1 /* 2 * Simplified MAC Kernel (smack) security module 3 * 4 * This file contains the smack hook function implementations. 5 * 6 * Authors: 7 * Casey Schaufler <casey@schaufler-ca.com> 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 9 * 10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 12 * Paul Moore <paul@paul-moore.com> 13 * Copyright (C) 2010 Nokia Corporation 14 * Copyright (C) 2011 Intel Corporation. 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License version 2, 18 * as published by the Free Software Foundation. 19 */ 20 21 #include <linux/xattr.h> 22 #include <linux/pagemap.h> 23 #include <linux/mount.h> 24 #include <linux/stat.h> 25 #include <linux/kd.h> 26 #include <asm/ioctls.h> 27 #include <linux/ip.h> 28 #include <linux/tcp.h> 29 #include <linux/udp.h> 30 #include <linux/dccp.h> 31 #include <linux/icmpv6.h> 32 #include <linux/slab.h> 33 #include <linux/mutex.h> 34 #include <linux/pipe_fs_i.h> 35 #include <net/cipso_ipv4.h> 36 #include <net/ip.h> 37 #include <net/ipv6.h> 38 #include <linux/audit.h> 39 #include <linux/magic.h> 40 #include <linux/dcache.h> 41 #include <linux/personality.h> 42 #include <linux/msg.h> 43 #include <linux/shm.h> 44 #include <linux/binfmts.h> 45 #include <linux/parser.h> 46 #include "smack.h" 47 48 #define TRANS_TRUE "TRUE" 49 #define TRANS_TRUE_SIZE 4 50 51 #define SMK_CONNECTING 0 52 #define SMK_RECEIVING 1 53 #define SMK_SENDING 2 54 55 #ifdef SMACK_IPV6_PORT_LABELING 56 DEFINE_MUTEX(smack_ipv6_lock); 57 static LIST_HEAD(smk_ipv6_port_list); 58 #endif 59 static struct kmem_cache *smack_inode_cache; 60 int smack_enabled; 61 62 static const match_table_t smk_mount_tokens = { 63 {Opt_fsdefault, SMK_FSDEFAULT "%s"}, 64 {Opt_fsfloor, SMK_FSFLOOR "%s"}, 65 {Opt_fshat, SMK_FSHAT "%s"}, 66 {Opt_fsroot, SMK_FSROOT "%s"}, 67 {Opt_fstransmute, SMK_FSTRANS "%s"}, 68 {Opt_error, NULL}, 69 }; 70 71 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 72 static char *smk_bu_mess[] = { 73 "Bringup Error", /* Unused */ 74 "Bringup", /* SMACK_BRINGUP_ALLOW */ 75 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 76 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 77 }; 78 79 static void smk_bu_mode(int mode, char *s) 80 { 81 int i = 0; 82 83 if (mode & MAY_READ) 84 s[i++] = 'r'; 85 if (mode & MAY_WRITE) 86 s[i++] = 'w'; 87 if (mode & MAY_EXEC) 88 s[i++] = 'x'; 89 if (mode & MAY_APPEND) 90 s[i++] = 'a'; 91 if (mode & MAY_TRANSMUTE) 92 s[i++] = 't'; 93 if (mode & MAY_LOCK) 94 s[i++] = 'l'; 95 if (i == 0) 96 s[i++] = '-'; 97 s[i] = '\0'; 98 } 99 #endif 100 101 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 102 static int smk_bu_note(char *note, struct smack_known *sskp, 103 struct smack_known *oskp, int mode, int rc) 104 { 105 char acc[SMK_NUM_ACCESS_TYPE + 1]; 106 107 if (rc <= 0) 108 return rc; 109 if (rc > SMACK_UNCONFINED_OBJECT) 110 rc = 0; 111 112 smk_bu_mode(mode, acc); 113 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 114 sskp->smk_known, oskp->smk_known, acc, note); 115 return 0; 116 } 117 #else 118 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 119 #endif 120 121 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 122 static int smk_bu_current(char *note, struct smack_known *oskp, 123 int mode, int rc) 124 { 125 struct task_smack *tsp = current_security(); 126 char acc[SMK_NUM_ACCESS_TYPE + 1]; 127 128 if (rc <= 0) 129 return rc; 130 if (rc > SMACK_UNCONFINED_OBJECT) 131 rc = 0; 132 133 smk_bu_mode(mode, acc); 134 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 135 tsp->smk_task->smk_known, oskp->smk_known, 136 acc, current->comm, note); 137 return 0; 138 } 139 #else 140 #define smk_bu_current(note, oskp, mode, RC) (RC) 141 #endif 142 143 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 144 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 145 { 146 struct task_smack *tsp = current_security(); 147 struct smack_known *smk_task = smk_of_task_struct(otp); 148 char acc[SMK_NUM_ACCESS_TYPE + 1]; 149 150 if (rc <= 0) 151 return rc; 152 if (rc > SMACK_UNCONFINED_OBJECT) 153 rc = 0; 154 155 smk_bu_mode(mode, acc); 156 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 157 tsp->smk_task->smk_known, smk_task->smk_known, acc, 158 current->comm, otp->comm); 159 return 0; 160 } 161 #else 162 #define smk_bu_task(otp, mode, RC) (RC) 163 #endif 164 165 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 166 static int smk_bu_inode(struct inode *inode, int mode, int rc) 167 { 168 struct task_smack *tsp = current_security(); 169 struct inode_smack *isp = inode->i_security; 170 char acc[SMK_NUM_ACCESS_TYPE + 1]; 171 172 if (isp->smk_flags & SMK_INODE_IMPURE) 173 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 174 inode->i_sb->s_id, inode->i_ino, current->comm); 175 176 if (rc <= 0) 177 return rc; 178 if (rc > SMACK_UNCONFINED_OBJECT) 179 rc = 0; 180 if (rc == SMACK_UNCONFINED_SUBJECT && 181 (mode & (MAY_WRITE | MAY_APPEND))) 182 isp->smk_flags |= SMK_INODE_IMPURE; 183 184 smk_bu_mode(mode, acc); 185 186 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 187 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 188 inode->i_sb->s_id, inode->i_ino, current->comm); 189 return 0; 190 } 191 #else 192 #define smk_bu_inode(inode, mode, RC) (RC) 193 #endif 194 195 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 196 static int smk_bu_file(struct file *file, int mode, int rc) 197 { 198 struct task_smack *tsp = current_security(); 199 struct smack_known *sskp = tsp->smk_task; 200 struct inode *inode = file_inode(file); 201 struct inode_smack *isp = inode->i_security; 202 char acc[SMK_NUM_ACCESS_TYPE + 1]; 203 204 if (isp->smk_flags & SMK_INODE_IMPURE) 205 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 206 inode->i_sb->s_id, inode->i_ino, current->comm); 207 208 if (rc <= 0) 209 return rc; 210 if (rc > SMACK_UNCONFINED_OBJECT) 211 rc = 0; 212 213 smk_bu_mode(mode, acc); 214 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 215 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 216 inode->i_sb->s_id, inode->i_ino, file, 217 current->comm); 218 return 0; 219 } 220 #else 221 #define smk_bu_file(file, mode, RC) (RC) 222 #endif 223 224 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 225 static int smk_bu_credfile(const struct cred *cred, struct file *file, 226 int mode, int rc) 227 { 228 struct task_smack *tsp = cred->security; 229 struct smack_known *sskp = tsp->smk_task; 230 struct inode *inode = file_inode(file); 231 struct inode_smack *isp = inode->i_security; 232 char acc[SMK_NUM_ACCESS_TYPE + 1]; 233 234 if (isp->smk_flags & SMK_INODE_IMPURE) 235 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 236 inode->i_sb->s_id, inode->i_ino, current->comm); 237 238 if (rc <= 0) 239 return rc; 240 if (rc > SMACK_UNCONFINED_OBJECT) 241 rc = 0; 242 243 smk_bu_mode(mode, acc); 244 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 245 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 246 inode->i_sb->s_id, inode->i_ino, file, 247 current->comm); 248 return 0; 249 } 250 #else 251 #define smk_bu_credfile(cred, file, mode, RC) (RC) 252 #endif 253 254 /** 255 * smk_fetch - Fetch the smack label from a file. 256 * @name: type of the label (attribute) 257 * @ip: a pointer to the inode 258 * @dp: a pointer to the dentry 259 * 260 * Returns a pointer to the master list entry for the Smack label, 261 * NULL if there was no label to fetch, or an error code. 262 */ 263 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 264 struct dentry *dp) 265 { 266 int rc; 267 char *buffer; 268 struct smack_known *skp = NULL; 269 270 if (!(ip->i_opflags & IOP_XATTR)) 271 return ERR_PTR(-EOPNOTSUPP); 272 273 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL); 274 if (buffer == NULL) 275 return ERR_PTR(-ENOMEM); 276 277 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 278 if (rc < 0) 279 skp = ERR_PTR(rc); 280 else if (rc == 0) 281 skp = NULL; 282 else 283 skp = smk_import_entry(buffer, rc); 284 285 kfree(buffer); 286 287 return skp; 288 } 289 290 /** 291 * new_inode_smack - allocate an inode security blob 292 * @skp: a pointer to the Smack label entry to use in the blob 293 * 294 * Returns the new blob or NULL if there's no memory available 295 */ 296 static struct inode_smack *new_inode_smack(struct smack_known *skp) 297 { 298 struct inode_smack *isp; 299 300 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS); 301 if (isp == NULL) 302 return NULL; 303 304 isp->smk_inode = skp; 305 isp->smk_flags = 0; 306 mutex_init(&isp->smk_lock); 307 308 return isp; 309 } 310 311 /** 312 * new_task_smack - allocate a task security blob 313 * @task: a pointer to the Smack label for the running task 314 * @forked: a pointer to the Smack label for the forked task 315 * @gfp: type of the memory for the allocation 316 * 317 * Returns the new blob or NULL if there's no memory available 318 */ 319 static struct task_smack *new_task_smack(struct smack_known *task, 320 struct smack_known *forked, gfp_t gfp) 321 { 322 struct task_smack *tsp; 323 324 tsp = kzalloc(sizeof(struct task_smack), gfp); 325 if (tsp == NULL) 326 return NULL; 327 328 tsp->smk_task = task; 329 tsp->smk_forked = forked; 330 INIT_LIST_HEAD(&tsp->smk_rules); 331 INIT_LIST_HEAD(&tsp->smk_relabel); 332 mutex_init(&tsp->smk_rules_lock); 333 334 return tsp; 335 } 336 337 /** 338 * smk_copy_rules - copy a rule set 339 * @nhead: new rules header pointer 340 * @ohead: old rules header pointer 341 * @gfp: type of the memory for the allocation 342 * 343 * Returns 0 on success, -ENOMEM on error 344 */ 345 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 346 gfp_t gfp) 347 { 348 struct smack_rule *nrp; 349 struct smack_rule *orp; 350 int rc = 0; 351 352 list_for_each_entry_rcu(orp, ohead, list) { 353 nrp = kzalloc(sizeof(struct smack_rule), gfp); 354 if (nrp == NULL) { 355 rc = -ENOMEM; 356 break; 357 } 358 *nrp = *orp; 359 list_add_rcu(&nrp->list, nhead); 360 } 361 return rc; 362 } 363 364 /** 365 * smk_copy_relabel - copy smk_relabel labels list 366 * @nhead: new rules header pointer 367 * @ohead: old rules header pointer 368 * @gfp: type of the memory for the allocation 369 * 370 * Returns 0 on success, -ENOMEM on error 371 */ 372 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 373 gfp_t gfp) 374 { 375 struct smack_known_list_elem *nklep; 376 struct smack_known_list_elem *oklep; 377 378 list_for_each_entry(oklep, ohead, list) { 379 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 380 if (nklep == NULL) { 381 smk_destroy_label_list(nhead); 382 return -ENOMEM; 383 } 384 nklep->smk_label = oklep->smk_label; 385 list_add(&nklep->list, nhead); 386 } 387 388 return 0; 389 } 390 391 /** 392 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 393 * @mode - input mode in form of PTRACE_MODE_* 394 * 395 * Returns a converted MAY_* mode usable by smack rules 396 */ 397 static inline unsigned int smk_ptrace_mode(unsigned int mode) 398 { 399 if (mode & PTRACE_MODE_ATTACH) 400 return MAY_READWRITE; 401 if (mode & PTRACE_MODE_READ) 402 return MAY_READ; 403 404 return 0; 405 } 406 407 /** 408 * smk_ptrace_rule_check - helper for ptrace access 409 * @tracer: tracer process 410 * @tracee_known: label entry of the process that's about to be traced 411 * @mode: ptrace attachment mode (PTRACE_MODE_*) 412 * @func: name of the function that called us, used for audit 413 * 414 * Returns 0 on access granted, -error on error 415 */ 416 static int smk_ptrace_rule_check(struct task_struct *tracer, 417 struct smack_known *tracee_known, 418 unsigned int mode, const char *func) 419 { 420 int rc; 421 struct smk_audit_info ad, *saip = NULL; 422 struct task_smack *tsp; 423 struct smack_known *tracer_known; 424 const struct cred *tracercred; 425 426 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 427 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 428 smk_ad_setfield_u_tsk(&ad, tracer); 429 saip = &ad; 430 } 431 432 rcu_read_lock(); 433 tracercred = __task_cred(tracer); 434 tsp = tracercred->security; 435 tracer_known = smk_of_task(tsp); 436 437 if ((mode & PTRACE_MODE_ATTACH) && 438 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 439 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 440 if (tracer_known->smk_known == tracee_known->smk_known) 441 rc = 0; 442 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 443 rc = -EACCES; 444 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 445 rc = 0; 446 else 447 rc = -EACCES; 448 449 if (saip) 450 smack_log(tracer_known->smk_known, 451 tracee_known->smk_known, 452 0, rc, saip); 453 454 rcu_read_unlock(); 455 return rc; 456 } 457 458 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 459 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 460 461 rcu_read_unlock(); 462 return rc; 463 } 464 465 /* 466 * LSM hooks. 467 * We he, that is fun! 468 */ 469 470 /** 471 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 472 * @ctp: child task pointer 473 * @mode: ptrace attachment mode (PTRACE_MODE_*) 474 * 475 * Returns 0 if access is OK, an error code otherwise 476 * 477 * Do the capability checks. 478 */ 479 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 480 { 481 struct smack_known *skp; 482 483 skp = smk_of_task_struct(ctp); 484 485 return smk_ptrace_rule_check(current, skp, mode, __func__); 486 } 487 488 /** 489 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 490 * @ptp: parent task pointer 491 * 492 * Returns 0 if access is OK, an error code otherwise 493 * 494 * Do the capability checks, and require PTRACE_MODE_ATTACH. 495 */ 496 static int smack_ptrace_traceme(struct task_struct *ptp) 497 { 498 int rc; 499 struct smack_known *skp; 500 501 skp = smk_of_task(current_security()); 502 503 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 504 return rc; 505 } 506 507 /** 508 * smack_syslog - Smack approval on syslog 509 * @type: message type 510 * 511 * Returns 0 on success, error code otherwise. 512 */ 513 static int smack_syslog(int typefrom_file) 514 { 515 int rc = 0; 516 struct smack_known *skp = smk_of_current(); 517 518 if (smack_privileged(CAP_MAC_OVERRIDE)) 519 return 0; 520 521 if (smack_syslog_label != NULL && smack_syslog_label != skp) 522 rc = -EACCES; 523 524 return rc; 525 } 526 527 528 /* 529 * Superblock Hooks. 530 */ 531 532 /** 533 * smack_sb_alloc_security - allocate a superblock blob 534 * @sb: the superblock getting the blob 535 * 536 * Returns 0 on success or -ENOMEM on error. 537 */ 538 static int smack_sb_alloc_security(struct super_block *sb) 539 { 540 struct superblock_smack *sbsp; 541 542 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 543 544 if (sbsp == NULL) 545 return -ENOMEM; 546 547 sbsp->smk_root = &smack_known_floor; 548 sbsp->smk_default = &smack_known_floor; 549 sbsp->smk_floor = &smack_known_floor; 550 sbsp->smk_hat = &smack_known_hat; 551 /* 552 * SMK_SB_INITIALIZED will be zero from kzalloc. 553 */ 554 sb->s_security = sbsp; 555 556 return 0; 557 } 558 559 /** 560 * smack_sb_free_security - free a superblock blob 561 * @sb: the superblock getting the blob 562 * 563 */ 564 static void smack_sb_free_security(struct super_block *sb) 565 { 566 kfree(sb->s_security); 567 sb->s_security = NULL; 568 } 569 570 /** 571 * smack_sb_copy_data - copy mount options data for processing 572 * @orig: where to start 573 * @smackopts: mount options string 574 * 575 * Returns 0 on success or -ENOMEM on error. 576 * 577 * Copy the Smack specific mount options out of the mount 578 * options list. 579 */ 580 static int smack_sb_copy_data(char *orig, char *smackopts) 581 { 582 char *cp, *commap, *otheropts, *dp; 583 584 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 585 if (otheropts == NULL) 586 return -ENOMEM; 587 588 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 589 if (strstr(cp, SMK_FSDEFAULT) == cp) 590 dp = smackopts; 591 else if (strstr(cp, SMK_FSFLOOR) == cp) 592 dp = smackopts; 593 else if (strstr(cp, SMK_FSHAT) == cp) 594 dp = smackopts; 595 else if (strstr(cp, SMK_FSROOT) == cp) 596 dp = smackopts; 597 else if (strstr(cp, SMK_FSTRANS) == cp) 598 dp = smackopts; 599 else 600 dp = otheropts; 601 602 commap = strchr(cp, ','); 603 if (commap != NULL) 604 *commap = '\0'; 605 606 if (*dp != '\0') 607 strcat(dp, ","); 608 strcat(dp, cp); 609 } 610 611 strcpy(orig, otheropts); 612 free_page((unsigned long)otheropts); 613 614 return 0; 615 } 616 617 /** 618 * smack_parse_opts_str - parse Smack specific mount options 619 * @options: mount options string 620 * @opts: where to store converted mount opts 621 * 622 * Returns 0 on success or -ENOMEM on error. 623 * 624 * converts Smack specific mount options to generic security option format 625 */ 626 static int smack_parse_opts_str(char *options, 627 struct security_mnt_opts *opts) 628 { 629 char *p; 630 char *fsdefault = NULL; 631 char *fsfloor = NULL; 632 char *fshat = NULL; 633 char *fsroot = NULL; 634 char *fstransmute = NULL; 635 int rc = -ENOMEM; 636 int num_mnt_opts = 0; 637 int token; 638 639 opts->num_mnt_opts = 0; 640 641 if (!options) 642 return 0; 643 644 while ((p = strsep(&options, ",")) != NULL) { 645 substring_t args[MAX_OPT_ARGS]; 646 647 if (!*p) 648 continue; 649 650 token = match_token(p, smk_mount_tokens, args); 651 652 switch (token) { 653 case Opt_fsdefault: 654 if (fsdefault) 655 goto out_opt_err; 656 fsdefault = match_strdup(&args[0]); 657 if (!fsdefault) 658 goto out_err; 659 break; 660 case Opt_fsfloor: 661 if (fsfloor) 662 goto out_opt_err; 663 fsfloor = match_strdup(&args[0]); 664 if (!fsfloor) 665 goto out_err; 666 break; 667 case Opt_fshat: 668 if (fshat) 669 goto out_opt_err; 670 fshat = match_strdup(&args[0]); 671 if (!fshat) 672 goto out_err; 673 break; 674 case Opt_fsroot: 675 if (fsroot) 676 goto out_opt_err; 677 fsroot = match_strdup(&args[0]); 678 if (!fsroot) 679 goto out_err; 680 break; 681 case Opt_fstransmute: 682 if (fstransmute) 683 goto out_opt_err; 684 fstransmute = match_strdup(&args[0]); 685 if (!fstransmute) 686 goto out_err; 687 break; 688 default: 689 rc = -EINVAL; 690 pr_warn("Smack: unknown mount option\n"); 691 goto out_err; 692 } 693 } 694 695 opts->mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), GFP_KERNEL); 696 if (!opts->mnt_opts) 697 goto out_err; 698 699 opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int), 700 GFP_KERNEL); 701 if (!opts->mnt_opts_flags) 702 goto out_err; 703 704 if (fsdefault) { 705 opts->mnt_opts[num_mnt_opts] = fsdefault; 706 opts->mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT; 707 } 708 if (fsfloor) { 709 opts->mnt_opts[num_mnt_opts] = fsfloor; 710 opts->mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT; 711 } 712 if (fshat) { 713 opts->mnt_opts[num_mnt_opts] = fshat; 714 opts->mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT; 715 } 716 if (fsroot) { 717 opts->mnt_opts[num_mnt_opts] = fsroot; 718 opts->mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT; 719 } 720 if (fstransmute) { 721 opts->mnt_opts[num_mnt_opts] = fstransmute; 722 opts->mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT; 723 } 724 725 opts->num_mnt_opts = num_mnt_opts; 726 return 0; 727 728 out_opt_err: 729 rc = -EINVAL; 730 pr_warn("Smack: duplicate mount options\n"); 731 732 out_err: 733 kfree(fsdefault); 734 kfree(fsfloor); 735 kfree(fshat); 736 kfree(fsroot); 737 kfree(fstransmute); 738 return rc; 739 } 740 741 /** 742 * smack_set_mnt_opts - set Smack specific mount options 743 * @sb: the file system superblock 744 * @opts: Smack mount options 745 * @kern_flags: mount option from kernel space or user space 746 * @set_kern_flags: where to store converted mount opts 747 * 748 * Returns 0 on success, an error code on failure 749 * 750 * Allow filesystems with binary mount data to explicitly set Smack mount 751 * labels. 752 */ 753 static int smack_set_mnt_opts(struct super_block *sb, 754 struct security_mnt_opts *opts, 755 unsigned long kern_flags, 756 unsigned long *set_kern_flags) 757 { 758 struct dentry *root = sb->s_root; 759 struct inode *inode = d_backing_inode(root); 760 struct superblock_smack *sp = sb->s_security; 761 struct inode_smack *isp; 762 struct smack_known *skp; 763 int i; 764 int num_opts = opts->num_mnt_opts; 765 int transmute = 0; 766 767 if (sp->smk_flags & SMK_SB_INITIALIZED) 768 return 0; 769 770 if (!smack_privileged(CAP_MAC_ADMIN)) { 771 /* 772 * Unprivileged mounts don't get to specify Smack values. 773 */ 774 if (num_opts) 775 return -EPERM; 776 /* 777 * Unprivileged mounts get root and default from the caller. 778 */ 779 skp = smk_of_current(); 780 sp->smk_root = skp; 781 sp->smk_default = skp; 782 /* 783 * For a handful of fs types with no user-controlled 784 * backing store it's okay to trust security labels 785 * in the filesystem. The rest are untrusted. 786 */ 787 if (sb->s_user_ns != &init_user_ns && 788 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 789 sb->s_magic != RAMFS_MAGIC) { 790 transmute = 1; 791 sp->smk_flags |= SMK_SB_UNTRUSTED; 792 } 793 } 794 795 sp->smk_flags |= SMK_SB_INITIALIZED; 796 797 for (i = 0; i < num_opts; i++) { 798 switch (opts->mnt_opts_flags[i]) { 799 case FSDEFAULT_MNT: 800 skp = smk_import_entry(opts->mnt_opts[i], 0); 801 if (IS_ERR(skp)) 802 return PTR_ERR(skp); 803 sp->smk_default = skp; 804 break; 805 case FSFLOOR_MNT: 806 skp = smk_import_entry(opts->mnt_opts[i], 0); 807 if (IS_ERR(skp)) 808 return PTR_ERR(skp); 809 sp->smk_floor = skp; 810 break; 811 case FSHAT_MNT: 812 skp = smk_import_entry(opts->mnt_opts[i], 0); 813 if (IS_ERR(skp)) 814 return PTR_ERR(skp); 815 sp->smk_hat = skp; 816 break; 817 case FSROOT_MNT: 818 skp = smk_import_entry(opts->mnt_opts[i], 0); 819 if (IS_ERR(skp)) 820 return PTR_ERR(skp); 821 sp->smk_root = skp; 822 break; 823 case FSTRANS_MNT: 824 skp = smk_import_entry(opts->mnt_opts[i], 0); 825 if (IS_ERR(skp)) 826 return PTR_ERR(skp); 827 sp->smk_root = skp; 828 transmute = 1; 829 break; 830 default: 831 break; 832 } 833 } 834 835 /* 836 * Initialize the root inode. 837 */ 838 isp = inode->i_security; 839 if (isp == NULL) { 840 isp = new_inode_smack(sp->smk_root); 841 if (isp == NULL) 842 return -ENOMEM; 843 inode->i_security = isp; 844 } else 845 isp->smk_inode = sp->smk_root; 846 847 if (transmute) 848 isp->smk_flags |= SMK_INODE_TRANSMUTE; 849 850 return 0; 851 } 852 853 /** 854 * smack_sb_kern_mount - Smack specific mount processing 855 * @sb: the file system superblock 856 * @flags: the mount flags 857 * @data: the smack mount options 858 * 859 * Returns 0 on success, an error code on failure 860 */ 861 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 862 { 863 int rc = 0; 864 char *options = data; 865 struct security_mnt_opts opts; 866 867 security_init_mnt_opts(&opts); 868 869 if (!options) 870 goto out; 871 872 rc = smack_parse_opts_str(options, &opts); 873 if (rc) 874 goto out_err; 875 876 out: 877 rc = smack_set_mnt_opts(sb, &opts, 0, NULL); 878 879 out_err: 880 security_free_mnt_opts(&opts); 881 return rc; 882 } 883 884 /** 885 * smack_sb_statfs - Smack check on statfs 886 * @dentry: identifies the file system in question 887 * 888 * Returns 0 if current can read the floor of the filesystem, 889 * and error code otherwise 890 */ 891 static int smack_sb_statfs(struct dentry *dentry) 892 { 893 struct superblock_smack *sbp = dentry->d_sb->s_security; 894 int rc; 895 struct smk_audit_info ad; 896 897 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 898 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 899 900 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 901 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 902 return rc; 903 } 904 905 /* 906 * BPRM hooks 907 */ 908 909 /** 910 * smack_bprm_set_creds - set creds for exec 911 * @bprm: the exec information 912 * 913 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 914 */ 915 static int smack_bprm_set_creds(struct linux_binprm *bprm) 916 { 917 struct inode *inode = file_inode(bprm->file); 918 struct task_smack *bsp = bprm->cred->security; 919 struct inode_smack *isp; 920 struct superblock_smack *sbsp; 921 int rc; 922 923 if (bprm->called_set_creds) 924 return 0; 925 926 isp = inode->i_security; 927 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 928 return 0; 929 930 sbsp = inode->i_sb->s_security; 931 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 932 isp->smk_task != sbsp->smk_root) 933 return 0; 934 935 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 936 struct task_struct *tracer; 937 rc = 0; 938 939 rcu_read_lock(); 940 tracer = ptrace_parent(current); 941 if (likely(tracer != NULL)) 942 rc = smk_ptrace_rule_check(tracer, 943 isp->smk_task, 944 PTRACE_MODE_ATTACH, 945 __func__); 946 rcu_read_unlock(); 947 948 if (rc != 0) 949 return rc; 950 } else if (bprm->unsafe) 951 return -EPERM; 952 953 bsp->smk_task = isp->smk_task; 954 bprm->per_clear |= PER_CLEAR_ON_SETID; 955 956 /* Decide if this is a secure exec. */ 957 if (bsp->smk_task != bsp->smk_forked) 958 bprm->secureexec = 1; 959 960 return 0; 961 } 962 963 /* 964 * Inode hooks 965 */ 966 967 /** 968 * smack_inode_alloc_security - allocate an inode blob 969 * @inode: the inode in need of a blob 970 * 971 * Returns 0 if it gets a blob, -ENOMEM otherwise 972 */ 973 static int smack_inode_alloc_security(struct inode *inode) 974 { 975 struct smack_known *skp = smk_of_current(); 976 977 inode->i_security = new_inode_smack(skp); 978 if (inode->i_security == NULL) 979 return -ENOMEM; 980 return 0; 981 } 982 983 /** 984 * smack_inode_free_rcu - Free inode_smack blob from cache 985 * @head: the rcu_head for getting inode_smack pointer 986 * 987 * Call back function called from call_rcu() to free 988 * the i_security blob pointer in inode 989 */ 990 static void smack_inode_free_rcu(struct rcu_head *head) 991 { 992 struct inode_smack *issp; 993 994 issp = container_of(head, struct inode_smack, smk_rcu); 995 kmem_cache_free(smack_inode_cache, issp); 996 } 997 998 /** 999 * smack_inode_free_security - free an inode blob using call_rcu() 1000 * @inode: the inode with a blob 1001 * 1002 * Clears the blob pointer in inode using RCU 1003 */ 1004 static void smack_inode_free_security(struct inode *inode) 1005 { 1006 struct inode_smack *issp = inode->i_security; 1007 1008 /* 1009 * The inode may still be referenced in a path walk and 1010 * a call to smack_inode_permission() can be made 1011 * after smack_inode_free_security() is called. 1012 * To avoid race condition free the i_security via RCU 1013 * and leave the current inode->i_security pointer intact. 1014 * The inode will be freed after the RCU grace period too. 1015 */ 1016 call_rcu(&issp->smk_rcu, smack_inode_free_rcu); 1017 } 1018 1019 /** 1020 * smack_inode_init_security - copy out the smack from an inode 1021 * @inode: the newly created inode 1022 * @dir: containing directory object 1023 * @qstr: unused 1024 * @name: where to put the attribute name 1025 * @value: where to put the attribute value 1026 * @len: where to put the length of the attribute 1027 * 1028 * Returns 0 if it all works out, -ENOMEM if there's no memory 1029 */ 1030 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 1031 const struct qstr *qstr, const char **name, 1032 void **value, size_t *len) 1033 { 1034 struct inode_smack *issp = inode->i_security; 1035 struct smack_known *skp = smk_of_current(); 1036 struct smack_known *isp = smk_of_inode(inode); 1037 struct smack_known *dsp = smk_of_inode(dir); 1038 int may; 1039 1040 if (name) 1041 *name = XATTR_SMACK_SUFFIX; 1042 1043 if (value && len) { 1044 rcu_read_lock(); 1045 may = smk_access_entry(skp->smk_known, dsp->smk_known, 1046 &skp->smk_rules); 1047 rcu_read_unlock(); 1048 1049 /* 1050 * If the access rule allows transmutation and 1051 * the directory requests transmutation then 1052 * by all means transmute. 1053 * Mark the inode as changed. 1054 */ 1055 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 1056 smk_inode_transmutable(dir)) { 1057 isp = dsp; 1058 issp->smk_flags |= SMK_INODE_CHANGED; 1059 } 1060 1061 *value = kstrdup(isp->smk_known, GFP_NOFS); 1062 if (*value == NULL) 1063 return -ENOMEM; 1064 1065 *len = strlen(isp->smk_known); 1066 } 1067 1068 return 0; 1069 } 1070 1071 /** 1072 * smack_inode_link - Smack check on link 1073 * @old_dentry: the existing object 1074 * @dir: unused 1075 * @new_dentry: the new object 1076 * 1077 * Returns 0 if access is permitted, an error code otherwise 1078 */ 1079 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1080 struct dentry *new_dentry) 1081 { 1082 struct smack_known *isp; 1083 struct smk_audit_info ad; 1084 int rc; 1085 1086 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1087 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1088 1089 isp = smk_of_inode(d_backing_inode(old_dentry)); 1090 rc = smk_curacc(isp, MAY_WRITE, &ad); 1091 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1092 1093 if (rc == 0 && d_is_positive(new_dentry)) { 1094 isp = smk_of_inode(d_backing_inode(new_dentry)); 1095 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1096 rc = smk_curacc(isp, MAY_WRITE, &ad); 1097 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1098 } 1099 1100 return rc; 1101 } 1102 1103 /** 1104 * smack_inode_unlink - Smack check on inode deletion 1105 * @dir: containing directory object 1106 * @dentry: file to unlink 1107 * 1108 * Returns 0 if current can write the containing directory 1109 * and the object, error code otherwise 1110 */ 1111 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1112 { 1113 struct inode *ip = d_backing_inode(dentry); 1114 struct smk_audit_info ad; 1115 int rc; 1116 1117 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1118 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1119 1120 /* 1121 * You need write access to the thing you're unlinking 1122 */ 1123 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1124 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1125 if (rc == 0) { 1126 /* 1127 * You also need write access to the containing directory 1128 */ 1129 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1130 smk_ad_setfield_u_fs_inode(&ad, dir); 1131 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1132 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1133 } 1134 return rc; 1135 } 1136 1137 /** 1138 * smack_inode_rmdir - Smack check on directory deletion 1139 * @dir: containing directory object 1140 * @dentry: directory to unlink 1141 * 1142 * Returns 0 if current can write the containing directory 1143 * and the directory, error code otherwise 1144 */ 1145 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1146 { 1147 struct smk_audit_info ad; 1148 int rc; 1149 1150 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1151 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1152 1153 /* 1154 * You need write access to the thing you're removing 1155 */ 1156 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1157 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1158 if (rc == 0) { 1159 /* 1160 * You also need write access to the containing directory 1161 */ 1162 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1163 smk_ad_setfield_u_fs_inode(&ad, dir); 1164 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1165 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1166 } 1167 1168 return rc; 1169 } 1170 1171 /** 1172 * smack_inode_rename - Smack check on rename 1173 * @old_inode: unused 1174 * @old_dentry: the old object 1175 * @new_inode: unused 1176 * @new_dentry: the new object 1177 * 1178 * Read and write access is required on both the old and 1179 * new directories. 1180 * 1181 * Returns 0 if access is permitted, an error code otherwise 1182 */ 1183 static int smack_inode_rename(struct inode *old_inode, 1184 struct dentry *old_dentry, 1185 struct inode *new_inode, 1186 struct dentry *new_dentry) 1187 { 1188 int rc; 1189 struct smack_known *isp; 1190 struct smk_audit_info ad; 1191 1192 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1193 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1194 1195 isp = smk_of_inode(d_backing_inode(old_dentry)); 1196 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1197 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1198 1199 if (rc == 0 && d_is_positive(new_dentry)) { 1200 isp = smk_of_inode(d_backing_inode(new_dentry)); 1201 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1202 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1203 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1204 } 1205 return rc; 1206 } 1207 1208 /** 1209 * smack_inode_permission - Smack version of permission() 1210 * @inode: the inode in question 1211 * @mask: the access requested 1212 * 1213 * This is the important Smack hook. 1214 * 1215 * Returns 0 if access is permitted, -EACCES otherwise 1216 */ 1217 static int smack_inode_permission(struct inode *inode, int mask) 1218 { 1219 struct superblock_smack *sbsp = inode->i_sb->s_security; 1220 struct smk_audit_info ad; 1221 int no_block = mask & MAY_NOT_BLOCK; 1222 int rc; 1223 1224 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1225 /* 1226 * No permission to check. Existence test. Yup, it's there. 1227 */ 1228 if (mask == 0) 1229 return 0; 1230 1231 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1232 if (smk_of_inode(inode) != sbsp->smk_root) 1233 return -EACCES; 1234 } 1235 1236 /* May be droppable after audit */ 1237 if (no_block) 1238 return -ECHILD; 1239 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1240 smk_ad_setfield_u_fs_inode(&ad, inode); 1241 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1242 rc = smk_bu_inode(inode, mask, rc); 1243 return rc; 1244 } 1245 1246 /** 1247 * smack_inode_setattr - Smack check for setting attributes 1248 * @dentry: the object 1249 * @iattr: for the force flag 1250 * 1251 * Returns 0 if access is permitted, an error code otherwise 1252 */ 1253 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1254 { 1255 struct smk_audit_info ad; 1256 int rc; 1257 1258 /* 1259 * Need to allow for clearing the setuid bit. 1260 */ 1261 if (iattr->ia_valid & ATTR_FORCE) 1262 return 0; 1263 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1264 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1265 1266 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1267 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1268 return rc; 1269 } 1270 1271 /** 1272 * smack_inode_getattr - Smack check for getting attributes 1273 * @mnt: vfsmount of the object 1274 * @dentry: the object 1275 * 1276 * Returns 0 if access is permitted, an error code otherwise 1277 */ 1278 static int smack_inode_getattr(const struct path *path) 1279 { 1280 struct smk_audit_info ad; 1281 struct inode *inode = d_backing_inode(path->dentry); 1282 int rc; 1283 1284 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1285 smk_ad_setfield_u_fs_path(&ad, *path); 1286 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1287 rc = smk_bu_inode(inode, MAY_READ, rc); 1288 return rc; 1289 } 1290 1291 /** 1292 * smack_inode_setxattr - Smack check for setting xattrs 1293 * @dentry: the object 1294 * @name: name of the attribute 1295 * @value: value of the attribute 1296 * @size: size of the value 1297 * @flags: unused 1298 * 1299 * This protects the Smack attribute explicitly. 1300 * 1301 * Returns 0 if access is permitted, an error code otherwise 1302 */ 1303 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 1304 const void *value, size_t size, int flags) 1305 { 1306 struct smk_audit_info ad; 1307 struct smack_known *skp; 1308 int check_priv = 0; 1309 int check_import = 0; 1310 int check_star = 0; 1311 int rc = 0; 1312 1313 /* 1314 * Check label validity here so import won't fail in post_setxattr 1315 */ 1316 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1317 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1318 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1319 check_priv = 1; 1320 check_import = 1; 1321 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1322 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1323 check_priv = 1; 1324 check_import = 1; 1325 check_star = 1; 1326 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1327 check_priv = 1; 1328 if (size != TRANS_TRUE_SIZE || 1329 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1330 rc = -EINVAL; 1331 } else 1332 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1333 1334 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1335 rc = -EPERM; 1336 1337 if (rc == 0 && check_import) { 1338 skp = size ? smk_import_entry(value, size) : NULL; 1339 if (IS_ERR(skp)) 1340 rc = PTR_ERR(skp); 1341 else if (skp == NULL || (check_star && 1342 (skp == &smack_known_star || skp == &smack_known_web))) 1343 rc = -EINVAL; 1344 } 1345 1346 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1347 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1348 1349 if (rc == 0) { 1350 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1351 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1352 } 1353 1354 return rc; 1355 } 1356 1357 /** 1358 * smack_inode_post_setxattr - Apply the Smack update approved above 1359 * @dentry: object 1360 * @name: attribute name 1361 * @value: attribute value 1362 * @size: attribute size 1363 * @flags: unused 1364 * 1365 * Set the pointer in the inode blob to the entry found 1366 * in the master label list. 1367 */ 1368 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1369 const void *value, size_t size, int flags) 1370 { 1371 struct smack_known *skp; 1372 struct inode_smack *isp = d_backing_inode(dentry)->i_security; 1373 1374 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1375 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1376 return; 1377 } 1378 1379 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1380 skp = smk_import_entry(value, size); 1381 if (!IS_ERR(skp)) 1382 isp->smk_inode = skp; 1383 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1384 skp = smk_import_entry(value, size); 1385 if (!IS_ERR(skp)) 1386 isp->smk_task = skp; 1387 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1388 skp = smk_import_entry(value, size); 1389 if (!IS_ERR(skp)) 1390 isp->smk_mmap = skp; 1391 } 1392 1393 return; 1394 } 1395 1396 /** 1397 * smack_inode_getxattr - Smack check on getxattr 1398 * @dentry: the object 1399 * @name: unused 1400 * 1401 * Returns 0 if access is permitted, an error code otherwise 1402 */ 1403 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1404 { 1405 struct smk_audit_info ad; 1406 int rc; 1407 1408 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1409 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1410 1411 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1412 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1413 return rc; 1414 } 1415 1416 /** 1417 * smack_inode_removexattr - Smack check on removexattr 1418 * @dentry: the object 1419 * @name: name of the attribute 1420 * 1421 * Removing the Smack attribute requires CAP_MAC_ADMIN 1422 * 1423 * Returns 0 if access is permitted, an error code otherwise 1424 */ 1425 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 1426 { 1427 struct inode_smack *isp; 1428 struct smk_audit_info ad; 1429 int rc = 0; 1430 1431 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1432 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1433 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1434 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1435 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1436 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1437 if (!smack_privileged(CAP_MAC_ADMIN)) 1438 rc = -EPERM; 1439 } else 1440 rc = cap_inode_removexattr(dentry, name); 1441 1442 if (rc != 0) 1443 return rc; 1444 1445 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1446 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1447 1448 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1449 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1450 if (rc != 0) 1451 return rc; 1452 1453 isp = d_backing_inode(dentry)->i_security; 1454 /* 1455 * Don't do anything special for these. 1456 * XATTR_NAME_SMACKIPIN 1457 * XATTR_NAME_SMACKIPOUT 1458 */ 1459 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1460 struct super_block *sbp = dentry->d_sb; 1461 struct superblock_smack *sbsp = sbp->s_security; 1462 1463 isp->smk_inode = sbsp->smk_default; 1464 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1465 isp->smk_task = NULL; 1466 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1467 isp->smk_mmap = NULL; 1468 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1469 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1470 1471 return 0; 1472 } 1473 1474 /** 1475 * smack_inode_getsecurity - get smack xattrs 1476 * @inode: the object 1477 * @name: attribute name 1478 * @buffer: where to put the result 1479 * @alloc: duplicate memory 1480 * 1481 * Returns the size of the attribute or an error code 1482 */ 1483 static int smack_inode_getsecurity(struct inode *inode, 1484 const char *name, void **buffer, 1485 bool alloc) 1486 { 1487 struct socket_smack *ssp; 1488 struct socket *sock; 1489 struct super_block *sbp; 1490 struct inode *ip = (struct inode *)inode; 1491 struct smack_known *isp; 1492 1493 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1494 isp = smk_of_inode(inode); 1495 else { 1496 /* 1497 * The rest of the Smack xattrs are only on sockets. 1498 */ 1499 sbp = ip->i_sb; 1500 if (sbp->s_magic != SOCKFS_MAGIC) 1501 return -EOPNOTSUPP; 1502 1503 sock = SOCKET_I(ip); 1504 if (sock == NULL || sock->sk == NULL) 1505 return -EOPNOTSUPP; 1506 1507 ssp = sock->sk->sk_security; 1508 1509 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1510 isp = ssp->smk_in; 1511 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1512 isp = ssp->smk_out; 1513 else 1514 return -EOPNOTSUPP; 1515 } 1516 1517 if (alloc) { 1518 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1519 if (*buffer == NULL) 1520 return -ENOMEM; 1521 } 1522 1523 return strlen(isp->smk_known); 1524 } 1525 1526 1527 /** 1528 * smack_inode_listsecurity - list the Smack attributes 1529 * @inode: the object 1530 * @buffer: where they go 1531 * @buffer_size: size of buffer 1532 */ 1533 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1534 size_t buffer_size) 1535 { 1536 int len = sizeof(XATTR_NAME_SMACK); 1537 1538 if (buffer != NULL && len <= buffer_size) 1539 memcpy(buffer, XATTR_NAME_SMACK, len); 1540 1541 return len; 1542 } 1543 1544 /** 1545 * smack_inode_getsecid - Extract inode's security id 1546 * @inode: inode to extract the info from 1547 * @secid: where result will be saved 1548 */ 1549 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1550 { 1551 struct smack_known *skp = smk_of_inode(inode); 1552 1553 *secid = skp->smk_secid; 1554 } 1555 1556 /* 1557 * File Hooks 1558 */ 1559 1560 /* 1561 * There is no smack_file_permission hook 1562 * 1563 * Should access checks be done on each read or write? 1564 * UNICOS and SELinux say yes. 1565 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1566 * 1567 * I'll say no for now. Smack does not do the frequent 1568 * label changing that SELinux does. 1569 */ 1570 1571 /** 1572 * smack_file_alloc_security - assign a file security blob 1573 * @file: the object 1574 * 1575 * The security blob for a file is a pointer to the master 1576 * label list, so no allocation is done. 1577 * 1578 * f_security is the owner security information. It 1579 * isn't used on file access checks, it's for send_sigio. 1580 * 1581 * Returns 0 1582 */ 1583 static int smack_file_alloc_security(struct file *file) 1584 { 1585 struct smack_known *skp = smk_of_current(); 1586 1587 file->f_security = skp; 1588 return 0; 1589 } 1590 1591 /** 1592 * smack_file_free_security - clear a file security blob 1593 * @file: the object 1594 * 1595 * The security blob for a file is a pointer to the master 1596 * label list, so no memory is freed. 1597 */ 1598 static void smack_file_free_security(struct file *file) 1599 { 1600 file->f_security = NULL; 1601 } 1602 1603 /** 1604 * smack_file_ioctl - Smack check on ioctls 1605 * @file: the object 1606 * @cmd: what to do 1607 * @arg: unused 1608 * 1609 * Relies heavily on the correct use of the ioctl command conventions. 1610 * 1611 * Returns 0 if allowed, error code otherwise 1612 */ 1613 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1614 unsigned long arg) 1615 { 1616 int rc = 0; 1617 struct smk_audit_info ad; 1618 struct inode *inode = file_inode(file); 1619 1620 if (unlikely(IS_PRIVATE(inode))) 1621 return 0; 1622 1623 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1624 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1625 1626 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1627 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1628 rc = smk_bu_file(file, MAY_WRITE, rc); 1629 } 1630 1631 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1632 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1633 rc = smk_bu_file(file, MAY_READ, rc); 1634 } 1635 1636 return rc; 1637 } 1638 1639 /** 1640 * smack_file_lock - Smack check on file locking 1641 * @file: the object 1642 * @cmd: unused 1643 * 1644 * Returns 0 if current has lock access, error code otherwise 1645 */ 1646 static int smack_file_lock(struct file *file, unsigned int cmd) 1647 { 1648 struct smk_audit_info ad; 1649 int rc; 1650 struct inode *inode = file_inode(file); 1651 1652 if (unlikely(IS_PRIVATE(inode))) 1653 return 0; 1654 1655 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1656 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1657 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1658 rc = smk_bu_file(file, MAY_LOCK, rc); 1659 return rc; 1660 } 1661 1662 /** 1663 * smack_file_fcntl - Smack check on fcntl 1664 * @file: the object 1665 * @cmd: what action to check 1666 * @arg: unused 1667 * 1668 * Generally these operations are harmless. 1669 * File locking operations present an obvious mechanism 1670 * for passing information, so they require write access. 1671 * 1672 * Returns 0 if current has access, error code otherwise 1673 */ 1674 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1675 unsigned long arg) 1676 { 1677 struct smk_audit_info ad; 1678 int rc = 0; 1679 struct inode *inode = file_inode(file); 1680 1681 if (unlikely(IS_PRIVATE(inode))) 1682 return 0; 1683 1684 switch (cmd) { 1685 case F_GETLK: 1686 break; 1687 case F_SETLK: 1688 case F_SETLKW: 1689 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1690 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1691 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1692 rc = smk_bu_file(file, MAY_LOCK, rc); 1693 break; 1694 case F_SETOWN: 1695 case F_SETSIG: 1696 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1697 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1698 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1699 rc = smk_bu_file(file, MAY_WRITE, rc); 1700 break; 1701 default: 1702 break; 1703 } 1704 1705 return rc; 1706 } 1707 1708 /** 1709 * smack_mmap_file : 1710 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1711 * if mapping anonymous memory. 1712 * @file contains the file structure for file to map (may be NULL). 1713 * @reqprot contains the protection requested by the application. 1714 * @prot contains the protection that will be applied by the kernel. 1715 * @flags contains the operational flags. 1716 * Return 0 if permission is granted. 1717 */ 1718 static int smack_mmap_file(struct file *file, 1719 unsigned long reqprot, unsigned long prot, 1720 unsigned long flags) 1721 { 1722 struct smack_known *skp; 1723 struct smack_known *mkp; 1724 struct smack_rule *srp; 1725 struct task_smack *tsp; 1726 struct smack_known *okp; 1727 struct inode_smack *isp; 1728 struct superblock_smack *sbsp; 1729 int may; 1730 int mmay; 1731 int tmay; 1732 int rc; 1733 1734 if (file == NULL) 1735 return 0; 1736 1737 if (unlikely(IS_PRIVATE(file_inode(file)))) 1738 return 0; 1739 1740 isp = file_inode(file)->i_security; 1741 if (isp->smk_mmap == NULL) 1742 return 0; 1743 sbsp = file_inode(file)->i_sb->s_security; 1744 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1745 isp->smk_mmap != sbsp->smk_root) 1746 return -EACCES; 1747 mkp = isp->smk_mmap; 1748 1749 tsp = current_security(); 1750 skp = smk_of_current(); 1751 rc = 0; 1752 1753 rcu_read_lock(); 1754 /* 1755 * For each Smack rule associated with the subject 1756 * label verify that the SMACK64MMAP also has access 1757 * to that rule's object label. 1758 */ 1759 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1760 okp = srp->smk_object; 1761 /* 1762 * Matching labels always allows access. 1763 */ 1764 if (mkp->smk_known == okp->smk_known) 1765 continue; 1766 /* 1767 * If there is a matching local rule take 1768 * that into account as well. 1769 */ 1770 may = smk_access_entry(srp->smk_subject->smk_known, 1771 okp->smk_known, 1772 &tsp->smk_rules); 1773 if (may == -ENOENT) 1774 may = srp->smk_access; 1775 else 1776 may &= srp->smk_access; 1777 /* 1778 * If may is zero the SMACK64MMAP subject can't 1779 * possibly have less access. 1780 */ 1781 if (may == 0) 1782 continue; 1783 1784 /* 1785 * Fetch the global list entry. 1786 * If there isn't one a SMACK64MMAP subject 1787 * can't have as much access as current. 1788 */ 1789 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1790 &mkp->smk_rules); 1791 if (mmay == -ENOENT) { 1792 rc = -EACCES; 1793 break; 1794 } 1795 /* 1796 * If there is a local entry it modifies the 1797 * potential access, too. 1798 */ 1799 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1800 &tsp->smk_rules); 1801 if (tmay != -ENOENT) 1802 mmay &= tmay; 1803 1804 /* 1805 * If there is any access available to current that is 1806 * not available to a SMACK64MMAP subject 1807 * deny access. 1808 */ 1809 if ((may | mmay) != mmay) { 1810 rc = -EACCES; 1811 break; 1812 } 1813 } 1814 1815 rcu_read_unlock(); 1816 1817 return rc; 1818 } 1819 1820 /** 1821 * smack_file_set_fowner - set the file security blob value 1822 * @file: object in question 1823 * 1824 */ 1825 static void smack_file_set_fowner(struct file *file) 1826 { 1827 file->f_security = smk_of_current(); 1828 } 1829 1830 /** 1831 * smack_file_send_sigiotask - Smack on sigio 1832 * @tsk: The target task 1833 * @fown: the object the signal come from 1834 * @signum: unused 1835 * 1836 * Allow a privileged task to get signals even if it shouldn't 1837 * 1838 * Returns 0 if a subject with the object's smack could 1839 * write to the task, an error code otherwise. 1840 */ 1841 static int smack_file_send_sigiotask(struct task_struct *tsk, 1842 struct fown_struct *fown, int signum) 1843 { 1844 struct smack_known *skp; 1845 struct smack_known *tkp = smk_of_task(tsk->cred->security); 1846 const struct cred *tcred; 1847 struct file *file; 1848 int rc; 1849 struct smk_audit_info ad; 1850 1851 /* 1852 * struct fown_struct is never outside the context of a struct file 1853 */ 1854 file = container_of(fown, struct file, f_owner); 1855 1856 /* we don't log here as rc can be overriden */ 1857 skp = file->f_security; 1858 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1859 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1860 1861 rcu_read_lock(); 1862 tcred = __task_cred(tsk); 1863 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1864 rc = 0; 1865 rcu_read_unlock(); 1866 1867 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1868 smk_ad_setfield_u_tsk(&ad, tsk); 1869 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1870 return rc; 1871 } 1872 1873 /** 1874 * smack_file_receive - Smack file receive check 1875 * @file: the object 1876 * 1877 * Returns 0 if current has access, error code otherwise 1878 */ 1879 static int smack_file_receive(struct file *file) 1880 { 1881 int rc; 1882 int may = 0; 1883 struct smk_audit_info ad; 1884 struct inode *inode = file_inode(file); 1885 struct socket *sock; 1886 struct task_smack *tsp; 1887 struct socket_smack *ssp; 1888 1889 if (unlikely(IS_PRIVATE(inode))) 1890 return 0; 1891 1892 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1893 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1894 1895 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1896 sock = SOCKET_I(inode); 1897 ssp = sock->sk->sk_security; 1898 tsp = current_security(); 1899 /* 1900 * If the receiving process can't write to the 1901 * passed socket or if the passed socket can't 1902 * write to the receiving process don't accept 1903 * the passed socket. 1904 */ 1905 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1906 rc = smk_bu_file(file, may, rc); 1907 if (rc < 0) 1908 return rc; 1909 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1910 rc = smk_bu_file(file, may, rc); 1911 return rc; 1912 } 1913 /* 1914 * This code relies on bitmasks. 1915 */ 1916 if (file->f_mode & FMODE_READ) 1917 may = MAY_READ; 1918 if (file->f_mode & FMODE_WRITE) 1919 may |= MAY_WRITE; 1920 1921 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1922 rc = smk_bu_file(file, may, rc); 1923 return rc; 1924 } 1925 1926 /** 1927 * smack_file_open - Smack dentry open processing 1928 * @file: the object 1929 * @cred: task credential 1930 * 1931 * Set the security blob in the file structure. 1932 * Allow the open only if the task has read access. There are 1933 * many read operations (e.g. fstat) that you can do with an 1934 * fd even if you have the file open write-only. 1935 * 1936 * Returns 0 1937 */ 1938 static int smack_file_open(struct file *file) 1939 { 1940 struct task_smack *tsp = file->f_cred->security; 1941 struct inode *inode = file_inode(file); 1942 struct smk_audit_info ad; 1943 int rc; 1944 1945 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1946 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1947 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1948 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1949 1950 return rc; 1951 } 1952 1953 /* 1954 * Task hooks 1955 */ 1956 1957 /** 1958 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1959 * @new: the new credentials 1960 * @gfp: the atomicity of any memory allocations 1961 * 1962 * Prepare a blank set of credentials for modification. This must allocate all 1963 * the memory the LSM module might require such that cred_transfer() can 1964 * complete without error. 1965 */ 1966 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1967 { 1968 struct task_smack *tsp; 1969 1970 tsp = new_task_smack(NULL, NULL, gfp); 1971 if (tsp == NULL) 1972 return -ENOMEM; 1973 1974 cred->security = tsp; 1975 1976 return 0; 1977 } 1978 1979 1980 /** 1981 * smack_cred_free - "free" task-level security credentials 1982 * @cred: the credentials in question 1983 * 1984 */ 1985 static void smack_cred_free(struct cred *cred) 1986 { 1987 struct task_smack *tsp = cred->security; 1988 struct smack_rule *rp; 1989 struct list_head *l; 1990 struct list_head *n; 1991 1992 if (tsp == NULL) 1993 return; 1994 cred->security = NULL; 1995 1996 smk_destroy_label_list(&tsp->smk_relabel); 1997 1998 list_for_each_safe(l, n, &tsp->smk_rules) { 1999 rp = list_entry(l, struct smack_rule, list); 2000 list_del(&rp->list); 2001 kfree(rp); 2002 } 2003 kfree(tsp); 2004 } 2005 2006 /** 2007 * smack_cred_prepare - prepare new set of credentials for modification 2008 * @new: the new credentials 2009 * @old: the original credentials 2010 * @gfp: the atomicity of any memory allocations 2011 * 2012 * Prepare a new set of credentials for modification. 2013 */ 2014 static int smack_cred_prepare(struct cred *new, const struct cred *old, 2015 gfp_t gfp) 2016 { 2017 struct task_smack *old_tsp = old->security; 2018 struct task_smack *new_tsp; 2019 int rc; 2020 2021 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); 2022 if (new_tsp == NULL) 2023 return -ENOMEM; 2024 2025 new->security = new_tsp; 2026 2027 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 2028 if (rc != 0) 2029 return rc; 2030 2031 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 2032 gfp); 2033 if (rc != 0) 2034 return rc; 2035 2036 return 0; 2037 } 2038 2039 /** 2040 * smack_cred_transfer - Transfer the old credentials to the new credentials 2041 * @new: the new credentials 2042 * @old: the original credentials 2043 * 2044 * Fill in a set of blank credentials from another set of credentials. 2045 */ 2046 static void smack_cred_transfer(struct cred *new, const struct cred *old) 2047 { 2048 struct task_smack *old_tsp = old->security; 2049 struct task_smack *new_tsp = new->security; 2050 2051 new_tsp->smk_task = old_tsp->smk_task; 2052 new_tsp->smk_forked = old_tsp->smk_task; 2053 mutex_init(&new_tsp->smk_rules_lock); 2054 INIT_LIST_HEAD(&new_tsp->smk_rules); 2055 2056 2057 /* cbs copy rule list */ 2058 } 2059 2060 /** 2061 * smack_cred_getsecid - get the secid corresponding to a creds structure 2062 * @c: the object creds 2063 * @secid: where to put the result 2064 * 2065 * Sets the secid to contain a u32 version of the smack label. 2066 */ 2067 static void smack_cred_getsecid(const struct cred *c, u32 *secid) 2068 { 2069 struct smack_known *skp; 2070 2071 rcu_read_lock(); 2072 skp = smk_of_task(c->security); 2073 *secid = skp->smk_secid; 2074 rcu_read_unlock(); 2075 } 2076 2077 /** 2078 * smack_kernel_act_as - Set the subjective context in a set of credentials 2079 * @new: points to the set of credentials to be modified. 2080 * @secid: specifies the security ID to be set 2081 * 2082 * Set the security data for a kernel service. 2083 */ 2084 static int smack_kernel_act_as(struct cred *new, u32 secid) 2085 { 2086 struct task_smack *new_tsp = new->security; 2087 2088 new_tsp->smk_task = smack_from_secid(secid); 2089 return 0; 2090 } 2091 2092 /** 2093 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2094 * @new: points to the set of credentials to be modified 2095 * @inode: points to the inode to use as a reference 2096 * 2097 * Set the file creation context in a set of credentials to the same 2098 * as the objective context of the specified inode 2099 */ 2100 static int smack_kernel_create_files_as(struct cred *new, 2101 struct inode *inode) 2102 { 2103 struct inode_smack *isp = inode->i_security; 2104 struct task_smack *tsp = new->security; 2105 2106 tsp->smk_forked = isp->smk_inode; 2107 tsp->smk_task = tsp->smk_forked; 2108 return 0; 2109 } 2110 2111 /** 2112 * smk_curacc_on_task - helper to log task related access 2113 * @p: the task object 2114 * @access: the access requested 2115 * @caller: name of the calling function for audit 2116 * 2117 * Return 0 if access is permitted 2118 */ 2119 static int smk_curacc_on_task(struct task_struct *p, int access, 2120 const char *caller) 2121 { 2122 struct smk_audit_info ad; 2123 struct smack_known *skp = smk_of_task_struct(p); 2124 int rc; 2125 2126 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2127 smk_ad_setfield_u_tsk(&ad, p); 2128 rc = smk_curacc(skp, access, &ad); 2129 rc = smk_bu_task(p, access, rc); 2130 return rc; 2131 } 2132 2133 /** 2134 * smack_task_setpgid - Smack check on setting pgid 2135 * @p: the task object 2136 * @pgid: unused 2137 * 2138 * Return 0 if write access is permitted 2139 */ 2140 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2141 { 2142 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2143 } 2144 2145 /** 2146 * smack_task_getpgid - Smack access check for getpgid 2147 * @p: the object task 2148 * 2149 * Returns 0 if current can read the object task, error code otherwise 2150 */ 2151 static int smack_task_getpgid(struct task_struct *p) 2152 { 2153 return smk_curacc_on_task(p, MAY_READ, __func__); 2154 } 2155 2156 /** 2157 * smack_task_getsid - Smack access check for getsid 2158 * @p: the object task 2159 * 2160 * Returns 0 if current can read the object task, error code otherwise 2161 */ 2162 static int smack_task_getsid(struct task_struct *p) 2163 { 2164 return smk_curacc_on_task(p, MAY_READ, __func__); 2165 } 2166 2167 /** 2168 * smack_task_getsecid - get the secid of the task 2169 * @p: the object task 2170 * @secid: where to put the result 2171 * 2172 * Sets the secid to contain a u32 version of the smack label. 2173 */ 2174 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 2175 { 2176 struct smack_known *skp = smk_of_task_struct(p); 2177 2178 *secid = skp->smk_secid; 2179 } 2180 2181 /** 2182 * smack_task_setnice - Smack check on setting nice 2183 * @p: the task object 2184 * @nice: unused 2185 * 2186 * Return 0 if write access is permitted 2187 */ 2188 static int smack_task_setnice(struct task_struct *p, int nice) 2189 { 2190 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2191 } 2192 2193 /** 2194 * smack_task_setioprio - Smack check on setting ioprio 2195 * @p: the task object 2196 * @ioprio: unused 2197 * 2198 * Return 0 if write access is permitted 2199 */ 2200 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2201 { 2202 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2203 } 2204 2205 /** 2206 * smack_task_getioprio - Smack check on reading ioprio 2207 * @p: the task object 2208 * 2209 * Return 0 if read access is permitted 2210 */ 2211 static int smack_task_getioprio(struct task_struct *p) 2212 { 2213 return smk_curacc_on_task(p, MAY_READ, __func__); 2214 } 2215 2216 /** 2217 * smack_task_setscheduler - Smack check on setting scheduler 2218 * @p: the task object 2219 * @policy: unused 2220 * @lp: unused 2221 * 2222 * Return 0 if read access is permitted 2223 */ 2224 static int smack_task_setscheduler(struct task_struct *p) 2225 { 2226 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2227 } 2228 2229 /** 2230 * smack_task_getscheduler - Smack check on reading scheduler 2231 * @p: the task object 2232 * 2233 * Return 0 if read access is permitted 2234 */ 2235 static int smack_task_getscheduler(struct task_struct *p) 2236 { 2237 return smk_curacc_on_task(p, MAY_READ, __func__); 2238 } 2239 2240 /** 2241 * smack_task_movememory - Smack check on moving memory 2242 * @p: the task object 2243 * 2244 * Return 0 if write access is permitted 2245 */ 2246 static int smack_task_movememory(struct task_struct *p) 2247 { 2248 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2249 } 2250 2251 /** 2252 * smack_task_kill - Smack check on signal delivery 2253 * @p: the task object 2254 * @info: unused 2255 * @sig: unused 2256 * @cred: identifies the cred to use in lieu of current's 2257 * 2258 * Return 0 if write access is permitted 2259 * 2260 */ 2261 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2262 int sig, const struct cred *cred) 2263 { 2264 struct smk_audit_info ad; 2265 struct smack_known *skp; 2266 struct smack_known *tkp = smk_of_task_struct(p); 2267 int rc; 2268 2269 if (!sig) 2270 return 0; /* null signal; existence test */ 2271 2272 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2273 smk_ad_setfield_u_tsk(&ad, p); 2274 /* 2275 * Sending a signal requires that the sender 2276 * can write the receiver. 2277 */ 2278 if (cred == NULL) { 2279 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2280 rc = smk_bu_task(p, MAY_DELIVER, rc); 2281 return rc; 2282 } 2283 /* 2284 * If the cred isn't NULL we're dealing with some USB IO 2285 * specific behavior. This is not clean. For one thing 2286 * we can't take privilege into account. 2287 */ 2288 skp = smk_of_task(cred->security); 2289 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2290 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2291 return rc; 2292 } 2293 2294 /** 2295 * smack_task_to_inode - copy task smack into the inode blob 2296 * @p: task to copy from 2297 * @inode: inode to copy to 2298 * 2299 * Sets the smack pointer in the inode security blob 2300 */ 2301 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2302 { 2303 struct inode_smack *isp = inode->i_security; 2304 struct smack_known *skp = smk_of_task_struct(p); 2305 2306 isp->smk_inode = skp; 2307 isp->smk_flags |= SMK_INODE_INSTANT; 2308 } 2309 2310 /* 2311 * Socket hooks. 2312 */ 2313 2314 /** 2315 * smack_sk_alloc_security - Allocate a socket blob 2316 * @sk: the socket 2317 * @family: unused 2318 * @gfp_flags: memory allocation flags 2319 * 2320 * Assign Smack pointers to current 2321 * 2322 * Returns 0 on success, -ENOMEM is there's no memory 2323 */ 2324 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2325 { 2326 struct smack_known *skp = smk_of_current(); 2327 struct socket_smack *ssp; 2328 2329 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2330 if (ssp == NULL) 2331 return -ENOMEM; 2332 2333 /* 2334 * Sockets created by kernel threads receive web label. 2335 */ 2336 if (unlikely(current->flags & PF_KTHREAD)) { 2337 ssp->smk_in = &smack_known_web; 2338 ssp->smk_out = &smack_known_web; 2339 } else { 2340 ssp->smk_in = skp; 2341 ssp->smk_out = skp; 2342 } 2343 ssp->smk_packet = NULL; 2344 2345 sk->sk_security = ssp; 2346 2347 return 0; 2348 } 2349 2350 /** 2351 * smack_sk_free_security - Free a socket blob 2352 * @sk: the socket 2353 * 2354 * Clears the blob pointer 2355 */ 2356 static void smack_sk_free_security(struct sock *sk) 2357 { 2358 #ifdef SMACK_IPV6_PORT_LABELING 2359 struct smk_port_label *spp; 2360 2361 if (sk->sk_family == PF_INET6) { 2362 rcu_read_lock(); 2363 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2364 if (spp->smk_sock != sk) 2365 continue; 2366 spp->smk_can_reuse = 1; 2367 break; 2368 } 2369 rcu_read_unlock(); 2370 } 2371 #endif 2372 kfree(sk->sk_security); 2373 } 2374 2375 /** 2376 * smack_ipv4host_label - check host based restrictions 2377 * @sip: the object end 2378 * 2379 * looks for host based access restrictions 2380 * 2381 * This version will only be appropriate for really small sets of single label 2382 * hosts. The caller is responsible for ensuring that the RCU read lock is 2383 * taken before calling this function. 2384 * 2385 * Returns the label of the far end or NULL if it's not special. 2386 */ 2387 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2388 { 2389 struct smk_net4addr *snp; 2390 struct in_addr *siap = &sip->sin_addr; 2391 2392 if (siap->s_addr == 0) 2393 return NULL; 2394 2395 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2396 /* 2397 * we break after finding the first match because 2398 * the list is sorted from longest to shortest mask 2399 * so we have found the most specific match 2400 */ 2401 if (snp->smk_host.s_addr == 2402 (siap->s_addr & snp->smk_mask.s_addr)) 2403 return snp->smk_label; 2404 2405 return NULL; 2406 } 2407 2408 #if IS_ENABLED(CONFIG_IPV6) 2409 /* 2410 * smk_ipv6_localhost - Check for local ipv6 host address 2411 * @sip: the address 2412 * 2413 * Returns boolean true if this is the localhost address 2414 */ 2415 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2416 { 2417 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2418 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2419 2420 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2421 ntohs(be16p[7]) == 1) 2422 return true; 2423 return false; 2424 } 2425 2426 /** 2427 * smack_ipv6host_label - check host based restrictions 2428 * @sip: the object end 2429 * 2430 * looks for host based access restrictions 2431 * 2432 * This version will only be appropriate for really small sets of single label 2433 * hosts. The caller is responsible for ensuring that the RCU read lock is 2434 * taken before calling this function. 2435 * 2436 * Returns the label of the far end or NULL if it's not special. 2437 */ 2438 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2439 { 2440 struct smk_net6addr *snp; 2441 struct in6_addr *sap = &sip->sin6_addr; 2442 int i; 2443 int found = 0; 2444 2445 /* 2446 * It's local. Don't look for a host label. 2447 */ 2448 if (smk_ipv6_localhost(sip)) 2449 return NULL; 2450 2451 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2452 /* 2453 * If the label is NULL the entry has 2454 * been renounced. Ignore it. 2455 */ 2456 if (snp->smk_label == NULL) 2457 continue; 2458 /* 2459 * we break after finding the first match because 2460 * the list is sorted from longest to shortest mask 2461 * so we have found the most specific match 2462 */ 2463 for (found = 1, i = 0; i < 8; i++) { 2464 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2465 snp->smk_host.s6_addr16[i]) { 2466 found = 0; 2467 break; 2468 } 2469 } 2470 if (found) 2471 return snp->smk_label; 2472 } 2473 2474 return NULL; 2475 } 2476 #endif /* CONFIG_IPV6 */ 2477 2478 /** 2479 * smack_netlabel - Set the secattr on a socket 2480 * @sk: the socket 2481 * @labeled: socket label scheme 2482 * 2483 * Convert the outbound smack value (smk_out) to a 2484 * secattr and attach it to the socket. 2485 * 2486 * Returns 0 on success or an error code 2487 */ 2488 static int smack_netlabel(struct sock *sk, int labeled) 2489 { 2490 struct smack_known *skp; 2491 struct socket_smack *ssp = sk->sk_security; 2492 int rc = 0; 2493 2494 /* 2495 * Usually the netlabel code will handle changing the 2496 * packet labeling based on the label. 2497 * The case of a single label host is different, because 2498 * a single label host should never get a labeled packet 2499 * even though the label is usually associated with a packet 2500 * label. 2501 */ 2502 local_bh_disable(); 2503 bh_lock_sock_nested(sk); 2504 2505 if (ssp->smk_out == smack_net_ambient || 2506 labeled == SMACK_UNLABELED_SOCKET) 2507 netlbl_sock_delattr(sk); 2508 else { 2509 skp = ssp->smk_out; 2510 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2511 } 2512 2513 bh_unlock_sock(sk); 2514 local_bh_enable(); 2515 2516 return rc; 2517 } 2518 2519 /** 2520 * smack_netlbel_send - Set the secattr on a socket and perform access checks 2521 * @sk: the socket 2522 * @sap: the destination address 2523 * 2524 * Set the correct secattr for the given socket based on the destination 2525 * address and perform any outbound access checks needed. 2526 * 2527 * Returns 0 on success or an error code. 2528 * 2529 */ 2530 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) 2531 { 2532 struct smack_known *skp; 2533 int rc; 2534 int sk_lbl; 2535 struct smack_known *hkp; 2536 struct socket_smack *ssp = sk->sk_security; 2537 struct smk_audit_info ad; 2538 2539 rcu_read_lock(); 2540 hkp = smack_ipv4host_label(sap); 2541 if (hkp != NULL) { 2542 #ifdef CONFIG_AUDIT 2543 struct lsm_network_audit net; 2544 2545 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2546 ad.a.u.net->family = sap->sin_family; 2547 ad.a.u.net->dport = sap->sin_port; 2548 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2549 #endif 2550 sk_lbl = SMACK_UNLABELED_SOCKET; 2551 skp = ssp->smk_out; 2552 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2553 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2554 } else { 2555 sk_lbl = SMACK_CIPSO_SOCKET; 2556 rc = 0; 2557 } 2558 rcu_read_unlock(); 2559 if (rc != 0) 2560 return rc; 2561 2562 return smack_netlabel(sk, sk_lbl); 2563 } 2564 2565 #if IS_ENABLED(CONFIG_IPV6) 2566 /** 2567 * smk_ipv6_check - check Smack access 2568 * @subject: subject Smack label 2569 * @object: object Smack label 2570 * @address: address 2571 * @act: the action being taken 2572 * 2573 * Check an IPv6 access 2574 */ 2575 static int smk_ipv6_check(struct smack_known *subject, 2576 struct smack_known *object, 2577 struct sockaddr_in6 *address, int act) 2578 { 2579 #ifdef CONFIG_AUDIT 2580 struct lsm_network_audit net; 2581 #endif 2582 struct smk_audit_info ad; 2583 int rc; 2584 2585 #ifdef CONFIG_AUDIT 2586 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2587 ad.a.u.net->family = PF_INET6; 2588 ad.a.u.net->dport = ntohs(address->sin6_port); 2589 if (act == SMK_RECEIVING) 2590 ad.a.u.net->v6info.saddr = address->sin6_addr; 2591 else 2592 ad.a.u.net->v6info.daddr = address->sin6_addr; 2593 #endif 2594 rc = smk_access(subject, object, MAY_WRITE, &ad); 2595 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2596 return rc; 2597 } 2598 #endif /* CONFIG_IPV6 */ 2599 2600 #ifdef SMACK_IPV6_PORT_LABELING 2601 /** 2602 * smk_ipv6_port_label - Smack port access table management 2603 * @sock: socket 2604 * @address: address 2605 * 2606 * Create or update the port list entry 2607 */ 2608 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2609 { 2610 struct sock *sk = sock->sk; 2611 struct sockaddr_in6 *addr6; 2612 struct socket_smack *ssp = sock->sk->sk_security; 2613 struct smk_port_label *spp; 2614 unsigned short port = 0; 2615 2616 if (address == NULL) { 2617 /* 2618 * This operation is changing the Smack information 2619 * on the bound socket. Take the changes to the port 2620 * as well. 2621 */ 2622 rcu_read_lock(); 2623 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2624 if (sk != spp->smk_sock) 2625 continue; 2626 spp->smk_in = ssp->smk_in; 2627 spp->smk_out = ssp->smk_out; 2628 rcu_read_unlock(); 2629 return; 2630 } 2631 /* 2632 * A NULL address is only used for updating existing 2633 * bound entries. If there isn't one, it's OK. 2634 */ 2635 rcu_read_unlock(); 2636 return; 2637 } 2638 2639 addr6 = (struct sockaddr_in6 *)address; 2640 port = ntohs(addr6->sin6_port); 2641 /* 2642 * This is a special case that is safely ignored. 2643 */ 2644 if (port == 0) 2645 return; 2646 2647 /* 2648 * Look for an existing port list entry. 2649 * This is an indication that a port is getting reused. 2650 */ 2651 rcu_read_lock(); 2652 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2653 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2654 continue; 2655 if (spp->smk_can_reuse != 1) { 2656 rcu_read_unlock(); 2657 return; 2658 } 2659 spp->smk_port = port; 2660 spp->smk_sock = sk; 2661 spp->smk_in = ssp->smk_in; 2662 spp->smk_out = ssp->smk_out; 2663 spp->smk_can_reuse = 0; 2664 rcu_read_unlock(); 2665 return; 2666 } 2667 rcu_read_unlock(); 2668 /* 2669 * A new port entry is required. 2670 */ 2671 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2672 if (spp == NULL) 2673 return; 2674 2675 spp->smk_port = port; 2676 spp->smk_sock = sk; 2677 spp->smk_in = ssp->smk_in; 2678 spp->smk_out = ssp->smk_out; 2679 spp->smk_sock_type = sock->type; 2680 spp->smk_can_reuse = 0; 2681 2682 mutex_lock(&smack_ipv6_lock); 2683 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2684 mutex_unlock(&smack_ipv6_lock); 2685 return; 2686 } 2687 2688 /** 2689 * smk_ipv6_port_check - check Smack port access 2690 * @sock: socket 2691 * @address: address 2692 * 2693 * Create or update the port list entry 2694 */ 2695 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2696 int act) 2697 { 2698 struct smk_port_label *spp; 2699 struct socket_smack *ssp = sk->sk_security; 2700 struct smack_known *skp = NULL; 2701 unsigned short port; 2702 struct smack_known *object; 2703 2704 if (act == SMK_RECEIVING) { 2705 skp = smack_ipv6host_label(address); 2706 object = ssp->smk_in; 2707 } else { 2708 skp = ssp->smk_out; 2709 object = smack_ipv6host_label(address); 2710 } 2711 2712 /* 2713 * The other end is a single label host. 2714 */ 2715 if (skp != NULL && object != NULL) 2716 return smk_ipv6_check(skp, object, address, act); 2717 if (skp == NULL) 2718 skp = smack_net_ambient; 2719 if (object == NULL) 2720 object = smack_net_ambient; 2721 2722 /* 2723 * It's remote, so port lookup does no good. 2724 */ 2725 if (!smk_ipv6_localhost(address)) 2726 return smk_ipv6_check(skp, object, address, act); 2727 2728 /* 2729 * It's local so the send check has to have passed. 2730 */ 2731 if (act == SMK_RECEIVING) 2732 return 0; 2733 2734 port = ntohs(address->sin6_port); 2735 rcu_read_lock(); 2736 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2737 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2738 continue; 2739 object = spp->smk_in; 2740 if (act == SMK_CONNECTING) 2741 ssp->smk_packet = spp->smk_out; 2742 break; 2743 } 2744 rcu_read_unlock(); 2745 2746 return smk_ipv6_check(skp, object, address, act); 2747 } 2748 #endif /* SMACK_IPV6_PORT_LABELING */ 2749 2750 /** 2751 * smack_inode_setsecurity - set smack xattrs 2752 * @inode: the object 2753 * @name: attribute name 2754 * @value: attribute value 2755 * @size: size of the attribute 2756 * @flags: unused 2757 * 2758 * Sets the named attribute in the appropriate blob 2759 * 2760 * Returns 0 on success, or an error code 2761 */ 2762 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2763 const void *value, size_t size, int flags) 2764 { 2765 struct smack_known *skp; 2766 struct inode_smack *nsp = inode->i_security; 2767 struct socket_smack *ssp; 2768 struct socket *sock; 2769 int rc = 0; 2770 2771 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2772 return -EINVAL; 2773 2774 skp = smk_import_entry(value, size); 2775 if (IS_ERR(skp)) 2776 return PTR_ERR(skp); 2777 2778 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2779 nsp->smk_inode = skp; 2780 nsp->smk_flags |= SMK_INODE_INSTANT; 2781 return 0; 2782 } 2783 /* 2784 * The rest of the Smack xattrs are only on sockets. 2785 */ 2786 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2787 return -EOPNOTSUPP; 2788 2789 sock = SOCKET_I(inode); 2790 if (sock == NULL || sock->sk == NULL) 2791 return -EOPNOTSUPP; 2792 2793 ssp = sock->sk->sk_security; 2794 2795 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2796 ssp->smk_in = skp; 2797 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2798 ssp->smk_out = skp; 2799 if (sock->sk->sk_family == PF_INET) { 2800 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2801 if (rc != 0) 2802 printk(KERN_WARNING 2803 "Smack: \"%s\" netlbl error %d.\n", 2804 __func__, -rc); 2805 } 2806 } else 2807 return -EOPNOTSUPP; 2808 2809 #ifdef SMACK_IPV6_PORT_LABELING 2810 if (sock->sk->sk_family == PF_INET6) 2811 smk_ipv6_port_label(sock, NULL); 2812 #endif 2813 2814 return 0; 2815 } 2816 2817 /** 2818 * smack_socket_post_create - finish socket setup 2819 * @sock: the socket 2820 * @family: protocol family 2821 * @type: unused 2822 * @protocol: unused 2823 * @kern: unused 2824 * 2825 * Sets the netlabel information on the socket 2826 * 2827 * Returns 0 on success, and error code otherwise 2828 */ 2829 static int smack_socket_post_create(struct socket *sock, int family, 2830 int type, int protocol, int kern) 2831 { 2832 struct socket_smack *ssp; 2833 2834 if (sock->sk == NULL) 2835 return 0; 2836 2837 /* 2838 * Sockets created by kernel threads receive web label. 2839 */ 2840 if (unlikely(current->flags & PF_KTHREAD)) { 2841 ssp = sock->sk->sk_security; 2842 ssp->smk_in = &smack_known_web; 2843 ssp->smk_out = &smack_known_web; 2844 } 2845 2846 if (family != PF_INET) 2847 return 0; 2848 /* 2849 * Set the outbound netlbl. 2850 */ 2851 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2852 } 2853 2854 /** 2855 * smack_socket_socketpair - create socket pair 2856 * @socka: one socket 2857 * @sockb: another socket 2858 * 2859 * Cross reference the peer labels for SO_PEERSEC 2860 * 2861 * Returns 0 on success, and error code otherwise 2862 */ 2863 static int smack_socket_socketpair(struct socket *socka, 2864 struct socket *sockb) 2865 { 2866 struct socket_smack *asp = socka->sk->sk_security; 2867 struct socket_smack *bsp = sockb->sk->sk_security; 2868 2869 asp->smk_packet = bsp->smk_out; 2870 bsp->smk_packet = asp->smk_out; 2871 2872 return 0; 2873 } 2874 2875 #ifdef SMACK_IPV6_PORT_LABELING 2876 /** 2877 * smack_socket_bind - record port binding information. 2878 * @sock: the socket 2879 * @address: the port address 2880 * @addrlen: size of the address 2881 * 2882 * Records the label bound to a port. 2883 * 2884 * Returns 0 2885 */ 2886 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2887 int addrlen) 2888 { 2889 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) 2890 smk_ipv6_port_label(sock, address); 2891 return 0; 2892 } 2893 #endif /* SMACK_IPV6_PORT_LABELING */ 2894 2895 /** 2896 * smack_socket_connect - connect access check 2897 * @sock: the socket 2898 * @sap: the other end 2899 * @addrlen: size of sap 2900 * 2901 * Verifies that a connection may be possible 2902 * 2903 * Returns 0 on success, and error code otherwise 2904 */ 2905 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2906 int addrlen) 2907 { 2908 int rc = 0; 2909 #if IS_ENABLED(CONFIG_IPV6) 2910 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2911 #endif 2912 #ifdef SMACK_IPV6_SECMARK_LABELING 2913 struct smack_known *rsp; 2914 struct socket_smack *ssp; 2915 #endif 2916 2917 if (sock->sk == NULL) 2918 return 0; 2919 2920 #ifdef SMACK_IPV6_SECMARK_LABELING 2921 ssp = sock->sk->sk_security; 2922 #endif 2923 2924 switch (sock->sk->sk_family) { 2925 case PF_INET: 2926 if (addrlen < sizeof(struct sockaddr_in)) 2927 return -EINVAL; 2928 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); 2929 break; 2930 case PF_INET6: 2931 if (addrlen < sizeof(struct sockaddr_in6)) 2932 return -EINVAL; 2933 #ifdef SMACK_IPV6_SECMARK_LABELING 2934 rsp = smack_ipv6host_label(sip); 2935 if (rsp != NULL) 2936 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2937 SMK_CONNECTING); 2938 #endif 2939 #ifdef SMACK_IPV6_PORT_LABELING 2940 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2941 #endif 2942 break; 2943 } 2944 return rc; 2945 } 2946 2947 /** 2948 * smack_flags_to_may - convert S_ to MAY_ values 2949 * @flags: the S_ value 2950 * 2951 * Returns the equivalent MAY_ value 2952 */ 2953 static int smack_flags_to_may(int flags) 2954 { 2955 int may = 0; 2956 2957 if (flags & S_IRUGO) 2958 may |= MAY_READ; 2959 if (flags & S_IWUGO) 2960 may |= MAY_WRITE; 2961 if (flags & S_IXUGO) 2962 may |= MAY_EXEC; 2963 2964 return may; 2965 } 2966 2967 /** 2968 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2969 * @msg: the object 2970 * 2971 * Returns 0 2972 */ 2973 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2974 { 2975 struct smack_known *skp = smk_of_current(); 2976 2977 msg->security = skp; 2978 return 0; 2979 } 2980 2981 /** 2982 * smack_msg_msg_free_security - Clear the security blob for msg_msg 2983 * @msg: the object 2984 * 2985 * Clears the blob pointer 2986 */ 2987 static void smack_msg_msg_free_security(struct msg_msg *msg) 2988 { 2989 msg->security = NULL; 2990 } 2991 2992 /** 2993 * smack_of_ipc - the smack pointer for the ipc 2994 * @isp: the object 2995 * 2996 * Returns a pointer to the smack value 2997 */ 2998 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2999 { 3000 return (struct smack_known *)isp->security; 3001 } 3002 3003 /** 3004 * smack_ipc_alloc_security - Set the security blob for ipc 3005 * @isp: the object 3006 * 3007 * Returns 0 3008 */ 3009 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 3010 { 3011 struct smack_known *skp = smk_of_current(); 3012 3013 isp->security = skp; 3014 return 0; 3015 } 3016 3017 /** 3018 * smack_ipc_free_security - Clear the security blob for ipc 3019 * @isp: the object 3020 * 3021 * Clears the blob pointer 3022 */ 3023 static void smack_ipc_free_security(struct kern_ipc_perm *isp) 3024 { 3025 isp->security = NULL; 3026 } 3027 3028 /** 3029 * smk_curacc_shm : check if current has access on shm 3030 * @isp : the object 3031 * @access : access requested 3032 * 3033 * Returns 0 if current has the requested access, error code otherwise 3034 */ 3035 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 3036 { 3037 struct smack_known *ssp = smack_of_ipc(isp); 3038 struct smk_audit_info ad; 3039 int rc; 3040 3041 #ifdef CONFIG_AUDIT 3042 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3043 ad.a.u.ipc_id = isp->id; 3044 #endif 3045 rc = smk_curacc(ssp, access, &ad); 3046 rc = smk_bu_current("shm", ssp, access, rc); 3047 return rc; 3048 } 3049 3050 /** 3051 * smack_shm_associate - Smack access check for shm 3052 * @isp: the object 3053 * @shmflg: access requested 3054 * 3055 * Returns 0 if current has the requested access, error code otherwise 3056 */ 3057 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 3058 { 3059 int may; 3060 3061 may = smack_flags_to_may(shmflg); 3062 return smk_curacc_shm(isp, may); 3063 } 3064 3065 /** 3066 * smack_shm_shmctl - Smack access check for shm 3067 * @isp: the object 3068 * @cmd: what it wants to do 3069 * 3070 * Returns 0 if current has the requested access, error code otherwise 3071 */ 3072 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 3073 { 3074 int may; 3075 3076 switch (cmd) { 3077 case IPC_STAT: 3078 case SHM_STAT: 3079 case SHM_STAT_ANY: 3080 may = MAY_READ; 3081 break; 3082 case IPC_SET: 3083 case SHM_LOCK: 3084 case SHM_UNLOCK: 3085 case IPC_RMID: 3086 may = MAY_READWRITE; 3087 break; 3088 case IPC_INFO: 3089 case SHM_INFO: 3090 /* 3091 * System level information. 3092 */ 3093 return 0; 3094 default: 3095 return -EINVAL; 3096 } 3097 return smk_curacc_shm(isp, may); 3098 } 3099 3100 /** 3101 * smack_shm_shmat - Smack access for shmat 3102 * @isp: the object 3103 * @shmaddr: unused 3104 * @shmflg: access requested 3105 * 3106 * Returns 0 if current has the requested access, error code otherwise 3107 */ 3108 static int smack_shm_shmat(struct kern_ipc_perm *ipc, char __user *shmaddr, 3109 int shmflg) 3110 { 3111 int may; 3112 3113 may = smack_flags_to_may(shmflg); 3114 return smk_curacc_shm(ipc, may); 3115 } 3116 3117 /** 3118 * smk_curacc_sem : check if current has access on sem 3119 * @isp : the object 3120 * @access : access requested 3121 * 3122 * Returns 0 if current has the requested access, error code otherwise 3123 */ 3124 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3125 { 3126 struct smack_known *ssp = smack_of_ipc(isp); 3127 struct smk_audit_info ad; 3128 int rc; 3129 3130 #ifdef CONFIG_AUDIT 3131 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3132 ad.a.u.ipc_id = isp->id; 3133 #endif 3134 rc = smk_curacc(ssp, access, &ad); 3135 rc = smk_bu_current("sem", ssp, access, rc); 3136 return rc; 3137 } 3138 3139 /** 3140 * smack_sem_associate - Smack access check for sem 3141 * @isp: the object 3142 * @semflg: access requested 3143 * 3144 * Returns 0 if current has the requested access, error code otherwise 3145 */ 3146 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3147 { 3148 int may; 3149 3150 may = smack_flags_to_may(semflg); 3151 return smk_curacc_sem(isp, may); 3152 } 3153 3154 /** 3155 * smack_sem_shmctl - Smack access check for sem 3156 * @isp: the object 3157 * @cmd: what it wants to do 3158 * 3159 * Returns 0 if current has the requested access, error code otherwise 3160 */ 3161 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3162 { 3163 int may; 3164 3165 switch (cmd) { 3166 case GETPID: 3167 case GETNCNT: 3168 case GETZCNT: 3169 case GETVAL: 3170 case GETALL: 3171 case IPC_STAT: 3172 case SEM_STAT: 3173 case SEM_STAT_ANY: 3174 may = MAY_READ; 3175 break; 3176 case SETVAL: 3177 case SETALL: 3178 case IPC_RMID: 3179 case IPC_SET: 3180 may = MAY_READWRITE; 3181 break; 3182 case IPC_INFO: 3183 case SEM_INFO: 3184 /* 3185 * System level information 3186 */ 3187 return 0; 3188 default: 3189 return -EINVAL; 3190 } 3191 3192 return smk_curacc_sem(isp, may); 3193 } 3194 3195 /** 3196 * smack_sem_semop - Smack checks of semaphore operations 3197 * @isp: the object 3198 * @sops: unused 3199 * @nsops: unused 3200 * @alter: unused 3201 * 3202 * Treated as read and write in all cases. 3203 * 3204 * Returns 0 if access is allowed, error code otherwise 3205 */ 3206 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3207 unsigned nsops, int alter) 3208 { 3209 return smk_curacc_sem(isp, MAY_READWRITE); 3210 } 3211 3212 /** 3213 * smk_curacc_msq : helper to check if current has access on msq 3214 * @isp : the msq 3215 * @access : access requested 3216 * 3217 * return 0 if current has access, error otherwise 3218 */ 3219 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3220 { 3221 struct smack_known *msp = smack_of_ipc(isp); 3222 struct smk_audit_info ad; 3223 int rc; 3224 3225 #ifdef CONFIG_AUDIT 3226 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3227 ad.a.u.ipc_id = isp->id; 3228 #endif 3229 rc = smk_curacc(msp, access, &ad); 3230 rc = smk_bu_current("msq", msp, access, rc); 3231 return rc; 3232 } 3233 3234 /** 3235 * smack_msg_queue_associate - Smack access check for msg_queue 3236 * @isp: the object 3237 * @msqflg: access requested 3238 * 3239 * Returns 0 if current has the requested access, error code otherwise 3240 */ 3241 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3242 { 3243 int may; 3244 3245 may = smack_flags_to_may(msqflg); 3246 return smk_curacc_msq(isp, may); 3247 } 3248 3249 /** 3250 * smack_msg_queue_msgctl - Smack access check for msg_queue 3251 * @isp: the object 3252 * @cmd: what it wants to do 3253 * 3254 * Returns 0 if current has the requested access, error code otherwise 3255 */ 3256 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3257 { 3258 int may; 3259 3260 switch (cmd) { 3261 case IPC_STAT: 3262 case MSG_STAT: 3263 case MSG_STAT_ANY: 3264 may = MAY_READ; 3265 break; 3266 case IPC_SET: 3267 case IPC_RMID: 3268 may = MAY_READWRITE; 3269 break; 3270 case IPC_INFO: 3271 case MSG_INFO: 3272 /* 3273 * System level information 3274 */ 3275 return 0; 3276 default: 3277 return -EINVAL; 3278 } 3279 3280 return smk_curacc_msq(isp, may); 3281 } 3282 3283 /** 3284 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3285 * @isp: the object 3286 * @msg: unused 3287 * @msqflg: access requested 3288 * 3289 * Returns 0 if current has the requested access, error code otherwise 3290 */ 3291 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3292 int msqflg) 3293 { 3294 int may; 3295 3296 may = smack_flags_to_may(msqflg); 3297 return smk_curacc_msq(isp, may); 3298 } 3299 3300 /** 3301 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3302 * @isp: the object 3303 * @msg: unused 3304 * @target: unused 3305 * @type: unused 3306 * @mode: unused 3307 * 3308 * Returns 0 if current has read and write access, error code otherwise 3309 */ 3310 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg, 3311 struct task_struct *target, long type, int mode) 3312 { 3313 return smk_curacc_msq(isp, MAY_READWRITE); 3314 } 3315 3316 /** 3317 * smack_ipc_permission - Smack access for ipc_permission() 3318 * @ipp: the object permissions 3319 * @flag: access requested 3320 * 3321 * Returns 0 if current has read and write access, error code otherwise 3322 */ 3323 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3324 { 3325 struct smack_known *iskp = ipp->security; 3326 int may = smack_flags_to_may(flag); 3327 struct smk_audit_info ad; 3328 int rc; 3329 3330 #ifdef CONFIG_AUDIT 3331 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3332 ad.a.u.ipc_id = ipp->id; 3333 #endif 3334 rc = smk_curacc(iskp, may, &ad); 3335 rc = smk_bu_current("svipc", iskp, may, rc); 3336 return rc; 3337 } 3338 3339 /** 3340 * smack_ipc_getsecid - Extract smack security id 3341 * @ipp: the object permissions 3342 * @secid: where result will be saved 3343 */ 3344 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3345 { 3346 struct smack_known *iskp = ipp->security; 3347 3348 *secid = iskp->smk_secid; 3349 } 3350 3351 /** 3352 * smack_d_instantiate - Make sure the blob is correct on an inode 3353 * @opt_dentry: dentry where inode will be attached 3354 * @inode: the object 3355 * 3356 * Set the inode's security blob if it hasn't been done already. 3357 */ 3358 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3359 { 3360 struct super_block *sbp; 3361 struct superblock_smack *sbsp; 3362 struct inode_smack *isp; 3363 struct smack_known *skp; 3364 struct smack_known *ckp = smk_of_current(); 3365 struct smack_known *final; 3366 char trattr[TRANS_TRUE_SIZE]; 3367 int transflag = 0; 3368 int rc; 3369 struct dentry *dp; 3370 3371 if (inode == NULL) 3372 return; 3373 3374 isp = inode->i_security; 3375 3376 mutex_lock(&isp->smk_lock); 3377 /* 3378 * If the inode is already instantiated 3379 * take the quick way out 3380 */ 3381 if (isp->smk_flags & SMK_INODE_INSTANT) 3382 goto unlockandout; 3383 3384 sbp = inode->i_sb; 3385 sbsp = sbp->s_security; 3386 /* 3387 * We're going to use the superblock default label 3388 * if there's no label on the file. 3389 */ 3390 final = sbsp->smk_default; 3391 3392 /* 3393 * If this is the root inode the superblock 3394 * may be in the process of initialization. 3395 * If that is the case use the root value out 3396 * of the superblock. 3397 */ 3398 if (opt_dentry->d_parent == opt_dentry) { 3399 switch (sbp->s_magic) { 3400 case CGROUP_SUPER_MAGIC: 3401 case CGROUP2_SUPER_MAGIC: 3402 /* 3403 * The cgroup filesystem is never mounted, 3404 * so there's no opportunity to set the mount 3405 * options. 3406 */ 3407 sbsp->smk_root = &smack_known_star; 3408 sbsp->smk_default = &smack_known_star; 3409 isp->smk_inode = sbsp->smk_root; 3410 break; 3411 case TMPFS_MAGIC: 3412 /* 3413 * What about shmem/tmpfs anonymous files with dentry 3414 * obtained from d_alloc_pseudo()? 3415 */ 3416 isp->smk_inode = smk_of_current(); 3417 break; 3418 case PIPEFS_MAGIC: 3419 isp->smk_inode = smk_of_current(); 3420 break; 3421 case SOCKFS_MAGIC: 3422 /* 3423 * Socket access is controlled by the socket 3424 * structures associated with the task involved. 3425 */ 3426 isp->smk_inode = &smack_known_star; 3427 break; 3428 default: 3429 isp->smk_inode = sbsp->smk_root; 3430 break; 3431 } 3432 isp->smk_flags |= SMK_INODE_INSTANT; 3433 goto unlockandout; 3434 } 3435 3436 /* 3437 * This is pretty hackish. 3438 * Casey says that we shouldn't have to do 3439 * file system specific code, but it does help 3440 * with keeping it simple. 3441 */ 3442 switch (sbp->s_magic) { 3443 case SMACK_MAGIC: 3444 case CGROUP_SUPER_MAGIC: 3445 case CGROUP2_SUPER_MAGIC: 3446 /* 3447 * Casey says that it's a little embarrassing 3448 * that the smack file system doesn't do 3449 * extended attributes. 3450 * 3451 * Cgroupfs is special 3452 */ 3453 final = &smack_known_star; 3454 break; 3455 case DEVPTS_SUPER_MAGIC: 3456 /* 3457 * devpts seems content with the label of the task. 3458 * Programs that change smack have to treat the 3459 * pty with respect. 3460 */ 3461 final = ckp; 3462 break; 3463 case PROC_SUPER_MAGIC: 3464 /* 3465 * Casey says procfs appears not to care. 3466 * The superblock default suffices. 3467 */ 3468 break; 3469 case TMPFS_MAGIC: 3470 /* 3471 * Device labels should come from the filesystem, 3472 * but watch out, because they're volitile, 3473 * getting recreated on every reboot. 3474 */ 3475 final = &smack_known_star; 3476 /* 3477 * Fall through. 3478 * 3479 * If a smack value has been set we want to use it, 3480 * but since tmpfs isn't giving us the opportunity 3481 * to set mount options simulate setting the 3482 * superblock default. 3483 */ 3484 default: 3485 /* 3486 * This isn't an understood special case. 3487 * Get the value from the xattr. 3488 */ 3489 3490 /* 3491 * UNIX domain sockets use lower level socket data. 3492 */ 3493 if (S_ISSOCK(inode->i_mode)) { 3494 final = &smack_known_star; 3495 break; 3496 } 3497 /* 3498 * No xattr support means, alas, no SMACK label. 3499 * Use the aforeapplied default. 3500 * It would be curious if the label of the task 3501 * does not match that assigned. 3502 */ 3503 if (!(inode->i_opflags & IOP_XATTR)) 3504 break; 3505 /* 3506 * Get the dentry for xattr. 3507 */ 3508 dp = dget(opt_dentry); 3509 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3510 if (!IS_ERR_OR_NULL(skp)) 3511 final = skp; 3512 3513 /* 3514 * Transmuting directory 3515 */ 3516 if (S_ISDIR(inode->i_mode)) { 3517 /* 3518 * If this is a new directory and the label was 3519 * transmuted when the inode was initialized 3520 * set the transmute attribute on the directory 3521 * and mark the inode. 3522 * 3523 * If there is a transmute attribute on the 3524 * directory mark the inode. 3525 */ 3526 if (isp->smk_flags & SMK_INODE_CHANGED) { 3527 isp->smk_flags &= ~SMK_INODE_CHANGED; 3528 rc = __vfs_setxattr(dp, inode, 3529 XATTR_NAME_SMACKTRANSMUTE, 3530 TRANS_TRUE, TRANS_TRUE_SIZE, 3531 0); 3532 } else { 3533 rc = __vfs_getxattr(dp, inode, 3534 XATTR_NAME_SMACKTRANSMUTE, trattr, 3535 TRANS_TRUE_SIZE); 3536 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3537 TRANS_TRUE_SIZE) != 0) 3538 rc = -EINVAL; 3539 } 3540 if (rc >= 0) 3541 transflag = SMK_INODE_TRANSMUTE; 3542 } 3543 /* 3544 * Don't let the exec or mmap label be "*" or "@". 3545 */ 3546 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3547 if (IS_ERR(skp) || skp == &smack_known_star || 3548 skp == &smack_known_web) 3549 skp = NULL; 3550 isp->smk_task = skp; 3551 3552 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3553 if (IS_ERR(skp) || skp == &smack_known_star || 3554 skp == &smack_known_web) 3555 skp = NULL; 3556 isp->smk_mmap = skp; 3557 3558 dput(dp); 3559 break; 3560 } 3561 3562 if (final == NULL) 3563 isp->smk_inode = ckp; 3564 else 3565 isp->smk_inode = final; 3566 3567 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3568 3569 unlockandout: 3570 mutex_unlock(&isp->smk_lock); 3571 return; 3572 } 3573 3574 /** 3575 * smack_getprocattr - Smack process attribute access 3576 * @p: the object task 3577 * @name: the name of the attribute in /proc/.../attr 3578 * @value: where to put the result 3579 * 3580 * Places a copy of the task Smack into value 3581 * 3582 * Returns the length of the smack label or an error code 3583 */ 3584 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3585 { 3586 struct smack_known *skp = smk_of_task_struct(p); 3587 char *cp; 3588 int slen; 3589 3590 if (strcmp(name, "current") != 0) 3591 return -EINVAL; 3592 3593 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3594 if (cp == NULL) 3595 return -ENOMEM; 3596 3597 slen = strlen(cp); 3598 *value = cp; 3599 return slen; 3600 } 3601 3602 /** 3603 * smack_setprocattr - Smack process attribute setting 3604 * @name: the name of the attribute in /proc/.../attr 3605 * @value: the value to set 3606 * @size: the size of the value 3607 * 3608 * Sets the Smack value of the task. Only setting self 3609 * is permitted and only with privilege 3610 * 3611 * Returns the length of the smack label or an error code 3612 */ 3613 static int smack_setprocattr(const char *name, void *value, size_t size) 3614 { 3615 struct task_smack *tsp = current_security(); 3616 struct cred *new; 3617 struct smack_known *skp; 3618 struct smack_known_list_elem *sklep; 3619 int rc; 3620 3621 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3622 return -EPERM; 3623 3624 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3625 return -EINVAL; 3626 3627 if (strcmp(name, "current") != 0) 3628 return -EINVAL; 3629 3630 skp = smk_import_entry(value, size); 3631 if (IS_ERR(skp)) 3632 return PTR_ERR(skp); 3633 3634 /* 3635 * No process is ever allowed the web ("@") label 3636 * and the star ("*") label. 3637 */ 3638 if (skp == &smack_known_web || skp == &smack_known_star) 3639 return -EINVAL; 3640 3641 if (!smack_privileged(CAP_MAC_ADMIN)) { 3642 rc = -EPERM; 3643 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3644 if (sklep->smk_label == skp) { 3645 rc = 0; 3646 break; 3647 } 3648 if (rc) 3649 return rc; 3650 } 3651 3652 new = prepare_creds(); 3653 if (new == NULL) 3654 return -ENOMEM; 3655 3656 tsp = new->security; 3657 tsp->smk_task = skp; 3658 /* 3659 * process can change its label only once 3660 */ 3661 smk_destroy_label_list(&tsp->smk_relabel); 3662 3663 commit_creds(new); 3664 return size; 3665 } 3666 3667 /** 3668 * smack_unix_stream_connect - Smack access on UDS 3669 * @sock: one sock 3670 * @other: the other sock 3671 * @newsk: unused 3672 * 3673 * Return 0 if a subject with the smack of sock could access 3674 * an object with the smack of other, otherwise an error code 3675 */ 3676 static int smack_unix_stream_connect(struct sock *sock, 3677 struct sock *other, struct sock *newsk) 3678 { 3679 struct smack_known *skp; 3680 struct smack_known *okp; 3681 struct socket_smack *ssp = sock->sk_security; 3682 struct socket_smack *osp = other->sk_security; 3683 struct socket_smack *nsp = newsk->sk_security; 3684 struct smk_audit_info ad; 3685 int rc = 0; 3686 #ifdef CONFIG_AUDIT 3687 struct lsm_network_audit net; 3688 #endif 3689 3690 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3691 skp = ssp->smk_out; 3692 okp = osp->smk_in; 3693 #ifdef CONFIG_AUDIT 3694 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3695 smk_ad_setfield_u_net_sk(&ad, other); 3696 #endif 3697 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3698 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3699 if (rc == 0) { 3700 okp = osp->smk_out; 3701 skp = ssp->smk_in; 3702 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3703 rc = smk_bu_note("UDS connect", okp, skp, 3704 MAY_WRITE, rc); 3705 } 3706 } 3707 3708 /* 3709 * Cross reference the peer labels for SO_PEERSEC. 3710 */ 3711 if (rc == 0) { 3712 nsp->smk_packet = ssp->smk_out; 3713 ssp->smk_packet = osp->smk_out; 3714 } 3715 3716 return rc; 3717 } 3718 3719 /** 3720 * smack_unix_may_send - Smack access on UDS 3721 * @sock: one socket 3722 * @other: the other socket 3723 * 3724 * Return 0 if a subject with the smack of sock could access 3725 * an object with the smack of other, otherwise an error code 3726 */ 3727 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3728 { 3729 struct socket_smack *ssp = sock->sk->sk_security; 3730 struct socket_smack *osp = other->sk->sk_security; 3731 struct smk_audit_info ad; 3732 int rc; 3733 3734 #ifdef CONFIG_AUDIT 3735 struct lsm_network_audit net; 3736 3737 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3738 smk_ad_setfield_u_net_sk(&ad, other->sk); 3739 #endif 3740 3741 if (smack_privileged(CAP_MAC_OVERRIDE)) 3742 return 0; 3743 3744 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3745 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3746 return rc; 3747 } 3748 3749 /** 3750 * smack_socket_sendmsg - Smack check based on destination host 3751 * @sock: the socket 3752 * @msg: the message 3753 * @size: the size of the message 3754 * 3755 * Return 0 if the current subject can write to the destination host. 3756 * For IPv4 this is only a question if the destination is a single label host. 3757 * For IPv6 this is a check against the label of the port. 3758 */ 3759 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3760 int size) 3761 { 3762 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3763 #if IS_ENABLED(CONFIG_IPV6) 3764 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3765 #endif 3766 #ifdef SMACK_IPV6_SECMARK_LABELING 3767 struct socket_smack *ssp = sock->sk->sk_security; 3768 struct smack_known *rsp; 3769 #endif 3770 int rc = 0; 3771 3772 /* 3773 * Perfectly reasonable for this to be NULL 3774 */ 3775 if (sip == NULL) 3776 return 0; 3777 3778 switch (sock->sk->sk_family) { 3779 case AF_INET: 3780 rc = smack_netlabel_send(sock->sk, sip); 3781 break; 3782 case AF_INET6: 3783 #ifdef SMACK_IPV6_SECMARK_LABELING 3784 rsp = smack_ipv6host_label(sap); 3785 if (rsp != NULL) 3786 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3787 SMK_CONNECTING); 3788 #endif 3789 #ifdef SMACK_IPV6_PORT_LABELING 3790 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3791 #endif 3792 break; 3793 } 3794 return rc; 3795 } 3796 3797 /** 3798 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3799 * @sap: netlabel secattr 3800 * @ssp: socket security information 3801 * 3802 * Returns a pointer to a Smack label entry found on the label list. 3803 */ 3804 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3805 struct socket_smack *ssp) 3806 { 3807 struct smack_known *skp; 3808 int found = 0; 3809 int acat; 3810 int kcat; 3811 3812 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3813 /* 3814 * Looks like a CIPSO packet. 3815 * If there are flags but no level netlabel isn't 3816 * behaving the way we expect it to. 3817 * 3818 * Look it up in the label table 3819 * Without guidance regarding the smack value 3820 * for the packet fall back on the network 3821 * ambient value. 3822 */ 3823 rcu_read_lock(); 3824 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3825 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3826 continue; 3827 /* 3828 * Compare the catsets. Use the netlbl APIs. 3829 */ 3830 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3831 if ((skp->smk_netlabel.flags & 3832 NETLBL_SECATTR_MLS_CAT) == 0) 3833 found = 1; 3834 break; 3835 } 3836 for (acat = -1, kcat = -1; acat == kcat; ) { 3837 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3838 acat + 1); 3839 kcat = netlbl_catmap_walk( 3840 skp->smk_netlabel.attr.mls.cat, 3841 kcat + 1); 3842 if (acat < 0 || kcat < 0) 3843 break; 3844 } 3845 if (acat == kcat) { 3846 found = 1; 3847 break; 3848 } 3849 } 3850 rcu_read_unlock(); 3851 3852 if (found) 3853 return skp; 3854 3855 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3856 return &smack_known_web; 3857 return &smack_known_star; 3858 } 3859 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3860 /* 3861 * Looks like a fallback, which gives us a secid. 3862 */ 3863 return smack_from_secid(sap->attr.secid); 3864 /* 3865 * Without guidance regarding the smack value 3866 * for the packet fall back on the network 3867 * ambient value. 3868 */ 3869 return smack_net_ambient; 3870 } 3871 3872 #if IS_ENABLED(CONFIG_IPV6) 3873 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3874 { 3875 u8 nexthdr; 3876 int offset; 3877 int proto = -EINVAL; 3878 struct ipv6hdr _ipv6h; 3879 struct ipv6hdr *ip6; 3880 __be16 frag_off; 3881 struct tcphdr _tcph, *th; 3882 struct udphdr _udph, *uh; 3883 struct dccp_hdr _dccph, *dh; 3884 3885 sip->sin6_port = 0; 3886 3887 offset = skb_network_offset(skb); 3888 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3889 if (ip6 == NULL) 3890 return -EINVAL; 3891 sip->sin6_addr = ip6->saddr; 3892 3893 nexthdr = ip6->nexthdr; 3894 offset += sizeof(_ipv6h); 3895 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3896 if (offset < 0) 3897 return -EINVAL; 3898 3899 proto = nexthdr; 3900 switch (proto) { 3901 case IPPROTO_TCP: 3902 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3903 if (th != NULL) 3904 sip->sin6_port = th->source; 3905 break; 3906 case IPPROTO_UDP: 3907 case IPPROTO_UDPLITE: 3908 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3909 if (uh != NULL) 3910 sip->sin6_port = uh->source; 3911 break; 3912 case IPPROTO_DCCP: 3913 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3914 if (dh != NULL) 3915 sip->sin6_port = dh->dccph_sport; 3916 break; 3917 } 3918 return proto; 3919 } 3920 #endif /* CONFIG_IPV6 */ 3921 3922 /** 3923 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3924 * @sk: socket 3925 * @skb: packet 3926 * 3927 * Returns 0 if the packet should be delivered, an error code otherwise 3928 */ 3929 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3930 { 3931 struct netlbl_lsm_secattr secattr; 3932 struct socket_smack *ssp = sk->sk_security; 3933 struct smack_known *skp = NULL; 3934 int rc = 0; 3935 struct smk_audit_info ad; 3936 u16 family = sk->sk_family; 3937 #ifdef CONFIG_AUDIT 3938 struct lsm_network_audit net; 3939 #endif 3940 #if IS_ENABLED(CONFIG_IPV6) 3941 struct sockaddr_in6 sadd; 3942 int proto; 3943 3944 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3945 family = PF_INET; 3946 #endif /* CONFIG_IPV6 */ 3947 3948 switch (family) { 3949 case PF_INET: 3950 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3951 /* 3952 * If there is a secmark use it rather than the CIPSO label. 3953 * If there is no secmark fall back to CIPSO. 3954 * The secmark is assumed to reflect policy better. 3955 */ 3956 if (skb && skb->secmark != 0) { 3957 skp = smack_from_secid(skb->secmark); 3958 goto access_check; 3959 } 3960 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3961 /* 3962 * Translate what netlabel gave us. 3963 */ 3964 netlbl_secattr_init(&secattr); 3965 3966 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3967 if (rc == 0) 3968 skp = smack_from_secattr(&secattr, ssp); 3969 else 3970 skp = smack_net_ambient; 3971 3972 netlbl_secattr_destroy(&secattr); 3973 3974 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3975 access_check: 3976 #endif 3977 #ifdef CONFIG_AUDIT 3978 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3979 ad.a.u.net->family = family; 3980 ad.a.u.net->netif = skb->skb_iif; 3981 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3982 #endif 3983 /* 3984 * Receiving a packet requires that the other end 3985 * be able to write here. Read access is not required. 3986 * This is the simplist possible security model 3987 * for networking. 3988 */ 3989 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3990 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3991 MAY_WRITE, rc); 3992 if (rc != 0) 3993 netlbl_skbuff_err(skb, family, rc, 0); 3994 break; 3995 #if IS_ENABLED(CONFIG_IPV6) 3996 case PF_INET6: 3997 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3998 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3999 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 4000 break; 4001 #ifdef SMACK_IPV6_SECMARK_LABELING 4002 if (skb && skb->secmark != 0) 4003 skp = smack_from_secid(skb->secmark); 4004 else 4005 skp = smack_ipv6host_label(&sadd); 4006 if (skp == NULL) 4007 skp = smack_net_ambient; 4008 #ifdef CONFIG_AUDIT 4009 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4010 ad.a.u.net->family = family; 4011 ad.a.u.net->netif = skb->skb_iif; 4012 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 4013 #endif /* CONFIG_AUDIT */ 4014 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4015 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 4016 MAY_WRITE, rc); 4017 #endif /* SMACK_IPV6_SECMARK_LABELING */ 4018 #ifdef SMACK_IPV6_PORT_LABELING 4019 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 4020 #endif /* SMACK_IPV6_PORT_LABELING */ 4021 if (rc != 0) 4022 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 4023 ICMPV6_ADM_PROHIBITED, 0); 4024 break; 4025 #endif /* CONFIG_IPV6 */ 4026 } 4027 4028 return rc; 4029 } 4030 4031 /** 4032 * smack_socket_getpeersec_stream - pull in packet label 4033 * @sock: the socket 4034 * @optval: user's destination 4035 * @optlen: size thereof 4036 * @len: max thereof 4037 * 4038 * returns zero on success, an error code otherwise 4039 */ 4040 static int smack_socket_getpeersec_stream(struct socket *sock, 4041 char __user *optval, 4042 int __user *optlen, unsigned len) 4043 { 4044 struct socket_smack *ssp; 4045 char *rcp = ""; 4046 int slen = 1; 4047 int rc = 0; 4048 4049 ssp = sock->sk->sk_security; 4050 if (ssp->smk_packet != NULL) { 4051 rcp = ssp->smk_packet->smk_known; 4052 slen = strlen(rcp) + 1; 4053 } 4054 4055 if (slen > len) 4056 rc = -ERANGE; 4057 else if (copy_to_user(optval, rcp, slen) != 0) 4058 rc = -EFAULT; 4059 4060 if (put_user(slen, optlen) != 0) 4061 rc = -EFAULT; 4062 4063 return rc; 4064 } 4065 4066 4067 /** 4068 * smack_socket_getpeersec_dgram - pull in packet label 4069 * @sock: the peer socket 4070 * @skb: packet data 4071 * @secid: pointer to where to put the secid of the packet 4072 * 4073 * Sets the netlabel socket state on sk from parent 4074 */ 4075 static int smack_socket_getpeersec_dgram(struct socket *sock, 4076 struct sk_buff *skb, u32 *secid) 4077 4078 { 4079 struct netlbl_lsm_secattr secattr; 4080 struct socket_smack *ssp = NULL; 4081 struct smack_known *skp; 4082 int family = PF_UNSPEC; 4083 u32 s = 0; /* 0 is the invalid secid */ 4084 int rc; 4085 4086 if (skb != NULL) { 4087 if (skb->protocol == htons(ETH_P_IP)) 4088 family = PF_INET; 4089 #if IS_ENABLED(CONFIG_IPV6) 4090 else if (skb->protocol == htons(ETH_P_IPV6)) 4091 family = PF_INET6; 4092 #endif /* CONFIG_IPV6 */ 4093 } 4094 if (family == PF_UNSPEC && sock != NULL) 4095 family = sock->sk->sk_family; 4096 4097 switch (family) { 4098 case PF_UNIX: 4099 ssp = sock->sk->sk_security; 4100 s = ssp->smk_out->smk_secid; 4101 break; 4102 case PF_INET: 4103 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4104 s = skb->secmark; 4105 if (s != 0) 4106 break; 4107 #endif 4108 /* 4109 * Translate what netlabel gave us. 4110 */ 4111 if (sock != NULL && sock->sk != NULL) 4112 ssp = sock->sk->sk_security; 4113 netlbl_secattr_init(&secattr); 4114 rc = netlbl_skbuff_getattr(skb, family, &secattr); 4115 if (rc == 0) { 4116 skp = smack_from_secattr(&secattr, ssp); 4117 s = skp->smk_secid; 4118 } 4119 netlbl_secattr_destroy(&secattr); 4120 break; 4121 case PF_INET6: 4122 #ifdef SMACK_IPV6_SECMARK_LABELING 4123 s = skb->secmark; 4124 #endif 4125 break; 4126 } 4127 *secid = s; 4128 if (s == 0) 4129 return -EINVAL; 4130 return 0; 4131 } 4132 4133 /** 4134 * smack_sock_graft - Initialize a newly created socket with an existing sock 4135 * @sk: child sock 4136 * @parent: parent socket 4137 * 4138 * Set the smk_{in,out} state of an existing sock based on the process that 4139 * is creating the new socket. 4140 */ 4141 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4142 { 4143 struct socket_smack *ssp; 4144 struct smack_known *skp = smk_of_current(); 4145 4146 if (sk == NULL || 4147 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4148 return; 4149 4150 ssp = sk->sk_security; 4151 ssp->smk_in = skp; 4152 ssp->smk_out = skp; 4153 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4154 } 4155 4156 /** 4157 * smack_inet_conn_request - Smack access check on connect 4158 * @sk: socket involved 4159 * @skb: packet 4160 * @req: unused 4161 * 4162 * Returns 0 if a task with the packet label could write to 4163 * the socket, otherwise an error code 4164 */ 4165 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 4166 struct request_sock *req) 4167 { 4168 u16 family = sk->sk_family; 4169 struct smack_known *skp; 4170 struct socket_smack *ssp = sk->sk_security; 4171 struct netlbl_lsm_secattr secattr; 4172 struct sockaddr_in addr; 4173 struct iphdr *hdr; 4174 struct smack_known *hskp; 4175 int rc; 4176 struct smk_audit_info ad; 4177 #ifdef CONFIG_AUDIT 4178 struct lsm_network_audit net; 4179 #endif 4180 4181 #if IS_ENABLED(CONFIG_IPV6) 4182 if (family == PF_INET6) { 4183 /* 4184 * Handle mapped IPv4 packets arriving 4185 * via IPv6 sockets. Don't set up netlabel 4186 * processing on IPv6. 4187 */ 4188 if (skb->protocol == htons(ETH_P_IP)) 4189 family = PF_INET; 4190 else 4191 return 0; 4192 } 4193 #endif /* CONFIG_IPV6 */ 4194 4195 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4196 /* 4197 * If there is a secmark use it rather than the CIPSO label. 4198 * If there is no secmark fall back to CIPSO. 4199 * The secmark is assumed to reflect policy better. 4200 */ 4201 if (skb && skb->secmark != 0) { 4202 skp = smack_from_secid(skb->secmark); 4203 goto access_check; 4204 } 4205 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 4206 4207 netlbl_secattr_init(&secattr); 4208 rc = netlbl_skbuff_getattr(skb, family, &secattr); 4209 if (rc == 0) 4210 skp = smack_from_secattr(&secattr, ssp); 4211 else 4212 skp = &smack_known_huh; 4213 netlbl_secattr_destroy(&secattr); 4214 4215 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4216 access_check: 4217 #endif 4218 4219 #ifdef CONFIG_AUDIT 4220 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4221 ad.a.u.net->family = family; 4222 ad.a.u.net->netif = skb->skb_iif; 4223 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4224 #endif 4225 /* 4226 * Receiving a packet requires that the other end be able to write 4227 * here. Read access is not required. 4228 */ 4229 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4230 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4231 if (rc != 0) 4232 return rc; 4233 4234 /* 4235 * Save the peer's label in the request_sock so we can later setup 4236 * smk_packet in the child socket so that SO_PEERCRED can report it. 4237 */ 4238 req->peer_secid = skp->smk_secid; 4239 4240 /* 4241 * We need to decide if we want to label the incoming connection here 4242 * if we do we only need to label the request_sock and the stack will 4243 * propagate the wire-label to the sock when it is created. 4244 */ 4245 hdr = ip_hdr(skb); 4246 addr.sin_addr.s_addr = hdr->saddr; 4247 rcu_read_lock(); 4248 hskp = smack_ipv4host_label(&addr); 4249 rcu_read_unlock(); 4250 4251 if (hskp == NULL) 4252 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4253 else 4254 netlbl_req_delattr(req); 4255 4256 return rc; 4257 } 4258 4259 /** 4260 * smack_inet_csk_clone - Copy the connection information to the new socket 4261 * @sk: the new socket 4262 * @req: the connection's request_sock 4263 * 4264 * Transfer the connection's peer label to the newly created socket. 4265 */ 4266 static void smack_inet_csk_clone(struct sock *sk, 4267 const struct request_sock *req) 4268 { 4269 struct socket_smack *ssp = sk->sk_security; 4270 struct smack_known *skp; 4271 4272 if (req->peer_secid != 0) { 4273 skp = smack_from_secid(req->peer_secid); 4274 ssp->smk_packet = skp; 4275 } else 4276 ssp->smk_packet = NULL; 4277 } 4278 4279 /* 4280 * Key management security hooks 4281 * 4282 * Casey has not tested key support very heavily. 4283 * The permission check is most likely too restrictive. 4284 * If you care about keys please have a look. 4285 */ 4286 #ifdef CONFIG_KEYS 4287 4288 /** 4289 * smack_key_alloc - Set the key security blob 4290 * @key: object 4291 * @cred: the credentials to use 4292 * @flags: unused 4293 * 4294 * No allocation required 4295 * 4296 * Returns 0 4297 */ 4298 static int smack_key_alloc(struct key *key, const struct cred *cred, 4299 unsigned long flags) 4300 { 4301 struct smack_known *skp = smk_of_task(cred->security); 4302 4303 key->security = skp; 4304 return 0; 4305 } 4306 4307 /** 4308 * smack_key_free - Clear the key security blob 4309 * @key: the object 4310 * 4311 * Clear the blob pointer 4312 */ 4313 static void smack_key_free(struct key *key) 4314 { 4315 key->security = NULL; 4316 } 4317 4318 /** 4319 * smack_key_permission - Smack access on a key 4320 * @key_ref: gets to the object 4321 * @cred: the credentials to use 4322 * @perm: requested key permissions 4323 * 4324 * Return 0 if the task has read and write to the object, 4325 * an error code otherwise 4326 */ 4327 static int smack_key_permission(key_ref_t key_ref, 4328 const struct cred *cred, unsigned perm) 4329 { 4330 struct key *keyp; 4331 struct smk_audit_info ad; 4332 struct smack_known *tkp = smk_of_task(cred->security); 4333 int request = 0; 4334 int rc; 4335 4336 keyp = key_ref_to_ptr(key_ref); 4337 if (keyp == NULL) 4338 return -EINVAL; 4339 /* 4340 * If the key hasn't been initialized give it access so that 4341 * it may do so. 4342 */ 4343 if (keyp->security == NULL) 4344 return 0; 4345 /* 4346 * This should not occur 4347 */ 4348 if (tkp == NULL) 4349 return -EACCES; 4350 4351 if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred)) 4352 return 0; 4353 4354 #ifdef CONFIG_AUDIT 4355 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4356 ad.a.u.key_struct.key = keyp->serial; 4357 ad.a.u.key_struct.key_desc = keyp->description; 4358 #endif 4359 if (perm & KEY_NEED_READ) 4360 request = MAY_READ; 4361 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR)) 4362 request = MAY_WRITE; 4363 rc = smk_access(tkp, keyp->security, request, &ad); 4364 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4365 return rc; 4366 } 4367 4368 /* 4369 * smack_key_getsecurity - Smack label tagging the key 4370 * @key points to the key to be queried 4371 * @_buffer points to a pointer that should be set to point to the 4372 * resulting string (if no label or an error occurs). 4373 * Return the length of the string (including terminating NUL) or -ve if 4374 * an error. 4375 * May also return 0 (and a NULL buffer pointer) if there is no label. 4376 */ 4377 static int smack_key_getsecurity(struct key *key, char **_buffer) 4378 { 4379 struct smack_known *skp = key->security; 4380 size_t length; 4381 char *copy; 4382 4383 if (key->security == NULL) { 4384 *_buffer = NULL; 4385 return 0; 4386 } 4387 4388 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4389 if (copy == NULL) 4390 return -ENOMEM; 4391 length = strlen(copy) + 1; 4392 4393 *_buffer = copy; 4394 return length; 4395 } 4396 4397 #endif /* CONFIG_KEYS */ 4398 4399 /* 4400 * Smack Audit hooks 4401 * 4402 * Audit requires a unique representation of each Smack specific 4403 * rule. This unique representation is used to distinguish the 4404 * object to be audited from remaining kernel objects and also 4405 * works as a glue between the audit hooks. 4406 * 4407 * Since repository entries are added but never deleted, we'll use 4408 * the smack_known label address related to the given audit rule as 4409 * the needed unique representation. This also better fits the smack 4410 * model where nearly everything is a label. 4411 */ 4412 #ifdef CONFIG_AUDIT 4413 4414 /** 4415 * smack_audit_rule_init - Initialize a smack audit rule 4416 * @field: audit rule fields given from user-space (audit.h) 4417 * @op: required testing operator (=, !=, >, <, ...) 4418 * @rulestr: smack label to be audited 4419 * @vrule: pointer to save our own audit rule representation 4420 * 4421 * Prepare to audit cases where (@field @op @rulestr) is true. 4422 * The label to be audited is created if necessay. 4423 */ 4424 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4425 { 4426 struct smack_known *skp; 4427 char **rule = (char **)vrule; 4428 *rule = NULL; 4429 4430 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4431 return -EINVAL; 4432 4433 if (op != Audit_equal && op != Audit_not_equal) 4434 return -EINVAL; 4435 4436 skp = smk_import_entry(rulestr, 0); 4437 if (IS_ERR(skp)) 4438 return PTR_ERR(skp); 4439 4440 *rule = skp->smk_known; 4441 4442 return 0; 4443 } 4444 4445 /** 4446 * smack_audit_rule_known - Distinguish Smack audit rules 4447 * @krule: rule of interest, in Audit kernel representation format 4448 * 4449 * This is used to filter Smack rules from remaining Audit ones. 4450 * If it's proved that this rule belongs to us, the 4451 * audit_rule_match hook will be called to do the final judgement. 4452 */ 4453 static int smack_audit_rule_known(struct audit_krule *krule) 4454 { 4455 struct audit_field *f; 4456 int i; 4457 4458 for (i = 0; i < krule->field_count; i++) { 4459 f = &krule->fields[i]; 4460 4461 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4462 return 1; 4463 } 4464 4465 return 0; 4466 } 4467 4468 /** 4469 * smack_audit_rule_match - Audit given object ? 4470 * @secid: security id for identifying the object to test 4471 * @field: audit rule flags given from user-space 4472 * @op: required testing operator 4473 * @vrule: smack internal rule presentation 4474 * @actx: audit context associated with the check 4475 * 4476 * The core Audit hook. It's used to take the decision of 4477 * whether to audit or not to audit a given object. 4478 */ 4479 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 4480 struct audit_context *actx) 4481 { 4482 struct smack_known *skp; 4483 char *rule = vrule; 4484 4485 if (unlikely(!rule)) { 4486 WARN_ONCE(1, "Smack: missing rule\n"); 4487 return -ENOENT; 4488 } 4489 4490 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4491 return 0; 4492 4493 skp = smack_from_secid(secid); 4494 4495 /* 4496 * No need to do string comparisons. If a match occurs, 4497 * both pointers will point to the same smack_known 4498 * label. 4499 */ 4500 if (op == Audit_equal) 4501 return (rule == skp->smk_known); 4502 if (op == Audit_not_equal) 4503 return (rule != skp->smk_known); 4504 4505 return 0; 4506 } 4507 4508 /* 4509 * There is no need for a smack_audit_rule_free hook. 4510 * No memory was allocated. 4511 */ 4512 4513 #endif /* CONFIG_AUDIT */ 4514 4515 /** 4516 * smack_ismaclabel - check if xattr @name references a smack MAC label 4517 * @name: Full xattr name to check. 4518 */ 4519 static int smack_ismaclabel(const char *name) 4520 { 4521 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4522 } 4523 4524 4525 /** 4526 * smack_secid_to_secctx - return the smack label for a secid 4527 * @secid: incoming integer 4528 * @secdata: destination 4529 * @seclen: how long it is 4530 * 4531 * Exists for networking code. 4532 */ 4533 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4534 { 4535 struct smack_known *skp = smack_from_secid(secid); 4536 4537 if (secdata) 4538 *secdata = skp->smk_known; 4539 *seclen = strlen(skp->smk_known); 4540 return 0; 4541 } 4542 4543 /** 4544 * smack_secctx_to_secid - return the secid for a smack label 4545 * @secdata: smack label 4546 * @seclen: how long result is 4547 * @secid: outgoing integer 4548 * 4549 * Exists for audit and networking code. 4550 */ 4551 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4552 { 4553 struct smack_known *skp = smk_find_entry(secdata); 4554 4555 if (skp) 4556 *secid = skp->smk_secid; 4557 else 4558 *secid = 0; 4559 return 0; 4560 } 4561 4562 /* 4563 * There used to be a smack_release_secctx hook 4564 * that did nothing back when hooks were in a vector. 4565 * Now that there's a list such a hook adds cost. 4566 */ 4567 4568 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4569 { 4570 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 4571 } 4572 4573 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4574 { 4575 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 4576 } 4577 4578 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4579 { 4580 struct smack_known *skp = smk_of_inode(inode); 4581 4582 *ctx = skp->smk_known; 4583 *ctxlen = strlen(skp->smk_known); 4584 return 0; 4585 } 4586 4587 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4588 { 4589 4590 struct task_smack *tsp; 4591 struct smack_known *skp; 4592 struct inode_smack *isp; 4593 struct cred *new_creds = *new; 4594 4595 if (new_creds == NULL) { 4596 new_creds = prepare_creds(); 4597 if (new_creds == NULL) 4598 return -ENOMEM; 4599 } 4600 4601 tsp = new_creds->security; 4602 4603 /* 4604 * Get label from overlay inode and set it in create_sid 4605 */ 4606 isp = d_inode(dentry->d_parent)->i_security; 4607 skp = isp->smk_inode; 4608 tsp->smk_task = skp; 4609 *new = new_creds; 4610 return 0; 4611 } 4612 4613 static int smack_inode_copy_up_xattr(const char *name) 4614 { 4615 /* 4616 * Return 1 if this is the smack access Smack attribute. 4617 */ 4618 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4619 return 1; 4620 4621 return -EOPNOTSUPP; 4622 } 4623 4624 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4625 struct qstr *name, 4626 const struct cred *old, 4627 struct cred *new) 4628 { 4629 struct task_smack *otsp = old->security; 4630 struct task_smack *ntsp = new->security; 4631 struct inode_smack *isp; 4632 int may; 4633 4634 /* 4635 * Use the process credential unless all of 4636 * the transmuting criteria are met 4637 */ 4638 ntsp->smk_task = otsp->smk_task; 4639 4640 /* 4641 * the attribute of the containing directory 4642 */ 4643 isp = d_inode(dentry->d_parent)->i_security; 4644 4645 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4646 rcu_read_lock(); 4647 may = smk_access_entry(otsp->smk_task->smk_known, 4648 isp->smk_inode->smk_known, 4649 &otsp->smk_task->smk_rules); 4650 rcu_read_unlock(); 4651 4652 /* 4653 * If the directory is transmuting and the rule 4654 * providing access is transmuting use the containing 4655 * directory label instead of the process label. 4656 */ 4657 if (may > 0 && (may & MAY_TRANSMUTE)) 4658 ntsp->smk_task = isp->smk_inode; 4659 } 4660 return 0; 4661 } 4662 4663 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4664 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4665 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4666 LSM_HOOK_INIT(syslog, smack_syslog), 4667 4668 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4669 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), 4670 LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data), 4671 LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount), 4672 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4673 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4674 LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str), 4675 4676 LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), 4677 4678 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4679 LSM_HOOK_INIT(inode_free_security, smack_inode_free_security), 4680 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4681 LSM_HOOK_INIT(inode_link, smack_inode_link), 4682 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4683 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4684 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4685 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4686 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4687 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4688 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4689 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4690 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4691 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4692 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4693 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4694 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4695 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4696 4697 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4698 LSM_HOOK_INIT(file_free_security, smack_file_free_security), 4699 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4700 LSM_HOOK_INIT(file_lock, smack_file_lock), 4701 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4702 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4703 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4704 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4705 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4706 LSM_HOOK_INIT(file_receive, smack_file_receive), 4707 4708 LSM_HOOK_INIT(file_open, smack_file_open), 4709 4710 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4711 LSM_HOOK_INIT(cred_free, smack_cred_free), 4712 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4713 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4714 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4715 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4716 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4717 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4718 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4719 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4720 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid), 4721 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4722 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4723 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4724 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4725 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4726 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4727 LSM_HOOK_INIT(task_kill, smack_task_kill), 4728 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4729 4730 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4731 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4732 4733 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4734 LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security), 4735 4736 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4737 LSM_HOOK_INIT(msg_queue_free_security, smack_ipc_free_security), 4738 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4739 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4740 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4741 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4742 4743 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4744 LSM_HOOK_INIT(shm_free_security, smack_ipc_free_security), 4745 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4746 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4747 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4748 4749 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4750 LSM_HOOK_INIT(sem_free_security, smack_ipc_free_security), 4751 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4752 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4753 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4754 4755 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4756 4757 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4758 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4759 4760 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4761 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4762 4763 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4764 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4765 #ifdef SMACK_IPV6_PORT_LABELING 4766 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4767 #endif 4768 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4769 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4770 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4771 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4772 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4773 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4774 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4775 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4776 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4777 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4778 4779 /* key management security hooks */ 4780 #ifdef CONFIG_KEYS 4781 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4782 LSM_HOOK_INIT(key_free, smack_key_free), 4783 LSM_HOOK_INIT(key_permission, smack_key_permission), 4784 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4785 #endif /* CONFIG_KEYS */ 4786 4787 /* Audit hooks */ 4788 #ifdef CONFIG_AUDIT 4789 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4790 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4791 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4792 #endif /* CONFIG_AUDIT */ 4793 4794 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4795 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4796 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4797 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4798 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4799 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4800 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4801 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4802 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4803 }; 4804 4805 4806 static __init void init_smack_known_list(void) 4807 { 4808 /* 4809 * Initialize rule list locks 4810 */ 4811 mutex_init(&smack_known_huh.smk_rules_lock); 4812 mutex_init(&smack_known_hat.smk_rules_lock); 4813 mutex_init(&smack_known_floor.smk_rules_lock); 4814 mutex_init(&smack_known_star.smk_rules_lock); 4815 mutex_init(&smack_known_web.smk_rules_lock); 4816 /* 4817 * Initialize rule lists 4818 */ 4819 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4820 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4821 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4822 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4823 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4824 /* 4825 * Create the known labels list 4826 */ 4827 smk_insert_entry(&smack_known_huh); 4828 smk_insert_entry(&smack_known_hat); 4829 smk_insert_entry(&smack_known_star); 4830 smk_insert_entry(&smack_known_floor); 4831 smk_insert_entry(&smack_known_web); 4832 } 4833 4834 /** 4835 * smack_init - initialize the smack system 4836 * 4837 * Returns 0 4838 */ 4839 static __init int smack_init(void) 4840 { 4841 struct cred *cred; 4842 struct task_smack *tsp; 4843 4844 if (!security_module_enable("smack")) 4845 return 0; 4846 4847 smack_inode_cache = KMEM_CACHE(inode_smack, 0); 4848 if (!smack_inode_cache) 4849 return -ENOMEM; 4850 4851 tsp = new_task_smack(&smack_known_floor, &smack_known_floor, 4852 GFP_KERNEL); 4853 if (tsp == NULL) { 4854 kmem_cache_destroy(smack_inode_cache); 4855 return -ENOMEM; 4856 } 4857 4858 smack_enabled = 1; 4859 4860 pr_info("Smack: Initializing.\n"); 4861 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4862 pr_info("Smack: Netfilter enabled.\n"); 4863 #endif 4864 #ifdef SMACK_IPV6_PORT_LABELING 4865 pr_info("Smack: IPv6 port labeling enabled.\n"); 4866 #endif 4867 #ifdef SMACK_IPV6_SECMARK_LABELING 4868 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4869 #endif 4870 4871 /* 4872 * Set the security state for the initial task. 4873 */ 4874 cred = (struct cred *) current->cred; 4875 cred->security = tsp; 4876 4877 /* initialize the smack_known_list */ 4878 init_smack_known_list(); 4879 4880 /* 4881 * Register with LSM 4882 */ 4883 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4884 4885 return 0; 4886 } 4887 4888 /* 4889 * Smack requires early initialization in order to label 4890 * all processes and objects when they are created. 4891 */ 4892 DEFINE_LSM(smack) = { 4893 .name = "smack", 4894 .init = smack_init, 4895 }; 4896