1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/vmalloc.h> 21 #include <linux/security.h> 22 #include <linux/mutex.h> 23 #include <net/netlabel.h> 24 #include <net/cipso_ipv4.h> 25 #include <linux/seq_file.h> 26 #include <linux/ctype.h> 27 #include <linux/audit.h> 28 #include "smack.h" 29 30 /* 31 * smackfs pseudo filesystem. 32 */ 33 34 enum smk_inos { 35 SMK_ROOT_INO = 2, 36 SMK_LOAD = 3, /* load policy */ 37 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 38 SMK_DOI = 5, /* CIPSO DOI */ 39 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 40 SMK_AMBIENT = 7, /* internet ambient label */ 41 SMK_NLTYPE = 8, /* label scheme to use by default */ 42 SMK_ONLYCAP = 9, /* the only "capable" label */ 43 }; 44 45 /* 46 * List locks 47 */ 48 static DEFINE_MUTEX(smack_list_lock); 49 static DEFINE_MUTEX(smack_cipso_lock); 50 static DEFINE_MUTEX(smack_ambient_lock); 51 52 /* 53 * This is the "ambient" label for network traffic. 54 * If it isn't somehow marked, use this. 55 * It can be reset via smackfs/ambient 56 */ 57 char *smack_net_ambient = smack_known_floor.smk_known; 58 59 /* 60 * This is the default packet marking scheme for network traffic. 61 * It can be reset via smackfs/nltype 62 */ 63 int smack_net_nltype = NETLBL_NLTYPE_CIPSOV4; 64 65 /* 66 * This is the level in a CIPSO header that indicates a 67 * smack label is contained directly in the category set. 68 * It can be reset via smackfs/direct 69 */ 70 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 71 72 /* 73 * Unless a process is running with this label even 74 * having CAP_MAC_OVERRIDE isn't enough to grant 75 * privilege to violate MAC policy. If no label is 76 * designated (the NULL case) capabilities apply to 77 * everyone. It is expected that the hat (^) label 78 * will be used if any label is used. 79 */ 80 char *smack_onlycap; 81 82 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 83 struct smk_list_entry *smack_list; 84 85 #define SEQ_READ_FINISHED 1 86 87 /* 88 * Values for parsing cipso rules 89 * SMK_DIGITLEN: Length of a digit field in a rule. 90 * SMK_CIPSOMIN: Minimum possible cipso rule length. 91 * SMK_CIPSOMAX: Maximum possible cipso rule length. 92 */ 93 #define SMK_DIGITLEN 4 94 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 95 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 96 97 /* 98 * Values for parsing MAC rules 99 * SMK_ACCESS: Maximum possible combination of access permissions 100 * SMK_ACCESSLEN: Maximum length for a rule access field 101 * SMK_LOADLEN: Smack rule length 102 */ 103 #define SMK_ACCESS "rwxa" 104 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 105 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 106 107 108 /* 109 * Seq_file read operations for /smack/load 110 */ 111 112 static void *load_seq_start(struct seq_file *s, loff_t *pos) 113 { 114 if (*pos == SEQ_READ_FINISHED) 115 return NULL; 116 117 return smack_list; 118 } 119 120 static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) 121 { 122 struct smk_list_entry *skp = ((struct smk_list_entry *) v)->smk_next; 123 124 if (skp == NULL) 125 *pos = SEQ_READ_FINISHED; 126 127 return skp; 128 } 129 130 static int load_seq_show(struct seq_file *s, void *v) 131 { 132 struct smk_list_entry *slp = (struct smk_list_entry *) v; 133 struct smack_rule *srp = &slp->smk_rule; 134 135 seq_printf(s, "%s %s", (char *)srp->smk_subject, 136 (char *)srp->smk_object); 137 138 seq_putc(s, ' '); 139 140 if (srp->smk_access & MAY_READ) 141 seq_putc(s, 'r'); 142 if (srp->smk_access & MAY_WRITE) 143 seq_putc(s, 'w'); 144 if (srp->smk_access & MAY_EXEC) 145 seq_putc(s, 'x'); 146 if (srp->smk_access & MAY_APPEND) 147 seq_putc(s, 'a'); 148 if (srp->smk_access == 0) 149 seq_putc(s, '-'); 150 151 seq_putc(s, '\n'); 152 153 return 0; 154 } 155 156 static void load_seq_stop(struct seq_file *s, void *v) 157 { 158 /* No-op */ 159 } 160 161 static struct seq_operations load_seq_ops = { 162 .start = load_seq_start, 163 .next = load_seq_next, 164 .show = load_seq_show, 165 .stop = load_seq_stop, 166 }; 167 168 /** 169 * smk_open_load - open() for /smack/load 170 * @inode: inode structure representing file 171 * @file: "load" file pointer 172 * 173 * For reading, use load_seq_* seq_file reading operations. 174 */ 175 static int smk_open_load(struct inode *inode, struct file *file) 176 { 177 return seq_open(file, &load_seq_ops); 178 } 179 180 /** 181 * smk_set_access - add a rule to the rule list 182 * @srp: the new rule to add 183 * 184 * Looks through the current subject/object/access list for 185 * the subject/object pair and replaces the access that was 186 * there. If the pair isn't found add it with the specified 187 * access. 188 */ 189 static void smk_set_access(struct smack_rule *srp) 190 { 191 struct smk_list_entry *sp; 192 struct smk_list_entry *newp; 193 194 mutex_lock(&smack_list_lock); 195 196 for (sp = smack_list; sp != NULL; sp = sp->smk_next) 197 if (sp->smk_rule.smk_subject == srp->smk_subject && 198 sp->smk_rule.smk_object == srp->smk_object) { 199 sp->smk_rule.smk_access = srp->smk_access; 200 break; 201 } 202 203 if (sp == NULL) { 204 newp = kzalloc(sizeof(struct smk_list_entry), GFP_KERNEL); 205 newp->smk_rule = *srp; 206 newp->smk_next = smack_list; 207 smack_list = newp; 208 } 209 210 mutex_unlock(&smack_list_lock); 211 212 return; 213 } 214 215 /** 216 * smk_write_load - write() for /smack/load 217 * @filp: file pointer, not actually used 218 * @buf: where to get the data from 219 * @count: bytes sent 220 * @ppos: where to start - must be 0 221 * 222 * Get one smack access rule from above. 223 * The format is exactly: 224 * char subject[SMK_LABELLEN] 225 * char object[SMK_LABELLEN] 226 * char access[SMK_ACCESSLEN] 227 * 228 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. 229 */ 230 static ssize_t smk_write_load(struct file *file, const char __user *buf, 231 size_t count, loff_t *ppos) 232 { 233 struct smack_rule rule; 234 char *data; 235 int rc = -EINVAL; 236 237 /* 238 * Must have privilege. 239 * No partial writes. 240 * Enough data must be present. 241 */ 242 if (!capable(CAP_MAC_ADMIN)) 243 return -EPERM; 244 if (*ppos != 0) 245 return -EINVAL; 246 if (count != SMK_LOADLEN) 247 return -EINVAL; 248 249 data = kzalloc(count, GFP_KERNEL); 250 if (data == NULL) 251 return -ENOMEM; 252 253 if (copy_from_user(data, buf, count) != 0) { 254 rc = -EFAULT; 255 goto out; 256 } 257 258 rule.smk_subject = smk_import(data, 0); 259 if (rule.smk_subject == NULL) 260 goto out; 261 262 rule.smk_object = smk_import(data + SMK_LABELLEN, 0); 263 if (rule.smk_object == NULL) 264 goto out; 265 266 rule.smk_access = 0; 267 268 switch (data[SMK_LABELLEN + SMK_LABELLEN]) { 269 case '-': 270 break; 271 case 'r': 272 case 'R': 273 rule.smk_access |= MAY_READ; 274 break; 275 default: 276 goto out; 277 } 278 279 switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) { 280 case '-': 281 break; 282 case 'w': 283 case 'W': 284 rule.smk_access |= MAY_WRITE; 285 break; 286 default: 287 goto out; 288 } 289 290 switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) { 291 case '-': 292 break; 293 case 'x': 294 case 'X': 295 rule.smk_access |= MAY_EXEC; 296 break; 297 default: 298 goto out; 299 } 300 301 switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) { 302 case '-': 303 break; 304 case 'a': 305 case 'A': 306 rule.smk_access |= MAY_READ; 307 break; 308 default: 309 goto out; 310 } 311 312 smk_set_access(&rule); 313 rc = count; 314 315 out: 316 kfree(data); 317 return rc; 318 } 319 320 static const struct file_operations smk_load_ops = { 321 .open = smk_open_load, 322 .read = seq_read, 323 .llseek = seq_lseek, 324 .write = smk_write_load, 325 .release = seq_release, 326 }; 327 328 /** 329 * smk_cipso_doi - initialize the CIPSO domain 330 */ 331 static void smk_cipso_doi(void) 332 { 333 int rc; 334 struct cipso_v4_doi *doip; 335 struct netlbl_audit audit_info; 336 337 audit_info.loginuid = audit_get_loginuid(current); 338 audit_info.sessionid = audit_get_sessionid(current); 339 audit_info.secid = smack_to_secid(current->security); 340 341 rc = netlbl_cfg_map_del(NULL, &audit_info); 342 if (rc != 0) 343 printk(KERN_WARNING "%s:%d remove rc = %d\n", 344 __func__, __LINE__, rc); 345 346 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 347 if (doip == NULL) 348 panic("smack: Failed to initialize cipso DOI.\n"); 349 doip->map.std = NULL; 350 doip->doi = smk_cipso_doi_value; 351 doip->type = CIPSO_V4_MAP_PASS; 352 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 353 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 354 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 355 356 rc = netlbl_cfg_cipsov4_add_map(doip, NULL, &audit_info); 357 if (rc != 0) 358 printk(KERN_WARNING "%s:%d add rc = %d\n", 359 __func__, __LINE__, rc); 360 } 361 362 /** 363 * smk_unlbl_ambient - initialize the unlabeled domain 364 */ 365 static void smk_unlbl_ambient(char *oldambient) 366 { 367 int rc; 368 struct netlbl_audit audit_info; 369 370 audit_info.loginuid = audit_get_loginuid(current); 371 audit_info.sessionid = audit_get_sessionid(current); 372 audit_info.secid = smack_to_secid(current->security); 373 374 if (oldambient != NULL) { 375 rc = netlbl_cfg_map_del(oldambient, &audit_info); 376 if (rc != 0) 377 printk(KERN_WARNING "%s:%d remove rc = %d\n", 378 __func__, __LINE__, rc); 379 } 380 381 rc = netlbl_cfg_unlbl_add_map(smack_net_ambient, &audit_info); 382 if (rc != 0) 383 printk(KERN_WARNING "%s:%d add rc = %d\n", 384 __func__, __LINE__, rc); 385 } 386 387 /* 388 * Seq_file read operations for /smack/cipso 389 */ 390 391 static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 392 { 393 if (*pos == SEQ_READ_FINISHED) 394 return NULL; 395 396 return smack_known; 397 } 398 399 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 400 { 401 struct smack_known *skp = ((struct smack_known *) v)->smk_next; 402 403 /* 404 * Omit labels with no associated cipso value 405 */ 406 while (skp != NULL && !skp->smk_cipso) 407 skp = skp->smk_next; 408 409 if (skp == NULL) 410 *pos = SEQ_READ_FINISHED; 411 412 return skp; 413 } 414 415 /* 416 * Print cipso labels in format: 417 * label level[/cat[,cat]] 418 */ 419 static int cipso_seq_show(struct seq_file *s, void *v) 420 { 421 struct smack_known *skp = (struct smack_known *) v; 422 struct smack_cipso *scp = skp->smk_cipso; 423 char *cbp; 424 char sep = '/'; 425 int cat = 1; 426 int i; 427 unsigned char m; 428 429 if (scp == NULL) 430 return 0; 431 432 seq_printf(s, "%s %3d", (char *)&skp->smk_known, scp->smk_level); 433 434 cbp = scp->smk_catset; 435 for (i = 0; i < SMK_LABELLEN; i++) 436 for (m = 0x80; m != 0; m >>= 1) { 437 if (m & cbp[i]) { 438 seq_printf(s, "%c%d", sep, cat); 439 sep = ','; 440 } 441 cat++; 442 } 443 444 seq_putc(s, '\n'); 445 446 return 0; 447 } 448 449 static void cipso_seq_stop(struct seq_file *s, void *v) 450 { 451 /* No-op */ 452 } 453 454 static struct seq_operations cipso_seq_ops = { 455 .start = cipso_seq_start, 456 .stop = cipso_seq_stop, 457 .next = cipso_seq_next, 458 .show = cipso_seq_show, 459 }; 460 461 /** 462 * smk_open_cipso - open() for /smack/cipso 463 * @inode: inode structure representing file 464 * @file: "cipso" file pointer 465 * 466 * Connect our cipso_seq_* operations with /smack/cipso 467 * file_operations 468 */ 469 static int smk_open_cipso(struct inode *inode, struct file *file) 470 { 471 return seq_open(file, &cipso_seq_ops); 472 } 473 474 /** 475 * smk_write_cipso - write() for /smack/cipso 476 * @filp: file pointer, not actually used 477 * @buf: where to get the data from 478 * @count: bytes sent 479 * @ppos: where to start 480 * 481 * Accepts only one cipso rule per write call. 482 * Returns number of bytes written or error code, as appropriate 483 */ 484 static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 485 size_t count, loff_t *ppos) 486 { 487 struct smack_known *skp; 488 struct smack_cipso *scp = NULL; 489 char mapcatset[SMK_LABELLEN]; 490 int maplevel; 491 int cat; 492 int catlen; 493 ssize_t rc = -EINVAL; 494 char *data = NULL; 495 char *rule; 496 int ret; 497 int i; 498 499 /* 500 * Must have privilege. 501 * No partial writes. 502 * Enough data must be present. 503 */ 504 if (!capable(CAP_MAC_ADMIN)) 505 return -EPERM; 506 if (*ppos != 0) 507 return -EINVAL; 508 if (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX) 509 return -EINVAL; 510 511 data = kzalloc(count + 1, GFP_KERNEL); 512 if (data == NULL) 513 return -ENOMEM; 514 515 if (copy_from_user(data, buf, count) != 0) { 516 rc = -EFAULT; 517 goto unlockedout; 518 } 519 520 data[count] = '\0'; 521 rule = data; 522 /* 523 * Only allow one writer at a time. Writes should be 524 * quite rare and small in any case. 525 */ 526 mutex_lock(&smack_cipso_lock); 527 528 skp = smk_import_entry(rule, 0); 529 if (skp == NULL) 530 goto out; 531 532 rule += SMK_LABELLEN;; 533 ret = sscanf(rule, "%d", &maplevel); 534 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 535 goto out; 536 537 rule += SMK_DIGITLEN; 538 ret = sscanf(rule, "%d", &catlen); 539 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 540 goto out; 541 542 if (count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 543 goto out; 544 545 memset(mapcatset, 0, sizeof(mapcatset)); 546 547 for (i = 0; i < catlen; i++) { 548 rule += SMK_DIGITLEN; 549 ret = sscanf(rule, "%d", &cat); 550 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL) 551 goto out; 552 553 smack_catset_bit(cat, mapcatset); 554 } 555 556 if (skp->smk_cipso == NULL) { 557 scp = kzalloc(sizeof(struct smack_cipso), GFP_KERNEL); 558 if (scp == NULL) { 559 rc = -ENOMEM; 560 goto out; 561 } 562 } 563 564 spin_lock_bh(&skp->smk_cipsolock); 565 566 if (scp == NULL) 567 scp = skp->smk_cipso; 568 else 569 skp->smk_cipso = scp; 570 571 scp->smk_level = maplevel; 572 memcpy(scp->smk_catset, mapcatset, sizeof(mapcatset)); 573 574 spin_unlock_bh(&skp->smk_cipsolock); 575 576 rc = count; 577 out: 578 mutex_unlock(&smack_cipso_lock); 579 unlockedout: 580 kfree(data); 581 return rc; 582 } 583 584 static const struct file_operations smk_cipso_ops = { 585 .open = smk_open_cipso, 586 .read = seq_read, 587 .llseek = seq_lseek, 588 .write = smk_write_cipso, 589 .release = seq_release, 590 }; 591 592 /** 593 * smk_read_doi - read() for /smack/doi 594 * @filp: file pointer, not actually used 595 * @buf: where to put the result 596 * @count: maximum to send along 597 * @ppos: where to start 598 * 599 * Returns number of bytes read or error code, as appropriate 600 */ 601 static ssize_t smk_read_doi(struct file *filp, char __user *buf, 602 size_t count, loff_t *ppos) 603 { 604 char temp[80]; 605 ssize_t rc; 606 607 if (*ppos != 0) 608 return 0; 609 610 sprintf(temp, "%d", smk_cipso_doi_value); 611 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 612 613 return rc; 614 } 615 616 /** 617 * smk_write_doi - write() for /smack/doi 618 * @filp: file pointer, not actually used 619 * @buf: where to get the data from 620 * @count: bytes sent 621 * @ppos: where to start 622 * 623 * Returns number of bytes written or error code, as appropriate 624 */ 625 static ssize_t smk_write_doi(struct file *file, const char __user *buf, 626 size_t count, loff_t *ppos) 627 { 628 char temp[80]; 629 int i; 630 631 if (!capable(CAP_MAC_ADMIN)) 632 return -EPERM; 633 634 if (count >= sizeof(temp) || count == 0) 635 return -EINVAL; 636 637 if (copy_from_user(temp, buf, count) != 0) 638 return -EFAULT; 639 640 temp[count] = '\0'; 641 642 if (sscanf(temp, "%d", &i) != 1) 643 return -EINVAL; 644 645 smk_cipso_doi_value = i; 646 647 smk_cipso_doi(); 648 649 return count; 650 } 651 652 static const struct file_operations smk_doi_ops = { 653 .read = smk_read_doi, 654 .write = smk_write_doi, 655 }; 656 657 /** 658 * smk_read_direct - read() for /smack/direct 659 * @filp: file pointer, not actually used 660 * @buf: where to put the result 661 * @count: maximum to send along 662 * @ppos: where to start 663 * 664 * Returns number of bytes read or error code, as appropriate 665 */ 666 static ssize_t smk_read_direct(struct file *filp, char __user *buf, 667 size_t count, loff_t *ppos) 668 { 669 char temp[80]; 670 ssize_t rc; 671 672 if (*ppos != 0) 673 return 0; 674 675 sprintf(temp, "%d", smack_cipso_direct); 676 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 677 678 return rc; 679 } 680 681 /** 682 * smk_write_direct - write() for /smack/direct 683 * @filp: file pointer, not actually used 684 * @buf: where to get the data from 685 * @count: bytes sent 686 * @ppos: where to start 687 * 688 * Returns number of bytes written or error code, as appropriate 689 */ 690 static ssize_t smk_write_direct(struct file *file, const char __user *buf, 691 size_t count, loff_t *ppos) 692 { 693 char temp[80]; 694 int i; 695 696 if (!capable(CAP_MAC_ADMIN)) 697 return -EPERM; 698 699 if (count >= sizeof(temp) || count == 0) 700 return -EINVAL; 701 702 if (copy_from_user(temp, buf, count) != 0) 703 return -EFAULT; 704 705 temp[count] = '\0'; 706 707 if (sscanf(temp, "%d", &i) != 1) 708 return -EINVAL; 709 710 smack_cipso_direct = i; 711 712 return count; 713 } 714 715 static const struct file_operations smk_direct_ops = { 716 .read = smk_read_direct, 717 .write = smk_write_direct, 718 }; 719 720 /** 721 * smk_read_ambient - read() for /smack/ambient 722 * @filp: file pointer, not actually used 723 * @buf: where to put the result 724 * @cn: maximum to send along 725 * @ppos: where to start 726 * 727 * Returns number of bytes read or error code, as appropriate 728 */ 729 static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 730 size_t cn, loff_t *ppos) 731 { 732 ssize_t rc; 733 int asize; 734 735 if (*ppos != 0) 736 return 0; 737 /* 738 * Being careful to avoid a problem in the case where 739 * smack_net_ambient gets changed in midstream. 740 */ 741 mutex_lock(&smack_ambient_lock); 742 743 asize = strlen(smack_net_ambient) + 1; 744 745 if (cn >= asize) 746 rc = simple_read_from_buffer(buf, cn, ppos, 747 smack_net_ambient, asize); 748 else 749 rc = -EINVAL; 750 751 mutex_unlock(&smack_ambient_lock); 752 753 return rc; 754 } 755 756 /** 757 * smk_write_ambient - write() for /smack/ambient 758 * @filp: file pointer, not actually used 759 * @buf: where to get the data from 760 * @count: bytes sent 761 * @ppos: where to start 762 * 763 * Returns number of bytes written or error code, as appropriate 764 */ 765 static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 766 size_t count, loff_t *ppos) 767 { 768 char in[SMK_LABELLEN]; 769 char *oldambient; 770 char *smack; 771 772 if (!capable(CAP_MAC_ADMIN)) 773 return -EPERM; 774 775 if (count >= SMK_LABELLEN) 776 return -EINVAL; 777 778 if (copy_from_user(in, buf, count) != 0) 779 return -EFAULT; 780 781 smack = smk_import(in, count); 782 if (smack == NULL) 783 return -EINVAL; 784 785 mutex_lock(&smack_ambient_lock); 786 787 oldambient = smack_net_ambient; 788 smack_net_ambient = smack; 789 smk_unlbl_ambient(oldambient); 790 791 mutex_unlock(&smack_ambient_lock); 792 793 return count; 794 } 795 796 static const struct file_operations smk_ambient_ops = { 797 .read = smk_read_ambient, 798 .write = smk_write_ambient, 799 }; 800 801 /** 802 * smk_read_onlycap - read() for /smack/onlycap 803 * @filp: file pointer, not actually used 804 * @buf: where to put the result 805 * @cn: maximum to send along 806 * @ppos: where to start 807 * 808 * Returns number of bytes read or error code, as appropriate 809 */ 810 static ssize_t smk_read_onlycap(struct file *filp, char __user *buf, 811 size_t cn, loff_t *ppos) 812 { 813 char *smack = ""; 814 ssize_t rc = -EINVAL; 815 int asize; 816 817 if (*ppos != 0) 818 return 0; 819 820 if (smack_onlycap != NULL) 821 smack = smack_onlycap; 822 823 asize = strlen(smack) + 1; 824 825 if (cn >= asize) 826 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 827 828 return rc; 829 } 830 831 /** 832 * smk_write_onlycap - write() for /smack/onlycap 833 * @filp: file pointer, not actually used 834 * @buf: where to get the data from 835 * @count: bytes sent 836 * @ppos: where to start 837 * 838 * Returns number of bytes written or error code, as appropriate 839 */ 840 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 841 size_t count, loff_t *ppos) 842 { 843 char in[SMK_LABELLEN]; 844 char *sp = current->security; 845 846 if (!capable(CAP_MAC_ADMIN)) 847 return -EPERM; 848 849 /* 850 * This can be done using smk_access() but is done 851 * explicitly for clarity. The smk_access() implementation 852 * would use smk_access(smack_onlycap, MAY_WRITE) 853 */ 854 if (smack_onlycap != NULL && smack_onlycap != sp) 855 return -EPERM; 856 857 if (count >= SMK_LABELLEN) 858 return -EINVAL; 859 860 if (copy_from_user(in, buf, count) != 0) 861 return -EFAULT; 862 863 /* 864 * Should the null string be passed in unset the onlycap value. 865 * This seems like something to be careful with as usually 866 * smk_import only expects to return NULL for errors. It 867 * is usually the case that a nullstring or "\n" would be 868 * bad to pass to smk_import but in fact this is useful here. 869 */ 870 smack_onlycap = smk_import(in, count); 871 872 return count; 873 } 874 875 static const struct file_operations smk_onlycap_ops = { 876 .read = smk_read_onlycap, 877 .write = smk_write_onlycap, 878 }; 879 880 struct option_names { 881 int o_number; 882 char *o_name; 883 char *o_alias; 884 }; 885 886 static struct option_names netlbl_choices[] = { 887 { NETLBL_NLTYPE_RIPSO, 888 NETLBL_NLTYPE_RIPSO_NAME, "ripso" }, 889 { NETLBL_NLTYPE_CIPSOV4, 890 NETLBL_NLTYPE_CIPSOV4_NAME, "cipsov4" }, 891 { NETLBL_NLTYPE_CIPSOV4, 892 NETLBL_NLTYPE_CIPSOV4_NAME, "cipso" }, 893 { NETLBL_NLTYPE_CIPSOV6, 894 NETLBL_NLTYPE_CIPSOV6_NAME, "cipsov6" }, 895 { NETLBL_NLTYPE_UNLABELED, 896 NETLBL_NLTYPE_UNLABELED_NAME, "unlabeled" }, 897 }; 898 899 /** 900 * smk_read_nltype - read() for /smack/nltype 901 * @filp: file pointer, not actually used 902 * @buf: where to put the result 903 * @count: maximum to send along 904 * @ppos: where to start 905 * 906 * Returns number of bytes read or error code, as appropriate 907 */ 908 static ssize_t smk_read_nltype(struct file *filp, char __user *buf, 909 size_t count, loff_t *ppos) 910 { 911 char bound[40]; 912 ssize_t rc; 913 int i; 914 915 if (count < SMK_LABELLEN) 916 return -EINVAL; 917 918 if (*ppos != 0) 919 return 0; 920 921 sprintf(bound, "unknown"); 922 923 for (i = 0; i < ARRAY_SIZE(netlbl_choices); i++) 924 if (smack_net_nltype == netlbl_choices[i].o_number) { 925 sprintf(bound, "%s", netlbl_choices[i].o_name); 926 break; 927 } 928 929 rc = simple_read_from_buffer(buf, count, ppos, bound, strlen(bound)); 930 931 return rc; 932 } 933 934 /** 935 * smk_write_nltype - write() for /smack/nltype 936 * @filp: file pointer, not actually used 937 * @buf: where to get the data from 938 * @count: bytes sent 939 * @ppos: where to start 940 * 941 * Returns number of bytes written or error code, as appropriate 942 */ 943 static ssize_t smk_write_nltype(struct file *file, const char __user *buf, 944 size_t count, loff_t *ppos) 945 { 946 char bound[40]; 947 char *cp; 948 int i; 949 950 if (!capable(CAP_MAC_ADMIN)) 951 return -EPERM; 952 953 if (count >= 40) 954 return -EINVAL; 955 956 if (copy_from_user(bound, buf, count) != 0) 957 return -EFAULT; 958 959 bound[count] = '\0'; 960 cp = strchr(bound, ' '); 961 if (cp != NULL) 962 *cp = '\0'; 963 cp = strchr(bound, '\n'); 964 if (cp != NULL) 965 *cp = '\0'; 966 967 for (i = 0; i < ARRAY_SIZE(netlbl_choices); i++) 968 if (strcmp(bound, netlbl_choices[i].o_name) == 0 || 969 strcmp(bound, netlbl_choices[i].o_alias) == 0) { 970 smack_net_nltype = netlbl_choices[i].o_number; 971 return count; 972 } 973 /* 974 * Not a valid choice. 975 */ 976 return -EINVAL; 977 } 978 979 static const struct file_operations smk_nltype_ops = { 980 .read = smk_read_nltype, 981 .write = smk_write_nltype, 982 }; 983 984 /** 985 * smk_fill_super - fill the /smackfs superblock 986 * @sb: the empty superblock 987 * @data: unused 988 * @silent: unused 989 * 990 * Fill in the well known entries for /smack 991 * 992 * Returns 0 on success, an error code on failure 993 */ 994 static int smk_fill_super(struct super_block *sb, void *data, int silent) 995 { 996 int rc; 997 struct inode *root_inode; 998 999 static struct tree_descr smack_files[] = { 1000 [SMK_LOAD] = 1001 {"load", &smk_load_ops, S_IRUGO|S_IWUSR}, 1002 [SMK_CIPSO] = 1003 {"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 1004 [SMK_DOI] = 1005 {"doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 1006 [SMK_DIRECT] = 1007 {"direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 1008 [SMK_AMBIENT] = 1009 {"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 1010 [SMK_NLTYPE] = 1011 {"nltype", &smk_nltype_ops, S_IRUGO|S_IWUSR}, 1012 [SMK_ONLYCAP] = 1013 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 1014 /* last one */ {""} 1015 }; 1016 1017 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 1018 if (rc != 0) { 1019 printk(KERN_ERR "%s failed %d while creating inodes\n", 1020 __func__, rc); 1021 return rc; 1022 } 1023 1024 root_inode = sb->s_root->d_inode; 1025 root_inode->i_security = new_inode_smack(smack_known_floor.smk_known); 1026 1027 return 0; 1028 } 1029 1030 /** 1031 * smk_get_sb - get the smackfs superblock 1032 * @fs_type: passed along without comment 1033 * @flags: passed along without comment 1034 * @dev_name: passed along without comment 1035 * @data: passed along without comment 1036 * @mnt: passed along without comment 1037 * 1038 * Just passes everything along. 1039 * 1040 * Returns what the lower level code does. 1041 */ 1042 static int smk_get_sb(struct file_system_type *fs_type, 1043 int flags, const char *dev_name, void *data, 1044 struct vfsmount *mnt) 1045 { 1046 return get_sb_single(fs_type, flags, data, smk_fill_super, mnt); 1047 } 1048 1049 static struct file_system_type smk_fs_type = { 1050 .name = "smackfs", 1051 .get_sb = smk_get_sb, 1052 .kill_sb = kill_litter_super, 1053 }; 1054 1055 static struct vfsmount *smackfs_mount; 1056 1057 /** 1058 * init_smk_fs - get the smackfs superblock 1059 * 1060 * register the smackfs 1061 * 1062 * Do not register smackfs if Smack wasn't enabled 1063 * on boot. We can not put this method normally under the 1064 * smack_init() code path since the security subsystem get 1065 * initialized before the vfs caches. 1066 * 1067 * Returns true if we were not chosen on boot or if 1068 * we were chosen and filesystem registration succeeded. 1069 */ 1070 static int __init init_smk_fs(void) 1071 { 1072 int err; 1073 1074 if (!security_module_enable(&smack_ops)) 1075 return 0; 1076 1077 err = register_filesystem(&smk_fs_type); 1078 if (!err) { 1079 smackfs_mount = kern_mount(&smk_fs_type); 1080 if (IS_ERR(smackfs_mount)) { 1081 printk(KERN_ERR "smackfs: could not mount!\n"); 1082 err = PTR_ERR(smackfs_mount); 1083 smackfs_mount = NULL; 1084 } 1085 } 1086 1087 smk_cipso_doi(); 1088 smk_unlbl_ambient(NULL); 1089 1090 return err; 1091 } 1092 1093 __initcall(init_smk_fs); 1094