1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Author: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * 11 */ 12 13 #ifndef _SECURITY_SMACK_H 14 #define _SECURITY_SMACK_H 15 16 #include <linux/capability.h> 17 #include <linux/spinlock.h> 18 #include <linux/security.h> 19 #include <linux/in.h> 20 #include <net/netlabel.h> 21 #include <linux/list.h> 22 #include <linux/rculist.h> 23 #include <linux/lsm_audit.h> 24 25 /* 26 * Smack labels were limited to 23 characters for a long time. 27 */ 28 #define SMK_LABELLEN 24 29 #define SMK_LONGLABEL 256 30 31 /* 32 * Maximum number of bytes for the levels in a CIPSO IP option. 33 * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is 34 * bigger than can be used, and 24 is the next lower multiple 35 * of 8, and there are too many issues if there isn't space set 36 * aside for the terminating null byte. 37 */ 38 #define SMK_CIPSOLEN 24 39 40 struct superblock_smack { 41 char *smk_root; 42 char *smk_floor; 43 char *smk_hat; 44 char *smk_default; 45 int smk_initialized; 46 }; 47 48 struct socket_smack { 49 char *smk_out; /* outbound label */ 50 char *smk_in; /* inbound label */ 51 char *smk_packet; /* TCP peer label */ 52 }; 53 54 /* 55 * Inode smack data 56 */ 57 struct inode_smack { 58 char *smk_inode; /* label of the fso */ 59 char *smk_task; /* label of the task */ 60 char *smk_mmap; /* label of the mmap domain */ 61 struct mutex smk_lock; /* initialization lock */ 62 int smk_flags; /* smack inode flags */ 63 }; 64 65 struct task_smack { 66 char *smk_task; /* label for access control */ 67 char *smk_forked; /* label when forked */ 68 struct list_head smk_rules; /* per task access rules */ 69 struct mutex smk_rules_lock; /* lock for the rules */ 70 }; 71 72 #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ 73 #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ 74 #define SMK_INODE_CHANGED 0x04 /* smack was transmuted */ 75 76 /* 77 * A label access rule. 78 */ 79 struct smack_rule { 80 struct list_head list; 81 char *smk_subject; 82 char *smk_object; 83 int smk_access; 84 }; 85 86 /* 87 * An entry in the table identifying hosts. 88 */ 89 struct smk_netlbladdr { 90 struct list_head list; 91 struct sockaddr_in smk_host; /* network address */ 92 struct in_addr smk_mask; /* network mask */ 93 char *smk_label; /* label */ 94 }; 95 96 /* 97 * This is the repository for labels seen so that it is 98 * not necessary to keep allocating tiny chuncks of memory 99 * and so that they can be shared. 100 * 101 * Labels are never modified in place. Anytime a label 102 * is imported (e.g. xattrset on a file) the list is checked 103 * for it and it is added if it doesn't exist. The address 104 * is passed out in either case. Entries are added, but 105 * never deleted. 106 * 107 * Since labels are hanging around anyway it doesn't 108 * hurt to maintain a secid for those awkward situations 109 * where kernel components that ought to use LSM independent 110 * interfaces don't. The secid should go away when all of 111 * these components have been repaired. 112 * 113 * The cipso value associated with the label gets stored here, too. 114 * 115 * Keep the access rules for this subject label here so that 116 * the entire set of rules does not need to be examined every 117 * time. 118 */ 119 struct smack_known { 120 struct list_head list; 121 char *smk_known; 122 u32 smk_secid; 123 struct netlbl_lsm_secattr smk_netlabel; /* on wire labels */ 124 struct list_head smk_rules; /* access rules */ 125 struct mutex smk_rules_lock; /* lock for rules */ 126 }; 127 128 /* 129 * Mount options 130 */ 131 #define SMK_FSDEFAULT "smackfsdef=" 132 #define SMK_FSFLOOR "smackfsfloor=" 133 #define SMK_FSHAT "smackfshat=" 134 #define SMK_FSROOT "smackfsroot=" 135 136 #define SMACK_CIPSO_OPTION "-CIPSO" 137 138 /* 139 * How communications on this socket are treated. 140 * Usually it's determined by the underlying netlabel code 141 * but there are certain cases, including single label hosts 142 * and potentially single label interfaces for which the 143 * treatment can not be known in advance. 144 * 145 * The possibility of additional labeling schemes being 146 * introduced in the future exists as well. 147 */ 148 #define SMACK_UNLABELED_SOCKET 0 149 #define SMACK_CIPSO_SOCKET 1 150 151 /* 152 * smackfs magic number 153 */ 154 #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ 155 156 /* 157 * CIPSO defaults. 158 */ 159 #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ 160 #define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */ 161 #define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */ 162 #define SMACK_CIPSO_MAPPED_DEFAULT 251 /* Also arbitrary */ 163 #define SMACK_CIPSO_MAXCATVAL 63 /* Bigger gets harder */ 164 #define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */ 165 #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ 166 167 /* 168 * Flag for transmute access 169 */ 170 #define MAY_TRANSMUTE 64 171 /* 172 * Just to make the common cases easier to deal with 173 */ 174 #define MAY_ANYREAD (MAY_READ | MAY_EXEC) 175 #define MAY_READWRITE (MAY_READ | MAY_WRITE) 176 #define MAY_NOT 0 177 178 /* 179 * Number of access types used by Smack (rwxat) 180 */ 181 #define SMK_NUM_ACCESS_TYPE 5 182 183 /* SMACK data */ 184 struct smack_audit_data { 185 const char *function; 186 char *subject; 187 char *object; 188 char *request; 189 int result; 190 }; 191 192 /* 193 * Smack audit data; is empty if CONFIG_AUDIT not set 194 * to save some stack 195 */ 196 struct smk_audit_info { 197 #ifdef CONFIG_AUDIT 198 struct common_audit_data a; 199 struct smack_audit_data sad; 200 #endif 201 }; 202 /* 203 * These functions are in smack_lsm.c 204 */ 205 struct inode_smack *new_inode_smack(char *); 206 207 /* 208 * These functions are in smack_access.c 209 */ 210 int smk_access_entry(char *, char *, struct list_head *); 211 int smk_access(char *, char *, int, struct smk_audit_info *); 212 int smk_curacc(char *, u32, struct smk_audit_info *); 213 char *smack_from_secid(const u32); 214 char *smk_parse_smack(const char *string, int len); 215 int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int); 216 char *smk_import(const char *, int); 217 struct smack_known *smk_import_entry(const char *, int); 218 struct smack_known *smk_find_entry(const char *); 219 u32 smack_to_secid(const char *); 220 221 /* 222 * Shared data. 223 */ 224 extern int smack_cipso_direct; 225 extern int smack_cipso_mapped; 226 extern char *smack_net_ambient; 227 extern char *smack_onlycap; 228 extern const char *smack_cipso_option; 229 230 extern struct smack_known smack_known_floor; 231 extern struct smack_known smack_known_hat; 232 extern struct smack_known smack_known_huh; 233 extern struct smack_known smack_known_invalid; 234 extern struct smack_known smack_known_star; 235 extern struct smack_known smack_known_web; 236 237 extern struct mutex smack_known_lock; 238 extern struct list_head smack_known_list; 239 extern struct list_head smk_netlbladdr_list; 240 241 extern struct security_operations smack_ops; 242 243 /* 244 * Is the directory transmuting? 245 */ 246 static inline int smk_inode_transmutable(const struct inode *isp) 247 { 248 struct inode_smack *sip = isp->i_security; 249 return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; 250 } 251 252 /* 253 * Present a pointer to the smack label in an inode blob. 254 */ 255 static inline char *smk_of_inode(const struct inode *isp) 256 { 257 struct inode_smack *sip = isp->i_security; 258 return sip->smk_inode; 259 } 260 261 /* 262 * Present a pointer to the smack label in an task blob. 263 */ 264 static inline char *smk_of_task(const struct task_smack *tsp) 265 { 266 return tsp->smk_task; 267 } 268 269 /* 270 * Present a pointer to the forked smack label in an task blob. 271 */ 272 static inline char *smk_of_forked(const struct task_smack *tsp) 273 { 274 return tsp->smk_forked; 275 } 276 277 /* 278 * Present a pointer to the smack label in the current task blob. 279 */ 280 static inline char *smk_of_current(void) 281 { 282 return smk_of_task(current_security()); 283 } 284 285 /* 286 * Is the task privileged and allowed to be privileged 287 * by the onlycap rule. 288 */ 289 static inline int smack_privileged(int cap) 290 { 291 if (!capable(cap)) 292 return 0; 293 if (smack_onlycap == NULL || smack_onlycap == smk_of_current()) 294 return 1; 295 return 0; 296 } 297 298 /* 299 * logging functions 300 */ 301 #define SMACK_AUDIT_DENIED 0x1 302 #define SMACK_AUDIT_ACCEPT 0x2 303 extern int log_policy; 304 305 void smack_log(char *subject_label, char *object_label, 306 int request, 307 int result, struct smk_audit_info *auditdata); 308 309 #ifdef CONFIG_AUDIT 310 311 /* 312 * some inline functions to set up audit data 313 * they do nothing if CONFIG_AUDIT is not set 314 * 315 */ 316 static inline void smk_ad_init(struct smk_audit_info *a, const char *func, 317 char type) 318 { 319 memset(&a->sad, 0, sizeof(a->sad)); 320 a->a.type = type; 321 a->a.smack_audit_data = &a->sad; 322 a->a.smack_audit_data->function = func; 323 } 324 325 static inline void smk_ad_init_net(struct smk_audit_info *a, const char *func, 326 char type, struct lsm_network_audit *net) 327 { 328 smk_ad_init(a, func, type); 329 memset(net, 0, sizeof(*net)); 330 a->a.u.net = net; 331 } 332 333 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, 334 struct task_struct *t) 335 { 336 a->a.u.tsk = t; 337 } 338 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, 339 struct dentry *d) 340 { 341 a->a.u.dentry = d; 342 } 343 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, 344 struct inode *i) 345 { 346 a->a.u.inode = i; 347 } 348 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, 349 struct path p) 350 { 351 a->a.u.path = p; 352 } 353 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, 354 struct sock *sk) 355 { 356 a->a.u.net->sk = sk; 357 } 358 359 #else /* no AUDIT */ 360 361 static inline void smk_ad_init(struct smk_audit_info *a, const char *func, 362 char type) 363 { 364 } 365 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, 366 struct task_struct *t) 367 { 368 } 369 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, 370 struct dentry *d) 371 { 372 } 373 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, 374 struct vfsmount *m) 375 { 376 } 377 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, 378 struct inode *i) 379 { 380 } 381 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, 382 struct path p) 383 { 384 } 385 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, 386 struct sock *sk) 387 { 388 } 389 #endif 390 391 #endif /* _SECURITY_SMACK_H */ 392