1 /* 2 * Simplified MAC Kernel (smack) security module 3 * 4 * This file contains the smack hook function implementations. 5 * 6 * Author: 7 * Casey Schaufler <casey@schaufler-ca.com> 8 * 9 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2, 13 * as published by the Free Software Foundation. 14 */ 15 16 #include <linux/xattr.h> 17 #include <linux/pagemap.h> 18 #include <linux/mount.h> 19 #include <linux/stat.h> 20 #include <linux/ext2_fs.h> 21 #include <linux/kd.h> 22 #include <asm/ioctls.h> 23 #include <linux/tcp.h> 24 #include <linux/udp.h> 25 #include <linux/mutex.h> 26 #include <linux/pipe_fs_i.h> 27 #include <net/netlabel.h> 28 #include <net/cipso_ipv4.h> 29 #include <linux/audit.h> 30 31 #include "smack.h" 32 33 /* 34 * I hope these are the hokeyist lines of code in the module. Casey. 35 */ 36 #define DEVPTS_SUPER_MAGIC 0x1cd1 37 #define SOCKFS_MAGIC 0x534F434B 38 #define TMPFS_MAGIC 0x01021994 39 40 /** 41 * smk_fetch - Fetch the smack label from a file. 42 * @ip: a pointer to the inode 43 * @dp: a pointer to the dentry 44 * 45 * Returns a pointer to the master list entry for the Smack label 46 * or NULL if there was no label to fetch. 47 */ 48 static char *smk_fetch(struct inode *ip, struct dentry *dp) 49 { 50 int rc; 51 char in[SMK_LABELLEN]; 52 53 if (ip->i_op->getxattr == NULL) 54 return NULL; 55 56 rc = ip->i_op->getxattr(dp, XATTR_NAME_SMACK, in, SMK_LABELLEN); 57 if (rc < 0) 58 return NULL; 59 60 return smk_import(in, rc); 61 } 62 63 /** 64 * new_inode_smack - allocate an inode security blob 65 * @smack: a pointer to the Smack label to use in the blob 66 * 67 * Returns the new blob or NULL if there's no memory available 68 */ 69 struct inode_smack *new_inode_smack(char *smack) 70 { 71 struct inode_smack *isp; 72 73 isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL); 74 if (isp == NULL) 75 return NULL; 76 77 isp->smk_inode = smack; 78 isp->smk_flags = 0; 79 mutex_init(&isp->smk_lock); 80 81 return isp; 82 } 83 84 /* 85 * LSM hooks. 86 * We he, that is fun! 87 */ 88 89 /** 90 * smack_ptrace - Smack approval on ptrace 91 * @ptp: parent task pointer 92 * @ctp: child task pointer 93 * 94 * Returns 0 if access is OK, an error code otherwise 95 * 96 * Do the capability checks, and require read and write. 97 */ 98 static int smack_ptrace(struct task_struct *ptp, struct task_struct *ctp, 99 unsigned int mode) 100 { 101 int rc; 102 103 rc = cap_ptrace(ptp, ctp, mode); 104 if (rc != 0) 105 return rc; 106 107 rc = smk_access(ptp->security, ctp->security, MAY_READWRITE); 108 if (rc != 0 && __capable(ptp, CAP_MAC_OVERRIDE)) 109 return 0; 110 111 return rc; 112 } 113 114 /** 115 * smack_syslog - Smack approval on syslog 116 * @type: message type 117 * 118 * Require that the task has the floor label 119 * 120 * Returns 0 on success, error code otherwise. 121 */ 122 static int smack_syslog(int type) 123 { 124 int rc; 125 char *sp = current->security; 126 127 rc = cap_syslog(type); 128 if (rc != 0) 129 return rc; 130 131 if (capable(CAP_MAC_OVERRIDE)) 132 return 0; 133 134 if (sp != smack_known_floor.smk_known) 135 rc = -EACCES; 136 137 return rc; 138 } 139 140 141 /* 142 * Superblock Hooks. 143 */ 144 145 /** 146 * smack_sb_alloc_security - allocate a superblock blob 147 * @sb: the superblock getting the blob 148 * 149 * Returns 0 on success or -ENOMEM on error. 150 */ 151 static int smack_sb_alloc_security(struct super_block *sb) 152 { 153 struct superblock_smack *sbsp; 154 155 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 156 157 if (sbsp == NULL) 158 return -ENOMEM; 159 160 sbsp->smk_root = smack_known_floor.smk_known; 161 sbsp->smk_default = smack_known_floor.smk_known; 162 sbsp->smk_floor = smack_known_floor.smk_known; 163 sbsp->smk_hat = smack_known_hat.smk_known; 164 sbsp->smk_initialized = 0; 165 spin_lock_init(&sbsp->smk_sblock); 166 167 sb->s_security = sbsp; 168 169 return 0; 170 } 171 172 /** 173 * smack_sb_free_security - free a superblock blob 174 * @sb: the superblock getting the blob 175 * 176 */ 177 static void smack_sb_free_security(struct super_block *sb) 178 { 179 kfree(sb->s_security); 180 sb->s_security = NULL; 181 } 182 183 /** 184 * smack_sb_copy_data - copy mount options data for processing 185 * @type: file system type 186 * @orig: where to start 187 * @smackopts 188 * 189 * Returns 0 on success or -ENOMEM on error. 190 * 191 * Copy the Smack specific mount options out of the mount 192 * options list. 193 */ 194 static int smack_sb_copy_data(char *orig, char *smackopts) 195 { 196 char *cp, *commap, *otheropts, *dp; 197 198 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 199 if (otheropts == NULL) 200 return -ENOMEM; 201 202 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 203 if (strstr(cp, SMK_FSDEFAULT) == cp) 204 dp = smackopts; 205 else if (strstr(cp, SMK_FSFLOOR) == cp) 206 dp = smackopts; 207 else if (strstr(cp, SMK_FSHAT) == cp) 208 dp = smackopts; 209 else if (strstr(cp, SMK_FSROOT) == cp) 210 dp = smackopts; 211 else 212 dp = otheropts; 213 214 commap = strchr(cp, ','); 215 if (commap != NULL) 216 *commap = '\0'; 217 218 if (*dp != '\0') 219 strcat(dp, ","); 220 strcat(dp, cp); 221 } 222 223 strcpy(orig, otheropts); 224 free_page((unsigned long)otheropts); 225 226 return 0; 227 } 228 229 /** 230 * smack_sb_kern_mount - Smack specific mount processing 231 * @sb: the file system superblock 232 * @data: the smack mount options 233 * 234 * Returns 0 on success, an error code on failure 235 */ 236 static int smack_sb_kern_mount(struct super_block *sb, void *data) 237 { 238 struct dentry *root = sb->s_root; 239 struct inode *inode = root->d_inode; 240 struct superblock_smack *sp = sb->s_security; 241 struct inode_smack *isp; 242 char *op; 243 char *commap; 244 char *nsp; 245 246 spin_lock(&sp->smk_sblock); 247 if (sp->smk_initialized != 0) { 248 spin_unlock(&sp->smk_sblock); 249 return 0; 250 } 251 sp->smk_initialized = 1; 252 spin_unlock(&sp->smk_sblock); 253 254 for (op = data; op != NULL; op = commap) { 255 commap = strchr(op, ','); 256 if (commap != NULL) 257 *commap++ = '\0'; 258 259 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { 260 op += strlen(SMK_FSHAT); 261 nsp = smk_import(op, 0); 262 if (nsp != NULL) 263 sp->smk_hat = nsp; 264 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { 265 op += strlen(SMK_FSFLOOR); 266 nsp = smk_import(op, 0); 267 if (nsp != NULL) 268 sp->smk_floor = nsp; 269 } else if (strncmp(op, SMK_FSDEFAULT, 270 strlen(SMK_FSDEFAULT)) == 0) { 271 op += strlen(SMK_FSDEFAULT); 272 nsp = smk_import(op, 0); 273 if (nsp != NULL) 274 sp->smk_default = nsp; 275 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { 276 op += strlen(SMK_FSROOT); 277 nsp = smk_import(op, 0); 278 if (nsp != NULL) 279 sp->smk_root = nsp; 280 } 281 } 282 283 /* 284 * Initialize the root inode. 285 */ 286 isp = inode->i_security; 287 if (isp == NULL) 288 inode->i_security = new_inode_smack(sp->smk_root); 289 else 290 isp->smk_inode = sp->smk_root; 291 292 return 0; 293 } 294 295 /** 296 * smack_sb_statfs - Smack check on statfs 297 * @dentry: identifies the file system in question 298 * 299 * Returns 0 if current can read the floor of the filesystem, 300 * and error code otherwise 301 */ 302 static int smack_sb_statfs(struct dentry *dentry) 303 { 304 struct superblock_smack *sbp = dentry->d_sb->s_security; 305 306 return smk_curacc(sbp->smk_floor, MAY_READ); 307 } 308 309 /** 310 * smack_sb_mount - Smack check for mounting 311 * @dev_name: unused 312 * @nd: mount point 313 * @type: unused 314 * @flags: unused 315 * @data: unused 316 * 317 * Returns 0 if current can write the floor of the filesystem 318 * being mounted on, an error code otherwise. 319 */ 320 static int smack_sb_mount(char *dev_name, struct path *path, 321 char *type, unsigned long flags, void *data) 322 { 323 struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; 324 325 return smk_curacc(sbp->smk_floor, MAY_WRITE); 326 } 327 328 /** 329 * smack_sb_umount - Smack check for unmounting 330 * @mnt: file system to unmount 331 * @flags: unused 332 * 333 * Returns 0 if current can write the floor of the filesystem 334 * being unmounted, an error code otherwise. 335 */ 336 static int smack_sb_umount(struct vfsmount *mnt, int flags) 337 { 338 struct superblock_smack *sbp; 339 340 sbp = mnt->mnt_sb->s_security; 341 342 return smk_curacc(sbp->smk_floor, MAY_WRITE); 343 } 344 345 /* 346 * Inode hooks 347 */ 348 349 /** 350 * smack_inode_alloc_security - allocate an inode blob 351 * @inode - the inode in need of a blob 352 * 353 * Returns 0 if it gets a blob, -ENOMEM otherwise 354 */ 355 static int smack_inode_alloc_security(struct inode *inode) 356 { 357 inode->i_security = new_inode_smack(current->security); 358 if (inode->i_security == NULL) 359 return -ENOMEM; 360 return 0; 361 } 362 363 /** 364 * smack_inode_free_security - free an inode blob 365 * @inode - the inode with a blob 366 * 367 * Clears the blob pointer in inode 368 */ 369 static void smack_inode_free_security(struct inode *inode) 370 { 371 kfree(inode->i_security); 372 inode->i_security = NULL; 373 } 374 375 /** 376 * smack_inode_init_security - copy out the smack from an inode 377 * @inode: the inode 378 * @dir: unused 379 * @name: where to put the attribute name 380 * @value: where to put the attribute value 381 * @len: where to put the length of the attribute 382 * 383 * Returns 0 if it all works out, -ENOMEM if there's no memory 384 */ 385 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 386 char **name, void **value, size_t *len) 387 { 388 char *isp = smk_of_inode(inode); 389 390 if (name) { 391 *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL); 392 if (*name == NULL) 393 return -ENOMEM; 394 } 395 396 if (value) { 397 *value = kstrdup(isp, GFP_KERNEL); 398 if (*value == NULL) 399 return -ENOMEM; 400 } 401 402 if (len) 403 *len = strlen(isp) + 1; 404 405 return 0; 406 } 407 408 /** 409 * smack_inode_link - Smack check on link 410 * @old_dentry: the existing object 411 * @dir: unused 412 * @new_dentry: the new object 413 * 414 * Returns 0 if access is permitted, an error code otherwise 415 */ 416 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 417 struct dentry *new_dentry) 418 { 419 int rc; 420 char *isp; 421 422 isp = smk_of_inode(old_dentry->d_inode); 423 rc = smk_curacc(isp, MAY_WRITE); 424 425 if (rc == 0 && new_dentry->d_inode != NULL) { 426 isp = smk_of_inode(new_dentry->d_inode); 427 rc = smk_curacc(isp, MAY_WRITE); 428 } 429 430 return rc; 431 } 432 433 /** 434 * smack_inode_unlink - Smack check on inode deletion 435 * @dir: containing directory object 436 * @dentry: file to unlink 437 * 438 * Returns 0 if current can write the containing directory 439 * and the object, error code otherwise 440 */ 441 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 442 { 443 struct inode *ip = dentry->d_inode; 444 int rc; 445 446 /* 447 * You need write access to the thing you're unlinking 448 */ 449 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE); 450 if (rc == 0) 451 /* 452 * You also need write access to the containing directory 453 */ 454 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE); 455 456 return rc; 457 } 458 459 /** 460 * smack_inode_rmdir - Smack check on directory deletion 461 * @dir: containing directory object 462 * @dentry: directory to unlink 463 * 464 * Returns 0 if current can write the containing directory 465 * and the directory, error code otherwise 466 */ 467 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 468 { 469 int rc; 470 471 /* 472 * You need write access to the thing you're removing 473 */ 474 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 475 if (rc == 0) 476 /* 477 * You also need write access to the containing directory 478 */ 479 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE); 480 481 return rc; 482 } 483 484 /** 485 * smack_inode_rename - Smack check on rename 486 * @old_inode: the old directory 487 * @old_dentry: unused 488 * @new_inode: the new directory 489 * @new_dentry: unused 490 * 491 * Read and write access is required on both the old and 492 * new directories. 493 * 494 * Returns 0 if access is permitted, an error code otherwise 495 */ 496 static int smack_inode_rename(struct inode *old_inode, 497 struct dentry *old_dentry, 498 struct inode *new_inode, 499 struct dentry *new_dentry) 500 { 501 int rc; 502 char *isp; 503 504 isp = smk_of_inode(old_dentry->d_inode); 505 rc = smk_curacc(isp, MAY_READWRITE); 506 507 if (rc == 0 && new_dentry->d_inode != NULL) { 508 isp = smk_of_inode(new_dentry->d_inode); 509 rc = smk_curacc(isp, MAY_READWRITE); 510 } 511 512 return rc; 513 } 514 515 /** 516 * smack_inode_permission - Smack version of permission() 517 * @inode: the inode in question 518 * @mask: the access requested 519 * @nd: unused 520 * 521 * This is the important Smack hook. 522 * 523 * Returns 0 if access is permitted, -EACCES otherwise 524 */ 525 static int smack_inode_permission(struct inode *inode, int mask, 526 struct nameidata *nd) 527 { 528 /* 529 * No permission to check. Existence test. Yup, it's there. 530 */ 531 if (mask == 0) 532 return 0; 533 534 return smk_curacc(smk_of_inode(inode), mask); 535 } 536 537 /** 538 * smack_inode_setattr - Smack check for setting attributes 539 * @dentry: the object 540 * @iattr: for the force flag 541 * 542 * Returns 0 if access is permitted, an error code otherwise 543 */ 544 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 545 { 546 /* 547 * Need to allow for clearing the setuid bit. 548 */ 549 if (iattr->ia_valid & ATTR_FORCE) 550 return 0; 551 552 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 553 } 554 555 /** 556 * smack_inode_getattr - Smack check for getting attributes 557 * @mnt: unused 558 * @dentry: the object 559 * 560 * Returns 0 if access is permitted, an error code otherwise 561 */ 562 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 563 { 564 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); 565 } 566 567 /** 568 * smack_inode_setxattr - Smack check for setting xattrs 569 * @dentry: the object 570 * @name: name of the attribute 571 * @value: unused 572 * @size: unused 573 * @flags: unused 574 * 575 * This protects the Smack attribute explicitly. 576 * 577 * Returns 0 if access is permitted, an error code otherwise 578 */ 579 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 580 const void *value, size_t size, int flags) 581 { 582 int rc = 0; 583 584 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 585 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 586 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 587 if (!capable(CAP_MAC_ADMIN)) 588 rc = -EPERM; 589 } else 590 rc = cap_inode_setxattr(dentry, name, value, size, flags); 591 592 if (rc == 0) 593 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 594 595 return rc; 596 } 597 598 /** 599 * smack_inode_post_setxattr - Apply the Smack update approved above 600 * @dentry: object 601 * @name: attribute name 602 * @value: attribute value 603 * @size: attribute size 604 * @flags: unused 605 * 606 * Set the pointer in the inode blob to the entry found 607 * in the master label list. 608 */ 609 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 610 const void *value, size_t size, int flags) 611 { 612 struct inode_smack *isp; 613 char *nsp; 614 615 /* 616 * Not SMACK 617 */ 618 if (strcmp(name, XATTR_NAME_SMACK)) 619 return; 620 621 if (size >= SMK_LABELLEN) 622 return; 623 624 isp = dentry->d_inode->i_security; 625 626 /* 627 * No locking is done here. This is a pointer 628 * assignment. 629 */ 630 nsp = smk_import(value, size); 631 if (nsp != NULL) 632 isp->smk_inode = nsp; 633 else 634 isp->smk_inode = smack_known_invalid.smk_known; 635 636 return; 637 } 638 639 /* 640 * smack_inode_getxattr - Smack check on getxattr 641 * @dentry: the object 642 * @name: unused 643 * 644 * Returns 0 if access is permitted, an error code otherwise 645 */ 646 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 647 { 648 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); 649 } 650 651 /* 652 * smack_inode_removexattr - Smack check on removexattr 653 * @dentry: the object 654 * @name: name of the attribute 655 * 656 * Removing the Smack attribute requires CAP_MAC_ADMIN 657 * 658 * Returns 0 if access is permitted, an error code otherwise 659 */ 660 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 661 { 662 int rc = 0; 663 664 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 665 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 666 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 667 if (!capable(CAP_MAC_ADMIN)) 668 rc = -EPERM; 669 } else 670 rc = cap_inode_removexattr(dentry, name); 671 672 if (rc == 0) 673 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 674 675 return rc; 676 } 677 678 /** 679 * smack_inode_getsecurity - get smack xattrs 680 * @inode: the object 681 * @name: attribute name 682 * @buffer: where to put the result 683 * @size: size of the buffer 684 * @err: unused 685 * 686 * Returns the size of the attribute or an error code 687 */ 688 static int smack_inode_getsecurity(const struct inode *inode, 689 const char *name, void **buffer, 690 bool alloc) 691 { 692 struct socket_smack *ssp; 693 struct socket *sock; 694 struct super_block *sbp; 695 struct inode *ip = (struct inode *)inode; 696 char *isp; 697 int ilen; 698 int rc = 0; 699 700 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 701 isp = smk_of_inode(inode); 702 ilen = strlen(isp) + 1; 703 *buffer = isp; 704 return ilen; 705 } 706 707 /* 708 * The rest of the Smack xattrs are only on sockets. 709 */ 710 sbp = ip->i_sb; 711 if (sbp->s_magic != SOCKFS_MAGIC) 712 return -EOPNOTSUPP; 713 714 sock = SOCKET_I(ip); 715 if (sock == NULL || sock->sk == NULL) 716 return -EOPNOTSUPP; 717 718 ssp = sock->sk->sk_security; 719 720 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 721 isp = ssp->smk_in; 722 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 723 isp = ssp->smk_out; 724 else 725 return -EOPNOTSUPP; 726 727 ilen = strlen(isp) + 1; 728 if (rc == 0) { 729 *buffer = isp; 730 rc = ilen; 731 } 732 733 return rc; 734 } 735 736 737 /** 738 * smack_inode_listsecurity - list the Smack attributes 739 * @inode: the object 740 * @buffer: where they go 741 * @buffer_size: size of buffer 742 * 743 * Returns 0 on success, -EINVAL otherwise 744 */ 745 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 746 size_t buffer_size) 747 { 748 int len = strlen(XATTR_NAME_SMACK); 749 750 if (buffer != NULL && len <= buffer_size) { 751 memcpy(buffer, XATTR_NAME_SMACK, len); 752 return len; 753 } 754 return -EINVAL; 755 } 756 757 /** 758 * smack_inode_getsecid - Extract inode's security id 759 * @inode: inode to extract the info from 760 * @secid: where result will be saved 761 */ 762 static void smack_inode_getsecid(const struct inode *inode, u32 *secid) 763 { 764 struct inode_smack *isp = inode->i_security; 765 766 *secid = smack_to_secid(isp->smk_inode); 767 } 768 769 /* 770 * File Hooks 771 */ 772 773 /** 774 * smack_file_permission - Smack check on file operations 775 * @file: unused 776 * @mask: unused 777 * 778 * Returns 0 779 * 780 * Should access checks be done on each read or write? 781 * UNICOS and SELinux say yes. 782 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 783 * 784 * I'll say no for now. Smack does not do the frequent 785 * label changing that SELinux does. 786 */ 787 static int smack_file_permission(struct file *file, int mask) 788 { 789 return 0; 790 } 791 792 /** 793 * smack_file_alloc_security - assign a file security blob 794 * @file: the object 795 * 796 * The security blob for a file is a pointer to the master 797 * label list, so no allocation is done. 798 * 799 * Returns 0 800 */ 801 static int smack_file_alloc_security(struct file *file) 802 { 803 file->f_security = current->security; 804 return 0; 805 } 806 807 /** 808 * smack_file_free_security - clear a file security blob 809 * @file: the object 810 * 811 * The security blob for a file is a pointer to the master 812 * label list, so no memory is freed. 813 */ 814 static void smack_file_free_security(struct file *file) 815 { 816 file->f_security = NULL; 817 } 818 819 /** 820 * smack_file_ioctl - Smack check on ioctls 821 * @file: the object 822 * @cmd: what to do 823 * @arg: unused 824 * 825 * Relies heavily on the correct use of the ioctl command conventions. 826 * 827 * Returns 0 if allowed, error code otherwise 828 */ 829 static int smack_file_ioctl(struct file *file, unsigned int cmd, 830 unsigned long arg) 831 { 832 int rc = 0; 833 834 if (_IOC_DIR(cmd) & _IOC_WRITE) 835 rc = smk_curacc(file->f_security, MAY_WRITE); 836 837 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) 838 rc = smk_curacc(file->f_security, MAY_READ); 839 840 return rc; 841 } 842 843 /** 844 * smack_file_lock - Smack check on file locking 845 * @file: the object 846 * @cmd unused 847 * 848 * Returns 0 if current has write access, error code otherwise 849 */ 850 static int smack_file_lock(struct file *file, unsigned int cmd) 851 { 852 return smk_curacc(file->f_security, MAY_WRITE); 853 } 854 855 /** 856 * smack_file_fcntl - Smack check on fcntl 857 * @file: the object 858 * @cmd: what action to check 859 * @arg: unused 860 * 861 * Returns 0 if current has access, error code otherwise 862 */ 863 static int smack_file_fcntl(struct file *file, unsigned int cmd, 864 unsigned long arg) 865 { 866 int rc; 867 868 switch (cmd) { 869 case F_DUPFD: 870 case F_GETFD: 871 case F_GETFL: 872 case F_GETLK: 873 case F_GETOWN: 874 case F_GETSIG: 875 rc = smk_curacc(file->f_security, MAY_READ); 876 break; 877 case F_SETFD: 878 case F_SETFL: 879 case F_SETLK: 880 case F_SETLKW: 881 case F_SETOWN: 882 case F_SETSIG: 883 rc = smk_curacc(file->f_security, MAY_WRITE); 884 break; 885 default: 886 rc = smk_curacc(file->f_security, MAY_READWRITE); 887 } 888 889 return rc; 890 } 891 892 /** 893 * smack_file_set_fowner - set the file security blob value 894 * @file: object in question 895 * 896 * Returns 0 897 * Further research may be required on this one. 898 */ 899 static int smack_file_set_fowner(struct file *file) 900 { 901 file->f_security = current->security; 902 return 0; 903 } 904 905 /** 906 * smack_file_send_sigiotask - Smack on sigio 907 * @tsk: The target task 908 * @fown: the object the signal come from 909 * @signum: unused 910 * 911 * Allow a privileged task to get signals even if it shouldn't 912 * 913 * Returns 0 if a subject with the object's smack could 914 * write to the task, an error code otherwise. 915 */ 916 static int smack_file_send_sigiotask(struct task_struct *tsk, 917 struct fown_struct *fown, int signum) 918 { 919 struct file *file; 920 int rc; 921 922 /* 923 * struct fown_struct is never outside the context of a struct file 924 */ 925 file = container_of(fown, struct file, f_owner); 926 rc = smk_access(file->f_security, tsk->security, MAY_WRITE); 927 if (rc != 0 && __capable(tsk, CAP_MAC_OVERRIDE)) 928 return 0; 929 return rc; 930 } 931 932 /** 933 * smack_file_receive - Smack file receive check 934 * @file: the object 935 * 936 * Returns 0 if current has access, error code otherwise 937 */ 938 static int smack_file_receive(struct file *file) 939 { 940 int may = 0; 941 942 /* 943 * This code relies on bitmasks. 944 */ 945 if (file->f_mode & FMODE_READ) 946 may = MAY_READ; 947 if (file->f_mode & FMODE_WRITE) 948 may |= MAY_WRITE; 949 950 return smk_curacc(file->f_security, may); 951 } 952 953 /* 954 * Task hooks 955 */ 956 957 /** 958 * smack_task_alloc_security - "allocate" a task blob 959 * @tsk: the task in need of a blob 960 * 961 * Smack isn't using copies of blobs. Everyone 962 * points to an immutable list. No alloc required. 963 * No data copy required. 964 * 965 * Always returns 0 966 */ 967 static int smack_task_alloc_security(struct task_struct *tsk) 968 { 969 tsk->security = current->security; 970 971 return 0; 972 } 973 974 /** 975 * smack_task_free_security - "free" a task blob 976 * @task: the task with the blob 977 * 978 * Smack isn't using copies of blobs. Everyone 979 * points to an immutable list. The blobs never go away. 980 * There is no leak here. 981 */ 982 static void smack_task_free_security(struct task_struct *task) 983 { 984 task->security = NULL; 985 } 986 987 /** 988 * smack_task_setpgid - Smack check on setting pgid 989 * @p: the task object 990 * @pgid: unused 991 * 992 * Return 0 if write access is permitted 993 */ 994 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 995 { 996 return smk_curacc(p->security, MAY_WRITE); 997 } 998 999 /** 1000 * smack_task_getpgid - Smack access check for getpgid 1001 * @p: the object task 1002 * 1003 * Returns 0 if current can read the object task, error code otherwise 1004 */ 1005 static int smack_task_getpgid(struct task_struct *p) 1006 { 1007 return smk_curacc(p->security, MAY_READ); 1008 } 1009 1010 /** 1011 * smack_task_getsid - Smack access check for getsid 1012 * @p: the object task 1013 * 1014 * Returns 0 if current can read the object task, error code otherwise 1015 */ 1016 static int smack_task_getsid(struct task_struct *p) 1017 { 1018 return smk_curacc(p->security, MAY_READ); 1019 } 1020 1021 /** 1022 * smack_task_getsecid - get the secid of the task 1023 * @p: the object task 1024 * @secid: where to put the result 1025 * 1026 * Sets the secid to contain a u32 version of the smack label. 1027 */ 1028 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1029 { 1030 *secid = smack_to_secid(p->security); 1031 } 1032 1033 /** 1034 * smack_task_setnice - Smack check on setting nice 1035 * @p: the task object 1036 * @nice: unused 1037 * 1038 * Return 0 if write access is permitted 1039 */ 1040 static int smack_task_setnice(struct task_struct *p, int nice) 1041 { 1042 int rc; 1043 1044 rc = cap_task_setnice(p, nice); 1045 if (rc == 0) 1046 rc = smk_curacc(p->security, MAY_WRITE); 1047 return rc; 1048 } 1049 1050 /** 1051 * smack_task_setioprio - Smack check on setting ioprio 1052 * @p: the task object 1053 * @ioprio: unused 1054 * 1055 * Return 0 if write access is permitted 1056 */ 1057 static int smack_task_setioprio(struct task_struct *p, int ioprio) 1058 { 1059 int rc; 1060 1061 rc = cap_task_setioprio(p, ioprio); 1062 if (rc == 0) 1063 rc = smk_curacc(p->security, MAY_WRITE); 1064 return rc; 1065 } 1066 1067 /** 1068 * smack_task_getioprio - Smack check on reading ioprio 1069 * @p: the task object 1070 * 1071 * Return 0 if read access is permitted 1072 */ 1073 static int smack_task_getioprio(struct task_struct *p) 1074 { 1075 return smk_curacc(p->security, MAY_READ); 1076 } 1077 1078 /** 1079 * smack_task_setscheduler - Smack check on setting scheduler 1080 * @p: the task object 1081 * @policy: unused 1082 * @lp: unused 1083 * 1084 * Return 0 if read access is permitted 1085 */ 1086 static int smack_task_setscheduler(struct task_struct *p, int policy, 1087 struct sched_param *lp) 1088 { 1089 int rc; 1090 1091 rc = cap_task_setscheduler(p, policy, lp); 1092 if (rc == 0) 1093 rc = smk_curacc(p->security, MAY_WRITE); 1094 return rc; 1095 } 1096 1097 /** 1098 * smack_task_getscheduler - Smack check on reading scheduler 1099 * @p: the task object 1100 * 1101 * Return 0 if read access is permitted 1102 */ 1103 static int smack_task_getscheduler(struct task_struct *p) 1104 { 1105 return smk_curacc(p->security, MAY_READ); 1106 } 1107 1108 /** 1109 * smack_task_movememory - Smack check on moving memory 1110 * @p: the task object 1111 * 1112 * Return 0 if write access is permitted 1113 */ 1114 static int smack_task_movememory(struct task_struct *p) 1115 { 1116 return smk_curacc(p->security, MAY_WRITE); 1117 } 1118 1119 /** 1120 * smack_task_kill - Smack check on signal delivery 1121 * @p: the task object 1122 * @info: unused 1123 * @sig: unused 1124 * @secid: identifies the smack to use in lieu of current's 1125 * 1126 * Return 0 if write access is permitted 1127 * 1128 * The secid behavior is an artifact of an SELinux hack 1129 * in the USB code. Someday it may go away. 1130 */ 1131 static int smack_task_kill(struct task_struct *p, struct siginfo *info, 1132 int sig, u32 secid) 1133 { 1134 /* 1135 * Sending a signal requires that the sender 1136 * can write the receiver. 1137 */ 1138 if (secid == 0) 1139 return smk_curacc(p->security, MAY_WRITE); 1140 /* 1141 * If the secid isn't 0 we're dealing with some USB IO 1142 * specific behavior. This is not clean. For one thing 1143 * we can't take privilege into account. 1144 */ 1145 return smk_access(smack_from_secid(secid), p->security, MAY_WRITE); 1146 } 1147 1148 /** 1149 * smack_task_wait - Smack access check for waiting 1150 * @p: task to wait for 1151 * 1152 * Returns 0 if current can wait for p, error code otherwise 1153 */ 1154 static int smack_task_wait(struct task_struct *p) 1155 { 1156 int rc; 1157 1158 rc = smk_access(current->security, p->security, MAY_WRITE); 1159 if (rc == 0) 1160 return 0; 1161 1162 /* 1163 * Allow the operation to succeed if either task 1164 * has privilege to perform operations that might 1165 * account for the smack labels having gotten to 1166 * be different in the first place. 1167 * 1168 * This breaks the strict subjet/object access 1169 * control ideal, taking the object's privilege 1170 * state into account in the decision as well as 1171 * the smack value. 1172 */ 1173 if (capable(CAP_MAC_OVERRIDE) || __capable(p, CAP_MAC_OVERRIDE)) 1174 return 0; 1175 1176 return rc; 1177 } 1178 1179 /** 1180 * smack_task_to_inode - copy task smack into the inode blob 1181 * @p: task to copy from 1182 * inode: inode to copy to 1183 * 1184 * Sets the smack pointer in the inode security blob 1185 */ 1186 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 1187 { 1188 struct inode_smack *isp = inode->i_security; 1189 isp->smk_inode = p->security; 1190 } 1191 1192 /* 1193 * Socket hooks. 1194 */ 1195 1196 /** 1197 * smack_sk_alloc_security - Allocate a socket blob 1198 * @sk: the socket 1199 * @family: unused 1200 * @priority: memory allocation priority 1201 * 1202 * Assign Smack pointers to current 1203 * 1204 * Returns 0 on success, -ENOMEM is there's no memory 1205 */ 1206 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 1207 { 1208 char *csp = current->security; 1209 struct socket_smack *ssp; 1210 1211 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 1212 if (ssp == NULL) 1213 return -ENOMEM; 1214 1215 ssp->smk_in = csp; 1216 ssp->smk_out = csp; 1217 ssp->smk_packet[0] = '\0'; 1218 1219 sk->sk_security = ssp; 1220 1221 return 0; 1222 } 1223 1224 /** 1225 * smack_sk_free_security - Free a socket blob 1226 * @sk: the socket 1227 * 1228 * Clears the blob pointer 1229 */ 1230 static void smack_sk_free_security(struct sock *sk) 1231 { 1232 kfree(sk->sk_security); 1233 } 1234 1235 /** 1236 * smack_set_catset - convert a capset to netlabel mls categories 1237 * @catset: the Smack categories 1238 * @sap: where to put the netlabel categories 1239 * 1240 * Allocates and fills attr.mls.cat 1241 */ 1242 static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap) 1243 { 1244 unsigned char *cp; 1245 unsigned char m; 1246 int cat; 1247 int rc; 1248 int byte; 1249 1250 if (!catset) 1251 return; 1252 1253 sap->flags |= NETLBL_SECATTR_MLS_CAT; 1254 sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC); 1255 sap->attr.mls.cat->startbit = 0; 1256 1257 for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++) 1258 for (m = 0x80; m != 0; m >>= 1, cat++) { 1259 if ((m & *cp) == 0) 1260 continue; 1261 rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat, 1262 cat, GFP_ATOMIC); 1263 } 1264 } 1265 1266 /** 1267 * smack_to_secattr - fill a secattr from a smack value 1268 * @smack: the smack value 1269 * @nlsp: where the result goes 1270 * 1271 * Casey says that CIPSO is good enough for now. 1272 * It can be used to effect. 1273 * It can also be abused to effect when necessary. 1274 * Appologies to the TSIG group in general and GW in particular. 1275 */ 1276 static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) 1277 { 1278 struct smack_cipso cipso; 1279 int rc; 1280 1281 switch (smack_net_nltype) { 1282 case NETLBL_NLTYPE_CIPSOV4: 1283 nlsp->domain = smack; 1284 nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; 1285 1286 rc = smack_to_cipso(smack, &cipso); 1287 if (rc == 0) { 1288 nlsp->attr.mls.lvl = cipso.smk_level; 1289 smack_set_catset(cipso.smk_catset, nlsp); 1290 } else { 1291 nlsp->attr.mls.lvl = smack_cipso_direct; 1292 smack_set_catset(smack, nlsp); 1293 } 1294 break; 1295 default: 1296 break; 1297 } 1298 } 1299 1300 /** 1301 * smack_netlabel - Set the secattr on a socket 1302 * @sk: the socket 1303 * 1304 * Convert the outbound smack value (smk_out) to a 1305 * secattr and attach it to the socket. 1306 * 1307 * Returns 0 on success or an error code 1308 */ 1309 static int smack_netlabel(struct sock *sk) 1310 { 1311 struct socket_smack *ssp; 1312 struct netlbl_lsm_secattr secattr; 1313 int rc; 1314 1315 ssp = sk->sk_security; 1316 netlbl_secattr_init(&secattr); 1317 smack_to_secattr(ssp->smk_out, &secattr); 1318 rc = netlbl_sock_setattr(sk, &secattr); 1319 netlbl_secattr_destroy(&secattr); 1320 1321 return rc; 1322 } 1323 1324 /** 1325 * smack_inode_setsecurity - set smack xattrs 1326 * @inode: the object 1327 * @name: attribute name 1328 * @value: attribute value 1329 * @size: size of the attribute 1330 * @flags: unused 1331 * 1332 * Sets the named attribute in the appropriate blob 1333 * 1334 * Returns 0 on success, or an error code 1335 */ 1336 static int smack_inode_setsecurity(struct inode *inode, const char *name, 1337 const void *value, size_t size, int flags) 1338 { 1339 char *sp; 1340 struct inode_smack *nsp = inode->i_security; 1341 struct socket_smack *ssp; 1342 struct socket *sock; 1343 int rc = 0; 1344 1345 if (value == NULL || size > SMK_LABELLEN) 1346 return -EACCES; 1347 1348 sp = smk_import(value, size); 1349 if (sp == NULL) 1350 return -EINVAL; 1351 1352 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1353 nsp->smk_inode = sp; 1354 return 0; 1355 } 1356 /* 1357 * The rest of the Smack xattrs are only on sockets. 1358 */ 1359 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 1360 return -EOPNOTSUPP; 1361 1362 sock = SOCKET_I(inode); 1363 if (sock == NULL || sock->sk == NULL) 1364 return -EOPNOTSUPP; 1365 1366 ssp = sock->sk->sk_security; 1367 1368 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1369 ssp->smk_in = sp; 1370 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 1371 ssp->smk_out = sp; 1372 rc = smack_netlabel(sock->sk); 1373 if (rc != 0) 1374 printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n", 1375 __func__, -rc); 1376 } else 1377 return -EOPNOTSUPP; 1378 1379 return 0; 1380 } 1381 1382 /** 1383 * smack_socket_post_create - finish socket setup 1384 * @sock: the socket 1385 * @family: protocol family 1386 * @type: unused 1387 * @protocol: unused 1388 * @kern: unused 1389 * 1390 * Sets the netlabel information on the socket 1391 * 1392 * Returns 0 on success, and error code otherwise 1393 */ 1394 static int smack_socket_post_create(struct socket *sock, int family, 1395 int type, int protocol, int kern) 1396 { 1397 if (family != PF_INET || sock->sk == NULL) 1398 return 0; 1399 /* 1400 * Set the outbound netlbl. 1401 */ 1402 return smack_netlabel(sock->sk); 1403 } 1404 1405 /** 1406 * smack_flags_to_may - convert S_ to MAY_ values 1407 * @flags: the S_ value 1408 * 1409 * Returns the equivalent MAY_ value 1410 */ 1411 static int smack_flags_to_may(int flags) 1412 { 1413 int may = 0; 1414 1415 if (flags & S_IRUGO) 1416 may |= MAY_READ; 1417 if (flags & S_IWUGO) 1418 may |= MAY_WRITE; 1419 if (flags & S_IXUGO) 1420 may |= MAY_EXEC; 1421 1422 return may; 1423 } 1424 1425 /** 1426 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 1427 * @msg: the object 1428 * 1429 * Returns 0 1430 */ 1431 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 1432 { 1433 msg->security = current->security; 1434 return 0; 1435 } 1436 1437 /** 1438 * smack_msg_msg_free_security - Clear the security blob for msg_msg 1439 * @msg: the object 1440 * 1441 * Clears the blob pointer 1442 */ 1443 static void smack_msg_msg_free_security(struct msg_msg *msg) 1444 { 1445 msg->security = NULL; 1446 } 1447 1448 /** 1449 * smack_of_shm - the smack pointer for the shm 1450 * @shp: the object 1451 * 1452 * Returns a pointer to the smack value 1453 */ 1454 static char *smack_of_shm(struct shmid_kernel *shp) 1455 { 1456 return (char *)shp->shm_perm.security; 1457 } 1458 1459 /** 1460 * smack_shm_alloc_security - Set the security blob for shm 1461 * @shp: the object 1462 * 1463 * Returns 0 1464 */ 1465 static int smack_shm_alloc_security(struct shmid_kernel *shp) 1466 { 1467 struct kern_ipc_perm *isp = &shp->shm_perm; 1468 1469 isp->security = current->security; 1470 return 0; 1471 } 1472 1473 /** 1474 * smack_shm_free_security - Clear the security blob for shm 1475 * @shp: the object 1476 * 1477 * Clears the blob pointer 1478 */ 1479 static void smack_shm_free_security(struct shmid_kernel *shp) 1480 { 1481 struct kern_ipc_perm *isp = &shp->shm_perm; 1482 1483 isp->security = NULL; 1484 } 1485 1486 /** 1487 * smack_shm_associate - Smack access check for shm 1488 * @shp: the object 1489 * @shmflg: access requested 1490 * 1491 * Returns 0 if current has the requested access, error code otherwise 1492 */ 1493 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 1494 { 1495 char *ssp = smack_of_shm(shp); 1496 int may; 1497 1498 may = smack_flags_to_may(shmflg); 1499 return smk_curacc(ssp, may); 1500 } 1501 1502 /** 1503 * smack_shm_shmctl - Smack access check for shm 1504 * @shp: the object 1505 * @cmd: what it wants to do 1506 * 1507 * Returns 0 if current has the requested access, error code otherwise 1508 */ 1509 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 1510 { 1511 char *ssp; 1512 int may; 1513 1514 switch (cmd) { 1515 case IPC_STAT: 1516 case SHM_STAT: 1517 may = MAY_READ; 1518 break; 1519 case IPC_SET: 1520 case SHM_LOCK: 1521 case SHM_UNLOCK: 1522 case IPC_RMID: 1523 may = MAY_READWRITE; 1524 break; 1525 case IPC_INFO: 1526 case SHM_INFO: 1527 /* 1528 * System level information. 1529 */ 1530 return 0; 1531 default: 1532 return -EINVAL; 1533 } 1534 1535 ssp = smack_of_shm(shp); 1536 return smk_curacc(ssp, may); 1537 } 1538 1539 /** 1540 * smack_shm_shmat - Smack access for shmat 1541 * @shp: the object 1542 * @shmaddr: unused 1543 * @shmflg: access requested 1544 * 1545 * Returns 0 if current has the requested access, error code otherwise 1546 */ 1547 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 1548 int shmflg) 1549 { 1550 char *ssp = smack_of_shm(shp); 1551 int may; 1552 1553 may = smack_flags_to_may(shmflg); 1554 return smk_curacc(ssp, may); 1555 } 1556 1557 /** 1558 * smack_of_sem - the smack pointer for the sem 1559 * @sma: the object 1560 * 1561 * Returns a pointer to the smack value 1562 */ 1563 static char *smack_of_sem(struct sem_array *sma) 1564 { 1565 return (char *)sma->sem_perm.security; 1566 } 1567 1568 /** 1569 * smack_sem_alloc_security - Set the security blob for sem 1570 * @sma: the object 1571 * 1572 * Returns 0 1573 */ 1574 static int smack_sem_alloc_security(struct sem_array *sma) 1575 { 1576 struct kern_ipc_perm *isp = &sma->sem_perm; 1577 1578 isp->security = current->security; 1579 return 0; 1580 } 1581 1582 /** 1583 * smack_sem_free_security - Clear the security blob for sem 1584 * @sma: the object 1585 * 1586 * Clears the blob pointer 1587 */ 1588 static void smack_sem_free_security(struct sem_array *sma) 1589 { 1590 struct kern_ipc_perm *isp = &sma->sem_perm; 1591 1592 isp->security = NULL; 1593 } 1594 1595 /** 1596 * smack_sem_associate - Smack access check for sem 1597 * @sma: the object 1598 * @semflg: access requested 1599 * 1600 * Returns 0 if current has the requested access, error code otherwise 1601 */ 1602 static int smack_sem_associate(struct sem_array *sma, int semflg) 1603 { 1604 char *ssp = smack_of_sem(sma); 1605 int may; 1606 1607 may = smack_flags_to_may(semflg); 1608 return smk_curacc(ssp, may); 1609 } 1610 1611 /** 1612 * smack_sem_shmctl - Smack access check for sem 1613 * @sma: the object 1614 * @cmd: what it wants to do 1615 * 1616 * Returns 0 if current has the requested access, error code otherwise 1617 */ 1618 static int smack_sem_semctl(struct sem_array *sma, int cmd) 1619 { 1620 char *ssp; 1621 int may; 1622 1623 switch (cmd) { 1624 case GETPID: 1625 case GETNCNT: 1626 case GETZCNT: 1627 case GETVAL: 1628 case GETALL: 1629 case IPC_STAT: 1630 case SEM_STAT: 1631 may = MAY_READ; 1632 break; 1633 case SETVAL: 1634 case SETALL: 1635 case IPC_RMID: 1636 case IPC_SET: 1637 may = MAY_READWRITE; 1638 break; 1639 case IPC_INFO: 1640 case SEM_INFO: 1641 /* 1642 * System level information 1643 */ 1644 return 0; 1645 default: 1646 return -EINVAL; 1647 } 1648 1649 ssp = smack_of_sem(sma); 1650 return smk_curacc(ssp, may); 1651 } 1652 1653 /** 1654 * smack_sem_semop - Smack checks of semaphore operations 1655 * @sma: the object 1656 * @sops: unused 1657 * @nsops: unused 1658 * @alter: unused 1659 * 1660 * Treated as read and write in all cases. 1661 * 1662 * Returns 0 if access is allowed, error code otherwise 1663 */ 1664 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, 1665 unsigned nsops, int alter) 1666 { 1667 char *ssp = smack_of_sem(sma); 1668 1669 return smk_curacc(ssp, MAY_READWRITE); 1670 } 1671 1672 /** 1673 * smack_msg_alloc_security - Set the security blob for msg 1674 * @msq: the object 1675 * 1676 * Returns 0 1677 */ 1678 static int smack_msg_queue_alloc_security(struct msg_queue *msq) 1679 { 1680 struct kern_ipc_perm *kisp = &msq->q_perm; 1681 1682 kisp->security = current->security; 1683 return 0; 1684 } 1685 1686 /** 1687 * smack_msg_free_security - Clear the security blob for msg 1688 * @msq: the object 1689 * 1690 * Clears the blob pointer 1691 */ 1692 static void smack_msg_queue_free_security(struct msg_queue *msq) 1693 { 1694 struct kern_ipc_perm *kisp = &msq->q_perm; 1695 1696 kisp->security = NULL; 1697 } 1698 1699 /** 1700 * smack_of_msq - the smack pointer for the msq 1701 * @msq: the object 1702 * 1703 * Returns a pointer to the smack value 1704 */ 1705 static char *smack_of_msq(struct msg_queue *msq) 1706 { 1707 return (char *)msq->q_perm.security; 1708 } 1709 1710 /** 1711 * smack_msg_queue_associate - Smack access check for msg_queue 1712 * @msq: the object 1713 * @msqflg: access requested 1714 * 1715 * Returns 0 if current has the requested access, error code otherwise 1716 */ 1717 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) 1718 { 1719 char *msp = smack_of_msq(msq); 1720 int may; 1721 1722 may = smack_flags_to_may(msqflg); 1723 return smk_curacc(msp, may); 1724 } 1725 1726 /** 1727 * smack_msg_queue_msgctl - Smack access check for msg_queue 1728 * @msq: the object 1729 * @cmd: what it wants to do 1730 * 1731 * Returns 0 if current has the requested access, error code otherwise 1732 */ 1733 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 1734 { 1735 char *msp; 1736 int may; 1737 1738 switch (cmd) { 1739 case IPC_STAT: 1740 case MSG_STAT: 1741 may = MAY_READ; 1742 break; 1743 case IPC_SET: 1744 case IPC_RMID: 1745 may = MAY_READWRITE; 1746 break; 1747 case IPC_INFO: 1748 case MSG_INFO: 1749 /* 1750 * System level information 1751 */ 1752 return 0; 1753 default: 1754 return -EINVAL; 1755 } 1756 1757 msp = smack_of_msq(msq); 1758 return smk_curacc(msp, may); 1759 } 1760 1761 /** 1762 * smack_msg_queue_msgsnd - Smack access check for msg_queue 1763 * @msq: the object 1764 * @msg: unused 1765 * @msqflg: access requested 1766 * 1767 * Returns 0 if current has the requested access, error code otherwise 1768 */ 1769 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 1770 int msqflg) 1771 { 1772 char *msp = smack_of_msq(msq); 1773 int rc; 1774 1775 rc = smack_flags_to_may(msqflg); 1776 return smk_curacc(msp, rc); 1777 } 1778 1779 /** 1780 * smack_msg_queue_msgsnd - Smack access check for msg_queue 1781 * @msq: the object 1782 * @msg: unused 1783 * @target: unused 1784 * @type: unused 1785 * @mode: unused 1786 * 1787 * Returns 0 if current has read and write access, error code otherwise 1788 */ 1789 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 1790 struct task_struct *target, long type, int mode) 1791 { 1792 char *msp = smack_of_msq(msq); 1793 1794 return smk_curacc(msp, MAY_READWRITE); 1795 } 1796 1797 /** 1798 * smack_ipc_permission - Smack access for ipc_permission() 1799 * @ipp: the object permissions 1800 * @flag: access requested 1801 * 1802 * Returns 0 if current has read and write access, error code otherwise 1803 */ 1804 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 1805 { 1806 char *isp = ipp->security; 1807 int may; 1808 1809 may = smack_flags_to_may(flag); 1810 return smk_curacc(isp, may); 1811 } 1812 1813 /** 1814 * smack_ipc_getsecid - Extract smack security id 1815 * @ipcp: the object permissions 1816 * @secid: where result will be saved 1817 */ 1818 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 1819 { 1820 char *smack = ipp->security; 1821 1822 *secid = smack_to_secid(smack); 1823 } 1824 1825 /** 1826 * smack_d_instantiate - Make sure the blob is correct on an inode 1827 * @opt_dentry: unused 1828 * @inode: the object 1829 * 1830 * Set the inode's security blob if it hasn't been done already. 1831 */ 1832 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 1833 { 1834 struct super_block *sbp; 1835 struct superblock_smack *sbsp; 1836 struct inode_smack *isp; 1837 char *csp = current->security; 1838 char *fetched; 1839 char *final; 1840 struct dentry *dp; 1841 1842 if (inode == NULL) 1843 return; 1844 1845 isp = inode->i_security; 1846 1847 mutex_lock(&isp->smk_lock); 1848 /* 1849 * If the inode is already instantiated 1850 * take the quick way out 1851 */ 1852 if (isp->smk_flags & SMK_INODE_INSTANT) 1853 goto unlockandout; 1854 1855 sbp = inode->i_sb; 1856 sbsp = sbp->s_security; 1857 /* 1858 * We're going to use the superblock default label 1859 * if there's no label on the file. 1860 */ 1861 final = sbsp->smk_default; 1862 1863 /* 1864 * If this is the root inode the superblock 1865 * may be in the process of initialization. 1866 * If that is the case use the root value out 1867 * of the superblock. 1868 */ 1869 if (opt_dentry->d_parent == opt_dentry) { 1870 isp->smk_inode = sbsp->smk_root; 1871 isp->smk_flags |= SMK_INODE_INSTANT; 1872 goto unlockandout; 1873 } 1874 1875 /* 1876 * This is pretty hackish. 1877 * Casey says that we shouldn't have to do 1878 * file system specific code, but it does help 1879 * with keeping it simple. 1880 */ 1881 switch (sbp->s_magic) { 1882 case SMACK_MAGIC: 1883 /* 1884 * Casey says that it's a little embarassing 1885 * that the smack file system doesn't do 1886 * extended attributes. 1887 */ 1888 final = smack_known_star.smk_known; 1889 break; 1890 case PIPEFS_MAGIC: 1891 /* 1892 * Casey says pipes are easy (?) 1893 */ 1894 final = smack_known_star.smk_known; 1895 break; 1896 case DEVPTS_SUPER_MAGIC: 1897 /* 1898 * devpts seems content with the label of the task. 1899 * Programs that change smack have to treat the 1900 * pty with respect. 1901 */ 1902 final = csp; 1903 break; 1904 case SOCKFS_MAGIC: 1905 /* 1906 * Casey says sockets get the smack of the task. 1907 */ 1908 final = csp; 1909 break; 1910 case PROC_SUPER_MAGIC: 1911 /* 1912 * Casey says procfs appears not to care. 1913 * The superblock default suffices. 1914 */ 1915 break; 1916 case TMPFS_MAGIC: 1917 /* 1918 * Device labels should come from the filesystem, 1919 * but watch out, because they're volitile, 1920 * getting recreated on every reboot. 1921 */ 1922 final = smack_known_star.smk_known; 1923 /* 1924 * No break. 1925 * 1926 * If a smack value has been set we want to use it, 1927 * but since tmpfs isn't giving us the opportunity 1928 * to set mount options simulate setting the 1929 * superblock default. 1930 */ 1931 default: 1932 /* 1933 * This isn't an understood special case. 1934 * Get the value from the xattr. 1935 * 1936 * No xattr support means, alas, no SMACK label. 1937 * Use the aforeapplied default. 1938 * It would be curious if the label of the task 1939 * does not match that assigned. 1940 */ 1941 if (inode->i_op->getxattr == NULL) 1942 break; 1943 /* 1944 * Get the dentry for xattr. 1945 */ 1946 if (opt_dentry == NULL) { 1947 dp = d_find_alias(inode); 1948 if (dp == NULL) 1949 break; 1950 } else { 1951 dp = dget(opt_dentry); 1952 if (dp == NULL) 1953 break; 1954 } 1955 1956 fetched = smk_fetch(inode, dp); 1957 if (fetched != NULL) 1958 final = fetched; 1959 1960 dput(dp); 1961 break; 1962 } 1963 1964 if (final == NULL) 1965 isp->smk_inode = csp; 1966 else 1967 isp->smk_inode = final; 1968 1969 isp->smk_flags |= SMK_INODE_INSTANT; 1970 1971 unlockandout: 1972 mutex_unlock(&isp->smk_lock); 1973 return; 1974 } 1975 1976 /** 1977 * smack_getprocattr - Smack process attribute access 1978 * @p: the object task 1979 * @name: the name of the attribute in /proc/.../attr 1980 * @value: where to put the result 1981 * 1982 * Places a copy of the task Smack into value 1983 * 1984 * Returns the length of the smack label or an error code 1985 */ 1986 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 1987 { 1988 char *cp; 1989 int slen; 1990 1991 if (strcmp(name, "current") != 0) 1992 return -EINVAL; 1993 1994 cp = kstrdup(p->security, GFP_KERNEL); 1995 if (cp == NULL) 1996 return -ENOMEM; 1997 1998 slen = strlen(cp); 1999 *value = cp; 2000 return slen; 2001 } 2002 2003 /** 2004 * smack_setprocattr - Smack process attribute setting 2005 * @p: the object task 2006 * @name: the name of the attribute in /proc/.../attr 2007 * @value: the value to set 2008 * @size: the size of the value 2009 * 2010 * Sets the Smack value of the task. Only setting self 2011 * is permitted and only with privilege 2012 * 2013 * Returns the length of the smack label or an error code 2014 */ 2015 static int smack_setprocattr(struct task_struct *p, char *name, 2016 void *value, size_t size) 2017 { 2018 char *newsmack; 2019 2020 if (!__capable(p, CAP_MAC_ADMIN)) 2021 return -EPERM; 2022 2023 /* 2024 * Changing another process' Smack value is too dangerous 2025 * and supports no sane use case. 2026 */ 2027 if (p != current) 2028 return -EPERM; 2029 2030 if (value == NULL || size == 0 || size >= SMK_LABELLEN) 2031 return -EINVAL; 2032 2033 if (strcmp(name, "current") != 0) 2034 return -EINVAL; 2035 2036 newsmack = smk_import(value, size); 2037 if (newsmack == NULL) 2038 return -EINVAL; 2039 2040 p->security = newsmack; 2041 return size; 2042 } 2043 2044 /** 2045 * smack_unix_stream_connect - Smack access on UDS 2046 * @sock: one socket 2047 * @other: the other socket 2048 * @newsk: unused 2049 * 2050 * Return 0 if a subject with the smack of sock could access 2051 * an object with the smack of other, otherwise an error code 2052 */ 2053 static int smack_unix_stream_connect(struct socket *sock, 2054 struct socket *other, struct sock *newsk) 2055 { 2056 struct inode *sp = SOCK_INODE(sock); 2057 struct inode *op = SOCK_INODE(other); 2058 2059 return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_READWRITE); 2060 } 2061 2062 /** 2063 * smack_unix_may_send - Smack access on UDS 2064 * @sock: one socket 2065 * @other: the other socket 2066 * 2067 * Return 0 if a subject with the smack of sock could access 2068 * an object with the smack of other, otherwise an error code 2069 */ 2070 static int smack_unix_may_send(struct socket *sock, struct socket *other) 2071 { 2072 struct inode *sp = SOCK_INODE(sock); 2073 struct inode *op = SOCK_INODE(other); 2074 2075 return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE); 2076 } 2077 2078 /** 2079 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat 2080 * pair to smack 2081 * @sap: netlabel secattr 2082 * @sip: where to put the result 2083 * 2084 * Copies a smack label into sip 2085 */ 2086 static void smack_from_secattr(struct netlbl_lsm_secattr *sap, char *sip) 2087 { 2088 char smack[SMK_LABELLEN]; 2089 int pcat; 2090 2091 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) == 0) { 2092 /* 2093 * If there are flags but no level netlabel isn't 2094 * behaving the way we expect it to. 2095 * 2096 * Without guidance regarding the smack value 2097 * for the packet fall back on the network 2098 * ambient value. 2099 */ 2100 strncpy(sip, smack_net_ambient, SMK_MAXLEN); 2101 return; 2102 } 2103 /* 2104 * Get the categories, if any 2105 */ 2106 memset(smack, '\0', SMK_LABELLEN); 2107 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0) 2108 for (pcat = -1;;) { 2109 pcat = netlbl_secattr_catmap_walk(sap->attr.mls.cat, 2110 pcat + 1); 2111 if (pcat < 0) 2112 break; 2113 smack_catset_bit(pcat, smack); 2114 } 2115 /* 2116 * If it is CIPSO using smack direct mapping 2117 * we are already done. WeeHee. 2118 */ 2119 if (sap->attr.mls.lvl == smack_cipso_direct) { 2120 memcpy(sip, smack, SMK_MAXLEN); 2121 return; 2122 } 2123 /* 2124 * Look it up in the supplied table if it is not a direct mapping. 2125 */ 2126 smack_from_cipso(sap->attr.mls.lvl, smack, sip); 2127 return; 2128 } 2129 2130 /** 2131 * smack_socket_sock_rcv_skb - Smack packet delivery access check 2132 * @sk: socket 2133 * @skb: packet 2134 * 2135 * Returns 0 if the packet should be delivered, an error code otherwise 2136 */ 2137 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 2138 { 2139 struct netlbl_lsm_secattr secattr; 2140 struct socket_smack *ssp = sk->sk_security; 2141 char smack[SMK_LABELLEN]; 2142 int rc; 2143 2144 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2145 return 0; 2146 2147 /* 2148 * Translate what netlabel gave us. 2149 */ 2150 memset(smack, '\0', SMK_LABELLEN); 2151 netlbl_secattr_init(&secattr); 2152 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); 2153 if (rc == 0) 2154 smack_from_secattr(&secattr, smack); 2155 else 2156 strncpy(smack, smack_net_ambient, SMK_MAXLEN); 2157 netlbl_secattr_destroy(&secattr); 2158 /* 2159 * Receiving a packet requires that the other end 2160 * be able to write here. Read access is not required. 2161 * This is the simplist possible security model 2162 * for networking. 2163 */ 2164 return smk_access(smack, ssp->smk_in, MAY_WRITE); 2165 } 2166 2167 /** 2168 * smack_socket_getpeersec_stream - pull in packet label 2169 * @sock: the socket 2170 * @optval: user's destination 2171 * @optlen: size thereof 2172 * @len: max thereoe 2173 * 2174 * returns zero on success, an error code otherwise 2175 */ 2176 static int smack_socket_getpeersec_stream(struct socket *sock, 2177 char __user *optval, 2178 int __user *optlen, unsigned len) 2179 { 2180 struct socket_smack *ssp; 2181 int slen; 2182 int rc = 0; 2183 2184 ssp = sock->sk->sk_security; 2185 slen = strlen(ssp->smk_packet) + 1; 2186 2187 if (slen > len) 2188 rc = -ERANGE; 2189 else if (copy_to_user(optval, ssp->smk_packet, slen) != 0) 2190 rc = -EFAULT; 2191 2192 if (put_user(slen, optlen) != 0) 2193 rc = -EFAULT; 2194 2195 return rc; 2196 } 2197 2198 2199 /** 2200 * smack_socket_getpeersec_dgram - pull in packet label 2201 * @sock: the socket 2202 * @skb: packet data 2203 * @secid: pointer to where to put the secid of the packet 2204 * 2205 * Sets the netlabel socket state on sk from parent 2206 */ 2207 static int smack_socket_getpeersec_dgram(struct socket *sock, 2208 struct sk_buff *skb, u32 *secid) 2209 2210 { 2211 struct netlbl_lsm_secattr secattr; 2212 struct sock *sk; 2213 char smack[SMK_LABELLEN]; 2214 int family = PF_INET; 2215 u32 s; 2216 int rc; 2217 2218 /* 2219 * Only works for families with packets. 2220 */ 2221 if (sock != NULL) { 2222 sk = sock->sk; 2223 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2224 return 0; 2225 family = sk->sk_family; 2226 } 2227 /* 2228 * Translate what netlabel gave us. 2229 */ 2230 memset(smack, '\0', SMK_LABELLEN); 2231 netlbl_secattr_init(&secattr); 2232 rc = netlbl_skbuff_getattr(skb, family, &secattr); 2233 if (rc == 0) 2234 smack_from_secattr(&secattr, smack); 2235 netlbl_secattr_destroy(&secattr); 2236 2237 /* 2238 * Give up if we couldn't get anything 2239 */ 2240 if (rc != 0) 2241 return rc; 2242 2243 s = smack_to_secid(smack); 2244 if (s == 0) 2245 return -EINVAL; 2246 2247 *secid = s; 2248 return 0; 2249 } 2250 2251 /** 2252 * smack_sock_graft - graft access state between two sockets 2253 * @sk: fresh sock 2254 * @parent: donor socket 2255 * 2256 * Sets the netlabel socket state on sk from parent 2257 */ 2258 static void smack_sock_graft(struct sock *sk, struct socket *parent) 2259 { 2260 struct socket_smack *ssp; 2261 int rc; 2262 2263 if (sk == NULL) 2264 return; 2265 2266 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2267 return; 2268 2269 ssp = sk->sk_security; 2270 ssp->smk_in = current->security; 2271 ssp->smk_out = current->security; 2272 ssp->smk_packet[0] = '\0'; 2273 2274 rc = smack_netlabel(sk); 2275 if (rc != 0) 2276 printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n", 2277 __func__, -rc); 2278 } 2279 2280 /** 2281 * smack_inet_conn_request - Smack access check on connect 2282 * @sk: socket involved 2283 * @skb: packet 2284 * @req: unused 2285 * 2286 * Returns 0 if a task with the packet label could write to 2287 * the socket, otherwise an error code 2288 */ 2289 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 2290 struct request_sock *req) 2291 { 2292 struct netlbl_lsm_secattr skb_secattr; 2293 struct socket_smack *ssp = sk->sk_security; 2294 char smack[SMK_LABELLEN]; 2295 int rc; 2296 2297 if (skb == NULL) 2298 return -EACCES; 2299 2300 memset(smack, '\0', SMK_LABELLEN); 2301 netlbl_secattr_init(&skb_secattr); 2302 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &skb_secattr); 2303 if (rc == 0) 2304 smack_from_secattr(&skb_secattr, smack); 2305 else 2306 strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); 2307 netlbl_secattr_destroy(&skb_secattr); 2308 /* 2309 * Receiving a packet requires that the other end 2310 * be able to write here. Read access is not required. 2311 * 2312 * If the request is successful save the peer's label 2313 * so that SO_PEERCRED can report it. 2314 */ 2315 rc = smk_access(smack, ssp->smk_in, MAY_WRITE); 2316 if (rc == 0) 2317 strncpy(ssp->smk_packet, smack, SMK_MAXLEN); 2318 2319 return rc; 2320 } 2321 2322 /* 2323 * Key management security hooks 2324 * 2325 * Casey has not tested key support very heavily. 2326 * The permission check is most likely too restrictive. 2327 * If you care about keys please have a look. 2328 */ 2329 #ifdef CONFIG_KEYS 2330 2331 /** 2332 * smack_key_alloc - Set the key security blob 2333 * @key: object 2334 * @tsk: the task associated with the key 2335 * @flags: unused 2336 * 2337 * No allocation required 2338 * 2339 * Returns 0 2340 */ 2341 static int smack_key_alloc(struct key *key, struct task_struct *tsk, 2342 unsigned long flags) 2343 { 2344 key->security = tsk->security; 2345 return 0; 2346 } 2347 2348 /** 2349 * smack_key_free - Clear the key security blob 2350 * @key: the object 2351 * 2352 * Clear the blob pointer 2353 */ 2354 static void smack_key_free(struct key *key) 2355 { 2356 key->security = NULL; 2357 } 2358 2359 /* 2360 * smack_key_permission - Smack access on a key 2361 * @key_ref: gets to the object 2362 * @context: task involved 2363 * @perm: unused 2364 * 2365 * Return 0 if the task has read and write to the object, 2366 * an error code otherwise 2367 */ 2368 static int smack_key_permission(key_ref_t key_ref, 2369 struct task_struct *context, key_perm_t perm) 2370 { 2371 struct key *keyp; 2372 2373 keyp = key_ref_to_ptr(key_ref); 2374 if (keyp == NULL) 2375 return -EINVAL; 2376 /* 2377 * If the key hasn't been initialized give it access so that 2378 * it may do so. 2379 */ 2380 if (keyp->security == NULL) 2381 return 0; 2382 /* 2383 * This should not occur 2384 */ 2385 if (context->security == NULL) 2386 return -EACCES; 2387 2388 return smk_access(context->security, keyp->security, MAY_READWRITE); 2389 } 2390 #endif /* CONFIG_KEYS */ 2391 2392 /* 2393 * Smack Audit hooks 2394 * 2395 * Audit requires a unique representation of each Smack specific 2396 * rule. This unique representation is used to distinguish the 2397 * object to be audited from remaining kernel objects and also 2398 * works as a glue between the audit hooks. 2399 * 2400 * Since repository entries are added but never deleted, we'll use 2401 * the smack_known label address related to the given audit rule as 2402 * the needed unique representation. This also better fits the smack 2403 * model where nearly everything is a label. 2404 */ 2405 #ifdef CONFIG_AUDIT 2406 2407 /** 2408 * smack_audit_rule_init - Initialize a smack audit rule 2409 * @field: audit rule fields given from user-space (audit.h) 2410 * @op: required testing operator (=, !=, >, <, ...) 2411 * @rulestr: smack label to be audited 2412 * @vrule: pointer to save our own audit rule representation 2413 * 2414 * Prepare to audit cases where (@field @op @rulestr) is true. 2415 * The label to be audited is created if necessay. 2416 */ 2417 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 2418 { 2419 char **rule = (char **)vrule; 2420 *rule = NULL; 2421 2422 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 2423 return -EINVAL; 2424 2425 if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL) 2426 return -EINVAL; 2427 2428 *rule = smk_import(rulestr, 0); 2429 2430 return 0; 2431 } 2432 2433 /** 2434 * smack_audit_rule_known - Distinguish Smack audit rules 2435 * @krule: rule of interest, in Audit kernel representation format 2436 * 2437 * This is used to filter Smack rules from remaining Audit ones. 2438 * If it's proved that this rule belongs to us, the 2439 * audit_rule_match hook will be called to do the final judgement. 2440 */ 2441 static int smack_audit_rule_known(struct audit_krule *krule) 2442 { 2443 struct audit_field *f; 2444 int i; 2445 2446 for (i = 0; i < krule->field_count; i++) { 2447 f = &krule->fields[i]; 2448 2449 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 2450 return 1; 2451 } 2452 2453 return 0; 2454 } 2455 2456 /** 2457 * smack_audit_rule_match - Audit given object ? 2458 * @secid: security id for identifying the object to test 2459 * @field: audit rule flags given from user-space 2460 * @op: required testing operator 2461 * @vrule: smack internal rule presentation 2462 * @actx: audit context associated with the check 2463 * 2464 * The core Audit hook. It's used to take the decision of 2465 * whether to audit or not to audit a given object. 2466 */ 2467 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 2468 struct audit_context *actx) 2469 { 2470 char *smack; 2471 char *rule = vrule; 2472 2473 if (!rule) { 2474 audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR, 2475 "Smack: missing rule\n"); 2476 return -ENOENT; 2477 } 2478 2479 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 2480 return 0; 2481 2482 smack = smack_from_secid(secid); 2483 2484 /* 2485 * No need to do string comparisons. If a match occurs, 2486 * both pointers will point to the same smack_known 2487 * label. 2488 */ 2489 if (op == AUDIT_EQUAL) 2490 return (rule == smack); 2491 if (op == AUDIT_NOT_EQUAL) 2492 return (rule != smack); 2493 2494 return 0; 2495 } 2496 2497 /** 2498 * smack_audit_rule_free - free smack rule representation 2499 * @vrule: rule to be freed. 2500 * 2501 * No memory was allocated. 2502 */ 2503 static void smack_audit_rule_free(void *vrule) 2504 { 2505 /* No-op */ 2506 } 2507 2508 #endif /* CONFIG_AUDIT */ 2509 2510 /* 2511 * smack_secid_to_secctx - return the smack label for a secid 2512 * @secid: incoming integer 2513 * @secdata: destination 2514 * @seclen: how long it is 2515 * 2516 * Exists for networking code. 2517 */ 2518 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 2519 { 2520 char *sp = smack_from_secid(secid); 2521 2522 *secdata = sp; 2523 *seclen = strlen(sp); 2524 return 0; 2525 } 2526 2527 /* 2528 * smack_secctx_to_secid - return the secid for a smack label 2529 * @secdata: smack label 2530 * @seclen: how long result is 2531 * @secid: outgoing integer 2532 * 2533 * Exists for audit and networking code. 2534 */ 2535 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 2536 { 2537 *secid = smack_to_secid(secdata); 2538 return 0; 2539 } 2540 2541 /* 2542 * smack_release_secctx - don't do anything. 2543 * @key_ref: unused 2544 * @context: unused 2545 * @perm: unused 2546 * 2547 * Exists to make sure nothing gets done, and properly 2548 */ 2549 static void smack_release_secctx(char *secdata, u32 seclen) 2550 { 2551 } 2552 2553 struct security_operations smack_ops = { 2554 .name = "smack", 2555 2556 .ptrace = smack_ptrace, 2557 .capget = cap_capget, 2558 .capset_check = cap_capset_check, 2559 .capset_set = cap_capset_set, 2560 .capable = cap_capable, 2561 .syslog = smack_syslog, 2562 .settime = cap_settime, 2563 .vm_enough_memory = cap_vm_enough_memory, 2564 2565 .bprm_apply_creds = cap_bprm_apply_creds, 2566 .bprm_set_security = cap_bprm_set_security, 2567 .bprm_secureexec = cap_bprm_secureexec, 2568 2569 .sb_alloc_security = smack_sb_alloc_security, 2570 .sb_free_security = smack_sb_free_security, 2571 .sb_copy_data = smack_sb_copy_data, 2572 .sb_kern_mount = smack_sb_kern_mount, 2573 .sb_statfs = smack_sb_statfs, 2574 .sb_mount = smack_sb_mount, 2575 .sb_umount = smack_sb_umount, 2576 2577 .inode_alloc_security = smack_inode_alloc_security, 2578 .inode_free_security = smack_inode_free_security, 2579 .inode_init_security = smack_inode_init_security, 2580 .inode_link = smack_inode_link, 2581 .inode_unlink = smack_inode_unlink, 2582 .inode_rmdir = smack_inode_rmdir, 2583 .inode_rename = smack_inode_rename, 2584 .inode_permission = smack_inode_permission, 2585 .inode_setattr = smack_inode_setattr, 2586 .inode_getattr = smack_inode_getattr, 2587 .inode_setxattr = smack_inode_setxattr, 2588 .inode_post_setxattr = smack_inode_post_setxattr, 2589 .inode_getxattr = smack_inode_getxattr, 2590 .inode_removexattr = smack_inode_removexattr, 2591 .inode_need_killpriv = cap_inode_need_killpriv, 2592 .inode_killpriv = cap_inode_killpriv, 2593 .inode_getsecurity = smack_inode_getsecurity, 2594 .inode_setsecurity = smack_inode_setsecurity, 2595 .inode_listsecurity = smack_inode_listsecurity, 2596 .inode_getsecid = smack_inode_getsecid, 2597 2598 .file_permission = smack_file_permission, 2599 .file_alloc_security = smack_file_alloc_security, 2600 .file_free_security = smack_file_free_security, 2601 .file_ioctl = smack_file_ioctl, 2602 .file_lock = smack_file_lock, 2603 .file_fcntl = smack_file_fcntl, 2604 .file_set_fowner = smack_file_set_fowner, 2605 .file_send_sigiotask = smack_file_send_sigiotask, 2606 .file_receive = smack_file_receive, 2607 2608 .task_alloc_security = smack_task_alloc_security, 2609 .task_free_security = smack_task_free_security, 2610 .task_post_setuid = cap_task_post_setuid, 2611 .task_setpgid = smack_task_setpgid, 2612 .task_getpgid = smack_task_getpgid, 2613 .task_getsid = smack_task_getsid, 2614 .task_getsecid = smack_task_getsecid, 2615 .task_setnice = smack_task_setnice, 2616 .task_setioprio = smack_task_setioprio, 2617 .task_getioprio = smack_task_getioprio, 2618 .task_setscheduler = smack_task_setscheduler, 2619 .task_getscheduler = smack_task_getscheduler, 2620 .task_movememory = smack_task_movememory, 2621 .task_kill = smack_task_kill, 2622 .task_wait = smack_task_wait, 2623 .task_reparent_to_init = cap_task_reparent_to_init, 2624 .task_to_inode = smack_task_to_inode, 2625 .task_prctl = cap_task_prctl, 2626 2627 .ipc_permission = smack_ipc_permission, 2628 .ipc_getsecid = smack_ipc_getsecid, 2629 2630 .msg_msg_alloc_security = smack_msg_msg_alloc_security, 2631 .msg_msg_free_security = smack_msg_msg_free_security, 2632 2633 .msg_queue_alloc_security = smack_msg_queue_alloc_security, 2634 .msg_queue_free_security = smack_msg_queue_free_security, 2635 .msg_queue_associate = smack_msg_queue_associate, 2636 .msg_queue_msgctl = smack_msg_queue_msgctl, 2637 .msg_queue_msgsnd = smack_msg_queue_msgsnd, 2638 .msg_queue_msgrcv = smack_msg_queue_msgrcv, 2639 2640 .shm_alloc_security = smack_shm_alloc_security, 2641 .shm_free_security = smack_shm_free_security, 2642 .shm_associate = smack_shm_associate, 2643 .shm_shmctl = smack_shm_shmctl, 2644 .shm_shmat = smack_shm_shmat, 2645 2646 .sem_alloc_security = smack_sem_alloc_security, 2647 .sem_free_security = smack_sem_free_security, 2648 .sem_associate = smack_sem_associate, 2649 .sem_semctl = smack_sem_semctl, 2650 .sem_semop = smack_sem_semop, 2651 2652 .netlink_send = cap_netlink_send, 2653 .netlink_recv = cap_netlink_recv, 2654 2655 .d_instantiate = smack_d_instantiate, 2656 2657 .getprocattr = smack_getprocattr, 2658 .setprocattr = smack_setprocattr, 2659 2660 .unix_stream_connect = smack_unix_stream_connect, 2661 .unix_may_send = smack_unix_may_send, 2662 2663 .socket_post_create = smack_socket_post_create, 2664 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, 2665 .socket_getpeersec_stream = smack_socket_getpeersec_stream, 2666 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, 2667 .sk_alloc_security = smack_sk_alloc_security, 2668 .sk_free_security = smack_sk_free_security, 2669 .sock_graft = smack_sock_graft, 2670 .inet_conn_request = smack_inet_conn_request, 2671 2672 /* key management security hooks */ 2673 #ifdef CONFIG_KEYS 2674 .key_alloc = smack_key_alloc, 2675 .key_free = smack_key_free, 2676 .key_permission = smack_key_permission, 2677 #endif /* CONFIG_KEYS */ 2678 2679 /* Audit hooks */ 2680 #ifdef CONFIG_AUDIT 2681 .audit_rule_init = smack_audit_rule_init, 2682 .audit_rule_known = smack_audit_rule_known, 2683 .audit_rule_match = smack_audit_rule_match, 2684 .audit_rule_free = smack_audit_rule_free, 2685 #endif /* CONFIG_AUDIT */ 2686 2687 .secid_to_secctx = smack_secid_to_secctx, 2688 .secctx_to_secid = smack_secctx_to_secid, 2689 .release_secctx = smack_release_secctx, 2690 }; 2691 2692 /** 2693 * smack_init - initialize the smack system 2694 * 2695 * Returns 0 2696 */ 2697 static __init int smack_init(void) 2698 { 2699 if (!security_module_enable(&smack_ops)) 2700 return 0; 2701 2702 printk(KERN_INFO "Smack: Initializing.\n"); 2703 2704 /* 2705 * Set the security state for the initial task. 2706 */ 2707 current->security = &smack_known_floor.smk_known; 2708 2709 /* 2710 * Initialize locks 2711 */ 2712 spin_lock_init(&smack_known_unset.smk_cipsolock); 2713 spin_lock_init(&smack_known_huh.smk_cipsolock); 2714 spin_lock_init(&smack_known_hat.smk_cipsolock); 2715 spin_lock_init(&smack_known_star.smk_cipsolock); 2716 spin_lock_init(&smack_known_floor.smk_cipsolock); 2717 spin_lock_init(&smack_known_invalid.smk_cipsolock); 2718 2719 /* 2720 * Register with LSM 2721 */ 2722 if (register_security(&smack_ops)) 2723 panic("smack: Unable to register with kernel.\n"); 2724 2725 return 0; 2726 } 2727 2728 /* 2729 * Smack requires early initialization in order to label 2730 * all processes and objects when they are created. 2731 */ 2732 security_initcall(smack_init); 2733 2734