1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include <linux/io_uring.h> 46 #include "smack.h" 47 48 #define TRANS_TRUE "TRUE" 49 #define TRANS_TRUE_SIZE 4 50 51 #define SMK_CONNECTING 0 52 #define SMK_RECEIVING 1 53 #define SMK_SENDING 2 54 55 #ifdef SMACK_IPV6_PORT_LABELING 56 static DEFINE_MUTEX(smack_ipv6_lock); 57 static LIST_HEAD(smk_ipv6_port_list); 58 #endif 59 struct kmem_cache *smack_rule_cache; 60 int smack_enabled __initdata; 61 62 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 63 static struct { 64 const char *name; 65 int len; 66 int opt; 67 } smk_mount_opts[] = { 68 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 69 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 70 }; 71 #undef A 72 73 static int match_opt_prefix(char *s, int l, char **arg) 74 { 75 int i; 76 77 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 78 size_t len = smk_mount_opts[i].len; 79 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 80 continue; 81 if (len == l || s[len] != '=') 82 continue; 83 *arg = s + len + 1; 84 return smk_mount_opts[i].opt; 85 } 86 return Opt_error; 87 } 88 89 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 90 static char *smk_bu_mess[] = { 91 "Bringup Error", /* Unused */ 92 "Bringup", /* SMACK_BRINGUP_ALLOW */ 93 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 94 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 95 }; 96 97 static void smk_bu_mode(int mode, char *s) 98 { 99 int i = 0; 100 101 if (mode & MAY_READ) 102 s[i++] = 'r'; 103 if (mode & MAY_WRITE) 104 s[i++] = 'w'; 105 if (mode & MAY_EXEC) 106 s[i++] = 'x'; 107 if (mode & MAY_APPEND) 108 s[i++] = 'a'; 109 if (mode & MAY_TRANSMUTE) 110 s[i++] = 't'; 111 if (mode & MAY_LOCK) 112 s[i++] = 'l'; 113 if (i == 0) 114 s[i++] = '-'; 115 s[i] = '\0'; 116 } 117 #endif 118 119 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 120 static int smk_bu_note(char *note, struct smack_known *sskp, 121 struct smack_known *oskp, int mode, int rc) 122 { 123 char acc[SMK_NUM_ACCESS_TYPE + 1]; 124 125 if (rc <= 0) 126 return rc; 127 if (rc > SMACK_UNCONFINED_OBJECT) 128 rc = 0; 129 130 smk_bu_mode(mode, acc); 131 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 132 sskp->smk_known, oskp->smk_known, acc, note); 133 return 0; 134 } 135 #else 136 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 137 #endif 138 139 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 140 static int smk_bu_current(char *note, struct smack_known *oskp, 141 int mode, int rc) 142 { 143 struct task_smack *tsp = smack_cred(current_cred()); 144 char acc[SMK_NUM_ACCESS_TYPE + 1]; 145 146 if (rc <= 0) 147 return rc; 148 if (rc > SMACK_UNCONFINED_OBJECT) 149 rc = 0; 150 151 smk_bu_mode(mode, acc); 152 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 153 tsp->smk_task->smk_known, oskp->smk_known, 154 acc, current->comm, note); 155 return 0; 156 } 157 #else 158 #define smk_bu_current(note, oskp, mode, RC) (RC) 159 #endif 160 161 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 162 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 163 { 164 struct task_smack *tsp = smack_cred(current_cred()); 165 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 166 char acc[SMK_NUM_ACCESS_TYPE + 1]; 167 168 if (rc <= 0) 169 return rc; 170 if (rc > SMACK_UNCONFINED_OBJECT) 171 rc = 0; 172 173 smk_bu_mode(mode, acc); 174 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 175 tsp->smk_task->smk_known, smk_task->smk_known, acc, 176 current->comm, otp->comm); 177 return 0; 178 } 179 #else 180 #define smk_bu_task(otp, mode, RC) (RC) 181 #endif 182 183 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 184 static int smk_bu_inode(struct inode *inode, int mode, int rc) 185 { 186 struct task_smack *tsp = smack_cred(current_cred()); 187 struct inode_smack *isp = smack_inode(inode); 188 char acc[SMK_NUM_ACCESS_TYPE + 1]; 189 190 if (isp->smk_flags & SMK_INODE_IMPURE) 191 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 192 inode->i_sb->s_id, inode->i_ino, current->comm); 193 194 if (rc <= 0) 195 return rc; 196 if (rc > SMACK_UNCONFINED_OBJECT) 197 rc = 0; 198 if (rc == SMACK_UNCONFINED_SUBJECT && 199 (mode & (MAY_WRITE | MAY_APPEND))) 200 isp->smk_flags |= SMK_INODE_IMPURE; 201 202 smk_bu_mode(mode, acc); 203 204 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 205 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 206 inode->i_sb->s_id, inode->i_ino, current->comm); 207 return 0; 208 } 209 #else 210 #define smk_bu_inode(inode, mode, RC) (RC) 211 #endif 212 213 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 214 static int smk_bu_file(struct file *file, int mode, int rc) 215 { 216 struct task_smack *tsp = smack_cred(current_cred()); 217 struct smack_known *sskp = tsp->smk_task; 218 struct inode *inode = file_inode(file); 219 struct inode_smack *isp = smack_inode(inode); 220 char acc[SMK_NUM_ACCESS_TYPE + 1]; 221 222 if (isp->smk_flags & SMK_INODE_IMPURE) 223 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 224 inode->i_sb->s_id, inode->i_ino, current->comm); 225 226 if (rc <= 0) 227 return rc; 228 if (rc > SMACK_UNCONFINED_OBJECT) 229 rc = 0; 230 231 smk_bu_mode(mode, acc); 232 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 233 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 234 inode->i_sb->s_id, inode->i_ino, file, 235 current->comm); 236 return 0; 237 } 238 #else 239 #define smk_bu_file(file, mode, RC) (RC) 240 #endif 241 242 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 243 static int smk_bu_credfile(const struct cred *cred, struct file *file, 244 int mode, int rc) 245 { 246 struct task_smack *tsp = smack_cred(cred); 247 struct smack_known *sskp = tsp->smk_task; 248 struct inode *inode = file_inode(file); 249 struct inode_smack *isp = smack_inode(inode); 250 char acc[SMK_NUM_ACCESS_TYPE + 1]; 251 252 if (isp->smk_flags & SMK_INODE_IMPURE) 253 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 254 inode->i_sb->s_id, inode->i_ino, current->comm); 255 256 if (rc <= 0) 257 return rc; 258 if (rc > SMACK_UNCONFINED_OBJECT) 259 rc = 0; 260 261 smk_bu_mode(mode, acc); 262 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 263 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 264 inode->i_sb->s_id, inode->i_ino, file, 265 current->comm); 266 return 0; 267 } 268 #else 269 #define smk_bu_credfile(cred, file, mode, RC) (RC) 270 #endif 271 272 /** 273 * smk_fetch - Fetch the smack label from a file. 274 * @name: type of the label (attribute) 275 * @ip: a pointer to the inode 276 * @dp: a pointer to the dentry 277 * 278 * Returns a pointer to the master list entry for the Smack label, 279 * NULL if there was no label to fetch, or an error code. 280 */ 281 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 282 struct dentry *dp) 283 { 284 int rc; 285 char *buffer; 286 struct smack_known *skp = NULL; 287 288 if (!(ip->i_opflags & IOP_XATTR)) 289 return ERR_PTR(-EOPNOTSUPP); 290 291 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 292 if (buffer == NULL) 293 return ERR_PTR(-ENOMEM); 294 295 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 296 if (rc < 0) 297 skp = ERR_PTR(rc); 298 else if (rc == 0) 299 skp = NULL; 300 else 301 skp = smk_import_entry(buffer, rc); 302 303 kfree(buffer); 304 305 return skp; 306 } 307 308 /** 309 * init_inode_smack - initialize an inode security blob 310 * @inode: inode to extract the info from 311 * @skp: a pointer to the Smack label entry to use in the blob 312 * 313 */ 314 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 315 { 316 struct inode_smack *isp = smack_inode(inode); 317 318 isp->smk_inode = skp; 319 isp->smk_flags = 0; 320 } 321 322 /** 323 * init_task_smack - initialize a task security blob 324 * @tsp: blob to initialize 325 * @task: a pointer to the Smack label for the running task 326 * @forked: a pointer to the Smack label for the forked task 327 * 328 */ 329 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 330 struct smack_known *forked) 331 { 332 tsp->smk_task = task; 333 tsp->smk_forked = forked; 334 INIT_LIST_HEAD(&tsp->smk_rules); 335 INIT_LIST_HEAD(&tsp->smk_relabel); 336 mutex_init(&tsp->smk_rules_lock); 337 } 338 339 /** 340 * smk_copy_rules - copy a rule set 341 * @nhead: new rules header pointer 342 * @ohead: old rules header pointer 343 * @gfp: type of the memory for the allocation 344 * 345 * Returns 0 on success, -ENOMEM on error 346 */ 347 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 348 gfp_t gfp) 349 { 350 struct smack_rule *nrp; 351 struct smack_rule *orp; 352 int rc = 0; 353 354 list_for_each_entry_rcu(orp, ohead, list) { 355 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 356 if (nrp == NULL) { 357 rc = -ENOMEM; 358 break; 359 } 360 *nrp = *orp; 361 list_add_rcu(&nrp->list, nhead); 362 } 363 return rc; 364 } 365 366 /** 367 * smk_copy_relabel - copy smk_relabel labels list 368 * @nhead: new rules header pointer 369 * @ohead: old rules header pointer 370 * @gfp: type of the memory for the allocation 371 * 372 * Returns 0 on success, -ENOMEM on error 373 */ 374 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 375 gfp_t gfp) 376 { 377 struct smack_known_list_elem *nklep; 378 struct smack_known_list_elem *oklep; 379 380 list_for_each_entry(oklep, ohead, list) { 381 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 382 if (nklep == NULL) { 383 smk_destroy_label_list(nhead); 384 return -ENOMEM; 385 } 386 nklep->smk_label = oklep->smk_label; 387 list_add(&nklep->list, nhead); 388 } 389 390 return 0; 391 } 392 393 /** 394 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 395 * @mode: input mode in form of PTRACE_MODE_* 396 * 397 * Returns a converted MAY_* mode usable by smack rules 398 */ 399 static inline unsigned int smk_ptrace_mode(unsigned int mode) 400 { 401 if (mode & PTRACE_MODE_ATTACH) 402 return MAY_READWRITE; 403 if (mode & PTRACE_MODE_READ) 404 return MAY_READ; 405 406 return 0; 407 } 408 409 /** 410 * smk_ptrace_rule_check - helper for ptrace access 411 * @tracer: tracer process 412 * @tracee_known: label entry of the process that's about to be traced 413 * @mode: ptrace attachment mode (PTRACE_MODE_*) 414 * @func: name of the function that called us, used for audit 415 * 416 * Returns 0 on access granted, -error on error 417 */ 418 static int smk_ptrace_rule_check(struct task_struct *tracer, 419 struct smack_known *tracee_known, 420 unsigned int mode, const char *func) 421 { 422 int rc; 423 struct smk_audit_info ad, *saip = NULL; 424 struct task_smack *tsp; 425 struct smack_known *tracer_known; 426 const struct cred *tracercred; 427 428 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 429 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 430 smk_ad_setfield_u_tsk(&ad, tracer); 431 saip = &ad; 432 } 433 434 rcu_read_lock(); 435 tracercred = __task_cred(tracer); 436 tsp = smack_cred(tracercred); 437 tracer_known = smk_of_task(tsp); 438 439 if ((mode & PTRACE_MODE_ATTACH) && 440 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 441 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 442 if (tracer_known->smk_known == tracee_known->smk_known) 443 rc = 0; 444 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 445 rc = -EACCES; 446 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 447 rc = 0; 448 else 449 rc = -EACCES; 450 451 if (saip) 452 smack_log(tracer_known->smk_known, 453 tracee_known->smk_known, 454 0, rc, saip); 455 456 rcu_read_unlock(); 457 return rc; 458 } 459 460 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 461 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 462 463 rcu_read_unlock(); 464 return rc; 465 } 466 467 /* 468 * LSM hooks. 469 * We he, that is fun! 470 */ 471 472 /** 473 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 474 * @ctp: child task pointer 475 * @mode: ptrace attachment mode (PTRACE_MODE_*) 476 * 477 * Returns 0 if access is OK, an error code otherwise 478 * 479 * Do the capability checks. 480 */ 481 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 482 { 483 struct smack_known *skp; 484 485 skp = smk_of_task_struct_obj(ctp); 486 487 return smk_ptrace_rule_check(current, skp, mode, __func__); 488 } 489 490 /** 491 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 492 * @ptp: parent task pointer 493 * 494 * Returns 0 if access is OK, an error code otherwise 495 * 496 * Do the capability checks, and require PTRACE_MODE_ATTACH. 497 */ 498 static int smack_ptrace_traceme(struct task_struct *ptp) 499 { 500 struct smack_known *skp; 501 502 skp = smk_of_task(smack_cred(current_cred())); 503 504 return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 505 } 506 507 /** 508 * smack_syslog - Smack approval on syslog 509 * @typefrom_file: unused 510 * 511 * Returns 0 on success, error code otherwise. 512 */ 513 static int smack_syslog(int typefrom_file) 514 { 515 int rc = 0; 516 struct smack_known *skp = smk_of_current(); 517 518 if (smack_privileged(CAP_MAC_OVERRIDE)) 519 return 0; 520 521 if (smack_syslog_label != NULL && smack_syslog_label != skp) 522 rc = -EACCES; 523 524 return rc; 525 } 526 527 /* 528 * Superblock Hooks. 529 */ 530 531 /** 532 * smack_sb_alloc_security - allocate a superblock blob 533 * @sb: the superblock getting the blob 534 * 535 * Returns 0 on success or -ENOMEM on error. 536 */ 537 static int smack_sb_alloc_security(struct super_block *sb) 538 { 539 struct superblock_smack *sbsp = smack_superblock(sb); 540 541 sbsp->smk_root = &smack_known_floor; 542 sbsp->smk_default = &smack_known_floor; 543 sbsp->smk_floor = &smack_known_floor; 544 sbsp->smk_hat = &smack_known_hat; 545 /* 546 * SMK_SB_INITIALIZED will be zero from kzalloc. 547 */ 548 549 return 0; 550 } 551 552 struct smack_mnt_opts { 553 const char *fsdefault; 554 const char *fsfloor; 555 const char *fshat; 556 const char *fsroot; 557 const char *fstransmute; 558 }; 559 560 static void smack_free_mnt_opts(void *mnt_opts) 561 { 562 kfree(mnt_opts); 563 } 564 565 static int smack_add_opt(int token, const char *s, void **mnt_opts) 566 { 567 struct smack_mnt_opts *opts = *mnt_opts; 568 struct smack_known *skp; 569 570 if (!opts) { 571 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 572 if (!opts) 573 return -ENOMEM; 574 *mnt_opts = opts; 575 } 576 if (!s) 577 return -ENOMEM; 578 579 skp = smk_import_entry(s, 0); 580 if (IS_ERR(skp)) 581 return PTR_ERR(skp); 582 583 switch (token) { 584 case Opt_fsdefault: 585 if (opts->fsdefault) 586 goto out_opt_err; 587 opts->fsdefault = skp->smk_known; 588 break; 589 case Opt_fsfloor: 590 if (opts->fsfloor) 591 goto out_opt_err; 592 opts->fsfloor = skp->smk_known; 593 break; 594 case Opt_fshat: 595 if (opts->fshat) 596 goto out_opt_err; 597 opts->fshat = skp->smk_known; 598 break; 599 case Opt_fsroot: 600 if (opts->fsroot) 601 goto out_opt_err; 602 opts->fsroot = skp->smk_known; 603 break; 604 case Opt_fstransmute: 605 if (opts->fstransmute) 606 goto out_opt_err; 607 opts->fstransmute = skp->smk_known; 608 break; 609 } 610 return 0; 611 612 out_opt_err: 613 pr_warn("Smack: duplicate mount options\n"); 614 return -EINVAL; 615 } 616 617 /** 618 * smack_fs_context_submount - Initialise security data for a filesystem context 619 * @fc: The filesystem context. 620 * @reference: reference superblock 621 * 622 * Returns 0 on success or -ENOMEM on error. 623 */ 624 static int smack_fs_context_submount(struct fs_context *fc, 625 struct super_block *reference) 626 { 627 struct superblock_smack *sbsp; 628 struct smack_mnt_opts *ctx; 629 struct inode_smack *isp; 630 631 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 632 if (!ctx) 633 return -ENOMEM; 634 fc->security = ctx; 635 636 sbsp = smack_superblock(reference); 637 isp = smack_inode(reference->s_root->d_inode); 638 639 if (sbsp->smk_default) { 640 ctx->fsdefault = kstrdup(sbsp->smk_default->smk_known, GFP_KERNEL); 641 if (!ctx->fsdefault) 642 return -ENOMEM; 643 } 644 645 if (sbsp->smk_floor) { 646 ctx->fsfloor = kstrdup(sbsp->smk_floor->smk_known, GFP_KERNEL); 647 if (!ctx->fsfloor) 648 return -ENOMEM; 649 } 650 651 if (sbsp->smk_hat) { 652 ctx->fshat = kstrdup(sbsp->smk_hat->smk_known, GFP_KERNEL); 653 if (!ctx->fshat) 654 return -ENOMEM; 655 } 656 657 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 658 if (sbsp->smk_root) { 659 ctx->fstransmute = kstrdup(sbsp->smk_root->smk_known, GFP_KERNEL); 660 if (!ctx->fstransmute) 661 return -ENOMEM; 662 } 663 } 664 return 0; 665 } 666 667 /** 668 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 669 * @fc: The new filesystem context. 670 * @src_fc: The source filesystem context being duplicated. 671 * 672 * Returns 0 on success or -ENOMEM on error. 673 */ 674 static int smack_fs_context_dup(struct fs_context *fc, 675 struct fs_context *src_fc) 676 { 677 struct smack_mnt_opts *dst, *src = src_fc->security; 678 679 if (!src) 680 return 0; 681 682 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 683 if (!fc->security) 684 return -ENOMEM; 685 686 dst = fc->security; 687 dst->fsdefault = src->fsdefault; 688 dst->fsfloor = src->fsfloor; 689 dst->fshat = src->fshat; 690 dst->fsroot = src->fsroot; 691 dst->fstransmute = src->fstransmute; 692 693 return 0; 694 } 695 696 static const struct fs_parameter_spec smack_fs_parameters[] = { 697 fsparam_string("smackfsdef", Opt_fsdefault), 698 fsparam_string("smackfsdefault", Opt_fsdefault), 699 fsparam_string("smackfsfloor", Opt_fsfloor), 700 fsparam_string("smackfshat", Opt_fshat), 701 fsparam_string("smackfsroot", Opt_fsroot), 702 fsparam_string("smackfstransmute", Opt_fstransmute), 703 {} 704 }; 705 706 /** 707 * smack_fs_context_parse_param - Parse a single mount parameter 708 * @fc: The new filesystem context being constructed. 709 * @param: The parameter. 710 * 711 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 712 * error. 713 */ 714 static int smack_fs_context_parse_param(struct fs_context *fc, 715 struct fs_parameter *param) 716 { 717 struct fs_parse_result result; 718 int opt, rc; 719 720 opt = fs_parse(fc, smack_fs_parameters, param, &result); 721 if (opt < 0) 722 return opt; 723 724 rc = smack_add_opt(opt, param->string, &fc->security); 725 if (!rc) 726 param->string = NULL; 727 return rc; 728 } 729 730 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 731 { 732 char *from = options, *to = options; 733 bool first = true; 734 735 while (1) { 736 char *next = strchr(from, ','); 737 int token, len, rc; 738 char *arg = NULL; 739 740 if (next) 741 len = next - from; 742 else 743 len = strlen(from); 744 745 token = match_opt_prefix(from, len, &arg); 746 if (token != Opt_error) { 747 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 748 rc = smack_add_opt(token, arg, mnt_opts); 749 kfree(arg); 750 if (unlikely(rc)) { 751 if (*mnt_opts) 752 smack_free_mnt_opts(*mnt_opts); 753 *mnt_opts = NULL; 754 return rc; 755 } 756 } else { 757 if (!first) { // copy with preceding comma 758 from--; 759 len++; 760 } 761 if (to != from) 762 memmove(to, from, len); 763 to += len; 764 first = false; 765 } 766 if (!from[len]) 767 break; 768 from += len + 1; 769 } 770 *to = '\0'; 771 return 0; 772 } 773 774 /** 775 * smack_set_mnt_opts - set Smack specific mount options 776 * @sb: the file system superblock 777 * @mnt_opts: Smack mount options 778 * @kern_flags: mount option from kernel space or user space 779 * @set_kern_flags: where to store converted mount opts 780 * 781 * Returns 0 on success, an error code on failure 782 * 783 * Allow filesystems with binary mount data to explicitly set Smack mount 784 * labels. 785 */ 786 static int smack_set_mnt_opts(struct super_block *sb, 787 void *mnt_opts, 788 unsigned long kern_flags, 789 unsigned long *set_kern_flags) 790 { 791 struct dentry *root = sb->s_root; 792 struct inode *inode = d_backing_inode(root); 793 struct superblock_smack *sp = smack_superblock(sb); 794 struct inode_smack *isp; 795 struct smack_known *skp; 796 struct smack_mnt_opts *opts = mnt_opts; 797 bool transmute = false; 798 799 if (sp->smk_flags & SMK_SB_INITIALIZED) 800 return 0; 801 802 if (!smack_privileged(CAP_MAC_ADMIN)) { 803 /* 804 * Unprivileged mounts don't get to specify Smack values. 805 */ 806 if (opts) 807 return -EPERM; 808 /* 809 * Unprivileged mounts get root and default from the caller. 810 */ 811 skp = smk_of_current(); 812 sp->smk_root = skp; 813 sp->smk_default = skp; 814 /* 815 * For a handful of fs types with no user-controlled 816 * backing store it's okay to trust security labels 817 * in the filesystem. The rest are untrusted. 818 */ 819 if (sb->s_user_ns != &init_user_ns && 820 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 821 sb->s_magic != RAMFS_MAGIC) { 822 transmute = true; 823 sp->smk_flags |= SMK_SB_UNTRUSTED; 824 } 825 } 826 827 sp->smk_flags |= SMK_SB_INITIALIZED; 828 829 if (opts) { 830 if (opts->fsdefault) { 831 skp = smk_import_entry(opts->fsdefault, 0); 832 if (IS_ERR(skp)) 833 return PTR_ERR(skp); 834 sp->smk_default = skp; 835 } 836 if (opts->fsfloor) { 837 skp = smk_import_entry(opts->fsfloor, 0); 838 if (IS_ERR(skp)) 839 return PTR_ERR(skp); 840 sp->smk_floor = skp; 841 } 842 if (opts->fshat) { 843 skp = smk_import_entry(opts->fshat, 0); 844 if (IS_ERR(skp)) 845 return PTR_ERR(skp); 846 sp->smk_hat = skp; 847 } 848 if (opts->fsroot) { 849 skp = smk_import_entry(opts->fsroot, 0); 850 if (IS_ERR(skp)) 851 return PTR_ERR(skp); 852 sp->smk_root = skp; 853 } 854 if (opts->fstransmute) { 855 skp = smk_import_entry(opts->fstransmute, 0); 856 if (IS_ERR(skp)) 857 return PTR_ERR(skp); 858 sp->smk_root = skp; 859 transmute = true; 860 } 861 } 862 863 /* 864 * Initialize the root inode. 865 */ 866 init_inode_smack(inode, sp->smk_root); 867 868 if (transmute) { 869 isp = smack_inode(inode); 870 isp->smk_flags |= SMK_INODE_TRANSMUTE; 871 } 872 873 return 0; 874 } 875 876 /** 877 * smack_sb_statfs - Smack check on statfs 878 * @dentry: identifies the file system in question 879 * 880 * Returns 0 if current can read the floor of the filesystem, 881 * and error code otherwise 882 */ 883 static int smack_sb_statfs(struct dentry *dentry) 884 { 885 struct superblock_smack *sbp = smack_superblock(dentry->d_sb); 886 int rc; 887 struct smk_audit_info ad; 888 889 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 890 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 891 892 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 893 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 894 return rc; 895 } 896 897 /* 898 * BPRM hooks 899 */ 900 901 /** 902 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 903 * @bprm: the exec information 904 * 905 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 906 */ 907 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 908 { 909 struct inode *inode = file_inode(bprm->file); 910 struct task_smack *bsp = smack_cred(bprm->cred); 911 struct inode_smack *isp; 912 struct superblock_smack *sbsp; 913 int rc; 914 915 isp = smack_inode(inode); 916 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 917 return 0; 918 919 sbsp = smack_superblock(inode->i_sb); 920 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 921 isp->smk_task != sbsp->smk_root) 922 return 0; 923 924 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 925 struct task_struct *tracer; 926 rc = 0; 927 928 rcu_read_lock(); 929 tracer = ptrace_parent(current); 930 if (likely(tracer != NULL)) 931 rc = smk_ptrace_rule_check(tracer, 932 isp->smk_task, 933 PTRACE_MODE_ATTACH, 934 __func__); 935 rcu_read_unlock(); 936 937 if (rc != 0) 938 return rc; 939 } 940 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 941 return -EPERM; 942 943 bsp->smk_task = isp->smk_task; 944 bprm->per_clear |= PER_CLEAR_ON_SETID; 945 946 /* Decide if this is a secure exec. */ 947 if (bsp->smk_task != bsp->smk_forked) 948 bprm->secureexec = 1; 949 950 return 0; 951 } 952 953 /* 954 * Inode hooks 955 */ 956 957 /** 958 * smack_inode_alloc_security - allocate an inode blob 959 * @inode: the inode in need of a blob 960 * 961 * Returns 0 962 */ 963 static int smack_inode_alloc_security(struct inode *inode) 964 { 965 struct smack_known *skp = smk_of_current(); 966 967 init_inode_smack(inode, skp); 968 return 0; 969 } 970 971 /** 972 * smack_inode_init_security - copy out the smack from an inode 973 * @inode: the newly created inode 974 * @dir: containing directory object 975 * @qstr: unused 976 * @name: where to put the attribute name 977 * @value: where to put the attribute value 978 * @len: where to put the length of the attribute 979 * 980 * Returns 0 if it all works out, -ENOMEM if there's no memory 981 */ 982 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 983 const struct qstr *qstr, const char **name, 984 void **value, size_t *len) 985 { 986 struct task_smack *tsp = smack_cred(current_cred()); 987 struct inode_smack *issp = smack_inode(inode); 988 struct smack_known *skp = smk_of_task(tsp); 989 struct smack_known *isp = smk_of_inode(inode); 990 struct smack_known *dsp = smk_of_inode(dir); 991 int may; 992 993 if (name) 994 *name = XATTR_SMACK_SUFFIX; 995 996 if (value && len) { 997 /* 998 * If equal, transmuting already occurred in 999 * smack_dentry_create_files_as(). No need to check again. 1000 */ 1001 if (tsp->smk_task != tsp->smk_transmuted) { 1002 rcu_read_lock(); 1003 may = smk_access_entry(skp->smk_known, dsp->smk_known, 1004 &skp->smk_rules); 1005 rcu_read_unlock(); 1006 } 1007 1008 /* 1009 * In addition to having smk_task equal to smk_transmuted, 1010 * if the access rule allows transmutation and the directory 1011 * requests transmutation then by all means transmute. 1012 * Mark the inode as changed. 1013 */ 1014 if ((tsp->smk_task == tsp->smk_transmuted) || 1015 (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 1016 smk_inode_transmutable(dir))) { 1017 /* 1018 * The caller of smack_dentry_create_files_as() 1019 * should have overridden the current cred, so the 1020 * inode label was already set correctly in 1021 * smack_inode_alloc_security(). 1022 */ 1023 if (tsp->smk_task != tsp->smk_transmuted) 1024 isp = dsp; 1025 issp->smk_flags |= SMK_INODE_CHANGED; 1026 } 1027 1028 *value = kstrdup(isp->smk_known, GFP_NOFS); 1029 if (*value == NULL) 1030 return -ENOMEM; 1031 1032 *len = strlen(isp->smk_known); 1033 } 1034 1035 return 0; 1036 } 1037 1038 /** 1039 * smack_inode_link - Smack check on link 1040 * @old_dentry: the existing object 1041 * @dir: unused 1042 * @new_dentry: the new object 1043 * 1044 * Returns 0 if access is permitted, an error code otherwise 1045 */ 1046 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1047 struct dentry *new_dentry) 1048 { 1049 struct smack_known *isp; 1050 struct smk_audit_info ad; 1051 int rc; 1052 1053 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1054 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1055 1056 isp = smk_of_inode(d_backing_inode(old_dentry)); 1057 rc = smk_curacc(isp, MAY_WRITE, &ad); 1058 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1059 1060 if (rc == 0 && d_is_positive(new_dentry)) { 1061 isp = smk_of_inode(d_backing_inode(new_dentry)); 1062 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1063 rc = smk_curacc(isp, MAY_WRITE, &ad); 1064 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1065 } 1066 1067 return rc; 1068 } 1069 1070 /** 1071 * smack_inode_unlink - Smack check on inode deletion 1072 * @dir: containing directory object 1073 * @dentry: file to unlink 1074 * 1075 * Returns 0 if current can write the containing directory 1076 * and the object, error code otherwise 1077 */ 1078 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1079 { 1080 struct inode *ip = d_backing_inode(dentry); 1081 struct smk_audit_info ad; 1082 int rc; 1083 1084 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1085 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1086 1087 /* 1088 * You need write access to the thing you're unlinking 1089 */ 1090 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1091 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1092 if (rc == 0) { 1093 /* 1094 * You also need write access to the containing directory 1095 */ 1096 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1097 smk_ad_setfield_u_fs_inode(&ad, dir); 1098 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1099 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1100 } 1101 return rc; 1102 } 1103 1104 /** 1105 * smack_inode_rmdir - Smack check on directory deletion 1106 * @dir: containing directory object 1107 * @dentry: directory to unlink 1108 * 1109 * Returns 0 if current can write the containing directory 1110 * and the directory, error code otherwise 1111 */ 1112 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1113 { 1114 struct smk_audit_info ad; 1115 int rc; 1116 1117 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1118 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1119 1120 /* 1121 * You need write access to the thing you're removing 1122 */ 1123 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1124 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1125 if (rc == 0) { 1126 /* 1127 * You also need write access to the containing directory 1128 */ 1129 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1130 smk_ad_setfield_u_fs_inode(&ad, dir); 1131 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1132 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1133 } 1134 1135 return rc; 1136 } 1137 1138 /** 1139 * smack_inode_rename - Smack check on rename 1140 * @old_inode: unused 1141 * @old_dentry: the old object 1142 * @new_inode: unused 1143 * @new_dentry: the new object 1144 * 1145 * Read and write access is required on both the old and 1146 * new directories. 1147 * 1148 * Returns 0 if access is permitted, an error code otherwise 1149 */ 1150 static int smack_inode_rename(struct inode *old_inode, 1151 struct dentry *old_dentry, 1152 struct inode *new_inode, 1153 struct dentry *new_dentry) 1154 { 1155 int rc; 1156 struct smack_known *isp; 1157 struct smk_audit_info ad; 1158 1159 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1160 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1161 1162 isp = smk_of_inode(d_backing_inode(old_dentry)); 1163 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1164 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1165 1166 if (rc == 0 && d_is_positive(new_dentry)) { 1167 isp = smk_of_inode(d_backing_inode(new_dentry)); 1168 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1169 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1170 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1171 } 1172 return rc; 1173 } 1174 1175 /** 1176 * smack_inode_permission - Smack version of permission() 1177 * @inode: the inode in question 1178 * @mask: the access requested 1179 * 1180 * This is the important Smack hook. 1181 * 1182 * Returns 0 if access is permitted, an error code otherwise 1183 */ 1184 static int smack_inode_permission(struct inode *inode, int mask) 1185 { 1186 struct superblock_smack *sbsp = smack_superblock(inode->i_sb); 1187 struct smk_audit_info ad; 1188 int no_block = mask & MAY_NOT_BLOCK; 1189 int rc; 1190 1191 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1192 /* 1193 * No permission to check. Existence test. Yup, it's there. 1194 */ 1195 if (mask == 0) 1196 return 0; 1197 1198 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1199 if (smk_of_inode(inode) != sbsp->smk_root) 1200 return -EACCES; 1201 } 1202 1203 /* May be droppable after audit */ 1204 if (no_block) 1205 return -ECHILD; 1206 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1207 smk_ad_setfield_u_fs_inode(&ad, inode); 1208 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1209 rc = smk_bu_inode(inode, mask, rc); 1210 return rc; 1211 } 1212 1213 /** 1214 * smack_inode_setattr - Smack check for setting attributes 1215 * @dentry: the object 1216 * @iattr: for the force flag 1217 * 1218 * Returns 0 if access is permitted, an error code otherwise 1219 */ 1220 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1221 { 1222 struct smk_audit_info ad; 1223 int rc; 1224 1225 /* 1226 * Need to allow for clearing the setuid bit. 1227 */ 1228 if (iattr->ia_valid & ATTR_FORCE) 1229 return 0; 1230 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1231 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1232 1233 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1234 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1235 return rc; 1236 } 1237 1238 /** 1239 * smack_inode_getattr - Smack check for getting attributes 1240 * @path: path to extract the info from 1241 * 1242 * Returns 0 if access is permitted, an error code otherwise 1243 */ 1244 static int smack_inode_getattr(const struct path *path) 1245 { 1246 struct smk_audit_info ad; 1247 struct inode *inode = d_backing_inode(path->dentry); 1248 int rc; 1249 1250 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1251 smk_ad_setfield_u_fs_path(&ad, *path); 1252 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1253 rc = smk_bu_inode(inode, MAY_READ, rc); 1254 return rc; 1255 } 1256 1257 /** 1258 * smack_inode_setxattr - Smack check for setting xattrs 1259 * @idmap: idmap of the mount 1260 * @dentry: the object 1261 * @name: name of the attribute 1262 * @value: value of the attribute 1263 * @size: size of the value 1264 * @flags: unused 1265 * 1266 * This protects the Smack attribute explicitly. 1267 * 1268 * Returns 0 if access is permitted, an error code otherwise 1269 */ 1270 static int smack_inode_setxattr(struct mnt_idmap *idmap, 1271 struct dentry *dentry, const char *name, 1272 const void *value, size_t size, int flags) 1273 { 1274 struct smk_audit_info ad; 1275 struct smack_known *skp; 1276 int check_priv = 0; 1277 int check_import = 0; 1278 int check_star = 0; 1279 int rc = 0; 1280 1281 /* 1282 * Check label validity here so import won't fail in post_setxattr 1283 */ 1284 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1285 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1286 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1287 check_priv = 1; 1288 check_import = 1; 1289 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1290 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1291 check_priv = 1; 1292 check_import = 1; 1293 check_star = 1; 1294 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1295 check_priv = 1; 1296 if (size != TRANS_TRUE_SIZE || 1297 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1298 rc = -EINVAL; 1299 } else 1300 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1301 1302 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1303 rc = -EPERM; 1304 1305 if (rc == 0 && check_import) { 1306 skp = size ? smk_import_entry(value, size) : NULL; 1307 if (IS_ERR(skp)) 1308 rc = PTR_ERR(skp); 1309 else if (skp == NULL || (check_star && 1310 (skp == &smack_known_star || skp == &smack_known_web))) 1311 rc = -EINVAL; 1312 } 1313 1314 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1315 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1316 1317 if (rc == 0) { 1318 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1319 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1320 } 1321 1322 return rc; 1323 } 1324 1325 /** 1326 * smack_inode_post_setxattr - Apply the Smack update approved above 1327 * @dentry: object 1328 * @name: attribute name 1329 * @value: attribute value 1330 * @size: attribute size 1331 * @flags: unused 1332 * 1333 * Set the pointer in the inode blob to the entry found 1334 * in the master label list. 1335 */ 1336 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1337 const void *value, size_t size, int flags) 1338 { 1339 struct smack_known *skp; 1340 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1341 1342 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1343 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1344 return; 1345 } 1346 1347 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1348 skp = smk_import_entry(value, size); 1349 if (!IS_ERR(skp)) 1350 isp->smk_inode = skp; 1351 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1352 skp = smk_import_entry(value, size); 1353 if (!IS_ERR(skp)) 1354 isp->smk_task = skp; 1355 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1356 skp = smk_import_entry(value, size); 1357 if (!IS_ERR(skp)) 1358 isp->smk_mmap = skp; 1359 } 1360 1361 return; 1362 } 1363 1364 /** 1365 * smack_inode_getxattr - Smack check on getxattr 1366 * @dentry: the object 1367 * @name: unused 1368 * 1369 * Returns 0 if access is permitted, an error code otherwise 1370 */ 1371 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1372 { 1373 struct smk_audit_info ad; 1374 int rc; 1375 1376 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1377 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1378 1379 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1380 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1381 return rc; 1382 } 1383 1384 /** 1385 * smack_inode_removexattr - Smack check on removexattr 1386 * @idmap: idmap of the mount 1387 * @dentry: the object 1388 * @name: name of the attribute 1389 * 1390 * Removing the Smack attribute requires CAP_MAC_ADMIN 1391 * 1392 * Returns 0 if access is permitted, an error code otherwise 1393 */ 1394 static int smack_inode_removexattr(struct mnt_idmap *idmap, 1395 struct dentry *dentry, const char *name) 1396 { 1397 struct inode_smack *isp; 1398 struct smk_audit_info ad; 1399 int rc = 0; 1400 1401 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1402 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1403 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1404 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1405 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1406 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1407 if (!smack_privileged(CAP_MAC_ADMIN)) 1408 rc = -EPERM; 1409 } else 1410 rc = cap_inode_removexattr(idmap, dentry, name); 1411 1412 if (rc != 0) 1413 return rc; 1414 1415 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1416 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1417 1418 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1419 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1420 if (rc != 0) 1421 return rc; 1422 1423 isp = smack_inode(d_backing_inode(dentry)); 1424 /* 1425 * Don't do anything special for these. 1426 * XATTR_NAME_SMACKIPIN 1427 * XATTR_NAME_SMACKIPOUT 1428 */ 1429 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1430 struct super_block *sbp = dentry->d_sb; 1431 struct superblock_smack *sbsp = smack_superblock(sbp); 1432 1433 isp->smk_inode = sbsp->smk_default; 1434 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1435 isp->smk_task = NULL; 1436 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1437 isp->smk_mmap = NULL; 1438 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1439 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1440 1441 return 0; 1442 } 1443 1444 /** 1445 * smack_inode_set_acl - Smack check for setting posix acls 1446 * @idmap: idmap of the mnt this request came from 1447 * @dentry: the object 1448 * @acl_name: name of the posix acl 1449 * @kacl: the posix acls 1450 * 1451 * Returns 0 if access is permitted, an error code otherwise 1452 */ 1453 static int smack_inode_set_acl(struct mnt_idmap *idmap, 1454 struct dentry *dentry, const char *acl_name, 1455 struct posix_acl *kacl) 1456 { 1457 struct smk_audit_info ad; 1458 int rc; 1459 1460 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1461 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1462 1463 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1464 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1465 return rc; 1466 } 1467 1468 /** 1469 * smack_inode_get_acl - Smack check for getting posix acls 1470 * @idmap: idmap of the mnt this request came from 1471 * @dentry: the object 1472 * @acl_name: name of the posix acl 1473 * 1474 * Returns 0 if access is permitted, an error code otherwise 1475 */ 1476 static int smack_inode_get_acl(struct mnt_idmap *idmap, 1477 struct dentry *dentry, const char *acl_name) 1478 { 1479 struct smk_audit_info ad; 1480 int rc; 1481 1482 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1483 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1484 1485 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1486 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1487 return rc; 1488 } 1489 1490 /** 1491 * smack_inode_remove_acl - Smack check for getting posix acls 1492 * @idmap: idmap of the mnt this request came from 1493 * @dentry: the object 1494 * @acl_name: name of the posix acl 1495 * 1496 * Returns 0 if access is permitted, an error code otherwise 1497 */ 1498 static int smack_inode_remove_acl(struct mnt_idmap *idmap, 1499 struct dentry *dentry, const char *acl_name) 1500 { 1501 struct smk_audit_info ad; 1502 int rc; 1503 1504 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1505 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1506 1507 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1508 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1509 return rc; 1510 } 1511 1512 /** 1513 * smack_inode_getsecurity - get smack xattrs 1514 * @idmap: idmap of the mount 1515 * @inode: the object 1516 * @name: attribute name 1517 * @buffer: where to put the result 1518 * @alloc: duplicate memory 1519 * 1520 * Returns the size of the attribute or an error code 1521 */ 1522 static int smack_inode_getsecurity(struct mnt_idmap *idmap, 1523 struct inode *inode, const char *name, 1524 void **buffer, bool alloc) 1525 { 1526 struct socket_smack *ssp; 1527 struct socket *sock; 1528 struct super_block *sbp; 1529 struct inode *ip = inode; 1530 struct smack_known *isp; 1531 struct inode_smack *ispp; 1532 size_t label_len; 1533 char *label = NULL; 1534 1535 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1536 isp = smk_of_inode(inode); 1537 } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) { 1538 ispp = smack_inode(inode); 1539 if (ispp->smk_flags & SMK_INODE_TRANSMUTE) 1540 label = TRANS_TRUE; 1541 else 1542 label = ""; 1543 } else { 1544 /* 1545 * The rest of the Smack xattrs are only on sockets. 1546 */ 1547 sbp = ip->i_sb; 1548 if (sbp->s_magic != SOCKFS_MAGIC) 1549 return -EOPNOTSUPP; 1550 1551 sock = SOCKET_I(ip); 1552 if (sock == NULL || sock->sk == NULL) 1553 return -EOPNOTSUPP; 1554 1555 ssp = sock->sk->sk_security; 1556 1557 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1558 isp = ssp->smk_in; 1559 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1560 isp = ssp->smk_out; 1561 else 1562 return -EOPNOTSUPP; 1563 } 1564 1565 if (!label) 1566 label = isp->smk_known; 1567 1568 label_len = strlen(label); 1569 1570 if (alloc) { 1571 *buffer = kstrdup(label, GFP_KERNEL); 1572 if (*buffer == NULL) 1573 return -ENOMEM; 1574 } 1575 1576 return label_len; 1577 } 1578 1579 1580 /** 1581 * smack_inode_listsecurity - list the Smack attributes 1582 * @inode: the object 1583 * @buffer: where they go 1584 * @buffer_size: size of buffer 1585 */ 1586 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1587 size_t buffer_size) 1588 { 1589 int len = sizeof(XATTR_NAME_SMACK); 1590 1591 if (buffer != NULL && len <= buffer_size) 1592 memcpy(buffer, XATTR_NAME_SMACK, len); 1593 1594 return len; 1595 } 1596 1597 /** 1598 * smack_inode_getsecid - Extract inode's security id 1599 * @inode: inode to extract the info from 1600 * @secid: where result will be saved 1601 */ 1602 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1603 { 1604 struct smack_known *skp = smk_of_inode(inode); 1605 1606 *secid = skp->smk_secid; 1607 } 1608 1609 /* 1610 * File Hooks 1611 */ 1612 1613 /* 1614 * There is no smack_file_permission hook 1615 * 1616 * Should access checks be done on each read or write? 1617 * UNICOS and SELinux say yes. 1618 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1619 * 1620 * I'll say no for now. Smack does not do the frequent 1621 * label changing that SELinux does. 1622 */ 1623 1624 /** 1625 * smack_file_alloc_security - assign a file security blob 1626 * @file: the object 1627 * 1628 * The security blob for a file is a pointer to the master 1629 * label list, so no allocation is done. 1630 * 1631 * f_security is the owner security information. It 1632 * isn't used on file access checks, it's for send_sigio. 1633 * 1634 * Returns 0 1635 */ 1636 static int smack_file_alloc_security(struct file *file) 1637 { 1638 struct smack_known **blob = smack_file(file); 1639 1640 *blob = smk_of_current(); 1641 return 0; 1642 } 1643 1644 /** 1645 * smack_file_ioctl - Smack check on ioctls 1646 * @file: the object 1647 * @cmd: what to do 1648 * @arg: unused 1649 * 1650 * Relies heavily on the correct use of the ioctl command conventions. 1651 * 1652 * Returns 0 if allowed, error code otherwise 1653 */ 1654 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1655 unsigned long arg) 1656 { 1657 int rc = 0; 1658 struct smk_audit_info ad; 1659 struct inode *inode = file_inode(file); 1660 1661 if (unlikely(IS_PRIVATE(inode))) 1662 return 0; 1663 1664 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1665 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1666 1667 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1668 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1669 rc = smk_bu_file(file, MAY_WRITE, rc); 1670 } 1671 1672 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1673 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1674 rc = smk_bu_file(file, MAY_READ, rc); 1675 } 1676 1677 return rc; 1678 } 1679 1680 /** 1681 * smack_file_lock - Smack check on file locking 1682 * @file: the object 1683 * @cmd: unused 1684 * 1685 * Returns 0 if current has lock access, error code otherwise 1686 */ 1687 static int smack_file_lock(struct file *file, unsigned int cmd) 1688 { 1689 struct smk_audit_info ad; 1690 int rc; 1691 struct inode *inode = file_inode(file); 1692 1693 if (unlikely(IS_PRIVATE(inode))) 1694 return 0; 1695 1696 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1697 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1698 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1699 rc = smk_bu_file(file, MAY_LOCK, rc); 1700 return rc; 1701 } 1702 1703 /** 1704 * smack_file_fcntl - Smack check on fcntl 1705 * @file: the object 1706 * @cmd: what action to check 1707 * @arg: unused 1708 * 1709 * Generally these operations are harmless. 1710 * File locking operations present an obvious mechanism 1711 * for passing information, so they require write access. 1712 * 1713 * Returns 0 if current has access, error code otherwise 1714 */ 1715 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1716 unsigned long arg) 1717 { 1718 struct smk_audit_info ad; 1719 int rc = 0; 1720 struct inode *inode = file_inode(file); 1721 1722 if (unlikely(IS_PRIVATE(inode))) 1723 return 0; 1724 1725 switch (cmd) { 1726 case F_GETLK: 1727 break; 1728 case F_SETLK: 1729 case F_SETLKW: 1730 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1731 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1732 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1733 rc = smk_bu_file(file, MAY_LOCK, rc); 1734 break; 1735 case F_SETOWN: 1736 case F_SETSIG: 1737 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1738 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1739 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1740 rc = smk_bu_file(file, MAY_WRITE, rc); 1741 break; 1742 default: 1743 break; 1744 } 1745 1746 return rc; 1747 } 1748 1749 /** 1750 * smack_mmap_file - Check permissions for a mmap operation. 1751 * @file: contains the file structure for file to map (may be NULL). 1752 * @reqprot: contains the protection requested by the application. 1753 * @prot: contains the protection that will be applied by the kernel. 1754 * @flags: contains the operational flags. 1755 * 1756 * The @file may be NULL, e.g. if mapping anonymous memory. 1757 * 1758 * Return 0 if permission is granted. 1759 */ 1760 static int smack_mmap_file(struct file *file, 1761 unsigned long reqprot, unsigned long prot, 1762 unsigned long flags) 1763 { 1764 struct smack_known *skp; 1765 struct smack_known *mkp; 1766 struct smack_rule *srp; 1767 struct task_smack *tsp; 1768 struct smack_known *okp; 1769 struct inode_smack *isp; 1770 struct superblock_smack *sbsp; 1771 int may; 1772 int mmay; 1773 int tmay; 1774 int rc; 1775 1776 if (file == NULL) 1777 return 0; 1778 1779 if (unlikely(IS_PRIVATE(file_inode(file)))) 1780 return 0; 1781 1782 isp = smack_inode(file_inode(file)); 1783 if (isp->smk_mmap == NULL) 1784 return 0; 1785 sbsp = smack_superblock(file_inode(file)->i_sb); 1786 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1787 isp->smk_mmap != sbsp->smk_root) 1788 return -EACCES; 1789 mkp = isp->smk_mmap; 1790 1791 tsp = smack_cred(current_cred()); 1792 skp = smk_of_current(); 1793 rc = 0; 1794 1795 rcu_read_lock(); 1796 /* 1797 * For each Smack rule associated with the subject 1798 * label verify that the SMACK64MMAP also has access 1799 * to that rule's object label. 1800 */ 1801 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1802 okp = srp->smk_object; 1803 /* 1804 * Matching labels always allows access. 1805 */ 1806 if (mkp->smk_known == okp->smk_known) 1807 continue; 1808 /* 1809 * If there is a matching local rule take 1810 * that into account as well. 1811 */ 1812 may = smk_access_entry(srp->smk_subject->smk_known, 1813 okp->smk_known, 1814 &tsp->smk_rules); 1815 if (may == -ENOENT) 1816 may = srp->smk_access; 1817 else 1818 may &= srp->smk_access; 1819 /* 1820 * If may is zero the SMACK64MMAP subject can't 1821 * possibly have less access. 1822 */ 1823 if (may == 0) 1824 continue; 1825 1826 /* 1827 * Fetch the global list entry. 1828 * If there isn't one a SMACK64MMAP subject 1829 * can't have as much access as current. 1830 */ 1831 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1832 &mkp->smk_rules); 1833 if (mmay == -ENOENT) { 1834 rc = -EACCES; 1835 break; 1836 } 1837 /* 1838 * If there is a local entry it modifies the 1839 * potential access, too. 1840 */ 1841 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1842 &tsp->smk_rules); 1843 if (tmay != -ENOENT) 1844 mmay &= tmay; 1845 1846 /* 1847 * If there is any access available to current that is 1848 * not available to a SMACK64MMAP subject 1849 * deny access. 1850 */ 1851 if ((may | mmay) != mmay) { 1852 rc = -EACCES; 1853 break; 1854 } 1855 } 1856 1857 rcu_read_unlock(); 1858 1859 return rc; 1860 } 1861 1862 /** 1863 * smack_file_set_fowner - set the file security blob value 1864 * @file: object in question 1865 * 1866 */ 1867 static void smack_file_set_fowner(struct file *file) 1868 { 1869 struct smack_known **blob = smack_file(file); 1870 1871 *blob = smk_of_current(); 1872 } 1873 1874 /** 1875 * smack_file_send_sigiotask - Smack on sigio 1876 * @tsk: The target task 1877 * @fown: the object the signal come from 1878 * @signum: unused 1879 * 1880 * Allow a privileged task to get signals even if it shouldn't 1881 * 1882 * Returns 0 if a subject with the object's smack could 1883 * write to the task, an error code otherwise. 1884 */ 1885 static int smack_file_send_sigiotask(struct task_struct *tsk, 1886 struct fown_struct *fown, int signum) 1887 { 1888 struct smack_known **blob; 1889 struct smack_known *skp; 1890 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1891 const struct cred *tcred; 1892 struct file *file; 1893 int rc; 1894 struct smk_audit_info ad; 1895 1896 /* 1897 * struct fown_struct is never outside the context of a struct file 1898 */ 1899 file = container_of(fown, struct file, f_owner); 1900 1901 /* we don't log here as rc can be overriden */ 1902 blob = smack_file(file); 1903 skp = *blob; 1904 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1905 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1906 1907 rcu_read_lock(); 1908 tcred = __task_cred(tsk); 1909 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1910 rc = 0; 1911 rcu_read_unlock(); 1912 1913 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1914 smk_ad_setfield_u_tsk(&ad, tsk); 1915 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1916 return rc; 1917 } 1918 1919 /** 1920 * smack_file_receive - Smack file receive check 1921 * @file: the object 1922 * 1923 * Returns 0 if current has access, error code otherwise 1924 */ 1925 static int smack_file_receive(struct file *file) 1926 { 1927 int rc; 1928 int may = 0; 1929 struct smk_audit_info ad; 1930 struct inode *inode = file_inode(file); 1931 struct socket *sock; 1932 struct task_smack *tsp; 1933 struct socket_smack *ssp; 1934 1935 if (unlikely(IS_PRIVATE(inode))) 1936 return 0; 1937 1938 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1939 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1940 1941 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1942 sock = SOCKET_I(inode); 1943 ssp = sock->sk->sk_security; 1944 tsp = smack_cred(current_cred()); 1945 /* 1946 * If the receiving process can't write to the 1947 * passed socket or if the passed socket can't 1948 * write to the receiving process don't accept 1949 * the passed socket. 1950 */ 1951 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1952 rc = smk_bu_file(file, may, rc); 1953 if (rc < 0) 1954 return rc; 1955 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1956 rc = smk_bu_file(file, may, rc); 1957 return rc; 1958 } 1959 /* 1960 * This code relies on bitmasks. 1961 */ 1962 if (file->f_mode & FMODE_READ) 1963 may = MAY_READ; 1964 if (file->f_mode & FMODE_WRITE) 1965 may |= MAY_WRITE; 1966 1967 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1968 rc = smk_bu_file(file, may, rc); 1969 return rc; 1970 } 1971 1972 /** 1973 * smack_file_open - Smack dentry open processing 1974 * @file: the object 1975 * 1976 * Set the security blob in the file structure. 1977 * Allow the open only if the task has read access. There are 1978 * many read operations (e.g. fstat) that you can do with an 1979 * fd even if you have the file open write-only. 1980 * 1981 * Returns 0 if current has access, error code otherwise 1982 */ 1983 static int smack_file_open(struct file *file) 1984 { 1985 struct task_smack *tsp = smack_cred(file->f_cred); 1986 struct inode *inode = file_inode(file); 1987 struct smk_audit_info ad; 1988 int rc; 1989 1990 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1991 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1992 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1993 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1994 1995 return rc; 1996 } 1997 1998 /* 1999 * Task hooks 2000 */ 2001 2002 /** 2003 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 2004 * @cred: the new credentials 2005 * @gfp: the atomicity of any memory allocations 2006 * 2007 * Prepare a blank set of credentials for modification. This must allocate all 2008 * the memory the LSM module might require such that cred_transfer() can 2009 * complete without error. 2010 */ 2011 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 2012 { 2013 init_task_smack(smack_cred(cred), NULL, NULL); 2014 return 0; 2015 } 2016 2017 2018 /** 2019 * smack_cred_free - "free" task-level security credentials 2020 * @cred: the credentials in question 2021 * 2022 */ 2023 static void smack_cred_free(struct cred *cred) 2024 { 2025 struct task_smack *tsp = smack_cred(cred); 2026 struct smack_rule *rp; 2027 struct list_head *l; 2028 struct list_head *n; 2029 2030 smk_destroy_label_list(&tsp->smk_relabel); 2031 2032 list_for_each_safe(l, n, &tsp->smk_rules) { 2033 rp = list_entry(l, struct smack_rule, list); 2034 list_del(&rp->list); 2035 kmem_cache_free(smack_rule_cache, rp); 2036 } 2037 } 2038 2039 /** 2040 * smack_cred_prepare - prepare new set of credentials for modification 2041 * @new: the new credentials 2042 * @old: the original credentials 2043 * @gfp: the atomicity of any memory allocations 2044 * 2045 * Prepare a new set of credentials for modification. 2046 */ 2047 static int smack_cred_prepare(struct cred *new, const struct cred *old, 2048 gfp_t gfp) 2049 { 2050 struct task_smack *old_tsp = smack_cred(old); 2051 struct task_smack *new_tsp = smack_cred(new); 2052 int rc; 2053 2054 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 2055 2056 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 2057 if (rc != 0) 2058 return rc; 2059 2060 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 2061 gfp); 2062 return rc; 2063 } 2064 2065 /** 2066 * smack_cred_transfer - Transfer the old credentials to the new credentials 2067 * @new: the new credentials 2068 * @old: the original credentials 2069 * 2070 * Fill in a set of blank credentials from another set of credentials. 2071 */ 2072 static void smack_cred_transfer(struct cred *new, const struct cred *old) 2073 { 2074 struct task_smack *old_tsp = smack_cred(old); 2075 struct task_smack *new_tsp = smack_cred(new); 2076 2077 new_tsp->smk_task = old_tsp->smk_task; 2078 new_tsp->smk_forked = old_tsp->smk_task; 2079 mutex_init(&new_tsp->smk_rules_lock); 2080 INIT_LIST_HEAD(&new_tsp->smk_rules); 2081 2082 /* cbs copy rule list */ 2083 } 2084 2085 /** 2086 * smack_cred_getsecid - get the secid corresponding to a creds structure 2087 * @cred: the object creds 2088 * @secid: where to put the result 2089 * 2090 * Sets the secid to contain a u32 version of the smack label. 2091 */ 2092 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 2093 { 2094 struct smack_known *skp; 2095 2096 rcu_read_lock(); 2097 skp = smk_of_task(smack_cred(cred)); 2098 *secid = skp->smk_secid; 2099 rcu_read_unlock(); 2100 } 2101 2102 /** 2103 * smack_kernel_act_as - Set the subjective context in a set of credentials 2104 * @new: points to the set of credentials to be modified. 2105 * @secid: specifies the security ID to be set 2106 * 2107 * Set the security data for a kernel service. 2108 */ 2109 static int smack_kernel_act_as(struct cred *new, u32 secid) 2110 { 2111 struct task_smack *new_tsp = smack_cred(new); 2112 2113 new_tsp->smk_task = smack_from_secid(secid); 2114 return 0; 2115 } 2116 2117 /** 2118 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2119 * @new: points to the set of credentials to be modified 2120 * @inode: points to the inode to use as a reference 2121 * 2122 * Set the file creation context in a set of credentials to the same 2123 * as the objective context of the specified inode 2124 */ 2125 static int smack_kernel_create_files_as(struct cred *new, 2126 struct inode *inode) 2127 { 2128 struct inode_smack *isp = smack_inode(inode); 2129 struct task_smack *tsp = smack_cred(new); 2130 2131 tsp->smk_forked = isp->smk_inode; 2132 tsp->smk_task = tsp->smk_forked; 2133 return 0; 2134 } 2135 2136 /** 2137 * smk_curacc_on_task - helper to log task related access 2138 * @p: the task object 2139 * @access: the access requested 2140 * @caller: name of the calling function for audit 2141 * 2142 * Return 0 if access is permitted 2143 */ 2144 static int smk_curacc_on_task(struct task_struct *p, int access, 2145 const char *caller) 2146 { 2147 struct smk_audit_info ad; 2148 struct smack_known *skp = smk_of_task_struct_obj(p); 2149 int rc; 2150 2151 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2152 smk_ad_setfield_u_tsk(&ad, p); 2153 rc = smk_curacc(skp, access, &ad); 2154 rc = smk_bu_task(p, access, rc); 2155 return rc; 2156 } 2157 2158 /** 2159 * smack_task_setpgid - Smack check on setting pgid 2160 * @p: the task object 2161 * @pgid: unused 2162 * 2163 * Return 0 if write access is permitted 2164 */ 2165 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2166 { 2167 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2168 } 2169 2170 /** 2171 * smack_task_getpgid - Smack access check for getpgid 2172 * @p: the object task 2173 * 2174 * Returns 0 if current can read the object task, error code otherwise 2175 */ 2176 static int smack_task_getpgid(struct task_struct *p) 2177 { 2178 return smk_curacc_on_task(p, MAY_READ, __func__); 2179 } 2180 2181 /** 2182 * smack_task_getsid - Smack access check for getsid 2183 * @p: the object task 2184 * 2185 * Returns 0 if current can read the object task, error code otherwise 2186 */ 2187 static int smack_task_getsid(struct task_struct *p) 2188 { 2189 return smk_curacc_on_task(p, MAY_READ, __func__); 2190 } 2191 2192 /** 2193 * smack_current_getsecid_subj - get the subjective secid of the current task 2194 * @secid: where to put the result 2195 * 2196 * Sets the secid to contain a u32 version of the task's subjective smack label. 2197 */ 2198 static void smack_current_getsecid_subj(u32 *secid) 2199 { 2200 struct smack_known *skp = smk_of_current(); 2201 2202 *secid = skp->smk_secid; 2203 } 2204 2205 /** 2206 * smack_task_getsecid_obj - get the objective secid of the task 2207 * @p: the task 2208 * @secid: where to put the result 2209 * 2210 * Sets the secid to contain a u32 version of the task's objective smack label. 2211 */ 2212 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2213 { 2214 struct smack_known *skp = smk_of_task_struct_obj(p); 2215 2216 *secid = skp->smk_secid; 2217 } 2218 2219 /** 2220 * smack_task_setnice - Smack check on setting nice 2221 * @p: the task object 2222 * @nice: unused 2223 * 2224 * Return 0 if write access is permitted 2225 */ 2226 static int smack_task_setnice(struct task_struct *p, int nice) 2227 { 2228 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2229 } 2230 2231 /** 2232 * smack_task_setioprio - Smack check on setting ioprio 2233 * @p: the task object 2234 * @ioprio: unused 2235 * 2236 * Return 0 if write access is permitted 2237 */ 2238 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2239 { 2240 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2241 } 2242 2243 /** 2244 * smack_task_getioprio - Smack check on reading ioprio 2245 * @p: the task object 2246 * 2247 * Return 0 if read access is permitted 2248 */ 2249 static int smack_task_getioprio(struct task_struct *p) 2250 { 2251 return smk_curacc_on_task(p, MAY_READ, __func__); 2252 } 2253 2254 /** 2255 * smack_task_setscheduler - Smack check on setting scheduler 2256 * @p: the task object 2257 * 2258 * Return 0 if read access is permitted 2259 */ 2260 static int smack_task_setscheduler(struct task_struct *p) 2261 { 2262 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2263 } 2264 2265 /** 2266 * smack_task_getscheduler - Smack check on reading scheduler 2267 * @p: the task object 2268 * 2269 * Return 0 if read access is permitted 2270 */ 2271 static int smack_task_getscheduler(struct task_struct *p) 2272 { 2273 return smk_curacc_on_task(p, MAY_READ, __func__); 2274 } 2275 2276 /** 2277 * smack_task_movememory - Smack check on moving memory 2278 * @p: the task object 2279 * 2280 * Return 0 if write access is permitted 2281 */ 2282 static int smack_task_movememory(struct task_struct *p) 2283 { 2284 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2285 } 2286 2287 /** 2288 * smack_task_kill - Smack check on signal delivery 2289 * @p: the task object 2290 * @info: unused 2291 * @sig: unused 2292 * @cred: identifies the cred to use in lieu of current's 2293 * 2294 * Return 0 if write access is permitted 2295 * 2296 */ 2297 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2298 int sig, const struct cred *cred) 2299 { 2300 struct smk_audit_info ad; 2301 struct smack_known *skp; 2302 struct smack_known *tkp = smk_of_task_struct_obj(p); 2303 int rc; 2304 2305 if (!sig) 2306 return 0; /* null signal; existence test */ 2307 2308 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2309 smk_ad_setfield_u_tsk(&ad, p); 2310 /* 2311 * Sending a signal requires that the sender 2312 * can write the receiver. 2313 */ 2314 if (cred == NULL) { 2315 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2316 rc = smk_bu_task(p, MAY_DELIVER, rc); 2317 return rc; 2318 } 2319 /* 2320 * If the cred isn't NULL we're dealing with some USB IO 2321 * specific behavior. This is not clean. For one thing 2322 * we can't take privilege into account. 2323 */ 2324 skp = smk_of_task(smack_cred(cred)); 2325 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2326 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2327 return rc; 2328 } 2329 2330 /** 2331 * smack_task_to_inode - copy task smack into the inode blob 2332 * @p: task to copy from 2333 * @inode: inode to copy to 2334 * 2335 * Sets the smack pointer in the inode security blob 2336 */ 2337 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2338 { 2339 struct inode_smack *isp = smack_inode(inode); 2340 struct smack_known *skp = smk_of_task_struct_obj(p); 2341 2342 isp->smk_inode = skp; 2343 isp->smk_flags |= SMK_INODE_INSTANT; 2344 } 2345 2346 /* 2347 * Socket hooks. 2348 */ 2349 2350 /** 2351 * smack_sk_alloc_security - Allocate a socket blob 2352 * @sk: the socket 2353 * @family: unused 2354 * @gfp_flags: memory allocation flags 2355 * 2356 * Assign Smack pointers to current 2357 * 2358 * Returns 0 on success, -ENOMEM is there's no memory 2359 */ 2360 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2361 { 2362 struct smack_known *skp = smk_of_current(); 2363 struct socket_smack *ssp; 2364 2365 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2366 if (ssp == NULL) 2367 return -ENOMEM; 2368 2369 /* 2370 * Sockets created by kernel threads receive web label. 2371 */ 2372 if (unlikely(current->flags & PF_KTHREAD)) { 2373 ssp->smk_in = &smack_known_web; 2374 ssp->smk_out = &smack_known_web; 2375 } else { 2376 ssp->smk_in = skp; 2377 ssp->smk_out = skp; 2378 } 2379 ssp->smk_packet = NULL; 2380 2381 sk->sk_security = ssp; 2382 2383 return 0; 2384 } 2385 2386 /** 2387 * smack_sk_free_security - Free a socket blob 2388 * @sk: the socket 2389 * 2390 * Clears the blob pointer 2391 */ 2392 static void smack_sk_free_security(struct sock *sk) 2393 { 2394 #ifdef SMACK_IPV6_PORT_LABELING 2395 struct smk_port_label *spp; 2396 2397 if (sk->sk_family == PF_INET6) { 2398 rcu_read_lock(); 2399 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2400 if (spp->smk_sock != sk) 2401 continue; 2402 spp->smk_can_reuse = 1; 2403 break; 2404 } 2405 rcu_read_unlock(); 2406 } 2407 #endif 2408 kfree(sk->sk_security); 2409 } 2410 2411 /** 2412 * smack_sk_clone_security - Copy security context 2413 * @sk: the old socket 2414 * @newsk: the new socket 2415 * 2416 * Copy the security context of the old socket pointer to the cloned 2417 */ 2418 static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk) 2419 { 2420 struct socket_smack *ssp_old = sk->sk_security; 2421 struct socket_smack *ssp_new = newsk->sk_security; 2422 2423 *ssp_new = *ssp_old; 2424 } 2425 2426 /** 2427 * smack_ipv4host_label - check host based restrictions 2428 * @sip: the object end 2429 * 2430 * looks for host based access restrictions 2431 * 2432 * This version will only be appropriate for really small sets of single label 2433 * hosts. The caller is responsible for ensuring that the RCU read lock is 2434 * taken before calling this function. 2435 * 2436 * Returns the label of the far end or NULL if it's not special. 2437 */ 2438 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2439 { 2440 struct smk_net4addr *snp; 2441 struct in_addr *siap = &sip->sin_addr; 2442 2443 if (siap->s_addr == 0) 2444 return NULL; 2445 2446 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2447 /* 2448 * we break after finding the first match because 2449 * the list is sorted from longest to shortest mask 2450 * so we have found the most specific match 2451 */ 2452 if (snp->smk_host.s_addr == 2453 (siap->s_addr & snp->smk_mask.s_addr)) 2454 return snp->smk_label; 2455 2456 return NULL; 2457 } 2458 2459 /* 2460 * smk_ipv6_localhost - Check for local ipv6 host address 2461 * @sip: the address 2462 * 2463 * Returns boolean true if this is the localhost address 2464 */ 2465 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2466 { 2467 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2468 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2469 2470 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2471 ntohs(be16p[7]) == 1) 2472 return true; 2473 return false; 2474 } 2475 2476 /** 2477 * smack_ipv6host_label - check host based restrictions 2478 * @sip: the object end 2479 * 2480 * looks for host based access restrictions 2481 * 2482 * This version will only be appropriate for really small sets of single label 2483 * hosts. The caller is responsible for ensuring that the RCU read lock is 2484 * taken before calling this function. 2485 * 2486 * Returns the label of the far end or NULL if it's not special. 2487 */ 2488 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2489 { 2490 struct smk_net6addr *snp; 2491 struct in6_addr *sap = &sip->sin6_addr; 2492 int i; 2493 int found = 0; 2494 2495 /* 2496 * It's local. Don't look for a host label. 2497 */ 2498 if (smk_ipv6_localhost(sip)) 2499 return NULL; 2500 2501 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2502 /* 2503 * If the label is NULL the entry has 2504 * been renounced. Ignore it. 2505 */ 2506 if (snp->smk_label == NULL) 2507 continue; 2508 /* 2509 * we break after finding the first match because 2510 * the list is sorted from longest to shortest mask 2511 * so we have found the most specific match 2512 */ 2513 for (found = 1, i = 0; i < 8; i++) { 2514 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2515 snp->smk_host.s6_addr16[i]) { 2516 found = 0; 2517 break; 2518 } 2519 } 2520 if (found) 2521 return snp->smk_label; 2522 } 2523 2524 return NULL; 2525 } 2526 2527 /** 2528 * smack_netlbl_add - Set the secattr on a socket 2529 * @sk: the socket 2530 * 2531 * Attach the outbound smack value (smk_out) to the socket. 2532 * 2533 * Returns 0 on success or an error code 2534 */ 2535 static int smack_netlbl_add(struct sock *sk) 2536 { 2537 struct socket_smack *ssp = sk->sk_security; 2538 struct smack_known *skp = ssp->smk_out; 2539 int rc; 2540 2541 local_bh_disable(); 2542 bh_lock_sock_nested(sk); 2543 2544 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2545 switch (rc) { 2546 case 0: 2547 ssp->smk_state = SMK_NETLBL_LABELED; 2548 break; 2549 case -EDESTADDRREQ: 2550 ssp->smk_state = SMK_NETLBL_REQSKB; 2551 rc = 0; 2552 break; 2553 } 2554 2555 bh_unlock_sock(sk); 2556 local_bh_enable(); 2557 2558 return rc; 2559 } 2560 2561 /** 2562 * smack_netlbl_delete - Remove the secattr from a socket 2563 * @sk: the socket 2564 * 2565 * Remove the outbound smack value from a socket 2566 */ 2567 static void smack_netlbl_delete(struct sock *sk) 2568 { 2569 struct socket_smack *ssp = sk->sk_security; 2570 2571 /* 2572 * Take the label off the socket if one is set. 2573 */ 2574 if (ssp->smk_state != SMK_NETLBL_LABELED) 2575 return; 2576 2577 local_bh_disable(); 2578 bh_lock_sock_nested(sk); 2579 netlbl_sock_delattr(sk); 2580 bh_unlock_sock(sk); 2581 local_bh_enable(); 2582 ssp->smk_state = SMK_NETLBL_UNLABELED; 2583 } 2584 2585 /** 2586 * smk_ipv4_check - Perform IPv4 host access checks 2587 * @sk: the socket 2588 * @sap: the destination address 2589 * 2590 * Set the correct secattr for the given socket based on the destination 2591 * address and perform any outbound access checks needed. 2592 * 2593 * Returns 0 on success or an error code. 2594 * 2595 */ 2596 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2597 { 2598 struct smack_known *skp; 2599 int rc = 0; 2600 struct smack_known *hkp; 2601 struct socket_smack *ssp = sk->sk_security; 2602 struct smk_audit_info ad; 2603 2604 rcu_read_lock(); 2605 hkp = smack_ipv4host_label(sap); 2606 if (hkp != NULL) { 2607 #ifdef CONFIG_AUDIT 2608 struct lsm_network_audit net; 2609 2610 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2611 ad.a.u.net->family = sap->sin_family; 2612 ad.a.u.net->dport = sap->sin_port; 2613 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2614 #endif 2615 skp = ssp->smk_out; 2616 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2617 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2618 /* 2619 * Clear the socket netlabel if it's set. 2620 */ 2621 if (!rc) 2622 smack_netlbl_delete(sk); 2623 } 2624 rcu_read_unlock(); 2625 2626 return rc; 2627 } 2628 2629 /** 2630 * smk_ipv6_check - check Smack access 2631 * @subject: subject Smack label 2632 * @object: object Smack label 2633 * @address: address 2634 * @act: the action being taken 2635 * 2636 * Check an IPv6 access 2637 */ 2638 static int smk_ipv6_check(struct smack_known *subject, 2639 struct smack_known *object, 2640 struct sockaddr_in6 *address, int act) 2641 { 2642 #ifdef CONFIG_AUDIT 2643 struct lsm_network_audit net; 2644 #endif 2645 struct smk_audit_info ad; 2646 int rc; 2647 2648 #ifdef CONFIG_AUDIT 2649 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2650 ad.a.u.net->family = PF_INET6; 2651 ad.a.u.net->dport = address->sin6_port; 2652 if (act == SMK_RECEIVING) 2653 ad.a.u.net->v6info.saddr = address->sin6_addr; 2654 else 2655 ad.a.u.net->v6info.daddr = address->sin6_addr; 2656 #endif 2657 rc = smk_access(subject, object, MAY_WRITE, &ad); 2658 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2659 return rc; 2660 } 2661 2662 #ifdef SMACK_IPV6_PORT_LABELING 2663 /** 2664 * smk_ipv6_port_label - Smack port access table management 2665 * @sock: socket 2666 * @address: address 2667 * 2668 * Create or update the port list entry 2669 */ 2670 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2671 { 2672 struct sock *sk = sock->sk; 2673 struct sockaddr_in6 *addr6; 2674 struct socket_smack *ssp = sock->sk->sk_security; 2675 struct smk_port_label *spp; 2676 unsigned short port = 0; 2677 2678 if (address == NULL) { 2679 /* 2680 * This operation is changing the Smack information 2681 * on the bound socket. Take the changes to the port 2682 * as well. 2683 */ 2684 rcu_read_lock(); 2685 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2686 if (sk != spp->smk_sock) 2687 continue; 2688 spp->smk_in = ssp->smk_in; 2689 spp->smk_out = ssp->smk_out; 2690 rcu_read_unlock(); 2691 return; 2692 } 2693 /* 2694 * A NULL address is only used for updating existing 2695 * bound entries. If there isn't one, it's OK. 2696 */ 2697 rcu_read_unlock(); 2698 return; 2699 } 2700 2701 addr6 = (struct sockaddr_in6 *)address; 2702 port = ntohs(addr6->sin6_port); 2703 /* 2704 * This is a special case that is safely ignored. 2705 */ 2706 if (port == 0) 2707 return; 2708 2709 /* 2710 * Look for an existing port list entry. 2711 * This is an indication that a port is getting reused. 2712 */ 2713 rcu_read_lock(); 2714 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2715 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2716 continue; 2717 if (spp->smk_can_reuse != 1) { 2718 rcu_read_unlock(); 2719 return; 2720 } 2721 spp->smk_port = port; 2722 spp->smk_sock = sk; 2723 spp->smk_in = ssp->smk_in; 2724 spp->smk_out = ssp->smk_out; 2725 spp->smk_can_reuse = 0; 2726 rcu_read_unlock(); 2727 return; 2728 } 2729 rcu_read_unlock(); 2730 /* 2731 * A new port entry is required. 2732 */ 2733 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2734 if (spp == NULL) 2735 return; 2736 2737 spp->smk_port = port; 2738 spp->smk_sock = sk; 2739 spp->smk_in = ssp->smk_in; 2740 spp->smk_out = ssp->smk_out; 2741 spp->smk_sock_type = sock->type; 2742 spp->smk_can_reuse = 0; 2743 2744 mutex_lock(&smack_ipv6_lock); 2745 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2746 mutex_unlock(&smack_ipv6_lock); 2747 return; 2748 } 2749 2750 /** 2751 * smk_ipv6_port_check - check Smack port access 2752 * @sk: socket 2753 * @address: address 2754 * @act: the action being taken 2755 * 2756 * Create or update the port list entry 2757 */ 2758 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2759 int act) 2760 { 2761 struct smk_port_label *spp; 2762 struct socket_smack *ssp = sk->sk_security; 2763 struct smack_known *skp = NULL; 2764 unsigned short port; 2765 struct smack_known *object; 2766 2767 if (act == SMK_RECEIVING) { 2768 skp = smack_ipv6host_label(address); 2769 object = ssp->smk_in; 2770 } else { 2771 skp = ssp->smk_out; 2772 object = smack_ipv6host_label(address); 2773 } 2774 2775 /* 2776 * The other end is a single label host. 2777 */ 2778 if (skp != NULL && object != NULL) 2779 return smk_ipv6_check(skp, object, address, act); 2780 if (skp == NULL) 2781 skp = smack_net_ambient; 2782 if (object == NULL) 2783 object = smack_net_ambient; 2784 2785 /* 2786 * It's remote, so port lookup does no good. 2787 */ 2788 if (!smk_ipv6_localhost(address)) 2789 return smk_ipv6_check(skp, object, address, act); 2790 2791 /* 2792 * It's local so the send check has to have passed. 2793 */ 2794 if (act == SMK_RECEIVING) 2795 return 0; 2796 2797 port = ntohs(address->sin6_port); 2798 rcu_read_lock(); 2799 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2800 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2801 continue; 2802 object = spp->smk_in; 2803 if (act == SMK_CONNECTING) 2804 ssp->smk_packet = spp->smk_out; 2805 break; 2806 } 2807 rcu_read_unlock(); 2808 2809 return smk_ipv6_check(skp, object, address, act); 2810 } 2811 #endif 2812 2813 /** 2814 * smack_inode_setsecurity - set smack xattrs 2815 * @inode: the object 2816 * @name: attribute name 2817 * @value: attribute value 2818 * @size: size of the attribute 2819 * @flags: unused 2820 * 2821 * Sets the named attribute in the appropriate blob 2822 * 2823 * Returns 0 on success, or an error code 2824 */ 2825 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2826 const void *value, size_t size, int flags) 2827 { 2828 struct smack_known *skp; 2829 struct inode_smack *nsp = smack_inode(inode); 2830 struct socket_smack *ssp; 2831 struct socket *sock; 2832 int rc = 0; 2833 2834 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2835 return -EINVAL; 2836 2837 skp = smk_import_entry(value, size); 2838 if (IS_ERR(skp)) 2839 return PTR_ERR(skp); 2840 2841 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2842 nsp->smk_inode = skp; 2843 nsp->smk_flags |= SMK_INODE_INSTANT; 2844 return 0; 2845 } 2846 /* 2847 * The rest of the Smack xattrs are only on sockets. 2848 */ 2849 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2850 return -EOPNOTSUPP; 2851 2852 sock = SOCKET_I(inode); 2853 if (sock == NULL || sock->sk == NULL) 2854 return -EOPNOTSUPP; 2855 2856 ssp = sock->sk->sk_security; 2857 2858 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2859 ssp->smk_in = skp; 2860 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2861 ssp->smk_out = skp; 2862 if (sock->sk->sk_family == PF_INET) { 2863 rc = smack_netlbl_add(sock->sk); 2864 if (rc != 0) 2865 printk(KERN_WARNING 2866 "Smack: \"%s\" netlbl error %d.\n", 2867 __func__, -rc); 2868 } 2869 } else 2870 return -EOPNOTSUPP; 2871 2872 #ifdef SMACK_IPV6_PORT_LABELING 2873 if (sock->sk->sk_family == PF_INET6) 2874 smk_ipv6_port_label(sock, NULL); 2875 #endif 2876 2877 return 0; 2878 } 2879 2880 /** 2881 * smack_socket_post_create - finish socket setup 2882 * @sock: the socket 2883 * @family: protocol family 2884 * @type: unused 2885 * @protocol: unused 2886 * @kern: unused 2887 * 2888 * Sets the netlabel information on the socket 2889 * 2890 * Returns 0 on success, and error code otherwise 2891 */ 2892 static int smack_socket_post_create(struct socket *sock, int family, 2893 int type, int protocol, int kern) 2894 { 2895 struct socket_smack *ssp; 2896 2897 if (sock->sk == NULL) 2898 return 0; 2899 2900 /* 2901 * Sockets created by kernel threads receive web label. 2902 */ 2903 if (unlikely(current->flags & PF_KTHREAD)) { 2904 ssp = sock->sk->sk_security; 2905 ssp->smk_in = &smack_known_web; 2906 ssp->smk_out = &smack_known_web; 2907 } 2908 2909 if (family != PF_INET) 2910 return 0; 2911 /* 2912 * Set the outbound netlbl. 2913 */ 2914 return smack_netlbl_add(sock->sk); 2915 } 2916 2917 /** 2918 * smack_socket_socketpair - create socket pair 2919 * @socka: one socket 2920 * @sockb: another socket 2921 * 2922 * Cross reference the peer labels for SO_PEERSEC 2923 * 2924 * Returns 0 2925 */ 2926 static int smack_socket_socketpair(struct socket *socka, 2927 struct socket *sockb) 2928 { 2929 struct socket_smack *asp = socka->sk->sk_security; 2930 struct socket_smack *bsp = sockb->sk->sk_security; 2931 2932 asp->smk_packet = bsp->smk_out; 2933 bsp->smk_packet = asp->smk_out; 2934 2935 return 0; 2936 } 2937 2938 #ifdef SMACK_IPV6_PORT_LABELING 2939 /** 2940 * smack_socket_bind - record port binding information. 2941 * @sock: the socket 2942 * @address: the port address 2943 * @addrlen: size of the address 2944 * 2945 * Records the label bound to a port. 2946 * 2947 * Returns 0 on success, and error code otherwise 2948 */ 2949 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2950 int addrlen) 2951 { 2952 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2953 if (addrlen < SIN6_LEN_RFC2133 || 2954 address->sa_family != AF_INET6) 2955 return -EINVAL; 2956 smk_ipv6_port_label(sock, address); 2957 } 2958 return 0; 2959 } 2960 #endif /* SMACK_IPV6_PORT_LABELING */ 2961 2962 /** 2963 * smack_socket_connect - connect access check 2964 * @sock: the socket 2965 * @sap: the other end 2966 * @addrlen: size of sap 2967 * 2968 * Verifies that a connection may be possible 2969 * 2970 * Returns 0 on success, and error code otherwise 2971 */ 2972 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2973 int addrlen) 2974 { 2975 int rc = 0; 2976 2977 if (sock->sk == NULL) 2978 return 0; 2979 if (sock->sk->sk_family != PF_INET && 2980 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2981 return 0; 2982 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2983 return 0; 2984 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2985 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2986 struct smack_known *rsp = NULL; 2987 2988 if (addrlen < SIN6_LEN_RFC2133) 2989 return 0; 2990 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2991 rsp = smack_ipv6host_label(sip); 2992 if (rsp != NULL) { 2993 struct socket_smack *ssp = sock->sk->sk_security; 2994 2995 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2996 SMK_CONNECTING); 2997 } 2998 #ifdef SMACK_IPV6_PORT_LABELING 2999 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 3000 #endif 3001 3002 return rc; 3003 } 3004 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 3005 return 0; 3006 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 3007 return rc; 3008 } 3009 3010 /** 3011 * smack_flags_to_may - convert S_ to MAY_ values 3012 * @flags: the S_ value 3013 * 3014 * Returns the equivalent MAY_ value 3015 */ 3016 static int smack_flags_to_may(int flags) 3017 { 3018 int may = 0; 3019 3020 if (flags & S_IRUGO) 3021 may |= MAY_READ; 3022 if (flags & S_IWUGO) 3023 may |= MAY_WRITE; 3024 if (flags & S_IXUGO) 3025 may |= MAY_EXEC; 3026 3027 return may; 3028 } 3029 3030 /** 3031 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 3032 * @msg: the object 3033 * 3034 * Returns 0 3035 */ 3036 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 3037 { 3038 struct smack_known **blob = smack_msg_msg(msg); 3039 3040 *blob = smk_of_current(); 3041 return 0; 3042 } 3043 3044 /** 3045 * smack_of_ipc - the smack pointer for the ipc 3046 * @isp: the object 3047 * 3048 * Returns a pointer to the smack value 3049 */ 3050 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 3051 { 3052 struct smack_known **blob = smack_ipc(isp); 3053 3054 return *blob; 3055 } 3056 3057 /** 3058 * smack_ipc_alloc_security - Set the security blob for ipc 3059 * @isp: the object 3060 * 3061 * Returns 0 3062 */ 3063 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 3064 { 3065 struct smack_known **blob = smack_ipc(isp); 3066 3067 *blob = smk_of_current(); 3068 return 0; 3069 } 3070 3071 /** 3072 * smk_curacc_shm : check if current has access on shm 3073 * @isp : the object 3074 * @access : access requested 3075 * 3076 * Returns 0 if current has the requested access, error code otherwise 3077 */ 3078 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 3079 { 3080 struct smack_known *ssp = smack_of_ipc(isp); 3081 struct smk_audit_info ad; 3082 int rc; 3083 3084 #ifdef CONFIG_AUDIT 3085 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3086 ad.a.u.ipc_id = isp->id; 3087 #endif 3088 rc = smk_curacc(ssp, access, &ad); 3089 rc = smk_bu_current("shm", ssp, access, rc); 3090 return rc; 3091 } 3092 3093 /** 3094 * smack_shm_associate - Smack access check for shm 3095 * @isp: the object 3096 * @shmflg: access requested 3097 * 3098 * Returns 0 if current has the requested access, error code otherwise 3099 */ 3100 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 3101 { 3102 int may; 3103 3104 may = smack_flags_to_may(shmflg); 3105 return smk_curacc_shm(isp, may); 3106 } 3107 3108 /** 3109 * smack_shm_shmctl - Smack access check for shm 3110 * @isp: the object 3111 * @cmd: what it wants to do 3112 * 3113 * Returns 0 if current has the requested access, error code otherwise 3114 */ 3115 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 3116 { 3117 int may; 3118 3119 switch (cmd) { 3120 case IPC_STAT: 3121 case SHM_STAT: 3122 case SHM_STAT_ANY: 3123 may = MAY_READ; 3124 break; 3125 case IPC_SET: 3126 case SHM_LOCK: 3127 case SHM_UNLOCK: 3128 case IPC_RMID: 3129 may = MAY_READWRITE; 3130 break; 3131 case IPC_INFO: 3132 case SHM_INFO: 3133 /* 3134 * System level information. 3135 */ 3136 return 0; 3137 default: 3138 return -EINVAL; 3139 } 3140 return smk_curacc_shm(isp, may); 3141 } 3142 3143 /** 3144 * smack_shm_shmat - Smack access for shmat 3145 * @isp: the object 3146 * @shmaddr: unused 3147 * @shmflg: access requested 3148 * 3149 * Returns 0 if current has the requested access, error code otherwise 3150 */ 3151 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3152 int shmflg) 3153 { 3154 int may; 3155 3156 may = smack_flags_to_may(shmflg); 3157 return smk_curacc_shm(isp, may); 3158 } 3159 3160 /** 3161 * smk_curacc_sem : check if current has access on sem 3162 * @isp : the object 3163 * @access : access requested 3164 * 3165 * Returns 0 if current has the requested access, error code otherwise 3166 */ 3167 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3168 { 3169 struct smack_known *ssp = smack_of_ipc(isp); 3170 struct smk_audit_info ad; 3171 int rc; 3172 3173 #ifdef CONFIG_AUDIT 3174 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3175 ad.a.u.ipc_id = isp->id; 3176 #endif 3177 rc = smk_curacc(ssp, access, &ad); 3178 rc = smk_bu_current("sem", ssp, access, rc); 3179 return rc; 3180 } 3181 3182 /** 3183 * smack_sem_associate - Smack access check for sem 3184 * @isp: the object 3185 * @semflg: access requested 3186 * 3187 * Returns 0 if current has the requested access, error code otherwise 3188 */ 3189 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3190 { 3191 int may; 3192 3193 may = smack_flags_to_may(semflg); 3194 return smk_curacc_sem(isp, may); 3195 } 3196 3197 /** 3198 * smack_sem_semctl - Smack access check for sem 3199 * @isp: the object 3200 * @cmd: what it wants to do 3201 * 3202 * Returns 0 if current has the requested access, error code otherwise 3203 */ 3204 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3205 { 3206 int may; 3207 3208 switch (cmd) { 3209 case GETPID: 3210 case GETNCNT: 3211 case GETZCNT: 3212 case GETVAL: 3213 case GETALL: 3214 case IPC_STAT: 3215 case SEM_STAT: 3216 case SEM_STAT_ANY: 3217 may = MAY_READ; 3218 break; 3219 case SETVAL: 3220 case SETALL: 3221 case IPC_RMID: 3222 case IPC_SET: 3223 may = MAY_READWRITE; 3224 break; 3225 case IPC_INFO: 3226 case SEM_INFO: 3227 /* 3228 * System level information 3229 */ 3230 return 0; 3231 default: 3232 return -EINVAL; 3233 } 3234 3235 return smk_curacc_sem(isp, may); 3236 } 3237 3238 /** 3239 * smack_sem_semop - Smack checks of semaphore operations 3240 * @isp: the object 3241 * @sops: unused 3242 * @nsops: unused 3243 * @alter: unused 3244 * 3245 * Treated as read and write in all cases. 3246 * 3247 * Returns 0 if access is allowed, error code otherwise 3248 */ 3249 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3250 unsigned nsops, int alter) 3251 { 3252 return smk_curacc_sem(isp, MAY_READWRITE); 3253 } 3254 3255 /** 3256 * smk_curacc_msq : helper to check if current has access on msq 3257 * @isp : the msq 3258 * @access : access requested 3259 * 3260 * return 0 if current has access, error otherwise 3261 */ 3262 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3263 { 3264 struct smack_known *msp = smack_of_ipc(isp); 3265 struct smk_audit_info ad; 3266 int rc; 3267 3268 #ifdef CONFIG_AUDIT 3269 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3270 ad.a.u.ipc_id = isp->id; 3271 #endif 3272 rc = smk_curacc(msp, access, &ad); 3273 rc = smk_bu_current("msq", msp, access, rc); 3274 return rc; 3275 } 3276 3277 /** 3278 * smack_msg_queue_associate - Smack access check for msg_queue 3279 * @isp: the object 3280 * @msqflg: access requested 3281 * 3282 * Returns 0 if current has the requested access, error code otherwise 3283 */ 3284 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3285 { 3286 int may; 3287 3288 may = smack_flags_to_may(msqflg); 3289 return smk_curacc_msq(isp, may); 3290 } 3291 3292 /** 3293 * smack_msg_queue_msgctl - Smack access check for msg_queue 3294 * @isp: the object 3295 * @cmd: what it wants to do 3296 * 3297 * Returns 0 if current has the requested access, error code otherwise 3298 */ 3299 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3300 { 3301 int may; 3302 3303 switch (cmd) { 3304 case IPC_STAT: 3305 case MSG_STAT: 3306 case MSG_STAT_ANY: 3307 may = MAY_READ; 3308 break; 3309 case IPC_SET: 3310 case IPC_RMID: 3311 may = MAY_READWRITE; 3312 break; 3313 case IPC_INFO: 3314 case MSG_INFO: 3315 /* 3316 * System level information 3317 */ 3318 return 0; 3319 default: 3320 return -EINVAL; 3321 } 3322 3323 return smk_curacc_msq(isp, may); 3324 } 3325 3326 /** 3327 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3328 * @isp: the object 3329 * @msg: unused 3330 * @msqflg: access requested 3331 * 3332 * Returns 0 if current has the requested access, error code otherwise 3333 */ 3334 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3335 int msqflg) 3336 { 3337 int may; 3338 3339 may = smack_flags_to_may(msqflg); 3340 return smk_curacc_msq(isp, may); 3341 } 3342 3343 /** 3344 * smack_msg_queue_msgrcv - Smack access check for msg_queue 3345 * @isp: the object 3346 * @msg: unused 3347 * @target: unused 3348 * @type: unused 3349 * @mode: unused 3350 * 3351 * Returns 0 if current has read and write access, error code otherwise 3352 */ 3353 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, 3354 struct msg_msg *msg, 3355 struct task_struct *target, long type, 3356 int mode) 3357 { 3358 return smk_curacc_msq(isp, MAY_READWRITE); 3359 } 3360 3361 /** 3362 * smack_ipc_permission - Smack access for ipc_permission() 3363 * @ipp: the object permissions 3364 * @flag: access requested 3365 * 3366 * Returns 0 if current has read and write access, error code otherwise 3367 */ 3368 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3369 { 3370 struct smack_known **blob = smack_ipc(ipp); 3371 struct smack_known *iskp = *blob; 3372 int may = smack_flags_to_may(flag); 3373 struct smk_audit_info ad; 3374 int rc; 3375 3376 #ifdef CONFIG_AUDIT 3377 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3378 ad.a.u.ipc_id = ipp->id; 3379 #endif 3380 rc = smk_curacc(iskp, may, &ad); 3381 rc = smk_bu_current("svipc", iskp, may, rc); 3382 return rc; 3383 } 3384 3385 /** 3386 * smack_ipc_getsecid - Extract smack security id 3387 * @ipp: the object permissions 3388 * @secid: where result will be saved 3389 */ 3390 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3391 { 3392 struct smack_known **blob = smack_ipc(ipp); 3393 struct smack_known *iskp = *blob; 3394 3395 *secid = iskp->smk_secid; 3396 } 3397 3398 /** 3399 * smack_d_instantiate - Make sure the blob is correct on an inode 3400 * @opt_dentry: dentry where inode will be attached 3401 * @inode: the object 3402 * 3403 * Set the inode's security blob if it hasn't been done already. 3404 */ 3405 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3406 { 3407 struct super_block *sbp; 3408 struct superblock_smack *sbsp; 3409 struct inode_smack *isp; 3410 struct smack_known *skp; 3411 struct smack_known *ckp = smk_of_current(); 3412 struct smack_known *final; 3413 char trattr[TRANS_TRUE_SIZE]; 3414 int transflag = 0; 3415 int rc; 3416 struct dentry *dp; 3417 3418 if (inode == NULL) 3419 return; 3420 3421 isp = smack_inode(inode); 3422 3423 /* 3424 * If the inode is already instantiated 3425 * take the quick way out 3426 */ 3427 if (isp->smk_flags & SMK_INODE_INSTANT) 3428 return; 3429 3430 sbp = inode->i_sb; 3431 sbsp = smack_superblock(sbp); 3432 /* 3433 * We're going to use the superblock default label 3434 * if there's no label on the file. 3435 */ 3436 final = sbsp->smk_default; 3437 3438 /* 3439 * If this is the root inode the superblock 3440 * may be in the process of initialization. 3441 * If that is the case use the root value out 3442 * of the superblock. 3443 */ 3444 if (opt_dentry->d_parent == opt_dentry) { 3445 switch (sbp->s_magic) { 3446 case CGROUP_SUPER_MAGIC: 3447 case CGROUP2_SUPER_MAGIC: 3448 /* 3449 * The cgroup filesystem is never mounted, 3450 * so there's no opportunity to set the mount 3451 * options. 3452 */ 3453 sbsp->smk_root = &smack_known_star; 3454 sbsp->smk_default = &smack_known_star; 3455 isp->smk_inode = sbsp->smk_root; 3456 break; 3457 case TMPFS_MAGIC: 3458 /* 3459 * What about shmem/tmpfs anonymous files with dentry 3460 * obtained from d_alloc_pseudo()? 3461 */ 3462 isp->smk_inode = smk_of_current(); 3463 break; 3464 case PIPEFS_MAGIC: 3465 isp->smk_inode = smk_of_current(); 3466 break; 3467 case SOCKFS_MAGIC: 3468 /* 3469 * Socket access is controlled by the socket 3470 * structures associated with the task involved. 3471 */ 3472 isp->smk_inode = &smack_known_star; 3473 break; 3474 default: 3475 isp->smk_inode = sbsp->smk_root; 3476 break; 3477 } 3478 isp->smk_flags |= SMK_INODE_INSTANT; 3479 return; 3480 } 3481 3482 /* 3483 * This is pretty hackish. 3484 * Casey says that we shouldn't have to do 3485 * file system specific code, but it does help 3486 * with keeping it simple. 3487 */ 3488 switch (sbp->s_magic) { 3489 case SMACK_MAGIC: 3490 case CGROUP_SUPER_MAGIC: 3491 case CGROUP2_SUPER_MAGIC: 3492 /* 3493 * Casey says that it's a little embarrassing 3494 * that the smack file system doesn't do 3495 * extended attributes. 3496 * 3497 * Cgroupfs is special 3498 */ 3499 final = &smack_known_star; 3500 break; 3501 case DEVPTS_SUPER_MAGIC: 3502 /* 3503 * devpts seems content with the label of the task. 3504 * Programs that change smack have to treat the 3505 * pty with respect. 3506 */ 3507 final = ckp; 3508 break; 3509 case PROC_SUPER_MAGIC: 3510 /* 3511 * Casey says procfs appears not to care. 3512 * The superblock default suffices. 3513 */ 3514 break; 3515 case TMPFS_MAGIC: 3516 /* 3517 * Device labels should come from the filesystem, 3518 * but watch out, because they're volitile, 3519 * getting recreated on every reboot. 3520 */ 3521 final = &smack_known_star; 3522 /* 3523 * If a smack value has been set we want to use it, 3524 * but since tmpfs isn't giving us the opportunity 3525 * to set mount options simulate setting the 3526 * superblock default. 3527 */ 3528 fallthrough; 3529 default: 3530 /* 3531 * This isn't an understood special case. 3532 * Get the value from the xattr. 3533 */ 3534 3535 /* 3536 * UNIX domain sockets use lower level socket data. 3537 */ 3538 if (S_ISSOCK(inode->i_mode)) { 3539 final = &smack_known_star; 3540 break; 3541 } 3542 /* 3543 * No xattr support means, alas, no SMACK label. 3544 * Use the aforeapplied default. 3545 * It would be curious if the label of the task 3546 * does not match that assigned. 3547 */ 3548 if (!(inode->i_opflags & IOP_XATTR)) 3549 break; 3550 /* 3551 * Get the dentry for xattr. 3552 */ 3553 dp = dget(opt_dentry); 3554 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3555 if (!IS_ERR_OR_NULL(skp)) 3556 final = skp; 3557 3558 /* 3559 * Transmuting directory 3560 */ 3561 if (S_ISDIR(inode->i_mode)) { 3562 /* 3563 * If this is a new directory and the label was 3564 * transmuted when the inode was initialized 3565 * set the transmute attribute on the directory 3566 * and mark the inode. 3567 * 3568 * If there is a transmute attribute on the 3569 * directory mark the inode. 3570 */ 3571 if (isp->smk_flags & SMK_INODE_CHANGED) { 3572 isp->smk_flags &= ~SMK_INODE_CHANGED; 3573 rc = __vfs_setxattr(&nop_mnt_idmap, dp, inode, 3574 XATTR_NAME_SMACKTRANSMUTE, 3575 TRANS_TRUE, TRANS_TRUE_SIZE, 3576 0); 3577 } else { 3578 rc = __vfs_getxattr(dp, inode, 3579 XATTR_NAME_SMACKTRANSMUTE, trattr, 3580 TRANS_TRUE_SIZE); 3581 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3582 TRANS_TRUE_SIZE) != 0) 3583 rc = -EINVAL; 3584 } 3585 if (rc >= 0) 3586 transflag = SMK_INODE_TRANSMUTE; 3587 } 3588 /* 3589 * Don't let the exec or mmap label be "*" or "@". 3590 */ 3591 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3592 if (IS_ERR(skp) || skp == &smack_known_star || 3593 skp == &smack_known_web) 3594 skp = NULL; 3595 isp->smk_task = skp; 3596 3597 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3598 if (IS_ERR(skp) || skp == &smack_known_star || 3599 skp == &smack_known_web) 3600 skp = NULL; 3601 isp->smk_mmap = skp; 3602 3603 dput(dp); 3604 break; 3605 } 3606 3607 if (final == NULL) 3608 isp->smk_inode = ckp; 3609 else 3610 isp->smk_inode = final; 3611 3612 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3613 3614 return; 3615 } 3616 3617 /** 3618 * smack_getprocattr - Smack process attribute access 3619 * @p: the object task 3620 * @name: the name of the attribute in /proc/.../attr 3621 * @value: where to put the result 3622 * 3623 * Places a copy of the task Smack into value 3624 * 3625 * Returns the length of the smack label or an error code 3626 */ 3627 static int smack_getprocattr(struct task_struct *p, const char *name, char **value) 3628 { 3629 struct smack_known *skp = smk_of_task_struct_obj(p); 3630 char *cp; 3631 int slen; 3632 3633 if (strcmp(name, "current") != 0) 3634 return -EINVAL; 3635 3636 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3637 if (cp == NULL) 3638 return -ENOMEM; 3639 3640 slen = strlen(cp); 3641 *value = cp; 3642 return slen; 3643 } 3644 3645 /** 3646 * smack_setprocattr - Smack process attribute setting 3647 * @name: the name of the attribute in /proc/.../attr 3648 * @value: the value to set 3649 * @size: the size of the value 3650 * 3651 * Sets the Smack value of the task. Only setting self 3652 * is permitted and only with privilege 3653 * 3654 * Returns the length of the smack label or an error code 3655 */ 3656 static int smack_setprocattr(const char *name, void *value, size_t size) 3657 { 3658 struct task_smack *tsp = smack_cred(current_cred()); 3659 struct cred *new; 3660 struct smack_known *skp; 3661 struct smack_known_list_elem *sklep; 3662 int rc; 3663 3664 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3665 return -EPERM; 3666 3667 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3668 return -EINVAL; 3669 3670 if (strcmp(name, "current") != 0) 3671 return -EINVAL; 3672 3673 skp = smk_import_entry(value, size); 3674 if (IS_ERR(skp)) 3675 return PTR_ERR(skp); 3676 3677 /* 3678 * No process is ever allowed the web ("@") label 3679 * and the star ("*") label. 3680 */ 3681 if (skp == &smack_known_web || skp == &smack_known_star) 3682 return -EINVAL; 3683 3684 if (!smack_privileged(CAP_MAC_ADMIN)) { 3685 rc = -EPERM; 3686 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3687 if (sklep->smk_label == skp) { 3688 rc = 0; 3689 break; 3690 } 3691 if (rc) 3692 return rc; 3693 } 3694 3695 new = prepare_creds(); 3696 if (new == NULL) 3697 return -ENOMEM; 3698 3699 tsp = smack_cred(new); 3700 tsp->smk_task = skp; 3701 /* 3702 * process can change its label only once 3703 */ 3704 smk_destroy_label_list(&tsp->smk_relabel); 3705 3706 commit_creds(new); 3707 return size; 3708 } 3709 3710 /** 3711 * smack_unix_stream_connect - Smack access on UDS 3712 * @sock: one sock 3713 * @other: the other sock 3714 * @newsk: unused 3715 * 3716 * Return 0 if a subject with the smack of sock could access 3717 * an object with the smack of other, otherwise an error code 3718 */ 3719 static int smack_unix_stream_connect(struct sock *sock, 3720 struct sock *other, struct sock *newsk) 3721 { 3722 struct smack_known *skp; 3723 struct smack_known *okp; 3724 struct socket_smack *ssp = sock->sk_security; 3725 struct socket_smack *osp = other->sk_security; 3726 struct socket_smack *nsp = newsk->sk_security; 3727 struct smk_audit_info ad; 3728 int rc = 0; 3729 #ifdef CONFIG_AUDIT 3730 struct lsm_network_audit net; 3731 #endif 3732 3733 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3734 skp = ssp->smk_out; 3735 okp = osp->smk_in; 3736 #ifdef CONFIG_AUDIT 3737 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3738 smk_ad_setfield_u_net_sk(&ad, other); 3739 #endif 3740 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3741 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3742 if (rc == 0) { 3743 okp = osp->smk_out; 3744 skp = ssp->smk_in; 3745 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3746 rc = smk_bu_note("UDS connect", okp, skp, 3747 MAY_WRITE, rc); 3748 } 3749 } 3750 3751 /* 3752 * Cross reference the peer labels for SO_PEERSEC. 3753 */ 3754 if (rc == 0) { 3755 nsp->smk_packet = ssp->smk_out; 3756 ssp->smk_packet = osp->smk_out; 3757 } 3758 3759 return rc; 3760 } 3761 3762 /** 3763 * smack_unix_may_send - Smack access on UDS 3764 * @sock: one socket 3765 * @other: the other socket 3766 * 3767 * Return 0 if a subject with the smack of sock could access 3768 * an object with the smack of other, otherwise an error code 3769 */ 3770 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3771 { 3772 struct socket_smack *ssp = sock->sk->sk_security; 3773 struct socket_smack *osp = other->sk->sk_security; 3774 struct smk_audit_info ad; 3775 int rc; 3776 3777 #ifdef CONFIG_AUDIT 3778 struct lsm_network_audit net; 3779 3780 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3781 smk_ad_setfield_u_net_sk(&ad, other->sk); 3782 #endif 3783 3784 if (smack_privileged(CAP_MAC_OVERRIDE)) 3785 return 0; 3786 3787 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3788 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3789 return rc; 3790 } 3791 3792 /** 3793 * smack_socket_sendmsg - Smack check based on destination host 3794 * @sock: the socket 3795 * @msg: the message 3796 * @size: the size of the message 3797 * 3798 * Return 0 if the current subject can write to the destination host. 3799 * For IPv4 this is only a question if the destination is a single label host. 3800 * For IPv6 this is a check against the label of the port. 3801 */ 3802 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3803 int size) 3804 { 3805 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3806 #if IS_ENABLED(CONFIG_IPV6) 3807 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3808 #endif 3809 #ifdef SMACK_IPV6_SECMARK_LABELING 3810 struct socket_smack *ssp = sock->sk->sk_security; 3811 struct smack_known *rsp; 3812 #endif 3813 int rc = 0; 3814 3815 /* 3816 * Perfectly reasonable for this to be NULL 3817 */ 3818 if (sip == NULL) 3819 return 0; 3820 3821 switch (sock->sk->sk_family) { 3822 case AF_INET: 3823 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3824 sip->sin_family != AF_INET) 3825 return -EINVAL; 3826 rc = smk_ipv4_check(sock->sk, sip); 3827 break; 3828 #if IS_ENABLED(CONFIG_IPV6) 3829 case AF_INET6: 3830 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3831 sap->sin6_family != AF_INET6) 3832 return -EINVAL; 3833 #ifdef SMACK_IPV6_SECMARK_LABELING 3834 rsp = smack_ipv6host_label(sap); 3835 if (rsp != NULL) 3836 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3837 SMK_CONNECTING); 3838 #endif 3839 #ifdef SMACK_IPV6_PORT_LABELING 3840 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3841 #endif 3842 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3843 break; 3844 } 3845 return rc; 3846 } 3847 3848 /** 3849 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3850 * @sap: netlabel secattr 3851 * @ssp: socket security information 3852 * 3853 * Returns a pointer to a Smack label entry found on the label list. 3854 */ 3855 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3856 struct socket_smack *ssp) 3857 { 3858 struct smack_known *skp; 3859 int found = 0; 3860 int acat; 3861 int kcat; 3862 3863 /* 3864 * Netlabel found it in the cache. 3865 */ 3866 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3867 return (struct smack_known *)sap->cache->data; 3868 3869 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3870 /* 3871 * Looks like a fallback, which gives us a secid. 3872 */ 3873 return smack_from_secid(sap->attr.secid); 3874 3875 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3876 /* 3877 * Looks like a CIPSO packet. 3878 * If there are flags but no level netlabel isn't 3879 * behaving the way we expect it to. 3880 * 3881 * Look it up in the label table 3882 * Without guidance regarding the smack value 3883 * for the packet fall back on the network 3884 * ambient value. 3885 */ 3886 rcu_read_lock(); 3887 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3888 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3889 continue; 3890 /* 3891 * Compare the catsets. Use the netlbl APIs. 3892 */ 3893 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3894 if ((skp->smk_netlabel.flags & 3895 NETLBL_SECATTR_MLS_CAT) == 0) 3896 found = 1; 3897 break; 3898 } 3899 for (acat = -1, kcat = -1; acat == kcat; ) { 3900 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3901 acat + 1); 3902 kcat = netlbl_catmap_walk( 3903 skp->smk_netlabel.attr.mls.cat, 3904 kcat + 1); 3905 if (acat < 0 || kcat < 0) 3906 break; 3907 } 3908 if (acat == kcat) { 3909 found = 1; 3910 break; 3911 } 3912 } 3913 rcu_read_unlock(); 3914 3915 if (found) 3916 return skp; 3917 3918 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3919 return &smack_known_web; 3920 return &smack_known_star; 3921 } 3922 /* 3923 * Without guidance regarding the smack value 3924 * for the packet fall back on the network 3925 * ambient value. 3926 */ 3927 return smack_net_ambient; 3928 } 3929 3930 #if IS_ENABLED(CONFIG_IPV6) 3931 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3932 { 3933 u8 nexthdr; 3934 int offset; 3935 int proto = -EINVAL; 3936 struct ipv6hdr _ipv6h; 3937 struct ipv6hdr *ip6; 3938 __be16 frag_off; 3939 struct tcphdr _tcph, *th; 3940 struct udphdr _udph, *uh; 3941 struct dccp_hdr _dccph, *dh; 3942 3943 sip->sin6_port = 0; 3944 3945 offset = skb_network_offset(skb); 3946 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3947 if (ip6 == NULL) 3948 return -EINVAL; 3949 sip->sin6_addr = ip6->saddr; 3950 3951 nexthdr = ip6->nexthdr; 3952 offset += sizeof(_ipv6h); 3953 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3954 if (offset < 0) 3955 return -EINVAL; 3956 3957 proto = nexthdr; 3958 switch (proto) { 3959 case IPPROTO_TCP: 3960 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3961 if (th != NULL) 3962 sip->sin6_port = th->source; 3963 break; 3964 case IPPROTO_UDP: 3965 case IPPROTO_UDPLITE: 3966 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3967 if (uh != NULL) 3968 sip->sin6_port = uh->source; 3969 break; 3970 case IPPROTO_DCCP: 3971 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3972 if (dh != NULL) 3973 sip->sin6_port = dh->dccph_sport; 3974 break; 3975 } 3976 return proto; 3977 } 3978 #endif /* CONFIG_IPV6 */ 3979 3980 /** 3981 * smack_from_skb - Smack data from the secmark in an skb 3982 * @skb: packet 3983 * 3984 * Returns smack_known of the secmark or NULL if that won't work. 3985 */ 3986 #ifdef CONFIG_NETWORK_SECMARK 3987 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3988 { 3989 if (skb == NULL || skb->secmark == 0) 3990 return NULL; 3991 3992 return smack_from_secid(skb->secmark); 3993 } 3994 #else 3995 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3996 { 3997 return NULL; 3998 } 3999 #endif 4000 4001 /** 4002 * smack_from_netlbl - Smack data from the IP options in an skb 4003 * @sk: socket data came in on 4004 * @family: address family 4005 * @skb: packet 4006 * 4007 * Find the Smack label in the IP options. If it hasn't been 4008 * added to the netlabel cache, add it here. 4009 * 4010 * Returns smack_known of the IP options or NULL if that won't work. 4011 */ 4012 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 4013 struct sk_buff *skb) 4014 { 4015 struct netlbl_lsm_secattr secattr; 4016 struct socket_smack *ssp = NULL; 4017 struct smack_known *skp = NULL; 4018 4019 netlbl_secattr_init(&secattr); 4020 4021 if (sk) 4022 ssp = sk->sk_security; 4023 4024 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 4025 skp = smack_from_secattr(&secattr, ssp); 4026 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 4027 netlbl_cache_add(skb, family, &skp->smk_netlabel); 4028 } 4029 4030 netlbl_secattr_destroy(&secattr); 4031 4032 return skp; 4033 } 4034 4035 /** 4036 * smack_socket_sock_rcv_skb - Smack packet delivery access check 4037 * @sk: socket 4038 * @skb: packet 4039 * 4040 * Returns 0 if the packet should be delivered, an error code otherwise 4041 */ 4042 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 4043 { 4044 struct socket_smack *ssp = sk->sk_security; 4045 struct smack_known *skp = NULL; 4046 int rc = 0; 4047 struct smk_audit_info ad; 4048 u16 family = sk->sk_family; 4049 #ifdef CONFIG_AUDIT 4050 struct lsm_network_audit net; 4051 #endif 4052 #if IS_ENABLED(CONFIG_IPV6) 4053 struct sockaddr_in6 sadd; 4054 int proto; 4055 4056 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 4057 family = PF_INET; 4058 #endif /* CONFIG_IPV6 */ 4059 4060 switch (family) { 4061 case PF_INET: 4062 /* 4063 * If there is a secmark use it rather than the CIPSO label. 4064 * If there is no secmark fall back to CIPSO. 4065 * The secmark is assumed to reflect policy better. 4066 */ 4067 skp = smack_from_skb(skb); 4068 if (skp == NULL) { 4069 skp = smack_from_netlbl(sk, family, skb); 4070 if (skp == NULL) 4071 skp = smack_net_ambient; 4072 } 4073 4074 #ifdef CONFIG_AUDIT 4075 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4076 ad.a.u.net->family = family; 4077 ad.a.u.net->netif = skb->skb_iif; 4078 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4079 #endif 4080 /* 4081 * Receiving a packet requires that the other end 4082 * be able to write here. Read access is not required. 4083 * This is the simplist possible security model 4084 * for networking. 4085 */ 4086 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4087 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 4088 MAY_WRITE, rc); 4089 if (rc != 0) 4090 netlbl_skbuff_err(skb, family, rc, 0); 4091 break; 4092 #if IS_ENABLED(CONFIG_IPV6) 4093 case PF_INET6: 4094 proto = smk_skb_to_addr_ipv6(skb, &sadd); 4095 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 4096 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 4097 break; 4098 #ifdef SMACK_IPV6_SECMARK_LABELING 4099 skp = smack_from_skb(skb); 4100 if (skp == NULL) { 4101 if (smk_ipv6_localhost(&sadd)) 4102 break; 4103 skp = smack_ipv6host_label(&sadd); 4104 if (skp == NULL) 4105 skp = smack_net_ambient; 4106 } 4107 #ifdef CONFIG_AUDIT 4108 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4109 ad.a.u.net->family = family; 4110 ad.a.u.net->netif = skb->skb_iif; 4111 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 4112 #endif /* CONFIG_AUDIT */ 4113 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4114 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 4115 MAY_WRITE, rc); 4116 #endif /* SMACK_IPV6_SECMARK_LABELING */ 4117 #ifdef SMACK_IPV6_PORT_LABELING 4118 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 4119 #endif /* SMACK_IPV6_PORT_LABELING */ 4120 if (rc != 0) 4121 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 4122 ICMPV6_ADM_PROHIBITED, 0); 4123 break; 4124 #endif /* CONFIG_IPV6 */ 4125 } 4126 4127 return rc; 4128 } 4129 4130 /** 4131 * smack_socket_getpeersec_stream - pull in packet label 4132 * @sock: the socket 4133 * @optval: user's destination 4134 * @optlen: size thereof 4135 * @len: max thereof 4136 * 4137 * returns zero on success, an error code otherwise 4138 */ 4139 static int smack_socket_getpeersec_stream(struct socket *sock, 4140 sockptr_t optval, sockptr_t optlen, 4141 unsigned int len) 4142 { 4143 struct socket_smack *ssp; 4144 char *rcp = ""; 4145 u32 slen = 1; 4146 int rc = 0; 4147 4148 ssp = sock->sk->sk_security; 4149 if (ssp->smk_packet != NULL) { 4150 rcp = ssp->smk_packet->smk_known; 4151 slen = strlen(rcp) + 1; 4152 } 4153 if (slen > len) { 4154 rc = -ERANGE; 4155 goto out_len; 4156 } 4157 4158 if (copy_to_sockptr(optval, rcp, slen)) 4159 rc = -EFAULT; 4160 out_len: 4161 if (copy_to_sockptr(optlen, &slen, sizeof(slen))) 4162 rc = -EFAULT; 4163 return rc; 4164 } 4165 4166 4167 /** 4168 * smack_socket_getpeersec_dgram - pull in packet label 4169 * @sock: the peer socket 4170 * @skb: packet data 4171 * @secid: pointer to where to put the secid of the packet 4172 * 4173 * Sets the netlabel socket state on sk from parent 4174 */ 4175 static int smack_socket_getpeersec_dgram(struct socket *sock, 4176 struct sk_buff *skb, u32 *secid) 4177 4178 { 4179 struct socket_smack *ssp = NULL; 4180 struct smack_known *skp; 4181 struct sock *sk = NULL; 4182 int family = PF_UNSPEC; 4183 u32 s = 0; /* 0 is the invalid secid */ 4184 4185 if (skb != NULL) { 4186 if (skb->protocol == htons(ETH_P_IP)) 4187 family = PF_INET; 4188 #if IS_ENABLED(CONFIG_IPV6) 4189 else if (skb->protocol == htons(ETH_P_IPV6)) 4190 family = PF_INET6; 4191 #endif /* CONFIG_IPV6 */ 4192 } 4193 if (family == PF_UNSPEC && sock != NULL) 4194 family = sock->sk->sk_family; 4195 4196 switch (family) { 4197 case PF_UNIX: 4198 ssp = sock->sk->sk_security; 4199 s = ssp->smk_out->smk_secid; 4200 break; 4201 case PF_INET: 4202 skp = smack_from_skb(skb); 4203 if (skp) { 4204 s = skp->smk_secid; 4205 break; 4206 } 4207 /* 4208 * Translate what netlabel gave us. 4209 */ 4210 if (sock != NULL) 4211 sk = sock->sk; 4212 skp = smack_from_netlbl(sk, family, skb); 4213 if (skp != NULL) 4214 s = skp->smk_secid; 4215 break; 4216 case PF_INET6: 4217 #ifdef SMACK_IPV6_SECMARK_LABELING 4218 skp = smack_from_skb(skb); 4219 if (skp) 4220 s = skp->smk_secid; 4221 #endif 4222 break; 4223 } 4224 *secid = s; 4225 if (s == 0) 4226 return -EINVAL; 4227 return 0; 4228 } 4229 4230 /** 4231 * smack_sock_graft - Initialize a newly created socket with an existing sock 4232 * @sk: child sock 4233 * @parent: parent socket 4234 * 4235 * Set the smk_{in,out} state of an existing sock based on the process that 4236 * is creating the new socket. 4237 */ 4238 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4239 { 4240 struct socket_smack *ssp; 4241 struct smack_known *skp = smk_of_current(); 4242 4243 if (sk == NULL || 4244 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4245 return; 4246 4247 ssp = sk->sk_security; 4248 ssp->smk_in = skp; 4249 ssp->smk_out = skp; 4250 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4251 } 4252 4253 /** 4254 * smack_inet_conn_request - Smack access check on connect 4255 * @sk: socket involved 4256 * @skb: packet 4257 * @req: unused 4258 * 4259 * Returns 0 if a task with the packet label could write to 4260 * the socket, otherwise an error code 4261 */ 4262 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4263 struct request_sock *req) 4264 { 4265 u16 family = sk->sk_family; 4266 struct smack_known *skp; 4267 struct socket_smack *ssp = sk->sk_security; 4268 struct sockaddr_in addr; 4269 struct iphdr *hdr; 4270 struct smack_known *hskp; 4271 int rc; 4272 struct smk_audit_info ad; 4273 #ifdef CONFIG_AUDIT 4274 struct lsm_network_audit net; 4275 #endif 4276 4277 #if IS_ENABLED(CONFIG_IPV6) 4278 if (family == PF_INET6) { 4279 /* 4280 * Handle mapped IPv4 packets arriving 4281 * via IPv6 sockets. Don't set up netlabel 4282 * processing on IPv6. 4283 */ 4284 if (skb->protocol == htons(ETH_P_IP)) 4285 family = PF_INET; 4286 else 4287 return 0; 4288 } 4289 #endif /* CONFIG_IPV6 */ 4290 4291 /* 4292 * If there is a secmark use it rather than the CIPSO label. 4293 * If there is no secmark fall back to CIPSO. 4294 * The secmark is assumed to reflect policy better. 4295 */ 4296 skp = smack_from_skb(skb); 4297 if (skp == NULL) { 4298 skp = smack_from_netlbl(sk, family, skb); 4299 if (skp == NULL) 4300 skp = &smack_known_huh; 4301 } 4302 4303 #ifdef CONFIG_AUDIT 4304 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4305 ad.a.u.net->family = family; 4306 ad.a.u.net->netif = skb->skb_iif; 4307 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4308 #endif 4309 /* 4310 * Receiving a packet requires that the other end be able to write 4311 * here. Read access is not required. 4312 */ 4313 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4314 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4315 if (rc != 0) 4316 return rc; 4317 4318 /* 4319 * Save the peer's label in the request_sock so we can later setup 4320 * smk_packet in the child socket so that SO_PEERCRED can report it. 4321 */ 4322 req->peer_secid = skp->smk_secid; 4323 4324 /* 4325 * We need to decide if we want to label the incoming connection here 4326 * if we do we only need to label the request_sock and the stack will 4327 * propagate the wire-label to the sock when it is created. 4328 */ 4329 hdr = ip_hdr(skb); 4330 addr.sin_addr.s_addr = hdr->saddr; 4331 rcu_read_lock(); 4332 hskp = smack_ipv4host_label(&addr); 4333 rcu_read_unlock(); 4334 4335 if (hskp == NULL) 4336 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4337 else 4338 netlbl_req_delattr(req); 4339 4340 return rc; 4341 } 4342 4343 /** 4344 * smack_inet_csk_clone - Copy the connection information to the new socket 4345 * @sk: the new socket 4346 * @req: the connection's request_sock 4347 * 4348 * Transfer the connection's peer label to the newly created socket. 4349 */ 4350 static void smack_inet_csk_clone(struct sock *sk, 4351 const struct request_sock *req) 4352 { 4353 struct socket_smack *ssp = sk->sk_security; 4354 struct smack_known *skp; 4355 4356 if (req->peer_secid != 0) { 4357 skp = smack_from_secid(req->peer_secid); 4358 ssp->smk_packet = skp; 4359 } else 4360 ssp->smk_packet = NULL; 4361 } 4362 4363 /* 4364 * Key management security hooks 4365 * 4366 * Casey has not tested key support very heavily. 4367 * The permission check is most likely too restrictive. 4368 * If you care about keys please have a look. 4369 */ 4370 #ifdef CONFIG_KEYS 4371 4372 /** 4373 * smack_key_alloc - Set the key security blob 4374 * @key: object 4375 * @cred: the credentials to use 4376 * @flags: unused 4377 * 4378 * No allocation required 4379 * 4380 * Returns 0 4381 */ 4382 static int smack_key_alloc(struct key *key, const struct cred *cred, 4383 unsigned long flags) 4384 { 4385 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4386 4387 key->security = skp; 4388 return 0; 4389 } 4390 4391 /** 4392 * smack_key_free - Clear the key security blob 4393 * @key: the object 4394 * 4395 * Clear the blob pointer 4396 */ 4397 static void smack_key_free(struct key *key) 4398 { 4399 key->security = NULL; 4400 } 4401 4402 /** 4403 * smack_key_permission - Smack access on a key 4404 * @key_ref: gets to the object 4405 * @cred: the credentials to use 4406 * @need_perm: requested key permission 4407 * 4408 * Return 0 if the task has read and write to the object, 4409 * an error code otherwise 4410 */ 4411 static int smack_key_permission(key_ref_t key_ref, 4412 const struct cred *cred, 4413 enum key_need_perm need_perm) 4414 { 4415 struct key *keyp; 4416 struct smk_audit_info ad; 4417 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4418 int request = 0; 4419 int rc; 4420 4421 /* 4422 * Validate requested permissions 4423 */ 4424 switch (need_perm) { 4425 case KEY_NEED_READ: 4426 case KEY_NEED_SEARCH: 4427 case KEY_NEED_VIEW: 4428 request |= MAY_READ; 4429 break; 4430 case KEY_NEED_WRITE: 4431 case KEY_NEED_LINK: 4432 case KEY_NEED_SETATTR: 4433 request |= MAY_WRITE; 4434 break; 4435 case KEY_NEED_UNSPECIFIED: 4436 case KEY_NEED_UNLINK: 4437 case KEY_SYSADMIN_OVERRIDE: 4438 case KEY_AUTHTOKEN_OVERRIDE: 4439 case KEY_DEFER_PERM_CHECK: 4440 return 0; 4441 default: 4442 return -EINVAL; 4443 } 4444 4445 keyp = key_ref_to_ptr(key_ref); 4446 if (keyp == NULL) 4447 return -EINVAL; 4448 /* 4449 * If the key hasn't been initialized give it access so that 4450 * it may do so. 4451 */ 4452 if (keyp->security == NULL) 4453 return 0; 4454 /* 4455 * This should not occur 4456 */ 4457 if (tkp == NULL) 4458 return -EACCES; 4459 4460 if (smack_privileged(CAP_MAC_OVERRIDE)) 4461 return 0; 4462 4463 #ifdef CONFIG_AUDIT 4464 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4465 ad.a.u.key_struct.key = keyp->serial; 4466 ad.a.u.key_struct.key_desc = keyp->description; 4467 #endif 4468 rc = smk_access(tkp, keyp->security, request, &ad); 4469 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4470 return rc; 4471 } 4472 4473 /* 4474 * smack_key_getsecurity - Smack label tagging the key 4475 * @key points to the key to be queried 4476 * @_buffer points to a pointer that should be set to point to the 4477 * resulting string (if no label or an error occurs). 4478 * Return the length of the string (including terminating NUL) or -ve if 4479 * an error. 4480 * May also return 0 (and a NULL buffer pointer) if there is no label. 4481 */ 4482 static int smack_key_getsecurity(struct key *key, char **_buffer) 4483 { 4484 struct smack_known *skp = key->security; 4485 size_t length; 4486 char *copy; 4487 4488 if (key->security == NULL) { 4489 *_buffer = NULL; 4490 return 0; 4491 } 4492 4493 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4494 if (copy == NULL) 4495 return -ENOMEM; 4496 length = strlen(copy) + 1; 4497 4498 *_buffer = copy; 4499 return length; 4500 } 4501 4502 4503 #ifdef CONFIG_KEY_NOTIFICATIONS 4504 /** 4505 * smack_watch_key - Smack access to watch a key for notifications. 4506 * @key: The key to be watched 4507 * 4508 * Return 0 if the @watch->cred has permission to read from the key object and 4509 * an error otherwise. 4510 */ 4511 static int smack_watch_key(struct key *key) 4512 { 4513 struct smk_audit_info ad; 4514 struct smack_known *tkp = smk_of_current(); 4515 int rc; 4516 4517 if (key == NULL) 4518 return -EINVAL; 4519 /* 4520 * If the key hasn't been initialized give it access so that 4521 * it may do so. 4522 */ 4523 if (key->security == NULL) 4524 return 0; 4525 /* 4526 * This should not occur 4527 */ 4528 if (tkp == NULL) 4529 return -EACCES; 4530 4531 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4532 return 0; 4533 4534 #ifdef CONFIG_AUDIT 4535 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4536 ad.a.u.key_struct.key = key->serial; 4537 ad.a.u.key_struct.key_desc = key->description; 4538 #endif 4539 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4540 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4541 return rc; 4542 } 4543 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4544 #endif /* CONFIG_KEYS */ 4545 4546 #ifdef CONFIG_WATCH_QUEUE 4547 /** 4548 * smack_post_notification - Smack access to post a notification to a queue 4549 * @w_cred: The credentials of the watcher. 4550 * @cred: The credentials of the event source (may be NULL). 4551 * @n: The notification message to be posted. 4552 */ 4553 static int smack_post_notification(const struct cred *w_cred, 4554 const struct cred *cred, 4555 struct watch_notification *n) 4556 { 4557 struct smk_audit_info ad; 4558 struct smack_known *subj, *obj; 4559 int rc; 4560 4561 /* Always let maintenance notifications through. */ 4562 if (n->type == WATCH_TYPE_META) 4563 return 0; 4564 4565 if (!cred) 4566 return 0; 4567 subj = smk_of_task(smack_cred(cred)); 4568 obj = smk_of_task(smack_cred(w_cred)); 4569 4570 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4571 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4572 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4573 return rc; 4574 } 4575 #endif /* CONFIG_WATCH_QUEUE */ 4576 4577 /* 4578 * Smack Audit hooks 4579 * 4580 * Audit requires a unique representation of each Smack specific 4581 * rule. This unique representation is used to distinguish the 4582 * object to be audited from remaining kernel objects and also 4583 * works as a glue between the audit hooks. 4584 * 4585 * Since repository entries are added but never deleted, we'll use 4586 * the smack_known label address related to the given audit rule as 4587 * the needed unique representation. This also better fits the smack 4588 * model where nearly everything is a label. 4589 */ 4590 #ifdef CONFIG_AUDIT 4591 4592 /** 4593 * smack_audit_rule_init - Initialize a smack audit rule 4594 * @field: audit rule fields given from user-space (audit.h) 4595 * @op: required testing operator (=, !=, >, <, ...) 4596 * @rulestr: smack label to be audited 4597 * @vrule: pointer to save our own audit rule representation 4598 * 4599 * Prepare to audit cases where (@field @op @rulestr) is true. 4600 * The label to be audited is created if necessay. 4601 */ 4602 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4603 { 4604 struct smack_known *skp; 4605 char **rule = (char **)vrule; 4606 *rule = NULL; 4607 4608 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4609 return -EINVAL; 4610 4611 if (op != Audit_equal && op != Audit_not_equal) 4612 return -EINVAL; 4613 4614 skp = smk_import_entry(rulestr, 0); 4615 if (IS_ERR(skp)) 4616 return PTR_ERR(skp); 4617 4618 *rule = skp->smk_known; 4619 4620 return 0; 4621 } 4622 4623 /** 4624 * smack_audit_rule_known - Distinguish Smack audit rules 4625 * @krule: rule of interest, in Audit kernel representation format 4626 * 4627 * This is used to filter Smack rules from remaining Audit ones. 4628 * If it's proved that this rule belongs to us, the 4629 * audit_rule_match hook will be called to do the final judgement. 4630 */ 4631 static int smack_audit_rule_known(struct audit_krule *krule) 4632 { 4633 struct audit_field *f; 4634 int i; 4635 4636 for (i = 0; i < krule->field_count; i++) { 4637 f = &krule->fields[i]; 4638 4639 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4640 return 1; 4641 } 4642 4643 return 0; 4644 } 4645 4646 /** 4647 * smack_audit_rule_match - Audit given object ? 4648 * @secid: security id for identifying the object to test 4649 * @field: audit rule flags given from user-space 4650 * @op: required testing operator 4651 * @vrule: smack internal rule presentation 4652 * 4653 * The core Audit hook. It's used to take the decision of 4654 * whether to audit or not to audit a given object. 4655 */ 4656 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4657 { 4658 struct smack_known *skp; 4659 char *rule = vrule; 4660 4661 if (unlikely(!rule)) { 4662 WARN_ONCE(1, "Smack: missing rule\n"); 4663 return -ENOENT; 4664 } 4665 4666 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4667 return 0; 4668 4669 skp = smack_from_secid(secid); 4670 4671 /* 4672 * No need to do string comparisons. If a match occurs, 4673 * both pointers will point to the same smack_known 4674 * label. 4675 */ 4676 if (op == Audit_equal) 4677 return (rule == skp->smk_known); 4678 if (op == Audit_not_equal) 4679 return (rule != skp->smk_known); 4680 4681 return 0; 4682 } 4683 4684 /* 4685 * There is no need for a smack_audit_rule_free hook. 4686 * No memory was allocated. 4687 */ 4688 4689 #endif /* CONFIG_AUDIT */ 4690 4691 /** 4692 * smack_ismaclabel - check if xattr @name references a smack MAC label 4693 * @name: Full xattr name to check. 4694 */ 4695 static int smack_ismaclabel(const char *name) 4696 { 4697 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4698 } 4699 4700 4701 /** 4702 * smack_secid_to_secctx - return the smack label for a secid 4703 * @secid: incoming integer 4704 * @secdata: destination 4705 * @seclen: how long it is 4706 * 4707 * Exists for networking code. 4708 */ 4709 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4710 { 4711 struct smack_known *skp = smack_from_secid(secid); 4712 4713 if (secdata) 4714 *secdata = skp->smk_known; 4715 *seclen = strlen(skp->smk_known); 4716 return 0; 4717 } 4718 4719 /** 4720 * smack_secctx_to_secid - return the secid for a smack label 4721 * @secdata: smack label 4722 * @seclen: how long result is 4723 * @secid: outgoing integer 4724 * 4725 * Exists for audit and networking code. 4726 */ 4727 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4728 { 4729 struct smack_known *skp = smk_find_entry(secdata); 4730 4731 if (skp) 4732 *secid = skp->smk_secid; 4733 else 4734 *secid = 0; 4735 return 0; 4736 } 4737 4738 /* 4739 * There used to be a smack_release_secctx hook 4740 * that did nothing back when hooks were in a vector. 4741 * Now that there's a list such a hook adds cost. 4742 */ 4743 4744 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4745 { 4746 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4747 ctxlen, 0); 4748 } 4749 4750 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4751 { 4752 return __vfs_setxattr_noperm(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK, 4753 ctx, ctxlen, 0); 4754 } 4755 4756 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4757 { 4758 struct smack_known *skp = smk_of_inode(inode); 4759 4760 *ctx = skp->smk_known; 4761 *ctxlen = strlen(skp->smk_known); 4762 return 0; 4763 } 4764 4765 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4766 { 4767 4768 struct task_smack *tsp; 4769 struct smack_known *skp; 4770 struct inode_smack *isp; 4771 struct cred *new_creds = *new; 4772 4773 if (new_creds == NULL) { 4774 new_creds = prepare_creds(); 4775 if (new_creds == NULL) 4776 return -ENOMEM; 4777 } 4778 4779 tsp = smack_cred(new_creds); 4780 4781 /* 4782 * Get label from overlay inode and set it in create_sid 4783 */ 4784 isp = smack_inode(d_inode(dentry)); 4785 skp = isp->smk_inode; 4786 tsp->smk_task = skp; 4787 *new = new_creds; 4788 return 0; 4789 } 4790 4791 static int smack_inode_copy_up_xattr(const char *name) 4792 { 4793 /* 4794 * Return 1 if this is the smack access Smack attribute. 4795 */ 4796 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4797 return 1; 4798 4799 return -EOPNOTSUPP; 4800 } 4801 4802 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4803 struct qstr *name, 4804 const struct cred *old, 4805 struct cred *new) 4806 { 4807 struct task_smack *otsp = smack_cred(old); 4808 struct task_smack *ntsp = smack_cred(new); 4809 struct inode_smack *isp; 4810 int may; 4811 4812 /* 4813 * Use the process credential unless all of 4814 * the transmuting criteria are met 4815 */ 4816 ntsp->smk_task = otsp->smk_task; 4817 4818 /* 4819 * the attribute of the containing directory 4820 */ 4821 isp = smack_inode(d_inode(dentry->d_parent)); 4822 4823 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4824 rcu_read_lock(); 4825 may = smk_access_entry(otsp->smk_task->smk_known, 4826 isp->smk_inode->smk_known, 4827 &otsp->smk_task->smk_rules); 4828 rcu_read_unlock(); 4829 4830 /* 4831 * If the directory is transmuting and the rule 4832 * providing access is transmuting use the containing 4833 * directory label instead of the process label. 4834 */ 4835 if (may > 0 && (may & MAY_TRANSMUTE)) { 4836 ntsp->smk_task = isp->smk_inode; 4837 ntsp->smk_transmuted = ntsp->smk_task; 4838 } 4839 } 4840 return 0; 4841 } 4842 4843 #ifdef CONFIG_IO_URING 4844 /** 4845 * smack_uring_override_creds - Is io_uring cred override allowed? 4846 * @new: the target creds 4847 * 4848 * Check to see if the current task is allowed to override it's credentials 4849 * to service an io_uring operation. 4850 */ 4851 static int smack_uring_override_creds(const struct cred *new) 4852 { 4853 struct task_smack *tsp = smack_cred(current_cred()); 4854 struct task_smack *nsp = smack_cred(new); 4855 4856 /* 4857 * Allow the degenerate case where the new Smack value is 4858 * the same as the current Smack value. 4859 */ 4860 if (tsp->smk_task == nsp->smk_task) 4861 return 0; 4862 4863 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4864 return 0; 4865 4866 return -EPERM; 4867 } 4868 4869 /** 4870 * smack_uring_sqpoll - check if a io_uring polling thread can be created 4871 * 4872 * Check to see if the current task is allowed to create a new io_uring 4873 * kernel polling thread. 4874 */ 4875 static int smack_uring_sqpoll(void) 4876 { 4877 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) 4878 return 0; 4879 4880 return -EPERM; 4881 } 4882 4883 /** 4884 * smack_uring_cmd - check on file operations for io_uring 4885 * @ioucmd: the command in question 4886 * 4887 * Make a best guess about whether a io_uring "command" should 4888 * be allowed. Use the same logic used for determining if the 4889 * file could be opened for read in the absence of better criteria. 4890 */ 4891 static int smack_uring_cmd(struct io_uring_cmd *ioucmd) 4892 { 4893 struct file *file = ioucmd->file; 4894 struct smk_audit_info ad; 4895 struct task_smack *tsp; 4896 struct inode *inode; 4897 int rc; 4898 4899 if (!file) 4900 return -EINVAL; 4901 4902 tsp = smack_cred(file->f_cred); 4903 inode = file_inode(file); 4904 4905 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 4906 smk_ad_setfield_u_fs_path(&ad, file->f_path); 4907 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 4908 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 4909 4910 return rc; 4911 } 4912 4913 #endif /* CONFIG_IO_URING */ 4914 4915 struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { 4916 .lbs_cred = sizeof(struct task_smack), 4917 .lbs_file = sizeof(struct smack_known *), 4918 .lbs_inode = sizeof(struct inode_smack), 4919 .lbs_ipc = sizeof(struct smack_known *), 4920 .lbs_msg_msg = sizeof(struct smack_known *), 4921 .lbs_superblock = sizeof(struct superblock_smack), 4922 }; 4923 4924 static struct security_hook_list smack_hooks[] __ro_after_init = { 4925 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4926 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4927 LSM_HOOK_INIT(syslog, smack_syslog), 4928 4929 LSM_HOOK_INIT(fs_context_submount, smack_fs_context_submount), 4930 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4931 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4932 4933 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4934 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4935 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4936 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4937 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4938 4939 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4940 4941 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4942 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4943 LSM_HOOK_INIT(inode_link, smack_inode_link), 4944 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4945 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4946 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4947 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4948 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4949 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4950 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4951 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4952 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4953 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4954 LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl), 4955 LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl), 4956 LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl), 4957 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4958 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4959 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4960 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4961 4962 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4963 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4964 LSM_HOOK_INIT(file_lock, smack_file_lock), 4965 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4966 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4967 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4968 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4969 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4970 LSM_HOOK_INIT(file_receive, smack_file_receive), 4971 4972 LSM_HOOK_INIT(file_open, smack_file_open), 4973 4974 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4975 LSM_HOOK_INIT(cred_free, smack_cred_free), 4976 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4977 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4978 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4979 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4980 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4981 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4982 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4983 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4984 LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj), 4985 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 4986 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4987 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4988 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4989 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4990 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4991 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4992 LSM_HOOK_INIT(task_kill, smack_task_kill), 4993 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4994 4995 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4996 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4997 4998 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4999 5000 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 5001 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 5002 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 5003 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 5004 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 5005 5006 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 5007 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 5008 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 5009 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 5010 5011 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 5012 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 5013 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 5014 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 5015 5016 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 5017 5018 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 5019 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 5020 5021 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 5022 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 5023 5024 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 5025 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 5026 #ifdef SMACK_IPV6_PORT_LABELING 5027 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 5028 #endif 5029 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 5030 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 5031 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 5032 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 5033 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 5034 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 5035 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 5036 LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security), 5037 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 5038 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 5039 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 5040 5041 /* key management security hooks */ 5042 #ifdef CONFIG_KEYS 5043 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 5044 LSM_HOOK_INIT(key_free, smack_key_free), 5045 LSM_HOOK_INIT(key_permission, smack_key_permission), 5046 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 5047 #ifdef CONFIG_KEY_NOTIFICATIONS 5048 LSM_HOOK_INIT(watch_key, smack_watch_key), 5049 #endif 5050 #endif /* CONFIG_KEYS */ 5051 5052 #ifdef CONFIG_WATCH_QUEUE 5053 LSM_HOOK_INIT(post_notification, smack_post_notification), 5054 #endif 5055 5056 /* Audit hooks */ 5057 #ifdef CONFIG_AUDIT 5058 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 5059 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 5060 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 5061 #endif /* CONFIG_AUDIT */ 5062 5063 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 5064 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 5065 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 5066 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 5067 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 5068 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 5069 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 5070 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 5071 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 5072 #ifdef CONFIG_IO_URING 5073 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds), 5074 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll), 5075 LSM_HOOK_INIT(uring_cmd, smack_uring_cmd), 5076 #endif 5077 }; 5078 5079 5080 static __init void init_smack_known_list(void) 5081 { 5082 /* 5083 * Initialize rule list locks 5084 */ 5085 mutex_init(&smack_known_huh.smk_rules_lock); 5086 mutex_init(&smack_known_hat.smk_rules_lock); 5087 mutex_init(&smack_known_floor.smk_rules_lock); 5088 mutex_init(&smack_known_star.smk_rules_lock); 5089 mutex_init(&smack_known_web.smk_rules_lock); 5090 /* 5091 * Initialize rule lists 5092 */ 5093 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 5094 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 5095 INIT_LIST_HEAD(&smack_known_star.smk_rules); 5096 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 5097 INIT_LIST_HEAD(&smack_known_web.smk_rules); 5098 /* 5099 * Create the known labels list 5100 */ 5101 smk_insert_entry(&smack_known_huh); 5102 smk_insert_entry(&smack_known_hat); 5103 smk_insert_entry(&smack_known_star); 5104 smk_insert_entry(&smack_known_floor); 5105 smk_insert_entry(&smack_known_web); 5106 } 5107 5108 /** 5109 * smack_init - initialize the smack system 5110 * 5111 * Returns 0 on success, -ENOMEM is there's no memory 5112 */ 5113 static __init int smack_init(void) 5114 { 5115 struct cred *cred = (struct cred *) current->cred; 5116 struct task_smack *tsp; 5117 5118 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 5119 if (!smack_rule_cache) 5120 return -ENOMEM; 5121 5122 /* 5123 * Set the security state for the initial task. 5124 */ 5125 tsp = smack_cred(cred); 5126 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 5127 5128 /* 5129 * Register with LSM 5130 */ 5131 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 5132 smack_enabled = 1; 5133 5134 pr_info("Smack: Initializing.\n"); 5135 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 5136 pr_info("Smack: Netfilter enabled.\n"); 5137 #endif 5138 #ifdef SMACK_IPV6_PORT_LABELING 5139 pr_info("Smack: IPv6 port labeling enabled.\n"); 5140 #endif 5141 #ifdef SMACK_IPV6_SECMARK_LABELING 5142 pr_info("Smack: IPv6 Netfilter enabled.\n"); 5143 #endif 5144 5145 /* initialize the smack_known_list */ 5146 init_smack_known_list(); 5147 5148 return 0; 5149 } 5150 5151 /* 5152 * Smack requires early initialization in order to label 5153 * all processes and objects when they are created. 5154 */ 5155 DEFINE_LSM(smack) = { 5156 .name = "smack", 5157 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 5158 .blobs = &smack_blob_sizes, 5159 .init = smack_init, 5160 }; 5161