1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/vmalloc.h> 21 #include <linux/security.h> 22 #include <linux/mutex.h> 23 #include <net/net_namespace.h> 24 #include <net/netlabel.h> 25 #include <net/cipso_ipv4.h> 26 #include <linux/seq_file.h> 27 #include <linux/ctype.h> 28 #include <linux/audit.h> 29 #include "smack.h" 30 31 /* 32 * smackfs pseudo filesystem. 33 */ 34 35 enum smk_inos { 36 SMK_ROOT_INO = 2, 37 SMK_LOAD = 3, /* load policy */ 38 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 39 SMK_DOI = 5, /* CIPSO DOI */ 40 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 41 SMK_AMBIENT = 7, /* internet ambient label */ 42 SMK_NETLBLADDR = 8, /* single label hosts */ 43 SMK_ONLYCAP = 9, /* the only "capable" label */ 44 }; 45 46 /* 47 * List locks 48 */ 49 static DEFINE_MUTEX(smack_list_lock); 50 static DEFINE_MUTEX(smack_cipso_lock); 51 static DEFINE_MUTEX(smack_ambient_lock); 52 static DEFINE_MUTEX(smk_netlbladdr_lock); 53 54 /* 55 * This is the "ambient" label for network traffic. 56 * If it isn't somehow marked, use this. 57 * It can be reset via smackfs/ambient 58 */ 59 char *smack_net_ambient = smack_known_floor.smk_known; 60 61 /* 62 * This is the level in a CIPSO header that indicates a 63 * smack label is contained directly in the category set. 64 * It can be reset via smackfs/direct 65 */ 66 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 67 68 /* 69 * Unless a process is running with this label even 70 * having CAP_MAC_OVERRIDE isn't enough to grant 71 * privilege to violate MAC policy. If no label is 72 * designated (the NULL case) capabilities apply to 73 * everyone. It is expected that the hat (^) label 74 * will be used if any label is used. 75 */ 76 char *smack_onlycap; 77 78 /* 79 * Certain IP addresses may be designated as single label hosts. 80 * Packets are sent there unlabeled, but only from tasks that 81 * can write to the specified label. 82 */ 83 84 LIST_HEAD(smk_netlbladdr_list); 85 LIST_HEAD(smack_rule_list); 86 87 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 88 89 const char *smack_cipso_option = SMACK_CIPSO_OPTION; 90 91 92 #define SEQ_READ_FINISHED 1 93 94 /* 95 * Values for parsing cipso rules 96 * SMK_DIGITLEN: Length of a digit field in a rule. 97 * SMK_CIPSOMIN: Minimum possible cipso rule length. 98 * SMK_CIPSOMAX: Maximum possible cipso rule length. 99 */ 100 #define SMK_DIGITLEN 4 101 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 102 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 103 104 /* 105 * Values for parsing MAC rules 106 * SMK_ACCESS: Maximum possible combination of access permissions 107 * SMK_ACCESSLEN: Maximum length for a rule access field 108 * SMK_LOADLEN: Smack rule length 109 */ 110 #define SMK_ACCESS "rwxa" 111 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 112 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 113 114 /** 115 * smk_netlabel_audit_set - fill a netlbl_audit struct 116 * @nap: structure to fill 117 */ 118 static void smk_netlabel_audit_set(struct netlbl_audit *nap) 119 { 120 nap->loginuid = audit_get_loginuid(current); 121 nap->sessionid = audit_get_sessionid(current); 122 nap->secid = smack_to_secid(current_security()); 123 } 124 125 /* 126 * Values for parsing single label host rules 127 * "1.2.3.4 X" 128 * "192.168.138.129/32 abcdefghijklmnopqrstuvw" 129 */ 130 #define SMK_NETLBLADDRMIN 9 131 #define SMK_NETLBLADDRMAX 42 132 133 /* 134 * Seq_file read operations for /smack/load 135 */ 136 137 static void *load_seq_start(struct seq_file *s, loff_t *pos) 138 { 139 if (*pos == SEQ_READ_FINISHED) 140 return NULL; 141 if (list_empty(&smack_rule_list)) 142 return NULL; 143 return smack_rule_list.next; 144 } 145 146 static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) 147 { 148 struct list_head *list = v; 149 150 if (list_is_last(list, &smack_rule_list)) { 151 *pos = SEQ_READ_FINISHED; 152 return NULL; 153 } 154 return list->next; 155 } 156 157 static int load_seq_show(struct seq_file *s, void *v) 158 { 159 struct list_head *list = v; 160 struct smack_rule *srp = 161 list_entry(list, struct smack_rule, list); 162 163 seq_printf(s, "%s %s", (char *)srp->smk_subject, 164 (char *)srp->smk_object); 165 166 seq_putc(s, ' '); 167 168 if (srp->smk_access & MAY_READ) 169 seq_putc(s, 'r'); 170 if (srp->smk_access & MAY_WRITE) 171 seq_putc(s, 'w'); 172 if (srp->smk_access & MAY_EXEC) 173 seq_putc(s, 'x'); 174 if (srp->smk_access & MAY_APPEND) 175 seq_putc(s, 'a'); 176 if (srp->smk_access == 0) 177 seq_putc(s, '-'); 178 179 seq_putc(s, '\n'); 180 181 return 0; 182 } 183 184 static void load_seq_stop(struct seq_file *s, void *v) 185 { 186 /* No-op */ 187 } 188 189 static struct seq_operations load_seq_ops = { 190 .start = load_seq_start, 191 .next = load_seq_next, 192 .show = load_seq_show, 193 .stop = load_seq_stop, 194 }; 195 196 /** 197 * smk_open_load - open() for /smack/load 198 * @inode: inode structure representing file 199 * @file: "load" file pointer 200 * 201 * For reading, use load_seq_* seq_file reading operations. 202 */ 203 static int smk_open_load(struct inode *inode, struct file *file) 204 { 205 return seq_open(file, &load_seq_ops); 206 } 207 208 /** 209 * smk_set_access - add a rule to the rule list 210 * @srp: the new rule to add 211 * 212 * Looks through the current subject/object/access list for 213 * the subject/object pair and replaces the access that was 214 * there. If the pair isn't found add it with the specified 215 * access. 216 * 217 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 218 * during the allocation of the new pair to add. 219 */ 220 static int smk_set_access(struct smack_rule *srp) 221 { 222 struct smack_rule *sp; 223 int ret = 0; 224 int found; 225 mutex_lock(&smack_list_lock); 226 227 found = 0; 228 list_for_each_entry_rcu(sp, &smack_rule_list, list) { 229 if (sp->smk_subject == srp->smk_subject && 230 sp->smk_object == srp->smk_object) { 231 found = 1; 232 sp->smk_access = srp->smk_access; 233 break; 234 } 235 } 236 if (found == 0) 237 list_add_rcu(&srp->list, &smack_rule_list); 238 239 mutex_unlock(&smack_list_lock); 240 241 return ret; 242 } 243 244 /** 245 * smk_write_load - write() for /smack/load 246 * @file: file pointer, not actually used 247 * @buf: where to get the data from 248 * @count: bytes sent 249 * @ppos: where to start - must be 0 250 * 251 * Get one smack access rule from above. 252 * The format is exactly: 253 * char subject[SMK_LABELLEN] 254 * char object[SMK_LABELLEN] 255 * char access[SMK_ACCESSLEN] 256 * 257 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. 258 */ 259 static ssize_t smk_write_load(struct file *file, const char __user *buf, 260 size_t count, loff_t *ppos) 261 { 262 struct smack_rule *rule; 263 char *data; 264 int rc = -EINVAL; 265 266 /* 267 * Must have privilege. 268 * No partial writes. 269 * Enough data must be present. 270 */ 271 if (!capable(CAP_MAC_ADMIN)) 272 return -EPERM; 273 274 if (*ppos != 0 || count != SMK_LOADLEN) 275 return -EINVAL; 276 277 data = kzalloc(count, GFP_KERNEL); 278 if (data == NULL) 279 return -ENOMEM; 280 281 if (copy_from_user(data, buf, count) != 0) { 282 rc = -EFAULT; 283 goto out; 284 } 285 286 rule = kzalloc(sizeof(*rule), GFP_KERNEL); 287 if (rule == NULL) { 288 rc = -ENOMEM; 289 goto out; 290 } 291 292 rule->smk_subject = smk_import(data, 0); 293 if (rule->smk_subject == NULL) 294 goto out_free_rule; 295 296 rule->smk_object = smk_import(data + SMK_LABELLEN, 0); 297 if (rule->smk_object == NULL) 298 goto out_free_rule; 299 300 rule->smk_access = 0; 301 302 switch (data[SMK_LABELLEN + SMK_LABELLEN]) { 303 case '-': 304 break; 305 case 'r': 306 case 'R': 307 rule->smk_access |= MAY_READ; 308 break; 309 default: 310 goto out_free_rule; 311 } 312 313 switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) { 314 case '-': 315 break; 316 case 'w': 317 case 'W': 318 rule->smk_access |= MAY_WRITE; 319 break; 320 default: 321 goto out_free_rule; 322 } 323 324 switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) { 325 case '-': 326 break; 327 case 'x': 328 case 'X': 329 rule->smk_access |= MAY_EXEC; 330 break; 331 default: 332 goto out_free_rule; 333 } 334 335 switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) { 336 case '-': 337 break; 338 case 'a': 339 case 'A': 340 rule->smk_access |= MAY_APPEND; 341 break; 342 default: 343 goto out_free_rule; 344 } 345 346 rc = smk_set_access(rule); 347 348 if (!rc) 349 rc = count; 350 goto out; 351 352 out_free_rule: 353 kfree(rule); 354 out: 355 kfree(data); 356 return rc; 357 } 358 359 static const struct file_operations smk_load_ops = { 360 .open = smk_open_load, 361 .read = seq_read, 362 .llseek = seq_lseek, 363 .write = smk_write_load, 364 .release = seq_release, 365 }; 366 367 /** 368 * smk_cipso_doi - initialize the CIPSO domain 369 */ 370 static void smk_cipso_doi(void) 371 { 372 int rc; 373 struct cipso_v4_doi *doip; 374 struct netlbl_audit nai; 375 376 smk_netlabel_audit_set(&nai); 377 378 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); 379 if (rc != 0) 380 printk(KERN_WARNING "%s:%d remove rc = %d\n", 381 __func__, __LINE__, rc); 382 383 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 384 if (doip == NULL) 385 panic("smack: Failed to initialize cipso DOI.\n"); 386 doip->map.std = NULL; 387 doip->doi = smk_cipso_doi_value; 388 doip->type = CIPSO_V4_MAP_PASS; 389 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 390 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 391 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 392 393 rc = netlbl_cfg_cipsov4_add(doip, &nai); 394 if (rc != 0) { 395 printk(KERN_WARNING "%s:%d cipso add rc = %d\n", 396 __func__, __LINE__, rc); 397 kfree(doip); 398 return; 399 } 400 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); 401 if (rc != 0) { 402 printk(KERN_WARNING "%s:%d map add rc = %d\n", 403 __func__, __LINE__, rc); 404 kfree(doip); 405 return; 406 } 407 } 408 409 /** 410 * smk_unlbl_ambient - initialize the unlabeled domain 411 * @oldambient: previous domain string 412 */ 413 static void smk_unlbl_ambient(char *oldambient) 414 { 415 int rc; 416 struct netlbl_audit nai; 417 418 smk_netlabel_audit_set(&nai); 419 420 if (oldambient != NULL) { 421 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); 422 if (rc != 0) 423 printk(KERN_WARNING "%s:%d remove rc = %d\n", 424 __func__, __LINE__, rc); 425 } 426 427 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient, PF_INET, 428 NULL, NULL, &nai); 429 if (rc != 0) 430 printk(KERN_WARNING "%s:%d add rc = %d\n", 431 __func__, __LINE__, rc); 432 } 433 434 /* 435 * Seq_file read operations for /smack/cipso 436 */ 437 438 static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 439 { 440 if (*pos == SEQ_READ_FINISHED) 441 return NULL; 442 if (list_empty(&smack_known_list)) 443 return NULL; 444 445 return smack_known_list.next; 446 } 447 448 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 449 { 450 struct list_head *list = v; 451 452 /* 453 * labels with no associated cipso value wont be printed 454 * in cipso_seq_show 455 */ 456 if (list_is_last(list, &smack_known_list)) { 457 *pos = SEQ_READ_FINISHED; 458 return NULL; 459 } 460 461 return list->next; 462 } 463 464 /* 465 * Print cipso labels in format: 466 * label level[/cat[,cat]] 467 */ 468 static int cipso_seq_show(struct seq_file *s, void *v) 469 { 470 struct list_head *list = v; 471 struct smack_known *skp = 472 list_entry(list, struct smack_known, list); 473 struct smack_cipso *scp = skp->smk_cipso; 474 char *cbp; 475 char sep = '/'; 476 int cat = 1; 477 int i; 478 unsigned char m; 479 480 if (scp == NULL) 481 return 0; 482 483 seq_printf(s, "%s %3d", (char *)&skp->smk_known, scp->smk_level); 484 485 cbp = scp->smk_catset; 486 for (i = 0; i < SMK_LABELLEN; i++) 487 for (m = 0x80; m != 0; m >>= 1) { 488 if (m & cbp[i]) { 489 seq_printf(s, "%c%d", sep, cat); 490 sep = ','; 491 } 492 cat++; 493 } 494 495 seq_putc(s, '\n'); 496 497 return 0; 498 } 499 500 static void cipso_seq_stop(struct seq_file *s, void *v) 501 { 502 /* No-op */ 503 } 504 505 static struct seq_operations cipso_seq_ops = { 506 .start = cipso_seq_start, 507 .stop = cipso_seq_stop, 508 .next = cipso_seq_next, 509 .show = cipso_seq_show, 510 }; 511 512 /** 513 * smk_open_cipso - open() for /smack/cipso 514 * @inode: inode structure representing file 515 * @file: "cipso" file pointer 516 * 517 * Connect our cipso_seq_* operations with /smack/cipso 518 * file_operations 519 */ 520 static int smk_open_cipso(struct inode *inode, struct file *file) 521 { 522 return seq_open(file, &cipso_seq_ops); 523 } 524 525 /** 526 * smk_write_cipso - write() for /smack/cipso 527 * @file: file pointer, not actually used 528 * @buf: where to get the data from 529 * @count: bytes sent 530 * @ppos: where to start 531 * 532 * Accepts only one cipso rule per write call. 533 * Returns number of bytes written or error code, as appropriate 534 */ 535 static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 536 size_t count, loff_t *ppos) 537 { 538 struct smack_known *skp; 539 struct smack_cipso *scp = NULL; 540 char mapcatset[SMK_LABELLEN]; 541 int maplevel; 542 int cat; 543 int catlen; 544 ssize_t rc = -EINVAL; 545 char *data = NULL; 546 char *rule; 547 int ret; 548 int i; 549 550 /* 551 * Must have privilege. 552 * No partial writes. 553 * Enough data must be present. 554 */ 555 if (!capable(CAP_MAC_ADMIN)) 556 return -EPERM; 557 if (*ppos != 0) 558 return -EINVAL; 559 if (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX) 560 return -EINVAL; 561 562 data = kzalloc(count + 1, GFP_KERNEL); 563 if (data == NULL) 564 return -ENOMEM; 565 566 if (copy_from_user(data, buf, count) != 0) { 567 rc = -EFAULT; 568 goto unlockedout; 569 } 570 571 /* labels cannot begin with a '-' */ 572 if (data[0] == '-') { 573 rc = -EINVAL; 574 goto unlockedout; 575 } 576 data[count] = '\0'; 577 rule = data; 578 /* 579 * Only allow one writer at a time. Writes should be 580 * quite rare and small in any case. 581 */ 582 mutex_lock(&smack_cipso_lock); 583 584 skp = smk_import_entry(rule, 0); 585 if (skp == NULL) 586 goto out; 587 588 rule += SMK_LABELLEN; 589 ret = sscanf(rule, "%d", &maplevel); 590 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 591 goto out; 592 593 rule += SMK_DIGITLEN; 594 ret = sscanf(rule, "%d", &catlen); 595 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 596 goto out; 597 598 if (count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 599 goto out; 600 601 memset(mapcatset, 0, sizeof(mapcatset)); 602 603 for (i = 0; i < catlen; i++) { 604 rule += SMK_DIGITLEN; 605 ret = sscanf(rule, "%d", &cat); 606 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL) 607 goto out; 608 609 smack_catset_bit(cat, mapcatset); 610 } 611 612 if (skp->smk_cipso == NULL) { 613 scp = kzalloc(sizeof(struct smack_cipso), GFP_KERNEL); 614 if (scp == NULL) { 615 rc = -ENOMEM; 616 goto out; 617 } 618 } 619 620 spin_lock_bh(&skp->smk_cipsolock); 621 622 if (scp == NULL) 623 scp = skp->smk_cipso; 624 else 625 skp->smk_cipso = scp; 626 627 scp->smk_level = maplevel; 628 memcpy(scp->smk_catset, mapcatset, sizeof(mapcatset)); 629 630 spin_unlock_bh(&skp->smk_cipsolock); 631 632 rc = count; 633 out: 634 mutex_unlock(&smack_cipso_lock); 635 unlockedout: 636 kfree(data); 637 return rc; 638 } 639 640 static const struct file_operations smk_cipso_ops = { 641 .open = smk_open_cipso, 642 .read = seq_read, 643 .llseek = seq_lseek, 644 .write = smk_write_cipso, 645 .release = seq_release, 646 }; 647 648 /* 649 * Seq_file read operations for /smack/netlabel 650 */ 651 652 static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos) 653 { 654 if (*pos == SEQ_READ_FINISHED) 655 return NULL; 656 if (list_empty(&smk_netlbladdr_list)) 657 return NULL; 658 return smk_netlbladdr_list.next; 659 } 660 661 static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos) 662 { 663 struct list_head *list = v; 664 665 if (list_is_last(list, &smk_netlbladdr_list)) { 666 *pos = SEQ_READ_FINISHED; 667 return NULL; 668 } 669 670 return list->next; 671 } 672 #define BEBITS (sizeof(__be32) * 8) 673 674 /* 675 * Print host/label pairs 676 */ 677 static int netlbladdr_seq_show(struct seq_file *s, void *v) 678 { 679 struct list_head *list = v; 680 struct smk_netlbladdr *skp = 681 list_entry(list, struct smk_netlbladdr, list); 682 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr; 683 int maskn; 684 u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr); 685 686 for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++); 687 688 seq_printf(s, "%u.%u.%u.%u/%d %s\n", 689 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label); 690 691 return 0; 692 } 693 694 static void netlbladdr_seq_stop(struct seq_file *s, void *v) 695 { 696 /* No-op */ 697 } 698 699 static struct seq_operations netlbladdr_seq_ops = { 700 .start = netlbladdr_seq_start, 701 .stop = netlbladdr_seq_stop, 702 .next = netlbladdr_seq_next, 703 .show = netlbladdr_seq_show, 704 }; 705 706 /** 707 * smk_open_netlbladdr - open() for /smack/netlabel 708 * @inode: inode structure representing file 709 * @file: "netlabel" file pointer 710 * 711 * Connect our netlbladdr_seq_* operations with /smack/netlabel 712 * file_operations 713 */ 714 static int smk_open_netlbladdr(struct inode *inode, struct file *file) 715 { 716 return seq_open(file, &netlbladdr_seq_ops); 717 } 718 719 /** 720 * smk_netlbladdr_insert 721 * @new : netlabel to insert 722 * 723 * This helper insert netlabel in the smack_netlbladdrs list 724 * sorted by netmask length (longest to smallest) 725 * locked by &smk_netlbladdr_lock in smk_write_netlbladdr 726 * 727 */ 728 static void smk_netlbladdr_insert(struct smk_netlbladdr *new) 729 { 730 struct smk_netlbladdr *m, *m_next; 731 732 if (list_empty(&smk_netlbladdr_list)) { 733 list_add_rcu(&new->list, &smk_netlbladdr_list); 734 return; 735 } 736 737 m = list_entry(rcu_dereference(smk_netlbladdr_list.next), 738 struct smk_netlbladdr, list); 739 740 /* the comparison '>' is a bit hacky, but works */ 741 if (new->smk_mask.s_addr > m->smk_mask.s_addr) { 742 list_add_rcu(&new->list, &smk_netlbladdr_list); 743 return; 744 } 745 746 list_for_each_entry_rcu(m, &smk_netlbladdr_list, list) { 747 if (list_is_last(&m->list, &smk_netlbladdr_list)) { 748 list_add_rcu(&new->list, &m->list); 749 return; 750 } 751 m_next = list_entry(rcu_dereference(m->list.next), 752 struct smk_netlbladdr, list); 753 if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) { 754 list_add_rcu(&new->list, &m->list); 755 return; 756 } 757 } 758 } 759 760 761 /** 762 * smk_write_netlbladdr - write() for /smack/netlabel 763 * @file: file pointer, not actually used 764 * @buf: where to get the data from 765 * @count: bytes sent 766 * @ppos: where to start 767 * 768 * Accepts only one netlbladdr per write call. 769 * Returns number of bytes written or error code, as appropriate 770 */ 771 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf, 772 size_t count, loff_t *ppos) 773 { 774 struct smk_netlbladdr *skp; 775 struct sockaddr_in newname; 776 char smack[SMK_LABELLEN]; 777 char *sp; 778 char data[SMK_NETLBLADDRMAX]; 779 char *host = (char *)&newname.sin_addr.s_addr; 780 int rc; 781 struct netlbl_audit audit_info; 782 struct in_addr mask; 783 unsigned int m; 784 int found; 785 u32 mask_bits = (1<<31); 786 __be32 nsa; 787 u32 temp_mask; 788 789 /* 790 * Must have privilege. 791 * No partial writes. 792 * Enough data must be present. 793 * "<addr/mask, as a.b.c.d/e><space><label>" 794 * "<addr, as a.b.c.d><space><label>" 795 */ 796 if (!capable(CAP_MAC_ADMIN)) 797 return -EPERM; 798 if (*ppos != 0) 799 return -EINVAL; 800 if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX) 801 return -EINVAL; 802 if (copy_from_user(data, buf, count) != 0) 803 return -EFAULT; 804 805 data[count] = '\0'; 806 807 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%d %s", 808 &host[0], &host[1], &host[2], &host[3], &m, smack); 809 if (rc != 6) { 810 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s", 811 &host[0], &host[1], &host[2], &host[3], smack); 812 if (rc != 5) 813 return -EINVAL; 814 m = BEBITS; 815 } 816 if (m > BEBITS) 817 return -EINVAL; 818 819 /* if smack begins with '-', its an option, don't import it */ 820 if (smack[0] != '-') { 821 sp = smk_import(smack, 0); 822 if (sp == NULL) 823 return -EINVAL; 824 } else { 825 /* check known options */ 826 if (strcmp(smack, smack_cipso_option) == 0) 827 sp = (char *)smack_cipso_option; 828 else 829 return -EINVAL; 830 } 831 832 for (temp_mask = 0; m > 0; m--) { 833 temp_mask |= mask_bits; 834 mask_bits >>= 1; 835 } 836 mask.s_addr = cpu_to_be32(temp_mask); 837 838 newname.sin_addr.s_addr &= mask.s_addr; 839 /* 840 * Only allow one writer at a time. Writes should be 841 * quite rare and small in any case. 842 */ 843 mutex_lock(&smk_netlbladdr_lock); 844 845 nsa = newname.sin_addr.s_addr; 846 /* try to find if the prefix is already in the list */ 847 found = 0; 848 list_for_each_entry_rcu(skp, &smk_netlbladdr_list, list) { 849 if (skp->smk_host.sin_addr.s_addr == nsa && 850 skp->smk_mask.s_addr == mask.s_addr) { 851 found = 1; 852 break; 853 } 854 } 855 smk_netlabel_audit_set(&audit_info); 856 857 if (found == 0) { 858 skp = kzalloc(sizeof(*skp), GFP_KERNEL); 859 if (skp == NULL) 860 rc = -ENOMEM; 861 else { 862 rc = 0; 863 skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr; 864 skp->smk_mask.s_addr = mask.s_addr; 865 skp->smk_label = sp; 866 smk_netlbladdr_insert(skp); 867 } 868 } else { 869 /* we delete the unlabeled entry, only if the previous label 870 * wasnt the special CIPSO option */ 871 if (skp->smk_label != smack_cipso_option) 872 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL, 873 &skp->smk_host.sin_addr, &skp->smk_mask, 874 PF_INET, &audit_info); 875 else 876 rc = 0; 877 skp->smk_label = sp; 878 } 879 880 /* 881 * Now tell netlabel about the single label nature of 882 * this host so that incoming packets get labeled. 883 * but only if we didn't get the special CIPSO option 884 */ 885 if (rc == 0 && sp != smack_cipso_option) 886 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, 887 &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET, 888 smack_to_secid(skp->smk_label), &audit_info); 889 890 if (rc == 0) 891 rc = count; 892 893 mutex_unlock(&smk_netlbladdr_lock); 894 895 return rc; 896 } 897 898 static const struct file_operations smk_netlbladdr_ops = { 899 .open = smk_open_netlbladdr, 900 .read = seq_read, 901 .llseek = seq_lseek, 902 .write = smk_write_netlbladdr, 903 .release = seq_release, 904 }; 905 906 /** 907 * smk_read_doi - read() for /smack/doi 908 * @filp: file pointer, not actually used 909 * @buf: where to put the result 910 * @count: maximum to send along 911 * @ppos: where to start 912 * 913 * Returns number of bytes read or error code, as appropriate 914 */ 915 static ssize_t smk_read_doi(struct file *filp, char __user *buf, 916 size_t count, loff_t *ppos) 917 { 918 char temp[80]; 919 ssize_t rc; 920 921 if (*ppos != 0) 922 return 0; 923 924 sprintf(temp, "%d", smk_cipso_doi_value); 925 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 926 927 return rc; 928 } 929 930 /** 931 * smk_write_doi - write() for /smack/doi 932 * @file: file pointer, not actually used 933 * @buf: where to get the data from 934 * @count: bytes sent 935 * @ppos: where to start 936 * 937 * Returns number of bytes written or error code, as appropriate 938 */ 939 static ssize_t smk_write_doi(struct file *file, const char __user *buf, 940 size_t count, loff_t *ppos) 941 { 942 char temp[80]; 943 int i; 944 945 if (!capable(CAP_MAC_ADMIN)) 946 return -EPERM; 947 948 if (count >= sizeof(temp) || count == 0) 949 return -EINVAL; 950 951 if (copy_from_user(temp, buf, count) != 0) 952 return -EFAULT; 953 954 temp[count] = '\0'; 955 956 if (sscanf(temp, "%d", &i) != 1) 957 return -EINVAL; 958 959 smk_cipso_doi_value = i; 960 961 smk_cipso_doi(); 962 963 return count; 964 } 965 966 static const struct file_operations smk_doi_ops = { 967 .read = smk_read_doi, 968 .write = smk_write_doi, 969 }; 970 971 /** 972 * smk_read_direct - read() for /smack/direct 973 * @filp: file pointer, not actually used 974 * @buf: where to put the result 975 * @count: maximum to send along 976 * @ppos: where to start 977 * 978 * Returns number of bytes read or error code, as appropriate 979 */ 980 static ssize_t smk_read_direct(struct file *filp, char __user *buf, 981 size_t count, loff_t *ppos) 982 { 983 char temp[80]; 984 ssize_t rc; 985 986 if (*ppos != 0) 987 return 0; 988 989 sprintf(temp, "%d", smack_cipso_direct); 990 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 991 992 return rc; 993 } 994 995 /** 996 * smk_write_direct - write() for /smack/direct 997 * @file: file pointer, not actually used 998 * @buf: where to get the data from 999 * @count: bytes sent 1000 * @ppos: where to start 1001 * 1002 * Returns number of bytes written or error code, as appropriate 1003 */ 1004 static ssize_t smk_write_direct(struct file *file, const char __user *buf, 1005 size_t count, loff_t *ppos) 1006 { 1007 char temp[80]; 1008 int i; 1009 1010 if (!capable(CAP_MAC_ADMIN)) 1011 return -EPERM; 1012 1013 if (count >= sizeof(temp) || count == 0) 1014 return -EINVAL; 1015 1016 if (copy_from_user(temp, buf, count) != 0) 1017 return -EFAULT; 1018 1019 temp[count] = '\0'; 1020 1021 if (sscanf(temp, "%d", &i) != 1) 1022 return -EINVAL; 1023 1024 smack_cipso_direct = i; 1025 1026 return count; 1027 } 1028 1029 static const struct file_operations smk_direct_ops = { 1030 .read = smk_read_direct, 1031 .write = smk_write_direct, 1032 }; 1033 1034 /** 1035 * smk_read_ambient - read() for /smack/ambient 1036 * @filp: file pointer, not actually used 1037 * @buf: where to put the result 1038 * @cn: maximum to send along 1039 * @ppos: where to start 1040 * 1041 * Returns number of bytes read or error code, as appropriate 1042 */ 1043 static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 1044 size_t cn, loff_t *ppos) 1045 { 1046 ssize_t rc; 1047 int asize; 1048 1049 if (*ppos != 0) 1050 return 0; 1051 /* 1052 * Being careful to avoid a problem in the case where 1053 * smack_net_ambient gets changed in midstream. 1054 */ 1055 mutex_lock(&smack_ambient_lock); 1056 1057 asize = strlen(smack_net_ambient) + 1; 1058 1059 if (cn >= asize) 1060 rc = simple_read_from_buffer(buf, cn, ppos, 1061 smack_net_ambient, asize); 1062 else 1063 rc = -EINVAL; 1064 1065 mutex_unlock(&smack_ambient_lock); 1066 1067 return rc; 1068 } 1069 1070 /** 1071 * smk_write_ambient - write() for /smack/ambient 1072 * @file: file pointer, not actually used 1073 * @buf: where to get the data from 1074 * @count: bytes sent 1075 * @ppos: where to start 1076 * 1077 * Returns number of bytes written or error code, as appropriate 1078 */ 1079 static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 1080 size_t count, loff_t *ppos) 1081 { 1082 char in[SMK_LABELLEN]; 1083 char *oldambient; 1084 char *smack; 1085 1086 if (!capable(CAP_MAC_ADMIN)) 1087 return -EPERM; 1088 1089 if (count >= SMK_LABELLEN) 1090 return -EINVAL; 1091 1092 if (copy_from_user(in, buf, count) != 0) 1093 return -EFAULT; 1094 1095 smack = smk_import(in, count); 1096 if (smack == NULL) 1097 return -EINVAL; 1098 1099 mutex_lock(&smack_ambient_lock); 1100 1101 oldambient = smack_net_ambient; 1102 smack_net_ambient = smack; 1103 smk_unlbl_ambient(oldambient); 1104 1105 mutex_unlock(&smack_ambient_lock); 1106 1107 return count; 1108 } 1109 1110 static const struct file_operations smk_ambient_ops = { 1111 .read = smk_read_ambient, 1112 .write = smk_write_ambient, 1113 }; 1114 1115 /** 1116 * smk_read_onlycap - read() for /smack/onlycap 1117 * @filp: file pointer, not actually used 1118 * @buf: where to put the result 1119 * @cn: maximum to send along 1120 * @ppos: where to start 1121 * 1122 * Returns number of bytes read or error code, as appropriate 1123 */ 1124 static ssize_t smk_read_onlycap(struct file *filp, char __user *buf, 1125 size_t cn, loff_t *ppos) 1126 { 1127 char *smack = ""; 1128 ssize_t rc = -EINVAL; 1129 int asize; 1130 1131 if (*ppos != 0) 1132 return 0; 1133 1134 if (smack_onlycap != NULL) 1135 smack = smack_onlycap; 1136 1137 asize = strlen(smack) + 1; 1138 1139 if (cn >= asize) 1140 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 1141 1142 return rc; 1143 } 1144 1145 /** 1146 * smk_write_onlycap - write() for /smack/onlycap 1147 * @file: file pointer, not actually used 1148 * @buf: where to get the data from 1149 * @count: bytes sent 1150 * @ppos: where to start 1151 * 1152 * Returns number of bytes written or error code, as appropriate 1153 */ 1154 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 1155 size_t count, loff_t *ppos) 1156 { 1157 char in[SMK_LABELLEN]; 1158 char *sp = current->cred->security; 1159 1160 if (!capable(CAP_MAC_ADMIN)) 1161 return -EPERM; 1162 1163 /* 1164 * This can be done using smk_access() but is done 1165 * explicitly for clarity. The smk_access() implementation 1166 * would use smk_access(smack_onlycap, MAY_WRITE) 1167 */ 1168 if (smack_onlycap != NULL && smack_onlycap != sp) 1169 return -EPERM; 1170 1171 if (count >= SMK_LABELLEN) 1172 return -EINVAL; 1173 1174 if (copy_from_user(in, buf, count) != 0) 1175 return -EFAULT; 1176 1177 /* 1178 * Should the null string be passed in unset the onlycap value. 1179 * This seems like something to be careful with as usually 1180 * smk_import only expects to return NULL for errors. It 1181 * is usually the case that a nullstring or "\n" would be 1182 * bad to pass to smk_import but in fact this is useful here. 1183 */ 1184 smack_onlycap = smk_import(in, count); 1185 1186 return count; 1187 } 1188 1189 static const struct file_operations smk_onlycap_ops = { 1190 .read = smk_read_onlycap, 1191 .write = smk_write_onlycap, 1192 }; 1193 1194 /** 1195 * smk_fill_super - fill the /smackfs superblock 1196 * @sb: the empty superblock 1197 * @data: unused 1198 * @silent: unused 1199 * 1200 * Fill in the well known entries for /smack 1201 * 1202 * Returns 0 on success, an error code on failure 1203 */ 1204 static int smk_fill_super(struct super_block *sb, void *data, int silent) 1205 { 1206 int rc; 1207 struct inode *root_inode; 1208 1209 static struct tree_descr smack_files[] = { 1210 [SMK_LOAD] = 1211 {"load", &smk_load_ops, S_IRUGO|S_IWUSR}, 1212 [SMK_CIPSO] = 1213 {"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 1214 [SMK_DOI] = 1215 {"doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 1216 [SMK_DIRECT] = 1217 {"direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 1218 [SMK_AMBIENT] = 1219 {"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 1220 [SMK_NETLBLADDR] = 1221 {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, 1222 [SMK_ONLYCAP] = 1223 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 1224 /* last one */ {""} 1225 }; 1226 1227 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 1228 if (rc != 0) { 1229 printk(KERN_ERR "%s failed %d while creating inodes\n", 1230 __func__, rc); 1231 return rc; 1232 } 1233 1234 root_inode = sb->s_root->d_inode; 1235 root_inode->i_security = new_inode_smack(smack_known_floor.smk_known); 1236 1237 return 0; 1238 } 1239 1240 /** 1241 * smk_get_sb - get the smackfs superblock 1242 * @fs_type: passed along without comment 1243 * @flags: passed along without comment 1244 * @dev_name: passed along without comment 1245 * @data: passed along without comment 1246 * @mnt: passed along without comment 1247 * 1248 * Just passes everything along. 1249 * 1250 * Returns what the lower level code does. 1251 */ 1252 static int smk_get_sb(struct file_system_type *fs_type, 1253 int flags, const char *dev_name, void *data, 1254 struct vfsmount *mnt) 1255 { 1256 return get_sb_single(fs_type, flags, data, smk_fill_super, mnt); 1257 } 1258 1259 static struct file_system_type smk_fs_type = { 1260 .name = "smackfs", 1261 .get_sb = smk_get_sb, 1262 .kill_sb = kill_litter_super, 1263 }; 1264 1265 static struct vfsmount *smackfs_mount; 1266 1267 /** 1268 * init_smk_fs - get the smackfs superblock 1269 * 1270 * register the smackfs 1271 * 1272 * Do not register smackfs if Smack wasn't enabled 1273 * on boot. We can not put this method normally under the 1274 * smack_init() code path since the security subsystem get 1275 * initialized before the vfs caches. 1276 * 1277 * Returns true if we were not chosen on boot or if 1278 * we were chosen and filesystem registration succeeded. 1279 */ 1280 static int __init init_smk_fs(void) 1281 { 1282 int err; 1283 1284 if (!security_module_enable(&smack_ops)) 1285 return 0; 1286 1287 err = register_filesystem(&smk_fs_type); 1288 if (!err) { 1289 smackfs_mount = kern_mount(&smk_fs_type); 1290 if (IS_ERR(smackfs_mount)) { 1291 printk(KERN_ERR "smackfs: could not mount!\n"); 1292 err = PTR_ERR(smackfs_mount); 1293 smackfs_mount = NULL; 1294 } 1295 } 1296 1297 smk_cipso_doi(); 1298 smk_unlbl_ambient(NULL); 1299 1300 return err; 1301 } 1302 1303 __initcall(init_smk_fs); 1304