xref: /openbmc/linux/security/smack/smack.h (revision 39b6f3aa) 
1 /*
2  * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3  *
4  *      This program is free software; you can redistribute it and/or modify
5  *      it under the terms of the GNU General Public License as published by
6  *      the Free Software Foundation, version 2.
7  *
8  * Author:
9  *      Casey Schaufler <casey@schaufler-ca.com>
10  *
11  */
12 
13 #ifndef _SECURITY_SMACK_H
14 #define _SECURITY_SMACK_H
15 
16 #include <linux/capability.h>
17 #include <linux/spinlock.h>
18 #include <linux/security.h>
19 #include <linux/in.h>
20 #include <net/netlabel.h>
21 #include <linux/list.h>
22 #include <linux/rculist.h>
23 #include <linux/lsm_audit.h>
24 
25 /*
26  * Smack labels were limited to 23 characters for a long time.
27  */
28 #define SMK_LABELLEN	24
29 #define SMK_LONGLABEL	256
30 
31 /*
32  * Maximum number of bytes for the levels in a CIPSO IP option.
33  * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is
34  * bigger than can be used, and 24 is the next lower multiple
35  * of 8, and there are too many issues if there isn't space set
36  * aside for the terminating null byte.
37  */
38 #define SMK_CIPSOLEN	24
39 
40 struct superblock_smack {
41 	char		*smk_root;
42 	char		*smk_floor;
43 	char		*smk_hat;
44 	char		*smk_default;
45 	int		smk_initialized;
46 };
47 
48 struct socket_smack {
49 	char		*smk_out;	/* outbound label */
50 	char		*smk_in;	/* inbound label */
51 	char		*smk_packet;	/* TCP peer label */
52 };
53 
54 /*
55  * Inode smack data
56  */
57 struct inode_smack {
58 	char		*smk_inode;	/* label of the fso */
59 	char		*smk_task;	/* label of the task */
60 	char		*smk_mmap;	/* label of the mmap domain */
61 	struct mutex	smk_lock;	/* initialization lock */
62 	int		smk_flags;	/* smack inode flags */
63 };
64 
65 struct task_smack {
66 	char			*smk_task;	/* label for access control */
67 	char			*smk_forked;	/* label when forked */
68 	struct list_head	smk_rules;	/* per task access rules */
69 	struct mutex		smk_rules_lock;	/* lock for the rules */
70 };
71 
72 #define	SMK_INODE_INSTANT	0x01	/* inode is instantiated */
73 #define	SMK_INODE_TRANSMUTE	0x02	/* directory is transmuting */
74 #define	SMK_INODE_CHANGED	0x04	/* smack was transmuted */
75 
76 /*
77  * A label access rule.
78  */
79 struct smack_rule {
80 	struct list_head	list;
81 	char			*smk_subject;
82 	char			*smk_object;
83 	int			smk_access;
84 };
85 
86 /*
87  * An entry in the table identifying hosts.
88  */
89 struct smk_netlbladdr {
90 	struct list_head	list;
91 	struct sockaddr_in	smk_host;	/* network address */
92 	struct in_addr		smk_mask;	/* network mask */
93 	char			*smk_label;	/* label */
94 };
95 
96 /*
97  * This is the repository for labels seen so that it is
98  * not necessary to keep allocating tiny chuncks of memory
99  * and so that they can be shared.
100  *
101  * Labels are never modified in place. Anytime a label
102  * is imported (e.g. xattrset on a file) the list is checked
103  * for it and it is added if it doesn't exist. The address
104  * is passed out in either case. Entries are added, but
105  * never deleted.
106  *
107  * Since labels are hanging around anyway it doesn't
108  * hurt to maintain a secid for those awkward situations
109  * where kernel components that ought to use LSM independent
110  * interfaces don't. The secid should go away when all of
111  * these components have been repaired.
112  *
113  * The cipso value associated with the label gets stored here, too.
114  *
115  * Keep the access rules for this subject label here so that
116  * the entire set of rules does not need to be examined every
117  * time.
118  */
119 struct smack_known {
120 	struct list_head		list;
121 	char				*smk_known;
122 	u32				smk_secid;
123 	struct netlbl_lsm_secattr	smk_netlabel;	/* on wire labels */
124 	struct list_head		smk_rules;	/* access rules */
125 	struct mutex			smk_rules_lock;	/* lock for rules */
126 };
127 
128 /*
129  * Mount options
130  */
131 #define SMK_FSDEFAULT	"smackfsdef="
132 #define SMK_FSFLOOR	"smackfsfloor="
133 #define SMK_FSHAT	"smackfshat="
134 #define SMK_FSROOT	"smackfsroot="
135 
136 #define SMACK_CIPSO_OPTION 	"-CIPSO"
137 
138 /*
139  * How communications on this socket are treated.
140  * Usually it's determined by the underlying netlabel code
141  * but there are certain cases, including single label hosts
142  * and potentially single label interfaces for which the
143  * treatment can not be known in advance.
144  *
145  * The possibility of additional labeling schemes being
146  * introduced in the future exists as well.
147  */
148 #define SMACK_UNLABELED_SOCKET	0
149 #define SMACK_CIPSO_SOCKET	1
150 
151 /*
152  * CIPSO defaults.
153  */
154 #define SMACK_CIPSO_DOI_DEFAULT		3	/* Historical */
155 #define SMACK_CIPSO_DOI_INVALID		-1	/* Not a DOI */
156 #define SMACK_CIPSO_DIRECT_DEFAULT	250	/* Arbitrary */
157 #define SMACK_CIPSO_MAPPED_DEFAULT	251	/* Also arbitrary */
158 #define SMACK_CIPSO_MAXCATVAL		63	/* Bigger gets harder */
159 #define SMACK_CIPSO_MAXLEVEL            255     /* CIPSO 2.2 standard */
160 #define SMACK_CIPSO_MAXCATNUM           239     /* CIPSO 2.2 standard */
161 
162 /*
163  * Flag for transmute access
164  */
165 #define MAY_TRANSMUTE	64
166 /*
167  * Just to make the common cases easier to deal with
168  */
169 #define MAY_ANYREAD	(MAY_READ | MAY_EXEC)
170 #define MAY_READWRITE	(MAY_READ | MAY_WRITE)
171 #define MAY_NOT		0
172 
173 /*
174  * Number of access types used by Smack (rwxat)
175  */
176 #define SMK_NUM_ACCESS_TYPE 5
177 
178 /* SMACK data */
179 struct smack_audit_data {
180 	const char *function;
181 	char *subject;
182 	char *object;
183 	char *request;
184 	int result;
185 };
186 
187 /*
188  * Smack audit data; is empty if CONFIG_AUDIT not set
189  * to save some stack
190  */
191 struct smk_audit_info {
192 #ifdef CONFIG_AUDIT
193 	struct common_audit_data a;
194 	struct smack_audit_data sad;
195 #endif
196 };
197 /*
198  * These functions are in smack_lsm.c
199  */
200 struct inode_smack *new_inode_smack(char *);
201 
202 /*
203  * These functions are in smack_access.c
204  */
205 int smk_access_entry(char *, char *, struct list_head *);
206 int smk_access(char *, char *, int, struct smk_audit_info *);
207 int smk_curacc(char *, u32, struct smk_audit_info *);
208 char *smack_from_secid(const u32);
209 char *smk_parse_smack(const char *string, int len);
210 int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int);
211 char *smk_import(const char *, int);
212 struct smack_known *smk_import_entry(const char *, int);
213 struct smack_known *smk_find_entry(const char *);
214 u32 smack_to_secid(const char *);
215 
216 /*
217  * Shared data.
218  */
219 extern int smack_cipso_direct;
220 extern int smack_cipso_mapped;
221 extern char *smack_net_ambient;
222 extern char *smack_onlycap;
223 extern const char *smack_cipso_option;
224 
225 extern struct smack_known smack_known_floor;
226 extern struct smack_known smack_known_hat;
227 extern struct smack_known smack_known_huh;
228 extern struct smack_known smack_known_invalid;
229 extern struct smack_known smack_known_star;
230 extern struct smack_known smack_known_web;
231 
232 extern struct mutex	smack_known_lock;
233 extern struct list_head smack_known_list;
234 extern struct list_head smk_netlbladdr_list;
235 
236 extern struct security_operations smack_ops;
237 
238 /*
239  * Is the directory transmuting?
240  */
241 static inline int smk_inode_transmutable(const struct inode *isp)
242 {
243 	struct inode_smack *sip = isp->i_security;
244 	return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
245 }
246 
247 /*
248  * Present a pointer to the smack label in an inode blob.
249  */
250 static inline char *smk_of_inode(const struct inode *isp)
251 {
252 	struct inode_smack *sip = isp->i_security;
253 	return sip->smk_inode;
254 }
255 
256 /*
257  * Present a pointer to the smack label in an task blob.
258  */
259 static inline char *smk_of_task(const struct task_smack *tsp)
260 {
261 	return tsp->smk_task;
262 }
263 
264 /*
265  * Present a pointer to the forked smack label in an task blob.
266  */
267 static inline char *smk_of_forked(const struct task_smack *tsp)
268 {
269 	return tsp->smk_forked;
270 }
271 
272 /*
273  * Present a pointer to the smack label in the current task blob.
274  */
275 static inline char *smk_of_current(void)
276 {
277 	return smk_of_task(current_security());
278 }
279 
280 /*
281  * Is the task privileged and allowed to be privileged
282  * by the onlycap rule.
283  */
284 static inline int smack_privileged(int cap)
285 {
286 	if (!capable(cap))
287 		return 0;
288 	if (smack_onlycap == NULL || smack_onlycap == smk_of_current())
289 		return 1;
290 	return 0;
291 }
292 
293 /*
294  * logging functions
295  */
296 #define SMACK_AUDIT_DENIED 0x1
297 #define SMACK_AUDIT_ACCEPT 0x2
298 extern int log_policy;
299 
300 void smack_log(char *subject_label, char *object_label,
301 		int request,
302 		int result, struct smk_audit_info *auditdata);
303 
304 #ifdef CONFIG_AUDIT
305 
306 /*
307  * some inline functions to set up audit data
308  * they do nothing if CONFIG_AUDIT is not set
309  *
310  */
311 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
312 			       char type)
313 {
314 	memset(&a->sad, 0, sizeof(a->sad));
315 	a->a.type = type;
316 	a->a.smack_audit_data = &a->sad;
317 	a->a.smack_audit_data->function = func;
318 }
319 
320 static inline void smk_ad_init_net(struct smk_audit_info *a, const char *func,
321 				   char type, struct lsm_network_audit *net)
322 {
323 	smk_ad_init(a, func, type);
324 	memset(net, 0, sizeof(*net));
325 	a->a.u.net = net;
326 }
327 
328 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
329 					 struct task_struct *t)
330 {
331 	a->a.u.tsk = t;
332 }
333 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
334 						    struct dentry *d)
335 {
336 	a->a.u.dentry = d;
337 }
338 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
339 					      struct inode *i)
340 {
341 	a->a.u.inode = i;
342 }
343 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
344 					     struct path p)
345 {
346 	a->a.u.path = p;
347 }
348 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
349 					    struct sock *sk)
350 {
351 	a->a.u.net->sk = sk;
352 }
353 
354 #else /* no AUDIT */
355 
356 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
357 			       char type)
358 {
359 }
360 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
361 					 struct task_struct *t)
362 {
363 }
364 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
365 						    struct dentry *d)
366 {
367 }
368 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
369 						 struct vfsmount *m)
370 {
371 }
372 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
373 					      struct inode *i)
374 {
375 }
376 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
377 					     struct path p)
378 {
379 }
380 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
381 					    struct sock *sk)
382 {
383 }
384 #endif
385 
386 #endif  /* _SECURITY_SMACK_H */
387