1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
4 *
5 * Authors:
6 * Casey Schaufler <casey@schaufler-ca.com>
7 * Ahmed S. Darwish <darwish.07@gmail.com>
8 *
9 * Special thanks to the authors of selinuxfs.
10 *
11 * Karl MacMillan <kmacmillan@tresys.com>
12 * James Morris <jmorris@redhat.com>
13 */
14
15 #include <linux/kernel.h>
16 #include <linux/vmalloc.h>
17 #include <linux/security.h>
18 #include <linux/mutex.h>
19 #include <linux/slab.h>
20 #include <net/net_namespace.h>
21 #include <net/cipso_ipv4.h>
22 #include <linux/seq_file.h>
23 #include <linux/ctype.h>
24 #include <linux/audit.h>
25 #include <linux/magic.h>
26 #include <linux/mount.h>
27 #include <linux/fs_context.h>
28 #include "smack.h"
29
30 #define BEBITS (sizeof(__be32) * 8)
31 /*
32 * smackfs pseudo filesystem.
33 */
34
35 enum smk_inos {
36 SMK_ROOT_INO = 2,
37 SMK_LOAD = 3, /* load policy */
38 SMK_CIPSO = 4, /* load label -> CIPSO mapping */
39 SMK_DOI = 5, /* CIPSO DOI */
40 SMK_DIRECT = 6, /* CIPSO level indicating direct label */
41 SMK_AMBIENT = 7, /* internet ambient label */
42 SMK_NET4ADDR = 8, /* single label hosts */
43 SMK_ONLYCAP = 9, /* the only "capable" label */
44 SMK_LOGGING = 10, /* logging */
45 SMK_LOAD_SELF = 11, /* task specific rules */
46 SMK_ACCESSES = 12, /* access policy */
47 SMK_MAPPED = 13, /* CIPSO level indicating mapped label */
48 SMK_LOAD2 = 14, /* load policy with long labels */
49 SMK_LOAD_SELF2 = 15, /* load task specific rules with long labels */
50 SMK_ACCESS2 = 16, /* make an access check with long labels */
51 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */
52 SMK_REVOKE_SUBJ = 18, /* set rules with subject label to '-' */
53 SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */
54 SMK_SYSLOG = 20, /* change syslog label) */
55 SMK_PTRACE = 21, /* set ptrace rule */
56 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
57 SMK_UNCONFINED = 22, /* define an unconfined label */
58 #endif
59 #if IS_ENABLED(CONFIG_IPV6)
60 SMK_NET6ADDR = 23, /* single label IPv6 hosts */
61 #endif /* CONFIG_IPV6 */
62 SMK_RELABEL_SELF = 24, /* relabel possible without CAP_MAC_ADMIN */
63 };
64
65 /*
66 * List locks
67 */
68 static DEFINE_MUTEX(smack_cipso_lock);
69 static DEFINE_MUTEX(smack_ambient_lock);
70 static DEFINE_MUTEX(smk_net4addr_lock);
71 #if IS_ENABLED(CONFIG_IPV6)
72 static DEFINE_MUTEX(smk_net6addr_lock);
73 #endif /* CONFIG_IPV6 */
74
75 /*
76 * This is the "ambient" label for network traffic.
77 * If it isn't somehow marked, use this.
78 * It can be reset via smackfs/ambient
79 */
80 struct smack_known *smack_net_ambient;
81
82 /*
83 * This is the level in a CIPSO header that indicates a
84 * smack label is contained directly in the category set.
85 * It can be reset via smackfs/direct
86 */
87 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
88
89 /*
90 * This is the level in a CIPSO header that indicates a
91 * secid is contained directly in the category set.
92 * It can be reset via smackfs/mapped
93 */
94 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
95
96 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
97 /*
98 * Allow one label to be unconfined. This is for
99 * debugging and application bring-up purposes only.
100 * It is bad and wrong, but everyone seems to expect
101 * to have it.
102 */
103 struct smack_known *smack_unconfined;
104 #endif
105
106 /*
107 * If this value is set restrict syslog use to the label specified.
108 * It can be reset via smackfs/syslog
109 */
110 struct smack_known *smack_syslog_label;
111
112 /*
113 * Ptrace current rule
114 * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based)
115 * SMACK_PTRACE_EXACT labels must match, but can be overriden with
116 * CAP_SYS_PTRACE
117 * SMACK_PTRACE_DRACONIAN labels must match, CAP_SYS_PTRACE has no effect
118 */
119 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
120
121 /*
122 * Certain IP addresses may be designated as single label hosts.
123 * Packets are sent there unlabeled, but only from tasks that
124 * can write to the specified label.
125 */
126
127 LIST_HEAD(smk_net4addr_list);
128 #if IS_ENABLED(CONFIG_IPV6)
129 LIST_HEAD(smk_net6addr_list);
130 #endif /* CONFIG_IPV6 */
131
132 /*
133 * Rule lists are maintained for each label.
134 */
135 struct smack_parsed_rule {
136 struct smack_known *smk_subject;
137 struct smack_known *smk_object;
138 int smk_access1;
139 int smk_access2;
140 };
141
142 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
143
144 /*
145 * Values for parsing cipso rules
146 * SMK_DIGITLEN: Length of a digit field in a rule.
147 * SMK_CIPSOMIN: Minimum possible cipso rule length.
148 * SMK_CIPSOMAX: Maximum possible cipso rule length.
149 */
150 #define SMK_DIGITLEN 4
151 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
152 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
153
154 /*
155 * Values for parsing MAC rules
156 * SMK_ACCESS: Maximum possible combination of access permissions
157 * SMK_ACCESSLEN: Maximum length for a rule access field
158 * SMK_LOADLEN: Smack rule length
159 */
160 #define SMK_OACCESS "rwxa"
161 #define SMK_ACCESS "rwxatl"
162 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1)
163 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
164 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
165 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
166
167 /*
168 * Stricly for CIPSO level manipulation.
169 * Set the category bit number in a smack label sized buffer.
170 */
smack_catset_bit(unsigned int cat,char * catsetp)171 static inline void smack_catset_bit(unsigned int cat, char *catsetp)
172 {
173 if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
174 return;
175
176 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
177 }
178
179 /**
180 * smk_netlabel_audit_set - fill a netlbl_audit struct
181 * @nap: structure to fill
182 */
smk_netlabel_audit_set(struct netlbl_audit * nap)183 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
184 {
185 struct smack_known *skp = smk_of_current();
186
187 nap->loginuid = audit_get_loginuid(current);
188 nap->sessionid = audit_get_sessionid(current);
189 nap->secid = skp->smk_secid;
190 }
191
192 /*
193 * Value for parsing single label host rules
194 * "1.2.3.4 X"
195 */
196 #define SMK_NETLBLADDRMIN 9
197
198 /**
199 * smk_set_access - add a rule to the rule list or replace an old rule
200 * @srp: the rule to add or replace
201 * @rule_list: the list of rules
202 * @rule_lock: the rule list lock
203 *
204 * Looks through the current subject/object/access list for
205 * the subject/object pair and replaces the access that was
206 * there. If the pair isn't found add it with the specified
207 * access.
208 *
209 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
210 * during the allocation of the new pair to add.
211 */
smk_set_access(struct smack_parsed_rule * srp,struct list_head * rule_list,struct mutex * rule_lock)212 static int smk_set_access(struct smack_parsed_rule *srp,
213 struct list_head *rule_list,
214 struct mutex *rule_lock)
215 {
216 struct smack_rule *sp;
217 int found = 0;
218 int rc = 0;
219
220 mutex_lock(rule_lock);
221
222 /*
223 * Because the object label is less likely to match
224 * than the subject label check it first
225 */
226 list_for_each_entry_rcu(sp, rule_list, list) {
227 if (sp->smk_object == srp->smk_object &&
228 sp->smk_subject == srp->smk_subject) {
229 found = 1;
230 sp->smk_access |= srp->smk_access1;
231 sp->smk_access &= ~srp->smk_access2;
232 break;
233 }
234 }
235
236 if (found == 0) {
237 sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
238 if (sp == NULL) {
239 rc = -ENOMEM;
240 goto out;
241 }
242
243 sp->smk_subject = srp->smk_subject;
244 sp->smk_object = srp->smk_object;
245 sp->smk_access = srp->smk_access1 & ~srp->smk_access2;
246
247 list_add_rcu(&sp->list, rule_list);
248 }
249
250 out:
251 mutex_unlock(rule_lock);
252 return rc;
253 }
254
255 /**
256 * smk_perm_from_str - parse smack accesses from a text string
257 * @string: a text string that contains a Smack accesses code
258 *
259 * Returns an integer with respective bits set for specified accesses.
260 */
smk_perm_from_str(const char * string)261 static int smk_perm_from_str(const char *string)
262 {
263 int perm = 0;
264 const char *cp;
265
266 for (cp = string; ; cp++)
267 switch (*cp) {
268 case '-':
269 break;
270 case 'r':
271 case 'R':
272 perm |= MAY_READ;
273 break;
274 case 'w':
275 case 'W':
276 perm |= MAY_WRITE;
277 break;
278 case 'x':
279 case 'X':
280 perm |= MAY_EXEC;
281 break;
282 case 'a':
283 case 'A':
284 perm |= MAY_APPEND;
285 break;
286 case 't':
287 case 'T':
288 perm |= MAY_TRANSMUTE;
289 break;
290 case 'l':
291 case 'L':
292 perm |= MAY_LOCK;
293 break;
294 case 'b':
295 case 'B':
296 perm |= MAY_BRINGUP;
297 break;
298 default:
299 return perm;
300 }
301 }
302
303 /**
304 * smk_fill_rule - Fill Smack rule from strings
305 * @subject: subject label string
306 * @object: object label string
307 * @access1: access string
308 * @access2: string with permissions to be removed
309 * @rule: Smack rule
310 * @import: if non-zero, import labels
311 * @len: label length limit
312 *
313 * Returns 0 on success, appropriate error code on failure.
314 */
smk_fill_rule(const char * subject,const char * object,const char * access1,const char * access2,struct smack_parsed_rule * rule,int import,int len)315 static int smk_fill_rule(const char *subject, const char *object,
316 const char *access1, const char *access2,
317 struct smack_parsed_rule *rule, int import,
318 int len)
319 {
320 const char *cp;
321 struct smack_known *skp;
322
323 if (import) {
324 rule->smk_subject = smk_import_entry(subject, len);
325 if (IS_ERR(rule->smk_subject))
326 return PTR_ERR(rule->smk_subject);
327
328 rule->smk_object = smk_import_entry(object, len);
329 if (IS_ERR(rule->smk_object))
330 return PTR_ERR(rule->smk_object);
331 } else {
332 cp = smk_parse_smack(subject, len);
333 if (IS_ERR(cp))
334 return PTR_ERR(cp);
335 skp = smk_find_entry(cp);
336 kfree(cp);
337 if (skp == NULL)
338 return -ENOENT;
339 rule->smk_subject = skp;
340
341 cp = smk_parse_smack(object, len);
342 if (IS_ERR(cp))
343 return PTR_ERR(cp);
344 skp = smk_find_entry(cp);
345 kfree(cp);
346 if (skp == NULL)
347 return -ENOENT;
348 rule->smk_object = skp;
349 }
350
351 rule->smk_access1 = smk_perm_from_str(access1);
352 if (access2)
353 rule->smk_access2 = smk_perm_from_str(access2);
354 else
355 rule->smk_access2 = ~rule->smk_access1;
356
357 return 0;
358 }
359
360 /**
361 * smk_parse_rule - parse Smack rule from load string
362 * @data: string to be parsed whose size is SMK_LOADLEN
363 * @rule: Smack rule
364 * @import: if non-zero, import labels
365 *
366 * Returns 0 on success, -1 on errors.
367 */
smk_parse_rule(const char * data,struct smack_parsed_rule * rule,int import)368 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
369 int import)
370 {
371 int rc;
372
373 rc = smk_fill_rule(data, data + SMK_LABELLEN,
374 data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule,
375 import, SMK_LABELLEN);
376 return rc;
377 }
378
379 /**
380 * smk_parse_long_rule - parse Smack rule from rule string
381 * @data: string to be parsed, null terminated
382 * @rule: Will be filled with Smack parsed rule
383 * @import: if non-zero, import labels
384 * @tokens: number of substrings expected in data
385 *
386 * Returns number of processed bytes on success, -ERRNO on failure.
387 */
smk_parse_long_rule(char * data,struct smack_parsed_rule * rule,int import,int tokens)388 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
389 int import, int tokens)
390 {
391 ssize_t cnt = 0;
392 char *tok[4];
393 int rc;
394 int i;
395
396 /*
397 * Parsing the rule in-place, filling all white-spaces with '\0'
398 */
399 for (i = 0; i < tokens; ++i) {
400 while (isspace(data[cnt]))
401 data[cnt++] = '\0';
402
403 if (data[cnt] == '\0')
404 /* Unexpected end of data */
405 return -EINVAL;
406
407 tok[i] = data + cnt;
408
409 while (data[cnt] && !isspace(data[cnt]))
410 ++cnt;
411 }
412 while (isspace(data[cnt]))
413 data[cnt++] = '\0';
414
415 while (i < 4)
416 tok[i++] = NULL;
417
418 rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
419 return rc == 0 ? cnt : rc;
420 }
421
422 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */
423 #define SMK_LONG_FMT 1 /* Variable long label format */
424 #define SMK_CHANGE_FMT 2 /* Rule modification format */
425 /**
426 * smk_write_rules_list - write() for any /smack rule file
427 * @file: file pointer, not actually used
428 * @buf: where to get the data from
429 * @count: bytes sent
430 * @ppos: where to start - must be 0
431 * @rule_list: the list of rules to write to
432 * @rule_lock: lock for the rule list
433 * @format: /smack/load or /smack/load2 or /smack/change-rule format.
434 *
435 * Get one smack access rule from above.
436 * The format for SMK_LONG_FMT is:
437 * "subject<whitespace>object<whitespace>access[<whitespace>...]"
438 * The format for SMK_FIXED24_FMT is exactly:
439 * "subject object rwxat"
440 * The format for SMK_CHANGE_FMT is:
441 * "subject<whitespace>object<whitespace>
442 * acc_enable<whitespace>acc_disable[<whitespace>...]"
443 */
smk_write_rules_list(struct file * file,const char __user * buf,size_t count,loff_t * ppos,struct list_head * rule_list,struct mutex * rule_lock,int format)444 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
445 size_t count, loff_t *ppos,
446 struct list_head *rule_list,
447 struct mutex *rule_lock, int format)
448 {
449 struct smack_parsed_rule rule;
450 char *data;
451 int rc;
452 int trunc = 0;
453 int tokens;
454 ssize_t cnt = 0;
455
456 /*
457 * No partial writes.
458 * Enough data must be present.
459 */
460 if (*ppos != 0)
461 return -EINVAL;
462
463 if (format == SMK_FIXED24_FMT) {
464 /*
465 * Minor hack for backward compatibility
466 */
467 if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
468 return -EINVAL;
469 } else {
470 if (count >= PAGE_SIZE) {
471 count = PAGE_SIZE - 1;
472 trunc = 1;
473 }
474 }
475
476 data = memdup_user_nul(buf, count);
477 if (IS_ERR(data))
478 return PTR_ERR(data);
479
480 /*
481 * In case of parsing only part of user buf,
482 * avoid having partial rule at the data buffer
483 */
484 if (trunc) {
485 while (count > 0 && (data[count - 1] != '\n'))
486 --count;
487 if (count == 0) {
488 rc = -EINVAL;
489 goto out;
490 }
491 }
492
493 data[count] = '\0';
494 tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
495 while (cnt < count) {
496 if (format == SMK_FIXED24_FMT) {
497 rc = smk_parse_rule(data, &rule, 1);
498 if (rc < 0)
499 goto out;
500 cnt = count;
501 } else {
502 rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
503 if (rc < 0)
504 goto out;
505 if (rc == 0) {
506 rc = -EINVAL;
507 goto out;
508 }
509 cnt += rc;
510 }
511
512 if (rule_list == NULL)
513 rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
514 &rule.smk_subject->smk_rules_lock);
515 else
516 rc = smk_set_access(&rule, rule_list, rule_lock);
517
518 if (rc)
519 goto out;
520 }
521
522 rc = cnt;
523 out:
524 kfree(data);
525 return rc;
526 }
527
528 /*
529 * Core logic for smackfs seq list operations.
530 */
531
smk_seq_start(struct seq_file * s,loff_t * pos,struct list_head * head)532 static void *smk_seq_start(struct seq_file *s, loff_t *pos,
533 struct list_head *head)
534 {
535 struct list_head *list;
536 int i = *pos;
537
538 rcu_read_lock();
539 for (list = rcu_dereference(list_next_rcu(head));
540 list != head;
541 list = rcu_dereference(list_next_rcu(list))) {
542 if (i-- == 0)
543 return list;
544 }
545
546 return NULL;
547 }
548
smk_seq_next(struct seq_file * s,void * v,loff_t * pos,struct list_head * head)549 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
550 struct list_head *head)
551 {
552 struct list_head *list = v;
553
554 ++*pos;
555 list = rcu_dereference(list_next_rcu(list));
556
557 return (list == head) ? NULL : list;
558 }
559
smk_seq_stop(struct seq_file * s,void * v)560 static void smk_seq_stop(struct seq_file *s, void *v)
561 {
562 rcu_read_unlock();
563 }
564
smk_rule_show(struct seq_file * s,struct smack_rule * srp,int max)565 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
566 {
567 /*
568 * Don't show any rules with label names too long for
569 * interface file (/smack/load or /smack/load2)
570 * because you should expect to be able to write
571 * anything you read back.
572 */
573 if (strlen(srp->smk_subject->smk_known) >= max ||
574 strlen(srp->smk_object->smk_known) >= max)
575 return;
576
577 if (srp->smk_access == 0)
578 return;
579
580 seq_printf(s, "%s %s",
581 srp->smk_subject->smk_known,
582 srp->smk_object->smk_known);
583
584 seq_putc(s, ' ');
585
586 if (srp->smk_access & MAY_READ)
587 seq_putc(s, 'r');
588 if (srp->smk_access & MAY_WRITE)
589 seq_putc(s, 'w');
590 if (srp->smk_access & MAY_EXEC)
591 seq_putc(s, 'x');
592 if (srp->smk_access & MAY_APPEND)
593 seq_putc(s, 'a');
594 if (srp->smk_access & MAY_TRANSMUTE)
595 seq_putc(s, 't');
596 if (srp->smk_access & MAY_LOCK)
597 seq_putc(s, 'l');
598 if (srp->smk_access & MAY_BRINGUP)
599 seq_putc(s, 'b');
600
601 seq_putc(s, '\n');
602 }
603
604 /*
605 * Seq_file read operations for /smack/load
606 */
607
load2_seq_start(struct seq_file * s,loff_t * pos)608 static void *load2_seq_start(struct seq_file *s, loff_t *pos)
609 {
610 return smk_seq_start(s, pos, &smack_known_list);
611 }
612
load2_seq_next(struct seq_file * s,void * v,loff_t * pos)613 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
614 {
615 return smk_seq_next(s, v, pos, &smack_known_list);
616 }
617
load_seq_show(struct seq_file * s,void * v)618 static int load_seq_show(struct seq_file *s, void *v)
619 {
620 struct list_head *list = v;
621 struct smack_rule *srp;
622 struct smack_known *skp =
623 list_entry_rcu(list, struct smack_known, list);
624
625 list_for_each_entry_rcu(srp, &skp->smk_rules, list)
626 smk_rule_show(s, srp, SMK_LABELLEN);
627
628 return 0;
629 }
630
631 static const struct seq_operations load_seq_ops = {
632 .start = load2_seq_start,
633 .next = load2_seq_next,
634 .show = load_seq_show,
635 .stop = smk_seq_stop,
636 };
637
638 /**
639 * smk_open_load - open() for /smack/load
640 * @inode: inode structure representing file
641 * @file: "load" file pointer
642 *
643 * For reading, use load_seq_* seq_file reading operations.
644 */
smk_open_load(struct inode * inode,struct file * file)645 static int smk_open_load(struct inode *inode, struct file *file)
646 {
647 return seq_open(file, &load_seq_ops);
648 }
649
650 /**
651 * smk_write_load - write() for /smack/load
652 * @file: file pointer, not actually used
653 * @buf: where to get the data from
654 * @count: bytes sent
655 * @ppos: where to start - must be 0
656 *
657 */
smk_write_load(struct file * file,const char __user * buf,size_t count,loff_t * ppos)658 static ssize_t smk_write_load(struct file *file, const char __user *buf,
659 size_t count, loff_t *ppos)
660 {
661 /*
662 * Must have privilege.
663 * No partial writes.
664 * Enough data must be present.
665 */
666 if (!smack_privileged(CAP_MAC_ADMIN))
667 return -EPERM;
668
669 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
670 SMK_FIXED24_FMT);
671 }
672
673 static const struct file_operations smk_load_ops = {
674 .open = smk_open_load,
675 .read = seq_read,
676 .llseek = seq_lseek,
677 .write = smk_write_load,
678 .release = seq_release,
679 };
680
681 /**
682 * smk_cipso_doi - initialize the CIPSO domain
683 */
smk_cipso_doi(void)684 static void smk_cipso_doi(void)
685 {
686 int rc;
687 struct cipso_v4_doi *doip;
688 struct netlbl_audit nai;
689
690 smk_netlabel_audit_set(&nai);
691
692 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
693 if (rc != 0)
694 printk(KERN_WARNING "%s:%d remove rc = %d\n",
695 __func__, __LINE__, rc);
696
697 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL | __GFP_NOFAIL);
698 doip->map.std = NULL;
699 doip->doi = smk_cipso_doi_value;
700 doip->type = CIPSO_V4_MAP_PASS;
701 doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
702 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
703 doip->tags[rc] = CIPSO_V4_TAG_INVALID;
704
705 rc = netlbl_cfg_cipsov4_add(doip, &nai);
706 if (rc != 0) {
707 printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
708 __func__, __LINE__, rc);
709 kfree(doip);
710 return;
711 }
712 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
713 if (rc != 0) {
714 printk(KERN_WARNING "%s:%d map add rc = %d\n",
715 __func__, __LINE__, rc);
716 netlbl_cfg_cipsov4_del(doip->doi, &nai);
717 return;
718 }
719 }
720
721 /**
722 * smk_unlbl_ambient - initialize the unlabeled domain
723 * @oldambient: previous domain string
724 */
smk_unlbl_ambient(char * oldambient)725 static void smk_unlbl_ambient(char *oldambient)
726 {
727 int rc;
728 struct netlbl_audit nai;
729
730 smk_netlabel_audit_set(&nai);
731
732 if (oldambient != NULL) {
733 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
734 if (rc != 0)
735 printk(KERN_WARNING "%s:%d remove rc = %d\n",
736 __func__, __LINE__, rc);
737 }
738 if (smack_net_ambient == NULL)
739 smack_net_ambient = &smack_known_floor;
740
741 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
742 NULL, NULL, &nai);
743 if (rc != 0)
744 printk(KERN_WARNING "%s:%d add rc = %d\n",
745 __func__, __LINE__, rc);
746 }
747
748 /*
749 * Seq_file read operations for /smack/cipso
750 */
751
cipso_seq_start(struct seq_file * s,loff_t * pos)752 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
753 {
754 return smk_seq_start(s, pos, &smack_known_list);
755 }
756
cipso_seq_next(struct seq_file * s,void * v,loff_t * pos)757 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
758 {
759 return smk_seq_next(s, v, pos, &smack_known_list);
760 }
761
762 /*
763 * Print cipso labels in format:
764 * label level[/cat[,cat]]
765 */
cipso_seq_show(struct seq_file * s,void * v)766 static int cipso_seq_show(struct seq_file *s, void *v)
767 {
768 struct list_head *list = v;
769 struct smack_known *skp =
770 list_entry_rcu(list, struct smack_known, list);
771 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
772 char sep = '/';
773 int i;
774
775 /*
776 * Don't show a label that could not have been set using
777 * /smack/cipso. This is in support of the notion that
778 * anything read from /smack/cipso ought to be writeable
779 * to /smack/cipso.
780 *
781 * /smack/cipso2 should be used instead.
782 */
783 if (strlen(skp->smk_known) >= SMK_LABELLEN)
784 return 0;
785
786 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
787
788 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
789 i = netlbl_catmap_walk(cmp, i + 1)) {
790 seq_printf(s, "%c%d", sep, i);
791 sep = ',';
792 }
793
794 seq_putc(s, '\n');
795
796 return 0;
797 }
798
799 static const struct seq_operations cipso_seq_ops = {
800 .start = cipso_seq_start,
801 .next = cipso_seq_next,
802 .show = cipso_seq_show,
803 .stop = smk_seq_stop,
804 };
805
806 /**
807 * smk_open_cipso - open() for /smack/cipso
808 * @inode: inode structure representing file
809 * @file: "cipso" file pointer
810 *
811 * Connect our cipso_seq_* operations with /smack/cipso
812 * file_operations
813 */
smk_open_cipso(struct inode * inode,struct file * file)814 static int smk_open_cipso(struct inode *inode, struct file *file)
815 {
816 return seq_open(file, &cipso_seq_ops);
817 }
818
819 /**
820 * smk_set_cipso - do the work for write() for cipso and cipso2
821 * @file: file pointer, not actually used
822 * @buf: where to get the data from
823 * @count: bytes sent
824 * @ppos: where to start
825 * @format: /smack/cipso or /smack/cipso2
826 *
827 * Accepts only one cipso rule per write call.
828 * Returns number of bytes written or error code, as appropriate
829 */
smk_set_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)830 static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
831 size_t count, loff_t *ppos, int format)
832 {
833 struct netlbl_lsm_catmap *old_cat;
834 struct smack_known *skp;
835 struct netlbl_lsm_secattr ncats;
836 char mapcatset[SMK_CIPSOLEN];
837 int maplevel;
838 unsigned int cat;
839 int catlen;
840 ssize_t rc = -EINVAL;
841 char *data = NULL;
842 char *rule;
843 int ret;
844 int i;
845
846 /*
847 * Must have privilege.
848 * No partial writes.
849 * Enough data must be present.
850 */
851 if (!smack_privileged(CAP_MAC_ADMIN))
852 return -EPERM;
853 if (*ppos != 0)
854 return -EINVAL;
855 if (format == SMK_FIXED24_FMT &&
856 (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
857 return -EINVAL;
858 if (count > PAGE_SIZE)
859 return -EINVAL;
860
861 data = memdup_user_nul(buf, count);
862 if (IS_ERR(data))
863 return PTR_ERR(data);
864
865 rule = data;
866 /*
867 * Only allow one writer at a time. Writes should be
868 * quite rare and small in any case.
869 */
870 mutex_lock(&smack_cipso_lock);
871
872 skp = smk_import_entry(rule, 0);
873 if (IS_ERR(skp)) {
874 rc = PTR_ERR(skp);
875 goto out;
876 }
877
878 if (format == SMK_FIXED24_FMT)
879 rule += SMK_LABELLEN;
880 else
881 rule += strlen(skp->smk_known) + 1;
882
883 if (rule > data + count) {
884 rc = -EOVERFLOW;
885 goto out;
886 }
887
888 ret = sscanf(rule, "%d", &maplevel);
889 if (ret != 1 || maplevel < 0 || maplevel > SMACK_CIPSO_MAXLEVEL)
890 goto out;
891
892 rule += SMK_DIGITLEN;
893 if (rule > data + count) {
894 rc = -EOVERFLOW;
895 goto out;
896 }
897
898 ret = sscanf(rule, "%d", &catlen);
899 if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM)
900 goto out;
901
902 if (format == SMK_FIXED24_FMT &&
903 count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
904 goto out;
905
906 memset(mapcatset, 0, sizeof(mapcatset));
907
908 for (i = 0; i < catlen; i++) {
909 rule += SMK_DIGITLEN;
910 if (rule > data + count) {
911 rc = -EOVERFLOW;
912 goto out;
913 }
914 ret = sscanf(rule, "%u", &cat);
915 if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
916 goto out;
917
918 smack_catset_bit(cat, mapcatset);
919 }
920
921 rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
922 if (rc >= 0) {
923 old_cat = skp->smk_netlabel.attr.mls.cat;
924 rcu_assign_pointer(skp->smk_netlabel.attr.mls.cat, ncats.attr.mls.cat);
925 if (ncats.attr.mls.cat)
926 skp->smk_netlabel.flags |= NETLBL_SECATTR_MLS_CAT;
927 else
928 skp->smk_netlabel.flags &= ~(u32)NETLBL_SECATTR_MLS_CAT;
929 skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
930 synchronize_rcu();
931 netlbl_catmap_free(old_cat);
932 rc = count;
933 /*
934 * This mapping may have been cached, so clear the cache.
935 */
936 netlbl_cache_invalidate();
937 }
938
939 out:
940 mutex_unlock(&smack_cipso_lock);
941 kfree(data);
942 return rc;
943 }
944
945 /**
946 * smk_write_cipso - write() for /smack/cipso
947 * @file: file pointer, not actually used
948 * @buf: where to get the data from
949 * @count: bytes sent
950 * @ppos: where to start
951 *
952 * Accepts only one cipso rule per write call.
953 * Returns number of bytes written or error code, as appropriate
954 */
smk_write_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos)955 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
956 size_t count, loff_t *ppos)
957 {
958 return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
959 }
960
961 static const struct file_operations smk_cipso_ops = {
962 .open = smk_open_cipso,
963 .read = seq_read,
964 .llseek = seq_lseek,
965 .write = smk_write_cipso,
966 .release = seq_release,
967 };
968
969 /*
970 * Seq_file read operations for /smack/cipso2
971 */
972
973 /*
974 * Print cipso labels in format:
975 * label level[/cat[,cat]]
976 */
cipso2_seq_show(struct seq_file * s,void * v)977 static int cipso2_seq_show(struct seq_file *s, void *v)
978 {
979 struct list_head *list = v;
980 struct smack_known *skp =
981 list_entry_rcu(list, struct smack_known, list);
982 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
983 char sep = '/';
984 int i;
985
986 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
987
988 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
989 i = netlbl_catmap_walk(cmp, i + 1)) {
990 seq_printf(s, "%c%d", sep, i);
991 sep = ',';
992 }
993
994 seq_putc(s, '\n');
995
996 return 0;
997 }
998
999 static const struct seq_operations cipso2_seq_ops = {
1000 .start = cipso_seq_start,
1001 .next = cipso_seq_next,
1002 .show = cipso2_seq_show,
1003 .stop = smk_seq_stop,
1004 };
1005
1006 /**
1007 * smk_open_cipso2 - open() for /smack/cipso2
1008 * @inode: inode structure representing file
1009 * @file: "cipso2" file pointer
1010 *
1011 * Connect our cipso_seq_* operations with /smack/cipso2
1012 * file_operations
1013 */
smk_open_cipso2(struct inode * inode,struct file * file)1014 static int smk_open_cipso2(struct inode *inode, struct file *file)
1015 {
1016 return seq_open(file, &cipso2_seq_ops);
1017 }
1018
1019 /**
1020 * smk_write_cipso2 - write() for /smack/cipso2
1021 * @file: file pointer, not actually used
1022 * @buf: where to get the data from
1023 * @count: bytes sent
1024 * @ppos: where to start
1025 *
1026 * Accepts only one cipso rule per write call.
1027 * Returns number of bytes written or error code, as appropriate
1028 */
smk_write_cipso2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1029 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
1030 size_t count, loff_t *ppos)
1031 {
1032 return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
1033 }
1034
1035 static const struct file_operations smk_cipso2_ops = {
1036 .open = smk_open_cipso2,
1037 .read = seq_read,
1038 .llseek = seq_lseek,
1039 .write = smk_write_cipso2,
1040 .release = seq_release,
1041 };
1042
1043 /*
1044 * Seq_file read operations for /smack/netlabel
1045 */
1046
net4addr_seq_start(struct seq_file * s,loff_t * pos)1047 static void *net4addr_seq_start(struct seq_file *s, loff_t *pos)
1048 {
1049 return smk_seq_start(s, pos, &smk_net4addr_list);
1050 }
1051
net4addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1052 static void *net4addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1053 {
1054 return smk_seq_next(s, v, pos, &smk_net4addr_list);
1055 }
1056
1057 /*
1058 * Print host/label pairs
1059 */
net4addr_seq_show(struct seq_file * s,void * v)1060 static int net4addr_seq_show(struct seq_file *s, void *v)
1061 {
1062 struct list_head *list = v;
1063 struct smk_net4addr *skp =
1064 list_entry_rcu(list, struct smk_net4addr, list);
1065 char *kp = SMACK_CIPSO_OPTION;
1066
1067 if (skp->smk_label != NULL)
1068 kp = skp->smk_label->smk_known;
1069 seq_printf(s, "%pI4/%d %s\n", &skp->smk_host.s_addr,
1070 skp->smk_masks, kp);
1071
1072 return 0;
1073 }
1074
1075 static const struct seq_operations net4addr_seq_ops = {
1076 .start = net4addr_seq_start,
1077 .next = net4addr_seq_next,
1078 .show = net4addr_seq_show,
1079 .stop = smk_seq_stop,
1080 };
1081
1082 /**
1083 * smk_open_net4addr - open() for /smack/netlabel
1084 * @inode: inode structure representing file
1085 * @file: "netlabel" file pointer
1086 *
1087 * Connect our net4addr_seq_* operations with /smack/netlabel
1088 * file_operations
1089 */
smk_open_net4addr(struct inode * inode,struct file * file)1090 static int smk_open_net4addr(struct inode *inode, struct file *file)
1091 {
1092 return seq_open(file, &net4addr_seq_ops);
1093 }
1094
1095 /**
1096 * smk_net4addr_insert
1097 * @new : netlabel to insert
1098 *
1099 * This helper insert netlabel in the smack_net4addrs list
1100 * sorted by netmask length (longest to smallest)
1101 * locked by &smk_net4addr_lock in smk_write_net4addr
1102 *
1103 */
smk_net4addr_insert(struct smk_net4addr * new)1104 static void smk_net4addr_insert(struct smk_net4addr *new)
1105 {
1106 struct smk_net4addr *m;
1107 struct smk_net4addr *m_next;
1108
1109 if (list_empty(&smk_net4addr_list)) {
1110 list_add_rcu(&new->list, &smk_net4addr_list);
1111 return;
1112 }
1113
1114 m = list_entry_rcu(smk_net4addr_list.next,
1115 struct smk_net4addr, list);
1116
1117 /* the comparison '>' is a bit hacky, but works */
1118 if (new->smk_masks > m->smk_masks) {
1119 list_add_rcu(&new->list, &smk_net4addr_list);
1120 return;
1121 }
1122
1123 list_for_each_entry_rcu(m, &smk_net4addr_list, list) {
1124 if (list_is_last(&m->list, &smk_net4addr_list)) {
1125 list_add_rcu(&new->list, &m->list);
1126 return;
1127 }
1128 m_next = list_entry_rcu(m->list.next,
1129 struct smk_net4addr, list);
1130 if (new->smk_masks > m_next->smk_masks) {
1131 list_add_rcu(&new->list, &m->list);
1132 return;
1133 }
1134 }
1135 }
1136
1137
1138 /**
1139 * smk_write_net4addr - write() for /smack/netlabel
1140 * @file: file pointer, not actually used
1141 * @buf: where to get the data from
1142 * @count: bytes sent
1143 * @ppos: where to start
1144 *
1145 * Accepts only one net4addr per write call.
1146 * Returns number of bytes written or error code, as appropriate
1147 */
smk_write_net4addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1148 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
1149 size_t count, loff_t *ppos)
1150 {
1151 struct smk_net4addr *snp;
1152 struct sockaddr_in newname;
1153 char *smack;
1154 struct smack_known *skp = NULL;
1155 char *data;
1156 char *host = (char *)&newname.sin_addr.s_addr;
1157 int rc;
1158 struct netlbl_audit audit_info;
1159 struct in_addr mask;
1160 unsigned int m;
1161 unsigned int masks;
1162 int found;
1163 u32 mask_bits = (1<<31);
1164 __be32 nsa;
1165 u32 temp_mask;
1166
1167 /*
1168 * Must have privilege.
1169 * No partial writes.
1170 * Enough data must be present.
1171 * "<addr/mask, as a.b.c.d/e><space><label>"
1172 * "<addr, as a.b.c.d><space><label>"
1173 */
1174 if (!smack_privileged(CAP_MAC_ADMIN))
1175 return -EPERM;
1176 if (*ppos != 0)
1177 return -EINVAL;
1178 if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1179 return -EINVAL;
1180
1181 data = memdup_user_nul(buf, count);
1182 if (IS_ERR(data))
1183 return PTR_ERR(data);
1184
1185 smack = kzalloc(count + 1, GFP_KERNEL);
1186 if (smack == NULL) {
1187 rc = -ENOMEM;
1188 goto free_data_out;
1189 }
1190
1191 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
1192 &host[0], &host[1], &host[2], &host[3], &masks, smack);
1193 if (rc != 6) {
1194 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1195 &host[0], &host[1], &host[2], &host[3], smack);
1196 if (rc != 5) {
1197 rc = -EINVAL;
1198 goto free_out;
1199 }
1200 masks = 32;
1201 }
1202 if (masks > BEBITS) {
1203 rc = -EINVAL;
1204 goto free_out;
1205 }
1206
1207 /*
1208 * If smack begins with '-', it is an option, don't import it
1209 */
1210 if (smack[0] != '-') {
1211 skp = smk_import_entry(smack, 0);
1212 if (IS_ERR(skp)) {
1213 rc = PTR_ERR(skp);
1214 goto free_out;
1215 }
1216 } else {
1217 /*
1218 * Only the -CIPSO option is supported for IPv4
1219 */
1220 if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) {
1221 rc = -EINVAL;
1222 goto free_out;
1223 }
1224 }
1225
1226 for (m = masks, temp_mask = 0; m > 0; m--) {
1227 temp_mask |= mask_bits;
1228 mask_bits >>= 1;
1229 }
1230 mask.s_addr = cpu_to_be32(temp_mask);
1231
1232 newname.sin_addr.s_addr &= mask.s_addr;
1233 /*
1234 * Only allow one writer at a time. Writes should be
1235 * quite rare and small in any case.
1236 */
1237 mutex_lock(&smk_net4addr_lock);
1238
1239 nsa = newname.sin_addr.s_addr;
1240 /* try to find if the prefix is already in the list */
1241 found = 0;
1242 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) {
1243 if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) {
1244 found = 1;
1245 break;
1246 }
1247 }
1248 smk_netlabel_audit_set(&audit_info);
1249
1250 if (found == 0) {
1251 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1252 if (snp == NULL)
1253 rc = -ENOMEM;
1254 else {
1255 rc = 0;
1256 snp->smk_host.s_addr = newname.sin_addr.s_addr;
1257 snp->smk_mask.s_addr = mask.s_addr;
1258 snp->smk_label = skp;
1259 snp->smk_masks = masks;
1260 smk_net4addr_insert(snp);
1261 }
1262 } else {
1263 /*
1264 * Delete the unlabeled entry, only if the previous label
1265 * wasn't the special CIPSO option
1266 */
1267 if (snp->smk_label != NULL)
1268 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1269 &snp->smk_host, &snp->smk_mask,
1270 PF_INET, &audit_info);
1271 else
1272 rc = 0;
1273 snp->smk_label = skp;
1274 }
1275
1276 /*
1277 * Now tell netlabel about the single label nature of
1278 * this host so that incoming packets get labeled.
1279 * but only if we didn't get the special CIPSO option
1280 */
1281 if (rc == 0 && skp != NULL)
1282 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1283 &snp->smk_host, &snp->smk_mask, PF_INET,
1284 snp->smk_label->smk_secid, &audit_info);
1285
1286 if (rc == 0)
1287 rc = count;
1288
1289 mutex_unlock(&smk_net4addr_lock);
1290
1291 free_out:
1292 kfree(smack);
1293 free_data_out:
1294 kfree(data);
1295
1296 return rc;
1297 }
1298
1299 static const struct file_operations smk_net4addr_ops = {
1300 .open = smk_open_net4addr,
1301 .read = seq_read,
1302 .llseek = seq_lseek,
1303 .write = smk_write_net4addr,
1304 .release = seq_release,
1305 };
1306
1307 #if IS_ENABLED(CONFIG_IPV6)
1308 /*
1309 * Seq_file read operations for /smack/netlabel6
1310 */
1311
net6addr_seq_start(struct seq_file * s,loff_t * pos)1312 static void *net6addr_seq_start(struct seq_file *s, loff_t *pos)
1313 {
1314 return smk_seq_start(s, pos, &smk_net6addr_list);
1315 }
1316
net6addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1317 static void *net6addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1318 {
1319 return smk_seq_next(s, v, pos, &smk_net6addr_list);
1320 }
1321
1322 /*
1323 * Print host/label pairs
1324 */
net6addr_seq_show(struct seq_file * s,void * v)1325 static int net6addr_seq_show(struct seq_file *s, void *v)
1326 {
1327 struct list_head *list = v;
1328 struct smk_net6addr *skp =
1329 list_entry(list, struct smk_net6addr, list);
1330
1331 if (skp->smk_label != NULL)
1332 seq_printf(s, "%pI6/%d %s\n", &skp->smk_host, skp->smk_masks,
1333 skp->smk_label->smk_known);
1334
1335 return 0;
1336 }
1337
1338 static const struct seq_operations net6addr_seq_ops = {
1339 .start = net6addr_seq_start,
1340 .next = net6addr_seq_next,
1341 .show = net6addr_seq_show,
1342 .stop = smk_seq_stop,
1343 };
1344
1345 /**
1346 * smk_open_net6addr - open() for /smack/netlabel
1347 * @inode: inode structure representing file
1348 * @file: "netlabel" file pointer
1349 *
1350 * Connect our net6addr_seq_* operations with /smack/netlabel
1351 * file_operations
1352 */
smk_open_net6addr(struct inode * inode,struct file * file)1353 static int smk_open_net6addr(struct inode *inode, struct file *file)
1354 {
1355 return seq_open(file, &net6addr_seq_ops);
1356 }
1357
1358 /**
1359 * smk_net6addr_insert
1360 * @new : entry to insert
1361 *
1362 * This inserts an entry in the smack_net6addrs list
1363 * sorted by netmask length (longest to smallest)
1364 * locked by &smk_net6addr_lock in smk_write_net6addr
1365 *
1366 */
smk_net6addr_insert(struct smk_net6addr * new)1367 static void smk_net6addr_insert(struct smk_net6addr *new)
1368 {
1369 struct smk_net6addr *m_next;
1370 struct smk_net6addr *m;
1371
1372 if (list_empty(&smk_net6addr_list)) {
1373 list_add_rcu(&new->list, &smk_net6addr_list);
1374 return;
1375 }
1376
1377 m = list_entry_rcu(smk_net6addr_list.next,
1378 struct smk_net6addr, list);
1379
1380 if (new->smk_masks > m->smk_masks) {
1381 list_add_rcu(&new->list, &smk_net6addr_list);
1382 return;
1383 }
1384
1385 list_for_each_entry_rcu(m, &smk_net6addr_list, list) {
1386 if (list_is_last(&m->list, &smk_net6addr_list)) {
1387 list_add_rcu(&new->list, &m->list);
1388 return;
1389 }
1390 m_next = list_entry_rcu(m->list.next,
1391 struct smk_net6addr, list);
1392 if (new->smk_masks > m_next->smk_masks) {
1393 list_add_rcu(&new->list, &m->list);
1394 return;
1395 }
1396 }
1397 }
1398
1399
1400 /**
1401 * smk_write_net6addr - write() for /smack/netlabel
1402 * @file: file pointer, not actually used
1403 * @buf: where to get the data from
1404 * @count: bytes sent
1405 * @ppos: where to start
1406 *
1407 * Accepts only one net6addr per write call.
1408 * Returns number of bytes written or error code, as appropriate
1409 */
smk_write_net6addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1410 static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
1411 size_t count, loff_t *ppos)
1412 {
1413 struct smk_net6addr *snp;
1414 struct in6_addr newname;
1415 struct in6_addr fullmask;
1416 struct smack_known *skp = NULL;
1417 char *smack;
1418 char *data;
1419 int rc = 0;
1420 int found = 0;
1421 int i;
1422 unsigned int scanned[8];
1423 unsigned int m;
1424 unsigned int mask = 128;
1425
1426 /*
1427 * Must have privilege.
1428 * No partial writes.
1429 * Enough data must be present.
1430 * "<addr/mask, as a:b:c:d:e:f:g:h/e><space><label>"
1431 * "<addr, as a:b:c:d:e:f:g:h><space><label>"
1432 */
1433 if (!smack_privileged(CAP_MAC_ADMIN))
1434 return -EPERM;
1435 if (*ppos != 0)
1436 return -EINVAL;
1437 if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1438 return -EINVAL;
1439
1440 data = memdup_user_nul(buf, count);
1441 if (IS_ERR(data))
1442 return PTR_ERR(data);
1443
1444 smack = kzalloc(count + 1, GFP_KERNEL);
1445 if (smack == NULL) {
1446 rc = -ENOMEM;
1447 goto free_data_out;
1448 }
1449
1450 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
1451 &scanned[0], &scanned[1], &scanned[2], &scanned[3],
1452 &scanned[4], &scanned[5], &scanned[6], &scanned[7],
1453 &mask, smack);
1454 if (i != 10) {
1455 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
1456 &scanned[0], &scanned[1], &scanned[2],
1457 &scanned[3], &scanned[4], &scanned[5],
1458 &scanned[6], &scanned[7], smack);
1459 if (i != 9) {
1460 rc = -EINVAL;
1461 goto free_out;
1462 }
1463 }
1464 if (mask > 128) {
1465 rc = -EINVAL;
1466 goto free_out;
1467 }
1468 for (i = 0; i < 8; i++) {
1469 if (scanned[i] > 0xffff) {
1470 rc = -EINVAL;
1471 goto free_out;
1472 }
1473 newname.s6_addr16[i] = htons(scanned[i]);
1474 }
1475
1476 /*
1477 * If smack begins with '-', it is an option, don't import it
1478 */
1479 if (smack[0] != '-') {
1480 skp = smk_import_entry(smack, 0);
1481 if (IS_ERR(skp)) {
1482 rc = PTR_ERR(skp);
1483 goto free_out;
1484 }
1485 } else {
1486 /*
1487 * Only -DELETE is supported for IPv6
1488 */
1489 if (strcmp(smack, SMACK_DELETE_OPTION) != 0) {
1490 rc = -EINVAL;
1491 goto free_out;
1492 }
1493 }
1494
1495 for (i = 0, m = mask; i < 8; i++) {
1496 if (m >= 16) {
1497 fullmask.s6_addr16[i] = 0xffff;
1498 m -= 16;
1499 } else if (m > 0) {
1500 fullmask.s6_addr16[i] = (1 << m) - 1;
1501 m = 0;
1502 } else
1503 fullmask.s6_addr16[i] = 0;
1504 newname.s6_addr16[i] &= fullmask.s6_addr16[i];
1505 }
1506
1507 /*
1508 * Only allow one writer at a time. Writes should be
1509 * quite rare and small in any case.
1510 */
1511 mutex_lock(&smk_net6addr_lock);
1512 /*
1513 * Try to find the prefix in the list
1514 */
1515 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
1516 if (mask != snp->smk_masks)
1517 continue;
1518 for (found = 1, i = 0; i < 8; i++) {
1519 if (newname.s6_addr16[i] !=
1520 snp->smk_host.s6_addr16[i]) {
1521 found = 0;
1522 break;
1523 }
1524 }
1525 if (found == 1)
1526 break;
1527 }
1528 if (found == 0) {
1529 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1530 if (snp == NULL)
1531 rc = -ENOMEM;
1532 else {
1533 snp->smk_host = newname;
1534 snp->smk_mask = fullmask;
1535 snp->smk_masks = mask;
1536 snp->smk_label = skp;
1537 smk_net6addr_insert(snp);
1538 }
1539 } else {
1540 snp->smk_label = skp;
1541 }
1542
1543 if (rc == 0)
1544 rc = count;
1545
1546 mutex_unlock(&smk_net6addr_lock);
1547
1548 free_out:
1549 kfree(smack);
1550 free_data_out:
1551 kfree(data);
1552
1553 return rc;
1554 }
1555
1556 static const struct file_operations smk_net6addr_ops = {
1557 .open = smk_open_net6addr,
1558 .read = seq_read,
1559 .llseek = seq_lseek,
1560 .write = smk_write_net6addr,
1561 .release = seq_release,
1562 };
1563 #endif /* CONFIG_IPV6 */
1564
1565 /**
1566 * smk_read_doi - read() for /smack/doi
1567 * @filp: file pointer, not actually used
1568 * @buf: where to put the result
1569 * @count: maximum to send along
1570 * @ppos: where to start
1571 *
1572 * Returns number of bytes read or error code, as appropriate
1573 */
smk_read_doi(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1574 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1575 size_t count, loff_t *ppos)
1576 {
1577 char temp[80];
1578 ssize_t rc;
1579
1580 if (*ppos != 0)
1581 return 0;
1582
1583 sprintf(temp, "%d", smk_cipso_doi_value);
1584 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1585
1586 return rc;
1587 }
1588
1589 /**
1590 * smk_write_doi - write() for /smack/doi
1591 * @file: file pointer, not actually used
1592 * @buf: where to get the data from
1593 * @count: bytes sent
1594 * @ppos: where to start
1595 *
1596 * Returns number of bytes written or error code, as appropriate
1597 */
smk_write_doi(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1598 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1599 size_t count, loff_t *ppos)
1600 {
1601 char temp[80];
1602 int i;
1603
1604 if (!smack_privileged(CAP_MAC_ADMIN))
1605 return -EPERM;
1606
1607 if (count >= sizeof(temp) || count == 0)
1608 return -EINVAL;
1609
1610 if (copy_from_user(temp, buf, count) != 0)
1611 return -EFAULT;
1612
1613 temp[count] = '\0';
1614
1615 if (sscanf(temp, "%d", &i) != 1)
1616 return -EINVAL;
1617
1618 smk_cipso_doi_value = i;
1619
1620 smk_cipso_doi();
1621
1622 return count;
1623 }
1624
1625 static const struct file_operations smk_doi_ops = {
1626 .read = smk_read_doi,
1627 .write = smk_write_doi,
1628 .llseek = default_llseek,
1629 };
1630
1631 /**
1632 * smk_read_direct - read() for /smack/direct
1633 * @filp: file pointer, not actually used
1634 * @buf: where to put the result
1635 * @count: maximum to send along
1636 * @ppos: where to start
1637 *
1638 * Returns number of bytes read or error code, as appropriate
1639 */
smk_read_direct(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1640 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1641 size_t count, loff_t *ppos)
1642 {
1643 char temp[80];
1644 ssize_t rc;
1645
1646 if (*ppos != 0)
1647 return 0;
1648
1649 sprintf(temp, "%d", smack_cipso_direct);
1650 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1651
1652 return rc;
1653 }
1654
1655 /**
1656 * smk_write_direct - write() for /smack/direct
1657 * @file: file pointer, not actually used
1658 * @buf: where to get the data from
1659 * @count: bytes sent
1660 * @ppos: where to start
1661 *
1662 * Returns number of bytes written or error code, as appropriate
1663 */
smk_write_direct(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1664 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1665 size_t count, loff_t *ppos)
1666 {
1667 struct smack_known *skp;
1668 char temp[80];
1669 int i;
1670
1671 if (!smack_privileged(CAP_MAC_ADMIN))
1672 return -EPERM;
1673
1674 if (count >= sizeof(temp) || count == 0)
1675 return -EINVAL;
1676
1677 if (copy_from_user(temp, buf, count) != 0)
1678 return -EFAULT;
1679
1680 temp[count] = '\0';
1681
1682 if (sscanf(temp, "%d", &i) != 1)
1683 return -EINVAL;
1684
1685 /*
1686 * Don't do anything if the value hasn't actually changed.
1687 * If it is changing reset the level on entries that were
1688 * set up to be direct when they were created.
1689 */
1690 if (smack_cipso_direct != i) {
1691 mutex_lock(&smack_known_lock);
1692 list_for_each_entry_rcu(skp, &smack_known_list, list)
1693 if (skp->smk_netlabel.attr.mls.lvl ==
1694 smack_cipso_direct)
1695 skp->smk_netlabel.attr.mls.lvl = i;
1696 smack_cipso_direct = i;
1697 mutex_unlock(&smack_known_lock);
1698 }
1699
1700 return count;
1701 }
1702
1703 static const struct file_operations smk_direct_ops = {
1704 .read = smk_read_direct,
1705 .write = smk_write_direct,
1706 .llseek = default_llseek,
1707 };
1708
1709 /**
1710 * smk_read_mapped - read() for /smack/mapped
1711 * @filp: file pointer, not actually used
1712 * @buf: where to put the result
1713 * @count: maximum to send along
1714 * @ppos: where to start
1715 *
1716 * Returns number of bytes read or error code, as appropriate
1717 */
smk_read_mapped(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1718 static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1719 size_t count, loff_t *ppos)
1720 {
1721 char temp[80];
1722 ssize_t rc;
1723
1724 if (*ppos != 0)
1725 return 0;
1726
1727 sprintf(temp, "%d", smack_cipso_mapped);
1728 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1729
1730 return rc;
1731 }
1732
1733 /**
1734 * smk_write_mapped - write() for /smack/mapped
1735 * @file: file pointer, not actually used
1736 * @buf: where to get the data from
1737 * @count: bytes sent
1738 * @ppos: where to start
1739 *
1740 * Returns number of bytes written or error code, as appropriate
1741 */
smk_write_mapped(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1742 static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1743 size_t count, loff_t *ppos)
1744 {
1745 struct smack_known *skp;
1746 char temp[80];
1747 int i;
1748
1749 if (!smack_privileged(CAP_MAC_ADMIN))
1750 return -EPERM;
1751
1752 if (count >= sizeof(temp) || count == 0)
1753 return -EINVAL;
1754
1755 if (copy_from_user(temp, buf, count) != 0)
1756 return -EFAULT;
1757
1758 temp[count] = '\0';
1759
1760 if (sscanf(temp, "%d", &i) != 1)
1761 return -EINVAL;
1762
1763 /*
1764 * Don't do anything if the value hasn't actually changed.
1765 * If it is changing reset the level on entries that were
1766 * set up to be mapped when they were created.
1767 */
1768 if (smack_cipso_mapped != i) {
1769 mutex_lock(&smack_known_lock);
1770 list_for_each_entry_rcu(skp, &smack_known_list, list)
1771 if (skp->smk_netlabel.attr.mls.lvl ==
1772 smack_cipso_mapped)
1773 skp->smk_netlabel.attr.mls.lvl = i;
1774 smack_cipso_mapped = i;
1775 mutex_unlock(&smack_known_lock);
1776 }
1777
1778 return count;
1779 }
1780
1781 static const struct file_operations smk_mapped_ops = {
1782 .read = smk_read_mapped,
1783 .write = smk_write_mapped,
1784 .llseek = default_llseek,
1785 };
1786
1787 /**
1788 * smk_read_ambient - read() for /smack/ambient
1789 * @filp: file pointer, not actually used
1790 * @buf: where to put the result
1791 * @cn: maximum to send along
1792 * @ppos: where to start
1793 *
1794 * Returns number of bytes read or error code, as appropriate
1795 */
smk_read_ambient(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)1796 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1797 size_t cn, loff_t *ppos)
1798 {
1799 ssize_t rc;
1800 int asize;
1801
1802 if (*ppos != 0)
1803 return 0;
1804 /*
1805 * Being careful to avoid a problem in the case where
1806 * smack_net_ambient gets changed in midstream.
1807 */
1808 mutex_lock(&smack_ambient_lock);
1809
1810 asize = strlen(smack_net_ambient->smk_known) + 1;
1811
1812 if (cn >= asize)
1813 rc = simple_read_from_buffer(buf, cn, ppos,
1814 smack_net_ambient->smk_known,
1815 asize);
1816 else
1817 rc = -EINVAL;
1818
1819 mutex_unlock(&smack_ambient_lock);
1820
1821 return rc;
1822 }
1823
1824 /**
1825 * smk_write_ambient - write() for /smack/ambient
1826 * @file: file pointer, not actually used
1827 * @buf: where to get the data from
1828 * @count: bytes sent
1829 * @ppos: where to start
1830 *
1831 * Returns number of bytes written or error code, as appropriate
1832 */
smk_write_ambient(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1833 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1834 size_t count, loff_t *ppos)
1835 {
1836 struct smack_known *skp;
1837 char *oldambient;
1838 char *data;
1839 int rc = count;
1840
1841 if (!smack_privileged(CAP_MAC_ADMIN))
1842 return -EPERM;
1843
1844 /* Enough data must be present */
1845 if (count == 0 || count > PAGE_SIZE)
1846 return -EINVAL;
1847
1848 data = memdup_user_nul(buf, count);
1849 if (IS_ERR(data))
1850 return PTR_ERR(data);
1851
1852 skp = smk_import_entry(data, count);
1853 if (IS_ERR(skp)) {
1854 rc = PTR_ERR(skp);
1855 goto out;
1856 }
1857
1858 mutex_lock(&smack_ambient_lock);
1859
1860 oldambient = smack_net_ambient->smk_known;
1861 smack_net_ambient = skp;
1862 smk_unlbl_ambient(oldambient);
1863
1864 mutex_unlock(&smack_ambient_lock);
1865
1866 out:
1867 kfree(data);
1868 return rc;
1869 }
1870
1871 static const struct file_operations smk_ambient_ops = {
1872 .read = smk_read_ambient,
1873 .write = smk_write_ambient,
1874 .llseek = default_llseek,
1875 };
1876
1877 /*
1878 * Seq_file operations for /smack/onlycap
1879 */
onlycap_seq_start(struct seq_file * s,loff_t * pos)1880 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
1881 {
1882 return smk_seq_start(s, pos, &smack_onlycap_list);
1883 }
1884
onlycap_seq_next(struct seq_file * s,void * v,loff_t * pos)1885 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
1886 {
1887 return smk_seq_next(s, v, pos, &smack_onlycap_list);
1888 }
1889
onlycap_seq_show(struct seq_file * s,void * v)1890 static int onlycap_seq_show(struct seq_file *s, void *v)
1891 {
1892 struct list_head *list = v;
1893 struct smack_known_list_elem *sklep =
1894 list_entry_rcu(list, struct smack_known_list_elem, list);
1895
1896 seq_puts(s, sklep->smk_label->smk_known);
1897 seq_putc(s, ' ');
1898
1899 return 0;
1900 }
1901
1902 static const struct seq_operations onlycap_seq_ops = {
1903 .start = onlycap_seq_start,
1904 .next = onlycap_seq_next,
1905 .show = onlycap_seq_show,
1906 .stop = smk_seq_stop,
1907 };
1908
smk_open_onlycap(struct inode * inode,struct file * file)1909 static int smk_open_onlycap(struct inode *inode, struct file *file)
1910 {
1911 return seq_open(file, &onlycap_seq_ops);
1912 }
1913
1914 /**
1915 * smk_list_swap_rcu - swap public list with a private one in RCU-safe way
1916 * The caller must hold appropriate mutex to prevent concurrent modifications
1917 * to the public list.
1918 * Private list is assumed to be not accessible to other threads yet.
1919 *
1920 * @public: public list
1921 * @private: private list
1922 */
smk_list_swap_rcu(struct list_head * public,struct list_head * private)1923 static void smk_list_swap_rcu(struct list_head *public,
1924 struct list_head *private)
1925 {
1926 struct list_head *first, *last;
1927
1928 if (list_empty(public)) {
1929 list_splice_init_rcu(private, public, synchronize_rcu);
1930 } else {
1931 /* Remember public list before replacing it */
1932 first = public->next;
1933 last = public->prev;
1934
1935 /* Publish private list in place of public in RCU-safe way */
1936 private->prev->next = public;
1937 private->next->prev = public;
1938 rcu_assign_pointer(public->next, private->next);
1939 public->prev = private->prev;
1940
1941 synchronize_rcu();
1942
1943 /* When all readers are done with the old public list,
1944 * attach it in place of private */
1945 private->next = first;
1946 private->prev = last;
1947 first->prev = private;
1948 last->next = private;
1949 }
1950 }
1951
1952 /**
1953 * smk_parse_label_list - parse list of Smack labels, separated by spaces
1954 *
1955 * @data: the string to parse
1956 * @list: destination list
1957 *
1958 * Returns zero on success or error code, as appropriate
1959 */
smk_parse_label_list(char * data,struct list_head * list)1960 static int smk_parse_label_list(char *data, struct list_head *list)
1961 {
1962 char *tok;
1963 struct smack_known *skp;
1964 struct smack_known_list_elem *sklep;
1965
1966 while ((tok = strsep(&data, " ")) != NULL) {
1967 if (!*tok)
1968 continue;
1969
1970 skp = smk_import_entry(tok, 0);
1971 if (IS_ERR(skp))
1972 return PTR_ERR(skp);
1973
1974 sklep = kzalloc(sizeof(*sklep), GFP_KERNEL);
1975 if (sklep == NULL)
1976 return -ENOMEM;
1977
1978 sklep->smk_label = skp;
1979 list_add(&sklep->list, list);
1980 }
1981
1982 return 0;
1983 }
1984
1985 /**
1986 * smk_destroy_label_list - destroy a list of smack_known_list_elem
1987 * @list: header pointer of the list to destroy
1988 */
smk_destroy_label_list(struct list_head * list)1989 void smk_destroy_label_list(struct list_head *list)
1990 {
1991 struct smack_known_list_elem *sklep;
1992 struct smack_known_list_elem *sklep2;
1993
1994 list_for_each_entry_safe(sklep, sklep2, list, list)
1995 kfree(sklep);
1996
1997 INIT_LIST_HEAD(list);
1998 }
1999
2000 /**
2001 * smk_write_onlycap - write() for smackfs/onlycap
2002 * @file: file pointer, not actually used
2003 * @buf: where to get the data from
2004 * @count: bytes sent
2005 * @ppos: where to start
2006 *
2007 * Returns number of bytes written or error code, as appropriate
2008 */
smk_write_onlycap(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2009 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
2010 size_t count, loff_t *ppos)
2011 {
2012 char *data;
2013 LIST_HEAD(list_tmp);
2014 int rc;
2015
2016 if (!smack_privileged(CAP_MAC_ADMIN))
2017 return -EPERM;
2018
2019 if (count > PAGE_SIZE)
2020 return -EINVAL;
2021
2022 data = memdup_user_nul(buf, count);
2023 if (IS_ERR(data))
2024 return PTR_ERR(data);
2025
2026 rc = smk_parse_label_list(data, &list_tmp);
2027 kfree(data);
2028
2029 /*
2030 * Clear the smack_onlycap on invalid label errors. This means
2031 * that we can pass a null string to unset the onlycap value.
2032 *
2033 * Importing will also reject a label beginning with '-',
2034 * so "-usecapabilities" will also work.
2035 *
2036 * But do so only on invalid label, not on system errors.
2037 * The invalid label must be first to count as clearing attempt.
2038 */
2039 if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2040 mutex_lock(&smack_onlycap_lock);
2041 smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
2042 mutex_unlock(&smack_onlycap_lock);
2043 rc = count;
2044 }
2045
2046 smk_destroy_label_list(&list_tmp);
2047
2048 return rc;
2049 }
2050
2051 static const struct file_operations smk_onlycap_ops = {
2052 .open = smk_open_onlycap,
2053 .read = seq_read,
2054 .write = smk_write_onlycap,
2055 .llseek = seq_lseek,
2056 .release = seq_release,
2057 };
2058
2059 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2060 /**
2061 * smk_read_unconfined - read() for smackfs/unconfined
2062 * @filp: file pointer, not actually used
2063 * @buf: where to put the result
2064 * @cn: maximum to send along
2065 * @ppos: where to start
2066 *
2067 * Returns number of bytes read or error code, as appropriate
2068 */
smk_read_unconfined(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2069 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
2070 size_t cn, loff_t *ppos)
2071 {
2072 char *smack = "";
2073 ssize_t rc = -EINVAL;
2074 int asize;
2075
2076 if (*ppos != 0)
2077 return 0;
2078
2079 if (smack_unconfined != NULL)
2080 smack = smack_unconfined->smk_known;
2081
2082 asize = strlen(smack) + 1;
2083
2084 if (cn >= asize)
2085 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
2086
2087 return rc;
2088 }
2089
2090 /**
2091 * smk_write_unconfined - write() for smackfs/unconfined
2092 * @file: file pointer, not actually used
2093 * @buf: where to get the data from
2094 * @count: bytes sent
2095 * @ppos: where to start
2096 *
2097 * Returns number of bytes written or error code, as appropriate
2098 */
smk_write_unconfined(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2099 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
2100 size_t count, loff_t *ppos)
2101 {
2102 char *data;
2103 struct smack_known *skp;
2104 int rc = count;
2105
2106 if (!smack_privileged(CAP_MAC_ADMIN))
2107 return -EPERM;
2108
2109 if (count > PAGE_SIZE)
2110 return -EINVAL;
2111
2112 data = memdup_user_nul(buf, count);
2113 if (IS_ERR(data))
2114 return PTR_ERR(data);
2115
2116 /*
2117 * Clear the smack_unconfined on invalid label errors. This means
2118 * that we can pass a null string to unset the unconfined value.
2119 *
2120 * Importing will also reject a label beginning with '-',
2121 * so "-confine" will also work.
2122 *
2123 * But do so only on invalid label, not on system errors.
2124 */
2125 skp = smk_import_entry(data, count);
2126 if (PTR_ERR(skp) == -EINVAL)
2127 skp = NULL;
2128 else if (IS_ERR(skp)) {
2129 rc = PTR_ERR(skp);
2130 goto freeout;
2131 }
2132
2133 smack_unconfined = skp;
2134
2135 freeout:
2136 kfree(data);
2137 return rc;
2138 }
2139
2140 static const struct file_operations smk_unconfined_ops = {
2141 .read = smk_read_unconfined,
2142 .write = smk_write_unconfined,
2143 .llseek = default_llseek,
2144 };
2145 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */
2146
2147 /**
2148 * smk_read_logging - read() for /smack/logging
2149 * @filp: file pointer, not actually used
2150 * @buf: where to put the result
2151 * @count: maximum to send along
2152 * @ppos: where to start
2153 *
2154 * Returns number of bytes read or error code, as appropriate
2155 */
smk_read_logging(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2156 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
2157 size_t count, loff_t *ppos)
2158 {
2159 char temp[32];
2160 ssize_t rc;
2161
2162 if (*ppos != 0)
2163 return 0;
2164
2165 sprintf(temp, "%d\n", log_policy);
2166 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2167 return rc;
2168 }
2169
2170 /**
2171 * smk_write_logging - write() for /smack/logging
2172 * @file: file pointer, not actually used
2173 * @buf: where to get the data from
2174 * @count: bytes sent
2175 * @ppos: where to start
2176 *
2177 * Returns number of bytes written or error code, as appropriate
2178 */
smk_write_logging(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2179 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
2180 size_t count, loff_t *ppos)
2181 {
2182 char temp[32];
2183 int i;
2184
2185 if (!smack_privileged(CAP_MAC_ADMIN))
2186 return -EPERM;
2187
2188 if (count >= sizeof(temp) || count == 0)
2189 return -EINVAL;
2190
2191 if (copy_from_user(temp, buf, count) != 0)
2192 return -EFAULT;
2193
2194 temp[count] = '\0';
2195
2196 if (sscanf(temp, "%d", &i) != 1)
2197 return -EINVAL;
2198 if (i < 0 || i > 3)
2199 return -EINVAL;
2200 log_policy = i;
2201 return count;
2202 }
2203
2204
2205
2206 static const struct file_operations smk_logging_ops = {
2207 .read = smk_read_logging,
2208 .write = smk_write_logging,
2209 .llseek = default_llseek,
2210 };
2211
2212 /*
2213 * Seq_file read operations for /smack/load-self
2214 */
2215
load_self_seq_start(struct seq_file * s,loff_t * pos)2216 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
2217 {
2218 struct task_smack *tsp = smack_cred(current_cred());
2219
2220 return smk_seq_start(s, pos, &tsp->smk_rules);
2221 }
2222
load_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2223 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2224 {
2225 struct task_smack *tsp = smack_cred(current_cred());
2226
2227 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2228 }
2229
load_self_seq_show(struct seq_file * s,void * v)2230 static int load_self_seq_show(struct seq_file *s, void *v)
2231 {
2232 struct list_head *list = v;
2233 struct smack_rule *srp =
2234 list_entry_rcu(list, struct smack_rule, list);
2235
2236 smk_rule_show(s, srp, SMK_LABELLEN);
2237
2238 return 0;
2239 }
2240
2241 static const struct seq_operations load_self_seq_ops = {
2242 .start = load_self_seq_start,
2243 .next = load_self_seq_next,
2244 .show = load_self_seq_show,
2245 .stop = smk_seq_stop,
2246 };
2247
2248
2249 /**
2250 * smk_open_load_self - open() for /smack/load-self2
2251 * @inode: inode structure representing file
2252 * @file: "load" file pointer
2253 *
2254 * For reading, use load_seq_* seq_file reading operations.
2255 */
smk_open_load_self(struct inode * inode,struct file * file)2256 static int smk_open_load_self(struct inode *inode, struct file *file)
2257 {
2258 return seq_open(file, &load_self_seq_ops);
2259 }
2260
2261 /**
2262 * smk_write_load_self - write() for /smack/load-self
2263 * @file: file pointer, not actually used
2264 * @buf: where to get the data from
2265 * @count: bytes sent
2266 * @ppos: where to start - must be 0
2267 *
2268 */
smk_write_load_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2269 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
2270 size_t count, loff_t *ppos)
2271 {
2272 struct task_smack *tsp = smack_cred(current_cred());
2273
2274 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2275 &tsp->smk_rules_lock, SMK_FIXED24_FMT);
2276 }
2277
2278 static const struct file_operations smk_load_self_ops = {
2279 .open = smk_open_load_self,
2280 .read = seq_read,
2281 .llseek = seq_lseek,
2282 .write = smk_write_load_self,
2283 .release = seq_release,
2284 };
2285
2286 /**
2287 * smk_user_access - handle access check transaction
2288 * @file: file pointer
2289 * @buf: data from user space
2290 * @count: bytes sent
2291 * @ppos: where to start - must be 0
2292 * @format: /smack/load or /smack/load2 or /smack/change-rule format.
2293 */
smk_user_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)2294 static ssize_t smk_user_access(struct file *file, const char __user *buf,
2295 size_t count, loff_t *ppos, int format)
2296 {
2297 struct smack_parsed_rule rule;
2298 char *data;
2299 int res;
2300
2301 data = simple_transaction_get(file, buf, count);
2302 if (IS_ERR(data))
2303 return PTR_ERR(data);
2304
2305 if (format == SMK_FIXED24_FMT) {
2306 if (count < SMK_LOADLEN)
2307 return -EINVAL;
2308 res = smk_parse_rule(data, &rule, 0);
2309 } else {
2310 /*
2311 * simple_transaction_get() returns null-terminated data
2312 */
2313 res = smk_parse_long_rule(data, &rule, 0, 3);
2314 }
2315
2316 if (res >= 0)
2317 res = smk_access(rule.smk_subject, rule.smk_object,
2318 rule.smk_access1, NULL);
2319 else if (res != -ENOENT)
2320 return res;
2321
2322 /*
2323 * smk_access() can return a value > 0 in the "bringup" case.
2324 */
2325 data[0] = res >= 0 ? '1' : '0';
2326 data[1] = '\0';
2327
2328 simple_transaction_set(file, 2);
2329
2330 if (format == SMK_FIXED24_FMT)
2331 return SMK_LOADLEN;
2332 return count;
2333 }
2334
2335 /**
2336 * smk_write_access - handle access check transaction
2337 * @file: file pointer
2338 * @buf: data from user space
2339 * @count: bytes sent
2340 * @ppos: where to start - must be 0
2341 */
smk_write_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2342 static ssize_t smk_write_access(struct file *file, const char __user *buf,
2343 size_t count, loff_t *ppos)
2344 {
2345 return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
2346 }
2347
2348 static const struct file_operations smk_access_ops = {
2349 .write = smk_write_access,
2350 .read = simple_transaction_read,
2351 .release = simple_transaction_release,
2352 .llseek = generic_file_llseek,
2353 };
2354
2355
2356 /*
2357 * Seq_file read operations for /smack/load2
2358 */
2359
load2_seq_show(struct seq_file * s,void * v)2360 static int load2_seq_show(struct seq_file *s, void *v)
2361 {
2362 struct list_head *list = v;
2363 struct smack_rule *srp;
2364 struct smack_known *skp =
2365 list_entry_rcu(list, struct smack_known, list);
2366
2367 list_for_each_entry_rcu(srp, &skp->smk_rules, list)
2368 smk_rule_show(s, srp, SMK_LONGLABEL);
2369
2370 return 0;
2371 }
2372
2373 static const struct seq_operations load2_seq_ops = {
2374 .start = load2_seq_start,
2375 .next = load2_seq_next,
2376 .show = load2_seq_show,
2377 .stop = smk_seq_stop,
2378 };
2379
2380 /**
2381 * smk_open_load2 - open() for /smack/load2
2382 * @inode: inode structure representing file
2383 * @file: "load2" file pointer
2384 *
2385 * For reading, use load2_seq_* seq_file reading operations.
2386 */
smk_open_load2(struct inode * inode,struct file * file)2387 static int smk_open_load2(struct inode *inode, struct file *file)
2388 {
2389 return seq_open(file, &load2_seq_ops);
2390 }
2391
2392 /**
2393 * smk_write_load2 - write() for /smack/load2
2394 * @file: file pointer, not actually used
2395 * @buf: where to get the data from
2396 * @count: bytes sent
2397 * @ppos: where to start - must be 0
2398 *
2399 */
smk_write_load2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2400 static ssize_t smk_write_load2(struct file *file, const char __user *buf,
2401 size_t count, loff_t *ppos)
2402 {
2403 /*
2404 * Must have privilege.
2405 */
2406 if (!smack_privileged(CAP_MAC_ADMIN))
2407 return -EPERM;
2408
2409 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2410 SMK_LONG_FMT);
2411 }
2412
2413 static const struct file_operations smk_load2_ops = {
2414 .open = smk_open_load2,
2415 .read = seq_read,
2416 .llseek = seq_lseek,
2417 .write = smk_write_load2,
2418 .release = seq_release,
2419 };
2420
2421 /*
2422 * Seq_file read operations for /smack/load-self2
2423 */
2424
load_self2_seq_start(struct seq_file * s,loff_t * pos)2425 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
2426 {
2427 struct task_smack *tsp = smack_cred(current_cred());
2428
2429 return smk_seq_start(s, pos, &tsp->smk_rules);
2430 }
2431
load_self2_seq_next(struct seq_file * s,void * v,loff_t * pos)2432 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
2433 {
2434 struct task_smack *tsp = smack_cred(current_cred());
2435
2436 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2437 }
2438
load_self2_seq_show(struct seq_file * s,void * v)2439 static int load_self2_seq_show(struct seq_file *s, void *v)
2440 {
2441 struct list_head *list = v;
2442 struct smack_rule *srp =
2443 list_entry_rcu(list, struct smack_rule, list);
2444
2445 smk_rule_show(s, srp, SMK_LONGLABEL);
2446
2447 return 0;
2448 }
2449
2450 static const struct seq_operations load_self2_seq_ops = {
2451 .start = load_self2_seq_start,
2452 .next = load_self2_seq_next,
2453 .show = load_self2_seq_show,
2454 .stop = smk_seq_stop,
2455 };
2456
2457 /**
2458 * smk_open_load_self2 - open() for /smack/load-self2
2459 * @inode: inode structure representing file
2460 * @file: "load" file pointer
2461 *
2462 * For reading, use load_seq_* seq_file reading operations.
2463 */
smk_open_load_self2(struct inode * inode,struct file * file)2464 static int smk_open_load_self2(struct inode *inode, struct file *file)
2465 {
2466 return seq_open(file, &load_self2_seq_ops);
2467 }
2468
2469 /**
2470 * smk_write_load_self2 - write() for /smack/load-self2
2471 * @file: file pointer, not actually used
2472 * @buf: where to get the data from
2473 * @count: bytes sent
2474 * @ppos: where to start - must be 0
2475 *
2476 */
smk_write_load_self2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2477 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
2478 size_t count, loff_t *ppos)
2479 {
2480 struct task_smack *tsp = smack_cred(current_cred());
2481
2482 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2483 &tsp->smk_rules_lock, SMK_LONG_FMT);
2484 }
2485
2486 static const struct file_operations smk_load_self2_ops = {
2487 .open = smk_open_load_self2,
2488 .read = seq_read,
2489 .llseek = seq_lseek,
2490 .write = smk_write_load_self2,
2491 .release = seq_release,
2492 };
2493
2494 /**
2495 * smk_write_access2 - handle access check transaction
2496 * @file: file pointer
2497 * @buf: data from user space
2498 * @count: bytes sent
2499 * @ppos: where to start - must be 0
2500 */
smk_write_access2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2501 static ssize_t smk_write_access2(struct file *file, const char __user *buf,
2502 size_t count, loff_t *ppos)
2503 {
2504 return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
2505 }
2506
2507 static const struct file_operations smk_access2_ops = {
2508 .write = smk_write_access2,
2509 .read = simple_transaction_read,
2510 .release = simple_transaction_release,
2511 .llseek = generic_file_llseek,
2512 };
2513
2514 /**
2515 * smk_write_revoke_subj - write() for /smack/revoke-subject
2516 * @file: file pointer
2517 * @buf: data from user space
2518 * @count: bytes sent
2519 * @ppos: where to start - must be 0
2520 */
smk_write_revoke_subj(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2521 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
2522 size_t count, loff_t *ppos)
2523 {
2524 char *data;
2525 const char *cp;
2526 struct smack_known *skp;
2527 struct smack_rule *sp;
2528 struct list_head *rule_list;
2529 struct mutex *rule_lock;
2530 int rc = count;
2531
2532 if (*ppos != 0)
2533 return -EINVAL;
2534
2535 if (!smack_privileged(CAP_MAC_ADMIN))
2536 return -EPERM;
2537
2538 if (count == 0 || count > SMK_LONGLABEL)
2539 return -EINVAL;
2540
2541 data = memdup_user(buf, count);
2542 if (IS_ERR(data))
2543 return PTR_ERR(data);
2544
2545 cp = smk_parse_smack(data, count);
2546 if (IS_ERR(cp)) {
2547 rc = PTR_ERR(cp);
2548 goto out_data;
2549 }
2550
2551 skp = smk_find_entry(cp);
2552 if (skp == NULL)
2553 goto out_cp;
2554
2555 rule_list = &skp->smk_rules;
2556 rule_lock = &skp->smk_rules_lock;
2557
2558 mutex_lock(rule_lock);
2559
2560 list_for_each_entry_rcu(sp, rule_list, list)
2561 sp->smk_access = 0;
2562
2563 mutex_unlock(rule_lock);
2564
2565 out_cp:
2566 kfree(cp);
2567 out_data:
2568 kfree(data);
2569
2570 return rc;
2571 }
2572
2573 static const struct file_operations smk_revoke_subj_ops = {
2574 .write = smk_write_revoke_subj,
2575 .read = simple_transaction_read,
2576 .release = simple_transaction_release,
2577 .llseek = generic_file_llseek,
2578 };
2579
2580 /**
2581 * smk_init_sysfs - initialize /sys/fs/smackfs
2582 *
2583 */
smk_init_sysfs(void)2584 static int smk_init_sysfs(void)
2585 {
2586 return sysfs_create_mount_point(fs_kobj, "smackfs");
2587 }
2588
2589 /**
2590 * smk_write_change_rule - write() for /smack/change-rule
2591 * @file: file pointer
2592 * @buf: data from user space
2593 * @count: bytes sent
2594 * @ppos: where to start - must be 0
2595 */
smk_write_change_rule(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2596 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
2597 size_t count, loff_t *ppos)
2598 {
2599 /*
2600 * Must have privilege.
2601 */
2602 if (!smack_privileged(CAP_MAC_ADMIN))
2603 return -EPERM;
2604
2605 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2606 SMK_CHANGE_FMT);
2607 }
2608
2609 static const struct file_operations smk_change_rule_ops = {
2610 .write = smk_write_change_rule,
2611 .read = simple_transaction_read,
2612 .release = simple_transaction_release,
2613 .llseek = generic_file_llseek,
2614 };
2615
2616 /**
2617 * smk_read_syslog - read() for smackfs/syslog
2618 * @filp: file pointer, not actually used
2619 * @buf: where to put the result
2620 * @cn: maximum to send along
2621 * @ppos: where to start
2622 *
2623 * Returns number of bytes read or error code, as appropriate
2624 */
smk_read_syslog(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2625 static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
2626 size_t cn, loff_t *ppos)
2627 {
2628 struct smack_known *skp;
2629 ssize_t rc = -EINVAL;
2630 int asize;
2631
2632 if (*ppos != 0)
2633 return 0;
2634
2635 if (smack_syslog_label == NULL)
2636 skp = &smack_known_star;
2637 else
2638 skp = smack_syslog_label;
2639
2640 asize = strlen(skp->smk_known) + 1;
2641
2642 if (cn >= asize)
2643 rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
2644 asize);
2645
2646 return rc;
2647 }
2648
2649 /**
2650 * smk_write_syslog - write() for smackfs/syslog
2651 * @file: file pointer, not actually used
2652 * @buf: where to get the data from
2653 * @count: bytes sent
2654 * @ppos: where to start
2655 *
2656 * Returns number of bytes written or error code, as appropriate
2657 */
smk_write_syslog(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2658 static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
2659 size_t count, loff_t *ppos)
2660 {
2661 char *data;
2662 struct smack_known *skp;
2663 int rc = count;
2664
2665 if (!smack_privileged(CAP_MAC_ADMIN))
2666 return -EPERM;
2667
2668 /* Enough data must be present */
2669 if (count == 0 || count > PAGE_SIZE)
2670 return -EINVAL;
2671
2672 data = memdup_user_nul(buf, count);
2673 if (IS_ERR(data))
2674 return PTR_ERR(data);
2675
2676 skp = smk_import_entry(data, count);
2677 if (IS_ERR(skp))
2678 rc = PTR_ERR(skp);
2679 else
2680 smack_syslog_label = skp;
2681
2682 kfree(data);
2683 return rc;
2684 }
2685
2686 static const struct file_operations smk_syslog_ops = {
2687 .read = smk_read_syslog,
2688 .write = smk_write_syslog,
2689 .llseek = default_llseek,
2690 };
2691
2692 /*
2693 * Seq_file read operations for /smack/relabel-self
2694 */
2695
relabel_self_seq_start(struct seq_file * s,loff_t * pos)2696 static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos)
2697 {
2698 struct task_smack *tsp = smack_cred(current_cred());
2699
2700 return smk_seq_start(s, pos, &tsp->smk_relabel);
2701 }
2702
relabel_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2703 static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2704 {
2705 struct task_smack *tsp = smack_cred(current_cred());
2706
2707 return smk_seq_next(s, v, pos, &tsp->smk_relabel);
2708 }
2709
relabel_self_seq_show(struct seq_file * s,void * v)2710 static int relabel_self_seq_show(struct seq_file *s, void *v)
2711 {
2712 struct list_head *list = v;
2713 struct smack_known_list_elem *sklep =
2714 list_entry(list, struct smack_known_list_elem, list);
2715
2716 seq_puts(s, sklep->smk_label->smk_known);
2717 seq_putc(s, ' ');
2718
2719 return 0;
2720 }
2721
2722 static const struct seq_operations relabel_self_seq_ops = {
2723 .start = relabel_self_seq_start,
2724 .next = relabel_self_seq_next,
2725 .show = relabel_self_seq_show,
2726 .stop = smk_seq_stop,
2727 };
2728
2729 /**
2730 * smk_open_relabel_self - open() for /smack/relabel-self
2731 * @inode: inode structure representing file
2732 * @file: "relabel-self" file pointer
2733 *
2734 * Connect our relabel_self_seq_* operations with /smack/relabel-self
2735 * file_operations
2736 */
smk_open_relabel_self(struct inode * inode,struct file * file)2737 static int smk_open_relabel_self(struct inode *inode, struct file *file)
2738 {
2739 return seq_open(file, &relabel_self_seq_ops);
2740 }
2741
2742 /**
2743 * smk_write_relabel_self - write() for /smack/relabel-self
2744 * @file: file pointer, not actually used
2745 * @buf: where to get the data from
2746 * @count: bytes sent
2747 * @ppos: where to start - must be 0
2748 *
2749 */
smk_write_relabel_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2750 static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
2751 size_t count, loff_t *ppos)
2752 {
2753 char *data;
2754 int rc;
2755 LIST_HEAD(list_tmp);
2756
2757 /*
2758 * Must have privilege.
2759 */
2760 if (!smack_privileged(CAP_MAC_ADMIN))
2761 return -EPERM;
2762
2763 /*
2764 * No partial write.
2765 * Enough data must be present.
2766 */
2767 if (*ppos != 0)
2768 return -EINVAL;
2769 if (count == 0 || count > PAGE_SIZE)
2770 return -EINVAL;
2771
2772 data = memdup_user_nul(buf, count);
2773 if (IS_ERR(data))
2774 return PTR_ERR(data);
2775
2776 rc = smk_parse_label_list(data, &list_tmp);
2777 kfree(data);
2778
2779 if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2780 struct cred *new;
2781 struct task_smack *tsp;
2782
2783 new = prepare_creds();
2784 if (!new) {
2785 rc = -ENOMEM;
2786 goto out;
2787 }
2788 tsp = smack_cred(new);
2789 smk_destroy_label_list(&tsp->smk_relabel);
2790 list_splice(&list_tmp, &tsp->smk_relabel);
2791 commit_creds(new);
2792 return count;
2793 }
2794 out:
2795 smk_destroy_label_list(&list_tmp);
2796 return rc;
2797 }
2798
2799 static const struct file_operations smk_relabel_self_ops = {
2800 .open = smk_open_relabel_self,
2801 .read = seq_read,
2802 .llseek = seq_lseek,
2803 .write = smk_write_relabel_self,
2804 .release = seq_release,
2805 };
2806
2807 /**
2808 * smk_read_ptrace - read() for /smack/ptrace
2809 * @filp: file pointer, not actually used
2810 * @buf: where to put the result
2811 * @count: maximum to send along
2812 * @ppos: where to start
2813 *
2814 * Returns number of bytes read or error code, as appropriate
2815 */
smk_read_ptrace(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2816 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf,
2817 size_t count, loff_t *ppos)
2818 {
2819 char temp[32];
2820 ssize_t rc;
2821
2822 if (*ppos != 0)
2823 return 0;
2824
2825 sprintf(temp, "%d\n", smack_ptrace_rule);
2826 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2827 return rc;
2828 }
2829
2830 /**
2831 * smk_write_ptrace - write() for /smack/ptrace
2832 * @file: file pointer
2833 * @buf: data from user space
2834 * @count: bytes sent
2835 * @ppos: where to start - must be 0
2836 */
smk_write_ptrace(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2837 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf,
2838 size_t count, loff_t *ppos)
2839 {
2840 char temp[32];
2841 int i;
2842
2843 if (!smack_privileged(CAP_MAC_ADMIN))
2844 return -EPERM;
2845
2846 if (*ppos != 0 || count >= sizeof(temp) || count == 0)
2847 return -EINVAL;
2848
2849 if (copy_from_user(temp, buf, count) != 0)
2850 return -EFAULT;
2851
2852 temp[count] = '\0';
2853
2854 if (sscanf(temp, "%d", &i) != 1)
2855 return -EINVAL;
2856 if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX)
2857 return -EINVAL;
2858 smack_ptrace_rule = i;
2859
2860 return count;
2861 }
2862
2863 static const struct file_operations smk_ptrace_ops = {
2864 .write = smk_write_ptrace,
2865 .read = smk_read_ptrace,
2866 .llseek = default_llseek,
2867 };
2868
2869 /**
2870 * smk_fill_super - fill the smackfs superblock
2871 * @sb: the empty superblock
2872 * @fc: unused
2873 *
2874 * Fill in the well known entries for the smack filesystem
2875 *
2876 * Returns 0 on success, an error code on failure
2877 */
smk_fill_super(struct super_block * sb,struct fs_context * fc)2878 static int smk_fill_super(struct super_block *sb, struct fs_context *fc)
2879 {
2880 int rc;
2881
2882 static const struct tree_descr smack_files[] = {
2883 [SMK_LOAD] = {
2884 "load", &smk_load_ops, S_IRUGO|S_IWUSR},
2885 [SMK_CIPSO] = {
2886 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2887 [SMK_DOI] = {
2888 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2889 [SMK_DIRECT] = {
2890 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2891 [SMK_AMBIENT] = {
2892 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2893 [SMK_NET4ADDR] = {
2894 "netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR},
2895 [SMK_ONLYCAP] = {
2896 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2897 [SMK_LOGGING] = {
2898 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2899 [SMK_LOAD_SELF] = {
2900 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2901 [SMK_ACCESSES] = {
2902 "access", &smk_access_ops, S_IRUGO|S_IWUGO},
2903 [SMK_MAPPED] = {
2904 "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2905 [SMK_LOAD2] = {
2906 "load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2907 [SMK_LOAD_SELF2] = {
2908 "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2909 [SMK_ACCESS2] = {
2910 "access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2911 [SMK_CIPSO2] = {
2912 "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2913 [SMK_REVOKE_SUBJ] = {
2914 "revoke-subject", &smk_revoke_subj_ops,
2915 S_IRUGO|S_IWUSR},
2916 [SMK_CHANGE_RULE] = {
2917 "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
2918 [SMK_SYSLOG] = {
2919 "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
2920 [SMK_PTRACE] = {
2921 "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
2922 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2923 [SMK_UNCONFINED] = {
2924 "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
2925 #endif
2926 #if IS_ENABLED(CONFIG_IPV6)
2927 [SMK_NET6ADDR] = {
2928 "ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR},
2929 #endif /* CONFIG_IPV6 */
2930 [SMK_RELABEL_SELF] = {
2931 "relabel-self", &smk_relabel_self_ops,
2932 S_IRUGO|S_IWUGO},
2933 /* last one */
2934 {""}
2935 };
2936
2937 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2938 if (rc != 0) {
2939 printk(KERN_ERR "%s failed %d while creating inodes\n",
2940 __func__, rc);
2941 return rc;
2942 }
2943
2944 return 0;
2945 }
2946
2947 /**
2948 * smk_get_tree - get the smackfs superblock
2949 * @fc: The mount context, including any options
2950 *
2951 * Just passes everything along.
2952 *
2953 * Returns what the lower level code does.
2954 */
smk_get_tree(struct fs_context * fc)2955 static int smk_get_tree(struct fs_context *fc)
2956 {
2957 return get_tree_single(fc, smk_fill_super);
2958 }
2959
2960 static const struct fs_context_operations smk_context_ops = {
2961 .get_tree = smk_get_tree,
2962 };
2963
2964 /**
2965 * smk_init_fs_context - Initialise a filesystem context for smackfs
2966 * @fc: The blank mount context
2967 */
smk_init_fs_context(struct fs_context * fc)2968 static int smk_init_fs_context(struct fs_context *fc)
2969 {
2970 fc->ops = &smk_context_ops;
2971 return 0;
2972 }
2973
2974 static struct file_system_type smk_fs_type = {
2975 .name = "smackfs",
2976 .init_fs_context = smk_init_fs_context,
2977 .kill_sb = kill_litter_super,
2978 };
2979
2980 static struct vfsmount *smackfs_mount;
2981
2982 /**
2983 * init_smk_fs - get the smackfs superblock
2984 *
2985 * register the smackfs
2986 *
2987 * Do not register smackfs if Smack wasn't enabled
2988 * on boot. We can not put this method normally under the
2989 * smack_init() code path since the security subsystem get
2990 * initialized before the vfs caches.
2991 *
2992 * Returns true if we were not chosen on boot or if
2993 * we were chosen and filesystem registration succeeded.
2994 */
init_smk_fs(void)2995 static int __init init_smk_fs(void)
2996 {
2997 int err;
2998 int rc;
2999
3000 if (smack_enabled == 0)
3001 return 0;
3002
3003 err = smk_init_sysfs();
3004 if (err)
3005 printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
3006
3007 err = register_filesystem(&smk_fs_type);
3008 if (!err) {
3009 smackfs_mount = kern_mount(&smk_fs_type);
3010 if (IS_ERR(smackfs_mount)) {
3011 printk(KERN_ERR "smackfs: could not mount!\n");
3012 err = PTR_ERR(smackfs_mount);
3013 smackfs_mount = NULL;
3014 }
3015 }
3016
3017 smk_cipso_doi();
3018 smk_unlbl_ambient(NULL);
3019
3020 rc = smack_populate_secattr(&smack_known_floor);
3021 if (err == 0 && rc < 0)
3022 err = rc;
3023 rc = smack_populate_secattr(&smack_known_hat);
3024 if (err == 0 && rc < 0)
3025 err = rc;
3026 rc = smack_populate_secattr(&smack_known_huh);
3027 if (err == 0 && rc < 0)
3028 err = rc;
3029 rc = smack_populate_secattr(&smack_known_star);
3030 if (err == 0 && rc < 0)
3031 err = rc;
3032 rc = smack_populate_secattr(&smack_known_web);
3033 if (err == 0 && rc < 0)
3034 err = rc;
3035
3036 return err;
3037 }
3038
3039 __initcall(init_smk_fs);
3040