1 /* 2 * Simplified MAC Kernel (smack) security module 3 * 4 * This file contains the smack hook function implementations. 5 * 6 * Authors: 7 * Casey Schaufler <casey@schaufler-ca.com> 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 9 * 10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 12 * Paul Moore <paul@paul-moore.com> 13 * Copyright (C) 2010 Nokia Corporation 14 * Copyright (C) 2011 Intel Corporation. 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License version 2, 18 * as published by the Free Software Foundation. 19 */ 20 21 #include <linux/xattr.h> 22 #include <linux/pagemap.h> 23 #include <linux/mount.h> 24 #include <linux/stat.h> 25 #include <linux/kd.h> 26 #include <asm/ioctls.h> 27 #include <linux/ip.h> 28 #include <linux/tcp.h> 29 #include <linux/udp.h> 30 #include <linux/dccp.h> 31 #include <linux/slab.h> 32 #include <linux/mutex.h> 33 #include <linux/pipe_fs_i.h> 34 #include <net/cipso_ipv4.h> 35 #include <net/ip.h> 36 #include <net/ipv6.h> 37 #include <linux/audit.h> 38 #include <linux/magic.h> 39 #include <linux/dcache.h> 40 #include <linux/personality.h> 41 #include <linux/msg.h> 42 #include <linux/shm.h> 43 #include <linux/binfmts.h> 44 #include "smack.h" 45 46 #define task_security(task) (task_cred_xxx((task), security)) 47 48 #define TRANS_TRUE "TRUE" 49 #define TRANS_TRUE_SIZE 4 50 51 #define SMK_CONNECTING 0 52 #define SMK_RECEIVING 1 53 #define SMK_SENDING 2 54 55 LIST_HEAD(smk_ipv6_port_list); 56 57 /** 58 * smk_fetch - Fetch the smack label from a file. 59 * @ip: a pointer to the inode 60 * @dp: a pointer to the dentry 61 * 62 * Returns a pointer to the master list entry for the Smack label 63 * or NULL if there was no label to fetch. 64 */ 65 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 66 struct dentry *dp) 67 { 68 int rc; 69 char *buffer; 70 struct smack_known *skp = NULL; 71 72 if (ip->i_op->getxattr == NULL) 73 return NULL; 74 75 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL); 76 if (buffer == NULL) 77 return NULL; 78 79 rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL); 80 if (rc > 0) 81 skp = smk_import_entry(buffer, rc); 82 83 kfree(buffer); 84 85 return skp; 86 } 87 88 /** 89 * new_inode_smack - allocate an inode security blob 90 * @smack: a pointer to the Smack label to use in the blob 91 * 92 * Returns the new blob or NULL if there's no memory available 93 */ 94 struct inode_smack *new_inode_smack(char *smack) 95 { 96 struct inode_smack *isp; 97 98 isp = kzalloc(sizeof(struct inode_smack), GFP_NOFS); 99 if (isp == NULL) 100 return NULL; 101 102 isp->smk_inode = smack; 103 isp->smk_flags = 0; 104 mutex_init(&isp->smk_lock); 105 106 return isp; 107 } 108 109 /** 110 * new_task_smack - allocate a task security blob 111 * @smack: a pointer to the Smack label to use in the blob 112 * 113 * Returns the new blob or NULL if there's no memory available 114 */ 115 static struct task_smack *new_task_smack(struct smack_known *task, 116 struct smack_known *forked, gfp_t gfp) 117 { 118 struct task_smack *tsp; 119 120 tsp = kzalloc(sizeof(struct task_smack), gfp); 121 if (tsp == NULL) 122 return NULL; 123 124 tsp->smk_task = task; 125 tsp->smk_forked = forked; 126 INIT_LIST_HEAD(&tsp->smk_rules); 127 mutex_init(&tsp->smk_rules_lock); 128 129 return tsp; 130 } 131 132 /** 133 * smk_copy_rules - copy a rule set 134 * @nhead - new rules header pointer 135 * @ohead - old rules header pointer 136 * 137 * Returns 0 on success, -ENOMEM on error 138 */ 139 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 140 gfp_t gfp) 141 { 142 struct smack_rule *nrp; 143 struct smack_rule *orp; 144 int rc = 0; 145 146 INIT_LIST_HEAD(nhead); 147 148 list_for_each_entry_rcu(orp, ohead, list) { 149 nrp = kzalloc(sizeof(struct smack_rule), gfp); 150 if (nrp == NULL) { 151 rc = -ENOMEM; 152 break; 153 } 154 *nrp = *orp; 155 list_add_rcu(&nrp->list, nhead); 156 } 157 return rc; 158 } 159 160 /** 161 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 162 * @mode - input mode in form of PTRACE_MODE_* 163 * 164 * Returns a converted MAY_* mode usable by smack rules 165 */ 166 static inline unsigned int smk_ptrace_mode(unsigned int mode) 167 { 168 switch (mode) { 169 case PTRACE_MODE_READ: 170 return MAY_READ; 171 case PTRACE_MODE_ATTACH: 172 return MAY_READWRITE; 173 } 174 175 return 0; 176 } 177 178 /** 179 * smk_ptrace_rule_check - helper for ptrace access 180 * @tracer: tracer process 181 * @tracee_label: label of the process that's about to be traced, 182 * the pointer must originate from smack structures 183 * @mode: ptrace attachment mode (PTRACE_MODE_*) 184 * @func: name of the function that called us, used for audit 185 * 186 * Returns 0 on access granted, -error on error 187 */ 188 static int smk_ptrace_rule_check(struct task_struct *tracer, char *tracee_label, 189 unsigned int mode, const char *func) 190 { 191 int rc; 192 struct smk_audit_info ad, *saip = NULL; 193 struct task_smack *tsp; 194 struct smack_known *skp; 195 196 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 197 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 198 smk_ad_setfield_u_tsk(&ad, tracer); 199 saip = &ad; 200 } 201 202 tsp = task_security(tracer); 203 skp = smk_of_task(tsp); 204 205 if ((mode & PTRACE_MODE_ATTACH) && 206 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 207 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 208 if (skp->smk_known == tracee_label) 209 rc = 0; 210 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 211 rc = -EACCES; 212 else if (capable(CAP_SYS_PTRACE)) 213 rc = 0; 214 else 215 rc = -EACCES; 216 217 if (saip) 218 smack_log(skp->smk_known, tracee_label, 0, rc, saip); 219 220 return rc; 221 } 222 223 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 224 rc = smk_tskacc(tsp, tracee_label, smk_ptrace_mode(mode), saip); 225 return rc; 226 } 227 228 /* 229 * LSM hooks. 230 * We he, that is fun! 231 */ 232 233 /** 234 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 235 * @ctp: child task pointer 236 * @mode: ptrace attachment mode (PTRACE_MODE_*) 237 * 238 * Returns 0 if access is OK, an error code otherwise 239 * 240 * Do the capability checks. 241 */ 242 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 243 { 244 int rc; 245 struct smack_known *skp; 246 247 rc = cap_ptrace_access_check(ctp, mode); 248 if (rc != 0) 249 return rc; 250 251 skp = smk_of_task(task_security(ctp)); 252 253 rc = smk_ptrace_rule_check(current, skp->smk_known, mode, __func__); 254 return rc; 255 } 256 257 /** 258 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 259 * @ptp: parent task pointer 260 * 261 * Returns 0 if access is OK, an error code otherwise 262 * 263 * Do the capability checks, and require PTRACE_MODE_ATTACH. 264 */ 265 static int smack_ptrace_traceme(struct task_struct *ptp) 266 { 267 int rc; 268 struct smack_known *skp; 269 270 rc = cap_ptrace_traceme(ptp); 271 if (rc != 0) 272 return rc; 273 274 skp = smk_of_task(current_security()); 275 276 rc = smk_ptrace_rule_check(ptp, skp->smk_known, 277 PTRACE_MODE_ATTACH, __func__); 278 return rc; 279 } 280 281 /** 282 * smack_syslog - Smack approval on syslog 283 * @type: message type 284 * 285 * Returns 0 on success, error code otherwise. 286 */ 287 static int smack_syslog(int typefrom_file) 288 { 289 int rc = 0; 290 struct smack_known *skp = smk_of_current(); 291 292 if (smack_privileged(CAP_MAC_OVERRIDE)) 293 return 0; 294 295 if (smack_syslog_label != NULL && smack_syslog_label != skp) 296 rc = -EACCES; 297 298 return rc; 299 } 300 301 302 /* 303 * Superblock Hooks. 304 */ 305 306 /** 307 * smack_sb_alloc_security - allocate a superblock blob 308 * @sb: the superblock getting the blob 309 * 310 * Returns 0 on success or -ENOMEM on error. 311 */ 312 static int smack_sb_alloc_security(struct super_block *sb) 313 { 314 struct superblock_smack *sbsp; 315 316 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 317 318 if (sbsp == NULL) 319 return -ENOMEM; 320 321 sbsp->smk_root = smack_known_floor.smk_known; 322 sbsp->smk_default = smack_known_floor.smk_known; 323 sbsp->smk_floor = smack_known_floor.smk_known; 324 sbsp->smk_hat = smack_known_hat.smk_known; 325 /* 326 * smk_initialized will be zero from kzalloc. 327 */ 328 sb->s_security = sbsp; 329 330 return 0; 331 } 332 333 /** 334 * smack_sb_free_security - free a superblock blob 335 * @sb: the superblock getting the blob 336 * 337 */ 338 static void smack_sb_free_security(struct super_block *sb) 339 { 340 kfree(sb->s_security); 341 sb->s_security = NULL; 342 } 343 344 /** 345 * smack_sb_copy_data - copy mount options data for processing 346 * @orig: where to start 347 * @smackopts: mount options string 348 * 349 * Returns 0 on success or -ENOMEM on error. 350 * 351 * Copy the Smack specific mount options out of the mount 352 * options list. 353 */ 354 static int smack_sb_copy_data(char *orig, char *smackopts) 355 { 356 char *cp, *commap, *otheropts, *dp; 357 358 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 359 if (otheropts == NULL) 360 return -ENOMEM; 361 362 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 363 if (strstr(cp, SMK_FSDEFAULT) == cp) 364 dp = smackopts; 365 else if (strstr(cp, SMK_FSFLOOR) == cp) 366 dp = smackopts; 367 else if (strstr(cp, SMK_FSHAT) == cp) 368 dp = smackopts; 369 else if (strstr(cp, SMK_FSROOT) == cp) 370 dp = smackopts; 371 else if (strstr(cp, SMK_FSTRANS) == cp) 372 dp = smackopts; 373 else 374 dp = otheropts; 375 376 commap = strchr(cp, ','); 377 if (commap != NULL) 378 *commap = '\0'; 379 380 if (*dp != '\0') 381 strcat(dp, ","); 382 strcat(dp, cp); 383 } 384 385 strcpy(orig, otheropts); 386 free_page((unsigned long)otheropts); 387 388 return 0; 389 } 390 391 /** 392 * smack_sb_kern_mount - Smack specific mount processing 393 * @sb: the file system superblock 394 * @flags: the mount flags 395 * @data: the smack mount options 396 * 397 * Returns 0 on success, an error code on failure 398 */ 399 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 400 { 401 struct dentry *root = sb->s_root; 402 struct inode *inode = root->d_inode; 403 struct superblock_smack *sp = sb->s_security; 404 struct inode_smack *isp; 405 struct smack_known *skp; 406 char *op; 407 char *commap; 408 char *nsp; 409 int transmute = 0; 410 int specified = 0; 411 412 if (sp->smk_initialized) 413 return 0; 414 415 sp->smk_initialized = 1; 416 417 for (op = data; op != NULL; op = commap) { 418 commap = strchr(op, ','); 419 if (commap != NULL) 420 *commap++ = '\0'; 421 422 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { 423 op += strlen(SMK_FSHAT); 424 nsp = smk_import(op, 0); 425 if (nsp != NULL) { 426 sp->smk_hat = nsp; 427 specified = 1; 428 } 429 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { 430 op += strlen(SMK_FSFLOOR); 431 nsp = smk_import(op, 0); 432 if (nsp != NULL) { 433 sp->smk_floor = nsp; 434 specified = 1; 435 } 436 } else if (strncmp(op, SMK_FSDEFAULT, 437 strlen(SMK_FSDEFAULT)) == 0) { 438 op += strlen(SMK_FSDEFAULT); 439 nsp = smk_import(op, 0); 440 if (nsp != NULL) { 441 sp->smk_default = nsp; 442 specified = 1; 443 } 444 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { 445 op += strlen(SMK_FSROOT); 446 nsp = smk_import(op, 0); 447 if (nsp != NULL) { 448 sp->smk_root = nsp; 449 specified = 1; 450 } 451 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) { 452 op += strlen(SMK_FSTRANS); 453 nsp = smk_import(op, 0); 454 if (nsp != NULL) { 455 sp->smk_root = nsp; 456 transmute = 1; 457 specified = 1; 458 } 459 } 460 } 461 462 if (!smack_privileged(CAP_MAC_ADMIN)) { 463 /* 464 * Unprivileged mounts don't get to specify Smack values. 465 */ 466 if (specified) 467 return -EPERM; 468 /* 469 * Unprivileged mounts get root and default from the caller. 470 */ 471 skp = smk_of_current(); 472 sp->smk_root = skp->smk_known; 473 sp->smk_default = skp->smk_known; 474 } 475 /* 476 * Initialize the root inode. 477 */ 478 isp = inode->i_security; 479 if (isp == NULL) { 480 isp = new_inode_smack(sp->smk_root); 481 if (isp == NULL) 482 return -ENOMEM; 483 inode->i_security = isp; 484 } else 485 isp->smk_inode = sp->smk_root; 486 487 if (transmute) 488 isp->smk_flags |= SMK_INODE_TRANSMUTE; 489 490 return 0; 491 } 492 493 /** 494 * smack_sb_statfs - Smack check on statfs 495 * @dentry: identifies the file system in question 496 * 497 * Returns 0 if current can read the floor of the filesystem, 498 * and error code otherwise 499 */ 500 static int smack_sb_statfs(struct dentry *dentry) 501 { 502 struct superblock_smack *sbp = dentry->d_sb->s_security; 503 int rc; 504 struct smk_audit_info ad; 505 506 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 507 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 508 509 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 510 return rc; 511 } 512 513 /* 514 * BPRM hooks 515 */ 516 517 /** 518 * smack_bprm_set_creds - set creds for exec 519 * @bprm: the exec information 520 * 521 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 522 */ 523 static int smack_bprm_set_creds(struct linux_binprm *bprm) 524 { 525 struct inode *inode = file_inode(bprm->file); 526 struct task_smack *bsp = bprm->cred->security; 527 struct inode_smack *isp; 528 int rc; 529 530 rc = cap_bprm_set_creds(bprm); 531 if (rc != 0) 532 return rc; 533 534 if (bprm->cred_prepared) 535 return 0; 536 537 isp = inode->i_security; 538 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 539 return 0; 540 541 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { 542 struct task_struct *tracer; 543 rc = 0; 544 545 rcu_read_lock(); 546 tracer = ptrace_parent(current); 547 if (likely(tracer != NULL)) 548 rc = smk_ptrace_rule_check(tracer, 549 isp->smk_task->smk_known, 550 PTRACE_MODE_ATTACH, 551 __func__); 552 rcu_read_unlock(); 553 554 if (rc != 0) 555 return rc; 556 } else if (bprm->unsafe) 557 return -EPERM; 558 559 bsp->smk_task = isp->smk_task; 560 bprm->per_clear |= PER_CLEAR_ON_SETID; 561 562 return 0; 563 } 564 565 /** 566 * smack_bprm_committing_creds - Prepare to install the new credentials 567 * from bprm. 568 * 569 * @bprm: binprm for exec 570 */ 571 static void smack_bprm_committing_creds(struct linux_binprm *bprm) 572 { 573 struct task_smack *bsp = bprm->cred->security; 574 575 if (bsp->smk_task != bsp->smk_forked) 576 current->pdeath_signal = 0; 577 } 578 579 /** 580 * smack_bprm_secureexec - Return the decision to use secureexec. 581 * @bprm: binprm for exec 582 * 583 * Returns 0 on success. 584 */ 585 static int smack_bprm_secureexec(struct linux_binprm *bprm) 586 { 587 struct task_smack *tsp = current_security(); 588 int ret = cap_bprm_secureexec(bprm); 589 590 if (!ret && (tsp->smk_task != tsp->smk_forked)) 591 ret = 1; 592 593 return ret; 594 } 595 596 /* 597 * Inode hooks 598 */ 599 600 /** 601 * smack_inode_alloc_security - allocate an inode blob 602 * @inode: the inode in need of a blob 603 * 604 * Returns 0 if it gets a blob, -ENOMEM otherwise 605 */ 606 static int smack_inode_alloc_security(struct inode *inode) 607 { 608 struct smack_known *skp = smk_of_current(); 609 610 inode->i_security = new_inode_smack(skp->smk_known); 611 if (inode->i_security == NULL) 612 return -ENOMEM; 613 return 0; 614 } 615 616 /** 617 * smack_inode_free_security - free an inode blob 618 * @inode: the inode with a blob 619 * 620 * Clears the blob pointer in inode 621 */ 622 static void smack_inode_free_security(struct inode *inode) 623 { 624 kfree(inode->i_security); 625 inode->i_security = NULL; 626 } 627 628 /** 629 * smack_inode_init_security - copy out the smack from an inode 630 * @inode: the inode 631 * @dir: unused 632 * @qstr: unused 633 * @name: where to put the attribute name 634 * @value: where to put the attribute value 635 * @len: where to put the length of the attribute 636 * 637 * Returns 0 if it all works out, -ENOMEM if there's no memory 638 */ 639 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 640 const struct qstr *qstr, const char **name, 641 void **value, size_t *len) 642 { 643 struct inode_smack *issp = inode->i_security; 644 struct smack_known *skp = smk_of_current(); 645 char *isp = smk_of_inode(inode); 646 char *dsp = smk_of_inode(dir); 647 int may; 648 649 if (name) 650 *name = XATTR_SMACK_SUFFIX; 651 652 if (value) { 653 rcu_read_lock(); 654 may = smk_access_entry(skp->smk_known, dsp, &skp->smk_rules); 655 rcu_read_unlock(); 656 657 /* 658 * If the access rule allows transmutation and 659 * the directory requests transmutation then 660 * by all means transmute. 661 * Mark the inode as changed. 662 */ 663 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 664 smk_inode_transmutable(dir)) { 665 isp = dsp; 666 issp->smk_flags |= SMK_INODE_CHANGED; 667 } 668 669 *value = kstrdup(isp, GFP_NOFS); 670 if (*value == NULL) 671 return -ENOMEM; 672 } 673 674 if (len) 675 *len = strlen(isp) + 1; 676 677 return 0; 678 } 679 680 /** 681 * smack_inode_link - Smack check on link 682 * @old_dentry: the existing object 683 * @dir: unused 684 * @new_dentry: the new object 685 * 686 * Returns 0 if access is permitted, an error code otherwise 687 */ 688 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 689 struct dentry *new_dentry) 690 { 691 char *isp; 692 struct smk_audit_info ad; 693 int rc; 694 695 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 696 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 697 698 isp = smk_of_inode(old_dentry->d_inode); 699 rc = smk_curacc(isp, MAY_WRITE, &ad); 700 701 if (rc == 0 && new_dentry->d_inode != NULL) { 702 isp = smk_of_inode(new_dentry->d_inode); 703 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 704 rc = smk_curacc(isp, MAY_WRITE, &ad); 705 } 706 707 return rc; 708 } 709 710 /** 711 * smack_inode_unlink - Smack check on inode deletion 712 * @dir: containing directory object 713 * @dentry: file to unlink 714 * 715 * Returns 0 if current can write the containing directory 716 * and the object, error code otherwise 717 */ 718 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 719 { 720 struct inode *ip = dentry->d_inode; 721 struct smk_audit_info ad; 722 int rc; 723 724 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 725 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 726 727 /* 728 * You need write access to the thing you're unlinking 729 */ 730 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 731 if (rc == 0) { 732 /* 733 * You also need write access to the containing directory 734 */ 735 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 736 smk_ad_setfield_u_fs_inode(&ad, dir); 737 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 738 } 739 return rc; 740 } 741 742 /** 743 * smack_inode_rmdir - Smack check on directory deletion 744 * @dir: containing directory object 745 * @dentry: directory to unlink 746 * 747 * Returns 0 if current can write the containing directory 748 * and the directory, error code otherwise 749 */ 750 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 751 { 752 struct smk_audit_info ad; 753 int rc; 754 755 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 756 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 757 758 /* 759 * You need write access to the thing you're removing 760 */ 761 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 762 if (rc == 0) { 763 /* 764 * You also need write access to the containing directory 765 */ 766 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 767 smk_ad_setfield_u_fs_inode(&ad, dir); 768 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 769 } 770 771 return rc; 772 } 773 774 /** 775 * smack_inode_rename - Smack check on rename 776 * @old_inode: the old directory 777 * @old_dentry: unused 778 * @new_inode: the new directory 779 * @new_dentry: unused 780 * 781 * Read and write access is required on both the old and 782 * new directories. 783 * 784 * Returns 0 if access is permitted, an error code otherwise 785 */ 786 static int smack_inode_rename(struct inode *old_inode, 787 struct dentry *old_dentry, 788 struct inode *new_inode, 789 struct dentry *new_dentry) 790 { 791 int rc; 792 char *isp; 793 struct smk_audit_info ad; 794 795 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 796 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 797 798 isp = smk_of_inode(old_dentry->d_inode); 799 rc = smk_curacc(isp, MAY_READWRITE, &ad); 800 801 if (rc == 0 && new_dentry->d_inode != NULL) { 802 isp = smk_of_inode(new_dentry->d_inode); 803 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 804 rc = smk_curacc(isp, MAY_READWRITE, &ad); 805 } 806 return rc; 807 } 808 809 /** 810 * smack_inode_permission - Smack version of permission() 811 * @inode: the inode in question 812 * @mask: the access requested 813 * 814 * This is the important Smack hook. 815 * 816 * Returns 0 if access is permitted, -EACCES otherwise 817 */ 818 static int smack_inode_permission(struct inode *inode, int mask) 819 { 820 struct smk_audit_info ad; 821 int no_block = mask & MAY_NOT_BLOCK; 822 823 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 824 /* 825 * No permission to check. Existence test. Yup, it's there. 826 */ 827 if (mask == 0) 828 return 0; 829 830 /* May be droppable after audit */ 831 if (no_block) 832 return -ECHILD; 833 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 834 smk_ad_setfield_u_fs_inode(&ad, inode); 835 return smk_curacc(smk_of_inode(inode), mask, &ad); 836 } 837 838 /** 839 * smack_inode_setattr - Smack check for setting attributes 840 * @dentry: the object 841 * @iattr: for the force flag 842 * 843 * Returns 0 if access is permitted, an error code otherwise 844 */ 845 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 846 { 847 struct smk_audit_info ad; 848 /* 849 * Need to allow for clearing the setuid bit. 850 */ 851 if (iattr->ia_valid & ATTR_FORCE) 852 return 0; 853 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 854 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 855 856 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 857 } 858 859 /** 860 * smack_inode_getattr - Smack check for getting attributes 861 * @mnt: unused 862 * @dentry: the object 863 * 864 * Returns 0 if access is permitted, an error code otherwise 865 */ 866 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 867 { 868 struct smk_audit_info ad; 869 struct path path; 870 871 path.dentry = dentry; 872 path.mnt = mnt; 873 874 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 875 smk_ad_setfield_u_fs_path(&ad, path); 876 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); 877 } 878 879 /** 880 * smack_inode_setxattr - Smack check for setting xattrs 881 * @dentry: the object 882 * @name: name of the attribute 883 * @value: unused 884 * @size: unused 885 * @flags: unused 886 * 887 * This protects the Smack attribute explicitly. 888 * 889 * Returns 0 if access is permitted, an error code otherwise 890 */ 891 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 892 const void *value, size_t size, int flags) 893 { 894 struct smk_audit_info ad; 895 struct smack_known *skp; 896 int check_priv = 0; 897 int check_import = 0; 898 int check_star = 0; 899 int rc = 0; 900 901 /* 902 * Check label validity here so import won't fail in post_setxattr 903 */ 904 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 905 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 906 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 907 check_priv = 1; 908 check_import = 1; 909 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 910 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 911 check_priv = 1; 912 check_import = 1; 913 check_star = 1; 914 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 915 check_priv = 1; 916 if (size != TRANS_TRUE_SIZE || 917 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 918 rc = -EINVAL; 919 } else 920 rc = cap_inode_setxattr(dentry, name, value, size, flags); 921 922 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 923 rc = -EPERM; 924 925 if (rc == 0 && check_import) { 926 skp = smk_import_entry(value, size); 927 if (skp == NULL || (check_star && 928 (skp == &smack_known_star || skp == &smack_known_web))) 929 rc = -EINVAL; 930 } 931 932 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 933 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 934 935 if (rc == 0) 936 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 937 938 return rc; 939 } 940 941 /** 942 * smack_inode_post_setxattr - Apply the Smack update approved above 943 * @dentry: object 944 * @name: attribute name 945 * @value: attribute value 946 * @size: attribute size 947 * @flags: unused 948 * 949 * Set the pointer in the inode blob to the entry found 950 * in the master label list. 951 */ 952 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 953 const void *value, size_t size, int flags) 954 { 955 struct smack_known *skp; 956 struct inode_smack *isp = dentry->d_inode->i_security; 957 958 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 959 isp->smk_flags |= SMK_INODE_TRANSMUTE; 960 return; 961 } 962 963 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 964 skp = smk_import_entry(value, size); 965 if (skp != NULL) 966 isp->smk_inode = skp->smk_known; 967 else 968 isp->smk_inode = smack_known_invalid.smk_known; 969 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 970 skp = smk_import_entry(value, size); 971 if (skp != NULL) 972 isp->smk_task = skp; 973 else 974 isp->smk_task = &smack_known_invalid; 975 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 976 skp = smk_import_entry(value, size); 977 if (skp != NULL) 978 isp->smk_mmap = skp; 979 else 980 isp->smk_mmap = &smack_known_invalid; 981 } 982 983 return; 984 } 985 986 /** 987 * smack_inode_getxattr - Smack check on getxattr 988 * @dentry: the object 989 * @name: unused 990 * 991 * Returns 0 if access is permitted, an error code otherwise 992 */ 993 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 994 { 995 struct smk_audit_info ad; 996 997 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 998 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 999 1000 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); 1001 } 1002 1003 /** 1004 * smack_inode_removexattr - Smack check on removexattr 1005 * @dentry: the object 1006 * @name: name of the attribute 1007 * 1008 * Removing the Smack attribute requires CAP_MAC_ADMIN 1009 * 1010 * Returns 0 if access is permitted, an error code otherwise 1011 */ 1012 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 1013 { 1014 struct inode_smack *isp; 1015 struct smk_audit_info ad; 1016 int rc = 0; 1017 1018 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1019 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1020 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1021 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1022 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1023 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1024 if (!smack_privileged(CAP_MAC_ADMIN)) 1025 rc = -EPERM; 1026 } else 1027 rc = cap_inode_removexattr(dentry, name); 1028 1029 if (rc != 0) 1030 return rc; 1031 1032 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1033 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1034 1035 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 1036 if (rc != 0) 1037 return rc; 1038 1039 isp = dentry->d_inode->i_security; 1040 /* 1041 * Don't do anything special for these. 1042 * XATTR_NAME_SMACKIPIN 1043 * XATTR_NAME_SMACKIPOUT 1044 * XATTR_NAME_SMACKEXEC 1045 */ 1046 if (strcmp(name, XATTR_NAME_SMACK) == 0) 1047 isp->smk_task = NULL; 1048 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1049 isp->smk_mmap = NULL; 1050 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1051 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1052 1053 return 0; 1054 } 1055 1056 /** 1057 * smack_inode_getsecurity - get smack xattrs 1058 * @inode: the object 1059 * @name: attribute name 1060 * @buffer: where to put the result 1061 * @alloc: unused 1062 * 1063 * Returns the size of the attribute or an error code 1064 */ 1065 static int smack_inode_getsecurity(const struct inode *inode, 1066 const char *name, void **buffer, 1067 bool alloc) 1068 { 1069 struct socket_smack *ssp; 1070 struct socket *sock; 1071 struct super_block *sbp; 1072 struct inode *ip = (struct inode *)inode; 1073 char *isp; 1074 int ilen; 1075 int rc = 0; 1076 1077 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1078 isp = smk_of_inode(inode); 1079 ilen = strlen(isp) + 1; 1080 *buffer = isp; 1081 return ilen; 1082 } 1083 1084 /* 1085 * The rest of the Smack xattrs are only on sockets. 1086 */ 1087 sbp = ip->i_sb; 1088 if (sbp->s_magic != SOCKFS_MAGIC) 1089 return -EOPNOTSUPP; 1090 1091 sock = SOCKET_I(ip); 1092 if (sock == NULL || sock->sk == NULL) 1093 return -EOPNOTSUPP; 1094 1095 ssp = sock->sk->sk_security; 1096 1097 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1098 isp = ssp->smk_in->smk_known; 1099 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1100 isp = ssp->smk_out->smk_known; 1101 else 1102 return -EOPNOTSUPP; 1103 1104 ilen = strlen(isp) + 1; 1105 if (rc == 0) { 1106 *buffer = isp; 1107 rc = ilen; 1108 } 1109 1110 return rc; 1111 } 1112 1113 1114 /** 1115 * smack_inode_listsecurity - list the Smack attributes 1116 * @inode: the object 1117 * @buffer: where they go 1118 * @buffer_size: size of buffer 1119 * 1120 * Returns 0 on success, -EINVAL otherwise 1121 */ 1122 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1123 size_t buffer_size) 1124 { 1125 int len = strlen(XATTR_NAME_SMACK); 1126 1127 if (buffer != NULL && len <= buffer_size) { 1128 memcpy(buffer, XATTR_NAME_SMACK, len); 1129 return len; 1130 } 1131 return -EINVAL; 1132 } 1133 1134 /** 1135 * smack_inode_getsecid - Extract inode's security id 1136 * @inode: inode to extract the info from 1137 * @secid: where result will be saved 1138 */ 1139 static void smack_inode_getsecid(const struct inode *inode, u32 *secid) 1140 { 1141 struct inode_smack *isp = inode->i_security; 1142 1143 *secid = smack_to_secid(isp->smk_inode); 1144 } 1145 1146 /* 1147 * File Hooks 1148 */ 1149 1150 /** 1151 * smack_file_permission - Smack check on file operations 1152 * @file: unused 1153 * @mask: unused 1154 * 1155 * Returns 0 1156 * 1157 * Should access checks be done on each read or write? 1158 * UNICOS and SELinux say yes. 1159 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1160 * 1161 * I'll say no for now. Smack does not do the frequent 1162 * label changing that SELinux does. 1163 */ 1164 static int smack_file_permission(struct file *file, int mask) 1165 { 1166 return 0; 1167 } 1168 1169 /** 1170 * smack_file_alloc_security - assign a file security blob 1171 * @file: the object 1172 * 1173 * The security blob for a file is a pointer to the master 1174 * label list, so no allocation is done. 1175 * 1176 * Returns 0 1177 */ 1178 static int smack_file_alloc_security(struct file *file) 1179 { 1180 struct smack_known *skp = smk_of_current(); 1181 1182 file->f_security = skp->smk_known; 1183 return 0; 1184 } 1185 1186 /** 1187 * smack_file_free_security - clear a file security blob 1188 * @file: the object 1189 * 1190 * The security blob for a file is a pointer to the master 1191 * label list, so no memory is freed. 1192 */ 1193 static void smack_file_free_security(struct file *file) 1194 { 1195 file->f_security = NULL; 1196 } 1197 1198 /** 1199 * smack_file_ioctl - Smack check on ioctls 1200 * @file: the object 1201 * @cmd: what to do 1202 * @arg: unused 1203 * 1204 * Relies heavily on the correct use of the ioctl command conventions. 1205 * 1206 * Returns 0 if allowed, error code otherwise 1207 */ 1208 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1209 unsigned long arg) 1210 { 1211 int rc = 0; 1212 struct smk_audit_info ad; 1213 1214 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1215 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1216 1217 if (_IOC_DIR(cmd) & _IOC_WRITE) 1218 rc = smk_curacc(file->f_security, MAY_WRITE, &ad); 1219 1220 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) 1221 rc = smk_curacc(file->f_security, MAY_READ, &ad); 1222 1223 return rc; 1224 } 1225 1226 /** 1227 * smack_file_lock - Smack check on file locking 1228 * @file: the object 1229 * @cmd: unused 1230 * 1231 * Returns 0 if current has lock access, error code otherwise 1232 */ 1233 static int smack_file_lock(struct file *file, unsigned int cmd) 1234 { 1235 struct smk_audit_info ad; 1236 1237 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1238 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1239 return smk_curacc(file->f_security, MAY_LOCK, &ad); 1240 } 1241 1242 /** 1243 * smack_file_fcntl - Smack check on fcntl 1244 * @file: the object 1245 * @cmd: what action to check 1246 * @arg: unused 1247 * 1248 * Generally these operations are harmless. 1249 * File locking operations present an obvious mechanism 1250 * for passing information, so they require write access. 1251 * 1252 * Returns 0 if current has access, error code otherwise 1253 */ 1254 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1255 unsigned long arg) 1256 { 1257 struct smk_audit_info ad; 1258 int rc = 0; 1259 1260 1261 switch (cmd) { 1262 case F_GETLK: 1263 break; 1264 case F_SETLK: 1265 case F_SETLKW: 1266 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1267 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1268 rc = smk_curacc(file->f_security, MAY_LOCK, &ad); 1269 break; 1270 case F_SETOWN: 1271 case F_SETSIG: 1272 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1273 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1274 rc = smk_curacc(file->f_security, MAY_WRITE, &ad); 1275 break; 1276 default: 1277 break; 1278 } 1279 1280 return rc; 1281 } 1282 1283 /** 1284 * smack_mmap_file : 1285 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1286 * if mapping anonymous memory. 1287 * @file contains the file structure for file to map (may be NULL). 1288 * @reqprot contains the protection requested by the application. 1289 * @prot contains the protection that will be applied by the kernel. 1290 * @flags contains the operational flags. 1291 * Return 0 if permission is granted. 1292 */ 1293 static int smack_mmap_file(struct file *file, 1294 unsigned long reqprot, unsigned long prot, 1295 unsigned long flags) 1296 { 1297 struct smack_known *skp; 1298 struct smack_known *mkp; 1299 struct smack_rule *srp; 1300 struct task_smack *tsp; 1301 char *osmack; 1302 struct inode_smack *isp; 1303 int may; 1304 int mmay; 1305 int tmay; 1306 int rc; 1307 1308 if (file == NULL) 1309 return 0; 1310 1311 isp = file_inode(file)->i_security; 1312 if (isp->smk_mmap == NULL) 1313 return 0; 1314 mkp = isp->smk_mmap; 1315 1316 tsp = current_security(); 1317 skp = smk_of_current(); 1318 rc = 0; 1319 1320 rcu_read_lock(); 1321 /* 1322 * For each Smack rule associated with the subject 1323 * label verify that the SMACK64MMAP also has access 1324 * to that rule's object label. 1325 */ 1326 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1327 osmack = srp->smk_object; 1328 /* 1329 * Matching labels always allows access. 1330 */ 1331 if (mkp->smk_known == osmack) 1332 continue; 1333 /* 1334 * If there is a matching local rule take 1335 * that into account as well. 1336 */ 1337 may = smk_access_entry(srp->smk_subject->smk_known, osmack, 1338 &tsp->smk_rules); 1339 if (may == -ENOENT) 1340 may = srp->smk_access; 1341 else 1342 may &= srp->smk_access; 1343 /* 1344 * If may is zero the SMACK64MMAP subject can't 1345 * possibly have less access. 1346 */ 1347 if (may == 0) 1348 continue; 1349 1350 /* 1351 * Fetch the global list entry. 1352 * If there isn't one a SMACK64MMAP subject 1353 * can't have as much access as current. 1354 */ 1355 mmay = smk_access_entry(mkp->smk_known, osmack, 1356 &mkp->smk_rules); 1357 if (mmay == -ENOENT) { 1358 rc = -EACCES; 1359 break; 1360 } 1361 /* 1362 * If there is a local entry it modifies the 1363 * potential access, too. 1364 */ 1365 tmay = smk_access_entry(mkp->smk_known, osmack, 1366 &tsp->smk_rules); 1367 if (tmay != -ENOENT) 1368 mmay &= tmay; 1369 1370 /* 1371 * If there is any access available to current that is 1372 * not available to a SMACK64MMAP subject 1373 * deny access. 1374 */ 1375 if ((may | mmay) != mmay) { 1376 rc = -EACCES; 1377 break; 1378 } 1379 } 1380 1381 rcu_read_unlock(); 1382 1383 return rc; 1384 } 1385 1386 /** 1387 * smack_file_set_fowner - set the file security blob value 1388 * @file: object in question 1389 * 1390 * Returns 0 1391 * Further research may be required on this one. 1392 */ 1393 static int smack_file_set_fowner(struct file *file) 1394 { 1395 struct smack_known *skp = smk_of_current(); 1396 1397 file->f_security = skp->smk_known; 1398 return 0; 1399 } 1400 1401 /** 1402 * smack_file_send_sigiotask - Smack on sigio 1403 * @tsk: The target task 1404 * @fown: the object the signal come from 1405 * @signum: unused 1406 * 1407 * Allow a privileged task to get signals even if it shouldn't 1408 * 1409 * Returns 0 if a subject with the object's smack could 1410 * write to the task, an error code otherwise. 1411 */ 1412 static int smack_file_send_sigiotask(struct task_struct *tsk, 1413 struct fown_struct *fown, int signum) 1414 { 1415 struct smack_known *skp; 1416 struct smack_known *tkp = smk_of_task(tsk->cred->security); 1417 struct file *file; 1418 int rc; 1419 struct smk_audit_info ad; 1420 1421 /* 1422 * struct fown_struct is never outside the context of a struct file 1423 */ 1424 file = container_of(fown, struct file, f_owner); 1425 1426 /* we don't log here as rc can be overriden */ 1427 skp = smk_find_entry(file->f_security); 1428 rc = smk_access(skp, tkp->smk_known, MAY_WRITE, NULL); 1429 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1430 rc = 0; 1431 1432 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1433 smk_ad_setfield_u_tsk(&ad, tsk); 1434 smack_log(file->f_security, tkp->smk_known, MAY_WRITE, rc, &ad); 1435 return rc; 1436 } 1437 1438 /** 1439 * smack_file_receive - Smack file receive check 1440 * @file: the object 1441 * 1442 * Returns 0 if current has access, error code otherwise 1443 */ 1444 static int smack_file_receive(struct file *file) 1445 { 1446 int may = 0; 1447 struct smk_audit_info ad; 1448 1449 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1450 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1451 /* 1452 * This code relies on bitmasks. 1453 */ 1454 if (file->f_mode & FMODE_READ) 1455 may = MAY_READ; 1456 if (file->f_mode & FMODE_WRITE) 1457 may |= MAY_WRITE; 1458 1459 return smk_curacc(file->f_security, may, &ad); 1460 } 1461 1462 /** 1463 * smack_file_open - Smack dentry open processing 1464 * @file: the object 1465 * @cred: task credential 1466 * 1467 * Set the security blob in the file structure. 1468 * Allow the open only if the task has read access. There are 1469 * many read operations (e.g. fstat) that you can do with an 1470 * fd even if you have the file open write-only. 1471 * 1472 * Returns 0 1473 */ 1474 static int smack_file_open(struct file *file, const struct cred *cred) 1475 { 1476 struct task_smack *tsp = cred->security; 1477 struct inode_smack *isp = file_inode(file)->i_security; 1478 struct smk_audit_info ad; 1479 int rc; 1480 1481 if (smack_privileged(CAP_MAC_OVERRIDE)) 1482 return 0; 1483 1484 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1485 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1486 rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad); 1487 if (rc == 0) 1488 file->f_security = isp->smk_inode; 1489 1490 return rc; 1491 } 1492 1493 /* 1494 * Task hooks 1495 */ 1496 1497 /** 1498 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1499 * @new: the new credentials 1500 * @gfp: the atomicity of any memory allocations 1501 * 1502 * Prepare a blank set of credentials for modification. This must allocate all 1503 * the memory the LSM module might require such that cred_transfer() can 1504 * complete without error. 1505 */ 1506 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1507 { 1508 struct task_smack *tsp; 1509 1510 tsp = new_task_smack(NULL, NULL, gfp); 1511 if (tsp == NULL) 1512 return -ENOMEM; 1513 1514 cred->security = tsp; 1515 1516 return 0; 1517 } 1518 1519 1520 /** 1521 * smack_cred_free - "free" task-level security credentials 1522 * @cred: the credentials in question 1523 * 1524 */ 1525 static void smack_cred_free(struct cred *cred) 1526 { 1527 struct task_smack *tsp = cred->security; 1528 struct smack_rule *rp; 1529 struct list_head *l; 1530 struct list_head *n; 1531 1532 if (tsp == NULL) 1533 return; 1534 cred->security = NULL; 1535 1536 list_for_each_safe(l, n, &tsp->smk_rules) { 1537 rp = list_entry(l, struct smack_rule, list); 1538 list_del(&rp->list); 1539 kfree(rp); 1540 } 1541 kfree(tsp); 1542 } 1543 1544 /** 1545 * smack_cred_prepare - prepare new set of credentials for modification 1546 * @new: the new credentials 1547 * @old: the original credentials 1548 * @gfp: the atomicity of any memory allocations 1549 * 1550 * Prepare a new set of credentials for modification. 1551 */ 1552 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1553 gfp_t gfp) 1554 { 1555 struct task_smack *old_tsp = old->security; 1556 struct task_smack *new_tsp; 1557 int rc; 1558 1559 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); 1560 if (new_tsp == NULL) 1561 return -ENOMEM; 1562 1563 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1564 if (rc != 0) 1565 return rc; 1566 1567 new->security = new_tsp; 1568 return 0; 1569 } 1570 1571 /** 1572 * smack_cred_transfer - Transfer the old credentials to the new credentials 1573 * @new: the new credentials 1574 * @old: the original credentials 1575 * 1576 * Fill in a set of blank credentials from another set of credentials. 1577 */ 1578 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1579 { 1580 struct task_smack *old_tsp = old->security; 1581 struct task_smack *new_tsp = new->security; 1582 1583 new_tsp->smk_task = old_tsp->smk_task; 1584 new_tsp->smk_forked = old_tsp->smk_task; 1585 mutex_init(&new_tsp->smk_rules_lock); 1586 INIT_LIST_HEAD(&new_tsp->smk_rules); 1587 1588 1589 /* cbs copy rule list */ 1590 } 1591 1592 /** 1593 * smack_kernel_act_as - Set the subjective context in a set of credentials 1594 * @new: points to the set of credentials to be modified. 1595 * @secid: specifies the security ID to be set 1596 * 1597 * Set the security data for a kernel service. 1598 */ 1599 static int smack_kernel_act_as(struct cred *new, u32 secid) 1600 { 1601 struct task_smack *new_tsp = new->security; 1602 struct smack_known *skp = smack_from_secid(secid); 1603 1604 if (skp == NULL) 1605 return -EINVAL; 1606 1607 new_tsp->smk_task = skp; 1608 return 0; 1609 } 1610 1611 /** 1612 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1613 * @new: points to the set of credentials to be modified 1614 * @inode: points to the inode to use as a reference 1615 * 1616 * Set the file creation context in a set of credentials to the same 1617 * as the objective context of the specified inode 1618 */ 1619 static int smack_kernel_create_files_as(struct cred *new, 1620 struct inode *inode) 1621 { 1622 struct inode_smack *isp = inode->i_security; 1623 struct task_smack *tsp = new->security; 1624 1625 tsp->smk_forked = smk_find_entry(isp->smk_inode); 1626 tsp->smk_task = tsp->smk_forked; 1627 return 0; 1628 } 1629 1630 /** 1631 * smk_curacc_on_task - helper to log task related access 1632 * @p: the task object 1633 * @access: the access requested 1634 * @caller: name of the calling function for audit 1635 * 1636 * Return 0 if access is permitted 1637 */ 1638 static int smk_curacc_on_task(struct task_struct *p, int access, 1639 const char *caller) 1640 { 1641 struct smk_audit_info ad; 1642 struct smack_known *skp = smk_of_task(task_security(p)); 1643 1644 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 1645 smk_ad_setfield_u_tsk(&ad, p); 1646 return smk_curacc(skp->smk_known, access, &ad); 1647 } 1648 1649 /** 1650 * smack_task_setpgid - Smack check on setting pgid 1651 * @p: the task object 1652 * @pgid: unused 1653 * 1654 * Return 0 if write access is permitted 1655 */ 1656 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1657 { 1658 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1659 } 1660 1661 /** 1662 * smack_task_getpgid - Smack access check for getpgid 1663 * @p: the object task 1664 * 1665 * Returns 0 if current can read the object task, error code otherwise 1666 */ 1667 static int smack_task_getpgid(struct task_struct *p) 1668 { 1669 return smk_curacc_on_task(p, MAY_READ, __func__); 1670 } 1671 1672 /** 1673 * smack_task_getsid - Smack access check for getsid 1674 * @p: the object task 1675 * 1676 * Returns 0 if current can read the object task, error code otherwise 1677 */ 1678 static int smack_task_getsid(struct task_struct *p) 1679 { 1680 return smk_curacc_on_task(p, MAY_READ, __func__); 1681 } 1682 1683 /** 1684 * smack_task_getsecid - get the secid of the task 1685 * @p: the object task 1686 * @secid: where to put the result 1687 * 1688 * Sets the secid to contain a u32 version of the smack label. 1689 */ 1690 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1691 { 1692 struct smack_known *skp = smk_of_task(task_security(p)); 1693 1694 *secid = skp->smk_secid; 1695 } 1696 1697 /** 1698 * smack_task_setnice - Smack check on setting nice 1699 * @p: the task object 1700 * @nice: unused 1701 * 1702 * Return 0 if write access is permitted 1703 */ 1704 static int smack_task_setnice(struct task_struct *p, int nice) 1705 { 1706 int rc; 1707 1708 rc = cap_task_setnice(p, nice); 1709 if (rc == 0) 1710 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1711 return rc; 1712 } 1713 1714 /** 1715 * smack_task_setioprio - Smack check on setting ioprio 1716 * @p: the task object 1717 * @ioprio: unused 1718 * 1719 * Return 0 if write access is permitted 1720 */ 1721 static int smack_task_setioprio(struct task_struct *p, int ioprio) 1722 { 1723 int rc; 1724 1725 rc = cap_task_setioprio(p, ioprio); 1726 if (rc == 0) 1727 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1728 return rc; 1729 } 1730 1731 /** 1732 * smack_task_getioprio - Smack check on reading ioprio 1733 * @p: the task object 1734 * 1735 * Return 0 if read access is permitted 1736 */ 1737 static int smack_task_getioprio(struct task_struct *p) 1738 { 1739 return smk_curacc_on_task(p, MAY_READ, __func__); 1740 } 1741 1742 /** 1743 * smack_task_setscheduler - Smack check on setting scheduler 1744 * @p: the task object 1745 * @policy: unused 1746 * @lp: unused 1747 * 1748 * Return 0 if read access is permitted 1749 */ 1750 static int smack_task_setscheduler(struct task_struct *p) 1751 { 1752 int rc; 1753 1754 rc = cap_task_setscheduler(p); 1755 if (rc == 0) 1756 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1757 return rc; 1758 } 1759 1760 /** 1761 * smack_task_getscheduler - Smack check on reading scheduler 1762 * @p: the task object 1763 * 1764 * Return 0 if read access is permitted 1765 */ 1766 static int smack_task_getscheduler(struct task_struct *p) 1767 { 1768 return smk_curacc_on_task(p, MAY_READ, __func__); 1769 } 1770 1771 /** 1772 * smack_task_movememory - Smack check on moving memory 1773 * @p: the task object 1774 * 1775 * Return 0 if write access is permitted 1776 */ 1777 static int smack_task_movememory(struct task_struct *p) 1778 { 1779 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1780 } 1781 1782 /** 1783 * smack_task_kill - Smack check on signal delivery 1784 * @p: the task object 1785 * @info: unused 1786 * @sig: unused 1787 * @secid: identifies the smack to use in lieu of current's 1788 * 1789 * Return 0 if write access is permitted 1790 * 1791 * The secid behavior is an artifact of an SELinux hack 1792 * in the USB code. Someday it may go away. 1793 */ 1794 static int smack_task_kill(struct task_struct *p, struct siginfo *info, 1795 int sig, u32 secid) 1796 { 1797 struct smk_audit_info ad; 1798 struct smack_known *skp; 1799 struct smack_known *tkp = smk_of_task(task_security(p)); 1800 1801 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1802 smk_ad_setfield_u_tsk(&ad, p); 1803 /* 1804 * Sending a signal requires that the sender 1805 * can write the receiver. 1806 */ 1807 if (secid == 0) 1808 return smk_curacc(tkp->smk_known, MAY_WRITE, &ad); 1809 /* 1810 * If the secid isn't 0 we're dealing with some USB IO 1811 * specific behavior. This is not clean. For one thing 1812 * we can't take privilege into account. 1813 */ 1814 skp = smack_from_secid(secid); 1815 return smk_access(skp, tkp->smk_known, MAY_WRITE, &ad); 1816 } 1817 1818 /** 1819 * smack_task_wait - Smack access check for waiting 1820 * @p: task to wait for 1821 * 1822 * Returns 0 1823 */ 1824 static int smack_task_wait(struct task_struct *p) 1825 { 1826 /* 1827 * Allow the operation to succeed. 1828 * Zombies are bad. 1829 * In userless environments (e.g. phones) programs 1830 * get marked with SMACK64EXEC and even if the parent 1831 * and child shouldn't be talking the parent still 1832 * may expect to know when the child exits. 1833 */ 1834 return 0; 1835 } 1836 1837 /** 1838 * smack_task_to_inode - copy task smack into the inode blob 1839 * @p: task to copy from 1840 * @inode: inode to copy to 1841 * 1842 * Sets the smack pointer in the inode security blob 1843 */ 1844 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 1845 { 1846 struct inode_smack *isp = inode->i_security; 1847 struct smack_known *skp = smk_of_task(task_security(p)); 1848 1849 isp->smk_inode = skp->smk_known; 1850 } 1851 1852 /* 1853 * Socket hooks. 1854 */ 1855 1856 /** 1857 * smack_sk_alloc_security - Allocate a socket blob 1858 * @sk: the socket 1859 * @family: unused 1860 * @gfp_flags: memory allocation flags 1861 * 1862 * Assign Smack pointers to current 1863 * 1864 * Returns 0 on success, -ENOMEM is there's no memory 1865 */ 1866 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 1867 { 1868 struct smack_known *skp = smk_of_current(); 1869 struct socket_smack *ssp; 1870 1871 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 1872 if (ssp == NULL) 1873 return -ENOMEM; 1874 1875 ssp->smk_in = skp; 1876 ssp->smk_out = skp; 1877 ssp->smk_packet = NULL; 1878 1879 sk->sk_security = ssp; 1880 1881 return 0; 1882 } 1883 1884 /** 1885 * smack_sk_free_security - Free a socket blob 1886 * @sk: the socket 1887 * 1888 * Clears the blob pointer 1889 */ 1890 static void smack_sk_free_security(struct sock *sk) 1891 { 1892 kfree(sk->sk_security); 1893 } 1894 1895 /** 1896 * smack_host_label - check host based restrictions 1897 * @sip: the object end 1898 * 1899 * looks for host based access restrictions 1900 * 1901 * This version will only be appropriate for really small sets of single label 1902 * hosts. The caller is responsible for ensuring that the RCU read lock is 1903 * taken before calling this function. 1904 * 1905 * Returns the label of the far end or NULL if it's not special. 1906 */ 1907 static char *smack_host_label(struct sockaddr_in *sip) 1908 { 1909 struct smk_netlbladdr *snp; 1910 struct in_addr *siap = &sip->sin_addr; 1911 1912 if (siap->s_addr == 0) 1913 return NULL; 1914 1915 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) 1916 /* 1917 * we break after finding the first match because 1918 * the list is sorted from longest to shortest mask 1919 * so we have found the most specific match 1920 */ 1921 if ((&snp->smk_host.sin_addr)->s_addr == 1922 (siap->s_addr & (&snp->smk_mask)->s_addr)) { 1923 /* we have found the special CIPSO option */ 1924 if (snp->smk_label == smack_cipso_option) 1925 return NULL; 1926 return snp->smk_label; 1927 } 1928 1929 return NULL; 1930 } 1931 1932 /** 1933 * smack_netlabel - Set the secattr on a socket 1934 * @sk: the socket 1935 * @labeled: socket label scheme 1936 * 1937 * Convert the outbound smack value (smk_out) to a 1938 * secattr and attach it to the socket. 1939 * 1940 * Returns 0 on success or an error code 1941 */ 1942 static int smack_netlabel(struct sock *sk, int labeled) 1943 { 1944 struct smack_known *skp; 1945 struct socket_smack *ssp = sk->sk_security; 1946 int rc = 0; 1947 1948 /* 1949 * Usually the netlabel code will handle changing the 1950 * packet labeling based on the label. 1951 * The case of a single label host is different, because 1952 * a single label host should never get a labeled packet 1953 * even though the label is usually associated with a packet 1954 * label. 1955 */ 1956 local_bh_disable(); 1957 bh_lock_sock_nested(sk); 1958 1959 if (ssp->smk_out == smack_net_ambient || 1960 labeled == SMACK_UNLABELED_SOCKET) 1961 netlbl_sock_delattr(sk); 1962 else { 1963 skp = ssp->smk_out; 1964 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 1965 } 1966 1967 bh_unlock_sock(sk); 1968 local_bh_enable(); 1969 1970 return rc; 1971 } 1972 1973 /** 1974 * smack_netlbel_send - Set the secattr on a socket and perform access checks 1975 * @sk: the socket 1976 * @sap: the destination address 1977 * 1978 * Set the correct secattr for the given socket based on the destination 1979 * address and perform any outbound access checks needed. 1980 * 1981 * Returns 0 on success or an error code. 1982 * 1983 */ 1984 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) 1985 { 1986 struct smack_known *skp; 1987 int rc; 1988 int sk_lbl; 1989 char *hostsp; 1990 struct socket_smack *ssp = sk->sk_security; 1991 struct smk_audit_info ad; 1992 1993 rcu_read_lock(); 1994 hostsp = smack_host_label(sap); 1995 if (hostsp != NULL) { 1996 #ifdef CONFIG_AUDIT 1997 struct lsm_network_audit net; 1998 1999 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2000 ad.a.u.net->family = sap->sin_family; 2001 ad.a.u.net->dport = sap->sin_port; 2002 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2003 #endif 2004 sk_lbl = SMACK_UNLABELED_SOCKET; 2005 skp = ssp->smk_out; 2006 rc = smk_access(skp, hostsp, MAY_WRITE, &ad); 2007 } else { 2008 sk_lbl = SMACK_CIPSO_SOCKET; 2009 rc = 0; 2010 } 2011 rcu_read_unlock(); 2012 if (rc != 0) 2013 return rc; 2014 2015 return smack_netlabel(sk, sk_lbl); 2016 } 2017 2018 /** 2019 * smk_ipv6_port_label - Smack port access table management 2020 * @sock: socket 2021 * @address: address 2022 * 2023 * Create or update the port list entry 2024 */ 2025 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2026 { 2027 struct sock *sk = sock->sk; 2028 struct sockaddr_in6 *addr6; 2029 struct socket_smack *ssp = sock->sk->sk_security; 2030 struct smk_port_label *spp; 2031 unsigned short port = 0; 2032 2033 if (address == NULL) { 2034 /* 2035 * This operation is changing the Smack information 2036 * on the bound socket. Take the changes to the port 2037 * as well. 2038 */ 2039 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2040 if (sk != spp->smk_sock) 2041 continue; 2042 spp->smk_in = ssp->smk_in; 2043 spp->smk_out = ssp->smk_out; 2044 return; 2045 } 2046 /* 2047 * A NULL address is only used for updating existing 2048 * bound entries. If there isn't one, it's OK. 2049 */ 2050 return; 2051 } 2052 2053 addr6 = (struct sockaddr_in6 *)address; 2054 port = ntohs(addr6->sin6_port); 2055 /* 2056 * This is a special case that is safely ignored. 2057 */ 2058 if (port == 0) 2059 return; 2060 2061 /* 2062 * Look for an existing port list entry. 2063 * This is an indication that a port is getting reused. 2064 */ 2065 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2066 if (spp->smk_port != port) 2067 continue; 2068 spp->smk_port = port; 2069 spp->smk_sock = sk; 2070 spp->smk_in = ssp->smk_in; 2071 spp->smk_out = ssp->smk_out; 2072 return; 2073 } 2074 2075 /* 2076 * A new port entry is required. 2077 */ 2078 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2079 if (spp == NULL) 2080 return; 2081 2082 spp->smk_port = port; 2083 spp->smk_sock = sk; 2084 spp->smk_in = ssp->smk_in; 2085 spp->smk_out = ssp->smk_out; 2086 2087 list_add(&spp->list, &smk_ipv6_port_list); 2088 return; 2089 } 2090 2091 /** 2092 * smk_ipv6_port_check - check Smack port access 2093 * @sock: socket 2094 * @address: address 2095 * 2096 * Create or update the port list entry 2097 */ 2098 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2099 int act) 2100 { 2101 __be16 *bep; 2102 __be32 *be32p; 2103 struct smk_port_label *spp; 2104 struct socket_smack *ssp = sk->sk_security; 2105 struct smack_known *skp; 2106 unsigned short port = 0; 2107 char *object; 2108 struct smk_audit_info ad; 2109 #ifdef CONFIG_AUDIT 2110 struct lsm_network_audit net; 2111 #endif 2112 2113 if (act == SMK_RECEIVING) { 2114 skp = smack_net_ambient; 2115 object = ssp->smk_in->smk_known; 2116 } else { 2117 skp = ssp->smk_out; 2118 object = smack_net_ambient->smk_known; 2119 } 2120 2121 /* 2122 * Get the IP address and port from the address. 2123 */ 2124 port = ntohs(address->sin6_port); 2125 bep = (__be16 *)(&address->sin6_addr); 2126 be32p = (__be32 *)(&address->sin6_addr); 2127 2128 /* 2129 * It's remote, so port lookup does no good. 2130 */ 2131 if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1) 2132 goto auditout; 2133 2134 /* 2135 * It's local so the send check has to have passed. 2136 */ 2137 if (act == SMK_RECEIVING) { 2138 skp = &smack_known_web; 2139 goto auditout; 2140 } 2141 2142 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2143 if (spp->smk_port != port) 2144 continue; 2145 object = spp->smk_in->smk_known; 2146 if (act == SMK_CONNECTING) 2147 ssp->smk_packet = spp->smk_out; 2148 break; 2149 } 2150 2151 auditout: 2152 2153 #ifdef CONFIG_AUDIT 2154 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2155 ad.a.u.net->family = sk->sk_family; 2156 ad.a.u.net->dport = port; 2157 if (act == SMK_RECEIVING) 2158 ad.a.u.net->v6info.saddr = address->sin6_addr; 2159 else 2160 ad.a.u.net->v6info.daddr = address->sin6_addr; 2161 #endif 2162 return smk_access(skp, object, MAY_WRITE, &ad); 2163 } 2164 2165 /** 2166 * smack_inode_setsecurity - set smack xattrs 2167 * @inode: the object 2168 * @name: attribute name 2169 * @value: attribute value 2170 * @size: size of the attribute 2171 * @flags: unused 2172 * 2173 * Sets the named attribute in the appropriate blob 2174 * 2175 * Returns 0 on success, or an error code 2176 */ 2177 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2178 const void *value, size_t size, int flags) 2179 { 2180 struct smack_known *skp; 2181 struct inode_smack *nsp = inode->i_security; 2182 struct socket_smack *ssp; 2183 struct socket *sock; 2184 int rc = 0; 2185 2186 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2187 return -EINVAL; 2188 2189 skp = smk_import_entry(value, size); 2190 if (skp == NULL) 2191 return -EINVAL; 2192 2193 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2194 nsp->smk_inode = skp->smk_known; 2195 nsp->smk_flags |= SMK_INODE_INSTANT; 2196 return 0; 2197 } 2198 /* 2199 * The rest of the Smack xattrs are only on sockets. 2200 */ 2201 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2202 return -EOPNOTSUPP; 2203 2204 sock = SOCKET_I(inode); 2205 if (sock == NULL || sock->sk == NULL) 2206 return -EOPNOTSUPP; 2207 2208 ssp = sock->sk->sk_security; 2209 2210 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2211 ssp->smk_in = skp; 2212 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2213 ssp->smk_out = skp; 2214 if (sock->sk->sk_family == PF_INET) { 2215 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2216 if (rc != 0) 2217 printk(KERN_WARNING 2218 "Smack: \"%s\" netlbl error %d.\n", 2219 __func__, -rc); 2220 } 2221 } else 2222 return -EOPNOTSUPP; 2223 2224 if (sock->sk->sk_family == PF_INET6) 2225 smk_ipv6_port_label(sock, NULL); 2226 2227 return 0; 2228 } 2229 2230 /** 2231 * smack_socket_post_create - finish socket setup 2232 * @sock: the socket 2233 * @family: protocol family 2234 * @type: unused 2235 * @protocol: unused 2236 * @kern: unused 2237 * 2238 * Sets the netlabel information on the socket 2239 * 2240 * Returns 0 on success, and error code otherwise 2241 */ 2242 static int smack_socket_post_create(struct socket *sock, int family, 2243 int type, int protocol, int kern) 2244 { 2245 if (family != PF_INET || sock->sk == NULL) 2246 return 0; 2247 /* 2248 * Set the outbound netlbl. 2249 */ 2250 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2251 } 2252 2253 /** 2254 * smack_socket_bind - record port binding information. 2255 * @sock: the socket 2256 * @address: the port address 2257 * @addrlen: size of the address 2258 * 2259 * Records the label bound to a port. 2260 * 2261 * Returns 0 2262 */ 2263 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2264 int addrlen) 2265 { 2266 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) 2267 smk_ipv6_port_label(sock, address); 2268 2269 return 0; 2270 } 2271 2272 /** 2273 * smack_socket_connect - connect access check 2274 * @sock: the socket 2275 * @sap: the other end 2276 * @addrlen: size of sap 2277 * 2278 * Verifies that a connection may be possible 2279 * 2280 * Returns 0 on success, and error code otherwise 2281 */ 2282 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2283 int addrlen) 2284 { 2285 int rc = 0; 2286 2287 if (sock->sk == NULL) 2288 return 0; 2289 2290 switch (sock->sk->sk_family) { 2291 case PF_INET: 2292 if (addrlen < sizeof(struct sockaddr_in)) 2293 return -EINVAL; 2294 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); 2295 break; 2296 case PF_INET6: 2297 if (addrlen < sizeof(struct sockaddr_in6)) 2298 return -EINVAL; 2299 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap, 2300 SMK_CONNECTING); 2301 break; 2302 } 2303 return rc; 2304 } 2305 2306 /** 2307 * smack_flags_to_may - convert S_ to MAY_ values 2308 * @flags: the S_ value 2309 * 2310 * Returns the equivalent MAY_ value 2311 */ 2312 static int smack_flags_to_may(int flags) 2313 { 2314 int may = 0; 2315 2316 if (flags & S_IRUGO) 2317 may |= MAY_READ; 2318 if (flags & S_IWUGO) 2319 may |= MAY_WRITE; 2320 if (flags & S_IXUGO) 2321 may |= MAY_EXEC; 2322 2323 return may; 2324 } 2325 2326 /** 2327 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2328 * @msg: the object 2329 * 2330 * Returns 0 2331 */ 2332 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2333 { 2334 struct smack_known *skp = smk_of_current(); 2335 2336 msg->security = skp->smk_known; 2337 return 0; 2338 } 2339 2340 /** 2341 * smack_msg_msg_free_security - Clear the security blob for msg_msg 2342 * @msg: the object 2343 * 2344 * Clears the blob pointer 2345 */ 2346 static void smack_msg_msg_free_security(struct msg_msg *msg) 2347 { 2348 msg->security = NULL; 2349 } 2350 2351 /** 2352 * smack_of_shm - the smack pointer for the shm 2353 * @shp: the object 2354 * 2355 * Returns a pointer to the smack value 2356 */ 2357 static char *smack_of_shm(struct shmid_kernel *shp) 2358 { 2359 return (char *)shp->shm_perm.security; 2360 } 2361 2362 /** 2363 * smack_shm_alloc_security - Set the security blob for shm 2364 * @shp: the object 2365 * 2366 * Returns 0 2367 */ 2368 static int smack_shm_alloc_security(struct shmid_kernel *shp) 2369 { 2370 struct kern_ipc_perm *isp = &shp->shm_perm; 2371 struct smack_known *skp = smk_of_current(); 2372 2373 isp->security = skp->smk_known; 2374 return 0; 2375 } 2376 2377 /** 2378 * smack_shm_free_security - Clear the security blob for shm 2379 * @shp: the object 2380 * 2381 * Clears the blob pointer 2382 */ 2383 static void smack_shm_free_security(struct shmid_kernel *shp) 2384 { 2385 struct kern_ipc_perm *isp = &shp->shm_perm; 2386 2387 isp->security = NULL; 2388 } 2389 2390 /** 2391 * smk_curacc_shm : check if current has access on shm 2392 * @shp : the object 2393 * @access : access requested 2394 * 2395 * Returns 0 if current has the requested access, error code otherwise 2396 */ 2397 static int smk_curacc_shm(struct shmid_kernel *shp, int access) 2398 { 2399 char *ssp = smack_of_shm(shp); 2400 struct smk_audit_info ad; 2401 2402 #ifdef CONFIG_AUDIT 2403 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2404 ad.a.u.ipc_id = shp->shm_perm.id; 2405 #endif 2406 return smk_curacc(ssp, access, &ad); 2407 } 2408 2409 /** 2410 * smack_shm_associate - Smack access check for shm 2411 * @shp: the object 2412 * @shmflg: access requested 2413 * 2414 * Returns 0 if current has the requested access, error code otherwise 2415 */ 2416 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 2417 { 2418 int may; 2419 2420 may = smack_flags_to_may(shmflg); 2421 return smk_curacc_shm(shp, may); 2422 } 2423 2424 /** 2425 * smack_shm_shmctl - Smack access check for shm 2426 * @shp: the object 2427 * @cmd: what it wants to do 2428 * 2429 * Returns 0 if current has the requested access, error code otherwise 2430 */ 2431 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 2432 { 2433 int may; 2434 2435 switch (cmd) { 2436 case IPC_STAT: 2437 case SHM_STAT: 2438 may = MAY_READ; 2439 break; 2440 case IPC_SET: 2441 case SHM_LOCK: 2442 case SHM_UNLOCK: 2443 case IPC_RMID: 2444 may = MAY_READWRITE; 2445 break; 2446 case IPC_INFO: 2447 case SHM_INFO: 2448 /* 2449 * System level information. 2450 */ 2451 return 0; 2452 default: 2453 return -EINVAL; 2454 } 2455 return smk_curacc_shm(shp, may); 2456 } 2457 2458 /** 2459 * smack_shm_shmat - Smack access for shmat 2460 * @shp: the object 2461 * @shmaddr: unused 2462 * @shmflg: access requested 2463 * 2464 * Returns 0 if current has the requested access, error code otherwise 2465 */ 2466 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 2467 int shmflg) 2468 { 2469 int may; 2470 2471 may = smack_flags_to_may(shmflg); 2472 return smk_curacc_shm(shp, may); 2473 } 2474 2475 /** 2476 * smack_of_sem - the smack pointer for the sem 2477 * @sma: the object 2478 * 2479 * Returns a pointer to the smack value 2480 */ 2481 static char *smack_of_sem(struct sem_array *sma) 2482 { 2483 return (char *)sma->sem_perm.security; 2484 } 2485 2486 /** 2487 * smack_sem_alloc_security - Set the security blob for sem 2488 * @sma: the object 2489 * 2490 * Returns 0 2491 */ 2492 static int smack_sem_alloc_security(struct sem_array *sma) 2493 { 2494 struct kern_ipc_perm *isp = &sma->sem_perm; 2495 struct smack_known *skp = smk_of_current(); 2496 2497 isp->security = skp->smk_known; 2498 return 0; 2499 } 2500 2501 /** 2502 * smack_sem_free_security - Clear the security blob for sem 2503 * @sma: the object 2504 * 2505 * Clears the blob pointer 2506 */ 2507 static void smack_sem_free_security(struct sem_array *sma) 2508 { 2509 struct kern_ipc_perm *isp = &sma->sem_perm; 2510 2511 isp->security = NULL; 2512 } 2513 2514 /** 2515 * smk_curacc_sem : check if current has access on sem 2516 * @sma : the object 2517 * @access : access requested 2518 * 2519 * Returns 0 if current has the requested access, error code otherwise 2520 */ 2521 static int smk_curacc_sem(struct sem_array *sma, int access) 2522 { 2523 char *ssp = smack_of_sem(sma); 2524 struct smk_audit_info ad; 2525 2526 #ifdef CONFIG_AUDIT 2527 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2528 ad.a.u.ipc_id = sma->sem_perm.id; 2529 #endif 2530 return smk_curacc(ssp, access, &ad); 2531 } 2532 2533 /** 2534 * smack_sem_associate - Smack access check for sem 2535 * @sma: the object 2536 * @semflg: access requested 2537 * 2538 * Returns 0 if current has the requested access, error code otherwise 2539 */ 2540 static int smack_sem_associate(struct sem_array *sma, int semflg) 2541 { 2542 int may; 2543 2544 may = smack_flags_to_may(semflg); 2545 return smk_curacc_sem(sma, may); 2546 } 2547 2548 /** 2549 * smack_sem_shmctl - Smack access check for sem 2550 * @sma: the object 2551 * @cmd: what it wants to do 2552 * 2553 * Returns 0 if current has the requested access, error code otherwise 2554 */ 2555 static int smack_sem_semctl(struct sem_array *sma, int cmd) 2556 { 2557 int may; 2558 2559 switch (cmd) { 2560 case GETPID: 2561 case GETNCNT: 2562 case GETZCNT: 2563 case GETVAL: 2564 case GETALL: 2565 case IPC_STAT: 2566 case SEM_STAT: 2567 may = MAY_READ; 2568 break; 2569 case SETVAL: 2570 case SETALL: 2571 case IPC_RMID: 2572 case IPC_SET: 2573 may = MAY_READWRITE; 2574 break; 2575 case IPC_INFO: 2576 case SEM_INFO: 2577 /* 2578 * System level information 2579 */ 2580 return 0; 2581 default: 2582 return -EINVAL; 2583 } 2584 2585 return smk_curacc_sem(sma, may); 2586 } 2587 2588 /** 2589 * smack_sem_semop - Smack checks of semaphore operations 2590 * @sma: the object 2591 * @sops: unused 2592 * @nsops: unused 2593 * @alter: unused 2594 * 2595 * Treated as read and write in all cases. 2596 * 2597 * Returns 0 if access is allowed, error code otherwise 2598 */ 2599 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, 2600 unsigned nsops, int alter) 2601 { 2602 return smk_curacc_sem(sma, MAY_READWRITE); 2603 } 2604 2605 /** 2606 * smack_msg_alloc_security - Set the security blob for msg 2607 * @msq: the object 2608 * 2609 * Returns 0 2610 */ 2611 static int smack_msg_queue_alloc_security(struct msg_queue *msq) 2612 { 2613 struct kern_ipc_perm *kisp = &msq->q_perm; 2614 struct smack_known *skp = smk_of_current(); 2615 2616 kisp->security = skp->smk_known; 2617 return 0; 2618 } 2619 2620 /** 2621 * smack_msg_free_security - Clear the security blob for msg 2622 * @msq: the object 2623 * 2624 * Clears the blob pointer 2625 */ 2626 static void smack_msg_queue_free_security(struct msg_queue *msq) 2627 { 2628 struct kern_ipc_perm *kisp = &msq->q_perm; 2629 2630 kisp->security = NULL; 2631 } 2632 2633 /** 2634 * smack_of_msq - the smack pointer for the msq 2635 * @msq: the object 2636 * 2637 * Returns a pointer to the smack value 2638 */ 2639 static char *smack_of_msq(struct msg_queue *msq) 2640 { 2641 return (char *)msq->q_perm.security; 2642 } 2643 2644 /** 2645 * smk_curacc_msq : helper to check if current has access on msq 2646 * @msq : the msq 2647 * @access : access requested 2648 * 2649 * return 0 if current has access, error otherwise 2650 */ 2651 static int smk_curacc_msq(struct msg_queue *msq, int access) 2652 { 2653 char *msp = smack_of_msq(msq); 2654 struct smk_audit_info ad; 2655 2656 #ifdef CONFIG_AUDIT 2657 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2658 ad.a.u.ipc_id = msq->q_perm.id; 2659 #endif 2660 return smk_curacc(msp, access, &ad); 2661 } 2662 2663 /** 2664 * smack_msg_queue_associate - Smack access check for msg_queue 2665 * @msq: the object 2666 * @msqflg: access requested 2667 * 2668 * Returns 0 if current has the requested access, error code otherwise 2669 */ 2670 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) 2671 { 2672 int may; 2673 2674 may = smack_flags_to_may(msqflg); 2675 return smk_curacc_msq(msq, may); 2676 } 2677 2678 /** 2679 * smack_msg_queue_msgctl - Smack access check for msg_queue 2680 * @msq: the object 2681 * @cmd: what it wants to do 2682 * 2683 * Returns 0 if current has the requested access, error code otherwise 2684 */ 2685 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 2686 { 2687 int may; 2688 2689 switch (cmd) { 2690 case IPC_STAT: 2691 case MSG_STAT: 2692 may = MAY_READ; 2693 break; 2694 case IPC_SET: 2695 case IPC_RMID: 2696 may = MAY_READWRITE; 2697 break; 2698 case IPC_INFO: 2699 case MSG_INFO: 2700 /* 2701 * System level information 2702 */ 2703 return 0; 2704 default: 2705 return -EINVAL; 2706 } 2707 2708 return smk_curacc_msq(msq, may); 2709 } 2710 2711 /** 2712 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2713 * @msq: the object 2714 * @msg: unused 2715 * @msqflg: access requested 2716 * 2717 * Returns 0 if current has the requested access, error code otherwise 2718 */ 2719 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 2720 int msqflg) 2721 { 2722 int may; 2723 2724 may = smack_flags_to_may(msqflg); 2725 return smk_curacc_msq(msq, may); 2726 } 2727 2728 /** 2729 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2730 * @msq: the object 2731 * @msg: unused 2732 * @target: unused 2733 * @type: unused 2734 * @mode: unused 2735 * 2736 * Returns 0 if current has read and write access, error code otherwise 2737 */ 2738 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 2739 struct task_struct *target, long type, int mode) 2740 { 2741 return smk_curacc_msq(msq, MAY_READWRITE); 2742 } 2743 2744 /** 2745 * smack_ipc_permission - Smack access for ipc_permission() 2746 * @ipp: the object permissions 2747 * @flag: access requested 2748 * 2749 * Returns 0 if current has read and write access, error code otherwise 2750 */ 2751 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 2752 { 2753 char *isp = ipp->security; 2754 int may = smack_flags_to_may(flag); 2755 struct smk_audit_info ad; 2756 2757 #ifdef CONFIG_AUDIT 2758 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2759 ad.a.u.ipc_id = ipp->id; 2760 #endif 2761 return smk_curacc(isp, may, &ad); 2762 } 2763 2764 /** 2765 * smack_ipc_getsecid - Extract smack security id 2766 * @ipp: the object permissions 2767 * @secid: where result will be saved 2768 */ 2769 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 2770 { 2771 char *smack = ipp->security; 2772 2773 *secid = smack_to_secid(smack); 2774 } 2775 2776 /** 2777 * smack_d_instantiate - Make sure the blob is correct on an inode 2778 * @opt_dentry: dentry where inode will be attached 2779 * @inode: the object 2780 * 2781 * Set the inode's security blob if it hasn't been done already. 2782 */ 2783 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 2784 { 2785 struct super_block *sbp; 2786 struct superblock_smack *sbsp; 2787 struct inode_smack *isp; 2788 struct smack_known *skp; 2789 struct smack_known *ckp = smk_of_current(); 2790 char *final; 2791 char trattr[TRANS_TRUE_SIZE]; 2792 int transflag = 0; 2793 int rc; 2794 struct dentry *dp; 2795 2796 if (inode == NULL) 2797 return; 2798 2799 isp = inode->i_security; 2800 2801 mutex_lock(&isp->smk_lock); 2802 /* 2803 * If the inode is already instantiated 2804 * take the quick way out 2805 */ 2806 if (isp->smk_flags & SMK_INODE_INSTANT) 2807 goto unlockandout; 2808 2809 sbp = inode->i_sb; 2810 sbsp = sbp->s_security; 2811 /* 2812 * We're going to use the superblock default label 2813 * if there's no label on the file. 2814 */ 2815 final = sbsp->smk_default; 2816 2817 /* 2818 * If this is the root inode the superblock 2819 * may be in the process of initialization. 2820 * If that is the case use the root value out 2821 * of the superblock. 2822 */ 2823 if (opt_dentry->d_parent == opt_dentry) { 2824 if (sbp->s_magic == CGROUP_SUPER_MAGIC) { 2825 /* 2826 * The cgroup filesystem is never mounted, 2827 * so there's no opportunity to set the mount 2828 * options. 2829 */ 2830 sbsp->smk_root = smack_known_star.smk_known; 2831 sbsp->smk_default = smack_known_star.smk_known; 2832 } 2833 isp->smk_inode = sbsp->smk_root; 2834 isp->smk_flags |= SMK_INODE_INSTANT; 2835 goto unlockandout; 2836 } 2837 2838 /* 2839 * This is pretty hackish. 2840 * Casey says that we shouldn't have to do 2841 * file system specific code, but it does help 2842 * with keeping it simple. 2843 */ 2844 switch (sbp->s_magic) { 2845 case SMACK_MAGIC: 2846 case PIPEFS_MAGIC: 2847 case SOCKFS_MAGIC: 2848 case CGROUP_SUPER_MAGIC: 2849 /* 2850 * Casey says that it's a little embarrassing 2851 * that the smack file system doesn't do 2852 * extended attributes. 2853 * 2854 * Casey says pipes are easy (?) 2855 * 2856 * Socket access is controlled by the socket 2857 * structures associated with the task involved. 2858 * 2859 * Cgroupfs is special 2860 */ 2861 final = smack_known_star.smk_known; 2862 break; 2863 case DEVPTS_SUPER_MAGIC: 2864 /* 2865 * devpts seems content with the label of the task. 2866 * Programs that change smack have to treat the 2867 * pty with respect. 2868 */ 2869 final = ckp->smk_known; 2870 break; 2871 case PROC_SUPER_MAGIC: 2872 /* 2873 * Casey says procfs appears not to care. 2874 * The superblock default suffices. 2875 */ 2876 break; 2877 case TMPFS_MAGIC: 2878 /* 2879 * Device labels should come from the filesystem, 2880 * but watch out, because they're volitile, 2881 * getting recreated on every reboot. 2882 */ 2883 final = smack_known_star.smk_known; 2884 /* 2885 * No break. 2886 * 2887 * If a smack value has been set we want to use it, 2888 * but since tmpfs isn't giving us the opportunity 2889 * to set mount options simulate setting the 2890 * superblock default. 2891 */ 2892 default: 2893 /* 2894 * This isn't an understood special case. 2895 * Get the value from the xattr. 2896 */ 2897 2898 /* 2899 * UNIX domain sockets use lower level socket data. 2900 */ 2901 if (S_ISSOCK(inode->i_mode)) { 2902 final = smack_known_star.smk_known; 2903 break; 2904 } 2905 /* 2906 * No xattr support means, alas, no SMACK label. 2907 * Use the aforeapplied default. 2908 * It would be curious if the label of the task 2909 * does not match that assigned. 2910 */ 2911 if (inode->i_op->getxattr == NULL) 2912 break; 2913 /* 2914 * Get the dentry for xattr. 2915 */ 2916 dp = dget(opt_dentry); 2917 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 2918 if (skp != NULL) 2919 final = skp->smk_known; 2920 2921 /* 2922 * Transmuting directory 2923 */ 2924 if (S_ISDIR(inode->i_mode)) { 2925 /* 2926 * If this is a new directory and the label was 2927 * transmuted when the inode was initialized 2928 * set the transmute attribute on the directory 2929 * and mark the inode. 2930 * 2931 * If there is a transmute attribute on the 2932 * directory mark the inode. 2933 */ 2934 if (isp->smk_flags & SMK_INODE_CHANGED) { 2935 isp->smk_flags &= ~SMK_INODE_CHANGED; 2936 rc = inode->i_op->setxattr(dp, 2937 XATTR_NAME_SMACKTRANSMUTE, 2938 TRANS_TRUE, TRANS_TRUE_SIZE, 2939 0); 2940 } else { 2941 rc = inode->i_op->getxattr(dp, 2942 XATTR_NAME_SMACKTRANSMUTE, trattr, 2943 TRANS_TRUE_SIZE); 2944 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 2945 TRANS_TRUE_SIZE) != 0) 2946 rc = -EINVAL; 2947 } 2948 if (rc >= 0) 2949 transflag = SMK_INODE_TRANSMUTE; 2950 } 2951 /* 2952 * Don't let the exec or mmap label be "*" or "@". 2953 */ 2954 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 2955 if (skp == &smack_known_star || skp == &smack_known_web) 2956 skp = NULL; 2957 isp->smk_task = skp; 2958 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 2959 if (skp == &smack_known_star || skp == &smack_known_web) 2960 skp = NULL; 2961 isp->smk_mmap = skp; 2962 2963 dput(dp); 2964 break; 2965 } 2966 2967 if (final == NULL) 2968 isp->smk_inode = ckp->smk_known; 2969 else 2970 isp->smk_inode = final; 2971 2972 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 2973 2974 unlockandout: 2975 mutex_unlock(&isp->smk_lock); 2976 return; 2977 } 2978 2979 /** 2980 * smack_getprocattr - Smack process attribute access 2981 * @p: the object task 2982 * @name: the name of the attribute in /proc/.../attr 2983 * @value: where to put the result 2984 * 2985 * Places a copy of the task Smack into value 2986 * 2987 * Returns the length of the smack label or an error code 2988 */ 2989 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 2990 { 2991 struct smack_known *skp = smk_of_task(task_security(p)); 2992 char *cp; 2993 int slen; 2994 2995 if (strcmp(name, "current") != 0) 2996 return -EINVAL; 2997 2998 cp = kstrdup(skp->smk_known, GFP_KERNEL); 2999 if (cp == NULL) 3000 return -ENOMEM; 3001 3002 slen = strlen(cp); 3003 *value = cp; 3004 return slen; 3005 } 3006 3007 /** 3008 * smack_setprocattr - Smack process attribute setting 3009 * @p: the object task 3010 * @name: the name of the attribute in /proc/.../attr 3011 * @value: the value to set 3012 * @size: the size of the value 3013 * 3014 * Sets the Smack value of the task. Only setting self 3015 * is permitted and only with privilege 3016 * 3017 * Returns the length of the smack label or an error code 3018 */ 3019 static int smack_setprocattr(struct task_struct *p, char *name, 3020 void *value, size_t size) 3021 { 3022 struct task_smack *tsp; 3023 struct cred *new; 3024 struct smack_known *skp; 3025 3026 /* 3027 * Changing another process' Smack value is too dangerous 3028 * and supports no sane use case. 3029 */ 3030 if (p != current) 3031 return -EPERM; 3032 3033 if (!smack_privileged(CAP_MAC_ADMIN)) 3034 return -EPERM; 3035 3036 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3037 return -EINVAL; 3038 3039 if (strcmp(name, "current") != 0) 3040 return -EINVAL; 3041 3042 skp = smk_import_entry(value, size); 3043 if (skp == NULL) 3044 return -EINVAL; 3045 3046 /* 3047 * No process is ever allowed the web ("@") label. 3048 */ 3049 if (skp == &smack_known_web) 3050 return -EPERM; 3051 3052 new = prepare_creds(); 3053 if (new == NULL) 3054 return -ENOMEM; 3055 3056 tsp = new->security; 3057 tsp->smk_task = skp; 3058 3059 commit_creds(new); 3060 return size; 3061 } 3062 3063 /** 3064 * smack_unix_stream_connect - Smack access on UDS 3065 * @sock: one sock 3066 * @other: the other sock 3067 * @newsk: unused 3068 * 3069 * Return 0 if a subject with the smack of sock could access 3070 * an object with the smack of other, otherwise an error code 3071 */ 3072 static int smack_unix_stream_connect(struct sock *sock, 3073 struct sock *other, struct sock *newsk) 3074 { 3075 struct smack_known *skp; 3076 struct smack_known *okp; 3077 struct socket_smack *ssp = sock->sk_security; 3078 struct socket_smack *osp = other->sk_security; 3079 struct socket_smack *nsp = newsk->sk_security; 3080 struct smk_audit_info ad; 3081 int rc = 0; 3082 #ifdef CONFIG_AUDIT 3083 struct lsm_network_audit net; 3084 #endif 3085 3086 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3087 skp = ssp->smk_out; 3088 okp = osp->smk_out; 3089 #ifdef CONFIG_AUDIT 3090 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3091 smk_ad_setfield_u_net_sk(&ad, other); 3092 #endif 3093 rc = smk_access(skp, okp->smk_known, MAY_WRITE, &ad); 3094 if (rc == 0) 3095 rc = smk_access(okp, okp->smk_known, MAY_WRITE, NULL); 3096 } 3097 3098 /* 3099 * Cross reference the peer labels for SO_PEERSEC. 3100 */ 3101 if (rc == 0) { 3102 nsp->smk_packet = ssp->smk_out; 3103 ssp->smk_packet = osp->smk_out; 3104 } 3105 3106 return rc; 3107 } 3108 3109 /** 3110 * smack_unix_may_send - Smack access on UDS 3111 * @sock: one socket 3112 * @other: the other socket 3113 * 3114 * Return 0 if a subject with the smack of sock could access 3115 * an object with the smack of other, otherwise an error code 3116 */ 3117 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3118 { 3119 struct socket_smack *ssp = sock->sk->sk_security; 3120 struct socket_smack *osp = other->sk->sk_security; 3121 struct smack_known *skp; 3122 struct smk_audit_info ad; 3123 3124 #ifdef CONFIG_AUDIT 3125 struct lsm_network_audit net; 3126 3127 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3128 smk_ad_setfield_u_net_sk(&ad, other->sk); 3129 #endif 3130 3131 if (smack_privileged(CAP_MAC_OVERRIDE)) 3132 return 0; 3133 3134 skp = ssp->smk_out; 3135 return smk_access(skp, osp->smk_in->smk_known, MAY_WRITE, &ad); 3136 } 3137 3138 /** 3139 * smack_socket_sendmsg - Smack check based on destination host 3140 * @sock: the socket 3141 * @msg: the message 3142 * @size: the size of the message 3143 * 3144 * Return 0 if the current subject can write to the destination host. 3145 * For IPv4 this is only a question if the destination is a single label host. 3146 * For IPv6 this is a check against the label of the port. 3147 */ 3148 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3149 int size) 3150 { 3151 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3152 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3153 int rc = 0; 3154 3155 /* 3156 * Perfectly reasonable for this to be NULL 3157 */ 3158 if (sip == NULL) 3159 return 0; 3160 3161 switch (sip->sin_family) { 3162 case AF_INET: 3163 rc = smack_netlabel_send(sock->sk, sip); 3164 break; 3165 case AF_INET6: 3166 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3167 break; 3168 } 3169 return rc; 3170 } 3171 3172 /** 3173 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3174 * @sap: netlabel secattr 3175 * @ssp: socket security information 3176 * 3177 * Returns a pointer to a Smack label entry found on the label list. 3178 */ 3179 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3180 struct socket_smack *ssp) 3181 { 3182 struct smack_known *skp; 3183 int found = 0; 3184 int acat; 3185 int kcat; 3186 3187 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3188 /* 3189 * Looks like a CIPSO packet. 3190 * If there are flags but no level netlabel isn't 3191 * behaving the way we expect it to. 3192 * 3193 * Look it up in the label table 3194 * Without guidance regarding the smack value 3195 * for the packet fall back on the network 3196 * ambient value. 3197 */ 3198 rcu_read_lock(); 3199 list_for_each_entry(skp, &smack_known_list, list) { 3200 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3201 continue; 3202 /* 3203 * Compare the catsets. Use the netlbl APIs. 3204 */ 3205 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3206 if ((skp->smk_netlabel.flags & 3207 NETLBL_SECATTR_MLS_CAT) == 0) 3208 found = 1; 3209 break; 3210 } 3211 for (acat = -1, kcat = -1; acat == kcat; ) { 3212 acat = netlbl_secattr_catmap_walk( 3213 sap->attr.mls.cat, acat + 1); 3214 kcat = netlbl_secattr_catmap_walk( 3215 skp->smk_netlabel.attr.mls.cat, 3216 kcat + 1); 3217 if (acat < 0 || kcat < 0) 3218 break; 3219 } 3220 if (acat == kcat) { 3221 found = 1; 3222 break; 3223 } 3224 } 3225 rcu_read_unlock(); 3226 3227 if (found) 3228 return skp; 3229 3230 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3231 return &smack_known_web; 3232 return &smack_known_star; 3233 } 3234 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { 3235 /* 3236 * Looks like a fallback, which gives us a secid. 3237 */ 3238 skp = smack_from_secid(sap->attr.secid); 3239 /* 3240 * This has got to be a bug because it is 3241 * impossible to specify a fallback without 3242 * specifying the label, which will ensure 3243 * it has a secid, and the only way to get a 3244 * secid is from a fallback. 3245 */ 3246 BUG_ON(skp == NULL); 3247 return skp; 3248 } 3249 /* 3250 * Without guidance regarding the smack value 3251 * for the packet fall back on the network 3252 * ambient value. 3253 */ 3254 return smack_net_ambient; 3255 } 3256 3257 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3258 { 3259 u8 nexthdr; 3260 int offset; 3261 int proto = -EINVAL; 3262 struct ipv6hdr _ipv6h; 3263 struct ipv6hdr *ip6; 3264 __be16 frag_off; 3265 struct tcphdr _tcph, *th; 3266 struct udphdr _udph, *uh; 3267 struct dccp_hdr _dccph, *dh; 3268 3269 sip->sin6_port = 0; 3270 3271 offset = skb_network_offset(skb); 3272 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3273 if (ip6 == NULL) 3274 return -EINVAL; 3275 sip->sin6_addr = ip6->saddr; 3276 3277 nexthdr = ip6->nexthdr; 3278 offset += sizeof(_ipv6h); 3279 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3280 if (offset < 0) 3281 return -EINVAL; 3282 3283 proto = nexthdr; 3284 switch (proto) { 3285 case IPPROTO_TCP: 3286 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3287 if (th != NULL) 3288 sip->sin6_port = th->source; 3289 break; 3290 case IPPROTO_UDP: 3291 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3292 if (uh != NULL) 3293 sip->sin6_port = uh->source; 3294 break; 3295 case IPPROTO_DCCP: 3296 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3297 if (dh != NULL) 3298 sip->sin6_port = dh->dccph_sport; 3299 break; 3300 } 3301 return proto; 3302 } 3303 3304 /** 3305 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3306 * @sk: socket 3307 * @skb: packet 3308 * 3309 * Returns 0 if the packet should be delivered, an error code otherwise 3310 */ 3311 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3312 { 3313 struct netlbl_lsm_secattr secattr; 3314 struct socket_smack *ssp = sk->sk_security; 3315 struct smack_known *skp; 3316 struct sockaddr_in6 sadd; 3317 int rc = 0; 3318 struct smk_audit_info ad; 3319 #ifdef CONFIG_AUDIT 3320 struct lsm_network_audit net; 3321 #endif 3322 switch (sk->sk_family) { 3323 case PF_INET: 3324 /* 3325 * Translate what netlabel gave us. 3326 */ 3327 netlbl_secattr_init(&secattr); 3328 3329 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); 3330 if (rc == 0) 3331 skp = smack_from_secattr(&secattr, ssp); 3332 else 3333 skp = smack_net_ambient; 3334 3335 netlbl_secattr_destroy(&secattr); 3336 3337 #ifdef CONFIG_AUDIT 3338 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3339 ad.a.u.net->family = sk->sk_family; 3340 ad.a.u.net->netif = skb->skb_iif; 3341 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3342 #endif 3343 /* 3344 * Receiving a packet requires that the other end 3345 * be able to write here. Read access is not required. 3346 * This is the simplist possible security model 3347 * for networking. 3348 */ 3349 rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad); 3350 if (rc != 0) 3351 netlbl_skbuff_err(skb, rc, 0); 3352 break; 3353 case PF_INET6: 3354 rc = smk_skb_to_addr_ipv6(skb, &sadd); 3355 if (rc == IPPROTO_UDP || rc == IPPROTO_TCP) 3356 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3357 else 3358 rc = 0; 3359 break; 3360 } 3361 return rc; 3362 } 3363 3364 /** 3365 * smack_socket_getpeersec_stream - pull in packet label 3366 * @sock: the socket 3367 * @optval: user's destination 3368 * @optlen: size thereof 3369 * @len: max thereof 3370 * 3371 * returns zero on success, an error code otherwise 3372 */ 3373 static int smack_socket_getpeersec_stream(struct socket *sock, 3374 char __user *optval, 3375 int __user *optlen, unsigned len) 3376 { 3377 struct socket_smack *ssp; 3378 char *rcp = ""; 3379 int slen = 1; 3380 int rc = 0; 3381 3382 ssp = sock->sk->sk_security; 3383 if (ssp->smk_packet != NULL) { 3384 rcp = ssp->smk_packet->smk_known; 3385 slen = strlen(rcp) + 1; 3386 } 3387 3388 if (slen > len) 3389 rc = -ERANGE; 3390 else if (copy_to_user(optval, rcp, slen) != 0) 3391 rc = -EFAULT; 3392 3393 if (put_user(slen, optlen) != 0) 3394 rc = -EFAULT; 3395 3396 return rc; 3397 } 3398 3399 3400 /** 3401 * smack_socket_getpeersec_dgram - pull in packet label 3402 * @sock: the peer socket 3403 * @skb: packet data 3404 * @secid: pointer to where to put the secid of the packet 3405 * 3406 * Sets the netlabel socket state on sk from parent 3407 */ 3408 static int smack_socket_getpeersec_dgram(struct socket *sock, 3409 struct sk_buff *skb, u32 *secid) 3410 3411 { 3412 struct netlbl_lsm_secattr secattr; 3413 struct socket_smack *ssp = NULL; 3414 struct smack_known *skp; 3415 int family = PF_UNSPEC; 3416 u32 s = 0; /* 0 is the invalid secid */ 3417 int rc; 3418 3419 if (skb != NULL) { 3420 if (skb->protocol == htons(ETH_P_IP)) 3421 family = PF_INET; 3422 else if (skb->protocol == htons(ETH_P_IPV6)) 3423 family = PF_INET6; 3424 } 3425 if (family == PF_UNSPEC && sock != NULL) 3426 family = sock->sk->sk_family; 3427 3428 if (family == PF_UNIX) { 3429 ssp = sock->sk->sk_security; 3430 s = ssp->smk_out->smk_secid; 3431 } else if (family == PF_INET || family == PF_INET6) { 3432 /* 3433 * Translate what netlabel gave us. 3434 */ 3435 if (sock != NULL && sock->sk != NULL) 3436 ssp = sock->sk->sk_security; 3437 netlbl_secattr_init(&secattr); 3438 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3439 if (rc == 0) { 3440 skp = smack_from_secattr(&secattr, ssp); 3441 s = skp->smk_secid; 3442 } 3443 netlbl_secattr_destroy(&secattr); 3444 } 3445 *secid = s; 3446 if (s == 0) 3447 return -EINVAL; 3448 return 0; 3449 } 3450 3451 /** 3452 * smack_sock_graft - Initialize a newly created socket with an existing sock 3453 * @sk: child sock 3454 * @parent: parent socket 3455 * 3456 * Set the smk_{in,out} state of an existing sock based on the process that 3457 * is creating the new socket. 3458 */ 3459 static void smack_sock_graft(struct sock *sk, struct socket *parent) 3460 { 3461 struct socket_smack *ssp; 3462 struct smack_known *skp = smk_of_current(); 3463 3464 if (sk == NULL || 3465 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 3466 return; 3467 3468 ssp = sk->sk_security; 3469 ssp->smk_in = skp; 3470 ssp->smk_out = skp; 3471 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 3472 } 3473 3474 /** 3475 * smack_inet_conn_request - Smack access check on connect 3476 * @sk: socket involved 3477 * @skb: packet 3478 * @req: unused 3479 * 3480 * Returns 0 if a task with the packet label could write to 3481 * the socket, otherwise an error code 3482 */ 3483 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 3484 struct request_sock *req) 3485 { 3486 u16 family = sk->sk_family; 3487 struct smack_known *skp; 3488 struct socket_smack *ssp = sk->sk_security; 3489 struct netlbl_lsm_secattr secattr; 3490 struct sockaddr_in addr; 3491 struct iphdr *hdr; 3492 char *hsp; 3493 int rc; 3494 struct smk_audit_info ad; 3495 #ifdef CONFIG_AUDIT 3496 struct lsm_network_audit net; 3497 #endif 3498 3499 if (family == PF_INET6) { 3500 /* 3501 * Handle mapped IPv4 packets arriving 3502 * via IPv6 sockets. Don't set up netlabel 3503 * processing on IPv6. 3504 */ 3505 if (skb->protocol == htons(ETH_P_IP)) 3506 family = PF_INET; 3507 else 3508 return 0; 3509 } 3510 3511 netlbl_secattr_init(&secattr); 3512 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3513 if (rc == 0) 3514 skp = smack_from_secattr(&secattr, ssp); 3515 else 3516 skp = &smack_known_huh; 3517 netlbl_secattr_destroy(&secattr); 3518 3519 #ifdef CONFIG_AUDIT 3520 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3521 ad.a.u.net->family = family; 3522 ad.a.u.net->netif = skb->skb_iif; 3523 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3524 #endif 3525 /* 3526 * Receiving a packet requires that the other end be able to write 3527 * here. Read access is not required. 3528 */ 3529 rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad); 3530 if (rc != 0) 3531 return rc; 3532 3533 /* 3534 * Save the peer's label in the request_sock so we can later setup 3535 * smk_packet in the child socket so that SO_PEERCRED can report it. 3536 */ 3537 req->peer_secid = skp->smk_secid; 3538 3539 /* 3540 * We need to decide if we want to label the incoming connection here 3541 * if we do we only need to label the request_sock and the stack will 3542 * propagate the wire-label to the sock when it is created. 3543 */ 3544 hdr = ip_hdr(skb); 3545 addr.sin_addr.s_addr = hdr->saddr; 3546 rcu_read_lock(); 3547 hsp = smack_host_label(&addr); 3548 rcu_read_unlock(); 3549 3550 if (hsp == NULL) 3551 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 3552 else 3553 netlbl_req_delattr(req); 3554 3555 return rc; 3556 } 3557 3558 /** 3559 * smack_inet_csk_clone - Copy the connection information to the new socket 3560 * @sk: the new socket 3561 * @req: the connection's request_sock 3562 * 3563 * Transfer the connection's peer label to the newly created socket. 3564 */ 3565 static void smack_inet_csk_clone(struct sock *sk, 3566 const struct request_sock *req) 3567 { 3568 struct socket_smack *ssp = sk->sk_security; 3569 struct smack_known *skp; 3570 3571 if (req->peer_secid != 0) { 3572 skp = smack_from_secid(req->peer_secid); 3573 ssp->smk_packet = skp; 3574 } else 3575 ssp->smk_packet = NULL; 3576 } 3577 3578 /* 3579 * Key management security hooks 3580 * 3581 * Casey has not tested key support very heavily. 3582 * The permission check is most likely too restrictive. 3583 * If you care about keys please have a look. 3584 */ 3585 #ifdef CONFIG_KEYS 3586 3587 /** 3588 * smack_key_alloc - Set the key security blob 3589 * @key: object 3590 * @cred: the credentials to use 3591 * @flags: unused 3592 * 3593 * No allocation required 3594 * 3595 * Returns 0 3596 */ 3597 static int smack_key_alloc(struct key *key, const struct cred *cred, 3598 unsigned long flags) 3599 { 3600 struct smack_known *skp = smk_of_task(cred->security); 3601 3602 key->security = skp->smk_known; 3603 return 0; 3604 } 3605 3606 /** 3607 * smack_key_free - Clear the key security blob 3608 * @key: the object 3609 * 3610 * Clear the blob pointer 3611 */ 3612 static void smack_key_free(struct key *key) 3613 { 3614 key->security = NULL; 3615 } 3616 3617 /* 3618 * smack_key_permission - Smack access on a key 3619 * @key_ref: gets to the object 3620 * @cred: the credentials to use 3621 * @perm: unused 3622 * 3623 * Return 0 if the task has read and write to the object, 3624 * an error code otherwise 3625 */ 3626 static int smack_key_permission(key_ref_t key_ref, 3627 const struct cred *cred, unsigned perm) 3628 { 3629 struct key *keyp; 3630 struct smk_audit_info ad; 3631 struct smack_known *tkp = smk_of_task(cred->security); 3632 int request = 0; 3633 3634 keyp = key_ref_to_ptr(key_ref); 3635 if (keyp == NULL) 3636 return -EINVAL; 3637 /* 3638 * If the key hasn't been initialized give it access so that 3639 * it may do so. 3640 */ 3641 if (keyp->security == NULL) 3642 return 0; 3643 /* 3644 * This should not occur 3645 */ 3646 if (tkp == NULL) 3647 return -EACCES; 3648 #ifdef CONFIG_AUDIT 3649 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 3650 ad.a.u.key_struct.key = keyp->serial; 3651 ad.a.u.key_struct.key_desc = keyp->description; 3652 #endif 3653 if (perm & KEY_NEED_READ) 3654 request = MAY_READ; 3655 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR)) 3656 request = MAY_WRITE; 3657 return smk_access(tkp, keyp->security, request, &ad); 3658 } 3659 #endif /* CONFIG_KEYS */ 3660 3661 /* 3662 * Smack Audit hooks 3663 * 3664 * Audit requires a unique representation of each Smack specific 3665 * rule. This unique representation is used to distinguish the 3666 * object to be audited from remaining kernel objects and also 3667 * works as a glue between the audit hooks. 3668 * 3669 * Since repository entries are added but never deleted, we'll use 3670 * the smack_known label address related to the given audit rule as 3671 * the needed unique representation. This also better fits the smack 3672 * model where nearly everything is a label. 3673 */ 3674 #ifdef CONFIG_AUDIT 3675 3676 /** 3677 * smack_audit_rule_init - Initialize a smack audit rule 3678 * @field: audit rule fields given from user-space (audit.h) 3679 * @op: required testing operator (=, !=, >, <, ...) 3680 * @rulestr: smack label to be audited 3681 * @vrule: pointer to save our own audit rule representation 3682 * 3683 * Prepare to audit cases where (@field @op @rulestr) is true. 3684 * The label to be audited is created if necessay. 3685 */ 3686 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 3687 { 3688 char **rule = (char **)vrule; 3689 *rule = NULL; 3690 3691 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 3692 return -EINVAL; 3693 3694 if (op != Audit_equal && op != Audit_not_equal) 3695 return -EINVAL; 3696 3697 *rule = smk_import(rulestr, 0); 3698 3699 return 0; 3700 } 3701 3702 /** 3703 * smack_audit_rule_known - Distinguish Smack audit rules 3704 * @krule: rule of interest, in Audit kernel representation format 3705 * 3706 * This is used to filter Smack rules from remaining Audit ones. 3707 * If it's proved that this rule belongs to us, the 3708 * audit_rule_match hook will be called to do the final judgement. 3709 */ 3710 static int smack_audit_rule_known(struct audit_krule *krule) 3711 { 3712 struct audit_field *f; 3713 int i; 3714 3715 for (i = 0; i < krule->field_count; i++) { 3716 f = &krule->fields[i]; 3717 3718 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 3719 return 1; 3720 } 3721 3722 return 0; 3723 } 3724 3725 /** 3726 * smack_audit_rule_match - Audit given object ? 3727 * @secid: security id for identifying the object to test 3728 * @field: audit rule flags given from user-space 3729 * @op: required testing operator 3730 * @vrule: smack internal rule presentation 3731 * @actx: audit context associated with the check 3732 * 3733 * The core Audit hook. It's used to take the decision of 3734 * whether to audit or not to audit a given object. 3735 */ 3736 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 3737 struct audit_context *actx) 3738 { 3739 struct smack_known *skp; 3740 char *rule = vrule; 3741 3742 if (unlikely(!rule)) { 3743 WARN_ONCE(1, "Smack: missing rule\n"); 3744 return -ENOENT; 3745 } 3746 3747 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 3748 return 0; 3749 3750 skp = smack_from_secid(secid); 3751 3752 /* 3753 * No need to do string comparisons. If a match occurs, 3754 * both pointers will point to the same smack_known 3755 * label. 3756 */ 3757 if (op == Audit_equal) 3758 return (rule == skp->smk_known); 3759 if (op == Audit_not_equal) 3760 return (rule != skp->smk_known); 3761 3762 return 0; 3763 } 3764 3765 /** 3766 * smack_audit_rule_free - free smack rule representation 3767 * @vrule: rule to be freed. 3768 * 3769 * No memory was allocated. 3770 */ 3771 static void smack_audit_rule_free(void *vrule) 3772 { 3773 /* No-op */ 3774 } 3775 3776 #endif /* CONFIG_AUDIT */ 3777 3778 /** 3779 * smack_ismaclabel - check if xattr @name references a smack MAC label 3780 * @name: Full xattr name to check. 3781 */ 3782 static int smack_ismaclabel(const char *name) 3783 { 3784 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 3785 } 3786 3787 3788 /** 3789 * smack_secid_to_secctx - return the smack label for a secid 3790 * @secid: incoming integer 3791 * @secdata: destination 3792 * @seclen: how long it is 3793 * 3794 * Exists for networking code. 3795 */ 3796 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 3797 { 3798 struct smack_known *skp = smack_from_secid(secid); 3799 3800 if (secdata) 3801 *secdata = skp->smk_known; 3802 *seclen = strlen(skp->smk_known); 3803 return 0; 3804 } 3805 3806 /** 3807 * smack_secctx_to_secid - return the secid for a smack label 3808 * @secdata: smack label 3809 * @seclen: how long result is 3810 * @secid: outgoing integer 3811 * 3812 * Exists for audit and networking code. 3813 */ 3814 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 3815 { 3816 *secid = smack_to_secid(secdata); 3817 return 0; 3818 } 3819 3820 /** 3821 * smack_release_secctx - don't do anything. 3822 * @secdata: unused 3823 * @seclen: unused 3824 * 3825 * Exists to make sure nothing gets done, and properly 3826 */ 3827 static void smack_release_secctx(char *secdata, u32 seclen) 3828 { 3829 } 3830 3831 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 3832 { 3833 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 3834 } 3835 3836 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 3837 { 3838 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 3839 } 3840 3841 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 3842 { 3843 int len = 0; 3844 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); 3845 3846 if (len < 0) 3847 return len; 3848 *ctxlen = len; 3849 return 0; 3850 } 3851 3852 struct security_operations smack_ops = { 3853 .name = "smack", 3854 3855 .ptrace_access_check = smack_ptrace_access_check, 3856 .ptrace_traceme = smack_ptrace_traceme, 3857 .syslog = smack_syslog, 3858 3859 .sb_alloc_security = smack_sb_alloc_security, 3860 .sb_free_security = smack_sb_free_security, 3861 .sb_copy_data = smack_sb_copy_data, 3862 .sb_kern_mount = smack_sb_kern_mount, 3863 .sb_statfs = smack_sb_statfs, 3864 3865 .bprm_set_creds = smack_bprm_set_creds, 3866 .bprm_committing_creds = smack_bprm_committing_creds, 3867 .bprm_secureexec = smack_bprm_secureexec, 3868 3869 .inode_alloc_security = smack_inode_alloc_security, 3870 .inode_free_security = smack_inode_free_security, 3871 .inode_init_security = smack_inode_init_security, 3872 .inode_link = smack_inode_link, 3873 .inode_unlink = smack_inode_unlink, 3874 .inode_rmdir = smack_inode_rmdir, 3875 .inode_rename = smack_inode_rename, 3876 .inode_permission = smack_inode_permission, 3877 .inode_setattr = smack_inode_setattr, 3878 .inode_getattr = smack_inode_getattr, 3879 .inode_setxattr = smack_inode_setxattr, 3880 .inode_post_setxattr = smack_inode_post_setxattr, 3881 .inode_getxattr = smack_inode_getxattr, 3882 .inode_removexattr = smack_inode_removexattr, 3883 .inode_getsecurity = smack_inode_getsecurity, 3884 .inode_setsecurity = smack_inode_setsecurity, 3885 .inode_listsecurity = smack_inode_listsecurity, 3886 .inode_getsecid = smack_inode_getsecid, 3887 3888 .file_permission = smack_file_permission, 3889 .file_alloc_security = smack_file_alloc_security, 3890 .file_free_security = smack_file_free_security, 3891 .file_ioctl = smack_file_ioctl, 3892 .file_lock = smack_file_lock, 3893 .file_fcntl = smack_file_fcntl, 3894 .mmap_file = smack_mmap_file, 3895 .mmap_addr = cap_mmap_addr, 3896 .file_set_fowner = smack_file_set_fowner, 3897 .file_send_sigiotask = smack_file_send_sigiotask, 3898 .file_receive = smack_file_receive, 3899 3900 .file_open = smack_file_open, 3901 3902 .cred_alloc_blank = smack_cred_alloc_blank, 3903 .cred_free = smack_cred_free, 3904 .cred_prepare = smack_cred_prepare, 3905 .cred_transfer = smack_cred_transfer, 3906 .kernel_act_as = smack_kernel_act_as, 3907 .kernel_create_files_as = smack_kernel_create_files_as, 3908 .task_setpgid = smack_task_setpgid, 3909 .task_getpgid = smack_task_getpgid, 3910 .task_getsid = smack_task_getsid, 3911 .task_getsecid = smack_task_getsecid, 3912 .task_setnice = smack_task_setnice, 3913 .task_setioprio = smack_task_setioprio, 3914 .task_getioprio = smack_task_getioprio, 3915 .task_setscheduler = smack_task_setscheduler, 3916 .task_getscheduler = smack_task_getscheduler, 3917 .task_movememory = smack_task_movememory, 3918 .task_kill = smack_task_kill, 3919 .task_wait = smack_task_wait, 3920 .task_to_inode = smack_task_to_inode, 3921 3922 .ipc_permission = smack_ipc_permission, 3923 .ipc_getsecid = smack_ipc_getsecid, 3924 3925 .msg_msg_alloc_security = smack_msg_msg_alloc_security, 3926 .msg_msg_free_security = smack_msg_msg_free_security, 3927 3928 .msg_queue_alloc_security = smack_msg_queue_alloc_security, 3929 .msg_queue_free_security = smack_msg_queue_free_security, 3930 .msg_queue_associate = smack_msg_queue_associate, 3931 .msg_queue_msgctl = smack_msg_queue_msgctl, 3932 .msg_queue_msgsnd = smack_msg_queue_msgsnd, 3933 .msg_queue_msgrcv = smack_msg_queue_msgrcv, 3934 3935 .shm_alloc_security = smack_shm_alloc_security, 3936 .shm_free_security = smack_shm_free_security, 3937 .shm_associate = smack_shm_associate, 3938 .shm_shmctl = smack_shm_shmctl, 3939 .shm_shmat = smack_shm_shmat, 3940 3941 .sem_alloc_security = smack_sem_alloc_security, 3942 .sem_free_security = smack_sem_free_security, 3943 .sem_associate = smack_sem_associate, 3944 .sem_semctl = smack_sem_semctl, 3945 .sem_semop = smack_sem_semop, 3946 3947 .d_instantiate = smack_d_instantiate, 3948 3949 .getprocattr = smack_getprocattr, 3950 .setprocattr = smack_setprocattr, 3951 3952 .unix_stream_connect = smack_unix_stream_connect, 3953 .unix_may_send = smack_unix_may_send, 3954 3955 .socket_post_create = smack_socket_post_create, 3956 .socket_bind = smack_socket_bind, 3957 .socket_connect = smack_socket_connect, 3958 .socket_sendmsg = smack_socket_sendmsg, 3959 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, 3960 .socket_getpeersec_stream = smack_socket_getpeersec_stream, 3961 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, 3962 .sk_alloc_security = smack_sk_alloc_security, 3963 .sk_free_security = smack_sk_free_security, 3964 .sock_graft = smack_sock_graft, 3965 .inet_conn_request = smack_inet_conn_request, 3966 .inet_csk_clone = smack_inet_csk_clone, 3967 3968 /* key management security hooks */ 3969 #ifdef CONFIG_KEYS 3970 .key_alloc = smack_key_alloc, 3971 .key_free = smack_key_free, 3972 .key_permission = smack_key_permission, 3973 #endif /* CONFIG_KEYS */ 3974 3975 /* Audit hooks */ 3976 #ifdef CONFIG_AUDIT 3977 .audit_rule_init = smack_audit_rule_init, 3978 .audit_rule_known = smack_audit_rule_known, 3979 .audit_rule_match = smack_audit_rule_match, 3980 .audit_rule_free = smack_audit_rule_free, 3981 #endif /* CONFIG_AUDIT */ 3982 3983 .ismaclabel = smack_ismaclabel, 3984 .secid_to_secctx = smack_secid_to_secctx, 3985 .secctx_to_secid = smack_secctx_to_secid, 3986 .release_secctx = smack_release_secctx, 3987 .inode_notifysecctx = smack_inode_notifysecctx, 3988 .inode_setsecctx = smack_inode_setsecctx, 3989 .inode_getsecctx = smack_inode_getsecctx, 3990 }; 3991 3992 3993 static __init void init_smack_known_list(void) 3994 { 3995 /* 3996 * Initialize rule list locks 3997 */ 3998 mutex_init(&smack_known_huh.smk_rules_lock); 3999 mutex_init(&smack_known_hat.smk_rules_lock); 4000 mutex_init(&smack_known_floor.smk_rules_lock); 4001 mutex_init(&smack_known_star.smk_rules_lock); 4002 mutex_init(&smack_known_invalid.smk_rules_lock); 4003 mutex_init(&smack_known_web.smk_rules_lock); 4004 /* 4005 * Initialize rule lists 4006 */ 4007 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4008 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4009 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4010 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4011 INIT_LIST_HEAD(&smack_known_invalid.smk_rules); 4012 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4013 /* 4014 * Create the known labels list 4015 */ 4016 smk_insert_entry(&smack_known_huh); 4017 smk_insert_entry(&smack_known_hat); 4018 smk_insert_entry(&smack_known_star); 4019 smk_insert_entry(&smack_known_floor); 4020 smk_insert_entry(&smack_known_invalid); 4021 smk_insert_entry(&smack_known_web); 4022 } 4023 4024 /** 4025 * smack_init - initialize the smack system 4026 * 4027 * Returns 0 4028 */ 4029 static __init int smack_init(void) 4030 { 4031 struct cred *cred; 4032 struct task_smack *tsp; 4033 4034 if (!security_module_enable(&smack_ops)) 4035 return 0; 4036 4037 tsp = new_task_smack(&smack_known_floor, &smack_known_floor, 4038 GFP_KERNEL); 4039 if (tsp == NULL) 4040 return -ENOMEM; 4041 4042 printk(KERN_INFO "Smack: Initializing.\n"); 4043 4044 /* 4045 * Set the security state for the initial task. 4046 */ 4047 cred = (struct cred *) current->cred; 4048 cred->security = tsp; 4049 4050 /* initialize the smack_known_list */ 4051 init_smack_known_list(); 4052 4053 /* 4054 * Register with LSM 4055 */ 4056 if (register_security(&smack_ops)) 4057 panic("smack: Unable to register with kernel.\n"); 4058 4059 return 0; 4060 } 4061 4062 /* 4063 * Smack requires early initialization in order to label 4064 * all processes and objects when they are created. 4065 */ 4066 security_initcall(smack_init); 4067