1 /* 2 * Simplified MAC Kernel (smack) security module 3 * 4 * This file contains the smack hook function implementations. 5 * 6 * Authors: 7 * Casey Schaufler <casey@schaufler-ca.com> 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 9 * 10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 12 * Paul Moore <paul@paul-moore.com> 13 * Copyright (C) 2010 Nokia Corporation 14 * Copyright (C) 2011 Intel Corporation. 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License version 2, 18 * as published by the Free Software Foundation. 19 */ 20 21 #include <linux/xattr.h> 22 #include <linux/pagemap.h> 23 #include <linux/mount.h> 24 #include <linux/stat.h> 25 #include <linux/kd.h> 26 #include <asm/ioctls.h> 27 #include <linux/ip.h> 28 #include <linux/tcp.h> 29 #include <linux/udp.h> 30 #include <linux/dccp.h> 31 #include <linux/slab.h> 32 #include <linux/mutex.h> 33 #include <linux/pipe_fs_i.h> 34 #include <net/cipso_ipv4.h> 35 #include <net/ip.h> 36 #include <net/ipv6.h> 37 #include <linux/audit.h> 38 #include <linux/magic.h> 39 #include <linux/dcache.h> 40 #include <linux/personality.h> 41 #include <linux/msg.h> 42 #include <linux/shm.h> 43 #include <linux/binfmts.h> 44 #include "smack.h" 45 46 #define TRANS_TRUE "TRUE" 47 #define TRANS_TRUE_SIZE 4 48 49 #define SMK_CONNECTING 0 50 #define SMK_RECEIVING 1 51 #define SMK_SENDING 2 52 53 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 54 LIST_HEAD(smk_ipv6_port_list); 55 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 56 static struct kmem_cache *smack_inode_cache; 57 int smack_enabled; 58 59 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 60 static char *smk_bu_mess[] = { 61 "Bringup Error", /* Unused */ 62 "Bringup", /* SMACK_BRINGUP_ALLOW */ 63 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 64 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 65 }; 66 67 static void smk_bu_mode(int mode, char *s) 68 { 69 int i = 0; 70 71 if (mode & MAY_READ) 72 s[i++] = 'r'; 73 if (mode & MAY_WRITE) 74 s[i++] = 'w'; 75 if (mode & MAY_EXEC) 76 s[i++] = 'x'; 77 if (mode & MAY_APPEND) 78 s[i++] = 'a'; 79 if (mode & MAY_TRANSMUTE) 80 s[i++] = 't'; 81 if (mode & MAY_LOCK) 82 s[i++] = 'l'; 83 if (i == 0) 84 s[i++] = '-'; 85 s[i] = '\0'; 86 } 87 #endif 88 89 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 90 static int smk_bu_note(char *note, struct smack_known *sskp, 91 struct smack_known *oskp, int mode, int rc) 92 { 93 char acc[SMK_NUM_ACCESS_TYPE + 1]; 94 95 if (rc <= 0) 96 return rc; 97 if (rc > SMACK_UNCONFINED_OBJECT) 98 rc = 0; 99 100 smk_bu_mode(mode, acc); 101 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 102 sskp->smk_known, oskp->smk_known, acc, note); 103 return 0; 104 } 105 #else 106 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 107 #endif 108 109 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 110 static int smk_bu_current(char *note, struct smack_known *oskp, 111 int mode, int rc) 112 { 113 struct task_smack *tsp = current_security(); 114 char acc[SMK_NUM_ACCESS_TYPE + 1]; 115 116 if (rc <= 0) 117 return rc; 118 if (rc > SMACK_UNCONFINED_OBJECT) 119 rc = 0; 120 121 smk_bu_mode(mode, acc); 122 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 123 tsp->smk_task->smk_known, oskp->smk_known, 124 acc, current->comm, note); 125 return 0; 126 } 127 #else 128 #define smk_bu_current(note, oskp, mode, RC) (RC) 129 #endif 130 131 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 132 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 133 { 134 struct task_smack *tsp = current_security(); 135 struct smack_known *smk_task = smk_of_task_struct(otp); 136 char acc[SMK_NUM_ACCESS_TYPE + 1]; 137 138 if (rc <= 0) 139 return rc; 140 if (rc > SMACK_UNCONFINED_OBJECT) 141 rc = 0; 142 143 smk_bu_mode(mode, acc); 144 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 145 tsp->smk_task->smk_known, smk_task->smk_known, acc, 146 current->comm, otp->comm); 147 return 0; 148 } 149 #else 150 #define smk_bu_task(otp, mode, RC) (RC) 151 #endif 152 153 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 154 static int smk_bu_inode(struct inode *inode, int mode, int rc) 155 { 156 struct task_smack *tsp = current_security(); 157 struct inode_smack *isp = inode->i_security; 158 char acc[SMK_NUM_ACCESS_TYPE + 1]; 159 160 if (isp->smk_flags & SMK_INODE_IMPURE) 161 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 162 inode->i_sb->s_id, inode->i_ino, current->comm); 163 164 if (rc <= 0) 165 return rc; 166 if (rc > SMACK_UNCONFINED_OBJECT) 167 rc = 0; 168 if (rc == SMACK_UNCONFINED_SUBJECT && 169 (mode & (MAY_WRITE | MAY_APPEND))) 170 isp->smk_flags |= SMK_INODE_IMPURE; 171 172 smk_bu_mode(mode, acc); 173 174 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 175 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 176 inode->i_sb->s_id, inode->i_ino, current->comm); 177 return 0; 178 } 179 #else 180 #define smk_bu_inode(inode, mode, RC) (RC) 181 #endif 182 183 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 184 static int smk_bu_file(struct file *file, int mode, int rc) 185 { 186 struct task_smack *tsp = current_security(); 187 struct smack_known *sskp = tsp->smk_task; 188 struct inode *inode = file_inode(file); 189 struct inode_smack *isp = inode->i_security; 190 char acc[SMK_NUM_ACCESS_TYPE + 1]; 191 192 if (isp->smk_flags & SMK_INODE_IMPURE) 193 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 194 inode->i_sb->s_id, inode->i_ino, current->comm); 195 196 if (rc <= 0) 197 return rc; 198 if (rc > SMACK_UNCONFINED_OBJECT) 199 rc = 0; 200 201 smk_bu_mode(mode, acc); 202 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 203 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 204 inode->i_sb->s_id, inode->i_ino, file, 205 current->comm); 206 return 0; 207 } 208 #else 209 #define smk_bu_file(file, mode, RC) (RC) 210 #endif 211 212 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 213 static int smk_bu_credfile(const struct cred *cred, struct file *file, 214 int mode, int rc) 215 { 216 struct task_smack *tsp = cred->security; 217 struct smack_known *sskp = tsp->smk_task; 218 struct inode *inode = file->f_inode; 219 struct inode_smack *isp = inode->i_security; 220 char acc[SMK_NUM_ACCESS_TYPE + 1]; 221 222 if (isp->smk_flags & SMK_INODE_IMPURE) 223 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 224 inode->i_sb->s_id, inode->i_ino, current->comm); 225 226 if (rc <= 0) 227 return rc; 228 if (rc > SMACK_UNCONFINED_OBJECT) 229 rc = 0; 230 231 smk_bu_mode(mode, acc); 232 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 233 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 234 inode->i_sb->s_id, inode->i_ino, file, 235 current->comm); 236 return 0; 237 } 238 #else 239 #define smk_bu_credfile(cred, file, mode, RC) (RC) 240 #endif 241 242 /** 243 * smk_fetch - Fetch the smack label from a file. 244 * @name: type of the label (attribute) 245 * @ip: a pointer to the inode 246 * @dp: a pointer to the dentry 247 * 248 * Returns a pointer to the master list entry for the Smack label 249 * or NULL if there was no label to fetch. 250 */ 251 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 252 struct dentry *dp) 253 { 254 int rc; 255 char *buffer; 256 struct smack_known *skp = NULL; 257 258 if (ip->i_op->getxattr == NULL) 259 return NULL; 260 261 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL); 262 if (buffer == NULL) 263 return NULL; 264 265 rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL); 266 if (rc > 0) 267 skp = smk_import_entry(buffer, rc); 268 269 kfree(buffer); 270 271 return skp; 272 } 273 274 /** 275 * new_inode_smack - allocate an inode security blob 276 * @skp: a pointer to the Smack label entry to use in the blob 277 * 278 * Returns the new blob or NULL if there's no memory available 279 */ 280 struct inode_smack *new_inode_smack(struct smack_known *skp) 281 { 282 struct inode_smack *isp; 283 284 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS); 285 if (isp == NULL) 286 return NULL; 287 288 isp->smk_inode = skp; 289 isp->smk_flags = 0; 290 mutex_init(&isp->smk_lock); 291 292 return isp; 293 } 294 295 /** 296 * new_task_smack - allocate a task security blob 297 * @task: a pointer to the Smack label for the running task 298 * @forked: a pointer to the Smack label for the forked task 299 * @gfp: type of the memory for the allocation 300 * 301 * Returns the new blob or NULL if there's no memory available 302 */ 303 static struct task_smack *new_task_smack(struct smack_known *task, 304 struct smack_known *forked, gfp_t gfp) 305 { 306 struct task_smack *tsp; 307 308 tsp = kzalloc(sizeof(struct task_smack), gfp); 309 if (tsp == NULL) 310 return NULL; 311 312 tsp->smk_task = task; 313 tsp->smk_forked = forked; 314 INIT_LIST_HEAD(&tsp->smk_rules); 315 mutex_init(&tsp->smk_rules_lock); 316 317 return tsp; 318 } 319 320 /** 321 * smk_copy_rules - copy a rule set 322 * @nhead: new rules header pointer 323 * @ohead: old rules header pointer 324 * @gfp: type of the memory for the allocation 325 * 326 * Returns 0 on success, -ENOMEM on error 327 */ 328 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 329 gfp_t gfp) 330 { 331 struct smack_rule *nrp; 332 struct smack_rule *orp; 333 int rc = 0; 334 335 INIT_LIST_HEAD(nhead); 336 337 list_for_each_entry_rcu(orp, ohead, list) { 338 nrp = kzalloc(sizeof(struct smack_rule), gfp); 339 if (nrp == NULL) { 340 rc = -ENOMEM; 341 break; 342 } 343 *nrp = *orp; 344 list_add_rcu(&nrp->list, nhead); 345 } 346 return rc; 347 } 348 349 /** 350 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 351 * @mode - input mode in form of PTRACE_MODE_* 352 * 353 * Returns a converted MAY_* mode usable by smack rules 354 */ 355 static inline unsigned int smk_ptrace_mode(unsigned int mode) 356 { 357 switch (mode) { 358 case PTRACE_MODE_READ: 359 return MAY_READ; 360 case PTRACE_MODE_ATTACH: 361 return MAY_READWRITE; 362 } 363 364 return 0; 365 } 366 367 /** 368 * smk_ptrace_rule_check - helper for ptrace access 369 * @tracer: tracer process 370 * @tracee_known: label entry of the process that's about to be traced 371 * @mode: ptrace attachment mode (PTRACE_MODE_*) 372 * @func: name of the function that called us, used for audit 373 * 374 * Returns 0 on access granted, -error on error 375 */ 376 static int smk_ptrace_rule_check(struct task_struct *tracer, 377 struct smack_known *tracee_known, 378 unsigned int mode, const char *func) 379 { 380 int rc; 381 struct smk_audit_info ad, *saip = NULL; 382 struct task_smack *tsp; 383 struct smack_known *tracer_known; 384 385 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 386 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 387 smk_ad_setfield_u_tsk(&ad, tracer); 388 saip = &ad; 389 } 390 391 rcu_read_lock(); 392 tsp = __task_cred(tracer)->security; 393 tracer_known = smk_of_task(tsp); 394 395 if ((mode & PTRACE_MODE_ATTACH) && 396 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 397 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 398 if (tracer_known->smk_known == tracee_known->smk_known) 399 rc = 0; 400 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 401 rc = -EACCES; 402 else if (capable(CAP_SYS_PTRACE)) 403 rc = 0; 404 else 405 rc = -EACCES; 406 407 if (saip) 408 smack_log(tracer_known->smk_known, 409 tracee_known->smk_known, 410 0, rc, saip); 411 412 rcu_read_unlock(); 413 return rc; 414 } 415 416 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 417 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 418 419 rcu_read_unlock(); 420 return rc; 421 } 422 423 /* 424 * LSM hooks. 425 * We he, that is fun! 426 */ 427 428 /** 429 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 430 * @ctp: child task pointer 431 * @mode: ptrace attachment mode (PTRACE_MODE_*) 432 * 433 * Returns 0 if access is OK, an error code otherwise 434 * 435 * Do the capability checks. 436 */ 437 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 438 { 439 int rc; 440 struct smack_known *skp; 441 442 rc = cap_ptrace_access_check(ctp, mode); 443 if (rc != 0) 444 return rc; 445 446 skp = smk_of_task_struct(ctp); 447 448 rc = smk_ptrace_rule_check(current, skp, mode, __func__); 449 return rc; 450 } 451 452 /** 453 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 454 * @ptp: parent task pointer 455 * 456 * Returns 0 if access is OK, an error code otherwise 457 * 458 * Do the capability checks, and require PTRACE_MODE_ATTACH. 459 */ 460 static int smack_ptrace_traceme(struct task_struct *ptp) 461 { 462 int rc; 463 struct smack_known *skp; 464 465 rc = cap_ptrace_traceme(ptp); 466 if (rc != 0) 467 return rc; 468 469 skp = smk_of_task(current_security()); 470 471 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 472 return rc; 473 } 474 475 /** 476 * smack_syslog - Smack approval on syslog 477 * @type: message type 478 * 479 * Returns 0 on success, error code otherwise. 480 */ 481 static int smack_syslog(int typefrom_file) 482 { 483 int rc = 0; 484 struct smack_known *skp = smk_of_current(); 485 486 if (smack_privileged(CAP_MAC_OVERRIDE)) 487 return 0; 488 489 if (smack_syslog_label != NULL && smack_syslog_label != skp) 490 rc = -EACCES; 491 492 return rc; 493 } 494 495 496 /* 497 * Superblock Hooks. 498 */ 499 500 /** 501 * smack_sb_alloc_security - allocate a superblock blob 502 * @sb: the superblock getting the blob 503 * 504 * Returns 0 on success or -ENOMEM on error. 505 */ 506 static int smack_sb_alloc_security(struct super_block *sb) 507 { 508 struct superblock_smack *sbsp; 509 510 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 511 512 if (sbsp == NULL) 513 return -ENOMEM; 514 515 sbsp->smk_root = &smack_known_floor; 516 sbsp->smk_default = &smack_known_floor; 517 sbsp->smk_floor = &smack_known_floor; 518 sbsp->smk_hat = &smack_known_hat; 519 /* 520 * smk_initialized will be zero from kzalloc. 521 */ 522 sb->s_security = sbsp; 523 524 return 0; 525 } 526 527 /** 528 * smack_sb_free_security - free a superblock blob 529 * @sb: the superblock getting the blob 530 * 531 */ 532 static void smack_sb_free_security(struct super_block *sb) 533 { 534 kfree(sb->s_security); 535 sb->s_security = NULL; 536 } 537 538 /** 539 * smack_sb_copy_data - copy mount options data for processing 540 * @orig: where to start 541 * @smackopts: mount options string 542 * 543 * Returns 0 on success or -ENOMEM on error. 544 * 545 * Copy the Smack specific mount options out of the mount 546 * options list. 547 */ 548 static int smack_sb_copy_data(char *orig, char *smackopts) 549 { 550 char *cp, *commap, *otheropts, *dp; 551 552 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 553 if (otheropts == NULL) 554 return -ENOMEM; 555 556 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 557 if (strstr(cp, SMK_FSDEFAULT) == cp) 558 dp = smackopts; 559 else if (strstr(cp, SMK_FSFLOOR) == cp) 560 dp = smackopts; 561 else if (strstr(cp, SMK_FSHAT) == cp) 562 dp = smackopts; 563 else if (strstr(cp, SMK_FSROOT) == cp) 564 dp = smackopts; 565 else if (strstr(cp, SMK_FSTRANS) == cp) 566 dp = smackopts; 567 else 568 dp = otheropts; 569 570 commap = strchr(cp, ','); 571 if (commap != NULL) 572 *commap = '\0'; 573 574 if (*dp != '\0') 575 strcat(dp, ","); 576 strcat(dp, cp); 577 } 578 579 strcpy(orig, otheropts); 580 free_page((unsigned long)otheropts); 581 582 return 0; 583 } 584 585 /** 586 * smack_sb_kern_mount - Smack specific mount processing 587 * @sb: the file system superblock 588 * @flags: the mount flags 589 * @data: the smack mount options 590 * 591 * Returns 0 on success, an error code on failure 592 */ 593 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 594 { 595 struct dentry *root = sb->s_root; 596 struct inode *inode = d_backing_inode(root); 597 struct superblock_smack *sp = sb->s_security; 598 struct inode_smack *isp; 599 struct smack_known *skp; 600 char *op; 601 char *commap; 602 int transmute = 0; 603 int specified = 0; 604 605 if (sp->smk_initialized) 606 return 0; 607 608 sp->smk_initialized = 1; 609 610 for (op = data; op != NULL; op = commap) { 611 commap = strchr(op, ','); 612 if (commap != NULL) 613 *commap++ = '\0'; 614 615 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { 616 op += strlen(SMK_FSHAT); 617 skp = smk_import_entry(op, 0); 618 if (skp != NULL) { 619 sp->smk_hat = skp; 620 specified = 1; 621 } 622 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { 623 op += strlen(SMK_FSFLOOR); 624 skp = smk_import_entry(op, 0); 625 if (skp != NULL) { 626 sp->smk_floor = skp; 627 specified = 1; 628 } 629 } else if (strncmp(op, SMK_FSDEFAULT, 630 strlen(SMK_FSDEFAULT)) == 0) { 631 op += strlen(SMK_FSDEFAULT); 632 skp = smk_import_entry(op, 0); 633 if (skp != NULL) { 634 sp->smk_default = skp; 635 specified = 1; 636 } 637 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { 638 op += strlen(SMK_FSROOT); 639 skp = smk_import_entry(op, 0); 640 if (skp != NULL) { 641 sp->smk_root = skp; 642 specified = 1; 643 } 644 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) { 645 op += strlen(SMK_FSTRANS); 646 skp = smk_import_entry(op, 0); 647 if (skp != NULL) { 648 sp->smk_root = skp; 649 transmute = 1; 650 specified = 1; 651 } 652 } 653 } 654 655 if (!smack_privileged(CAP_MAC_ADMIN)) { 656 /* 657 * Unprivileged mounts don't get to specify Smack values. 658 */ 659 if (specified) 660 return -EPERM; 661 /* 662 * Unprivileged mounts get root and default from the caller. 663 */ 664 skp = smk_of_current(); 665 sp->smk_root = skp; 666 sp->smk_default = skp; 667 } 668 /* 669 * Initialize the root inode. 670 */ 671 isp = inode->i_security; 672 if (isp == NULL) { 673 isp = new_inode_smack(sp->smk_root); 674 if (isp == NULL) 675 return -ENOMEM; 676 inode->i_security = isp; 677 } else 678 isp->smk_inode = sp->smk_root; 679 680 if (transmute) 681 isp->smk_flags |= SMK_INODE_TRANSMUTE; 682 683 return 0; 684 } 685 686 /** 687 * smack_sb_statfs - Smack check on statfs 688 * @dentry: identifies the file system in question 689 * 690 * Returns 0 if current can read the floor of the filesystem, 691 * and error code otherwise 692 */ 693 static int smack_sb_statfs(struct dentry *dentry) 694 { 695 struct superblock_smack *sbp = dentry->d_sb->s_security; 696 int rc; 697 struct smk_audit_info ad; 698 699 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 700 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 701 702 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 703 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 704 return rc; 705 } 706 707 /* 708 * BPRM hooks 709 */ 710 711 /** 712 * smack_bprm_set_creds - set creds for exec 713 * @bprm: the exec information 714 * 715 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 716 */ 717 static int smack_bprm_set_creds(struct linux_binprm *bprm) 718 { 719 struct inode *inode = file_inode(bprm->file); 720 struct task_smack *bsp = bprm->cred->security; 721 struct inode_smack *isp; 722 int rc; 723 724 rc = cap_bprm_set_creds(bprm); 725 if (rc != 0) 726 return rc; 727 728 if (bprm->cred_prepared) 729 return 0; 730 731 isp = inode->i_security; 732 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 733 return 0; 734 735 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { 736 struct task_struct *tracer; 737 rc = 0; 738 739 rcu_read_lock(); 740 tracer = ptrace_parent(current); 741 if (likely(tracer != NULL)) 742 rc = smk_ptrace_rule_check(tracer, 743 isp->smk_task, 744 PTRACE_MODE_ATTACH, 745 __func__); 746 rcu_read_unlock(); 747 748 if (rc != 0) 749 return rc; 750 } else if (bprm->unsafe) 751 return -EPERM; 752 753 bsp->smk_task = isp->smk_task; 754 bprm->per_clear |= PER_CLEAR_ON_SETID; 755 756 return 0; 757 } 758 759 /** 760 * smack_bprm_committing_creds - Prepare to install the new credentials 761 * from bprm. 762 * 763 * @bprm: binprm for exec 764 */ 765 static void smack_bprm_committing_creds(struct linux_binprm *bprm) 766 { 767 struct task_smack *bsp = bprm->cred->security; 768 769 if (bsp->smk_task != bsp->smk_forked) 770 current->pdeath_signal = 0; 771 } 772 773 /** 774 * smack_bprm_secureexec - Return the decision to use secureexec. 775 * @bprm: binprm for exec 776 * 777 * Returns 0 on success. 778 */ 779 static int smack_bprm_secureexec(struct linux_binprm *bprm) 780 { 781 struct task_smack *tsp = current_security(); 782 int ret = cap_bprm_secureexec(bprm); 783 784 if (!ret && (tsp->smk_task != tsp->smk_forked)) 785 ret = 1; 786 787 return ret; 788 } 789 790 /* 791 * Inode hooks 792 */ 793 794 /** 795 * smack_inode_alloc_security - allocate an inode blob 796 * @inode: the inode in need of a blob 797 * 798 * Returns 0 if it gets a blob, -ENOMEM otherwise 799 */ 800 static int smack_inode_alloc_security(struct inode *inode) 801 { 802 struct smack_known *skp = smk_of_current(); 803 804 inode->i_security = new_inode_smack(skp); 805 if (inode->i_security == NULL) 806 return -ENOMEM; 807 return 0; 808 } 809 810 /** 811 * smack_inode_free_security - free an inode blob 812 * @inode: the inode with a blob 813 * 814 * Clears the blob pointer in inode 815 */ 816 static void smack_inode_free_security(struct inode *inode) 817 { 818 kmem_cache_free(smack_inode_cache, inode->i_security); 819 inode->i_security = NULL; 820 } 821 822 /** 823 * smack_inode_init_security - copy out the smack from an inode 824 * @inode: the newly created inode 825 * @dir: containing directory object 826 * @qstr: unused 827 * @name: where to put the attribute name 828 * @value: where to put the attribute value 829 * @len: where to put the length of the attribute 830 * 831 * Returns 0 if it all works out, -ENOMEM if there's no memory 832 */ 833 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 834 const struct qstr *qstr, const char **name, 835 void **value, size_t *len) 836 { 837 struct inode_smack *issp = inode->i_security; 838 struct smack_known *skp = smk_of_current(); 839 struct smack_known *isp = smk_of_inode(inode); 840 struct smack_known *dsp = smk_of_inode(dir); 841 int may; 842 843 if (name) 844 *name = XATTR_SMACK_SUFFIX; 845 846 if (value && len) { 847 rcu_read_lock(); 848 may = smk_access_entry(skp->smk_known, dsp->smk_known, 849 &skp->smk_rules); 850 rcu_read_unlock(); 851 852 /* 853 * If the access rule allows transmutation and 854 * the directory requests transmutation then 855 * by all means transmute. 856 * Mark the inode as changed. 857 */ 858 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 859 smk_inode_transmutable(dir)) { 860 isp = dsp; 861 issp->smk_flags |= SMK_INODE_CHANGED; 862 } 863 864 *value = kstrdup(isp->smk_known, GFP_NOFS); 865 if (*value == NULL) 866 return -ENOMEM; 867 868 *len = strlen(isp->smk_known); 869 } 870 871 return 0; 872 } 873 874 /** 875 * smack_inode_link - Smack check on link 876 * @old_dentry: the existing object 877 * @dir: unused 878 * @new_dentry: the new object 879 * 880 * Returns 0 if access is permitted, an error code otherwise 881 */ 882 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 883 struct dentry *new_dentry) 884 { 885 struct smack_known *isp; 886 struct smk_audit_info ad; 887 int rc; 888 889 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 890 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 891 892 isp = smk_of_inode(d_backing_inode(old_dentry)); 893 rc = smk_curacc(isp, MAY_WRITE, &ad); 894 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 895 896 if (rc == 0 && d_is_positive(new_dentry)) { 897 isp = smk_of_inode(d_backing_inode(new_dentry)); 898 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 899 rc = smk_curacc(isp, MAY_WRITE, &ad); 900 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 901 } 902 903 return rc; 904 } 905 906 /** 907 * smack_inode_unlink - Smack check on inode deletion 908 * @dir: containing directory object 909 * @dentry: file to unlink 910 * 911 * Returns 0 if current can write the containing directory 912 * and the object, error code otherwise 913 */ 914 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 915 { 916 struct inode *ip = d_backing_inode(dentry); 917 struct smk_audit_info ad; 918 int rc; 919 920 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 921 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 922 923 /* 924 * You need write access to the thing you're unlinking 925 */ 926 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 927 rc = smk_bu_inode(ip, MAY_WRITE, rc); 928 if (rc == 0) { 929 /* 930 * You also need write access to the containing directory 931 */ 932 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 933 smk_ad_setfield_u_fs_inode(&ad, dir); 934 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 935 rc = smk_bu_inode(dir, MAY_WRITE, rc); 936 } 937 return rc; 938 } 939 940 /** 941 * smack_inode_rmdir - Smack check on directory deletion 942 * @dir: containing directory object 943 * @dentry: directory to unlink 944 * 945 * Returns 0 if current can write the containing directory 946 * and the directory, error code otherwise 947 */ 948 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 949 { 950 struct smk_audit_info ad; 951 int rc; 952 953 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 954 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 955 956 /* 957 * You need write access to the thing you're removing 958 */ 959 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 960 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 961 if (rc == 0) { 962 /* 963 * You also need write access to the containing directory 964 */ 965 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 966 smk_ad_setfield_u_fs_inode(&ad, dir); 967 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 968 rc = smk_bu_inode(dir, MAY_WRITE, rc); 969 } 970 971 return rc; 972 } 973 974 /** 975 * smack_inode_rename - Smack check on rename 976 * @old_inode: unused 977 * @old_dentry: the old object 978 * @new_inode: unused 979 * @new_dentry: the new object 980 * 981 * Read and write access is required on both the old and 982 * new directories. 983 * 984 * Returns 0 if access is permitted, an error code otherwise 985 */ 986 static int smack_inode_rename(struct inode *old_inode, 987 struct dentry *old_dentry, 988 struct inode *new_inode, 989 struct dentry *new_dentry) 990 { 991 int rc; 992 struct smack_known *isp; 993 struct smk_audit_info ad; 994 995 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 996 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 997 998 isp = smk_of_inode(d_backing_inode(old_dentry)); 999 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1000 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1001 1002 if (rc == 0 && d_is_positive(new_dentry)) { 1003 isp = smk_of_inode(d_backing_inode(new_dentry)); 1004 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1005 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1006 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1007 } 1008 return rc; 1009 } 1010 1011 /** 1012 * smack_inode_permission - Smack version of permission() 1013 * @inode: the inode in question 1014 * @mask: the access requested 1015 * 1016 * This is the important Smack hook. 1017 * 1018 * Returns 0 if access is permitted, -EACCES otherwise 1019 */ 1020 static int smack_inode_permission(struct inode *inode, int mask) 1021 { 1022 struct smk_audit_info ad; 1023 int no_block = mask & MAY_NOT_BLOCK; 1024 int rc; 1025 1026 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1027 /* 1028 * No permission to check. Existence test. Yup, it's there. 1029 */ 1030 if (mask == 0) 1031 return 0; 1032 1033 /* May be droppable after audit */ 1034 if (no_block) 1035 return -ECHILD; 1036 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1037 smk_ad_setfield_u_fs_inode(&ad, inode); 1038 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1039 rc = smk_bu_inode(inode, mask, rc); 1040 return rc; 1041 } 1042 1043 /** 1044 * smack_inode_setattr - Smack check for setting attributes 1045 * @dentry: the object 1046 * @iattr: for the force flag 1047 * 1048 * Returns 0 if access is permitted, an error code otherwise 1049 */ 1050 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1051 { 1052 struct smk_audit_info ad; 1053 int rc; 1054 1055 /* 1056 * Need to allow for clearing the setuid bit. 1057 */ 1058 if (iattr->ia_valid & ATTR_FORCE) 1059 return 0; 1060 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1061 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1062 1063 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1064 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1065 return rc; 1066 } 1067 1068 /** 1069 * smack_inode_getattr - Smack check for getting attributes 1070 * @mnt: vfsmount of the object 1071 * @dentry: the object 1072 * 1073 * Returns 0 if access is permitted, an error code otherwise 1074 */ 1075 static int smack_inode_getattr(const struct path *path) 1076 { 1077 struct smk_audit_info ad; 1078 struct inode *inode = d_backing_inode(path->dentry); 1079 int rc; 1080 1081 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1082 smk_ad_setfield_u_fs_path(&ad, *path); 1083 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1084 rc = smk_bu_inode(inode, MAY_READ, rc); 1085 return rc; 1086 } 1087 1088 /** 1089 * smack_inode_setxattr - Smack check for setting xattrs 1090 * @dentry: the object 1091 * @name: name of the attribute 1092 * @value: value of the attribute 1093 * @size: size of the value 1094 * @flags: unused 1095 * 1096 * This protects the Smack attribute explicitly. 1097 * 1098 * Returns 0 if access is permitted, an error code otherwise 1099 */ 1100 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 1101 const void *value, size_t size, int flags) 1102 { 1103 struct smk_audit_info ad; 1104 struct smack_known *skp; 1105 int check_priv = 0; 1106 int check_import = 0; 1107 int check_star = 0; 1108 int rc = 0; 1109 1110 /* 1111 * Check label validity here so import won't fail in post_setxattr 1112 */ 1113 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1114 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1115 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1116 check_priv = 1; 1117 check_import = 1; 1118 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1119 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1120 check_priv = 1; 1121 check_import = 1; 1122 check_star = 1; 1123 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1124 check_priv = 1; 1125 if (size != TRANS_TRUE_SIZE || 1126 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1127 rc = -EINVAL; 1128 } else 1129 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1130 1131 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1132 rc = -EPERM; 1133 1134 if (rc == 0 && check_import) { 1135 skp = size ? smk_import_entry(value, size) : NULL; 1136 if (skp == NULL || (check_star && 1137 (skp == &smack_known_star || skp == &smack_known_web))) 1138 rc = -EINVAL; 1139 } 1140 1141 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1142 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1143 1144 if (rc == 0) { 1145 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1146 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1147 } 1148 1149 return rc; 1150 } 1151 1152 /** 1153 * smack_inode_post_setxattr - Apply the Smack update approved above 1154 * @dentry: object 1155 * @name: attribute name 1156 * @value: attribute value 1157 * @size: attribute size 1158 * @flags: unused 1159 * 1160 * Set the pointer in the inode blob to the entry found 1161 * in the master label list. 1162 */ 1163 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1164 const void *value, size_t size, int flags) 1165 { 1166 struct smack_known *skp; 1167 struct inode_smack *isp = d_backing_inode(dentry)->i_security; 1168 1169 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1170 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1171 return; 1172 } 1173 1174 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1175 skp = smk_import_entry(value, size); 1176 if (skp != NULL) 1177 isp->smk_inode = skp; 1178 else 1179 isp->smk_inode = &smack_known_invalid; 1180 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1181 skp = smk_import_entry(value, size); 1182 if (skp != NULL) 1183 isp->smk_task = skp; 1184 else 1185 isp->smk_task = &smack_known_invalid; 1186 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1187 skp = smk_import_entry(value, size); 1188 if (skp != NULL) 1189 isp->smk_mmap = skp; 1190 else 1191 isp->smk_mmap = &smack_known_invalid; 1192 } 1193 1194 return; 1195 } 1196 1197 /** 1198 * smack_inode_getxattr - Smack check on getxattr 1199 * @dentry: the object 1200 * @name: unused 1201 * 1202 * Returns 0 if access is permitted, an error code otherwise 1203 */ 1204 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1205 { 1206 struct smk_audit_info ad; 1207 int rc; 1208 1209 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1210 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1211 1212 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1213 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1214 return rc; 1215 } 1216 1217 /** 1218 * smack_inode_removexattr - Smack check on removexattr 1219 * @dentry: the object 1220 * @name: name of the attribute 1221 * 1222 * Removing the Smack attribute requires CAP_MAC_ADMIN 1223 * 1224 * Returns 0 if access is permitted, an error code otherwise 1225 */ 1226 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 1227 { 1228 struct inode_smack *isp; 1229 struct smk_audit_info ad; 1230 int rc = 0; 1231 1232 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1233 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1234 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1235 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1236 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1237 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1238 if (!smack_privileged(CAP_MAC_ADMIN)) 1239 rc = -EPERM; 1240 } else 1241 rc = cap_inode_removexattr(dentry, name); 1242 1243 if (rc != 0) 1244 return rc; 1245 1246 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1247 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1248 1249 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1250 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1251 if (rc != 0) 1252 return rc; 1253 1254 isp = d_backing_inode(dentry)->i_security; 1255 /* 1256 * Don't do anything special for these. 1257 * XATTR_NAME_SMACKIPIN 1258 * XATTR_NAME_SMACKIPOUT 1259 * XATTR_NAME_SMACKEXEC 1260 */ 1261 if (strcmp(name, XATTR_NAME_SMACK) == 0) 1262 isp->smk_task = NULL; 1263 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1264 isp->smk_mmap = NULL; 1265 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1266 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1267 1268 return 0; 1269 } 1270 1271 /** 1272 * smack_inode_getsecurity - get smack xattrs 1273 * @inode: the object 1274 * @name: attribute name 1275 * @buffer: where to put the result 1276 * @alloc: unused 1277 * 1278 * Returns the size of the attribute or an error code 1279 */ 1280 static int smack_inode_getsecurity(const struct inode *inode, 1281 const char *name, void **buffer, 1282 bool alloc) 1283 { 1284 struct socket_smack *ssp; 1285 struct socket *sock; 1286 struct super_block *sbp; 1287 struct inode *ip = (struct inode *)inode; 1288 struct smack_known *isp; 1289 int ilen; 1290 int rc = 0; 1291 1292 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1293 isp = smk_of_inode(inode); 1294 ilen = strlen(isp->smk_known); 1295 *buffer = isp->smk_known; 1296 return ilen; 1297 } 1298 1299 /* 1300 * The rest of the Smack xattrs are only on sockets. 1301 */ 1302 sbp = ip->i_sb; 1303 if (sbp->s_magic != SOCKFS_MAGIC) 1304 return -EOPNOTSUPP; 1305 1306 sock = SOCKET_I(ip); 1307 if (sock == NULL || sock->sk == NULL) 1308 return -EOPNOTSUPP; 1309 1310 ssp = sock->sk->sk_security; 1311 1312 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1313 isp = ssp->smk_in; 1314 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1315 isp = ssp->smk_out; 1316 else 1317 return -EOPNOTSUPP; 1318 1319 ilen = strlen(isp->smk_known); 1320 if (rc == 0) { 1321 *buffer = isp->smk_known; 1322 rc = ilen; 1323 } 1324 1325 return rc; 1326 } 1327 1328 1329 /** 1330 * smack_inode_listsecurity - list the Smack attributes 1331 * @inode: the object 1332 * @buffer: where they go 1333 * @buffer_size: size of buffer 1334 * 1335 * Returns 0 on success, -EINVAL otherwise 1336 */ 1337 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1338 size_t buffer_size) 1339 { 1340 int len = sizeof(XATTR_NAME_SMACK); 1341 1342 if (buffer != NULL && len <= buffer_size) 1343 memcpy(buffer, XATTR_NAME_SMACK, len); 1344 1345 return len; 1346 } 1347 1348 /** 1349 * smack_inode_getsecid - Extract inode's security id 1350 * @inode: inode to extract the info from 1351 * @secid: where result will be saved 1352 */ 1353 static void smack_inode_getsecid(const struct inode *inode, u32 *secid) 1354 { 1355 struct inode_smack *isp = inode->i_security; 1356 1357 *secid = isp->smk_inode->smk_secid; 1358 } 1359 1360 /* 1361 * File Hooks 1362 */ 1363 1364 /** 1365 * smack_file_permission - Smack check on file operations 1366 * @file: unused 1367 * @mask: unused 1368 * 1369 * Returns 0 1370 * 1371 * Should access checks be done on each read or write? 1372 * UNICOS and SELinux say yes. 1373 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1374 * 1375 * I'll say no for now. Smack does not do the frequent 1376 * label changing that SELinux does. 1377 */ 1378 static int smack_file_permission(struct file *file, int mask) 1379 { 1380 return 0; 1381 } 1382 1383 /** 1384 * smack_file_alloc_security - assign a file security blob 1385 * @file: the object 1386 * 1387 * The security blob for a file is a pointer to the master 1388 * label list, so no allocation is done. 1389 * 1390 * f_security is the owner security information. It 1391 * isn't used on file access checks, it's for send_sigio. 1392 * 1393 * Returns 0 1394 */ 1395 static int smack_file_alloc_security(struct file *file) 1396 { 1397 struct smack_known *skp = smk_of_current(); 1398 1399 file->f_security = skp; 1400 return 0; 1401 } 1402 1403 /** 1404 * smack_file_free_security - clear a file security blob 1405 * @file: the object 1406 * 1407 * The security blob for a file is a pointer to the master 1408 * label list, so no memory is freed. 1409 */ 1410 static void smack_file_free_security(struct file *file) 1411 { 1412 file->f_security = NULL; 1413 } 1414 1415 /** 1416 * smack_file_ioctl - Smack check on ioctls 1417 * @file: the object 1418 * @cmd: what to do 1419 * @arg: unused 1420 * 1421 * Relies heavily on the correct use of the ioctl command conventions. 1422 * 1423 * Returns 0 if allowed, error code otherwise 1424 */ 1425 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1426 unsigned long arg) 1427 { 1428 int rc = 0; 1429 struct smk_audit_info ad; 1430 struct inode *inode = file_inode(file); 1431 1432 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1433 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1434 1435 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1436 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1437 rc = smk_bu_file(file, MAY_WRITE, rc); 1438 } 1439 1440 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1441 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1442 rc = smk_bu_file(file, MAY_READ, rc); 1443 } 1444 1445 return rc; 1446 } 1447 1448 /** 1449 * smack_file_lock - Smack check on file locking 1450 * @file: the object 1451 * @cmd: unused 1452 * 1453 * Returns 0 if current has lock access, error code otherwise 1454 */ 1455 static int smack_file_lock(struct file *file, unsigned int cmd) 1456 { 1457 struct smk_audit_info ad; 1458 int rc; 1459 struct inode *inode = file_inode(file); 1460 1461 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1462 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1463 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1464 rc = smk_bu_file(file, MAY_LOCK, rc); 1465 return rc; 1466 } 1467 1468 /** 1469 * smack_file_fcntl - Smack check on fcntl 1470 * @file: the object 1471 * @cmd: what action to check 1472 * @arg: unused 1473 * 1474 * Generally these operations are harmless. 1475 * File locking operations present an obvious mechanism 1476 * for passing information, so they require write access. 1477 * 1478 * Returns 0 if current has access, error code otherwise 1479 */ 1480 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1481 unsigned long arg) 1482 { 1483 struct smk_audit_info ad; 1484 int rc = 0; 1485 struct inode *inode = file_inode(file); 1486 1487 switch (cmd) { 1488 case F_GETLK: 1489 break; 1490 case F_SETLK: 1491 case F_SETLKW: 1492 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1493 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1494 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1495 rc = smk_bu_file(file, MAY_LOCK, rc); 1496 break; 1497 case F_SETOWN: 1498 case F_SETSIG: 1499 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1500 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1501 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1502 rc = smk_bu_file(file, MAY_WRITE, rc); 1503 break; 1504 default: 1505 break; 1506 } 1507 1508 return rc; 1509 } 1510 1511 /** 1512 * smack_mmap_file : 1513 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1514 * if mapping anonymous memory. 1515 * @file contains the file structure for file to map (may be NULL). 1516 * @reqprot contains the protection requested by the application. 1517 * @prot contains the protection that will be applied by the kernel. 1518 * @flags contains the operational flags. 1519 * Return 0 if permission is granted. 1520 */ 1521 static int smack_mmap_file(struct file *file, 1522 unsigned long reqprot, unsigned long prot, 1523 unsigned long flags) 1524 { 1525 struct smack_known *skp; 1526 struct smack_known *mkp; 1527 struct smack_rule *srp; 1528 struct task_smack *tsp; 1529 struct smack_known *okp; 1530 struct inode_smack *isp; 1531 int may; 1532 int mmay; 1533 int tmay; 1534 int rc; 1535 1536 if (file == NULL) 1537 return 0; 1538 1539 isp = file_inode(file)->i_security; 1540 if (isp->smk_mmap == NULL) 1541 return 0; 1542 mkp = isp->smk_mmap; 1543 1544 tsp = current_security(); 1545 skp = smk_of_current(); 1546 rc = 0; 1547 1548 rcu_read_lock(); 1549 /* 1550 * For each Smack rule associated with the subject 1551 * label verify that the SMACK64MMAP also has access 1552 * to that rule's object label. 1553 */ 1554 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1555 okp = srp->smk_object; 1556 /* 1557 * Matching labels always allows access. 1558 */ 1559 if (mkp->smk_known == okp->smk_known) 1560 continue; 1561 /* 1562 * If there is a matching local rule take 1563 * that into account as well. 1564 */ 1565 may = smk_access_entry(srp->smk_subject->smk_known, 1566 okp->smk_known, 1567 &tsp->smk_rules); 1568 if (may == -ENOENT) 1569 may = srp->smk_access; 1570 else 1571 may &= srp->smk_access; 1572 /* 1573 * If may is zero the SMACK64MMAP subject can't 1574 * possibly have less access. 1575 */ 1576 if (may == 0) 1577 continue; 1578 1579 /* 1580 * Fetch the global list entry. 1581 * If there isn't one a SMACK64MMAP subject 1582 * can't have as much access as current. 1583 */ 1584 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1585 &mkp->smk_rules); 1586 if (mmay == -ENOENT) { 1587 rc = -EACCES; 1588 break; 1589 } 1590 /* 1591 * If there is a local entry it modifies the 1592 * potential access, too. 1593 */ 1594 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1595 &tsp->smk_rules); 1596 if (tmay != -ENOENT) 1597 mmay &= tmay; 1598 1599 /* 1600 * If there is any access available to current that is 1601 * not available to a SMACK64MMAP subject 1602 * deny access. 1603 */ 1604 if ((may | mmay) != mmay) { 1605 rc = -EACCES; 1606 break; 1607 } 1608 } 1609 1610 rcu_read_unlock(); 1611 1612 return rc; 1613 } 1614 1615 /** 1616 * smack_file_set_fowner - set the file security blob value 1617 * @file: object in question 1618 * 1619 */ 1620 static void smack_file_set_fowner(struct file *file) 1621 { 1622 file->f_security = smk_of_current(); 1623 } 1624 1625 /** 1626 * smack_file_send_sigiotask - Smack on sigio 1627 * @tsk: The target task 1628 * @fown: the object the signal come from 1629 * @signum: unused 1630 * 1631 * Allow a privileged task to get signals even if it shouldn't 1632 * 1633 * Returns 0 if a subject with the object's smack could 1634 * write to the task, an error code otherwise. 1635 */ 1636 static int smack_file_send_sigiotask(struct task_struct *tsk, 1637 struct fown_struct *fown, int signum) 1638 { 1639 struct smack_known *skp; 1640 struct smack_known *tkp = smk_of_task(tsk->cred->security); 1641 struct file *file; 1642 int rc; 1643 struct smk_audit_info ad; 1644 1645 /* 1646 * struct fown_struct is never outside the context of a struct file 1647 */ 1648 file = container_of(fown, struct file, f_owner); 1649 1650 /* we don't log here as rc can be overriden */ 1651 skp = file->f_security; 1652 rc = smk_access(skp, tkp, MAY_WRITE, NULL); 1653 rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc); 1654 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1655 rc = 0; 1656 1657 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1658 smk_ad_setfield_u_tsk(&ad, tsk); 1659 smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad); 1660 return rc; 1661 } 1662 1663 /** 1664 * smack_file_receive - Smack file receive check 1665 * @file: the object 1666 * 1667 * Returns 0 if current has access, error code otherwise 1668 */ 1669 static int smack_file_receive(struct file *file) 1670 { 1671 int rc; 1672 int may = 0; 1673 struct smk_audit_info ad; 1674 struct inode *inode = file_inode(file); 1675 1676 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1677 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1678 /* 1679 * This code relies on bitmasks. 1680 */ 1681 if (file->f_mode & FMODE_READ) 1682 may = MAY_READ; 1683 if (file->f_mode & FMODE_WRITE) 1684 may |= MAY_WRITE; 1685 1686 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1687 rc = smk_bu_file(file, may, rc); 1688 return rc; 1689 } 1690 1691 /** 1692 * smack_file_open - Smack dentry open processing 1693 * @file: the object 1694 * @cred: task credential 1695 * 1696 * Set the security blob in the file structure. 1697 * Allow the open only if the task has read access. There are 1698 * many read operations (e.g. fstat) that you can do with an 1699 * fd even if you have the file open write-only. 1700 * 1701 * Returns 0 1702 */ 1703 static int smack_file_open(struct file *file, const struct cred *cred) 1704 { 1705 struct task_smack *tsp = cred->security; 1706 struct inode *inode = file_inode(file); 1707 struct smk_audit_info ad; 1708 int rc; 1709 1710 if (smack_privileged(CAP_MAC_OVERRIDE)) 1711 return 0; 1712 1713 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1714 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1715 rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad); 1716 rc = smk_bu_credfile(cred, file, MAY_READ, rc); 1717 1718 return rc; 1719 } 1720 1721 /* 1722 * Task hooks 1723 */ 1724 1725 /** 1726 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1727 * @new: the new credentials 1728 * @gfp: the atomicity of any memory allocations 1729 * 1730 * Prepare a blank set of credentials for modification. This must allocate all 1731 * the memory the LSM module might require such that cred_transfer() can 1732 * complete without error. 1733 */ 1734 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1735 { 1736 struct task_smack *tsp; 1737 1738 tsp = new_task_smack(NULL, NULL, gfp); 1739 if (tsp == NULL) 1740 return -ENOMEM; 1741 1742 cred->security = tsp; 1743 1744 return 0; 1745 } 1746 1747 1748 /** 1749 * smack_cred_free - "free" task-level security credentials 1750 * @cred: the credentials in question 1751 * 1752 */ 1753 static void smack_cred_free(struct cred *cred) 1754 { 1755 struct task_smack *tsp = cred->security; 1756 struct smack_rule *rp; 1757 struct list_head *l; 1758 struct list_head *n; 1759 1760 if (tsp == NULL) 1761 return; 1762 cred->security = NULL; 1763 1764 list_for_each_safe(l, n, &tsp->smk_rules) { 1765 rp = list_entry(l, struct smack_rule, list); 1766 list_del(&rp->list); 1767 kfree(rp); 1768 } 1769 kfree(tsp); 1770 } 1771 1772 /** 1773 * smack_cred_prepare - prepare new set of credentials for modification 1774 * @new: the new credentials 1775 * @old: the original credentials 1776 * @gfp: the atomicity of any memory allocations 1777 * 1778 * Prepare a new set of credentials for modification. 1779 */ 1780 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1781 gfp_t gfp) 1782 { 1783 struct task_smack *old_tsp = old->security; 1784 struct task_smack *new_tsp; 1785 int rc; 1786 1787 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); 1788 if (new_tsp == NULL) 1789 return -ENOMEM; 1790 1791 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1792 if (rc != 0) 1793 return rc; 1794 1795 new->security = new_tsp; 1796 return 0; 1797 } 1798 1799 /** 1800 * smack_cred_transfer - Transfer the old credentials to the new credentials 1801 * @new: the new credentials 1802 * @old: the original credentials 1803 * 1804 * Fill in a set of blank credentials from another set of credentials. 1805 */ 1806 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1807 { 1808 struct task_smack *old_tsp = old->security; 1809 struct task_smack *new_tsp = new->security; 1810 1811 new_tsp->smk_task = old_tsp->smk_task; 1812 new_tsp->smk_forked = old_tsp->smk_task; 1813 mutex_init(&new_tsp->smk_rules_lock); 1814 INIT_LIST_HEAD(&new_tsp->smk_rules); 1815 1816 1817 /* cbs copy rule list */ 1818 } 1819 1820 /** 1821 * smack_kernel_act_as - Set the subjective context in a set of credentials 1822 * @new: points to the set of credentials to be modified. 1823 * @secid: specifies the security ID to be set 1824 * 1825 * Set the security data for a kernel service. 1826 */ 1827 static int smack_kernel_act_as(struct cred *new, u32 secid) 1828 { 1829 struct task_smack *new_tsp = new->security; 1830 struct smack_known *skp = smack_from_secid(secid); 1831 1832 if (skp == NULL) 1833 return -EINVAL; 1834 1835 new_tsp->smk_task = skp; 1836 return 0; 1837 } 1838 1839 /** 1840 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1841 * @new: points to the set of credentials to be modified 1842 * @inode: points to the inode to use as a reference 1843 * 1844 * Set the file creation context in a set of credentials to the same 1845 * as the objective context of the specified inode 1846 */ 1847 static int smack_kernel_create_files_as(struct cred *new, 1848 struct inode *inode) 1849 { 1850 struct inode_smack *isp = inode->i_security; 1851 struct task_smack *tsp = new->security; 1852 1853 tsp->smk_forked = isp->smk_inode; 1854 tsp->smk_task = tsp->smk_forked; 1855 return 0; 1856 } 1857 1858 /** 1859 * smk_curacc_on_task - helper to log task related access 1860 * @p: the task object 1861 * @access: the access requested 1862 * @caller: name of the calling function for audit 1863 * 1864 * Return 0 if access is permitted 1865 */ 1866 static int smk_curacc_on_task(struct task_struct *p, int access, 1867 const char *caller) 1868 { 1869 struct smk_audit_info ad; 1870 struct smack_known *skp = smk_of_task_struct(p); 1871 int rc; 1872 1873 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 1874 smk_ad_setfield_u_tsk(&ad, p); 1875 rc = smk_curacc(skp, access, &ad); 1876 rc = smk_bu_task(p, access, rc); 1877 return rc; 1878 } 1879 1880 /** 1881 * smack_task_setpgid - Smack check on setting pgid 1882 * @p: the task object 1883 * @pgid: unused 1884 * 1885 * Return 0 if write access is permitted 1886 */ 1887 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1888 { 1889 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1890 } 1891 1892 /** 1893 * smack_task_getpgid - Smack access check for getpgid 1894 * @p: the object task 1895 * 1896 * Returns 0 if current can read the object task, error code otherwise 1897 */ 1898 static int smack_task_getpgid(struct task_struct *p) 1899 { 1900 return smk_curacc_on_task(p, MAY_READ, __func__); 1901 } 1902 1903 /** 1904 * smack_task_getsid - Smack access check for getsid 1905 * @p: the object task 1906 * 1907 * Returns 0 if current can read the object task, error code otherwise 1908 */ 1909 static int smack_task_getsid(struct task_struct *p) 1910 { 1911 return smk_curacc_on_task(p, MAY_READ, __func__); 1912 } 1913 1914 /** 1915 * smack_task_getsecid - get the secid of the task 1916 * @p: the object task 1917 * @secid: where to put the result 1918 * 1919 * Sets the secid to contain a u32 version of the smack label. 1920 */ 1921 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1922 { 1923 struct smack_known *skp = smk_of_task_struct(p); 1924 1925 *secid = skp->smk_secid; 1926 } 1927 1928 /** 1929 * smack_task_setnice - Smack check on setting nice 1930 * @p: the task object 1931 * @nice: unused 1932 * 1933 * Return 0 if write access is permitted 1934 */ 1935 static int smack_task_setnice(struct task_struct *p, int nice) 1936 { 1937 int rc; 1938 1939 rc = cap_task_setnice(p, nice); 1940 if (rc == 0) 1941 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1942 return rc; 1943 } 1944 1945 /** 1946 * smack_task_setioprio - Smack check on setting ioprio 1947 * @p: the task object 1948 * @ioprio: unused 1949 * 1950 * Return 0 if write access is permitted 1951 */ 1952 static int smack_task_setioprio(struct task_struct *p, int ioprio) 1953 { 1954 int rc; 1955 1956 rc = cap_task_setioprio(p, ioprio); 1957 if (rc == 0) 1958 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1959 return rc; 1960 } 1961 1962 /** 1963 * smack_task_getioprio - Smack check on reading ioprio 1964 * @p: the task object 1965 * 1966 * Return 0 if read access is permitted 1967 */ 1968 static int smack_task_getioprio(struct task_struct *p) 1969 { 1970 return smk_curacc_on_task(p, MAY_READ, __func__); 1971 } 1972 1973 /** 1974 * smack_task_setscheduler - Smack check on setting scheduler 1975 * @p: the task object 1976 * @policy: unused 1977 * @lp: unused 1978 * 1979 * Return 0 if read access is permitted 1980 */ 1981 static int smack_task_setscheduler(struct task_struct *p) 1982 { 1983 int rc; 1984 1985 rc = cap_task_setscheduler(p); 1986 if (rc == 0) 1987 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1988 return rc; 1989 } 1990 1991 /** 1992 * smack_task_getscheduler - Smack check on reading scheduler 1993 * @p: the task object 1994 * 1995 * Return 0 if read access is permitted 1996 */ 1997 static int smack_task_getscheduler(struct task_struct *p) 1998 { 1999 return smk_curacc_on_task(p, MAY_READ, __func__); 2000 } 2001 2002 /** 2003 * smack_task_movememory - Smack check on moving memory 2004 * @p: the task object 2005 * 2006 * Return 0 if write access is permitted 2007 */ 2008 static int smack_task_movememory(struct task_struct *p) 2009 { 2010 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2011 } 2012 2013 /** 2014 * smack_task_kill - Smack check on signal delivery 2015 * @p: the task object 2016 * @info: unused 2017 * @sig: unused 2018 * @secid: identifies the smack to use in lieu of current's 2019 * 2020 * Return 0 if write access is permitted 2021 * 2022 * The secid behavior is an artifact of an SELinux hack 2023 * in the USB code. Someday it may go away. 2024 */ 2025 static int smack_task_kill(struct task_struct *p, struct siginfo *info, 2026 int sig, u32 secid) 2027 { 2028 struct smk_audit_info ad; 2029 struct smack_known *skp; 2030 struct smack_known *tkp = smk_of_task_struct(p); 2031 int rc; 2032 2033 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2034 smk_ad_setfield_u_tsk(&ad, p); 2035 /* 2036 * Sending a signal requires that the sender 2037 * can write the receiver. 2038 */ 2039 if (secid == 0) { 2040 rc = smk_curacc(tkp, MAY_WRITE, &ad); 2041 rc = smk_bu_task(p, MAY_WRITE, rc); 2042 return rc; 2043 } 2044 /* 2045 * If the secid isn't 0 we're dealing with some USB IO 2046 * specific behavior. This is not clean. For one thing 2047 * we can't take privilege into account. 2048 */ 2049 skp = smack_from_secid(secid); 2050 rc = smk_access(skp, tkp, MAY_WRITE, &ad); 2051 rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc); 2052 return rc; 2053 } 2054 2055 /** 2056 * smack_task_wait - Smack access check for waiting 2057 * @p: task to wait for 2058 * 2059 * Returns 0 2060 */ 2061 static int smack_task_wait(struct task_struct *p) 2062 { 2063 /* 2064 * Allow the operation to succeed. 2065 * Zombies are bad. 2066 * In userless environments (e.g. phones) programs 2067 * get marked with SMACK64EXEC and even if the parent 2068 * and child shouldn't be talking the parent still 2069 * may expect to know when the child exits. 2070 */ 2071 return 0; 2072 } 2073 2074 /** 2075 * smack_task_to_inode - copy task smack into the inode blob 2076 * @p: task to copy from 2077 * @inode: inode to copy to 2078 * 2079 * Sets the smack pointer in the inode security blob 2080 */ 2081 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2082 { 2083 struct inode_smack *isp = inode->i_security; 2084 struct smack_known *skp = smk_of_task_struct(p); 2085 2086 isp->smk_inode = skp; 2087 } 2088 2089 /* 2090 * Socket hooks. 2091 */ 2092 2093 /** 2094 * smack_sk_alloc_security - Allocate a socket blob 2095 * @sk: the socket 2096 * @family: unused 2097 * @gfp_flags: memory allocation flags 2098 * 2099 * Assign Smack pointers to current 2100 * 2101 * Returns 0 on success, -ENOMEM is there's no memory 2102 */ 2103 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2104 { 2105 struct smack_known *skp = smk_of_current(); 2106 struct socket_smack *ssp; 2107 2108 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2109 if (ssp == NULL) 2110 return -ENOMEM; 2111 2112 ssp->smk_in = skp; 2113 ssp->smk_out = skp; 2114 ssp->smk_packet = NULL; 2115 2116 sk->sk_security = ssp; 2117 2118 return 0; 2119 } 2120 2121 /** 2122 * smack_sk_free_security - Free a socket blob 2123 * @sk: the socket 2124 * 2125 * Clears the blob pointer 2126 */ 2127 static void smack_sk_free_security(struct sock *sk) 2128 { 2129 kfree(sk->sk_security); 2130 } 2131 2132 /** 2133 * smack_host_label - check host based restrictions 2134 * @sip: the object end 2135 * 2136 * looks for host based access restrictions 2137 * 2138 * This version will only be appropriate for really small sets of single label 2139 * hosts. The caller is responsible for ensuring that the RCU read lock is 2140 * taken before calling this function. 2141 * 2142 * Returns the label of the far end or NULL if it's not special. 2143 */ 2144 static struct smack_known *smack_host_label(struct sockaddr_in *sip) 2145 { 2146 struct smk_netlbladdr *snp; 2147 struct in_addr *siap = &sip->sin_addr; 2148 2149 if (siap->s_addr == 0) 2150 return NULL; 2151 2152 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) 2153 /* 2154 * we break after finding the first match because 2155 * the list is sorted from longest to shortest mask 2156 * so we have found the most specific match 2157 */ 2158 if ((&snp->smk_host.sin_addr)->s_addr == 2159 (siap->s_addr & (&snp->smk_mask)->s_addr)) { 2160 /* we have found the special CIPSO option */ 2161 if (snp->smk_label == &smack_cipso_option) 2162 return NULL; 2163 return snp->smk_label; 2164 } 2165 2166 return NULL; 2167 } 2168 2169 /** 2170 * smack_netlabel - Set the secattr on a socket 2171 * @sk: the socket 2172 * @labeled: socket label scheme 2173 * 2174 * Convert the outbound smack value (smk_out) to a 2175 * secattr and attach it to the socket. 2176 * 2177 * Returns 0 on success or an error code 2178 */ 2179 static int smack_netlabel(struct sock *sk, int labeled) 2180 { 2181 struct smack_known *skp; 2182 struct socket_smack *ssp = sk->sk_security; 2183 int rc = 0; 2184 2185 /* 2186 * Usually the netlabel code will handle changing the 2187 * packet labeling based on the label. 2188 * The case of a single label host is different, because 2189 * a single label host should never get a labeled packet 2190 * even though the label is usually associated with a packet 2191 * label. 2192 */ 2193 local_bh_disable(); 2194 bh_lock_sock_nested(sk); 2195 2196 if (ssp->smk_out == smack_net_ambient || 2197 labeled == SMACK_UNLABELED_SOCKET) 2198 netlbl_sock_delattr(sk); 2199 else { 2200 skp = ssp->smk_out; 2201 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2202 } 2203 2204 bh_unlock_sock(sk); 2205 local_bh_enable(); 2206 2207 return rc; 2208 } 2209 2210 /** 2211 * smack_netlbel_send - Set the secattr on a socket and perform access checks 2212 * @sk: the socket 2213 * @sap: the destination address 2214 * 2215 * Set the correct secattr for the given socket based on the destination 2216 * address and perform any outbound access checks needed. 2217 * 2218 * Returns 0 on success or an error code. 2219 * 2220 */ 2221 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) 2222 { 2223 struct smack_known *skp; 2224 int rc; 2225 int sk_lbl; 2226 struct smack_known *hkp; 2227 struct socket_smack *ssp = sk->sk_security; 2228 struct smk_audit_info ad; 2229 2230 rcu_read_lock(); 2231 hkp = smack_host_label(sap); 2232 if (hkp != NULL) { 2233 #ifdef CONFIG_AUDIT 2234 struct lsm_network_audit net; 2235 2236 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2237 ad.a.u.net->family = sap->sin_family; 2238 ad.a.u.net->dport = sap->sin_port; 2239 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2240 #endif 2241 sk_lbl = SMACK_UNLABELED_SOCKET; 2242 skp = ssp->smk_out; 2243 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2244 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2245 } else { 2246 sk_lbl = SMACK_CIPSO_SOCKET; 2247 rc = 0; 2248 } 2249 rcu_read_unlock(); 2250 if (rc != 0) 2251 return rc; 2252 2253 return smack_netlabel(sk, sk_lbl); 2254 } 2255 2256 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2257 /** 2258 * smk_ipv6_port_label - Smack port access table management 2259 * @sock: socket 2260 * @address: address 2261 * 2262 * Create or update the port list entry 2263 */ 2264 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2265 { 2266 struct sock *sk = sock->sk; 2267 struct sockaddr_in6 *addr6; 2268 struct socket_smack *ssp = sock->sk->sk_security; 2269 struct smk_port_label *spp; 2270 unsigned short port = 0; 2271 2272 if (address == NULL) { 2273 /* 2274 * This operation is changing the Smack information 2275 * on the bound socket. Take the changes to the port 2276 * as well. 2277 */ 2278 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2279 if (sk != spp->smk_sock) 2280 continue; 2281 spp->smk_in = ssp->smk_in; 2282 spp->smk_out = ssp->smk_out; 2283 return; 2284 } 2285 /* 2286 * A NULL address is only used for updating existing 2287 * bound entries. If there isn't one, it's OK. 2288 */ 2289 return; 2290 } 2291 2292 addr6 = (struct sockaddr_in6 *)address; 2293 port = ntohs(addr6->sin6_port); 2294 /* 2295 * This is a special case that is safely ignored. 2296 */ 2297 if (port == 0) 2298 return; 2299 2300 /* 2301 * Look for an existing port list entry. 2302 * This is an indication that a port is getting reused. 2303 */ 2304 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2305 if (spp->smk_port != port) 2306 continue; 2307 spp->smk_port = port; 2308 spp->smk_sock = sk; 2309 spp->smk_in = ssp->smk_in; 2310 spp->smk_out = ssp->smk_out; 2311 return; 2312 } 2313 2314 /* 2315 * A new port entry is required. 2316 */ 2317 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2318 if (spp == NULL) 2319 return; 2320 2321 spp->smk_port = port; 2322 spp->smk_sock = sk; 2323 spp->smk_in = ssp->smk_in; 2324 spp->smk_out = ssp->smk_out; 2325 2326 list_add(&spp->list, &smk_ipv6_port_list); 2327 return; 2328 } 2329 2330 /** 2331 * smk_ipv6_port_check - check Smack port access 2332 * @sock: socket 2333 * @address: address 2334 * 2335 * Create or update the port list entry 2336 */ 2337 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2338 int act) 2339 { 2340 __be16 *bep; 2341 __be32 *be32p; 2342 struct smk_port_label *spp; 2343 struct socket_smack *ssp = sk->sk_security; 2344 struct smack_known *skp; 2345 unsigned short port = 0; 2346 struct smack_known *object; 2347 struct smk_audit_info ad; 2348 int rc; 2349 #ifdef CONFIG_AUDIT 2350 struct lsm_network_audit net; 2351 #endif 2352 2353 if (act == SMK_RECEIVING) { 2354 skp = smack_net_ambient; 2355 object = ssp->smk_in; 2356 } else { 2357 skp = ssp->smk_out; 2358 object = smack_net_ambient; 2359 } 2360 2361 /* 2362 * Get the IP address and port from the address. 2363 */ 2364 port = ntohs(address->sin6_port); 2365 bep = (__be16 *)(&address->sin6_addr); 2366 be32p = (__be32 *)(&address->sin6_addr); 2367 2368 /* 2369 * It's remote, so port lookup does no good. 2370 */ 2371 if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1) 2372 goto auditout; 2373 2374 /* 2375 * It's local so the send check has to have passed. 2376 */ 2377 if (act == SMK_RECEIVING) { 2378 skp = &smack_known_web; 2379 goto auditout; 2380 } 2381 2382 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2383 if (spp->smk_port != port) 2384 continue; 2385 object = spp->smk_in; 2386 if (act == SMK_CONNECTING) 2387 ssp->smk_packet = spp->smk_out; 2388 break; 2389 } 2390 2391 auditout: 2392 2393 #ifdef CONFIG_AUDIT 2394 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2395 ad.a.u.net->family = sk->sk_family; 2396 ad.a.u.net->dport = port; 2397 if (act == SMK_RECEIVING) 2398 ad.a.u.net->v6info.saddr = address->sin6_addr; 2399 else 2400 ad.a.u.net->v6info.daddr = address->sin6_addr; 2401 #endif 2402 rc = smk_access(skp, object, MAY_WRITE, &ad); 2403 rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc); 2404 return rc; 2405 } 2406 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2407 2408 /** 2409 * smack_inode_setsecurity - set smack xattrs 2410 * @inode: the object 2411 * @name: attribute name 2412 * @value: attribute value 2413 * @size: size of the attribute 2414 * @flags: unused 2415 * 2416 * Sets the named attribute in the appropriate blob 2417 * 2418 * Returns 0 on success, or an error code 2419 */ 2420 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2421 const void *value, size_t size, int flags) 2422 { 2423 struct smack_known *skp; 2424 struct inode_smack *nsp = inode->i_security; 2425 struct socket_smack *ssp; 2426 struct socket *sock; 2427 int rc = 0; 2428 2429 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2430 return -EINVAL; 2431 2432 skp = smk_import_entry(value, size); 2433 if (skp == NULL) 2434 return -EINVAL; 2435 2436 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2437 nsp->smk_inode = skp; 2438 nsp->smk_flags |= SMK_INODE_INSTANT; 2439 return 0; 2440 } 2441 /* 2442 * The rest of the Smack xattrs are only on sockets. 2443 */ 2444 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2445 return -EOPNOTSUPP; 2446 2447 sock = SOCKET_I(inode); 2448 if (sock == NULL || sock->sk == NULL) 2449 return -EOPNOTSUPP; 2450 2451 ssp = sock->sk->sk_security; 2452 2453 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2454 ssp->smk_in = skp; 2455 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2456 ssp->smk_out = skp; 2457 if (sock->sk->sk_family == PF_INET) { 2458 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2459 if (rc != 0) 2460 printk(KERN_WARNING 2461 "Smack: \"%s\" netlbl error %d.\n", 2462 __func__, -rc); 2463 } 2464 } else 2465 return -EOPNOTSUPP; 2466 2467 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2468 if (sock->sk->sk_family == PF_INET6) 2469 smk_ipv6_port_label(sock, NULL); 2470 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2471 2472 return 0; 2473 } 2474 2475 /** 2476 * smack_socket_post_create - finish socket setup 2477 * @sock: the socket 2478 * @family: protocol family 2479 * @type: unused 2480 * @protocol: unused 2481 * @kern: unused 2482 * 2483 * Sets the netlabel information on the socket 2484 * 2485 * Returns 0 on success, and error code otherwise 2486 */ 2487 static int smack_socket_post_create(struct socket *sock, int family, 2488 int type, int protocol, int kern) 2489 { 2490 struct socket_smack *ssp; 2491 2492 if (sock->sk == NULL) 2493 return 0; 2494 2495 /* 2496 * Sockets created by kernel threads receive web label. 2497 */ 2498 if (unlikely(current->flags & PF_KTHREAD)) { 2499 ssp = sock->sk->sk_security; 2500 ssp->smk_in = &smack_known_web; 2501 ssp->smk_out = &smack_known_web; 2502 } 2503 2504 if (family != PF_INET) 2505 return 0; 2506 /* 2507 * Set the outbound netlbl. 2508 */ 2509 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2510 } 2511 2512 #ifndef CONFIG_SECURITY_SMACK_NETFILTER 2513 /** 2514 * smack_socket_bind - record port binding information. 2515 * @sock: the socket 2516 * @address: the port address 2517 * @addrlen: size of the address 2518 * 2519 * Records the label bound to a port. 2520 * 2521 * Returns 0 2522 */ 2523 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2524 int addrlen) 2525 { 2526 #if IS_ENABLED(CONFIG_IPV6) 2527 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) 2528 smk_ipv6_port_label(sock, address); 2529 #endif 2530 2531 return 0; 2532 } 2533 #endif /* !CONFIG_SECURITY_SMACK_NETFILTER */ 2534 2535 /** 2536 * smack_socket_connect - connect access check 2537 * @sock: the socket 2538 * @sap: the other end 2539 * @addrlen: size of sap 2540 * 2541 * Verifies that a connection may be possible 2542 * 2543 * Returns 0 on success, and error code otherwise 2544 */ 2545 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2546 int addrlen) 2547 { 2548 int rc = 0; 2549 2550 if (sock->sk == NULL) 2551 return 0; 2552 2553 switch (sock->sk->sk_family) { 2554 case PF_INET: 2555 if (addrlen < sizeof(struct sockaddr_in)) 2556 return -EINVAL; 2557 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); 2558 break; 2559 case PF_INET6: 2560 if (addrlen < sizeof(struct sockaddr_in6)) 2561 return -EINVAL; 2562 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2563 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap, 2564 SMK_CONNECTING); 2565 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2566 break; 2567 } 2568 return rc; 2569 } 2570 2571 /** 2572 * smack_flags_to_may - convert S_ to MAY_ values 2573 * @flags: the S_ value 2574 * 2575 * Returns the equivalent MAY_ value 2576 */ 2577 static int smack_flags_to_may(int flags) 2578 { 2579 int may = 0; 2580 2581 if (flags & S_IRUGO) 2582 may |= MAY_READ; 2583 if (flags & S_IWUGO) 2584 may |= MAY_WRITE; 2585 if (flags & S_IXUGO) 2586 may |= MAY_EXEC; 2587 2588 return may; 2589 } 2590 2591 /** 2592 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2593 * @msg: the object 2594 * 2595 * Returns 0 2596 */ 2597 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2598 { 2599 struct smack_known *skp = smk_of_current(); 2600 2601 msg->security = skp; 2602 return 0; 2603 } 2604 2605 /** 2606 * smack_msg_msg_free_security - Clear the security blob for msg_msg 2607 * @msg: the object 2608 * 2609 * Clears the blob pointer 2610 */ 2611 static void smack_msg_msg_free_security(struct msg_msg *msg) 2612 { 2613 msg->security = NULL; 2614 } 2615 2616 /** 2617 * smack_of_shm - the smack pointer for the shm 2618 * @shp: the object 2619 * 2620 * Returns a pointer to the smack value 2621 */ 2622 static struct smack_known *smack_of_shm(struct shmid_kernel *shp) 2623 { 2624 return (struct smack_known *)shp->shm_perm.security; 2625 } 2626 2627 /** 2628 * smack_shm_alloc_security - Set the security blob for shm 2629 * @shp: the object 2630 * 2631 * Returns 0 2632 */ 2633 static int smack_shm_alloc_security(struct shmid_kernel *shp) 2634 { 2635 struct kern_ipc_perm *isp = &shp->shm_perm; 2636 struct smack_known *skp = smk_of_current(); 2637 2638 isp->security = skp; 2639 return 0; 2640 } 2641 2642 /** 2643 * smack_shm_free_security - Clear the security blob for shm 2644 * @shp: the object 2645 * 2646 * Clears the blob pointer 2647 */ 2648 static void smack_shm_free_security(struct shmid_kernel *shp) 2649 { 2650 struct kern_ipc_perm *isp = &shp->shm_perm; 2651 2652 isp->security = NULL; 2653 } 2654 2655 /** 2656 * smk_curacc_shm : check if current has access on shm 2657 * @shp : the object 2658 * @access : access requested 2659 * 2660 * Returns 0 if current has the requested access, error code otherwise 2661 */ 2662 static int smk_curacc_shm(struct shmid_kernel *shp, int access) 2663 { 2664 struct smack_known *ssp = smack_of_shm(shp); 2665 struct smk_audit_info ad; 2666 int rc; 2667 2668 #ifdef CONFIG_AUDIT 2669 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2670 ad.a.u.ipc_id = shp->shm_perm.id; 2671 #endif 2672 rc = smk_curacc(ssp, access, &ad); 2673 rc = smk_bu_current("shm", ssp, access, rc); 2674 return rc; 2675 } 2676 2677 /** 2678 * smack_shm_associate - Smack access check for shm 2679 * @shp: the object 2680 * @shmflg: access requested 2681 * 2682 * Returns 0 if current has the requested access, error code otherwise 2683 */ 2684 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 2685 { 2686 int may; 2687 2688 may = smack_flags_to_may(shmflg); 2689 return smk_curacc_shm(shp, may); 2690 } 2691 2692 /** 2693 * smack_shm_shmctl - Smack access check for shm 2694 * @shp: the object 2695 * @cmd: what it wants to do 2696 * 2697 * Returns 0 if current has the requested access, error code otherwise 2698 */ 2699 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 2700 { 2701 int may; 2702 2703 switch (cmd) { 2704 case IPC_STAT: 2705 case SHM_STAT: 2706 may = MAY_READ; 2707 break; 2708 case IPC_SET: 2709 case SHM_LOCK: 2710 case SHM_UNLOCK: 2711 case IPC_RMID: 2712 may = MAY_READWRITE; 2713 break; 2714 case IPC_INFO: 2715 case SHM_INFO: 2716 /* 2717 * System level information. 2718 */ 2719 return 0; 2720 default: 2721 return -EINVAL; 2722 } 2723 return smk_curacc_shm(shp, may); 2724 } 2725 2726 /** 2727 * smack_shm_shmat - Smack access for shmat 2728 * @shp: the object 2729 * @shmaddr: unused 2730 * @shmflg: access requested 2731 * 2732 * Returns 0 if current has the requested access, error code otherwise 2733 */ 2734 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 2735 int shmflg) 2736 { 2737 int may; 2738 2739 may = smack_flags_to_may(shmflg); 2740 return smk_curacc_shm(shp, may); 2741 } 2742 2743 /** 2744 * smack_of_sem - the smack pointer for the sem 2745 * @sma: the object 2746 * 2747 * Returns a pointer to the smack value 2748 */ 2749 static struct smack_known *smack_of_sem(struct sem_array *sma) 2750 { 2751 return (struct smack_known *)sma->sem_perm.security; 2752 } 2753 2754 /** 2755 * smack_sem_alloc_security - Set the security blob for sem 2756 * @sma: the object 2757 * 2758 * Returns 0 2759 */ 2760 static int smack_sem_alloc_security(struct sem_array *sma) 2761 { 2762 struct kern_ipc_perm *isp = &sma->sem_perm; 2763 struct smack_known *skp = smk_of_current(); 2764 2765 isp->security = skp; 2766 return 0; 2767 } 2768 2769 /** 2770 * smack_sem_free_security - Clear the security blob for sem 2771 * @sma: the object 2772 * 2773 * Clears the blob pointer 2774 */ 2775 static void smack_sem_free_security(struct sem_array *sma) 2776 { 2777 struct kern_ipc_perm *isp = &sma->sem_perm; 2778 2779 isp->security = NULL; 2780 } 2781 2782 /** 2783 * smk_curacc_sem : check if current has access on sem 2784 * @sma : the object 2785 * @access : access requested 2786 * 2787 * Returns 0 if current has the requested access, error code otherwise 2788 */ 2789 static int smk_curacc_sem(struct sem_array *sma, int access) 2790 { 2791 struct smack_known *ssp = smack_of_sem(sma); 2792 struct smk_audit_info ad; 2793 int rc; 2794 2795 #ifdef CONFIG_AUDIT 2796 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2797 ad.a.u.ipc_id = sma->sem_perm.id; 2798 #endif 2799 rc = smk_curacc(ssp, access, &ad); 2800 rc = smk_bu_current("sem", ssp, access, rc); 2801 return rc; 2802 } 2803 2804 /** 2805 * smack_sem_associate - Smack access check for sem 2806 * @sma: the object 2807 * @semflg: access requested 2808 * 2809 * Returns 0 if current has the requested access, error code otherwise 2810 */ 2811 static int smack_sem_associate(struct sem_array *sma, int semflg) 2812 { 2813 int may; 2814 2815 may = smack_flags_to_may(semflg); 2816 return smk_curacc_sem(sma, may); 2817 } 2818 2819 /** 2820 * smack_sem_shmctl - Smack access check for sem 2821 * @sma: the object 2822 * @cmd: what it wants to do 2823 * 2824 * Returns 0 if current has the requested access, error code otherwise 2825 */ 2826 static int smack_sem_semctl(struct sem_array *sma, int cmd) 2827 { 2828 int may; 2829 2830 switch (cmd) { 2831 case GETPID: 2832 case GETNCNT: 2833 case GETZCNT: 2834 case GETVAL: 2835 case GETALL: 2836 case IPC_STAT: 2837 case SEM_STAT: 2838 may = MAY_READ; 2839 break; 2840 case SETVAL: 2841 case SETALL: 2842 case IPC_RMID: 2843 case IPC_SET: 2844 may = MAY_READWRITE; 2845 break; 2846 case IPC_INFO: 2847 case SEM_INFO: 2848 /* 2849 * System level information 2850 */ 2851 return 0; 2852 default: 2853 return -EINVAL; 2854 } 2855 2856 return smk_curacc_sem(sma, may); 2857 } 2858 2859 /** 2860 * smack_sem_semop - Smack checks of semaphore operations 2861 * @sma: the object 2862 * @sops: unused 2863 * @nsops: unused 2864 * @alter: unused 2865 * 2866 * Treated as read and write in all cases. 2867 * 2868 * Returns 0 if access is allowed, error code otherwise 2869 */ 2870 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, 2871 unsigned nsops, int alter) 2872 { 2873 return smk_curacc_sem(sma, MAY_READWRITE); 2874 } 2875 2876 /** 2877 * smack_msg_alloc_security - Set the security blob for msg 2878 * @msq: the object 2879 * 2880 * Returns 0 2881 */ 2882 static int smack_msg_queue_alloc_security(struct msg_queue *msq) 2883 { 2884 struct kern_ipc_perm *kisp = &msq->q_perm; 2885 struct smack_known *skp = smk_of_current(); 2886 2887 kisp->security = skp; 2888 return 0; 2889 } 2890 2891 /** 2892 * smack_msg_free_security - Clear the security blob for msg 2893 * @msq: the object 2894 * 2895 * Clears the blob pointer 2896 */ 2897 static void smack_msg_queue_free_security(struct msg_queue *msq) 2898 { 2899 struct kern_ipc_perm *kisp = &msq->q_perm; 2900 2901 kisp->security = NULL; 2902 } 2903 2904 /** 2905 * smack_of_msq - the smack pointer for the msq 2906 * @msq: the object 2907 * 2908 * Returns a pointer to the smack label entry 2909 */ 2910 static struct smack_known *smack_of_msq(struct msg_queue *msq) 2911 { 2912 return (struct smack_known *)msq->q_perm.security; 2913 } 2914 2915 /** 2916 * smk_curacc_msq : helper to check if current has access on msq 2917 * @msq : the msq 2918 * @access : access requested 2919 * 2920 * return 0 if current has access, error otherwise 2921 */ 2922 static int smk_curacc_msq(struct msg_queue *msq, int access) 2923 { 2924 struct smack_known *msp = smack_of_msq(msq); 2925 struct smk_audit_info ad; 2926 int rc; 2927 2928 #ifdef CONFIG_AUDIT 2929 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2930 ad.a.u.ipc_id = msq->q_perm.id; 2931 #endif 2932 rc = smk_curacc(msp, access, &ad); 2933 rc = smk_bu_current("msq", msp, access, rc); 2934 return rc; 2935 } 2936 2937 /** 2938 * smack_msg_queue_associate - Smack access check for msg_queue 2939 * @msq: the object 2940 * @msqflg: access requested 2941 * 2942 * Returns 0 if current has the requested access, error code otherwise 2943 */ 2944 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) 2945 { 2946 int may; 2947 2948 may = smack_flags_to_may(msqflg); 2949 return smk_curacc_msq(msq, may); 2950 } 2951 2952 /** 2953 * smack_msg_queue_msgctl - Smack access check for msg_queue 2954 * @msq: the object 2955 * @cmd: what it wants to do 2956 * 2957 * Returns 0 if current has the requested access, error code otherwise 2958 */ 2959 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 2960 { 2961 int may; 2962 2963 switch (cmd) { 2964 case IPC_STAT: 2965 case MSG_STAT: 2966 may = MAY_READ; 2967 break; 2968 case IPC_SET: 2969 case IPC_RMID: 2970 may = MAY_READWRITE; 2971 break; 2972 case IPC_INFO: 2973 case MSG_INFO: 2974 /* 2975 * System level information 2976 */ 2977 return 0; 2978 default: 2979 return -EINVAL; 2980 } 2981 2982 return smk_curacc_msq(msq, may); 2983 } 2984 2985 /** 2986 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2987 * @msq: the object 2988 * @msg: unused 2989 * @msqflg: access requested 2990 * 2991 * Returns 0 if current has the requested access, error code otherwise 2992 */ 2993 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 2994 int msqflg) 2995 { 2996 int may; 2997 2998 may = smack_flags_to_may(msqflg); 2999 return smk_curacc_msq(msq, may); 3000 } 3001 3002 /** 3003 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3004 * @msq: the object 3005 * @msg: unused 3006 * @target: unused 3007 * @type: unused 3008 * @mode: unused 3009 * 3010 * Returns 0 if current has read and write access, error code otherwise 3011 */ 3012 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 3013 struct task_struct *target, long type, int mode) 3014 { 3015 return smk_curacc_msq(msq, MAY_READWRITE); 3016 } 3017 3018 /** 3019 * smack_ipc_permission - Smack access for ipc_permission() 3020 * @ipp: the object permissions 3021 * @flag: access requested 3022 * 3023 * Returns 0 if current has read and write access, error code otherwise 3024 */ 3025 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3026 { 3027 struct smack_known *iskp = ipp->security; 3028 int may = smack_flags_to_may(flag); 3029 struct smk_audit_info ad; 3030 int rc; 3031 3032 #ifdef CONFIG_AUDIT 3033 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3034 ad.a.u.ipc_id = ipp->id; 3035 #endif 3036 rc = smk_curacc(iskp, may, &ad); 3037 rc = smk_bu_current("svipc", iskp, may, rc); 3038 return rc; 3039 } 3040 3041 /** 3042 * smack_ipc_getsecid - Extract smack security id 3043 * @ipp: the object permissions 3044 * @secid: where result will be saved 3045 */ 3046 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3047 { 3048 struct smack_known *iskp = ipp->security; 3049 3050 *secid = iskp->smk_secid; 3051 } 3052 3053 /** 3054 * smack_d_instantiate - Make sure the blob is correct on an inode 3055 * @opt_dentry: dentry where inode will be attached 3056 * @inode: the object 3057 * 3058 * Set the inode's security blob if it hasn't been done already. 3059 */ 3060 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3061 { 3062 struct super_block *sbp; 3063 struct superblock_smack *sbsp; 3064 struct inode_smack *isp; 3065 struct smack_known *skp; 3066 struct smack_known *ckp = smk_of_current(); 3067 struct smack_known *final; 3068 char trattr[TRANS_TRUE_SIZE]; 3069 int transflag = 0; 3070 int rc; 3071 struct dentry *dp; 3072 3073 if (inode == NULL) 3074 return; 3075 3076 isp = inode->i_security; 3077 3078 mutex_lock(&isp->smk_lock); 3079 /* 3080 * If the inode is already instantiated 3081 * take the quick way out 3082 */ 3083 if (isp->smk_flags & SMK_INODE_INSTANT) 3084 goto unlockandout; 3085 3086 sbp = inode->i_sb; 3087 sbsp = sbp->s_security; 3088 /* 3089 * We're going to use the superblock default label 3090 * if there's no label on the file. 3091 */ 3092 final = sbsp->smk_default; 3093 3094 /* 3095 * If this is the root inode the superblock 3096 * may be in the process of initialization. 3097 * If that is the case use the root value out 3098 * of the superblock. 3099 */ 3100 if (opt_dentry->d_parent == opt_dentry) { 3101 switch (sbp->s_magic) { 3102 case CGROUP_SUPER_MAGIC: 3103 /* 3104 * The cgroup filesystem is never mounted, 3105 * so there's no opportunity to set the mount 3106 * options. 3107 */ 3108 sbsp->smk_root = &smack_known_star; 3109 sbsp->smk_default = &smack_known_star; 3110 isp->smk_inode = sbsp->smk_root; 3111 break; 3112 case TMPFS_MAGIC: 3113 /* 3114 * What about shmem/tmpfs anonymous files with dentry 3115 * obtained from d_alloc_pseudo()? 3116 */ 3117 isp->smk_inode = smk_of_current(); 3118 break; 3119 default: 3120 isp->smk_inode = sbsp->smk_root; 3121 break; 3122 } 3123 isp->smk_flags |= SMK_INODE_INSTANT; 3124 goto unlockandout; 3125 } 3126 3127 /* 3128 * This is pretty hackish. 3129 * Casey says that we shouldn't have to do 3130 * file system specific code, but it does help 3131 * with keeping it simple. 3132 */ 3133 switch (sbp->s_magic) { 3134 case SMACK_MAGIC: 3135 case PIPEFS_MAGIC: 3136 case SOCKFS_MAGIC: 3137 case CGROUP_SUPER_MAGIC: 3138 /* 3139 * Casey says that it's a little embarrassing 3140 * that the smack file system doesn't do 3141 * extended attributes. 3142 * 3143 * Casey says pipes are easy (?) 3144 * 3145 * Socket access is controlled by the socket 3146 * structures associated with the task involved. 3147 * 3148 * Cgroupfs is special 3149 */ 3150 final = &smack_known_star; 3151 break; 3152 case DEVPTS_SUPER_MAGIC: 3153 /* 3154 * devpts seems content with the label of the task. 3155 * Programs that change smack have to treat the 3156 * pty with respect. 3157 */ 3158 final = ckp; 3159 break; 3160 case PROC_SUPER_MAGIC: 3161 /* 3162 * Casey says procfs appears not to care. 3163 * The superblock default suffices. 3164 */ 3165 break; 3166 case TMPFS_MAGIC: 3167 /* 3168 * Device labels should come from the filesystem, 3169 * but watch out, because they're volitile, 3170 * getting recreated on every reboot. 3171 */ 3172 final = &smack_known_star; 3173 /* 3174 * No break. 3175 * 3176 * If a smack value has been set we want to use it, 3177 * but since tmpfs isn't giving us the opportunity 3178 * to set mount options simulate setting the 3179 * superblock default. 3180 */ 3181 default: 3182 /* 3183 * This isn't an understood special case. 3184 * Get the value from the xattr. 3185 */ 3186 3187 /* 3188 * UNIX domain sockets use lower level socket data. 3189 */ 3190 if (S_ISSOCK(inode->i_mode)) { 3191 final = &smack_known_star; 3192 break; 3193 } 3194 /* 3195 * No xattr support means, alas, no SMACK label. 3196 * Use the aforeapplied default. 3197 * It would be curious if the label of the task 3198 * does not match that assigned. 3199 */ 3200 if (inode->i_op->getxattr == NULL) 3201 break; 3202 /* 3203 * Get the dentry for xattr. 3204 */ 3205 dp = dget(opt_dentry); 3206 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3207 if (skp != NULL) 3208 final = skp; 3209 3210 /* 3211 * Transmuting directory 3212 */ 3213 if (S_ISDIR(inode->i_mode)) { 3214 /* 3215 * If this is a new directory and the label was 3216 * transmuted when the inode was initialized 3217 * set the transmute attribute on the directory 3218 * and mark the inode. 3219 * 3220 * If there is a transmute attribute on the 3221 * directory mark the inode. 3222 */ 3223 if (isp->smk_flags & SMK_INODE_CHANGED) { 3224 isp->smk_flags &= ~SMK_INODE_CHANGED; 3225 rc = inode->i_op->setxattr(dp, 3226 XATTR_NAME_SMACKTRANSMUTE, 3227 TRANS_TRUE, TRANS_TRUE_SIZE, 3228 0); 3229 } else { 3230 rc = inode->i_op->getxattr(dp, 3231 XATTR_NAME_SMACKTRANSMUTE, trattr, 3232 TRANS_TRUE_SIZE); 3233 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3234 TRANS_TRUE_SIZE) != 0) 3235 rc = -EINVAL; 3236 } 3237 if (rc >= 0) 3238 transflag = SMK_INODE_TRANSMUTE; 3239 } 3240 /* 3241 * Don't let the exec or mmap label be "*" or "@". 3242 */ 3243 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3244 if (skp == &smack_known_star || skp == &smack_known_web) 3245 skp = NULL; 3246 isp->smk_task = skp; 3247 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3248 if (skp == &smack_known_star || skp == &smack_known_web) 3249 skp = NULL; 3250 isp->smk_mmap = skp; 3251 3252 dput(dp); 3253 break; 3254 } 3255 3256 if (final == NULL) 3257 isp->smk_inode = ckp; 3258 else 3259 isp->smk_inode = final; 3260 3261 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3262 3263 unlockandout: 3264 mutex_unlock(&isp->smk_lock); 3265 return; 3266 } 3267 3268 /** 3269 * smack_getprocattr - Smack process attribute access 3270 * @p: the object task 3271 * @name: the name of the attribute in /proc/.../attr 3272 * @value: where to put the result 3273 * 3274 * Places a copy of the task Smack into value 3275 * 3276 * Returns the length of the smack label or an error code 3277 */ 3278 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3279 { 3280 struct smack_known *skp = smk_of_task_struct(p); 3281 char *cp; 3282 int slen; 3283 3284 if (strcmp(name, "current") != 0) 3285 return -EINVAL; 3286 3287 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3288 if (cp == NULL) 3289 return -ENOMEM; 3290 3291 slen = strlen(cp); 3292 *value = cp; 3293 return slen; 3294 } 3295 3296 /** 3297 * smack_setprocattr - Smack process attribute setting 3298 * @p: the object task 3299 * @name: the name of the attribute in /proc/.../attr 3300 * @value: the value to set 3301 * @size: the size of the value 3302 * 3303 * Sets the Smack value of the task. Only setting self 3304 * is permitted and only with privilege 3305 * 3306 * Returns the length of the smack label or an error code 3307 */ 3308 static int smack_setprocattr(struct task_struct *p, char *name, 3309 void *value, size_t size) 3310 { 3311 struct task_smack *tsp; 3312 struct cred *new; 3313 struct smack_known *skp; 3314 3315 /* 3316 * Changing another process' Smack value is too dangerous 3317 * and supports no sane use case. 3318 */ 3319 if (p != current) 3320 return -EPERM; 3321 3322 if (!smack_privileged(CAP_MAC_ADMIN)) 3323 return -EPERM; 3324 3325 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3326 return -EINVAL; 3327 3328 if (strcmp(name, "current") != 0) 3329 return -EINVAL; 3330 3331 skp = smk_import_entry(value, size); 3332 if (skp == NULL) 3333 return -EINVAL; 3334 3335 /* 3336 * No process is ever allowed the web ("@") label. 3337 */ 3338 if (skp == &smack_known_web) 3339 return -EPERM; 3340 3341 new = prepare_creds(); 3342 if (new == NULL) 3343 return -ENOMEM; 3344 3345 tsp = new->security; 3346 tsp->smk_task = skp; 3347 3348 commit_creds(new); 3349 return size; 3350 } 3351 3352 /** 3353 * smack_unix_stream_connect - Smack access on UDS 3354 * @sock: one sock 3355 * @other: the other sock 3356 * @newsk: unused 3357 * 3358 * Return 0 if a subject with the smack of sock could access 3359 * an object with the smack of other, otherwise an error code 3360 */ 3361 static int smack_unix_stream_connect(struct sock *sock, 3362 struct sock *other, struct sock *newsk) 3363 { 3364 struct smack_known *skp; 3365 struct smack_known *okp; 3366 struct socket_smack *ssp = sock->sk_security; 3367 struct socket_smack *osp = other->sk_security; 3368 struct socket_smack *nsp = newsk->sk_security; 3369 struct smk_audit_info ad; 3370 int rc = 0; 3371 #ifdef CONFIG_AUDIT 3372 struct lsm_network_audit net; 3373 #endif 3374 3375 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3376 skp = ssp->smk_out; 3377 okp = osp->smk_in; 3378 #ifdef CONFIG_AUDIT 3379 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3380 smk_ad_setfield_u_net_sk(&ad, other); 3381 #endif 3382 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3383 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3384 if (rc == 0) { 3385 okp = osp->smk_out; 3386 skp = ssp->smk_in; 3387 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3388 rc = smk_bu_note("UDS connect", okp, skp, 3389 MAY_WRITE, rc); 3390 } 3391 } 3392 3393 /* 3394 * Cross reference the peer labels for SO_PEERSEC. 3395 */ 3396 if (rc == 0) { 3397 nsp->smk_packet = ssp->smk_out; 3398 ssp->smk_packet = osp->smk_out; 3399 } 3400 3401 return rc; 3402 } 3403 3404 /** 3405 * smack_unix_may_send - Smack access on UDS 3406 * @sock: one socket 3407 * @other: the other socket 3408 * 3409 * Return 0 if a subject with the smack of sock could access 3410 * an object with the smack of other, otherwise an error code 3411 */ 3412 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3413 { 3414 struct socket_smack *ssp = sock->sk->sk_security; 3415 struct socket_smack *osp = other->sk->sk_security; 3416 struct smk_audit_info ad; 3417 int rc; 3418 3419 #ifdef CONFIG_AUDIT 3420 struct lsm_network_audit net; 3421 3422 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3423 smk_ad_setfield_u_net_sk(&ad, other->sk); 3424 #endif 3425 3426 if (smack_privileged(CAP_MAC_OVERRIDE)) 3427 return 0; 3428 3429 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3430 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3431 return rc; 3432 } 3433 3434 /** 3435 * smack_socket_sendmsg - Smack check based on destination host 3436 * @sock: the socket 3437 * @msg: the message 3438 * @size: the size of the message 3439 * 3440 * Return 0 if the current subject can write to the destination host. 3441 * For IPv4 this is only a question if the destination is a single label host. 3442 * For IPv6 this is a check against the label of the port. 3443 */ 3444 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3445 int size) 3446 { 3447 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3448 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 3449 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3450 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 3451 int rc = 0; 3452 3453 /* 3454 * Perfectly reasonable for this to be NULL 3455 */ 3456 if (sip == NULL) 3457 return 0; 3458 3459 switch (sip->sin_family) { 3460 case AF_INET: 3461 rc = smack_netlabel_send(sock->sk, sip); 3462 break; 3463 case AF_INET6: 3464 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 3465 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3466 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 3467 break; 3468 } 3469 return rc; 3470 } 3471 3472 /** 3473 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3474 * @sap: netlabel secattr 3475 * @ssp: socket security information 3476 * 3477 * Returns a pointer to a Smack label entry found on the label list. 3478 */ 3479 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3480 struct socket_smack *ssp) 3481 { 3482 struct smack_known *skp; 3483 int found = 0; 3484 int acat; 3485 int kcat; 3486 3487 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3488 /* 3489 * Looks like a CIPSO packet. 3490 * If there are flags but no level netlabel isn't 3491 * behaving the way we expect it to. 3492 * 3493 * Look it up in the label table 3494 * Without guidance regarding the smack value 3495 * for the packet fall back on the network 3496 * ambient value. 3497 */ 3498 rcu_read_lock(); 3499 list_for_each_entry(skp, &smack_known_list, list) { 3500 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3501 continue; 3502 /* 3503 * Compare the catsets. Use the netlbl APIs. 3504 */ 3505 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3506 if ((skp->smk_netlabel.flags & 3507 NETLBL_SECATTR_MLS_CAT) == 0) 3508 found = 1; 3509 break; 3510 } 3511 for (acat = -1, kcat = -1; acat == kcat; ) { 3512 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3513 acat + 1); 3514 kcat = netlbl_catmap_walk( 3515 skp->smk_netlabel.attr.mls.cat, 3516 kcat + 1); 3517 if (acat < 0 || kcat < 0) 3518 break; 3519 } 3520 if (acat == kcat) { 3521 found = 1; 3522 break; 3523 } 3524 } 3525 rcu_read_unlock(); 3526 3527 if (found) 3528 return skp; 3529 3530 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3531 return &smack_known_web; 3532 return &smack_known_star; 3533 } 3534 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { 3535 /* 3536 * Looks like a fallback, which gives us a secid. 3537 */ 3538 skp = smack_from_secid(sap->attr.secid); 3539 /* 3540 * This has got to be a bug because it is 3541 * impossible to specify a fallback without 3542 * specifying the label, which will ensure 3543 * it has a secid, and the only way to get a 3544 * secid is from a fallback. 3545 */ 3546 BUG_ON(skp == NULL); 3547 return skp; 3548 } 3549 /* 3550 * Without guidance regarding the smack value 3551 * for the packet fall back on the network 3552 * ambient value. 3553 */ 3554 return smack_net_ambient; 3555 } 3556 3557 #if IS_ENABLED(CONFIG_IPV6) 3558 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3559 { 3560 u8 nexthdr; 3561 int offset; 3562 int proto = -EINVAL; 3563 struct ipv6hdr _ipv6h; 3564 struct ipv6hdr *ip6; 3565 __be16 frag_off; 3566 struct tcphdr _tcph, *th; 3567 struct udphdr _udph, *uh; 3568 struct dccp_hdr _dccph, *dh; 3569 3570 sip->sin6_port = 0; 3571 3572 offset = skb_network_offset(skb); 3573 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3574 if (ip6 == NULL) 3575 return -EINVAL; 3576 sip->sin6_addr = ip6->saddr; 3577 3578 nexthdr = ip6->nexthdr; 3579 offset += sizeof(_ipv6h); 3580 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3581 if (offset < 0) 3582 return -EINVAL; 3583 3584 proto = nexthdr; 3585 switch (proto) { 3586 case IPPROTO_TCP: 3587 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3588 if (th != NULL) 3589 sip->sin6_port = th->source; 3590 break; 3591 case IPPROTO_UDP: 3592 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3593 if (uh != NULL) 3594 sip->sin6_port = uh->source; 3595 break; 3596 case IPPROTO_DCCP: 3597 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3598 if (dh != NULL) 3599 sip->sin6_port = dh->dccph_sport; 3600 break; 3601 } 3602 return proto; 3603 } 3604 #endif /* CONFIG_IPV6 */ 3605 3606 /** 3607 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3608 * @sk: socket 3609 * @skb: packet 3610 * 3611 * Returns 0 if the packet should be delivered, an error code otherwise 3612 */ 3613 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3614 { 3615 struct netlbl_lsm_secattr secattr; 3616 struct socket_smack *ssp = sk->sk_security; 3617 struct smack_known *skp = NULL; 3618 int rc = 0; 3619 struct smk_audit_info ad; 3620 #ifdef CONFIG_AUDIT 3621 struct lsm_network_audit net; 3622 #endif 3623 #if IS_ENABLED(CONFIG_IPV6) 3624 struct sockaddr_in6 sadd; 3625 int proto; 3626 #endif /* CONFIG_IPV6 */ 3627 3628 switch (sk->sk_family) { 3629 case PF_INET: 3630 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3631 /* 3632 * If there is a secmark use it rather than the CIPSO label. 3633 * If there is no secmark fall back to CIPSO. 3634 * The secmark is assumed to reflect policy better. 3635 */ 3636 if (skb && skb->secmark != 0) { 3637 skp = smack_from_secid(skb->secmark); 3638 goto access_check; 3639 } 3640 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3641 /* 3642 * Translate what netlabel gave us. 3643 */ 3644 netlbl_secattr_init(&secattr); 3645 3646 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); 3647 if (rc == 0) 3648 skp = smack_from_secattr(&secattr, ssp); 3649 else 3650 skp = smack_net_ambient; 3651 3652 netlbl_secattr_destroy(&secattr); 3653 3654 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3655 access_check: 3656 #endif 3657 #ifdef CONFIG_AUDIT 3658 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3659 ad.a.u.net->family = sk->sk_family; 3660 ad.a.u.net->netif = skb->skb_iif; 3661 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3662 #endif 3663 /* 3664 * Receiving a packet requires that the other end 3665 * be able to write here. Read access is not required. 3666 * This is the simplist possible security model 3667 * for networking. 3668 */ 3669 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3670 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3671 MAY_WRITE, rc); 3672 if (rc != 0) 3673 netlbl_skbuff_err(skb, rc, 0); 3674 break; 3675 #if IS_ENABLED(CONFIG_IPV6) 3676 case PF_INET6: 3677 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3678 if (proto != IPPROTO_UDP && proto != IPPROTO_TCP) 3679 break; 3680 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3681 if (skb && skb->secmark != 0) 3682 skp = smack_from_secid(skb->secmark); 3683 else 3684 skp = smack_net_ambient; 3685 #ifdef CONFIG_AUDIT 3686 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3687 ad.a.u.net->family = sk->sk_family; 3688 ad.a.u.net->netif = skb->skb_iif; 3689 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3690 #endif /* CONFIG_AUDIT */ 3691 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3692 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3693 MAY_WRITE, rc); 3694 #else /* CONFIG_SECURITY_SMACK_NETFILTER */ 3695 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3696 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3697 break; 3698 #endif /* CONFIG_IPV6 */ 3699 } 3700 3701 return rc; 3702 } 3703 3704 /** 3705 * smack_socket_getpeersec_stream - pull in packet label 3706 * @sock: the socket 3707 * @optval: user's destination 3708 * @optlen: size thereof 3709 * @len: max thereof 3710 * 3711 * returns zero on success, an error code otherwise 3712 */ 3713 static int smack_socket_getpeersec_stream(struct socket *sock, 3714 char __user *optval, 3715 int __user *optlen, unsigned len) 3716 { 3717 struct socket_smack *ssp; 3718 char *rcp = ""; 3719 int slen = 1; 3720 int rc = 0; 3721 3722 ssp = sock->sk->sk_security; 3723 if (ssp->smk_packet != NULL) { 3724 rcp = ssp->smk_packet->smk_known; 3725 slen = strlen(rcp) + 1; 3726 } 3727 3728 if (slen > len) 3729 rc = -ERANGE; 3730 else if (copy_to_user(optval, rcp, slen) != 0) 3731 rc = -EFAULT; 3732 3733 if (put_user(slen, optlen) != 0) 3734 rc = -EFAULT; 3735 3736 return rc; 3737 } 3738 3739 3740 /** 3741 * smack_socket_getpeersec_dgram - pull in packet label 3742 * @sock: the peer socket 3743 * @skb: packet data 3744 * @secid: pointer to where to put the secid of the packet 3745 * 3746 * Sets the netlabel socket state on sk from parent 3747 */ 3748 static int smack_socket_getpeersec_dgram(struct socket *sock, 3749 struct sk_buff *skb, u32 *secid) 3750 3751 { 3752 struct netlbl_lsm_secattr secattr; 3753 struct socket_smack *ssp = NULL; 3754 struct smack_known *skp; 3755 int family = PF_UNSPEC; 3756 u32 s = 0; /* 0 is the invalid secid */ 3757 int rc; 3758 3759 if (skb != NULL) { 3760 if (skb->protocol == htons(ETH_P_IP)) 3761 family = PF_INET; 3762 #if IS_ENABLED(CONFIG_IPV6) 3763 else if (skb->protocol == htons(ETH_P_IPV6)) 3764 family = PF_INET6; 3765 #endif /* CONFIG_IPV6 */ 3766 } 3767 if (family == PF_UNSPEC && sock != NULL) 3768 family = sock->sk->sk_family; 3769 3770 switch (family) { 3771 case PF_UNIX: 3772 ssp = sock->sk->sk_security; 3773 s = ssp->smk_out->smk_secid; 3774 break; 3775 case PF_INET: 3776 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3777 s = skb->secmark; 3778 if (s != 0) 3779 break; 3780 #endif 3781 /* 3782 * Translate what netlabel gave us. 3783 */ 3784 if (sock != NULL && sock->sk != NULL) 3785 ssp = sock->sk->sk_security; 3786 netlbl_secattr_init(&secattr); 3787 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3788 if (rc == 0) { 3789 skp = smack_from_secattr(&secattr, ssp); 3790 s = skp->smk_secid; 3791 } 3792 netlbl_secattr_destroy(&secattr); 3793 break; 3794 #if IS_ENABLED(CONFIG_IPV6) 3795 case PF_INET6: 3796 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3797 s = skb->secmark; 3798 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3799 break; 3800 #endif /* CONFIG_IPV6 */ 3801 } 3802 *secid = s; 3803 if (s == 0) 3804 return -EINVAL; 3805 return 0; 3806 } 3807 3808 /** 3809 * smack_sock_graft - Initialize a newly created socket with an existing sock 3810 * @sk: child sock 3811 * @parent: parent socket 3812 * 3813 * Set the smk_{in,out} state of an existing sock based on the process that 3814 * is creating the new socket. 3815 */ 3816 static void smack_sock_graft(struct sock *sk, struct socket *parent) 3817 { 3818 struct socket_smack *ssp; 3819 struct smack_known *skp = smk_of_current(); 3820 3821 if (sk == NULL || 3822 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 3823 return; 3824 3825 ssp = sk->sk_security; 3826 ssp->smk_in = skp; 3827 ssp->smk_out = skp; 3828 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 3829 } 3830 3831 /** 3832 * smack_inet_conn_request - Smack access check on connect 3833 * @sk: socket involved 3834 * @skb: packet 3835 * @req: unused 3836 * 3837 * Returns 0 if a task with the packet label could write to 3838 * the socket, otherwise an error code 3839 */ 3840 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 3841 struct request_sock *req) 3842 { 3843 u16 family = sk->sk_family; 3844 struct smack_known *skp; 3845 struct socket_smack *ssp = sk->sk_security; 3846 struct netlbl_lsm_secattr secattr; 3847 struct sockaddr_in addr; 3848 struct iphdr *hdr; 3849 struct smack_known *hskp; 3850 int rc; 3851 struct smk_audit_info ad; 3852 #ifdef CONFIG_AUDIT 3853 struct lsm_network_audit net; 3854 #endif 3855 3856 #if IS_ENABLED(CONFIG_IPV6) 3857 if (family == PF_INET6) { 3858 /* 3859 * Handle mapped IPv4 packets arriving 3860 * via IPv6 sockets. Don't set up netlabel 3861 * processing on IPv6. 3862 */ 3863 if (skb->protocol == htons(ETH_P_IP)) 3864 family = PF_INET; 3865 else 3866 return 0; 3867 } 3868 #endif /* CONFIG_IPV6 */ 3869 3870 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3871 /* 3872 * If there is a secmark use it rather than the CIPSO label. 3873 * If there is no secmark fall back to CIPSO. 3874 * The secmark is assumed to reflect policy better. 3875 */ 3876 if (skb && skb->secmark != 0) { 3877 skp = smack_from_secid(skb->secmark); 3878 goto access_check; 3879 } 3880 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3881 3882 netlbl_secattr_init(&secattr); 3883 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3884 if (rc == 0) 3885 skp = smack_from_secattr(&secattr, ssp); 3886 else 3887 skp = &smack_known_huh; 3888 netlbl_secattr_destroy(&secattr); 3889 3890 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3891 access_check: 3892 #endif 3893 3894 #ifdef CONFIG_AUDIT 3895 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3896 ad.a.u.net->family = family; 3897 ad.a.u.net->netif = skb->skb_iif; 3898 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3899 #endif 3900 /* 3901 * Receiving a packet requires that the other end be able to write 3902 * here. Read access is not required. 3903 */ 3904 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3905 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 3906 if (rc != 0) 3907 return rc; 3908 3909 /* 3910 * Save the peer's label in the request_sock so we can later setup 3911 * smk_packet in the child socket so that SO_PEERCRED can report it. 3912 */ 3913 req->peer_secid = skp->smk_secid; 3914 3915 /* 3916 * We need to decide if we want to label the incoming connection here 3917 * if we do we only need to label the request_sock and the stack will 3918 * propagate the wire-label to the sock when it is created. 3919 */ 3920 hdr = ip_hdr(skb); 3921 addr.sin_addr.s_addr = hdr->saddr; 3922 rcu_read_lock(); 3923 hskp = smack_host_label(&addr); 3924 rcu_read_unlock(); 3925 3926 if (hskp == NULL) 3927 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 3928 else 3929 netlbl_req_delattr(req); 3930 3931 return rc; 3932 } 3933 3934 /** 3935 * smack_inet_csk_clone - Copy the connection information to the new socket 3936 * @sk: the new socket 3937 * @req: the connection's request_sock 3938 * 3939 * Transfer the connection's peer label to the newly created socket. 3940 */ 3941 static void smack_inet_csk_clone(struct sock *sk, 3942 const struct request_sock *req) 3943 { 3944 struct socket_smack *ssp = sk->sk_security; 3945 struct smack_known *skp; 3946 3947 if (req->peer_secid != 0) { 3948 skp = smack_from_secid(req->peer_secid); 3949 ssp->smk_packet = skp; 3950 } else 3951 ssp->smk_packet = NULL; 3952 } 3953 3954 /* 3955 * Key management security hooks 3956 * 3957 * Casey has not tested key support very heavily. 3958 * The permission check is most likely too restrictive. 3959 * If you care about keys please have a look. 3960 */ 3961 #ifdef CONFIG_KEYS 3962 3963 /** 3964 * smack_key_alloc - Set the key security blob 3965 * @key: object 3966 * @cred: the credentials to use 3967 * @flags: unused 3968 * 3969 * No allocation required 3970 * 3971 * Returns 0 3972 */ 3973 static int smack_key_alloc(struct key *key, const struct cred *cred, 3974 unsigned long flags) 3975 { 3976 struct smack_known *skp = smk_of_task(cred->security); 3977 3978 key->security = skp; 3979 return 0; 3980 } 3981 3982 /** 3983 * smack_key_free - Clear the key security blob 3984 * @key: the object 3985 * 3986 * Clear the blob pointer 3987 */ 3988 static void smack_key_free(struct key *key) 3989 { 3990 key->security = NULL; 3991 } 3992 3993 /** 3994 * smack_key_permission - Smack access on a key 3995 * @key_ref: gets to the object 3996 * @cred: the credentials to use 3997 * @perm: requested key permissions 3998 * 3999 * Return 0 if the task has read and write to the object, 4000 * an error code otherwise 4001 */ 4002 static int smack_key_permission(key_ref_t key_ref, 4003 const struct cred *cred, unsigned perm) 4004 { 4005 struct key *keyp; 4006 struct smk_audit_info ad; 4007 struct smack_known *tkp = smk_of_task(cred->security); 4008 int request = 0; 4009 int rc; 4010 4011 keyp = key_ref_to_ptr(key_ref); 4012 if (keyp == NULL) 4013 return -EINVAL; 4014 /* 4015 * If the key hasn't been initialized give it access so that 4016 * it may do so. 4017 */ 4018 if (keyp->security == NULL) 4019 return 0; 4020 /* 4021 * This should not occur 4022 */ 4023 if (tkp == NULL) 4024 return -EACCES; 4025 #ifdef CONFIG_AUDIT 4026 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4027 ad.a.u.key_struct.key = keyp->serial; 4028 ad.a.u.key_struct.key_desc = keyp->description; 4029 #endif 4030 if (perm & KEY_NEED_READ) 4031 request = MAY_READ; 4032 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR)) 4033 request = MAY_WRITE; 4034 rc = smk_access(tkp, keyp->security, request, &ad); 4035 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4036 return rc; 4037 } 4038 4039 /* 4040 * smack_key_getsecurity - Smack label tagging the key 4041 * @key points to the key to be queried 4042 * @_buffer points to a pointer that should be set to point to the 4043 * resulting string (if no label or an error occurs). 4044 * Return the length of the string (including terminating NUL) or -ve if 4045 * an error. 4046 * May also return 0 (and a NULL buffer pointer) if there is no label. 4047 */ 4048 static int smack_key_getsecurity(struct key *key, char **_buffer) 4049 { 4050 struct smack_known *skp = key->security; 4051 size_t length; 4052 char *copy; 4053 4054 if (key->security == NULL) { 4055 *_buffer = NULL; 4056 return 0; 4057 } 4058 4059 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4060 if (copy == NULL) 4061 return -ENOMEM; 4062 length = strlen(copy) + 1; 4063 4064 *_buffer = copy; 4065 return length; 4066 } 4067 4068 #endif /* CONFIG_KEYS */ 4069 4070 /* 4071 * Smack Audit hooks 4072 * 4073 * Audit requires a unique representation of each Smack specific 4074 * rule. This unique representation is used to distinguish the 4075 * object to be audited from remaining kernel objects and also 4076 * works as a glue between the audit hooks. 4077 * 4078 * Since repository entries are added but never deleted, we'll use 4079 * the smack_known label address related to the given audit rule as 4080 * the needed unique representation. This also better fits the smack 4081 * model where nearly everything is a label. 4082 */ 4083 #ifdef CONFIG_AUDIT 4084 4085 /** 4086 * smack_audit_rule_init - Initialize a smack audit rule 4087 * @field: audit rule fields given from user-space (audit.h) 4088 * @op: required testing operator (=, !=, >, <, ...) 4089 * @rulestr: smack label to be audited 4090 * @vrule: pointer to save our own audit rule representation 4091 * 4092 * Prepare to audit cases where (@field @op @rulestr) is true. 4093 * The label to be audited is created if necessay. 4094 */ 4095 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4096 { 4097 struct smack_known *skp; 4098 char **rule = (char **)vrule; 4099 *rule = NULL; 4100 4101 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4102 return -EINVAL; 4103 4104 if (op != Audit_equal && op != Audit_not_equal) 4105 return -EINVAL; 4106 4107 skp = smk_import_entry(rulestr, 0); 4108 if (skp) 4109 *rule = skp->smk_known; 4110 4111 return 0; 4112 } 4113 4114 /** 4115 * smack_audit_rule_known - Distinguish Smack audit rules 4116 * @krule: rule of interest, in Audit kernel representation format 4117 * 4118 * This is used to filter Smack rules from remaining Audit ones. 4119 * If it's proved that this rule belongs to us, the 4120 * audit_rule_match hook will be called to do the final judgement. 4121 */ 4122 static int smack_audit_rule_known(struct audit_krule *krule) 4123 { 4124 struct audit_field *f; 4125 int i; 4126 4127 for (i = 0; i < krule->field_count; i++) { 4128 f = &krule->fields[i]; 4129 4130 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4131 return 1; 4132 } 4133 4134 return 0; 4135 } 4136 4137 /** 4138 * smack_audit_rule_match - Audit given object ? 4139 * @secid: security id for identifying the object to test 4140 * @field: audit rule flags given from user-space 4141 * @op: required testing operator 4142 * @vrule: smack internal rule presentation 4143 * @actx: audit context associated with the check 4144 * 4145 * The core Audit hook. It's used to take the decision of 4146 * whether to audit or not to audit a given object. 4147 */ 4148 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 4149 struct audit_context *actx) 4150 { 4151 struct smack_known *skp; 4152 char *rule = vrule; 4153 4154 if (unlikely(!rule)) { 4155 WARN_ONCE(1, "Smack: missing rule\n"); 4156 return -ENOENT; 4157 } 4158 4159 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4160 return 0; 4161 4162 skp = smack_from_secid(secid); 4163 4164 /* 4165 * No need to do string comparisons. If a match occurs, 4166 * both pointers will point to the same smack_known 4167 * label. 4168 */ 4169 if (op == Audit_equal) 4170 return (rule == skp->smk_known); 4171 if (op == Audit_not_equal) 4172 return (rule != skp->smk_known); 4173 4174 return 0; 4175 } 4176 4177 /** 4178 * smack_audit_rule_free - free smack rule representation 4179 * @vrule: rule to be freed. 4180 * 4181 * No memory was allocated. 4182 */ 4183 static void smack_audit_rule_free(void *vrule) 4184 { 4185 /* No-op */ 4186 } 4187 4188 #endif /* CONFIG_AUDIT */ 4189 4190 /** 4191 * smack_ismaclabel - check if xattr @name references a smack MAC label 4192 * @name: Full xattr name to check. 4193 */ 4194 static int smack_ismaclabel(const char *name) 4195 { 4196 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4197 } 4198 4199 4200 /** 4201 * smack_secid_to_secctx - return the smack label for a secid 4202 * @secid: incoming integer 4203 * @secdata: destination 4204 * @seclen: how long it is 4205 * 4206 * Exists for networking code. 4207 */ 4208 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4209 { 4210 struct smack_known *skp = smack_from_secid(secid); 4211 4212 if (secdata) 4213 *secdata = skp->smk_known; 4214 *seclen = strlen(skp->smk_known); 4215 return 0; 4216 } 4217 4218 /** 4219 * smack_secctx_to_secid - return the secid for a smack label 4220 * @secdata: smack label 4221 * @seclen: how long result is 4222 * @secid: outgoing integer 4223 * 4224 * Exists for audit and networking code. 4225 */ 4226 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4227 { 4228 struct smack_known *skp = smk_find_entry(secdata); 4229 4230 if (skp) 4231 *secid = skp->smk_secid; 4232 else 4233 *secid = 0; 4234 return 0; 4235 } 4236 4237 /** 4238 * smack_release_secctx - don't do anything. 4239 * @secdata: unused 4240 * @seclen: unused 4241 * 4242 * Exists to make sure nothing gets done, and properly 4243 */ 4244 static void smack_release_secctx(char *secdata, u32 seclen) 4245 { 4246 } 4247 4248 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4249 { 4250 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 4251 } 4252 4253 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4254 { 4255 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 4256 } 4257 4258 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4259 { 4260 int len = 0; 4261 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); 4262 4263 if (len < 0) 4264 return len; 4265 *ctxlen = len; 4266 return 0; 4267 } 4268 4269 struct security_operations smack_ops = { 4270 .name = "smack", 4271 4272 .ptrace_access_check = smack_ptrace_access_check, 4273 .ptrace_traceme = smack_ptrace_traceme, 4274 .syslog = smack_syslog, 4275 4276 .sb_alloc_security = smack_sb_alloc_security, 4277 .sb_free_security = smack_sb_free_security, 4278 .sb_copy_data = smack_sb_copy_data, 4279 .sb_kern_mount = smack_sb_kern_mount, 4280 .sb_statfs = smack_sb_statfs, 4281 4282 .bprm_set_creds = smack_bprm_set_creds, 4283 .bprm_committing_creds = smack_bprm_committing_creds, 4284 .bprm_secureexec = smack_bprm_secureexec, 4285 4286 .inode_alloc_security = smack_inode_alloc_security, 4287 .inode_free_security = smack_inode_free_security, 4288 .inode_init_security = smack_inode_init_security, 4289 .inode_link = smack_inode_link, 4290 .inode_unlink = smack_inode_unlink, 4291 .inode_rmdir = smack_inode_rmdir, 4292 .inode_rename = smack_inode_rename, 4293 .inode_permission = smack_inode_permission, 4294 .inode_setattr = smack_inode_setattr, 4295 .inode_getattr = smack_inode_getattr, 4296 .inode_setxattr = smack_inode_setxattr, 4297 .inode_post_setxattr = smack_inode_post_setxattr, 4298 .inode_getxattr = smack_inode_getxattr, 4299 .inode_removexattr = smack_inode_removexattr, 4300 .inode_getsecurity = smack_inode_getsecurity, 4301 .inode_setsecurity = smack_inode_setsecurity, 4302 .inode_listsecurity = smack_inode_listsecurity, 4303 .inode_getsecid = smack_inode_getsecid, 4304 4305 .file_permission = smack_file_permission, 4306 .file_alloc_security = smack_file_alloc_security, 4307 .file_free_security = smack_file_free_security, 4308 .file_ioctl = smack_file_ioctl, 4309 .file_lock = smack_file_lock, 4310 .file_fcntl = smack_file_fcntl, 4311 .mmap_file = smack_mmap_file, 4312 .mmap_addr = cap_mmap_addr, 4313 .file_set_fowner = smack_file_set_fowner, 4314 .file_send_sigiotask = smack_file_send_sigiotask, 4315 .file_receive = smack_file_receive, 4316 4317 .file_open = smack_file_open, 4318 4319 .cred_alloc_blank = smack_cred_alloc_blank, 4320 .cred_free = smack_cred_free, 4321 .cred_prepare = smack_cred_prepare, 4322 .cred_transfer = smack_cred_transfer, 4323 .kernel_act_as = smack_kernel_act_as, 4324 .kernel_create_files_as = smack_kernel_create_files_as, 4325 .task_setpgid = smack_task_setpgid, 4326 .task_getpgid = smack_task_getpgid, 4327 .task_getsid = smack_task_getsid, 4328 .task_getsecid = smack_task_getsecid, 4329 .task_setnice = smack_task_setnice, 4330 .task_setioprio = smack_task_setioprio, 4331 .task_getioprio = smack_task_getioprio, 4332 .task_setscheduler = smack_task_setscheduler, 4333 .task_getscheduler = smack_task_getscheduler, 4334 .task_movememory = smack_task_movememory, 4335 .task_kill = smack_task_kill, 4336 .task_wait = smack_task_wait, 4337 .task_to_inode = smack_task_to_inode, 4338 4339 .ipc_permission = smack_ipc_permission, 4340 .ipc_getsecid = smack_ipc_getsecid, 4341 4342 .msg_msg_alloc_security = smack_msg_msg_alloc_security, 4343 .msg_msg_free_security = smack_msg_msg_free_security, 4344 4345 .msg_queue_alloc_security = smack_msg_queue_alloc_security, 4346 .msg_queue_free_security = smack_msg_queue_free_security, 4347 .msg_queue_associate = smack_msg_queue_associate, 4348 .msg_queue_msgctl = smack_msg_queue_msgctl, 4349 .msg_queue_msgsnd = smack_msg_queue_msgsnd, 4350 .msg_queue_msgrcv = smack_msg_queue_msgrcv, 4351 4352 .shm_alloc_security = smack_shm_alloc_security, 4353 .shm_free_security = smack_shm_free_security, 4354 .shm_associate = smack_shm_associate, 4355 .shm_shmctl = smack_shm_shmctl, 4356 .shm_shmat = smack_shm_shmat, 4357 4358 .sem_alloc_security = smack_sem_alloc_security, 4359 .sem_free_security = smack_sem_free_security, 4360 .sem_associate = smack_sem_associate, 4361 .sem_semctl = smack_sem_semctl, 4362 .sem_semop = smack_sem_semop, 4363 4364 .d_instantiate = smack_d_instantiate, 4365 4366 .getprocattr = smack_getprocattr, 4367 .setprocattr = smack_setprocattr, 4368 4369 .unix_stream_connect = smack_unix_stream_connect, 4370 .unix_may_send = smack_unix_may_send, 4371 4372 .socket_post_create = smack_socket_post_create, 4373 #ifndef CONFIG_SECURITY_SMACK_NETFILTER 4374 .socket_bind = smack_socket_bind, 4375 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 4376 .socket_connect = smack_socket_connect, 4377 .socket_sendmsg = smack_socket_sendmsg, 4378 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, 4379 .socket_getpeersec_stream = smack_socket_getpeersec_stream, 4380 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, 4381 .sk_alloc_security = smack_sk_alloc_security, 4382 .sk_free_security = smack_sk_free_security, 4383 .sock_graft = smack_sock_graft, 4384 .inet_conn_request = smack_inet_conn_request, 4385 .inet_csk_clone = smack_inet_csk_clone, 4386 4387 /* key management security hooks */ 4388 #ifdef CONFIG_KEYS 4389 .key_alloc = smack_key_alloc, 4390 .key_free = smack_key_free, 4391 .key_permission = smack_key_permission, 4392 .key_getsecurity = smack_key_getsecurity, 4393 #endif /* CONFIG_KEYS */ 4394 4395 /* Audit hooks */ 4396 #ifdef CONFIG_AUDIT 4397 .audit_rule_init = smack_audit_rule_init, 4398 .audit_rule_known = smack_audit_rule_known, 4399 .audit_rule_match = smack_audit_rule_match, 4400 .audit_rule_free = smack_audit_rule_free, 4401 #endif /* CONFIG_AUDIT */ 4402 4403 .ismaclabel = smack_ismaclabel, 4404 .secid_to_secctx = smack_secid_to_secctx, 4405 .secctx_to_secid = smack_secctx_to_secid, 4406 .release_secctx = smack_release_secctx, 4407 .inode_notifysecctx = smack_inode_notifysecctx, 4408 .inode_setsecctx = smack_inode_setsecctx, 4409 .inode_getsecctx = smack_inode_getsecctx, 4410 }; 4411 4412 4413 static __init void init_smack_known_list(void) 4414 { 4415 /* 4416 * Initialize rule list locks 4417 */ 4418 mutex_init(&smack_known_huh.smk_rules_lock); 4419 mutex_init(&smack_known_hat.smk_rules_lock); 4420 mutex_init(&smack_known_floor.smk_rules_lock); 4421 mutex_init(&smack_known_star.smk_rules_lock); 4422 mutex_init(&smack_known_invalid.smk_rules_lock); 4423 mutex_init(&smack_known_web.smk_rules_lock); 4424 /* 4425 * Initialize rule lists 4426 */ 4427 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4428 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4429 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4430 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4431 INIT_LIST_HEAD(&smack_known_invalid.smk_rules); 4432 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4433 /* 4434 * Create the known labels list 4435 */ 4436 smk_insert_entry(&smack_known_huh); 4437 smk_insert_entry(&smack_known_hat); 4438 smk_insert_entry(&smack_known_star); 4439 smk_insert_entry(&smack_known_floor); 4440 smk_insert_entry(&smack_known_invalid); 4441 smk_insert_entry(&smack_known_web); 4442 } 4443 4444 /** 4445 * smack_init - initialize the smack system 4446 * 4447 * Returns 0 4448 */ 4449 static __init int smack_init(void) 4450 { 4451 struct cred *cred; 4452 struct task_smack *tsp; 4453 4454 if (!security_module_enable(&smack_ops)) 4455 return 0; 4456 4457 smack_enabled = 1; 4458 4459 smack_inode_cache = KMEM_CACHE(inode_smack, 0); 4460 if (!smack_inode_cache) 4461 return -ENOMEM; 4462 4463 tsp = new_task_smack(&smack_known_floor, &smack_known_floor, 4464 GFP_KERNEL); 4465 if (tsp == NULL) { 4466 kmem_cache_destroy(smack_inode_cache); 4467 return -ENOMEM; 4468 } 4469 4470 printk(KERN_INFO "Smack: Initializing.\n"); 4471 4472 /* 4473 * Set the security state for the initial task. 4474 */ 4475 cred = (struct cred *) current->cred; 4476 cred->security = tsp; 4477 4478 /* initialize the smack_known_list */ 4479 init_smack_known_list(); 4480 4481 /* 4482 * Register with LSM 4483 */ 4484 if (register_security(&smack_ops)) 4485 panic("smack: Unable to register with kernel.\n"); 4486 4487 return 0; 4488 } 4489 4490 /* 4491 * Smack requires early initialization in order to label 4492 * all processes and objects when they are created. 4493 */ 4494 security_initcall(smack_init); 4495