1 /* 2 * Simplified MAC Kernel (smack) security module 3 * 4 * This file contains the smack hook function implementations. 5 * 6 * Author: 7 * Casey Schaufler <casey@schaufler-ca.com> 8 * 9 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2, 13 * as published by the Free Software Foundation. 14 */ 15 16 #include <linux/xattr.h> 17 #include <linux/pagemap.h> 18 #include <linux/mount.h> 19 #include <linux/stat.h> 20 #include <linux/ext2_fs.h> 21 #include <linux/kd.h> 22 #include <asm/ioctls.h> 23 #include <linux/tcp.h> 24 #include <linux/udp.h> 25 #include <linux/mutex.h> 26 #include <linux/pipe_fs_i.h> 27 #include <net/netlabel.h> 28 #include <net/cipso_ipv4.h> 29 #include <linux/audit.h> 30 31 #include "smack.h" 32 33 /* 34 * I hope these are the hokeyist lines of code in the module. Casey. 35 */ 36 #define DEVPTS_SUPER_MAGIC 0x1cd1 37 #define SOCKFS_MAGIC 0x534F434B 38 #define TMPFS_MAGIC 0x01021994 39 40 /** 41 * smk_fetch - Fetch the smack label from a file. 42 * @ip: a pointer to the inode 43 * @dp: a pointer to the dentry 44 * 45 * Returns a pointer to the master list entry for the Smack label 46 * or NULL if there was no label to fetch. 47 */ 48 static char *smk_fetch(struct inode *ip, struct dentry *dp) 49 { 50 int rc; 51 char in[SMK_LABELLEN]; 52 53 if (ip->i_op->getxattr == NULL) 54 return NULL; 55 56 rc = ip->i_op->getxattr(dp, XATTR_NAME_SMACK, in, SMK_LABELLEN); 57 if (rc < 0) 58 return NULL; 59 60 return smk_import(in, rc); 61 } 62 63 /** 64 * new_inode_smack - allocate an inode security blob 65 * @smack: a pointer to the Smack label to use in the blob 66 * 67 * Returns the new blob or NULL if there's no memory available 68 */ 69 struct inode_smack *new_inode_smack(char *smack) 70 { 71 struct inode_smack *isp; 72 73 isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL); 74 if (isp == NULL) 75 return NULL; 76 77 isp->smk_inode = smack; 78 isp->smk_flags = 0; 79 mutex_init(&isp->smk_lock); 80 81 return isp; 82 } 83 84 /* 85 * LSM hooks. 86 * We he, that is fun! 87 */ 88 89 /** 90 * smack_ptrace_may_access - Smack approval on PTRACE_ATTACH 91 * @ctp: child task pointer 92 * 93 * Returns 0 if access is OK, an error code otherwise 94 * 95 * Do the capability checks, and require read and write. 96 */ 97 static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) 98 { 99 int rc; 100 101 rc = cap_ptrace_may_access(ctp, mode); 102 if (rc != 0) 103 return rc; 104 105 rc = smk_access(current->security, ctp->security, MAY_READWRITE); 106 if (rc != 0 && capable(CAP_MAC_OVERRIDE)) 107 return 0; 108 return rc; 109 } 110 111 /** 112 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 113 * @ptp: parent task pointer 114 * 115 * Returns 0 if access is OK, an error code otherwise 116 * 117 * Do the capability checks, and require read and write. 118 */ 119 static int smack_ptrace_traceme(struct task_struct *ptp) 120 { 121 int rc; 122 123 rc = cap_ptrace_traceme(ptp); 124 if (rc != 0) 125 return rc; 126 127 rc = smk_access(ptp->security, current->security, MAY_READWRITE); 128 if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) 129 return 0; 130 return rc; 131 } 132 133 /** 134 * smack_syslog - Smack approval on syslog 135 * @type: message type 136 * 137 * Require that the task has the floor label 138 * 139 * Returns 0 on success, error code otherwise. 140 */ 141 static int smack_syslog(int type) 142 { 143 int rc; 144 char *sp = current->security; 145 146 rc = cap_syslog(type); 147 if (rc != 0) 148 return rc; 149 150 if (capable(CAP_MAC_OVERRIDE)) 151 return 0; 152 153 if (sp != smack_known_floor.smk_known) 154 rc = -EACCES; 155 156 return rc; 157 } 158 159 160 /* 161 * Superblock Hooks. 162 */ 163 164 /** 165 * smack_sb_alloc_security - allocate a superblock blob 166 * @sb: the superblock getting the blob 167 * 168 * Returns 0 on success or -ENOMEM on error. 169 */ 170 static int smack_sb_alloc_security(struct super_block *sb) 171 { 172 struct superblock_smack *sbsp; 173 174 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 175 176 if (sbsp == NULL) 177 return -ENOMEM; 178 179 sbsp->smk_root = smack_known_floor.smk_known; 180 sbsp->smk_default = smack_known_floor.smk_known; 181 sbsp->smk_floor = smack_known_floor.smk_known; 182 sbsp->smk_hat = smack_known_hat.smk_known; 183 sbsp->smk_initialized = 0; 184 spin_lock_init(&sbsp->smk_sblock); 185 186 sb->s_security = sbsp; 187 188 return 0; 189 } 190 191 /** 192 * smack_sb_free_security - free a superblock blob 193 * @sb: the superblock getting the blob 194 * 195 */ 196 static void smack_sb_free_security(struct super_block *sb) 197 { 198 kfree(sb->s_security); 199 sb->s_security = NULL; 200 } 201 202 /** 203 * smack_sb_copy_data - copy mount options data for processing 204 * @type: file system type 205 * @orig: where to start 206 * @smackopts 207 * 208 * Returns 0 on success or -ENOMEM on error. 209 * 210 * Copy the Smack specific mount options out of the mount 211 * options list. 212 */ 213 static int smack_sb_copy_data(char *orig, char *smackopts) 214 { 215 char *cp, *commap, *otheropts, *dp; 216 217 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 218 if (otheropts == NULL) 219 return -ENOMEM; 220 221 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 222 if (strstr(cp, SMK_FSDEFAULT) == cp) 223 dp = smackopts; 224 else if (strstr(cp, SMK_FSFLOOR) == cp) 225 dp = smackopts; 226 else if (strstr(cp, SMK_FSHAT) == cp) 227 dp = smackopts; 228 else if (strstr(cp, SMK_FSROOT) == cp) 229 dp = smackopts; 230 else 231 dp = otheropts; 232 233 commap = strchr(cp, ','); 234 if (commap != NULL) 235 *commap = '\0'; 236 237 if (*dp != '\0') 238 strcat(dp, ","); 239 strcat(dp, cp); 240 } 241 242 strcpy(orig, otheropts); 243 free_page((unsigned long)otheropts); 244 245 return 0; 246 } 247 248 /** 249 * smack_sb_kern_mount - Smack specific mount processing 250 * @sb: the file system superblock 251 * @data: the smack mount options 252 * 253 * Returns 0 on success, an error code on failure 254 */ 255 static int smack_sb_kern_mount(struct super_block *sb, void *data) 256 { 257 struct dentry *root = sb->s_root; 258 struct inode *inode = root->d_inode; 259 struct superblock_smack *sp = sb->s_security; 260 struct inode_smack *isp; 261 char *op; 262 char *commap; 263 char *nsp; 264 265 spin_lock(&sp->smk_sblock); 266 if (sp->smk_initialized != 0) { 267 spin_unlock(&sp->smk_sblock); 268 return 0; 269 } 270 sp->smk_initialized = 1; 271 spin_unlock(&sp->smk_sblock); 272 273 for (op = data; op != NULL; op = commap) { 274 commap = strchr(op, ','); 275 if (commap != NULL) 276 *commap++ = '\0'; 277 278 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { 279 op += strlen(SMK_FSHAT); 280 nsp = smk_import(op, 0); 281 if (nsp != NULL) 282 sp->smk_hat = nsp; 283 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { 284 op += strlen(SMK_FSFLOOR); 285 nsp = smk_import(op, 0); 286 if (nsp != NULL) 287 sp->smk_floor = nsp; 288 } else if (strncmp(op, SMK_FSDEFAULT, 289 strlen(SMK_FSDEFAULT)) == 0) { 290 op += strlen(SMK_FSDEFAULT); 291 nsp = smk_import(op, 0); 292 if (nsp != NULL) 293 sp->smk_default = nsp; 294 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { 295 op += strlen(SMK_FSROOT); 296 nsp = smk_import(op, 0); 297 if (nsp != NULL) 298 sp->smk_root = nsp; 299 } 300 } 301 302 /* 303 * Initialize the root inode. 304 */ 305 isp = inode->i_security; 306 if (isp == NULL) 307 inode->i_security = new_inode_smack(sp->smk_root); 308 else 309 isp->smk_inode = sp->smk_root; 310 311 return 0; 312 } 313 314 /** 315 * smack_sb_statfs - Smack check on statfs 316 * @dentry: identifies the file system in question 317 * 318 * Returns 0 if current can read the floor of the filesystem, 319 * and error code otherwise 320 */ 321 static int smack_sb_statfs(struct dentry *dentry) 322 { 323 struct superblock_smack *sbp = dentry->d_sb->s_security; 324 325 return smk_curacc(sbp->smk_floor, MAY_READ); 326 } 327 328 /** 329 * smack_sb_mount - Smack check for mounting 330 * @dev_name: unused 331 * @nd: mount point 332 * @type: unused 333 * @flags: unused 334 * @data: unused 335 * 336 * Returns 0 if current can write the floor of the filesystem 337 * being mounted on, an error code otherwise. 338 */ 339 static int smack_sb_mount(char *dev_name, struct path *path, 340 char *type, unsigned long flags, void *data) 341 { 342 struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; 343 344 return smk_curacc(sbp->smk_floor, MAY_WRITE); 345 } 346 347 /** 348 * smack_sb_umount - Smack check for unmounting 349 * @mnt: file system to unmount 350 * @flags: unused 351 * 352 * Returns 0 if current can write the floor of the filesystem 353 * being unmounted, an error code otherwise. 354 */ 355 static int smack_sb_umount(struct vfsmount *mnt, int flags) 356 { 357 struct superblock_smack *sbp; 358 359 sbp = mnt->mnt_sb->s_security; 360 361 return smk_curacc(sbp->smk_floor, MAY_WRITE); 362 } 363 364 /* 365 * Inode hooks 366 */ 367 368 /** 369 * smack_inode_alloc_security - allocate an inode blob 370 * @inode - the inode in need of a blob 371 * 372 * Returns 0 if it gets a blob, -ENOMEM otherwise 373 */ 374 static int smack_inode_alloc_security(struct inode *inode) 375 { 376 inode->i_security = new_inode_smack(current->security); 377 if (inode->i_security == NULL) 378 return -ENOMEM; 379 return 0; 380 } 381 382 /** 383 * smack_inode_free_security - free an inode blob 384 * @inode - the inode with a blob 385 * 386 * Clears the blob pointer in inode 387 */ 388 static void smack_inode_free_security(struct inode *inode) 389 { 390 kfree(inode->i_security); 391 inode->i_security = NULL; 392 } 393 394 /** 395 * smack_inode_init_security - copy out the smack from an inode 396 * @inode: the inode 397 * @dir: unused 398 * @name: where to put the attribute name 399 * @value: where to put the attribute value 400 * @len: where to put the length of the attribute 401 * 402 * Returns 0 if it all works out, -ENOMEM if there's no memory 403 */ 404 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 405 char **name, void **value, size_t *len) 406 { 407 char *isp = smk_of_inode(inode); 408 409 if (name) { 410 *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL); 411 if (*name == NULL) 412 return -ENOMEM; 413 } 414 415 if (value) { 416 *value = kstrdup(isp, GFP_KERNEL); 417 if (*value == NULL) 418 return -ENOMEM; 419 } 420 421 if (len) 422 *len = strlen(isp) + 1; 423 424 return 0; 425 } 426 427 /** 428 * smack_inode_link - Smack check on link 429 * @old_dentry: the existing object 430 * @dir: unused 431 * @new_dentry: the new object 432 * 433 * Returns 0 if access is permitted, an error code otherwise 434 */ 435 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 436 struct dentry *new_dentry) 437 { 438 int rc; 439 char *isp; 440 441 isp = smk_of_inode(old_dentry->d_inode); 442 rc = smk_curacc(isp, MAY_WRITE); 443 444 if (rc == 0 && new_dentry->d_inode != NULL) { 445 isp = smk_of_inode(new_dentry->d_inode); 446 rc = smk_curacc(isp, MAY_WRITE); 447 } 448 449 return rc; 450 } 451 452 /** 453 * smack_inode_unlink - Smack check on inode deletion 454 * @dir: containing directory object 455 * @dentry: file to unlink 456 * 457 * Returns 0 if current can write the containing directory 458 * and the object, error code otherwise 459 */ 460 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 461 { 462 struct inode *ip = dentry->d_inode; 463 int rc; 464 465 /* 466 * You need write access to the thing you're unlinking 467 */ 468 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE); 469 if (rc == 0) 470 /* 471 * You also need write access to the containing directory 472 */ 473 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE); 474 475 return rc; 476 } 477 478 /** 479 * smack_inode_rmdir - Smack check on directory deletion 480 * @dir: containing directory object 481 * @dentry: directory to unlink 482 * 483 * Returns 0 if current can write the containing directory 484 * and the directory, error code otherwise 485 */ 486 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 487 { 488 int rc; 489 490 /* 491 * You need write access to the thing you're removing 492 */ 493 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 494 if (rc == 0) 495 /* 496 * You also need write access to the containing directory 497 */ 498 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE); 499 500 return rc; 501 } 502 503 /** 504 * smack_inode_rename - Smack check on rename 505 * @old_inode: the old directory 506 * @old_dentry: unused 507 * @new_inode: the new directory 508 * @new_dentry: unused 509 * 510 * Read and write access is required on both the old and 511 * new directories. 512 * 513 * Returns 0 if access is permitted, an error code otherwise 514 */ 515 static int smack_inode_rename(struct inode *old_inode, 516 struct dentry *old_dentry, 517 struct inode *new_inode, 518 struct dentry *new_dentry) 519 { 520 int rc; 521 char *isp; 522 523 isp = smk_of_inode(old_dentry->d_inode); 524 rc = smk_curacc(isp, MAY_READWRITE); 525 526 if (rc == 0 && new_dentry->d_inode != NULL) { 527 isp = smk_of_inode(new_dentry->d_inode); 528 rc = smk_curacc(isp, MAY_READWRITE); 529 } 530 531 return rc; 532 } 533 534 /** 535 * smack_inode_permission - Smack version of permission() 536 * @inode: the inode in question 537 * @mask: the access requested 538 * @nd: unused 539 * 540 * This is the important Smack hook. 541 * 542 * Returns 0 if access is permitted, -EACCES otherwise 543 */ 544 static int smack_inode_permission(struct inode *inode, int mask) 545 { 546 /* 547 * No permission to check. Existence test. Yup, it's there. 548 */ 549 if (mask == 0) 550 return 0; 551 552 return smk_curacc(smk_of_inode(inode), mask); 553 } 554 555 /** 556 * smack_inode_setattr - Smack check for setting attributes 557 * @dentry: the object 558 * @iattr: for the force flag 559 * 560 * Returns 0 if access is permitted, an error code otherwise 561 */ 562 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 563 { 564 /* 565 * Need to allow for clearing the setuid bit. 566 */ 567 if (iattr->ia_valid & ATTR_FORCE) 568 return 0; 569 570 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 571 } 572 573 /** 574 * smack_inode_getattr - Smack check for getting attributes 575 * @mnt: unused 576 * @dentry: the object 577 * 578 * Returns 0 if access is permitted, an error code otherwise 579 */ 580 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 581 { 582 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); 583 } 584 585 /** 586 * smack_inode_setxattr - Smack check for setting xattrs 587 * @dentry: the object 588 * @name: name of the attribute 589 * @value: unused 590 * @size: unused 591 * @flags: unused 592 * 593 * This protects the Smack attribute explicitly. 594 * 595 * Returns 0 if access is permitted, an error code otherwise 596 */ 597 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 598 const void *value, size_t size, int flags) 599 { 600 int rc = 0; 601 602 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 603 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 604 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 605 if (!capable(CAP_MAC_ADMIN)) 606 rc = -EPERM; 607 } else 608 rc = cap_inode_setxattr(dentry, name, value, size, flags); 609 610 if (rc == 0) 611 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 612 613 return rc; 614 } 615 616 /** 617 * smack_inode_post_setxattr - Apply the Smack update approved above 618 * @dentry: object 619 * @name: attribute name 620 * @value: attribute value 621 * @size: attribute size 622 * @flags: unused 623 * 624 * Set the pointer in the inode blob to the entry found 625 * in the master label list. 626 */ 627 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 628 const void *value, size_t size, int flags) 629 { 630 struct inode_smack *isp; 631 char *nsp; 632 633 /* 634 * Not SMACK 635 */ 636 if (strcmp(name, XATTR_NAME_SMACK)) 637 return; 638 639 if (size >= SMK_LABELLEN) 640 return; 641 642 isp = dentry->d_inode->i_security; 643 644 /* 645 * No locking is done here. This is a pointer 646 * assignment. 647 */ 648 nsp = smk_import(value, size); 649 if (nsp != NULL) 650 isp->smk_inode = nsp; 651 else 652 isp->smk_inode = smack_known_invalid.smk_known; 653 654 return; 655 } 656 657 /* 658 * smack_inode_getxattr - Smack check on getxattr 659 * @dentry: the object 660 * @name: unused 661 * 662 * Returns 0 if access is permitted, an error code otherwise 663 */ 664 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 665 { 666 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); 667 } 668 669 /* 670 * smack_inode_removexattr - Smack check on removexattr 671 * @dentry: the object 672 * @name: name of the attribute 673 * 674 * Removing the Smack attribute requires CAP_MAC_ADMIN 675 * 676 * Returns 0 if access is permitted, an error code otherwise 677 */ 678 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 679 { 680 int rc = 0; 681 682 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 683 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 684 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 685 if (!capable(CAP_MAC_ADMIN)) 686 rc = -EPERM; 687 } else 688 rc = cap_inode_removexattr(dentry, name); 689 690 if (rc == 0) 691 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 692 693 return rc; 694 } 695 696 /** 697 * smack_inode_getsecurity - get smack xattrs 698 * @inode: the object 699 * @name: attribute name 700 * @buffer: where to put the result 701 * @size: size of the buffer 702 * @err: unused 703 * 704 * Returns the size of the attribute or an error code 705 */ 706 static int smack_inode_getsecurity(const struct inode *inode, 707 const char *name, void **buffer, 708 bool alloc) 709 { 710 struct socket_smack *ssp; 711 struct socket *sock; 712 struct super_block *sbp; 713 struct inode *ip = (struct inode *)inode; 714 char *isp; 715 int ilen; 716 int rc = 0; 717 718 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 719 isp = smk_of_inode(inode); 720 ilen = strlen(isp) + 1; 721 *buffer = isp; 722 return ilen; 723 } 724 725 /* 726 * The rest of the Smack xattrs are only on sockets. 727 */ 728 sbp = ip->i_sb; 729 if (sbp->s_magic != SOCKFS_MAGIC) 730 return -EOPNOTSUPP; 731 732 sock = SOCKET_I(ip); 733 if (sock == NULL || sock->sk == NULL) 734 return -EOPNOTSUPP; 735 736 ssp = sock->sk->sk_security; 737 738 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 739 isp = ssp->smk_in; 740 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 741 isp = ssp->smk_out; 742 else 743 return -EOPNOTSUPP; 744 745 ilen = strlen(isp) + 1; 746 if (rc == 0) { 747 *buffer = isp; 748 rc = ilen; 749 } 750 751 return rc; 752 } 753 754 755 /** 756 * smack_inode_listsecurity - list the Smack attributes 757 * @inode: the object 758 * @buffer: where they go 759 * @buffer_size: size of buffer 760 * 761 * Returns 0 on success, -EINVAL otherwise 762 */ 763 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 764 size_t buffer_size) 765 { 766 int len = strlen(XATTR_NAME_SMACK); 767 768 if (buffer != NULL && len <= buffer_size) { 769 memcpy(buffer, XATTR_NAME_SMACK, len); 770 return len; 771 } 772 return -EINVAL; 773 } 774 775 /** 776 * smack_inode_getsecid - Extract inode's security id 777 * @inode: inode to extract the info from 778 * @secid: where result will be saved 779 */ 780 static void smack_inode_getsecid(const struct inode *inode, u32 *secid) 781 { 782 struct inode_smack *isp = inode->i_security; 783 784 *secid = smack_to_secid(isp->smk_inode); 785 } 786 787 /* 788 * File Hooks 789 */ 790 791 /** 792 * smack_file_permission - Smack check on file operations 793 * @file: unused 794 * @mask: unused 795 * 796 * Returns 0 797 * 798 * Should access checks be done on each read or write? 799 * UNICOS and SELinux say yes. 800 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 801 * 802 * I'll say no for now. Smack does not do the frequent 803 * label changing that SELinux does. 804 */ 805 static int smack_file_permission(struct file *file, int mask) 806 { 807 return 0; 808 } 809 810 /** 811 * smack_file_alloc_security - assign a file security blob 812 * @file: the object 813 * 814 * The security blob for a file is a pointer to the master 815 * label list, so no allocation is done. 816 * 817 * Returns 0 818 */ 819 static int smack_file_alloc_security(struct file *file) 820 { 821 file->f_security = current->security; 822 return 0; 823 } 824 825 /** 826 * smack_file_free_security - clear a file security blob 827 * @file: the object 828 * 829 * The security blob for a file is a pointer to the master 830 * label list, so no memory is freed. 831 */ 832 static void smack_file_free_security(struct file *file) 833 { 834 file->f_security = NULL; 835 } 836 837 /** 838 * smack_file_ioctl - Smack check on ioctls 839 * @file: the object 840 * @cmd: what to do 841 * @arg: unused 842 * 843 * Relies heavily on the correct use of the ioctl command conventions. 844 * 845 * Returns 0 if allowed, error code otherwise 846 */ 847 static int smack_file_ioctl(struct file *file, unsigned int cmd, 848 unsigned long arg) 849 { 850 int rc = 0; 851 852 if (_IOC_DIR(cmd) & _IOC_WRITE) 853 rc = smk_curacc(file->f_security, MAY_WRITE); 854 855 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) 856 rc = smk_curacc(file->f_security, MAY_READ); 857 858 return rc; 859 } 860 861 /** 862 * smack_file_lock - Smack check on file locking 863 * @file: the object 864 * @cmd unused 865 * 866 * Returns 0 if current has write access, error code otherwise 867 */ 868 static int smack_file_lock(struct file *file, unsigned int cmd) 869 { 870 return smk_curacc(file->f_security, MAY_WRITE); 871 } 872 873 /** 874 * smack_file_fcntl - Smack check on fcntl 875 * @file: the object 876 * @cmd: what action to check 877 * @arg: unused 878 * 879 * Returns 0 if current has access, error code otherwise 880 */ 881 static int smack_file_fcntl(struct file *file, unsigned int cmd, 882 unsigned long arg) 883 { 884 int rc; 885 886 switch (cmd) { 887 case F_DUPFD: 888 case F_GETFD: 889 case F_GETFL: 890 case F_GETLK: 891 case F_GETOWN: 892 case F_GETSIG: 893 rc = smk_curacc(file->f_security, MAY_READ); 894 break; 895 case F_SETFD: 896 case F_SETFL: 897 case F_SETLK: 898 case F_SETLKW: 899 case F_SETOWN: 900 case F_SETSIG: 901 rc = smk_curacc(file->f_security, MAY_WRITE); 902 break; 903 default: 904 rc = smk_curacc(file->f_security, MAY_READWRITE); 905 } 906 907 return rc; 908 } 909 910 /** 911 * smack_file_set_fowner - set the file security blob value 912 * @file: object in question 913 * 914 * Returns 0 915 * Further research may be required on this one. 916 */ 917 static int smack_file_set_fowner(struct file *file) 918 { 919 file->f_security = current->security; 920 return 0; 921 } 922 923 /** 924 * smack_file_send_sigiotask - Smack on sigio 925 * @tsk: The target task 926 * @fown: the object the signal come from 927 * @signum: unused 928 * 929 * Allow a privileged task to get signals even if it shouldn't 930 * 931 * Returns 0 if a subject with the object's smack could 932 * write to the task, an error code otherwise. 933 */ 934 static int smack_file_send_sigiotask(struct task_struct *tsk, 935 struct fown_struct *fown, int signum) 936 { 937 struct file *file; 938 int rc; 939 940 /* 941 * struct fown_struct is never outside the context of a struct file 942 */ 943 file = container_of(fown, struct file, f_owner); 944 rc = smk_access(file->f_security, tsk->security, MAY_WRITE); 945 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 946 return 0; 947 return rc; 948 } 949 950 /** 951 * smack_file_receive - Smack file receive check 952 * @file: the object 953 * 954 * Returns 0 if current has access, error code otherwise 955 */ 956 static int smack_file_receive(struct file *file) 957 { 958 int may = 0; 959 960 /* 961 * This code relies on bitmasks. 962 */ 963 if (file->f_mode & FMODE_READ) 964 may = MAY_READ; 965 if (file->f_mode & FMODE_WRITE) 966 may |= MAY_WRITE; 967 968 return smk_curacc(file->f_security, may); 969 } 970 971 /* 972 * Task hooks 973 */ 974 975 /** 976 * smack_task_alloc_security - "allocate" a task blob 977 * @tsk: the task in need of a blob 978 * 979 * Smack isn't using copies of blobs. Everyone 980 * points to an immutable list. No alloc required. 981 * No data copy required. 982 * 983 * Always returns 0 984 */ 985 static int smack_task_alloc_security(struct task_struct *tsk) 986 { 987 tsk->security = current->security; 988 989 return 0; 990 } 991 992 /** 993 * smack_task_free_security - "free" a task blob 994 * @task: the task with the blob 995 * 996 * Smack isn't using copies of blobs. Everyone 997 * points to an immutable list. The blobs never go away. 998 * There is no leak here. 999 */ 1000 static void smack_task_free_security(struct task_struct *task) 1001 { 1002 task->security = NULL; 1003 } 1004 1005 /** 1006 * smack_task_setpgid - Smack check on setting pgid 1007 * @p: the task object 1008 * @pgid: unused 1009 * 1010 * Return 0 if write access is permitted 1011 */ 1012 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1013 { 1014 return smk_curacc(p->security, MAY_WRITE); 1015 } 1016 1017 /** 1018 * smack_task_getpgid - Smack access check for getpgid 1019 * @p: the object task 1020 * 1021 * Returns 0 if current can read the object task, error code otherwise 1022 */ 1023 static int smack_task_getpgid(struct task_struct *p) 1024 { 1025 return smk_curacc(p->security, MAY_READ); 1026 } 1027 1028 /** 1029 * smack_task_getsid - Smack access check for getsid 1030 * @p: the object task 1031 * 1032 * Returns 0 if current can read the object task, error code otherwise 1033 */ 1034 static int smack_task_getsid(struct task_struct *p) 1035 { 1036 return smk_curacc(p->security, MAY_READ); 1037 } 1038 1039 /** 1040 * smack_task_getsecid - get the secid of the task 1041 * @p: the object task 1042 * @secid: where to put the result 1043 * 1044 * Sets the secid to contain a u32 version of the smack label. 1045 */ 1046 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1047 { 1048 *secid = smack_to_secid(p->security); 1049 } 1050 1051 /** 1052 * smack_task_setnice - Smack check on setting nice 1053 * @p: the task object 1054 * @nice: unused 1055 * 1056 * Return 0 if write access is permitted 1057 */ 1058 static int smack_task_setnice(struct task_struct *p, int nice) 1059 { 1060 int rc; 1061 1062 rc = cap_task_setnice(p, nice); 1063 if (rc == 0) 1064 rc = smk_curacc(p->security, MAY_WRITE); 1065 return rc; 1066 } 1067 1068 /** 1069 * smack_task_setioprio - Smack check on setting ioprio 1070 * @p: the task object 1071 * @ioprio: unused 1072 * 1073 * Return 0 if write access is permitted 1074 */ 1075 static int smack_task_setioprio(struct task_struct *p, int ioprio) 1076 { 1077 int rc; 1078 1079 rc = cap_task_setioprio(p, ioprio); 1080 if (rc == 0) 1081 rc = smk_curacc(p->security, MAY_WRITE); 1082 return rc; 1083 } 1084 1085 /** 1086 * smack_task_getioprio - Smack check on reading ioprio 1087 * @p: the task object 1088 * 1089 * Return 0 if read access is permitted 1090 */ 1091 static int smack_task_getioprio(struct task_struct *p) 1092 { 1093 return smk_curacc(p->security, MAY_READ); 1094 } 1095 1096 /** 1097 * smack_task_setscheduler - Smack check on setting scheduler 1098 * @p: the task object 1099 * @policy: unused 1100 * @lp: unused 1101 * 1102 * Return 0 if read access is permitted 1103 */ 1104 static int smack_task_setscheduler(struct task_struct *p, int policy, 1105 struct sched_param *lp) 1106 { 1107 int rc; 1108 1109 rc = cap_task_setscheduler(p, policy, lp); 1110 if (rc == 0) 1111 rc = smk_curacc(p->security, MAY_WRITE); 1112 return rc; 1113 } 1114 1115 /** 1116 * smack_task_getscheduler - Smack check on reading scheduler 1117 * @p: the task object 1118 * 1119 * Return 0 if read access is permitted 1120 */ 1121 static int smack_task_getscheduler(struct task_struct *p) 1122 { 1123 return smk_curacc(p->security, MAY_READ); 1124 } 1125 1126 /** 1127 * smack_task_movememory - Smack check on moving memory 1128 * @p: the task object 1129 * 1130 * Return 0 if write access is permitted 1131 */ 1132 static int smack_task_movememory(struct task_struct *p) 1133 { 1134 return smk_curacc(p->security, MAY_WRITE); 1135 } 1136 1137 /** 1138 * smack_task_kill - Smack check on signal delivery 1139 * @p: the task object 1140 * @info: unused 1141 * @sig: unused 1142 * @secid: identifies the smack to use in lieu of current's 1143 * 1144 * Return 0 if write access is permitted 1145 * 1146 * The secid behavior is an artifact of an SELinux hack 1147 * in the USB code. Someday it may go away. 1148 */ 1149 static int smack_task_kill(struct task_struct *p, struct siginfo *info, 1150 int sig, u32 secid) 1151 { 1152 /* 1153 * Sending a signal requires that the sender 1154 * can write the receiver. 1155 */ 1156 if (secid == 0) 1157 return smk_curacc(p->security, MAY_WRITE); 1158 /* 1159 * If the secid isn't 0 we're dealing with some USB IO 1160 * specific behavior. This is not clean. For one thing 1161 * we can't take privilege into account. 1162 */ 1163 return smk_access(smack_from_secid(secid), p->security, MAY_WRITE); 1164 } 1165 1166 /** 1167 * smack_task_wait - Smack access check for waiting 1168 * @p: task to wait for 1169 * 1170 * Returns 0 if current can wait for p, error code otherwise 1171 */ 1172 static int smack_task_wait(struct task_struct *p) 1173 { 1174 int rc; 1175 1176 rc = smk_access(current->security, p->security, MAY_WRITE); 1177 if (rc == 0) 1178 return 0; 1179 1180 /* 1181 * Allow the operation to succeed if either task 1182 * has privilege to perform operations that might 1183 * account for the smack labels having gotten to 1184 * be different in the first place. 1185 * 1186 * This breaks the strict subject/object access 1187 * control ideal, taking the object's privilege 1188 * state into account in the decision as well as 1189 * the smack value. 1190 */ 1191 if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE)) 1192 return 0; 1193 1194 return rc; 1195 } 1196 1197 /** 1198 * smack_task_to_inode - copy task smack into the inode blob 1199 * @p: task to copy from 1200 * inode: inode to copy to 1201 * 1202 * Sets the smack pointer in the inode security blob 1203 */ 1204 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 1205 { 1206 struct inode_smack *isp = inode->i_security; 1207 isp->smk_inode = p->security; 1208 } 1209 1210 /* 1211 * Socket hooks. 1212 */ 1213 1214 /** 1215 * smack_sk_alloc_security - Allocate a socket blob 1216 * @sk: the socket 1217 * @family: unused 1218 * @priority: memory allocation priority 1219 * 1220 * Assign Smack pointers to current 1221 * 1222 * Returns 0 on success, -ENOMEM is there's no memory 1223 */ 1224 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 1225 { 1226 char *csp = current->security; 1227 struct socket_smack *ssp; 1228 1229 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 1230 if (ssp == NULL) 1231 return -ENOMEM; 1232 1233 ssp->smk_in = csp; 1234 ssp->smk_out = csp; 1235 ssp->smk_packet[0] = '\0'; 1236 1237 sk->sk_security = ssp; 1238 1239 return 0; 1240 } 1241 1242 /** 1243 * smack_sk_free_security - Free a socket blob 1244 * @sk: the socket 1245 * 1246 * Clears the blob pointer 1247 */ 1248 static void smack_sk_free_security(struct sock *sk) 1249 { 1250 kfree(sk->sk_security); 1251 } 1252 1253 /** 1254 * smack_set_catset - convert a capset to netlabel mls categories 1255 * @catset: the Smack categories 1256 * @sap: where to put the netlabel categories 1257 * 1258 * Allocates and fills attr.mls.cat 1259 */ 1260 static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap) 1261 { 1262 unsigned char *cp; 1263 unsigned char m; 1264 int cat; 1265 int rc; 1266 int byte; 1267 1268 if (!catset) 1269 return; 1270 1271 sap->flags |= NETLBL_SECATTR_MLS_CAT; 1272 sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC); 1273 sap->attr.mls.cat->startbit = 0; 1274 1275 for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++) 1276 for (m = 0x80; m != 0; m >>= 1, cat++) { 1277 if ((m & *cp) == 0) 1278 continue; 1279 rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat, 1280 cat, GFP_ATOMIC); 1281 } 1282 } 1283 1284 /** 1285 * smack_to_secattr - fill a secattr from a smack value 1286 * @smack: the smack value 1287 * @nlsp: where the result goes 1288 * 1289 * Casey says that CIPSO is good enough for now. 1290 * It can be used to effect. 1291 * It can also be abused to effect when necessary. 1292 * Appologies to the TSIG group in general and GW in particular. 1293 */ 1294 static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) 1295 { 1296 struct smack_cipso cipso; 1297 int rc; 1298 1299 switch (smack_net_nltype) { 1300 case NETLBL_NLTYPE_CIPSOV4: 1301 nlsp->domain = smack; 1302 nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; 1303 1304 rc = smack_to_cipso(smack, &cipso); 1305 if (rc == 0) { 1306 nlsp->attr.mls.lvl = cipso.smk_level; 1307 smack_set_catset(cipso.smk_catset, nlsp); 1308 } else { 1309 nlsp->attr.mls.lvl = smack_cipso_direct; 1310 smack_set_catset(smack, nlsp); 1311 } 1312 break; 1313 default: 1314 break; 1315 } 1316 } 1317 1318 /** 1319 * smack_netlabel - Set the secattr on a socket 1320 * @sk: the socket 1321 * 1322 * Convert the outbound smack value (smk_out) to a 1323 * secattr and attach it to the socket. 1324 * 1325 * Returns 0 on success or an error code 1326 */ 1327 static int smack_netlabel(struct sock *sk) 1328 { 1329 struct socket_smack *ssp; 1330 struct netlbl_lsm_secattr secattr; 1331 int rc; 1332 1333 ssp = sk->sk_security; 1334 netlbl_secattr_init(&secattr); 1335 smack_to_secattr(ssp->smk_out, &secattr); 1336 rc = netlbl_sock_setattr(sk, &secattr); 1337 netlbl_secattr_destroy(&secattr); 1338 1339 return rc; 1340 } 1341 1342 /** 1343 * smack_inode_setsecurity - set smack xattrs 1344 * @inode: the object 1345 * @name: attribute name 1346 * @value: attribute value 1347 * @size: size of the attribute 1348 * @flags: unused 1349 * 1350 * Sets the named attribute in the appropriate blob 1351 * 1352 * Returns 0 on success, or an error code 1353 */ 1354 static int smack_inode_setsecurity(struct inode *inode, const char *name, 1355 const void *value, size_t size, int flags) 1356 { 1357 char *sp; 1358 struct inode_smack *nsp = inode->i_security; 1359 struct socket_smack *ssp; 1360 struct socket *sock; 1361 int rc = 0; 1362 1363 if (value == NULL || size > SMK_LABELLEN) 1364 return -EACCES; 1365 1366 sp = smk_import(value, size); 1367 if (sp == NULL) 1368 return -EINVAL; 1369 1370 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1371 nsp->smk_inode = sp; 1372 return 0; 1373 } 1374 /* 1375 * The rest of the Smack xattrs are only on sockets. 1376 */ 1377 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 1378 return -EOPNOTSUPP; 1379 1380 sock = SOCKET_I(inode); 1381 if (sock == NULL || sock->sk == NULL) 1382 return -EOPNOTSUPP; 1383 1384 ssp = sock->sk->sk_security; 1385 1386 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1387 ssp->smk_in = sp; 1388 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 1389 ssp->smk_out = sp; 1390 rc = smack_netlabel(sock->sk); 1391 if (rc != 0) 1392 printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n", 1393 __func__, -rc); 1394 } else 1395 return -EOPNOTSUPP; 1396 1397 return 0; 1398 } 1399 1400 /** 1401 * smack_socket_post_create - finish socket setup 1402 * @sock: the socket 1403 * @family: protocol family 1404 * @type: unused 1405 * @protocol: unused 1406 * @kern: unused 1407 * 1408 * Sets the netlabel information on the socket 1409 * 1410 * Returns 0 on success, and error code otherwise 1411 */ 1412 static int smack_socket_post_create(struct socket *sock, int family, 1413 int type, int protocol, int kern) 1414 { 1415 if (family != PF_INET || sock->sk == NULL) 1416 return 0; 1417 /* 1418 * Set the outbound netlbl. 1419 */ 1420 return smack_netlabel(sock->sk); 1421 } 1422 1423 /** 1424 * smack_flags_to_may - convert S_ to MAY_ values 1425 * @flags: the S_ value 1426 * 1427 * Returns the equivalent MAY_ value 1428 */ 1429 static int smack_flags_to_may(int flags) 1430 { 1431 int may = 0; 1432 1433 if (flags & S_IRUGO) 1434 may |= MAY_READ; 1435 if (flags & S_IWUGO) 1436 may |= MAY_WRITE; 1437 if (flags & S_IXUGO) 1438 may |= MAY_EXEC; 1439 1440 return may; 1441 } 1442 1443 /** 1444 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 1445 * @msg: the object 1446 * 1447 * Returns 0 1448 */ 1449 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 1450 { 1451 msg->security = current->security; 1452 return 0; 1453 } 1454 1455 /** 1456 * smack_msg_msg_free_security - Clear the security blob for msg_msg 1457 * @msg: the object 1458 * 1459 * Clears the blob pointer 1460 */ 1461 static void smack_msg_msg_free_security(struct msg_msg *msg) 1462 { 1463 msg->security = NULL; 1464 } 1465 1466 /** 1467 * smack_of_shm - the smack pointer for the shm 1468 * @shp: the object 1469 * 1470 * Returns a pointer to the smack value 1471 */ 1472 static char *smack_of_shm(struct shmid_kernel *shp) 1473 { 1474 return (char *)shp->shm_perm.security; 1475 } 1476 1477 /** 1478 * smack_shm_alloc_security - Set the security blob for shm 1479 * @shp: the object 1480 * 1481 * Returns 0 1482 */ 1483 static int smack_shm_alloc_security(struct shmid_kernel *shp) 1484 { 1485 struct kern_ipc_perm *isp = &shp->shm_perm; 1486 1487 isp->security = current->security; 1488 return 0; 1489 } 1490 1491 /** 1492 * smack_shm_free_security - Clear the security blob for shm 1493 * @shp: the object 1494 * 1495 * Clears the blob pointer 1496 */ 1497 static void smack_shm_free_security(struct shmid_kernel *shp) 1498 { 1499 struct kern_ipc_perm *isp = &shp->shm_perm; 1500 1501 isp->security = NULL; 1502 } 1503 1504 /** 1505 * smack_shm_associate - Smack access check for shm 1506 * @shp: the object 1507 * @shmflg: access requested 1508 * 1509 * Returns 0 if current has the requested access, error code otherwise 1510 */ 1511 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 1512 { 1513 char *ssp = smack_of_shm(shp); 1514 int may; 1515 1516 may = smack_flags_to_may(shmflg); 1517 return smk_curacc(ssp, may); 1518 } 1519 1520 /** 1521 * smack_shm_shmctl - Smack access check for shm 1522 * @shp: the object 1523 * @cmd: what it wants to do 1524 * 1525 * Returns 0 if current has the requested access, error code otherwise 1526 */ 1527 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 1528 { 1529 char *ssp; 1530 int may; 1531 1532 switch (cmd) { 1533 case IPC_STAT: 1534 case SHM_STAT: 1535 may = MAY_READ; 1536 break; 1537 case IPC_SET: 1538 case SHM_LOCK: 1539 case SHM_UNLOCK: 1540 case IPC_RMID: 1541 may = MAY_READWRITE; 1542 break; 1543 case IPC_INFO: 1544 case SHM_INFO: 1545 /* 1546 * System level information. 1547 */ 1548 return 0; 1549 default: 1550 return -EINVAL; 1551 } 1552 1553 ssp = smack_of_shm(shp); 1554 return smk_curacc(ssp, may); 1555 } 1556 1557 /** 1558 * smack_shm_shmat - Smack access for shmat 1559 * @shp: the object 1560 * @shmaddr: unused 1561 * @shmflg: access requested 1562 * 1563 * Returns 0 if current has the requested access, error code otherwise 1564 */ 1565 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 1566 int shmflg) 1567 { 1568 char *ssp = smack_of_shm(shp); 1569 int may; 1570 1571 may = smack_flags_to_may(shmflg); 1572 return smk_curacc(ssp, may); 1573 } 1574 1575 /** 1576 * smack_of_sem - the smack pointer for the sem 1577 * @sma: the object 1578 * 1579 * Returns a pointer to the smack value 1580 */ 1581 static char *smack_of_sem(struct sem_array *sma) 1582 { 1583 return (char *)sma->sem_perm.security; 1584 } 1585 1586 /** 1587 * smack_sem_alloc_security - Set the security blob for sem 1588 * @sma: the object 1589 * 1590 * Returns 0 1591 */ 1592 static int smack_sem_alloc_security(struct sem_array *sma) 1593 { 1594 struct kern_ipc_perm *isp = &sma->sem_perm; 1595 1596 isp->security = current->security; 1597 return 0; 1598 } 1599 1600 /** 1601 * smack_sem_free_security - Clear the security blob for sem 1602 * @sma: the object 1603 * 1604 * Clears the blob pointer 1605 */ 1606 static void smack_sem_free_security(struct sem_array *sma) 1607 { 1608 struct kern_ipc_perm *isp = &sma->sem_perm; 1609 1610 isp->security = NULL; 1611 } 1612 1613 /** 1614 * smack_sem_associate - Smack access check for sem 1615 * @sma: the object 1616 * @semflg: access requested 1617 * 1618 * Returns 0 if current has the requested access, error code otherwise 1619 */ 1620 static int smack_sem_associate(struct sem_array *sma, int semflg) 1621 { 1622 char *ssp = smack_of_sem(sma); 1623 int may; 1624 1625 may = smack_flags_to_may(semflg); 1626 return smk_curacc(ssp, may); 1627 } 1628 1629 /** 1630 * smack_sem_shmctl - Smack access check for sem 1631 * @sma: the object 1632 * @cmd: what it wants to do 1633 * 1634 * Returns 0 if current has the requested access, error code otherwise 1635 */ 1636 static int smack_sem_semctl(struct sem_array *sma, int cmd) 1637 { 1638 char *ssp; 1639 int may; 1640 1641 switch (cmd) { 1642 case GETPID: 1643 case GETNCNT: 1644 case GETZCNT: 1645 case GETVAL: 1646 case GETALL: 1647 case IPC_STAT: 1648 case SEM_STAT: 1649 may = MAY_READ; 1650 break; 1651 case SETVAL: 1652 case SETALL: 1653 case IPC_RMID: 1654 case IPC_SET: 1655 may = MAY_READWRITE; 1656 break; 1657 case IPC_INFO: 1658 case SEM_INFO: 1659 /* 1660 * System level information 1661 */ 1662 return 0; 1663 default: 1664 return -EINVAL; 1665 } 1666 1667 ssp = smack_of_sem(sma); 1668 return smk_curacc(ssp, may); 1669 } 1670 1671 /** 1672 * smack_sem_semop - Smack checks of semaphore operations 1673 * @sma: the object 1674 * @sops: unused 1675 * @nsops: unused 1676 * @alter: unused 1677 * 1678 * Treated as read and write in all cases. 1679 * 1680 * Returns 0 if access is allowed, error code otherwise 1681 */ 1682 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, 1683 unsigned nsops, int alter) 1684 { 1685 char *ssp = smack_of_sem(sma); 1686 1687 return smk_curacc(ssp, MAY_READWRITE); 1688 } 1689 1690 /** 1691 * smack_msg_alloc_security - Set the security blob for msg 1692 * @msq: the object 1693 * 1694 * Returns 0 1695 */ 1696 static int smack_msg_queue_alloc_security(struct msg_queue *msq) 1697 { 1698 struct kern_ipc_perm *kisp = &msq->q_perm; 1699 1700 kisp->security = current->security; 1701 return 0; 1702 } 1703 1704 /** 1705 * smack_msg_free_security - Clear the security blob for msg 1706 * @msq: the object 1707 * 1708 * Clears the blob pointer 1709 */ 1710 static void smack_msg_queue_free_security(struct msg_queue *msq) 1711 { 1712 struct kern_ipc_perm *kisp = &msq->q_perm; 1713 1714 kisp->security = NULL; 1715 } 1716 1717 /** 1718 * smack_of_msq - the smack pointer for the msq 1719 * @msq: the object 1720 * 1721 * Returns a pointer to the smack value 1722 */ 1723 static char *smack_of_msq(struct msg_queue *msq) 1724 { 1725 return (char *)msq->q_perm.security; 1726 } 1727 1728 /** 1729 * smack_msg_queue_associate - Smack access check for msg_queue 1730 * @msq: the object 1731 * @msqflg: access requested 1732 * 1733 * Returns 0 if current has the requested access, error code otherwise 1734 */ 1735 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) 1736 { 1737 char *msp = smack_of_msq(msq); 1738 int may; 1739 1740 may = smack_flags_to_may(msqflg); 1741 return smk_curacc(msp, may); 1742 } 1743 1744 /** 1745 * smack_msg_queue_msgctl - Smack access check for msg_queue 1746 * @msq: the object 1747 * @cmd: what it wants to do 1748 * 1749 * Returns 0 if current has the requested access, error code otherwise 1750 */ 1751 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 1752 { 1753 char *msp; 1754 int may; 1755 1756 switch (cmd) { 1757 case IPC_STAT: 1758 case MSG_STAT: 1759 may = MAY_READ; 1760 break; 1761 case IPC_SET: 1762 case IPC_RMID: 1763 may = MAY_READWRITE; 1764 break; 1765 case IPC_INFO: 1766 case MSG_INFO: 1767 /* 1768 * System level information 1769 */ 1770 return 0; 1771 default: 1772 return -EINVAL; 1773 } 1774 1775 msp = smack_of_msq(msq); 1776 return smk_curacc(msp, may); 1777 } 1778 1779 /** 1780 * smack_msg_queue_msgsnd - Smack access check for msg_queue 1781 * @msq: the object 1782 * @msg: unused 1783 * @msqflg: access requested 1784 * 1785 * Returns 0 if current has the requested access, error code otherwise 1786 */ 1787 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 1788 int msqflg) 1789 { 1790 char *msp = smack_of_msq(msq); 1791 int rc; 1792 1793 rc = smack_flags_to_may(msqflg); 1794 return smk_curacc(msp, rc); 1795 } 1796 1797 /** 1798 * smack_msg_queue_msgsnd - Smack access check for msg_queue 1799 * @msq: the object 1800 * @msg: unused 1801 * @target: unused 1802 * @type: unused 1803 * @mode: unused 1804 * 1805 * Returns 0 if current has read and write access, error code otherwise 1806 */ 1807 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 1808 struct task_struct *target, long type, int mode) 1809 { 1810 char *msp = smack_of_msq(msq); 1811 1812 return smk_curacc(msp, MAY_READWRITE); 1813 } 1814 1815 /** 1816 * smack_ipc_permission - Smack access for ipc_permission() 1817 * @ipp: the object permissions 1818 * @flag: access requested 1819 * 1820 * Returns 0 if current has read and write access, error code otherwise 1821 */ 1822 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 1823 { 1824 char *isp = ipp->security; 1825 int may; 1826 1827 may = smack_flags_to_may(flag); 1828 return smk_curacc(isp, may); 1829 } 1830 1831 /** 1832 * smack_ipc_getsecid - Extract smack security id 1833 * @ipcp: the object permissions 1834 * @secid: where result will be saved 1835 */ 1836 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 1837 { 1838 char *smack = ipp->security; 1839 1840 *secid = smack_to_secid(smack); 1841 } 1842 1843 /** 1844 * smack_d_instantiate - Make sure the blob is correct on an inode 1845 * @opt_dentry: unused 1846 * @inode: the object 1847 * 1848 * Set the inode's security blob if it hasn't been done already. 1849 */ 1850 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 1851 { 1852 struct super_block *sbp; 1853 struct superblock_smack *sbsp; 1854 struct inode_smack *isp; 1855 char *csp = current->security; 1856 char *fetched; 1857 char *final; 1858 struct dentry *dp; 1859 1860 if (inode == NULL) 1861 return; 1862 1863 isp = inode->i_security; 1864 1865 mutex_lock(&isp->smk_lock); 1866 /* 1867 * If the inode is already instantiated 1868 * take the quick way out 1869 */ 1870 if (isp->smk_flags & SMK_INODE_INSTANT) 1871 goto unlockandout; 1872 1873 sbp = inode->i_sb; 1874 sbsp = sbp->s_security; 1875 /* 1876 * We're going to use the superblock default label 1877 * if there's no label on the file. 1878 */ 1879 final = sbsp->smk_default; 1880 1881 /* 1882 * If this is the root inode the superblock 1883 * may be in the process of initialization. 1884 * If that is the case use the root value out 1885 * of the superblock. 1886 */ 1887 if (opt_dentry->d_parent == opt_dentry) { 1888 isp->smk_inode = sbsp->smk_root; 1889 isp->smk_flags |= SMK_INODE_INSTANT; 1890 goto unlockandout; 1891 } 1892 1893 /* 1894 * This is pretty hackish. 1895 * Casey says that we shouldn't have to do 1896 * file system specific code, but it does help 1897 * with keeping it simple. 1898 */ 1899 switch (sbp->s_magic) { 1900 case SMACK_MAGIC: 1901 /* 1902 * Casey says that it's a little embarassing 1903 * that the smack file system doesn't do 1904 * extended attributes. 1905 */ 1906 final = smack_known_star.smk_known; 1907 break; 1908 case PIPEFS_MAGIC: 1909 /* 1910 * Casey says pipes are easy (?) 1911 */ 1912 final = smack_known_star.smk_known; 1913 break; 1914 case DEVPTS_SUPER_MAGIC: 1915 /* 1916 * devpts seems content with the label of the task. 1917 * Programs that change smack have to treat the 1918 * pty with respect. 1919 */ 1920 final = csp; 1921 break; 1922 case SOCKFS_MAGIC: 1923 /* 1924 * Casey says sockets get the smack of the task. 1925 */ 1926 final = csp; 1927 break; 1928 case PROC_SUPER_MAGIC: 1929 /* 1930 * Casey says procfs appears not to care. 1931 * The superblock default suffices. 1932 */ 1933 break; 1934 case TMPFS_MAGIC: 1935 /* 1936 * Device labels should come from the filesystem, 1937 * but watch out, because they're volitile, 1938 * getting recreated on every reboot. 1939 */ 1940 final = smack_known_star.smk_known; 1941 /* 1942 * No break. 1943 * 1944 * If a smack value has been set we want to use it, 1945 * but since tmpfs isn't giving us the opportunity 1946 * to set mount options simulate setting the 1947 * superblock default. 1948 */ 1949 default: 1950 /* 1951 * This isn't an understood special case. 1952 * Get the value from the xattr. 1953 * 1954 * No xattr support means, alas, no SMACK label. 1955 * Use the aforeapplied default. 1956 * It would be curious if the label of the task 1957 * does not match that assigned. 1958 */ 1959 if (inode->i_op->getxattr == NULL) 1960 break; 1961 /* 1962 * Get the dentry for xattr. 1963 */ 1964 if (opt_dentry == NULL) { 1965 dp = d_find_alias(inode); 1966 if (dp == NULL) 1967 break; 1968 } else { 1969 dp = dget(opt_dentry); 1970 if (dp == NULL) 1971 break; 1972 } 1973 1974 fetched = smk_fetch(inode, dp); 1975 if (fetched != NULL) 1976 final = fetched; 1977 1978 dput(dp); 1979 break; 1980 } 1981 1982 if (final == NULL) 1983 isp->smk_inode = csp; 1984 else 1985 isp->smk_inode = final; 1986 1987 isp->smk_flags |= SMK_INODE_INSTANT; 1988 1989 unlockandout: 1990 mutex_unlock(&isp->smk_lock); 1991 return; 1992 } 1993 1994 /** 1995 * smack_getprocattr - Smack process attribute access 1996 * @p: the object task 1997 * @name: the name of the attribute in /proc/.../attr 1998 * @value: where to put the result 1999 * 2000 * Places a copy of the task Smack into value 2001 * 2002 * Returns the length of the smack label or an error code 2003 */ 2004 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 2005 { 2006 char *cp; 2007 int slen; 2008 2009 if (strcmp(name, "current") != 0) 2010 return -EINVAL; 2011 2012 cp = kstrdup(p->security, GFP_KERNEL); 2013 if (cp == NULL) 2014 return -ENOMEM; 2015 2016 slen = strlen(cp); 2017 *value = cp; 2018 return slen; 2019 } 2020 2021 /** 2022 * smack_setprocattr - Smack process attribute setting 2023 * @p: the object task 2024 * @name: the name of the attribute in /proc/.../attr 2025 * @value: the value to set 2026 * @size: the size of the value 2027 * 2028 * Sets the Smack value of the task. Only setting self 2029 * is permitted and only with privilege 2030 * 2031 * Returns the length of the smack label or an error code 2032 */ 2033 static int smack_setprocattr(struct task_struct *p, char *name, 2034 void *value, size_t size) 2035 { 2036 char *newsmack; 2037 2038 /* 2039 * Changing another process' Smack value is too dangerous 2040 * and supports no sane use case. 2041 */ 2042 if (p != current) 2043 return -EPERM; 2044 2045 if (!capable(CAP_MAC_ADMIN)) 2046 return -EPERM; 2047 2048 if (value == NULL || size == 0 || size >= SMK_LABELLEN) 2049 return -EINVAL; 2050 2051 if (strcmp(name, "current") != 0) 2052 return -EINVAL; 2053 2054 newsmack = smk_import(value, size); 2055 if (newsmack == NULL) 2056 return -EINVAL; 2057 2058 p->security = newsmack; 2059 return size; 2060 } 2061 2062 /** 2063 * smack_unix_stream_connect - Smack access on UDS 2064 * @sock: one socket 2065 * @other: the other socket 2066 * @newsk: unused 2067 * 2068 * Return 0 if a subject with the smack of sock could access 2069 * an object with the smack of other, otherwise an error code 2070 */ 2071 static int smack_unix_stream_connect(struct socket *sock, 2072 struct socket *other, struct sock *newsk) 2073 { 2074 struct inode *sp = SOCK_INODE(sock); 2075 struct inode *op = SOCK_INODE(other); 2076 2077 return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_READWRITE); 2078 } 2079 2080 /** 2081 * smack_unix_may_send - Smack access on UDS 2082 * @sock: one socket 2083 * @other: the other socket 2084 * 2085 * Return 0 if a subject with the smack of sock could access 2086 * an object with the smack of other, otherwise an error code 2087 */ 2088 static int smack_unix_may_send(struct socket *sock, struct socket *other) 2089 { 2090 struct inode *sp = SOCK_INODE(sock); 2091 struct inode *op = SOCK_INODE(other); 2092 2093 return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE); 2094 } 2095 2096 /** 2097 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat 2098 * pair to smack 2099 * @sap: netlabel secattr 2100 * @sip: where to put the result 2101 * 2102 * Copies a smack label into sip 2103 */ 2104 static void smack_from_secattr(struct netlbl_lsm_secattr *sap, char *sip) 2105 { 2106 char smack[SMK_LABELLEN]; 2107 int pcat; 2108 2109 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) == 0) { 2110 /* 2111 * If there are flags but no level netlabel isn't 2112 * behaving the way we expect it to. 2113 * 2114 * Without guidance regarding the smack value 2115 * for the packet fall back on the network 2116 * ambient value. 2117 */ 2118 strncpy(sip, smack_net_ambient, SMK_MAXLEN); 2119 return; 2120 } 2121 /* 2122 * Get the categories, if any 2123 */ 2124 memset(smack, '\0', SMK_LABELLEN); 2125 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0) 2126 for (pcat = -1;;) { 2127 pcat = netlbl_secattr_catmap_walk(sap->attr.mls.cat, 2128 pcat + 1); 2129 if (pcat < 0) 2130 break; 2131 smack_catset_bit(pcat, smack); 2132 } 2133 /* 2134 * If it is CIPSO using smack direct mapping 2135 * we are already done. WeeHee. 2136 */ 2137 if (sap->attr.mls.lvl == smack_cipso_direct) { 2138 memcpy(sip, smack, SMK_MAXLEN); 2139 return; 2140 } 2141 /* 2142 * Look it up in the supplied table if it is not a direct mapping. 2143 */ 2144 smack_from_cipso(sap->attr.mls.lvl, smack, sip); 2145 return; 2146 } 2147 2148 /** 2149 * smack_socket_sock_rcv_skb - Smack packet delivery access check 2150 * @sk: socket 2151 * @skb: packet 2152 * 2153 * Returns 0 if the packet should be delivered, an error code otherwise 2154 */ 2155 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 2156 { 2157 struct netlbl_lsm_secattr secattr; 2158 struct socket_smack *ssp = sk->sk_security; 2159 char smack[SMK_LABELLEN]; 2160 int rc; 2161 2162 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2163 return 0; 2164 2165 /* 2166 * Translate what netlabel gave us. 2167 */ 2168 memset(smack, '\0', SMK_LABELLEN); 2169 netlbl_secattr_init(&secattr); 2170 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); 2171 if (rc == 0) 2172 smack_from_secattr(&secattr, smack); 2173 else 2174 strncpy(smack, smack_net_ambient, SMK_MAXLEN); 2175 netlbl_secattr_destroy(&secattr); 2176 /* 2177 * Receiving a packet requires that the other end 2178 * be able to write here. Read access is not required. 2179 * This is the simplist possible security model 2180 * for networking. 2181 */ 2182 return smk_access(smack, ssp->smk_in, MAY_WRITE); 2183 } 2184 2185 /** 2186 * smack_socket_getpeersec_stream - pull in packet label 2187 * @sock: the socket 2188 * @optval: user's destination 2189 * @optlen: size thereof 2190 * @len: max thereoe 2191 * 2192 * returns zero on success, an error code otherwise 2193 */ 2194 static int smack_socket_getpeersec_stream(struct socket *sock, 2195 char __user *optval, 2196 int __user *optlen, unsigned len) 2197 { 2198 struct socket_smack *ssp; 2199 int slen; 2200 int rc = 0; 2201 2202 ssp = sock->sk->sk_security; 2203 slen = strlen(ssp->smk_packet) + 1; 2204 2205 if (slen > len) 2206 rc = -ERANGE; 2207 else if (copy_to_user(optval, ssp->smk_packet, slen) != 0) 2208 rc = -EFAULT; 2209 2210 if (put_user(slen, optlen) != 0) 2211 rc = -EFAULT; 2212 2213 return rc; 2214 } 2215 2216 2217 /** 2218 * smack_socket_getpeersec_dgram - pull in packet label 2219 * @sock: the socket 2220 * @skb: packet data 2221 * @secid: pointer to where to put the secid of the packet 2222 * 2223 * Sets the netlabel socket state on sk from parent 2224 */ 2225 static int smack_socket_getpeersec_dgram(struct socket *sock, 2226 struct sk_buff *skb, u32 *secid) 2227 2228 { 2229 struct netlbl_lsm_secattr secattr; 2230 struct sock *sk; 2231 char smack[SMK_LABELLEN]; 2232 int family = PF_INET; 2233 u32 s; 2234 int rc; 2235 2236 /* 2237 * Only works for families with packets. 2238 */ 2239 if (sock != NULL) { 2240 sk = sock->sk; 2241 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2242 return 0; 2243 family = sk->sk_family; 2244 } 2245 /* 2246 * Translate what netlabel gave us. 2247 */ 2248 memset(smack, '\0', SMK_LABELLEN); 2249 netlbl_secattr_init(&secattr); 2250 rc = netlbl_skbuff_getattr(skb, family, &secattr); 2251 if (rc == 0) 2252 smack_from_secattr(&secattr, smack); 2253 netlbl_secattr_destroy(&secattr); 2254 2255 /* 2256 * Give up if we couldn't get anything 2257 */ 2258 if (rc != 0) 2259 return rc; 2260 2261 s = smack_to_secid(smack); 2262 if (s == 0) 2263 return -EINVAL; 2264 2265 *secid = s; 2266 return 0; 2267 } 2268 2269 /** 2270 * smack_sock_graft - graft access state between two sockets 2271 * @sk: fresh sock 2272 * @parent: donor socket 2273 * 2274 * Sets the netlabel socket state on sk from parent 2275 */ 2276 static void smack_sock_graft(struct sock *sk, struct socket *parent) 2277 { 2278 struct socket_smack *ssp; 2279 int rc; 2280 2281 if (sk == NULL) 2282 return; 2283 2284 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2285 return; 2286 2287 ssp = sk->sk_security; 2288 ssp->smk_in = current->security; 2289 ssp->smk_out = current->security; 2290 ssp->smk_packet[0] = '\0'; 2291 2292 rc = smack_netlabel(sk); 2293 if (rc != 0) 2294 printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n", 2295 __func__, -rc); 2296 } 2297 2298 /** 2299 * smack_inet_conn_request - Smack access check on connect 2300 * @sk: socket involved 2301 * @skb: packet 2302 * @req: unused 2303 * 2304 * Returns 0 if a task with the packet label could write to 2305 * the socket, otherwise an error code 2306 */ 2307 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 2308 struct request_sock *req) 2309 { 2310 struct netlbl_lsm_secattr skb_secattr; 2311 struct socket_smack *ssp = sk->sk_security; 2312 char smack[SMK_LABELLEN]; 2313 int rc; 2314 2315 if (skb == NULL) 2316 return -EACCES; 2317 2318 memset(smack, '\0', SMK_LABELLEN); 2319 netlbl_secattr_init(&skb_secattr); 2320 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &skb_secattr); 2321 if (rc == 0) 2322 smack_from_secattr(&skb_secattr, smack); 2323 else 2324 strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); 2325 netlbl_secattr_destroy(&skb_secattr); 2326 /* 2327 * Receiving a packet requires that the other end 2328 * be able to write here. Read access is not required. 2329 * 2330 * If the request is successful save the peer's label 2331 * so that SO_PEERCRED can report it. 2332 */ 2333 rc = smk_access(smack, ssp->smk_in, MAY_WRITE); 2334 if (rc == 0) 2335 strncpy(ssp->smk_packet, smack, SMK_MAXLEN); 2336 2337 return rc; 2338 } 2339 2340 /* 2341 * Key management security hooks 2342 * 2343 * Casey has not tested key support very heavily. 2344 * The permission check is most likely too restrictive. 2345 * If you care about keys please have a look. 2346 */ 2347 #ifdef CONFIG_KEYS 2348 2349 /** 2350 * smack_key_alloc - Set the key security blob 2351 * @key: object 2352 * @tsk: the task associated with the key 2353 * @flags: unused 2354 * 2355 * No allocation required 2356 * 2357 * Returns 0 2358 */ 2359 static int smack_key_alloc(struct key *key, struct task_struct *tsk, 2360 unsigned long flags) 2361 { 2362 key->security = tsk->security; 2363 return 0; 2364 } 2365 2366 /** 2367 * smack_key_free - Clear the key security blob 2368 * @key: the object 2369 * 2370 * Clear the blob pointer 2371 */ 2372 static void smack_key_free(struct key *key) 2373 { 2374 key->security = NULL; 2375 } 2376 2377 /* 2378 * smack_key_permission - Smack access on a key 2379 * @key_ref: gets to the object 2380 * @context: task involved 2381 * @perm: unused 2382 * 2383 * Return 0 if the task has read and write to the object, 2384 * an error code otherwise 2385 */ 2386 static int smack_key_permission(key_ref_t key_ref, 2387 struct task_struct *context, key_perm_t perm) 2388 { 2389 struct key *keyp; 2390 2391 keyp = key_ref_to_ptr(key_ref); 2392 if (keyp == NULL) 2393 return -EINVAL; 2394 /* 2395 * If the key hasn't been initialized give it access so that 2396 * it may do so. 2397 */ 2398 if (keyp->security == NULL) 2399 return 0; 2400 /* 2401 * This should not occur 2402 */ 2403 if (context->security == NULL) 2404 return -EACCES; 2405 2406 return smk_access(context->security, keyp->security, MAY_READWRITE); 2407 } 2408 #endif /* CONFIG_KEYS */ 2409 2410 /* 2411 * Smack Audit hooks 2412 * 2413 * Audit requires a unique representation of each Smack specific 2414 * rule. This unique representation is used to distinguish the 2415 * object to be audited from remaining kernel objects and also 2416 * works as a glue between the audit hooks. 2417 * 2418 * Since repository entries are added but never deleted, we'll use 2419 * the smack_known label address related to the given audit rule as 2420 * the needed unique representation. This also better fits the smack 2421 * model where nearly everything is a label. 2422 */ 2423 #ifdef CONFIG_AUDIT 2424 2425 /** 2426 * smack_audit_rule_init - Initialize a smack audit rule 2427 * @field: audit rule fields given from user-space (audit.h) 2428 * @op: required testing operator (=, !=, >, <, ...) 2429 * @rulestr: smack label to be audited 2430 * @vrule: pointer to save our own audit rule representation 2431 * 2432 * Prepare to audit cases where (@field @op @rulestr) is true. 2433 * The label to be audited is created if necessay. 2434 */ 2435 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 2436 { 2437 char **rule = (char **)vrule; 2438 *rule = NULL; 2439 2440 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 2441 return -EINVAL; 2442 2443 if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL) 2444 return -EINVAL; 2445 2446 *rule = smk_import(rulestr, 0); 2447 2448 return 0; 2449 } 2450 2451 /** 2452 * smack_audit_rule_known - Distinguish Smack audit rules 2453 * @krule: rule of interest, in Audit kernel representation format 2454 * 2455 * This is used to filter Smack rules from remaining Audit ones. 2456 * If it's proved that this rule belongs to us, the 2457 * audit_rule_match hook will be called to do the final judgement. 2458 */ 2459 static int smack_audit_rule_known(struct audit_krule *krule) 2460 { 2461 struct audit_field *f; 2462 int i; 2463 2464 for (i = 0; i < krule->field_count; i++) { 2465 f = &krule->fields[i]; 2466 2467 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 2468 return 1; 2469 } 2470 2471 return 0; 2472 } 2473 2474 /** 2475 * smack_audit_rule_match - Audit given object ? 2476 * @secid: security id for identifying the object to test 2477 * @field: audit rule flags given from user-space 2478 * @op: required testing operator 2479 * @vrule: smack internal rule presentation 2480 * @actx: audit context associated with the check 2481 * 2482 * The core Audit hook. It's used to take the decision of 2483 * whether to audit or not to audit a given object. 2484 */ 2485 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 2486 struct audit_context *actx) 2487 { 2488 char *smack; 2489 char *rule = vrule; 2490 2491 if (!rule) { 2492 audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR, 2493 "Smack: missing rule\n"); 2494 return -ENOENT; 2495 } 2496 2497 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 2498 return 0; 2499 2500 smack = smack_from_secid(secid); 2501 2502 /* 2503 * No need to do string comparisons. If a match occurs, 2504 * both pointers will point to the same smack_known 2505 * label. 2506 */ 2507 if (op == AUDIT_EQUAL) 2508 return (rule == smack); 2509 if (op == AUDIT_NOT_EQUAL) 2510 return (rule != smack); 2511 2512 return 0; 2513 } 2514 2515 /** 2516 * smack_audit_rule_free - free smack rule representation 2517 * @vrule: rule to be freed. 2518 * 2519 * No memory was allocated. 2520 */ 2521 static void smack_audit_rule_free(void *vrule) 2522 { 2523 /* No-op */ 2524 } 2525 2526 #endif /* CONFIG_AUDIT */ 2527 2528 /* 2529 * smack_secid_to_secctx - return the smack label for a secid 2530 * @secid: incoming integer 2531 * @secdata: destination 2532 * @seclen: how long it is 2533 * 2534 * Exists for networking code. 2535 */ 2536 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 2537 { 2538 char *sp = smack_from_secid(secid); 2539 2540 *secdata = sp; 2541 *seclen = strlen(sp); 2542 return 0; 2543 } 2544 2545 /* 2546 * smack_secctx_to_secid - return the secid for a smack label 2547 * @secdata: smack label 2548 * @seclen: how long result is 2549 * @secid: outgoing integer 2550 * 2551 * Exists for audit and networking code. 2552 */ 2553 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 2554 { 2555 *secid = smack_to_secid(secdata); 2556 return 0; 2557 } 2558 2559 /* 2560 * smack_release_secctx - don't do anything. 2561 * @key_ref: unused 2562 * @context: unused 2563 * @perm: unused 2564 * 2565 * Exists to make sure nothing gets done, and properly 2566 */ 2567 static void smack_release_secctx(char *secdata, u32 seclen) 2568 { 2569 } 2570 2571 struct security_operations smack_ops = { 2572 .name = "smack", 2573 2574 .ptrace_may_access = smack_ptrace_may_access, 2575 .ptrace_traceme = smack_ptrace_traceme, 2576 .capget = cap_capget, 2577 .capset_check = cap_capset_check, 2578 .capset_set = cap_capset_set, 2579 .capable = cap_capable, 2580 .syslog = smack_syslog, 2581 .settime = cap_settime, 2582 .vm_enough_memory = cap_vm_enough_memory, 2583 2584 .bprm_apply_creds = cap_bprm_apply_creds, 2585 .bprm_set_security = cap_bprm_set_security, 2586 .bprm_secureexec = cap_bprm_secureexec, 2587 2588 .sb_alloc_security = smack_sb_alloc_security, 2589 .sb_free_security = smack_sb_free_security, 2590 .sb_copy_data = smack_sb_copy_data, 2591 .sb_kern_mount = smack_sb_kern_mount, 2592 .sb_statfs = smack_sb_statfs, 2593 .sb_mount = smack_sb_mount, 2594 .sb_umount = smack_sb_umount, 2595 2596 .inode_alloc_security = smack_inode_alloc_security, 2597 .inode_free_security = smack_inode_free_security, 2598 .inode_init_security = smack_inode_init_security, 2599 .inode_link = smack_inode_link, 2600 .inode_unlink = smack_inode_unlink, 2601 .inode_rmdir = smack_inode_rmdir, 2602 .inode_rename = smack_inode_rename, 2603 .inode_permission = smack_inode_permission, 2604 .inode_setattr = smack_inode_setattr, 2605 .inode_getattr = smack_inode_getattr, 2606 .inode_setxattr = smack_inode_setxattr, 2607 .inode_post_setxattr = smack_inode_post_setxattr, 2608 .inode_getxattr = smack_inode_getxattr, 2609 .inode_removexattr = smack_inode_removexattr, 2610 .inode_need_killpriv = cap_inode_need_killpriv, 2611 .inode_killpriv = cap_inode_killpriv, 2612 .inode_getsecurity = smack_inode_getsecurity, 2613 .inode_setsecurity = smack_inode_setsecurity, 2614 .inode_listsecurity = smack_inode_listsecurity, 2615 .inode_getsecid = smack_inode_getsecid, 2616 2617 .file_permission = smack_file_permission, 2618 .file_alloc_security = smack_file_alloc_security, 2619 .file_free_security = smack_file_free_security, 2620 .file_ioctl = smack_file_ioctl, 2621 .file_lock = smack_file_lock, 2622 .file_fcntl = smack_file_fcntl, 2623 .file_set_fowner = smack_file_set_fowner, 2624 .file_send_sigiotask = smack_file_send_sigiotask, 2625 .file_receive = smack_file_receive, 2626 2627 .task_alloc_security = smack_task_alloc_security, 2628 .task_free_security = smack_task_free_security, 2629 .task_post_setuid = cap_task_post_setuid, 2630 .task_setpgid = smack_task_setpgid, 2631 .task_getpgid = smack_task_getpgid, 2632 .task_getsid = smack_task_getsid, 2633 .task_getsecid = smack_task_getsecid, 2634 .task_setnice = smack_task_setnice, 2635 .task_setioprio = smack_task_setioprio, 2636 .task_getioprio = smack_task_getioprio, 2637 .task_setscheduler = smack_task_setscheduler, 2638 .task_getscheduler = smack_task_getscheduler, 2639 .task_movememory = smack_task_movememory, 2640 .task_kill = smack_task_kill, 2641 .task_wait = smack_task_wait, 2642 .task_reparent_to_init = cap_task_reparent_to_init, 2643 .task_to_inode = smack_task_to_inode, 2644 .task_prctl = cap_task_prctl, 2645 2646 .ipc_permission = smack_ipc_permission, 2647 .ipc_getsecid = smack_ipc_getsecid, 2648 2649 .msg_msg_alloc_security = smack_msg_msg_alloc_security, 2650 .msg_msg_free_security = smack_msg_msg_free_security, 2651 2652 .msg_queue_alloc_security = smack_msg_queue_alloc_security, 2653 .msg_queue_free_security = smack_msg_queue_free_security, 2654 .msg_queue_associate = smack_msg_queue_associate, 2655 .msg_queue_msgctl = smack_msg_queue_msgctl, 2656 .msg_queue_msgsnd = smack_msg_queue_msgsnd, 2657 .msg_queue_msgrcv = smack_msg_queue_msgrcv, 2658 2659 .shm_alloc_security = smack_shm_alloc_security, 2660 .shm_free_security = smack_shm_free_security, 2661 .shm_associate = smack_shm_associate, 2662 .shm_shmctl = smack_shm_shmctl, 2663 .shm_shmat = smack_shm_shmat, 2664 2665 .sem_alloc_security = smack_sem_alloc_security, 2666 .sem_free_security = smack_sem_free_security, 2667 .sem_associate = smack_sem_associate, 2668 .sem_semctl = smack_sem_semctl, 2669 .sem_semop = smack_sem_semop, 2670 2671 .netlink_send = cap_netlink_send, 2672 .netlink_recv = cap_netlink_recv, 2673 2674 .d_instantiate = smack_d_instantiate, 2675 2676 .getprocattr = smack_getprocattr, 2677 .setprocattr = smack_setprocattr, 2678 2679 .unix_stream_connect = smack_unix_stream_connect, 2680 .unix_may_send = smack_unix_may_send, 2681 2682 .socket_post_create = smack_socket_post_create, 2683 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, 2684 .socket_getpeersec_stream = smack_socket_getpeersec_stream, 2685 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, 2686 .sk_alloc_security = smack_sk_alloc_security, 2687 .sk_free_security = smack_sk_free_security, 2688 .sock_graft = smack_sock_graft, 2689 .inet_conn_request = smack_inet_conn_request, 2690 2691 /* key management security hooks */ 2692 #ifdef CONFIG_KEYS 2693 .key_alloc = smack_key_alloc, 2694 .key_free = smack_key_free, 2695 .key_permission = smack_key_permission, 2696 #endif /* CONFIG_KEYS */ 2697 2698 /* Audit hooks */ 2699 #ifdef CONFIG_AUDIT 2700 .audit_rule_init = smack_audit_rule_init, 2701 .audit_rule_known = smack_audit_rule_known, 2702 .audit_rule_match = smack_audit_rule_match, 2703 .audit_rule_free = smack_audit_rule_free, 2704 #endif /* CONFIG_AUDIT */ 2705 2706 .secid_to_secctx = smack_secid_to_secctx, 2707 .secctx_to_secid = smack_secctx_to_secid, 2708 .release_secctx = smack_release_secctx, 2709 }; 2710 2711 /** 2712 * smack_init - initialize the smack system 2713 * 2714 * Returns 0 2715 */ 2716 static __init int smack_init(void) 2717 { 2718 if (!security_module_enable(&smack_ops)) 2719 return 0; 2720 2721 printk(KERN_INFO "Smack: Initializing.\n"); 2722 2723 /* 2724 * Set the security state for the initial task. 2725 */ 2726 current->security = &smack_known_floor.smk_known; 2727 2728 /* 2729 * Initialize locks 2730 */ 2731 spin_lock_init(&smack_known_unset.smk_cipsolock); 2732 spin_lock_init(&smack_known_huh.smk_cipsolock); 2733 spin_lock_init(&smack_known_hat.smk_cipsolock); 2734 spin_lock_init(&smack_known_star.smk_cipsolock); 2735 spin_lock_init(&smack_known_floor.smk_cipsolock); 2736 spin_lock_init(&smack_known_invalid.smk_cipsolock); 2737 2738 /* 2739 * Register with LSM 2740 */ 2741 if (register_security(&smack_ops)) 2742 panic("smack: Unable to register with kernel.\n"); 2743 2744 return 0; 2745 } 2746 2747 /* 2748 * Smack requires early initialization in order to label 2749 * all processes and objects when they are created. 2750 */ 2751 security_initcall(smack_init); 2752