1 /* 2 * Simplified MAC Kernel (smack) security module 3 * 4 * This file contains the smack hook function implementations. 5 * 6 * Authors: 7 * Casey Schaufler <casey@schaufler-ca.com> 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 9 * 10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 12 * Paul Moore <paul@paul-moore.com> 13 * Copyright (C) 2010 Nokia Corporation 14 * Copyright (C) 2011 Intel Corporation. 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License version 2, 18 * as published by the Free Software Foundation. 19 */ 20 21 #include <linux/xattr.h> 22 #include <linux/pagemap.h> 23 #include <linux/mount.h> 24 #include <linux/stat.h> 25 #include <linux/kd.h> 26 #include <asm/ioctls.h> 27 #include <linux/ip.h> 28 #include <linux/tcp.h> 29 #include <linux/udp.h> 30 #include <linux/dccp.h> 31 #include <linux/icmpv6.h> 32 #include <linux/slab.h> 33 #include <linux/mutex.h> 34 #include <linux/pipe_fs_i.h> 35 #include <net/cipso_ipv4.h> 36 #include <net/ip.h> 37 #include <net/ipv6.h> 38 #include <linux/audit.h> 39 #include <linux/magic.h> 40 #include <linux/dcache.h> 41 #include <linux/personality.h> 42 #include <linux/msg.h> 43 #include <linux/shm.h> 44 #include <linux/binfmts.h> 45 #include <linux/parser.h> 46 #include "smack.h" 47 48 #define TRANS_TRUE "TRUE" 49 #define TRANS_TRUE_SIZE 4 50 51 #define SMK_CONNECTING 0 52 #define SMK_RECEIVING 1 53 #define SMK_SENDING 2 54 55 #ifdef SMACK_IPV6_PORT_LABELING 56 DEFINE_MUTEX(smack_ipv6_lock); 57 static LIST_HEAD(smk_ipv6_port_list); 58 #endif 59 static struct kmem_cache *smack_inode_cache; 60 int smack_enabled; 61 62 static const match_table_t smk_mount_tokens = { 63 {Opt_fsdefault, SMK_FSDEFAULT "%s"}, 64 {Opt_fsfloor, SMK_FSFLOOR "%s"}, 65 {Opt_fshat, SMK_FSHAT "%s"}, 66 {Opt_fsroot, SMK_FSROOT "%s"}, 67 {Opt_fstransmute, SMK_FSTRANS "%s"}, 68 {Opt_error, NULL}, 69 }; 70 71 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 72 static char *smk_bu_mess[] = { 73 "Bringup Error", /* Unused */ 74 "Bringup", /* SMACK_BRINGUP_ALLOW */ 75 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 76 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 77 }; 78 79 static void smk_bu_mode(int mode, char *s) 80 { 81 int i = 0; 82 83 if (mode & MAY_READ) 84 s[i++] = 'r'; 85 if (mode & MAY_WRITE) 86 s[i++] = 'w'; 87 if (mode & MAY_EXEC) 88 s[i++] = 'x'; 89 if (mode & MAY_APPEND) 90 s[i++] = 'a'; 91 if (mode & MAY_TRANSMUTE) 92 s[i++] = 't'; 93 if (mode & MAY_LOCK) 94 s[i++] = 'l'; 95 if (i == 0) 96 s[i++] = '-'; 97 s[i] = '\0'; 98 } 99 #endif 100 101 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 102 static int smk_bu_note(char *note, struct smack_known *sskp, 103 struct smack_known *oskp, int mode, int rc) 104 { 105 char acc[SMK_NUM_ACCESS_TYPE + 1]; 106 107 if (rc <= 0) 108 return rc; 109 if (rc > SMACK_UNCONFINED_OBJECT) 110 rc = 0; 111 112 smk_bu_mode(mode, acc); 113 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 114 sskp->smk_known, oskp->smk_known, acc, note); 115 return 0; 116 } 117 #else 118 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 119 #endif 120 121 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 122 static int smk_bu_current(char *note, struct smack_known *oskp, 123 int mode, int rc) 124 { 125 struct task_smack *tsp = current_security(); 126 char acc[SMK_NUM_ACCESS_TYPE + 1]; 127 128 if (rc <= 0) 129 return rc; 130 if (rc > SMACK_UNCONFINED_OBJECT) 131 rc = 0; 132 133 smk_bu_mode(mode, acc); 134 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 135 tsp->smk_task->smk_known, oskp->smk_known, 136 acc, current->comm, note); 137 return 0; 138 } 139 #else 140 #define smk_bu_current(note, oskp, mode, RC) (RC) 141 #endif 142 143 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 144 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 145 { 146 struct task_smack *tsp = current_security(); 147 struct smack_known *smk_task = smk_of_task_struct(otp); 148 char acc[SMK_NUM_ACCESS_TYPE + 1]; 149 150 if (rc <= 0) 151 return rc; 152 if (rc > SMACK_UNCONFINED_OBJECT) 153 rc = 0; 154 155 smk_bu_mode(mode, acc); 156 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 157 tsp->smk_task->smk_known, smk_task->smk_known, acc, 158 current->comm, otp->comm); 159 return 0; 160 } 161 #else 162 #define smk_bu_task(otp, mode, RC) (RC) 163 #endif 164 165 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 166 static int smk_bu_inode(struct inode *inode, int mode, int rc) 167 { 168 struct task_smack *tsp = current_security(); 169 struct inode_smack *isp = inode->i_security; 170 char acc[SMK_NUM_ACCESS_TYPE + 1]; 171 172 if (isp->smk_flags & SMK_INODE_IMPURE) 173 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 174 inode->i_sb->s_id, inode->i_ino, current->comm); 175 176 if (rc <= 0) 177 return rc; 178 if (rc > SMACK_UNCONFINED_OBJECT) 179 rc = 0; 180 if (rc == SMACK_UNCONFINED_SUBJECT && 181 (mode & (MAY_WRITE | MAY_APPEND))) 182 isp->smk_flags |= SMK_INODE_IMPURE; 183 184 smk_bu_mode(mode, acc); 185 186 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 187 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 188 inode->i_sb->s_id, inode->i_ino, current->comm); 189 return 0; 190 } 191 #else 192 #define smk_bu_inode(inode, mode, RC) (RC) 193 #endif 194 195 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 196 static int smk_bu_file(struct file *file, int mode, int rc) 197 { 198 struct task_smack *tsp = current_security(); 199 struct smack_known *sskp = tsp->smk_task; 200 struct inode *inode = file_inode(file); 201 struct inode_smack *isp = inode->i_security; 202 char acc[SMK_NUM_ACCESS_TYPE + 1]; 203 204 if (isp->smk_flags & SMK_INODE_IMPURE) 205 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 206 inode->i_sb->s_id, inode->i_ino, current->comm); 207 208 if (rc <= 0) 209 return rc; 210 if (rc > SMACK_UNCONFINED_OBJECT) 211 rc = 0; 212 213 smk_bu_mode(mode, acc); 214 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 215 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 216 inode->i_sb->s_id, inode->i_ino, file, 217 current->comm); 218 return 0; 219 } 220 #else 221 #define smk_bu_file(file, mode, RC) (RC) 222 #endif 223 224 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 225 static int smk_bu_credfile(const struct cred *cred, struct file *file, 226 int mode, int rc) 227 { 228 struct task_smack *tsp = cred->security; 229 struct smack_known *sskp = tsp->smk_task; 230 struct inode *inode = file_inode(file); 231 struct inode_smack *isp = inode->i_security; 232 char acc[SMK_NUM_ACCESS_TYPE + 1]; 233 234 if (isp->smk_flags & SMK_INODE_IMPURE) 235 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 236 inode->i_sb->s_id, inode->i_ino, current->comm); 237 238 if (rc <= 0) 239 return rc; 240 if (rc > SMACK_UNCONFINED_OBJECT) 241 rc = 0; 242 243 smk_bu_mode(mode, acc); 244 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 245 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 246 inode->i_sb->s_id, inode->i_ino, file, 247 current->comm); 248 return 0; 249 } 250 #else 251 #define smk_bu_credfile(cred, file, mode, RC) (RC) 252 #endif 253 254 /** 255 * smk_fetch - Fetch the smack label from a file. 256 * @name: type of the label (attribute) 257 * @ip: a pointer to the inode 258 * @dp: a pointer to the dentry 259 * 260 * Returns a pointer to the master list entry for the Smack label, 261 * NULL if there was no label to fetch, or an error code. 262 */ 263 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 264 struct dentry *dp) 265 { 266 int rc; 267 char *buffer; 268 struct smack_known *skp = NULL; 269 270 if (!(ip->i_opflags & IOP_XATTR)) 271 return ERR_PTR(-EOPNOTSUPP); 272 273 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL); 274 if (buffer == NULL) 275 return ERR_PTR(-ENOMEM); 276 277 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 278 if (rc < 0) 279 skp = ERR_PTR(rc); 280 else if (rc == 0) 281 skp = NULL; 282 else 283 skp = smk_import_entry(buffer, rc); 284 285 kfree(buffer); 286 287 return skp; 288 } 289 290 /** 291 * new_inode_smack - allocate an inode security blob 292 * @skp: a pointer to the Smack label entry to use in the blob 293 * 294 * Returns the new blob or NULL if there's no memory available 295 */ 296 static struct inode_smack *new_inode_smack(struct smack_known *skp) 297 { 298 struct inode_smack *isp; 299 300 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS); 301 if (isp == NULL) 302 return NULL; 303 304 isp->smk_inode = skp; 305 isp->smk_flags = 0; 306 mutex_init(&isp->smk_lock); 307 308 return isp; 309 } 310 311 /** 312 * new_task_smack - allocate a task security blob 313 * @task: a pointer to the Smack label for the running task 314 * @forked: a pointer to the Smack label for the forked task 315 * @gfp: type of the memory for the allocation 316 * 317 * Returns the new blob or NULL if there's no memory available 318 */ 319 static struct task_smack *new_task_smack(struct smack_known *task, 320 struct smack_known *forked, gfp_t gfp) 321 { 322 struct task_smack *tsp; 323 324 tsp = kzalloc(sizeof(struct task_smack), gfp); 325 if (tsp == NULL) 326 return NULL; 327 328 tsp->smk_task = task; 329 tsp->smk_forked = forked; 330 INIT_LIST_HEAD(&tsp->smk_rules); 331 INIT_LIST_HEAD(&tsp->smk_relabel); 332 mutex_init(&tsp->smk_rules_lock); 333 334 return tsp; 335 } 336 337 /** 338 * smk_copy_rules - copy a rule set 339 * @nhead: new rules header pointer 340 * @ohead: old rules header pointer 341 * @gfp: type of the memory for the allocation 342 * 343 * Returns 0 on success, -ENOMEM on error 344 */ 345 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 346 gfp_t gfp) 347 { 348 struct smack_rule *nrp; 349 struct smack_rule *orp; 350 int rc = 0; 351 352 list_for_each_entry_rcu(orp, ohead, list) { 353 nrp = kzalloc(sizeof(struct smack_rule), gfp); 354 if (nrp == NULL) { 355 rc = -ENOMEM; 356 break; 357 } 358 *nrp = *orp; 359 list_add_rcu(&nrp->list, nhead); 360 } 361 return rc; 362 } 363 364 /** 365 * smk_copy_relabel - copy smk_relabel labels list 366 * @nhead: new rules header pointer 367 * @ohead: old rules header pointer 368 * @gfp: type of the memory for the allocation 369 * 370 * Returns 0 on success, -ENOMEM on error 371 */ 372 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 373 gfp_t gfp) 374 { 375 struct smack_known_list_elem *nklep; 376 struct smack_known_list_elem *oklep; 377 378 list_for_each_entry(oklep, ohead, list) { 379 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 380 if (nklep == NULL) { 381 smk_destroy_label_list(nhead); 382 return -ENOMEM; 383 } 384 nklep->smk_label = oklep->smk_label; 385 list_add(&nklep->list, nhead); 386 } 387 388 return 0; 389 } 390 391 /** 392 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 393 * @mode - input mode in form of PTRACE_MODE_* 394 * 395 * Returns a converted MAY_* mode usable by smack rules 396 */ 397 static inline unsigned int smk_ptrace_mode(unsigned int mode) 398 { 399 if (mode & PTRACE_MODE_ATTACH) 400 return MAY_READWRITE; 401 if (mode & PTRACE_MODE_READ) 402 return MAY_READ; 403 404 return 0; 405 } 406 407 /** 408 * smk_ptrace_rule_check - helper for ptrace access 409 * @tracer: tracer process 410 * @tracee_known: label entry of the process that's about to be traced 411 * @mode: ptrace attachment mode (PTRACE_MODE_*) 412 * @func: name of the function that called us, used for audit 413 * 414 * Returns 0 on access granted, -error on error 415 */ 416 static int smk_ptrace_rule_check(struct task_struct *tracer, 417 struct smack_known *tracee_known, 418 unsigned int mode, const char *func) 419 { 420 int rc; 421 struct smk_audit_info ad, *saip = NULL; 422 struct task_smack *tsp; 423 struct smack_known *tracer_known; 424 425 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 426 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 427 smk_ad_setfield_u_tsk(&ad, tracer); 428 saip = &ad; 429 } 430 431 rcu_read_lock(); 432 tsp = __task_cred(tracer)->security; 433 tracer_known = smk_of_task(tsp); 434 435 if ((mode & PTRACE_MODE_ATTACH) && 436 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 437 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 438 if (tracer_known->smk_known == tracee_known->smk_known) 439 rc = 0; 440 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 441 rc = -EACCES; 442 else if (capable(CAP_SYS_PTRACE)) 443 rc = 0; 444 else 445 rc = -EACCES; 446 447 if (saip) 448 smack_log(tracer_known->smk_known, 449 tracee_known->smk_known, 450 0, rc, saip); 451 452 rcu_read_unlock(); 453 return rc; 454 } 455 456 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 457 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 458 459 rcu_read_unlock(); 460 return rc; 461 } 462 463 /* 464 * LSM hooks. 465 * We he, that is fun! 466 */ 467 468 /** 469 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 470 * @ctp: child task pointer 471 * @mode: ptrace attachment mode (PTRACE_MODE_*) 472 * 473 * Returns 0 if access is OK, an error code otherwise 474 * 475 * Do the capability checks. 476 */ 477 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 478 { 479 struct smack_known *skp; 480 481 skp = smk_of_task_struct(ctp); 482 483 return smk_ptrace_rule_check(current, skp, mode, __func__); 484 } 485 486 /** 487 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 488 * @ptp: parent task pointer 489 * 490 * Returns 0 if access is OK, an error code otherwise 491 * 492 * Do the capability checks, and require PTRACE_MODE_ATTACH. 493 */ 494 static int smack_ptrace_traceme(struct task_struct *ptp) 495 { 496 int rc; 497 struct smack_known *skp; 498 499 skp = smk_of_task(current_security()); 500 501 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 502 return rc; 503 } 504 505 /** 506 * smack_syslog - Smack approval on syslog 507 * @type: message type 508 * 509 * Returns 0 on success, error code otherwise. 510 */ 511 static int smack_syslog(int typefrom_file) 512 { 513 int rc = 0; 514 struct smack_known *skp = smk_of_current(); 515 516 if (smack_privileged(CAP_MAC_OVERRIDE)) 517 return 0; 518 519 if (smack_syslog_label != NULL && smack_syslog_label != skp) 520 rc = -EACCES; 521 522 return rc; 523 } 524 525 526 /* 527 * Superblock Hooks. 528 */ 529 530 /** 531 * smack_sb_alloc_security - allocate a superblock blob 532 * @sb: the superblock getting the blob 533 * 534 * Returns 0 on success or -ENOMEM on error. 535 */ 536 static int smack_sb_alloc_security(struct super_block *sb) 537 { 538 struct superblock_smack *sbsp; 539 540 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 541 542 if (sbsp == NULL) 543 return -ENOMEM; 544 545 sbsp->smk_root = &smack_known_floor; 546 sbsp->smk_default = &smack_known_floor; 547 sbsp->smk_floor = &smack_known_floor; 548 sbsp->smk_hat = &smack_known_hat; 549 /* 550 * SMK_SB_INITIALIZED will be zero from kzalloc. 551 */ 552 sb->s_security = sbsp; 553 554 return 0; 555 } 556 557 /** 558 * smack_sb_free_security - free a superblock blob 559 * @sb: the superblock getting the blob 560 * 561 */ 562 static void smack_sb_free_security(struct super_block *sb) 563 { 564 kfree(sb->s_security); 565 sb->s_security = NULL; 566 } 567 568 /** 569 * smack_sb_copy_data - copy mount options data for processing 570 * @orig: where to start 571 * @smackopts: mount options string 572 * 573 * Returns 0 on success or -ENOMEM on error. 574 * 575 * Copy the Smack specific mount options out of the mount 576 * options list. 577 */ 578 static int smack_sb_copy_data(char *orig, char *smackopts) 579 { 580 char *cp, *commap, *otheropts, *dp; 581 582 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 583 if (otheropts == NULL) 584 return -ENOMEM; 585 586 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 587 if (strstr(cp, SMK_FSDEFAULT) == cp) 588 dp = smackopts; 589 else if (strstr(cp, SMK_FSFLOOR) == cp) 590 dp = smackopts; 591 else if (strstr(cp, SMK_FSHAT) == cp) 592 dp = smackopts; 593 else if (strstr(cp, SMK_FSROOT) == cp) 594 dp = smackopts; 595 else if (strstr(cp, SMK_FSTRANS) == cp) 596 dp = smackopts; 597 else 598 dp = otheropts; 599 600 commap = strchr(cp, ','); 601 if (commap != NULL) 602 *commap = '\0'; 603 604 if (*dp != '\0') 605 strcat(dp, ","); 606 strcat(dp, cp); 607 } 608 609 strcpy(orig, otheropts); 610 free_page((unsigned long)otheropts); 611 612 return 0; 613 } 614 615 /** 616 * smack_parse_opts_str - parse Smack specific mount options 617 * @options: mount options string 618 * @opts: where to store converted mount opts 619 * 620 * Returns 0 on success or -ENOMEM on error. 621 * 622 * converts Smack specific mount options to generic security option format 623 */ 624 static int smack_parse_opts_str(char *options, 625 struct security_mnt_opts *opts) 626 { 627 char *p; 628 char *fsdefault = NULL; 629 char *fsfloor = NULL; 630 char *fshat = NULL; 631 char *fsroot = NULL; 632 char *fstransmute = NULL; 633 int rc = -ENOMEM; 634 int num_mnt_opts = 0; 635 int token; 636 637 opts->num_mnt_opts = 0; 638 639 if (!options) 640 return 0; 641 642 while ((p = strsep(&options, ",")) != NULL) { 643 substring_t args[MAX_OPT_ARGS]; 644 645 if (!*p) 646 continue; 647 648 token = match_token(p, smk_mount_tokens, args); 649 650 switch (token) { 651 case Opt_fsdefault: 652 if (fsdefault) 653 goto out_opt_err; 654 fsdefault = match_strdup(&args[0]); 655 if (!fsdefault) 656 goto out_err; 657 break; 658 case Opt_fsfloor: 659 if (fsfloor) 660 goto out_opt_err; 661 fsfloor = match_strdup(&args[0]); 662 if (!fsfloor) 663 goto out_err; 664 break; 665 case Opt_fshat: 666 if (fshat) 667 goto out_opt_err; 668 fshat = match_strdup(&args[0]); 669 if (!fshat) 670 goto out_err; 671 break; 672 case Opt_fsroot: 673 if (fsroot) 674 goto out_opt_err; 675 fsroot = match_strdup(&args[0]); 676 if (!fsroot) 677 goto out_err; 678 break; 679 case Opt_fstransmute: 680 if (fstransmute) 681 goto out_opt_err; 682 fstransmute = match_strdup(&args[0]); 683 if (!fstransmute) 684 goto out_err; 685 break; 686 default: 687 rc = -EINVAL; 688 pr_warn("Smack: unknown mount option\n"); 689 goto out_err; 690 } 691 } 692 693 opts->mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), GFP_KERNEL); 694 if (!opts->mnt_opts) 695 goto out_err; 696 697 opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int), 698 GFP_KERNEL); 699 if (!opts->mnt_opts_flags) 700 goto out_err; 701 702 if (fsdefault) { 703 opts->mnt_opts[num_mnt_opts] = fsdefault; 704 opts->mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT; 705 } 706 if (fsfloor) { 707 opts->mnt_opts[num_mnt_opts] = fsfloor; 708 opts->mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT; 709 } 710 if (fshat) { 711 opts->mnt_opts[num_mnt_opts] = fshat; 712 opts->mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT; 713 } 714 if (fsroot) { 715 opts->mnt_opts[num_mnt_opts] = fsroot; 716 opts->mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT; 717 } 718 if (fstransmute) { 719 opts->mnt_opts[num_mnt_opts] = fstransmute; 720 opts->mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT; 721 } 722 723 opts->num_mnt_opts = num_mnt_opts; 724 return 0; 725 726 out_opt_err: 727 rc = -EINVAL; 728 pr_warn("Smack: duplicate mount options\n"); 729 730 out_err: 731 kfree(fsdefault); 732 kfree(fsfloor); 733 kfree(fshat); 734 kfree(fsroot); 735 kfree(fstransmute); 736 return rc; 737 } 738 739 /** 740 * smack_set_mnt_opts - set Smack specific mount options 741 * @sb: the file system superblock 742 * @opts: Smack mount options 743 * @kern_flags: mount option from kernel space or user space 744 * @set_kern_flags: where to store converted mount opts 745 * 746 * Returns 0 on success, an error code on failure 747 * 748 * Allow filesystems with binary mount data to explicitly set Smack mount 749 * labels. 750 */ 751 static int smack_set_mnt_opts(struct super_block *sb, 752 struct security_mnt_opts *opts, 753 unsigned long kern_flags, 754 unsigned long *set_kern_flags) 755 { 756 struct dentry *root = sb->s_root; 757 struct inode *inode = d_backing_inode(root); 758 struct superblock_smack *sp = sb->s_security; 759 struct inode_smack *isp; 760 struct smack_known *skp; 761 int i; 762 int num_opts = opts->num_mnt_opts; 763 int transmute = 0; 764 765 if (sp->smk_flags & SMK_SB_INITIALIZED) 766 return 0; 767 768 if (!smack_privileged(CAP_MAC_ADMIN)) { 769 /* 770 * Unprivileged mounts don't get to specify Smack values. 771 */ 772 if (num_opts) 773 return -EPERM; 774 /* 775 * Unprivileged mounts get root and default from the caller. 776 */ 777 skp = smk_of_current(); 778 sp->smk_root = skp; 779 sp->smk_default = skp; 780 /* 781 * For a handful of fs types with no user-controlled 782 * backing store it's okay to trust security labels 783 * in the filesystem. The rest are untrusted. 784 */ 785 if (sb->s_user_ns != &init_user_ns && 786 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 787 sb->s_magic != RAMFS_MAGIC) { 788 transmute = 1; 789 sp->smk_flags |= SMK_SB_UNTRUSTED; 790 } 791 } 792 793 sp->smk_flags |= SMK_SB_INITIALIZED; 794 795 for (i = 0; i < num_opts; i++) { 796 switch (opts->mnt_opts_flags[i]) { 797 case FSDEFAULT_MNT: 798 skp = smk_import_entry(opts->mnt_opts[i], 0); 799 if (IS_ERR(skp)) 800 return PTR_ERR(skp); 801 sp->smk_default = skp; 802 break; 803 case FSFLOOR_MNT: 804 skp = smk_import_entry(opts->mnt_opts[i], 0); 805 if (IS_ERR(skp)) 806 return PTR_ERR(skp); 807 sp->smk_floor = skp; 808 break; 809 case FSHAT_MNT: 810 skp = smk_import_entry(opts->mnt_opts[i], 0); 811 if (IS_ERR(skp)) 812 return PTR_ERR(skp); 813 sp->smk_hat = skp; 814 break; 815 case FSROOT_MNT: 816 skp = smk_import_entry(opts->mnt_opts[i], 0); 817 if (IS_ERR(skp)) 818 return PTR_ERR(skp); 819 sp->smk_root = skp; 820 break; 821 case FSTRANS_MNT: 822 skp = smk_import_entry(opts->mnt_opts[i], 0); 823 if (IS_ERR(skp)) 824 return PTR_ERR(skp); 825 sp->smk_root = skp; 826 transmute = 1; 827 break; 828 default: 829 break; 830 } 831 } 832 833 /* 834 * Initialize the root inode. 835 */ 836 isp = inode->i_security; 837 if (isp == NULL) { 838 isp = new_inode_smack(sp->smk_root); 839 if (isp == NULL) 840 return -ENOMEM; 841 inode->i_security = isp; 842 } else 843 isp->smk_inode = sp->smk_root; 844 845 if (transmute) 846 isp->smk_flags |= SMK_INODE_TRANSMUTE; 847 848 return 0; 849 } 850 851 /** 852 * smack_sb_kern_mount - Smack specific mount processing 853 * @sb: the file system superblock 854 * @flags: the mount flags 855 * @data: the smack mount options 856 * 857 * Returns 0 on success, an error code on failure 858 */ 859 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 860 { 861 int rc = 0; 862 char *options = data; 863 struct security_mnt_opts opts; 864 865 security_init_mnt_opts(&opts); 866 867 if (!options) 868 goto out; 869 870 rc = smack_parse_opts_str(options, &opts); 871 if (rc) 872 goto out_err; 873 874 out: 875 rc = smack_set_mnt_opts(sb, &opts, 0, NULL); 876 877 out_err: 878 security_free_mnt_opts(&opts); 879 return rc; 880 } 881 882 /** 883 * smack_sb_statfs - Smack check on statfs 884 * @dentry: identifies the file system in question 885 * 886 * Returns 0 if current can read the floor of the filesystem, 887 * and error code otherwise 888 */ 889 static int smack_sb_statfs(struct dentry *dentry) 890 { 891 struct superblock_smack *sbp = dentry->d_sb->s_security; 892 int rc; 893 struct smk_audit_info ad; 894 895 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 896 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 897 898 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 899 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 900 return rc; 901 } 902 903 /* 904 * BPRM hooks 905 */ 906 907 /** 908 * smack_bprm_set_creds - set creds for exec 909 * @bprm: the exec information 910 * 911 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 912 */ 913 static int smack_bprm_set_creds(struct linux_binprm *bprm) 914 { 915 struct inode *inode = file_inode(bprm->file); 916 struct task_smack *bsp = bprm->cred->security; 917 struct inode_smack *isp; 918 struct superblock_smack *sbsp; 919 int rc; 920 921 if (bprm->called_set_creds) 922 return 0; 923 924 isp = inode->i_security; 925 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 926 return 0; 927 928 sbsp = inode->i_sb->s_security; 929 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 930 isp->smk_task != sbsp->smk_root) 931 return 0; 932 933 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 934 struct task_struct *tracer; 935 rc = 0; 936 937 rcu_read_lock(); 938 tracer = ptrace_parent(current); 939 if (likely(tracer != NULL)) 940 rc = smk_ptrace_rule_check(tracer, 941 isp->smk_task, 942 PTRACE_MODE_ATTACH, 943 __func__); 944 rcu_read_unlock(); 945 946 if (rc != 0) 947 return rc; 948 } else if (bprm->unsafe) 949 return -EPERM; 950 951 bsp->smk_task = isp->smk_task; 952 bprm->per_clear |= PER_CLEAR_ON_SETID; 953 954 /* Decide if this is a secure exec. */ 955 if (bsp->smk_task != bsp->smk_forked) 956 bprm->secureexec = 1; 957 958 return 0; 959 } 960 961 /* 962 * Inode hooks 963 */ 964 965 /** 966 * smack_inode_alloc_security - allocate an inode blob 967 * @inode: the inode in need of a blob 968 * 969 * Returns 0 if it gets a blob, -ENOMEM otherwise 970 */ 971 static int smack_inode_alloc_security(struct inode *inode) 972 { 973 struct smack_known *skp = smk_of_current(); 974 975 inode->i_security = new_inode_smack(skp); 976 if (inode->i_security == NULL) 977 return -ENOMEM; 978 return 0; 979 } 980 981 /** 982 * smack_inode_free_rcu - Free inode_smack blob from cache 983 * @head: the rcu_head for getting inode_smack pointer 984 * 985 * Call back function called from call_rcu() to free 986 * the i_security blob pointer in inode 987 */ 988 static void smack_inode_free_rcu(struct rcu_head *head) 989 { 990 struct inode_smack *issp; 991 992 issp = container_of(head, struct inode_smack, smk_rcu); 993 kmem_cache_free(smack_inode_cache, issp); 994 } 995 996 /** 997 * smack_inode_free_security - free an inode blob using call_rcu() 998 * @inode: the inode with a blob 999 * 1000 * Clears the blob pointer in inode using RCU 1001 */ 1002 static void smack_inode_free_security(struct inode *inode) 1003 { 1004 struct inode_smack *issp = inode->i_security; 1005 1006 /* 1007 * The inode may still be referenced in a path walk and 1008 * a call to smack_inode_permission() can be made 1009 * after smack_inode_free_security() is called. 1010 * To avoid race condition free the i_security via RCU 1011 * and leave the current inode->i_security pointer intact. 1012 * The inode will be freed after the RCU grace period too. 1013 */ 1014 call_rcu(&issp->smk_rcu, smack_inode_free_rcu); 1015 } 1016 1017 /** 1018 * smack_inode_init_security - copy out the smack from an inode 1019 * @inode: the newly created inode 1020 * @dir: containing directory object 1021 * @qstr: unused 1022 * @name: where to put the attribute name 1023 * @value: where to put the attribute value 1024 * @len: where to put the length of the attribute 1025 * 1026 * Returns 0 if it all works out, -ENOMEM if there's no memory 1027 */ 1028 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 1029 const struct qstr *qstr, const char **name, 1030 void **value, size_t *len) 1031 { 1032 struct inode_smack *issp = inode->i_security; 1033 struct smack_known *skp = smk_of_current(); 1034 struct smack_known *isp = smk_of_inode(inode); 1035 struct smack_known *dsp = smk_of_inode(dir); 1036 int may; 1037 1038 if (name) 1039 *name = XATTR_SMACK_SUFFIX; 1040 1041 if (value && len) { 1042 rcu_read_lock(); 1043 may = smk_access_entry(skp->smk_known, dsp->smk_known, 1044 &skp->smk_rules); 1045 rcu_read_unlock(); 1046 1047 /* 1048 * If the access rule allows transmutation and 1049 * the directory requests transmutation then 1050 * by all means transmute. 1051 * Mark the inode as changed. 1052 */ 1053 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 1054 smk_inode_transmutable(dir)) { 1055 isp = dsp; 1056 issp->smk_flags |= SMK_INODE_CHANGED; 1057 } 1058 1059 *value = kstrdup(isp->smk_known, GFP_NOFS); 1060 if (*value == NULL) 1061 return -ENOMEM; 1062 1063 *len = strlen(isp->smk_known); 1064 } 1065 1066 return 0; 1067 } 1068 1069 /** 1070 * smack_inode_link - Smack check on link 1071 * @old_dentry: the existing object 1072 * @dir: unused 1073 * @new_dentry: the new object 1074 * 1075 * Returns 0 if access is permitted, an error code otherwise 1076 */ 1077 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1078 struct dentry *new_dentry) 1079 { 1080 struct smack_known *isp; 1081 struct smk_audit_info ad; 1082 int rc; 1083 1084 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1085 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1086 1087 isp = smk_of_inode(d_backing_inode(old_dentry)); 1088 rc = smk_curacc(isp, MAY_WRITE, &ad); 1089 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1090 1091 if (rc == 0 && d_is_positive(new_dentry)) { 1092 isp = smk_of_inode(d_backing_inode(new_dentry)); 1093 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1094 rc = smk_curacc(isp, MAY_WRITE, &ad); 1095 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1096 } 1097 1098 return rc; 1099 } 1100 1101 /** 1102 * smack_inode_unlink - Smack check on inode deletion 1103 * @dir: containing directory object 1104 * @dentry: file to unlink 1105 * 1106 * Returns 0 if current can write the containing directory 1107 * and the object, error code otherwise 1108 */ 1109 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1110 { 1111 struct inode *ip = d_backing_inode(dentry); 1112 struct smk_audit_info ad; 1113 int rc; 1114 1115 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1116 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1117 1118 /* 1119 * You need write access to the thing you're unlinking 1120 */ 1121 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1122 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1123 if (rc == 0) { 1124 /* 1125 * You also need write access to the containing directory 1126 */ 1127 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1128 smk_ad_setfield_u_fs_inode(&ad, dir); 1129 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1130 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1131 } 1132 return rc; 1133 } 1134 1135 /** 1136 * smack_inode_rmdir - Smack check on directory deletion 1137 * @dir: containing directory object 1138 * @dentry: directory to unlink 1139 * 1140 * Returns 0 if current can write the containing directory 1141 * and the directory, error code otherwise 1142 */ 1143 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1144 { 1145 struct smk_audit_info ad; 1146 int rc; 1147 1148 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1149 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1150 1151 /* 1152 * You need write access to the thing you're removing 1153 */ 1154 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1155 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1156 if (rc == 0) { 1157 /* 1158 * You also need write access to the containing directory 1159 */ 1160 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1161 smk_ad_setfield_u_fs_inode(&ad, dir); 1162 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1163 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1164 } 1165 1166 return rc; 1167 } 1168 1169 /** 1170 * smack_inode_rename - Smack check on rename 1171 * @old_inode: unused 1172 * @old_dentry: the old object 1173 * @new_inode: unused 1174 * @new_dentry: the new object 1175 * 1176 * Read and write access is required on both the old and 1177 * new directories. 1178 * 1179 * Returns 0 if access is permitted, an error code otherwise 1180 */ 1181 static int smack_inode_rename(struct inode *old_inode, 1182 struct dentry *old_dentry, 1183 struct inode *new_inode, 1184 struct dentry *new_dentry) 1185 { 1186 int rc; 1187 struct smack_known *isp; 1188 struct smk_audit_info ad; 1189 1190 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1191 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1192 1193 isp = smk_of_inode(d_backing_inode(old_dentry)); 1194 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1195 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1196 1197 if (rc == 0 && d_is_positive(new_dentry)) { 1198 isp = smk_of_inode(d_backing_inode(new_dentry)); 1199 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1200 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1201 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1202 } 1203 return rc; 1204 } 1205 1206 /** 1207 * smack_inode_permission - Smack version of permission() 1208 * @inode: the inode in question 1209 * @mask: the access requested 1210 * 1211 * This is the important Smack hook. 1212 * 1213 * Returns 0 if access is permitted, -EACCES otherwise 1214 */ 1215 static int smack_inode_permission(struct inode *inode, int mask) 1216 { 1217 struct superblock_smack *sbsp = inode->i_sb->s_security; 1218 struct smk_audit_info ad; 1219 int no_block = mask & MAY_NOT_BLOCK; 1220 int rc; 1221 1222 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1223 /* 1224 * No permission to check. Existence test. Yup, it's there. 1225 */ 1226 if (mask == 0) 1227 return 0; 1228 1229 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1230 if (smk_of_inode(inode) != sbsp->smk_root) 1231 return -EACCES; 1232 } 1233 1234 /* May be droppable after audit */ 1235 if (no_block) 1236 return -ECHILD; 1237 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1238 smk_ad_setfield_u_fs_inode(&ad, inode); 1239 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1240 rc = smk_bu_inode(inode, mask, rc); 1241 return rc; 1242 } 1243 1244 /** 1245 * smack_inode_setattr - Smack check for setting attributes 1246 * @dentry: the object 1247 * @iattr: for the force flag 1248 * 1249 * Returns 0 if access is permitted, an error code otherwise 1250 */ 1251 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1252 { 1253 struct smk_audit_info ad; 1254 int rc; 1255 1256 /* 1257 * Need to allow for clearing the setuid bit. 1258 */ 1259 if (iattr->ia_valid & ATTR_FORCE) 1260 return 0; 1261 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1262 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1263 1264 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1265 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1266 return rc; 1267 } 1268 1269 /** 1270 * smack_inode_getattr - Smack check for getting attributes 1271 * @mnt: vfsmount of the object 1272 * @dentry: the object 1273 * 1274 * Returns 0 if access is permitted, an error code otherwise 1275 */ 1276 static int smack_inode_getattr(const struct path *path) 1277 { 1278 struct smk_audit_info ad; 1279 struct inode *inode = d_backing_inode(path->dentry); 1280 int rc; 1281 1282 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1283 smk_ad_setfield_u_fs_path(&ad, *path); 1284 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1285 rc = smk_bu_inode(inode, MAY_READ, rc); 1286 return rc; 1287 } 1288 1289 /** 1290 * smack_inode_setxattr - Smack check for setting xattrs 1291 * @dentry: the object 1292 * @name: name of the attribute 1293 * @value: value of the attribute 1294 * @size: size of the value 1295 * @flags: unused 1296 * 1297 * This protects the Smack attribute explicitly. 1298 * 1299 * Returns 0 if access is permitted, an error code otherwise 1300 */ 1301 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 1302 const void *value, size_t size, int flags) 1303 { 1304 struct smk_audit_info ad; 1305 struct smack_known *skp; 1306 int check_priv = 0; 1307 int check_import = 0; 1308 int check_star = 0; 1309 int rc = 0; 1310 1311 /* 1312 * Check label validity here so import won't fail in post_setxattr 1313 */ 1314 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1315 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1316 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1317 check_priv = 1; 1318 check_import = 1; 1319 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1320 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1321 check_priv = 1; 1322 check_import = 1; 1323 check_star = 1; 1324 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1325 check_priv = 1; 1326 if (size != TRANS_TRUE_SIZE || 1327 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1328 rc = -EINVAL; 1329 } else 1330 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1331 1332 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1333 rc = -EPERM; 1334 1335 if (rc == 0 && check_import) { 1336 skp = size ? smk_import_entry(value, size) : NULL; 1337 if (IS_ERR(skp)) 1338 rc = PTR_ERR(skp); 1339 else if (skp == NULL || (check_star && 1340 (skp == &smack_known_star || skp == &smack_known_web))) 1341 rc = -EINVAL; 1342 } 1343 1344 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1345 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1346 1347 if (rc == 0) { 1348 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1349 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1350 } 1351 1352 return rc; 1353 } 1354 1355 /** 1356 * smack_inode_post_setxattr - Apply the Smack update approved above 1357 * @dentry: object 1358 * @name: attribute name 1359 * @value: attribute value 1360 * @size: attribute size 1361 * @flags: unused 1362 * 1363 * Set the pointer in the inode blob to the entry found 1364 * in the master label list. 1365 */ 1366 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1367 const void *value, size_t size, int flags) 1368 { 1369 struct smack_known *skp; 1370 struct inode_smack *isp = d_backing_inode(dentry)->i_security; 1371 1372 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1373 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1374 return; 1375 } 1376 1377 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1378 skp = smk_import_entry(value, size); 1379 if (!IS_ERR(skp)) 1380 isp->smk_inode = skp; 1381 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1382 skp = smk_import_entry(value, size); 1383 if (!IS_ERR(skp)) 1384 isp->smk_task = skp; 1385 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1386 skp = smk_import_entry(value, size); 1387 if (!IS_ERR(skp)) 1388 isp->smk_mmap = skp; 1389 } 1390 1391 return; 1392 } 1393 1394 /** 1395 * smack_inode_getxattr - Smack check on getxattr 1396 * @dentry: the object 1397 * @name: unused 1398 * 1399 * Returns 0 if access is permitted, an error code otherwise 1400 */ 1401 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1402 { 1403 struct smk_audit_info ad; 1404 int rc; 1405 1406 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1407 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1408 1409 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1410 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1411 return rc; 1412 } 1413 1414 /** 1415 * smack_inode_removexattr - Smack check on removexattr 1416 * @dentry: the object 1417 * @name: name of the attribute 1418 * 1419 * Removing the Smack attribute requires CAP_MAC_ADMIN 1420 * 1421 * Returns 0 if access is permitted, an error code otherwise 1422 */ 1423 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 1424 { 1425 struct inode_smack *isp; 1426 struct smk_audit_info ad; 1427 int rc = 0; 1428 1429 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1430 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1431 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1432 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1433 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1434 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1435 if (!smack_privileged(CAP_MAC_ADMIN)) 1436 rc = -EPERM; 1437 } else 1438 rc = cap_inode_removexattr(dentry, name); 1439 1440 if (rc != 0) 1441 return rc; 1442 1443 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1444 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1445 1446 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1447 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1448 if (rc != 0) 1449 return rc; 1450 1451 isp = d_backing_inode(dentry)->i_security; 1452 /* 1453 * Don't do anything special for these. 1454 * XATTR_NAME_SMACKIPIN 1455 * XATTR_NAME_SMACKIPOUT 1456 */ 1457 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1458 struct super_block *sbp = dentry->d_sb; 1459 struct superblock_smack *sbsp = sbp->s_security; 1460 1461 isp->smk_inode = sbsp->smk_default; 1462 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1463 isp->smk_task = NULL; 1464 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1465 isp->smk_mmap = NULL; 1466 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1467 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1468 1469 return 0; 1470 } 1471 1472 /** 1473 * smack_inode_getsecurity - get smack xattrs 1474 * @inode: the object 1475 * @name: attribute name 1476 * @buffer: where to put the result 1477 * @alloc: duplicate memory 1478 * 1479 * Returns the size of the attribute or an error code 1480 */ 1481 static int smack_inode_getsecurity(struct inode *inode, 1482 const char *name, void **buffer, 1483 bool alloc) 1484 { 1485 struct socket_smack *ssp; 1486 struct socket *sock; 1487 struct super_block *sbp; 1488 struct inode *ip = (struct inode *)inode; 1489 struct smack_known *isp; 1490 1491 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1492 isp = smk_of_inode(inode); 1493 else { 1494 /* 1495 * The rest of the Smack xattrs are only on sockets. 1496 */ 1497 sbp = ip->i_sb; 1498 if (sbp->s_magic != SOCKFS_MAGIC) 1499 return -EOPNOTSUPP; 1500 1501 sock = SOCKET_I(ip); 1502 if (sock == NULL || sock->sk == NULL) 1503 return -EOPNOTSUPP; 1504 1505 ssp = sock->sk->sk_security; 1506 1507 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1508 isp = ssp->smk_in; 1509 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1510 isp = ssp->smk_out; 1511 else 1512 return -EOPNOTSUPP; 1513 } 1514 1515 if (alloc) { 1516 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1517 if (*buffer == NULL) 1518 return -ENOMEM; 1519 } 1520 1521 return strlen(isp->smk_known); 1522 } 1523 1524 1525 /** 1526 * smack_inode_listsecurity - list the Smack attributes 1527 * @inode: the object 1528 * @buffer: where they go 1529 * @buffer_size: size of buffer 1530 */ 1531 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1532 size_t buffer_size) 1533 { 1534 int len = sizeof(XATTR_NAME_SMACK); 1535 1536 if (buffer != NULL && len <= buffer_size) 1537 memcpy(buffer, XATTR_NAME_SMACK, len); 1538 1539 return len; 1540 } 1541 1542 /** 1543 * smack_inode_getsecid - Extract inode's security id 1544 * @inode: inode to extract the info from 1545 * @secid: where result will be saved 1546 */ 1547 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1548 { 1549 struct smack_known *skp = smk_of_inode(inode); 1550 1551 *secid = skp->smk_secid; 1552 } 1553 1554 /* 1555 * File Hooks 1556 */ 1557 1558 /* 1559 * There is no smack_file_permission hook 1560 * 1561 * Should access checks be done on each read or write? 1562 * UNICOS and SELinux say yes. 1563 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1564 * 1565 * I'll say no for now. Smack does not do the frequent 1566 * label changing that SELinux does. 1567 */ 1568 1569 /** 1570 * smack_file_alloc_security - assign a file security blob 1571 * @file: the object 1572 * 1573 * The security blob for a file is a pointer to the master 1574 * label list, so no allocation is done. 1575 * 1576 * f_security is the owner security information. It 1577 * isn't used on file access checks, it's for send_sigio. 1578 * 1579 * Returns 0 1580 */ 1581 static int smack_file_alloc_security(struct file *file) 1582 { 1583 struct smack_known *skp = smk_of_current(); 1584 1585 file->f_security = skp; 1586 return 0; 1587 } 1588 1589 /** 1590 * smack_file_free_security - clear a file security blob 1591 * @file: the object 1592 * 1593 * The security blob for a file is a pointer to the master 1594 * label list, so no memory is freed. 1595 */ 1596 static void smack_file_free_security(struct file *file) 1597 { 1598 file->f_security = NULL; 1599 } 1600 1601 /** 1602 * smack_file_ioctl - Smack check on ioctls 1603 * @file: the object 1604 * @cmd: what to do 1605 * @arg: unused 1606 * 1607 * Relies heavily on the correct use of the ioctl command conventions. 1608 * 1609 * Returns 0 if allowed, error code otherwise 1610 */ 1611 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1612 unsigned long arg) 1613 { 1614 int rc = 0; 1615 struct smk_audit_info ad; 1616 struct inode *inode = file_inode(file); 1617 1618 if (unlikely(IS_PRIVATE(inode))) 1619 return 0; 1620 1621 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1622 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1623 1624 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1625 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1626 rc = smk_bu_file(file, MAY_WRITE, rc); 1627 } 1628 1629 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1630 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1631 rc = smk_bu_file(file, MAY_READ, rc); 1632 } 1633 1634 return rc; 1635 } 1636 1637 /** 1638 * smack_file_lock - Smack check on file locking 1639 * @file: the object 1640 * @cmd: unused 1641 * 1642 * Returns 0 if current has lock access, error code otherwise 1643 */ 1644 static int smack_file_lock(struct file *file, unsigned int cmd) 1645 { 1646 struct smk_audit_info ad; 1647 int rc; 1648 struct inode *inode = file_inode(file); 1649 1650 if (unlikely(IS_PRIVATE(inode))) 1651 return 0; 1652 1653 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1654 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1655 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1656 rc = smk_bu_file(file, MAY_LOCK, rc); 1657 return rc; 1658 } 1659 1660 /** 1661 * smack_file_fcntl - Smack check on fcntl 1662 * @file: the object 1663 * @cmd: what action to check 1664 * @arg: unused 1665 * 1666 * Generally these operations are harmless. 1667 * File locking operations present an obvious mechanism 1668 * for passing information, so they require write access. 1669 * 1670 * Returns 0 if current has access, error code otherwise 1671 */ 1672 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1673 unsigned long arg) 1674 { 1675 struct smk_audit_info ad; 1676 int rc = 0; 1677 struct inode *inode = file_inode(file); 1678 1679 if (unlikely(IS_PRIVATE(inode))) 1680 return 0; 1681 1682 switch (cmd) { 1683 case F_GETLK: 1684 break; 1685 case F_SETLK: 1686 case F_SETLKW: 1687 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1688 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1689 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1690 rc = smk_bu_file(file, MAY_LOCK, rc); 1691 break; 1692 case F_SETOWN: 1693 case F_SETSIG: 1694 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1695 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1696 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1697 rc = smk_bu_file(file, MAY_WRITE, rc); 1698 break; 1699 default: 1700 break; 1701 } 1702 1703 return rc; 1704 } 1705 1706 /** 1707 * smack_mmap_file : 1708 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1709 * if mapping anonymous memory. 1710 * @file contains the file structure for file to map (may be NULL). 1711 * @reqprot contains the protection requested by the application. 1712 * @prot contains the protection that will be applied by the kernel. 1713 * @flags contains the operational flags. 1714 * Return 0 if permission is granted. 1715 */ 1716 static int smack_mmap_file(struct file *file, 1717 unsigned long reqprot, unsigned long prot, 1718 unsigned long flags) 1719 { 1720 struct smack_known *skp; 1721 struct smack_known *mkp; 1722 struct smack_rule *srp; 1723 struct task_smack *tsp; 1724 struct smack_known *okp; 1725 struct inode_smack *isp; 1726 struct superblock_smack *sbsp; 1727 int may; 1728 int mmay; 1729 int tmay; 1730 int rc; 1731 1732 if (file == NULL) 1733 return 0; 1734 1735 if (unlikely(IS_PRIVATE(file_inode(file)))) 1736 return 0; 1737 1738 isp = file_inode(file)->i_security; 1739 if (isp->smk_mmap == NULL) 1740 return 0; 1741 sbsp = file_inode(file)->i_sb->s_security; 1742 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1743 isp->smk_mmap != sbsp->smk_root) 1744 return -EACCES; 1745 mkp = isp->smk_mmap; 1746 1747 tsp = current_security(); 1748 skp = smk_of_current(); 1749 rc = 0; 1750 1751 rcu_read_lock(); 1752 /* 1753 * For each Smack rule associated with the subject 1754 * label verify that the SMACK64MMAP also has access 1755 * to that rule's object label. 1756 */ 1757 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1758 okp = srp->smk_object; 1759 /* 1760 * Matching labels always allows access. 1761 */ 1762 if (mkp->smk_known == okp->smk_known) 1763 continue; 1764 /* 1765 * If there is a matching local rule take 1766 * that into account as well. 1767 */ 1768 may = smk_access_entry(srp->smk_subject->smk_known, 1769 okp->smk_known, 1770 &tsp->smk_rules); 1771 if (may == -ENOENT) 1772 may = srp->smk_access; 1773 else 1774 may &= srp->smk_access; 1775 /* 1776 * If may is zero the SMACK64MMAP subject can't 1777 * possibly have less access. 1778 */ 1779 if (may == 0) 1780 continue; 1781 1782 /* 1783 * Fetch the global list entry. 1784 * If there isn't one a SMACK64MMAP subject 1785 * can't have as much access as current. 1786 */ 1787 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1788 &mkp->smk_rules); 1789 if (mmay == -ENOENT) { 1790 rc = -EACCES; 1791 break; 1792 } 1793 /* 1794 * If there is a local entry it modifies the 1795 * potential access, too. 1796 */ 1797 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1798 &tsp->smk_rules); 1799 if (tmay != -ENOENT) 1800 mmay &= tmay; 1801 1802 /* 1803 * If there is any access available to current that is 1804 * not available to a SMACK64MMAP subject 1805 * deny access. 1806 */ 1807 if ((may | mmay) != mmay) { 1808 rc = -EACCES; 1809 break; 1810 } 1811 } 1812 1813 rcu_read_unlock(); 1814 1815 return rc; 1816 } 1817 1818 /** 1819 * smack_file_set_fowner - set the file security blob value 1820 * @file: object in question 1821 * 1822 */ 1823 static void smack_file_set_fowner(struct file *file) 1824 { 1825 file->f_security = smk_of_current(); 1826 } 1827 1828 /** 1829 * smack_file_send_sigiotask - Smack on sigio 1830 * @tsk: The target task 1831 * @fown: the object the signal come from 1832 * @signum: unused 1833 * 1834 * Allow a privileged task to get signals even if it shouldn't 1835 * 1836 * Returns 0 if a subject with the object's smack could 1837 * write to the task, an error code otherwise. 1838 */ 1839 static int smack_file_send_sigiotask(struct task_struct *tsk, 1840 struct fown_struct *fown, int signum) 1841 { 1842 struct smack_known *skp; 1843 struct smack_known *tkp = smk_of_task(tsk->cred->security); 1844 struct file *file; 1845 int rc; 1846 struct smk_audit_info ad; 1847 1848 /* 1849 * struct fown_struct is never outside the context of a struct file 1850 */ 1851 file = container_of(fown, struct file, f_owner); 1852 1853 /* we don't log here as rc can be overriden */ 1854 skp = file->f_security; 1855 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1856 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1857 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1858 rc = 0; 1859 1860 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1861 smk_ad_setfield_u_tsk(&ad, tsk); 1862 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1863 return rc; 1864 } 1865 1866 /** 1867 * smack_file_receive - Smack file receive check 1868 * @file: the object 1869 * 1870 * Returns 0 if current has access, error code otherwise 1871 */ 1872 static int smack_file_receive(struct file *file) 1873 { 1874 int rc; 1875 int may = 0; 1876 struct smk_audit_info ad; 1877 struct inode *inode = file_inode(file); 1878 struct socket *sock; 1879 struct task_smack *tsp; 1880 struct socket_smack *ssp; 1881 1882 if (unlikely(IS_PRIVATE(inode))) 1883 return 0; 1884 1885 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1886 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1887 1888 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1889 sock = SOCKET_I(inode); 1890 ssp = sock->sk->sk_security; 1891 tsp = current_security(); 1892 /* 1893 * If the receiving process can't write to the 1894 * passed socket or if the passed socket can't 1895 * write to the receiving process don't accept 1896 * the passed socket. 1897 */ 1898 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1899 rc = smk_bu_file(file, may, rc); 1900 if (rc < 0) 1901 return rc; 1902 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1903 rc = smk_bu_file(file, may, rc); 1904 return rc; 1905 } 1906 /* 1907 * This code relies on bitmasks. 1908 */ 1909 if (file->f_mode & FMODE_READ) 1910 may = MAY_READ; 1911 if (file->f_mode & FMODE_WRITE) 1912 may |= MAY_WRITE; 1913 1914 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1915 rc = smk_bu_file(file, may, rc); 1916 return rc; 1917 } 1918 1919 /** 1920 * smack_file_open - Smack dentry open processing 1921 * @file: the object 1922 * @cred: task credential 1923 * 1924 * Set the security blob in the file structure. 1925 * Allow the open only if the task has read access. There are 1926 * many read operations (e.g. fstat) that you can do with an 1927 * fd even if you have the file open write-only. 1928 * 1929 * Returns 0 1930 */ 1931 static int smack_file_open(struct file *file) 1932 { 1933 struct task_smack *tsp = file->f_cred->security; 1934 struct inode *inode = file_inode(file); 1935 struct smk_audit_info ad; 1936 int rc; 1937 1938 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1939 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1940 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1941 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1942 1943 return rc; 1944 } 1945 1946 /* 1947 * Task hooks 1948 */ 1949 1950 /** 1951 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1952 * @new: the new credentials 1953 * @gfp: the atomicity of any memory allocations 1954 * 1955 * Prepare a blank set of credentials for modification. This must allocate all 1956 * the memory the LSM module might require such that cred_transfer() can 1957 * complete without error. 1958 */ 1959 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1960 { 1961 struct task_smack *tsp; 1962 1963 tsp = new_task_smack(NULL, NULL, gfp); 1964 if (tsp == NULL) 1965 return -ENOMEM; 1966 1967 cred->security = tsp; 1968 1969 return 0; 1970 } 1971 1972 1973 /** 1974 * smack_cred_free - "free" task-level security credentials 1975 * @cred: the credentials in question 1976 * 1977 */ 1978 static void smack_cred_free(struct cred *cred) 1979 { 1980 struct task_smack *tsp = cred->security; 1981 struct smack_rule *rp; 1982 struct list_head *l; 1983 struct list_head *n; 1984 1985 if (tsp == NULL) 1986 return; 1987 cred->security = NULL; 1988 1989 smk_destroy_label_list(&tsp->smk_relabel); 1990 1991 list_for_each_safe(l, n, &tsp->smk_rules) { 1992 rp = list_entry(l, struct smack_rule, list); 1993 list_del(&rp->list); 1994 kfree(rp); 1995 } 1996 kfree(tsp); 1997 } 1998 1999 /** 2000 * smack_cred_prepare - prepare new set of credentials for modification 2001 * @new: the new credentials 2002 * @old: the original credentials 2003 * @gfp: the atomicity of any memory allocations 2004 * 2005 * Prepare a new set of credentials for modification. 2006 */ 2007 static int smack_cred_prepare(struct cred *new, const struct cred *old, 2008 gfp_t gfp) 2009 { 2010 struct task_smack *old_tsp = old->security; 2011 struct task_smack *new_tsp; 2012 int rc; 2013 2014 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); 2015 if (new_tsp == NULL) 2016 return -ENOMEM; 2017 2018 new->security = new_tsp; 2019 2020 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 2021 if (rc != 0) 2022 return rc; 2023 2024 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 2025 gfp); 2026 if (rc != 0) 2027 return rc; 2028 2029 return 0; 2030 } 2031 2032 /** 2033 * smack_cred_transfer - Transfer the old credentials to the new credentials 2034 * @new: the new credentials 2035 * @old: the original credentials 2036 * 2037 * Fill in a set of blank credentials from another set of credentials. 2038 */ 2039 static void smack_cred_transfer(struct cred *new, const struct cred *old) 2040 { 2041 struct task_smack *old_tsp = old->security; 2042 struct task_smack *new_tsp = new->security; 2043 2044 new_tsp->smk_task = old_tsp->smk_task; 2045 new_tsp->smk_forked = old_tsp->smk_task; 2046 mutex_init(&new_tsp->smk_rules_lock); 2047 INIT_LIST_HEAD(&new_tsp->smk_rules); 2048 2049 2050 /* cbs copy rule list */ 2051 } 2052 2053 /** 2054 * smack_cred_getsecid - get the secid corresponding to a creds structure 2055 * @c: the object creds 2056 * @secid: where to put the result 2057 * 2058 * Sets the secid to contain a u32 version of the smack label. 2059 */ 2060 static void smack_cred_getsecid(const struct cred *c, u32 *secid) 2061 { 2062 struct smack_known *skp; 2063 2064 rcu_read_lock(); 2065 skp = smk_of_task(c->security); 2066 *secid = skp->smk_secid; 2067 rcu_read_unlock(); 2068 } 2069 2070 /** 2071 * smack_kernel_act_as - Set the subjective context in a set of credentials 2072 * @new: points to the set of credentials to be modified. 2073 * @secid: specifies the security ID to be set 2074 * 2075 * Set the security data for a kernel service. 2076 */ 2077 static int smack_kernel_act_as(struct cred *new, u32 secid) 2078 { 2079 struct task_smack *new_tsp = new->security; 2080 2081 new_tsp->smk_task = smack_from_secid(secid); 2082 return 0; 2083 } 2084 2085 /** 2086 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2087 * @new: points to the set of credentials to be modified 2088 * @inode: points to the inode to use as a reference 2089 * 2090 * Set the file creation context in a set of credentials to the same 2091 * as the objective context of the specified inode 2092 */ 2093 static int smack_kernel_create_files_as(struct cred *new, 2094 struct inode *inode) 2095 { 2096 struct inode_smack *isp = inode->i_security; 2097 struct task_smack *tsp = new->security; 2098 2099 tsp->smk_forked = isp->smk_inode; 2100 tsp->smk_task = tsp->smk_forked; 2101 return 0; 2102 } 2103 2104 /** 2105 * smk_curacc_on_task - helper to log task related access 2106 * @p: the task object 2107 * @access: the access requested 2108 * @caller: name of the calling function for audit 2109 * 2110 * Return 0 if access is permitted 2111 */ 2112 static int smk_curacc_on_task(struct task_struct *p, int access, 2113 const char *caller) 2114 { 2115 struct smk_audit_info ad; 2116 struct smack_known *skp = smk_of_task_struct(p); 2117 int rc; 2118 2119 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2120 smk_ad_setfield_u_tsk(&ad, p); 2121 rc = smk_curacc(skp, access, &ad); 2122 rc = smk_bu_task(p, access, rc); 2123 return rc; 2124 } 2125 2126 /** 2127 * smack_task_setpgid - Smack check on setting pgid 2128 * @p: the task object 2129 * @pgid: unused 2130 * 2131 * Return 0 if write access is permitted 2132 */ 2133 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2134 { 2135 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2136 } 2137 2138 /** 2139 * smack_task_getpgid - Smack access check for getpgid 2140 * @p: the object task 2141 * 2142 * Returns 0 if current can read the object task, error code otherwise 2143 */ 2144 static int smack_task_getpgid(struct task_struct *p) 2145 { 2146 return smk_curacc_on_task(p, MAY_READ, __func__); 2147 } 2148 2149 /** 2150 * smack_task_getsid - Smack access check for getsid 2151 * @p: the object task 2152 * 2153 * Returns 0 if current can read the object task, error code otherwise 2154 */ 2155 static int smack_task_getsid(struct task_struct *p) 2156 { 2157 return smk_curacc_on_task(p, MAY_READ, __func__); 2158 } 2159 2160 /** 2161 * smack_task_getsecid - get the secid of the task 2162 * @p: the object task 2163 * @secid: where to put the result 2164 * 2165 * Sets the secid to contain a u32 version of the smack label. 2166 */ 2167 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 2168 { 2169 struct smack_known *skp = smk_of_task_struct(p); 2170 2171 *secid = skp->smk_secid; 2172 } 2173 2174 /** 2175 * smack_task_setnice - Smack check on setting nice 2176 * @p: the task object 2177 * @nice: unused 2178 * 2179 * Return 0 if write access is permitted 2180 */ 2181 static int smack_task_setnice(struct task_struct *p, int nice) 2182 { 2183 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2184 } 2185 2186 /** 2187 * smack_task_setioprio - Smack check on setting ioprio 2188 * @p: the task object 2189 * @ioprio: unused 2190 * 2191 * Return 0 if write access is permitted 2192 */ 2193 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2194 { 2195 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2196 } 2197 2198 /** 2199 * smack_task_getioprio - Smack check on reading ioprio 2200 * @p: the task object 2201 * 2202 * Return 0 if read access is permitted 2203 */ 2204 static int smack_task_getioprio(struct task_struct *p) 2205 { 2206 return smk_curacc_on_task(p, MAY_READ, __func__); 2207 } 2208 2209 /** 2210 * smack_task_setscheduler - Smack check on setting scheduler 2211 * @p: the task object 2212 * @policy: unused 2213 * @lp: unused 2214 * 2215 * Return 0 if read access is permitted 2216 */ 2217 static int smack_task_setscheduler(struct task_struct *p) 2218 { 2219 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2220 } 2221 2222 /** 2223 * smack_task_getscheduler - Smack check on reading scheduler 2224 * @p: the task object 2225 * 2226 * Return 0 if read access is permitted 2227 */ 2228 static int smack_task_getscheduler(struct task_struct *p) 2229 { 2230 return smk_curacc_on_task(p, MAY_READ, __func__); 2231 } 2232 2233 /** 2234 * smack_task_movememory - Smack check on moving memory 2235 * @p: the task object 2236 * 2237 * Return 0 if write access is permitted 2238 */ 2239 static int smack_task_movememory(struct task_struct *p) 2240 { 2241 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2242 } 2243 2244 /** 2245 * smack_task_kill - Smack check on signal delivery 2246 * @p: the task object 2247 * @info: unused 2248 * @sig: unused 2249 * @cred: identifies the cred to use in lieu of current's 2250 * 2251 * Return 0 if write access is permitted 2252 * 2253 */ 2254 static int smack_task_kill(struct task_struct *p, struct siginfo *info, 2255 int sig, const struct cred *cred) 2256 { 2257 struct smk_audit_info ad; 2258 struct smack_known *skp; 2259 struct smack_known *tkp = smk_of_task_struct(p); 2260 int rc; 2261 2262 if (!sig) 2263 return 0; /* null signal; existence test */ 2264 2265 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2266 smk_ad_setfield_u_tsk(&ad, p); 2267 /* 2268 * Sending a signal requires that the sender 2269 * can write the receiver. 2270 */ 2271 if (cred == NULL) { 2272 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2273 rc = smk_bu_task(p, MAY_DELIVER, rc); 2274 return rc; 2275 } 2276 /* 2277 * If the cred isn't NULL we're dealing with some USB IO 2278 * specific behavior. This is not clean. For one thing 2279 * we can't take privilege into account. 2280 */ 2281 skp = smk_of_task(cred->security); 2282 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2283 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2284 return rc; 2285 } 2286 2287 /** 2288 * smack_task_to_inode - copy task smack into the inode blob 2289 * @p: task to copy from 2290 * @inode: inode to copy to 2291 * 2292 * Sets the smack pointer in the inode security blob 2293 */ 2294 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2295 { 2296 struct inode_smack *isp = inode->i_security; 2297 struct smack_known *skp = smk_of_task_struct(p); 2298 2299 isp->smk_inode = skp; 2300 isp->smk_flags |= SMK_INODE_INSTANT; 2301 } 2302 2303 /* 2304 * Socket hooks. 2305 */ 2306 2307 /** 2308 * smack_sk_alloc_security - Allocate a socket blob 2309 * @sk: the socket 2310 * @family: unused 2311 * @gfp_flags: memory allocation flags 2312 * 2313 * Assign Smack pointers to current 2314 * 2315 * Returns 0 on success, -ENOMEM is there's no memory 2316 */ 2317 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2318 { 2319 struct smack_known *skp = smk_of_current(); 2320 struct socket_smack *ssp; 2321 2322 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2323 if (ssp == NULL) 2324 return -ENOMEM; 2325 2326 /* 2327 * Sockets created by kernel threads receive web label. 2328 */ 2329 if (unlikely(current->flags & PF_KTHREAD)) { 2330 ssp->smk_in = &smack_known_web; 2331 ssp->smk_out = &smack_known_web; 2332 } else { 2333 ssp->smk_in = skp; 2334 ssp->smk_out = skp; 2335 } 2336 ssp->smk_packet = NULL; 2337 2338 sk->sk_security = ssp; 2339 2340 return 0; 2341 } 2342 2343 /** 2344 * smack_sk_free_security - Free a socket blob 2345 * @sk: the socket 2346 * 2347 * Clears the blob pointer 2348 */ 2349 static void smack_sk_free_security(struct sock *sk) 2350 { 2351 #ifdef SMACK_IPV6_PORT_LABELING 2352 struct smk_port_label *spp; 2353 2354 if (sk->sk_family == PF_INET6) { 2355 rcu_read_lock(); 2356 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2357 if (spp->smk_sock != sk) 2358 continue; 2359 spp->smk_can_reuse = 1; 2360 break; 2361 } 2362 rcu_read_unlock(); 2363 } 2364 #endif 2365 kfree(sk->sk_security); 2366 } 2367 2368 /** 2369 * smack_ipv4host_label - check host based restrictions 2370 * @sip: the object end 2371 * 2372 * looks for host based access restrictions 2373 * 2374 * This version will only be appropriate for really small sets of single label 2375 * hosts. The caller is responsible for ensuring that the RCU read lock is 2376 * taken before calling this function. 2377 * 2378 * Returns the label of the far end or NULL if it's not special. 2379 */ 2380 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2381 { 2382 struct smk_net4addr *snp; 2383 struct in_addr *siap = &sip->sin_addr; 2384 2385 if (siap->s_addr == 0) 2386 return NULL; 2387 2388 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2389 /* 2390 * we break after finding the first match because 2391 * the list is sorted from longest to shortest mask 2392 * so we have found the most specific match 2393 */ 2394 if (snp->smk_host.s_addr == 2395 (siap->s_addr & snp->smk_mask.s_addr)) 2396 return snp->smk_label; 2397 2398 return NULL; 2399 } 2400 2401 #if IS_ENABLED(CONFIG_IPV6) 2402 /* 2403 * smk_ipv6_localhost - Check for local ipv6 host address 2404 * @sip: the address 2405 * 2406 * Returns boolean true if this is the localhost address 2407 */ 2408 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2409 { 2410 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2411 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2412 2413 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2414 ntohs(be16p[7]) == 1) 2415 return true; 2416 return false; 2417 } 2418 2419 /** 2420 * smack_ipv6host_label - check host based restrictions 2421 * @sip: the object end 2422 * 2423 * looks for host based access restrictions 2424 * 2425 * This version will only be appropriate for really small sets of single label 2426 * hosts. The caller is responsible for ensuring that the RCU read lock is 2427 * taken before calling this function. 2428 * 2429 * Returns the label of the far end or NULL if it's not special. 2430 */ 2431 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2432 { 2433 struct smk_net6addr *snp; 2434 struct in6_addr *sap = &sip->sin6_addr; 2435 int i; 2436 int found = 0; 2437 2438 /* 2439 * It's local. Don't look for a host label. 2440 */ 2441 if (smk_ipv6_localhost(sip)) 2442 return NULL; 2443 2444 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2445 /* 2446 * If the label is NULL the entry has 2447 * been renounced. Ignore it. 2448 */ 2449 if (snp->smk_label == NULL) 2450 continue; 2451 /* 2452 * we break after finding the first match because 2453 * the list is sorted from longest to shortest mask 2454 * so we have found the most specific match 2455 */ 2456 for (found = 1, i = 0; i < 8; i++) { 2457 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2458 snp->smk_host.s6_addr16[i]) { 2459 found = 0; 2460 break; 2461 } 2462 } 2463 if (found) 2464 return snp->smk_label; 2465 } 2466 2467 return NULL; 2468 } 2469 #endif /* CONFIG_IPV6 */ 2470 2471 /** 2472 * smack_netlabel - Set the secattr on a socket 2473 * @sk: the socket 2474 * @labeled: socket label scheme 2475 * 2476 * Convert the outbound smack value (smk_out) to a 2477 * secattr and attach it to the socket. 2478 * 2479 * Returns 0 on success or an error code 2480 */ 2481 static int smack_netlabel(struct sock *sk, int labeled) 2482 { 2483 struct smack_known *skp; 2484 struct socket_smack *ssp = sk->sk_security; 2485 int rc = 0; 2486 2487 /* 2488 * Usually the netlabel code will handle changing the 2489 * packet labeling based on the label. 2490 * The case of a single label host is different, because 2491 * a single label host should never get a labeled packet 2492 * even though the label is usually associated with a packet 2493 * label. 2494 */ 2495 local_bh_disable(); 2496 bh_lock_sock_nested(sk); 2497 2498 if (ssp->smk_out == smack_net_ambient || 2499 labeled == SMACK_UNLABELED_SOCKET) 2500 netlbl_sock_delattr(sk); 2501 else { 2502 skp = ssp->smk_out; 2503 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2504 } 2505 2506 bh_unlock_sock(sk); 2507 local_bh_enable(); 2508 2509 return rc; 2510 } 2511 2512 /** 2513 * smack_netlbel_send - Set the secattr on a socket and perform access checks 2514 * @sk: the socket 2515 * @sap: the destination address 2516 * 2517 * Set the correct secattr for the given socket based on the destination 2518 * address and perform any outbound access checks needed. 2519 * 2520 * Returns 0 on success or an error code. 2521 * 2522 */ 2523 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) 2524 { 2525 struct smack_known *skp; 2526 int rc; 2527 int sk_lbl; 2528 struct smack_known *hkp; 2529 struct socket_smack *ssp = sk->sk_security; 2530 struct smk_audit_info ad; 2531 2532 rcu_read_lock(); 2533 hkp = smack_ipv4host_label(sap); 2534 if (hkp != NULL) { 2535 #ifdef CONFIG_AUDIT 2536 struct lsm_network_audit net; 2537 2538 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2539 ad.a.u.net->family = sap->sin_family; 2540 ad.a.u.net->dport = sap->sin_port; 2541 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2542 #endif 2543 sk_lbl = SMACK_UNLABELED_SOCKET; 2544 skp = ssp->smk_out; 2545 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2546 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2547 } else { 2548 sk_lbl = SMACK_CIPSO_SOCKET; 2549 rc = 0; 2550 } 2551 rcu_read_unlock(); 2552 if (rc != 0) 2553 return rc; 2554 2555 return smack_netlabel(sk, sk_lbl); 2556 } 2557 2558 #if IS_ENABLED(CONFIG_IPV6) 2559 /** 2560 * smk_ipv6_check - check Smack access 2561 * @subject: subject Smack label 2562 * @object: object Smack label 2563 * @address: address 2564 * @act: the action being taken 2565 * 2566 * Check an IPv6 access 2567 */ 2568 static int smk_ipv6_check(struct smack_known *subject, 2569 struct smack_known *object, 2570 struct sockaddr_in6 *address, int act) 2571 { 2572 #ifdef CONFIG_AUDIT 2573 struct lsm_network_audit net; 2574 #endif 2575 struct smk_audit_info ad; 2576 int rc; 2577 2578 #ifdef CONFIG_AUDIT 2579 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2580 ad.a.u.net->family = PF_INET6; 2581 ad.a.u.net->dport = ntohs(address->sin6_port); 2582 if (act == SMK_RECEIVING) 2583 ad.a.u.net->v6info.saddr = address->sin6_addr; 2584 else 2585 ad.a.u.net->v6info.daddr = address->sin6_addr; 2586 #endif 2587 rc = smk_access(subject, object, MAY_WRITE, &ad); 2588 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2589 return rc; 2590 } 2591 #endif /* CONFIG_IPV6 */ 2592 2593 #ifdef SMACK_IPV6_PORT_LABELING 2594 /** 2595 * smk_ipv6_port_label - Smack port access table management 2596 * @sock: socket 2597 * @address: address 2598 * 2599 * Create or update the port list entry 2600 */ 2601 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2602 { 2603 struct sock *sk = sock->sk; 2604 struct sockaddr_in6 *addr6; 2605 struct socket_smack *ssp = sock->sk->sk_security; 2606 struct smk_port_label *spp; 2607 unsigned short port = 0; 2608 2609 if (address == NULL) { 2610 /* 2611 * This operation is changing the Smack information 2612 * on the bound socket. Take the changes to the port 2613 * as well. 2614 */ 2615 rcu_read_lock(); 2616 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2617 if (sk != spp->smk_sock) 2618 continue; 2619 spp->smk_in = ssp->smk_in; 2620 spp->smk_out = ssp->smk_out; 2621 rcu_read_unlock(); 2622 return; 2623 } 2624 /* 2625 * A NULL address is only used for updating existing 2626 * bound entries. If there isn't one, it's OK. 2627 */ 2628 rcu_read_unlock(); 2629 return; 2630 } 2631 2632 addr6 = (struct sockaddr_in6 *)address; 2633 port = ntohs(addr6->sin6_port); 2634 /* 2635 * This is a special case that is safely ignored. 2636 */ 2637 if (port == 0) 2638 return; 2639 2640 /* 2641 * Look for an existing port list entry. 2642 * This is an indication that a port is getting reused. 2643 */ 2644 rcu_read_lock(); 2645 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2646 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2647 continue; 2648 if (spp->smk_can_reuse != 1) { 2649 rcu_read_unlock(); 2650 return; 2651 } 2652 spp->smk_port = port; 2653 spp->smk_sock = sk; 2654 spp->smk_in = ssp->smk_in; 2655 spp->smk_out = ssp->smk_out; 2656 spp->smk_can_reuse = 0; 2657 rcu_read_unlock(); 2658 return; 2659 } 2660 rcu_read_unlock(); 2661 /* 2662 * A new port entry is required. 2663 */ 2664 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2665 if (spp == NULL) 2666 return; 2667 2668 spp->smk_port = port; 2669 spp->smk_sock = sk; 2670 spp->smk_in = ssp->smk_in; 2671 spp->smk_out = ssp->smk_out; 2672 spp->smk_sock_type = sock->type; 2673 spp->smk_can_reuse = 0; 2674 2675 mutex_lock(&smack_ipv6_lock); 2676 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2677 mutex_unlock(&smack_ipv6_lock); 2678 return; 2679 } 2680 2681 /** 2682 * smk_ipv6_port_check - check Smack port access 2683 * @sock: socket 2684 * @address: address 2685 * 2686 * Create or update the port list entry 2687 */ 2688 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2689 int act) 2690 { 2691 struct smk_port_label *spp; 2692 struct socket_smack *ssp = sk->sk_security; 2693 struct smack_known *skp = NULL; 2694 unsigned short port; 2695 struct smack_known *object; 2696 2697 if (act == SMK_RECEIVING) { 2698 skp = smack_ipv6host_label(address); 2699 object = ssp->smk_in; 2700 } else { 2701 skp = ssp->smk_out; 2702 object = smack_ipv6host_label(address); 2703 } 2704 2705 /* 2706 * The other end is a single label host. 2707 */ 2708 if (skp != NULL && object != NULL) 2709 return smk_ipv6_check(skp, object, address, act); 2710 if (skp == NULL) 2711 skp = smack_net_ambient; 2712 if (object == NULL) 2713 object = smack_net_ambient; 2714 2715 /* 2716 * It's remote, so port lookup does no good. 2717 */ 2718 if (!smk_ipv6_localhost(address)) 2719 return smk_ipv6_check(skp, object, address, act); 2720 2721 /* 2722 * It's local so the send check has to have passed. 2723 */ 2724 if (act == SMK_RECEIVING) 2725 return 0; 2726 2727 port = ntohs(address->sin6_port); 2728 rcu_read_lock(); 2729 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2730 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2731 continue; 2732 object = spp->smk_in; 2733 if (act == SMK_CONNECTING) 2734 ssp->smk_packet = spp->smk_out; 2735 break; 2736 } 2737 rcu_read_unlock(); 2738 2739 return smk_ipv6_check(skp, object, address, act); 2740 } 2741 #endif /* SMACK_IPV6_PORT_LABELING */ 2742 2743 /** 2744 * smack_inode_setsecurity - set smack xattrs 2745 * @inode: the object 2746 * @name: attribute name 2747 * @value: attribute value 2748 * @size: size of the attribute 2749 * @flags: unused 2750 * 2751 * Sets the named attribute in the appropriate blob 2752 * 2753 * Returns 0 on success, or an error code 2754 */ 2755 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2756 const void *value, size_t size, int flags) 2757 { 2758 struct smack_known *skp; 2759 struct inode_smack *nsp = inode->i_security; 2760 struct socket_smack *ssp; 2761 struct socket *sock; 2762 int rc = 0; 2763 2764 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2765 return -EINVAL; 2766 2767 skp = smk_import_entry(value, size); 2768 if (IS_ERR(skp)) 2769 return PTR_ERR(skp); 2770 2771 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2772 nsp->smk_inode = skp; 2773 nsp->smk_flags |= SMK_INODE_INSTANT; 2774 return 0; 2775 } 2776 /* 2777 * The rest of the Smack xattrs are only on sockets. 2778 */ 2779 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2780 return -EOPNOTSUPP; 2781 2782 sock = SOCKET_I(inode); 2783 if (sock == NULL || sock->sk == NULL) 2784 return -EOPNOTSUPP; 2785 2786 ssp = sock->sk->sk_security; 2787 2788 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2789 ssp->smk_in = skp; 2790 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2791 ssp->smk_out = skp; 2792 if (sock->sk->sk_family == PF_INET) { 2793 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2794 if (rc != 0) 2795 printk(KERN_WARNING 2796 "Smack: \"%s\" netlbl error %d.\n", 2797 __func__, -rc); 2798 } 2799 } else 2800 return -EOPNOTSUPP; 2801 2802 #ifdef SMACK_IPV6_PORT_LABELING 2803 if (sock->sk->sk_family == PF_INET6) 2804 smk_ipv6_port_label(sock, NULL); 2805 #endif 2806 2807 return 0; 2808 } 2809 2810 /** 2811 * smack_socket_post_create - finish socket setup 2812 * @sock: the socket 2813 * @family: protocol family 2814 * @type: unused 2815 * @protocol: unused 2816 * @kern: unused 2817 * 2818 * Sets the netlabel information on the socket 2819 * 2820 * Returns 0 on success, and error code otherwise 2821 */ 2822 static int smack_socket_post_create(struct socket *sock, int family, 2823 int type, int protocol, int kern) 2824 { 2825 struct socket_smack *ssp; 2826 2827 if (sock->sk == NULL) 2828 return 0; 2829 2830 /* 2831 * Sockets created by kernel threads receive web label. 2832 */ 2833 if (unlikely(current->flags & PF_KTHREAD)) { 2834 ssp = sock->sk->sk_security; 2835 ssp->smk_in = &smack_known_web; 2836 ssp->smk_out = &smack_known_web; 2837 } 2838 2839 if (family != PF_INET) 2840 return 0; 2841 /* 2842 * Set the outbound netlbl. 2843 */ 2844 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2845 } 2846 2847 /** 2848 * smack_socket_socketpair - create socket pair 2849 * @socka: one socket 2850 * @sockb: another socket 2851 * 2852 * Cross reference the peer labels for SO_PEERSEC 2853 * 2854 * Returns 0 on success, and error code otherwise 2855 */ 2856 static int smack_socket_socketpair(struct socket *socka, 2857 struct socket *sockb) 2858 { 2859 struct socket_smack *asp = socka->sk->sk_security; 2860 struct socket_smack *bsp = sockb->sk->sk_security; 2861 2862 asp->smk_packet = bsp->smk_out; 2863 bsp->smk_packet = asp->smk_out; 2864 2865 return 0; 2866 } 2867 2868 #ifdef SMACK_IPV6_PORT_LABELING 2869 /** 2870 * smack_socket_bind - record port binding information. 2871 * @sock: the socket 2872 * @address: the port address 2873 * @addrlen: size of the address 2874 * 2875 * Records the label bound to a port. 2876 * 2877 * Returns 0 2878 */ 2879 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2880 int addrlen) 2881 { 2882 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) 2883 smk_ipv6_port_label(sock, address); 2884 return 0; 2885 } 2886 #endif /* SMACK_IPV6_PORT_LABELING */ 2887 2888 /** 2889 * smack_socket_connect - connect access check 2890 * @sock: the socket 2891 * @sap: the other end 2892 * @addrlen: size of sap 2893 * 2894 * Verifies that a connection may be possible 2895 * 2896 * Returns 0 on success, and error code otherwise 2897 */ 2898 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2899 int addrlen) 2900 { 2901 int rc = 0; 2902 #if IS_ENABLED(CONFIG_IPV6) 2903 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2904 #endif 2905 #ifdef SMACK_IPV6_SECMARK_LABELING 2906 struct smack_known *rsp; 2907 struct socket_smack *ssp; 2908 #endif 2909 2910 if (sock->sk == NULL) 2911 return 0; 2912 2913 #ifdef SMACK_IPV6_SECMARK_LABELING 2914 ssp = sock->sk->sk_security; 2915 #endif 2916 2917 switch (sock->sk->sk_family) { 2918 case PF_INET: 2919 if (addrlen < sizeof(struct sockaddr_in)) 2920 return -EINVAL; 2921 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); 2922 break; 2923 case PF_INET6: 2924 if (addrlen < sizeof(struct sockaddr_in6)) 2925 return -EINVAL; 2926 #ifdef SMACK_IPV6_SECMARK_LABELING 2927 rsp = smack_ipv6host_label(sip); 2928 if (rsp != NULL) 2929 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2930 SMK_CONNECTING); 2931 #endif 2932 #ifdef SMACK_IPV6_PORT_LABELING 2933 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2934 #endif 2935 break; 2936 } 2937 return rc; 2938 } 2939 2940 /** 2941 * smack_flags_to_may - convert S_ to MAY_ values 2942 * @flags: the S_ value 2943 * 2944 * Returns the equivalent MAY_ value 2945 */ 2946 static int smack_flags_to_may(int flags) 2947 { 2948 int may = 0; 2949 2950 if (flags & S_IRUGO) 2951 may |= MAY_READ; 2952 if (flags & S_IWUGO) 2953 may |= MAY_WRITE; 2954 if (flags & S_IXUGO) 2955 may |= MAY_EXEC; 2956 2957 return may; 2958 } 2959 2960 /** 2961 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2962 * @msg: the object 2963 * 2964 * Returns 0 2965 */ 2966 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2967 { 2968 struct smack_known *skp = smk_of_current(); 2969 2970 msg->security = skp; 2971 return 0; 2972 } 2973 2974 /** 2975 * smack_msg_msg_free_security - Clear the security blob for msg_msg 2976 * @msg: the object 2977 * 2978 * Clears the blob pointer 2979 */ 2980 static void smack_msg_msg_free_security(struct msg_msg *msg) 2981 { 2982 msg->security = NULL; 2983 } 2984 2985 /** 2986 * smack_of_ipc - the smack pointer for the ipc 2987 * @isp: the object 2988 * 2989 * Returns a pointer to the smack value 2990 */ 2991 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2992 { 2993 return (struct smack_known *)isp->security; 2994 } 2995 2996 /** 2997 * smack_ipc_alloc_security - Set the security blob for ipc 2998 * @isp: the object 2999 * 3000 * Returns 0 3001 */ 3002 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 3003 { 3004 struct smack_known *skp = smk_of_current(); 3005 3006 isp->security = skp; 3007 return 0; 3008 } 3009 3010 /** 3011 * smack_ipc_free_security - Clear the security blob for ipc 3012 * @isp: the object 3013 * 3014 * Clears the blob pointer 3015 */ 3016 static void smack_ipc_free_security(struct kern_ipc_perm *isp) 3017 { 3018 isp->security = NULL; 3019 } 3020 3021 /** 3022 * smk_curacc_shm : check if current has access on shm 3023 * @isp : the object 3024 * @access : access requested 3025 * 3026 * Returns 0 if current has the requested access, error code otherwise 3027 */ 3028 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 3029 { 3030 struct smack_known *ssp = smack_of_ipc(isp); 3031 struct smk_audit_info ad; 3032 int rc; 3033 3034 #ifdef CONFIG_AUDIT 3035 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3036 ad.a.u.ipc_id = isp->id; 3037 #endif 3038 rc = smk_curacc(ssp, access, &ad); 3039 rc = smk_bu_current("shm", ssp, access, rc); 3040 return rc; 3041 } 3042 3043 /** 3044 * smack_shm_associate - Smack access check for shm 3045 * @isp: the object 3046 * @shmflg: access requested 3047 * 3048 * Returns 0 if current has the requested access, error code otherwise 3049 */ 3050 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 3051 { 3052 int may; 3053 3054 may = smack_flags_to_may(shmflg); 3055 return smk_curacc_shm(isp, may); 3056 } 3057 3058 /** 3059 * smack_shm_shmctl - Smack access check for shm 3060 * @isp: the object 3061 * @cmd: what it wants to do 3062 * 3063 * Returns 0 if current has the requested access, error code otherwise 3064 */ 3065 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 3066 { 3067 int may; 3068 3069 switch (cmd) { 3070 case IPC_STAT: 3071 case SHM_STAT: 3072 case SHM_STAT_ANY: 3073 may = MAY_READ; 3074 break; 3075 case IPC_SET: 3076 case SHM_LOCK: 3077 case SHM_UNLOCK: 3078 case IPC_RMID: 3079 may = MAY_READWRITE; 3080 break; 3081 case IPC_INFO: 3082 case SHM_INFO: 3083 /* 3084 * System level information. 3085 */ 3086 return 0; 3087 default: 3088 return -EINVAL; 3089 } 3090 return smk_curacc_shm(isp, may); 3091 } 3092 3093 /** 3094 * smack_shm_shmat - Smack access for shmat 3095 * @isp: the object 3096 * @shmaddr: unused 3097 * @shmflg: access requested 3098 * 3099 * Returns 0 if current has the requested access, error code otherwise 3100 */ 3101 static int smack_shm_shmat(struct kern_ipc_perm *ipc, char __user *shmaddr, 3102 int shmflg) 3103 { 3104 int may; 3105 3106 may = smack_flags_to_may(shmflg); 3107 return smk_curacc_shm(ipc, may); 3108 } 3109 3110 /** 3111 * smk_curacc_sem : check if current has access on sem 3112 * @isp : the object 3113 * @access : access requested 3114 * 3115 * Returns 0 if current has the requested access, error code otherwise 3116 */ 3117 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3118 { 3119 struct smack_known *ssp = smack_of_ipc(isp); 3120 struct smk_audit_info ad; 3121 int rc; 3122 3123 #ifdef CONFIG_AUDIT 3124 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3125 ad.a.u.ipc_id = isp->id; 3126 #endif 3127 rc = smk_curacc(ssp, access, &ad); 3128 rc = smk_bu_current("sem", ssp, access, rc); 3129 return rc; 3130 } 3131 3132 /** 3133 * smack_sem_associate - Smack access check for sem 3134 * @isp: the object 3135 * @semflg: access requested 3136 * 3137 * Returns 0 if current has the requested access, error code otherwise 3138 */ 3139 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3140 { 3141 int may; 3142 3143 may = smack_flags_to_may(semflg); 3144 return smk_curacc_sem(isp, may); 3145 } 3146 3147 /** 3148 * smack_sem_shmctl - Smack access check for sem 3149 * @isp: the object 3150 * @cmd: what it wants to do 3151 * 3152 * Returns 0 if current has the requested access, error code otherwise 3153 */ 3154 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3155 { 3156 int may; 3157 3158 switch (cmd) { 3159 case GETPID: 3160 case GETNCNT: 3161 case GETZCNT: 3162 case GETVAL: 3163 case GETALL: 3164 case IPC_STAT: 3165 case SEM_STAT: 3166 case SEM_STAT_ANY: 3167 may = MAY_READ; 3168 break; 3169 case SETVAL: 3170 case SETALL: 3171 case IPC_RMID: 3172 case IPC_SET: 3173 may = MAY_READWRITE; 3174 break; 3175 case IPC_INFO: 3176 case SEM_INFO: 3177 /* 3178 * System level information 3179 */ 3180 return 0; 3181 default: 3182 return -EINVAL; 3183 } 3184 3185 return smk_curacc_sem(isp, may); 3186 } 3187 3188 /** 3189 * smack_sem_semop - Smack checks of semaphore operations 3190 * @isp: the object 3191 * @sops: unused 3192 * @nsops: unused 3193 * @alter: unused 3194 * 3195 * Treated as read and write in all cases. 3196 * 3197 * Returns 0 if access is allowed, error code otherwise 3198 */ 3199 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3200 unsigned nsops, int alter) 3201 { 3202 return smk_curacc_sem(isp, MAY_READWRITE); 3203 } 3204 3205 /** 3206 * smk_curacc_msq : helper to check if current has access on msq 3207 * @isp : the msq 3208 * @access : access requested 3209 * 3210 * return 0 if current has access, error otherwise 3211 */ 3212 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3213 { 3214 struct smack_known *msp = smack_of_ipc(isp); 3215 struct smk_audit_info ad; 3216 int rc; 3217 3218 #ifdef CONFIG_AUDIT 3219 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3220 ad.a.u.ipc_id = isp->id; 3221 #endif 3222 rc = smk_curacc(msp, access, &ad); 3223 rc = smk_bu_current("msq", msp, access, rc); 3224 return rc; 3225 } 3226 3227 /** 3228 * smack_msg_queue_associate - Smack access check for msg_queue 3229 * @isp: the object 3230 * @msqflg: access requested 3231 * 3232 * Returns 0 if current has the requested access, error code otherwise 3233 */ 3234 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3235 { 3236 int may; 3237 3238 may = smack_flags_to_may(msqflg); 3239 return smk_curacc_msq(isp, may); 3240 } 3241 3242 /** 3243 * smack_msg_queue_msgctl - Smack access check for msg_queue 3244 * @isp: the object 3245 * @cmd: what it wants to do 3246 * 3247 * Returns 0 if current has the requested access, error code otherwise 3248 */ 3249 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3250 { 3251 int may; 3252 3253 switch (cmd) { 3254 case IPC_STAT: 3255 case MSG_STAT: 3256 case MSG_STAT_ANY: 3257 may = MAY_READ; 3258 break; 3259 case IPC_SET: 3260 case IPC_RMID: 3261 may = MAY_READWRITE; 3262 break; 3263 case IPC_INFO: 3264 case MSG_INFO: 3265 /* 3266 * System level information 3267 */ 3268 return 0; 3269 default: 3270 return -EINVAL; 3271 } 3272 3273 return smk_curacc_msq(isp, may); 3274 } 3275 3276 /** 3277 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3278 * @isp: the object 3279 * @msg: unused 3280 * @msqflg: access requested 3281 * 3282 * Returns 0 if current has the requested access, error code otherwise 3283 */ 3284 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3285 int msqflg) 3286 { 3287 int may; 3288 3289 may = smack_flags_to_may(msqflg); 3290 return smk_curacc_msq(isp, may); 3291 } 3292 3293 /** 3294 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3295 * @isp: the object 3296 * @msg: unused 3297 * @target: unused 3298 * @type: unused 3299 * @mode: unused 3300 * 3301 * Returns 0 if current has read and write access, error code otherwise 3302 */ 3303 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg, 3304 struct task_struct *target, long type, int mode) 3305 { 3306 return smk_curacc_msq(isp, MAY_READWRITE); 3307 } 3308 3309 /** 3310 * smack_ipc_permission - Smack access for ipc_permission() 3311 * @ipp: the object permissions 3312 * @flag: access requested 3313 * 3314 * Returns 0 if current has read and write access, error code otherwise 3315 */ 3316 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3317 { 3318 struct smack_known *iskp = ipp->security; 3319 int may = smack_flags_to_may(flag); 3320 struct smk_audit_info ad; 3321 int rc; 3322 3323 #ifdef CONFIG_AUDIT 3324 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3325 ad.a.u.ipc_id = ipp->id; 3326 #endif 3327 rc = smk_curacc(iskp, may, &ad); 3328 rc = smk_bu_current("svipc", iskp, may, rc); 3329 return rc; 3330 } 3331 3332 /** 3333 * smack_ipc_getsecid - Extract smack security id 3334 * @ipp: the object permissions 3335 * @secid: where result will be saved 3336 */ 3337 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3338 { 3339 struct smack_known *iskp = ipp->security; 3340 3341 *secid = iskp->smk_secid; 3342 } 3343 3344 /** 3345 * smack_d_instantiate - Make sure the blob is correct on an inode 3346 * @opt_dentry: dentry where inode will be attached 3347 * @inode: the object 3348 * 3349 * Set the inode's security blob if it hasn't been done already. 3350 */ 3351 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3352 { 3353 struct super_block *sbp; 3354 struct superblock_smack *sbsp; 3355 struct inode_smack *isp; 3356 struct smack_known *skp; 3357 struct smack_known *ckp = smk_of_current(); 3358 struct smack_known *final; 3359 char trattr[TRANS_TRUE_SIZE]; 3360 int transflag = 0; 3361 int rc; 3362 struct dentry *dp; 3363 3364 if (inode == NULL) 3365 return; 3366 3367 isp = inode->i_security; 3368 3369 mutex_lock(&isp->smk_lock); 3370 /* 3371 * If the inode is already instantiated 3372 * take the quick way out 3373 */ 3374 if (isp->smk_flags & SMK_INODE_INSTANT) 3375 goto unlockandout; 3376 3377 sbp = inode->i_sb; 3378 sbsp = sbp->s_security; 3379 /* 3380 * We're going to use the superblock default label 3381 * if there's no label on the file. 3382 */ 3383 final = sbsp->smk_default; 3384 3385 /* 3386 * If this is the root inode the superblock 3387 * may be in the process of initialization. 3388 * If that is the case use the root value out 3389 * of the superblock. 3390 */ 3391 if (opt_dentry->d_parent == opt_dentry) { 3392 switch (sbp->s_magic) { 3393 case CGROUP_SUPER_MAGIC: 3394 case CGROUP2_SUPER_MAGIC: 3395 /* 3396 * The cgroup filesystem is never mounted, 3397 * so there's no opportunity to set the mount 3398 * options. 3399 */ 3400 sbsp->smk_root = &smack_known_star; 3401 sbsp->smk_default = &smack_known_star; 3402 isp->smk_inode = sbsp->smk_root; 3403 break; 3404 case TMPFS_MAGIC: 3405 /* 3406 * What about shmem/tmpfs anonymous files with dentry 3407 * obtained from d_alloc_pseudo()? 3408 */ 3409 isp->smk_inode = smk_of_current(); 3410 break; 3411 case PIPEFS_MAGIC: 3412 isp->smk_inode = smk_of_current(); 3413 break; 3414 case SOCKFS_MAGIC: 3415 /* 3416 * Socket access is controlled by the socket 3417 * structures associated with the task involved. 3418 */ 3419 isp->smk_inode = &smack_known_star; 3420 break; 3421 default: 3422 isp->smk_inode = sbsp->smk_root; 3423 break; 3424 } 3425 isp->smk_flags |= SMK_INODE_INSTANT; 3426 goto unlockandout; 3427 } 3428 3429 /* 3430 * This is pretty hackish. 3431 * Casey says that we shouldn't have to do 3432 * file system specific code, but it does help 3433 * with keeping it simple. 3434 */ 3435 switch (sbp->s_magic) { 3436 case SMACK_MAGIC: 3437 case CGROUP_SUPER_MAGIC: 3438 case CGROUP2_SUPER_MAGIC: 3439 /* 3440 * Casey says that it's a little embarrassing 3441 * that the smack file system doesn't do 3442 * extended attributes. 3443 * 3444 * Cgroupfs is special 3445 */ 3446 final = &smack_known_star; 3447 break; 3448 case DEVPTS_SUPER_MAGIC: 3449 /* 3450 * devpts seems content with the label of the task. 3451 * Programs that change smack have to treat the 3452 * pty with respect. 3453 */ 3454 final = ckp; 3455 break; 3456 case PROC_SUPER_MAGIC: 3457 /* 3458 * Casey says procfs appears not to care. 3459 * The superblock default suffices. 3460 */ 3461 break; 3462 case TMPFS_MAGIC: 3463 /* 3464 * Device labels should come from the filesystem, 3465 * but watch out, because they're volitile, 3466 * getting recreated on every reboot. 3467 */ 3468 final = &smack_known_star; 3469 /* 3470 * No break. 3471 * 3472 * If a smack value has been set we want to use it, 3473 * but since tmpfs isn't giving us the opportunity 3474 * to set mount options simulate setting the 3475 * superblock default. 3476 */ 3477 default: 3478 /* 3479 * This isn't an understood special case. 3480 * Get the value from the xattr. 3481 */ 3482 3483 /* 3484 * UNIX domain sockets use lower level socket data. 3485 */ 3486 if (S_ISSOCK(inode->i_mode)) { 3487 final = &smack_known_star; 3488 break; 3489 } 3490 /* 3491 * No xattr support means, alas, no SMACK label. 3492 * Use the aforeapplied default. 3493 * It would be curious if the label of the task 3494 * does not match that assigned. 3495 */ 3496 if (!(inode->i_opflags & IOP_XATTR)) 3497 break; 3498 /* 3499 * Get the dentry for xattr. 3500 */ 3501 dp = dget(opt_dentry); 3502 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3503 if (!IS_ERR_OR_NULL(skp)) 3504 final = skp; 3505 3506 /* 3507 * Transmuting directory 3508 */ 3509 if (S_ISDIR(inode->i_mode)) { 3510 /* 3511 * If this is a new directory and the label was 3512 * transmuted when the inode was initialized 3513 * set the transmute attribute on the directory 3514 * and mark the inode. 3515 * 3516 * If there is a transmute attribute on the 3517 * directory mark the inode. 3518 */ 3519 if (isp->smk_flags & SMK_INODE_CHANGED) { 3520 isp->smk_flags &= ~SMK_INODE_CHANGED; 3521 rc = __vfs_setxattr(dp, inode, 3522 XATTR_NAME_SMACKTRANSMUTE, 3523 TRANS_TRUE, TRANS_TRUE_SIZE, 3524 0); 3525 } else { 3526 rc = __vfs_getxattr(dp, inode, 3527 XATTR_NAME_SMACKTRANSMUTE, trattr, 3528 TRANS_TRUE_SIZE); 3529 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3530 TRANS_TRUE_SIZE) != 0) 3531 rc = -EINVAL; 3532 } 3533 if (rc >= 0) 3534 transflag = SMK_INODE_TRANSMUTE; 3535 } 3536 /* 3537 * Don't let the exec or mmap label be "*" or "@". 3538 */ 3539 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3540 if (IS_ERR(skp) || skp == &smack_known_star || 3541 skp == &smack_known_web) 3542 skp = NULL; 3543 isp->smk_task = skp; 3544 3545 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3546 if (IS_ERR(skp) || skp == &smack_known_star || 3547 skp == &smack_known_web) 3548 skp = NULL; 3549 isp->smk_mmap = skp; 3550 3551 dput(dp); 3552 break; 3553 } 3554 3555 if (final == NULL) 3556 isp->smk_inode = ckp; 3557 else 3558 isp->smk_inode = final; 3559 3560 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3561 3562 unlockandout: 3563 mutex_unlock(&isp->smk_lock); 3564 return; 3565 } 3566 3567 /** 3568 * smack_getprocattr - Smack process attribute access 3569 * @p: the object task 3570 * @name: the name of the attribute in /proc/.../attr 3571 * @value: where to put the result 3572 * 3573 * Places a copy of the task Smack into value 3574 * 3575 * Returns the length of the smack label or an error code 3576 */ 3577 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3578 { 3579 struct smack_known *skp = smk_of_task_struct(p); 3580 char *cp; 3581 int slen; 3582 3583 if (strcmp(name, "current") != 0) 3584 return -EINVAL; 3585 3586 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3587 if (cp == NULL) 3588 return -ENOMEM; 3589 3590 slen = strlen(cp); 3591 *value = cp; 3592 return slen; 3593 } 3594 3595 /** 3596 * smack_setprocattr - Smack process attribute setting 3597 * @name: the name of the attribute in /proc/.../attr 3598 * @value: the value to set 3599 * @size: the size of the value 3600 * 3601 * Sets the Smack value of the task. Only setting self 3602 * is permitted and only with privilege 3603 * 3604 * Returns the length of the smack label or an error code 3605 */ 3606 static int smack_setprocattr(const char *name, void *value, size_t size) 3607 { 3608 struct task_smack *tsp = current_security(); 3609 struct cred *new; 3610 struct smack_known *skp; 3611 struct smack_known_list_elem *sklep; 3612 int rc; 3613 3614 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3615 return -EPERM; 3616 3617 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3618 return -EINVAL; 3619 3620 if (strcmp(name, "current") != 0) 3621 return -EINVAL; 3622 3623 skp = smk_import_entry(value, size); 3624 if (IS_ERR(skp)) 3625 return PTR_ERR(skp); 3626 3627 /* 3628 * No process is ever allowed the web ("@") label 3629 * and the star ("*") label. 3630 */ 3631 if (skp == &smack_known_web || skp == &smack_known_star) 3632 return -EINVAL; 3633 3634 if (!smack_privileged(CAP_MAC_ADMIN)) { 3635 rc = -EPERM; 3636 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3637 if (sklep->smk_label == skp) { 3638 rc = 0; 3639 break; 3640 } 3641 if (rc) 3642 return rc; 3643 } 3644 3645 new = prepare_creds(); 3646 if (new == NULL) 3647 return -ENOMEM; 3648 3649 tsp = new->security; 3650 tsp->smk_task = skp; 3651 /* 3652 * process can change its label only once 3653 */ 3654 smk_destroy_label_list(&tsp->smk_relabel); 3655 3656 commit_creds(new); 3657 return size; 3658 } 3659 3660 /** 3661 * smack_unix_stream_connect - Smack access on UDS 3662 * @sock: one sock 3663 * @other: the other sock 3664 * @newsk: unused 3665 * 3666 * Return 0 if a subject with the smack of sock could access 3667 * an object with the smack of other, otherwise an error code 3668 */ 3669 static int smack_unix_stream_connect(struct sock *sock, 3670 struct sock *other, struct sock *newsk) 3671 { 3672 struct smack_known *skp; 3673 struct smack_known *okp; 3674 struct socket_smack *ssp = sock->sk_security; 3675 struct socket_smack *osp = other->sk_security; 3676 struct socket_smack *nsp = newsk->sk_security; 3677 struct smk_audit_info ad; 3678 int rc = 0; 3679 #ifdef CONFIG_AUDIT 3680 struct lsm_network_audit net; 3681 #endif 3682 3683 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3684 skp = ssp->smk_out; 3685 okp = osp->smk_in; 3686 #ifdef CONFIG_AUDIT 3687 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3688 smk_ad_setfield_u_net_sk(&ad, other); 3689 #endif 3690 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3691 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3692 if (rc == 0) { 3693 okp = osp->smk_out; 3694 skp = ssp->smk_in; 3695 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3696 rc = smk_bu_note("UDS connect", okp, skp, 3697 MAY_WRITE, rc); 3698 } 3699 } 3700 3701 /* 3702 * Cross reference the peer labels for SO_PEERSEC. 3703 */ 3704 if (rc == 0) { 3705 nsp->smk_packet = ssp->smk_out; 3706 ssp->smk_packet = osp->smk_out; 3707 } 3708 3709 return rc; 3710 } 3711 3712 /** 3713 * smack_unix_may_send - Smack access on UDS 3714 * @sock: one socket 3715 * @other: the other socket 3716 * 3717 * Return 0 if a subject with the smack of sock could access 3718 * an object with the smack of other, otherwise an error code 3719 */ 3720 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3721 { 3722 struct socket_smack *ssp = sock->sk->sk_security; 3723 struct socket_smack *osp = other->sk->sk_security; 3724 struct smk_audit_info ad; 3725 int rc; 3726 3727 #ifdef CONFIG_AUDIT 3728 struct lsm_network_audit net; 3729 3730 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3731 smk_ad_setfield_u_net_sk(&ad, other->sk); 3732 #endif 3733 3734 if (smack_privileged(CAP_MAC_OVERRIDE)) 3735 return 0; 3736 3737 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3738 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3739 return rc; 3740 } 3741 3742 /** 3743 * smack_socket_sendmsg - Smack check based on destination host 3744 * @sock: the socket 3745 * @msg: the message 3746 * @size: the size of the message 3747 * 3748 * Return 0 if the current subject can write to the destination host. 3749 * For IPv4 this is only a question if the destination is a single label host. 3750 * For IPv6 this is a check against the label of the port. 3751 */ 3752 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3753 int size) 3754 { 3755 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3756 #if IS_ENABLED(CONFIG_IPV6) 3757 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3758 #endif 3759 #ifdef SMACK_IPV6_SECMARK_LABELING 3760 struct socket_smack *ssp = sock->sk->sk_security; 3761 struct smack_known *rsp; 3762 #endif 3763 int rc = 0; 3764 3765 /* 3766 * Perfectly reasonable for this to be NULL 3767 */ 3768 if (sip == NULL) 3769 return 0; 3770 3771 switch (sock->sk->sk_family) { 3772 case AF_INET: 3773 rc = smack_netlabel_send(sock->sk, sip); 3774 break; 3775 case AF_INET6: 3776 #ifdef SMACK_IPV6_SECMARK_LABELING 3777 rsp = smack_ipv6host_label(sap); 3778 if (rsp != NULL) 3779 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3780 SMK_CONNECTING); 3781 #endif 3782 #ifdef SMACK_IPV6_PORT_LABELING 3783 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3784 #endif 3785 break; 3786 } 3787 return rc; 3788 } 3789 3790 /** 3791 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3792 * @sap: netlabel secattr 3793 * @ssp: socket security information 3794 * 3795 * Returns a pointer to a Smack label entry found on the label list. 3796 */ 3797 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3798 struct socket_smack *ssp) 3799 { 3800 struct smack_known *skp; 3801 int found = 0; 3802 int acat; 3803 int kcat; 3804 3805 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3806 /* 3807 * Looks like a CIPSO packet. 3808 * If there are flags but no level netlabel isn't 3809 * behaving the way we expect it to. 3810 * 3811 * Look it up in the label table 3812 * Without guidance regarding the smack value 3813 * for the packet fall back on the network 3814 * ambient value. 3815 */ 3816 rcu_read_lock(); 3817 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3818 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3819 continue; 3820 /* 3821 * Compare the catsets. Use the netlbl APIs. 3822 */ 3823 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3824 if ((skp->smk_netlabel.flags & 3825 NETLBL_SECATTR_MLS_CAT) == 0) 3826 found = 1; 3827 break; 3828 } 3829 for (acat = -1, kcat = -1; acat == kcat; ) { 3830 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3831 acat + 1); 3832 kcat = netlbl_catmap_walk( 3833 skp->smk_netlabel.attr.mls.cat, 3834 kcat + 1); 3835 if (acat < 0 || kcat < 0) 3836 break; 3837 } 3838 if (acat == kcat) { 3839 found = 1; 3840 break; 3841 } 3842 } 3843 rcu_read_unlock(); 3844 3845 if (found) 3846 return skp; 3847 3848 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3849 return &smack_known_web; 3850 return &smack_known_star; 3851 } 3852 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3853 /* 3854 * Looks like a fallback, which gives us a secid. 3855 */ 3856 return smack_from_secid(sap->attr.secid); 3857 /* 3858 * Without guidance regarding the smack value 3859 * for the packet fall back on the network 3860 * ambient value. 3861 */ 3862 return smack_net_ambient; 3863 } 3864 3865 #if IS_ENABLED(CONFIG_IPV6) 3866 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3867 { 3868 u8 nexthdr; 3869 int offset; 3870 int proto = -EINVAL; 3871 struct ipv6hdr _ipv6h; 3872 struct ipv6hdr *ip6; 3873 __be16 frag_off; 3874 struct tcphdr _tcph, *th; 3875 struct udphdr _udph, *uh; 3876 struct dccp_hdr _dccph, *dh; 3877 3878 sip->sin6_port = 0; 3879 3880 offset = skb_network_offset(skb); 3881 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3882 if (ip6 == NULL) 3883 return -EINVAL; 3884 sip->sin6_addr = ip6->saddr; 3885 3886 nexthdr = ip6->nexthdr; 3887 offset += sizeof(_ipv6h); 3888 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3889 if (offset < 0) 3890 return -EINVAL; 3891 3892 proto = nexthdr; 3893 switch (proto) { 3894 case IPPROTO_TCP: 3895 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3896 if (th != NULL) 3897 sip->sin6_port = th->source; 3898 break; 3899 case IPPROTO_UDP: 3900 case IPPROTO_UDPLITE: 3901 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3902 if (uh != NULL) 3903 sip->sin6_port = uh->source; 3904 break; 3905 case IPPROTO_DCCP: 3906 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3907 if (dh != NULL) 3908 sip->sin6_port = dh->dccph_sport; 3909 break; 3910 } 3911 return proto; 3912 } 3913 #endif /* CONFIG_IPV6 */ 3914 3915 /** 3916 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3917 * @sk: socket 3918 * @skb: packet 3919 * 3920 * Returns 0 if the packet should be delivered, an error code otherwise 3921 */ 3922 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3923 { 3924 struct netlbl_lsm_secattr secattr; 3925 struct socket_smack *ssp = sk->sk_security; 3926 struct smack_known *skp = NULL; 3927 int rc = 0; 3928 struct smk_audit_info ad; 3929 u16 family = sk->sk_family; 3930 #ifdef CONFIG_AUDIT 3931 struct lsm_network_audit net; 3932 #endif 3933 #if IS_ENABLED(CONFIG_IPV6) 3934 struct sockaddr_in6 sadd; 3935 int proto; 3936 3937 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3938 family = PF_INET; 3939 #endif /* CONFIG_IPV6 */ 3940 3941 switch (family) { 3942 case PF_INET: 3943 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3944 /* 3945 * If there is a secmark use it rather than the CIPSO label. 3946 * If there is no secmark fall back to CIPSO. 3947 * The secmark is assumed to reflect policy better. 3948 */ 3949 if (skb && skb->secmark != 0) { 3950 skp = smack_from_secid(skb->secmark); 3951 goto access_check; 3952 } 3953 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3954 /* 3955 * Translate what netlabel gave us. 3956 */ 3957 netlbl_secattr_init(&secattr); 3958 3959 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3960 if (rc == 0) 3961 skp = smack_from_secattr(&secattr, ssp); 3962 else 3963 skp = smack_net_ambient; 3964 3965 netlbl_secattr_destroy(&secattr); 3966 3967 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3968 access_check: 3969 #endif 3970 #ifdef CONFIG_AUDIT 3971 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3972 ad.a.u.net->family = family; 3973 ad.a.u.net->netif = skb->skb_iif; 3974 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3975 #endif 3976 /* 3977 * Receiving a packet requires that the other end 3978 * be able to write here. Read access is not required. 3979 * This is the simplist possible security model 3980 * for networking. 3981 */ 3982 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3983 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3984 MAY_WRITE, rc); 3985 if (rc != 0) 3986 netlbl_skbuff_err(skb, family, rc, 0); 3987 break; 3988 #if IS_ENABLED(CONFIG_IPV6) 3989 case PF_INET6: 3990 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3991 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3992 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 3993 break; 3994 #ifdef SMACK_IPV6_SECMARK_LABELING 3995 if (skb && skb->secmark != 0) 3996 skp = smack_from_secid(skb->secmark); 3997 else 3998 skp = smack_ipv6host_label(&sadd); 3999 if (skp == NULL) 4000 skp = smack_net_ambient; 4001 #ifdef CONFIG_AUDIT 4002 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4003 ad.a.u.net->family = family; 4004 ad.a.u.net->netif = skb->skb_iif; 4005 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 4006 #endif /* CONFIG_AUDIT */ 4007 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4008 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 4009 MAY_WRITE, rc); 4010 #endif /* SMACK_IPV6_SECMARK_LABELING */ 4011 #ifdef SMACK_IPV6_PORT_LABELING 4012 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 4013 #endif /* SMACK_IPV6_PORT_LABELING */ 4014 if (rc != 0) 4015 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 4016 ICMPV6_ADM_PROHIBITED, 0); 4017 break; 4018 #endif /* CONFIG_IPV6 */ 4019 } 4020 4021 return rc; 4022 } 4023 4024 /** 4025 * smack_socket_getpeersec_stream - pull in packet label 4026 * @sock: the socket 4027 * @optval: user's destination 4028 * @optlen: size thereof 4029 * @len: max thereof 4030 * 4031 * returns zero on success, an error code otherwise 4032 */ 4033 static int smack_socket_getpeersec_stream(struct socket *sock, 4034 char __user *optval, 4035 int __user *optlen, unsigned len) 4036 { 4037 struct socket_smack *ssp; 4038 char *rcp = ""; 4039 int slen = 1; 4040 int rc = 0; 4041 4042 ssp = sock->sk->sk_security; 4043 if (ssp->smk_packet != NULL) { 4044 rcp = ssp->smk_packet->smk_known; 4045 slen = strlen(rcp) + 1; 4046 } 4047 4048 if (slen > len) 4049 rc = -ERANGE; 4050 else if (copy_to_user(optval, rcp, slen) != 0) 4051 rc = -EFAULT; 4052 4053 if (put_user(slen, optlen) != 0) 4054 rc = -EFAULT; 4055 4056 return rc; 4057 } 4058 4059 4060 /** 4061 * smack_socket_getpeersec_dgram - pull in packet label 4062 * @sock: the peer socket 4063 * @skb: packet data 4064 * @secid: pointer to where to put the secid of the packet 4065 * 4066 * Sets the netlabel socket state on sk from parent 4067 */ 4068 static int smack_socket_getpeersec_dgram(struct socket *sock, 4069 struct sk_buff *skb, u32 *secid) 4070 4071 { 4072 struct netlbl_lsm_secattr secattr; 4073 struct socket_smack *ssp = NULL; 4074 struct smack_known *skp; 4075 int family = PF_UNSPEC; 4076 u32 s = 0; /* 0 is the invalid secid */ 4077 int rc; 4078 4079 if (skb != NULL) { 4080 if (skb->protocol == htons(ETH_P_IP)) 4081 family = PF_INET; 4082 #if IS_ENABLED(CONFIG_IPV6) 4083 else if (skb->protocol == htons(ETH_P_IPV6)) 4084 family = PF_INET6; 4085 #endif /* CONFIG_IPV6 */ 4086 } 4087 if (family == PF_UNSPEC && sock != NULL) 4088 family = sock->sk->sk_family; 4089 4090 switch (family) { 4091 case PF_UNIX: 4092 ssp = sock->sk->sk_security; 4093 s = ssp->smk_out->smk_secid; 4094 break; 4095 case PF_INET: 4096 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4097 s = skb->secmark; 4098 if (s != 0) 4099 break; 4100 #endif 4101 /* 4102 * Translate what netlabel gave us. 4103 */ 4104 if (sock != NULL && sock->sk != NULL) 4105 ssp = sock->sk->sk_security; 4106 netlbl_secattr_init(&secattr); 4107 rc = netlbl_skbuff_getattr(skb, family, &secattr); 4108 if (rc == 0) { 4109 skp = smack_from_secattr(&secattr, ssp); 4110 s = skp->smk_secid; 4111 } 4112 netlbl_secattr_destroy(&secattr); 4113 break; 4114 case PF_INET6: 4115 #ifdef SMACK_IPV6_SECMARK_LABELING 4116 s = skb->secmark; 4117 #endif 4118 break; 4119 } 4120 *secid = s; 4121 if (s == 0) 4122 return -EINVAL; 4123 return 0; 4124 } 4125 4126 /** 4127 * smack_sock_graft - Initialize a newly created socket with an existing sock 4128 * @sk: child sock 4129 * @parent: parent socket 4130 * 4131 * Set the smk_{in,out} state of an existing sock based on the process that 4132 * is creating the new socket. 4133 */ 4134 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4135 { 4136 struct socket_smack *ssp; 4137 struct smack_known *skp = smk_of_current(); 4138 4139 if (sk == NULL || 4140 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4141 return; 4142 4143 ssp = sk->sk_security; 4144 ssp->smk_in = skp; 4145 ssp->smk_out = skp; 4146 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4147 } 4148 4149 /** 4150 * smack_inet_conn_request - Smack access check on connect 4151 * @sk: socket involved 4152 * @skb: packet 4153 * @req: unused 4154 * 4155 * Returns 0 if a task with the packet label could write to 4156 * the socket, otherwise an error code 4157 */ 4158 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 4159 struct request_sock *req) 4160 { 4161 u16 family = sk->sk_family; 4162 struct smack_known *skp; 4163 struct socket_smack *ssp = sk->sk_security; 4164 struct netlbl_lsm_secattr secattr; 4165 struct sockaddr_in addr; 4166 struct iphdr *hdr; 4167 struct smack_known *hskp; 4168 int rc; 4169 struct smk_audit_info ad; 4170 #ifdef CONFIG_AUDIT 4171 struct lsm_network_audit net; 4172 #endif 4173 4174 #if IS_ENABLED(CONFIG_IPV6) 4175 if (family == PF_INET6) { 4176 /* 4177 * Handle mapped IPv4 packets arriving 4178 * via IPv6 sockets. Don't set up netlabel 4179 * processing on IPv6. 4180 */ 4181 if (skb->protocol == htons(ETH_P_IP)) 4182 family = PF_INET; 4183 else 4184 return 0; 4185 } 4186 #endif /* CONFIG_IPV6 */ 4187 4188 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4189 /* 4190 * If there is a secmark use it rather than the CIPSO label. 4191 * If there is no secmark fall back to CIPSO. 4192 * The secmark is assumed to reflect policy better. 4193 */ 4194 if (skb && skb->secmark != 0) { 4195 skp = smack_from_secid(skb->secmark); 4196 goto access_check; 4197 } 4198 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 4199 4200 netlbl_secattr_init(&secattr); 4201 rc = netlbl_skbuff_getattr(skb, family, &secattr); 4202 if (rc == 0) 4203 skp = smack_from_secattr(&secattr, ssp); 4204 else 4205 skp = &smack_known_huh; 4206 netlbl_secattr_destroy(&secattr); 4207 4208 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4209 access_check: 4210 #endif 4211 4212 #ifdef CONFIG_AUDIT 4213 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4214 ad.a.u.net->family = family; 4215 ad.a.u.net->netif = skb->skb_iif; 4216 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4217 #endif 4218 /* 4219 * Receiving a packet requires that the other end be able to write 4220 * here. Read access is not required. 4221 */ 4222 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4223 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4224 if (rc != 0) 4225 return rc; 4226 4227 /* 4228 * Save the peer's label in the request_sock so we can later setup 4229 * smk_packet in the child socket so that SO_PEERCRED can report it. 4230 */ 4231 req->peer_secid = skp->smk_secid; 4232 4233 /* 4234 * We need to decide if we want to label the incoming connection here 4235 * if we do we only need to label the request_sock and the stack will 4236 * propagate the wire-label to the sock when it is created. 4237 */ 4238 hdr = ip_hdr(skb); 4239 addr.sin_addr.s_addr = hdr->saddr; 4240 rcu_read_lock(); 4241 hskp = smack_ipv4host_label(&addr); 4242 rcu_read_unlock(); 4243 4244 if (hskp == NULL) 4245 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4246 else 4247 netlbl_req_delattr(req); 4248 4249 return rc; 4250 } 4251 4252 /** 4253 * smack_inet_csk_clone - Copy the connection information to the new socket 4254 * @sk: the new socket 4255 * @req: the connection's request_sock 4256 * 4257 * Transfer the connection's peer label to the newly created socket. 4258 */ 4259 static void smack_inet_csk_clone(struct sock *sk, 4260 const struct request_sock *req) 4261 { 4262 struct socket_smack *ssp = sk->sk_security; 4263 struct smack_known *skp; 4264 4265 if (req->peer_secid != 0) { 4266 skp = smack_from_secid(req->peer_secid); 4267 ssp->smk_packet = skp; 4268 } else 4269 ssp->smk_packet = NULL; 4270 } 4271 4272 /* 4273 * Key management security hooks 4274 * 4275 * Casey has not tested key support very heavily. 4276 * The permission check is most likely too restrictive. 4277 * If you care about keys please have a look. 4278 */ 4279 #ifdef CONFIG_KEYS 4280 4281 /** 4282 * smack_key_alloc - Set the key security blob 4283 * @key: object 4284 * @cred: the credentials to use 4285 * @flags: unused 4286 * 4287 * No allocation required 4288 * 4289 * Returns 0 4290 */ 4291 static int smack_key_alloc(struct key *key, const struct cred *cred, 4292 unsigned long flags) 4293 { 4294 struct smack_known *skp = smk_of_task(cred->security); 4295 4296 key->security = skp; 4297 return 0; 4298 } 4299 4300 /** 4301 * smack_key_free - Clear the key security blob 4302 * @key: the object 4303 * 4304 * Clear the blob pointer 4305 */ 4306 static void smack_key_free(struct key *key) 4307 { 4308 key->security = NULL; 4309 } 4310 4311 /** 4312 * smack_key_permission - Smack access on a key 4313 * @key_ref: gets to the object 4314 * @cred: the credentials to use 4315 * @perm: requested key permissions 4316 * 4317 * Return 0 if the task has read and write to the object, 4318 * an error code otherwise 4319 */ 4320 static int smack_key_permission(key_ref_t key_ref, 4321 const struct cred *cred, unsigned perm) 4322 { 4323 struct key *keyp; 4324 struct smk_audit_info ad; 4325 struct smack_known *tkp = smk_of_task(cred->security); 4326 int request = 0; 4327 int rc; 4328 4329 keyp = key_ref_to_ptr(key_ref); 4330 if (keyp == NULL) 4331 return -EINVAL; 4332 /* 4333 * If the key hasn't been initialized give it access so that 4334 * it may do so. 4335 */ 4336 if (keyp->security == NULL) 4337 return 0; 4338 /* 4339 * This should not occur 4340 */ 4341 if (tkp == NULL) 4342 return -EACCES; 4343 4344 if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred)) 4345 return 0; 4346 4347 #ifdef CONFIG_AUDIT 4348 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4349 ad.a.u.key_struct.key = keyp->serial; 4350 ad.a.u.key_struct.key_desc = keyp->description; 4351 #endif 4352 if (perm & KEY_NEED_READ) 4353 request = MAY_READ; 4354 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR)) 4355 request = MAY_WRITE; 4356 rc = smk_access(tkp, keyp->security, request, &ad); 4357 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4358 return rc; 4359 } 4360 4361 /* 4362 * smack_key_getsecurity - Smack label tagging the key 4363 * @key points to the key to be queried 4364 * @_buffer points to a pointer that should be set to point to the 4365 * resulting string (if no label or an error occurs). 4366 * Return the length of the string (including terminating NUL) or -ve if 4367 * an error. 4368 * May also return 0 (and a NULL buffer pointer) if there is no label. 4369 */ 4370 static int smack_key_getsecurity(struct key *key, char **_buffer) 4371 { 4372 struct smack_known *skp = key->security; 4373 size_t length; 4374 char *copy; 4375 4376 if (key->security == NULL) { 4377 *_buffer = NULL; 4378 return 0; 4379 } 4380 4381 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4382 if (copy == NULL) 4383 return -ENOMEM; 4384 length = strlen(copy) + 1; 4385 4386 *_buffer = copy; 4387 return length; 4388 } 4389 4390 #endif /* CONFIG_KEYS */ 4391 4392 /* 4393 * Smack Audit hooks 4394 * 4395 * Audit requires a unique representation of each Smack specific 4396 * rule. This unique representation is used to distinguish the 4397 * object to be audited from remaining kernel objects and also 4398 * works as a glue between the audit hooks. 4399 * 4400 * Since repository entries are added but never deleted, we'll use 4401 * the smack_known label address related to the given audit rule as 4402 * the needed unique representation. This also better fits the smack 4403 * model where nearly everything is a label. 4404 */ 4405 #ifdef CONFIG_AUDIT 4406 4407 /** 4408 * smack_audit_rule_init - Initialize a smack audit rule 4409 * @field: audit rule fields given from user-space (audit.h) 4410 * @op: required testing operator (=, !=, >, <, ...) 4411 * @rulestr: smack label to be audited 4412 * @vrule: pointer to save our own audit rule representation 4413 * 4414 * Prepare to audit cases where (@field @op @rulestr) is true. 4415 * The label to be audited is created if necessay. 4416 */ 4417 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4418 { 4419 struct smack_known *skp; 4420 char **rule = (char **)vrule; 4421 *rule = NULL; 4422 4423 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4424 return -EINVAL; 4425 4426 if (op != Audit_equal && op != Audit_not_equal) 4427 return -EINVAL; 4428 4429 skp = smk_import_entry(rulestr, 0); 4430 if (IS_ERR(skp)) 4431 return PTR_ERR(skp); 4432 4433 *rule = skp->smk_known; 4434 4435 return 0; 4436 } 4437 4438 /** 4439 * smack_audit_rule_known - Distinguish Smack audit rules 4440 * @krule: rule of interest, in Audit kernel representation format 4441 * 4442 * This is used to filter Smack rules from remaining Audit ones. 4443 * If it's proved that this rule belongs to us, the 4444 * audit_rule_match hook will be called to do the final judgement. 4445 */ 4446 static int smack_audit_rule_known(struct audit_krule *krule) 4447 { 4448 struct audit_field *f; 4449 int i; 4450 4451 for (i = 0; i < krule->field_count; i++) { 4452 f = &krule->fields[i]; 4453 4454 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4455 return 1; 4456 } 4457 4458 return 0; 4459 } 4460 4461 /** 4462 * smack_audit_rule_match - Audit given object ? 4463 * @secid: security id for identifying the object to test 4464 * @field: audit rule flags given from user-space 4465 * @op: required testing operator 4466 * @vrule: smack internal rule presentation 4467 * @actx: audit context associated with the check 4468 * 4469 * The core Audit hook. It's used to take the decision of 4470 * whether to audit or not to audit a given object. 4471 */ 4472 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 4473 struct audit_context *actx) 4474 { 4475 struct smack_known *skp; 4476 char *rule = vrule; 4477 4478 if (unlikely(!rule)) { 4479 WARN_ONCE(1, "Smack: missing rule\n"); 4480 return -ENOENT; 4481 } 4482 4483 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4484 return 0; 4485 4486 skp = smack_from_secid(secid); 4487 4488 /* 4489 * No need to do string comparisons. If a match occurs, 4490 * both pointers will point to the same smack_known 4491 * label. 4492 */ 4493 if (op == Audit_equal) 4494 return (rule == skp->smk_known); 4495 if (op == Audit_not_equal) 4496 return (rule != skp->smk_known); 4497 4498 return 0; 4499 } 4500 4501 /* 4502 * There is no need for a smack_audit_rule_free hook. 4503 * No memory was allocated. 4504 */ 4505 4506 #endif /* CONFIG_AUDIT */ 4507 4508 /** 4509 * smack_ismaclabel - check if xattr @name references a smack MAC label 4510 * @name: Full xattr name to check. 4511 */ 4512 static int smack_ismaclabel(const char *name) 4513 { 4514 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4515 } 4516 4517 4518 /** 4519 * smack_secid_to_secctx - return the smack label for a secid 4520 * @secid: incoming integer 4521 * @secdata: destination 4522 * @seclen: how long it is 4523 * 4524 * Exists for networking code. 4525 */ 4526 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4527 { 4528 struct smack_known *skp = smack_from_secid(secid); 4529 4530 if (secdata) 4531 *secdata = skp->smk_known; 4532 *seclen = strlen(skp->smk_known); 4533 return 0; 4534 } 4535 4536 /** 4537 * smack_secctx_to_secid - return the secid for a smack label 4538 * @secdata: smack label 4539 * @seclen: how long result is 4540 * @secid: outgoing integer 4541 * 4542 * Exists for audit and networking code. 4543 */ 4544 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4545 { 4546 struct smack_known *skp = smk_find_entry(secdata); 4547 4548 if (skp) 4549 *secid = skp->smk_secid; 4550 else 4551 *secid = 0; 4552 return 0; 4553 } 4554 4555 /* 4556 * There used to be a smack_release_secctx hook 4557 * that did nothing back when hooks were in a vector. 4558 * Now that there's a list such a hook adds cost. 4559 */ 4560 4561 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4562 { 4563 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 4564 } 4565 4566 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4567 { 4568 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 4569 } 4570 4571 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4572 { 4573 struct smack_known *skp = smk_of_inode(inode); 4574 4575 *ctx = skp->smk_known; 4576 *ctxlen = strlen(skp->smk_known); 4577 return 0; 4578 } 4579 4580 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4581 { 4582 4583 struct task_smack *tsp; 4584 struct smack_known *skp; 4585 struct inode_smack *isp; 4586 struct cred *new_creds = *new; 4587 4588 if (new_creds == NULL) { 4589 new_creds = prepare_creds(); 4590 if (new_creds == NULL) 4591 return -ENOMEM; 4592 } 4593 4594 tsp = new_creds->security; 4595 4596 /* 4597 * Get label from overlay inode and set it in create_sid 4598 */ 4599 isp = d_inode(dentry->d_parent)->i_security; 4600 skp = isp->smk_inode; 4601 tsp->smk_task = skp; 4602 *new = new_creds; 4603 return 0; 4604 } 4605 4606 static int smack_inode_copy_up_xattr(const char *name) 4607 { 4608 /* 4609 * Return 1 if this is the smack access Smack attribute. 4610 */ 4611 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4612 return 1; 4613 4614 return -EOPNOTSUPP; 4615 } 4616 4617 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4618 struct qstr *name, 4619 const struct cred *old, 4620 struct cred *new) 4621 { 4622 struct task_smack *otsp = old->security; 4623 struct task_smack *ntsp = new->security; 4624 struct inode_smack *isp; 4625 int may; 4626 4627 /* 4628 * Use the process credential unless all of 4629 * the transmuting criteria are met 4630 */ 4631 ntsp->smk_task = otsp->smk_task; 4632 4633 /* 4634 * the attribute of the containing directory 4635 */ 4636 isp = d_inode(dentry->d_parent)->i_security; 4637 4638 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4639 rcu_read_lock(); 4640 may = smk_access_entry(otsp->smk_task->smk_known, 4641 isp->smk_inode->smk_known, 4642 &otsp->smk_task->smk_rules); 4643 rcu_read_unlock(); 4644 4645 /* 4646 * If the directory is transmuting and the rule 4647 * providing access is transmuting use the containing 4648 * directory label instead of the process label. 4649 */ 4650 if (may > 0 && (may & MAY_TRANSMUTE)) 4651 ntsp->smk_task = isp->smk_inode; 4652 } 4653 return 0; 4654 } 4655 4656 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4657 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4658 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4659 LSM_HOOK_INIT(syslog, smack_syslog), 4660 4661 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4662 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), 4663 LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data), 4664 LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount), 4665 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4666 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4667 LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str), 4668 4669 LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), 4670 4671 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4672 LSM_HOOK_INIT(inode_free_security, smack_inode_free_security), 4673 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4674 LSM_HOOK_INIT(inode_link, smack_inode_link), 4675 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4676 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4677 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4678 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4679 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4680 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4681 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4682 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4683 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4684 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4685 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4686 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4687 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4688 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4689 4690 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4691 LSM_HOOK_INIT(file_free_security, smack_file_free_security), 4692 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4693 LSM_HOOK_INIT(file_lock, smack_file_lock), 4694 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4695 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4696 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4697 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4698 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4699 LSM_HOOK_INIT(file_receive, smack_file_receive), 4700 4701 LSM_HOOK_INIT(file_open, smack_file_open), 4702 4703 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4704 LSM_HOOK_INIT(cred_free, smack_cred_free), 4705 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4706 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4707 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4708 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4709 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4710 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4711 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4712 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4713 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid), 4714 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4715 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4716 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4717 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4718 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4719 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4720 LSM_HOOK_INIT(task_kill, smack_task_kill), 4721 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4722 4723 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4724 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4725 4726 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4727 LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security), 4728 4729 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4730 LSM_HOOK_INIT(msg_queue_free_security, smack_ipc_free_security), 4731 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4732 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4733 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4734 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4735 4736 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4737 LSM_HOOK_INIT(shm_free_security, smack_ipc_free_security), 4738 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4739 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4740 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4741 4742 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4743 LSM_HOOK_INIT(sem_free_security, smack_ipc_free_security), 4744 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4745 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4746 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4747 4748 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4749 4750 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4751 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4752 4753 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4754 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4755 4756 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4757 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4758 #ifdef SMACK_IPV6_PORT_LABELING 4759 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4760 #endif 4761 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4762 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4763 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4764 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4765 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4766 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4767 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4768 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4769 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4770 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4771 4772 /* key management security hooks */ 4773 #ifdef CONFIG_KEYS 4774 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4775 LSM_HOOK_INIT(key_free, smack_key_free), 4776 LSM_HOOK_INIT(key_permission, smack_key_permission), 4777 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4778 #endif /* CONFIG_KEYS */ 4779 4780 /* Audit hooks */ 4781 #ifdef CONFIG_AUDIT 4782 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4783 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4784 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4785 #endif /* CONFIG_AUDIT */ 4786 4787 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4788 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4789 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4790 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4791 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4792 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4793 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4794 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4795 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4796 }; 4797 4798 4799 static __init void init_smack_known_list(void) 4800 { 4801 /* 4802 * Initialize rule list locks 4803 */ 4804 mutex_init(&smack_known_huh.smk_rules_lock); 4805 mutex_init(&smack_known_hat.smk_rules_lock); 4806 mutex_init(&smack_known_floor.smk_rules_lock); 4807 mutex_init(&smack_known_star.smk_rules_lock); 4808 mutex_init(&smack_known_web.smk_rules_lock); 4809 /* 4810 * Initialize rule lists 4811 */ 4812 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4813 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4814 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4815 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4816 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4817 /* 4818 * Create the known labels list 4819 */ 4820 smk_insert_entry(&smack_known_huh); 4821 smk_insert_entry(&smack_known_hat); 4822 smk_insert_entry(&smack_known_star); 4823 smk_insert_entry(&smack_known_floor); 4824 smk_insert_entry(&smack_known_web); 4825 } 4826 4827 /** 4828 * smack_init - initialize the smack system 4829 * 4830 * Returns 0 4831 */ 4832 static __init int smack_init(void) 4833 { 4834 struct cred *cred; 4835 struct task_smack *tsp; 4836 4837 if (!security_module_enable("smack")) 4838 return 0; 4839 4840 smack_inode_cache = KMEM_CACHE(inode_smack, 0); 4841 if (!smack_inode_cache) 4842 return -ENOMEM; 4843 4844 tsp = new_task_smack(&smack_known_floor, &smack_known_floor, 4845 GFP_KERNEL); 4846 if (tsp == NULL) { 4847 kmem_cache_destroy(smack_inode_cache); 4848 return -ENOMEM; 4849 } 4850 4851 smack_enabled = 1; 4852 4853 pr_info("Smack: Initializing.\n"); 4854 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4855 pr_info("Smack: Netfilter enabled.\n"); 4856 #endif 4857 #ifdef SMACK_IPV6_PORT_LABELING 4858 pr_info("Smack: IPv6 port labeling enabled.\n"); 4859 #endif 4860 #ifdef SMACK_IPV6_SECMARK_LABELING 4861 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4862 #endif 4863 4864 /* 4865 * Set the security state for the initial task. 4866 */ 4867 cred = (struct cred *) current->cred; 4868 cred->security = tsp; 4869 4870 /* initialize the smack_known_list */ 4871 init_smack_known_list(); 4872 4873 /* 4874 * Register with LSM 4875 */ 4876 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4877 4878 return 0; 4879 } 4880 4881 /* 4882 * Smack requires early initialization in order to label 4883 * all processes and objects when they are created. 4884 */ 4885 security_initcall(smack_init); 4886