1 /* 2 * Simplified MAC Kernel (smack) security module 3 * 4 * This file contains the smack hook function implementations. 5 * 6 * Authors: 7 * Casey Schaufler <casey@schaufler-ca.com> 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 9 * 10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 12 * Paul Moore <paul@paul-moore.com> 13 * Copyright (C) 2010 Nokia Corporation 14 * Copyright (C) 2011 Intel Corporation. 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License version 2, 18 * as published by the Free Software Foundation. 19 */ 20 21 #include <linux/xattr.h> 22 #include <linux/pagemap.h> 23 #include <linux/mount.h> 24 #include <linux/stat.h> 25 #include <linux/kd.h> 26 #include <asm/ioctls.h> 27 #include <linux/ip.h> 28 #include <linux/tcp.h> 29 #include <linux/udp.h> 30 #include <linux/dccp.h> 31 #include <linux/slab.h> 32 #include <linux/mutex.h> 33 #include <linux/pipe_fs_i.h> 34 #include <net/cipso_ipv4.h> 35 #include <net/ip.h> 36 #include <net/ipv6.h> 37 #include <linux/audit.h> 38 #include <linux/magic.h> 39 #include <linux/dcache.h> 40 #include <linux/personality.h> 41 #include <linux/msg.h> 42 #include <linux/shm.h> 43 #include <linux/binfmts.h> 44 #include "smack.h" 45 46 #define TRANS_TRUE "TRUE" 47 #define TRANS_TRUE_SIZE 4 48 49 #define SMK_CONNECTING 0 50 #define SMK_RECEIVING 1 51 #define SMK_SENDING 2 52 53 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 54 LIST_HEAD(smk_ipv6_port_list); 55 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 56 static struct kmem_cache *smack_inode_cache; 57 int smack_enabled; 58 59 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 60 static char *smk_bu_mess[] = { 61 "Bringup Error", /* Unused */ 62 "Bringup", /* SMACK_BRINGUP_ALLOW */ 63 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 64 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 65 }; 66 67 static void smk_bu_mode(int mode, char *s) 68 { 69 int i = 0; 70 71 if (mode & MAY_READ) 72 s[i++] = 'r'; 73 if (mode & MAY_WRITE) 74 s[i++] = 'w'; 75 if (mode & MAY_EXEC) 76 s[i++] = 'x'; 77 if (mode & MAY_APPEND) 78 s[i++] = 'a'; 79 if (mode & MAY_TRANSMUTE) 80 s[i++] = 't'; 81 if (mode & MAY_LOCK) 82 s[i++] = 'l'; 83 if (i == 0) 84 s[i++] = '-'; 85 s[i] = '\0'; 86 } 87 #endif 88 89 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 90 static int smk_bu_note(char *note, struct smack_known *sskp, 91 struct smack_known *oskp, int mode, int rc) 92 { 93 char acc[SMK_NUM_ACCESS_TYPE + 1]; 94 95 if (rc <= 0) 96 return rc; 97 if (rc > SMACK_UNCONFINED_OBJECT) 98 rc = 0; 99 100 smk_bu_mode(mode, acc); 101 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 102 sskp->smk_known, oskp->smk_known, acc, note); 103 return 0; 104 } 105 #else 106 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 107 #endif 108 109 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 110 static int smk_bu_current(char *note, struct smack_known *oskp, 111 int mode, int rc) 112 { 113 struct task_smack *tsp = current_security(); 114 char acc[SMK_NUM_ACCESS_TYPE + 1]; 115 116 if (rc <= 0) 117 return rc; 118 if (rc > SMACK_UNCONFINED_OBJECT) 119 rc = 0; 120 121 smk_bu_mode(mode, acc); 122 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 123 tsp->smk_task->smk_known, oskp->smk_known, 124 acc, current->comm, note); 125 return 0; 126 } 127 #else 128 #define smk_bu_current(note, oskp, mode, RC) (RC) 129 #endif 130 131 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 132 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 133 { 134 struct task_smack *tsp = current_security(); 135 struct smack_known *smk_task = smk_of_task_struct(otp); 136 char acc[SMK_NUM_ACCESS_TYPE + 1]; 137 138 if (rc <= 0) 139 return rc; 140 if (rc > SMACK_UNCONFINED_OBJECT) 141 rc = 0; 142 143 smk_bu_mode(mode, acc); 144 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 145 tsp->smk_task->smk_known, smk_task->smk_known, acc, 146 current->comm, otp->comm); 147 return 0; 148 } 149 #else 150 #define smk_bu_task(otp, mode, RC) (RC) 151 #endif 152 153 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 154 static int smk_bu_inode(struct inode *inode, int mode, int rc) 155 { 156 struct task_smack *tsp = current_security(); 157 struct inode_smack *isp = inode->i_security; 158 char acc[SMK_NUM_ACCESS_TYPE + 1]; 159 160 if (isp->smk_flags & SMK_INODE_IMPURE) 161 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 162 inode->i_sb->s_id, inode->i_ino, current->comm); 163 164 if (rc <= 0) 165 return rc; 166 if (rc > SMACK_UNCONFINED_OBJECT) 167 rc = 0; 168 if (rc == SMACK_UNCONFINED_SUBJECT && 169 (mode & (MAY_WRITE | MAY_APPEND))) 170 isp->smk_flags |= SMK_INODE_IMPURE; 171 172 smk_bu_mode(mode, acc); 173 174 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 175 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 176 inode->i_sb->s_id, inode->i_ino, current->comm); 177 return 0; 178 } 179 #else 180 #define smk_bu_inode(inode, mode, RC) (RC) 181 #endif 182 183 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 184 static int smk_bu_file(struct file *file, int mode, int rc) 185 { 186 struct task_smack *tsp = current_security(); 187 struct smack_known *sskp = tsp->smk_task; 188 struct inode *inode = file_inode(file); 189 struct inode_smack *isp = inode->i_security; 190 char acc[SMK_NUM_ACCESS_TYPE + 1]; 191 192 if (isp->smk_flags & SMK_INODE_IMPURE) 193 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 194 inode->i_sb->s_id, inode->i_ino, current->comm); 195 196 if (rc <= 0) 197 return rc; 198 if (rc > SMACK_UNCONFINED_OBJECT) 199 rc = 0; 200 201 smk_bu_mode(mode, acc); 202 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 203 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 204 inode->i_sb->s_id, inode->i_ino, file, 205 current->comm); 206 return 0; 207 } 208 #else 209 #define smk_bu_file(file, mode, RC) (RC) 210 #endif 211 212 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 213 static int smk_bu_credfile(const struct cred *cred, struct file *file, 214 int mode, int rc) 215 { 216 struct task_smack *tsp = cred->security; 217 struct smack_known *sskp = tsp->smk_task; 218 struct inode *inode = file->f_inode; 219 struct inode_smack *isp = inode->i_security; 220 char acc[SMK_NUM_ACCESS_TYPE + 1]; 221 222 if (isp->smk_flags & SMK_INODE_IMPURE) 223 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 224 inode->i_sb->s_id, inode->i_ino, current->comm); 225 226 if (rc <= 0) 227 return rc; 228 if (rc > SMACK_UNCONFINED_OBJECT) 229 rc = 0; 230 231 smk_bu_mode(mode, acc); 232 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 233 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 234 inode->i_sb->s_id, inode->i_ino, file, 235 current->comm); 236 return 0; 237 } 238 #else 239 #define smk_bu_credfile(cred, file, mode, RC) (RC) 240 #endif 241 242 /** 243 * smk_fetch - Fetch the smack label from a file. 244 * @name: type of the label (attribute) 245 * @ip: a pointer to the inode 246 * @dp: a pointer to the dentry 247 * 248 * Returns a pointer to the master list entry for the Smack label, 249 * NULL if there was no label to fetch, or an error code. 250 */ 251 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 252 struct dentry *dp) 253 { 254 int rc; 255 char *buffer; 256 struct smack_known *skp = NULL; 257 258 if (ip->i_op->getxattr == NULL) 259 return ERR_PTR(-EOPNOTSUPP); 260 261 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL); 262 if (buffer == NULL) 263 return ERR_PTR(-ENOMEM); 264 265 rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL); 266 if (rc < 0) 267 skp = ERR_PTR(rc); 268 else if (rc == 0) 269 skp = NULL; 270 else 271 skp = smk_import_entry(buffer, rc); 272 273 kfree(buffer); 274 275 return skp; 276 } 277 278 /** 279 * new_inode_smack - allocate an inode security blob 280 * @skp: a pointer to the Smack label entry to use in the blob 281 * 282 * Returns the new blob or NULL if there's no memory available 283 */ 284 struct inode_smack *new_inode_smack(struct smack_known *skp) 285 { 286 struct inode_smack *isp; 287 288 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS); 289 if (isp == NULL) 290 return NULL; 291 292 isp->smk_inode = skp; 293 isp->smk_flags = 0; 294 mutex_init(&isp->smk_lock); 295 296 return isp; 297 } 298 299 /** 300 * new_task_smack - allocate a task security blob 301 * @task: a pointer to the Smack label for the running task 302 * @forked: a pointer to the Smack label for the forked task 303 * @gfp: type of the memory for the allocation 304 * 305 * Returns the new blob or NULL if there's no memory available 306 */ 307 static struct task_smack *new_task_smack(struct smack_known *task, 308 struct smack_known *forked, gfp_t gfp) 309 { 310 struct task_smack *tsp; 311 312 tsp = kzalloc(sizeof(struct task_smack), gfp); 313 if (tsp == NULL) 314 return NULL; 315 316 tsp->smk_task = task; 317 tsp->smk_forked = forked; 318 INIT_LIST_HEAD(&tsp->smk_rules); 319 mutex_init(&tsp->smk_rules_lock); 320 321 return tsp; 322 } 323 324 /** 325 * smk_copy_rules - copy a rule set 326 * @nhead: new rules header pointer 327 * @ohead: old rules header pointer 328 * @gfp: type of the memory for the allocation 329 * 330 * Returns 0 on success, -ENOMEM on error 331 */ 332 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 333 gfp_t gfp) 334 { 335 struct smack_rule *nrp; 336 struct smack_rule *orp; 337 int rc = 0; 338 339 INIT_LIST_HEAD(nhead); 340 341 list_for_each_entry_rcu(orp, ohead, list) { 342 nrp = kzalloc(sizeof(struct smack_rule), gfp); 343 if (nrp == NULL) { 344 rc = -ENOMEM; 345 break; 346 } 347 *nrp = *orp; 348 list_add_rcu(&nrp->list, nhead); 349 } 350 return rc; 351 } 352 353 /** 354 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 355 * @mode - input mode in form of PTRACE_MODE_* 356 * 357 * Returns a converted MAY_* mode usable by smack rules 358 */ 359 static inline unsigned int smk_ptrace_mode(unsigned int mode) 360 { 361 switch (mode) { 362 case PTRACE_MODE_READ: 363 return MAY_READ; 364 case PTRACE_MODE_ATTACH: 365 return MAY_READWRITE; 366 } 367 368 return 0; 369 } 370 371 /** 372 * smk_ptrace_rule_check - helper for ptrace access 373 * @tracer: tracer process 374 * @tracee_known: label entry of the process that's about to be traced 375 * @mode: ptrace attachment mode (PTRACE_MODE_*) 376 * @func: name of the function that called us, used for audit 377 * 378 * Returns 0 on access granted, -error on error 379 */ 380 static int smk_ptrace_rule_check(struct task_struct *tracer, 381 struct smack_known *tracee_known, 382 unsigned int mode, const char *func) 383 { 384 int rc; 385 struct smk_audit_info ad, *saip = NULL; 386 struct task_smack *tsp; 387 struct smack_known *tracer_known; 388 389 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 390 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 391 smk_ad_setfield_u_tsk(&ad, tracer); 392 saip = &ad; 393 } 394 395 rcu_read_lock(); 396 tsp = __task_cred(tracer)->security; 397 tracer_known = smk_of_task(tsp); 398 399 if ((mode & PTRACE_MODE_ATTACH) && 400 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 401 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 402 if (tracer_known->smk_known == tracee_known->smk_known) 403 rc = 0; 404 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 405 rc = -EACCES; 406 else if (capable(CAP_SYS_PTRACE)) 407 rc = 0; 408 else 409 rc = -EACCES; 410 411 if (saip) 412 smack_log(tracer_known->smk_known, 413 tracee_known->smk_known, 414 0, rc, saip); 415 416 rcu_read_unlock(); 417 return rc; 418 } 419 420 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 421 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 422 423 rcu_read_unlock(); 424 return rc; 425 } 426 427 /* 428 * LSM hooks. 429 * We he, that is fun! 430 */ 431 432 /** 433 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 434 * @ctp: child task pointer 435 * @mode: ptrace attachment mode (PTRACE_MODE_*) 436 * 437 * Returns 0 if access is OK, an error code otherwise 438 * 439 * Do the capability checks. 440 */ 441 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 442 { 443 struct smack_known *skp; 444 445 skp = smk_of_task_struct(ctp); 446 447 return smk_ptrace_rule_check(current, skp, mode, __func__); 448 } 449 450 /** 451 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 452 * @ptp: parent task pointer 453 * 454 * Returns 0 if access is OK, an error code otherwise 455 * 456 * Do the capability checks, and require PTRACE_MODE_ATTACH. 457 */ 458 static int smack_ptrace_traceme(struct task_struct *ptp) 459 { 460 int rc; 461 struct smack_known *skp; 462 463 skp = smk_of_task(current_security()); 464 465 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 466 return rc; 467 } 468 469 /** 470 * smack_syslog - Smack approval on syslog 471 * @type: message type 472 * 473 * Returns 0 on success, error code otherwise. 474 */ 475 static int smack_syslog(int typefrom_file) 476 { 477 int rc = 0; 478 struct smack_known *skp = smk_of_current(); 479 480 if (smack_privileged(CAP_MAC_OVERRIDE)) 481 return 0; 482 483 if (smack_syslog_label != NULL && smack_syslog_label != skp) 484 rc = -EACCES; 485 486 return rc; 487 } 488 489 490 /* 491 * Superblock Hooks. 492 */ 493 494 /** 495 * smack_sb_alloc_security - allocate a superblock blob 496 * @sb: the superblock getting the blob 497 * 498 * Returns 0 on success or -ENOMEM on error. 499 */ 500 static int smack_sb_alloc_security(struct super_block *sb) 501 { 502 struct superblock_smack *sbsp; 503 504 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 505 506 if (sbsp == NULL) 507 return -ENOMEM; 508 509 sbsp->smk_root = &smack_known_floor; 510 sbsp->smk_default = &smack_known_floor; 511 sbsp->smk_floor = &smack_known_floor; 512 sbsp->smk_hat = &smack_known_hat; 513 /* 514 * smk_initialized will be zero from kzalloc. 515 */ 516 sb->s_security = sbsp; 517 518 return 0; 519 } 520 521 /** 522 * smack_sb_free_security - free a superblock blob 523 * @sb: the superblock getting the blob 524 * 525 */ 526 static void smack_sb_free_security(struct super_block *sb) 527 { 528 kfree(sb->s_security); 529 sb->s_security = NULL; 530 } 531 532 /** 533 * smack_sb_copy_data - copy mount options data for processing 534 * @orig: where to start 535 * @smackopts: mount options string 536 * 537 * Returns 0 on success or -ENOMEM on error. 538 * 539 * Copy the Smack specific mount options out of the mount 540 * options list. 541 */ 542 static int smack_sb_copy_data(char *orig, char *smackopts) 543 { 544 char *cp, *commap, *otheropts, *dp; 545 546 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 547 if (otheropts == NULL) 548 return -ENOMEM; 549 550 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 551 if (strstr(cp, SMK_FSDEFAULT) == cp) 552 dp = smackopts; 553 else if (strstr(cp, SMK_FSFLOOR) == cp) 554 dp = smackopts; 555 else if (strstr(cp, SMK_FSHAT) == cp) 556 dp = smackopts; 557 else if (strstr(cp, SMK_FSROOT) == cp) 558 dp = smackopts; 559 else if (strstr(cp, SMK_FSTRANS) == cp) 560 dp = smackopts; 561 else 562 dp = otheropts; 563 564 commap = strchr(cp, ','); 565 if (commap != NULL) 566 *commap = '\0'; 567 568 if (*dp != '\0') 569 strcat(dp, ","); 570 strcat(dp, cp); 571 } 572 573 strcpy(orig, otheropts); 574 free_page((unsigned long)otheropts); 575 576 return 0; 577 } 578 579 /** 580 * smack_sb_kern_mount - Smack specific mount processing 581 * @sb: the file system superblock 582 * @flags: the mount flags 583 * @data: the smack mount options 584 * 585 * Returns 0 on success, an error code on failure 586 */ 587 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 588 { 589 struct dentry *root = sb->s_root; 590 struct inode *inode = d_backing_inode(root); 591 struct superblock_smack *sp = sb->s_security; 592 struct inode_smack *isp; 593 struct smack_known *skp; 594 char *op; 595 char *commap; 596 int transmute = 0; 597 int specified = 0; 598 599 if (sp->smk_initialized) 600 return 0; 601 602 sp->smk_initialized = 1; 603 604 for (op = data; op != NULL; op = commap) { 605 commap = strchr(op, ','); 606 if (commap != NULL) 607 *commap++ = '\0'; 608 609 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { 610 op += strlen(SMK_FSHAT); 611 skp = smk_import_entry(op, 0); 612 if (IS_ERR(skp)) 613 return PTR_ERR(skp); 614 sp->smk_hat = skp; 615 specified = 1; 616 617 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { 618 op += strlen(SMK_FSFLOOR); 619 skp = smk_import_entry(op, 0); 620 if (IS_ERR(skp)) 621 return PTR_ERR(skp); 622 sp->smk_floor = skp; 623 specified = 1; 624 625 } else if (strncmp(op, SMK_FSDEFAULT, 626 strlen(SMK_FSDEFAULT)) == 0) { 627 op += strlen(SMK_FSDEFAULT); 628 skp = smk_import_entry(op, 0); 629 if (IS_ERR(skp)) 630 return PTR_ERR(skp); 631 sp->smk_default = skp; 632 specified = 1; 633 634 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { 635 op += strlen(SMK_FSROOT); 636 skp = smk_import_entry(op, 0); 637 if (IS_ERR(skp)) 638 return PTR_ERR(skp); 639 sp->smk_root = skp; 640 specified = 1; 641 642 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) { 643 op += strlen(SMK_FSTRANS); 644 skp = smk_import_entry(op, 0); 645 if (IS_ERR(skp)) 646 return PTR_ERR(skp); 647 sp->smk_root = skp; 648 transmute = 1; 649 specified = 1; 650 } 651 } 652 653 if (!smack_privileged(CAP_MAC_ADMIN)) { 654 /* 655 * Unprivileged mounts don't get to specify Smack values. 656 */ 657 if (specified) 658 return -EPERM; 659 /* 660 * Unprivileged mounts get root and default from the caller. 661 */ 662 skp = smk_of_current(); 663 sp->smk_root = skp; 664 sp->smk_default = skp; 665 } 666 /* 667 * Initialize the root inode. 668 */ 669 isp = inode->i_security; 670 if (isp == NULL) { 671 isp = new_inode_smack(sp->smk_root); 672 if (isp == NULL) 673 return -ENOMEM; 674 inode->i_security = isp; 675 } else 676 isp->smk_inode = sp->smk_root; 677 678 if (transmute) 679 isp->smk_flags |= SMK_INODE_TRANSMUTE; 680 681 return 0; 682 } 683 684 /** 685 * smack_sb_statfs - Smack check on statfs 686 * @dentry: identifies the file system in question 687 * 688 * Returns 0 if current can read the floor of the filesystem, 689 * and error code otherwise 690 */ 691 static int smack_sb_statfs(struct dentry *dentry) 692 { 693 struct superblock_smack *sbp = dentry->d_sb->s_security; 694 int rc; 695 struct smk_audit_info ad; 696 697 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 698 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 699 700 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 701 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 702 return rc; 703 } 704 705 /* 706 * BPRM hooks 707 */ 708 709 /** 710 * smack_bprm_set_creds - set creds for exec 711 * @bprm: the exec information 712 * 713 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 714 */ 715 static int smack_bprm_set_creds(struct linux_binprm *bprm) 716 { 717 struct inode *inode = file_inode(bprm->file); 718 struct task_smack *bsp = bprm->cred->security; 719 struct inode_smack *isp; 720 int rc; 721 722 if (bprm->cred_prepared) 723 return 0; 724 725 isp = inode->i_security; 726 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 727 return 0; 728 729 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { 730 struct task_struct *tracer; 731 rc = 0; 732 733 rcu_read_lock(); 734 tracer = ptrace_parent(current); 735 if (likely(tracer != NULL)) 736 rc = smk_ptrace_rule_check(tracer, 737 isp->smk_task, 738 PTRACE_MODE_ATTACH, 739 __func__); 740 rcu_read_unlock(); 741 742 if (rc != 0) 743 return rc; 744 } else if (bprm->unsafe) 745 return -EPERM; 746 747 bsp->smk_task = isp->smk_task; 748 bprm->per_clear |= PER_CLEAR_ON_SETID; 749 750 return 0; 751 } 752 753 /** 754 * smack_bprm_committing_creds - Prepare to install the new credentials 755 * from bprm. 756 * 757 * @bprm: binprm for exec 758 */ 759 static void smack_bprm_committing_creds(struct linux_binprm *bprm) 760 { 761 struct task_smack *bsp = bprm->cred->security; 762 763 if (bsp->smk_task != bsp->smk_forked) 764 current->pdeath_signal = 0; 765 } 766 767 /** 768 * smack_bprm_secureexec - Return the decision to use secureexec. 769 * @bprm: binprm for exec 770 * 771 * Returns 0 on success. 772 */ 773 static int smack_bprm_secureexec(struct linux_binprm *bprm) 774 { 775 struct task_smack *tsp = current_security(); 776 777 if (tsp->smk_task != tsp->smk_forked) 778 return 1; 779 780 return 0; 781 } 782 783 /* 784 * Inode hooks 785 */ 786 787 /** 788 * smack_inode_alloc_security - allocate an inode blob 789 * @inode: the inode in need of a blob 790 * 791 * Returns 0 if it gets a blob, -ENOMEM otherwise 792 */ 793 static int smack_inode_alloc_security(struct inode *inode) 794 { 795 struct smack_known *skp = smk_of_current(); 796 797 inode->i_security = new_inode_smack(skp); 798 if (inode->i_security == NULL) 799 return -ENOMEM; 800 return 0; 801 } 802 803 /** 804 * smack_inode_free_security - free an inode blob 805 * @inode: the inode with a blob 806 * 807 * Clears the blob pointer in inode 808 */ 809 static void smack_inode_free_security(struct inode *inode) 810 { 811 kmem_cache_free(smack_inode_cache, inode->i_security); 812 inode->i_security = NULL; 813 } 814 815 /** 816 * smack_inode_init_security - copy out the smack from an inode 817 * @inode: the newly created inode 818 * @dir: containing directory object 819 * @qstr: unused 820 * @name: where to put the attribute name 821 * @value: where to put the attribute value 822 * @len: where to put the length of the attribute 823 * 824 * Returns 0 if it all works out, -ENOMEM if there's no memory 825 */ 826 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 827 const struct qstr *qstr, const char **name, 828 void **value, size_t *len) 829 { 830 struct inode_smack *issp = inode->i_security; 831 struct smack_known *skp = smk_of_current(); 832 struct smack_known *isp = smk_of_inode(inode); 833 struct smack_known *dsp = smk_of_inode(dir); 834 int may; 835 836 if (name) 837 *name = XATTR_SMACK_SUFFIX; 838 839 if (value && len) { 840 rcu_read_lock(); 841 may = smk_access_entry(skp->smk_known, dsp->smk_known, 842 &skp->smk_rules); 843 rcu_read_unlock(); 844 845 /* 846 * If the access rule allows transmutation and 847 * the directory requests transmutation then 848 * by all means transmute. 849 * Mark the inode as changed. 850 */ 851 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 852 smk_inode_transmutable(dir)) { 853 isp = dsp; 854 issp->smk_flags |= SMK_INODE_CHANGED; 855 } 856 857 *value = kstrdup(isp->smk_known, GFP_NOFS); 858 if (*value == NULL) 859 return -ENOMEM; 860 861 *len = strlen(isp->smk_known); 862 } 863 864 return 0; 865 } 866 867 /** 868 * smack_inode_link - Smack check on link 869 * @old_dentry: the existing object 870 * @dir: unused 871 * @new_dentry: the new object 872 * 873 * Returns 0 if access is permitted, an error code otherwise 874 */ 875 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 876 struct dentry *new_dentry) 877 { 878 struct smack_known *isp; 879 struct smk_audit_info ad; 880 int rc; 881 882 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 883 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 884 885 isp = smk_of_inode(d_backing_inode(old_dentry)); 886 rc = smk_curacc(isp, MAY_WRITE, &ad); 887 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 888 889 if (rc == 0 && d_is_positive(new_dentry)) { 890 isp = smk_of_inode(d_backing_inode(new_dentry)); 891 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 892 rc = smk_curacc(isp, MAY_WRITE, &ad); 893 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 894 } 895 896 return rc; 897 } 898 899 /** 900 * smack_inode_unlink - Smack check on inode deletion 901 * @dir: containing directory object 902 * @dentry: file to unlink 903 * 904 * Returns 0 if current can write the containing directory 905 * and the object, error code otherwise 906 */ 907 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 908 { 909 struct inode *ip = d_backing_inode(dentry); 910 struct smk_audit_info ad; 911 int rc; 912 913 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 914 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 915 916 /* 917 * You need write access to the thing you're unlinking 918 */ 919 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 920 rc = smk_bu_inode(ip, MAY_WRITE, rc); 921 if (rc == 0) { 922 /* 923 * You also need write access to the containing directory 924 */ 925 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 926 smk_ad_setfield_u_fs_inode(&ad, dir); 927 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 928 rc = smk_bu_inode(dir, MAY_WRITE, rc); 929 } 930 return rc; 931 } 932 933 /** 934 * smack_inode_rmdir - Smack check on directory deletion 935 * @dir: containing directory object 936 * @dentry: directory to unlink 937 * 938 * Returns 0 if current can write the containing directory 939 * and the directory, error code otherwise 940 */ 941 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 942 { 943 struct smk_audit_info ad; 944 int rc; 945 946 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 947 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 948 949 /* 950 * You need write access to the thing you're removing 951 */ 952 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 953 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 954 if (rc == 0) { 955 /* 956 * You also need write access to the containing directory 957 */ 958 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 959 smk_ad_setfield_u_fs_inode(&ad, dir); 960 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 961 rc = smk_bu_inode(dir, MAY_WRITE, rc); 962 } 963 964 return rc; 965 } 966 967 /** 968 * smack_inode_rename - Smack check on rename 969 * @old_inode: unused 970 * @old_dentry: the old object 971 * @new_inode: unused 972 * @new_dentry: the new object 973 * 974 * Read and write access is required on both the old and 975 * new directories. 976 * 977 * Returns 0 if access is permitted, an error code otherwise 978 */ 979 static int smack_inode_rename(struct inode *old_inode, 980 struct dentry *old_dentry, 981 struct inode *new_inode, 982 struct dentry *new_dentry) 983 { 984 int rc; 985 struct smack_known *isp; 986 struct smk_audit_info ad; 987 988 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 989 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 990 991 isp = smk_of_inode(d_backing_inode(old_dentry)); 992 rc = smk_curacc(isp, MAY_READWRITE, &ad); 993 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 994 995 if (rc == 0 && d_is_positive(new_dentry)) { 996 isp = smk_of_inode(d_backing_inode(new_dentry)); 997 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 998 rc = smk_curacc(isp, MAY_READWRITE, &ad); 999 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1000 } 1001 return rc; 1002 } 1003 1004 /** 1005 * smack_inode_permission - Smack version of permission() 1006 * @inode: the inode in question 1007 * @mask: the access requested 1008 * 1009 * This is the important Smack hook. 1010 * 1011 * Returns 0 if access is permitted, -EACCES otherwise 1012 */ 1013 static int smack_inode_permission(struct inode *inode, int mask) 1014 { 1015 struct smk_audit_info ad; 1016 int no_block = mask & MAY_NOT_BLOCK; 1017 int rc; 1018 1019 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1020 /* 1021 * No permission to check. Existence test. Yup, it's there. 1022 */ 1023 if (mask == 0) 1024 return 0; 1025 1026 /* May be droppable after audit */ 1027 if (no_block) 1028 return -ECHILD; 1029 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1030 smk_ad_setfield_u_fs_inode(&ad, inode); 1031 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1032 rc = smk_bu_inode(inode, mask, rc); 1033 return rc; 1034 } 1035 1036 /** 1037 * smack_inode_setattr - Smack check for setting attributes 1038 * @dentry: the object 1039 * @iattr: for the force flag 1040 * 1041 * Returns 0 if access is permitted, an error code otherwise 1042 */ 1043 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1044 { 1045 struct smk_audit_info ad; 1046 int rc; 1047 1048 /* 1049 * Need to allow for clearing the setuid bit. 1050 */ 1051 if (iattr->ia_valid & ATTR_FORCE) 1052 return 0; 1053 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1054 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1055 1056 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1057 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1058 return rc; 1059 } 1060 1061 /** 1062 * smack_inode_getattr - Smack check for getting attributes 1063 * @mnt: vfsmount of the object 1064 * @dentry: the object 1065 * 1066 * Returns 0 if access is permitted, an error code otherwise 1067 */ 1068 static int smack_inode_getattr(const struct path *path) 1069 { 1070 struct smk_audit_info ad; 1071 struct inode *inode = d_backing_inode(path->dentry); 1072 int rc; 1073 1074 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1075 smk_ad_setfield_u_fs_path(&ad, *path); 1076 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1077 rc = smk_bu_inode(inode, MAY_READ, rc); 1078 return rc; 1079 } 1080 1081 /** 1082 * smack_inode_setxattr - Smack check for setting xattrs 1083 * @dentry: the object 1084 * @name: name of the attribute 1085 * @value: value of the attribute 1086 * @size: size of the value 1087 * @flags: unused 1088 * 1089 * This protects the Smack attribute explicitly. 1090 * 1091 * Returns 0 if access is permitted, an error code otherwise 1092 */ 1093 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 1094 const void *value, size_t size, int flags) 1095 { 1096 struct smk_audit_info ad; 1097 struct smack_known *skp; 1098 int check_priv = 0; 1099 int check_import = 0; 1100 int check_star = 0; 1101 int rc = 0; 1102 1103 /* 1104 * Check label validity here so import won't fail in post_setxattr 1105 */ 1106 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1107 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1108 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1109 check_priv = 1; 1110 check_import = 1; 1111 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1112 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1113 check_priv = 1; 1114 check_import = 1; 1115 check_star = 1; 1116 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1117 check_priv = 1; 1118 if (size != TRANS_TRUE_SIZE || 1119 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1120 rc = -EINVAL; 1121 } else 1122 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1123 1124 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1125 rc = -EPERM; 1126 1127 if (rc == 0 && check_import) { 1128 skp = size ? smk_import_entry(value, size) : NULL; 1129 if (IS_ERR(skp)) 1130 rc = PTR_ERR(skp); 1131 else if (skp == NULL || (check_star && 1132 (skp == &smack_known_star || skp == &smack_known_web))) 1133 rc = -EINVAL; 1134 } 1135 1136 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1137 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1138 1139 if (rc == 0) { 1140 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1141 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1142 } 1143 1144 return rc; 1145 } 1146 1147 /** 1148 * smack_inode_post_setxattr - Apply the Smack update approved above 1149 * @dentry: object 1150 * @name: attribute name 1151 * @value: attribute value 1152 * @size: attribute size 1153 * @flags: unused 1154 * 1155 * Set the pointer in the inode blob to the entry found 1156 * in the master label list. 1157 */ 1158 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1159 const void *value, size_t size, int flags) 1160 { 1161 struct smack_known *skp; 1162 struct inode_smack *isp = d_backing_inode(dentry)->i_security; 1163 1164 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1165 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1166 return; 1167 } 1168 1169 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1170 skp = smk_import_entry(value, size); 1171 if (!IS_ERR(skp)) 1172 isp->smk_inode = skp; 1173 else 1174 isp->smk_inode = &smack_known_invalid; 1175 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1176 skp = smk_import_entry(value, size); 1177 if (!IS_ERR(skp)) 1178 isp->smk_task = skp; 1179 else 1180 isp->smk_task = &smack_known_invalid; 1181 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1182 skp = smk_import_entry(value, size); 1183 if (!IS_ERR(skp)) 1184 isp->smk_mmap = skp; 1185 else 1186 isp->smk_mmap = &smack_known_invalid; 1187 } 1188 1189 return; 1190 } 1191 1192 /** 1193 * smack_inode_getxattr - Smack check on getxattr 1194 * @dentry: the object 1195 * @name: unused 1196 * 1197 * Returns 0 if access is permitted, an error code otherwise 1198 */ 1199 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1200 { 1201 struct smk_audit_info ad; 1202 int rc; 1203 1204 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1205 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1206 1207 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1208 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1209 return rc; 1210 } 1211 1212 /** 1213 * smack_inode_removexattr - Smack check on removexattr 1214 * @dentry: the object 1215 * @name: name of the attribute 1216 * 1217 * Removing the Smack attribute requires CAP_MAC_ADMIN 1218 * 1219 * Returns 0 if access is permitted, an error code otherwise 1220 */ 1221 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 1222 { 1223 struct inode_smack *isp; 1224 struct smk_audit_info ad; 1225 int rc = 0; 1226 1227 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1228 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1229 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1230 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1231 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1232 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1233 if (!smack_privileged(CAP_MAC_ADMIN)) 1234 rc = -EPERM; 1235 } else 1236 rc = cap_inode_removexattr(dentry, name); 1237 1238 if (rc != 0) 1239 return rc; 1240 1241 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1242 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1243 1244 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1245 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1246 if (rc != 0) 1247 return rc; 1248 1249 isp = d_backing_inode(dentry)->i_security; 1250 /* 1251 * Don't do anything special for these. 1252 * XATTR_NAME_SMACKIPIN 1253 * XATTR_NAME_SMACKIPOUT 1254 * XATTR_NAME_SMACKEXEC 1255 */ 1256 if (strcmp(name, XATTR_NAME_SMACK) == 0) 1257 isp->smk_task = NULL; 1258 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1259 isp->smk_mmap = NULL; 1260 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1261 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1262 1263 return 0; 1264 } 1265 1266 /** 1267 * smack_inode_getsecurity - get smack xattrs 1268 * @inode: the object 1269 * @name: attribute name 1270 * @buffer: where to put the result 1271 * @alloc: unused 1272 * 1273 * Returns the size of the attribute or an error code 1274 */ 1275 static int smack_inode_getsecurity(const struct inode *inode, 1276 const char *name, void **buffer, 1277 bool alloc) 1278 { 1279 struct socket_smack *ssp; 1280 struct socket *sock; 1281 struct super_block *sbp; 1282 struct inode *ip = (struct inode *)inode; 1283 struct smack_known *isp; 1284 int ilen; 1285 int rc = 0; 1286 1287 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1288 isp = smk_of_inode(inode); 1289 ilen = strlen(isp->smk_known); 1290 *buffer = isp->smk_known; 1291 return ilen; 1292 } 1293 1294 /* 1295 * The rest of the Smack xattrs are only on sockets. 1296 */ 1297 sbp = ip->i_sb; 1298 if (sbp->s_magic != SOCKFS_MAGIC) 1299 return -EOPNOTSUPP; 1300 1301 sock = SOCKET_I(ip); 1302 if (sock == NULL || sock->sk == NULL) 1303 return -EOPNOTSUPP; 1304 1305 ssp = sock->sk->sk_security; 1306 1307 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1308 isp = ssp->smk_in; 1309 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1310 isp = ssp->smk_out; 1311 else 1312 return -EOPNOTSUPP; 1313 1314 ilen = strlen(isp->smk_known); 1315 if (rc == 0) { 1316 *buffer = isp->smk_known; 1317 rc = ilen; 1318 } 1319 1320 return rc; 1321 } 1322 1323 1324 /** 1325 * smack_inode_listsecurity - list the Smack attributes 1326 * @inode: the object 1327 * @buffer: where they go 1328 * @buffer_size: size of buffer 1329 * 1330 * Returns 0 on success, -EINVAL otherwise 1331 */ 1332 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1333 size_t buffer_size) 1334 { 1335 int len = sizeof(XATTR_NAME_SMACK); 1336 1337 if (buffer != NULL && len <= buffer_size) 1338 memcpy(buffer, XATTR_NAME_SMACK, len); 1339 1340 return len; 1341 } 1342 1343 /** 1344 * smack_inode_getsecid - Extract inode's security id 1345 * @inode: inode to extract the info from 1346 * @secid: where result will be saved 1347 */ 1348 static void smack_inode_getsecid(const struct inode *inode, u32 *secid) 1349 { 1350 struct inode_smack *isp = inode->i_security; 1351 1352 *secid = isp->smk_inode->smk_secid; 1353 } 1354 1355 /* 1356 * File Hooks 1357 */ 1358 1359 /** 1360 * smack_file_permission - Smack check on file operations 1361 * @file: unused 1362 * @mask: unused 1363 * 1364 * Returns 0 1365 * 1366 * Should access checks be done on each read or write? 1367 * UNICOS and SELinux say yes. 1368 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1369 * 1370 * I'll say no for now. Smack does not do the frequent 1371 * label changing that SELinux does. 1372 */ 1373 static int smack_file_permission(struct file *file, int mask) 1374 { 1375 return 0; 1376 } 1377 1378 /** 1379 * smack_file_alloc_security - assign a file security blob 1380 * @file: the object 1381 * 1382 * The security blob for a file is a pointer to the master 1383 * label list, so no allocation is done. 1384 * 1385 * f_security is the owner security information. It 1386 * isn't used on file access checks, it's for send_sigio. 1387 * 1388 * Returns 0 1389 */ 1390 static int smack_file_alloc_security(struct file *file) 1391 { 1392 struct smack_known *skp = smk_of_current(); 1393 1394 file->f_security = skp; 1395 return 0; 1396 } 1397 1398 /** 1399 * smack_file_free_security - clear a file security blob 1400 * @file: the object 1401 * 1402 * The security blob for a file is a pointer to the master 1403 * label list, so no memory is freed. 1404 */ 1405 static void smack_file_free_security(struct file *file) 1406 { 1407 file->f_security = NULL; 1408 } 1409 1410 /** 1411 * smack_file_ioctl - Smack check on ioctls 1412 * @file: the object 1413 * @cmd: what to do 1414 * @arg: unused 1415 * 1416 * Relies heavily on the correct use of the ioctl command conventions. 1417 * 1418 * Returns 0 if allowed, error code otherwise 1419 */ 1420 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1421 unsigned long arg) 1422 { 1423 int rc = 0; 1424 struct smk_audit_info ad; 1425 struct inode *inode = file_inode(file); 1426 1427 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1428 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1429 1430 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1431 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1432 rc = smk_bu_file(file, MAY_WRITE, rc); 1433 } 1434 1435 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1436 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1437 rc = smk_bu_file(file, MAY_READ, rc); 1438 } 1439 1440 return rc; 1441 } 1442 1443 /** 1444 * smack_file_lock - Smack check on file locking 1445 * @file: the object 1446 * @cmd: unused 1447 * 1448 * Returns 0 if current has lock access, error code otherwise 1449 */ 1450 static int smack_file_lock(struct file *file, unsigned int cmd) 1451 { 1452 struct smk_audit_info ad; 1453 int rc; 1454 struct inode *inode = file_inode(file); 1455 1456 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1457 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1458 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1459 rc = smk_bu_file(file, MAY_LOCK, rc); 1460 return rc; 1461 } 1462 1463 /** 1464 * smack_file_fcntl - Smack check on fcntl 1465 * @file: the object 1466 * @cmd: what action to check 1467 * @arg: unused 1468 * 1469 * Generally these operations are harmless. 1470 * File locking operations present an obvious mechanism 1471 * for passing information, so they require write access. 1472 * 1473 * Returns 0 if current has access, error code otherwise 1474 */ 1475 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1476 unsigned long arg) 1477 { 1478 struct smk_audit_info ad; 1479 int rc = 0; 1480 struct inode *inode = file_inode(file); 1481 1482 switch (cmd) { 1483 case F_GETLK: 1484 break; 1485 case F_SETLK: 1486 case F_SETLKW: 1487 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1488 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1489 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1490 rc = smk_bu_file(file, MAY_LOCK, rc); 1491 break; 1492 case F_SETOWN: 1493 case F_SETSIG: 1494 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1495 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1496 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1497 rc = smk_bu_file(file, MAY_WRITE, rc); 1498 break; 1499 default: 1500 break; 1501 } 1502 1503 return rc; 1504 } 1505 1506 /** 1507 * smack_mmap_file : 1508 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1509 * if mapping anonymous memory. 1510 * @file contains the file structure for file to map (may be NULL). 1511 * @reqprot contains the protection requested by the application. 1512 * @prot contains the protection that will be applied by the kernel. 1513 * @flags contains the operational flags. 1514 * Return 0 if permission is granted. 1515 */ 1516 static int smack_mmap_file(struct file *file, 1517 unsigned long reqprot, unsigned long prot, 1518 unsigned long flags) 1519 { 1520 struct smack_known *skp; 1521 struct smack_known *mkp; 1522 struct smack_rule *srp; 1523 struct task_smack *tsp; 1524 struct smack_known *okp; 1525 struct inode_smack *isp; 1526 int may; 1527 int mmay; 1528 int tmay; 1529 int rc; 1530 1531 if (file == NULL) 1532 return 0; 1533 1534 isp = file_inode(file)->i_security; 1535 if (isp->smk_mmap == NULL) 1536 return 0; 1537 mkp = isp->smk_mmap; 1538 1539 tsp = current_security(); 1540 skp = smk_of_current(); 1541 rc = 0; 1542 1543 rcu_read_lock(); 1544 /* 1545 * For each Smack rule associated with the subject 1546 * label verify that the SMACK64MMAP also has access 1547 * to that rule's object label. 1548 */ 1549 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1550 okp = srp->smk_object; 1551 /* 1552 * Matching labels always allows access. 1553 */ 1554 if (mkp->smk_known == okp->smk_known) 1555 continue; 1556 /* 1557 * If there is a matching local rule take 1558 * that into account as well. 1559 */ 1560 may = smk_access_entry(srp->smk_subject->smk_known, 1561 okp->smk_known, 1562 &tsp->smk_rules); 1563 if (may == -ENOENT) 1564 may = srp->smk_access; 1565 else 1566 may &= srp->smk_access; 1567 /* 1568 * If may is zero the SMACK64MMAP subject can't 1569 * possibly have less access. 1570 */ 1571 if (may == 0) 1572 continue; 1573 1574 /* 1575 * Fetch the global list entry. 1576 * If there isn't one a SMACK64MMAP subject 1577 * can't have as much access as current. 1578 */ 1579 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1580 &mkp->smk_rules); 1581 if (mmay == -ENOENT) { 1582 rc = -EACCES; 1583 break; 1584 } 1585 /* 1586 * If there is a local entry it modifies the 1587 * potential access, too. 1588 */ 1589 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1590 &tsp->smk_rules); 1591 if (tmay != -ENOENT) 1592 mmay &= tmay; 1593 1594 /* 1595 * If there is any access available to current that is 1596 * not available to a SMACK64MMAP subject 1597 * deny access. 1598 */ 1599 if ((may | mmay) != mmay) { 1600 rc = -EACCES; 1601 break; 1602 } 1603 } 1604 1605 rcu_read_unlock(); 1606 1607 return rc; 1608 } 1609 1610 /** 1611 * smack_file_set_fowner - set the file security blob value 1612 * @file: object in question 1613 * 1614 */ 1615 static void smack_file_set_fowner(struct file *file) 1616 { 1617 file->f_security = smk_of_current(); 1618 } 1619 1620 /** 1621 * smack_file_send_sigiotask - Smack on sigio 1622 * @tsk: The target task 1623 * @fown: the object the signal come from 1624 * @signum: unused 1625 * 1626 * Allow a privileged task to get signals even if it shouldn't 1627 * 1628 * Returns 0 if a subject with the object's smack could 1629 * write to the task, an error code otherwise. 1630 */ 1631 static int smack_file_send_sigiotask(struct task_struct *tsk, 1632 struct fown_struct *fown, int signum) 1633 { 1634 struct smack_known *skp; 1635 struct smack_known *tkp = smk_of_task(tsk->cred->security); 1636 struct file *file; 1637 int rc; 1638 struct smk_audit_info ad; 1639 1640 /* 1641 * struct fown_struct is never outside the context of a struct file 1642 */ 1643 file = container_of(fown, struct file, f_owner); 1644 1645 /* we don't log here as rc can be overriden */ 1646 skp = file->f_security; 1647 rc = smk_access(skp, tkp, MAY_WRITE, NULL); 1648 rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc); 1649 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1650 rc = 0; 1651 1652 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1653 smk_ad_setfield_u_tsk(&ad, tsk); 1654 smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad); 1655 return rc; 1656 } 1657 1658 /** 1659 * smack_file_receive - Smack file receive check 1660 * @file: the object 1661 * 1662 * Returns 0 if current has access, error code otherwise 1663 */ 1664 static int smack_file_receive(struct file *file) 1665 { 1666 int rc; 1667 int may = 0; 1668 struct smk_audit_info ad; 1669 struct inode *inode = file_inode(file); 1670 1671 if (unlikely(IS_PRIVATE(inode))) 1672 return 0; 1673 1674 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1675 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1676 /* 1677 * This code relies on bitmasks. 1678 */ 1679 if (file->f_mode & FMODE_READ) 1680 may = MAY_READ; 1681 if (file->f_mode & FMODE_WRITE) 1682 may |= MAY_WRITE; 1683 1684 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1685 rc = smk_bu_file(file, may, rc); 1686 return rc; 1687 } 1688 1689 /** 1690 * smack_file_open - Smack dentry open processing 1691 * @file: the object 1692 * @cred: task credential 1693 * 1694 * Set the security blob in the file structure. 1695 * Allow the open only if the task has read access. There are 1696 * many read operations (e.g. fstat) that you can do with an 1697 * fd even if you have the file open write-only. 1698 * 1699 * Returns 0 1700 */ 1701 static int smack_file_open(struct file *file, const struct cred *cred) 1702 { 1703 struct task_smack *tsp = cred->security; 1704 struct inode *inode = file_inode(file); 1705 struct smk_audit_info ad; 1706 int rc; 1707 1708 if (smack_privileged(CAP_MAC_OVERRIDE)) 1709 return 0; 1710 1711 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1712 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1713 rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad); 1714 rc = smk_bu_credfile(cred, file, MAY_READ, rc); 1715 1716 return rc; 1717 } 1718 1719 /* 1720 * Task hooks 1721 */ 1722 1723 /** 1724 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1725 * @new: the new credentials 1726 * @gfp: the atomicity of any memory allocations 1727 * 1728 * Prepare a blank set of credentials for modification. This must allocate all 1729 * the memory the LSM module might require such that cred_transfer() can 1730 * complete without error. 1731 */ 1732 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1733 { 1734 struct task_smack *tsp; 1735 1736 tsp = new_task_smack(NULL, NULL, gfp); 1737 if (tsp == NULL) 1738 return -ENOMEM; 1739 1740 cred->security = tsp; 1741 1742 return 0; 1743 } 1744 1745 1746 /** 1747 * smack_cred_free - "free" task-level security credentials 1748 * @cred: the credentials in question 1749 * 1750 */ 1751 static void smack_cred_free(struct cred *cred) 1752 { 1753 struct task_smack *tsp = cred->security; 1754 struct smack_rule *rp; 1755 struct list_head *l; 1756 struct list_head *n; 1757 1758 if (tsp == NULL) 1759 return; 1760 cred->security = NULL; 1761 1762 list_for_each_safe(l, n, &tsp->smk_rules) { 1763 rp = list_entry(l, struct smack_rule, list); 1764 list_del(&rp->list); 1765 kfree(rp); 1766 } 1767 kfree(tsp); 1768 } 1769 1770 /** 1771 * smack_cred_prepare - prepare new set of credentials for modification 1772 * @new: the new credentials 1773 * @old: the original credentials 1774 * @gfp: the atomicity of any memory allocations 1775 * 1776 * Prepare a new set of credentials for modification. 1777 */ 1778 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1779 gfp_t gfp) 1780 { 1781 struct task_smack *old_tsp = old->security; 1782 struct task_smack *new_tsp; 1783 int rc; 1784 1785 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); 1786 if (new_tsp == NULL) 1787 return -ENOMEM; 1788 1789 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1790 if (rc != 0) 1791 return rc; 1792 1793 new->security = new_tsp; 1794 return 0; 1795 } 1796 1797 /** 1798 * smack_cred_transfer - Transfer the old credentials to the new credentials 1799 * @new: the new credentials 1800 * @old: the original credentials 1801 * 1802 * Fill in a set of blank credentials from another set of credentials. 1803 */ 1804 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1805 { 1806 struct task_smack *old_tsp = old->security; 1807 struct task_smack *new_tsp = new->security; 1808 1809 new_tsp->smk_task = old_tsp->smk_task; 1810 new_tsp->smk_forked = old_tsp->smk_task; 1811 mutex_init(&new_tsp->smk_rules_lock); 1812 INIT_LIST_HEAD(&new_tsp->smk_rules); 1813 1814 1815 /* cbs copy rule list */ 1816 } 1817 1818 /** 1819 * smack_kernel_act_as - Set the subjective context in a set of credentials 1820 * @new: points to the set of credentials to be modified. 1821 * @secid: specifies the security ID to be set 1822 * 1823 * Set the security data for a kernel service. 1824 */ 1825 static int smack_kernel_act_as(struct cred *new, u32 secid) 1826 { 1827 struct task_smack *new_tsp = new->security; 1828 struct smack_known *skp = smack_from_secid(secid); 1829 1830 if (skp == NULL) 1831 return -EINVAL; 1832 1833 new_tsp->smk_task = skp; 1834 return 0; 1835 } 1836 1837 /** 1838 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1839 * @new: points to the set of credentials to be modified 1840 * @inode: points to the inode to use as a reference 1841 * 1842 * Set the file creation context in a set of credentials to the same 1843 * as the objective context of the specified inode 1844 */ 1845 static int smack_kernel_create_files_as(struct cred *new, 1846 struct inode *inode) 1847 { 1848 struct inode_smack *isp = inode->i_security; 1849 struct task_smack *tsp = new->security; 1850 1851 tsp->smk_forked = isp->smk_inode; 1852 tsp->smk_task = tsp->smk_forked; 1853 return 0; 1854 } 1855 1856 /** 1857 * smk_curacc_on_task - helper to log task related access 1858 * @p: the task object 1859 * @access: the access requested 1860 * @caller: name of the calling function for audit 1861 * 1862 * Return 0 if access is permitted 1863 */ 1864 static int smk_curacc_on_task(struct task_struct *p, int access, 1865 const char *caller) 1866 { 1867 struct smk_audit_info ad; 1868 struct smack_known *skp = smk_of_task_struct(p); 1869 int rc; 1870 1871 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 1872 smk_ad_setfield_u_tsk(&ad, p); 1873 rc = smk_curacc(skp, access, &ad); 1874 rc = smk_bu_task(p, access, rc); 1875 return rc; 1876 } 1877 1878 /** 1879 * smack_task_setpgid - Smack check on setting pgid 1880 * @p: the task object 1881 * @pgid: unused 1882 * 1883 * Return 0 if write access is permitted 1884 */ 1885 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1886 { 1887 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1888 } 1889 1890 /** 1891 * smack_task_getpgid - Smack access check for getpgid 1892 * @p: the object task 1893 * 1894 * Returns 0 if current can read the object task, error code otherwise 1895 */ 1896 static int smack_task_getpgid(struct task_struct *p) 1897 { 1898 return smk_curacc_on_task(p, MAY_READ, __func__); 1899 } 1900 1901 /** 1902 * smack_task_getsid - Smack access check for getsid 1903 * @p: the object task 1904 * 1905 * Returns 0 if current can read the object task, error code otherwise 1906 */ 1907 static int smack_task_getsid(struct task_struct *p) 1908 { 1909 return smk_curacc_on_task(p, MAY_READ, __func__); 1910 } 1911 1912 /** 1913 * smack_task_getsecid - get the secid of the task 1914 * @p: the object task 1915 * @secid: where to put the result 1916 * 1917 * Sets the secid to contain a u32 version of the smack label. 1918 */ 1919 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1920 { 1921 struct smack_known *skp = smk_of_task_struct(p); 1922 1923 *secid = skp->smk_secid; 1924 } 1925 1926 /** 1927 * smack_task_setnice - Smack check on setting nice 1928 * @p: the task object 1929 * @nice: unused 1930 * 1931 * Return 0 if write access is permitted 1932 */ 1933 static int smack_task_setnice(struct task_struct *p, int nice) 1934 { 1935 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1936 } 1937 1938 /** 1939 * smack_task_setioprio - Smack check on setting ioprio 1940 * @p: the task object 1941 * @ioprio: unused 1942 * 1943 * Return 0 if write access is permitted 1944 */ 1945 static int smack_task_setioprio(struct task_struct *p, int ioprio) 1946 { 1947 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1948 } 1949 1950 /** 1951 * smack_task_getioprio - Smack check on reading ioprio 1952 * @p: the task object 1953 * 1954 * Return 0 if read access is permitted 1955 */ 1956 static int smack_task_getioprio(struct task_struct *p) 1957 { 1958 return smk_curacc_on_task(p, MAY_READ, __func__); 1959 } 1960 1961 /** 1962 * smack_task_setscheduler - Smack check on setting scheduler 1963 * @p: the task object 1964 * @policy: unused 1965 * @lp: unused 1966 * 1967 * Return 0 if read access is permitted 1968 */ 1969 static int smack_task_setscheduler(struct task_struct *p) 1970 { 1971 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1972 } 1973 1974 /** 1975 * smack_task_getscheduler - Smack check on reading scheduler 1976 * @p: the task object 1977 * 1978 * Return 0 if read access is permitted 1979 */ 1980 static int smack_task_getscheduler(struct task_struct *p) 1981 { 1982 return smk_curacc_on_task(p, MAY_READ, __func__); 1983 } 1984 1985 /** 1986 * smack_task_movememory - Smack check on moving memory 1987 * @p: the task object 1988 * 1989 * Return 0 if write access is permitted 1990 */ 1991 static int smack_task_movememory(struct task_struct *p) 1992 { 1993 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1994 } 1995 1996 /** 1997 * smack_task_kill - Smack check on signal delivery 1998 * @p: the task object 1999 * @info: unused 2000 * @sig: unused 2001 * @secid: identifies the smack to use in lieu of current's 2002 * 2003 * Return 0 if write access is permitted 2004 * 2005 * The secid behavior is an artifact of an SELinux hack 2006 * in the USB code. Someday it may go away. 2007 */ 2008 static int smack_task_kill(struct task_struct *p, struct siginfo *info, 2009 int sig, u32 secid) 2010 { 2011 struct smk_audit_info ad; 2012 struct smack_known *skp; 2013 struct smack_known *tkp = smk_of_task_struct(p); 2014 int rc; 2015 2016 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2017 smk_ad_setfield_u_tsk(&ad, p); 2018 /* 2019 * Sending a signal requires that the sender 2020 * can write the receiver. 2021 */ 2022 if (secid == 0) { 2023 rc = smk_curacc(tkp, MAY_WRITE, &ad); 2024 rc = smk_bu_task(p, MAY_WRITE, rc); 2025 return rc; 2026 } 2027 /* 2028 * If the secid isn't 0 we're dealing with some USB IO 2029 * specific behavior. This is not clean. For one thing 2030 * we can't take privilege into account. 2031 */ 2032 skp = smack_from_secid(secid); 2033 rc = smk_access(skp, tkp, MAY_WRITE, &ad); 2034 rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc); 2035 return rc; 2036 } 2037 2038 /** 2039 * smack_task_wait - Smack access check for waiting 2040 * @p: task to wait for 2041 * 2042 * Returns 0 2043 */ 2044 static int smack_task_wait(struct task_struct *p) 2045 { 2046 /* 2047 * Allow the operation to succeed. 2048 * Zombies are bad. 2049 * In userless environments (e.g. phones) programs 2050 * get marked with SMACK64EXEC and even if the parent 2051 * and child shouldn't be talking the parent still 2052 * may expect to know when the child exits. 2053 */ 2054 return 0; 2055 } 2056 2057 /** 2058 * smack_task_to_inode - copy task smack into the inode blob 2059 * @p: task to copy from 2060 * @inode: inode to copy to 2061 * 2062 * Sets the smack pointer in the inode security blob 2063 */ 2064 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2065 { 2066 struct inode_smack *isp = inode->i_security; 2067 struct smack_known *skp = smk_of_task_struct(p); 2068 2069 isp->smk_inode = skp; 2070 } 2071 2072 /* 2073 * Socket hooks. 2074 */ 2075 2076 /** 2077 * smack_sk_alloc_security - Allocate a socket blob 2078 * @sk: the socket 2079 * @family: unused 2080 * @gfp_flags: memory allocation flags 2081 * 2082 * Assign Smack pointers to current 2083 * 2084 * Returns 0 on success, -ENOMEM is there's no memory 2085 */ 2086 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2087 { 2088 struct smack_known *skp = smk_of_current(); 2089 struct socket_smack *ssp; 2090 2091 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2092 if (ssp == NULL) 2093 return -ENOMEM; 2094 2095 ssp->smk_in = skp; 2096 ssp->smk_out = skp; 2097 ssp->smk_packet = NULL; 2098 2099 sk->sk_security = ssp; 2100 2101 return 0; 2102 } 2103 2104 /** 2105 * smack_sk_free_security - Free a socket blob 2106 * @sk: the socket 2107 * 2108 * Clears the blob pointer 2109 */ 2110 static void smack_sk_free_security(struct sock *sk) 2111 { 2112 kfree(sk->sk_security); 2113 } 2114 2115 /** 2116 * smack_host_label - check host based restrictions 2117 * @sip: the object end 2118 * 2119 * looks for host based access restrictions 2120 * 2121 * This version will only be appropriate for really small sets of single label 2122 * hosts. The caller is responsible for ensuring that the RCU read lock is 2123 * taken before calling this function. 2124 * 2125 * Returns the label of the far end or NULL if it's not special. 2126 */ 2127 static struct smack_known *smack_host_label(struct sockaddr_in *sip) 2128 { 2129 struct smk_netlbladdr *snp; 2130 struct in_addr *siap = &sip->sin_addr; 2131 2132 if (siap->s_addr == 0) 2133 return NULL; 2134 2135 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) 2136 /* 2137 * we break after finding the first match because 2138 * the list is sorted from longest to shortest mask 2139 * so we have found the most specific match 2140 */ 2141 if ((&snp->smk_host.sin_addr)->s_addr == 2142 (siap->s_addr & (&snp->smk_mask)->s_addr)) { 2143 /* we have found the special CIPSO option */ 2144 if (snp->smk_label == &smack_cipso_option) 2145 return NULL; 2146 return snp->smk_label; 2147 } 2148 2149 return NULL; 2150 } 2151 2152 /** 2153 * smack_netlabel - Set the secattr on a socket 2154 * @sk: the socket 2155 * @labeled: socket label scheme 2156 * 2157 * Convert the outbound smack value (smk_out) to a 2158 * secattr and attach it to the socket. 2159 * 2160 * Returns 0 on success or an error code 2161 */ 2162 static int smack_netlabel(struct sock *sk, int labeled) 2163 { 2164 struct smack_known *skp; 2165 struct socket_smack *ssp = sk->sk_security; 2166 int rc = 0; 2167 2168 /* 2169 * Usually the netlabel code will handle changing the 2170 * packet labeling based on the label. 2171 * The case of a single label host is different, because 2172 * a single label host should never get a labeled packet 2173 * even though the label is usually associated with a packet 2174 * label. 2175 */ 2176 local_bh_disable(); 2177 bh_lock_sock_nested(sk); 2178 2179 if (ssp->smk_out == smack_net_ambient || 2180 labeled == SMACK_UNLABELED_SOCKET) 2181 netlbl_sock_delattr(sk); 2182 else { 2183 skp = ssp->smk_out; 2184 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2185 } 2186 2187 bh_unlock_sock(sk); 2188 local_bh_enable(); 2189 2190 return rc; 2191 } 2192 2193 /** 2194 * smack_netlbel_send - Set the secattr on a socket and perform access checks 2195 * @sk: the socket 2196 * @sap: the destination address 2197 * 2198 * Set the correct secattr for the given socket based on the destination 2199 * address and perform any outbound access checks needed. 2200 * 2201 * Returns 0 on success or an error code. 2202 * 2203 */ 2204 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) 2205 { 2206 struct smack_known *skp; 2207 int rc; 2208 int sk_lbl; 2209 struct smack_known *hkp; 2210 struct socket_smack *ssp = sk->sk_security; 2211 struct smk_audit_info ad; 2212 2213 rcu_read_lock(); 2214 hkp = smack_host_label(sap); 2215 if (hkp != NULL) { 2216 #ifdef CONFIG_AUDIT 2217 struct lsm_network_audit net; 2218 2219 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2220 ad.a.u.net->family = sap->sin_family; 2221 ad.a.u.net->dport = sap->sin_port; 2222 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2223 #endif 2224 sk_lbl = SMACK_UNLABELED_SOCKET; 2225 skp = ssp->smk_out; 2226 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2227 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2228 } else { 2229 sk_lbl = SMACK_CIPSO_SOCKET; 2230 rc = 0; 2231 } 2232 rcu_read_unlock(); 2233 if (rc != 0) 2234 return rc; 2235 2236 return smack_netlabel(sk, sk_lbl); 2237 } 2238 2239 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2240 /** 2241 * smk_ipv6_port_label - Smack port access table management 2242 * @sock: socket 2243 * @address: address 2244 * 2245 * Create or update the port list entry 2246 */ 2247 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2248 { 2249 struct sock *sk = sock->sk; 2250 struct sockaddr_in6 *addr6; 2251 struct socket_smack *ssp = sock->sk->sk_security; 2252 struct smk_port_label *spp; 2253 unsigned short port = 0; 2254 2255 if (address == NULL) { 2256 /* 2257 * This operation is changing the Smack information 2258 * on the bound socket. Take the changes to the port 2259 * as well. 2260 */ 2261 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2262 if (sk != spp->smk_sock) 2263 continue; 2264 spp->smk_in = ssp->smk_in; 2265 spp->smk_out = ssp->smk_out; 2266 return; 2267 } 2268 /* 2269 * A NULL address is only used for updating existing 2270 * bound entries. If there isn't one, it's OK. 2271 */ 2272 return; 2273 } 2274 2275 addr6 = (struct sockaddr_in6 *)address; 2276 port = ntohs(addr6->sin6_port); 2277 /* 2278 * This is a special case that is safely ignored. 2279 */ 2280 if (port == 0) 2281 return; 2282 2283 /* 2284 * Look for an existing port list entry. 2285 * This is an indication that a port is getting reused. 2286 */ 2287 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2288 if (spp->smk_port != port) 2289 continue; 2290 spp->smk_port = port; 2291 spp->smk_sock = sk; 2292 spp->smk_in = ssp->smk_in; 2293 spp->smk_out = ssp->smk_out; 2294 return; 2295 } 2296 2297 /* 2298 * A new port entry is required. 2299 */ 2300 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2301 if (spp == NULL) 2302 return; 2303 2304 spp->smk_port = port; 2305 spp->smk_sock = sk; 2306 spp->smk_in = ssp->smk_in; 2307 spp->smk_out = ssp->smk_out; 2308 2309 list_add(&spp->list, &smk_ipv6_port_list); 2310 return; 2311 } 2312 2313 /** 2314 * smk_ipv6_port_check - check Smack port access 2315 * @sock: socket 2316 * @address: address 2317 * 2318 * Create or update the port list entry 2319 */ 2320 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2321 int act) 2322 { 2323 __be16 *bep; 2324 __be32 *be32p; 2325 struct smk_port_label *spp; 2326 struct socket_smack *ssp = sk->sk_security; 2327 struct smack_known *skp; 2328 unsigned short port = 0; 2329 struct smack_known *object; 2330 struct smk_audit_info ad; 2331 int rc; 2332 #ifdef CONFIG_AUDIT 2333 struct lsm_network_audit net; 2334 #endif 2335 2336 if (act == SMK_RECEIVING) { 2337 skp = smack_net_ambient; 2338 object = ssp->smk_in; 2339 } else { 2340 skp = ssp->smk_out; 2341 object = smack_net_ambient; 2342 } 2343 2344 /* 2345 * Get the IP address and port from the address. 2346 */ 2347 port = ntohs(address->sin6_port); 2348 bep = (__be16 *)(&address->sin6_addr); 2349 be32p = (__be32 *)(&address->sin6_addr); 2350 2351 /* 2352 * It's remote, so port lookup does no good. 2353 */ 2354 if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1) 2355 goto auditout; 2356 2357 /* 2358 * It's local so the send check has to have passed. 2359 */ 2360 if (act == SMK_RECEIVING) { 2361 skp = &smack_known_web; 2362 goto auditout; 2363 } 2364 2365 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2366 if (spp->smk_port != port) 2367 continue; 2368 object = spp->smk_in; 2369 if (act == SMK_CONNECTING) 2370 ssp->smk_packet = spp->smk_out; 2371 break; 2372 } 2373 2374 auditout: 2375 2376 #ifdef CONFIG_AUDIT 2377 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2378 ad.a.u.net->family = sk->sk_family; 2379 ad.a.u.net->dport = port; 2380 if (act == SMK_RECEIVING) 2381 ad.a.u.net->v6info.saddr = address->sin6_addr; 2382 else 2383 ad.a.u.net->v6info.daddr = address->sin6_addr; 2384 #endif 2385 rc = smk_access(skp, object, MAY_WRITE, &ad); 2386 rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc); 2387 return rc; 2388 } 2389 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2390 2391 /** 2392 * smack_inode_setsecurity - set smack xattrs 2393 * @inode: the object 2394 * @name: attribute name 2395 * @value: attribute value 2396 * @size: size of the attribute 2397 * @flags: unused 2398 * 2399 * Sets the named attribute in the appropriate blob 2400 * 2401 * Returns 0 on success, or an error code 2402 */ 2403 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2404 const void *value, size_t size, int flags) 2405 { 2406 struct smack_known *skp; 2407 struct inode_smack *nsp = inode->i_security; 2408 struct socket_smack *ssp; 2409 struct socket *sock; 2410 int rc = 0; 2411 2412 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2413 return -EINVAL; 2414 2415 skp = smk_import_entry(value, size); 2416 if (IS_ERR(skp)) 2417 return PTR_ERR(skp); 2418 2419 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2420 nsp->smk_inode = skp; 2421 nsp->smk_flags |= SMK_INODE_INSTANT; 2422 return 0; 2423 } 2424 /* 2425 * The rest of the Smack xattrs are only on sockets. 2426 */ 2427 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2428 return -EOPNOTSUPP; 2429 2430 sock = SOCKET_I(inode); 2431 if (sock == NULL || sock->sk == NULL) 2432 return -EOPNOTSUPP; 2433 2434 ssp = sock->sk->sk_security; 2435 2436 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2437 ssp->smk_in = skp; 2438 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2439 ssp->smk_out = skp; 2440 if (sock->sk->sk_family == PF_INET) { 2441 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2442 if (rc != 0) 2443 printk(KERN_WARNING 2444 "Smack: \"%s\" netlbl error %d.\n", 2445 __func__, -rc); 2446 } 2447 } else 2448 return -EOPNOTSUPP; 2449 2450 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2451 if (sock->sk->sk_family == PF_INET6) 2452 smk_ipv6_port_label(sock, NULL); 2453 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2454 2455 return 0; 2456 } 2457 2458 /** 2459 * smack_socket_post_create - finish socket setup 2460 * @sock: the socket 2461 * @family: protocol family 2462 * @type: unused 2463 * @protocol: unused 2464 * @kern: unused 2465 * 2466 * Sets the netlabel information on the socket 2467 * 2468 * Returns 0 on success, and error code otherwise 2469 */ 2470 static int smack_socket_post_create(struct socket *sock, int family, 2471 int type, int protocol, int kern) 2472 { 2473 struct socket_smack *ssp; 2474 2475 if (sock->sk == NULL) 2476 return 0; 2477 2478 /* 2479 * Sockets created by kernel threads receive web label. 2480 */ 2481 if (unlikely(current->flags & PF_KTHREAD)) { 2482 ssp = sock->sk->sk_security; 2483 ssp->smk_in = &smack_known_web; 2484 ssp->smk_out = &smack_known_web; 2485 } 2486 2487 if (family != PF_INET) 2488 return 0; 2489 /* 2490 * Set the outbound netlbl. 2491 */ 2492 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2493 } 2494 2495 #ifndef CONFIG_SECURITY_SMACK_NETFILTER 2496 /** 2497 * smack_socket_bind - record port binding information. 2498 * @sock: the socket 2499 * @address: the port address 2500 * @addrlen: size of the address 2501 * 2502 * Records the label bound to a port. 2503 * 2504 * Returns 0 2505 */ 2506 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2507 int addrlen) 2508 { 2509 #if IS_ENABLED(CONFIG_IPV6) 2510 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) 2511 smk_ipv6_port_label(sock, address); 2512 #endif 2513 2514 return 0; 2515 } 2516 #endif /* !CONFIG_SECURITY_SMACK_NETFILTER */ 2517 2518 /** 2519 * smack_socket_connect - connect access check 2520 * @sock: the socket 2521 * @sap: the other end 2522 * @addrlen: size of sap 2523 * 2524 * Verifies that a connection may be possible 2525 * 2526 * Returns 0 on success, and error code otherwise 2527 */ 2528 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2529 int addrlen) 2530 { 2531 int rc = 0; 2532 2533 if (sock->sk == NULL) 2534 return 0; 2535 2536 switch (sock->sk->sk_family) { 2537 case PF_INET: 2538 if (addrlen < sizeof(struct sockaddr_in)) 2539 return -EINVAL; 2540 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); 2541 break; 2542 case PF_INET6: 2543 if (addrlen < sizeof(struct sockaddr_in6)) 2544 return -EINVAL; 2545 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2546 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap, 2547 SMK_CONNECTING); 2548 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2549 break; 2550 } 2551 return rc; 2552 } 2553 2554 /** 2555 * smack_flags_to_may - convert S_ to MAY_ values 2556 * @flags: the S_ value 2557 * 2558 * Returns the equivalent MAY_ value 2559 */ 2560 static int smack_flags_to_may(int flags) 2561 { 2562 int may = 0; 2563 2564 if (flags & S_IRUGO) 2565 may |= MAY_READ; 2566 if (flags & S_IWUGO) 2567 may |= MAY_WRITE; 2568 if (flags & S_IXUGO) 2569 may |= MAY_EXEC; 2570 2571 return may; 2572 } 2573 2574 /** 2575 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2576 * @msg: the object 2577 * 2578 * Returns 0 2579 */ 2580 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2581 { 2582 struct smack_known *skp = smk_of_current(); 2583 2584 msg->security = skp; 2585 return 0; 2586 } 2587 2588 /** 2589 * smack_msg_msg_free_security - Clear the security blob for msg_msg 2590 * @msg: the object 2591 * 2592 * Clears the blob pointer 2593 */ 2594 static void smack_msg_msg_free_security(struct msg_msg *msg) 2595 { 2596 msg->security = NULL; 2597 } 2598 2599 /** 2600 * smack_of_shm - the smack pointer for the shm 2601 * @shp: the object 2602 * 2603 * Returns a pointer to the smack value 2604 */ 2605 static struct smack_known *smack_of_shm(struct shmid_kernel *shp) 2606 { 2607 return (struct smack_known *)shp->shm_perm.security; 2608 } 2609 2610 /** 2611 * smack_shm_alloc_security - Set the security blob for shm 2612 * @shp: the object 2613 * 2614 * Returns 0 2615 */ 2616 static int smack_shm_alloc_security(struct shmid_kernel *shp) 2617 { 2618 struct kern_ipc_perm *isp = &shp->shm_perm; 2619 struct smack_known *skp = smk_of_current(); 2620 2621 isp->security = skp; 2622 return 0; 2623 } 2624 2625 /** 2626 * smack_shm_free_security - Clear the security blob for shm 2627 * @shp: the object 2628 * 2629 * Clears the blob pointer 2630 */ 2631 static void smack_shm_free_security(struct shmid_kernel *shp) 2632 { 2633 struct kern_ipc_perm *isp = &shp->shm_perm; 2634 2635 isp->security = NULL; 2636 } 2637 2638 /** 2639 * smk_curacc_shm : check if current has access on shm 2640 * @shp : the object 2641 * @access : access requested 2642 * 2643 * Returns 0 if current has the requested access, error code otherwise 2644 */ 2645 static int smk_curacc_shm(struct shmid_kernel *shp, int access) 2646 { 2647 struct smack_known *ssp = smack_of_shm(shp); 2648 struct smk_audit_info ad; 2649 int rc; 2650 2651 #ifdef CONFIG_AUDIT 2652 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2653 ad.a.u.ipc_id = shp->shm_perm.id; 2654 #endif 2655 rc = smk_curacc(ssp, access, &ad); 2656 rc = smk_bu_current("shm", ssp, access, rc); 2657 return rc; 2658 } 2659 2660 /** 2661 * smack_shm_associate - Smack access check for shm 2662 * @shp: the object 2663 * @shmflg: access requested 2664 * 2665 * Returns 0 if current has the requested access, error code otherwise 2666 */ 2667 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 2668 { 2669 int may; 2670 2671 may = smack_flags_to_may(shmflg); 2672 return smk_curacc_shm(shp, may); 2673 } 2674 2675 /** 2676 * smack_shm_shmctl - Smack access check for shm 2677 * @shp: the object 2678 * @cmd: what it wants to do 2679 * 2680 * Returns 0 if current has the requested access, error code otherwise 2681 */ 2682 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 2683 { 2684 int may; 2685 2686 switch (cmd) { 2687 case IPC_STAT: 2688 case SHM_STAT: 2689 may = MAY_READ; 2690 break; 2691 case IPC_SET: 2692 case SHM_LOCK: 2693 case SHM_UNLOCK: 2694 case IPC_RMID: 2695 may = MAY_READWRITE; 2696 break; 2697 case IPC_INFO: 2698 case SHM_INFO: 2699 /* 2700 * System level information. 2701 */ 2702 return 0; 2703 default: 2704 return -EINVAL; 2705 } 2706 return smk_curacc_shm(shp, may); 2707 } 2708 2709 /** 2710 * smack_shm_shmat - Smack access for shmat 2711 * @shp: the object 2712 * @shmaddr: unused 2713 * @shmflg: access requested 2714 * 2715 * Returns 0 if current has the requested access, error code otherwise 2716 */ 2717 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 2718 int shmflg) 2719 { 2720 int may; 2721 2722 may = smack_flags_to_may(shmflg); 2723 return smk_curacc_shm(shp, may); 2724 } 2725 2726 /** 2727 * smack_of_sem - the smack pointer for the sem 2728 * @sma: the object 2729 * 2730 * Returns a pointer to the smack value 2731 */ 2732 static struct smack_known *smack_of_sem(struct sem_array *sma) 2733 { 2734 return (struct smack_known *)sma->sem_perm.security; 2735 } 2736 2737 /** 2738 * smack_sem_alloc_security - Set the security blob for sem 2739 * @sma: the object 2740 * 2741 * Returns 0 2742 */ 2743 static int smack_sem_alloc_security(struct sem_array *sma) 2744 { 2745 struct kern_ipc_perm *isp = &sma->sem_perm; 2746 struct smack_known *skp = smk_of_current(); 2747 2748 isp->security = skp; 2749 return 0; 2750 } 2751 2752 /** 2753 * smack_sem_free_security - Clear the security blob for sem 2754 * @sma: the object 2755 * 2756 * Clears the blob pointer 2757 */ 2758 static void smack_sem_free_security(struct sem_array *sma) 2759 { 2760 struct kern_ipc_perm *isp = &sma->sem_perm; 2761 2762 isp->security = NULL; 2763 } 2764 2765 /** 2766 * smk_curacc_sem : check if current has access on sem 2767 * @sma : the object 2768 * @access : access requested 2769 * 2770 * Returns 0 if current has the requested access, error code otherwise 2771 */ 2772 static int smk_curacc_sem(struct sem_array *sma, int access) 2773 { 2774 struct smack_known *ssp = smack_of_sem(sma); 2775 struct smk_audit_info ad; 2776 int rc; 2777 2778 #ifdef CONFIG_AUDIT 2779 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2780 ad.a.u.ipc_id = sma->sem_perm.id; 2781 #endif 2782 rc = smk_curacc(ssp, access, &ad); 2783 rc = smk_bu_current("sem", ssp, access, rc); 2784 return rc; 2785 } 2786 2787 /** 2788 * smack_sem_associate - Smack access check for sem 2789 * @sma: the object 2790 * @semflg: access requested 2791 * 2792 * Returns 0 if current has the requested access, error code otherwise 2793 */ 2794 static int smack_sem_associate(struct sem_array *sma, int semflg) 2795 { 2796 int may; 2797 2798 may = smack_flags_to_may(semflg); 2799 return smk_curacc_sem(sma, may); 2800 } 2801 2802 /** 2803 * smack_sem_shmctl - Smack access check for sem 2804 * @sma: the object 2805 * @cmd: what it wants to do 2806 * 2807 * Returns 0 if current has the requested access, error code otherwise 2808 */ 2809 static int smack_sem_semctl(struct sem_array *sma, int cmd) 2810 { 2811 int may; 2812 2813 switch (cmd) { 2814 case GETPID: 2815 case GETNCNT: 2816 case GETZCNT: 2817 case GETVAL: 2818 case GETALL: 2819 case IPC_STAT: 2820 case SEM_STAT: 2821 may = MAY_READ; 2822 break; 2823 case SETVAL: 2824 case SETALL: 2825 case IPC_RMID: 2826 case IPC_SET: 2827 may = MAY_READWRITE; 2828 break; 2829 case IPC_INFO: 2830 case SEM_INFO: 2831 /* 2832 * System level information 2833 */ 2834 return 0; 2835 default: 2836 return -EINVAL; 2837 } 2838 2839 return smk_curacc_sem(sma, may); 2840 } 2841 2842 /** 2843 * smack_sem_semop - Smack checks of semaphore operations 2844 * @sma: the object 2845 * @sops: unused 2846 * @nsops: unused 2847 * @alter: unused 2848 * 2849 * Treated as read and write in all cases. 2850 * 2851 * Returns 0 if access is allowed, error code otherwise 2852 */ 2853 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, 2854 unsigned nsops, int alter) 2855 { 2856 return smk_curacc_sem(sma, MAY_READWRITE); 2857 } 2858 2859 /** 2860 * smack_msg_alloc_security - Set the security blob for msg 2861 * @msq: the object 2862 * 2863 * Returns 0 2864 */ 2865 static int smack_msg_queue_alloc_security(struct msg_queue *msq) 2866 { 2867 struct kern_ipc_perm *kisp = &msq->q_perm; 2868 struct smack_known *skp = smk_of_current(); 2869 2870 kisp->security = skp; 2871 return 0; 2872 } 2873 2874 /** 2875 * smack_msg_free_security - Clear the security blob for msg 2876 * @msq: the object 2877 * 2878 * Clears the blob pointer 2879 */ 2880 static void smack_msg_queue_free_security(struct msg_queue *msq) 2881 { 2882 struct kern_ipc_perm *kisp = &msq->q_perm; 2883 2884 kisp->security = NULL; 2885 } 2886 2887 /** 2888 * smack_of_msq - the smack pointer for the msq 2889 * @msq: the object 2890 * 2891 * Returns a pointer to the smack label entry 2892 */ 2893 static struct smack_known *smack_of_msq(struct msg_queue *msq) 2894 { 2895 return (struct smack_known *)msq->q_perm.security; 2896 } 2897 2898 /** 2899 * smk_curacc_msq : helper to check if current has access on msq 2900 * @msq : the msq 2901 * @access : access requested 2902 * 2903 * return 0 if current has access, error otherwise 2904 */ 2905 static int smk_curacc_msq(struct msg_queue *msq, int access) 2906 { 2907 struct smack_known *msp = smack_of_msq(msq); 2908 struct smk_audit_info ad; 2909 int rc; 2910 2911 #ifdef CONFIG_AUDIT 2912 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2913 ad.a.u.ipc_id = msq->q_perm.id; 2914 #endif 2915 rc = smk_curacc(msp, access, &ad); 2916 rc = smk_bu_current("msq", msp, access, rc); 2917 return rc; 2918 } 2919 2920 /** 2921 * smack_msg_queue_associate - Smack access check for msg_queue 2922 * @msq: the object 2923 * @msqflg: access requested 2924 * 2925 * Returns 0 if current has the requested access, error code otherwise 2926 */ 2927 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) 2928 { 2929 int may; 2930 2931 may = smack_flags_to_may(msqflg); 2932 return smk_curacc_msq(msq, may); 2933 } 2934 2935 /** 2936 * smack_msg_queue_msgctl - Smack access check for msg_queue 2937 * @msq: the object 2938 * @cmd: what it wants to do 2939 * 2940 * Returns 0 if current has the requested access, error code otherwise 2941 */ 2942 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 2943 { 2944 int may; 2945 2946 switch (cmd) { 2947 case IPC_STAT: 2948 case MSG_STAT: 2949 may = MAY_READ; 2950 break; 2951 case IPC_SET: 2952 case IPC_RMID: 2953 may = MAY_READWRITE; 2954 break; 2955 case IPC_INFO: 2956 case MSG_INFO: 2957 /* 2958 * System level information 2959 */ 2960 return 0; 2961 default: 2962 return -EINVAL; 2963 } 2964 2965 return smk_curacc_msq(msq, may); 2966 } 2967 2968 /** 2969 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2970 * @msq: the object 2971 * @msg: unused 2972 * @msqflg: access requested 2973 * 2974 * Returns 0 if current has the requested access, error code otherwise 2975 */ 2976 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 2977 int msqflg) 2978 { 2979 int may; 2980 2981 may = smack_flags_to_may(msqflg); 2982 return smk_curacc_msq(msq, may); 2983 } 2984 2985 /** 2986 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2987 * @msq: the object 2988 * @msg: unused 2989 * @target: unused 2990 * @type: unused 2991 * @mode: unused 2992 * 2993 * Returns 0 if current has read and write access, error code otherwise 2994 */ 2995 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 2996 struct task_struct *target, long type, int mode) 2997 { 2998 return smk_curacc_msq(msq, MAY_READWRITE); 2999 } 3000 3001 /** 3002 * smack_ipc_permission - Smack access for ipc_permission() 3003 * @ipp: the object permissions 3004 * @flag: access requested 3005 * 3006 * Returns 0 if current has read and write access, error code otherwise 3007 */ 3008 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3009 { 3010 struct smack_known *iskp = ipp->security; 3011 int may = smack_flags_to_may(flag); 3012 struct smk_audit_info ad; 3013 int rc; 3014 3015 #ifdef CONFIG_AUDIT 3016 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3017 ad.a.u.ipc_id = ipp->id; 3018 #endif 3019 rc = smk_curacc(iskp, may, &ad); 3020 rc = smk_bu_current("svipc", iskp, may, rc); 3021 return rc; 3022 } 3023 3024 /** 3025 * smack_ipc_getsecid - Extract smack security id 3026 * @ipp: the object permissions 3027 * @secid: where result will be saved 3028 */ 3029 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3030 { 3031 struct smack_known *iskp = ipp->security; 3032 3033 *secid = iskp->smk_secid; 3034 } 3035 3036 /** 3037 * smack_d_instantiate - Make sure the blob is correct on an inode 3038 * @opt_dentry: dentry where inode will be attached 3039 * @inode: the object 3040 * 3041 * Set the inode's security blob if it hasn't been done already. 3042 */ 3043 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3044 { 3045 struct super_block *sbp; 3046 struct superblock_smack *sbsp; 3047 struct inode_smack *isp; 3048 struct smack_known *skp; 3049 struct smack_known *ckp = smk_of_current(); 3050 struct smack_known *final; 3051 char trattr[TRANS_TRUE_SIZE]; 3052 int transflag = 0; 3053 int rc; 3054 struct dentry *dp; 3055 3056 if (inode == NULL) 3057 return; 3058 3059 isp = inode->i_security; 3060 3061 mutex_lock(&isp->smk_lock); 3062 /* 3063 * If the inode is already instantiated 3064 * take the quick way out 3065 */ 3066 if (isp->smk_flags & SMK_INODE_INSTANT) 3067 goto unlockandout; 3068 3069 sbp = inode->i_sb; 3070 sbsp = sbp->s_security; 3071 /* 3072 * We're going to use the superblock default label 3073 * if there's no label on the file. 3074 */ 3075 final = sbsp->smk_default; 3076 3077 /* 3078 * If this is the root inode the superblock 3079 * may be in the process of initialization. 3080 * If that is the case use the root value out 3081 * of the superblock. 3082 */ 3083 if (opt_dentry->d_parent == opt_dentry) { 3084 switch (sbp->s_magic) { 3085 case CGROUP_SUPER_MAGIC: 3086 /* 3087 * The cgroup filesystem is never mounted, 3088 * so there's no opportunity to set the mount 3089 * options. 3090 */ 3091 sbsp->smk_root = &smack_known_star; 3092 sbsp->smk_default = &smack_known_star; 3093 isp->smk_inode = sbsp->smk_root; 3094 break; 3095 case TMPFS_MAGIC: 3096 /* 3097 * What about shmem/tmpfs anonymous files with dentry 3098 * obtained from d_alloc_pseudo()? 3099 */ 3100 isp->smk_inode = smk_of_current(); 3101 break; 3102 default: 3103 isp->smk_inode = sbsp->smk_root; 3104 break; 3105 } 3106 isp->smk_flags |= SMK_INODE_INSTANT; 3107 goto unlockandout; 3108 } 3109 3110 /* 3111 * This is pretty hackish. 3112 * Casey says that we shouldn't have to do 3113 * file system specific code, but it does help 3114 * with keeping it simple. 3115 */ 3116 switch (sbp->s_magic) { 3117 case SMACK_MAGIC: 3118 case PIPEFS_MAGIC: 3119 case SOCKFS_MAGIC: 3120 case CGROUP_SUPER_MAGIC: 3121 /* 3122 * Casey says that it's a little embarrassing 3123 * that the smack file system doesn't do 3124 * extended attributes. 3125 * 3126 * Casey says pipes are easy (?) 3127 * 3128 * Socket access is controlled by the socket 3129 * structures associated with the task involved. 3130 * 3131 * Cgroupfs is special 3132 */ 3133 final = &smack_known_star; 3134 break; 3135 case DEVPTS_SUPER_MAGIC: 3136 /* 3137 * devpts seems content with the label of the task. 3138 * Programs that change smack have to treat the 3139 * pty with respect. 3140 */ 3141 final = ckp; 3142 break; 3143 case PROC_SUPER_MAGIC: 3144 /* 3145 * Casey says procfs appears not to care. 3146 * The superblock default suffices. 3147 */ 3148 break; 3149 case TMPFS_MAGIC: 3150 /* 3151 * Device labels should come from the filesystem, 3152 * but watch out, because they're volitile, 3153 * getting recreated on every reboot. 3154 */ 3155 final = &smack_known_star; 3156 /* 3157 * No break. 3158 * 3159 * If a smack value has been set we want to use it, 3160 * but since tmpfs isn't giving us the opportunity 3161 * to set mount options simulate setting the 3162 * superblock default. 3163 */ 3164 default: 3165 /* 3166 * This isn't an understood special case. 3167 * Get the value from the xattr. 3168 */ 3169 3170 /* 3171 * UNIX domain sockets use lower level socket data. 3172 */ 3173 if (S_ISSOCK(inode->i_mode)) { 3174 final = &smack_known_star; 3175 break; 3176 } 3177 /* 3178 * No xattr support means, alas, no SMACK label. 3179 * Use the aforeapplied default. 3180 * It would be curious if the label of the task 3181 * does not match that assigned. 3182 */ 3183 if (inode->i_op->getxattr == NULL) 3184 break; 3185 /* 3186 * Get the dentry for xattr. 3187 */ 3188 dp = dget(opt_dentry); 3189 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3190 if (!IS_ERR_OR_NULL(skp)) 3191 final = skp; 3192 3193 /* 3194 * Transmuting directory 3195 */ 3196 if (S_ISDIR(inode->i_mode)) { 3197 /* 3198 * If this is a new directory and the label was 3199 * transmuted when the inode was initialized 3200 * set the transmute attribute on the directory 3201 * and mark the inode. 3202 * 3203 * If there is a transmute attribute on the 3204 * directory mark the inode. 3205 */ 3206 if (isp->smk_flags & SMK_INODE_CHANGED) { 3207 isp->smk_flags &= ~SMK_INODE_CHANGED; 3208 rc = inode->i_op->setxattr(dp, 3209 XATTR_NAME_SMACKTRANSMUTE, 3210 TRANS_TRUE, TRANS_TRUE_SIZE, 3211 0); 3212 } else { 3213 rc = inode->i_op->getxattr(dp, 3214 XATTR_NAME_SMACKTRANSMUTE, trattr, 3215 TRANS_TRUE_SIZE); 3216 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3217 TRANS_TRUE_SIZE) != 0) 3218 rc = -EINVAL; 3219 } 3220 if (rc >= 0) 3221 transflag = SMK_INODE_TRANSMUTE; 3222 } 3223 /* 3224 * Don't let the exec or mmap label be "*" or "@". 3225 */ 3226 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3227 if (IS_ERR(skp) || skp == &smack_known_star || 3228 skp == &smack_known_web) 3229 skp = NULL; 3230 isp->smk_task = skp; 3231 3232 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3233 if (IS_ERR(skp) || skp == &smack_known_star || 3234 skp == &smack_known_web) 3235 skp = NULL; 3236 isp->smk_mmap = skp; 3237 3238 dput(dp); 3239 break; 3240 } 3241 3242 if (final == NULL) 3243 isp->smk_inode = ckp; 3244 else 3245 isp->smk_inode = final; 3246 3247 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3248 3249 unlockandout: 3250 mutex_unlock(&isp->smk_lock); 3251 return; 3252 } 3253 3254 /** 3255 * smack_getprocattr - Smack process attribute access 3256 * @p: the object task 3257 * @name: the name of the attribute in /proc/.../attr 3258 * @value: where to put the result 3259 * 3260 * Places a copy of the task Smack into value 3261 * 3262 * Returns the length of the smack label or an error code 3263 */ 3264 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3265 { 3266 struct smack_known *skp = smk_of_task_struct(p); 3267 char *cp; 3268 int slen; 3269 3270 if (strcmp(name, "current") != 0) 3271 return -EINVAL; 3272 3273 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3274 if (cp == NULL) 3275 return -ENOMEM; 3276 3277 slen = strlen(cp); 3278 *value = cp; 3279 return slen; 3280 } 3281 3282 /** 3283 * smack_setprocattr - Smack process attribute setting 3284 * @p: the object task 3285 * @name: the name of the attribute in /proc/.../attr 3286 * @value: the value to set 3287 * @size: the size of the value 3288 * 3289 * Sets the Smack value of the task. Only setting self 3290 * is permitted and only with privilege 3291 * 3292 * Returns the length of the smack label or an error code 3293 */ 3294 static int smack_setprocattr(struct task_struct *p, char *name, 3295 void *value, size_t size) 3296 { 3297 struct task_smack *tsp; 3298 struct cred *new; 3299 struct smack_known *skp; 3300 3301 /* 3302 * Changing another process' Smack value is too dangerous 3303 * and supports no sane use case. 3304 */ 3305 if (p != current) 3306 return -EPERM; 3307 3308 if (!smack_privileged(CAP_MAC_ADMIN)) 3309 return -EPERM; 3310 3311 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3312 return -EINVAL; 3313 3314 if (strcmp(name, "current") != 0) 3315 return -EINVAL; 3316 3317 skp = smk_import_entry(value, size); 3318 if (IS_ERR(skp)) 3319 return PTR_ERR(skp); 3320 3321 /* 3322 * No process is ever allowed the web ("@") label. 3323 */ 3324 if (skp == &smack_known_web) 3325 return -EPERM; 3326 3327 new = prepare_creds(); 3328 if (new == NULL) 3329 return -ENOMEM; 3330 3331 tsp = new->security; 3332 tsp->smk_task = skp; 3333 3334 commit_creds(new); 3335 return size; 3336 } 3337 3338 /** 3339 * smack_unix_stream_connect - Smack access on UDS 3340 * @sock: one sock 3341 * @other: the other sock 3342 * @newsk: unused 3343 * 3344 * Return 0 if a subject with the smack of sock could access 3345 * an object with the smack of other, otherwise an error code 3346 */ 3347 static int smack_unix_stream_connect(struct sock *sock, 3348 struct sock *other, struct sock *newsk) 3349 { 3350 struct smack_known *skp; 3351 struct smack_known *okp; 3352 struct socket_smack *ssp = sock->sk_security; 3353 struct socket_smack *osp = other->sk_security; 3354 struct socket_smack *nsp = newsk->sk_security; 3355 struct smk_audit_info ad; 3356 int rc = 0; 3357 #ifdef CONFIG_AUDIT 3358 struct lsm_network_audit net; 3359 #endif 3360 3361 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3362 skp = ssp->smk_out; 3363 okp = osp->smk_in; 3364 #ifdef CONFIG_AUDIT 3365 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3366 smk_ad_setfield_u_net_sk(&ad, other); 3367 #endif 3368 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3369 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3370 if (rc == 0) { 3371 okp = osp->smk_out; 3372 skp = ssp->smk_in; 3373 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3374 rc = smk_bu_note("UDS connect", okp, skp, 3375 MAY_WRITE, rc); 3376 } 3377 } 3378 3379 /* 3380 * Cross reference the peer labels for SO_PEERSEC. 3381 */ 3382 if (rc == 0) { 3383 nsp->smk_packet = ssp->smk_out; 3384 ssp->smk_packet = osp->smk_out; 3385 } 3386 3387 return rc; 3388 } 3389 3390 /** 3391 * smack_unix_may_send - Smack access on UDS 3392 * @sock: one socket 3393 * @other: the other socket 3394 * 3395 * Return 0 if a subject with the smack of sock could access 3396 * an object with the smack of other, otherwise an error code 3397 */ 3398 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3399 { 3400 struct socket_smack *ssp = sock->sk->sk_security; 3401 struct socket_smack *osp = other->sk->sk_security; 3402 struct smk_audit_info ad; 3403 int rc; 3404 3405 #ifdef CONFIG_AUDIT 3406 struct lsm_network_audit net; 3407 3408 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3409 smk_ad_setfield_u_net_sk(&ad, other->sk); 3410 #endif 3411 3412 if (smack_privileged(CAP_MAC_OVERRIDE)) 3413 return 0; 3414 3415 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3416 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3417 return rc; 3418 } 3419 3420 /** 3421 * smack_socket_sendmsg - Smack check based on destination host 3422 * @sock: the socket 3423 * @msg: the message 3424 * @size: the size of the message 3425 * 3426 * Return 0 if the current subject can write to the destination host. 3427 * For IPv4 this is only a question if the destination is a single label host. 3428 * For IPv6 this is a check against the label of the port. 3429 */ 3430 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3431 int size) 3432 { 3433 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3434 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 3435 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3436 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 3437 int rc = 0; 3438 3439 /* 3440 * Perfectly reasonable for this to be NULL 3441 */ 3442 if (sip == NULL) 3443 return 0; 3444 3445 switch (sip->sin_family) { 3446 case AF_INET: 3447 rc = smack_netlabel_send(sock->sk, sip); 3448 break; 3449 case AF_INET6: 3450 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 3451 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3452 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 3453 break; 3454 } 3455 return rc; 3456 } 3457 3458 /** 3459 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3460 * @sap: netlabel secattr 3461 * @ssp: socket security information 3462 * 3463 * Returns a pointer to a Smack label entry found on the label list. 3464 */ 3465 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3466 struct socket_smack *ssp) 3467 { 3468 struct smack_known *skp; 3469 int found = 0; 3470 int acat; 3471 int kcat; 3472 3473 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3474 /* 3475 * Looks like a CIPSO packet. 3476 * If there are flags but no level netlabel isn't 3477 * behaving the way we expect it to. 3478 * 3479 * Look it up in the label table 3480 * Without guidance regarding the smack value 3481 * for the packet fall back on the network 3482 * ambient value. 3483 */ 3484 rcu_read_lock(); 3485 list_for_each_entry(skp, &smack_known_list, list) { 3486 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3487 continue; 3488 /* 3489 * Compare the catsets. Use the netlbl APIs. 3490 */ 3491 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3492 if ((skp->smk_netlabel.flags & 3493 NETLBL_SECATTR_MLS_CAT) == 0) 3494 found = 1; 3495 break; 3496 } 3497 for (acat = -1, kcat = -1; acat == kcat; ) { 3498 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3499 acat + 1); 3500 kcat = netlbl_catmap_walk( 3501 skp->smk_netlabel.attr.mls.cat, 3502 kcat + 1); 3503 if (acat < 0 || kcat < 0) 3504 break; 3505 } 3506 if (acat == kcat) { 3507 found = 1; 3508 break; 3509 } 3510 } 3511 rcu_read_unlock(); 3512 3513 if (found) 3514 return skp; 3515 3516 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3517 return &smack_known_web; 3518 return &smack_known_star; 3519 } 3520 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { 3521 /* 3522 * Looks like a fallback, which gives us a secid. 3523 */ 3524 skp = smack_from_secid(sap->attr.secid); 3525 /* 3526 * This has got to be a bug because it is 3527 * impossible to specify a fallback without 3528 * specifying the label, which will ensure 3529 * it has a secid, and the only way to get a 3530 * secid is from a fallback. 3531 */ 3532 BUG_ON(skp == NULL); 3533 return skp; 3534 } 3535 /* 3536 * Without guidance regarding the smack value 3537 * for the packet fall back on the network 3538 * ambient value. 3539 */ 3540 return smack_net_ambient; 3541 } 3542 3543 #if IS_ENABLED(CONFIG_IPV6) 3544 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3545 { 3546 u8 nexthdr; 3547 int offset; 3548 int proto = -EINVAL; 3549 struct ipv6hdr _ipv6h; 3550 struct ipv6hdr *ip6; 3551 __be16 frag_off; 3552 struct tcphdr _tcph, *th; 3553 struct udphdr _udph, *uh; 3554 struct dccp_hdr _dccph, *dh; 3555 3556 sip->sin6_port = 0; 3557 3558 offset = skb_network_offset(skb); 3559 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3560 if (ip6 == NULL) 3561 return -EINVAL; 3562 sip->sin6_addr = ip6->saddr; 3563 3564 nexthdr = ip6->nexthdr; 3565 offset += sizeof(_ipv6h); 3566 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3567 if (offset < 0) 3568 return -EINVAL; 3569 3570 proto = nexthdr; 3571 switch (proto) { 3572 case IPPROTO_TCP: 3573 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3574 if (th != NULL) 3575 sip->sin6_port = th->source; 3576 break; 3577 case IPPROTO_UDP: 3578 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3579 if (uh != NULL) 3580 sip->sin6_port = uh->source; 3581 break; 3582 case IPPROTO_DCCP: 3583 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3584 if (dh != NULL) 3585 sip->sin6_port = dh->dccph_sport; 3586 break; 3587 } 3588 return proto; 3589 } 3590 #endif /* CONFIG_IPV6 */ 3591 3592 /** 3593 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3594 * @sk: socket 3595 * @skb: packet 3596 * 3597 * Returns 0 if the packet should be delivered, an error code otherwise 3598 */ 3599 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3600 { 3601 struct netlbl_lsm_secattr secattr; 3602 struct socket_smack *ssp = sk->sk_security; 3603 struct smack_known *skp = NULL; 3604 int rc = 0; 3605 struct smk_audit_info ad; 3606 #ifdef CONFIG_AUDIT 3607 struct lsm_network_audit net; 3608 #endif 3609 #if IS_ENABLED(CONFIG_IPV6) 3610 struct sockaddr_in6 sadd; 3611 int proto; 3612 #endif /* CONFIG_IPV6 */ 3613 3614 switch (sk->sk_family) { 3615 case PF_INET: 3616 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3617 /* 3618 * If there is a secmark use it rather than the CIPSO label. 3619 * If there is no secmark fall back to CIPSO. 3620 * The secmark is assumed to reflect policy better. 3621 */ 3622 if (skb && skb->secmark != 0) { 3623 skp = smack_from_secid(skb->secmark); 3624 goto access_check; 3625 } 3626 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3627 /* 3628 * Translate what netlabel gave us. 3629 */ 3630 netlbl_secattr_init(&secattr); 3631 3632 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); 3633 if (rc == 0) 3634 skp = smack_from_secattr(&secattr, ssp); 3635 else 3636 skp = smack_net_ambient; 3637 3638 netlbl_secattr_destroy(&secattr); 3639 3640 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3641 access_check: 3642 #endif 3643 #ifdef CONFIG_AUDIT 3644 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3645 ad.a.u.net->family = sk->sk_family; 3646 ad.a.u.net->netif = skb->skb_iif; 3647 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3648 #endif 3649 /* 3650 * Receiving a packet requires that the other end 3651 * be able to write here. Read access is not required. 3652 * This is the simplist possible security model 3653 * for networking. 3654 */ 3655 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3656 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3657 MAY_WRITE, rc); 3658 if (rc != 0) 3659 netlbl_skbuff_err(skb, rc, 0); 3660 break; 3661 #if IS_ENABLED(CONFIG_IPV6) 3662 case PF_INET6: 3663 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3664 if (proto != IPPROTO_UDP && proto != IPPROTO_TCP) 3665 break; 3666 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3667 if (skb && skb->secmark != 0) 3668 skp = smack_from_secid(skb->secmark); 3669 else 3670 skp = smack_net_ambient; 3671 #ifdef CONFIG_AUDIT 3672 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3673 ad.a.u.net->family = sk->sk_family; 3674 ad.a.u.net->netif = skb->skb_iif; 3675 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3676 #endif /* CONFIG_AUDIT */ 3677 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3678 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3679 MAY_WRITE, rc); 3680 #else /* CONFIG_SECURITY_SMACK_NETFILTER */ 3681 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3682 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3683 break; 3684 #endif /* CONFIG_IPV6 */ 3685 } 3686 3687 return rc; 3688 } 3689 3690 /** 3691 * smack_socket_getpeersec_stream - pull in packet label 3692 * @sock: the socket 3693 * @optval: user's destination 3694 * @optlen: size thereof 3695 * @len: max thereof 3696 * 3697 * returns zero on success, an error code otherwise 3698 */ 3699 static int smack_socket_getpeersec_stream(struct socket *sock, 3700 char __user *optval, 3701 int __user *optlen, unsigned len) 3702 { 3703 struct socket_smack *ssp; 3704 char *rcp = ""; 3705 int slen = 1; 3706 int rc = 0; 3707 3708 ssp = sock->sk->sk_security; 3709 if (ssp->smk_packet != NULL) { 3710 rcp = ssp->smk_packet->smk_known; 3711 slen = strlen(rcp) + 1; 3712 } 3713 3714 if (slen > len) 3715 rc = -ERANGE; 3716 else if (copy_to_user(optval, rcp, slen) != 0) 3717 rc = -EFAULT; 3718 3719 if (put_user(slen, optlen) != 0) 3720 rc = -EFAULT; 3721 3722 return rc; 3723 } 3724 3725 3726 /** 3727 * smack_socket_getpeersec_dgram - pull in packet label 3728 * @sock: the peer socket 3729 * @skb: packet data 3730 * @secid: pointer to where to put the secid of the packet 3731 * 3732 * Sets the netlabel socket state on sk from parent 3733 */ 3734 static int smack_socket_getpeersec_dgram(struct socket *sock, 3735 struct sk_buff *skb, u32 *secid) 3736 3737 { 3738 struct netlbl_lsm_secattr secattr; 3739 struct socket_smack *ssp = NULL; 3740 struct smack_known *skp; 3741 int family = PF_UNSPEC; 3742 u32 s = 0; /* 0 is the invalid secid */ 3743 int rc; 3744 3745 if (skb != NULL) { 3746 if (skb->protocol == htons(ETH_P_IP)) 3747 family = PF_INET; 3748 #if IS_ENABLED(CONFIG_IPV6) 3749 else if (skb->protocol == htons(ETH_P_IPV6)) 3750 family = PF_INET6; 3751 #endif /* CONFIG_IPV6 */ 3752 } 3753 if (family == PF_UNSPEC && sock != NULL) 3754 family = sock->sk->sk_family; 3755 3756 switch (family) { 3757 case PF_UNIX: 3758 ssp = sock->sk->sk_security; 3759 s = ssp->smk_out->smk_secid; 3760 break; 3761 case PF_INET: 3762 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3763 s = skb->secmark; 3764 if (s != 0) 3765 break; 3766 #endif 3767 /* 3768 * Translate what netlabel gave us. 3769 */ 3770 if (sock != NULL && sock->sk != NULL) 3771 ssp = sock->sk->sk_security; 3772 netlbl_secattr_init(&secattr); 3773 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3774 if (rc == 0) { 3775 skp = smack_from_secattr(&secattr, ssp); 3776 s = skp->smk_secid; 3777 } 3778 netlbl_secattr_destroy(&secattr); 3779 break; 3780 #if IS_ENABLED(CONFIG_IPV6) 3781 case PF_INET6: 3782 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3783 s = skb->secmark; 3784 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3785 break; 3786 #endif /* CONFIG_IPV6 */ 3787 } 3788 *secid = s; 3789 if (s == 0) 3790 return -EINVAL; 3791 return 0; 3792 } 3793 3794 /** 3795 * smack_sock_graft - Initialize a newly created socket with an existing sock 3796 * @sk: child sock 3797 * @parent: parent socket 3798 * 3799 * Set the smk_{in,out} state of an existing sock based on the process that 3800 * is creating the new socket. 3801 */ 3802 static void smack_sock_graft(struct sock *sk, struct socket *parent) 3803 { 3804 struct socket_smack *ssp; 3805 struct smack_known *skp = smk_of_current(); 3806 3807 if (sk == NULL || 3808 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 3809 return; 3810 3811 ssp = sk->sk_security; 3812 ssp->smk_in = skp; 3813 ssp->smk_out = skp; 3814 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 3815 } 3816 3817 /** 3818 * smack_inet_conn_request - Smack access check on connect 3819 * @sk: socket involved 3820 * @skb: packet 3821 * @req: unused 3822 * 3823 * Returns 0 if a task with the packet label could write to 3824 * the socket, otherwise an error code 3825 */ 3826 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 3827 struct request_sock *req) 3828 { 3829 u16 family = sk->sk_family; 3830 struct smack_known *skp; 3831 struct socket_smack *ssp = sk->sk_security; 3832 struct netlbl_lsm_secattr secattr; 3833 struct sockaddr_in addr; 3834 struct iphdr *hdr; 3835 struct smack_known *hskp; 3836 int rc; 3837 struct smk_audit_info ad; 3838 #ifdef CONFIG_AUDIT 3839 struct lsm_network_audit net; 3840 #endif 3841 3842 #if IS_ENABLED(CONFIG_IPV6) 3843 if (family == PF_INET6) { 3844 /* 3845 * Handle mapped IPv4 packets arriving 3846 * via IPv6 sockets. Don't set up netlabel 3847 * processing on IPv6. 3848 */ 3849 if (skb->protocol == htons(ETH_P_IP)) 3850 family = PF_INET; 3851 else 3852 return 0; 3853 } 3854 #endif /* CONFIG_IPV6 */ 3855 3856 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3857 /* 3858 * If there is a secmark use it rather than the CIPSO label. 3859 * If there is no secmark fall back to CIPSO. 3860 * The secmark is assumed to reflect policy better. 3861 */ 3862 if (skb && skb->secmark != 0) { 3863 skp = smack_from_secid(skb->secmark); 3864 goto access_check; 3865 } 3866 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3867 3868 netlbl_secattr_init(&secattr); 3869 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3870 if (rc == 0) 3871 skp = smack_from_secattr(&secattr, ssp); 3872 else 3873 skp = &smack_known_huh; 3874 netlbl_secattr_destroy(&secattr); 3875 3876 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3877 access_check: 3878 #endif 3879 3880 #ifdef CONFIG_AUDIT 3881 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3882 ad.a.u.net->family = family; 3883 ad.a.u.net->netif = skb->skb_iif; 3884 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3885 #endif 3886 /* 3887 * Receiving a packet requires that the other end be able to write 3888 * here. Read access is not required. 3889 */ 3890 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3891 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 3892 if (rc != 0) 3893 return rc; 3894 3895 /* 3896 * Save the peer's label in the request_sock so we can later setup 3897 * smk_packet in the child socket so that SO_PEERCRED can report it. 3898 */ 3899 req->peer_secid = skp->smk_secid; 3900 3901 /* 3902 * We need to decide if we want to label the incoming connection here 3903 * if we do we only need to label the request_sock and the stack will 3904 * propagate the wire-label to the sock when it is created. 3905 */ 3906 hdr = ip_hdr(skb); 3907 addr.sin_addr.s_addr = hdr->saddr; 3908 rcu_read_lock(); 3909 hskp = smack_host_label(&addr); 3910 rcu_read_unlock(); 3911 3912 if (hskp == NULL) 3913 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 3914 else 3915 netlbl_req_delattr(req); 3916 3917 return rc; 3918 } 3919 3920 /** 3921 * smack_inet_csk_clone - Copy the connection information to the new socket 3922 * @sk: the new socket 3923 * @req: the connection's request_sock 3924 * 3925 * Transfer the connection's peer label to the newly created socket. 3926 */ 3927 static void smack_inet_csk_clone(struct sock *sk, 3928 const struct request_sock *req) 3929 { 3930 struct socket_smack *ssp = sk->sk_security; 3931 struct smack_known *skp; 3932 3933 if (req->peer_secid != 0) { 3934 skp = smack_from_secid(req->peer_secid); 3935 ssp->smk_packet = skp; 3936 } else 3937 ssp->smk_packet = NULL; 3938 } 3939 3940 /* 3941 * Key management security hooks 3942 * 3943 * Casey has not tested key support very heavily. 3944 * The permission check is most likely too restrictive. 3945 * If you care about keys please have a look. 3946 */ 3947 #ifdef CONFIG_KEYS 3948 3949 /** 3950 * smack_key_alloc - Set the key security blob 3951 * @key: object 3952 * @cred: the credentials to use 3953 * @flags: unused 3954 * 3955 * No allocation required 3956 * 3957 * Returns 0 3958 */ 3959 static int smack_key_alloc(struct key *key, const struct cred *cred, 3960 unsigned long flags) 3961 { 3962 struct smack_known *skp = smk_of_task(cred->security); 3963 3964 key->security = skp; 3965 return 0; 3966 } 3967 3968 /** 3969 * smack_key_free - Clear the key security blob 3970 * @key: the object 3971 * 3972 * Clear the blob pointer 3973 */ 3974 static void smack_key_free(struct key *key) 3975 { 3976 key->security = NULL; 3977 } 3978 3979 /** 3980 * smack_key_permission - Smack access on a key 3981 * @key_ref: gets to the object 3982 * @cred: the credentials to use 3983 * @perm: requested key permissions 3984 * 3985 * Return 0 if the task has read and write to the object, 3986 * an error code otherwise 3987 */ 3988 static int smack_key_permission(key_ref_t key_ref, 3989 const struct cred *cred, unsigned perm) 3990 { 3991 struct key *keyp; 3992 struct smk_audit_info ad; 3993 struct smack_known *tkp = smk_of_task(cred->security); 3994 int request = 0; 3995 int rc; 3996 3997 keyp = key_ref_to_ptr(key_ref); 3998 if (keyp == NULL) 3999 return -EINVAL; 4000 /* 4001 * If the key hasn't been initialized give it access so that 4002 * it may do so. 4003 */ 4004 if (keyp->security == NULL) 4005 return 0; 4006 /* 4007 * This should not occur 4008 */ 4009 if (tkp == NULL) 4010 return -EACCES; 4011 #ifdef CONFIG_AUDIT 4012 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4013 ad.a.u.key_struct.key = keyp->serial; 4014 ad.a.u.key_struct.key_desc = keyp->description; 4015 #endif 4016 if (perm & KEY_NEED_READ) 4017 request = MAY_READ; 4018 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR)) 4019 request = MAY_WRITE; 4020 rc = smk_access(tkp, keyp->security, request, &ad); 4021 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4022 return rc; 4023 } 4024 4025 /* 4026 * smack_key_getsecurity - Smack label tagging the key 4027 * @key points to the key to be queried 4028 * @_buffer points to a pointer that should be set to point to the 4029 * resulting string (if no label or an error occurs). 4030 * Return the length of the string (including terminating NUL) or -ve if 4031 * an error. 4032 * May also return 0 (and a NULL buffer pointer) if there is no label. 4033 */ 4034 static int smack_key_getsecurity(struct key *key, char **_buffer) 4035 { 4036 struct smack_known *skp = key->security; 4037 size_t length; 4038 char *copy; 4039 4040 if (key->security == NULL) { 4041 *_buffer = NULL; 4042 return 0; 4043 } 4044 4045 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4046 if (copy == NULL) 4047 return -ENOMEM; 4048 length = strlen(copy) + 1; 4049 4050 *_buffer = copy; 4051 return length; 4052 } 4053 4054 #endif /* CONFIG_KEYS */ 4055 4056 /* 4057 * Smack Audit hooks 4058 * 4059 * Audit requires a unique representation of each Smack specific 4060 * rule. This unique representation is used to distinguish the 4061 * object to be audited from remaining kernel objects and also 4062 * works as a glue between the audit hooks. 4063 * 4064 * Since repository entries are added but never deleted, we'll use 4065 * the smack_known label address related to the given audit rule as 4066 * the needed unique representation. This also better fits the smack 4067 * model where nearly everything is a label. 4068 */ 4069 #ifdef CONFIG_AUDIT 4070 4071 /** 4072 * smack_audit_rule_init - Initialize a smack audit rule 4073 * @field: audit rule fields given from user-space (audit.h) 4074 * @op: required testing operator (=, !=, >, <, ...) 4075 * @rulestr: smack label to be audited 4076 * @vrule: pointer to save our own audit rule representation 4077 * 4078 * Prepare to audit cases where (@field @op @rulestr) is true. 4079 * The label to be audited is created if necessay. 4080 */ 4081 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4082 { 4083 struct smack_known *skp; 4084 char **rule = (char **)vrule; 4085 *rule = NULL; 4086 4087 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4088 return -EINVAL; 4089 4090 if (op != Audit_equal && op != Audit_not_equal) 4091 return -EINVAL; 4092 4093 skp = smk_import_entry(rulestr, 0); 4094 if (IS_ERR(skp)) 4095 return PTR_ERR(skp); 4096 4097 *rule = skp->smk_known; 4098 4099 return 0; 4100 } 4101 4102 /** 4103 * smack_audit_rule_known - Distinguish Smack audit rules 4104 * @krule: rule of interest, in Audit kernel representation format 4105 * 4106 * This is used to filter Smack rules from remaining Audit ones. 4107 * If it's proved that this rule belongs to us, the 4108 * audit_rule_match hook will be called to do the final judgement. 4109 */ 4110 static int smack_audit_rule_known(struct audit_krule *krule) 4111 { 4112 struct audit_field *f; 4113 int i; 4114 4115 for (i = 0; i < krule->field_count; i++) { 4116 f = &krule->fields[i]; 4117 4118 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4119 return 1; 4120 } 4121 4122 return 0; 4123 } 4124 4125 /** 4126 * smack_audit_rule_match - Audit given object ? 4127 * @secid: security id for identifying the object to test 4128 * @field: audit rule flags given from user-space 4129 * @op: required testing operator 4130 * @vrule: smack internal rule presentation 4131 * @actx: audit context associated with the check 4132 * 4133 * The core Audit hook. It's used to take the decision of 4134 * whether to audit or not to audit a given object. 4135 */ 4136 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 4137 struct audit_context *actx) 4138 { 4139 struct smack_known *skp; 4140 char *rule = vrule; 4141 4142 if (unlikely(!rule)) { 4143 WARN_ONCE(1, "Smack: missing rule\n"); 4144 return -ENOENT; 4145 } 4146 4147 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4148 return 0; 4149 4150 skp = smack_from_secid(secid); 4151 4152 /* 4153 * No need to do string comparisons. If a match occurs, 4154 * both pointers will point to the same smack_known 4155 * label. 4156 */ 4157 if (op == Audit_equal) 4158 return (rule == skp->smk_known); 4159 if (op == Audit_not_equal) 4160 return (rule != skp->smk_known); 4161 4162 return 0; 4163 } 4164 4165 /** 4166 * smack_audit_rule_free - free smack rule representation 4167 * @vrule: rule to be freed. 4168 * 4169 * No memory was allocated. 4170 */ 4171 static void smack_audit_rule_free(void *vrule) 4172 { 4173 /* No-op */ 4174 } 4175 4176 #endif /* CONFIG_AUDIT */ 4177 4178 /** 4179 * smack_ismaclabel - check if xattr @name references a smack MAC label 4180 * @name: Full xattr name to check. 4181 */ 4182 static int smack_ismaclabel(const char *name) 4183 { 4184 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4185 } 4186 4187 4188 /** 4189 * smack_secid_to_secctx - return the smack label for a secid 4190 * @secid: incoming integer 4191 * @secdata: destination 4192 * @seclen: how long it is 4193 * 4194 * Exists for networking code. 4195 */ 4196 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4197 { 4198 struct smack_known *skp = smack_from_secid(secid); 4199 4200 if (secdata) 4201 *secdata = skp->smk_known; 4202 *seclen = strlen(skp->smk_known); 4203 return 0; 4204 } 4205 4206 /** 4207 * smack_secctx_to_secid - return the secid for a smack label 4208 * @secdata: smack label 4209 * @seclen: how long result is 4210 * @secid: outgoing integer 4211 * 4212 * Exists for audit and networking code. 4213 */ 4214 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4215 { 4216 struct smack_known *skp = smk_find_entry(secdata); 4217 4218 if (skp) 4219 *secid = skp->smk_secid; 4220 else 4221 *secid = 0; 4222 return 0; 4223 } 4224 4225 /** 4226 * smack_release_secctx - don't do anything. 4227 * @secdata: unused 4228 * @seclen: unused 4229 * 4230 * Exists to make sure nothing gets done, and properly 4231 */ 4232 static void smack_release_secctx(char *secdata, u32 seclen) 4233 { 4234 } 4235 4236 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4237 { 4238 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 4239 } 4240 4241 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4242 { 4243 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 4244 } 4245 4246 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4247 { 4248 int len = 0; 4249 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); 4250 4251 if (len < 0) 4252 return len; 4253 *ctxlen = len; 4254 return 0; 4255 } 4256 4257 struct security_hook_list smack_hooks[] = { 4258 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4259 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4260 LSM_HOOK_INIT(syslog, smack_syslog), 4261 4262 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4263 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), 4264 LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data), 4265 LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount), 4266 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4267 4268 LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), 4269 LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds), 4270 LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec), 4271 4272 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4273 LSM_HOOK_INIT(inode_free_security, smack_inode_free_security), 4274 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4275 LSM_HOOK_INIT(inode_link, smack_inode_link), 4276 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4277 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4278 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4279 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4280 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4281 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4282 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4283 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4284 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4285 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4286 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4287 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4288 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4289 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4290 4291 LSM_HOOK_INIT(file_permission, smack_file_permission), 4292 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4293 LSM_HOOK_INIT(file_free_security, smack_file_free_security), 4294 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4295 LSM_HOOK_INIT(file_lock, smack_file_lock), 4296 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4297 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4298 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4299 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4300 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4301 LSM_HOOK_INIT(file_receive, smack_file_receive), 4302 4303 LSM_HOOK_INIT(file_open, smack_file_open), 4304 4305 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4306 LSM_HOOK_INIT(cred_free, smack_cred_free), 4307 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4308 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4309 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4310 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4311 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4312 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4313 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4314 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid), 4315 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4316 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4317 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4318 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4319 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4320 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4321 LSM_HOOK_INIT(task_kill, smack_task_kill), 4322 LSM_HOOK_INIT(task_wait, smack_task_wait), 4323 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4324 4325 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4326 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4327 4328 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4329 LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security), 4330 4331 LSM_HOOK_INIT(msg_queue_alloc_security, smack_msg_queue_alloc_security), 4332 LSM_HOOK_INIT(msg_queue_free_security, smack_msg_queue_free_security), 4333 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4334 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4335 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4336 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4337 4338 LSM_HOOK_INIT(shm_alloc_security, smack_shm_alloc_security), 4339 LSM_HOOK_INIT(shm_free_security, smack_shm_free_security), 4340 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4341 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4342 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4343 4344 LSM_HOOK_INIT(sem_alloc_security, smack_sem_alloc_security), 4345 LSM_HOOK_INIT(sem_free_security, smack_sem_free_security), 4346 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4347 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4348 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4349 4350 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4351 4352 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4353 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4354 4355 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4356 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4357 4358 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4359 #ifndef CONFIG_SECURITY_SMACK_NETFILTER 4360 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4361 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 4362 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4363 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4364 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4365 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4366 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4367 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4368 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4369 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4370 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4371 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4372 4373 /* key management security hooks */ 4374 #ifdef CONFIG_KEYS 4375 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4376 LSM_HOOK_INIT(key_free, smack_key_free), 4377 LSM_HOOK_INIT(key_permission, smack_key_permission), 4378 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4379 #endif /* CONFIG_KEYS */ 4380 4381 /* Audit hooks */ 4382 #ifdef CONFIG_AUDIT 4383 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4384 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4385 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4386 LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free), 4387 #endif /* CONFIG_AUDIT */ 4388 4389 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4390 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4391 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4392 LSM_HOOK_INIT(release_secctx, smack_release_secctx), 4393 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4394 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4395 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4396 }; 4397 4398 4399 static __init void init_smack_known_list(void) 4400 { 4401 /* 4402 * Initialize rule list locks 4403 */ 4404 mutex_init(&smack_known_huh.smk_rules_lock); 4405 mutex_init(&smack_known_hat.smk_rules_lock); 4406 mutex_init(&smack_known_floor.smk_rules_lock); 4407 mutex_init(&smack_known_star.smk_rules_lock); 4408 mutex_init(&smack_known_invalid.smk_rules_lock); 4409 mutex_init(&smack_known_web.smk_rules_lock); 4410 /* 4411 * Initialize rule lists 4412 */ 4413 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4414 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4415 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4416 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4417 INIT_LIST_HEAD(&smack_known_invalid.smk_rules); 4418 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4419 /* 4420 * Create the known labels list 4421 */ 4422 smk_insert_entry(&smack_known_huh); 4423 smk_insert_entry(&smack_known_hat); 4424 smk_insert_entry(&smack_known_star); 4425 smk_insert_entry(&smack_known_floor); 4426 smk_insert_entry(&smack_known_invalid); 4427 smk_insert_entry(&smack_known_web); 4428 } 4429 4430 /** 4431 * smack_init - initialize the smack system 4432 * 4433 * Returns 0 4434 */ 4435 static __init int smack_init(void) 4436 { 4437 struct cred *cred; 4438 struct task_smack *tsp; 4439 4440 if (!security_module_enable("smack")) 4441 return 0; 4442 4443 smack_enabled = 1; 4444 4445 smack_inode_cache = KMEM_CACHE(inode_smack, 0); 4446 if (!smack_inode_cache) 4447 return -ENOMEM; 4448 4449 tsp = new_task_smack(&smack_known_floor, &smack_known_floor, 4450 GFP_KERNEL); 4451 if (tsp == NULL) { 4452 kmem_cache_destroy(smack_inode_cache); 4453 return -ENOMEM; 4454 } 4455 4456 printk(KERN_INFO "Smack: Initializing.\n"); 4457 4458 /* 4459 * Set the security state for the initial task. 4460 */ 4461 cred = (struct cred *) current->cred; 4462 cred->security = tsp; 4463 4464 /* initialize the smack_known_list */ 4465 init_smack_known_list(); 4466 4467 /* 4468 * Register with LSM 4469 */ 4470 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks)); 4471 4472 return 0; 4473 } 4474 4475 /* 4476 * Smack requires early initialization in order to label 4477 * all processes and objects when they are created. 4478 */ 4479 security_initcall(smack_init); 4480