1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include "smack.h" 46 47 #define TRANS_TRUE "TRUE" 48 #define TRANS_TRUE_SIZE 4 49 50 #define SMK_CONNECTING 0 51 #define SMK_RECEIVING 1 52 #define SMK_SENDING 2 53 54 static DEFINE_MUTEX(smack_ipv6_lock); 55 static LIST_HEAD(smk_ipv6_port_list); 56 struct kmem_cache *smack_rule_cache; 57 int smack_enabled __initdata; 58 59 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 60 static struct { 61 const char *name; 62 int len; 63 int opt; 64 } smk_mount_opts[] = { 65 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 66 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 67 }; 68 #undef A 69 70 static int match_opt_prefix(char *s, int l, char **arg) 71 { 72 int i; 73 74 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 75 size_t len = smk_mount_opts[i].len; 76 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 77 continue; 78 if (len == l || s[len] != '=') 79 continue; 80 *arg = s + len + 1; 81 return smk_mount_opts[i].opt; 82 } 83 return Opt_error; 84 } 85 86 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 87 static char *smk_bu_mess[] = { 88 "Bringup Error", /* Unused */ 89 "Bringup", /* SMACK_BRINGUP_ALLOW */ 90 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 91 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 92 }; 93 94 static void smk_bu_mode(int mode, char *s) 95 { 96 int i = 0; 97 98 if (mode & MAY_READ) 99 s[i++] = 'r'; 100 if (mode & MAY_WRITE) 101 s[i++] = 'w'; 102 if (mode & MAY_EXEC) 103 s[i++] = 'x'; 104 if (mode & MAY_APPEND) 105 s[i++] = 'a'; 106 if (mode & MAY_TRANSMUTE) 107 s[i++] = 't'; 108 if (mode & MAY_LOCK) 109 s[i++] = 'l'; 110 if (i == 0) 111 s[i++] = '-'; 112 s[i] = '\0'; 113 } 114 #endif 115 116 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 117 static int smk_bu_note(char *note, struct smack_known *sskp, 118 struct smack_known *oskp, int mode, int rc) 119 { 120 char acc[SMK_NUM_ACCESS_TYPE + 1]; 121 122 if (rc <= 0) 123 return rc; 124 if (rc > SMACK_UNCONFINED_OBJECT) 125 rc = 0; 126 127 smk_bu_mode(mode, acc); 128 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 129 sskp->smk_known, oskp->smk_known, acc, note); 130 return 0; 131 } 132 #else 133 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 134 #endif 135 136 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 137 static int smk_bu_current(char *note, struct smack_known *oskp, 138 int mode, int rc) 139 { 140 struct task_smack *tsp = smack_cred(current_cred()); 141 char acc[SMK_NUM_ACCESS_TYPE + 1]; 142 143 if (rc <= 0) 144 return rc; 145 if (rc > SMACK_UNCONFINED_OBJECT) 146 rc = 0; 147 148 smk_bu_mode(mode, acc); 149 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 150 tsp->smk_task->smk_known, oskp->smk_known, 151 acc, current->comm, note); 152 return 0; 153 } 154 #else 155 #define smk_bu_current(note, oskp, mode, RC) (RC) 156 #endif 157 158 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 159 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 160 { 161 struct task_smack *tsp = smack_cred(current_cred()); 162 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 163 char acc[SMK_NUM_ACCESS_TYPE + 1]; 164 165 if (rc <= 0) 166 return rc; 167 if (rc > SMACK_UNCONFINED_OBJECT) 168 rc = 0; 169 170 smk_bu_mode(mode, acc); 171 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 172 tsp->smk_task->smk_known, smk_task->smk_known, acc, 173 current->comm, otp->comm); 174 return 0; 175 } 176 #else 177 #define smk_bu_task(otp, mode, RC) (RC) 178 #endif 179 180 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 181 static int smk_bu_inode(struct inode *inode, int mode, int rc) 182 { 183 struct task_smack *tsp = smack_cred(current_cred()); 184 struct inode_smack *isp = smack_inode(inode); 185 char acc[SMK_NUM_ACCESS_TYPE + 1]; 186 187 if (isp->smk_flags & SMK_INODE_IMPURE) 188 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 189 inode->i_sb->s_id, inode->i_ino, current->comm); 190 191 if (rc <= 0) 192 return rc; 193 if (rc > SMACK_UNCONFINED_OBJECT) 194 rc = 0; 195 if (rc == SMACK_UNCONFINED_SUBJECT && 196 (mode & (MAY_WRITE | MAY_APPEND))) 197 isp->smk_flags |= SMK_INODE_IMPURE; 198 199 smk_bu_mode(mode, acc); 200 201 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 202 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 203 inode->i_sb->s_id, inode->i_ino, current->comm); 204 return 0; 205 } 206 #else 207 #define smk_bu_inode(inode, mode, RC) (RC) 208 #endif 209 210 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 211 static int smk_bu_file(struct file *file, int mode, int rc) 212 { 213 struct task_smack *tsp = smack_cred(current_cred()); 214 struct smack_known *sskp = tsp->smk_task; 215 struct inode *inode = file_inode(file); 216 struct inode_smack *isp = smack_inode(inode); 217 char acc[SMK_NUM_ACCESS_TYPE + 1]; 218 219 if (isp->smk_flags & SMK_INODE_IMPURE) 220 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 221 inode->i_sb->s_id, inode->i_ino, current->comm); 222 223 if (rc <= 0) 224 return rc; 225 if (rc > SMACK_UNCONFINED_OBJECT) 226 rc = 0; 227 228 smk_bu_mode(mode, acc); 229 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 230 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 231 inode->i_sb->s_id, inode->i_ino, file, 232 current->comm); 233 return 0; 234 } 235 #else 236 #define smk_bu_file(file, mode, RC) (RC) 237 #endif 238 239 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 240 static int smk_bu_credfile(const struct cred *cred, struct file *file, 241 int mode, int rc) 242 { 243 struct task_smack *tsp = smack_cred(cred); 244 struct smack_known *sskp = tsp->smk_task; 245 struct inode *inode = file_inode(file); 246 struct inode_smack *isp = smack_inode(inode); 247 char acc[SMK_NUM_ACCESS_TYPE + 1]; 248 249 if (isp->smk_flags & SMK_INODE_IMPURE) 250 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 251 inode->i_sb->s_id, inode->i_ino, current->comm); 252 253 if (rc <= 0) 254 return rc; 255 if (rc > SMACK_UNCONFINED_OBJECT) 256 rc = 0; 257 258 smk_bu_mode(mode, acc); 259 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 260 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 261 inode->i_sb->s_id, inode->i_ino, file, 262 current->comm); 263 return 0; 264 } 265 #else 266 #define smk_bu_credfile(cred, file, mode, RC) (RC) 267 #endif 268 269 /** 270 * smk_fetch - Fetch the smack label from a file. 271 * @name: type of the label (attribute) 272 * @ip: a pointer to the inode 273 * @dp: a pointer to the dentry 274 * 275 * Returns a pointer to the master list entry for the Smack label, 276 * NULL if there was no label to fetch, or an error code. 277 */ 278 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 279 struct dentry *dp) 280 { 281 int rc; 282 char *buffer; 283 struct smack_known *skp = NULL; 284 285 if (!(ip->i_opflags & IOP_XATTR)) 286 return ERR_PTR(-EOPNOTSUPP); 287 288 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 289 if (buffer == NULL) 290 return ERR_PTR(-ENOMEM); 291 292 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 293 if (rc < 0) 294 skp = ERR_PTR(rc); 295 else if (rc == 0) 296 skp = NULL; 297 else 298 skp = smk_import_entry(buffer, rc); 299 300 kfree(buffer); 301 302 return skp; 303 } 304 305 /** 306 * init_inode_smack - initialize an inode security blob 307 * @inode: inode to extract the info from 308 * @skp: a pointer to the Smack label entry to use in the blob 309 * 310 */ 311 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 312 { 313 struct inode_smack *isp = smack_inode(inode); 314 315 isp->smk_inode = skp; 316 isp->smk_flags = 0; 317 } 318 319 /** 320 * init_task_smack - initialize a task security blob 321 * @tsp: blob to initialize 322 * @task: a pointer to the Smack label for the running task 323 * @forked: a pointer to the Smack label for the forked task 324 * 325 */ 326 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 327 struct smack_known *forked) 328 { 329 tsp->smk_task = task; 330 tsp->smk_forked = forked; 331 INIT_LIST_HEAD(&tsp->smk_rules); 332 INIT_LIST_HEAD(&tsp->smk_relabel); 333 mutex_init(&tsp->smk_rules_lock); 334 } 335 336 /** 337 * smk_copy_rules - copy a rule set 338 * @nhead: new rules header pointer 339 * @ohead: old rules header pointer 340 * @gfp: type of the memory for the allocation 341 * 342 * Returns 0 on success, -ENOMEM on error 343 */ 344 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 345 gfp_t gfp) 346 { 347 struct smack_rule *nrp; 348 struct smack_rule *orp; 349 int rc = 0; 350 351 list_for_each_entry_rcu(orp, ohead, list) { 352 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 353 if (nrp == NULL) { 354 rc = -ENOMEM; 355 break; 356 } 357 *nrp = *orp; 358 list_add_rcu(&nrp->list, nhead); 359 } 360 return rc; 361 } 362 363 /** 364 * smk_copy_relabel - copy smk_relabel labels list 365 * @nhead: new rules header pointer 366 * @ohead: old rules header pointer 367 * @gfp: type of the memory for the allocation 368 * 369 * Returns 0 on success, -ENOMEM on error 370 */ 371 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 372 gfp_t gfp) 373 { 374 struct smack_known_list_elem *nklep; 375 struct smack_known_list_elem *oklep; 376 377 list_for_each_entry(oklep, ohead, list) { 378 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 379 if (nklep == NULL) { 380 smk_destroy_label_list(nhead); 381 return -ENOMEM; 382 } 383 nklep->smk_label = oklep->smk_label; 384 list_add(&nklep->list, nhead); 385 } 386 387 return 0; 388 } 389 390 /** 391 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 392 * @mode - input mode in form of PTRACE_MODE_* 393 * 394 * Returns a converted MAY_* mode usable by smack rules 395 */ 396 static inline unsigned int smk_ptrace_mode(unsigned int mode) 397 { 398 if (mode & PTRACE_MODE_ATTACH) 399 return MAY_READWRITE; 400 if (mode & PTRACE_MODE_READ) 401 return MAY_READ; 402 403 return 0; 404 } 405 406 /** 407 * smk_ptrace_rule_check - helper for ptrace access 408 * @tracer: tracer process 409 * @tracee_known: label entry of the process that's about to be traced 410 * @mode: ptrace attachment mode (PTRACE_MODE_*) 411 * @func: name of the function that called us, used for audit 412 * 413 * Returns 0 on access granted, -error on error 414 */ 415 static int smk_ptrace_rule_check(struct task_struct *tracer, 416 struct smack_known *tracee_known, 417 unsigned int mode, const char *func) 418 { 419 int rc; 420 struct smk_audit_info ad, *saip = NULL; 421 struct task_smack *tsp; 422 struct smack_known *tracer_known; 423 const struct cred *tracercred; 424 425 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 426 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 427 smk_ad_setfield_u_tsk(&ad, tracer); 428 saip = &ad; 429 } 430 431 rcu_read_lock(); 432 tracercred = __task_cred(tracer); 433 tsp = smack_cred(tracercred); 434 tracer_known = smk_of_task(tsp); 435 436 if ((mode & PTRACE_MODE_ATTACH) && 437 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 438 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 439 if (tracer_known->smk_known == tracee_known->smk_known) 440 rc = 0; 441 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 442 rc = -EACCES; 443 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 444 rc = 0; 445 else 446 rc = -EACCES; 447 448 if (saip) 449 smack_log(tracer_known->smk_known, 450 tracee_known->smk_known, 451 0, rc, saip); 452 453 rcu_read_unlock(); 454 return rc; 455 } 456 457 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 458 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 459 460 rcu_read_unlock(); 461 return rc; 462 } 463 464 /* 465 * LSM hooks. 466 * We he, that is fun! 467 */ 468 469 /** 470 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 471 * @ctp: child task pointer 472 * @mode: ptrace attachment mode (PTRACE_MODE_*) 473 * 474 * Returns 0 if access is OK, an error code otherwise 475 * 476 * Do the capability checks. 477 */ 478 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 479 { 480 struct smack_known *skp; 481 482 skp = smk_of_task_struct_obj(ctp); 483 484 return smk_ptrace_rule_check(current, skp, mode, __func__); 485 } 486 487 /** 488 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 489 * @ptp: parent task pointer 490 * 491 * Returns 0 if access is OK, an error code otherwise 492 * 493 * Do the capability checks, and require PTRACE_MODE_ATTACH. 494 */ 495 static int smack_ptrace_traceme(struct task_struct *ptp) 496 { 497 int rc; 498 struct smack_known *skp; 499 500 skp = smk_of_task(smack_cred(current_cred())); 501 502 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 503 return rc; 504 } 505 506 /** 507 * smack_syslog - Smack approval on syslog 508 * @typefrom_file: unused 509 * 510 * Returns 0 on success, error code otherwise. 511 */ 512 static int smack_syslog(int typefrom_file) 513 { 514 int rc = 0; 515 struct smack_known *skp = smk_of_current(); 516 517 if (smack_privileged(CAP_MAC_OVERRIDE)) 518 return 0; 519 520 if (smack_syslog_label != NULL && smack_syslog_label != skp) 521 rc = -EACCES; 522 523 return rc; 524 } 525 526 /* 527 * Superblock Hooks. 528 */ 529 530 /** 531 * smack_sb_alloc_security - allocate a superblock blob 532 * @sb: the superblock getting the blob 533 * 534 * Returns 0 on success or -ENOMEM on error. 535 */ 536 static int smack_sb_alloc_security(struct super_block *sb) 537 { 538 struct superblock_smack *sbsp = smack_superblock(sb); 539 540 sbsp->smk_root = &smack_known_floor; 541 sbsp->smk_default = &smack_known_floor; 542 sbsp->smk_floor = &smack_known_floor; 543 sbsp->smk_hat = &smack_known_hat; 544 /* 545 * SMK_SB_INITIALIZED will be zero from kzalloc. 546 */ 547 548 return 0; 549 } 550 551 struct smack_mnt_opts { 552 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; 553 }; 554 555 static void smack_free_mnt_opts(void *mnt_opts) 556 { 557 struct smack_mnt_opts *opts = mnt_opts; 558 kfree(opts->fsdefault); 559 kfree(opts->fsfloor); 560 kfree(opts->fshat); 561 kfree(opts->fsroot); 562 kfree(opts->fstransmute); 563 kfree(opts); 564 } 565 566 static int smack_add_opt(int token, const char *s, void **mnt_opts) 567 { 568 struct smack_mnt_opts *opts = *mnt_opts; 569 570 if (!opts) { 571 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 572 if (!opts) 573 return -ENOMEM; 574 *mnt_opts = opts; 575 } 576 if (!s) 577 return -ENOMEM; 578 579 switch (token) { 580 case Opt_fsdefault: 581 if (opts->fsdefault) 582 goto out_opt_err; 583 opts->fsdefault = s; 584 break; 585 case Opt_fsfloor: 586 if (opts->fsfloor) 587 goto out_opt_err; 588 opts->fsfloor = s; 589 break; 590 case Opt_fshat: 591 if (opts->fshat) 592 goto out_opt_err; 593 opts->fshat = s; 594 break; 595 case Opt_fsroot: 596 if (opts->fsroot) 597 goto out_opt_err; 598 opts->fsroot = s; 599 break; 600 case Opt_fstransmute: 601 if (opts->fstransmute) 602 goto out_opt_err; 603 opts->fstransmute = s; 604 break; 605 } 606 return 0; 607 608 out_opt_err: 609 pr_warn("Smack: duplicate mount options\n"); 610 return -EINVAL; 611 } 612 613 /** 614 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 615 * @fc: The new filesystem context. 616 * @src_fc: The source filesystem context being duplicated. 617 * 618 * Returns 0 on success or -ENOMEM on error. 619 */ 620 static int smack_fs_context_dup(struct fs_context *fc, 621 struct fs_context *src_fc) 622 { 623 struct smack_mnt_opts *dst, *src = src_fc->security; 624 625 if (!src) 626 return 0; 627 628 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 629 if (!fc->security) 630 return -ENOMEM; 631 dst = fc->security; 632 633 if (src->fsdefault) { 634 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); 635 if (!dst->fsdefault) 636 return -ENOMEM; 637 } 638 if (src->fsfloor) { 639 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL); 640 if (!dst->fsfloor) 641 return -ENOMEM; 642 } 643 if (src->fshat) { 644 dst->fshat = kstrdup(src->fshat, GFP_KERNEL); 645 if (!dst->fshat) 646 return -ENOMEM; 647 } 648 if (src->fsroot) { 649 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL); 650 if (!dst->fsroot) 651 return -ENOMEM; 652 } 653 if (src->fstransmute) { 654 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL); 655 if (!dst->fstransmute) 656 return -ENOMEM; 657 } 658 return 0; 659 } 660 661 static const struct fs_parameter_spec smack_fs_parameters[] = { 662 fsparam_string("smackfsdef", Opt_fsdefault), 663 fsparam_string("smackfsdefault", Opt_fsdefault), 664 fsparam_string("smackfsfloor", Opt_fsfloor), 665 fsparam_string("smackfshat", Opt_fshat), 666 fsparam_string("smackfsroot", Opt_fsroot), 667 fsparam_string("smackfstransmute", Opt_fstransmute), 668 {} 669 }; 670 671 /** 672 * smack_fs_context_parse_param - Parse a single mount parameter 673 * @fc: The new filesystem context being constructed. 674 * @param: The parameter. 675 * 676 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 677 * error. 678 */ 679 static int smack_fs_context_parse_param(struct fs_context *fc, 680 struct fs_parameter *param) 681 { 682 struct fs_parse_result result; 683 int opt, rc; 684 685 opt = fs_parse(fc, smack_fs_parameters, param, &result); 686 if (opt < 0) 687 return opt; 688 689 rc = smack_add_opt(opt, param->string, &fc->security); 690 if (!rc) 691 param->string = NULL; 692 return rc; 693 } 694 695 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 696 { 697 char *from = options, *to = options; 698 bool first = true; 699 700 while (1) { 701 char *next = strchr(from, ','); 702 int token, len, rc; 703 char *arg = NULL; 704 705 if (next) 706 len = next - from; 707 else 708 len = strlen(from); 709 710 token = match_opt_prefix(from, len, &arg); 711 if (token != Opt_error) { 712 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 713 rc = smack_add_opt(token, arg, mnt_opts); 714 if (unlikely(rc)) { 715 kfree(arg); 716 if (*mnt_opts) 717 smack_free_mnt_opts(*mnt_opts); 718 *mnt_opts = NULL; 719 return rc; 720 } 721 } else { 722 if (!first) { // copy with preceding comma 723 from--; 724 len++; 725 } 726 if (to != from) 727 memmove(to, from, len); 728 to += len; 729 first = false; 730 } 731 if (!from[len]) 732 break; 733 from += len + 1; 734 } 735 *to = '\0'; 736 return 0; 737 } 738 739 /** 740 * smack_set_mnt_opts - set Smack specific mount options 741 * @sb: the file system superblock 742 * @mnt_opts: Smack mount options 743 * @kern_flags: mount option from kernel space or user space 744 * @set_kern_flags: where to store converted mount opts 745 * 746 * Returns 0 on success, an error code on failure 747 * 748 * Allow filesystems with binary mount data to explicitly set Smack mount 749 * labels. 750 */ 751 static int smack_set_mnt_opts(struct super_block *sb, 752 void *mnt_opts, 753 unsigned long kern_flags, 754 unsigned long *set_kern_flags) 755 { 756 struct dentry *root = sb->s_root; 757 struct inode *inode = d_backing_inode(root); 758 struct superblock_smack *sp = smack_superblock(sb); 759 struct inode_smack *isp; 760 struct smack_known *skp; 761 struct smack_mnt_opts *opts = mnt_opts; 762 bool transmute = false; 763 764 if (sp->smk_flags & SMK_SB_INITIALIZED) 765 return 0; 766 767 if (inode->i_security == NULL) { 768 int rc = lsm_inode_alloc(inode); 769 770 if (rc) 771 return rc; 772 } 773 774 if (!smack_privileged(CAP_MAC_ADMIN)) { 775 /* 776 * Unprivileged mounts don't get to specify Smack values. 777 */ 778 if (opts) 779 return -EPERM; 780 /* 781 * Unprivileged mounts get root and default from the caller. 782 */ 783 skp = smk_of_current(); 784 sp->smk_root = skp; 785 sp->smk_default = skp; 786 /* 787 * For a handful of fs types with no user-controlled 788 * backing store it's okay to trust security labels 789 * in the filesystem. The rest are untrusted. 790 */ 791 if (sb->s_user_ns != &init_user_ns && 792 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 793 sb->s_magic != RAMFS_MAGIC) { 794 transmute = true; 795 sp->smk_flags |= SMK_SB_UNTRUSTED; 796 } 797 } 798 799 sp->smk_flags |= SMK_SB_INITIALIZED; 800 801 if (opts) { 802 if (opts->fsdefault) { 803 skp = smk_import_entry(opts->fsdefault, 0); 804 if (IS_ERR(skp)) 805 return PTR_ERR(skp); 806 sp->smk_default = skp; 807 } 808 if (opts->fsfloor) { 809 skp = smk_import_entry(opts->fsfloor, 0); 810 if (IS_ERR(skp)) 811 return PTR_ERR(skp); 812 sp->smk_floor = skp; 813 } 814 if (opts->fshat) { 815 skp = smk_import_entry(opts->fshat, 0); 816 if (IS_ERR(skp)) 817 return PTR_ERR(skp); 818 sp->smk_hat = skp; 819 } 820 if (opts->fsroot) { 821 skp = smk_import_entry(opts->fsroot, 0); 822 if (IS_ERR(skp)) 823 return PTR_ERR(skp); 824 sp->smk_root = skp; 825 } 826 if (opts->fstransmute) { 827 skp = smk_import_entry(opts->fstransmute, 0); 828 if (IS_ERR(skp)) 829 return PTR_ERR(skp); 830 sp->smk_root = skp; 831 transmute = true; 832 } 833 } 834 835 /* 836 * Initialize the root inode. 837 */ 838 init_inode_smack(inode, sp->smk_root); 839 840 if (transmute) { 841 isp = smack_inode(inode); 842 isp->smk_flags |= SMK_INODE_TRANSMUTE; 843 } 844 845 return 0; 846 } 847 848 /** 849 * smack_sb_statfs - Smack check on statfs 850 * @dentry: identifies the file system in question 851 * 852 * Returns 0 if current can read the floor of the filesystem, 853 * and error code otherwise 854 */ 855 static int smack_sb_statfs(struct dentry *dentry) 856 { 857 struct superblock_smack *sbp = smack_superblock(dentry->d_sb); 858 int rc; 859 struct smk_audit_info ad; 860 861 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 862 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 863 864 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 865 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 866 return rc; 867 } 868 869 /* 870 * BPRM hooks 871 */ 872 873 /** 874 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 875 * @bprm: the exec information 876 * 877 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 878 */ 879 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 880 { 881 struct inode *inode = file_inode(bprm->file); 882 struct task_smack *bsp = smack_cred(bprm->cred); 883 struct inode_smack *isp; 884 struct superblock_smack *sbsp; 885 int rc; 886 887 isp = smack_inode(inode); 888 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 889 return 0; 890 891 sbsp = smack_superblock(inode->i_sb); 892 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 893 isp->smk_task != sbsp->smk_root) 894 return 0; 895 896 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 897 struct task_struct *tracer; 898 rc = 0; 899 900 rcu_read_lock(); 901 tracer = ptrace_parent(current); 902 if (likely(tracer != NULL)) 903 rc = smk_ptrace_rule_check(tracer, 904 isp->smk_task, 905 PTRACE_MODE_ATTACH, 906 __func__); 907 rcu_read_unlock(); 908 909 if (rc != 0) 910 return rc; 911 } 912 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 913 return -EPERM; 914 915 bsp->smk_task = isp->smk_task; 916 bprm->per_clear |= PER_CLEAR_ON_SETID; 917 918 /* Decide if this is a secure exec. */ 919 if (bsp->smk_task != bsp->smk_forked) 920 bprm->secureexec = 1; 921 922 return 0; 923 } 924 925 /* 926 * Inode hooks 927 */ 928 929 /** 930 * smack_inode_alloc_security - allocate an inode blob 931 * @inode: the inode in need of a blob 932 * 933 * Returns 0 934 */ 935 static int smack_inode_alloc_security(struct inode *inode) 936 { 937 struct smack_known *skp = smk_of_current(); 938 939 init_inode_smack(inode, skp); 940 return 0; 941 } 942 943 /** 944 * smack_inode_init_security - copy out the smack from an inode 945 * @inode: the newly created inode 946 * @dir: containing directory object 947 * @qstr: unused 948 * @name: where to put the attribute name 949 * @value: where to put the attribute value 950 * @len: where to put the length of the attribute 951 * 952 * Returns 0 if it all works out, -ENOMEM if there's no memory 953 */ 954 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 955 const struct qstr *qstr, const char **name, 956 void **value, size_t *len) 957 { 958 struct inode_smack *issp = smack_inode(inode); 959 struct smack_known *skp = smk_of_current(); 960 struct smack_known *isp = smk_of_inode(inode); 961 struct smack_known *dsp = smk_of_inode(dir); 962 int may; 963 964 if (name) 965 *name = XATTR_SMACK_SUFFIX; 966 967 if (value && len) { 968 rcu_read_lock(); 969 may = smk_access_entry(skp->smk_known, dsp->smk_known, 970 &skp->smk_rules); 971 rcu_read_unlock(); 972 973 /* 974 * If the access rule allows transmutation and 975 * the directory requests transmutation then 976 * by all means transmute. 977 * Mark the inode as changed. 978 */ 979 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 980 smk_inode_transmutable(dir)) { 981 isp = dsp; 982 issp->smk_flags |= SMK_INODE_CHANGED; 983 } 984 985 *value = kstrdup(isp->smk_known, GFP_NOFS); 986 if (*value == NULL) 987 return -ENOMEM; 988 989 *len = strlen(isp->smk_known); 990 } 991 992 return 0; 993 } 994 995 /** 996 * smack_inode_link - Smack check on link 997 * @old_dentry: the existing object 998 * @dir: unused 999 * @new_dentry: the new object 1000 * 1001 * Returns 0 if access is permitted, an error code otherwise 1002 */ 1003 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1004 struct dentry *new_dentry) 1005 { 1006 struct smack_known *isp; 1007 struct smk_audit_info ad; 1008 int rc; 1009 1010 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1011 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1012 1013 isp = smk_of_inode(d_backing_inode(old_dentry)); 1014 rc = smk_curacc(isp, MAY_WRITE, &ad); 1015 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1016 1017 if (rc == 0 && d_is_positive(new_dentry)) { 1018 isp = smk_of_inode(d_backing_inode(new_dentry)); 1019 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1020 rc = smk_curacc(isp, MAY_WRITE, &ad); 1021 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1022 } 1023 1024 return rc; 1025 } 1026 1027 /** 1028 * smack_inode_unlink - Smack check on inode deletion 1029 * @dir: containing directory object 1030 * @dentry: file to unlink 1031 * 1032 * Returns 0 if current can write the containing directory 1033 * and the object, error code otherwise 1034 */ 1035 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1036 { 1037 struct inode *ip = d_backing_inode(dentry); 1038 struct smk_audit_info ad; 1039 int rc; 1040 1041 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1042 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1043 1044 /* 1045 * You need write access to the thing you're unlinking 1046 */ 1047 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1048 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1049 if (rc == 0) { 1050 /* 1051 * You also need write access to the containing directory 1052 */ 1053 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1054 smk_ad_setfield_u_fs_inode(&ad, dir); 1055 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1056 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1057 } 1058 return rc; 1059 } 1060 1061 /** 1062 * smack_inode_rmdir - Smack check on directory deletion 1063 * @dir: containing directory object 1064 * @dentry: directory to unlink 1065 * 1066 * Returns 0 if current can write the containing directory 1067 * and the directory, error code otherwise 1068 */ 1069 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1070 { 1071 struct smk_audit_info ad; 1072 int rc; 1073 1074 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1075 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1076 1077 /* 1078 * You need write access to the thing you're removing 1079 */ 1080 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1081 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1082 if (rc == 0) { 1083 /* 1084 * You also need write access to the containing directory 1085 */ 1086 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1087 smk_ad_setfield_u_fs_inode(&ad, dir); 1088 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1089 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1090 } 1091 1092 return rc; 1093 } 1094 1095 /** 1096 * smack_inode_rename - Smack check on rename 1097 * @old_inode: unused 1098 * @old_dentry: the old object 1099 * @new_inode: unused 1100 * @new_dentry: the new object 1101 * 1102 * Read and write access is required on both the old and 1103 * new directories. 1104 * 1105 * Returns 0 if access is permitted, an error code otherwise 1106 */ 1107 static int smack_inode_rename(struct inode *old_inode, 1108 struct dentry *old_dentry, 1109 struct inode *new_inode, 1110 struct dentry *new_dentry) 1111 { 1112 int rc; 1113 struct smack_known *isp; 1114 struct smk_audit_info ad; 1115 1116 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1117 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1118 1119 isp = smk_of_inode(d_backing_inode(old_dentry)); 1120 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1121 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1122 1123 if (rc == 0 && d_is_positive(new_dentry)) { 1124 isp = smk_of_inode(d_backing_inode(new_dentry)); 1125 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1126 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1127 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1128 } 1129 return rc; 1130 } 1131 1132 /** 1133 * smack_inode_permission - Smack version of permission() 1134 * @inode: the inode in question 1135 * @mask: the access requested 1136 * 1137 * This is the important Smack hook. 1138 * 1139 * Returns 0 if access is permitted, an error code otherwise 1140 */ 1141 static int smack_inode_permission(struct inode *inode, int mask) 1142 { 1143 struct superblock_smack *sbsp = smack_superblock(inode->i_sb); 1144 struct smk_audit_info ad; 1145 int no_block = mask & MAY_NOT_BLOCK; 1146 int rc; 1147 1148 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1149 /* 1150 * No permission to check. Existence test. Yup, it's there. 1151 */ 1152 if (mask == 0) 1153 return 0; 1154 1155 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1156 if (smk_of_inode(inode) != sbsp->smk_root) 1157 return -EACCES; 1158 } 1159 1160 /* May be droppable after audit */ 1161 if (no_block) 1162 return -ECHILD; 1163 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1164 smk_ad_setfield_u_fs_inode(&ad, inode); 1165 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1166 rc = smk_bu_inode(inode, mask, rc); 1167 return rc; 1168 } 1169 1170 /** 1171 * smack_inode_setattr - Smack check for setting attributes 1172 * @dentry: the object 1173 * @iattr: for the force flag 1174 * 1175 * Returns 0 if access is permitted, an error code otherwise 1176 */ 1177 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1178 { 1179 struct smk_audit_info ad; 1180 int rc; 1181 1182 /* 1183 * Need to allow for clearing the setuid bit. 1184 */ 1185 if (iattr->ia_valid & ATTR_FORCE) 1186 return 0; 1187 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1188 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1189 1190 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1191 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1192 return rc; 1193 } 1194 1195 /** 1196 * smack_inode_getattr - Smack check for getting attributes 1197 * @path: path to extract the info from 1198 * 1199 * Returns 0 if access is permitted, an error code otherwise 1200 */ 1201 static int smack_inode_getattr(const struct path *path) 1202 { 1203 struct smk_audit_info ad; 1204 struct inode *inode = d_backing_inode(path->dentry); 1205 int rc; 1206 1207 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1208 smk_ad_setfield_u_fs_path(&ad, *path); 1209 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1210 rc = smk_bu_inode(inode, MAY_READ, rc); 1211 return rc; 1212 } 1213 1214 /** 1215 * smack_inode_setxattr - Smack check for setting xattrs 1216 * @dentry: the object 1217 * @name: name of the attribute 1218 * @value: value of the attribute 1219 * @size: size of the value 1220 * @flags: unused 1221 * 1222 * This protects the Smack attribute explicitly. 1223 * 1224 * Returns 0 if access is permitted, an error code otherwise 1225 */ 1226 static int smack_inode_setxattr(struct user_namespace *mnt_userns, 1227 struct dentry *dentry, const char *name, 1228 const void *value, size_t size, int flags) 1229 { 1230 struct smk_audit_info ad; 1231 struct smack_known *skp; 1232 int check_priv = 0; 1233 int check_import = 0; 1234 int check_star = 0; 1235 int rc = 0; 1236 1237 /* 1238 * Check label validity here so import won't fail in post_setxattr 1239 */ 1240 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1241 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1242 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1243 check_priv = 1; 1244 check_import = 1; 1245 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1246 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1247 check_priv = 1; 1248 check_import = 1; 1249 check_star = 1; 1250 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1251 check_priv = 1; 1252 if (size != TRANS_TRUE_SIZE || 1253 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1254 rc = -EINVAL; 1255 } else 1256 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1257 1258 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1259 rc = -EPERM; 1260 1261 if (rc == 0 && check_import) { 1262 skp = size ? smk_import_entry(value, size) : NULL; 1263 if (IS_ERR(skp)) 1264 rc = PTR_ERR(skp); 1265 else if (skp == NULL || (check_star && 1266 (skp == &smack_known_star || skp == &smack_known_web))) 1267 rc = -EINVAL; 1268 } 1269 1270 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1271 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1272 1273 if (rc == 0) { 1274 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1275 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1276 } 1277 1278 return rc; 1279 } 1280 1281 /** 1282 * smack_inode_post_setxattr - Apply the Smack update approved above 1283 * @dentry: object 1284 * @name: attribute name 1285 * @value: attribute value 1286 * @size: attribute size 1287 * @flags: unused 1288 * 1289 * Set the pointer in the inode blob to the entry found 1290 * in the master label list. 1291 */ 1292 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1293 const void *value, size_t size, int flags) 1294 { 1295 struct smack_known *skp; 1296 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1297 1298 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1299 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1300 return; 1301 } 1302 1303 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1304 skp = smk_import_entry(value, size); 1305 if (!IS_ERR(skp)) 1306 isp->smk_inode = skp; 1307 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1308 skp = smk_import_entry(value, size); 1309 if (!IS_ERR(skp)) 1310 isp->smk_task = skp; 1311 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1312 skp = smk_import_entry(value, size); 1313 if (!IS_ERR(skp)) 1314 isp->smk_mmap = skp; 1315 } 1316 1317 return; 1318 } 1319 1320 /** 1321 * smack_inode_getxattr - Smack check on getxattr 1322 * @dentry: the object 1323 * @name: unused 1324 * 1325 * Returns 0 if access is permitted, an error code otherwise 1326 */ 1327 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1328 { 1329 struct smk_audit_info ad; 1330 int rc; 1331 1332 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1333 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1334 1335 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1336 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1337 return rc; 1338 } 1339 1340 /** 1341 * smack_inode_removexattr - Smack check on removexattr 1342 * @dentry: the object 1343 * @name: name of the attribute 1344 * 1345 * Removing the Smack attribute requires CAP_MAC_ADMIN 1346 * 1347 * Returns 0 if access is permitted, an error code otherwise 1348 */ 1349 static int smack_inode_removexattr(struct user_namespace *mnt_userns, 1350 struct dentry *dentry, const char *name) 1351 { 1352 struct inode_smack *isp; 1353 struct smk_audit_info ad; 1354 int rc = 0; 1355 1356 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1357 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1358 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1359 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1360 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1361 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1362 if (!smack_privileged(CAP_MAC_ADMIN)) 1363 rc = -EPERM; 1364 } else 1365 rc = cap_inode_removexattr(mnt_userns, dentry, name); 1366 1367 if (rc != 0) 1368 return rc; 1369 1370 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1371 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1372 1373 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1374 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1375 if (rc != 0) 1376 return rc; 1377 1378 isp = smack_inode(d_backing_inode(dentry)); 1379 /* 1380 * Don't do anything special for these. 1381 * XATTR_NAME_SMACKIPIN 1382 * XATTR_NAME_SMACKIPOUT 1383 */ 1384 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1385 struct super_block *sbp = dentry->d_sb; 1386 struct superblock_smack *sbsp = smack_superblock(sbp); 1387 1388 isp->smk_inode = sbsp->smk_default; 1389 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1390 isp->smk_task = NULL; 1391 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1392 isp->smk_mmap = NULL; 1393 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1394 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1395 1396 return 0; 1397 } 1398 1399 /** 1400 * smack_inode_getsecurity - get smack xattrs 1401 * @inode: the object 1402 * @name: attribute name 1403 * @buffer: where to put the result 1404 * @alloc: duplicate memory 1405 * 1406 * Returns the size of the attribute or an error code 1407 */ 1408 static int smack_inode_getsecurity(struct user_namespace *mnt_userns, 1409 struct inode *inode, const char *name, 1410 void **buffer, bool alloc) 1411 { 1412 struct socket_smack *ssp; 1413 struct socket *sock; 1414 struct super_block *sbp; 1415 struct inode *ip = (struct inode *)inode; 1416 struct smack_known *isp; 1417 1418 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1419 isp = smk_of_inode(inode); 1420 else { 1421 /* 1422 * The rest of the Smack xattrs are only on sockets. 1423 */ 1424 sbp = ip->i_sb; 1425 if (sbp->s_magic != SOCKFS_MAGIC) 1426 return -EOPNOTSUPP; 1427 1428 sock = SOCKET_I(ip); 1429 if (sock == NULL || sock->sk == NULL) 1430 return -EOPNOTSUPP; 1431 1432 ssp = sock->sk->sk_security; 1433 1434 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1435 isp = ssp->smk_in; 1436 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1437 isp = ssp->smk_out; 1438 else 1439 return -EOPNOTSUPP; 1440 } 1441 1442 if (alloc) { 1443 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1444 if (*buffer == NULL) 1445 return -ENOMEM; 1446 } 1447 1448 return strlen(isp->smk_known); 1449 } 1450 1451 1452 /** 1453 * smack_inode_listsecurity - list the Smack attributes 1454 * @inode: the object 1455 * @buffer: where they go 1456 * @buffer_size: size of buffer 1457 */ 1458 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1459 size_t buffer_size) 1460 { 1461 int len = sizeof(XATTR_NAME_SMACK); 1462 1463 if (buffer != NULL && len <= buffer_size) 1464 memcpy(buffer, XATTR_NAME_SMACK, len); 1465 1466 return len; 1467 } 1468 1469 /** 1470 * smack_inode_getsecid - Extract inode's security id 1471 * @inode: inode to extract the info from 1472 * @secid: where result will be saved 1473 */ 1474 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1475 { 1476 struct smack_known *skp = smk_of_inode(inode); 1477 1478 *secid = skp->smk_secid; 1479 } 1480 1481 /* 1482 * File Hooks 1483 */ 1484 1485 /* 1486 * There is no smack_file_permission hook 1487 * 1488 * Should access checks be done on each read or write? 1489 * UNICOS and SELinux say yes. 1490 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1491 * 1492 * I'll say no for now. Smack does not do the frequent 1493 * label changing that SELinux does. 1494 */ 1495 1496 /** 1497 * smack_file_alloc_security - assign a file security blob 1498 * @file: the object 1499 * 1500 * The security blob for a file is a pointer to the master 1501 * label list, so no allocation is done. 1502 * 1503 * f_security is the owner security information. It 1504 * isn't used on file access checks, it's for send_sigio. 1505 * 1506 * Returns 0 1507 */ 1508 static int smack_file_alloc_security(struct file *file) 1509 { 1510 struct smack_known **blob = smack_file(file); 1511 1512 *blob = smk_of_current(); 1513 return 0; 1514 } 1515 1516 /** 1517 * smack_file_ioctl - Smack check on ioctls 1518 * @file: the object 1519 * @cmd: what to do 1520 * @arg: unused 1521 * 1522 * Relies heavily on the correct use of the ioctl command conventions. 1523 * 1524 * Returns 0 if allowed, error code otherwise 1525 */ 1526 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1527 unsigned long arg) 1528 { 1529 int rc = 0; 1530 struct smk_audit_info ad; 1531 struct inode *inode = file_inode(file); 1532 1533 if (unlikely(IS_PRIVATE(inode))) 1534 return 0; 1535 1536 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1537 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1538 1539 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1540 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1541 rc = smk_bu_file(file, MAY_WRITE, rc); 1542 } 1543 1544 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1545 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1546 rc = smk_bu_file(file, MAY_READ, rc); 1547 } 1548 1549 return rc; 1550 } 1551 1552 /** 1553 * smack_file_lock - Smack check on file locking 1554 * @file: the object 1555 * @cmd: unused 1556 * 1557 * Returns 0 if current has lock access, error code otherwise 1558 */ 1559 static int smack_file_lock(struct file *file, unsigned int cmd) 1560 { 1561 struct smk_audit_info ad; 1562 int rc; 1563 struct inode *inode = file_inode(file); 1564 1565 if (unlikely(IS_PRIVATE(inode))) 1566 return 0; 1567 1568 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1569 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1570 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1571 rc = smk_bu_file(file, MAY_LOCK, rc); 1572 return rc; 1573 } 1574 1575 /** 1576 * smack_file_fcntl - Smack check on fcntl 1577 * @file: the object 1578 * @cmd: what action to check 1579 * @arg: unused 1580 * 1581 * Generally these operations are harmless. 1582 * File locking operations present an obvious mechanism 1583 * for passing information, so they require write access. 1584 * 1585 * Returns 0 if current has access, error code otherwise 1586 */ 1587 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1588 unsigned long arg) 1589 { 1590 struct smk_audit_info ad; 1591 int rc = 0; 1592 struct inode *inode = file_inode(file); 1593 1594 if (unlikely(IS_PRIVATE(inode))) 1595 return 0; 1596 1597 switch (cmd) { 1598 case F_GETLK: 1599 break; 1600 case F_SETLK: 1601 case F_SETLKW: 1602 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1603 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1604 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1605 rc = smk_bu_file(file, MAY_LOCK, rc); 1606 break; 1607 case F_SETOWN: 1608 case F_SETSIG: 1609 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1610 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1611 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1612 rc = smk_bu_file(file, MAY_WRITE, rc); 1613 break; 1614 default: 1615 break; 1616 } 1617 1618 return rc; 1619 } 1620 1621 /** 1622 * smack_mmap_file : 1623 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1624 * if mapping anonymous memory. 1625 * @file contains the file structure for file to map (may be NULL). 1626 * @reqprot contains the protection requested by the application. 1627 * @prot contains the protection that will be applied by the kernel. 1628 * @flags contains the operational flags. 1629 * Return 0 if permission is granted. 1630 */ 1631 static int smack_mmap_file(struct file *file, 1632 unsigned long reqprot, unsigned long prot, 1633 unsigned long flags) 1634 { 1635 struct smack_known *skp; 1636 struct smack_known *mkp; 1637 struct smack_rule *srp; 1638 struct task_smack *tsp; 1639 struct smack_known *okp; 1640 struct inode_smack *isp; 1641 struct superblock_smack *sbsp; 1642 int may; 1643 int mmay; 1644 int tmay; 1645 int rc; 1646 1647 if (file == NULL) 1648 return 0; 1649 1650 if (unlikely(IS_PRIVATE(file_inode(file)))) 1651 return 0; 1652 1653 isp = smack_inode(file_inode(file)); 1654 if (isp->smk_mmap == NULL) 1655 return 0; 1656 sbsp = smack_superblock(file_inode(file)->i_sb); 1657 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1658 isp->smk_mmap != sbsp->smk_root) 1659 return -EACCES; 1660 mkp = isp->smk_mmap; 1661 1662 tsp = smack_cred(current_cred()); 1663 skp = smk_of_current(); 1664 rc = 0; 1665 1666 rcu_read_lock(); 1667 /* 1668 * For each Smack rule associated with the subject 1669 * label verify that the SMACK64MMAP also has access 1670 * to that rule's object label. 1671 */ 1672 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1673 okp = srp->smk_object; 1674 /* 1675 * Matching labels always allows access. 1676 */ 1677 if (mkp->smk_known == okp->smk_known) 1678 continue; 1679 /* 1680 * If there is a matching local rule take 1681 * that into account as well. 1682 */ 1683 may = smk_access_entry(srp->smk_subject->smk_known, 1684 okp->smk_known, 1685 &tsp->smk_rules); 1686 if (may == -ENOENT) 1687 may = srp->smk_access; 1688 else 1689 may &= srp->smk_access; 1690 /* 1691 * If may is zero the SMACK64MMAP subject can't 1692 * possibly have less access. 1693 */ 1694 if (may == 0) 1695 continue; 1696 1697 /* 1698 * Fetch the global list entry. 1699 * If there isn't one a SMACK64MMAP subject 1700 * can't have as much access as current. 1701 */ 1702 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1703 &mkp->smk_rules); 1704 if (mmay == -ENOENT) { 1705 rc = -EACCES; 1706 break; 1707 } 1708 /* 1709 * If there is a local entry it modifies the 1710 * potential access, too. 1711 */ 1712 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1713 &tsp->smk_rules); 1714 if (tmay != -ENOENT) 1715 mmay &= tmay; 1716 1717 /* 1718 * If there is any access available to current that is 1719 * not available to a SMACK64MMAP subject 1720 * deny access. 1721 */ 1722 if ((may | mmay) != mmay) { 1723 rc = -EACCES; 1724 break; 1725 } 1726 } 1727 1728 rcu_read_unlock(); 1729 1730 return rc; 1731 } 1732 1733 /** 1734 * smack_file_set_fowner - set the file security blob value 1735 * @file: object in question 1736 * 1737 */ 1738 static void smack_file_set_fowner(struct file *file) 1739 { 1740 struct smack_known **blob = smack_file(file); 1741 1742 *blob = smk_of_current(); 1743 } 1744 1745 /** 1746 * smack_file_send_sigiotask - Smack on sigio 1747 * @tsk: The target task 1748 * @fown: the object the signal come from 1749 * @signum: unused 1750 * 1751 * Allow a privileged task to get signals even if it shouldn't 1752 * 1753 * Returns 0 if a subject with the object's smack could 1754 * write to the task, an error code otherwise. 1755 */ 1756 static int smack_file_send_sigiotask(struct task_struct *tsk, 1757 struct fown_struct *fown, int signum) 1758 { 1759 struct smack_known **blob; 1760 struct smack_known *skp; 1761 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1762 const struct cred *tcred; 1763 struct file *file; 1764 int rc; 1765 struct smk_audit_info ad; 1766 1767 /* 1768 * struct fown_struct is never outside the context of a struct file 1769 */ 1770 file = container_of(fown, struct file, f_owner); 1771 1772 /* we don't log here as rc can be overriden */ 1773 blob = smack_file(file); 1774 skp = *blob; 1775 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1776 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1777 1778 rcu_read_lock(); 1779 tcred = __task_cred(tsk); 1780 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1781 rc = 0; 1782 rcu_read_unlock(); 1783 1784 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1785 smk_ad_setfield_u_tsk(&ad, tsk); 1786 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1787 return rc; 1788 } 1789 1790 /** 1791 * smack_file_receive - Smack file receive check 1792 * @file: the object 1793 * 1794 * Returns 0 if current has access, error code otherwise 1795 */ 1796 static int smack_file_receive(struct file *file) 1797 { 1798 int rc; 1799 int may = 0; 1800 struct smk_audit_info ad; 1801 struct inode *inode = file_inode(file); 1802 struct socket *sock; 1803 struct task_smack *tsp; 1804 struct socket_smack *ssp; 1805 1806 if (unlikely(IS_PRIVATE(inode))) 1807 return 0; 1808 1809 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1810 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1811 1812 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1813 sock = SOCKET_I(inode); 1814 ssp = sock->sk->sk_security; 1815 tsp = smack_cred(current_cred()); 1816 /* 1817 * If the receiving process can't write to the 1818 * passed socket or if the passed socket can't 1819 * write to the receiving process don't accept 1820 * the passed socket. 1821 */ 1822 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1823 rc = smk_bu_file(file, may, rc); 1824 if (rc < 0) 1825 return rc; 1826 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1827 rc = smk_bu_file(file, may, rc); 1828 return rc; 1829 } 1830 /* 1831 * This code relies on bitmasks. 1832 */ 1833 if (file->f_mode & FMODE_READ) 1834 may = MAY_READ; 1835 if (file->f_mode & FMODE_WRITE) 1836 may |= MAY_WRITE; 1837 1838 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1839 rc = smk_bu_file(file, may, rc); 1840 return rc; 1841 } 1842 1843 /** 1844 * smack_file_open - Smack dentry open processing 1845 * @file: the object 1846 * 1847 * Set the security blob in the file structure. 1848 * Allow the open only if the task has read access. There are 1849 * many read operations (e.g. fstat) that you can do with an 1850 * fd even if you have the file open write-only. 1851 * 1852 * Returns 0 if current has access, error code otherwise 1853 */ 1854 static int smack_file_open(struct file *file) 1855 { 1856 struct task_smack *tsp = smack_cred(file->f_cred); 1857 struct inode *inode = file_inode(file); 1858 struct smk_audit_info ad; 1859 int rc; 1860 1861 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1862 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1863 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1864 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1865 1866 return rc; 1867 } 1868 1869 /* 1870 * Task hooks 1871 */ 1872 1873 /** 1874 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1875 * @cred: the new credentials 1876 * @gfp: the atomicity of any memory allocations 1877 * 1878 * Prepare a blank set of credentials for modification. This must allocate all 1879 * the memory the LSM module might require such that cred_transfer() can 1880 * complete without error. 1881 */ 1882 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1883 { 1884 init_task_smack(smack_cred(cred), NULL, NULL); 1885 return 0; 1886 } 1887 1888 1889 /** 1890 * smack_cred_free - "free" task-level security credentials 1891 * @cred: the credentials in question 1892 * 1893 */ 1894 static void smack_cred_free(struct cred *cred) 1895 { 1896 struct task_smack *tsp = smack_cred(cred); 1897 struct smack_rule *rp; 1898 struct list_head *l; 1899 struct list_head *n; 1900 1901 smk_destroy_label_list(&tsp->smk_relabel); 1902 1903 list_for_each_safe(l, n, &tsp->smk_rules) { 1904 rp = list_entry(l, struct smack_rule, list); 1905 list_del(&rp->list); 1906 kmem_cache_free(smack_rule_cache, rp); 1907 } 1908 } 1909 1910 /** 1911 * smack_cred_prepare - prepare new set of credentials for modification 1912 * @new: the new credentials 1913 * @old: the original credentials 1914 * @gfp: the atomicity of any memory allocations 1915 * 1916 * Prepare a new set of credentials for modification. 1917 */ 1918 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1919 gfp_t gfp) 1920 { 1921 struct task_smack *old_tsp = smack_cred(old); 1922 struct task_smack *new_tsp = smack_cred(new); 1923 int rc; 1924 1925 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1926 1927 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1928 if (rc != 0) 1929 return rc; 1930 1931 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1932 gfp); 1933 return rc; 1934 } 1935 1936 /** 1937 * smack_cred_transfer - Transfer the old credentials to the new credentials 1938 * @new: the new credentials 1939 * @old: the original credentials 1940 * 1941 * Fill in a set of blank credentials from another set of credentials. 1942 */ 1943 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1944 { 1945 struct task_smack *old_tsp = smack_cred(old); 1946 struct task_smack *new_tsp = smack_cred(new); 1947 1948 new_tsp->smk_task = old_tsp->smk_task; 1949 new_tsp->smk_forked = old_tsp->smk_task; 1950 mutex_init(&new_tsp->smk_rules_lock); 1951 INIT_LIST_HEAD(&new_tsp->smk_rules); 1952 1953 /* cbs copy rule list */ 1954 } 1955 1956 /** 1957 * smack_cred_getsecid - get the secid corresponding to a creds structure 1958 * @cred: the object creds 1959 * @secid: where to put the result 1960 * 1961 * Sets the secid to contain a u32 version of the smack label. 1962 */ 1963 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 1964 { 1965 struct smack_known *skp; 1966 1967 rcu_read_lock(); 1968 skp = smk_of_task(smack_cred(cred)); 1969 *secid = skp->smk_secid; 1970 rcu_read_unlock(); 1971 } 1972 1973 /** 1974 * smack_kernel_act_as - Set the subjective context in a set of credentials 1975 * @new: points to the set of credentials to be modified. 1976 * @secid: specifies the security ID to be set 1977 * 1978 * Set the security data for a kernel service. 1979 */ 1980 static int smack_kernel_act_as(struct cred *new, u32 secid) 1981 { 1982 struct task_smack *new_tsp = smack_cred(new); 1983 1984 new_tsp->smk_task = smack_from_secid(secid); 1985 return 0; 1986 } 1987 1988 /** 1989 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1990 * @new: points to the set of credentials to be modified 1991 * @inode: points to the inode to use as a reference 1992 * 1993 * Set the file creation context in a set of credentials to the same 1994 * as the objective context of the specified inode 1995 */ 1996 static int smack_kernel_create_files_as(struct cred *new, 1997 struct inode *inode) 1998 { 1999 struct inode_smack *isp = smack_inode(inode); 2000 struct task_smack *tsp = smack_cred(new); 2001 2002 tsp->smk_forked = isp->smk_inode; 2003 tsp->smk_task = tsp->smk_forked; 2004 return 0; 2005 } 2006 2007 /** 2008 * smk_curacc_on_task - helper to log task related access 2009 * @p: the task object 2010 * @access: the access requested 2011 * @caller: name of the calling function for audit 2012 * 2013 * Return 0 if access is permitted 2014 */ 2015 static int smk_curacc_on_task(struct task_struct *p, int access, 2016 const char *caller) 2017 { 2018 struct smk_audit_info ad; 2019 struct smack_known *skp = smk_of_task_struct_subj(p); 2020 int rc; 2021 2022 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2023 smk_ad_setfield_u_tsk(&ad, p); 2024 rc = smk_curacc(skp, access, &ad); 2025 rc = smk_bu_task(p, access, rc); 2026 return rc; 2027 } 2028 2029 /** 2030 * smack_task_setpgid - Smack check on setting pgid 2031 * @p: the task object 2032 * @pgid: unused 2033 * 2034 * Return 0 if write access is permitted 2035 */ 2036 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2037 { 2038 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2039 } 2040 2041 /** 2042 * smack_task_getpgid - Smack access check for getpgid 2043 * @p: the object task 2044 * 2045 * Returns 0 if current can read the object task, error code otherwise 2046 */ 2047 static int smack_task_getpgid(struct task_struct *p) 2048 { 2049 return smk_curacc_on_task(p, MAY_READ, __func__); 2050 } 2051 2052 /** 2053 * smack_task_getsid - Smack access check for getsid 2054 * @p: the object task 2055 * 2056 * Returns 0 if current can read the object task, error code otherwise 2057 */ 2058 static int smack_task_getsid(struct task_struct *p) 2059 { 2060 return smk_curacc_on_task(p, MAY_READ, __func__); 2061 } 2062 2063 /** 2064 * smack_task_getsecid_subj - get the subjective secid of the task 2065 * @p: the task 2066 * @secid: where to put the result 2067 * 2068 * Sets the secid to contain a u32 version of the task's subjective smack label. 2069 */ 2070 static void smack_task_getsecid_subj(struct task_struct *p, u32 *secid) 2071 { 2072 struct smack_known *skp = smk_of_task_struct_subj(p); 2073 2074 *secid = skp->smk_secid; 2075 } 2076 2077 /** 2078 * smack_task_getsecid_obj - get the objective secid of the task 2079 * @p: the task 2080 * @secid: where to put the result 2081 * 2082 * Sets the secid to contain a u32 version of the task's objective smack label. 2083 */ 2084 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2085 { 2086 struct smack_known *skp = smk_of_task_struct_obj(p); 2087 2088 *secid = skp->smk_secid; 2089 } 2090 2091 /** 2092 * smack_task_setnice - Smack check on setting nice 2093 * @p: the task object 2094 * @nice: unused 2095 * 2096 * Return 0 if write access is permitted 2097 */ 2098 static int smack_task_setnice(struct task_struct *p, int nice) 2099 { 2100 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2101 } 2102 2103 /** 2104 * smack_task_setioprio - Smack check on setting ioprio 2105 * @p: the task object 2106 * @ioprio: unused 2107 * 2108 * Return 0 if write access is permitted 2109 */ 2110 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2111 { 2112 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2113 } 2114 2115 /** 2116 * smack_task_getioprio - Smack check on reading ioprio 2117 * @p: the task object 2118 * 2119 * Return 0 if read access is permitted 2120 */ 2121 static int smack_task_getioprio(struct task_struct *p) 2122 { 2123 return smk_curacc_on_task(p, MAY_READ, __func__); 2124 } 2125 2126 /** 2127 * smack_task_setscheduler - Smack check on setting scheduler 2128 * @p: the task object 2129 * 2130 * Return 0 if read access is permitted 2131 */ 2132 static int smack_task_setscheduler(struct task_struct *p) 2133 { 2134 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2135 } 2136 2137 /** 2138 * smack_task_getscheduler - Smack check on reading scheduler 2139 * @p: the task object 2140 * 2141 * Return 0 if read access is permitted 2142 */ 2143 static int smack_task_getscheduler(struct task_struct *p) 2144 { 2145 return smk_curacc_on_task(p, MAY_READ, __func__); 2146 } 2147 2148 /** 2149 * smack_task_movememory - Smack check on moving memory 2150 * @p: the task object 2151 * 2152 * Return 0 if write access is permitted 2153 */ 2154 static int smack_task_movememory(struct task_struct *p) 2155 { 2156 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2157 } 2158 2159 /** 2160 * smack_task_kill - Smack check on signal delivery 2161 * @p: the task object 2162 * @info: unused 2163 * @sig: unused 2164 * @cred: identifies the cred to use in lieu of current's 2165 * 2166 * Return 0 if write access is permitted 2167 * 2168 */ 2169 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2170 int sig, const struct cred *cred) 2171 { 2172 struct smk_audit_info ad; 2173 struct smack_known *skp; 2174 struct smack_known *tkp = smk_of_task_struct_obj(p); 2175 int rc; 2176 2177 if (!sig) 2178 return 0; /* null signal; existence test */ 2179 2180 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2181 smk_ad_setfield_u_tsk(&ad, p); 2182 /* 2183 * Sending a signal requires that the sender 2184 * can write the receiver. 2185 */ 2186 if (cred == NULL) { 2187 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2188 rc = smk_bu_task(p, MAY_DELIVER, rc); 2189 return rc; 2190 } 2191 /* 2192 * If the cred isn't NULL we're dealing with some USB IO 2193 * specific behavior. This is not clean. For one thing 2194 * we can't take privilege into account. 2195 */ 2196 skp = smk_of_task(smack_cred(cred)); 2197 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2198 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2199 return rc; 2200 } 2201 2202 /** 2203 * smack_task_to_inode - copy task smack into the inode blob 2204 * @p: task to copy from 2205 * @inode: inode to copy to 2206 * 2207 * Sets the smack pointer in the inode security blob 2208 */ 2209 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2210 { 2211 struct inode_smack *isp = smack_inode(inode); 2212 struct smack_known *skp = smk_of_task_struct_obj(p); 2213 2214 isp->smk_inode = skp; 2215 isp->smk_flags |= SMK_INODE_INSTANT; 2216 } 2217 2218 /* 2219 * Socket hooks. 2220 */ 2221 2222 /** 2223 * smack_sk_alloc_security - Allocate a socket blob 2224 * @sk: the socket 2225 * @family: unused 2226 * @gfp_flags: memory allocation flags 2227 * 2228 * Assign Smack pointers to current 2229 * 2230 * Returns 0 on success, -ENOMEM is there's no memory 2231 */ 2232 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2233 { 2234 struct smack_known *skp = smk_of_current(); 2235 struct socket_smack *ssp; 2236 2237 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2238 if (ssp == NULL) 2239 return -ENOMEM; 2240 2241 /* 2242 * Sockets created by kernel threads receive web label. 2243 */ 2244 if (unlikely(current->flags & PF_KTHREAD)) { 2245 ssp->smk_in = &smack_known_web; 2246 ssp->smk_out = &smack_known_web; 2247 } else { 2248 ssp->smk_in = skp; 2249 ssp->smk_out = skp; 2250 } 2251 ssp->smk_packet = NULL; 2252 2253 sk->sk_security = ssp; 2254 2255 return 0; 2256 } 2257 2258 /** 2259 * smack_sk_free_security - Free a socket blob 2260 * @sk: the socket 2261 * 2262 * Clears the blob pointer 2263 */ 2264 static void smack_sk_free_security(struct sock *sk) 2265 { 2266 #ifdef SMACK_IPV6_PORT_LABELING 2267 struct smk_port_label *spp; 2268 2269 if (sk->sk_family == PF_INET6) { 2270 rcu_read_lock(); 2271 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2272 if (spp->smk_sock != sk) 2273 continue; 2274 spp->smk_can_reuse = 1; 2275 break; 2276 } 2277 rcu_read_unlock(); 2278 } 2279 #endif 2280 kfree(sk->sk_security); 2281 } 2282 2283 /** 2284 * smack_ipv4host_label - check host based restrictions 2285 * @sip: the object end 2286 * 2287 * looks for host based access restrictions 2288 * 2289 * This version will only be appropriate for really small sets of single label 2290 * hosts. The caller is responsible for ensuring that the RCU read lock is 2291 * taken before calling this function. 2292 * 2293 * Returns the label of the far end or NULL if it's not special. 2294 */ 2295 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2296 { 2297 struct smk_net4addr *snp; 2298 struct in_addr *siap = &sip->sin_addr; 2299 2300 if (siap->s_addr == 0) 2301 return NULL; 2302 2303 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2304 /* 2305 * we break after finding the first match because 2306 * the list is sorted from longest to shortest mask 2307 * so we have found the most specific match 2308 */ 2309 if (snp->smk_host.s_addr == 2310 (siap->s_addr & snp->smk_mask.s_addr)) 2311 return snp->smk_label; 2312 2313 return NULL; 2314 } 2315 2316 /* 2317 * smk_ipv6_localhost - Check for local ipv6 host address 2318 * @sip: the address 2319 * 2320 * Returns boolean true if this is the localhost address 2321 */ 2322 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2323 { 2324 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2325 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2326 2327 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2328 ntohs(be16p[7]) == 1) 2329 return true; 2330 return false; 2331 } 2332 2333 /** 2334 * smack_ipv6host_label - check host based restrictions 2335 * @sip: the object end 2336 * 2337 * looks for host based access restrictions 2338 * 2339 * This version will only be appropriate for really small sets of single label 2340 * hosts. The caller is responsible for ensuring that the RCU read lock is 2341 * taken before calling this function. 2342 * 2343 * Returns the label of the far end or NULL if it's not special. 2344 */ 2345 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2346 { 2347 struct smk_net6addr *snp; 2348 struct in6_addr *sap = &sip->sin6_addr; 2349 int i; 2350 int found = 0; 2351 2352 /* 2353 * It's local. Don't look for a host label. 2354 */ 2355 if (smk_ipv6_localhost(sip)) 2356 return NULL; 2357 2358 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2359 /* 2360 * If the label is NULL the entry has 2361 * been renounced. Ignore it. 2362 */ 2363 if (snp->smk_label == NULL) 2364 continue; 2365 /* 2366 * we break after finding the first match because 2367 * the list is sorted from longest to shortest mask 2368 * so we have found the most specific match 2369 */ 2370 for (found = 1, i = 0; i < 8; i++) { 2371 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2372 snp->smk_host.s6_addr16[i]) { 2373 found = 0; 2374 break; 2375 } 2376 } 2377 if (found) 2378 return snp->smk_label; 2379 } 2380 2381 return NULL; 2382 } 2383 2384 /** 2385 * smack_netlbl_add - Set the secattr on a socket 2386 * @sk: the socket 2387 * 2388 * Attach the outbound smack value (smk_out) to the socket. 2389 * 2390 * Returns 0 on success or an error code 2391 */ 2392 static int smack_netlbl_add(struct sock *sk) 2393 { 2394 struct socket_smack *ssp = sk->sk_security; 2395 struct smack_known *skp = ssp->smk_out; 2396 int rc; 2397 2398 local_bh_disable(); 2399 bh_lock_sock_nested(sk); 2400 2401 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2402 switch (rc) { 2403 case 0: 2404 ssp->smk_state = SMK_NETLBL_LABELED; 2405 break; 2406 case -EDESTADDRREQ: 2407 ssp->smk_state = SMK_NETLBL_REQSKB; 2408 rc = 0; 2409 break; 2410 } 2411 2412 bh_unlock_sock(sk); 2413 local_bh_enable(); 2414 2415 return rc; 2416 } 2417 2418 /** 2419 * smack_netlbl_delete - Remove the secattr from a socket 2420 * @sk: the socket 2421 * 2422 * Remove the outbound smack value from a socket 2423 */ 2424 static void smack_netlbl_delete(struct sock *sk) 2425 { 2426 struct socket_smack *ssp = sk->sk_security; 2427 2428 /* 2429 * Take the label off the socket if one is set. 2430 */ 2431 if (ssp->smk_state != SMK_NETLBL_LABELED) 2432 return; 2433 2434 local_bh_disable(); 2435 bh_lock_sock_nested(sk); 2436 netlbl_sock_delattr(sk); 2437 bh_unlock_sock(sk); 2438 local_bh_enable(); 2439 ssp->smk_state = SMK_NETLBL_UNLABELED; 2440 } 2441 2442 /** 2443 * smk_ipv4_check - Perform IPv4 host access checks 2444 * @sk: the socket 2445 * @sap: the destination address 2446 * 2447 * Set the correct secattr for the given socket based on the destination 2448 * address and perform any outbound access checks needed. 2449 * 2450 * Returns 0 on success or an error code. 2451 * 2452 */ 2453 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2454 { 2455 struct smack_known *skp; 2456 int rc = 0; 2457 struct smack_known *hkp; 2458 struct socket_smack *ssp = sk->sk_security; 2459 struct smk_audit_info ad; 2460 2461 rcu_read_lock(); 2462 hkp = smack_ipv4host_label(sap); 2463 if (hkp != NULL) { 2464 #ifdef CONFIG_AUDIT 2465 struct lsm_network_audit net; 2466 2467 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2468 ad.a.u.net->family = sap->sin_family; 2469 ad.a.u.net->dport = sap->sin_port; 2470 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2471 #endif 2472 skp = ssp->smk_out; 2473 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2474 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2475 /* 2476 * Clear the socket netlabel if it's set. 2477 */ 2478 if (!rc) 2479 smack_netlbl_delete(sk); 2480 } 2481 rcu_read_unlock(); 2482 2483 return rc; 2484 } 2485 2486 /** 2487 * smk_ipv6_check - check Smack access 2488 * @subject: subject Smack label 2489 * @object: object Smack label 2490 * @address: address 2491 * @act: the action being taken 2492 * 2493 * Check an IPv6 access 2494 */ 2495 static int smk_ipv6_check(struct smack_known *subject, 2496 struct smack_known *object, 2497 struct sockaddr_in6 *address, int act) 2498 { 2499 #ifdef CONFIG_AUDIT 2500 struct lsm_network_audit net; 2501 #endif 2502 struct smk_audit_info ad; 2503 int rc; 2504 2505 #ifdef CONFIG_AUDIT 2506 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2507 ad.a.u.net->family = PF_INET6; 2508 ad.a.u.net->dport = ntohs(address->sin6_port); 2509 if (act == SMK_RECEIVING) 2510 ad.a.u.net->v6info.saddr = address->sin6_addr; 2511 else 2512 ad.a.u.net->v6info.daddr = address->sin6_addr; 2513 #endif 2514 rc = smk_access(subject, object, MAY_WRITE, &ad); 2515 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2516 return rc; 2517 } 2518 2519 #ifdef SMACK_IPV6_PORT_LABELING 2520 /** 2521 * smk_ipv6_port_label - Smack port access table management 2522 * @sock: socket 2523 * @address: address 2524 * 2525 * Create or update the port list entry 2526 */ 2527 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2528 { 2529 struct sock *sk = sock->sk; 2530 struct sockaddr_in6 *addr6; 2531 struct socket_smack *ssp = sock->sk->sk_security; 2532 struct smk_port_label *spp; 2533 unsigned short port = 0; 2534 2535 if (address == NULL) { 2536 /* 2537 * This operation is changing the Smack information 2538 * on the bound socket. Take the changes to the port 2539 * as well. 2540 */ 2541 rcu_read_lock(); 2542 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2543 if (sk != spp->smk_sock) 2544 continue; 2545 spp->smk_in = ssp->smk_in; 2546 spp->smk_out = ssp->smk_out; 2547 rcu_read_unlock(); 2548 return; 2549 } 2550 /* 2551 * A NULL address is only used for updating existing 2552 * bound entries. If there isn't one, it's OK. 2553 */ 2554 rcu_read_unlock(); 2555 return; 2556 } 2557 2558 addr6 = (struct sockaddr_in6 *)address; 2559 port = ntohs(addr6->sin6_port); 2560 /* 2561 * This is a special case that is safely ignored. 2562 */ 2563 if (port == 0) 2564 return; 2565 2566 /* 2567 * Look for an existing port list entry. 2568 * This is an indication that a port is getting reused. 2569 */ 2570 rcu_read_lock(); 2571 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2572 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2573 continue; 2574 if (spp->smk_can_reuse != 1) { 2575 rcu_read_unlock(); 2576 return; 2577 } 2578 spp->smk_port = port; 2579 spp->smk_sock = sk; 2580 spp->smk_in = ssp->smk_in; 2581 spp->smk_out = ssp->smk_out; 2582 spp->smk_can_reuse = 0; 2583 rcu_read_unlock(); 2584 return; 2585 } 2586 rcu_read_unlock(); 2587 /* 2588 * A new port entry is required. 2589 */ 2590 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2591 if (spp == NULL) 2592 return; 2593 2594 spp->smk_port = port; 2595 spp->smk_sock = sk; 2596 spp->smk_in = ssp->smk_in; 2597 spp->smk_out = ssp->smk_out; 2598 spp->smk_sock_type = sock->type; 2599 spp->smk_can_reuse = 0; 2600 2601 mutex_lock(&smack_ipv6_lock); 2602 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2603 mutex_unlock(&smack_ipv6_lock); 2604 return; 2605 } 2606 #endif 2607 2608 /** 2609 * smk_ipv6_port_check - check Smack port access 2610 * @sk: socket 2611 * @address: address 2612 * @act: the action being taken 2613 * 2614 * Create or update the port list entry 2615 */ 2616 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2617 int act) 2618 { 2619 struct smk_port_label *spp; 2620 struct socket_smack *ssp = sk->sk_security; 2621 struct smack_known *skp = NULL; 2622 unsigned short port; 2623 struct smack_known *object; 2624 2625 if (act == SMK_RECEIVING) { 2626 skp = smack_ipv6host_label(address); 2627 object = ssp->smk_in; 2628 } else { 2629 skp = ssp->smk_out; 2630 object = smack_ipv6host_label(address); 2631 } 2632 2633 /* 2634 * The other end is a single label host. 2635 */ 2636 if (skp != NULL && object != NULL) 2637 return smk_ipv6_check(skp, object, address, act); 2638 if (skp == NULL) 2639 skp = smack_net_ambient; 2640 if (object == NULL) 2641 object = smack_net_ambient; 2642 2643 /* 2644 * It's remote, so port lookup does no good. 2645 */ 2646 if (!smk_ipv6_localhost(address)) 2647 return smk_ipv6_check(skp, object, address, act); 2648 2649 /* 2650 * It's local so the send check has to have passed. 2651 */ 2652 if (act == SMK_RECEIVING) 2653 return 0; 2654 2655 port = ntohs(address->sin6_port); 2656 rcu_read_lock(); 2657 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2658 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2659 continue; 2660 object = spp->smk_in; 2661 if (act == SMK_CONNECTING) 2662 ssp->smk_packet = spp->smk_out; 2663 break; 2664 } 2665 rcu_read_unlock(); 2666 2667 return smk_ipv6_check(skp, object, address, act); 2668 } 2669 2670 /** 2671 * smack_inode_setsecurity - set smack xattrs 2672 * @inode: the object 2673 * @name: attribute name 2674 * @value: attribute value 2675 * @size: size of the attribute 2676 * @flags: unused 2677 * 2678 * Sets the named attribute in the appropriate blob 2679 * 2680 * Returns 0 on success, or an error code 2681 */ 2682 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2683 const void *value, size_t size, int flags) 2684 { 2685 struct smack_known *skp; 2686 struct inode_smack *nsp = smack_inode(inode); 2687 struct socket_smack *ssp; 2688 struct socket *sock; 2689 int rc = 0; 2690 2691 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2692 return -EINVAL; 2693 2694 skp = smk_import_entry(value, size); 2695 if (IS_ERR(skp)) 2696 return PTR_ERR(skp); 2697 2698 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2699 nsp->smk_inode = skp; 2700 nsp->smk_flags |= SMK_INODE_INSTANT; 2701 return 0; 2702 } 2703 /* 2704 * The rest of the Smack xattrs are only on sockets. 2705 */ 2706 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2707 return -EOPNOTSUPP; 2708 2709 sock = SOCKET_I(inode); 2710 if (sock == NULL || sock->sk == NULL) 2711 return -EOPNOTSUPP; 2712 2713 ssp = sock->sk->sk_security; 2714 2715 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2716 ssp->smk_in = skp; 2717 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2718 ssp->smk_out = skp; 2719 if (sock->sk->sk_family == PF_INET) { 2720 rc = smack_netlbl_add(sock->sk); 2721 if (rc != 0) 2722 printk(KERN_WARNING 2723 "Smack: \"%s\" netlbl error %d.\n", 2724 __func__, -rc); 2725 } 2726 } else 2727 return -EOPNOTSUPP; 2728 2729 #ifdef SMACK_IPV6_PORT_LABELING 2730 if (sock->sk->sk_family == PF_INET6) 2731 smk_ipv6_port_label(sock, NULL); 2732 #endif 2733 2734 return 0; 2735 } 2736 2737 /** 2738 * smack_socket_post_create - finish socket setup 2739 * @sock: the socket 2740 * @family: protocol family 2741 * @type: unused 2742 * @protocol: unused 2743 * @kern: unused 2744 * 2745 * Sets the netlabel information on the socket 2746 * 2747 * Returns 0 on success, and error code otherwise 2748 */ 2749 static int smack_socket_post_create(struct socket *sock, int family, 2750 int type, int protocol, int kern) 2751 { 2752 struct socket_smack *ssp; 2753 2754 if (sock->sk == NULL) 2755 return 0; 2756 2757 /* 2758 * Sockets created by kernel threads receive web label. 2759 */ 2760 if (unlikely(current->flags & PF_KTHREAD)) { 2761 ssp = sock->sk->sk_security; 2762 ssp->smk_in = &smack_known_web; 2763 ssp->smk_out = &smack_known_web; 2764 } 2765 2766 if (family != PF_INET) 2767 return 0; 2768 /* 2769 * Set the outbound netlbl. 2770 */ 2771 return smack_netlbl_add(sock->sk); 2772 } 2773 2774 /** 2775 * smack_socket_socketpair - create socket pair 2776 * @socka: one socket 2777 * @sockb: another socket 2778 * 2779 * Cross reference the peer labels for SO_PEERSEC 2780 * 2781 * Returns 0 2782 */ 2783 static int smack_socket_socketpair(struct socket *socka, 2784 struct socket *sockb) 2785 { 2786 struct socket_smack *asp = socka->sk->sk_security; 2787 struct socket_smack *bsp = sockb->sk->sk_security; 2788 2789 asp->smk_packet = bsp->smk_out; 2790 bsp->smk_packet = asp->smk_out; 2791 2792 return 0; 2793 } 2794 2795 #ifdef SMACK_IPV6_PORT_LABELING 2796 /** 2797 * smack_socket_bind - record port binding information. 2798 * @sock: the socket 2799 * @address: the port address 2800 * @addrlen: size of the address 2801 * 2802 * Records the label bound to a port. 2803 * 2804 * Returns 0 on success, and error code otherwise 2805 */ 2806 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2807 int addrlen) 2808 { 2809 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2810 if (addrlen < SIN6_LEN_RFC2133 || 2811 address->sa_family != AF_INET6) 2812 return -EINVAL; 2813 smk_ipv6_port_label(sock, address); 2814 } 2815 return 0; 2816 } 2817 #endif /* SMACK_IPV6_PORT_LABELING */ 2818 2819 /** 2820 * smack_socket_connect - connect access check 2821 * @sock: the socket 2822 * @sap: the other end 2823 * @addrlen: size of sap 2824 * 2825 * Verifies that a connection may be possible 2826 * 2827 * Returns 0 on success, and error code otherwise 2828 */ 2829 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2830 int addrlen) 2831 { 2832 int rc = 0; 2833 2834 if (sock->sk == NULL) 2835 return 0; 2836 if (sock->sk->sk_family != PF_INET && 2837 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2838 return 0; 2839 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2840 return 0; 2841 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2842 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2843 struct smack_known *rsp = NULL; 2844 2845 if (addrlen < SIN6_LEN_RFC2133) 2846 return 0; 2847 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2848 rsp = smack_ipv6host_label(sip); 2849 if (rsp != NULL) { 2850 struct socket_smack *ssp = sock->sk->sk_security; 2851 2852 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2853 SMK_CONNECTING); 2854 } 2855 if (__is_defined(SMACK_IPV6_PORT_LABELING)) 2856 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2857 2858 return rc; 2859 } 2860 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2861 return 0; 2862 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 2863 return rc; 2864 } 2865 2866 /** 2867 * smack_flags_to_may - convert S_ to MAY_ values 2868 * @flags: the S_ value 2869 * 2870 * Returns the equivalent MAY_ value 2871 */ 2872 static int smack_flags_to_may(int flags) 2873 { 2874 int may = 0; 2875 2876 if (flags & S_IRUGO) 2877 may |= MAY_READ; 2878 if (flags & S_IWUGO) 2879 may |= MAY_WRITE; 2880 if (flags & S_IXUGO) 2881 may |= MAY_EXEC; 2882 2883 return may; 2884 } 2885 2886 /** 2887 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2888 * @msg: the object 2889 * 2890 * Returns 0 2891 */ 2892 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2893 { 2894 struct smack_known **blob = smack_msg_msg(msg); 2895 2896 *blob = smk_of_current(); 2897 return 0; 2898 } 2899 2900 /** 2901 * smack_of_ipc - the smack pointer for the ipc 2902 * @isp: the object 2903 * 2904 * Returns a pointer to the smack value 2905 */ 2906 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2907 { 2908 struct smack_known **blob = smack_ipc(isp); 2909 2910 return *blob; 2911 } 2912 2913 /** 2914 * smack_ipc_alloc_security - Set the security blob for ipc 2915 * @isp: the object 2916 * 2917 * Returns 0 2918 */ 2919 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 2920 { 2921 struct smack_known **blob = smack_ipc(isp); 2922 2923 *blob = smk_of_current(); 2924 return 0; 2925 } 2926 2927 /** 2928 * smk_curacc_shm : check if current has access on shm 2929 * @isp : the object 2930 * @access : access requested 2931 * 2932 * Returns 0 if current has the requested access, error code otherwise 2933 */ 2934 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 2935 { 2936 struct smack_known *ssp = smack_of_ipc(isp); 2937 struct smk_audit_info ad; 2938 int rc; 2939 2940 #ifdef CONFIG_AUDIT 2941 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2942 ad.a.u.ipc_id = isp->id; 2943 #endif 2944 rc = smk_curacc(ssp, access, &ad); 2945 rc = smk_bu_current("shm", ssp, access, rc); 2946 return rc; 2947 } 2948 2949 /** 2950 * smack_shm_associate - Smack access check for shm 2951 * @isp: the object 2952 * @shmflg: access requested 2953 * 2954 * Returns 0 if current has the requested access, error code otherwise 2955 */ 2956 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 2957 { 2958 int may; 2959 2960 may = smack_flags_to_may(shmflg); 2961 return smk_curacc_shm(isp, may); 2962 } 2963 2964 /** 2965 * smack_shm_shmctl - Smack access check for shm 2966 * @isp: the object 2967 * @cmd: what it wants to do 2968 * 2969 * Returns 0 if current has the requested access, error code otherwise 2970 */ 2971 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 2972 { 2973 int may; 2974 2975 switch (cmd) { 2976 case IPC_STAT: 2977 case SHM_STAT: 2978 case SHM_STAT_ANY: 2979 may = MAY_READ; 2980 break; 2981 case IPC_SET: 2982 case SHM_LOCK: 2983 case SHM_UNLOCK: 2984 case IPC_RMID: 2985 may = MAY_READWRITE; 2986 break; 2987 case IPC_INFO: 2988 case SHM_INFO: 2989 /* 2990 * System level information. 2991 */ 2992 return 0; 2993 default: 2994 return -EINVAL; 2995 } 2996 return smk_curacc_shm(isp, may); 2997 } 2998 2999 /** 3000 * smack_shm_shmat - Smack access for shmat 3001 * @isp: the object 3002 * @shmaddr: unused 3003 * @shmflg: access requested 3004 * 3005 * Returns 0 if current has the requested access, error code otherwise 3006 */ 3007 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3008 int shmflg) 3009 { 3010 int may; 3011 3012 may = smack_flags_to_may(shmflg); 3013 return smk_curacc_shm(isp, may); 3014 } 3015 3016 /** 3017 * smk_curacc_sem : check if current has access on sem 3018 * @isp : the object 3019 * @access : access requested 3020 * 3021 * Returns 0 if current has the requested access, error code otherwise 3022 */ 3023 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3024 { 3025 struct smack_known *ssp = smack_of_ipc(isp); 3026 struct smk_audit_info ad; 3027 int rc; 3028 3029 #ifdef CONFIG_AUDIT 3030 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3031 ad.a.u.ipc_id = isp->id; 3032 #endif 3033 rc = smk_curacc(ssp, access, &ad); 3034 rc = smk_bu_current("sem", ssp, access, rc); 3035 return rc; 3036 } 3037 3038 /** 3039 * smack_sem_associate - Smack access check for sem 3040 * @isp: the object 3041 * @semflg: access requested 3042 * 3043 * Returns 0 if current has the requested access, error code otherwise 3044 */ 3045 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3046 { 3047 int may; 3048 3049 may = smack_flags_to_may(semflg); 3050 return smk_curacc_sem(isp, may); 3051 } 3052 3053 /** 3054 * smack_sem_shmctl - Smack access check for sem 3055 * @isp: the object 3056 * @cmd: what it wants to do 3057 * 3058 * Returns 0 if current has the requested access, error code otherwise 3059 */ 3060 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3061 { 3062 int may; 3063 3064 switch (cmd) { 3065 case GETPID: 3066 case GETNCNT: 3067 case GETZCNT: 3068 case GETVAL: 3069 case GETALL: 3070 case IPC_STAT: 3071 case SEM_STAT: 3072 case SEM_STAT_ANY: 3073 may = MAY_READ; 3074 break; 3075 case SETVAL: 3076 case SETALL: 3077 case IPC_RMID: 3078 case IPC_SET: 3079 may = MAY_READWRITE; 3080 break; 3081 case IPC_INFO: 3082 case SEM_INFO: 3083 /* 3084 * System level information 3085 */ 3086 return 0; 3087 default: 3088 return -EINVAL; 3089 } 3090 3091 return smk_curacc_sem(isp, may); 3092 } 3093 3094 /** 3095 * smack_sem_semop - Smack checks of semaphore operations 3096 * @isp: the object 3097 * @sops: unused 3098 * @nsops: unused 3099 * @alter: unused 3100 * 3101 * Treated as read and write in all cases. 3102 * 3103 * Returns 0 if access is allowed, error code otherwise 3104 */ 3105 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3106 unsigned nsops, int alter) 3107 { 3108 return smk_curacc_sem(isp, MAY_READWRITE); 3109 } 3110 3111 /** 3112 * smk_curacc_msq : helper to check if current has access on msq 3113 * @isp : the msq 3114 * @access : access requested 3115 * 3116 * return 0 if current has access, error otherwise 3117 */ 3118 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3119 { 3120 struct smack_known *msp = smack_of_ipc(isp); 3121 struct smk_audit_info ad; 3122 int rc; 3123 3124 #ifdef CONFIG_AUDIT 3125 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3126 ad.a.u.ipc_id = isp->id; 3127 #endif 3128 rc = smk_curacc(msp, access, &ad); 3129 rc = smk_bu_current("msq", msp, access, rc); 3130 return rc; 3131 } 3132 3133 /** 3134 * smack_msg_queue_associate - Smack access check for msg_queue 3135 * @isp: the object 3136 * @msqflg: access requested 3137 * 3138 * Returns 0 if current has the requested access, error code otherwise 3139 */ 3140 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3141 { 3142 int may; 3143 3144 may = smack_flags_to_may(msqflg); 3145 return smk_curacc_msq(isp, may); 3146 } 3147 3148 /** 3149 * smack_msg_queue_msgctl - Smack access check for msg_queue 3150 * @isp: the object 3151 * @cmd: what it wants to do 3152 * 3153 * Returns 0 if current has the requested access, error code otherwise 3154 */ 3155 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3156 { 3157 int may; 3158 3159 switch (cmd) { 3160 case IPC_STAT: 3161 case MSG_STAT: 3162 case MSG_STAT_ANY: 3163 may = MAY_READ; 3164 break; 3165 case IPC_SET: 3166 case IPC_RMID: 3167 may = MAY_READWRITE; 3168 break; 3169 case IPC_INFO: 3170 case MSG_INFO: 3171 /* 3172 * System level information 3173 */ 3174 return 0; 3175 default: 3176 return -EINVAL; 3177 } 3178 3179 return smk_curacc_msq(isp, may); 3180 } 3181 3182 /** 3183 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3184 * @isp: the object 3185 * @msg: unused 3186 * @msqflg: access requested 3187 * 3188 * Returns 0 if current has the requested access, error code otherwise 3189 */ 3190 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3191 int msqflg) 3192 { 3193 int may; 3194 3195 may = smack_flags_to_may(msqflg); 3196 return smk_curacc_msq(isp, may); 3197 } 3198 3199 /** 3200 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3201 * @isp: the object 3202 * @msg: unused 3203 * @target: unused 3204 * @type: unused 3205 * @mode: unused 3206 * 3207 * Returns 0 if current has read and write access, error code otherwise 3208 */ 3209 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg, 3210 struct task_struct *target, long type, int mode) 3211 { 3212 return smk_curacc_msq(isp, MAY_READWRITE); 3213 } 3214 3215 /** 3216 * smack_ipc_permission - Smack access for ipc_permission() 3217 * @ipp: the object permissions 3218 * @flag: access requested 3219 * 3220 * Returns 0 if current has read and write access, error code otherwise 3221 */ 3222 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3223 { 3224 struct smack_known **blob = smack_ipc(ipp); 3225 struct smack_known *iskp = *blob; 3226 int may = smack_flags_to_may(flag); 3227 struct smk_audit_info ad; 3228 int rc; 3229 3230 #ifdef CONFIG_AUDIT 3231 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3232 ad.a.u.ipc_id = ipp->id; 3233 #endif 3234 rc = smk_curacc(iskp, may, &ad); 3235 rc = smk_bu_current("svipc", iskp, may, rc); 3236 return rc; 3237 } 3238 3239 /** 3240 * smack_ipc_getsecid - Extract smack security id 3241 * @ipp: the object permissions 3242 * @secid: where result will be saved 3243 */ 3244 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3245 { 3246 struct smack_known **blob = smack_ipc(ipp); 3247 struct smack_known *iskp = *blob; 3248 3249 *secid = iskp->smk_secid; 3250 } 3251 3252 /** 3253 * smack_d_instantiate - Make sure the blob is correct on an inode 3254 * @opt_dentry: dentry where inode will be attached 3255 * @inode: the object 3256 * 3257 * Set the inode's security blob if it hasn't been done already. 3258 */ 3259 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3260 { 3261 struct super_block *sbp; 3262 struct superblock_smack *sbsp; 3263 struct inode_smack *isp; 3264 struct smack_known *skp; 3265 struct smack_known *ckp = smk_of_current(); 3266 struct smack_known *final; 3267 char trattr[TRANS_TRUE_SIZE]; 3268 int transflag = 0; 3269 int rc; 3270 struct dentry *dp; 3271 3272 if (inode == NULL) 3273 return; 3274 3275 isp = smack_inode(inode); 3276 3277 /* 3278 * If the inode is already instantiated 3279 * take the quick way out 3280 */ 3281 if (isp->smk_flags & SMK_INODE_INSTANT) 3282 return; 3283 3284 sbp = inode->i_sb; 3285 sbsp = smack_superblock(sbp); 3286 /* 3287 * We're going to use the superblock default label 3288 * if there's no label on the file. 3289 */ 3290 final = sbsp->smk_default; 3291 3292 /* 3293 * If this is the root inode the superblock 3294 * may be in the process of initialization. 3295 * If that is the case use the root value out 3296 * of the superblock. 3297 */ 3298 if (opt_dentry->d_parent == opt_dentry) { 3299 switch (sbp->s_magic) { 3300 case CGROUP_SUPER_MAGIC: 3301 case CGROUP2_SUPER_MAGIC: 3302 /* 3303 * The cgroup filesystem is never mounted, 3304 * so there's no opportunity to set the mount 3305 * options. 3306 */ 3307 sbsp->smk_root = &smack_known_star; 3308 sbsp->smk_default = &smack_known_star; 3309 isp->smk_inode = sbsp->smk_root; 3310 break; 3311 case TMPFS_MAGIC: 3312 /* 3313 * What about shmem/tmpfs anonymous files with dentry 3314 * obtained from d_alloc_pseudo()? 3315 */ 3316 isp->smk_inode = smk_of_current(); 3317 break; 3318 case PIPEFS_MAGIC: 3319 isp->smk_inode = smk_of_current(); 3320 break; 3321 case SOCKFS_MAGIC: 3322 /* 3323 * Socket access is controlled by the socket 3324 * structures associated with the task involved. 3325 */ 3326 isp->smk_inode = &smack_known_star; 3327 break; 3328 default: 3329 isp->smk_inode = sbsp->smk_root; 3330 break; 3331 } 3332 isp->smk_flags |= SMK_INODE_INSTANT; 3333 return; 3334 } 3335 3336 /* 3337 * This is pretty hackish. 3338 * Casey says that we shouldn't have to do 3339 * file system specific code, but it does help 3340 * with keeping it simple. 3341 */ 3342 switch (sbp->s_magic) { 3343 case SMACK_MAGIC: 3344 case CGROUP_SUPER_MAGIC: 3345 case CGROUP2_SUPER_MAGIC: 3346 /* 3347 * Casey says that it's a little embarrassing 3348 * that the smack file system doesn't do 3349 * extended attributes. 3350 * 3351 * Cgroupfs is special 3352 */ 3353 final = &smack_known_star; 3354 break; 3355 case DEVPTS_SUPER_MAGIC: 3356 /* 3357 * devpts seems content with the label of the task. 3358 * Programs that change smack have to treat the 3359 * pty with respect. 3360 */ 3361 final = ckp; 3362 break; 3363 case PROC_SUPER_MAGIC: 3364 /* 3365 * Casey says procfs appears not to care. 3366 * The superblock default suffices. 3367 */ 3368 break; 3369 case TMPFS_MAGIC: 3370 /* 3371 * Device labels should come from the filesystem, 3372 * but watch out, because they're volitile, 3373 * getting recreated on every reboot. 3374 */ 3375 final = &smack_known_star; 3376 /* 3377 * If a smack value has been set we want to use it, 3378 * but since tmpfs isn't giving us the opportunity 3379 * to set mount options simulate setting the 3380 * superblock default. 3381 */ 3382 fallthrough; 3383 default: 3384 /* 3385 * This isn't an understood special case. 3386 * Get the value from the xattr. 3387 */ 3388 3389 /* 3390 * UNIX domain sockets use lower level socket data. 3391 */ 3392 if (S_ISSOCK(inode->i_mode)) { 3393 final = &smack_known_star; 3394 break; 3395 } 3396 /* 3397 * No xattr support means, alas, no SMACK label. 3398 * Use the aforeapplied default. 3399 * It would be curious if the label of the task 3400 * does not match that assigned. 3401 */ 3402 if (!(inode->i_opflags & IOP_XATTR)) 3403 break; 3404 /* 3405 * Get the dentry for xattr. 3406 */ 3407 dp = dget(opt_dentry); 3408 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3409 if (!IS_ERR_OR_NULL(skp)) 3410 final = skp; 3411 3412 /* 3413 * Transmuting directory 3414 */ 3415 if (S_ISDIR(inode->i_mode)) { 3416 /* 3417 * If this is a new directory and the label was 3418 * transmuted when the inode was initialized 3419 * set the transmute attribute on the directory 3420 * and mark the inode. 3421 * 3422 * If there is a transmute attribute on the 3423 * directory mark the inode. 3424 */ 3425 if (isp->smk_flags & SMK_INODE_CHANGED) { 3426 isp->smk_flags &= ~SMK_INODE_CHANGED; 3427 rc = __vfs_setxattr(&init_user_ns, dp, inode, 3428 XATTR_NAME_SMACKTRANSMUTE, 3429 TRANS_TRUE, TRANS_TRUE_SIZE, 3430 0); 3431 } else { 3432 rc = __vfs_getxattr(dp, inode, 3433 XATTR_NAME_SMACKTRANSMUTE, trattr, 3434 TRANS_TRUE_SIZE); 3435 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3436 TRANS_TRUE_SIZE) != 0) 3437 rc = -EINVAL; 3438 } 3439 if (rc >= 0) 3440 transflag = SMK_INODE_TRANSMUTE; 3441 } 3442 /* 3443 * Don't let the exec or mmap label be "*" or "@". 3444 */ 3445 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3446 if (IS_ERR(skp) || skp == &smack_known_star || 3447 skp == &smack_known_web) 3448 skp = NULL; 3449 isp->smk_task = skp; 3450 3451 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3452 if (IS_ERR(skp) || skp == &smack_known_star || 3453 skp == &smack_known_web) 3454 skp = NULL; 3455 isp->smk_mmap = skp; 3456 3457 dput(dp); 3458 break; 3459 } 3460 3461 if (final == NULL) 3462 isp->smk_inode = ckp; 3463 else 3464 isp->smk_inode = final; 3465 3466 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3467 3468 return; 3469 } 3470 3471 /** 3472 * smack_getprocattr - Smack process attribute access 3473 * @p: the object task 3474 * @name: the name of the attribute in /proc/.../attr 3475 * @value: where to put the result 3476 * 3477 * Places a copy of the task Smack into value 3478 * 3479 * Returns the length of the smack label or an error code 3480 */ 3481 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3482 { 3483 struct smack_known *skp = smk_of_task_struct_subj(p); 3484 char *cp; 3485 int slen; 3486 3487 if (strcmp(name, "current") != 0) 3488 return -EINVAL; 3489 3490 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3491 if (cp == NULL) 3492 return -ENOMEM; 3493 3494 slen = strlen(cp); 3495 *value = cp; 3496 return slen; 3497 } 3498 3499 /** 3500 * smack_setprocattr - Smack process attribute setting 3501 * @name: the name of the attribute in /proc/.../attr 3502 * @value: the value to set 3503 * @size: the size of the value 3504 * 3505 * Sets the Smack value of the task. Only setting self 3506 * is permitted and only with privilege 3507 * 3508 * Returns the length of the smack label or an error code 3509 */ 3510 static int smack_setprocattr(const char *name, void *value, size_t size) 3511 { 3512 struct task_smack *tsp = smack_cred(current_cred()); 3513 struct cred *new; 3514 struct smack_known *skp; 3515 struct smack_known_list_elem *sklep; 3516 int rc; 3517 3518 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3519 return -EPERM; 3520 3521 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3522 return -EINVAL; 3523 3524 if (strcmp(name, "current") != 0) 3525 return -EINVAL; 3526 3527 skp = smk_import_entry(value, size); 3528 if (IS_ERR(skp)) 3529 return PTR_ERR(skp); 3530 3531 /* 3532 * No process is ever allowed the web ("@") label 3533 * and the star ("*") label. 3534 */ 3535 if (skp == &smack_known_web || skp == &smack_known_star) 3536 return -EINVAL; 3537 3538 if (!smack_privileged(CAP_MAC_ADMIN)) { 3539 rc = -EPERM; 3540 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3541 if (sklep->smk_label == skp) { 3542 rc = 0; 3543 break; 3544 } 3545 if (rc) 3546 return rc; 3547 } 3548 3549 new = prepare_creds(); 3550 if (new == NULL) 3551 return -ENOMEM; 3552 3553 tsp = smack_cred(new); 3554 tsp->smk_task = skp; 3555 /* 3556 * process can change its label only once 3557 */ 3558 smk_destroy_label_list(&tsp->smk_relabel); 3559 3560 commit_creds(new); 3561 return size; 3562 } 3563 3564 /** 3565 * smack_unix_stream_connect - Smack access on UDS 3566 * @sock: one sock 3567 * @other: the other sock 3568 * @newsk: unused 3569 * 3570 * Return 0 if a subject with the smack of sock could access 3571 * an object with the smack of other, otherwise an error code 3572 */ 3573 static int smack_unix_stream_connect(struct sock *sock, 3574 struct sock *other, struct sock *newsk) 3575 { 3576 struct smack_known *skp; 3577 struct smack_known *okp; 3578 struct socket_smack *ssp = sock->sk_security; 3579 struct socket_smack *osp = other->sk_security; 3580 struct socket_smack *nsp = newsk->sk_security; 3581 struct smk_audit_info ad; 3582 int rc = 0; 3583 #ifdef CONFIG_AUDIT 3584 struct lsm_network_audit net; 3585 #endif 3586 3587 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3588 skp = ssp->smk_out; 3589 okp = osp->smk_in; 3590 #ifdef CONFIG_AUDIT 3591 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3592 smk_ad_setfield_u_net_sk(&ad, other); 3593 #endif 3594 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3595 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3596 if (rc == 0) { 3597 okp = osp->smk_out; 3598 skp = ssp->smk_in; 3599 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3600 rc = smk_bu_note("UDS connect", okp, skp, 3601 MAY_WRITE, rc); 3602 } 3603 } 3604 3605 /* 3606 * Cross reference the peer labels for SO_PEERSEC. 3607 */ 3608 if (rc == 0) { 3609 nsp->smk_packet = ssp->smk_out; 3610 ssp->smk_packet = osp->smk_out; 3611 } 3612 3613 return rc; 3614 } 3615 3616 /** 3617 * smack_unix_may_send - Smack access on UDS 3618 * @sock: one socket 3619 * @other: the other socket 3620 * 3621 * Return 0 if a subject with the smack of sock could access 3622 * an object with the smack of other, otherwise an error code 3623 */ 3624 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3625 { 3626 struct socket_smack *ssp = sock->sk->sk_security; 3627 struct socket_smack *osp = other->sk->sk_security; 3628 struct smk_audit_info ad; 3629 int rc; 3630 3631 #ifdef CONFIG_AUDIT 3632 struct lsm_network_audit net; 3633 3634 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3635 smk_ad_setfield_u_net_sk(&ad, other->sk); 3636 #endif 3637 3638 if (smack_privileged(CAP_MAC_OVERRIDE)) 3639 return 0; 3640 3641 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3642 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3643 return rc; 3644 } 3645 3646 /** 3647 * smack_socket_sendmsg - Smack check based on destination host 3648 * @sock: the socket 3649 * @msg: the message 3650 * @size: the size of the message 3651 * 3652 * Return 0 if the current subject can write to the destination host. 3653 * For IPv4 this is only a question if the destination is a single label host. 3654 * For IPv6 this is a check against the label of the port. 3655 */ 3656 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3657 int size) 3658 { 3659 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3660 #if IS_ENABLED(CONFIG_IPV6) 3661 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3662 #endif 3663 #ifdef SMACK_IPV6_SECMARK_LABELING 3664 struct socket_smack *ssp = sock->sk->sk_security; 3665 struct smack_known *rsp; 3666 #endif 3667 int rc = 0; 3668 3669 /* 3670 * Perfectly reasonable for this to be NULL 3671 */ 3672 if (sip == NULL) 3673 return 0; 3674 3675 switch (sock->sk->sk_family) { 3676 case AF_INET: 3677 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3678 sip->sin_family != AF_INET) 3679 return -EINVAL; 3680 rc = smk_ipv4_check(sock->sk, sip); 3681 break; 3682 #if IS_ENABLED(CONFIG_IPV6) 3683 case AF_INET6: 3684 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3685 sap->sin6_family != AF_INET6) 3686 return -EINVAL; 3687 #ifdef SMACK_IPV6_SECMARK_LABELING 3688 rsp = smack_ipv6host_label(sap); 3689 if (rsp != NULL) 3690 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3691 SMK_CONNECTING); 3692 #endif 3693 #ifdef SMACK_IPV6_PORT_LABELING 3694 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3695 #endif 3696 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3697 break; 3698 } 3699 return rc; 3700 } 3701 3702 /** 3703 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3704 * @sap: netlabel secattr 3705 * @ssp: socket security information 3706 * 3707 * Returns a pointer to a Smack label entry found on the label list. 3708 */ 3709 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3710 struct socket_smack *ssp) 3711 { 3712 struct smack_known *skp; 3713 int found = 0; 3714 int acat; 3715 int kcat; 3716 3717 /* 3718 * Netlabel found it in the cache. 3719 */ 3720 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3721 return (struct smack_known *)sap->cache->data; 3722 3723 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3724 /* 3725 * Looks like a fallback, which gives us a secid. 3726 */ 3727 return smack_from_secid(sap->attr.secid); 3728 3729 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3730 /* 3731 * Looks like a CIPSO packet. 3732 * If there are flags but no level netlabel isn't 3733 * behaving the way we expect it to. 3734 * 3735 * Look it up in the label table 3736 * Without guidance regarding the smack value 3737 * for the packet fall back on the network 3738 * ambient value. 3739 */ 3740 rcu_read_lock(); 3741 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3742 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3743 continue; 3744 /* 3745 * Compare the catsets. Use the netlbl APIs. 3746 */ 3747 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3748 if ((skp->smk_netlabel.flags & 3749 NETLBL_SECATTR_MLS_CAT) == 0) 3750 found = 1; 3751 break; 3752 } 3753 for (acat = -1, kcat = -1; acat == kcat; ) { 3754 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3755 acat + 1); 3756 kcat = netlbl_catmap_walk( 3757 skp->smk_netlabel.attr.mls.cat, 3758 kcat + 1); 3759 if (acat < 0 || kcat < 0) 3760 break; 3761 } 3762 if (acat == kcat) { 3763 found = 1; 3764 break; 3765 } 3766 } 3767 rcu_read_unlock(); 3768 3769 if (found) 3770 return skp; 3771 3772 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3773 return &smack_known_web; 3774 return &smack_known_star; 3775 } 3776 /* 3777 * Without guidance regarding the smack value 3778 * for the packet fall back on the network 3779 * ambient value. 3780 */ 3781 return smack_net_ambient; 3782 } 3783 3784 #if IS_ENABLED(CONFIG_IPV6) 3785 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3786 { 3787 u8 nexthdr; 3788 int offset; 3789 int proto = -EINVAL; 3790 struct ipv6hdr _ipv6h; 3791 struct ipv6hdr *ip6; 3792 __be16 frag_off; 3793 struct tcphdr _tcph, *th; 3794 struct udphdr _udph, *uh; 3795 struct dccp_hdr _dccph, *dh; 3796 3797 sip->sin6_port = 0; 3798 3799 offset = skb_network_offset(skb); 3800 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3801 if (ip6 == NULL) 3802 return -EINVAL; 3803 sip->sin6_addr = ip6->saddr; 3804 3805 nexthdr = ip6->nexthdr; 3806 offset += sizeof(_ipv6h); 3807 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3808 if (offset < 0) 3809 return -EINVAL; 3810 3811 proto = nexthdr; 3812 switch (proto) { 3813 case IPPROTO_TCP: 3814 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3815 if (th != NULL) 3816 sip->sin6_port = th->source; 3817 break; 3818 case IPPROTO_UDP: 3819 case IPPROTO_UDPLITE: 3820 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3821 if (uh != NULL) 3822 sip->sin6_port = uh->source; 3823 break; 3824 case IPPROTO_DCCP: 3825 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3826 if (dh != NULL) 3827 sip->sin6_port = dh->dccph_sport; 3828 break; 3829 } 3830 return proto; 3831 } 3832 #endif /* CONFIG_IPV6 */ 3833 3834 /** 3835 * smack_from_skb - Smack data from the secmark in an skb 3836 * @skb: packet 3837 * 3838 * Returns smack_known of the secmark or NULL if that won't work. 3839 */ 3840 #ifdef CONFIG_NETWORK_SECMARK 3841 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3842 { 3843 if (skb == NULL || skb->secmark == 0) 3844 return NULL; 3845 3846 return smack_from_secid(skb->secmark); 3847 } 3848 #else 3849 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3850 { 3851 return NULL; 3852 } 3853 #endif 3854 3855 /** 3856 * smack_from_netlbl - Smack data from the IP options in an skb 3857 * @sk: socket data came in on 3858 * @family: address family 3859 * @skb: packet 3860 * 3861 * Find the Smack label in the IP options. If it hasn't been 3862 * added to the netlabel cache, add it here. 3863 * 3864 * Returns smack_known of the IP options or NULL if that won't work. 3865 */ 3866 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 3867 struct sk_buff *skb) 3868 { 3869 struct netlbl_lsm_secattr secattr; 3870 struct socket_smack *ssp = NULL; 3871 struct smack_known *skp = NULL; 3872 3873 netlbl_secattr_init(&secattr); 3874 3875 if (sk) 3876 ssp = sk->sk_security; 3877 3878 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 3879 skp = smack_from_secattr(&secattr, ssp); 3880 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 3881 netlbl_cache_add(skb, family, &skp->smk_netlabel); 3882 } 3883 3884 netlbl_secattr_destroy(&secattr); 3885 3886 return skp; 3887 } 3888 3889 /** 3890 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3891 * @sk: socket 3892 * @skb: packet 3893 * 3894 * Returns 0 if the packet should be delivered, an error code otherwise 3895 */ 3896 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3897 { 3898 struct socket_smack *ssp = sk->sk_security; 3899 struct smack_known *skp = NULL; 3900 int rc = 0; 3901 struct smk_audit_info ad; 3902 u16 family = sk->sk_family; 3903 #ifdef CONFIG_AUDIT 3904 struct lsm_network_audit net; 3905 #endif 3906 #if IS_ENABLED(CONFIG_IPV6) 3907 struct sockaddr_in6 sadd; 3908 int proto; 3909 3910 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3911 family = PF_INET; 3912 #endif /* CONFIG_IPV6 */ 3913 3914 switch (family) { 3915 case PF_INET: 3916 /* 3917 * If there is a secmark use it rather than the CIPSO label. 3918 * If there is no secmark fall back to CIPSO. 3919 * The secmark is assumed to reflect policy better. 3920 */ 3921 skp = smack_from_skb(skb); 3922 if (skp == NULL) { 3923 skp = smack_from_netlbl(sk, family, skb); 3924 if (skp == NULL) 3925 skp = smack_net_ambient; 3926 } 3927 3928 #ifdef CONFIG_AUDIT 3929 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3930 ad.a.u.net->family = family; 3931 ad.a.u.net->netif = skb->skb_iif; 3932 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3933 #endif 3934 /* 3935 * Receiving a packet requires that the other end 3936 * be able to write here. Read access is not required. 3937 * This is the simplist possible security model 3938 * for networking. 3939 */ 3940 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3941 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3942 MAY_WRITE, rc); 3943 if (rc != 0) 3944 netlbl_skbuff_err(skb, family, rc, 0); 3945 break; 3946 #if IS_ENABLED(CONFIG_IPV6) 3947 case PF_INET6: 3948 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3949 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3950 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 3951 break; 3952 #ifdef SMACK_IPV6_SECMARK_LABELING 3953 skp = smack_from_skb(skb); 3954 if (skp == NULL) { 3955 if (smk_ipv6_localhost(&sadd)) 3956 break; 3957 skp = smack_ipv6host_label(&sadd); 3958 if (skp == NULL) 3959 skp = smack_net_ambient; 3960 } 3961 #ifdef CONFIG_AUDIT 3962 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3963 ad.a.u.net->family = family; 3964 ad.a.u.net->netif = skb->skb_iif; 3965 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3966 #endif /* CONFIG_AUDIT */ 3967 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3968 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3969 MAY_WRITE, rc); 3970 #endif /* SMACK_IPV6_SECMARK_LABELING */ 3971 #ifdef SMACK_IPV6_PORT_LABELING 3972 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3973 #endif /* SMACK_IPV6_PORT_LABELING */ 3974 if (rc != 0) 3975 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 3976 ICMPV6_ADM_PROHIBITED, 0); 3977 break; 3978 #endif /* CONFIG_IPV6 */ 3979 } 3980 3981 return rc; 3982 } 3983 3984 /** 3985 * smack_socket_getpeersec_stream - pull in packet label 3986 * @sock: the socket 3987 * @optval: user's destination 3988 * @optlen: size thereof 3989 * @len: max thereof 3990 * 3991 * returns zero on success, an error code otherwise 3992 */ 3993 static int smack_socket_getpeersec_stream(struct socket *sock, 3994 char __user *optval, 3995 int __user *optlen, unsigned len) 3996 { 3997 struct socket_smack *ssp; 3998 char *rcp = ""; 3999 int slen = 1; 4000 int rc = 0; 4001 4002 ssp = sock->sk->sk_security; 4003 if (ssp->smk_packet != NULL) { 4004 rcp = ssp->smk_packet->smk_known; 4005 slen = strlen(rcp) + 1; 4006 } 4007 4008 if (slen > len) 4009 rc = -ERANGE; 4010 else if (copy_to_user(optval, rcp, slen) != 0) 4011 rc = -EFAULT; 4012 4013 if (put_user(slen, optlen) != 0) 4014 rc = -EFAULT; 4015 4016 return rc; 4017 } 4018 4019 4020 /** 4021 * smack_socket_getpeersec_dgram - pull in packet label 4022 * @sock: the peer socket 4023 * @skb: packet data 4024 * @secid: pointer to where to put the secid of the packet 4025 * 4026 * Sets the netlabel socket state on sk from parent 4027 */ 4028 static int smack_socket_getpeersec_dgram(struct socket *sock, 4029 struct sk_buff *skb, u32 *secid) 4030 4031 { 4032 struct socket_smack *ssp = NULL; 4033 struct smack_known *skp; 4034 struct sock *sk = NULL; 4035 int family = PF_UNSPEC; 4036 u32 s = 0; /* 0 is the invalid secid */ 4037 4038 if (skb != NULL) { 4039 if (skb->protocol == htons(ETH_P_IP)) 4040 family = PF_INET; 4041 #if IS_ENABLED(CONFIG_IPV6) 4042 else if (skb->protocol == htons(ETH_P_IPV6)) 4043 family = PF_INET6; 4044 #endif /* CONFIG_IPV6 */ 4045 } 4046 if (family == PF_UNSPEC && sock != NULL) 4047 family = sock->sk->sk_family; 4048 4049 switch (family) { 4050 case PF_UNIX: 4051 ssp = sock->sk->sk_security; 4052 s = ssp->smk_out->smk_secid; 4053 break; 4054 case PF_INET: 4055 skp = smack_from_skb(skb); 4056 if (skp) { 4057 s = skp->smk_secid; 4058 break; 4059 } 4060 /* 4061 * Translate what netlabel gave us. 4062 */ 4063 if (sock != NULL) 4064 sk = sock->sk; 4065 skp = smack_from_netlbl(sk, family, skb); 4066 if (skp != NULL) 4067 s = skp->smk_secid; 4068 break; 4069 case PF_INET6: 4070 #ifdef SMACK_IPV6_SECMARK_LABELING 4071 skp = smack_from_skb(skb); 4072 if (skp) 4073 s = skp->smk_secid; 4074 #endif 4075 break; 4076 } 4077 *secid = s; 4078 if (s == 0) 4079 return -EINVAL; 4080 return 0; 4081 } 4082 4083 /** 4084 * smack_sock_graft - Initialize a newly created socket with an existing sock 4085 * @sk: child sock 4086 * @parent: parent socket 4087 * 4088 * Set the smk_{in,out} state of an existing sock based on the process that 4089 * is creating the new socket. 4090 */ 4091 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4092 { 4093 struct socket_smack *ssp; 4094 struct smack_known *skp = smk_of_current(); 4095 4096 if (sk == NULL || 4097 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4098 return; 4099 4100 ssp = sk->sk_security; 4101 ssp->smk_in = skp; 4102 ssp->smk_out = skp; 4103 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4104 } 4105 4106 /** 4107 * smack_inet_conn_request - Smack access check on connect 4108 * @sk: socket involved 4109 * @skb: packet 4110 * @req: unused 4111 * 4112 * Returns 0 if a task with the packet label could write to 4113 * the socket, otherwise an error code 4114 */ 4115 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4116 struct request_sock *req) 4117 { 4118 u16 family = sk->sk_family; 4119 struct smack_known *skp; 4120 struct socket_smack *ssp = sk->sk_security; 4121 struct sockaddr_in addr; 4122 struct iphdr *hdr; 4123 struct smack_known *hskp; 4124 int rc; 4125 struct smk_audit_info ad; 4126 #ifdef CONFIG_AUDIT 4127 struct lsm_network_audit net; 4128 #endif 4129 4130 #if IS_ENABLED(CONFIG_IPV6) 4131 if (family == PF_INET6) { 4132 /* 4133 * Handle mapped IPv4 packets arriving 4134 * via IPv6 sockets. Don't set up netlabel 4135 * processing on IPv6. 4136 */ 4137 if (skb->protocol == htons(ETH_P_IP)) 4138 family = PF_INET; 4139 else 4140 return 0; 4141 } 4142 #endif /* CONFIG_IPV6 */ 4143 4144 /* 4145 * If there is a secmark use it rather than the CIPSO label. 4146 * If there is no secmark fall back to CIPSO. 4147 * The secmark is assumed to reflect policy better. 4148 */ 4149 skp = smack_from_skb(skb); 4150 if (skp == NULL) { 4151 skp = smack_from_netlbl(sk, family, skb); 4152 if (skp == NULL) 4153 skp = &smack_known_huh; 4154 } 4155 4156 #ifdef CONFIG_AUDIT 4157 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4158 ad.a.u.net->family = family; 4159 ad.a.u.net->netif = skb->skb_iif; 4160 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4161 #endif 4162 /* 4163 * Receiving a packet requires that the other end be able to write 4164 * here. Read access is not required. 4165 */ 4166 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4167 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4168 if (rc != 0) 4169 return rc; 4170 4171 /* 4172 * Save the peer's label in the request_sock so we can later setup 4173 * smk_packet in the child socket so that SO_PEERCRED can report it. 4174 */ 4175 req->peer_secid = skp->smk_secid; 4176 4177 /* 4178 * We need to decide if we want to label the incoming connection here 4179 * if we do we only need to label the request_sock and the stack will 4180 * propagate the wire-label to the sock when it is created. 4181 */ 4182 hdr = ip_hdr(skb); 4183 addr.sin_addr.s_addr = hdr->saddr; 4184 rcu_read_lock(); 4185 hskp = smack_ipv4host_label(&addr); 4186 rcu_read_unlock(); 4187 4188 if (hskp == NULL) 4189 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4190 else 4191 netlbl_req_delattr(req); 4192 4193 return rc; 4194 } 4195 4196 /** 4197 * smack_inet_csk_clone - Copy the connection information to the new socket 4198 * @sk: the new socket 4199 * @req: the connection's request_sock 4200 * 4201 * Transfer the connection's peer label to the newly created socket. 4202 */ 4203 static void smack_inet_csk_clone(struct sock *sk, 4204 const struct request_sock *req) 4205 { 4206 struct socket_smack *ssp = sk->sk_security; 4207 struct smack_known *skp; 4208 4209 if (req->peer_secid != 0) { 4210 skp = smack_from_secid(req->peer_secid); 4211 ssp->smk_packet = skp; 4212 } else 4213 ssp->smk_packet = NULL; 4214 } 4215 4216 /* 4217 * Key management security hooks 4218 * 4219 * Casey has not tested key support very heavily. 4220 * The permission check is most likely too restrictive. 4221 * If you care about keys please have a look. 4222 */ 4223 #ifdef CONFIG_KEYS 4224 4225 /** 4226 * smack_key_alloc - Set the key security blob 4227 * @key: object 4228 * @cred: the credentials to use 4229 * @flags: unused 4230 * 4231 * No allocation required 4232 * 4233 * Returns 0 4234 */ 4235 static int smack_key_alloc(struct key *key, const struct cred *cred, 4236 unsigned long flags) 4237 { 4238 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4239 4240 key->security = skp; 4241 return 0; 4242 } 4243 4244 /** 4245 * smack_key_free - Clear the key security blob 4246 * @key: the object 4247 * 4248 * Clear the blob pointer 4249 */ 4250 static void smack_key_free(struct key *key) 4251 { 4252 key->security = NULL; 4253 } 4254 4255 /** 4256 * smack_key_permission - Smack access on a key 4257 * @key_ref: gets to the object 4258 * @cred: the credentials to use 4259 * @need_perm: requested key permission 4260 * 4261 * Return 0 if the task has read and write to the object, 4262 * an error code otherwise 4263 */ 4264 static int smack_key_permission(key_ref_t key_ref, 4265 const struct cred *cred, 4266 enum key_need_perm need_perm) 4267 { 4268 struct key *keyp; 4269 struct smk_audit_info ad; 4270 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4271 int request = 0; 4272 int rc; 4273 4274 /* 4275 * Validate requested permissions 4276 */ 4277 switch (need_perm) { 4278 case KEY_NEED_READ: 4279 case KEY_NEED_SEARCH: 4280 case KEY_NEED_VIEW: 4281 request |= MAY_READ; 4282 break; 4283 case KEY_NEED_WRITE: 4284 case KEY_NEED_LINK: 4285 case KEY_NEED_SETATTR: 4286 request |= MAY_WRITE; 4287 break; 4288 case KEY_NEED_UNSPECIFIED: 4289 case KEY_NEED_UNLINK: 4290 case KEY_SYSADMIN_OVERRIDE: 4291 case KEY_AUTHTOKEN_OVERRIDE: 4292 case KEY_DEFER_PERM_CHECK: 4293 return 0; 4294 default: 4295 return -EINVAL; 4296 } 4297 4298 keyp = key_ref_to_ptr(key_ref); 4299 if (keyp == NULL) 4300 return -EINVAL; 4301 /* 4302 * If the key hasn't been initialized give it access so that 4303 * it may do so. 4304 */ 4305 if (keyp->security == NULL) 4306 return 0; 4307 /* 4308 * This should not occur 4309 */ 4310 if (tkp == NULL) 4311 return -EACCES; 4312 4313 if (smack_privileged(CAP_MAC_OVERRIDE)) 4314 return 0; 4315 4316 #ifdef CONFIG_AUDIT 4317 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4318 ad.a.u.key_struct.key = keyp->serial; 4319 ad.a.u.key_struct.key_desc = keyp->description; 4320 #endif 4321 rc = smk_access(tkp, keyp->security, request, &ad); 4322 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4323 return rc; 4324 } 4325 4326 /* 4327 * smack_key_getsecurity - Smack label tagging the key 4328 * @key points to the key to be queried 4329 * @_buffer points to a pointer that should be set to point to the 4330 * resulting string (if no label or an error occurs). 4331 * Return the length of the string (including terminating NUL) or -ve if 4332 * an error. 4333 * May also return 0 (and a NULL buffer pointer) if there is no label. 4334 */ 4335 static int smack_key_getsecurity(struct key *key, char **_buffer) 4336 { 4337 struct smack_known *skp = key->security; 4338 size_t length; 4339 char *copy; 4340 4341 if (key->security == NULL) { 4342 *_buffer = NULL; 4343 return 0; 4344 } 4345 4346 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4347 if (copy == NULL) 4348 return -ENOMEM; 4349 length = strlen(copy) + 1; 4350 4351 *_buffer = copy; 4352 return length; 4353 } 4354 4355 4356 #ifdef CONFIG_KEY_NOTIFICATIONS 4357 /** 4358 * smack_watch_key - Smack access to watch a key for notifications. 4359 * @key: The key to be watched 4360 * 4361 * Return 0 if the @watch->cred has permission to read from the key object and 4362 * an error otherwise. 4363 */ 4364 static int smack_watch_key(struct key *key) 4365 { 4366 struct smk_audit_info ad; 4367 struct smack_known *tkp = smk_of_current(); 4368 int rc; 4369 4370 if (key == NULL) 4371 return -EINVAL; 4372 /* 4373 * If the key hasn't been initialized give it access so that 4374 * it may do so. 4375 */ 4376 if (key->security == NULL) 4377 return 0; 4378 /* 4379 * This should not occur 4380 */ 4381 if (tkp == NULL) 4382 return -EACCES; 4383 4384 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4385 return 0; 4386 4387 #ifdef CONFIG_AUDIT 4388 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4389 ad.a.u.key_struct.key = key->serial; 4390 ad.a.u.key_struct.key_desc = key->description; 4391 #endif 4392 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4393 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4394 return rc; 4395 } 4396 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4397 #endif /* CONFIG_KEYS */ 4398 4399 #ifdef CONFIG_WATCH_QUEUE 4400 /** 4401 * smack_post_notification - Smack access to post a notification to a queue 4402 * @w_cred: The credentials of the watcher. 4403 * @cred: The credentials of the event source (may be NULL). 4404 * @n: The notification message to be posted. 4405 */ 4406 static int smack_post_notification(const struct cred *w_cred, 4407 const struct cred *cred, 4408 struct watch_notification *n) 4409 { 4410 struct smk_audit_info ad; 4411 struct smack_known *subj, *obj; 4412 int rc; 4413 4414 /* Always let maintenance notifications through. */ 4415 if (n->type == WATCH_TYPE_META) 4416 return 0; 4417 4418 if (!cred) 4419 return 0; 4420 subj = smk_of_task(smack_cred(cred)); 4421 obj = smk_of_task(smack_cred(w_cred)); 4422 4423 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4424 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4425 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4426 return rc; 4427 } 4428 #endif /* CONFIG_WATCH_QUEUE */ 4429 4430 /* 4431 * Smack Audit hooks 4432 * 4433 * Audit requires a unique representation of each Smack specific 4434 * rule. This unique representation is used to distinguish the 4435 * object to be audited from remaining kernel objects and also 4436 * works as a glue between the audit hooks. 4437 * 4438 * Since repository entries are added but never deleted, we'll use 4439 * the smack_known label address related to the given audit rule as 4440 * the needed unique representation. This also better fits the smack 4441 * model where nearly everything is a label. 4442 */ 4443 #ifdef CONFIG_AUDIT 4444 4445 /** 4446 * smack_audit_rule_init - Initialize a smack audit rule 4447 * @field: audit rule fields given from user-space (audit.h) 4448 * @op: required testing operator (=, !=, >, <, ...) 4449 * @rulestr: smack label to be audited 4450 * @vrule: pointer to save our own audit rule representation 4451 * 4452 * Prepare to audit cases where (@field @op @rulestr) is true. 4453 * The label to be audited is created if necessay. 4454 */ 4455 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4456 { 4457 struct smack_known *skp; 4458 char **rule = (char **)vrule; 4459 *rule = NULL; 4460 4461 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4462 return -EINVAL; 4463 4464 if (op != Audit_equal && op != Audit_not_equal) 4465 return -EINVAL; 4466 4467 skp = smk_import_entry(rulestr, 0); 4468 if (IS_ERR(skp)) 4469 return PTR_ERR(skp); 4470 4471 *rule = skp->smk_known; 4472 4473 return 0; 4474 } 4475 4476 /** 4477 * smack_audit_rule_known - Distinguish Smack audit rules 4478 * @krule: rule of interest, in Audit kernel representation format 4479 * 4480 * This is used to filter Smack rules from remaining Audit ones. 4481 * If it's proved that this rule belongs to us, the 4482 * audit_rule_match hook will be called to do the final judgement. 4483 */ 4484 static int smack_audit_rule_known(struct audit_krule *krule) 4485 { 4486 struct audit_field *f; 4487 int i; 4488 4489 for (i = 0; i < krule->field_count; i++) { 4490 f = &krule->fields[i]; 4491 4492 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4493 return 1; 4494 } 4495 4496 return 0; 4497 } 4498 4499 /** 4500 * smack_audit_rule_match - Audit given object ? 4501 * @secid: security id for identifying the object to test 4502 * @field: audit rule flags given from user-space 4503 * @op: required testing operator 4504 * @vrule: smack internal rule presentation 4505 * 4506 * The core Audit hook. It's used to take the decision of 4507 * whether to audit or not to audit a given object. 4508 */ 4509 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4510 { 4511 struct smack_known *skp; 4512 char *rule = vrule; 4513 4514 if (unlikely(!rule)) { 4515 WARN_ONCE(1, "Smack: missing rule\n"); 4516 return -ENOENT; 4517 } 4518 4519 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4520 return 0; 4521 4522 skp = smack_from_secid(secid); 4523 4524 /* 4525 * No need to do string comparisons. If a match occurs, 4526 * both pointers will point to the same smack_known 4527 * label. 4528 */ 4529 if (op == Audit_equal) 4530 return (rule == skp->smk_known); 4531 if (op == Audit_not_equal) 4532 return (rule != skp->smk_known); 4533 4534 return 0; 4535 } 4536 4537 /* 4538 * There is no need for a smack_audit_rule_free hook. 4539 * No memory was allocated. 4540 */ 4541 4542 #endif /* CONFIG_AUDIT */ 4543 4544 /** 4545 * smack_ismaclabel - check if xattr @name references a smack MAC label 4546 * @name: Full xattr name to check. 4547 */ 4548 static int smack_ismaclabel(const char *name) 4549 { 4550 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4551 } 4552 4553 4554 /** 4555 * smack_secid_to_secctx - return the smack label for a secid 4556 * @secid: incoming integer 4557 * @secdata: destination 4558 * @seclen: how long it is 4559 * 4560 * Exists for networking code. 4561 */ 4562 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4563 { 4564 struct smack_known *skp = smack_from_secid(secid); 4565 4566 if (secdata) 4567 *secdata = skp->smk_known; 4568 *seclen = strlen(skp->smk_known); 4569 return 0; 4570 } 4571 4572 /** 4573 * smack_secctx_to_secid - return the secid for a smack label 4574 * @secdata: smack label 4575 * @seclen: how long result is 4576 * @secid: outgoing integer 4577 * 4578 * Exists for audit and networking code. 4579 */ 4580 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4581 { 4582 struct smack_known *skp = smk_find_entry(secdata); 4583 4584 if (skp) 4585 *secid = skp->smk_secid; 4586 else 4587 *secid = 0; 4588 return 0; 4589 } 4590 4591 /* 4592 * There used to be a smack_release_secctx hook 4593 * that did nothing back when hooks were in a vector. 4594 * Now that there's a list such a hook adds cost. 4595 */ 4596 4597 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4598 { 4599 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4600 ctxlen, 0); 4601 } 4602 4603 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4604 { 4605 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK, 4606 ctx, ctxlen, 0); 4607 } 4608 4609 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4610 { 4611 struct smack_known *skp = smk_of_inode(inode); 4612 4613 *ctx = skp->smk_known; 4614 *ctxlen = strlen(skp->smk_known); 4615 return 0; 4616 } 4617 4618 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4619 { 4620 4621 struct task_smack *tsp; 4622 struct smack_known *skp; 4623 struct inode_smack *isp; 4624 struct cred *new_creds = *new; 4625 4626 if (new_creds == NULL) { 4627 new_creds = prepare_creds(); 4628 if (new_creds == NULL) 4629 return -ENOMEM; 4630 } 4631 4632 tsp = smack_cred(new_creds); 4633 4634 /* 4635 * Get label from overlay inode and set it in create_sid 4636 */ 4637 isp = smack_inode(d_inode(dentry->d_parent)); 4638 skp = isp->smk_inode; 4639 tsp->smk_task = skp; 4640 *new = new_creds; 4641 return 0; 4642 } 4643 4644 static int smack_inode_copy_up_xattr(const char *name) 4645 { 4646 /* 4647 * Return 1 if this is the smack access Smack attribute. 4648 */ 4649 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4650 return 1; 4651 4652 return -EOPNOTSUPP; 4653 } 4654 4655 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4656 struct qstr *name, 4657 const struct cred *old, 4658 struct cred *new) 4659 { 4660 struct task_smack *otsp = smack_cred(old); 4661 struct task_smack *ntsp = smack_cred(new); 4662 struct inode_smack *isp; 4663 int may; 4664 4665 /* 4666 * Use the process credential unless all of 4667 * the transmuting criteria are met 4668 */ 4669 ntsp->smk_task = otsp->smk_task; 4670 4671 /* 4672 * the attribute of the containing directory 4673 */ 4674 isp = smack_inode(d_inode(dentry->d_parent)); 4675 4676 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4677 rcu_read_lock(); 4678 may = smk_access_entry(otsp->smk_task->smk_known, 4679 isp->smk_inode->smk_known, 4680 &otsp->smk_task->smk_rules); 4681 rcu_read_unlock(); 4682 4683 /* 4684 * If the directory is transmuting and the rule 4685 * providing access is transmuting use the containing 4686 * directory label instead of the process label. 4687 */ 4688 if (may > 0 && (may & MAY_TRANSMUTE)) 4689 ntsp->smk_task = isp->smk_inode; 4690 } 4691 return 0; 4692 } 4693 4694 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4695 .lbs_cred = sizeof(struct task_smack), 4696 .lbs_file = sizeof(struct smack_known *), 4697 .lbs_inode = sizeof(struct inode_smack), 4698 .lbs_ipc = sizeof(struct smack_known *), 4699 .lbs_msg_msg = sizeof(struct smack_known *), 4700 .lbs_superblock = sizeof(struct superblock_smack), 4701 }; 4702 4703 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4704 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4705 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4706 LSM_HOOK_INIT(syslog, smack_syslog), 4707 4708 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4709 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4710 4711 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4712 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4713 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4714 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4715 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4716 4717 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4718 4719 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4720 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4721 LSM_HOOK_INIT(inode_link, smack_inode_link), 4722 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4723 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4724 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4725 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4726 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4727 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4728 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4729 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4730 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4731 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4732 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4733 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4734 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4735 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4736 4737 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4738 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4739 LSM_HOOK_INIT(file_lock, smack_file_lock), 4740 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4741 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4742 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4743 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4744 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4745 LSM_HOOK_INIT(file_receive, smack_file_receive), 4746 4747 LSM_HOOK_INIT(file_open, smack_file_open), 4748 4749 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4750 LSM_HOOK_INIT(cred_free, smack_cred_free), 4751 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4752 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4753 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4754 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4755 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4756 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4757 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4758 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4759 LSM_HOOK_INIT(task_getsecid_subj, smack_task_getsecid_subj), 4760 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 4761 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4762 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4763 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4764 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4765 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4766 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4767 LSM_HOOK_INIT(task_kill, smack_task_kill), 4768 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4769 4770 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4771 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4772 4773 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4774 4775 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4776 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4777 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4778 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4779 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4780 4781 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4782 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4783 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4784 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4785 4786 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4787 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4788 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4789 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4790 4791 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4792 4793 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4794 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4795 4796 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4797 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4798 4799 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4800 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4801 #ifdef SMACK_IPV6_PORT_LABELING 4802 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4803 #endif 4804 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4805 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4806 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4807 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4808 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4809 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4810 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4811 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4812 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4813 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4814 4815 /* key management security hooks */ 4816 #ifdef CONFIG_KEYS 4817 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4818 LSM_HOOK_INIT(key_free, smack_key_free), 4819 LSM_HOOK_INIT(key_permission, smack_key_permission), 4820 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4821 #ifdef CONFIG_KEY_NOTIFICATIONS 4822 LSM_HOOK_INIT(watch_key, smack_watch_key), 4823 #endif 4824 #endif /* CONFIG_KEYS */ 4825 4826 #ifdef CONFIG_WATCH_QUEUE 4827 LSM_HOOK_INIT(post_notification, smack_post_notification), 4828 #endif 4829 4830 /* Audit hooks */ 4831 #ifdef CONFIG_AUDIT 4832 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4833 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4834 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4835 #endif /* CONFIG_AUDIT */ 4836 4837 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4838 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4839 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4840 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4841 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4842 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4843 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4844 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4845 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4846 }; 4847 4848 4849 static __init void init_smack_known_list(void) 4850 { 4851 /* 4852 * Initialize rule list locks 4853 */ 4854 mutex_init(&smack_known_huh.smk_rules_lock); 4855 mutex_init(&smack_known_hat.smk_rules_lock); 4856 mutex_init(&smack_known_floor.smk_rules_lock); 4857 mutex_init(&smack_known_star.smk_rules_lock); 4858 mutex_init(&smack_known_web.smk_rules_lock); 4859 /* 4860 * Initialize rule lists 4861 */ 4862 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4863 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4864 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4865 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4866 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4867 /* 4868 * Create the known labels list 4869 */ 4870 smk_insert_entry(&smack_known_huh); 4871 smk_insert_entry(&smack_known_hat); 4872 smk_insert_entry(&smack_known_star); 4873 smk_insert_entry(&smack_known_floor); 4874 smk_insert_entry(&smack_known_web); 4875 } 4876 4877 /** 4878 * smack_init - initialize the smack system 4879 * 4880 * Returns 0 on success, -ENOMEM is there's no memory 4881 */ 4882 static __init int smack_init(void) 4883 { 4884 struct cred *cred = (struct cred *) current->cred; 4885 struct task_smack *tsp; 4886 4887 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 4888 if (!smack_rule_cache) 4889 return -ENOMEM; 4890 4891 /* 4892 * Set the security state for the initial task. 4893 */ 4894 tsp = smack_cred(cred); 4895 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 4896 4897 /* 4898 * Register with LSM 4899 */ 4900 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4901 smack_enabled = 1; 4902 4903 pr_info("Smack: Initializing.\n"); 4904 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4905 pr_info("Smack: Netfilter enabled.\n"); 4906 #endif 4907 #ifdef SMACK_IPV6_PORT_LABELING 4908 pr_info("Smack: IPv6 port labeling enabled.\n"); 4909 #endif 4910 #ifdef SMACK_IPV6_SECMARK_LABELING 4911 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4912 #endif 4913 4914 /* initialize the smack_known_list */ 4915 init_smack_known_list(); 4916 4917 return 0; 4918 } 4919 4920 /* 4921 * Smack requires early initialization in order to label 4922 * all processes and objects when they are created. 4923 */ 4924 DEFINE_LSM(smack) = { 4925 .name = "smack", 4926 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 4927 .blobs = &smack_blob_sizes, 4928 .init = smack_init, 4929 }; 4930