| smack_lsm.c (44f10dbefd5e41b3385af91f855a57aa2afaf40e) | smack_lsm.c (6bcdfd2cac5559c680aef8dd4c5facada55ab623) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> --- 38 unchanged lines hidden (view full) --- 47 48#define TRANS_TRUE "TRUE" 49#define TRANS_TRUE_SIZE 4 50 51#define SMK_CONNECTING 0 52#define SMK_RECEIVING 1 53#define SMK_SENDING 2 54 | 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> --- 38 unchanged lines hidden (view full) --- 47 48#define TRANS_TRUE "TRUE" 49#define TRANS_TRUE_SIZE 4 50 51#define SMK_CONNECTING 0 52#define SMK_RECEIVING 1 53#define SMK_SENDING 2 54 |
| 55#define SMACK_INODE_INIT_XATTRS 1 56 |
|
| 55#ifdef SMACK_IPV6_PORT_LABELING 56static DEFINE_MUTEX(smack_ipv6_lock); 57static LIST_HEAD(smk_ipv6_port_list); 58#endif 59struct kmem_cache *smack_rule_cache; 60int smack_enabled __initdata; 61 62#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} --- 855 unchanged lines hidden (view full) --- 918 return 0; 919} 920 921/** 922 * smack_inode_init_security - copy out the smack from an inode 923 * @inode: the newly created inode 924 * @dir: containing directory object 925 * @qstr: unused | 57#ifdef SMACK_IPV6_PORT_LABELING 58static DEFINE_MUTEX(smack_ipv6_lock); 59static LIST_HEAD(smk_ipv6_port_list); 60#endif 61struct kmem_cache *smack_rule_cache; 62int smack_enabled __initdata; 63 64#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} --- 855 unchanged lines hidden (view full) --- 920 return 0; 921} 922 923/** 924 * smack_inode_init_security - copy out the smack from an inode 925 * @inode: the newly created inode 926 * @dir: containing directory object 927 * @qstr: unused |
| 926 * @name: where to put the attribute name 927 * @value: where to put the attribute value 928 * @len: where to put the length of the attribute | 928 * @xattrs: where to put the attributes 929 * @xattr_count: current number of LSM-provided xattrs (updated) |
| 929 * 930 * Returns 0 if it all works out, -ENOMEM if there's no memory 931 */ 932static int smack_inode_init_security(struct inode *inode, struct inode *dir, | 930 * 931 * Returns 0 if it all works out, -ENOMEM if there's no memory 932 */ 933static int smack_inode_init_security(struct inode *inode, struct inode *dir, |
| 933 const struct qstr *qstr, const char **name, 934 void **value, size_t *len) | 934 const struct qstr *qstr, 935 struct xattr *xattrs, int *xattr_count) |
| 935{ 936 struct task_smack *tsp = smack_cred(current_cred()); 937 struct inode_smack *issp = smack_inode(inode); 938 struct smack_known *skp = smk_of_task(tsp); 939 struct smack_known *isp = smk_of_inode(inode); 940 struct smack_known *dsp = smk_of_inode(dir); | 936{ 937 struct task_smack *tsp = smack_cred(current_cred()); 938 struct inode_smack *issp = smack_inode(inode); 939 struct smack_known *skp = smk_of_task(tsp); 940 struct smack_known *isp = smk_of_inode(inode); 941 struct smack_known *dsp = smk_of_inode(dir); |
| 942 struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count); |
|
| 941 int may; 942 | 943 int may; 944 |
| 943 if (name) 944 *name = XATTR_SMACK_SUFFIX; 945 946 if (value && len) { | 945 if (xattr) { |
| 947 /* 948 * If equal, transmuting already occurred in 949 * smack_dentry_create_files_as(). No need to check again. 950 */ 951 if (tsp->smk_task != tsp->smk_transmuted) { 952 rcu_read_lock(); 953 may = smk_access_entry(skp->smk_known, dsp->smk_known, 954 &skp->smk_rules); --- 15 unchanged lines hidden (view full) --- 970 * inode label was already set correctly in 971 * smack_inode_alloc_security(). 972 */ 973 if (tsp->smk_task != tsp->smk_transmuted) 974 isp = dsp; 975 issp->smk_flags |= SMK_INODE_CHANGED; 976 } 977 | 946 /* 947 * If equal, transmuting already occurred in 948 * smack_dentry_create_files_as(). No need to check again. 949 */ 950 if (tsp->smk_task != tsp->smk_transmuted) { 951 rcu_read_lock(); 952 may = smk_access_entry(skp->smk_known, dsp->smk_known, 953 &skp->smk_rules); --- 15 unchanged lines hidden (view full) --- 969 * inode label was already set correctly in 970 * smack_inode_alloc_security(). 971 */ 972 if (tsp->smk_task != tsp->smk_transmuted) 973 isp = dsp; 974 issp->smk_flags |= SMK_INODE_CHANGED; 975 } 976 |
| 978 *value = kstrdup(isp->smk_known, GFP_NOFS); 979 if (*value == NULL) | 977 xattr->value = kstrdup(isp->smk_known, GFP_NOFS); 978 if (!xattr->value) |
| 980 return -ENOMEM; 981 | 979 return -ENOMEM; 980 |
| 982 *len = strlen(isp->smk_known); | 981 xattr->value_len = strlen(isp->smk_known); 982 xattr->name = XATTR_SMACK_SUFFIX; |
| 983 } 984 985 return 0; 986} 987 988/** 989 * smack_inode_link - Smack check on link 990 * @old_dentry: the existing object --- 3873 unchanged lines hidden (view full) --- 4864 4865struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { 4866 .lbs_cred = sizeof(struct task_smack), 4867 .lbs_file = sizeof(struct smack_known *), 4868 .lbs_inode = sizeof(struct inode_smack), 4869 .lbs_ipc = sizeof(struct smack_known *), 4870 .lbs_msg_msg = sizeof(struct smack_known *), 4871 .lbs_superblock = sizeof(struct superblock_smack), | 983 } 984 985 return 0; 986} 987 988/** 989 * smack_inode_link - Smack check on link 990 * @old_dentry: the existing object --- 3873 unchanged lines hidden (view full) --- 4864 4865struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { 4866 .lbs_cred = sizeof(struct task_smack), 4867 .lbs_file = sizeof(struct smack_known *), 4868 .lbs_inode = sizeof(struct inode_smack), 4869 .lbs_ipc = sizeof(struct smack_known *), 4870 .lbs_msg_msg = sizeof(struct smack_known *), 4871 .lbs_superblock = sizeof(struct superblock_smack), |
| 4872 .lbs_xattr_count = SMACK_INODE_INIT_XATTRS, |
|
| 4872}; 4873 4874static struct security_hook_list smack_hooks[] __ro_after_init = { 4875 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4876 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4877 LSM_HOOK_INIT(syslog, smack_syslog), 4878 4879 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), --- 230 unchanged lines hidden --- | 4873}; 4874 4875static struct security_hook_list smack_hooks[] __ro_after_init = { 4876 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4877 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4878 LSM_HOOK_INIT(syslog, smack_syslog), 4879 4880 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), --- 230 unchanged lines hidden --- |