1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include "smack.h" 46 47 #define TRANS_TRUE "TRUE" 48 #define TRANS_TRUE_SIZE 4 49 50 #define SMK_CONNECTING 0 51 #define SMK_RECEIVING 1 52 #define SMK_SENDING 2 53 54 #ifdef SMACK_IPV6_PORT_LABELING 55 static DEFINE_MUTEX(smack_ipv6_lock); 56 static LIST_HEAD(smk_ipv6_port_list); 57 #endif 58 struct kmem_cache *smack_rule_cache; 59 int smack_enabled __initdata; 60 61 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 62 static struct { 63 const char *name; 64 int len; 65 int opt; 66 } smk_mount_opts[] = { 67 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 68 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 69 }; 70 #undef A 71 72 static int match_opt_prefix(char *s, int l, char **arg) 73 { 74 int i; 75 76 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 77 size_t len = smk_mount_opts[i].len; 78 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 79 continue; 80 if (len == l || s[len] != '=') 81 continue; 82 *arg = s + len + 1; 83 return smk_mount_opts[i].opt; 84 } 85 return Opt_error; 86 } 87 88 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 89 static char *smk_bu_mess[] = { 90 "Bringup Error", /* Unused */ 91 "Bringup", /* SMACK_BRINGUP_ALLOW */ 92 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 93 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 94 }; 95 96 static void smk_bu_mode(int mode, char *s) 97 { 98 int i = 0; 99 100 if (mode & MAY_READ) 101 s[i++] = 'r'; 102 if (mode & MAY_WRITE) 103 s[i++] = 'w'; 104 if (mode & MAY_EXEC) 105 s[i++] = 'x'; 106 if (mode & MAY_APPEND) 107 s[i++] = 'a'; 108 if (mode & MAY_TRANSMUTE) 109 s[i++] = 't'; 110 if (mode & MAY_LOCK) 111 s[i++] = 'l'; 112 if (i == 0) 113 s[i++] = '-'; 114 s[i] = '\0'; 115 } 116 #endif 117 118 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 119 static int smk_bu_note(char *note, struct smack_known *sskp, 120 struct smack_known *oskp, int mode, int rc) 121 { 122 char acc[SMK_NUM_ACCESS_TYPE + 1]; 123 124 if (rc <= 0) 125 return rc; 126 if (rc > SMACK_UNCONFINED_OBJECT) 127 rc = 0; 128 129 smk_bu_mode(mode, acc); 130 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 131 sskp->smk_known, oskp->smk_known, acc, note); 132 return 0; 133 } 134 #else 135 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 136 #endif 137 138 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 139 static int smk_bu_current(char *note, struct smack_known *oskp, 140 int mode, int rc) 141 { 142 struct task_smack *tsp = smack_cred(current_cred()); 143 char acc[SMK_NUM_ACCESS_TYPE + 1]; 144 145 if (rc <= 0) 146 return rc; 147 if (rc > SMACK_UNCONFINED_OBJECT) 148 rc = 0; 149 150 smk_bu_mode(mode, acc); 151 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 152 tsp->smk_task->smk_known, oskp->smk_known, 153 acc, current->comm, note); 154 return 0; 155 } 156 #else 157 #define smk_bu_current(note, oskp, mode, RC) (RC) 158 #endif 159 160 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 161 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 162 { 163 struct task_smack *tsp = smack_cred(current_cred()); 164 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 165 char acc[SMK_NUM_ACCESS_TYPE + 1]; 166 167 if (rc <= 0) 168 return rc; 169 if (rc > SMACK_UNCONFINED_OBJECT) 170 rc = 0; 171 172 smk_bu_mode(mode, acc); 173 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 174 tsp->smk_task->smk_known, smk_task->smk_known, acc, 175 current->comm, otp->comm); 176 return 0; 177 } 178 #else 179 #define smk_bu_task(otp, mode, RC) (RC) 180 #endif 181 182 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 183 static int smk_bu_inode(struct inode *inode, int mode, int rc) 184 { 185 struct task_smack *tsp = smack_cred(current_cred()); 186 struct inode_smack *isp = smack_inode(inode); 187 char acc[SMK_NUM_ACCESS_TYPE + 1]; 188 189 if (isp->smk_flags & SMK_INODE_IMPURE) 190 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 191 inode->i_sb->s_id, inode->i_ino, current->comm); 192 193 if (rc <= 0) 194 return rc; 195 if (rc > SMACK_UNCONFINED_OBJECT) 196 rc = 0; 197 if (rc == SMACK_UNCONFINED_SUBJECT && 198 (mode & (MAY_WRITE | MAY_APPEND))) 199 isp->smk_flags |= SMK_INODE_IMPURE; 200 201 smk_bu_mode(mode, acc); 202 203 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 204 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 205 inode->i_sb->s_id, inode->i_ino, current->comm); 206 return 0; 207 } 208 #else 209 #define smk_bu_inode(inode, mode, RC) (RC) 210 #endif 211 212 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 213 static int smk_bu_file(struct file *file, int mode, int rc) 214 { 215 struct task_smack *tsp = smack_cred(current_cred()); 216 struct smack_known *sskp = tsp->smk_task; 217 struct inode *inode = file_inode(file); 218 struct inode_smack *isp = smack_inode(inode); 219 char acc[SMK_NUM_ACCESS_TYPE + 1]; 220 221 if (isp->smk_flags & SMK_INODE_IMPURE) 222 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 223 inode->i_sb->s_id, inode->i_ino, current->comm); 224 225 if (rc <= 0) 226 return rc; 227 if (rc > SMACK_UNCONFINED_OBJECT) 228 rc = 0; 229 230 smk_bu_mode(mode, acc); 231 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 232 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 233 inode->i_sb->s_id, inode->i_ino, file, 234 current->comm); 235 return 0; 236 } 237 #else 238 #define smk_bu_file(file, mode, RC) (RC) 239 #endif 240 241 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 242 static int smk_bu_credfile(const struct cred *cred, struct file *file, 243 int mode, int rc) 244 { 245 struct task_smack *tsp = smack_cred(cred); 246 struct smack_known *sskp = tsp->smk_task; 247 struct inode *inode = file_inode(file); 248 struct inode_smack *isp = smack_inode(inode); 249 char acc[SMK_NUM_ACCESS_TYPE + 1]; 250 251 if (isp->smk_flags & SMK_INODE_IMPURE) 252 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 253 inode->i_sb->s_id, inode->i_ino, current->comm); 254 255 if (rc <= 0) 256 return rc; 257 if (rc > SMACK_UNCONFINED_OBJECT) 258 rc = 0; 259 260 smk_bu_mode(mode, acc); 261 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 262 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 263 inode->i_sb->s_id, inode->i_ino, file, 264 current->comm); 265 return 0; 266 } 267 #else 268 #define smk_bu_credfile(cred, file, mode, RC) (RC) 269 #endif 270 271 /** 272 * smk_fetch - Fetch the smack label from a file. 273 * @name: type of the label (attribute) 274 * @ip: a pointer to the inode 275 * @dp: a pointer to the dentry 276 * 277 * Returns a pointer to the master list entry for the Smack label, 278 * NULL if there was no label to fetch, or an error code. 279 */ 280 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 281 struct dentry *dp) 282 { 283 int rc; 284 char *buffer; 285 struct smack_known *skp = NULL; 286 287 if (!(ip->i_opflags & IOP_XATTR)) 288 return ERR_PTR(-EOPNOTSUPP); 289 290 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 291 if (buffer == NULL) 292 return ERR_PTR(-ENOMEM); 293 294 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 295 if (rc < 0) 296 skp = ERR_PTR(rc); 297 else if (rc == 0) 298 skp = NULL; 299 else 300 skp = smk_import_entry(buffer, rc); 301 302 kfree(buffer); 303 304 return skp; 305 } 306 307 /** 308 * init_inode_smack - initialize an inode security blob 309 * @inode: inode to extract the info from 310 * @skp: a pointer to the Smack label entry to use in the blob 311 * 312 */ 313 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 314 { 315 struct inode_smack *isp = smack_inode(inode); 316 317 isp->smk_inode = skp; 318 isp->smk_flags = 0; 319 } 320 321 /** 322 * init_task_smack - initialize a task security blob 323 * @tsp: blob to initialize 324 * @task: a pointer to the Smack label for the running task 325 * @forked: a pointer to the Smack label for the forked task 326 * 327 */ 328 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 329 struct smack_known *forked) 330 { 331 tsp->smk_task = task; 332 tsp->smk_forked = forked; 333 INIT_LIST_HEAD(&tsp->smk_rules); 334 INIT_LIST_HEAD(&tsp->smk_relabel); 335 mutex_init(&tsp->smk_rules_lock); 336 } 337 338 /** 339 * smk_copy_rules - copy a rule set 340 * @nhead: new rules header pointer 341 * @ohead: old rules header pointer 342 * @gfp: type of the memory for the allocation 343 * 344 * Returns 0 on success, -ENOMEM on error 345 */ 346 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 347 gfp_t gfp) 348 { 349 struct smack_rule *nrp; 350 struct smack_rule *orp; 351 int rc = 0; 352 353 list_for_each_entry_rcu(orp, ohead, list) { 354 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 355 if (nrp == NULL) { 356 rc = -ENOMEM; 357 break; 358 } 359 *nrp = *orp; 360 list_add_rcu(&nrp->list, nhead); 361 } 362 return rc; 363 } 364 365 /** 366 * smk_copy_relabel - copy smk_relabel labels list 367 * @nhead: new rules header pointer 368 * @ohead: old rules header pointer 369 * @gfp: type of the memory for the allocation 370 * 371 * Returns 0 on success, -ENOMEM on error 372 */ 373 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 374 gfp_t gfp) 375 { 376 struct smack_known_list_elem *nklep; 377 struct smack_known_list_elem *oklep; 378 379 list_for_each_entry(oklep, ohead, list) { 380 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 381 if (nklep == NULL) { 382 smk_destroy_label_list(nhead); 383 return -ENOMEM; 384 } 385 nklep->smk_label = oklep->smk_label; 386 list_add(&nklep->list, nhead); 387 } 388 389 return 0; 390 } 391 392 /** 393 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 394 * @mode: input mode in form of PTRACE_MODE_* 395 * 396 * Returns a converted MAY_* mode usable by smack rules 397 */ 398 static inline unsigned int smk_ptrace_mode(unsigned int mode) 399 { 400 if (mode & PTRACE_MODE_ATTACH) 401 return MAY_READWRITE; 402 if (mode & PTRACE_MODE_READ) 403 return MAY_READ; 404 405 return 0; 406 } 407 408 /** 409 * smk_ptrace_rule_check - helper for ptrace access 410 * @tracer: tracer process 411 * @tracee_known: label entry of the process that's about to be traced 412 * @mode: ptrace attachment mode (PTRACE_MODE_*) 413 * @func: name of the function that called us, used for audit 414 * 415 * Returns 0 on access granted, -error on error 416 */ 417 static int smk_ptrace_rule_check(struct task_struct *tracer, 418 struct smack_known *tracee_known, 419 unsigned int mode, const char *func) 420 { 421 int rc; 422 struct smk_audit_info ad, *saip = NULL; 423 struct task_smack *tsp; 424 struct smack_known *tracer_known; 425 const struct cred *tracercred; 426 427 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 428 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 429 smk_ad_setfield_u_tsk(&ad, tracer); 430 saip = &ad; 431 } 432 433 rcu_read_lock(); 434 tracercred = __task_cred(tracer); 435 tsp = smack_cred(tracercred); 436 tracer_known = smk_of_task(tsp); 437 438 if ((mode & PTRACE_MODE_ATTACH) && 439 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 440 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 441 if (tracer_known->smk_known == tracee_known->smk_known) 442 rc = 0; 443 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 444 rc = -EACCES; 445 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 446 rc = 0; 447 else 448 rc = -EACCES; 449 450 if (saip) 451 smack_log(tracer_known->smk_known, 452 tracee_known->smk_known, 453 0, rc, saip); 454 455 rcu_read_unlock(); 456 return rc; 457 } 458 459 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 460 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 461 462 rcu_read_unlock(); 463 return rc; 464 } 465 466 /* 467 * LSM hooks. 468 * We he, that is fun! 469 */ 470 471 /** 472 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 473 * @ctp: child task pointer 474 * @mode: ptrace attachment mode (PTRACE_MODE_*) 475 * 476 * Returns 0 if access is OK, an error code otherwise 477 * 478 * Do the capability checks. 479 */ 480 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 481 { 482 struct smack_known *skp; 483 484 skp = smk_of_task_struct_obj(ctp); 485 486 return smk_ptrace_rule_check(current, skp, mode, __func__); 487 } 488 489 /** 490 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 491 * @ptp: parent task pointer 492 * 493 * Returns 0 if access is OK, an error code otherwise 494 * 495 * Do the capability checks, and require PTRACE_MODE_ATTACH. 496 */ 497 static int smack_ptrace_traceme(struct task_struct *ptp) 498 { 499 int rc; 500 struct smack_known *skp; 501 502 skp = smk_of_task(smack_cred(current_cred())); 503 504 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 505 return rc; 506 } 507 508 /** 509 * smack_syslog - Smack approval on syslog 510 * @typefrom_file: unused 511 * 512 * Returns 0 on success, error code otherwise. 513 */ 514 static int smack_syslog(int typefrom_file) 515 { 516 int rc = 0; 517 struct smack_known *skp = smk_of_current(); 518 519 if (smack_privileged(CAP_MAC_OVERRIDE)) 520 return 0; 521 522 if (smack_syslog_label != NULL && smack_syslog_label != skp) 523 rc = -EACCES; 524 525 return rc; 526 } 527 528 /* 529 * Superblock Hooks. 530 */ 531 532 /** 533 * smack_sb_alloc_security - allocate a superblock blob 534 * @sb: the superblock getting the blob 535 * 536 * Returns 0 on success or -ENOMEM on error. 537 */ 538 static int smack_sb_alloc_security(struct super_block *sb) 539 { 540 struct superblock_smack *sbsp = smack_superblock(sb); 541 542 sbsp->smk_root = &smack_known_floor; 543 sbsp->smk_default = &smack_known_floor; 544 sbsp->smk_floor = &smack_known_floor; 545 sbsp->smk_hat = &smack_known_hat; 546 /* 547 * SMK_SB_INITIALIZED will be zero from kzalloc. 548 */ 549 550 return 0; 551 } 552 553 struct smack_mnt_opts { 554 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; 555 }; 556 557 static void smack_free_mnt_opts(void *mnt_opts) 558 { 559 struct smack_mnt_opts *opts = mnt_opts; 560 kfree(opts->fsdefault); 561 kfree(opts->fsfloor); 562 kfree(opts->fshat); 563 kfree(opts->fsroot); 564 kfree(opts->fstransmute); 565 kfree(opts); 566 } 567 568 static int smack_add_opt(int token, const char *s, void **mnt_opts) 569 { 570 struct smack_mnt_opts *opts = *mnt_opts; 571 572 if (!opts) { 573 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 574 if (!opts) 575 return -ENOMEM; 576 *mnt_opts = opts; 577 } 578 if (!s) 579 return -ENOMEM; 580 581 switch (token) { 582 case Opt_fsdefault: 583 if (opts->fsdefault) 584 goto out_opt_err; 585 opts->fsdefault = s; 586 break; 587 case Opt_fsfloor: 588 if (opts->fsfloor) 589 goto out_opt_err; 590 opts->fsfloor = s; 591 break; 592 case Opt_fshat: 593 if (opts->fshat) 594 goto out_opt_err; 595 opts->fshat = s; 596 break; 597 case Opt_fsroot: 598 if (opts->fsroot) 599 goto out_opt_err; 600 opts->fsroot = s; 601 break; 602 case Opt_fstransmute: 603 if (opts->fstransmute) 604 goto out_opt_err; 605 opts->fstransmute = s; 606 break; 607 } 608 return 0; 609 610 out_opt_err: 611 pr_warn("Smack: duplicate mount options\n"); 612 return -EINVAL; 613 } 614 615 /** 616 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 617 * @fc: The new filesystem context. 618 * @src_fc: The source filesystem context being duplicated. 619 * 620 * Returns 0 on success or -ENOMEM on error. 621 */ 622 static int smack_fs_context_dup(struct fs_context *fc, 623 struct fs_context *src_fc) 624 { 625 struct smack_mnt_opts *dst, *src = src_fc->security; 626 627 if (!src) 628 return 0; 629 630 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 631 if (!fc->security) 632 return -ENOMEM; 633 dst = fc->security; 634 635 if (src->fsdefault) { 636 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); 637 if (!dst->fsdefault) 638 return -ENOMEM; 639 } 640 if (src->fsfloor) { 641 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL); 642 if (!dst->fsfloor) 643 return -ENOMEM; 644 } 645 if (src->fshat) { 646 dst->fshat = kstrdup(src->fshat, GFP_KERNEL); 647 if (!dst->fshat) 648 return -ENOMEM; 649 } 650 if (src->fsroot) { 651 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL); 652 if (!dst->fsroot) 653 return -ENOMEM; 654 } 655 if (src->fstransmute) { 656 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL); 657 if (!dst->fstransmute) 658 return -ENOMEM; 659 } 660 return 0; 661 } 662 663 static const struct fs_parameter_spec smack_fs_parameters[] = { 664 fsparam_string("smackfsdef", Opt_fsdefault), 665 fsparam_string("smackfsdefault", Opt_fsdefault), 666 fsparam_string("smackfsfloor", Opt_fsfloor), 667 fsparam_string("smackfshat", Opt_fshat), 668 fsparam_string("smackfsroot", Opt_fsroot), 669 fsparam_string("smackfstransmute", Opt_fstransmute), 670 {} 671 }; 672 673 /** 674 * smack_fs_context_parse_param - Parse a single mount parameter 675 * @fc: The new filesystem context being constructed. 676 * @param: The parameter. 677 * 678 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 679 * error. 680 */ 681 static int smack_fs_context_parse_param(struct fs_context *fc, 682 struct fs_parameter *param) 683 { 684 struct fs_parse_result result; 685 int opt, rc; 686 687 opt = fs_parse(fc, smack_fs_parameters, param, &result); 688 if (opt < 0) 689 return opt; 690 691 rc = smack_add_opt(opt, param->string, &fc->security); 692 if (!rc) 693 param->string = NULL; 694 return rc; 695 } 696 697 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 698 { 699 char *from = options, *to = options; 700 bool first = true; 701 702 while (1) { 703 char *next = strchr(from, ','); 704 int token, len, rc; 705 char *arg = NULL; 706 707 if (next) 708 len = next - from; 709 else 710 len = strlen(from); 711 712 token = match_opt_prefix(from, len, &arg); 713 if (token != Opt_error) { 714 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 715 rc = smack_add_opt(token, arg, mnt_opts); 716 if (unlikely(rc)) { 717 kfree(arg); 718 if (*mnt_opts) 719 smack_free_mnt_opts(*mnt_opts); 720 *mnt_opts = NULL; 721 return rc; 722 } 723 } else { 724 if (!first) { // copy with preceding comma 725 from--; 726 len++; 727 } 728 if (to != from) 729 memmove(to, from, len); 730 to += len; 731 first = false; 732 } 733 if (!from[len]) 734 break; 735 from += len + 1; 736 } 737 *to = '\0'; 738 return 0; 739 } 740 741 /** 742 * smack_set_mnt_opts - set Smack specific mount options 743 * @sb: the file system superblock 744 * @mnt_opts: Smack mount options 745 * @kern_flags: mount option from kernel space or user space 746 * @set_kern_flags: where to store converted mount opts 747 * 748 * Returns 0 on success, an error code on failure 749 * 750 * Allow filesystems with binary mount data to explicitly set Smack mount 751 * labels. 752 */ 753 static int smack_set_mnt_opts(struct super_block *sb, 754 void *mnt_opts, 755 unsigned long kern_flags, 756 unsigned long *set_kern_flags) 757 { 758 struct dentry *root = sb->s_root; 759 struct inode *inode = d_backing_inode(root); 760 struct superblock_smack *sp = smack_superblock(sb); 761 struct inode_smack *isp; 762 struct smack_known *skp; 763 struct smack_mnt_opts *opts = mnt_opts; 764 bool transmute = false; 765 766 if (sp->smk_flags & SMK_SB_INITIALIZED) 767 return 0; 768 769 if (!smack_privileged(CAP_MAC_ADMIN)) { 770 /* 771 * Unprivileged mounts don't get to specify Smack values. 772 */ 773 if (opts) 774 return -EPERM; 775 /* 776 * Unprivileged mounts get root and default from the caller. 777 */ 778 skp = smk_of_current(); 779 sp->smk_root = skp; 780 sp->smk_default = skp; 781 /* 782 * For a handful of fs types with no user-controlled 783 * backing store it's okay to trust security labels 784 * in the filesystem. The rest are untrusted. 785 */ 786 if (sb->s_user_ns != &init_user_ns && 787 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 788 sb->s_magic != RAMFS_MAGIC) { 789 transmute = true; 790 sp->smk_flags |= SMK_SB_UNTRUSTED; 791 } 792 } 793 794 sp->smk_flags |= SMK_SB_INITIALIZED; 795 796 if (opts) { 797 if (opts->fsdefault) { 798 skp = smk_import_entry(opts->fsdefault, 0); 799 if (IS_ERR(skp)) 800 return PTR_ERR(skp); 801 sp->smk_default = skp; 802 } 803 if (opts->fsfloor) { 804 skp = smk_import_entry(opts->fsfloor, 0); 805 if (IS_ERR(skp)) 806 return PTR_ERR(skp); 807 sp->smk_floor = skp; 808 } 809 if (opts->fshat) { 810 skp = smk_import_entry(opts->fshat, 0); 811 if (IS_ERR(skp)) 812 return PTR_ERR(skp); 813 sp->smk_hat = skp; 814 } 815 if (opts->fsroot) { 816 skp = smk_import_entry(opts->fsroot, 0); 817 if (IS_ERR(skp)) 818 return PTR_ERR(skp); 819 sp->smk_root = skp; 820 } 821 if (opts->fstransmute) { 822 skp = smk_import_entry(opts->fstransmute, 0); 823 if (IS_ERR(skp)) 824 return PTR_ERR(skp); 825 sp->smk_root = skp; 826 transmute = true; 827 } 828 } 829 830 /* 831 * Initialize the root inode. 832 */ 833 init_inode_smack(inode, sp->smk_root); 834 835 if (transmute) { 836 isp = smack_inode(inode); 837 isp->smk_flags |= SMK_INODE_TRANSMUTE; 838 } 839 840 return 0; 841 } 842 843 /** 844 * smack_sb_statfs - Smack check on statfs 845 * @dentry: identifies the file system in question 846 * 847 * Returns 0 if current can read the floor of the filesystem, 848 * and error code otherwise 849 */ 850 static int smack_sb_statfs(struct dentry *dentry) 851 { 852 struct superblock_smack *sbp = smack_superblock(dentry->d_sb); 853 int rc; 854 struct smk_audit_info ad; 855 856 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 857 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 858 859 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 860 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 861 return rc; 862 } 863 864 /* 865 * BPRM hooks 866 */ 867 868 /** 869 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 870 * @bprm: the exec information 871 * 872 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 873 */ 874 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 875 { 876 struct inode *inode = file_inode(bprm->file); 877 struct task_smack *bsp = smack_cred(bprm->cred); 878 struct inode_smack *isp; 879 struct superblock_smack *sbsp; 880 int rc; 881 882 isp = smack_inode(inode); 883 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 884 return 0; 885 886 sbsp = smack_superblock(inode->i_sb); 887 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 888 isp->smk_task != sbsp->smk_root) 889 return 0; 890 891 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 892 struct task_struct *tracer; 893 rc = 0; 894 895 rcu_read_lock(); 896 tracer = ptrace_parent(current); 897 if (likely(tracer != NULL)) 898 rc = smk_ptrace_rule_check(tracer, 899 isp->smk_task, 900 PTRACE_MODE_ATTACH, 901 __func__); 902 rcu_read_unlock(); 903 904 if (rc != 0) 905 return rc; 906 } 907 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 908 return -EPERM; 909 910 bsp->smk_task = isp->smk_task; 911 bprm->per_clear |= PER_CLEAR_ON_SETID; 912 913 /* Decide if this is a secure exec. */ 914 if (bsp->smk_task != bsp->smk_forked) 915 bprm->secureexec = 1; 916 917 return 0; 918 } 919 920 /* 921 * Inode hooks 922 */ 923 924 /** 925 * smack_inode_alloc_security - allocate an inode blob 926 * @inode: the inode in need of a blob 927 * 928 * Returns 0 929 */ 930 static int smack_inode_alloc_security(struct inode *inode) 931 { 932 struct smack_known *skp = smk_of_current(); 933 934 init_inode_smack(inode, skp); 935 return 0; 936 } 937 938 /** 939 * smack_inode_init_security - copy out the smack from an inode 940 * @inode: the newly created inode 941 * @dir: containing directory object 942 * @qstr: unused 943 * @name: where to put the attribute name 944 * @value: where to put the attribute value 945 * @len: where to put the length of the attribute 946 * 947 * Returns 0 if it all works out, -ENOMEM if there's no memory 948 */ 949 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 950 const struct qstr *qstr, const char **name, 951 void **value, size_t *len) 952 { 953 struct inode_smack *issp = smack_inode(inode); 954 struct smack_known *skp = smk_of_current(); 955 struct smack_known *isp = smk_of_inode(inode); 956 struct smack_known *dsp = smk_of_inode(dir); 957 int may; 958 959 if (name) 960 *name = XATTR_SMACK_SUFFIX; 961 962 if (value && len) { 963 rcu_read_lock(); 964 may = smk_access_entry(skp->smk_known, dsp->smk_known, 965 &skp->smk_rules); 966 rcu_read_unlock(); 967 968 /* 969 * If the access rule allows transmutation and 970 * the directory requests transmutation then 971 * by all means transmute. 972 * Mark the inode as changed. 973 */ 974 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 975 smk_inode_transmutable(dir)) { 976 isp = dsp; 977 issp->smk_flags |= SMK_INODE_CHANGED; 978 } 979 980 *value = kstrdup(isp->smk_known, GFP_NOFS); 981 if (*value == NULL) 982 return -ENOMEM; 983 984 *len = strlen(isp->smk_known); 985 } 986 987 return 0; 988 } 989 990 /** 991 * smack_inode_link - Smack check on link 992 * @old_dentry: the existing object 993 * @dir: unused 994 * @new_dentry: the new object 995 * 996 * Returns 0 if access is permitted, an error code otherwise 997 */ 998 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 999 struct dentry *new_dentry) 1000 { 1001 struct smack_known *isp; 1002 struct smk_audit_info ad; 1003 int rc; 1004 1005 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1006 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1007 1008 isp = smk_of_inode(d_backing_inode(old_dentry)); 1009 rc = smk_curacc(isp, MAY_WRITE, &ad); 1010 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1011 1012 if (rc == 0 && d_is_positive(new_dentry)) { 1013 isp = smk_of_inode(d_backing_inode(new_dentry)); 1014 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1015 rc = smk_curacc(isp, MAY_WRITE, &ad); 1016 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1017 } 1018 1019 return rc; 1020 } 1021 1022 /** 1023 * smack_inode_unlink - Smack check on inode deletion 1024 * @dir: containing directory object 1025 * @dentry: file to unlink 1026 * 1027 * Returns 0 if current can write the containing directory 1028 * and the object, error code otherwise 1029 */ 1030 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1031 { 1032 struct inode *ip = d_backing_inode(dentry); 1033 struct smk_audit_info ad; 1034 int rc; 1035 1036 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1037 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1038 1039 /* 1040 * You need write access to the thing you're unlinking 1041 */ 1042 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1043 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1044 if (rc == 0) { 1045 /* 1046 * You also need write access to the containing directory 1047 */ 1048 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1049 smk_ad_setfield_u_fs_inode(&ad, dir); 1050 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1051 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1052 } 1053 return rc; 1054 } 1055 1056 /** 1057 * smack_inode_rmdir - Smack check on directory deletion 1058 * @dir: containing directory object 1059 * @dentry: directory to unlink 1060 * 1061 * Returns 0 if current can write the containing directory 1062 * and the directory, error code otherwise 1063 */ 1064 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1065 { 1066 struct smk_audit_info ad; 1067 int rc; 1068 1069 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1070 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1071 1072 /* 1073 * You need write access to the thing you're removing 1074 */ 1075 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1076 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1077 if (rc == 0) { 1078 /* 1079 * You also need write access to the containing directory 1080 */ 1081 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1082 smk_ad_setfield_u_fs_inode(&ad, dir); 1083 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1084 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1085 } 1086 1087 return rc; 1088 } 1089 1090 /** 1091 * smack_inode_rename - Smack check on rename 1092 * @old_inode: unused 1093 * @old_dentry: the old object 1094 * @new_inode: unused 1095 * @new_dentry: the new object 1096 * 1097 * Read and write access is required on both the old and 1098 * new directories. 1099 * 1100 * Returns 0 if access is permitted, an error code otherwise 1101 */ 1102 static int smack_inode_rename(struct inode *old_inode, 1103 struct dentry *old_dentry, 1104 struct inode *new_inode, 1105 struct dentry *new_dentry) 1106 { 1107 int rc; 1108 struct smack_known *isp; 1109 struct smk_audit_info ad; 1110 1111 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1112 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1113 1114 isp = smk_of_inode(d_backing_inode(old_dentry)); 1115 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1116 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1117 1118 if (rc == 0 && d_is_positive(new_dentry)) { 1119 isp = smk_of_inode(d_backing_inode(new_dentry)); 1120 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1121 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1122 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1123 } 1124 return rc; 1125 } 1126 1127 /** 1128 * smack_inode_permission - Smack version of permission() 1129 * @inode: the inode in question 1130 * @mask: the access requested 1131 * 1132 * This is the important Smack hook. 1133 * 1134 * Returns 0 if access is permitted, an error code otherwise 1135 */ 1136 static int smack_inode_permission(struct inode *inode, int mask) 1137 { 1138 struct superblock_smack *sbsp = smack_superblock(inode->i_sb); 1139 struct smk_audit_info ad; 1140 int no_block = mask & MAY_NOT_BLOCK; 1141 int rc; 1142 1143 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1144 /* 1145 * No permission to check. Existence test. Yup, it's there. 1146 */ 1147 if (mask == 0) 1148 return 0; 1149 1150 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1151 if (smk_of_inode(inode) != sbsp->smk_root) 1152 return -EACCES; 1153 } 1154 1155 /* May be droppable after audit */ 1156 if (no_block) 1157 return -ECHILD; 1158 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1159 smk_ad_setfield_u_fs_inode(&ad, inode); 1160 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1161 rc = smk_bu_inode(inode, mask, rc); 1162 return rc; 1163 } 1164 1165 /** 1166 * smack_inode_setattr - Smack check for setting attributes 1167 * @dentry: the object 1168 * @iattr: for the force flag 1169 * 1170 * Returns 0 if access is permitted, an error code otherwise 1171 */ 1172 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1173 { 1174 struct smk_audit_info ad; 1175 int rc; 1176 1177 /* 1178 * Need to allow for clearing the setuid bit. 1179 */ 1180 if (iattr->ia_valid & ATTR_FORCE) 1181 return 0; 1182 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1183 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1184 1185 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1186 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1187 return rc; 1188 } 1189 1190 /** 1191 * smack_inode_getattr - Smack check for getting attributes 1192 * @path: path to extract the info from 1193 * 1194 * Returns 0 if access is permitted, an error code otherwise 1195 */ 1196 static int smack_inode_getattr(const struct path *path) 1197 { 1198 struct smk_audit_info ad; 1199 struct inode *inode = d_backing_inode(path->dentry); 1200 int rc; 1201 1202 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1203 smk_ad_setfield_u_fs_path(&ad, *path); 1204 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1205 rc = smk_bu_inode(inode, MAY_READ, rc); 1206 return rc; 1207 } 1208 1209 /** 1210 * smack_inode_setxattr - Smack check for setting xattrs 1211 * @mnt_userns: active user namespace 1212 * @dentry: the object 1213 * @name: name of the attribute 1214 * @value: value of the attribute 1215 * @size: size of the value 1216 * @flags: unused 1217 * 1218 * This protects the Smack attribute explicitly. 1219 * 1220 * Returns 0 if access is permitted, an error code otherwise 1221 */ 1222 static int smack_inode_setxattr(struct user_namespace *mnt_userns, 1223 struct dentry *dentry, const char *name, 1224 const void *value, size_t size, int flags) 1225 { 1226 struct smk_audit_info ad; 1227 struct smack_known *skp; 1228 int check_priv = 0; 1229 int check_import = 0; 1230 int check_star = 0; 1231 int rc = 0; 1232 1233 /* 1234 * Check label validity here so import won't fail in post_setxattr 1235 */ 1236 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1237 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1238 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1239 check_priv = 1; 1240 check_import = 1; 1241 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1242 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1243 check_priv = 1; 1244 check_import = 1; 1245 check_star = 1; 1246 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1247 check_priv = 1; 1248 if (size != TRANS_TRUE_SIZE || 1249 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1250 rc = -EINVAL; 1251 } else 1252 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1253 1254 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1255 rc = -EPERM; 1256 1257 if (rc == 0 && check_import) { 1258 skp = size ? smk_import_entry(value, size) : NULL; 1259 if (IS_ERR(skp)) 1260 rc = PTR_ERR(skp); 1261 else if (skp == NULL || (check_star && 1262 (skp == &smack_known_star || skp == &smack_known_web))) 1263 rc = -EINVAL; 1264 } 1265 1266 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1267 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1268 1269 if (rc == 0) { 1270 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1271 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1272 } 1273 1274 return rc; 1275 } 1276 1277 /** 1278 * smack_inode_post_setxattr - Apply the Smack update approved above 1279 * @dentry: object 1280 * @name: attribute name 1281 * @value: attribute value 1282 * @size: attribute size 1283 * @flags: unused 1284 * 1285 * Set the pointer in the inode blob to the entry found 1286 * in the master label list. 1287 */ 1288 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1289 const void *value, size_t size, int flags) 1290 { 1291 struct smack_known *skp; 1292 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1293 1294 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1295 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1296 return; 1297 } 1298 1299 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1300 skp = smk_import_entry(value, size); 1301 if (!IS_ERR(skp)) 1302 isp->smk_inode = skp; 1303 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1304 skp = smk_import_entry(value, size); 1305 if (!IS_ERR(skp)) 1306 isp->smk_task = skp; 1307 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1308 skp = smk_import_entry(value, size); 1309 if (!IS_ERR(skp)) 1310 isp->smk_mmap = skp; 1311 } 1312 1313 return; 1314 } 1315 1316 /** 1317 * smack_inode_getxattr - Smack check on getxattr 1318 * @dentry: the object 1319 * @name: unused 1320 * 1321 * Returns 0 if access is permitted, an error code otherwise 1322 */ 1323 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1324 { 1325 struct smk_audit_info ad; 1326 int rc; 1327 1328 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1329 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1330 1331 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1332 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1333 return rc; 1334 } 1335 1336 /** 1337 * smack_inode_removexattr - Smack check on removexattr 1338 * @mnt_userns: active user namespace 1339 * @dentry: the object 1340 * @name: name of the attribute 1341 * 1342 * Removing the Smack attribute requires CAP_MAC_ADMIN 1343 * 1344 * Returns 0 if access is permitted, an error code otherwise 1345 */ 1346 static int smack_inode_removexattr(struct user_namespace *mnt_userns, 1347 struct dentry *dentry, const char *name) 1348 { 1349 struct inode_smack *isp; 1350 struct smk_audit_info ad; 1351 int rc = 0; 1352 1353 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1354 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1355 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1356 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1357 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1358 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1359 if (!smack_privileged(CAP_MAC_ADMIN)) 1360 rc = -EPERM; 1361 } else 1362 rc = cap_inode_removexattr(mnt_userns, dentry, name); 1363 1364 if (rc != 0) 1365 return rc; 1366 1367 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1368 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1369 1370 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1371 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1372 if (rc != 0) 1373 return rc; 1374 1375 isp = smack_inode(d_backing_inode(dentry)); 1376 /* 1377 * Don't do anything special for these. 1378 * XATTR_NAME_SMACKIPIN 1379 * XATTR_NAME_SMACKIPOUT 1380 */ 1381 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1382 struct super_block *sbp = dentry->d_sb; 1383 struct superblock_smack *sbsp = smack_superblock(sbp); 1384 1385 isp->smk_inode = sbsp->smk_default; 1386 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1387 isp->smk_task = NULL; 1388 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1389 isp->smk_mmap = NULL; 1390 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1391 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1392 1393 return 0; 1394 } 1395 1396 /** 1397 * smack_inode_getsecurity - get smack xattrs 1398 * @mnt_userns: active user namespace 1399 * @inode: the object 1400 * @name: attribute name 1401 * @buffer: where to put the result 1402 * @alloc: duplicate memory 1403 * 1404 * Returns the size of the attribute or an error code 1405 */ 1406 static int smack_inode_getsecurity(struct user_namespace *mnt_userns, 1407 struct inode *inode, const char *name, 1408 void **buffer, bool alloc) 1409 { 1410 struct socket_smack *ssp; 1411 struct socket *sock; 1412 struct super_block *sbp; 1413 struct inode *ip = (struct inode *)inode; 1414 struct smack_known *isp; 1415 1416 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1417 isp = smk_of_inode(inode); 1418 else { 1419 /* 1420 * The rest of the Smack xattrs are only on sockets. 1421 */ 1422 sbp = ip->i_sb; 1423 if (sbp->s_magic != SOCKFS_MAGIC) 1424 return -EOPNOTSUPP; 1425 1426 sock = SOCKET_I(ip); 1427 if (sock == NULL || sock->sk == NULL) 1428 return -EOPNOTSUPP; 1429 1430 ssp = sock->sk->sk_security; 1431 1432 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1433 isp = ssp->smk_in; 1434 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1435 isp = ssp->smk_out; 1436 else 1437 return -EOPNOTSUPP; 1438 } 1439 1440 if (alloc) { 1441 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1442 if (*buffer == NULL) 1443 return -ENOMEM; 1444 } 1445 1446 return strlen(isp->smk_known); 1447 } 1448 1449 1450 /** 1451 * smack_inode_listsecurity - list the Smack attributes 1452 * @inode: the object 1453 * @buffer: where they go 1454 * @buffer_size: size of buffer 1455 */ 1456 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1457 size_t buffer_size) 1458 { 1459 int len = sizeof(XATTR_NAME_SMACK); 1460 1461 if (buffer != NULL && len <= buffer_size) 1462 memcpy(buffer, XATTR_NAME_SMACK, len); 1463 1464 return len; 1465 } 1466 1467 /** 1468 * smack_inode_getsecid - Extract inode's security id 1469 * @inode: inode to extract the info from 1470 * @secid: where result will be saved 1471 */ 1472 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1473 { 1474 struct smack_known *skp = smk_of_inode(inode); 1475 1476 *secid = skp->smk_secid; 1477 } 1478 1479 /* 1480 * File Hooks 1481 */ 1482 1483 /* 1484 * There is no smack_file_permission hook 1485 * 1486 * Should access checks be done on each read or write? 1487 * UNICOS and SELinux say yes. 1488 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1489 * 1490 * I'll say no for now. Smack does not do the frequent 1491 * label changing that SELinux does. 1492 */ 1493 1494 /** 1495 * smack_file_alloc_security - assign a file security blob 1496 * @file: the object 1497 * 1498 * The security blob for a file is a pointer to the master 1499 * label list, so no allocation is done. 1500 * 1501 * f_security is the owner security information. It 1502 * isn't used on file access checks, it's for send_sigio. 1503 * 1504 * Returns 0 1505 */ 1506 static int smack_file_alloc_security(struct file *file) 1507 { 1508 struct smack_known **blob = smack_file(file); 1509 1510 *blob = smk_of_current(); 1511 return 0; 1512 } 1513 1514 /** 1515 * smack_file_ioctl - Smack check on ioctls 1516 * @file: the object 1517 * @cmd: what to do 1518 * @arg: unused 1519 * 1520 * Relies heavily on the correct use of the ioctl command conventions. 1521 * 1522 * Returns 0 if allowed, error code otherwise 1523 */ 1524 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1525 unsigned long arg) 1526 { 1527 int rc = 0; 1528 struct smk_audit_info ad; 1529 struct inode *inode = file_inode(file); 1530 1531 if (unlikely(IS_PRIVATE(inode))) 1532 return 0; 1533 1534 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1535 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1536 1537 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1538 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1539 rc = smk_bu_file(file, MAY_WRITE, rc); 1540 } 1541 1542 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1543 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1544 rc = smk_bu_file(file, MAY_READ, rc); 1545 } 1546 1547 return rc; 1548 } 1549 1550 /** 1551 * smack_file_lock - Smack check on file locking 1552 * @file: the object 1553 * @cmd: unused 1554 * 1555 * Returns 0 if current has lock access, error code otherwise 1556 */ 1557 static int smack_file_lock(struct file *file, unsigned int cmd) 1558 { 1559 struct smk_audit_info ad; 1560 int rc; 1561 struct inode *inode = file_inode(file); 1562 1563 if (unlikely(IS_PRIVATE(inode))) 1564 return 0; 1565 1566 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1567 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1568 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1569 rc = smk_bu_file(file, MAY_LOCK, rc); 1570 return rc; 1571 } 1572 1573 /** 1574 * smack_file_fcntl - Smack check on fcntl 1575 * @file: the object 1576 * @cmd: what action to check 1577 * @arg: unused 1578 * 1579 * Generally these operations are harmless. 1580 * File locking operations present an obvious mechanism 1581 * for passing information, so they require write access. 1582 * 1583 * Returns 0 if current has access, error code otherwise 1584 */ 1585 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1586 unsigned long arg) 1587 { 1588 struct smk_audit_info ad; 1589 int rc = 0; 1590 struct inode *inode = file_inode(file); 1591 1592 if (unlikely(IS_PRIVATE(inode))) 1593 return 0; 1594 1595 switch (cmd) { 1596 case F_GETLK: 1597 break; 1598 case F_SETLK: 1599 case F_SETLKW: 1600 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1601 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1602 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1603 rc = smk_bu_file(file, MAY_LOCK, rc); 1604 break; 1605 case F_SETOWN: 1606 case F_SETSIG: 1607 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1608 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1609 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1610 rc = smk_bu_file(file, MAY_WRITE, rc); 1611 break; 1612 default: 1613 break; 1614 } 1615 1616 return rc; 1617 } 1618 1619 /** 1620 * smack_mmap_file - Check permissions for a mmap operation. 1621 * @file: contains the file structure for file to map (may be NULL). 1622 * @reqprot: contains the protection requested by the application. 1623 * @prot: contains the protection that will be applied by the kernel. 1624 * @flags: contains the operational flags. 1625 * 1626 * The @file may be NULL, e.g. if mapping anonymous memory. 1627 * 1628 * Return 0 if permission is granted. 1629 */ 1630 static int smack_mmap_file(struct file *file, 1631 unsigned long reqprot, unsigned long prot, 1632 unsigned long flags) 1633 { 1634 struct smack_known *skp; 1635 struct smack_known *mkp; 1636 struct smack_rule *srp; 1637 struct task_smack *tsp; 1638 struct smack_known *okp; 1639 struct inode_smack *isp; 1640 struct superblock_smack *sbsp; 1641 int may; 1642 int mmay; 1643 int tmay; 1644 int rc; 1645 1646 if (file == NULL) 1647 return 0; 1648 1649 if (unlikely(IS_PRIVATE(file_inode(file)))) 1650 return 0; 1651 1652 isp = smack_inode(file_inode(file)); 1653 if (isp->smk_mmap == NULL) 1654 return 0; 1655 sbsp = smack_superblock(file_inode(file)->i_sb); 1656 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1657 isp->smk_mmap != sbsp->smk_root) 1658 return -EACCES; 1659 mkp = isp->smk_mmap; 1660 1661 tsp = smack_cred(current_cred()); 1662 skp = smk_of_current(); 1663 rc = 0; 1664 1665 rcu_read_lock(); 1666 /* 1667 * For each Smack rule associated with the subject 1668 * label verify that the SMACK64MMAP also has access 1669 * to that rule's object label. 1670 */ 1671 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1672 okp = srp->smk_object; 1673 /* 1674 * Matching labels always allows access. 1675 */ 1676 if (mkp->smk_known == okp->smk_known) 1677 continue; 1678 /* 1679 * If there is a matching local rule take 1680 * that into account as well. 1681 */ 1682 may = smk_access_entry(srp->smk_subject->smk_known, 1683 okp->smk_known, 1684 &tsp->smk_rules); 1685 if (may == -ENOENT) 1686 may = srp->smk_access; 1687 else 1688 may &= srp->smk_access; 1689 /* 1690 * If may is zero the SMACK64MMAP subject can't 1691 * possibly have less access. 1692 */ 1693 if (may == 0) 1694 continue; 1695 1696 /* 1697 * Fetch the global list entry. 1698 * If there isn't one a SMACK64MMAP subject 1699 * can't have as much access as current. 1700 */ 1701 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1702 &mkp->smk_rules); 1703 if (mmay == -ENOENT) { 1704 rc = -EACCES; 1705 break; 1706 } 1707 /* 1708 * If there is a local entry it modifies the 1709 * potential access, too. 1710 */ 1711 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1712 &tsp->smk_rules); 1713 if (tmay != -ENOENT) 1714 mmay &= tmay; 1715 1716 /* 1717 * If there is any access available to current that is 1718 * not available to a SMACK64MMAP subject 1719 * deny access. 1720 */ 1721 if ((may | mmay) != mmay) { 1722 rc = -EACCES; 1723 break; 1724 } 1725 } 1726 1727 rcu_read_unlock(); 1728 1729 return rc; 1730 } 1731 1732 /** 1733 * smack_file_set_fowner - set the file security blob value 1734 * @file: object in question 1735 * 1736 */ 1737 static void smack_file_set_fowner(struct file *file) 1738 { 1739 struct smack_known **blob = smack_file(file); 1740 1741 *blob = smk_of_current(); 1742 } 1743 1744 /** 1745 * smack_file_send_sigiotask - Smack on sigio 1746 * @tsk: The target task 1747 * @fown: the object the signal come from 1748 * @signum: unused 1749 * 1750 * Allow a privileged task to get signals even if it shouldn't 1751 * 1752 * Returns 0 if a subject with the object's smack could 1753 * write to the task, an error code otherwise. 1754 */ 1755 static int smack_file_send_sigiotask(struct task_struct *tsk, 1756 struct fown_struct *fown, int signum) 1757 { 1758 struct smack_known **blob; 1759 struct smack_known *skp; 1760 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1761 const struct cred *tcred; 1762 struct file *file; 1763 int rc; 1764 struct smk_audit_info ad; 1765 1766 /* 1767 * struct fown_struct is never outside the context of a struct file 1768 */ 1769 file = container_of(fown, struct file, f_owner); 1770 1771 /* we don't log here as rc can be overriden */ 1772 blob = smack_file(file); 1773 skp = *blob; 1774 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1775 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1776 1777 rcu_read_lock(); 1778 tcred = __task_cred(tsk); 1779 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1780 rc = 0; 1781 rcu_read_unlock(); 1782 1783 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1784 smk_ad_setfield_u_tsk(&ad, tsk); 1785 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1786 return rc; 1787 } 1788 1789 /** 1790 * smack_file_receive - Smack file receive check 1791 * @file: the object 1792 * 1793 * Returns 0 if current has access, error code otherwise 1794 */ 1795 static int smack_file_receive(struct file *file) 1796 { 1797 int rc; 1798 int may = 0; 1799 struct smk_audit_info ad; 1800 struct inode *inode = file_inode(file); 1801 struct socket *sock; 1802 struct task_smack *tsp; 1803 struct socket_smack *ssp; 1804 1805 if (unlikely(IS_PRIVATE(inode))) 1806 return 0; 1807 1808 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1809 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1810 1811 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1812 sock = SOCKET_I(inode); 1813 ssp = sock->sk->sk_security; 1814 tsp = smack_cred(current_cred()); 1815 /* 1816 * If the receiving process can't write to the 1817 * passed socket or if the passed socket can't 1818 * write to the receiving process don't accept 1819 * the passed socket. 1820 */ 1821 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1822 rc = smk_bu_file(file, may, rc); 1823 if (rc < 0) 1824 return rc; 1825 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1826 rc = smk_bu_file(file, may, rc); 1827 return rc; 1828 } 1829 /* 1830 * This code relies on bitmasks. 1831 */ 1832 if (file->f_mode & FMODE_READ) 1833 may = MAY_READ; 1834 if (file->f_mode & FMODE_WRITE) 1835 may |= MAY_WRITE; 1836 1837 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1838 rc = smk_bu_file(file, may, rc); 1839 return rc; 1840 } 1841 1842 /** 1843 * smack_file_open - Smack dentry open processing 1844 * @file: the object 1845 * 1846 * Set the security blob in the file structure. 1847 * Allow the open only if the task has read access. There are 1848 * many read operations (e.g. fstat) that you can do with an 1849 * fd even if you have the file open write-only. 1850 * 1851 * Returns 0 if current has access, error code otherwise 1852 */ 1853 static int smack_file_open(struct file *file) 1854 { 1855 struct task_smack *tsp = smack_cred(file->f_cred); 1856 struct inode *inode = file_inode(file); 1857 struct smk_audit_info ad; 1858 int rc; 1859 1860 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1861 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1862 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1863 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1864 1865 return rc; 1866 } 1867 1868 /* 1869 * Task hooks 1870 */ 1871 1872 /** 1873 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1874 * @cred: the new credentials 1875 * @gfp: the atomicity of any memory allocations 1876 * 1877 * Prepare a blank set of credentials for modification. This must allocate all 1878 * the memory the LSM module might require such that cred_transfer() can 1879 * complete without error. 1880 */ 1881 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1882 { 1883 init_task_smack(smack_cred(cred), NULL, NULL); 1884 return 0; 1885 } 1886 1887 1888 /** 1889 * smack_cred_free - "free" task-level security credentials 1890 * @cred: the credentials in question 1891 * 1892 */ 1893 static void smack_cred_free(struct cred *cred) 1894 { 1895 struct task_smack *tsp = smack_cred(cred); 1896 struct smack_rule *rp; 1897 struct list_head *l; 1898 struct list_head *n; 1899 1900 smk_destroy_label_list(&tsp->smk_relabel); 1901 1902 list_for_each_safe(l, n, &tsp->smk_rules) { 1903 rp = list_entry(l, struct smack_rule, list); 1904 list_del(&rp->list); 1905 kmem_cache_free(smack_rule_cache, rp); 1906 } 1907 } 1908 1909 /** 1910 * smack_cred_prepare - prepare new set of credentials for modification 1911 * @new: the new credentials 1912 * @old: the original credentials 1913 * @gfp: the atomicity of any memory allocations 1914 * 1915 * Prepare a new set of credentials for modification. 1916 */ 1917 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1918 gfp_t gfp) 1919 { 1920 struct task_smack *old_tsp = smack_cred(old); 1921 struct task_smack *new_tsp = smack_cred(new); 1922 int rc; 1923 1924 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1925 1926 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1927 if (rc != 0) 1928 return rc; 1929 1930 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1931 gfp); 1932 return rc; 1933 } 1934 1935 /** 1936 * smack_cred_transfer - Transfer the old credentials to the new credentials 1937 * @new: the new credentials 1938 * @old: the original credentials 1939 * 1940 * Fill in a set of blank credentials from another set of credentials. 1941 */ 1942 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1943 { 1944 struct task_smack *old_tsp = smack_cred(old); 1945 struct task_smack *new_tsp = smack_cred(new); 1946 1947 new_tsp->smk_task = old_tsp->smk_task; 1948 new_tsp->smk_forked = old_tsp->smk_task; 1949 mutex_init(&new_tsp->smk_rules_lock); 1950 INIT_LIST_HEAD(&new_tsp->smk_rules); 1951 1952 /* cbs copy rule list */ 1953 } 1954 1955 /** 1956 * smack_cred_getsecid - get the secid corresponding to a creds structure 1957 * @cred: the object creds 1958 * @secid: where to put the result 1959 * 1960 * Sets the secid to contain a u32 version of the smack label. 1961 */ 1962 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 1963 { 1964 struct smack_known *skp; 1965 1966 rcu_read_lock(); 1967 skp = smk_of_task(smack_cred(cred)); 1968 *secid = skp->smk_secid; 1969 rcu_read_unlock(); 1970 } 1971 1972 /** 1973 * smack_kernel_act_as - Set the subjective context in a set of credentials 1974 * @new: points to the set of credentials to be modified. 1975 * @secid: specifies the security ID to be set 1976 * 1977 * Set the security data for a kernel service. 1978 */ 1979 static int smack_kernel_act_as(struct cred *new, u32 secid) 1980 { 1981 struct task_smack *new_tsp = smack_cred(new); 1982 1983 new_tsp->smk_task = smack_from_secid(secid); 1984 return 0; 1985 } 1986 1987 /** 1988 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1989 * @new: points to the set of credentials to be modified 1990 * @inode: points to the inode to use as a reference 1991 * 1992 * Set the file creation context in a set of credentials to the same 1993 * as the objective context of the specified inode 1994 */ 1995 static int smack_kernel_create_files_as(struct cred *new, 1996 struct inode *inode) 1997 { 1998 struct inode_smack *isp = smack_inode(inode); 1999 struct task_smack *tsp = smack_cred(new); 2000 2001 tsp->smk_forked = isp->smk_inode; 2002 tsp->smk_task = tsp->smk_forked; 2003 return 0; 2004 } 2005 2006 /** 2007 * smk_curacc_on_task - helper to log task related access 2008 * @p: the task object 2009 * @access: the access requested 2010 * @caller: name of the calling function for audit 2011 * 2012 * Return 0 if access is permitted 2013 */ 2014 static int smk_curacc_on_task(struct task_struct *p, int access, 2015 const char *caller) 2016 { 2017 struct smk_audit_info ad; 2018 struct smack_known *skp = smk_of_task_struct_obj(p); 2019 int rc; 2020 2021 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2022 smk_ad_setfield_u_tsk(&ad, p); 2023 rc = smk_curacc(skp, access, &ad); 2024 rc = smk_bu_task(p, access, rc); 2025 return rc; 2026 } 2027 2028 /** 2029 * smack_task_setpgid - Smack check on setting pgid 2030 * @p: the task object 2031 * @pgid: unused 2032 * 2033 * Return 0 if write access is permitted 2034 */ 2035 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2036 { 2037 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2038 } 2039 2040 /** 2041 * smack_task_getpgid - Smack access check for getpgid 2042 * @p: the object task 2043 * 2044 * Returns 0 if current can read the object task, error code otherwise 2045 */ 2046 static int smack_task_getpgid(struct task_struct *p) 2047 { 2048 return smk_curacc_on_task(p, MAY_READ, __func__); 2049 } 2050 2051 /** 2052 * smack_task_getsid - Smack access check for getsid 2053 * @p: the object task 2054 * 2055 * Returns 0 if current can read the object task, error code otherwise 2056 */ 2057 static int smack_task_getsid(struct task_struct *p) 2058 { 2059 return smk_curacc_on_task(p, MAY_READ, __func__); 2060 } 2061 2062 /** 2063 * smack_current_getsecid_subj - get the subjective secid of the current task 2064 * @secid: where to put the result 2065 * 2066 * Sets the secid to contain a u32 version of the task's subjective smack label. 2067 */ 2068 static void smack_current_getsecid_subj(u32 *secid) 2069 { 2070 struct smack_known *skp = smk_of_current(); 2071 2072 *secid = skp->smk_secid; 2073 } 2074 2075 /** 2076 * smack_task_getsecid_obj - get the objective secid of the task 2077 * @p: the task 2078 * @secid: where to put the result 2079 * 2080 * Sets the secid to contain a u32 version of the task's objective smack label. 2081 */ 2082 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2083 { 2084 struct smack_known *skp = smk_of_task_struct_obj(p); 2085 2086 *secid = skp->smk_secid; 2087 } 2088 2089 /** 2090 * smack_task_setnice - Smack check on setting nice 2091 * @p: the task object 2092 * @nice: unused 2093 * 2094 * Return 0 if write access is permitted 2095 */ 2096 static int smack_task_setnice(struct task_struct *p, int nice) 2097 { 2098 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2099 } 2100 2101 /** 2102 * smack_task_setioprio - Smack check on setting ioprio 2103 * @p: the task object 2104 * @ioprio: unused 2105 * 2106 * Return 0 if write access is permitted 2107 */ 2108 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2109 { 2110 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2111 } 2112 2113 /** 2114 * smack_task_getioprio - Smack check on reading ioprio 2115 * @p: the task object 2116 * 2117 * Return 0 if read access is permitted 2118 */ 2119 static int smack_task_getioprio(struct task_struct *p) 2120 { 2121 return smk_curacc_on_task(p, MAY_READ, __func__); 2122 } 2123 2124 /** 2125 * smack_task_setscheduler - Smack check on setting scheduler 2126 * @p: the task object 2127 * 2128 * Return 0 if read access is permitted 2129 */ 2130 static int smack_task_setscheduler(struct task_struct *p) 2131 { 2132 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2133 } 2134 2135 /** 2136 * smack_task_getscheduler - Smack check on reading scheduler 2137 * @p: the task object 2138 * 2139 * Return 0 if read access is permitted 2140 */ 2141 static int smack_task_getscheduler(struct task_struct *p) 2142 { 2143 return smk_curacc_on_task(p, MAY_READ, __func__); 2144 } 2145 2146 /** 2147 * smack_task_movememory - Smack check on moving memory 2148 * @p: the task object 2149 * 2150 * Return 0 if write access is permitted 2151 */ 2152 static int smack_task_movememory(struct task_struct *p) 2153 { 2154 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2155 } 2156 2157 /** 2158 * smack_task_kill - Smack check on signal delivery 2159 * @p: the task object 2160 * @info: unused 2161 * @sig: unused 2162 * @cred: identifies the cred to use in lieu of current's 2163 * 2164 * Return 0 if write access is permitted 2165 * 2166 */ 2167 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2168 int sig, const struct cred *cred) 2169 { 2170 struct smk_audit_info ad; 2171 struct smack_known *skp; 2172 struct smack_known *tkp = smk_of_task_struct_obj(p); 2173 int rc; 2174 2175 if (!sig) 2176 return 0; /* null signal; existence test */ 2177 2178 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2179 smk_ad_setfield_u_tsk(&ad, p); 2180 /* 2181 * Sending a signal requires that the sender 2182 * can write the receiver. 2183 */ 2184 if (cred == NULL) { 2185 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2186 rc = smk_bu_task(p, MAY_DELIVER, rc); 2187 return rc; 2188 } 2189 /* 2190 * If the cred isn't NULL we're dealing with some USB IO 2191 * specific behavior. This is not clean. For one thing 2192 * we can't take privilege into account. 2193 */ 2194 skp = smk_of_task(smack_cred(cred)); 2195 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2196 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2197 return rc; 2198 } 2199 2200 /** 2201 * smack_task_to_inode - copy task smack into the inode blob 2202 * @p: task to copy from 2203 * @inode: inode to copy to 2204 * 2205 * Sets the smack pointer in the inode security blob 2206 */ 2207 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2208 { 2209 struct inode_smack *isp = smack_inode(inode); 2210 struct smack_known *skp = smk_of_task_struct_obj(p); 2211 2212 isp->smk_inode = skp; 2213 isp->smk_flags |= SMK_INODE_INSTANT; 2214 } 2215 2216 /* 2217 * Socket hooks. 2218 */ 2219 2220 /** 2221 * smack_sk_alloc_security - Allocate a socket blob 2222 * @sk: the socket 2223 * @family: unused 2224 * @gfp_flags: memory allocation flags 2225 * 2226 * Assign Smack pointers to current 2227 * 2228 * Returns 0 on success, -ENOMEM is there's no memory 2229 */ 2230 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2231 { 2232 struct smack_known *skp = smk_of_current(); 2233 struct socket_smack *ssp; 2234 2235 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2236 if (ssp == NULL) 2237 return -ENOMEM; 2238 2239 /* 2240 * Sockets created by kernel threads receive web label. 2241 */ 2242 if (unlikely(current->flags & PF_KTHREAD)) { 2243 ssp->smk_in = &smack_known_web; 2244 ssp->smk_out = &smack_known_web; 2245 } else { 2246 ssp->smk_in = skp; 2247 ssp->smk_out = skp; 2248 } 2249 ssp->smk_packet = NULL; 2250 2251 sk->sk_security = ssp; 2252 2253 return 0; 2254 } 2255 2256 /** 2257 * smack_sk_free_security - Free a socket blob 2258 * @sk: the socket 2259 * 2260 * Clears the blob pointer 2261 */ 2262 static void smack_sk_free_security(struct sock *sk) 2263 { 2264 #ifdef SMACK_IPV6_PORT_LABELING 2265 struct smk_port_label *spp; 2266 2267 if (sk->sk_family == PF_INET6) { 2268 rcu_read_lock(); 2269 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2270 if (spp->smk_sock != sk) 2271 continue; 2272 spp->smk_can_reuse = 1; 2273 break; 2274 } 2275 rcu_read_unlock(); 2276 } 2277 #endif 2278 kfree(sk->sk_security); 2279 } 2280 2281 /** 2282 * smack_ipv4host_label - check host based restrictions 2283 * @sip: the object end 2284 * 2285 * looks for host based access restrictions 2286 * 2287 * This version will only be appropriate for really small sets of single label 2288 * hosts. The caller is responsible for ensuring that the RCU read lock is 2289 * taken before calling this function. 2290 * 2291 * Returns the label of the far end or NULL if it's not special. 2292 */ 2293 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2294 { 2295 struct smk_net4addr *snp; 2296 struct in_addr *siap = &sip->sin_addr; 2297 2298 if (siap->s_addr == 0) 2299 return NULL; 2300 2301 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2302 /* 2303 * we break after finding the first match because 2304 * the list is sorted from longest to shortest mask 2305 * so we have found the most specific match 2306 */ 2307 if (snp->smk_host.s_addr == 2308 (siap->s_addr & snp->smk_mask.s_addr)) 2309 return snp->smk_label; 2310 2311 return NULL; 2312 } 2313 2314 /* 2315 * smk_ipv6_localhost - Check for local ipv6 host address 2316 * @sip: the address 2317 * 2318 * Returns boolean true if this is the localhost address 2319 */ 2320 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2321 { 2322 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2323 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2324 2325 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2326 ntohs(be16p[7]) == 1) 2327 return true; 2328 return false; 2329 } 2330 2331 /** 2332 * smack_ipv6host_label - check host based restrictions 2333 * @sip: the object end 2334 * 2335 * looks for host based access restrictions 2336 * 2337 * This version will only be appropriate for really small sets of single label 2338 * hosts. The caller is responsible for ensuring that the RCU read lock is 2339 * taken before calling this function. 2340 * 2341 * Returns the label of the far end or NULL if it's not special. 2342 */ 2343 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2344 { 2345 struct smk_net6addr *snp; 2346 struct in6_addr *sap = &sip->sin6_addr; 2347 int i; 2348 int found = 0; 2349 2350 /* 2351 * It's local. Don't look for a host label. 2352 */ 2353 if (smk_ipv6_localhost(sip)) 2354 return NULL; 2355 2356 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2357 /* 2358 * If the label is NULL the entry has 2359 * been renounced. Ignore it. 2360 */ 2361 if (snp->smk_label == NULL) 2362 continue; 2363 /* 2364 * we break after finding the first match because 2365 * the list is sorted from longest to shortest mask 2366 * so we have found the most specific match 2367 */ 2368 for (found = 1, i = 0; i < 8; i++) { 2369 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2370 snp->smk_host.s6_addr16[i]) { 2371 found = 0; 2372 break; 2373 } 2374 } 2375 if (found) 2376 return snp->smk_label; 2377 } 2378 2379 return NULL; 2380 } 2381 2382 /** 2383 * smack_netlbl_add - Set the secattr on a socket 2384 * @sk: the socket 2385 * 2386 * Attach the outbound smack value (smk_out) to the socket. 2387 * 2388 * Returns 0 on success or an error code 2389 */ 2390 static int smack_netlbl_add(struct sock *sk) 2391 { 2392 struct socket_smack *ssp = sk->sk_security; 2393 struct smack_known *skp = ssp->smk_out; 2394 int rc; 2395 2396 local_bh_disable(); 2397 bh_lock_sock_nested(sk); 2398 2399 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2400 switch (rc) { 2401 case 0: 2402 ssp->smk_state = SMK_NETLBL_LABELED; 2403 break; 2404 case -EDESTADDRREQ: 2405 ssp->smk_state = SMK_NETLBL_REQSKB; 2406 rc = 0; 2407 break; 2408 } 2409 2410 bh_unlock_sock(sk); 2411 local_bh_enable(); 2412 2413 return rc; 2414 } 2415 2416 /** 2417 * smack_netlbl_delete - Remove the secattr from a socket 2418 * @sk: the socket 2419 * 2420 * Remove the outbound smack value from a socket 2421 */ 2422 static void smack_netlbl_delete(struct sock *sk) 2423 { 2424 struct socket_smack *ssp = sk->sk_security; 2425 2426 /* 2427 * Take the label off the socket if one is set. 2428 */ 2429 if (ssp->smk_state != SMK_NETLBL_LABELED) 2430 return; 2431 2432 local_bh_disable(); 2433 bh_lock_sock_nested(sk); 2434 netlbl_sock_delattr(sk); 2435 bh_unlock_sock(sk); 2436 local_bh_enable(); 2437 ssp->smk_state = SMK_NETLBL_UNLABELED; 2438 } 2439 2440 /** 2441 * smk_ipv4_check - Perform IPv4 host access checks 2442 * @sk: the socket 2443 * @sap: the destination address 2444 * 2445 * Set the correct secattr for the given socket based on the destination 2446 * address and perform any outbound access checks needed. 2447 * 2448 * Returns 0 on success or an error code. 2449 * 2450 */ 2451 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2452 { 2453 struct smack_known *skp; 2454 int rc = 0; 2455 struct smack_known *hkp; 2456 struct socket_smack *ssp = sk->sk_security; 2457 struct smk_audit_info ad; 2458 2459 rcu_read_lock(); 2460 hkp = smack_ipv4host_label(sap); 2461 if (hkp != NULL) { 2462 #ifdef CONFIG_AUDIT 2463 struct lsm_network_audit net; 2464 2465 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2466 ad.a.u.net->family = sap->sin_family; 2467 ad.a.u.net->dport = sap->sin_port; 2468 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2469 #endif 2470 skp = ssp->smk_out; 2471 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2472 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2473 /* 2474 * Clear the socket netlabel if it's set. 2475 */ 2476 if (!rc) 2477 smack_netlbl_delete(sk); 2478 } 2479 rcu_read_unlock(); 2480 2481 return rc; 2482 } 2483 2484 /** 2485 * smk_ipv6_check - check Smack access 2486 * @subject: subject Smack label 2487 * @object: object Smack label 2488 * @address: address 2489 * @act: the action being taken 2490 * 2491 * Check an IPv6 access 2492 */ 2493 static int smk_ipv6_check(struct smack_known *subject, 2494 struct smack_known *object, 2495 struct sockaddr_in6 *address, int act) 2496 { 2497 #ifdef CONFIG_AUDIT 2498 struct lsm_network_audit net; 2499 #endif 2500 struct smk_audit_info ad; 2501 int rc; 2502 2503 #ifdef CONFIG_AUDIT 2504 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2505 ad.a.u.net->family = PF_INET6; 2506 ad.a.u.net->dport = address->sin6_port; 2507 if (act == SMK_RECEIVING) 2508 ad.a.u.net->v6info.saddr = address->sin6_addr; 2509 else 2510 ad.a.u.net->v6info.daddr = address->sin6_addr; 2511 #endif 2512 rc = smk_access(subject, object, MAY_WRITE, &ad); 2513 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2514 return rc; 2515 } 2516 2517 #ifdef SMACK_IPV6_PORT_LABELING 2518 /** 2519 * smk_ipv6_port_label - Smack port access table management 2520 * @sock: socket 2521 * @address: address 2522 * 2523 * Create or update the port list entry 2524 */ 2525 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2526 { 2527 struct sock *sk = sock->sk; 2528 struct sockaddr_in6 *addr6; 2529 struct socket_smack *ssp = sock->sk->sk_security; 2530 struct smk_port_label *spp; 2531 unsigned short port = 0; 2532 2533 if (address == NULL) { 2534 /* 2535 * This operation is changing the Smack information 2536 * on the bound socket. Take the changes to the port 2537 * as well. 2538 */ 2539 rcu_read_lock(); 2540 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2541 if (sk != spp->smk_sock) 2542 continue; 2543 spp->smk_in = ssp->smk_in; 2544 spp->smk_out = ssp->smk_out; 2545 rcu_read_unlock(); 2546 return; 2547 } 2548 /* 2549 * A NULL address is only used for updating existing 2550 * bound entries. If there isn't one, it's OK. 2551 */ 2552 rcu_read_unlock(); 2553 return; 2554 } 2555 2556 addr6 = (struct sockaddr_in6 *)address; 2557 port = ntohs(addr6->sin6_port); 2558 /* 2559 * This is a special case that is safely ignored. 2560 */ 2561 if (port == 0) 2562 return; 2563 2564 /* 2565 * Look for an existing port list entry. 2566 * This is an indication that a port is getting reused. 2567 */ 2568 rcu_read_lock(); 2569 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2570 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2571 continue; 2572 if (spp->smk_can_reuse != 1) { 2573 rcu_read_unlock(); 2574 return; 2575 } 2576 spp->smk_port = port; 2577 spp->smk_sock = sk; 2578 spp->smk_in = ssp->smk_in; 2579 spp->smk_out = ssp->smk_out; 2580 spp->smk_can_reuse = 0; 2581 rcu_read_unlock(); 2582 return; 2583 } 2584 rcu_read_unlock(); 2585 /* 2586 * A new port entry is required. 2587 */ 2588 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2589 if (spp == NULL) 2590 return; 2591 2592 spp->smk_port = port; 2593 spp->smk_sock = sk; 2594 spp->smk_in = ssp->smk_in; 2595 spp->smk_out = ssp->smk_out; 2596 spp->smk_sock_type = sock->type; 2597 spp->smk_can_reuse = 0; 2598 2599 mutex_lock(&smack_ipv6_lock); 2600 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2601 mutex_unlock(&smack_ipv6_lock); 2602 return; 2603 } 2604 2605 /** 2606 * smk_ipv6_port_check - check Smack port access 2607 * @sk: socket 2608 * @address: address 2609 * @act: the action being taken 2610 * 2611 * Create or update the port list entry 2612 */ 2613 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2614 int act) 2615 { 2616 struct smk_port_label *spp; 2617 struct socket_smack *ssp = sk->sk_security; 2618 struct smack_known *skp = NULL; 2619 unsigned short port; 2620 struct smack_known *object; 2621 2622 if (act == SMK_RECEIVING) { 2623 skp = smack_ipv6host_label(address); 2624 object = ssp->smk_in; 2625 } else { 2626 skp = ssp->smk_out; 2627 object = smack_ipv6host_label(address); 2628 } 2629 2630 /* 2631 * The other end is a single label host. 2632 */ 2633 if (skp != NULL && object != NULL) 2634 return smk_ipv6_check(skp, object, address, act); 2635 if (skp == NULL) 2636 skp = smack_net_ambient; 2637 if (object == NULL) 2638 object = smack_net_ambient; 2639 2640 /* 2641 * It's remote, so port lookup does no good. 2642 */ 2643 if (!smk_ipv6_localhost(address)) 2644 return smk_ipv6_check(skp, object, address, act); 2645 2646 /* 2647 * It's local so the send check has to have passed. 2648 */ 2649 if (act == SMK_RECEIVING) 2650 return 0; 2651 2652 port = ntohs(address->sin6_port); 2653 rcu_read_lock(); 2654 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2655 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2656 continue; 2657 object = spp->smk_in; 2658 if (act == SMK_CONNECTING) 2659 ssp->smk_packet = spp->smk_out; 2660 break; 2661 } 2662 rcu_read_unlock(); 2663 2664 return smk_ipv6_check(skp, object, address, act); 2665 } 2666 #endif 2667 2668 /** 2669 * smack_inode_setsecurity - set smack xattrs 2670 * @inode: the object 2671 * @name: attribute name 2672 * @value: attribute value 2673 * @size: size of the attribute 2674 * @flags: unused 2675 * 2676 * Sets the named attribute in the appropriate blob 2677 * 2678 * Returns 0 on success, or an error code 2679 */ 2680 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2681 const void *value, size_t size, int flags) 2682 { 2683 struct smack_known *skp; 2684 struct inode_smack *nsp = smack_inode(inode); 2685 struct socket_smack *ssp; 2686 struct socket *sock; 2687 int rc = 0; 2688 2689 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2690 return -EINVAL; 2691 2692 skp = smk_import_entry(value, size); 2693 if (IS_ERR(skp)) 2694 return PTR_ERR(skp); 2695 2696 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2697 nsp->smk_inode = skp; 2698 nsp->smk_flags |= SMK_INODE_INSTANT; 2699 return 0; 2700 } 2701 /* 2702 * The rest of the Smack xattrs are only on sockets. 2703 */ 2704 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2705 return -EOPNOTSUPP; 2706 2707 sock = SOCKET_I(inode); 2708 if (sock == NULL || sock->sk == NULL) 2709 return -EOPNOTSUPP; 2710 2711 ssp = sock->sk->sk_security; 2712 2713 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2714 ssp->smk_in = skp; 2715 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2716 ssp->smk_out = skp; 2717 if (sock->sk->sk_family == PF_INET) { 2718 rc = smack_netlbl_add(sock->sk); 2719 if (rc != 0) 2720 printk(KERN_WARNING 2721 "Smack: \"%s\" netlbl error %d.\n", 2722 __func__, -rc); 2723 } 2724 } else 2725 return -EOPNOTSUPP; 2726 2727 #ifdef SMACK_IPV6_PORT_LABELING 2728 if (sock->sk->sk_family == PF_INET6) 2729 smk_ipv6_port_label(sock, NULL); 2730 #endif 2731 2732 return 0; 2733 } 2734 2735 /** 2736 * smack_socket_post_create - finish socket setup 2737 * @sock: the socket 2738 * @family: protocol family 2739 * @type: unused 2740 * @protocol: unused 2741 * @kern: unused 2742 * 2743 * Sets the netlabel information on the socket 2744 * 2745 * Returns 0 on success, and error code otherwise 2746 */ 2747 static int smack_socket_post_create(struct socket *sock, int family, 2748 int type, int protocol, int kern) 2749 { 2750 struct socket_smack *ssp; 2751 2752 if (sock->sk == NULL) 2753 return 0; 2754 2755 /* 2756 * Sockets created by kernel threads receive web label. 2757 */ 2758 if (unlikely(current->flags & PF_KTHREAD)) { 2759 ssp = sock->sk->sk_security; 2760 ssp->smk_in = &smack_known_web; 2761 ssp->smk_out = &smack_known_web; 2762 } 2763 2764 if (family != PF_INET) 2765 return 0; 2766 /* 2767 * Set the outbound netlbl. 2768 */ 2769 return smack_netlbl_add(sock->sk); 2770 } 2771 2772 /** 2773 * smack_socket_socketpair - create socket pair 2774 * @socka: one socket 2775 * @sockb: another socket 2776 * 2777 * Cross reference the peer labels for SO_PEERSEC 2778 * 2779 * Returns 0 2780 */ 2781 static int smack_socket_socketpair(struct socket *socka, 2782 struct socket *sockb) 2783 { 2784 struct socket_smack *asp = socka->sk->sk_security; 2785 struct socket_smack *bsp = sockb->sk->sk_security; 2786 2787 asp->smk_packet = bsp->smk_out; 2788 bsp->smk_packet = asp->smk_out; 2789 2790 return 0; 2791 } 2792 2793 #ifdef SMACK_IPV6_PORT_LABELING 2794 /** 2795 * smack_socket_bind - record port binding information. 2796 * @sock: the socket 2797 * @address: the port address 2798 * @addrlen: size of the address 2799 * 2800 * Records the label bound to a port. 2801 * 2802 * Returns 0 on success, and error code otherwise 2803 */ 2804 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2805 int addrlen) 2806 { 2807 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2808 if (addrlen < SIN6_LEN_RFC2133 || 2809 address->sa_family != AF_INET6) 2810 return -EINVAL; 2811 smk_ipv6_port_label(sock, address); 2812 } 2813 return 0; 2814 } 2815 #endif /* SMACK_IPV6_PORT_LABELING */ 2816 2817 /** 2818 * smack_socket_connect - connect access check 2819 * @sock: the socket 2820 * @sap: the other end 2821 * @addrlen: size of sap 2822 * 2823 * Verifies that a connection may be possible 2824 * 2825 * Returns 0 on success, and error code otherwise 2826 */ 2827 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2828 int addrlen) 2829 { 2830 int rc = 0; 2831 2832 if (sock->sk == NULL) 2833 return 0; 2834 if (sock->sk->sk_family != PF_INET && 2835 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2836 return 0; 2837 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2838 return 0; 2839 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2840 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2841 struct smack_known *rsp = NULL; 2842 2843 if (addrlen < SIN6_LEN_RFC2133) 2844 return 0; 2845 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2846 rsp = smack_ipv6host_label(sip); 2847 if (rsp != NULL) { 2848 struct socket_smack *ssp = sock->sk->sk_security; 2849 2850 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2851 SMK_CONNECTING); 2852 } 2853 #ifdef SMACK_IPV6_PORT_LABELING 2854 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2855 #endif 2856 2857 return rc; 2858 } 2859 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2860 return 0; 2861 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 2862 return rc; 2863 } 2864 2865 /** 2866 * smack_flags_to_may - convert S_ to MAY_ values 2867 * @flags: the S_ value 2868 * 2869 * Returns the equivalent MAY_ value 2870 */ 2871 static int smack_flags_to_may(int flags) 2872 { 2873 int may = 0; 2874 2875 if (flags & S_IRUGO) 2876 may |= MAY_READ; 2877 if (flags & S_IWUGO) 2878 may |= MAY_WRITE; 2879 if (flags & S_IXUGO) 2880 may |= MAY_EXEC; 2881 2882 return may; 2883 } 2884 2885 /** 2886 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2887 * @msg: the object 2888 * 2889 * Returns 0 2890 */ 2891 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2892 { 2893 struct smack_known **blob = smack_msg_msg(msg); 2894 2895 *blob = smk_of_current(); 2896 return 0; 2897 } 2898 2899 /** 2900 * smack_of_ipc - the smack pointer for the ipc 2901 * @isp: the object 2902 * 2903 * Returns a pointer to the smack value 2904 */ 2905 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2906 { 2907 struct smack_known **blob = smack_ipc(isp); 2908 2909 return *blob; 2910 } 2911 2912 /** 2913 * smack_ipc_alloc_security - Set the security blob for ipc 2914 * @isp: the object 2915 * 2916 * Returns 0 2917 */ 2918 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 2919 { 2920 struct smack_known **blob = smack_ipc(isp); 2921 2922 *blob = smk_of_current(); 2923 return 0; 2924 } 2925 2926 /** 2927 * smk_curacc_shm : check if current has access on shm 2928 * @isp : the object 2929 * @access : access requested 2930 * 2931 * Returns 0 if current has the requested access, error code otherwise 2932 */ 2933 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 2934 { 2935 struct smack_known *ssp = smack_of_ipc(isp); 2936 struct smk_audit_info ad; 2937 int rc; 2938 2939 #ifdef CONFIG_AUDIT 2940 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2941 ad.a.u.ipc_id = isp->id; 2942 #endif 2943 rc = smk_curacc(ssp, access, &ad); 2944 rc = smk_bu_current("shm", ssp, access, rc); 2945 return rc; 2946 } 2947 2948 /** 2949 * smack_shm_associate - Smack access check for shm 2950 * @isp: the object 2951 * @shmflg: access requested 2952 * 2953 * Returns 0 if current has the requested access, error code otherwise 2954 */ 2955 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 2956 { 2957 int may; 2958 2959 may = smack_flags_to_may(shmflg); 2960 return smk_curacc_shm(isp, may); 2961 } 2962 2963 /** 2964 * smack_shm_shmctl - Smack access check for shm 2965 * @isp: the object 2966 * @cmd: what it wants to do 2967 * 2968 * Returns 0 if current has the requested access, error code otherwise 2969 */ 2970 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 2971 { 2972 int may; 2973 2974 switch (cmd) { 2975 case IPC_STAT: 2976 case SHM_STAT: 2977 case SHM_STAT_ANY: 2978 may = MAY_READ; 2979 break; 2980 case IPC_SET: 2981 case SHM_LOCK: 2982 case SHM_UNLOCK: 2983 case IPC_RMID: 2984 may = MAY_READWRITE; 2985 break; 2986 case IPC_INFO: 2987 case SHM_INFO: 2988 /* 2989 * System level information. 2990 */ 2991 return 0; 2992 default: 2993 return -EINVAL; 2994 } 2995 return smk_curacc_shm(isp, may); 2996 } 2997 2998 /** 2999 * smack_shm_shmat - Smack access for shmat 3000 * @isp: the object 3001 * @shmaddr: unused 3002 * @shmflg: access requested 3003 * 3004 * Returns 0 if current has the requested access, error code otherwise 3005 */ 3006 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3007 int shmflg) 3008 { 3009 int may; 3010 3011 may = smack_flags_to_may(shmflg); 3012 return smk_curacc_shm(isp, may); 3013 } 3014 3015 /** 3016 * smk_curacc_sem : check if current has access on sem 3017 * @isp : the object 3018 * @access : access requested 3019 * 3020 * Returns 0 if current has the requested access, error code otherwise 3021 */ 3022 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3023 { 3024 struct smack_known *ssp = smack_of_ipc(isp); 3025 struct smk_audit_info ad; 3026 int rc; 3027 3028 #ifdef CONFIG_AUDIT 3029 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3030 ad.a.u.ipc_id = isp->id; 3031 #endif 3032 rc = smk_curacc(ssp, access, &ad); 3033 rc = smk_bu_current("sem", ssp, access, rc); 3034 return rc; 3035 } 3036 3037 /** 3038 * smack_sem_associate - Smack access check for sem 3039 * @isp: the object 3040 * @semflg: access requested 3041 * 3042 * Returns 0 if current has the requested access, error code otherwise 3043 */ 3044 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3045 { 3046 int may; 3047 3048 may = smack_flags_to_may(semflg); 3049 return smk_curacc_sem(isp, may); 3050 } 3051 3052 /** 3053 * smack_sem_semctl - Smack access check for sem 3054 * @isp: the object 3055 * @cmd: what it wants to do 3056 * 3057 * Returns 0 if current has the requested access, error code otherwise 3058 */ 3059 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3060 { 3061 int may; 3062 3063 switch (cmd) { 3064 case GETPID: 3065 case GETNCNT: 3066 case GETZCNT: 3067 case GETVAL: 3068 case GETALL: 3069 case IPC_STAT: 3070 case SEM_STAT: 3071 case SEM_STAT_ANY: 3072 may = MAY_READ; 3073 break; 3074 case SETVAL: 3075 case SETALL: 3076 case IPC_RMID: 3077 case IPC_SET: 3078 may = MAY_READWRITE; 3079 break; 3080 case IPC_INFO: 3081 case SEM_INFO: 3082 /* 3083 * System level information 3084 */ 3085 return 0; 3086 default: 3087 return -EINVAL; 3088 } 3089 3090 return smk_curacc_sem(isp, may); 3091 } 3092 3093 /** 3094 * smack_sem_semop - Smack checks of semaphore operations 3095 * @isp: the object 3096 * @sops: unused 3097 * @nsops: unused 3098 * @alter: unused 3099 * 3100 * Treated as read and write in all cases. 3101 * 3102 * Returns 0 if access is allowed, error code otherwise 3103 */ 3104 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3105 unsigned nsops, int alter) 3106 { 3107 return smk_curacc_sem(isp, MAY_READWRITE); 3108 } 3109 3110 /** 3111 * smk_curacc_msq : helper to check if current has access on msq 3112 * @isp : the msq 3113 * @access : access requested 3114 * 3115 * return 0 if current has access, error otherwise 3116 */ 3117 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3118 { 3119 struct smack_known *msp = smack_of_ipc(isp); 3120 struct smk_audit_info ad; 3121 int rc; 3122 3123 #ifdef CONFIG_AUDIT 3124 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3125 ad.a.u.ipc_id = isp->id; 3126 #endif 3127 rc = smk_curacc(msp, access, &ad); 3128 rc = smk_bu_current("msq", msp, access, rc); 3129 return rc; 3130 } 3131 3132 /** 3133 * smack_msg_queue_associate - Smack access check for msg_queue 3134 * @isp: the object 3135 * @msqflg: access requested 3136 * 3137 * Returns 0 if current has the requested access, error code otherwise 3138 */ 3139 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3140 { 3141 int may; 3142 3143 may = smack_flags_to_may(msqflg); 3144 return smk_curacc_msq(isp, may); 3145 } 3146 3147 /** 3148 * smack_msg_queue_msgctl - Smack access check for msg_queue 3149 * @isp: the object 3150 * @cmd: what it wants to do 3151 * 3152 * Returns 0 if current has the requested access, error code otherwise 3153 */ 3154 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3155 { 3156 int may; 3157 3158 switch (cmd) { 3159 case IPC_STAT: 3160 case MSG_STAT: 3161 case MSG_STAT_ANY: 3162 may = MAY_READ; 3163 break; 3164 case IPC_SET: 3165 case IPC_RMID: 3166 may = MAY_READWRITE; 3167 break; 3168 case IPC_INFO: 3169 case MSG_INFO: 3170 /* 3171 * System level information 3172 */ 3173 return 0; 3174 default: 3175 return -EINVAL; 3176 } 3177 3178 return smk_curacc_msq(isp, may); 3179 } 3180 3181 /** 3182 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3183 * @isp: the object 3184 * @msg: unused 3185 * @msqflg: access requested 3186 * 3187 * Returns 0 if current has the requested access, error code otherwise 3188 */ 3189 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3190 int msqflg) 3191 { 3192 int may; 3193 3194 may = smack_flags_to_may(msqflg); 3195 return smk_curacc_msq(isp, may); 3196 } 3197 3198 /** 3199 * smack_msg_queue_msgrcv - Smack access check for msg_queue 3200 * @isp: the object 3201 * @msg: unused 3202 * @target: unused 3203 * @type: unused 3204 * @mode: unused 3205 * 3206 * Returns 0 if current has read and write access, error code otherwise 3207 */ 3208 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, 3209 struct msg_msg *msg, 3210 struct task_struct *target, long type, 3211 int mode) 3212 { 3213 return smk_curacc_msq(isp, MAY_READWRITE); 3214 } 3215 3216 /** 3217 * smack_ipc_permission - Smack access for ipc_permission() 3218 * @ipp: the object permissions 3219 * @flag: access requested 3220 * 3221 * Returns 0 if current has read and write access, error code otherwise 3222 */ 3223 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3224 { 3225 struct smack_known **blob = smack_ipc(ipp); 3226 struct smack_known *iskp = *blob; 3227 int may = smack_flags_to_may(flag); 3228 struct smk_audit_info ad; 3229 int rc; 3230 3231 #ifdef CONFIG_AUDIT 3232 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3233 ad.a.u.ipc_id = ipp->id; 3234 #endif 3235 rc = smk_curacc(iskp, may, &ad); 3236 rc = smk_bu_current("svipc", iskp, may, rc); 3237 return rc; 3238 } 3239 3240 /** 3241 * smack_ipc_getsecid - Extract smack security id 3242 * @ipp: the object permissions 3243 * @secid: where result will be saved 3244 */ 3245 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3246 { 3247 struct smack_known **blob = smack_ipc(ipp); 3248 struct smack_known *iskp = *blob; 3249 3250 *secid = iskp->smk_secid; 3251 } 3252 3253 /** 3254 * smack_d_instantiate - Make sure the blob is correct on an inode 3255 * @opt_dentry: dentry where inode will be attached 3256 * @inode: the object 3257 * 3258 * Set the inode's security blob if it hasn't been done already. 3259 */ 3260 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3261 { 3262 struct super_block *sbp; 3263 struct superblock_smack *sbsp; 3264 struct inode_smack *isp; 3265 struct smack_known *skp; 3266 struct smack_known *ckp = smk_of_current(); 3267 struct smack_known *final; 3268 char trattr[TRANS_TRUE_SIZE]; 3269 int transflag = 0; 3270 int rc; 3271 struct dentry *dp; 3272 3273 if (inode == NULL) 3274 return; 3275 3276 isp = smack_inode(inode); 3277 3278 /* 3279 * If the inode is already instantiated 3280 * take the quick way out 3281 */ 3282 if (isp->smk_flags & SMK_INODE_INSTANT) 3283 return; 3284 3285 sbp = inode->i_sb; 3286 sbsp = smack_superblock(sbp); 3287 /* 3288 * We're going to use the superblock default label 3289 * if there's no label on the file. 3290 */ 3291 final = sbsp->smk_default; 3292 3293 /* 3294 * If this is the root inode the superblock 3295 * may be in the process of initialization. 3296 * If that is the case use the root value out 3297 * of the superblock. 3298 */ 3299 if (opt_dentry->d_parent == opt_dentry) { 3300 switch (sbp->s_magic) { 3301 case CGROUP_SUPER_MAGIC: 3302 case CGROUP2_SUPER_MAGIC: 3303 /* 3304 * The cgroup filesystem is never mounted, 3305 * so there's no opportunity to set the mount 3306 * options. 3307 */ 3308 sbsp->smk_root = &smack_known_star; 3309 sbsp->smk_default = &smack_known_star; 3310 isp->smk_inode = sbsp->smk_root; 3311 break; 3312 case TMPFS_MAGIC: 3313 /* 3314 * What about shmem/tmpfs anonymous files with dentry 3315 * obtained from d_alloc_pseudo()? 3316 */ 3317 isp->smk_inode = smk_of_current(); 3318 break; 3319 case PIPEFS_MAGIC: 3320 isp->smk_inode = smk_of_current(); 3321 break; 3322 case SOCKFS_MAGIC: 3323 /* 3324 * Socket access is controlled by the socket 3325 * structures associated with the task involved. 3326 */ 3327 isp->smk_inode = &smack_known_star; 3328 break; 3329 default: 3330 isp->smk_inode = sbsp->smk_root; 3331 break; 3332 } 3333 isp->smk_flags |= SMK_INODE_INSTANT; 3334 return; 3335 } 3336 3337 /* 3338 * This is pretty hackish. 3339 * Casey says that we shouldn't have to do 3340 * file system specific code, but it does help 3341 * with keeping it simple. 3342 */ 3343 switch (sbp->s_magic) { 3344 case SMACK_MAGIC: 3345 case CGROUP_SUPER_MAGIC: 3346 case CGROUP2_SUPER_MAGIC: 3347 /* 3348 * Casey says that it's a little embarrassing 3349 * that the smack file system doesn't do 3350 * extended attributes. 3351 * 3352 * Cgroupfs is special 3353 */ 3354 final = &smack_known_star; 3355 break; 3356 case DEVPTS_SUPER_MAGIC: 3357 /* 3358 * devpts seems content with the label of the task. 3359 * Programs that change smack have to treat the 3360 * pty with respect. 3361 */ 3362 final = ckp; 3363 break; 3364 case PROC_SUPER_MAGIC: 3365 /* 3366 * Casey says procfs appears not to care. 3367 * The superblock default suffices. 3368 */ 3369 break; 3370 case TMPFS_MAGIC: 3371 /* 3372 * Device labels should come from the filesystem, 3373 * but watch out, because they're volitile, 3374 * getting recreated on every reboot. 3375 */ 3376 final = &smack_known_star; 3377 /* 3378 * If a smack value has been set we want to use it, 3379 * but since tmpfs isn't giving us the opportunity 3380 * to set mount options simulate setting the 3381 * superblock default. 3382 */ 3383 fallthrough; 3384 default: 3385 /* 3386 * This isn't an understood special case. 3387 * Get the value from the xattr. 3388 */ 3389 3390 /* 3391 * UNIX domain sockets use lower level socket data. 3392 */ 3393 if (S_ISSOCK(inode->i_mode)) { 3394 final = &smack_known_star; 3395 break; 3396 } 3397 /* 3398 * No xattr support means, alas, no SMACK label. 3399 * Use the aforeapplied default. 3400 * It would be curious if the label of the task 3401 * does not match that assigned. 3402 */ 3403 if (!(inode->i_opflags & IOP_XATTR)) 3404 break; 3405 /* 3406 * Get the dentry for xattr. 3407 */ 3408 dp = dget(opt_dentry); 3409 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3410 if (!IS_ERR_OR_NULL(skp)) 3411 final = skp; 3412 3413 /* 3414 * Transmuting directory 3415 */ 3416 if (S_ISDIR(inode->i_mode)) { 3417 /* 3418 * If this is a new directory and the label was 3419 * transmuted when the inode was initialized 3420 * set the transmute attribute on the directory 3421 * and mark the inode. 3422 * 3423 * If there is a transmute attribute on the 3424 * directory mark the inode. 3425 */ 3426 if (isp->smk_flags & SMK_INODE_CHANGED) { 3427 isp->smk_flags &= ~SMK_INODE_CHANGED; 3428 rc = __vfs_setxattr(&init_user_ns, dp, inode, 3429 XATTR_NAME_SMACKTRANSMUTE, 3430 TRANS_TRUE, TRANS_TRUE_SIZE, 3431 0); 3432 } else { 3433 rc = __vfs_getxattr(dp, inode, 3434 XATTR_NAME_SMACKTRANSMUTE, trattr, 3435 TRANS_TRUE_SIZE); 3436 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3437 TRANS_TRUE_SIZE) != 0) 3438 rc = -EINVAL; 3439 } 3440 if (rc >= 0) 3441 transflag = SMK_INODE_TRANSMUTE; 3442 } 3443 /* 3444 * Don't let the exec or mmap label be "*" or "@". 3445 */ 3446 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3447 if (IS_ERR(skp) || skp == &smack_known_star || 3448 skp == &smack_known_web) 3449 skp = NULL; 3450 isp->smk_task = skp; 3451 3452 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3453 if (IS_ERR(skp) || skp == &smack_known_star || 3454 skp == &smack_known_web) 3455 skp = NULL; 3456 isp->smk_mmap = skp; 3457 3458 dput(dp); 3459 break; 3460 } 3461 3462 if (final == NULL) 3463 isp->smk_inode = ckp; 3464 else 3465 isp->smk_inode = final; 3466 3467 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3468 3469 return; 3470 } 3471 3472 /** 3473 * smack_getprocattr - Smack process attribute access 3474 * @p: the object task 3475 * @name: the name of the attribute in /proc/.../attr 3476 * @value: where to put the result 3477 * 3478 * Places a copy of the task Smack into value 3479 * 3480 * Returns the length of the smack label or an error code 3481 */ 3482 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3483 { 3484 struct smack_known *skp = smk_of_task_struct_obj(p); 3485 char *cp; 3486 int slen; 3487 3488 if (strcmp(name, "current") != 0) 3489 return -EINVAL; 3490 3491 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3492 if (cp == NULL) 3493 return -ENOMEM; 3494 3495 slen = strlen(cp); 3496 *value = cp; 3497 return slen; 3498 } 3499 3500 /** 3501 * smack_setprocattr - Smack process attribute setting 3502 * @name: the name of the attribute in /proc/.../attr 3503 * @value: the value to set 3504 * @size: the size of the value 3505 * 3506 * Sets the Smack value of the task. Only setting self 3507 * is permitted and only with privilege 3508 * 3509 * Returns the length of the smack label or an error code 3510 */ 3511 static int smack_setprocattr(const char *name, void *value, size_t size) 3512 { 3513 struct task_smack *tsp = smack_cred(current_cred()); 3514 struct cred *new; 3515 struct smack_known *skp; 3516 struct smack_known_list_elem *sklep; 3517 int rc; 3518 3519 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3520 return -EPERM; 3521 3522 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3523 return -EINVAL; 3524 3525 if (strcmp(name, "current") != 0) 3526 return -EINVAL; 3527 3528 skp = smk_import_entry(value, size); 3529 if (IS_ERR(skp)) 3530 return PTR_ERR(skp); 3531 3532 /* 3533 * No process is ever allowed the web ("@") label 3534 * and the star ("*") label. 3535 */ 3536 if (skp == &smack_known_web || skp == &smack_known_star) 3537 return -EINVAL; 3538 3539 if (!smack_privileged(CAP_MAC_ADMIN)) { 3540 rc = -EPERM; 3541 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3542 if (sklep->smk_label == skp) { 3543 rc = 0; 3544 break; 3545 } 3546 if (rc) 3547 return rc; 3548 } 3549 3550 new = prepare_creds(); 3551 if (new == NULL) 3552 return -ENOMEM; 3553 3554 tsp = smack_cred(new); 3555 tsp->smk_task = skp; 3556 /* 3557 * process can change its label only once 3558 */ 3559 smk_destroy_label_list(&tsp->smk_relabel); 3560 3561 commit_creds(new); 3562 return size; 3563 } 3564 3565 /** 3566 * smack_unix_stream_connect - Smack access on UDS 3567 * @sock: one sock 3568 * @other: the other sock 3569 * @newsk: unused 3570 * 3571 * Return 0 if a subject with the smack of sock could access 3572 * an object with the smack of other, otherwise an error code 3573 */ 3574 static int smack_unix_stream_connect(struct sock *sock, 3575 struct sock *other, struct sock *newsk) 3576 { 3577 struct smack_known *skp; 3578 struct smack_known *okp; 3579 struct socket_smack *ssp = sock->sk_security; 3580 struct socket_smack *osp = other->sk_security; 3581 struct socket_smack *nsp = newsk->sk_security; 3582 struct smk_audit_info ad; 3583 int rc = 0; 3584 #ifdef CONFIG_AUDIT 3585 struct lsm_network_audit net; 3586 #endif 3587 3588 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3589 skp = ssp->smk_out; 3590 okp = osp->smk_in; 3591 #ifdef CONFIG_AUDIT 3592 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3593 smk_ad_setfield_u_net_sk(&ad, other); 3594 #endif 3595 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3596 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3597 if (rc == 0) { 3598 okp = osp->smk_out; 3599 skp = ssp->smk_in; 3600 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3601 rc = smk_bu_note("UDS connect", okp, skp, 3602 MAY_WRITE, rc); 3603 } 3604 } 3605 3606 /* 3607 * Cross reference the peer labels for SO_PEERSEC. 3608 */ 3609 if (rc == 0) { 3610 nsp->smk_packet = ssp->smk_out; 3611 ssp->smk_packet = osp->smk_out; 3612 } 3613 3614 return rc; 3615 } 3616 3617 /** 3618 * smack_unix_may_send - Smack access on UDS 3619 * @sock: one socket 3620 * @other: the other socket 3621 * 3622 * Return 0 if a subject with the smack of sock could access 3623 * an object with the smack of other, otherwise an error code 3624 */ 3625 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3626 { 3627 struct socket_smack *ssp = sock->sk->sk_security; 3628 struct socket_smack *osp = other->sk->sk_security; 3629 struct smk_audit_info ad; 3630 int rc; 3631 3632 #ifdef CONFIG_AUDIT 3633 struct lsm_network_audit net; 3634 3635 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3636 smk_ad_setfield_u_net_sk(&ad, other->sk); 3637 #endif 3638 3639 if (smack_privileged(CAP_MAC_OVERRIDE)) 3640 return 0; 3641 3642 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3643 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3644 return rc; 3645 } 3646 3647 /** 3648 * smack_socket_sendmsg - Smack check based on destination host 3649 * @sock: the socket 3650 * @msg: the message 3651 * @size: the size of the message 3652 * 3653 * Return 0 if the current subject can write to the destination host. 3654 * For IPv4 this is only a question if the destination is a single label host. 3655 * For IPv6 this is a check against the label of the port. 3656 */ 3657 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3658 int size) 3659 { 3660 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3661 #if IS_ENABLED(CONFIG_IPV6) 3662 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3663 #endif 3664 #ifdef SMACK_IPV6_SECMARK_LABELING 3665 struct socket_smack *ssp = sock->sk->sk_security; 3666 struct smack_known *rsp; 3667 #endif 3668 int rc = 0; 3669 3670 /* 3671 * Perfectly reasonable for this to be NULL 3672 */ 3673 if (sip == NULL) 3674 return 0; 3675 3676 switch (sock->sk->sk_family) { 3677 case AF_INET: 3678 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3679 sip->sin_family != AF_INET) 3680 return -EINVAL; 3681 rc = smk_ipv4_check(sock->sk, sip); 3682 break; 3683 #if IS_ENABLED(CONFIG_IPV6) 3684 case AF_INET6: 3685 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3686 sap->sin6_family != AF_INET6) 3687 return -EINVAL; 3688 #ifdef SMACK_IPV6_SECMARK_LABELING 3689 rsp = smack_ipv6host_label(sap); 3690 if (rsp != NULL) 3691 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3692 SMK_CONNECTING); 3693 #endif 3694 #ifdef SMACK_IPV6_PORT_LABELING 3695 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3696 #endif 3697 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3698 break; 3699 } 3700 return rc; 3701 } 3702 3703 /** 3704 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3705 * @sap: netlabel secattr 3706 * @ssp: socket security information 3707 * 3708 * Returns a pointer to a Smack label entry found on the label list. 3709 */ 3710 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3711 struct socket_smack *ssp) 3712 { 3713 struct smack_known *skp; 3714 int found = 0; 3715 int acat; 3716 int kcat; 3717 3718 /* 3719 * Netlabel found it in the cache. 3720 */ 3721 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3722 return (struct smack_known *)sap->cache->data; 3723 3724 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3725 /* 3726 * Looks like a fallback, which gives us a secid. 3727 */ 3728 return smack_from_secid(sap->attr.secid); 3729 3730 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3731 /* 3732 * Looks like a CIPSO packet. 3733 * If there are flags but no level netlabel isn't 3734 * behaving the way we expect it to. 3735 * 3736 * Look it up in the label table 3737 * Without guidance regarding the smack value 3738 * for the packet fall back on the network 3739 * ambient value. 3740 */ 3741 rcu_read_lock(); 3742 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3743 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3744 continue; 3745 /* 3746 * Compare the catsets. Use the netlbl APIs. 3747 */ 3748 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3749 if ((skp->smk_netlabel.flags & 3750 NETLBL_SECATTR_MLS_CAT) == 0) 3751 found = 1; 3752 break; 3753 } 3754 for (acat = -1, kcat = -1; acat == kcat; ) { 3755 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3756 acat + 1); 3757 kcat = netlbl_catmap_walk( 3758 skp->smk_netlabel.attr.mls.cat, 3759 kcat + 1); 3760 if (acat < 0 || kcat < 0) 3761 break; 3762 } 3763 if (acat == kcat) { 3764 found = 1; 3765 break; 3766 } 3767 } 3768 rcu_read_unlock(); 3769 3770 if (found) 3771 return skp; 3772 3773 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3774 return &smack_known_web; 3775 return &smack_known_star; 3776 } 3777 /* 3778 * Without guidance regarding the smack value 3779 * for the packet fall back on the network 3780 * ambient value. 3781 */ 3782 return smack_net_ambient; 3783 } 3784 3785 #if IS_ENABLED(CONFIG_IPV6) 3786 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3787 { 3788 u8 nexthdr; 3789 int offset; 3790 int proto = -EINVAL; 3791 struct ipv6hdr _ipv6h; 3792 struct ipv6hdr *ip6; 3793 __be16 frag_off; 3794 struct tcphdr _tcph, *th; 3795 struct udphdr _udph, *uh; 3796 struct dccp_hdr _dccph, *dh; 3797 3798 sip->sin6_port = 0; 3799 3800 offset = skb_network_offset(skb); 3801 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3802 if (ip6 == NULL) 3803 return -EINVAL; 3804 sip->sin6_addr = ip6->saddr; 3805 3806 nexthdr = ip6->nexthdr; 3807 offset += sizeof(_ipv6h); 3808 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3809 if (offset < 0) 3810 return -EINVAL; 3811 3812 proto = nexthdr; 3813 switch (proto) { 3814 case IPPROTO_TCP: 3815 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3816 if (th != NULL) 3817 sip->sin6_port = th->source; 3818 break; 3819 case IPPROTO_UDP: 3820 case IPPROTO_UDPLITE: 3821 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3822 if (uh != NULL) 3823 sip->sin6_port = uh->source; 3824 break; 3825 case IPPROTO_DCCP: 3826 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3827 if (dh != NULL) 3828 sip->sin6_port = dh->dccph_sport; 3829 break; 3830 } 3831 return proto; 3832 } 3833 #endif /* CONFIG_IPV6 */ 3834 3835 /** 3836 * smack_from_skb - Smack data from the secmark in an skb 3837 * @skb: packet 3838 * 3839 * Returns smack_known of the secmark or NULL if that won't work. 3840 */ 3841 #ifdef CONFIG_NETWORK_SECMARK 3842 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3843 { 3844 if (skb == NULL || skb->secmark == 0) 3845 return NULL; 3846 3847 return smack_from_secid(skb->secmark); 3848 } 3849 #else 3850 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3851 { 3852 return NULL; 3853 } 3854 #endif 3855 3856 /** 3857 * smack_from_netlbl - Smack data from the IP options in an skb 3858 * @sk: socket data came in on 3859 * @family: address family 3860 * @skb: packet 3861 * 3862 * Find the Smack label in the IP options. If it hasn't been 3863 * added to the netlabel cache, add it here. 3864 * 3865 * Returns smack_known of the IP options or NULL if that won't work. 3866 */ 3867 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 3868 struct sk_buff *skb) 3869 { 3870 struct netlbl_lsm_secattr secattr; 3871 struct socket_smack *ssp = NULL; 3872 struct smack_known *skp = NULL; 3873 3874 netlbl_secattr_init(&secattr); 3875 3876 if (sk) 3877 ssp = sk->sk_security; 3878 3879 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 3880 skp = smack_from_secattr(&secattr, ssp); 3881 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 3882 netlbl_cache_add(skb, family, &skp->smk_netlabel); 3883 } 3884 3885 netlbl_secattr_destroy(&secattr); 3886 3887 return skp; 3888 } 3889 3890 /** 3891 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3892 * @sk: socket 3893 * @skb: packet 3894 * 3895 * Returns 0 if the packet should be delivered, an error code otherwise 3896 */ 3897 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3898 { 3899 struct socket_smack *ssp = sk->sk_security; 3900 struct smack_known *skp = NULL; 3901 int rc = 0; 3902 struct smk_audit_info ad; 3903 u16 family = sk->sk_family; 3904 #ifdef CONFIG_AUDIT 3905 struct lsm_network_audit net; 3906 #endif 3907 #if IS_ENABLED(CONFIG_IPV6) 3908 struct sockaddr_in6 sadd; 3909 int proto; 3910 3911 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3912 family = PF_INET; 3913 #endif /* CONFIG_IPV6 */ 3914 3915 switch (family) { 3916 case PF_INET: 3917 /* 3918 * If there is a secmark use it rather than the CIPSO label. 3919 * If there is no secmark fall back to CIPSO. 3920 * The secmark is assumed to reflect policy better. 3921 */ 3922 skp = smack_from_skb(skb); 3923 if (skp == NULL) { 3924 skp = smack_from_netlbl(sk, family, skb); 3925 if (skp == NULL) 3926 skp = smack_net_ambient; 3927 } 3928 3929 #ifdef CONFIG_AUDIT 3930 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3931 ad.a.u.net->family = family; 3932 ad.a.u.net->netif = skb->skb_iif; 3933 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3934 #endif 3935 /* 3936 * Receiving a packet requires that the other end 3937 * be able to write here. Read access is not required. 3938 * This is the simplist possible security model 3939 * for networking. 3940 */ 3941 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3942 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3943 MAY_WRITE, rc); 3944 if (rc != 0) 3945 netlbl_skbuff_err(skb, family, rc, 0); 3946 break; 3947 #if IS_ENABLED(CONFIG_IPV6) 3948 case PF_INET6: 3949 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3950 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3951 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 3952 break; 3953 #ifdef SMACK_IPV6_SECMARK_LABELING 3954 skp = smack_from_skb(skb); 3955 if (skp == NULL) { 3956 if (smk_ipv6_localhost(&sadd)) 3957 break; 3958 skp = smack_ipv6host_label(&sadd); 3959 if (skp == NULL) 3960 skp = smack_net_ambient; 3961 } 3962 #ifdef CONFIG_AUDIT 3963 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3964 ad.a.u.net->family = family; 3965 ad.a.u.net->netif = skb->skb_iif; 3966 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3967 #endif /* CONFIG_AUDIT */ 3968 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3969 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3970 MAY_WRITE, rc); 3971 #endif /* SMACK_IPV6_SECMARK_LABELING */ 3972 #ifdef SMACK_IPV6_PORT_LABELING 3973 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3974 #endif /* SMACK_IPV6_PORT_LABELING */ 3975 if (rc != 0) 3976 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 3977 ICMPV6_ADM_PROHIBITED, 0); 3978 break; 3979 #endif /* CONFIG_IPV6 */ 3980 } 3981 3982 return rc; 3983 } 3984 3985 /** 3986 * smack_socket_getpeersec_stream - pull in packet label 3987 * @sock: the socket 3988 * @optval: user's destination 3989 * @optlen: size thereof 3990 * @len: max thereof 3991 * 3992 * returns zero on success, an error code otherwise 3993 */ 3994 static int smack_socket_getpeersec_stream(struct socket *sock, 3995 char __user *optval, 3996 int __user *optlen, unsigned len) 3997 { 3998 struct socket_smack *ssp; 3999 char *rcp = ""; 4000 int slen = 1; 4001 int rc = 0; 4002 4003 ssp = sock->sk->sk_security; 4004 if (ssp->smk_packet != NULL) { 4005 rcp = ssp->smk_packet->smk_known; 4006 slen = strlen(rcp) + 1; 4007 } 4008 4009 if (slen > len) 4010 rc = -ERANGE; 4011 else if (copy_to_user(optval, rcp, slen) != 0) 4012 rc = -EFAULT; 4013 4014 if (put_user(slen, optlen) != 0) 4015 rc = -EFAULT; 4016 4017 return rc; 4018 } 4019 4020 4021 /** 4022 * smack_socket_getpeersec_dgram - pull in packet label 4023 * @sock: the peer socket 4024 * @skb: packet data 4025 * @secid: pointer to where to put the secid of the packet 4026 * 4027 * Sets the netlabel socket state on sk from parent 4028 */ 4029 static int smack_socket_getpeersec_dgram(struct socket *sock, 4030 struct sk_buff *skb, u32 *secid) 4031 4032 { 4033 struct socket_smack *ssp = NULL; 4034 struct smack_known *skp; 4035 struct sock *sk = NULL; 4036 int family = PF_UNSPEC; 4037 u32 s = 0; /* 0 is the invalid secid */ 4038 4039 if (skb != NULL) { 4040 if (skb->protocol == htons(ETH_P_IP)) 4041 family = PF_INET; 4042 #if IS_ENABLED(CONFIG_IPV6) 4043 else if (skb->protocol == htons(ETH_P_IPV6)) 4044 family = PF_INET6; 4045 #endif /* CONFIG_IPV6 */ 4046 } 4047 if (family == PF_UNSPEC && sock != NULL) 4048 family = sock->sk->sk_family; 4049 4050 switch (family) { 4051 case PF_UNIX: 4052 ssp = sock->sk->sk_security; 4053 s = ssp->smk_out->smk_secid; 4054 break; 4055 case PF_INET: 4056 skp = smack_from_skb(skb); 4057 if (skp) { 4058 s = skp->smk_secid; 4059 break; 4060 } 4061 /* 4062 * Translate what netlabel gave us. 4063 */ 4064 if (sock != NULL) 4065 sk = sock->sk; 4066 skp = smack_from_netlbl(sk, family, skb); 4067 if (skp != NULL) 4068 s = skp->smk_secid; 4069 break; 4070 case PF_INET6: 4071 #ifdef SMACK_IPV6_SECMARK_LABELING 4072 skp = smack_from_skb(skb); 4073 if (skp) 4074 s = skp->smk_secid; 4075 #endif 4076 break; 4077 } 4078 *secid = s; 4079 if (s == 0) 4080 return -EINVAL; 4081 return 0; 4082 } 4083 4084 /** 4085 * smack_sock_graft - Initialize a newly created socket with an existing sock 4086 * @sk: child sock 4087 * @parent: parent socket 4088 * 4089 * Set the smk_{in,out} state of an existing sock based on the process that 4090 * is creating the new socket. 4091 */ 4092 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4093 { 4094 struct socket_smack *ssp; 4095 struct smack_known *skp = smk_of_current(); 4096 4097 if (sk == NULL || 4098 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4099 return; 4100 4101 ssp = sk->sk_security; 4102 ssp->smk_in = skp; 4103 ssp->smk_out = skp; 4104 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4105 } 4106 4107 /** 4108 * smack_inet_conn_request - Smack access check on connect 4109 * @sk: socket involved 4110 * @skb: packet 4111 * @req: unused 4112 * 4113 * Returns 0 if a task with the packet label could write to 4114 * the socket, otherwise an error code 4115 */ 4116 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4117 struct request_sock *req) 4118 { 4119 u16 family = sk->sk_family; 4120 struct smack_known *skp; 4121 struct socket_smack *ssp = sk->sk_security; 4122 struct sockaddr_in addr; 4123 struct iphdr *hdr; 4124 struct smack_known *hskp; 4125 int rc; 4126 struct smk_audit_info ad; 4127 #ifdef CONFIG_AUDIT 4128 struct lsm_network_audit net; 4129 #endif 4130 4131 #if IS_ENABLED(CONFIG_IPV6) 4132 if (family == PF_INET6) { 4133 /* 4134 * Handle mapped IPv4 packets arriving 4135 * via IPv6 sockets. Don't set up netlabel 4136 * processing on IPv6. 4137 */ 4138 if (skb->protocol == htons(ETH_P_IP)) 4139 family = PF_INET; 4140 else 4141 return 0; 4142 } 4143 #endif /* CONFIG_IPV6 */ 4144 4145 /* 4146 * If there is a secmark use it rather than the CIPSO label. 4147 * If there is no secmark fall back to CIPSO. 4148 * The secmark is assumed to reflect policy better. 4149 */ 4150 skp = smack_from_skb(skb); 4151 if (skp == NULL) { 4152 skp = smack_from_netlbl(sk, family, skb); 4153 if (skp == NULL) 4154 skp = &smack_known_huh; 4155 } 4156 4157 #ifdef CONFIG_AUDIT 4158 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4159 ad.a.u.net->family = family; 4160 ad.a.u.net->netif = skb->skb_iif; 4161 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4162 #endif 4163 /* 4164 * Receiving a packet requires that the other end be able to write 4165 * here. Read access is not required. 4166 */ 4167 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4168 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4169 if (rc != 0) 4170 return rc; 4171 4172 /* 4173 * Save the peer's label in the request_sock so we can later setup 4174 * smk_packet in the child socket so that SO_PEERCRED can report it. 4175 */ 4176 req->peer_secid = skp->smk_secid; 4177 4178 /* 4179 * We need to decide if we want to label the incoming connection here 4180 * if we do we only need to label the request_sock and the stack will 4181 * propagate the wire-label to the sock when it is created. 4182 */ 4183 hdr = ip_hdr(skb); 4184 addr.sin_addr.s_addr = hdr->saddr; 4185 rcu_read_lock(); 4186 hskp = smack_ipv4host_label(&addr); 4187 rcu_read_unlock(); 4188 4189 if (hskp == NULL) 4190 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4191 else 4192 netlbl_req_delattr(req); 4193 4194 return rc; 4195 } 4196 4197 /** 4198 * smack_inet_csk_clone - Copy the connection information to the new socket 4199 * @sk: the new socket 4200 * @req: the connection's request_sock 4201 * 4202 * Transfer the connection's peer label to the newly created socket. 4203 */ 4204 static void smack_inet_csk_clone(struct sock *sk, 4205 const struct request_sock *req) 4206 { 4207 struct socket_smack *ssp = sk->sk_security; 4208 struct smack_known *skp; 4209 4210 if (req->peer_secid != 0) { 4211 skp = smack_from_secid(req->peer_secid); 4212 ssp->smk_packet = skp; 4213 } else 4214 ssp->smk_packet = NULL; 4215 } 4216 4217 /* 4218 * Key management security hooks 4219 * 4220 * Casey has not tested key support very heavily. 4221 * The permission check is most likely too restrictive. 4222 * If you care about keys please have a look. 4223 */ 4224 #ifdef CONFIG_KEYS 4225 4226 /** 4227 * smack_key_alloc - Set the key security blob 4228 * @key: object 4229 * @cred: the credentials to use 4230 * @flags: unused 4231 * 4232 * No allocation required 4233 * 4234 * Returns 0 4235 */ 4236 static int smack_key_alloc(struct key *key, const struct cred *cred, 4237 unsigned long flags) 4238 { 4239 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4240 4241 key->security = skp; 4242 return 0; 4243 } 4244 4245 /** 4246 * smack_key_free - Clear the key security blob 4247 * @key: the object 4248 * 4249 * Clear the blob pointer 4250 */ 4251 static void smack_key_free(struct key *key) 4252 { 4253 key->security = NULL; 4254 } 4255 4256 /** 4257 * smack_key_permission - Smack access on a key 4258 * @key_ref: gets to the object 4259 * @cred: the credentials to use 4260 * @need_perm: requested key permission 4261 * 4262 * Return 0 if the task has read and write to the object, 4263 * an error code otherwise 4264 */ 4265 static int smack_key_permission(key_ref_t key_ref, 4266 const struct cred *cred, 4267 enum key_need_perm need_perm) 4268 { 4269 struct key *keyp; 4270 struct smk_audit_info ad; 4271 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4272 int request = 0; 4273 int rc; 4274 4275 /* 4276 * Validate requested permissions 4277 */ 4278 switch (need_perm) { 4279 case KEY_NEED_READ: 4280 case KEY_NEED_SEARCH: 4281 case KEY_NEED_VIEW: 4282 request |= MAY_READ; 4283 break; 4284 case KEY_NEED_WRITE: 4285 case KEY_NEED_LINK: 4286 case KEY_NEED_SETATTR: 4287 request |= MAY_WRITE; 4288 break; 4289 case KEY_NEED_UNSPECIFIED: 4290 case KEY_NEED_UNLINK: 4291 case KEY_SYSADMIN_OVERRIDE: 4292 case KEY_AUTHTOKEN_OVERRIDE: 4293 case KEY_DEFER_PERM_CHECK: 4294 return 0; 4295 default: 4296 return -EINVAL; 4297 } 4298 4299 keyp = key_ref_to_ptr(key_ref); 4300 if (keyp == NULL) 4301 return -EINVAL; 4302 /* 4303 * If the key hasn't been initialized give it access so that 4304 * it may do so. 4305 */ 4306 if (keyp->security == NULL) 4307 return 0; 4308 /* 4309 * This should not occur 4310 */ 4311 if (tkp == NULL) 4312 return -EACCES; 4313 4314 if (smack_privileged(CAP_MAC_OVERRIDE)) 4315 return 0; 4316 4317 #ifdef CONFIG_AUDIT 4318 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4319 ad.a.u.key_struct.key = keyp->serial; 4320 ad.a.u.key_struct.key_desc = keyp->description; 4321 #endif 4322 rc = smk_access(tkp, keyp->security, request, &ad); 4323 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4324 return rc; 4325 } 4326 4327 /* 4328 * smack_key_getsecurity - Smack label tagging the key 4329 * @key points to the key to be queried 4330 * @_buffer points to a pointer that should be set to point to the 4331 * resulting string (if no label or an error occurs). 4332 * Return the length of the string (including terminating NUL) or -ve if 4333 * an error. 4334 * May also return 0 (and a NULL buffer pointer) if there is no label. 4335 */ 4336 static int smack_key_getsecurity(struct key *key, char **_buffer) 4337 { 4338 struct smack_known *skp = key->security; 4339 size_t length; 4340 char *copy; 4341 4342 if (key->security == NULL) { 4343 *_buffer = NULL; 4344 return 0; 4345 } 4346 4347 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4348 if (copy == NULL) 4349 return -ENOMEM; 4350 length = strlen(copy) + 1; 4351 4352 *_buffer = copy; 4353 return length; 4354 } 4355 4356 4357 #ifdef CONFIG_KEY_NOTIFICATIONS 4358 /** 4359 * smack_watch_key - Smack access to watch a key for notifications. 4360 * @key: The key to be watched 4361 * 4362 * Return 0 if the @watch->cred has permission to read from the key object and 4363 * an error otherwise. 4364 */ 4365 static int smack_watch_key(struct key *key) 4366 { 4367 struct smk_audit_info ad; 4368 struct smack_known *tkp = smk_of_current(); 4369 int rc; 4370 4371 if (key == NULL) 4372 return -EINVAL; 4373 /* 4374 * If the key hasn't been initialized give it access so that 4375 * it may do so. 4376 */ 4377 if (key->security == NULL) 4378 return 0; 4379 /* 4380 * This should not occur 4381 */ 4382 if (tkp == NULL) 4383 return -EACCES; 4384 4385 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4386 return 0; 4387 4388 #ifdef CONFIG_AUDIT 4389 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4390 ad.a.u.key_struct.key = key->serial; 4391 ad.a.u.key_struct.key_desc = key->description; 4392 #endif 4393 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4394 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4395 return rc; 4396 } 4397 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4398 #endif /* CONFIG_KEYS */ 4399 4400 #ifdef CONFIG_WATCH_QUEUE 4401 /** 4402 * smack_post_notification - Smack access to post a notification to a queue 4403 * @w_cred: The credentials of the watcher. 4404 * @cred: The credentials of the event source (may be NULL). 4405 * @n: The notification message to be posted. 4406 */ 4407 static int smack_post_notification(const struct cred *w_cred, 4408 const struct cred *cred, 4409 struct watch_notification *n) 4410 { 4411 struct smk_audit_info ad; 4412 struct smack_known *subj, *obj; 4413 int rc; 4414 4415 /* Always let maintenance notifications through. */ 4416 if (n->type == WATCH_TYPE_META) 4417 return 0; 4418 4419 if (!cred) 4420 return 0; 4421 subj = smk_of_task(smack_cred(cred)); 4422 obj = smk_of_task(smack_cred(w_cred)); 4423 4424 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4425 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4426 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4427 return rc; 4428 } 4429 #endif /* CONFIG_WATCH_QUEUE */ 4430 4431 /* 4432 * Smack Audit hooks 4433 * 4434 * Audit requires a unique representation of each Smack specific 4435 * rule. This unique representation is used to distinguish the 4436 * object to be audited from remaining kernel objects and also 4437 * works as a glue between the audit hooks. 4438 * 4439 * Since repository entries are added but never deleted, we'll use 4440 * the smack_known label address related to the given audit rule as 4441 * the needed unique representation. This also better fits the smack 4442 * model where nearly everything is a label. 4443 */ 4444 #ifdef CONFIG_AUDIT 4445 4446 /** 4447 * smack_audit_rule_init - Initialize a smack audit rule 4448 * @field: audit rule fields given from user-space (audit.h) 4449 * @op: required testing operator (=, !=, >, <, ...) 4450 * @rulestr: smack label to be audited 4451 * @vrule: pointer to save our own audit rule representation 4452 * 4453 * Prepare to audit cases where (@field @op @rulestr) is true. 4454 * The label to be audited is created if necessay. 4455 */ 4456 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4457 { 4458 struct smack_known *skp; 4459 char **rule = (char **)vrule; 4460 *rule = NULL; 4461 4462 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4463 return -EINVAL; 4464 4465 if (op != Audit_equal && op != Audit_not_equal) 4466 return -EINVAL; 4467 4468 skp = smk_import_entry(rulestr, 0); 4469 if (IS_ERR(skp)) 4470 return PTR_ERR(skp); 4471 4472 *rule = skp->smk_known; 4473 4474 return 0; 4475 } 4476 4477 /** 4478 * smack_audit_rule_known - Distinguish Smack audit rules 4479 * @krule: rule of interest, in Audit kernel representation format 4480 * 4481 * This is used to filter Smack rules from remaining Audit ones. 4482 * If it's proved that this rule belongs to us, the 4483 * audit_rule_match hook will be called to do the final judgement. 4484 */ 4485 static int smack_audit_rule_known(struct audit_krule *krule) 4486 { 4487 struct audit_field *f; 4488 int i; 4489 4490 for (i = 0; i < krule->field_count; i++) { 4491 f = &krule->fields[i]; 4492 4493 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4494 return 1; 4495 } 4496 4497 return 0; 4498 } 4499 4500 /** 4501 * smack_audit_rule_match - Audit given object ? 4502 * @secid: security id for identifying the object to test 4503 * @field: audit rule flags given from user-space 4504 * @op: required testing operator 4505 * @vrule: smack internal rule presentation 4506 * 4507 * The core Audit hook. It's used to take the decision of 4508 * whether to audit or not to audit a given object. 4509 */ 4510 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4511 { 4512 struct smack_known *skp; 4513 char *rule = vrule; 4514 4515 if (unlikely(!rule)) { 4516 WARN_ONCE(1, "Smack: missing rule\n"); 4517 return -ENOENT; 4518 } 4519 4520 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4521 return 0; 4522 4523 skp = smack_from_secid(secid); 4524 4525 /* 4526 * No need to do string comparisons. If a match occurs, 4527 * both pointers will point to the same smack_known 4528 * label. 4529 */ 4530 if (op == Audit_equal) 4531 return (rule == skp->smk_known); 4532 if (op == Audit_not_equal) 4533 return (rule != skp->smk_known); 4534 4535 return 0; 4536 } 4537 4538 /* 4539 * There is no need for a smack_audit_rule_free hook. 4540 * No memory was allocated. 4541 */ 4542 4543 #endif /* CONFIG_AUDIT */ 4544 4545 /** 4546 * smack_ismaclabel - check if xattr @name references a smack MAC label 4547 * @name: Full xattr name to check. 4548 */ 4549 static int smack_ismaclabel(const char *name) 4550 { 4551 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4552 } 4553 4554 4555 /** 4556 * smack_secid_to_secctx - return the smack label for a secid 4557 * @secid: incoming integer 4558 * @secdata: destination 4559 * @seclen: how long it is 4560 * 4561 * Exists for networking code. 4562 */ 4563 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4564 { 4565 struct smack_known *skp = smack_from_secid(secid); 4566 4567 if (secdata) 4568 *secdata = skp->smk_known; 4569 *seclen = strlen(skp->smk_known); 4570 return 0; 4571 } 4572 4573 /** 4574 * smack_secctx_to_secid - return the secid for a smack label 4575 * @secdata: smack label 4576 * @seclen: how long result is 4577 * @secid: outgoing integer 4578 * 4579 * Exists for audit and networking code. 4580 */ 4581 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4582 { 4583 struct smack_known *skp = smk_find_entry(secdata); 4584 4585 if (skp) 4586 *secid = skp->smk_secid; 4587 else 4588 *secid = 0; 4589 return 0; 4590 } 4591 4592 /* 4593 * There used to be a smack_release_secctx hook 4594 * that did nothing back when hooks were in a vector. 4595 * Now that there's a list such a hook adds cost. 4596 */ 4597 4598 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4599 { 4600 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4601 ctxlen, 0); 4602 } 4603 4604 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4605 { 4606 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK, 4607 ctx, ctxlen, 0); 4608 } 4609 4610 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4611 { 4612 struct smack_known *skp = smk_of_inode(inode); 4613 4614 *ctx = skp->smk_known; 4615 *ctxlen = strlen(skp->smk_known); 4616 return 0; 4617 } 4618 4619 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4620 { 4621 4622 struct task_smack *tsp; 4623 struct smack_known *skp; 4624 struct inode_smack *isp; 4625 struct cred *new_creds = *new; 4626 4627 if (new_creds == NULL) { 4628 new_creds = prepare_creds(); 4629 if (new_creds == NULL) 4630 return -ENOMEM; 4631 } 4632 4633 tsp = smack_cred(new_creds); 4634 4635 /* 4636 * Get label from overlay inode and set it in create_sid 4637 */ 4638 isp = smack_inode(d_inode(dentry)); 4639 skp = isp->smk_inode; 4640 tsp->smk_task = skp; 4641 *new = new_creds; 4642 return 0; 4643 } 4644 4645 static int smack_inode_copy_up_xattr(const char *name) 4646 { 4647 /* 4648 * Return 1 if this is the smack access Smack attribute. 4649 */ 4650 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4651 return 1; 4652 4653 return -EOPNOTSUPP; 4654 } 4655 4656 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4657 struct qstr *name, 4658 const struct cred *old, 4659 struct cred *new) 4660 { 4661 struct task_smack *otsp = smack_cred(old); 4662 struct task_smack *ntsp = smack_cred(new); 4663 struct inode_smack *isp; 4664 int may; 4665 4666 /* 4667 * Use the process credential unless all of 4668 * the transmuting criteria are met 4669 */ 4670 ntsp->smk_task = otsp->smk_task; 4671 4672 /* 4673 * the attribute of the containing directory 4674 */ 4675 isp = smack_inode(d_inode(dentry->d_parent)); 4676 4677 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4678 rcu_read_lock(); 4679 may = smk_access_entry(otsp->smk_task->smk_known, 4680 isp->smk_inode->smk_known, 4681 &otsp->smk_task->smk_rules); 4682 rcu_read_unlock(); 4683 4684 /* 4685 * If the directory is transmuting and the rule 4686 * providing access is transmuting use the containing 4687 * directory label instead of the process label. 4688 */ 4689 if (may > 0 && (may & MAY_TRANSMUTE)) 4690 ntsp->smk_task = isp->smk_inode; 4691 } 4692 return 0; 4693 } 4694 4695 #ifdef CONFIG_IO_URING 4696 /** 4697 * smack_uring_override_creds - Is io_uring cred override allowed? 4698 * @new: the target creds 4699 * 4700 * Check to see if the current task is allowed to override it's credentials 4701 * to service an io_uring operation. 4702 */ 4703 static int smack_uring_override_creds(const struct cred *new) 4704 { 4705 struct task_smack *tsp = smack_cred(current_cred()); 4706 struct task_smack *nsp = smack_cred(new); 4707 4708 /* 4709 * Allow the degenerate case where the new Smack value is 4710 * the same as the current Smack value. 4711 */ 4712 if (tsp->smk_task == nsp->smk_task) 4713 return 0; 4714 4715 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4716 return 0; 4717 4718 return -EPERM; 4719 } 4720 4721 /** 4722 * smack_uring_sqpoll - check if a io_uring polling thread can be created 4723 * 4724 * Check to see if the current task is allowed to create a new io_uring 4725 * kernel polling thread. 4726 */ 4727 static int smack_uring_sqpoll(void) 4728 { 4729 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) 4730 return 0; 4731 4732 return -EPERM; 4733 } 4734 4735 #endif /* CONFIG_IO_URING */ 4736 4737 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4738 .lbs_cred = sizeof(struct task_smack), 4739 .lbs_file = sizeof(struct smack_known *), 4740 .lbs_inode = sizeof(struct inode_smack), 4741 .lbs_ipc = sizeof(struct smack_known *), 4742 .lbs_msg_msg = sizeof(struct smack_known *), 4743 .lbs_superblock = sizeof(struct superblock_smack), 4744 }; 4745 4746 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4747 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4748 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4749 LSM_HOOK_INIT(syslog, smack_syslog), 4750 4751 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4752 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4753 4754 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4755 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4756 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4757 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4758 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4759 4760 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4761 4762 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4763 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4764 LSM_HOOK_INIT(inode_link, smack_inode_link), 4765 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4766 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4767 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4768 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4769 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4770 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4771 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4772 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4773 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4774 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4775 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4776 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4777 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4778 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4779 4780 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4781 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4782 LSM_HOOK_INIT(file_lock, smack_file_lock), 4783 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4784 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4785 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4786 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4787 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4788 LSM_HOOK_INIT(file_receive, smack_file_receive), 4789 4790 LSM_HOOK_INIT(file_open, smack_file_open), 4791 4792 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4793 LSM_HOOK_INIT(cred_free, smack_cred_free), 4794 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4795 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4796 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4797 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4798 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4799 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4800 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4801 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4802 LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj), 4803 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 4804 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4805 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4806 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4807 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4808 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4809 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4810 LSM_HOOK_INIT(task_kill, smack_task_kill), 4811 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4812 4813 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4814 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4815 4816 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4817 4818 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4819 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4820 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4821 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4822 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4823 4824 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4825 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4826 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4827 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4828 4829 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4830 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4831 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4832 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4833 4834 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4835 4836 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4837 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4838 4839 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4840 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4841 4842 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4843 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4844 #ifdef SMACK_IPV6_PORT_LABELING 4845 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4846 #endif 4847 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4848 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4849 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4850 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4851 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4852 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4853 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4854 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4855 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4856 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4857 4858 /* key management security hooks */ 4859 #ifdef CONFIG_KEYS 4860 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4861 LSM_HOOK_INIT(key_free, smack_key_free), 4862 LSM_HOOK_INIT(key_permission, smack_key_permission), 4863 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4864 #ifdef CONFIG_KEY_NOTIFICATIONS 4865 LSM_HOOK_INIT(watch_key, smack_watch_key), 4866 #endif 4867 #endif /* CONFIG_KEYS */ 4868 4869 #ifdef CONFIG_WATCH_QUEUE 4870 LSM_HOOK_INIT(post_notification, smack_post_notification), 4871 #endif 4872 4873 /* Audit hooks */ 4874 #ifdef CONFIG_AUDIT 4875 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4876 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4877 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4878 #endif /* CONFIG_AUDIT */ 4879 4880 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4881 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4882 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4883 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4884 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4885 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4886 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4887 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4888 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4889 #ifdef CONFIG_IO_URING 4890 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds), 4891 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll), 4892 #endif 4893 }; 4894 4895 4896 static __init void init_smack_known_list(void) 4897 { 4898 /* 4899 * Initialize rule list locks 4900 */ 4901 mutex_init(&smack_known_huh.smk_rules_lock); 4902 mutex_init(&smack_known_hat.smk_rules_lock); 4903 mutex_init(&smack_known_floor.smk_rules_lock); 4904 mutex_init(&smack_known_star.smk_rules_lock); 4905 mutex_init(&smack_known_web.smk_rules_lock); 4906 /* 4907 * Initialize rule lists 4908 */ 4909 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4910 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4911 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4912 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4913 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4914 /* 4915 * Create the known labels list 4916 */ 4917 smk_insert_entry(&smack_known_huh); 4918 smk_insert_entry(&smack_known_hat); 4919 smk_insert_entry(&smack_known_star); 4920 smk_insert_entry(&smack_known_floor); 4921 smk_insert_entry(&smack_known_web); 4922 } 4923 4924 /** 4925 * smack_init - initialize the smack system 4926 * 4927 * Returns 0 on success, -ENOMEM is there's no memory 4928 */ 4929 static __init int smack_init(void) 4930 { 4931 struct cred *cred = (struct cred *) current->cred; 4932 struct task_smack *tsp; 4933 4934 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 4935 if (!smack_rule_cache) 4936 return -ENOMEM; 4937 4938 /* 4939 * Set the security state for the initial task. 4940 */ 4941 tsp = smack_cred(cred); 4942 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 4943 4944 /* 4945 * Register with LSM 4946 */ 4947 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4948 smack_enabled = 1; 4949 4950 pr_info("Smack: Initializing.\n"); 4951 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4952 pr_info("Smack: Netfilter enabled.\n"); 4953 #endif 4954 #ifdef SMACK_IPV6_PORT_LABELING 4955 pr_info("Smack: IPv6 port labeling enabled.\n"); 4956 #endif 4957 #ifdef SMACK_IPV6_SECMARK_LABELING 4958 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4959 #endif 4960 4961 /* initialize the smack_known_list */ 4962 init_smack_known_list(); 4963 4964 return 0; 4965 } 4966 4967 /* 4968 * Smack requires early initialization in order to label 4969 * all processes and objects when they are created. 4970 */ 4971 DEFINE_LSM(smack) = { 4972 .name = "smack", 4973 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 4974 .blobs = &smack_blob_sizes, 4975 .init = smack_init, 4976 }; 4977