1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/vmalloc.h> 21 #include <linux/security.h> 22 #include <linux/mutex.h> 23 #include <net/netlabel.h> 24 #include <net/cipso_ipv4.h> 25 #include <linux/seq_file.h> 26 #include <linux/ctype.h> 27 #include <linux/audit.h> 28 #include "smack.h" 29 30 /* 31 * smackfs pseudo filesystem. 32 */ 33 34 enum smk_inos { 35 SMK_ROOT_INO = 2, 36 SMK_LOAD = 3, /* load policy */ 37 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 38 SMK_DOI = 5, /* CIPSO DOI */ 39 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 40 SMK_AMBIENT = 7, /* internet ambient label */ 41 SMK_NLTYPE = 8, /* label scheme to use by default */ 42 SMK_ONLYCAP = 9, /* the only "capable" label */ 43 }; 44 45 /* 46 * List locks 47 */ 48 static DEFINE_MUTEX(smack_list_lock); 49 static DEFINE_MUTEX(smack_cipso_lock); 50 static DEFINE_MUTEX(smack_ambient_lock); 51 52 /* 53 * This is the "ambient" label for network traffic. 54 * If it isn't somehow marked, use this. 55 * It can be reset via smackfs/ambient 56 */ 57 char *smack_net_ambient = smack_known_floor.smk_known; 58 59 /* 60 * This is the default packet marking scheme for network traffic. 61 * It can be reset via smackfs/nltype 62 */ 63 int smack_net_nltype = NETLBL_NLTYPE_CIPSOV4; 64 65 /* 66 * This is the level in a CIPSO header that indicates a 67 * smack label is contained directly in the category set. 68 * It can be reset via smackfs/direct 69 */ 70 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 71 72 /* 73 * Unless a process is running with this label even 74 * having CAP_MAC_OVERRIDE isn't enough to grant 75 * privilege to violate MAC policy. If no label is 76 * designated (the NULL case) capabilities apply to 77 * everyone. It is expected that the hat (^) label 78 * will be used if any label is used. 79 */ 80 char *smack_onlycap; 81 82 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 83 struct smk_list_entry *smack_list; 84 85 #define SEQ_READ_FINISHED 1 86 87 /* 88 * Values for parsing cipso rules 89 * SMK_DIGITLEN: Length of a digit field in a rule. 90 * SMK_CIPSOMIN: Minimum possible cipso rule length. 91 * SMK_CIPSOMAX: Maximum possible cipso rule length. 92 */ 93 #define SMK_DIGITLEN 4 94 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 95 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 96 97 /* 98 * Values for parsing MAC rules 99 * SMK_ACCESS: Maximum possible combination of access permissions 100 * SMK_ACCESSLEN: Maximum length for a rule access field 101 * SMK_LOADLEN: Smack rule length 102 */ 103 #define SMK_ACCESS "rwxa" 104 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 105 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 106 107 108 /* 109 * Seq_file read operations for /smack/load 110 */ 111 112 static void *load_seq_start(struct seq_file *s, loff_t *pos) 113 { 114 if (*pos == SEQ_READ_FINISHED) 115 return NULL; 116 117 return smack_list; 118 } 119 120 static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) 121 { 122 struct smk_list_entry *skp = ((struct smk_list_entry *) v)->smk_next; 123 124 if (skp == NULL) 125 *pos = SEQ_READ_FINISHED; 126 127 return skp; 128 } 129 130 static int load_seq_show(struct seq_file *s, void *v) 131 { 132 struct smk_list_entry *slp = (struct smk_list_entry *) v; 133 struct smack_rule *srp = &slp->smk_rule; 134 135 seq_printf(s, "%s %s", (char *)srp->smk_subject, 136 (char *)srp->smk_object); 137 138 seq_putc(s, ' '); 139 140 if (srp->smk_access & MAY_READ) 141 seq_putc(s, 'r'); 142 if (srp->smk_access & MAY_WRITE) 143 seq_putc(s, 'w'); 144 if (srp->smk_access & MAY_EXEC) 145 seq_putc(s, 'x'); 146 if (srp->smk_access & MAY_APPEND) 147 seq_putc(s, 'a'); 148 if (srp->smk_access == 0) 149 seq_putc(s, '-'); 150 151 seq_putc(s, '\n'); 152 153 return 0; 154 } 155 156 static void load_seq_stop(struct seq_file *s, void *v) 157 { 158 /* No-op */ 159 } 160 161 static struct seq_operations load_seq_ops = { 162 .start = load_seq_start, 163 .next = load_seq_next, 164 .show = load_seq_show, 165 .stop = load_seq_stop, 166 }; 167 168 /** 169 * smk_open_load - open() for /smack/load 170 * @inode: inode structure representing file 171 * @file: "load" file pointer 172 * 173 * For reading, use load_seq_* seq_file reading operations. 174 */ 175 static int smk_open_load(struct inode *inode, struct file *file) 176 { 177 return seq_open(file, &load_seq_ops); 178 } 179 180 /** 181 * smk_set_access - add a rule to the rule list 182 * @srp: the new rule to add 183 * 184 * Looks through the current subject/object/access list for 185 * the subject/object pair and replaces the access that was 186 * there. If the pair isn't found add it with the specified 187 * access. 188 */ 189 static void smk_set_access(struct smack_rule *srp) 190 { 191 struct smk_list_entry *sp; 192 struct smk_list_entry *newp; 193 194 mutex_lock(&smack_list_lock); 195 196 for (sp = smack_list; sp != NULL; sp = sp->smk_next) 197 if (sp->smk_rule.smk_subject == srp->smk_subject && 198 sp->smk_rule.smk_object == srp->smk_object) { 199 sp->smk_rule.smk_access = srp->smk_access; 200 break; 201 } 202 203 if (sp == NULL) { 204 newp = kzalloc(sizeof(struct smk_list_entry), GFP_KERNEL); 205 newp->smk_rule = *srp; 206 newp->smk_next = smack_list; 207 smack_list = newp; 208 } 209 210 mutex_unlock(&smack_list_lock); 211 212 return; 213 } 214 215 /** 216 * smk_write_load - write() for /smack/load 217 * @filp: file pointer, not actually used 218 * @buf: where to get the data from 219 * @count: bytes sent 220 * @ppos: where to start - must be 0 221 * 222 * Get one smack access rule from above. 223 * The format is exactly: 224 * char subject[SMK_LABELLEN] 225 * char object[SMK_LABELLEN] 226 * char access[SMK_ACCESSLEN] 227 * 228 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. 229 */ 230 static ssize_t smk_write_load(struct file *file, const char __user *buf, 231 size_t count, loff_t *ppos) 232 { 233 struct smack_rule rule; 234 char *data; 235 int rc = -EINVAL; 236 237 /* 238 * Must have privilege. 239 * No partial writes. 240 * Enough data must be present. 241 */ 242 if (!capable(CAP_MAC_ADMIN)) 243 return -EPERM; 244 if (*ppos != 0) 245 return -EINVAL; 246 if (count != SMK_LOADLEN) 247 return -EINVAL; 248 249 data = kzalloc(count, GFP_KERNEL); 250 if (data == NULL) 251 return -ENOMEM; 252 253 if (copy_from_user(data, buf, count) != 0) { 254 rc = -EFAULT; 255 goto out; 256 } 257 258 rule.smk_subject = smk_import(data, 0); 259 if (rule.smk_subject == NULL) 260 goto out; 261 262 rule.smk_object = smk_import(data + SMK_LABELLEN, 0); 263 if (rule.smk_object == NULL) 264 goto out; 265 266 rule.smk_access = 0; 267 268 switch (data[SMK_LABELLEN + SMK_LABELLEN]) { 269 case '-': 270 break; 271 case 'r': 272 case 'R': 273 rule.smk_access |= MAY_READ; 274 break; 275 default: 276 goto out; 277 } 278 279 switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) { 280 case '-': 281 break; 282 case 'w': 283 case 'W': 284 rule.smk_access |= MAY_WRITE; 285 break; 286 default: 287 goto out; 288 } 289 290 switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) { 291 case '-': 292 break; 293 case 'x': 294 case 'X': 295 rule.smk_access |= MAY_EXEC; 296 break; 297 default: 298 goto out; 299 } 300 301 switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) { 302 case '-': 303 break; 304 case 'a': 305 case 'A': 306 rule.smk_access |= MAY_READ; 307 break; 308 default: 309 goto out; 310 } 311 312 smk_set_access(&rule); 313 rc = count; 314 315 out: 316 kfree(data); 317 return rc; 318 } 319 320 static const struct file_operations smk_load_ops = { 321 .open = smk_open_load, 322 .read = seq_read, 323 .llseek = seq_lseek, 324 .write = smk_write_load, 325 .release = seq_release, 326 }; 327 328 /** 329 * smk_cipso_doi - initialize the CIPSO domain 330 */ 331 static void smk_cipso_doi(void) 332 { 333 int rc; 334 struct cipso_v4_doi *doip; 335 struct netlbl_audit audit_info; 336 337 audit_info.loginuid = audit_get_loginuid(current); 338 audit_info.sessionid = audit_get_sessionid(current); 339 audit_info.secid = smack_to_secid(current->security); 340 341 rc = netlbl_cfg_map_del(NULL, &audit_info); 342 if (rc != 0) 343 printk(KERN_WARNING "%s:%d remove rc = %d\n", 344 __func__, __LINE__, rc); 345 346 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 347 if (doip == NULL) 348 panic("smack: Failed to initialize cipso DOI.\n"); 349 doip->map.std = NULL; 350 doip->doi = smk_cipso_doi_value; 351 doip->type = CIPSO_V4_MAP_PASS; 352 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 353 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 354 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 355 356 rc = netlbl_cfg_cipsov4_add_map(doip, NULL, &audit_info); 357 if (rc != 0) { 358 printk(KERN_WARNING "%s:%d add rc = %d\n", 359 __func__, __LINE__, rc); 360 kfree(doip); 361 } 362 } 363 364 /** 365 * smk_unlbl_ambient - initialize the unlabeled domain 366 */ 367 static void smk_unlbl_ambient(char *oldambient) 368 { 369 int rc; 370 struct netlbl_audit audit_info; 371 372 audit_info.loginuid = audit_get_loginuid(current); 373 audit_info.sessionid = audit_get_sessionid(current); 374 audit_info.secid = smack_to_secid(current->security); 375 376 if (oldambient != NULL) { 377 rc = netlbl_cfg_map_del(oldambient, &audit_info); 378 if (rc != 0) 379 printk(KERN_WARNING "%s:%d remove rc = %d\n", 380 __func__, __LINE__, rc); 381 } 382 383 rc = netlbl_cfg_unlbl_add_map(smack_net_ambient, &audit_info); 384 if (rc != 0) 385 printk(KERN_WARNING "%s:%d add rc = %d\n", 386 __func__, __LINE__, rc); 387 } 388 389 /* 390 * Seq_file read operations for /smack/cipso 391 */ 392 393 static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 394 { 395 if (*pos == SEQ_READ_FINISHED) 396 return NULL; 397 398 return smack_known; 399 } 400 401 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 402 { 403 struct smack_known *skp = ((struct smack_known *) v)->smk_next; 404 405 /* 406 * Omit labels with no associated cipso value 407 */ 408 while (skp != NULL && !skp->smk_cipso) 409 skp = skp->smk_next; 410 411 if (skp == NULL) 412 *pos = SEQ_READ_FINISHED; 413 414 return skp; 415 } 416 417 /* 418 * Print cipso labels in format: 419 * label level[/cat[,cat]] 420 */ 421 static int cipso_seq_show(struct seq_file *s, void *v) 422 { 423 struct smack_known *skp = (struct smack_known *) v; 424 struct smack_cipso *scp = skp->smk_cipso; 425 char *cbp; 426 char sep = '/'; 427 int cat = 1; 428 int i; 429 unsigned char m; 430 431 if (scp == NULL) 432 return 0; 433 434 seq_printf(s, "%s %3d", (char *)&skp->smk_known, scp->smk_level); 435 436 cbp = scp->smk_catset; 437 for (i = 0; i < SMK_LABELLEN; i++) 438 for (m = 0x80; m != 0; m >>= 1) { 439 if (m & cbp[i]) { 440 seq_printf(s, "%c%d", sep, cat); 441 sep = ','; 442 } 443 cat++; 444 } 445 446 seq_putc(s, '\n'); 447 448 return 0; 449 } 450 451 static void cipso_seq_stop(struct seq_file *s, void *v) 452 { 453 /* No-op */ 454 } 455 456 static struct seq_operations cipso_seq_ops = { 457 .start = cipso_seq_start, 458 .stop = cipso_seq_stop, 459 .next = cipso_seq_next, 460 .show = cipso_seq_show, 461 }; 462 463 /** 464 * smk_open_cipso - open() for /smack/cipso 465 * @inode: inode structure representing file 466 * @file: "cipso" file pointer 467 * 468 * Connect our cipso_seq_* operations with /smack/cipso 469 * file_operations 470 */ 471 static int smk_open_cipso(struct inode *inode, struct file *file) 472 { 473 return seq_open(file, &cipso_seq_ops); 474 } 475 476 /** 477 * smk_write_cipso - write() for /smack/cipso 478 * @filp: file pointer, not actually used 479 * @buf: where to get the data from 480 * @count: bytes sent 481 * @ppos: where to start 482 * 483 * Accepts only one cipso rule per write call. 484 * Returns number of bytes written or error code, as appropriate 485 */ 486 static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 487 size_t count, loff_t *ppos) 488 { 489 struct smack_known *skp; 490 struct smack_cipso *scp = NULL; 491 char mapcatset[SMK_LABELLEN]; 492 int maplevel; 493 int cat; 494 int catlen; 495 ssize_t rc = -EINVAL; 496 char *data = NULL; 497 char *rule; 498 int ret; 499 int i; 500 501 /* 502 * Must have privilege. 503 * No partial writes. 504 * Enough data must be present. 505 */ 506 if (!capable(CAP_MAC_ADMIN)) 507 return -EPERM; 508 if (*ppos != 0) 509 return -EINVAL; 510 if (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX) 511 return -EINVAL; 512 513 data = kzalloc(count + 1, GFP_KERNEL); 514 if (data == NULL) 515 return -ENOMEM; 516 517 if (copy_from_user(data, buf, count) != 0) { 518 rc = -EFAULT; 519 goto unlockedout; 520 } 521 522 data[count] = '\0'; 523 rule = data; 524 /* 525 * Only allow one writer at a time. Writes should be 526 * quite rare and small in any case. 527 */ 528 mutex_lock(&smack_cipso_lock); 529 530 skp = smk_import_entry(rule, 0); 531 if (skp == NULL) 532 goto out; 533 534 rule += SMK_LABELLEN;; 535 ret = sscanf(rule, "%d", &maplevel); 536 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 537 goto out; 538 539 rule += SMK_DIGITLEN; 540 ret = sscanf(rule, "%d", &catlen); 541 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 542 goto out; 543 544 if (count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 545 goto out; 546 547 memset(mapcatset, 0, sizeof(mapcatset)); 548 549 for (i = 0; i < catlen; i++) { 550 rule += SMK_DIGITLEN; 551 ret = sscanf(rule, "%d", &cat); 552 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL) 553 goto out; 554 555 smack_catset_bit(cat, mapcatset); 556 } 557 558 if (skp->smk_cipso == NULL) { 559 scp = kzalloc(sizeof(struct smack_cipso), GFP_KERNEL); 560 if (scp == NULL) { 561 rc = -ENOMEM; 562 goto out; 563 } 564 } 565 566 spin_lock_bh(&skp->smk_cipsolock); 567 568 if (scp == NULL) 569 scp = skp->smk_cipso; 570 else 571 skp->smk_cipso = scp; 572 573 scp->smk_level = maplevel; 574 memcpy(scp->smk_catset, mapcatset, sizeof(mapcatset)); 575 576 spin_unlock_bh(&skp->smk_cipsolock); 577 578 rc = count; 579 out: 580 mutex_unlock(&smack_cipso_lock); 581 unlockedout: 582 kfree(data); 583 return rc; 584 } 585 586 static const struct file_operations smk_cipso_ops = { 587 .open = smk_open_cipso, 588 .read = seq_read, 589 .llseek = seq_lseek, 590 .write = smk_write_cipso, 591 .release = seq_release, 592 }; 593 594 /** 595 * smk_read_doi - read() for /smack/doi 596 * @filp: file pointer, not actually used 597 * @buf: where to put the result 598 * @count: maximum to send along 599 * @ppos: where to start 600 * 601 * Returns number of bytes read or error code, as appropriate 602 */ 603 static ssize_t smk_read_doi(struct file *filp, char __user *buf, 604 size_t count, loff_t *ppos) 605 { 606 char temp[80]; 607 ssize_t rc; 608 609 if (*ppos != 0) 610 return 0; 611 612 sprintf(temp, "%d", smk_cipso_doi_value); 613 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 614 615 return rc; 616 } 617 618 /** 619 * smk_write_doi - write() for /smack/doi 620 * @filp: file pointer, not actually used 621 * @buf: where to get the data from 622 * @count: bytes sent 623 * @ppos: where to start 624 * 625 * Returns number of bytes written or error code, as appropriate 626 */ 627 static ssize_t smk_write_doi(struct file *file, const char __user *buf, 628 size_t count, loff_t *ppos) 629 { 630 char temp[80]; 631 int i; 632 633 if (!capable(CAP_MAC_ADMIN)) 634 return -EPERM; 635 636 if (count >= sizeof(temp) || count == 0) 637 return -EINVAL; 638 639 if (copy_from_user(temp, buf, count) != 0) 640 return -EFAULT; 641 642 temp[count] = '\0'; 643 644 if (sscanf(temp, "%d", &i) != 1) 645 return -EINVAL; 646 647 smk_cipso_doi_value = i; 648 649 smk_cipso_doi(); 650 651 return count; 652 } 653 654 static const struct file_operations smk_doi_ops = { 655 .read = smk_read_doi, 656 .write = smk_write_doi, 657 }; 658 659 /** 660 * smk_read_direct - read() for /smack/direct 661 * @filp: file pointer, not actually used 662 * @buf: where to put the result 663 * @count: maximum to send along 664 * @ppos: where to start 665 * 666 * Returns number of bytes read or error code, as appropriate 667 */ 668 static ssize_t smk_read_direct(struct file *filp, char __user *buf, 669 size_t count, loff_t *ppos) 670 { 671 char temp[80]; 672 ssize_t rc; 673 674 if (*ppos != 0) 675 return 0; 676 677 sprintf(temp, "%d", smack_cipso_direct); 678 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 679 680 return rc; 681 } 682 683 /** 684 * smk_write_direct - write() for /smack/direct 685 * @filp: file pointer, not actually used 686 * @buf: where to get the data from 687 * @count: bytes sent 688 * @ppos: where to start 689 * 690 * Returns number of bytes written or error code, as appropriate 691 */ 692 static ssize_t smk_write_direct(struct file *file, const char __user *buf, 693 size_t count, loff_t *ppos) 694 { 695 char temp[80]; 696 int i; 697 698 if (!capable(CAP_MAC_ADMIN)) 699 return -EPERM; 700 701 if (count >= sizeof(temp) || count == 0) 702 return -EINVAL; 703 704 if (copy_from_user(temp, buf, count) != 0) 705 return -EFAULT; 706 707 temp[count] = '\0'; 708 709 if (sscanf(temp, "%d", &i) != 1) 710 return -EINVAL; 711 712 smack_cipso_direct = i; 713 714 return count; 715 } 716 717 static const struct file_operations smk_direct_ops = { 718 .read = smk_read_direct, 719 .write = smk_write_direct, 720 }; 721 722 /** 723 * smk_read_ambient - read() for /smack/ambient 724 * @filp: file pointer, not actually used 725 * @buf: where to put the result 726 * @cn: maximum to send along 727 * @ppos: where to start 728 * 729 * Returns number of bytes read or error code, as appropriate 730 */ 731 static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 732 size_t cn, loff_t *ppos) 733 { 734 ssize_t rc; 735 int asize; 736 737 if (*ppos != 0) 738 return 0; 739 /* 740 * Being careful to avoid a problem in the case where 741 * smack_net_ambient gets changed in midstream. 742 */ 743 mutex_lock(&smack_ambient_lock); 744 745 asize = strlen(smack_net_ambient) + 1; 746 747 if (cn >= asize) 748 rc = simple_read_from_buffer(buf, cn, ppos, 749 smack_net_ambient, asize); 750 else 751 rc = -EINVAL; 752 753 mutex_unlock(&smack_ambient_lock); 754 755 return rc; 756 } 757 758 /** 759 * smk_write_ambient - write() for /smack/ambient 760 * @filp: file pointer, not actually used 761 * @buf: where to get the data from 762 * @count: bytes sent 763 * @ppos: where to start 764 * 765 * Returns number of bytes written or error code, as appropriate 766 */ 767 static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 768 size_t count, loff_t *ppos) 769 { 770 char in[SMK_LABELLEN]; 771 char *oldambient; 772 char *smack; 773 774 if (!capable(CAP_MAC_ADMIN)) 775 return -EPERM; 776 777 if (count >= SMK_LABELLEN) 778 return -EINVAL; 779 780 if (copy_from_user(in, buf, count) != 0) 781 return -EFAULT; 782 783 smack = smk_import(in, count); 784 if (smack == NULL) 785 return -EINVAL; 786 787 mutex_lock(&smack_ambient_lock); 788 789 oldambient = smack_net_ambient; 790 smack_net_ambient = smack; 791 smk_unlbl_ambient(oldambient); 792 793 mutex_unlock(&smack_ambient_lock); 794 795 return count; 796 } 797 798 static const struct file_operations smk_ambient_ops = { 799 .read = smk_read_ambient, 800 .write = smk_write_ambient, 801 }; 802 803 /** 804 * smk_read_onlycap - read() for /smack/onlycap 805 * @filp: file pointer, not actually used 806 * @buf: where to put the result 807 * @cn: maximum to send along 808 * @ppos: where to start 809 * 810 * Returns number of bytes read or error code, as appropriate 811 */ 812 static ssize_t smk_read_onlycap(struct file *filp, char __user *buf, 813 size_t cn, loff_t *ppos) 814 { 815 char *smack = ""; 816 ssize_t rc = -EINVAL; 817 int asize; 818 819 if (*ppos != 0) 820 return 0; 821 822 if (smack_onlycap != NULL) 823 smack = smack_onlycap; 824 825 asize = strlen(smack) + 1; 826 827 if (cn >= asize) 828 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 829 830 return rc; 831 } 832 833 /** 834 * smk_write_onlycap - write() for /smack/onlycap 835 * @filp: file pointer, not actually used 836 * @buf: where to get the data from 837 * @count: bytes sent 838 * @ppos: where to start 839 * 840 * Returns number of bytes written or error code, as appropriate 841 */ 842 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 843 size_t count, loff_t *ppos) 844 { 845 char in[SMK_LABELLEN]; 846 char *sp = current->security; 847 848 if (!capable(CAP_MAC_ADMIN)) 849 return -EPERM; 850 851 /* 852 * This can be done using smk_access() but is done 853 * explicitly for clarity. The smk_access() implementation 854 * would use smk_access(smack_onlycap, MAY_WRITE) 855 */ 856 if (smack_onlycap != NULL && smack_onlycap != sp) 857 return -EPERM; 858 859 if (count >= SMK_LABELLEN) 860 return -EINVAL; 861 862 if (copy_from_user(in, buf, count) != 0) 863 return -EFAULT; 864 865 /* 866 * Should the null string be passed in unset the onlycap value. 867 * This seems like something to be careful with as usually 868 * smk_import only expects to return NULL for errors. It 869 * is usually the case that a nullstring or "\n" would be 870 * bad to pass to smk_import but in fact this is useful here. 871 */ 872 smack_onlycap = smk_import(in, count); 873 874 return count; 875 } 876 877 static const struct file_operations smk_onlycap_ops = { 878 .read = smk_read_onlycap, 879 .write = smk_write_onlycap, 880 }; 881 882 struct option_names { 883 int o_number; 884 char *o_name; 885 char *o_alias; 886 }; 887 888 static struct option_names netlbl_choices[] = { 889 { NETLBL_NLTYPE_RIPSO, 890 NETLBL_NLTYPE_RIPSO_NAME, "ripso" }, 891 { NETLBL_NLTYPE_CIPSOV4, 892 NETLBL_NLTYPE_CIPSOV4_NAME, "cipsov4" }, 893 { NETLBL_NLTYPE_CIPSOV4, 894 NETLBL_NLTYPE_CIPSOV4_NAME, "cipso" }, 895 { NETLBL_NLTYPE_CIPSOV6, 896 NETLBL_NLTYPE_CIPSOV6_NAME, "cipsov6" }, 897 { NETLBL_NLTYPE_UNLABELED, 898 NETLBL_NLTYPE_UNLABELED_NAME, "unlabeled" }, 899 }; 900 901 /** 902 * smk_read_nltype - read() for /smack/nltype 903 * @filp: file pointer, not actually used 904 * @buf: where to put the result 905 * @count: maximum to send along 906 * @ppos: where to start 907 * 908 * Returns number of bytes read or error code, as appropriate 909 */ 910 static ssize_t smk_read_nltype(struct file *filp, char __user *buf, 911 size_t count, loff_t *ppos) 912 { 913 char bound[40]; 914 ssize_t rc; 915 int i; 916 917 if (count < SMK_LABELLEN) 918 return -EINVAL; 919 920 if (*ppos != 0) 921 return 0; 922 923 sprintf(bound, "unknown"); 924 925 for (i = 0; i < ARRAY_SIZE(netlbl_choices); i++) 926 if (smack_net_nltype == netlbl_choices[i].o_number) { 927 sprintf(bound, "%s", netlbl_choices[i].o_name); 928 break; 929 } 930 931 rc = simple_read_from_buffer(buf, count, ppos, bound, strlen(bound)); 932 933 return rc; 934 } 935 936 /** 937 * smk_write_nltype - write() for /smack/nltype 938 * @filp: file pointer, not actually used 939 * @buf: where to get the data from 940 * @count: bytes sent 941 * @ppos: where to start 942 * 943 * Returns number of bytes written or error code, as appropriate 944 */ 945 static ssize_t smk_write_nltype(struct file *file, const char __user *buf, 946 size_t count, loff_t *ppos) 947 { 948 char bound[40]; 949 char *cp; 950 int i; 951 952 if (!capable(CAP_MAC_ADMIN)) 953 return -EPERM; 954 955 if (count >= 40) 956 return -EINVAL; 957 958 if (copy_from_user(bound, buf, count) != 0) 959 return -EFAULT; 960 961 bound[count] = '\0'; 962 cp = strchr(bound, ' '); 963 if (cp != NULL) 964 *cp = '\0'; 965 cp = strchr(bound, '\n'); 966 if (cp != NULL) 967 *cp = '\0'; 968 969 for (i = 0; i < ARRAY_SIZE(netlbl_choices); i++) 970 if (strcmp(bound, netlbl_choices[i].o_name) == 0 || 971 strcmp(bound, netlbl_choices[i].o_alias) == 0) { 972 smack_net_nltype = netlbl_choices[i].o_number; 973 return count; 974 } 975 /* 976 * Not a valid choice. 977 */ 978 return -EINVAL; 979 } 980 981 static const struct file_operations smk_nltype_ops = { 982 .read = smk_read_nltype, 983 .write = smk_write_nltype, 984 }; 985 986 /** 987 * smk_fill_super - fill the /smackfs superblock 988 * @sb: the empty superblock 989 * @data: unused 990 * @silent: unused 991 * 992 * Fill in the well known entries for /smack 993 * 994 * Returns 0 on success, an error code on failure 995 */ 996 static int smk_fill_super(struct super_block *sb, void *data, int silent) 997 { 998 int rc; 999 struct inode *root_inode; 1000 1001 static struct tree_descr smack_files[] = { 1002 [SMK_LOAD] = 1003 {"load", &smk_load_ops, S_IRUGO|S_IWUSR}, 1004 [SMK_CIPSO] = 1005 {"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 1006 [SMK_DOI] = 1007 {"doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 1008 [SMK_DIRECT] = 1009 {"direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 1010 [SMK_AMBIENT] = 1011 {"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 1012 [SMK_NLTYPE] = 1013 {"nltype", &smk_nltype_ops, S_IRUGO|S_IWUSR}, 1014 [SMK_ONLYCAP] = 1015 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 1016 /* last one */ {""} 1017 }; 1018 1019 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 1020 if (rc != 0) { 1021 printk(KERN_ERR "%s failed %d while creating inodes\n", 1022 __func__, rc); 1023 return rc; 1024 } 1025 1026 root_inode = sb->s_root->d_inode; 1027 root_inode->i_security = new_inode_smack(smack_known_floor.smk_known); 1028 1029 return 0; 1030 } 1031 1032 /** 1033 * smk_get_sb - get the smackfs superblock 1034 * @fs_type: passed along without comment 1035 * @flags: passed along without comment 1036 * @dev_name: passed along without comment 1037 * @data: passed along without comment 1038 * @mnt: passed along without comment 1039 * 1040 * Just passes everything along. 1041 * 1042 * Returns what the lower level code does. 1043 */ 1044 static int smk_get_sb(struct file_system_type *fs_type, 1045 int flags, const char *dev_name, void *data, 1046 struct vfsmount *mnt) 1047 { 1048 return get_sb_single(fs_type, flags, data, smk_fill_super, mnt); 1049 } 1050 1051 static struct file_system_type smk_fs_type = { 1052 .name = "smackfs", 1053 .get_sb = smk_get_sb, 1054 .kill_sb = kill_litter_super, 1055 }; 1056 1057 static struct vfsmount *smackfs_mount; 1058 1059 /** 1060 * init_smk_fs - get the smackfs superblock 1061 * 1062 * register the smackfs 1063 * 1064 * Do not register smackfs if Smack wasn't enabled 1065 * on boot. We can not put this method normally under the 1066 * smack_init() code path since the security subsystem get 1067 * initialized before the vfs caches. 1068 * 1069 * Returns true if we were not chosen on boot or if 1070 * we were chosen and filesystem registration succeeded. 1071 */ 1072 static int __init init_smk_fs(void) 1073 { 1074 int err; 1075 1076 if (!security_module_enable(&smack_ops)) 1077 return 0; 1078 1079 err = register_filesystem(&smk_fs_type); 1080 if (!err) { 1081 smackfs_mount = kern_mount(&smk_fs_type); 1082 if (IS_ERR(smackfs_mount)) { 1083 printk(KERN_ERR "smackfs: could not mount!\n"); 1084 err = PTR_ERR(smackfs_mount); 1085 smackfs_mount = NULL; 1086 } 1087 } 1088 1089 smk_cipso_doi(); 1090 smk_unlbl_ambient(NULL); 1091 1092 return err; 1093 } 1094 1095 __initcall(init_smk_fs); 1096