1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include "smack.h" 46 47 #define TRANS_TRUE "TRUE" 48 #define TRANS_TRUE_SIZE 4 49 50 #define SMK_CONNECTING 0 51 #define SMK_RECEIVING 1 52 #define SMK_SENDING 2 53 54 #ifdef SMACK_IPV6_PORT_LABELING 55 static DEFINE_MUTEX(smack_ipv6_lock); 56 static LIST_HEAD(smk_ipv6_port_list); 57 #endif 58 struct kmem_cache *smack_rule_cache; 59 int smack_enabled __initdata; 60 61 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 62 static struct { 63 const char *name; 64 int len; 65 int opt; 66 } smk_mount_opts[] = { 67 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 68 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 69 }; 70 #undef A 71 72 static int match_opt_prefix(char *s, int l, char **arg) 73 { 74 int i; 75 76 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 77 size_t len = smk_mount_opts[i].len; 78 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 79 continue; 80 if (len == l || s[len] != '=') 81 continue; 82 *arg = s + len + 1; 83 return smk_mount_opts[i].opt; 84 } 85 return Opt_error; 86 } 87 88 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 89 static char *smk_bu_mess[] = { 90 "Bringup Error", /* Unused */ 91 "Bringup", /* SMACK_BRINGUP_ALLOW */ 92 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 93 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 94 }; 95 96 static void smk_bu_mode(int mode, char *s) 97 { 98 int i = 0; 99 100 if (mode & MAY_READ) 101 s[i++] = 'r'; 102 if (mode & MAY_WRITE) 103 s[i++] = 'w'; 104 if (mode & MAY_EXEC) 105 s[i++] = 'x'; 106 if (mode & MAY_APPEND) 107 s[i++] = 'a'; 108 if (mode & MAY_TRANSMUTE) 109 s[i++] = 't'; 110 if (mode & MAY_LOCK) 111 s[i++] = 'l'; 112 if (i == 0) 113 s[i++] = '-'; 114 s[i] = '\0'; 115 } 116 #endif 117 118 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 119 static int smk_bu_note(char *note, struct smack_known *sskp, 120 struct smack_known *oskp, int mode, int rc) 121 { 122 char acc[SMK_NUM_ACCESS_TYPE + 1]; 123 124 if (rc <= 0) 125 return rc; 126 if (rc > SMACK_UNCONFINED_OBJECT) 127 rc = 0; 128 129 smk_bu_mode(mode, acc); 130 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 131 sskp->smk_known, oskp->smk_known, acc, note); 132 return 0; 133 } 134 #else 135 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 136 #endif 137 138 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 139 static int smk_bu_current(char *note, struct smack_known *oskp, 140 int mode, int rc) 141 { 142 struct task_smack *tsp = smack_cred(current_cred()); 143 char acc[SMK_NUM_ACCESS_TYPE + 1]; 144 145 if (rc <= 0) 146 return rc; 147 if (rc > SMACK_UNCONFINED_OBJECT) 148 rc = 0; 149 150 smk_bu_mode(mode, acc); 151 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 152 tsp->smk_task->smk_known, oskp->smk_known, 153 acc, current->comm, note); 154 return 0; 155 } 156 #else 157 #define smk_bu_current(note, oskp, mode, RC) (RC) 158 #endif 159 160 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 161 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 162 { 163 struct task_smack *tsp = smack_cred(current_cred()); 164 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 165 char acc[SMK_NUM_ACCESS_TYPE + 1]; 166 167 if (rc <= 0) 168 return rc; 169 if (rc > SMACK_UNCONFINED_OBJECT) 170 rc = 0; 171 172 smk_bu_mode(mode, acc); 173 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 174 tsp->smk_task->smk_known, smk_task->smk_known, acc, 175 current->comm, otp->comm); 176 return 0; 177 } 178 #else 179 #define smk_bu_task(otp, mode, RC) (RC) 180 #endif 181 182 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 183 static int smk_bu_inode(struct inode *inode, int mode, int rc) 184 { 185 struct task_smack *tsp = smack_cred(current_cred()); 186 struct inode_smack *isp = smack_inode(inode); 187 char acc[SMK_NUM_ACCESS_TYPE + 1]; 188 189 if (isp->smk_flags & SMK_INODE_IMPURE) 190 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 191 inode->i_sb->s_id, inode->i_ino, current->comm); 192 193 if (rc <= 0) 194 return rc; 195 if (rc > SMACK_UNCONFINED_OBJECT) 196 rc = 0; 197 if (rc == SMACK_UNCONFINED_SUBJECT && 198 (mode & (MAY_WRITE | MAY_APPEND))) 199 isp->smk_flags |= SMK_INODE_IMPURE; 200 201 smk_bu_mode(mode, acc); 202 203 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 204 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 205 inode->i_sb->s_id, inode->i_ino, current->comm); 206 return 0; 207 } 208 #else 209 #define smk_bu_inode(inode, mode, RC) (RC) 210 #endif 211 212 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 213 static int smk_bu_file(struct file *file, int mode, int rc) 214 { 215 struct task_smack *tsp = smack_cred(current_cred()); 216 struct smack_known *sskp = tsp->smk_task; 217 struct inode *inode = file_inode(file); 218 struct inode_smack *isp = smack_inode(inode); 219 char acc[SMK_NUM_ACCESS_TYPE + 1]; 220 221 if (isp->smk_flags & SMK_INODE_IMPURE) 222 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 223 inode->i_sb->s_id, inode->i_ino, current->comm); 224 225 if (rc <= 0) 226 return rc; 227 if (rc > SMACK_UNCONFINED_OBJECT) 228 rc = 0; 229 230 smk_bu_mode(mode, acc); 231 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 232 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 233 inode->i_sb->s_id, inode->i_ino, file, 234 current->comm); 235 return 0; 236 } 237 #else 238 #define smk_bu_file(file, mode, RC) (RC) 239 #endif 240 241 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 242 static int smk_bu_credfile(const struct cred *cred, struct file *file, 243 int mode, int rc) 244 { 245 struct task_smack *tsp = smack_cred(cred); 246 struct smack_known *sskp = tsp->smk_task; 247 struct inode *inode = file_inode(file); 248 struct inode_smack *isp = smack_inode(inode); 249 char acc[SMK_NUM_ACCESS_TYPE + 1]; 250 251 if (isp->smk_flags & SMK_INODE_IMPURE) 252 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 253 inode->i_sb->s_id, inode->i_ino, current->comm); 254 255 if (rc <= 0) 256 return rc; 257 if (rc > SMACK_UNCONFINED_OBJECT) 258 rc = 0; 259 260 smk_bu_mode(mode, acc); 261 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 262 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 263 inode->i_sb->s_id, inode->i_ino, file, 264 current->comm); 265 return 0; 266 } 267 #else 268 #define smk_bu_credfile(cred, file, mode, RC) (RC) 269 #endif 270 271 /** 272 * smk_fetch - Fetch the smack label from a file. 273 * @name: type of the label (attribute) 274 * @ip: a pointer to the inode 275 * @dp: a pointer to the dentry 276 * 277 * Returns a pointer to the master list entry for the Smack label, 278 * NULL if there was no label to fetch, or an error code. 279 */ 280 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 281 struct dentry *dp) 282 { 283 int rc; 284 char *buffer; 285 struct smack_known *skp = NULL; 286 287 if (!(ip->i_opflags & IOP_XATTR)) 288 return ERR_PTR(-EOPNOTSUPP); 289 290 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 291 if (buffer == NULL) 292 return ERR_PTR(-ENOMEM); 293 294 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 295 if (rc < 0) 296 skp = ERR_PTR(rc); 297 else if (rc == 0) 298 skp = NULL; 299 else 300 skp = smk_import_entry(buffer, rc); 301 302 kfree(buffer); 303 304 return skp; 305 } 306 307 /** 308 * init_inode_smack - initialize an inode security blob 309 * @inode: inode to extract the info from 310 * @skp: a pointer to the Smack label entry to use in the blob 311 * 312 */ 313 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 314 { 315 struct inode_smack *isp = smack_inode(inode); 316 317 isp->smk_inode = skp; 318 isp->smk_flags = 0; 319 } 320 321 /** 322 * init_task_smack - initialize a task security blob 323 * @tsp: blob to initialize 324 * @task: a pointer to the Smack label for the running task 325 * @forked: a pointer to the Smack label for the forked task 326 * 327 */ 328 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 329 struct smack_known *forked) 330 { 331 tsp->smk_task = task; 332 tsp->smk_forked = forked; 333 INIT_LIST_HEAD(&tsp->smk_rules); 334 INIT_LIST_HEAD(&tsp->smk_relabel); 335 mutex_init(&tsp->smk_rules_lock); 336 } 337 338 /** 339 * smk_copy_rules - copy a rule set 340 * @nhead: new rules header pointer 341 * @ohead: old rules header pointer 342 * @gfp: type of the memory for the allocation 343 * 344 * Returns 0 on success, -ENOMEM on error 345 */ 346 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 347 gfp_t gfp) 348 { 349 struct smack_rule *nrp; 350 struct smack_rule *orp; 351 int rc = 0; 352 353 list_for_each_entry_rcu(orp, ohead, list) { 354 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 355 if (nrp == NULL) { 356 rc = -ENOMEM; 357 break; 358 } 359 *nrp = *orp; 360 list_add_rcu(&nrp->list, nhead); 361 } 362 return rc; 363 } 364 365 /** 366 * smk_copy_relabel - copy smk_relabel labels list 367 * @nhead: new rules header pointer 368 * @ohead: old rules header pointer 369 * @gfp: type of the memory for the allocation 370 * 371 * Returns 0 on success, -ENOMEM on error 372 */ 373 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 374 gfp_t gfp) 375 { 376 struct smack_known_list_elem *nklep; 377 struct smack_known_list_elem *oklep; 378 379 list_for_each_entry(oklep, ohead, list) { 380 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 381 if (nklep == NULL) { 382 smk_destroy_label_list(nhead); 383 return -ENOMEM; 384 } 385 nklep->smk_label = oklep->smk_label; 386 list_add(&nklep->list, nhead); 387 } 388 389 return 0; 390 } 391 392 /** 393 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 394 * @mode: input mode in form of PTRACE_MODE_* 395 * 396 * Returns a converted MAY_* mode usable by smack rules 397 */ 398 static inline unsigned int smk_ptrace_mode(unsigned int mode) 399 { 400 if (mode & PTRACE_MODE_ATTACH) 401 return MAY_READWRITE; 402 if (mode & PTRACE_MODE_READ) 403 return MAY_READ; 404 405 return 0; 406 } 407 408 /** 409 * smk_ptrace_rule_check - helper for ptrace access 410 * @tracer: tracer process 411 * @tracee_known: label entry of the process that's about to be traced 412 * @mode: ptrace attachment mode (PTRACE_MODE_*) 413 * @func: name of the function that called us, used for audit 414 * 415 * Returns 0 on access granted, -error on error 416 */ 417 static int smk_ptrace_rule_check(struct task_struct *tracer, 418 struct smack_known *tracee_known, 419 unsigned int mode, const char *func) 420 { 421 int rc; 422 struct smk_audit_info ad, *saip = NULL; 423 struct task_smack *tsp; 424 struct smack_known *tracer_known; 425 const struct cred *tracercred; 426 427 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 428 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 429 smk_ad_setfield_u_tsk(&ad, tracer); 430 saip = &ad; 431 } 432 433 rcu_read_lock(); 434 tracercred = __task_cred(tracer); 435 tsp = smack_cred(tracercred); 436 tracer_known = smk_of_task(tsp); 437 438 if ((mode & PTRACE_MODE_ATTACH) && 439 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 440 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 441 if (tracer_known->smk_known == tracee_known->smk_known) 442 rc = 0; 443 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 444 rc = -EACCES; 445 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 446 rc = 0; 447 else 448 rc = -EACCES; 449 450 if (saip) 451 smack_log(tracer_known->smk_known, 452 tracee_known->smk_known, 453 0, rc, saip); 454 455 rcu_read_unlock(); 456 return rc; 457 } 458 459 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 460 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 461 462 rcu_read_unlock(); 463 return rc; 464 } 465 466 /* 467 * LSM hooks. 468 * We he, that is fun! 469 */ 470 471 /** 472 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 473 * @ctp: child task pointer 474 * @mode: ptrace attachment mode (PTRACE_MODE_*) 475 * 476 * Returns 0 if access is OK, an error code otherwise 477 * 478 * Do the capability checks. 479 */ 480 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 481 { 482 struct smack_known *skp; 483 484 skp = smk_of_task_struct_obj(ctp); 485 486 return smk_ptrace_rule_check(current, skp, mode, __func__); 487 } 488 489 /** 490 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 491 * @ptp: parent task pointer 492 * 493 * Returns 0 if access is OK, an error code otherwise 494 * 495 * Do the capability checks, and require PTRACE_MODE_ATTACH. 496 */ 497 static int smack_ptrace_traceme(struct task_struct *ptp) 498 { 499 int rc; 500 struct smack_known *skp; 501 502 skp = smk_of_task(smack_cred(current_cred())); 503 504 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 505 return rc; 506 } 507 508 /** 509 * smack_syslog - Smack approval on syslog 510 * @typefrom_file: unused 511 * 512 * Returns 0 on success, error code otherwise. 513 */ 514 static int smack_syslog(int typefrom_file) 515 { 516 int rc = 0; 517 struct smack_known *skp = smk_of_current(); 518 519 if (smack_privileged(CAP_MAC_OVERRIDE)) 520 return 0; 521 522 if (smack_syslog_label != NULL && smack_syslog_label != skp) 523 rc = -EACCES; 524 525 return rc; 526 } 527 528 /* 529 * Superblock Hooks. 530 */ 531 532 /** 533 * smack_sb_alloc_security - allocate a superblock blob 534 * @sb: the superblock getting the blob 535 * 536 * Returns 0 on success or -ENOMEM on error. 537 */ 538 static int smack_sb_alloc_security(struct super_block *sb) 539 { 540 struct superblock_smack *sbsp = smack_superblock(sb); 541 542 sbsp->smk_root = &smack_known_floor; 543 sbsp->smk_default = &smack_known_floor; 544 sbsp->smk_floor = &smack_known_floor; 545 sbsp->smk_hat = &smack_known_hat; 546 /* 547 * SMK_SB_INITIALIZED will be zero from kzalloc. 548 */ 549 550 return 0; 551 } 552 553 struct smack_mnt_opts { 554 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; 555 }; 556 557 static void smack_free_mnt_opts(void *mnt_opts) 558 { 559 struct smack_mnt_opts *opts = mnt_opts; 560 kfree(opts->fsdefault); 561 kfree(opts->fsfloor); 562 kfree(opts->fshat); 563 kfree(opts->fsroot); 564 kfree(opts->fstransmute); 565 kfree(opts); 566 } 567 568 static int smack_add_opt(int token, const char *s, void **mnt_opts) 569 { 570 struct smack_mnt_opts *opts = *mnt_opts; 571 572 if (!opts) { 573 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 574 if (!opts) 575 return -ENOMEM; 576 *mnt_opts = opts; 577 } 578 if (!s) 579 return -ENOMEM; 580 581 switch (token) { 582 case Opt_fsdefault: 583 if (opts->fsdefault) 584 goto out_opt_err; 585 opts->fsdefault = s; 586 break; 587 case Opt_fsfloor: 588 if (opts->fsfloor) 589 goto out_opt_err; 590 opts->fsfloor = s; 591 break; 592 case Opt_fshat: 593 if (opts->fshat) 594 goto out_opt_err; 595 opts->fshat = s; 596 break; 597 case Opt_fsroot: 598 if (opts->fsroot) 599 goto out_opt_err; 600 opts->fsroot = s; 601 break; 602 case Opt_fstransmute: 603 if (opts->fstransmute) 604 goto out_opt_err; 605 opts->fstransmute = s; 606 break; 607 } 608 return 0; 609 610 out_opt_err: 611 pr_warn("Smack: duplicate mount options\n"); 612 return -EINVAL; 613 } 614 615 /** 616 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 617 * @fc: The new filesystem context. 618 * @src_fc: The source filesystem context being duplicated. 619 * 620 * Returns 0 on success or -ENOMEM on error. 621 */ 622 static int smack_fs_context_dup(struct fs_context *fc, 623 struct fs_context *src_fc) 624 { 625 struct smack_mnt_opts *dst, *src = src_fc->security; 626 627 if (!src) 628 return 0; 629 630 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 631 if (!fc->security) 632 return -ENOMEM; 633 dst = fc->security; 634 635 if (src->fsdefault) { 636 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); 637 if (!dst->fsdefault) 638 return -ENOMEM; 639 } 640 if (src->fsfloor) { 641 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL); 642 if (!dst->fsfloor) 643 return -ENOMEM; 644 } 645 if (src->fshat) { 646 dst->fshat = kstrdup(src->fshat, GFP_KERNEL); 647 if (!dst->fshat) 648 return -ENOMEM; 649 } 650 if (src->fsroot) { 651 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL); 652 if (!dst->fsroot) 653 return -ENOMEM; 654 } 655 if (src->fstransmute) { 656 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL); 657 if (!dst->fstransmute) 658 return -ENOMEM; 659 } 660 return 0; 661 } 662 663 static const struct fs_parameter_spec smack_fs_parameters[] = { 664 fsparam_string("smackfsdef", Opt_fsdefault), 665 fsparam_string("smackfsdefault", Opt_fsdefault), 666 fsparam_string("smackfsfloor", Opt_fsfloor), 667 fsparam_string("smackfshat", Opt_fshat), 668 fsparam_string("smackfsroot", Opt_fsroot), 669 fsparam_string("smackfstransmute", Opt_fstransmute), 670 {} 671 }; 672 673 /** 674 * smack_fs_context_parse_param - Parse a single mount parameter 675 * @fc: The new filesystem context being constructed. 676 * @param: The parameter. 677 * 678 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 679 * error. 680 */ 681 static int smack_fs_context_parse_param(struct fs_context *fc, 682 struct fs_parameter *param) 683 { 684 struct fs_parse_result result; 685 int opt, rc; 686 687 opt = fs_parse(fc, smack_fs_parameters, param, &result); 688 if (opt < 0) 689 return opt; 690 691 rc = smack_add_opt(opt, param->string, &fc->security); 692 if (!rc) 693 param->string = NULL; 694 return rc; 695 } 696 697 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 698 { 699 char *from = options, *to = options; 700 bool first = true; 701 702 while (1) { 703 char *next = strchr(from, ','); 704 int token, len, rc; 705 char *arg = NULL; 706 707 if (next) 708 len = next - from; 709 else 710 len = strlen(from); 711 712 token = match_opt_prefix(from, len, &arg); 713 if (token != Opt_error) { 714 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 715 rc = smack_add_opt(token, arg, mnt_opts); 716 if (unlikely(rc)) { 717 kfree(arg); 718 if (*mnt_opts) 719 smack_free_mnt_opts(*mnt_opts); 720 *mnt_opts = NULL; 721 return rc; 722 } 723 } else { 724 if (!first) { // copy with preceding comma 725 from--; 726 len++; 727 } 728 if (to != from) 729 memmove(to, from, len); 730 to += len; 731 first = false; 732 } 733 if (!from[len]) 734 break; 735 from += len + 1; 736 } 737 *to = '\0'; 738 return 0; 739 } 740 741 /** 742 * smack_set_mnt_opts - set Smack specific mount options 743 * @sb: the file system superblock 744 * @mnt_opts: Smack mount options 745 * @kern_flags: mount option from kernel space or user space 746 * @set_kern_flags: where to store converted mount opts 747 * 748 * Returns 0 on success, an error code on failure 749 * 750 * Allow filesystems with binary mount data to explicitly set Smack mount 751 * labels. 752 */ 753 static int smack_set_mnt_opts(struct super_block *sb, 754 void *mnt_opts, 755 unsigned long kern_flags, 756 unsigned long *set_kern_flags) 757 { 758 struct dentry *root = sb->s_root; 759 struct inode *inode = d_backing_inode(root); 760 struct superblock_smack *sp = smack_superblock(sb); 761 struct inode_smack *isp; 762 struct smack_known *skp; 763 struct smack_mnt_opts *opts = mnt_opts; 764 bool transmute = false; 765 766 if (sp->smk_flags & SMK_SB_INITIALIZED) 767 return 0; 768 769 if (inode->i_security == NULL) { 770 int rc = lsm_inode_alloc(inode); 771 772 if (rc) 773 return rc; 774 } 775 776 if (!smack_privileged(CAP_MAC_ADMIN)) { 777 /* 778 * Unprivileged mounts don't get to specify Smack values. 779 */ 780 if (opts) 781 return -EPERM; 782 /* 783 * Unprivileged mounts get root and default from the caller. 784 */ 785 skp = smk_of_current(); 786 sp->smk_root = skp; 787 sp->smk_default = skp; 788 /* 789 * For a handful of fs types with no user-controlled 790 * backing store it's okay to trust security labels 791 * in the filesystem. The rest are untrusted. 792 */ 793 if (sb->s_user_ns != &init_user_ns && 794 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 795 sb->s_magic != RAMFS_MAGIC) { 796 transmute = true; 797 sp->smk_flags |= SMK_SB_UNTRUSTED; 798 } 799 } 800 801 sp->smk_flags |= SMK_SB_INITIALIZED; 802 803 if (opts) { 804 if (opts->fsdefault) { 805 skp = smk_import_entry(opts->fsdefault, 0); 806 if (IS_ERR(skp)) 807 return PTR_ERR(skp); 808 sp->smk_default = skp; 809 } 810 if (opts->fsfloor) { 811 skp = smk_import_entry(opts->fsfloor, 0); 812 if (IS_ERR(skp)) 813 return PTR_ERR(skp); 814 sp->smk_floor = skp; 815 } 816 if (opts->fshat) { 817 skp = smk_import_entry(opts->fshat, 0); 818 if (IS_ERR(skp)) 819 return PTR_ERR(skp); 820 sp->smk_hat = skp; 821 } 822 if (opts->fsroot) { 823 skp = smk_import_entry(opts->fsroot, 0); 824 if (IS_ERR(skp)) 825 return PTR_ERR(skp); 826 sp->smk_root = skp; 827 } 828 if (opts->fstransmute) { 829 skp = smk_import_entry(opts->fstransmute, 0); 830 if (IS_ERR(skp)) 831 return PTR_ERR(skp); 832 sp->smk_root = skp; 833 transmute = true; 834 } 835 } 836 837 /* 838 * Initialize the root inode. 839 */ 840 init_inode_smack(inode, sp->smk_root); 841 842 if (transmute) { 843 isp = smack_inode(inode); 844 isp->smk_flags |= SMK_INODE_TRANSMUTE; 845 } 846 847 return 0; 848 } 849 850 /** 851 * smack_sb_statfs - Smack check on statfs 852 * @dentry: identifies the file system in question 853 * 854 * Returns 0 if current can read the floor of the filesystem, 855 * and error code otherwise 856 */ 857 static int smack_sb_statfs(struct dentry *dentry) 858 { 859 struct superblock_smack *sbp = smack_superblock(dentry->d_sb); 860 int rc; 861 struct smk_audit_info ad; 862 863 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 864 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 865 866 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 867 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 868 return rc; 869 } 870 871 /* 872 * BPRM hooks 873 */ 874 875 /** 876 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 877 * @bprm: the exec information 878 * 879 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 880 */ 881 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 882 { 883 struct inode *inode = file_inode(bprm->file); 884 struct task_smack *bsp = smack_cred(bprm->cred); 885 struct inode_smack *isp; 886 struct superblock_smack *sbsp; 887 int rc; 888 889 isp = smack_inode(inode); 890 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 891 return 0; 892 893 sbsp = smack_superblock(inode->i_sb); 894 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 895 isp->smk_task != sbsp->smk_root) 896 return 0; 897 898 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 899 struct task_struct *tracer; 900 rc = 0; 901 902 rcu_read_lock(); 903 tracer = ptrace_parent(current); 904 if (likely(tracer != NULL)) 905 rc = smk_ptrace_rule_check(tracer, 906 isp->smk_task, 907 PTRACE_MODE_ATTACH, 908 __func__); 909 rcu_read_unlock(); 910 911 if (rc != 0) 912 return rc; 913 } 914 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 915 return -EPERM; 916 917 bsp->smk_task = isp->smk_task; 918 bprm->per_clear |= PER_CLEAR_ON_SETID; 919 920 /* Decide if this is a secure exec. */ 921 if (bsp->smk_task != bsp->smk_forked) 922 bprm->secureexec = 1; 923 924 return 0; 925 } 926 927 /* 928 * Inode hooks 929 */ 930 931 /** 932 * smack_inode_alloc_security - allocate an inode blob 933 * @inode: the inode in need of a blob 934 * 935 * Returns 0 936 */ 937 static int smack_inode_alloc_security(struct inode *inode) 938 { 939 struct smack_known *skp = smk_of_current(); 940 941 init_inode_smack(inode, skp); 942 return 0; 943 } 944 945 /** 946 * smack_inode_init_security - copy out the smack from an inode 947 * @inode: the newly created inode 948 * @dir: containing directory object 949 * @qstr: unused 950 * @name: where to put the attribute name 951 * @value: where to put the attribute value 952 * @len: where to put the length of the attribute 953 * 954 * Returns 0 if it all works out, -ENOMEM if there's no memory 955 */ 956 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 957 const struct qstr *qstr, const char **name, 958 void **value, size_t *len) 959 { 960 struct inode_smack *issp = smack_inode(inode); 961 struct smack_known *skp = smk_of_current(); 962 struct smack_known *isp = smk_of_inode(inode); 963 struct smack_known *dsp = smk_of_inode(dir); 964 int may; 965 966 if (name) 967 *name = XATTR_SMACK_SUFFIX; 968 969 if (value && len) { 970 rcu_read_lock(); 971 may = smk_access_entry(skp->smk_known, dsp->smk_known, 972 &skp->smk_rules); 973 rcu_read_unlock(); 974 975 /* 976 * If the access rule allows transmutation and 977 * the directory requests transmutation then 978 * by all means transmute. 979 * Mark the inode as changed. 980 */ 981 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 982 smk_inode_transmutable(dir)) { 983 isp = dsp; 984 issp->smk_flags |= SMK_INODE_CHANGED; 985 } 986 987 *value = kstrdup(isp->smk_known, GFP_NOFS); 988 if (*value == NULL) 989 return -ENOMEM; 990 991 *len = strlen(isp->smk_known); 992 } 993 994 return 0; 995 } 996 997 /** 998 * smack_inode_link - Smack check on link 999 * @old_dentry: the existing object 1000 * @dir: unused 1001 * @new_dentry: the new object 1002 * 1003 * Returns 0 if access is permitted, an error code otherwise 1004 */ 1005 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1006 struct dentry *new_dentry) 1007 { 1008 struct smack_known *isp; 1009 struct smk_audit_info ad; 1010 int rc; 1011 1012 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1013 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1014 1015 isp = smk_of_inode(d_backing_inode(old_dentry)); 1016 rc = smk_curacc(isp, MAY_WRITE, &ad); 1017 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1018 1019 if (rc == 0 && d_is_positive(new_dentry)) { 1020 isp = smk_of_inode(d_backing_inode(new_dentry)); 1021 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1022 rc = smk_curacc(isp, MAY_WRITE, &ad); 1023 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1024 } 1025 1026 return rc; 1027 } 1028 1029 /** 1030 * smack_inode_unlink - Smack check on inode deletion 1031 * @dir: containing directory object 1032 * @dentry: file to unlink 1033 * 1034 * Returns 0 if current can write the containing directory 1035 * and the object, error code otherwise 1036 */ 1037 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1038 { 1039 struct inode *ip = d_backing_inode(dentry); 1040 struct smk_audit_info ad; 1041 int rc; 1042 1043 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1044 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1045 1046 /* 1047 * You need write access to the thing you're unlinking 1048 */ 1049 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1050 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1051 if (rc == 0) { 1052 /* 1053 * You also need write access to the containing directory 1054 */ 1055 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1056 smk_ad_setfield_u_fs_inode(&ad, dir); 1057 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1058 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1059 } 1060 return rc; 1061 } 1062 1063 /** 1064 * smack_inode_rmdir - Smack check on directory deletion 1065 * @dir: containing directory object 1066 * @dentry: directory to unlink 1067 * 1068 * Returns 0 if current can write the containing directory 1069 * and the directory, error code otherwise 1070 */ 1071 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1072 { 1073 struct smk_audit_info ad; 1074 int rc; 1075 1076 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1077 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1078 1079 /* 1080 * You need write access to the thing you're removing 1081 */ 1082 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1083 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1084 if (rc == 0) { 1085 /* 1086 * You also need write access to the containing directory 1087 */ 1088 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1089 smk_ad_setfield_u_fs_inode(&ad, dir); 1090 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1091 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1092 } 1093 1094 return rc; 1095 } 1096 1097 /** 1098 * smack_inode_rename - Smack check on rename 1099 * @old_inode: unused 1100 * @old_dentry: the old object 1101 * @new_inode: unused 1102 * @new_dentry: the new object 1103 * 1104 * Read and write access is required on both the old and 1105 * new directories. 1106 * 1107 * Returns 0 if access is permitted, an error code otherwise 1108 */ 1109 static int smack_inode_rename(struct inode *old_inode, 1110 struct dentry *old_dentry, 1111 struct inode *new_inode, 1112 struct dentry *new_dentry) 1113 { 1114 int rc; 1115 struct smack_known *isp; 1116 struct smk_audit_info ad; 1117 1118 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1119 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1120 1121 isp = smk_of_inode(d_backing_inode(old_dentry)); 1122 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1123 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1124 1125 if (rc == 0 && d_is_positive(new_dentry)) { 1126 isp = smk_of_inode(d_backing_inode(new_dentry)); 1127 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1128 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1129 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1130 } 1131 return rc; 1132 } 1133 1134 /** 1135 * smack_inode_permission - Smack version of permission() 1136 * @inode: the inode in question 1137 * @mask: the access requested 1138 * 1139 * This is the important Smack hook. 1140 * 1141 * Returns 0 if access is permitted, an error code otherwise 1142 */ 1143 static int smack_inode_permission(struct inode *inode, int mask) 1144 { 1145 struct superblock_smack *sbsp = smack_superblock(inode->i_sb); 1146 struct smk_audit_info ad; 1147 int no_block = mask & MAY_NOT_BLOCK; 1148 int rc; 1149 1150 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1151 /* 1152 * No permission to check. Existence test. Yup, it's there. 1153 */ 1154 if (mask == 0) 1155 return 0; 1156 1157 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1158 if (smk_of_inode(inode) != sbsp->smk_root) 1159 return -EACCES; 1160 } 1161 1162 /* May be droppable after audit */ 1163 if (no_block) 1164 return -ECHILD; 1165 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1166 smk_ad_setfield_u_fs_inode(&ad, inode); 1167 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1168 rc = smk_bu_inode(inode, mask, rc); 1169 return rc; 1170 } 1171 1172 /** 1173 * smack_inode_setattr - Smack check for setting attributes 1174 * @dentry: the object 1175 * @iattr: for the force flag 1176 * 1177 * Returns 0 if access is permitted, an error code otherwise 1178 */ 1179 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1180 { 1181 struct smk_audit_info ad; 1182 int rc; 1183 1184 /* 1185 * Need to allow for clearing the setuid bit. 1186 */ 1187 if (iattr->ia_valid & ATTR_FORCE) 1188 return 0; 1189 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1190 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1191 1192 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1193 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1194 return rc; 1195 } 1196 1197 /** 1198 * smack_inode_getattr - Smack check for getting attributes 1199 * @path: path to extract the info from 1200 * 1201 * Returns 0 if access is permitted, an error code otherwise 1202 */ 1203 static int smack_inode_getattr(const struct path *path) 1204 { 1205 struct smk_audit_info ad; 1206 struct inode *inode = d_backing_inode(path->dentry); 1207 int rc; 1208 1209 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1210 smk_ad_setfield_u_fs_path(&ad, *path); 1211 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1212 rc = smk_bu_inode(inode, MAY_READ, rc); 1213 return rc; 1214 } 1215 1216 /** 1217 * smack_inode_setxattr - Smack check for setting xattrs 1218 * @mnt_userns: active user namespace 1219 * @dentry: the object 1220 * @name: name of the attribute 1221 * @value: value of the attribute 1222 * @size: size of the value 1223 * @flags: unused 1224 * 1225 * This protects the Smack attribute explicitly. 1226 * 1227 * Returns 0 if access is permitted, an error code otherwise 1228 */ 1229 static int smack_inode_setxattr(struct user_namespace *mnt_userns, 1230 struct dentry *dentry, const char *name, 1231 const void *value, size_t size, int flags) 1232 { 1233 struct smk_audit_info ad; 1234 struct smack_known *skp; 1235 int check_priv = 0; 1236 int check_import = 0; 1237 int check_star = 0; 1238 int rc = 0; 1239 1240 /* 1241 * Check label validity here so import won't fail in post_setxattr 1242 */ 1243 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1244 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1245 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1246 check_priv = 1; 1247 check_import = 1; 1248 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1249 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1250 check_priv = 1; 1251 check_import = 1; 1252 check_star = 1; 1253 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1254 check_priv = 1; 1255 if (size != TRANS_TRUE_SIZE || 1256 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1257 rc = -EINVAL; 1258 } else 1259 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1260 1261 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1262 rc = -EPERM; 1263 1264 if (rc == 0 && check_import) { 1265 skp = size ? smk_import_entry(value, size) : NULL; 1266 if (IS_ERR(skp)) 1267 rc = PTR_ERR(skp); 1268 else if (skp == NULL || (check_star && 1269 (skp == &smack_known_star || skp == &smack_known_web))) 1270 rc = -EINVAL; 1271 } 1272 1273 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1274 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1275 1276 if (rc == 0) { 1277 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1278 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1279 } 1280 1281 return rc; 1282 } 1283 1284 /** 1285 * smack_inode_post_setxattr - Apply the Smack update approved above 1286 * @dentry: object 1287 * @name: attribute name 1288 * @value: attribute value 1289 * @size: attribute size 1290 * @flags: unused 1291 * 1292 * Set the pointer in the inode blob to the entry found 1293 * in the master label list. 1294 */ 1295 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1296 const void *value, size_t size, int flags) 1297 { 1298 struct smack_known *skp; 1299 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1300 1301 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1302 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1303 return; 1304 } 1305 1306 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1307 skp = smk_import_entry(value, size); 1308 if (!IS_ERR(skp)) 1309 isp->smk_inode = skp; 1310 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1311 skp = smk_import_entry(value, size); 1312 if (!IS_ERR(skp)) 1313 isp->smk_task = skp; 1314 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1315 skp = smk_import_entry(value, size); 1316 if (!IS_ERR(skp)) 1317 isp->smk_mmap = skp; 1318 } 1319 1320 return; 1321 } 1322 1323 /** 1324 * smack_inode_getxattr - Smack check on getxattr 1325 * @dentry: the object 1326 * @name: unused 1327 * 1328 * Returns 0 if access is permitted, an error code otherwise 1329 */ 1330 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1331 { 1332 struct smk_audit_info ad; 1333 int rc; 1334 1335 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1336 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1337 1338 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1339 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1340 return rc; 1341 } 1342 1343 /** 1344 * smack_inode_removexattr - Smack check on removexattr 1345 * @mnt_userns: active user namespace 1346 * @dentry: the object 1347 * @name: name of the attribute 1348 * 1349 * Removing the Smack attribute requires CAP_MAC_ADMIN 1350 * 1351 * Returns 0 if access is permitted, an error code otherwise 1352 */ 1353 static int smack_inode_removexattr(struct user_namespace *mnt_userns, 1354 struct dentry *dentry, const char *name) 1355 { 1356 struct inode_smack *isp; 1357 struct smk_audit_info ad; 1358 int rc = 0; 1359 1360 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1361 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1362 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1363 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1364 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1365 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1366 if (!smack_privileged(CAP_MAC_ADMIN)) 1367 rc = -EPERM; 1368 } else 1369 rc = cap_inode_removexattr(mnt_userns, dentry, name); 1370 1371 if (rc != 0) 1372 return rc; 1373 1374 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1375 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1376 1377 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1378 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1379 if (rc != 0) 1380 return rc; 1381 1382 isp = smack_inode(d_backing_inode(dentry)); 1383 /* 1384 * Don't do anything special for these. 1385 * XATTR_NAME_SMACKIPIN 1386 * XATTR_NAME_SMACKIPOUT 1387 */ 1388 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1389 struct super_block *sbp = dentry->d_sb; 1390 struct superblock_smack *sbsp = smack_superblock(sbp); 1391 1392 isp->smk_inode = sbsp->smk_default; 1393 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1394 isp->smk_task = NULL; 1395 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1396 isp->smk_mmap = NULL; 1397 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1398 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1399 1400 return 0; 1401 } 1402 1403 /** 1404 * smack_inode_getsecurity - get smack xattrs 1405 * @mnt_userns: active user namespace 1406 * @inode: the object 1407 * @name: attribute name 1408 * @buffer: where to put the result 1409 * @alloc: duplicate memory 1410 * 1411 * Returns the size of the attribute or an error code 1412 */ 1413 static int smack_inode_getsecurity(struct user_namespace *mnt_userns, 1414 struct inode *inode, const char *name, 1415 void **buffer, bool alloc) 1416 { 1417 struct socket_smack *ssp; 1418 struct socket *sock; 1419 struct super_block *sbp; 1420 struct inode *ip = (struct inode *)inode; 1421 struct smack_known *isp; 1422 1423 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1424 isp = smk_of_inode(inode); 1425 else { 1426 /* 1427 * The rest of the Smack xattrs are only on sockets. 1428 */ 1429 sbp = ip->i_sb; 1430 if (sbp->s_magic != SOCKFS_MAGIC) 1431 return -EOPNOTSUPP; 1432 1433 sock = SOCKET_I(ip); 1434 if (sock == NULL || sock->sk == NULL) 1435 return -EOPNOTSUPP; 1436 1437 ssp = sock->sk->sk_security; 1438 1439 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1440 isp = ssp->smk_in; 1441 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1442 isp = ssp->smk_out; 1443 else 1444 return -EOPNOTSUPP; 1445 } 1446 1447 if (alloc) { 1448 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1449 if (*buffer == NULL) 1450 return -ENOMEM; 1451 } 1452 1453 return strlen(isp->smk_known); 1454 } 1455 1456 1457 /** 1458 * smack_inode_listsecurity - list the Smack attributes 1459 * @inode: the object 1460 * @buffer: where they go 1461 * @buffer_size: size of buffer 1462 */ 1463 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1464 size_t buffer_size) 1465 { 1466 int len = sizeof(XATTR_NAME_SMACK); 1467 1468 if (buffer != NULL && len <= buffer_size) 1469 memcpy(buffer, XATTR_NAME_SMACK, len); 1470 1471 return len; 1472 } 1473 1474 /** 1475 * smack_inode_getsecid - Extract inode's security id 1476 * @inode: inode to extract the info from 1477 * @secid: where result will be saved 1478 */ 1479 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1480 { 1481 struct smack_known *skp = smk_of_inode(inode); 1482 1483 *secid = skp->smk_secid; 1484 } 1485 1486 /* 1487 * File Hooks 1488 */ 1489 1490 /* 1491 * There is no smack_file_permission hook 1492 * 1493 * Should access checks be done on each read or write? 1494 * UNICOS and SELinux say yes. 1495 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1496 * 1497 * I'll say no for now. Smack does not do the frequent 1498 * label changing that SELinux does. 1499 */ 1500 1501 /** 1502 * smack_file_alloc_security - assign a file security blob 1503 * @file: the object 1504 * 1505 * The security blob for a file is a pointer to the master 1506 * label list, so no allocation is done. 1507 * 1508 * f_security is the owner security information. It 1509 * isn't used on file access checks, it's for send_sigio. 1510 * 1511 * Returns 0 1512 */ 1513 static int smack_file_alloc_security(struct file *file) 1514 { 1515 struct smack_known **blob = smack_file(file); 1516 1517 *blob = smk_of_current(); 1518 return 0; 1519 } 1520 1521 /** 1522 * smack_file_ioctl - Smack check on ioctls 1523 * @file: the object 1524 * @cmd: what to do 1525 * @arg: unused 1526 * 1527 * Relies heavily on the correct use of the ioctl command conventions. 1528 * 1529 * Returns 0 if allowed, error code otherwise 1530 */ 1531 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1532 unsigned long arg) 1533 { 1534 int rc = 0; 1535 struct smk_audit_info ad; 1536 struct inode *inode = file_inode(file); 1537 1538 if (unlikely(IS_PRIVATE(inode))) 1539 return 0; 1540 1541 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1542 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1543 1544 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1545 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1546 rc = smk_bu_file(file, MAY_WRITE, rc); 1547 } 1548 1549 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1550 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1551 rc = smk_bu_file(file, MAY_READ, rc); 1552 } 1553 1554 return rc; 1555 } 1556 1557 /** 1558 * smack_file_lock - Smack check on file locking 1559 * @file: the object 1560 * @cmd: unused 1561 * 1562 * Returns 0 if current has lock access, error code otherwise 1563 */ 1564 static int smack_file_lock(struct file *file, unsigned int cmd) 1565 { 1566 struct smk_audit_info ad; 1567 int rc; 1568 struct inode *inode = file_inode(file); 1569 1570 if (unlikely(IS_PRIVATE(inode))) 1571 return 0; 1572 1573 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1574 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1575 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1576 rc = smk_bu_file(file, MAY_LOCK, rc); 1577 return rc; 1578 } 1579 1580 /** 1581 * smack_file_fcntl - Smack check on fcntl 1582 * @file: the object 1583 * @cmd: what action to check 1584 * @arg: unused 1585 * 1586 * Generally these operations are harmless. 1587 * File locking operations present an obvious mechanism 1588 * for passing information, so they require write access. 1589 * 1590 * Returns 0 if current has access, error code otherwise 1591 */ 1592 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1593 unsigned long arg) 1594 { 1595 struct smk_audit_info ad; 1596 int rc = 0; 1597 struct inode *inode = file_inode(file); 1598 1599 if (unlikely(IS_PRIVATE(inode))) 1600 return 0; 1601 1602 switch (cmd) { 1603 case F_GETLK: 1604 break; 1605 case F_SETLK: 1606 case F_SETLKW: 1607 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1608 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1609 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1610 rc = smk_bu_file(file, MAY_LOCK, rc); 1611 break; 1612 case F_SETOWN: 1613 case F_SETSIG: 1614 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1615 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1616 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1617 rc = smk_bu_file(file, MAY_WRITE, rc); 1618 break; 1619 default: 1620 break; 1621 } 1622 1623 return rc; 1624 } 1625 1626 /** 1627 * smack_mmap_file - Check permissions for a mmap operation. 1628 * @file: contains the file structure for file to map (may be NULL). 1629 * @reqprot: contains the protection requested by the application. 1630 * @prot: contains the protection that will be applied by the kernel. 1631 * @flags: contains the operational flags. 1632 * 1633 * The @file may be NULL, e.g. if mapping anonymous memory. 1634 * 1635 * Return 0 if permission is granted. 1636 */ 1637 static int smack_mmap_file(struct file *file, 1638 unsigned long reqprot, unsigned long prot, 1639 unsigned long flags) 1640 { 1641 struct smack_known *skp; 1642 struct smack_known *mkp; 1643 struct smack_rule *srp; 1644 struct task_smack *tsp; 1645 struct smack_known *okp; 1646 struct inode_smack *isp; 1647 struct superblock_smack *sbsp; 1648 int may; 1649 int mmay; 1650 int tmay; 1651 int rc; 1652 1653 if (file == NULL) 1654 return 0; 1655 1656 if (unlikely(IS_PRIVATE(file_inode(file)))) 1657 return 0; 1658 1659 isp = smack_inode(file_inode(file)); 1660 if (isp->smk_mmap == NULL) 1661 return 0; 1662 sbsp = smack_superblock(file_inode(file)->i_sb); 1663 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1664 isp->smk_mmap != sbsp->smk_root) 1665 return -EACCES; 1666 mkp = isp->smk_mmap; 1667 1668 tsp = smack_cred(current_cred()); 1669 skp = smk_of_current(); 1670 rc = 0; 1671 1672 rcu_read_lock(); 1673 /* 1674 * For each Smack rule associated with the subject 1675 * label verify that the SMACK64MMAP also has access 1676 * to that rule's object label. 1677 */ 1678 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1679 okp = srp->smk_object; 1680 /* 1681 * Matching labels always allows access. 1682 */ 1683 if (mkp->smk_known == okp->smk_known) 1684 continue; 1685 /* 1686 * If there is a matching local rule take 1687 * that into account as well. 1688 */ 1689 may = smk_access_entry(srp->smk_subject->smk_known, 1690 okp->smk_known, 1691 &tsp->smk_rules); 1692 if (may == -ENOENT) 1693 may = srp->smk_access; 1694 else 1695 may &= srp->smk_access; 1696 /* 1697 * If may is zero the SMACK64MMAP subject can't 1698 * possibly have less access. 1699 */ 1700 if (may == 0) 1701 continue; 1702 1703 /* 1704 * Fetch the global list entry. 1705 * If there isn't one a SMACK64MMAP subject 1706 * can't have as much access as current. 1707 */ 1708 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1709 &mkp->smk_rules); 1710 if (mmay == -ENOENT) { 1711 rc = -EACCES; 1712 break; 1713 } 1714 /* 1715 * If there is a local entry it modifies the 1716 * potential access, too. 1717 */ 1718 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1719 &tsp->smk_rules); 1720 if (tmay != -ENOENT) 1721 mmay &= tmay; 1722 1723 /* 1724 * If there is any access available to current that is 1725 * not available to a SMACK64MMAP subject 1726 * deny access. 1727 */ 1728 if ((may | mmay) != mmay) { 1729 rc = -EACCES; 1730 break; 1731 } 1732 } 1733 1734 rcu_read_unlock(); 1735 1736 return rc; 1737 } 1738 1739 /** 1740 * smack_file_set_fowner - set the file security blob value 1741 * @file: object in question 1742 * 1743 */ 1744 static void smack_file_set_fowner(struct file *file) 1745 { 1746 struct smack_known **blob = smack_file(file); 1747 1748 *blob = smk_of_current(); 1749 } 1750 1751 /** 1752 * smack_file_send_sigiotask - Smack on sigio 1753 * @tsk: The target task 1754 * @fown: the object the signal come from 1755 * @signum: unused 1756 * 1757 * Allow a privileged task to get signals even if it shouldn't 1758 * 1759 * Returns 0 if a subject with the object's smack could 1760 * write to the task, an error code otherwise. 1761 */ 1762 static int smack_file_send_sigiotask(struct task_struct *tsk, 1763 struct fown_struct *fown, int signum) 1764 { 1765 struct smack_known **blob; 1766 struct smack_known *skp; 1767 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1768 const struct cred *tcred; 1769 struct file *file; 1770 int rc; 1771 struct smk_audit_info ad; 1772 1773 /* 1774 * struct fown_struct is never outside the context of a struct file 1775 */ 1776 file = container_of(fown, struct file, f_owner); 1777 1778 /* we don't log here as rc can be overriden */ 1779 blob = smack_file(file); 1780 skp = *blob; 1781 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1782 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1783 1784 rcu_read_lock(); 1785 tcred = __task_cred(tsk); 1786 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1787 rc = 0; 1788 rcu_read_unlock(); 1789 1790 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1791 smk_ad_setfield_u_tsk(&ad, tsk); 1792 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1793 return rc; 1794 } 1795 1796 /** 1797 * smack_file_receive - Smack file receive check 1798 * @file: the object 1799 * 1800 * Returns 0 if current has access, error code otherwise 1801 */ 1802 static int smack_file_receive(struct file *file) 1803 { 1804 int rc; 1805 int may = 0; 1806 struct smk_audit_info ad; 1807 struct inode *inode = file_inode(file); 1808 struct socket *sock; 1809 struct task_smack *tsp; 1810 struct socket_smack *ssp; 1811 1812 if (unlikely(IS_PRIVATE(inode))) 1813 return 0; 1814 1815 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1816 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1817 1818 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1819 sock = SOCKET_I(inode); 1820 ssp = sock->sk->sk_security; 1821 tsp = smack_cred(current_cred()); 1822 /* 1823 * If the receiving process can't write to the 1824 * passed socket or if the passed socket can't 1825 * write to the receiving process don't accept 1826 * the passed socket. 1827 */ 1828 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1829 rc = smk_bu_file(file, may, rc); 1830 if (rc < 0) 1831 return rc; 1832 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1833 rc = smk_bu_file(file, may, rc); 1834 return rc; 1835 } 1836 /* 1837 * This code relies on bitmasks. 1838 */ 1839 if (file->f_mode & FMODE_READ) 1840 may = MAY_READ; 1841 if (file->f_mode & FMODE_WRITE) 1842 may |= MAY_WRITE; 1843 1844 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1845 rc = smk_bu_file(file, may, rc); 1846 return rc; 1847 } 1848 1849 /** 1850 * smack_file_open - Smack dentry open processing 1851 * @file: the object 1852 * 1853 * Set the security blob in the file structure. 1854 * Allow the open only if the task has read access. There are 1855 * many read operations (e.g. fstat) that you can do with an 1856 * fd even if you have the file open write-only. 1857 * 1858 * Returns 0 if current has access, error code otherwise 1859 */ 1860 static int smack_file_open(struct file *file) 1861 { 1862 struct task_smack *tsp = smack_cred(file->f_cred); 1863 struct inode *inode = file_inode(file); 1864 struct smk_audit_info ad; 1865 int rc; 1866 1867 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1868 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1869 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1870 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1871 1872 return rc; 1873 } 1874 1875 /* 1876 * Task hooks 1877 */ 1878 1879 /** 1880 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1881 * @cred: the new credentials 1882 * @gfp: the atomicity of any memory allocations 1883 * 1884 * Prepare a blank set of credentials for modification. This must allocate all 1885 * the memory the LSM module might require such that cred_transfer() can 1886 * complete without error. 1887 */ 1888 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1889 { 1890 init_task_smack(smack_cred(cred), NULL, NULL); 1891 return 0; 1892 } 1893 1894 1895 /** 1896 * smack_cred_free - "free" task-level security credentials 1897 * @cred: the credentials in question 1898 * 1899 */ 1900 static void smack_cred_free(struct cred *cred) 1901 { 1902 struct task_smack *tsp = smack_cred(cred); 1903 struct smack_rule *rp; 1904 struct list_head *l; 1905 struct list_head *n; 1906 1907 smk_destroy_label_list(&tsp->smk_relabel); 1908 1909 list_for_each_safe(l, n, &tsp->smk_rules) { 1910 rp = list_entry(l, struct smack_rule, list); 1911 list_del(&rp->list); 1912 kmem_cache_free(smack_rule_cache, rp); 1913 } 1914 } 1915 1916 /** 1917 * smack_cred_prepare - prepare new set of credentials for modification 1918 * @new: the new credentials 1919 * @old: the original credentials 1920 * @gfp: the atomicity of any memory allocations 1921 * 1922 * Prepare a new set of credentials for modification. 1923 */ 1924 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1925 gfp_t gfp) 1926 { 1927 struct task_smack *old_tsp = smack_cred(old); 1928 struct task_smack *new_tsp = smack_cred(new); 1929 int rc; 1930 1931 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1932 1933 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1934 if (rc != 0) 1935 return rc; 1936 1937 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1938 gfp); 1939 return rc; 1940 } 1941 1942 /** 1943 * smack_cred_transfer - Transfer the old credentials to the new credentials 1944 * @new: the new credentials 1945 * @old: the original credentials 1946 * 1947 * Fill in a set of blank credentials from another set of credentials. 1948 */ 1949 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1950 { 1951 struct task_smack *old_tsp = smack_cred(old); 1952 struct task_smack *new_tsp = smack_cred(new); 1953 1954 new_tsp->smk_task = old_tsp->smk_task; 1955 new_tsp->smk_forked = old_tsp->smk_task; 1956 mutex_init(&new_tsp->smk_rules_lock); 1957 INIT_LIST_HEAD(&new_tsp->smk_rules); 1958 1959 /* cbs copy rule list */ 1960 } 1961 1962 /** 1963 * smack_cred_getsecid - get the secid corresponding to a creds structure 1964 * @cred: the object creds 1965 * @secid: where to put the result 1966 * 1967 * Sets the secid to contain a u32 version of the smack label. 1968 */ 1969 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 1970 { 1971 struct smack_known *skp; 1972 1973 rcu_read_lock(); 1974 skp = smk_of_task(smack_cred(cred)); 1975 *secid = skp->smk_secid; 1976 rcu_read_unlock(); 1977 } 1978 1979 /** 1980 * smack_kernel_act_as - Set the subjective context in a set of credentials 1981 * @new: points to the set of credentials to be modified. 1982 * @secid: specifies the security ID to be set 1983 * 1984 * Set the security data for a kernel service. 1985 */ 1986 static int smack_kernel_act_as(struct cred *new, u32 secid) 1987 { 1988 struct task_smack *new_tsp = smack_cred(new); 1989 1990 new_tsp->smk_task = smack_from_secid(secid); 1991 return 0; 1992 } 1993 1994 /** 1995 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1996 * @new: points to the set of credentials to be modified 1997 * @inode: points to the inode to use as a reference 1998 * 1999 * Set the file creation context in a set of credentials to the same 2000 * as the objective context of the specified inode 2001 */ 2002 static int smack_kernel_create_files_as(struct cred *new, 2003 struct inode *inode) 2004 { 2005 struct inode_smack *isp = smack_inode(inode); 2006 struct task_smack *tsp = smack_cred(new); 2007 2008 tsp->smk_forked = isp->smk_inode; 2009 tsp->smk_task = tsp->smk_forked; 2010 return 0; 2011 } 2012 2013 /** 2014 * smk_curacc_on_task - helper to log task related access 2015 * @p: the task object 2016 * @access: the access requested 2017 * @caller: name of the calling function for audit 2018 * 2019 * Return 0 if access is permitted 2020 */ 2021 static int smk_curacc_on_task(struct task_struct *p, int access, 2022 const char *caller) 2023 { 2024 struct smk_audit_info ad; 2025 struct smack_known *skp = smk_of_task_struct_obj(p); 2026 int rc; 2027 2028 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2029 smk_ad_setfield_u_tsk(&ad, p); 2030 rc = smk_curacc(skp, access, &ad); 2031 rc = smk_bu_task(p, access, rc); 2032 return rc; 2033 } 2034 2035 /** 2036 * smack_task_setpgid - Smack check on setting pgid 2037 * @p: the task object 2038 * @pgid: unused 2039 * 2040 * Return 0 if write access is permitted 2041 */ 2042 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2043 { 2044 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2045 } 2046 2047 /** 2048 * smack_task_getpgid - Smack access check for getpgid 2049 * @p: the object task 2050 * 2051 * Returns 0 if current can read the object task, error code otherwise 2052 */ 2053 static int smack_task_getpgid(struct task_struct *p) 2054 { 2055 return smk_curacc_on_task(p, MAY_READ, __func__); 2056 } 2057 2058 /** 2059 * smack_task_getsid - Smack access check for getsid 2060 * @p: the object task 2061 * 2062 * Returns 0 if current can read the object task, error code otherwise 2063 */ 2064 static int smack_task_getsid(struct task_struct *p) 2065 { 2066 return smk_curacc_on_task(p, MAY_READ, __func__); 2067 } 2068 2069 /** 2070 * smack_task_getsecid_subj - get the subjective secid of the task 2071 * @p: the task 2072 * @secid: where to put the result 2073 * 2074 * Sets the secid to contain a u32 version of the task's subjective smack label. 2075 */ 2076 static void smack_task_getsecid_subj(struct task_struct *p, u32 *secid) 2077 { 2078 struct smack_known *skp = smk_of_task_struct_subj(p); 2079 2080 *secid = skp->smk_secid; 2081 } 2082 2083 /** 2084 * smack_task_getsecid_obj - get the objective secid of the task 2085 * @p: the task 2086 * @secid: where to put the result 2087 * 2088 * Sets the secid to contain a u32 version of the task's objective smack label. 2089 */ 2090 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2091 { 2092 struct smack_known *skp = smk_of_task_struct_obj(p); 2093 2094 *secid = skp->smk_secid; 2095 } 2096 2097 /** 2098 * smack_task_setnice - Smack check on setting nice 2099 * @p: the task object 2100 * @nice: unused 2101 * 2102 * Return 0 if write access is permitted 2103 */ 2104 static int smack_task_setnice(struct task_struct *p, int nice) 2105 { 2106 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2107 } 2108 2109 /** 2110 * smack_task_setioprio - Smack check on setting ioprio 2111 * @p: the task object 2112 * @ioprio: unused 2113 * 2114 * Return 0 if write access is permitted 2115 */ 2116 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2117 { 2118 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2119 } 2120 2121 /** 2122 * smack_task_getioprio - Smack check on reading ioprio 2123 * @p: the task object 2124 * 2125 * Return 0 if read access is permitted 2126 */ 2127 static int smack_task_getioprio(struct task_struct *p) 2128 { 2129 return smk_curacc_on_task(p, MAY_READ, __func__); 2130 } 2131 2132 /** 2133 * smack_task_setscheduler - Smack check on setting scheduler 2134 * @p: the task object 2135 * 2136 * Return 0 if read access is permitted 2137 */ 2138 static int smack_task_setscheduler(struct task_struct *p) 2139 { 2140 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2141 } 2142 2143 /** 2144 * smack_task_getscheduler - Smack check on reading scheduler 2145 * @p: the task object 2146 * 2147 * Return 0 if read access is permitted 2148 */ 2149 static int smack_task_getscheduler(struct task_struct *p) 2150 { 2151 return smk_curacc_on_task(p, MAY_READ, __func__); 2152 } 2153 2154 /** 2155 * smack_task_movememory - Smack check on moving memory 2156 * @p: the task object 2157 * 2158 * Return 0 if write access is permitted 2159 */ 2160 static int smack_task_movememory(struct task_struct *p) 2161 { 2162 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2163 } 2164 2165 /** 2166 * smack_task_kill - Smack check on signal delivery 2167 * @p: the task object 2168 * @info: unused 2169 * @sig: unused 2170 * @cred: identifies the cred to use in lieu of current's 2171 * 2172 * Return 0 if write access is permitted 2173 * 2174 */ 2175 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2176 int sig, const struct cred *cred) 2177 { 2178 struct smk_audit_info ad; 2179 struct smack_known *skp; 2180 struct smack_known *tkp = smk_of_task_struct_obj(p); 2181 int rc; 2182 2183 if (!sig) 2184 return 0; /* null signal; existence test */ 2185 2186 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2187 smk_ad_setfield_u_tsk(&ad, p); 2188 /* 2189 * Sending a signal requires that the sender 2190 * can write the receiver. 2191 */ 2192 if (cred == NULL) { 2193 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2194 rc = smk_bu_task(p, MAY_DELIVER, rc); 2195 return rc; 2196 } 2197 /* 2198 * If the cred isn't NULL we're dealing with some USB IO 2199 * specific behavior. This is not clean. For one thing 2200 * we can't take privilege into account. 2201 */ 2202 skp = smk_of_task(smack_cred(cred)); 2203 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2204 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2205 return rc; 2206 } 2207 2208 /** 2209 * smack_task_to_inode - copy task smack into the inode blob 2210 * @p: task to copy from 2211 * @inode: inode to copy to 2212 * 2213 * Sets the smack pointer in the inode security blob 2214 */ 2215 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2216 { 2217 struct inode_smack *isp = smack_inode(inode); 2218 struct smack_known *skp = smk_of_task_struct_obj(p); 2219 2220 isp->smk_inode = skp; 2221 isp->smk_flags |= SMK_INODE_INSTANT; 2222 } 2223 2224 /* 2225 * Socket hooks. 2226 */ 2227 2228 /** 2229 * smack_sk_alloc_security - Allocate a socket blob 2230 * @sk: the socket 2231 * @family: unused 2232 * @gfp_flags: memory allocation flags 2233 * 2234 * Assign Smack pointers to current 2235 * 2236 * Returns 0 on success, -ENOMEM is there's no memory 2237 */ 2238 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2239 { 2240 struct smack_known *skp = smk_of_current(); 2241 struct socket_smack *ssp; 2242 2243 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2244 if (ssp == NULL) 2245 return -ENOMEM; 2246 2247 /* 2248 * Sockets created by kernel threads receive web label. 2249 */ 2250 if (unlikely(current->flags & PF_KTHREAD)) { 2251 ssp->smk_in = &smack_known_web; 2252 ssp->smk_out = &smack_known_web; 2253 } else { 2254 ssp->smk_in = skp; 2255 ssp->smk_out = skp; 2256 } 2257 ssp->smk_packet = NULL; 2258 2259 sk->sk_security = ssp; 2260 2261 return 0; 2262 } 2263 2264 /** 2265 * smack_sk_free_security - Free a socket blob 2266 * @sk: the socket 2267 * 2268 * Clears the blob pointer 2269 */ 2270 static void smack_sk_free_security(struct sock *sk) 2271 { 2272 #ifdef SMACK_IPV6_PORT_LABELING 2273 struct smk_port_label *spp; 2274 2275 if (sk->sk_family == PF_INET6) { 2276 rcu_read_lock(); 2277 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2278 if (spp->smk_sock != sk) 2279 continue; 2280 spp->smk_can_reuse = 1; 2281 break; 2282 } 2283 rcu_read_unlock(); 2284 } 2285 #endif 2286 kfree(sk->sk_security); 2287 } 2288 2289 /** 2290 * smack_ipv4host_label - check host based restrictions 2291 * @sip: the object end 2292 * 2293 * looks for host based access restrictions 2294 * 2295 * This version will only be appropriate for really small sets of single label 2296 * hosts. The caller is responsible for ensuring that the RCU read lock is 2297 * taken before calling this function. 2298 * 2299 * Returns the label of the far end or NULL if it's not special. 2300 */ 2301 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2302 { 2303 struct smk_net4addr *snp; 2304 struct in_addr *siap = &sip->sin_addr; 2305 2306 if (siap->s_addr == 0) 2307 return NULL; 2308 2309 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2310 /* 2311 * we break after finding the first match because 2312 * the list is sorted from longest to shortest mask 2313 * so we have found the most specific match 2314 */ 2315 if (snp->smk_host.s_addr == 2316 (siap->s_addr & snp->smk_mask.s_addr)) 2317 return snp->smk_label; 2318 2319 return NULL; 2320 } 2321 2322 /* 2323 * smk_ipv6_localhost - Check for local ipv6 host address 2324 * @sip: the address 2325 * 2326 * Returns boolean true if this is the localhost address 2327 */ 2328 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2329 { 2330 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2331 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2332 2333 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2334 ntohs(be16p[7]) == 1) 2335 return true; 2336 return false; 2337 } 2338 2339 /** 2340 * smack_ipv6host_label - check host based restrictions 2341 * @sip: the object end 2342 * 2343 * looks for host based access restrictions 2344 * 2345 * This version will only be appropriate for really small sets of single label 2346 * hosts. The caller is responsible for ensuring that the RCU read lock is 2347 * taken before calling this function. 2348 * 2349 * Returns the label of the far end or NULL if it's not special. 2350 */ 2351 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2352 { 2353 struct smk_net6addr *snp; 2354 struct in6_addr *sap = &sip->sin6_addr; 2355 int i; 2356 int found = 0; 2357 2358 /* 2359 * It's local. Don't look for a host label. 2360 */ 2361 if (smk_ipv6_localhost(sip)) 2362 return NULL; 2363 2364 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2365 /* 2366 * If the label is NULL the entry has 2367 * been renounced. Ignore it. 2368 */ 2369 if (snp->smk_label == NULL) 2370 continue; 2371 /* 2372 * we break after finding the first match because 2373 * the list is sorted from longest to shortest mask 2374 * so we have found the most specific match 2375 */ 2376 for (found = 1, i = 0; i < 8; i++) { 2377 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2378 snp->smk_host.s6_addr16[i]) { 2379 found = 0; 2380 break; 2381 } 2382 } 2383 if (found) 2384 return snp->smk_label; 2385 } 2386 2387 return NULL; 2388 } 2389 2390 /** 2391 * smack_netlbl_add - Set the secattr on a socket 2392 * @sk: the socket 2393 * 2394 * Attach the outbound smack value (smk_out) to the socket. 2395 * 2396 * Returns 0 on success or an error code 2397 */ 2398 static int smack_netlbl_add(struct sock *sk) 2399 { 2400 struct socket_smack *ssp = sk->sk_security; 2401 struct smack_known *skp = ssp->smk_out; 2402 int rc; 2403 2404 local_bh_disable(); 2405 bh_lock_sock_nested(sk); 2406 2407 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2408 switch (rc) { 2409 case 0: 2410 ssp->smk_state = SMK_NETLBL_LABELED; 2411 break; 2412 case -EDESTADDRREQ: 2413 ssp->smk_state = SMK_NETLBL_REQSKB; 2414 rc = 0; 2415 break; 2416 } 2417 2418 bh_unlock_sock(sk); 2419 local_bh_enable(); 2420 2421 return rc; 2422 } 2423 2424 /** 2425 * smack_netlbl_delete - Remove the secattr from a socket 2426 * @sk: the socket 2427 * 2428 * Remove the outbound smack value from a socket 2429 */ 2430 static void smack_netlbl_delete(struct sock *sk) 2431 { 2432 struct socket_smack *ssp = sk->sk_security; 2433 2434 /* 2435 * Take the label off the socket if one is set. 2436 */ 2437 if (ssp->smk_state != SMK_NETLBL_LABELED) 2438 return; 2439 2440 local_bh_disable(); 2441 bh_lock_sock_nested(sk); 2442 netlbl_sock_delattr(sk); 2443 bh_unlock_sock(sk); 2444 local_bh_enable(); 2445 ssp->smk_state = SMK_NETLBL_UNLABELED; 2446 } 2447 2448 /** 2449 * smk_ipv4_check - Perform IPv4 host access checks 2450 * @sk: the socket 2451 * @sap: the destination address 2452 * 2453 * Set the correct secattr for the given socket based on the destination 2454 * address and perform any outbound access checks needed. 2455 * 2456 * Returns 0 on success or an error code. 2457 * 2458 */ 2459 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2460 { 2461 struct smack_known *skp; 2462 int rc = 0; 2463 struct smack_known *hkp; 2464 struct socket_smack *ssp = sk->sk_security; 2465 struct smk_audit_info ad; 2466 2467 rcu_read_lock(); 2468 hkp = smack_ipv4host_label(sap); 2469 if (hkp != NULL) { 2470 #ifdef CONFIG_AUDIT 2471 struct lsm_network_audit net; 2472 2473 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2474 ad.a.u.net->family = sap->sin_family; 2475 ad.a.u.net->dport = sap->sin_port; 2476 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2477 #endif 2478 skp = ssp->smk_out; 2479 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2480 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2481 /* 2482 * Clear the socket netlabel if it's set. 2483 */ 2484 if (!rc) 2485 smack_netlbl_delete(sk); 2486 } 2487 rcu_read_unlock(); 2488 2489 return rc; 2490 } 2491 2492 /** 2493 * smk_ipv6_check - check Smack access 2494 * @subject: subject Smack label 2495 * @object: object Smack label 2496 * @address: address 2497 * @act: the action being taken 2498 * 2499 * Check an IPv6 access 2500 */ 2501 static int smk_ipv6_check(struct smack_known *subject, 2502 struct smack_known *object, 2503 struct sockaddr_in6 *address, int act) 2504 { 2505 #ifdef CONFIG_AUDIT 2506 struct lsm_network_audit net; 2507 #endif 2508 struct smk_audit_info ad; 2509 int rc; 2510 2511 #ifdef CONFIG_AUDIT 2512 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2513 ad.a.u.net->family = PF_INET6; 2514 ad.a.u.net->dport = ntohs(address->sin6_port); 2515 if (act == SMK_RECEIVING) 2516 ad.a.u.net->v6info.saddr = address->sin6_addr; 2517 else 2518 ad.a.u.net->v6info.daddr = address->sin6_addr; 2519 #endif 2520 rc = smk_access(subject, object, MAY_WRITE, &ad); 2521 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2522 return rc; 2523 } 2524 2525 #ifdef SMACK_IPV6_PORT_LABELING 2526 /** 2527 * smk_ipv6_port_label - Smack port access table management 2528 * @sock: socket 2529 * @address: address 2530 * 2531 * Create or update the port list entry 2532 */ 2533 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2534 { 2535 struct sock *sk = sock->sk; 2536 struct sockaddr_in6 *addr6; 2537 struct socket_smack *ssp = sock->sk->sk_security; 2538 struct smk_port_label *spp; 2539 unsigned short port = 0; 2540 2541 if (address == NULL) { 2542 /* 2543 * This operation is changing the Smack information 2544 * on the bound socket. Take the changes to the port 2545 * as well. 2546 */ 2547 rcu_read_lock(); 2548 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2549 if (sk != spp->smk_sock) 2550 continue; 2551 spp->smk_in = ssp->smk_in; 2552 spp->smk_out = ssp->smk_out; 2553 rcu_read_unlock(); 2554 return; 2555 } 2556 /* 2557 * A NULL address is only used for updating existing 2558 * bound entries. If there isn't one, it's OK. 2559 */ 2560 rcu_read_unlock(); 2561 return; 2562 } 2563 2564 addr6 = (struct sockaddr_in6 *)address; 2565 port = ntohs(addr6->sin6_port); 2566 /* 2567 * This is a special case that is safely ignored. 2568 */ 2569 if (port == 0) 2570 return; 2571 2572 /* 2573 * Look for an existing port list entry. 2574 * This is an indication that a port is getting reused. 2575 */ 2576 rcu_read_lock(); 2577 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2578 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2579 continue; 2580 if (spp->smk_can_reuse != 1) { 2581 rcu_read_unlock(); 2582 return; 2583 } 2584 spp->smk_port = port; 2585 spp->smk_sock = sk; 2586 spp->smk_in = ssp->smk_in; 2587 spp->smk_out = ssp->smk_out; 2588 spp->smk_can_reuse = 0; 2589 rcu_read_unlock(); 2590 return; 2591 } 2592 rcu_read_unlock(); 2593 /* 2594 * A new port entry is required. 2595 */ 2596 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2597 if (spp == NULL) 2598 return; 2599 2600 spp->smk_port = port; 2601 spp->smk_sock = sk; 2602 spp->smk_in = ssp->smk_in; 2603 spp->smk_out = ssp->smk_out; 2604 spp->smk_sock_type = sock->type; 2605 spp->smk_can_reuse = 0; 2606 2607 mutex_lock(&smack_ipv6_lock); 2608 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2609 mutex_unlock(&smack_ipv6_lock); 2610 return; 2611 } 2612 2613 /** 2614 * smk_ipv6_port_check - check Smack port access 2615 * @sk: socket 2616 * @address: address 2617 * @act: the action being taken 2618 * 2619 * Create or update the port list entry 2620 */ 2621 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2622 int act) 2623 { 2624 struct smk_port_label *spp; 2625 struct socket_smack *ssp = sk->sk_security; 2626 struct smack_known *skp = NULL; 2627 unsigned short port; 2628 struct smack_known *object; 2629 2630 if (act == SMK_RECEIVING) { 2631 skp = smack_ipv6host_label(address); 2632 object = ssp->smk_in; 2633 } else { 2634 skp = ssp->smk_out; 2635 object = smack_ipv6host_label(address); 2636 } 2637 2638 /* 2639 * The other end is a single label host. 2640 */ 2641 if (skp != NULL && object != NULL) 2642 return smk_ipv6_check(skp, object, address, act); 2643 if (skp == NULL) 2644 skp = smack_net_ambient; 2645 if (object == NULL) 2646 object = smack_net_ambient; 2647 2648 /* 2649 * It's remote, so port lookup does no good. 2650 */ 2651 if (!smk_ipv6_localhost(address)) 2652 return smk_ipv6_check(skp, object, address, act); 2653 2654 /* 2655 * It's local so the send check has to have passed. 2656 */ 2657 if (act == SMK_RECEIVING) 2658 return 0; 2659 2660 port = ntohs(address->sin6_port); 2661 rcu_read_lock(); 2662 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2663 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2664 continue; 2665 object = spp->smk_in; 2666 if (act == SMK_CONNECTING) 2667 ssp->smk_packet = spp->smk_out; 2668 break; 2669 } 2670 rcu_read_unlock(); 2671 2672 return smk_ipv6_check(skp, object, address, act); 2673 } 2674 #endif 2675 2676 /** 2677 * smack_inode_setsecurity - set smack xattrs 2678 * @inode: the object 2679 * @name: attribute name 2680 * @value: attribute value 2681 * @size: size of the attribute 2682 * @flags: unused 2683 * 2684 * Sets the named attribute in the appropriate blob 2685 * 2686 * Returns 0 on success, or an error code 2687 */ 2688 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2689 const void *value, size_t size, int flags) 2690 { 2691 struct smack_known *skp; 2692 struct inode_smack *nsp = smack_inode(inode); 2693 struct socket_smack *ssp; 2694 struct socket *sock; 2695 int rc = 0; 2696 2697 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2698 return -EINVAL; 2699 2700 skp = smk_import_entry(value, size); 2701 if (IS_ERR(skp)) 2702 return PTR_ERR(skp); 2703 2704 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2705 nsp->smk_inode = skp; 2706 nsp->smk_flags |= SMK_INODE_INSTANT; 2707 return 0; 2708 } 2709 /* 2710 * The rest of the Smack xattrs are only on sockets. 2711 */ 2712 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2713 return -EOPNOTSUPP; 2714 2715 sock = SOCKET_I(inode); 2716 if (sock == NULL || sock->sk == NULL) 2717 return -EOPNOTSUPP; 2718 2719 ssp = sock->sk->sk_security; 2720 2721 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2722 ssp->smk_in = skp; 2723 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2724 ssp->smk_out = skp; 2725 if (sock->sk->sk_family == PF_INET) { 2726 rc = smack_netlbl_add(sock->sk); 2727 if (rc != 0) 2728 printk(KERN_WARNING 2729 "Smack: \"%s\" netlbl error %d.\n", 2730 __func__, -rc); 2731 } 2732 } else 2733 return -EOPNOTSUPP; 2734 2735 #ifdef SMACK_IPV6_PORT_LABELING 2736 if (sock->sk->sk_family == PF_INET6) 2737 smk_ipv6_port_label(sock, NULL); 2738 #endif 2739 2740 return 0; 2741 } 2742 2743 /** 2744 * smack_socket_post_create - finish socket setup 2745 * @sock: the socket 2746 * @family: protocol family 2747 * @type: unused 2748 * @protocol: unused 2749 * @kern: unused 2750 * 2751 * Sets the netlabel information on the socket 2752 * 2753 * Returns 0 on success, and error code otherwise 2754 */ 2755 static int smack_socket_post_create(struct socket *sock, int family, 2756 int type, int protocol, int kern) 2757 { 2758 struct socket_smack *ssp; 2759 2760 if (sock->sk == NULL) 2761 return 0; 2762 2763 /* 2764 * Sockets created by kernel threads receive web label. 2765 */ 2766 if (unlikely(current->flags & PF_KTHREAD)) { 2767 ssp = sock->sk->sk_security; 2768 ssp->smk_in = &smack_known_web; 2769 ssp->smk_out = &smack_known_web; 2770 } 2771 2772 if (family != PF_INET) 2773 return 0; 2774 /* 2775 * Set the outbound netlbl. 2776 */ 2777 return smack_netlbl_add(sock->sk); 2778 } 2779 2780 /** 2781 * smack_socket_socketpair - create socket pair 2782 * @socka: one socket 2783 * @sockb: another socket 2784 * 2785 * Cross reference the peer labels for SO_PEERSEC 2786 * 2787 * Returns 0 2788 */ 2789 static int smack_socket_socketpair(struct socket *socka, 2790 struct socket *sockb) 2791 { 2792 struct socket_smack *asp = socka->sk->sk_security; 2793 struct socket_smack *bsp = sockb->sk->sk_security; 2794 2795 asp->smk_packet = bsp->smk_out; 2796 bsp->smk_packet = asp->smk_out; 2797 2798 return 0; 2799 } 2800 2801 #ifdef SMACK_IPV6_PORT_LABELING 2802 /** 2803 * smack_socket_bind - record port binding information. 2804 * @sock: the socket 2805 * @address: the port address 2806 * @addrlen: size of the address 2807 * 2808 * Records the label bound to a port. 2809 * 2810 * Returns 0 on success, and error code otherwise 2811 */ 2812 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2813 int addrlen) 2814 { 2815 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2816 if (addrlen < SIN6_LEN_RFC2133 || 2817 address->sa_family != AF_INET6) 2818 return -EINVAL; 2819 smk_ipv6_port_label(sock, address); 2820 } 2821 return 0; 2822 } 2823 #endif /* SMACK_IPV6_PORT_LABELING */ 2824 2825 /** 2826 * smack_socket_connect - connect access check 2827 * @sock: the socket 2828 * @sap: the other end 2829 * @addrlen: size of sap 2830 * 2831 * Verifies that a connection may be possible 2832 * 2833 * Returns 0 on success, and error code otherwise 2834 */ 2835 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2836 int addrlen) 2837 { 2838 int rc = 0; 2839 2840 if (sock->sk == NULL) 2841 return 0; 2842 if (sock->sk->sk_family != PF_INET && 2843 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2844 return 0; 2845 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2846 return 0; 2847 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2848 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2849 struct smack_known *rsp = NULL; 2850 2851 if (addrlen < SIN6_LEN_RFC2133) 2852 return 0; 2853 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2854 rsp = smack_ipv6host_label(sip); 2855 if (rsp != NULL) { 2856 struct socket_smack *ssp = sock->sk->sk_security; 2857 2858 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2859 SMK_CONNECTING); 2860 } 2861 #ifdef SMACK_IPV6_PORT_LABELING 2862 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2863 #endif 2864 2865 return rc; 2866 } 2867 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2868 return 0; 2869 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 2870 return rc; 2871 } 2872 2873 /** 2874 * smack_flags_to_may - convert S_ to MAY_ values 2875 * @flags: the S_ value 2876 * 2877 * Returns the equivalent MAY_ value 2878 */ 2879 static int smack_flags_to_may(int flags) 2880 { 2881 int may = 0; 2882 2883 if (flags & S_IRUGO) 2884 may |= MAY_READ; 2885 if (flags & S_IWUGO) 2886 may |= MAY_WRITE; 2887 if (flags & S_IXUGO) 2888 may |= MAY_EXEC; 2889 2890 return may; 2891 } 2892 2893 /** 2894 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2895 * @msg: the object 2896 * 2897 * Returns 0 2898 */ 2899 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2900 { 2901 struct smack_known **blob = smack_msg_msg(msg); 2902 2903 *blob = smk_of_current(); 2904 return 0; 2905 } 2906 2907 /** 2908 * smack_of_ipc - the smack pointer for the ipc 2909 * @isp: the object 2910 * 2911 * Returns a pointer to the smack value 2912 */ 2913 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2914 { 2915 struct smack_known **blob = smack_ipc(isp); 2916 2917 return *blob; 2918 } 2919 2920 /** 2921 * smack_ipc_alloc_security - Set the security blob for ipc 2922 * @isp: the object 2923 * 2924 * Returns 0 2925 */ 2926 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 2927 { 2928 struct smack_known **blob = smack_ipc(isp); 2929 2930 *blob = smk_of_current(); 2931 return 0; 2932 } 2933 2934 /** 2935 * smk_curacc_shm : check if current has access on shm 2936 * @isp : the object 2937 * @access : access requested 2938 * 2939 * Returns 0 if current has the requested access, error code otherwise 2940 */ 2941 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 2942 { 2943 struct smack_known *ssp = smack_of_ipc(isp); 2944 struct smk_audit_info ad; 2945 int rc; 2946 2947 #ifdef CONFIG_AUDIT 2948 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2949 ad.a.u.ipc_id = isp->id; 2950 #endif 2951 rc = smk_curacc(ssp, access, &ad); 2952 rc = smk_bu_current("shm", ssp, access, rc); 2953 return rc; 2954 } 2955 2956 /** 2957 * smack_shm_associate - Smack access check for shm 2958 * @isp: the object 2959 * @shmflg: access requested 2960 * 2961 * Returns 0 if current has the requested access, error code otherwise 2962 */ 2963 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 2964 { 2965 int may; 2966 2967 may = smack_flags_to_may(shmflg); 2968 return smk_curacc_shm(isp, may); 2969 } 2970 2971 /** 2972 * smack_shm_shmctl - Smack access check for shm 2973 * @isp: the object 2974 * @cmd: what it wants to do 2975 * 2976 * Returns 0 if current has the requested access, error code otherwise 2977 */ 2978 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 2979 { 2980 int may; 2981 2982 switch (cmd) { 2983 case IPC_STAT: 2984 case SHM_STAT: 2985 case SHM_STAT_ANY: 2986 may = MAY_READ; 2987 break; 2988 case IPC_SET: 2989 case SHM_LOCK: 2990 case SHM_UNLOCK: 2991 case IPC_RMID: 2992 may = MAY_READWRITE; 2993 break; 2994 case IPC_INFO: 2995 case SHM_INFO: 2996 /* 2997 * System level information. 2998 */ 2999 return 0; 3000 default: 3001 return -EINVAL; 3002 } 3003 return smk_curacc_shm(isp, may); 3004 } 3005 3006 /** 3007 * smack_shm_shmat - Smack access for shmat 3008 * @isp: the object 3009 * @shmaddr: unused 3010 * @shmflg: access requested 3011 * 3012 * Returns 0 if current has the requested access, error code otherwise 3013 */ 3014 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3015 int shmflg) 3016 { 3017 int may; 3018 3019 may = smack_flags_to_may(shmflg); 3020 return smk_curacc_shm(isp, may); 3021 } 3022 3023 /** 3024 * smk_curacc_sem : check if current has access on sem 3025 * @isp : the object 3026 * @access : access requested 3027 * 3028 * Returns 0 if current has the requested access, error code otherwise 3029 */ 3030 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3031 { 3032 struct smack_known *ssp = smack_of_ipc(isp); 3033 struct smk_audit_info ad; 3034 int rc; 3035 3036 #ifdef CONFIG_AUDIT 3037 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3038 ad.a.u.ipc_id = isp->id; 3039 #endif 3040 rc = smk_curacc(ssp, access, &ad); 3041 rc = smk_bu_current("sem", ssp, access, rc); 3042 return rc; 3043 } 3044 3045 /** 3046 * smack_sem_associate - Smack access check for sem 3047 * @isp: the object 3048 * @semflg: access requested 3049 * 3050 * Returns 0 if current has the requested access, error code otherwise 3051 */ 3052 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3053 { 3054 int may; 3055 3056 may = smack_flags_to_may(semflg); 3057 return smk_curacc_sem(isp, may); 3058 } 3059 3060 /** 3061 * smack_sem_semctl - Smack access check for sem 3062 * @isp: the object 3063 * @cmd: what it wants to do 3064 * 3065 * Returns 0 if current has the requested access, error code otherwise 3066 */ 3067 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3068 { 3069 int may; 3070 3071 switch (cmd) { 3072 case GETPID: 3073 case GETNCNT: 3074 case GETZCNT: 3075 case GETVAL: 3076 case GETALL: 3077 case IPC_STAT: 3078 case SEM_STAT: 3079 case SEM_STAT_ANY: 3080 may = MAY_READ; 3081 break; 3082 case SETVAL: 3083 case SETALL: 3084 case IPC_RMID: 3085 case IPC_SET: 3086 may = MAY_READWRITE; 3087 break; 3088 case IPC_INFO: 3089 case SEM_INFO: 3090 /* 3091 * System level information 3092 */ 3093 return 0; 3094 default: 3095 return -EINVAL; 3096 } 3097 3098 return smk_curacc_sem(isp, may); 3099 } 3100 3101 /** 3102 * smack_sem_semop - Smack checks of semaphore operations 3103 * @isp: the object 3104 * @sops: unused 3105 * @nsops: unused 3106 * @alter: unused 3107 * 3108 * Treated as read and write in all cases. 3109 * 3110 * Returns 0 if access is allowed, error code otherwise 3111 */ 3112 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3113 unsigned nsops, int alter) 3114 { 3115 return smk_curacc_sem(isp, MAY_READWRITE); 3116 } 3117 3118 /** 3119 * smk_curacc_msq : helper to check if current has access on msq 3120 * @isp : the msq 3121 * @access : access requested 3122 * 3123 * return 0 if current has access, error otherwise 3124 */ 3125 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3126 { 3127 struct smack_known *msp = smack_of_ipc(isp); 3128 struct smk_audit_info ad; 3129 int rc; 3130 3131 #ifdef CONFIG_AUDIT 3132 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3133 ad.a.u.ipc_id = isp->id; 3134 #endif 3135 rc = smk_curacc(msp, access, &ad); 3136 rc = smk_bu_current("msq", msp, access, rc); 3137 return rc; 3138 } 3139 3140 /** 3141 * smack_msg_queue_associate - Smack access check for msg_queue 3142 * @isp: the object 3143 * @msqflg: access requested 3144 * 3145 * Returns 0 if current has the requested access, error code otherwise 3146 */ 3147 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3148 { 3149 int may; 3150 3151 may = smack_flags_to_may(msqflg); 3152 return smk_curacc_msq(isp, may); 3153 } 3154 3155 /** 3156 * smack_msg_queue_msgctl - Smack access check for msg_queue 3157 * @isp: the object 3158 * @cmd: what it wants to do 3159 * 3160 * Returns 0 if current has the requested access, error code otherwise 3161 */ 3162 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3163 { 3164 int may; 3165 3166 switch (cmd) { 3167 case IPC_STAT: 3168 case MSG_STAT: 3169 case MSG_STAT_ANY: 3170 may = MAY_READ; 3171 break; 3172 case IPC_SET: 3173 case IPC_RMID: 3174 may = MAY_READWRITE; 3175 break; 3176 case IPC_INFO: 3177 case MSG_INFO: 3178 /* 3179 * System level information 3180 */ 3181 return 0; 3182 default: 3183 return -EINVAL; 3184 } 3185 3186 return smk_curacc_msq(isp, may); 3187 } 3188 3189 /** 3190 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3191 * @isp: the object 3192 * @msg: unused 3193 * @msqflg: access requested 3194 * 3195 * Returns 0 if current has the requested access, error code otherwise 3196 */ 3197 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3198 int msqflg) 3199 { 3200 int may; 3201 3202 may = smack_flags_to_may(msqflg); 3203 return smk_curacc_msq(isp, may); 3204 } 3205 3206 /** 3207 * smack_msg_queue_msgrcv - Smack access check for msg_queue 3208 * @isp: the object 3209 * @msg: unused 3210 * @target: unused 3211 * @type: unused 3212 * @mode: unused 3213 * 3214 * Returns 0 if current has read and write access, error code otherwise 3215 */ 3216 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, 3217 struct msg_msg *msg, 3218 struct task_struct *target, long type, 3219 int mode) 3220 { 3221 return smk_curacc_msq(isp, MAY_READWRITE); 3222 } 3223 3224 /** 3225 * smack_ipc_permission - Smack access for ipc_permission() 3226 * @ipp: the object permissions 3227 * @flag: access requested 3228 * 3229 * Returns 0 if current has read and write access, error code otherwise 3230 */ 3231 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3232 { 3233 struct smack_known **blob = smack_ipc(ipp); 3234 struct smack_known *iskp = *blob; 3235 int may = smack_flags_to_may(flag); 3236 struct smk_audit_info ad; 3237 int rc; 3238 3239 #ifdef CONFIG_AUDIT 3240 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3241 ad.a.u.ipc_id = ipp->id; 3242 #endif 3243 rc = smk_curacc(iskp, may, &ad); 3244 rc = smk_bu_current("svipc", iskp, may, rc); 3245 return rc; 3246 } 3247 3248 /** 3249 * smack_ipc_getsecid - Extract smack security id 3250 * @ipp: the object permissions 3251 * @secid: where result will be saved 3252 */ 3253 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3254 { 3255 struct smack_known **blob = smack_ipc(ipp); 3256 struct smack_known *iskp = *blob; 3257 3258 *secid = iskp->smk_secid; 3259 } 3260 3261 /** 3262 * smack_d_instantiate - Make sure the blob is correct on an inode 3263 * @opt_dentry: dentry where inode will be attached 3264 * @inode: the object 3265 * 3266 * Set the inode's security blob if it hasn't been done already. 3267 */ 3268 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3269 { 3270 struct super_block *sbp; 3271 struct superblock_smack *sbsp; 3272 struct inode_smack *isp; 3273 struct smack_known *skp; 3274 struct smack_known *ckp = smk_of_current(); 3275 struct smack_known *final; 3276 char trattr[TRANS_TRUE_SIZE]; 3277 int transflag = 0; 3278 int rc; 3279 struct dentry *dp; 3280 3281 if (inode == NULL) 3282 return; 3283 3284 isp = smack_inode(inode); 3285 3286 /* 3287 * If the inode is already instantiated 3288 * take the quick way out 3289 */ 3290 if (isp->smk_flags & SMK_INODE_INSTANT) 3291 return; 3292 3293 sbp = inode->i_sb; 3294 sbsp = smack_superblock(sbp); 3295 /* 3296 * We're going to use the superblock default label 3297 * if there's no label on the file. 3298 */ 3299 final = sbsp->smk_default; 3300 3301 /* 3302 * If this is the root inode the superblock 3303 * may be in the process of initialization. 3304 * If that is the case use the root value out 3305 * of the superblock. 3306 */ 3307 if (opt_dentry->d_parent == opt_dentry) { 3308 switch (sbp->s_magic) { 3309 case CGROUP_SUPER_MAGIC: 3310 case CGROUP2_SUPER_MAGIC: 3311 /* 3312 * The cgroup filesystem is never mounted, 3313 * so there's no opportunity to set the mount 3314 * options. 3315 */ 3316 sbsp->smk_root = &smack_known_star; 3317 sbsp->smk_default = &smack_known_star; 3318 isp->smk_inode = sbsp->smk_root; 3319 break; 3320 case TMPFS_MAGIC: 3321 /* 3322 * What about shmem/tmpfs anonymous files with dentry 3323 * obtained from d_alloc_pseudo()? 3324 */ 3325 isp->smk_inode = smk_of_current(); 3326 break; 3327 case PIPEFS_MAGIC: 3328 isp->smk_inode = smk_of_current(); 3329 break; 3330 case SOCKFS_MAGIC: 3331 /* 3332 * Socket access is controlled by the socket 3333 * structures associated with the task involved. 3334 */ 3335 isp->smk_inode = &smack_known_star; 3336 break; 3337 default: 3338 isp->smk_inode = sbsp->smk_root; 3339 break; 3340 } 3341 isp->smk_flags |= SMK_INODE_INSTANT; 3342 return; 3343 } 3344 3345 /* 3346 * This is pretty hackish. 3347 * Casey says that we shouldn't have to do 3348 * file system specific code, but it does help 3349 * with keeping it simple. 3350 */ 3351 switch (sbp->s_magic) { 3352 case SMACK_MAGIC: 3353 case CGROUP_SUPER_MAGIC: 3354 case CGROUP2_SUPER_MAGIC: 3355 /* 3356 * Casey says that it's a little embarrassing 3357 * that the smack file system doesn't do 3358 * extended attributes. 3359 * 3360 * Cgroupfs is special 3361 */ 3362 final = &smack_known_star; 3363 break; 3364 case DEVPTS_SUPER_MAGIC: 3365 /* 3366 * devpts seems content with the label of the task. 3367 * Programs that change smack have to treat the 3368 * pty with respect. 3369 */ 3370 final = ckp; 3371 break; 3372 case PROC_SUPER_MAGIC: 3373 /* 3374 * Casey says procfs appears not to care. 3375 * The superblock default suffices. 3376 */ 3377 break; 3378 case TMPFS_MAGIC: 3379 /* 3380 * Device labels should come from the filesystem, 3381 * but watch out, because they're volitile, 3382 * getting recreated on every reboot. 3383 */ 3384 final = &smack_known_star; 3385 /* 3386 * If a smack value has been set we want to use it, 3387 * but since tmpfs isn't giving us the opportunity 3388 * to set mount options simulate setting the 3389 * superblock default. 3390 */ 3391 fallthrough; 3392 default: 3393 /* 3394 * This isn't an understood special case. 3395 * Get the value from the xattr. 3396 */ 3397 3398 /* 3399 * UNIX domain sockets use lower level socket data. 3400 */ 3401 if (S_ISSOCK(inode->i_mode)) { 3402 final = &smack_known_star; 3403 break; 3404 } 3405 /* 3406 * No xattr support means, alas, no SMACK label. 3407 * Use the aforeapplied default. 3408 * It would be curious if the label of the task 3409 * does not match that assigned. 3410 */ 3411 if (!(inode->i_opflags & IOP_XATTR)) 3412 break; 3413 /* 3414 * Get the dentry for xattr. 3415 */ 3416 dp = dget(opt_dentry); 3417 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3418 if (!IS_ERR_OR_NULL(skp)) 3419 final = skp; 3420 3421 /* 3422 * Transmuting directory 3423 */ 3424 if (S_ISDIR(inode->i_mode)) { 3425 /* 3426 * If this is a new directory and the label was 3427 * transmuted when the inode was initialized 3428 * set the transmute attribute on the directory 3429 * and mark the inode. 3430 * 3431 * If there is a transmute attribute on the 3432 * directory mark the inode. 3433 */ 3434 if (isp->smk_flags & SMK_INODE_CHANGED) { 3435 isp->smk_flags &= ~SMK_INODE_CHANGED; 3436 rc = __vfs_setxattr(&init_user_ns, dp, inode, 3437 XATTR_NAME_SMACKTRANSMUTE, 3438 TRANS_TRUE, TRANS_TRUE_SIZE, 3439 0); 3440 } else { 3441 rc = __vfs_getxattr(dp, inode, 3442 XATTR_NAME_SMACKTRANSMUTE, trattr, 3443 TRANS_TRUE_SIZE); 3444 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3445 TRANS_TRUE_SIZE) != 0) 3446 rc = -EINVAL; 3447 } 3448 if (rc >= 0) 3449 transflag = SMK_INODE_TRANSMUTE; 3450 } 3451 /* 3452 * Don't let the exec or mmap label be "*" or "@". 3453 */ 3454 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3455 if (IS_ERR(skp) || skp == &smack_known_star || 3456 skp == &smack_known_web) 3457 skp = NULL; 3458 isp->smk_task = skp; 3459 3460 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3461 if (IS_ERR(skp) || skp == &smack_known_star || 3462 skp == &smack_known_web) 3463 skp = NULL; 3464 isp->smk_mmap = skp; 3465 3466 dput(dp); 3467 break; 3468 } 3469 3470 if (final == NULL) 3471 isp->smk_inode = ckp; 3472 else 3473 isp->smk_inode = final; 3474 3475 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3476 3477 return; 3478 } 3479 3480 /** 3481 * smack_getprocattr - Smack process attribute access 3482 * @p: the object task 3483 * @name: the name of the attribute in /proc/.../attr 3484 * @value: where to put the result 3485 * 3486 * Places a copy of the task Smack into value 3487 * 3488 * Returns the length of the smack label or an error code 3489 */ 3490 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3491 { 3492 struct smack_known *skp = smk_of_task_struct_obj(p); 3493 char *cp; 3494 int slen; 3495 3496 if (strcmp(name, "current") != 0) 3497 return -EINVAL; 3498 3499 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3500 if (cp == NULL) 3501 return -ENOMEM; 3502 3503 slen = strlen(cp); 3504 *value = cp; 3505 return slen; 3506 } 3507 3508 /** 3509 * smack_setprocattr - Smack process attribute setting 3510 * @name: the name of the attribute in /proc/.../attr 3511 * @value: the value to set 3512 * @size: the size of the value 3513 * 3514 * Sets the Smack value of the task. Only setting self 3515 * is permitted and only with privilege 3516 * 3517 * Returns the length of the smack label or an error code 3518 */ 3519 static int smack_setprocattr(const char *name, void *value, size_t size) 3520 { 3521 struct task_smack *tsp = smack_cred(current_cred()); 3522 struct cred *new; 3523 struct smack_known *skp; 3524 struct smack_known_list_elem *sklep; 3525 int rc; 3526 3527 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3528 return -EPERM; 3529 3530 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3531 return -EINVAL; 3532 3533 if (strcmp(name, "current") != 0) 3534 return -EINVAL; 3535 3536 skp = smk_import_entry(value, size); 3537 if (IS_ERR(skp)) 3538 return PTR_ERR(skp); 3539 3540 /* 3541 * No process is ever allowed the web ("@") label 3542 * and the star ("*") label. 3543 */ 3544 if (skp == &smack_known_web || skp == &smack_known_star) 3545 return -EINVAL; 3546 3547 if (!smack_privileged(CAP_MAC_ADMIN)) { 3548 rc = -EPERM; 3549 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3550 if (sklep->smk_label == skp) { 3551 rc = 0; 3552 break; 3553 } 3554 if (rc) 3555 return rc; 3556 } 3557 3558 new = prepare_creds(); 3559 if (new == NULL) 3560 return -ENOMEM; 3561 3562 tsp = smack_cred(new); 3563 tsp->smk_task = skp; 3564 /* 3565 * process can change its label only once 3566 */ 3567 smk_destroy_label_list(&tsp->smk_relabel); 3568 3569 commit_creds(new); 3570 return size; 3571 } 3572 3573 /** 3574 * smack_unix_stream_connect - Smack access on UDS 3575 * @sock: one sock 3576 * @other: the other sock 3577 * @newsk: unused 3578 * 3579 * Return 0 if a subject with the smack of sock could access 3580 * an object with the smack of other, otherwise an error code 3581 */ 3582 static int smack_unix_stream_connect(struct sock *sock, 3583 struct sock *other, struct sock *newsk) 3584 { 3585 struct smack_known *skp; 3586 struct smack_known *okp; 3587 struct socket_smack *ssp = sock->sk_security; 3588 struct socket_smack *osp = other->sk_security; 3589 struct socket_smack *nsp = newsk->sk_security; 3590 struct smk_audit_info ad; 3591 int rc = 0; 3592 #ifdef CONFIG_AUDIT 3593 struct lsm_network_audit net; 3594 #endif 3595 3596 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3597 skp = ssp->smk_out; 3598 okp = osp->smk_in; 3599 #ifdef CONFIG_AUDIT 3600 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3601 smk_ad_setfield_u_net_sk(&ad, other); 3602 #endif 3603 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3604 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3605 if (rc == 0) { 3606 okp = osp->smk_out; 3607 skp = ssp->smk_in; 3608 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3609 rc = smk_bu_note("UDS connect", okp, skp, 3610 MAY_WRITE, rc); 3611 } 3612 } 3613 3614 /* 3615 * Cross reference the peer labels for SO_PEERSEC. 3616 */ 3617 if (rc == 0) { 3618 nsp->smk_packet = ssp->smk_out; 3619 ssp->smk_packet = osp->smk_out; 3620 } 3621 3622 return rc; 3623 } 3624 3625 /** 3626 * smack_unix_may_send - Smack access on UDS 3627 * @sock: one socket 3628 * @other: the other socket 3629 * 3630 * Return 0 if a subject with the smack of sock could access 3631 * an object with the smack of other, otherwise an error code 3632 */ 3633 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3634 { 3635 struct socket_smack *ssp = sock->sk->sk_security; 3636 struct socket_smack *osp = other->sk->sk_security; 3637 struct smk_audit_info ad; 3638 int rc; 3639 3640 #ifdef CONFIG_AUDIT 3641 struct lsm_network_audit net; 3642 3643 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3644 smk_ad_setfield_u_net_sk(&ad, other->sk); 3645 #endif 3646 3647 if (smack_privileged(CAP_MAC_OVERRIDE)) 3648 return 0; 3649 3650 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3651 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3652 return rc; 3653 } 3654 3655 /** 3656 * smack_socket_sendmsg - Smack check based on destination host 3657 * @sock: the socket 3658 * @msg: the message 3659 * @size: the size of the message 3660 * 3661 * Return 0 if the current subject can write to the destination host. 3662 * For IPv4 this is only a question if the destination is a single label host. 3663 * For IPv6 this is a check against the label of the port. 3664 */ 3665 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3666 int size) 3667 { 3668 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3669 #if IS_ENABLED(CONFIG_IPV6) 3670 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3671 #endif 3672 #ifdef SMACK_IPV6_SECMARK_LABELING 3673 struct socket_smack *ssp = sock->sk->sk_security; 3674 struct smack_known *rsp; 3675 #endif 3676 int rc = 0; 3677 3678 /* 3679 * Perfectly reasonable for this to be NULL 3680 */ 3681 if (sip == NULL) 3682 return 0; 3683 3684 switch (sock->sk->sk_family) { 3685 case AF_INET: 3686 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3687 sip->sin_family != AF_INET) 3688 return -EINVAL; 3689 rc = smk_ipv4_check(sock->sk, sip); 3690 break; 3691 #if IS_ENABLED(CONFIG_IPV6) 3692 case AF_INET6: 3693 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3694 sap->sin6_family != AF_INET6) 3695 return -EINVAL; 3696 #ifdef SMACK_IPV6_SECMARK_LABELING 3697 rsp = smack_ipv6host_label(sap); 3698 if (rsp != NULL) 3699 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3700 SMK_CONNECTING); 3701 #endif 3702 #ifdef SMACK_IPV6_PORT_LABELING 3703 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3704 #endif 3705 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3706 break; 3707 } 3708 return rc; 3709 } 3710 3711 /** 3712 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3713 * @sap: netlabel secattr 3714 * @ssp: socket security information 3715 * 3716 * Returns a pointer to a Smack label entry found on the label list. 3717 */ 3718 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3719 struct socket_smack *ssp) 3720 { 3721 struct smack_known *skp; 3722 int found = 0; 3723 int acat; 3724 int kcat; 3725 3726 /* 3727 * Netlabel found it in the cache. 3728 */ 3729 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3730 return (struct smack_known *)sap->cache->data; 3731 3732 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3733 /* 3734 * Looks like a fallback, which gives us a secid. 3735 */ 3736 return smack_from_secid(sap->attr.secid); 3737 3738 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3739 /* 3740 * Looks like a CIPSO packet. 3741 * If there are flags but no level netlabel isn't 3742 * behaving the way we expect it to. 3743 * 3744 * Look it up in the label table 3745 * Without guidance regarding the smack value 3746 * for the packet fall back on the network 3747 * ambient value. 3748 */ 3749 rcu_read_lock(); 3750 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3751 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3752 continue; 3753 /* 3754 * Compare the catsets. Use the netlbl APIs. 3755 */ 3756 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3757 if ((skp->smk_netlabel.flags & 3758 NETLBL_SECATTR_MLS_CAT) == 0) 3759 found = 1; 3760 break; 3761 } 3762 for (acat = -1, kcat = -1; acat == kcat; ) { 3763 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3764 acat + 1); 3765 kcat = netlbl_catmap_walk( 3766 skp->smk_netlabel.attr.mls.cat, 3767 kcat + 1); 3768 if (acat < 0 || kcat < 0) 3769 break; 3770 } 3771 if (acat == kcat) { 3772 found = 1; 3773 break; 3774 } 3775 } 3776 rcu_read_unlock(); 3777 3778 if (found) 3779 return skp; 3780 3781 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3782 return &smack_known_web; 3783 return &smack_known_star; 3784 } 3785 /* 3786 * Without guidance regarding the smack value 3787 * for the packet fall back on the network 3788 * ambient value. 3789 */ 3790 return smack_net_ambient; 3791 } 3792 3793 #if IS_ENABLED(CONFIG_IPV6) 3794 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3795 { 3796 u8 nexthdr; 3797 int offset; 3798 int proto = -EINVAL; 3799 struct ipv6hdr _ipv6h; 3800 struct ipv6hdr *ip6; 3801 __be16 frag_off; 3802 struct tcphdr _tcph, *th; 3803 struct udphdr _udph, *uh; 3804 struct dccp_hdr _dccph, *dh; 3805 3806 sip->sin6_port = 0; 3807 3808 offset = skb_network_offset(skb); 3809 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3810 if (ip6 == NULL) 3811 return -EINVAL; 3812 sip->sin6_addr = ip6->saddr; 3813 3814 nexthdr = ip6->nexthdr; 3815 offset += sizeof(_ipv6h); 3816 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3817 if (offset < 0) 3818 return -EINVAL; 3819 3820 proto = nexthdr; 3821 switch (proto) { 3822 case IPPROTO_TCP: 3823 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3824 if (th != NULL) 3825 sip->sin6_port = th->source; 3826 break; 3827 case IPPROTO_UDP: 3828 case IPPROTO_UDPLITE: 3829 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3830 if (uh != NULL) 3831 sip->sin6_port = uh->source; 3832 break; 3833 case IPPROTO_DCCP: 3834 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3835 if (dh != NULL) 3836 sip->sin6_port = dh->dccph_sport; 3837 break; 3838 } 3839 return proto; 3840 } 3841 #endif /* CONFIG_IPV6 */ 3842 3843 /** 3844 * smack_from_skb - Smack data from the secmark in an skb 3845 * @skb: packet 3846 * 3847 * Returns smack_known of the secmark or NULL if that won't work. 3848 */ 3849 #ifdef CONFIG_NETWORK_SECMARK 3850 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3851 { 3852 if (skb == NULL || skb->secmark == 0) 3853 return NULL; 3854 3855 return smack_from_secid(skb->secmark); 3856 } 3857 #else 3858 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3859 { 3860 return NULL; 3861 } 3862 #endif 3863 3864 /** 3865 * smack_from_netlbl - Smack data from the IP options in an skb 3866 * @sk: socket data came in on 3867 * @family: address family 3868 * @skb: packet 3869 * 3870 * Find the Smack label in the IP options. If it hasn't been 3871 * added to the netlabel cache, add it here. 3872 * 3873 * Returns smack_known of the IP options or NULL if that won't work. 3874 */ 3875 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 3876 struct sk_buff *skb) 3877 { 3878 struct netlbl_lsm_secattr secattr; 3879 struct socket_smack *ssp = NULL; 3880 struct smack_known *skp = NULL; 3881 3882 netlbl_secattr_init(&secattr); 3883 3884 if (sk) 3885 ssp = sk->sk_security; 3886 3887 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 3888 skp = smack_from_secattr(&secattr, ssp); 3889 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 3890 netlbl_cache_add(skb, family, &skp->smk_netlabel); 3891 } 3892 3893 netlbl_secattr_destroy(&secattr); 3894 3895 return skp; 3896 } 3897 3898 /** 3899 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3900 * @sk: socket 3901 * @skb: packet 3902 * 3903 * Returns 0 if the packet should be delivered, an error code otherwise 3904 */ 3905 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3906 { 3907 struct socket_smack *ssp = sk->sk_security; 3908 struct smack_known *skp = NULL; 3909 int rc = 0; 3910 struct smk_audit_info ad; 3911 u16 family = sk->sk_family; 3912 #ifdef CONFIG_AUDIT 3913 struct lsm_network_audit net; 3914 #endif 3915 #if IS_ENABLED(CONFIG_IPV6) 3916 struct sockaddr_in6 sadd; 3917 int proto; 3918 3919 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3920 family = PF_INET; 3921 #endif /* CONFIG_IPV6 */ 3922 3923 switch (family) { 3924 case PF_INET: 3925 /* 3926 * If there is a secmark use it rather than the CIPSO label. 3927 * If there is no secmark fall back to CIPSO. 3928 * The secmark is assumed to reflect policy better. 3929 */ 3930 skp = smack_from_skb(skb); 3931 if (skp == NULL) { 3932 skp = smack_from_netlbl(sk, family, skb); 3933 if (skp == NULL) 3934 skp = smack_net_ambient; 3935 } 3936 3937 #ifdef CONFIG_AUDIT 3938 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3939 ad.a.u.net->family = family; 3940 ad.a.u.net->netif = skb->skb_iif; 3941 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3942 #endif 3943 /* 3944 * Receiving a packet requires that the other end 3945 * be able to write here. Read access is not required. 3946 * This is the simplist possible security model 3947 * for networking. 3948 */ 3949 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3950 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3951 MAY_WRITE, rc); 3952 if (rc != 0) 3953 netlbl_skbuff_err(skb, family, rc, 0); 3954 break; 3955 #if IS_ENABLED(CONFIG_IPV6) 3956 case PF_INET6: 3957 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3958 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3959 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 3960 break; 3961 #ifdef SMACK_IPV6_SECMARK_LABELING 3962 skp = smack_from_skb(skb); 3963 if (skp == NULL) { 3964 if (smk_ipv6_localhost(&sadd)) 3965 break; 3966 skp = smack_ipv6host_label(&sadd); 3967 if (skp == NULL) 3968 skp = smack_net_ambient; 3969 } 3970 #ifdef CONFIG_AUDIT 3971 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3972 ad.a.u.net->family = family; 3973 ad.a.u.net->netif = skb->skb_iif; 3974 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3975 #endif /* CONFIG_AUDIT */ 3976 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3977 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3978 MAY_WRITE, rc); 3979 #endif /* SMACK_IPV6_SECMARK_LABELING */ 3980 #ifdef SMACK_IPV6_PORT_LABELING 3981 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3982 #endif /* SMACK_IPV6_PORT_LABELING */ 3983 if (rc != 0) 3984 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 3985 ICMPV6_ADM_PROHIBITED, 0); 3986 break; 3987 #endif /* CONFIG_IPV6 */ 3988 } 3989 3990 return rc; 3991 } 3992 3993 /** 3994 * smack_socket_getpeersec_stream - pull in packet label 3995 * @sock: the socket 3996 * @optval: user's destination 3997 * @optlen: size thereof 3998 * @len: max thereof 3999 * 4000 * returns zero on success, an error code otherwise 4001 */ 4002 static int smack_socket_getpeersec_stream(struct socket *sock, 4003 char __user *optval, 4004 int __user *optlen, unsigned len) 4005 { 4006 struct socket_smack *ssp; 4007 char *rcp = ""; 4008 int slen = 1; 4009 int rc = 0; 4010 4011 ssp = sock->sk->sk_security; 4012 if (ssp->smk_packet != NULL) { 4013 rcp = ssp->smk_packet->smk_known; 4014 slen = strlen(rcp) + 1; 4015 } 4016 4017 if (slen > len) 4018 rc = -ERANGE; 4019 else if (copy_to_user(optval, rcp, slen) != 0) 4020 rc = -EFAULT; 4021 4022 if (put_user(slen, optlen) != 0) 4023 rc = -EFAULT; 4024 4025 return rc; 4026 } 4027 4028 4029 /** 4030 * smack_socket_getpeersec_dgram - pull in packet label 4031 * @sock: the peer socket 4032 * @skb: packet data 4033 * @secid: pointer to where to put the secid of the packet 4034 * 4035 * Sets the netlabel socket state on sk from parent 4036 */ 4037 static int smack_socket_getpeersec_dgram(struct socket *sock, 4038 struct sk_buff *skb, u32 *secid) 4039 4040 { 4041 struct socket_smack *ssp = NULL; 4042 struct smack_known *skp; 4043 struct sock *sk = NULL; 4044 int family = PF_UNSPEC; 4045 u32 s = 0; /* 0 is the invalid secid */ 4046 4047 if (skb != NULL) { 4048 if (skb->protocol == htons(ETH_P_IP)) 4049 family = PF_INET; 4050 #if IS_ENABLED(CONFIG_IPV6) 4051 else if (skb->protocol == htons(ETH_P_IPV6)) 4052 family = PF_INET6; 4053 #endif /* CONFIG_IPV6 */ 4054 } 4055 if (family == PF_UNSPEC && sock != NULL) 4056 family = sock->sk->sk_family; 4057 4058 switch (family) { 4059 case PF_UNIX: 4060 ssp = sock->sk->sk_security; 4061 s = ssp->smk_out->smk_secid; 4062 break; 4063 case PF_INET: 4064 skp = smack_from_skb(skb); 4065 if (skp) { 4066 s = skp->smk_secid; 4067 break; 4068 } 4069 /* 4070 * Translate what netlabel gave us. 4071 */ 4072 if (sock != NULL) 4073 sk = sock->sk; 4074 skp = smack_from_netlbl(sk, family, skb); 4075 if (skp != NULL) 4076 s = skp->smk_secid; 4077 break; 4078 case PF_INET6: 4079 #ifdef SMACK_IPV6_SECMARK_LABELING 4080 skp = smack_from_skb(skb); 4081 if (skp) 4082 s = skp->smk_secid; 4083 #endif 4084 break; 4085 } 4086 *secid = s; 4087 if (s == 0) 4088 return -EINVAL; 4089 return 0; 4090 } 4091 4092 /** 4093 * smack_sock_graft - Initialize a newly created socket with an existing sock 4094 * @sk: child sock 4095 * @parent: parent socket 4096 * 4097 * Set the smk_{in,out} state of an existing sock based on the process that 4098 * is creating the new socket. 4099 */ 4100 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4101 { 4102 struct socket_smack *ssp; 4103 struct smack_known *skp = smk_of_current(); 4104 4105 if (sk == NULL || 4106 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4107 return; 4108 4109 ssp = sk->sk_security; 4110 ssp->smk_in = skp; 4111 ssp->smk_out = skp; 4112 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4113 } 4114 4115 /** 4116 * smack_inet_conn_request - Smack access check on connect 4117 * @sk: socket involved 4118 * @skb: packet 4119 * @req: unused 4120 * 4121 * Returns 0 if a task with the packet label could write to 4122 * the socket, otherwise an error code 4123 */ 4124 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4125 struct request_sock *req) 4126 { 4127 u16 family = sk->sk_family; 4128 struct smack_known *skp; 4129 struct socket_smack *ssp = sk->sk_security; 4130 struct sockaddr_in addr; 4131 struct iphdr *hdr; 4132 struct smack_known *hskp; 4133 int rc; 4134 struct smk_audit_info ad; 4135 #ifdef CONFIG_AUDIT 4136 struct lsm_network_audit net; 4137 #endif 4138 4139 #if IS_ENABLED(CONFIG_IPV6) 4140 if (family == PF_INET6) { 4141 /* 4142 * Handle mapped IPv4 packets arriving 4143 * via IPv6 sockets. Don't set up netlabel 4144 * processing on IPv6. 4145 */ 4146 if (skb->protocol == htons(ETH_P_IP)) 4147 family = PF_INET; 4148 else 4149 return 0; 4150 } 4151 #endif /* CONFIG_IPV6 */ 4152 4153 /* 4154 * If there is a secmark use it rather than the CIPSO label. 4155 * If there is no secmark fall back to CIPSO. 4156 * The secmark is assumed to reflect policy better. 4157 */ 4158 skp = smack_from_skb(skb); 4159 if (skp == NULL) { 4160 skp = smack_from_netlbl(sk, family, skb); 4161 if (skp == NULL) 4162 skp = &smack_known_huh; 4163 } 4164 4165 #ifdef CONFIG_AUDIT 4166 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4167 ad.a.u.net->family = family; 4168 ad.a.u.net->netif = skb->skb_iif; 4169 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4170 #endif 4171 /* 4172 * Receiving a packet requires that the other end be able to write 4173 * here. Read access is not required. 4174 */ 4175 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4176 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4177 if (rc != 0) 4178 return rc; 4179 4180 /* 4181 * Save the peer's label in the request_sock so we can later setup 4182 * smk_packet in the child socket so that SO_PEERCRED can report it. 4183 */ 4184 req->peer_secid = skp->smk_secid; 4185 4186 /* 4187 * We need to decide if we want to label the incoming connection here 4188 * if we do we only need to label the request_sock and the stack will 4189 * propagate the wire-label to the sock when it is created. 4190 */ 4191 hdr = ip_hdr(skb); 4192 addr.sin_addr.s_addr = hdr->saddr; 4193 rcu_read_lock(); 4194 hskp = smack_ipv4host_label(&addr); 4195 rcu_read_unlock(); 4196 4197 if (hskp == NULL) 4198 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4199 else 4200 netlbl_req_delattr(req); 4201 4202 return rc; 4203 } 4204 4205 /** 4206 * smack_inet_csk_clone - Copy the connection information to the new socket 4207 * @sk: the new socket 4208 * @req: the connection's request_sock 4209 * 4210 * Transfer the connection's peer label to the newly created socket. 4211 */ 4212 static void smack_inet_csk_clone(struct sock *sk, 4213 const struct request_sock *req) 4214 { 4215 struct socket_smack *ssp = sk->sk_security; 4216 struct smack_known *skp; 4217 4218 if (req->peer_secid != 0) { 4219 skp = smack_from_secid(req->peer_secid); 4220 ssp->smk_packet = skp; 4221 } else 4222 ssp->smk_packet = NULL; 4223 } 4224 4225 /* 4226 * Key management security hooks 4227 * 4228 * Casey has not tested key support very heavily. 4229 * The permission check is most likely too restrictive. 4230 * If you care about keys please have a look. 4231 */ 4232 #ifdef CONFIG_KEYS 4233 4234 /** 4235 * smack_key_alloc - Set the key security blob 4236 * @key: object 4237 * @cred: the credentials to use 4238 * @flags: unused 4239 * 4240 * No allocation required 4241 * 4242 * Returns 0 4243 */ 4244 static int smack_key_alloc(struct key *key, const struct cred *cred, 4245 unsigned long flags) 4246 { 4247 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4248 4249 key->security = skp; 4250 return 0; 4251 } 4252 4253 /** 4254 * smack_key_free - Clear the key security blob 4255 * @key: the object 4256 * 4257 * Clear the blob pointer 4258 */ 4259 static void smack_key_free(struct key *key) 4260 { 4261 key->security = NULL; 4262 } 4263 4264 /** 4265 * smack_key_permission - Smack access on a key 4266 * @key_ref: gets to the object 4267 * @cred: the credentials to use 4268 * @need_perm: requested key permission 4269 * 4270 * Return 0 if the task has read and write to the object, 4271 * an error code otherwise 4272 */ 4273 static int smack_key_permission(key_ref_t key_ref, 4274 const struct cred *cred, 4275 enum key_need_perm need_perm) 4276 { 4277 struct key *keyp; 4278 struct smk_audit_info ad; 4279 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4280 int request = 0; 4281 int rc; 4282 4283 /* 4284 * Validate requested permissions 4285 */ 4286 switch (need_perm) { 4287 case KEY_NEED_READ: 4288 case KEY_NEED_SEARCH: 4289 case KEY_NEED_VIEW: 4290 request |= MAY_READ; 4291 break; 4292 case KEY_NEED_WRITE: 4293 case KEY_NEED_LINK: 4294 case KEY_NEED_SETATTR: 4295 request |= MAY_WRITE; 4296 break; 4297 case KEY_NEED_UNSPECIFIED: 4298 case KEY_NEED_UNLINK: 4299 case KEY_SYSADMIN_OVERRIDE: 4300 case KEY_AUTHTOKEN_OVERRIDE: 4301 case KEY_DEFER_PERM_CHECK: 4302 return 0; 4303 default: 4304 return -EINVAL; 4305 } 4306 4307 keyp = key_ref_to_ptr(key_ref); 4308 if (keyp == NULL) 4309 return -EINVAL; 4310 /* 4311 * If the key hasn't been initialized give it access so that 4312 * it may do so. 4313 */ 4314 if (keyp->security == NULL) 4315 return 0; 4316 /* 4317 * This should not occur 4318 */ 4319 if (tkp == NULL) 4320 return -EACCES; 4321 4322 if (smack_privileged(CAP_MAC_OVERRIDE)) 4323 return 0; 4324 4325 #ifdef CONFIG_AUDIT 4326 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4327 ad.a.u.key_struct.key = keyp->serial; 4328 ad.a.u.key_struct.key_desc = keyp->description; 4329 #endif 4330 rc = smk_access(tkp, keyp->security, request, &ad); 4331 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4332 return rc; 4333 } 4334 4335 /* 4336 * smack_key_getsecurity - Smack label tagging the key 4337 * @key points to the key to be queried 4338 * @_buffer points to a pointer that should be set to point to the 4339 * resulting string (if no label or an error occurs). 4340 * Return the length of the string (including terminating NUL) or -ve if 4341 * an error. 4342 * May also return 0 (and a NULL buffer pointer) if there is no label. 4343 */ 4344 static int smack_key_getsecurity(struct key *key, char **_buffer) 4345 { 4346 struct smack_known *skp = key->security; 4347 size_t length; 4348 char *copy; 4349 4350 if (key->security == NULL) { 4351 *_buffer = NULL; 4352 return 0; 4353 } 4354 4355 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4356 if (copy == NULL) 4357 return -ENOMEM; 4358 length = strlen(copy) + 1; 4359 4360 *_buffer = copy; 4361 return length; 4362 } 4363 4364 4365 #ifdef CONFIG_KEY_NOTIFICATIONS 4366 /** 4367 * smack_watch_key - Smack access to watch a key for notifications. 4368 * @key: The key to be watched 4369 * 4370 * Return 0 if the @watch->cred has permission to read from the key object and 4371 * an error otherwise. 4372 */ 4373 static int smack_watch_key(struct key *key) 4374 { 4375 struct smk_audit_info ad; 4376 struct smack_known *tkp = smk_of_current(); 4377 int rc; 4378 4379 if (key == NULL) 4380 return -EINVAL; 4381 /* 4382 * If the key hasn't been initialized give it access so that 4383 * it may do so. 4384 */ 4385 if (key->security == NULL) 4386 return 0; 4387 /* 4388 * This should not occur 4389 */ 4390 if (tkp == NULL) 4391 return -EACCES; 4392 4393 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4394 return 0; 4395 4396 #ifdef CONFIG_AUDIT 4397 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4398 ad.a.u.key_struct.key = key->serial; 4399 ad.a.u.key_struct.key_desc = key->description; 4400 #endif 4401 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4402 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4403 return rc; 4404 } 4405 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4406 #endif /* CONFIG_KEYS */ 4407 4408 #ifdef CONFIG_WATCH_QUEUE 4409 /** 4410 * smack_post_notification - Smack access to post a notification to a queue 4411 * @w_cred: The credentials of the watcher. 4412 * @cred: The credentials of the event source (may be NULL). 4413 * @n: The notification message to be posted. 4414 */ 4415 static int smack_post_notification(const struct cred *w_cred, 4416 const struct cred *cred, 4417 struct watch_notification *n) 4418 { 4419 struct smk_audit_info ad; 4420 struct smack_known *subj, *obj; 4421 int rc; 4422 4423 /* Always let maintenance notifications through. */ 4424 if (n->type == WATCH_TYPE_META) 4425 return 0; 4426 4427 if (!cred) 4428 return 0; 4429 subj = smk_of_task(smack_cred(cred)); 4430 obj = smk_of_task(smack_cred(w_cred)); 4431 4432 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4433 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4434 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4435 return rc; 4436 } 4437 #endif /* CONFIG_WATCH_QUEUE */ 4438 4439 /* 4440 * Smack Audit hooks 4441 * 4442 * Audit requires a unique representation of each Smack specific 4443 * rule. This unique representation is used to distinguish the 4444 * object to be audited from remaining kernel objects and also 4445 * works as a glue between the audit hooks. 4446 * 4447 * Since repository entries are added but never deleted, we'll use 4448 * the smack_known label address related to the given audit rule as 4449 * the needed unique representation. This also better fits the smack 4450 * model where nearly everything is a label. 4451 */ 4452 #ifdef CONFIG_AUDIT 4453 4454 /** 4455 * smack_audit_rule_init - Initialize a smack audit rule 4456 * @field: audit rule fields given from user-space (audit.h) 4457 * @op: required testing operator (=, !=, >, <, ...) 4458 * @rulestr: smack label to be audited 4459 * @vrule: pointer to save our own audit rule representation 4460 * 4461 * Prepare to audit cases where (@field @op @rulestr) is true. 4462 * The label to be audited is created if necessay. 4463 */ 4464 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4465 { 4466 struct smack_known *skp; 4467 char **rule = (char **)vrule; 4468 *rule = NULL; 4469 4470 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4471 return -EINVAL; 4472 4473 if (op != Audit_equal && op != Audit_not_equal) 4474 return -EINVAL; 4475 4476 skp = smk_import_entry(rulestr, 0); 4477 if (IS_ERR(skp)) 4478 return PTR_ERR(skp); 4479 4480 *rule = skp->smk_known; 4481 4482 return 0; 4483 } 4484 4485 /** 4486 * smack_audit_rule_known - Distinguish Smack audit rules 4487 * @krule: rule of interest, in Audit kernel representation format 4488 * 4489 * This is used to filter Smack rules from remaining Audit ones. 4490 * If it's proved that this rule belongs to us, the 4491 * audit_rule_match hook will be called to do the final judgement. 4492 */ 4493 static int smack_audit_rule_known(struct audit_krule *krule) 4494 { 4495 struct audit_field *f; 4496 int i; 4497 4498 for (i = 0; i < krule->field_count; i++) { 4499 f = &krule->fields[i]; 4500 4501 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4502 return 1; 4503 } 4504 4505 return 0; 4506 } 4507 4508 /** 4509 * smack_audit_rule_match - Audit given object ? 4510 * @secid: security id for identifying the object to test 4511 * @field: audit rule flags given from user-space 4512 * @op: required testing operator 4513 * @vrule: smack internal rule presentation 4514 * 4515 * The core Audit hook. It's used to take the decision of 4516 * whether to audit or not to audit a given object. 4517 */ 4518 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4519 { 4520 struct smack_known *skp; 4521 char *rule = vrule; 4522 4523 if (unlikely(!rule)) { 4524 WARN_ONCE(1, "Smack: missing rule\n"); 4525 return -ENOENT; 4526 } 4527 4528 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4529 return 0; 4530 4531 skp = smack_from_secid(secid); 4532 4533 /* 4534 * No need to do string comparisons. If a match occurs, 4535 * both pointers will point to the same smack_known 4536 * label. 4537 */ 4538 if (op == Audit_equal) 4539 return (rule == skp->smk_known); 4540 if (op == Audit_not_equal) 4541 return (rule != skp->smk_known); 4542 4543 return 0; 4544 } 4545 4546 /* 4547 * There is no need for a smack_audit_rule_free hook. 4548 * No memory was allocated. 4549 */ 4550 4551 #endif /* CONFIG_AUDIT */ 4552 4553 /** 4554 * smack_ismaclabel - check if xattr @name references a smack MAC label 4555 * @name: Full xattr name to check. 4556 */ 4557 static int smack_ismaclabel(const char *name) 4558 { 4559 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4560 } 4561 4562 4563 /** 4564 * smack_secid_to_secctx - return the smack label for a secid 4565 * @secid: incoming integer 4566 * @secdata: destination 4567 * @seclen: how long it is 4568 * 4569 * Exists for networking code. 4570 */ 4571 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4572 { 4573 struct smack_known *skp = smack_from_secid(secid); 4574 4575 if (secdata) 4576 *secdata = skp->smk_known; 4577 *seclen = strlen(skp->smk_known); 4578 return 0; 4579 } 4580 4581 /** 4582 * smack_secctx_to_secid - return the secid for a smack label 4583 * @secdata: smack label 4584 * @seclen: how long result is 4585 * @secid: outgoing integer 4586 * 4587 * Exists for audit and networking code. 4588 */ 4589 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4590 { 4591 struct smack_known *skp = smk_find_entry(secdata); 4592 4593 if (skp) 4594 *secid = skp->smk_secid; 4595 else 4596 *secid = 0; 4597 return 0; 4598 } 4599 4600 /* 4601 * There used to be a smack_release_secctx hook 4602 * that did nothing back when hooks were in a vector. 4603 * Now that there's a list such a hook adds cost. 4604 */ 4605 4606 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4607 { 4608 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4609 ctxlen, 0); 4610 } 4611 4612 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4613 { 4614 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK, 4615 ctx, ctxlen, 0); 4616 } 4617 4618 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4619 { 4620 struct smack_known *skp = smk_of_inode(inode); 4621 4622 *ctx = skp->smk_known; 4623 *ctxlen = strlen(skp->smk_known); 4624 return 0; 4625 } 4626 4627 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4628 { 4629 4630 struct task_smack *tsp; 4631 struct smack_known *skp; 4632 struct inode_smack *isp; 4633 struct cred *new_creds = *new; 4634 4635 if (new_creds == NULL) { 4636 new_creds = prepare_creds(); 4637 if (new_creds == NULL) 4638 return -ENOMEM; 4639 } 4640 4641 tsp = smack_cred(new_creds); 4642 4643 /* 4644 * Get label from overlay inode and set it in create_sid 4645 */ 4646 isp = smack_inode(d_inode(dentry)); 4647 skp = isp->smk_inode; 4648 tsp->smk_task = skp; 4649 *new = new_creds; 4650 return 0; 4651 } 4652 4653 static int smack_inode_copy_up_xattr(const char *name) 4654 { 4655 /* 4656 * Return 1 if this is the smack access Smack attribute. 4657 */ 4658 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4659 return 1; 4660 4661 return -EOPNOTSUPP; 4662 } 4663 4664 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4665 struct qstr *name, 4666 const struct cred *old, 4667 struct cred *new) 4668 { 4669 struct task_smack *otsp = smack_cred(old); 4670 struct task_smack *ntsp = smack_cred(new); 4671 struct inode_smack *isp; 4672 int may; 4673 4674 /* 4675 * Use the process credential unless all of 4676 * the transmuting criteria are met 4677 */ 4678 ntsp->smk_task = otsp->smk_task; 4679 4680 /* 4681 * the attribute of the containing directory 4682 */ 4683 isp = smack_inode(d_inode(dentry->d_parent)); 4684 4685 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4686 rcu_read_lock(); 4687 may = smk_access_entry(otsp->smk_task->smk_known, 4688 isp->smk_inode->smk_known, 4689 &otsp->smk_task->smk_rules); 4690 rcu_read_unlock(); 4691 4692 /* 4693 * If the directory is transmuting and the rule 4694 * providing access is transmuting use the containing 4695 * directory label instead of the process label. 4696 */ 4697 if (may > 0 && (may & MAY_TRANSMUTE)) 4698 ntsp->smk_task = isp->smk_inode; 4699 } 4700 return 0; 4701 } 4702 4703 #ifdef CONFIG_IO_URING 4704 /** 4705 * smack_uring_override_creds - Is io_uring cred override allowed? 4706 * @new: the target creds 4707 * 4708 * Check to see if the current task is allowed to override it's credentials 4709 * to service an io_uring operation. 4710 */ 4711 static int smack_uring_override_creds(const struct cred *new) 4712 { 4713 struct task_smack *tsp = smack_cred(current_cred()); 4714 struct task_smack *nsp = smack_cred(new); 4715 4716 /* 4717 * Allow the degenerate case where the new Smack value is 4718 * the same as the current Smack value. 4719 */ 4720 if (tsp->smk_task == nsp->smk_task) 4721 return 0; 4722 4723 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4724 return 0; 4725 4726 return -EPERM; 4727 } 4728 4729 /** 4730 * smack_uring_sqpoll - check if a io_uring polling thread can be created 4731 * 4732 * Check to see if the current task is allowed to create a new io_uring 4733 * kernel polling thread. 4734 */ 4735 static int smack_uring_sqpoll(void) 4736 { 4737 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) 4738 return 0; 4739 4740 return -EPERM; 4741 } 4742 4743 #endif /* CONFIG_IO_URING */ 4744 4745 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4746 .lbs_cred = sizeof(struct task_smack), 4747 .lbs_file = sizeof(struct smack_known *), 4748 .lbs_inode = sizeof(struct inode_smack), 4749 .lbs_ipc = sizeof(struct smack_known *), 4750 .lbs_msg_msg = sizeof(struct smack_known *), 4751 .lbs_superblock = sizeof(struct superblock_smack), 4752 }; 4753 4754 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4755 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4756 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4757 LSM_HOOK_INIT(syslog, smack_syslog), 4758 4759 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4760 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4761 4762 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4763 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4764 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4765 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4766 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4767 4768 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4769 4770 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4771 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4772 LSM_HOOK_INIT(inode_link, smack_inode_link), 4773 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4774 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4775 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4776 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4777 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4778 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4779 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4780 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4781 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4782 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4783 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4784 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4785 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4786 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4787 4788 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4789 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4790 LSM_HOOK_INIT(file_lock, smack_file_lock), 4791 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4792 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4793 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4794 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4795 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4796 LSM_HOOK_INIT(file_receive, smack_file_receive), 4797 4798 LSM_HOOK_INIT(file_open, smack_file_open), 4799 4800 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4801 LSM_HOOK_INIT(cred_free, smack_cred_free), 4802 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4803 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4804 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4805 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4806 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4807 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4808 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4809 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4810 LSM_HOOK_INIT(task_getsecid_subj, smack_task_getsecid_subj), 4811 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 4812 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4813 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4814 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4815 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4816 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4817 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4818 LSM_HOOK_INIT(task_kill, smack_task_kill), 4819 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4820 4821 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4822 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4823 4824 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4825 4826 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4827 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4828 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4829 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4830 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4831 4832 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4833 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4834 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4835 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4836 4837 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4838 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4839 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4840 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4841 4842 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4843 4844 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4845 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4846 4847 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4848 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4849 4850 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4851 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4852 #ifdef SMACK_IPV6_PORT_LABELING 4853 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4854 #endif 4855 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4856 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4857 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4858 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4859 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4860 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4861 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4862 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4863 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4864 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4865 4866 /* key management security hooks */ 4867 #ifdef CONFIG_KEYS 4868 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4869 LSM_HOOK_INIT(key_free, smack_key_free), 4870 LSM_HOOK_INIT(key_permission, smack_key_permission), 4871 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4872 #ifdef CONFIG_KEY_NOTIFICATIONS 4873 LSM_HOOK_INIT(watch_key, smack_watch_key), 4874 #endif 4875 #endif /* CONFIG_KEYS */ 4876 4877 #ifdef CONFIG_WATCH_QUEUE 4878 LSM_HOOK_INIT(post_notification, smack_post_notification), 4879 #endif 4880 4881 /* Audit hooks */ 4882 #ifdef CONFIG_AUDIT 4883 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4884 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4885 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4886 #endif /* CONFIG_AUDIT */ 4887 4888 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4889 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4890 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4891 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4892 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4893 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4894 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4895 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4896 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4897 #ifdef CONFIG_IO_URING 4898 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds), 4899 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll), 4900 #endif 4901 }; 4902 4903 4904 static __init void init_smack_known_list(void) 4905 { 4906 /* 4907 * Initialize rule list locks 4908 */ 4909 mutex_init(&smack_known_huh.smk_rules_lock); 4910 mutex_init(&smack_known_hat.smk_rules_lock); 4911 mutex_init(&smack_known_floor.smk_rules_lock); 4912 mutex_init(&smack_known_star.smk_rules_lock); 4913 mutex_init(&smack_known_web.smk_rules_lock); 4914 /* 4915 * Initialize rule lists 4916 */ 4917 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4918 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4919 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4920 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4921 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4922 /* 4923 * Create the known labels list 4924 */ 4925 smk_insert_entry(&smack_known_huh); 4926 smk_insert_entry(&smack_known_hat); 4927 smk_insert_entry(&smack_known_star); 4928 smk_insert_entry(&smack_known_floor); 4929 smk_insert_entry(&smack_known_web); 4930 } 4931 4932 /** 4933 * smack_init - initialize the smack system 4934 * 4935 * Returns 0 on success, -ENOMEM is there's no memory 4936 */ 4937 static __init int smack_init(void) 4938 { 4939 struct cred *cred = (struct cred *) current->cred; 4940 struct task_smack *tsp; 4941 4942 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 4943 if (!smack_rule_cache) 4944 return -ENOMEM; 4945 4946 /* 4947 * Set the security state for the initial task. 4948 */ 4949 tsp = smack_cred(cred); 4950 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 4951 4952 /* 4953 * Register with LSM 4954 */ 4955 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4956 smack_enabled = 1; 4957 4958 pr_info("Smack: Initializing.\n"); 4959 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4960 pr_info("Smack: Netfilter enabled.\n"); 4961 #endif 4962 #ifdef SMACK_IPV6_PORT_LABELING 4963 pr_info("Smack: IPv6 port labeling enabled.\n"); 4964 #endif 4965 #ifdef SMACK_IPV6_SECMARK_LABELING 4966 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4967 #endif 4968 4969 /* initialize the smack_known_list */ 4970 init_smack_known_list(); 4971 4972 return 0; 4973 } 4974 4975 /* 4976 * Smack requires early initialization in order to label 4977 * all processes and objects when they are created. 4978 */ 4979 DEFINE_LSM(smack) = { 4980 .name = "smack", 4981 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 4982 .blobs = &smack_blob_sizes, 4983 .init = smack_init, 4984 }; 4985