1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include <linux/io_uring.h> 46 #include "smack.h" 47 48 #define TRANS_TRUE "TRUE" 49 #define TRANS_TRUE_SIZE 4 50 51 #define SMK_CONNECTING 0 52 #define SMK_RECEIVING 1 53 #define SMK_SENDING 2 54 55 /* 56 * Smack uses multiple xattrs. 57 * SMACK64 - for access control, 58 * SMACK64TRANSMUTE - label initialization, 59 * Not saved on files - SMACK64IPIN and SMACK64IPOUT, 60 * Must be set explicitly - SMACK64EXEC and SMACK64MMAP 61 */ 62 #define SMACK_INODE_INIT_XATTRS 2 63 64 #ifdef SMACK_IPV6_PORT_LABELING 65 static DEFINE_MUTEX(smack_ipv6_lock); 66 static LIST_HEAD(smk_ipv6_port_list); 67 #endif 68 struct kmem_cache *smack_rule_cache; 69 int smack_enabled __initdata; 70 71 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 72 static struct { 73 const char *name; 74 int len; 75 int opt; 76 } smk_mount_opts[] = { 77 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 78 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 79 }; 80 #undef A 81 82 static int match_opt_prefix(char *s, int l, char **arg) 83 { 84 int i; 85 86 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 87 size_t len = smk_mount_opts[i].len; 88 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 89 continue; 90 if (len == l || s[len] != '=') 91 continue; 92 *arg = s + len + 1; 93 return smk_mount_opts[i].opt; 94 } 95 return Opt_error; 96 } 97 98 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 99 static char *smk_bu_mess[] = { 100 "Bringup Error", /* Unused */ 101 "Bringup", /* SMACK_BRINGUP_ALLOW */ 102 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 103 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 104 }; 105 106 static void smk_bu_mode(int mode, char *s) 107 { 108 int i = 0; 109 110 if (mode & MAY_READ) 111 s[i++] = 'r'; 112 if (mode & MAY_WRITE) 113 s[i++] = 'w'; 114 if (mode & MAY_EXEC) 115 s[i++] = 'x'; 116 if (mode & MAY_APPEND) 117 s[i++] = 'a'; 118 if (mode & MAY_TRANSMUTE) 119 s[i++] = 't'; 120 if (mode & MAY_LOCK) 121 s[i++] = 'l'; 122 if (i == 0) 123 s[i++] = '-'; 124 s[i] = '\0'; 125 } 126 #endif 127 128 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 129 static int smk_bu_note(char *note, struct smack_known *sskp, 130 struct smack_known *oskp, int mode, int rc) 131 { 132 char acc[SMK_NUM_ACCESS_TYPE + 1]; 133 134 if (rc <= 0) 135 return rc; 136 if (rc > SMACK_UNCONFINED_OBJECT) 137 rc = 0; 138 139 smk_bu_mode(mode, acc); 140 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 141 sskp->smk_known, oskp->smk_known, acc, note); 142 return 0; 143 } 144 #else 145 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 146 #endif 147 148 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 149 static int smk_bu_current(char *note, struct smack_known *oskp, 150 int mode, int rc) 151 { 152 struct task_smack *tsp = smack_cred(current_cred()); 153 char acc[SMK_NUM_ACCESS_TYPE + 1]; 154 155 if (rc <= 0) 156 return rc; 157 if (rc > SMACK_UNCONFINED_OBJECT) 158 rc = 0; 159 160 smk_bu_mode(mode, acc); 161 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 162 tsp->smk_task->smk_known, oskp->smk_known, 163 acc, current->comm, note); 164 return 0; 165 } 166 #else 167 #define smk_bu_current(note, oskp, mode, RC) (RC) 168 #endif 169 170 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 171 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 172 { 173 struct task_smack *tsp = smack_cred(current_cred()); 174 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 175 char acc[SMK_NUM_ACCESS_TYPE + 1]; 176 177 if (rc <= 0) 178 return rc; 179 if (rc > SMACK_UNCONFINED_OBJECT) 180 rc = 0; 181 182 smk_bu_mode(mode, acc); 183 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 184 tsp->smk_task->smk_known, smk_task->smk_known, acc, 185 current->comm, otp->comm); 186 return 0; 187 } 188 #else 189 #define smk_bu_task(otp, mode, RC) (RC) 190 #endif 191 192 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 193 static int smk_bu_inode(struct inode *inode, int mode, int rc) 194 { 195 struct task_smack *tsp = smack_cred(current_cred()); 196 struct inode_smack *isp = smack_inode(inode); 197 char acc[SMK_NUM_ACCESS_TYPE + 1]; 198 199 if (isp->smk_flags & SMK_INODE_IMPURE) 200 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 201 inode->i_sb->s_id, inode->i_ino, current->comm); 202 203 if (rc <= 0) 204 return rc; 205 if (rc > SMACK_UNCONFINED_OBJECT) 206 rc = 0; 207 if (rc == SMACK_UNCONFINED_SUBJECT && 208 (mode & (MAY_WRITE | MAY_APPEND))) 209 isp->smk_flags |= SMK_INODE_IMPURE; 210 211 smk_bu_mode(mode, acc); 212 213 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 214 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 215 inode->i_sb->s_id, inode->i_ino, current->comm); 216 return 0; 217 } 218 #else 219 #define smk_bu_inode(inode, mode, RC) (RC) 220 #endif 221 222 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 223 static int smk_bu_file(struct file *file, int mode, int rc) 224 { 225 struct task_smack *tsp = smack_cred(current_cred()); 226 struct smack_known *sskp = tsp->smk_task; 227 struct inode *inode = file_inode(file); 228 struct inode_smack *isp = smack_inode(inode); 229 char acc[SMK_NUM_ACCESS_TYPE + 1]; 230 231 if (isp->smk_flags & SMK_INODE_IMPURE) 232 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 233 inode->i_sb->s_id, inode->i_ino, current->comm); 234 235 if (rc <= 0) 236 return rc; 237 if (rc > SMACK_UNCONFINED_OBJECT) 238 rc = 0; 239 240 smk_bu_mode(mode, acc); 241 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 242 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 243 inode->i_sb->s_id, inode->i_ino, file, 244 current->comm); 245 return 0; 246 } 247 #else 248 #define smk_bu_file(file, mode, RC) (RC) 249 #endif 250 251 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 252 static int smk_bu_credfile(const struct cred *cred, struct file *file, 253 int mode, int rc) 254 { 255 struct task_smack *tsp = smack_cred(cred); 256 struct smack_known *sskp = tsp->smk_task; 257 struct inode *inode = file_inode(file); 258 struct inode_smack *isp = smack_inode(inode); 259 char acc[SMK_NUM_ACCESS_TYPE + 1]; 260 261 if (isp->smk_flags & SMK_INODE_IMPURE) 262 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 263 inode->i_sb->s_id, inode->i_ino, current->comm); 264 265 if (rc <= 0) 266 return rc; 267 if (rc > SMACK_UNCONFINED_OBJECT) 268 rc = 0; 269 270 smk_bu_mode(mode, acc); 271 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 272 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 273 inode->i_sb->s_id, inode->i_ino, file, 274 current->comm); 275 return 0; 276 } 277 #else 278 #define smk_bu_credfile(cred, file, mode, RC) (RC) 279 #endif 280 281 /** 282 * smk_fetch - Fetch the smack label from a file. 283 * @name: type of the label (attribute) 284 * @ip: a pointer to the inode 285 * @dp: a pointer to the dentry 286 * 287 * Returns a pointer to the master list entry for the Smack label, 288 * NULL if there was no label to fetch, or an error code. 289 */ 290 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 291 struct dentry *dp) 292 { 293 int rc; 294 char *buffer; 295 struct smack_known *skp = NULL; 296 297 if (!(ip->i_opflags & IOP_XATTR)) 298 return ERR_PTR(-EOPNOTSUPP); 299 300 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 301 if (buffer == NULL) 302 return ERR_PTR(-ENOMEM); 303 304 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 305 if (rc < 0) 306 skp = ERR_PTR(rc); 307 else if (rc == 0) 308 skp = NULL; 309 else 310 skp = smk_import_entry(buffer, rc); 311 312 kfree(buffer); 313 314 return skp; 315 } 316 317 /** 318 * init_inode_smack - initialize an inode security blob 319 * @inode: inode to extract the info from 320 * @skp: a pointer to the Smack label entry to use in the blob 321 * 322 */ 323 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 324 { 325 struct inode_smack *isp = smack_inode(inode); 326 327 isp->smk_inode = skp; 328 isp->smk_flags = 0; 329 } 330 331 /** 332 * init_task_smack - initialize a task security blob 333 * @tsp: blob to initialize 334 * @task: a pointer to the Smack label for the running task 335 * @forked: a pointer to the Smack label for the forked task 336 * 337 */ 338 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 339 struct smack_known *forked) 340 { 341 tsp->smk_task = task; 342 tsp->smk_forked = forked; 343 INIT_LIST_HEAD(&tsp->smk_rules); 344 INIT_LIST_HEAD(&tsp->smk_relabel); 345 mutex_init(&tsp->smk_rules_lock); 346 } 347 348 /** 349 * smk_copy_rules - copy a rule set 350 * @nhead: new rules header pointer 351 * @ohead: old rules header pointer 352 * @gfp: type of the memory for the allocation 353 * 354 * Returns 0 on success, -ENOMEM on error 355 */ 356 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 357 gfp_t gfp) 358 { 359 struct smack_rule *nrp; 360 struct smack_rule *orp; 361 int rc = 0; 362 363 list_for_each_entry_rcu(orp, ohead, list) { 364 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 365 if (nrp == NULL) { 366 rc = -ENOMEM; 367 break; 368 } 369 *nrp = *orp; 370 list_add_rcu(&nrp->list, nhead); 371 } 372 return rc; 373 } 374 375 /** 376 * smk_copy_relabel - copy smk_relabel labels list 377 * @nhead: new rules header pointer 378 * @ohead: old rules header pointer 379 * @gfp: type of the memory for the allocation 380 * 381 * Returns 0 on success, -ENOMEM on error 382 */ 383 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 384 gfp_t gfp) 385 { 386 struct smack_known_list_elem *nklep; 387 struct smack_known_list_elem *oklep; 388 389 list_for_each_entry(oklep, ohead, list) { 390 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 391 if (nklep == NULL) { 392 smk_destroy_label_list(nhead); 393 return -ENOMEM; 394 } 395 nklep->smk_label = oklep->smk_label; 396 list_add(&nklep->list, nhead); 397 } 398 399 return 0; 400 } 401 402 /** 403 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 404 * @mode: input mode in form of PTRACE_MODE_* 405 * 406 * Returns a converted MAY_* mode usable by smack rules 407 */ 408 static inline unsigned int smk_ptrace_mode(unsigned int mode) 409 { 410 if (mode & PTRACE_MODE_ATTACH) 411 return MAY_READWRITE; 412 if (mode & PTRACE_MODE_READ) 413 return MAY_READ; 414 415 return 0; 416 } 417 418 /** 419 * smk_ptrace_rule_check - helper for ptrace access 420 * @tracer: tracer process 421 * @tracee_known: label entry of the process that's about to be traced 422 * @mode: ptrace attachment mode (PTRACE_MODE_*) 423 * @func: name of the function that called us, used for audit 424 * 425 * Returns 0 on access granted, -error on error 426 */ 427 static int smk_ptrace_rule_check(struct task_struct *tracer, 428 struct smack_known *tracee_known, 429 unsigned int mode, const char *func) 430 { 431 int rc; 432 struct smk_audit_info ad, *saip = NULL; 433 struct task_smack *tsp; 434 struct smack_known *tracer_known; 435 const struct cred *tracercred; 436 437 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 438 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 439 smk_ad_setfield_u_tsk(&ad, tracer); 440 saip = &ad; 441 } 442 443 rcu_read_lock(); 444 tracercred = __task_cred(tracer); 445 tsp = smack_cred(tracercred); 446 tracer_known = smk_of_task(tsp); 447 448 if ((mode & PTRACE_MODE_ATTACH) && 449 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 450 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 451 if (tracer_known->smk_known == tracee_known->smk_known) 452 rc = 0; 453 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 454 rc = -EACCES; 455 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 456 rc = 0; 457 else 458 rc = -EACCES; 459 460 if (saip) 461 smack_log(tracer_known->smk_known, 462 tracee_known->smk_known, 463 0, rc, saip); 464 465 rcu_read_unlock(); 466 return rc; 467 } 468 469 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 470 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 471 472 rcu_read_unlock(); 473 return rc; 474 } 475 476 /* 477 * LSM hooks. 478 * We he, that is fun! 479 */ 480 481 /** 482 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 483 * @ctp: child task pointer 484 * @mode: ptrace attachment mode (PTRACE_MODE_*) 485 * 486 * Returns 0 if access is OK, an error code otherwise 487 * 488 * Do the capability checks. 489 */ 490 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 491 { 492 struct smack_known *skp; 493 494 skp = smk_of_task_struct_obj(ctp); 495 496 return smk_ptrace_rule_check(current, skp, mode, __func__); 497 } 498 499 /** 500 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 501 * @ptp: parent task pointer 502 * 503 * Returns 0 if access is OK, an error code otherwise 504 * 505 * Do the capability checks, and require PTRACE_MODE_ATTACH. 506 */ 507 static int smack_ptrace_traceme(struct task_struct *ptp) 508 { 509 struct smack_known *skp; 510 511 skp = smk_of_task(smack_cred(current_cred())); 512 513 return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 514 } 515 516 /** 517 * smack_syslog - Smack approval on syslog 518 * @typefrom_file: unused 519 * 520 * Returns 0 on success, error code otherwise. 521 */ 522 static int smack_syslog(int typefrom_file) 523 { 524 int rc = 0; 525 struct smack_known *skp = smk_of_current(); 526 527 if (smack_privileged(CAP_MAC_OVERRIDE)) 528 return 0; 529 530 if (smack_syslog_label != NULL && smack_syslog_label != skp) 531 rc = -EACCES; 532 533 return rc; 534 } 535 536 /* 537 * Superblock Hooks. 538 */ 539 540 /** 541 * smack_sb_alloc_security - allocate a superblock blob 542 * @sb: the superblock getting the blob 543 * 544 * Returns 0 on success or -ENOMEM on error. 545 */ 546 static int smack_sb_alloc_security(struct super_block *sb) 547 { 548 struct superblock_smack *sbsp = smack_superblock(sb); 549 550 sbsp->smk_root = &smack_known_floor; 551 sbsp->smk_default = &smack_known_floor; 552 sbsp->smk_floor = &smack_known_floor; 553 sbsp->smk_hat = &smack_known_hat; 554 /* 555 * SMK_SB_INITIALIZED will be zero from kzalloc. 556 */ 557 558 return 0; 559 } 560 561 struct smack_mnt_opts { 562 const char *fsdefault; 563 const char *fsfloor; 564 const char *fshat; 565 const char *fsroot; 566 const char *fstransmute; 567 }; 568 569 static void smack_free_mnt_opts(void *mnt_opts) 570 { 571 kfree(mnt_opts); 572 } 573 574 static int smack_add_opt(int token, const char *s, void **mnt_opts) 575 { 576 struct smack_mnt_opts *opts = *mnt_opts; 577 struct smack_known *skp; 578 579 if (!opts) { 580 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 581 if (!opts) 582 return -ENOMEM; 583 *mnt_opts = opts; 584 } 585 if (!s) 586 return -ENOMEM; 587 588 skp = smk_import_entry(s, 0); 589 if (IS_ERR(skp)) 590 return PTR_ERR(skp); 591 592 switch (token) { 593 case Opt_fsdefault: 594 if (opts->fsdefault) 595 goto out_opt_err; 596 opts->fsdefault = skp->smk_known; 597 break; 598 case Opt_fsfloor: 599 if (opts->fsfloor) 600 goto out_opt_err; 601 opts->fsfloor = skp->smk_known; 602 break; 603 case Opt_fshat: 604 if (opts->fshat) 605 goto out_opt_err; 606 opts->fshat = skp->smk_known; 607 break; 608 case Opt_fsroot: 609 if (opts->fsroot) 610 goto out_opt_err; 611 opts->fsroot = skp->smk_known; 612 break; 613 case Opt_fstransmute: 614 if (opts->fstransmute) 615 goto out_opt_err; 616 opts->fstransmute = skp->smk_known; 617 break; 618 } 619 return 0; 620 621 out_opt_err: 622 pr_warn("Smack: duplicate mount options\n"); 623 return -EINVAL; 624 } 625 626 /** 627 * smack_fs_context_submount - Initialise security data for a filesystem context 628 * @fc: The filesystem context. 629 * @reference: reference superblock 630 * 631 * Returns 0 on success or -ENOMEM on error. 632 */ 633 static int smack_fs_context_submount(struct fs_context *fc, 634 struct super_block *reference) 635 { 636 struct superblock_smack *sbsp; 637 struct smack_mnt_opts *ctx; 638 struct inode_smack *isp; 639 640 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 641 if (!ctx) 642 return -ENOMEM; 643 fc->security = ctx; 644 645 sbsp = smack_superblock(reference); 646 isp = smack_inode(reference->s_root->d_inode); 647 648 if (sbsp->smk_default) { 649 ctx->fsdefault = kstrdup(sbsp->smk_default->smk_known, GFP_KERNEL); 650 if (!ctx->fsdefault) 651 return -ENOMEM; 652 } 653 654 if (sbsp->smk_floor) { 655 ctx->fsfloor = kstrdup(sbsp->smk_floor->smk_known, GFP_KERNEL); 656 if (!ctx->fsfloor) 657 return -ENOMEM; 658 } 659 660 if (sbsp->smk_hat) { 661 ctx->fshat = kstrdup(sbsp->smk_hat->smk_known, GFP_KERNEL); 662 if (!ctx->fshat) 663 return -ENOMEM; 664 } 665 666 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 667 if (sbsp->smk_root) { 668 ctx->fstransmute = kstrdup(sbsp->smk_root->smk_known, GFP_KERNEL); 669 if (!ctx->fstransmute) 670 return -ENOMEM; 671 } 672 } 673 return 0; 674 } 675 676 /** 677 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 678 * @fc: The new filesystem context. 679 * @src_fc: The source filesystem context being duplicated. 680 * 681 * Returns 0 on success or -ENOMEM on error. 682 */ 683 static int smack_fs_context_dup(struct fs_context *fc, 684 struct fs_context *src_fc) 685 { 686 struct smack_mnt_opts *dst, *src = src_fc->security; 687 688 if (!src) 689 return 0; 690 691 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 692 if (!fc->security) 693 return -ENOMEM; 694 695 dst = fc->security; 696 dst->fsdefault = src->fsdefault; 697 dst->fsfloor = src->fsfloor; 698 dst->fshat = src->fshat; 699 dst->fsroot = src->fsroot; 700 dst->fstransmute = src->fstransmute; 701 702 return 0; 703 } 704 705 static const struct fs_parameter_spec smack_fs_parameters[] = { 706 fsparam_string("smackfsdef", Opt_fsdefault), 707 fsparam_string("smackfsdefault", Opt_fsdefault), 708 fsparam_string("smackfsfloor", Opt_fsfloor), 709 fsparam_string("smackfshat", Opt_fshat), 710 fsparam_string("smackfsroot", Opt_fsroot), 711 fsparam_string("smackfstransmute", Opt_fstransmute), 712 {} 713 }; 714 715 /** 716 * smack_fs_context_parse_param - Parse a single mount parameter 717 * @fc: The new filesystem context being constructed. 718 * @param: The parameter. 719 * 720 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 721 * error. 722 */ 723 static int smack_fs_context_parse_param(struct fs_context *fc, 724 struct fs_parameter *param) 725 { 726 struct fs_parse_result result; 727 int opt, rc; 728 729 opt = fs_parse(fc, smack_fs_parameters, param, &result); 730 if (opt < 0) 731 return opt; 732 733 rc = smack_add_opt(opt, param->string, &fc->security); 734 if (!rc) 735 param->string = NULL; 736 return rc; 737 } 738 739 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 740 { 741 char *from = options, *to = options; 742 bool first = true; 743 744 while (1) { 745 char *next = strchr(from, ','); 746 int token, len, rc; 747 char *arg = NULL; 748 749 if (next) 750 len = next - from; 751 else 752 len = strlen(from); 753 754 token = match_opt_prefix(from, len, &arg); 755 if (token != Opt_error) { 756 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 757 rc = smack_add_opt(token, arg, mnt_opts); 758 kfree(arg); 759 if (unlikely(rc)) { 760 if (*mnt_opts) 761 smack_free_mnt_opts(*mnt_opts); 762 *mnt_opts = NULL; 763 return rc; 764 } 765 } else { 766 if (!first) { // copy with preceding comma 767 from--; 768 len++; 769 } 770 if (to != from) 771 memmove(to, from, len); 772 to += len; 773 first = false; 774 } 775 if (!from[len]) 776 break; 777 from += len + 1; 778 } 779 *to = '\0'; 780 return 0; 781 } 782 783 /** 784 * smack_set_mnt_opts - set Smack specific mount options 785 * @sb: the file system superblock 786 * @mnt_opts: Smack mount options 787 * @kern_flags: mount option from kernel space or user space 788 * @set_kern_flags: where to store converted mount opts 789 * 790 * Returns 0 on success, an error code on failure 791 * 792 * Allow filesystems with binary mount data to explicitly set Smack mount 793 * labels. 794 */ 795 static int smack_set_mnt_opts(struct super_block *sb, 796 void *mnt_opts, 797 unsigned long kern_flags, 798 unsigned long *set_kern_flags) 799 { 800 struct dentry *root = sb->s_root; 801 struct inode *inode = d_backing_inode(root); 802 struct superblock_smack *sp = smack_superblock(sb); 803 struct inode_smack *isp; 804 struct smack_known *skp; 805 struct smack_mnt_opts *opts = mnt_opts; 806 bool transmute = false; 807 808 if (sp->smk_flags & SMK_SB_INITIALIZED) 809 return 0; 810 811 if (!smack_privileged(CAP_MAC_ADMIN)) { 812 /* 813 * Unprivileged mounts don't get to specify Smack values. 814 */ 815 if (opts) 816 return -EPERM; 817 /* 818 * Unprivileged mounts get root and default from the caller. 819 */ 820 skp = smk_of_current(); 821 sp->smk_root = skp; 822 sp->smk_default = skp; 823 /* 824 * For a handful of fs types with no user-controlled 825 * backing store it's okay to trust security labels 826 * in the filesystem. The rest are untrusted. 827 */ 828 if (sb->s_user_ns != &init_user_ns && 829 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 830 sb->s_magic != RAMFS_MAGIC) { 831 transmute = true; 832 sp->smk_flags |= SMK_SB_UNTRUSTED; 833 } 834 } 835 836 sp->smk_flags |= SMK_SB_INITIALIZED; 837 838 if (opts) { 839 if (opts->fsdefault) { 840 skp = smk_import_entry(opts->fsdefault, 0); 841 if (IS_ERR(skp)) 842 return PTR_ERR(skp); 843 sp->smk_default = skp; 844 } 845 if (opts->fsfloor) { 846 skp = smk_import_entry(opts->fsfloor, 0); 847 if (IS_ERR(skp)) 848 return PTR_ERR(skp); 849 sp->smk_floor = skp; 850 } 851 if (opts->fshat) { 852 skp = smk_import_entry(opts->fshat, 0); 853 if (IS_ERR(skp)) 854 return PTR_ERR(skp); 855 sp->smk_hat = skp; 856 } 857 if (opts->fsroot) { 858 skp = smk_import_entry(opts->fsroot, 0); 859 if (IS_ERR(skp)) 860 return PTR_ERR(skp); 861 sp->smk_root = skp; 862 } 863 if (opts->fstransmute) { 864 skp = smk_import_entry(opts->fstransmute, 0); 865 if (IS_ERR(skp)) 866 return PTR_ERR(skp); 867 sp->smk_root = skp; 868 transmute = true; 869 } 870 } 871 872 /* 873 * Initialize the root inode. 874 */ 875 init_inode_smack(inode, sp->smk_root); 876 877 if (transmute) { 878 isp = smack_inode(inode); 879 isp->smk_flags |= SMK_INODE_TRANSMUTE; 880 } 881 882 return 0; 883 } 884 885 /** 886 * smack_sb_statfs - Smack check on statfs 887 * @dentry: identifies the file system in question 888 * 889 * Returns 0 if current can read the floor of the filesystem, 890 * and error code otherwise 891 */ 892 static int smack_sb_statfs(struct dentry *dentry) 893 { 894 struct superblock_smack *sbp = smack_superblock(dentry->d_sb); 895 int rc; 896 struct smk_audit_info ad; 897 898 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 899 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 900 901 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 902 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 903 return rc; 904 } 905 906 /* 907 * BPRM hooks 908 */ 909 910 /** 911 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 912 * @bprm: the exec information 913 * 914 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 915 */ 916 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 917 { 918 struct inode *inode = file_inode(bprm->file); 919 struct task_smack *bsp = smack_cred(bprm->cred); 920 struct inode_smack *isp; 921 struct superblock_smack *sbsp; 922 int rc; 923 924 isp = smack_inode(inode); 925 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 926 return 0; 927 928 sbsp = smack_superblock(inode->i_sb); 929 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 930 isp->smk_task != sbsp->smk_root) 931 return 0; 932 933 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 934 struct task_struct *tracer; 935 rc = 0; 936 937 rcu_read_lock(); 938 tracer = ptrace_parent(current); 939 if (likely(tracer != NULL)) 940 rc = smk_ptrace_rule_check(tracer, 941 isp->smk_task, 942 PTRACE_MODE_ATTACH, 943 __func__); 944 rcu_read_unlock(); 945 946 if (rc != 0) 947 return rc; 948 } 949 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 950 return -EPERM; 951 952 bsp->smk_task = isp->smk_task; 953 bprm->per_clear |= PER_CLEAR_ON_SETID; 954 955 /* Decide if this is a secure exec. */ 956 if (bsp->smk_task != bsp->smk_forked) 957 bprm->secureexec = 1; 958 959 return 0; 960 } 961 962 /* 963 * Inode hooks 964 */ 965 966 /** 967 * smack_inode_alloc_security - allocate an inode blob 968 * @inode: the inode in need of a blob 969 * 970 * Returns 0 971 */ 972 static int smack_inode_alloc_security(struct inode *inode) 973 { 974 struct smack_known *skp = smk_of_current(); 975 976 init_inode_smack(inode, skp); 977 return 0; 978 } 979 980 /** 981 * smack_inode_init_security - copy out the smack from an inode 982 * @inode: the newly created inode 983 * @dir: containing directory object 984 * @qstr: unused 985 * @xattrs: where to put the attributes 986 * @xattr_count: current number of LSM-provided xattrs (updated) 987 * 988 * Returns 0 if it all works out, -ENOMEM if there's no memory 989 */ 990 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 991 const struct qstr *qstr, 992 struct xattr *xattrs, int *xattr_count) 993 { 994 struct task_smack *tsp = smack_cred(current_cred()); 995 struct smack_known *skp = smk_of_task(tsp); 996 struct smack_known *isp = smk_of_inode(inode); 997 struct smack_known *dsp = smk_of_inode(dir); 998 struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count); 999 int may; 1000 1001 if (xattr) { 1002 /* 1003 * If equal, transmuting already occurred in 1004 * smack_dentry_create_files_as(). No need to check again. 1005 */ 1006 if (tsp->smk_task != tsp->smk_transmuted) { 1007 rcu_read_lock(); 1008 may = smk_access_entry(skp->smk_known, dsp->smk_known, 1009 &skp->smk_rules); 1010 rcu_read_unlock(); 1011 } 1012 1013 /* 1014 * In addition to having smk_task equal to smk_transmuted, 1015 * if the access rule allows transmutation and the directory 1016 * requests transmutation then by all means transmute. 1017 * Mark the inode as changed. 1018 */ 1019 if ((tsp->smk_task == tsp->smk_transmuted) || 1020 (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 1021 smk_inode_transmutable(dir))) { 1022 struct xattr *xattr_transmute; 1023 1024 /* 1025 * The caller of smack_dentry_create_files_as() 1026 * should have overridden the current cred, so the 1027 * inode label was already set correctly in 1028 * smack_inode_alloc_security(). 1029 */ 1030 if (tsp->smk_task != tsp->smk_transmuted) 1031 isp = dsp; 1032 xattr_transmute = lsm_get_xattr_slot(xattrs, 1033 xattr_count); 1034 if (xattr_transmute) { 1035 xattr_transmute->value = kmemdup(TRANS_TRUE, 1036 TRANS_TRUE_SIZE, 1037 GFP_NOFS); 1038 if (!xattr_transmute->value) 1039 return -ENOMEM; 1040 1041 xattr_transmute->value_len = TRANS_TRUE_SIZE; 1042 xattr_transmute->name = XATTR_SMACK_TRANSMUTE; 1043 } 1044 } 1045 1046 xattr->value = kstrdup(isp->smk_known, GFP_NOFS); 1047 if (!xattr->value) 1048 return -ENOMEM; 1049 1050 xattr->value_len = strlen(isp->smk_known); 1051 xattr->name = XATTR_SMACK_SUFFIX; 1052 } 1053 1054 return 0; 1055 } 1056 1057 /** 1058 * smack_inode_link - Smack check on link 1059 * @old_dentry: the existing object 1060 * @dir: unused 1061 * @new_dentry: the new object 1062 * 1063 * Returns 0 if access is permitted, an error code otherwise 1064 */ 1065 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1066 struct dentry *new_dentry) 1067 { 1068 struct smack_known *isp; 1069 struct smk_audit_info ad; 1070 int rc; 1071 1072 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1073 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1074 1075 isp = smk_of_inode(d_backing_inode(old_dentry)); 1076 rc = smk_curacc(isp, MAY_WRITE, &ad); 1077 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1078 1079 if (rc == 0 && d_is_positive(new_dentry)) { 1080 isp = smk_of_inode(d_backing_inode(new_dentry)); 1081 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1082 rc = smk_curacc(isp, MAY_WRITE, &ad); 1083 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1084 } 1085 1086 return rc; 1087 } 1088 1089 /** 1090 * smack_inode_unlink - Smack check on inode deletion 1091 * @dir: containing directory object 1092 * @dentry: file to unlink 1093 * 1094 * Returns 0 if current can write the containing directory 1095 * and the object, error code otherwise 1096 */ 1097 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1098 { 1099 struct inode *ip = d_backing_inode(dentry); 1100 struct smk_audit_info ad; 1101 int rc; 1102 1103 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1104 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1105 1106 /* 1107 * You need write access to the thing you're unlinking 1108 */ 1109 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1110 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1111 if (rc == 0) { 1112 /* 1113 * You also need write access to the containing directory 1114 */ 1115 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1116 smk_ad_setfield_u_fs_inode(&ad, dir); 1117 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1118 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1119 } 1120 return rc; 1121 } 1122 1123 /** 1124 * smack_inode_rmdir - Smack check on directory deletion 1125 * @dir: containing directory object 1126 * @dentry: directory to unlink 1127 * 1128 * Returns 0 if current can write the containing directory 1129 * and the directory, error code otherwise 1130 */ 1131 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1132 { 1133 struct smk_audit_info ad; 1134 int rc; 1135 1136 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1137 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1138 1139 /* 1140 * You need write access to the thing you're removing 1141 */ 1142 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1143 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1144 if (rc == 0) { 1145 /* 1146 * You also need write access to the containing directory 1147 */ 1148 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1149 smk_ad_setfield_u_fs_inode(&ad, dir); 1150 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1151 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1152 } 1153 1154 return rc; 1155 } 1156 1157 /** 1158 * smack_inode_rename - Smack check on rename 1159 * @old_inode: unused 1160 * @old_dentry: the old object 1161 * @new_inode: unused 1162 * @new_dentry: the new object 1163 * 1164 * Read and write access is required on both the old and 1165 * new directories. 1166 * 1167 * Returns 0 if access is permitted, an error code otherwise 1168 */ 1169 static int smack_inode_rename(struct inode *old_inode, 1170 struct dentry *old_dentry, 1171 struct inode *new_inode, 1172 struct dentry *new_dentry) 1173 { 1174 int rc; 1175 struct smack_known *isp; 1176 struct smk_audit_info ad; 1177 1178 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1179 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1180 1181 isp = smk_of_inode(d_backing_inode(old_dentry)); 1182 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1183 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1184 1185 if (rc == 0 && d_is_positive(new_dentry)) { 1186 isp = smk_of_inode(d_backing_inode(new_dentry)); 1187 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1188 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1189 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1190 } 1191 return rc; 1192 } 1193 1194 /** 1195 * smack_inode_permission - Smack version of permission() 1196 * @inode: the inode in question 1197 * @mask: the access requested 1198 * 1199 * This is the important Smack hook. 1200 * 1201 * Returns 0 if access is permitted, an error code otherwise 1202 */ 1203 static int smack_inode_permission(struct inode *inode, int mask) 1204 { 1205 struct superblock_smack *sbsp = smack_superblock(inode->i_sb); 1206 struct smk_audit_info ad; 1207 int no_block = mask & MAY_NOT_BLOCK; 1208 int rc; 1209 1210 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1211 /* 1212 * No permission to check. Existence test. Yup, it's there. 1213 */ 1214 if (mask == 0) 1215 return 0; 1216 1217 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1218 if (smk_of_inode(inode) != sbsp->smk_root) 1219 return -EACCES; 1220 } 1221 1222 /* May be droppable after audit */ 1223 if (no_block) 1224 return -ECHILD; 1225 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1226 smk_ad_setfield_u_fs_inode(&ad, inode); 1227 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1228 rc = smk_bu_inode(inode, mask, rc); 1229 return rc; 1230 } 1231 1232 /** 1233 * smack_inode_setattr - Smack check for setting attributes 1234 * @dentry: the object 1235 * @iattr: for the force flag 1236 * 1237 * Returns 0 if access is permitted, an error code otherwise 1238 */ 1239 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1240 { 1241 struct smk_audit_info ad; 1242 int rc; 1243 1244 /* 1245 * Need to allow for clearing the setuid bit. 1246 */ 1247 if (iattr->ia_valid & ATTR_FORCE) 1248 return 0; 1249 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1250 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1251 1252 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1253 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1254 return rc; 1255 } 1256 1257 /** 1258 * smack_inode_getattr - Smack check for getting attributes 1259 * @path: path to extract the info from 1260 * 1261 * Returns 0 if access is permitted, an error code otherwise 1262 */ 1263 static int smack_inode_getattr(const struct path *path) 1264 { 1265 struct smk_audit_info ad; 1266 struct inode *inode = d_backing_inode(path->dentry); 1267 int rc; 1268 1269 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1270 smk_ad_setfield_u_fs_path(&ad, *path); 1271 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1272 rc = smk_bu_inode(inode, MAY_READ, rc); 1273 return rc; 1274 } 1275 1276 /** 1277 * smack_inode_setxattr - Smack check for setting xattrs 1278 * @idmap: idmap of the mount 1279 * @dentry: the object 1280 * @name: name of the attribute 1281 * @value: value of the attribute 1282 * @size: size of the value 1283 * @flags: unused 1284 * 1285 * This protects the Smack attribute explicitly. 1286 * 1287 * Returns 0 if access is permitted, an error code otherwise 1288 */ 1289 static int smack_inode_setxattr(struct mnt_idmap *idmap, 1290 struct dentry *dentry, const char *name, 1291 const void *value, size_t size, int flags) 1292 { 1293 struct smk_audit_info ad; 1294 struct smack_known *skp; 1295 int check_priv = 0; 1296 int check_import = 0; 1297 int check_star = 0; 1298 int rc = 0; 1299 1300 /* 1301 * Check label validity here so import won't fail in post_setxattr 1302 */ 1303 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1304 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1305 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1306 check_priv = 1; 1307 check_import = 1; 1308 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1309 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1310 check_priv = 1; 1311 check_import = 1; 1312 check_star = 1; 1313 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1314 check_priv = 1; 1315 if (size != TRANS_TRUE_SIZE || 1316 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1317 rc = -EINVAL; 1318 } else 1319 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1320 1321 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1322 rc = -EPERM; 1323 1324 if (rc == 0 && check_import) { 1325 skp = size ? smk_import_entry(value, size) : NULL; 1326 if (IS_ERR(skp)) 1327 rc = PTR_ERR(skp); 1328 else if (skp == NULL || (check_star && 1329 (skp == &smack_known_star || skp == &smack_known_web))) 1330 rc = -EINVAL; 1331 } 1332 1333 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1334 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1335 1336 if (rc == 0) { 1337 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1338 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1339 } 1340 1341 return rc; 1342 } 1343 1344 /** 1345 * smack_inode_post_setxattr - Apply the Smack update approved above 1346 * @dentry: object 1347 * @name: attribute name 1348 * @value: attribute value 1349 * @size: attribute size 1350 * @flags: unused 1351 * 1352 * Set the pointer in the inode blob to the entry found 1353 * in the master label list. 1354 */ 1355 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1356 const void *value, size_t size, int flags) 1357 { 1358 struct smack_known *skp; 1359 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1360 1361 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1362 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1363 return; 1364 } 1365 1366 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1367 skp = smk_import_entry(value, size); 1368 if (!IS_ERR(skp)) 1369 isp->smk_inode = skp; 1370 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1371 skp = smk_import_entry(value, size); 1372 if (!IS_ERR(skp)) 1373 isp->smk_task = skp; 1374 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1375 skp = smk_import_entry(value, size); 1376 if (!IS_ERR(skp)) 1377 isp->smk_mmap = skp; 1378 } 1379 1380 return; 1381 } 1382 1383 /** 1384 * smack_inode_getxattr - Smack check on getxattr 1385 * @dentry: the object 1386 * @name: unused 1387 * 1388 * Returns 0 if access is permitted, an error code otherwise 1389 */ 1390 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1391 { 1392 struct smk_audit_info ad; 1393 int rc; 1394 1395 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1396 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1397 1398 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1399 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1400 return rc; 1401 } 1402 1403 /** 1404 * smack_inode_removexattr - Smack check on removexattr 1405 * @idmap: idmap of the mount 1406 * @dentry: the object 1407 * @name: name of the attribute 1408 * 1409 * Removing the Smack attribute requires CAP_MAC_ADMIN 1410 * 1411 * Returns 0 if access is permitted, an error code otherwise 1412 */ 1413 static int smack_inode_removexattr(struct mnt_idmap *idmap, 1414 struct dentry *dentry, const char *name) 1415 { 1416 struct inode_smack *isp; 1417 struct smk_audit_info ad; 1418 int rc = 0; 1419 1420 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1421 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1422 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1423 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1424 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1425 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1426 if (!smack_privileged(CAP_MAC_ADMIN)) 1427 rc = -EPERM; 1428 } else 1429 rc = cap_inode_removexattr(idmap, dentry, name); 1430 1431 if (rc != 0) 1432 return rc; 1433 1434 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1435 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1436 1437 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1438 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1439 if (rc != 0) 1440 return rc; 1441 1442 isp = smack_inode(d_backing_inode(dentry)); 1443 /* 1444 * Don't do anything special for these. 1445 * XATTR_NAME_SMACKIPIN 1446 * XATTR_NAME_SMACKIPOUT 1447 */ 1448 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1449 struct super_block *sbp = dentry->d_sb; 1450 struct superblock_smack *sbsp = smack_superblock(sbp); 1451 1452 isp->smk_inode = sbsp->smk_default; 1453 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1454 isp->smk_task = NULL; 1455 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1456 isp->smk_mmap = NULL; 1457 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1458 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1459 1460 return 0; 1461 } 1462 1463 /** 1464 * smack_inode_set_acl - Smack check for setting posix acls 1465 * @idmap: idmap of the mnt this request came from 1466 * @dentry: the object 1467 * @acl_name: name of the posix acl 1468 * @kacl: the posix acls 1469 * 1470 * Returns 0 if access is permitted, an error code otherwise 1471 */ 1472 static int smack_inode_set_acl(struct mnt_idmap *idmap, 1473 struct dentry *dentry, const char *acl_name, 1474 struct posix_acl *kacl) 1475 { 1476 struct smk_audit_info ad; 1477 int rc; 1478 1479 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1480 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1481 1482 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1483 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1484 return rc; 1485 } 1486 1487 /** 1488 * smack_inode_get_acl - Smack check for getting posix acls 1489 * @idmap: idmap of the mnt this request came from 1490 * @dentry: the object 1491 * @acl_name: name of the posix acl 1492 * 1493 * Returns 0 if access is permitted, an error code otherwise 1494 */ 1495 static int smack_inode_get_acl(struct mnt_idmap *idmap, 1496 struct dentry *dentry, const char *acl_name) 1497 { 1498 struct smk_audit_info ad; 1499 int rc; 1500 1501 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1502 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1503 1504 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1505 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1506 return rc; 1507 } 1508 1509 /** 1510 * smack_inode_remove_acl - Smack check for getting posix acls 1511 * @idmap: idmap of the mnt this request came from 1512 * @dentry: the object 1513 * @acl_name: name of the posix acl 1514 * 1515 * Returns 0 if access is permitted, an error code otherwise 1516 */ 1517 static int smack_inode_remove_acl(struct mnt_idmap *idmap, 1518 struct dentry *dentry, const char *acl_name) 1519 { 1520 struct smk_audit_info ad; 1521 int rc; 1522 1523 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1524 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1525 1526 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1527 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1528 return rc; 1529 } 1530 1531 /** 1532 * smack_inode_getsecurity - get smack xattrs 1533 * @idmap: idmap of the mount 1534 * @inode: the object 1535 * @name: attribute name 1536 * @buffer: where to put the result 1537 * @alloc: duplicate memory 1538 * 1539 * Returns the size of the attribute or an error code 1540 */ 1541 static int smack_inode_getsecurity(struct mnt_idmap *idmap, 1542 struct inode *inode, const char *name, 1543 void **buffer, bool alloc) 1544 { 1545 struct socket_smack *ssp; 1546 struct socket *sock; 1547 struct super_block *sbp; 1548 struct inode *ip = inode; 1549 struct smack_known *isp; 1550 struct inode_smack *ispp; 1551 size_t label_len; 1552 char *label = NULL; 1553 1554 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1555 isp = smk_of_inode(inode); 1556 } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) { 1557 ispp = smack_inode(inode); 1558 if (ispp->smk_flags & SMK_INODE_TRANSMUTE) 1559 label = TRANS_TRUE; 1560 else 1561 label = ""; 1562 } else { 1563 /* 1564 * The rest of the Smack xattrs are only on sockets. 1565 */ 1566 sbp = ip->i_sb; 1567 if (sbp->s_magic != SOCKFS_MAGIC) 1568 return -EOPNOTSUPP; 1569 1570 sock = SOCKET_I(ip); 1571 if (sock == NULL || sock->sk == NULL) 1572 return -EOPNOTSUPP; 1573 1574 ssp = sock->sk->sk_security; 1575 1576 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1577 isp = ssp->smk_in; 1578 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1579 isp = ssp->smk_out; 1580 else 1581 return -EOPNOTSUPP; 1582 } 1583 1584 if (!label) 1585 label = isp->smk_known; 1586 1587 label_len = strlen(label); 1588 1589 if (alloc) { 1590 *buffer = kstrdup(label, GFP_KERNEL); 1591 if (*buffer == NULL) 1592 return -ENOMEM; 1593 } 1594 1595 return label_len; 1596 } 1597 1598 1599 /** 1600 * smack_inode_listsecurity - list the Smack attributes 1601 * @inode: the object 1602 * @buffer: where they go 1603 * @buffer_size: size of buffer 1604 */ 1605 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1606 size_t buffer_size) 1607 { 1608 int len = sizeof(XATTR_NAME_SMACK); 1609 1610 if (buffer != NULL && len <= buffer_size) 1611 memcpy(buffer, XATTR_NAME_SMACK, len); 1612 1613 return len; 1614 } 1615 1616 /** 1617 * smack_inode_getsecid - Extract inode's security id 1618 * @inode: inode to extract the info from 1619 * @secid: where result will be saved 1620 */ 1621 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1622 { 1623 struct smack_known *skp = smk_of_inode(inode); 1624 1625 *secid = skp->smk_secid; 1626 } 1627 1628 /* 1629 * File Hooks 1630 */ 1631 1632 /* 1633 * There is no smack_file_permission hook 1634 * 1635 * Should access checks be done on each read or write? 1636 * UNICOS and SELinux say yes. 1637 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1638 * 1639 * I'll say no for now. Smack does not do the frequent 1640 * label changing that SELinux does. 1641 */ 1642 1643 /** 1644 * smack_file_alloc_security - assign a file security blob 1645 * @file: the object 1646 * 1647 * The security blob for a file is a pointer to the master 1648 * label list, so no allocation is done. 1649 * 1650 * f_security is the owner security information. It 1651 * isn't used on file access checks, it's for send_sigio. 1652 * 1653 * Returns 0 1654 */ 1655 static int smack_file_alloc_security(struct file *file) 1656 { 1657 struct smack_known **blob = smack_file(file); 1658 1659 *blob = smk_of_current(); 1660 return 0; 1661 } 1662 1663 /** 1664 * smack_file_ioctl - Smack check on ioctls 1665 * @file: the object 1666 * @cmd: what to do 1667 * @arg: unused 1668 * 1669 * Relies heavily on the correct use of the ioctl command conventions. 1670 * 1671 * Returns 0 if allowed, error code otherwise 1672 */ 1673 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1674 unsigned long arg) 1675 { 1676 int rc = 0; 1677 struct smk_audit_info ad; 1678 struct inode *inode = file_inode(file); 1679 1680 if (unlikely(IS_PRIVATE(inode))) 1681 return 0; 1682 1683 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1684 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1685 1686 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1687 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1688 rc = smk_bu_file(file, MAY_WRITE, rc); 1689 } 1690 1691 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1692 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1693 rc = smk_bu_file(file, MAY_READ, rc); 1694 } 1695 1696 return rc; 1697 } 1698 1699 /** 1700 * smack_file_lock - Smack check on file locking 1701 * @file: the object 1702 * @cmd: unused 1703 * 1704 * Returns 0 if current has lock access, error code otherwise 1705 */ 1706 static int smack_file_lock(struct file *file, unsigned int cmd) 1707 { 1708 struct smk_audit_info ad; 1709 int rc; 1710 struct inode *inode = file_inode(file); 1711 1712 if (unlikely(IS_PRIVATE(inode))) 1713 return 0; 1714 1715 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1716 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1717 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1718 rc = smk_bu_file(file, MAY_LOCK, rc); 1719 return rc; 1720 } 1721 1722 /** 1723 * smack_file_fcntl - Smack check on fcntl 1724 * @file: the object 1725 * @cmd: what action to check 1726 * @arg: unused 1727 * 1728 * Generally these operations are harmless. 1729 * File locking operations present an obvious mechanism 1730 * for passing information, so they require write access. 1731 * 1732 * Returns 0 if current has access, error code otherwise 1733 */ 1734 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1735 unsigned long arg) 1736 { 1737 struct smk_audit_info ad; 1738 int rc = 0; 1739 struct inode *inode = file_inode(file); 1740 1741 if (unlikely(IS_PRIVATE(inode))) 1742 return 0; 1743 1744 switch (cmd) { 1745 case F_GETLK: 1746 break; 1747 case F_SETLK: 1748 case F_SETLKW: 1749 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1750 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1751 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1752 rc = smk_bu_file(file, MAY_LOCK, rc); 1753 break; 1754 case F_SETOWN: 1755 case F_SETSIG: 1756 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1757 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1758 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1759 rc = smk_bu_file(file, MAY_WRITE, rc); 1760 break; 1761 default: 1762 break; 1763 } 1764 1765 return rc; 1766 } 1767 1768 /** 1769 * smack_mmap_file - Check permissions for a mmap operation. 1770 * @file: contains the file structure for file to map (may be NULL). 1771 * @reqprot: contains the protection requested by the application. 1772 * @prot: contains the protection that will be applied by the kernel. 1773 * @flags: contains the operational flags. 1774 * 1775 * The @file may be NULL, e.g. if mapping anonymous memory. 1776 * 1777 * Return 0 if permission is granted. 1778 */ 1779 static int smack_mmap_file(struct file *file, 1780 unsigned long reqprot, unsigned long prot, 1781 unsigned long flags) 1782 { 1783 struct smack_known *skp; 1784 struct smack_known *mkp; 1785 struct smack_rule *srp; 1786 struct task_smack *tsp; 1787 struct smack_known *okp; 1788 struct inode_smack *isp; 1789 struct superblock_smack *sbsp; 1790 int may; 1791 int mmay; 1792 int tmay; 1793 int rc; 1794 1795 if (file == NULL) 1796 return 0; 1797 1798 if (unlikely(IS_PRIVATE(file_inode(file)))) 1799 return 0; 1800 1801 isp = smack_inode(file_inode(file)); 1802 if (isp->smk_mmap == NULL) 1803 return 0; 1804 sbsp = smack_superblock(file_inode(file)->i_sb); 1805 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1806 isp->smk_mmap != sbsp->smk_root) 1807 return -EACCES; 1808 mkp = isp->smk_mmap; 1809 1810 tsp = smack_cred(current_cred()); 1811 skp = smk_of_current(); 1812 rc = 0; 1813 1814 rcu_read_lock(); 1815 /* 1816 * For each Smack rule associated with the subject 1817 * label verify that the SMACK64MMAP also has access 1818 * to that rule's object label. 1819 */ 1820 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1821 okp = srp->smk_object; 1822 /* 1823 * Matching labels always allows access. 1824 */ 1825 if (mkp->smk_known == okp->smk_known) 1826 continue; 1827 /* 1828 * If there is a matching local rule take 1829 * that into account as well. 1830 */ 1831 may = smk_access_entry(srp->smk_subject->smk_known, 1832 okp->smk_known, 1833 &tsp->smk_rules); 1834 if (may == -ENOENT) 1835 may = srp->smk_access; 1836 else 1837 may &= srp->smk_access; 1838 /* 1839 * If may is zero the SMACK64MMAP subject can't 1840 * possibly have less access. 1841 */ 1842 if (may == 0) 1843 continue; 1844 1845 /* 1846 * Fetch the global list entry. 1847 * If there isn't one a SMACK64MMAP subject 1848 * can't have as much access as current. 1849 */ 1850 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1851 &mkp->smk_rules); 1852 if (mmay == -ENOENT) { 1853 rc = -EACCES; 1854 break; 1855 } 1856 /* 1857 * If there is a local entry it modifies the 1858 * potential access, too. 1859 */ 1860 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1861 &tsp->smk_rules); 1862 if (tmay != -ENOENT) 1863 mmay &= tmay; 1864 1865 /* 1866 * If there is any access available to current that is 1867 * not available to a SMACK64MMAP subject 1868 * deny access. 1869 */ 1870 if ((may | mmay) != mmay) { 1871 rc = -EACCES; 1872 break; 1873 } 1874 } 1875 1876 rcu_read_unlock(); 1877 1878 return rc; 1879 } 1880 1881 /** 1882 * smack_file_set_fowner - set the file security blob value 1883 * @file: object in question 1884 * 1885 */ 1886 static void smack_file_set_fowner(struct file *file) 1887 { 1888 struct smack_known **blob = smack_file(file); 1889 1890 *blob = smk_of_current(); 1891 } 1892 1893 /** 1894 * smack_file_send_sigiotask - Smack on sigio 1895 * @tsk: The target task 1896 * @fown: the object the signal come from 1897 * @signum: unused 1898 * 1899 * Allow a privileged task to get signals even if it shouldn't 1900 * 1901 * Returns 0 if a subject with the object's smack could 1902 * write to the task, an error code otherwise. 1903 */ 1904 static int smack_file_send_sigiotask(struct task_struct *tsk, 1905 struct fown_struct *fown, int signum) 1906 { 1907 struct smack_known **blob; 1908 struct smack_known *skp; 1909 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1910 const struct cred *tcred; 1911 struct file *file; 1912 int rc; 1913 struct smk_audit_info ad; 1914 1915 /* 1916 * struct fown_struct is never outside the context of a struct file 1917 */ 1918 file = container_of(fown, struct file, f_owner); 1919 1920 /* we don't log here as rc can be overriden */ 1921 blob = smack_file(file); 1922 skp = *blob; 1923 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1924 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1925 1926 rcu_read_lock(); 1927 tcred = __task_cred(tsk); 1928 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1929 rc = 0; 1930 rcu_read_unlock(); 1931 1932 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1933 smk_ad_setfield_u_tsk(&ad, tsk); 1934 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1935 return rc; 1936 } 1937 1938 /** 1939 * smack_file_receive - Smack file receive check 1940 * @file: the object 1941 * 1942 * Returns 0 if current has access, error code otherwise 1943 */ 1944 static int smack_file_receive(struct file *file) 1945 { 1946 int rc; 1947 int may = 0; 1948 struct smk_audit_info ad; 1949 struct inode *inode = file_inode(file); 1950 struct socket *sock; 1951 struct task_smack *tsp; 1952 struct socket_smack *ssp; 1953 1954 if (unlikely(IS_PRIVATE(inode))) 1955 return 0; 1956 1957 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1958 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1959 1960 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1961 sock = SOCKET_I(inode); 1962 ssp = sock->sk->sk_security; 1963 tsp = smack_cred(current_cred()); 1964 /* 1965 * If the receiving process can't write to the 1966 * passed socket or if the passed socket can't 1967 * write to the receiving process don't accept 1968 * the passed socket. 1969 */ 1970 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1971 rc = smk_bu_file(file, may, rc); 1972 if (rc < 0) 1973 return rc; 1974 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1975 rc = smk_bu_file(file, may, rc); 1976 return rc; 1977 } 1978 /* 1979 * This code relies on bitmasks. 1980 */ 1981 if (file->f_mode & FMODE_READ) 1982 may = MAY_READ; 1983 if (file->f_mode & FMODE_WRITE) 1984 may |= MAY_WRITE; 1985 1986 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1987 rc = smk_bu_file(file, may, rc); 1988 return rc; 1989 } 1990 1991 /** 1992 * smack_file_open - Smack dentry open processing 1993 * @file: the object 1994 * 1995 * Set the security blob in the file structure. 1996 * Allow the open only if the task has read access. There are 1997 * many read operations (e.g. fstat) that you can do with an 1998 * fd even if you have the file open write-only. 1999 * 2000 * Returns 0 if current has access, error code otherwise 2001 */ 2002 static int smack_file_open(struct file *file) 2003 { 2004 struct task_smack *tsp = smack_cred(file->f_cred); 2005 struct inode *inode = file_inode(file); 2006 struct smk_audit_info ad; 2007 int rc; 2008 2009 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 2010 smk_ad_setfield_u_fs_path(&ad, file->f_path); 2011 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 2012 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 2013 2014 return rc; 2015 } 2016 2017 /* 2018 * Task hooks 2019 */ 2020 2021 /** 2022 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 2023 * @cred: the new credentials 2024 * @gfp: the atomicity of any memory allocations 2025 * 2026 * Prepare a blank set of credentials for modification. This must allocate all 2027 * the memory the LSM module might require such that cred_transfer() can 2028 * complete without error. 2029 */ 2030 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 2031 { 2032 init_task_smack(smack_cred(cred), NULL, NULL); 2033 return 0; 2034 } 2035 2036 2037 /** 2038 * smack_cred_free - "free" task-level security credentials 2039 * @cred: the credentials in question 2040 * 2041 */ 2042 static void smack_cred_free(struct cred *cred) 2043 { 2044 struct task_smack *tsp = smack_cred(cred); 2045 struct smack_rule *rp; 2046 struct list_head *l; 2047 struct list_head *n; 2048 2049 smk_destroy_label_list(&tsp->smk_relabel); 2050 2051 list_for_each_safe(l, n, &tsp->smk_rules) { 2052 rp = list_entry(l, struct smack_rule, list); 2053 list_del(&rp->list); 2054 kmem_cache_free(smack_rule_cache, rp); 2055 } 2056 } 2057 2058 /** 2059 * smack_cred_prepare - prepare new set of credentials for modification 2060 * @new: the new credentials 2061 * @old: the original credentials 2062 * @gfp: the atomicity of any memory allocations 2063 * 2064 * Prepare a new set of credentials for modification. 2065 */ 2066 static int smack_cred_prepare(struct cred *new, const struct cred *old, 2067 gfp_t gfp) 2068 { 2069 struct task_smack *old_tsp = smack_cred(old); 2070 struct task_smack *new_tsp = smack_cred(new); 2071 int rc; 2072 2073 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 2074 2075 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 2076 if (rc != 0) 2077 return rc; 2078 2079 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 2080 gfp); 2081 return rc; 2082 } 2083 2084 /** 2085 * smack_cred_transfer - Transfer the old credentials to the new credentials 2086 * @new: the new credentials 2087 * @old: the original credentials 2088 * 2089 * Fill in a set of blank credentials from another set of credentials. 2090 */ 2091 static void smack_cred_transfer(struct cred *new, const struct cred *old) 2092 { 2093 struct task_smack *old_tsp = smack_cred(old); 2094 struct task_smack *new_tsp = smack_cred(new); 2095 2096 new_tsp->smk_task = old_tsp->smk_task; 2097 new_tsp->smk_forked = old_tsp->smk_task; 2098 mutex_init(&new_tsp->smk_rules_lock); 2099 INIT_LIST_HEAD(&new_tsp->smk_rules); 2100 2101 /* cbs copy rule list */ 2102 } 2103 2104 /** 2105 * smack_cred_getsecid - get the secid corresponding to a creds structure 2106 * @cred: the object creds 2107 * @secid: where to put the result 2108 * 2109 * Sets the secid to contain a u32 version of the smack label. 2110 */ 2111 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 2112 { 2113 struct smack_known *skp; 2114 2115 rcu_read_lock(); 2116 skp = smk_of_task(smack_cred(cred)); 2117 *secid = skp->smk_secid; 2118 rcu_read_unlock(); 2119 } 2120 2121 /** 2122 * smack_kernel_act_as - Set the subjective context in a set of credentials 2123 * @new: points to the set of credentials to be modified. 2124 * @secid: specifies the security ID to be set 2125 * 2126 * Set the security data for a kernel service. 2127 */ 2128 static int smack_kernel_act_as(struct cred *new, u32 secid) 2129 { 2130 struct task_smack *new_tsp = smack_cred(new); 2131 2132 new_tsp->smk_task = smack_from_secid(secid); 2133 return 0; 2134 } 2135 2136 /** 2137 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2138 * @new: points to the set of credentials to be modified 2139 * @inode: points to the inode to use as a reference 2140 * 2141 * Set the file creation context in a set of credentials to the same 2142 * as the objective context of the specified inode 2143 */ 2144 static int smack_kernel_create_files_as(struct cred *new, 2145 struct inode *inode) 2146 { 2147 struct inode_smack *isp = smack_inode(inode); 2148 struct task_smack *tsp = smack_cred(new); 2149 2150 tsp->smk_forked = isp->smk_inode; 2151 tsp->smk_task = tsp->smk_forked; 2152 return 0; 2153 } 2154 2155 /** 2156 * smk_curacc_on_task - helper to log task related access 2157 * @p: the task object 2158 * @access: the access requested 2159 * @caller: name of the calling function for audit 2160 * 2161 * Return 0 if access is permitted 2162 */ 2163 static int smk_curacc_on_task(struct task_struct *p, int access, 2164 const char *caller) 2165 { 2166 struct smk_audit_info ad; 2167 struct smack_known *skp = smk_of_task_struct_obj(p); 2168 int rc; 2169 2170 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2171 smk_ad_setfield_u_tsk(&ad, p); 2172 rc = smk_curacc(skp, access, &ad); 2173 rc = smk_bu_task(p, access, rc); 2174 return rc; 2175 } 2176 2177 /** 2178 * smack_task_setpgid - Smack check on setting pgid 2179 * @p: the task object 2180 * @pgid: unused 2181 * 2182 * Return 0 if write access is permitted 2183 */ 2184 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2185 { 2186 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2187 } 2188 2189 /** 2190 * smack_task_getpgid - Smack access check for getpgid 2191 * @p: the object task 2192 * 2193 * Returns 0 if current can read the object task, error code otherwise 2194 */ 2195 static int smack_task_getpgid(struct task_struct *p) 2196 { 2197 return smk_curacc_on_task(p, MAY_READ, __func__); 2198 } 2199 2200 /** 2201 * smack_task_getsid - Smack access check for getsid 2202 * @p: the object task 2203 * 2204 * Returns 0 if current can read the object task, error code otherwise 2205 */ 2206 static int smack_task_getsid(struct task_struct *p) 2207 { 2208 return smk_curacc_on_task(p, MAY_READ, __func__); 2209 } 2210 2211 /** 2212 * smack_current_getsecid_subj - get the subjective secid of the current task 2213 * @secid: where to put the result 2214 * 2215 * Sets the secid to contain a u32 version of the task's subjective smack label. 2216 */ 2217 static void smack_current_getsecid_subj(u32 *secid) 2218 { 2219 struct smack_known *skp = smk_of_current(); 2220 2221 *secid = skp->smk_secid; 2222 } 2223 2224 /** 2225 * smack_task_getsecid_obj - get the objective secid of the task 2226 * @p: the task 2227 * @secid: where to put the result 2228 * 2229 * Sets the secid to contain a u32 version of the task's objective smack label. 2230 */ 2231 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2232 { 2233 struct smack_known *skp = smk_of_task_struct_obj(p); 2234 2235 *secid = skp->smk_secid; 2236 } 2237 2238 /** 2239 * smack_task_setnice - Smack check on setting nice 2240 * @p: the task object 2241 * @nice: unused 2242 * 2243 * Return 0 if write access is permitted 2244 */ 2245 static int smack_task_setnice(struct task_struct *p, int nice) 2246 { 2247 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2248 } 2249 2250 /** 2251 * smack_task_setioprio - Smack check on setting ioprio 2252 * @p: the task object 2253 * @ioprio: unused 2254 * 2255 * Return 0 if write access is permitted 2256 */ 2257 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2258 { 2259 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2260 } 2261 2262 /** 2263 * smack_task_getioprio - Smack check on reading ioprio 2264 * @p: the task object 2265 * 2266 * Return 0 if read access is permitted 2267 */ 2268 static int smack_task_getioprio(struct task_struct *p) 2269 { 2270 return smk_curacc_on_task(p, MAY_READ, __func__); 2271 } 2272 2273 /** 2274 * smack_task_setscheduler - Smack check on setting scheduler 2275 * @p: the task object 2276 * 2277 * Return 0 if read access is permitted 2278 */ 2279 static int smack_task_setscheduler(struct task_struct *p) 2280 { 2281 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2282 } 2283 2284 /** 2285 * smack_task_getscheduler - Smack check on reading scheduler 2286 * @p: the task object 2287 * 2288 * Return 0 if read access is permitted 2289 */ 2290 static int smack_task_getscheduler(struct task_struct *p) 2291 { 2292 return smk_curacc_on_task(p, MAY_READ, __func__); 2293 } 2294 2295 /** 2296 * smack_task_movememory - Smack check on moving memory 2297 * @p: the task object 2298 * 2299 * Return 0 if write access is permitted 2300 */ 2301 static int smack_task_movememory(struct task_struct *p) 2302 { 2303 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2304 } 2305 2306 /** 2307 * smack_task_kill - Smack check on signal delivery 2308 * @p: the task object 2309 * @info: unused 2310 * @sig: unused 2311 * @cred: identifies the cred to use in lieu of current's 2312 * 2313 * Return 0 if write access is permitted 2314 * 2315 */ 2316 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2317 int sig, const struct cred *cred) 2318 { 2319 struct smk_audit_info ad; 2320 struct smack_known *skp; 2321 struct smack_known *tkp = smk_of_task_struct_obj(p); 2322 int rc; 2323 2324 if (!sig) 2325 return 0; /* null signal; existence test */ 2326 2327 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2328 smk_ad_setfield_u_tsk(&ad, p); 2329 /* 2330 * Sending a signal requires that the sender 2331 * can write the receiver. 2332 */ 2333 if (cred == NULL) { 2334 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2335 rc = smk_bu_task(p, MAY_DELIVER, rc); 2336 return rc; 2337 } 2338 /* 2339 * If the cred isn't NULL we're dealing with some USB IO 2340 * specific behavior. This is not clean. For one thing 2341 * we can't take privilege into account. 2342 */ 2343 skp = smk_of_task(smack_cred(cred)); 2344 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2345 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2346 return rc; 2347 } 2348 2349 /** 2350 * smack_task_to_inode - copy task smack into the inode blob 2351 * @p: task to copy from 2352 * @inode: inode to copy to 2353 * 2354 * Sets the smack pointer in the inode security blob 2355 */ 2356 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2357 { 2358 struct inode_smack *isp = smack_inode(inode); 2359 struct smack_known *skp = smk_of_task_struct_obj(p); 2360 2361 isp->smk_inode = skp; 2362 isp->smk_flags |= SMK_INODE_INSTANT; 2363 } 2364 2365 /* 2366 * Socket hooks. 2367 */ 2368 2369 /** 2370 * smack_sk_alloc_security - Allocate a socket blob 2371 * @sk: the socket 2372 * @family: unused 2373 * @gfp_flags: memory allocation flags 2374 * 2375 * Assign Smack pointers to current 2376 * 2377 * Returns 0 on success, -ENOMEM is there's no memory 2378 */ 2379 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2380 { 2381 struct smack_known *skp = smk_of_current(); 2382 struct socket_smack *ssp; 2383 2384 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2385 if (ssp == NULL) 2386 return -ENOMEM; 2387 2388 /* 2389 * Sockets created by kernel threads receive web label. 2390 */ 2391 if (unlikely(current->flags & PF_KTHREAD)) { 2392 ssp->smk_in = &smack_known_web; 2393 ssp->smk_out = &smack_known_web; 2394 } else { 2395 ssp->smk_in = skp; 2396 ssp->smk_out = skp; 2397 } 2398 ssp->smk_packet = NULL; 2399 2400 sk->sk_security = ssp; 2401 2402 return 0; 2403 } 2404 2405 /** 2406 * smack_sk_free_security - Free a socket blob 2407 * @sk: the socket 2408 * 2409 * Clears the blob pointer 2410 */ 2411 static void smack_sk_free_security(struct sock *sk) 2412 { 2413 #ifdef SMACK_IPV6_PORT_LABELING 2414 struct smk_port_label *spp; 2415 2416 if (sk->sk_family == PF_INET6) { 2417 rcu_read_lock(); 2418 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2419 if (spp->smk_sock != sk) 2420 continue; 2421 spp->smk_can_reuse = 1; 2422 break; 2423 } 2424 rcu_read_unlock(); 2425 } 2426 #endif 2427 kfree(sk->sk_security); 2428 } 2429 2430 /** 2431 * smack_sk_clone_security - Copy security context 2432 * @sk: the old socket 2433 * @newsk: the new socket 2434 * 2435 * Copy the security context of the old socket pointer to the cloned 2436 */ 2437 static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk) 2438 { 2439 struct socket_smack *ssp_old = sk->sk_security; 2440 struct socket_smack *ssp_new = newsk->sk_security; 2441 2442 *ssp_new = *ssp_old; 2443 } 2444 2445 /** 2446 * smack_ipv4host_label - check host based restrictions 2447 * @sip: the object end 2448 * 2449 * looks for host based access restrictions 2450 * 2451 * This version will only be appropriate for really small sets of single label 2452 * hosts. The caller is responsible for ensuring that the RCU read lock is 2453 * taken before calling this function. 2454 * 2455 * Returns the label of the far end or NULL if it's not special. 2456 */ 2457 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2458 { 2459 struct smk_net4addr *snp; 2460 struct in_addr *siap = &sip->sin_addr; 2461 2462 if (siap->s_addr == 0) 2463 return NULL; 2464 2465 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2466 /* 2467 * we break after finding the first match because 2468 * the list is sorted from longest to shortest mask 2469 * so we have found the most specific match 2470 */ 2471 if (snp->smk_host.s_addr == 2472 (siap->s_addr & snp->smk_mask.s_addr)) 2473 return snp->smk_label; 2474 2475 return NULL; 2476 } 2477 2478 /* 2479 * smk_ipv6_localhost - Check for local ipv6 host address 2480 * @sip: the address 2481 * 2482 * Returns boolean true if this is the localhost address 2483 */ 2484 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2485 { 2486 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2487 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2488 2489 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2490 ntohs(be16p[7]) == 1) 2491 return true; 2492 return false; 2493 } 2494 2495 /** 2496 * smack_ipv6host_label - check host based restrictions 2497 * @sip: the object end 2498 * 2499 * looks for host based access restrictions 2500 * 2501 * This version will only be appropriate for really small sets of single label 2502 * hosts. The caller is responsible for ensuring that the RCU read lock is 2503 * taken before calling this function. 2504 * 2505 * Returns the label of the far end or NULL if it's not special. 2506 */ 2507 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2508 { 2509 struct smk_net6addr *snp; 2510 struct in6_addr *sap = &sip->sin6_addr; 2511 int i; 2512 int found = 0; 2513 2514 /* 2515 * It's local. Don't look for a host label. 2516 */ 2517 if (smk_ipv6_localhost(sip)) 2518 return NULL; 2519 2520 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2521 /* 2522 * If the label is NULL the entry has 2523 * been renounced. Ignore it. 2524 */ 2525 if (snp->smk_label == NULL) 2526 continue; 2527 /* 2528 * we break after finding the first match because 2529 * the list is sorted from longest to shortest mask 2530 * so we have found the most specific match 2531 */ 2532 for (found = 1, i = 0; i < 8; i++) { 2533 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2534 snp->smk_host.s6_addr16[i]) { 2535 found = 0; 2536 break; 2537 } 2538 } 2539 if (found) 2540 return snp->smk_label; 2541 } 2542 2543 return NULL; 2544 } 2545 2546 /** 2547 * smack_netlbl_add - Set the secattr on a socket 2548 * @sk: the socket 2549 * 2550 * Attach the outbound smack value (smk_out) to the socket. 2551 * 2552 * Returns 0 on success or an error code 2553 */ 2554 static int smack_netlbl_add(struct sock *sk) 2555 { 2556 struct socket_smack *ssp = sk->sk_security; 2557 struct smack_known *skp = ssp->smk_out; 2558 int rc; 2559 2560 local_bh_disable(); 2561 bh_lock_sock_nested(sk); 2562 2563 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2564 switch (rc) { 2565 case 0: 2566 ssp->smk_state = SMK_NETLBL_LABELED; 2567 break; 2568 case -EDESTADDRREQ: 2569 ssp->smk_state = SMK_NETLBL_REQSKB; 2570 rc = 0; 2571 break; 2572 } 2573 2574 bh_unlock_sock(sk); 2575 local_bh_enable(); 2576 2577 return rc; 2578 } 2579 2580 /** 2581 * smack_netlbl_delete - Remove the secattr from a socket 2582 * @sk: the socket 2583 * 2584 * Remove the outbound smack value from a socket 2585 */ 2586 static void smack_netlbl_delete(struct sock *sk) 2587 { 2588 struct socket_smack *ssp = sk->sk_security; 2589 2590 /* 2591 * Take the label off the socket if one is set. 2592 */ 2593 if (ssp->smk_state != SMK_NETLBL_LABELED) 2594 return; 2595 2596 local_bh_disable(); 2597 bh_lock_sock_nested(sk); 2598 netlbl_sock_delattr(sk); 2599 bh_unlock_sock(sk); 2600 local_bh_enable(); 2601 ssp->smk_state = SMK_NETLBL_UNLABELED; 2602 } 2603 2604 /** 2605 * smk_ipv4_check - Perform IPv4 host access checks 2606 * @sk: the socket 2607 * @sap: the destination address 2608 * 2609 * Set the correct secattr for the given socket based on the destination 2610 * address and perform any outbound access checks needed. 2611 * 2612 * Returns 0 on success or an error code. 2613 * 2614 */ 2615 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2616 { 2617 struct smack_known *skp; 2618 int rc = 0; 2619 struct smack_known *hkp; 2620 struct socket_smack *ssp = sk->sk_security; 2621 struct smk_audit_info ad; 2622 2623 rcu_read_lock(); 2624 hkp = smack_ipv4host_label(sap); 2625 if (hkp != NULL) { 2626 #ifdef CONFIG_AUDIT 2627 struct lsm_network_audit net; 2628 2629 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2630 ad.a.u.net->family = sap->sin_family; 2631 ad.a.u.net->dport = sap->sin_port; 2632 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2633 #endif 2634 skp = ssp->smk_out; 2635 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2636 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2637 /* 2638 * Clear the socket netlabel if it's set. 2639 */ 2640 if (!rc) 2641 smack_netlbl_delete(sk); 2642 } 2643 rcu_read_unlock(); 2644 2645 return rc; 2646 } 2647 2648 /** 2649 * smk_ipv6_check - check Smack access 2650 * @subject: subject Smack label 2651 * @object: object Smack label 2652 * @address: address 2653 * @act: the action being taken 2654 * 2655 * Check an IPv6 access 2656 */ 2657 static int smk_ipv6_check(struct smack_known *subject, 2658 struct smack_known *object, 2659 struct sockaddr_in6 *address, int act) 2660 { 2661 #ifdef CONFIG_AUDIT 2662 struct lsm_network_audit net; 2663 #endif 2664 struct smk_audit_info ad; 2665 int rc; 2666 2667 #ifdef CONFIG_AUDIT 2668 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2669 ad.a.u.net->family = PF_INET6; 2670 ad.a.u.net->dport = address->sin6_port; 2671 if (act == SMK_RECEIVING) 2672 ad.a.u.net->v6info.saddr = address->sin6_addr; 2673 else 2674 ad.a.u.net->v6info.daddr = address->sin6_addr; 2675 #endif 2676 rc = smk_access(subject, object, MAY_WRITE, &ad); 2677 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2678 return rc; 2679 } 2680 2681 #ifdef SMACK_IPV6_PORT_LABELING 2682 /** 2683 * smk_ipv6_port_label - Smack port access table management 2684 * @sock: socket 2685 * @address: address 2686 * 2687 * Create or update the port list entry 2688 */ 2689 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2690 { 2691 struct sock *sk = sock->sk; 2692 struct sockaddr_in6 *addr6; 2693 struct socket_smack *ssp = sock->sk->sk_security; 2694 struct smk_port_label *spp; 2695 unsigned short port = 0; 2696 2697 if (address == NULL) { 2698 /* 2699 * This operation is changing the Smack information 2700 * on the bound socket. Take the changes to the port 2701 * as well. 2702 */ 2703 rcu_read_lock(); 2704 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2705 if (sk != spp->smk_sock) 2706 continue; 2707 spp->smk_in = ssp->smk_in; 2708 spp->smk_out = ssp->smk_out; 2709 rcu_read_unlock(); 2710 return; 2711 } 2712 /* 2713 * A NULL address is only used for updating existing 2714 * bound entries. If there isn't one, it's OK. 2715 */ 2716 rcu_read_unlock(); 2717 return; 2718 } 2719 2720 addr6 = (struct sockaddr_in6 *)address; 2721 port = ntohs(addr6->sin6_port); 2722 /* 2723 * This is a special case that is safely ignored. 2724 */ 2725 if (port == 0) 2726 return; 2727 2728 /* 2729 * Look for an existing port list entry. 2730 * This is an indication that a port is getting reused. 2731 */ 2732 rcu_read_lock(); 2733 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2734 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2735 continue; 2736 if (spp->smk_can_reuse != 1) { 2737 rcu_read_unlock(); 2738 return; 2739 } 2740 spp->smk_port = port; 2741 spp->smk_sock = sk; 2742 spp->smk_in = ssp->smk_in; 2743 spp->smk_out = ssp->smk_out; 2744 spp->smk_can_reuse = 0; 2745 rcu_read_unlock(); 2746 return; 2747 } 2748 rcu_read_unlock(); 2749 /* 2750 * A new port entry is required. 2751 */ 2752 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2753 if (spp == NULL) 2754 return; 2755 2756 spp->smk_port = port; 2757 spp->smk_sock = sk; 2758 spp->smk_in = ssp->smk_in; 2759 spp->smk_out = ssp->smk_out; 2760 spp->smk_sock_type = sock->type; 2761 spp->smk_can_reuse = 0; 2762 2763 mutex_lock(&smack_ipv6_lock); 2764 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2765 mutex_unlock(&smack_ipv6_lock); 2766 return; 2767 } 2768 2769 /** 2770 * smk_ipv6_port_check - check Smack port access 2771 * @sk: socket 2772 * @address: address 2773 * @act: the action being taken 2774 * 2775 * Create or update the port list entry 2776 */ 2777 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2778 int act) 2779 { 2780 struct smk_port_label *spp; 2781 struct socket_smack *ssp = sk->sk_security; 2782 struct smack_known *skp = NULL; 2783 unsigned short port; 2784 struct smack_known *object; 2785 2786 if (act == SMK_RECEIVING) { 2787 skp = smack_ipv6host_label(address); 2788 object = ssp->smk_in; 2789 } else { 2790 skp = ssp->smk_out; 2791 object = smack_ipv6host_label(address); 2792 } 2793 2794 /* 2795 * The other end is a single label host. 2796 */ 2797 if (skp != NULL && object != NULL) 2798 return smk_ipv6_check(skp, object, address, act); 2799 if (skp == NULL) 2800 skp = smack_net_ambient; 2801 if (object == NULL) 2802 object = smack_net_ambient; 2803 2804 /* 2805 * It's remote, so port lookup does no good. 2806 */ 2807 if (!smk_ipv6_localhost(address)) 2808 return smk_ipv6_check(skp, object, address, act); 2809 2810 /* 2811 * It's local so the send check has to have passed. 2812 */ 2813 if (act == SMK_RECEIVING) 2814 return 0; 2815 2816 port = ntohs(address->sin6_port); 2817 rcu_read_lock(); 2818 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2819 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2820 continue; 2821 object = spp->smk_in; 2822 if (act == SMK_CONNECTING) 2823 ssp->smk_packet = spp->smk_out; 2824 break; 2825 } 2826 rcu_read_unlock(); 2827 2828 return smk_ipv6_check(skp, object, address, act); 2829 } 2830 #endif 2831 2832 /** 2833 * smack_inode_setsecurity - set smack xattrs 2834 * @inode: the object 2835 * @name: attribute name 2836 * @value: attribute value 2837 * @size: size of the attribute 2838 * @flags: unused 2839 * 2840 * Sets the named attribute in the appropriate blob 2841 * 2842 * Returns 0 on success, or an error code 2843 */ 2844 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2845 const void *value, size_t size, int flags) 2846 { 2847 struct smack_known *skp; 2848 struct inode_smack *nsp = smack_inode(inode); 2849 struct socket_smack *ssp; 2850 struct socket *sock; 2851 int rc = 0; 2852 2853 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2854 return -EINVAL; 2855 2856 skp = smk_import_entry(value, size); 2857 if (IS_ERR(skp)) 2858 return PTR_ERR(skp); 2859 2860 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2861 nsp->smk_inode = skp; 2862 nsp->smk_flags |= SMK_INODE_INSTANT; 2863 return 0; 2864 } 2865 /* 2866 * The rest of the Smack xattrs are only on sockets. 2867 */ 2868 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2869 return -EOPNOTSUPP; 2870 2871 sock = SOCKET_I(inode); 2872 if (sock == NULL || sock->sk == NULL) 2873 return -EOPNOTSUPP; 2874 2875 ssp = sock->sk->sk_security; 2876 2877 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2878 ssp->smk_in = skp; 2879 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2880 ssp->smk_out = skp; 2881 if (sock->sk->sk_family == PF_INET) { 2882 rc = smack_netlbl_add(sock->sk); 2883 if (rc != 0) 2884 printk(KERN_WARNING 2885 "Smack: \"%s\" netlbl error %d.\n", 2886 __func__, -rc); 2887 } 2888 } else 2889 return -EOPNOTSUPP; 2890 2891 #ifdef SMACK_IPV6_PORT_LABELING 2892 if (sock->sk->sk_family == PF_INET6) 2893 smk_ipv6_port_label(sock, NULL); 2894 #endif 2895 2896 return 0; 2897 } 2898 2899 /** 2900 * smack_socket_post_create - finish socket setup 2901 * @sock: the socket 2902 * @family: protocol family 2903 * @type: unused 2904 * @protocol: unused 2905 * @kern: unused 2906 * 2907 * Sets the netlabel information on the socket 2908 * 2909 * Returns 0 on success, and error code otherwise 2910 */ 2911 static int smack_socket_post_create(struct socket *sock, int family, 2912 int type, int protocol, int kern) 2913 { 2914 struct socket_smack *ssp; 2915 2916 if (sock->sk == NULL) 2917 return 0; 2918 2919 /* 2920 * Sockets created by kernel threads receive web label. 2921 */ 2922 if (unlikely(current->flags & PF_KTHREAD)) { 2923 ssp = sock->sk->sk_security; 2924 ssp->smk_in = &smack_known_web; 2925 ssp->smk_out = &smack_known_web; 2926 } 2927 2928 if (family != PF_INET) 2929 return 0; 2930 /* 2931 * Set the outbound netlbl. 2932 */ 2933 return smack_netlbl_add(sock->sk); 2934 } 2935 2936 /** 2937 * smack_socket_socketpair - create socket pair 2938 * @socka: one socket 2939 * @sockb: another socket 2940 * 2941 * Cross reference the peer labels for SO_PEERSEC 2942 * 2943 * Returns 0 2944 */ 2945 static int smack_socket_socketpair(struct socket *socka, 2946 struct socket *sockb) 2947 { 2948 struct socket_smack *asp = socka->sk->sk_security; 2949 struct socket_smack *bsp = sockb->sk->sk_security; 2950 2951 asp->smk_packet = bsp->smk_out; 2952 bsp->smk_packet = asp->smk_out; 2953 2954 return 0; 2955 } 2956 2957 #ifdef SMACK_IPV6_PORT_LABELING 2958 /** 2959 * smack_socket_bind - record port binding information. 2960 * @sock: the socket 2961 * @address: the port address 2962 * @addrlen: size of the address 2963 * 2964 * Records the label bound to a port. 2965 * 2966 * Returns 0 on success, and error code otherwise 2967 */ 2968 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2969 int addrlen) 2970 { 2971 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2972 if (addrlen < SIN6_LEN_RFC2133 || 2973 address->sa_family != AF_INET6) 2974 return -EINVAL; 2975 smk_ipv6_port_label(sock, address); 2976 } 2977 return 0; 2978 } 2979 #endif /* SMACK_IPV6_PORT_LABELING */ 2980 2981 /** 2982 * smack_socket_connect - connect access check 2983 * @sock: the socket 2984 * @sap: the other end 2985 * @addrlen: size of sap 2986 * 2987 * Verifies that a connection may be possible 2988 * 2989 * Returns 0 on success, and error code otherwise 2990 */ 2991 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2992 int addrlen) 2993 { 2994 int rc = 0; 2995 2996 if (sock->sk == NULL) 2997 return 0; 2998 if (sock->sk->sk_family != PF_INET && 2999 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 3000 return 0; 3001 if (addrlen < offsetofend(struct sockaddr, sa_family)) 3002 return 0; 3003 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 3004 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 3005 struct smack_known *rsp = NULL; 3006 3007 if (addrlen < SIN6_LEN_RFC2133) 3008 return 0; 3009 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 3010 rsp = smack_ipv6host_label(sip); 3011 if (rsp != NULL) { 3012 struct socket_smack *ssp = sock->sk->sk_security; 3013 3014 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 3015 SMK_CONNECTING); 3016 } 3017 #ifdef SMACK_IPV6_PORT_LABELING 3018 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 3019 #endif 3020 3021 return rc; 3022 } 3023 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 3024 return 0; 3025 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 3026 return rc; 3027 } 3028 3029 /** 3030 * smack_flags_to_may - convert S_ to MAY_ values 3031 * @flags: the S_ value 3032 * 3033 * Returns the equivalent MAY_ value 3034 */ 3035 static int smack_flags_to_may(int flags) 3036 { 3037 int may = 0; 3038 3039 if (flags & S_IRUGO) 3040 may |= MAY_READ; 3041 if (flags & S_IWUGO) 3042 may |= MAY_WRITE; 3043 if (flags & S_IXUGO) 3044 may |= MAY_EXEC; 3045 3046 return may; 3047 } 3048 3049 /** 3050 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 3051 * @msg: the object 3052 * 3053 * Returns 0 3054 */ 3055 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 3056 { 3057 struct smack_known **blob = smack_msg_msg(msg); 3058 3059 *blob = smk_of_current(); 3060 return 0; 3061 } 3062 3063 /** 3064 * smack_of_ipc - the smack pointer for the ipc 3065 * @isp: the object 3066 * 3067 * Returns a pointer to the smack value 3068 */ 3069 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 3070 { 3071 struct smack_known **blob = smack_ipc(isp); 3072 3073 return *blob; 3074 } 3075 3076 /** 3077 * smack_ipc_alloc_security - Set the security blob for ipc 3078 * @isp: the object 3079 * 3080 * Returns 0 3081 */ 3082 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 3083 { 3084 struct smack_known **blob = smack_ipc(isp); 3085 3086 *blob = smk_of_current(); 3087 return 0; 3088 } 3089 3090 /** 3091 * smk_curacc_shm : check if current has access on shm 3092 * @isp : the object 3093 * @access : access requested 3094 * 3095 * Returns 0 if current has the requested access, error code otherwise 3096 */ 3097 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 3098 { 3099 struct smack_known *ssp = smack_of_ipc(isp); 3100 struct smk_audit_info ad; 3101 int rc; 3102 3103 #ifdef CONFIG_AUDIT 3104 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3105 ad.a.u.ipc_id = isp->id; 3106 #endif 3107 rc = smk_curacc(ssp, access, &ad); 3108 rc = smk_bu_current("shm", ssp, access, rc); 3109 return rc; 3110 } 3111 3112 /** 3113 * smack_shm_associate - Smack access check for shm 3114 * @isp: the object 3115 * @shmflg: access requested 3116 * 3117 * Returns 0 if current has the requested access, error code otherwise 3118 */ 3119 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 3120 { 3121 int may; 3122 3123 may = smack_flags_to_may(shmflg); 3124 return smk_curacc_shm(isp, may); 3125 } 3126 3127 /** 3128 * smack_shm_shmctl - Smack access check for shm 3129 * @isp: the object 3130 * @cmd: what it wants to do 3131 * 3132 * Returns 0 if current has the requested access, error code otherwise 3133 */ 3134 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 3135 { 3136 int may; 3137 3138 switch (cmd) { 3139 case IPC_STAT: 3140 case SHM_STAT: 3141 case SHM_STAT_ANY: 3142 may = MAY_READ; 3143 break; 3144 case IPC_SET: 3145 case SHM_LOCK: 3146 case SHM_UNLOCK: 3147 case IPC_RMID: 3148 may = MAY_READWRITE; 3149 break; 3150 case IPC_INFO: 3151 case SHM_INFO: 3152 /* 3153 * System level information. 3154 */ 3155 return 0; 3156 default: 3157 return -EINVAL; 3158 } 3159 return smk_curacc_shm(isp, may); 3160 } 3161 3162 /** 3163 * smack_shm_shmat - Smack access for shmat 3164 * @isp: the object 3165 * @shmaddr: unused 3166 * @shmflg: access requested 3167 * 3168 * Returns 0 if current has the requested access, error code otherwise 3169 */ 3170 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3171 int shmflg) 3172 { 3173 int may; 3174 3175 may = smack_flags_to_may(shmflg); 3176 return smk_curacc_shm(isp, may); 3177 } 3178 3179 /** 3180 * smk_curacc_sem : check if current has access on sem 3181 * @isp : the object 3182 * @access : access requested 3183 * 3184 * Returns 0 if current has the requested access, error code otherwise 3185 */ 3186 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3187 { 3188 struct smack_known *ssp = smack_of_ipc(isp); 3189 struct smk_audit_info ad; 3190 int rc; 3191 3192 #ifdef CONFIG_AUDIT 3193 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3194 ad.a.u.ipc_id = isp->id; 3195 #endif 3196 rc = smk_curacc(ssp, access, &ad); 3197 rc = smk_bu_current("sem", ssp, access, rc); 3198 return rc; 3199 } 3200 3201 /** 3202 * smack_sem_associate - Smack access check for sem 3203 * @isp: the object 3204 * @semflg: access requested 3205 * 3206 * Returns 0 if current has the requested access, error code otherwise 3207 */ 3208 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3209 { 3210 int may; 3211 3212 may = smack_flags_to_may(semflg); 3213 return smk_curacc_sem(isp, may); 3214 } 3215 3216 /** 3217 * smack_sem_semctl - Smack access check for sem 3218 * @isp: the object 3219 * @cmd: what it wants to do 3220 * 3221 * Returns 0 if current has the requested access, error code otherwise 3222 */ 3223 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3224 { 3225 int may; 3226 3227 switch (cmd) { 3228 case GETPID: 3229 case GETNCNT: 3230 case GETZCNT: 3231 case GETVAL: 3232 case GETALL: 3233 case IPC_STAT: 3234 case SEM_STAT: 3235 case SEM_STAT_ANY: 3236 may = MAY_READ; 3237 break; 3238 case SETVAL: 3239 case SETALL: 3240 case IPC_RMID: 3241 case IPC_SET: 3242 may = MAY_READWRITE; 3243 break; 3244 case IPC_INFO: 3245 case SEM_INFO: 3246 /* 3247 * System level information 3248 */ 3249 return 0; 3250 default: 3251 return -EINVAL; 3252 } 3253 3254 return smk_curacc_sem(isp, may); 3255 } 3256 3257 /** 3258 * smack_sem_semop - Smack checks of semaphore operations 3259 * @isp: the object 3260 * @sops: unused 3261 * @nsops: unused 3262 * @alter: unused 3263 * 3264 * Treated as read and write in all cases. 3265 * 3266 * Returns 0 if access is allowed, error code otherwise 3267 */ 3268 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3269 unsigned nsops, int alter) 3270 { 3271 return smk_curacc_sem(isp, MAY_READWRITE); 3272 } 3273 3274 /** 3275 * smk_curacc_msq : helper to check if current has access on msq 3276 * @isp : the msq 3277 * @access : access requested 3278 * 3279 * return 0 if current has access, error otherwise 3280 */ 3281 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3282 { 3283 struct smack_known *msp = smack_of_ipc(isp); 3284 struct smk_audit_info ad; 3285 int rc; 3286 3287 #ifdef CONFIG_AUDIT 3288 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3289 ad.a.u.ipc_id = isp->id; 3290 #endif 3291 rc = smk_curacc(msp, access, &ad); 3292 rc = smk_bu_current("msq", msp, access, rc); 3293 return rc; 3294 } 3295 3296 /** 3297 * smack_msg_queue_associate - Smack access check for msg_queue 3298 * @isp: the object 3299 * @msqflg: access requested 3300 * 3301 * Returns 0 if current has the requested access, error code otherwise 3302 */ 3303 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3304 { 3305 int may; 3306 3307 may = smack_flags_to_may(msqflg); 3308 return smk_curacc_msq(isp, may); 3309 } 3310 3311 /** 3312 * smack_msg_queue_msgctl - Smack access check for msg_queue 3313 * @isp: the object 3314 * @cmd: what it wants to do 3315 * 3316 * Returns 0 if current has the requested access, error code otherwise 3317 */ 3318 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3319 { 3320 int may; 3321 3322 switch (cmd) { 3323 case IPC_STAT: 3324 case MSG_STAT: 3325 case MSG_STAT_ANY: 3326 may = MAY_READ; 3327 break; 3328 case IPC_SET: 3329 case IPC_RMID: 3330 may = MAY_READWRITE; 3331 break; 3332 case IPC_INFO: 3333 case MSG_INFO: 3334 /* 3335 * System level information 3336 */ 3337 return 0; 3338 default: 3339 return -EINVAL; 3340 } 3341 3342 return smk_curacc_msq(isp, may); 3343 } 3344 3345 /** 3346 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3347 * @isp: the object 3348 * @msg: unused 3349 * @msqflg: access requested 3350 * 3351 * Returns 0 if current has the requested access, error code otherwise 3352 */ 3353 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3354 int msqflg) 3355 { 3356 int may; 3357 3358 may = smack_flags_to_may(msqflg); 3359 return smk_curacc_msq(isp, may); 3360 } 3361 3362 /** 3363 * smack_msg_queue_msgrcv - Smack access check for msg_queue 3364 * @isp: the object 3365 * @msg: unused 3366 * @target: unused 3367 * @type: unused 3368 * @mode: unused 3369 * 3370 * Returns 0 if current has read and write access, error code otherwise 3371 */ 3372 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, 3373 struct msg_msg *msg, 3374 struct task_struct *target, long type, 3375 int mode) 3376 { 3377 return smk_curacc_msq(isp, MAY_READWRITE); 3378 } 3379 3380 /** 3381 * smack_ipc_permission - Smack access for ipc_permission() 3382 * @ipp: the object permissions 3383 * @flag: access requested 3384 * 3385 * Returns 0 if current has read and write access, error code otherwise 3386 */ 3387 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3388 { 3389 struct smack_known **blob = smack_ipc(ipp); 3390 struct smack_known *iskp = *blob; 3391 int may = smack_flags_to_may(flag); 3392 struct smk_audit_info ad; 3393 int rc; 3394 3395 #ifdef CONFIG_AUDIT 3396 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3397 ad.a.u.ipc_id = ipp->id; 3398 #endif 3399 rc = smk_curacc(iskp, may, &ad); 3400 rc = smk_bu_current("svipc", iskp, may, rc); 3401 return rc; 3402 } 3403 3404 /** 3405 * smack_ipc_getsecid - Extract smack security id 3406 * @ipp: the object permissions 3407 * @secid: where result will be saved 3408 */ 3409 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3410 { 3411 struct smack_known **blob = smack_ipc(ipp); 3412 struct smack_known *iskp = *blob; 3413 3414 *secid = iskp->smk_secid; 3415 } 3416 3417 /** 3418 * smack_d_instantiate - Make sure the blob is correct on an inode 3419 * @opt_dentry: dentry where inode will be attached 3420 * @inode: the object 3421 * 3422 * Set the inode's security blob if it hasn't been done already. 3423 */ 3424 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3425 { 3426 struct super_block *sbp; 3427 struct superblock_smack *sbsp; 3428 struct inode_smack *isp; 3429 struct smack_known *skp; 3430 struct smack_known *ckp = smk_of_current(); 3431 struct smack_known *final; 3432 char trattr[TRANS_TRUE_SIZE]; 3433 int transflag = 0; 3434 int rc; 3435 struct dentry *dp; 3436 3437 if (inode == NULL) 3438 return; 3439 3440 isp = smack_inode(inode); 3441 3442 /* 3443 * If the inode is already instantiated 3444 * take the quick way out 3445 */ 3446 if (isp->smk_flags & SMK_INODE_INSTANT) 3447 return; 3448 3449 sbp = inode->i_sb; 3450 sbsp = smack_superblock(sbp); 3451 /* 3452 * We're going to use the superblock default label 3453 * if there's no label on the file. 3454 */ 3455 final = sbsp->smk_default; 3456 3457 /* 3458 * If this is the root inode the superblock 3459 * may be in the process of initialization. 3460 * If that is the case use the root value out 3461 * of the superblock. 3462 */ 3463 if (opt_dentry->d_parent == opt_dentry) { 3464 switch (sbp->s_magic) { 3465 case CGROUP_SUPER_MAGIC: 3466 case CGROUP2_SUPER_MAGIC: 3467 /* 3468 * The cgroup filesystem is never mounted, 3469 * so there's no opportunity to set the mount 3470 * options. 3471 */ 3472 sbsp->smk_root = &smack_known_star; 3473 sbsp->smk_default = &smack_known_star; 3474 isp->smk_inode = sbsp->smk_root; 3475 break; 3476 case TMPFS_MAGIC: 3477 /* 3478 * What about shmem/tmpfs anonymous files with dentry 3479 * obtained from d_alloc_pseudo()? 3480 */ 3481 isp->smk_inode = smk_of_current(); 3482 break; 3483 case PIPEFS_MAGIC: 3484 isp->smk_inode = smk_of_current(); 3485 break; 3486 case SOCKFS_MAGIC: 3487 /* 3488 * Socket access is controlled by the socket 3489 * structures associated with the task involved. 3490 */ 3491 isp->smk_inode = &smack_known_star; 3492 break; 3493 default: 3494 isp->smk_inode = sbsp->smk_root; 3495 break; 3496 } 3497 isp->smk_flags |= SMK_INODE_INSTANT; 3498 return; 3499 } 3500 3501 /* 3502 * This is pretty hackish. 3503 * Casey says that we shouldn't have to do 3504 * file system specific code, but it does help 3505 * with keeping it simple. 3506 */ 3507 switch (sbp->s_magic) { 3508 case SMACK_MAGIC: 3509 case CGROUP_SUPER_MAGIC: 3510 case CGROUP2_SUPER_MAGIC: 3511 /* 3512 * Casey says that it's a little embarrassing 3513 * that the smack file system doesn't do 3514 * extended attributes. 3515 * 3516 * Cgroupfs is special 3517 */ 3518 final = &smack_known_star; 3519 break; 3520 case DEVPTS_SUPER_MAGIC: 3521 /* 3522 * devpts seems content with the label of the task. 3523 * Programs that change smack have to treat the 3524 * pty with respect. 3525 */ 3526 final = ckp; 3527 break; 3528 case PROC_SUPER_MAGIC: 3529 /* 3530 * Casey says procfs appears not to care. 3531 * The superblock default suffices. 3532 */ 3533 break; 3534 case TMPFS_MAGIC: 3535 /* 3536 * Device labels should come from the filesystem, 3537 * but watch out, because they're volitile, 3538 * getting recreated on every reboot. 3539 */ 3540 final = &smack_known_star; 3541 /* 3542 * If a smack value has been set we want to use it, 3543 * but since tmpfs isn't giving us the opportunity 3544 * to set mount options simulate setting the 3545 * superblock default. 3546 */ 3547 fallthrough; 3548 default: 3549 /* 3550 * This isn't an understood special case. 3551 * Get the value from the xattr. 3552 */ 3553 3554 /* 3555 * UNIX domain sockets use lower level socket data. 3556 */ 3557 if (S_ISSOCK(inode->i_mode)) { 3558 final = &smack_known_star; 3559 break; 3560 } 3561 /* 3562 * No xattr support means, alas, no SMACK label. 3563 * Use the aforeapplied default. 3564 * It would be curious if the label of the task 3565 * does not match that assigned. 3566 */ 3567 if (!(inode->i_opflags & IOP_XATTR)) 3568 break; 3569 /* 3570 * Get the dentry for xattr. 3571 */ 3572 dp = dget(opt_dentry); 3573 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3574 if (!IS_ERR_OR_NULL(skp)) 3575 final = skp; 3576 3577 /* 3578 * Transmuting directory 3579 */ 3580 if (S_ISDIR(inode->i_mode)) { 3581 /* 3582 * If this is a new directory and the label was 3583 * transmuted when the inode was initialized 3584 * set the transmute attribute on the directory 3585 * and mark the inode. 3586 * 3587 * If there is a transmute attribute on the 3588 * directory mark the inode. 3589 */ 3590 rc = __vfs_getxattr(dp, inode, 3591 XATTR_NAME_SMACKTRANSMUTE, trattr, 3592 TRANS_TRUE_SIZE); 3593 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3594 TRANS_TRUE_SIZE) != 0) 3595 rc = -EINVAL; 3596 if (rc >= 0) 3597 transflag = SMK_INODE_TRANSMUTE; 3598 } 3599 /* 3600 * Don't let the exec or mmap label be "*" or "@". 3601 */ 3602 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3603 if (IS_ERR(skp) || skp == &smack_known_star || 3604 skp == &smack_known_web) 3605 skp = NULL; 3606 isp->smk_task = skp; 3607 3608 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3609 if (IS_ERR(skp) || skp == &smack_known_star || 3610 skp == &smack_known_web) 3611 skp = NULL; 3612 isp->smk_mmap = skp; 3613 3614 dput(dp); 3615 break; 3616 } 3617 3618 if (final == NULL) 3619 isp->smk_inode = ckp; 3620 else 3621 isp->smk_inode = final; 3622 3623 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3624 3625 return; 3626 } 3627 3628 /** 3629 * smack_getprocattr - Smack process attribute access 3630 * @p: the object task 3631 * @name: the name of the attribute in /proc/.../attr 3632 * @value: where to put the result 3633 * 3634 * Places a copy of the task Smack into value 3635 * 3636 * Returns the length of the smack label or an error code 3637 */ 3638 static int smack_getprocattr(struct task_struct *p, const char *name, char **value) 3639 { 3640 struct smack_known *skp = smk_of_task_struct_obj(p); 3641 char *cp; 3642 int slen; 3643 3644 if (strcmp(name, "current") != 0) 3645 return -EINVAL; 3646 3647 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3648 if (cp == NULL) 3649 return -ENOMEM; 3650 3651 slen = strlen(cp); 3652 *value = cp; 3653 return slen; 3654 } 3655 3656 /** 3657 * smack_setprocattr - Smack process attribute setting 3658 * @name: the name of the attribute in /proc/.../attr 3659 * @value: the value to set 3660 * @size: the size of the value 3661 * 3662 * Sets the Smack value of the task. Only setting self 3663 * is permitted and only with privilege 3664 * 3665 * Returns the length of the smack label or an error code 3666 */ 3667 static int smack_setprocattr(const char *name, void *value, size_t size) 3668 { 3669 struct task_smack *tsp = smack_cred(current_cred()); 3670 struct cred *new; 3671 struct smack_known *skp; 3672 struct smack_known_list_elem *sklep; 3673 int rc; 3674 3675 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3676 return -EPERM; 3677 3678 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3679 return -EINVAL; 3680 3681 if (strcmp(name, "current") != 0) 3682 return -EINVAL; 3683 3684 skp = smk_import_entry(value, size); 3685 if (IS_ERR(skp)) 3686 return PTR_ERR(skp); 3687 3688 /* 3689 * No process is ever allowed the web ("@") label 3690 * and the star ("*") label. 3691 */ 3692 if (skp == &smack_known_web || skp == &smack_known_star) 3693 return -EINVAL; 3694 3695 if (!smack_privileged(CAP_MAC_ADMIN)) { 3696 rc = -EPERM; 3697 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3698 if (sklep->smk_label == skp) { 3699 rc = 0; 3700 break; 3701 } 3702 if (rc) 3703 return rc; 3704 } 3705 3706 new = prepare_creds(); 3707 if (new == NULL) 3708 return -ENOMEM; 3709 3710 tsp = smack_cred(new); 3711 tsp->smk_task = skp; 3712 /* 3713 * process can change its label only once 3714 */ 3715 smk_destroy_label_list(&tsp->smk_relabel); 3716 3717 commit_creds(new); 3718 return size; 3719 } 3720 3721 /** 3722 * smack_unix_stream_connect - Smack access on UDS 3723 * @sock: one sock 3724 * @other: the other sock 3725 * @newsk: unused 3726 * 3727 * Return 0 if a subject with the smack of sock could access 3728 * an object with the smack of other, otherwise an error code 3729 */ 3730 static int smack_unix_stream_connect(struct sock *sock, 3731 struct sock *other, struct sock *newsk) 3732 { 3733 struct smack_known *skp; 3734 struct smack_known *okp; 3735 struct socket_smack *ssp = sock->sk_security; 3736 struct socket_smack *osp = other->sk_security; 3737 struct socket_smack *nsp = newsk->sk_security; 3738 struct smk_audit_info ad; 3739 int rc = 0; 3740 #ifdef CONFIG_AUDIT 3741 struct lsm_network_audit net; 3742 #endif 3743 3744 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3745 skp = ssp->smk_out; 3746 okp = osp->smk_in; 3747 #ifdef CONFIG_AUDIT 3748 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3749 smk_ad_setfield_u_net_sk(&ad, other); 3750 #endif 3751 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3752 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3753 if (rc == 0) { 3754 okp = osp->smk_out; 3755 skp = ssp->smk_in; 3756 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3757 rc = smk_bu_note("UDS connect", okp, skp, 3758 MAY_WRITE, rc); 3759 } 3760 } 3761 3762 /* 3763 * Cross reference the peer labels for SO_PEERSEC. 3764 */ 3765 if (rc == 0) { 3766 nsp->smk_packet = ssp->smk_out; 3767 ssp->smk_packet = osp->smk_out; 3768 } 3769 3770 return rc; 3771 } 3772 3773 /** 3774 * smack_unix_may_send - Smack access on UDS 3775 * @sock: one socket 3776 * @other: the other socket 3777 * 3778 * Return 0 if a subject with the smack of sock could access 3779 * an object with the smack of other, otherwise an error code 3780 */ 3781 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3782 { 3783 struct socket_smack *ssp = sock->sk->sk_security; 3784 struct socket_smack *osp = other->sk->sk_security; 3785 struct smk_audit_info ad; 3786 int rc; 3787 3788 #ifdef CONFIG_AUDIT 3789 struct lsm_network_audit net; 3790 3791 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3792 smk_ad_setfield_u_net_sk(&ad, other->sk); 3793 #endif 3794 3795 if (smack_privileged(CAP_MAC_OVERRIDE)) 3796 return 0; 3797 3798 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3799 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3800 return rc; 3801 } 3802 3803 /** 3804 * smack_socket_sendmsg - Smack check based on destination host 3805 * @sock: the socket 3806 * @msg: the message 3807 * @size: the size of the message 3808 * 3809 * Return 0 if the current subject can write to the destination host. 3810 * For IPv4 this is only a question if the destination is a single label host. 3811 * For IPv6 this is a check against the label of the port. 3812 */ 3813 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3814 int size) 3815 { 3816 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3817 #if IS_ENABLED(CONFIG_IPV6) 3818 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3819 #endif 3820 #ifdef SMACK_IPV6_SECMARK_LABELING 3821 struct socket_smack *ssp = sock->sk->sk_security; 3822 struct smack_known *rsp; 3823 #endif 3824 int rc = 0; 3825 3826 /* 3827 * Perfectly reasonable for this to be NULL 3828 */ 3829 if (sip == NULL) 3830 return 0; 3831 3832 switch (sock->sk->sk_family) { 3833 case AF_INET: 3834 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3835 sip->sin_family != AF_INET) 3836 return -EINVAL; 3837 rc = smk_ipv4_check(sock->sk, sip); 3838 break; 3839 #if IS_ENABLED(CONFIG_IPV6) 3840 case AF_INET6: 3841 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3842 sap->sin6_family != AF_INET6) 3843 return -EINVAL; 3844 #ifdef SMACK_IPV6_SECMARK_LABELING 3845 rsp = smack_ipv6host_label(sap); 3846 if (rsp != NULL) 3847 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3848 SMK_CONNECTING); 3849 #endif 3850 #ifdef SMACK_IPV6_PORT_LABELING 3851 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3852 #endif 3853 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3854 break; 3855 } 3856 return rc; 3857 } 3858 3859 /** 3860 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3861 * @sap: netlabel secattr 3862 * @ssp: socket security information 3863 * 3864 * Returns a pointer to a Smack label entry found on the label list. 3865 */ 3866 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3867 struct socket_smack *ssp) 3868 { 3869 struct smack_known *skp; 3870 int found = 0; 3871 int acat; 3872 int kcat; 3873 3874 /* 3875 * Netlabel found it in the cache. 3876 */ 3877 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3878 return (struct smack_known *)sap->cache->data; 3879 3880 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3881 /* 3882 * Looks like a fallback, which gives us a secid. 3883 */ 3884 return smack_from_secid(sap->attr.secid); 3885 3886 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3887 /* 3888 * Looks like a CIPSO packet. 3889 * If there are flags but no level netlabel isn't 3890 * behaving the way we expect it to. 3891 * 3892 * Look it up in the label table 3893 * Without guidance regarding the smack value 3894 * for the packet fall back on the network 3895 * ambient value. 3896 */ 3897 rcu_read_lock(); 3898 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3899 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3900 continue; 3901 /* 3902 * Compare the catsets. Use the netlbl APIs. 3903 */ 3904 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3905 if ((skp->smk_netlabel.flags & 3906 NETLBL_SECATTR_MLS_CAT) == 0) 3907 found = 1; 3908 break; 3909 } 3910 for (acat = -1, kcat = -1; acat == kcat; ) { 3911 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3912 acat + 1); 3913 kcat = netlbl_catmap_walk( 3914 skp->smk_netlabel.attr.mls.cat, 3915 kcat + 1); 3916 if (acat < 0 || kcat < 0) 3917 break; 3918 } 3919 if (acat == kcat) { 3920 found = 1; 3921 break; 3922 } 3923 } 3924 rcu_read_unlock(); 3925 3926 if (found) 3927 return skp; 3928 3929 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3930 return &smack_known_web; 3931 return &smack_known_star; 3932 } 3933 /* 3934 * Without guidance regarding the smack value 3935 * for the packet fall back on the network 3936 * ambient value. 3937 */ 3938 return smack_net_ambient; 3939 } 3940 3941 #if IS_ENABLED(CONFIG_IPV6) 3942 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3943 { 3944 u8 nexthdr; 3945 int offset; 3946 int proto = -EINVAL; 3947 struct ipv6hdr _ipv6h; 3948 struct ipv6hdr *ip6; 3949 __be16 frag_off; 3950 struct tcphdr _tcph, *th; 3951 struct udphdr _udph, *uh; 3952 struct dccp_hdr _dccph, *dh; 3953 3954 sip->sin6_port = 0; 3955 3956 offset = skb_network_offset(skb); 3957 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3958 if (ip6 == NULL) 3959 return -EINVAL; 3960 sip->sin6_addr = ip6->saddr; 3961 3962 nexthdr = ip6->nexthdr; 3963 offset += sizeof(_ipv6h); 3964 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3965 if (offset < 0) 3966 return -EINVAL; 3967 3968 proto = nexthdr; 3969 switch (proto) { 3970 case IPPROTO_TCP: 3971 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3972 if (th != NULL) 3973 sip->sin6_port = th->source; 3974 break; 3975 case IPPROTO_UDP: 3976 case IPPROTO_UDPLITE: 3977 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3978 if (uh != NULL) 3979 sip->sin6_port = uh->source; 3980 break; 3981 case IPPROTO_DCCP: 3982 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3983 if (dh != NULL) 3984 sip->sin6_port = dh->dccph_sport; 3985 break; 3986 } 3987 return proto; 3988 } 3989 #endif /* CONFIG_IPV6 */ 3990 3991 /** 3992 * smack_from_skb - Smack data from the secmark in an skb 3993 * @skb: packet 3994 * 3995 * Returns smack_known of the secmark or NULL if that won't work. 3996 */ 3997 #ifdef CONFIG_NETWORK_SECMARK 3998 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3999 { 4000 if (skb == NULL || skb->secmark == 0) 4001 return NULL; 4002 4003 return smack_from_secid(skb->secmark); 4004 } 4005 #else 4006 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 4007 { 4008 return NULL; 4009 } 4010 #endif 4011 4012 /** 4013 * smack_from_netlbl - Smack data from the IP options in an skb 4014 * @sk: socket data came in on 4015 * @family: address family 4016 * @skb: packet 4017 * 4018 * Find the Smack label in the IP options. If it hasn't been 4019 * added to the netlabel cache, add it here. 4020 * 4021 * Returns smack_known of the IP options or NULL if that won't work. 4022 */ 4023 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 4024 struct sk_buff *skb) 4025 { 4026 struct netlbl_lsm_secattr secattr; 4027 struct socket_smack *ssp = NULL; 4028 struct smack_known *skp = NULL; 4029 4030 netlbl_secattr_init(&secattr); 4031 4032 if (sk) 4033 ssp = sk->sk_security; 4034 4035 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 4036 skp = smack_from_secattr(&secattr, ssp); 4037 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 4038 netlbl_cache_add(skb, family, &skp->smk_netlabel); 4039 } 4040 4041 netlbl_secattr_destroy(&secattr); 4042 4043 return skp; 4044 } 4045 4046 /** 4047 * smack_socket_sock_rcv_skb - Smack packet delivery access check 4048 * @sk: socket 4049 * @skb: packet 4050 * 4051 * Returns 0 if the packet should be delivered, an error code otherwise 4052 */ 4053 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 4054 { 4055 struct socket_smack *ssp = sk->sk_security; 4056 struct smack_known *skp = NULL; 4057 int rc = 0; 4058 struct smk_audit_info ad; 4059 u16 family = sk->sk_family; 4060 #ifdef CONFIG_AUDIT 4061 struct lsm_network_audit net; 4062 #endif 4063 #if IS_ENABLED(CONFIG_IPV6) 4064 struct sockaddr_in6 sadd; 4065 int proto; 4066 4067 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 4068 family = PF_INET; 4069 #endif /* CONFIG_IPV6 */ 4070 4071 switch (family) { 4072 case PF_INET: 4073 /* 4074 * If there is a secmark use it rather than the CIPSO label. 4075 * If there is no secmark fall back to CIPSO. 4076 * The secmark is assumed to reflect policy better. 4077 */ 4078 skp = smack_from_skb(skb); 4079 if (skp == NULL) { 4080 skp = smack_from_netlbl(sk, family, skb); 4081 if (skp == NULL) 4082 skp = smack_net_ambient; 4083 } 4084 4085 #ifdef CONFIG_AUDIT 4086 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4087 ad.a.u.net->family = family; 4088 ad.a.u.net->netif = skb->skb_iif; 4089 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4090 #endif 4091 /* 4092 * Receiving a packet requires that the other end 4093 * be able to write here. Read access is not required. 4094 * This is the simplist possible security model 4095 * for networking. 4096 */ 4097 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4098 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 4099 MAY_WRITE, rc); 4100 if (rc != 0) 4101 netlbl_skbuff_err(skb, family, rc, 0); 4102 break; 4103 #if IS_ENABLED(CONFIG_IPV6) 4104 case PF_INET6: 4105 proto = smk_skb_to_addr_ipv6(skb, &sadd); 4106 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 4107 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 4108 break; 4109 #ifdef SMACK_IPV6_SECMARK_LABELING 4110 skp = smack_from_skb(skb); 4111 if (skp == NULL) { 4112 if (smk_ipv6_localhost(&sadd)) 4113 break; 4114 skp = smack_ipv6host_label(&sadd); 4115 if (skp == NULL) 4116 skp = smack_net_ambient; 4117 } 4118 #ifdef CONFIG_AUDIT 4119 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4120 ad.a.u.net->family = family; 4121 ad.a.u.net->netif = skb->skb_iif; 4122 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 4123 #endif /* CONFIG_AUDIT */ 4124 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4125 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 4126 MAY_WRITE, rc); 4127 #endif /* SMACK_IPV6_SECMARK_LABELING */ 4128 #ifdef SMACK_IPV6_PORT_LABELING 4129 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 4130 #endif /* SMACK_IPV6_PORT_LABELING */ 4131 if (rc != 0) 4132 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 4133 ICMPV6_ADM_PROHIBITED, 0); 4134 break; 4135 #endif /* CONFIG_IPV6 */ 4136 } 4137 4138 return rc; 4139 } 4140 4141 /** 4142 * smack_socket_getpeersec_stream - pull in packet label 4143 * @sock: the socket 4144 * @optval: user's destination 4145 * @optlen: size thereof 4146 * @len: max thereof 4147 * 4148 * returns zero on success, an error code otherwise 4149 */ 4150 static int smack_socket_getpeersec_stream(struct socket *sock, 4151 sockptr_t optval, sockptr_t optlen, 4152 unsigned int len) 4153 { 4154 struct socket_smack *ssp; 4155 char *rcp = ""; 4156 u32 slen = 1; 4157 int rc = 0; 4158 4159 ssp = sock->sk->sk_security; 4160 if (ssp->smk_packet != NULL) { 4161 rcp = ssp->smk_packet->smk_known; 4162 slen = strlen(rcp) + 1; 4163 } 4164 if (slen > len) { 4165 rc = -ERANGE; 4166 goto out_len; 4167 } 4168 4169 if (copy_to_sockptr(optval, rcp, slen)) 4170 rc = -EFAULT; 4171 out_len: 4172 if (copy_to_sockptr(optlen, &slen, sizeof(slen))) 4173 rc = -EFAULT; 4174 return rc; 4175 } 4176 4177 4178 /** 4179 * smack_socket_getpeersec_dgram - pull in packet label 4180 * @sock: the peer socket 4181 * @skb: packet data 4182 * @secid: pointer to where to put the secid of the packet 4183 * 4184 * Sets the netlabel socket state on sk from parent 4185 */ 4186 static int smack_socket_getpeersec_dgram(struct socket *sock, 4187 struct sk_buff *skb, u32 *secid) 4188 4189 { 4190 struct socket_smack *ssp = NULL; 4191 struct smack_known *skp; 4192 struct sock *sk = NULL; 4193 int family = PF_UNSPEC; 4194 u32 s = 0; /* 0 is the invalid secid */ 4195 4196 if (skb != NULL) { 4197 if (skb->protocol == htons(ETH_P_IP)) 4198 family = PF_INET; 4199 #if IS_ENABLED(CONFIG_IPV6) 4200 else if (skb->protocol == htons(ETH_P_IPV6)) 4201 family = PF_INET6; 4202 #endif /* CONFIG_IPV6 */ 4203 } 4204 if (family == PF_UNSPEC && sock != NULL) 4205 family = sock->sk->sk_family; 4206 4207 switch (family) { 4208 case PF_UNIX: 4209 ssp = sock->sk->sk_security; 4210 s = ssp->smk_out->smk_secid; 4211 break; 4212 case PF_INET: 4213 skp = smack_from_skb(skb); 4214 if (skp) { 4215 s = skp->smk_secid; 4216 break; 4217 } 4218 /* 4219 * Translate what netlabel gave us. 4220 */ 4221 if (sock != NULL) 4222 sk = sock->sk; 4223 skp = smack_from_netlbl(sk, family, skb); 4224 if (skp != NULL) 4225 s = skp->smk_secid; 4226 break; 4227 case PF_INET6: 4228 #ifdef SMACK_IPV6_SECMARK_LABELING 4229 skp = smack_from_skb(skb); 4230 if (skp) 4231 s = skp->smk_secid; 4232 #endif 4233 break; 4234 } 4235 *secid = s; 4236 if (s == 0) 4237 return -EINVAL; 4238 return 0; 4239 } 4240 4241 /** 4242 * smack_sock_graft - Initialize a newly created socket with an existing sock 4243 * @sk: child sock 4244 * @parent: parent socket 4245 * 4246 * Set the smk_{in,out} state of an existing sock based on the process that 4247 * is creating the new socket. 4248 */ 4249 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4250 { 4251 struct socket_smack *ssp; 4252 struct smack_known *skp = smk_of_current(); 4253 4254 if (sk == NULL || 4255 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4256 return; 4257 4258 ssp = sk->sk_security; 4259 ssp->smk_in = skp; 4260 ssp->smk_out = skp; 4261 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4262 } 4263 4264 /** 4265 * smack_inet_conn_request - Smack access check on connect 4266 * @sk: socket involved 4267 * @skb: packet 4268 * @req: unused 4269 * 4270 * Returns 0 if a task with the packet label could write to 4271 * the socket, otherwise an error code 4272 */ 4273 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4274 struct request_sock *req) 4275 { 4276 u16 family = sk->sk_family; 4277 struct smack_known *skp; 4278 struct socket_smack *ssp = sk->sk_security; 4279 struct sockaddr_in addr; 4280 struct iphdr *hdr; 4281 struct smack_known *hskp; 4282 int rc; 4283 struct smk_audit_info ad; 4284 #ifdef CONFIG_AUDIT 4285 struct lsm_network_audit net; 4286 #endif 4287 4288 #if IS_ENABLED(CONFIG_IPV6) 4289 if (family == PF_INET6) { 4290 /* 4291 * Handle mapped IPv4 packets arriving 4292 * via IPv6 sockets. Don't set up netlabel 4293 * processing on IPv6. 4294 */ 4295 if (skb->protocol == htons(ETH_P_IP)) 4296 family = PF_INET; 4297 else 4298 return 0; 4299 } 4300 #endif /* CONFIG_IPV6 */ 4301 4302 /* 4303 * If there is a secmark use it rather than the CIPSO label. 4304 * If there is no secmark fall back to CIPSO. 4305 * The secmark is assumed to reflect policy better. 4306 */ 4307 skp = smack_from_skb(skb); 4308 if (skp == NULL) { 4309 skp = smack_from_netlbl(sk, family, skb); 4310 if (skp == NULL) 4311 skp = &smack_known_huh; 4312 } 4313 4314 #ifdef CONFIG_AUDIT 4315 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4316 ad.a.u.net->family = family; 4317 ad.a.u.net->netif = skb->skb_iif; 4318 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4319 #endif 4320 /* 4321 * Receiving a packet requires that the other end be able to write 4322 * here. Read access is not required. 4323 */ 4324 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4325 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4326 if (rc != 0) 4327 return rc; 4328 4329 /* 4330 * Save the peer's label in the request_sock so we can later setup 4331 * smk_packet in the child socket so that SO_PEERCRED can report it. 4332 */ 4333 req->peer_secid = skp->smk_secid; 4334 4335 /* 4336 * We need to decide if we want to label the incoming connection here 4337 * if we do we only need to label the request_sock and the stack will 4338 * propagate the wire-label to the sock when it is created. 4339 */ 4340 hdr = ip_hdr(skb); 4341 addr.sin_addr.s_addr = hdr->saddr; 4342 rcu_read_lock(); 4343 hskp = smack_ipv4host_label(&addr); 4344 rcu_read_unlock(); 4345 4346 if (hskp == NULL) 4347 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4348 else 4349 netlbl_req_delattr(req); 4350 4351 return rc; 4352 } 4353 4354 /** 4355 * smack_inet_csk_clone - Copy the connection information to the new socket 4356 * @sk: the new socket 4357 * @req: the connection's request_sock 4358 * 4359 * Transfer the connection's peer label to the newly created socket. 4360 */ 4361 static void smack_inet_csk_clone(struct sock *sk, 4362 const struct request_sock *req) 4363 { 4364 struct socket_smack *ssp = sk->sk_security; 4365 struct smack_known *skp; 4366 4367 if (req->peer_secid != 0) { 4368 skp = smack_from_secid(req->peer_secid); 4369 ssp->smk_packet = skp; 4370 } else 4371 ssp->smk_packet = NULL; 4372 } 4373 4374 /* 4375 * Key management security hooks 4376 * 4377 * Casey has not tested key support very heavily. 4378 * The permission check is most likely too restrictive. 4379 * If you care about keys please have a look. 4380 */ 4381 #ifdef CONFIG_KEYS 4382 4383 /** 4384 * smack_key_alloc - Set the key security blob 4385 * @key: object 4386 * @cred: the credentials to use 4387 * @flags: unused 4388 * 4389 * No allocation required 4390 * 4391 * Returns 0 4392 */ 4393 static int smack_key_alloc(struct key *key, const struct cred *cred, 4394 unsigned long flags) 4395 { 4396 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4397 4398 key->security = skp; 4399 return 0; 4400 } 4401 4402 /** 4403 * smack_key_free - Clear the key security blob 4404 * @key: the object 4405 * 4406 * Clear the blob pointer 4407 */ 4408 static void smack_key_free(struct key *key) 4409 { 4410 key->security = NULL; 4411 } 4412 4413 /** 4414 * smack_key_permission - Smack access on a key 4415 * @key_ref: gets to the object 4416 * @cred: the credentials to use 4417 * @need_perm: requested key permission 4418 * 4419 * Return 0 if the task has read and write to the object, 4420 * an error code otherwise 4421 */ 4422 static int smack_key_permission(key_ref_t key_ref, 4423 const struct cred *cred, 4424 enum key_need_perm need_perm) 4425 { 4426 struct key *keyp; 4427 struct smk_audit_info ad; 4428 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4429 int request = 0; 4430 int rc; 4431 4432 /* 4433 * Validate requested permissions 4434 */ 4435 switch (need_perm) { 4436 case KEY_NEED_READ: 4437 case KEY_NEED_SEARCH: 4438 case KEY_NEED_VIEW: 4439 request |= MAY_READ; 4440 break; 4441 case KEY_NEED_WRITE: 4442 case KEY_NEED_LINK: 4443 case KEY_NEED_SETATTR: 4444 request |= MAY_WRITE; 4445 break; 4446 case KEY_NEED_UNSPECIFIED: 4447 case KEY_NEED_UNLINK: 4448 case KEY_SYSADMIN_OVERRIDE: 4449 case KEY_AUTHTOKEN_OVERRIDE: 4450 case KEY_DEFER_PERM_CHECK: 4451 return 0; 4452 default: 4453 return -EINVAL; 4454 } 4455 4456 keyp = key_ref_to_ptr(key_ref); 4457 if (keyp == NULL) 4458 return -EINVAL; 4459 /* 4460 * If the key hasn't been initialized give it access so that 4461 * it may do so. 4462 */ 4463 if (keyp->security == NULL) 4464 return 0; 4465 /* 4466 * This should not occur 4467 */ 4468 if (tkp == NULL) 4469 return -EACCES; 4470 4471 if (smack_privileged(CAP_MAC_OVERRIDE)) 4472 return 0; 4473 4474 #ifdef CONFIG_AUDIT 4475 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4476 ad.a.u.key_struct.key = keyp->serial; 4477 ad.a.u.key_struct.key_desc = keyp->description; 4478 #endif 4479 rc = smk_access(tkp, keyp->security, request, &ad); 4480 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4481 return rc; 4482 } 4483 4484 /* 4485 * smack_key_getsecurity - Smack label tagging the key 4486 * @key points to the key to be queried 4487 * @_buffer points to a pointer that should be set to point to the 4488 * resulting string (if no label or an error occurs). 4489 * Return the length of the string (including terminating NUL) or -ve if 4490 * an error. 4491 * May also return 0 (and a NULL buffer pointer) if there is no label. 4492 */ 4493 static int smack_key_getsecurity(struct key *key, char **_buffer) 4494 { 4495 struct smack_known *skp = key->security; 4496 size_t length; 4497 char *copy; 4498 4499 if (key->security == NULL) { 4500 *_buffer = NULL; 4501 return 0; 4502 } 4503 4504 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4505 if (copy == NULL) 4506 return -ENOMEM; 4507 length = strlen(copy) + 1; 4508 4509 *_buffer = copy; 4510 return length; 4511 } 4512 4513 4514 #ifdef CONFIG_KEY_NOTIFICATIONS 4515 /** 4516 * smack_watch_key - Smack access to watch a key for notifications. 4517 * @key: The key to be watched 4518 * 4519 * Return 0 if the @watch->cred has permission to read from the key object and 4520 * an error otherwise. 4521 */ 4522 static int smack_watch_key(struct key *key) 4523 { 4524 struct smk_audit_info ad; 4525 struct smack_known *tkp = smk_of_current(); 4526 int rc; 4527 4528 if (key == NULL) 4529 return -EINVAL; 4530 /* 4531 * If the key hasn't been initialized give it access so that 4532 * it may do so. 4533 */ 4534 if (key->security == NULL) 4535 return 0; 4536 /* 4537 * This should not occur 4538 */ 4539 if (tkp == NULL) 4540 return -EACCES; 4541 4542 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4543 return 0; 4544 4545 #ifdef CONFIG_AUDIT 4546 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4547 ad.a.u.key_struct.key = key->serial; 4548 ad.a.u.key_struct.key_desc = key->description; 4549 #endif 4550 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4551 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4552 return rc; 4553 } 4554 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4555 #endif /* CONFIG_KEYS */ 4556 4557 #ifdef CONFIG_WATCH_QUEUE 4558 /** 4559 * smack_post_notification - Smack access to post a notification to a queue 4560 * @w_cred: The credentials of the watcher. 4561 * @cred: The credentials of the event source (may be NULL). 4562 * @n: The notification message to be posted. 4563 */ 4564 static int smack_post_notification(const struct cred *w_cred, 4565 const struct cred *cred, 4566 struct watch_notification *n) 4567 { 4568 struct smk_audit_info ad; 4569 struct smack_known *subj, *obj; 4570 int rc; 4571 4572 /* Always let maintenance notifications through. */ 4573 if (n->type == WATCH_TYPE_META) 4574 return 0; 4575 4576 if (!cred) 4577 return 0; 4578 subj = smk_of_task(smack_cred(cred)); 4579 obj = smk_of_task(smack_cred(w_cred)); 4580 4581 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4582 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4583 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4584 return rc; 4585 } 4586 #endif /* CONFIG_WATCH_QUEUE */ 4587 4588 /* 4589 * Smack Audit hooks 4590 * 4591 * Audit requires a unique representation of each Smack specific 4592 * rule. This unique representation is used to distinguish the 4593 * object to be audited from remaining kernel objects and also 4594 * works as a glue between the audit hooks. 4595 * 4596 * Since repository entries are added but never deleted, we'll use 4597 * the smack_known label address related to the given audit rule as 4598 * the needed unique representation. This also better fits the smack 4599 * model where nearly everything is a label. 4600 */ 4601 #ifdef CONFIG_AUDIT 4602 4603 /** 4604 * smack_audit_rule_init - Initialize a smack audit rule 4605 * @field: audit rule fields given from user-space (audit.h) 4606 * @op: required testing operator (=, !=, >, <, ...) 4607 * @rulestr: smack label to be audited 4608 * @vrule: pointer to save our own audit rule representation 4609 * 4610 * Prepare to audit cases where (@field @op @rulestr) is true. 4611 * The label to be audited is created if necessay. 4612 */ 4613 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4614 { 4615 struct smack_known *skp; 4616 char **rule = (char **)vrule; 4617 *rule = NULL; 4618 4619 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4620 return -EINVAL; 4621 4622 if (op != Audit_equal && op != Audit_not_equal) 4623 return -EINVAL; 4624 4625 skp = smk_import_entry(rulestr, 0); 4626 if (IS_ERR(skp)) 4627 return PTR_ERR(skp); 4628 4629 *rule = skp->smk_known; 4630 4631 return 0; 4632 } 4633 4634 /** 4635 * smack_audit_rule_known - Distinguish Smack audit rules 4636 * @krule: rule of interest, in Audit kernel representation format 4637 * 4638 * This is used to filter Smack rules from remaining Audit ones. 4639 * If it's proved that this rule belongs to us, the 4640 * audit_rule_match hook will be called to do the final judgement. 4641 */ 4642 static int smack_audit_rule_known(struct audit_krule *krule) 4643 { 4644 struct audit_field *f; 4645 int i; 4646 4647 for (i = 0; i < krule->field_count; i++) { 4648 f = &krule->fields[i]; 4649 4650 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4651 return 1; 4652 } 4653 4654 return 0; 4655 } 4656 4657 /** 4658 * smack_audit_rule_match - Audit given object ? 4659 * @secid: security id for identifying the object to test 4660 * @field: audit rule flags given from user-space 4661 * @op: required testing operator 4662 * @vrule: smack internal rule presentation 4663 * 4664 * The core Audit hook. It's used to take the decision of 4665 * whether to audit or not to audit a given object. 4666 */ 4667 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4668 { 4669 struct smack_known *skp; 4670 char *rule = vrule; 4671 4672 if (unlikely(!rule)) { 4673 WARN_ONCE(1, "Smack: missing rule\n"); 4674 return -ENOENT; 4675 } 4676 4677 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4678 return 0; 4679 4680 skp = smack_from_secid(secid); 4681 4682 /* 4683 * No need to do string comparisons. If a match occurs, 4684 * both pointers will point to the same smack_known 4685 * label. 4686 */ 4687 if (op == Audit_equal) 4688 return (rule == skp->smk_known); 4689 if (op == Audit_not_equal) 4690 return (rule != skp->smk_known); 4691 4692 return 0; 4693 } 4694 4695 /* 4696 * There is no need for a smack_audit_rule_free hook. 4697 * No memory was allocated. 4698 */ 4699 4700 #endif /* CONFIG_AUDIT */ 4701 4702 /** 4703 * smack_ismaclabel - check if xattr @name references a smack MAC label 4704 * @name: Full xattr name to check. 4705 */ 4706 static int smack_ismaclabel(const char *name) 4707 { 4708 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4709 } 4710 4711 4712 /** 4713 * smack_secid_to_secctx - return the smack label for a secid 4714 * @secid: incoming integer 4715 * @secdata: destination 4716 * @seclen: how long it is 4717 * 4718 * Exists for networking code. 4719 */ 4720 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4721 { 4722 struct smack_known *skp = smack_from_secid(secid); 4723 4724 if (secdata) 4725 *secdata = skp->smk_known; 4726 *seclen = strlen(skp->smk_known); 4727 return 0; 4728 } 4729 4730 /** 4731 * smack_secctx_to_secid - return the secid for a smack label 4732 * @secdata: smack label 4733 * @seclen: how long result is 4734 * @secid: outgoing integer 4735 * 4736 * Exists for audit and networking code. 4737 */ 4738 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4739 { 4740 struct smack_known *skp = smk_find_entry(secdata); 4741 4742 if (skp) 4743 *secid = skp->smk_secid; 4744 else 4745 *secid = 0; 4746 return 0; 4747 } 4748 4749 /* 4750 * There used to be a smack_release_secctx hook 4751 * that did nothing back when hooks were in a vector. 4752 * Now that there's a list such a hook adds cost. 4753 */ 4754 4755 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4756 { 4757 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4758 ctxlen, 0); 4759 } 4760 4761 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4762 { 4763 return __vfs_setxattr_noperm(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK, 4764 ctx, ctxlen, 0); 4765 } 4766 4767 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4768 { 4769 struct smack_known *skp = smk_of_inode(inode); 4770 4771 *ctx = skp->smk_known; 4772 *ctxlen = strlen(skp->smk_known); 4773 return 0; 4774 } 4775 4776 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4777 { 4778 4779 struct task_smack *tsp; 4780 struct smack_known *skp; 4781 struct inode_smack *isp; 4782 struct cred *new_creds = *new; 4783 4784 if (new_creds == NULL) { 4785 new_creds = prepare_creds(); 4786 if (new_creds == NULL) 4787 return -ENOMEM; 4788 } 4789 4790 tsp = smack_cred(new_creds); 4791 4792 /* 4793 * Get label from overlay inode and set it in create_sid 4794 */ 4795 isp = smack_inode(d_inode(dentry)); 4796 skp = isp->smk_inode; 4797 tsp->smk_task = skp; 4798 *new = new_creds; 4799 return 0; 4800 } 4801 4802 static int smack_inode_copy_up_xattr(const char *name) 4803 { 4804 /* 4805 * Return 1 if this is the smack access Smack attribute. 4806 */ 4807 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4808 return 1; 4809 4810 return -EOPNOTSUPP; 4811 } 4812 4813 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4814 struct qstr *name, 4815 const struct cred *old, 4816 struct cred *new) 4817 { 4818 struct task_smack *otsp = smack_cred(old); 4819 struct task_smack *ntsp = smack_cred(new); 4820 struct inode_smack *isp; 4821 int may; 4822 4823 /* 4824 * Use the process credential unless all of 4825 * the transmuting criteria are met 4826 */ 4827 ntsp->smk_task = otsp->smk_task; 4828 4829 /* 4830 * the attribute of the containing directory 4831 */ 4832 isp = smack_inode(d_inode(dentry->d_parent)); 4833 4834 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4835 rcu_read_lock(); 4836 may = smk_access_entry(otsp->smk_task->smk_known, 4837 isp->smk_inode->smk_known, 4838 &otsp->smk_task->smk_rules); 4839 rcu_read_unlock(); 4840 4841 /* 4842 * If the directory is transmuting and the rule 4843 * providing access is transmuting use the containing 4844 * directory label instead of the process label. 4845 */ 4846 if (may > 0 && (may & MAY_TRANSMUTE)) { 4847 ntsp->smk_task = isp->smk_inode; 4848 ntsp->smk_transmuted = ntsp->smk_task; 4849 } 4850 } 4851 return 0; 4852 } 4853 4854 #ifdef CONFIG_IO_URING 4855 /** 4856 * smack_uring_override_creds - Is io_uring cred override allowed? 4857 * @new: the target creds 4858 * 4859 * Check to see if the current task is allowed to override it's credentials 4860 * to service an io_uring operation. 4861 */ 4862 static int smack_uring_override_creds(const struct cred *new) 4863 { 4864 struct task_smack *tsp = smack_cred(current_cred()); 4865 struct task_smack *nsp = smack_cred(new); 4866 4867 /* 4868 * Allow the degenerate case where the new Smack value is 4869 * the same as the current Smack value. 4870 */ 4871 if (tsp->smk_task == nsp->smk_task) 4872 return 0; 4873 4874 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4875 return 0; 4876 4877 return -EPERM; 4878 } 4879 4880 /** 4881 * smack_uring_sqpoll - check if a io_uring polling thread can be created 4882 * 4883 * Check to see if the current task is allowed to create a new io_uring 4884 * kernel polling thread. 4885 */ 4886 static int smack_uring_sqpoll(void) 4887 { 4888 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) 4889 return 0; 4890 4891 return -EPERM; 4892 } 4893 4894 /** 4895 * smack_uring_cmd - check on file operations for io_uring 4896 * @ioucmd: the command in question 4897 * 4898 * Make a best guess about whether a io_uring "command" should 4899 * be allowed. Use the same logic used for determining if the 4900 * file could be opened for read in the absence of better criteria. 4901 */ 4902 static int smack_uring_cmd(struct io_uring_cmd *ioucmd) 4903 { 4904 struct file *file = ioucmd->file; 4905 struct smk_audit_info ad; 4906 struct task_smack *tsp; 4907 struct inode *inode; 4908 int rc; 4909 4910 if (!file) 4911 return -EINVAL; 4912 4913 tsp = smack_cred(file->f_cred); 4914 inode = file_inode(file); 4915 4916 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 4917 smk_ad_setfield_u_fs_path(&ad, file->f_path); 4918 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 4919 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 4920 4921 return rc; 4922 } 4923 4924 #endif /* CONFIG_IO_URING */ 4925 4926 struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { 4927 .lbs_cred = sizeof(struct task_smack), 4928 .lbs_file = sizeof(struct smack_known *), 4929 .lbs_inode = sizeof(struct inode_smack), 4930 .lbs_ipc = sizeof(struct smack_known *), 4931 .lbs_msg_msg = sizeof(struct smack_known *), 4932 .lbs_superblock = sizeof(struct superblock_smack), 4933 .lbs_xattr_count = SMACK_INODE_INIT_XATTRS, 4934 }; 4935 4936 static struct security_hook_list smack_hooks[] __ro_after_init = { 4937 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4938 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4939 LSM_HOOK_INIT(syslog, smack_syslog), 4940 4941 LSM_HOOK_INIT(fs_context_submount, smack_fs_context_submount), 4942 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4943 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4944 4945 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4946 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4947 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4948 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4949 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4950 4951 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4952 4953 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4954 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4955 LSM_HOOK_INIT(inode_link, smack_inode_link), 4956 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4957 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4958 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4959 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4960 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4961 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4962 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4963 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4964 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4965 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4966 LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl), 4967 LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl), 4968 LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl), 4969 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4970 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4971 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4972 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4973 4974 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4975 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4976 LSM_HOOK_INIT(file_ioctl_compat, smack_file_ioctl), 4977 LSM_HOOK_INIT(file_lock, smack_file_lock), 4978 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4979 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4980 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4981 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4982 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4983 LSM_HOOK_INIT(file_receive, smack_file_receive), 4984 4985 LSM_HOOK_INIT(file_open, smack_file_open), 4986 4987 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4988 LSM_HOOK_INIT(cred_free, smack_cred_free), 4989 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4990 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4991 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4992 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4993 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4994 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4995 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4996 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4997 LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj), 4998 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 4999 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 5000 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 5001 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 5002 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 5003 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 5004 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 5005 LSM_HOOK_INIT(task_kill, smack_task_kill), 5006 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 5007 5008 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 5009 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 5010 5011 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 5012 5013 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 5014 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 5015 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 5016 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 5017 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 5018 5019 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 5020 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 5021 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 5022 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 5023 5024 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 5025 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 5026 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 5027 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 5028 5029 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 5030 5031 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 5032 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 5033 5034 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 5035 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 5036 5037 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 5038 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 5039 #ifdef SMACK_IPV6_PORT_LABELING 5040 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 5041 #endif 5042 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 5043 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 5044 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 5045 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 5046 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 5047 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 5048 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 5049 LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security), 5050 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 5051 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 5052 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 5053 5054 /* key management security hooks */ 5055 #ifdef CONFIG_KEYS 5056 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 5057 LSM_HOOK_INIT(key_free, smack_key_free), 5058 LSM_HOOK_INIT(key_permission, smack_key_permission), 5059 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 5060 #ifdef CONFIG_KEY_NOTIFICATIONS 5061 LSM_HOOK_INIT(watch_key, smack_watch_key), 5062 #endif 5063 #endif /* CONFIG_KEYS */ 5064 5065 #ifdef CONFIG_WATCH_QUEUE 5066 LSM_HOOK_INIT(post_notification, smack_post_notification), 5067 #endif 5068 5069 /* Audit hooks */ 5070 #ifdef CONFIG_AUDIT 5071 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 5072 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 5073 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 5074 #endif /* CONFIG_AUDIT */ 5075 5076 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 5077 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 5078 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 5079 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 5080 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 5081 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 5082 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 5083 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 5084 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 5085 #ifdef CONFIG_IO_URING 5086 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds), 5087 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll), 5088 LSM_HOOK_INIT(uring_cmd, smack_uring_cmd), 5089 #endif 5090 }; 5091 5092 5093 static __init void init_smack_known_list(void) 5094 { 5095 /* 5096 * Initialize rule list locks 5097 */ 5098 mutex_init(&smack_known_huh.smk_rules_lock); 5099 mutex_init(&smack_known_hat.smk_rules_lock); 5100 mutex_init(&smack_known_floor.smk_rules_lock); 5101 mutex_init(&smack_known_star.smk_rules_lock); 5102 mutex_init(&smack_known_web.smk_rules_lock); 5103 /* 5104 * Initialize rule lists 5105 */ 5106 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 5107 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 5108 INIT_LIST_HEAD(&smack_known_star.smk_rules); 5109 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 5110 INIT_LIST_HEAD(&smack_known_web.smk_rules); 5111 /* 5112 * Create the known labels list 5113 */ 5114 smk_insert_entry(&smack_known_huh); 5115 smk_insert_entry(&smack_known_hat); 5116 smk_insert_entry(&smack_known_star); 5117 smk_insert_entry(&smack_known_floor); 5118 smk_insert_entry(&smack_known_web); 5119 } 5120 5121 /** 5122 * smack_init - initialize the smack system 5123 * 5124 * Returns 0 on success, -ENOMEM is there's no memory 5125 */ 5126 static __init int smack_init(void) 5127 { 5128 struct cred *cred = (struct cred *) current->cred; 5129 struct task_smack *tsp; 5130 5131 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 5132 if (!smack_rule_cache) 5133 return -ENOMEM; 5134 5135 /* 5136 * Set the security state for the initial task. 5137 */ 5138 tsp = smack_cred(cred); 5139 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 5140 5141 /* 5142 * Register with LSM 5143 */ 5144 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 5145 smack_enabled = 1; 5146 5147 pr_info("Smack: Initializing.\n"); 5148 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 5149 pr_info("Smack: Netfilter enabled.\n"); 5150 #endif 5151 #ifdef SMACK_IPV6_PORT_LABELING 5152 pr_info("Smack: IPv6 port labeling enabled.\n"); 5153 #endif 5154 #ifdef SMACK_IPV6_SECMARK_LABELING 5155 pr_info("Smack: IPv6 Netfilter enabled.\n"); 5156 #endif 5157 5158 /* initialize the smack_known_list */ 5159 init_smack_known_list(); 5160 5161 return 0; 5162 } 5163 5164 /* 5165 * Smack requires early initialization in order to label 5166 * all processes and objects when they are created. 5167 */ 5168 DEFINE_LSM(smack) = { 5169 .name = "smack", 5170 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 5171 .blobs = &smack_blob_sizes, 5172 .init = smack_init, 5173 }; 5174