes must be initialized before
+ * first use. */
+int netdev_precondition(struct net_device *dev)
+{
+ struct netdev_security_struct *nsec = dev->security;
+ int rc;
+
+ rc = ss_precondition();
+ if (rc <= 0)
+ return rc;
+
+ if (nsec && nsec->magic == SELINUX_MAGIC)
+ return 1;
+
+ rc = netdev_alloc_security(dev);
+ if (rc)
+ return rc;
+
+ /* Set the SID for the device and the default message SID */
+ nsec = dev->security;
+
+ rc = security_netif_sid(dev->name, &nsec->sid,
+ &nsec->default_msg_sid);
+ if (rc)
+ return rc;
+
+ return 1;
+}
+
+/* Check permission betweeen a pair of tasks, e.g. signal checks,
+ fork check, ptrace check, etc. */
+int task_has_perm(struct task_struct *tsk1,
+ struct task_struct *tsk2,
+ access_vector_t perms)
+{
+ struct task_security_struct *tsec1, *tsec2;
+ int rc;
+
+ rc = task_precondition(tsk1);
+ if (rc <= 0)
+ return rc;
+ rc = task_precondition(tsk2);
+ if (rc <= 0)
+ return rc;
+ tsec1 = tsk1->security;
+ tsec2 = tsk2->security;
+ return avc_has_perm_ref(tsec1->sid, tsec2->sid,
+ SECCLASS_PROCESS, perms, &tsec2->avcr);
+}
+
+/* Check whether a task is allowed to use a capability. */
+int task_has_capability(struct task_struct *tsk,
+ int cap)
+{
+ struct task_security_struct *tsec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(tsk);
+ if (rc <= 0)
+ return rc;
+
+ tsec = tsk->security;
+ AVC_AUDIT_DATA_INIT(&ad,CAP);
+ ad.u.cap = cap;
+ return avc_has_perm_audit(tsec->sid, tsec->sid,
+ SECCLASS_CAPABILITY, CAP_TO_MASK(cap), &ad);
+}
+
+/* Check whether a task is allowed to use a system operation. */
+int task_has_system(struct task_struct *tsk,
+ access_vector_t perms)
+{
+ struct task_security_struct *tsec;
+ int rc;
+
+ rc = task_precondition(tsk);
+ if (rc <= 0)
+ return rc;
+
+ tsec = tsk->security;
+
+ return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
+ SECCLASS_SYSTEM, perms);
+}
+
+/* Check whether a task is allowed to use a security operation. */
+int task_has_security(struct task_struct *tsk,
+ access_vector_t perms)
+{
+ struct task_security_struct *tsec;
+ int rc;
+
+ rc = task_precondition(tsk);
+ if (rc <= 0)
+ return rc;
+
+ tsec = tsk->security;
+
+ return avc_has_perm(tsec->sid, SECINITSID_SECURITY,
+ SECCLASS_SECURITY, perms);
+}
+
+/* Check whether a task has a particular permission to an inode.
+ The 'aeref' parameter is optional and allows other AVC
+ entry references to be passed (e.g. the one in the struct file).
+ The 'adp' parameter is optional and allows other audit
+ data to be passed (e.g. the dentry). */
+int inode_has_perm(struct task_struct *tsk,
+ struct inode *inode,
+ access_vector_t perms,
+ avc_entry_ref_t *aeref,
+ avc_audit_data_t *adp)
+{
+ struct task_security_struct *tsec;
+ struct inode_security_struct *isec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(tsk);
+ if (rc <= 0)
+ return rc;
+ rc = inode_precondition(inode);
+ if (rc <= 0)
+ return rc;
+ tsec = tsk->security;
+ isec = inode->i_security;
+
+ if (!adp) {
+ adp = &ad;
+ AVC_AUDIT_DATA_INIT(&ad, FS);
+ ad.u.fs.inode = inode;
+ }
+
+ return avc_has_perm_ref_audit(tsec->sid, isec->sid, isec->sclass,
+ perms, aeref ? aeref : &isec->avcr, adp);
+}
+
+/* Same as inode_has_perm, but pass explicit audit data containing
+ the dentry to help the auditing code to more easily generate the
+ pathname if needed. */
+static inline int dentry_has_perm(struct task_struct *tsk,
+ struct dentry *dentry,
+ access_vector_t av,
+ avc_entry_ref_t *aeref)
+{
+ struct inode *inode = dentry->d_inode;
+ avc_audit_data_t ad;
+ AVC_AUDIT_DATA_INIT(&ad,FS);
+ ad.u.fs.dentry = dentry;
+ return inode_has_perm(tsk, inode, av, aeref, &ad);
+}
+
+/* Check whether a task can use an open file descriptor to
+ access an inode in a given way. Check access to the
+ descriptor itself, and then use dentry_has_perm to
+ check a particular permission to the file.
+ Access to the descriptor is implicitly granted if it
+ has the same SID as the process. If av is zero, then
+ access to the file is not checked, e.g. for cases
+ where only the descriptor is affected like seek. */
+static inline int file_has_perm(struct task_struct *tsk,
+ struct file *file,
+ access_vector_t av)
+{
+ struct task_security_struct *tsec;
+ struct file_security_struct *fsec;
+ struct dentry *dentry = file->f_dentry;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(tsk);
+ if (rc <= 0)
+ return rc;
+ rc = file_precondition(file);
+ if (rc <= 0)
+ return rc;
+
+ tsec = tsk->security;
+ fsec = file->f_security;
+
+ if (tsec->sid != fsec->sid) {
+ AVC_AUDIT_DATA_INIT(&ad, FS);
+ ad.u.fs.dentry = file->f_dentry;
+
+ rc = avc_has_perm_ref_audit(tsec->sid, fsec->sid,
+ SECCLASS_FD,
+ FD__USE,
+ &fsec->avcr, &ad);
+ if (rc)
+ return rc;
+ }
+
+ /* av is zero if only checking access to the descriptor. */
+ if (av)
+ return dentry_has_perm(tsk, dentry, av, &fsec->inode_avcr);
+
+ return 0;
+}
+
+/* Check whether a task can create a file. */
+static int may_create(struct inode *dir,
+ struct dentry *dentry,
+ security_class_t tclass)
+{
+ struct task_security_struct *tsec;
+ struct inode_security_struct *dsec;
+ struct superblock_security_struct *sbsec;
+ security_id_t newsid;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = inode_precondition(dir);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ dsec = dir->i_security;
+
+ AVC_AUDIT_DATA_INIT(&ad, FS);
+ ad.u.fs.dentry = dentry;
+
+ rc = avc_has_perm_ref_audit(tsec->sid, dsec->sid, SECCLASS_DIR,
+ DIR__ADD_NAME | DIR__SEARCH,
+ &dsec->avcr, &ad);
+ if (rc)
+ return rc;
+
+ if (tsec->in_sid[0]) {
+ newsid = tsec->in_sid[0];
+ } else {
+ rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
+ &newsid);
+ if (rc)
+ return rc;
+ }
+
+ rc = avc_has_perm_audit(tsec->sid, newsid, tclass, FILE__CREATE, &ad);
+ if (rc)
+ return rc;
+
+ if (dir->i_sb) {
+ sbsec = dir->i_sb->s_security;
+
+ rc = avc_has_perm_audit(newsid, sbsec->sid,
+ SECCLASS_FILESYSTEM,
+ FILESYSTEM__ASSOCIATE, &ad);
+ if (rc)
+ return rc;
+ }
+
+ return 0;
+}
+
+#define MAY_LINK 0
+#define MAY_UNLINK 1
+#define MAY_RMDIR 2
+
+/* Check whether a task can link, unlink, or rmdir a file/directory. */
+static int may_link(struct inode *dir,
+ struct dentry *dentry,
+ int kind)
+
+{
+ struct task_security_struct *tsec;
+ struct inode_security_struct *dsec, *isec;
+ avc_audit_data_t ad;
+ access_vector_t av;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = inode_precondition(dir);
+ if (rc <= 0)
+ return rc;
+ rc = inode_precondition(dentry->d_inode);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ dsec = dir->i_security;
+ isec = dentry->d_inode->i_security;
+
+ AVC_AUDIT_DATA_INIT(&ad, FS);
+ ad.u.fs.dentry = dentry;
+
+ av = DIR__SEARCH;
+ av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
+ rc = avc_has_perm_ref_audit(tsec->sid, dsec->sid, SECCLASS_DIR,
+ av, &dsec->avcr, &ad);
+ if (rc)
+ return rc;
+
+ switch (kind) {
+ case MAY_LINK:
+ av = FILE__LINK;
+ break;
+ case MAY_UNLINK:
+ av = FILE__UNLINK;
+ break;
+ case MAY_RMDIR:
+ av = DIR__RMDIR;
+ break;
+ default:
+ printk("may_link: unrecognized kind %d\n", kind);
+ return 0;
+ }
+
+ rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, isec->sclass,
+ av, &isec->avcr, &ad);
+ return rc;
+}
+
+static inline int may_rename(struct inode *old_dir,
+ struct dentry *old_dentry,
+ struct inode *new_dir,
+ struct dentry *new_dentry)
+{
+ struct task_security_struct *tsec;
+ struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
+ avc_audit_data_t ad;
+ access_vector_t av;
+ int old_is_dir, new_is_dir;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = inode_precondition(old_dir);
+ if (rc <= 0)
+ return rc;
+ rc = inode_precondition(new_dir);
+ if (rc <= 0)
+ return rc;
+ rc = inode_precondition(old_dentry->d_inode);
+ if (rc <= 0)
+ return rc;
+ if (new_dentry->d_inode) {
+ rc = inode_precondition(new_dentry->d_inode);
+ if (rc <= 0)
+ return rc;
+ }
+
+ tsec = current->security;
+ old_dsec = old_dir->i_security;
+ old_isec = old_dentry->d_inode->i_security;
+ old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
+ new_dsec = new_dir->i_security;
+
+ AVC_AUDIT_DATA_INIT(&ad, FS);
+
+ ad.u.fs.dentry = old_dentry;
+ rc = avc_has_perm_ref_audit(tsec->sid, old_dsec->sid, SECCLASS_DIR,
+ DIR__REMOVE_NAME | DIR__SEARCH,
+ &old_dsec->avcr, &ad);
+ if (rc)
+ return rc;
+ rc = avc_has_perm_ref_audit(tsec->sid, old_isec->sid,
+ old_isec->sclass,
+ FILE__RENAME,
+ &old_isec->avcr, &ad);
+ if (rc)
+ return rc;
+ if (old_is_dir && new_dir != old_dir) {
+ rc = avc_has_perm_ref_audit(tsec->sid, old_isec->sid,
+ old_isec->sclass,
+ DIR__REPARENT,
+ &old_isec->avcr, &ad);
+ if (rc)
+ return rc;
+ }
+
+ ad.u.fs.dentry = new_dentry;
+ av = DIR__ADD_NAME | DIR__SEARCH;
+ if (new_dentry->d_inode)
+ av |= DIR__REMOVE_NAME;
+ rc = avc_has_perm_ref_audit(tsec->sid, new_dsec->sid, SECCLASS_DIR,
+ av,&new_dsec->avcr, &ad);
+ if (rc)
+ return rc;
+ if (new_dentry->d_inode) {
+ new_isec = new_dentry->d_inode->i_security;
+ new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
+ rc = avc_has_perm_ref_audit(tsec->sid, new_isec->sid,
+ new_isec->sclass,
+ (new_is_dir ? DIR__RMDIR : FILE__UNLINK),
+ &new_isec->avcr, &ad);
+ if (rc)
+ return rc;
+ }
+
+ return 0;
+}
+
+/* Check whether a task can perform a filesystem operation. */
+int superblock_has_perm(struct task_struct *tsk,
+ struct super_block *sb,
+ access_vector_t perms,
+ avc_audit_data_t *ad)
+{
+ struct task_security_struct *tsec;
+ struct superblock_security_struct *sbsec;
+ int rc;
+
+ rc = task_precondition(tsk);
+ if (rc <= 0)
+ return rc;
+ rc = superblock_precondition(sb);
+ if (rc <= 0)
+ return rc;
+ tsec = tsk->security;
+ sbsec = sb->s_security;
+ return avc_has_perm_audit(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
+ perms, ad);
+}
+
+/* Convert a Linux mode and permission mask to an access vector. */
+static inline access_vector_t file_mask_to_av(int mode, int mask)
+{
+ access_vector_t av = 0;
+
+ if ((mode & S_IFMT) != S_IFDIR) {
+ if (mask & MAY_EXEC)
+ av |= FILE__EXECUTE;
+ if (mask & MAY_READ)
+ av |= FILE__READ;
+
+ if (mask & MAY_APPEND)
+ av |= FILE__APPEND;
+ else if (mask & MAY_WRITE)
+ av |= FILE__WRITE;
+
+ } else {
+ if (mask & MAY_EXEC)
+ av |= DIR__SEARCH;
+ if (mask & MAY_WRITE)
+ av |= DIR__WRITE;
+ if (mask & MAY_READ)
+ av |= DIR__READ;
+ }
+
+ return av;
+}
+
+/* Convert a Linux file to an access vector. */
+static inline access_vector_t file_to_av(struct file *file)
+{
+ access_vector_t av = 0;
+
+ if (file->f_mode & FMODE_READ)
+ av |= FILE__READ;
+ if (file->f_mode & FMODE_WRITE) {
+ if (file->f_flags & O_APPEND)
+ av |= FILE__APPEND;
+ else
+ av |= FILE__WRITE;
+ }
+ return av;
+}
+
+/* Set an inode's SID, where the inode may or may not already
+ have a security structure. */
+int inode_security_set_sid(struct inode *inode, security_id_t sid)
+{
+ struct inode_security_struct *isec = inode->i_security;
+ int rc;
+
+ if (!isec) {
+ rc = inode_alloc_security(inode);
+ if (rc)
+ return rc;
+ isec = inode->i_security;
+ }
+ isec->sclass = inode_mode_to_security_class(inode->i_mode);
+ isec->sid = sid;
+ isec->initialized = 1;
+ return 0;
+}
+
+/* Set the security attributes on a newly created file. */
+static int post_create(struct inode *dir,
+ struct dentry *dentry)
+{
+
+ struct task_security_struct *tsec;
+ struct inode_security_struct *dsec;
+ struct superblock_security_struct *sbsec;
+ security_id_t newsid;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = inode_precondition(dir);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ dsec = dir->i_security;
+
+ if (!dentry->d_inode) {
+ /* Some file system types (e.g. NFS) may not instantiate
+ a dentry for all create operations (e.g. symlink),
+ so we have to check to see if the inode is non-NULL. */
+ printk("post_create: unable to set SID dir dev=%s ino=%ld\n", kdevname(dir->i_dev), dir->i_ino);
+ return 0;
+ }
+
+ /* XXX: Need a way to propagate SID from may_create to post_create. */
+ if (tsec->in_sid[0]) {
+ newsid = tsec->in_sid[0];
+ } else {
+ rc = security_transition_sid(tsec->sid, dsec->sid,
+ inode_mode_to_security_class(dentry->d_inode->i_mode),
+ &newsid);
+ if (rc) {
+ printk("post_create: unable to obtain new SID, rc=%d\n",-rc);
+ return rc;
+ }
+ }
+
+ rc = inode_security_set_sid(dentry->d_inode, newsid);
+ if (rc) {
+ printk("post_create: unable to set new SID, rc=%d\n",-rc);
+ return rc;
+ }
+
+ if (dir->i_sb) {
+ sbsec = dir->i_sb->s_security;
+ if (sbsec && sbsec->uses_psids) {
+ rc = sid_to_psid(dentry->d_inode, newsid);
+ if (rc) {
+ printk("post_create: unable to set new PSID, rc=%d\n",-rc);
+ return rc;
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+/* Hook functions begin here. */
+
+/* assorted security operations (mostly syscall interposition) */
+
+static int selinux_sethostname(char *hostname)
+{
+ /* Controlled via the capable hook - CAP_SYS_ADMIN */
+ return 0;
+}
+
+static int selinux_setdomainname(char *domainname)
+{
+ /* Controlled via the capable hook - CAP_SYS_ADMIN */
+ return 0;
+}
+
+static int selinux_reboot(unsigned int cmd)
+{
+ /* Controlled via the capable hook - CAP_SYS_BOOT */
+ return 0;
+}
+
+static int selinux_ioperm(unsigned long from, unsigned long num, int turn_on)
+{
+ /* Controlled via the capable hook - CAP_SYS_RAWIO */
+ return 0;
+}
+
+static int selinux_iopl(unsigned int old, unsigned int level)
+{
+ /* Controlled via the capable hook - CAP_SYS_RAWIO */
+ return 0;
+}
+
+static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
+{
+ int rc;
+
+ rc = secondary_ops->ptrace(parent,child);
+ if (rc)
+ return rc;
+
+ return task_has_perm(parent, child, PROCESS__PTRACE);
+}
+
+static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted)
+{
+ int error;
+
+ error = task_has_perm(current, target, PROCESS__GETCAP);
+ if (error)
+ return error;
+
+ return secondary_ops->capget(target, effective, inheritable, permitted);
+}
+
+static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted)
+{
+ int error;
+
+ error = task_has_perm(current, target, PROCESS__SETCAP);
+ if (error)
+ return error;
+
+ return secondary_ops->capset_check(target, effective, inheritable, permitted);
+}
+
+static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted)
+{
+ int error;
+
+ error = task_has_perm(current, target, PROCESS__SETCAP);
+ if (error)
+ return;
+
+ return secondary_ops->capset_set(target, effective, inheritable, permitted);
+}
+
+static int selinux_acct(struct file *file)
+{
+ /* Controlled via the capable hook - CAP_SYS_PACCT */
+ return 0;
+}
+
+static int selinux_capable(struct task_struct *tsk, int cap)
+{
+ int rc;
+
+ rc = secondary_ops->capable(tsk, cap);
+ if (rc)
+ return rc;
+
+ return task_has_capability(tsk,cap);
+}
+
+/* Function to search the hierarchy of ctl_sid tables for a match with a
+ given ctl table, where a match is defined as ctl_name and procname
+ being equal. */
+static security_id_t search_ctl_sid(ctl_sid *root, ctl_table *table)
+{
+ ctl_sid *t;
+ for(t = root; t->ctl_name; t++) {
+ if((t->ctl_name == table->ctl_name) &&
+ (strcmp(t->procname, table->procname) == 0)) {
+ return t->sid;
+ }
+ if(t->child)
+ return search_ctl_sid(t->child, table);
+ }
+ return SECINITSID_SYSCTL;
+}
+
+static int selinux_sysctl(ctl_table *table, int op)
+{
+ int error = 0;
+ access_vector_t av;
+ struct task_security_struct *tsec;
+ security_id_t tsid;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ tsid = search_ctl_sid(ctl_sid_root_table, table);
+
+ /* The op values are "defined" in sysctl.c, thereby creating
+ * a bad coupling between this module and sysctl.c */
+ if(op == 001) {
+ error = avc_has_perm(tsec->sid, tsid,
+ SECCLASS_DIR, DIR__SEARCH);
+ } else {
+ av = 0;
+ if (op & 004)
+ av |= FILE__READ;
+ if (op & 002)
+ av |= FILE__WRITE;
+ if (av)
+ error = avc_has_perm(tsec->sid, tsid,
+ SECCLASS_FILE, av);
+ }
+
+ return error;
+}
+
+static int selinux_sys_security(unsigned int magic, unsigned int call, unsigned long *args)
+{
+ /* This hook function is not used, because the SELinux
+ module replaces the generic security syscall with its
+ own call in order to have the registers on the stack
+ available for execve_secure. */
+ return -ENOSYS;
+}
+
+static int selinux_swapon(struct swap_info_struct *swap)
+{
+ return file_has_perm(current, swap->swap_file, FILE__SWAPON);
+}
+
+static int selinux_swapoff(struct swap_info_struct *swap)
+{
+ /* Controlled via the capable hook - CAP_SYS_ADMIN */
+ return 0;
+}
+
+static int selinux_nfsservctl(int cmd, struct nfsctl_arg *arg)
+{
+ return task_has_system(current, SYSTEM__NFSD_CONTROL);
+}
+
+static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
+{
+ int rc = 0;
+
+ if (!sb)
+ return 0;
+
+ switch (cmds) {
+ case Q_QUOTAON:
+ case Q_QUOTAOFF:
+ case Q_SETQUOTA:
+ case Q_SETUSE:
+ case Q_SETQLIM:
+ case Q_SYNC:
+ CASE_QMOD
+ rc = superblock_has_perm(current,
+ sb,
+ FILESYSTEM__QUOTAMOD, NULL);
+ break;
+ case Q_GETQUOTA:
+ case Q_GETSTATS:
+ CASE_QGET
+ rc = superblock_has_perm(current,
+ sb,
+ FILESYSTEM__QUOTAGET, NULL);
+ break;
+ default:
+ rc = 0; /* let the kernel handle invalid cmds */
+ break;
+ }
+ return rc;
+}
+
+static int selinux_quota_on(struct file *f)
+{
+ return file_has_perm(current, f, FILE__QUOTAON);;
+}
+
+static int selinux_bdflush(int func, long data)
+{
+ return task_has_system(current, SYSTEM__BDFLUSH);
+}
+
+static int selinux_syslog(int type)
+{
+ int rc;
+
+ switch (type) {
+ case 3: /* Read last kernel messages */
+ rc = task_has_system(current, SYSTEM__SYSLOG_READ);
+ break;
+ case 6: /* Disable logging to console */
+ case 7: /* Enable logging to console */
+ case 8: /* Set level of messages printed to console */
+ rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
+ break;
+ case 0: /* Close log */
+ case 1: /* Open log */
+ case 2: /* Read from log */
+ case 4: /* Read/clear last kernel messages */
+ case 5: /* Clear ring buffer */
+ default:
+ rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
+ break;
+ }
+ return rc;
+}
+
+static int selinux_netlink_send(struct sk_buff *skb)
+{
+ if (capable(CAP_NET_ADMIN))
+ cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN);
+ else
+ NETLINK_CB(skb).eff_cap = 0;
+ return 0;
+}
+
+static int selinux_netlink_recv(struct sk_buff *skb)
+{
+ if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN))
+ return -EPERM;
+ return 0;
+}
+
+/* binprm security operations */
+
+static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
+{
+ bprm->security = NULL;
+ return 0;
+}
+
+static int selinux_bprm_set_security(struct linux_binprm *bprm)
+{
+ struct task_security_struct *tsec, *psec;
+ struct inode *inode = bprm->file->f_dentry->d_inode;
+ struct inode_security_struct *isec;
+ security_id_t newsid;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = secondary_ops->bprm_ops->set_security(bprm);
+ if (rc)
+ return rc;
+
+ if (bprm->sh_bang || bprm->security)
+ /* The security field should already be set properly. */
+ return 0;
+
+ /* Preconditions */
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = inode_precondition(inode);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ isec = inode->i_security;
+
+ /* Default to the current task SID. */
+ bprm->security = (void *)tsec->sid;
+
+ if (tsec->in_sid[0]) {
+ newsid = tsec->in_sid[0];
+ } else {
+ /* Check for a default transition on this program. */
+ rc = security_transition_sid(tsec->sid, isec->sid, SECCLASS_PROCESS,
+ &newsid);
+ if (rc)
+ return rc;
+ }
+
+ AVC_AUDIT_DATA_INIT(&ad, FS);
+ ad.u.fs.dentry = bprm->file->f_dentry;
+
+ if (tsec->sid == newsid) {
+ rc = avc_has_perm_ref_audit(tsec->sid, isec->sid,
+ SECCLASS_FILE, FILE__EXECUTE_NO_TRANS,
+ &isec->avcr, &ad);
+ if (rc)
+ return rc;
+ } else {
+ /* Check permissions for the transition. */
+ rc = avc_has_perm_audit(tsec->sid, newsid,
+ SECCLASS_PROCESS, PROCESS__TRANSITION,
+ &ad);
+ if (rc)
+ return rc;
+
+ rc = avc_has_perm_ref_audit(newsid, isec->sid,
+ SECCLASS_FILE, FILE__ENTRYPOINT,
+ &isec->avcr, &ad);
+ if (rc)
+ return rc;
+
+ /* Check ptrace permission between the parent and
+ the new SID for this process if this process is
+ being traced. */
+ if (current->ptrace & PT_PTRACED) {
+ rc = task_precondition(current->p_pptr);
+ if (rc <= 0)
+ return rc;
+ psec = current->p_pptr->security;
+ rc = avc_has_perm(psec->sid, newsid,
+ SECCLASS_PROCESS, PROCESS__PTRACE);
+ if (rc)
+ return rc;
+ }
+
+ /* Check share permission between the old and new SIDs
+ of the process if the process will share state. */
+ if ((atomic_read(¤t->fs->count) > 1 ||
+ atomic_read(¤t->files->count) > 1 ||
+ atomic_read(¤t->sig->count) > 1)) {
+ rc = avc_has_perm(tsec->sid, newsid,
+ SECCLASS_PROCESS, PROCESS__SHARE);
+ if (rc)
+ return rc;
+ }
+
+ /* Set the security field to the new SID. */
+ bprm->security = (void*) newsid;
+ }
+
+ return 0;
+}
+
+static void selinux_bprm_free_security(struct linux_binprm *bprm)
+{
+ /* Nothing to do - not dynamically allocated. */
+ return;
+}
+
+/* Derived from fs/exec.c:flush_old_files. */
+static inline void flush_unauthorized_files(struct files_struct * files)
+{
+ avc_audit_data_t ad;
+ struct file *file;
+ long j = -1;
+
+ AVC_AUDIT_DATA_INIT(&ad,FS);
+
+ read_lock(&files->file_lock);
+ for (;;) {
+ unsigned long set, i;
+
+ j++;
+ i = j * __NFDBITS;
+ if (i >= files->max_fds || i >= files->max_fdset)
+ break;
+ set = files->open_fds->fds_bits[j];
+ if (!set)
+ continue;
+ read_unlock(&files->file_lock);
+ for ( ; set ; i++,set >>= 1) {
+ if (set & 1) {
+ file = fget(i);
+ if (!file)
+ continue;
+ if (file_has_perm(current,
+ file,
+ file_to_av(file)))
+ sys_close(i);
+ fput(file);
+ }
+ }
+ read_lock(&files->file_lock);
+
+ }
+ read_unlock(&files->file_lock);
+}
+
+static void selinux_bprm_compute_creds(struct linux_binprm *bprm)
+{
+ struct task_security_struct *tsec;
+ security_id_t sid;
+ int rc;
+
+ secondary_ops->bprm_ops->compute_creds(bprm);
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return;
+ tsec = current->security;
+
+ sid = (security_id_t)bprm->security;
+ if (!sid)
+ sid = tsec->sid;
+
+ tsec->osid = tsec->sid;
+ if (tsec->sid != sid) {
+ tsec->sid = sid;
+
+ flush_unauthorized_files(current->files);
+
+ /* need to force wait permission check if parent is waiting */
+ wake_up_interruptible(¤t->p_pptr->wait_chldexit);
+ }
+}
+
+/* superblock security operations */
+
+static int selinux_sb_alloc_security(struct super_block *sb)
+{
+ int rc;
+
+ rc = ss_precondition();
+ if (rc <= 0)
+ return rc;
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+
+ return superblock_alloc_security(sb);
+}
+
+static void selinux_sb_free_security(struct super_block *sb)
+{
+ superblock_free_security(sb);
+}
+
+static int selinux_sb_statfs(struct super_block *sb)
+{
+ struct task_security_struct *tsec;
+ struct superblock_security_struct *sbsec;
+ int rc;
+
+ /* This hook function would simply call superblock_has_perm,
+ but it also needs to save the sb SID to support
+ statfs_secure, so we just inline superblock_has_perm. */
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = superblock_precondition(sb);
+ if (rc <= 0)
+ return rc;
+ tsec = current->security;
+ sbsec = sb->s_security;
+
+ tsec->out_sid[0] = sbsec->sid;
+
+ return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
+ FILESYSTEM__GETATTR);
+}
+
+static int selinux_mount(char * dev_name,
+ struct nameidata *nd,
+ char * type,
+ unsigned long flags,
+ void * data)
+{
+ if (flags & MS_REMOUNT)
+ return superblock_has_perm(current, nd->mnt->mnt_sb, FILESYSTEM__REMOUNT, NULL);
+ else
+ return dentry_has_perm(current, nd->dentry, FILE__MOUNTON, NULL);
+}
+
+static int selinux_check_sb(struct vfsmount *mnt, struct nameidata *nd)
+{
+ avc_audit_data_t ad;
+
+
+ AVC_AUDIT_DATA_INIT(&ad,FS);
+ ad.u.fs.dentry = nd->dentry;
+ return superblock_has_perm(current, mnt->mnt_sb, FILESYSTEM__MOUNT, &ad);
+}
+
+static int selinux_umount(struct vfsmount *mnt, int flags)
+{
+ return superblock_has_perm(current,mnt->mnt_sb, FILESYSTEM__UNMOUNT,NULL);
+}
+
+static void selinux_umount_close(struct vfsmount *mnt)
+{
+ struct super_block *sb = mnt->mnt_sb;
+ struct superblock_security_struct *sbsec;
+ int rc;
+
+ rc = superblock_precondition(sb);
+ if (rc <= 0)
+ return;
+ sbsec = sb->s_security;
+
+ if (sbsec && sbsec->uses_psids)
+ psid_release(sb);
+ return;
+}
+
+static void selinux_umount_busy (struct vfsmount *mnt)
+{
+ struct super_block *sb = mnt->mnt_sb;
+ struct superblock_security_struct *sbsec;
+ int rc;
+
+ rc = superblock_precondition(sb);
+ if (rc <= 0)
+ return;
+ sbsec = sb->s_security;
+
+ if (sbsec && sbsec->uses_psids)
+ psid_init(sb);
+
+ return;
+}
+
+static void selinux_post_remount(struct vfsmount *mnt, unsigned long flags, void *data)
+{
+ struct super_block *sb = mnt->mnt_sb;
+ struct superblock_security_struct *sbsec;
+ int rc;
+
+ rc = superblock_precondition(sb);
+ if (rc <= 0)
+ return;
+ sbsec = sb->s_security;
+
+ if (sbsec && sbsec->uses_psids)
+ psid_remount(sb);
+}
+
+static void selinux_post_mountroot (void)
+{
+ int rc;
+
+ rc = security_init();
+ if (rc) {
+ handle_security_init_failure;
+ return;
+ }
+
+ if (!current->fs || !current->fs->rootmnt || !current->fs->rootmnt->mnt_sb) {
+ printk("selinux_post_mountroot: unable to initialize root filesystem.\n");
+ return;
+ }
+
+ rc = superblock_precondition(current->fs->rootmnt->mnt_sb);
+ if (rc <= 0)
+ return;
+
+ return;
+}
+
+static void selinux_post_addmount(struct vfsmount *mnt, struct nameidata *nd)
+{
+ /* No longer necessary due to check_sb, but leave it here until
+ the check_sb hook shows up in the released SELinux prototype. */
+ superblock_precondition(mnt->mnt_sb);
+}
+
+/* inode security operations */
+
+static int selinux_inode_alloc_security(struct inode *inode)
+{
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+
+ return inode_alloc_security(inode);
+}
+
+static void selinux_inode_free_security(struct inode *inode)
+{
+ inode_free_security(inode);
+}
+
+static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
+{
+ return may_create(dir, dentry, SECCLASS_FILE);
+}
+
+static void selinux_inode_post_create(struct inode *dir, struct dentry *dentry, int mask)
+{
+ post_create(dir, dentry);
+}
+
+static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
+{
+ return may_link(dir, old_dentry, MAY_LINK);
+}
+
+static void selinux_inode_post_link(struct dentry *old_dentry, struct inode *inode, struct dentry *new_dentry)
+{
+ return;
+}
+
+static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
+{
+ return may_link(dir, dentry, MAY_UNLINK);
+}
+
+static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
+{
+ return may_create(dir, dentry, SECCLASS_LNK_FILE);
+}
+
+static void selinux_inode_post_symlink(struct inode *dir, struct dentry *dentry, const char *name)
+{
+ post_create(dir, dentry);
+}
+
+static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
+{
+ return may_create(dir, dentry, SECCLASS_DIR);
+}
+
+static void selinux_inode_post_mkdir(struct inode *dir, struct dentry *dentry, int mask)
+{
+ post_create(dir, dentry);
+}
+
+static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
+{
+ return may_link(dir, dentry, MAY_RMDIR);
+}
+
+static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
+{
+ return may_create(dir, dentry, inode_mode_to_security_class(mode));
+}
+
+static void selinux_inode_post_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
+{
+ post_create(dir, dentry);
+}
+
+static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, struct inode *new_inode, struct dentry *new_dentry)
+{
+ return may_rename(old_inode, old_dentry, new_inode, new_dentry);
+}
+
+static void selinux_inode_post_rename(struct inode *old_inode, struct dentry *old_dentry, struct inode *new_inode, struct dentry *new_dentry)
+{
+ return;
+}
+
+static int selinux_inode_readlink(struct dentry *dentry)
+{
+ return dentry_has_perm(current, dentry, FILE__READ, NULL);
+}
+
+static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
+{
+ return dentry_has_perm(current, dentry, FILE__READ, NULL);
+}
+
+static int selinux_inode_permission(struct inode *inode, int mask)
+{
+ return inode_has_perm(current, inode,
+ file_mask_to_av(inode->i_mode, mask), NULL, NULL);
+}
+
+static int selinux_inode_revalidate(struct dentry *inode)
+{
+ /* Unused until we deal with NFS. */
+ return 0;
+}
+
+static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
+{
+ return dentry_has_perm(current, dentry, FILE__SETATTR, NULL);
+}
+
+static int selinux_inode_stat(struct inode *inode)
+{
+ struct task_security_struct *tsec;
+ struct inode_security_struct *isec;
+ avc_audit_data_t ad;
+ int rc;
+
+ /* This hook function would simply call inode_has_perm,
+ but it also needs to save the inode SID to support
+ stat_secure, so we just inline inode_has_perm. */
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = inode_precondition(inode);
+ if (rc <= 0)
+ return rc;
+ tsec = current->security;
+ isec = inode->i_security;
+
+ tsec->out_sid[0] = isec->sid;
+
+ AVC_AUDIT_DATA_INIT(&ad, FS);
+ ad.u.fs.inode = inode;
+ return avc_has_perm_ref_audit(tsec->sid, isec->sid, isec->sclass,
+ FILE__GETATTR, &isec->avcr, &ad);
+}
+
+static void selinux_inode_post_lookup(struct inode *dir, struct dentry *dentry)
+{
+ struct inode *inode = dentry->d_inode;
+
+ if (inode)
+ inode_precondition(inode);
+ return;
+}
+
+static void selinux_inode_delete(struct inode *inode)
+{
+ struct super_block *sb = inode->i_sb;
+ if (sb) {
+ struct superblock_security_struct *sbsec;
+ int rc;
+
+ rc = superblock_precondition(sb);
+ if (rc <= 0)
+ return;
+ sbsec = sb->s_security;
+ if (sbsec && sbsec->uses_psids)
+ clear_psid(inode);
+ }
+}
+
+/* For now, simply use the existing [gs]etattr permissions between
+ the current process and the target file for the *xattr operations.
+ We will likely define new permissions later to distinguish these operations.
+ If SELinux is changed to use extended attributes for file security contexts,
+ then we will need to apply similar checking to setxattr as in
+ syscalls.c:chsid_common when 'name' corresponds to the SELinux security
+ context, and we will need to impose stronger restrictions on removexattr. */
+
+static int selinux_inode_setxattr (struct dentry *dentry, char *name, void *value, size_t size, int flags)
+{
+ return dentry_has_perm(current, dentry, FILE__SETATTR, NULL);
+}
+
+static int selinux_inode_getxattr (struct dentry *dentry, char *name)
+{
+ return dentry_has_perm(current, dentry, FILE__GETATTR, NULL);
+}
+
+static int selinux_inode_listxattr (struct dentry *dentry)
+{
+ return dentry_has_perm(current, dentry, FILE__GETATTR, NULL);
+}
+
+static int selinux_inode_removexattr (struct dentry *dentry, char *name)
+{
+ return dentry_has_perm(current, dentry, FILE__SETATTR, NULL);
+}
+
+/* file security operations */
+
+static int selinux_file_permission(struct file *file, int mask)
+{
+ struct inode *inode = file->f_dentry->d_inode;
+
+ /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
+ if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
+ mask |= MAY_APPEND;
+
+ return file_has_perm(current, file,
+ file_mask_to_av(inode->i_mode, mask));
+}
+
+static int selinux_file_alloc_security(struct file *file)
+{
+ int rc;
+
+ rc = ss_precondition();
+ if (rc <= 0)
+ return rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+
+ return file_alloc_security(current, file);
+}
+
+static void selinux_file_free_security(struct file *file)
+{
+ file_free_security(file);
+}
+
+static int selinux_file_llseek(struct file *file)
+{
+ return file_has_perm(current, file, 0 /* descriptor only */);
+}
+
+static int selinux_file_ioctl(struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ int error = 0;
+
+ switch (cmd) {
+ case FIONREAD:
+ /* fall through */
+ case FIBMAP:
+ /* fall through */
+ case FIGETBSZ:
+ /* fall through */
+ case EXT2_IOC_GETFLAGS:
+ /* fall through */
+ case EXT2_IOC_GETVERSION:
+ error = file_has_perm(current, file, FILE__GETATTR);
+ break;
+
+ case EXT2_IOC_SETFLAGS:
+ /* fall through */
+ case EXT2_IOC_SETVERSION:
+ error = file_has_perm(current, file, FILE__SETATTR);
+ break;
+
+ /* sys_ioctl() checks */
+ case FIONBIO:
+ /* fall through */
+ case FIOASYNC:
+ error = file_has_perm(current, file, 0);
+ break;
+
+ /* default case assumes that the command will go
+ * to the file's ioctl() function.
+ */
+ default:
+ error = file_has_perm(current, file, FILE__IOCTL);
+
+ }
+ return error;
+}
+
+static int selinux_file_mmap(struct file *file, unsigned long prot,
+ unsigned long flags)
+{
+ access_vector_t av;
+
+ if (file) {
+ /* read access is always possible with a mapping */
+ av = FILE__READ;
+
+ /* write access only matters if the mapping is shared */
+ if ((flags & MAP_TYPE) == MAP_SHARED && (prot & PROT_WRITE))
+ av |= FILE__WRITE;
+
+ if (prot & PROT_EXEC)
+ av |= FILE__EXECUTE;
+
+ return file_has_perm(current, file, av);
+ }
+ return 0;
+}
+
+static int selinux_file_mprotect(struct vm_area_struct *vma,
+ unsigned long prot)
+{
+ return selinux_file_mmap(vma->vm_file, prot, vma->vm_flags);
+}
+
+static int selinux_file_lock(struct file *file, unsigned int cmd, int blocking)
+{
+ return file_has_perm(current, file, FILE__LOCK);
+}
+
+static int selinux_file_fcntl(struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ int err = 0;
+
+ switch (cmd) {
+ case F_SETFL:
+ if (!file->f_dentry || !file->f_dentry->d_inode) {
+ err = -EINVAL;
+ break;
+ }
+
+ if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
+ err = file_has_perm(current, file,FILE__WRITE);
+ break;
+ }
+ /* fall through */
+ case F_SETOWN:
+ case F_SETSIG:
+ case F_GETFL:
+ case F_GETOWN:
+ case F_GETSIG:
+ /* Just check FD__USE permission */
+ err = file_has_perm(current, file, 0);
+ break;
+ case F_GETLK:
+ case F_SETLK:
+ case F_SETLKW:
+ case F_GETLK64:
+ case F_SETLK64:
+ case F_SETLKW64:
+ if (!file->f_dentry || !file->f_dentry->d_inode) {
+ err = -EINVAL;
+ break;
+ }
+ err = file_has_perm(current, file, FILE__LOCK);
+ break;
+ }
+
+ return err;
+}
+
+static int selinux_file_set_fowner(struct file *file)
+{
+ struct task_security_struct *tsec;
+ struct file_security_struct *fsec;
+ int rc;
+
+ rc = file_precondition(file);
+ if (rc <= 0)
+ return rc;
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ fsec = file->f_security;
+ fsec->fown_sid = tsec->sid;
+
+ return 0;
+}
+
+static int selinux_file_send_sigiotask(struct task_struct *tsk,
+ struct fown_struct *fown,
+ int fd, int reason)
+{
+ struct file *file;
+ access_vector_t perm;
+ struct task_security_struct *tsec;
+ struct file_security_struct *fsec;
+ int rc;
+
+ /* struct fown_struct is never outside the context of a struct file */
+ file = (struct file *)((long)fown - offsetof(struct file,f_owner));
+
+ rc = task_precondition(tsk);
+ if (rc <= 0)
+ return rc;
+ rc = file_precondition(file);
+ if (rc <= 0)
+ return rc;
+
+ tsec = tsk->security;
+ fsec = file->f_security;
+
+ switch (fown->signum) {
+ case SIGCHLD:
+ perm = PROCESS__SIGCHLD;
+ break;
+ case SIGKILL:
+ perm = PROCESS__SIGKILL;
+ break;
+ case SIGSTOP:
+ perm = PROCESS__SIGSTOP;
+ break;
+ default:
+ perm = PROCESS__SIGNAL;
+ break;
+ }
+
+ return avc_has_perm(fsec->fown_sid, tsec->sid,
+ SECCLASS_PROCESS, perm);
+}
+
+static int selinux_file_receive(struct file *file)
+{
+ return file_has_perm(current, file, file_to_av(file));
+}
+
+/* task security operations */
+
+static int selinux_task_create(unsigned long clone_flags)
+{
+ return task_has_perm(current, current, PROCESS__FORK);
+}
+
+static int selinux_task_alloc_security(struct task_struct *tsk)
+{
+ struct task_security_struct *tsec1, *tsec2;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ tsec1 = current->security;
+
+ rc = task_alloc_security(tsk);
+ if (rc)
+ return rc;
+ tsec2 = tsk->security;
+
+ tsec2->osid = tsec1->osid;
+ tsec2->sid = tsec1->sid;
+
+ return 0;
+}
+
+static void selinux_task_free_security(struct task_struct *tsk)
+{
+ task_free_security(tsk);
+}
+
+static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+ /* Since setuid only affects the current process, and
+ since the SELinux controls are not based on the Linux
+ identity attributes, SELinux does not need to control
+ this operation. However, SELinux does control the use
+ of the CAP_SETUID and CAP_SETGID capabilities using the
+ capable hook. */
+ return 0;
+}
+
+static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+ return secondary_ops->task_ops->post_setuid(id0,id1,id2,flags);
+}
+
+static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
+{
+ /* See the comment for setuid above. */
+ return 0;
+}
+
+static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
+{
+ return task_has_perm(current, p, PROCESS__SETPGID);
+}
+
+static int selinux_task_getpgid(struct task_struct *p)
+{
+ return task_has_perm(current, p, PROCESS__GETPGID);
+}
+
+static int selinux_task_getsid(struct task_struct *p)
+{
+ return task_has_perm(current, p, PROCESS__GETSESSION);
+}
+
+static int selinux_task_setgroups(int gidsetsize, gid_t *grouplist)
+{
+ /* See the comment for setuid above. */
+ return 0;
+}
+
+static int selinux_task_setnice(struct task_struct *p, int nice)
+{
+ return task_has_perm(current,p, PROCESS__SETSCHED);
+}
+
+static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
+{
+ /* SELinux does not currently provide a process
+ resource limit policy based on security contexts.
+ It does control the use of the CAP_SYS_RESOURCE capability
+ using the capable hook. */
+ return 0;
+}
+
+static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
+{
+ return task_has_perm(current, p, PROCESS__SETSCHED);
+}
+
+static int selinux_task_getscheduler(struct task_struct *p)
+{
+ return task_has_perm(current, p, PROCESS__GETSCHED);
+}
+
+static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int sig)
+{
+ access_vector_t perm;
+
+ if (info && ((unsigned long)info == 1 || SI_FROMKERNEL(info)))
+ return 0;
+
+
+ switch (sig) {
+ case SIGCHLD:
+ perm = PROCESS__SIGCHLD;
+ break;
+ case SIGKILL:
+ perm = PROCESS__SIGKILL;
+ break;
+ case SIGSTOP:
+ perm = PROCESS__SIGSTOP;
+ break;
+ default:
+ perm = PROCESS__SIGNAL;
+ break;
+ }
+
+ return task_has_perm(current, p, perm);
+}
+
+static int selinux_task_prctl(int option,
+ unsigned long arg2,
+ unsigned long arg3,
+ unsigned long arg4,
+ unsigned long arg5)
+{
+ /* The current prctl operations do not appear to require
+ any SELinux controls since they merely observe or modify
+ the state of the current process. */
+ return 0;
+}
+
+static int selinux_task_wait(struct task_struct *p)
+{
+ access_vector_t perm;
+
+ switch (p->exit_signal) {
+ case SIGCHLD:
+ perm = PROCESS__SIGCHLD;
+ break;
+ case SIGKILL:
+ perm = PROCESS__SIGKILL;
+ break;
+ case SIGSTOP:
+ perm = PROCESS__SIGSTOP;
+ break;
+ default:
+ perm = PROCESS__SIGNAL;
+ break;
+ }
+
+ return task_has_perm(p, current, perm);
+}
+
+static void selinux_task_kmod_set_label(void)
+{
+ struct task_security_struct *tsec;
+ int rc;
+
+ secondary_ops->task_ops->kmod_set_label();
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return;
+
+ tsec = current->security;
+ tsec->osid = tsec->sid;
+ tsec->sid = SECINITSID_KMOD;
+ return;
+}
+
+static unsigned int selinux_ip_preroute_first(unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_preroute_last(unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ struct sk_buff *skb = *pskb;
+ struct net_device *dev = (struct net_device*)in;
+ struct iphdr *iph = skb->nh.iph;
+
+ struct netdev_security_struct *nsec;
+ access_vector_t netif_perm, node_perm;
+ security_id_t node_sid;
+ security_id_t msg_sid;
+ avc_audit_data_t ad;
+ int err;
+
+ err = netdev_precondition(dev);
+ if (err == 0)
+ return NF_ACCEPT;
+ if (err < 0) {
+ return NF_DROP;
+ }
+ nsec = dev->security;
+
+ msg_sid = nsec->default_msg_sid;
+
+ err = security_node_sid(PF_INET, &iph->saddr, sizeof(iph->saddr),
+ &node_sid);
+ if (err) {
+ return NF_DROP;
+ }
+
+ switch (iph->protocol) {
+ case IPPROTO_UDP:
+ netif_perm = NETIF__UDP_RECV;
+ node_perm = NODE__UDP_RECV;
+ break;
+ case IPPROTO_TCP:
+ netif_perm = NETIF__TCP_RECV;
+ node_perm = NODE__TCP_RECV;
+ break;
+ default:
+ netif_perm = NETIF__RAWIP_RECV;
+ node_perm = NODE__RAWIP_RECV;
+ break;
+ }
+
+ AVC_AUDIT_DATA_INIT(&ad,NET);
+ ad.u.net.netif = dev->name;
+ ad.u.net.skb = skb;
+
+ err = avc_has_perm_audit(msg_sid, node_sid, SECCLASS_NODE,
+ node_perm, &ad);
+ if (err)
+ return NF_DROP;
+
+ return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_input_first(unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_input_last(unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_forward_first(unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_forward_last(unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_output_first(unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_output_last(unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_postroute_first(unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_postroute_last(unsigned int hooknum,
+ struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ struct sk_buff *skb = *pskb;
+ struct net_device *dev = (struct net_device*)out;
+ struct sock *sk = skb->sk;
+ struct socket *sock;
+
+ struct netdev_security_struct *nsec;
+ struct inode_security_struct *isec = NULL;
+ avc_audit_data_t ad;
+ struct iphdr *iph = skb->nh.iph;
+ access_vector_t netif_perm;
+ access_vector_t node_perm;
+ security_id_t node_sid;
+ security_id_t msg_sid;
+ int err;
+
+ err = security_node_sid(PF_INET, &iph->daddr, sizeof(iph->daddr),
+ &node_sid);
+ if (err) {
+ return NF_DROP;
+ }
+
+ if (sk == NULL) {
+ return NF_ACCEPT;
+ }
+ sock = sk->socket;
+
+ err = netdev_precondition(dev);
+ if (err == 0)
+ return NF_ACCEPT;
+ if (err < 0) {
+ return NF_DROP;
+ }
+ nsec = dev->security;
+
+ if (sock == NULL) {
+ msg_sid = SECINITSID_TCP_SOCKET;
+ } else {
+ err = inode_precondition(SOCK_INODE(sock));
+ if (err <= 0) {
+ return NF_DROP;
+ }
+ isec = SOCK_INODE(sock)->i_security;
+ msg_sid = isec->sid;
+ }
+
+ switch (iph->protocol) {
+ case IPPROTO_UDP:
+ netif_perm = NETIF__UDP_SEND;
+ node_perm = NODE__UDP_SEND;
+ break;
+ case IPPROTO_TCP:
+ netif_perm = NETIF__TCP_SEND;
+ node_perm = NODE__TCP_SEND;
+
+ if (isec && isec->sid == SECINITSID_UNLABELED) {
+ /* Instead of assigning type in tcp_v4_init() */
+ isec->sid = SECINITSID_TCP_SOCKET;
+ msg_sid = isec->sid;
+ }
+ break;
+ case IPPROTO_ICMP:
+ if (isec && isec->sid == SECINITSID_UNLABELED) {
+ /* Instead of assigning type in icmp_init() */
+ isec->sid = SECINITSID_ICMP_SOCKET;
+ msg_sid = isec->sid;
+ }
+ /* fall through */
+ default:
+ netif_perm = NETIF__RAWIP_SEND;
+ node_perm = NODE__RAWIP_SEND;
+ break;
+ }
+
+ AVC_AUDIT_DATA_INIT(&ad,NET);
+ ad.u.net.netif = dev->name;
+ ad.u.net.skb = skb;
+
+ err = avc_has_perm_ref_audit(msg_sid, nsec->sid, SECCLASS_NETIF,
+ netif_perm, &nsec->avcr, &ad);
+ if (err)
+ return NF_DROP;
+
+ err = avc_has_perm_audit(msg_sid, node_sid, SECCLASS_NODE,
+ node_perm, &ad);
+ if (err)
+ return NF_DROP;
+
+ return NF_ACCEPT;
+}
+
+static void selinux_ip_fragment(struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ return;
+}
+
+static int selinux_ip_defragment(struct sk_buff *skb)
+{
+ return 0;
+}
+
+static void selinux_ip_decapsulate(struct sk_buff *skb)
+{
+ return;
+}
+
+static void selinux_ip_encapsulate(struct sk_buff *skb)
+{
+ return;
+}
+
+static int selinux_ip_decode_options(struct sk_buff *skb, const char *optptr, unsigned char **pp_ptr)
+{
+ if (!skb && !capable(CAP_NET_RAW)) {
+ (const unsigned char *)*pp_ptr = optptr;
+ return -EPERM;
+ }
+ return 0;
+}
+
+static void selinux_netdev_unregister(struct net_device *dev)
+{
+ netdev_free_security(dev);
+}
+
+/* socket security operations */
+static int socket_has_perm(struct task_struct *task, struct socket *sock,
+ access_vector_t perms)
+{
+ struct inode_security_struct *isec;
+ struct task_security_struct *tsec;
+ avc_audit_data_t ad;
+ int err;
+
+ err = inode_precondition(SOCK_INODE(sock));
+ if (err <= 0)
+ return err;
+ err = task_precondition(task);
+ if (err <= 0)
+ return err;
+
+ tsec = task->security;
+ isec = SOCK_INODE(sock)->i_security;
+
+ AVC_AUDIT_DATA_INIT(&ad,NET);
+ ad.u.net.sk = sock->sk;
+ err = avc_has_perm_ref_audit(tsec->sid, isec->sid, isec->sclass,
+ perms, &isec->avcr, &ad);
+
+ return err;
+}
+
+static int selinux_socket_create(int family, int type, int protocol)
+{
+ int err;
+ struct task_security_struct *tsec;
+
+ err = task_precondition(current);
+ if (err <= 0)
+ return err;
+
+ tsec = current->security;
+
+ /*
+ * TBD: new system call may pass a different sid...
+ */
+ err = avc_has_perm(tsec->sid, tsec->sid,
+ socket_type_to_security_class(family, type),
+ SOCKET__CREATE);
+
+ return err;
+}
+
+static void selinux_socket_post_create(struct socket *sock, int family,
+ int type, int protocol)
+{
+ int err;
+ struct inode_security_struct *isec;
+
+ err = inode_precondition(SOCK_INODE(sock));
+ if (err <= 0)
+ return;
+ isec = SOCK_INODE(sock)->i_security;
+
+ /*
+ * TBD: Need to save sid from socket_secure() system call
+ */
+ isec->sclass = socket_type_to_security_class(family, type);
+
+ return;
+}
+
+static int selinux_socket_bind(struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ int err;
+
+ err = socket_has_perm(current, sock, SOCKET__BIND);
+ if (err)
+ return err;
+
+ /*
+ * If PF_INET, check name_bind permission for the port.
+ */
+ if (sock->sk->family == PF_INET) {
+ struct inode_security_struct *isec;
+ struct task_security_struct *tsec;
+ avc_audit_data_t ad;
+ struct sockaddr_in *addr = (struct sockaddr_in *)address;
+ unsigned short snum = ntohs(addr->sin_port);
+ struct sock *sk = sock->sk;
+ security_id_t sid;
+
+ err = task_precondition(current);
+ if (err <= 0)
+ return err;
+ tsec = current->security;
+ err = inode_precondition(SOCK_INODE(sock));
+ if (err <= 0)
+ return err;
+ isec = SOCK_INODE(sock)->i_security;
+
+ if (snum&&(snum < max(PROT_SOCK,ip_local_port_range_0) ||
+ snum > ip_local_port_range_1)) {
+ err = security_port_sid(sk->family, sk->type,
+ sk->protocol, snum, &sid);
+ if (err)
+ return err;
+ AVC_AUDIT_DATA_INIT(&ad,NET);
+ ad.u.net.port = snum;
+ err = avc_has_perm_audit(isec->sid, sid,
+ isec->sclass,
+ SOCKET__NAME_BIND, &ad);
+ if (err)
+ return err;
+ }
+ }
+
+ return 0;
+}
+
+static int selinux_socket_connect(struct socket *sock,
+ struct sockaddr *address,
+ int addrlen)
+{
+ return socket_has_perm(current, sock, SOCKET__CONNECT);
+}
+
+static int selinux_socket_listen(struct socket *sock, int backlog)
+{
+ /*
+ * TBD: with sys_listen_secure, we may be passed a SID value
+ * for the new connection, and an additional check must be
+ * done. Also, the new connection sid and 'useclient' must be
+ * stored in the SOCK_INODE(struct socket*)->security structure.
+ */
+ return socket_has_perm(current, sock, SOCKET__LISTEN);
+}
+
+static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
+{
+ struct inode_security_struct *isec;
+ struct inode_security_struct *newisec;
+ int err;
+
+ err = socket_has_perm(current, sock, SOCKET__ACCEPT);
+ if (err)
+ return err;
+
+ err = inode_precondition(SOCK_INODE(newsock));
+ if (err <= 0)
+ return err;
+ newisec = SOCK_INODE(newsock)->i_security;
+
+ err = inode_precondition(SOCK_INODE(sock));
+ if (err <= 0)
+ return err;
+ isec = SOCK_INODE(sock)->i_security;
+
+ /*
+ * TBD: If listen_secure was used, then the SID
+ * of the newly created server socket may differ.
+ */
+ newisec->sid = isec->sid;
+ newisec->sclass = isec->sclass;
+ return 0;
+}
+
+static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
+ int size)
+{
+ return socket_has_perm(current, sock, SOCKET__WRITE);
+}
+
+static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
+ int size, int flags)
+{
+ return socket_has_perm(current, sock, SOCKET__READ);
+}
+
+static int selinux_socket_getsockname(struct socket *sock)
+{
+ return socket_has_perm(current, sock, SOCKET__GETATTR);
+}
+
+static int selinux_socket_getpeername(struct socket *sock)
+{
+ return socket_has_perm(current, sock, SOCKET__GETATTR);
+}
+
+static int selinux_socket_setsockopt(struct socket *sock,int level,int optname)
+{
+ return socket_has_perm(current, sock, SOCKET__SETOPT);
+}
+
+static int selinux_socket_getsockopt(struct socket *sock, int level,
+ int optname)
+{
+ return socket_has_perm(current, sock, SOCKET__GETOPT);
+}
+
+static int selinux_socket_shutdown(struct socket *sock, int how)
+{
+ return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
+}
+
+#if 0
+static void hexdump(u8 *x, int len)
+{
+ int i;
+
+ printk("[ ");
+ for (i = 0; i < len; i++)
+ printk("%x ", x[i]);
+ printk("]\n");
+}
+
+static void debug_skbuff(struct sock *sk, struct sk_buff *skb)
+{
+ struct iphdr *ip = skb->nh.iph;
+ struct tcphdr *th = NULL;
+ unsigned char *data = skb->data;
+ unsigned int len = skb->len-skb->data_len;
+
+ printk("debug_skbuff::\n");
+ nf_dump_skb(PF_INET, skb);
+
+ printk("skb:: len=%d, data_len=%d\n", skb->len, skb->data_len);
+ if (ip->protocol == IPPROTO_TCP) {
+ th = skb->h.th;
+ printk("tcp:: seq=%u, ack_seq=%u flags: %s%s%s%s%s%s%s%s\n",
+ th->seq, th->ack_seq,
+ th->fin?" FIN":"", th->syn?" SYN":"", th->rst?" RST":"",
+ th->psh?" PSH":"", th->ack?" ACK":"", th->urg?" URG":"",
+ th->ece?" ECE":"", th->cwr?" CWR":"");
+ }
+
+ if (!sk) {
+ printk("debug_skbuff: null skb->sk\n");
+ } else {
+ printk("sock:: state=%d family=%d reuse=%d pair=%p\n",
+ sk->state, sk->family, sk->reuse, sk->pair);
+ }
+
+ if (data) {
+ printk("data (len=%d):: ", len);
+ hexdump((u8 *)data, len);
+ }
+
+ return;
+}
+#endif
+
+static int selinux_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
+{
+ avc_audit_data_t ad;
+ struct socket *sock;
+ struct net_device *dev;
+ struct netdev_security_struct *nsec;
+ struct inode_security_struct *isec;
+ int err;
+
+ if (sk->state == TCP_TIME_WAIT) {
+ /* The sk is actually a tcp_tw_bucket, so
+ there is no sk->socket to use. */
+ /* debug_skbuff(sk, skb); */
+ return 0;
+ }
+
+ sock = sk->socket;
+ if (!sock) {
+ /*
+ * TCP control messages don't always have a socket.
+ * TBD/cvance - should we still perform a recvfrom check?
+ */
+ return 0;
+ }
+
+ if (!SOCK_INODE(sock)) {
+ return 0;
+ }
+
+ err = inode_precondition(SOCK_INODE(sock));
+ if (err <= 0)
+ return err;
+ isec = SOCK_INODE(sock)->i_security;
+
+ dev = skb->dev;
+ if (!dev) {
+ return 0;
+ }
+ err = netdev_precondition(dev);
+ if (err <= 0)
+ return err;
+ nsec = dev->security;
+
+ AVC_AUDIT_DATA_INIT(&ad,NET);
+ ad.u.net.netif = skb->dev->name;
+ ad.u.net.skb = skb;
+
+ err = avc_has_perm_ref_audit(isec->sid, nsec->default_msg_sid,
+ isec->sclass, SOCKET__RECVFROM,
+ &isec->avcr, &ad);
+ if (err)
+ return err;
+
+ if (isec->sclass == SECCLASS_TCP_SOCKET) {
+ struct tcphdr *th = skb->h.th;
+
+ switch (sk->state) {
+ case TCP_LISTEN:
+ if (th->syn) {
+ return avc_has_perm_ref_audit(isec->sid,
+ nsec->default_msg_sid,
+ isec->sclass,
+ TCP_SOCKET__ACCEPTFROM,
+ &isec->avcr, &ad);
+ }
+ break;
+ case TCP_SYN_SENT:
+ /*
+ * if we see th->ack, check connectto,
+ * if th->syn (but not th->ack), check connectto
+ *
+ * Kernel Comment: "We see SYN without ACK. It is
+ * attempt of simultaneous connect with crossed SYNs.
+ * Particularly, it can be connect to self."
+ */
+ if (th->ack || th->syn)
+ return avc_has_perm_ref_audit(isec->sid,
+ nsec->default_msg_sid,
+ isec->sclass,
+ TCP_SOCKET__CONNECTTO,
+ &isec->avcr, &ad);
+ break;
+ case TCP_ESTABLISHED:
+ /*
+ * TBD: Can re-validate the permissions at
+ * this point, if necessary.
+ */
+ break;
+ }
+ }
+
+ return 0;
+}
+
+static int selinux_socket_unix_stream_connect(struct socket *sock,
+ struct socket *other)
+{
+ struct inode_security_struct *isec;
+ struct inode_security_struct *other_isec;
+ avc_audit_data_t ad;
+ int err;
+
+ if (sock == NULL) {
+ printk("socket_unix_stream_connect:: sock is NULL!\n");
+ return 0;
+ }
+ if (other == NULL) {
+ printk("socket_unix_stream_connect:: other is NULL!\n");
+ return 0;
+ }
+
+ err = inode_precondition(SOCK_INODE(sock));
+ if (err <= 0)
+ return err;
+ err = inode_precondition(SOCK_INODE(other));
+ if (err <= 0)
+ return err;
+
+ isec = SOCK_INODE(sock)->i_security;
+ other_isec = SOCK_INODE(other)->i_security;
+
+ AVC_AUDIT_DATA_INIT(&ad,NET);
+ ad.u.net.sk = sock->sk;
+
+ return avc_has_perm_ref_audit(isec->sid, other_isec->sid,
+ isec->sclass,
+ UNIX_STREAM_SOCKET__CONNECTTO,
+ &other_isec->avcr, &ad);
+}
+
+static int selinux_socket_unix_may_send(struct socket *sock,
+ struct socket *other)
+{
+ struct inode_security_struct *isec;
+ struct inode_security_struct *other_isec;
+ avc_audit_data_t ad;
+ int err;
+
+ err = inode_precondition(SOCK_INODE(sock));
+ if (err <= 0)
+ return err;
+ err = inode_precondition(SOCK_INODE(other));
+ if (err <= 0)
+ return err;
+
+ isec = SOCK_INODE(sock)->i_security;
+ other_isec = SOCK_INODE(other)->i_security;
+
+ AVC_AUDIT_DATA_INIT(&ad,NET);
+ ad.u.net.sk = sock->sk;
+
+ return avc_has_perm_ref_audit(isec->sid, other_isec->sid,
+ isec->sclass,
+ SOCKET__SENDTO,
+ &other_isec->avcr, &ad);
+}
+
+/* module security operations */
+
+static int selinux_module_create_module(const char *name, size_t size)
+{
+ /* Controlled via the capable hook - CAP_SYS_MODULE */
+ return 0;
+}
+
+static int selinux_module_init_module(struct module *mod)
+{
+ /* Controlled via the capable hook - CAP_SYS_MODULE */
+ return 0;
+}
+
+static int selinux_module_delete_module(const struct module *mod)
+{
+ /* Controlled via the capable hook - CAP_SYS_MODULE */
+ return 0;
+}
+
+static struct semaphore ipc_alloc_semaphore;
+
+static int ipc_alloc_security(struct task_struct *task,
+ struct kern_ipc_perm *perm,
+ security_class_t sclass)
+{
+ struct task_security_struct *tsec = task->security;
+ struct ipc_security_struct *isec;
+ int rc = 0;
+
+ if (safe_down(&ipc_alloc_semaphore))
+ return -ENOMEM;
+ isec = perm->security;
+ if (isec && isec->magic == SELINUX_MAGIC)
+ goto out;
+
+ isec = kmalloc(sizeof(struct ipc_security_struct), SAFE_ALLOC);
+ if (!isec) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ memset(isec, 0, sizeof(struct ipc_security_struct));
+ isec->magic = SELINUX_MAGIC;
+ isec->sclass = sclass;
+ isec->ipc_perm = perm;
+ list_add(&isec->list, &ipc_security_head);
+ perm->security = isec;
+
+ if (tsec) {
+ if (tsec->in_sid[0])
+ isec->sid = tsec->in_sid[0];
+ else
+ isec->sid = tsec->sid;
+ } else {
+ isec->sid = SECINITSID_UNLABELED;
+ }
+
+out:
+ safe_up(&ipc_alloc_semaphore);
+ return rc;
+}
+
+static void ipc_free_security(struct kern_ipc_perm *perm)
+{
+ struct ipc_security_struct *isec = perm->security;
+ if (!isec || isec->magic != SELINUX_MAGIC)
+ return;
+
+ perm->security = NULL;
+ list_del(&isec->list);
+ kfree(isec);
+}
+
+static struct semaphore msg_alloc_semaphore;
+
+static int msg_msg_alloc_security(struct msg_msg *msg)
+{
+ struct msg_security_struct *msec;
+ int rc = 0;
+
+ if (safe_down(&msg_alloc_semaphore))
+ return -ENOMEM;
+ msec = msg->security;
+ if (msec && msec->magic == SELINUX_MAGIC)
+ goto out;
+
+ msec = kmalloc(sizeof(struct msg_security_struct), SAFE_ALLOC);
+ if (!msec) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ memset(msec, 0, sizeof(struct msg_security_struct));
+ msec->magic = SELINUX_MAGIC;
+ msec->msg = msg;
+ list_add(&msec->list, &msg_security_head);
+ msec->sid = SECINITSID_UNLABELED;
+ msg->security = msec;
+out:
+ safe_up(&msg_alloc_semaphore);
+ return 0;
+}
+
+static void msg_msg_free_security(struct msg_msg *msg)
+{
+ struct msg_security_struct *msec = msg->security;
+ if (!msec || msec->magic != SELINUX_MAGIC)
+ return;
+
+ msg->security = NULL;
+ list_del(&msec->list);
+ kfree(msec);
+}
+
+static int ipc_precondition(struct kern_ipc_perm *perm,
+ security_class_t sclass)
+{
+ struct ipc_security_struct *isec = perm->security;
+ int rc;
+
+ if (isec && isec->magic == SELINUX_MAGIC)
+ return 1;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+
+ rc = ipc_alloc_security(current, perm, sclass);
+ if (rc)
+ return rc;
+
+ return 1;
+}
+
+static int msg_precondition(struct msg_msg *msg)
+{
+ struct msg_security_struct *msec;
+ int rc;
+
+ msec = msg->security;
+
+ if (msec && msec->magic == SELINUX_MAGIC)
+ return 1;
+
+ rc = msg_msg_alloc_security(msg);
+ if (rc)
+ return rc;
+
+ return 1;
+}
+
+static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, int id,
+ security_class_t sclass, access_vector_t perms)
+{
+ struct task_security_struct *tsec;
+ struct ipc_security_struct *isec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = ipc_precondition(ipc_perms, sclass);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ isec = ipc_perms->security;
+
+ AVC_AUDIT_DATA_INIT(&ad, IPC);
+ ad.u.ipc_id = id;
+
+ return avc_has_perm_ref_audit(tsec->sid, isec->sid, sclass,
+ perms, &isec->avcr, &ad);
+}
+
+static void ipc_savesid(struct kern_ipc_perm *ipc_perms,
+ security_class_t sclass)
+{
+ struct task_security_struct *tsec;
+ struct ipc_security_struct *isec;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return;
+ rc = ipc_precondition(ipc_perms, sclass);
+ if (rc <= 0)
+ return;
+
+ tsec = current->security;
+ isec = ipc_perms->security;
+
+ tsec->out_sid[0] = isec->sid;
+
+ return;
+}
+
+static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
+{
+ return msg_msg_alloc_security(msg);
+}
+
+static void selinux_msg_msg_free_security(struct msg_msg *msg)
+{
+ return msg_msg_free_security(msg);
+}
+
+/* message queue security operations */
+static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
+{
+ struct task_security_struct *tsec;
+ struct ipc_security_struct *isec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+
+ rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
+ if (rc)
+ return rc;
+
+ tsec = current->security;
+ isec = msq->q_perm.security;
+
+ AVC_AUDIT_DATA_INIT(&ad, IPC);
+/* ad.u.ipc_id = xxx; */ /* TBD: what to set to? */
+
+ rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_MSGQ,
+ MSGQ__CREATE, &isec->avcr, &ad);
+ if (rc) {
+ ipc_free_security(&msq->q_perm);
+ return rc;
+ }
+ return 0;
+}
+
+static void selinux_msg_queue_free_security(struct msg_queue *msq)
+{
+ ipc_free_security(&msq->q_perm);
+}
+
+static int selinux_msg_queue_associate(struct msg_queue *msq, int msqid, int msqflg)
+{
+ struct task_security_struct *tsec;
+ struct ipc_security_struct *isec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = ipc_precondition(&msq->q_perm, SECCLASS_MSGQ);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ isec = msq->q_perm.security;
+
+ /*
+ * If using msgget_secure and a sid was specified, but the key
+ * already has a different sid.
+ */
+ if (tsec->in_sid[0] && tsec->in_sid[0] != isec->sid) {
+ return -EACCES;
+ }
+
+ AVC_AUDIT_DATA_INIT(&ad, IPC);
+ ad.u.ipc_id = msqid;
+
+ return avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_MSGQ,
+ MSGQ__ASSOCIATE, &isec->avcr, &ad);
+}
+
+static int selinux_msg_queue_msgctl(struct msg_queue *msq, int msqid, int cmd)
+{
+ int err;
+ int perms;
+
+ switch(cmd) {
+ case IPC_STAT:
+ case MSG_STAT:
+ perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
+ break;
+ case IPC_SET:
+ perms = MSGQ__SETATTR;
+ break;
+ case IPC_RMID:
+ perms = MSGQ__DESTROY;
+ break;
+ default:
+ return 0;
+ }
+
+ err = ipc_has_perm(&msq->q_perm, msqid, SECCLASS_MSGQ, perms);
+ if (!err && cmd == IPC_STAT)
+ ipc_savesid(&msq->q_perm, SECCLASS_MSGQ);
+
+ return err;
+}
+
+static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
+ int msqid, int msqflg)
+{
+ struct task_security_struct *tsec;
+ struct ipc_security_struct *isec;
+ struct msg_security_struct *msec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = ipc_precondition(&msq->q_perm, SECCLASS_MSGQ);
+ if (rc <= 0)
+ return rc;
+ rc = msg_precondition(msg);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ isec = msq->q_perm.security;
+ msec = msg->security;
+
+ /*
+ * First time through, need to assign label to the message
+ */
+ if (msec->sid == SECINITSID_UNLABELED) {
+ /*
+ * Compute new sid based on current process and
+ * message queue this message will be stored in
+ */
+ if (tsec->in_sid[0]) {
+ msec->sid = tsec->in_sid[0];
+ } else {
+ rc = security_transition_sid(tsec->sid,
+ isec->sid,
+ SECCLASS_MSG,
+ &msec->sid);
+ if (rc)
+ return rc;
+ }
+ }
+
+ AVC_AUDIT_DATA_INIT(&ad, IPC);
+ ad.u.ipc_id = msqid;
+
+ /* Can this process write to the queue? */
+ rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_MSGQ,
+ MSGQ__WRITE, &isec->avcr, &ad);
+ if (!rc)
+ /* Can this process send the message */
+ rc = avc_has_perm_ref_audit(tsec->sid, msec->sid,
+ SECCLASS_MSG, MSG__SEND,
+ &msec->avcr, &ad);
+ if (!rc)
+ /* Can the message be put in the queue? */
+ rc = avc_has_perm_ref_audit(msec->sid, isec->sid,
+ SECCLASS_MSGQ, MSGQ__ENQUEUE,
+ &isec->avcr, &ad);
+
+ return rc;
+}
+
+static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
+ struct task_struct *target,
+ long type, int mode)
+{
+ struct task_security_struct *tsec;
+ struct ipc_security_struct *isec;
+ struct msg_security_struct *msec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(target);
+ if (rc <= 0)
+ return rc;
+ rc = ipc_precondition(&msq->q_perm, SECCLASS_MSGQ);
+ if (rc <= 0)
+ return rc;
+ rc = msg_precondition(msg);
+ if (rc <= 0)
+ return rc;
+
+ tsec = target->security;
+ isec = msq->q_perm.security;
+ msec = msg->security;
+
+ tsec->out_sid[0] = SECSID_NULL;
+
+ AVC_AUDIT_DATA_INIT(&ad, IPC);
+/* ad.u.ipc_id = msqid; */
+
+ if (tsec->in_sid[0] && tsec->in_sid[0] != msec->sid) {
+ return -EACCES;
+ }
+
+ rc = avc_has_perm_ref_audit(tsec->sid, isec->sid,
+ SECCLASS_MSGQ, MSGQ__READ,
+ &isec->avcr, &ad);
+ if (!rc)
+ rc = avc_has_perm_ref_audit(tsec->sid, msec->sid,
+ SECCLASS_MSG, MSG__RECEIVE,
+ &msec->avcr, &ad);
+ if (!rc)
+ tsec->out_sid[0] = msec->sid;
+
+ return rc;
+}
+
+/* Shared Memory security operations */
+static int selinux_shm_alloc_security(struct shmid_kernel *shp)
+{
+ struct task_security_struct *tsec;
+ struct ipc_security_struct *isec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+
+ rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
+ if (rc)
+ return rc;
+
+ tsec = current->security;
+ isec = shp->shm_perm.security;
+
+ AVC_AUDIT_DATA_INIT(&ad, IPC);
+/* ad.u.ipc_id = xxx; */ /* TBD: what to set to? */
+
+ rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_SHM,
+ SHM__CREATE, &isec->avcr, &ad);
+ if (rc) {
+ ipc_free_security(&shp->shm_perm);
+ return rc;
+ }
+ return 0;
+}
+
+static void selinux_shm_free_security(struct shmid_kernel *shp)
+{
+ ipc_free_security(&shp->shm_perm);
+}
+
+static int selinux_shm_associate(struct shmid_kernel *shp, int shmid, int shmflg)
+{
+ struct task_security_struct *tsec;
+ struct ipc_security_struct *isec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = ipc_precondition(&shp->shm_perm, SECCLASS_SHM);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ isec = shp->shm_perm.security;
+
+ /*
+ * If using msgget_secure and a sid was specified, but the key
+ * already has a different sid.
+ */
+ if (tsec->in_sid[0] && tsec->in_sid[0] != isec->sid) {
+ return -EACCES;
+ }
+
+ AVC_AUDIT_DATA_INIT(&ad, IPC);
+ ad.u.ipc_id = shmid;
+
+ return avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_SHM,
+ SHM__ASSOCIATE, &isec->avcr, &ad);
+}
+
+/* Note, at this point, shp is locked down */
+static int selinux_shm_shmctl(struct shmid_kernel *shp, int shmid, int cmd)
+{
+ int perms;
+ int err;
+
+ switch(cmd) {
+ case IPC_STAT:
+ case SHM_STAT:
+ perms = SHM__GETATTR | SHM__ASSOCIATE;
+ break;
+ case IPC_SET:
+ perms = SHM__SETATTR;
+ break;
+ case SHM_LOCK:
+ case SHM_UNLOCK:
+ perms = SHM__LOCK;
+ break;
+ case IPC_RMID:
+ perms = SHM__DESTROY;
+ break;
+ default:
+ return 0;
+ }
+
+ err = ipc_has_perm(&shp->shm_perm, shmid, SECCLASS_SHM, perms);
+ if (!err && cmd == IPC_STAT)
+ ipc_savesid(&shp->shm_perm, SECCLASS_SHM);
+
+ return err;
+}
+
+static int selinux_shm_shmat(struct shmid_kernel *shp, int shmid,
+ char *shmaddr, int shmflg)
+{
+ access_vector_t perms;
+
+ if (shmflg & SHM_RDONLY)
+ perms = SHM__READ;
+ else
+ perms = SHM__READ | SHM__WRITE;
+
+ return ipc_has_perm(&shp->shm_perm, shmid, SECCLASS_SHM, perms);
+}
+
+/* Semaphore security operations */
+static int selinux_sem_alloc_security(struct sem_array *sma)
+{
+ struct task_security_struct *tsec;
+ struct ipc_security_struct *isec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+
+ rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
+ if (rc)
+ return rc;
+
+ tsec = current->security;
+ isec = sma->sem_perm.security;
+
+ AVC_AUDIT_DATA_INIT(&ad, IPC);
+/* ad.u.ipc_id = xxx; */
+
+ rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_SEM,
+ SEM__CREATE, &isec->avcr, &ad);
+ if (rc) {
+ ipc_free_security(&sma->sem_perm);
+ return rc;
+ }
+ return 0;
+}
+
+static void selinux_sem_free_security(struct sem_array *sma)
+{
+ ipc_free_security(&sma->sem_perm);
+}
+
+static int selinux_sem_associate(struct sem_array *sma, int semid, int semflg)
+{
+ struct task_security_struct *tsec;
+ struct ipc_security_struct *isec;
+ avc_audit_data_t ad;
+ int rc;
+
+ rc = task_precondition(current);
+ if (rc <= 0)
+ return rc;
+ rc = ipc_precondition(&sma->sem_perm, SECCLASS_SEM);
+ if (rc <= 0)
+ return rc;
+
+ tsec = current->security;
+ isec = sma->sem_perm.security;
+
+ /*
+ * If using semget_secure and a sid was specified, but the key
+ * already has a different sid.
+ */
+ if (tsec->in_sid[0] && tsec->in_sid[0] != isec->sid) {
+ return -EACCES;
+ }
+
+ AVC_AUDIT_DATA_INIT(&ad, IPC);
+ ad.u.ipc_id = semid;
+
+ return avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_SEM,
+ SEM__ASSOCIATE, &isec->avcr, &ad);
+}
+
+/* Note, at this point, sma is locked down */
+static int selinux_sem_semctl(struct sem_array *sma, int semid, int cmd)
+{
+ int err;
+ access_vector_t perms;
+
+ switch(cmd) {
+ case GETPID:
+ case GETNCNT:
+ case GETZCNT:
+ perms = SEM__GETATTR;
+ break;
+ case GETVAL:
+ case GETALL:
+ perms = SEM__READ;
+ break;
+ case SETVAL:
+ case SETALL:
+ perms = SEM__WRITE;
+ break;
+ case IPC_RMID:
+ perms = SEM__DESTROY;
+ break;
+ case IPC_SET:
+ perms = SEM__SETATTR;
+ break;
+ case IPC_STAT:
+ case SEM_STAT:
+ perms = SEM__GETATTR | SEM__ASSOCIATE;
+ break;
+ default:
+ return 0;
+ }
+
+ err = ipc_has_perm(&sma->sem_perm, semid, SECCLASS_SEM, perms);
+ if (!err && cmd == IPC_STAT)
+ ipc_savesid(&sma->sem_perm, SECCLASS_SEM);
+
+ return err;
+}
+
+static int selinux_sem_semop(struct sem_array *sma, int semid,
+ struct sembuf *sops, unsigned nsops, int alter)
+{
+ access_vector_t perms;
+
+ if (alter)
+ perms = SEM__READ | SEM__WRITE;
+ else
+ perms = SEM__READ;
+
+ return ipc_has_perm(&sma->sem_perm, semid, SECCLASS_SEM, perms);
+}
+
+static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
+{
+ struct ipc_security_struct *isec = ipcp->security;
+ security_class_t sclass = SECCLASS_IPC;
+ access_vector_t av = 0;
+
+ if (isec && isec->magic == SELINUX_MAGIC)
+ sclass = isec->sclass;
+
+ av = 0;
+ if (flag & S_IRUGO)
+ av |= IPC__UNIX_READ;
+ if (flag & S_IWUGO)
+ av |= IPC__UNIX_WRITE;
+
+ return ipc_has_perm(ipcp, 0 /* XXX */, sclass, av);
+}
+
+static int selinux_ipc_getinfo(int id, int cmd)
+{
+ return task_has_system(current, SYSTEM__IPC_INFO);
+}
+
+static int selinux_skb_alloc_security(struct sk_buff *skb)
+{
+ /* Unused until we have packet labeling across the network. */
+ return 0;
+}
+
+static int selinux_skb_clone(struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ /* Unused until we have packet labeling across the network. */
+ return 0;
+}
+
+static void selinux_skb_copy(struct sk_buff *newskb,
+ const struct sk_buff *oldskb)
+{
+ /* Unused until we have packet labeling across the network. */
+ return;
+}
+
+static void selinux_skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
+{
+ /* Unused until we have packet labeling across the network. */
+ return;
+}
+
+static void selinux_skb_free_security(struct sk_buff *skb)
+{
+ /* Unused until we have packet labeling across the network. */
+ return;
+}
+
+/* module stacking operations */
+int selinux_register_security (const char *name, struct security_operations *ops)
+{
+ if (secondary_ops != original_ops) {
+ printk(KERN_INFO __FUNCTION__ ": There is already a secondary security module registered.\n");
+ return -EINVAL;
+ }
+
+ secondary_ops = ops;
+
+ printk(KERN_INFO __FUNCTION__ ": Registering secondary module %s\n",
+ name);
+
+ return 0;
+}
+
+int selinux_unregister_security (const char *name, struct security_operations *ops)
+{
+ if (ops != secondary_ops) {
+ printk (KERN_INFO __FUNCTION__ ": trying to unregister a security module that is not registered.\n");
+ return -EINVAL;
+ }
+
+ secondary_ops = original_ops;
+
+ return 0;
+}
+
+static struct binprm_security_ops selinux_bprm_ops = {
+ alloc_security: selinux_bprm_alloc_security,
+ free_security: selinux_bprm_free_security,
+ compute_creds: selinux_bprm_compute_creds,
+ set_security: selinux_bprm_set_security,
+};
+
+static struct super_block_security_ops selinux_sb_ops = {
+ alloc_security: selinux_sb_alloc_security,
+ free_security: selinux_sb_free_security,
+ statfs: selinux_sb_statfs,
+ mount: selinux_mount,
+ check_sb: selinux_check_sb,
+ umount: selinux_umount,
+ umount_close: selinux_umount_close,
+ umount_busy: selinux_umount_busy,
+ post_remount: selinux_post_remount,
+ post_mountroot: selinux_post_mountroot,
+ post_addmount: selinux_post_addmount,
+};
+
+static struct inode_security_ops selinux_inode_ops = {
+ alloc_security: selinux_inode_alloc_security,
+ free_security: selinux_inode_free_security,
+ create: selinux_inode_create,
+ post_create: selinux_inode_post_create,
+ link: selinux_inode_link,
+ post_link: selinux_inode_post_link,
+ unlink: selinux_inode_unlink,
+ symlink: selinux_inode_symlink,
+ post_symlink: selinux_inode_post_symlink,
+ mkdir: selinux_inode_mkdir,
+ post_mkdir: selinux_inode_post_mkdir,
+ rmdir: selinux_inode_rmdir,
+ mknod: selinux_inode_mknod,
+ post_mknod: selinux_inode_post_mknod,
+ rename: selinux_inode_rename,
+ post_rename: selinux_inode_post_rename,
+ readlink: selinux_inode_readlink,
+ follow_link: selinux_inode_follow_link,
+ permission: selinux_inode_permission,
+ revalidate: selinux_inode_revalidate,
+ setattr: selinux_inode_setattr,
+ stat: selinux_inode_stat,
+ post_lookup: selinux_inode_post_lookup,
+ delete: selinux_inode_delete,
+ setxattr: selinux_inode_setxattr,
+ getxattr: selinux_inode_getxattr,
+ listxattr: selinux_inode_listxattr,
+ removexattr: selinux_inode_removexattr,
+};
+
+static struct file_security_ops selinux_file_ops = {
+ permission: selinux_file_permission,
+ alloc_security: selinux_file_alloc_security,
+ free_security: selinux_file_free_security,
+ llseek: selinux_file_llseek,
+ ioctl: selinux_file_ioctl,
+ mmap: selinux_file_mmap,
+ mprotect: selinux_file_mprotect,
+ lock: selinux_file_lock,
+ fcntl: selinux_file_fcntl,
+ set_fowner: selinux_file_set_fowner,
+ send_sigiotask: selinux_file_send_sigiotask,
+ receive: selinux_file_receive,
+};
+
+static struct task_security_ops selinux_task_ops = {
+ create: selinux_task_create,
+ alloc_security: selinux_task_alloc_security,
+ free_security: selinux_task_free_security,
+ setuid: selinux_task_setuid,
+ post_setuid: selinux_task_post_setuid,
+ setgid: selinux_task_setgid,
+ setpgid: selinux_task_setpgid,
+ getpgid: selinux_task_getpgid,
+ getsid: selinux_task_getsid,
+ setgroups: selinux_task_setgroups,
+ setnice: selinux_task_setnice,
+ setrlimit: selinux_task_setrlimit,
+ setscheduler: selinux_task_setscheduler,
+ getscheduler: selinux_task_getscheduler,
+ kill: selinux_task_kill,
+ wait: selinux_task_wait,
+ prctl: selinux_task_prctl,
+ kmod_set_label: selinux_task_kmod_set_label,
+};
+
+static struct socket_security_ops selinux_socket_ops = {
+ create: selinux_socket_create,
+ post_create: selinux_socket_post_create,
+ bind: selinux_socket_bind,
+ connect: selinux_socket_connect,
+ listen: selinux_socket_listen,
+ accept: selinux_socket_accept,
+ sendmsg: selinux_socket_sendmsg,
+ recvmsg: selinux_socket_recvmsg,
+ getsockname: selinux_socket_getsockname,
+ getpeername: selinux_socket_getpeername,
+ getsockopt: selinux_socket_getsockopt,
+ setsockopt: selinux_socket_setsockopt,
+ shutdown: selinux_socket_shutdown,
+ sock_rcv_skb: selinux_sock_rcv_skb,
+ unix_stream_connect: selinux_socket_unix_stream_connect,
+ unix_may_send: selinux_socket_unix_may_send,
+};
+
+static struct skb_security_ops selinux_skb_ops = {
+ alloc_security: selinux_skb_alloc_security,
+ clone: selinux_skb_clone,
+ copy: selinux_skb_copy,
+ set_owner_w: selinux_skb_set_owner_w,
+ free_security: selinux_skb_free_security,
+};
+
+static struct ip_security_ops selinux_ip_ops = {
+ preroute_first: selinux_ip_preroute_first,
+ preroute_last: selinux_ip_preroute_last,
+ input_first: selinux_ip_input_first,
+ input_last: selinux_ip_input_last,
+ forward_first: selinux_ip_forward_first,
+ forward_last: selinux_ip_forward_last,
+ output_first: selinux_ip_output_first,
+ output_last: selinux_ip_output_last,
+ postroute_first: selinux_ip_postroute_first,
+ postroute_last: selinux_ip_postroute_last,
+ fragment: selinux_ip_fragment,
+ defragment: selinux_ip_defragment,
+ encapsulate: selinux_ip_encapsulate,
+ decapsulate: selinux_ip_decapsulate,
+ decode_options: selinux_ip_decode_options,
+};
+
+static struct netdev_security_ops selinux_netdev_ops = {
+ unregister: selinux_netdev_unregister,
+};
+
+static struct module_security_ops selinux_module_ops = {
+ create_module: selinux_module_create_module,
+ init_module: selinux_module_init_module,
+ delete_module: selinux_module_delete_module,
+};
+
+static struct ipc_security_ops selinux_ipc_ops = {
+ permission: selinux_ipc_permission,
+ getinfo: selinux_ipc_getinfo,
+};
+
+static struct msg_msg_security_ops selinux_msg_msg_ops = {
+ alloc_security: selinux_msg_msg_alloc_security,
+ free_security: selinux_msg_msg_free_security,
+};
+
+static struct msg_queue_security_ops selinux_msg_queue_ops = {
+ alloc_security: selinux_msg_queue_alloc_security,
+ free_security: selinux_msg_queue_free_security,
+ associate: selinux_msg_queue_associate,
+ msgctl: selinux_msg_queue_msgctl,
+ msgsnd: selinux_msg_queue_msgsnd,
+ msgrcv: selinux_msg_queue_msgrcv,
+};
+
+static struct shm_security_ops selinux_shm_ops = {
+ alloc_security: selinux_shm_alloc_security,
+ free_security: selinux_shm_free_security,
+ associate: selinux_shm_associate,
+ shmctl: selinux_shm_shmctl,
+ shmat: selinux_shm_shmat,
+};
+
+static struct sem_security_ops selinux_sem_ops = {
+ alloc_security: selinux_sem_alloc_security,
+ free_security: selinux_sem_free_security,
+ associate: selinux_sem_associate,
+ semctl: selinux_sem_semctl,
+ semop: selinux_sem_semop,
+};
+
+struct security_operations selinux_ops = {
+ sethostname: selinux_sethostname,
+ setdomainname: selinux_setdomainname,
+ reboot: selinux_reboot,
+ ioperm: selinux_ioperm,
+ iopl: selinux_iopl,
+ ptrace: selinux_ptrace,
+ capget: selinux_capget,
+ capset_check: selinux_capset_check,
+ capset_set: selinux_capset_set,
+ acct: selinux_acct,
+ sysctl: selinux_sysctl,
+ capable: selinux_capable,
+ sys_security: selinux_sys_security,
+ swapon: selinux_swapon,
+ swapoff: selinux_swapoff,
+ nfsservctl: selinux_nfsservctl,
+ quotactl: selinux_quotactl,
+ quota_on: selinux_quota_on,
+ bdflush: selinux_bdflush,
+ syslog: selinux_syslog,
+ netlink_send: selinux_netlink_send,
+ netlink_recv: selinux_netlink_recv,
+
+ bprm_ops: &selinux_bprm_ops,
+ sb_ops: &selinux_sb_ops,
+ inode_ops: &selinux_inode_ops,
+ file_ops: &selinux_file_ops,
+ task_ops: &selinux_task_ops,
+ socket_ops: &selinux_socket_ops,
+ skb_ops: &selinux_skb_ops,
+ ip_ops: &selinux_ip_ops,
+ netdev_ops: &selinux_netdev_ops,
+ module_ops: &selinux_module_ops,
+ ipc_ops: &selinux_ipc_ops,
+ msg_msg_ops: &selinux_msg_msg_ops,
+ msg_queue_ops: &selinux_msg_queue_ops,
+ shm_ops: &selinux_shm_ops,
+ sem_ops: &selinux_sem_ops,
+
+ register_security: &selinux_register_security,
+ unregister_security: &selinux_unregister_security,
+};
+
+extern void *sys_call_table[];
+
+static long (*orig_syscall)(void);
+
+static int __init selinux_plug_init (void)
+{
+ init_MUTEX(&task_alloc_semaphore);
+ init_MUTEX(&inode_alloc_semaphore);
+ init_MUTEX(&file_alloc_semaphore);
+ init_MUTEX(&sb_alloc_semaphore);
+ init_MUTEX(&netdev_alloc_semaphore);
+ init_MUTEX(&ipc_alloc_semaphore);
+ init_MUTEX(&msg_alloc_semaphore);
+
+ original_ops = secondary_ops = security_ops;
+ if (!original_ops) {
+ printk (KERN_INFO __FUNCTION__ ": No dummy security operations\n");
+ return -EINVAL;
+ }
+
+ avc_init();
+
+#ifdef MODULE
+ if (security_init()) {
+ /* XXX Need an AVC interface for cleaning up. */
+ printk(KERN_INFO __FUNCTION__ ": Could not initialize\n");
+ return -EINVAL;
+ }
+#endif
+
+ /* Replace the LSM security syscall with our own entrypoint
+ function so that the registers on the stack are available
+ for the execve_secure system call. If we didn't need the
+ registers for that call, then we could simply use the LSM
+ security syscall and the sys_security hook function to
+ multiplex our calls. */
+ orig_syscall = sys_call_table[__NR_security];
+ sys_call_table[__NR_security] = sys_security_selinux;
+
+ if (register_security (&selinux_ops)) {
+ printk (KERN_INFO "Failure registering SELinux with the kernel\n");
+ sys_call_table[__NR_security] = orig_syscall;
+ return -EINVAL;
+ }
+
+ printk (KERN_INFO "SELinux: module inserted\n");
+
+ return 0;
+}
+
+
+static void __exit selinux_plug_exit (void)
+{
+ struct list_head *p;
+
+ /* remove ourselves from the security framework */
+ if (unregister_security (&selinux_ops)) {
+ printk (KERN_INFO "Failure unregistering SELinux with the kernel\n");
+ }
+
+ sys_call_table[__NR_security] = orig_syscall;
+
+ /* Deallocate all of the security blobs created by this module
+ and clear the security fields in the corresponding objects. */
+
+ p = task_security_head.next;
+ while (p != &task_security_head) {
+ struct task_security_struct *tsec = list_entry(p, struct task_security_struct, list);
+ p = p->next;
+ task_free_security(tsec->task);
+ }
+
+ p = inode_security_head.next;
+ while (p != &inode_security_head) {
+ struct inode_security_struct *isec = list_entry(p, struct inode_security_struct, list);
+ p = p->next;
+ inode_free_security(isec->inode);
+ }
+
+ p = file_security_head.next;
+ while (p != &file_security_head) {
+ struct file_security_struct *fsec = list_entry(p, struct file_security_struct, list);
+ p = p->next;
+ file_free_security(fsec->file);
+ }
+
+ p = superblock_security_head.next;
+ while (p != &superblock_security_head) {
+ struct superblock_security_struct *sbsec = list_entry(p, struct superblock_security_struct, list);
+ p = p->next;
+ superblock_free_security(sbsec->sb);
+ }
+
+ p = ipc_security_head.next;
+ while (p != &ipc_security_head) {
+ struct ipc_security_struct *isec = list_entry(p, struct ipc_security_struct, list);
+ p = p->next;
+ ipc_free_security(isec->ipc_perm);
+ }
+
+ p = msg_security_head.next;
+ while (p != &msg_security_head) {
+ struct msg_security_struct *msgsec = list_entry(p, struct msg_security_struct, list);
+ p = p->next;
+ msg_msg_free_security(msgsec->msg);
+ }
+
+ p = netdev_security_head.next;
+ while (p != &netdev_security_head) {
+ struct netdev_security_struct *nsec = list_entry(p, struct netdev_security_struct, list);
+ p = p->next;
+ netdev_free_security(nsec->dev);
+ }
+
+ /* XXX: Need AVC and security server interfaces for cleaning up. */
+
+ printk (KERN_INFO "SELinux: module removed\n");
+}
+
+module_init (selinux_plug_init);
+module_exit (selinux_plug_exit);
+
+EXPORT_NO_SYMBOLS;
+
+MODULE_DESCRIPTION("SELinux Security Module");
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Stephen Smalley <ssmalley@nai.com>");
+/* How to specify multiple authors? */
+/*MODULE_AUTHOR("Chris Vance <cvance@nai.com>");*/
+/*MODULE_AUTHOR("Wayne Salamon <wsalamon@nai.com>");*/
diff --minimal -Nru a/security/selinux/include/asm-i386/flask/syscalls.c b/security/selinux/include/asm-i386/flask/syscalls.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/asm-i386/flask/syscalls.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,341 @@
+/*
+ * NSA Security-Enhanced Linux (SELinux) security module
+ *
+ * This file contains the x86-specific code for the
+ * SELinux new system call implementations. In particular,
+ * this code is necessary to support the execve_secure system call.
+ * This file consists of the sys_execve_secure function and the
+ * sys_security_selinux function. The latter function is used to
+ * replace the LSM entrypoint function for sys_security so that we
+ * can pass a pointer to the registers on the stack to the sys_execve_secure
+ * function.
+ *
+ * This file also contains the 64-bit variants of the stat_secure system
+ * calls.
+ *
+ * Authors: Stephen Smalley, NAI Labs, <ssmalley@nai.com>
+ * Chris Vance, <cvance@nai.com>
+ *
+ * Copyright (C) 2001 Networks Associates Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <linux/ptrace.h>
+
+long sys_execve_secure(const char *path,
+ char **argv,
+ char **envp,
+ security_id_t sid,
+ struct pt_regs *regp)
+{
+ int error;
+ char * filename;
+ struct task_security_struct *tsec;
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+
+ filename = getname(path);
+ error = PTR_ERR(filename);
+ if (IS_ERR(filename))
+ goto out;
+ tsec->in_sid[0] = sid;
+ error = do_execve(filename, argv, envp, regp);
+ tsec->in_sid[0] = 0;
+ if (error == 0)
+ current->ptrace &= ~PT_DTRACE;
+ putname(filename);
+out:
+ return error;
+}
+
+
+long sys_lstat64_stat64_secure(int follow_link,
+ const char *pathname,
+ struct stat64 *buf,
+ security_id_t *out_sid)
+{
+ long (*stat64_f)(const char * filename, struct stat64 * statbuf);
+ struct task_security_struct *tsec;
+ int rc;
+
+ if (follow_link)
+ stat64_f = sys_call_table[__NR_stat64];
+ else
+ stat64_f = sys_call_table[__NR_lstat64];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+
+ rc = stat64_f(pathname, buf);
+ if (rc)
+ return rc;
+
+ if (out_sid) {
+ if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+long sys_fstat64_secure(unsigned int fd,
+ struct stat64 *buf,
+ security_id_t *out_sid)
+{
+ long (*fstat64_f)(unsigned int fd, struct stat64 * statbuf);
+ struct task_security_struct *tsec;
+ int rc;
+
+ fstat64_f = sys_call_table[__NR_fstat64];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ rc = fstat64_f(fd, buf);
+ if (rc)
+ return rc;
+
+ if (out_sid) {
+ if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+/* Argument list sizes for sys_security_selinux */
+#define AL(x) ((x) * sizeof(unsigned long))
+static unsigned char nargs[SELINUXCALL_NUM+1]= {
+ AL(0), /* null */
+ AL(2), /* compute_av */
+ AL(0), /* unused */
+ AL(4), /* transition_sid */
+ AL(4), /* member_sid */
+ AL(3), /* sid_to_context */
+ AL(3), /* context_to_sid */
+ AL(2), /* load_policy */
+ AL(4), /* change_sid */
+ AL(2), /* get_sids */
+ AL(5), /* get_user_sids */
+ AL(0), /* avc_toggle */
+ AL(0), /* getsid */
+ AL(0), /* getosid */
+ AL(3), /* lstat */
+ AL(2), /* lchsid */
+ AL(3), /* stat */
+ AL(2), /* chsid */
+ AL(3), /* fstat */
+ AL(2), /* fchsid */
+ AL(4), /* open */
+ AL(3), /* mkdir */
+ AL(4), /* mknod */
+ AL(3), /* symlink */
+ AL(3), /* statfs */
+ AL(3), /* fstatfs */
+ AL(3), /* chsidfs */
+ AL(3), /* fchsidfs */
+ AL(2), /* shmsid */
+ AL(2), /* semsid */
+ AL(2), /* msgsid */
+ AL(4), /* shmget */
+ AL(4), /* semget */
+ AL(3), /* msgget */
+ AL(5), /* msgsnd */
+ AL(6), /* msgrcv */
+ AL(4), /* execve */
+ AL(3), /* stat64 */
+ AL(3), /* lstat64 */
+ AL(3), /* fstat64 */
+ AL(0) /* avc_enforcing */
+};
+#undef AL
+
+asmlinkage long sys_security_selinux(struct pt_regs regs)
+{
+ unsigned long a[6];
+ unsigned long a0,a1;
+ unsigned int magic = regs.ebx;
+ unsigned int call = regs.ecx;
+ unsigned long *args = (unsigned long *)regs.edx;
+ int err = -EINVAL;
+
+ if (magic != SELINUX_MAGIC)
+ return -ENOSYS;
+
+ if(call<1||call>SELINUXCALL_NUM)
+ return -EINVAL;
+
+ /* copy_from_user should be SMP safe. */
+ if (copy_from_user(a, args, nargs[call]))
+ return -EFAULT;
+
+ a0=a[0];
+ a1=a[1];
+
+ switch(call) {
+ case SELINUXCALL_COMPUTE_AV:
+ err = sys_security_compute_av((struct security_query *)a0,
+ (struct security_response*)a1);
+ break;
+ case SELINUXCALL_TRANSITION_SID:
+ err = sys_security_transition_sid(a0,a1,a[2],(security_id_t*)a[3]);
+ break;
+ case SELINUXCALL_MEMBER_SID:
+ err = sys_security_member_sid(a0,a1,a[2],(security_id_t*)a[3]);
+ break;
+ case SELINUXCALL_SID_TO_CONTEXT:
+ err = sys_security_sid_to_context(a0,
+ (security_context_t)a1,
+ (__u32 *)a[2]);
+ break;
+ case SELINUXCALL_CONTEXT_TO_SID:
+ err = sys_security_context_to_sid((security_context_t)a0,
+ a1,
+ (security_id_t *)a[2]);
+ break;
+ case SELINUXCALL_LOAD_POLICY:
+ err = sys_security_load_policy((char *) a0, a1);
+ break;
+ case SELINUXCALL_CHANGE_SID:
+ err = sys_security_change_sid(a0,a1,a[2],
+ (security_id_t*)a[3]);
+ break;
+ case SELINUXCALL_GET_SIDS:
+ err = sys_security_get_sids((security_id_t*)a0,
+ (__u32*)a1);
+ break;
+ case SELINUXCALL_GET_USER_SIDS:
+ err = sys_security_get_user_sids(a0,
+ (char *) a1,
+ a[2],
+ (security_id_t*)a[3],
+ (__u32*)a[4]);
+ break;
+ case SELINUXCALL_AVC_TOGGLE:
+ err = sys_avc_toggle();
+ break;
+ case SELINUXCALL_GETOSECSID:
+ err = sys_getosecsid();
+ break;
+ case SELINUXCALL_GETSECSID:
+ err = sys_getsecsid();
+ break;
+ case SELINUXCALL_LSTAT:
+ err = sys_lstat_stat_secure(0,
+ (const char *)a0,
+ (struct stat*)a1,
+ (security_id_t*)a[2]);
+ break;
+ case SELINUXCALL_STAT:
+ err = sys_lstat_stat_secure(1,
+ (const char *)a0,
+ (struct stat*)a1,
+ (security_id_t*)a[2]);
+ break;
+ case SELINUXCALL_FSTAT:
+ err = sys_fstat_secure(a0,
+ (struct stat*)a1,
+ (security_id_t*)a[2]);
+ break;
+ case SELINUXCALL_LCHSID:
+ err = sys_lchsid_chsid(0, (const char*)a0, a1);
+ break;
+ case SELINUXCALL_CHSID:
+ err = sys_lchsid_chsid(1, (const char*)a0, a1);
+ break;
+ case SELINUXCALL_FCHSID:
+ err = sys_fchsid(a0, a1);
+ break;
+ case SELINUXCALL_OPEN:
+ err = sys_open_secure((const char *)a0,a1,a[2],a[3]);
+ break;
+ case SELINUXCALL_MKDIR:
+ err = sys_mkdir_secure((const char *)a0,a1,a[2]);
+ break;
+ case SELINUXCALL_MKNOD:
+ err = sys_mknod_secure((const char *)a0,a1,a[2],a[3]);
+ break;
+ case SELINUXCALL_SYMLINK:
+ err = sys_symlink_secure((const char *)a0,(const char *)a1,a[2]);
+ break;
+ case SELINUXCALL_STATFS:
+ err = sys_statfs_secure((const char *)a0,
+ (struct statfs *)a1,
+ (security_id_t *)a[2]);
+ break;
+ case SELINUXCALL_FSTATFS:
+ err = sys_fstatfs_secure(a0,
+ (struct statfs *)a1,
+ (security_id_t *)a[2]);
+ case SELINUXCALL_CHSIDFS:
+ err = sys_chsidfs((const char *)a0,a1,a[2]);
+ break;
+ case SELINUXCALL_FCHSIDFS:
+ err = sys_fchsidfs(a0,a1,a[2]);
+ break;
+ case SELINUXCALL_MSGGET:
+ err = sys_msgget_secure(a0, a1, a[2]);
+ break;
+ case SELINUXCALL_SEMGET:
+ err = sys_semget_secure(a0, a1, a[2], a[3]);
+ break;
+ case SELINUXCALL_SHMGET:
+ err = sys_shmget_secure(a0, a1, a[2], a[3]);
+ break;
+ case SELINUXCALL_MSGSND:
+ err = sys_msgsnd_secure(a0, (void *)a1, a[2], a[3], a[4]);
+ break;
+ case SELINUXCALL_MSGRCV:
+ err = sys_msgrcv_secure(a0, (void *)a1, a[2], a[3], a[4],
+ (security_id_t *)a[5]);
+ break;
+ case SELINUXCALL_SEMSID:
+ err = sys_semsid(a0, (security_id_t *)a1);
+ break;
+ case SELINUXCALL_SHMSID:
+ err = sys_shmsid(a0, (security_id_t *)a1);
+ break;
+ case SELINUXCALL_MSGSID:
+ err = sys_msgsid(a0, (security_id_t *)a1);
+ break;
+ case SELINUXCALL_EXECVE:
+ err = sys_execve_secure((char *)a0, (char**)a1,
+ (char**)a[2], a[3], ®s);
+ break;
+ case SELINUXCALL_LSTAT64:
+ err = sys_lstat64_stat64_secure(0,
+ (const char *)a0,
+ (struct stat64*)a1,
+ (security_id_t*)a[2]);
+ break;
+ case SELINUXCALL_STAT64:
+ err = sys_lstat64_stat64_secure(1,
+ (const char *)a0,
+ (struct stat64*)a1,
+ (security_id_t*)a[2]);
+ break;
+ case SELINUXCALL_FSTAT64:
+ err = sys_fstat64_secure(a0,
+ (struct stat64*)a1,
+ (security_id_t*)a[2]);
+ break;
+ case SELINUXCALL_AVC_ENFORCING:
+ err = sys_avc_enforcing();
+ break;
+ default:
+ err = -EINVAL;
+ break;
+ }
+
+ return err;
+}
diff --minimal -Nru a/security/selinux/include/asm-i386/flask/unistd.h b/security/selinux/include/asm-i386/flask/unistd.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/asm-i386/flask/unistd.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,10 @@
+#ifndef _ASM_FLASK_UNISTD_H_
+#define _ASM_FLASK_UNISTD_H_
+
+#include <linux/unistd.h>
+#define __NR_lsm __NR_security
+
+#include <linux/ptrace.h>
+extern long sys_security_selinux(struct pt_regs regs);
+
+#endif
diff --minimal -Nru a/security/selinux/include/linux/flask/av_inherit.h b/security/selinux/include/linux/flask/av_inherit.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/av_inherit.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,37 @@
+/* This file is automatically generated. Do not edit. */
+/* FLASK */
+
+typedef struct
+{
+ security_class_t tclass;
+ char **common_pts;
+ access_vector_t common_base;
+} av_inherit_t;
+
+static av_inherit_t av_inherit[] = {
+ { SECCLASS_DIR, common_file_perm_to_string, 0x00100000UL },
+ { SECCLASS_FILE, common_file_perm_to_string, 0x00100000UL },
+ { SECCLASS_LNK_FILE, common_file_perm_to_string, 0x00100000UL },
+ { SECCLASS_CHR_FILE, common_file_perm_to_string, 0x00100000UL },
+ { SECCLASS_BLK_FILE, common_file_perm_to_string, 0x00100000UL },
+ { SECCLASS_SOCK_FILE, common_file_perm_to_string, 0x00100000UL },
+ { SECCLASS_FIFO_FILE, common_file_perm_to_string, 0x00100000UL },
+ { SECCLASS_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+ { SECCLASS_TCP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+ { SECCLASS_UDP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+ { SECCLASS_RAWIP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+ { SECCLASS_NETLINK_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+ { SECCLASS_PACKET_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+ { SECCLASS_KEY_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+ { SECCLASS_UNIX_STREAM_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+ { SECCLASS_UNIX_DGRAM_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+ { SECCLASS_IPC, common_ipc_perm_to_string, 0x00000200UL },
+ { SECCLASS_SEM, common_ipc_perm_to_string, 0x00000200UL },
+ { SECCLASS_MSGQ, common_ipc_perm_to_string, 0x00000200UL },
+ { SECCLASS_SHM, common_ipc_perm_to_string, 0x00000200UL },
+};
+
+#define AV_INHERIT_SIZE (sizeof(av_inherit)/sizeof(av_inherit_t))
+
+
+/* FLASK */
diff --minimal -Nru a/security/selinux/include/linux/flask/av_perm_to_string.h b/security/selinux/include/linux/flask/av_perm_to_string.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/av_perm_to_string.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,127 @@
+/* This file is automatically generated. Do not edit. */
+/* FLASK */
+
+typedef struct
+{
+ security_class_t tclass;
+ access_vector_t value;
+ char *name;
+} av_perm_to_string_t;
+
+static av_perm_to_string_t av_perm_to_string[] = {
+ { SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount" },
+ { SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount" },
+ { SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount" },
+ { SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr" },
+ { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom" },
+ { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto" },
+ { SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition" },
+ { SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate" },
+ { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod" },
+ { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget" },
+ { SECCLASS_DIR, DIR__ADD_NAME, "add_name" },
+ { SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name" },
+ { SECCLASS_DIR, DIR__REPARENT, "reparent" },
+ { SECCLASS_DIR, DIR__SEARCH, "search" },
+ { SECCLASS_DIR, DIR__RMDIR, "rmdir" },
+ { SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans" },
+ { SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint" },
+ { SECCLASS_FD, FD__CREATE, "create" },
+ { SECCLASS_FD, FD__USE, "use" },
+ { SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" },
+ { SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" },
+ { SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" },
+ { SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" },
+ { SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" },
+ { SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" },
+ { SECCLASS_NODE, NODE__UDP_SEND, "udp_send" },
+ { SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv" },
+ { SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send" },
+ { SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest" },
+ { SECCLASS_NETIF, NETIF__GETATTR, "getattr" },
+ { SECCLASS_NETIF, NETIF__SETATTR, "setattr" },
+ { SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv" },
+ { SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send" },
+ { SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv" },
+ { SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send" },
+ { SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv" },
+ { SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send" },
+ { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto" },
+ { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn" },
+ { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom" },
+ { SECCLASS_PROCESS, PROCESS__FORK, "fork" },
+ { SECCLASS_PROCESS, PROCESS__TRANSITION, "transition" },
+ { SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld" },
+ { SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill" },
+ { SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop" },
+ { SECCLASS_PROCESS, PROCESS__SIGNAL, "signal" },
+ { SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace" },
+ { SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched" },
+ { SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched" },
+ { SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession" },
+ { SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid" },
+ { SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid" },
+ { SECCLASS_PROCESS, PROCESS__GETCAP, "getcap" },
+ { SECCLASS_PROCESS, PROCESS__SETCAP, "setcap" },
+ { SECCLASS_PROCESS, PROCESS__SHARE, "share" },
+ { SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" },
+ { SECCLASS_MSG, MSG__SEND, "send" },
+ { SECCLASS_MSG, MSG__RECEIVE, "receive" },
+ { SECCLASS_SHM, SHM__LOCK, "lock" },
+ { SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av" },
+ { SECCLASS_SECURITY, SECURITY__NOTIFY_PERM, "notify_perm" },
+ { SECCLASS_SECURITY, SECURITY__TRANSITION_SID, "transition_sid" },
+ { SECCLASS_SECURITY, SECURITY__MEMBER_SID, "member_sid" },
+ { SECCLASS_SECURITY, SECURITY__SID_TO_CONTEXT, "sid_to_context" },
+ { SECCLASS_SECURITY, SECURITY__CONTEXT_TO_SID, "context_to_sid" },
+ { SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy" },
+ { SECCLASS_SECURITY, SECURITY__GET_SIDS, "get_sids" },
+ { SECCLASS_SECURITY, SECURITY__REGISTER_AVC, "register_avc" },
+ { SECCLASS_SECURITY, SECURITY__CHANGE_SID, "change_sid" },
+ { SECCLASS_SECURITY, SECURITY__GET_USER_SIDS, "get_user_sids" },
+ { SECCLASS_SYSTEM, SYSTEM__NET_IO_CONTROL, "net_io_control" },
+ { SECCLASS_SYSTEM, SYSTEM__ROUTE_CONTROL, "route_control" },
+ { SECCLASS_SYSTEM, SYSTEM__ARP_CONTROL, "arp_control" },
+ { SECCLASS_SYSTEM, SYSTEM__RARP_CONTROL, "rarp_control" },
+ { SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info" },
+ { SECCLASS_SYSTEM, SYSTEM__AVC_TOGGLE, "avc_toggle" },
+ { SECCLASS_SYSTEM, SYSTEM__NFSD_CONTROL, "nfsd_control" },
+ { SECCLASS_SYSTEM, SYSTEM__BDFLUSH, "bdflush" },
+ { SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read" },
+ { SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod" },
+ { SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console" },
+ { SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown" },
+ { SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override" },
+ { SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search" },
+ { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" },
+ { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" },
+ { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap" },
+ { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" },
+ { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" },
+ { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" },
+ { SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin" },
+ { SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw" },
+ { SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock" },
+ { SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" },
+ { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" },
+ { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" },
+ { SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease" },
+};
+
+#define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t))
+
+
+/* FLASK */
diff --minimal -Nru a/security/selinux/include/linux/flask/av_permissions.h b/security/selinux/include/linux/flask/av_permissions.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/av_permissions.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,598 @@
+/* This file is automatically generated. Do not edit. */
+/* FLASK */
+
+#define COMMON_FILE__POLL 0x00000001UL
+#define COMMON_FILE__IOCTL 0x00000002UL
+#define COMMON_FILE__READ 0x00000004UL
+#define COMMON_FILE__WRITE 0x00000008UL
+#define COMMON_FILE__CREATE 0x00000010UL
+#define COMMON_FILE__GETATTR 0x00000020UL
+#define COMMON_FILE__SETATTR 0x00000040UL
+#define COMMON_FILE__LOCK 0x00000080UL
+#define COMMON_FILE__RELABELFROM 0x00000100UL
+#define COMMON_FILE__RELABELTO 0x00000200UL
+#define COMMON_FILE__TRANSITION 0x00000400UL
+#define COMMON_FILE__APPEND 0x00000800UL
+#define COMMON_FILE__ACCESS 0x00001000UL
+#define COMMON_FILE__UNLINK 0x00002000UL
+#define COMMON_FILE__LINK 0x00004000UL
+#define COMMON_FILE__RENAME 0x00008000UL
+#define COMMON_FILE__EXECUTE 0x00010000UL
+#define COMMON_FILE__SWAPON 0x00020000UL
+#define COMMON_FILE__QUOTAON 0x00040000UL
+#define COMMON_FILE__MOUNTON 0x00080000UL
+
+#define COMMON_SOCKET__POLL 0x00000001UL
+#define COMMON_SOCKET__IOCTL 0x00000002UL
+#define COMMON_SOCKET__READ 0x00000004UL
+#define COMMON_SOCKET__WRITE 0x00000008UL
+#define COMMON_SOCKET__CREATE 0x00000010UL
+#define COMMON_SOCKET__GETATTR 0x00000020UL
+#define COMMON_SOCKET__SETATTR 0x00000040UL
+#define COMMON_SOCKET__LOCK 0x00000080UL
+#define COMMON_SOCKET__RELABELFROM 0x00000100UL
+#define COMMON_SOCKET__RELABELTO 0x00000200UL
+#define COMMON_SOCKET__TRANSITION 0x00000400UL
+#define COMMON_SOCKET__APPEND 0x00000800UL
+#define COMMON_SOCKET__BIND 0x00001000UL
+#define COMMON_SOCKET__CONNECT 0x00002000UL
+#define COMMON_SOCKET__LISTEN 0x00004000UL
+#define COMMON_SOCKET__ACCEPT 0x00008000UL
+#define COMMON_SOCKET__GETOPT 0x00010000UL
+#define COMMON_SOCKET__SETOPT 0x00020000UL
+#define COMMON_SOCKET__SHUTDOWN 0x00040000UL
+#define COMMON_SOCKET__RECVFROM 0x00080000UL
+#define COMMON_SOCKET__SENDTO 0x00100000UL
+#define COMMON_SOCKET__RECV_MSG 0x00200000UL
+#define COMMON_SOCKET__SEND_MSG 0x00400000UL
+#define COMMON_SOCKET__NAME_BIND 0x00800000UL
+
+#define COMMON_IPC__CREATE 0x00000001UL
+#define COMMON_IPC__DESTROY 0x00000002UL
+#define COMMON_IPC__GETATTR 0x00000004UL
+#define COMMON_IPC__SETATTR 0x00000008UL
+#define COMMON_IPC__READ 0x00000010UL
+#define COMMON_IPC__WRITE 0x00000020UL
+#define COMMON_IPC__ASSOCIATE 0x00000040UL
+#define COMMON_IPC__UNIX_READ 0x00000080UL
+#define COMMON_IPC__UNIX_WRITE 0x00000100UL
+
+#define FILESYSTEM__MOUNT 0x00000001UL
+#define FILESYSTEM__REMOUNT 0x00000002UL
+#define FILESYSTEM__UNMOUNT 0x00000004UL
+#define FILESYSTEM__GETATTR 0x00000008UL
+#define FILESYSTEM__RELABELFROM 0x00000010UL
+#define FILESYSTEM__RELABELTO 0x00000020UL
+#define FILESYSTEM__TRANSITION 0x00000040UL
+#define FILESYSTEM__ASSOCIATE 0x00000080UL
+#define FILESYSTEM__QUOTAMOD 0x00000100UL
+#define FILESYSTEM__QUOTAGET 0x00000200UL
+
+#define DIR__EXECUTE 0x00010000UL
+#define DIR__UNLINK 0x00002000UL
+#define DIR__SETATTR 0x00000040UL
+#define DIR__QUOTAON 0x00040000UL
+#define DIR__RELABELFROM 0x00000100UL
+#define DIR__LINK 0x00004000UL
+#define DIR__WRITE 0x00000008UL
+#define DIR__ACCESS 0x00001000UL
+#define DIR__IOCTL 0x00000002UL
+#define DIR__RELABELTO 0x00000200UL
+#define DIR__READ 0x00000004UL
+#define DIR__POLL 0x00000001UL
+#define DIR__RENAME 0x00008000UL
+#define DIR__APPEND 0x00000800UL
+#define DIR__TRANSITION 0x00000400UL
+#define DIR__LOCK 0x00000080UL
+#define DIR__SWAPON 0x00020000UL
+#define DIR__GETATTR 0x00000020UL
+#define DIR__MOUNTON 0x00080000UL
+#define DIR__CREATE 0x00000010UL
+
+#define DIR__ADD_NAME 0x00100000UL
+#define DIR__REMOVE_NAME 0x00200000UL
+#define DIR__REPARENT 0x00400000UL
+#define DIR__SEARCH 0x00800000UL
+#define DIR__RMDIR 0x01000000UL
+
+#define FILE__EXECUTE 0x00010000UL
+#define FILE__UNLINK 0x00002000UL
+#define FILE__SETATTR 0x00000040UL
+#define FILE__QUOTAON 0x00040000UL
+#define FILE__RELABELFROM 0x00000100UL
+#define FILE__LINK 0x00004000UL
+#define FILE__WRITE 0x00000008UL
+#define FILE__ACCESS 0x00001000UL
+#define FILE__IOCTL 0x00000002UL
+#define FILE__RELABELTO 0x00000200UL
+#define FILE__READ 0x00000004UL
+#define FILE__POLL 0x00000001UL
+#define FILE__RENAME 0x00008000UL
+#define FILE__APPEND 0x00000800UL
+#define FILE__TRANSITION 0x00000400UL
+#define FILE__LOCK 0x00000080UL
+#define FILE__SWAPON 0x00020000UL
+#define FILE__GETATTR 0x00000020UL
+#define FILE__MOUNTON 0x00080000UL
+#define FILE__CREATE 0x00000010UL
+
+#define FILE__EXECUTE_NO_TRANS 0x00100000UL
+#define FILE__ENTRYPOINT 0x00200000UL
+
+#define LNK_FILE__EXECUTE 0x00010000UL
+#define LNK_FILE__UNLINK 0x00002000UL
+#define LNK_FILE__SETATTR 0x00000040UL
+#define LNK_FILE__QUOTAON 0x00040000UL
+#define LNK_FILE__RELABELFROM 0x00000100UL
+#define LNK_FILE__LINK 0x00004000UL
+#define LNK_FILE__WRITE 0x00000008UL
+#define LNK_FILE__ACCESS 0x00001000UL
+#define LNK_FILE__IOCTL 0x00000002UL
+#define LNK_FILE__RELABELTO 0x00000200UL
+#define LNK_FILE__READ 0x00000004UL
+#define LNK_FILE__POLL 0x00000001UL
+#define LNK_FILE__RENAME 0x00008000UL
+#define LNK_FILE__APPEND 0x00000800UL
+#define LNK_FILE__TRANSITION 0x00000400UL
+#define LNK_FILE__LOCK 0x00000080UL
+#define LNK_FILE__SWAPON 0x00020000UL
+#define LNK_FILE__GETATTR 0x00000020UL
+#define LNK_FILE__MOUNTON 0x00080000UL
+#define LNK_FILE__CREATE 0x00000010UL
+
+#define CHR_FILE__EXECUTE 0x00010000UL
+#define CHR_FILE__UNLINK 0x00002000UL
+#define CHR_FILE__SETATTR 0x00000040UL
+#define CHR_FILE__QUOTAON 0x00040000UL
+#define CHR_FILE__RELABELFROM 0x00000100UL
+#define CHR_FILE__LINK 0x00004000UL
+#define CHR_FILE__WRITE 0x00000008UL
+#define CHR_FILE__ACCESS 0x00001000UL
+#define CHR_FILE__IOCTL 0x00000002UL
+#define CHR_FILE__RELABELTO 0x00000200UL
+#define CHR_FILE__READ 0x00000004UL
+#define CHR_FILE__POLL 0x00000001UL
+#define CHR_FILE__RENAME 0x00008000UL
+#define CHR_FILE__APPEND 0x00000800UL
+#define CHR_FILE__TRANSITION 0x00000400UL
+#define CHR_FILE__LOCK 0x00000080UL
+#define CHR_FILE__SWAPON 0x00020000UL
+#define CHR_FILE__GETATTR 0x00000020UL
+#define CHR_FILE__MOUNTON 0x00080000UL
+#define CHR_FILE__CREATE 0x00000010UL
+
+#define BLK_FILE__EXECUTE 0x00010000UL
+#define BLK_FILE__UNLINK 0x00002000UL
+#define BLK_FILE__SETATTR 0x00000040UL
+#define BLK_FILE__QUOTAON 0x00040000UL
+#define BLK_FILE__RELABELFROM 0x00000100UL
+#define BLK_FILE__LINK 0x00004000UL
+#define BLK_FILE__WRITE 0x00000008UL
+#define BLK_FILE__ACCESS 0x00001000UL
+#define BLK_FILE__IOCTL 0x00000002UL
+#define BLK_FILE__RELABELTO 0x00000200UL
+#define BLK_FILE__READ 0x00000004UL
+#define BLK_FILE__POLL 0x00000001UL
+#define BLK_FILE__RENAME 0x00008000UL
+#define BLK_FILE__APPEND 0x00000800UL
+#define BLK_FILE__TRANSITION 0x00000400UL
+#define BLK_FILE__LOCK 0x00000080UL
+#define BLK_FILE__SWAPON 0x00020000UL
+#define BLK_FILE__GETATTR 0x00000020UL
+#define BLK_FILE__MOUNTON 0x00080000UL
+#define BLK_FILE__CREATE 0x00000010UL
+
+#define SOCK_FILE__EXECUTE 0x00010000UL
+#define SOCK_FILE__UNLINK 0x00002000UL
+#define SOCK_FILE__SETATTR 0x00000040UL
+#define SOCK_FILE__QUOTAON 0x00040000UL
+#define SOCK_FILE__RELABELFROM 0x00000100UL
+#define SOCK_FILE__LINK 0x00004000UL
+#define SOCK_FILE__WRITE 0x00000008UL
+#define SOCK_FILE__ACCESS 0x00001000UL
+#define SOCK_FILE__IOCTL 0x00000002UL
+#define SOCK_FILE__RELABELTO 0x00000200UL
+#define SOCK_FILE__READ 0x00000004UL
+#define SOCK_FILE__POLL 0x00000001UL
+#define SOCK_FILE__RENAME 0x00008000UL
+#define SOCK_FILE__APPEND 0x00000800UL
+#define SOCK_FILE__TRANSITION 0x00000400UL
+#define SOCK_FILE__LOCK 0x00000080UL
+#define SOCK_FILE__SWAPON 0x00020000UL
+#define SOCK_FILE__GETATTR 0x00000020UL
+#define SOCK_FILE__MOUNTON 0x00080000UL
+#define SOCK_FILE__CREATE 0x00000010UL
+
+#define FIFO_FILE__EXECUTE 0x00010000UL
+#define FIFO_FILE__UNLINK 0x00002000UL
+#define FIFO_FILE__SETATTR 0x00000040UL
+#define FIFO_FILE__QUOTAON 0x00040000UL
+#define FIFO_FILE__RELABELFROM 0x00000100UL
+#define FIFO_FILE__LINK 0x00004000UL
+#define FIFO_FILE__WRITE 0x00000008UL
+#define FIFO_FILE__ACCESS 0x00001000UL
+#define FIFO_FILE__IOCTL 0x00000002UL
+#define FIFO_FILE__RELABELTO 0x00000200UL
+#define FIFO_FILE__READ 0x00000004UL
+#define FIFO_FILE__POLL 0x00000001UL
+#define FIFO_FILE__RENAME 0x00008000UL
+#define FIFO_FILE__APPEND 0x00000800UL
+#define FIFO_FILE__TRANSITION 0x00000400UL
+#define FIFO_FILE__LOCK 0x00000080UL
+#define FIFO_FILE__SWAPON 0x00020000UL
+#define FIFO_FILE__GETATTR 0x00000020UL
+#define FIFO_FILE__MOUNTON 0x00080000UL
+#define FIFO_FILE__CREATE 0x00000010UL
+
+#define FD__CREATE 0x00000001UL
+#define FD__USE 0x00000002UL
+
+#define SOCKET__RELABELTO 0x00000200UL
+#define SOCKET__RECV_MSG 0x00200000UL
+#define SOCKET__RELABELFROM 0x00000100UL
+#define SOCKET__SETOPT 0x00020000UL
+#define SOCKET__APPEND 0x00000800UL
+#define SOCKET__SETATTR 0x00000040UL
+#define SOCKET__SENDTO 0x00100000UL
+#define SOCKET__GETOPT 0x00010000UL
+#define SOCKET__TRANSITION 0x00000400UL
+#define SOCKET__READ 0x00000004UL
+#define SOCKET__POLL 0x00000001UL
+#define SOCKET__SHUTDOWN 0x00040000UL
+#define SOCKET__LISTEN 0x00004000UL
+#define SOCKET__BIND 0x00001000UL
+#define SOCKET__WRITE 0x00000008UL
+#define SOCKET__ACCEPT 0x00008000UL
+#define SOCKET__CONNECT 0x00002000UL
+#define SOCKET__LOCK 0x00000080UL
+#define SOCKET__IOCTL 0x00000002UL
+#define SOCKET__CREATE 0x00000010UL
+#define SOCKET__NAME_BIND 0x00800000UL
+#define SOCKET__SEND_MSG 0x00400000UL
+#define SOCKET__RECVFROM 0x00080000UL
+#define SOCKET__GETATTR 0x00000020UL
+
+#define TCP_SOCKET__RELABELTO 0x00000200UL
+#define TCP_SOCKET__RECV_MSG 0x00200000UL
+#define TCP_SOCKET__RELABELFROM 0x00000100UL
+#define TCP_SOCKET__SETOPT 0x00020000UL
+#define TCP_SOCKET__APPEND 0x00000800UL
+#define TCP_SOCKET__SETATTR 0x00000040UL
+#define TCP_SOCKET__SENDTO 0x00100000UL
+#define TCP_SOCKET__GETOPT 0x00010000UL
+#define TCP_SOCKET__TRANSITION 0x00000400UL
+#define TCP_SOCKET__READ 0x00000004UL
+#define TCP_SOCKET__POLL 0x00000001UL
+#define TCP_SOCKET__SHUTDOWN 0x00040000UL
+#define TCP_SOCKET__LISTEN 0x00004000UL
+#define TCP_SOCKET__BIND 0x00001000UL
+#define TCP_SOCKET__WRITE 0x00000008UL
+#define TCP_SOCKET__ACCEPT 0x00008000UL
+#define TCP_SOCKET__CONNECT 0x00002000UL
+#define TCP_SOCKET__LOCK 0x00000080UL
+#define TCP_SOCKET__IOCTL 0x00000002UL
+#define TCP_SOCKET__CREATE 0x00000010UL
+#define TCP_SOCKET__NAME_BIND 0x00800000UL
+#define TCP_SOCKET__SEND_MSG 0x00400000UL
+#define TCP_SOCKET__RECVFROM 0x00080000UL
+#define TCP_SOCKET__GETATTR 0x00000020UL
+
+#define TCP_SOCKET__CONNECTTO 0x01000000UL
+#define TCP_SOCKET__NEWCONN 0x02000000UL
+#define TCP_SOCKET__ACCEPTFROM 0x04000000UL
+
+#define UDP_SOCKET__RELABELTO 0x00000200UL
+#define UDP_SOCKET__RECV_MSG 0x00200000UL
+#define UDP_SOCKET__RELABELFROM 0x00000100UL
+#define UDP_SOCKET__SETOPT 0x00020000UL
+#define UDP_SOCKET__APPEND 0x00000800UL
+#define UDP_SOCKET__SETATTR 0x00000040UL
+#define UDP_SOCKET__SENDTO 0x00100000UL
+#define UDP_SOCKET__GETOPT 0x00010000UL
+#define UDP_SOCKET__TRANSITION 0x00000400UL
+#define UDP_SOCKET__READ 0x00000004UL
+#define UDP_SOCKET__POLL 0x00000001UL
+#define UDP_SOCKET__SHUTDOWN 0x00040000UL
+#define UDP_SOCKET__LISTEN 0x00004000UL
+#define UDP_SOCKET__BIND 0x00001000UL
+#define UDP_SOCKET__WRITE 0x00000008UL
+#define UDP_SOCKET__ACCEPT 0x00008000UL
+#define UDP_SOCKET__CONNECT 0x00002000UL
+#define UDP_SOCKET__LOCK 0x00000080UL
+#define UDP_SOCKET__IOCTL 0x00000002UL
+#define UDP_SOCKET__CREATE 0x00000010UL
+#define UDP_SOCKET__NAME_BIND 0x00800000UL
+#define UDP_SOCKET__SEND_MSG 0x00400000UL
+#define UDP_SOCKET__RECVFROM 0x00080000UL
+#define UDP_SOCKET__GETATTR 0x00000020UL
+
+#define RAWIP_SOCKET__RELABELTO 0x00000200UL
+#define RAWIP_SOCKET__RECV_MSG 0x00200000UL
+#define RAWIP_SOCKET__RELABELFROM 0x00000100UL
+#define RAWIP_SOCKET__SETOPT 0x00020000UL
+#define RAWIP_SOCKET__APPEND 0x00000800UL
+#define RAWIP_SOCKET__SETATTR 0x00000040UL
+#define RAWIP_SOCKET__SENDTO 0x00100000UL
+#define RAWIP_SOCKET__GETOPT 0x00010000UL
+#define RAWIP_SOCKET__TRANSITION 0x00000400UL
+#define RAWIP_SOCKET__READ 0x00000004UL
+#define RAWIP_SOCKET__POLL 0x00000001UL
+#define RAWIP_SOCKET__SHUTDOWN 0x00040000UL
+#define RAWIP_SOCKET__LISTEN 0x00004000UL
+#define RAWIP_SOCKET__BIND 0x00001000UL
+#define RAWIP_SOCKET__WRITE 0x00000008UL
+#define RAWIP_SOCKET__ACCEPT 0x00008000UL
+#define RAWIP_SOCKET__CONNECT 0x00002000UL
+#define RAWIP_SOCKET__LOCK 0x00000080UL
+#define RAWIP_SOCKET__IOCTL 0x00000002UL
+#define RAWIP_SOCKET__CREATE 0x00000010UL
+#define RAWIP_SOCKET__NAME_BIND 0x00800000UL
+#define RAWIP_SOCKET__SEND_MSG 0x00400000UL
+#define RAWIP_SOCKET__RECVFROM 0x00080000UL
+#define RAWIP_SOCKET__GETATTR 0x00000020UL
+
+#define NODE__TCP_RECV 0x00000001UL
+#define NODE__TCP_SEND 0x00000002UL
+#define NODE__UDP_RECV 0x00000004UL
+#define NODE__UDP_SEND 0x00000008UL
+#define NODE__RAWIP_RECV 0x00000010UL
+#define NODE__RAWIP_SEND 0x00000020UL
+#define NODE__ENFORCE_DEST 0x00000040UL
+
+#define NETIF__GETATTR 0x00000001UL
+#define NETIF__SETATTR 0x00000002UL
+#define NETIF__TCP_RECV 0x00000004UL
+#define NETIF__TCP_SEND 0x00000008UL
+#define NETIF__UDP_RECV 0x00000010UL
+#define NETIF__UDP_SEND 0x00000020UL
+#define NETIF__RAWIP_RECV 0x00000040UL
+#define NETIF__RAWIP_SEND 0x00000080UL
+
+#define NETLINK_SOCKET__RELABELTO 0x00000200UL
+#define NETLINK_SOCKET__RECV_MSG 0x00200000UL
+#define NETLINK_SOCKET__RELABELFROM 0x00000100UL
+#define NETLINK_SOCKET__SETOPT 0x00020000UL
+#define NETLINK_SOCKET__APPEND 0x00000800UL
+#define NETLINK_SOCKET__SETATTR 0x00000040UL
+#define NETLINK_SOCKET__SENDTO 0x00100000UL
+#define NETLINK_SOCKET__GETOPT 0x00010000UL
+#define NETLINK_SOCKET__TRANSITION 0x00000400UL
+#define NETLINK_SOCKET__READ 0x00000004UL
+#define NETLINK_SOCKET__POLL 0x00000001UL
+#define NETLINK_SOCKET__SHUTDOWN 0x00040000UL
+#define NETLINK_SOCKET__LISTEN 0x00004000UL
+#define NETLINK_SOCKET__BIND 0x00001000UL
+#define NETLINK_SOCKET__WRITE 0x00000008UL
+#define NETLINK_SOCKET__ACCEPT 0x00008000UL
+#define NETLINK_SOCKET__CONNECT 0x00002000UL
+#define NETLINK_SOCKET__LOCK 0x00000080UL
+#define NETLINK_SOCKET__IOCTL 0x00000002UL
+#define NETLINK_SOCKET__CREATE 0x00000010UL
+#define NETLINK_SOCKET__NAME_BIND 0x00800000UL
+#define NETLINK_SOCKET__SEND_MSG 0x00400000UL
+#define NETLINK_SOCKET__RECVFROM 0x00080000UL
+#define NETLINK_SOCKET__GETATTR 0x00000020UL
+
+#define PACKET_SOCKET__RELABELTO 0x00000200UL
+#define PACKET_SOCKET__RECV_MSG 0x00200000UL
+#define PACKET_SOCKET__RELABELFROM 0x00000100UL
+#define PACKET_SOCKET__SETOPT 0x00020000UL
+#define PACKET_SOCKET__APPEND 0x00000800UL
+#define PACKET_SOCKET__SETATTR 0x00000040UL
+#define PACKET_SOCKET__SENDTO 0x00100000UL
+#define PACKET_SOCKET__GETOPT 0x00010000UL
+#define PACKET_SOCKET__TRANSITION 0x00000400UL
+#define PACKET_SOCKET__READ 0x00000004UL
+#define PACKET_SOCKET__POLL 0x00000001UL
+#define PACKET_SOCKET__SHUTDOWN 0x00040000UL
+#define PACKET_SOCKET__LISTEN 0x00004000UL
+#define PACKET_SOCKET__BIND 0x00001000UL
+#define PACKET_SOCKET__WRITE 0x00000008UL
+#define PACKET_SOCKET__ACCEPT 0x00008000UL
+#define PACKET_SOCKET__CONNECT 0x00002000UL
+#define PACKET_SOCKET__LOCK 0x00000080UL
+#define PACKET_SOCKET__IOCTL 0x00000002UL
+#define PACKET_SOCKET__CREATE 0x00000010UL
+#define PACKET_SOCKET__NAME_BIND 0x00800000UL
+#define PACKET_SOCKET__SEND_MSG 0x00400000UL
+#define PACKET_SOCKET__RECVFROM 0x00080000UL
+#define PACKET_SOCKET__GETATTR 0x00000020UL
+
+#define KEY_SOCKET__RELABELTO 0x00000200UL
+#define KEY_SOCKET__RECV_MSG 0x00200000UL
+#define KEY_SOCKET__RELABELFROM 0x00000100UL
+#define KEY_SOCKET__SETOPT 0x00020000UL
+#define KEY_SOCKET__APPEND 0x00000800UL
+#define KEY_SOCKET__SETATTR 0x00000040UL
+#define KEY_SOCKET__SENDTO 0x00100000UL
+#define KEY_SOCKET__GETOPT 0x00010000UL
+#define KEY_SOCKET__TRANSITION 0x00000400UL
+#define KEY_SOCKET__READ 0x00000004UL
+#define KEY_SOCKET__POLL 0x00000001UL
+#define KEY_SOCKET__SHUTDOWN 0x00040000UL
+#define KEY_SOCKET__LISTEN 0x00004000UL
+#define KEY_SOCKET__BIND 0x00001000UL
+#define KEY_SOCKET__WRITE 0x00000008UL
+#define KEY_SOCKET__ACCEPT 0x00008000UL
+#define KEY_SOCKET__CONNECT 0x00002000UL
+#define KEY_SOCKET__LOCK 0x00000080UL
+#define KEY_SOCKET__IOCTL 0x00000002UL
+#define KEY_SOCKET__CREATE 0x00000010UL
+#define KEY_SOCKET__NAME_BIND 0x00800000UL
+#define KEY_SOCKET__SEND_MSG 0x00400000UL
+#define KEY_SOCKET__RECVFROM 0x00080000UL
+#define KEY_SOCKET__GETATTR 0x00000020UL
+
+#define UNIX_STREAM_SOCKET__RELABELTO 0x00000200UL
+#define UNIX_STREAM_SOCKET__RECV_MSG 0x00200000UL
+#define UNIX_STREAM_SOCKET__RELABELFROM 0x00000100UL
+#define UNIX_STREAM_SOCKET__SETOPT 0x00020000UL
+#define UNIX_STREAM_SOCKET__APPEND 0x00000800UL
+#define UNIX_STREAM_SOCKET__SETATTR 0x00000040UL
+#define UNIX_STREAM_SOCKET__SENDTO 0x00100000UL
+#define UNIX_STREAM_SOCKET__GETOPT 0x00010000UL
+#define UNIX_STREAM_SOCKET__TRANSITION 0x00000400UL
+#define UNIX_STREAM_SOCKET__READ 0x00000004UL
+#define UNIX_STREAM_SOCKET__POLL 0x00000001UL
+#define UNIX_STREAM_SOCKET__SHUTDOWN 0x00040000UL
+#define UNIX_STREAM_SOCKET__LISTEN 0x00004000UL
+#define UNIX_STREAM_SOCKET__BIND 0x00001000UL
+#define UNIX_STREAM_SOCKET__WRITE 0x00000008UL
+#define UNIX_STREAM_SOCKET__ACCEPT 0x00008000UL
+#define UNIX_STREAM_SOCKET__CONNECT 0x00002000UL
+#define UNIX_STREAM_SOCKET__LOCK 0x00000080UL
+#define UNIX_STREAM_SOCKET__IOCTL 0x00000002UL
+#define UNIX_STREAM_SOCKET__CREATE 0x00000010UL
+#define UNIX_STREAM_SOCKET__NAME_BIND 0x00800000UL
+#define UNIX_STREAM_SOCKET__SEND_MSG 0x00400000UL
+#define UNIX_STREAM_SOCKET__RECVFROM 0x00080000UL
+#define UNIX_STREAM_SOCKET__GETATTR 0x00000020UL
+
+#define UNIX_STREAM_SOCKET__CONNECTTO 0x01000000UL
+#define UNIX_STREAM_SOCKET__NEWCONN 0x02000000UL
+#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x04000000UL
+
+#define UNIX_DGRAM_SOCKET__RELABELTO 0x00000200UL
+#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00200000UL
+#define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000100UL
+#define UNIX_DGRAM_SOCKET__SETOPT 0x00020000UL
+#define UNIX_DGRAM_SOCKET__APPEND 0x00000800UL
+#define UNIX_DGRAM_SOCKET__SETATTR 0x00000040UL
+#define UNIX_DGRAM_SOCKET__SENDTO 0x00100000UL
+#define UNIX_DGRAM_SOCKET__GETOPT 0x00010000UL
+#define UNIX_DGRAM_SOCKET__TRANSITION 0x00000400UL
+#define UNIX_DGRAM_SOCKET__READ 0x00000004UL
+#define UNIX_DGRAM_SOCKET__POLL 0x00000001UL
+#define UNIX_DGRAM_SOCKET__SHUTDOWN 0x00040000UL
+#define UNIX_DGRAM_SOCKET__LISTEN 0x00004000UL
+#define UNIX_DGRAM_SOCKET__BIND 0x00001000UL
+#define UNIX_DGRAM_SOCKET__WRITE 0x00000008UL
+#define UNIX_DGRAM_SOCKET__ACCEPT 0x00008000UL
+#define UNIX_DGRAM_SOCKET__CONNECT 0x00002000UL
+#define UNIX_DGRAM_SOCKET__LOCK 0x00000080UL
+#define UNIX_DGRAM_SOCKET__IOCTL 0x00000002UL
+#define UNIX_DGRAM_SOCKET__CREATE 0x00000010UL
+#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00800000UL
+#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00400000UL
+#define UNIX_DGRAM_SOCKET__RECVFROM 0x00080000UL
+#define UNIX_DGRAM_SOCKET__GETATTR 0x00000020UL
+
+#define PROCESS__FORK 0x00000001UL
+#define PROCESS__TRANSITION 0x00000002UL
+#define PROCESS__SIGCHLD 0x00000004UL
+#define PROCESS__SIGKILL 0x00000008UL
+#define PROCESS__SIGSTOP 0x00000010UL
+#define PROCESS__SIGNAL 0x00000020UL
+#define PROCESS__PTRACE 0x00000040UL
+#define PROCESS__GETSCHED 0x00000080UL
+#define PROCESS__SETSCHED 0x00000100UL
+#define PROCESS__GETSESSION 0x00000200UL
+#define PROCESS__GETPGID 0x00000400UL
+#define PROCESS__SETPGID 0x00000800UL
+#define PROCESS__GETCAP 0x00001000UL
+#define PROCESS__SETCAP 0x00002000UL
+#define PROCESS__SHARE 0x00004000UL
+
+#define IPC__SETATTR 0x00000008UL
+#define IPC__READ 0x00000010UL
+#define IPC__ASSOCIATE 0x00000040UL
+#define IPC__DESTROY 0x00000002UL
+#define IPC__UNIX_WRITE 0x00000100UL
+#define IPC__CREATE 0x00000001UL
+#define IPC__UNIX_READ 0x00000080UL
+#define IPC__GETATTR 0x00000004UL
+#define IPC__WRITE 0x00000020UL
+
+#define SEM__SETATTR 0x00000008UL
+#define SEM__READ 0x00000010UL
+#define SEM__ASSOCIATE 0x00000040UL
+#define SEM__DESTROY 0x00000002UL
+#define SEM__UNIX_WRITE 0x00000100UL
+#define SEM__CREATE 0x00000001UL
+#define SEM__UNIX_READ 0x00000080UL
+#define SEM__GETATTR 0x00000004UL
+#define SEM__WRITE 0x00000020UL
+
+#define MSGQ__SETATTR 0x00000008UL
+#define MSGQ__READ 0x00000010UL
+#define MSGQ__ASSOCIATE 0x00000040UL
+#define MSGQ__DESTROY 0x00000002UL
+#define MSGQ__UNIX_WRITE 0x00000100UL
+#define MSGQ__CREATE 0x00000001UL
+#define MSGQ__UNIX_READ 0x00000080UL
+#define MSGQ__GETATTR 0x00000004UL
+#define MSGQ__WRITE 0x00000020UL
+
+#define MSGQ__ENQUEUE 0x00000200UL
+
+#define MSG__SEND 0x00000001UL
+#define MSG__RECEIVE 0x00000002UL
+
+#define SHM__SETATTR 0x00000008UL
+#define SHM__READ 0x00000010UL
+#define SHM__ASSOCIATE 0x00000040UL
+#define SHM__DESTROY 0x00000002UL
+#define SHM__UNIX_WRITE 0x00000100UL
+#define SHM__CREATE 0x00000001UL
+#define SHM__UNIX_READ 0x00000080UL
+#define SHM__GETATTR 0x00000004UL
+#define SHM__WRITE 0x00000020UL
+
+#define SHM__LOCK 0x00000200UL
+
+#define SECURITY__COMPUTE_AV 0x00000001UL
+#define SECURITY__NOTIFY_PERM 0x00000002UL
+#define SECURITY__TRANSITION_SID 0x00000004UL
+#define SECURITY__MEMBER_SID 0x00000008UL
+#define SECURITY__SID_TO_CONTEXT 0x00000010UL
+#define SECURITY__CONTEXT_TO_SID 0x00000020UL
+#define SECURITY__LOAD_POLICY 0x00000040UL
+#define SECURITY__GET_SIDS 0x00000080UL
+#define SECURITY__REGISTER_AVC 0x00000100UL
+#define SECURITY__CHANGE_SID 0x00000200UL
+#define SECURITY__GET_USER_SIDS 0x00000400UL
+
+#define SYSTEM__NET_IO_CONTROL 0x00000001UL
+#define SYSTEM__ROUTE_CONTROL 0x00000002UL
+#define SYSTEM__ARP_CONTROL 0x00000004UL
+#define SYSTEM__RARP_CONTROL 0x00000008UL
+#define SYSTEM__IPC_INFO 0x00000010UL
+#define SYSTEM__AVC_TOGGLE 0x00000020UL
+#define SYSTEM__NFSD_CONTROL 0x00000040UL
+#define SYSTEM__BDFLUSH 0x00000080UL
+#define SYSTEM__SYSLOG_READ 0x00000100UL
+#define SYSTEM__SYSLOG_MOD 0x00000200UL
+#define SYSTEM__SYSLOG_CONSOLE 0x00000400UL
+
+#define CAPABILITY__CHOWN 0x00000001UL
+#define CAPABILITY__DAC_OVERRIDE 0x00000002UL
+#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL
+#define CAPABILITY__FOWNER 0x00000008UL
+#define CAPABILITY__FSETID 0x00000010UL
+#define CAPABILITY__KILL 0x00000020UL
+#define CAPABILITY__SETGID 0x00000040UL
+#define CAPABILITY__SETUID 0x00000080UL
+#define CAPABILITY__SETPCAP 0x00000100UL
+#define CAPABILITY__LINUX_IMMUTABLE 0x00000200UL
+#define CAPABILITY__NET_BIND_SERVICE 0x00000400UL
+#define CAPABILITY__NET_BROADCAST 0x00000800UL
+#define CAPABILITY__NET_ADMIN 0x00001000UL
+#define CAPABILITY__NET_RAW 0x00002000UL
+#define CAPABILITY__IPC_LOCK 0x00004000UL
+#define CAPABILITY__IPC_OWNER 0x00008000UL
+#define CAPABILITY__SYS_MODULE 0x00010000UL
+#define CAPABILITY__SYS_RAWIO 0x00020000UL
+#define CAPABILITY__SYS_CHROOT 0x00040000UL
+#define CAPABILITY__SYS_PTRACE 0x00080000UL
+#define CAPABILITY__SYS_PACCT 0x00100000UL
+#define CAPABILITY__SYS_ADMIN 0x00200000UL
+#define CAPABILITY__SYS_BOOT 0x00400000UL
+#define CAPABILITY__SYS_NICE 0x00800000UL
+#define CAPABILITY__SYS_RESOURCE 0x01000000UL
+#define CAPABILITY__SYS_TIME 0x02000000UL
+#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL
+#define CAPABILITY__MKNOD 0x08000000UL
+#define CAPABILITY__LEASE 0x10000000UL
+
+
+/* FLASK */
diff --minimal -Nru a/security/selinux/include/linux/flask/avc.h b/security/selinux/include/linux/flask/avc.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/avc.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,332 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com>
+ *
+ * The access vector cache was originally written while I was employed by NSA,
+ * and has undergone some revisions since I joined NAI Labs, but is largely
+ * unchanged.
+ */
+
+#ifndef _LINUX_AVC_H_
+#define _LINUX_AVC_H_
+
+/*
+ * Access vector cache interface for object managers
+ */
+
+#include <linux/flask/flask.h>
+#include <linux/flask/av_permissions.h>
+#include <linux/flask/security.h>
+#include <linux/stddef.h>
+#include <linux/errno.h>
+#include <linux/kernel.h>
+#include <linux/kdev_t.h>
+#include <linux/spinlock.h>
+#include <asm/system.h>
+
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+extern int avc_debug_always_allow;
+#endif
+
+
+/*
+ * An entry in the AVC.
+ */
+typedef struct avc_entry {
+ security_id_t ssid;
+ security_id_t tsid;
+ security_class_t tclass;
+ access_vector_t allowed;
+ access_vector_t decided;
+ access_vector_t auditallow;
+ access_vector_t auditdeny;
+ int used; /* used recently */
+} avc_entry_t;
+
+
+/*
+ * A reference to an AVC entry.
+ */
+typedef struct avc_entry_ref {
+ avc_entry_t *ae;
+} avc_entry_ref_t;
+
+#define AVC_ENTRY_REF_NULL { NULL }
+
+/* Initialize an AVC entry reference before first use. */
+#define AVC_ENTRY_REF_INIT(h) { (h)->ae = NULL; }
+
+#define AVC_ENTRY_REF_CPY(dst,src) (dst)->ae = (src)->ae
+
+
+struct dentry;
+struct inode;
+struct sock;
+struct sk_buff;
+
+typedef struct avc_audit_data {
+ char type;
+#define AVC_AUDIT_DATA_FS 1
+#define AVC_AUDIT_DATA_NET 2
+#define AVC_AUDIT_DATA_CAP 3
+#define AVC_AUDIT_DATA_IPC 4
+ union {
+ struct {
+ struct dentry *dentry;
+ struct inode *inode;
+ } fs;
+ struct {
+ char *netif;
+ struct sk_buff *skb;
+ struct sock *sk;
+ __u16 port;
+ __u32 daddr;
+ } net;
+ int cap;
+ int ipc_id;
+ } u;
+} avc_audit_data_t;
+
+/* Initialize an AVC audit data structure. */
+#define AVC_AUDIT_DATA_INIT(_d,_t) \
+ { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
+
+
+extern spinlock_t avc_lock;
+
+
+/*
+ * AVC statistics
+ */
+#define AVC_ENTRY_LOOKUPS 0
+#define AVC_ENTRY_HITS 1
+#define AVC_ENTRY_MISSES 2
+#define AVC_ENTRY_DISCARDS 3
+#define AVC_CAV_LOOKUPS 4
+#define AVC_CAV_HITS 5
+#define AVC_CAV_PROBES 6
+#define AVC_CAV_MISSES 7
+#define AVC_NSTATS 8
+extern unsigned avc_cache_stats[AVC_NSTATS];
+void avc_dump_stats(char *tag);
+
+#ifdef AVC_CACHE_STATS
+#define avc_cache_stats_incr(x) avc_cache_stats[(x)]++
+#define avc_cache_stats_add(x,y) avc_cache_stats[(x)] += (y)
+#else
+#define avc_cache_stats_incr(x)
+#define avc_cache_stats_add(x,y)
+#endif
+
+
+/*
+ * AVC display support
+ */
+void avc_dump_av(
+ security_class_t tclass, /* IN */
+ access_vector_t av); /* IN */
+
+void avc_dump_query(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass); /* IN */
+
+void avc_dump_cache(char *tag);
+
+
+/*
+ * AVC operations
+ */
+
+/* Initialize the AVC */
+void avc_init(void);
+
+/*
+ * Look up an AVC entry that is valid for the
+ * `requested' permissions between the SID pair
+ * (`ssid', `tsid'), interpreting the permissions
+ * based on `tclass'. If a valid AVC entry exists,
+ * then this function updates `aeref' to refer to the
+ * entry and returns 0. Otherwise, this function
+ * returns -ENOENT.
+ */
+int avc_lookup(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t requested, /* IN */
+ avc_entry_ref_t *aeref); /* OUT */
+
+/*
+ * Insert an AVC entry for the SID pair
+ * (`ssid', `tsid') and class `tclass'.
+ * The access vectors and the sequence number are
+ * normally provided by the security server in
+ * response to a security_compute_av call. If the
+ * sequence number `seqno' is not less than the latest
+ * revocation notification, then the function copies
+ * the access vectors into a cache entry, updates
+ * `aeref' to refer to the entry, and returns 0.
+ * Otherwise, this function returns -EAGAIN.
+ */
+int avc_insert(security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ struct avc_entry *ae, /* IN */
+ __u32 seqno, /* IN */
+ avc_entry_ref_t *out_aeref); /* OUT */
+
+
+/* Audit the checking of permissions */
+#define AVC_AUDITALLOW 0
+#define AVC_AUDITDENY 1
+void avc_audit(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ struct avc_entry *ae, /* IN */
+ __u32 denied, /* IN */
+ avc_audit_data_t *auditdata); /* IN */
+
+/*
+ * Check permissions using an AVC entry ref.
+ *
+ * If the ref is null or the underlying AVC entry has been invalidated
+ * or the underlying AVC entry does not contain all the requested
+ * decisions, then this code falls through to avc_lookup. In
+ * this case, the AVC entry ref will be updated appropriately.
+ */
+static inline int avc_has_perm_ref_audit(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t requested, /* IN */
+ avc_entry_ref_t *aeref, /* IN */
+ avc_audit_data_t *auditdata) /* IN */
+{
+ struct avc_entry *ae;
+ int rc;
+ unsigned long flags;
+ struct avc_entry entry;
+ __u32 seqno;
+
+ spin_lock_irqsave(&avc_lock, flags);
+ avc_cache_stats_incr(AVC_ENTRY_LOOKUPS);
+ ae = aeref->ae;
+ if (ae) {
+ if (ae->ssid == ssid &&
+ ae->tsid == tsid &&
+ ae->tclass == tclass &&
+ ((ae->decided & requested) == requested)) {
+ avc_cache_stats_incr(AVC_ENTRY_HITS);
+ ae->used = 1;
+ } else {
+ avc_cache_stats_incr(AVC_ENTRY_DISCARDS);
+ ae = 0;
+ }
+ }
+
+ if (!ae) {
+ avc_cache_stats_incr(AVC_ENTRY_MISSES);
+ rc = avc_lookup(ssid, tsid, tclass, requested, aeref);
+ if (rc) {
+ spin_unlock_irqrestore(&avc_lock,flags);
+ rc = security_compute_av(ssid,tsid,tclass,requested,
+ &entry.allowed,
+ &entry.decided,
+ &entry.auditallow,
+ &entry.auditdeny,
+ &seqno);
+ if (rc)
+ return rc;
+ spin_lock_irqsave(&avc_lock, flags);
+ rc = avc_insert(ssid,tsid,tclass,&entry,seqno,aeref);
+ if (rc) {
+ spin_unlock_irqrestore(&avc_lock,flags);
+ return rc;
+ }
+ }
+ ae = aeref->ae;
+ }
+
+ if ((requested & ae->allowed) != requested) {
+ if (requested & ae->auditdeny)
+ avc_audit(ssid, tsid, tclass, requested & ~(ae->allowed), ae,
+ AVC_AUDITDENY, auditdata);
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+ if (avc_debug_always_allow) {
+ ae->allowed |= requested;
+ spin_unlock_irqrestore(&avc_lock,flags);
+ return 0;
+ } else {
+ spin_unlock_irqrestore(&avc_lock,flags);
+ return -EACCES;
+ }
+#else
+ spin_unlock_irqrestore(&avc_lock,flags);
+ return -EACCES;
+#endif
+ }
+
+ if (requested & ae->auditallow)
+ avc_audit(ssid, tsid, tclass, requested, ae,
+ AVC_AUDITALLOW, auditdata);
+
+ spin_unlock_irqrestore(&avc_lock,flags);
+ return 0;
+}
+
+#define avc_has_perm_ref(ssid,tsid,tclass,requested,aeref) \
+ avc_has_perm_ref_audit(ssid,tsid,tclass,requested,aeref,0)
+
+
+/* Check permissions */
+static inline int avc_has_perm_audit(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t requested, /* IN */
+ avc_audit_data_t *auditdata) /* IN */
+{
+ avc_entry_ref_t ref;
+ AVC_ENTRY_REF_INIT(&ref);
+ return avc_has_perm_ref_audit(ssid,tsid,tclass,requested,&ref,auditdata);
+}
+
+#define avc_has_perm(ssid,tsid,tclass,requested) \
+ avc_has_perm_audit(ssid,tsid,tclass,requested,0)
+
+#define AVC_CALLBACK_GRANT 1
+#define AVC_CALLBACK_TRY_REVOKE 2
+#define AVC_CALLBACK_REVOKE 4
+#define AVC_CALLBACK_RESET 8
+#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
+#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
+#define AVC_CALLBACK_AUDITDENY_ENABLE 64
+#define AVC_CALLBACK_AUDITDENY_DISABLE 128
+
+/*
+ * Register a callback for events in the set `events'
+ * related to the SID pair (`ssid', `tsid') and
+ * and the permissions `perms', interpreting
+ * `perms' based on `tclass'.
+ */
+int avc_add_callback(int (*callback)(__u32 event,
+ security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t *out_retained),
+ __u32 events,
+ security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms);
+
+extern long sys_avc_toggle(void);
+
+#endif /* _LINUX_AVC_H_ */
+
diff --minimal -Nru a/security/selinux/include/linux/flask/avc_ss.h b/security/selinux/include/linux/flask/avc_ss.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/avc_ss.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,84 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com>
+ *
+ * The access vector cache was originally written while I was employed by NSA,
+ * and has undergone some revisions since I joined NAI Labs, but is largely
+ * unchanged.
+ */
+
+#ifndef _LINUX_AVC_SS_H_
+#define _LINUX_AVC_SS_H_
+
+/*
+ * Access vector cache interface for the security server
+ */
+
+#include <linux/flask/flask.h>
+
+/*
+ * Any of the SID parameters may be wildcarded,
+ * in which case the operation is applied to all
+ * matching entries in the AVC.
+ */
+
+/* Grant previously denied permissions */
+int avc_ss_grant(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno); /* IN */
+
+/*
+ * Try to revoke previously granted permissions, but
+ * only if they are not retained as migrated permissions.
+ * Return the subset of permissions that are retained.
+ */
+int avc_ss_try_revoke(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno, /* IN */
+ access_vector_t *out_retained); /* OUT */
+
+/*
+ * Revoke previously granted permissions, even if
+ * they are retained as migrated permissions.
+ */
+int avc_ss_revoke(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno); /* IN */
+
+/*
+ * Flush the cache and revalidate all migrated permissions.
+ */
+int avc_ss_reset(__u32 seqno);
+
+
+/* Enable or disable auditing of granted permissions */
+int avc_ss_set_auditallow(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno, /* IN */
+ __u32 enable);
+
+/* Enable or disable auditing of denied permissions */
+int avc_ss_set_auditdeny(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t perms, /* IN */
+ __u32 seqno, /* IN */
+ __u32 enable);
+
+#endif /* _LINUX_AVC_SS_H_ */
+
diff --minimal -Nru a/security/selinux/include/linux/flask/class_to_string.h b/security/selinux/include/linux/flask/class_to_string.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/class_to_string.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,38 @@
+/* This file is automatically generated. Do not edit. */
+/*
+ * Security object class definitions
+ */
+static char *class_to_string[] =
+{
+ "null",
+ "security",
+ "process",
+ "system",
+ "capability",
+ "filesystem",
+ "file",
+ "dir",
+ "fd",
+ "lnk_file",
+ "chr_file",
+ "blk_file",
+ "sock_file",
+ "fifo_file",
+ "socket",
+ "tcp_socket",
+ "udp_socket",
+ "rawip_socket",
+ "node",
+ "netif",
+ "netlink_socket",
+ "packet_socket",
+ "key_socket",
+ "unix_stream_socket",
+ "unix_dgram_socket",
+ "sem",
+ "msg",
+ "msgq",
+ "shm",
+ "ipc",
+};
+
diff --minimal -Nru a/security/selinux/include/linux/flask/common_perm_to_string.h b/security/selinux/include/linux/flask/common_perm_to_string.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/common_perm_to_string.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,70 @@
+/* This file is automatically generated. Do not edit. */
+/* FLASK */
+
+static char *common_file_perm_to_string[] =
+{
+ "poll",
+ "ioctl",
+ "read",
+ "write",
+ "create",
+ "getattr",
+ "setattr",
+ "lock",
+ "relabelfrom",
+ "relabelto",
+ "transition",
+ "append",
+ "access",
+ "unlink",
+ "link",
+ "rename",
+ "execute",
+ "swapon",
+ "quotaon",
+ "mounton",
+};
+
+static char *common_socket_perm_to_string[] =
+{
+ "poll",
+ "ioctl",
+ "read",
+ "write",
+ "create",
+ "getattr",
+ "setattr",
+ "lock",
+ "relabelfrom",
+ "relabelto",
+ "transition",
+ "append",
+ "bind",
+ "connect",
+ "listen",
+ "accept",
+ "getopt",
+ "setopt",
+ "shutdown",
+ "recvfrom",
+ "sendto",
+ "recv_msg",
+ "send_msg",
+ "name_bind",
+};
+
+static char *common_ipc_perm_to_string[] =
+{
+ "create",
+ "destroy",
+ "getattr",
+ "setattr",
+ "read",
+ "write",
+ "associate",
+ "unix_read",
+ "unix_write",
+};
+
+
+/* FLASK */
diff --minimal -Nru a/security/selinux/include/linux/flask/flask.h b/security/selinux/include/linux/flask/flask.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/flask.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,77 @@
+/* This file is automatically generated. Do not edit. */
+#ifndef _LINUX_FLASK_H_
+#define _LINUX_FLASK_H_
+
+#include <linux/flask/flask_types.h>
+
+/*
+ * Security object class definitions
+ */
+#define SECCLASS_SECURITY 1
+#define SECCLASS_PROCESS 2
+#define SECCLASS_SYSTEM 3
+#define SECCLASS_CAPABILITY 4
+#define SECCLASS_FILESYSTEM 5
+#define SECCLASS_FILE 6
+#define SECCLASS_DIR 7
+#define SECCLASS_FD 8
+#define SECCLASS_LNK_FILE 9
+#define SECCLASS_CHR_FILE 10
+#define SECCLASS_BLK_FILE 11
+#define SECCLASS_SOCK_FILE 12
+#define SECCLASS_FIFO_FILE 13
+#define SECCLASS_SOCKET 14
+#define SECCLASS_TCP_SOCKET 15
+#define SECCLASS_UDP_SOCKET 16
+#define SECCLASS_RAWIP_SOCKET 17
+#define SECCLASS_NODE 18
+#define SECCLASS_NETIF 19
+#define SECCLASS_NETLINK_SOCKET 20
+#define SECCLASS_PACKET_SOCKET 21
+#define SECCLASS_KEY_SOCKET 22
+#define SECCLASS_UNIX_STREAM_SOCKET 23
+#define SECCLASS_UNIX_DGRAM_SOCKET 24
+#define SECCLASS_SEM 25
+#define SECCLASS_MSG 26
+#define SECCLASS_MSGQ 27
+#define SECCLASS_SHM 28
+#define SECCLASS_IPC 29
+
+/*
+ * Security identifier indices for initial entities
+ */
+#define SECINITSID_KERNEL 1
+#define SECINITSID_SECURITY 2
+#define SECINITSID_UNLABELED 3
+#define SECINITSID_FS 4
+#define SECINITSID_FILE 5
+#define SECINITSID_FILE_LABELS 6
+#define SECINITSID_INIT 7
+#define SECINITSID_PROC 8
+#define SECINITSID_ANY_SOCKET 9
+#define SECINITSID_PORT 10
+#define SECINITSID_NETIF 11
+#define SECINITSID_NETMSG 12
+#define SECINITSID_NODE 13
+#define SECINITSID_ICMP_SOCKET 14
+#define SECINITSID_TCP_SOCKET 15
+#define SECINITSID_PROC_KMSG 16
+#define SECINITSID_PROC_KCORE 17
+#define SECINITSID_SYSCTL_MODPROBE 18
+#define SECINITSID_SYSCTL 19
+#define SECINITSID_SYSCTL_FS 20
+#define SECINITSID_SYSCTL_KERNEL 21
+#define SECINITSID_SYSCTL_NET 22
+#define SECINITSID_SYSCTL_NET_UNIX 23
+#define SECINITSID_SYSCTL_VM 24
+#define SECINITSID_SYSCTL_DEV 25
+#define SECINITSID_KMOD 26
+#define SECINITSID_DEVPTS 27
+#define SECINITSID_NFS 28
+#define SECINITSID_POLICY 29
+#define SECINITSID_TMPFS 30
+#define SECINITSID_DEVFS 31
+
+#define SECINITSID_NUM 31
+
+#endif
diff --minimal -Nru a/security/selinux/include/linux/flask/flask_types.h b/security/selinux/include/linux/flask/flask_types.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/flask_types.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,115 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com>
+ *
+ * This file was originally written while I was employed by NSA.
+ * It is mostly unchanged, except for the SAFE_ALLOC definition
+ * and safe_down/up functions added for the SELinux security module.
+ * They don't really belong here and should be moved somewhere else.
+ */
+
+#ifndef _LINUX_FLASK_TYPES_H_
+#define _LINUX_FLASK_TYPES_H_
+
+/*
+ * The basic Flask types and constants.
+ */
+
+#include <asm/types.h>
+
+/*
+ * A security context is a set of security attributes
+ * associated with each subject and object controlled
+ * by the security policy. The security context type
+ * is defined as a variable-length string that can be
+ * interpreted by any application or user with an
+ * understanding of the security policy.
+ */
+typedef char* security_context_t;
+
+/*
+ * A security identifier (SID) is a fixed-size value
+ * that is mapped by the security server to a
+ * particular security context. The SID mapping
+ * cannot be assumed to be consistent either across
+ * executions (reboots) of the security server or
+ * across security servers on different nodes.
+ *
+ * Certain SIDs (specified in flask/initial_sids) are
+ * predefined for system initialization. The corresponding
+ * constants are defined in the automatically generated
+ * header file flask.h.
+ */
+typedef __u32 security_id_t;
+#define SECSID_NULL 0x00000000 /* unspecified SID */
+#define SECSID_WILD 0xFFFFFFFF /* wildcard SID */
+
+/*
+ * An access vector (AV) is a collection of related permissions
+ * for a pair of SIDs. The bits within an access vector
+ * are interpreted differently depending on the class of
+ * the object. The access vector interpretations are specified
+ * in flask/access_vectors, and the corresponding constants
+ * for permissions are defined in the automatically generated
+ * header file av_permissions.h.
+ */
+typedef __u32 access_vector_t;
+
+/*
+ * Each object class is identified by a fixed-size value.
+ * The set of security classes is specified in flask/security_classes,
+ * with the corresponding constants defined in the automatically
+ * generated header file flask.h.
+ */
+typedef __u16 security_class_t;
+#define SECCLASS_NULL 0x0000 /* no class */
+
+/*
+ * A persistent security identifier (PSID) is a fixed-size
+ * value that is assigned by the file system component
+ * to each security context associated with an object
+ * in the file system. A separate PSID mapping is
+ * maintained for each file system.
+ */
+typedef __u32 psid_t;
+struct psidtab;
+
+#define CUR_SID current->sid
+
+#ifdef __KERNEL__
+#include <linux/sched.h>
+#include <linux/spinlock.h>
+#include <linux/interrupt.h>
+#include <asm/semaphore.h>
+
+/*
+ * Use this for memory allocation flags (e.g. for kmalloc()) when the
+ * interrupt state is unknown.
+ */
+#define SAFE_ALLOC (in_interrupt () ? GFP_ATOMIC : GFP_KERNEL)
+
+/*
+ * Use these for semaphores when the interrupt state is unknown.
+ */
+
+static inline int safe_down(struct semaphore *sem)
+{
+ if (in_interrupt()) {
+ if (down_trylock(sem))
+ return -EAGAIN;
+ } else {
+ down(sem);
+ }
+ return 0;
+}
+
+static inline void safe_up(struct semaphore *sem)
+{
+ up(sem);
+}
+#endif
+
+#endif
+
diff --minimal -Nru a/security/selinux/include/linux/flask/initial_sid_to_string.h b/security/selinux/include/linux/flask/initial_sid_to_string.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/initial_sid_to_string.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,37 @@
+/* This file is automatically generated. Do not edit. */
+static char *initial_sid_to_string[] =
+{
+ "null",
+ "kernel",
+ "security",
+ "unlabeled",
+ "fs",
+ "file",
+ "file_labels",
+ "init",
+ "proc",
+ "any_socket",
+ "port",
+ "netif",
+ "netmsg",
+ "node",
+ "icmp_socket",
+ "tcp_socket",
+ "proc_kmsg",
+ "proc_kcore",
+ "sysctl_modprobe",
+ "sysctl",
+ "sysctl_fs",
+ "sysctl_kernel",
+ "sysctl_net",
+ "sysctl_net_unix",
+ "sysctl_vm",
+ "sysctl_dev",
+ "kmod",
+ "devpts",
+ "nfs",
+ "policy",
+ "tmpfs",
+ "devfs",
+};
+
diff --minimal -Nru a/security/selinux/include/linux/flask/psid.h b/security/selinux/include/linux/flask/psid.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/psid.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,87 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com>
+ *
+ * The persistent label mapping was originally written while I was
+ * employed by NSA, but I modified it after joining NAI Labs for
+ * the new LSM-based SELinux prototype to maintain the inode-to-PSID
+ * mapping in a regular file rather than using a spare field in the
+ * on-disk inode, since LSM does not provide filesystem-specific hooks.
+ * I've also made other minor revisions, including bug fixes.
+ */
+
+#ifndef _LINUX_FLASK_PSID_H_
+#define _LINUX_FLASK_PSID_H_
+
+/*
+ * Persistent label mappings.
+ */
+
+#include <linux/types.h>
+#include <linux/flask/flask.h>
+#include <linux/fs.h>
+
+/*
+ * Initialize the PSID mapping on the file system `sb'.
+ * If `sb' is an unlabeled file system and it is being
+ * mounted read-write, then create a new PSID mapping
+ * on it.
+ */
+int psid_init(struct super_block *sb);
+
+/*
+ * If `sb' is an unlabeled file system that was
+ * originally mounted read-only and is now being
+ * remounted read-write, then create a new PSID mapping
+ * on it.
+ */
+int psid_remount(struct super_block *sb);
+
+/*
+ * Free any memory and release any files used for
+ * the PSID mapping of `sb'.
+ */
+void psid_release(struct super_block *sb);
+
+/*
+ * Look up the PSID of `inode' in the PSID mapping
+ * and return the SID for the corresponding
+ * security context.
+ */
+int psid_to_sid(
+ struct inode *inode, security_id_t *out_sid);
+
+/*
+ * Look up the security context associated with the
+ * SID `sid' in the PSID mapping and set the PSID
+ * for the inode accordingly. If no PSID exists in
+ * the PSID mapping for the security context, then
+ * allocate a new PSID and assign it to the security
+ * context.
+ */
+int sid_to_psid(
+ struct inode *inode,
+ security_id_t sid);
+
+/*
+ * Clear the PSID associated with `inode'.
+ */
+int clear_psid(struct inode *inode);
+
+/*
+ * Change the file system security and the
+ * default file security context in the PSID
+ * mapping of `sb' to the security contexts
+ * associated with `fs_sid' and `f_sid'.
+ * If either `fs_sid' or `f_sid' is null,
+ * then do not change the corresponding
+ * security context.
+ */
+int psid_chsidfs(struct super_block *sb,
+ security_id_t fs_sid,
+ security_id_t f_sid);
+
+#endif /* _LINUX_FLASK_PSID_H_ */
+
diff --minimal -Nru a/security/selinux/include/linux/flask/security.h b/security/selinux/include/linux/flask/security.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/security.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,161 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com>
+ *
+ * The security server was originally written while I was employed by NSA,
+ * and has undergone some revisions since I joined NAI Labs, but is largely
+ * unchanged.
+ */
+
+#ifndef _LINUX_SECURITY_H_
+#define _LINUX_SECURITY_H_
+
+/*
+ * Security server interface.
+ */
+
+#include <linux/flask/flask.h>
+
+/* Initialize the security server */
+int security_init(void);
+
+/*
+ * Compute access vectors based on a SID pair for
+ * the permissions in a particular class.
+ */
+int security_compute_av(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ access_vector_t requested, /* IN */
+ access_vector_t *allowed, /* OUT */
+ access_vector_t *decided, /* OUT */
+ access_vector_t *auditallow, /* OUT */
+ access_vector_t *auditdeny, /* OUT */
+ __u32 *seqno); /* OUT */
+
+/*
+ * Compute a SID to use for labeling a new object in the
+ * class `tclass' based on a SID pair.
+ */
+int security_transition_sid(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ security_id_t *out_sid); /* OUT */
+
+/*
+ * Compute a SID to use when selecting a member of a
+ * polyinstantiated object of class `tclass' based on
+ * a SID pair.
+ */
+int security_member_sid(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ security_id_t *out_sid); /* OUT */
+
+/*
+ * Compute a SID to use for relabeling an object in the
+ * class `tclass' based on a SID pair.
+ */
+int security_change_sid(
+ security_id_t ssid, /* IN */
+ security_id_t tsid, /* IN */
+ security_class_t tclass, /* IN */
+ security_id_t *out_sid); /* OUT */
+
+/*
+ * Write the security context string representation of
+ * the context associated with `sid' into a dynamically
+ * allocated string of the correct size. Set `*scontext'
+ * to point to this string and set `*scontext_len' to
+ * the length of the string.
+ */
+int security_sid_to_context(
+ security_id_t sid, /* IN */
+ security_context_t *scontext, /* OUT */
+ __u32 *scontext_len); /* OUT */
+
+/*
+ * Return a SID associated with the security context that
+ * has the string representation specified by `scontext'.
+ */
+int security_context_to_sid(
+ security_context_t scontext, /* IN */
+ __u32 scontext_len, /* IN */
+ security_id_t *out_sid); /* OUT */
+
+/*
+ * Return the SIDs to use for an unlabeled file system
+ * that is being mounted from the device with the
+ * the kdevname `name'. The `fs_sid' SID is returned for
+ * the file system and the `file_sid' SID is returned
+ * for all files within that file system.
+ */
+int security_fs_sid(
+ char *dev, /* IN */
+ security_id_t *fs_sid, /* OUT */
+ security_id_t *file_sid); /* OUT */
+
+/*
+ * Return the SID of the port specified by
+ * `domain', `type', `protocol', and `port'.
+ */
+int security_port_sid(
+ __u16 domain,
+ __u16 type,
+ __u8 protocol,
+ __u16 port,
+ security_id_t *out_sid);
+
+/*
+ * Return the SIDs to use for a network interface
+ * with the name `name'. The `if_sid' SID is returned for
+ * the interface and the `msg_sid' SID is returned as
+ * the default SID for messages received on the
+ * interface.
+ */
+int security_netif_sid(
+ char *name,
+ security_id_t *if_sid,
+ security_id_t *msg_sid);
+
+/*
+ * Return the SID of the node specified by the address
+ * `addr' where `addrlen' is the length of the address
+ * in bytes and `domain' is the communications domain or
+ * address family in which the address should be interpreted.
+ */
+int security_node_sid(
+ __u16 domain,
+ void *addr,
+ __u32 addrlen,
+ security_id_t *out_sid);
+
+
+/*
+ * Return the SIDs to use for a NFS file system mounted
+ * from the address `addr' where `addrlen' is the length of the address
+ * in bytes and `domain' is the communications domain or
+ * address family in which the address should be interpreted.
+ */
+int security_nfs_sid(
+ __u16 domain,
+ void *addr,
+ __u32 addrlen,
+ security_id_t *fs_sid,
+ security_id_t *file_sid);
+
+/*
+ * Return the SID to use for a devfs entry.
+ */
+int security_devfs_sid(
+ char *name, /* IN */
+ security_class_t sclass, /* IN */
+ security_id_t *sid); /* OUT */
+
+#endif /* _LINUX_SECURITY_H_ */
+
diff --minimal -Nru a/security/selinux/include/linux/flask/syscalls.h b/security/selinux/include/linux/flask/syscalls.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/syscalls.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,129 @@
+/* -*- linux-c -*- */
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+#ifndef _LINUX_FLASK_SYSCALLS_H_
+#define _LINUX_FLASK_SYSCALLS_H_
+
+#include <linux/flask/flask_types.h>
+
+#include <asm/flask/unistd.h>
+
+#define SELINUX_MAGIC 0xf97cff8c
+
+/* Call values for lsm. */
+#define SELINUXCALL_COMPUTE_AV 1
+#define SELINUXCALL_NOTIFY_PERM 2
+#define SELINUXCALL_TRANSITION_SID 3
+#define SELINUXCALL_MEMBER_SID 4
+#define SELINUXCALL_SID_TO_CONTEXT 5
+#define SELINUXCALL_CONTEXT_TO_SID 6
+#define SELINUXCALL_LOAD_POLICY 7
+#define SELINUXCALL_CHANGE_SID 8
+#define SELINUXCALL_GET_SIDS 9
+#define SELINUXCALL_GET_USER_SIDS 10
+#define SELINUXCALL_AVC_TOGGLE 11
+#define SELINUXCALL_GETSECSID 12
+#define SELINUXCALL_GETOSECSID 13
+#define SELINUXCALL_LSTAT 14
+#define SELINUXCALL_LCHSID 15
+#define SELINUXCALL_STAT 16
+#define SELINUXCALL_CHSID 17
+#define SELINUXCALL_FSTAT 18
+#define SELINUXCALL_FCHSID 19
+#define SELINUXCALL_OPEN 20
+#define SELINUXCALL_MKDIR 21
+#define SELINUXCALL_MKNOD 22
+#define SELINUXCALL_SYMLINK 23
+#define SELINUXCALL_STATFS 24
+#define SELINUXCALL_FSTATFS 25
+#define SELINUXCALL_CHSIDFS 26
+#define SELINUXCALL_FCHSIDFS 27
+
+#define SELINUXCALL_SHMSID 28
+#define SELINUXCALL_SEMSID 29
+#define SELINUXCALL_MSGSID 30
+#define SELINUXCALL_SHMGET 31
+#define SELINUXCALL_SEMGET 32
+#define SELINUXCALL_MSGGET 33
+#define SELINUXCALL_MSGSND 34
+#define SELINUXCALL_MSGRCV 35
+
+#define SELINUXCALL_EXECVE 36
+
+#define SELINUXCALL_STAT64 37
+#define SELINUXCALL_LSTAT64 38
+#define SELINUXCALL_FSTAT64 39
+
+#define SELINUXCALL_AVC_ENFORCING 40
+
+#define SELINUXCALL_NUM 40
+
+/* Structure definitions for compute_av call */
+struct security_query {
+ security_id_t ssid;
+ security_id_t tsid;
+ security_class_t tclass;
+ access_vector_t requested;
+};
+
+struct security_response {
+ access_vector_t allowed;
+ access_vector_t decided;
+ access_vector_t auditallow;
+ access_vector_t auditdeny;
+ access_vector_t notify;
+ __u32 seqno;
+};
+
+#ifdef __KERNEL__
+extern long sys_security_compute_av(struct security_query *query,
+ struct security_response *response);
+
+extern long sys_security_sid_to_context(security_id_t sid,
+ security_context_t scontext,
+ __u32 *scontext_len);
+
+extern long sys_security_context_to_sid(security_context_t scontext,
+ __u32 scontext_len,
+ security_id_t * out_sid);
+
+extern long sys_security_transition_sid(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ security_id_t * out_sid );
+
+extern long sys_security_change_sid(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ security_id_t * out_sid );
+
+extern long sys_security_member_sid(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ security_id_t * out_sid);
+
+extern long sys_security_load_policy(char *path,
+ __u32 pathlen);
+
+extern long sys_security_notify_perm(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested);
+
+extern long sys_security_get_sids(security_id_t * sids,
+ __u32 *nel);
+
+extern long sys_security_get_user_sids(security_id_t fromsid,
+ char *username,
+ __u32 namelen,
+ security_id_t * sids,
+ __u32 *nel);
+
+extern long sys_avc_toggle(void);
+extern long sys_avc_enforcing(void);
+
+#endif /* __KERNEL__ */
+
+#endif
+
diff --minimal -Nru a/security/selinux/psid.c b/security/selinux/psid.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/psid.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1113 @@
+/* -*- linux-c -*- */
+
+/*
+ * Implementation of the persistent label mapping.
+ *
+ * Author: Stephen Smalley, NAI Labs, <ssmalley@nai.com>
+ *
+ * The persistent label mapping was originally written while I was
+ * employed by NSA, but I modified it after joining NAI Labs for
+ * the new LSM-based SELinux prototype to maintain the inode-to-PSID
+ * mapping in a regular file rather than using a spare field in the
+ * on-disk inode, since LSM does not provide filesystem-specific hooks.
+ * I've also made other minor revisions, including bug fixes.
+ *
+ * The mapping is currently implemented using
+ * regular files in a fixed subdirectory of the
+ * root directory of each file system. The "contexts"
+ * file stores the security contexts associated with
+ * objects in the file system. The "index" file
+ * stores (offset, length) pairs for the security
+ * contexts in the "contexts" file, indexed by
+ * persistent SID (PSID). The "inodes" file stores
+ * PSIDs for the files in the file system, indexed by
+ * inode number.
+ */
+
+#include <linux/config.h>
+
+#include <linux/types.h>
+#include <linux/flask/flask.h>
+#include <linux/flask/security.h>
+#include <linux/flask/psid.h>
+#include <linux/stddef.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/spinlock.h>
+#include <asm/uaccess.h>
+#include <asm/semaphore.h>
+#include "selinux_plug.h"
+
+#if 0
+#define DPRINTF(args...) printk(KERN_ALERT args)
+#else
+#define DPRINTF(args...)
+#endif
+
+/* Read or write at an absolute offset. The offset is only an
+ input parameter. */
+static inline ssize_t read_abs(struct file *fp, char *buf, size_t len, loff_t off)
+{
+ return fp->f_op->read(fp, buf, len, &off);
+}
+static inline ssize_t write_abs(struct file *fp, const char *buf, size_t len, loff_t off)
+{
+ return fp->f_op->write(fp, buf, len, &off);
+}
+
+
+/*
+ * Subdirectory for the PSID mapping files.
+ */
+#define PSEC_SECDIR "...security"
+#define PSEC_SECDIR_MODE 0700
+
+/*
+ * The PSID mapping files
+ */
+#define PSEC_CONTEXTS 0 /* security contexts */
+#define PSEC_INDEX 1 /* psid -> (offset, len) of context */
+#define PSEC_INODES 2 /* ino -> psid */
+#define PSEC_NFILES 3 /* total number of security files */
+
+static char *psec_sfiles[PSEC_NFILES] =
+{
+ "contexts",
+ "index",
+ "inodes"
+};
+
+#define PSEC_SECFILE_MODE (S_IFREG | 0600)
+
+
+/*
+ * Record structure for entries in index file.
+ */
+typedef struct
+{
+ loff_t ofs; /* offset within file, in bytes */
+ size_t len; /* length of context, in bytes */
+} s_index_t;
+
+#define SINDEX_MASK (sizeof(s_index_t)-1)
+
+/*
+ * For each mounted file system, we maintain a
+ * incore cache that maps between PSIDs and SIDs.
+ * The current implementation loads the entire
+ * PSID mapping into this "cache" at mount time,
+ * but the intent is to change the implementation
+ * to load from the mapping on demand.
+ */
+typedef struct psidtab_node {
+ psid_t psid;
+ security_id_t sid;
+ struct psidtab_node *next;
+} psidtab_node_t;
+
+#define PSIDTAB_SLOTS 32
+#define BAD_PSIDS 32
+
+struct psidtab {
+ psidtab_node_t *slots[PSIDTAB_SLOTS]; /* PSID cache */
+ int initialized; /* is the PSID mapping initialized? */
+ psid_t next_psid; /* next PSID to be allocated */
+ loff_t next_context; /* offset of next context */
+ struct file files[PSEC_NFILES]; /* mapping files */
+#define contexts_fp files[PSEC_CONTEXTS] /* contexts file */
+#define index_fp files[PSEC_INDEX] /* index file */
+#define inodes_fp files[PSEC_INODES] /* inode file */
+ psid_t bad_psids[BAD_PSIDS]; /* bad PSIDs */
+ int n_bad; /* number of bad PSIDs */
+ s_index_t raw_sindex; /* PSID 0 */
+ spinlock_t lock;
+ struct semaphore sem;
+};
+typedef struct psidtab psidtab_t;
+
+#define PSIDTAB_HASH(psid) (psid & (PSIDTAB_SLOTS - 1))
+
+
+/*
+ * Two PSIDs are reserved: PSID 0
+ * refers to the security context to
+ * assign to unlabeled objects in the
+ * file system and PSID 1 refers to the
+ * security context of the file system itself.
+ */
+#define FILE_PSID 0
+#define FS_PSID 1
+
+/*
+ * Create a PSID cache.
+ */
+static int psidtab_create(psidtab_t **tp)
+{
+ psidtab_t *t;
+
+
+ t = (psidtab_t *) kmalloc(sizeof(psidtab_t), GFP_KERNEL);
+ if (!t)
+ return -ENOMEM;
+ memset(t, 0, sizeof(psidtab_t));
+ t->lock = SPIN_LOCK_UNLOCKED;
+ init_MUTEX(&t->sem);
+ *tp = t;
+ return 0;
+}
+
+
+/*
+ * Release the PSID mapping files and
+ * free the memory used by the PSID cache.
+ */
+static void psidtab_destroy(psidtab_t *t)
+{
+ psidtab_node_t *cur, *tmp;
+ int hvalue, i;
+
+
+ for (i = 0; i < PSEC_NFILES; i++) {
+ if (t->files[i].f_dentry) {
+ dput(t->files[i].f_dentry);
+ }
+ }
+
+ for (hvalue = 0; hvalue < PSIDTAB_SLOTS; hvalue++) {
+ cur = t->slots[hvalue];
+ while (cur) {
+ tmp = cur;
+ cur = cur->next;
+ kfree(tmp);
+ }
+ }
+
+ kfree(t);
+}
+
+
+/*
+ * Insert an entry for the pair (`psid', `sid') in the PSID cache.
+ */
+static int psidtab_insert(psidtab_t *t, psid_t psid, security_id_t sid)
+{
+ psidtab_node_t *new;
+ int hvalue;
+
+
+ hvalue = PSIDTAB_HASH(psid);
+ new = (psidtab_node_t *) kmalloc(sizeof(psidtab_node_t), GFP_KERNEL);
+ if (!new) {
+ return -ENOMEM;
+ }
+ new->psid = psid;
+ new->sid = sid;
+ new->next = t->slots[hvalue];
+ wmb();
+ t->slots[hvalue] = new;
+ return 0;
+}
+
+
+/*
+ * Return the SID associated with the
+ * PSID `psid' in the PSID cache.
+ * Return 0 if no match is found.
+ */
+static security_id_t psidtab_search_psid(psidtab_t *t, psid_t psid)
+{
+ psidtab_node_t *cur;
+ int hvalue;
+
+
+ hvalue = PSIDTAB_HASH(psid);
+ for (cur = t->slots[hvalue]; cur ; cur = cur->next) {
+ if (psid == cur->psid)
+ return cur->sid;
+ }
+
+ return 0;
+}
+
+
+/*
+ * Return the PSID associated with the
+ * SID `sid' in the PSID cache.
+ * If 'reserved' is zero, then a reserved PSID is not
+ * returned even if it matches.
+ * Return 0 if no match is found.
+ */
+static psid_t psidtab_search_sid(psidtab_t *t, security_id_t sid, int reserved)
+{
+ psidtab_node_t *cur;
+ int hvalue;
+
+
+ for (hvalue = 0; hvalue < PSIDTAB_SLOTS; hvalue++) {
+ for (cur = t->slots[hvalue]; cur; cur = cur->next) {
+ if (sid == cur->sid &&
+ ((cur->psid > FS_PSID) || reserved))
+ return cur->psid;
+ }
+ }
+
+ return 0;
+}
+
+
+/*
+ * Change the SID associated with PSID `psid'
+ * to the SID `sid' in the PSID cache.
+ */
+static void psidtab_change_psid(psidtab_t *t,
+ psid_t psid, security_id_t sid)
+{
+ psidtab_node_t *cur;
+ int hvalue;
+
+
+ hvalue = PSIDTAB_HASH(psid);
+ for (cur = t->slots[hvalue]; cur ; cur = cur->next) {
+ if (psid == cur->psid) {
+ cur->sid = sid;
+ return;
+ }
+ }
+
+ return;
+}
+
+#if 0
+static void psidtab_hash_eval(psidtab_t *t, char *tag)
+{
+ int i, nel, chain_len, max_chain_len, slots_used;
+ psidtab_node_t *node;
+
+ nel = 0;
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < PSIDTAB_SLOTS; i++) {
+ node = t->slots[i];
+ if (node) {
+ slots_used++;
+ chain_len = 0;
+ while (node) {
+ nel++;
+ chain_len++;
+ node = node->next;
+ }
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ printk("\n%s psidtab: %d entries and %d/%d buckets used, longest chain length %d\n",
+ tag, nel, slots_used, PSIDTAB_SLOTS, max_chain_len);
+}
+#else
+#define psidtab_hash_eval(t, tag)
+#endif
+
+
+/*
+ * Allocate and return a new PSID for the
+ * security context associated with the
+ * SID `newsid'.
+ */
+static int newpsid(psidtab_t *t,
+ security_id_t newsid,
+ psid_t *out_psid)
+{
+ security_context_t context;
+ s_index_t raw_sindex;
+ psid_t psid;
+ loff_t off;
+ size_t len;
+ int rc;
+
+
+ DPRINTF("newpsid: obtaining psid for sid %d\n", newsid);
+
+ rc = security_sid_to_context(newsid, &context, &len);
+ if (rc)
+ return -EACCES;
+ DPRINTF("newpsid: sid %d -> context %s\n", newsid, context);
+
+ /*
+ * Append the security context to the contexts file.
+ */
+ spin_lock(&t->lock);
+ off = t->next_context;
+ t->next_context += len;
+ spin_unlock(&t->lock);
+ rc = write_abs(&t->contexts_fp, context, len, off);
+ if (rc < 0) {
+ printk("newpsid: error %d in writing to contexts\n", -rc);
+ kfree(context);
+ return rc;
+ }
+ DPRINTF("newpsid: added %s to contexts at %Ld\n",
+ context, off);
+ kfree(context);
+
+ /*
+ * Write the index record at the location
+ * for the next allocated PSID.
+ */
+ raw_sindex.ofs = cpu_to_le64(off);
+ raw_sindex.len = cpu_to_le32(len);
+ spin_lock(&t->lock);
+ psid = t->next_psid++;
+ spin_unlock(&t->lock);
+ rc = write_abs(&t->index_fp, (const char*)&raw_sindex, sizeof(s_index_t), psid * sizeof(s_index_t));
+ if (rc < 0) {
+ printk("newpsid: error %d in writing to index\n", -rc);
+ return rc;
+ }
+ DPRINTF("newpsid: added new psid %d = (%Ld,%d) to index\n",
+ psid, off, len);
+
+ /*
+ * Add the (`psid', `newsid') pair to the PSID cache.
+ */
+ rc = psidtab_insert(t, psid, newsid);
+ if (rc)
+ return rc;
+
+ DPRINTF("newpsid: added (%d, %d) to psidtab\n", psid, newsid);
+
+ *out_psid = psid;
+ return 0;
+}
+
+
+/*
+ * Initialize the incore data in `t' for a PSID mapping
+ * from the PSID mapping files in the file system `sb'.
+ * Set the SID of `sb' and the SIDs of the inodes for the
+ * root directory, the mapping directory and the mapping
+ * files.
+ *
+ * If the file system is unlabeled and the
+ * file system is being mounted read-write, then
+ * create a new PSID mapping on it.
+ */
+static int psidfiles_init(struct super_block *sb, psidtab_t *t)
+{
+ struct superblock_security_struct *sbsec = sb->s_security;
+ struct dentry *dir, *file;
+ int index;
+ int need_to_init = 0;
+ s_index_t sindex, raw_sindex;
+ security_id_t fs_sid, file_sid, sid;
+ psid_t file_psid, fs_psid, raw_psid;
+ loff_t pos;
+ char *cbuf;
+ int rc = 0;
+
+ DPRINTF("psidfiles_init: looking up %s\n", PSEC_SECDIR);
+ dir = lookup_one_len(PSEC_SECDIR, sb->s_root, strlen(PSEC_SECDIR));
+ rc = PTR_ERR(dir);
+ if (IS_ERR(dir)) {
+ printk("psidfiles_init: lookup_one returned %d\n", -rc);
+ goto bad;
+ }
+
+ if (!dir->d_inode) {
+ if ((sb->s_flags & MS_RDONLY) == 0) {
+ /*
+ * The mapping subdirectory did not exist.
+ * Since the file system is mounted
+ * read-write, create it.
+ */
+ DPRINTF("psidfiles_init: %s did not exist; creating\n",
+ PSEC_SECDIR);
+
+ need_to_init = 1;
+
+ if (!sb->s_root->d_inode->i_op ||
+ !sb->s_root->d_inode->i_op->mkdir) {
+ printk("psidfiles_init: no mkdir support\n");
+ rc = -EPERM;
+ dput(dir);
+ goto bad;
+ }
+
+ rc = sb->s_root->d_inode->i_op->mkdir(
+ sb->s_root->d_inode, dir,
+ PSEC_SECDIR_MODE);
+ if (rc) {
+ printk("psidfiles_init: mkdir returned %d\n", -rc);
+ dput(dir);
+ goto bad;
+ }
+ } else {
+ /*
+ * The mapping subdirectory did not exist.
+ * Since the file system is mounted
+ * read-only, no mapping can be created.
+ * Obtain the SID of the file system and the
+ * default file SID from the security server
+ * and return without setting the initialized
+ * flag.
+ */
+ DPRINTF("psidfiles_init: %s did not exist; read-only\n", PSEC_SECDIR);
+
+ dput(dir);
+
+ rc = security_fs_sid((char *)kdevname(sb->s_dev),
+ &fs_sid, &file_sid);
+ if (rc)
+ goto bad;
+
+ sbsec->sid = fs_sid;
+ inode_security_set_sid(sb->s_root->d_inode, file_sid);
+
+ return 0;
+ }
+ }
+
+ /* Set the SID on the mapping subdirectory */
+ inode_security_set_sid(dir->d_inode, SECINITSID_FILE_LABELS);
+
+ /* Look up or create each mapping file */
+ for (index = 0; index < PSEC_NFILES; index++) {
+ DPRINTF("psidfiles_init: checking for %s\n",
+ psec_sfiles[index]);
+ file = lookup_one_len(psec_sfiles[index], dir, strlen(psec_sfiles[index]));
+ rc = PTR_ERR(file);
+ if (IS_ERR(file)) {
+ printk("psidfiles_init: lookup_one returned %d\n", -rc);
+ goto bad;
+ }
+
+ if (!file->d_inode) {
+ /*
+ * The mapping file did not exist.
+ * If the mapping subdirectory was just created,
+ * then create the mapping file. Otherwise,
+ * fail.
+ */
+ if (!need_to_init) {
+ printk("psidfiles_init: %s did not exist\n",
+ psec_sfiles[index]);
+ rc = -ENOENT;
+ goto bad_file;
+ }
+
+ DPRINTF("psidfiles_init: %s did not exist; creating\n",
+ psec_sfiles[index]);
+
+ if (!dir->d_inode->i_op ||
+ !dir->d_inode->i_op->create) {
+ printk("psidfiles_init: no create support!\n");
+ rc = -ENOENT;
+ goto bad_file;
+ }
+
+ rc = dir->d_inode->i_op->create(
+ dir->d_inode,
+ file,
+ PSEC_SECFILE_MODE);
+ if (rc) {
+ printk("psidfiles_init: create returned %d\n", -rc);
+ goto bad_file;
+ }
+ }
+
+ /* Set the SID on the mapping file */
+ inode_security_set_sid(file->d_inode, SECINITSID_FILE_LABELS);
+
+ /* "Open" the file and set it for synchronous writes */
+ rc = init_private_file(&t->files[index], file, 3);
+ t->files[index].f_flags = O_RDWR;
+ if (index == PSEC_CONTEXTS || index == PSEC_INDEX)
+ t->files[index].f_flags |= O_SYNC;
+ if (rc) {
+ printk("psidfiles_init: init_private_file returned %d\n", -rc);
+ goto bad_file;
+ }
+
+ if (!t->files[index].f_op ||
+ !t->files[index].f_op->read ||
+ !t->files[index].f_op->write) {
+ printk("psidfiles_init: no read/write support\n");
+ dput(dir);
+ rc = -ENOENT;
+ goto bad;
+ }
+ }
+
+ dput(dir);
+
+ if (need_to_init) {
+ /*
+ * The mapping subdirectory and files were just created.
+ * Obtain the file system and default file SIDs from
+ * the security server, define the corresponding
+ * reserved PSIDs, set the initialized flag and return.
+ */
+ DPRINTF("psidfiles_init: initializing labeling files\n");
+
+ rc = security_fs_sid((char*)kdevname(sb->s_dev),
+ &fs_sid, &file_sid);
+ if (rc)
+ goto bad;
+
+ sbsec->sid = fs_sid;
+ inode_security_set_sid(sb->s_root->d_inode, file_sid);
+
+ rc = newpsid(t, file_sid, &file_psid);
+ if (rc)
+ goto bad;
+
+ if (file_psid) {
+ printk("psidfiles_init: default file psid should be zero, is %d\n", file_psid);
+ goto bad;
+ }
+
+ rc = newpsid(t, fs_sid, &fs_psid);
+ if (rc)
+ goto bad;
+
+ if (fs_psid != FS_PSID) {
+ printk("psidfiles_init: file system psid should be %d, is %d\n", FS_PSID, fs_psid);
+ goto bad;
+ }
+
+ t->initialized = 1;
+
+ return 0;
+ }
+
+ /*
+ * The mapping subdirectory and files already existed.
+ * Load the mapping files into the PSID cache. Obtain
+ * the SIDs for the file system and the root directory
+ * from the mapping. Set the initialized flag.
+ */
+ DPRINTF("psidfiles_init: reading index and contexts files\n");
+ pos = 0;
+ rc = read_abs(&t->index_fp, (char *)&raw_sindex, sizeof(s_index_t), pos);
+ t->raw_sindex.ofs = raw_sindex.ofs;
+ t->raw_sindex.len = raw_sindex.len;
+ while (rc > 0) {
+ sindex.ofs = le64_to_cpu(raw_sindex.ofs);
+ sindex.len = le32_to_cpu(raw_sindex.len);
+
+ DPRINTF("psidfiles_init: read index (%Ld,%d) at %Ld\n",
+ sindex.ofs, sindex.len, pos);
+
+ cbuf = kmalloc(sindex.len, GFP_KERNEL);
+ if (!cbuf) {
+ rc = -ENOMEM;
+ goto bad;
+ }
+
+ rc = read_abs(&t->contexts_fp, cbuf, sindex.len, sindex.ofs);
+ if (rc < 0) {
+ printk("psidfiles_init: error %d in reading contexts\n",
+ -rc);
+ kfree(cbuf);
+ goto bad;
+ }
+
+ rc = security_context_to_sid(cbuf, rc, &sid);
+ if (rc) {
+ printk("psidfiles_init: error %d in obtaining SID for context %s (psid %d).\n",
+ -rc, cbuf, t->next_psid);
+ if ((sb->s_flags & MS_RDONLY) == 0) {
+ rc = write_abs(&t->index_fp,
+ (const char*)&t->raw_sindex,
+ sizeof(s_index_t),
+ pos);
+ if (rc < 0) {
+ printk("psidfiles_init: error %d in writing to index for psid %d\n", -rc, t->next_psid);
+ }
+ DPRINTF("psidfiles_init: remapped psid %d to psid 0\n",
+ t->next_psid);
+ } else {
+ if (t->n_bad < BAD_PSIDS)
+ t->bad_psids[t->n_bad++] = t->next_psid;
+ }
+ t->next_psid++;
+ }
+ else
+ {
+ DPRINTF("psidfiles_init: psid %d -> context %s -> sid %d\n",
+ t->next_psid, cbuf, sid);
+
+ rc = psidtab_insert(t, t->next_psid, sid);
+ t->next_psid++;
+ if (rc) {
+ goto bad;
+ }
+ }
+
+ kfree(cbuf);
+
+ pos += sizeof(s_index_t);
+ rc = read_abs(&t->index_fp, (char *)&raw_sindex,
+ sizeof(s_index_t), pos);
+ }
+
+ if (rc < 0) {
+ printk("psidfiles_init: error %d in reading index\n",
+ -rc);
+ goto bad;
+ }
+
+ fs_sid = psidtab_search_psid(t, FS_PSID);
+ if (!fs_sid) {
+ printk("psidfiles_init: no SID for fs psid\n");
+ rc = -EINVAL;
+ goto bad;
+ }
+
+ DPRINTF("psidfiles_init: fs sid %d\n", fs_sid);
+
+ sbsec->sid = fs_sid;
+
+ DPRINTF("psidfiles_init: reading inodes file for root inode\n");
+
+ rc = read_abs(&t->inodes_fp, (char *)&raw_psid, sizeof(psid_t),
+ sb->s_root->d_inode->i_ino * sizeof(psid_t));
+ if (rc < 0) {
+ printk("psidfiles_init: error %d in reading inodes\n",
+ -rc);
+ goto bad;
+ }
+ if (rc == 0)
+ file_psid = 0;
+ else
+ file_psid = le32_to_cpu(raw_psid);
+
+ sid = psidtab_search_psid(t, file_psid);
+ if (!sid) {
+ printk("psidfiles_init: root inode is unlabeled\n");
+ sid = SECINITSID_UNLABELED;
+ }
+
+ inode_security_set_sid(sb->s_root->d_inode, sid);
+
+ {
+ struct inode *inode = t->contexts_fp.f_dentry->d_inode;
+
+ down(&inode->i_sem);
+ t->next_context = inode->i_size;
+ up(&inode->i_sem);
+ }
+
+ t->initialized = 1;
+
+ return 0;
+
+bad_file:
+ dput(file);
+ dput(dir);
+bad:
+ printk("psidfiles_init: initialization failed, error %d\n", -rc);
+ return rc;
+}
+
+
+/*
+ * Initialize the PSID mapping on the file system `sb'.
+ * If `sb' is an unlabeled file system and it is being
+ * mounted read-write, then create a new PSID mapping
+ * on it.
+ */
+int psid_init(struct super_block *sb)
+{
+ struct superblock_security_struct *sbsec = sb->s_security;
+ psidtab_t *t = sbsec->psidtab;
+ mm_segment_t old_fs;
+ int rc;
+
+
+ if (t) {
+ printk("psid_init: already initialized this super block\n");
+ return -EACCES;
+ }
+
+ DPRINTF("psid_init: creating psidtab\n");
+
+ rc = psidtab_create(&t);
+ if (rc)
+ return rc;
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ rc = psidfiles_init(sb, t);
+ set_fs(old_fs);
+ if (rc) {
+ psidtab_destroy(t);
+ sbsec->psidtab = 0;
+ return rc;
+ }
+ if (t->initialized)
+ psidtab_hash_eval(t, "init");
+
+ sbsec->psidtab = t;
+ return 0;
+}
+
+
+/*
+ * If `sb' is an unlabeled file system that was
+ * originally mounted read-only and is now being
+ * remounted read-write, then create a new PSID mapping
+ * on it.
+ */
+int psid_remount(struct super_block *sb)
+{
+ struct superblock_security_struct *sbsec = sb->s_security;
+ psidtab_t *t = sbsec->psidtab;
+ mm_segment_t old_fs;
+ int i, rc;
+
+
+ if (!t) {
+ printk("psid_remount: uninitialized super block\n");
+ return -EACCES;
+ }
+
+ if (!t->initialized) {
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ rc = psidfiles_init(sb, t);
+ set_fs(old_fs);
+ if (rc) {
+ psidtab_destroy(t);
+ sbsec->psidtab = 0;
+ panic("VFS: psid_remount failed (rc=%d)", rc);
+ return rc;
+ }
+ } else if (t->n_bad) {
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ for (i = 0; i < t->n_bad; i++) {
+ rc = write_abs(&t->index_fp,
+ (const char*)&t->raw_sindex,
+ sizeof(s_index_t),
+ t->bad_psids[i] * sizeof(s_index_t));
+
+ if (rc < 0) {
+ printk("psid_remount: error %d in writing to index for psid %d\n", -rc, t->bad_psids[i]);
+ }
+ DPRINTF("psid_remount: remapped psid %d to psid 0\n",
+ t->bad_psids[i]);
+ }
+ set_fs(old_fs);
+ t->n_bad = 0;
+ }
+
+ if (t->initialized)
+ psidtab_hash_eval(t, "remount");
+
+ return 0;
+}
+
+
+/*
+ * Free any memory and release any files used for
+ * the PSID mapping of `sb'.
+ */
+void psid_release(struct super_block *sb)
+{
+ struct superblock_security_struct *sbsec = sb->s_security;
+ if (!sbsec->psidtab) {
+ printk("psid_release: uninitialized super block\n");
+ return;
+ }
+
+ DPRINTF("psid_release: destroying psidtab\n");
+
+ if (sbsec->psidtab->initialized)
+ psidtab_hash_eval(sb->s_security, "release");
+
+ psidtab_destroy(sbsec->psidtab);
+ sbsec->psidtab = 0;
+}
+
+
+/*
+ * Look up the PSID of `inode' in the PSID mapping
+ * and return the corresponding SID.
+ */
+int psid_to_sid(struct inode *inode, security_id_t *out_sid)
+{
+ struct super_block *sb = inode->i_sb;
+ struct superblock_security_struct *sbsec = sb->s_security;
+ struct inode_security_struct *isec;
+ psidtab_t *t = sbsec->psidtab;
+ psid_t psid, raw_psid;
+ security_id_t sid;
+ mm_segment_t old_fs;
+ int rc;
+
+ if (!t) {
+ printk("psid_to_sid: ino %ld -> unlabeled\n", inode->i_ino);
+ *out_sid = SECINITSID_UNLABELED;
+ return 0;
+ }
+
+ if (!t->initialized) {
+ isec = sb->s_root->d_inode->i_security;
+ *out_sid = isec->sid;
+ return 0;
+ }
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ rc = read_abs(&t->inodes_fp, (char *)&raw_psid, sizeof(psid_t), inode->i_ino * sizeof(psid_t));
+ set_fs(old_fs);
+ if (rc < 0) {
+ printk("psid_to_sid: unable to read inodes for %ld, using unlabeled\n",
+ inode->i_ino);
+ *out_sid = SECINITSID_UNLABELED;
+ return 0;
+ }
+ if (rc == 0)
+ psid = 0;
+ else
+ psid = le32_to_cpu(raw_psid);
+
+ sid = psidtab_search_psid(t, psid);
+ if (!sid) {
+ printk("psid_to_sid: no SID for psid %d\n", psid);
+ sid = psidtab_search_psid(t, 0);
+ if (!sid) {
+ printk("psid_to_sid: psid %d -> unlabeled\n", psid);
+ inode_security_set_sid(inode, SECINITSID_UNLABELED);
+ return 0;
+ }
+ }
+
+ *out_sid = sid;
+
+ return 0;
+}
+
+
+/*
+ * Look up the security context associated with the
+ * SID `sid' in the PSID mapping and set the PSID
+ * for the inode accordingly. If no PSID exists in
+ * the PSID mapping for the security context, then
+ * allocate a new PSID and assign it to the security
+ * context.
+ */
+int sid_to_psid(struct inode *inode,
+ security_id_t sid)
+{
+ struct super_block *sb = inode->i_sb;
+ struct superblock_security_struct *sbsec = sb->s_security;
+ psidtab_t *t = sbsec->psidtab;
+ psid_t psid, raw_psid;
+ int rc = 0;
+ mm_segment_t old_fs;
+
+ if (!t || !t->initialized) {
+ return 0;
+ }
+
+ psid = psidtab_search_sid(t, sid, 0);
+ if (!psid) {
+ down(&t->sem);
+ /* Rescan now that we hold the semaphore */
+ psid = psidtab_search_sid(t, sid, 0);
+ if (psid)
+ goto up_out;
+ /* No PSID for this SID - allocate a new one. */
+ if (sb->s_flags & MS_RDONLY) {
+ rc = -EACCES;
+ goto up_out;
+ }
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ rc = newpsid(t, sid, &psid);
+ set_fs(old_fs);
+up_out:
+ up(&t->sem);
+ }
+
+ if (rc)
+ return rc;
+
+ raw_psid = cpu_to_le32(psid);
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ rc = write_abs(&t->inodes_fp, (char*)&raw_psid, sizeof(psid_t),
+ inode->i_ino * sizeof(psid_t));
+ set_fs(old_fs);
+ if (rc < 0)
+ return rc;
+ return 0;
+}
+
+int clear_psid(struct inode *inode)
+{
+ struct super_block *sb = inode->i_sb;
+ struct superblock_security_struct *sbsec = sb->s_security;
+ psidtab_t *t = sbsec->psidtab;
+ psid_t raw_psid;
+ int rc;
+ mm_segment_t old_fs;
+
+ if (!t || !t->initialized) {
+ return 0;
+ }
+
+ raw_psid = 0;
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ rc = write_abs(&t->inodes_fp, (char*)&raw_psid, sizeof(psid_t),
+ inode->i_ino * sizeof(psid_t));
+ set_fs(old_fs);
+ if (rc < 0)
+ return rc;
+ return 0;
+}
+
+
+/*
+ * Change the security context associated
+ * with PSID `psid' in the PSID mapping to
+ * the security context associated with `newsid'.
+ */
+static int chpsid(psidtab_t *t,
+ psid_t psid,
+ security_id_t newsid)
+{
+ security_context_t context;
+ s_index_t raw_sindex;
+ psid_t clone_psid;
+ loff_t off;
+ size_t len;
+ int rc = 0;
+
+ DPRINTF("chpsid: changing psid %d to sid %d\n", psid, newsid);
+
+ psid = psidtab_search_sid(t, newsid, 1);
+ if (psid) {
+ /*
+ * There is already a PSID for the security context
+ * associated with `newsid'. The index record for
+ * `psid' can simply be changed to be the same as
+ * the index record for this PSID.
+ */
+ clone_psid = psid;
+ DPRINTF("chpsid: cloning existing psid %d\n", clone_psid);
+ rc = read_abs(&t->index_fp,
+ (char *)&raw_sindex, sizeof(s_index_t),
+ clone_psid * sizeof(s_index_t));
+ if (rc < 0)
+ return rc;
+
+ off = le64_to_cpu(raw_sindex.ofs);
+ len = le32_to_cpu(raw_sindex.len);
+ } else {
+ /*
+ * There is no PSID for the security context
+ * associated with `newsid'. Add the security
+ * context to the contexts file and define a
+ * new index record for `psid'.
+ */
+ DPRINTF("chpsid: adding new entry to contexts\n");
+ rc = security_sid_to_context(newsid, &context, &len);
+ if (rc)
+ return rc;
+
+ DPRINTF("chpsid: sid %d -> context %s\n", newsid, context);
+
+ spin_lock(&t->lock);
+ off = t->next_context;
+ t->next_context += len;
+ spin_unlock(&t->lock);
+ rc = write_abs(&t->contexts_fp, context, len, off);
+ if (rc < 0) {
+ kfree(context);
+ return rc;
+ }
+
+ raw_sindex.ofs = cpu_to_le64(off);
+ raw_sindex.len = cpu_to_le32(len);
+
+ DPRINTF("chpsid: added %s to contexts at %Ld\n",
+ context, off);
+
+ kfree(context);
+ }
+
+ /*
+ * Change the index record for `psid'.
+ */
+ rc = write_abs(&t->index_fp, (const char*)&raw_sindex, sizeof(s_index_t), psid * sizeof(s_index_t));
+ if (rc < 0)
+ return rc;
+
+ DPRINTF("chpsid: changed psid %d to (%Ld, %d)\n",
+ psid, off, len);
+
+ /*
+ * Change the SID for `psid' in the PSID cache.
+ */
+ psidtab_change_psid(t, psid, newsid);
+
+ DPRINTF("chpsid: changed to (%d, %d) in psidtab\n", psid, newsid);
+
+ return 0;
+}
+
+
+/*
+ * Change the file system security and the
+ * default file security context in the PSID
+ * mapping of `sb' to the security contexts
+ * associated with `fs_sid' and `f_sid'.
+ * If either `fs_sid' or `f_sid' is null,
+ * then do not change the corresponding
+ * security context.
+ */
+int psid_chsidfs(struct super_block *sb,
+ security_id_t fs_sid,
+ security_id_t f_sid)
+{
+ struct superblock_security_struct *sbsec = sb->s_security;
+ psidtab_t *t = sbsec->psidtab;
+ mm_segment_t old_fs;
+ int rc = 0;
+
+
+ if (sb->s_flags & MS_RDONLY) {
+ DPRINTF("psid_chsidfs: file system is read-only\n");
+ return -EACCES;
+ }
+
+ if (!t || !t->initialized) {
+ printk("psid_chsidfs: uninitialized super block\n");
+ return -EACCES;
+ }
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+
+ down(&t->sem);
+
+ if (fs_sid) {
+ rc = chpsid(t, FS_PSID, fs_sid);
+ }
+ if (f_sid && !rc) {
+ rc = chpsid(t, FILE_PSID, f_sid);
+ }
+
+ up(&t->sem);
+
+ set_fs(old_fs);
+
+ return rc;
+}
diff --minimal -Nru a/security/selinux/selinux_plug.h b/security/selinux/selinux_plug.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/selinux_plug.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,211 @@
+/*
+ * NSA Security-Enhanced Linux (SELinux) security module
+ *
+ * This file contains the SELinux security data structures for kernel objects.
+ *
+ * Author(s): Stephen Smalley, <ssmalley@nai.com>
+ * Chris Vance, <cvance@nai.com>
+ * Wayne Salamon, <wsalamon@nai.com>
+ *
+ * Copyright (C) 2001 Networks Associates Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+#ifndef __SELINUX_PLUG_H
+#define __SELINUX_PLUG_H
+
+#include <linux/flask/flask.h>
+#include <linux/flask/avc.h>
+#include <linux/flask/psid.h>
+#include <linux/flask/syscalls.h>
+#include <linux/list.h>
+#include <linux/sched.h>
+#include <linux/fs.h>
+
+struct task_security_struct {
+ unsigned long magic; /* magic number for this module */
+ struct task_struct *task; /* back pointer to task object */
+ struct list_head list; /* list of task_security_struct */
+ security_id_t osid; /* SID prior to last execve */
+ security_id_t sid; /* current SID */
+ security_id_t in_sid[2]; /* input SIDs */
+ security_id_t out_sid[2]; /* output SIDs */
+ avc_entry_ref_t avcr; /* reference to process permissions */
+};
+
+typedef struct ctl_sid ctl_sid;
+struct ctl_sid {
+ int ctl_name;
+ const char *procname;
+ security_id_t sid;
+ ctl_sid *child;
+};
+
+struct inode_security_struct {
+ unsigned long magic; /* magic number for this module */
+ struct inode *inode; /* back pointer to inode object */
+ struct list_head list; /* list of inode_security_struct */
+ security_id_t task_sid; /* SID of creating task */
+ security_id_t sid; /* SID of this object */
+ security_class_t sclass; /* security class of this object */
+ avc_entry_ref_t avcr; /* reference to object permissions */
+ unsigned char initialized; /* initialization flag */
+ unsigned char initializing; /* initializing flag */
+ ctl_sid *ctl;
+ struct semaphore sem;
+};
+
+struct file_security_struct {
+ unsigned long magic; /* magic number for this module */
+ struct file *file; /* back pointer to file object */
+ struct list_head list; /* list of file_security_struct */
+ security_id_t sid; /* SID of open file description */
+ security_id_t fown_sid; /* SID of file owner (for SIGIO) */
+ avc_entry_ref_t avcr; /* reference to fd permissions */
+ avc_entry_ref_t inode_avcr; /* reference to object permissions */
+};
+
+struct superblock_security_struct {
+ unsigned long magic; /* magic number for this module */
+ struct super_block *sb; /* back pointer to sb object */
+ struct list_head list; /* list of superblock_security_struct */
+ security_id_t sid; /* SID of file system */
+ struct psidtab *psidtab; /* persistent SID mapping */
+ unsigned char uses_psids; /* uses persistent SID flag */
+ unsigned char initialized; /* initialization flag */
+ unsigned char initializing; /* initializing flag */
+ unsigned char uses_task; /* use creating task SID for inodes */
+ struct semaphore sem;
+};
+
+struct msg_security_struct {
+ unsigned long magic; /* magic number for this module */
+ struct msg_msg *msg; /* back pointer */
+ struct list_head list; /* list of msg_security_struct */
+ security_id_t sid; /* SID of message */
+ avc_entry_ref_t avcr; /* reference to permissions */
+};
+
+struct ipc_security_struct {
+ unsigned long magic; /* magic number for this module */
+ struct kern_ipc_perm *ipc_perm; /* back pointer */
+ security_class_t sclass; /* security class of this object */
+ struct list_head list; /* list of ipc_security_struct */
+ security_id_t sid; /* SID of IPC resource */
+ avc_entry_ref_t avcr; /* reference to permissions */
+};
+
+struct netdev_security_struct {
+ unsigned long magic; /* magic number for this module */
+ struct net_device *dev; /* back pointer to network device */
+ struct list_head list; /* list of netdev_security_struct */
+ security_id_t sid; /* SID of the network device */
+ security_id_t default_msg_sid; /* Default SID for received messages */
+ avc_entry_ref_t avcr; /* reference to permissions */
+};
+
+static inline security_class_t inode_mode_to_security_class(umode_t mode)
+{
+ switch (mode & S_IFMT) {
+ case S_IFSOCK:
+ return SECCLASS_SOCK_FILE;
+ case S_IFLNK:
+ return SECCLASS_LNK_FILE;
+ case S_IFREG:
+ return SECCLASS_FILE;
+ case S_IFBLK:
+ return SECCLASS_BLK_FILE;
+ case S_IFDIR:
+ return SECCLASS_DIR;
+ case S_IFCHR:
+ return SECCLASS_CHR_FILE;
+ case S_IFIFO:
+ return SECCLASS_FIFO_FILE;
+
+ }
+
+ return SECCLASS_FILE;
+}
+
+static inline security_class_t socket_type_to_security_class(int family,
+ int type)
+{
+ switch (family) {
+ case PF_UNIX:
+ switch (type) {
+ case SOCK_STREAM:
+ return SECCLASS_UNIX_STREAM_SOCKET;
+ case SOCK_DGRAM:
+ return SECCLASS_UNIX_DGRAM_SOCKET;
+ }
+ case PF_INET:
+ case PF_INET6:
+ switch (type) {
+ case SOCK_STREAM:
+ return SECCLASS_TCP_SOCKET;
+ case SOCK_DGRAM:
+ return SECCLASS_UDP_SOCKET;
+ case SOCK_RAW:
+ return SECCLASS_RAWIP_SOCKET;
+ }
+ case PF_NETLINK:
+ return SECCLASS_NETLINK_SOCKET;
+ case PF_PACKET:
+ return SECCLASS_PACKET_SOCKET;
+ case PF_KEY:
+ return SECCLASS_KEY_SOCKET;
+ }
+
+ return SECCLASS_SOCKET;
+}
+
+extern int inode_security_set_sid(struct inode *inode, security_id_t sid);
+
+extern int task_has_system(struct task_struct *tsk, access_vector_t perms);
+
+extern int task_has_security(struct task_struct *tsk, access_vector_t perms);
+
+extern int task_precondition(struct task_struct *task);
+
+extern int inode_precondition(struct inode *inode);
+
+extern int superblock_precondition(struct super_block *sb);
+
+/* Range of port numbers used to automatically bind.
+ Need to determine whether we should perform a name_bind
+ permission check between the socket and the port number. */
+#ifndef MODULE
+#define ip_local_port_range_0 sysctl_local_port_range[0]
+#define ip_local_port_range_1 sysctl_local_port_range[1]
+#else
+#define ip_local_port_range_0 32768
+#define ip_local_port_range_1 61000
+#endif
+
+/* -ac and -linus have different quotactl interfaces. */
+#include <linux/quota.h>
+
+#ifdef Q_SETINFO
+
+/* -ac */
+#define CASE_QMOD case Q_SETINFO: case Q_SETGRACE: case Q_SETFLAGS:
+#define CASE_QGET case Q_GETINFO:
+
+#else
+
+/* -linus */
+#define CASE_QMOD case Q_RSQUASH:
+#define CASE_QGET
+
+#endif
+
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+#define handle_security_init_failure printk("SELinux: Could not initialize\n")
+#else
+#define handle_security_init_failure panic("SELinux: Could not initialize\n")
+#endif
+
+#endif /* __SELINUX_PLUG_H */
diff --minimal -Nru a/security/selinux/ss/Makefile b/security/selinux/ss/Makefile
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/Makefile Tue Feb 12 18:59:50 2002
@@ -0,0 +1,22 @@
+#
+# Makefile for building the SELinux security server as part of the kernel tree.
+#
+
+EXTRA_CFLAGS += -I../include -include global.h -I..
+
+O_TARGET := ss.o
+
+obj-y := ebitmap.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o init.o syscalls.o
+obj-m := $(O_TARGET)
+
+ifeq ($(CONFIG_SECURITY_SELINUX_MLS),y)
+obj-y += mls.o
+endif
+
+all: $(O_TARGET)
+
+clean:
+ rm -f $(O_TARGET) $(O_OBJS)
+
+include $(TOPDIR)/Rules.make
+
diff --minimal -Nru a/security/selinux/ss/Makefile.in b/security/selinux/ss/Makefile.in
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/Makefile.in Tue Feb 12 18:59:50 2002
@@ -0,0 +1,10 @@
+
+# Beginnings of a kbuild-2.5 makefile --- offer@sgi.com
+
+objlink(CONFIG_SECURITY_SELINUX ss.o \
+ ebitmap.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o init.o syscalls.o)
+objlink(CONFIG_SECURITY_SELINUX CONFIG_SECURITY_SELINUX_MLS ss.o \
+ mls.o)
+
+extra_cflags_all(-Isecurity/selinux -Isecurity/selinux/include -include security/selinux/ss/global.h)
+
diff --minimal -Nru a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/avtab.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,341 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the access vector table type.
+ */
+
+#include "avtab.h"
+#include "policydb.h"
+
+#define HASH_BITS 15
+#define HASH_BUCKETS (1 << HASH_BITS)
+#define HASH_MASK (HASH_BUCKETS-1)
+
+#define AVTAB_SIZE HASH_BUCKETS
+
+#define AVTAB_HASH(keyp) \
+((keyp->target_class + \
+ (keyp->target_type << 2) + \
+ (keyp->source_type << 9)) & \
+ HASH_MASK)
+
+int avtab_insert(avtab_t * h, avtab_key_t * key, avtab_datum_t * datum)
+{
+ int hvalue;
+ avtab_ptr_t prev, cur, newnode;
+
+ if (!h)
+ return -ENOMEM;
+
+ hvalue = AVTAB_HASH(key);
+ for (prev = NULL, cur = h->htable[hvalue];
+ cur;
+ prev = cur, cur = cur->next) {
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class == cur->key.target_class &&
+ (datum->specified & cur->datum.specified))
+ return -EEXIST;
+ if (key->source_type < cur->key.source_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type < cur->key.target_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class < cur->key.target_class)
+ break;
+ }
+
+ newnode = (avtab_ptr_t) malloc(sizeof(struct avtab_node));
+ if (newnode == NULL)
+ return -ENOMEM;
+ memset(newnode, 0, sizeof(struct avtab_node));
+ newnode->key = *key;
+ newnode->datum = *datum;
+ if (prev) {
+ newnode->next = prev->next;
+ prev->next = newnode;
+ } else {
+ newnode->next = h->htable[hvalue];
+ h->htable[hvalue] = newnode;
+ }
+
+ h->nel++;
+ return 0;
+}
+
+
+avtab_datum_t *
+ avtab_search(avtab_t * h, avtab_key_t * key, int specified)
+{
+ int hvalue;
+ avtab_ptr_t cur;
+
+
+ if (!h)
+ return NULL;
+
+ hvalue = AVTAB_HASH(key);
+ for (cur = h->htable[hvalue]; cur; cur = cur->next) {
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class == cur->key.target_class &&
+ (specified & cur->datum.specified))
+ return &cur->datum;
+
+ if (key->source_type < cur->key.source_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type < cur->key.target_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class < cur->key.target_class)
+ break;
+ }
+
+ return NULL;
+}
+
+
+void avtab_destroy(avtab_t * h)
+{
+ int i;
+ avtab_ptr_t cur, temp;
+
+
+ if (!h)
+ return;
+
+ for (i = 0; i < AVTAB_SIZE; i++) {
+ cur = h->htable[i];
+ while (cur != NULL) {
+ temp = cur;
+ cur = cur->next;
+ free(temp);
+ }
+ h->htable[i] = NULL;
+ }
+ free(h->htable);
+}
+
+
+int avtab_map(avtab_t * h,
+ int (*apply) (avtab_key_t * k,
+ avtab_datum_t * d,
+ void *args),
+ void *args)
+{
+ int i, ret;
+ avtab_ptr_t cur;
+
+
+ if (!h)
+ return 0;
+
+ for (i = 0; i < AVTAB_SIZE; i++) {
+ cur = h->htable[i];
+ while (cur != NULL) {
+ ret = apply(&cur->key, &cur->datum, args);
+ if (ret)
+ return ret;
+ cur = cur->next;
+ }
+ }
+ return 0;
+}
+
+
+int avtab_init(avtab_t * h)
+{
+ int i;
+
+ h->htable = malloc(sizeof(avtab_ptr_t)*AVTAB_SIZE);
+ if (!h->htable)
+ return -1;
+ for (i = 0; i < AVTAB_SIZE; i++)
+ h->htable[i] = (avtab_ptr_t) NULL;
+ h->nel = 0;
+ return 0;
+}
+
+
+void avtab_hash_eval(avtab_t * h, char *tag)
+{
+ int i, chain_len, slots_used, max_chain_len;
+ avtab_ptr_t cur;
+
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < AVTAB_SIZE; i++) {
+ cur = h->htable[i];
+ if (cur) {
+ slots_used++;
+ chain_len = 0;
+ while (cur) {
+ chain_len++;
+ cur = cur->next;
+ }
+
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ printf("%s: %d entries and %d/%d buckets used, longest chain length %d\n",
+ tag, h->nel, slots_used, AVTAB_SIZE, max_chain_len);
+}
+
+
+int avtab_read(avtab_t * a, FILE * fp, __u32 config)
+{
+ int i, rc;
+ avtab_key_t avkey;
+ avtab_datum_t avdatum;
+ __u32 buf[32];
+ __u32 nel;
+ size_t items, items2;
+
+
+ items = fread(&nel, sizeof(__u32), 1, fp);
+ if (items != 1) {
+ printf("security: avtab: truncated table\n");
+ goto bad;
+ }
+ nel = le32_to_cpu(nel);
+ if (!nel) {
+ printf("security: avtab: table is empty\n");
+ goto bad;
+ }
+ for (i = 0; i < nel; i++) {
+ memset(&avkey, 0, sizeof(avtab_key_t));
+ memset(&avdatum, 0, sizeof(avtab_datum_t));
+
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1) {
+ printf("security: avtab: truncated entry\n");
+ goto bad;
+ }
+ items2 = le32_to_cpu(buf[0]);
+ if (items2 > (sizeof(buf) / sizeof(__u32))) {
+ printf("security: avtab: entry too large\n");
+ goto bad;
+ }
+ items = fread(buf, sizeof(__u32), items2, fp);
+ if (items != items2) {
+ printf("security: avtab: truncated entry\n");
+ goto bad;
+ }
+ items = 0;
+ avkey.source_type = le32_to_cpu(buf[items++]);
+ avkey.target_type = le32_to_cpu(buf[items++]);
+ avkey.target_class = le32_to_cpu(buf[items++]);
+ avdatum.specified = le32_to_cpu(buf[items++]);
+ if (!(avdatum.specified & (AVTAB_AV | AVTAB_TYPE))) {
+ printf("security: avtab: null entry\n");
+ goto bad;
+ }
+ if ((avdatum.specified & AVTAB_AV) &&
+ (avdatum.specified & AVTAB_TYPE)) {
+ printf("security: avtab: entry has both access vectors and types\n");
+ goto bad;
+ }
+ if (avdatum.specified & AVTAB_AV) {
+ if (avdatum.specified & AVTAB_ALLOWED)
+ avtab_allowed(&avdatum) = le32_to_cpu(buf[items++]);
+ if (avdatum.specified & AVTAB_AUDITDENY)
+ avtab_auditdeny(&avdatum) = le32_to_cpu(buf[items++]);
+ if (avdatum.specified & AVTAB_AUDITALLOW)
+ avtab_auditallow(&avdatum) = le32_to_cpu(buf[items++]);
+ } else {
+ if (avdatum.specified & AVTAB_TRANSITION)
+ avtab_transition(&avdatum) = le32_to_cpu(buf[items++]);
+ if (avdatum.specified & AVTAB_CHANGE)
+ avtab_change(&avdatum) = le32_to_cpu(buf[items++]);
+ if (avdatum.specified & AVTAB_MEMBER)
+ avtab_member(&avdatum) = le32_to_cpu(buf[items++]);
+ }
+ if (items != items2) {
+ printf("security: avtab: entry only had %d items, expected %d\n", items2, items);
+ goto bad;
+ }
+ rc = avtab_insert(a, &avkey, &avdatum);
+ if (rc) {
+ if (rc == -ENOMEM)
+ printf("security: avtab: out of memory\n");
+ if (rc == -EEXIST)
+ printf("security: avtab: duplicate entry\n");
+ goto bad;
+ }
+ }
+
+ return 0;
+
+ bad:
+ avtab_destroy(a);
+ return -1;
+}
+
+
+#ifndef __KERNEL__
+int avtab_write(avtab_t * a, FILE * fp)
+{
+ int i;
+ avtab_ptr_t cur;
+ __u32 buf[32];
+ __u32 nel;
+ size_t items, items2;
+
+ nel = cpu_to_le32(a->nel);
+ items = fwrite(&nel, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+
+ for (i = 0; i < AVTAB_SIZE; i++) {
+ for (cur = a->htable[i]; cur; cur = cur->next) {
+ items = 1; /* item 0 is used for the item count */
+ buf[items++] = cpu_to_le32(cur->key.source_type);
+ buf[items++] = cpu_to_le32(cur->key.target_type);
+ buf[items++] = cpu_to_le32(cur->key.target_class);
+ buf[items++] = cpu_to_le32(cur->datum.specified);
+ if (!(cur->datum.specified & (AVTAB_AV | AVTAB_TYPE))) {
+ printf("security: avtab: null entry\n");
+ return -1;
+ }
+ if ((cur->datum.specified & AVTAB_AV) &&
+ (cur->datum.specified & AVTAB_TYPE)) {
+ printf("security: avtab: entry has both access vectors and types\n");
+ return -1;
+ }
+ if (cur->datum.specified & AVTAB_AV) {
+ if (cur->datum.specified & AVTAB_ALLOWED)
+ buf[items++] = cpu_to_le32(avtab_allowed(&cur->datum));
+ if (cur->datum.specified & AVTAB_AUDITDENY)
+ buf[items++] = cpu_to_le32(avtab_auditdeny(&cur->datum));
+ if (cur->datum.specified & AVTAB_AUDITALLOW)
+ buf[items++] = cpu_to_le32(avtab_auditallow(&cur->datum));
+ } else {
+ if (cur->datum.specified & AVTAB_TRANSITION)
+ buf[items++] = cpu_to_le32(avtab_transition(&cur->datum));
+ if (cur->datum.specified & AVTAB_CHANGE)
+ buf[items++] = cpu_to_le32(avtab_change(&cur->datum));
+ if (cur->datum.specified & AVTAB_MEMBER)
+ buf[items++] = cpu_to_le32(avtab_member(&cur->datum));
+ }
+ buf[0] = cpu_to_le32(items - 1);
+
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+ }
+ }
+
+ return 0;
+}
+#endif
+
diff --minimal -Nru a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/avtab.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,80 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * An access vector table (avtab) is a hash table
+ * of access vectors and transition types indexed
+ * by a type pair and a class. An access vector
+ * table is used to represent the type enforcement
+ * tables.
+ */
+
+#ifndef _AVTAB_H_
+#define _AVTAB_H_
+
+typedef struct avtab_key {
+ __u32 source_type; /* source type */
+ __u32 target_type; /* target type */
+ __u32 target_class; /* target object class */
+} avtab_key_t;
+
+typedef struct avtab_datum {
+#define AVTAB_ALLOWED 1
+#define AVTAB_AUDITALLOW 2
+#define AVTAB_AUDITDENY 4
+#define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
+#define AVTAB_TRANSITION 16
+#define AVTAB_MEMBER 32
+#define AVTAB_CHANGE 64
+#define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
+ __u32 specified; /* what fields are specified */
+ __u32 data[3]; /* access vectors or types */
+#define avtab_allowed(x) (x)->data[0]
+#define avtab_auditdeny(x) (x)->data[1]
+#define avtab_auditallow(x) (x)->data[2]
+#define avtab_transition(x) (x)->data[0]
+#define avtab_change(x) (x)->data[1]
+#define avtab_member(x) (x)->data[2]
+} avtab_datum_t;
+
+typedef struct avtab_node *avtab_ptr_t;
+
+struct avtab_node {
+ avtab_key_t key;
+ avtab_datum_t datum;
+ avtab_ptr_t next;
+};
+
+typedef struct avtab {
+ avtab_ptr_t *htable;
+ __u32 nel; /* number of elements */
+} avtab_t;
+
+int avtab_init(avtab_t *);
+
+int avtab_insert(avtab_t * h, avtab_key_t * k, avtab_datum_t * d);
+
+avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * k, int specified);
+
+void avtab_destroy(avtab_t * h);
+
+int avtab_map(avtab_t * h,
+ int (*apply) (avtab_key_t * k,
+ avtab_datum_t * d,
+ void *args),
+ void *args);
+
+void avtab_hash_eval(avtab_t * h, char *tag);
+
+int avtab_read(avtab_t * a, FILE * fp, __u32 config);
+
+#ifndef __KERNEL__
+int avtab_write(avtab_t * a, FILE * fp);
+#endif
+
+#endif /* _AVTAB_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/constraint.h b/security/selinux/ss/constraint.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/constraint.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,63 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A constraint is a condition that must be satisfied in
+ * order for one or more permissions to be granted.
+ * Constraints are used to impose additional restrictions
+ * beyond the type-based rules in `te' or the role-based
+ * transition rules in `rbac'. Constraints are typically
+ * used to prevent a process from transitioning to a new user
+ * identity or role unless it is in a privileged type.
+ * Constraints are likewise typically used to prevent a
+ * process from labeling an object with a different user
+ * identity.
+ */
+
+#ifndef _CONSTRAINT_H_
+#define _CONSTRAINT_H_
+
+#include "ebitmap.h"
+
+typedef struct constraint_expr {
+#define CEXPR_NOT 1 /* not expr */
+#define CEXPR_AND 2 /* expr and expr */
+#define CEXPR_OR 3 /* expr or expr */
+#define CEXPR_ATTR 4 /* attr op attr */
+#define CEXPR_NAMES 5 /* attr op names */
+ __u32 expr_type; /* expression type */
+
+#define CEXPR_USER 1 /* user */
+#define CEXPR_ROLE 2 /* role */
+#define CEXPR_TYPE 4 /* type */
+#define CEXPR_TARGET 8 /* target if set, source otherwise */
+ __u32 attr; /* attribute */
+
+#define CEXPR_EQ 1 /* == or eq */
+#define CEXPR_NEQ 2 /* != */
+#define CEXPR_DOM 3 /* dom */
+#define CEXPR_DOMBY 4 /* domby */
+#define CEXPR_INCOMP 5 /* incomp */
+ __u32 op; /* operator */
+
+ ebitmap_t names; /* names */
+
+ struct constraint_expr *left;
+ struct constraint_expr *right;
+
+ __u32 count; /* reference count */
+} constraint_expr_t;
+
+
+typedef struct constraint_node {
+ access_vector_t permissions; /* constrained permissions */
+ constraint_expr_t *expr; /* constraint on permissions */
+ struct constraint_node *next; /* next constraint */
+} constraint_node_t;
+
+#endif /* _CONSTRAINT_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/context.h b/security/selinux/ss/context.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/context.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,113 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A security context is a set of security attributes
+ * associated with each subject and object controlled
+ * by the security policy. Security contexts are
+ * externally represented as variable-length strings
+ * that can be interpreted by a user or application
+ * with an understanding of the security policy.
+ * Internally, the security server uses a simple
+ * structure. This structure is private to the
+ * security server and can be changed without affecting
+ * clients of the security server.
+ */
+
+#ifndef _CONTEXT_H_
+#define _CONTEXT_H_
+
+#include "ebitmap.h"
+
+#include "mls_types.h"
+
+/*
+ * A security context consists of an authenticated user
+ * identity, a role, a type and a MLS range.
+ */
+typedef struct context_struct {
+ __u32 user;
+ __u32 role;
+ __u32 type;
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+ mls_range_t range;
+#endif
+} context_struct_t;
+
+
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+
+#define mls_context_init(c) memset(c, 0, sizeof(mls_range_t))
+
+static inline int mls_context_cpy(context_struct_t * dst,
+ context_struct_t * src)
+{
+ (dst)->range.level[0].sens = (src)->range.level[0].sens;
+ if (!ebitmap_cpy(&(dst)->range.level[0].cat, &(src)->range.level[0].cat))
+ return -ENOMEM;
+ (dst)->range.level[1].sens = (src)->range.level[1].sens;
+ if (!ebitmap_cpy(&(dst)->range.level[1].cat, &(src)->range.level[1].cat)) {
+ ebitmap_destroy(&(dst)->range.level[0].cat);
+ return -ENOMEM;
+ }
+ return 0;
+}
+
+#define mls_context_cmp(c1,c2) \
+(((c1)->range.level[0].sens == (c2)->range.level[0].sens) && \
+ ebitmap_cmp(&(c1)->range.level[0].cat,&(c2)->range.level[0].cat) && \
+ ((c1)->range.level[1].sens == (c2)->range.level[1].sens) && \
+ ebitmap_cmp(&(c1)->range.level[1].cat,&(c2)->range.level[1].cat))
+
+#define mls_context_destroy(c) \
+do { \
+ ebitmap_destroy(&(c)->range.level[0].cat); \
+ ebitmap_destroy(&(c)->range.level[1].cat); \
+ memset(c, 0, sizeof(mls_range_t)); \
+} while (0)
+
+#else
+
+#define mls_context_init(c)
+#define mls_context_cpy(dst,src) 0
+#define mls_context_destroy(c)
+#define mls_context_cmp(c1,c2) 1
+
+#endif
+
+
+#define context_init(c) memset(c, 0, sizeof(context_struct_t))
+
+static inline int context_cpy(context_struct_t * dst,
+ context_struct_t * src)
+{
+ (dst)->user = (src)->user;
+ (dst)->role = (src)->role;
+ (dst)->type = (src)->type;
+ return mls_context_cpy(dst, src);
+}
+
+
+#define context_destroy(c) \
+do { \
+ (c)->user = 0; \
+ (c)->role = 0; \
+ (c)->type = 0; \
+ mls_context_destroy(c); \
+} while (0)
+
+static inline int context_cmp(context_struct_t * c1,
+ context_struct_t * c2)
+{
+ return (((c1)->user == (c2)->user) &&
+ ((c1)->role == (c2)->role) &&
+ ((c1)->type == (c2)->type) &&
+ mls_context_cmp(c1, c2));
+}
+
+#endif /* _CONTEXT_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/ebitmap.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,375 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the extensible bitmap type.
+ */
+
+#include "ebitmap.h"
+
+int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2)
+{
+ ebitmap_node_t *n1, *n2, *new, *prev;
+
+
+ ebitmap_init(dst);
+
+ n1 = e1->node;
+ n2 = e2->node;
+ prev = 0;
+ while (n1 || n2) {
+ new = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+ if (!new) {
+ ebitmap_destroy(dst);
+ return FALSE;
+ }
+ memset(new, 0, sizeof(ebitmap_node_t));
+ if (n1 && n2 && n1->startbit == n2->startbit) {
+ new->startbit = n1->startbit;
+ new->map = n1->map | n2->map;
+ n1 = n1->next;
+ n2 = n2->next;
+ } else if (!n2 || (n1 && n1->startbit < n2->startbit)) {
+ new->startbit = n1->startbit;
+ new->map = n1->map;
+ n1 = n1->next;
+ } else {
+ new->startbit = n2->startbit;
+ new->map = n2->map;
+ n2 = n2->next;
+ }
+
+ new->next = 0;
+ if (prev)
+ prev->next = new;
+ else
+ dst->node = new;
+ prev = new;
+ }
+
+ dst->highbit = (e1->highbit > e2->highbit) ? e1->highbit : e2->highbit;
+ return TRUE;
+}
+
+
+int ebitmap_cmp(ebitmap_t * e1, ebitmap_t * e2)
+{
+ ebitmap_node_t *n1, *n2;
+
+
+ if (e1->highbit != e2->highbit)
+ return FALSE;
+
+ n1 = e1->node;
+ n2 = e2->node;
+ while (n1 && n2 &&
+ (n1->startbit == n2->startbit) &&
+ (n1->map == n2->map)) {
+ n1 = n1->next;
+ n2 = n2->next;
+ }
+
+ if (n1 || n2)
+ return FALSE;
+
+ return TRUE;
+}
+
+
+int ebitmap_cpy(ebitmap_t * dst, ebitmap_t * src)
+{
+ ebitmap_node_t *n, *new, *prev;
+
+
+ ebitmap_init(dst);
+ n = src->node;
+ prev = 0;
+ while (n) {
+ new = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+ if (!new) {
+ ebitmap_destroy(dst);
+ return FALSE;
+ }
+ memset(new, 0, sizeof(ebitmap_node_t));
+ new->startbit = n->startbit;
+ new->map = n->map;
+ new->next = 0;
+ if (prev)
+ prev->next = new;
+ else
+ dst->node = new;
+ prev = new;
+ n = n->next;
+ }
+
+ dst->highbit = src->highbit;
+ return TRUE;
+}
+
+
+int ebitmap_contains(ebitmap_t * e1, ebitmap_t * e2)
+{
+ ebitmap_node_t *n1, *n2;
+
+
+ if (e1->highbit < e2->highbit)
+ return FALSE;
+
+ n1 = e1->node;
+ n2 = e2->node;
+ while (n1 && n2 && (n1->startbit <= n2->startbit)) {
+ if (n1->startbit < n2->startbit) {
+ n1 = n1->next;
+ continue;
+ }
+ if ((n1->map & n2->map) != n2->map)
+ return FALSE;
+
+ n1 = n1->next;
+ n2 = n2->next;
+ }
+
+ if (n2)
+ return FALSE;
+
+ return TRUE;
+}
+
+
+int ebitmap_get_bit(ebitmap_t * e, unsigned long bit)
+{
+ ebitmap_node_t *n;
+
+
+ if (e->highbit < bit)
+ return FALSE;
+
+ n = e->node;
+ while (n && (n->startbit <= bit)) {
+ if ((n->startbit + MAPSIZE) > bit) {
+ if (n->map & (MAPBIT << (bit - n->startbit)))
+ return TRUE;
+ else
+ return FALSE;
+ }
+ n = n->next;
+ }
+
+ return FALSE;
+}
+
+
+int ebitmap_set_bit(ebitmap_t * e, unsigned long bit, int value)
+{
+ ebitmap_node_t *n, *prev, *new;
+
+
+ prev = 0;
+ n = e->node;
+ while (n && n->startbit <= bit) {
+ if ((n->startbit + MAPSIZE) > bit) {
+ if (value) {
+ n->map |= (MAPBIT << (bit - n->startbit));
+ } else {
+ n->map &= ~(MAPBIT << (bit - n->startbit));
+ if (!n->map) {
+ /* drop this node from the bitmap */
+
+ if (!n->next) {
+ /*
+ * this was the highest map
+ * within the bitmap
+ */
+ if (prev)
+ e->highbit = prev->startbit + MAPSIZE;
+ else
+ e->highbit = 0;
+ }
+ if (prev)
+ prev->next = n->next;
+ else
+ e->node = n->next;
+
+ free(n);
+ }
+ }
+ return TRUE;
+ }
+ prev = n;
+ n = n->next;
+ }
+
+ if (!value)
+ return TRUE;
+
+ new = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+ if (!new)
+ return FALSE;
+ memset(new, 0, sizeof(ebitmap_node_t));
+
+ new->startbit = bit & ~(MAPSIZE - 1);
+ new->map = (MAPBIT << (bit - new->startbit));
+
+ if (!n)
+ /* this node will be the highest map within the bitmap */
+ e->highbit = new->startbit + MAPSIZE;
+
+ if (prev) {
+ new->next = prev->next;
+ prev->next = new;
+ } else {
+ new->next = e->node;
+ e->node = new;
+ }
+
+ return TRUE;
+}
+
+
+void ebitmap_destroy(ebitmap_t * e)
+{
+ ebitmap_node_t *n, *temp;
+
+
+ if (!e)
+ return;
+
+ n = e->node;
+ while (n) {
+ temp = n;
+ n = n->next;
+ free(temp);
+ }
+
+ e->highbit = 0;
+ e->node = 0;
+ return;
+}
+
+
+int ebitmap_read(ebitmap_t * e, FILE * fp)
+{
+ ebitmap_node_t *n, *l;
+ __u32 buf[32], mapsize, count, i;
+ __u64 map;
+ size_t items;
+
+
+ ebitmap_init(e);
+
+ items = fread(buf, sizeof(__u32), 3, fp);
+ if (items != 3)
+ return FALSE;
+ mapsize = le32_to_cpu(buf[0]);
+ e->highbit = le32_to_cpu(buf[1]);
+ count = le32_to_cpu(buf[2]);
+
+ if (mapsize != MAPSIZE) {
+ printf("security: ebitmap: map size %d does not match my size %d (high bit was %d)\n", mapsize, MAPSIZE, e->highbit);
+ return FALSE;
+ }
+ if (!e->highbit) {
+ e->node = NULL;
+ return TRUE;
+ }
+ if (e->highbit & (MAPSIZE - 1)) {
+ printf("security: ebitmap: high bit (%d) is not a multiple of the map size (%d)\n", e->highbit, MAPSIZE);
+ goto bad;
+ }
+ l = NULL;
+ for (i = 0; i < count; i++) {
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1) {
+ printf("security: ebitmap: truncated map\n");
+ goto bad;
+ }
+ n = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+ if (!n) {
+ printf("security: ebitmap: out of memory\n");
+ goto bad;
+ }
+ memset(n, 0, sizeof(ebitmap_node_t));
+
+ n->startbit = le32_to_cpu(buf[0]);
+
+ if (n->startbit & (MAPSIZE - 1)) {
+ printf("security: ebitmap start bit (%d) is not a multiple of the map size (%d)\n", n->startbit, MAPSIZE);
+ goto bad_free;
+ }
+ if (n->startbit > (e->highbit - MAPSIZE)) {
+ printf("security: ebitmap start bit (%d) is beyond the end of the bitmap (%d)\n", n->startbit, (e->highbit - MAPSIZE));
+ goto bad_free;
+ }
+ items = fread(&map, sizeof(__u64), 1, fp);
+ if (items != 1) {
+ printf("security: ebitmap: truncated map\n");
+ goto bad_free;
+ }
+ n->map = le64_to_cpu(map);
+
+ if (!n->map) {
+ printf("security: ebitmap: null map in ebitmap (startbit %d)\n", n->startbit);
+ goto bad_free;
+ }
+ if (l) {
+ if (n->startbit <= l->startbit) {
+ printf("security: ebitmap: start bit %d comes after start bit %d\n", n->startbit, l->startbit);
+ goto bad_free;
+ }
+ l->next = n;
+ } else
+ e->node = n;
+
+ l = n;
+ }
+
+ return TRUE;
+
+ bad_free:
+ free(n);
+ bad:
+ ebitmap_destroy(e);
+ return FALSE;
+}
+
+
+#ifndef __KERNEL__
+int ebitmap_write(ebitmap_t * e, FILE * fp)
+{
+ ebitmap_node_t *n;
+ __u32 buf[32], bit, count;
+ __u64 map;
+ size_t items;
+
+ buf[0] = cpu_to_le32(MAPSIZE);
+ buf[1] = cpu_to_le32(e->highbit);
+
+ count = 0;
+ for (n = e->node; n; n = n->next)
+ count++;
+ buf[2] = cpu_to_le32(count);
+
+ items = fwrite(buf, sizeof(__u32), 3, fp);
+ if (items != 3)
+ return FALSE;
+
+ for (n = e->node; n; n = n->next) {
+ bit = cpu_to_le32(n->startbit);
+ items = fwrite(&bit, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return FALSE;
+ map = cpu_to_le64(n->map);
+ items = fwrite(&map, sizeof(__u64), 1, fp);
+ if (items != 1)
+ return FALSE;
+
+ }
+
+ return TRUE;
+}
+#endif
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/ebitmap.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,67 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * An extensible bitmap is a bitmap that supports an
+ * arbitrary number of bits. Extensible bitmaps are
+ * used to represent sets of values, such as types,
+ * roles, categories, and classes.
+ *
+ * Each extensible bitmap is implemented as a linked
+ * list of bitmap nodes, where each bitmap node has
+ * an explicitly specified starting bit position within
+ * the total bitmap.
+ */
+
+#ifndef _EBITMAP_H_
+#define _EBITMAP_H_
+
+#define MAPTYPE __u64 /* portion of bitmap in each node */
+#define MAPSIZE (sizeof(MAPTYPE) * 8) /* number of bits in node bitmap */
+#define MAPBIT 1ULL /* a bit in the node bitmap */
+
+typedef struct ebitmap_node {
+ __u32 startbit; /* starting position in the total bitmap */
+ MAPTYPE map; /* this node's portion of the bitmap */
+ struct ebitmap_node *next;
+} ebitmap_node_t;
+
+typedef struct ebitmap {
+ ebitmap_node_t *node; /* first node in the bitmap */
+ __u32 highbit; /* highest position in the total bitmap */
+} ebitmap_t;
+
+
+#define ebitmap_length(e) ((e)->highbit)
+#define ebitmap_startbit(e) ((e)->node ? (e)->node->startbit : 0)
+
+#define ebitmap_init(e) memset(e, 0, sizeof(ebitmap_t))
+
+/*
+ * All of the non-void functions return TRUE or FALSE.
+ * Contrary to typical usage, nonzero (TRUE) is returned
+ * on success and zero (FALSE) is returned on failure.
+ * These functions should be changed to use more conventional
+ * return codes. TBD.
+ */
+#define FALSE 0
+#define TRUE 1
+
+int ebitmap_cmp(ebitmap_t * e1, ebitmap_t * e2);
+int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2);
+int ebitmap_cpy(ebitmap_t * dst, ebitmap_t * src);
+int ebitmap_contains(ebitmap_t * e1, ebitmap_t * e2);
+int ebitmap_get_bit(ebitmap_t * e, unsigned long bit);
+int ebitmap_set_bit(ebitmap_t * e, unsigned long bit, int value);
+void ebitmap_destroy(ebitmap_t * e);
+int ebitmap_read(ebitmap_t * e, FILE * fp);
+#ifndef __KERNEL__
+int ebitmap_write(ebitmap_t * e, FILE * fp);
+#endif
+
+#endif /* _EBITMAP_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/global.h b/security/selinux/ss/global.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/global.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,148 @@
+
+/*
+ * Author: Stephen Smalley (NAI Labs), <ssmalley@nai.com>
+ */
+
+/* FLASK */
+
+/*
+ * Global definitions that are included at the beginning
+ * of every file using the -include directive.
+ *
+ * These definitions are used to permit the same
+ * source code to be used to build both the security
+ * server component of the kernel and the checkpolicy
+ * program.
+ */
+
+#ifndef __SS_GLOBAL_H
+#define __SS_GLOBAL_H
+/*
+ * This variable is set to one when the security server
+ * has completed initialization.
+ */
+extern int ss_initialized;
+
+#ifndef __KERNEL__
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <byteswap.h>
+#include <endian.h>
+#include <linux/config.h>
+#include <linux/flask/flask.h>
+#include <linux/flask/security.h>
+#include <linux/flask/avc_ss.h>
+#include <linux/flask/av_permissions.h>
+
+#define NIPQUAD(addr) \
+ ((unsigned char *)&addr)[0], \
+ ((unsigned char *)&addr)[1], \
+ ((unsigned char *)&addr)[2], \
+ ((unsigned char *)&addr)[3]
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#define cpu_to_le32(x) (x)
+#define le32_to_cpu(x) (x)
+#define cpu_to_le64(x) (x)
+#define le64_to_cpu(x) (x)
+#else
+#define cpu_to_le32(x) bswap_32(x)
+#define le32_to_cpu(x) bswap_32(x)
+#define cpu_to_le64(x) bswap_64(x)
+#define le64_to_cpu(x) bswap_64(x)
+#endif
+
+#define wmb()
+
+#else
+
+#include <linux/kernel.h> /* printk */
+#include <linux/slab.h> /* kmalloc, kfree */
+#include <linux/fs.h> /* read, write, open */
+#include <linux/file.h>
+#include <linux/string.h> /* strcpy, strncpy, strcmp */
+#include <linux/in.h> /* IPPROTO_* */
+#include <linux/ctype.h>
+#include <linux/flask/flask.h>
+#include <linux/flask/avc.h>
+#include <linux/flask/avc_ss.h>
+#include <linux/flask/security.h>
+#include <asm/system.h>
+#include <linux/spinlock.h>
+#include <asm/uaccess.h>
+#include "selinux_plug.h"
+
+#define malloc(size) kmalloc(size, SAFE_ALLOC)
+#define free(ptr) kfree(ptr)
+
+typedef struct file FILE;
+
+static inline FILE *fopen(char *path, char *type)
+{
+ struct nameidata nd;
+ struct file *file;
+ int err = 0;
+
+ if (strcmp(type, "r"))
+ panic("fopen");
+
+ if (path_init(path, LOOKUP_FOLLOW | LOOKUP_POSITIVE, &nd))
+ err = path_walk(path, &nd);
+ if (err)
+ return NULL;
+
+ if (!ss_initialized)
+ inode_security_set_sid(nd.dentry->d_inode,SECINITSID_POLICY);
+
+ if (!S_ISREG(nd.dentry->d_inode->i_mode))
+ goto bad;
+
+ file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
+ if (IS_ERR(file))
+ return NULL;
+ else
+ return file;
+
+bad:
+ path_release(&nd);
+ return NULL;
+}
+
+
+static inline int fclose(FILE * stream)
+{
+ fput(stream);
+ return 0;
+}
+
+
+static inline ssize_t fread(void *buf, size_t size, size_t nitems, FILE * fp)
+{
+ mm_segment_t old_fs;
+ ssize_t rc;
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ rc = (fp)->f_op->read((fp), (buf), (nitems * size), &(fp)->f_pos);
+ set_fs(old_fs);
+ if (rc > 0)
+ return (rc / size);
+ return 0;
+}
+
+#define printf printk
+
+#define exit(error_code) panic("SS: exiting (%d)",error_code)
+
+#endif
+
+#endif /* __SS_GLOBAL_H */
diff --minimal -Nru a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/hashtab.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,310 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the hash table type.
+ */
+
+#include "hashtab.h"
+
+hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
+ hashtab_key_t key),
+ int (*keycmp) (hashtab_t h,
+ hashtab_key_t key1,
+ hashtab_key_t key2),
+ unsigned int size)
+{
+ hashtab_t p;
+ int i;
+
+
+ p = (hashtab_t) malloc(sizeof(hashtab_val_t));
+ if (p == NULL)
+ return p;
+
+ memset(p, 0, sizeof(hashtab_val_t));
+ p->size = size;
+ p->nel = 0;
+ p->hash_value = hash_value;
+ p->keycmp = keycmp;
+ p->htable = (hashtab_ptr_t *) malloc(sizeof(hashtab_ptr_t) * size);
+ if (p->htable == NULL) {
+ free(p);
+ return NULL;
+ }
+ for (i = 0; i < size; i++)
+ p->htable[i] = (hashtab_ptr_t) NULL;
+
+ return p;
+}
+
+
+int hashtab_insert(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum)
+{
+ int hvalue;
+ hashtab_ptr_t prev, cur, newnode;
+
+
+ if (!h)
+ return HASHTAB_OVERFLOW;
+
+ hvalue = h->hash_value(h, key);
+ prev = NULL;
+ cur = h->htable[hvalue];
+ while (cur && h->keycmp(h, key, cur->key) > 0) {
+ prev = cur;
+ cur = cur->next;
+ }
+
+ if (cur && (h->keycmp(h, key, cur->key) == 0))
+ return HASHTAB_PRESENT;
+
+ newnode = (hashtab_ptr_t) malloc(sizeof(hashtab_node_t));
+ if (newnode == NULL)
+ return HASHTAB_OVERFLOW;
+ memset(newnode, 0, sizeof(struct hashtab_node));
+ newnode->key = key;
+ newnode->datum = datum;
+ if (prev) {
+ newnode->next = prev->next;
+ prev->next = newnode;
+ } else {
+ newnode->next = h->htable[hvalue];
+ h->htable[hvalue] = newnode;
+ }
+
+ h->nel++;
+ return HASHTAB_SUCCESS;
+}
+
+
+int hashtab_remove(hashtab_t h, hashtab_key_t key,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void *args)
+{
+ int hvalue;
+ hashtab_ptr_t cur, last;
+
+
+ if (!h)
+ return HASHTAB_MISSING;
+
+ hvalue = h->hash_value(h, key);
+ last = NULL;
+ cur = h->htable[hvalue];
+ while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
+ last = cur;
+ cur = cur->next;
+ }
+
+ if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
+ return HASHTAB_MISSING;
+
+ if (last == NULL)
+ h->htable[hvalue] = cur->next;
+ else
+ last->next = cur->next;
+
+ if (destroy)
+ destroy(cur->key, cur->datum, args);
+ free(cur);
+ h->nel--;
+ return HASHTAB_SUCCESS;
+}
+
+
+int hashtab_replace(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void *args)
+{
+ int hvalue;
+ hashtab_ptr_t prev, cur, newnode;
+
+
+ if (!h)
+ return HASHTAB_OVERFLOW;
+
+ hvalue = h->hash_value(h, key);
+ prev = NULL;
+ cur = h->htable[hvalue];
+ while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
+ prev = cur;
+ cur = cur->next;
+ }
+
+ if (cur && (h->keycmp(h, key, cur->key) == 0)) {
+ if (destroy)
+ destroy(cur->key, cur->datum, args);
+ cur->key = key;
+ cur->datum = datum;
+ } else {
+ newnode = (hashtab_ptr_t) malloc(sizeof(hashtab_node_t));
+ if (newnode == NULL)
+ return HASHTAB_OVERFLOW;
+ memset(newnode, 0, sizeof(struct hashtab_node));
+ newnode->key = key;
+ newnode->datum = datum;
+ if (prev) {
+ newnode->next = prev->next;
+ prev->next = newnode;
+ } else {
+ newnode->next = h->htable[hvalue];
+ h->htable[hvalue] = newnode;
+ }
+ }
+
+ return HASHTAB_SUCCESS;
+}
+
+
+hashtab_datum_t
+hashtab_search(hashtab_t h, hashtab_key_t key)
+{
+ int hvalue;
+ hashtab_ptr_t cur;
+
+
+ if (!h)
+ return NULL;
+
+ hvalue = h->hash_value(h, key);
+ cur = h->htable[hvalue];
+ while (cur != NULL && h->keycmp(h, key, cur->key) > 0)
+ cur = cur->next;
+
+ if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
+ return NULL;
+
+ return cur->datum;
+}
+
+
+void hashtab_destroy(hashtab_t h)
+{
+ int i;
+ hashtab_ptr_t cur, temp;
+
+
+ if (!h)
+ return;
+
+ for (i = 0; i < h->size; i++) {
+ cur = h->htable[i];
+ while (cur != NULL) {
+ temp = cur;
+ cur = cur->next;
+ free(temp);
+ }
+ h->htable[i] = NULL;
+ }
+
+ free(h->htable);
+ h->htable = NULL;
+
+ free(h);
+}
+
+
+int hashtab_map(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void *args)
+{
+ int i, ret;
+ hashtab_ptr_t cur;
+
+
+ if (!h)
+ return HASHTAB_SUCCESS;
+
+ for (i = 0; i < h->size; i++) {
+ cur = h->htable[i];
+ while (cur != NULL) {
+ ret = apply(cur->key, cur->datum, args);
+ if (ret)
+ return ret;
+ cur = cur->next;
+ }
+ }
+ return HASHTAB_SUCCESS;
+}
+
+
+void hashtab_map_remove_on_error(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void *args)
+{
+ int i, ret;
+ hashtab_ptr_t last, cur, temp;
+
+
+ if (!h)
+ return;
+
+ for (i = 0; i < h->size; i++) {
+ last = NULL;
+ cur = h->htable[i];
+ while (cur != NULL) {
+ ret = apply(cur->key, cur->datum, args);
+ if (ret) {
+ if (last) {
+ last->next = cur->next;
+ } else {
+ h->htable[i] = cur->next;
+ }
+
+ temp = cur;
+ cur = cur->next;
+ if (destroy)
+ destroy(temp->key, temp->datum, args);
+ free(temp);
+ h->nel--;
+ } else {
+ last = cur;
+ cur = cur->next;
+ }
+ }
+ }
+
+ return;
+}
+
+void hashtab_hash_eval(hashtab_t h, char *tag)
+{
+ int i, chain_len, slots_used, max_chain_len;
+ hashtab_ptr_t cur;
+
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < h->size; i++) {
+ cur = h->htable[i];
+ if (cur) {
+ slots_used++;
+ chain_len = 0;
+ while (cur) {
+ chain_len++;
+ cur = cur->next;
+ }
+
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ printf("%s: %d entries and %d/%d buckets used, longest chain length %d\n",
+ tag, h->nel, slots_used, h->size, max_chain_len);
+}
+
diff --minimal -Nru a/security/selinux/ss/hashtab.h b/security/selinux/ss/hashtab.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/hashtab.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,144 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A hash table (hashtab) maintains associations between
+ * key values and datum values. The type of the key values
+ * and the type of the datum values is arbitrary. The
+ * functions for hash computation and key comparison are
+ * provided by the creator of the table.
+ */
+
+#ifndef _HASHTAB_H_
+#define _HASHTAB_H_
+
+typedef char *hashtab_key_t; /* generic key type */
+typedef void *hashtab_datum_t; /* generic datum type */
+
+typedef struct hashtab_node *hashtab_ptr_t;
+
+typedef struct hashtab_node {
+ hashtab_key_t key;
+ hashtab_datum_t datum;
+ hashtab_ptr_t next;
+} hashtab_node_t;
+
+typedef struct hashtab_val {
+ hashtab_ptr_t *htable; /* hash table */
+ unsigned int size; /* number of slots in hash table */
+ __u32 nel; /* number of elements in hash table */
+ unsigned int (*hash_value) (struct hashtab_val *h, hashtab_key_t key); /* hash function */
+ int (*keycmp) (struct hashtab_val *h, hashtab_key_t key1, hashtab_key_t key2); /* key comparison function */
+} hashtab_val_t;
+
+
+typedef hashtab_val_t *hashtab_t;
+
+/* Define status codes for hash table functions */
+#define HASHTAB_SUCCESS 0
+#define HASHTAB_OVERFLOW -ENOMEM
+#define HASHTAB_PRESENT -EEXIST
+#define HASHTAB_MISSING -ENOENT
+
+/*
+ Creates a new hash table with the specified characteristics.
+
+ Returns NULL if insufficent space is available or
+ the new hash table otherwise.
+ */
+hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
+ hashtab_key_t key),
+ int (*keycmp) (hashtab_t h,
+ hashtab_key_t key1,
+ hashtab_key_t key2),
+ unsigned int size);
+
+/*
+ Inserts the specified (key, datum) pair into the specified hash table.
+
+ Returns HASHTAB_OVERFLOW if insufficient space is available or
+ HASHTAB_PRESENT if there is already an entry with the same key or
+ HASHTAB_SUCCESS otherwise.
+ */
+int hashtab_insert(hashtab_t h, hashtab_key_t k, hashtab_datum_t d);
+
+/*
+ Removes the entry with the specified key from the hash table.
+ Applies the specified destroy function to (key,datum,args) for
+ the entry.
+
+ Returns HASHTAB_MISSING if no entry has the specified key or
+ HASHTAB_SUCCESS otherwise.
+ */
+int hashtab_remove(hashtab_t h, hashtab_key_t k,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void *args);
+
+/*
+ Insert or replace the specified (key, datum) pair in the specified
+ hash table. If an entry for the specified key already exists,
+ then the specified destroy function is applied to (key,datum,args)
+ for the entry prior to replacing the entry's contents.
+
+ Returns HASHTAB_OVERFLOW if insufficient space is available or
+ HASHTAB_SUCCESS otherwise.
+ */
+int hashtab_replace(hashtab_t h, hashtab_key_t k, hashtab_datum_t d,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void *args);
+
+/*
+ Searches for the entry with the specified key in the hash table.
+
+ Returns NULL if no entry has the specified key or
+ the datum of the entry otherwise.
+ */
+hashtab_datum_t hashtab_search(hashtab_t h, hashtab_key_t k);
+
+/*
+ Destroys the specified hash table.
+ */
+void hashtab_destroy(hashtab_t h);
+
+/*
+ Applies the specified apply function to (key,datum,args)
+ for each entry in the specified hash table.
+
+ The order in which the function is applied to the entries
+ is dependent upon the internal structure of the hash table.
+
+ If apply returns a non-zero status, then hashtab_map will cease
+ iterating through the hash table and will propagate the error
+ return to its caller.
+ */
+int hashtab_map(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void *args);
+
+/*
+ Same as hashtab_map, except that if apply returns a non-zero status,
+ then the (key,datum) pair will be removed from the hashtab and the
+ destroy function will be applied to (key,datum,args).
+ */
+void hashtab_map_remove_on_error(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void *args);
+
+void hashtab_hash_eval(hashtab_t h, char *tag);
+
+
+#endif
+
diff --minimal -Nru a/security/selinux/ss/init.c b/security/selinux/ss/init.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/init.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,43 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Initialize the security server by reading the policy
+ * database and initializing the SID table.
+ */
+
+#include "policydb.h"
+#include "services.h"
+
+char *policyfile = "/ss_policy";
+
+int security_init(void)
+{
+ FILE *fp;
+ int rc;
+
+ printf("security: starting up (compiled " __DATE__ ")\n");
+ printf("security: loading policy configuration from %s\n", policyfile);
+
+ fp = fopen(policyfile, "r");
+ if (!fp) {
+ printf("security: unable to open %s, cannot initialize.\n", policyfile);
+ return -EINVAL;
+ }
+
+ rc = security_load_policy(fp);
+ if (rc) {
+ printf("security: error while loading %s, cannot initialize.\n", policyfile);
+ fclose(fp);
+ return -EINVAL;
+ }
+
+ fclose(fp);
+
+ return 0;
+}
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/mls.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,871 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the multi-level security (MLS) policy.
+ */
+
+#include "mls.h"
+
+/*
+ * Remove any permissions from `allowed' that are
+ * denied by the MLS policy.
+ */
+void mls_compute_av(context_struct_t * scontext,
+ context_struct_t * tcontext,
+ class_datum_t * tclass,
+ access_vector_t * allowed)
+{
+ unsigned int rel[2];
+ int l;
+
+ for (l = 0; l < 2; l++)
+ rel[l] = mls_level_relation(scontext->range.level[l],
+ tcontext->range.level[l]);
+
+ if (rel[1] != MLS_RELATION_EQ) {
+ if (rel[1] != MLS_RELATION_DOM)
+ /* read(s,t) = (s.high >= t.high) = False */
+ *allowed = (*allowed) & ~(tclass->mlsperms.read);
+ if (rel[1] != MLS_RELATION_DOMBY)
+ /* readby(s,t) = read(t,s) = False */
+ *allowed = (*allowed) & ~(tclass->mlsperms.readby);
+ }
+ if ((rel[0] != MLS_RELATION_DOMBY && rel[0] != MLS_RELATION_EQ) ||
+ ((!mls_level_eq(tcontext->range.level[0],
+ tcontext->range.level[1])) &&
+ (rel[1] != MLS_RELATION_DOM && rel[1] != MLS_RELATION_EQ)))
+ /*
+ * write(s,t) = ((s.low <= t.low = t.high) or (s.low
+ * <= t.low <= t.high <= s.high)) = False
+ */
+ *allowed = (*allowed) & ~(tclass->mlsperms.write);
+
+ if ((rel[0] != MLS_RELATION_DOM && rel[0] != MLS_RELATION_EQ) ||
+ ((!mls_level_eq(scontext->range.level[0],
+ scontext->range.level[1])) &&
+ (rel[1] != MLS_RELATION_DOMBY && rel[1] != MLS_RELATION_EQ)))
+ /* writeby(s,t) = write(t,s) = False */
+ *allowed = (*allowed) & ~(tclass->mlsperms.writeby);
+
+}
+
+
+/*
+ * Return the length in bytes for the MLS fields of the
+ * security context string representation of `context'.
+ */
+int mls_compute_context_len(context_struct_t * context)
+{
+ int i, l, len;
+
+
+ len = 0;
+ for (l = 0; l < 2; l++) {
+ len += strlen(policydb.p_sens_val_to_name[context->range.level[l].sens - 1]) + 1;
+
+ for (i = 1; i <= ebitmap_length(&context->range.level[l].cat); i++)
+ if (ebitmap_get_bit(&context->range.level[l].cat, i - 1))
+ len += strlen(policydb.p_cat_val_to_name[i - 1]) + 1;
+
+ if (mls_level_relation(context->range.level[0], context->range.level[1]) == MLS_RELATION_EQ)
+ break;
+ }
+
+ return len;
+}
+
+
+/*
+ * Write the security context string representation of
+ * the MLS fields of `context' into the string `*scontext'.
+ * Update `*scontext' to point to the end of the MLS fields.
+ */
+int mls_sid_to_context(context_struct_t * context,
+ char **scontext)
+{
+ char *scontextp;
+ int i, l;
+
+
+ scontextp = *scontext;
+
+ for (l = 0; l < 2; l++) {
+ strcpy(scontextp,
+ policydb.p_sens_val_to_name[context->range.level[l].sens - 1]);
+ scontextp += strlen(policydb.p_sens_val_to_name[context->range.level[l].sens - 1]);
+ *scontextp = ':';
+ scontextp++;
+ for (i = 1; i <= ebitmap_length(&context->range.level[l].cat); i++)
+ if (ebitmap_get_bit(&context->range.level[l].cat, i - 1)) {
+ strcpy(scontextp, policydb.p_cat_val_to_name[i - 1]);
+ scontextp += strlen(policydb.p_cat_val_to_name[i - 1]);
+ *scontextp = ',';
+ scontextp++;
+ }
+ if (mls_level_relation(context->range.level[0], context->range.level[1]) != MLS_RELATION_EQ) {
+ scontextp--;
+ sprintf(scontextp, "-");
+ scontextp++;
+
+ } else {
+ break;
+ }
+ }
+
+ *scontext = scontextp;
+ return 0;
+}
+
+
+/*
+ * Return TRUE if the MLS fields in the security context
+ * structure `c' are valid. Return FALSE otherwise.
+ */
+int mls_context_isvalid(policydb_t *p, context_struct_t * c)
+{
+ unsigned int relation;
+ level_datum_t *levdatum;
+ user_datum_t *usrdatum;
+ mls_range_list_t *rnode;
+ int i, l;
+
+ /*
+ * MLS range validity checks: high must dominate low, low level must
+ * be valid (category set <-> sensitivity check), and high level must
+ * be valid (category set <-> sensitivity check)
+ */
+ relation = mls_level_relation(c->range.level[1],
+ c->range.level[0]);
+ if (!(relation & (MLS_RELATION_DOM | MLS_RELATION_EQ)))
+ /* High does not dominate low. */
+ return FALSE;
+
+ for (l = 0; l < 2; l++) {
+ if (!c->range.level[l].sens || c->range.level[l].sens > p->p_levels.nprim)
+ return FALSE;
+ levdatum = (level_datum_t *) hashtab_search(p->p_levels.table,
+ p->p_sens_val_to_name[c->range.level[l].sens - 1]);
+ if (!levdatum)
+ return FALSE;
+
+ for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) {
+ if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) {
+ if (i > p->p_cats.nprim)
+ return FALSE;
+ if (!ebitmap_get_bit(&levdatum->level->cat, i - 1))
+ /*
+ * Category may not be associated with
+ * sensitivity in low level.
+ */
+ return FALSE;
+ }
+ }
+ }
+
+ if (c->role == OBJECT_R_VAL)
+ return TRUE;
+
+ /*
+ * User must be authorized for the MLS range.
+ */
+ if (!c->user || c->user > p->p_users.nprim)
+ return FALSE;
+ usrdatum = p->user_val_to_struct[c->user - 1];
+ for (rnode = usrdatum->ranges; rnode; rnode = rnode->next) {
+ if (mls_range_contains(rnode->range, c->range))
+ break;
+ }
+ if (!rnode)
+ /* user may not be associated with range */
+ return FALSE;
+
+ return TRUE;
+}
+
+
+/*
+ * Set the MLS fields in the security context structure
+ * `context' based on the string representation in
+ * the string `*scontext'. Update `*scontext' to
+ * point to the end of the string representation of
+ * the MLS fields.
+ *
+ * This function modifies the string in place, inserting
+ * NULL characters to terminate the MLS fields.
+ */
+int mls_context_to_sid(char oldc,
+ char **scontext,
+ context_struct_t * context)
+{
+
+ char delim;
+ char *scontextp, *p;
+ level_datum_t *levdatum;
+ cat_datum_t *catdatum;
+ int l;
+
+ if (!oldc) {
+ /* No MLS component to the security context. Try
+ to use a default 'unclassified' value. */
+ levdatum = (level_datum_t *) hashtab_search(policydb.p_levels.table,
+ (hashtab_key_t) "unclassified");
+
+ if (!levdatum)
+ return -EINVAL;
+ context->range.level[0].sens = levdatum->level->sens;
+ context->range.level[1].sens = context->range.level[0].sens;
+ return 0;
+ }
+
+ /* Extract low sensitivity. */
+ scontextp = p = *scontext;
+ while (*p && *p != ':' && *p != '-')
+ p++;
+
+ delim = *p;
+ if (delim != 0)
+ *p++ = 0;
+
+ for (l = 0; l < 2; l++) {
+ levdatum = (level_datum_t *) hashtab_search(policydb.p_levels.table,
+ (hashtab_key_t) scontextp);
+
+ if (!levdatum)
+ return -EINVAL;
+
+ context->range.level[l].sens = levdatum->level->sens;
+
+ if (delim == ':') {
+ /* Extract low category set. */
+ while (1) {
+ scontextp = p;
+ while (*p && *p != ',' && *p != '-')
+ p++;
+ delim = *p;
+ if (delim != 0)
+ *p++ = 0;
+
+ catdatum = (cat_datum_t *) hashtab_search(policydb.p_cats.table,
+ (hashtab_key_t) scontextp);
+
+ if (!catdatum)
+ return -EINVAL;
+
+ if (!ebitmap_set_bit(&context->range.level[l].cat,
+ catdatum->value - 1, TRUE))
+ return -ENOMEM;
+ if (delim != ',')
+ break;
+ }
+ }
+ if (delim == '-') {
+ /* Extract high sensitivity. */
+ scontextp = p;
+ while (*p && *p != ':')
+ p++;
+
+ delim = *p;
+ if (delim != 0)
+ *p++ = 0;
+ } else
+ break;
+ }
+
+ if (l == 0) {
+ context->range.level[1].sens = context->range.level[0].sens;
+ ebitmap_cpy(&context->range.level[1].cat, &context->range.level[0].cat);
+ }
+ *scontext = p;
+ return 0;
+}
+
+
+/*
+ * Copies the MLS range from `src' into `dst'.
+ */
+static inline int mls_copy_context(context_struct_t * dst,
+ context_struct_t * src)
+{
+ int l;
+
+ /* Copy the MLS range from the source context */
+ for (l = 0; l < 2; l++) {
+ dst->range.level[l].sens = src->range.level[l].sens;
+ if (!ebitmap_cpy(&dst->range.level[l].cat, &src->range.level[l].cat))
+ return -ENOMEM;
+ }
+
+ return 0;
+}
+
+
+/*
+ * Convert the MLS fields in the security context
+ * structure `c' from the values specified in the
+ * policy `oldp' to the values specified in the policy `newp'.
+ */
+int mls_convert_context(policydb_t * oldp,
+ policydb_t * newp,
+ context_struct_t * c)
+{
+ level_datum_t *levdatum;
+ cat_datum_t *catdatum;
+ ebitmap_t bitmap;
+ int l, i;
+
+ for (l = 0; l < 2; l++) {
+ levdatum = (level_datum_t *) hashtab_search(
+ newp->p_levels.table,
+ oldp->p_sens_val_to_name[c->range.level[l].sens - 1]);
+
+ if (!levdatum)
+ return -EINVAL;
+ c->range.level[l].sens = levdatum->level->sens;
+
+ ebitmap_init(&bitmap);
+ for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) {
+ if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) {
+ catdatum = (cat_datum_t *) hashtab_search(newp->p_cats.table,
+ oldp->p_cat_val_to_name[i - 1]);
+ if (!catdatum)
+ return -EINVAL;
+ if (!ebitmap_set_bit(&bitmap, catdatum->value - 1, TRUE))
+ return -ENOMEM;
+ }
+ }
+ ebitmap_destroy(&c->range.level[l].cat);
+ c->range.level[l].cat = bitmap;
+ }
+
+ return 0;
+}
+
+int mls_compute_sid(context_struct_t *scontext,
+ context_struct_t *tcontext,
+ security_class_t tclass,
+ __u32 specified,
+ context_struct_t *newcontext)
+{
+ switch (specified) {
+ case AVTAB_TRANSITION:
+ case AVTAB_CHANGE:
+ /* Use the process MLS attributes. */
+ return mls_copy_context(newcontext, scontext);
+ case AVTAB_MEMBER:
+ /* Only polyinstantiate the MLS attributes if
+ the type is being polyinstantiated */
+ if (newcontext->type != tcontext->type) {
+ /* Use the process MLS attributes. */
+ return mls_copy_context(newcontext, scontext);
+ } else {
+ /* Use the related object MLS attributes. */
+ return mls_copy_context(newcontext, tcontext);
+ }
+ default:
+ return -EINVAL;
+ }
+ return -EINVAL;
+}
+
+void mls_user_destroy(user_datum_t *usrdatum)
+{
+ mls_range_list_t *rnode, *rtmp;
+ rnode = usrdatum->ranges;
+ while (rnode) {
+ rtmp = rnode;
+ rnode = rnode->next;
+ ebitmap_destroy(&rtmp->range.level[0].cat);
+ ebitmap_destroy(&rtmp->range.level[1].cat);
+ free(rtmp);
+ }
+}
+
+int mls_read_perm(perm_datum_t *perdatum, FILE *fp)
+{
+ __u32 buf[3];
+ int items;
+
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ perdatum->base_perms = le32_to_cpu(buf[0]);
+ return 0;
+}
+
+/*
+ * Read a MLS level structure from a policydb binary
+ * representation file.
+ */
+mls_level_t *mls_read_level(FILE * fp)
+{
+ mls_level_t *l;
+ __u32 sens;
+ int items;
+
+ l = malloc(sizeof(mls_level_t));
+ if (!l) {
+ printf("security: mls: out of memory\n");
+ return NULL;
+ }
+ memset(l, 0, sizeof(mls_level_t));
+
+ items = fread(&sens, sizeof(__u32), 1, fp);
+ if (items != 1) {
+ printf("security: mls: truncated level\n");
+ goto bad;
+ }
+ l->sens = cpu_to_le32(sens);
+
+ if (!ebitmap_read(&l->cat, fp)) {
+ printf("security: mls: error reading level categories\n");
+ goto bad;
+ }
+ return l;
+
+ bad:
+ free(l);
+ return NULL;
+}
+
+
+/*
+ * Read a MLS range structure from a policydb binary
+ * representation file.
+ */
+
+static int mls_read_range_helper(mls_range_t *r,
+ FILE * fp)
+{
+ __u32 buf[3];
+ int items, items2;
+
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+
+ items2 = le32_to_cpu(buf[0]);
+ if (items2 > (sizeof(buf) / sizeof(__u32))) {
+ printf("security: mls: range too large\n");
+ return -1;
+ }
+ items = fread(buf, sizeof(__u32), items2, fp);
+ if (items != items2) {
+ printf("security: mls: truncated range\n");
+ return -1;
+ }
+ r->level[0].sens = le32_to_cpu(buf[0]);
+ if (items > 1) {
+ r->level[1].sens = le32_to_cpu(buf[1]);
+ } else {
+ r->level[1].sens = r->level[0].sens;
+ }
+
+ if (!ebitmap_read(&r->level[0].cat, fp)) {
+ printf("security: mls: error reading low categories\n");
+ return -1;
+ }
+ if (items > 1) {
+ if (!ebitmap_read(&r->level[1].cat, fp)) {
+ printf("security: mls: error reading high categories\n");
+ goto bad_high;
+ }
+ } else {
+ if (!ebitmap_cpy(&r->level[1].cat, &r->level[0].cat)) {
+ printf("security: mls: out of memory\n");
+ goto bad_high;
+ }
+ }
+
+ return 0;
+
+ bad_high:
+ ebitmap_destroy(&r->level[0].cat);
+ return -1;
+}
+
+int mls_read_range(context_struct_t * c,
+ FILE * fp)
+{
+ return mls_read_range_helper(&c->range, fp);
+}
+
+
+/*
+ * Read a MLS perms structure from a policydb binary
+ * representation file.
+ */
+int mls_read_class(class_datum_t *cladatum,
+ FILE * fp)
+{
+ mls_perms_t * p = &cladatum->mlsperms;
+ __u32 buf[32];
+ int items;
+
+ items = fread(buf, sizeof(__u32), 4, fp);
+ if (items != 4) {
+ printf("security: mls: truncated mls permissions\n");
+ return -1;
+ }
+ p->read = le32_to_cpu(buf[0]);
+ p->readby = le32_to_cpu(buf[1]);
+ p->write = le32_to_cpu(buf[2]);
+ p->writeby = le32_to_cpu(buf[3]);
+ return 0;
+}
+
+int mls_read_user(user_datum_t *usrdatum, FILE *fp)
+{
+ mls_range_list_t *r, *l;
+ __u32 nel, i;
+ __u32 buf[32];
+ int items;
+
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ goto bad;
+ nel = le32_to_cpu(buf[0]);
+ l = NULL;
+ for (i = 0; i < nel; i++) {
+ r = malloc(sizeof(mls_range_list_t));
+ if (!r)
+ goto bad;
+ memset(r, 0, sizeof(mls_range_list_t));
+
+ if (mls_read_range_helper(&r->range, fp))
+ goto bad;
+
+ if (l)
+ l->next = r;
+ else
+ usrdatum->ranges = r;
+ l = r;
+ }
+ return 0;
+ bad:
+ return -1;
+}
+
+int mls_read_nlevels(policydb_t *p, FILE *fp)
+{
+ __u32 buf[2];
+ int items;
+
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1) {
+ return -1;
+ }
+ p->nlevels = le32_to_cpu(buf[0]);
+ return 0;
+}
+
+int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ level_datum_t *levdatum;
+
+
+ levdatum = (level_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+ if (!levdatum->isalias)
+ p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *) key;
+
+ return 0;
+}
+
+int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ cat_datum_t *catdatum;
+
+
+ catdatum = (cat_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+
+ if (!catdatum->isalias)
+ p->p_cat_val_to_name[catdatum->value - 1] = (char *) key;
+
+ return 0;
+}
+
+int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ level_datum_t *levdatum;
+
+ if (key)
+ free(key);
+ levdatum = (level_datum_t *) datum;
+ if (!levdatum->isalias) {
+ ebitmap_destroy(&levdatum->level->cat);
+ free(levdatum->level);
+ }
+ free(datum);
+ return 0;
+}
+
+int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ if (key)
+ free(key);
+ free(datum);
+ return 0;
+}
+
+int sens_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+ char *key = 0;
+ level_datum_t *levdatum;
+ __u32 buf[32], len;
+ int items;
+
+ levdatum = malloc(sizeof(level_datum_t));
+ if (!levdatum)
+ return -1;
+ memset(levdatum, 0, sizeof(level_datum_t));
+
+ items = fread(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ levdatum->isalias = le32_to_cpu(buf[1]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ items = fread(key, 1, len, fp);
+ if (items != len)
+ goto bad;
+ key[len] = 0;
+
+ levdatum->level = mls_read_level(fp);
+ if (!levdatum->level)
+ goto bad;
+
+ if (hashtab_insert(h, key, levdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ sens_destroy(key, levdatum, NULL);
+ return -1;
+}
+
+
+int cat_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+ char *key = 0;
+ cat_datum_t *catdatum;
+ __u32 buf[32], len;
+ int items;
+
+ catdatum = malloc(sizeof(cat_datum_t));
+ if (!catdatum)
+ return -1;
+ memset(catdatum, 0, sizeof(cat_datum_t));
+
+ items = fread(buf, sizeof(__u32), 3, fp);
+ if (items != 3)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ catdatum->value = le32_to_cpu(buf[1]);
+ catdatum->isalias = le32_to_cpu(buf[2]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ items = fread(key, 1, len, fp);
+ if (items != len)
+ goto bad;
+ key[len] = 0;
+
+ if (hashtab_insert(h, key, catdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ cat_destroy(key, catdatum, NULL);
+ return -1;
+}
+
+#ifndef __KERNEL__
+/*
+ * Write a MLS level structure to a policydb binary
+ * representation file.
+ */
+int mls_write_level(mls_level_t * l,
+ FILE * fp)
+{
+ __u32 sens;
+ int items;
+
+ sens = cpu_to_le32(l->sens);
+ items = fwrite(&sens, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+
+ if (!ebitmap_write(&l->cat, fp))
+ return -1;
+
+ return 0;
+}
+
+
+/*
+ * Write a MLS range structure to a policydb binary
+ * representation file.
+ */
+static int mls_write_range_helper(mls_range_t * r,
+ FILE * fp)
+{
+ __u32 buf[3];
+ int items, items2;
+ int rel;
+
+ rel = mls_level_relation(r->level[1], r->level[0]);
+
+ items = 1; /* item 0 is used for the item count */
+ buf[items++] = cpu_to_le32(r->level[0].sens);
+ if (rel != MLS_RELATION_EQ)
+ buf[items++] = cpu_to_le32(r->level[1].sens);
+ buf[0] = cpu_to_le32(items - 1);
+
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items2 != items)
+ return -1;
+
+ if (!ebitmap_write(&r->level[0].cat, fp))
+ return -1;
+ if (rel != MLS_RELATION_EQ)
+ if (!ebitmap_write(&r->level[1].cat, fp))
+ return -1;
+
+ return 0;
+}
+
+int mls_write_range(context_struct_t * c,
+ FILE * fp)
+{
+ return mls_write_range_helper(&c->range, fp);
+}
+
+
+/*
+ * Write a MLS perms structure to a policydb binary
+ * representation file.
+ */
+int mls_write_class(class_datum_t * cladatum,
+ FILE * fp)
+{
+ mls_perms_t *p = &cladatum->mlsperms;
+ __u32 buf[32];
+ int items, items2;
+
+ items = 0;
+ buf[items++] = cpu_to_le32(p->read);
+ buf[items++] = cpu_to_le32(p->readby);
+ buf[items++] = cpu_to_le32(p->write);
+ buf[items++] = cpu_to_le32(p->writeby);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items2 != items)
+ return -1;
+
+ return 0;
+}
+
+int mls_write_user(user_datum_t *usrdatum, FILE *fp)
+{
+ mls_range_list_t *r;
+ __u32 nel;
+ __u32 buf[32];
+ int items;
+
+ nel = 0;
+ for (r = usrdatum->ranges; r; r = r->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = fwrite(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ for (r = usrdatum->ranges; r; r = r->next) {
+ if (mls_write_range_helper(&r->range, fp))
+ return -1;
+ }
+ return 0;
+}
+
+int mls_write_nlevels(policydb_t *p, FILE *fp)
+{
+ __u32 buf[32];
+ size_t items;
+
+ buf[0] = cpu_to_le32(p->nlevels);
+ items = fwrite(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ return 0;
+}
+
+int sens_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ level_datum_t *levdatum;
+ __u32 buf[32], len;
+ int items, items2;
+ FILE *fp = p;
+
+ levdatum = (level_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(levdatum->isalias);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+
+ items = fwrite(key, 1, len, fp);
+ if (items != len)
+ return -1;
+
+ if (mls_write_level(levdatum->level, fp))
+ return -1;
+
+ return 0;
+}
+
+int cat_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ cat_datum_t *catdatum;
+ __u32 buf[32], len;
+ int items, items2;
+ FILE *fp = p;
+
+
+ catdatum = (cat_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(catdatum->value);
+ buf[items++] = cpu_to_le32(catdatum->isalias);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+
+ items = fwrite(key, 1, len, fp);
+ if (items != len)
+ return -1;
+
+ return 0;
+}
+#endif
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/mls.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,137 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Multi-level security (MLS) policy operations.
+ */
+
+#ifndef _MLS_H_
+#define _MLS_H_
+
+#include "context.h"
+#include "policydb.h"
+#include "services.h"
+
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+
+void mls_compute_av(context_struct_t * scontext,
+ context_struct_t * tcontext,
+ class_datum_t * tclass,
+ access_vector_t * allowed);
+
+int mls_compute_context_len(context_struct_t * context);
+
+int mls_sid_to_context(context_struct_t * context,
+ char **scontext);
+
+int mls_context_isvalid(policydb_t *p, context_struct_t * c);
+
+int mls_context_to_sid(char oldc,
+ char **scontext,
+ context_struct_t * context);
+
+int mls_convert_context(policydb_t * oldp,
+ policydb_t * newp,
+ context_struct_t * context);
+
+int mls_compute_sid(context_struct_t *scontext,
+ context_struct_t *tcontext,
+ security_class_t tclass,
+ __u32 specified,
+ context_struct_t *newcontext);
+
+int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap);
+int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap);
+int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
+int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
+int sens_read(policydb_t * p, hashtab_t h, FILE * fp);
+int cat_read(policydb_t * p, hashtab_t h, FILE * fp);
+
+#define mls_for_user_ranges(user, usercon) { \
+mls_range_list_t *ranges; \
+for (ranges = user->ranges; ranges; ranges = ranges->next) { \
+usercon.range = ranges->range;
+
+#define mls_end_user_ranges } }
+
+#define mls_symtab_names , "levels", "categories"
+#define mls_symtab_sizes , 16, 16
+#define mls_index_f ,sens_index, cat_index
+#define mls_destroy_f ,sens_destroy, cat_destroy
+#define mls_read_f ,sens_read, cat_read
+#define mls_write_f ,sens_write, cat_write
+#define mls_policydb_index_others(p) printf(", %d levels", p->nlevels);
+
+#define mls_set_config(config) config |= POLICYDB_CONFIG_MLS
+
+void mls_user_destroy(user_datum_t *usrdatum);
+int mls_read_range(context_struct_t *c, FILE * fp);
+int mls_read_perm(perm_datum_t *perdatum, FILE *fp);
+int mls_read_class(class_datum_t *cladatum, FILE * fp);
+int mls_read_user(user_datum_t *usrdatum, FILE *fp);
+int mls_read_nlevels(policydb_t *p, FILE *fp);
+
+#else
+
+#define mls_compute_av(scontext, tcontext, tclass_datum, allowed)
+#define mls_compute_context_len(context) 0
+#define mls_sid_to_context(context, scontextpp)
+#define mls_context_isvalid(p, c) 1
+#define mls_context_to_sid(oldc, context_str, context) 0
+#define mls_convert_context(oldp, newp, c) 0
+#define mls_compute_sid(scontext, tcontext, tclass, specified, newcontextp) 0
+#define mls_for_user_ranges(user, usercon)
+#define mls_end_user_ranges
+#define mls_symtab_names
+#define mls_symtab_sizes
+#define mls_index_f
+#define mls_destroy_f
+#define mls_read_f
+#define mls_write_f
+#define mls_policydb_index_others(p)
+#define mls_set_config(config)
+#define mls_user_destroy(usrdatum)
+#define mls_read_range(c, fp) 0
+#define mls_read_perm(p, fp) 0
+#define mls_read_class(c, fp) 0
+#define mls_read_user(u, fp) 0
+#define mls_read_nlevels(p, fp) 0
+
+#endif
+
+#ifndef __KERNEL__
+
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+
+int mls_write_range(context_struct_t * c,
+ FILE * fp);
+
+int mls_write_class(class_datum_t * cladatum,
+ FILE * fp);
+
+#define mls_write_perm(buf, items, perdatum) \
+ buf[items++] = cpu_to_le32(perdatum->base_perms);
+
+int mls_write_user(user_datum_t *usrdatum, FILE *fp);
+
+int mls_write_nlevels(policydb_t *p, FILE *fp);
+
+int sens_write(hashtab_key_t key, hashtab_datum_t datum, void *p);
+int cat_write(hashtab_key_t key, hashtab_datum_t datum, void *p);
+
+#else
+
+#define mls_write_range(c, fp) 0
+#define mls_write_class(c, fp) 0
+#define mls_write_perm(buf, items, perdatum)
+#define mls_write_user(u, fp) 0
+#define mls_write_nlevels(p, fp) 0
+
+#endif
+
+#endif
+
+#endif
+
diff --minimal -Nru a/security/selinux/ss/mls_types.h b/security/selinux/ss/mls_types.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/mls_types.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,65 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Type definitions for the multi-level security (MLS) policy.
+ */
+
+#ifndef _MLS_TYPES_H_
+#define _MLS_TYPES_H_
+
+typedef struct mls_level {
+ __u32 sens; /* sensitivity */
+ ebitmap_t cat; /* category set */
+} mls_level_t;
+
+typedef struct mls_range {
+ mls_level_t level[2]; /* low == level[0], high == level[1] */
+} mls_range_t;
+
+typedef struct mls_range_list {
+ mls_range_t range;
+ struct mls_range_list *next;
+} mls_range_list_t;
+
+#define MLS_RELATION_DOM 1 /* source dominates */
+#define MLS_RELATION_DOMBY 2 /* target dominates */
+#define MLS_RELATION_EQ 4 /* source and target are equivalent */
+#define MLS_RELATION_INCOMP 8 /* source and target are incomparable */
+
+#define mls_level_eq(l1,l2) \
+(((l1).sens == (l2).sens) && ebitmap_cmp(&(l1).cat,&(l2).cat))
+
+#define mls_level_relation(l1,l2) ( \
+(((l1).sens == (l2).sens) && ebitmap_cmp(&(l1).cat,&(l2).cat)) ? \
+ MLS_RELATION_EQ : \
+(((l1).sens >= (l2).sens) && ebitmap_contains(&(l1).cat, &(l2).cat)) ? \
+ MLS_RELATION_DOM : \
+(((l2).sens >= (l1).sens) && ebitmap_contains(&(l2).cat, &(l1).cat)) ? \
+ MLS_RELATION_DOMBY : \
+ MLS_RELATION_INCOMP )
+
+#define mls_range_contains(r1,r2) \
+((mls_level_relation((r1).level[0], (r2).level[0]) & \
+ (MLS_RELATION_EQ | MLS_RELATION_DOMBY)) && \
+ (mls_level_relation((r1).level[1], (r2).level[1]) & \
+ (MLS_RELATION_EQ | MLS_RELATION_DOM)))
+
+/*
+ * Every access vector permission is mapped to a set of MLS base
+ * permissions, based on the flow properties of the corresponding
+ * operation.
+ */
+typedef struct mls_perms {
+ access_vector_t read; /* permissions that map to `read' */
+ access_vector_t readby; /* permissions that map to `readby' */
+ access_vector_t write; /* permissions that map to `write' */
+ access_vector_t writeby; /* permissions that map to `writeby' */
+} mls_perms_t;
+
+#endif
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/policydb.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1581 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the policy database.
+ */
+
+#include "policydb.h"
+#include "services.h"
+#include "mls.h"
+
+#if 0
+static char *symtab_name[SYM_NUM] = {
+ "common prefixes",
+ "classes",
+ "roles",
+ "types",
+ "users"
+ mls_symtab_names
+};
+#endif
+
+static unsigned int symtab_sizes[SYM_NUM] = {
+ 2,
+ 32,
+ 16,
+ 512,
+ 128
+ mls_symtab_sizes
+};
+
+
+/*
+ * Initialize the role table.
+ */
+int roles_init(policydb_t *p)
+{
+ char *key = 0;
+ role_datum_t *role;
+
+ role = malloc(sizeof(role_datum_t));
+ if (!role)
+ return -1;
+ memset(role, 0, sizeof(role_datum_t));
+ role->value = ++p->p_roles.nprim;
+ if (role->value != OBJECT_R_VAL)
+ return -1;
+ key = malloc(strlen(OBJECT_R)+1);
+ if (!key)
+ return -1;
+ strcpy(key, OBJECT_R);
+
+ if (hashtab_insert(p->p_roles.table, key, role))
+ return -1;
+
+ return 0;
+}
+
+
+/*
+ * Initialize a policy database structure.
+ */
+int policydb_init(policydb_t * p)
+{
+ int i;
+
+ memset(p, 0, sizeof(policydb_t));
+
+ for (i = 0; i < SYM_NUM; i++) {
+ if (symtab_init(&p->symtab[i], symtab_sizes[i]))
+ return -1;
+ }
+
+ if (avtab_init(&p->te_avtab))
+ return -1;
+
+ if (roles_init(p))
+ return -1;
+
+ return 0;
+}
+
+
+/*
+ * The following *_index functions are used to
+ * define the val_to_name and val_to_struct arrays
+ * in a policy database structure. The val_to_name
+ * arrays are used when converting security context
+ * structures into string representations. The
+ * val_to_struct arrays are used when the attributes
+ * of a class, role, or user are needed.
+ */
+
+static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ common_datum_t *comdatum;
+
+
+ comdatum = (common_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+ p->p_common_val_to_name[comdatum->value - 1] = (char *) key;
+
+ return 0;
+}
+
+
+static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ class_datum_t *cladatum;
+
+
+ cladatum = (class_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+ p->p_class_val_to_name[cladatum->value - 1] = (char *) key;
+ p->class_val_to_struct[cladatum->value - 1] = cladatum;
+
+ return 0;
+}
+
+
+static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ role_datum_t *role;
+
+
+ role = (role_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+ p->p_role_val_to_name[role->value - 1] = (char *) key;
+ p->role_val_to_struct[role->value - 1] = role;
+
+ return 0;
+}
+
+
+static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ type_datum_t *typdatum;
+
+
+ typdatum = (type_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+ if (typdatum->primary)
+ p->p_type_val_to_name[typdatum->value - 1] = (char *) key;
+
+ return 0;
+}
+
+static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ user_datum_t *usrdatum;
+
+
+ usrdatum = (user_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+ p->p_user_val_to_name[usrdatum->value - 1] = (char *) key;
+ p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
+
+ return 0;
+}
+
+static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, void *datap) =
+{
+ common_index,
+ class_index,
+ role_index,
+ type_index,
+ user_index
+ mls_index_f
+};
+
+
+/*
+ * Define the common val_to_name array and the class
+ * val_to_name and val_to_struct arrays in a policy
+ * database structure.
+ */
+int policydb_index_classes(policydb_t * p)
+{
+ p->p_common_val_to_name = (char **)
+ malloc(p->p_commons.nprim * sizeof(char *));
+ if (!p->p_common_val_to_name)
+ return -1;
+
+ if (hashtab_map(p->p_commons.table, common_index, p))
+ return -1;
+
+ p->class_val_to_struct = (class_datum_t **)
+ malloc(p->p_classes.nprim * sizeof(class_datum_t *));
+ if (!p->class_val_to_struct)
+ return -1;
+
+ p->p_class_val_to_name = (char **)
+ malloc(p->p_classes.nprim * sizeof(char *));
+ if (!p->p_class_val_to_name)
+ return -1;
+
+ if (hashtab_map(p->p_classes.table, class_index, p))
+ return -1;
+ return 0;
+}
+
+
+/*
+ * Define the other val_to_name and val_to_struct arrays
+ * in a policy database structure.
+ */
+int policydb_index_others(policydb_t * p)
+{
+ int i;
+
+
+ printf("security: %d users, %d roles, %d types",
+ p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim);
+ mls_policydb_index_others(p);
+ printf("\n");
+
+ printf("security: %d classes, %d rules\n",
+ p->p_classes.nprim, p->te_avtab.nel);
+
+#if 0
+ avtab_hash_eval(&p->te_avtab, "rules");
+ for (i = 0; i < SYM_NUM; i++)
+ hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
+#endif
+
+ p->role_val_to_struct = (role_datum_t **)
+ malloc(p->p_roles.nprim * sizeof(role_datum_t *));
+ if (!p->role_val_to_struct)
+ return -1;
+
+ p->user_val_to_struct = (user_datum_t **)
+ malloc(p->p_users.nprim * sizeof(user_datum_t *));
+ if (!p->user_val_to_struct)
+ return -1;
+
+ for (i = SYM_ROLES; i < SYM_NUM; i++) {
+ p->sym_val_to_name[i] = (char **)
+ malloc(p->symtab[i].nprim * sizeof(char *));
+ if (!p->sym_val_to_name[i])
+ return -1;
+ if (hashtab_map(p->symtab[i].table, index_f[i], p))
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/*
+ * The following *_destroy functions are used to
+ * free any memory allocated for each kind of
+ * symbol data in the policy database.
+ */
+
+static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ if (key)
+ free(key);
+ free(datum);
+ return 0;
+}
+
+
+static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ common_datum_t *comdatum;
+
+ if (key)
+ free(key);
+ comdatum = (common_datum_t *) datum;
+ hashtab_map(comdatum->permissions.table, perm_destroy, 0);
+ hashtab_destroy(comdatum->permissions.table);
+ free(datum);
+ return 0;
+}
+
+
+int constraint_expr_destroy(constraint_expr_t * expr)
+{
+ expr->count--;
+ if (expr->count == 0) {
+ ebitmap_destroy(&expr->names);
+ if (expr->left)
+ constraint_expr_destroy(expr->left);
+ if (expr->right)
+ constraint_expr_destroy(expr->right);
+ free(expr);
+ }
+ return 0;
+}
+
+
+static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ class_datum_t *cladatum;
+ constraint_node_t *constraint, *ctemp;
+
+ if (key)
+ free(key);
+ cladatum = (class_datum_t *) datum;
+ hashtab_map(cladatum->permissions.table, perm_destroy, 0);
+ hashtab_destroy(cladatum->permissions.table);
+ constraint = cladatum->constraints;
+ while (constraint) {
+ constraint_expr_destroy(constraint->expr);
+ ctemp = constraint;
+ constraint = constraint->next;
+ free(ctemp);
+ }
+ if (cladatum->comkey)
+ free(cladatum->comkey);
+ free(datum);
+ return 0;
+}
+
+static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ role_datum_t *role;
+
+ if (key)
+ free(key);
+ role = (role_datum_t *) datum;
+ ebitmap_destroy(&role->dominates);
+ ebitmap_destroy(&role->types);
+ free(datum);
+ return 0;
+}
+
+static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ if (key)
+ free(key);
+ free(datum);
+ return 0;
+}
+
+static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ user_datum_t *usrdatum;
+
+ if (key)
+ free(key);
+ usrdatum = (user_datum_t *) datum;
+ ebitmap_destroy(&usrdatum->roles);
+ mls_user_destroy(usrdatum);
+ free(datum);
+ return 0;
+}
+
+
+static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, void *datap) =
+{
+ common_destroy,
+ class_destroy,
+ role_destroy,
+ type_destroy,
+ user_destroy
+ mls_destroy_f
+};
+
+
+/*
+ * Free any memory allocated by a policy database structure.
+ */
+void policydb_destroy(policydb_t * p)
+{
+ ocontext_t *c, *ctmp;
+ int i;
+
+ for (i = 0; i < SYM_NUM; i++) {
+ hashtab_map(p->symtab[i].table, destroy_f[i], 0);
+ hashtab_destroy(p->symtab[i].table);
+ }
+
+ for (i = 0; i < SYM_NUM; i++) {
+ if (p->sym_val_to_name[i])
+ free(p->sym_val_to_name[i]);
+ }
+
+ if (p->class_val_to_struct)
+ free(p->class_val_to_struct);
+ if (p->role_val_to_struct)
+ free(p->role_val_to_struct);
+ if (p->user_val_to_struct)
+ free(p->user_val_to_struct);
+
+ avtab_destroy(&p->te_avtab);
+
+ for (i = 0; i < OCON_NUM; i++) {
+ c = p->ocontexts[i];
+ while (c) {
+ ctmp = c;
+ c = c->next;
+ context_destroy(&ctmp->context[0]);
+ context_destroy(&ctmp->context[1]);
+ if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF || i == OCON_DEVFS)
+ free(ctmp->u.name);
+ free(ctmp);
+ }
+ }
+
+ return;
+}
+
+
+/*
+ * Load the initial SIDs specified in a policy database
+ * structure into a SID table.
+ */
+int policydb_load_isids(policydb_t *p, sidtab_t *s)
+{
+ ocontext_t *head, *c;
+
+ if (sidtab_init(s)) {
+ printf("security: out of memory on SID table init\n");
+ return -1;
+ }
+
+ head = p->ocontexts[OCON_ISID];
+ for (c = head; c; c = c->next) {
+ if (!c->context[0].user) {
+ printf("security: SID %s was never defined.\n",
+ c->u.name);
+ return -1;
+ }
+ if (sidtab_insert(s, c->sid[0], &c->context[0])) {
+ printf("security: unable to load initial SID %s.\n",
+ c->u.name);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
+/*
+ * Return TRUE if the fields in the security context
+ * structure `c' are valid. Return FALSE otherwise.
+ */
+int policydb_context_isvalid(policydb_t *p, context_struct_t *c)
+{
+ role_datum_t *role;
+ user_datum_t *usrdatum;
+
+
+ /*
+ * Role must be authorized for the type.
+ */
+ if (!c->role || c->role > p->p_roles.nprim)
+ return FALSE;
+
+ if (c->role != OBJECT_R_VAL) {
+ role = p->role_val_to_struct[c->role - 1];
+ if (!ebitmap_get_bit(&role->types,
+ c->type - 1))
+ /* role may not be associated with type */
+ return FALSE;
+
+ /*
+ * User must be authorized for the role.
+ */
+ if (!c->user || c->user > p->p_users.nprim)
+ return FALSE;
+ usrdatum = p->user_val_to_struct[c->user - 1];
+ if (!usrdatum)
+ return FALSE;
+
+ if (!ebitmap_get_bit(&usrdatum->roles,
+ c->role - 1))
+ /* user may not be associated with role */
+ return FALSE;
+ }
+
+ if (!mls_context_isvalid(p, c))
+ return FALSE;
+
+ return TRUE;
+}
+
+
+/*
+ * Read and validate a security context structure
+ * from a policydb binary representation file.
+ */
+static int context_read_and_validate(context_struct_t * c,
+ policydb_t * p,
+ FILE * fp)
+{
+ __u32 buf[32];
+ size_t items;
+
+ items = fread(buf, sizeof(__u32), 3, fp);
+ if (items != 3) {
+ printf("security: context truncated\n");
+ return -1;
+ }
+ c->user = le32_to_cpu(buf[0]);
+ c->role = le32_to_cpu(buf[1]);
+ c->type = le32_to_cpu(buf[2]);
+ if (mls_read_range(c, fp)) {
+ printf("security: error reading MLS range of context\n");
+ return -1;
+ }
+
+ if (!policydb_context_isvalid(p, c)) {
+ printf("security: invalid security context\n");
+ context_destroy(c);
+ return -1;
+ }
+ return 0;
+}
+
+
+/*
+ * The following *_read functions are used to
+ * read the symbol data from a policy database
+ * binary representation file.
+ */
+
+static int perm_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+ char *key = 0;
+ perm_datum_t *perdatum;
+ __u32 buf[32], len;
+ int items, items2;
+
+ perdatum = malloc(sizeof(perm_datum_t));
+ if (!perdatum)
+ return -1;
+ memset(perdatum, 0, sizeof(perm_datum_t));
+
+ items = 2;
+ items2 = fread(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ perdatum->value = le32_to_cpu(buf[1]);
+ if (mls_read_perm(perdatum, fp))
+ goto bad;
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ items = fread(key, 1, len, fp);
+ if (items != len)
+ goto bad;
+ key[len] = 0;
+
+ if (hashtab_insert(h, key, perdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ perm_destroy(key, perdatum, NULL);
+ return -1;
+}
+
+
+static int common_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+ char *key = 0;
+ common_datum_t *comdatum;
+ __u32 buf[32], len, nel;
+ int items, i;
+
+ comdatum = malloc(sizeof(common_datum_t));
+ if (!comdatum)
+ return -1;
+ memset(comdatum, 0, sizeof(common_datum_t));
+
+ items = fread(buf, sizeof(__u32), 4, fp);
+ if (items != 4)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ comdatum->value = le32_to_cpu(buf[1]);
+
+ if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
+ goto bad;
+ comdatum->permissions.nprim = le32_to_cpu(buf[2]);
+ nel = le32_to_cpu(buf[3]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ items = fread(key, 1, len, fp);
+ if (items != len)
+ goto bad;
+ key[len] = 0;
+
+ for (i = 0; i < nel; i++) {
+ if (perm_read(p, comdatum->permissions.table, fp))
+ goto bad;
+ }
+
+ if (hashtab_insert(h, key, comdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ common_destroy(key, comdatum, NULL);
+ return -1;
+}
+
+
+static constraint_expr_t *
+ constraint_expr_read(FILE * fp)
+{
+ constraint_expr_t *expr;
+ __u32 buf[32];
+ int items;
+
+ expr = malloc(sizeof(constraint_expr_t));
+ if (!expr)
+ return NULL;
+ memset(expr, 0, sizeof(constraint_expr_t));
+
+ items = fread(buf, sizeof(__u32), 3, fp);
+ if (items != 3)
+ goto bad;
+
+ expr->expr_type = le32_to_cpu(buf[0]);
+ expr->attr = le32_to_cpu(buf[1]);
+ expr->op = le32_to_cpu(buf[2]);
+ expr->count = 1;
+ items = 0;
+
+ switch (expr->expr_type) {
+ case CEXPR_NAMES:
+ if (!ebitmap_read(&expr->names, fp))
+ goto bad;
+ break;
+ case CEXPR_AND:
+ case CEXPR_OR:
+ expr->left = constraint_expr_read(fp);
+ if (!expr->left)
+ goto bad;
+ expr->right = constraint_expr_read(fp);
+ if (!expr->right)
+ goto bad;
+ break;
+ case CEXPR_NOT:
+ expr->left = constraint_expr_read(fp);
+ if (!expr->left)
+ goto bad;
+ break;
+ }
+
+ return expr;
+
+ bad:
+ constraint_expr_destroy(expr);
+ return NULL;
+}
+
+
+static int class_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+ char *key = 0;
+ class_datum_t *cladatum;
+ constraint_node_t *c, *l;
+ __u32 buf[32], len, len2, ncons, nel;
+ int items, i;
+
+ cladatum = (class_datum_t *) malloc(sizeof(class_datum_t));
+ if (!cladatum)
+ return -1;
+ memset(cladatum, 0, sizeof(class_datum_t));
+
+ items = fread(buf, sizeof(__u32), 6, fp);
+ if (items != 6)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ len2 = le32_to_cpu(buf[1]);
+ cladatum->value = le32_to_cpu(buf[2]);
+
+ if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
+ goto bad;
+ cladatum->permissions.nprim = le32_to_cpu(buf[3]);
+ nel = le32_to_cpu(buf[4]);
+
+ ncons = le32_to_cpu(buf[5]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ items = fread(key, 1, len, fp);
+ if (items != len)
+ goto bad;
+ key[len] = 0;
+
+ if (len2) {
+ cladatum->comkey = malloc(len2 + 1);
+ if (!cladatum->comkey)
+ goto bad;
+ items = fread(cladatum->comkey, 1, len2, fp);
+ if (items != len2)
+ goto bad;
+ cladatum->comkey[len2] = 0;
+
+ cladatum->comdatum = hashtab_search(p->p_commons.table,
+ cladatum->comkey);
+ if (!cladatum->comdatum) {
+ printf("security: unknown common %s\n", cladatum->comkey);
+ goto bad;
+ }
+ }
+ for (i = 0; i < nel; i++) {
+ if (perm_read(p, cladatum->permissions.table, fp))
+ goto bad;
+ }
+
+ l = NULL;
+ for (i = 0; i < ncons; i++) {
+ c = malloc(sizeof(constraint_node_t));
+ if (!c)
+ goto bad;
+ memset(c, 0, sizeof(constraint_node_t));
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ goto bad;
+ c->permissions = le32_to_cpu(buf[0]);
+ c->expr = constraint_expr_read(fp);
+ if (!c->expr)
+ goto bad;
+ if (l) {
+ l->next = c;
+ } else {
+ cladatum->constraints = c;
+ }
+ l = c;
+
+ }
+
+ if (mls_read_class(cladatum, fp))
+ goto bad;
+
+ if (hashtab_insert(h, key, cladatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ class_destroy(key, cladatum, NULL);
+ return -1;
+}
+
+
+static int role_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+ char *key = 0;
+ role_datum_t *role;
+ __u32 buf[32], len;
+ int items;
+
+ role = malloc(sizeof(role_datum_t));
+ if (!role)
+ return -1;
+ memset(role, 0, sizeof(role_datum_t));
+
+ items = fread(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ role->value = le32_to_cpu(buf[1]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ items = fread(key, 1, len, fp);
+ if (items != len)
+ goto bad;
+ key[len] = 0;
+
+ if (!ebitmap_read(&role->dominates, fp))
+ goto bad;
+
+ if (!ebitmap_read(&role->types, fp))
+ goto bad;
+
+ if (strcmp(key, OBJECT_R) == 0) {
+ if (role->value != OBJECT_R_VAL) {
+ printf("Role %s has wrong value %d\n",
+ OBJECT_R, role->value);
+ role_destroy(key, role, NULL);
+ return -1;
+ }
+ role_destroy(key, role, NULL);
+ return 0;
+ }
+
+ if (hashtab_insert(h, key, role))
+ goto bad;
+
+ return 0;
+
+ bad:
+ role_destroy(key, role, NULL);
+ return -1;
+}
+
+
+static int type_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+ char *key = 0;
+ type_datum_t *typdatum;
+ __u32 buf[32], len;
+ int items;
+
+ typdatum = malloc(sizeof(type_datum_t));
+ if (!typdatum)
+ return -1;
+ memset(typdatum, 0, sizeof(type_datum_t));
+
+ items = fread(buf, sizeof(__u32), 3, fp);
+ if (items != 3)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ typdatum->value = le32_to_cpu(buf[1]);
+ typdatum->primary = le32_to_cpu(buf[2]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ items = fread(key, 1, len, fp);
+ if (items != len)
+ goto bad;
+ key[len] = 0;
+
+ if (hashtab_insert(h, key, typdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ type_destroy(key, typdatum, NULL);
+ return -1;
+}
+
+static int user_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+ char *key = 0;
+ user_datum_t *usrdatum;
+ __u32 buf[32], len;
+ int items;
+
+
+ usrdatum = malloc(sizeof(user_datum_t));
+ if (!usrdatum)
+ return -1;
+ memset(usrdatum, 0, sizeof(user_datum_t));
+
+ items = fread(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ usrdatum->value = le32_to_cpu(buf[1]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ items = fread(key, 1, len, fp);
+ if (items != len)
+ goto bad;
+ key[len] = 0;
+
+ if (!ebitmap_read(&usrdatum->roles, fp))
+ goto bad;
+
+ if (mls_read_user(usrdatum, fp))
+ goto bad;
+
+ if (hashtab_insert(h, key, usrdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ user_destroy(key, usrdatum, NULL);
+ return -1;
+}
+
+
+static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, FILE * fp) =
+{
+ common_read,
+ class_read,
+ role_read,
+ type_read,
+ user_read
+ mls_read_f
+};
+
+#define mls_config(x) \
+ ((x) & POLICYDB_CONFIG_MLS) ? "mls" : "no_mls"
+
+/*
+ * Read the configuration data from a policy database binary
+ * representation file into a policy database structure.
+ */
+int policydb_read(policydb_t * p, FILE * fp)
+{
+ struct role_allow *ra, *lra;
+ struct role_trans *tr, *ltr;
+ ocontext_t *c, *l;
+ int i, j;
+ __u32 buf[32], len, config, nprim, nel;
+ size_t items;
+
+
+ config = 0;
+ mls_set_config(config);
+ items = fread(buf, sizeof(__u32), 4, fp);
+ if (items != 4) {
+ return -1;
+ }
+ for (i = 0; i < 4; i++)
+ buf[i] = le32_to_cpu(buf[i]);
+
+ if (buf[0] != POLICYDB_VERSION) {
+ printf("security: policydb version %d does not match my version %d\n", buf[0], POLICYDB_VERSION);
+ return -1;
+ }
+ if (buf[1] != config) {
+ printf("security: policydb configuration (%s) does not match my configuration (%s)\n",
+ mls_config(buf[1]),
+ mls_config(config));
+ return -1;
+ }
+ if (buf[2] != SYM_NUM || buf[3] != OCON_NUM) {
+ printf("security: policydb table sizes (%d,%d) do not match mine (%d,%d)\n", buf[2], buf[3], SYM_NUM, OCON_NUM);
+ return -1;
+ }
+
+ if (policydb_init(p))
+ return -1;
+
+ if (mls_read_nlevels(p, fp))
+ return -1;
+
+ for (i = 0; i < SYM_NUM; i++) {
+ items = fread(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ goto bad;
+ nprim = le32_to_cpu(buf[0]);
+ nel = le32_to_cpu(buf[1]);
+ for (j = 0; j < nel; j++) {
+ if (read_f[i] (p, p->symtab[i].table, fp))
+ goto bad;
+ }
+
+ p->symtab[i].nprim = nprim;
+ }
+
+ if (avtab_read(&p->te_avtab, fp, config))
+ goto bad;
+
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ goto bad;
+ nel = le32_to_cpu(buf[0]);
+ ltr = NULL;
+ for (i = 0; i < nel; i++) {
+ tr = malloc(sizeof(struct role_trans));
+ if (!tr) {
+ goto bad;
+ }
+ memset(tr, 0, sizeof(struct role_trans));
+ if (ltr) {
+ ltr->next = tr;
+ } else {
+ p->role_tr = tr;
+ }
+ items = fread(buf, sizeof(__u32), 3, fp);
+ if (items != 3)
+ goto bad;
+ tr->role = le32_to_cpu(buf[0]);
+ tr->type = le32_to_cpu(buf[1]);
+ tr->new_role = le32_to_cpu(buf[2]);
+ ltr = tr;
+ }
+
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ goto bad;
+ nel = le32_to_cpu(buf[0]);
+ lra = NULL;
+ for (i = 0; i < nel; i++) {
+ ra = malloc(sizeof(struct role_allow));
+ if (!ra) {
+ goto bad;
+ }
+ memset(ra, 0, sizeof(struct role_allow));
+ if (lra) {
+ lra->next = ra;
+ } else {
+ p->role_allow = ra;
+ }
+ items = fread(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ goto bad;
+ ra->role = le32_to_cpu(buf[0]);
+ ra->new_role = le32_to_cpu(buf[1]);
+ lra = ra;
+ }
+
+ if (policydb_index_classes(p))
+ goto bad;
+
+ if (policydb_index_others(p))
+ goto bad;
+
+ for (i = 0; i < OCON_NUM; i++) {
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ goto bad;
+ nel = le32_to_cpu(buf[0]);
+ l = NULL;
+ for (j = 0; j < nel; j++) {
+ c = malloc(sizeof(ocontext_t));
+ if (!c) {
+ goto bad;
+ }
+ memset(c, 0, sizeof(ocontext_t));
+ if (l) {
+ l->next = c;
+ } else {
+ p->ocontexts[i] = c;
+ }
+ l = c;
+ switch (i) {
+ case OCON_ISID:
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ goto bad;
+ c->sid[0] = le32_to_cpu(buf[0]);
+ if (context_read_and_validate(&c->context[0], p, fp))
+ goto bad;
+ break;
+ case OCON_FS:
+ case OCON_NETIF:
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ goto bad;
+ len = le32_to_cpu(buf[0]);
+ c->u.name = malloc(len + 1);
+ if (!c->u.name) {
+ goto bad;
+ }
+ items = fread(c->u.name, 1, len, fp);
+ if (items != len)
+ goto bad;
+ c->u.name[len] = 0;
+ if (context_read_and_validate(&c->context[0], p, fp))
+ goto bad;
+ if (context_read_and_validate(&c->context[1], p, fp))
+ goto bad;
+ break;
+ case OCON_PORT:
+ items = fread(buf, sizeof(__u32), 3, fp);
+ if (items != 3)
+ goto bad;
+ c->u.port.protocol = le32_to_cpu(buf[0]);
+ c->u.port.low_port = le32_to_cpu(buf[1]);
+ c->u.port.high_port = le32_to_cpu(buf[2]);
+ if (context_read_and_validate(&c->context[0], p, fp))
+ goto bad;
+ break;
+ case OCON_NODE:
+ items = fread(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ goto bad;
+ c->u.node.addr = le32_to_cpu(buf[0]);
+ c->u.node.mask = le32_to_cpu(buf[1]);
+ if (context_read_and_validate(&c->context[0], p, fp))
+ goto bad;
+ break;
+ case OCON_NFS:
+ items = fread(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ goto bad;
+ c->u.node.addr = le32_to_cpu(buf[0]);
+ c->u.node.mask = le32_to_cpu(buf[1]);
+ if (context_read_and_validate(&c->context[0], p, fp))
+ goto bad;
+ if (context_read_and_validate(&c->context[1], p, fp))
+ goto bad;
+ break;
+ case OCON_DEVFS:
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ goto bad;
+ len = le32_to_cpu(buf[0]);
+ c->u.name = malloc(len + 1);
+ if (!c->u.name) {
+ goto bad;
+ }
+ items = fread(c->u.name, 1, len, fp);
+ if (items != len)
+ goto bad;
+ c->u.name[len] = 0;
+ items = fread(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ goto bad;
+ c->sclass = le32_to_cpu(buf[0]);
+ if (context_read_and_validate(&c->context[0], p, fp))
+ goto bad;
+ break;
+ }
+ }
+ }
+
+ return 0;
+ bad:
+ policydb_destroy(p);
+ return -1;
+}
+
+
+#ifndef __KERNEL__
+
+/*
+ * Write a security context structure
+ * to a policydb binary representation file.
+ */
+static int context_write(context_struct_t * c, FILE * fp)
+{
+ __u32 buf[32];
+ size_t items, items2;
+
+ items = 0;
+ buf[items++] = cpu_to_le32(c->user);
+ buf[items++] = cpu_to_le32(c->role);
+ buf[items++] = cpu_to_le32(c->type);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items2 != items)
+ return -1;
+ if (mls_write_range(c, fp))
+ return -1;
+
+ return 0;
+}
+
+
+/*
+ * The following *_write functions are used to
+ * write the symbol data to a policy database
+ * binary representation file.
+ */
+
+static int perm_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ perm_datum_t *perdatum;
+ __u32 buf[32], len;
+ int items, items2;
+ FILE *fp = p;
+
+ perdatum = (perm_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(perdatum->value);
+ mls_write_perm(buf, items, perdatum);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+
+ items = fwrite(key, 1, len, fp);
+ if (items != len)
+ return -1;
+
+ return 0;
+}
+
+
+static int common_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ common_datum_t *comdatum;
+ __u32 buf[32], len;
+ int items, items2;
+ FILE *fp = p;
+
+ comdatum = (common_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(comdatum->value);
+ buf[items++] = cpu_to_le32(comdatum->permissions.nprim);
+ buf[items++] = cpu_to_le32(comdatum->permissions.table->nel);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+
+ items = fwrite(key, 1, len, fp);
+ if (items != len)
+ return -1;
+
+ if (hashtab_map(comdatum->permissions.table, perm_write, fp))
+ return -1;
+
+ return 0;
+}
+
+
+static int constraint_expr_write(constraint_expr_t * expr, FILE * fp)
+{
+ __u32 buf[32];
+ int items, items2;
+
+ items = 0;
+ buf[items++] = cpu_to_le32(expr->expr_type);
+ buf[items++] = cpu_to_le32(expr->attr);
+ buf[items++] = cpu_to_le32(expr->op);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+
+ switch (expr->expr_type) {
+ case CEXPR_NAMES:
+ if (!ebitmap_write(&expr->names, fp))
+ return -1;
+ break;
+ default:
+ break;
+ }
+
+ if (expr->left) {
+ if (constraint_expr_write(expr->left, fp))
+ return -1;
+ }
+ if (expr->right) {
+ if (constraint_expr_write(expr->right, fp))
+ return -1;
+ }
+ return 0;
+}
+
+
+static int class_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ class_datum_t *cladatum;
+ constraint_node_t *c;
+ __u32 buf[32], len, len2, ncons;
+ int items, items2;
+ FILE *fp = p;
+
+ cladatum = (class_datum_t *) datum;
+
+ len = strlen(key);
+ if (cladatum->comkey)
+ len2 = strlen(cladatum->comkey);
+ else
+ len2 = 0;
+
+ ncons = 0;
+ for (c = cladatum->constraints; c; c = c->next) {
+ ncons++;
+ }
+
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(len2);
+ buf[items++] = cpu_to_le32(cladatum->value);
+ buf[items++] = cpu_to_le32(cladatum->permissions.nprim);
+ if (cladatum->permissions.table)
+ buf[items++] = cpu_to_le32(cladatum->permissions.table->nel);
+ else
+ buf[items++] = 0;
+ buf[items++] = cpu_to_le32(ncons);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+
+ items = fwrite(key, 1, len, fp);
+ if (items != len)
+ return -1;
+
+ if (cladatum->comkey) {
+ items = fwrite(cladatum->comkey, 1, len2, fp);
+ if (items != len2)
+ return -1;
+ }
+ if (hashtab_map(cladatum->permissions.table, perm_write, fp))
+ return -1;
+
+ for (c = cladatum->constraints; c; c = c->next) {
+ buf[0] = cpu_to_le32(c->permissions);
+ items = fwrite(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ if (constraint_expr_write(c->expr, fp))
+ return -1;
+ }
+
+ if (mls_write_class(cladatum, fp))
+ return -1;
+
+ return 0;
+}
+
+static int role_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ role_datum_t *role;
+ __u32 buf[32], len;
+ int items, items2;
+ FILE *fp = p;
+
+ role = (role_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(role->value);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+
+ items = fwrite(key, 1, len, fp);
+ if (items != len)
+ return -1;
+
+ if (!ebitmap_write(&role->dominates, fp))
+ return -1;
+
+ if (!ebitmap_write(&role->types, fp))
+ return -1;
+
+ return 0;
+}
+
+static int type_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ type_datum_t *typdatum;
+ __u32 buf[32], len;
+ int items, items2;
+ FILE *fp = p;
+
+ typdatum = (type_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(typdatum->value);
+ buf[items++] = cpu_to_le32(typdatum->primary);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+
+ items = fwrite(key, 1, len, fp);
+ if (items != len)
+ return -1;
+
+ return 0;
+}
+
+static int user_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ user_datum_t *usrdatum;
+ __u32 buf[32], len;
+ int items, items2;
+ FILE *fp = p;
+
+
+ usrdatum = (user_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(usrdatum->value);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+
+ items = fwrite(key, 1, len, fp);
+ if (items != len)
+ return -1;
+
+ if (!ebitmap_write(&usrdatum->roles, fp))
+ return -1;
+
+ return mls_write_user(usrdatum, fp);
+}
+
+
+static int (*write_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, void *datap) =
+{
+ common_write,
+ class_write,
+ role_write,
+ type_write,
+ user_write
+ mls_write_f
+};
+
+
+/*
+ * Write the configuration data in a policy database
+ * structure to a policy database binary representation
+ * file.
+ */
+int policydb_write(policydb_t * p, FILE * fp)
+{
+ struct role_allow *ra;
+ struct role_trans *tr;
+ ocontext_t *c;
+ int i, j;
+ __u32 buf[32], len, config, nel;
+ size_t items, items2;
+
+ config = 0;
+ mls_set_config(config);
+
+ items = 0;
+ buf[items++] = cpu_to_le32(POLICYDB_VERSION);
+ buf[items++] = cpu_to_le32(config);
+ buf[items++] = cpu_to_le32(SYM_NUM);
+ buf[items++] = cpu_to_le32(OCON_NUM);
+ items2 = fwrite(buf, sizeof(__u32), items, fp);
+ if (items != items2)
+ return -1;
+
+ if (mls_write_nlevels(p, fp))
+ return -1;
+
+ for (i = 0; i < SYM_NUM; i++) {
+ buf[0] = cpu_to_le32(p->symtab[i].nprim);
+ buf[1] = cpu_to_le32(p->symtab[i].table->nel);
+ items = fwrite(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ return -1;
+ if (hashtab_map(p->symtab[i].table, write_f[i], fp))
+ return -1;
+ }
+
+ if (avtab_write(&p->te_avtab, fp))
+ return -1;
+
+ nel = 0;
+ for (tr = p->role_tr; tr; tr = tr->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = fwrite(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ for (tr = p->role_tr; tr; tr = tr->next) {
+ buf[0] = cpu_to_le32(tr->role);
+ buf[1] = cpu_to_le32(tr->type);
+ buf[2] = cpu_to_le32(tr->new_role);
+ items = fwrite(buf, sizeof(__u32), 3, fp);
+ if (items != 3)
+ return -1;
+ }
+
+ nel = 0;
+ for (ra = p->role_allow; ra; ra = ra->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = fwrite(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ for (ra = p->role_allow; ra; ra = ra->next) {
+ buf[0] = cpu_to_le32(ra->role);
+ buf[1] = cpu_to_le32(ra->new_role);
+ items = fwrite(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ return -1;
+ }
+
+ for (i = 0; i < OCON_NUM; i++) {
+ nel = 0;
+ for (c = p->ocontexts[i]; c; c = c->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = fwrite(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ for (c = p->ocontexts[i]; c; c = c->next) {
+ switch (i) {
+ case OCON_ISID:
+ buf[0] = cpu_to_le32(c->sid[0]);
+ items = fwrite(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ if (context_write(&c->context[0], fp))
+ return -1;
+ break;
+ case OCON_FS:
+ case OCON_NETIF:
+ len = strlen(c->u.name);
+ buf[0] = cpu_to_le32(len);
+ items = fwrite(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ items = fwrite(c->u.name, 1, len, fp);
+ if (items != len)
+ return -1;
+ if (context_write(&c->context[0], fp))
+ return -1;
+ if (context_write(&c->context[1], fp))
+ return -1;
+ break;
+ case OCON_PORT:
+ buf[0] = c->u.port.protocol;
+ buf[1] = c->u.port.low_port;
+ buf[2] = c->u.port.high_port;
+ for (j = 0; j < 3; j++) {
+ buf[j] = cpu_to_le32(buf[j]);
+ }
+ items = fwrite(buf, sizeof(__u32), 3, fp);
+ if (items != 3)
+ return -1;
+ if (context_write(&c->context[0], fp))
+ return -1;
+ break;
+ case OCON_NODE:
+ buf[0] = cpu_to_le32(c->u.node.addr);
+ buf[1] = cpu_to_le32(c->u.node.mask);
+ items = fwrite(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ return -1;
+ if (context_write(&c->context[0], fp))
+ return -1;
+ break;
+ case OCON_NFS:
+ buf[0] = cpu_to_le32(c->u.node.addr);
+ buf[1] = cpu_to_le32(c->u.node.mask);
+ items = fwrite(buf, sizeof(__u32), 2, fp);
+ if (items != 2)
+ return -1;
+ if (context_write(&c->context[0], fp))
+ return -1;
+ if (context_write(&c->context[1], fp))
+ return -1;
+ break;
+ case OCON_DEVFS:
+ len = strlen(c->u.name);
+ buf[0] = cpu_to_le32(len);
+ items = fwrite(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ items = fwrite(c->u.name, 1, len, fp);
+ if (items != len)
+ return -1;
+ buf[0] = cpu_to_le32(c->sclass);
+ items = fwrite(buf, sizeof(__u32), 1, fp);
+ if (items != 1)
+ return -1;
+ if (context_write(&c->context[0], fp))
+ return -1;
+ break;
+ }
+ }
+ }
+
+ return 0;
+}
+
+#endif
+
diff --minimal -Nru a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/policydb.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,241 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A policy database (policydb) specifies the
+ * configuration data for the security policy.
+ */
+
+#ifndef _POLICYDB_H_
+#define _POLICYDB_H_
+
+#include "symtab.h"
+#include "avtab.h"
+#include "sidtab.h"
+#include "context.h"
+#include "constraint.h"
+
+
+/*
+ * A datum type is defined for each kind of symbol
+ * in the configuration data: individual permissions,
+ * common prefixes for access vectors, classes,
+ * users, roles, types, sensitivities, categories, etc.
+ */
+
+/* Permission attributes */
+typedef struct perm_datum {
+ __u32 value; /* permission bit + 1 */
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+#define MLS_BASE_READ 1 /* MLS base permission `read' */
+#define MLS_BASE_WRITE 2 /* MLS base permission `write' */
+#define MLS_BASE_READBY 4 /* MLS base permission `readby' */
+#define MLS_BASE_WRITEBY 8 /* MLS base permission `writeby' */
+ __u32 base_perms; /* MLS base permission mask */
+#endif
+} perm_datum_t;
+
+/* Attributes of a common prefix for access vectors */
+typedef struct common_datum {
+ __u32 value; /* internal common value */
+ symtab_t permissions; /* common permissions */
+} common_datum_t;
+
+/* Class attributes */
+typedef struct class_datum {
+ __u32 value; /* class value */
+ char *comkey; /* common name */
+ common_datum_t *comdatum; /* common datum */
+ symtab_t permissions; /* class-specific permission symbol table */
+ constraint_node_t *constraints; /* constraints on class permissions */
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+ mls_perms_t mlsperms; /* MLS base permission masks */
+#endif
+} class_datum_t;
+
+/* Role attributes */
+typedef struct role_datum {
+ __u32 value; /* internal role value */
+ ebitmap_t dominates; /* set of roles dominated by this role */
+ ebitmap_t types; /* set of authorized types for role */
+} role_datum_t;
+
+typedef struct role_trans {
+ __u32 role; /* current role */
+ __u32 type; /* program executable type */
+ __u32 new_role; /* new role */
+ struct role_trans *next;
+} role_trans_t;
+
+typedef struct role_allow {
+ __u32 role; /* current role */
+ __u32 new_role; /* new role */
+ struct role_allow *next;
+} role_allow_t;
+
+/* Type attributes */
+typedef struct type_datum {
+ __u32 value; /* internal type value */
+ unsigned char primary; /* primary name? */
+#ifndef __KERNEL__
+ unsigned char isattr; /* is this a type attribute? */
+ ebitmap_t types; /* types with this attribute */
+#endif
+} type_datum_t;
+
+/* User attributes */
+typedef struct user_datum {
+ __u32 value; /* internal user value */
+ ebitmap_t roles; /* set of authorized roles for user */
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+ mls_range_list_t *ranges; /* list of authorized MLS ranges for user */
+#endif
+} user_datum_t;
+
+
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+/* Sensitivity attributes */
+typedef struct level_datum {
+ mls_level_t *level; /* sensitivity and associated categories */
+ unsigned char isalias; /* is this sensitivity an alias for another? */
+} level_datum_t;
+
+/* Category attributes */
+typedef struct cat_datum {
+ __u32 value; /* internal category bit + 1 */
+ unsigned char isalias; /* is this category an alias for another? */
+} cat_datum_t;
+#endif
+
+
+/*
+ * The configuration data includes security contexts for
+ * initial SIDs, unlabeled file systems, TCP and UDP port numbers,
+ * network interfaces, nodes, and NFS servers. This structure stores the
+ * relevant data for one such entry. Entries of the same kind
+ * (e.g. all initial SIDs) are linked together into a list.
+ */
+typedef struct ocontext {
+ union {
+ char *name; /* name of initial SID, fs, devfs entry or netif */
+ struct {
+ __u8 protocol;
+ __u16 low_port;
+ __u16 high_port;
+ } port; /* TCP or UDP port information */
+ struct {
+ __u32 addr;
+ __u32 mask;
+ } node; /* node or NFS information */
+ } u;
+ __u32 sclass;
+ context_struct_t context[2]; /* security context(s) */
+ security_id_t sid[2]; /* SID(s) */
+ struct ocontext *next;
+} ocontext_t;
+
+
+/* symbol table array indices */
+#define SYM_COMMONS 0
+#define SYM_CLASSES 1
+#define SYM_ROLES 2
+#define SYM_TYPES 3
+#define SYM_USERS 4
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+#define SYM_LEVELS 5
+#define SYM_CATS 6
+#define SYM_NUM 7
+#else
+#define SYM_NUM 5
+#endif
+
+/* object context array indices */
+#define OCON_ISID 0 /* initial SIDs */
+#define OCON_FS 1 /* unlabeled file systems */
+#define OCON_PORT 2 /* TCP and UDP port numbers */
+#define OCON_NETIF 3 /* network interfaces */
+#define OCON_NODE 4 /* nodes */
+#define OCON_NFS 5 /* NFS */
+#define OCON_DEVFS 6 /* devfs */
+#define OCON_NUM 7
+
+/* The policy database */
+typedef struct policydb {
+ /* symbol tables */
+ symtab_t symtab[SYM_NUM];
+#define p_commons symtab[SYM_COMMONS]
+#define p_classes symtab[SYM_CLASSES]
+#define p_roles symtab[SYM_ROLES]
+#define p_types symtab[SYM_TYPES]
+#define p_users symtab[SYM_USERS]
+#define p_levels symtab[SYM_LEVELS]
+#define p_cats symtab[SYM_CATS]
+
+ /* symbol names indexed by (value - 1) */
+ char **sym_val_to_name[SYM_NUM];
+#define p_common_val_to_name sym_val_to_name[SYM_COMMONS]
+#define p_class_val_to_name sym_val_to_name[SYM_CLASSES]
+#define p_role_val_to_name sym_val_to_name[SYM_ROLES]
+#define p_type_val_to_name sym_val_to_name[SYM_TYPES]
+#define p_user_val_to_name sym_val_to_name[SYM_USERS]
+#define p_sens_val_to_name sym_val_to_name[SYM_LEVELS]
+#define p_cat_val_to_name sym_val_to_name[SYM_CATS]
+
+ /* class, role, and user attributes indexed by (value - 1) */
+ class_datum_t **class_val_to_struct;
+ role_datum_t **role_val_to_struct;
+ user_datum_t **user_val_to_struct;
+
+ /* type enforcement access vectors and transitions */
+ avtab_t te_avtab;
+
+ /* role transitions */
+ role_trans_t *role_tr;
+
+ /* role allows */
+ role_allow_t *role_allow;
+
+ /* security contexts of initial SIDs, unlabeled file systems,
+ TCP or UDP port numbers, network interfaces, nodes, NFS servers */
+ ocontext_t *ocontexts[OCON_NUM];
+
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+ /* number of legitimate MLS levels */
+ __u32 nlevels;
+#endif
+} policydb_t;
+
+extern int policydb_init(policydb_t * p);
+
+extern int policydb_index_classes(policydb_t * p);
+
+extern int policydb_index_others(policydb_t * p);
+
+extern int constraint_expr_destroy(constraint_expr_t * expr);
+
+extern void policydb_destroy(policydb_t * p);
+
+extern int policydb_load_isids(policydb_t *p, sidtab_t *s);
+
+extern int policydb_context_isvalid(policydb_t *p, context_struct_t *c);
+
+extern int policydb_read(policydb_t * p, FILE * fp);
+
+#ifndef __KERNEL__
+int policydb_write(policydb_t * p, FILE * fp);
+#endif
+
+#define PERM_SYMTAB_SIZE 32
+
+#define POLICYDB_VERSION 8
+#define POLICYDB_CONFIG_MLS 1
+
+#define OBJECT_R "object_r"
+#define OBJECT_R_VAL 1
+
+#endif /* _POLICYDB_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/queue.c b/security/selinux/ss/queue.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/queue.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,192 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the double-ended queue type.
+ */
+
+#include "queue.h"
+
+queue_t
+queue_create(void)
+{
+ queue_t q;
+
+ q = (queue_t) malloc(sizeof(struct queue_info));
+ if (q == NULL)
+ return NULL;
+
+ q->head = q->tail = NULL;
+
+ return q;
+}
+
+int queue_insert(queue_t q, queue_element_t e)
+{
+ queue_node_ptr_t newnode;
+
+
+ if (!q)
+ return -1;
+
+ newnode = (queue_node_ptr_t) malloc(sizeof(struct queue_node));
+ if (newnode == NULL)
+ return -1;
+
+ newnode->element = e;
+ newnode->next = NULL;
+
+ if (q->head == NULL) {
+ q->head = q->tail = newnode;
+ } else {
+ q->tail->next = newnode;
+ q->tail = newnode;
+ }
+
+ return 0;
+}
+
+int queue_push(queue_t q, queue_element_t e)
+{
+ queue_node_ptr_t newnode;
+
+
+ if (!q)
+ return -1;
+
+ newnode = (queue_node_ptr_t) malloc(sizeof(struct queue_node));
+ if (newnode == NULL)
+ return -1;
+
+ newnode->element = e;
+ newnode->next = NULL;
+
+ if (q->head == NULL) {
+ q->head = q->tail = newnode;
+ } else {
+ newnode->next = q->head;
+ q->head = newnode;
+ }
+
+ return 0;
+}
+
+queue_element_t
+queue_remove(queue_t q)
+{
+ queue_node_ptr_t node;
+ queue_element_t e;
+
+
+ if (!q)
+ return NULL;
+
+ if (q->head == NULL)
+ return NULL;
+
+ node = q->head;
+ q->head = q->head->next;
+ if (q->head == NULL)
+ q->tail = NULL;
+
+ e = node->element;
+ free(node);
+
+ return e;
+}
+
+queue_element_t
+queue_head(queue_t q)
+{
+ if (!q)
+ return NULL;
+
+ if (q->head == NULL)
+ return NULL;
+
+ return q->head->element;
+}
+
+void queue_destroy(queue_t q)
+{
+ queue_node_ptr_t p, temp;
+
+
+ if (!q)
+ return;
+
+ p = q->head;
+ while (p != NULL) {
+ temp = p;
+ p = p->next;
+ free(temp);
+ }
+
+ free(q);
+}
+
+int queue_map(queue_t q, int (*f) (queue_element_t, void *), void *vp)
+{
+ queue_node_ptr_t p;
+ int ret;
+
+
+ if (!q)
+ return 0;
+
+ p = q->head;
+ while (p != NULL) {
+ ret = f(p->element, vp);
+ if (ret)
+ return ret;
+ p = p->next;
+ }
+ return 0;
+}
+
+
+void queue_map_remove_on_error(queue_t q,
+ int (*f) (queue_element_t, void *),
+ void (*g) (queue_element_t, void *),
+ void *vp)
+{
+ queue_node_ptr_t p, last, temp;
+ int ret;
+
+
+ if (!q)
+ return;
+
+ last = NULL;
+ p = q->head;
+ while (p != NULL) {
+ ret = f(p->element, vp);
+ if (ret) {
+ if (last) {
+ last->next = p->next;
+ if (last->next == NULL)
+ q->tail = last;
+ } else {
+ q->head = p->next;
+ if (q->head == NULL)
+ q->tail = NULL;
+ }
+
+ temp = p;
+ p = p->next;
+ g(temp->element, vp);
+ free(temp);
+ } else {
+ last = p;
+ p = p->next;
+ }
+ }
+
+ return;
+}
+
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/queue.h b/security/selinux/ss/queue.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/queue.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,65 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A double-ended queue is a singly linked list of
+ * elements of arbitrary type that may be accessed
+ * at either end.
+ */
+
+#ifndef _QUEUE_H_
+#define _QUEUE_H_
+
+typedef void *queue_element_t;
+
+typedef struct queue_node *queue_node_ptr_t;
+
+typedef struct queue_node {
+ queue_element_t element;
+ queue_node_ptr_t next;
+} queue_node_t;
+
+typedef struct queue_info {
+ queue_node_ptr_t head;
+ queue_node_ptr_t tail;
+} queue_info_t;
+
+typedef queue_info_t *queue_t;
+
+queue_t queue_create(void);
+int queue_insert(queue_t, queue_element_t);
+int queue_push(queue_t, queue_element_t);
+queue_element_t queue_remove(queue_t);
+queue_element_t queue_head(queue_t);
+void queue_destroy(queue_t);
+
+/*
+ Applies the specified function f to each element in the
+ specified queue.
+
+ In addition to passing the element to f, queue_map
+ passes the specified void* pointer to f on each invocation.
+
+ If f returns a non-zero status, then queue_map will cease
+ iterating through the hash table and will propagate the error
+ return to its caller.
+ */
+int queue_map(queue_t, int (*f) (queue_element_t, void *), void *);
+
+/*
+ Same as queue_map, except that if f returns a non-zero status,
+ then the element will be removed from the queue and the g
+ function will be applied to the element.
+ */
+void queue_map_remove_on_error(queue_t,
+ int (*f) (queue_element_t, void *),
+ void (*g) (queue_element_t, void *),
+ void *);
+
+#endif
+
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/services.c b/security/selinux/ss/services.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/services.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1315 @@
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com>
+ *
+ * The security server was originally written while I was employed by NSA,
+ * and has undergone some revisions since I joined NAI Labs, but is largely
+ * unchanged.
+ */
+
+/* FLASK */
+
+/*
+ * Implementation of the security services.
+ */
+
+#include "context.h"
+#include "policydb.h"
+#include "services.h"
+#include "sidtab.h"
+#include "mls.h"
+#include "services_private.h"
+
+sidtab_t sidtab;
+policydb_t policydb;
+int ss_initialized = 0;
+
+/*
+ * The largest sequence number that has been used when
+ * providing an access decision to the access vector cache.
+ * The sequence number only changes when a policy change
+ * occurs.
+ */
+static __u32 latest_granting = 0;
+
+
+/*
+ * Return the boolean value of a constraint expression
+ * when it is applied to the specified source and target
+ * security contexts.
+ */
+static int constraint_expr_eval(context_struct_t * scontext,
+ context_struct_t * tcontext,
+ constraint_expr_t * expr)
+{
+ __u32 val1, val2;
+ context_struct_t *c;
+ role_datum_t *r1, *r2;
+
+ switch (expr->expr_type) {
+ case CEXPR_NOT:
+ return !constraint_expr_eval(scontext, tcontext, expr->left);
+ case CEXPR_AND:
+ return constraint_expr_eval(scontext, tcontext, expr->left) &&
+ constraint_expr_eval(scontext, tcontext, expr->right);
+ case CEXPR_OR:
+ return constraint_expr_eval(scontext, tcontext, expr->left) ||
+ constraint_expr_eval(scontext, tcontext, expr->right);
+ case CEXPR_ATTR:
+ if (expr->attr & CEXPR_USER) {
+ val1 = scontext->user;
+ val2 = tcontext->user;
+ } else if (expr->attr & CEXPR_ROLE) {
+ val1 = scontext->role;
+ val2 = tcontext->role;
+ r1 = policydb.role_val_to_struct[val1 - 1];
+ r2 = policydb.role_val_to_struct[val2 - 1];
+ switch (expr->op) {
+ case CEXPR_DOM:
+ return ebitmap_get_bit(&r1->dominates,
+ val2 - 1);
+ case CEXPR_DOMBY:
+ return ebitmap_get_bit(&r2->dominates,
+ val1 - 1);
+ case CEXPR_INCOMP:
+ return ( !ebitmap_get_bit(&r1->dominates,
+ val2 - 1) &&
+ !ebitmap_get_bit(&r2->dominates,
+ val1 - 1) );
+ }
+ } else if (expr->attr & CEXPR_TYPE) {
+ val1 = scontext->type;
+ val2 = tcontext->type;
+ } else
+ return 0;
+
+ switch (expr->op) {
+ case CEXPR_EQ:
+ return (val1 == val2);
+ case CEXPR_NEQ:
+ return (val1 != val2);
+ default:
+ return 0;
+ }
+ return 0;
+ case CEXPR_NAMES:
+ c = scontext;
+ if (expr->attr & CEXPR_TARGET)
+ c = tcontext;
+ if (expr->attr & CEXPR_USER)
+ val1 = c->user;
+ else if (expr->attr & CEXPR_ROLE)
+ val1 = c->role;
+ else if (expr->attr & CEXPR_TYPE)
+ val1 = c->type;
+ else
+ return 0;
+
+ return ebitmap_get_bit(&expr->names, val1 - 1);
+ default:
+ return 0;
+ }
+
+ return 0;
+}
+
+
+/*
+ * Compute access vectors based on a context structure pair for
+ * the permissions in a particular class.
+ */
+static int context_struct_compute_av(context_struct_t *scontext,
+ context_struct_t *tcontext,
+ security_class_t tclass,
+ access_vector_t requested,
+ access_vector_t * allowed,
+ access_vector_t * decided,
+ access_vector_t * auditallow,
+ access_vector_t * auditdeny,
+ __u32 *seqno)
+{
+ constraint_node_t *constraint;
+ struct role_allow *ra;
+ avtab_key_t avkey;
+ avtab_datum_t *avdatum;
+ class_datum_t *tclass_datum;
+
+ *seqno = latest_granting;
+ *decided = 0xffffffff;
+
+ if (!tclass || tclass > policydb.p_classes.nprim) {
+ printf("security_compute_av: unrecognized class %d\n",
+ tclass);
+ return -EINVAL;
+ }
+ tclass_datum = policydb.class_val_to_struct[tclass - 1];
+
+ /*
+ * Initialize the access vectors to the default values.
+ */
+ *allowed = 0;
+ *auditallow = 0;
+ *auditdeny = ~0;
+
+ /*
+ * If a specific type enforcement rule was defined for
+ * this permission check, then use it.
+ */
+ avkey.source_type = scontext->type;
+ avkey.target_type = tcontext->type;
+ avkey.target_class = tclass;
+ avdatum = avtab_search(&policydb.te_avtab, &avkey, AVTAB_AV);
+ if (avdatum) {
+ if (avdatum->specified & AVTAB_ALLOWED)
+ *allowed = avtab_allowed(avdatum);
+ if (avdatum->specified & AVTAB_AUDITDENY)
+ *auditdeny = avtab_auditdeny(avdatum);
+ if (avdatum->specified & AVTAB_AUDITALLOW)
+ *auditallow = avtab_auditallow(avdatum);
+ }
+
+ /*
+ * Remove any permissions prohibited by the MLS policy.
+ */
+ mls_compute_av(scontext, tcontext, tclass_datum, allowed);
+
+ /*
+ * Remove any permissions prohibited by a constraint.
+ */
+ constraint = tclass_datum->constraints;
+ while (constraint) {
+ if ((constraint->permissions & (*allowed)) &&
+ !constraint_expr_eval(scontext, tcontext,
+ constraint->expr)) {
+ *allowed = (*allowed) & ~(constraint->permissions);
+ }
+ constraint = constraint->next;
+ }
+
+ /*
+ * If checking process transition permission and the
+ * role is changing, then check the (current_role, new_role)
+ * pair.
+ */
+ if (tclass == SECCLASS_PROCESS &&
+ *allowed && PROCESS__TRANSITION &&
+ scontext->role != tcontext->role) {
+ for (ra = policydb.role_allow; ra; ra = ra->next) {
+ if (scontext->role == ra->role &&
+ tcontext->role == ra->new_role)
+ break;
+ }
+ if (!ra)
+ *allowed = (*allowed) & ~(PROCESS__TRANSITION);
+ }
+
+ return 0;
+}
+
+
+int security_compute_av(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested,
+ access_vector_t * allowed,
+ access_vector_t * decided,
+ access_vector_t * auditallow,
+ access_vector_t * auditdeny,
+ __u32 *seqno)
+{
+ context_struct_t *scontext = 0, *tcontext = 0;
+ int rc = 0;
+
+ if (!ss_initialized) {
+ *allowed = requested;
+ *decided = requested;
+ *auditallow = 0;
+ *auditdeny = 0xffffffff;
+ return 0;
+ }
+
+ if (POLICY_RDLOCK)
+ return -EAGAIN;
+
+ scontext = sidtab_search(&sidtab, ssid);
+ if (!scontext) {
+ printf("security_compute_av: unrecognized SID %d\n", ssid);
+ rc = -EINVAL;
+ goto out;
+ }
+ tcontext = sidtab_search(&sidtab, tsid);
+ if (!tcontext) {
+ printf("security_compute_av: unrecognized SID %d\n", tsid);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ rc = context_struct_compute_av(scontext, tcontext, tclass,
+ requested, allowed, decided,
+ auditallow, auditdeny,
+ seqno);
+out:
+ POLICY_RDUNLOCK;
+ return rc;
+}
+
+
+/*
+ * Write the security context string representation of
+ * the context structure `context' into a dynamically
+ * allocated string of the correct size. Set `*scontext'
+ * to point to this string and set `*scontext_len' to
+ * the length of the string.
+ */
+int context_struct_to_string(context_struct_t * context,
+ security_context_t * scontext,
+ __u32 *scontext_len)
+{
+ char *scontextp;
+
+ *scontext = 0;
+ *scontext_len = 0;
+
+ /* Compute the size of the context. */
+ *scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1;
+ *scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1;
+ *scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1;
+ *scontext_len += mls_compute_context_len(context);
+
+ /* Allocate space for the context; caller must free this space. */
+ scontextp = (char *) malloc(*scontext_len+1);
+ if (!scontextp) {
+ return -ENOMEM;
+ }
+ *scontext = (security_context_t) scontextp;
+
+ /*
+ * Copy the user name, role name and type name into the context.
+ */
+ sprintf(scontextp, "%s:%s:%s:",
+ policydb.p_user_val_to_name[context->user - 1],
+ policydb.p_role_val_to_name[context->role - 1],
+ policydb.p_type_val_to_name[context->type - 1]);
+ scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1 + strlen(policydb.p_role_val_to_name[context->role - 1]) + 1 + strlen(policydb.p_type_val_to_name[context->type - 1]) + 1;
+
+ mls_sid_to_context(context, &scontextp);
+
+ scontextp--;
+ *scontextp = 0;
+
+ return 0;
+}
+
+
+#include <linux/flask/initial_sid_to_string.h>
+
+/*
+ * Write the security context string representation of
+ * the context associated with `sid' into a dynamically
+ * allocated string of the correct size. Set `*scontext'
+ * to point to this string and set `*scontext_len' to
+ * the length of the string.
+ */
+int security_sid_to_context(security_id_t sid,
+ security_context_t * scontext,
+ __u32 *scontext_len)
+{
+ context_struct_t *context;
+ int rc = 0;
+
+ if (!ss_initialized) {
+ if (sid <= SECINITSID_NUM) {
+ char *scontextp;
+
+ *scontext_len = strlen(initial_sid_to_string[sid]) + 1;
+ scontextp = malloc(*scontext_len);
+ strcpy(scontextp, initial_sid_to_string[sid]);
+ *scontext = (security_context_t) scontextp;
+ return 0;
+ }
+ printf("security_sid_to_context: called before initial load_policy on unknown SID %d\n", sid);
+ return -EINVAL;
+ }
+ if (POLICY_RDLOCK)
+ return -EAGAIN;
+ context = sidtab_search(&sidtab, sid);
+ if (!context) {
+ printf("security_sid_to_context: unrecognized SID %d\n", sid);
+ rc = -EINVAL;
+ goto out;
+ }
+ rc = context_struct_to_string(context, scontext, scontext_len);
+out:
+ POLICY_RDUNLOCK;
+ return rc;
+
+}
+
+/*
+ * Return a SID associated with the security context that
+ * has the string representation specified by `scontext'.
+ */
+int security_context_to_sid(security_context_t scontext,
+ __u32 scontext_len,
+ security_id_t * sid)
+{
+ security_context_t scontext2;
+ context_struct_t context;
+ role_datum_t *role;
+ type_datum_t *typdatum;
+ user_datum_t *usrdatum;
+ char *scontextp, *p, oldc;
+ int rc = 0;
+
+ if (!ss_initialized) {
+ int i;
+
+ for (i = 1; i < SECINITSID_NUM; i++) {
+ if (!strcmp(initial_sid_to_string[i], scontext)) {
+ *sid = i;
+ return 0;
+ }
+ }
+ printf("security_context_to_sid: called before initial load_policy on unknown context %s\n", scontext);
+ return -EINVAL;
+ }
+ *sid = SECSID_NULL;
+
+ /* copy the string so that we can modify the copy as we parse it */
+ scontext2 = malloc(scontext_len);
+ if (!scontext2) {
+ return -ENOMEM;
+ }
+ memcpy(scontext2, scontext, scontext_len);
+
+ context_init(&context);
+ *sid = SECSID_NULL;
+
+ if (POLICY_RDLOCK) {
+ free(scontext2);
+ return -EAGAIN;
+ }
+
+ /* Parse the security context. */
+
+ rc = -EINVAL;
+ scontextp = (char *) scontext2;
+ if (scontextp[scontext_len - 1])
+ /* Security context is not null-terminated. */
+ goto out;
+
+ /* Extract the user. */
+ p = scontextp;
+ while (*p && *p != ':')
+ p++;
+
+ if (*p == 0)
+ goto out;
+
+ *p++ = 0;
+
+ usrdatum = (user_datum_t *) hashtab_search(policydb.p_users.table,
+ (hashtab_key_t) scontextp);
+ if (!usrdatum)
+ goto out;
+
+ context.user = usrdatum->value;
+
+ /* Extract role. */
+ scontextp = p;
+ while (*p && *p != ':')
+ p++;
+
+ if (*p == 0)
+ goto out;
+
+ *p++ = 0;
+
+ role = (role_datum_t *) hashtab_search(policydb.p_roles.table,
+ (hashtab_key_t) scontextp);
+ if (!role)
+ goto out;
+ context.role = role->value;
+
+ /* Extract type. */
+ scontextp = p;
+ while (*p && *p != ':')
+ p++;
+ oldc = *p;
+ *p++ = 0;
+
+ typdatum = (type_datum_t *) hashtab_search(policydb.p_types.table,
+ (hashtab_key_t) scontextp);
+
+ if (!typdatum)
+ goto out;
+
+ context.type = typdatum->value;
+
+ rc = mls_context_to_sid(oldc, &p, &context);
+ if (rc)
+ goto out;
+
+ /* Check the validity of the new context. */
+ if (!policydb_context_isvalid(&policydb, &context)) {
+ rc = -EINVAL;
+ goto out;
+ }
+ /* Obtain the new sid. */
+ rc = sidtab_context_to_sid(&sidtab, &context, sid);
+out:
+ POLICY_RDUNLOCK;
+ context_destroy(&context);
+ free(scontext2);
+ return rc;
+}
+
+static int security_compute_sid(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ __u32 specified,
+ security_id_t * out_sid)
+{
+ context_struct_t *scontext = 0, *tcontext = 0, newcontext;
+ struct role_trans *roletr = 0;
+ avtab_key_t avkey;
+ avtab_datum_t *avdatum;
+ unsigned int type_change = 0;
+ int rc = 0;
+
+ if (!ss_initialized) {
+ switch (tclass) {
+ case SECCLASS_PROCESS:
+ *out_sid = ssid;
+ break;
+ default:
+ *out_sid = tsid;
+ break;
+ }
+ return 0;
+ }
+
+ if (POLICY_RDLOCK)
+ return -EAGAIN;
+
+ scontext = sidtab_search(&sidtab, ssid);
+ if (!scontext) {
+ printf("security_compute_sid: unrecognized SID %d\n", ssid);
+ rc = -EINVAL;
+ goto out;
+ }
+ tcontext = sidtab_search(&sidtab, tsid);
+ if (!tcontext) {
+ printf("security_compute_sid: unrecognized SID %d\n", tsid);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ context_init(&newcontext);
+
+ /* Set the user identity. */
+ switch (specified) {
+ case AVTAB_TRANSITION:
+ case AVTAB_CHANGE:
+ /* Use the process user identity. */
+ newcontext.user = scontext->user;
+ break;
+ case AVTAB_MEMBER:
+ /* Use the related object owner. */
+ newcontext.user = tcontext->user;
+ break;
+ }
+
+ /* Set the role and type to default values. */
+ switch (tclass) {
+ case SECCLASS_PROCESS:
+ /* Use the current role and type of process. */
+ newcontext.role = scontext->role;
+ newcontext.type = scontext->type;
+ break;
+ default:
+ /* Use the well-defined object role. */
+ newcontext.role = OBJECT_R_VAL;
+ /* Use the type of the related object. */
+ newcontext.type = tcontext->type;
+ }
+
+ /* Look for a type transition/member/change rule. */
+ avkey.source_type = scontext->type;
+ avkey.target_type = tcontext->type;
+ avkey.target_class = tclass;
+ avdatum = avtab_search(&policydb.te_avtab, &avkey, AVTAB_TYPE);
+ type_change = (avdatum && (avdatum->specified & specified));
+ if (type_change) {
+ /* Use the type from the type transition/member/change rule. */
+ switch (specified) {
+ case AVTAB_TRANSITION:
+ newcontext.type = avtab_transition(avdatum);
+ break;
+ case AVTAB_MEMBER:
+ newcontext.type = avtab_member(avdatum);
+ break;
+ case AVTAB_CHANGE:
+ newcontext.type = avtab_change(avdatum);
+ break;
+ }
+ }
+
+ /* Check for class-specific changes. */
+ switch (tclass) {
+ case SECCLASS_PROCESS:
+ if (specified & AVTAB_TRANSITION) {
+ /* Look for a role transition rule. */
+ for (roletr = policydb.role_tr; roletr;
+ roletr = roletr->next) {
+ if (roletr->role == scontext->role &&
+ roletr->type == tcontext->type) {
+ /* Use the role transition rule. */
+ newcontext.role = roletr->new_role;
+ break;
+ }
+ }
+ }
+
+ if (!type_change && !roletr) {
+ /* No change in process role or type. */
+ *out_sid = ssid;
+ goto out;
+
+ }
+ break;
+ default:
+ if (!type_change &&
+ (newcontext.user == tcontext->user) &&
+ mls_context_cmp(scontext, tcontext)) {
+ /* No change in object type, owner,
+ or MLS attributes. */
+ *out_sid = tsid;
+ goto out;
+ }
+ break;
+ }
+
+ /* Set the MLS attributes.
+ This is done last because it may allocate memory. */
+ rc = mls_compute_sid(scontext, tcontext, tclass, specified, &newcontext);
+ if (rc)
+ goto out;
+
+ /* Check the validity of the context. */
+ if (!policydb_context_isvalid(&policydb, &newcontext)) {
+ rc = compute_sid_handle_invalid_context(scontext,
+ tcontext,
+ tclass,
+ &newcontext);
+ if (rc)
+ goto out;
+ }
+ /* Obtain the sid for the context. */
+ rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);
+out:
+ POLICY_RDUNLOCK;
+ context_destroy(&newcontext);
+ return rc;
+}
+
+/*
+ * Compute a SID to use for labeling a new object in the
+ * class `tclass' based on a SID pair.
+ */
+int security_transition_sid(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ security_id_t * out_sid)
+{
+ return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, out_sid);
+}
+
+
+/*
+ * Compute a SID to use when selecting a member of a
+ * polyinstantiated object of class `tclass' based on
+ * a SID pair.
+ */
+int security_member_sid(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ security_id_t * out_sid)
+{
+ return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid);
+}
+
+
+/*
+ * Compute a SID to use for relabeling an object in the
+ * class `tclass' based on a SID pair.
+ */
+int security_change_sid(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ security_id_t * out_sid)
+{
+ return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);
+}
+
+
+/*
+ * Verify that each permission that is defined under the
+ * existing policy is still defined with the same value
+ * in the new policy.
+ */
+static int validate_perm(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ hashtab_t h;
+ perm_datum_t *perdatum, *perdatum2;
+
+
+ h = (hashtab_t) p;
+ perdatum = (perm_datum_t *) datum;
+
+ perdatum2 = (perm_datum_t *) hashtab_search(h, key);
+ if (!perdatum2) {
+ printf("security: permission %s disappeared", key);
+ return -1;
+ }
+ if (perdatum->value != perdatum2->value) {
+ printf("security: the value of permission %s changed", key);
+ return -1;
+ }
+ return 0;
+}
+
+
+/*
+ * Verify that each class that is defined under the
+ * existing policy is still defined with the same
+ * attributes in the new policy.
+ */
+static int validate_class(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ policydb_t *newp;
+ class_datum_t *cladatum, *cladatum2;
+
+ newp = (policydb_t *) p;
+ cladatum = (class_datum_t *) datum;
+
+ cladatum2 = (class_datum_t *) hashtab_search(newp->p_classes.table, key);
+ if (!cladatum2) {
+ printf("security: class %s disappeared\n", key);
+ return -1;
+ }
+ if (cladatum->value != cladatum2->value) {
+ printf("security: the value of class %s changed\n", key);
+ return -1;
+ }
+ if ((cladatum->comdatum && !cladatum2->comdatum) ||
+ (!cladatum->comdatum && cladatum2->comdatum)) {
+ printf("security: the inherits clause for the access vector definition for class %s changed\n", key);
+ return -1;
+ }
+ if (cladatum->comdatum) {
+ if (hashtab_map(cladatum->comdatum->permissions.table, validate_perm,
+ cladatum2->comdatum->permissions.table)) {
+ printf(" in the access vector definition for class %s\n", key);
+ return -1;
+ }
+ }
+ if (hashtab_map(cladatum->permissions.table, validate_perm,
+ cladatum2->permissions.table)) {
+ printf(" in access vector definition for class %s\n", key);
+ return -1;
+ }
+ return 0;
+}
+
+/* Clone the SID into the new SID table. */
+static int clone_sid(security_id_t sid,
+ context_struct_t *context,
+ void *arg)
+{
+ sidtab_t *s = arg;
+
+ return sidtab_insert(s, sid, context);
+}
+
+typedef struct {
+ policydb_t *oldp;
+ policydb_t *newp;
+} convert_context_args_t;
+
+/*
+ * Convert the values in the security context
+ * structure `c' from the values specified
+ * in the policy `p->oldp' to the values specified
+ * in the policy `p->newp'. Verify that the
+ * context is valid under the new policy.
+ */
+static int convert_context(security_id_t key,
+ context_struct_t * c,
+ void *p)
+{
+ convert_context_args_t *args;
+ context_struct_t oldc;
+ role_datum_t *role;
+ type_datum_t *typdatum;
+ user_datum_t *usrdatum;
+ security_context_t s;
+ __u32 len;
+ int rc = -EINVAL;
+
+ args = (convert_context_args_t *) p;
+
+ if (context_cpy(&oldc, c))
+ return -ENOMEM;
+
+ /* Convert the user. */
+ usrdatum = (user_datum_t *) hashtab_search(args->newp->p_users.table,
+ args->oldp->p_user_val_to_name[c->user - 1]);
+
+ if (!usrdatum) {
+ goto bad;
+ }
+ c->user = usrdatum->value;
+
+ /* Convert the role. */
+ role = (role_datum_t *) hashtab_search(args->newp->p_roles.table,
+ args->oldp->p_role_val_to_name[c->role - 1]);
+ if (!role) {
+ goto bad;
+ }
+ c->role = role->value;
+
+ /* Convert the type. */
+ typdatum = (type_datum_t *)
+ hashtab_search(args->newp->p_types.table,
+ args->oldp->p_type_val_to_name[c->type - 1]);
+ if (!typdatum) {
+ goto bad;
+ }
+ c->type = typdatum->value;
+
+ rc = mls_convert_context(args->oldp, args->newp, c);
+ if (rc)
+ goto bad;
+
+ /* Check the validity of the new context. */
+ if (!policydb_context_isvalid(args->newp, c)) {
+ rc = convert_context_handle_invalid_context(&oldc);
+ if (rc)
+ goto bad;
+ }
+
+ context_destroy(&oldc);
+ return 0;
+
+ bad:
+ context_struct_to_string(&oldc, &s, &len);
+ context_destroy(&oldc);
+ printf("security: invalidating context %s\n", s);
+ free(s);
+ return rc;
+}
+
+
+/*
+ * Read a new set of configuration data from
+ * a policy database binary representation file.
+ *
+ * Verify that each class that is defined under the
+ * existing policy is still defined with the same
+ * attributes in the new policy.
+ *
+ * Convert the context structures in the SID table to the
+ * new representation and verify that all entries
+ * in the SID table are valid under the new policy.
+ *
+ * Change the active policy database to use the new
+ * configuration data.
+ *
+ * Reset the access vector cache.
+ */
+int security_load_policy(FILE * fp)
+{
+ policydb_t oldpolicydb, newpolicydb;
+ sidtab_t oldsidtab, newsidtab;
+ convert_context_args_t args;
+ __u32 seqno;
+ int rc = 0;
+
+ if (!ss_initialized) {
+ if (policydb_read(&policydb, fp)) {
+ return -EINVAL;
+ }
+ if (policydb_load_isids(&policydb, &sidtab)) {
+ policydb_destroy(&policydb);
+ return -EINVAL;
+ }
+ ss_initialized = 1;
+ return 0;
+ }
+
+#if 0
+ sidtab_hash_eval(&sidtab, "sids");
+#endif
+
+ if (policydb_read(&newpolicydb, fp)) {
+ return -EINVAL;
+ }
+
+ sidtab_init(&newsidtab);
+
+ LOAD_LOCK;
+
+ /* Verify that the existing classes did not change. */
+ if (hashtab_map(policydb.p_classes.table, validate_class, &newpolicydb)) {
+ printf("security: the definition of an existing class changed\n");
+ rc = -EINVAL;
+ goto err;
+ }
+
+ /* Clone the SID table. */
+ if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {
+ rc = -ENOMEM;
+ goto err;
+ }
+
+ /* Convert the internal representations of contexts
+ in the new SID table and remove invalid SIDs. */
+ args.oldp = &policydb;
+ args.newp = &newpolicydb;
+ sidtab_map_remove_on_error(&newsidtab, convert_context, &args);
+
+ /* Save the old policydb and SID table to free later. */
+ memcpy(&oldpolicydb, &policydb, sizeof policydb);
+ sidtab_set(&oldsidtab, &sidtab);
+
+ /* Install the new policydb and SID table. */
+ POLICY_WRLOCK;
+ INTERRUPTS_OFF;
+ memcpy(&policydb, &newpolicydb, sizeof policydb);
+ sidtab_set(&sidtab, &newsidtab);
+ seqno = ++latest_granting;
+ INTERRUPTS_ON;
+ POLICY_WRUNLOCK;
+ LOAD_UNLOCK;
+
+ /* Free the old policydb and SID table. */
+ policydb_destroy(&oldpolicydb);
+ sidtab_destroy(&oldsidtab);
+
+ avc_ss_reset(seqno);
+
+ return 0;
+
+err:
+ LOAD_UNLOCK;
+ sidtab_destroy(&newsidtab);
+ policydb_destroy(&newpolicydb);
+ return rc;
+
+}
+
+/*
+ * Return the SIDs to use for an unlabeled file system
+ * that is being mounted from the device with the
+ * the kdevname `name'. The `fs_sid' SID is returned for
+ * the file system and the `file_sid' SID is returned
+ * for all files within that file system.
+ */
+int security_fs_sid(char *name,
+ security_id_t * fs_sid,
+ security_id_t * file_sid)
+{
+ int rc = 0;
+ ocontext_t *c;
+
+ if (POLICY_RDLOCK)
+ return -EAGAIN;
+
+ c = policydb.ocontexts[OCON_FS];
+ while (c) {
+ if (strcmp(c->u.name, name) == 0)
+ break;
+ c = c->next;
+ }
+
+ if (c) {
+ if (!c->sid[0] || !c->sid[1]) {
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[1],
+ &c->sid[1]);
+ if (rc)
+ goto out;
+ }
+ *fs_sid = c->sid[0];
+ *file_sid = c->sid[1];
+ } else {
+ *fs_sid = SECINITSID_FS;
+ *file_sid = SECINITSID_FILE;
+ }
+
+ out:
+ POLICY_RDUNLOCK;
+ return rc;
+}
+
+
+/*
+ * Return the SID of the port specified by
+ * `domain', `type', `protocol', and `port'.
+ */
+int security_port_sid(__u16 domain,
+ __u16 type,
+ __u8 protocol,
+ __u16 port,
+ security_id_t * out_sid)
+{
+ ocontext_t *c;
+ int rc = 0;
+
+ if (POLICY_RDLOCK)
+ return -EAGAIN;
+
+ c = policydb.ocontexts[OCON_PORT];
+ while (c) {
+ if (c->u.port.protocol == protocol &&
+ c->u.port.low_port <= port &&
+ c->u.port.high_port >= port)
+ break;
+ c = c->next;
+ }
+
+ if (c) {
+ if (!c->sid[0]) {
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ }
+ *out_sid = c->sid[0];
+ } else {
+ *out_sid = SECINITSID_PORT;
+ }
+
+ out:
+ POLICY_RDUNLOCK;
+ return rc;
+}
+
+
+/*
+ * Return the SIDs to use for a network interface
+ * with the name `name'. The `if_sid' SID is returned for
+ * the interface and the `msg_sid' SID is returned as
+ * the default SID for messages received on the
+ * interface.
+ */
+int security_netif_sid(char *name,
+ security_id_t * if_sid,
+ security_id_t * msg_sid)
+{
+ int rc = 0;
+ ocontext_t *c;
+
+ if (POLICY_RDLOCK)
+ return -EAGAIN;
+
+ c = policydb.ocontexts[OCON_NETIF];
+ while (c) {
+ if (strcmp(name, c->u.name) == 0)
+ break;
+ c = c->next;
+ }
+
+ if (c) {
+ if (!c->sid[0] || !c->sid[1]) {
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[1],
+ &c->sid[1]);
+ if (rc)
+ goto out;
+ }
+ *if_sid = c->sid[0];
+ *msg_sid = c->sid[1];
+ } else {
+ *if_sid = SECINITSID_NETIF;
+ *msg_sid = SECINITSID_NETMSG;
+ }
+
+ out:
+ POLICY_RDUNLOCK;
+ return rc;
+}
+
+
+/*
+ * Return the SID of the node specified by the address
+ * `addrp' where `addrlen' is the length of the address
+ * in bytes and `domain' is the communications domain or
+ * address family in which the address should be interpreted.
+ */
+int security_node_sid(__u16 domain,
+ void *addrp,
+ __u32 addrlen,
+ security_id_t *out_sid)
+{
+ int rc = 0;
+ __u32 addr;
+ ocontext_t *c;
+
+ if (POLICY_RDLOCK)
+ return -EAGAIN;
+
+ if (domain != AF_INET || addrlen != sizeof(__u32)) {
+ *out_sid = SECINITSID_NODE;
+ goto out;
+ }
+ addr = *((__u32 *)addrp);
+
+ c = policydb.ocontexts[OCON_NODE];
+ while (c) {
+ if (c->u.node.addr == (addr & c->u.node.mask))
+ break;
+ c = c->next;
+ }
+
+ if (c) {
+ if (!c->sid[0]) {
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ }
+ *out_sid = c->sid[0];
+ } else {
+ *out_sid = SECINITSID_NODE;
+ }
+
+ out:
+ POLICY_RDUNLOCK;
+ return rc;
+}
+
+
+/*
+ * Return the SIDs to use for a NFS file system mounted
+ * from the address `addrp' where `addrlen' is the length of the address
+ * in bytes and `domain' is the communications domain or
+ * address family in which the address should be interpreted.
+ */
+int security_nfs_sid(__u16 domain,
+ void *addrp,
+ __u32 addrlen,
+ security_id_t *fs_sid,
+ security_id_t *file_sid)
+{
+ int rc = 0;
+ __u32 addr;
+ ocontext_t *c;
+
+ if (POLICY_RDLOCK)
+ return -EAGAIN;
+
+ if (domain != AF_INET || addrlen != sizeof(__u32)) {
+ *fs_sid = SECINITSID_NFS;
+ *file_sid = SECINITSID_NFS;
+ goto out;
+ }
+ addr = *((__u32 *)addrp);
+
+ c = policydb.ocontexts[OCON_NFS];
+ while (c) {
+ if (c->u.node.addr == (addr & c->u.node.mask))
+ break;
+ c = c->next;
+ }
+
+ if (c) {
+ if (!c->sid[0] || !c->sid[1]) {
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[1],
+ &c->sid[1]);
+ if (rc)
+ goto out;
+ }
+ *fs_sid = c->sid[0];
+ *file_sid = c->sid[1];
+ } else {
+ *fs_sid = SECINITSID_NFS;
+ *file_sid = SECINITSID_NFS;
+ }
+
+ out:
+ POLICY_RDUNLOCK;
+ return rc;
+}
+
+/*
+ * Generate the set of SIDs for legal security contexts
+ * for a given user that can be reached by `fromsid'.
+ * Set `*sids' to point to a dynamically allocated
+ * array containing the set of SIDs. Set `*nel' to the
+ * number of elements in the array.
+ */
+#define SIDS_NEL 25
+
+int security_get_user_sids(security_id_t fromsid,
+ char *username,
+ security_id_t **sids,
+ __u32 *nel)
+{
+ context_struct_t *fromcon, usercon;
+ security_id_t *mysids, *mysids2, sid;
+ __u32 mynel = 0, maxnel = SIDS_NEL;
+ user_datum_t *user;
+ role_datum_t *role;
+ access_vector_t allowed, decided;
+ access_vector_t auditallow, auditdeny;
+ __u32 seqno;
+ int rc = 0, i, j;
+
+ if (POLICY_RDLOCK)
+ return -EAGAIN;
+
+ fromcon = sidtab_search(&sidtab, fromsid);
+ if (!fromcon) {
+ rc = -EINVAL;
+ goto out;
+ }
+
+ user = (user_datum_t *) hashtab_search(policydb.p_users.table,
+ username);
+ if (!user) {
+ rc = -EINVAL;
+ goto out;
+ }
+ usercon.user = user->value;
+
+ mysids = malloc(maxnel*sizeof(security_id_t));
+ if (!mysids) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ memset(mysids, 0, maxnel*sizeof(security_id_t));
+
+ for (i = ebitmap_startbit(&user->roles); i < ebitmap_length(&user->roles); i++) {
+ if (!ebitmap_get_bit(&user->roles, i))
+ continue;
+ role = policydb.role_val_to_struct[i];
+ usercon.role = i+1;
+ for (j = ebitmap_startbit(&role->types); j < ebitmap_length(&role->types); j++) {
+ if (!ebitmap_get_bit(&role->types, j))
+ continue;
+ usercon.type = j+1;
+ if (usercon.type == fromcon->type)
+ continue;
+ mls_for_user_ranges(user,usercon) {
+ rc = context_struct_compute_av(fromcon, &usercon,
+ SECCLASS_PROCESS,
+ PROCESS__TRANSITION,
+ &allowed, &decided,
+ &auditallow, &auditdeny,
+ &seqno);
+ if (rc || !(allowed & PROCESS__TRANSITION))
+ continue;
+ rc = sidtab_context_to_sid(&sidtab, &usercon, &sid);
+ if (rc) {
+ free(mysids);
+ goto out;
+ }
+ if (mynel < maxnel) {
+ mysids[mynel++] = sid;
+ } else {
+ maxnel += SIDS_NEL;
+ mysids2 = malloc(maxnel*sizeof(security_id_t));
+ if (!mysids2) {
+ rc = -ENOMEM;
+ free(mysids);
+ goto out;
+ }
+ memset(mysids2, 0, maxnel*sizeof(security_id_t));
+ memcpy(mysids2, mysids, mynel * sizeof(security_id_t));
+ free(mysids);
+ mysids = mysids2;
+ mysids[mynel++] = sid;
+ }
+ }
+ mls_end_user_ranges;
+ }
+ }
+
+ *sids = mysids;
+ *nel = mynel;
+
+out:
+ POLICY_RDUNLOCK;
+ return rc;
+}
+
+/*
+ * Return the SID to use for a devfs entry.
+ */
+int security_devfs_sid(char *name,
+ security_class_t sclass,
+ security_id_t *sid)
+{
+ int len, found_len;
+ ocontext_t *c, *found_c;
+ int rc = 0;
+
+ if (POLICY_RDLOCK)
+ return -EAGAIN;
+
+ found_len = 0;
+ found_c = NULL;
+ c = policydb.ocontexts[OCON_DEVFS];
+ while (c) {
+ len = strlen(c->u.name);
+ if (len > found_len &&
+ (!c->sclass || sclass == c->sclass) &&
+ strncmp(c->u.name, name, len) == 0) {
+ found_len = len;
+ found_c = c;
+ }
+ c = c->next;
+ }
+
+ c = found_c;
+ if (!c) {
+ *sid = SECINITSID_DEVFS;
+ goto out;
+ }
+
+ if (!c->sid[0]) {
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ }
+
+ *sid = c->sid[0];
+out:
+ POLICY_RDUNLOCK;
+ return rc;
+}
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/services.h b/security/selinux/ss/services.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/services.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,36 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+#ifndef _SERVICES_H_
+#define _SERVICES_H_
+
+#include "policydb.h"
+#include "sidtab.h"
+
+/*
+ * The security server uses two global data structures
+ * when providing its services: the SID table (sidtab)
+ * and the policy database (policydb).
+ */
+extern sidtab_t sidtab;
+extern policydb_t policydb;
+
+/*
+ * The prototypes for the security services provided to
+ * the kernel are declared in include/linux/flask/security.h.
+ * Some security services are not used by the kernel, so their
+ * prototypes are here.
+ */
+int security_load_policy(FILE * fp); /* IN */
+
+int security_get_user_sids(security_id_t callsid,
+ char *username,
+ security_id_t **sids,
+ __u32 *nel);
+
+#endif /* _SERVICES_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/services_private.h b/security/selinux/ss/services_private.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/services_private.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,79 @@
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+int context_struct_to_string(context_struct_t * context,
+ security_context_t * scontext,
+ __u32 *scontext_len);
+
+extern int avc_debug_always_allow;
+
+static inline int compute_sid_handle_invalid_context(
+ context_struct_t *scontext,
+ context_struct_t *tcontext,
+ security_class_t tclass,
+ context_struct_t *newcontext)
+{
+ security_context_t s, t, n;
+ __u32 slen, tlen, nlen;
+
+ if (avc_debug_always_allow) {
+ context_struct_to_string(scontext, &s, &slen);
+ context_struct_to_string(tcontext, &t, &tlen);
+ context_struct_to_string(newcontext, &n, &nlen);
+ printf("security_compute_sid: invalid context %s", n);
+ printf(" for scontext=%s", s);
+ printf(" tcontext=%s", t);
+ printf(" tclass=%s\n", policydb.p_class_val_to_name[tclass-1]);
+ free(s);
+ free(t);
+ free(n);
+ return 0;
+ } else {
+ return -EACCES;
+ }
+}
+
+static inline int convert_context_handle_invalid_context(
+ context_struct_t *context)
+{
+ security_context_t s;
+ __u32 len;
+
+ if (avc_debug_always_allow) {
+ context_struct_to_string(context, &s, &len);
+ printf("security: context %s is invalid\n", s);
+ free(s);
+ return 0;
+ } else {
+ return -EINVAL;
+ }
+}
+
+#else
+#define compute_sid_handle_invalid_context(scontext,tcontext,tclass,newcontext) -EACCES
+#define convert_context_handle_invalid_context(context) -EINVAL
+#endif
+
+#ifdef __KERNEL__
+static DECLARE_MUTEX(policy_sem);
+#define POLICY_RDLOCK safe_down(&policy_sem)
+#define POLICY_WRLOCK safe_down(&policy_sem)
+#define POLICY_RDUNLOCK safe_up(&policy_sem)
+#define POLICY_WRUNLOCK safe_up(&policy_sem)
+#else
+#define POLICY_RDLOCK 0
+#define POLICY_WRLOCK
+#define POLICY_RDUNLOCK
+#define POLICY_WRUNLOCK
+#endif
+
+#ifdef __KERNEL__
+static DECLARE_MUTEX(load_sem);
+#define LOAD_LOCK down(&load_sem)
+#define LOAD_UNLOCK up(&load_sem)
+#define INTERRUPTS_OFF local_irq_disable()
+#define INTERRUPTS_ON local_irq_enable()
+#else
+#define LOAD_LOCK
+#define LOAD_UNLOCK
+#define INTERRUPTS_OFF
+#define INTERRUPTS_ON
+#endif
diff --minimal -Nru a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/sidtab.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,330 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the SID table type.
+ */
+
+#include "sidtab.h"
+#include "services.h"
+
+#define SIDTAB_HASH(sid) \
+(sid & SIDTAB_HASH_MASK)
+
+#ifdef __KERNEL__
+#define INIT_SIDTAB_LOCK(s) init_MUTEX(&s->sem)
+#define SIDTAB_LOCK(s) safe_down(&s->sem)
+#define SIDTAB_UNLOCK(s) safe_up(&s->sem)
+#else
+#define INIT_SIDTAB_LOCK(s)
+#define SIDTAB_LOCK(s) 0
+#define SIDTAB_UNLOCK(s)
+#endif
+
+int sidtab_init(sidtab_t *s)
+{
+ int i;
+
+ s->htable = malloc(sizeof(sidtab_ptr_t)*SIDTAB_SIZE);
+ if (!s->htable)
+ return -ENOMEM;
+ for (i = 0; i < SIDTAB_SIZE; i++)
+ s->htable[i] = (sidtab_ptr_t) NULL;
+ s->nel = 0;
+ s->next_sid = 1;
+ INIT_SIDTAB_LOCK(s);
+ return 0;
+}
+
+int sidtab_insert(sidtab_t * s, security_id_t sid, context_struct_t * context)
+{
+ int hvalue;
+ sidtab_node_t *prev, *cur, *newnode;
+
+
+ if (!s)
+ return -ENOMEM;
+
+ hvalue = SIDTAB_HASH(sid);
+ prev = NULL;
+ cur = s->htable[hvalue];
+ while (cur != NULL && sid > cur->sid) {
+ prev = cur;
+ cur = cur->next;
+ }
+
+ if (cur && sid == cur->sid)
+ return -EEXIST;
+
+ newnode = (sidtab_node_t *) malloc(sizeof(sidtab_node_t));
+ if (newnode == NULL)
+ return -ENOMEM;
+ newnode->sid = sid;
+ if (context_cpy(&newnode->context, context)) {
+ free(newnode);
+ return -ENOMEM;
+ }
+
+ if (prev) {
+ newnode->next = prev->next;
+ wmb();
+ prev->next = newnode;
+ } else {
+ newnode->next = s->htable[hvalue];
+ wmb();
+ s->htable[hvalue] = newnode;
+ }
+
+ s->nel++;
+ if (sid >= s->next_sid)
+ s->next_sid = sid + 1;
+ return 0;
+}
+
+
+int sidtab_remove(sidtab_t * s, security_id_t sid)
+{
+ int hvalue;
+ sidtab_node_t *cur, *last;
+
+
+ if (!s)
+ return -ENOENT;
+
+ hvalue = SIDTAB_HASH(sid);
+ last = NULL;
+ cur = s->htable[hvalue];
+ while (cur != NULL && sid > cur->sid) {
+ last = cur;
+ cur = cur->next;
+ }
+
+ if (cur == NULL || sid != cur->sid)
+ return -ENOENT;
+
+ if (last == NULL)
+ s->htable[hvalue] = cur->next;
+ else
+ last->next = cur->next;
+
+ context_destroy(&cur->context);
+
+ free(cur);
+ s->nel--;
+ return 0;
+}
+
+
+context_struct_t *
+ sidtab_search(sidtab_t * s, security_id_t sid)
+{
+ int hvalue;
+ sidtab_node_t *cur;
+
+
+ if (!s)
+ return NULL;
+
+ hvalue = SIDTAB_HASH(sid);
+ cur = s->htable[hvalue];
+ while (cur != NULL && sid > cur->sid)
+ cur = cur->next;
+
+ if (cur == NULL || sid != cur->sid) {
+ /* Remap invalid SIDs to the unlabeled SID. */
+ sid = SECINITSID_UNLABELED;
+ hvalue = SIDTAB_HASH(sid);
+ cur = s->htable[hvalue];
+ while (cur != NULL && sid > cur->sid)
+ cur = cur->next;
+ if (!cur || sid != cur->sid)
+ return NULL;
+ }
+
+ return &cur->context;
+}
+
+
+int sidtab_map(sidtab_t * s,
+ int (*apply) (security_id_t sid,
+ context_struct_t * context,
+ void *args),
+ void *args)
+{
+ int i, ret;
+ sidtab_node_t *cur;
+
+
+ if (!s)
+ return 0;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur != NULL) {
+ ret = apply(cur->sid, &cur->context, args);
+ if (ret)
+ return ret;
+ cur = cur->next;
+ }
+ }
+ return 0;
+}
+
+
+void sidtab_map_remove_on_error(sidtab_t * s,
+ int (*apply) (security_id_t sid,
+ context_struct_t * context,
+ void *args),
+ void *args)
+{
+ int i, ret;
+ sidtab_node_t *last, *cur, *temp;
+
+
+ if (!s)
+ return;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ last = NULL;
+ cur = s->htable[i];
+ while (cur != NULL) {
+ ret = apply(cur->sid, &cur->context, args);
+ if (ret) {
+ if (last) {
+ last->next = cur->next;
+ } else {
+ s->htable[i] = cur->next;
+ }
+
+ temp = cur;
+ cur = cur->next;
+ context_destroy(&temp->context);
+ free(temp);
+ s->nel--;
+ } else {
+ last = cur;
+ cur = cur->next;
+ }
+ }
+ }
+
+ return;
+}
+
+static inline security_id_t sidtab_search_context(sidtab_t *s,
+ context_struct_t *context)
+{
+ int i;
+ sidtab_node_t *cur;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur != NULL) {
+ if (context_cmp(&cur->context, context))
+ return cur->sid;
+ cur = cur->next;
+ }
+ }
+ return 0;
+}
+
+int sidtab_context_to_sid(sidtab_t * s,
+ context_struct_t * context,
+ security_id_t * out_sid)
+{
+ security_id_t sid;
+ int ret = 0;
+
+ *out_sid = SECSID_NULL;
+
+ sid = sidtab_search_context(s, context);
+ if (!sid) {
+ if (SIDTAB_LOCK(s))
+ return -EAGAIN;
+ /* Rescan now that we hold the semaphore. */
+ sid = sidtab_search_context(s, context);
+ if (sid)
+ goto up_out;
+ /* No SID exists for the context. Allocate a new one. */
+ if (s->next_sid == UINT_MAX) {
+ ret = -ENOMEM;
+ goto up_out;
+ }
+ sid = s->next_sid++;
+ ret = sidtab_insert(s, sid, context);
+ if (ret)
+ s->next_sid--;
+up_out:
+ SIDTAB_UNLOCK(s);
+ }
+
+ if (ret)
+ return ret;
+
+ *out_sid = sid;
+ return 0;
+}
+
+void sidtab_hash_eval(sidtab_t *h, char *tag)
+{
+ int i, chain_len, slots_used, max_chain_len;
+ sidtab_node_t *cur;
+
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = h->htable[i];
+ if (cur) {
+ slots_used++;
+ chain_len = 0;
+ while (cur) {
+ chain_len++;
+ cur = cur->next;
+ }
+
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ printf("%s: %d entries and %d/%d buckets used, longest chain length %d\n",
+ tag, h->nel, slots_used, SIDTAB_SIZE, max_chain_len);
+}
+
+void sidtab_destroy(sidtab_t * s)
+{
+ int i;
+ sidtab_ptr_t cur, temp;
+
+
+ if (!s)
+ return;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur != NULL) {
+ temp = cur;
+ cur = cur->next;
+ context_destroy(&temp->context);
+ free(temp);
+ }
+ s->htable[i] = NULL;
+ }
+ free(s->htable);
+ s->htable = NULL;
+ s->nel = 0;
+ s->next_sid = 1;
+}
+
+void sidtab_set(sidtab_t *dst, sidtab_t *src)
+{
+ dst->htable = src->htable;
+ dst->nel = src->nel;
+ dst->next_sid = src->next_sid;
+}
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/sidtab.h b/security/selinux/ss/sidtab.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/sidtab.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,70 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A security identifier table (sidtab) is a hash table
+ * of security context structures indexed by SID value.
+ */
+
+#ifndef _SIDTAB_H_
+#define _SIDTAB_H_
+
+#include "context.h"
+
+typedef struct sidtab_node {
+ security_id_t sid; /* security identifier */
+ context_struct_t context; /* security context structure */
+ struct sidtab_node *next;
+} sidtab_node_t;
+
+typedef struct sidtab_node *sidtab_ptr_t;
+
+#define SIDTAB_HASH_BITS 7
+#define SIDTAB_HASH_BUCKETS (1 << SIDTAB_HASH_BITS)
+#define SIDTAB_HASH_MASK (SIDTAB_HASH_BUCKETS-1)
+
+#define SIDTAB_SIZE SIDTAB_HASH_BUCKETS
+
+typedef struct {
+ sidtab_ptr_t *htable;
+ unsigned int nel; /* number of elements */
+ unsigned int next_sid; /* next SID to allocate */
+#ifdef __KERNEL__
+ struct semaphore sem;
+#endif
+} sidtab_t;
+
+int sidtab_init(sidtab_t *s);
+
+int sidtab_insert(sidtab_t * s, security_id_t sid, context_struct_t * context);
+
+context_struct_t *sidtab_search(sidtab_t * s, security_id_t sid);
+
+int sidtab_map(sidtab_t * s,
+ int (*apply) (security_id_t sid,
+ context_struct_t * context,
+ void *args),
+ void *args);
+
+void sidtab_map_remove_on_error(sidtab_t * s,
+ int (*apply) (security_id_t sid,
+ context_struct_t * context,
+ void *args),
+ void *args);
+
+int sidtab_context_to_sid(sidtab_t * s, /* IN */
+ context_struct_t * context, /* IN */
+ security_id_t * sid); /* OUT */
+
+void sidtab_hash_eval(sidtab_t *h, char *tag);
+
+void sidtab_destroy(sidtab_t *s);
+
+void sidtab_set(sidtab_t *dst, sidtab_t *src);
+
+#endif /* _SIDTAB_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/symtab.c b/security/selinux/ss/symtab.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/symtab.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,48 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the symbol table type.
+ */
+
+#include "symtab.h"
+
+static unsigned int symhash(hashtab_t h, hashtab_key_t key)
+{
+ char *p, *keyp;
+ unsigned int size;
+ unsigned int val;
+
+
+ val = 0;
+ keyp = (char *) key;
+ size = strlen(keyp);
+ for (p = keyp; (p - keyp) < size; p++)
+ val = (val << 4 | (val >> (8*sizeof(unsigned int)-4))) ^ (*p);
+ return val & (h->size - 1);
+}
+
+static int symcmp(hashtab_t h, hashtab_key_t key1, hashtab_key_t key2)
+{
+ char *keyp1, *keyp2;
+
+
+ keyp1 = (char *) key1;
+ keyp2 = (char *) key2;
+ return strcmp(keyp1, keyp2);
+}
+
+
+int symtab_init(symtab_t * s, unsigned int size)
+{
+ s->table = hashtab_create(symhash, symcmp, size);
+ if (!s->table)
+ return -1;
+ s->nprim = 0;
+ return 0;
+}
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/symtab.h b/security/selinux/ss/symtab.h
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/symtab.h Tue Feb 12 18:59:50 2002
@@ -0,0 +1,28 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A symbol table (symtab) maintains associations between symbol
+ * strings and datum values. The type of the datum values
+ * is arbitrary. The symbol table type is implemented
+ * using the hash table type (hashtab).
+ */
+
+#ifndef _SYMTAB_H_
+#define _SYMTAB_H_
+
+#include "hashtab.h"
+
+typedef struct {
+ hashtab_t table; /* hash table (keyed on a string) */
+ __u32 nprim; /* number of primary names in table */
+} symtab_t;
+
+int symtab_init(symtab_t *, unsigned int size);
+
+#endif /* _SYMTAB_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/syscalls.c b/security/selinux/ss/syscalls.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/syscalls.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,442 @@
+
+/* FLASK */
+
+/*
+ * Implementation of security server system calls
+ */
+
+#include <linux/config.h>
+#include <linux/flask/security.h>
+#include <linux/flask/avc.h>
+#include <linux/flask/syscalls.h>
+#include <asm/uaccess.h> /* copy_to/from_user */
+#include <asm/errno.h>
+#include "services.h"
+#include "sidtab.h"
+
+/* hooks.c */
+extern int task_has_security(struct task_struct *tsk,
+ access_vector_t perms);
+
+#define CONTEXT_MAX 8192
+#define USERNAME_MAX 255
+
+/*
+ * Compute access vectors based on a SID pair for
+ * the permissions in a particular class.
+ */
+long sys_security_compute_av(struct security_query *query,
+ struct security_response *response)
+{
+ int ret_val;
+ struct security_query q2;
+ struct security_response r2;
+
+
+ ret_val = task_has_security(current, SECURITY__COMPUTE_AV);
+ if (ret_val)
+ goto out;
+
+ if (copy_from_user(&q2, query, sizeof(q2))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+ ret_val = security_compute_av(
+ q2.ssid, q2.tsid, q2.tclass, q2.requested,
+ &(r2.allowed), &(r2.decided),
+ &(r2.auditallow),
+ &(r2.auditdeny),
+ &(r2.seqno));
+
+ if (ret_val)
+ goto out;
+
+ if (copy_to_user(response, &r2, sizeof(r2))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+ out:
+ return ret_val;
+}
+
+
+/*
+ * Write the security context string representation of
+ * the context associated with `sid' into the provided
+ * buffer `scontext'. On entry, `*scontext_len' should
+ * be set to the length of the provided buffer. On exit,
+ * `*scontext_len' is set to the length of the string.
+ * If the provided buffer is too small, `*scontext_len'
+ * is set to the correct length and -ENOSPC is returned.
+ */
+long sys_security_sid_to_context(security_id_t sid,
+ security_context_t scontext,
+ __u32 *scontext_len)
+{
+ int ret_val;
+ security_context_t scontext2;
+ __u32 in_len, out_len;
+
+
+ ret_val = task_has_security(current, SECURITY__SID_TO_CONTEXT);
+ if (ret_val)
+ goto out2;
+
+ ret_val = security_sid_to_context(sid, &scontext2, &out_len);
+ if (ret_val)
+ goto out2;
+
+ if (copy_from_user(&in_len, scontext_len, sizeof(__u32))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+ if (copy_to_user(scontext_len, &out_len, sizeof(__u32))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+ if (in_len < out_len) {
+ ret_val = -ENOSPC;
+ goto out;
+ }
+ if (copy_to_user(scontext, scontext2, out_len)) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+ out:
+ kfree(scontext2);
+ out2:
+ return ret_val;
+}
+
+
+/*
+ * Return a SID associated with the security context that
+ * has the string representation specified by `scontext'.
+ */
+long sys_security_context_to_sid(security_context_t scontext,
+ __u32 scontext_len,
+ security_id_t * out_sid)
+{
+ int ret_val;
+ security_context_t scontext2;
+ security_id_t out_sid_2;
+
+ if (scontext_len == 0 || scontext_len > CONTEXT_MAX)
+ return -ENAMETOOLONG;
+
+ ret_val = task_has_security(current, SECURITY__CONTEXT_TO_SID);
+ if (ret_val)
+ goto out;
+
+ scontext2 = kmalloc(scontext_len, GFP_USER);
+ if (!scontext2) {
+ ret_val = -ENOMEM;
+ goto out;
+ }
+ if (copy_from_user(scontext2, scontext,(unsigned long) scontext_len)) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+ ret_val = security_context_to_sid(scontext2, scontext_len, &out_sid_2);
+ kfree(scontext2);
+ if (ret_val)
+ goto out;
+ if (copy_to_user(out_sid, &out_sid_2, sizeof(out_sid_2))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+ out:
+ return ret_val;
+}
+
+
+/*
+ * Compute a SID to use for labeling a new object in the
+ * class `tclass' based on a SID pair.
+ */
+long sys_security_transition_sid(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ security_id_t * out_sid )
+{
+ int ret_val;
+ security_id_t out_sid_2;
+
+
+ ret_val = task_has_security(current, SECURITY__TRANSITION_SID);
+ if (ret_val)
+ goto out;
+
+ ret_val = security_transition_sid(ssid, tsid, tclass, &out_sid_2);
+ if (ret_val)
+ goto out;
+ if (copy_to_user(out_sid, &out_sid_2, sizeof(out_sid_2))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+ out:
+ return ret_val;
+}
+
+
+/*
+ * Compute a SID to use for relabeling an object in the
+ * class `tclass' based on a SID pair.
+ */
+long sys_security_change_sid(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ security_id_t * out_sid )
+{
+ int ret_val;
+ security_id_t out_sid_2;
+
+
+ ret_val = task_has_security(current, SECURITY__CHANGE_SID);
+ if (ret_val)
+ goto out;
+
+ ret_val = security_change_sid(ssid, tsid, tclass, &out_sid_2);
+ if (ret_val)
+ goto out;
+ if (copy_to_user(out_sid, &out_sid_2, sizeof(out_sid_2))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+ out:
+ return ret_val;
+}
+
+
+/*
+ * Compute a SID to use when selecting a member of a
+ * polyinstantiated object of class `tclass' based on
+ * a SID pair.
+ */
+long sys_security_member_sid(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ security_id_t * out_sid)
+{
+ int ret_val;
+ security_id_t out_sid_2;
+
+
+ ret_val = task_has_security(current, SECURITY__MEMBER_SID);
+ if (ret_val)
+ goto out;
+
+ ret_val = security_member_sid(ssid, tsid, tclass, &out_sid_2);
+ if (ret_val)
+ goto out;
+ if (copy_to_user(out_sid, &out_sid_2, sizeof(out_sid_2))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+ out:
+ return ret_val;
+}
+
+
+extern char *policyfile;
+
+/*
+ * Load a new policy configuration from a file,
+ * update the security server state, and reset
+ * the access vector cache. If no path is specified,
+ * then the default policy configuration file is used.
+ */
+long sys_security_load_policy(char *path,
+ __u32 pathlen)
+
+{
+ char *file;
+ FILE *fp;
+ int ret_val;
+
+ if (pathlen > PATH_MAX)
+ return -ENAMETOOLONG;
+
+ if (pathlen) {
+ file = kmalloc(pathlen, GFP_USER);
+ if (!file) {
+ return -ENOMEM;
+ }
+ if (copy_from_user(file, path, (unsigned long) pathlen)) {
+ ret_val = -EFAULT;
+ goto out2;
+ }
+ if (file[pathlen - 1]) {
+ /* Path is not null-terminated. */
+ ret_val = -EINVAL;
+ goto out2;
+ }
+ if (file[0] == 0) {
+ kfree(file);
+ file = policyfile;
+ }
+ } else
+ file = policyfile;
+
+ printf("ss: loading policy configuration from %s\n", file);
+ fp = fopen(file, "r");
+ if (!fp) {
+ printf("ss: unable to open %s\n", file);
+ ret_val = -EINVAL;
+ goto out2;
+ }
+ ret_val = task_has_security(current, SECURITY__LOAD_POLICY);
+ if (ret_val)
+ goto out;
+ ret_val = security_load_policy(fp);
+
+ out:
+ fclose(fp);
+ out2:
+ if (file != policyfile)
+ kfree(file);
+ return ret_val;
+}
+
+
+/*
+ * Write the set of active SIDs into the provided
+ * array `sids'. On entry, `*nel' should be set
+ * to the number of elements in the provided array. On
+ * exit, `*nel' is set to the number of active SIDs.
+ * If the provided array is too small, `*nel' is set
+ * to the number of active SIDs and -ENOSPC is returned.
+ */
+long sys_security_get_sids(security_id_t * sids,
+ __u32 *nel)
+{
+ int ret_val, i, j;
+ security_id_t *sids2;
+ __u32 in_nel;
+ sidtab_node_t *cur;
+
+ ret_val = task_has_security(current, SECURITY__GET_SIDS);
+ if (ret_val)
+ goto out;
+
+ if (copy_from_user(&in_nel, nel, sizeof(__u32))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+ if (copy_to_user(nel, &sidtab.nel, sizeof(__u32))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+ if (in_nel < sidtab.nel) {
+ ret_val = -ENOSPC;
+ goto out;
+ }
+ sids2 = kmalloc(sizeof(security_id_t) * sidtab.nel, GFP_USER);
+ if (!sids2) {
+ ret_val = -ENOMEM;
+ goto out;
+ }
+ j = 0;
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = sidtab.htable[i];
+ while (cur != NULL) {
+ sids2[j++] = cur->sid;
+ cur = cur->next;
+ }
+ }
+
+ if (copy_to_user(sids, sids2, sizeof(security_id_t) * sidtab.nel)) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+ kfree(sids2);
+ out:
+ return ret_val;
+}
+
+/*
+ * Generate the set of SIDs for legal security contexts
+ * for a given user that can be reached by `fromsid'.
+ * Write the set of SIDs into the provided array `sids'.
+ * On entry, `*nel' should be set to the number of elements in
+ * the provided array. On exit, `*nel' is set to the number of SIDs.
+ * If the provided array is too small, `*nel' is set to the number
+ * of SIDs and -ENOSPC is returned.
+ */
+long sys_security_get_user_sids(security_id_t fromsid,
+ char *username,
+ __u32 namelen,
+ security_id_t * sids,
+ __u32 *nel)
+{
+ int ret_val = 0;
+ char *username2 = 0;
+ security_id_t *sids2 = 0;
+ __u32 in_nel, out_nel;
+
+ if (namelen == 0 || namelen > USERNAME_MAX)
+ return -ENAMETOOLONG;
+
+
+ ret_val = task_has_security(current, SECURITY__GET_USER_SIDS);
+ if (ret_val)
+ goto out;
+
+ if (copy_from_user(&in_nel, nel, sizeof(__u32))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+ username2 = kmalloc(namelen, GFP_USER);
+ if (!username2) {
+ ret_val = -ENOMEM;
+ goto out;
+ }
+
+ if (copy_from_user(username2, username, (unsigned long)namelen)) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+ if (username2[namelen - 1]) {
+ ret_val = -EINVAL;
+ goto out;
+ }
+
+ ret_val = security_get_user_sids(fromsid, username2,
+ &sids2, &out_nel);
+ if (ret_val)
+ goto out;
+
+ if (copy_to_user(nel, &out_nel, sizeof(__u32))) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+ if (in_nel < out_nel) {
+ ret_val = -ENOSPC;
+ goto out;
+ }
+
+ if (copy_to_user(sids, sids2, sizeof(security_id_t) * out_nel)) {
+ ret_val = -EFAULT;
+ goto out;
+ }
+
+out:
+ if (username2)
+ kfree(username2);
+ if (sids2)
+ kfree(sids2);
+ return ret_val;
+}
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/syscalls.c b/security/selinux/syscalls.c
--- /dev/null Wed Dec 31 16:00:00 1969
+++ b/security/selinux/syscalls.c Tue Feb 12 18:59:50 2002
@@ -0,0 +1,660 @@
+/*
+ * NSA Security-Enhanced Linux (SELinux) security module
+ *
+ * This file contains the architecture-independent code for the
+ * SELinux new system call implementations.
+ *
+ * Authors: Stephen Smalley, NAI Labs, <ssmalley@nai.com>
+ * Chris Vance, <cvance@nai.com>
+ *
+ * Copyright (C) 2001 Networks Associates Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/errno.h>
+#include <linux/security.h>
+#include <linux/capability.h>
+#include <linux/unistd.h>
+#include <linux/mm.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/spinlock.h>
+#include <linux/file.h>
+#include <asm/uaccess.h>
+#include <asm/ipc.h> /* MSGGET, etc needed for sys_ipc() */
+#include <linux/flask/avc.h>
+#include <linux/flask/psid.h>
+#include <linux/flask/syscalls.h>
+#include "selinux_plug.h"
+
+extern void *sys_call_table[];
+
+long sys_getsecsid(void)
+{
+ struct task_security_struct *tsec;
+
+ if (task_precondition(current) <= 0)
+ return SECINITSID_UNLABELED;
+
+ tsec = current->security;
+ return tsec->sid;
+}
+
+long sys_getosecsid(void)
+{
+ struct task_security_struct *tsec;
+
+ if (task_precondition(current) <= 0)
+ return SECINITSID_UNLABELED;
+
+ tsec = current->security;
+ return tsec->osid;
+}
+
+long sys_lstat_stat_secure(int follow_link,
+ const char *pathname,
+ struct stat *buf,
+ security_id_t *out_sid)
+{
+ long (*stat_f)(const char * filename, struct stat * statbuf);
+ struct task_security_struct *tsec;
+ int rc;
+
+ if (follow_link)
+ stat_f = sys_call_table[__NR_stat];
+ else
+ stat_f = sys_call_table[__NR_lstat];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+
+ rc = stat_f(pathname, buf);
+ if (rc)
+ return rc;
+
+ if (out_sid) {
+ if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+long sys_fstat_secure(unsigned int fd,
+ struct stat *buf,
+ security_id_t *out_sid)
+{
+ long (*fstat_f)(unsigned int fd, struct stat * statbuf);
+ struct task_security_struct *tsec;
+ int rc;
+
+ fstat_f = sys_call_table[__NR_fstat];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ rc = fstat_f(fd, buf);
+ if (rc)
+ return rc;
+
+ if (out_sid) {
+ if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+
+static int chsid_common(struct dentry * dentry, security_id_t newsid)
+{
+ struct inode *inode = dentry->d_inode;
+ struct task_security_struct *tsec;
+ struct inode_security_struct *isec;
+ struct superblock_security_struct *sbsec;
+ avc_audit_data_t ad;
+ int rc = 0;
+
+ if (!inode) {
+ printk("chsid_common: NULL inode\n");
+ return -ENOENT;
+ }
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+ if (inode_precondition(inode) <= 0)
+ return -EACCES;
+
+ if (IS_RDONLY(inode))
+ return -EROFS;
+ if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
+ return -EPERM;
+
+ tsec = current->security;
+ isec = inode->i_security;
+
+ AVC_AUDIT_DATA_INIT(&ad,FS);
+ ad.u.fs.dentry = dentry;
+
+ down(&isec->sem);
+
+ rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, isec->sclass,
+ FILE__RELABELFROM,
+ &isec->avcr, &ad);
+ if (rc)
+ goto out;
+
+ rc = avc_has_perm_audit(tsec->sid, newsid, isec->sclass,
+ FILE__RELABELTO, &ad);
+ if (rc)
+ goto out;
+
+ if (inode->i_sb) {
+ sbsec = inode->i_sb->s_security;
+ rc = avc_has_perm_audit(newsid,
+ sbsec->sid,
+ SECCLASS_FILESYSTEM,
+ FILESYSTEM__ASSOCIATE,
+ &ad);
+ if (rc)
+ goto out;
+
+ if (sbsec->uses_psids) {
+ rc = sid_to_psid(inode, newsid);
+ if (rc)
+ goto out;
+ }
+ }
+
+ isec->sid = newsid;
+out:
+
+ up(&isec->sem);
+ return rc;
+}
+
+long sys_lchsid_chsid(int follow_link,
+ const char *filename,
+ security_id_t sid)
+{
+ struct nameidata nd;
+ int error;
+
+ if (follow_link)
+ error = user_path_walk(filename, &nd);
+ else
+ error = user_path_walk_link(filename, &nd);
+ if (!error) {
+ error = chsid_common(nd.dentry, sid);
+ path_release(&nd);
+ }
+ return error;
+}
+
+long sys_fchsid(unsigned int fd, security_id_t sid)
+{
+ struct file * file;
+ int error = -EBADF;
+
+ file = fget(fd);
+ if (file) {
+ error = chsid_common(file->f_dentry, sid);
+ fput(file);
+ }
+ return error;
+}
+
+long sys_open_secure(const char * filename, int flags, int mode,
+ security_id_t sid)
+{
+ long (*open_f)(const char * filename, int flags, int mode);
+ struct task_security_struct *tsec;
+ int rc;
+
+ open_f = sys_call_table[__NR_open];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ tsec->in_sid[0] = sid;
+ rc = open_f(filename, flags, mode);
+ tsec->in_sid[0] = 0;
+ return rc;
+}
+
+long sys_mkdir_secure(const char * pathname, int mode,
+ security_id_t sid)
+{
+ long (*mkdir_f)(const char * pathname, int mode);
+ struct task_security_struct *tsec;
+ int rc;
+
+ mkdir_f = sys_call_table[__NR_mkdir];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ tsec->in_sid[0] = sid;
+ rc = mkdir_f(pathname, mode);
+ tsec->in_sid[0] = 0;
+ return rc;
+}
+
+long sys_mknod_secure(const char * filename, int mode, dev_t dev,
+ security_id_t sid)
+{
+ long (*mknod_f)(const char * filename, int mode, dev_t dev);
+ struct task_security_struct *tsec;
+ int rc;
+
+ mknod_f = sys_call_table[__NR_mknod];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ tsec->in_sid[0] = sid;
+ rc = mknod_f(filename,mode,dev);
+ tsec->in_sid[0] = 0;
+ return rc;
+}
+
+long sys_symlink_secure(const char * oldname, const char * newname,
+ security_id_t sid)
+{
+ long (*symlink_f)(const char * oldname, const char * newname);
+ struct task_security_struct *tsec;
+ int rc;
+
+ symlink_f = sys_call_table[__NR_symlink];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ tsec->in_sid[0] = sid;
+ rc = symlink_f(oldname, newname);
+ tsec->in_sid[0] = 0;
+ return rc;
+}
+
+long sys_statfs_secure(const char *pathname,
+ struct statfs *buf,
+ security_id_t *out_sid)
+{
+ long (*statfs_f)(const char * path, struct statfs * buf);
+ struct task_security_struct *tsec;
+ int rc;
+
+ statfs_f = sys_call_table[__NR_statfs];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ rc = statfs_f(pathname, buf);
+ if (rc)
+ return rc;
+
+ if (out_sid) {
+ if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+long sys_fstatfs_secure(unsigned int fd,
+ struct statfs *buf,
+ security_id_t *out_sid)
+{
+ long (*fstatfs_f)(unsigned int fd, struct statfs * buf);
+ struct task_security_struct *tsec;
+ int rc;
+
+ fstatfs_f = sys_call_table[__NR_fstatfs];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ rc = fstatfs_f(fd, buf);
+ if (rc)
+ return rc;
+
+ if (out_sid) {
+ if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+int vfs_chsidfs(struct super_block *sb,
+ security_id_t fs_sid,
+ security_id_t f_sid)
+{
+ struct task_security_struct *tsec;
+ struct superblock_security_struct *sbsec;
+ avc_audit_data_t ad;
+ int rc = 0;
+
+ if (!sb)
+ return -ENODEV;
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+ if (superblock_precondition(sb) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ sbsec = sb->s_security;
+
+ AVC_AUDIT_DATA_INIT(&ad,FS);
+ ad.u.fs.dentry = sb->s_root;
+
+ down(&sbsec->sem);
+
+ rc = avc_has_perm_audit(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
+ FILESYSTEM__RELABELFROM, &ad);
+ if (rc)
+ goto out;
+
+ rc = avc_has_perm_audit(sbsec->sid, fs_sid, SECCLASS_FILESYSTEM,
+ FILESYSTEM__TRANSITION, &ad);
+ if (rc)
+ goto out;
+
+ rc = avc_has_perm_audit(tsec->sid, fs_sid, SECCLASS_FILESYSTEM,
+ FILESYSTEM__RELABELTO, &ad);
+ if (rc)
+ goto out;
+
+ rc = avc_has_perm_audit(f_sid, fs_sid, SECCLASS_FILESYSTEM,
+ FILESYSTEM__ASSOCIATE,
+ &ad);
+ if (rc)
+ goto out;
+
+ if (sbsec->uses_psids) {
+ rc = psid_chsidfs(sb, fs_sid, f_sid);
+ if (rc)
+ goto out;
+ }
+
+ sbsec->sid = fs_sid;
+
+ out:
+ up(&sbsec->sem);
+ return rc;
+}
+
+long sys_chsidfs(const char * path,
+ security_id_t fs_sid,
+ security_id_t f_sid)
+{
+ struct nameidata nd;
+ int error;
+
+ error = user_path_walk(path, &nd);
+ if (!error) {
+ error = vfs_chsidfs(nd.dentry->d_inode->i_sb, fs_sid, f_sid);
+ path_release(&nd);
+ }
+ return error;
+}
+
+long sys_fchsidfs(unsigned int fd,
+ security_id_t fs_sid,
+ security_id_t f_sid)
+{
+ struct file * file;
+ int error;
+
+ error = -EBADF;
+ file = fget(fd);
+ if (!file)
+ goto out;
+ error = vfs_chsidfs(file->f_dentry->d_inode->i_sb, fs_sid, f_sid);
+ fput(file);
+out:
+ return error;
+}
+
+/*
+ * 8 new IPC syscalls.
+ */
+int sys_semsid(int semid, security_id_t *out_sid)
+{
+ long (*ipc_f)(uint call, int first, int second,
+ int third, void *ptr, long fifth);
+ struct task_security_struct *tsec;
+ mm_segment_t old_fs;
+ struct semid_ds buf;
+ union semun arg;
+ int err;
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+ tsec = current->security;
+
+ ipc_f = sys_call_table[__NR_ipc];
+
+ arg.buf = &buf;
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ err = ipc_f(SEMCTL, semid, 0, IPC_STAT, &arg, 0);
+ set_fs(old_fs);
+
+ if (err)
+ return err;
+
+ if (out_sid) {
+ if (copy_to_user(out_sid, &tsec->out_sid[0],
+ sizeof(security_id_t)))
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+int sys_shmsid(int shmid, security_id_t *out_sid)
+{
+ long (*ipc_f)(uint call, int first, int second,
+ int third, void *ptr, long fifth);
+ struct task_security_struct *tsec;
+ mm_segment_t old_fs;
+ struct shmid_ds buf;
+ int err;
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+ tsec = current->security;
+
+ ipc_f = sys_call_table[__NR_ipc];
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ err = ipc_f(SHMCTL, shmid, IPC_STAT, 0, &buf, 0);
+ set_fs(old_fs);
+
+ if (err)
+ return err;
+
+ if (out_sid) {
+ if (copy_to_user(out_sid, &tsec->out_sid[0],
+ sizeof(security_id_t)))
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+int sys_msgsid(int msqid, security_id_t *out_sid)
+{
+ long (*ipc_f)(uint call, int first, int second,
+ int third, void *ptr, long fifth);
+ struct task_security_struct *tsec;
+ mm_segment_t old_fs;
+ struct msqid_ds buf;
+ int err;
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+ tsec = current->security;
+
+ ipc_f = sys_call_table[__NR_ipc];
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ err = ipc_f(MSGCTL, msqid, IPC_STAT, 0, &buf, 0);
+ set_fs(old_fs);
+
+ if (err)
+ return err;
+
+ if (out_sid) {
+ if (copy_to_user(out_sid, &tsec->out_sid[0],
+ sizeof(security_id_t)))
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+int sys_msgget_secure(key_t key, int msgflag, security_id_t sid)
+{
+ long (*ipc_f)(uint call, int first, int second,
+ int third, void *ptr, long fifth);
+ struct task_security_struct *tsec;
+ int rc;
+
+ ipc_f = sys_call_table[__NR_ipc];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ tsec->in_sid[0] = sid;
+ rc = ipc_f(MSGGET, key, msgflag, 0, 0, 0);
+ tsec->in_sid[0] = 0;
+
+ return rc;
+}
+
+int sys_semget_secure(key_t key, int nsems, int semflag, security_id_t sid)
+{
+ long (*ipc_f)(uint call, int first, int second,
+ int third, void *ptr, long fifth);
+ struct task_security_struct *tsec;
+ int rc;
+
+ ipc_f = sys_call_table[__NR_ipc];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ tsec->in_sid[0] = sid;
+ rc = ipc_f(SEMGET, key, nsems, semflag, 0, 0);
+ tsec->in_sid[0] = 0;
+
+ return rc;
+}
+
+
+int sys_shmget_secure (key_t key, int size, int flag, security_id_t sid)
+{
+ long (*ipc_f)(uint call, int first, int second,
+ int third, void *ptr, long fifth);
+ struct task_security_struct *tsec;
+ int rc;
+
+ ipc_f = sys_call_table[__NR_ipc];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ tsec->in_sid[0] = sid;
+ rc = ipc_f(SHMGET, key, size, flag, 0, 0);
+ tsec->in_sid[0] = 0;
+
+ return rc;
+}
+
+
+int sys_msgsnd_secure(int msqid, void *msgp, size_t msgsz, int msgflg,
+ security_id_t sid)
+{
+ long (*ipc_f)(uint call, int first, int second,
+ int third, void *ptr, long fifth);
+ struct task_security_struct *tsec;
+ int rc;
+
+ ipc_f = sys_call_table[__NR_ipc];
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+
+ tsec = current->security;
+ tsec->in_sid[0] = sid;
+ rc = ipc_f(MSGSND, msqid, msgsz, msgflg, msgp, 0);
+ tsec->in_sid[0] = 0;
+
+ return rc;
+}
+
+
+int sys_msgrcv_secure(int msqid, void *msgp, size_t msgsz, long msgtyp,
+ int msgflg, security_id_t *out_sid)
+{
+ long (*ipc_f)(uint call, int first, int second,
+ int third, void *ptr, long fifth);
+ struct task_security_struct *tsec;
+ uint call;
+ int rc;
+
+ if (!out_sid)
+ return -EFAULT;
+
+ if (task_precondition(current) <= 0)
+ return -EACCES;
+ tsec = current->security;
+
+ ipc_f = sys_call_table[__NR_ipc];
+
+ if (copy_from_user(&tsec->in_sid[0], out_sid, sizeof(security_id_t)))
+ return -EFAULT;
+
+ /*
+ * Don't use default version (0), since sys_ipc will then
+ * perform a copy_from_user on an expected struct ipc_kludge
+ * pointer parameter. Otherwise, note that the order of the
+ * parameters is different.
+ */
+ call = IPCCALL(1,MSGRCV);
+
+ rc = ipc_f(call, msqid, msgsz, msgflg, msgp, msgtyp );
+ tsec->in_sid[0] = 0;
+
+ if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+ return -EFAULT;
+
+ return rc;
+}
+
+#include "asm/flask/syscalls.c"
|