1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/vmalloc.h> 21 #include <linux/security.h> 22 #include <linux/mutex.h> 23 #include <linux/slab.h> 24 #include <net/net_namespace.h> 25 #include <net/netlabel.h> 26 #include <net/cipso_ipv4.h> 27 #include <linux/seq_file.h> 28 #include <linux/ctype.h> 29 #include <linux/audit.h> 30 #include "smack.h" 31 32 /* 33 * smackfs pseudo filesystem. 34 */ 35 36 enum smk_inos { 37 SMK_ROOT_INO = 2, 38 SMK_LOAD = 3, /* load policy */ 39 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 40 SMK_DOI = 5, /* CIPSO DOI */ 41 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 42 SMK_AMBIENT = 7, /* internet ambient label */ 43 SMK_NETLBLADDR = 8, /* single label hosts */ 44 SMK_ONLYCAP = 9, /* the only "capable" label */ 45 SMK_LOGGING = 10, /* logging */ 46 }; 47 48 /* 49 * List locks 50 */ 51 static DEFINE_MUTEX(smack_list_lock); 52 static DEFINE_MUTEX(smack_cipso_lock); 53 static DEFINE_MUTEX(smack_ambient_lock); 54 static DEFINE_MUTEX(smk_netlbladdr_lock); 55 56 /* 57 * This is the "ambient" label for network traffic. 58 * If it isn't somehow marked, use this. 59 * It can be reset via smackfs/ambient 60 */ 61 char *smack_net_ambient = smack_known_floor.smk_known; 62 63 /* 64 * This is the level in a CIPSO header that indicates a 65 * smack label is contained directly in the category set. 66 * It can be reset via smackfs/direct 67 */ 68 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 69 70 /* 71 * Unless a process is running with this label even 72 * having CAP_MAC_OVERRIDE isn't enough to grant 73 * privilege to violate MAC policy. If no label is 74 * designated (the NULL case) capabilities apply to 75 * everyone. It is expected that the hat (^) label 76 * will be used if any label is used. 77 */ 78 char *smack_onlycap; 79 80 /* 81 * Certain IP addresses may be designated as single label hosts. 82 * Packets are sent there unlabeled, but only from tasks that 83 * can write to the specified label. 84 */ 85 86 LIST_HEAD(smk_netlbladdr_list); 87 LIST_HEAD(smack_rule_list); 88 89 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 90 91 const char *smack_cipso_option = SMACK_CIPSO_OPTION; 92 93 94 #define SEQ_READ_FINISHED 1 95 96 /* 97 * Values for parsing cipso rules 98 * SMK_DIGITLEN: Length of a digit field in a rule. 99 * SMK_CIPSOMIN: Minimum possible cipso rule length. 100 * SMK_CIPSOMAX: Maximum possible cipso rule length. 101 */ 102 #define SMK_DIGITLEN 4 103 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 104 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 105 106 /* 107 * Values for parsing MAC rules 108 * SMK_ACCESS: Maximum possible combination of access permissions 109 * SMK_ACCESSLEN: Maximum length for a rule access field 110 * SMK_LOADLEN: Smack rule length 111 */ 112 #define SMK_ACCESS "rwxa" 113 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 114 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 115 116 /** 117 * smk_netlabel_audit_set - fill a netlbl_audit struct 118 * @nap: structure to fill 119 */ 120 static void smk_netlabel_audit_set(struct netlbl_audit *nap) 121 { 122 nap->loginuid = audit_get_loginuid(current); 123 nap->sessionid = audit_get_sessionid(current); 124 nap->secid = smack_to_secid(current_security()); 125 } 126 127 /* 128 * Values for parsing single label host rules 129 * "1.2.3.4 X" 130 * "192.168.138.129/32 abcdefghijklmnopqrstuvw" 131 */ 132 #define SMK_NETLBLADDRMIN 9 133 #define SMK_NETLBLADDRMAX 42 134 135 /* 136 * Seq_file read operations for /smack/load 137 */ 138 139 static void *load_seq_start(struct seq_file *s, loff_t *pos) 140 { 141 if (*pos == SEQ_READ_FINISHED) 142 return NULL; 143 if (list_empty(&smack_rule_list)) 144 return NULL; 145 return smack_rule_list.next; 146 } 147 148 static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) 149 { 150 struct list_head *list = v; 151 152 if (list_is_last(list, &smack_rule_list)) { 153 *pos = SEQ_READ_FINISHED; 154 return NULL; 155 } 156 return list->next; 157 } 158 159 static int load_seq_show(struct seq_file *s, void *v) 160 { 161 struct list_head *list = v; 162 struct smack_rule *srp = 163 list_entry(list, struct smack_rule, list); 164 165 seq_printf(s, "%s %s", (char *)srp->smk_subject, 166 (char *)srp->smk_object); 167 168 seq_putc(s, ' '); 169 170 if (srp->smk_access & MAY_READ) 171 seq_putc(s, 'r'); 172 if (srp->smk_access & MAY_WRITE) 173 seq_putc(s, 'w'); 174 if (srp->smk_access & MAY_EXEC) 175 seq_putc(s, 'x'); 176 if (srp->smk_access & MAY_APPEND) 177 seq_putc(s, 'a'); 178 if (srp->smk_access == 0) 179 seq_putc(s, '-'); 180 181 seq_putc(s, '\n'); 182 183 return 0; 184 } 185 186 static void load_seq_stop(struct seq_file *s, void *v) 187 { 188 /* No-op */ 189 } 190 191 static const struct seq_operations load_seq_ops = { 192 .start = load_seq_start, 193 .next = load_seq_next, 194 .show = load_seq_show, 195 .stop = load_seq_stop, 196 }; 197 198 /** 199 * smk_open_load - open() for /smack/load 200 * @inode: inode structure representing file 201 * @file: "load" file pointer 202 * 203 * For reading, use load_seq_* seq_file reading operations. 204 */ 205 static int smk_open_load(struct inode *inode, struct file *file) 206 { 207 return seq_open(file, &load_seq_ops); 208 } 209 210 /** 211 * smk_set_access - add a rule to the rule list 212 * @srp: the new rule to add 213 * 214 * Looks through the current subject/object/access list for 215 * the subject/object pair and replaces the access that was 216 * there. If the pair isn't found add it with the specified 217 * access. 218 * 219 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 220 * during the allocation of the new pair to add. 221 */ 222 static int smk_set_access(struct smack_rule *srp) 223 { 224 struct smack_rule *sp; 225 int ret = 0; 226 int found; 227 mutex_lock(&smack_list_lock); 228 229 found = 0; 230 list_for_each_entry_rcu(sp, &smack_rule_list, list) { 231 if (sp->smk_subject == srp->smk_subject && 232 sp->smk_object == srp->smk_object) { 233 found = 1; 234 sp->smk_access = srp->smk_access; 235 break; 236 } 237 } 238 if (found == 0) 239 list_add_rcu(&srp->list, &smack_rule_list); 240 241 mutex_unlock(&smack_list_lock); 242 243 return ret; 244 } 245 246 /** 247 * smk_write_load - write() for /smack/load 248 * @file: file pointer, not actually used 249 * @buf: where to get the data from 250 * @count: bytes sent 251 * @ppos: where to start - must be 0 252 * 253 * Get one smack access rule from above. 254 * The format is exactly: 255 * char subject[SMK_LABELLEN] 256 * char object[SMK_LABELLEN] 257 * char access[SMK_ACCESSLEN] 258 * 259 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. 260 */ 261 static ssize_t smk_write_load(struct file *file, const char __user *buf, 262 size_t count, loff_t *ppos) 263 { 264 struct smack_rule *rule; 265 char *data; 266 int rc = -EINVAL; 267 268 /* 269 * Must have privilege. 270 * No partial writes. 271 * Enough data must be present. 272 */ 273 if (!capable(CAP_MAC_ADMIN)) 274 return -EPERM; 275 276 if (*ppos != 0 || count != SMK_LOADLEN) 277 return -EINVAL; 278 279 data = kzalloc(count, GFP_KERNEL); 280 if (data == NULL) 281 return -ENOMEM; 282 283 if (copy_from_user(data, buf, count) != 0) { 284 rc = -EFAULT; 285 goto out; 286 } 287 288 rule = kzalloc(sizeof(*rule), GFP_KERNEL); 289 if (rule == NULL) { 290 rc = -ENOMEM; 291 goto out; 292 } 293 294 rule->smk_subject = smk_import(data, 0); 295 if (rule->smk_subject == NULL) 296 goto out_free_rule; 297 298 rule->smk_object = smk_import(data + SMK_LABELLEN, 0); 299 if (rule->smk_object == NULL) 300 goto out_free_rule; 301 302 rule->smk_access = 0; 303 304 switch (data[SMK_LABELLEN + SMK_LABELLEN]) { 305 case '-': 306 break; 307 case 'r': 308 case 'R': 309 rule->smk_access |= MAY_READ; 310 break; 311 default: 312 goto out_free_rule; 313 } 314 315 switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) { 316 case '-': 317 break; 318 case 'w': 319 case 'W': 320 rule->smk_access |= MAY_WRITE; 321 break; 322 default: 323 goto out_free_rule; 324 } 325 326 switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) { 327 case '-': 328 break; 329 case 'x': 330 case 'X': 331 rule->smk_access |= MAY_EXEC; 332 break; 333 default: 334 goto out_free_rule; 335 } 336 337 switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) { 338 case '-': 339 break; 340 case 'a': 341 case 'A': 342 rule->smk_access |= MAY_APPEND; 343 break; 344 default: 345 goto out_free_rule; 346 } 347 348 rc = smk_set_access(rule); 349 350 if (!rc) 351 rc = count; 352 goto out; 353 354 out_free_rule: 355 kfree(rule); 356 out: 357 kfree(data); 358 return rc; 359 } 360 361 static const struct file_operations smk_load_ops = { 362 .open = smk_open_load, 363 .read = seq_read, 364 .llseek = seq_lseek, 365 .write = smk_write_load, 366 .release = seq_release, 367 }; 368 369 /** 370 * smk_cipso_doi - initialize the CIPSO domain 371 */ 372 static void smk_cipso_doi(void) 373 { 374 int rc; 375 struct cipso_v4_doi *doip; 376 struct netlbl_audit nai; 377 378 smk_netlabel_audit_set(&nai); 379 380 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); 381 if (rc != 0) 382 printk(KERN_WARNING "%s:%d remove rc = %d\n", 383 __func__, __LINE__, rc); 384 385 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 386 if (doip == NULL) 387 panic("smack: Failed to initialize cipso DOI.\n"); 388 doip->map.std = NULL; 389 doip->doi = smk_cipso_doi_value; 390 doip->type = CIPSO_V4_MAP_PASS; 391 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 392 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 393 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 394 395 rc = netlbl_cfg_cipsov4_add(doip, &nai); 396 if (rc != 0) { 397 printk(KERN_WARNING "%s:%d cipso add rc = %d\n", 398 __func__, __LINE__, rc); 399 kfree(doip); 400 return; 401 } 402 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); 403 if (rc != 0) { 404 printk(KERN_WARNING "%s:%d map add rc = %d\n", 405 __func__, __LINE__, rc); 406 kfree(doip); 407 return; 408 } 409 } 410 411 /** 412 * smk_unlbl_ambient - initialize the unlabeled domain 413 * @oldambient: previous domain string 414 */ 415 static void smk_unlbl_ambient(char *oldambient) 416 { 417 int rc; 418 struct netlbl_audit nai; 419 420 smk_netlabel_audit_set(&nai); 421 422 if (oldambient != NULL) { 423 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); 424 if (rc != 0) 425 printk(KERN_WARNING "%s:%d remove rc = %d\n", 426 __func__, __LINE__, rc); 427 } 428 429 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient, PF_INET, 430 NULL, NULL, &nai); 431 if (rc != 0) 432 printk(KERN_WARNING "%s:%d add rc = %d\n", 433 __func__, __LINE__, rc); 434 } 435 436 /* 437 * Seq_file read operations for /smack/cipso 438 */ 439 440 static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 441 { 442 if (*pos == SEQ_READ_FINISHED) 443 return NULL; 444 if (list_empty(&smack_known_list)) 445 return NULL; 446 447 return smack_known_list.next; 448 } 449 450 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 451 { 452 struct list_head *list = v; 453 454 /* 455 * labels with no associated cipso value wont be printed 456 * in cipso_seq_show 457 */ 458 if (list_is_last(list, &smack_known_list)) { 459 *pos = SEQ_READ_FINISHED; 460 return NULL; 461 } 462 463 return list->next; 464 } 465 466 /* 467 * Print cipso labels in format: 468 * label level[/cat[,cat]] 469 */ 470 static int cipso_seq_show(struct seq_file *s, void *v) 471 { 472 struct list_head *list = v; 473 struct smack_known *skp = 474 list_entry(list, struct smack_known, list); 475 struct smack_cipso *scp = skp->smk_cipso; 476 char *cbp; 477 char sep = '/'; 478 int cat = 1; 479 int i; 480 unsigned char m; 481 482 if (scp == NULL) 483 return 0; 484 485 seq_printf(s, "%s %3d", (char *)&skp->smk_known, scp->smk_level); 486 487 cbp = scp->smk_catset; 488 for (i = 0; i < SMK_LABELLEN; i++) 489 for (m = 0x80; m != 0; m >>= 1) { 490 if (m & cbp[i]) { 491 seq_printf(s, "%c%d", sep, cat); 492 sep = ','; 493 } 494 cat++; 495 } 496 497 seq_putc(s, '\n'); 498 499 return 0; 500 } 501 502 static void cipso_seq_stop(struct seq_file *s, void *v) 503 { 504 /* No-op */ 505 } 506 507 static const struct seq_operations cipso_seq_ops = { 508 .start = cipso_seq_start, 509 .stop = cipso_seq_stop, 510 .next = cipso_seq_next, 511 .show = cipso_seq_show, 512 }; 513 514 /** 515 * smk_open_cipso - open() for /smack/cipso 516 * @inode: inode structure representing file 517 * @file: "cipso" file pointer 518 * 519 * Connect our cipso_seq_* operations with /smack/cipso 520 * file_operations 521 */ 522 static int smk_open_cipso(struct inode *inode, struct file *file) 523 { 524 return seq_open(file, &cipso_seq_ops); 525 } 526 527 /** 528 * smk_write_cipso - write() for /smack/cipso 529 * @file: file pointer, not actually used 530 * @buf: where to get the data from 531 * @count: bytes sent 532 * @ppos: where to start 533 * 534 * Accepts only one cipso rule per write call. 535 * Returns number of bytes written or error code, as appropriate 536 */ 537 static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 538 size_t count, loff_t *ppos) 539 { 540 struct smack_known *skp; 541 struct smack_cipso *scp = NULL; 542 char mapcatset[SMK_LABELLEN]; 543 int maplevel; 544 int cat; 545 int catlen; 546 ssize_t rc = -EINVAL; 547 char *data = NULL; 548 char *rule; 549 int ret; 550 int i; 551 552 /* 553 * Must have privilege. 554 * No partial writes. 555 * Enough data must be present. 556 */ 557 if (!capable(CAP_MAC_ADMIN)) 558 return -EPERM; 559 if (*ppos != 0) 560 return -EINVAL; 561 if (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX) 562 return -EINVAL; 563 564 data = kzalloc(count + 1, GFP_KERNEL); 565 if (data == NULL) 566 return -ENOMEM; 567 568 if (copy_from_user(data, buf, count) != 0) { 569 rc = -EFAULT; 570 goto unlockedout; 571 } 572 573 /* labels cannot begin with a '-' */ 574 if (data[0] == '-') { 575 rc = -EINVAL; 576 goto unlockedout; 577 } 578 data[count] = '\0'; 579 rule = data; 580 /* 581 * Only allow one writer at a time. Writes should be 582 * quite rare and small in any case. 583 */ 584 mutex_lock(&smack_cipso_lock); 585 586 skp = smk_import_entry(rule, 0); 587 if (skp == NULL) 588 goto out; 589 590 rule += SMK_LABELLEN; 591 ret = sscanf(rule, "%d", &maplevel); 592 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 593 goto out; 594 595 rule += SMK_DIGITLEN; 596 ret = sscanf(rule, "%d", &catlen); 597 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 598 goto out; 599 600 if (count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 601 goto out; 602 603 memset(mapcatset, 0, sizeof(mapcatset)); 604 605 for (i = 0; i < catlen; i++) { 606 rule += SMK_DIGITLEN; 607 ret = sscanf(rule, "%d", &cat); 608 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL) 609 goto out; 610 611 smack_catset_bit(cat, mapcatset); 612 } 613 614 if (skp->smk_cipso == NULL) { 615 scp = kzalloc(sizeof(struct smack_cipso), GFP_KERNEL); 616 if (scp == NULL) { 617 rc = -ENOMEM; 618 goto out; 619 } 620 } 621 622 spin_lock_bh(&skp->smk_cipsolock); 623 624 if (scp == NULL) 625 scp = skp->smk_cipso; 626 else 627 skp->smk_cipso = scp; 628 629 scp->smk_level = maplevel; 630 memcpy(scp->smk_catset, mapcatset, sizeof(mapcatset)); 631 632 spin_unlock_bh(&skp->smk_cipsolock); 633 634 rc = count; 635 out: 636 mutex_unlock(&smack_cipso_lock); 637 unlockedout: 638 kfree(data); 639 return rc; 640 } 641 642 static const struct file_operations smk_cipso_ops = { 643 .open = smk_open_cipso, 644 .read = seq_read, 645 .llseek = seq_lseek, 646 .write = smk_write_cipso, 647 .release = seq_release, 648 }; 649 650 /* 651 * Seq_file read operations for /smack/netlabel 652 */ 653 654 static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos) 655 { 656 if (*pos == SEQ_READ_FINISHED) 657 return NULL; 658 if (list_empty(&smk_netlbladdr_list)) 659 return NULL; 660 return smk_netlbladdr_list.next; 661 } 662 663 static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos) 664 { 665 struct list_head *list = v; 666 667 if (list_is_last(list, &smk_netlbladdr_list)) { 668 *pos = SEQ_READ_FINISHED; 669 return NULL; 670 } 671 672 return list->next; 673 } 674 #define BEBITS (sizeof(__be32) * 8) 675 676 /* 677 * Print host/label pairs 678 */ 679 static int netlbladdr_seq_show(struct seq_file *s, void *v) 680 { 681 struct list_head *list = v; 682 struct smk_netlbladdr *skp = 683 list_entry(list, struct smk_netlbladdr, list); 684 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr; 685 int maskn; 686 u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr); 687 688 for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++); 689 690 seq_printf(s, "%u.%u.%u.%u/%d %s\n", 691 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label); 692 693 return 0; 694 } 695 696 static void netlbladdr_seq_stop(struct seq_file *s, void *v) 697 { 698 /* No-op */ 699 } 700 701 static const struct seq_operations netlbladdr_seq_ops = { 702 .start = netlbladdr_seq_start, 703 .stop = netlbladdr_seq_stop, 704 .next = netlbladdr_seq_next, 705 .show = netlbladdr_seq_show, 706 }; 707 708 /** 709 * smk_open_netlbladdr - open() for /smack/netlabel 710 * @inode: inode structure representing file 711 * @file: "netlabel" file pointer 712 * 713 * Connect our netlbladdr_seq_* operations with /smack/netlabel 714 * file_operations 715 */ 716 static int smk_open_netlbladdr(struct inode *inode, struct file *file) 717 { 718 return seq_open(file, &netlbladdr_seq_ops); 719 } 720 721 /** 722 * smk_netlbladdr_insert 723 * @new : netlabel to insert 724 * 725 * This helper insert netlabel in the smack_netlbladdrs list 726 * sorted by netmask length (longest to smallest) 727 * locked by &smk_netlbladdr_lock in smk_write_netlbladdr 728 * 729 */ 730 static void smk_netlbladdr_insert(struct smk_netlbladdr *new) 731 { 732 struct smk_netlbladdr *m, *m_next; 733 734 if (list_empty(&smk_netlbladdr_list)) { 735 list_add_rcu(&new->list, &smk_netlbladdr_list); 736 return; 737 } 738 739 m = list_entry_rcu(smk_netlbladdr_list.next, 740 struct smk_netlbladdr, list); 741 742 /* the comparison '>' is a bit hacky, but works */ 743 if (new->smk_mask.s_addr > m->smk_mask.s_addr) { 744 list_add_rcu(&new->list, &smk_netlbladdr_list); 745 return; 746 } 747 748 list_for_each_entry_rcu(m, &smk_netlbladdr_list, list) { 749 if (list_is_last(&m->list, &smk_netlbladdr_list)) { 750 list_add_rcu(&new->list, &m->list); 751 return; 752 } 753 m_next = list_entry_rcu(m->list.next, 754 struct smk_netlbladdr, list); 755 if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) { 756 list_add_rcu(&new->list, &m->list); 757 return; 758 } 759 } 760 } 761 762 763 /** 764 * smk_write_netlbladdr - write() for /smack/netlabel 765 * @file: file pointer, not actually used 766 * @buf: where to get the data from 767 * @count: bytes sent 768 * @ppos: where to start 769 * 770 * Accepts only one netlbladdr per write call. 771 * Returns number of bytes written or error code, as appropriate 772 */ 773 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf, 774 size_t count, loff_t *ppos) 775 { 776 struct smk_netlbladdr *skp; 777 struct sockaddr_in newname; 778 char smack[SMK_LABELLEN]; 779 char *sp; 780 char data[SMK_NETLBLADDRMAX + 1]; 781 char *host = (char *)&newname.sin_addr.s_addr; 782 int rc; 783 struct netlbl_audit audit_info; 784 struct in_addr mask; 785 unsigned int m; 786 int found; 787 u32 mask_bits = (1<<31); 788 __be32 nsa; 789 u32 temp_mask; 790 791 /* 792 * Must have privilege. 793 * No partial writes. 794 * Enough data must be present. 795 * "<addr/mask, as a.b.c.d/e><space><label>" 796 * "<addr, as a.b.c.d><space><label>" 797 */ 798 if (!capable(CAP_MAC_ADMIN)) 799 return -EPERM; 800 if (*ppos != 0) 801 return -EINVAL; 802 if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX) 803 return -EINVAL; 804 if (copy_from_user(data, buf, count) != 0) 805 return -EFAULT; 806 807 data[count] = '\0'; 808 809 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%d %s", 810 &host[0], &host[1], &host[2], &host[3], &m, smack); 811 if (rc != 6) { 812 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s", 813 &host[0], &host[1], &host[2], &host[3], smack); 814 if (rc != 5) 815 return -EINVAL; 816 m = BEBITS; 817 } 818 if (m > BEBITS) 819 return -EINVAL; 820 821 /* if smack begins with '-', its an option, don't import it */ 822 if (smack[0] != '-') { 823 sp = smk_import(smack, 0); 824 if (sp == NULL) 825 return -EINVAL; 826 } else { 827 /* check known options */ 828 if (strcmp(smack, smack_cipso_option) == 0) 829 sp = (char *)smack_cipso_option; 830 else 831 return -EINVAL; 832 } 833 834 for (temp_mask = 0; m > 0; m--) { 835 temp_mask |= mask_bits; 836 mask_bits >>= 1; 837 } 838 mask.s_addr = cpu_to_be32(temp_mask); 839 840 newname.sin_addr.s_addr &= mask.s_addr; 841 /* 842 * Only allow one writer at a time. Writes should be 843 * quite rare and small in any case. 844 */ 845 mutex_lock(&smk_netlbladdr_lock); 846 847 nsa = newname.sin_addr.s_addr; 848 /* try to find if the prefix is already in the list */ 849 found = 0; 850 list_for_each_entry_rcu(skp, &smk_netlbladdr_list, list) { 851 if (skp->smk_host.sin_addr.s_addr == nsa && 852 skp->smk_mask.s_addr == mask.s_addr) { 853 found = 1; 854 break; 855 } 856 } 857 smk_netlabel_audit_set(&audit_info); 858 859 if (found == 0) { 860 skp = kzalloc(sizeof(*skp), GFP_KERNEL); 861 if (skp == NULL) 862 rc = -ENOMEM; 863 else { 864 rc = 0; 865 skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr; 866 skp->smk_mask.s_addr = mask.s_addr; 867 skp->smk_label = sp; 868 smk_netlbladdr_insert(skp); 869 } 870 } else { 871 /* we delete the unlabeled entry, only if the previous label 872 * wasnt the special CIPSO option */ 873 if (skp->smk_label != smack_cipso_option) 874 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL, 875 &skp->smk_host.sin_addr, &skp->smk_mask, 876 PF_INET, &audit_info); 877 else 878 rc = 0; 879 skp->smk_label = sp; 880 } 881 882 /* 883 * Now tell netlabel about the single label nature of 884 * this host so that incoming packets get labeled. 885 * but only if we didn't get the special CIPSO option 886 */ 887 if (rc == 0 && sp != smack_cipso_option) 888 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, 889 &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET, 890 smack_to_secid(skp->smk_label), &audit_info); 891 892 if (rc == 0) 893 rc = count; 894 895 mutex_unlock(&smk_netlbladdr_lock); 896 897 return rc; 898 } 899 900 static const struct file_operations smk_netlbladdr_ops = { 901 .open = smk_open_netlbladdr, 902 .read = seq_read, 903 .llseek = seq_lseek, 904 .write = smk_write_netlbladdr, 905 .release = seq_release, 906 }; 907 908 /** 909 * smk_read_doi - read() for /smack/doi 910 * @filp: file pointer, not actually used 911 * @buf: where to put the result 912 * @count: maximum to send along 913 * @ppos: where to start 914 * 915 * Returns number of bytes read or error code, as appropriate 916 */ 917 static ssize_t smk_read_doi(struct file *filp, char __user *buf, 918 size_t count, loff_t *ppos) 919 { 920 char temp[80]; 921 ssize_t rc; 922 923 if (*ppos != 0) 924 return 0; 925 926 sprintf(temp, "%d", smk_cipso_doi_value); 927 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 928 929 return rc; 930 } 931 932 /** 933 * smk_write_doi - write() for /smack/doi 934 * @file: file pointer, not actually used 935 * @buf: where to get the data from 936 * @count: bytes sent 937 * @ppos: where to start 938 * 939 * Returns number of bytes written or error code, as appropriate 940 */ 941 static ssize_t smk_write_doi(struct file *file, const char __user *buf, 942 size_t count, loff_t *ppos) 943 { 944 char temp[80]; 945 int i; 946 947 if (!capable(CAP_MAC_ADMIN)) 948 return -EPERM; 949 950 if (count >= sizeof(temp) || count == 0) 951 return -EINVAL; 952 953 if (copy_from_user(temp, buf, count) != 0) 954 return -EFAULT; 955 956 temp[count] = '\0'; 957 958 if (sscanf(temp, "%d", &i) != 1) 959 return -EINVAL; 960 961 smk_cipso_doi_value = i; 962 963 smk_cipso_doi(); 964 965 return count; 966 } 967 968 static const struct file_operations smk_doi_ops = { 969 .read = smk_read_doi, 970 .write = smk_write_doi, 971 .llseek = default_llseek, 972 }; 973 974 /** 975 * smk_read_direct - read() for /smack/direct 976 * @filp: file pointer, not actually used 977 * @buf: where to put the result 978 * @count: maximum to send along 979 * @ppos: where to start 980 * 981 * Returns number of bytes read or error code, as appropriate 982 */ 983 static ssize_t smk_read_direct(struct file *filp, char __user *buf, 984 size_t count, loff_t *ppos) 985 { 986 char temp[80]; 987 ssize_t rc; 988 989 if (*ppos != 0) 990 return 0; 991 992 sprintf(temp, "%d", smack_cipso_direct); 993 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 994 995 return rc; 996 } 997 998 /** 999 * smk_write_direct - write() for /smack/direct 1000 * @file: file pointer, not actually used 1001 * @buf: where to get the data from 1002 * @count: bytes sent 1003 * @ppos: where to start 1004 * 1005 * Returns number of bytes written or error code, as appropriate 1006 */ 1007 static ssize_t smk_write_direct(struct file *file, const char __user *buf, 1008 size_t count, loff_t *ppos) 1009 { 1010 char temp[80]; 1011 int i; 1012 1013 if (!capable(CAP_MAC_ADMIN)) 1014 return -EPERM; 1015 1016 if (count >= sizeof(temp) || count == 0) 1017 return -EINVAL; 1018 1019 if (copy_from_user(temp, buf, count) != 0) 1020 return -EFAULT; 1021 1022 temp[count] = '\0'; 1023 1024 if (sscanf(temp, "%d", &i) != 1) 1025 return -EINVAL; 1026 1027 smack_cipso_direct = i; 1028 1029 return count; 1030 } 1031 1032 static const struct file_operations smk_direct_ops = { 1033 .read = smk_read_direct, 1034 .write = smk_write_direct, 1035 .llseek = default_llseek, 1036 }; 1037 1038 /** 1039 * smk_read_ambient - read() for /smack/ambient 1040 * @filp: file pointer, not actually used 1041 * @buf: where to put the result 1042 * @cn: maximum to send along 1043 * @ppos: where to start 1044 * 1045 * Returns number of bytes read or error code, as appropriate 1046 */ 1047 static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 1048 size_t cn, loff_t *ppos) 1049 { 1050 ssize_t rc; 1051 int asize; 1052 1053 if (*ppos != 0) 1054 return 0; 1055 /* 1056 * Being careful to avoid a problem in the case where 1057 * smack_net_ambient gets changed in midstream. 1058 */ 1059 mutex_lock(&smack_ambient_lock); 1060 1061 asize = strlen(smack_net_ambient) + 1; 1062 1063 if (cn >= asize) 1064 rc = simple_read_from_buffer(buf, cn, ppos, 1065 smack_net_ambient, asize); 1066 else 1067 rc = -EINVAL; 1068 1069 mutex_unlock(&smack_ambient_lock); 1070 1071 return rc; 1072 } 1073 1074 /** 1075 * smk_write_ambient - write() for /smack/ambient 1076 * @file: file pointer, not actually used 1077 * @buf: where to get the data from 1078 * @count: bytes sent 1079 * @ppos: where to start 1080 * 1081 * Returns number of bytes written or error code, as appropriate 1082 */ 1083 static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 1084 size_t count, loff_t *ppos) 1085 { 1086 char in[SMK_LABELLEN]; 1087 char *oldambient; 1088 char *smack; 1089 1090 if (!capable(CAP_MAC_ADMIN)) 1091 return -EPERM; 1092 1093 if (count >= SMK_LABELLEN) 1094 return -EINVAL; 1095 1096 if (copy_from_user(in, buf, count) != 0) 1097 return -EFAULT; 1098 1099 smack = smk_import(in, count); 1100 if (smack == NULL) 1101 return -EINVAL; 1102 1103 mutex_lock(&smack_ambient_lock); 1104 1105 oldambient = smack_net_ambient; 1106 smack_net_ambient = smack; 1107 smk_unlbl_ambient(oldambient); 1108 1109 mutex_unlock(&smack_ambient_lock); 1110 1111 return count; 1112 } 1113 1114 static const struct file_operations smk_ambient_ops = { 1115 .read = smk_read_ambient, 1116 .write = smk_write_ambient, 1117 .llseek = default_llseek, 1118 }; 1119 1120 /** 1121 * smk_read_onlycap - read() for /smack/onlycap 1122 * @filp: file pointer, not actually used 1123 * @buf: where to put the result 1124 * @cn: maximum to send along 1125 * @ppos: where to start 1126 * 1127 * Returns number of bytes read or error code, as appropriate 1128 */ 1129 static ssize_t smk_read_onlycap(struct file *filp, char __user *buf, 1130 size_t cn, loff_t *ppos) 1131 { 1132 char *smack = ""; 1133 ssize_t rc = -EINVAL; 1134 int asize; 1135 1136 if (*ppos != 0) 1137 return 0; 1138 1139 if (smack_onlycap != NULL) 1140 smack = smack_onlycap; 1141 1142 asize = strlen(smack) + 1; 1143 1144 if (cn >= asize) 1145 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 1146 1147 return rc; 1148 } 1149 1150 /** 1151 * smk_write_onlycap - write() for /smack/onlycap 1152 * @file: file pointer, not actually used 1153 * @buf: where to get the data from 1154 * @count: bytes sent 1155 * @ppos: where to start 1156 * 1157 * Returns number of bytes written or error code, as appropriate 1158 */ 1159 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 1160 size_t count, loff_t *ppos) 1161 { 1162 char in[SMK_LABELLEN]; 1163 char *sp = current->cred->security; 1164 1165 if (!capable(CAP_MAC_ADMIN)) 1166 return -EPERM; 1167 1168 /* 1169 * This can be done using smk_access() but is done 1170 * explicitly for clarity. The smk_access() implementation 1171 * would use smk_access(smack_onlycap, MAY_WRITE) 1172 */ 1173 if (smack_onlycap != NULL && smack_onlycap != sp) 1174 return -EPERM; 1175 1176 if (count >= SMK_LABELLEN) 1177 return -EINVAL; 1178 1179 if (copy_from_user(in, buf, count) != 0) 1180 return -EFAULT; 1181 1182 /* 1183 * Should the null string be passed in unset the onlycap value. 1184 * This seems like something to be careful with as usually 1185 * smk_import only expects to return NULL for errors. It 1186 * is usually the case that a nullstring or "\n" would be 1187 * bad to pass to smk_import but in fact this is useful here. 1188 */ 1189 smack_onlycap = smk_import(in, count); 1190 1191 return count; 1192 } 1193 1194 static const struct file_operations smk_onlycap_ops = { 1195 .read = smk_read_onlycap, 1196 .write = smk_write_onlycap, 1197 .llseek = default_llseek, 1198 }; 1199 1200 /** 1201 * smk_read_logging - read() for /smack/logging 1202 * @filp: file pointer, not actually used 1203 * @buf: where to put the result 1204 * @cn: maximum to send along 1205 * @ppos: where to start 1206 * 1207 * Returns number of bytes read or error code, as appropriate 1208 */ 1209 static ssize_t smk_read_logging(struct file *filp, char __user *buf, 1210 size_t count, loff_t *ppos) 1211 { 1212 char temp[32]; 1213 ssize_t rc; 1214 1215 if (*ppos != 0) 1216 return 0; 1217 1218 sprintf(temp, "%d\n", log_policy); 1219 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1220 return rc; 1221 } 1222 1223 /** 1224 * smk_write_logging - write() for /smack/logging 1225 * @file: file pointer, not actually used 1226 * @buf: where to get the data from 1227 * @count: bytes sent 1228 * @ppos: where to start 1229 * 1230 * Returns number of bytes written or error code, as appropriate 1231 */ 1232 static ssize_t smk_write_logging(struct file *file, const char __user *buf, 1233 size_t count, loff_t *ppos) 1234 { 1235 char temp[32]; 1236 int i; 1237 1238 if (!capable(CAP_MAC_ADMIN)) 1239 return -EPERM; 1240 1241 if (count >= sizeof(temp) || count == 0) 1242 return -EINVAL; 1243 1244 if (copy_from_user(temp, buf, count) != 0) 1245 return -EFAULT; 1246 1247 temp[count] = '\0'; 1248 1249 if (sscanf(temp, "%d", &i) != 1) 1250 return -EINVAL; 1251 if (i < 0 || i > 3) 1252 return -EINVAL; 1253 log_policy = i; 1254 return count; 1255 } 1256 1257 1258 1259 static const struct file_operations smk_logging_ops = { 1260 .read = smk_read_logging, 1261 .write = smk_write_logging, 1262 .llseek = default_llseek, 1263 }; 1264 /** 1265 * smk_fill_super - fill the /smackfs superblock 1266 * @sb: the empty superblock 1267 * @data: unused 1268 * @silent: unused 1269 * 1270 * Fill in the well known entries for /smack 1271 * 1272 * Returns 0 on success, an error code on failure 1273 */ 1274 static int smk_fill_super(struct super_block *sb, void *data, int silent) 1275 { 1276 int rc; 1277 struct inode *root_inode; 1278 1279 static struct tree_descr smack_files[] = { 1280 [SMK_LOAD] = 1281 {"load", &smk_load_ops, S_IRUGO|S_IWUSR}, 1282 [SMK_CIPSO] = 1283 {"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 1284 [SMK_DOI] = 1285 {"doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 1286 [SMK_DIRECT] = 1287 {"direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 1288 [SMK_AMBIENT] = 1289 {"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 1290 [SMK_NETLBLADDR] = 1291 {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, 1292 [SMK_ONLYCAP] = 1293 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 1294 [SMK_LOGGING] = 1295 {"logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, 1296 /* last one */ {""} 1297 }; 1298 1299 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 1300 if (rc != 0) { 1301 printk(KERN_ERR "%s failed %d while creating inodes\n", 1302 __func__, rc); 1303 return rc; 1304 } 1305 1306 root_inode = sb->s_root->d_inode; 1307 root_inode->i_security = new_inode_smack(smack_known_floor.smk_known); 1308 1309 return 0; 1310 } 1311 1312 /** 1313 * smk_mount - get the smackfs superblock 1314 * @fs_type: passed along without comment 1315 * @flags: passed along without comment 1316 * @dev_name: passed along without comment 1317 * @data: passed along without comment 1318 * 1319 * Just passes everything along. 1320 * 1321 * Returns what the lower level code does. 1322 */ 1323 static struct dentry *smk_mount(struct file_system_type *fs_type, 1324 int flags, const char *dev_name, void *data) 1325 { 1326 return mount_single(fs_type, flags, data, smk_fill_super); 1327 } 1328 1329 static struct file_system_type smk_fs_type = { 1330 .name = "smackfs", 1331 .mount = smk_mount, 1332 .kill_sb = kill_litter_super, 1333 }; 1334 1335 static struct vfsmount *smackfs_mount; 1336 1337 /** 1338 * init_smk_fs - get the smackfs superblock 1339 * 1340 * register the smackfs 1341 * 1342 * Do not register smackfs if Smack wasn't enabled 1343 * on boot. We can not put this method normally under the 1344 * smack_init() code path since the security subsystem get 1345 * initialized before the vfs caches. 1346 * 1347 * Returns true if we were not chosen on boot or if 1348 * we were chosen and filesystem registration succeeded. 1349 */ 1350 static int __init init_smk_fs(void) 1351 { 1352 int err; 1353 1354 if (!security_module_enable(&smack_ops)) 1355 return 0; 1356 1357 err = register_filesystem(&smk_fs_type); 1358 if (!err) { 1359 smackfs_mount = kern_mount(&smk_fs_type); 1360 if (IS_ERR(smackfs_mount)) { 1361 printk(KERN_ERR "smackfs: could not mount!\n"); 1362 err = PTR_ERR(smackfs_mount); 1363 smackfs_mount = NULL; 1364 } 1365 } 1366 1367 smk_cipso_doi(); 1368 smk_unlbl_ambient(NULL); 1369 1370 return err; 1371 } 1372 1373 __initcall(init_smk_fs); 1374