Merge tag 'selinux-pr-20200330' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

What:		/sys/fs/selinux/checkreqprot

Date:		April 2005 (predates git)

KernelVersion:	2.6.12-rc2 (predates git)

Contact:	selinux@vger.kernel.org

Description:

	The selinuxfs "checkreqprot" node allows SELinux to be configured

	to check the protection requested by userspace for mmap/mprotect

	calls instead of the actual protection applied by the kernel.

	This was a compatibility mechanism for legacy userspace and

	for the READ_IMPLIES_EXEC personality flag.  However, if set to

	1, it weakens security by allowing mappings to be made executable

	without authorization by policy.  The default value of checkreqprot

	at boot was changed starting in Linux v4.4 to 0 (i.e. check the

	actual protection), and Android and Linux distributions have been

	explicitly writing a "0" to /sys/fs/selinux/checkreqprot during

	initialization for some time.  Support for setting checkreqprot to 1

	will be	removed in a future kernel release, at which point the kernel

	will always cease using checkreqprot internally and will always

	check the actual protections being applied upon mmap/mprotect calls.

	The checkreqprot selinuxfs node will remain for backward compatibility

	but will discard writes of the "0" value and will reject writes of the

	"1" value when this mechanism is removed.

			Default value is set via a kernel config option.

			Value can be changed at runtime via

				/sys/fs/selinux/checkreqprot.

			Setting checkreqprot to 1 is deprecated.

	cio_ignore=	[S390]

			See Documentation/s390/common_io.rst for details.

SELINUX SECURITY MODULE

M:	Paul Moore <paul@paul-moore.com>

M:	Stephen Smalley <sds@tycho.nsa.gov>

M:	Stephen Smalley <stephen.smalley.work@gmail.com>

M:	Eric Paris <eparis@parisplace.org>

L:	selinux@vger.kernel.org

W:	https://selinuxproject.org

F:	scripts/selinux/

F:	Documentation/admin-guide/LSM/SELinux.rst

F:	Documentation/ABI/obsolete/sysfs-selinux-disable

F:	Documentation/ABI/obsolete/sysfs-selinux-checkreqprot

SENSABLE PHANTOM

M:	Jiri Slaby <jirislaby@gmail.com>

	struct inode *inode;

	char *name;

	int error = -ENOMEM;

	unsigned long kflags = 0, kflags_out = 0;

	name = kstrdup(fc->source, GFP_KERNEL);

	if (!name)

	if (fsinfo.fattr == NULL)

		goto out_name;

	fsinfo.fattr->label = nfs4_label_alloc(server, GFP_KERNEL);

	if (IS_ERR(fsinfo.fattr->label))

		goto out_fattr;

	error = server->nfs_client->rpc_ops->getroot(server, ctx->mntfh, &fsinfo);

	if (error < 0) {

		dprintk("nfs_get_root: getattr error = %d\n", -error);

		nfs_errorf(fc, "NFS: Couldn't getattr on root");

		goto out_fattr;

		goto out_label;

	}

	inode = nfs_fhget(s, ctx->mntfh, fsinfo.fattr, NULL);

		dprintk("nfs_get_root: get root inode failed\n");

		error = PTR_ERR(inode);

		nfs_errorf(fc, "NFS: Couldn't get root inode");

		goto out_fattr;

		goto out_label;

	}

	error = nfs_superblock_set_dummy_root(s, inode);

	if (error != 0)

		goto out_fattr;

		goto out_label;

	/* root dentries normally start off anonymous and get spliced in later

	 * if the dentry tree reaches them; however if the dentry already

		dprintk("nfs_get_root: get root dentry failed\n");

		error = PTR_ERR(root);

		nfs_errorf(fc, "NFS: Couldn't get root dentry");

		goto out_fattr;

		goto out_label;

	}

	security_d_instantiate(root, inode);

	}

	spin_unlock(&root->d_lock);

	fc->root = root;

	if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL)

		kflags |= SECURITY_LSM_NATIVE_LABELS;

	if (ctx->clone_data.sb) {

		if (d_inode(fc->root)->i_fop != &nfs_dir_operations) {

			error = -ESTALE;

			goto error_splat_root;

		}

		/* clone lsm security options from the parent to the new sb */

		error = security_sb_clone_mnt_opts(ctx->clone_data.sb,

						   s, kflags, &kflags_out);

	} else {

		error = security_sb_set_mnt_opts(s, fc->security,

							kflags, &kflags_out);

	}

	if (error)

		goto error_splat_root;

	if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL &&

		!(kflags_out & SECURITY_LSM_NATIVE_LABELS))

		NFS_SB(s)->caps &= ~NFS_CAP_SECURITY_LABEL;

	nfs_setsecurity(inode, fsinfo.fattr, fsinfo.fattr->label);

	error = 0;

out_label:

	nfs4_label_free(fsinfo.fattr->label);

out_fattr:

	nfs_free_fattr(fsinfo.fattr);

out_name:

	kfree(name);

out:

	return error;

error_splat_root:

	dput(fc->root);

	fc->root = NULL;

	goto out_label;

}

{

	int error;

	struct nfs_fattr *fattr = info->fattr;

	struct nfs4_label *label = NULL;

	struct nfs4_label *label = fattr->label;

	error = nfs4_server_capabilities(server, mntfh);

	if (error < 0) {

		return error;

	}

	label = nfs4_label_alloc(server, GFP_KERNEL);

	if (IS_ERR(label))

		return PTR_ERR(label);

	error = nfs4_proc_getattr(server, mntfh, fattr, label, NULL);

	if (error < 0) {

		dprintk("nfs4_get_root: getattr error = %d\n", -error);

		goto err_free_label;

		goto out;

	}

	if (fattr->valid & NFS_ATTR_FATTR_FSID &&

	    !nfs_fsid_equal(&server->fsid, &fattr->fsid))

		memcpy(&server->fsid, &fattr->fsid, sizeof(server->fsid));

err_free_label:

	nfs4_label_free(label);

out:

	return error;

}