1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/vmalloc.h> 21 #include <linux/security.h> 22 #include <linux/mutex.h> 23 #include <linux/slab.h> 24 #include <net/net_namespace.h> 25 #include <net/cipso_ipv4.h> 26 #include <linux/seq_file.h> 27 #include <linux/ctype.h> 28 #include <linux/audit.h> 29 #include <linux/magic.h> 30 #include "smack.h" 31 32 /* 33 * smackfs pseudo filesystem. 34 */ 35 36 enum smk_inos { 37 SMK_ROOT_INO = 2, 38 SMK_LOAD = 3, /* load policy */ 39 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 40 SMK_DOI = 5, /* CIPSO DOI */ 41 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 42 SMK_AMBIENT = 7, /* internet ambient label */ 43 SMK_NETLBLADDR = 8, /* single label hosts */ 44 SMK_ONLYCAP = 9, /* the only "capable" label */ 45 SMK_LOGGING = 10, /* logging */ 46 SMK_LOAD_SELF = 11, /* task specific rules */ 47 SMK_ACCESSES = 12, /* access policy */ 48 SMK_MAPPED = 13, /* CIPSO level indicating mapped label */ 49 SMK_LOAD2 = 14, /* load policy with long labels */ 50 SMK_LOAD_SELF2 = 15, /* load task specific rules with long labels */ 51 SMK_ACCESS2 = 16, /* make an access check with long labels */ 52 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */ 53 SMK_REVOKE_SUBJ = 18, /* set rules with subject label to '-' */ 54 SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */ 55 SMK_SYSLOG = 20, /* change syslog label) */ 56 SMK_PTRACE = 21, /* set ptrace rule */ 57 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 58 SMK_UNCONFINED = 22, /* define an unconfined label */ 59 #endif 60 }; 61 62 /* 63 * List locks 64 */ 65 static DEFINE_MUTEX(smack_cipso_lock); 66 static DEFINE_MUTEX(smack_ambient_lock); 67 static DEFINE_MUTEX(smk_netlbladdr_lock); 68 69 /* 70 * This is the "ambient" label for network traffic. 71 * If it isn't somehow marked, use this. 72 * It can be reset via smackfs/ambient 73 */ 74 struct smack_known *smack_net_ambient; 75 76 /* 77 * This is the level in a CIPSO header that indicates a 78 * smack label is contained directly in the category set. 79 * It can be reset via smackfs/direct 80 */ 81 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 82 83 /* 84 * This is the level in a CIPSO header that indicates a 85 * secid is contained directly in the category set. 86 * It can be reset via smackfs/mapped 87 */ 88 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT; 89 90 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 91 /* 92 * Allow one label to be unconfined. This is for 93 * debugging and application bring-up purposes only. 94 * It is bad and wrong, but everyone seems to expect 95 * to have it. 96 */ 97 struct smack_known *smack_unconfined; 98 #endif 99 100 /* 101 * If this value is set restrict syslog use to the label specified. 102 * It can be reset via smackfs/syslog 103 */ 104 struct smack_known *smack_syslog_label; 105 106 /* 107 * Ptrace current rule 108 * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based) 109 * SMACK_PTRACE_EXACT labels must match, but can be overriden with 110 * CAP_SYS_PTRACE 111 * SMACK_PTRACE_DRACONIAN lables must match, CAP_SYS_PTRACE has no effect 112 */ 113 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT; 114 115 /* 116 * Certain IP addresses may be designated as single label hosts. 117 * Packets are sent there unlabeled, but only from tasks that 118 * can write to the specified label. 119 */ 120 121 LIST_HEAD(smk_netlbladdr_list); 122 123 /* 124 * Rule lists are maintained for each label. 125 * This master list is just for reading /smack/load and /smack/load2. 126 */ 127 struct smack_master_list { 128 struct list_head list; 129 struct smack_rule *smk_rule; 130 }; 131 132 LIST_HEAD(smack_rule_list); 133 134 struct smack_parsed_rule { 135 struct smack_known *smk_subject; 136 struct smack_known *smk_object; 137 int smk_access1; 138 int smk_access2; 139 }; 140 141 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 142 143 struct smack_known smack_cipso_option = { 144 .smk_known = SMACK_CIPSO_OPTION, 145 .smk_secid = 0, 146 }; 147 148 /* 149 * Values for parsing cipso rules 150 * SMK_DIGITLEN: Length of a digit field in a rule. 151 * SMK_CIPSOMIN: Minimum possible cipso rule length. 152 * SMK_CIPSOMAX: Maximum possible cipso rule length. 153 */ 154 #define SMK_DIGITLEN 4 155 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 156 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 157 158 /* 159 * Values for parsing MAC rules 160 * SMK_ACCESS: Maximum possible combination of access permissions 161 * SMK_ACCESSLEN: Maximum length for a rule access field 162 * SMK_LOADLEN: Smack rule length 163 */ 164 #define SMK_OACCESS "rwxa" 165 #define SMK_ACCESS "rwxatl" 166 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1) 167 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 168 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN) 169 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 170 171 /* 172 * Stricly for CIPSO level manipulation. 173 * Set the category bit number in a smack label sized buffer. 174 */ 175 static inline void smack_catset_bit(unsigned int cat, char *catsetp) 176 { 177 if (cat == 0 || cat > (SMK_CIPSOLEN * 8)) 178 return; 179 180 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8); 181 } 182 183 /** 184 * smk_netlabel_audit_set - fill a netlbl_audit struct 185 * @nap: structure to fill 186 */ 187 static void smk_netlabel_audit_set(struct netlbl_audit *nap) 188 { 189 struct smack_known *skp = smk_of_current(); 190 191 nap->loginuid = audit_get_loginuid(current); 192 nap->sessionid = audit_get_sessionid(current); 193 nap->secid = skp->smk_secid; 194 } 195 196 /* 197 * Value for parsing single label host rules 198 * "1.2.3.4 X" 199 */ 200 #define SMK_NETLBLADDRMIN 9 201 202 /** 203 * smk_set_access - add a rule to the rule list or replace an old rule 204 * @srp: the rule to add or replace 205 * @rule_list: the list of rules 206 * @rule_lock: the rule list lock 207 * @global: if non-zero, indicates a global rule 208 * 209 * Looks through the current subject/object/access list for 210 * the subject/object pair and replaces the access that was 211 * there. If the pair isn't found add it with the specified 212 * access. 213 * 214 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 215 * during the allocation of the new pair to add. 216 */ 217 static int smk_set_access(struct smack_parsed_rule *srp, 218 struct list_head *rule_list, 219 struct mutex *rule_lock, int global) 220 { 221 struct smack_rule *sp; 222 struct smack_master_list *smlp; 223 int found = 0; 224 int rc = 0; 225 226 mutex_lock(rule_lock); 227 228 /* 229 * Because the object label is less likely to match 230 * than the subject label check it first 231 */ 232 list_for_each_entry_rcu(sp, rule_list, list) { 233 if (sp->smk_object == srp->smk_object && 234 sp->smk_subject == srp->smk_subject) { 235 found = 1; 236 sp->smk_access |= srp->smk_access1; 237 sp->smk_access &= ~srp->smk_access2; 238 break; 239 } 240 } 241 242 if (found == 0) { 243 sp = kzalloc(sizeof(*sp), GFP_KERNEL); 244 if (sp == NULL) { 245 rc = -ENOMEM; 246 goto out; 247 } 248 249 sp->smk_subject = srp->smk_subject; 250 sp->smk_object = srp->smk_object; 251 sp->smk_access = srp->smk_access1 & ~srp->smk_access2; 252 253 list_add_rcu(&sp->list, rule_list); 254 /* 255 * If this is a global as opposed to self and a new rule 256 * it needs to get added for reporting. 257 */ 258 if (global) { 259 smlp = kzalloc(sizeof(*smlp), GFP_KERNEL); 260 if (smlp != NULL) { 261 smlp->smk_rule = sp; 262 list_add_rcu(&smlp->list, &smack_rule_list); 263 } else 264 rc = -ENOMEM; 265 } 266 } 267 268 out: 269 mutex_unlock(rule_lock); 270 return rc; 271 } 272 273 /** 274 * smk_perm_from_str - parse smack accesses from a text string 275 * @string: a text string that contains a Smack accesses code 276 * 277 * Returns an integer with respective bits set for specified accesses. 278 */ 279 static int smk_perm_from_str(const char *string) 280 { 281 int perm = 0; 282 const char *cp; 283 284 for (cp = string; ; cp++) 285 switch (*cp) { 286 case '-': 287 break; 288 case 'r': 289 case 'R': 290 perm |= MAY_READ; 291 break; 292 case 'w': 293 case 'W': 294 perm |= MAY_WRITE; 295 break; 296 case 'x': 297 case 'X': 298 perm |= MAY_EXEC; 299 break; 300 case 'a': 301 case 'A': 302 perm |= MAY_APPEND; 303 break; 304 case 't': 305 case 'T': 306 perm |= MAY_TRANSMUTE; 307 break; 308 case 'l': 309 case 'L': 310 perm |= MAY_LOCK; 311 break; 312 case 'b': 313 case 'B': 314 perm |= MAY_BRINGUP; 315 break; 316 default: 317 return perm; 318 } 319 } 320 321 /** 322 * smk_fill_rule - Fill Smack rule from strings 323 * @subject: subject label string 324 * @object: object label string 325 * @access1: access string 326 * @access2: string with permissions to be removed 327 * @rule: Smack rule 328 * @import: if non-zero, import labels 329 * @len: label length limit 330 * 331 * Returns 0 on success, appropriate error code on failure. 332 */ 333 static int smk_fill_rule(const char *subject, const char *object, 334 const char *access1, const char *access2, 335 struct smack_parsed_rule *rule, int import, 336 int len) 337 { 338 const char *cp; 339 struct smack_known *skp; 340 341 if (import) { 342 rule->smk_subject = smk_import_entry(subject, len); 343 if (IS_ERR(rule->smk_subject)) 344 return PTR_ERR(rule->smk_subject); 345 346 rule->smk_object = smk_import_entry(object, len); 347 if (IS_ERR(rule->smk_object)) 348 return PTR_ERR(rule->smk_object); 349 } else { 350 cp = smk_parse_smack(subject, len); 351 if (IS_ERR(cp)) 352 return PTR_ERR(cp); 353 skp = smk_find_entry(cp); 354 kfree(cp); 355 if (skp == NULL) 356 return -ENOENT; 357 rule->smk_subject = skp; 358 359 cp = smk_parse_smack(object, len); 360 if (IS_ERR(cp)) 361 return PTR_ERR(cp); 362 skp = smk_find_entry(cp); 363 kfree(cp); 364 if (skp == NULL) 365 return -ENOENT; 366 rule->smk_object = skp; 367 } 368 369 rule->smk_access1 = smk_perm_from_str(access1); 370 if (access2) 371 rule->smk_access2 = smk_perm_from_str(access2); 372 else 373 rule->smk_access2 = ~rule->smk_access1; 374 375 return 0; 376 } 377 378 /** 379 * smk_parse_rule - parse Smack rule from load string 380 * @data: string to be parsed whose size is SMK_LOADLEN 381 * @rule: Smack rule 382 * @import: if non-zero, import labels 383 * 384 * Returns 0 on success, -1 on errors. 385 */ 386 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule, 387 int import) 388 { 389 int rc; 390 391 rc = smk_fill_rule(data, data + SMK_LABELLEN, 392 data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule, 393 import, SMK_LABELLEN); 394 return rc; 395 } 396 397 /** 398 * smk_parse_long_rule - parse Smack rule from rule string 399 * @data: string to be parsed, null terminated 400 * @rule: Will be filled with Smack parsed rule 401 * @import: if non-zero, import labels 402 * @tokens: numer of substrings expected in data 403 * 404 * Returns number of processed bytes on success, -ERRNO on failure. 405 */ 406 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule, 407 int import, int tokens) 408 { 409 ssize_t cnt = 0; 410 char *tok[4]; 411 int rc; 412 int i; 413 414 /* 415 * Parsing the rule in-place, filling all white-spaces with '\0' 416 */ 417 for (i = 0; i < tokens; ++i) { 418 while (isspace(data[cnt])) 419 data[cnt++] = '\0'; 420 421 if (data[cnt] == '\0') 422 /* Unexpected end of data */ 423 return -EINVAL; 424 425 tok[i] = data + cnt; 426 427 while (data[cnt] && !isspace(data[cnt])) 428 ++cnt; 429 } 430 while (isspace(data[cnt])) 431 data[cnt++] = '\0'; 432 433 while (i < 4) 434 tok[i++] = NULL; 435 436 rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0); 437 return rc == 0 ? cnt : rc; 438 } 439 440 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */ 441 #define SMK_LONG_FMT 1 /* Variable long label format */ 442 #define SMK_CHANGE_FMT 2 /* Rule modification format */ 443 /** 444 * smk_write_rules_list - write() for any /smack rule file 445 * @file: file pointer, not actually used 446 * @buf: where to get the data from 447 * @count: bytes sent 448 * @ppos: where to start - must be 0 449 * @rule_list: the list of rules to write to 450 * @rule_lock: lock for the rule list 451 * @format: /smack/load or /smack/load2 or /smack/change-rule format. 452 * 453 * Get one smack access rule from above. 454 * The format for SMK_LONG_FMT is: 455 * "subject<whitespace>object<whitespace>access[<whitespace>...]" 456 * The format for SMK_FIXED24_FMT is exactly: 457 * "subject object rwxat" 458 * The format for SMK_CHANGE_FMT is: 459 * "subject<whitespace>object<whitespace> 460 * acc_enable<whitespace>acc_disable[<whitespace>...]" 461 */ 462 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf, 463 size_t count, loff_t *ppos, 464 struct list_head *rule_list, 465 struct mutex *rule_lock, int format) 466 { 467 struct smack_parsed_rule rule; 468 char *data; 469 int rc; 470 int trunc = 0; 471 int tokens; 472 ssize_t cnt = 0; 473 474 /* 475 * No partial writes. 476 * Enough data must be present. 477 */ 478 if (*ppos != 0) 479 return -EINVAL; 480 481 if (format == SMK_FIXED24_FMT) { 482 /* 483 * Minor hack for backward compatibility 484 */ 485 if (count < SMK_OLOADLEN || count > SMK_LOADLEN) 486 return -EINVAL; 487 } else { 488 if (count >= PAGE_SIZE) { 489 count = PAGE_SIZE - 1; 490 trunc = 1; 491 } 492 } 493 494 data = kmalloc(count + 1, GFP_KERNEL); 495 if (data == NULL) 496 return -ENOMEM; 497 498 if (copy_from_user(data, buf, count) != 0) { 499 rc = -EFAULT; 500 goto out; 501 } 502 503 /* 504 * In case of parsing only part of user buf, 505 * avoid having partial rule at the data buffer 506 */ 507 if (trunc) { 508 while (count > 0 && (data[count - 1] != '\n')) 509 --count; 510 if (count == 0) { 511 rc = -EINVAL; 512 goto out; 513 } 514 } 515 516 data[count] = '\0'; 517 tokens = (format == SMK_CHANGE_FMT ? 4 : 3); 518 while (cnt < count) { 519 if (format == SMK_FIXED24_FMT) { 520 rc = smk_parse_rule(data, &rule, 1); 521 if (rc < 0) 522 goto out; 523 cnt = count; 524 } else { 525 rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens); 526 if (rc < 0) 527 goto out; 528 if (rc == 0) { 529 rc = -EINVAL; 530 goto out; 531 } 532 cnt += rc; 533 } 534 535 if (rule_list == NULL) 536 rc = smk_set_access(&rule, &rule.smk_subject->smk_rules, 537 &rule.smk_subject->smk_rules_lock, 1); 538 else 539 rc = smk_set_access(&rule, rule_list, rule_lock, 0); 540 541 if (rc) 542 goto out; 543 } 544 545 rc = cnt; 546 out: 547 kfree(data); 548 return rc; 549 } 550 551 /* 552 * Core logic for smackfs seq list operations. 553 */ 554 555 static void *smk_seq_start(struct seq_file *s, loff_t *pos, 556 struct list_head *head) 557 { 558 struct list_head *list; 559 int i = *pos; 560 561 rcu_read_lock(); 562 for (list = rcu_dereference(list_next_rcu(head)); 563 list != head; 564 list = rcu_dereference(list_next_rcu(list))) { 565 if (i-- == 0) 566 return list; 567 } 568 569 return NULL; 570 } 571 572 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos, 573 struct list_head *head) 574 { 575 struct list_head *list = v; 576 577 ++*pos; 578 list = rcu_dereference(list_next_rcu(list)); 579 580 return (list == head) ? NULL : list; 581 } 582 583 static void smk_seq_stop(struct seq_file *s, void *v) 584 { 585 rcu_read_unlock(); 586 } 587 588 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max) 589 { 590 /* 591 * Don't show any rules with label names too long for 592 * interface file (/smack/load or /smack/load2) 593 * because you should expect to be able to write 594 * anything you read back. 595 */ 596 if (strlen(srp->smk_subject->smk_known) >= max || 597 strlen(srp->smk_object->smk_known) >= max) 598 return; 599 600 if (srp->smk_access == 0) 601 return; 602 603 seq_printf(s, "%s %s", 604 srp->smk_subject->smk_known, 605 srp->smk_object->smk_known); 606 607 seq_putc(s, ' '); 608 609 if (srp->smk_access & MAY_READ) 610 seq_putc(s, 'r'); 611 if (srp->smk_access & MAY_WRITE) 612 seq_putc(s, 'w'); 613 if (srp->smk_access & MAY_EXEC) 614 seq_putc(s, 'x'); 615 if (srp->smk_access & MAY_APPEND) 616 seq_putc(s, 'a'); 617 if (srp->smk_access & MAY_TRANSMUTE) 618 seq_putc(s, 't'); 619 if (srp->smk_access & MAY_LOCK) 620 seq_putc(s, 'l'); 621 if (srp->smk_access & MAY_BRINGUP) 622 seq_putc(s, 'b'); 623 624 seq_putc(s, '\n'); 625 } 626 627 /* 628 * Seq_file read operations for /smack/load 629 */ 630 631 static void *load2_seq_start(struct seq_file *s, loff_t *pos) 632 { 633 return smk_seq_start(s, pos, &smack_rule_list); 634 } 635 636 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos) 637 { 638 return smk_seq_next(s, v, pos, &smack_rule_list); 639 } 640 641 static int load_seq_show(struct seq_file *s, void *v) 642 { 643 struct list_head *list = v; 644 struct smack_master_list *smlp = 645 list_entry_rcu(list, struct smack_master_list, list); 646 647 smk_rule_show(s, smlp->smk_rule, SMK_LABELLEN); 648 649 return 0; 650 } 651 652 static const struct seq_operations load_seq_ops = { 653 .start = load2_seq_start, 654 .next = load2_seq_next, 655 .show = load_seq_show, 656 .stop = smk_seq_stop, 657 }; 658 659 /** 660 * smk_open_load - open() for /smack/load 661 * @inode: inode structure representing file 662 * @file: "load" file pointer 663 * 664 * For reading, use load_seq_* seq_file reading operations. 665 */ 666 static int smk_open_load(struct inode *inode, struct file *file) 667 { 668 return seq_open(file, &load_seq_ops); 669 } 670 671 /** 672 * smk_write_load - write() for /smack/load 673 * @file: file pointer, not actually used 674 * @buf: where to get the data from 675 * @count: bytes sent 676 * @ppos: where to start - must be 0 677 * 678 */ 679 static ssize_t smk_write_load(struct file *file, const char __user *buf, 680 size_t count, loff_t *ppos) 681 { 682 /* 683 * Must have privilege. 684 * No partial writes. 685 * Enough data must be present. 686 */ 687 if (!smack_privileged(CAP_MAC_ADMIN)) 688 return -EPERM; 689 690 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL, 691 SMK_FIXED24_FMT); 692 } 693 694 static const struct file_operations smk_load_ops = { 695 .open = smk_open_load, 696 .read = seq_read, 697 .llseek = seq_lseek, 698 .write = smk_write_load, 699 .release = seq_release, 700 }; 701 702 /** 703 * smk_cipso_doi - initialize the CIPSO domain 704 */ 705 static void smk_cipso_doi(void) 706 { 707 int rc; 708 struct cipso_v4_doi *doip; 709 struct netlbl_audit nai; 710 711 smk_netlabel_audit_set(&nai); 712 713 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); 714 if (rc != 0) 715 printk(KERN_WARNING "%s:%d remove rc = %d\n", 716 __func__, __LINE__, rc); 717 718 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 719 if (doip == NULL) 720 panic("smack: Failed to initialize cipso DOI.\n"); 721 doip->map.std = NULL; 722 doip->doi = smk_cipso_doi_value; 723 doip->type = CIPSO_V4_MAP_PASS; 724 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 725 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 726 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 727 728 rc = netlbl_cfg_cipsov4_add(doip, &nai); 729 if (rc != 0) { 730 printk(KERN_WARNING "%s:%d cipso add rc = %d\n", 731 __func__, __LINE__, rc); 732 kfree(doip); 733 return; 734 } 735 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); 736 if (rc != 0) { 737 printk(KERN_WARNING "%s:%d map add rc = %d\n", 738 __func__, __LINE__, rc); 739 kfree(doip); 740 return; 741 } 742 } 743 744 /** 745 * smk_unlbl_ambient - initialize the unlabeled domain 746 * @oldambient: previous domain string 747 */ 748 static void smk_unlbl_ambient(char *oldambient) 749 { 750 int rc; 751 struct netlbl_audit nai; 752 753 smk_netlabel_audit_set(&nai); 754 755 if (oldambient != NULL) { 756 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); 757 if (rc != 0) 758 printk(KERN_WARNING "%s:%d remove rc = %d\n", 759 __func__, __LINE__, rc); 760 } 761 if (smack_net_ambient == NULL) 762 smack_net_ambient = &smack_known_floor; 763 764 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET, 765 NULL, NULL, &nai); 766 if (rc != 0) 767 printk(KERN_WARNING "%s:%d add rc = %d\n", 768 __func__, __LINE__, rc); 769 } 770 771 /* 772 * Seq_file read operations for /smack/cipso 773 */ 774 775 static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 776 { 777 return smk_seq_start(s, pos, &smack_known_list); 778 } 779 780 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 781 { 782 return smk_seq_next(s, v, pos, &smack_known_list); 783 } 784 785 /* 786 * Print cipso labels in format: 787 * label level[/cat[,cat]] 788 */ 789 static int cipso_seq_show(struct seq_file *s, void *v) 790 { 791 struct list_head *list = v; 792 struct smack_known *skp = 793 list_entry_rcu(list, struct smack_known, list); 794 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat; 795 char sep = '/'; 796 int i; 797 798 /* 799 * Don't show a label that could not have been set using 800 * /smack/cipso. This is in support of the notion that 801 * anything read from /smack/cipso ought to be writeable 802 * to /smack/cipso. 803 * 804 * /smack/cipso2 should be used instead. 805 */ 806 if (strlen(skp->smk_known) >= SMK_LABELLEN) 807 return 0; 808 809 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl); 810 811 for (i = netlbl_catmap_walk(cmp, 0); i >= 0; 812 i = netlbl_catmap_walk(cmp, i + 1)) { 813 seq_printf(s, "%c%d", sep, i); 814 sep = ','; 815 } 816 817 seq_putc(s, '\n'); 818 819 return 0; 820 } 821 822 static const struct seq_operations cipso_seq_ops = { 823 .start = cipso_seq_start, 824 .next = cipso_seq_next, 825 .show = cipso_seq_show, 826 .stop = smk_seq_stop, 827 }; 828 829 /** 830 * smk_open_cipso - open() for /smack/cipso 831 * @inode: inode structure representing file 832 * @file: "cipso" file pointer 833 * 834 * Connect our cipso_seq_* operations with /smack/cipso 835 * file_operations 836 */ 837 static int smk_open_cipso(struct inode *inode, struct file *file) 838 { 839 return seq_open(file, &cipso_seq_ops); 840 } 841 842 /** 843 * smk_set_cipso - do the work for write() for cipso and cipso2 844 * @file: file pointer, not actually used 845 * @buf: where to get the data from 846 * @count: bytes sent 847 * @ppos: where to start 848 * @format: /smack/cipso or /smack/cipso2 849 * 850 * Accepts only one cipso rule per write call. 851 * Returns number of bytes written or error code, as appropriate 852 */ 853 static ssize_t smk_set_cipso(struct file *file, const char __user *buf, 854 size_t count, loff_t *ppos, int format) 855 { 856 struct smack_known *skp; 857 struct netlbl_lsm_secattr ncats; 858 char mapcatset[SMK_CIPSOLEN]; 859 int maplevel; 860 unsigned int cat; 861 int catlen; 862 ssize_t rc = -EINVAL; 863 char *data = NULL; 864 char *rule; 865 int ret; 866 int i; 867 868 /* 869 * Must have privilege. 870 * No partial writes. 871 * Enough data must be present. 872 */ 873 if (!smack_privileged(CAP_MAC_ADMIN)) 874 return -EPERM; 875 if (*ppos != 0) 876 return -EINVAL; 877 if (format == SMK_FIXED24_FMT && 878 (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX)) 879 return -EINVAL; 880 881 data = kzalloc(count + 1, GFP_KERNEL); 882 if (data == NULL) 883 return -ENOMEM; 884 885 if (copy_from_user(data, buf, count) != 0) { 886 rc = -EFAULT; 887 goto unlockedout; 888 } 889 890 data[count] = '\0'; 891 rule = data; 892 /* 893 * Only allow one writer at a time. Writes should be 894 * quite rare and small in any case. 895 */ 896 mutex_lock(&smack_cipso_lock); 897 898 skp = smk_import_entry(rule, 0); 899 if (IS_ERR(skp)) { 900 rc = PTR_ERR(skp); 901 goto out; 902 } 903 904 if (format == SMK_FIXED24_FMT) 905 rule += SMK_LABELLEN; 906 else 907 rule += strlen(skp->smk_known) + 1; 908 909 ret = sscanf(rule, "%d", &maplevel); 910 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 911 goto out; 912 913 rule += SMK_DIGITLEN; 914 ret = sscanf(rule, "%d", &catlen); 915 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 916 goto out; 917 918 if (format == SMK_FIXED24_FMT && 919 count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 920 goto out; 921 922 memset(mapcatset, 0, sizeof(mapcatset)); 923 924 for (i = 0; i < catlen; i++) { 925 rule += SMK_DIGITLEN; 926 ret = sscanf(rule, "%u", &cat); 927 if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM) 928 goto out; 929 930 smack_catset_bit(cat, mapcatset); 931 } 932 933 rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN); 934 if (rc >= 0) { 935 netlbl_catmap_free(skp->smk_netlabel.attr.mls.cat); 936 skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat; 937 skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl; 938 rc = count; 939 } 940 941 out: 942 mutex_unlock(&smack_cipso_lock); 943 unlockedout: 944 kfree(data); 945 return rc; 946 } 947 948 /** 949 * smk_write_cipso - write() for /smack/cipso 950 * @file: file pointer, not actually used 951 * @buf: where to get the data from 952 * @count: bytes sent 953 * @ppos: where to start 954 * 955 * Accepts only one cipso rule per write call. 956 * Returns number of bytes written or error code, as appropriate 957 */ 958 static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 959 size_t count, loff_t *ppos) 960 { 961 return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT); 962 } 963 964 static const struct file_operations smk_cipso_ops = { 965 .open = smk_open_cipso, 966 .read = seq_read, 967 .llseek = seq_lseek, 968 .write = smk_write_cipso, 969 .release = seq_release, 970 }; 971 972 /* 973 * Seq_file read operations for /smack/cipso2 974 */ 975 976 /* 977 * Print cipso labels in format: 978 * label level[/cat[,cat]] 979 */ 980 static int cipso2_seq_show(struct seq_file *s, void *v) 981 { 982 struct list_head *list = v; 983 struct smack_known *skp = 984 list_entry_rcu(list, struct smack_known, list); 985 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat; 986 char sep = '/'; 987 int i; 988 989 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl); 990 991 for (i = netlbl_catmap_walk(cmp, 0); i >= 0; 992 i = netlbl_catmap_walk(cmp, i + 1)) { 993 seq_printf(s, "%c%d", sep, i); 994 sep = ','; 995 } 996 997 seq_putc(s, '\n'); 998 999 return 0; 1000 } 1001 1002 static const struct seq_operations cipso2_seq_ops = { 1003 .start = cipso_seq_start, 1004 .next = cipso_seq_next, 1005 .show = cipso2_seq_show, 1006 .stop = smk_seq_stop, 1007 }; 1008 1009 /** 1010 * smk_open_cipso2 - open() for /smack/cipso2 1011 * @inode: inode structure representing file 1012 * @file: "cipso2" file pointer 1013 * 1014 * Connect our cipso_seq_* operations with /smack/cipso2 1015 * file_operations 1016 */ 1017 static int smk_open_cipso2(struct inode *inode, struct file *file) 1018 { 1019 return seq_open(file, &cipso2_seq_ops); 1020 } 1021 1022 /** 1023 * smk_write_cipso2 - write() for /smack/cipso2 1024 * @file: file pointer, not actually used 1025 * @buf: where to get the data from 1026 * @count: bytes sent 1027 * @ppos: where to start 1028 * 1029 * Accepts only one cipso rule per write call. 1030 * Returns number of bytes written or error code, as appropriate 1031 */ 1032 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf, 1033 size_t count, loff_t *ppos) 1034 { 1035 return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT); 1036 } 1037 1038 static const struct file_operations smk_cipso2_ops = { 1039 .open = smk_open_cipso2, 1040 .read = seq_read, 1041 .llseek = seq_lseek, 1042 .write = smk_write_cipso2, 1043 .release = seq_release, 1044 }; 1045 1046 /* 1047 * Seq_file read operations for /smack/netlabel 1048 */ 1049 1050 static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos) 1051 { 1052 return smk_seq_start(s, pos, &smk_netlbladdr_list); 1053 } 1054 1055 static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos) 1056 { 1057 return smk_seq_next(s, v, pos, &smk_netlbladdr_list); 1058 } 1059 #define BEBITS (sizeof(__be32) * 8) 1060 1061 /* 1062 * Print host/label pairs 1063 */ 1064 static int netlbladdr_seq_show(struct seq_file *s, void *v) 1065 { 1066 struct list_head *list = v; 1067 struct smk_netlbladdr *skp = 1068 list_entry_rcu(list, struct smk_netlbladdr, list); 1069 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr; 1070 int maskn; 1071 u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr); 1072 1073 for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++); 1074 1075 seq_printf(s, "%u.%u.%u.%u/%d %s\n", 1076 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label->smk_known); 1077 1078 return 0; 1079 } 1080 1081 static const struct seq_operations netlbladdr_seq_ops = { 1082 .start = netlbladdr_seq_start, 1083 .next = netlbladdr_seq_next, 1084 .show = netlbladdr_seq_show, 1085 .stop = smk_seq_stop, 1086 }; 1087 1088 /** 1089 * smk_open_netlbladdr - open() for /smack/netlabel 1090 * @inode: inode structure representing file 1091 * @file: "netlabel" file pointer 1092 * 1093 * Connect our netlbladdr_seq_* operations with /smack/netlabel 1094 * file_operations 1095 */ 1096 static int smk_open_netlbladdr(struct inode *inode, struct file *file) 1097 { 1098 return seq_open(file, &netlbladdr_seq_ops); 1099 } 1100 1101 /** 1102 * smk_netlbladdr_insert 1103 * @new : netlabel to insert 1104 * 1105 * This helper insert netlabel in the smack_netlbladdrs list 1106 * sorted by netmask length (longest to smallest) 1107 * locked by &smk_netlbladdr_lock in smk_write_netlbladdr 1108 * 1109 */ 1110 static void smk_netlbladdr_insert(struct smk_netlbladdr *new) 1111 { 1112 struct smk_netlbladdr *m, *m_next; 1113 1114 if (list_empty(&smk_netlbladdr_list)) { 1115 list_add_rcu(&new->list, &smk_netlbladdr_list); 1116 return; 1117 } 1118 1119 m = list_entry_rcu(smk_netlbladdr_list.next, 1120 struct smk_netlbladdr, list); 1121 1122 /* the comparison '>' is a bit hacky, but works */ 1123 if (new->smk_mask.s_addr > m->smk_mask.s_addr) { 1124 list_add_rcu(&new->list, &smk_netlbladdr_list); 1125 return; 1126 } 1127 1128 list_for_each_entry_rcu(m, &smk_netlbladdr_list, list) { 1129 if (list_is_last(&m->list, &smk_netlbladdr_list)) { 1130 list_add_rcu(&new->list, &m->list); 1131 return; 1132 } 1133 m_next = list_entry_rcu(m->list.next, 1134 struct smk_netlbladdr, list); 1135 if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) { 1136 list_add_rcu(&new->list, &m->list); 1137 return; 1138 } 1139 } 1140 } 1141 1142 1143 /** 1144 * smk_write_netlbladdr - write() for /smack/netlabel 1145 * @file: file pointer, not actually used 1146 * @buf: where to get the data from 1147 * @count: bytes sent 1148 * @ppos: where to start 1149 * 1150 * Accepts only one netlbladdr per write call. 1151 * Returns number of bytes written or error code, as appropriate 1152 */ 1153 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf, 1154 size_t count, loff_t *ppos) 1155 { 1156 struct smk_netlbladdr *snp; 1157 struct sockaddr_in newname; 1158 char *smack; 1159 struct smack_known *skp; 1160 char *data; 1161 char *host = (char *)&newname.sin_addr.s_addr; 1162 int rc; 1163 struct netlbl_audit audit_info; 1164 struct in_addr mask; 1165 unsigned int m; 1166 int found; 1167 u32 mask_bits = (1<<31); 1168 __be32 nsa; 1169 u32 temp_mask; 1170 1171 /* 1172 * Must have privilege. 1173 * No partial writes. 1174 * Enough data must be present. 1175 * "<addr/mask, as a.b.c.d/e><space><label>" 1176 * "<addr, as a.b.c.d><space><label>" 1177 */ 1178 if (!smack_privileged(CAP_MAC_ADMIN)) 1179 return -EPERM; 1180 if (*ppos != 0) 1181 return -EINVAL; 1182 if (count < SMK_NETLBLADDRMIN) 1183 return -EINVAL; 1184 1185 data = kzalloc(count + 1, GFP_KERNEL); 1186 if (data == NULL) 1187 return -ENOMEM; 1188 1189 if (copy_from_user(data, buf, count) != 0) { 1190 rc = -EFAULT; 1191 goto free_data_out; 1192 } 1193 1194 smack = kzalloc(count + 1, GFP_KERNEL); 1195 if (smack == NULL) { 1196 rc = -ENOMEM; 1197 goto free_data_out; 1198 } 1199 1200 data[count] = '\0'; 1201 1202 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s", 1203 &host[0], &host[1], &host[2], &host[3], &m, smack); 1204 if (rc != 6) { 1205 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s", 1206 &host[0], &host[1], &host[2], &host[3], smack); 1207 if (rc != 5) { 1208 rc = -EINVAL; 1209 goto free_out; 1210 } 1211 m = BEBITS; 1212 } 1213 if (m > BEBITS) { 1214 rc = -EINVAL; 1215 goto free_out; 1216 } 1217 1218 /* 1219 * If smack begins with '-', it is an option, don't import it 1220 */ 1221 if (smack[0] != '-') { 1222 skp = smk_import_entry(smack, 0); 1223 if (IS_ERR(skp)) { 1224 rc = PTR_ERR(skp); 1225 goto free_out; 1226 } 1227 } else { 1228 /* check known options */ 1229 if (strcmp(smack, smack_cipso_option.smk_known) == 0) 1230 skp = &smack_cipso_option; 1231 else { 1232 rc = -EINVAL; 1233 goto free_out; 1234 } 1235 } 1236 1237 for (temp_mask = 0; m > 0; m--) { 1238 temp_mask |= mask_bits; 1239 mask_bits >>= 1; 1240 } 1241 mask.s_addr = cpu_to_be32(temp_mask); 1242 1243 newname.sin_addr.s_addr &= mask.s_addr; 1244 /* 1245 * Only allow one writer at a time. Writes should be 1246 * quite rare and small in any case. 1247 */ 1248 mutex_lock(&smk_netlbladdr_lock); 1249 1250 nsa = newname.sin_addr.s_addr; 1251 /* try to find if the prefix is already in the list */ 1252 found = 0; 1253 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) { 1254 if (snp->smk_host.sin_addr.s_addr == nsa && 1255 snp->smk_mask.s_addr == mask.s_addr) { 1256 found = 1; 1257 break; 1258 } 1259 } 1260 smk_netlabel_audit_set(&audit_info); 1261 1262 if (found == 0) { 1263 snp = kzalloc(sizeof(*snp), GFP_KERNEL); 1264 if (snp == NULL) 1265 rc = -ENOMEM; 1266 else { 1267 rc = 0; 1268 snp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr; 1269 snp->smk_mask.s_addr = mask.s_addr; 1270 snp->smk_label = skp; 1271 smk_netlbladdr_insert(snp); 1272 } 1273 } else { 1274 /* we delete the unlabeled entry, only if the previous label 1275 * wasn't the special CIPSO option */ 1276 if (snp->smk_label != &smack_cipso_option) 1277 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL, 1278 &snp->smk_host.sin_addr, &snp->smk_mask, 1279 PF_INET, &audit_info); 1280 else 1281 rc = 0; 1282 snp->smk_label = skp; 1283 } 1284 1285 /* 1286 * Now tell netlabel about the single label nature of 1287 * this host so that incoming packets get labeled. 1288 * but only if we didn't get the special CIPSO option 1289 */ 1290 if (rc == 0 && skp != &smack_cipso_option) 1291 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, 1292 &snp->smk_host.sin_addr, &snp->smk_mask, PF_INET, 1293 snp->smk_label->smk_secid, &audit_info); 1294 1295 if (rc == 0) 1296 rc = count; 1297 1298 mutex_unlock(&smk_netlbladdr_lock); 1299 1300 free_out: 1301 kfree(smack); 1302 free_data_out: 1303 kfree(data); 1304 1305 return rc; 1306 } 1307 1308 static const struct file_operations smk_netlbladdr_ops = { 1309 .open = smk_open_netlbladdr, 1310 .read = seq_read, 1311 .llseek = seq_lseek, 1312 .write = smk_write_netlbladdr, 1313 .release = seq_release, 1314 }; 1315 1316 /** 1317 * smk_read_doi - read() for /smack/doi 1318 * @filp: file pointer, not actually used 1319 * @buf: where to put the result 1320 * @count: maximum to send along 1321 * @ppos: where to start 1322 * 1323 * Returns number of bytes read or error code, as appropriate 1324 */ 1325 static ssize_t smk_read_doi(struct file *filp, char __user *buf, 1326 size_t count, loff_t *ppos) 1327 { 1328 char temp[80]; 1329 ssize_t rc; 1330 1331 if (*ppos != 0) 1332 return 0; 1333 1334 sprintf(temp, "%d", smk_cipso_doi_value); 1335 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1336 1337 return rc; 1338 } 1339 1340 /** 1341 * smk_write_doi - write() for /smack/doi 1342 * @file: file pointer, not actually used 1343 * @buf: where to get the data from 1344 * @count: bytes sent 1345 * @ppos: where to start 1346 * 1347 * Returns number of bytes written or error code, as appropriate 1348 */ 1349 static ssize_t smk_write_doi(struct file *file, const char __user *buf, 1350 size_t count, loff_t *ppos) 1351 { 1352 char temp[80]; 1353 int i; 1354 1355 if (!smack_privileged(CAP_MAC_ADMIN)) 1356 return -EPERM; 1357 1358 if (count >= sizeof(temp) || count == 0) 1359 return -EINVAL; 1360 1361 if (copy_from_user(temp, buf, count) != 0) 1362 return -EFAULT; 1363 1364 temp[count] = '\0'; 1365 1366 if (sscanf(temp, "%d", &i) != 1) 1367 return -EINVAL; 1368 1369 smk_cipso_doi_value = i; 1370 1371 smk_cipso_doi(); 1372 1373 return count; 1374 } 1375 1376 static const struct file_operations smk_doi_ops = { 1377 .read = smk_read_doi, 1378 .write = smk_write_doi, 1379 .llseek = default_llseek, 1380 }; 1381 1382 /** 1383 * smk_read_direct - read() for /smack/direct 1384 * @filp: file pointer, not actually used 1385 * @buf: where to put the result 1386 * @count: maximum to send along 1387 * @ppos: where to start 1388 * 1389 * Returns number of bytes read or error code, as appropriate 1390 */ 1391 static ssize_t smk_read_direct(struct file *filp, char __user *buf, 1392 size_t count, loff_t *ppos) 1393 { 1394 char temp[80]; 1395 ssize_t rc; 1396 1397 if (*ppos != 0) 1398 return 0; 1399 1400 sprintf(temp, "%d", smack_cipso_direct); 1401 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1402 1403 return rc; 1404 } 1405 1406 /** 1407 * smk_write_direct - write() for /smack/direct 1408 * @file: file pointer, not actually used 1409 * @buf: where to get the data from 1410 * @count: bytes sent 1411 * @ppos: where to start 1412 * 1413 * Returns number of bytes written or error code, as appropriate 1414 */ 1415 static ssize_t smk_write_direct(struct file *file, const char __user *buf, 1416 size_t count, loff_t *ppos) 1417 { 1418 struct smack_known *skp; 1419 char temp[80]; 1420 int i; 1421 1422 if (!smack_privileged(CAP_MAC_ADMIN)) 1423 return -EPERM; 1424 1425 if (count >= sizeof(temp) || count == 0) 1426 return -EINVAL; 1427 1428 if (copy_from_user(temp, buf, count) != 0) 1429 return -EFAULT; 1430 1431 temp[count] = '\0'; 1432 1433 if (sscanf(temp, "%d", &i) != 1) 1434 return -EINVAL; 1435 1436 /* 1437 * Don't do anything if the value hasn't actually changed. 1438 * If it is changing reset the level on entries that were 1439 * set up to be direct when they were created. 1440 */ 1441 if (smack_cipso_direct != i) { 1442 mutex_lock(&smack_known_lock); 1443 list_for_each_entry_rcu(skp, &smack_known_list, list) 1444 if (skp->smk_netlabel.attr.mls.lvl == 1445 smack_cipso_direct) 1446 skp->smk_netlabel.attr.mls.lvl = i; 1447 smack_cipso_direct = i; 1448 mutex_unlock(&smack_known_lock); 1449 } 1450 1451 return count; 1452 } 1453 1454 static const struct file_operations smk_direct_ops = { 1455 .read = smk_read_direct, 1456 .write = smk_write_direct, 1457 .llseek = default_llseek, 1458 }; 1459 1460 /** 1461 * smk_read_mapped - read() for /smack/mapped 1462 * @filp: file pointer, not actually used 1463 * @buf: where to put the result 1464 * @count: maximum to send along 1465 * @ppos: where to start 1466 * 1467 * Returns number of bytes read or error code, as appropriate 1468 */ 1469 static ssize_t smk_read_mapped(struct file *filp, char __user *buf, 1470 size_t count, loff_t *ppos) 1471 { 1472 char temp[80]; 1473 ssize_t rc; 1474 1475 if (*ppos != 0) 1476 return 0; 1477 1478 sprintf(temp, "%d", smack_cipso_mapped); 1479 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1480 1481 return rc; 1482 } 1483 1484 /** 1485 * smk_write_mapped - write() for /smack/mapped 1486 * @file: file pointer, not actually used 1487 * @buf: where to get the data from 1488 * @count: bytes sent 1489 * @ppos: where to start 1490 * 1491 * Returns number of bytes written or error code, as appropriate 1492 */ 1493 static ssize_t smk_write_mapped(struct file *file, const char __user *buf, 1494 size_t count, loff_t *ppos) 1495 { 1496 struct smack_known *skp; 1497 char temp[80]; 1498 int i; 1499 1500 if (!smack_privileged(CAP_MAC_ADMIN)) 1501 return -EPERM; 1502 1503 if (count >= sizeof(temp) || count == 0) 1504 return -EINVAL; 1505 1506 if (copy_from_user(temp, buf, count) != 0) 1507 return -EFAULT; 1508 1509 temp[count] = '\0'; 1510 1511 if (sscanf(temp, "%d", &i) != 1) 1512 return -EINVAL; 1513 1514 /* 1515 * Don't do anything if the value hasn't actually changed. 1516 * If it is changing reset the level on entries that were 1517 * set up to be mapped when they were created. 1518 */ 1519 if (smack_cipso_mapped != i) { 1520 mutex_lock(&smack_known_lock); 1521 list_for_each_entry_rcu(skp, &smack_known_list, list) 1522 if (skp->smk_netlabel.attr.mls.lvl == 1523 smack_cipso_mapped) 1524 skp->smk_netlabel.attr.mls.lvl = i; 1525 smack_cipso_mapped = i; 1526 mutex_unlock(&smack_known_lock); 1527 } 1528 1529 return count; 1530 } 1531 1532 static const struct file_operations smk_mapped_ops = { 1533 .read = smk_read_mapped, 1534 .write = smk_write_mapped, 1535 .llseek = default_llseek, 1536 }; 1537 1538 /** 1539 * smk_read_ambient - read() for /smack/ambient 1540 * @filp: file pointer, not actually used 1541 * @buf: where to put the result 1542 * @cn: maximum to send along 1543 * @ppos: where to start 1544 * 1545 * Returns number of bytes read or error code, as appropriate 1546 */ 1547 static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 1548 size_t cn, loff_t *ppos) 1549 { 1550 ssize_t rc; 1551 int asize; 1552 1553 if (*ppos != 0) 1554 return 0; 1555 /* 1556 * Being careful to avoid a problem in the case where 1557 * smack_net_ambient gets changed in midstream. 1558 */ 1559 mutex_lock(&smack_ambient_lock); 1560 1561 asize = strlen(smack_net_ambient->smk_known) + 1; 1562 1563 if (cn >= asize) 1564 rc = simple_read_from_buffer(buf, cn, ppos, 1565 smack_net_ambient->smk_known, 1566 asize); 1567 else 1568 rc = -EINVAL; 1569 1570 mutex_unlock(&smack_ambient_lock); 1571 1572 return rc; 1573 } 1574 1575 /** 1576 * smk_write_ambient - write() for /smack/ambient 1577 * @file: file pointer, not actually used 1578 * @buf: where to get the data from 1579 * @count: bytes sent 1580 * @ppos: where to start 1581 * 1582 * Returns number of bytes written or error code, as appropriate 1583 */ 1584 static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 1585 size_t count, loff_t *ppos) 1586 { 1587 struct smack_known *skp; 1588 char *oldambient; 1589 char *data; 1590 int rc = count; 1591 1592 if (!smack_privileged(CAP_MAC_ADMIN)) 1593 return -EPERM; 1594 1595 data = kzalloc(count + 1, GFP_KERNEL); 1596 if (data == NULL) 1597 return -ENOMEM; 1598 1599 if (copy_from_user(data, buf, count) != 0) { 1600 rc = -EFAULT; 1601 goto out; 1602 } 1603 1604 skp = smk_import_entry(data, count); 1605 if (IS_ERR(skp)) { 1606 rc = PTR_ERR(skp); 1607 goto out; 1608 } 1609 1610 mutex_lock(&smack_ambient_lock); 1611 1612 oldambient = smack_net_ambient->smk_known; 1613 smack_net_ambient = skp; 1614 smk_unlbl_ambient(oldambient); 1615 1616 mutex_unlock(&smack_ambient_lock); 1617 1618 out: 1619 kfree(data); 1620 return rc; 1621 } 1622 1623 static const struct file_operations smk_ambient_ops = { 1624 .read = smk_read_ambient, 1625 .write = smk_write_ambient, 1626 .llseek = default_llseek, 1627 }; 1628 1629 /* 1630 * Seq_file operations for /smack/onlycap 1631 */ 1632 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos) 1633 { 1634 return smk_seq_start(s, pos, &smack_onlycap_list); 1635 } 1636 1637 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos) 1638 { 1639 return smk_seq_next(s, v, pos, &smack_onlycap_list); 1640 } 1641 1642 static int onlycap_seq_show(struct seq_file *s, void *v) 1643 { 1644 struct list_head *list = v; 1645 struct smack_onlycap *sop = 1646 list_entry_rcu(list, struct smack_onlycap, list); 1647 1648 seq_puts(s, sop->smk_label->smk_known); 1649 seq_putc(s, ' '); 1650 1651 return 0; 1652 } 1653 1654 static const struct seq_operations onlycap_seq_ops = { 1655 .start = onlycap_seq_start, 1656 .next = onlycap_seq_next, 1657 .show = onlycap_seq_show, 1658 .stop = smk_seq_stop, 1659 }; 1660 1661 static int smk_open_onlycap(struct inode *inode, struct file *file) 1662 { 1663 return seq_open(file, &onlycap_seq_ops); 1664 } 1665 1666 /** 1667 * smk_list_swap_rcu - swap public list with a private one in RCU-safe way 1668 * The caller must hold appropriate mutex to prevent concurrent modifications 1669 * to the public list. 1670 * Private list is assumed to be not accessible to other threads yet. 1671 * 1672 * @public: public list 1673 * @private: private list 1674 */ 1675 static void smk_list_swap_rcu(struct list_head *public, 1676 struct list_head *private) 1677 { 1678 struct list_head *first, *last; 1679 1680 if (list_empty(public)) { 1681 list_splice_init_rcu(private, public, synchronize_rcu); 1682 } else { 1683 /* Remember public list before replacing it */ 1684 first = public->next; 1685 last = public->prev; 1686 1687 /* Publish private list in place of public in RCU-safe way */ 1688 private->prev->next = public; 1689 private->next->prev = public; 1690 rcu_assign_pointer(public->next, private->next); 1691 public->prev = private->prev; 1692 1693 synchronize_rcu(); 1694 1695 /* When all readers are done with the old public list, 1696 * attach it in place of private */ 1697 private->next = first; 1698 private->prev = last; 1699 first->prev = private; 1700 last->next = private; 1701 } 1702 } 1703 1704 /** 1705 * smk_write_onlycap - write() for smackfs/onlycap 1706 * @file: file pointer, not actually used 1707 * @buf: where to get the data from 1708 * @count: bytes sent 1709 * @ppos: where to start 1710 * 1711 * Returns number of bytes written or error code, as appropriate 1712 */ 1713 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 1714 size_t count, loff_t *ppos) 1715 { 1716 char *data; 1717 char *data_parse; 1718 char *tok; 1719 struct smack_known *skp; 1720 struct smack_onlycap *sop; 1721 struct smack_onlycap *sop2; 1722 LIST_HEAD(list_tmp); 1723 int rc = count; 1724 1725 if (!smack_privileged(CAP_MAC_ADMIN)) 1726 return -EPERM; 1727 1728 data = kzalloc(count + 1, GFP_KERNEL); 1729 if (data == NULL) 1730 return -ENOMEM; 1731 1732 if (copy_from_user(data, buf, count) != 0) { 1733 kfree(data); 1734 return -EFAULT; 1735 } 1736 1737 data_parse = data; 1738 while ((tok = strsep(&data_parse, " ")) != NULL) { 1739 if (!*tok) 1740 continue; 1741 1742 skp = smk_import_entry(tok, 0); 1743 if (IS_ERR(skp)) { 1744 rc = PTR_ERR(skp); 1745 break; 1746 } 1747 1748 sop = kzalloc(sizeof(*sop), GFP_KERNEL); 1749 if (sop == NULL) { 1750 rc = -ENOMEM; 1751 break; 1752 } 1753 1754 sop->smk_label = skp; 1755 list_add_rcu(&sop->list, &list_tmp); 1756 } 1757 kfree(data); 1758 1759 /* 1760 * Clear the smack_onlycap on invalid label errors. This means 1761 * that we can pass a null string to unset the onlycap value. 1762 * 1763 * Importing will also reject a label beginning with '-', 1764 * so "-usecapabilities" will also work. 1765 * 1766 * But do so only on invalid label, not on system errors. 1767 * The invalid label must be first to count as clearing attempt. 1768 */ 1769 if (rc == -EINVAL && list_empty(&list_tmp)) 1770 rc = count; 1771 1772 if (rc >= 0) { 1773 mutex_lock(&smack_onlycap_lock); 1774 smk_list_swap_rcu(&smack_onlycap_list, &list_tmp); 1775 mutex_unlock(&smack_onlycap_lock); 1776 } 1777 1778 list_for_each_entry_safe(sop, sop2, &list_tmp, list) 1779 kfree(sop); 1780 1781 return rc; 1782 } 1783 1784 static const struct file_operations smk_onlycap_ops = { 1785 .open = smk_open_onlycap, 1786 .read = seq_read, 1787 .write = smk_write_onlycap, 1788 .llseek = seq_lseek, 1789 .release = seq_release, 1790 }; 1791 1792 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 1793 /** 1794 * smk_read_unconfined - read() for smackfs/unconfined 1795 * @filp: file pointer, not actually used 1796 * @buf: where to put the result 1797 * @cn: maximum to send along 1798 * @ppos: where to start 1799 * 1800 * Returns number of bytes read or error code, as appropriate 1801 */ 1802 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf, 1803 size_t cn, loff_t *ppos) 1804 { 1805 char *smack = ""; 1806 ssize_t rc = -EINVAL; 1807 int asize; 1808 1809 if (*ppos != 0) 1810 return 0; 1811 1812 if (smack_unconfined != NULL) 1813 smack = smack_unconfined->smk_known; 1814 1815 asize = strlen(smack) + 1; 1816 1817 if (cn >= asize) 1818 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 1819 1820 return rc; 1821 } 1822 1823 /** 1824 * smk_write_unconfined - write() for smackfs/unconfined 1825 * @file: file pointer, not actually used 1826 * @buf: where to get the data from 1827 * @count: bytes sent 1828 * @ppos: where to start 1829 * 1830 * Returns number of bytes written or error code, as appropriate 1831 */ 1832 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf, 1833 size_t count, loff_t *ppos) 1834 { 1835 char *data; 1836 struct smack_known *skp; 1837 int rc = count; 1838 1839 if (!smack_privileged(CAP_MAC_ADMIN)) 1840 return -EPERM; 1841 1842 data = kzalloc(count + 1, GFP_KERNEL); 1843 if (data == NULL) 1844 return -ENOMEM; 1845 1846 if (copy_from_user(data, buf, count) != 0) { 1847 rc = -EFAULT; 1848 goto freeout; 1849 } 1850 1851 /* 1852 * Clear the smack_unconfined on invalid label errors. This means 1853 * that we can pass a null string to unset the unconfined value. 1854 * 1855 * Importing will also reject a label beginning with '-', 1856 * so "-confine" will also work. 1857 * 1858 * But do so only on invalid label, not on system errors. 1859 */ 1860 skp = smk_import_entry(data, count); 1861 if (PTR_ERR(skp) == -EINVAL) 1862 skp = NULL; 1863 else if (IS_ERR(skp)) { 1864 rc = PTR_ERR(skp); 1865 goto freeout; 1866 } 1867 1868 smack_unconfined = skp; 1869 1870 freeout: 1871 kfree(data); 1872 return rc; 1873 } 1874 1875 static const struct file_operations smk_unconfined_ops = { 1876 .read = smk_read_unconfined, 1877 .write = smk_write_unconfined, 1878 .llseek = default_llseek, 1879 }; 1880 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */ 1881 1882 /** 1883 * smk_read_logging - read() for /smack/logging 1884 * @filp: file pointer, not actually used 1885 * @buf: where to put the result 1886 * @cn: maximum to send along 1887 * @ppos: where to start 1888 * 1889 * Returns number of bytes read or error code, as appropriate 1890 */ 1891 static ssize_t smk_read_logging(struct file *filp, char __user *buf, 1892 size_t count, loff_t *ppos) 1893 { 1894 char temp[32]; 1895 ssize_t rc; 1896 1897 if (*ppos != 0) 1898 return 0; 1899 1900 sprintf(temp, "%d\n", log_policy); 1901 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1902 return rc; 1903 } 1904 1905 /** 1906 * smk_write_logging - write() for /smack/logging 1907 * @file: file pointer, not actually used 1908 * @buf: where to get the data from 1909 * @count: bytes sent 1910 * @ppos: where to start 1911 * 1912 * Returns number of bytes written or error code, as appropriate 1913 */ 1914 static ssize_t smk_write_logging(struct file *file, const char __user *buf, 1915 size_t count, loff_t *ppos) 1916 { 1917 char temp[32]; 1918 int i; 1919 1920 if (!smack_privileged(CAP_MAC_ADMIN)) 1921 return -EPERM; 1922 1923 if (count >= sizeof(temp) || count == 0) 1924 return -EINVAL; 1925 1926 if (copy_from_user(temp, buf, count) != 0) 1927 return -EFAULT; 1928 1929 temp[count] = '\0'; 1930 1931 if (sscanf(temp, "%d", &i) != 1) 1932 return -EINVAL; 1933 if (i < 0 || i > 3) 1934 return -EINVAL; 1935 log_policy = i; 1936 return count; 1937 } 1938 1939 1940 1941 static const struct file_operations smk_logging_ops = { 1942 .read = smk_read_logging, 1943 .write = smk_write_logging, 1944 .llseek = default_llseek, 1945 }; 1946 1947 /* 1948 * Seq_file read operations for /smack/load-self 1949 */ 1950 1951 static void *load_self_seq_start(struct seq_file *s, loff_t *pos) 1952 { 1953 struct task_smack *tsp = current_security(); 1954 1955 return smk_seq_start(s, pos, &tsp->smk_rules); 1956 } 1957 1958 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) 1959 { 1960 struct task_smack *tsp = current_security(); 1961 1962 return smk_seq_next(s, v, pos, &tsp->smk_rules); 1963 } 1964 1965 static int load_self_seq_show(struct seq_file *s, void *v) 1966 { 1967 struct list_head *list = v; 1968 struct smack_rule *srp = 1969 list_entry_rcu(list, struct smack_rule, list); 1970 1971 smk_rule_show(s, srp, SMK_LABELLEN); 1972 1973 return 0; 1974 } 1975 1976 static const struct seq_operations load_self_seq_ops = { 1977 .start = load_self_seq_start, 1978 .next = load_self_seq_next, 1979 .show = load_self_seq_show, 1980 .stop = smk_seq_stop, 1981 }; 1982 1983 1984 /** 1985 * smk_open_load_self - open() for /smack/load-self2 1986 * @inode: inode structure representing file 1987 * @file: "load" file pointer 1988 * 1989 * For reading, use load_seq_* seq_file reading operations. 1990 */ 1991 static int smk_open_load_self(struct inode *inode, struct file *file) 1992 { 1993 return seq_open(file, &load_self_seq_ops); 1994 } 1995 1996 /** 1997 * smk_write_load_self - write() for /smack/load-self 1998 * @file: file pointer, not actually used 1999 * @buf: where to get the data from 2000 * @count: bytes sent 2001 * @ppos: where to start - must be 0 2002 * 2003 */ 2004 static ssize_t smk_write_load_self(struct file *file, const char __user *buf, 2005 size_t count, loff_t *ppos) 2006 { 2007 struct task_smack *tsp = current_security(); 2008 2009 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, 2010 &tsp->smk_rules_lock, SMK_FIXED24_FMT); 2011 } 2012 2013 static const struct file_operations smk_load_self_ops = { 2014 .open = smk_open_load_self, 2015 .read = seq_read, 2016 .llseek = seq_lseek, 2017 .write = smk_write_load_self, 2018 .release = seq_release, 2019 }; 2020 2021 /** 2022 * smk_user_access - handle access check transaction 2023 * @file: file pointer 2024 * @buf: data from user space 2025 * @count: bytes sent 2026 * @ppos: where to start - must be 0 2027 */ 2028 static ssize_t smk_user_access(struct file *file, const char __user *buf, 2029 size_t count, loff_t *ppos, int format) 2030 { 2031 struct smack_parsed_rule rule; 2032 char *data; 2033 int res; 2034 2035 data = simple_transaction_get(file, buf, count); 2036 if (IS_ERR(data)) 2037 return PTR_ERR(data); 2038 2039 if (format == SMK_FIXED24_FMT) { 2040 if (count < SMK_LOADLEN) 2041 return -EINVAL; 2042 res = smk_parse_rule(data, &rule, 0); 2043 } else { 2044 /* 2045 * simple_transaction_get() returns null-terminated data 2046 */ 2047 res = smk_parse_long_rule(data, &rule, 0, 3); 2048 } 2049 2050 if (res >= 0) 2051 res = smk_access(rule.smk_subject, rule.smk_object, 2052 rule.smk_access1, NULL); 2053 else if (res != -ENOENT) 2054 return res; 2055 2056 /* 2057 * smk_access() can return a value > 0 in the "bringup" case. 2058 */ 2059 data[0] = res >= 0 ? '1' : '0'; 2060 data[1] = '\0'; 2061 2062 simple_transaction_set(file, 2); 2063 2064 if (format == SMK_FIXED24_FMT) 2065 return SMK_LOADLEN; 2066 return count; 2067 } 2068 2069 /** 2070 * smk_write_access - handle access check transaction 2071 * @file: file pointer 2072 * @buf: data from user space 2073 * @count: bytes sent 2074 * @ppos: where to start - must be 0 2075 */ 2076 static ssize_t smk_write_access(struct file *file, const char __user *buf, 2077 size_t count, loff_t *ppos) 2078 { 2079 return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT); 2080 } 2081 2082 static const struct file_operations smk_access_ops = { 2083 .write = smk_write_access, 2084 .read = simple_transaction_read, 2085 .release = simple_transaction_release, 2086 .llseek = generic_file_llseek, 2087 }; 2088 2089 2090 /* 2091 * Seq_file read operations for /smack/load2 2092 */ 2093 2094 static int load2_seq_show(struct seq_file *s, void *v) 2095 { 2096 struct list_head *list = v; 2097 struct smack_master_list *smlp = 2098 list_entry_rcu(list, struct smack_master_list, list); 2099 2100 smk_rule_show(s, smlp->smk_rule, SMK_LONGLABEL); 2101 2102 return 0; 2103 } 2104 2105 static const struct seq_operations load2_seq_ops = { 2106 .start = load2_seq_start, 2107 .next = load2_seq_next, 2108 .show = load2_seq_show, 2109 .stop = smk_seq_stop, 2110 }; 2111 2112 /** 2113 * smk_open_load2 - open() for /smack/load2 2114 * @inode: inode structure representing file 2115 * @file: "load2" file pointer 2116 * 2117 * For reading, use load2_seq_* seq_file reading operations. 2118 */ 2119 static int smk_open_load2(struct inode *inode, struct file *file) 2120 { 2121 return seq_open(file, &load2_seq_ops); 2122 } 2123 2124 /** 2125 * smk_write_load2 - write() for /smack/load2 2126 * @file: file pointer, not actually used 2127 * @buf: where to get the data from 2128 * @count: bytes sent 2129 * @ppos: where to start - must be 0 2130 * 2131 */ 2132 static ssize_t smk_write_load2(struct file *file, const char __user *buf, 2133 size_t count, loff_t *ppos) 2134 { 2135 /* 2136 * Must have privilege. 2137 */ 2138 if (!smack_privileged(CAP_MAC_ADMIN)) 2139 return -EPERM; 2140 2141 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL, 2142 SMK_LONG_FMT); 2143 } 2144 2145 static const struct file_operations smk_load2_ops = { 2146 .open = smk_open_load2, 2147 .read = seq_read, 2148 .llseek = seq_lseek, 2149 .write = smk_write_load2, 2150 .release = seq_release, 2151 }; 2152 2153 /* 2154 * Seq_file read operations for /smack/load-self2 2155 */ 2156 2157 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos) 2158 { 2159 struct task_smack *tsp = current_security(); 2160 2161 return smk_seq_start(s, pos, &tsp->smk_rules); 2162 } 2163 2164 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos) 2165 { 2166 struct task_smack *tsp = current_security(); 2167 2168 return smk_seq_next(s, v, pos, &tsp->smk_rules); 2169 } 2170 2171 static int load_self2_seq_show(struct seq_file *s, void *v) 2172 { 2173 struct list_head *list = v; 2174 struct smack_rule *srp = 2175 list_entry_rcu(list, struct smack_rule, list); 2176 2177 smk_rule_show(s, srp, SMK_LONGLABEL); 2178 2179 return 0; 2180 } 2181 2182 static const struct seq_operations load_self2_seq_ops = { 2183 .start = load_self2_seq_start, 2184 .next = load_self2_seq_next, 2185 .show = load_self2_seq_show, 2186 .stop = smk_seq_stop, 2187 }; 2188 2189 /** 2190 * smk_open_load_self2 - open() for /smack/load-self2 2191 * @inode: inode structure representing file 2192 * @file: "load" file pointer 2193 * 2194 * For reading, use load_seq_* seq_file reading operations. 2195 */ 2196 static int smk_open_load_self2(struct inode *inode, struct file *file) 2197 { 2198 return seq_open(file, &load_self2_seq_ops); 2199 } 2200 2201 /** 2202 * smk_write_load_self2 - write() for /smack/load-self2 2203 * @file: file pointer, not actually used 2204 * @buf: where to get the data from 2205 * @count: bytes sent 2206 * @ppos: where to start - must be 0 2207 * 2208 */ 2209 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf, 2210 size_t count, loff_t *ppos) 2211 { 2212 struct task_smack *tsp = current_security(); 2213 2214 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, 2215 &tsp->smk_rules_lock, SMK_LONG_FMT); 2216 } 2217 2218 static const struct file_operations smk_load_self2_ops = { 2219 .open = smk_open_load_self2, 2220 .read = seq_read, 2221 .llseek = seq_lseek, 2222 .write = smk_write_load_self2, 2223 .release = seq_release, 2224 }; 2225 2226 /** 2227 * smk_write_access2 - handle access check transaction 2228 * @file: file pointer 2229 * @buf: data from user space 2230 * @count: bytes sent 2231 * @ppos: where to start - must be 0 2232 */ 2233 static ssize_t smk_write_access2(struct file *file, const char __user *buf, 2234 size_t count, loff_t *ppos) 2235 { 2236 return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT); 2237 } 2238 2239 static const struct file_operations smk_access2_ops = { 2240 .write = smk_write_access2, 2241 .read = simple_transaction_read, 2242 .release = simple_transaction_release, 2243 .llseek = generic_file_llseek, 2244 }; 2245 2246 /** 2247 * smk_write_revoke_subj - write() for /smack/revoke-subject 2248 * @file: file pointer 2249 * @buf: data from user space 2250 * @count: bytes sent 2251 * @ppos: where to start - must be 0 2252 */ 2253 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf, 2254 size_t count, loff_t *ppos) 2255 { 2256 char *data; 2257 const char *cp; 2258 struct smack_known *skp; 2259 struct smack_rule *sp; 2260 struct list_head *rule_list; 2261 struct mutex *rule_lock; 2262 int rc = count; 2263 2264 if (*ppos != 0) 2265 return -EINVAL; 2266 2267 if (!smack_privileged(CAP_MAC_ADMIN)) 2268 return -EPERM; 2269 2270 if (count == 0 || count > SMK_LONGLABEL) 2271 return -EINVAL; 2272 2273 data = kzalloc(count, GFP_KERNEL); 2274 if (data == NULL) 2275 return -ENOMEM; 2276 2277 if (copy_from_user(data, buf, count) != 0) { 2278 rc = -EFAULT; 2279 goto out_data; 2280 } 2281 2282 cp = smk_parse_smack(data, count); 2283 if (IS_ERR(cp)) { 2284 rc = PTR_ERR(cp); 2285 goto out_data; 2286 } 2287 2288 skp = smk_find_entry(cp); 2289 if (skp == NULL) 2290 goto out_cp; 2291 2292 rule_list = &skp->smk_rules; 2293 rule_lock = &skp->smk_rules_lock; 2294 2295 mutex_lock(rule_lock); 2296 2297 list_for_each_entry_rcu(sp, rule_list, list) 2298 sp->smk_access = 0; 2299 2300 mutex_unlock(rule_lock); 2301 2302 out_cp: 2303 kfree(cp); 2304 out_data: 2305 kfree(data); 2306 2307 return rc; 2308 } 2309 2310 static const struct file_operations smk_revoke_subj_ops = { 2311 .write = smk_write_revoke_subj, 2312 .read = simple_transaction_read, 2313 .release = simple_transaction_release, 2314 .llseek = generic_file_llseek, 2315 }; 2316 2317 /** 2318 * smk_init_sysfs - initialize /sys/fs/smackfs 2319 * 2320 */ 2321 static int smk_init_sysfs(void) 2322 { 2323 int err; 2324 err = sysfs_create_mount_point(fs_kobj, "smackfs"); 2325 if (err) 2326 return err; 2327 return 0; 2328 } 2329 2330 /** 2331 * smk_write_change_rule - write() for /smack/change-rule 2332 * @file: file pointer 2333 * @buf: data from user space 2334 * @count: bytes sent 2335 * @ppos: where to start - must be 0 2336 */ 2337 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf, 2338 size_t count, loff_t *ppos) 2339 { 2340 /* 2341 * Must have privilege. 2342 */ 2343 if (!smack_privileged(CAP_MAC_ADMIN)) 2344 return -EPERM; 2345 2346 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL, 2347 SMK_CHANGE_FMT); 2348 } 2349 2350 static const struct file_operations smk_change_rule_ops = { 2351 .write = smk_write_change_rule, 2352 .read = simple_transaction_read, 2353 .release = simple_transaction_release, 2354 .llseek = generic_file_llseek, 2355 }; 2356 2357 /** 2358 * smk_read_syslog - read() for smackfs/syslog 2359 * @filp: file pointer, not actually used 2360 * @buf: where to put the result 2361 * @cn: maximum to send along 2362 * @ppos: where to start 2363 * 2364 * Returns number of bytes read or error code, as appropriate 2365 */ 2366 static ssize_t smk_read_syslog(struct file *filp, char __user *buf, 2367 size_t cn, loff_t *ppos) 2368 { 2369 struct smack_known *skp; 2370 ssize_t rc = -EINVAL; 2371 int asize; 2372 2373 if (*ppos != 0) 2374 return 0; 2375 2376 if (smack_syslog_label == NULL) 2377 skp = &smack_known_star; 2378 else 2379 skp = smack_syslog_label; 2380 2381 asize = strlen(skp->smk_known) + 1; 2382 2383 if (cn >= asize) 2384 rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known, 2385 asize); 2386 2387 return rc; 2388 } 2389 2390 /** 2391 * smk_write_syslog - write() for smackfs/syslog 2392 * @file: file pointer, not actually used 2393 * @buf: where to get the data from 2394 * @count: bytes sent 2395 * @ppos: where to start 2396 * 2397 * Returns number of bytes written or error code, as appropriate 2398 */ 2399 static ssize_t smk_write_syslog(struct file *file, const char __user *buf, 2400 size_t count, loff_t *ppos) 2401 { 2402 char *data; 2403 struct smack_known *skp; 2404 int rc = count; 2405 2406 if (!smack_privileged(CAP_MAC_ADMIN)) 2407 return -EPERM; 2408 2409 data = kzalloc(count + 1, GFP_KERNEL); 2410 if (data == NULL) 2411 return -ENOMEM; 2412 2413 if (copy_from_user(data, buf, count) != 0) 2414 rc = -EFAULT; 2415 else { 2416 skp = smk_import_entry(data, count); 2417 if (IS_ERR(skp)) 2418 rc = PTR_ERR(skp); 2419 else 2420 smack_syslog_label = skp; 2421 } 2422 2423 kfree(data); 2424 return rc; 2425 } 2426 2427 static const struct file_operations smk_syslog_ops = { 2428 .read = smk_read_syslog, 2429 .write = smk_write_syslog, 2430 .llseek = default_llseek, 2431 }; 2432 2433 2434 /** 2435 * smk_read_ptrace - read() for /smack/ptrace 2436 * @filp: file pointer, not actually used 2437 * @buf: where to put the result 2438 * @count: maximum to send along 2439 * @ppos: where to start 2440 * 2441 * Returns number of bytes read or error code, as appropriate 2442 */ 2443 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf, 2444 size_t count, loff_t *ppos) 2445 { 2446 char temp[32]; 2447 ssize_t rc; 2448 2449 if (*ppos != 0) 2450 return 0; 2451 2452 sprintf(temp, "%d\n", smack_ptrace_rule); 2453 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 2454 return rc; 2455 } 2456 2457 /** 2458 * smk_write_ptrace - write() for /smack/ptrace 2459 * @file: file pointer 2460 * @buf: data from user space 2461 * @count: bytes sent 2462 * @ppos: where to start - must be 0 2463 */ 2464 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf, 2465 size_t count, loff_t *ppos) 2466 { 2467 char temp[32]; 2468 int i; 2469 2470 if (!smack_privileged(CAP_MAC_ADMIN)) 2471 return -EPERM; 2472 2473 if (*ppos != 0 || count >= sizeof(temp) || count == 0) 2474 return -EINVAL; 2475 2476 if (copy_from_user(temp, buf, count) != 0) 2477 return -EFAULT; 2478 2479 temp[count] = '\0'; 2480 2481 if (sscanf(temp, "%d", &i) != 1) 2482 return -EINVAL; 2483 if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX) 2484 return -EINVAL; 2485 smack_ptrace_rule = i; 2486 2487 return count; 2488 } 2489 2490 static const struct file_operations smk_ptrace_ops = { 2491 .write = smk_write_ptrace, 2492 .read = smk_read_ptrace, 2493 .llseek = default_llseek, 2494 }; 2495 2496 /** 2497 * smk_fill_super - fill the smackfs superblock 2498 * @sb: the empty superblock 2499 * @data: unused 2500 * @silent: unused 2501 * 2502 * Fill in the well known entries for the smack filesystem 2503 * 2504 * Returns 0 on success, an error code on failure 2505 */ 2506 static int smk_fill_super(struct super_block *sb, void *data, int silent) 2507 { 2508 int rc; 2509 struct inode *root_inode; 2510 2511 static struct tree_descr smack_files[] = { 2512 [SMK_LOAD] = { 2513 "load", &smk_load_ops, S_IRUGO|S_IWUSR}, 2514 [SMK_CIPSO] = { 2515 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 2516 [SMK_DOI] = { 2517 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 2518 [SMK_DIRECT] = { 2519 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 2520 [SMK_AMBIENT] = { 2521 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 2522 [SMK_NETLBLADDR] = { 2523 "netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, 2524 [SMK_ONLYCAP] = { 2525 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 2526 [SMK_LOGGING] = { 2527 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, 2528 [SMK_LOAD_SELF] = { 2529 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO}, 2530 [SMK_ACCESSES] = { 2531 "access", &smk_access_ops, S_IRUGO|S_IWUGO}, 2532 [SMK_MAPPED] = { 2533 "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR}, 2534 [SMK_LOAD2] = { 2535 "load2", &smk_load2_ops, S_IRUGO|S_IWUSR}, 2536 [SMK_LOAD_SELF2] = { 2537 "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO}, 2538 [SMK_ACCESS2] = { 2539 "access2", &smk_access2_ops, S_IRUGO|S_IWUGO}, 2540 [SMK_CIPSO2] = { 2541 "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR}, 2542 [SMK_REVOKE_SUBJ] = { 2543 "revoke-subject", &smk_revoke_subj_ops, 2544 S_IRUGO|S_IWUSR}, 2545 [SMK_CHANGE_RULE] = { 2546 "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR}, 2547 [SMK_SYSLOG] = { 2548 "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR}, 2549 [SMK_PTRACE] = { 2550 "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR}, 2551 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 2552 [SMK_UNCONFINED] = { 2553 "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR}, 2554 #endif 2555 /* last one */ 2556 {""} 2557 }; 2558 2559 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 2560 if (rc != 0) { 2561 printk(KERN_ERR "%s failed %d while creating inodes\n", 2562 __func__, rc); 2563 return rc; 2564 } 2565 2566 root_inode = d_inode(sb->s_root); 2567 2568 return 0; 2569 } 2570 2571 /** 2572 * smk_mount - get the smackfs superblock 2573 * @fs_type: passed along without comment 2574 * @flags: passed along without comment 2575 * @dev_name: passed along without comment 2576 * @data: passed along without comment 2577 * 2578 * Just passes everything along. 2579 * 2580 * Returns what the lower level code does. 2581 */ 2582 static struct dentry *smk_mount(struct file_system_type *fs_type, 2583 int flags, const char *dev_name, void *data) 2584 { 2585 return mount_single(fs_type, flags, data, smk_fill_super); 2586 } 2587 2588 static struct file_system_type smk_fs_type = { 2589 .name = "smackfs", 2590 .mount = smk_mount, 2591 .kill_sb = kill_litter_super, 2592 }; 2593 2594 static struct vfsmount *smackfs_mount; 2595 2596 static int __init smk_preset_netlabel(struct smack_known *skp) 2597 { 2598 skp->smk_netlabel.domain = skp->smk_known; 2599 skp->smk_netlabel.flags = 2600 NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; 2601 return smk_netlbl_mls(smack_cipso_direct, skp->smk_known, 2602 &skp->smk_netlabel, strlen(skp->smk_known)); 2603 } 2604 2605 /** 2606 * init_smk_fs - get the smackfs superblock 2607 * 2608 * register the smackfs 2609 * 2610 * Do not register smackfs if Smack wasn't enabled 2611 * on boot. We can not put this method normally under the 2612 * smack_init() code path since the security subsystem get 2613 * initialized before the vfs caches. 2614 * 2615 * Returns true if we were not chosen on boot or if 2616 * we were chosen and filesystem registration succeeded. 2617 */ 2618 static int __init init_smk_fs(void) 2619 { 2620 int err; 2621 int rc; 2622 2623 if (!security_module_enable("smack")) 2624 return 0; 2625 2626 err = smk_init_sysfs(); 2627 if (err) 2628 printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n"); 2629 2630 err = register_filesystem(&smk_fs_type); 2631 if (!err) { 2632 smackfs_mount = kern_mount(&smk_fs_type); 2633 if (IS_ERR(smackfs_mount)) { 2634 printk(KERN_ERR "smackfs: could not mount!\n"); 2635 err = PTR_ERR(smackfs_mount); 2636 smackfs_mount = NULL; 2637 } 2638 } 2639 2640 smk_cipso_doi(); 2641 smk_unlbl_ambient(NULL); 2642 2643 rc = smk_preset_netlabel(&smack_known_floor); 2644 if (err == 0 && rc < 0) 2645 err = rc; 2646 rc = smk_preset_netlabel(&smack_known_hat); 2647 if (err == 0 && rc < 0) 2648 err = rc; 2649 rc = smk_preset_netlabel(&smack_known_huh); 2650 if (err == 0 && rc < 0) 2651 err = rc; 2652 rc = smk_preset_netlabel(&smack_known_invalid); 2653 if (err == 0 && rc < 0) 2654 err = rc; 2655 rc = smk_preset_netlabel(&smack_known_star); 2656 if (err == 0 && rc < 0) 2657 err = rc; 2658 rc = smk_preset_netlabel(&smack_known_web); 2659 if (err == 0 && rc < 0) 2660 err = rc; 2661 2662 return err; 2663 } 2664 2665 __initcall(init_smk_fs); 2666