1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include <linux/io_uring.h> 46 #include "smack.h" 47 48 #define TRANS_TRUE "TRUE" 49 #define TRANS_TRUE_SIZE 4 50 51 #define SMK_CONNECTING 0 52 #define SMK_RECEIVING 1 53 #define SMK_SENDING 2 54 55 /* 56 * Smack uses multiple xattrs. 57 * SMACK64 - for access control, 58 * SMACK64TRANSMUTE - label initialization, 59 * Not saved on files - SMACK64IPIN and SMACK64IPOUT, 60 * Must be set explicitly - SMACK64EXEC and SMACK64MMAP 61 */ 62 #define SMACK_INODE_INIT_XATTRS 2 63 64 #ifdef SMACK_IPV6_PORT_LABELING 65 static DEFINE_MUTEX(smack_ipv6_lock); 66 static LIST_HEAD(smk_ipv6_port_list); 67 #endif 68 struct kmem_cache *smack_rule_cache; 69 int smack_enabled __initdata; 70 71 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 72 static struct { 73 const char *name; 74 int len; 75 int opt; 76 } smk_mount_opts[] = { 77 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 78 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 79 }; 80 #undef A 81 82 static int match_opt_prefix(char *s, int l, char **arg) 83 { 84 int i; 85 86 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 87 size_t len = smk_mount_opts[i].len; 88 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 89 continue; 90 if (len == l || s[len] != '=') 91 continue; 92 *arg = s + len + 1; 93 return smk_mount_opts[i].opt; 94 } 95 return Opt_error; 96 } 97 98 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 99 static char *smk_bu_mess[] = { 100 "Bringup Error", /* Unused */ 101 "Bringup", /* SMACK_BRINGUP_ALLOW */ 102 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 103 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 104 }; 105 106 static void smk_bu_mode(int mode, char *s) 107 { 108 int i = 0; 109 110 if (mode & MAY_READ) 111 s[i++] = 'r'; 112 if (mode & MAY_WRITE) 113 s[i++] = 'w'; 114 if (mode & MAY_EXEC) 115 s[i++] = 'x'; 116 if (mode & MAY_APPEND) 117 s[i++] = 'a'; 118 if (mode & MAY_TRANSMUTE) 119 s[i++] = 't'; 120 if (mode & MAY_LOCK) 121 s[i++] = 'l'; 122 if (i == 0) 123 s[i++] = '-'; 124 s[i] = '\0'; 125 } 126 #endif 127 128 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 129 static int smk_bu_note(char *note, struct smack_known *sskp, 130 struct smack_known *oskp, int mode, int rc) 131 { 132 char acc[SMK_NUM_ACCESS_TYPE + 1]; 133 134 if (rc <= 0) 135 return rc; 136 if (rc > SMACK_UNCONFINED_OBJECT) 137 rc = 0; 138 139 smk_bu_mode(mode, acc); 140 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 141 sskp->smk_known, oskp->smk_known, acc, note); 142 return 0; 143 } 144 #else 145 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 146 #endif 147 148 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 149 static int smk_bu_current(char *note, struct smack_known *oskp, 150 int mode, int rc) 151 { 152 struct task_smack *tsp = smack_cred(current_cred()); 153 char acc[SMK_NUM_ACCESS_TYPE + 1]; 154 155 if (rc <= 0) 156 return rc; 157 if (rc > SMACK_UNCONFINED_OBJECT) 158 rc = 0; 159 160 smk_bu_mode(mode, acc); 161 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 162 tsp->smk_task->smk_known, oskp->smk_known, 163 acc, current->comm, note); 164 return 0; 165 } 166 #else 167 #define smk_bu_current(note, oskp, mode, RC) (RC) 168 #endif 169 170 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 171 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 172 { 173 struct task_smack *tsp = smack_cred(current_cred()); 174 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 175 char acc[SMK_NUM_ACCESS_TYPE + 1]; 176 177 if (rc <= 0) 178 return rc; 179 if (rc > SMACK_UNCONFINED_OBJECT) 180 rc = 0; 181 182 smk_bu_mode(mode, acc); 183 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 184 tsp->smk_task->smk_known, smk_task->smk_known, acc, 185 current->comm, otp->comm); 186 return 0; 187 } 188 #else 189 #define smk_bu_task(otp, mode, RC) (RC) 190 #endif 191 192 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 193 static int smk_bu_inode(struct inode *inode, int mode, int rc) 194 { 195 struct task_smack *tsp = smack_cred(current_cred()); 196 struct inode_smack *isp = smack_inode(inode); 197 char acc[SMK_NUM_ACCESS_TYPE + 1]; 198 199 if (isp->smk_flags & SMK_INODE_IMPURE) 200 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 201 inode->i_sb->s_id, inode->i_ino, current->comm); 202 203 if (rc <= 0) 204 return rc; 205 if (rc > SMACK_UNCONFINED_OBJECT) 206 rc = 0; 207 if (rc == SMACK_UNCONFINED_SUBJECT && 208 (mode & (MAY_WRITE | MAY_APPEND))) 209 isp->smk_flags |= SMK_INODE_IMPURE; 210 211 smk_bu_mode(mode, acc); 212 213 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 214 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 215 inode->i_sb->s_id, inode->i_ino, current->comm); 216 return 0; 217 } 218 #else 219 #define smk_bu_inode(inode, mode, RC) (RC) 220 #endif 221 222 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 223 static int smk_bu_file(struct file *file, int mode, int rc) 224 { 225 struct task_smack *tsp = smack_cred(current_cred()); 226 struct smack_known *sskp = tsp->smk_task; 227 struct inode *inode = file_inode(file); 228 struct inode_smack *isp = smack_inode(inode); 229 char acc[SMK_NUM_ACCESS_TYPE + 1]; 230 231 if (isp->smk_flags & SMK_INODE_IMPURE) 232 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 233 inode->i_sb->s_id, inode->i_ino, current->comm); 234 235 if (rc <= 0) 236 return rc; 237 if (rc > SMACK_UNCONFINED_OBJECT) 238 rc = 0; 239 240 smk_bu_mode(mode, acc); 241 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 242 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 243 inode->i_sb->s_id, inode->i_ino, file, 244 current->comm); 245 return 0; 246 } 247 #else 248 #define smk_bu_file(file, mode, RC) (RC) 249 #endif 250 251 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 252 static int smk_bu_credfile(const struct cred *cred, struct file *file, 253 int mode, int rc) 254 { 255 struct task_smack *tsp = smack_cred(cred); 256 struct smack_known *sskp = tsp->smk_task; 257 struct inode *inode = file_inode(file); 258 struct inode_smack *isp = smack_inode(inode); 259 char acc[SMK_NUM_ACCESS_TYPE + 1]; 260 261 if (isp->smk_flags & SMK_INODE_IMPURE) 262 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 263 inode->i_sb->s_id, inode->i_ino, current->comm); 264 265 if (rc <= 0) 266 return rc; 267 if (rc > SMACK_UNCONFINED_OBJECT) 268 rc = 0; 269 270 smk_bu_mode(mode, acc); 271 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 272 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 273 inode->i_sb->s_id, inode->i_ino, file, 274 current->comm); 275 return 0; 276 } 277 #else 278 #define smk_bu_credfile(cred, file, mode, RC) (RC) 279 #endif 280 281 /** 282 * smk_fetch - Fetch the smack label from a file. 283 * @name: type of the label (attribute) 284 * @ip: a pointer to the inode 285 * @dp: a pointer to the dentry 286 * 287 * Returns a pointer to the master list entry for the Smack label, 288 * NULL if there was no label to fetch, or an error code. 289 */ 290 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 291 struct dentry *dp) 292 { 293 int rc; 294 char *buffer; 295 struct smack_known *skp = NULL; 296 297 if (!(ip->i_opflags & IOP_XATTR)) 298 return ERR_PTR(-EOPNOTSUPP); 299 300 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 301 if (buffer == NULL) 302 return ERR_PTR(-ENOMEM); 303 304 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 305 if (rc < 0) 306 skp = ERR_PTR(rc); 307 else if (rc == 0) 308 skp = NULL; 309 else 310 skp = smk_import_entry(buffer, rc); 311 312 kfree(buffer); 313 314 return skp; 315 } 316 317 /** 318 * init_inode_smack - initialize an inode security blob 319 * @inode: inode to extract the info from 320 * @skp: a pointer to the Smack label entry to use in the blob 321 * 322 */ 323 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 324 { 325 struct inode_smack *isp = smack_inode(inode); 326 327 isp->smk_inode = skp; 328 isp->smk_flags = 0; 329 } 330 331 /** 332 * init_task_smack - initialize a task security blob 333 * @tsp: blob to initialize 334 * @task: a pointer to the Smack label for the running task 335 * @forked: a pointer to the Smack label for the forked task 336 * 337 */ 338 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 339 struct smack_known *forked) 340 { 341 tsp->smk_task = task; 342 tsp->smk_forked = forked; 343 INIT_LIST_HEAD(&tsp->smk_rules); 344 INIT_LIST_HEAD(&tsp->smk_relabel); 345 mutex_init(&tsp->smk_rules_lock); 346 } 347 348 /** 349 * smk_copy_rules - copy a rule set 350 * @nhead: new rules header pointer 351 * @ohead: old rules header pointer 352 * @gfp: type of the memory for the allocation 353 * 354 * Returns 0 on success, -ENOMEM on error 355 */ 356 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 357 gfp_t gfp) 358 { 359 struct smack_rule *nrp; 360 struct smack_rule *orp; 361 int rc = 0; 362 363 list_for_each_entry_rcu(orp, ohead, list) { 364 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 365 if (nrp == NULL) { 366 rc = -ENOMEM; 367 break; 368 } 369 *nrp = *orp; 370 list_add_rcu(&nrp->list, nhead); 371 } 372 return rc; 373 } 374 375 /** 376 * smk_copy_relabel - copy smk_relabel labels list 377 * @nhead: new rules header pointer 378 * @ohead: old rules header pointer 379 * @gfp: type of the memory for the allocation 380 * 381 * Returns 0 on success, -ENOMEM on error 382 */ 383 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 384 gfp_t gfp) 385 { 386 struct smack_known_list_elem *nklep; 387 struct smack_known_list_elem *oklep; 388 389 list_for_each_entry(oklep, ohead, list) { 390 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 391 if (nklep == NULL) { 392 smk_destroy_label_list(nhead); 393 return -ENOMEM; 394 } 395 nklep->smk_label = oklep->smk_label; 396 list_add(&nklep->list, nhead); 397 } 398 399 return 0; 400 } 401 402 /** 403 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 404 * @mode: input mode in form of PTRACE_MODE_* 405 * 406 * Returns a converted MAY_* mode usable by smack rules 407 */ 408 static inline unsigned int smk_ptrace_mode(unsigned int mode) 409 { 410 if (mode & PTRACE_MODE_ATTACH) 411 return MAY_READWRITE; 412 if (mode & PTRACE_MODE_READ) 413 return MAY_READ; 414 415 return 0; 416 } 417 418 /** 419 * smk_ptrace_rule_check - helper for ptrace access 420 * @tracer: tracer process 421 * @tracee_known: label entry of the process that's about to be traced 422 * @mode: ptrace attachment mode (PTRACE_MODE_*) 423 * @func: name of the function that called us, used for audit 424 * 425 * Returns 0 on access granted, -error on error 426 */ 427 static int smk_ptrace_rule_check(struct task_struct *tracer, 428 struct smack_known *tracee_known, 429 unsigned int mode, const char *func) 430 { 431 int rc; 432 struct smk_audit_info ad, *saip = NULL; 433 struct task_smack *tsp; 434 struct smack_known *tracer_known; 435 const struct cred *tracercred; 436 437 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 438 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 439 smk_ad_setfield_u_tsk(&ad, tracer); 440 saip = &ad; 441 } 442 443 rcu_read_lock(); 444 tracercred = __task_cred(tracer); 445 tsp = smack_cred(tracercred); 446 tracer_known = smk_of_task(tsp); 447 448 if ((mode & PTRACE_MODE_ATTACH) && 449 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 450 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 451 if (tracer_known->smk_known == tracee_known->smk_known) 452 rc = 0; 453 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 454 rc = -EACCES; 455 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 456 rc = 0; 457 else 458 rc = -EACCES; 459 460 if (saip) 461 smack_log(tracer_known->smk_known, 462 tracee_known->smk_known, 463 0, rc, saip); 464 465 rcu_read_unlock(); 466 return rc; 467 } 468 469 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 470 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 471 472 rcu_read_unlock(); 473 return rc; 474 } 475 476 /* 477 * LSM hooks. 478 * We he, that is fun! 479 */ 480 481 /** 482 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 483 * @ctp: child task pointer 484 * @mode: ptrace attachment mode (PTRACE_MODE_*) 485 * 486 * Returns 0 if access is OK, an error code otherwise 487 * 488 * Do the capability checks. 489 */ 490 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 491 { 492 struct smack_known *skp; 493 494 skp = smk_of_task_struct_obj(ctp); 495 496 return smk_ptrace_rule_check(current, skp, mode, __func__); 497 } 498 499 /** 500 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 501 * @ptp: parent task pointer 502 * 503 * Returns 0 if access is OK, an error code otherwise 504 * 505 * Do the capability checks, and require PTRACE_MODE_ATTACH. 506 */ 507 static int smack_ptrace_traceme(struct task_struct *ptp) 508 { 509 struct smack_known *skp; 510 511 skp = smk_of_task(smack_cred(current_cred())); 512 513 return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 514 } 515 516 /** 517 * smack_syslog - Smack approval on syslog 518 * @typefrom_file: unused 519 * 520 * Returns 0 on success, error code otherwise. 521 */ 522 static int smack_syslog(int typefrom_file) 523 { 524 int rc = 0; 525 struct smack_known *skp = smk_of_current(); 526 527 if (smack_privileged(CAP_MAC_OVERRIDE)) 528 return 0; 529 530 if (smack_syslog_label != NULL && smack_syslog_label != skp) 531 rc = -EACCES; 532 533 return rc; 534 } 535 536 /* 537 * Superblock Hooks. 538 */ 539 540 /** 541 * smack_sb_alloc_security - allocate a superblock blob 542 * @sb: the superblock getting the blob 543 * 544 * Returns 0 on success or -ENOMEM on error. 545 */ 546 static int smack_sb_alloc_security(struct super_block *sb) 547 { 548 struct superblock_smack *sbsp = smack_superblock(sb); 549 550 sbsp->smk_root = &smack_known_floor; 551 sbsp->smk_default = &smack_known_floor; 552 sbsp->smk_floor = &smack_known_floor; 553 sbsp->smk_hat = &smack_known_hat; 554 /* 555 * SMK_SB_INITIALIZED will be zero from kzalloc. 556 */ 557 558 return 0; 559 } 560 561 struct smack_mnt_opts { 562 const char *fsdefault; 563 const char *fsfloor; 564 const char *fshat; 565 const char *fsroot; 566 const char *fstransmute; 567 }; 568 569 static void smack_free_mnt_opts(void *mnt_opts) 570 { 571 kfree(mnt_opts); 572 } 573 574 static int smack_add_opt(int token, const char *s, void **mnt_opts) 575 { 576 struct smack_mnt_opts *opts = *mnt_opts; 577 struct smack_known *skp; 578 579 if (!opts) { 580 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 581 if (!opts) 582 return -ENOMEM; 583 *mnt_opts = opts; 584 } 585 if (!s) 586 return -ENOMEM; 587 588 skp = smk_import_entry(s, 0); 589 if (IS_ERR(skp)) 590 return PTR_ERR(skp); 591 592 switch (token) { 593 case Opt_fsdefault: 594 if (opts->fsdefault) 595 goto out_opt_err; 596 opts->fsdefault = skp->smk_known; 597 break; 598 case Opt_fsfloor: 599 if (opts->fsfloor) 600 goto out_opt_err; 601 opts->fsfloor = skp->smk_known; 602 break; 603 case Opt_fshat: 604 if (opts->fshat) 605 goto out_opt_err; 606 opts->fshat = skp->smk_known; 607 break; 608 case Opt_fsroot: 609 if (opts->fsroot) 610 goto out_opt_err; 611 opts->fsroot = skp->smk_known; 612 break; 613 case Opt_fstransmute: 614 if (opts->fstransmute) 615 goto out_opt_err; 616 opts->fstransmute = skp->smk_known; 617 break; 618 } 619 return 0; 620 621 out_opt_err: 622 pr_warn("Smack: duplicate mount options\n"); 623 return -EINVAL; 624 } 625 626 /** 627 * smack_fs_context_submount - Initialise security data for a filesystem context 628 * @fc: The filesystem context. 629 * @reference: reference superblock 630 * 631 * Returns 0 on success or -ENOMEM on error. 632 */ 633 static int smack_fs_context_submount(struct fs_context *fc, 634 struct super_block *reference) 635 { 636 struct superblock_smack *sbsp; 637 struct smack_mnt_opts *ctx; 638 struct inode_smack *isp; 639 640 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 641 if (!ctx) 642 return -ENOMEM; 643 fc->security = ctx; 644 645 sbsp = smack_superblock(reference); 646 isp = smack_inode(reference->s_root->d_inode); 647 648 if (sbsp->smk_default) { 649 ctx->fsdefault = kstrdup(sbsp->smk_default->smk_known, GFP_KERNEL); 650 if (!ctx->fsdefault) 651 return -ENOMEM; 652 } 653 654 if (sbsp->smk_floor) { 655 ctx->fsfloor = kstrdup(sbsp->smk_floor->smk_known, GFP_KERNEL); 656 if (!ctx->fsfloor) 657 return -ENOMEM; 658 } 659 660 if (sbsp->smk_hat) { 661 ctx->fshat = kstrdup(sbsp->smk_hat->smk_known, GFP_KERNEL); 662 if (!ctx->fshat) 663 return -ENOMEM; 664 } 665 666 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 667 if (sbsp->smk_root) { 668 ctx->fstransmute = kstrdup(sbsp->smk_root->smk_known, GFP_KERNEL); 669 if (!ctx->fstransmute) 670 return -ENOMEM; 671 } 672 } 673 return 0; 674 } 675 676 /** 677 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 678 * @fc: The new filesystem context. 679 * @src_fc: The source filesystem context being duplicated. 680 * 681 * Returns 0 on success or -ENOMEM on error. 682 */ 683 static int smack_fs_context_dup(struct fs_context *fc, 684 struct fs_context *src_fc) 685 { 686 struct smack_mnt_opts *dst, *src = src_fc->security; 687 688 if (!src) 689 return 0; 690 691 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 692 if (!fc->security) 693 return -ENOMEM; 694 695 dst = fc->security; 696 dst->fsdefault = src->fsdefault; 697 dst->fsfloor = src->fsfloor; 698 dst->fshat = src->fshat; 699 dst->fsroot = src->fsroot; 700 dst->fstransmute = src->fstransmute; 701 702 return 0; 703 } 704 705 static const struct fs_parameter_spec smack_fs_parameters[] = { 706 fsparam_string("smackfsdef", Opt_fsdefault), 707 fsparam_string("smackfsdefault", Opt_fsdefault), 708 fsparam_string("smackfsfloor", Opt_fsfloor), 709 fsparam_string("smackfshat", Opt_fshat), 710 fsparam_string("smackfsroot", Opt_fsroot), 711 fsparam_string("smackfstransmute", Opt_fstransmute), 712 {} 713 }; 714 715 /** 716 * smack_fs_context_parse_param - Parse a single mount parameter 717 * @fc: The new filesystem context being constructed. 718 * @param: The parameter. 719 * 720 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 721 * error. 722 */ 723 static int smack_fs_context_parse_param(struct fs_context *fc, 724 struct fs_parameter *param) 725 { 726 struct fs_parse_result result; 727 int opt, rc; 728 729 opt = fs_parse(fc, smack_fs_parameters, param, &result); 730 if (opt < 0) 731 return opt; 732 733 rc = smack_add_opt(opt, param->string, &fc->security); 734 if (!rc) 735 param->string = NULL; 736 return rc; 737 } 738 739 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 740 { 741 char *from = options, *to = options; 742 bool first = true; 743 744 while (1) { 745 char *next = strchr(from, ','); 746 int token, len, rc; 747 char *arg = NULL; 748 749 if (next) 750 len = next - from; 751 else 752 len = strlen(from); 753 754 token = match_opt_prefix(from, len, &arg); 755 if (token != Opt_error) { 756 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 757 rc = smack_add_opt(token, arg, mnt_opts); 758 kfree(arg); 759 if (unlikely(rc)) { 760 if (*mnt_opts) 761 smack_free_mnt_opts(*mnt_opts); 762 *mnt_opts = NULL; 763 return rc; 764 } 765 } else { 766 if (!first) { // copy with preceding comma 767 from--; 768 len++; 769 } 770 if (to != from) 771 memmove(to, from, len); 772 to += len; 773 first = false; 774 } 775 if (!from[len]) 776 break; 777 from += len + 1; 778 } 779 *to = '\0'; 780 return 0; 781 } 782 783 /** 784 * smack_set_mnt_opts - set Smack specific mount options 785 * @sb: the file system superblock 786 * @mnt_opts: Smack mount options 787 * @kern_flags: mount option from kernel space or user space 788 * @set_kern_flags: where to store converted mount opts 789 * 790 * Returns 0 on success, an error code on failure 791 * 792 * Allow filesystems with binary mount data to explicitly set Smack mount 793 * labels. 794 */ 795 static int smack_set_mnt_opts(struct super_block *sb, 796 void *mnt_opts, 797 unsigned long kern_flags, 798 unsigned long *set_kern_flags) 799 { 800 struct dentry *root = sb->s_root; 801 struct inode *inode = d_backing_inode(root); 802 struct superblock_smack *sp = smack_superblock(sb); 803 struct inode_smack *isp; 804 struct smack_known *skp; 805 struct smack_mnt_opts *opts = mnt_opts; 806 bool transmute = false; 807 808 if (sp->smk_flags & SMK_SB_INITIALIZED) 809 return 0; 810 811 if (!smack_privileged(CAP_MAC_ADMIN)) { 812 /* 813 * Unprivileged mounts don't get to specify Smack values. 814 */ 815 if (opts) 816 return -EPERM; 817 /* 818 * Unprivileged mounts get root and default from the caller. 819 */ 820 skp = smk_of_current(); 821 sp->smk_root = skp; 822 sp->smk_default = skp; 823 /* 824 * For a handful of fs types with no user-controlled 825 * backing store it's okay to trust security labels 826 * in the filesystem. The rest are untrusted. 827 */ 828 if (sb->s_user_ns != &init_user_ns && 829 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 830 sb->s_magic != RAMFS_MAGIC) { 831 transmute = true; 832 sp->smk_flags |= SMK_SB_UNTRUSTED; 833 } 834 } 835 836 sp->smk_flags |= SMK_SB_INITIALIZED; 837 838 if (opts) { 839 if (opts->fsdefault) { 840 skp = smk_import_entry(opts->fsdefault, 0); 841 if (IS_ERR(skp)) 842 return PTR_ERR(skp); 843 sp->smk_default = skp; 844 } 845 if (opts->fsfloor) { 846 skp = smk_import_entry(opts->fsfloor, 0); 847 if (IS_ERR(skp)) 848 return PTR_ERR(skp); 849 sp->smk_floor = skp; 850 } 851 if (opts->fshat) { 852 skp = smk_import_entry(opts->fshat, 0); 853 if (IS_ERR(skp)) 854 return PTR_ERR(skp); 855 sp->smk_hat = skp; 856 } 857 if (opts->fsroot) { 858 skp = smk_import_entry(opts->fsroot, 0); 859 if (IS_ERR(skp)) 860 return PTR_ERR(skp); 861 sp->smk_root = skp; 862 } 863 if (opts->fstransmute) { 864 skp = smk_import_entry(opts->fstransmute, 0); 865 if (IS_ERR(skp)) 866 return PTR_ERR(skp); 867 sp->smk_root = skp; 868 transmute = true; 869 } 870 } 871 872 /* 873 * Initialize the root inode. 874 */ 875 init_inode_smack(inode, sp->smk_root); 876 877 if (transmute) { 878 isp = smack_inode(inode); 879 isp->smk_flags |= SMK_INODE_TRANSMUTE; 880 } 881 882 return 0; 883 } 884 885 /** 886 * smack_sb_statfs - Smack check on statfs 887 * @dentry: identifies the file system in question 888 * 889 * Returns 0 if current can read the floor of the filesystem, 890 * and error code otherwise 891 */ 892 static int smack_sb_statfs(struct dentry *dentry) 893 { 894 struct superblock_smack *sbp = smack_superblock(dentry->d_sb); 895 int rc; 896 struct smk_audit_info ad; 897 898 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 899 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 900 901 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 902 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 903 return rc; 904 } 905 906 /* 907 * BPRM hooks 908 */ 909 910 /** 911 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 912 * @bprm: the exec information 913 * 914 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 915 */ 916 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 917 { 918 struct inode *inode = file_inode(bprm->file); 919 struct task_smack *bsp = smack_cred(bprm->cred); 920 struct inode_smack *isp; 921 struct superblock_smack *sbsp; 922 int rc; 923 924 isp = smack_inode(inode); 925 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 926 return 0; 927 928 sbsp = smack_superblock(inode->i_sb); 929 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 930 isp->smk_task != sbsp->smk_root) 931 return 0; 932 933 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 934 struct task_struct *tracer; 935 rc = 0; 936 937 rcu_read_lock(); 938 tracer = ptrace_parent(current); 939 if (likely(tracer != NULL)) 940 rc = smk_ptrace_rule_check(tracer, 941 isp->smk_task, 942 PTRACE_MODE_ATTACH, 943 __func__); 944 rcu_read_unlock(); 945 946 if (rc != 0) 947 return rc; 948 } 949 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 950 return -EPERM; 951 952 bsp->smk_task = isp->smk_task; 953 bprm->per_clear |= PER_CLEAR_ON_SETID; 954 955 /* Decide if this is a secure exec. */ 956 if (bsp->smk_task != bsp->smk_forked) 957 bprm->secureexec = 1; 958 959 return 0; 960 } 961 962 /* 963 * Inode hooks 964 */ 965 966 /** 967 * smack_inode_alloc_security - allocate an inode blob 968 * @inode: the inode in need of a blob 969 * 970 * Returns 0 971 */ 972 static int smack_inode_alloc_security(struct inode *inode) 973 { 974 struct smack_known *skp = smk_of_current(); 975 976 init_inode_smack(inode, skp); 977 return 0; 978 } 979 980 /** 981 * smack_inode_init_security - copy out the smack from an inode 982 * @inode: the newly created inode 983 * @dir: containing directory object 984 * @qstr: unused 985 * @xattrs: where to put the attributes 986 * @xattr_count: current number of LSM-provided xattrs (updated) 987 * 988 * Returns 0 if it all works out, -ENOMEM if there's no memory 989 */ 990 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 991 const struct qstr *qstr, 992 struct xattr *xattrs, int *xattr_count) 993 { 994 struct task_smack *tsp = smack_cred(current_cred()); 995 struct smack_known *skp = smk_of_task(tsp); 996 struct smack_known *isp = smk_of_inode(inode); 997 struct smack_known *dsp = smk_of_inode(dir); 998 struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count); 999 int may; 1000 1001 if (xattr) { 1002 /* 1003 * If equal, transmuting already occurred in 1004 * smack_dentry_create_files_as(). No need to check again. 1005 */ 1006 if (tsp->smk_task != tsp->smk_transmuted) { 1007 rcu_read_lock(); 1008 may = smk_access_entry(skp->smk_known, dsp->smk_known, 1009 &skp->smk_rules); 1010 rcu_read_unlock(); 1011 } 1012 1013 /* 1014 * In addition to having smk_task equal to smk_transmuted, 1015 * if the access rule allows transmutation and the directory 1016 * requests transmutation then by all means transmute. 1017 * Mark the inode as changed. 1018 */ 1019 if ((tsp->smk_task == tsp->smk_transmuted) || 1020 (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 1021 smk_inode_transmutable(dir))) { 1022 struct xattr *xattr_transmute; 1023 1024 /* 1025 * The caller of smack_dentry_create_files_as() 1026 * should have overridden the current cred, so the 1027 * inode label was already set correctly in 1028 * smack_inode_alloc_security(). 1029 */ 1030 if (tsp->smk_task != tsp->smk_transmuted) 1031 isp = dsp; 1032 xattr_transmute = lsm_get_xattr_slot(xattrs, 1033 xattr_count); 1034 if (xattr_transmute) { 1035 xattr_transmute->value = kmemdup(TRANS_TRUE, 1036 TRANS_TRUE_SIZE, 1037 GFP_NOFS); 1038 if (!xattr_transmute->value) 1039 return -ENOMEM; 1040 1041 xattr_transmute->value_len = TRANS_TRUE_SIZE; 1042 xattr_transmute->name = XATTR_SMACK_TRANSMUTE; 1043 } 1044 } 1045 1046 xattr->value = kstrdup(isp->smk_known, GFP_NOFS); 1047 if (!xattr->value) 1048 return -ENOMEM; 1049 1050 xattr->value_len = strlen(isp->smk_known); 1051 xattr->name = XATTR_SMACK_SUFFIX; 1052 } 1053 1054 return 0; 1055 } 1056 1057 /** 1058 * smack_inode_link - Smack check on link 1059 * @old_dentry: the existing object 1060 * @dir: unused 1061 * @new_dentry: the new object 1062 * 1063 * Returns 0 if access is permitted, an error code otherwise 1064 */ 1065 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1066 struct dentry *new_dentry) 1067 { 1068 struct smack_known *isp; 1069 struct smk_audit_info ad; 1070 int rc; 1071 1072 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1073 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1074 1075 isp = smk_of_inode(d_backing_inode(old_dentry)); 1076 rc = smk_curacc(isp, MAY_WRITE, &ad); 1077 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1078 1079 if (rc == 0 && d_is_positive(new_dentry)) { 1080 isp = smk_of_inode(d_backing_inode(new_dentry)); 1081 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1082 rc = smk_curacc(isp, MAY_WRITE, &ad); 1083 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1084 } 1085 1086 return rc; 1087 } 1088 1089 /** 1090 * smack_inode_unlink - Smack check on inode deletion 1091 * @dir: containing directory object 1092 * @dentry: file to unlink 1093 * 1094 * Returns 0 if current can write the containing directory 1095 * and the object, error code otherwise 1096 */ 1097 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1098 { 1099 struct inode *ip = d_backing_inode(dentry); 1100 struct smk_audit_info ad; 1101 int rc; 1102 1103 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1104 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1105 1106 /* 1107 * You need write access to the thing you're unlinking 1108 */ 1109 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1110 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1111 if (rc == 0) { 1112 /* 1113 * You also need write access to the containing directory 1114 */ 1115 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1116 smk_ad_setfield_u_fs_inode(&ad, dir); 1117 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1118 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1119 } 1120 return rc; 1121 } 1122 1123 /** 1124 * smack_inode_rmdir - Smack check on directory deletion 1125 * @dir: containing directory object 1126 * @dentry: directory to unlink 1127 * 1128 * Returns 0 if current can write the containing directory 1129 * and the directory, error code otherwise 1130 */ 1131 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1132 { 1133 struct smk_audit_info ad; 1134 int rc; 1135 1136 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1137 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1138 1139 /* 1140 * You need write access to the thing you're removing 1141 */ 1142 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1143 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1144 if (rc == 0) { 1145 /* 1146 * You also need write access to the containing directory 1147 */ 1148 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1149 smk_ad_setfield_u_fs_inode(&ad, dir); 1150 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1151 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1152 } 1153 1154 return rc; 1155 } 1156 1157 /** 1158 * smack_inode_rename - Smack check on rename 1159 * @old_inode: unused 1160 * @old_dentry: the old object 1161 * @new_inode: unused 1162 * @new_dentry: the new object 1163 * 1164 * Read and write access is required on both the old and 1165 * new directories. 1166 * 1167 * Returns 0 if access is permitted, an error code otherwise 1168 */ 1169 static int smack_inode_rename(struct inode *old_inode, 1170 struct dentry *old_dentry, 1171 struct inode *new_inode, 1172 struct dentry *new_dentry) 1173 { 1174 int rc; 1175 struct smack_known *isp; 1176 struct smk_audit_info ad; 1177 1178 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1179 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1180 1181 isp = smk_of_inode(d_backing_inode(old_dentry)); 1182 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1183 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1184 1185 if (rc == 0 && d_is_positive(new_dentry)) { 1186 isp = smk_of_inode(d_backing_inode(new_dentry)); 1187 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1188 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1189 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1190 } 1191 return rc; 1192 } 1193 1194 /** 1195 * smack_inode_permission - Smack version of permission() 1196 * @inode: the inode in question 1197 * @mask: the access requested 1198 * 1199 * This is the important Smack hook. 1200 * 1201 * Returns 0 if access is permitted, an error code otherwise 1202 */ 1203 static int smack_inode_permission(struct inode *inode, int mask) 1204 { 1205 struct superblock_smack *sbsp = smack_superblock(inode->i_sb); 1206 struct smk_audit_info ad; 1207 int no_block = mask & MAY_NOT_BLOCK; 1208 int rc; 1209 1210 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1211 /* 1212 * No permission to check. Existence test. Yup, it's there. 1213 */ 1214 if (mask == 0) 1215 return 0; 1216 1217 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1218 if (smk_of_inode(inode) != sbsp->smk_root) 1219 return -EACCES; 1220 } 1221 1222 /* May be droppable after audit */ 1223 if (no_block) 1224 return -ECHILD; 1225 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1226 smk_ad_setfield_u_fs_inode(&ad, inode); 1227 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1228 rc = smk_bu_inode(inode, mask, rc); 1229 return rc; 1230 } 1231 1232 /** 1233 * smack_inode_setattr - Smack check for setting attributes 1234 * @dentry: the object 1235 * @iattr: for the force flag 1236 * 1237 * Returns 0 if access is permitted, an error code otherwise 1238 */ 1239 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1240 { 1241 struct smk_audit_info ad; 1242 int rc; 1243 1244 /* 1245 * Need to allow for clearing the setuid bit. 1246 */ 1247 if (iattr->ia_valid & ATTR_FORCE) 1248 return 0; 1249 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1250 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1251 1252 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1253 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1254 return rc; 1255 } 1256 1257 /** 1258 * smack_inode_getattr - Smack check for getting attributes 1259 * @path: path to extract the info from 1260 * 1261 * Returns 0 if access is permitted, an error code otherwise 1262 */ 1263 static int smack_inode_getattr(const struct path *path) 1264 { 1265 struct smk_audit_info ad; 1266 struct inode *inode = d_backing_inode(path->dentry); 1267 int rc; 1268 1269 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1270 smk_ad_setfield_u_fs_path(&ad, *path); 1271 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1272 rc = smk_bu_inode(inode, MAY_READ, rc); 1273 return rc; 1274 } 1275 1276 /** 1277 * smack_inode_setxattr - Smack check for setting xattrs 1278 * @idmap: idmap of the mount 1279 * @dentry: the object 1280 * @name: name of the attribute 1281 * @value: value of the attribute 1282 * @size: size of the value 1283 * @flags: unused 1284 * 1285 * This protects the Smack attribute explicitly. 1286 * 1287 * Returns 0 if access is permitted, an error code otherwise 1288 */ 1289 static int smack_inode_setxattr(struct mnt_idmap *idmap, 1290 struct dentry *dentry, const char *name, 1291 const void *value, size_t size, int flags) 1292 { 1293 struct smk_audit_info ad; 1294 struct smack_known *skp; 1295 int check_priv = 0; 1296 int check_import = 0; 1297 int check_star = 0; 1298 int rc = 0; 1299 1300 /* 1301 * Check label validity here so import won't fail in post_setxattr 1302 */ 1303 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1304 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1305 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1306 check_priv = 1; 1307 check_import = 1; 1308 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1309 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1310 check_priv = 1; 1311 check_import = 1; 1312 check_star = 1; 1313 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1314 check_priv = 1; 1315 if (!S_ISDIR(d_backing_inode(dentry)->i_mode) || 1316 size != TRANS_TRUE_SIZE || 1317 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1318 rc = -EINVAL; 1319 } else 1320 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1321 1322 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1323 rc = -EPERM; 1324 1325 if (rc == 0 && check_import) { 1326 skp = size ? smk_import_entry(value, size) : NULL; 1327 if (IS_ERR(skp)) 1328 rc = PTR_ERR(skp); 1329 else if (skp == NULL || (check_star && 1330 (skp == &smack_known_star || skp == &smack_known_web))) 1331 rc = -EINVAL; 1332 } 1333 1334 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1335 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1336 1337 if (rc == 0) { 1338 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1339 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1340 } 1341 1342 return rc; 1343 } 1344 1345 /** 1346 * smack_inode_post_setxattr - Apply the Smack update approved above 1347 * @dentry: object 1348 * @name: attribute name 1349 * @value: attribute value 1350 * @size: attribute size 1351 * @flags: unused 1352 * 1353 * Set the pointer in the inode blob to the entry found 1354 * in the master label list. 1355 */ 1356 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1357 const void *value, size_t size, int flags) 1358 { 1359 struct smack_known *skp; 1360 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1361 1362 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1363 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1364 return; 1365 } 1366 1367 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1368 skp = smk_import_entry(value, size); 1369 if (!IS_ERR(skp)) 1370 isp->smk_inode = skp; 1371 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1372 skp = smk_import_entry(value, size); 1373 if (!IS_ERR(skp)) 1374 isp->smk_task = skp; 1375 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1376 skp = smk_import_entry(value, size); 1377 if (!IS_ERR(skp)) 1378 isp->smk_mmap = skp; 1379 } 1380 1381 return; 1382 } 1383 1384 /** 1385 * smack_inode_getxattr - Smack check on getxattr 1386 * @dentry: the object 1387 * @name: unused 1388 * 1389 * Returns 0 if access is permitted, an error code otherwise 1390 */ 1391 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1392 { 1393 struct smk_audit_info ad; 1394 int rc; 1395 1396 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1397 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1398 1399 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1400 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1401 return rc; 1402 } 1403 1404 /** 1405 * smack_inode_removexattr - Smack check on removexattr 1406 * @idmap: idmap of the mount 1407 * @dentry: the object 1408 * @name: name of the attribute 1409 * 1410 * Removing the Smack attribute requires CAP_MAC_ADMIN 1411 * 1412 * Returns 0 if access is permitted, an error code otherwise 1413 */ 1414 static int smack_inode_removexattr(struct mnt_idmap *idmap, 1415 struct dentry *dentry, const char *name) 1416 { 1417 struct inode_smack *isp; 1418 struct smk_audit_info ad; 1419 int rc = 0; 1420 1421 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1422 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1423 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1424 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1425 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1426 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1427 if (!smack_privileged(CAP_MAC_ADMIN)) 1428 rc = -EPERM; 1429 } else 1430 rc = cap_inode_removexattr(idmap, dentry, name); 1431 1432 if (rc != 0) 1433 return rc; 1434 1435 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1436 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1437 1438 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1439 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1440 if (rc != 0) 1441 return rc; 1442 1443 isp = smack_inode(d_backing_inode(dentry)); 1444 /* 1445 * Don't do anything special for these. 1446 * XATTR_NAME_SMACKIPIN 1447 * XATTR_NAME_SMACKIPOUT 1448 */ 1449 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1450 struct super_block *sbp = dentry->d_sb; 1451 struct superblock_smack *sbsp = smack_superblock(sbp); 1452 1453 isp->smk_inode = sbsp->smk_default; 1454 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1455 isp->smk_task = NULL; 1456 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1457 isp->smk_mmap = NULL; 1458 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1459 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1460 1461 return 0; 1462 } 1463 1464 /** 1465 * smack_inode_set_acl - Smack check for setting posix acls 1466 * @idmap: idmap of the mnt this request came from 1467 * @dentry: the object 1468 * @acl_name: name of the posix acl 1469 * @kacl: the posix acls 1470 * 1471 * Returns 0 if access is permitted, an error code otherwise 1472 */ 1473 static int smack_inode_set_acl(struct mnt_idmap *idmap, 1474 struct dentry *dentry, const char *acl_name, 1475 struct posix_acl *kacl) 1476 { 1477 struct smk_audit_info ad; 1478 int rc; 1479 1480 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1481 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1482 1483 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1484 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1485 return rc; 1486 } 1487 1488 /** 1489 * smack_inode_get_acl - Smack check for getting posix acls 1490 * @idmap: idmap of the mnt this request came from 1491 * @dentry: the object 1492 * @acl_name: name of the posix acl 1493 * 1494 * Returns 0 if access is permitted, an error code otherwise 1495 */ 1496 static int smack_inode_get_acl(struct mnt_idmap *idmap, 1497 struct dentry *dentry, const char *acl_name) 1498 { 1499 struct smk_audit_info ad; 1500 int rc; 1501 1502 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1503 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1504 1505 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1506 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1507 return rc; 1508 } 1509 1510 /** 1511 * smack_inode_remove_acl - Smack check for getting posix acls 1512 * @idmap: idmap of the mnt this request came from 1513 * @dentry: the object 1514 * @acl_name: name of the posix acl 1515 * 1516 * Returns 0 if access is permitted, an error code otherwise 1517 */ 1518 static int smack_inode_remove_acl(struct mnt_idmap *idmap, 1519 struct dentry *dentry, const char *acl_name) 1520 { 1521 struct smk_audit_info ad; 1522 int rc; 1523 1524 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1525 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1526 1527 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1528 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1529 return rc; 1530 } 1531 1532 /** 1533 * smack_inode_getsecurity - get smack xattrs 1534 * @idmap: idmap of the mount 1535 * @inode: the object 1536 * @name: attribute name 1537 * @buffer: where to put the result 1538 * @alloc: duplicate memory 1539 * 1540 * Returns the size of the attribute or an error code 1541 */ 1542 static int smack_inode_getsecurity(struct mnt_idmap *idmap, 1543 struct inode *inode, const char *name, 1544 void **buffer, bool alloc) 1545 { 1546 struct socket_smack *ssp; 1547 struct socket *sock; 1548 struct super_block *sbp; 1549 struct inode *ip = inode; 1550 struct smack_known *isp; 1551 struct inode_smack *ispp; 1552 size_t label_len; 1553 char *label = NULL; 1554 1555 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1556 isp = smk_of_inode(inode); 1557 } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) { 1558 ispp = smack_inode(inode); 1559 if (ispp->smk_flags & SMK_INODE_TRANSMUTE) 1560 label = TRANS_TRUE; 1561 else 1562 label = ""; 1563 } else { 1564 /* 1565 * The rest of the Smack xattrs are only on sockets. 1566 */ 1567 sbp = ip->i_sb; 1568 if (sbp->s_magic != SOCKFS_MAGIC) 1569 return -EOPNOTSUPP; 1570 1571 sock = SOCKET_I(ip); 1572 if (sock == NULL || sock->sk == NULL) 1573 return -EOPNOTSUPP; 1574 1575 ssp = sock->sk->sk_security; 1576 1577 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1578 isp = ssp->smk_in; 1579 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1580 isp = ssp->smk_out; 1581 else 1582 return -EOPNOTSUPP; 1583 } 1584 1585 if (!label) 1586 label = isp->smk_known; 1587 1588 label_len = strlen(label); 1589 1590 if (alloc) { 1591 *buffer = kstrdup(label, GFP_KERNEL); 1592 if (*buffer == NULL) 1593 return -ENOMEM; 1594 } 1595 1596 return label_len; 1597 } 1598 1599 1600 /** 1601 * smack_inode_listsecurity - list the Smack attributes 1602 * @inode: the object 1603 * @buffer: where they go 1604 * @buffer_size: size of buffer 1605 */ 1606 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1607 size_t buffer_size) 1608 { 1609 int len = sizeof(XATTR_NAME_SMACK); 1610 1611 if (buffer != NULL && len <= buffer_size) 1612 memcpy(buffer, XATTR_NAME_SMACK, len); 1613 1614 return len; 1615 } 1616 1617 /** 1618 * smack_inode_getsecid - Extract inode's security id 1619 * @inode: inode to extract the info from 1620 * @secid: where result will be saved 1621 */ 1622 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1623 { 1624 struct smack_known *skp = smk_of_inode(inode); 1625 1626 *secid = skp->smk_secid; 1627 } 1628 1629 /* 1630 * File Hooks 1631 */ 1632 1633 /* 1634 * There is no smack_file_permission hook 1635 * 1636 * Should access checks be done on each read or write? 1637 * UNICOS and SELinux say yes. 1638 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1639 * 1640 * I'll say no for now. Smack does not do the frequent 1641 * label changing that SELinux does. 1642 */ 1643 1644 /** 1645 * smack_file_alloc_security - assign a file security blob 1646 * @file: the object 1647 * 1648 * The security blob for a file is a pointer to the master 1649 * label list, so no allocation is done. 1650 * 1651 * f_security is the owner security information. It 1652 * isn't used on file access checks, it's for send_sigio. 1653 * 1654 * Returns 0 1655 */ 1656 static int smack_file_alloc_security(struct file *file) 1657 { 1658 struct smack_known **blob = smack_file(file); 1659 1660 *blob = smk_of_current(); 1661 return 0; 1662 } 1663 1664 /** 1665 * smack_file_ioctl - Smack check on ioctls 1666 * @file: the object 1667 * @cmd: what to do 1668 * @arg: unused 1669 * 1670 * Relies heavily on the correct use of the ioctl command conventions. 1671 * 1672 * Returns 0 if allowed, error code otherwise 1673 */ 1674 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1675 unsigned long arg) 1676 { 1677 int rc = 0; 1678 struct smk_audit_info ad; 1679 struct inode *inode = file_inode(file); 1680 1681 if (unlikely(IS_PRIVATE(inode))) 1682 return 0; 1683 1684 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1685 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1686 1687 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1688 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1689 rc = smk_bu_file(file, MAY_WRITE, rc); 1690 } 1691 1692 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1693 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1694 rc = smk_bu_file(file, MAY_READ, rc); 1695 } 1696 1697 return rc; 1698 } 1699 1700 /** 1701 * smack_file_lock - Smack check on file locking 1702 * @file: the object 1703 * @cmd: unused 1704 * 1705 * Returns 0 if current has lock access, error code otherwise 1706 */ 1707 static int smack_file_lock(struct file *file, unsigned int cmd) 1708 { 1709 struct smk_audit_info ad; 1710 int rc; 1711 struct inode *inode = file_inode(file); 1712 1713 if (unlikely(IS_PRIVATE(inode))) 1714 return 0; 1715 1716 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1717 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1718 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1719 rc = smk_bu_file(file, MAY_LOCK, rc); 1720 return rc; 1721 } 1722 1723 /** 1724 * smack_file_fcntl - Smack check on fcntl 1725 * @file: the object 1726 * @cmd: what action to check 1727 * @arg: unused 1728 * 1729 * Generally these operations are harmless. 1730 * File locking operations present an obvious mechanism 1731 * for passing information, so they require write access. 1732 * 1733 * Returns 0 if current has access, error code otherwise 1734 */ 1735 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1736 unsigned long arg) 1737 { 1738 struct smk_audit_info ad; 1739 int rc = 0; 1740 struct inode *inode = file_inode(file); 1741 1742 if (unlikely(IS_PRIVATE(inode))) 1743 return 0; 1744 1745 switch (cmd) { 1746 case F_GETLK: 1747 break; 1748 case F_SETLK: 1749 case F_SETLKW: 1750 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1751 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1752 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1753 rc = smk_bu_file(file, MAY_LOCK, rc); 1754 break; 1755 case F_SETOWN: 1756 case F_SETSIG: 1757 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1758 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1759 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1760 rc = smk_bu_file(file, MAY_WRITE, rc); 1761 break; 1762 default: 1763 break; 1764 } 1765 1766 return rc; 1767 } 1768 1769 /** 1770 * smack_mmap_file - Check permissions for a mmap operation. 1771 * @file: contains the file structure for file to map (may be NULL). 1772 * @reqprot: contains the protection requested by the application. 1773 * @prot: contains the protection that will be applied by the kernel. 1774 * @flags: contains the operational flags. 1775 * 1776 * The @file may be NULL, e.g. if mapping anonymous memory. 1777 * 1778 * Return 0 if permission is granted. 1779 */ 1780 static int smack_mmap_file(struct file *file, 1781 unsigned long reqprot, unsigned long prot, 1782 unsigned long flags) 1783 { 1784 struct smack_known *skp; 1785 struct smack_known *mkp; 1786 struct smack_rule *srp; 1787 struct task_smack *tsp; 1788 struct smack_known *okp; 1789 struct inode_smack *isp; 1790 struct superblock_smack *sbsp; 1791 int may; 1792 int mmay; 1793 int tmay; 1794 int rc; 1795 1796 if (file == NULL) 1797 return 0; 1798 1799 if (unlikely(IS_PRIVATE(file_inode(file)))) 1800 return 0; 1801 1802 isp = smack_inode(file_inode(file)); 1803 if (isp->smk_mmap == NULL) 1804 return 0; 1805 sbsp = smack_superblock(file_inode(file)->i_sb); 1806 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1807 isp->smk_mmap != sbsp->smk_root) 1808 return -EACCES; 1809 mkp = isp->smk_mmap; 1810 1811 tsp = smack_cred(current_cred()); 1812 skp = smk_of_current(); 1813 rc = 0; 1814 1815 rcu_read_lock(); 1816 /* 1817 * For each Smack rule associated with the subject 1818 * label verify that the SMACK64MMAP also has access 1819 * to that rule's object label. 1820 */ 1821 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1822 okp = srp->smk_object; 1823 /* 1824 * Matching labels always allows access. 1825 */ 1826 if (mkp->smk_known == okp->smk_known) 1827 continue; 1828 /* 1829 * If there is a matching local rule take 1830 * that into account as well. 1831 */ 1832 may = smk_access_entry(srp->smk_subject->smk_known, 1833 okp->smk_known, 1834 &tsp->smk_rules); 1835 if (may == -ENOENT) 1836 may = srp->smk_access; 1837 else 1838 may &= srp->smk_access; 1839 /* 1840 * If may is zero the SMACK64MMAP subject can't 1841 * possibly have less access. 1842 */ 1843 if (may == 0) 1844 continue; 1845 1846 /* 1847 * Fetch the global list entry. 1848 * If there isn't one a SMACK64MMAP subject 1849 * can't have as much access as current. 1850 */ 1851 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1852 &mkp->smk_rules); 1853 if (mmay == -ENOENT) { 1854 rc = -EACCES; 1855 break; 1856 } 1857 /* 1858 * If there is a local entry it modifies the 1859 * potential access, too. 1860 */ 1861 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1862 &tsp->smk_rules); 1863 if (tmay != -ENOENT) 1864 mmay &= tmay; 1865 1866 /* 1867 * If there is any access available to current that is 1868 * not available to a SMACK64MMAP subject 1869 * deny access. 1870 */ 1871 if ((may | mmay) != mmay) { 1872 rc = -EACCES; 1873 break; 1874 } 1875 } 1876 1877 rcu_read_unlock(); 1878 1879 return rc; 1880 } 1881 1882 /** 1883 * smack_file_set_fowner - set the file security blob value 1884 * @file: object in question 1885 * 1886 */ 1887 static void smack_file_set_fowner(struct file *file) 1888 { 1889 struct smack_known **blob = smack_file(file); 1890 1891 *blob = smk_of_current(); 1892 } 1893 1894 /** 1895 * smack_file_send_sigiotask - Smack on sigio 1896 * @tsk: The target task 1897 * @fown: the object the signal come from 1898 * @signum: unused 1899 * 1900 * Allow a privileged task to get signals even if it shouldn't 1901 * 1902 * Returns 0 if a subject with the object's smack could 1903 * write to the task, an error code otherwise. 1904 */ 1905 static int smack_file_send_sigiotask(struct task_struct *tsk, 1906 struct fown_struct *fown, int signum) 1907 { 1908 struct smack_known **blob; 1909 struct smack_known *skp; 1910 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1911 const struct cred *tcred; 1912 struct file *file; 1913 int rc; 1914 struct smk_audit_info ad; 1915 1916 /* 1917 * struct fown_struct is never outside the context of a struct file 1918 */ 1919 file = container_of(fown, struct file, f_owner); 1920 1921 /* we don't log here as rc can be overriden */ 1922 blob = smack_file(file); 1923 skp = *blob; 1924 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1925 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1926 1927 rcu_read_lock(); 1928 tcred = __task_cred(tsk); 1929 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1930 rc = 0; 1931 rcu_read_unlock(); 1932 1933 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1934 smk_ad_setfield_u_tsk(&ad, tsk); 1935 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1936 return rc; 1937 } 1938 1939 /** 1940 * smack_file_receive - Smack file receive check 1941 * @file: the object 1942 * 1943 * Returns 0 if current has access, error code otherwise 1944 */ 1945 static int smack_file_receive(struct file *file) 1946 { 1947 int rc; 1948 int may = 0; 1949 struct smk_audit_info ad; 1950 struct inode *inode = file_inode(file); 1951 struct socket *sock; 1952 struct task_smack *tsp; 1953 struct socket_smack *ssp; 1954 1955 if (unlikely(IS_PRIVATE(inode))) 1956 return 0; 1957 1958 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1959 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1960 1961 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1962 sock = SOCKET_I(inode); 1963 ssp = sock->sk->sk_security; 1964 tsp = smack_cred(current_cred()); 1965 /* 1966 * If the receiving process can't write to the 1967 * passed socket or if the passed socket can't 1968 * write to the receiving process don't accept 1969 * the passed socket. 1970 */ 1971 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1972 rc = smk_bu_file(file, may, rc); 1973 if (rc < 0) 1974 return rc; 1975 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1976 rc = smk_bu_file(file, may, rc); 1977 return rc; 1978 } 1979 /* 1980 * This code relies on bitmasks. 1981 */ 1982 if (file->f_mode & FMODE_READ) 1983 may = MAY_READ; 1984 if (file->f_mode & FMODE_WRITE) 1985 may |= MAY_WRITE; 1986 1987 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1988 rc = smk_bu_file(file, may, rc); 1989 return rc; 1990 } 1991 1992 /** 1993 * smack_file_open - Smack dentry open processing 1994 * @file: the object 1995 * 1996 * Set the security blob in the file structure. 1997 * Allow the open only if the task has read access. There are 1998 * many read operations (e.g. fstat) that you can do with an 1999 * fd even if you have the file open write-only. 2000 * 2001 * Returns 0 if current has access, error code otherwise 2002 */ 2003 static int smack_file_open(struct file *file) 2004 { 2005 struct task_smack *tsp = smack_cred(file->f_cred); 2006 struct inode *inode = file_inode(file); 2007 struct smk_audit_info ad; 2008 int rc; 2009 2010 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 2011 smk_ad_setfield_u_fs_path(&ad, file->f_path); 2012 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 2013 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 2014 2015 return rc; 2016 } 2017 2018 /* 2019 * Task hooks 2020 */ 2021 2022 /** 2023 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 2024 * @cred: the new credentials 2025 * @gfp: the atomicity of any memory allocations 2026 * 2027 * Prepare a blank set of credentials for modification. This must allocate all 2028 * the memory the LSM module might require such that cred_transfer() can 2029 * complete without error. 2030 */ 2031 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 2032 { 2033 init_task_smack(smack_cred(cred), NULL, NULL); 2034 return 0; 2035 } 2036 2037 2038 /** 2039 * smack_cred_free - "free" task-level security credentials 2040 * @cred: the credentials in question 2041 * 2042 */ 2043 static void smack_cred_free(struct cred *cred) 2044 { 2045 struct task_smack *tsp = smack_cred(cred); 2046 struct smack_rule *rp; 2047 struct list_head *l; 2048 struct list_head *n; 2049 2050 smk_destroy_label_list(&tsp->smk_relabel); 2051 2052 list_for_each_safe(l, n, &tsp->smk_rules) { 2053 rp = list_entry(l, struct smack_rule, list); 2054 list_del(&rp->list); 2055 kmem_cache_free(smack_rule_cache, rp); 2056 } 2057 } 2058 2059 /** 2060 * smack_cred_prepare - prepare new set of credentials for modification 2061 * @new: the new credentials 2062 * @old: the original credentials 2063 * @gfp: the atomicity of any memory allocations 2064 * 2065 * Prepare a new set of credentials for modification. 2066 */ 2067 static int smack_cred_prepare(struct cred *new, const struct cred *old, 2068 gfp_t gfp) 2069 { 2070 struct task_smack *old_tsp = smack_cred(old); 2071 struct task_smack *new_tsp = smack_cred(new); 2072 int rc; 2073 2074 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 2075 2076 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 2077 if (rc != 0) 2078 return rc; 2079 2080 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 2081 gfp); 2082 return rc; 2083 } 2084 2085 /** 2086 * smack_cred_transfer - Transfer the old credentials to the new credentials 2087 * @new: the new credentials 2088 * @old: the original credentials 2089 * 2090 * Fill in a set of blank credentials from another set of credentials. 2091 */ 2092 static void smack_cred_transfer(struct cred *new, const struct cred *old) 2093 { 2094 struct task_smack *old_tsp = smack_cred(old); 2095 struct task_smack *new_tsp = smack_cred(new); 2096 2097 new_tsp->smk_task = old_tsp->smk_task; 2098 new_tsp->smk_forked = old_tsp->smk_task; 2099 mutex_init(&new_tsp->smk_rules_lock); 2100 INIT_LIST_HEAD(&new_tsp->smk_rules); 2101 2102 /* cbs copy rule list */ 2103 } 2104 2105 /** 2106 * smack_cred_getsecid - get the secid corresponding to a creds structure 2107 * @cred: the object creds 2108 * @secid: where to put the result 2109 * 2110 * Sets the secid to contain a u32 version of the smack label. 2111 */ 2112 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 2113 { 2114 struct smack_known *skp; 2115 2116 rcu_read_lock(); 2117 skp = smk_of_task(smack_cred(cred)); 2118 *secid = skp->smk_secid; 2119 rcu_read_unlock(); 2120 } 2121 2122 /** 2123 * smack_kernel_act_as - Set the subjective context in a set of credentials 2124 * @new: points to the set of credentials to be modified. 2125 * @secid: specifies the security ID to be set 2126 * 2127 * Set the security data for a kernel service. 2128 */ 2129 static int smack_kernel_act_as(struct cred *new, u32 secid) 2130 { 2131 struct task_smack *new_tsp = smack_cred(new); 2132 2133 new_tsp->smk_task = smack_from_secid(secid); 2134 return 0; 2135 } 2136 2137 /** 2138 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2139 * @new: points to the set of credentials to be modified 2140 * @inode: points to the inode to use as a reference 2141 * 2142 * Set the file creation context in a set of credentials to the same 2143 * as the objective context of the specified inode 2144 */ 2145 static int smack_kernel_create_files_as(struct cred *new, 2146 struct inode *inode) 2147 { 2148 struct inode_smack *isp = smack_inode(inode); 2149 struct task_smack *tsp = smack_cred(new); 2150 2151 tsp->smk_forked = isp->smk_inode; 2152 tsp->smk_task = tsp->smk_forked; 2153 return 0; 2154 } 2155 2156 /** 2157 * smk_curacc_on_task - helper to log task related access 2158 * @p: the task object 2159 * @access: the access requested 2160 * @caller: name of the calling function for audit 2161 * 2162 * Return 0 if access is permitted 2163 */ 2164 static int smk_curacc_on_task(struct task_struct *p, int access, 2165 const char *caller) 2166 { 2167 struct smk_audit_info ad; 2168 struct smack_known *skp = smk_of_task_struct_obj(p); 2169 int rc; 2170 2171 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2172 smk_ad_setfield_u_tsk(&ad, p); 2173 rc = smk_curacc(skp, access, &ad); 2174 rc = smk_bu_task(p, access, rc); 2175 return rc; 2176 } 2177 2178 /** 2179 * smack_task_setpgid - Smack check on setting pgid 2180 * @p: the task object 2181 * @pgid: unused 2182 * 2183 * Return 0 if write access is permitted 2184 */ 2185 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2186 { 2187 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2188 } 2189 2190 /** 2191 * smack_task_getpgid - Smack access check for getpgid 2192 * @p: the object task 2193 * 2194 * Returns 0 if current can read the object task, error code otherwise 2195 */ 2196 static int smack_task_getpgid(struct task_struct *p) 2197 { 2198 return smk_curacc_on_task(p, MAY_READ, __func__); 2199 } 2200 2201 /** 2202 * smack_task_getsid - Smack access check for getsid 2203 * @p: the object task 2204 * 2205 * Returns 0 if current can read the object task, error code otherwise 2206 */ 2207 static int smack_task_getsid(struct task_struct *p) 2208 { 2209 return smk_curacc_on_task(p, MAY_READ, __func__); 2210 } 2211 2212 /** 2213 * smack_current_getsecid_subj - get the subjective secid of the current task 2214 * @secid: where to put the result 2215 * 2216 * Sets the secid to contain a u32 version of the task's subjective smack label. 2217 */ 2218 static void smack_current_getsecid_subj(u32 *secid) 2219 { 2220 struct smack_known *skp = smk_of_current(); 2221 2222 *secid = skp->smk_secid; 2223 } 2224 2225 /** 2226 * smack_task_getsecid_obj - get the objective secid of the task 2227 * @p: the task 2228 * @secid: where to put the result 2229 * 2230 * Sets the secid to contain a u32 version of the task's objective smack label. 2231 */ 2232 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2233 { 2234 struct smack_known *skp = smk_of_task_struct_obj(p); 2235 2236 *secid = skp->smk_secid; 2237 } 2238 2239 /** 2240 * smack_task_setnice - Smack check on setting nice 2241 * @p: the task object 2242 * @nice: unused 2243 * 2244 * Return 0 if write access is permitted 2245 */ 2246 static int smack_task_setnice(struct task_struct *p, int nice) 2247 { 2248 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2249 } 2250 2251 /** 2252 * smack_task_setioprio - Smack check on setting ioprio 2253 * @p: the task object 2254 * @ioprio: unused 2255 * 2256 * Return 0 if write access is permitted 2257 */ 2258 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2259 { 2260 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2261 } 2262 2263 /** 2264 * smack_task_getioprio - Smack check on reading ioprio 2265 * @p: the task object 2266 * 2267 * Return 0 if read access is permitted 2268 */ 2269 static int smack_task_getioprio(struct task_struct *p) 2270 { 2271 return smk_curacc_on_task(p, MAY_READ, __func__); 2272 } 2273 2274 /** 2275 * smack_task_setscheduler - Smack check on setting scheduler 2276 * @p: the task object 2277 * 2278 * Return 0 if read access is permitted 2279 */ 2280 static int smack_task_setscheduler(struct task_struct *p) 2281 { 2282 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2283 } 2284 2285 /** 2286 * smack_task_getscheduler - Smack check on reading scheduler 2287 * @p: the task object 2288 * 2289 * Return 0 if read access is permitted 2290 */ 2291 static int smack_task_getscheduler(struct task_struct *p) 2292 { 2293 return smk_curacc_on_task(p, MAY_READ, __func__); 2294 } 2295 2296 /** 2297 * smack_task_movememory - Smack check on moving memory 2298 * @p: the task object 2299 * 2300 * Return 0 if write access is permitted 2301 */ 2302 static int smack_task_movememory(struct task_struct *p) 2303 { 2304 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2305 } 2306 2307 /** 2308 * smack_task_kill - Smack check on signal delivery 2309 * @p: the task object 2310 * @info: unused 2311 * @sig: unused 2312 * @cred: identifies the cred to use in lieu of current's 2313 * 2314 * Return 0 if write access is permitted 2315 * 2316 */ 2317 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2318 int sig, const struct cred *cred) 2319 { 2320 struct smk_audit_info ad; 2321 struct smack_known *skp; 2322 struct smack_known *tkp = smk_of_task_struct_obj(p); 2323 int rc; 2324 2325 if (!sig) 2326 return 0; /* null signal; existence test */ 2327 2328 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2329 smk_ad_setfield_u_tsk(&ad, p); 2330 /* 2331 * Sending a signal requires that the sender 2332 * can write the receiver. 2333 */ 2334 if (cred == NULL) { 2335 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2336 rc = smk_bu_task(p, MAY_DELIVER, rc); 2337 return rc; 2338 } 2339 /* 2340 * If the cred isn't NULL we're dealing with some USB IO 2341 * specific behavior. This is not clean. For one thing 2342 * we can't take privilege into account. 2343 */ 2344 skp = smk_of_task(smack_cred(cred)); 2345 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2346 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2347 return rc; 2348 } 2349 2350 /** 2351 * smack_task_to_inode - copy task smack into the inode blob 2352 * @p: task to copy from 2353 * @inode: inode to copy to 2354 * 2355 * Sets the smack pointer in the inode security blob 2356 */ 2357 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2358 { 2359 struct inode_smack *isp = smack_inode(inode); 2360 struct smack_known *skp = smk_of_task_struct_obj(p); 2361 2362 isp->smk_inode = skp; 2363 isp->smk_flags |= SMK_INODE_INSTANT; 2364 } 2365 2366 /* 2367 * Socket hooks. 2368 */ 2369 2370 /** 2371 * smack_sk_alloc_security - Allocate a socket blob 2372 * @sk: the socket 2373 * @family: unused 2374 * @gfp_flags: memory allocation flags 2375 * 2376 * Assign Smack pointers to current 2377 * 2378 * Returns 0 on success, -ENOMEM is there's no memory 2379 */ 2380 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2381 { 2382 struct smack_known *skp = smk_of_current(); 2383 struct socket_smack *ssp; 2384 2385 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2386 if (ssp == NULL) 2387 return -ENOMEM; 2388 2389 /* 2390 * Sockets created by kernel threads receive web label. 2391 */ 2392 if (unlikely(current->flags & PF_KTHREAD)) { 2393 ssp->smk_in = &smack_known_web; 2394 ssp->smk_out = &smack_known_web; 2395 } else { 2396 ssp->smk_in = skp; 2397 ssp->smk_out = skp; 2398 } 2399 ssp->smk_packet = NULL; 2400 2401 sk->sk_security = ssp; 2402 2403 return 0; 2404 } 2405 2406 /** 2407 * smack_sk_free_security - Free a socket blob 2408 * @sk: the socket 2409 * 2410 * Clears the blob pointer 2411 */ 2412 static void smack_sk_free_security(struct sock *sk) 2413 { 2414 #ifdef SMACK_IPV6_PORT_LABELING 2415 struct smk_port_label *spp; 2416 2417 if (sk->sk_family == PF_INET6) { 2418 rcu_read_lock(); 2419 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2420 if (spp->smk_sock != sk) 2421 continue; 2422 spp->smk_can_reuse = 1; 2423 break; 2424 } 2425 rcu_read_unlock(); 2426 } 2427 #endif 2428 kfree(sk->sk_security); 2429 } 2430 2431 /** 2432 * smack_sk_clone_security - Copy security context 2433 * @sk: the old socket 2434 * @newsk: the new socket 2435 * 2436 * Copy the security context of the old socket pointer to the cloned 2437 */ 2438 static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk) 2439 { 2440 struct socket_smack *ssp_old = sk->sk_security; 2441 struct socket_smack *ssp_new = newsk->sk_security; 2442 2443 *ssp_new = *ssp_old; 2444 } 2445 2446 /** 2447 * smack_ipv4host_label - check host based restrictions 2448 * @sip: the object end 2449 * 2450 * looks for host based access restrictions 2451 * 2452 * This version will only be appropriate for really small sets of single label 2453 * hosts. The caller is responsible for ensuring that the RCU read lock is 2454 * taken before calling this function. 2455 * 2456 * Returns the label of the far end or NULL if it's not special. 2457 */ 2458 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2459 { 2460 struct smk_net4addr *snp; 2461 struct in_addr *siap = &sip->sin_addr; 2462 2463 if (siap->s_addr == 0) 2464 return NULL; 2465 2466 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2467 /* 2468 * we break after finding the first match because 2469 * the list is sorted from longest to shortest mask 2470 * so we have found the most specific match 2471 */ 2472 if (snp->smk_host.s_addr == 2473 (siap->s_addr & snp->smk_mask.s_addr)) 2474 return snp->smk_label; 2475 2476 return NULL; 2477 } 2478 2479 #if IS_ENABLED(CONFIG_IPV6) 2480 /* 2481 * smk_ipv6_localhost - Check for local ipv6 host address 2482 * @sip: the address 2483 * 2484 * Returns boolean true if this is the localhost address 2485 */ 2486 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2487 { 2488 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2489 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2490 2491 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2492 ntohs(be16p[7]) == 1) 2493 return true; 2494 return false; 2495 } 2496 2497 /** 2498 * smack_ipv6host_label - check host based restrictions 2499 * @sip: the object end 2500 * 2501 * looks for host based access restrictions 2502 * 2503 * This version will only be appropriate for really small sets of single label 2504 * hosts. The caller is responsible for ensuring that the RCU read lock is 2505 * taken before calling this function. 2506 * 2507 * Returns the label of the far end or NULL if it's not special. 2508 */ 2509 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2510 { 2511 struct smk_net6addr *snp; 2512 struct in6_addr *sap = &sip->sin6_addr; 2513 int i; 2514 int found = 0; 2515 2516 /* 2517 * It's local. Don't look for a host label. 2518 */ 2519 if (smk_ipv6_localhost(sip)) 2520 return NULL; 2521 2522 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2523 /* 2524 * If the label is NULL the entry has 2525 * been renounced. Ignore it. 2526 */ 2527 if (snp->smk_label == NULL) 2528 continue; 2529 /* 2530 * we break after finding the first match because 2531 * the list is sorted from longest to shortest mask 2532 * so we have found the most specific match 2533 */ 2534 for (found = 1, i = 0; i < 8; i++) { 2535 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2536 snp->smk_host.s6_addr16[i]) { 2537 found = 0; 2538 break; 2539 } 2540 } 2541 if (found) 2542 return snp->smk_label; 2543 } 2544 2545 return NULL; 2546 } 2547 #endif /* CONFIG_IPV6 */ 2548 2549 /** 2550 * smack_netlbl_add - Set the secattr on a socket 2551 * @sk: the socket 2552 * 2553 * Attach the outbound smack value (smk_out) to the socket. 2554 * 2555 * Returns 0 on success or an error code 2556 */ 2557 static int smack_netlbl_add(struct sock *sk) 2558 { 2559 struct socket_smack *ssp = sk->sk_security; 2560 struct smack_known *skp = ssp->smk_out; 2561 int rc; 2562 2563 local_bh_disable(); 2564 bh_lock_sock_nested(sk); 2565 2566 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2567 switch (rc) { 2568 case 0: 2569 ssp->smk_state = SMK_NETLBL_LABELED; 2570 break; 2571 case -EDESTADDRREQ: 2572 ssp->smk_state = SMK_NETLBL_REQSKB; 2573 rc = 0; 2574 break; 2575 } 2576 2577 bh_unlock_sock(sk); 2578 local_bh_enable(); 2579 2580 return rc; 2581 } 2582 2583 /** 2584 * smack_netlbl_delete - Remove the secattr from a socket 2585 * @sk: the socket 2586 * 2587 * Remove the outbound smack value from a socket 2588 */ 2589 static void smack_netlbl_delete(struct sock *sk) 2590 { 2591 struct socket_smack *ssp = sk->sk_security; 2592 2593 /* 2594 * Take the label off the socket if one is set. 2595 */ 2596 if (ssp->smk_state != SMK_NETLBL_LABELED) 2597 return; 2598 2599 local_bh_disable(); 2600 bh_lock_sock_nested(sk); 2601 netlbl_sock_delattr(sk); 2602 bh_unlock_sock(sk); 2603 local_bh_enable(); 2604 ssp->smk_state = SMK_NETLBL_UNLABELED; 2605 } 2606 2607 /** 2608 * smk_ipv4_check - Perform IPv4 host access checks 2609 * @sk: the socket 2610 * @sap: the destination address 2611 * 2612 * Set the correct secattr for the given socket based on the destination 2613 * address and perform any outbound access checks needed. 2614 * 2615 * Returns 0 on success or an error code. 2616 * 2617 */ 2618 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2619 { 2620 struct smack_known *skp; 2621 int rc = 0; 2622 struct smack_known *hkp; 2623 struct socket_smack *ssp = sk->sk_security; 2624 struct smk_audit_info ad; 2625 2626 rcu_read_lock(); 2627 hkp = smack_ipv4host_label(sap); 2628 if (hkp != NULL) { 2629 #ifdef CONFIG_AUDIT 2630 struct lsm_network_audit net; 2631 2632 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2633 ad.a.u.net->family = sap->sin_family; 2634 ad.a.u.net->dport = sap->sin_port; 2635 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2636 #endif 2637 skp = ssp->smk_out; 2638 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2639 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2640 /* 2641 * Clear the socket netlabel if it's set. 2642 */ 2643 if (!rc) 2644 smack_netlbl_delete(sk); 2645 } 2646 rcu_read_unlock(); 2647 2648 return rc; 2649 } 2650 2651 #if IS_ENABLED(CONFIG_IPV6) 2652 /** 2653 * smk_ipv6_check - check Smack access 2654 * @subject: subject Smack label 2655 * @object: object Smack label 2656 * @address: address 2657 * @act: the action being taken 2658 * 2659 * Check an IPv6 access 2660 */ 2661 static int smk_ipv6_check(struct smack_known *subject, 2662 struct smack_known *object, 2663 struct sockaddr_in6 *address, int act) 2664 { 2665 #ifdef CONFIG_AUDIT 2666 struct lsm_network_audit net; 2667 #endif 2668 struct smk_audit_info ad; 2669 int rc; 2670 2671 #ifdef CONFIG_AUDIT 2672 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2673 ad.a.u.net->family = PF_INET6; 2674 ad.a.u.net->dport = address->sin6_port; 2675 if (act == SMK_RECEIVING) 2676 ad.a.u.net->v6info.saddr = address->sin6_addr; 2677 else 2678 ad.a.u.net->v6info.daddr = address->sin6_addr; 2679 #endif 2680 rc = smk_access(subject, object, MAY_WRITE, &ad); 2681 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2682 return rc; 2683 } 2684 #endif /* CONFIG_IPV6 */ 2685 2686 #ifdef SMACK_IPV6_PORT_LABELING 2687 /** 2688 * smk_ipv6_port_label - Smack port access table management 2689 * @sock: socket 2690 * @address: address 2691 * 2692 * Create or update the port list entry 2693 */ 2694 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2695 { 2696 struct sock *sk = sock->sk; 2697 struct sockaddr_in6 *addr6; 2698 struct socket_smack *ssp = sock->sk->sk_security; 2699 struct smk_port_label *spp; 2700 unsigned short port = 0; 2701 2702 if (address == NULL) { 2703 /* 2704 * This operation is changing the Smack information 2705 * on the bound socket. Take the changes to the port 2706 * as well. 2707 */ 2708 rcu_read_lock(); 2709 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2710 if (sk != spp->smk_sock) 2711 continue; 2712 spp->smk_in = ssp->smk_in; 2713 spp->smk_out = ssp->smk_out; 2714 rcu_read_unlock(); 2715 return; 2716 } 2717 /* 2718 * A NULL address is only used for updating existing 2719 * bound entries. If there isn't one, it's OK. 2720 */ 2721 rcu_read_unlock(); 2722 return; 2723 } 2724 2725 addr6 = (struct sockaddr_in6 *)address; 2726 port = ntohs(addr6->sin6_port); 2727 /* 2728 * This is a special case that is safely ignored. 2729 */ 2730 if (port == 0) 2731 return; 2732 2733 /* 2734 * Look for an existing port list entry. 2735 * This is an indication that a port is getting reused. 2736 */ 2737 rcu_read_lock(); 2738 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2739 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2740 continue; 2741 if (spp->smk_can_reuse != 1) { 2742 rcu_read_unlock(); 2743 return; 2744 } 2745 spp->smk_port = port; 2746 spp->smk_sock = sk; 2747 spp->smk_in = ssp->smk_in; 2748 spp->smk_out = ssp->smk_out; 2749 spp->smk_can_reuse = 0; 2750 rcu_read_unlock(); 2751 return; 2752 } 2753 rcu_read_unlock(); 2754 /* 2755 * A new port entry is required. 2756 */ 2757 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2758 if (spp == NULL) 2759 return; 2760 2761 spp->smk_port = port; 2762 spp->smk_sock = sk; 2763 spp->smk_in = ssp->smk_in; 2764 spp->smk_out = ssp->smk_out; 2765 spp->smk_sock_type = sock->type; 2766 spp->smk_can_reuse = 0; 2767 2768 mutex_lock(&smack_ipv6_lock); 2769 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2770 mutex_unlock(&smack_ipv6_lock); 2771 return; 2772 } 2773 2774 /** 2775 * smk_ipv6_port_check - check Smack port access 2776 * @sk: socket 2777 * @address: address 2778 * @act: the action being taken 2779 * 2780 * Create or update the port list entry 2781 */ 2782 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2783 int act) 2784 { 2785 struct smk_port_label *spp; 2786 struct socket_smack *ssp = sk->sk_security; 2787 struct smack_known *skp = NULL; 2788 unsigned short port; 2789 struct smack_known *object; 2790 2791 if (act == SMK_RECEIVING) { 2792 skp = smack_ipv6host_label(address); 2793 object = ssp->smk_in; 2794 } else { 2795 skp = ssp->smk_out; 2796 object = smack_ipv6host_label(address); 2797 } 2798 2799 /* 2800 * The other end is a single label host. 2801 */ 2802 if (skp != NULL && object != NULL) 2803 return smk_ipv6_check(skp, object, address, act); 2804 if (skp == NULL) 2805 skp = smack_net_ambient; 2806 if (object == NULL) 2807 object = smack_net_ambient; 2808 2809 /* 2810 * It's remote, so port lookup does no good. 2811 */ 2812 if (!smk_ipv6_localhost(address)) 2813 return smk_ipv6_check(skp, object, address, act); 2814 2815 /* 2816 * It's local so the send check has to have passed. 2817 */ 2818 if (act == SMK_RECEIVING) 2819 return 0; 2820 2821 port = ntohs(address->sin6_port); 2822 rcu_read_lock(); 2823 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2824 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2825 continue; 2826 object = spp->smk_in; 2827 if (act == SMK_CONNECTING) 2828 ssp->smk_packet = spp->smk_out; 2829 break; 2830 } 2831 rcu_read_unlock(); 2832 2833 return smk_ipv6_check(skp, object, address, act); 2834 } 2835 #endif 2836 2837 /** 2838 * smack_inode_setsecurity - set smack xattrs 2839 * @inode: the object 2840 * @name: attribute name 2841 * @value: attribute value 2842 * @size: size of the attribute 2843 * @flags: unused 2844 * 2845 * Sets the named attribute in the appropriate blob 2846 * 2847 * Returns 0 on success, or an error code 2848 */ 2849 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2850 const void *value, size_t size, int flags) 2851 { 2852 struct smack_known *skp; 2853 struct inode_smack *nsp = smack_inode(inode); 2854 struct socket_smack *ssp; 2855 struct socket *sock; 2856 int rc = 0; 2857 2858 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2859 return -EINVAL; 2860 2861 if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) { 2862 if (!S_ISDIR(inode->i_mode) || size != TRANS_TRUE_SIZE || 2863 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 2864 return -EINVAL; 2865 2866 nsp->smk_flags |= SMK_INODE_TRANSMUTE; 2867 return 0; 2868 } 2869 2870 skp = smk_import_entry(value, size); 2871 if (IS_ERR(skp)) 2872 return PTR_ERR(skp); 2873 2874 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2875 nsp->smk_inode = skp; 2876 nsp->smk_flags |= SMK_INODE_INSTANT; 2877 return 0; 2878 } 2879 /* 2880 * The rest of the Smack xattrs are only on sockets. 2881 */ 2882 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2883 return -EOPNOTSUPP; 2884 2885 sock = SOCKET_I(inode); 2886 if (sock == NULL || sock->sk == NULL) 2887 return -EOPNOTSUPP; 2888 2889 ssp = sock->sk->sk_security; 2890 2891 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2892 ssp->smk_in = skp; 2893 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2894 ssp->smk_out = skp; 2895 if (sock->sk->sk_family == PF_INET) { 2896 rc = smack_netlbl_add(sock->sk); 2897 if (rc != 0) 2898 printk(KERN_WARNING 2899 "Smack: \"%s\" netlbl error %d.\n", 2900 __func__, -rc); 2901 } 2902 } else 2903 return -EOPNOTSUPP; 2904 2905 #ifdef SMACK_IPV6_PORT_LABELING 2906 if (sock->sk->sk_family == PF_INET6) 2907 smk_ipv6_port_label(sock, NULL); 2908 #endif 2909 2910 return 0; 2911 } 2912 2913 /** 2914 * smack_socket_post_create - finish socket setup 2915 * @sock: the socket 2916 * @family: protocol family 2917 * @type: unused 2918 * @protocol: unused 2919 * @kern: unused 2920 * 2921 * Sets the netlabel information on the socket 2922 * 2923 * Returns 0 on success, and error code otherwise 2924 */ 2925 static int smack_socket_post_create(struct socket *sock, int family, 2926 int type, int protocol, int kern) 2927 { 2928 struct socket_smack *ssp; 2929 2930 if (sock->sk == NULL) 2931 return 0; 2932 2933 /* 2934 * Sockets created by kernel threads receive web label. 2935 */ 2936 if (unlikely(current->flags & PF_KTHREAD)) { 2937 ssp = sock->sk->sk_security; 2938 ssp->smk_in = &smack_known_web; 2939 ssp->smk_out = &smack_known_web; 2940 } 2941 2942 if (family != PF_INET) 2943 return 0; 2944 /* 2945 * Set the outbound netlbl. 2946 */ 2947 return smack_netlbl_add(sock->sk); 2948 } 2949 2950 /** 2951 * smack_socket_socketpair - create socket pair 2952 * @socka: one socket 2953 * @sockb: another socket 2954 * 2955 * Cross reference the peer labels for SO_PEERSEC 2956 * 2957 * Returns 0 2958 */ 2959 static int smack_socket_socketpair(struct socket *socka, 2960 struct socket *sockb) 2961 { 2962 struct socket_smack *asp = socka->sk->sk_security; 2963 struct socket_smack *bsp = sockb->sk->sk_security; 2964 2965 asp->smk_packet = bsp->smk_out; 2966 bsp->smk_packet = asp->smk_out; 2967 2968 return 0; 2969 } 2970 2971 #ifdef SMACK_IPV6_PORT_LABELING 2972 /** 2973 * smack_socket_bind - record port binding information. 2974 * @sock: the socket 2975 * @address: the port address 2976 * @addrlen: size of the address 2977 * 2978 * Records the label bound to a port. 2979 * 2980 * Returns 0 on success, and error code otherwise 2981 */ 2982 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2983 int addrlen) 2984 { 2985 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2986 if (addrlen < SIN6_LEN_RFC2133 || 2987 address->sa_family != AF_INET6) 2988 return -EINVAL; 2989 smk_ipv6_port_label(sock, address); 2990 } 2991 return 0; 2992 } 2993 #endif /* SMACK_IPV6_PORT_LABELING */ 2994 2995 /** 2996 * smack_socket_connect - connect access check 2997 * @sock: the socket 2998 * @sap: the other end 2999 * @addrlen: size of sap 3000 * 3001 * Verifies that a connection may be possible 3002 * 3003 * Returns 0 on success, and error code otherwise 3004 */ 3005 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 3006 int addrlen) 3007 { 3008 int rc = 0; 3009 3010 if (sock->sk == NULL) 3011 return 0; 3012 if (sock->sk->sk_family != PF_INET && 3013 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 3014 return 0; 3015 if (addrlen < offsetofend(struct sockaddr, sa_family)) 3016 return 0; 3017 3018 #if IS_ENABLED(CONFIG_IPV6) 3019 if (sap->sa_family == AF_INET6) { 3020 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 3021 struct smack_known *rsp = NULL; 3022 3023 if (addrlen < SIN6_LEN_RFC2133) 3024 return 0; 3025 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 3026 rsp = smack_ipv6host_label(sip); 3027 if (rsp != NULL) { 3028 struct socket_smack *ssp = sock->sk->sk_security; 3029 3030 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 3031 SMK_CONNECTING); 3032 } 3033 #ifdef SMACK_IPV6_PORT_LABELING 3034 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 3035 #endif 3036 3037 return rc; 3038 } 3039 #endif /* CONFIG_IPV6 */ 3040 3041 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 3042 return 0; 3043 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 3044 return rc; 3045 } 3046 3047 /** 3048 * smack_flags_to_may - convert S_ to MAY_ values 3049 * @flags: the S_ value 3050 * 3051 * Returns the equivalent MAY_ value 3052 */ 3053 static int smack_flags_to_may(int flags) 3054 { 3055 int may = 0; 3056 3057 if (flags & S_IRUGO) 3058 may |= MAY_READ; 3059 if (flags & S_IWUGO) 3060 may |= MAY_WRITE; 3061 if (flags & S_IXUGO) 3062 may |= MAY_EXEC; 3063 3064 return may; 3065 } 3066 3067 /** 3068 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 3069 * @msg: the object 3070 * 3071 * Returns 0 3072 */ 3073 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 3074 { 3075 struct smack_known **blob = smack_msg_msg(msg); 3076 3077 *blob = smk_of_current(); 3078 return 0; 3079 } 3080 3081 /** 3082 * smack_of_ipc - the smack pointer for the ipc 3083 * @isp: the object 3084 * 3085 * Returns a pointer to the smack value 3086 */ 3087 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 3088 { 3089 struct smack_known **blob = smack_ipc(isp); 3090 3091 return *blob; 3092 } 3093 3094 /** 3095 * smack_ipc_alloc_security - Set the security blob for ipc 3096 * @isp: the object 3097 * 3098 * Returns 0 3099 */ 3100 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 3101 { 3102 struct smack_known **blob = smack_ipc(isp); 3103 3104 *blob = smk_of_current(); 3105 return 0; 3106 } 3107 3108 /** 3109 * smk_curacc_shm : check if current has access on shm 3110 * @isp : the object 3111 * @access : access requested 3112 * 3113 * Returns 0 if current has the requested access, error code otherwise 3114 */ 3115 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 3116 { 3117 struct smack_known *ssp = smack_of_ipc(isp); 3118 struct smk_audit_info ad; 3119 int rc; 3120 3121 #ifdef CONFIG_AUDIT 3122 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3123 ad.a.u.ipc_id = isp->id; 3124 #endif 3125 rc = smk_curacc(ssp, access, &ad); 3126 rc = smk_bu_current("shm", ssp, access, rc); 3127 return rc; 3128 } 3129 3130 /** 3131 * smack_shm_associate - Smack access check for shm 3132 * @isp: the object 3133 * @shmflg: access requested 3134 * 3135 * Returns 0 if current has the requested access, error code otherwise 3136 */ 3137 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 3138 { 3139 int may; 3140 3141 may = smack_flags_to_may(shmflg); 3142 return smk_curacc_shm(isp, may); 3143 } 3144 3145 /** 3146 * smack_shm_shmctl - Smack access check for shm 3147 * @isp: the object 3148 * @cmd: what it wants to do 3149 * 3150 * Returns 0 if current has the requested access, error code otherwise 3151 */ 3152 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 3153 { 3154 int may; 3155 3156 switch (cmd) { 3157 case IPC_STAT: 3158 case SHM_STAT: 3159 case SHM_STAT_ANY: 3160 may = MAY_READ; 3161 break; 3162 case IPC_SET: 3163 case SHM_LOCK: 3164 case SHM_UNLOCK: 3165 case IPC_RMID: 3166 may = MAY_READWRITE; 3167 break; 3168 case IPC_INFO: 3169 case SHM_INFO: 3170 /* 3171 * System level information. 3172 */ 3173 return 0; 3174 default: 3175 return -EINVAL; 3176 } 3177 return smk_curacc_shm(isp, may); 3178 } 3179 3180 /** 3181 * smack_shm_shmat - Smack access for shmat 3182 * @isp: the object 3183 * @shmaddr: unused 3184 * @shmflg: access requested 3185 * 3186 * Returns 0 if current has the requested access, error code otherwise 3187 */ 3188 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3189 int shmflg) 3190 { 3191 int may; 3192 3193 may = smack_flags_to_may(shmflg); 3194 return smk_curacc_shm(isp, may); 3195 } 3196 3197 /** 3198 * smk_curacc_sem : check if current has access on sem 3199 * @isp : the object 3200 * @access : access requested 3201 * 3202 * Returns 0 if current has the requested access, error code otherwise 3203 */ 3204 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3205 { 3206 struct smack_known *ssp = smack_of_ipc(isp); 3207 struct smk_audit_info ad; 3208 int rc; 3209 3210 #ifdef CONFIG_AUDIT 3211 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3212 ad.a.u.ipc_id = isp->id; 3213 #endif 3214 rc = smk_curacc(ssp, access, &ad); 3215 rc = smk_bu_current("sem", ssp, access, rc); 3216 return rc; 3217 } 3218 3219 /** 3220 * smack_sem_associate - Smack access check for sem 3221 * @isp: the object 3222 * @semflg: access requested 3223 * 3224 * Returns 0 if current has the requested access, error code otherwise 3225 */ 3226 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3227 { 3228 int may; 3229 3230 may = smack_flags_to_may(semflg); 3231 return smk_curacc_sem(isp, may); 3232 } 3233 3234 /** 3235 * smack_sem_semctl - Smack access check for sem 3236 * @isp: the object 3237 * @cmd: what it wants to do 3238 * 3239 * Returns 0 if current has the requested access, error code otherwise 3240 */ 3241 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3242 { 3243 int may; 3244 3245 switch (cmd) { 3246 case GETPID: 3247 case GETNCNT: 3248 case GETZCNT: 3249 case GETVAL: 3250 case GETALL: 3251 case IPC_STAT: 3252 case SEM_STAT: 3253 case SEM_STAT_ANY: 3254 may = MAY_READ; 3255 break; 3256 case SETVAL: 3257 case SETALL: 3258 case IPC_RMID: 3259 case IPC_SET: 3260 may = MAY_READWRITE; 3261 break; 3262 case IPC_INFO: 3263 case SEM_INFO: 3264 /* 3265 * System level information 3266 */ 3267 return 0; 3268 default: 3269 return -EINVAL; 3270 } 3271 3272 return smk_curacc_sem(isp, may); 3273 } 3274 3275 /** 3276 * smack_sem_semop - Smack checks of semaphore operations 3277 * @isp: the object 3278 * @sops: unused 3279 * @nsops: unused 3280 * @alter: unused 3281 * 3282 * Treated as read and write in all cases. 3283 * 3284 * Returns 0 if access is allowed, error code otherwise 3285 */ 3286 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3287 unsigned nsops, int alter) 3288 { 3289 return smk_curacc_sem(isp, MAY_READWRITE); 3290 } 3291 3292 /** 3293 * smk_curacc_msq : helper to check if current has access on msq 3294 * @isp : the msq 3295 * @access : access requested 3296 * 3297 * return 0 if current has access, error otherwise 3298 */ 3299 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3300 { 3301 struct smack_known *msp = smack_of_ipc(isp); 3302 struct smk_audit_info ad; 3303 int rc; 3304 3305 #ifdef CONFIG_AUDIT 3306 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3307 ad.a.u.ipc_id = isp->id; 3308 #endif 3309 rc = smk_curacc(msp, access, &ad); 3310 rc = smk_bu_current("msq", msp, access, rc); 3311 return rc; 3312 } 3313 3314 /** 3315 * smack_msg_queue_associate - Smack access check for msg_queue 3316 * @isp: the object 3317 * @msqflg: access requested 3318 * 3319 * Returns 0 if current has the requested access, error code otherwise 3320 */ 3321 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3322 { 3323 int may; 3324 3325 may = smack_flags_to_may(msqflg); 3326 return smk_curacc_msq(isp, may); 3327 } 3328 3329 /** 3330 * smack_msg_queue_msgctl - Smack access check for msg_queue 3331 * @isp: the object 3332 * @cmd: what it wants to do 3333 * 3334 * Returns 0 if current has the requested access, error code otherwise 3335 */ 3336 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3337 { 3338 int may; 3339 3340 switch (cmd) { 3341 case IPC_STAT: 3342 case MSG_STAT: 3343 case MSG_STAT_ANY: 3344 may = MAY_READ; 3345 break; 3346 case IPC_SET: 3347 case IPC_RMID: 3348 may = MAY_READWRITE; 3349 break; 3350 case IPC_INFO: 3351 case MSG_INFO: 3352 /* 3353 * System level information 3354 */ 3355 return 0; 3356 default: 3357 return -EINVAL; 3358 } 3359 3360 return smk_curacc_msq(isp, may); 3361 } 3362 3363 /** 3364 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3365 * @isp: the object 3366 * @msg: unused 3367 * @msqflg: access requested 3368 * 3369 * Returns 0 if current has the requested access, error code otherwise 3370 */ 3371 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3372 int msqflg) 3373 { 3374 int may; 3375 3376 may = smack_flags_to_may(msqflg); 3377 return smk_curacc_msq(isp, may); 3378 } 3379 3380 /** 3381 * smack_msg_queue_msgrcv - Smack access check for msg_queue 3382 * @isp: the object 3383 * @msg: unused 3384 * @target: unused 3385 * @type: unused 3386 * @mode: unused 3387 * 3388 * Returns 0 if current has read and write access, error code otherwise 3389 */ 3390 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, 3391 struct msg_msg *msg, 3392 struct task_struct *target, long type, 3393 int mode) 3394 { 3395 return smk_curacc_msq(isp, MAY_READWRITE); 3396 } 3397 3398 /** 3399 * smack_ipc_permission - Smack access for ipc_permission() 3400 * @ipp: the object permissions 3401 * @flag: access requested 3402 * 3403 * Returns 0 if current has read and write access, error code otherwise 3404 */ 3405 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3406 { 3407 struct smack_known **blob = smack_ipc(ipp); 3408 struct smack_known *iskp = *blob; 3409 int may = smack_flags_to_may(flag); 3410 struct smk_audit_info ad; 3411 int rc; 3412 3413 #ifdef CONFIG_AUDIT 3414 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3415 ad.a.u.ipc_id = ipp->id; 3416 #endif 3417 rc = smk_curacc(iskp, may, &ad); 3418 rc = smk_bu_current("svipc", iskp, may, rc); 3419 return rc; 3420 } 3421 3422 /** 3423 * smack_ipc_getsecid - Extract smack security id 3424 * @ipp: the object permissions 3425 * @secid: where result will be saved 3426 */ 3427 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3428 { 3429 struct smack_known **blob = smack_ipc(ipp); 3430 struct smack_known *iskp = *blob; 3431 3432 *secid = iskp->smk_secid; 3433 } 3434 3435 /** 3436 * smack_d_instantiate - Make sure the blob is correct on an inode 3437 * @opt_dentry: dentry where inode will be attached 3438 * @inode: the object 3439 * 3440 * Set the inode's security blob if it hasn't been done already. 3441 */ 3442 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3443 { 3444 struct super_block *sbp; 3445 struct superblock_smack *sbsp; 3446 struct inode_smack *isp; 3447 struct smack_known *skp; 3448 struct smack_known *ckp = smk_of_current(); 3449 struct smack_known *final; 3450 char trattr[TRANS_TRUE_SIZE]; 3451 int transflag = 0; 3452 int rc; 3453 struct dentry *dp; 3454 3455 if (inode == NULL) 3456 return; 3457 3458 isp = smack_inode(inode); 3459 3460 /* 3461 * If the inode is already instantiated 3462 * take the quick way out 3463 */ 3464 if (isp->smk_flags & SMK_INODE_INSTANT) 3465 return; 3466 3467 sbp = inode->i_sb; 3468 sbsp = smack_superblock(sbp); 3469 /* 3470 * We're going to use the superblock default label 3471 * if there's no label on the file. 3472 */ 3473 final = sbsp->smk_default; 3474 3475 /* 3476 * If this is the root inode the superblock 3477 * may be in the process of initialization. 3478 * If that is the case use the root value out 3479 * of the superblock. 3480 */ 3481 if (opt_dentry->d_parent == opt_dentry) { 3482 switch (sbp->s_magic) { 3483 case CGROUP_SUPER_MAGIC: 3484 case CGROUP2_SUPER_MAGIC: 3485 /* 3486 * The cgroup filesystem is never mounted, 3487 * so there's no opportunity to set the mount 3488 * options. 3489 */ 3490 sbsp->smk_root = &smack_known_star; 3491 sbsp->smk_default = &smack_known_star; 3492 isp->smk_inode = sbsp->smk_root; 3493 break; 3494 case TMPFS_MAGIC: 3495 /* 3496 * What about shmem/tmpfs anonymous files with dentry 3497 * obtained from d_alloc_pseudo()? 3498 */ 3499 isp->smk_inode = smk_of_current(); 3500 break; 3501 case PIPEFS_MAGIC: 3502 isp->smk_inode = smk_of_current(); 3503 break; 3504 case SOCKFS_MAGIC: 3505 /* 3506 * Socket access is controlled by the socket 3507 * structures associated with the task involved. 3508 */ 3509 isp->smk_inode = &smack_known_star; 3510 break; 3511 default: 3512 isp->smk_inode = sbsp->smk_root; 3513 break; 3514 } 3515 isp->smk_flags |= SMK_INODE_INSTANT; 3516 return; 3517 } 3518 3519 /* 3520 * This is pretty hackish. 3521 * Casey says that we shouldn't have to do 3522 * file system specific code, but it does help 3523 * with keeping it simple. 3524 */ 3525 switch (sbp->s_magic) { 3526 case SMACK_MAGIC: 3527 case CGROUP_SUPER_MAGIC: 3528 case CGROUP2_SUPER_MAGIC: 3529 /* 3530 * Casey says that it's a little embarrassing 3531 * that the smack file system doesn't do 3532 * extended attributes. 3533 * 3534 * Cgroupfs is special 3535 */ 3536 final = &smack_known_star; 3537 break; 3538 case DEVPTS_SUPER_MAGIC: 3539 /* 3540 * devpts seems content with the label of the task. 3541 * Programs that change smack have to treat the 3542 * pty with respect. 3543 */ 3544 final = ckp; 3545 break; 3546 case PROC_SUPER_MAGIC: 3547 /* 3548 * Casey says procfs appears not to care. 3549 * The superblock default suffices. 3550 */ 3551 break; 3552 case TMPFS_MAGIC: 3553 /* 3554 * Device labels should come from the filesystem, 3555 * but watch out, because they're volitile, 3556 * getting recreated on every reboot. 3557 */ 3558 final = &smack_known_star; 3559 /* 3560 * If a smack value has been set we want to use it, 3561 * but since tmpfs isn't giving us the opportunity 3562 * to set mount options simulate setting the 3563 * superblock default. 3564 */ 3565 fallthrough; 3566 default: 3567 /* 3568 * This isn't an understood special case. 3569 * Get the value from the xattr. 3570 */ 3571 3572 /* 3573 * UNIX domain sockets use lower level socket data. 3574 */ 3575 if (S_ISSOCK(inode->i_mode)) { 3576 final = &smack_known_star; 3577 break; 3578 } 3579 /* 3580 * No xattr support means, alas, no SMACK label. 3581 * Use the aforeapplied default. 3582 * It would be curious if the label of the task 3583 * does not match that assigned. 3584 */ 3585 if (!(inode->i_opflags & IOP_XATTR)) 3586 break; 3587 /* 3588 * Get the dentry for xattr. 3589 */ 3590 dp = dget(opt_dentry); 3591 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3592 if (!IS_ERR_OR_NULL(skp)) 3593 final = skp; 3594 3595 /* 3596 * Transmuting directory 3597 */ 3598 if (S_ISDIR(inode->i_mode)) { 3599 /* 3600 * If this is a new directory and the label was 3601 * transmuted when the inode was initialized 3602 * set the transmute attribute on the directory 3603 * and mark the inode. 3604 * 3605 * If there is a transmute attribute on the 3606 * directory mark the inode. 3607 */ 3608 rc = __vfs_getxattr(dp, inode, 3609 XATTR_NAME_SMACKTRANSMUTE, trattr, 3610 TRANS_TRUE_SIZE); 3611 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3612 TRANS_TRUE_SIZE) != 0) 3613 rc = -EINVAL; 3614 if (rc >= 0) 3615 transflag = SMK_INODE_TRANSMUTE; 3616 } 3617 /* 3618 * Don't let the exec or mmap label be "*" or "@". 3619 */ 3620 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3621 if (IS_ERR(skp) || skp == &smack_known_star || 3622 skp == &smack_known_web) 3623 skp = NULL; 3624 isp->smk_task = skp; 3625 3626 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3627 if (IS_ERR(skp) || skp == &smack_known_star || 3628 skp == &smack_known_web) 3629 skp = NULL; 3630 isp->smk_mmap = skp; 3631 3632 dput(dp); 3633 break; 3634 } 3635 3636 if (final == NULL) 3637 isp->smk_inode = ckp; 3638 else 3639 isp->smk_inode = final; 3640 3641 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3642 3643 return; 3644 } 3645 3646 /** 3647 * smack_getprocattr - Smack process attribute access 3648 * @p: the object task 3649 * @name: the name of the attribute in /proc/.../attr 3650 * @value: where to put the result 3651 * 3652 * Places a copy of the task Smack into value 3653 * 3654 * Returns the length of the smack label or an error code 3655 */ 3656 static int smack_getprocattr(struct task_struct *p, const char *name, char **value) 3657 { 3658 struct smack_known *skp = smk_of_task_struct_obj(p); 3659 char *cp; 3660 int slen; 3661 3662 if (strcmp(name, "current") != 0) 3663 return -EINVAL; 3664 3665 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3666 if (cp == NULL) 3667 return -ENOMEM; 3668 3669 slen = strlen(cp); 3670 *value = cp; 3671 return slen; 3672 } 3673 3674 /** 3675 * smack_setprocattr - Smack process attribute setting 3676 * @name: the name of the attribute in /proc/.../attr 3677 * @value: the value to set 3678 * @size: the size of the value 3679 * 3680 * Sets the Smack value of the task. Only setting self 3681 * is permitted and only with privilege 3682 * 3683 * Returns the length of the smack label or an error code 3684 */ 3685 static int smack_setprocattr(const char *name, void *value, size_t size) 3686 { 3687 struct task_smack *tsp = smack_cred(current_cred()); 3688 struct cred *new; 3689 struct smack_known *skp; 3690 struct smack_known_list_elem *sklep; 3691 int rc; 3692 3693 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3694 return -EPERM; 3695 3696 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3697 return -EINVAL; 3698 3699 if (strcmp(name, "current") != 0) 3700 return -EINVAL; 3701 3702 skp = smk_import_entry(value, size); 3703 if (IS_ERR(skp)) 3704 return PTR_ERR(skp); 3705 3706 /* 3707 * No process is ever allowed the web ("@") label 3708 * and the star ("*") label. 3709 */ 3710 if (skp == &smack_known_web || skp == &smack_known_star) 3711 return -EINVAL; 3712 3713 if (!smack_privileged(CAP_MAC_ADMIN)) { 3714 rc = -EPERM; 3715 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3716 if (sklep->smk_label == skp) { 3717 rc = 0; 3718 break; 3719 } 3720 if (rc) 3721 return rc; 3722 } 3723 3724 new = prepare_creds(); 3725 if (new == NULL) 3726 return -ENOMEM; 3727 3728 tsp = smack_cred(new); 3729 tsp->smk_task = skp; 3730 /* 3731 * process can change its label only once 3732 */ 3733 smk_destroy_label_list(&tsp->smk_relabel); 3734 3735 commit_creds(new); 3736 return size; 3737 } 3738 3739 /** 3740 * smack_unix_stream_connect - Smack access on UDS 3741 * @sock: one sock 3742 * @other: the other sock 3743 * @newsk: unused 3744 * 3745 * Return 0 if a subject with the smack of sock could access 3746 * an object with the smack of other, otherwise an error code 3747 */ 3748 static int smack_unix_stream_connect(struct sock *sock, 3749 struct sock *other, struct sock *newsk) 3750 { 3751 struct smack_known *skp; 3752 struct smack_known *okp; 3753 struct socket_smack *ssp = sock->sk_security; 3754 struct socket_smack *osp = other->sk_security; 3755 struct socket_smack *nsp = newsk->sk_security; 3756 struct smk_audit_info ad; 3757 int rc = 0; 3758 #ifdef CONFIG_AUDIT 3759 struct lsm_network_audit net; 3760 #endif 3761 3762 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3763 skp = ssp->smk_out; 3764 okp = osp->smk_in; 3765 #ifdef CONFIG_AUDIT 3766 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3767 smk_ad_setfield_u_net_sk(&ad, other); 3768 #endif 3769 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3770 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3771 if (rc == 0) { 3772 okp = osp->smk_out; 3773 skp = ssp->smk_in; 3774 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3775 rc = smk_bu_note("UDS connect", okp, skp, 3776 MAY_WRITE, rc); 3777 } 3778 } 3779 3780 if (rc == 0) { 3781 /* 3782 * Cross reference the peer labels for SO_PEERSEC. 3783 */ 3784 nsp->smk_packet = ssp->smk_out; 3785 ssp->smk_packet = osp->smk_out; 3786 3787 /* 3788 * new/child/established socket must inherit listening socket labels 3789 */ 3790 nsp->smk_out = osp->smk_out; 3791 nsp->smk_in = osp->smk_in; 3792 } 3793 3794 return rc; 3795 } 3796 3797 /** 3798 * smack_unix_may_send - Smack access on UDS 3799 * @sock: one socket 3800 * @other: the other socket 3801 * 3802 * Return 0 if a subject with the smack of sock could access 3803 * an object with the smack of other, otherwise an error code 3804 */ 3805 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3806 { 3807 struct socket_smack *ssp = sock->sk->sk_security; 3808 struct socket_smack *osp = other->sk->sk_security; 3809 struct smk_audit_info ad; 3810 int rc; 3811 3812 #ifdef CONFIG_AUDIT 3813 struct lsm_network_audit net; 3814 3815 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3816 smk_ad_setfield_u_net_sk(&ad, other->sk); 3817 #endif 3818 3819 if (smack_privileged(CAP_MAC_OVERRIDE)) 3820 return 0; 3821 3822 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3823 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3824 return rc; 3825 } 3826 3827 /** 3828 * smack_socket_sendmsg - Smack check based on destination host 3829 * @sock: the socket 3830 * @msg: the message 3831 * @size: the size of the message 3832 * 3833 * Return 0 if the current subject can write to the destination host. 3834 * For IPv4 this is only a question if the destination is a single label host. 3835 * For IPv6 this is a check against the label of the port. 3836 */ 3837 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3838 int size) 3839 { 3840 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3841 #if IS_ENABLED(CONFIG_IPV6) 3842 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3843 #endif 3844 #ifdef SMACK_IPV6_SECMARK_LABELING 3845 struct socket_smack *ssp = sock->sk->sk_security; 3846 struct smack_known *rsp; 3847 #endif 3848 int rc = 0; 3849 3850 /* 3851 * Perfectly reasonable for this to be NULL 3852 */ 3853 if (sip == NULL) 3854 return 0; 3855 3856 switch (sock->sk->sk_family) { 3857 case AF_INET: 3858 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3859 sip->sin_family != AF_INET) 3860 return -EINVAL; 3861 rc = smk_ipv4_check(sock->sk, sip); 3862 break; 3863 #if IS_ENABLED(CONFIG_IPV6) 3864 case AF_INET6: 3865 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3866 sap->sin6_family != AF_INET6) 3867 return -EINVAL; 3868 #ifdef SMACK_IPV6_SECMARK_LABELING 3869 rsp = smack_ipv6host_label(sap); 3870 if (rsp != NULL) 3871 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3872 SMK_CONNECTING); 3873 #endif 3874 #ifdef SMACK_IPV6_PORT_LABELING 3875 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3876 #endif 3877 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3878 break; 3879 } 3880 return rc; 3881 } 3882 3883 /** 3884 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3885 * @sap: netlabel secattr 3886 * @ssp: socket security information 3887 * 3888 * Returns a pointer to a Smack label entry found on the label list. 3889 */ 3890 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3891 struct socket_smack *ssp) 3892 { 3893 struct smack_known *skp; 3894 int found = 0; 3895 int acat; 3896 int kcat; 3897 3898 /* 3899 * Netlabel found it in the cache. 3900 */ 3901 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3902 return (struct smack_known *)sap->cache->data; 3903 3904 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3905 /* 3906 * Looks like a fallback, which gives us a secid. 3907 */ 3908 return smack_from_secid(sap->attr.secid); 3909 3910 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3911 /* 3912 * Looks like a CIPSO packet. 3913 * If there are flags but no level netlabel isn't 3914 * behaving the way we expect it to. 3915 * 3916 * Look it up in the label table 3917 * Without guidance regarding the smack value 3918 * for the packet fall back on the network 3919 * ambient value. 3920 */ 3921 rcu_read_lock(); 3922 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3923 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3924 continue; 3925 /* 3926 * Compare the catsets. Use the netlbl APIs. 3927 */ 3928 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3929 if ((skp->smk_netlabel.flags & 3930 NETLBL_SECATTR_MLS_CAT) == 0) 3931 found = 1; 3932 break; 3933 } 3934 for (acat = -1, kcat = -1; acat == kcat; ) { 3935 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3936 acat + 1); 3937 kcat = netlbl_catmap_walk( 3938 skp->smk_netlabel.attr.mls.cat, 3939 kcat + 1); 3940 if (acat < 0 || kcat < 0) 3941 break; 3942 } 3943 if (acat == kcat) { 3944 found = 1; 3945 break; 3946 } 3947 } 3948 rcu_read_unlock(); 3949 3950 if (found) 3951 return skp; 3952 3953 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3954 return &smack_known_web; 3955 return &smack_known_star; 3956 } 3957 /* 3958 * Without guidance regarding the smack value 3959 * for the packet fall back on the network 3960 * ambient value. 3961 */ 3962 return smack_net_ambient; 3963 } 3964 3965 #if IS_ENABLED(CONFIG_IPV6) 3966 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3967 { 3968 u8 nexthdr; 3969 int offset; 3970 int proto = -EINVAL; 3971 struct ipv6hdr _ipv6h; 3972 struct ipv6hdr *ip6; 3973 __be16 frag_off; 3974 struct tcphdr _tcph, *th; 3975 struct udphdr _udph, *uh; 3976 struct dccp_hdr _dccph, *dh; 3977 3978 sip->sin6_port = 0; 3979 3980 offset = skb_network_offset(skb); 3981 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3982 if (ip6 == NULL) 3983 return -EINVAL; 3984 sip->sin6_addr = ip6->saddr; 3985 3986 nexthdr = ip6->nexthdr; 3987 offset += sizeof(_ipv6h); 3988 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3989 if (offset < 0) 3990 return -EINVAL; 3991 3992 proto = nexthdr; 3993 switch (proto) { 3994 case IPPROTO_TCP: 3995 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3996 if (th != NULL) 3997 sip->sin6_port = th->source; 3998 break; 3999 case IPPROTO_UDP: 4000 case IPPROTO_UDPLITE: 4001 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 4002 if (uh != NULL) 4003 sip->sin6_port = uh->source; 4004 break; 4005 case IPPROTO_DCCP: 4006 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 4007 if (dh != NULL) 4008 sip->sin6_port = dh->dccph_sport; 4009 break; 4010 } 4011 return proto; 4012 } 4013 #endif /* CONFIG_IPV6 */ 4014 4015 /** 4016 * smack_from_skb - Smack data from the secmark in an skb 4017 * @skb: packet 4018 * 4019 * Returns smack_known of the secmark or NULL if that won't work. 4020 */ 4021 #ifdef CONFIG_NETWORK_SECMARK 4022 static struct smack_known *smack_from_skb(struct sk_buff *skb) 4023 { 4024 if (skb == NULL || skb->secmark == 0) 4025 return NULL; 4026 4027 return smack_from_secid(skb->secmark); 4028 } 4029 #else 4030 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 4031 { 4032 return NULL; 4033 } 4034 #endif 4035 4036 /** 4037 * smack_from_netlbl - Smack data from the IP options in an skb 4038 * @sk: socket data came in on 4039 * @family: address family 4040 * @skb: packet 4041 * 4042 * Find the Smack label in the IP options. If it hasn't been 4043 * added to the netlabel cache, add it here. 4044 * 4045 * Returns smack_known of the IP options or NULL if that won't work. 4046 */ 4047 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 4048 struct sk_buff *skb) 4049 { 4050 struct netlbl_lsm_secattr secattr; 4051 struct socket_smack *ssp = NULL; 4052 struct smack_known *skp = NULL; 4053 4054 netlbl_secattr_init(&secattr); 4055 4056 if (sk) 4057 ssp = sk->sk_security; 4058 4059 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 4060 skp = smack_from_secattr(&secattr, ssp); 4061 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 4062 netlbl_cache_add(skb, family, &skp->smk_netlabel); 4063 } 4064 4065 netlbl_secattr_destroy(&secattr); 4066 4067 return skp; 4068 } 4069 4070 /** 4071 * smack_socket_sock_rcv_skb - Smack packet delivery access check 4072 * @sk: socket 4073 * @skb: packet 4074 * 4075 * Returns 0 if the packet should be delivered, an error code otherwise 4076 */ 4077 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 4078 { 4079 struct socket_smack *ssp = sk->sk_security; 4080 struct smack_known *skp = NULL; 4081 int rc = 0; 4082 struct smk_audit_info ad; 4083 u16 family = sk->sk_family; 4084 #ifdef CONFIG_AUDIT 4085 struct lsm_network_audit net; 4086 #endif 4087 #if IS_ENABLED(CONFIG_IPV6) 4088 struct sockaddr_in6 sadd; 4089 int proto; 4090 4091 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 4092 family = PF_INET; 4093 #endif /* CONFIG_IPV6 */ 4094 4095 switch (family) { 4096 case PF_INET: 4097 /* 4098 * If there is a secmark use it rather than the CIPSO label. 4099 * If there is no secmark fall back to CIPSO. 4100 * The secmark is assumed to reflect policy better. 4101 */ 4102 skp = smack_from_skb(skb); 4103 if (skp == NULL) { 4104 skp = smack_from_netlbl(sk, family, skb); 4105 if (skp == NULL) 4106 skp = smack_net_ambient; 4107 } 4108 4109 #ifdef CONFIG_AUDIT 4110 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4111 ad.a.u.net->family = family; 4112 ad.a.u.net->netif = skb->skb_iif; 4113 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4114 #endif 4115 /* 4116 * Receiving a packet requires that the other end 4117 * be able to write here. Read access is not required. 4118 * This is the simplist possible security model 4119 * for networking. 4120 */ 4121 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4122 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 4123 MAY_WRITE, rc); 4124 if (rc != 0) 4125 netlbl_skbuff_err(skb, family, rc, 0); 4126 break; 4127 #if IS_ENABLED(CONFIG_IPV6) 4128 case PF_INET6: 4129 proto = smk_skb_to_addr_ipv6(skb, &sadd); 4130 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 4131 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 4132 break; 4133 #ifdef SMACK_IPV6_SECMARK_LABELING 4134 skp = smack_from_skb(skb); 4135 if (skp == NULL) { 4136 if (smk_ipv6_localhost(&sadd)) 4137 break; 4138 skp = smack_ipv6host_label(&sadd); 4139 if (skp == NULL) 4140 skp = smack_net_ambient; 4141 } 4142 #ifdef CONFIG_AUDIT 4143 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4144 ad.a.u.net->family = family; 4145 ad.a.u.net->netif = skb->skb_iif; 4146 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 4147 #endif /* CONFIG_AUDIT */ 4148 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4149 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 4150 MAY_WRITE, rc); 4151 #endif /* SMACK_IPV6_SECMARK_LABELING */ 4152 #ifdef SMACK_IPV6_PORT_LABELING 4153 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 4154 #endif /* SMACK_IPV6_PORT_LABELING */ 4155 if (rc != 0) 4156 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 4157 ICMPV6_ADM_PROHIBITED, 0); 4158 break; 4159 #endif /* CONFIG_IPV6 */ 4160 } 4161 4162 return rc; 4163 } 4164 4165 /** 4166 * smack_socket_getpeersec_stream - pull in packet label 4167 * @sock: the socket 4168 * @optval: user's destination 4169 * @optlen: size thereof 4170 * @len: max thereof 4171 * 4172 * returns zero on success, an error code otherwise 4173 */ 4174 static int smack_socket_getpeersec_stream(struct socket *sock, 4175 sockptr_t optval, sockptr_t optlen, 4176 unsigned int len) 4177 { 4178 struct socket_smack *ssp; 4179 char *rcp = ""; 4180 u32 slen = 1; 4181 int rc = 0; 4182 4183 ssp = sock->sk->sk_security; 4184 if (ssp->smk_packet != NULL) { 4185 rcp = ssp->smk_packet->smk_known; 4186 slen = strlen(rcp) + 1; 4187 } 4188 if (slen > len) { 4189 rc = -ERANGE; 4190 goto out_len; 4191 } 4192 4193 if (copy_to_sockptr(optval, rcp, slen)) 4194 rc = -EFAULT; 4195 out_len: 4196 if (copy_to_sockptr(optlen, &slen, sizeof(slen))) 4197 rc = -EFAULT; 4198 return rc; 4199 } 4200 4201 4202 /** 4203 * smack_socket_getpeersec_dgram - pull in packet label 4204 * @sock: the peer socket 4205 * @skb: packet data 4206 * @secid: pointer to where to put the secid of the packet 4207 * 4208 * Sets the netlabel socket state on sk from parent 4209 */ 4210 static int smack_socket_getpeersec_dgram(struct socket *sock, 4211 struct sk_buff *skb, u32 *secid) 4212 4213 { 4214 struct socket_smack *ssp = NULL; 4215 struct smack_known *skp; 4216 struct sock *sk = NULL; 4217 int family = PF_UNSPEC; 4218 u32 s = 0; /* 0 is the invalid secid */ 4219 4220 if (skb != NULL) { 4221 if (skb->protocol == htons(ETH_P_IP)) 4222 family = PF_INET; 4223 #if IS_ENABLED(CONFIG_IPV6) 4224 else if (skb->protocol == htons(ETH_P_IPV6)) 4225 family = PF_INET6; 4226 #endif /* CONFIG_IPV6 */ 4227 } 4228 if (family == PF_UNSPEC && sock != NULL) 4229 family = sock->sk->sk_family; 4230 4231 switch (family) { 4232 case PF_UNIX: 4233 ssp = sock->sk->sk_security; 4234 s = ssp->smk_out->smk_secid; 4235 break; 4236 case PF_INET: 4237 skp = smack_from_skb(skb); 4238 if (skp) { 4239 s = skp->smk_secid; 4240 break; 4241 } 4242 /* 4243 * Translate what netlabel gave us. 4244 */ 4245 if (sock != NULL) 4246 sk = sock->sk; 4247 skp = smack_from_netlbl(sk, family, skb); 4248 if (skp != NULL) 4249 s = skp->smk_secid; 4250 break; 4251 case PF_INET6: 4252 #ifdef SMACK_IPV6_SECMARK_LABELING 4253 skp = smack_from_skb(skb); 4254 if (skp) 4255 s = skp->smk_secid; 4256 #endif 4257 break; 4258 } 4259 *secid = s; 4260 if (s == 0) 4261 return -EINVAL; 4262 return 0; 4263 } 4264 4265 /** 4266 * smack_sock_graft - Initialize a newly created socket with an existing sock 4267 * @sk: child sock 4268 * @parent: parent socket 4269 * 4270 * Set the smk_{in,out} state of an existing sock based on the process that 4271 * is creating the new socket. 4272 */ 4273 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4274 { 4275 struct socket_smack *ssp; 4276 struct smack_known *skp = smk_of_current(); 4277 4278 if (sk == NULL || 4279 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4280 return; 4281 4282 ssp = sk->sk_security; 4283 ssp->smk_in = skp; 4284 ssp->smk_out = skp; 4285 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4286 } 4287 4288 /** 4289 * smack_inet_conn_request - Smack access check on connect 4290 * @sk: socket involved 4291 * @skb: packet 4292 * @req: unused 4293 * 4294 * Returns 0 if a task with the packet label could write to 4295 * the socket, otherwise an error code 4296 */ 4297 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4298 struct request_sock *req) 4299 { 4300 u16 family = sk->sk_family; 4301 struct smack_known *skp; 4302 struct socket_smack *ssp = sk->sk_security; 4303 struct sockaddr_in addr; 4304 struct iphdr *hdr; 4305 struct smack_known *hskp; 4306 int rc; 4307 struct smk_audit_info ad; 4308 #ifdef CONFIG_AUDIT 4309 struct lsm_network_audit net; 4310 #endif 4311 4312 #if IS_ENABLED(CONFIG_IPV6) 4313 if (family == PF_INET6) { 4314 /* 4315 * Handle mapped IPv4 packets arriving 4316 * via IPv6 sockets. Don't set up netlabel 4317 * processing on IPv6. 4318 */ 4319 if (skb->protocol == htons(ETH_P_IP)) 4320 family = PF_INET; 4321 else 4322 return 0; 4323 } 4324 #endif /* CONFIG_IPV6 */ 4325 4326 /* 4327 * If there is a secmark use it rather than the CIPSO label. 4328 * If there is no secmark fall back to CIPSO. 4329 * The secmark is assumed to reflect policy better. 4330 */ 4331 skp = smack_from_skb(skb); 4332 if (skp == NULL) { 4333 skp = smack_from_netlbl(sk, family, skb); 4334 if (skp == NULL) 4335 skp = &smack_known_huh; 4336 } 4337 4338 #ifdef CONFIG_AUDIT 4339 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4340 ad.a.u.net->family = family; 4341 ad.a.u.net->netif = skb->skb_iif; 4342 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4343 #endif 4344 /* 4345 * Receiving a packet requires that the other end be able to write 4346 * here. Read access is not required. 4347 */ 4348 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4349 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4350 if (rc != 0) 4351 return rc; 4352 4353 /* 4354 * Save the peer's label in the request_sock so we can later setup 4355 * smk_packet in the child socket so that SO_PEERCRED can report it. 4356 */ 4357 req->peer_secid = skp->smk_secid; 4358 4359 /* 4360 * We need to decide if we want to label the incoming connection here 4361 * if we do we only need to label the request_sock and the stack will 4362 * propagate the wire-label to the sock when it is created. 4363 */ 4364 hdr = ip_hdr(skb); 4365 addr.sin_addr.s_addr = hdr->saddr; 4366 rcu_read_lock(); 4367 hskp = smack_ipv4host_label(&addr); 4368 rcu_read_unlock(); 4369 4370 if (hskp == NULL) 4371 rc = netlbl_req_setattr(req, &ssp->smk_out->smk_netlabel); 4372 else 4373 netlbl_req_delattr(req); 4374 4375 return rc; 4376 } 4377 4378 /** 4379 * smack_inet_csk_clone - Copy the connection information to the new socket 4380 * @sk: the new socket 4381 * @req: the connection's request_sock 4382 * 4383 * Transfer the connection's peer label to the newly created socket. 4384 */ 4385 static void smack_inet_csk_clone(struct sock *sk, 4386 const struct request_sock *req) 4387 { 4388 struct socket_smack *ssp = sk->sk_security; 4389 struct smack_known *skp; 4390 4391 if (req->peer_secid != 0) { 4392 skp = smack_from_secid(req->peer_secid); 4393 ssp->smk_packet = skp; 4394 } else 4395 ssp->smk_packet = NULL; 4396 } 4397 4398 /* 4399 * Key management security hooks 4400 * 4401 * Casey has not tested key support very heavily. 4402 * The permission check is most likely too restrictive. 4403 * If you care about keys please have a look. 4404 */ 4405 #ifdef CONFIG_KEYS 4406 4407 /** 4408 * smack_key_alloc - Set the key security blob 4409 * @key: object 4410 * @cred: the credentials to use 4411 * @flags: unused 4412 * 4413 * No allocation required 4414 * 4415 * Returns 0 4416 */ 4417 static int smack_key_alloc(struct key *key, const struct cred *cred, 4418 unsigned long flags) 4419 { 4420 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4421 4422 key->security = skp; 4423 return 0; 4424 } 4425 4426 /** 4427 * smack_key_free - Clear the key security blob 4428 * @key: the object 4429 * 4430 * Clear the blob pointer 4431 */ 4432 static void smack_key_free(struct key *key) 4433 { 4434 key->security = NULL; 4435 } 4436 4437 /** 4438 * smack_key_permission - Smack access on a key 4439 * @key_ref: gets to the object 4440 * @cred: the credentials to use 4441 * @need_perm: requested key permission 4442 * 4443 * Return 0 if the task has read and write to the object, 4444 * an error code otherwise 4445 */ 4446 static int smack_key_permission(key_ref_t key_ref, 4447 const struct cred *cred, 4448 enum key_need_perm need_perm) 4449 { 4450 struct key *keyp; 4451 struct smk_audit_info ad; 4452 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4453 int request = 0; 4454 int rc; 4455 4456 /* 4457 * Validate requested permissions 4458 */ 4459 switch (need_perm) { 4460 case KEY_NEED_READ: 4461 case KEY_NEED_SEARCH: 4462 case KEY_NEED_VIEW: 4463 request |= MAY_READ; 4464 break; 4465 case KEY_NEED_WRITE: 4466 case KEY_NEED_LINK: 4467 case KEY_NEED_SETATTR: 4468 request |= MAY_WRITE; 4469 break; 4470 case KEY_NEED_UNSPECIFIED: 4471 case KEY_NEED_UNLINK: 4472 case KEY_SYSADMIN_OVERRIDE: 4473 case KEY_AUTHTOKEN_OVERRIDE: 4474 case KEY_DEFER_PERM_CHECK: 4475 return 0; 4476 default: 4477 return -EINVAL; 4478 } 4479 4480 keyp = key_ref_to_ptr(key_ref); 4481 if (keyp == NULL) 4482 return -EINVAL; 4483 /* 4484 * If the key hasn't been initialized give it access so that 4485 * it may do so. 4486 */ 4487 if (keyp->security == NULL) 4488 return 0; 4489 /* 4490 * This should not occur 4491 */ 4492 if (tkp == NULL) 4493 return -EACCES; 4494 4495 if (smack_privileged(CAP_MAC_OVERRIDE)) 4496 return 0; 4497 4498 #ifdef CONFIG_AUDIT 4499 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4500 ad.a.u.key_struct.key = keyp->serial; 4501 ad.a.u.key_struct.key_desc = keyp->description; 4502 #endif 4503 rc = smk_access(tkp, keyp->security, request, &ad); 4504 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4505 return rc; 4506 } 4507 4508 /* 4509 * smack_key_getsecurity - Smack label tagging the key 4510 * @key points to the key to be queried 4511 * @_buffer points to a pointer that should be set to point to the 4512 * resulting string (if no label or an error occurs). 4513 * Return the length of the string (including terminating NUL) or -ve if 4514 * an error. 4515 * May also return 0 (and a NULL buffer pointer) if there is no label. 4516 */ 4517 static int smack_key_getsecurity(struct key *key, char **_buffer) 4518 { 4519 struct smack_known *skp = key->security; 4520 size_t length; 4521 char *copy; 4522 4523 if (key->security == NULL) { 4524 *_buffer = NULL; 4525 return 0; 4526 } 4527 4528 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4529 if (copy == NULL) 4530 return -ENOMEM; 4531 length = strlen(copy) + 1; 4532 4533 *_buffer = copy; 4534 return length; 4535 } 4536 4537 4538 #ifdef CONFIG_KEY_NOTIFICATIONS 4539 /** 4540 * smack_watch_key - Smack access to watch a key for notifications. 4541 * @key: The key to be watched 4542 * 4543 * Return 0 if the @watch->cred has permission to read from the key object and 4544 * an error otherwise. 4545 */ 4546 static int smack_watch_key(struct key *key) 4547 { 4548 struct smk_audit_info ad; 4549 struct smack_known *tkp = smk_of_current(); 4550 int rc; 4551 4552 if (key == NULL) 4553 return -EINVAL; 4554 /* 4555 * If the key hasn't been initialized give it access so that 4556 * it may do so. 4557 */ 4558 if (key->security == NULL) 4559 return 0; 4560 /* 4561 * This should not occur 4562 */ 4563 if (tkp == NULL) 4564 return -EACCES; 4565 4566 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4567 return 0; 4568 4569 #ifdef CONFIG_AUDIT 4570 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4571 ad.a.u.key_struct.key = key->serial; 4572 ad.a.u.key_struct.key_desc = key->description; 4573 #endif 4574 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4575 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4576 return rc; 4577 } 4578 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4579 #endif /* CONFIG_KEYS */ 4580 4581 #ifdef CONFIG_WATCH_QUEUE 4582 /** 4583 * smack_post_notification - Smack access to post a notification to a queue 4584 * @w_cred: The credentials of the watcher. 4585 * @cred: The credentials of the event source (may be NULL). 4586 * @n: The notification message to be posted. 4587 */ 4588 static int smack_post_notification(const struct cred *w_cred, 4589 const struct cred *cred, 4590 struct watch_notification *n) 4591 { 4592 struct smk_audit_info ad; 4593 struct smack_known *subj, *obj; 4594 int rc; 4595 4596 /* Always let maintenance notifications through. */ 4597 if (n->type == WATCH_TYPE_META) 4598 return 0; 4599 4600 if (!cred) 4601 return 0; 4602 subj = smk_of_task(smack_cred(cred)); 4603 obj = smk_of_task(smack_cred(w_cred)); 4604 4605 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4606 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4607 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4608 return rc; 4609 } 4610 #endif /* CONFIG_WATCH_QUEUE */ 4611 4612 /* 4613 * Smack Audit hooks 4614 * 4615 * Audit requires a unique representation of each Smack specific 4616 * rule. This unique representation is used to distinguish the 4617 * object to be audited from remaining kernel objects and also 4618 * works as a glue between the audit hooks. 4619 * 4620 * Since repository entries are added but never deleted, we'll use 4621 * the smack_known label address related to the given audit rule as 4622 * the needed unique representation. This also better fits the smack 4623 * model where nearly everything is a label. 4624 */ 4625 #ifdef CONFIG_AUDIT 4626 4627 /** 4628 * smack_audit_rule_init - Initialize a smack audit rule 4629 * @field: audit rule fields given from user-space (audit.h) 4630 * @op: required testing operator (=, !=, >, <, ...) 4631 * @rulestr: smack label to be audited 4632 * @vrule: pointer to save our own audit rule representation 4633 * @gfp: type of the memory for the allocation 4634 * 4635 * Prepare to audit cases where (@field @op @rulestr) is true. 4636 * The label to be audited is created if necessay. 4637 */ 4638 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, 4639 gfp_t gfp) 4640 { 4641 struct smack_known *skp; 4642 char **rule = (char **)vrule; 4643 *rule = NULL; 4644 4645 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4646 return -EINVAL; 4647 4648 if (op != Audit_equal && op != Audit_not_equal) 4649 return -EINVAL; 4650 4651 skp = smk_import_entry(rulestr, 0); 4652 if (IS_ERR(skp)) 4653 return PTR_ERR(skp); 4654 4655 *rule = skp->smk_known; 4656 4657 return 0; 4658 } 4659 4660 /** 4661 * smack_audit_rule_known - Distinguish Smack audit rules 4662 * @krule: rule of interest, in Audit kernel representation format 4663 * 4664 * This is used to filter Smack rules from remaining Audit ones. 4665 * If it's proved that this rule belongs to us, the 4666 * audit_rule_match hook will be called to do the final judgement. 4667 */ 4668 static int smack_audit_rule_known(struct audit_krule *krule) 4669 { 4670 struct audit_field *f; 4671 int i; 4672 4673 for (i = 0; i < krule->field_count; i++) { 4674 f = &krule->fields[i]; 4675 4676 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4677 return 1; 4678 } 4679 4680 return 0; 4681 } 4682 4683 /** 4684 * smack_audit_rule_match - Audit given object ? 4685 * @secid: security id for identifying the object to test 4686 * @field: audit rule flags given from user-space 4687 * @op: required testing operator 4688 * @vrule: smack internal rule presentation 4689 * 4690 * The core Audit hook. It's used to take the decision of 4691 * whether to audit or not to audit a given object. 4692 */ 4693 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4694 { 4695 struct smack_known *skp; 4696 char *rule = vrule; 4697 4698 if (unlikely(!rule)) { 4699 WARN_ONCE(1, "Smack: missing rule\n"); 4700 return -ENOENT; 4701 } 4702 4703 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4704 return 0; 4705 4706 skp = smack_from_secid(secid); 4707 4708 /* 4709 * No need to do string comparisons. If a match occurs, 4710 * both pointers will point to the same smack_known 4711 * label. 4712 */ 4713 if (op == Audit_equal) 4714 return (rule == skp->smk_known); 4715 if (op == Audit_not_equal) 4716 return (rule != skp->smk_known); 4717 4718 return 0; 4719 } 4720 4721 /* 4722 * There is no need for a smack_audit_rule_free hook. 4723 * No memory was allocated. 4724 */ 4725 4726 #endif /* CONFIG_AUDIT */ 4727 4728 /** 4729 * smack_ismaclabel - check if xattr @name references a smack MAC label 4730 * @name: Full xattr name to check. 4731 */ 4732 static int smack_ismaclabel(const char *name) 4733 { 4734 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4735 } 4736 4737 4738 /** 4739 * smack_secid_to_secctx - return the smack label for a secid 4740 * @secid: incoming integer 4741 * @secdata: destination 4742 * @seclen: how long it is 4743 * 4744 * Exists for networking code. 4745 */ 4746 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4747 { 4748 struct smack_known *skp = smack_from_secid(secid); 4749 4750 if (secdata) 4751 *secdata = skp->smk_known; 4752 *seclen = strlen(skp->smk_known); 4753 return 0; 4754 } 4755 4756 /** 4757 * smack_secctx_to_secid - return the secid for a smack label 4758 * @secdata: smack label 4759 * @seclen: how long result is 4760 * @secid: outgoing integer 4761 * 4762 * Exists for audit and networking code. 4763 */ 4764 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4765 { 4766 struct smack_known *skp = smk_find_entry(secdata); 4767 4768 if (skp) 4769 *secid = skp->smk_secid; 4770 else 4771 *secid = 0; 4772 return 0; 4773 } 4774 4775 /* 4776 * There used to be a smack_release_secctx hook 4777 * that did nothing back when hooks were in a vector. 4778 * Now that there's a list such a hook adds cost. 4779 */ 4780 4781 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4782 { 4783 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4784 ctxlen, 0); 4785 } 4786 4787 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4788 { 4789 return __vfs_setxattr_locked(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK, 4790 ctx, ctxlen, 0, NULL); 4791 } 4792 4793 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4794 { 4795 struct smack_known *skp = smk_of_inode(inode); 4796 4797 *ctx = skp->smk_known; 4798 *ctxlen = strlen(skp->smk_known); 4799 return 0; 4800 } 4801 4802 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4803 { 4804 4805 struct task_smack *tsp; 4806 struct smack_known *skp; 4807 struct inode_smack *isp; 4808 struct cred *new_creds = *new; 4809 4810 if (new_creds == NULL) { 4811 new_creds = prepare_creds(); 4812 if (new_creds == NULL) 4813 return -ENOMEM; 4814 } 4815 4816 tsp = smack_cred(new_creds); 4817 4818 /* 4819 * Get label from overlay inode and set it in create_sid 4820 */ 4821 isp = smack_inode(d_inode(dentry)); 4822 skp = isp->smk_inode; 4823 tsp->smk_task = skp; 4824 *new = new_creds; 4825 return 0; 4826 } 4827 4828 static int smack_inode_copy_up_xattr(const char *name) 4829 { 4830 /* 4831 * Return 1 if this is the smack access Smack attribute. 4832 */ 4833 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4834 return 1; 4835 4836 return -EOPNOTSUPP; 4837 } 4838 4839 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4840 struct qstr *name, 4841 const struct cred *old, 4842 struct cred *new) 4843 { 4844 struct task_smack *otsp = smack_cred(old); 4845 struct task_smack *ntsp = smack_cred(new); 4846 struct inode_smack *isp; 4847 int may; 4848 4849 /* 4850 * Use the process credential unless all of 4851 * the transmuting criteria are met 4852 */ 4853 ntsp->smk_task = otsp->smk_task; 4854 4855 /* 4856 * the attribute of the containing directory 4857 */ 4858 isp = smack_inode(d_inode(dentry->d_parent)); 4859 4860 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4861 rcu_read_lock(); 4862 may = smk_access_entry(otsp->smk_task->smk_known, 4863 isp->smk_inode->smk_known, 4864 &otsp->smk_task->smk_rules); 4865 rcu_read_unlock(); 4866 4867 /* 4868 * If the directory is transmuting and the rule 4869 * providing access is transmuting use the containing 4870 * directory label instead of the process label. 4871 */ 4872 if (may > 0 && (may & MAY_TRANSMUTE)) { 4873 ntsp->smk_task = isp->smk_inode; 4874 ntsp->smk_transmuted = ntsp->smk_task; 4875 } 4876 } 4877 return 0; 4878 } 4879 4880 #ifdef CONFIG_IO_URING 4881 /** 4882 * smack_uring_override_creds - Is io_uring cred override allowed? 4883 * @new: the target creds 4884 * 4885 * Check to see if the current task is allowed to override it's credentials 4886 * to service an io_uring operation. 4887 */ 4888 static int smack_uring_override_creds(const struct cred *new) 4889 { 4890 struct task_smack *tsp = smack_cred(current_cred()); 4891 struct task_smack *nsp = smack_cred(new); 4892 4893 /* 4894 * Allow the degenerate case where the new Smack value is 4895 * the same as the current Smack value. 4896 */ 4897 if (tsp->smk_task == nsp->smk_task) 4898 return 0; 4899 4900 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4901 return 0; 4902 4903 return -EPERM; 4904 } 4905 4906 /** 4907 * smack_uring_sqpoll - check if a io_uring polling thread can be created 4908 * 4909 * Check to see if the current task is allowed to create a new io_uring 4910 * kernel polling thread. 4911 */ 4912 static int smack_uring_sqpoll(void) 4913 { 4914 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) 4915 return 0; 4916 4917 return -EPERM; 4918 } 4919 4920 /** 4921 * smack_uring_cmd - check on file operations for io_uring 4922 * @ioucmd: the command in question 4923 * 4924 * Make a best guess about whether a io_uring "command" should 4925 * be allowed. Use the same logic used for determining if the 4926 * file could be opened for read in the absence of better criteria. 4927 */ 4928 static int smack_uring_cmd(struct io_uring_cmd *ioucmd) 4929 { 4930 struct file *file = ioucmd->file; 4931 struct smk_audit_info ad; 4932 struct task_smack *tsp; 4933 struct inode *inode; 4934 int rc; 4935 4936 if (!file) 4937 return -EINVAL; 4938 4939 tsp = smack_cred(file->f_cred); 4940 inode = file_inode(file); 4941 4942 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 4943 smk_ad_setfield_u_fs_path(&ad, file->f_path); 4944 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 4945 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 4946 4947 return rc; 4948 } 4949 4950 #endif /* CONFIG_IO_URING */ 4951 4952 struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { 4953 .lbs_cred = sizeof(struct task_smack), 4954 .lbs_file = sizeof(struct smack_known *), 4955 .lbs_inode = sizeof(struct inode_smack), 4956 .lbs_ipc = sizeof(struct smack_known *), 4957 .lbs_msg_msg = sizeof(struct smack_known *), 4958 .lbs_superblock = sizeof(struct superblock_smack), 4959 .lbs_xattr_count = SMACK_INODE_INIT_XATTRS, 4960 }; 4961 4962 static struct security_hook_list smack_hooks[] __ro_after_init = { 4963 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4964 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4965 LSM_HOOK_INIT(syslog, smack_syslog), 4966 4967 LSM_HOOK_INIT(fs_context_submount, smack_fs_context_submount), 4968 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4969 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4970 4971 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4972 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4973 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4974 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4975 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4976 4977 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4978 4979 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4980 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4981 LSM_HOOK_INIT(inode_link, smack_inode_link), 4982 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4983 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4984 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4985 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4986 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4987 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4988 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4989 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4990 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4991 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4992 LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl), 4993 LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl), 4994 LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl), 4995 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4996 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4997 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4998 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4999 5000 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 5001 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 5002 LSM_HOOK_INIT(file_ioctl_compat, smack_file_ioctl), 5003 LSM_HOOK_INIT(file_lock, smack_file_lock), 5004 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 5005 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 5006 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 5007 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 5008 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 5009 LSM_HOOK_INIT(file_receive, smack_file_receive), 5010 5011 LSM_HOOK_INIT(file_open, smack_file_open), 5012 5013 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 5014 LSM_HOOK_INIT(cred_free, smack_cred_free), 5015 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 5016 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 5017 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 5018 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 5019 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 5020 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 5021 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 5022 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 5023 LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj), 5024 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 5025 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 5026 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 5027 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 5028 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 5029 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 5030 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 5031 LSM_HOOK_INIT(task_kill, smack_task_kill), 5032 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 5033 5034 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 5035 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 5036 5037 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 5038 5039 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 5040 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 5041 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 5042 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 5043 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 5044 5045 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 5046 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 5047 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 5048 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 5049 5050 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 5051 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 5052 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 5053 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 5054 5055 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 5056 5057 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 5058 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 5059 5060 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 5061 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 5062 5063 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 5064 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 5065 #ifdef SMACK_IPV6_PORT_LABELING 5066 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 5067 #endif 5068 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 5069 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 5070 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 5071 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 5072 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 5073 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 5074 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 5075 LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security), 5076 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 5077 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 5078 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 5079 5080 /* key management security hooks */ 5081 #ifdef CONFIG_KEYS 5082 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 5083 LSM_HOOK_INIT(key_free, smack_key_free), 5084 LSM_HOOK_INIT(key_permission, smack_key_permission), 5085 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 5086 #ifdef CONFIG_KEY_NOTIFICATIONS 5087 LSM_HOOK_INIT(watch_key, smack_watch_key), 5088 #endif 5089 #endif /* CONFIG_KEYS */ 5090 5091 #ifdef CONFIG_WATCH_QUEUE 5092 LSM_HOOK_INIT(post_notification, smack_post_notification), 5093 #endif 5094 5095 /* Audit hooks */ 5096 #ifdef CONFIG_AUDIT 5097 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 5098 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 5099 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 5100 #endif /* CONFIG_AUDIT */ 5101 5102 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 5103 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 5104 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 5105 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 5106 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 5107 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 5108 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 5109 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 5110 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 5111 #ifdef CONFIG_IO_URING 5112 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds), 5113 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll), 5114 LSM_HOOK_INIT(uring_cmd, smack_uring_cmd), 5115 #endif 5116 }; 5117 5118 5119 static __init void init_smack_known_list(void) 5120 { 5121 /* 5122 * Initialize rule list locks 5123 */ 5124 mutex_init(&smack_known_huh.smk_rules_lock); 5125 mutex_init(&smack_known_hat.smk_rules_lock); 5126 mutex_init(&smack_known_floor.smk_rules_lock); 5127 mutex_init(&smack_known_star.smk_rules_lock); 5128 mutex_init(&smack_known_web.smk_rules_lock); 5129 /* 5130 * Initialize rule lists 5131 */ 5132 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 5133 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 5134 INIT_LIST_HEAD(&smack_known_star.smk_rules); 5135 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 5136 INIT_LIST_HEAD(&smack_known_web.smk_rules); 5137 /* 5138 * Create the known labels list 5139 */ 5140 smk_insert_entry(&smack_known_huh); 5141 smk_insert_entry(&smack_known_hat); 5142 smk_insert_entry(&smack_known_star); 5143 smk_insert_entry(&smack_known_floor); 5144 smk_insert_entry(&smack_known_web); 5145 } 5146 5147 /** 5148 * smack_init - initialize the smack system 5149 * 5150 * Returns 0 on success, -ENOMEM is there's no memory 5151 */ 5152 static __init int smack_init(void) 5153 { 5154 struct cred *cred = (struct cred *) current->cred; 5155 struct task_smack *tsp; 5156 5157 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 5158 if (!smack_rule_cache) 5159 return -ENOMEM; 5160 5161 /* 5162 * Set the security state for the initial task. 5163 */ 5164 tsp = smack_cred(cred); 5165 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 5166 5167 /* 5168 * Register with LSM 5169 */ 5170 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 5171 smack_enabled = 1; 5172 5173 pr_info("Smack: Initializing.\n"); 5174 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 5175 pr_info("Smack: Netfilter enabled.\n"); 5176 #endif 5177 #ifdef SMACK_IPV6_PORT_LABELING 5178 pr_info("Smack: IPv6 port labeling enabled.\n"); 5179 #endif 5180 #ifdef SMACK_IPV6_SECMARK_LABELING 5181 pr_info("Smack: IPv6 Netfilter enabled.\n"); 5182 #endif 5183 5184 /* initialize the smack_known_list */ 5185 init_smack_known_list(); 5186 5187 return 0; 5188 } 5189 5190 /* 5191 * Smack requires early initialization in order to label 5192 * all processes and objects when they are created. 5193 */ 5194 DEFINE_LSM(smack) = { 5195 .name = "smack", 5196 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 5197 .blobs = &smack_blob_sizes, 5198 .init = smack_init, 5199 }; 5200