1 /* 2 * Simplified MAC Kernel (smack) security module 3 * 4 * This file contains the smack hook function implementations. 5 * 6 * Authors: 7 * Casey Schaufler <casey@schaufler-ca.com> 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 9 * 10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 12 * Paul Moore <paul@paul-moore.com> 13 * Copyright (C) 2010 Nokia Corporation 14 * Copyright (C) 2011 Intel Corporation. 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License version 2, 18 * as published by the Free Software Foundation. 19 */ 20 21 #include <linux/xattr.h> 22 #include <linux/pagemap.h> 23 #include <linux/mount.h> 24 #include <linux/stat.h> 25 #include <linux/kd.h> 26 #include <asm/ioctls.h> 27 #include <linux/ip.h> 28 #include <linux/tcp.h> 29 #include <linux/udp.h> 30 #include <linux/dccp.h> 31 #include <linux/slab.h> 32 #include <linux/mutex.h> 33 #include <linux/pipe_fs_i.h> 34 #include <net/cipso_ipv4.h> 35 #include <net/ip.h> 36 #include <net/ipv6.h> 37 #include <linux/audit.h> 38 #include <linux/magic.h> 39 #include <linux/dcache.h> 40 #include <linux/personality.h> 41 #include <linux/msg.h> 42 #include <linux/shm.h> 43 #include <linux/binfmts.h> 44 #include "smack.h" 45 46 #define TRANS_TRUE "TRUE" 47 #define TRANS_TRUE_SIZE 4 48 49 #define SMK_CONNECTING 0 50 #define SMK_RECEIVING 1 51 #define SMK_SENDING 2 52 53 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 54 LIST_HEAD(smk_ipv6_port_list); 55 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 56 static struct kmem_cache *smack_inode_cache; 57 int smack_enabled; 58 59 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 60 static void smk_bu_mode(int mode, char *s) 61 { 62 int i = 0; 63 64 if (mode & MAY_READ) 65 s[i++] = 'r'; 66 if (mode & MAY_WRITE) 67 s[i++] = 'w'; 68 if (mode & MAY_EXEC) 69 s[i++] = 'x'; 70 if (mode & MAY_APPEND) 71 s[i++] = 'a'; 72 if (mode & MAY_TRANSMUTE) 73 s[i++] = 't'; 74 if (mode & MAY_LOCK) 75 s[i++] = 'l'; 76 if (i == 0) 77 s[i++] = '-'; 78 s[i] = '\0'; 79 } 80 #endif 81 82 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 83 static int smk_bu_note(char *note, struct smack_known *sskp, 84 struct smack_known *oskp, int mode, int rc) 85 { 86 char acc[SMK_NUM_ACCESS_TYPE + 1]; 87 88 if (rc <= 0) 89 return rc; 90 91 smk_bu_mode(mode, acc); 92 pr_info("Smack Bringup: (%s %s %s) %s\n", 93 sskp->smk_known, oskp->smk_known, acc, note); 94 return 0; 95 } 96 #else 97 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 98 #endif 99 100 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 101 static int smk_bu_current(char *note, struct smack_known *oskp, 102 int mode, int rc) 103 { 104 struct task_smack *tsp = current_security(); 105 char acc[SMK_NUM_ACCESS_TYPE + 1]; 106 107 if (rc <= 0) 108 return rc; 109 110 smk_bu_mode(mode, acc); 111 pr_info("Smack Bringup: (%s %s %s) %s %s\n", 112 tsp->smk_task->smk_known, oskp->smk_known, 113 acc, current->comm, note); 114 return 0; 115 } 116 #else 117 #define smk_bu_current(note, oskp, mode, RC) (RC) 118 #endif 119 120 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 121 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 122 { 123 struct task_smack *tsp = current_security(); 124 struct smack_known *smk_task = smk_of_task_struct(otp); 125 char acc[SMK_NUM_ACCESS_TYPE + 1]; 126 127 if (rc <= 0) 128 return rc; 129 130 smk_bu_mode(mode, acc); 131 pr_info("Smack Bringup: (%s %s %s) %s to %s\n", 132 tsp->smk_task->smk_known, smk_task->smk_known, acc, 133 current->comm, otp->comm); 134 return 0; 135 } 136 #else 137 #define smk_bu_task(otp, mode, RC) (RC) 138 #endif 139 140 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 141 static int smk_bu_inode(struct inode *inode, int mode, int rc) 142 { 143 struct task_smack *tsp = current_security(); 144 char acc[SMK_NUM_ACCESS_TYPE + 1]; 145 146 if (rc <= 0) 147 return rc; 148 149 smk_bu_mode(mode, acc); 150 pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n", 151 tsp->smk_task->smk_known, smk_of_inode(inode)->smk_known, acc, 152 inode->i_sb->s_id, inode->i_ino, current->comm); 153 return 0; 154 } 155 #else 156 #define smk_bu_inode(inode, mode, RC) (RC) 157 #endif 158 159 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 160 static int smk_bu_file(struct file *file, int mode, int rc) 161 { 162 struct task_smack *tsp = current_security(); 163 struct smack_known *sskp = tsp->smk_task; 164 struct inode *inode = file_inode(file); 165 char acc[SMK_NUM_ACCESS_TYPE + 1]; 166 167 if (rc <= 0) 168 return rc; 169 170 smk_bu_mode(mode, acc); 171 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n", 172 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 173 inode->i_sb->s_id, inode->i_ino, file, 174 current->comm); 175 return 0; 176 } 177 #else 178 #define smk_bu_file(file, mode, RC) (RC) 179 #endif 180 181 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 182 static int smk_bu_credfile(const struct cred *cred, struct file *file, 183 int mode, int rc) 184 { 185 struct task_smack *tsp = cred->security; 186 struct smack_known *sskp = tsp->smk_task; 187 struct inode *inode = file->f_inode; 188 char acc[SMK_NUM_ACCESS_TYPE + 1]; 189 190 if (rc <= 0) 191 return rc; 192 193 smk_bu_mode(mode, acc); 194 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n", 195 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 196 inode->i_sb->s_id, inode->i_ino, file, 197 current->comm); 198 return 0; 199 } 200 #else 201 #define smk_bu_credfile(cred, file, mode, RC) (RC) 202 #endif 203 204 /** 205 * smk_fetch - Fetch the smack label from a file. 206 * @name: type of the label (attribute) 207 * @ip: a pointer to the inode 208 * @dp: a pointer to the dentry 209 * 210 * Returns a pointer to the master list entry for the Smack label 211 * or NULL if there was no label to fetch. 212 */ 213 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 214 struct dentry *dp) 215 { 216 int rc; 217 char *buffer; 218 struct smack_known *skp = NULL; 219 220 if (ip->i_op->getxattr == NULL) 221 return NULL; 222 223 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL); 224 if (buffer == NULL) 225 return NULL; 226 227 rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL); 228 if (rc > 0) 229 skp = smk_import_entry(buffer, rc); 230 231 kfree(buffer); 232 233 return skp; 234 } 235 236 /** 237 * new_inode_smack - allocate an inode security blob 238 * @skp: a pointer to the Smack label entry to use in the blob 239 * 240 * Returns the new blob or NULL if there's no memory available 241 */ 242 struct inode_smack *new_inode_smack(struct smack_known *skp) 243 { 244 struct inode_smack *isp; 245 246 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS); 247 if (isp == NULL) 248 return NULL; 249 250 isp->smk_inode = skp; 251 isp->smk_flags = 0; 252 mutex_init(&isp->smk_lock); 253 254 return isp; 255 } 256 257 /** 258 * new_task_smack - allocate a task security blob 259 * @task: a pointer to the Smack label for the running task 260 * @forked: a pointer to the Smack label for the forked task 261 * @gfp: type of the memory for the allocation 262 * 263 * Returns the new blob or NULL if there's no memory available 264 */ 265 static struct task_smack *new_task_smack(struct smack_known *task, 266 struct smack_known *forked, gfp_t gfp) 267 { 268 struct task_smack *tsp; 269 270 tsp = kzalloc(sizeof(struct task_smack), gfp); 271 if (tsp == NULL) 272 return NULL; 273 274 tsp->smk_task = task; 275 tsp->smk_forked = forked; 276 INIT_LIST_HEAD(&tsp->smk_rules); 277 mutex_init(&tsp->smk_rules_lock); 278 279 return tsp; 280 } 281 282 /** 283 * smk_copy_rules - copy a rule set 284 * @nhead: new rules header pointer 285 * @ohead: old rules header pointer 286 * @gfp: type of the memory for the allocation 287 * 288 * Returns 0 on success, -ENOMEM on error 289 */ 290 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 291 gfp_t gfp) 292 { 293 struct smack_rule *nrp; 294 struct smack_rule *orp; 295 int rc = 0; 296 297 INIT_LIST_HEAD(nhead); 298 299 list_for_each_entry_rcu(orp, ohead, list) { 300 nrp = kzalloc(sizeof(struct smack_rule), gfp); 301 if (nrp == NULL) { 302 rc = -ENOMEM; 303 break; 304 } 305 *nrp = *orp; 306 list_add_rcu(&nrp->list, nhead); 307 } 308 return rc; 309 } 310 311 /** 312 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 313 * @mode - input mode in form of PTRACE_MODE_* 314 * 315 * Returns a converted MAY_* mode usable by smack rules 316 */ 317 static inline unsigned int smk_ptrace_mode(unsigned int mode) 318 { 319 switch (mode) { 320 case PTRACE_MODE_READ: 321 return MAY_READ; 322 case PTRACE_MODE_ATTACH: 323 return MAY_READWRITE; 324 } 325 326 return 0; 327 } 328 329 /** 330 * smk_ptrace_rule_check - helper for ptrace access 331 * @tracer: tracer process 332 * @tracee_known: label entry of the process that's about to be traced 333 * @mode: ptrace attachment mode (PTRACE_MODE_*) 334 * @func: name of the function that called us, used for audit 335 * 336 * Returns 0 on access granted, -error on error 337 */ 338 static int smk_ptrace_rule_check(struct task_struct *tracer, 339 struct smack_known *tracee_known, 340 unsigned int mode, const char *func) 341 { 342 int rc; 343 struct smk_audit_info ad, *saip = NULL; 344 struct task_smack *tsp; 345 struct smack_known *tracer_known; 346 347 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 348 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 349 smk_ad_setfield_u_tsk(&ad, tracer); 350 saip = &ad; 351 } 352 353 rcu_read_lock(); 354 tsp = __task_cred(tracer)->security; 355 tracer_known = smk_of_task(tsp); 356 357 if ((mode & PTRACE_MODE_ATTACH) && 358 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 359 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 360 if (tracer_known->smk_known == tracee_known->smk_known) 361 rc = 0; 362 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 363 rc = -EACCES; 364 else if (capable(CAP_SYS_PTRACE)) 365 rc = 0; 366 else 367 rc = -EACCES; 368 369 if (saip) 370 smack_log(tracer_known->smk_known, 371 tracee_known->smk_known, 372 0, rc, saip); 373 374 rcu_read_unlock(); 375 return rc; 376 } 377 378 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 379 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 380 381 rcu_read_unlock(); 382 return rc; 383 } 384 385 /* 386 * LSM hooks. 387 * We he, that is fun! 388 */ 389 390 /** 391 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 392 * @ctp: child task pointer 393 * @mode: ptrace attachment mode (PTRACE_MODE_*) 394 * 395 * Returns 0 if access is OK, an error code otherwise 396 * 397 * Do the capability checks. 398 */ 399 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 400 { 401 int rc; 402 struct smack_known *skp; 403 404 rc = cap_ptrace_access_check(ctp, mode); 405 if (rc != 0) 406 return rc; 407 408 skp = smk_of_task_struct(ctp); 409 410 rc = smk_ptrace_rule_check(current, skp, mode, __func__); 411 return rc; 412 } 413 414 /** 415 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 416 * @ptp: parent task pointer 417 * 418 * Returns 0 if access is OK, an error code otherwise 419 * 420 * Do the capability checks, and require PTRACE_MODE_ATTACH. 421 */ 422 static int smack_ptrace_traceme(struct task_struct *ptp) 423 { 424 int rc; 425 struct smack_known *skp; 426 427 rc = cap_ptrace_traceme(ptp); 428 if (rc != 0) 429 return rc; 430 431 skp = smk_of_task(current_security()); 432 433 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 434 return rc; 435 } 436 437 /** 438 * smack_syslog - Smack approval on syslog 439 * @type: message type 440 * 441 * Returns 0 on success, error code otherwise. 442 */ 443 static int smack_syslog(int typefrom_file) 444 { 445 int rc = 0; 446 struct smack_known *skp = smk_of_current(); 447 448 if (smack_privileged(CAP_MAC_OVERRIDE)) 449 return 0; 450 451 if (smack_syslog_label != NULL && smack_syslog_label != skp) 452 rc = -EACCES; 453 454 return rc; 455 } 456 457 458 /* 459 * Superblock Hooks. 460 */ 461 462 /** 463 * smack_sb_alloc_security - allocate a superblock blob 464 * @sb: the superblock getting the blob 465 * 466 * Returns 0 on success or -ENOMEM on error. 467 */ 468 static int smack_sb_alloc_security(struct super_block *sb) 469 { 470 struct superblock_smack *sbsp; 471 472 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 473 474 if (sbsp == NULL) 475 return -ENOMEM; 476 477 sbsp->smk_root = &smack_known_floor; 478 sbsp->smk_default = &smack_known_floor; 479 sbsp->smk_floor = &smack_known_floor; 480 sbsp->smk_hat = &smack_known_hat; 481 /* 482 * smk_initialized will be zero from kzalloc. 483 */ 484 sb->s_security = sbsp; 485 486 return 0; 487 } 488 489 /** 490 * smack_sb_free_security - free a superblock blob 491 * @sb: the superblock getting the blob 492 * 493 */ 494 static void smack_sb_free_security(struct super_block *sb) 495 { 496 kfree(sb->s_security); 497 sb->s_security = NULL; 498 } 499 500 /** 501 * smack_sb_copy_data - copy mount options data for processing 502 * @orig: where to start 503 * @smackopts: mount options string 504 * 505 * Returns 0 on success or -ENOMEM on error. 506 * 507 * Copy the Smack specific mount options out of the mount 508 * options list. 509 */ 510 static int smack_sb_copy_data(char *orig, char *smackopts) 511 { 512 char *cp, *commap, *otheropts, *dp; 513 514 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 515 if (otheropts == NULL) 516 return -ENOMEM; 517 518 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 519 if (strstr(cp, SMK_FSDEFAULT) == cp) 520 dp = smackopts; 521 else if (strstr(cp, SMK_FSFLOOR) == cp) 522 dp = smackopts; 523 else if (strstr(cp, SMK_FSHAT) == cp) 524 dp = smackopts; 525 else if (strstr(cp, SMK_FSROOT) == cp) 526 dp = smackopts; 527 else if (strstr(cp, SMK_FSTRANS) == cp) 528 dp = smackopts; 529 else 530 dp = otheropts; 531 532 commap = strchr(cp, ','); 533 if (commap != NULL) 534 *commap = '\0'; 535 536 if (*dp != '\0') 537 strcat(dp, ","); 538 strcat(dp, cp); 539 } 540 541 strcpy(orig, otheropts); 542 free_page((unsigned long)otheropts); 543 544 return 0; 545 } 546 547 /** 548 * smack_sb_kern_mount - Smack specific mount processing 549 * @sb: the file system superblock 550 * @flags: the mount flags 551 * @data: the smack mount options 552 * 553 * Returns 0 on success, an error code on failure 554 */ 555 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 556 { 557 struct dentry *root = sb->s_root; 558 struct inode *inode = root->d_inode; 559 struct superblock_smack *sp = sb->s_security; 560 struct inode_smack *isp; 561 struct smack_known *skp; 562 char *op; 563 char *commap; 564 int transmute = 0; 565 int specified = 0; 566 567 if (sp->smk_initialized) 568 return 0; 569 570 sp->smk_initialized = 1; 571 572 for (op = data; op != NULL; op = commap) { 573 commap = strchr(op, ','); 574 if (commap != NULL) 575 *commap++ = '\0'; 576 577 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { 578 op += strlen(SMK_FSHAT); 579 skp = smk_import_entry(op, 0); 580 if (skp != NULL) { 581 sp->smk_hat = skp; 582 specified = 1; 583 } 584 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { 585 op += strlen(SMK_FSFLOOR); 586 skp = smk_import_entry(op, 0); 587 if (skp != NULL) { 588 sp->smk_floor = skp; 589 specified = 1; 590 } 591 } else if (strncmp(op, SMK_FSDEFAULT, 592 strlen(SMK_FSDEFAULT)) == 0) { 593 op += strlen(SMK_FSDEFAULT); 594 skp = smk_import_entry(op, 0); 595 if (skp != NULL) { 596 sp->smk_default = skp; 597 specified = 1; 598 } 599 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { 600 op += strlen(SMK_FSROOT); 601 skp = smk_import_entry(op, 0); 602 if (skp != NULL) { 603 sp->smk_root = skp; 604 specified = 1; 605 } 606 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) { 607 op += strlen(SMK_FSTRANS); 608 skp = smk_import_entry(op, 0); 609 if (skp != NULL) { 610 sp->smk_root = skp; 611 transmute = 1; 612 specified = 1; 613 } 614 } 615 } 616 617 if (!smack_privileged(CAP_MAC_ADMIN)) { 618 /* 619 * Unprivileged mounts don't get to specify Smack values. 620 */ 621 if (specified) 622 return -EPERM; 623 /* 624 * Unprivileged mounts get root and default from the caller. 625 */ 626 skp = smk_of_current(); 627 sp->smk_root = skp; 628 sp->smk_default = skp; 629 } 630 /* 631 * Initialize the root inode. 632 */ 633 isp = inode->i_security; 634 if (isp == NULL) { 635 isp = new_inode_smack(sp->smk_root); 636 if (isp == NULL) 637 return -ENOMEM; 638 inode->i_security = isp; 639 } else 640 isp->smk_inode = sp->smk_root; 641 642 if (transmute) 643 isp->smk_flags |= SMK_INODE_TRANSMUTE; 644 645 return 0; 646 } 647 648 /** 649 * smack_sb_statfs - Smack check on statfs 650 * @dentry: identifies the file system in question 651 * 652 * Returns 0 if current can read the floor of the filesystem, 653 * and error code otherwise 654 */ 655 static int smack_sb_statfs(struct dentry *dentry) 656 { 657 struct superblock_smack *sbp = dentry->d_sb->s_security; 658 int rc; 659 struct smk_audit_info ad; 660 661 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 662 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 663 664 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 665 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 666 return rc; 667 } 668 669 /* 670 * BPRM hooks 671 */ 672 673 /** 674 * smack_bprm_set_creds - set creds for exec 675 * @bprm: the exec information 676 * 677 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 678 */ 679 static int smack_bprm_set_creds(struct linux_binprm *bprm) 680 { 681 struct inode *inode = file_inode(bprm->file); 682 struct task_smack *bsp = bprm->cred->security; 683 struct inode_smack *isp; 684 int rc; 685 686 rc = cap_bprm_set_creds(bprm); 687 if (rc != 0) 688 return rc; 689 690 if (bprm->cred_prepared) 691 return 0; 692 693 isp = inode->i_security; 694 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 695 return 0; 696 697 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { 698 struct task_struct *tracer; 699 rc = 0; 700 701 rcu_read_lock(); 702 tracer = ptrace_parent(current); 703 if (likely(tracer != NULL)) 704 rc = smk_ptrace_rule_check(tracer, 705 isp->smk_task, 706 PTRACE_MODE_ATTACH, 707 __func__); 708 rcu_read_unlock(); 709 710 if (rc != 0) 711 return rc; 712 } else if (bprm->unsafe) 713 return -EPERM; 714 715 bsp->smk_task = isp->smk_task; 716 bprm->per_clear |= PER_CLEAR_ON_SETID; 717 718 return 0; 719 } 720 721 /** 722 * smack_bprm_committing_creds - Prepare to install the new credentials 723 * from bprm. 724 * 725 * @bprm: binprm for exec 726 */ 727 static void smack_bprm_committing_creds(struct linux_binprm *bprm) 728 { 729 struct task_smack *bsp = bprm->cred->security; 730 731 if (bsp->smk_task != bsp->smk_forked) 732 current->pdeath_signal = 0; 733 } 734 735 /** 736 * smack_bprm_secureexec - Return the decision to use secureexec. 737 * @bprm: binprm for exec 738 * 739 * Returns 0 on success. 740 */ 741 static int smack_bprm_secureexec(struct linux_binprm *bprm) 742 { 743 struct task_smack *tsp = current_security(); 744 int ret = cap_bprm_secureexec(bprm); 745 746 if (!ret && (tsp->smk_task != tsp->smk_forked)) 747 ret = 1; 748 749 return ret; 750 } 751 752 /* 753 * Inode hooks 754 */ 755 756 /** 757 * smack_inode_alloc_security - allocate an inode blob 758 * @inode: the inode in need of a blob 759 * 760 * Returns 0 if it gets a blob, -ENOMEM otherwise 761 */ 762 static int smack_inode_alloc_security(struct inode *inode) 763 { 764 struct smack_known *skp = smk_of_current(); 765 766 inode->i_security = new_inode_smack(skp); 767 if (inode->i_security == NULL) 768 return -ENOMEM; 769 return 0; 770 } 771 772 /** 773 * smack_inode_free_security - free an inode blob 774 * @inode: the inode with a blob 775 * 776 * Clears the blob pointer in inode 777 */ 778 static void smack_inode_free_security(struct inode *inode) 779 { 780 kmem_cache_free(smack_inode_cache, inode->i_security); 781 inode->i_security = NULL; 782 } 783 784 /** 785 * smack_inode_init_security - copy out the smack from an inode 786 * @inode: the newly created inode 787 * @dir: containing directory object 788 * @qstr: unused 789 * @name: where to put the attribute name 790 * @value: where to put the attribute value 791 * @len: where to put the length of the attribute 792 * 793 * Returns 0 if it all works out, -ENOMEM if there's no memory 794 */ 795 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 796 const struct qstr *qstr, const char **name, 797 void **value, size_t *len) 798 { 799 struct inode_smack *issp = inode->i_security; 800 struct smack_known *skp = smk_of_current(); 801 struct smack_known *isp = smk_of_inode(inode); 802 struct smack_known *dsp = smk_of_inode(dir); 803 int may; 804 805 if (name) 806 *name = XATTR_SMACK_SUFFIX; 807 808 if (value && len) { 809 rcu_read_lock(); 810 may = smk_access_entry(skp->smk_known, dsp->smk_known, 811 &skp->smk_rules); 812 rcu_read_unlock(); 813 814 /* 815 * If the access rule allows transmutation and 816 * the directory requests transmutation then 817 * by all means transmute. 818 * Mark the inode as changed. 819 */ 820 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 821 smk_inode_transmutable(dir)) { 822 isp = dsp; 823 issp->smk_flags |= SMK_INODE_CHANGED; 824 } 825 826 *value = kstrdup(isp->smk_known, GFP_NOFS); 827 if (*value == NULL) 828 return -ENOMEM; 829 830 *len = strlen(isp->smk_known); 831 } 832 833 return 0; 834 } 835 836 /** 837 * smack_inode_link - Smack check on link 838 * @old_dentry: the existing object 839 * @dir: unused 840 * @new_dentry: the new object 841 * 842 * Returns 0 if access is permitted, an error code otherwise 843 */ 844 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 845 struct dentry *new_dentry) 846 { 847 struct smack_known *isp; 848 struct smk_audit_info ad; 849 int rc; 850 851 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 852 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 853 854 isp = smk_of_inode(old_dentry->d_inode); 855 rc = smk_curacc(isp, MAY_WRITE, &ad); 856 rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc); 857 858 if (rc == 0 && d_is_positive(new_dentry)) { 859 isp = smk_of_inode(new_dentry->d_inode); 860 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 861 rc = smk_curacc(isp, MAY_WRITE, &ad); 862 rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc); 863 } 864 865 return rc; 866 } 867 868 /** 869 * smack_inode_unlink - Smack check on inode deletion 870 * @dir: containing directory object 871 * @dentry: file to unlink 872 * 873 * Returns 0 if current can write the containing directory 874 * and the object, error code otherwise 875 */ 876 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 877 { 878 struct inode *ip = dentry->d_inode; 879 struct smk_audit_info ad; 880 int rc; 881 882 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 883 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 884 885 /* 886 * You need write access to the thing you're unlinking 887 */ 888 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 889 rc = smk_bu_inode(ip, MAY_WRITE, rc); 890 if (rc == 0) { 891 /* 892 * You also need write access to the containing directory 893 */ 894 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 895 smk_ad_setfield_u_fs_inode(&ad, dir); 896 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 897 rc = smk_bu_inode(dir, MAY_WRITE, rc); 898 } 899 return rc; 900 } 901 902 /** 903 * smack_inode_rmdir - Smack check on directory deletion 904 * @dir: containing directory object 905 * @dentry: directory to unlink 906 * 907 * Returns 0 if current can write the containing directory 908 * and the directory, error code otherwise 909 */ 910 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 911 { 912 struct smk_audit_info ad; 913 int rc; 914 915 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 916 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 917 918 /* 919 * You need write access to the thing you're removing 920 */ 921 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 922 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); 923 if (rc == 0) { 924 /* 925 * You also need write access to the containing directory 926 */ 927 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 928 smk_ad_setfield_u_fs_inode(&ad, dir); 929 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 930 rc = smk_bu_inode(dir, MAY_WRITE, rc); 931 } 932 933 return rc; 934 } 935 936 /** 937 * smack_inode_rename - Smack check on rename 938 * @old_inode: unused 939 * @old_dentry: the old object 940 * @new_inode: unused 941 * @new_dentry: the new object 942 * 943 * Read and write access is required on both the old and 944 * new directories. 945 * 946 * Returns 0 if access is permitted, an error code otherwise 947 */ 948 static int smack_inode_rename(struct inode *old_inode, 949 struct dentry *old_dentry, 950 struct inode *new_inode, 951 struct dentry *new_dentry) 952 { 953 int rc; 954 struct smack_known *isp; 955 struct smk_audit_info ad; 956 957 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 958 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 959 960 isp = smk_of_inode(old_dentry->d_inode); 961 rc = smk_curacc(isp, MAY_READWRITE, &ad); 962 rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc); 963 964 if (rc == 0 && d_is_positive(new_dentry)) { 965 isp = smk_of_inode(new_dentry->d_inode); 966 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 967 rc = smk_curacc(isp, MAY_READWRITE, &ad); 968 rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc); 969 } 970 return rc; 971 } 972 973 /** 974 * smack_inode_permission - Smack version of permission() 975 * @inode: the inode in question 976 * @mask: the access requested 977 * 978 * This is the important Smack hook. 979 * 980 * Returns 0 if access is permitted, -EACCES otherwise 981 */ 982 static int smack_inode_permission(struct inode *inode, int mask) 983 { 984 struct smk_audit_info ad; 985 int no_block = mask & MAY_NOT_BLOCK; 986 int rc; 987 988 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 989 /* 990 * No permission to check. Existence test. Yup, it's there. 991 */ 992 if (mask == 0) 993 return 0; 994 995 /* May be droppable after audit */ 996 if (no_block) 997 return -ECHILD; 998 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 999 smk_ad_setfield_u_fs_inode(&ad, inode); 1000 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1001 rc = smk_bu_inode(inode, mask, rc); 1002 return rc; 1003 } 1004 1005 /** 1006 * smack_inode_setattr - Smack check for setting attributes 1007 * @dentry: the object 1008 * @iattr: for the force flag 1009 * 1010 * Returns 0 if access is permitted, an error code otherwise 1011 */ 1012 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1013 { 1014 struct smk_audit_info ad; 1015 int rc; 1016 1017 /* 1018 * Need to allow for clearing the setuid bit. 1019 */ 1020 if (iattr->ia_valid & ATTR_FORCE) 1021 return 0; 1022 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1023 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1024 1025 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 1026 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); 1027 return rc; 1028 } 1029 1030 /** 1031 * smack_inode_getattr - Smack check for getting attributes 1032 * @mnt: vfsmount of the object 1033 * @dentry: the object 1034 * 1035 * Returns 0 if access is permitted, an error code otherwise 1036 */ 1037 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 1038 { 1039 struct smk_audit_info ad; 1040 struct path path; 1041 int rc; 1042 1043 path.dentry = dentry; 1044 path.mnt = mnt; 1045 1046 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1047 smk_ad_setfield_u_fs_path(&ad, path); 1048 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); 1049 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc); 1050 return rc; 1051 } 1052 1053 /** 1054 * smack_inode_setxattr - Smack check for setting xattrs 1055 * @dentry: the object 1056 * @name: name of the attribute 1057 * @value: value of the attribute 1058 * @size: size of the value 1059 * @flags: unused 1060 * 1061 * This protects the Smack attribute explicitly. 1062 * 1063 * Returns 0 if access is permitted, an error code otherwise 1064 */ 1065 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 1066 const void *value, size_t size, int flags) 1067 { 1068 struct smk_audit_info ad; 1069 struct smack_known *skp; 1070 int check_priv = 0; 1071 int check_import = 0; 1072 int check_star = 0; 1073 int rc = 0; 1074 1075 /* 1076 * Check label validity here so import won't fail in post_setxattr 1077 */ 1078 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1079 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1080 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1081 check_priv = 1; 1082 check_import = 1; 1083 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1084 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1085 check_priv = 1; 1086 check_import = 1; 1087 check_star = 1; 1088 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1089 check_priv = 1; 1090 if (size != TRANS_TRUE_SIZE || 1091 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1092 rc = -EINVAL; 1093 } else 1094 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1095 1096 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1097 rc = -EPERM; 1098 1099 if (rc == 0 && check_import) { 1100 skp = size ? smk_import_entry(value, size) : NULL; 1101 if (skp == NULL || (check_star && 1102 (skp == &smack_known_star || skp == &smack_known_web))) 1103 rc = -EINVAL; 1104 } 1105 1106 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1107 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1108 1109 if (rc == 0) { 1110 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 1111 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); 1112 } 1113 1114 return rc; 1115 } 1116 1117 /** 1118 * smack_inode_post_setxattr - Apply the Smack update approved above 1119 * @dentry: object 1120 * @name: attribute name 1121 * @value: attribute value 1122 * @size: attribute size 1123 * @flags: unused 1124 * 1125 * Set the pointer in the inode blob to the entry found 1126 * in the master label list. 1127 */ 1128 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1129 const void *value, size_t size, int flags) 1130 { 1131 struct smack_known *skp; 1132 struct inode_smack *isp = dentry->d_inode->i_security; 1133 1134 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1135 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1136 return; 1137 } 1138 1139 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1140 skp = smk_import_entry(value, size); 1141 if (skp != NULL) 1142 isp->smk_inode = skp; 1143 else 1144 isp->smk_inode = &smack_known_invalid; 1145 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1146 skp = smk_import_entry(value, size); 1147 if (skp != NULL) 1148 isp->smk_task = skp; 1149 else 1150 isp->smk_task = &smack_known_invalid; 1151 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1152 skp = smk_import_entry(value, size); 1153 if (skp != NULL) 1154 isp->smk_mmap = skp; 1155 else 1156 isp->smk_mmap = &smack_known_invalid; 1157 } 1158 1159 return; 1160 } 1161 1162 /** 1163 * smack_inode_getxattr - Smack check on getxattr 1164 * @dentry: the object 1165 * @name: unused 1166 * 1167 * Returns 0 if access is permitted, an error code otherwise 1168 */ 1169 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1170 { 1171 struct smk_audit_info ad; 1172 int rc; 1173 1174 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1175 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1176 1177 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); 1178 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc); 1179 return rc; 1180 } 1181 1182 /** 1183 * smack_inode_removexattr - Smack check on removexattr 1184 * @dentry: the object 1185 * @name: name of the attribute 1186 * 1187 * Removing the Smack attribute requires CAP_MAC_ADMIN 1188 * 1189 * Returns 0 if access is permitted, an error code otherwise 1190 */ 1191 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 1192 { 1193 struct inode_smack *isp; 1194 struct smk_audit_info ad; 1195 int rc = 0; 1196 1197 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1198 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1199 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1200 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1201 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1202 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1203 if (!smack_privileged(CAP_MAC_ADMIN)) 1204 rc = -EPERM; 1205 } else 1206 rc = cap_inode_removexattr(dentry, name); 1207 1208 if (rc != 0) 1209 return rc; 1210 1211 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1212 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1213 1214 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 1215 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); 1216 if (rc != 0) 1217 return rc; 1218 1219 isp = dentry->d_inode->i_security; 1220 /* 1221 * Don't do anything special for these. 1222 * XATTR_NAME_SMACKIPIN 1223 * XATTR_NAME_SMACKIPOUT 1224 * XATTR_NAME_SMACKEXEC 1225 */ 1226 if (strcmp(name, XATTR_NAME_SMACK) == 0) 1227 isp->smk_task = NULL; 1228 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1229 isp->smk_mmap = NULL; 1230 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1231 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1232 1233 return 0; 1234 } 1235 1236 /** 1237 * smack_inode_getsecurity - get smack xattrs 1238 * @inode: the object 1239 * @name: attribute name 1240 * @buffer: where to put the result 1241 * @alloc: unused 1242 * 1243 * Returns the size of the attribute or an error code 1244 */ 1245 static int smack_inode_getsecurity(const struct inode *inode, 1246 const char *name, void **buffer, 1247 bool alloc) 1248 { 1249 struct socket_smack *ssp; 1250 struct socket *sock; 1251 struct super_block *sbp; 1252 struct inode *ip = (struct inode *)inode; 1253 struct smack_known *isp; 1254 int ilen; 1255 int rc = 0; 1256 1257 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1258 isp = smk_of_inode(inode); 1259 ilen = strlen(isp->smk_known); 1260 *buffer = isp->smk_known; 1261 return ilen; 1262 } 1263 1264 /* 1265 * The rest of the Smack xattrs are only on sockets. 1266 */ 1267 sbp = ip->i_sb; 1268 if (sbp->s_magic != SOCKFS_MAGIC) 1269 return -EOPNOTSUPP; 1270 1271 sock = SOCKET_I(ip); 1272 if (sock == NULL || sock->sk == NULL) 1273 return -EOPNOTSUPP; 1274 1275 ssp = sock->sk->sk_security; 1276 1277 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1278 isp = ssp->smk_in; 1279 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1280 isp = ssp->smk_out; 1281 else 1282 return -EOPNOTSUPP; 1283 1284 ilen = strlen(isp->smk_known); 1285 if (rc == 0) { 1286 *buffer = isp->smk_known; 1287 rc = ilen; 1288 } 1289 1290 return rc; 1291 } 1292 1293 1294 /** 1295 * smack_inode_listsecurity - list the Smack attributes 1296 * @inode: the object 1297 * @buffer: where they go 1298 * @buffer_size: size of buffer 1299 * 1300 * Returns 0 on success, -EINVAL otherwise 1301 */ 1302 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1303 size_t buffer_size) 1304 { 1305 int len = sizeof(XATTR_NAME_SMACK); 1306 1307 if (buffer != NULL && len <= buffer_size) 1308 memcpy(buffer, XATTR_NAME_SMACK, len); 1309 1310 return len; 1311 } 1312 1313 /** 1314 * smack_inode_getsecid - Extract inode's security id 1315 * @inode: inode to extract the info from 1316 * @secid: where result will be saved 1317 */ 1318 static void smack_inode_getsecid(const struct inode *inode, u32 *secid) 1319 { 1320 struct inode_smack *isp = inode->i_security; 1321 1322 *secid = isp->smk_inode->smk_secid; 1323 } 1324 1325 /* 1326 * File Hooks 1327 */ 1328 1329 /** 1330 * smack_file_permission - Smack check on file operations 1331 * @file: unused 1332 * @mask: unused 1333 * 1334 * Returns 0 1335 * 1336 * Should access checks be done on each read or write? 1337 * UNICOS and SELinux say yes. 1338 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1339 * 1340 * I'll say no for now. Smack does not do the frequent 1341 * label changing that SELinux does. 1342 */ 1343 static int smack_file_permission(struct file *file, int mask) 1344 { 1345 return 0; 1346 } 1347 1348 /** 1349 * smack_file_alloc_security - assign a file security blob 1350 * @file: the object 1351 * 1352 * The security blob for a file is a pointer to the master 1353 * label list, so no allocation is done. 1354 * 1355 * f_security is the owner security information. It 1356 * isn't used on file access checks, it's for send_sigio. 1357 * 1358 * Returns 0 1359 */ 1360 static int smack_file_alloc_security(struct file *file) 1361 { 1362 struct smack_known *skp = smk_of_current(); 1363 1364 file->f_security = skp; 1365 return 0; 1366 } 1367 1368 /** 1369 * smack_file_free_security - clear a file security blob 1370 * @file: the object 1371 * 1372 * The security blob for a file is a pointer to the master 1373 * label list, so no memory is freed. 1374 */ 1375 static void smack_file_free_security(struct file *file) 1376 { 1377 file->f_security = NULL; 1378 } 1379 1380 /** 1381 * smack_file_ioctl - Smack check on ioctls 1382 * @file: the object 1383 * @cmd: what to do 1384 * @arg: unused 1385 * 1386 * Relies heavily on the correct use of the ioctl command conventions. 1387 * 1388 * Returns 0 if allowed, error code otherwise 1389 */ 1390 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1391 unsigned long arg) 1392 { 1393 int rc = 0; 1394 struct smk_audit_info ad; 1395 struct inode *inode = file_inode(file); 1396 1397 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1398 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1399 1400 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1401 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1402 rc = smk_bu_file(file, MAY_WRITE, rc); 1403 } 1404 1405 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1406 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1407 rc = smk_bu_file(file, MAY_READ, rc); 1408 } 1409 1410 return rc; 1411 } 1412 1413 /** 1414 * smack_file_lock - Smack check on file locking 1415 * @file: the object 1416 * @cmd: unused 1417 * 1418 * Returns 0 if current has lock access, error code otherwise 1419 */ 1420 static int smack_file_lock(struct file *file, unsigned int cmd) 1421 { 1422 struct smk_audit_info ad; 1423 int rc; 1424 struct inode *inode = file_inode(file); 1425 1426 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1427 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1428 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1429 rc = smk_bu_file(file, MAY_LOCK, rc); 1430 return rc; 1431 } 1432 1433 /** 1434 * smack_file_fcntl - Smack check on fcntl 1435 * @file: the object 1436 * @cmd: what action to check 1437 * @arg: unused 1438 * 1439 * Generally these operations are harmless. 1440 * File locking operations present an obvious mechanism 1441 * for passing information, so they require write access. 1442 * 1443 * Returns 0 if current has access, error code otherwise 1444 */ 1445 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1446 unsigned long arg) 1447 { 1448 struct smk_audit_info ad; 1449 int rc = 0; 1450 struct inode *inode = file_inode(file); 1451 1452 switch (cmd) { 1453 case F_GETLK: 1454 break; 1455 case F_SETLK: 1456 case F_SETLKW: 1457 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1458 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1459 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1460 rc = smk_bu_file(file, MAY_LOCK, rc); 1461 break; 1462 case F_SETOWN: 1463 case F_SETSIG: 1464 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1465 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1466 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1467 rc = smk_bu_file(file, MAY_WRITE, rc); 1468 break; 1469 default: 1470 break; 1471 } 1472 1473 return rc; 1474 } 1475 1476 /** 1477 * smack_mmap_file : 1478 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1479 * if mapping anonymous memory. 1480 * @file contains the file structure for file to map (may be NULL). 1481 * @reqprot contains the protection requested by the application. 1482 * @prot contains the protection that will be applied by the kernel. 1483 * @flags contains the operational flags. 1484 * Return 0 if permission is granted. 1485 */ 1486 static int smack_mmap_file(struct file *file, 1487 unsigned long reqprot, unsigned long prot, 1488 unsigned long flags) 1489 { 1490 struct smack_known *skp; 1491 struct smack_known *mkp; 1492 struct smack_rule *srp; 1493 struct task_smack *tsp; 1494 struct smack_known *okp; 1495 struct inode_smack *isp; 1496 int may; 1497 int mmay; 1498 int tmay; 1499 int rc; 1500 1501 if (file == NULL) 1502 return 0; 1503 1504 isp = file_inode(file)->i_security; 1505 if (isp->smk_mmap == NULL) 1506 return 0; 1507 mkp = isp->smk_mmap; 1508 1509 tsp = current_security(); 1510 skp = smk_of_current(); 1511 rc = 0; 1512 1513 rcu_read_lock(); 1514 /* 1515 * For each Smack rule associated with the subject 1516 * label verify that the SMACK64MMAP also has access 1517 * to that rule's object label. 1518 */ 1519 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1520 okp = srp->smk_object; 1521 /* 1522 * Matching labels always allows access. 1523 */ 1524 if (mkp->smk_known == okp->smk_known) 1525 continue; 1526 /* 1527 * If there is a matching local rule take 1528 * that into account as well. 1529 */ 1530 may = smk_access_entry(srp->smk_subject->smk_known, 1531 okp->smk_known, 1532 &tsp->smk_rules); 1533 if (may == -ENOENT) 1534 may = srp->smk_access; 1535 else 1536 may &= srp->smk_access; 1537 /* 1538 * If may is zero the SMACK64MMAP subject can't 1539 * possibly have less access. 1540 */ 1541 if (may == 0) 1542 continue; 1543 1544 /* 1545 * Fetch the global list entry. 1546 * If there isn't one a SMACK64MMAP subject 1547 * can't have as much access as current. 1548 */ 1549 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1550 &mkp->smk_rules); 1551 if (mmay == -ENOENT) { 1552 rc = -EACCES; 1553 break; 1554 } 1555 /* 1556 * If there is a local entry it modifies the 1557 * potential access, too. 1558 */ 1559 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1560 &tsp->smk_rules); 1561 if (tmay != -ENOENT) 1562 mmay &= tmay; 1563 1564 /* 1565 * If there is any access available to current that is 1566 * not available to a SMACK64MMAP subject 1567 * deny access. 1568 */ 1569 if ((may | mmay) != mmay) { 1570 rc = -EACCES; 1571 break; 1572 } 1573 } 1574 1575 rcu_read_unlock(); 1576 1577 return rc; 1578 } 1579 1580 /** 1581 * smack_file_set_fowner - set the file security blob value 1582 * @file: object in question 1583 * 1584 */ 1585 static void smack_file_set_fowner(struct file *file) 1586 { 1587 file->f_security = smk_of_current(); 1588 } 1589 1590 /** 1591 * smack_file_send_sigiotask - Smack on sigio 1592 * @tsk: The target task 1593 * @fown: the object the signal come from 1594 * @signum: unused 1595 * 1596 * Allow a privileged task to get signals even if it shouldn't 1597 * 1598 * Returns 0 if a subject with the object's smack could 1599 * write to the task, an error code otherwise. 1600 */ 1601 static int smack_file_send_sigiotask(struct task_struct *tsk, 1602 struct fown_struct *fown, int signum) 1603 { 1604 struct smack_known *skp; 1605 struct smack_known *tkp = smk_of_task(tsk->cred->security); 1606 struct file *file; 1607 int rc; 1608 struct smk_audit_info ad; 1609 1610 /* 1611 * struct fown_struct is never outside the context of a struct file 1612 */ 1613 file = container_of(fown, struct file, f_owner); 1614 1615 /* we don't log here as rc can be overriden */ 1616 skp = file->f_security; 1617 rc = smk_access(skp, tkp, MAY_WRITE, NULL); 1618 rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc); 1619 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1620 rc = 0; 1621 1622 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1623 smk_ad_setfield_u_tsk(&ad, tsk); 1624 smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad); 1625 return rc; 1626 } 1627 1628 /** 1629 * smack_file_receive - Smack file receive check 1630 * @file: the object 1631 * 1632 * Returns 0 if current has access, error code otherwise 1633 */ 1634 static int smack_file_receive(struct file *file) 1635 { 1636 int rc; 1637 int may = 0; 1638 struct smk_audit_info ad; 1639 struct inode *inode = file_inode(file); 1640 1641 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1642 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1643 /* 1644 * This code relies on bitmasks. 1645 */ 1646 if (file->f_mode & FMODE_READ) 1647 may = MAY_READ; 1648 if (file->f_mode & FMODE_WRITE) 1649 may |= MAY_WRITE; 1650 1651 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1652 rc = smk_bu_file(file, may, rc); 1653 return rc; 1654 } 1655 1656 /** 1657 * smack_file_open - Smack dentry open processing 1658 * @file: the object 1659 * @cred: task credential 1660 * 1661 * Set the security blob in the file structure. 1662 * Allow the open only if the task has read access. There are 1663 * many read operations (e.g. fstat) that you can do with an 1664 * fd even if you have the file open write-only. 1665 * 1666 * Returns 0 1667 */ 1668 static int smack_file_open(struct file *file, const struct cred *cred) 1669 { 1670 struct task_smack *tsp = cred->security; 1671 struct inode *inode = file_inode(file); 1672 struct smk_audit_info ad; 1673 int rc; 1674 1675 if (smack_privileged(CAP_MAC_OVERRIDE)) 1676 return 0; 1677 1678 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1679 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1680 rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad); 1681 rc = smk_bu_credfile(cred, file, MAY_READ, rc); 1682 1683 return rc; 1684 } 1685 1686 /* 1687 * Task hooks 1688 */ 1689 1690 /** 1691 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1692 * @new: the new credentials 1693 * @gfp: the atomicity of any memory allocations 1694 * 1695 * Prepare a blank set of credentials for modification. This must allocate all 1696 * the memory the LSM module might require such that cred_transfer() can 1697 * complete without error. 1698 */ 1699 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1700 { 1701 struct task_smack *tsp; 1702 1703 tsp = new_task_smack(NULL, NULL, gfp); 1704 if (tsp == NULL) 1705 return -ENOMEM; 1706 1707 cred->security = tsp; 1708 1709 return 0; 1710 } 1711 1712 1713 /** 1714 * smack_cred_free - "free" task-level security credentials 1715 * @cred: the credentials in question 1716 * 1717 */ 1718 static void smack_cred_free(struct cred *cred) 1719 { 1720 struct task_smack *tsp = cred->security; 1721 struct smack_rule *rp; 1722 struct list_head *l; 1723 struct list_head *n; 1724 1725 if (tsp == NULL) 1726 return; 1727 cred->security = NULL; 1728 1729 list_for_each_safe(l, n, &tsp->smk_rules) { 1730 rp = list_entry(l, struct smack_rule, list); 1731 list_del(&rp->list); 1732 kfree(rp); 1733 } 1734 kfree(tsp); 1735 } 1736 1737 /** 1738 * smack_cred_prepare - prepare new set of credentials for modification 1739 * @new: the new credentials 1740 * @old: the original credentials 1741 * @gfp: the atomicity of any memory allocations 1742 * 1743 * Prepare a new set of credentials for modification. 1744 */ 1745 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1746 gfp_t gfp) 1747 { 1748 struct task_smack *old_tsp = old->security; 1749 struct task_smack *new_tsp; 1750 int rc; 1751 1752 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); 1753 if (new_tsp == NULL) 1754 return -ENOMEM; 1755 1756 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1757 if (rc != 0) 1758 return rc; 1759 1760 new->security = new_tsp; 1761 return 0; 1762 } 1763 1764 /** 1765 * smack_cred_transfer - Transfer the old credentials to the new credentials 1766 * @new: the new credentials 1767 * @old: the original credentials 1768 * 1769 * Fill in a set of blank credentials from another set of credentials. 1770 */ 1771 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1772 { 1773 struct task_smack *old_tsp = old->security; 1774 struct task_smack *new_tsp = new->security; 1775 1776 new_tsp->smk_task = old_tsp->smk_task; 1777 new_tsp->smk_forked = old_tsp->smk_task; 1778 mutex_init(&new_tsp->smk_rules_lock); 1779 INIT_LIST_HEAD(&new_tsp->smk_rules); 1780 1781 1782 /* cbs copy rule list */ 1783 } 1784 1785 /** 1786 * smack_kernel_act_as - Set the subjective context in a set of credentials 1787 * @new: points to the set of credentials to be modified. 1788 * @secid: specifies the security ID to be set 1789 * 1790 * Set the security data for a kernel service. 1791 */ 1792 static int smack_kernel_act_as(struct cred *new, u32 secid) 1793 { 1794 struct task_smack *new_tsp = new->security; 1795 struct smack_known *skp = smack_from_secid(secid); 1796 1797 if (skp == NULL) 1798 return -EINVAL; 1799 1800 new_tsp->smk_task = skp; 1801 return 0; 1802 } 1803 1804 /** 1805 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1806 * @new: points to the set of credentials to be modified 1807 * @inode: points to the inode to use as a reference 1808 * 1809 * Set the file creation context in a set of credentials to the same 1810 * as the objective context of the specified inode 1811 */ 1812 static int smack_kernel_create_files_as(struct cred *new, 1813 struct inode *inode) 1814 { 1815 struct inode_smack *isp = inode->i_security; 1816 struct task_smack *tsp = new->security; 1817 1818 tsp->smk_forked = isp->smk_inode; 1819 tsp->smk_task = tsp->smk_forked; 1820 return 0; 1821 } 1822 1823 /** 1824 * smk_curacc_on_task - helper to log task related access 1825 * @p: the task object 1826 * @access: the access requested 1827 * @caller: name of the calling function for audit 1828 * 1829 * Return 0 if access is permitted 1830 */ 1831 static int smk_curacc_on_task(struct task_struct *p, int access, 1832 const char *caller) 1833 { 1834 struct smk_audit_info ad; 1835 struct smack_known *skp = smk_of_task_struct(p); 1836 int rc; 1837 1838 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 1839 smk_ad_setfield_u_tsk(&ad, p); 1840 rc = smk_curacc(skp, access, &ad); 1841 rc = smk_bu_task(p, access, rc); 1842 return rc; 1843 } 1844 1845 /** 1846 * smack_task_setpgid - Smack check on setting pgid 1847 * @p: the task object 1848 * @pgid: unused 1849 * 1850 * Return 0 if write access is permitted 1851 */ 1852 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1853 { 1854 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1855 } 1856 1857 /** 1858 * smack_task_getpgid - Smack access check for getpgid 1859 * @p: the object task 1860 * 1861 * Returns 0 if current can read the object task, error code otherwise 1862 */ 1863 static int smack_task_getpgid(struct task_struct *p) 1864 { 1865 return smk_curacc_on_task(p, MAY_READ, __func__); 1866 } 1867 1868 /** 1869 * smack_task_getsid - Smack access check for getsid 1870 * @p: the object task 1871 * 1872 * Returns 0 if current can read the object task, error code otherwise 1873 */ 1874 static int smack_task_getsid(struct task_struct *p) 1875 { 1876 return smk_curacc_on_task(p, MAY_READ, __func__); 1877 } 1878 1879 /** 1880 * smack_task_getsecid - get the secid of the task 1881 * @p: the object task 1882 * @secid: where to put the result 1883 * 1884 * Sets the secid to contain a u32 version of the smack label. 1885 */ 1886 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1887 { 1888 struct smack_known *skp = smk_of_task_struct(p); 1889 1890 *secid = skp->smk_secid; 1891 } 1892 1893 /** 1894 * smack_task_setnice - Smack check on setting nice 1895 * @p: the task object 1896 * @nice: unused 1897 * 1898 * Return 0 if write access is permitted 1899 */ 1900 static int smack_task_setnice(struct task_struct *p, int nice) 1901 { 1902 int rc; 1903 1904 rc = cap_task_setnice(p, nice); 1905 if (rc == 0) 1906 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1907 return rc; 1908 } 1909 1910 /** 1911 * smack_task_setioprio - Smack check on setting ioprio 1912 * @p: the task object 1913 * @ioprio: unused 1914 * 1915 * Return 0 if write access is permitted 1916 */ 1917 static int smack_task_setioprio(struct task_struct *p, int ioprio) 1918 { 1919 int rc; 1920 1921 rc = cap_task_setioprio(p, ioprio); 1922 if (rc == 0) 1923 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1924 return rc; 1925 } 1926 1927 /** 1928 * smack_task_getioprio - Smack check on reading ioprio 1929 * @p: the task object 1930 * 1931 * Return 0 if read access is permitted 1932 */ 1933 static int smack_task_getioprio(struct task_struct *p) 1934 { 1935 return smk_curacc_on_task(p, MAY_READ, __func__); 1936 } 1937 1938 /** 1939 * smack_task_setscheduler - Smack check on setting scheduler 1940 * @p: the task object 1941 * @policy: unused 1942 * @lp: unused 1943 * 1944 * Return 0 if read access is permitted 1945 */ 1946 static int smack_task_setscheduler(struct task_struct *p) 1947 { 1948 int rc; 1949 1950 rc = cap_task_setscheduler(p); 1951 if (rc == 0) 1952 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1953 return rc; 1954 } 1955 1956 /** 1957 * smack_task_getscheduler - Smack check on reading scheduler 1958 * @p: the task object 1959 * 1960 * Return 0 if read access is permitted 1961 */ 1962 static int smack_task_getscheduler(struct task_struct *p) 1963 { 1964 return smk_curacc_on_task(p, MAY_READ, __func__); 1965 } 1966 1967 /** 1968 * smack_task_movememory - Smack check on moving memory 1969 * @p: the task object 1970 * 1971 * Return 0 if write access is permitted 1972 */ 1973 static int smack_task_movememory(struct task_struct *p) 1974 { 1975 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1976 } 1977 1978 /** 1979 * smack_task_kill - Smack check on signal delivery 1980 * @p: the task object 1981 * @info: unused 1982 * @sig: unused 1983 * @secid: identifies the smack to use in lieu of current's 1984 * 1985 * Return 0 if write access is permitted 1986 * 1987 * The secid behavior is an artifact of an SELinux hack 1988 * in the USB code. Someday it may go away. 1989 */ 1990 static int smack_task_kill(struct task_struct *p, struct siginfo *info, 1991 int sig, u32 secid) 1992 { 1993 struct smk_audit_info ad; 1994 struct smack_known *skp; 1995 struct smack_known *tkp = smk_of_task_struct(p); 1996 int rc; 1997 1998 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1999 smk_ad_setfield_u_tsk(&ad, p); 2000 /* 2001 * Sending a signal requires that the sender 2002 * can write the receiver. 2003 */ 2004 if (secid == 0) { 2005 rc = smk_curacc(tkp, MAY_WRITE, &ad); 2006 rc = smk_bu_task(p, MAY_WRITE, rc); 2007 return rc; 2008 } 2009 /* 2010 * If the secid isn't 0 we're dealing with some USB IO 2011 * specific behavior. This is not clean. For one thing 2012 * we can't take privilege into account. 2013 */ 2014 skp = smack_from_secid(secid); 2015 rc = smk_access(skp, tkp, MAY_WRITE, &ad); 2016 rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc); 2017 return rc; 2018 } 2019 2020 /** 2021 * smack_task_wait - Smack access check for waiting 2022 * @p: task to wait for 2023 * 2024 * Returns 0 2025 */ 2026 static int smack_task_wait(struct task_struct *p) 2027 { 2028 /* 2029 * Allow the operation to succeed. 2030 * Zombies are bad. 2031 * In userless environments (e.g. phones) programs 2032 * get marked with SMACK64EXEC and even if the parent 2033 * and child shouldn't be talking the parent still 2034 * may expect to know when the child exits. 2035 */ 2036 return 0; 2037 } 2038 2039 /** 2040 * smack_task_to_inode - copy task smack into the inode blob 2041 * @p: task to copy from 2042 * @inode: inode to copy to 2043 * 2044 * Sets the smack pointer in the inode security blob 2045 */ 2046 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2047 { 2048 struct inode_smack *isp = inode->i_security; 2049 struct smack_known *skp = smk_of_task_struct(p); 2050 2051 isp->smk_inode = skp; 2052 } 2053 2054 /* 2055 * Socket hooks. 2056 */ 2057 2058 /** 2059 * smack_sk_alloc_security - Allocate a socket blob 2060 * @sk: the socket 2061 * @family: unused 2062 * @gfp_flags: memory allocation flags 2063 * 2064 * Assign Smack pointers to current 2065 * 2066 * Returns 0 on success, -ENOMEM is there's no memory 2067 */ 2068 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2069 { 2070 struct smack_known *skp = smk_of_current(); 2071 struct socket_smack *ssp; 2072 2073 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2074 if (ssp == NULL) 2075 return -ENOMEM; 2076 2077 ssp->smk_in = skp; 2078 ssp->smk_out = skp; 2079 ssp->smk_packet = NULL; 2080 2081 sk->sk_security = ssp; 2082 2083 return 0; 2084 } 2085 2086 /** 2087 * smack_sk_free_security - Free a socket blob 2088 * @sk: the socket 2089 * 2090 * Clears the blob pointer 2091 */ 2092 static void smack_sk_free_security(struct sock *sk) 2093 { 2094 kfree(sk->sk_security); 2095 } 2096 2097 /** 2098 * smack_host_label - check host based restrictions 2099 * @sip: the object end 2100 * 2101 * looks for host based access restrictions 2102 * 2103 * This version will only be appropriate for really small sets of single label 2104 * hosts. The caller is responsible for ensuring that the RCU read lock is 2105 * taken before calling this function. 2106 * 2107 * Returns the label of the far end or NULL if it's not special. 2108 */ 2109 static struct smack_known *smack_host_label(struct sockaddr_in *sip) 2110 { 2111 struct smk_netlbladdr *snp; 2112 struct in_addr *siap = &sip->sin_addr; 2113 2114 if (siap->s_addr == 0) 2115 return NULL; 2116 2117 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) 2118 /* 2119 * we break after finding the first match because 2120 * the list is sorted from longest to shortest mask 2121 * so we have found the most specific match 2122 */ 2123 if ((&snp->smk_host.sin_addr)->s_addr == 2124 (siap->s_addr & (&snp->smk_mask)->s_addr)) { 2125 /* we have found the special CIPSO option */ 2126 if (snp->smk_label == &smack_cipso_option) 2127 return NULL; 2128 return snp->smk_label; 2129 } 2130 2131 return NULL; 2132 } 2133 2134 /** 2135 * smack_netlabel - Set the secattr on a socket 2136 * @sk: the socket 2137 * @labeled: socket label scheme 2138 * 2139 * Convert the outbound smack value (smk_out) to a 2140 * secattr and attach it to the socket. 2141 * 2142 * Returns 0 on success or an error code 2143 */ 2144 static int smack_netlabel(struct sock *sk, int labeled) 2145 { 2146 struct smack_known *skp; 2147 struct socket_smack *ssp = sk->sk_security; 2148 int rc = 0; 2149 2150 /* 2151 * Usually the netlabel code will handle changing the 2152 * packet labeling based on the label. 2153 * The case of a single label host is different, because 2154 * a single label host should never get a labeled packet 2155 * even though the label is usually associated with a packet 2156 * label. 2157 */ 2158 local_bh_disable(); 2159 bh_lock_sock_nested(sk); 2160 2161 if (ssp->smk_out == smack_net_ambient || 2162 labeled == SMACK_UNLABELED_SOCKET) 2163 netlbl_sock_delattr(sk); 2164 else { 2165 skp = ssp->smk_out; 2166 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2167 } 2168 2169 bh_unlock_sock(sk); 2170 local_bh_enable(); 2171 2172 return rc; 2173 } 2174 2175 /** 2176 * smack_netlbel_send - Set the secattr on a socket and perform access checks 2177 * @sk: the socket 2178 * @sap: the destination address 2179 * 2180 * Set the correct secattr for the given socket based on the destination 2181 * address and perform any outbound access checks needed. 2182 * 2183 * Returns 0 on success or an error code. 2184 * 2185 */ 2186 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) 2187 { 2188 struct smack_known *skp; 2189 int rc; 2190 int sk_lbl; 2191 struct smack_known *hkp; 2192 struct socket_smack *ssp = sk->sk_security; 2193 struct smk_audit_info ad; 2194 2195 rcu_read_lock(); 2196 hkp = smack_host_label(sap); 2197 if (hkp != NULL) { 2198 #ifdef CONFIG_AUDIT 2199 struct lsm_network_audit net; 2200 2201 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2202 ad.a.u.net->family = sap->sin_family; 2203 ad.a.u.net->dport = sap->sin_port; 2204 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2205 #endif 2206 sk_lbl = SMACK_UNLABELED_SOCKET; 2207 skp = ssp->smk_out; 2208 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2209 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2210 } else { 2211 sk_lbl = SMACK_CIPSO_SOCKET; 2212 rc = 0; 2213 } 2214 rcu_read_unlock(); 2215 if (rc != 0) 2216 return rc; 2217 2218 return smack_netlabel(sk, sk_lbl); 2219 } 2220 2221 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2222 /** 2223 * smk_ipv6_port_label - Smack port access table management 2224 * @sock: socket 2225 * @address: address 2226 * 2227 * Create or update the port list entry 2228 */ 2229 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2230 { 2231 struct sock *sk = sock->sk; 2232 struct sockaddr_in6 *addr6; 2233 struct socket_smack *ssp = sock->sk->sk_security; 2234 struct smk_port_label *spp; 2235 unsigned short port = 0; 2236 2237 if (address == NULL) { 2238 /* 2239 * This operation is changing the Smack information 2240 * on the bound socket. Take the changes to the port 2241 * as well. 2242 */ 2243 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2244 if (sk != spp->smk_sock) 2245 continue; 2246 spp->smk_in = ssp->smk_in; 2247 spp->smk_out = ssp->smk_out; 2248 return; 2249 } 2250 /* 2251 * A NULL address is only used for updating existing 2252 * bound entries. If there isn't one, it's OK. 2253 */ 2254 return; 2255 } 2256 2257 addr6 = (struct sockaddr_in6 *)address; 2258 port = ntohs(addr6->sin6_port); 2259 /* 2260 * This is a special case that is safely ignored. 2261 */ 2262 if (port == 0) 2263 return; 2264 2265 /* 2266 * Look for an existing port list entry. 2267 * This is an indication that a port is getting reused. 2268 */ 2269 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2270 if (spp->smk_port != port) 2271 continue; 2272 spp->smk_port = port; 2273 spp->smk_sock = sk; 2274 spp->smk_in = ssp->smk_in; 2275 spp->smk_out = ssp->smk_out; 2276 return; 2277 } 2278 2279 /* 2280 * A new port entry is required. 2281 */ 2282 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2283 if (spp == NULL) 2284 return; 2285 2286 spp->smk_port = port; 2287 spp->smk_sock = sk; 2288 spp->smk_in = ssp->smk_in; 2289 spp->smk_out = ssp->smk_out; 2290 2291 list_add(&spp->list, &smk_ipv6_port_list); 2292 return; 2293 } 2294 2295 /** 2296 * smk_ipv6_port_check - check Smack port access 2297 * @sock: socket 2298 * @address: address 2299 * 2300 * Create or update the port list entry 2301 */ 2302 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2303 int act) 2304 { 2305 __be16 *bep; 2306 __be32 *be32p; 2307 struct smk_port_label *spp; 2308 struct socket_smack *ssp = sk->sk_security; 2309 struct smack_known *skp; 2310 unsigned short port = 0; 2311 struct smack_known *object; 2312 struct smk_audit_info ad; 2313 int rc; 2314 #ifdef CONFIG_AUDIT 2315 struct lsm_network_audit net; 2316 #endif 2317 2318 if (act == SMK_RECEIVING) { 2319 skp = smack_net_ambient; 2320 object = ssp->smk_in; 2321 } else { 2322 skp = ssp->smk_out; 2323 object = smack_net_ambient; 2324 } 2325 2326 /* 2327 * Get the IP address and port from the address. 2328 */ 2329 port = ntohs(address->sin6_port); 2330 bep = (__be16 *)(&address->sin6_addr); 2331 be32p = (__be32 *)(&address->sin6_addr); 2332 2333 /* 2334 * It's remote, so port lookup does no good. 2335 */ 2336 if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1) 2337 goto auditout; 2338 2339 /* 2340 * It's local so the send check has to have passed. 2341 */ 2342 if (act == SMK_RECEIVING) { 2343 skp = &smack_known_web; 2344 goto auditout; 2345 } 2346 2347 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2348 if (spp->smk_port != port) 2349 continue; 2350 object = spp->smk_in; 2351 if (act == SMK_CONNECTING) 2352 ssp->smk_packet = spp->smk_out; 2353 break; 2354 } 2355 2356 auditout: 2357 2358 #ifdef CONFIG_AUDIT 2359 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2360 ad.a.u.net->family = sk->sk_family; 2361 ad.a.u.net->dport = port; 2362 if (act == SMK_RECEIVING) 2363 ad.a.u.net->v6info.saddr = address->sin6_addr; 2364 else 2365 ad.a.u.net->v6info.daddr = address->sin6_addr; 2366 #endif 2367 rc = smk_access(skp, object, MAY_WRITE, &ad); 2368 rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc); 2369 return rc; 2370 } 2371 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2372 2373 /** 2374 * smack_inode_setsecurity - set smack xattrs 2375 * @inode: the object 2376 * @name: attribute name 2377 * @value: attribute value 2378 * @size: size of the attribute 2379 * @flags: unused 2380 * 2381 * Sets the named attribute in the appropriate blob 2382 * 2383 * Returns 0 on success, or an error code 2384 */ 2385 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2386 const void *value, size_t size, int flags) 2387 { 2388 struct smack_known *skp; 2389 struct inode_smack *nsp = inode->i_security; 2390 struct socket_smack *ssp; 2391 struct socket *sock; 2392 int rc = 0; 2393 2394 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2395 return -EINVAL; 2396 2397 skp = smk_import_entry(value, size); 2398 if (skp == NULL) 2399 return -EINVAL; 2400 2401 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2402 nsp->smk_inode = skp; 2403 nsp->smk_flags |= SMK_INODE_INSTANT; 2404 return 0; 2405 } 2406 /* 2407 * The rest of the Smack xattrs are only on sockets. 2408 */ 2409 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2410 return -EOPNOTSUPP; 2411 2412 sock = SOCKET_I(inode); 2413 if (sock == NULL || sock->sk == NULL) 2414 return -EOPNOTSUPP; 2415 2416 ssp = sock->sk->sk_security; 2417 2418 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2419 ssp->smk_in = skp; 2420 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2421 ssp->smk_out = skp; 2422 if (sock->sk->sk_family == PF_INET) { 2423 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2424 if (rc != 0) 2425 printk(KERN_WARNING 2426 "Smack: \"%s\" netlbl error %d.\n", 2427 __func__, -rc); 2428 } 2429 } else 2430 return -EOPNOTSUPP; 2431 2432 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2433 if (sock->sk->sk_family == PF_INET6) 2434 smk_ipv6_port_label(sock, NULL); 2435 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2436 2437 return 0; 2438 } 2439 2440 /** 2441 * smack_socket_post_create - finish socket setup 2442 * @sock: the socket 2443 * @family: protocol family 2444 * @type: unused 2445 * @protocol: unused 2446 * @kern: unused 2447 * 2448 * Sets the netlabel information on the socket 2449 * 2450 * Returns 0 on success, and error code otherwise 2451 */ 2452 static int smack_socket_post_create(struct socket *sock, int family, 2453 int type, int protocol, int kern) 2454 { 2455 if (family != PF_INET || sock->sk == NULL) 2456 return 0; 2457 /* 2458 * Set the outbound netlbl. 2459 */ 2460 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2461 } 2462 2463 #ifndef CONFIG_SECURITY_SMACK_NETFILTER 2464 /** 2465 * smack_socket_bind - record port binding information. 2466 * @sock: the socket 2467 * @address: the port address 2468 * @addrlen: size of the address 2469 * 2470 * Records the label bound to a port. 2471 * 2472 * Returns 0 2473 */ 2474 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2475 int addrlen) 2476 { 2477 #if IS_ENABLED(CONFIG_IPV6) 2478 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) 2479 smk_ipv6_port_label(sock, address); 2480 #endif 2481 2482 return 0; 2483 } 2484 #endif /* !CONFIG_SECURITY_SMACK_NETFILTER */ 2485 2486 /** 2487 * smack_socket_connect - connect access check 2488 * @sock: the socket 2489 * @sap: the other end 2490 * @addrlen: size of sap 2491 * 2492 * Verifies that a connection may be possible 2493 * 2494 * Returns 0 on success, and error code otherwise 2495 */ 2496 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2497 int addrlen) 2498 { 2499 int rc = 0; 2500 2501 if (sock->sk == NULL) 2502 return 0; 2503 2504 switch (sock->sk->sk_family) { 2505 case PF_INET: 2506 if (addrlen < sizeof(struct sockaddr_in)) 2507 return -EINVAL; 2508 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); 2509 break; 2510 case PF_INET6: 2511 if (addrlen < sizeof(struct sockaddr_in6)) 2512 return -EINVAL; 2513 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2514 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap, 2515 SMK_CONNECTING); 2516 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2517 break; 2518 } 2519 return rc; 2520 } 2521 2522 /** 2523 * smack_flags_to_may - convert S_ to MAY_ values 2524 * @flags: the S_ value 2525 * 2526 * Returns the equivalent MAY_ value 2527 */ 2528 static int smack_flags_to_may(int flags) 2529 { 2530 int may = 0; 2531 2532 if (flags & S_IRUGO) 2533 may |= MAY_READ; 2534 if (flags & S_IWUGO) 2535 may |= MAY_WRITE; 2536 if (flags & S_IXUGO) 2537 may |= MAY_EXEC; 2538 2539 return may; 2540 } 2541 2542 /** 2543 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2544 * @msg: the object 2545 * 2546 * Returns 0 2547 */ 2548 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2549 { 2550 struct smack_known *skp = smk_of_current(); 2551 2552 msg->security = skp; 2553 return 0; 2554 } 2555 2556 /** 2557 * smack_msg_msg_free_security - Clear the security blob for msg_msg 2558 * @msg: the object 2559 * 2560 * Clears the blob pointer 2561 */ 2562 static void smack_msg_msg_free_security(struct msg_msg *msg) 2563 { 2564 msg->security = NULL; 2565 } 2566 2567 /** 2568 * smack_of_shm - the smack pointer for the shm 2569 * @shp: the object 2570 * 2571 * Returns a pointer to the smack value 2572 */ 2573 static struct smack_known *smack_of_shm(struct shmid_kernel *shp) 2574 { 2575 return (struct smack_known *)shp->shm_perm.security; 2576 } 2577 2578 /** 2579 * smack_shm_alloc_security - Set the security blob for shm 2580 * @shp: the object 2581 * 2582 * Returns 0 2583 */ 2584 static int smack_shm_alloc_security(struct shmid_kernel *shp) 2585 { 2586 struct kern_ipc_perm *isp = &shp->shm_perm; 2587 struct smack_known *skp = smk_of_current(); 2588 2589 isp->security = skp; 2590 return 0; 2591 } 2592 2593 /** 2594 * smack_shm_free_security - Clear the security blob for shm 2595 * @shp: the object 2596 * 2597 * Clears the blob pointer 2598 */ 2599 static void smack_shm_free_security(struct shmid_kernel *shp) 2600 { 2601 struct kern_ipc_perm *isp = &shp->shm_perm; 2602 2603 isp->security = NULL; 2604 } 2605 2606 /** 2607 * smk_curacc_shm : check if current has access on shm 2608 * @shp : the object 2609 * @access : access requested 2610 * 2611 * Returns 0 if current has the requested access, error code otherwise 2612 */ 2613 static int smk_curacc_shm(struct shmid_kernel *shp, int access) 2614 { 2615 struct smack_known *ssp = smack_of_shm(shp); 2616 struct smk_audit_info ad; 2617 int rc; 2618 2619 #ifdef CONFIG_AUDIT 2620 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2621 ad.a.u.ipc_id = shp->shm_perm.id; 2622 #endif 2623 rc = smk_curacc(ssp, access, &ad); 2624 rc = smk_bu_current("shm", ssp, access, rc); 2625 return rc; 2626 } 2627 2628 /** 2629 * smack_shm_associate - Smack access check for shm 2630 * @shp: the object 2631 * @shmflg: access requested 2632 * 2633 * Returns 0 if current has the requested access, error code otherwise 2634 */ 2635 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 2636 { 2637 int may; 2638 2639 may = smack_flags_to_may(shmflg); 2640 return smk_curacc_shm(shp, may); 2641 } 2642 2643 /** 2644 * smack_shm_shmctl - Smack access check for shm 2645 * @shp: the object 2646 * @cmd: what it wants to do 2647 * 2648 * Returns 0 if current has the requested access, error code otherwise 2649 */ 2650 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 2651 { 2652 int may; 2653 2654 switch (cmd) { 2655 case IPC_STAT: 2656 case SHM_STAT: 2657 may = MAY_READ; 2658 break; 2659 case IPC_SET: 2660 case SHM_LOCK: 2661 case SHM_UNLOCK: 2662 case IPC_RMID: 2663 may = MAY_READWRITE; 2664 break; 2665 case IPC_INFO: 2666 case SHM_INFO: 2667 /* 2668 * System level information. 2669 */ 2670 return 0; 2671 default: 2672 return -EINVAL; 2673 } 2674 return smk_curacc_shm(shp, may); 2675 } 2676 2677 /** 2678 * smack_shm_shmat - Smack access for shmat 2679 * @shp: the object 2680 * @shmaddr: unused 2681 * @shmflg: access requested 2682 * 2683 * Returns 0 if current has the requested access, error code otherwise 2684 */ 2685 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 2686 int shmflg) 2687 { 2688 int may; 2689 2690 may = smack_flags_to_may(shmflg); 2691 return smk_curacc_shm(shp, may); 2692 } 2693 2694 /** 2695 * smack_of_sem - the smack pointer for the sem 2696 * @sma: the object 2697 * 2698 * Returns a pointer to the smack value 2699 */ 2700 static struct smack_known *smack_of_sem(struct sem_array *sma) 2701 { 2702 return (struct smack_known *)sma->sem_perm.security; 2703 } 2704 2705 /** 2706 * smack_sem_alloc_security - Set the security blob for sem 2707 * @sma: the object 2708 * 2709 * Returns 0 2710 */ 2711 static int smack_sem_alloc_security(struct sem_array *sma) 2712 { 2713 struct kern_ipc_perm *isp = &sma->sem_perm; 2714 struct smack_known *skp = smk_of_current(); 2715 2716 isp->security = skp; 2717 return 0; 2718 } 2719 2720 /** 2721 * smack_sem_free_security - Clear the security blob for sem 2722 * @sma: the object 2723 * 2724 * Clears the blob pointer 2725 */ 2726 static void smack_sem_free_security(struct sem_array *sma) 2727 { 2728 struct kern_ipc_perm *isp = &sma->sem_perm; 2729 2730 isp->security = NULL; 2731 } 2732 2733 /** 2734 * smk_curacc_sem : check if current has access on sem 2735 * @sma : the object 2736 * @access : access requested 2737 * 2738 * Returns 0 if current has the requested access, error code otherwise 2739 */ 2740 static int smk_curacc_sem(struct sem_array *sma, int access) 2741 { 2742 struct smack_known *ssp = smack_of_sem(sma); 2743 struct smk_audit_info ad; 2744 int rc; 2745 2746 #ifdef CONFIG_AUDIT 2747 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2748 ad.a.u.ipc_id = sma->sem_perm.id; 2749 #endif 2750 rc = smk_curacc(ssp, access, &ad); 2751 rc = smk_bu_current("sem", ssp, access, rc); 2752 return rc; 2753 } 2754 2755 /** 2756 * smack_sem_associate - Smack access check for sem 2757 * @sma: the object 2758 * @semflg: access requested 2759 * 2760 * Returns 0 if current has the requested access, error code otherwise 2761 */ 2762 static int smack_sem_associate(struct sem_array *sma, int semflg) 2763 { 2764 int may; 2765 2766 may = smack_flags_to_may(semflg); 2767 return smk_curacc_sem(sma, may); 2768 } 2769 2770 /** 2771 * smack_sem_shmctl - Smack access check for sem 2772 * @sma: the object 2773 * @cmd: what it wants to do 2774 * 2775 * Returns 0 if current has the requested access, error code otherwise 2776 */ 2777 static int smack_sem_semctl(struct sem_array *sma, int cmd) 2778 { 2779 int may; 2780 2781 switch (cmd) { 2782 case GETPID: 2783 case GETNCNT: 2784 case GETZCNT: 2785 case GETVAL: 2786 case GETALL: 2787 case IPC_STAT: 2788 case SEM_STAT: 2789 may = MAY_READ; 2790 break; 2791 case SETVAL: 2792 case SETALL: 2793 case IPC_RMID: 2794 case IPC_SET: 2795 may = MAY_READWRITE; 2796 break; 2797 case IPC_INFO: 2798 case SEM_INFO: 2799 /* 2800 * System level information 2801 */ 2802 return 0; 2803 default: 2804 return -EINVAL; 2805 } 2806 2807 return smk_curacc_sem(sma, may); 2808 } 2809 2810 /** 2811 * smack_sem_semop - Smack checks of semaphore operations 2812 * @sma: the object 2813 * @sops: unused 2814 * @nsops: unused 2815 * @alter: unused 2816 * 2817 * Treated as read and write in all cases. 2818 * 2819 * Returns 0 if access is allowed, error code otherwise 2820 */ 2821 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, 2822 unsigned nsops, int alter) 2823 { 2824 return smk_curacc_sem(sma, MAY_READWRITE); 2825 } 2826 2827 /** 2828 * smack_msg_alloc_security - Set the security blob for msg 2829 * @msq: the object 2830 * 2831 * Returns 0 2832 */ 2833 static int smack_msg_queue_alloc_security(struct msg_queue *msq) 2834 { 2835 struct kern_ipc_perm *kisp = &msq->q_perm; 2836 struct smack_known *skp = smk_of_current(); 2837 2838 kisp->security = skp; 2839 return 0; 2840 } 2841 2842 /** 2843 * smack_msg_free_security - Clear the security blob for msg 2844 * @msq: the object 2845 * 2846 * Clears the blob pointer 2847 */ 2848 static void smack_msg_queue_free_security(struct msg_queue *msq) 2849 { 2850 struct kern_ipc_perm *kisp = &msq->q_perm; 2851 2852 kisp->security = NULL; 2853 } 2854 2855 /** 2856 * smack_of_msq - the smack pointer for the msq 2857 * @msq: the object 2858 * 2859 * Returns a pointer to the smack label entry 2860 */ 2861 static struct smack_known *smack_of_msq(struct msg_queue *msq) 2862 { 2863 return (struct smack_known *)msq->q_perm.security; 2864 } 2865 2866 /** 2867 * smk_curacc_msq : helper to check if current has access on msq 2868 * @msq : the msq 2869 * @access : access requested 2870 * 2871 * return 0 if current has access, error otherwise 2872 */ 2873 static int smk_curacc_msq(struct msg_queue *msq, int access) 2874 { 2875 struct smack_known *msp = smack_of_msq(msq); 2876 struct smk_audit_info ad; 2877 int rc; 2878 2879 #ifdef CONFIG_AUDIT 2880 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2881 ad.a.u.ipc_id = msq->q_perm.id; 2882 #endif 2883 rc = smk_curacc(msp, access, &ad); 2884 rc = smk_bu_current("msq", msp, access, rc); 2885 return rc; 2886 } 2887 2888 /** 2889 * smack_msg_queue_associate - Smack access check for msg_queue 2890 * @msq: the object 2891 * @msqflg: access requested 2892 * 2893 * Returns 0 if current has the requested access, error code otherwise 2894 */ 2895 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) 2896 { 2897 int may; 2898 2899 may = smack_flags_to_may(msqflg); 2900 return smk_curacc_msq(msq, may); 2901 } 2902 2903 /** 2904 * smack_msg_queue_msgctl - Smack access check for msg_queue 2905 * @msq: the object 2906 * @cmd: what it wants to do 2907 * 2908 * Returns 0 if current has the requested access, error code otherwise 2909 */ 2910 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 2911 { 2912 int may; 2913 2914 switch (cmd) { 2915 case IPC_STAT: 2916 case MSG_STAT: 2917 may = MAY_READ; 2918 break; 2919 case IPC_SET: 2920 case IPC_RMID: 2921 may = MAY_READWRITE; 2922 break; 2923 case IPC_INFO: 2924 case MSG_INFO: 2925 /* 2926 * System level information 2927 */ 2928 return 0; 2929 default: 2930 return -EINVAL; 2931 } 2932 2933 return smk_curacc_msq(msq, may); 2934 } 2935 2936 /** 2937 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2938 * @msq: the object 2939 * @msg: unused 2940 * @msqflg: access requested 2941 * 2942 * Returns 0 if current has the requested access, error code otherwise 2943 */ 2944 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 2945 int msqflg) 2946 { 2947 int may; 2948 2949 may = smack_flags_to_may(msqflg); 2950 return smk_curacc_msq(msq, may); 2951 } 2952 2953 /** 2954 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2955 * @msq: the object 2956 * @msg: unused 2957 * @target: unused 2958 * @type: unused 2959 * @mode: unused 2960 * 2961 * Returns 0 if current has read and write access, error code otherwise 2962 */ 2963 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 2964 struct task_struct *target, long type, int mode) 2965 { 2966 return smk_curacc_msq(msq, MAY_READWRITE); 2967 } 2968 2969 /** 2970 * smack_ipc_permission - Smack access for ipc_permission() 2971 * @ipp: the object permissions 2972 * @flag: access requested 2973 * 2974 * Returns 0 if current has read and write access, error code otherwise 2975 */ 2976 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 2977 { 2978 struct smack_known *iskp = ipp->security; 2979 int may = smack_flags_to_may(flag); 2980 struct smk_audit_info ad; 2981 int rc; 2982 2983 #ifdef CONFIG_AUDIT 2984 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2985 ad.a.u.ipc_id = ipp->id; 2986 #endif 2987 rc = smk_curacc(iskp, may, &ad); 2988 rc = smk_bu_current("svipc", iskp, may, rc); 2989 return rc; 2990 } 2991 2992 /** 2993 * smack_ipc_getsecid - Extract smack security id 2994 * @ipp: the object permissions 2995 * @secid: where result will be saved 2996 */ 2997 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 2998 { 2999 struct smack_known *iskp = ipp->security; 3000 3001 *secid = iskp->smk_secid; 3002 } 3003 3004 /** 3005 * smack_d_instantiate - Make sure the blob is correct on an inode 3006 * @opt_dentry: dentry where inode will be attached 3007 * @inode: the object 3008 * 3009 * Set the inode's security blob if it hasn't been done already. 3010 */ 3011 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3012 { 3013 struct super_block *sbp; 3014 struct superblock_smack *sbsp; 3015 struct inode_smack *isp; 3016 struct smack_known *skp; 3017 struct smack_known *ckp = smk_of_current(); 3018 struct smack_known *final; 3019 char trattr[TRANS_TRUE_SIZE]; 3020 int transflag = 0; 3021 int rc; 3022 struct dentry *dp; 3023 3024 if (inode == NULL) 3025 return; 3026 3027 isp = inode->i_security; 3028 3029 mutex_lock(&isp->smk_lock); 3030 /* 3031 * If the inode is already instantiated 3032 * take the quick way out 3033 */ 3034 if (isp->smk_flags & SMK_INODE_INSTANT) 3035 goto unlockandout; 3036 3037 sbp = inode->i_sb; 3038 sbsp = sbp->s_security; 3039 /* 3040 * We're going to use the superblock default label 3041 * if there's no label on the file. 3042 */ 3043 final = sbsp->smk_default; 3044 3045 /* 3046 * If this is the root inode the superblock 3047 * may be in the process of initialization. 3048 * If that is the case use the root value out 3049 * of the superblock. 3050 */ 3051 if (opt_dentry->d_parent == opt_dentry) { 3052 switch (sbp->s_magic) { 3053 case CGROUP_SUPER_MAGIC: 3054 /* 3055 * The cgroup filesystem is never mounted, 3056 * so there's no opportunity to set the mount 3057 * options. 3058 */ 3059 sbsp->smk_root = &smack_known_star; 3060 sbsp->smk_default = &smack_known_star; 3061 isp->smk_inode = sbsp->smk_root; 3062 break; 3063 case TMPFS_MAGIC: 3064 /* 3065 * What about shmem/tmpfs anonymous files with dentry 3066 * obtained from d_alloc_pseudo()? 3067 */ 3068 isp->smk_inode = smk_of_current(); 3069 break; 3070 default: 3071 isp->smk_inode = sbsp->smk_root; 3072 break; 3073 } 3074 isp->smk_flags |= SMK_INODE_INSTANT; 3075 goto unlockandout; 3076 } 3077 3078 /* 3079 * This is pretty hackish. 3080 * Casey says that we shouldn't have to do 3081 * file system specific code, but it does help 3082 * with keeping it simple. 3083 */ 3084 switch (sbp->s_magic) { 3085 case SMACK_MAGIC: 3086 case PIPEFS_MAGIC: 3087 case SOCKFS_MAGIC: 3088 case CGROUP_SUPER_MAGIC: 3089 /* 3090 * Casey says that it's a little embarrassing 3091 * that the smack file system doesn't do 3092 * extended attributes. 3093 * 3094 * Casey says pipes are easy (?) 3095 * 3096 * Socket access is controlled by the socket 3097 * structures associated with the task involved. 3098 * 3099 * Cgroupfs is special 3100 */ 3101 final = &smack_known_star; 3102 break; 3103 case DEVPTS_SUPER_MAGIC: 3104 /* 3105 * devpts seems content with the label of the task. 3106 * Programs that change smack have to treat the 3107 * pty with respect. 3108 */ 3109 final = ckp; 3110 break; 3111 case PROC_SUPER_MAGIC: 3112 /* 3113 * Casey says procfs appears not to care. 3114 * The superblock default suffices. 3115 */ 3116 break; 3117 case TMPFS_MAGIC: 3118 /* 3119 * Device labels should come from the filesystem, 3120 * but watch out, because they're volitile, 3121 * getting recreated on every reboot. 3122 */ 3123 final = &smack_known_star; 3124 /* 3125 * No break. 3126 * 3127 * If a smack value has been set we want to use it, 3128 * but since tmpfs isn't giving us the opportunity 3129 * to set mount options simulate setting the 3130 * superblock default. 3131 */ 3132 default: 3133 /* 3134 * This isn't an understood special case. 3135 * Get the value from the xattr. 3136 */ 3137 3138 /* 3139 * UNIX domain sockets use lower level socket data. 3140 */ 3141 if (S_ISSOCK(inode->i_mode)) { 3142 final = &smack_known_star; 3143 break; 3144 } 3145 /* 3146 * No xattr support means, alas, no SMACK label. 3147 * Use the aforeapplied default. 3148 * It would be curious if the label of the task 3149 * does not match that assigned. 3150 */ 3151 if (inode->i_op->getxattr == NULL) 3152 break; 3153 /* 3154 * Get the dentry for xattr. 3155 */ 3156 dp = dget(opt_dentry); 3157 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3158 if (skp != NULL) 3159 final = skp; 3160 3161 /* 3162 * Transmuting directory 3163 */ 3164 if (S_ISDIR(inode->i_mode)) { 3165 /* 3166 * If this is a new directory and the label was 3167 * transmuted when the inode was initialized 3168 * set the transmute attribute on the directory 3169 * and mark the inode. 3170 * 3171 * If there is a transmute attribute on the 3172 * directory mark the inode. 3173 */ 3174 if (isp->smk_flags & SMK_INODE_CHANGED) { 3175 isp->smk_flags &= ~SMK_INODE_CHANGED; 3176 rc = inode->i_op->setxattr(dp, 3177 XATTR_NAME_SMACKTRANSMUTE, 3178 TRANS_TRUE, TRANS_TRUE_SIZE, 3179 0); 3180 } else { 3181 rc = inode->i_op->getxattr(dp, 3182 XATTR_NAME_SMACKTRANSMUTE, trattr, 3183 TRANS_TRUE_SIZE); 3184 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3185 TRANS_TRUE_SIZE) != 0) 3186 rc = -EINVAL; 3187 } 3188 if (rc >= 0) 3189 transflag = SMK_INODE_TRANSMUTE; 3190 } 3191 /* 3192 * Don't let the exec or mmap label be "*" or "@". 3193 */ 3194 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3195 if (skp == &smack_known_star || skp == &smack_known_web) 3196 skp = NULL; 3197 isp->smk_task = skp; 3198 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3199 if (skp == &smack_known_star || skp == &smack_known_web) 3200 skp = NULL; 3201 isp->smk_mmap = skp; 3202 3203 dput(dp); 3204 break; 3205 } 3206 3207 if (final == NULL) 3208 isp->smk_inode = ckp; 3209 else 3210 isp->smk_inode = final; 3211 3212 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3213 3214 unlockandout: 3215 mutex_unlock(&isp->smk_lock); 3216 return; 3217 } 3218 3219 /** 3220 * smack_getprocattr - Smack process attribute access 3221 * @p: the object task 3222 * @name: the name of the attribute in /proc/.../attr 3223 * @value: where to put the result 3224 * 3225 * Places a copy of the task Smack into value 3226 * 3227 * Returns the length of the smack label or an error code 3228 */ 3229 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3230 { 3231 struct smack_known *skp = smk_of_task_struct(p); 3232 char *cp; 3233 int slen; 3234 3235 if (strcmp(name, "current") != 0) 3236 return -EINVAL; 3237 3238 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3239 if (cp == NULL) 3240 return -ENOMEM; 3241 3242 slen = strlen(cp); 3243 *value = cp; 3244 return slen; 3245 } 3246 3247 /** 3248 * smack_setprocattr - Smack process attribute setting 3249 * @p: the object task 3250 * @name: the name of the attribute in /proc/.../attr 3251 * @value: the value to set 3252 * @size: the size of the value 3253 * 3254 * Sets the Smack value of the task. Only setting self 3255 * is permitted and only with privilege 3256 * 3257 * Returns the length of the smack label or an error code 3258 */ 3259 static int smack_setprocattr(struct task_struct *p, char *name, 3260 void *value, size_t size) 3261 { 3262 struct task_smack *tsp; 3263 struct cred *new; 3264 struct smack_known *skp; 3265 3266 /* 3267 * Changing another process' Smack value is too dangerous 3268 * and supports no sane use case. 3269 */ 3270 if (p != current) 3271 return -EPERM; 3272 3273 if (!smack_privileged(CAP_MAC_ADMIN)) 3274 return -EPERM; 3275 3276 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3277 return -EINVAL; 3278 3279 if (strcmp(name, "current") != 0) 3280 return -EINVAL; 3281 3282 skp = smk_import_entry(value, size); 3283 if (skp == NULL) 3284 return -EINVAL; 3285 3286 /* 3287 * No process is ever allowed the web ("@") label. 3288 */ 3289 if (skp == &smack_known_web) 3290 return -EPERM; 3291 3292 new = prepare_creds(); 3293 if (new == NULL) 3294 return -ENOMEM; 3295 3296 tsp = new->security; 3297 tsp->smk_task = skp; 3298 3299 commit_creds(new); 3300 return size; 3301 } 3302 3303 /** 3304 * smack_unix_stream_connect - Smack access on UDS 3305 * @sock: one sock 3306 * @other: the other sock 3307 * @newsk: unused 3308 * 3309 * Return 0 if a subject with the smack of sock could access 3310 * an object with the smack of other, otherwise an error code 3311 */ 3312 static int smack_unix_stream_connect(struct sock *sock, 3313 struct sock *other, struct sock *newsk) 3314 { 3315 struct smack_known *skp; 3316 struct smack_known *okp; 3317 struct socket_smack *ssp = sock->sk_security; 3318 struct socket_smack *osp = other->sk_security; 3319 struct socket_smack *nsp = newsk->sk_security; 3320 struct smk_audit_info ad; 3321 int rc = 0; 3322 #ifdef CONFIG_AUDIT 3323 struct lsm_network_audit net; 3324 #endif 3325 3326 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3327 skp = ssp->smk_out; 3328 okp = osp->smk_in; 3329 #ifdef CONFIG_AUDIT 3330 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3331 smk_ad_setfield_u_net_sk(&ad, other); 3332 #endif 3333 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3334 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3335 if (rc == 0) { 3336 okp = osp->smk_out; 3337 skp = ssp->smk_in; 3338 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3339 rc = smk_bu_note("UDS connect", okp, skp, 3340 MAY_WRITE, rc); 3341 } 3342 } 3343 3344 /* 3345 * Cross reference the peer labels for SO_PEERSEC. 3346 */ 3347 if (rc == 0) { 3348 nsp->smk_packet = ssp->smk_out; 3349 ssp->smk_packet = osp->smk_out; 3350 } 3351 3352 return rc; 3353 } 3354 3355 /** 3356 * smack_unix_may_send - Smack access on UDS 3357 * @sock: one socket 3358 * @other: the other socket 3359 * 3360 * Return 0 if a subject with the smack of sock could access 3361 * an object with the smack of other, otherwise an error code 3362 */ 3363 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3364 { 3365 struct socket_smack *ssp = sock->sk->sk_security; 3366 struct socket_smack *osp = other->sk->sk_security; 3367 struct smk_audit_info ad; 3368 int rc; 3369 3370 #ifdef CONFIG_AUDIT 3371 struct lsm_network_audit net; 3372 3373 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3374 smk_ad_setfield_u_net_sk(&ad, other->sk); 3375 #endif 3376 3377 if (smack_privileged(CAP_MAC_OVERRIDE)) 3378 return 0; 3379 3380 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3381 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3382 return rc; 3383 } 3384 3385 /** 3386 * smack_socket_sendmsg - Smack check based on destination host 3387 * @sock: the socket 3388 * @msg: the message 3389 * @size: the size of the message 3390 * 3391 * Return 0 if the current subject can write to the destination host. 3392 * For IPv4 this is only a question if the destination is a single label host. 3393 * For IPv6 this is a check against the label of the port. 3394 */ 3395 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3396 int size) 3397 { 3398 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3399 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 3400 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3401 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 3402 int rc = 0; 3403 3404 /* 3405 * Perfectly reasonable for this to be NULL 3406 */ 3407 if (sip == NULL) 3408 return 0; 3409 3410 switch (sip->sin_family) { 3411 case AF_INET: 3412 rc = smack_netlabel_send(sock->sk, sip); 3413 break; 3414 case AF_INET6: 3415 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 3416 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3417 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 3418 break; 3419 } 3420 return rc; 3421 } 3422 3423 /** 3424 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3425 * @sap: netlabel secattr 3426 * @ssp: socket security information 3427 * 3428 * Returns a pointer to a Smack label entry found on the label list. 3429 */ 3430 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3431 struct socket_smack *ssp) 3432 { 3433 struct smack_known *skp; 3434 int found = 0; 3435 int acat; 3436 int kcat; 3437 3438 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3439 /* 3440 * Looks like a CIPSO packet. 3441 * If there are flags but no level netlabel isn't 3442 * behaving the way we expect it to. 3443 * 3444 * Look it up in the label table 3445 * Without guidance regarding the smack value 3446 * for the packet fall back on the network 3447 * ambient value. 3448 */ 3449 rcu_read_lock(); 3450 list_for_each_entry(skp, &smack_known_list, list) { 3451 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3452 continue; 3453 /* 3454 * Compare the catsets. Use the netlbl APIs. 3455 */ 3456 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3457 if ((skp->smk_netlabel.flags & 3458 NETLBL_SECATTR_MLS_CAT) == 0) 3459 found = 1; 3460 break; 3461 } 3462 for (acat = -1, kcat = -1; acat == kcat; ) { 3463 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3464 acat + 1); 3465 kcat = netlbl_catmap_walk( 3466 skp->smk_netlabel.attr.mls.cat, 3467 kcat + 1); 3468 if (acat < 0 || kcat < 0) 3469 break; 3470 } 3471 if (acat == kcat) { 3472 found = 1; 3473 break; 3474 } 3475 } 3476 rcu_read_unlock(); 3477 3478 if (found) 3479 return skp; 3480 3481 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3482 return &smack_known_web; 3483 return &smack_known_star; 3484 } 3485 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { 3486 /* 3487 * Looks like a fallback, which gives us a secid. 3488 */ 3489 skp = smack_from_secid(sap->attr.secid); 3490 /* 3491 * This has got to be a bug because it is 3492 * impossible to specify a fallback without 3493 * specifying the label, which will ensure 3494 * it has a secid, and the only way to get a 3495 * secid is from a fallback. 3496 */ 3497 BUG_ON(skp == NULL); 3498 return skp; 3499 } 3500 /* 3501 * Without guidance regarding the smack value 3502 * for the packet fall back on the network 3503 * ambient value. 3504 */ 3505 return smack_net_ambient; 3506 } 3507 3508 #if IS_ENABLED(CONFIG_IPV6) 3509 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3510 { 3511 u8 nexthdr; 3512 int offset; 3513 int proto = -EINVAL; 3514 struct ipv6hdr _ipv6h; 3515 struct ipv6hdr *ip6; 3516 __be16 frag_off; 3517 struct tcphdr _tcph, *th; 3518 struct udphdr _udph, *uh; 3519 struct dccp_hdr _dccph, *dh; 3520 3521 sip->sin6_port = 0; 3522 3523 offset = skb_network_offset(skb); 3524 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3525 if (ip6 == NULL) 3526 return -EINVAL; 3527 sip->sin6_addr = ip6->saddr; 3528 3529 nexthdr = ip6->nexthdr; 3530 offset += sizeof(_ipv6h); 3531 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3532 if (offset < 0) 3533 return -EINVAL; 3534 3535 proto = nexthdr; 3536 switch (proto) { 3537 case IPPROTO_TCP: 3538 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3539 if (th != NULL) 3540 sip->sin6_port = th->source; 3541 break; 3542 case IPPROTO_UDP: 3543 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3544 if (uh != NULL) 3545 sip->sin6_port = uh->source; 3546 break; 3547 case IPPROTO_DCCP: 3548 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3549 if (dh != NULL) 3550 sip->sin6_port = dh->dccph_sport; 3551 break; 3552 } 3553 return proto; 3554 } 3555 #endif /* CONFIG_IPV6 */ 3556 3557 /** 3558 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3559 * @sk: socket 3560 * @skb: packet 3561 * 3562 * Returns 0 if the packet should be delivered, an error code otherwise 3563 */ 3564 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3565 { 3566 struct netlbl_lsm_secattr secattr; 3567 struct socket_smack *ssp = sk->sk_security; 3568 struct smack_known *skp = NULL; 3569 int rc = 0; 3570 struct smk_audit_info ad; 3571 #ifdef CONFIG_AUDIT 3572 struct lsm_network_audit net; 3573 #endif 3574 #if IS_ENABLED(CONFIG_IPV6) 3575 struct sockaddr_in6 sadd; 3576 int proto; 3577 #endif /* CONFIG_IPV6 */ 3578 3579 switch (sk->sk_family) { 3580 case PF_INET: 3581 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3582 /* 3583 * If there is a secmark use it rather than the CIPSO label. 3584 * If there is no secmark fall back to CIPSO. 3585 * The secmark is assumed to reflect policy better. 3586 */ 3587 if (skb && skb->secmark != 0) { 3588 skp = smack_from_secid(skb->secmark); 3589 goto access_check; 3590 } 3591 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3592 /* 3593 * Translate what netlabel gave us. 3594 */ 3595 netlbl_secattr_init(&secattr); 3596 3597 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); 3598 if (rc == 0) 3599 skp = smack_from_secattr(&secattr, ssp); 3600 else 3601 skp = smack_net_ambient; 3602 3603 netlbl_secattr_destroy(&secattr); 3604 3605 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3606 access_check: 3607 #endif 3608 #ifdef CONFIG_AUDIT 3609 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3610 ad.a.u.net->family = sk->sk_family; 3611 ad.a.u.net->netif = skb->skb_iif; 3612 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3613 #endif 3614 /* 3615 * Receiving a packet requires that the other end 3616 * be able to write here. Read access is not required. 3617 * This is the simplist possible security model 3618 * for networking. 3619 */ 3620 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3621 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3622 MAY_WRITE, rc); 3623 if (rc != 0) 3624 netlbl_skbuff_err(skb, rc, 0); 3625 break; 3626 #if IS_ENABLED(CONFIG_IPV6) 3627 case PF_INET6: 3628 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3629 if (proto != IPPROTO_UDP && proto != IPPROTO_TCP) 3630 break; 3631 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3632 if (skb && skb->secmark != 0) 3633 skp = smack_from_secid(skb->secmark); 3634 else 3635 skp = smack_net_ambient; 3636 #ifdef CONFIG_AUDIT 3637 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3638 ad.a.u.net->family = sk->sk_family; 3639 ad.a.u.net->netif = skb->skb_iif; 3640 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3641 #endif /* CONFIG_AUDIT */ 3642 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3643 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3644 MAY_WRITE, rc); 3645 #else /* CONFIG_SECURITY_SMACK_NETFILTER */ 3646 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3647 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3648 break; 3649 #endif /* CONFIG_IPV6 */ 3650 } 3651 3652 return rc; 3653 } 3654 3655 /** 3656 * smack_socket_getpeersec_stream - pull in packet label 3657 * @sock: the socket 3658 * @optval: user's destination 3659 * @optlen: size thereof 3660 * @len: max thereof 3661 * 3662 * returns zero on success, an error code otherwise 3663 */ 3664 static int smack_socket_getpeersec_stream(struct socket *sock, 3665 char __user *optval, 3666 int __user *optlen, unsigned len) 3667 { 3668 struct socket_smack *ssp; 3669 char *rcp = ""; 3670 int slen = 1; 3671 int rc = 0; 3672 3673 ssp = sock->sk->sk_security; 3674 if (ssp->smk_packet != NULL) { 3675 rcp = ssp->smk_packet->smk_known; 3676 slen = strlen(rcp) + 1; 3677 } 3678 3679 if (slen > len) 3680 rc = -ERANGE; 3681 else if (copy_to_user(optval, rcp, slen) != 0) 3682 rc = -EFAULT; 3683 3684 if (put_user(slen, optlen) != 0) 3685 rc = -EFAULT; 3686 3687 return rc; 3688 } 3689 3690 3691 /** 3692 * smack_socket_getpeersec_dgram - pull in packet label 3693 * @sock: the peer socket 3694 * @skb: packet data 3695 * @secid: pointer to where to put the secid of the packet 3696 * 3697 * Sets the netlabel socket state on sk from parent 3698 */ 3699 static int smack_socket_getpeersec_dgram(struct socket *sock, 3700 struct sk_buff *skb, u32 *secid) 3701 3702 { 3703 struct netlbl_lsm_secattr secattr; 3704 struct socket_smack *ssp = NULL; 3705 struct smack_known *skp; 3706 int family = PF_UNSPEC; 3707 u32 s = 0; /* 0 is the invalid secid */ 3708 int rc; 3709 3710 if (skb != NULL) { 3711 if (skb->protocol == htons(ETH_P_IP)) 3712 family = PF_INET; 3713 #if IS_ENABLED(CONFIG_IPV6) 3714 else if (skb->protocol == htons(ETH_P_IPV6)) 3715 family = PF_INET6; 3716 #endif /* CONFIG_IPV6 */ 3717 } 3718 if (family == PF_UNSPEC && sock != NULL) 3719 family = sock->sk->sk_family; 3720 3721 switch (family) { 3722 case PF_UNIX: 3723 ssp = sock->sk->sk_security; 3724 s = ssp->smk_out->smk_secid; 3725 break; 3726 case PF_INET: 3727 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3728 s = skb->secmark; 3729 if (s != 0) 3730 break; 3731 #endif 3732 /* 3733 * Translate what netlabel gave us. 3734 */ 3735 if (sock != NULL && sock->sk != NULL) 3736 ssp = sock->sk->sk_security; 3737 netlbl_secattr_init(&secattr); 3738 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3739 if (rc == 0) { 3740 skp = smack_from_secattr(&secattr, ssp); 3741 s = skp->smk_secid; 3742 } 3743 netlbl_secattr_destroy(&secattr); 3744 break; 3745 #if IS_ENABLED(CONFIG_IPV6) 3746 case PF_INET6: 3747 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3748 s = skb->secmark; 3749 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3750 break; 3751 #endif /* CONFIG_IPV6 */ 3752 } 3753 *secid = s; 3754 if (s == 0) 3755 return -EINVAL; 3756 return 0; 3757 } 3758 3759 /** 3760 * smack_sock_graft - Initialize a newly created socket with an existing sock 3761 * @sk: child sock 3762 * @parent: parent socket 3763 * 3764 * Set the smk_{in,out} state of an existing sock based on the process that 3765 * is creating the new socket. 3766 */ 3767 static void smack_sock_graft(struct sock *sk, struct socket *parent) 3768 { 3769 struct socket_smack *ssp; 3770 struct smack_known *skp = smk_of_current(); 3771 3772 if (sk == NULL || 3773 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 3774 return; 3775 3776 ssp = sk->sk_security; 3777 ssp->smk_in = skp; 3778 ssp->smk_out = skp; 3779 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 3780 } 3781 3782 /** 3783 * smack_inet_conn_request - Smack access check on connect 3784 * @sk: socket involved 3785 * @skb: packet 3786 * @req: unused 3787 * 3788 * Returns 0 if a task with the packet label could write to 3789 * the socket, otherwise an error code 3790 */ 3791 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 3792 struct request_sock *req) 3793 { 3794 u16 family = sk->sk_family; 3795 struct smack_known *skp; 3796 struct socket_smack *ssp = sk->sk_security; 3797 struct netlbl_lsm_secattr secattr; 3798 struct sockaddr_in addr; 3799 struct iphdr *hdr; 3800 struct smack_known *hskp; 3801 int rc; 3802 struct smk_audit_info ad; 3803 #ifdef CONFIG_AUDIT 3804 struct lsm_network_audit net; 3805 #endif 3806 3807 #if IS_ENABLED(CONFIG_IPV6) 3808 if (family == PF_INET6) { 3809 /* 3810 * Handle mapped IPv4 packets arriving 3811 * via IPv6 sockets. Don't set up netlabel 3812 * processing on IPv6. 3813 */ 3814 if (skb->protocol == htons(ETH_P_IP)) 3815 family = PF_INET; 3816 else 3817 return 0; 3818 } 3819 #endif /* CONFIG_IPV6 */ 3820 3821 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3822 /* 3823 * If there is a secmark use it rather than the CIPSO label. 3824 * If there is no secmark fall back to CIPSO. 3825 * The secmark is assumed to reflect policy better. 3826 */ 3827 if (skb && skb->secmark != 0) { 3828 skp = smack_from_secid(skb->secmark); 3829 goto access_check; 3830 } 3831 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3832 3833 netlbl_secattr_init(&secattr); 3834 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3835 if (rc == 0) 3836 skp = smack_from_secattr(&secattr, ssp); 3837 else 3838 skp = &smack_known_huh; 3839 netlbl_secattr_destroy(&secattr); 3840 3841 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3842 access_check: 3843 #endif 3844 3845 #ifdef CONFIG_AUDIT 3846 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3847 ad.a.u.net->family = family; 3848 ad.a.u.net->netif = skb->skb_iif; 3849 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3850 #endif 3851 /* 3852 * Receiving a packet requires that the other end be able to write 3853 * here. Read access is not required. 3854 */ 3855 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3856 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 3857 if (rc != 0) 3858 return rc; 3859 3860 /* 3861 * Save the peer's label in the request_sock so we can later setup 3862 * smk_packet in the child socket so that SO_PEERCRED can report it. 3863 */ 3864 req->peer_secid = skp->smk_secid; 3865 3866 /* 3867 * We need to decide if we want to label the incoming connection here 3868 * if we do we only need to label the request_sock and the stack will 3869 * propagate the wire-label to the sock when it is created. 3870 */ 3871 hdr = ip_hdr(skb); 3872 addr.sin_addr.s_addr = hdr->saddr; 3873 rcu_read_lock(); 3874 hskp = smack_host_label(&addr); 3875 rcu_read_unlock(); 3876 3877 if (hskp == NULL) 3878 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 3879 else 3880 netlbl_req_delattr(req); 3881 3882 return rc; 3883 } 3884 3885 /** 3886 * smack_inet_csk_clone - Copy the connection information to the new socket 3887 * @sk: the new socket 3888 * @req: the connection's request_sock 3889 * 3890 * Transfer the connection's peer label to the newly created socket. 3891 */ 3892 static void smack_inet_csk_clone(struct sock *sk, 3893 const struct request_sock *req) 3894 { 3895 struct socket_smack *ssp = sk->sk_security; 3896 struct smack_known *skp; 3897 3898 if (req->peer_secid != 0) { 3899 skp = smack_from_secid(req->peer_secid); 3900 ssp->smk_packet = skp; 3901 } else 3902 ssp->smk_packet = NULL; 3903 } 3904 3905 /* 3906 * Key management security hooks 3907 * 3908 * Casey has not tested key support very heavily. 3909 * The permission check is most likely too restrictive. 3910 * If you care about keys please have a look. 3911 */ 3912 #ifdef CONFIG_KEYS 3913 3914 /** 3915 * smack_key_alloc - Set the key security blob 3916 * @key: object 3917 * @cred: the credentials to use 3918 * @flags: unused 3919 * 3920 * No allocation required 3921 * 3922 * Returns 0 3923 */ 3924 static int smack_key_alloc(struct key *key, const struct cred *cred, 3925 unsigned long flags) 3926 { 3927 struct smack_known *skp = smk_of_task(cred->security); 3928 3929 key->security = skp; 3930 return 0; 3931 } 3932 3933 /** 3934 * smack_key_free - Clear the key security blob 3935 * @key: the object 3936 * 3937 * Clear the blob pointer 3938 */ 3939 static void smack_key_free(struct key *key) 3940 { 3941 key->security = NULL; 3942 } 3943 3944 /** 3945 * smack_key_permission - Smack access on a key 3946 * @key_ref: gets to the object 3947 * @cred: the credentials to use 3948 * @perm: requested key permissions 3949 * 3950 * Return 0 if the task has read and write to the object, 3951 * an error code otherwise 3952 */ 3953 static int smack_key_permission(key_ref_t key_ref, 3954 const struct cred *cred, unsigned perm) 3955 { 3956 struct key *keyp; 3957 struct smk_audit_info ad; 3958 struct smack_known *tkp = smk_of_task(cred->security); 3959 int request = 0; 3960 int rc; 3961 3962 keyp = key_ref_to_ptr(key_ref); 3963 if (keyp == NULL) 3964 return -EINVAL; 3965 /* 3966 * If the key hasn't been initialized give it access so that 3967 * it may do so. 3968 */ 3969 if (keyp->security == NULL) 3970 return 0; 3971 /* 3972 * This should not occur 3973 */ 3974 if (tkp == NULL) 3975 return -EACCES; 3976 #ifdef CONFIG_AUDIT 3977 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 3978 ad.a.u.key_struct.key = keyp->serial; 3979 ad.a.u.key_struct.key_desc = keyp->description; 3980 #endif 3981 if (perm & KEY_NEED_READ) 3982 request = MAY_READ; 3983 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR)) 3984 request = MAY_WRITE; 3985 rc = smk_access(tkp, keyp->security, request, &ad); 3986 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 3987 return rc; 3988 } 3989 #endif /* CONFIG_KEYS */ 3990 3991 /* 3992 * Smack Audit hooks 3993 * 3994 * Audit requires a unique representation of each Smack specific 3995 * rule. This unique representation is used to distinguish the 3996 * object to be audited from remaining kernel objects and also 3997 * works as a glue between the audit hooks. 3998 * 3999 * Since repository entries are added but never deleted, we'll use 4000 * the smack_known label address related to the given audit rule as 4001 * the needed unique representation. This also better fits the smack 4002 * model where nearly everything is a label. 4003 */ 4004 #ifdef CONFIG_AUDIT 4005 4006 /** 4007 * smack_audit_rule_init - Initialize a smack audit rule 4008 * @field: audit rule fields given from user-space (audit.h) 4009 * @op: required testing operator (=, !=, >, <, ...) 4010 * @rulestr: smack label to be audited 4011 * @vrule: pointer to save our own audit rule representation 4012 * 4013 * Prepare to audit cases where (@field @op @rulestr) is true. 4014 * The label to be audited is created if necessay. 4015 */ 4016 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4017 { 4018 struct smack_known *skp; 4019 char **rule = (char **)vrule; 4020 *rule = NULL; 4021 4022 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4023 return -EINVAL; 4024 4025 if (op != Audit_equal && op != Audit_not_equal) 4026 return -EINVAL; 4027 4028 skp = smk_import_entry(rulestr, 0); 4029 if (skp) 4030 *rule = skp->smk_known; 4031 4032 return 0; 4033 } 4034 4035 /** 4036 * smack_audit_rule_known - Distinguish Smack audit rules 4037 * @krule: rule of interest, in Audit kernel representation format 4038 * 4039 * This is used to filter Smack rules from remaining Audit ones. 4040 * If it's proved that this rule belongs to us, the 4041 * audit_rule_match hook will be called to do the final judgement. 4042 */ 4043 static int smack_audit_rule_known(struct audit_krule *krule) 4044 { 4045 struct audit_field *f; 4046 int i; 4047 4048 for (i = 0; i < krule->field_count; i++) { 4049 f = &krule->fields[i]; 4050 4051 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4052 return 1; 4053 } 4054 4055 return 0; 4056 } 4057 4058 /** 4059 * smack_audit_rule_match - Audit given object ? 4060 * @secid: security id for identifying the object to test 4061 * @field: audit rule flags given from user-space 4062 * @op: required testing operator 4063 * @vrule: smack internal rule presentation 4064 * @actx: audit context associated with the check 4065 * 4066 * The core Audit hook. It's used to take the decision of 4067 * whether to audit or not to audit a given object. 4068 */ 4069 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 4070 struct audit_context *actx) 4071 { 4072 struct smack_known *skp; 4073 char *rule = vrule; 4074 4075 if (unlikely(!rule)) { 4076 WARN_ONCE(1, "Smack: missing rule\n"); 4077 return -ENOENT; 4078 } 4079 4080 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4081 return 0; 4082 4083 skp = smack_from_secid(secid); 4084 4085 /* 4086 * No need to do string comparisons. If a match occurs, 4087 * both pointers will point to the same smack_known 4088 * label. 4089 */ 4090 if (op == Audit_equal) 4091 return (rule == skp->smk_known); 4092 if (op == Audit_not_equal) 4093 return (rule != skp->smk_known); 4094 4095 return 0; 4096 } 4097 4098 /** 4099 * smack_audit_rule_free - free smack rule representation 4100 * @vrule: rule to be freed. 4101 * 4102 * No memory was allocated. 4103 */ 4104 static void smack_audit_rule_free(void *vrule) 4105 { 4106 /* No-op */ 4107 } 4108 4109 #endif /* CONFIG_AUDIT */ 4110 4111 /** 4112 * smack_ismaclabel - check if xattr @name references a smack MAC label 4113 * @name: Full xattr name to check. 4114 */ 4115 static int smack_ismaclabel(const char *name) 4116 { 4117 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4118 } 4119 4120 4121 /** 4122 * smack_secid_to_secctx - return the smack label for a secid 4123 * @secid: incoming integer 4124 * @secdata: destination 4125 * @seclen: how long it is 4126 * 4127 * Exists for networking code. 4128 */ 4129 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4130 { 4131 struct smack_known *skp = smack_from_secid(secid); 4132 4133 if (secdata) 4134 *secdata = skp->smk_known; 4135 *seclen = strlen(skp->smk_known); 4136 return 0; 4137 } 4138 4139 /** 4140 * smack_secctx_to_secid - return the secid for a smack label 4141 * @secdata: smack label 4142 * @seclen: how long result is 4143 * @secid: outgoing integer 4144 * 4145 * Exists for audit and networking code. 4146 */ 4147 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4148 { 4149 struct smack_known *skp = smk_find_entry(secdata); 4150 4151 if (skp) 4152 *secid = skp->smk_secid; 4153 else 4154 *secid = 0; 4155 return 0; 4156 } 4157 4158 /** 4159 * smack_release_secctx - don't do anything. 4160 * @secdata: unused 4161 * @seclen: unused 4162 * 4163 * Exists to make sure nothing gets done, and properly 4164 */ 4165 static void smack_release_secctx(char *secdata, u32 seclen) 4166 { 4167 } 4168 4169 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4170 { 4171 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 4172 } 4173 4174 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4175 { 4176 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 4177 } 4178 4179 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4180 { 4181 int len = 0; 4182 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); 4183 4184 if (len < 0) 4185 return len; 4186 *ctxlen = len; 4187 return 0; 4188 } 4189 4190 struct security_operations smack_ops = { 4191 .name = "smack", 4192 4193 .ptrace_access_check = smack_ptrace_access_check, 4194 .ptrace_traceme = smack_ptrace_traceme, 4195 .syslog = smack_syslog, 4196 4197 .sb_alloc_security = smack_sb_alloc_security, 4198 .sb_free_security = smack_sb_free_security, 4199 .sb_copy_data = smack_sb_copy_data, 4200 .sb_kern_mount = smack_sb_kern_mount, 4201 .sb_statfs = smack_sb_statfs, 4202 4203 .bprm_set_creds = smack_bprm_set_creds, 4204 .bprm_committing_creds = smack_bprm_committing_creds, 4205 .bprm_secureexec = smack_bprm_secureexec, 4206 4207 .inode_alloc_security = smack_inode_alloc_security, 4208 .inode_free_security = smack_inode_free_security, 4209 .inode_init_security = smack_inode_init_security, 4210 .inode_link = smack_inode_link, 4211 .inode_unlink = smack_inode_unlink, 4212 .inode_rmdir = smack_inode_rmdir, 4213 .inode_rename = smack_inode_rename, 4214 .inode_permission = smack_inode_permission, 4215 .inode_setattr = smack_inode_setattr, 4216 .inode_getattr = smack_inode_getattr, 4217 .inode_setxattr = smack_inode_setxattr, 4218 .inode_post_setxattr = smack_inode_post_setxattr, 4219 .inode_getxattr = smack_inode_getxattr, 4220 .inode_removexattr = smack_inode_removexattr, 4221 .inode_getsecurity = smack_inode_getsecurity, 4222 .inode_setsecurity = smack_inode_setsecurity, 4223 .inode_listsecurity = smack_inode_listsecurity, 4224 .inode_getsecid = smack_inode_getsecid, 4225 4226 .file_permission = smack_file_permission, 4227 .file_alloc_security = smack_file_alloc_security, 4228 .file_free_security = smack_file_free_security, 4229 .file_ioctl = smack_file_ioctl, 4230 .file_lock = smack_file_lock, 4231 .file_fcntl = smack_file_fcntl, 4232 .mmap_file = smack_mmap_file, 4233 .mmap_addr = cap_mmap_addr, 4234 .file_set_fowner = smack_file_set_fowner, 4235 .file_send_sigiotask = smack_file_send_sigiotask, 4236 .file_receive = smack_file_receive, 4237 4238 .file_open = smack_file_open, 4239 4240 .cred_alloc_blank = smack_cred_alloc_blank, 4241 .cred_free = smack_cred_free, 4242 .cred_prepare = smack_cred_prepare, 4243 .cred_transfer = smack_cred_transfer, 4244 .kernel_act_as = smack_kernel_act_as, 4245 .kernel_create_files_as = smack_kernel_create_files_as, 4246 .task_setpgid = smack_task_setpgid, 4247 .task_getpgid = smack_task_getpgid, 4248 .task_getsid = smack_task_getsid, 4249 .task_getsecid = smack_task_getsecid, 4250 .task_setnice = smack_task_setnice, 4251 .task_setioprio = smack_task_setioprio, 4252 .task_getioprio = smack_task_getioprio, 4253 .task_setscheduler = smack_task_setscheduler, 4254 .task_getscheduler = smack_task_getscheduler, 4255 .task_movememory = smack_task_movememory, 4256 .task_kill = smack_task_kill, 4257 .task_wait = smack_task_wait, 4258 .task_to_inode = smack_task_to_inode, 4259 4260 .ipc_permission = smack_ipc_permission, 4261 .ipc_getsecid = smack_ipc_getsecid, 4262 4263 .msg_msg_alloc_security = smack_msg_msg_alloc_security, 4264 .msg_msg_free_security = smack_msg_msg_free_security, 4265 4266 .msg_queue_alloc_security = smack_msg_queue_alloc_security, 4267 .msg_queue_free_security = smack_msg_queue_free_security, 4268 .msg_queue_associate = smack_msg_queue_associate, 4269 .msg_queue_msgctl = smack_msg_queue_msgctl, 4270 .msg_queue_msgsnd = smack_msg_queue_msgsnd, 4271 .msg_queue_msgrcv = smack_msg_queue_msgrcv, 4272 4273 .shm_alloc_security = smack_shm_alloc_security, 4274 .shm_free_security = smack_shm_free_security, 4275 .shm_associate = smack_shm_associate, 4276 .shm_shmctl = smack_shm_shmctl, 4277 .shm_shmat = smack_shm_shmat, 4278 4279 .sem_alloc_security = smack_sem_alloc_security, 4280 .sem_free_security = smack_sem_free_security, 4281 .sem_associate = smack_sem_associate, 4282 .sem_semctl = smack_sem_semctl, 4283 .sem_semop = smack_sem_semop, 4284 4285 .d_instantiate = smack_d_instantiate, 4286 4287 .getprocattr = smack_getprocattr, 4288 .setprocattr = smack_setprocattr, 4289 4290 .unix_stream_connect = smack_unix_stream_connect, 4291 .unix_may_send = smack_unix_may_send, 4292 4293 .socket_post_create = smack_socket_post_create, 4294 #ifndef CONFIG_SECURITY_SMACK_NETFILTER 4295 .socket_bind = smack_socket_bind, 4296 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 4297 .socket_connect = smack_socket_connect, 4298 .socket_sendmsg = smack_socket_sendmsg, 4299 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, 4300 .socket_getpeersec_stream = smack_socket_getpeersec_stream, 4301 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, 4302 .sk_alloc_security = smack_sk_alloc_security, 4303 .sk_free_security = smack_sk_free_security, 4304 .sock_graft = smack_sock_graft, 4305 .inet_conn_request = smack_inet_conn_request, 4306 .inet_csk_clone = smack_inet_csk_clone, 4307 4308 /* key management security hooks */ 4309 #ifdef CONFIG_KEYS 4310 .key_alloc = smack_key_alloc, 4311 .key_free = smack_key_free, 4312 .key_permission = smack_key_permission, 4313 #endif /* CONFIG_KEYS */ 4314 4315 /* Audit hooks */ 4316 #ifdef CONFIG_AUDIT 4317 .audit_rule_init = smack_audit_rule_init, 4318 .audit_rule_known = smack_audit_rule_known, 4319 .audit_rule_match = smack_audit_rule_match, 4320 .audit_rule_free = smack_audit_rule_free, 4321 #endif /* CONFIG_AUDIT */ 4322 4323 .ismaclabel = smack_ismaclabel, 4324 .secid_to_secctx = smack_secid_to_secctx, 4325 .secctx_to_secid = smack_secctx_to_secid, 4326 .release_secctx = smack_release_secctx, 4327 .inode_notifysecctx = smack_inode_notifysecctx, 4328 .inode_setsecctx = smack_inode_setsecctx, 4329 .inode_getsecctx = smack_inode_getsecctx, 4330 }; 4331 4332 4333 static __init void init_smack_known_list(void) 4334 { 4335 /* 4336 * Initialize rule list locks 4337 */ 4338 mutex_init(&smack_known_huh.smk_rules_lock); 4339 mutex_init(&smack_known_hat.smk_rules_lock); 4340 mutex_init(&smack_known_floor.smk_rules_lock); 4341 mutex_init(&smack_known_star.smk_rules_lock); 4342 mutex_init(&smack_known_invalid.smk_rules_lock); 4343 mutex_init(&smack_known_web.smk_rules_lock); 4344 /* 4345 * Initialize rule lists 4346 */ 4347 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4348 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4349 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4350 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4351 INIT_LIST_HEAD(&smack_known_invalid.smk_rules); 4352 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4353 /* 4354 * Create the known labels list 4355 */ 4356 smk_insert_entry(&smack_known_huh); 4357 smk_insert_entry(&smack_known_hat); 4358 smk_insert_entry(&smack_known_star); 4359 smk_insert_entry(&smack_known_floor); 4360 smk_insert_entry(&smack_known_invalid); 4361 smk_insert_entry(&smack_known_web); 4362 } 4363 4364 /** 4365 * smack_init - initialize the smack system 4366 * 4367 * Returns 0 4368 */ 4369 static __init int smack_init(void) 4370 { 4371 struct cred *cred; 4372 struct task_smack *tsp; 4373 4374 if (!security_module_enable(&smack_ops)) 4375 return 0; 4376 4377 smack_enabled = 1; 4378 4379 smack_inode_cache = KMEM_CACHE(inode_smack, 0); 4380 if (!smack_inode_cache) 4381 return -ENOMEM; 4382 4383 tsp = new_task_smack(&smack_known_floor, &smack_known_floor, 4384 GFP_KERNEL); 4385 if (tsp == NULL) { 4386 kmem_cache_destroy(smack_inode_cache); 4387 return -ENOMEM; 4388 } 4389 4390 printk(KERN_INFO "Smack: Initializing.\n"); 4391 4392 /* 4393 * Set the security state for the initial task. 4394 */ 4395 cred = (struct cred *) current->cred; 4396 cred->security = tsp; 4397 4398 /* initialize the smack_known_list */ 4399 init_smack_known_list(); 4400 4401 /* 4402 * Register with LSM 4403 */ 4404 if (register_security(&smack_ops)) 4405 panic("smack: Unable to register with kernel.\n"); 4406 4407 return 0; 4408 } 4409 4410 /* 4411 * Smack requires early initialization in order to label 4412 * all processes and objects when they are created. 4413 */ 4414 security_initcall(smack_init); 4415