1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include "smack.h" 46 47 #define TRANS_TRUE "TRUE" 48 #define TRANS_TRUE_SIZE 4 49 50 #define SMK_CONNECTING 0 51 #define SMK_RECEIVING 1 52 #define SMK_SENDING 2 53 54 static DEFINE_MUTEX(smack_ipv6_lock); 55 static LIST_HEAD(smk_ipv6_port_list); 56 struct kmem_cache *smack_rule_cache; 57 int smack_enabled; 58 59 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 60 static struct { 61 const char *name; 62 int len; 63 int opt; 64 } smk_mount_opts[] = { 65 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 66 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 67 }; 68 #undef A 69 70 static int match_opt_prefix(char *s, int l, char **arg) 71 { 72 int i; 73 74 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 75 size_t len = smk_mount_opts[i].len; 76 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 77 continue; 78 if (len == l || s[len] != '=') 79 continue; 80 *arg = s + len + 1; 81 return smk_mount_opts[i].opt; 82 } 83 return Opt_error; 84 } 85 86 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 87 static char *smk_bu_mess[] = { 88 "Bringup Error", /* Unused */ 89 "Bringup", /* SMACK_BRINGUP_ALLOW */ 90 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 91 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 92 }; 93 94 static void smk_bu_mode(int mode, char *s) 95 { 96 int i = 0; 97 98 if (mode & MAY_READ) 99 s[i++] = 'r'; 100 if (mode & MAY_WRITE) 101 s[i++] = 'w'; 102 if (mode & MAY_EXEC) 103 s[i++] = 'x'; 104 if (mode & MAY_APPEND) 105 s[i++] = 'a'; 106 if (mode & MAY_TRANSMUTE) 107 s[i++] = 't'; 108 if (mode & MAY_LOCK) 109 s[i++] = 'l'; 110 if (i == 0) 111 s[i++] = '-'; 112 s[i] = '\0'; 113 } 114 #endif 115 116 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 117 static int smk_bu_note(char *note, struct smack_known *sskp, 118 struct smack_known *oskp, int mode, int rc) 119 { 120 char acc[SMK_NUM_ACCESS_TYPE + 1]; 121 122 if (rc <= 0) 123 return rc; 124 if (rc > SMACK_UNCONFINED_OBJECT) 125 rc = 0; 126 127 smk_bu_mode(mode, acc); 128 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 129 sskp->smk_known, oskp->smk_known, acc, note); 130 return 0; 131 } 132 #else 133 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 134 #endif 135 136 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 137 static int smk_bu_current(char *note, struct smack_known *oskp, 138 int mode, int rc) 139 { 140 struct task_smack *tsp = smack_cred(current_cred()); 141 char acc[SMK_NUM_ACCESS_TYPE + 1]; 142 143 if (rc <= 0) 144 return rc; 145 if (rc > SMACK_UNCONFINED_OBJECT) 146 rc = 0; 147 148 smk_bu_mode(mode, acc); 149 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 150 tsp->smk_task->smk_known, oskp->smk_known, 151 acc, current->comm, note); 152 return 0; 153 } 154 #else 155 #define smk_bu_current(note, oskp, mode, RC) (RC) 156 #endif 157 158 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 159 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 160 { 161 struct task_smack *tsp = smack_cred(current_cred()); 162 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 163 char acc[SMK_NUM_ACCESS_TYPE + 1]; 164 165 if (rc <= 0) 166 return rc; 167 if (rc > SMACK_UNCONFINED_OBJECT) 168 rc = 0; 169 170 smk_bu_mode(mode, acc); 171 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 172 tsp->smk_task->smk_known, smk_task->smk_known, acc, 173 current->comm, otp->comm); 174 return 0; 175 } 176 #else 177 #define smk_bu_task(otp, mode, RC) (RC) 178 #endif 179 180 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 181 static int smk_bu_inode(struct inode *inode, int mode, int rc) 182 { 183 struct task_smack *tsp = smack_cred(current_cred()); 184 struct inode_smack *isp = smack_inode(inode); 185 char acc[SMK_NUM_ACCESS_TYPE + 1]; 186 187 if (isp->smk_flags & SMK_INODE_IMPURE) 188 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 189 inode->i_sb->s_id, inode->i_ino, current->comm); 190 191 if (rc <= 0) 192 return rc; 193 if (rc > SMACK_UNCONFINED_OBJECT) 194 rc = 0; 195 if (rc == SMACK_UNCONFINED_SUBJECT && 196 (mode & (MAY_WRITE | MAY_APPEND))) 197 isp->smk_flags |= SMK_INODE_IMPURE; 198 199 smk_bu_mode(mode, acc); 200 201 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 202 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 203 inode->i_sb->s_id, inode->i_ino, current->comm); 204 return 0; 205 } 206 #else 207 #define smk_bu_inode(inode, mode, RC) (RC) 208 #endif 209 210 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 211 static int smk_bu_file(struct file *file, int mode, int rc) 212 { 213 struct task_smack *tsp = smack_cred(current_cred()); 214 struct smack_known *sskp = tsp->smk_task; 215 struct inode *inode = file_inode(file); 216 struct inode_smack *isp = smack_inode(inode); 217 char acc[SMK_NUM_ACCESS_TYPE + 1]; 218 219 if (isp->smk_flags & SMK_INODE_IMPURE) 220 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 221 inode->i_sb->s_id, inode->i_ino, current->comm); 222 223 if (rc <= 0) 224 return rc; 225 if (rc > SMACK_UNCONFINED_OBJECT) 226 rc = 0; 227 228 smk_bu_mode(mode, acc); 229 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 230 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 231 inode->i_sb->s_id, inode->i_ino, file, 232 current->comm); 233 return 0; 234 } 235 #else 236 #define smk_bu_file(file, mode, RC) (RC) 237 #endif 238 239 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 240 static int smk_bu_credfile(const struct cred *cred, struct file *file, 241 int mode, int rc) 242 { 243 struct task_smack *tsp = smack_cred(cred); 244 struct smack_known *sskp = tsp->smk_task; 245 struct inode *inode = file_inode(file); 246 struct inode_smack *isp = smack_inode(inode); 247 char acc[SMK_NUM_ACCESS_TYPE + 1]; 248 249 if (isp->smk_flags & SMK_INODE_IMPURE) 250 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 251 inode->i_sb->s_id, inode->i_ino, current->comm); 252 253 if (rc <= 0) 254 return rc; 255 if (rc > SMACK_UNCONFINED_OBJECT) 256 rc = 0; 257 258 smk_bu_mode(mode, acc); 259 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 260 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 261 inode->i_sb->s_id, inode->i_ino, file, 262 current->comm); 263 return 0; 264 } 265 #else 266 #define smk_bu_credfile(cred, file, mode, RC) (RC) 267 #endif 268 269 /** 270 * smk_fetch - Fetch the smack label from a file. 271 * @name: type of the label (attribute) 272 * @ip: a pointer to the inode 273 * @dp: a pointer to the dentry 274 * 275 * Returns a pointer to the master list entry for the Smack label, 276 * NULL if there was no label to fetch, or an error code. 277 */ 278 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 279 struct dentry *dp) 280 { 281 int rc; 282 char *buffer; 283 struct smack_known *skp = NULL; 284 285 if (!(ip->i_opflags & IOP_XATTR)) 286 return ERR_PTR(-EOPNOTSUPP); 287 288 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 289 if (buffer == NULL) 290 return ERR_PTR(-ENOMEM); 291 292 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 293 if (rc < 0) 294 skp = ERR_PTR(rc); 295 else if (rc == 0) 296 skp = NULL; 297 else 298 skp = smk_import_entry(buffer, rc); 299 300 kfree(buffer); 301 302 return skp; 303 } 304 305 /** 306 * init_inode_smack - initialize an inode security blob 307 * @inode: inode to extract the info from 308 * @skp: a pointer to the Smack label entry to use in the blob 309 * 310 */ 311 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 312 { 313 struct inode_smack *isp = smack_inode(inode); 314 315 isp->smk_inode = skp; 316 isp->smk_flags = 0; 317 } 318 319 /** 320 * init_task_smack - initialize a task security blob 321 * @tsp: blob to initialize 322 * @task: a pointer to the Smack label for the running task 323 * @forked: a pointer to the Smack label for the forked task 324 * 325 */ 326 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 327 struct smack_known *forked) 328 { 329 tsp->smk_task = task; 330 tsp->smk_forked = forked; 331 INIT_LIST_HEAD(&tsp->smk_rules); 332 INIT_LIST_HEAD(&tsp->smk_relabel); 333 mutex_init(&tsp->smk_rules_lock); 334 } 335 336 /** 337 * smk_copy_rules - copy a rule set 338 * @nhead: new rules header pointer 339 * @ohead: old rules header pointer 340 * @gfp: type of the memory for the allocation 341 * 342 * Returns 0 on success, -ENOMEM on error 343 */ 344 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 345 gfp_t gfp) 346 { 347 struct smack_rule *nrp; 348 struct smack_rule *orp; 349 int rc = 0; 350 351 list_for_each_entry_rcu(orp, ohead, list) { 352 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 353 if (nrp == NULL) { 354 rc = -ENOMEM; 355 break; 356 } 357 *nrp = *orp; 358 list_add_rcu(&nrp->list, nhead); 359 } 360 return rc; 361 } 362 363 /** 364 * smk_copy_relabel - copy smk_relabel labels list 365 * @nhead: new rules header pointer 366 * @ohead: old rules header pointer 367 * @gfp: type of the memory for the allocation 368 * 369 * Returns 0 on success, -ENOMEM on error 370 */ 371 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 372 gfp_t gfp) 373 { 374 struct smack_known_list_elem *nklep; 375 struct smack_known_list_elem *oklep; 376 377 list_for_each_entry(oklep, ohead, list) { 378 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 379 if (nklep == NULL) { 380 smk_destroy_label_list(nhead); 381 return -ENOMEM; 382 } 383 nklep->smk_label = oklep->smk_label; 384 list_add(&nklep->list, nhead); 385 } 386 387 return 0; 388 } 389 390 /** 391 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 392 * @mode - input mode in form of PTRACE_MODE_* 393 * 394 * Returns a converted MAY_* mode usable by smack rules 395 */ 396 static inline unsigned int smk_ptrace_mode(unsigned int mode) 397 { 398 if (mode & PTRACE_MODE_ATTACH) 399 return MAY_READWRITE; 400 if (mode & PTRACE_MODE_READ) 401 return MAY_READ; 402 403 return 0; 404 } 405 406 /** 407 * smk_ptrace_rule_check - helper for ptrace access 408 * @tracer: tracer process 409 * @tracee_known: label entry of the process that's about to be traced 410 * @mode: ptrace attachment mode (PTRACE_MODE_*) 411 * @func: name of the function that called us, used for audit 412 * 413 * Returns 0 on access granted, -error on error 414 */ 415 static int smk_ptrace_rule_check(struct task_struct *tracer, 416 struct smack_known *tracee_known, 417 unsigned int mode, const char *func) 418 { 419 int rc; 420 struct smk_audit_info ad, *saip = NULL; 421 struct task_smack *tsp; 422 struct smack_known *tracer_known; 423 const struct cred *tracercred; 424 425 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 426 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 427 smk_ad_setfield_u_tsk(&ad, tracer); 428 saip = &ad; 429 } 430 431 rcu_read_lock(); 432 tracercred = __task_cred(tracer); 433 tsp = smack_cred(tracercred); 434 tracer_known = smk_of_task(tsp); 435 436 if ((mode & PTRACE_MODE_ATTACH) && 437 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 438 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 439 if (tracer_known->smk_known == tracee_known->smk_known) 440 rc = 0; 441 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 442 rc = -EACCES; 443 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 444 rc = 0; 445 else 446 rc = -EACCES; 447 448 if (saip) 449 smack_log(tracer_known->smk_known, 450 tracee_known->smk_known, 451 0, rc, saip); 452 453 rcu_read_unlock(); 454 return rc; 455 } 456 457 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 458 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 459 460 rcu_read_unlock(); 461 return rc; 462 } 463 464 /* 465 * LSM hooks. 466 * We he, that is fun! 467 */ 468 469 /** 470 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 471 * @ctp: child task pointer 472 * @mode: ptrace attachment mode (PTRACE_MODE_*) 473 * 474 * Returns 0 if access is OK, an error code otherwise 475 * 476 * Do the capability checks. 477 */ 478 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 479 { 480 struct smack_known *skp; 481 482 skp = smk_of_task_struct_obj(ctp); 483 484 return smk_ptrace_rule_check(current, skp, mode, __func__); 485 } 486 487 /** 488 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 489 * @ptp: parent task pointer 490 * 491 * Returns 0 if access is OK, an error code otherwise 492 * 493 * Do the capability checks, and require PTRACE_MODE_ATTACH. 494 */ 495 static int smack_ptrace_traceme(struct task_struct *ptp) 496 { 497 int rc; 498 struct smack_known *skp; 499 500 skp = smk_of_task(smack_cred(current_cred())); 501 502 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 503 return rc; 504 } 505 506 /** 507 * smack_syslog - Smack approval on syslog 508 * @typefrom_file: unused 509 * 510 * Returns 0 on success, error code otherwise. 511 */ 512 static int smack_syslog(int typefrom_file) 513 { 514 int rc = 0; 515 struct smack_known *skp = smk_of_current(); 516 517 if (smack_privileged(CAP_MAC_OVERRIDE)) 518 return 0; 519 520 if (smack_syslog_label != NULL && smack_syslog_label != skp) 521 rc = -EACCES; 522 523 return rc; 524 } 525 526 /* 527 * Superblock Hooks. 528 */ 529 530 /** 531 * smack_sb_alloc_security - allocate a superblock blob 532 * @sb: the superblock getting the blob 533 * 534 * Returns 0 on success or -ENOMEM on error. 535 */ 536 static int smack_sb_alloc_security(struct super_block *sb) 537 { 538 struct superblock_smack *sbsp; 539 540 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 541 542 if (sbsp == NULL) 543 return -ENOMEM; 544 545 sbsp->smk_root = &smack_known_floor; 546 sbsp->smk_default = &smack_known_floor; 547 sbsp->smk_floor = &smack_known_floor; 548 sbsp->smk_hat = &smack_known_hat; 549 /* 550 * SMK_SB_INITIALIZED will be zero from kzalloc. 551 */ 552 sb->s_security = sbsp; 553 554 return 0; 555 } 556 557 /** 558 * smack_sb_free_security - free a superblock blob 559 * @sb: the superblock getting the blob 560 * 561 */ 562 static void smack_sb_free_security(struct super_block *sb) 563 { 564 kfree(sb->s_security); 565 sb->s_security = NULL; 566 } 567 568 struct smack_mnt_opts { 569 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; 570 }; 571 572 static void smack_free_mnt_opts(void *mnt_opts) 573 { 574 struct smack_mnt_opts *opts = mnt_opts; 575 kfree(opts->fsdefault); 576 kfree(opts->fsfloor); 577 kfree(opts->fshat); 578 kfree(opts->fsroot); 579 kfree(opts->fstransmute); 580 kfree(opts); 581 } 582 583 static int smack_add_opt(int token, const char *s, void **mnt_opts) 584 { 585 struct smack_mnt_opts *opts = *mnt_opts; 586 587 if (!opts) { 588 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 589 if (!opts) 590 return -ENOMEM; 591 *mnt_opts = opts; 592 } 593 if (!s) 594 return -ENOMEM; 595 596 switch (token) { 597 case Opt_fsdefault: 598 if (opts->fsdefault) 599 goto out_opt_err; 600 opts->fsdefault = s; 601 break; 602 case Opt_fsfloor: 603 if (opts->fsfloor) 604 goto out_opt_err; 605 opts->fsfloor = s; 606 break; 607 case Opt_fshat: 608 if (opts->fshat) 609 goto out_opt_err; 610 opts->fshat = s; 611 break; 612 case Opt_fsroot: 613 if (opts->fsroot) 614 goto out_opt_err; 615 opts->fsroot = s; 616 break; 617 case Opt_fstransmute: 618 if (opts->fstransmute) 619 goto out_opt_err; 620 opts->fstransmute = s; 621 break; 622 } 623 return 0; 624 625 out_opt_err: 626 pr_warn("Smack: duplicate mount options\n"); 627 return -EINVAL; 628 } 629 630 /** 631 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 632 * @fc: The new filesystem context. 633 * @src_fc: The source filesystem context being duplicated. 634 * 635 * Returns 0 on success or -ENOMEM on error. 636 */ 637 static int smack_fs_context_dup(struct fs_context *fc, 638 struct fs_context *src_fc) 639 { 640 struct smack_mnt_opts *dst, *src = src_fc->security; 641 642 if (!src) 643 return 0; 644 645 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 646 if (!fc->security) 647 return -ENOMEM; 648 dst = fc->security; 649 650 if (src->fsdefault) { 651 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); 652 if (!dst->fsdefault) 653 return -ENOMEM; 654 } 655 if (src->fsfloor) { 656 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL); 657 if (!dst->fsfloor) 658 return -ENOMEM; 659 } 660 if (src->fshat) { 661 dst->fshat = kstrdup(src->fshat, GFP_KERNEL); 662 if (!dst->fshat) 663 return -ENOMEM; 664 } 665 if (src->fsroot) { 666 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL); 667 if (!dst->fsroot) 668 return -ENOMEM; 669 } 670 if (src->fstransmute) { 671 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL); 672 if (!dst->fstransmute) 673 return -ENOMEM; 674 } 675 return 0; 676 } 677 678 static const struct fs_parameter_spec smack_fs_parameters[] = { 679 fsparam_string("smackfsdef", Opt_fsdefault), 680 fsparam_string("smackfsdefault", Opt_fsdefault), 681 fsparam_string("smackfsfloor", Opt_fsfloor), 682 fsparam_string("smackfshat", Opt_fshat), 683 fsparam_string("smackfsroot", Opt_fsroot), 684 fsparam_string("smackfstransmute", Opt_fstransmute), 685 {} 686 }; 687 688 /** 689 * smack_fs_context_parse_param - Parse a single mount parameter 690 * @fc: The new filesystem context being constructed. 691 * @param: The parameter. 692 * 693 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 694 * error. 695 */ 696 static int smack_fs_context_parse_param(struct fs_context *fc, 697 struct fs_parameter *param) 698 { 699 struct fs_parse_result result; 700 int opt, rc; 701 702 opt = fs_parse(fc, smack_fs_parameters, param, &result); 703 if (opt < 0) 704 return opt; 705 706 rc = smack_add_opt(opt, param->string, &fc->security); 707 if (!rc) 708 param->string = NULL; 709 return rc; 710 } 711 712 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 713 { 714 char *from = options, *to = options; 715 bool first = true; 716 717 while (1) { 718 char *next = strchr(from, ','); 719 int token, len, rc; 720 char *arg = NULL; 721 722 if (next) 723 len = next - from; 724 else 725 len = strlen(from); 726 727 token = match_opt_prefix(from, len, &arg); 728 if (token != Opt_error) { 729 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 730 rc = smack_add_opt(token, arg, mnt_opts); 731 if (unlikely(rc)) { 732 kfree(arg); 733 if (*mnt_opts) 734 smack_free_mnt_opts(*mnt_opts); 735 *mnt_opts = NULL; 736 return rc; 737 } 738 } else { 739 if (!first) { // copy with preceding comma 740 from--; 741 len++; 742 } 743 if (to != from) 744 memmove(to, from, len); 745 to += len; 746 first = false; 747 } 748 if (!from[len]) 749 break; 750 from += len + 1; 751 } 752 *to = '\0'; 753 return 0; 754 } 755 756 /** 757 * smack_set_mnt_opts - set Smack specific mount options 758 * @sb: the file system superblock 759 * @mnt_opts: Smack mount options 760 * @kern_flags: mount option from kernel space or user space 761 * @set_kern_flags: where to store converted mount opts 762 * 763 * Returns 0 on success, an error code on failure 764 * 765 * Allow filesystems with binary mount data to explicitly set Smack mount 766 * labels. 767 */ 768 static int smack_set_mnt_opts(struct super_block *sb, 769 void *mnt_opts, 770 unsigned long kern_flags, 771 unsigned long *set_kern_flags) 772 { 773 struct dentry *root = sb->s_root; 774 struct inode *inode = d_backing_inode(root); 775 struct superblock_smack *sp = sb->s_security; 776 struct inode_smack *isp; 777 struct smack_known *skp; 778 struct smack_mnt_opts *opts = mnt_opts; 779 bool transmute = false; 780 781 if (sp->smk_flags & SMK_SB_INITIALIZED) 782 return 0; 783 784 if (inode->i_security == NULL) { 785 int rc = lsm_inode_alloc(inode); 786 787 if (rc) 788 return rc; 789 } 790 791 if (!smack_privileged(CAP_MAC_ADMIN)) { 792 /* 793 * Unprivileged mounts don't get to specify Smack values. 794 */ 795 if (opts) 796 return -EPERM; 797 /* 798 * Unprivileged mounts get root and default from the caller. 799 */ 800 skp = smk_of_current(); 801 sp->smk_root = skp; 802 sp->smk_default = skp; 803 /* 804 * For a handful of fs types with no user-controlled 805 * backing store it's okay to trust security labels 806 * in the filesystem. The rest are untrusted. 807 */ 808 if (sb->s_user_ns != &init_user_ns && 809 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 810 sb->s_magic != RAMFS_MAGIC) { 811 transmute = true; 812 sp->smk_flags |= SMK_SB_UNTRUSTED; 813 } 814 } 815 816 sp->smk_flags |= SMK_SB_INITIALIZED; 817 818 if (opts) { 819 if (opts->fsdefault) { 820 skp = smk_import_entry(opts->fsdefault, 0); 821 if (IS_ERR(skp)) 822 return PTR_ERR(skp); 823 sp->smk_default = skp; 824 } 825 if (opts->fsfloor) { 826 skp = smk_import_entry(opts->fsfloor, 0); 827 if (IS_ERR(skp)) 828 return PTR_ERR(skp); 829 sp->smk_floor = skp; 830 } 831 if (opts->fshat) { 832 skp = smk_import_entry(opts->fshat, 0); 833 if (IS_ERR(skp)) 834 return PTR_ERR(skp); 835 sp->smk_hat = skp; 836 } 837 if (opts->fsroot) { 838 skp = smk_import_entry(opts->fsroot, 0); 839 if (IS_ERR(skp)) 840 return PTR_ERR(skp); 841 sp->smk_root = skp; 842 } 843 if (opts->fstransmute) { 844 skp = smk_import_entry(opts->fstransmute, 0); 845 if (IS_ERR(skp)) 846 return PTR_ERR(skp); 847 sp->smk_root = skp; 848 transmute = true; 849 } 850 } 851 852 /* 853 * Initialize the root inode. 854 */ 855 init_inode_smack(inode, sp->smk_root); 856 857 if (transmute) { 858 isp = smack_inode(inode); 859 isp->smk_flags |= SMK_INODE_TRANSMUTE; 860 } 861 862 return 0; 863 } 864 865 /** 866 * smack_sb_statfs - Smack check on statfs 867 * @dentry: identifies the file system in question 868 * 869 * Returns 0 if current can read the floor of the filesystem, 870 * and error code otherwise 871 */ 872 static int smack_sb_statfs(struct dentry *dentry) 873 { 874 struct superblock_smack *sbp = dentry->d_sb->s_security; 875 int rc; 876 struct smk_audit_info ad; 877 878 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 879 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 880 881 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 882 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 883 return rc; 884 } 885 886 /* 887 * BPRM hooks 888 */ 889 890 /** 891 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 892 * @bprm: the exec information 893 * 894 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 895 */ 896 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 897 { 898 struct inode *inode = file_inode(bprm->file); 899 struct task_smack *bsp = smack_cred(bprm->cred); 900 struct inode_smack *isp; 901 struct superblock_smack *sbsp; 902 int rc; 903 904 isp = smack_inode(inode); 905 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 906 return 0; 907 908 sbsp = inode->i_sb->s_security; 909 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 910 isp->smk_task != sbsp->smk_root) 911 return 0; 912 913 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 914 struct task_struct *tracer; 915 rc = 0; 916 917 rcu_read_lock(); 918 tracer = ptrace_parent(current); 919 if (likely(tracer != NULL)) 920 rc = smk_ptrace_rule_check(tracer, 921 isp->smk_task, 922 PTRACE_MODE_ATTACH, 923 __func__); 924 rcu_read_unlock(); 925 926 if (rc != 0) 927 return rc; 928 } 929 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 930 return -EPERM; 931 932 bsp->smk_task = isp->smk_task; 933 bprm->per_clear |= PER_CLEAR_ON_SETID; 934 935 /* Decide if this is a secure exec. */ 936 if (bsp->smk_task != bsp->smk_forked) 937 bprm->secureexec = 1; 938 939 return 0; 940 } 941 942 /* 943 * Inode hooks 944 */ 945 946 /** 947 * smack_inode_alloc_security - allocate an inode blob 948 * @inode: the inode in need of a blob 949 * 950 * Returns 0 951 */ 952 static int smack_inode_alloc_security(struct inode *inode) 953 { 954 struct smack_known *skp = smk_of_current(); 955 956 init_inode_smack(inode, skp); 957 return 0; 958 } 959 960 /** 961 * smack_inode_init_security - copy out the smack from an inode 962 * @inode: the newly created inode 963 * @dir: containing directory object 964 * @qstr: unused 965 * @name: where to put the attribute name 966 * @value: where to put the attribute value 967 * @len: where to put the length of the attribute 968 * 969 * Returns 0 if it all works out, -ENOMEM if there's no memory 970 */ 971 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 972 const struct qstr *qstr, const char **name, 973 void **value, size_t *len) 974 { 975 struct inode_smack *issp = smack_inode(inode); 976 struct smack_known *skp = smk_of_current(); 977 struct smack_known *isp = smk_of_inode(inode); 978 struct smack_known *dsp = smk_of_inode(dir); 979 int may; 980 981 if (name) 982 *name = XATTR_SMACK_SUFFIX; 983 984 if (value && len) { 985 rcu_read_lock(); 986 may = smk_access_entry(skp->smk_known, dsp->smk_known, 987 &skp->smk_rules); 988 rcu_read_unlock(); 989 990 /* 991 * If the access rule allows transmutation and 992 * the directory requests transmutation then 993 * by all means transmute. 994 * Mark the inode as changed. 995 */ 996 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 997 smk_inode_transmutable(dir)) { 998 isp = dsp; 999 issp->smk_flags |= SMK_INODE_CHANGED; 1000 } 1001 1002 *value = kstrdup(isp->smk_known, GFP_NOFS); 1003 if (*value == NULL) 1004 return -ENOMEM; 1005 1006 *len = strlen(isp->smk_known); 1007 } 1008 1009 return 0; 1010 } 1011 1012 /** 1013 * smack_inode_link - Smack check on link 1014 * @old_dentry: the existing object 1015 * @dir: unused 1016 * @new_dentry: the new object 1017 * 1018 * Returns 0 if access is permitted, an error code otherwise 1019 */ 1020 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1021 struct dentry *new_dentry) 1022 { 1023 struct smack_known *isp; 1024 struct smk_audit_info ad; 1025 int rc; 1026 1027 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1028 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1029 1030 isp = smk_of_inode(d_backing_inode(old_dentry)); 1031 rc = smk_curacc(isp, MAY_WRITE, &ad); 1032 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1033 1034 if (rc == 0 && d_is_positive(new_dentry)) { 1035 isp = smk_of_inode(d_backing_inode(new_dentry)); 1036 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1037 rc = smk_curacc(isp, MAY_WRITE, &ad); 1038 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1039 } 1040 1041 return rc; 1042 } 1043 1044 /** 1045 * smack_inode_unlink - Smack check on inode deletion 1046 * @dir: containing directory object 1047 * @dentry: file to unlink 1048 * 1049 * Returns 0 if current can write the containing directory 1050 * and the object, error code otherwise 1051 */ 1052 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1053 { 1054 struct inode *ip = d_backing_inode(dentry); 1055 struct smk_audit_info ad; 1056 int rc; 1057 1058 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1059 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1060 1061 /* 1062 * You need write access to the thing you're unlinking 1063 */ 1064 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1065 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1066 if (rc == 0) { 1067 /* 1068 * You also need write access to the containing directory 1069 */ 1070 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1071 smk_ad_setfield_u_fs_inode(&ad, dir); 1072 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1073 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1074 } 1075 return rc; 1076 } 1077 1078 /** 1079 * smack_inode_rmdir - Smack check on directory deletion 1080 * @dir: containing directory object 1081 * @dentry: directory to unlink 1082 * 1083 * Returns 0 if current can write the containing directory 1084 * and the directory, error code otherwise 1085 */ 1086 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1087 { 1088 struct smk_audit_info ad; 1089 int rc; 1090 1091 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1092 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1093 1094 /* 1095 * You need write access to the thing you're removing 1096 */ 1097 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1098 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1099 if (rc == 0) { 1100 /* 1101 * You also need write access to the containing directory 1102 */ 1103 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1104 smk_ad_setfield_u_fs_inode(&ad, dir); 1105 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1106 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1107 } 1108 1109 return rc; 1110 } 1111 1112 /** 1113 * smack_inode_rename - Smack check on rename 1114 * @old_inode: unused 1115 * @old_dentry: the old object 1116 * @new_inode: unused 1117 * @new_dentry: the new object 1118 * 1119 * Read and write access is required on both the old and 1120 * new directories. 1121 * 1122 * Returns 0 if access is permitted, an error code otherwise 1123 */ 1124 static int smack_inode_rename(struct inode *old_inode, 1125 struct dentry *old_dentry, 1126 struct inode *new_inode, 1127 struct dentry *new_dentry) 1128 { 1129 int rc; 1130 struct smack_known *isp; 1131 struct smk_audit_info ad; 1132 1133 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1134 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1135 1136 isp = smk_of_inode(d_backing_inode(old_dentry)); 1137 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1138 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1139 1140 if (rc == 0 && d_is_positive(new_dentry)) { 1141 isp = smk_of_inode(d_backing_inode(new_dentry)); 1142 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1143 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1144 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1145 } 1146 return rc; 1147 } 1148 1149 /** 1150 * smack_inode_permission - Smack version of permission() 1151 * @inode: the inode in question 1152 * @mask: the access requested 1153 * 1154 * This is the important Smack hook. 1155 * 1156 * Returns 0 if access is permitted, an error code otherwise 1157 */ 1158 static int smack_inode_permission(struct inode *inode, int mask) 1159 { 1160 struct superblock_smack *sbsp = inode->i_sb->s_security; 1161 struct smk_audit_info ad; 1162 int no_block = mask & MAY_NOT_BLOCK; 1163 int rc; 1164 1165 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1166 /* 1167 * No permission to check. Existence test. Yup, it's there. 1168 */ 1169 if (mask == 0) 1170 return 0; 1171 1172 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1173 if (smk_of_inode(inode) != sbsp->smk_root) 1174 return -EACCES; 1175 } 1176 1177 /* May be droppable after audit */ 1178 if (no_block) 1179 return -ECHILD; 1180 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1181 smk_ad_setfield_u_fs_inode(&ad, inode); 1182 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1183 rc = smk_bu_inode(inode, mask, rc); 1184 return rc; 1185 } 1186 1187 /** 1188 * smack_inode_setattr - Smack check for setting attributes 1189 * @dentry: the object 1190 * @iattr: for the force flag 1191 * 1192 * Returns 0 if access is permitted, an error code otherwise 1193 */ 1194 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1195 { 1196 struct smk_audit_info ad; 1197 int rc; 1198 1199 /* 1200 * Need to allow for clearing the setuid bit. 1201 */ 1202 if (iattr->ia_valid & ATTR_FORCE) 1203 return 0; 1204 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1205 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1206 1207 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1208 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1209 return rc; 1210 } 1211 1212 /** 1213 * smack_inode_getattr - Smack check for getting attributes 1214 * @path: path to extract the info from 1215 * 1216 * Returns 0 if access is permitted, an error code otherwise 1217 */ 1218 static int smack_inode_getattr(const struct path *path) 1219 { 1220 struct smk_audit_info ad; 1221 struct inode *inode = d_backing_inode(path->dentry); 1222 int rc; 1223 1224 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1225 smk_ad_setfield_u_fs_path(&ad, *path); 1226 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1227 rc = smk_bu_inode(inode, MAY_READ, rc); 1228 return rc; 1229 } 1230 1231 /** 1232 * smack_inode_setxattr - Smack check for setting xattrs 1233 * @dentry: the object 1234 * @name: name of the attribute 1235 * @value: value of the attribute 1236 * @size: size of the value 1237 * @flags: unused 1238 * 1239 * This protects the Smack attribute explicitly. 1240 * 1241 * Returns 0 if access is permitted, an error code otherwise 1242 */ 1243 static int smack_inode_setxattr(struct user_namespace *mnt_userns, 1244 struct dentry *dentry, const char *name, 1245 const void *value, size_t size, int flags) 1246 { 1247 struct smk_audit_info ad; 1248 struct smack_known *skp; 1249 int check_priv = 0; 1250 int check_import = 0; 1251 int check_star = 0; 1252 int rc = 0; 1253 1254 /* 1255 * Check label validity here so import won't fail in post_setxattr 1256 */ 1257 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1258 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1259 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1260 check_priv = 1; 1261 check_import = 1; 1262 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1263 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1264 check_priv = 1; 1265 check_import = 1; 1266 check_star = 1; 1267 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1268 check_priv = 1; 1269 if (size != TRANS_TRUE_SIZE || 1270 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1271 rc = -EINVAL; 1272 } else 1273 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1274 1275 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1276 rc = -EPERM; 1277 1278 if (rc == 0 && check_import) { 1279 skp = size ? smk_import_entry(value, size) : NULL; 1280 if (IS_ERR(skp)) 1281 rc = PTR_ERR(skp); 1282 else if (skp == NULL || (check_star && 1283 (skp == &smack_known_star || skp == &smack_known_web))) 1284 rc = -EINVAL; 1285 } 1286 1287 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1288 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1289 1290 if (rc == 0) { 1291 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1292 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1293 } 1294 1295 return rc; 1296 } 1297 1298 /** 1299 * smack_inode_post_setxattr - Apply the Smack update approved above 1300 * @dentry: object 1301 * @name: attribute name 1302 * @value: attribute value 1303 * @size: attribute size 1304 * @flags: unused 1305 * 1306 * Set the pointer in the inode blob to the entry found 1307 * in the master label list. 1308 */ 1309 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1310 const void *value, size_t size, int flags) 1311 { 1312 struct smack_known *skp; 1313 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1314 1315 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1316 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1317 return; 1318 } 1319 1320 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1321 skp = smk_import_entry(value, size); 1322 if (!IS_ERR(skp)) 1323 isp->smk_inode = skp; 1324 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1325 skp = smk_import_entry(value, size); 1326 if (!IS_ERR(skp)) 1327 isp->smk_task = skp; 1328 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1329 skp = smk_import_entry(value, size); 1330 if (!IS_ERR(skp)) 1331 isp->smk_mmap = skp; 1332 } 1333 1334 return; 1335 } 1336 1337 /** 1338 * smack_inode_getxattr - Smack check on getxattr 1339 * @dentry: the object 1340 * @name: unused 1341 * 1342 * Returns 0 if access is permitted, an error code otherwise 1343 */ 1344 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1345 { 1346 struct smk_audit_info ad; 1347 int rc; 1348 1349 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1350 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1351 1352 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1353 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1354 return rc; 1355 } 1356 1357 /** 1358 * smack_inode_removexattr - Smack check on removexattr 1359 * @dentry: the object 1360 * @name: name of the attribute 1361 * 1362 * Removing the Smack attribute requires CAP_MAC_ADMIN 1363 * 1364 * Returns 0 if access is permitted, an error code otherwise 1365 */ 1366 static int smack_inode_removexattr(struct user_namespace *mnt_userns, 1367 struct dentry *dentry, const char *name) 1368 { 1369 struct inode_smack *isp; 1370 struct smk_audit_info ad; 1371 int rc = 0; 1372 1373 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1374 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1375 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1376 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1377 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1378 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1379 if (!smack_privileged(CAP_MAC_ADMIN)) 1380 rc = -EPERM; 1381 } else 1382 rc = cap_inode_removexattr(mnt_userns, dentry, name); 1383 1384 if (rc != 0) 1385 return rc; 1386 1387 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1388 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1389 1390 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1391 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1392 if (rc != 0) 1393 return rc; 1394 1395 isp = smack_inode(d_backing_inode(dentry)); 1396 /* 1397 * Don't do anything special for these. 1398 * XATTR_NAME_SMACKIPIN 1399 * XATTR_NAME_SMACKIPOUT 1400 */ 1401 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1402 struct super_block *sbp = dentry->d_sb; 1403 struct superblock_smack *sbsp = sbp->s_security; 1404 1405 isp->smk_inode = sbsp->smk_default; 1406 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1407 isp->smk_task = NULL; 1408 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1409 isp->smk_mmap = NULL; 1410 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1411 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1412 1413 return 0; 1414 } 1415 1416 /** 1417 * smack_inode_getsecurity - get smack xattrs 1418 * @inode: the object 1419 * @name: attribute name 1420 * @buffer: where to put the result 1421 * @alloc: duplicate memory 1422 * 1423 * Returns the size of the attribute or an error code 1424 */ 1425 static int smack_inode_getsecurity(struct user_namespace *mnt_userns, 1426 struct inode *inode, const char *name, 1427 void **buffer, bool alloc) 1428 { 1429 struct socket_smack *ssp; 1430 struct socket *sock; 1431 struct super_block *sbp; 1432 struct inode *ip = (struct inode *)inode; 1433 struct smack_known *isp; 1434 1435 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1436 isp = smk_of_inode(inode); 1437 else { 1438 /* 1439 * The rest of the Smack xattrs are only on sockets. 1440 */ 1441 sbp = ip->i_sb; 1442 if (sbp->s_magic != SOCKFS_MAGIC) 1443 return -EOPNOTSUPP; 1444 1445 sock = SOCKET_I(ip); 1446 if (sock == NULL || sock->sk == NULL) 1447 return -EOPNOTSUPP; 1448 1449 ssp = sock->sk->sk_security; 1450 1451 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1452 isp = ssp->smk_in; 1453 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1454 isp = ssp->smk_out; 1455 else 1456 return -EOPNOTSUPP; 1457 } 1458 1459 if (alloc) { 1460 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1461 if (*buffer == NULL) 1462 return -ENOMEM; 1463 } 1464 1465 return strlen(isp->smk_known); 1466 } 1467 1468 1469 /** 1470 * smack_inode_listsecurity - list the Smack attributes 1471 * @inode: the object 1472 * @buffer: where they go 1473 * @buffer_size: size of buffer 1474 */ 1475 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1476 size_t buffer_size) 1477 { 1478 int len = sizeof(XATTR_NAME_SMACK); 1479 1480 if (buffer != NULL && len <= buffer_size) 1481 memcpy(buffer, XATTR_NAME_SMACK, len); 1482 1483 return len; 1484 } 1485 1486 /** 1487 * smack_inode_getsecid - Extract inode's security id 1488 * @inode: inode to extract the info from 1489 * @secid: where result will be saved 1490 */ 1491 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1492 { 1493 struct smack_known *skp = smk_of_inode(inode); 1494 1495 *secid = skp->smk_secid; 1496 } 1497 1498 /* 1499 * File Hooks 1500 */ 1501 1502 /* 1503 * There is no smack_file_permission hook 1504 * 1505 * Should access checks be done on each read or write? 1506 * UNICOS and SELinux say yes. 1507 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1508 * 1509 * I'll say no for now. Smack does not do the frequent 1510 * label changing that SELinux does. 1511 */ 1512 1513 /** 1514 * smack_file_alloc_security - assign a file security blob 1515 * @file: the object 1516 * 1517 * The security blob for a file is a pointer to the master 1518 * label list, so no allocation is done. 1519 * 1520 * f_security is the owner security information. It 1521 * isn't used on file access checks, it's for send_sigio. 1522 * 1523 * Returns 0 1524 */ 1525 static int smack_file_alloc_security(struct file *file) 1526 { 1527 struct smack_known **blob = smack_file(file); 1528 1529 *blob = smk_of_current(); 1530 return 0; 1531 } 1532 1533 /** 1534 * smack_file_ioctl - Smack check on ioctls 1535 * @file: the object 1536 * @cmd: what to do 1537 * @arg: unused 1538 * 1539 * Relies heavily on the correct use of the ioctl command conventions. 1540 * 1541 * Returns 0 if allowed, error code otherwise 1542 */ 1543 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1544 unsigned long arg) 1545 { 1546 int rc = 0; 1547 struct smk_audit_info ad; 1548 struct inode *inode = file_inode(file); 1549 1550 if (unlikely(IS_PRIVATE(inode))) 1551 return 0; 1552 1553 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1554 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1555 1556 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1557 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1558 rc = smk_bu_file(file, MAY_WRITE, rc); 1559 } 1560 1561 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1562 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1563 rc = smk_bu_file(file, MAY_READ, rc); 1564 } 1565 1566 return rc; 1567 } 1568 1569 /** 1570 * smack_file_lock - Smack check on file locking 1571 * @file: the object 1572 * @cmd: unused 1573 * 1574 * Returns 0 if current has lock access, error code otherwise 1575 */ 1576 static int smack_file_lock(struct file *file, unsigned int cmd) 1577 { 1578 struct smk_audit_info ad; 1579 int rc; 1580 struct inode *inode = file_inode(file); 1581 1582 if (unlikely(IS_PRIVATE(inode))) 1583 return 0; 1584 1585 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1586 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1587 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1588 rc = smk_bu_file(file, MAY_LOCK, rc); 1589 return rc; 1590 } 1591 1592 /** 1593 * smack_file_fcntl - Smack check on fcntl 1594 * @file: the object 1595 * @cmd: what action to check 1596 * @arg: unused 1597 * 1598 * Generally these operations are harmless. 1599 * File locking operations present an obvious mechanism 1600 * for passing information, so they require write access. 1601 * 1602 * Returns 0 if current has access, error code otherwise 1603 */ 1604 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1605 unsigned long arg) 1606 { 1607 struct smk_audit_info ad; 1608 int rc = 0; 1609 struct inode *inode = file_inode(file); 1610 1611 if (unlikely(IS_PRIVATE(inode))) 1612 return 0; 1613 1614 switch (cmd) { 1615 case F_GETLK: 1616 break; 1617 case F_SETLK: 1618 case F_SETLKW: 1619 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1620 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1621 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1622 rc = smk_bu_file(file, MAY_LOCK, rc); 1623 break; 1624 case F_SETOWN: 1625 case F_SETSIG: 1626 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1627 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1628 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1629 rc = smk_bu_file(file, MAY_WRITE, rc); 1630 break; 1631 default: 1632 break; 1633 } 1634 1635 return rc; 1636 } 1637 1638 /** 1639 * smack_mmap_file : 1640 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1641 * if mapping anonymous memory. 1642 * @file contains the file structure for file to map (may be NULL). 1643 * @reqprot contains the protection requested by the application. 1644 * @prot contains the protection that will be applied by the kernel. 1645 * @flags contains the operational flags. 1646 * Return 0 if permission is granted. 1647 */ 1648 static int smack_mmap_file(struct file *file, 1649 unsigned long reqprot, unsigned long prot, 1650 unsigned long flags) 1651 { 1652 struct smack_known *skp; 1653 struct smack_known *mkp; 1654 struct smack_rule *srp; 1655 struct task_smack *tsp; 1656 struct smack_known *okp; 1657 struct inode_smack *isp; 1658 struct superblock_smack *sbsp; 1659 int may; 1660 int mmay; 1661 int tmay; 1662 int rc; 1663 1664 if (file == NULL) 1665 return 0; 1666 1667 if (unlikely(IS_PRIVATE(file_inode(file)))) 1668 return 0; 1669 1670 isp = smack_inode(file_inode(file)); 1671 if (isp->smk_mmap == NULL) 1672 return 0; 1673 sbsp = file_inode(file)->i_sb->s_security; 1674 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1675 isp->smk_mmap != sbsp->smk_root) 1676 return -EACCES; 1677 mkp = isp->smk_mmap; 1678 1679 tsp = smack_cred(current_cred()); 1680 skp = smk_of_current(); 1681 rc = 0; 1682 1683 rcu_read_lock(); 1684 /* 1685 * For each Smack rule associated with the subject 1686 * label verify that the SMACK64MMAP also has access 1687 * to that rule's object label. 1688 */ 1689 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1690 okp = srp->smk_object; 1691 /* 1692 * Matching labels always allows access. 1693 */ 1694 if (mkp->smk_known == okp->smk_known) 1695 continue; 1696 /* 1697 * If there is a matching local rule take 1698 * that into account as well. 1699 */ 1700 may = smk_access_entry(srp->smk_subject->smk_known, 1701 okp->smk_known, 1702 &tsp->smk_rules); 1703 if (may == -ENOENT) 1704 may = srp->smk_access; 1705 else 1706 may &= srp->smk_access; 1707 /* 1708 * If may is zero the SMACK64MMAP subject can't 1709 * possibly have less access. 1710 */ 1711 if (may == 0) 1712 continue; 1713 1714 /* 1715 * Fetch the global list entry. 1716 * If there isn't one a SMACK64MMAP subject 1717 * can't have as much access as current. 1718 */ 1719 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1720 &mkp->smk_rules); 1721 if (mmay == -ENOENT) { 1722 rc = -EACCES; 1723 break; 1724 } 1725 /* 1726 * If there is a local entry it modifies the 1727 * potential access, too. 1728 */ 1729 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1730 &tsp->smk_rules); 1731 if (tmay != -ENOENT) 1732 mmay &= tmay; 1733 1734 /* 1735 * If there is any access available to current that is 1736 * not available to a SMACK64MMAP subject 1737 * deny access. 1738 */ 1739 if ((may | mmay) != mmay) { 1740 rc = -EACCES; 1741 break; 1742 } 1743 } 1744 1745 rcu_read_unlock(); 1746 1747 return rc; 1748 } 1749 1750 /** 1751 * smack_file_set_fowner - set the file security blob value 1752 * @file: object in question 1753 * 1754 */ 1755 static void smack_file_set_fowner(struct file *file) 1756 { 1757 struct smack_known **blob = smack_file(file); 1758 1759 *blob = smk_of_current(); 1760 } 1761 1762 /** 1763 * smack_file_send_sigiotask - Smack on sigio 1764 * @tsk: The target task 1765 * @fown: the object the signal come from 1766 * @signum: unused 1767 * 1768 * Allow a privileged task to get signals even if it shouldn't 1769 * 1770 * Returns 0 if a subject with the object's smack could 1771 * write to the task, an error code otherwise. 1772 */ 1773 static int smack_file_send_sigiotask(struct task_struct *tsk, 1774 struct fown_struct *fown, int signum) 1775 { 1776 struct smack_known **blob; 1777 struct smack_known *skp; 1778 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1779 const struct cred *tcred; 1780 struct file *file; 1781 int rc; 1782 struct smk_audit_info ad; 1783 1784 /* 1785 * struct fown_struct is never outside the context of a struct file 1786 */ 1787 file = container_of(fown, struct file, f_owner); 1788 1789 /* we don't log here as rc can be overriden */ 1790 blob = smack_file(file); 1791 skp = *blob; 1792 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1793 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1794 1795 rcu_read_lock(); 1796 tcred = __task_cred(tsk); 1797 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1798 rc = 0; 1799 rcu_read_unlock(); 1800 1801 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1802 smk_ad_setfield_u_tsk(&ad, tsk); 1803 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1804 return rc; 1805 } 1806 1807 /** 1808 * smack_file_receive - Smack file receive check 1809 * @file: the object 1810 * 1811 * Returns 0 if current has access, error code otherwise 1812 */ 1813 static int smack_file_receive(struct file *file) 1814 { 1815 int rc; 1816 int may = 0; 1817 struct smk_audit_info ad; 1818 struct inode *inode = file_inode(file); 1819 struct socket *sock; 1820 struct task_smack *tsp; 1821 struct socket_smack *ssp; 1822 1823 if (unlikely(IS_PRIVATE(inode))) 1824 return 0; 1825 1826 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1827 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1828 1829 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1830 sock = SOCKET_I(inode); 1831 ssp = sock->sk->sk_security; 1832 tsp = smack_cred(current_cred()); 1833 /* 1834 * If the receiving process can't write to the 1835 * passed socket or if the passed socket can't 1836 * write to the receiving process don't accept 1837 * the passed socket. 1838 */ 1839 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1840 rc = smk_bu_file(file, may, rc); 1841 if (rc < 0) 1842 return rc; 1843 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1844 rc = smk_bu_file(file, may, rc); 1845 return rc; 1846 } 1847 /* 1848 * This code relies on bitmasks. 1849 */ 1850 if (file->f_mode & FMODE_READ) 1851 may = MAY_READ; 1852 if (file->f_mode & FMODE_WRITE) 1853 may |= MAY_WRITE; 1854 1855 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1856 rc = smk_bu_file(file, may, rc); 1857 return rc; 1858 } 1859 1860 /** 1861 * smack_file_open - Smack dentry open processing 1862 * @file: the object 1863 * 1864 * Set the security blob in the file structure. 1865 * Allow the open only if the task has read access. There are 1866 * many read operations (e.g. fstat) that you can do with an 1867 * fd even if you have the file open write-only. 1868 * 1869 * Returns 0 if current has access, error code otherwise 1870 */ 1871 static int smack_file_open(struct file *file) 1872 { 1873 struct task_smack *tsp = smack_cred(file->f_cred); 1874 struct inode *inode = file_inode(file); 1875 struct smk_audit_info ad; 1876 int rc; 1877 1878 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1879 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1880 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1881 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1882 1883 return rc; 1884 } 1885 1886 /* 1887 * Task hooks 1888 */ 1889 1890 /** 1891 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1892 * @cred: the new credentials 1893 * @gfp: the atomicity of any memory allocations 1894 * 1895 * Prepare a blank set of credentials for modification. This must allocate all 1896 * the memory the LSM module might require such that cred_transfer() can 1897 * complete without error. 1898 */ 1899 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1900 { 1901 init_task_smack(smack_cred(cred), NULL, NULL); 1902 return 0; 1903 } 1904 1905 1906 /** 1907 * smack_cred_free - "free" task-level security credentials 1908 * @cred: the credentials in question 1909 * 1910 */ 1911 static void smack_cred_free(struct cred *cred) 1912 { 1913 struct task_smack *tsp = smack_cred(cred); 1914 struct smack_rule *rp; 1915 struct list_head *l; 1916 struct list_head *n; 1917 1918 smk_destroy_label_list(&tsp->smk_relabel); 1919 1920 list_for_each_safe(l, n, &tsp->smk_rules) { 1921 rp = list_entry(l, struct smack_rule, list); 1922 list_del(&rp->list); 1923 kmem_cache_free(smack_rule_cache, rp); 1924 } 1925 } 1926 1927 /** 1928 * smack_cred_prepare - prepare new set of credentials for modification 1929 * @new: the new credentials 1930 * @old: the original credentials 1931 * @gfp: the atomicity of any memory allocations 1932 * 1933 * Prepare a new set of credentials for modification. 1934 */ 1935 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1936 gfp_t gfp) 1937 { 1938 struct task_smack *old_tsp = smack_cred(old); 1939 struct task_smack *new_tsp = smack_cred(new); 1940 int rc; 1941 1942 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1943 1944 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1945 if (rc != 0) 1946 return rc; 1947 1948 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1949 gfp); 1950 return rc; 1951 } 1952 1953 /** 1954 * smack_cred_transfer - Transfer the old credentials to the new credentials 1955 * @new: the new credentials 1956 * @old: the original credentials 1957 * 1958 * Fill in a set of blank credentials from another set of credentials. 1959 */ 1960 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1961 { 1962 struct task_smack *old_tsp = smack_cred(old); 1963 struct task_smack *new_tsp = smack_cred(new); 1964 1965 new_tsp->smk_task = old_tsp->smk_task; 1966 new_tsp->smk_forked = old_tsp->smk_task; 1967 mutex_init(&new_tsp->smk_rules_lock); 1968 INIT_LIST_HEAD(&new_tsp->smk_rules); 1969 1970 /* cbs copy rule list */ 1971 } 1972 1973 /** 1974 * smack_cred_getsecid - get the secid corresponding to a creds structure 1975 * @cred: the object creds 1976 * @secid: where to put the result 1977 * 1978 * Sets the secid to contain a u32 version of the smack label. 1979 */ 1980 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 1981 { 1982 struct smack_known *skp; 1983 1984 rcu_read_lock(); 1985 skp = smk_of_task(smack_cred(cred)); 1986 *secid = skp->smk_secid; 1987 rcu_read_unlock(); 1988 } 1989 1990 /** 1991 * smack_kernel_act_as - Set the subjective context in a set of credentials 1992 * @new: points to the set of credentials to be modified. 1993 * @secid: specifies the security ID to be set 1994 * 1995 * Set the security data for a kernel service. 1996 */ 1997 static int smack_kernel_act_as(struct cred *new, u32 secid) 1998 { 1999 struct task_smack *new_tsp = smack_cred(new); 2000 2001 new_tsp->smk_task = smack_from_secid(secid); 2002 return 0; 2003 } 2004 2005 /** 2006 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2007 * @new: points to the set of credentials to be modified 2008 * @inode: points to the inode to use as a reference 2009 * 2010 * Set the file creation context in a set of credentials to the same 2011 * as the objective context of the specified inode 2012 */ 2013 static int smack_kernel_create_files_as(struct cred *new, 2014 struct inode *inode) 2015 { 2016 struct inode_smack *isp = smack_inode(inode); 2017 struct task_smack *tsp = smack_cred(new); 2018 2019 tsp->smk_forked = isp->smk_inode; 2020 tsp->smk_task = tsp->smk_forked; 2021 return 0; 2022 } 2023 2024 /** 2025 * smk_curacc_on_task - helper to log task related access 2026 * @p: the task object 2027 * @access: the access requested 2028 * @caller: name of the calling function for audit 2029 * 2030 * Return 0 if access is permitted 2031 */ 2032 static int smk_curacc_on_task(struct task_struct *p, int access, 2033 const char *caller) 2034 { 2035 struct smk_audit_info ad; 2036 struct smack_known *skp = smk_of_task_struct_subj(p); 2037 int rc; 2038 2039 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2040 smk_ad_setfield_u_tsk(&ad, p); 2041 rc = smk_curacc(skp, access, &ad); 2042 rc = smk_bu_task(p, access, rc); 2043 return rc; 2044 } 2045 2046 /** 2047 * smack_task_setpgid - Smack check on setting pgid 2048 * @p: the task object 2049 * @pgid: unused 2050 * 2051 * Return 0 if write access is permitted 2052 */ 2053 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2054 { 2055 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2056 } 2057 2058 /** 2059 * smack_task_getpgid - Smack access check for getpgid 2060 * @p: the object task 2061 * 2062 * Returns 0 if current can read the object task, error code otherwise 2063 */ 2064 static int smack_task_getpgid(struct task_struct *p) 2065 { 2066 return smk_curacc_on_task(p, MAY_READ, __func__); 2067 } 2068 2069 /** 2070 * smack_task_getsid - Smack access check for getsid 2071 * @p: the object task 2072 * 2073 * Returns 0 if current can read the object task, error code otherwise 2074 */ 2075 static int smack_task_getsid(struct task_struct *p) 2076 { 2077 return smk_curacc_on_task(p, MAY_READ, __func__); 2078 } 2079 2080 /** 2081 * smack_task_getsecid_subj - get the subjective secid of the task 2082 * @p: the task 2083 * @secid: where to put the result 2084 * 2085 * Sets the secid to contain a u32 version of the task's subjective smack label. 2086 */ 2087 static void smack_task_getsecid_subj(struct task_struct *p, u32 *secid) 2088 { 2089 struct smack_known *skp = smk_of_task_struct_subj(p); 2090 2091 *secid = skp->smk_secid; 2092 } 2093 2094 /** 2095 * smack_task_getsecid_obj - get the objective secid of the task 2096 * @p: the task 2097 * @secid: where to put the result 2098 * 2099 * Sets the secid to contain a u32 version of the task's objective smack label. 2100 */ 2101 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2102 { 2103 struct smack_known *skp = smk_of_task_struct_obj(p); 2104 2105 *secid = skp->smk_secid; 2106 } 2107 2108 /** 2109 * smack_task_setnice - Smack check on setting nice 2110 * @p: the task object 2111 * @nice: unused 2112 * 2113 * Return 0 if write access is permitted 2114 */ 2115 static int smack_task_setnice(struct task_struct *p, int nice) 2116 { 2117 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2118 } 2119 2120 /** 2121 * smack_task_setioprio - Smack check on setting ioprio 2122 * @p: the task object 2123 * @ioprio: unused 2124 * 2125 * Return 0 if write access is permitted 2126 */ 2127 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2128 { 2129 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2130 } 2131 2132 /** 2133 * smack_task_getioprio - Smack check on reading ioprio 2134 * @p: the task object 2135 * 2136 * Return 0 if read access is permitted 2137 */ 2138 static int smack_task_getioprio(struct task_struct *p) 2139 { 2140 return smk_curacc_on_task(p, MAY_READ, __func__); 2141 } 2142 2143 /** 2144 * smack_task_setscheduler - Smack check on setting scheduler 2145 * @p: the task object 2146 * 2147 * Return 0 if read access is permitted 2148 */ 2149 static int smack_task_setscheduler(struct task_struct *p) 2150 { 2151 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2152 } 2153 2154 /** 2155 * smack_task_getscheduler - Smack check on reading scheduler 2156 * @p: the task object 2157 * 2158 * Return 0 if read access is permitted 2159 */ 2160 static int smack_task_getscheduler(struct task_struct *p) 2161 { 2162 return smk_curacc_on_task(p, MAY_READ, __func__); 2163 } 2164 2165 /** 2166 * smack_task_movememory - Smack check on moving memory 2167 * @p: the task object 2168 * 2169 * Return 0 if write access is permitted 2170 */ 2171 static int smack_task_movememory(struct task_struct *p) 2172 { 2173 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2174 } 2175 2176 /** 2177 * smack_task_kill - Smack check on signal delivery 2178 * @p: the task object 2179 * @info: unused 2180 * @sig: unused 2181 * @cred: identifies the cred to use in lieu of current's 2182 * 2183 * Return 0 if write access is permitted 2184 * 2185 */ 2186 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2187 int sig, const struct cred *cred) 2188 { 2189 struct smk_audit_info ad; 2190 struct smack_known *skp; 2191 struct smack_known *tkp = smk_of_task_struct_obj(p); 2192 int rc; 2193 2194 if (!sig) 2195 return 0; /* null signal; existence test */ 2196 2197 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2198 smk_ad_setfield_u_tsk(&ad, p); 2199 /* 2200 * Sending a signal requires that the sender 2201 * can write the receiver. 2202 */ 2203 if (cred == NULL) { 2204 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2205 rc = smk_bu_task(p, MAY_DELIVER, rc); 2206 return rc; 2207 } 2208 /* 2209 * If the cred isn't NULL we're dealing with some USB IO 2210 * specific behavior. This is not clean. For one thing 2211 * we can't take privilege into account. 2212 */ 2213 skp = smk_of_task(smack_cred(cred)); 2214 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2215 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2216 return rc; 2217 } 2218 2219 /** 2220 * smack_task_to_inode - copy task smack into the inode blob 2221 * @p: task to copy from 2222 * @inode: inode to copy to 2223 * 2224 * Sets the smack pointer in the inode security blob 2225 */ 2226 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2227 { 2228 struct inode_smack *isp = smack_inode(inode); 2229 struct smack_known *skp = smk_of_task_struct_obj(p); 2230 2231 isp->smk_inode = skp; 2232 isp->smk_flags |= SMK_INODE_INSTANT; 2233 } 2234 2235 /* 2236 * Socket hooks. 2237 */ 2238 2239 /** 2240 * smack_sk_alloc_security - Allocate a socket blob 2241 * @sk: the socket 2242 * @family: unused 2243 * @gfp_flags: memory allocation flags 2244 * 2245 * Assign Smack pointers to current 2246 * 2247 * Returns 0 on success, -ENOMEM is there's no memory 2248 */ 2249 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2250 { 2251 struct smack_known *skp = smk_of_current(); 2252 struct socket_smack *ssp; 2253 2254 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2255 if (ssp == NULL) 2256 return -ENOMEM; 2257 2258 /* 2259 * Sockets created by kernel threads receive web label. 2260 */ 2261 if (unlikely(current->flags & PF_KTHREAD)) { 2262 ssp->smk_in = &smack_known_web; 2263 ssp->smk_out = &smack_known_web; 2264 } else { 2265 ssp->smk_in = skp; 2266 ssp->smk_out = skp; 2267 } 2268 ssp->smk_packet = NULL; 2269 2270 sk->sk_security = ssp; 2271 2272 return 0; 2273 } 2274 2275 /** 2276 * smack_sk_free_security - Free a socket blob 2277 * @sk: the socket 2278 * 2279 * Clears the blob pointer 2280 */ 2281 static void smack_sk_free_security(struct sock *sk) 2282 { 2283 #ifdef SMACK_IPV6_PORT_LABELING 2284 struct smk_port_label *spp; 2285 2286 if (sk->sk_family == PF_INET6) { 2287 rcu_read_lock(); 2288 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2289 if (spp->smk_sock != sk) 2290 continue; 2291 spp->smk_can_reuse = 1; 2292 break; 2293 } 2294 rcu_read_unlock(); 2295 } 2296 #endif 2297 kfree(sk->sk_security); 2298 } 2299 2300 /** 2301 * smack_ipv4host_label - check host based restrictions 2302 * @sip: the object end 2303 * 2304 * looks for host based access restrictions 2305 * 2306 * This version will only be appropriate for really small sets of single label 2307 * hosts. The caller is responsible for ensuring that the RCU read lock is 2308 * taken before calling this function. 2309 * 2310 * Returns the label of the far end or NULL if it's not special. 2311 */ 2312 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2313 { 2314 struct smk_net4addr *snp; 2315 struct in_addr *siap = &sip->sin_addr; 2316 2317 if (siap->s_addr == 0) 2318 return NULL; 2319 2320 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2321 /* 2322 * we break after finding the first match because 2323 * the list is sorted from longest to shortest mask 2324 * so we have found the most specific match 2325 */ 2326 if (snp->smk_host.s_addr == 2327 (siap->s_addr & snp->smk_mask.s_addr)) 2328 return snp->smk_label; 2329 2330 return NULL; 2331 } 2332 2333 /* 2334 * smk_ipv6_localhost - Check for local ipv6 host address 2335 * @sip: the address 2336 * 2337 * Returns boolean true if this is the localhost address 2338 */ 2339 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2340 { 2341 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2342 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2343 2344 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2345 ntohs(be16p[7]) == 1) 2346 return true; 2347 return false; 2348 } 2349 2350 /** 2351 * smack_ipv6host_label - check host based restrictions 2352 * @sip: the object end 2353 * 2354 * looks for host based access restrictions 2355 * 2356 * This version will only be appropriate for really small sets of single label 2357 * hosts. The caller is responsible for ensuring that the RCU read lock is 2358 * taken before calling this function. 2359 * 2360 * Returns the label of the far end or NULL if it's not special. 2361 */ 2362 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2363 { 2364 struct smk_net6addr *snp; 2365 struct in6_addr *sap = &sip->sin6_addr; 2366 int i; 2367 int found = 0; 2368 2369 /* 2370 * It's local. Don't look for a host label. 2371 */ 2372 if (smk_ipv6_localhost(sip)) 2373 return NULL; 2374 2375 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2376 /* 2377 * If the label is NULL the entry has 2378 * been renounced. Ignore it. 2379 */ 2380 if (snp->smk_label == NULL) 2381 continue; 2382 /* 2383 * we break after finding the first match because 2384 * the list is sorted from longest to shortest mask 2385 * so we have found the most specific match 2386 */ 2387 for (found = 1, i = 0; i < 8; i++) { 2388 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2389 snp->smk_host.s6_addr16[i]) { 2390 found = 0; 2391 break; 2392 } 2393 } 2394 if (found) 2395 return snp->smk_label; 2396 } 2397 2398 return NULL; 2399 } 2400 2401 /** 2402 * smack_netlbl_add - Set the secattr on a socket 2403 * @sk: the socket 2404 * 2405 * Attach the outbound smack value (smk_out) to the socket. 2406 * 2407 * Returns 0 on success or an error code 2408 */ 2409 static int smack_netlbl_add(struct sock *sk) 2410 { 2411 struct socket_smack *ssp = sk->sk_security; 2412 struct smack_known *skp = ssp->smk_out; 2413 int rc; 2414 2415 local_bh_disable(); 2416 bh_lock_sock_nested(sk); 2417 2418 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2419 switch (rc) { 2420 case 0: 2421 ssp->smk_state = SMK_NETLBL_LABELED; 2422 break; 2423 case -EDESTADDRREQ: 2424 ssp->smk_state = SMK_NETLBL_REQSKB; 2425 rc = 0; 2426 break; 2427 } 2428 2429 bh_unlock_sock(sk); 2430 local_bh_enable(); 2431 2432 return rc; 2433 } 2434 2435 /** 2436 * smack_netlbl_delete - Remove the secattr from a socket 2437 * @sk: the socket 2438 * 2439 * Remove the outbound smack value from a socket 2440 */ 2441 static void smack_netlbl_delete(struct sock *sk) 2442 { 2443 struct socket_smack *ssp = sk->sk_security; 2444 2445 /* 2446 * Take the label off the socket if one is set. 2447 */ 2448 if (ssp->smk_state != SMK_NETLBL_LABELED) 2449 return; 2450 2451 local_bh_disable(); 2452 bh_lock_sock_nested(sk); 2453 netlbl_sock_delattr(sk); 2454 bh_unlock_sock(sk); 2455 local_bh_enable(); 2456 ssp->smk_state = SMK_NETLBL_UNLABELED; 2457 } 2458 2459 /** 2460 * smk_ipv4_check - Perform IPv4 host access checks 2461 * @sk: the socket 2462 * @sap: the destination address 2463 * 2464 * Set the correct secattr for the given socket based on the destination 2465 * address and perform any outbound access checks needed. 2466 * 2467 * Returns 0 on success or an error code. 2468 * 2469 */ 2470 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2471 { 2472 struct smack_known *skp; 2473 int rc = 0; 2474 struct smack_known *hkp; 2475 struct socket_smack *ssp = sk->sk_security; 2476 struct smk_audit_info ad; 2477 2478 rcu_read_lock(); 2479 hkp = smack_ipv4host_label(sap); 2480 if (hkp != NULL) { 2481 #ifdef CONFIG_AUDIT 2482 struct lsm_network_audit net; 2483 2484 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2485 ad.a.u.net->family = sap->sin_family; 2486 ad.a.u.net->dport = sap->sin_port; 2487 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2488 #endif 2489 skp = ssp->smk_out; 2490 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2491 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2492 /* 2493 * Clear the socket netlabel if it's set. 2494 */ 2495 if (!rc) 2496 smack_netlbl_delete(sk); 2497 } 2498 rcu_read_unlock(); 2499 2500 return rc; 2501 } 2502 2503 /** 2504 * smk_ipv6_check - check Smack access 2505 * @subject: subject Smack label 2506 * @object: object Smack label 2507 * @address: address 2508 * @act: the action being taken 2509 * 2510 * Check an IPv6 access 2511 */ 2512 static int smk_ipv6_check(struct smack_known *subject, 2513 struct smack_known *object, 2514 struct sockaddr_in6 *address, int act) 2515 { 2516 #ifdef CONFIG_AUDIT 2517 struct lsm_network_audit net; 2518 #endif 2519 struct smk_audit_info ad; 2520 int rc; 2521 2522 #ifdef CONFIG_AUDIT 2523 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2524 ad.a.u.net->family = PF_INET6; 2525 ad.a.u.net->dport = ntohs(address->sin6_port); 2526 if (act == SMK_RECEIVING) 2527 ad.a.u.net->v6info.saddr = address->sin6_addr; 2528 else 2529 ad.a.u.net->v6info.daddr = address->sin6_addr; 2530 #endif 2531 rc = smk_access(subject, object, MAY_WRITE, &ad); 2532 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2533 return rc; 2534 } 2535 2536 #ifdef SMACK_IPV6_PORT_LABELING 2537 /** 2538 * smk_ipv6_port_label - Smack port access table management 2539 * @sock: socket 2540 * @address: address 2541 * 2542 * Create or update the port list entry 2543 */ 2544 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2545 { 2546 struct sock *sk = sock->sk; 2547 struct sockaddr_in6 *addr6; 2548 struct socket_smack *ssp = sock->sk->sk_security; 2549 struct smk_port_label *spp; 2550 unsigned short port = 0; 2551 2552 if (address == NULL) { 2553 /* 2554 * This operation is changing the Smack information 2555 * on the bound socket. Take the changes to the port 2556 * as well. 2557 */ 2558 rcu_read_lock(); 2559 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2560 if (sk != spp->smk_sock) 2561 continue; 2562 spp->smk_in = ssp->smk_in; 2563 spp->smk_out = ssp->smk_out; 2564 rcu_read_unlock(); 2565 return; 2566 } 2567 /* 2568 * A NULL address is only used for updating existing 2569 * bound entries. If there isn't one, it's OK. 2570 */ 2571 rcu_read_unlock(); 2572 return; 2573 } 2574 2575 addr6 = (struct sockaddr_in6 *)address; 2576 port = ntohs(addr6->sin6_port); 2577 /* 2578 * This is a special case that is safely ignored. 2579 */ 2580 if (port == 0) 2581 return; 2582 2583 /* 2584 * Look for an existing port list entry. 2585 * This is an indication that a port is getting reused. 2586 */ 2587 rcu_read_lock(); 2588 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2589 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2590 continue; 2591 if (spp->smk_can_reuse != 1) { 2592 rcu_read_unlock(); 2593 return; 2594 } 2595 spp->smk_port = port; 2596 spp->smk_sock = sk; 2597 spp->smk_in = ssp->smk_in; 2598 spp->smk_out = ssp->smk_out; 2599 spp->smk_can_reuse = 0; 2600 rcu_read_unlock(); 2601 return; 2602 } 2603 rcu_read_unlock(); 2604 /* 2605 * A new port entry is required. 2606 */ 2607 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2608 if (spp == NULL) 2609 return; 2610 2611 spp->smk_port = port; 2612 spp->smk_sock = sk; 2613 spp->smk_in = ssp->smk_in; 2614 spp->smk_out = ssp->smk_out; 2615 spp->smk_sock_type = sock->type; 2616 spp->smk_can_reuse = 0; 2617 2618 mutex_lock(&smack_ipv6_lock); 2619 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2620 mutex_unlock(&smack_ipv6_lock); 2621 return; 2622 } 2623 #endif 2624 2625 /** 2626 * smk_ipv6_port_check - check Smack port access 2627 * @sk: socket 2628 * @address: address 2629 * @act: the action being taken 2630 * 2631 * Create or update the port list entry 2632 */ 2633 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2634 int act) 2635 { 2636 struct smk_port_label *spp; 2637 struct socket_smack *ssp = sk->sk_security; 2638 struct smack_known *skp = NULL; 2639 unsigned short port; 2640 struct smack_known *object; 2641 2642 if (act == SMK_RECEIVING) { 2643 skp = smack_ipv6host_label(address); 2644 object = ssp->smk_in; 2645 } else { 2646 skp = ssp->smk_out; 2647 object = smack_ipv6host_label(address); 2648 } 2649 2650 /* 2651 * The other end is a single label host. 2652 */ 2653 if (skp != NULL && object != NULL) 2654 return smk_ipv6_check(skp, object, address, act); 2655 if (skp == NULL) 2656 skp = smack_net_ambient; 2657 if (object == NULL) 2658 object = smack_net_ambient; 2659 2660 /* 2661 * It's remote, so port lookup does no good. 2662 */ 2663 if (!smk_ipv6_localhost(address)) 2664 return smk_ipv6_check(skp, object, address, act); 2665 2666 /* 2667 * It's local so the send check has to have passed. 2668 */ 2669 if (act == SMK_RECEIVING) 2670 return 0; 2671 2672 port = ntohs(address->sin6_port); 2673 rcu_read_lock(); 2674 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2675 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2676 continue; 2677 object = spp->smk_in; 2678 if (act == SMK_CONNECTING) 2679 ssp->smk_packet = spp->smk_out; 2680 break; 2681 } 2682 rcu_read_unlock(); 2683 2684 return smk_ipv6_check(skp, object, address, act); 2685 } 2686 2687 /** 2688 * smack_inode_setsecurity - set smack xattrs 2689 * @inode: the object 2690 * @name: attribute name 2691 * @value: attribute value 2692 * @size: size of the attribute 2693 * @flags: unused 2694 * 2695 * Sets the named attribute in the appropriate blob 2696 * 2697 * Returns 0 on success, or an error code 2698 */ 2699 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2700 const void *value, size_t size, int flags) 2701 { 2702 struct smack_known *skp; 2703 struct inode_smack *nsp = smack_inode(inode); 2704 struct socket_smack *ssp; 2705 struct socket *sock; 2706 int rc = 0; 2707 2708 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2709 return -EINVAL; 2710 2711 skp = smk_import_entry(value, size); 2712 if (IS_ERR(skp)) 2713 return PTR_ERR(skp); 2714 2715 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2716 nsp->smk_inode = skp; 2717 nsp->smk_flags |= SMK_INODE_INSTANT; 2718 return 0; 2719 } 2720 /* 2721 * The rest of the Smack xattrs are only on sockets. 2722 */ 2723 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2724 return -EOPNOTSUPP; 2725 2726 sock = SOCKET_I(inode); 2727 if (sock == NULL || sock->sk == NULL) 2728 return -EOPNOTSUPP; 2729 2730 ssp = sock->sk->sk_security; 2731 2732 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2733 ssp->smk_in = skp; 2734 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2735 ssp->smk_out = skp; 2736 if (sock->sk->sk_family == PF_INET) { 2737 rc = smack_netlbl_add(sock->sk); 2738 if (rc != 0) 2739 printk(KERN_WARNING 2740 "Smack: \"%s\" netlbl error %d.\n", 2741 __func__, -rc); 2742 } 2743 } else 2744 return -EOPNOTSUPP; 2745 2746 #ifdef SMACK_IPV6_PORT_LABELING 2747 if (sock->sk->sk_family == PF_INET6) 2748 smk_ipv6_port_label(sock, NULL); 2749 #endif 2750 2751 return 0; 2752 } 2753 2754 /** 2755 * smack_socket_post_create - finish socket setup 2756 * @sock: the socket 2757 * @family: protocol family 2758 * @type: unused 2759 * @protocol: unused 2760 * @kern: unused 2761 * 2762 * Sets the netlabel information on the socket 2763 * 2764 * Returns 0 on success, and error code otherwise 2765 */ 2766 static int smack_socket_post_create(struct socket *sock, int family, 2767 int type, int protocol, int kern) 2768 { 2769 struct socket_smack *ssp; 2770 2771 if (sock->sk == NULL) 2772 return 0; 2773 2774 /* 2775 * Sockets created by kernel threads receive web label. 2776 */ 2777 if (unlikely(current->flags & PF_KTHREAD)) { 2778 ssp = sock->sk->sk_security; 2779 ssp->smk_in = &smack_known_web; 2780 ssp->smk_out = &smack_known_web; 2781 } 2782 2783 if (family != PF_INET) 2784 return 0; 2785 /* 2786 * Set the outbound netlbl. 2787 */ 2788 return smack_netlbl_add(sock->sk); 2789 } 2790 2791 /** 2792 * smack_socket_socketpair - create socket pair 2793 * @socka: one socket 2794 * @sockb: another socket 2795 * 2796 * Cross reference the peer labels for SO_PEERSEC 2797 * 2798 * Returns 0 2799 */ 2800 static int smack_socket_socketpair(struct socket *socka, 2801 struct socket *sockb) 2802 { 2803 struct socket_smack *asp = socka->sk->sk_security; 2804 struct socket_smack *bsp = sockb->sk->sk_security; 2805 2806 asp->smk_packet = bsp->smk_out; 2807 bsp->smk_packet = asp->smk_out; 2808 2809 return 0; 2810 } 2811 2812 #ifdef SMACK_IPV6_PORT_LABELING 2813 /** 2814 * smack_socket_bind - record port binding information. 2815 * @sock: the socket 2816 * @address: the port address 2817 * @addrlen: size of the address 2818 * 2819 * Records the label bound to a port. 2820 * 2821 * Returns 0 on success, and error code otherwise 2822 */ 2823 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2824 int addrlen) 2825 { 2826 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2827 if (addrlen < SIN6_LEN_RFC2133 || 2828 address->sa_family != AF_INET6) 2829 return -EINVAL; 2830 smk_ipv6_port_label(sock, address); 2831 } 2832 return 0; 2833 } 2834 #endif /* SMACK_IPV6_PORT_LABELING */ 2835 2836 /** 2837 * smack_socket_connect - connect access check 2838 * @sock: the socket 2839 * @sap: the other end 2840 * @addrlen: size of sap 2841 * 2842 * Verifies that a connection may be possible 2843 * 2844 * Returns 0 on success, and error code otherwise 2845 */ 2846 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2847 int addrlen) 2848 { 2849 int rc = 0; 2850 2851 if (sock->sk == NULL) 2852 return 0; 2853 if (sock->sk->sk_family != PF_INET && 2854 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2855 return 0; 2856 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2857 return 0; 2858 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2859 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2860 struct smack_known *rsp = NULL; 2861 2862 if (addrlen < SIN6_LEN_RFC2133) 2863 return 0; 2864 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2865 rsp = smack_ipv6host_label(sip); 2866 if (rsp != NULL) { 2867 struct socket_smack *ssp = sock->sk->sk_security; 2868 2869 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2870 SMK_CONNECTING); 2871 } 2872 if (__is_defined(SMACK_IPV6_PORT_LABELING)) 2873 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2874 2875 return rc; 2876 } 2877 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2878 return 0; 2879 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 2880 return rc; 2881 } 2882 2883 /** 2884 * smack_flags_to_may - convert S_ to MAY_ values 2885 * @flags: the S_ value 2886 * 2887 * Returns the equivalent MAY_ value 2888 */ 2889 static int smack_flags_to_may(int flags) 2890 { 2891 int may = 0; 2892 2893 if (flags & S_IRUGO) 2894 may |= MAY_READ; 2895 if (flags & S_IWUGO) 2896 may |= MAY_WRITE; 2897 if (flags & S_IXUGO) 2898 may |= MAY_EXEC; 2899 2900 return may; 2901 } 2902 2903 /** 2904 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2905 * @msg: the object 2906 * 2907 * Returns 0 2908 */ 2909 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2910 { 2911 struct smack_known **blob = smack_msg_msg(msg); 2912 2913 *blob = smk_of_current(); 2914 return 0; 2915 } 2916 2917 /** 2918 * smack_of_ipc - the smack pointer for the ipc 2919 * @isp: the object 2920 * 2921 * Returns a pointer to the smack value 2922 */ 2923 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2924 { 2925 struct smack_known **blob = smack_ipc(isp); 2926 2927 return *blob; 2928 } 2929 2930 /** 2931 * smack_ipc_alloc_security - Set the security blob for ipc 2932 * @isp: the object 2933 * 2934 * Returns 0 2935 */ 2936 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 2937 { 2938 struct smack_known **blob = smack_ipc(isp); 2939 2940 *blob = smk_of_current(); 2941 return 0; 2942 } 2943 2944 /** 2945 * smk_curacc_shm : check if current has access on shm 2946 * @isp : the object 2947 * @access : access requested 2948 * 2949 * Returns 0 if current has the requested access, error code otherwise 2950 */ 2951 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 2952 { 2953 struct smack_known *ssp = smack_of_ipc(isp); 2954 struct smk_audit_info ad; 2955 int rc; 2956 2957 #ifdef CONFIG_AUDIT 2958 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2959 ad.a.u.ipc_id = isp->id; 2960 #endif 2961 rc = smk_curacc(ssp, access, &ad); 2962 rc = smk_bu_current("shm", ssp, access, rc); 2963 return rc; 2964 } 2965 2966 /** 2967 * smack_shm_associate - Smack access check for shm 2968 * @isp: the object 2969 * @shmflg: access requested 2970 * 2971 * Returns 0 if current has the requested access, error code otherwise 2972 */ 2973 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 2974 { 2975 int may; 2976 2977 may = smack_flags_to_may(shmflg); 2978 return smk_curacc_shm(isp, may); 2979 } 2980 2981 /** 2982 * smack_shm_shmctl - Smack access check for shm 2983 * @isp: the object 2984 * @cmd: what it wants to do 2985 * 2986 * Returns 0 if current has the requested access, error code otherwise 2987 */ 2988 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 2989 { 2990 int may; 2991 2992 switch (cmd) { 2993 case IPC_STAT: 2994 case SHM_STAT: 2995 case SHM_STAT_ANY: 2996 may = MAY_READ; 2997 break; 2998 case IPC_SET: 2999 case SHM_LOCK: 3000 case SHM_UNLOCK: 3001 case IPC_RMID: 3002 may = MAY_READWRITE; 3003 break; 3004 case IPC_INFO: 3005 case SHM_INFO: 3006 /* 3007 * System level information. 3008 */ 3009 return 0; 3010 default: 3011 return -EINVAL; 3012 } 3013 return smk_curacc_shm(isp, may); 3014 } 3015 3016 /** 3017 * smack_shm_shmat - Smack access for shmat 3018 * @isp: the object 3019 * @shmaddr: unused 3020 * @shmflg: access requested 3021 * 3022 * Returns 0 if current has the requested access, error code otherwise 3023 */ 3024 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3025 int shmflg) 3026 { 3027 int may; 3028 3029 may = smack_flags_to_may(shmflg); 3030 return smk_curacc_shm(isp, may); 3031 } 3032 3033 /** 3034 * smk_curacc_sem : check if current has access on sem 3035 * @isp : the object 3036 * @access : access requested 3037 * 3038 * Returns 0 if current has the requested access, error code otherwise 3039 */ 3040 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3041 { 3042 struct smack_known *ssp = smack_of_ipc(isp); 3043 struct smk_audit_info ad; 3044 int rc; 3045 3046 #ifdef CONFIG_AUDIT 3047 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3048 ad.a.u.ipc_id = isp->id; 3049 #endif 3050 rc = smk_curacc(ssp, access, &ad); 3051 rc = smk_bu_current("sem", ssp, access, rc); 3052 return rc; 3053 } 3054 3055 /** 3056 * smack_sem_associate - Smack access check for sem 3057 * @isp: the object 3058 * @semflg: access requested 3059 * 3060 * Returns 0 if current has the requested access, error code otherwise 3061 */ 3062 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3063 { 3064 int may; 3065 3066 may = smack_flags_to_may(semflg); 3067 return smk_curacc_sem(isp, may); 3068 } 3069 3070 /** 3071 * smack_sem_shmctl - Smack access check for sem 3072 * @isp: the object 3073 * @cmd: what it wants to do 3074 * 3075 * Returns 0 if current has the requested access, error code otherwise 3076 */ 3077 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3078 { 3079 int may; 3080 3081 switch (cmd) { 3082 case GETPID: 3083 case GETNCNT: 3084 case GETZCNT: 3085 case GETVAL: 3086 case GETALL: 3087 case IPC_STAT: 3088 case SEM_STAT: 3089 case SEM_STAT_ANY: 3090 may = MAY_READ; 3091 break; 3092 case SETVAL: 3093 case SETALL: 3094 case IPC_RMID: 3095 case IPC_SET: 3096 may = MAY_READWRITE; 3097 break; 3098 case IPC_INFO: 3099 case SEM_INFO: 3100 /* 3101 * System level information 3102 */ 3103 return 0; 3104 default: 3105 return -EINVAL; 3106 } 3107 3108 return smk_curacc_sem(isp, may); 3109 } 3110 3111 /** 3112 * smack_sem_semop - Smack checks of semaphore operations 3113 * @isp: the object 3114 * @sops: unused 3115 * @nsops: unused 3116 * @alter: unused 3117 * 3118 * Treated as read and write in all cases. 3119 * 3120 * Returns 0 if access is allowed, error code otherwise 3121 */ 3122 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3123 unsigned nsops, int alter) 3124 { 3125 return smk_curacc_sem(isp, MAY_READWRITE); 3126 } 3127 3128 /** 3129 * smk_curacc_msq : helper to check if current has access on msq 3130 * @isp : the msq 3131 * @access : access requested 3132 * 3133 * return 0 if current has access, error otherwise 3134 */ 3135 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3136 { 3137 struct smack_known *msp = smack_of_ipc(isp); 3138 struct smk_audit_info ad; 3139 int rc; 3140 3141 #ifdef CONFIG_AUDIT 3142 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3143 ad.a.u.ipc_id = isp->id; 3144 #endif 3145 rc = smk_curacc(msp, access, &ad); 3146 rc = smk_bu_current("msq", msp, access, rc); 3147 return rc; 3148 } 3149 3150 /** 3151 * smack_msg_queue_associate - Smack access check for msg_queue 3152 * @isp: the object 3153 * @msqflg: access requested 3154 * 3155 * Returns 0 if current has the requested access, error code otherwise 3156 */ 3157 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3158 { 3159 int may; 3160 3161 may = smack_flags_to_may(msqflg); 3162 return smk_curacc_msq(isp, may); 3163 } 3164 3165 /** 3166 * smack_msg_queue_msgctl - Smack access check for msg_queue 3167 * @isp: the object 3168 * @cmd: what it wants to do 3169 * 3170 * Returns 0 if current has the requested access, error code otherwise 3171 */ 3172 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3173 { 3174 int may; 3175 3176 switch (cmd) { 3177 case IPC_STAT: 3178 case MSG_STAT: 3179 case MSG_STAT_ANY: 3180 may = MAY_READ; 3181 break; 3182 case IPC_SET: 3183 case IPC_RMID: 3184 may = MAY_READWRITE; 3185 break; 3186 case IPC_INFO: 3187 case MSG_INFO: 3188 /* 3189 * System level information 3190 */ 3191 return 0; 3192 default: 3193 return -EINVAL; 3194 } 3195 3196 return smk_curacc_msq(isp, may); 3197 } 3198 3199 /** 3200 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3201 * @isp: the object 3202 * @msg: unused 3203 * @msqflg: access requested 3204 * 3205 * Returns 0 if current has the requested access, error code otherwise 3206 */ 3207 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3208 int msqflg) 3209 { 3210 int may; 3211 3212 may = smack_flags_to_may(msqflg); 3213 return smk_curacc_msq(isp, may); 3214 } 3215 3216 /** 3217 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3218 * @isp: the object 3219 * @msg: unused 3220 * @target: unused 3221 * @type: unused 3222 * @mode: unused 3223 * 3224 * Returns 0 if current has read and write access, error code otherwise 3225 */ 3226 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg, 3227 struct task_struct *target, long type, int mode) 3228 { 3229 return smk_curacc_msq(isp, MAY_READWRITE); 3230 } 3231 3232 /** 3233 * smack_ipc_permission - Smack access for ipc_permission() 3234 * @ipp: the object permissions 3235 * @flag: access requested 3236 * 3237 * Returns 0 if current has read and write access, error code otherwise 3238 */ 3239 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3240 { 3241 struct smack_known **blob = smack_ipc(ipp); 3242 struct smack_known *iskp = *blob; 3243 int may = smack_flags_to_may(flag); 3244 struct smk_audit_info ad; 3245 int rc; 3246 3247 #ifdef CONFIG_AUDIT 3248 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3249 ad.a.u.ipc_id = ipp->id; 3250 #endif 3251 rc = smk_curacc(iskp, may, &ad); 3252 rc = smk_bu_current("svipc", iskp, may, rc); 3253 return rc; 3254 } 3255 3256 /** 3257 * smack_ipc_getsecid - Extract smack security id 3258 * @ipp: the object permissions 3259 * @secid: where result will be saved 3260 */ 3261 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3262 { 3263 struct smack_known **blob = smack_ipc(ipp); 3264 struct smack_known *iskp = *blob; 3265 3266 *secid = iskp->smk_secid; 3267 } 3268 3269 /** 3270 * smack_d_instantiate - Make sure the blob is correct on an inode 3271 * @opt_dentry: dentry where inode will be attached 3272 * @inode: the object 3273 * 3274 * Set the inode's security blob if it hasn't been done already. 3275 */ 3276 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3277 { 3278 struct super_block *sbp; 3279 struct superblock_smack *sbsp; 3280 struct inode_smack *isp; 3281 struct smack_known *skp; 3282 struct smack_known *ckp = smk_of_current(); 3283 struct smack_known *final; 3284 char trattr[TRANS_TRUE_SIZE]; 3285 int transflag = 0; 3286 int rc; 3287 struct dentry *dp; 3288 3289 if (inode == NULL) 3290 return; 3291 3292 isp = smack_inode(inode); 3293 3294 /* 3295 * If the inode is already instantiated 3296 * take the quick way out 3297 */ 3298 if (isp->smk_flags & SMK_INODE_INSTANT) 3299 return; 3300 3301 sbp = inode->i_sb; 3302 sbsp = sbp->s_security; 3303 /* 3304 * We're going to use the superblock default label 3305 * if there's no label on the file. 3306 */ 3307 final = sbsp->smk_default; 3308 3309 /* 3310 * If this is the root inode the superblock 3311 * may be in the process of initialization. 3312 * If that is the case use the root value out 3313 * of the superblock. 3314 */ 3315 if (opt_dentry->d_parent == opt_dentry) { 3316 switch (sbp->s_magic) { 3317 case CGROUP_SUPER_MAGIC: 3318 case CGROUP2_SUPER_MAGIC: 3319 /* 3320 * The cgroup filesystem is never mounted, 3321 * so there's no opportunity to set the mount 3322 * options. 3323 */ 3324 sbsp->smk_root = &smack_known_star; 3325 sbsp->smk_default = &smack_known_star; 3326 isp->smk_inode = sbsp->smk_root; 3327 break; 3328 case TMPFS_MAGIC: 3329 /* 3330 * What about shmem/tmpfs anonymous files with dentry 3331 * obtained from d_alloc_pseudo()? 3332 */ 3333 isp->smk_inode = smk_of_current(); 3334 break; 3335 case PIPEFS_MAGIC: 3336 isp->smk_inode = smk_of_current(); 3337 break; 3338 case SOCKFS_MAGIC: 3339 /* 3340 * Socket access is controlled by the socket 3341 * structures associated with the task involved. 3342 */ 3343 isp->smk_inode = &smack_known_star; 3344 break; 3345 default: 3346 isp->smk_inode = sbsp->smk_root; 3347 break; 3348 } 3349 isp->smk_flags |= SMK_INODE_INSTANT; 3350 return; 3351 } 3352 3353 /* 3354 * This is pretty hackish. 3355 * Casey says that we shouldn't have to do 3356 * file system specific code, but it does help 3357 * with keeping it simple. 3358 */ 3359 switch (sbp->s_magic) { 3360 case SMACK_MAGIC: 3361 case CGROUP_SUPER_MAGIC: 3362 case CGROUP2_SUPER_MAGIC: 3363 /* 3364 * Casey says that it's a little embarrassing 3365 * that the smack file system doesn't do 3366 * extended attributes. 3367 * 3368 * Cgroupfs is special 3369 */ 3370 final = &smack_known_star; 3371 break; 3372 case DEVPTS_SUPER_MAGIC: 3373 /* 3374 * devpts seems content with the label of the task. 3375 * Programs that change smack have to treat the 3376 * pty with respect. 3377 */ 3378 final = ckp; 3379 break; 3380 case PROC_SUPER_MAGIC: 3381 /* 3382 * Casey says procfs appears not to care. 3383 * The superblock default suffices. 3384 */ 3385 break; 3386 case TMPFS_MAGIC: 3387 /* 3388 * Device labels should come from the filesystem, 3389 * but watch out, because they're volitile, 3390 * getting recreated on every reboot. 3391 */ 3392 final = &smack_known_star; 3393 /* 3394 * If a smack value has been set we want to use it, 3395 * but since tmpfs isn't giving us the opportunity 3396 * to set mount options simulate setting the 3397 * superblock default. 3398 */ 3399 fallthrough; 3400 default: 3401 /* 3402 * This isn't an understood special case. 3403 * Get the value from the xattr. 3404 */ 3405 3406 /* 3407 * UNIX domain sockets use lower level socket data. 3408 */ 3409 if (S_ISSOCK(inode->i_mode)) { 3410 final = &smack_known_star; 3411 break; 3412 } 3413 /* 3414 * No xattr support means, alas, no SMACK label. 3415 * Use the aforeapplied default. 3416 * It would be curious if the label of the task 3417 * does not match that assigned. 3418 */ 3419 if (!(inode->i_opflags & IOP_XATTR)) 3420 break; 3421 /* 3422 * Get the dentry for xattr. 3423 */ 3424 dp = dget(opt_dentry); 3425 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3426 if (!IS_ERR_OR_NULL(skp)) 3427 final = skp; 3428 3429 /* 3430 * Transmuting directory 3431 */ 3432 if (S_ISDIR(inode->i_mode)) { 3433 /* 3434 * If this is a new directory and the label was 3435 * transmuted when the inode was initialized 3436 * set the transmute attribute on the directory 3437 * and mark the inode. 3438 * 3439 * If there is a transmute attribute on the 3440 * directory mark the inode. 3441 */ 3442 if (isp->smk_flags & SMK_INODE_CHANGED) { 3443 isp->smk_flags &= ~SMK_INODE_CHANGED; 3444 rc = __vfs_setxattr(&init_user_ns, dp, inode, 3445 XATTR_NAME_SMACKTRANSMUTE, 3446 TRANS_TRUE, TRANS_TRUE_SIZE, 3447 0); 3448 } else { 3449 rc = __vfs_getxattr(dp, inode, 3450 XATTR_NAME_SMACKTRANSMUTE, trattr, 3451 TRANS_TRUE_SIZE); 3452 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3453 TRANS_TRUE_SIZE) != 0) 3454 rc = -EINVAL; 3455 } 3456 if (rc >= 0) 3457 transflag = SMK_INODE_TRANSMUTE; 3458 } 3459 /* 3460 * Don't let the exec or mmap label be "*" or "@". 3461 */ 3462 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3463 if (IS_ERR(skp) || skp == &smack_known_star || 3464 skp == &smack_known_web) 3465 skp = NULL; 3466 isp->smk_task = skp; 3467 3468 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3469 if (IS_ERR(skp) || skp == &smack_known_star || 3470 skp == &smack_known_web) 3471 skp = NULL; 3472 isp->smk_mmap = skp; 3473 3474 dput(dp); 3475 break; 3476 } 3477 3478 if (final == NULL) 3479 isp->smk_inode = ckp; 3480 else 3481 isp->smk_inode = final; 3482 3483 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3484 3485 return; 3486 } 3487 3488 /** 3489 * smack_getprocattr - Smack process attribute access 3490 * @p: the object task 3491 * @name: the name of the attribute in /proc/.../attr 3492 * @value: where to put the result 3493 * 3494 * Places a copy of the task Smack into value 3495 * 3496 * Returns the length of the smack label or an error code 3497 */ 3498 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3499 { 3500 struct smack_known *skp = smk_of_task_struct_subj(p); 3501 char *cp; 3502 int slen; 3503 3504 if (strcmp(name, "current") != 0) 3505 return -EINVAL; 3506 3507 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3508 if (cp == NULL) 3509 return -ENOMEM; 3510 3511 slen = strlen(cp); 3512 *value = cp; 3513 return slen; 3514 } 3515 3516 /** 3517 * smack_setprocattr - Smack process attribute setting 3518 * @name: the name of the attribute in /proc/.../attr 3519 * @value: the value to set 3520 * @size: the size of the value 3521 * 3522 * Sets the Smack value of the task. Only setting self 3523 * is permitted and only with privilege 3524 * 3525 * Returns the length of the smack label or an error code 3526 */ 3527 static int smack_setprocattr(const char *name, void *value, size_t size) 3528 { 3529 struct task_smack *tsp = smack_cred(current_cred()); 3530 struct cred *new; 3531 struct smack_known *skp; 3532 struct smack_known_list_elem *sklep; 3533 int rc; 3534 3535 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3536 return -EPERM; 3537 3538 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3539 return -EINVAL; 3540 3541 if (strcmp(name, "current") != 0) 3542 return -EINVAL; 3543 3544 skp = smk_import_entry(value, size); 3545 if (IS_ERR(skp)) 3546 return PTR_ERR(skp); 3547 3548 /* 3549 * No process is ever allowed the web ("@") label 3550 * and the star ("*") label. 3551 */ 3552 if (skp == &smack_known_web || skp == &smack_known_star) 3553 return -EINVAL; 3554 3555 if (!smack_privileged(CAP_MAC_ADMIN)) { 3556 rc = -EPERM; 3557 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3558 if (sklep->smk_label == skp) { 3559 rc = 0; 3560 break; 3561 } 3562 if (rc) 3563 return rc; 3564 } 3565 3566 new = prepare_creds(); 3567 if (new == NULL) 3568 return -ENOMEM; 3569 3570 tsp = smack_cred(new); 3571 tsp->smk_task = skp; 3572 /* 3573 * process can change its label only once 3574 */ 3575 smk_destroy_label_list(&tsp->smk_relabel); 3576 3577 commit_creds(new); 3578 return size; 3579 } 3580 3581 /** 3582 * smack_unix_stream_connect - Smack access on UDS 3583 * @sock: one sock 3584 * @other: the other sock 3585 * @newsk: unused 3586 * 3587 * Return 0 if a subject with the smack of sock could access 3588 * an object with the smack of other, otherwise an error code 3589 */ 3590 static int smack_unix_stream_connect(struct sock *sock, 3591 struct sock *other, struct sock *newsk) 3592 { 3593 struct smack_known *skp; 3594 struct smack_known *okp; 3595 struct socket_smack *ssp = sock->sk_security; 3596 struct socket_smack *osp = other->sk_security; 3597 struct socket_smack *nsp = newsk->sk_security; 3598 struct smk_audit_info ad; 3599 int rc = 0; 3600 #ifdef CONFIG_AUDIT 3601 struct lsm_network_audit net; 3602 #endif 3603 3604 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3605 skp = ssp->smk_out; 3606 okp = osp->smk_in; 3607 #ifdef CONFIG_AUDIT 3608 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3609 smk_ad_setfield_u_net_sk(&ad, other); 3610 #endif 3611 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3612 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3613 if (rc == 0) { 3614 okp = osp->smk_out; 3615 skp = ssp->smk_in; 3616 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3617 rc = smk_bu_note("UDS connect", okp, skp, 3618 MAY_WRITE, rc); 3619 } 3620 } 3621 3622 /* 3623 * Cross reference the peer labels for SO_PEERSEC. 3624 */ 3625 if (rc == 0) { 3626 nsp->smk_packet = ssp->smk_out; 3627 ssp->smk_packet = osp->smk_out; 3628 } 3629 3630 return rc; 3631 } 3632 3633 /** 3634 * smack_unix_may_send - Smack access on UDS 3635 * @sock: one socket 3636 * @other: the other socket 3637 * 3638 * Return 0 if a subject with the smack of sock could access 3639 * an object with the smack of other, otherwise an error code 3640 */ 3641 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3642 { 3643 struct socket_smack *ssp = sock->sk->sk_security; 3644 struct socket_smack *osp = other->sk->sk_security; 3645 struct smk_audit_info ad; 3646 int rc; 3647 3648 #ifdef CONFIG_AUDIT 3649 struct lsm_network_audit net; 3650 3651 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3652 smk_ad_setfield_u_net_sk(&ad, other->sk); 3653 #endif 3654 3655 if (smack_privileged(CAP_MAC_OVERRIDE)) 3656 return 0; 3657 3658 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3659 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3660 return rc; 3661 } 3662 3663 /** 3664 * smack_socket_sendmsg - Smack check based on destination host 3665 * @sock: the socket 3666 * @msg: the message 3667 * @size: the size of the message 3668 * 3669 * Return 0 if the current subject can write to the destination host. 3670 * For IPv4 this is only a question if the destination is a single label host. 3671 * For IPv6 this is a check against the label of the port. 3672 */ 3673 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3674 int size) 3675 { 3676 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3677 #if IS_ENABLED(CONFIG_IPV6) 3678 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3679 #endif 3680 #ifdef SMACK_IPV6_SECMARK_LABELING 3681 struct socket_smack *ssp = sock->sk->sk_security; 3682 struct smack_known *rsp; 3683 #endif 3684 int rc = 0; 3685 3686 /* 3687 * Perfectly reasonable for this to be NULL 3688 */ 3689 if (sip == NULL) 3690 return 0; 3691 3692 switch (sock->sk->sk_family) { 3693 case AF_INET: 3694 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3695 sip->sin_family != AF_INET) 3696 return -EINVAL; 3697 rc = smk_ipv4_check(sock->sk, sip); 3698 break; 3699 #if IS_ENABLED(CONFIG_IPV6) 3700 case AF_INET6: 3701 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3702 sap->sin6_family != AF_INET6) 3703 return -EINVAL; 3704 #ifdef SMACK_IPV6_SECMARK_LABELING 3705 rsp = smack_ipv6host_label(sap); 3706 if (rsp != NULL) 3707 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3708 SMK_CONNECTING); 3709 #endif 3710 #ifdef SMACK_IPV6_PORT_LABELING 3711 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3712 #endif 3713 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3714 break; 3715 } 3716 return rc; 3717 } 3718 3719 /** 3720 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3721 * @sap: netlabel secattr 3722 * @ssp: socket security information 3723 * 3724 * Returns a pointer to a Smack label entry found on the label list. 3725 */ 3726 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3727 struct socket_smack *ssp) 3728 { 3729 struct smack_known *skp; 3730 int found = 0; 3731 int acat; 3732 int kcat; 3733 3734 /* 3735 * Netlabel found it in the cache. 3736 */ 3737 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3738 return (struct smack_known *)sap->cache->data; 3739 3740 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3741 /* 3742 * Looks like a fallback, which gives us a secid. 3743 */ 3744 return smack_from_secid(sap->attr.secid); 3745 3746 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3747 /* 3748 * Looks like a CIPSO packet. 3749 * If there are flags but no level netlabel isn't 3750 * behaving the way we expect it to. 3751 * 3752 * Look it up in the label table 3753 * Without guidance regarding the smack value 3754 * for the packet fall back on the network 3755 * ambient value. 3756 */ 3757 rcu_read_lock(); 3758 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3759 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3760 continue; 3761 /* 3762 * Compare the catsets. Use the netlbl APIs. 3763 */ 3764 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3765 if ((skp->smk_netlabel.flags & 3766 NETLBL_SECATTR_MLS_CAT) == 0) 3767 found = 1; 3768 break; 3769 } 3770 for (acat = -1, kcat = -1; acat == kcat; ) { 3771 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3772 acat + 1); 3773 kcat = netlbl_catmap_walk( 3774 skp->smk_netlabel.attr.mls.cat, 3775 kcat + 1); 3776 if (acat < 0 || kcat < 0) 3777 break; 3778 } 3779 if (acat == kcat) { 3780 found = 1; 3781 break; 3782 } 3783 } 3784 rcu_read_unlock(); 3785 3786 if (found) 3787 return skp; 3788 3789 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3790 return &smack_known_web; 3791 return &smack_known_star; 3792 } 3793 /* 3794 * Without guidance regarding the smack value 3795 * for the packet fall back on the network 3796 * ambient value. 3797 */ 3798 return smack_net_ambient; 3799 } 3800 3801 #if IS_ENABLED(CONFIG_IPV6) 3802 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3803 { 3804 u8 nexthdr; 3805 int offset; 3806 int proto = -EINVAL; 3807 struct ipv6hdr _ipv6h; 3808 struct ipv6hdr *ip6; 3809 __be16 frag_off; 3810 struct tcphdr _tcph, *th; 3811 struct udphdr _udph, *uh; 3812 struct dccp_hdr _dccph, *dh; 3813 3814 sip->sin6_port = 0; 3815 3816 offset = skb_network_offset(skb); 3817 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3818 if (ip6 == NULL) 3819 return -EINVAL; 3820 sip->sin6_addr = ip6->saddr; 3821 3822 nexthdr = ip6->nexthdr; 3823 offset += sizeof(_ipv6h); 3824 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3825 if (offset < 0) 3826 return -EINVAL; 3827 3828 proto = nexthdr; 3829 switch (proto) { 3830 case IPPROTO_TCP: 3831 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3832 if (th != NULL) 3833 sip->sin6_port = th->source; 3834 break; 3835 case IPPROTO_UDP: 3836 case IPPROTO_UDPLITE: 3837 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3838 if (uh != NULL) 3839 sip->sin6_port = uh->source; 3840 break; 3841 case IPPROTO_DCCP: 3842 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3843 if (dh != NULL) 3844 sip->sin6_port = dh->dccph_sport; 3845 break; 3846 } 3847 return proto; 3848 } 3849 #endif /* CONFIG_IPV6 */ 3850 3851 /** 3852 * smack_from_skb - Smack data from the secmark in an skb 3853 * @skb: packet 3854 * 3855 * Returns smack_known of the secmark or NULL if that won't work. 3856 */ 3857 #ifdef CONFIG_NETWORK_SECMARK 3858 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3859 { 3860 if (skb == NULL || skb->secmark == 0) 3861 return NULL; 3862 3863 return smack_from_secid(skb->secmark); 3864 } 3865 #else 3866 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3867 { 3868 return NULL; 3869 } 3870 #endif 3871 3872 /** 3873 * smack_from_netlbl - Smack data from the IP options in an skb 3874 * @sk: socket data came in on 3875 * @family: address family 3876 * @skb: packet 3877 * 3878 * Find the Smack label in the IP options. If it hasn't been 3879 * added to the netlabel cache, add it here. 3880 * 3881 * Returns smack_known of the IP options or NULL if that won't work. 3882 */ 3883 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 3884 struct sk_buff *skb) 3885 { 3886 struct netlbl_lsm_secattr secattr; 3887 struct socket_smack *ssp = NULL; 3888 struct smack_known *skp = NULL; 3889 3890 netlbl_secattr_init(&secattr); 3891 3892 if (sk) 3893 ssp = sk->sk_security; 3894 3895 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 3896 skp = smack_from_secattr(&secattr, ssp); 3897 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 3898 netlbl_cache_add(skb, family, &skp->smk_netlabel); 3899 } 3900 3901 netlbl_secattr_destroy(&secattr); 3902 3903 return skp; 3904 } 3905 3906 /** 3907 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3908 * @sk: socket 3909 * @skb: packet 3910 * 3911 * Returns 0 if the packet should be delivered, an error code otherwise 3912 */ 3913 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3914 { 3915 struct socket_smack *ssp = sk->sk_security; 3916 struct smack_known *skp = NULL; 3917 int rc = 0; 3918 struct smk_audit_info ad; 3919 u16 family = sk->sk_family; 3920 #ifdef CONFIG_AUDIT 3921 struct lsm_network_audit net; 3922 #endif 3923 #if IS_ENABLED(CONFIG_IPV6) 3924 struct sockaddr_in6 sadd; 3925 int proto; 3926 3927 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3928 family = PF_INET; 3929 #endif /* CONFIG_IPV6 */ 3930 3931 switch (family) { 3932 case PF_INET: 3933 /* 3934 * If there is a secmark use it rather than the CIPSO label. 3935 * If there is no secmark fall back to CIPSO. 3936 * The secmark is assumed to reflect policy better. 3937 */ 3938 skp = smack_from_skb(skb); 3939 if (skp == NULL) { 3940 skp = smack_from_netlbl(sk, family, skb); 3941 if (skp == NULL) 3942 skp = smack_net_ambient; 3943 } 3944 3945 #ifdef CONFIG_AUDIT 3946 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3947 ad.a.u.net->family = family; 3948 ad.a.u.net->netif = skb->skb_iif; 3949 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3950 #endif 3951 /* 3952 * Receiving a packet requires that the other end 3953 * be able to write here. Read access is not required. 3954 * This is the simplist possible security model 3955 * for networking. 3956 */ 3957 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3958 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3959 MAY_WRITE, rc); 3960 if (rc != 0) 3961 netlbl_skbuff_err(skb, family, rc, 0); 3962 break; 3963 #if IS_ENABLED(CONFIG_IPV6) 3964 case PF_INET6: 3965 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3966 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3967 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 3968 break; 3969 #ifdef SMACK_IPV6_SECMARK_LABELING 3970 skp = smack_from_skb(skb); 3971 if (skp == NULL) { 3972 if (smk_ipv6_localhost(&sadd)) 3973 break; 3974 skp = smack_ipv6host_label(&sadd); 3975 if (skp == NULL) 3976 skp = smack_net_ambient; 3977 } 3978 #ifdef CONFIG_AUDIT 3979 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3980 ad.a.u.net->family = family; 3981 ad.a.u.net->netif = skb->skb_iif; 3982 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3983 #endif /* CONFIG_AUDIT */ 3984 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3985 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3986 MAY_WRITE, rc); 3987 #endif /* SMACK_IPV6_SECMARK_LABELING */ 3988 #ifdef SMACK_IPV6_PORT_LABELING 3989 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3990 #endif /* SMACK_IPV6_PORT_LABELING */ 3991 if (rc != 0) 3992 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 3993 ICMPV6_ADM_PROHIBITED, 0); 3994 break; 3995 #endif /* CONFIG_IPV6 */ 3996 } 3997 3998 return rc; 3999 } 4000 4001 /** 4002 * smack_socket_getpeersec_stream - pull in packet label 4003 * @sock: the socket 4004 * @optval: user's destination 4005 * @optlen: size thereof 4006 * @len: max thereof 4007 * 4008 * returns zero on success, an error code otherwise 4009 */ 4010 static int smack_socket_getpeersec_stream(struct socket *sock, 4011 char __user *optval, 4012 int __user *optlen, unsigned len) 4013 { 4014 struct socket_smack *ssp; 4015 char *rcp = ""; 4016 int slen = 1; 4017 int rc = 0; 4018 4019 ssp = sock->sk->sk_security; 4020 if (ssp->smk_packet != NULL) { 4021 rcp = ssp->smk_packet->smk_known; 4022 slen = strlen(rcp) + 1; 4023 } 4024 4025 if (slen > len) 4026 rc = -ERANGE; 4027 else if (copy_to_user(optval, rcp, slen) != 0) 4028 rc = -EFAULT; 4029 4030 if (put_user(slen, optlen) != 0) 4031 rc = -EFAULT; 4032 4033 return rc; 4034 } 4035 4036 4037 /** 4038 * smack_socket_getpeersec_dgram - pull in packet label 4039 * @sock: the peer socket 4040 * @skb: packet data 4041 * @secid: pointer to where to put the secid of the packet 4042 * 4043 * Sets the netlabel socket state on sk from parent 4044 */ 4045 static int smack_socket_getpeersec_dgram(struct socket *sock, 4046 struct sk_buff *skb, u32 *secid) 4047 4048 { 4049 struct socket_smack *ssp = NULL; 4050 struct smack_known *skp; 4051 struct sock *sk = NULL; 4052 int family = PF_UNSPEC; 4053 u32 s = 0; /* 0 is the invalid secid */ 4054 4055 if (skb != NULL) { 4056 if (skb->protocol == htons(ETH_P_IP)) 4057 family = PF_INET; 4058 #if IS_ENABLED(CONFIG_IPV6) 4059 else if (skb->protocol == htons(ETH_P_IPV6)) 4060 family = PF_INET6; 4061 #endif /* CONFIG_IPV6 */ 4062 } 4063 if (family == PF_UNSPEC && sock != NULL) 4064 family = sock->sk->sk_family; 4065 4066 switch (family) { 4067 case PF_UNIX: 4068 ssp = sock->sk->sk_security; 4069 s = ssp->smk_out->smk_secid; 4070 break; 4071 case PF_INET: 4072 skp = smack_from_skb(skb); 4073 if (skp) { 4074 s = skp->smk_secid; 4075 break; 4076 } 4077 /* 4078 * Translate what netlabel gave us. 4079 */ 4080 if (sock != NULL) 4081 sk = sock->sk; 4082 skp = smack_from_netlbl(sk, family, skb); 4083 if (skp != NULL) 4084 s = skp->smk_secid; 4085 break; 4086 case PF_INET6: 4087 #ifdef SMACK_IPV6_SECMARK_LABELING 4088 skp = smack_from_skb(skb); 4089 if (skp) 4090 s = skp->smk_secid; 4091 #endif 4092 break; 4093 } 4094 *secid = s; 4095 if (s == 0) 4096 return -EINVAL; 4097 return 0; 4098 } 4099 4100 /** 4101 * smack_sock_graft - Initialize a newly created socket with an existing sock 4102 * @sk: child sock 4103 * @parent: parent socket 4104 * 4105 * Set the smk_{in,out} state of an existing sock based on the process that 4106 * is creating the new socket. 4107 */ 4108 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4109 { 4110 struct socket_smack *ssp; 4111 struct smack_known *skp = smk_of_current(); 4112 4113 if (sk == NULL || 4114 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4115 return; 4116 4117 ssp = sk->sk_security; 4118 ssp->smk_in = skp; 4119 ssp->smk_out = skp; 4120 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4121 } 4122 4123 /** 4124 * smack_inet_conn_request - Smack access check on connect 4125 * @sk: socket involved 4126 * @skb: packet 4127 * @req: unused 4128 * 4129 * Returns 0 if a task with the packet label could write to 4130 * the socket, otherwise an error code 4131 */ 4132 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4133 struct request_sock *req) 4134 { 4135 u16 family = sk->sk_family; 4136 struct smack_known *skp; 4137 struct socket_smack *ssp = sk->sk_security; 4138 struct sockaddr_in addr; 4139 struct iphdr *hdr; 4140 struct smack_known *hskp; 4141 int rc; 4142 struct smk_audit_info ad; 4143 #ifdef CONFIG_AUDIT 4144 struct lsm_network_audit net; 4145 #endif 4146 4147 #if IS_ENABLED(CONFIG_IPV6) 4148 if (family == PF_INET6) { 4149 /* 4150 * Handle mapped IPv4 packets arriving 4151 * via IPv6 sockets. Don't set up netlabel 4152 * processing on IPv6. 4153 */ 4154 if (skb->protocol == htons(ETH_P_IP)) 4155 family = PF_INET; 4156 else 4157 return 0; 4158 } 4159 #endif /* CONFIG_IPV6 */ 4160 4161 /* 4162 * If there is a secmark use it rather than the CIPSO label. 4163 * If there is no secmark fall back to CIPSO. 4164 * The secmark is assumed to reflect policy better. 4165 */ 4166 skp = smack_from_skb(skb); 4167 if (skp == NULL) { 4168 skp = smack_from_netlbl(sk, family, skb); 4169 if (skp == NULL) 4170 skp = &smack_known_huh; 4171 } 4172 4173 #ifdef CONFIG_AUDIT 4174 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4175 ad.a.u.net->family = family; 4176 ad.a.u.net->netif = skb->skb_iif; 4177 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4178 #endif 4179 /* 4180 * Receiving a packet requires that the other end be able to write 4181 * here. Read access is not required. 4182 */ 4183 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4184 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4185 if (rc != 0) 4186 return rc; 4187 4188 /* 4189 * Save the peer's label in the request_sock so we can later setup 4190 * smk_packet in the child socket so that SO_PEERCRED can report it. 4191 */ 4192 req->peer_secid = skp->smk_secid; 4193 4194 /* 4195 * We need to decide if we want to label the incoming connection here 4196 * if we do we only need to label the request_sock and the stack will 4197 * propagate the wire-label to the sock when it is created. 4198 */ 4199 hdr = ip_hdr(skb); 4200 addr.sin_addr.s_addr = hdr->saddr; 4201 rcu_read_lock(); 4202 hskp = smack_ipv4host_label(&addr); 4203 rcu_read_unlock(); 4204 4205 if (hskp == NULL) 4206 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4207 else 4208 netlbl_req_delattr(req); 4209 4210 return rc; 4211 } 4212 4213 /** 4214 * smack_inet_csk_clone - Copy the connection information to the new socket 4215 * @sk: the new socket 4216 * @req: the connection's request_sock 4217 * 4218 * Transfer the connection's peer label to the newly created socket. 4219 */ 4220 static void smack_inet_csk_clone(struct sock *sk, 4221 const struct request_sock *req) 4222 { 4223 struct socket_smack *ssp = sk->sk_security; 4224 struct smack_known *skp; 4225 4226 if (req->peer_secid != 0) { 4227 skp = smack_from_secid(req->peer_secid); 4228 ssp->smk_packet = skp; 4229 } else 4230 ssp->smk_packet = NULL; 4231 } 4232 4233 /* 4234 * Key management security hooks 4235 * 4236 * Casey has not tested key support very heavily. 4237 * The permission check is most likely too restrictive. 4238 * If you care about keys please have a look. 4239 */ 4240 #ifdef CONFIG_KEYS 4241 4242 /** 4243 * smack_key_alloc - Set the key security blob 4244 * @key: object 4245 * @cred: the credentials to use 4246 * @flags: unused 4247 * 4248 * No allocation required 4249 * 4250 * Returns 0 4251 */ 4252 static int smack_key_alloc(struct key *key, const struct cred *cred, 4253 unsigned long flags) 4254 { 4255 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4256 4257 key->security = skp; 4258 return 0; 4259 } 4260 4261 /** 4262 * smack_key_free - Clear the key security blob 4263 * @key: the object 4264 * 4265 * Clear the blob pointer 4266 */ 4267 static void smack_key_free(struct key *key) 4268 { 4269 key->security = NULL; 4270 } 4271 4272 /** 4273 * smack_key_permission - Smack access on a key 4274 * @key_ref: gets to the object 4275 * @cred: the credentials to use 4276 * @need_perm: requested key permission 4277 * 4278 * Return 0 if the task has read and write to the object, 4279 * an error code otherwise 4280 */ 4281 static int smack_key_permission(key_ref_t key_ref, 4282 const struct cred *cred, 4283 enum key_need_perm need_perm) 4284 { 4285 struct key *keyp; 4286 struct smk_audit_info ad; 4287 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4288 int request = 0; 4289 int rc; 4290 4291 /* 4292 * Validate requested permissions 4293 */ 4294 switch (need_perm) { 4295 case KEY_NEED_READ: 4296 case KEY_NEED_SEARCH: 4297 case KEY_NEED_VIEW: 4298 request |= MAY_READ; 4299 break; 4300 case KEY_NEED_WRITE: 4301 case KEY_NEED_LINK: 4302 case KEY_NEED_SETATTR: 4303 request |= MAY_WRITE; 4304 break; 4305 case KEY_NEED_UNSPECIFIED: 4306 case KEY_NEED_UNLINK: 4307 case KEY_SYSADMIN_OVERRIDE: 4308 case KEY_AUTHTOKEN_OVERRIDE: 4309 case KEY_DEFER_PERM_CHECK: 4310 return 0; 4311 default: 4312 return -EINVAL; 4313 } 4314 4315 keyp = key_ref_to_ptr(key_ref); 4316 if (keyp == NULL) 4317 return -EINVAL; 4318 /* 4319 * If the key hasn't been initialized give it access so that 4320 * it may do so. 4321 */ 4322 if (keyp->security == NULL) 4323 return 0; 4324 /* 4325 * This should not occur 4326 */ 4327 if (tkp == NULL) 4328 return -EACCES; 4329 4330 if (smack_privileged(CAP_MAC_OVERRIDE)) 4331 return 0; 4332 4333 #ifdef CONFIG_AUDIT 4334 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4335 ad.a.u.key_struct.key = keyp->serial; 4336 ad.a.u.key_struct.key_desc = keyp->description; 4337 #endif 4338 rc = smk_access(tkp, keyp->security, request, &ad); 4339 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4340 return rc; 4341 } 4342 4343 /* 4344 * smack_key_getsecurity - Smack label tagging the key 4345 * @key points to the key to be queried 4346 * @_buffer points to a pointer that should be set to point to the 4347 * resulting string (if no label or an error occurs). 4348 * Return the length of the string (including terminating NUL) or -ve if 4349 * an error. 4350 * May also return 0 (and a NULL buffer pointer) if there is no label. 4351 */ 4352 static int smack_key_getsecurity(struct key *key, char **_buffer) 4353 { 4354 struct smack_known *skp = key->security; 4355 size_t length; 4356 char *copy; 4357 4358 if (key->security == NULL) { 4359 *_buffer = NULL; 4360 return 0; 4361 } 4362 4363 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4364 if (copy == NULL) 4365 return -ENOMEM; 4366 length = strlen(copy) + 1; 4367 4368 *_buffer = copy; 4369 return length; 4370 } 4371 4372 4373 #ifdef CONFIG_KEY_NOTIFICATIONS 4374 /** 4375 * smack_watch_key - Smack access to watch a key for notifications. 4376 * @key: The key to be watched 4377 * 4378 * Return 0 if the @watch->cred has permission to read from the key object and 4379 * an error otherwise. 4380 */ 4381 static int smack_watch_key(struct key *key) 4382 { 4383 struct smk_audit_info ad; 4384 struct smack_known *tkp = smk_of_current(); 4385 int rc; 4386 4387 if (key == NULL) 4388 return -EINVAL; 4389 /* 4390 * If the key hasn't been initialized give it access so that 4391 * it may do so. 4392 */ 4393 if (key->security == NULL) 4394 return 0; 4395 /* 4396 * This should not occur 4397 */ 4398 if (tkp == NULL) 4399 return -EACCES; 4400 4401 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4402 return 0; 4403 4404 #ifdef CONFIG_AUDIT 4405 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4406 ad.a.u.key_struct.key = key->serial; 4407 ad.a.u.key_struct.key_desc = key->description; 4408 #endif 4409 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4410 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4411 return rc; 4412 } 4413 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4414 #endif /* CONFIG_KEYS */ 4415 4416 #ifdef CONFIG_WATCH_QUEUE 4417 /** 4418 * smack_post_notification - Smack access to post a notification to a queue 4419 * @w_cred: The credentials of the watcher. 4420 * @cred: The credentials of the event source (may be NULL). 4421 * @n: The notification message to be posted. 4422 */ 4423 static int smack_post_notification(const struct cred *w_cred, 4424 const struct cred *cred, 4425 struct watch_notification *n) 4426 { 4427 struct smk_audit_info ad; 4428 struct smack_known *subj, *obj; 4429 int rc; 4430 4431 /* Always let maintenance notifications through. */ 4432 if (n->type == WATCH_TYPE_META) 4433 return 0; 4434 4435 if (!cred) 4436 return 0; 4437 subj = smk_of_task(smack_cred(cred)); 4438 obj = smk_of_task(smack_cred(w_cred)); 4439 4440 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4441 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4442 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4443 return rc; 4444 } 4445 #endif /* CONFIG_WATCH_QUEUE */ 4446 4447 /* 4448 * Smack Audit hooks 4449 * 4450 * Audit requires a unique representation of each Smack specific 4451 * rule. This unique representation is used to distinguish the 4452 * object to be audited from remaining kernel objects and also 4453 * works as a glue between the audit hooks. 4454 * 4455 * Since repository entries are added but never deleted, we'll use 4456 * the smack_known label address related to the given audit rule as 4457 * the needed unique representation. This also better fits the smack 4458 * model where nearly everything is a label. 4459 */ 4460 #ifdef CONFIG_AUDIT 4461 4462 /** 4463 * smack_audit_rule_init - Initialize a smack audit rule 4464 * @field: audit rule fields given from user-space (audit.h) 4465 * @op: required testing operator (=, !=, >, <, ...) 4466 * @rulestr: smack label to be audited 4467 * @vrule: pointer to save our own audit rule representation 4468 * 4469 * Prepare to audit cases where (@field @op @rulestr) is true. 4470 * The label to be audited is created if necessay. 4471 */ 4472 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4473 { 4474 struct smack_known *skp; 4475 char **rule = (char **)vrule; 4476 *rule = NULL; 4477 4478 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4479 return -EINVAL; 4480 4481 if (op != Audit_equal && op != Audit_not_equal) 4482 return -EINVAL; 4483 4484 skp = smk_import_entry(rulestr, 0); 4485 if (IS_ERR(skp)) 4486 return PTR_ERR(skp); 4487 4488 *rule = skp->smk_known; 4489 4490 return 0; 4491 } 4492 4493 /** 4494 * smack_audit_rule_known - Distinguish Smack audit rules 4495 * @krule: rule of interest, in Audit kernel representation format 4496 * 4497 * This is used to filter Smack rules from remaining Audit ones. 4498 * If it's proved that this rule belongs to us, the 4499 * audit_rule_match hook will be called to do the final judgement. 4500 */ 4501 static int smack_audit_rule_known(struct audit_krule *krule) 4502 { 4503 struct audit_field *f; 4504 int i; 4505 4506 for (i = 0; i < krule->field_count; i++) { 4507 f = &krule->fields[i]; 4508 4509 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4510 return 1; 4511 } 4512 4513 return 0; 4514 } 4515 4516 /** 4517 * smack_audit_rule_match - Audit given object ? 4518 * @secid: security id for identifying the object to test 4519 * @field: audit rule flags given from user-space 4520 * @op: required testing operator 4521 * @vrule: smack internal rule presentation 4522 * 4523 * The core Audit hook. It's used to take the decision of 4524 * whether to audit or not to audit a given object. 4525 */ 4526 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4527 { 4528 struct smack_known *skp; 4529 char *rule = vrule; 4530 4531 if (unlikely(!rule)) { 4532 WARN_ONCE(1, "Smack: missing rule\n"); 4533 return -ENOENT; 4534 } 4535 4536 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4537 return 0; 4538 4539 skp = smack_from_secid(secid); 4540 4541 /* 4542 * No need to do string comparisons. If a match occurs, 4543 * both pointers will point to the same smack_known 4544 * label. 4545 */ 4546 if (op == Audit_equal) 4547 return (rule == skp->smk_known); 4548 if (op == Audit_not_equal) 4549 return (rule != skp->smk_known); 4550 4551 return 0; 4552 } 4553 4554 /* 4555 * There is no need for a smack_audit_rule_free hook. 4556 * No memory was allocated. 4557 */ 4558 4559 #endif /* CONFIG_AUDIT */ 4560 4561 /** 4562 * smack_ismaclabel - check if xattr @name references a smack MAC label 4563 * @name: Full xattr name to check. 4564 */ 4565 static int smack_ismaclabel(const char *name) 4566 { 4567 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4568 } 4569 4570 4571 /** 4572 * smack_secid_to_secctx - return the smack label for a secid 4573 * @secid: incoming integer 4574 * @secdata: destination 4575 * @seclen: how long it is 4576 * 4577 * Exists for networking code. 4578 */ 4579 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4580 { 4581 struct smack_known *skp = smack_from_secid(secid); 4582 4583 if (secdata) 4584 *secdata = skp->smk_known; 4585 *seclen = strlen(skp->smk_known); 4586 return 0; 4587 } 4588 4589 /** 4590 * smack_secctx_to_secid - return the secid for a smack label 4591 * @secdata: smack label 4592 * @seclen: how long result is 4593 * @secid: outgoing integer 4594 * 4595 * Exists for audit and networking code. 4596 */ 4597 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4598 { 4599 struct smack_known *skp = smk_find_entry(secdata); 4600 4601 if (skp) 4602 *secid = skp->smk_secid; 4603 else 4604 *secid = 0; 4605 return 0; 4606 } 4607 4608 /* 4609 * There used to be a smack_release_secctx hook 4610 * that did nothing back when hooks were in a vector. 4611 * Now that there's a list such a hook adds cost. 4612 */ 4613 4614 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4615 { 4616 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4617 ctxlen, 0); 4618 } 4619 4620 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4621 { 4622 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK, 4623 ctx, ctxlen, 0); 4624 } 4625 4626 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4627 { 4628 struct smack_known *skp = smk_of_inode(inode); 4629 4630 *ctx = skp->smk_known; 4631 *ctxlen = strlen(skp->smk_known); 4632 return 0; 4633 } 4634 4635 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4636 { 4637 4638 struct task_smack *tsp; 4639 struct smack_known *skp; 4640 struct inode_smack *isp; 4641 struct cred *new_creds = *new; 4642 4643 if (new_creds == NULL) { 4644 new_creds = prepare_creds(); 4645 if (new_creds == NULL) 4646 return -ENOMEM; 4647 } 4648 4649 tsp = smack_cred(new_creds); 4650 4651 /* 4652 * Get label from overlay inode and set it in create_sid 4653 */ 4654 isp = smack_inode(d_inode(dentry->d_parent)); 4655 skp = isp->smk_inode; 4656 tsp->smk_task = skp; 4657 *new = new_creds; 4658 return 0; 4659 } 4660 4661 static int smack_inode_copy_up_xattr(const char *name) 4662 { 4663 /* 4664 * Return 1 if this is the smack access Smack attribute. 4665 */ 4666 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4667 return 1; 4668 4669 return -EOPNOTSUPP; 4670 } 4671 4672 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4673 struct qstr *name, 4674 const struct cred *old, 4675 struct cred *new) 4676 { 4677 struct task_smack *otsp = smack_cred(old); 4678 struct task_smack *ntsp = smack_cred(new); 4679 struct inode_smack *isp; 4680 int may; 4681 4682 /* 4683 * Use the process credential unless all of 4684 * the transmuting criteria are met 4685 */ 4686 ntsp->smk_task = otsp->smk_task; 4687 4688 /* 4689 * the attribute of the containing directory 4690 */ 4691 isp = smack_inode(d_inode(dentry->d_parent)); 4692 4693 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4694 rcu_read_lock(); 4695 may = smk_access_entry(otsp->smk_task->smk_known, 4696 isp->smk_inode->smk_known, 4697 &otsp->smk_task->smk_rules); 4698 rcu_read_unlock(); 4699 4700 /* 4701 * If the directory is transmuting and the rule 4702 * providing access is transmuting use the containing 4703 * directory label instead of the process label. 4704 */ 4705 if (may > 0 && (may & MAY_TRANSMUTE)) 4706 ntsp->smk_task = isp->smk_inode; 4707 } 4708 return 0; 4709 } 4710 4711 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4712 .lbs_cred = sizeof(struct task_smack), 4713 .lbs_file = sizeof(struct smack_known *), 4714 .lbs_inode = sizeof(struct inode_smack), 4715 .lbs_ipc = sizeof(struct smack_known *), 4716 .lbs_msg_msg = sizeof(struct smack_known *), 4717 }; 4718 4719 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4720 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4721 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4722 LSM_HOOK_INIT(syslog, smack_syslog), 4723 4724 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4725 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4726 4727 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4728 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), 4729 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4730 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4731 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4732 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4733 4734 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4735 4736 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4737 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4738 LSM_HOOK_INIT(inode_link, smack_inode_link), 4739 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4740 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4741 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4742 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4743 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4744 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4745 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4746 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4747 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4748 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4749 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4750 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4751 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4752 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4753 4754 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4755 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4756 LSM_HOOK_INIT(file_lock, smack_file_lock), 4757 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4758 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4759 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4760 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4761 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4762 LSM_HOOK_INIT(file_receive, smack_file_receive), 4763 4764 LSM_HOOK_INIT(file_open, smack_file_open), 4765 4766 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4767 LSM_HOOK_INIT(cred_free, smack_cred_free), 4768 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4769 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4770 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4771 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4772 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4773 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4774 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4775 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4776 LSM_HOOK_INIT(task_getsecid_subj, smack_task_getsecid_subj), 4777 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 4778 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4779 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4780 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4781 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4782 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4783 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4784 LSM_HOOK_INIT(task_kill, smack_task_kill), 4785 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4786 4787 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4788 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4789 4790 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4791 4792 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4793 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4794 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4795 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4796 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4797 4798 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4799 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4800 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4801 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4802 4803 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4804 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4805 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4806 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4807 4808 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4809 4810 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4811 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4812 4813 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4814 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4815 4816 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4817 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4818 #ifdef SMACK_IPV6_PORT_LABELING 4819 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4820 #endif 4821 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4822 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4823 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4824 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4825 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4826 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4827 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4828 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4829 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4830 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4831 4832 /* key management security hooks */ 4833 #ifdef CONFIG_KEYS 4834 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4835 LSM_HOOK_INIT(key_free, smack_key_free), 4836 LSM_HOOK_INIT(key_permission, smack_key_permission), 4837 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4838 #ifdef CONFIG_KEY_NOTIFICATIONS 4839 LSM_HOOK_INIT(watch_key, smack_watch_key), 4840 #endif 4841 #endif /* CONFIG_KEYS */ 4842 4843 #ifdef CONFIG_WATCH_QUEUE 4844 LSM_HOOK_INIT(post_notification, smack_post_notification), 4845 #endif 4846 4847 /* Audit hooks */ 4848 #ifdef CONFIG_AUDIT 4849 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4850 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4851 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4852 #endif /* CONFIG_AUDIT */ 4853 4854 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4855 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4856 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4857 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4858 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4859 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4860 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4861 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4862 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4863 }; 4864 4865 4866 static __init void init_smack_known_list(void) 4867 { 4868 /* 4869 * Initialize rule list locks 4870 */ 4871 mutex_init(&smack_known_huh.smk_rules_lock); 4872 mutex_init(&smack_known_hat.smk_rules_lock); 4873 mutex_init(&smack_known_floor.smk_rules_lock); 4874 mutex_init(&smack_known_star.smk_rules_lock); 4875 mutex_init(&smack_known_web.smk_rules_lock); 4876 /* 4877 * Initialize rule lists 4878 */ 4879 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4880 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4881 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4882 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4883 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4884 /* 4885 * Create the known labels list 4886 */ 4887 smk_insert_entry(&smack_known_huh); 4888 smk_insert_entry(&smack_known_hat); 4889 smk_insert_entry(&smack_known_star); 4890 smk_insert_entry(&smack_known_floor); 4891 smk_insert_entry(&smack_known_web); 4892 } 4893 4894 /** 4895 * smack_init - initialize the smack system 4896 * 4897 * Returns 0 on success, -ENOMEM is there's no memory 4898 */ 4899 static __init int smack_init(void) 4900 { 4901 struct cred *cred = (struct cred *) current->cred; 4902 struct task_smack *tsp; 4903 4904 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 4905 if (!smack_rule_cache) 4906 return -ENOMEM; 4907 4908 /* 4909 * Set the security state for the initial task. 4910 */ 4911 tsp = smack_cred(cred); 4912 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 4913 4914 /* 4915 * Register with LSM 4916 */ 4917 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4918 smack_enabled = 1; 4919 4920 pr_info("Smack: Initializing.\n"); 4921 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4922 pr_info("Smack: Netfilter enabled.\n"); 4923 #endif 4924 #ifdef SMACK_IPV6_PORT_LABELING 4925 pr_info("Smack: IPv6 port labeling enabled.\n"); 4926 #endif 4927 #ifdef SMACK_IPV6_SECMARK_LABELING 4928 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4929 #endif 4930 4931 /* initialize the smack_known_list */ 4932 init_smack_known_list(); 4933 4934 return 0; 4935 } 4936 4937 /* 4938 * Smack requires early initialization in order to label 4939 * all processes and objects when they are created. 4940 */ 4941 DEFINE_LSM(smack) = { 4942 .name = "smack", 4943 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 4944 .blobs = &smack_blob_sizes, 4945 .init = smack_init, 4946 }; 4947