1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/vmalloc.h> 21 #include <linux/security.h> 22 #include <linux/mutex.h> 23 #include <net/net_namespace.h> 24 #include <net/netlabel.h> 25 #include <net/cipso_ipv4.h> 26 #include <linux/seq_file.h> 27 #include <linux/ctype.h> 28 #include <linux/audit.h> 29 #include "smack.h" 30 31 /* 32 * smackfs pseudo filesystem. 33 */ 34 35 enum smk_inos { 36 SMK_ROOT_INO = 2, 37 SMK_LOAD = 3, /* load policy */ 38 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 39 SMK_DOI = 5, /* CIPSO DOI */ 40 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 41 SMK_AMBIENT = 7, /* internet ambient label */ 42 SMK_NETLBLADDR = 8, /* single label hosts */ 43 SMK_ONLYCAP = 9, /* the only "capable" label */ 44 SMK_LOGGING = 10, /* logging */ 45 }; 46 47 /* 48 * List locks 49 */ 50 static DEFINE_MUTEX(smack_list_lock); 51 static DEFINE_MUTEX(smack_cipso_lock); 52 static DEFINE_MUTEX(smack_ambient_lock); 53 static DEFINE_MUTEX(smk_netlbladdr_lock); 54 55 /* 56 * This is the "ambient" label for network traffic. 57 * If it isn't somehow marked, use this. 58 * It can be reset via smackfs/ambient 59 */ 60 char *smack_net_ambient = smack_known_floor.smk_known; 61 62 /* 63 * This is the level in a CIPSO header that indicates a 64 * smack label is contained directly in the category set. 65 * It can be reset via smackfs/direct 66 */ 67 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 68 69 /* 70 * Unless a process is running with this label even 71 * having CAP_MAC_OVERRIDE isn't enough to grant 72 * privilege to violate MAC policy. If no label is 73 * designated (the NULL case) capabilities apply to 74 * everyone. It is expected that the hat (^) label 75 * will be used if any label is used. 76 */ 77 char *smack_onlycap; 78 79 /* 80 * Certain IP addresses may be designated as single label hosts. 81 * Packets are sent there unlabeled, but only from tasks that 82 * can write to the specified label. 83 */ 84 85 LIST_HEAD(smk_netlbladdr_list); 86 LIST_HEAD(smack_rule_list); 87 88 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 89 90 const char *smack_cipso_option = SMACK_CIPSO_OPTION; 91 92 93 #define SEQ_READ_FINISHED 1 94 95 /* 96 * Values for parsing cipso rules 97 * SMK_DIGITLEN: Length of a digit field in a rule. 98 * SMK_CIPSOMIN: Minimum possible cipso rule length. 99 * SMK_CIPSOMAX: Maximum possible cipso rule length. 100 */ 101 #define SMK_DIGITLEN 4 102 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 103 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 104 105 /* 106 * Values for parsing MAC rules 107 * SMK_ACCESS: Maximum possible combination of access permissions 108 * SMK_ACCESSLEN: Maximum length for a rule access field 109 * SMK_LOADLEN: Smack rule length 110 */ 111 #define SMK_ACCESS "rwxa" 112 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 113 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 114 115 /** 116 * smk_netlabel_audit_set - fill a netlbl_audit struct 117 * @nap: structure to fill 118 */ 119 static void smk_netlabel_audit_set(struct netlbl_audit *nap) 120 { 121 nap->loginuid = audit_get_loginuid(current); 122 nap->sessionid = audit_get_sessionid(current); 123 nap->secid = smack_to_secid(current_security()); 124 } 125 126 /* 127 * Values for parsing single label host rules 128 * "1.2.3.4 X" 129 * "192.168.138.129/32 abcdefghijklmnopqrstuvw" 130 */ 131 #define SMK_NETLBLADDRMIN 9 132 #define SMK_NETLBLADDRMAX 42 133 134 /* 135 * Seq_file read operations for /smack/load 136 */ 137 138 static void *load_seq_start(struct seq_file *s, loff_t *pos) 139 { 140 if (*pos == SEQ_READ_FINISHED) 141 return NULL; 142 if (list_empty(&smack_rule_list)) 143 return NULL; 144 return smack_rule_list.next; 145 } 146 147 static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) 148 { 149 struct list_head *list = v; 150 151 if (list_is_last(list, &smack_rule_list)) { 152 *pos = SEQ_READ_FINISHED; 153 return NULL; 154 } 155 return list->next; 156 } 157 158 static int load_seq_show(struct seq_file *s, void *v) 159 { 160 struct list_head *list = v; 161 struct smack_rule *srp = 162 list_entry(list, struct smack_rule, list); 163 164 seq_printf(s, "%s %s", (char *)srp->smk_subject, 165 (char *)srp->smk_object); 166 167 seq_putc(s, ' '); 168 169 if (srp->smk_access & MAY_READ) 170 seq_putc(s, 'r'); 171 if (srp->smk_access & MAY_WRITE) 172 seq_putc(s, 'w'); 173 if (srp->smk_access & MAY_EXEC) 174 seq_putc(s, 'x'); 175 if (srp->smk_access & MAY_APPEND) 176 seq_putc(s, 'a'); 177 if (srp->smk_access == 0) 178 seq_putc(s, '-'); 179 180 seq_putc(s, '\n'); 181 182 return 0; 183 } 184 185 static void load_seq_stop(struct seq_file *s, void *v) 186 { 187 /* No-op */ 188 } 189 190 static const struct seq_operations load_seq_ops = { 191 .start = load_seq_start, 192 .next = load_seq_next, 193 .show = load_seq_show, 194 .stop = load_seq_stop, 195 }; 196 197 /** 198 * smk_open_load - open() for /smack/load 199 * @inode: inode structure representing file 200 * @file: "load" file pointer 201 * 202 * For reading, use load_seq_* seq_file reading operations. 203 */ 204 static int smk_open_load(struct inode *inode, struct file *file) 205 { 206 return seq_open(file, &load_seq_ops); 207 } 208 209 /** 210 * smk_set_access - add a rule to the rule list 211 * @srp: the new rule to add 212 * 213 * Looks through the current subject/object/access list for 214 * the subject/object pair and replaces the access that was 215 * there. If the pair isn't found add it with the specified 216 * access. 217 * 218 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 219 * during the allocation of the new pair to add. 220 */ 221 static int smk_set_access(struct smack_rule *srp) 222 { 223 struct smack_rule *sp; 224 int ret = 0; 225 int found; 226 mutex_lock(&smack_list_lock); 227 228 found = 0; 229 list_for_each_entry_rcu(sp, &smack_rule_list, list) { 230 if (sp->smk_subject == srp->smk_subject && 231 sp->smk_object == srp->smk_object) { 232 found = 1; 233 sp->smk_access = srp->smk_access; 234 break; 235 } 236 } 237 if (found == 0) 238 list_add_rcu(&srp->list, &smack_rule_list); 239 240 mutex_unlock(&smack_list_lock); 241 242 return ret; 243 } 244 245 /** 246 * smk_write_load - write() for /smack/load 247 * @file: file pointer, not actually used 248 * @buf: where to get the data from 249 * @count: bytes sent 250 * @ppos: where to start - must be 0 251 * 252 * Get one smack access rule from above. 253 * The format is exactly: 254 * char subject[SMK_LABELLEN] 255 * char object[SMK_LABELLEN] 256 * char access[SMK_ACCESSLEN] 257 * 258 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. 259 */ 260 static ssize_t smk_write_load(struct file *file, const char __user *buf, 261 size_t count, loff_t *ppos) 262 { 263 struct smack_rule *rule; 264 char *data; 265 int rc = -EINVAL; 266 267 /* 268 * Must have privilege. 269 * No partial writes. 270 * Enough data must be present. 271 */ 272 if (!capable(CAP_MAC_ADMIN)) 273 return -EPERM; 274 275 if (*ppos != 0 || count != SMK_LOADLEN) 276 return -EINVAL; 277 278 data = kzalloc(count, GFP_KERNEL); 279 if (data == NULL) 280 return -ENOMEM; 281 282 if (copy_from_user(data, buf, count) != 0) { 283 rc = -EFAULT; 284 goto out; 285 } 286 287 rule = kzalloc(sizeof(*rule), GFP_KERNEL); 288 if (rule == NULL) { 289 rc = -ENOMEM; 290 goto out; 291 } 292 293 rule->smk_subject = smk_import(data, 0); 294 if (rule->smk_subject == NULL) 295 goto out_free_rule; 296 297 rule->smk_object = smk_import(data + SMK_LABELLEN, 0); 298 if (rule->smk_object == NULL) 299 goto out_free_rule; 300 301 rule->smk_access = 0; 302 303 switch (data[SMK_LABELLEN + SMK_LABELLEN]) { 304 case '-': 305 break; 306 case 'r': 307 case 'R': 308 rule->smk_access |= MAY_READ; 309 break; 310 default: 311 goto out_free_rule; 312 } 313 314 switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) { 315 case '-': 316 break; 317 case 'w': 318 case 'W': 319 rule->smk_access |= MAY_WRITE; 320 break; 321 default: 322 goto out_free_rule; 323 } 324 325 switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) { 326 case '-': 327 break; 328 case 'x': 329 case 'X': 330 rule->smk_access |= MAY_EXEC; 331 break; 332 default: 333 goto out_free_rule; 334 } 335 336 switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) { 337 case '-': 338 break; 339 case 'a': 340 case 'A': 341 rule->smk_access |= MAY_APPEND; 342 break; 343 default: 344 goto out_free_rule; 345 } 346 347 rc = smk_set_access(rule); 348 349 if (!rc) 350 rc = count; 351 goto out; 352 353 out_free_rule: 354 kfree(rule); 355 out: 356 kfree(data); 357 return rc; 358 } 359 360 static const struct file_operations smk_load_ops = { 361 .open = smk_open_load, 362 .read = seq_read, 363 .llseek = seq_lseek, 364 .write = smk_write_load, 365 .release = seq_release, 366 }; 367 368 /** 369 * smk_cipso_doi - initialize the CIPSO domain 370 */ 371 static void smk_cipso_doi(void) 372 { 373 int rc; 374 struct cipso_v4_doi *doip; 375 struct netlbl_audit nai; 376 377 smk_netlabel_audit_set(&nai); 378 379 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); 380 if (rc != 0) 381 printk(KERN_WARNING "%s:%d remove rc = %d\n", 382 __func__, __LINE__, rc); 383 384 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 385 if (doip == NULL) 386 panic("smack: Failed to initialize cipso DOI.\n"); 387 doip->map.std = NULL; 388 doip->doi = smk_cipso_doi_value; 389 doip->type = CIPSO_V4_MAP_PASS; 390 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 391 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 392 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 393 394 rc = netlbl_cfg_cipsov4_add(doip, &nai); 395 if (rc != 0) { 396 printk(KERN_WARNING "%s:%d cipso add rc = %d\n", 397 __func__, __LINE__, rc); 398 kfree(doip); 399 return; 400 } 401 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); 402 if (rc != 0) { 403 printk(KERN_WARNING "%s:%d map add rc = %d\n", 404 __func__, __LINE__, rc); 405 kfree(doip); 406 return; 407 } 408 } 409 410 /** 411 * smk_unlbl_ambient - initialize the unlabeled domain 412 * @oldambient: previous domain string 413 */ 414 static void smk_unlbl_ambient(char *oldambient) 415 { 416 int rc; 417 struct netlbl_audit nai; 418 419 smk_netlabel_audit_set(&nai); 420 421 if (oldambient != NULL) { 422 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); 423 if (rc != 0) 424 printk(KERN_WARNING "%s:%d remove rc = %d\n", 425 __func__, __LINE__, rc); 426 } 427 428 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient, PF_INET, 429 NULL, NULL, &nai); 430 if (rc != 0) 431 printk(KERN_WARNING "%s:%d add rc = %d\n", 432 __func__, __LINE__, rc); 433 } 434 435 /* 436 * Seq_file read operations for /smack/cipso 437 */ 438 439 static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 440 { 441 if (*pos == SEQ_READ_FINISHED) 442 return NULL; 443 if (list_empty(&smack_known_list)) 444 return NULL; 445 446 return smack_known_list.next; 447 } 448 449 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 450 { 451 struct list_head *list = v; 452 453 /* 454 * labels with no associated cipso value wont be printed 455 * in cipso_seq_show 456 */ 457 if (list_is_last(list, &smack_known_list)) { 458 *pos = SEQ_READ_FINISHED; 459 return NULL; 460 } 461 462 return list->next; 463 } 464 465 /* 466 * Print cipso labels in format: 467 * label level[/cat[,cat]] 468 */ 469 static int cipso_seq_show(struct seq_file *s, void *v) 470 { 471 struct list_head *list = v; 472 struct smack_known *skp = 473 list_entry(list, struct smack_known, list); 474 struct smack_cipso *scp = skp->smk_cipso; 475 char *cbp; 476 char sep = '/'; 477 int cat = 1; 478 int i; 479 unsigned char m; 480 481 if (scp == NULL) 482 return 0; 483 484 seq_printf(s, "%s %3d", (char *)&skp->smk_known, scp->smk_level); 485 486 cbp = scp->smk_catset; 487 for (i = 0; i < SMK_LABELLEN; i++) 488 for (m = 0x80; m != 0; m >>= 1) { 489 if (m & cbp[i]) { 490 seq_printf(s, "%c%d", sep, cat); 491 sep = ','; 492 } 493 cat++; 494 } 495 496 seq_putc(s, '\n'); 497 498 return 0; 499 } 500 501 static void cipso_seq_stop(struct seq_file *s, void *v) 502 { 503 /* No-op */ 504 } 505 506 static const struct seq_operations cipso_seq_ops = { 507 .start = cipso_seq_start, 508 .stop = cipso_seq_stop, 509 .next = cipso_seq_next, 510 .show = cipso_seq_show, 511 }; 512 513 /** 514 * smk_open_cipso - open() for /smack/cipso 515 * @inode: inode structure representing file 516 * @file: "cipso" file pointer 517 * 518 * Connect our cipso_seq_* operations with /smack/cipso 519 * file_operations 520 */ 521 static int smk_open_cipso(struct inode *inode, struct file *file) 522 { 523 return seq_open(file, &cipso_seq_ops); 524 } 525 526 /** 527 * smk_write_cipso - write() for /smack/cipso 528 * @file: file pointer, not actually used 529 * @buf: where to get the data from 530 * @count: bytes sent 531 * @ppos: where to start 532 * 533 * Accepts only one cipso rule per write call. 534 * Returns number of bytes written or error code, as appropriate 535 */ 536 static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 537 size_t count, loff_t *ppos) 538 { 539 struct smack_known *skp; 540 struct smack_cipso *scp = NULL; 541 char mapcatset[SMK_LABELLEN]; 542 int maplevel; 543 int cat; 544 int catlen; 545 ssize_t rc = -EINVAL; 546 char *data = NULL; 547 char *rule; 548 int ret; 549 int i; 550 551 /* 552 * Must have privilege. 553 * No partial writes. 554 * Enough data must be present. 555 */ 556 if (!capable(CAP_MAC_ADMIN)) 557 return -EPERM; 558 if (*ppos != 0) 559 return -EINVAL; 560 if (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX) 561 return -EINVAL; 562 563 data = kzalloc(count + 1, GFP_KERNEL); 564 if (data == NULL) 565 return -ENOMEM; 566 567 if (copy_from_user(data, buf, count) != 0) { 568 rc = -EFAULT; 569 goto unlockedout; 570 } 571 572 /* labels cannot begin with a '-' */ 573 if (data[0] == '-') { 574 rc = -EINVAL; 575 goto unlockedout; 576 } 577 data[count] = '\0'; 578 rule = data; 579 /* 580 * Only allow one writer at a time. Writes should be 581 * quite rare and small in any case. 582 */ 583 mutex_lock(&smack_cipso_lock); 584 585 skp = smk_import_entry(rule, 0); 586 if (skp == NULL) 587 goto out; 588 589 rule += SMK_LABELLEN; 590 ret = sscanf(rule, "%d", &maplevel); 591 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 592 goto out; 593 594 rule += SMK_DIGITLEN; 595 ret = sscanf(rule, "%d", &catlen); 596 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 597 goto out; 598 599 if (count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 600 goto out; 601 602 memset(mapcatset, 0, sizeof(mapcatset)); 603 604 for (i = 0; i < catlen; i++) { 605 rule += SMK_DIGITLEN; 606 ret = sscanf(rule, "%d", &cat); 607 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL) 608 goto out; 609 610 smack_catset_bit(cat, mapcatset); 611 } 612 613 if (skp->smk_cipso == NULL) { 614 scp = kzalloc(sizeof(struct smack_cipso), GFP_KERNEL); 615 if (scp == NULL) { 616 rc = -ENOMEM; 617 goto out; 618 } 619 } 620 621 spin_lock_bh(&skp->smk_cipsolock); 622 623 if (scp == NULL) 624 scp = skp->smk_cipso; 625 else 626 skp->smk_cipso = scp; 627 628 scp->smk_level = maplevel; 629 memcpy(scp->smk_catset, mapcatset, sizeof(mapcatset)); 630 631 spin_unlock_bh(&skp->smk_cipsolock); 632 633 rc = count; 634 out: 635 mutex_unlock(&smack_cipso_lock); 636 unlockedout: 637 kfree(data); 638 return rc; 639 } 640 641 static const struct file_operations smk_cipso_ops = { 642 .open = smk_open_cipso, 643 .read = seq_read, 644 .llseek = seq_lseek, 645 .write = smk_write_cipso, 646 .release = seq_release, 647 }; 648 649 /* 650 * Seq_file read operations for /smack/netlabel 651 */ 652 653 static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos) 654 { 655 if (*pos == SEQ_READ_FINISHED) 656 return NULL; 657 if (list_empty(&smk_netlbladdr_list)) 658 return NULL; 659 return smk_netlbladdr_list.next; 660 } 661 662 static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos) 663 { 664 struct list_head *list = v; 665 666 if (list_is_last(list, &smk_netlbladdr_list)) { 667 *pos = SEQ_READ_FINISHED; 668 return NULL; 669 } 670 671 return list->next; 672 } 673 #define BEBITS (sizeof(__be32) * 8) 674 675 /* 676 * Print host/label pairs 677 */ 678 static int netlbladdr_seq_show(struct seq_file *s, void *v) 679 { 680 struct list_head *list = v; 681 struct smk_netlbladdr *skp = 682 list_entry(list, struct smk_netlbladdr, list); 683 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr; 684 int maskn; 685 u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr); 686 687 for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++); 688 689 seq_printf(s, "%u.%u.%u.%u/%d %s\n", 690 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label); 691 692 return 0; 693 } 694 695 static void netlbladdr_seq_stop(struct seq_file *s, void *v) 696 { 697 /* No-op */ 698 } 699 700 static const struct seq_operations netlbladdr_seq_ops = { 701 .start = netlbladdr_seq_start, 702 .stop = netlbladdr_seq_stop, 703 .next = netlbladdr_seq_next, 704 .show = netlbladdr_seq_show, 705 }; 706 707 /** 708 * smk_open_netlbladdr - open() for /smack/netlabel 709 * @inode: inode structure representing file 710 * @file: "netlabel" file pointer 711 * 712 * Connect our netlbladdr_seq_* operations with /smack/netlabel 713 * file_operations 714 */ 715 static int smk_open_netlbladdr(struct inode *inode, struct file *file) 716 { 717 return seq_open(file, &netlbladdr_seq_ops); 718 } 719 720 /** 721 * smk_netlbladdr_insert 722 * @new : netlabel to insert 723 * 724 * This helper insert netlabel in the smack_netlbladdrs list 725 * sorted by netmask length (longest to smallest) 726 * locked by &smk_netlbladdr_lock in smk_write_netlbladdr 727 * 728 */ 729 static void smk_netlbladdr_insert(struct smk_netlbladdr *new) 730 { 731 struct smk_netlbladdr *m, *m_next; 732 733 if (list_empty(&smk_netlbladdr_list)) { 734 list_add_rcu(&new->list, &smk_netlbladdr_list); 735 return; 736 } 737 738 m = list_entry_rcu(smk_netlbladdr_list.next, 739 struct smk_netlbladdr, list); 740 741 /* the comparison '>' is a bit hacky, but works */ 742 if (new->smk_mask.s_addr > m->smk_mask.s_addr) { 743 list_add_rcu(&new->list, &smk_netlbladdr_list); 744 return; 745 } 746 747 list_for_each_entry_rcu(m, &smk_netlbladdr_list, list) { 748 if (list_is_last(&m->list, &smk_netlbladdr_list)) { 749 list_add_rcu(&new->list, &m->list); 750 return; 751 } 752 m_next = list_entry_rcu(m->list.next, 753 struct smk_netlbladdr, list); 754 if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) { 755 list_add_rcu(&new->list, &m->list); 756 return; 757 } 758 } 759 } 760 761 762 /** 763 * smk_write_netlbladdr - write() for /smack/netlabel 764 * @file: file pointer, not actually used 765 * @buf: where to get the data from 766 * @count: bytes sent 767 * @ppos: where to start 768 * 769 * Accepts only one netlbladdr per write call. 770 * Returns number of bytes written or error code, as appropriate 771 */ 772 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf, 773 size_t count, loff_t *ppos) 774 { 775 struct smk_netlbladdr *skp; 776 struct sockaddr_in newname; 777 char smack[SMK_LABELLEN]; 778 char *sp; 779 char data[SMK_NETLBLADDRMAX + 1]; 780 char *host = (char *)&newname.sin_addr.s_addr; 781 int rc; 782 struct netlbl_audit audit_info; 783 struct in_addr mask; 784 unsigned int m; 785 int found; 786 u32 mask_bits = (1<<31); 787 __be32 nsa; 788 u32 temp_mask; 789 790 /* 791 * Must have privilege. 792 * No partial writes. 793 * Enough data must be present. 794 * "<addr/mask, as a.b.c.d/e><space><label>" 795 * "<addr, as a.b.c.d><space><label>" 796 */ 797 if (!capable(CAP_MAC_ADMIN)) 798 return -EPERM; 799 if (*ppos != 0) 800 return -EINVAL; 801 if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX) 802 return -EINVAL; 803 if (copy_from_user(data, buf, count) != 0) 804 return -EFAULT; 805 806 data[count] = '\0'; 807 808 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%d %s", 809 &host[0], &host[1], &host[2], &host[3], &m, smack); 810 if (rc != 6) { 811 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s", 812 &host[0], &host[1], &host[2], &host[3], smack); 813 if (rc != 5) 814 return -EINVAL; 815 m = BEBITS; 816 } 817 if (m > BEBITS) 818 return -EINVAL; 819 820 /* if smack begins with '-', its an option, don't import it */ 821 if (smack[0] != '-') { 822 sp = smk_import(smack, 0); 823 if (sp == NULL) 824 return -EINVAL; 825 } else { 826 /* check known options */ 827 if (strcmp(smack, smack_cipso_option) == 0) 828 sp = (char *)smack_cipso_option; 829 else 830 return -EINVAL; 831 } 832 833 for (temp_mask = 0; m > 0; m--) { 834 temp_mask |= mask_bits; 835 mask_bits >>= 1; 836 } 837 mask.s_addr = cpu_to_be32(temp_mask); 838 839 newname.sin_addr.s_addr &= mask.s_addr; 840 /* 841 * Only allow one writer at a time. Writes should be 842 * quite rare and small in any case. 843 */ 844 mutex_lock(&smk_netlbladdr_lock); 845 846 nsa = newname.sin_addr.s_addr; 847 /* try to find if the prefix is already in the list */ 848 found = 0; 849 list_for_each_entry_rcu(skp, &smk_netlbladdr_list, list) { 850 if (skp->smk_host.sin_addr.s_addr == nsa && 851 skp->smk_mask.s_addr == mask.s_addr) { 852 found = 1; 853 break; 854 } 855 } 856 smk_netlabel_audit_set(&audit_info); 857 858 if (found == 0) { 859 skp = kzalloc(sizeof(*skp), GFP_KERNEL); 860 if (skp == NULL) 861 rc = -ENOMEM; 862 else { 863 rc = 0; 864 skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr; 865 skp->smk_mask.s_addr = mask.s_addr; 866 skp->smk_label = sp; 867 smk_netlbladdr_insert(skp); 868 } 869 } else { 870 /* we delete the unlabeled entry, only if the previous label 871 * wasnt the special CIPSO option */ 872 if (skp->smk_label != smack_cipso_option) 873 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL, 874 &skp->smk_host.sin_addr, &skp->smk_mask, 875 PF_INET, &audit_info); 876 else 877 rc = 0; 878 skp->smk_label = sp; 879 } 880 881 /* 882 * Now tell netlabel about the single label nature of 883 * this host so that incoming packets get labeled. 884 * but only if we didn't get the special CIPSO option 885 */ 886 if (rc == 0 && sp != smack_cipso_option) 887 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, 888 &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET, 889 smack_to_secid(skp->smk_label), &audit_info); 890 891 if (rc == 0) 892 rc = count; 893 894 mutex_unlock(&smk_netlbladdr_lock); 895 896 return rc; 897 } 898 899 static const struct file_operations smk_netlbladdr_ops = { 900 .open = smk_open_netlbladdr, 901 .read = seq_read, 902 .llseek = seq_lseek, 903 .write = smk_write_netlbladdr, 904 .release = seq_release, 905 }; 906 907 /** 908 * smk_read_doi - read() for /smack/doi 909 * @filp: file pointer, not actually used 910 * @buf: where to put the result 911 * @count: maximum to send along 912 * @ppos: where to start 913 * 914 * Returns number of bytes read or error code, as appropriate 915 */ 916 static ssize_t smk_read_doi(struct file *filp, char __user *buf, 917 size_t count, loff_t *ppos) 918 { 919 char temp[80]; 920 ssize_t rc; 921 922 if (*ppos != 0) 923 return 0; 924 925 sprintf(temp, "%d", smk_cipso_doi_value); 926 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 927 928 return rc; 929 } 930 931 /** 932 * smk_write_doi - write() for /smack/doi 933 * @file: file pointer, not actually used 934 * @buf: where to get the data from 935 * @count: bytes sent 936 * @ppos: where to start 937 * 938 * Returns number of bytes written or error code, as appropriate 939 */ 940 static ssize_t smk_write_doi(struct file *file, const char __user *buf, 941 size_t count, loff_t *ppos) 942 { 943 char temp[80]; 944 int i; 945 946 if (!capable(CAP_MAC_ADMIN)) 947 return -EPERM; 948 949 if (count >= sizeof(temp) || count == 0) 950 return -EINVAL; 951 952 if (copy_from_user(temp, buf, count) != 0) 953 return -EFAULT; 954 955 temp[count] = '\0'; 956 957 if (sscanf(temp, "%d", &i) != 1) 958 return -EINVAL; 959 960 smk_cipso_doi_value = i; 961 962 smk_cipso_doi(); 963 964 return count; 965 } 966 967 static const struct file_operations smk_doi_ops = { 968 .read = smk_read_doi, 969 .write = smk_write_doi, 970 }; 971 972 /** 973 * smk_read_direct - read() for /smack/direct 974 * @filp: file pointer, not actually used 975 * @buf: where to put the result 976 * @count: maximum to send along 977 * @ppos: where to start 978 * 979 * Returns number of bytes read or error code, as appropriate 980 */ 981 static ssize_t smk_read_direct(struct file *filp, char __user *buf, 982 size_t count, loff_t *ppos) 983 { 984 char temp[80]; 985 ssize_t rc; 986 987 if (*ppos != 0) 988 return 0; 989 990 sprintf(temp, "%d", smack_cipso_direct); 991 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 992 993 return rc; 994 } 995 996 /** 997 * smk_write_direct - write() for /smack/direct 998 * @file: file pointer, not actually used 999 * @buf: where to get the data from 1000 * @count: bytes sent 1001 * @ppos: where to start 1002 * 1003 * Returns number of bytes written or error code, as appropriate 1004 */ 1005 static ssize_t smk_write_direct(struct file *file, const char __user *buf, 1006 size_t count, loff_t *ppos) 1007 { 1008 char temp[80]; 1009 int i; 1010 1011 if (!capable(CAP_MAC_ADMIN)) 1012 return -EPERM; 1013 1014 if (count >= sizeof(temp) || count == 0) 1015 return -EINVAL; 1016 1017 if (copy_from_user(temp, buf, count) != 0) 1018 return -EFAULT; 1019 1020 temp[count] = '\0'; 1021 1022 if (sscanf(temp, "%d", &i) != 1) 1023 return -EINVAL; 1024 1025 smack_cipso_direct = i; 1026 1027 return count; 1028 } 1029 1030 static const struct file_operations smk_direct_ops = { 1031 .read = smk_read_direct, 1032 .write = smk_write_direct, 1033 }; 1034 1035 /** 1036 * smk_read_ambient - read() for /smack/ambient 1037 * @filp: file pointer, not actually used 1038 * @buf: where to put the result 1039 * @cn: maximum to send along 1040 * @ppos: where to start 1041 * 1042 * Returns number of bytes read or error code, as appropriate 1043 */ 1044 static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 1045 size_t cn, loff_t *ppos) 1046 { 1047 ssize_t rc; 1048 int asize; 1049 1050 if (*ppos != 0) 1051 return 0; 1052 /* 1053 * Being careful to avoid a problem in the case where 1054 * smack_net_ambient gets changed in midstream. 1055 */ 1056 mutex_lock(&smack_ambient_lock); 1057 1058 asize = strlen(smack_net_ambient) + 1; 1059 1060 if (cn >= asize) 1061 rc = simple_read_from_buffer(buf, cn, ppos, 1062 smack_net_ambient, asize); 1063 else 1064 rc = -EINVAL; 1065 1066 mutex_unlock(&smack_ambient_lock); 1067 1068 return rc; 1069 } 1070 1071 /** 1072 * smk_write_ambient - write() for /smack/ambient 1073 * @file: file pointer, not actually used 1074 * @buf: where to get the data from 1075 * @count: bytes sent 1076 * @ppos: where to start 1077 * 1078 * Returns number of bytes written or error code, as appropriate 1079 */ 1080 static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 1081 size_t count, loff_t *ppos) 1082 { 1083 char in[SMK_LABELLEN]; 1084 char *oldambient; 1085 char *smack; 1086 1087 if (!capable(CAP_MAC_ADMIN)) 1088 return -EPERM; 1089 1090 if (count >= SMK_LABELLEN) 1091 return -EINVAL; 1092 1093 if (copy_from_user(in, buf, count) != 0) 1094 return -EFAULT; 1095 1096 smack = smk_import(in, count); 1097 if (smack == NULL) 1098 return -EINVAL; 1099 1100 mutex_lock(&smack_ambient_lock); 1101 1102 oldambient = smack_net_ambient; 1103 smack_net_ambient = smack; 1104 smk_unlbl_ambient(oldambient); 1105 1106 mutex_unlock(&smack_ambient_lock); 1107 1108 return count; 1109 } 1110 1111 static const struct file_operations smk_ambient_ops = { 1112 .read = smk_read_ambient, 1113 .write = smk_write_ambient, 1114 }; 1115 1116 /** 1117 * smk_read_onlycap - read() for /smack/onlycap 1118 * @filp: file pointer, not actually used 1119 * @buf: where to put the result 1120 * @cn: maximum to send along 1121 * @ppos: where to start 1122 * 1123 * Returns number of bytes read or error code, as appropriate 1124 */ 1125 static ssize_t smk_read_onlycap(struct file *filp, char __user *buf, 1126 size_t cn, loff_t *ppos) 1127 { 1128 char *smack = ""; 1129 ssize_t rc = -EINVAL; 1130 int asize; 1131 1132 if (*ppos != 0) 1133 return 0; 1134 1135 if (smack_onlycap != NULL) 1136 smack = smack_onlycap; 1137 1138 asize = strlen(smack) + 1; 1139 1140 if (cn >= asize) 1141 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 1142 1143 return rc; 1144 } 1145 1146 /** 1147 * smk_write_onlycap - write() for /smack/onlycap 1148 * @file: file pointer, not actually used 1149 * @buf: where to get the data from 1150 * @count: bytes sent 1151 * @ppos: where to start 1152 * 1153 * Returns number of bytes written or error code, as appropriate 1154 */ 1155 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 1156 size_t count, loff_t *ppos) 1157 { 1158 char in[SMK_LABELLEN]; 1159 char *sp = current->cred->security; 1160 1161 if (!capable(CAP_MAC_ADMIN)) 1162 return -EPERM; 1163 1164 /* 1165 * This can be done using smk_access() but is done 1166 * explicitly for clarity. The smk_access() implementation 1167 * would use smk_access(smack_onlycap, MAY_WRITE) 1168 */ 1169 if (smack_onlycap != NULL && smack_onlycap != sp) 1170 return -EPERM; 1171 1172 if (count >= SMK_LABELLEN) 1173 return -EINVAL; 1174 1175 if (copy_from_user(in, buf, count) != 0) 1176 return -EFAULT; 1177 1178 /* 1179 * Should the null string be passed in unset the onlycap value. 1180 * This seems like something to be careful with as usually 1181 * smk_import only expects to return NULL for errors. It 1182 * is usually the case that a nullstring or "\n" would be 1183 * bad to pass to smk_import but in fact this is useful here. 1184 */ 1185 smack_onlycap = smk_import(in, count); 1186 1187 return count; 1188 } 1189 1190 static const struct file_operations smk_onlycap_ops = { 1191 .read = smk_read_onlycap, 1192 .write = smk_write_onlycap, 1193 }; 1194 1195 /** 1196 * smk_read_logging - read() for /smack/logging 1197 * @filp: file pointer, not actually used 1198 * @buf: where to put the result 1199 * @cn: maximum to send along 1200 * @ppos: where to start 1201 * 1202 * Returns number of bytes read or error code, as appropriate 1203 */ 1204 static ssize_t smk_read_logging(struct file *filp, char __user *buf, 1205 size_t count, loff_t *ppos) 1206 { 1207 char temp[32]; 1208 ssize_t rc; 1209 1210 if (*ppos != 0) 1211 return 0; 1212 1213 sprintf(temp, "%d\n", log_policy); 1214 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1215 return rc; 1216 } 1217 1218 /** 1219 * smk_write_logging - write() for /smack/logging 1220 * @file: file pointer, not actually used 1221 * @buf: where to get the data from 1222 * @count: bytes sent 1223 * @ppos: where to start 1224 * 1225 * Returns number of bytes written or error code, as appropriate 1226 */ 1227 static ssize_t smk_write_logging(struct file *file, const char __user *buf, 1228 size_t count, loff_t *ppos) 1229 { 1230 char temp[32]; 1231 int i; 1232 1233 if (!capable(CAP_MAC_ADMIN)) 1234 return -EPERM; 1235 1236 if (count >= sizeof(temp) || count == 0) 1237 return -EINVAL; 1238 1239 if (copy_from_user(temp, buf, count) != 0) 1240 return -EFAULT; 1241 1242 temp[count] = '\0'; 1243 1244 if (sscanf(temp, "%d", &i) != 1) 1245 return -EINVAL; 1246 if (i < 0 || i > 3) 1247 return -EINVAL; 1248 log_policy = i; 1249 return count; 1250 } 1251 1252 1253 1254 static const struct file_operations smk_logging_ops = { 1255 .read = smk_read_logging, 1256 .write = smk_write_logging, 1257 }; 1258 /** 1259 * smk_fill_super - fill the /smackfs superblock 1260 * @sb: the empty superblock 1261 * @data: unused 1262 * @silent: unused 1263 * 1264 * Fill in the well known entries for /smack 1265 * 1266 * Returns 0 on success, an error code on failure 1267 */ 1268 static int smk_fill_super(struct super_block *sb, void *data, int silent) 1269 { 1270 int rc; 1271 struct inode *root_inode; 1272 1273 static struct tree_descr smack_files[] = { 1274 [SMK_LOAD] = 1275 {"load", &smk_load_ops, S_IRUGO|S_IWUSR}, 1276 [SMK_CIPSO] = 1277 {"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 1278 [SMK_DOI] = 1279 {"doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 1280 [SMK_DIRECT] = 1281 {"direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 1282 [SMK_AMBIENT] = 1283 {"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 1284 [SMK_NETLBLADDR] = 1285 {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, 1286 [SMK_ONLYCAP] = 1287 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 1288 [SMK_LOGGING] = 1289 {"logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, 1290 /* last one */ {""} 1291 }; 1292 1293 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 1294 if (rc != 0) { 1295 printk(KERN_ERR "%s failed %d while creating inodes\n", 1296 __func__, rc); 1297 return rc; 1298 } 1299 1300 root_inode = sb->s_root->d_inode; 1301 root_inode->i_security = new_inode_smack(smack_known_floor.smk_known); 1302 1303 return 0; 1304 } 1305 1306 /** 1307 * smk_get_sb - get the smackfs superblock 1308 * @fs_type: passed along without comment 1309 * @flags: passed along without comment 1310 * @dev_name: passed along without comment 1311 * @data: passed along without comment 1312 * @mnt: passed along without comment 1313 * 1314 * Just passes everything along. 1315 * 1316 * Returns what the lower level code does. 1317 */ 1318 static int smk_get_sb(struct file_system_type *fs_type, 1319 int flags, const char *dev_name, void *data, 1320 struct vfsmount *mnt) 1321 { 1322 return get_sb_single(fs_type, flags, data, smk_fill_super, mnt); 1323 } 1324 1325 static struct file_system_type smk_fs_type = { 1326 .name = "smackfs", 1327 .get_sb = smk_get_sb, 1328 .kill_sb = kill_litter_super, 1329 }; 1330 1331 static struct vfsmount *smackfs_mount; 1332 1333 /** 1334 * init_smk_fs - get the smackfs superblock 1335 * 1336 * register the smackfs 1337 * 1338 * Do not register smackfs if Smack wasn't enabled 1339 * on boot. We can not put this method normally under the 1340 * smack_init() code path since the security subsystem get 1341 * initialized before the vfs caches. 1342 * 1343 * Returns true if we were not chosen on boot or if 1344 * we were chosen and filesystem registration succeeded. 1345 */ 1346 static int __init init_smk_fs(void) 1347 { 1348 int err; 1349 1350 if (!security_module_enable(&smack_ops)) 1351 return 0; 1352 1353 err = register_filesystem(&smk_fs_type); 1354 if (!err) { 1355 smackfs_mount = kern_mount(&smk_fs_type); 1356 if (IS_ERR(smackfs_mount)) { 1357 printk(KERN_ERR "smackfs: could not mount!\n"); 1358 err = PTR_ERR(smackfs_mount); 1359 smackfs_mount = NULL; 1360 } 1361 } 1362 1363 smk_cipso_doi(); 1364 smk_unlbl_ambient(NULL); 1365 1366 return err; 1367 } 1368 1369 __initcall(init_smk_fs); 1370