1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include <linux/io_uring.h> 46 #include "smack.h" 47 48 #define TRANS_TRUE "TRUE" 49 #define TRANS_TRUE_SIZE 4 50 51 #define SMK_CONNECTING 0 52 #define SMK_RECEIVING 1 53 #define SMK_SENDING 2 54 55 #ifdef SMACK_IPV6_PORT_LABELING 56 static DEFINE_MUTEX(smack_ipv6_lock); 57 static LIST_HEAD(smk_ipv6_port_list); 58 #endif 59 struct kmem_cache *smack_rule_cache; 60 int smack_enabled __initdata; 61 62 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 63 static struct { 64 const char *name; 65 int len; 66 int opt; 67 } smk_mount_opts[] = { 68 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 69 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 70 }; 71 #undef A 72 73 static int match_opt_prefix(char *s, int l, char **arg) 74 { 75 int i; 76 77 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 78 size_t len = smk_mount_opts[i].len; 79 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 80 continue; 81 if (len == l || s[len] != '=') 82 continue; 83 *arg = s + len + 1; 84 return smk_mount_opts[i].opt; 85 } 86 return Opt_error; 87 } 88 89 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 90 static char *smk_bu_mess[] = { 91 "Bringup Error", /* Unused */ 92 "Bringup", /* SMACK_BRINGUP_ALLOW */ 93 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 94 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 95 }; 96 97 static void smk_bu_mode(int mode, char *s) 98 { 99 int i = 0; 100 101 if (mode & MAY_READ) 102 s[i++] = 'r'; 103 if (mode & MAY_WRITE) 104 s[i++] = 'w'; 105 if (mode & MAY_EXEC) 106 s[i++] = 'x'; 107 if (mode & MAY_APPEND) 108 s[i++] = 'a'; 109 if (mode & MAY_TRANSMUTE) 110 s[i++] = 't'; 111 if (mode & MAY_LOCK) 112 s[i++] = 'l'; 113 if (i == 0) 114 s[i++] = '-'; 115 s[i] = '\0'; 116 } 117 #endif 118 119 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 120 static int smk_bu_note(char *note, struct smack_known *sskp, 121 struct smack_known *oskp, int mode, int rc) 122 { 123 char acc[SMK_NUM_ACCESS_TYPE + 1]; 124 125 if (rc <= 0) 126 return rc; 127 if (rc > SMACK_UNCONFINED_OBJECT) 128 rc = 0; 129 130 smk_bu_mode(mode, acc); 131 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 132 sskp->smk_known, oskp->smk_known, acc, note); 133 return 0; 134 } 135 #else 136 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 137 #endif 138 139 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 140 static int smk_bu_current(char *note, struct smack_known *oskp, 141 int mode, int rc) 142 { 143 struct task_smack *tsp = smack_cred(current_cred()); 144 char acc[SMK_NUM_ACCESS_TYPE + 1]; 145 146 if (rc <= 0) 147 return rc; 148 if (rc > SMACK_UNCONFINED_OBJECT) 149 rc = 0; 150 151 smk_bu_mode(mode, acc); 152 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 153 tsp->smk_task->smk_known, oskp->smk_known, 154 acc, current->comm, note); 155 return 0; 156 } 157 #else 158 #define smk_bu_current(note, oskp, mode, RC) (RC) 159 #endif 160 161 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 162 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 163 { 164 struct task_smack *tsp = smack_cred(current_cred()); 165 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 166 char acc[SMK_NUM_ACCESS_TYPE + 1]; 167 168 if (rc <= 0) 169 return rc; 170 if (rc > SMACK_UNCONFINED_OBJECT) 171 rc = 0; 172 173 smk_bu_mode(mode, acc); 174 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 175 tsp->smk_task->smk_known, smk_task->smk_known, acc, 176 current->comm, otp->comm); 177 return 0; 178 } 179 #else 180 #define smk_bu_task(otp, mode, RC) (RC) 181 #endif 182 183 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 184 static int smk_bu_inode(struct inode *inode, int mode, int rc) 185 { 186 struct task_smack *tsp = smack_cred(current_cred()); 187 struct inode_smack *isp = smack_inode(inode); 188 char acc[SMK_NUM_ACCESS_TYPE + 1]; 189 190 if (isp->smk_flags & SMK_INODE_IMPURE) 191 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 192 inode->i_sb->s_id, inode->i_ino, current->comm); 193 194 if (rc <= 0) 195 return rc; 196 if (rc > SMACK_UNCONFINED_OBJECT) 197 rc = 0; 198 if (rc == SMACK_UNCONFINED_SUBJECT && 199 (mode & (MAY_WRITE | MAY_APPEND))) 200 isp->smk_flags |= SMK_INODE_IMPURE; 201 202 smk_bu_mode(mode, acc); 203 204 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 205 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 206 inode->i_sb->s_id, inode->i_ino, current->comm); 207 return 0; 208 } 209 #else 210 #define smk_bu_inode(inode, mode, RC) (RC) 211 #endif 212 213 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 214 static int smk_bu_file(struct file *file, int mode, int rc) 215 { 216 struct task_smack *tsp = smack_cred(current_cred()); 217 struct smack_known *sskp = tsp->smk_task; 218 struct inode *inode = file_inode(file); 219 struct inode_smack *isp = smack_inode(inode); 220 char acc[SMK_NUM_ACCESS_TYPE + 1]; 221 222 if (isp->smk_flags & SMK_INODE_IMPURE) 223 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 224 inode->i_sb->s_id, inode->i_ino, current->comm); 225 226 if (rc <= 0) 227 return rc; 228 if (rc > SMACK_UNCONFINED_OBJECT) 229 rc = 0; 230 231 smk_bu_mode(mode, acc); 232 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 233 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 234 inode->i_sb->s_id, inode->i_ino, file, 235 current->comm); 236 return 0; 237 } 238 #else 239 #define smk_bu_file(file, mode, RC) (RC) 240 #endif 241 242 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 243 static int smk_bu_credfile(const struct cred *cred, struct file *file, 244 int mode, int rc) 245 { 246 struct task_smack *tsp = smack_cred(cred); 247 struct smack_known *sskp = tsp->smk_task; 248 struct inode *inode = file_inode(file); 249 struct inode_smack *isp = smack_inode(inode); 250 char acc[SMK_NUM_ACCESS_TYPE + 1]; 251 252 if (isp->smk_flags & SMK_INODE_IMPURE) 253 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 254 inode->i_sb->s_id, inode->i_ino, current->comm); 255 256 if (rc <= 0) 257 return rc; 258 if (rc > SMACK_UNCONFINED_OBJECT) 259 rc = 0; 260 261 smk_bu_mode(mode, acc); 262 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 263 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 264 inode->i_sb->s_id, inode->i_ino, file, 265 current->comm); 266 return 0; 267 } 268 #else 269 #define smk_bu_credfile(cred, file, mode, RC) (RC) 270 #endif 271 272 /** 273 * smk_fetch - Fetch the smack label from a file. 274 * @name: type of the label (attribute) 275 * @ip: a pointer to the inode 276 * @dp: a pointer to the dentry 277 * 278 * Returns a pointer to the master list entry for the Smack label, 279 * NULL if there was no label to fetch, or an error code. 280 */ 281 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 282 struct dentry *dp) 283 { 284 int rc; 285 char *buffer; 286 struct smack_known *skp = NULL; 287 288 if (!(ip->i_opflags & IOP_XATTR)) 289 return ERR_PTR(-EOPNOTSUPP); 290 291 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 292 if (buffer == NULL) 293 return ERR_PTR(-ENOMEM); 294 295 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 296 if (rc < 0) 297 skp = ERR_PTR(rc); 298 else if (rc == 0) 299 skp = NULL; 300 else 301 skp = smk_import_entry(buffer, rc); 302 303 kfree(buffer); 304 305 return skp; 306 } 307 308 /** 309 * init_inode_smack - initialize an inode security blob 310 * @inode: inode to extract the info from 311 * @skp: a pointer to the Smack label entry to use in the blob 312 * 313 */ 314 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 315 { 316 struct inode_smack *isp = smack_inode(inode); 317 318 isp->smk_inode = skp; 319 isp->smk_flags = 0; 320 } 321 322 /** 323 * init_task_smack - initialize a task security blob 324 * @tsp: blob to initialize 325 * @task: a pointer to the Smack label for the running task 326 * @forked: a pointer to the Smack label for the forked task 327 * 328 */ 329 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 330 struct smack_known *forked) 331 { 332 tsp->smk_task = task; 333 tsp->smk_forked = forked; 334 INIT_LIST_HEAD(&tsp->smk_rules); 335 INIT_LIST_HEAD(&tsp->smk_relabel); 336 mutex_init(&tsp->smk_rules_lock); 337 } 338 339 /** 340 * smk_copy_rules - copy a rule set 341 * @nhead: new rules header pointer 342 * @ohead: old rules header pointer 343 * @gfp: type of the memory for the allocation 344 * 345 * Returns 0 on success, -ENOMEM on error 346 */ 347 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 348 gfp_t gfp) 349 { 350 struct smack_rule *nrp; 351 struct smack_rule *orp; 352 int rc = 0; 353 354 list_for_each_entry_rcu(orp, ohead, list) { 355 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 356 if (nrp == NULL) { 357 rc = -ENOMEM; 358 break; 359 } 360 *nrp = *orp; 361 list_add_rcu(&nrp->list, nhead); 362 } 363 return rc; 364 } 365 366 /** 367 * smk_copy_relabel - copy smk_relabel labels list 368 * @nhead: new rules header pointer 369 * @ohead: old rules header pointer 370 * @gfp: type of the memory for the allocation 371 * 372 * Returns 0 on success, -ENOMEM on error 373 */ 374 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 375 gfp_t gfp) 376 { 377 struct smack_known_list_elem *nklep; 378 struct smack_known_list_elem *oklep; 379 380 list_for_each_entry(oklep, ohead, list) { 381 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 382 if (nklep == NULL) { 383 smk_destroy_label_list(nhead); 384 return -ENOMEM; 385 } 386 nklep->smk_label = oklep->smk_label; 387 list_add(&nklep->list, nhead); 388 } 389 390 return 0; 391 } 392 393 /** 394 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 395 * @mode: input mode in form of PTRACE_MODE_* 396 * 397 * Returns a converted MAY_* mode usable by smack rules 398 */ 399 static inline unsigned int smk_ptrace_mode(unsigned int mode) 400 { 401 if (mode & PTRACE_MODE_ATTACH) 402 return MAY_READWRITE; 403 if (mode & PTRACE_MODE_READ) 404 return MAY_READ; 405 406 return 0; 407 } 408 409 /** 410 * smk_ptrace_rule_check - helper for ptrace access 411 * @tracer: tracer process 412 * @tracee_known: label entry of the process that's about to be traced 413 * @mode: ptrace attachment mode (PTRACE_MODE_*) 414 * @func: name of the function that called us, used for audit 415 * 416 * Returns 0 on access granted, -error on error 417 */ 418 static int smk_ptrace_rule_check(struct task_struct *tracer, 419 struct smack_known *tracee_known, 420 unsigned int mode, const char *func) 421 { 422 int rc; 423 struct smk_audit_info ad, *saip = NULL; 424 struct task_smack *tsp; 425 struct smack_known *tracer_known; 426 const struct cred *tracercred; 427 428 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 429 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 430 smk_ad_setfield_u_tsk(&ad, tracer); 431 saip = &ad; 432 } 433 434 rcu_read_lock(); 435 tracercred = __task_cred(tracer); 436 tsp = smack_cred(tracercred); 437 tracer_known = smk_of_task(tsp); 438 439 if ((mode & PTRACE_MODE_ATTACH) && 440 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 441 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 442 if (tracer_known->smk_known == tracee_known->smk_known) 443 rc = 0; 444 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 445 rc = -EACCES; 446 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 447 rc = 0; 448 else 449 rc = -EACCES; 450 451 if (saip) 452 smack_log(tracer_known->smk_known, 453 tracee_known->smk_known, 454 0, rc, saip); 455 456 rcu_read_unlock(); 457 return rc; 458 } 459 460 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 461 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 462 463 rcu_read_unlock(); 464 return rc; 465 } 466 467 /* 468 * LSM hooks. 469 * We he, that is fun! 470 */ 471 472 /** 473 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 474 * @ctp: child task pointer 475 * @mode: ptrace attachment mode (PTRACE_MODE_*) 476 * 477 * Returns 0 if access is OK, an error code otherwise 478 * 479 * Do the capability checks. 480 */ 481 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 482 { 483 struct smack_known *skp; 484 485 skp = smk_of_task_struct_obj(ctp); 486 487 return smk_ptrace_rule_check(current, skp, mode, __func__); 488 } 489 490 /** 491 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 492 * @ptp: parent task pointer 493 * 494 * Returns 0 if access is OK, an error code otherwise 495 * 496 * Do the capability checks, and require PTRACE_MODE_ATTACH. 497 */ 498 static int smack_ptrace_traceme(struct task_struct *ptp) 499 { 500 int rc; 501 struct smack_known *skp; 502 503 skp = smk_of_task(smack_cred(current_cred())); 504 505 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 506 return rc; 507 } 508 509 /** 510 * smack_syslog - Smack approval on syslog 511 * @typefrom_file: unused 512 * 513 * Returns 0 on success, error code otherwise. 514 */ 515 static int smack_syslog(int typefrom_file) 516 { 517 int rc = 0; 518 struct smack_known *skp = smk_of_current(); 519 520 if (smack_privileged(CAP_MAC_OVERRIDE)) 521 return 0; 522 523 if (smack_syslog_label != NULL && smack_syslog_label != skp) 524 rc = -EACCES; 525 526 return rc; 527 } 528 529 /* 530 * Superblock Hooks. 531 */ 532 533 /** 534 * smack_sb_alloc_security - allocate a superblock blob 535 * @sb: the superblock getting the blob 536 * 537 * Returns 0 on success or -ENOMEM on error. 538 */ 539 static int smack_sb_alloc_security(struct super_block *sb) 540 { 541 struct superblock_smack *sbsp = smack_superblock(sb); 542 543 sbsp->smk_root = &smack_known_floor; 544 sbsp->smk_default = &smack_known_floor; 545 sbsp->smk_floor = &smack_known_floor; 546 sbsp->smk_hat = &smack_known_hat; 547 /* 548 * SMK_SB_INITIALIZED will be zero from kzalloc. 549 */ 550 551 return 0; 552 } 553 554 struct smack_mnt_opts { 555 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; 556 }; 557 558 static void smack_free_mnt_opts(void *mnt_opts) 559 { 560 struct smack_mnt_opts *opts = mnt_opts; 561 kfree(opts->fsdefault); 562 kfree(opts->fsfloor); 563 kfree(opts->fshat); 564 kfree(opts->fsroot); 565 kfree(opts->fstransmute); 566 kfree(opts); 567 } 568 569 static int smack_add_opt(int token, const char *s, void **mnt_opts) 570 { 571 struct smack_mnt_opts *opts = *mnt_opts; 572 573 if (!opts) { 574 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 575 if (!opts) 576 return -ENOMEM; 577 *mnt_opts = opts; 578 } 579 if (!s) 580 return -ENOMEM; 581 582 switch (token) { 583 case Opt_fsdefault: 584 if (opts->fsdefault) 585 goto out_opt_err; 586 opts->fsdefault = s; 587 break; 588 case Opt_fsfloor: 589 if (opts->fsfloor) 590 goto out_opt_err; 591 opts->fsfloor = s; 592 break; 593 case Opt_fshat: 594 if (opts->fshat) 595 goto out_opt_err; 596 opts->fshat = s; 597 break; 598 case Opt_fsroot: 599 if (opts->fsroot) 600 goto out_opt_err; 601 opts->fsroot = s; 602 break; 603 case Opt_fstransmute: 604 if (opts->fstransmute) 605 goto out_opt_err; 606 opts->fstransmute = s; 607 break; 608 } 609 return 0; 610 611 out_opt_err: 612 pr_warn("Smack: duplicate mount options\n"); 613 return -EINVAL; 614 } 615 616 /** 617 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 618 * @fc: The new filesystem context. 619 * @src_fc: The source filesystem context being duplicated. 620 * 621 * Returns 0 on success or -ENOMEM on error. 622 */ 623 static int smack_fs_context_dup(struct fs_context *fc, 624 struct fs_context *src_fc) 625 { 626 struct smack_mnt_opts *dst, *src = src_fc->security; 627 628 if (!src) 629 return 0; 630 631 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 632 if (!fc->security) 633 return -ENOMEM; 634 dst = fc->security; 635 636 if (src->fsdefault) { 637 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); 638 if (!dst->fsdefault) 639 return -ENOMEM; 640 } 641 if (src->fsfloor) { 642 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL); 643 if (!dst->fsfloor) 644 return -ENOMEM; 645 } 646 if (src->fshat) { 647 dst->fshat = kstrdup(src->fshat, GFP_KERNEL); 648 if (!dst->fshat) 649 return -ENOMEM; 650 } 651 if (src->fsroot) { 652 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL); 653 if (!dst->fsroot) 654 return -ENOMEM; 655 } 656 if (src->fstransmute) { 657 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL); 658 if (!dst->fstransmute) 659 return -ENOMEM; 660 } 661 return 0; 662 } 663 664 static const struct fs_parameter_spec smack_fs_parameters[] = { 665 fsparam_string("smackfsdef", Opt_fsdefault), 666 fsparam_string("smackfsdefault", Opt_fsdefault), 667 fsparam_string("smackfsfloor", Opt_fsfloor), 668 fsparam_string("smackfshat", Opt_fshat), 669 fsparam_string("smackfsroot", Opt_fsroot), 670 fsparam_string("smackfstransmute", Opt_fstransmute), 671 {} 672 }; 673 674 /** 675 * smack_fs_context_parse_param - Parse a single mount parameter 676 * @fc: The new filesystem context being constructed. 677 * @param: The parameter. 678 * 679 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 680 * error. 681 */ 682 static int smack_fs_context_parse_param(struct fs_context *fc, 683 struct fs_parameter *param) 684 { 685 struct fs_parse_result result; 686 int opt, rc; 687 688 opt = fs_parse(fc, smack_fs_parameters, param, &result); 689 if (opt < 0) 690 return opt; 691 692 rc = smack_add_opt(opt, param->string, &fc->security); 693 if (!rc) 694 param->string = NULL; 695 return rc; 696 } 697 698 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 699 { 700 char *from = options, *to = options; 701 bool first = true; 702 703 while (1) { 704 char *next = strchr(from, ','); 705 int token, len, rc; 706 char *arg = NULL; 707 708 if (next) 709 len = next - from; 710 else 711 len = strlen(from); 712 713 token = match_opt_prefix(from, len, &arg); 714 if (token != Opt_error) { 715 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 716 rc = smack_add_opt(token, arg, mnt_opts); 717 if (unlikely(rc)) { 718 kfree(arg); 719 if (*mnt_opts) 720 smack_free_mnt_opts(*mnt_opts); 721 *mnt_opts = NULL; 722 return rc; 723 } 724 } else { 725 if (!first) { // copy with preceding comma 726 from--; 727 len++; 728 } 729 if (to != from) 730 memmove(to, from, len); 731 to += len; 732 first = false; 733 } 734 if (!from[len]) 735 break; 736 from += len + 1; 737 } 738 *to = '\0'; 739 return 0; 740 } 741 742 /** 743 * smack_set_mnt_opts - set Smack specific mount options 744 * @sb: the file system superblock 745 * @mnt_opts: Smack mount options 746 * @kern_flags: mount option from kernel space or user space 747 * @set_kern_flags: where to store converted mount opts 748 * 749 * Returns 0 on success, an error code on failure 750 * 751 * Allow filesystems with binary mount data to explicitly set Smack mount 752 * labels. 753 */ 754 static int smack_set_mnt_opts(struct super_block *sb, 755 void *mnt_opts, 756 unsigned long kern_flags, 757 unsigned long *set_kern_flags) 758 { 759 struct dentry *root = sb->s_root; 760 struct inode *inode = d_backing_inode(root); 761 struct superblock_smack *sp = smack_superblock(sb); 762 struct inode_smack *isp; 763 struct smack_known *skp; 764 struct smack_mnt_opts *opts = mnt_opts; 765 bool transmute = false; 766 767 if (sp->smk_flags & SMK_SB_INITIALIZED) 768 return 0; 769 770 if (!smack_privileged(CAP_MAC_ADMIN)) { 771 /* 772 * Unprivileged mounts don't get to specify Smack values. 773 */ 774 if (opts) 775 return -EPERM; 776 /* 777 * Unprivileged mounts get root and default from the caller. 778 */ 779 skp = smk_of_current(); 780 sp->smk_root = skp; 781 sp->smk_default = skp; 782 /* 783 * For a handful of fs types with no user-controlled 784 * backing store it's okay to trust security labels 785 * in the filesystem. The rest are untrusted. 786 */ 787 if (sb->s_user_ns != &init_user_ns && 788 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 789 sb->s_magic != RAMFS_MAGIC) { 790 transmute = true; 791 sp->smk_flags |= SMK_SB_UNTRUSTED; 792 } 793 } 794 795 sp->smk_flags |= SMK_SB_INITIALIZED; 796 797 if (opts) { 798 if (opts->fsdefault) { 799 skp = smk_import_entry(opts->fsdefault, 0); 800 if (IS_ERR(skp)) 801 return PTR_ERR(skp); 802 sp->smk_default = skp; 803 } 804 if (opts->fsfloor) { 805 skp = smk_import_entry(opts->fsfloor, 0); 806 if (IS_ERR(skp)) 807 return PTR_ERR(skp); 808 sp->smk_floor = skp; 809 } 810 if (opts->fshat) { 811 skp = smk_import_entry(opts->fshat, 0); 812 if (IS_ERR(skp)) 813 return PTR_ERR(skp); 814 sp->smk_hat = skp; 815 } 816 if (opts->fsroot) { 817 skp = smk_import_entry(opts->fsroot, 0); 818 if (IS_ERR(skp)) 819 return PTR_ERR(skp); 820 sp->smk_root = skp; 821 } 822 if (opts->fstransmute) { 823 skp = smk_import_entry(opts->fstransmute, 0); 824 if (IS_ERR(skp)) 825 return PTR_ERR(skp); 826 sp->smk_root = skp; 827 transmute = true; 828 } 829 } 830 831 /* 832 * Initialize the root inode. 833 */ 834 init_inode_smack(inode, sp->smk_root); 835 836 if (transmute) { 837 isp = smack_inode(inode); 838 isp->smk_flags |= SMK_INODE_TRANSMUTE; 839 } 840 841 return 0; 842 } 843 844 /** 845 * smack_sb_statfs - Smack check on statfs 846 * @dentry: identifies the file system in question 847 * 848 * Returns 0 if current can read the floor of the filesystem, 849 * and error code otherwise 850 */ 851 static int smack_sb_statfs(struct dentry *dentry) 852 { 853 struct superblock_smack *sbp = smack_superblock(dentry->d_sb); 854 int rc; 855 struct smk_audit_info ad; 856 857 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 858 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 859 860 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 861 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 862 return rc; 863 } 864 865 /* 866 * BPRM hooks 867 */ 868 869 /** 870 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 871 * @bprm: the exec information 872 * 873 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 874 */ 875 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 876 { 877 struct inode *inode = file_inode(bprm->file); 878 struct task_smack *bsp = smack_cred(bprm->cred); 879 struct inode_smack *isp; 880 struct superblock_smack *sbsp; 881 int rc; 882 883 isp = smack_inode(inode); 884 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 885 return 0; 886 887 sbsp = smack_superblock(inode->i_sb); 888 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 889 isp->smk_task != sbsp->smk_root) 890 return 0; 891 892 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 893 struct task_struct *tracer; 894 rc = 0; 895 896 rcu_read_lock(); 897 tracer = ptrace_parent(current); 898 if (likely(tracer != NULL)) 899 rc = smk_ptrace_rule_check(tracer, 900 isp->smk_task, 901 PTRACE_MODE_ATTACH, 902 __func__); 903 rcu_read_unlock(); 904 905 if (rc != 0) 906 return rc; 907 } 908 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 909 return -EPERM; 910 911 bsp->smk_task = isp->smk_task; 912 bprm->per_clear |= PER_CLEAR_ON_SETID; 913 914 /* Decide if this is a secure exec. */ 915 if (bsp->smk_task != bsp->smk_forked) 916 bprm->secureexec = 1; 917 918 return 0; 919 } 920 921 /* 922 * Inode hooks 923 */ 924 925 /** 926 * smack_inode_alloc_security - allocate an inode blob 927 * @inode: the inode in need of a blob 928 * 929 * Returns 0 930 */ 931 static int smack_inode_alloc_security(struct inode *inode) 932 { 933 struct smack_known *skp = smk_of_current(); 934 935 init_inode_smack(inode, skp); 936 return 0; 937 } 938 939 /** 940 * smack_inode_init_security - copy out the smack from an inode 941 * @inode: the newly created inode 942 * @dir: containing directory object 943 * @qstr: unused 944 * @name: where to put the attribute name 945 * @value: where to put the attribute value 946 * @len: where to put the length of the attribute 947 * 948 * Returns 0 if it all works out, -ENOMEM if there's no memory 949 */ 950 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 951 const struct qstr *qstr, const char **name, 952 void **value, size_t *len) 953 { 954 struct inode_smack *issp = smack_inode(inode); 955 struct smack_known *skp = smk_of_current(); 956 struct smack_known *isp = smk_of_inode(inode); 957 struct smack_known *dsp = smk_of_inode(dir); 958 int may; 959 960 if (name) 961 *name = XATTR_SMACK_SUFFIX; 962 963 if (value && len) { 964 rcu_read_lock(); 965 may = smk_access_entry(skp->smk_known, dsp->smk_known, 966 &skp->smk_rules); 967 rcu_read_unlock(); 968 969 /* 970 * If the access rule allows transmutation and 971 * the directory requests transmutation then 972 * by all means transmute. 973 * Mark the inode as changed. 974 */ 975 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 976 smk_inode_transmutable(dir)) { 977 isp = dsp; 978 issp->smk_flags |= SMK_INODE_CHANGED; 979 } 980 981 *value = kstrdup(isp->smk_known, GFP_NOFS); 982 if (*value == NULL) 983 return -ENOMEM; 984 985 *len = strlen(isp->smk_known); 986 } 987 988 return 0; 989 } 990 991 /** 992 * smack_inode_link - Smack check on link 993 * @old_dentry: the existing object 994 * @dir: unused 995 * @new_dentry: the new object 996 * 997 * Returns 0 if access is permitted, an error code otherwise 998 */ 999 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1000 struct dentry *new_dentry) 1001 { 1002 struct smack_known *isp; 1003 struct smk_audit_info ad; 1004 int rc; 1005 1006 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1007 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1008 1009 isp = smk_of_inode(d_backing_inode(old_dentry)); 1010 rc = smk_curacc(isp, MAY_WRITE, &ad); 1011 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1012 1013 if (rc == 0 && d_is_positive(new_dentry)) { 1014 isp = smk_of_inode(d_backing_inode(new_dentry)); 1015 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1016 rc = smk_curacc(isp, MAY_WRITE, &ad); 1017 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1018 } 1019 1020 return rc; 1021 } 1022 1023 /** 1024 * smack_inode_unlink - Smack check on inode deletion 1025 * @dir: containing directory object 1026 * @dentry: file to unlink 1027 * 1028 * Returns 0 if current can write the containing directory 1029 * and the object, error code otherwise 1030 */ 1031 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1032 { 1033 struct inode *ip = d_backing_inode(dentry); 1034 struct smk_audit_info ad; 1035 int rc; 1036 1037 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1038 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1039 1040 /* 1041 * You need write access to the thing you're unlinking 1042 */ 1043 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1044 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1045 if (rc == 0) { 1046 /* 1047 * You also need write access to the containing directory 1048 */ 1049 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1050 smk_ad_setfield_u_fs_inode(&ad, dir); 1051 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1052 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1053 } 1054 return rc; 1055 } 1056 1057 /** 1058 * smack_inode_rmdir - Smack check on directory deletion 1059 * @dir: containing directory object 1060 * @dentry: directory to unlink 1061 * 1062 * Returns 0 if current can write the containing directory 1063 * and the directory, error code otherwise 1064 */ 1065 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1066 { 1067 struct smk_audit_info ad; 1068 int rc; 1069 1070 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1071 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1072 1073 /* 1074 * You need write access to the thing you're removing 1075 */ 1076 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1077 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1078 if (rc == 0) { 1079 /* 1080 * You also need write access to the containing directory 1081 */ 1082 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1083 smk_ad_setfield_u_fs_inode(&ad, dir); 1084 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1085 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1086 } 1087 1088 return rc; 1089 } 1090 1091 /** 1092 * smack_inode_rename - Smack check on rename 1093 * @old_inode: unused 1094 * @old_dentry: the old object 1095 * @new_inode: unused 1096 * @new_dentry: the new object 1097 * 1098 * Read and write access is required on both the old and 1099 * new directories. 1100 * 1101 * Returns 0 if access is permitted, an error code otherwise 1102 */ 1103 static int smack_inode_rename(struct inode *old_inode, 1104 struct dentry *old_dentry, 1105 struct inode *new_inode, 1106 struct dentry *new_dentry) 1107 { 1108 int rc; 1109 struct smack_known *isp; 1110 struct smk_audit_info ad; 1111 1112 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1113 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1114 1115 isp = smk_of_inode(d_backing_inode(old_dentry)); 1116 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1117 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1118 1119 if (rc == 0 && d_is_positive(new_dentry)) { 1120 isp = smk_of_inode(d_backing_inode(new_dentry)); 1121 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1122 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1123 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1124 } 1125 return rc; 1126 } 1127 1128 /** 1129 * smack_inode_permission - Smack version of permission() 1130 * @inode: the inode in question 1131 * @mask: the access requested 1132 * 1133 * This is the important Smack hook. 1134 * 1135 * Returns 0 if access is permitted, an error code otherwise 1136 */ 1137 static int smack_inode_permission(struct inode *inode, int mask) 1138 { 1139 struct superblock_smack *sbsp = smack_superblock(inode->i_sb); 1140 struct smk_audit_info ad; 1141 int no_block = mask & MAY_NOT_BLOCK; 1142 int rc; 1143 1144 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1145 /* 1146 * No permission to check. Existence test. Yup, it's there. 1147 */ 1148 if (mask == 0) 1149 return 0; 1150 1151 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1152 if (smk_of_inode(inode) != sbsp->smk_root) 1153 return -EACCES; 1154 } 1155 1156 /* May be droppable after audit */ 1157 if (no_block) 1158 return -ECHILD; 1159 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1160 smk_ad_setfield_u_fs_inode(&ad, inode); 1161 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1162 rc = smk_bu_inode(inode, mask, rc); 1163 return rc; 1164 } 1165 1166 /** 1167 * smack_inode_setattr - Smack check for setting attributes 1168 * @dentry: the object 1169 * @iattr: for the force flag 1170 * 1171 * Returns 0 if access is permitted, an error code otherwise 1172 */ 1173 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1174 { 1175 struct smk_audit_info ad; 1176 int rc; 1177 1178 /* 1179 * Need to allow for clearing the setuid bit. 1180 */ 1181 if (iattr->ia_valid & ATTR_FORCE) 1182 return 0; 1183 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1184 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1185 1186 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1187 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1188 return rc; 1189 } 1190 1191 /** 1192 * smack_inode_getattr - Smack check for getting attributes 1193 * @path: path to extract the info from 1194 * 1195 * Returns 0 if access is permitted, an error code otherwise 1196 */ 1197 static int smack_inode_getattr(const struct path *path) 1198 { 1199 struct smk_audit_info ad; 1200 struct inode *inode = d_backing_inode(path->dentry); 1201 int rc; 1202 1203 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1204 smk_ad_setfield_u_fs_path(&ad, *path); 1205 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1206 rc = smk_bu_inode(inode, MAY_READ, rc); 1207 return rc; 1208 } 1209 1210 /** 1211 * smack_inode_setxattr - Smack check for setting xattrs 1212 * @mnt_userns: active user namespace 1213 * @dentry: the object 1214 * @name: name of the attribute 1215 * @value: value of the attribute 1216 * @size: size of the value 1217 * @flags: unused 1218 * 1219 * This protects the Smack attribute explicitly. 1220 * 1221 * Returns 0 if access is permitted, an error code otherwise 1222 */ 1223 static int smack_inode_setxattr(struct user_namespace *mnt_userns, 1224 struct dentry *dentry, const char *name, 1225 const void *value, size_t size, int flags) 1226 { 1227 struct smk_audit_info ad; 1228 struct smack_known *skp; 1229 int check_priv = 0; 1230 int check_import = 0; 1231 int check_star = 0; 1232 int rc = 0; 1233 1234 /* 1235 * Check label validity here so import won't fail in post_setxattr 1236 */ 1237 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1238 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1239 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1240 check_priv = 1; 1241 check_import = 1; 1242 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1243 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1244 check_priv = 1; 1245 check_import = 1; 1246 check_star = 1; 1247 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1248 check_priv = 1; 1249 if (size != TRANS_TRUE_SIZE || 1250 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1251 rc = -EINVAL; 1252 } else 1253 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1254 1255 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1256 rc = -EPERM; 1257 1258 if (rc == 0 && check_import) { 1259 skp = size ? smk_import_entry(value, size) : NULL; 1260 if (IS_ERR(skp)) 1261 rc = PTR_ERR(skp); 1262 else if (skp == NULL || (check_star && 1263 (skp == &smack_known_star || skp == &smack_known_web))) 1264 rc = -EINVAL; 1265 } 1266 1267 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1268 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1269 1270 if (rc == 0) { 1271 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1272 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1273 } 1274 1275 return rc; 1276 } 1277 1278 /** 1279 * smack_inode_post_setxattr - Apply the Smack update approved above 1280 * @dentry: object 1281 * @name: attribute name 1282 * @value: attribute value 1283 * @size: attribute size 1284 * @flags: unused 1285 * 1286 * Set the pointer in the inode blob to the entry found 1287 * in the master label list. 1288 */ 1289 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1290 const void *value, size_t size, int flags) 1291 { 1292 struct smack_known *skp; 1293 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1294 1295 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1296 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1297 return; 1298 } 1299 1300 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1301 skp = smk_import_entry(value, size); 1302 if (!IS_ERR(skp)) 1303 isp->smk_inode = skp; 1304 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1305 skp = smk_import_entry(value, size); 1306 if (!IS_ERR(skp)) 1307 isp->smk_task = skp; 1308 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1309 skp = smk_import_entry(value, size); 1310 if (!IS_ERR(skp)) 1311 isp->smk_mmap = skp; 1312 } 1313 1314 return; 1315 } 1316 1317 /** 1318 * smack_inode_getxattr - Smack check on getxattr 1319 * @dentry: the object 1320 * @name: unused 1321 * 1322 * Returns 0 if access is permitted, an error code otherwise 1323 */ 1324 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1325 { 1326 struct smk_audit_info ad; 1327 int rc; 1328 1329 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1330 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1331 1332 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1333 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1334 return rc; 1335 } 1336 1337 /** 1338 * smack_inode_removexattr - Smack check on removexattr 1339 * @mnt_userns: active user namespace 1340 * @dentry: the object 1341 * @name: name of the attribute 1342 * 1343 * Removing the Smack attribute requires CAP_MAC_ADMIN 1344 * 1345 * Returns 0 if access is permitted, an error code otherwise 1346 */ 1347 static int smack_inode_removexattr(struct user_namespace *mnt_userns, 1348 struct dentry *dentry, const char *name) 1349 { 1350 struct inode_smack *isp; 1351 struct smk_audit_info ad; 1352 int rc = 0; 1353 1354 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1355 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1356 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1357 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1358 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1359 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1360 if (!smack_privileged(CAP_MAC_ADMIN)) 1361 rc = -EPERM; 1362 } else 1363 rc = cap_inode_removexattr(mnt_userns, dentry, name); 1364 1365 if (rc != 0) 1366 return rc; 1367 1368 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1369 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1370 1371 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1372 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1373 if (rc != 0) 1374 return rc; 1375 1376 isp = smack_inode(d_backing_inode(dentry)); 1377 /* 1378 * Don't do anything special for these. 1379 * XATTR_NAME_SMACKIPIN 1380 * XATTR_NAME_SMACKIPOUT 1381 */ 1382 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1383 struct super_block *sbp = dentry->d_sb; 1384 struct superblock_smack *sbsp = smack_superblock(sbp); 1385 1386 isp->smk_inode = sbsp->smk_default; 1387 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1388 isp->smk_task = NULL; 1389 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1390 isp->smk_mmap = NULL; 1391 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1392 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1393 1394 return 0; 1395 } 1396 1397 /** 1398 * smack_inode_getsecurity - get smack xattrs 1399 * @mnt_userns: active user namespace 1400 * @inode: the object 1401 * @name: attribute name 1402 * @buffer: where to put the result 1403 * @alloc: duplicate memory 1404 * 1405 * Returns the size of the attribute or an error code 1406 */ 1407 static int smack_inode_getsecurity(struct user_namespace *mnt_userns, 1408 struct inode *inode, const char *name, 1409 void **buffer, bool alloc) 1410 { 1411 struct socket_smack *ssp; 1412 struct socket *sock; 1413 struct super_block *sbp; 1414 struct inode *ip = (struct inode *)inode; 1415 struct smack_known *isp; 1416 1417 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1418 isp = smk_of_inode(inode); 1419 else { 1420 /* 1421 * The rest of the Smack xattrs are only on sockets. 1422 */ 1423 sbp = ip->i_sb; 1424 if (sbp->s_magic != SOCKFS_MAGIC) 1425 return -EOPNOTSUPP; 1426 1427 sock = SOCKET_I(ip); 1428 if (sock == NULL || sock->sk == NULL) 1429 return -EOPNOTSUPP; 1430 1431 ssp = sock->sk->sk_security; 1432 1433 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1434 isp = ssp->smk_in; 1435 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1436 isp = ssp->smk_out; 1437 else 1438 return -EOPNOTSUPP; 1439 } 1440 1441 if (alloc) { 1442 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1443 if (*buffer == NULL) 1444 return -ENOMEM; 1445 } 1446 1447 return strlen(isp->smk_known); 1448 } 1449 1450 1451 /** 1452 * smack_inode_listsecurity - list the Smack attributes 1453 * @inode: the object 1454 * @buffer: where they go 1455 * @buffer_size: size of buffer 1456 */ 1457 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1458 size_t buffer_size) 1459 { 1460 int len = sizeof(XATTR_NAME_SMACK); 1461 1462 if (buffer != NULL && len <= buffer_size) 1463 memcpy(buffer, XATTR_NAME_SMACK, len); 1464 1465 return len; 1466 } 1467 1468 /** 1469 * smack_inode_getsecid - Extract inode's security id 1470 * @inode: inode to extract the info from 1471 * @secid: where result will be saved 1472 */ 1473 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1474 { 1475 struct smack_known *skp = smk_of_inode(inode); 1476 1477 *secid = skp->smk_secid; 1478 } 1479 1480 /* 1481 * File Hooks 1482 */ 1483 1484 /* 1485 * There is no smack_file_permission hook 1486 * 1487 * Should access checks be done on each read or write? 1488 * UNICOS and SELinux say yes. 1489 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1490 * 1491 * I'll say no for now. Smack does not do the frequent 1492 * label changing that SELinux does. 1493 */ 1494 1495 /** 1496 * smack_file_alloc_security - assign a file security blob 1497 * @file: the object 1498 * 1499 * The security blob for a file is a pointer to the master 1500 * label list, so no allocation is done. 1501 * 1502 * f_security is the owner security information. It 1503 * isn't used on file access checks, it's for send_sigio. 1504 * 1505 * Returns 0 1506 */ 1507 static int smack_file_alloc_security(struct file *file) 1508 { 1509 struct smack_known **blob = smack_file(file); 1510 1511 *blob = smk_of_current(); 1512 return 0; 1513 } 1514 1515 /** 1516 * smack_file_ioctl - Smack check on ioctls 1517 * @file: the object 1518 * @cmd: what to do 1519 * @arg: unused 1520 * 1521 * Relies heavily on the correct use of the ioctl command conventions. 1522 * 1523 * Returns 0 if allowed, error code otherwise 1524 */ 1525 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1526 unsigned long arg) 1527 { 1528 int rc = 0; 1529 struct smk_audit_info ad; 1530 struct inode *inode = file_inode(file); 1531 1532 if (unlikely(IS_PRIVATE(inode))) 1533 return 0; 1534 1535 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1536 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1537 1538 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1539 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1540 rc = smk_bu_file(file, MAY_WRITE, rc); 1541 } 1542 1543 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1544 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1545 rc = smk_bu_file(file, MAY_READ, rc); 1546 } 1547 1548 return rc; 1549 } 1550 1551 /** 1552 * smack_file_lock - Smack check on file locking 1553 * @file: the object 1554 * @cmd: unused 1555 * 1556 * Returns 0 if current has lock access, error code otherwise 1557 */ 1558 static int smack_file_lock(struct file *file, unsigned int cmd) 1559 { 1560 struct smk_audit_info ad; 1561 int rc; 1562 struct inode *inode = file_inode(file); 1563 1564 if (unlikely(IS_PRIVATE(inode))) 1565 return 0; 1566 1567 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1568 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1569 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1570 rc = smk_bu_file(file, MAY_LOCK, rc); 1571 return rc; 1572 } 1573 1574 /** 1575 * smack_file_fcntl - Smack check on fcntl 1576 * @file: the object 1577 * @cmd: what action to check 1578 * @arg: unused 1579 * 1580 * Generally these operations are harmless. 1581 * File locking operations present an obvious mechanism 1582 * for passing information, so they require write access. 1583 * 1584 * Returns 0 if current has access, error code otherwise 1585 */ 1586 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1587 unsigned long arg) 1588 { 1589 struct smk_audit_info ad; 1590 int rc = 0; 1591 struct inode *inode = file_inode(file); 1592 1593 if (unlikely(IS_PRIVATE(inode))) 1594 return 0; 1595 1596 switch (cmd) { 1597 case F_GETLK: 1598 break; 1599 case F_SETLK: 1600 case F_SETLKW: 1601 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1602 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1603 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1604 rc = smk_bu_file(file, MAY_LOCK, rc); 1605 break; 1606 case F_SETOWN: 1607 case F_SETSIG: 1608 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1609 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1610 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1611 rc = smk_bu_file(file, MAY_WRITE, rc); 1612 break; 1613 default: 1614 break; 1615 } 1616 1617 return rc; 1618 } 1619 1620 /** 1621 * smack_mmap_file - Check permissions for a mmap operation. 1622 * @file: contains the file structure for file to map (may be NULL). 1623 * @reqprot: contains the protection requested by the application. 1624 * @prot: contains the protection that will be applied by the kernel. 1625 * @flags: contains the operational flags. 1626 * 1627 * The @file may be NULL, e.g. if mapping anonymous memory. 1628 * 1629 * Return 0 if permission is granted. 1630 */ 1631 static int smack_mmap_file(struct file *file, 1632 unsigned long reqprot, unsigned long prot, 1633 unsigned long flags) 1634 { 1635 struct smack_known *skp; 1636 struct smack_known *mkp; 1637 struct smack_rule *srp; 1638 struct task_smack *tsp; 1639 struct smack_known *okp; 1640 struct inode_smack *isp; 1641 struct superblock_smack *sbsp; 1642 int may; 1643 int mmay; 1644 int tmay; 1645 int rc; 1646 1647 if (file == NULL) 1648 return 0; 1649 1650 if (unlikely(IS_PRIVATE(file_inode(file)))) 1651 return 0; 1652 1653 isp = smack_inode(file_inode(file)); 1654 if (isp->smk_mmap == NULL) 1655 return 0; 1656 sbsp = smack_superblock(file_inode(file)->i_sb); 1657 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1658 isp->smk_mmap != sbsp->smk_root) 1659 return -EACCES; 1660 mkp = isp->smk_mmap; 1661 1662 tsp = smack_cred(current_cred()); 1663 skp = smk_of_current(); 1664 rc = 0; 1665 1666 rcu_read_lock(); 1667 /* 1668 * For each Smack rule associated with the subject 1669 * label verify that the SMACK64MMAP also has access 1670 * to that rule's object label. 1671 */ 1672 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1673 okp = srp->smk_object; 1674 /* 1675 * Matching labels always allows access. 1676 */ 1677 if (mkp->smk_known == okp->smk_known) 1678 continue; 1679 /* 1680 * If there is a matching local rule take 1681 * that into account as well. 1682 */ 1683 may = smk_access_entry(srp->smk_subject->smk_known, 1684 okp->smk_known, 1685 &tsp->smk_rules); 1686 if (may == -ENOENT) 1687 may = srp->smk_access; 1688 else 1689 may &= srp->smk_access; 1690 /* 1691 * If may is zero the SMACK64MMAP subject can't 1692 * possibly have less access. 1693 */ 1694 if (may == 0) 1695 continue; 1696 1697 /* 1698 * Fetch the global list entry. 1699 * If there isn't one a SMACK64MMAP subject 1700 * can't have as much access as current. 1701 */ 1702 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1703 &mkp->smk_rules); 1704 if (mmay == -ENOENT) { 1705 rc = -EACCES; 1706 break; 1707 } 1708 /* 1709 * If there is a local entry it modifies the 1710 * potential access, too. 1711 */ 1712 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1713 &tsp->smk_rules); 1714 if (tmay != -ENOENT) 1715 mmay &= tmay; 1716 1717 /* 1718 * If there is any access available to current that is 1719 * not available to a SMACK64MMAP subject 1720 * deny access. 1721 */ 1722 if ((may | mmay) != mmay) { 1723 rc = -EACCES; 1724 break; 1725 } 1726 } 1727 1728 rcu_read_unlock(); 1729 1730 return rc; 1731 } 1732 1733 /** 1734 * smack_file_set_fowner - set the file security blob value 1735 * @file: object in question 1736 * 1737 */ 1738 static void smack_file_set_fowner(struct file *file) 1739 { 1740 struct smack_known **blob = smack_file(file); 1741 1742 *blob = smk_of_current(); 1743 } 1744 1745 /** 1746 * smack_file_send_sigiotask - Smack on sigio 1747 * @tsk: The target task 1748 * @fown: the object the signal come from 1749 * @signum: unused 1750 * 1751 * Allow a privileged task to get signals even if it shouldn't 1752 * 1753 * Returns 0 if a subject with the object's smack could 1754 * write to the task, an error code otherwise. 1755 */ 1756 static int smack_file_send_sigiotask(struct task_struct *tsk, 1757 struct fown_struct *fown, int signum) 1758 { 1759 struct smack_known **blob; 1760 struct smack_known *skp; 1761 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1762 const struct cred *tcred; 1763 struct file *file; 1764 int rc; 1765 struct smk_audit_info ad; 1766 1767 /* 1768 * struct fown_struct is never outside the context of a struct file 1769 */ 1770 file = container_of(fown, struct file, f_owner); 1771 1772 /* we don't log here as rc can be overriden */ 1773 blob = smack_file(file); 1774 skp = *blob; 1775 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1776 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1777 1778 rcu_read_lock(); 1779 tcred = __task_cred(tsk); 1780 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1781 rc = 0; 1782 rcu_read_unlock(); 1783 1784 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1785 smk_ad_setfield_u_tsk(&ad, tsk); 1786 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1787 return rc; 1788 } 1789 1790 /** 1791 * smack_file_receive - Smack file receive check 1792 * @file: the object 1793 * 1794 * Returns 0 if current has access, error code otherwise 1795 */ 1796 static int smack_file_receive(struct file *file) 1797 { 1798 int rc; 1799 int may = 0; 1800 struct smk_audit_info ad; 1801 struct inode *inode = file_inode(file); 1802 struct socket *sock; 1803 struct task_smack *tsp; 1804 struct socket_smack *ssp; 1805 1806 if (unlikely(IS_PRIVATE(inode))) 1807 return 0; 1808 1809 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1810 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1811 1812 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1813 sock = SOCKET_I(inode); 1814 ssp = sock->sk->sk_security; 1815 tsp = smack_cred(current_cred()); 1816 /* 1817 * If the receiving process can't write to the 1818 * passed socket or if the passed socket can't 1819 * write to the receiving process don't accept 1820 * the passed socket. 1821 */ 1822 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1823 rc = smk_bu_file(file, may, rc); 1824 if (rc < 0) 1825 return rc; 1826 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1827 rc = smk_bu_file(file, may, rc); 1828 return rc; 1829 } 1830 /* 1831 * This code relies on bitmasks. 1832 */ 1833 if (file->f_mode & FMODE_READ) 1834 may = MAY_READ; 1835 if (file->f_mode & FMODE_WRITE) 1836 may |= MAY_WRITE; 1837 1838 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1839 rc = smk_bu_file(file, may, rc); 1840 return rc; 1841 } 1842 1843 /** 1844 * smack_file_open - Smack dentry open processing 1845 * @file: the object 1846 * 1847 * Set the security blob in the file structure. 1848 * Allow the open only if the task has read access. There are 1849 * many read operations (e.g. fstat) that you can do with an 1850 * fd even if you have the file open write-only. 1851 * 1852 * Returns 0 if current has access, error code otherwise 1853 */ 1854 static int smack_file_open(struct file *file) 1855 { 1856 struct task_smack *tsp = smack_cred(file->f_cred); 1857 struct inode *inode = file_inode(file); 1858 struct smk_audit_info ad; 1859 int rc; 1860 1861 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1862 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1863 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1864 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1865 1866 return rc; 1867 } 1868 1869 /* 1870 * Task hooks 1871 */ 1872 1873 /** 1874 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1875 * @cred: the new credentials 1876 * @gfp: the atomicity of any memory allocations 1877 * 1878 * Prepare a blank set of credentials for modification. This must allocate all 1879 * the memory the LSM module might require such that cred_transfer() can 1880 * complete without error. 1881 */ 1882 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1883 { 1884 init_task_smack(smack_cred(cred), NULL, NULL); 1885 return 0; 1886 } 1887 1888 1889 /** 1890 * smack_cred_free - "free" task-level security credentials 1891 * @cred: the credentials in question 1892 * 1893 */ 1894 static void smack_cred_free(struct cred *cred) 1895 { 1896 struct task_smack *tsp = smack_cred(cred); 1897 struct smack_rule *rp; 1898 struct list_head *l; 1899 struct list_head *n; 1900 1901 smk_destroy_label_list(&tsp->smk_relabel); 1902 1903 list_for_each_safe(l, n, &tsp->smk_rules) { 1904 rp = list_entry(l, struct smack_rule, list); 1905 list_del(&rp->list); 1906 kmem_cache_free(smack_rule_cache, rp); 1907 } 1908 } 1909 1910 /** 1911 * smack_cred_prepare - prepare new set of credentials for modification 1912 * @new: the new credentials 1913 * @old: the original credentials 1914 * @gfp: the atomicity of any memory allocations 1915 * 1916 * Prepare a new set of credentials for modification. 1917 */ 1918 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1919 gfp_t gfp) 1920 { 1921 struct task_smack *old_tsp = smack_cred(old); 1922 struct task_smack *new_tsp = smack_cred(new); 1923 int rc; 1924 1925 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1926 1927 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1928 if (rc != 0) 1929 return rc; 1930 1931 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1932 gfp); 1933 return rc; 1934 } 1935 1936 /** 1937 * smack_cred_transfer - Transfer the old credentials to the new credentials 1938 * @new: the new credentials 1939 * @old: the original credentials 1940 * 1941 * Fill in a set of blank credentials from another set of credentials. 1942 */ 1943 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1944 { 1945 struct task_smack *old_tsp = smack_cred(old); 1946 struct task_smack *new_tsp = smack_cred(new); 1947 1948 new_tsp->smk_task = old_tsp->smk_task; 1949 new_tsp->smk_forked = old_tsp->smk_task; 1950 mutex_init(&new_tsp->smk_rules_lock); 1951 INIT_LIST_HEAD(&new_tsp->smk_rules); 1952 1953 /* cbs copy rule list */ 1954 } 1955 1956 /** 1957 * smack_cred_getsecid - get the secid corresponding to a creds structure 1958 * @cred: the object creds 1959 * @secid: where to put the result 1960 * 1961 * Sets the secid to contain a u32 version of the smack label. 1962 */ 1963 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 1964 { 1965 struct smack_known *skp; 1966 1967 rcu_read_lock(); 1968 skp = smk_of_task(smack_cred(cred)); 1969 *secid = skp->smk_secid; 1970 rcu_read_unlock(); 1971 } 1972 1973 /** 1974 * smack_kernel_act_as - Set the subjective context in a set of credentials 1975 * @new: points to the set of credentials to be modified. 1976 * @secid: specifies the security ID to be set 1977 * 1978 * Set the security data for a kernel service. 1979 */ 1980 static int smack_kernel_act_as(struct cred *new, u32 secid) 1981 { 1982 struct task_smack *new_tsp = smack_cred(new); 1983 1984 new_tsp->smk_task = smack_from_secid(secid); 1985 return 0; 1986 } 1987 1988 /** 1989 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1990 * @new: points to the set of credentials to be modified 1991 * @inode: points to the inode to use as a reference 1992 * 1993 * Set the file creation context in a set of credentials to the same 1994 * as the objective context of the specified inode 1995 */ 1996 static int smack_kernel_create_files_as(struct cred *new, 1997 struct inode *inode) 1998 { 1999 struct inode_smack *isp = smack_inode(inode); 2000 struct task_smack *tsp = smack_cred(new); 2001 2002 tsp->smk_forked = isp->smk_inode; 2003 tsp->smk_task = tsp->smk_forked; 2004 return 0; 2005 } 2006 2007 /** 2008 * smk_curacc_on_task - helper to log task related access 2009 * @p: the task object 2010 * @access: the access requested 2011 * @caller: name of the calling function for audit 2012 * 2013 * Return 0 if access is permitted 2014 */ 2015 static int smk_curacc_on_task(struct task_struct *p, int access, 2016 const char *caller) 2017 { 2018 struct smk_audit_info ad; 2019 struct smack_known *skp = smk_of_task_struct_obj(p); 2020 int rc; 2021 2022 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2023 smk_ad_setfield_u_tsk(&ad, p); 2024 rc = smk_curacc(skp, access, &ad); 2025 rc = smk_bu_task(p, access, rc); 2026 return rc; 2027 } 2028 2029 /** 2030 * smack_task_setpgid - Smack check on setting pgid 2031 * @p: the task object 2032 * @pgid: unused 2033 * 2034 * Return 0 if write access is permitted 2035 */ 2036 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2037 { 2038 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2039 } 2040 2041 /** 2042 * smack_task_getpgid - Smack access check for getpgid 2043 * @p: the object task 2044 * 2045 * Returns 0 if current can read the object task, error code otherwise 2046 */ 2047 static int smack_task_getpgid(struct task_struct *p) 2048 { 2049 return smk_curacc_on_task(p, MAY_READ, __func__); 2050 } 2051 2052 /** 2053 * smack_task_getsid - Smack access check for getsid 2054 * @p: the object task 2055 * 2056 * Returns 0 if current can read the object task, error code otherwise 2057 */ 2058 static int smack_task_getsid(struct task_struct *p) 2059 { 2060 return smk_curacc_on_task(p, MAY_READ, __func__); 2061 } 2062 2063 /** 2064 * smack_current_getsecid_subj - get the subjective secid of the current task 2065 * @secid: where to put the result 2066 * 2067 * Sets the secid to contain a u32 version of the task's subjective smack label. 2068 */ 2069 static void smack_current_getsecid_subj(u32 *secid) 2070 { 2071 struct smack_known *skp = smk_of_current(); 2072 2073 *secid = skp->smk_secid; 2074 } 2075 2076 /** 2077 * smack_task_getsecid_obj - get the objective secid of the task 2078 * @p: the task 2079 * @secid: where to put the result 2080 * 2081 * Sets the secid to contain a u32 version of the task's objective smack label. 2082 */ 2083 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2084 { 2085 struct smack_known *skp = smk_of_task_struct_obj(p); 2086 2087 *secid = skp->smk_secid; 2088 } 2089 2090 /** 2091 * smack_task_setnice - Smack check on setting nice 2092 * @p: the task object 2093 * @nice: unused 2094 * 2095 * Return 0 if write access is permitted 2096 */ 2097 static int smack_task_setnice(struct task_struct *p, int nice) 2098 { 2099 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2100 } 2101 2102 /** 2103 * smack_task_setioprio - Smack check on setting ioprio 2104 * @p: the task object 2105 * @ioprio: unused 2106 * 2107 * Return 0 if write access is permitted 2108 */ 2109 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2110 { 2111 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2112 } 2113 2114 /** 2115 * smack_task_getioprio - Smack check on reading ioprio 2116 * @p: the task object 2117 * 2118 * Return 0 if read access is permitted 2119 */ 2120 static int smack_task_getioprio(struct task_struct *p) 2121 { 2122 return smk_curacc_on_task(p, MAY_READ, __func__); 2123 } 2124 2125 /** 2126 * smack_task_setscheduler - Smack check on setting scheduler 2127 * @p: the task object 2128 * 2129 * Return 0 if read access is permitted 2130 */ 2131 static int smack_task_setscheduler(struct task_struct *p) 2132 { 2133 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2134 } 2135 2136 /** 2137 * smack_task_getscheduler - Smack check on reading scheduler 2138 * @p: the task object 2139 * 2140 * Return 0 if read access is permitted 2141 */ 2142 static int smack_task_getscheduler(struct task_struct *p) 2143 { 2144 return smk_curacc_on_task(p, MAY_READ, __func__); 2145 } 2146 2147 /** 2148 * smack_task_movememory - Smack check on moving memory 2149 * @p: the task object 2150 * 2151 * Return 0 if write access is permitted 2152 */ 2153 static int smack_task_movememory(struct task_struct *p) 2154 { 2155 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2156 } 2157 2158 /** 2159 * smack_task_kill - Smack check on signal delivery 2160 * @p: the task object 2161 * @info: unused 2162 * @sig: unused 2163 * @cred: identifies the cred to use in lieu of current's 2164 * 2165 * Return 0 if write access is permitted 2166 * 2167 */ 2168 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2169 int sig, const struct cred *cred) 2170 { 2171 struct smk_audit_info ad; 2172 struct smack_known *skp; 2173 struct smack_known *tkp = smk_of_task_struct_obj(p); 2174 int rc; 2175 2176 if (!sig) 2177 return 0; /* null signal; existence test */ 2178 2179 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2180 smk_ad_setfield_u_tsk(&ad, p); 2181 /* 2182 * Sending a signal requires that the sender 2183 * can write the receiver. 2184 */ 2185 if (cred == NULL) { 2186 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2187 rc = smk_bu_task(p, MAY_DELIVER, rc); 2188 return rc; 2189 } 2190 /* 2191 * If the cred isn't NULL we're dealing with some USB IO 2192 * specific behavior. This is not clean. For one thing 2193 * we can't take privilege into account. 2194 */ 2195 skp = smk_of_task(smack_cred(cred)); 2196 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2197 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2198 return rc; 2199 } 2200 2201 /** 2202 * smack_task_to_inode - copy task smack into the inode blob 2203 * @p: task to copy from 2204 * @inode: inode to copy to 2205 * 2206 * Sets the smack pointer in the inode security blob 2207 */ 2208 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2209 { 2210 struct inode_smack *isp = smack_inode(inode); 2211 struct smack_known *skp = smk_of_task_struct_obj(p); 2212 2213 isp->smk_inode = skp; 2214 isp->smk_flags |= SMK_INODE_INSTANT; 2215 } 2216 2217 /* 2218 * Socket hooks. 2219 */ 2220 2221 /** 2222 * smack_sk_alloc_security - Allocate a socket blob 2223 * @sk: the socket 2224 * @family: unused 2225 * @gfp_flags: memory allocation flags 2226 * 2227 * Assign Smack pointers to current 2228 * 2229 * Returns 0 on success, -ENOMEM is there's no memory 2230 */ 2231 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2232 { 2233 struct smack_known *skp = smk_of_current(); 2234 struct socket_smack *ssp; 2235 2236 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2237 if (ssp == NULL) 2238 return -ENOMEM; 2239 2240 /* 2241 * Sockets created by kernel threads receive web label. 2242 */ 2243 if (unlikely(current->flags & PF_KTHREAD)) { 2244 ssp->smk_in = &smack_known_web; 2245 ssp->smk_out = &smack_known_web; 2246 } else { 2247 ssp->smk_in = skp; 2248 ssp->smk_out = skp; 2249 } 2250 ssp->smk_packet = NULL; 2251 2252 sk->sk_security = ssp; 2253 2254 return 0; 2255 } 2256 2257 /** 2258 * smack_sk_free_security - Free a socket blob 2259 * @sk: the socket 2260 * 2261 * Clears the blob pointer 2262 */ 2263 static void smack_sk_free_security(struct sock *sk) 2264 { 2265 #ifdef SMACK_IPV6_PORT_LABELING 2266 struct smk_port_label *spp; 2267 2268 if (sk->sk_family == PF_INET6) { 2269 rcu_read_lock(); 2270 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2271 if (spp->smk_sock != sk) 2272 continue; 2273 spp->smk_can_reuse = 1; 2274 break; 2275 } 2276 rcu_read_unlock(); 2277 } 2278 #endif 2279 kfree(sk->sk_security); 2280 } 2281 2282 /** 2283 * smack_ipv4host_label - check host based restrictions 2284 * @sip: the object end 2285 * 2286 * looks for host based access restrictions 2287 * 2288 * This version will only be appropriate for really small sets of single label 2289 * hosts. The caller is responsible for ensuring that the RCU read lock is 2290 * taken before calling this function. 2291 * 2292 * Returns the label of the far end or NULL if it's not special. 2293 */ 2294 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2295 { 2296 struct smk_net4addr *snp; 2297 struct in_addr *siap = &sip->sin_addr; 2298 2299 if (siap->s_addr == 0) 2300 return NULL; 2301 2302 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2303 /* 2304 * we break after finding the first match because 2305 * the list is sorted from longest to shortest mask 2306 * so we have found the most specific match 2307 */ 2308 if (snp->smk_host.s_addr == 2309 (siap->s_addr & snp->smk_mask.s_addr)) 2310 return snp->smk_label; 2311 2312 return NULL; 2313 } 2314 2315 /* 2316 * smk_ipv6_localhost - Check for local ipv6 host address 2317 * @sip: the address 2318 * 2319 * Returns boolean true if this is the localhost address 2320 */ 2321 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2322 { 2323 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2324 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2325 2326 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2327 ntohs(be16p[7]) == 1) 2328 return true; 2329 return false; 2330 } 2331 2332 /** 2333 * smack_ipv6host_label - check host based restrictions 2334 * @sip: the object end 2335 * 2336 * looks for host based access restrictions 2337 * 2338 * This version will only be appropriate for really small sets of single label 2339 * hosts. The caller is responsible for ensuring that the RCU read lock is 2340 * taken before calling this function. 2341 * 2342 * Returns the label of the far end or NULL if it's not special. 2343 */ 2344 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2345 { 2346 struct smk_net6addr *snp; 2347 struct in6_addr *sap = &sip->sin6_addr; 2348 int i; 2349 int found = 0; 2350 2351 /* 2352 * It's local. Don't look for a host label. 2353 */ 2354 if (smk_ipv6_localhost(sip)) 2355 return NULL; 2356 2357 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2358 /* 2359 * If the label is NULL the entry has 2360 * been renounced. Ignore it. 2361 */ 2362 if (snp->smk_label == NULL) 2363 continue; 2364 /* 2365 * we break after finding the first match because 2366 * the list is sorted from longest to shortest mask 2367 * so we have found the most specific match 2368 */ 2369 for (found = 1, i = 0; i < 8; i++) { 2370 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2371 snp->smk_host.s6_addr16[i]) { 2372 found = 0; 2373 break; 2374 } 2375 } 2376 if (found) 2377 return snp->smk_label; 2378 } 2379 2380 return NULL; 2381 } 2382 2383 /** 2384 * smack_netlbl_add - Set the secattr on a socket 2385 * @sk: the socket 2386 * 2387 * Attach the outbound smack value (smk_out) to the socket. 2388 * 2389 * Returns 0 on success or an error code 2390 */ 2391 static int smack_netlbl_add(struct sock *sk) 2392 { 2393 struct socket_smack *ssp = sk->sk_security; 2394 struct smack_known *skp = ssp->smk_out; 2395 int rc; 2396 2397 local_bh_disable(); 2398 bh_lock_sock_nested(sk); 2399 2400 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2401 switch (rc) { 2402 case 0: 2403 ssp->smk_state = SMK_NETLBL_LABELED; 2404 break; 2405 case -EDESTADDRREQ: 2406 ssp->smk_state = SMK_NETLBL_REQSKB; 2407 rc = 0; 2408 break; 2409 } 2410 2411 bh_unlock_sock(sk); 2412 local_bh_enable(); 2413 2414 return rc; 2415 } 2416 2417 /** 2418 * smack_netlbl_delete - Remove the secattr from a socket 2419 * @sk: the socket 2420 * 2421 * Remove the outbound smack value from a socket 2422 */ 2423 static void smack_netlbl_delete(struct sock *sk) 2424 { 2425 struct socket_smack *ssp = sk->sk_security; 2426 2427 /* 2428 * Take the label off the socket if one is set. 2429 */ 2430 if (ssp->smk_state != SMK_NETLBL_LABELED) 2431 return; 2432 2433 local_bh_disable(); 2434 bh_lock_sock_nested(sk); 2435 netlbl_sock_delattr(sk); 2436 bh_unlock_sock(sk); 2437 local_bh_enable(); 2438 ssp->smk_state = SMK_NETLBL_UNLABELED; 2439 } 2440 2441 /** 2442 * smk_ipv4_check - Perform IPv4 host access checks 2443 * @sk: the socket 2444 * @sap: the destination address 2445 * 2446 * Set the correct secattr for the given socket based on the destination 2447 * address and perform any outbound access checks needed. 2448 * 2449 * Returns 0 on success or an error code. 2450 * 2451 */ 2452 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2453 { 2454 struct smack_known *skp; 2455 int rc = 0; 2456 struct smack_known *hkp; 2457 struct socket_smack *ssp = sk->sk_security; 2458 struct smk_audit_info ad; 2459 2460 rcu_read_lock(); 2461 hkp = smack_ipv4host_label(sap); 2462 if (hkp != NULL) { 2463 #ifdef CONFIG_AUDIT 2464 struct lsm_network_audit net; 2465 2466 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2467 ad.a.u.net->family = sap->sin_family; 2468 ad.a.u.net->dport = sap->sin_port; 2469 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2470 #endif 2471 skp = ssp->smk_out; 2472 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2473 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2474 /* 2475 * Clear the socket netlabel if it's set. 2476 */ 2477 if (!rc) 2478 smack_netlbl_delete(sk); 2479 } 2480 rcu_read_unlock(); 2481 2482 return rc; 2483 } 2484 2485 /** 2486 * smk_ipv6_check - check Smack access 2487 * @subject: subject Smack label 2488 * @object: object Smack label 2489 * @address: address 2490 * @act: the action being taken 2491 * 2492 * Check an IPv6 access 2493 */ 2494 static int smk_ipv6_check(struct smack_known *subject, 2495 struct smack_known *object, 2496 struct sockaddr_in6 *address, int act) 2497 { 2498 #ifdef CONFIG_AUDIT 2499 struct lsm_network_audit net; 2500 #endif 2501 struct smk_audit_info ad; 2502 int rc; 2503 2504 #ifdef CONFIG_AUDIT 2505 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2506 ad.a.u.net->family = PF_INET6; 2507 ad.a.u.net->dport = address->sin6_port; 2508 if (act == SMK_RECEIVING) 2509 ad.a.u.net->v6info.saddr = address->sin6_addr; 2510 else 2511 ad.a.u.net->v6info.daddr = address->sin6_addr; 2512 #endif 2513 rc = smk_access(subject, object, MAY_WRITE, &ad); 2514 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2515 return rc; 2516 } 2517 2518 #ifdef SMACK_IPV6_PORT_LABELING 2519 /** 2520 * smk_ipv6_port_label - Smack port access table management 2521 * @sock: socket 2522 * @address: address 2523 * 2524 * Create or update the port list entry 2525 */ 2526 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2527 { 2528 struct sock *sk = sock->sk; 2529 struct sockaddr_in6 *addr6; 2530 struct socket_smack *ssp = sock->sk->sk_security; 2531 struct smk_port_label *spp; 2532 unsigned short port = 0; 2533 2534 if (address == NULL) { 2535 /* 2536 * This operation is changing the Smack information 2537 * on the bound socket. Take the changes to the port 2538 * as well. 2539 */ 2540 rcu_read_lock(); 2541 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2542 if (sk != spp->smk_sock) 2543 continue; 2544 spp->smk_in = ssp->smk_in; 2545 spp->smk_out = ssp->smk_out; 2546 rcu_read_unlock(); 2547 return; 2548 } 2549 /* 2550 * A NULL address is only used for updating existing 2551 * bound entries. If there isn't one, it's OK. 2552 */ 2553 rcu_read_unlock(); 2554 return; 2555 } 2556 2557 addr6 = (struct sockaddr_in6 *)address; 2558 port = ntohs(addr6->sin6_port); 2559 /* 2560 * This is a special case that is safely ignored. 2561 */ 2562 if (port == 0) 2563 return; 2564 2565 /* 2566 * Look for an existing port list entry. 2567 * This is an indication that a port is getting reused. 2568 */ 2569 rcu_read_lock(); 2570 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2571 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2572 continue; 2573 if (spp->smk_can_reuse != 1) { 2574 rcu_read_unlock(); 2575 return; 2576 } 2577 spp->smk_port = port; 2578 spp->smk_sock = sk; 2579 spp->smk_in = ssp->smk_in; 2580 spp->smk_out = ssp->smk_out; 2581 spp->smk_can_reuse = 0; 2582 rcu_read_unlock(); 2583 return; 2584 } 2585 rcu_read_unlock(); 2586 /* 2587 * A new port entry is required. 2588 */ 2589 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2590 if (spp == NULL) 2591 return; 2592 2593 spp->smk_port = port; 2594 spp->smk_sock = sk; 2595 spp->smk_in = ssp->smk_in; 2596 spp->smk_out = ssp->smk_out; 2597 spp->smk_sock_type = sock->type; 2598 spp->smk_can_reuse = 0; 2599 2600 mutex_lock(&smack_ipv6_lock); 2601 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2602 mutex_unlock(&smack_ipv6_lock); 2603 return; 2604 } 2605 2606 /** 2607 * smk_ipv6_port_check - check Smack port access 2608 * @sk: socket 2609 * @address: address 2610 * @act: the action being taken 2611 * 2612 * Create or update the port list entry 2613 */ 2614 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2615 int act) 2616 { 2617 struct smk_port_label *spp; 2618 struct socket_smack *ssp = sk->sk_security; 2619 struct smack_known *skp = NULL; 2620 unsigned short port; 2621 struct smack_known *object; 2622 2623 if (act == SMK_RECEIVING) { 2624 skp = smack_ipv6host_label(address); 2625 object = ssp->smk_in; 2626 } else { 2627 skp = ssp->smk_out; 2628 object = smack_ipv6host_label(address); 2629 } 2630 2631 /* 2632 * The other end is a single label host. 2633 */ 2634 if (skp != NULL && object != NULL) 2635 return smk_ipv6_check(skp, object, address, act); 2636 if (skp == NULL) 2637 skp = smack_net_ambient; 2638 if (object == NULL) 2639 object = smack_net_ambient; 2640 2641 /* 2642 * It's remote, so port lookup does no good. 2643 */ 2644 if (!smk_ipv6_localhost(address)) 2645 return smk_ipv6_check(skp, object, address, act); 2646 2647 /* 2648 * It's local so the send check has to have passed. 2649 */ 2650 if (act == SMK_RECEIVING) 2651 return 0; 2652 2653 port = ntohs(address->sin6_port); 2654 rcu_read_lock(); 2655 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2656 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2657 continue; 2658 object = spp->smk_in; 2659 if (act == SMK_CONNECTING) 2660 ssp->smk_packet = spp->smk_out; 2661 break; 2662 } 2663 rcu_read_unlock(); 2664 2665 return smk_ipv6_check(skp, object, address, act); 2666 } 2667 #endif 2668 2669 /** 2670 * smack_inode_setsecurity - set smack xattrs 2671 * @inode: the object 2672 * @name: attribute name 2673 * @value: attribute value 2674 * @size: size of the attribute 2675 * @flags: unused 2676 * 2677 * Sets the named attribute in the appropriate blob 2678 * 2679 * Returns 0 on success, or an error code 2680 */ 2681 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2682 const void *value, size_t size, int flags) 2683 { 2684 struct smack_known *skp; 2685 struct inode_smack *nsp = smack_inode(inode); 2686 struct socket_smack *ssp; 2687 struct socket *sock; 2688 int rc = 0; 2689 2690 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2691 return -EINVAL; 2692 2693 skp = smk_import_entry(value, size); 2694 if (IS_ERR(skp)) 2695 return PTR_ERR(skp); 2696 2697 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2698 nsp->smk_inode = skp; 2699 nsp->smk_flags |= SMK_INODE_INSTANT; 2700 return 0; 2701 } 2702 /* 2703 * The rest of the Smack xattrs are only on sockets. 2704 */ 2705 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2706 return -EOPNOTSUPP; 2707 2708 sock = SOCKET_I(inode); 2709 if (sock == NULL || sock->sk == NULL) 2710 return -EOPNOTSUPP; 2711 2712 ssp = sock->sk->sk_security; 2713 2714 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2715 ssp->smk_in = skp; 2716 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2717 ssp->smk_out = skp; 2718 if (sock->sk->sk_family == PF_INET) { 2719 rc = smack_netlbl_add(sock->sk); 2720 if (rc != 0) 2721 printk(KERN_WARNING 2722 "Smack: \"%s\" netlbl error %d.\n", 2723 __func__, -rc); 2724 } 2725 } else 2726 return -EOPNOTSUPP; 2727 2728 #ifdef SMACK_IPV6_PORT_LABELING 2729 if (sock->sk->sk_family == PF_INET6) 2730 smk_ipv6_port_label(sock, NULL); 2731 #endif 2732 2733 return 0; 2734 } 2735 2736 /** 2737 * smack_socket_post_create - finish socket setup 2738 * @sock: the socket 2739 * @family: protocol family 2740 * @type: unused 2741 * @protocol: unused 2742 * @kern: unused 2743 * 2744 * Sets the netlabel information on the socket 2745 * 2746 * Returns 0 on success, and error code otherwise 2747 */ 2748 static int smack_socket_post_create(struct socket *sock, int family, 2749 int type, int protocol, int kern) 2750 { 2751 struct socket_smack *ssp; 2752 2753 if (sock->sk == NULL) 2754 return 0; 2755 2756 /* 2757 * Sockets created by kernel threads receive web label. 2758 */ 2759 if (unlikely(current->flags & PF_KTHREAD)) { 2760 ssp = sock->sk->sk_security; 2761 ssp->smk_in = &smack_known_web; 2762 ssp->smk_out = &smack_known_web; 2763 } 2764 2765 if (family != PF_INET) 2766 return 0; 2767 /* 2768 * Set the outbound netlbl. 2769 */ 2770 return smack_netlbl_add(sock->sk); 2771 } 2772 2773 /** 2774 * smack_socket_socketpair - create socket pair 2775 * @socka: one socket 2776 * @sockb: another socket 2777 * 2778 * Cross reference the peer labels for SO_PEERSEC 2779 * 2780 * Returns 0 2781 */ 2782 static int smack_socket_socketpair(struct socket *socka, 2783 struct socket *sockb) 2784 { 2785 struct socket_smack *asp = socka->sk->sk_security; 2786 struct socket_smack *bsp = sockb->sk->sk_security; 2787 2788 asp->smk_packet = bsp->smk_out; 2789 bsp->smk_packet = asp->smk_out; 2790 2791 return 0; 2792 } 2793 2794 #ifdef SMACK_IPV6_PORT_LABELING 2795 /** 2796 * smack_socket_bind - record port binding information. 2797 * @sock: the socket 2798 * @address: the port address 2799 * @addrlen: size of the address 2800 * 2801 * Records the label bound to a port. 2802 * 2803 * Returns 0 on success, and error code otherwise 2804 */ 2805 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2806 int addrlen) 2807 { 2808 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2809 if (addrlen < SIN6_LEN_RFC2133 || 2810 address->sa_family != AF_INET6) 2811 return -EINVAL; 2812 smk_ipv6_port_label(sock, address); 2813 } 2814 return 0; 2815 } 2816 #endif /* SMACK_IPV6_PORT_LABELING */ 2817 2818 /** 2819 * smack_socket_connect - connect access check 2820 * @sock: the socket 2821 * @sap: the other end 2822 * @addrlen: size of sap 2823 * 2824 * Verifies that a connection may be possible 2825 * 2826 * Returns 0 on success, and error code otherwise 2827 */ 2828 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2829 int addrlen) 2830 { 2831 int rc = 0; 2832 2833 if (sock->sk == NULL) 2834 return 0; 2835 if (sock->sk->sk_family != PF_INET && 2836 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2837 return 0; 2838 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2839 return 0; 2840 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2841 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2842 struct smack_known *rsp = NULL; 2843 2844 if (addrlen < SIN6_LEN_RFC2133) 2845 return 0; 2846 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2847 rsp = smack_ipv6host_label(sip); 2848 if (rsp != NULL) { 2849 struct socket_smack *ssp = sock->sk->sk_security; 2850 2851 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2852 SMK_CONNECTING); 2853 } 2854 #ifdef SMACK_IPV6_PORT_LABELING 2855 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2856 #endif 2857 2858 return rc; 2859 } 2860 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2861 return 0; 2862 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 2863 return rc; 2864 } 2865 2866 /** 2867 * smack_flags_to_may - convert S_ to MAY_ values 2868 * @flags: the S_ value 2869 * 2870 * Returns the equivalent MAY_ value 2871 */ 2872 static int smack_flags_to_may(int flags) 2873 { 2874 int may = 0; 2875 2876 if (flags & S_IRUGO) 2877 may |= MAY_READ; 2878 if (flags & S_IWUGO) 2879 may |= MAY_WRITE; 2880 if (flags & S_IXUGO) 2881 may |= MAY_EXEC; 2882 2883 return may; 2884 } 2885 2886 /** 2887 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2888 * @msg: the object 2889 * 2890 * Returns 0 2891 */ 2892 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2893 { 2894 struct smack_known **blob = smack_msg_msg(msg); 2895 2896 *blob = smk_of_current(); 2897 return 0; 2898 } 2899 2900 /** 2901 * smack_of_ipc - the smack pointer for the ipc 2902 * @isp: the object 2903 * 2904 * Returns a pointer to the smack value 2905 */ 2906 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2907 { 2908 struct smack_known **blob = smack_ipc(isp); 2909 2910 return *blob; 2911 } 2912 2913 /** 2914 * smack_ipc_alloc_security - Set the security blob for ipc 2915 * @isp: the object 2916 * 2917 * Returns 0 2918 */ 2919 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 2920 { 2921 struct smack_known **blob = smack_ipc(isp); 2922 2923 *blob = smk_of_current(); 2924 return 0; 2925 } 2926 2927 /** 2928 * smk_curacc_shm : check if current has access on shm 2929 * @isp : the object 2930 * @access : access requested 2931 * 2932 * Returns 0 if current has the requested access, error code otherwise 2933 */ 2934 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 2935 { 2936 struct smack_known *ssp = smack_of_ipc(isp); 2937 struct smk_audit_info ad; 2938 int rc; 2939 2940 #ifdef CONFIG_AUDIT 2941 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2942 ad.a.u.ipc_id = isp->id; 2943 #endif 2944 rc = smk_curacc(ssp, access, &ad); 2945 rc = smk_bu_current("shm", ssp, access, rc); 2946 return rc; 2947 } 2948 2949 /** 2950 * smack_shm_associate - Smack access check for shm 2951 * @isp: the object 2952 * @shmflg: access requested 2953 * 2954 * Returns 0 if current has the requested access, error code otherwise 2955 */ 2956 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 2957 { 2958 int may; 2959 2960 may = smack_flags_to_may(shmflg); 2961 return smk_curacc_shm(isp, may); 2962 } 2963 2964 /** 2965 * smack_shm_shmctl - Smack access check for shm 2966 * @isp: the object 2967 * @cmd: what it wants to do 2968 * 2969 * Returns 0 if current has the requested access, error code otherwise 2970 */ 2971 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 2972 { 2973 int may; 2974 2975 switch (cmd) { 2976 case IPC_STAT: 2977 case SHM_STAT: 2978 case SHM_STAT_ANY: 2979 may = MAY_READ; 2980 break; 2981 case IPC_SET: 2982 case SHM_LOCK: 2983 case SHM_UNLOCK: 2984 case IPC_RMID: 2985 may = MAY_READWRITE; 2986 break; 2987 case IPC_INFO: 2988 case SHM_INFO: 2989 /* 2990 * System level information. 2991 */ 2992 return 0; 2993 default: 2994 return -EINVAL; 2995 } 2996 return smk_curacc_shm(isp, may); 2997 } 2998 2999 /** 3000 * smack_shm_shmat - Smack access for shmat 3001 * @isp: the object 3002 * @shmaddr: unused 3003 * @shmflg: access requested 3004 * 3005 * Returns 0 if current has the requested access, error code otherwise 3006 */ 3007 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3008 int shmflg) 3009 { 3010 int may; 3011 3012 may = smack_flags_to_may(shmflg); 3013 return smk_curacc_shm(isp, may); 3014 } 3015 3016 /** 3017 * smk_curacc_sem : check if current has access on sem 3018 * @isp : the object 3019 * @access : access requested 3020 * 3021 * Returns 0 if current has the requested access, error code otherwise 3022 */ 3023 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3024 { 3025 struct smack_known *ssp = smack_of_ipc(isp); 3026 struct smk_audit_info ad; 3027 int rc; 3028 3029 #ifdef CONFIG_AUDIT 3030 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3031 ad.a.u.ipc_id = isp->id; 3032 #endif 3033 rc = smk_curacc(ssp, access, &ad); 3034 rc = smk_bu_current("sem", ssp, access, rc); 3035 return rc; 3036 } 3037 3038 /** 3039 * smack_sem_associate - Smack access check for sem 3040 * @isp: the object 3041 * @semflg: access requested 3042 * 3043 * Returns 0 if current has the requested access, error code otherwise 3044 */ 3045 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3046 { 3047 int may; 3048 3049 may = smack_flags_to_may(semflg); 3050 return smk_curacc_sem(isp, may); 3051 } 3052 3053 /** 3054 * smack_sem_semctl - Smack access check for sem 3055 * @isp: the object 3056 * @cmd: what it wants to do 3057 * 3058 * Returns 0 if current has the requested access, error code otherwise 3059 */ 3060 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3061 { 3062 int may; 3063 3064 switch (cmd) { 3065 case GETPID: 3066 case GETNCNT: 3067 case GETZCNT: 3068 case GETVAL: 3069 case GETALL: 3070 case IPC_STAT: 3071 case SEM_STAT: 3072 case SEM_STAT_ANY: 3073 may = MAY_READ; 3074 break; 3075 case SETVAL: 3076 case SETALL: 3077 case IPC_RMID: 3078 case IPC_SET: 3079 may = MAY_READWRITE; 3080 break; 3081 case IPC_INFO: 3082 case SEM_INFO: 3083 /* 3084 * System level information 3085 */ 3086 return 0; 3087 default: 3088 return -EINVAL; 3089 } 3090 3091 return smk_curacc_sem(isp, may); 3092 } 3093 3094 /** 3095 * smack_sem_semop - Smack checks of semaphore operations 3096 * @isp: the object 3097 * @sops: unused 3098 * @nsops: unused 3099 * @alter: unused 3100 * 3101 * Treated as read and write in all cases. 3102 * 3103 * Returns 0 if access is allowed, error code otherwise 3104 */ 3105 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3106 unsigned nsops, int alter) 3107 { 3108 return smk_curacc_sem(isp, MAY_READWRITE); 3109 } 3110 3111 /** 3112 * smk_curacc_msq : helper to check if current has access on msq 3113 * @isp : the msq 3114 * @access : access requested 3115 * 3116 * return 0 if current has access, error otherwise 3117 */ 3118 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3119 { 3120 struct smack_known *msp = smack_of_ipc(isp); 3121 struct smk_audit_info ad; 3122 int rc; 3123 3124 #ifdef CONFIG_AUDIT 3125 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3126 ad.a.u.ipc_id = isp->id; 3127 #endif 3128 rc = smk_curacc(msp, access, &ad); 3129 rc = smk_bu_current("msq", msp, access, rc); 3130 return rc; 3131 } 3132 3133 /** 3134 * smack_msg_queue_associate - Smack access check for msg_queue 3135 * @isp: the object 3136 * @msqflg: access requested 3137 * 3138 * Returns 0 if current has the requested access, error code otherwise 3139 */ 3140 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3141 { 3142 int may; 3143 3144 may = smack_flags_to_may(msqflg); 3145 return smk_curacc_msq(isp, may); 3146 } 3147 3148 /** 3149 * smack_msg_queue_msgctl - Smack access check for msg_queue 3150 * @isp: the object 3151 * @cmd: what it wants to do 3152 * 3153 * Returns 0 if current has the requested access, error code otherwise 3154 */ 3155 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3156 { 3157 int may; 3158 3159 switch (cmd) { 3160 case IPC_STAT: 3161 case MSG_STAT: 3162 case MSG_STAT_ANY: 3163 may = MAY_READ; 3164 break; 3165 case IPC_SET: 3166 case IPC_RMID: 3167 may = MAY_READWRITE; 3168 break; 3169 case IPC_INFO: 3170 case MSG_INFO: 3171 /* 3172 * System level information 3173 */ 3174 return 0; 3175 default: 3176 return -EINVAL; 3177 } 3178 3179 return smk_curacc_msq(isp, may); 3180 } 3181 3182 /** 3183 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3184 * @isp: the object 3185 * @msg: unused 3186 * @msqflg: access requested 3187 * 3188 * Returns 0 if current has the requested access, error code otherwise 3189 */ 3190 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3191 int msqflg) 3192 { 3193 int may; 3194 3195 may = smack_flags_to_may(msqflg); 3196 return smk_curacc_msq(isp, may); 3197 } 3198 3199 /** 3200 * smack_msg_queue_msgrcv - Smack access check for msg_queue 3201 * @isp: the object 3202 * @msg: unused 3203 * @target: unused 3204 * @type: unused 3205 * @mode: unused 3206 * 3207 * Returns 0 if current has read and write access, error code otherwise 3208 */ 3209 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, 3210 struct msg_msg *msg, 3211 struct task_struct *target, long type, 3212 int mode) 3213 { 3214 return smk_curacc_msq(isp, MAY_READWRITE); 3215 } 3216 3217 /** 3218 * smack_ipc_permission - Smack access for ipc_permission() 3219 * @ipp: the object permissions 3220 * @flag: access requested 3221 * 3222 * Returns 0 if current has read and write access, error code otherwise 3223 */ 3224 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3225 { 3226 struct smack_known **blob = smack_ipc(ipp); 3227 struct smack_known *iskp = *blob; 3228 int may = smack_flags_to_may(flag); 3229 struct smk_audit_info ad; 3230 int rc; 3231 3232 #ifdef CONFIG_AUDIT 3233 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3234 ad.a.u.ipc_id = ipp->id; 3235 #endif 3236 rc = smk_curacc(iskp, may, &ad); 3237 rc = smk_bu_current("svipc", iskp, may, rc); 3238 return rc; 3239 } 3240 3241 /** 3242 * smack_ipc_getsecid - Extract smack security id 3243 * @ipp: the object permissions 3244 * @secid: where result will be saved 3245 */ 3246 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3247 { 3248 struct smack_known **blob = smack_ipc(ipp); 3249 struct smack_known *iskp = *blob; 3250 3251 *secid = iskp->smk_secid; 3252 } 3253 3254 /** 3255 * smack_d_instantiate - Make sure the blob is correct on an inode 3256 * @opt_dentry: dentry where inode will be attached 3257 * @inode: the object 3258 * 3259 * Set the inode's security blob if it hasn't been done already. 3260 */ 3261 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3262 { 3263 struct super_block *sbp; 3264 struct superblock_smack *sbsp; 3265 struct inode_smack *isp; 3266 struct smack_known *skp; 3267 struct smack_known *ckp = smk_of_current(); 3268 struct smack_known *final; 3269 char trattr[TRANS_TRUE_SIZE]; 3270 int transflag = 0; 3271 int rc; 3272 struct dentry *dp; 3273 3274 if (inode == NULL) 3275 return; 3276 3277 isp = smack_inode(inode); 3278 3279 /* 3280 * If the inode is already instantiated 3281 * take the quick way out 3282 */ 3283 if (isp->smk_flags & SMK_INODE_INSTANT) 3284 return; 3285 3286 sbp = inode->i_sb; 3287 sbsp = smack_superblock(sbp); 3288 /* 3289 * We're going to use the superblock default label 3290 * if there's no label on the file. 3291 */ 3292 final = sbsp->smk_default; 3293 3294 /* 3295 * If this is the root inode the superblock 3296 * may be in the process of initialization. 3297 * If that is the case use the root value out 3298 * of the superblock. 3299 */ 3300 if (opt_dentry->d_parent == opt_dentry) { 3301 switch (sbp->s_magic) { 3302 case CGROUP_SUPER_MAGIC: 3303 case CGROUP2_SUPER_MAGIC: 3304 /* 3305 * The cgroup filesystem is never mounted, 3306 * so there's no opportunity to set the mount 3307 * options. 3308 */ 3309 sbsp->smk_root = &smack_known_star; 3310 sbsp->smk_default = &smack_known_star; 3311 isp->smk_inode = sbsp->smk_root; 3312 break; 3313 case TMPFS_MAGIC: 3314 /* 3315 * What about shmem/tmpfs anonymous files with dentry 3316 * obtained from d_alloc_pseudo()? 3317 */ 3318 isp->smk_inode = smk_of_current(); 3319 break; 3320 case PIPEFS_MAGIC: 3321 isp->smk_inode = smk_of_current(); 3322 break; 3323 case SOCKFS_MAGIC: 3324 /* 3325 * Socket access is controlled by the socket 3326 * structures associated with the task involved. 3327 */ 3328 isp->smk_inode = &smack_known_star; 3329 break; 3330 default: 3331 isp->smk_inode = sbsp->smk_root; 3332 break; 3333 } 3334 isp->smk_flags |= SMK_INODE_INSTANT; 3335 return; 3336 } 3337 3338 /* 3339 * This is pretty hackish. 3340 * Casey says that we shouldn't have to do 3341 * file system specific code, but it does help 3342 * with keeping it simple. 3343 */ 3344 switch (sbp->s_magic) { 3345 case SMACK_MAGIC: 3346 case CGROUP_SUPER_MAGIC: 3347 case CGROUP2_SUPER_MAGIC: 3348 /* 3349 * Casey says that it's a little embarrassing 3350 * that the smack file system doesn't do 3351 * extended attributes. 3352 * 3353 * Cgroupfs is special 3354 */ 3355 final = &smack_known_star; 3356 break; 3357 case DEVPTS_SUPER_MAGIC: 3358 /* 3359 * devpts seems content with the label of the task. 3360 * Programs that change smack have to treat the 3361 * pty with respect. 3362 */ 3363 final = ckp; 3364 break; 3365 case PROC_SUPER_MAGIC: 3366 /* 3367 * Casey says procfs appears not to care. 3368 * The superblock default suffices. 3369 */ 3370 break; 3371 case TMPFS_MAGIC: 3372 /* 3373 * Device labels should come from the filesystem, 3374 * but watch out, because they're volitile, 3375 * getting recreated on every reboot. 3376 */ 3377 final = &smack_known_star; 3378 /* 3379 * If a smack value has been set we want to use it, 3380 * but since tmpfs isn't giving us the opportunity 3381 * to set mount options simulate setting the 3382 * superblock default. 3383 */ 3384 fallthrough; 3385 default: 3386 /* 3387 * This isn't an understood special case. 3388 * Get the value from the xattr. 3389 */ 3390 3391 /* 3392 * UNIX domain sockets use lower level socket data. 3393 */ 3394 if (S_ISSOCK(inode->i_mode)) { 3395 final = &smack_known_star; 3396 break; 3397 } 3398 /* 3399 * No xattr support means, alas, no SMACK label. 3400 * Use the aforeapplied default. 3401 * It would be curious if the label of the task 3402 * does not match that assigned. 3403 */ 3404 if (!(inode->i_opflags & IOP_XATTR)) 3405 break; 3406 /* 3407 * Get the dentry for xattr. 3408 */ 3409 dp = dget(opt_dentry); 3410 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3411 if (!IS_ERR_OR_NULL(skp)) 3412 final = skp; 3413 3414 /* 3415 * Transmuting directory 3416 */ 3417 if (S_ISDIR(inode->i_mode)) { 3418 /* 3419 * If this is a new directory and the label was 3420 * transmuted when the inode was initialized 3421 * set the transmute attribute on the directory 3422 * and mark the inode. 3423 * 3424 * If there is a transmute attribute on the 3425 * directory mark the inode. 3426 */ 3427 if (isp->smk_flags & SMK_INODE_CHANGED) { 3428 isp->smk_flags &= ~SMK_INODE_CHANGED; 3429 rc = __vfs_setxattr(&init_user_ns, dp, inode, 3430 XATTR_NAME_SMACKTRANSMUTE, 3431 TRANS_TRUE, TRANS_TRUE_SIZE, 3432 0); 3433 } else { 3434 rc = __vfs_getxattr(dp, inode, 3435 XATTR_NAME_SMACKTRANSMUTE, trattr, 3436 TRANS_TRUE_SIZE); 3437 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3438 TRANS_TRUE_SIZE) != 0) 3439 rc = -EINVAL; 3440 } 3441 if (rc >= 0) 3442 transflag = SMK_INODE_TRANSMUTE; 3443 } 3444 /* 3445 * Don't let the exec or mmap label be "*" or "@". 3446 */ 3447 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3448 if (IS_ERR(skp) || skp == &smack_known_star || 3449 skp == &smack_known_web) 3450 skp = NULL; 3451 isp->smk_task = skp; 3452 3453 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3454 if (IS_ERR(skp) || skp == &smack_known_star || 3455 skp == &smack_known_web) 3456 skp = NULL; 3457 isp->smk_mmap = skp; 3458 3459 dput(dp); 3460 break; 3461 } 3462 3463 if (final == NULL) 3464 isp->smk_inode = ckp; 3465 else 3466 isp->smk_inode = final; 3467 3468 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3469 3470 return; 3471 } 3472 3473 /** 3474 * smack_getprocattr - Smack process attribute access 3475 * @p: the object task 3476 * @name: the name of the attribute in /proc/.../attr 3477 * @value: where to put the result 3478 * 3479 * Places a copy of the task Smack into value 3480 * 3481 * Returns the length of the smack label or an error code 3482 */ 3483 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3484 { 3485 struct smack_known *skp = smk_of_task_struct_obj(p); 3486 char *cp; 3487 int slen; 3488 3489 if (strcmp(name, "current") != 0) 3490 return -EINVAL; 3491 3492 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3493 if (cp == NULL) 3494 return -ENOMEM; 3495 3496 slen = strlen(cp); 3497 *value = cp; 3498 return slen; 3499 } 3500 3501 /** 3502 * smack_setprocattr - Smack process attribute setting 3503 * @name: the name of the attribute in /proc/.../attr 3504 * @value: the value to set 3505 * @size: the size of the value 3506 * 3507 * Sets the Smack value of the task. Only setting self 3508 * is permitted and only with privilege 3509 * 3510 * Returns the length of the smack label or an error code 3511 */ 3512 static int smack_setprocattr(const char *name, void *value, size_t size) 3513 { 3514 struct task_smack *tsp = smack_cred(current_cred()); 3515 struct cred *new; 3516 struct smack_known *skp; 3517 struct smack_known_list_elem *sklep; 3518 int rc; 3519 3520 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3521 return -EPERM; 3522 3523 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3524 return -EINVAL; 3525 3526 if (strcmp(name, "current") != 0) 3527 return -EINVAL; 3528 3529 skp = smk_import_entry(value, size); 3530 if (IS_ERR(skp)) 3531 return PTR_ERR(skp); 3532 3533 /* 3534 * No process is ever allowed the web ("@") label 3535 * and the star ("*") label. 3536 */ 3537 if (skp == &smack_known_web || skp == &smack_known_star) 3538 return -EINVAL; 3539 3540 if (!smack_privileged(CAP_MAC_ADMIN)) { 3541 rc = -EPERM; 3542 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3543 if (sklep->smk_label == skp) { 3544 rc = 0; 3545 break; 3546 } 3547 if (rc) 3548 return rc; 3549 } 3550 3551 new = prepare_creds(); 3552 if (new == NULL) 3553 return -ENOMEM; 3554 3555 tsp = smack_cred(new); 3556 tsp->smk_task = skp; 3557 /* 3558 * process can change its label only once 3559 */ 3560 smk_destroy_label_list(&tsp->smk_relabel); 3561 3562 commit_creds(new); 3563 return size; 3564 } 3565 3566 /** 3567 * smack_unix_stream_connect - Smack access on UDS 3568 * @sock: one sock 3569 * @other: the other sock 3570 * @newsk: unused 3571 * 3572 * Return 0 if a subject with the smack of sock could access 3573 * an object with the smack of other, otherwise an error code 3574 */ 3575 static int smack_unix_stream_connect(struct sock *sock, 3576 struct sock *other, struct sock *newsk) 3577 { 3578 struct smack_known *skp; 3579 struct smack_known *okp; 3580 struct socket_smack *ssp = sock->sk_security; 3581 struct socket_smack *osp = other->sk_security; 3582 struct socket_smack *nsp = newsk->sk_security; 3583 struct smk_audit_info ad; 3584 int rc = 0; 3585 #ifdef CONFIG_AUDIT 3586 struct lsm_network_audit net; 3587 #endif 3588 3589 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3590 skp = ssp->smk_out; 3591 okp = osp->smk_in; 3592 #ifdef CONFIG_AUDIT 3593 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3594 smk_ad_setfield_u_net_sk(&ad, other); 3595 #endif 3596 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3597 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3598 if (rc == 0) { 3599 okp = osp->smk_out; 3600 skp = ssp->smk_in; 3601 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3602 rc = smk_bu_note("UDS connect", okp, skp, 3603 MAY_WRITE, rc); 3604 } 3605 } 3606 3607 /* 3608 * Cross reference the peer labels for SO_PEERSEC. 3609 */ 3610 if (rc == 0) { 3611 nsp->smk_packet = ssp->smk_out; 3612 ssp->smk_packet = osp->smk_out; 3613 } 3614 3615 return rc; 3616 } 3617 3618 /** 3619 * smack_unix_may_send - Smack access on UDS 3620 * @sock: one socket 3621 * @other: the other socket 3622 * 3623 * Return 0 if a subject with the smack of sock could access 3624 * an object with the smack of other, otherwise an error code 3625 */ 3626 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3627 { 3628 struct socket_smack *ssp = sock->sk->sk_security; 3629 struct socket_smack *osp = other->sk->sk_security; 3630 struct smk_audit_info ad; 3631 int rc; 3632 3633 #ifdef CONFIG_AUDIT 3634 struct lsm_network_audit net; 3635 3636 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3637 smk_ad_setfield_u_net_sk(&ad, other->sk); 3638 #endif 3639 3640 if (smack_privileged(CAP_MAC_OVERRIDE)) 3641 return 0; 3642 3643 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3644 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3645 return rc; 3646 } 3647 3648 /** 3649 * smack_socket_sendmsg - Smack check based on destination host 3650 * @sock: the socket 3651 * @msg: the message 3652 * @size: the size of the message 3653 * 3654 * Return 0 if the current subject can write to the destination host. 3655 * For IPv4 this is only a question if the destination is a single label host. 3656 * For IPv6 this is a check against the label of the port. 3657 */ 3658 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3659 int size) 3660 { 3661 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3662 #if IS_ENABLED(CONFIG_IPV6) 3663 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3664 #endif 3665 #ifdef SMACK_IPV6_SECMARK_LABELING 3666 struct socket_smack *ssp = sock->sk->sk_security; 3667 struct smack_known *rsp; 3668 #endif 3669 int rc = 0; 3670 3671 /* 3672 * Perfectly reasonable for this to be NULL 3673 */ 3674 if (sip == NULL) 3675 return 0; 3676 3677 switch (sock->sk->sk_family) { 3678 case AF_INET: 3679 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3680 sip->sin_family != AF_INET) 3681 return -EINVAL; 3682 rc = smk_ipv4_check(sock->sk, sip); 3683 break; 3684 #if IS_ENABLED(CONFIG_IPV6) 3685 case AF_INET6: 3686 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3687 sap->sin6_family != AF_INET6) 3688 return -EINVAL; 3689 #ifdef SMACK_IPV6_SECMARK_LABELING 3690 rsp = smack_ipv6host_label(sap); 3691 if (rsp != NULL) 3692 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3693 SMK_CONNECTING); 3694 #endif 3695 #ifdef SMACK_IPV6_PORT_LABELING 3696 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3697 #endif 3698 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3699 break; 3700 } 3701 return rc; 3702 } 3703 3704 /** 3705 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3706 * @sap: netlabel secattr 3707 * @ssp: socket security information 3708 * 3709 * Returns a pointer to a Smack label entry found on the label list. 3710 */ 3711 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3712 struct socket_smack *ssp) 3713 { 3714 struct smack_known *skp; 3715 int found = 0; 3716 int acat; 3717 int kcat; 3718 3719 /* 3720 * Netlabel found it in the cache. 3721 */ 3722 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3723 return (struct smack_known *)sap->cache->data; 3724 3725 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3726 /* 3727 * Looks like a fallback, which gives us a secid. 3728 */ 3729 return smack_from_secid(sap->attr.secid); 3730 3731 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3732 /* 3733 * Looks like a CIPSO packet. 3734 * If there are flags but no level netlabel isn't 3735 * behaving the way we expect it to. 3736 * 3737 * Look it up in the label table 3738 * Without guidance regarding the smack value 3739 * for the packet fall back on the network 3740 * ambient value. 3741 */ 3742 rcu_read_lock(); 3743 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3744 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3745 continue; 3746 /* 3747 * Compare the catsets. Use the netlbl APIs. 3748 */ 3749 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3750 if ((skp->smk_netlabel.flags & 3751 NETLBL_SECATTR_MLS_CAT) == 0) 3752 found = 1; 3753 break; 3754 } 3755 for (acat = -1, kcat = -1; acat == kcat; ) { 3756 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3757 acat + 1); 3758 kcat = netlbl_catmap_walk( 3759 skp->smk_netlabel.attr.mls.cat, 3760 kcat + 1); 3761 if (acat < 0 || kcat < 0) 3762 break; 3763 } 3764 if (acat == kcat) { 3765 found = 1; 3766 break; 3767 } 3768 } 3769 rcu_read_unlock(); 3770 3771 if (found) 3772 return skp; 3773 3774 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3775 return &smack_known_web; 3776 return &smack_known_star; 3777 } 3778 /* 3779 * Without guidance regarding the smack value 3780 * for the packet fall back on the network 3781 * ambient value. 3782 */ 3783 return smack_net_ambient; 3784 } 3785 3786 #if IS_ENABLED(CONFIG_IPV6) 3787 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3788 { 3789 u8 nexthdr; 3790 int offset; 3791 int proto = -EINVAL; 3792 struct ipv6hdr _ipv6h; 3793 struct ipv6hdr *ip6; 3794 __be16 frag_off; 3795 struct tcphdr _tcph, *th; 3796 struct udphdr _udph, *uh; 3797 struct dccp_hdr _dccph, *dh; 3798 3799 sip->sin6_port = 0; 3800 3801 offset = skb_network_offset(skb); 3802 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3803 if (ip6 == NULL) 3804 return -EINVAL; 3805 sip->sin6_addr = ip6->saddr; 3806 3807 nexthdr = ip6->nexthdr; 3808 offset += sizeof(_ipv6h); 3809 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3810 if (offset < 0) 3811 return -EINVAL; 3812 3813 proto = nexthdr; 3814 switch (proto) { 3815 case IPPROTO_TCP: 3816 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3817 if (th != NULL) 3818 sip->sin6_port = th->source; 3819 break; 3820 case IPPROTO_UDP: 3821 case IPPROTO_UDPLITE: 3822 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3823 if (uh != NULL) 3824 sip->sin6_port = uh->source; 3825 break; 3826 case IPPROTO_DCCP: 3827 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3828 if (dh != NULL) 3829 sip->sin6_port = dh->dccph_sport; 3830 break; 3831 } 3832 return proto; 3833 } 3834 #endif /* CONFIG_IPV6 */ 3835 3836 /** 3837 * smack_from_skb - Smack data from the secmark in an skb 3838 * @skb: packet 3839 * 3840 * Returns smack_known of the secmark or NULL if that won't work. 3841 */ 3842 #ifdef CONFIG_NETWORK_SECMARK 3843 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3844 { 3845 if (skb == NULL || skb->secmark == 0) 3846 return NULL; 3847 3848 return smack_from_secid(skb->secmark); 3849 } 3850 #else 3851 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3852 { 3853 return NULL; 3854 } 3855 #endif 3856 3857 /** 3858 * smack_from_netlbl - Smack data from the IP options in an skb 3859 * @sk: socket data came in on 3860 * @family: address family 3861 * @skb: packet 3862 * 3863 * Find the Smack label in the IP options. If it hasn't been 3864 * added to the netlabel cache, add it here. 3865 * 3866 * Returns smack_known of the IP options or NULL if that won't work. 3867 */ 3868 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 3869 struct sk_buff *skb) 3870 { 3871 struct netlbl_lsm_secattr secattr; 3872 struct socket_smack *ssp = NULL; 3873 struct smack_known *skp = NULL; 3874 3875 netlbl_secattr_init(&secattr); 3876 3877 if (sk) 3878 ssp = sk->sk_security; 3879 3880 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 3881 skp = smack_from_secattr(&secattr, ssp); 3882 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 3883 netlbl_cache_add(skb, family, &skp->smk_netlabel); 3884 } 3885 3886 netlbl_secattr_destroy(&secattr); 3887 3888 return skp; 3889 } 3890 3891 /** 3892 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3893 * @sk: socket 3894 * @skb: packet 3895 * 3896 * Returns 0 if the packet should be delivered, an error code otherwise 3897 */ 3898 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3899 { 3900 struct socket_smack *ssp = sk->sk_security; 3901 struct smack_known *skp = NULL; 3902 int rc = 0; 3903 struct smk_audit_info ad; 3904 u16 family = sk->sk_family; 3905 #ifdef CONFIG_AUDIT 3906 struct lsm_network_audit net; 3907 #endif 3908 #if IS_ENABLED(CONFIG_IPV6) 3909 struct sockaddr_in6 sadd; 3910 int proto; 3911 3912 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3913 family = PF_INET; 3914 #endif /* CONFIG_IPV6 */ 3915 3916 switch (family) { 3917 case PF_INET: 3918 /* 3919 * If there is a secmark use it rather than the CIPSO label. 3920 * If there is no secmark fall back to CIPSO. 3921 * The secmark is assumed to reflect policy better. 3922 */ 3923 skp = smack_from_skb(skb); 3924 if (skp == NULL) { 3925 skp = smack_from_netlbl(sk, family, skb); 3926 if (skp == NULL) 3927 skp = smack_net_ambient; 3928 } 3929 3930 #ifdef CONFIG_AUDIT 3931 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3932 ad.a.u.net->family = family; 3933 ad.a.u.net->netif = skb->skb_iif; 3934 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3935 #endif 3936 /* 3937 * Receiving a packet requires that the other end 3938 * be able to write here. Read access is not required. 3939 * This is the simplist possible security model 3940 * for networking. 3941 */ 3942 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3943 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3944 MAY_WRITE, rc); 3945 if (rc != 0) 3946 netlbl_skbuff_err(skb, family, rc, 0); 3947 break; 3948 #if IS_ENABLED(CONFIG_IPV6) 3949 case PF_INET6: 3950 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3951 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3952 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 3953 break; 3954 #ifdef SMACK_IPV6_SECMARK_LABELING 3955 skp = smack_from_skb(skb); 3956 if (skp == NULL) { 3957 if (smk_ipv6_localhost(&sadd)) 3958 break; 3959 skp = smack_ipv6host_label(&sadd); 3960 if (skp == NULL) 3961 skp = smack_net_ambient; 3962 } 3963 #ifdef CONFIG_AUDIT 3964 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3965 ad.a.u.net->family = family; 3966 ad.a.u.net->netif = skb->skb_iif; 3967 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3968 #endif /* CONFIG_AUDIT */ 3969 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3970 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3971 MAY_WRITE, rc); 3972 #endif /* SMACK_IPV6_SECMARK_LABELING */ 3973 #ifdef SMACK_IPV6_PORT_LABELING 3974 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3975 #endif /* SMACK_IPV6_PORT_LABELING */ 3976 if (rc != 0) 3977 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 3978 ICMPV6_ADM_PROHIBITED, 0); 3979 break; 3980 #endif /* CONFIG_IPV6 */ 3981 } 3982 3983 return rc; 3984 } 3985 3986 /** 3987 * smack_socket_getpeersec_stream - pull in packet label 3988 * @sock: the socket 3989 * @optval: user's destination 3990 * @optlen: size thereof 3991 * @len: max thereof 3992 * 3993 * returns zero on success, an error code otherwise 3994 */ 3995 static int smack_socket_getpeersec_stream(struct socket *sock, 3996 char __user *optval, 3997 int __user *optlen, unsigned len) 3998 { 3999 struct socket_smack *ssp; 4000 char *rcp = ""; 4001 int slen = 1; 4002 int rc = 0; 4003 4004 ssp = sock->sk->sk_security; 4005 if (ssp->smk_packet != NULL) { 4006 rcp = ssp->smk_packet->smk_known; 4007 slen = strlen(rcp) + 1; 4008 } 4009 4010 if (slen > len) 4011 rc = -ERANGE; 4012 else if (copy_to_user(optval, rcp, slen) != 0) 4013 rc = -EFAULT; 4014 4015 if (put_user(slen, optlen) != 0) 4016 rc = -EFAULT; 4017 4018 return rc; 4019 } 4020 4021 4022 /** 4023 * smack_socket_getpeersec_dgram - pull in packet label 4024 * @sock: the peer socket 4025 * @skb: packet data 4026 * @secid: pointer to where to put the secid of the packet 4027 * 4028 * Sets the netlabel socket state on sk from parent 4029 */ 4030 static int smack_socket_getpeersec_dgram(struct socket *sock, 4031 struct sk_buff *skb, u32 *secid) 4032 4033 { 4034 struct socket_smack *ssp = NULL; 4035 struct smack_known *skp; 4036 struct sock *sk = NULL; 4037 int family = PF_UNSPEC; 4038 u32 s = 0; /* 0 is the invalid secid */ 4039 4040 if (skb != NULL) { 4041 if (skb->protocol == htons(ETH_P_IP)) 4042 family = PF_INET; 4043 #if IS_ENABLED(CONFIG_IPV6) 4044 else if (skb->protocol == htons(ETH_P_IPV6)) 4045 family = PF_INET6; 4046 #endif /* CONFIG_IPV6 */ 4047 } 4048 if (family == PF_UNSPEC && sock != NULL) 4049 family = sock->sk->sk_family; 4050 4051 switch (family) { 4052 case PF_UNIX: 4053 ssp = sock->sk->sk_security; 4054 s = ssp->smk_out->smk_secid; 4055 break; 4056 case PF_INET: 4057 skp = smack_from_skb(skb); 4058 if (skp) { 4059 s = skp->smk_secid; 4060 break; 4061 } 4062 /* 4063 * Translate what netlabel gave us. 4064 */ 4065 if (sock != NULL) 4066 sk = sock->sk; 4067 skp = smack_from_netlbl(sk, family, skb); 4068 if (skp != NULL) 4069 s = skp->smk_secid; 4070 break; 4071 case PF_INET6: 4072 #ifdef SMACK_IPV6_SECMARK_LABELING 4073 skp = smack_from_skb(skb); 4074 if (skp) 4075 s = skp->smk_secid; 4076 #endif 4077 break; 4078 } 4079 *secid = s; 4080 if (s == 0) 4081 return -EINVAL; 4082 return 0; 4083 } 4084 4085 /** 4086 * smack_sock_graft - Initialize a newly created socket with an existing sock 4087 * @sk: child sock 4088 * @parent: parent socket 4089 * 4090 * Set the smk_{in,out} state of an existing sock based on the process that 4091 * is creating the new socket. 4092 */ 4093 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4094 { 4095 struct socket_smack *ssp; 4096 struct smack_known *skp = smk_of_current(); 4097 4098 if (sk == NULL || 4099 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4100 return; 4101 4102 ssp = sk->sk_security; 4103 ssp->smk_in = skp; 4104 ssp->smk_out = skp; 4105 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4106 } 4107 4108 /** 4109 * smack_inet_conn_request - Smack access check on connect 4110 * @sk: socket involved 4111 * @skb: packet 4112 * @req: unused 4113 * 4114 * Returns 0 if a task with the packet label could write to 4115 * the socket, otherwise an error code 4116 */ 4117 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4118 struct request_sock *req) 4119 { 4120 u16 family = sk->sk_family; 4121 struct smack_known *skp; 4122 struct socket_smack *ssp = sk->sk_security; 4123 struct sockaddr_in addr; 4124 struct iphdr *hdr; 4125 struct smack_known *hskp; 4126 int rc; 4127 struct smk_audit_info ad; 4128 #ifdef CONFIG_AUDIT 4129 struct lsm_network_audit net; 4130 #endif 4131 4132 #if IS_ENABLED(CONFIG_IPV6) 4133 if (family == PF_INET6) { 4134 /* 4135 * Handle mapped IPv4 packets arriving 4136 * via IPv6 sockets. Don't set up netlabel 4137 * processing on IPv6. 4138 */ 4139 if (skb->protocol == htons(ETH_P_IP)) 4140 family = PF_INET; 4141 else 4142 return 0; 4143 } 4144 #endif /* CONFIG_IPV6 */ 4145 4146 /* 4147 * If there is a secmark use it rather than the CIPSO label. 4148 * If there is no secmark fall back to CIPSO. 4149 * The secmark is assumed to reflect policy better. 4150 */ 4151 skp = smack_from_skb(skb); 4152 if (skp == NULL) { 4153 skp = smack_from_netlbl(sk, family, skb); 4154 if (skp == NULL) 4155 skp = &smack_known_huh; 4156 } 4157 4158 #ifdef CONFIG_AUDIT 4159 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4160 ad.a.u.net->family = family; 4161 ad.a.u.net->netif = skb->skb_iif; 4162 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4163 #endif 4164 /* 4165 * Receiving a packet requires that the other end be able to write 4166 * here. Read access is not required. 4167 */ 4168 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4169 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4170 if (rc != 0) 4171 return rc; 4172 4173 /* 4174 * Save the peer's label in the request_sock so we can later setup 4175 * smk_packet in the child socket so that SO_PEERCRED can report it. 4176 */ 4177 req->peer_secid = skp->smk_secid; 4178 4179 /* 4180 * We need to decide if we want to label the incoming connection here 4181 * if we do we only need to label the request_sock and the stack will 4182 * propagate the wire-label to the sock when it is created. 4183 */ 4184 hdr = ip_hdr(skb); 4185 addr.sin_addr.s_addr = hdr->saddr; 4186 rcu_read_lock(); 4187 hskp = smack_ipv4host_label(&addr); 4188 rcu_read_unlock(); 4189 4190 if (hskp == NULL) 4191 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4192 else 4193 netlbl_req_delattr(req); 4194 4195 return rc; 4196 } 4197 4198 /** 4199 * smack_inet_csk_clone - Copy the connection information to the new socket 4200 * @sk: the new socket 4201 * @req: the connection's request_sock 4202 * 4203 * Transfer the connection's peer label to the newly created socket. 4204 */ 4205 static void smack_inet_csk_clone(struct sock *sk, 4206 const struct request_sock *req) 4207 { 4208 struct socket_smack *ssp = sk->sk_security; 4209 struct smack_known *skp; 4210 4211 if (req->peer_secid != 0) { 4212 skp = smack_from_secid(req->peer_secid); 4213 ssp->smk_packet = skp; 4214 } else 4215 ssp->smk_packet = NULL; 4216 } 4217 4218 /* 4219 * Key management security hooks 4220 * 4221 * Casey has not tested key support very heavily. 4222 * The permission check is most likely too restrictive. 4223 * If you care about keys please have a look. 4224 */ 4225 #ifdef CONFIG_KEYS 4226 4227 /** 4228 * smack_key_alloc - Set the key security blob 4229 * @key: object 4230 * @cred: the credentials to use 4231 * @flags: unused 4232 * 4233 * No allocation required 4234 * 4235 * Returns 0 4236 */ 4237 static int smack_key_alloc(struct key *key, const struct cred *cred, 4238 unsigned long flags) 4239 { 4240 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4241 4242 key->security = skp; 4243 return 0; 4244 } 4245 4246 /** 4247 * smack_key_free - Clear the key security blob 4248 * @key: the object 4249 * 4250 * Clear the blob pointer 4251 */ 4252 static void smack_key_free(struct key *key) 4253 { 4254 key->security = NULL; 4255 } 4256 4257 /** 4258 * smack_key_permission - Smack access on a key 4259 * @key_ref: gets to the object 4260 * @cred: the credentials to use 4261 * @need_perm: requested key permission 4262 * 4263 * Return 0 if the task has read and write to the object, 4264 * an error code otherwise 4265 */ 4266 static int smack_key_permission(key_ref_t key_ref, 4267 const struct cred *cred, 4268 enum key_need_perm need_perm) 4269 { 4270 struct key *keyp; 4271 struct smk_audit_info ad; 4272 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4273 int request = 0; 4274 int rc; 4275 4276 /* 4277 * Validate requested permissions 4278 */ 4279 switch (need_perm) { 4280 case KEY_NEED_READ: 4281 case KEY_NEED_SEARCH: 4282 case KEY_NEED_VIEW: 4283 request |= MAY_READ; 4284 break; 4285 case KEY_NEED_WRITE: 4286 case KEY_NEED_LINK: 4287 case KEY_NEED_SETATTR: 4288 request |= MAY_WRITE; 4289 break; 4290 case KEY_NEED_UNSPECIFIED: 4291 case KEY_NEED_UNLINK: 4292 case KEY_SYSADMIN_OVERRIDE: 4293 case KEY_AUTHTOKEN_OVERRIDE: 4294 case KEY_DEFER_PERM_CHECK: 4295 return 0; 4296 default: 4297 return -EINVAL; 4298 } 4299 4300 keyp = key_ref_to_ptr(key_ref); 4301 if (keyp == NULL) 4302 return -EINVAL; 4303 /* 4304 * If the key hasn't been initialized give it access so that 4305 * it may do so. 4306 */ 4307 if (keyp->security == NULL) 4308 return 0; 4309 /* 4310 * This should not occur 4311 */ 4312 if (tkp == NULL) 4313 return -EACCES; 4314 4315 if (smack_privileged(CAP_MAC_OVERRIDE)) 4316 return 0; 4317 4318 #ifdef CONFIG_AUDIT 4319 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4320 ad.a.u.key_struct.key = keyp->serial; 4321 ad.a.u.key_struct.key_desc = keyp->description; 4322 #endif 4323 rc = smk_access(tkp, keyp->security, request, &ad); 4324 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4325 return rc; 4326 } 4327 4328 /* 4329 * smack_key_getsecurity - Smack label tagging the key 4330 * @key points to the key to be queried 4331 * @_buffer points to a pointer that should be set to point to the 4332 * resulting string (if no label or an error occurs). 4333 * Return the length of the string (including terminating NUL) or -ve if 4334 * an error. 4335 * May also return 0 (and a NULL buffer pointer) if there is no label. 4336 */ 4337 static int smack_key_getsecurity(struct key *key, char **_buffer) 4338 { 4339 struct smack_known *skp = key->security; 4340 size_t length; 4341 char *copy; 4342 4343 if (key->security == NULL) { 4344 *_buffer = NULL; 4345 return 0; 4346 } 4347 4348 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4349 if (copy == NULL) 4350 return -ENOMEM; 4351 length = strlen(copy) + 1; 4352 4353 *_buffer = copy; 4354 return length; 4355 } 4356 4357 4358 #ifdef CONFIG_KEY_NOTIFICATIONS 4359 /** 4360 * smack_watch_key - Smack access to watch a key for notifications. 4361 * @key: The key to be watched 4362 * 4363 * Return 0 if the @watch->cred has permission to read from the key object and 4364 * an error otherwise. 4365 */ 4366 static int smack_watch_key(struct key *key) 4367 { 4368 struct smk_audit_info ad; 4369 struct smack_known *tkp = smk_of_current(); 4370 int rc; 4371 4372 if (key == NULL) 4373 return -EINVAL; 4374 /* 4375 * If the key hasn't been initialized give it access so that 4376 * it may do so. 4377 */ 4378 if (key->security == NULL) 4379 return 0; 4380 /* 4381 * This should not occur 4382 */ 4383 if (tkp == NULL) 4384 return -EACCES; 4385 4386 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4387 return 0; 4388 4389 #ifdef CONFIG_AUDIT 4390 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4391 ad.a.u.key_struct.key = key->serial; 4392 ad.a.u.key_struct.key_desc = key->description; 4393 #endif 4394 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4395 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4396 return rc; 4397 } 4398 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4399 #endif /* CONFIG_KEYS */ 4400 4401 #ifdef CONFIG_WATCH_QUEUE 4402 /** 4403 * smack_post_notification - Smack access to post a notification to a queue 4404 * @w_cred: The credentials of the watcher. 4405 * @cred: The credentials of the event source (may be NULL). 4406 * @n: The notification message to be posted. 4407 */ 4408 static int smack_post_notification(const struct cred *w_cred, 4409 const struct cred *cred, 4410 struct watch_notification *n) 4411 { 4412 struct smk_audit_info ad; 4413 struct smack_known *subj, *obj; 4414 int rc; 4415 4416 /* Always let maintenance notifications through. */ 4417 if (n->type == WATCH_TYPE_META) 4418 return 0; 4419 4420 if (!cred) 4421 return 0; 4422 subj = smk_of_task(smack_cred(cred)); 4423 obj = smk_of_task(smack_cred(w_cred)); 4424 4425 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4426 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4427 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4428 return rc; 4429 } 4430 #endif /* CONFIG_WATCH_QUEUE */ 4431 4432 /* 4433 * Smack Audit hooks 4434 * 4435 * Audit requires a unique representation of each Smack specific 4436 * rule. This unique representation is used to distinguish the 4437 * object to be audited from remaining kernel objects and also 4438 * works as a glue between the audit hooks. 4439 * 4440 * Since repository entries are added but never deleted, we'll use 4441 * the smack_known label address related to the given audit rule as 4442 * the needed unique representation. This also better fits the smack 4443 * model where nearly everything is a label. 4444 */ 4445 #ifdef CONFIG_AUDIT 4446 4447 /** 4448 * smack_audit_rule_init - Initialize a smack audit rule 4449 * @field: audit rule fields given from user-space (audit.h) 4450 * @op: required testing operator (=, !=, >, <, ...) 4451 * @rulestr: smack label to be audited 4452 * @vrule: pointer to save our own audit rule representation 4453 * 4454 * Prepare to audit cases where (@field @op @rulestr) is true. 4455 * The label to be audited is created if necessay. 4456 */ 4457 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4458 { 4459 struct smack_known *skp; 4460 char **rule = (char **)vrule; 4461 *rule = NULL; 4462 4463 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4464 return -EINVAL; 4465 4466 if (op != Audit_equal && op != Audit_not_equal) 4467 return -EINVAL; 4468 4469 skp = smk_import_entry(rulestr, 0); 4470 if (IS_ERR(skp)) 4471 return PTR_ERR(skp); 4472 4473 *rule = skp->smk_known; 4474 4475 return 0; 4476 } 4477 4478 /** 4479 * smack_audit_rule_known - Distinguish Smack audit rules 4480 * @krule: rule of interest, in Audit kernel representation format 4481 * 4482 * This is used to filter Smack rules from remaining Audit ones. 4483 * If it's proved that this rule belongs to us, the 4484 * audit_rule_match hook will be called to do the final judgement. 4485 */ 4486 static int smack_audit_rule_known(struct audit_krule *krule) 4487 { 4488 struct audit_field *f; 4489 int i; 4490 4491 for (i = 0; i < krule->field_count; i++) { 4492 f = &krule->fields[i]; 4493 4494 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4495 return 1; 4496 } 4497 4498 return 0; 4499 } 4500 4501 /** 4502 * smack_audit_rule_match - Audit given object ? 4503 * @secid: security id for identifying the object to test 4504 * @field: audit rule flags given from user-space 4505 * @op: required testing operator 4506 * @vrule: smack internal rule presentation 4507 * 4508 * The core Audit hook. It's used to take the decision of 4509 * whether to audit or not to audit a given object. 4510 */ 4511 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4512 { 4513 struct smack_known *skp; 4514 char *rule = vrule; 4515 4516 if (unlikely(!rule)) { 4517 WARN_ONCE(1, "Smack: missing rule\n"); 4518 return -ENOENT; 4519 } 4520 4521 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4522 return 0; 4523 4524 skp = smack_from_secid(secid); 4525 4526 /* 4527 * No need to do string comparisons. If a match occurs, 4528 * both pointers will point to the same smack_known 4529 * label. 4530 */ 4531 if (op == Audit_equal) 4532 return (rule == skp->smk_known); 4533 if (op == Audit_not_equal) 4534 return (rule != skp->smk_known); 4535 4536 return 0; 4537 } 4538 4539 /* 4540 * There is no need for a smack_audit_rule_free hook. 4541 * No memory was allocated. 4542 */ 4543 4544 #endif /* CONFIG_AUDIT */ 4545 4546 /** 4547 * smack_ismaclabel - check if xattr @name references a smack MAC label 4548 * @name: Full xattr name to check. 4549 */ 4550 static int smack_ismaclabel(const char *name) 4551 { 4552 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4553 } 4554 4555 4556 /** 4557 * smack_secid_to_secctx - return the smack label for a secid 4558 * @secid: incoming integer 4559 * @secdata: destination 4560 * @seclen: how long it is 4561 * 4562 * Exists for networking code. 4563 */ 4564 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4565 { 4566 struct smack_known *skp = smack_from_secid(secid); 4567 4568 if (secdata) 4569 *secdata = skp->smk_known; 4570 *seclen = strlen(skp->smk_known); 4571 return 0; 4572 } 4573 4574 /** 4575 * smack_secctx_to_secid - return the secid for a smack label 4576 * @secdata: smack label 4577 * @seclen: how long result is 4578 * @secid: outgoing integer 4579 * 4580 * Exists for audit and networking code. 4581 */ 4582 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4583 { 4584 struct smack_known *skp = smk_find_entry(secdata); 4585 4586 if (skp) 4587 *secid = skp->smk_secid; 4588 else 4589 *secid = 0; 4590 return 0; 4591 } 4592 4593 /* 4594 * There used to be a smack_release_secctx hook 4595 * that did nothing back when hooks were in a vector. 4596 * Now that there's a list such a hook adds cost. 4597 */ 4598 4599 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4600 { 4601 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4602 ctxlen, 0); 4603 } 4604 4605 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4606 { 4607 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK, 4608 ctx, ctxlen, 0); 4609 } 4610 4611 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4612 { 4613 struct smack_known *skp = smk_of_inode(inode); 4614 4615 *ctx = skp->smk_known; 4616 *ctxlen = strlen(skp->smk_known); 4617 return 0; 4618 } 4619 4620 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4621 { 4622 4623 struct task_smack *tsp; 4624 struct smack_known *skp; 4625 struct inode_smack *isp; 4626 struct cred *new_creds = *new; 4627 4628 if (new_creds == NULL) { 4629 new_creds = prepare_creds(); 4630 if (new_creds == NULL) 4631 return -ENOMEM; 4632 } 4633 4634 tsp = smack_cred(new_creds); 4635 4636 /* 4637 * Get label from overlay inode and set it in create_sid 4638 */ 4639 isp = smack_inode(d_inode(dentry)); 4640 skp = isp->smk_inode; 4641 tsp->smk_task = skp; 4642 *new = new_creds; 4643 return 0; 4644 } 4645 4646 static int smack_inode_copy_up_xattr(const char *name) 4647 { 4648 /* 4649 * Return 1 if this is the smack access Smack attribute. 4650 */ 4651 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4652 return 1; 4653 4654 return -EOPNOTSUPP; 4655 } 4656 4657 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4658 struct qstr *name, 4659 const struct cred *old, 4660 struct cred *new) 4661 { 4662 struct task_smack *otsp = smack_cred(old); 4663 struct task_smack *ntsp = smack_cred(new); 4664 struct inode_smack *isp; 4665 int may; 4666 4667 /* 4668 * Use the process credential unless all of 4669 * the transmuting criteria are met 4670 */ 4671 ntsp->smk_task = otsp->smk_task; 4672 4673 /* 4674 * the attribute of the containing directory 4675 */ 4676 isp = smack_inode(d_inode(dentry->d_parent)); 4677 4678 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4679 rcu_read_lock(); 4680 may = smk_access_entry(otsp->smk_task->smk_known, 4681 isp->smk_inode->smk_known, 4682 &otsp->smk_task->smk_rules); 4683 rcu_read_unlock(); 4684 4685 /* 4686 * If the directory is transmuting and the rule 4687 * providing access is transmuting use the containing 4688 * directory label instead of the process label. 4689 */ 4690 if (may > 0 && (may & MAY_TRANSMUTE)) 4691 ntsp->smk_task = isp->smk_inode; 4692 } 4693 return 0; 4694 } 4695 4696 #ifdef CONFIG_IO_URING 4697 /** 4698 * smack_uring_override_creds - Is io_uring cred override allowed? 4699 * @new: the target creds 4700 * 4701 * Check to see if the current task is allowed to override it's credentials 4702 * to service an io_uring operation. 4703 */ 4704 static int smack_uring_override_creds(const struct cred *new) 4705 { 4706 struct task_smack *tsp = smack_cred(current_cred()); 4707 struct task_smack *nsp = smack_cred(new); 4708 4709 /* 4710 * Allow the degenerate case where the new Smack value is 4711 * the same as the current Smack value. 4712 */ 4713 if (tsp->smk_task == nsp->smk_task) 4714 return 0; 4715 4716 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4717 return 0; 4718 4719 return -EPERM; 4720 } 4721 4722 /** 4723 * smack_uring_sqpoll - check if a io_uring polling thread can be created 4724 * 4725 * Check to see if the current task is allowed to create a new io_uring 4726 * kernel polling thread. 4727 */ 4728 static int smack_uring_sqpoll(void) 4729 { 4730 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) 4731 return 0; 4732 4733 return -EPERM; 4734 } 4735 4736 /** 4737 * smack_uring_cmd - check on file operations for io_uring 4738 * @ioucmd: the command in question 4739 * 4740 * Make a best guess about whether a io_uring "command" should 4741 * be allowed. Use the same logic used for determining if the 4742 * file could be opened for read in the absence of better criteria. 4743 */ 4744 static int smack_uring_cmd(struct io_uring_cmd *ioucmd) 4745 { 4746 struct file *file = ioucmd->file; 4747 struct smk_audit_info ad; 4748 struct task_smack *tsp; 4749 struct inode *inode; 4750 int rc; 4751 4752 if (!file) 4753 return -EINVAL; 4754 4755 tsp = smack_cred(file->f_cred); 4756 inode = file_inode(file); 4757 4758 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 4759 smk_ad_setfield_u_fs_path(&ad, file->f_path); 4760 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 4761 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 4762 4763 return rc; 4764 } 4765 4766 #endif /* CONFIG_IO_URING */ 4767 4768 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4769 .lbs_cred = sizeof(struct task_smack), 4770 .lbs_file = sizeof(struct smack_known *), 4771 .lbs_inode = sizeof(struct inode_smack), 4772 .lbs_ipc = sizeof(struct smack_known *), 4773 .lbs_msg_msg = sizeof(struct smack_known *), 4774 .lbs_superblock = sizeof(struct superblock_smack), 4775 }; 4776 4777 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4778 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4779 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4780 LSM_HOOK_INIT(syslog, smack_syslog), 4781 4782 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4783 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4784 4785 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4786 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4787 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4788 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4789 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4790 4791 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4792 4793 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4794 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4795 LSM_HOOK_INIT(inode_link, smack_inode_link), 4796 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4797 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4798 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4799 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4800 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4801 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4802 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4803 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4804 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4805 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4806 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4807 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4808 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4809 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4810 4811 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4812 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4813 LSM_HOOK_INIT(file_lock, smack_file_lock), 4814 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4815 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4816 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4817 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4818 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4819 LSM_HOOK_INIT(file_receive, smack_file_receive), 4820 4821 LSM_HOOK_INIT(file_open, smack_file_open), 4822 4823 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4824 LSM_HOOK_INIT(cred_free, smack_cred_free), 4825 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4826 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4827 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4828 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4829 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4830 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4831 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4832 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4833 LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj), 4834 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 4835 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4836 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4837 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4838 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4839 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4840 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4841 LSM_HOOK_INIT(task_kill, smack_task_kill), 4842 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4843 4844 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4845 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4846 4847 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4848 4849 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4850 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4851 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4852 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4853 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4854 4855 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4856 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4857 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4858 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4859 4860 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4861 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4862 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4863 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4864 4865 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4866 4867 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4868 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4869 4870 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4871 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4872 4873 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4874 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4875 #ifdef SMACK_IPV6_PORT_LABELING 4876 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4877 #endif 4878 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4879 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4880 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4881 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4882 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4883 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4884 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4885 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4886 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4887 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4888 4889 /* key management security hooks */ 4890 #ifdef CONFIG_KEYS 4891 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4892 LSM_HOOK_INIT(key_free, smack_key_free), 4893 LSM_HOOK_INIT(key_permission, smack_key_permission), 4894 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4895 #ifdef CONFIG_KEY_NOTIFICATIONS 4896 LSM_HOOK_INIT(watch_key, smack_watch_key), 4897 #endif 4898 #endif /* CONFIG_KEYS */ 4899 4900 #ifdef CONFIG_WATCH_QUEUE 4901 LSM_HOOK_INIT(post_notification, smack_post_notification), 4902 #endif 4903 4904 /* Audit hooks */ 4905 #ifdef CONFIG_AUDIT 4906 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4907 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4908 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4909 #endif /* CONFIG_AUDIT */ 4910 4911 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4912 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4913 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4914 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4915 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4916 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4917 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4918 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4919 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4920 #ifdef CONFIG_IO_URING 4921 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds), 4922 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll), 4923 LSM_HOOK_INIT(uring_cmd, smack_uring_cmd), 4924 #endif 4925 }; 4926 4927 4928 static __init void init_smack_known_list(void) 4929 { 4930 /* 4931 * Initialize rule list locks 4932 */ 4933 mutex_init(&smack_known_huh.smk_rules_lock); 4934 mutex_init(&smack_known_hat.smk_rules_lock); 4935 mutex_init(&smack_known_floor.smk_rules_lock); 4936 mutex_init(&smack_known_star.smk_rules_lock); 4937 mutex_init(&smack_known_web.smk_rules_lock); 4938 /* 4939 * Initialize rule lists 4940 */ 4941 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4942 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4943 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4944 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4945 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4946 /* 4947 * Create the known labels list 4948 */ 4949 smk_insert_entry(&smack_known_huh); 4950 smk_insert_entry(&smack_known_hat); 4951 smk_insert_entry(&smack_known_star); 4952 smk_insert_entry(&smack_known_floor); 4953 smk_insert_entry(&smack_known_web); 4954 } 4955 4956 /** 4957 * smack_init - initialize the smack system 4958 * 4959 * Returns 0 on success, -ENOMEM is there's no memory 4960 */ 4961 static __init int smack_init(void) 4962 { 4963 struct cred *cred = (struct cred *) current->cred; 4964 struct task_smack *tsp; 4965 4966 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 4967 if (!smack_rule_cache) 4968 return -ENOMEM; 4969 4970 /* 4971 * Set the security state for the initial task. 4972 */ 4973 tsp = smack_cred(cred); 4974 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 4975 4976 /* 4977 * Register with LSM 4978 */ 4979 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4980 smack_enabled = 1; 4981 4982 pr_info("Smack: Initializing.\n"); 4983 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4984 pr_info("Smack: Netfilter enabled.\n"); 4985 #endif 4986 #ifdef SMACK_IPV6_PORT_LABELING 4987 pr_info("Smack: IPv6 port labeling enabled.\n"); 4988 #endif 4989 #ifdef SMACK_IPV6_SECMARK_LABELING 4990 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4991 #endif 4992 4993 /* initialize the smack_known_list */ 4994 init_smack_known_list(); 4995 4996 return 0; 4997 } 4998 4999 /* 5000 * Smack requires early initialization in order to label 5001 * all processes and objects when they are created. 5002 */ 5003 DEFINE_LSM(smack) = { 5004 .name = "smack", 5005 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 5006 .blobs = &smack_blob_sizes, 5007 .init = smack_init, 5008 }; 5009