1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/vmalloc.h> 21 #include <linux/security.h> 22 #include <linux/mutex.h> 23 #include <linux/slab.h> 24 #include <net/net_namespace.h> 25 #include <net/cipso_ipv4.h> 26 #include <linux/seq_file.h> 27 #include <linux/ctype.h> 28 #include <linux/audit.h> 29 #include <linux/magic.h> 30 #include "smack.h" 31 32 #define BEBITS (sizeof(__be32) * 8) 33 /* 34 * smackfs pseudo filesystem. 35 */ 36 37 enum smk_inos { 38 SMK_ROOT_INO = 2, 39 SMK_LOAD = 3, /* load policy */ 40 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 41 SMK_DOI = 5, /* CIPSO DOI */ 42 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 43 SMK_AMBIENT = 7, /* internet ambient label */ 44 SMK_NET4ADDR = 8, /* single label hosts */ 45 SMK_ONLYCAP = 9, /* the only "capable" label */ 46 SMK_LOGGING = 10, /* logging */ 47 SMK_LOAD_SELF = 11, /* task specific rules */ 48 SMK_ACCESSES = 12, /* access policy */ 49 SMK_MAPPED = 13, /* CIPSO level indicating mapped label */ 50 SMK_LOAD2 = 14, /* load policy with long labels */ 51 SMK_LOAD_SELF2 = 15, /* load task specific rules with long labels */ 52 SMK_ACCESS2 = 16, /* make an access check with long labels */ 53 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */ 54 SMK_REVOKE_SUBJ = 18, /* set rules with subject label to '-' */ 55 SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */ 56 SMK_SYSLOG = 20, /* change syslog label) */ 57 SMK_PTRACE = 21, /* set ptrace rule */ 58 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 59 SMK_UNCONFINED = 22, /* define an unconfined label */ 60 #endif 61 #if IS_ENABLED(CONFIG_IPV6) 62 SMK_NET6ADDR = 23, /* single label IPv6 hosts */ 63 #endif /* CONFIG_IPV6 */ 64 }; 65 66 /* 67 * List locks 68 */ 69 static DEFINE_MUTEX(smack_cipso_lock); 70 static DEFINE_MUTEX(smack_ambient_lock); 71 static DEFINE_MUTEX(smk_net4addr_lock); 72 #if IS_ENABLED(CONFIG_IPV6) 73 static DEFINE_MUTEX(smk_net6addr_lock); 74 #endif /* CONFIG_IPV6 */ 75 76 /* 77 * This is the "ambient" label for network traffic. 78 * If it isn't somehow marked, use this. 79 * It can be reset via smackfs/ambient 80 */ 81 struct smack_known *smack_net_ambient; 82 83 /* 84 * This is the level in a CIPSO header that indicates a 85 * smack label is contained directly in the category set. 86 * It can be reset via smackfs/direct 87 */ 88 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 89 90 /* 91 * This is the level in a CIPSO header that indicates a 92 * secid is contained directly in the category set. 93 * It can be reset via smackfs/mapped 94 */ 95 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT; 96 97 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 98 /* 99 * Allow one label to be unconfined. This is for 100 * debugging and application bring-up purposes only. 101 * It is bad and wrong, but everyone seems to expect 102 * to have it. 103 */ 104 struct smack_known *smack_unconfined; 105 #endif 106 107 /* 108 * If this value is set restrict syslog use to the label specified. 109 * It can be reset via smackfs/syslog 110 */ 111 struct smack_known *smack_syslog_label; 112 113 /* 114 * Ptrace current rule 115 * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based) 116 * SMACK_PTRACE_EXACT labels must match, but can be overriden with 117 * CAP_SYS_PTRACE 118 * SMACK_PTRACE_DRACONIAN lables must match, CAP_SYS_PTRACE has no effect 119 */ 120 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT; 121 122 /* 123 * Certain IP addresses may be designated as single label hosts. 124 * Packets are sent there unlabeled, but only from tasks that 125 * can write to the specified label. 126 */ 127 128 LIST_HEAD(smk_net4addr_list); 129 #if IS_ENABLED(CONFIG_IPV6) 130 LIST_HEAD(smk_net6addr_list); 131 #endif /* CONFIG_IPV6 */ 132 133 /* 134 * Rule lists are maintained for each label. 135 * This master list is just for reading /smack/load and /smack/load2. 136 */ 137 struct smack_master_list { 138 struct list_head list; 139 struct smack_rule *smk_rule; 140 }; 141 142 static LIST_HEAD(smack_rule_list); 143 144 struct smack_parsed_rule { 145 struct smack_known *smk_subject; 146 struct smack_known *smk_object; 147 int smk_access1; 148 int smk_access2; 149 }; 150 151 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 152 153 /* 154 * Values for parsing cipso rules 155 * SMK_DIGITLEN: Length of a digit field in a rule. 156 * SMK_CIPSOMIN: Minimum possible cipso rule length. 157 * SMK_CIPSOMAX: Maximum possible cipso rule length. 158 */ 159 #define SMK_DIGITLEN 4 160 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 161 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 162 163 /* 164 * Values for parsing MAC rules 165 * SMK_ACCESS: Maximum possible combination of access permissions 166 * SMK_ACCESSLEN: Maximum length for a rule access field 167 * SMK_LOADLEN: Smack rule length 168 */ 169 #define SMK_OACCESS "rwxa" 170 #define SMK_ACCESS "rwxatl" 171 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1) 172 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 173 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN) 174 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 175 176 /* 177 * Stricly for CIPSO level manipulation. 178 * Set the category bit number in a smack label sized buffer. 179 */ 180 static inline void smack_catset_bit(unsigned int cat, char *catsetp) 181 { 182 if (cat == 0 || cat > (SMK_CIPSOLEN * 8)) 183 return; 184 185 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8); 186 } 187 188 /** 189 * smk_netlabel_audit_set - fill a netlbl_audit struct 190 * @nap: structure to fill 191 */ 192 static void smk_netlabel_audit_set(struct netlbl_audit *nap) 193 { 194 struct smack_known *skp = smk_of_current(); 195 196 nap->loginuid = audit_get_loginuid(current); 197 nap->sessionid = audit_get_sessionid(current); 198 nap->secid = skp->smk_secid; 199 } 200 201 /* 202 * Value for parsing single label host rules 203 * "1.2.3.4 X" 204 */ 205 #define SMK_NETLBLADDRMIN 9 206 207 /** 208 * smk_set_access - add a rule to the rule list or replace an old rule 209 * @srp: the rule to add or replace 210 * @rule_list: the list of rules 211 * @rule_lock: the rule list lock 212 * @global: if non-zero, indicates a global rule 213 * 214 * Looks through the current subject/object/access list for 215 * the subject/object pair and replaces the access that was 216 * there. If the pair isn't found add it with the specified 217 * access. 218 * 219 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 220 * during the allocation of the new pair to add. 221 */ 222 static int smk_set_access(struct smack_parsed_rule *srp, 223 struct list_head *rule_list, 224 struct mutex *rule_lock, int global) 225 { 226 struct smack_rule *sp; 227 struct smack_master_list *smlp; 228 int found = 0; 229 int rc = 0; 230 231 mutex_lock(rule_lock); 232 233 /* 234 * Because the object label is less likely to match 235 * than the subject label check it first 236 */ 237 list_for_each_entry_rcu(sp, rule_list, list) { 238 if (sp->smk_object == srp->smk_object && 239 sp->smk_subject == srp->smk_subject) { 240 found = 1; 241 sp->smk_access |= srp->smk_access1; 242 sp->smk_access &= ~srp->smk_access2; 243 break; 244 } 245 } 246 247 if (found == 0) { 248 sp = kzalloc(sizeof(*sp), GFP_KERNEL); 249 if (sp == NULL) { 250 rc = -ENOMEM; 251 goto out; 252 } 253 254 sp->smk_subject = srp->smk_subject; 255 sp->smk_object = srp->smk_object; 256 sp->smk_access = srp->smk_access1 & ~srp->smk_access2; 257 258 list_add_rcu(&sp->list, rule_list); 259 /* 260 * If this is a global as opposed to self and a new rule 261 * it needs to get added for reporting. 262 */ 263 if (global) { 264 smlp = kzalloc(sizeof(*smlp), GFP_KERNEL); 265 if (smlp != NULL) { 266 smlp->smk_rule = sp; 267 list_add_rcu(&smlp->list, &smack_rule_list); 268 } else 269 rc = -ENOMEM; 270 } 271 } 272 273 out: 274 mutex_unlock(rule_lock); 275 return rc; 276 } 277 278 /** 279 * smk_perm_from_str - parse smack accesses from a text string 280 * @string: a text string that contains a Smack accesses code 281 * 282 * Returns an integer with respective bits set for specified accesses. 283 */ 284 static int smk_perm_from_str(const char *string) 285 { 286 int perm = 0; 287 const char *cp; 288 289 for (cp = string; ; cp++) 290 switch (*cp) { 291 case '-': 292 break; 293 case 'r': 294 case 'R': 295 perm |= MAY_READ; 296 break; 297 case 'w': 298 case 'W': 299 perm |= MAY_WRITE; 300 break; 301 case 'x': 302 case 'X': 303 perm |= MAY_EXEC; 304 break; 305 case 'a': 306 case 'A': 307 perm |= MAY_APPEND; 308 break; 309 case 't': 310 case 'T': 311 perm |= MAY_TRANSMUTE; 312 break; 313 case 'l': 314 case 'L': 315 perm |= MAY_LOCK; 316 break; 317 case 'b': 318 case 'B': 319 perm |= MAY_BRINGUP; 320 break; 321 default: 322 return perm; 323 } 324 } 325 326 /** 327 * smk_fill_rule - Fill Smack rule from strings 328 * @subject: subject label string 329 * @object: object label string 330 * @access1: access string 331 * @access2: string with permissions to be removed 332 * @rule: Smack rule 333 * @import: if non-zero, import labels 334 * @len: label length limit 335 * 336 * Returns 0 on success, appropriate error code on failure. 337 */ 338 static int smk_fill_rule(const char *subject, const char *object, 339 const char *access1, const char *access2, 340 struct smack_parsed_rule *rule, int import, 341 int len) 342 { 343 const char *cp; 344 struct smack_known *skp; 345 346 if (import) { 347 rule->smk_subject = smk_import_entry(subject, len); 348 if (IS_ERR(rule->smk_subject)) 349 return PTR_ERR(rule->smk_subject); 350 351 rule->smk_object = smk_import_entry(object, len); 352 if (IS_ERR(rule->smk_object)) 353 return PTR_ERR(rule->smk_object); 354 } else { 355 cp = smk_parse_smack(subject, len); 356 if (IS_ERR(cp)) 357 return PTR_ERR(cp); 358 skp = smk_find_entry(cp); 359 kfree(cp); 360 if (skp == NULL) 361 return -ENOENT; 362 rule->smk_subject = skp; 363 364 cp = smk_parse_smack(object, len); 365 if (IS_ERR(cp)) 366 return PTR_ERR(cp); 367 skp = smk_find_entry(cp); 368 kfree(cp); 369 if (skp == NULL) 370 return -ENOENT; 371 rule->smk_object = skp; 372 } 373 374 rule->smk_access1 = smk_perm_from_str(access1); 375 if (access2) 376 rule->smk_access2 = smk_perm_from_str(access2); 377 else 378 rule->smk_access2 = ~rule->smk_access1; 379 380 return 0; 381 } 382 383 /** 384 * smk_parse_rule - parse Smack rule from load string 385 * @data: string to be parsed whose size is SMK_LOADLEN 386 * @rule: Smack rule 387 * @import: if non-zero, import labels 388 * 389 * Returns 0 on success, -1 on errors. 390 */ 391 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule, 392 int import) 393 { 394 int rc; 395 396 rc = smk_fill_rule(data, data + SMK_LABELLEN, 397 data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule, 398 import, SMK_LABELLEN); 399 return rc; 400 } 401 402 /** 403 * smk_parse_long_rule - parse Smack rule from rule string 404 * @data: string to be parsed, null terminated 405 * @rule: Will be filled with Smack parsed rule 406 * @import: if non-zero, import labels 407 * @tokens: numer of substrings expected in data 408 * 409 * Returns number of processed bytes on success, -ERRNO on failure. 410 */ 411 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule, 412 int import, int tokens) 413 { 414 ssize_t cnt = 0; 415 char *tok[4]; 416 int rc; 417 int i; 418 419 /* 420 * Parsing the rule in-place, filling all white-spaces with '\0' 421 */ 422 for (i = 0; i < tokens; ++i) { 423 while (isspace(data[cnt])) 424 data[cnt++] = '\0'; 425 426 if (data[cnt] == '\0') 427 /* Unexpected end of data */ 428 return -EINVAL; 429 430 tok[i] = data + cnt; 431 432 while (data[cnt] && !isspace(data[cnt])) 433 ++cnt; 434 } 435 while (isspace(data[cnt])) 436 data[cnt++] = '\0'; 437 438 while (i < 4) 439 tok[i++] = NULL; 440 441 rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0); 442 return rc == 0 ? cnt : rc; 443 } 444 445 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */ 446 #define SMK_LONG_FMT 1 /* Variable long label format */ 447 #define SMK_CHANGE_FMT 2 /* Rule modification format */ 448 /** 449 * smk_write_rules_list - write() for any /smack rule file 450 * @file: file pointer, not actually used 451 * @buf: where to get the data from 452 * @count: bytes sent 453 * @ppos: where to start - must be 0 454 * @rule_list: the list of rules to write to 455 * @rule_lock: lock for the rule list 456 * @format: /smack/load or /smack/load2 or /smack/change-rule format. 457 * 458 * Get one smack access rule from above. 459 * The format for SMK_LONG_FMT is: 460 * "subject<whitespace>object<whitespace>access[<whitespace>...]" 461 * The format for SMK_FIXED24_FMT is exactly: 462 * "subject object rwxat" 463 * The format for SMK_CHANGE_FMT is: 464 * "subject<whitespace>object<whitespace> 465 * acc_enable<whitespace>acc_disable[<whitespace>...]" 466 */ 467 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf, 468 size_t count, loff_t *ppos, 469 struct list_head *rule_list, 470 struct mutex *rule_lock, int format) 471 { 472 struct smack_parsed_rule rule; 473 char *data; 474 int rc; 475 int trunc = 0; 476 int tokens; 477 ssize_t cnt = 0; 478 479 /* 480 * No partial writes. 481 * Enough data must be present. 482 */ 483 if (*ppos != 0) 484 return -EINVAL; 485 486 if (format == SMK_FIXED24_FMT) { 487 /* 488 * Minor hack for backward compatibility 489 */ 490 if (count < SMK_OLOADLEN || count > SMK_LOADLEN) 491 return -EINVAL; 492 } else { 493 if (count >= PAGE_SIZE) { 494 count = PAGE_SIZE - 1; 495 trunc = 1; 496 } 497 } 498 499 data = kmalloc(count + 1, GFP_KERNEL); 500 if (data == NULL) 501 return -ENOMEM; 502 503 if (copy_from_user(data, buf, count) != 0) { 504 rc = -EFAULT; 505 goto out; 506 } 507 508 /* 509 * In case of parsing only part of user buf, 510 * avoid having partial rule at the data buffer 511 */ 512 if (trunc) { 513 while (count > 0 && (data[count - 1] != '\n')) 514 --count; 515 if (count == 0) { 516 rc = -EINVAL; 517 goto out; 518 } 519 } 520 521 data[count] = '\0'; 522 tokens = (format == SMK_CHANGE_FMT ? 4 : 3); 523 while (cnt < count) { 524 if (format == SMK_FIXED24_FMT) { 525 rc = smk_parse_rule(data, &rule, 1); 526 if (rc < 0) 527 goto out; 528 cnt = count; 529 } else { 530 rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens); 531 if (rc < 0) 532 goto out; 533 if (rc == 0) { 534 rc = -EINVAL; 535 goto out; 536 } 537 cnt += rc; 538 } 539 540 if (rule_list == NULL) 541 rc = smk_set_access(&rule, &rule.smk_subject->smk_rules, 542 &rule.smk_subject->smk_rules_lock, 1); 543 else 544 rc = smk_set_access(&rule, rule_list, rule_lock, 0); 545 546 if (rc) 547 goto out; 548 } 549 550 rc = cnt; 551 out: 552 kfree(data); 553 return rc; 554 } 555 556 /* 557 * Core logic for smackfs seq list operations. 558 */ 559 560 static void *smk_seq_start(struct seq_file *s, loff_t *pos, 561 struct list_head *head) 562 { 563 struct list_head *list; 564 int i = *pos; 565 566 rcu_read_lock(); 567 for (list = rcu_dereference(list_next_rcu(head)); 568 list != head; 569 list = rcu_dereference(list_next_rcu(list))) { 570 if (i-- == 0) 571 return list; 572 } 573 574 return NULL; 575 } 576 577 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos, 578 struct list_head *head) 579 { 580 struct list_head *list = v; 581 582 ++*pos; 583 list = rcu_dereference(list_next_rcu(list)); 584 585 return (list == head) ? NULL : list; 586 } 587 588 static void smk_seq_stop(struct seq_file *s, void *v) 589 { 590 rcu_read_unlock(); 591 } 592 593 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max) 594 { 595 /* 596 * Don't show any rules with label names too long for 597 * interface file (/smack/load or /smack/load2) 598 * because you should expect to be able to write 599 * anything you read back. 600 */ 601 if (strlen(srp->smk_subject->smk_known) >= max || 602 strlen(srp->smk_object->smk_known) >= max) 603 return; 604 605 if (srp->smk_access == 0) 606 return; 607 608 seq_printf(s, "%s %s", 609 srp->smk_subject->smk_known, 610 srp->smk_object->smk_known); 611 612 seq_putc(s, ' '); 613 614 if (srp->smk_access & MAY_READ) 615 seq_putc(s, 'r'); 616 if (srp->smk_access & MAY_WRITE) 617 seq_putc(s, 'w'); 618 if (srp->smk_access & MAY_EXEC) 619 seq_putc(s, 'x'); 620 if (srp->smk_access & MAY_APPEND) 621 seq_putc(s, 'a'); 622 if (srp->smk_access & MAY_TRANSMUTE) 623 seq_putc(s, 't'); 624 if (srp->smk_access & MAY_LOCK) 625 seq_putc(s, 'l'); 626 if (srp->smk_access & MAY_BRINGUP) 627 seq_putc(s, 'b'); 628 629 seq_putc(s, '\n'); 630 } 631 632 /* 633 * Seq_file read operations for /smack/load 634 */ 635 636 static void *load2_seq_start(struct seq_file *s, loff_t *pos) 637 { 638 return smk_seq_start(s, pos, &smack_rule_list); 639 } 640 641 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos) 642 { 643 return smk_seq_next(s, v, pos, &smack_rule_list); 644 } 645 646 static int load_seq_show(struct seq_file *s, void *v) 647 { 648 struct list_head *list = v; 649 struct smack_master_list *smlp = 650 list_entry_rcu(list, struct smack_master_list, list); 651 652 smk_rule_show(s, smlp->smk_rule, SMK_LABELLEN); 653 654 return 0; 655 } 656 657 static const struct seq_operations load_seq_ops = { 658 .start = load2_seq_start, 659 .next = load2_seq_next, 660 .show = load_seq_show, 661 .stop = smk_seq_stop, 662 }; 663 664 /** 665 * smk_open_load - open() for /smack/load 666 * @inode: inode structure representing file 667 * @file: "load" file pointer 668 * 669 * For reading, use load_seq_* seq_file reading operations. 670 */ 671 static int smk_open_load(struct inode *inode, struct file *file) 672 { 673 return seq_open(file, &load_seq_ops); 674 } 675 676 /** 677 * smk_write_load - write() for /smack/load 678 * @file: file pointer, not actually used 679 * @buf: where to get the data from 680 * @count: bytes sent 681 * @ppos: where to start - must be 0 682 * 683 */ 684 static ssize_t smk_write_load(struct file *file, const char __user *buf, 685 size_t count, loff_t *ppos) 686 { 687 /* 688 * Must have privilege. 689 * No partial writes. 690 * Enough data must be present. 691 */ 692 if (!smack_privileged(CAP_MAC_ADMIN)) 693 return -EPERM; 694 695 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL, 696 SMK_FIXED24_FMT); 697 } 698 699 static const struct file_operations smk_load_ops = { 700 .open = smk_open_load, 701 .read = seq_read, 702 .llseek = seq_lseek, 703 .write = smk_write_load, 704 .release = seq_release, 705 }; 706 707 /** 708 * smk_cipso_doi - initialize the CIPSO domain 709 */ 710 static void smk_cipso_doi(void) 711 { 712 int rc; 713 struct cipso_v4_doi *doip; 714 struct netlbl_audit nai; 715 716 smk_netlabel_audit_set(&nai); 717 718 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); 719 if (rc != 0) 720 printk(KERN_WARNING "%s:%d remove rc = %d\n", 721 __func__, __LINE__, rc); 722 723 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 724 if (doip == NULL) 725 panic("smack: Failed to initialize cipso DOI.\n"); 726 doip->map.std = NULL; 727 doip->doi = smk_cipso_doi_value; 728 doip->type = CIPSO_V4_MAP_PASS; 729 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 730 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 731 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 732 733 rc = netlbl_cfg_cipsov4_add(doip, &nai); 734 if (rc != 0) { 735 printk(KERN_WARNING "%s:%d cipso add rc = %d\n", 736 __func__, __LINE__, rc); 737 kfree(doip); 738 return; 739 } 740 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); 741 if (rc != 0) { 742 printk(KERN_WARNING "%s:%d map add rc = %d\n", 743 __func__, __LINE__, rc); 744 kfree(doip); 745 return; 746 } 747 } 748 749 /** 750 * smk_unlbl_ambient - initialize the unlabeled domain 751 * @oldambient: previous domain string 752 */ 753 static void smk_unlbl_ambient(char *oldambient) 754 { 755 int rc; 756 struct netlbl_audit nai; 757 758 smk_netlabel_audit_set(&nai); 759 760 if (oldambient != NULL) { 761 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); 762 if (rc != 0) 763 printk(KERN_WARNING "%s:%d remove rc = %d\n", 764 __func__, __LINE__, rc); 765 } 766 if (smack_net_ambient == NULL) 767 smack_net_ambient = &smack_known_floor; 768 769 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET, 770 NULL, NULL, &nai); 771 if (rc != 0) 772 printk(KERN_WARNING "%s:%d add rc = %d\n", 773 __func__, __LINE__, rc); 774 } 775 776 /* 777 * Seq_file read operations for /smack/cipso 778 */ 779 780 static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 781 { 782 return smk_seq_start(s, pos, &smack_known_list); 783 } 784 785 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 786 { 787 return smk_seq_next(s, v, pos, &smack_known_list); 788 } 789 790 /* 791 * Print cipso labels in format: 792 * label level[/cat[,cat]] 793 */ 794 static int cipso_seq_show(struct seq_file *s, void *v) 795 { 796 struct list_head *list = v; 797 struct smack_known *skp = 798 list_entry_rcu(list, struct smack_known, list); 799 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat; 800 char sep = '/'; 801 int i; 802 803 /* 804 * Don't show a label that could not have been set using 805 * /smack/cipso. This is in support of the notion that 806 * anything read from /smack/cipso ought to be writeable 807 * to /smack/cipso. 808 * 809 * /smack/cipso2 should be used instead. 810 */ 811 if (strlen(skp->smk_known) >= SMK_LABELLEN) 812 return 0; 813 814 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl); 815 816 for (i = netlbl_catmap_walk(cmp, 0); i >= 0; 817 i = netlbl_catmap_walk(cmp, i + 1)) { 818 seq_printf(s, "%c%d", sep, i); 819 sep = ','; 820 } 821 822 seq_putc(s, '\n'); 823 824 return 0; 825 } 826 827 static const struct seq_operations cipso_seq_ops = { 828 .start = cipso_seq_start, 829 .next = cipso_seq_next, 830 .show = cipso_seq_show, 831 .stop = smk_seq_stop, 832 }; 833 834 /** 835 * smk_open_cipso - open() for /smack/cipso 836 * @inode: inode structure representing file 837 * @file: "cipso" file pointer 838 * 839 * Connect our cipso_seq_* operations with /smack/cipso 840 * file_operations 841 */ 842 static int smk_open_cipso(struct inode *inode, struct file *file) 843 { 844 return seq_open(file, &cipso_seq_ops); 845 } 846 847 /** 848 * smk_set_cipso - do the work for write() for cipso and cipso2 849 * @file: file pointer, not actually used 850 * @buf: where to get the data from 851 * @count: bytes sent 852 * @ppos: where to start 853 * @format: /smack/cipso or /smack/cipso2 854 * 855 * Accepts only one cipso rule per write call. 856 * Returns number of bytes written or error code, as appropriate 857 */ 858 static ssize_t smk_set_cipso(struct file *file, const char __user *buf, 859 size_t count, loff_t *ppos, int format) 860 { 861 struct smack_known *skp; 862 struct netlbl_lsm_secattr ncats; 863 char mapcatset[SMK_CIPSOLEN]; 864 int maplevel; 865 unsigned int cat; 866 int catlen; 867 ssize_t rc = -EINVAL; 868 char *data = NULL; 869 char *rule; 870 int ret; 871 int i; 872 873 /* 874 * Must have privilege. 875 * No partial writes. 876 * Enough data must be present. 877 */ 878 if (!smack_privileged(CAP_MAC_ADMIN)) 879 return -EPERM; 880 if (*ppos != 0) 881 return -EINVAL; 882 if (format == SMK_FIXED24_FMT && 883 (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX)) 884 return -EINVAL; 885 886 data = kzalloc(count + 1, GFP_KERNEL); 887 if (data == NULL) 888 return -ENOMEM; 889 890 if (copy_from_user(data, buf, count) != 0) { 891 rc = -EFAULT; 892 goto unlockedout; 893 } 894 895 data[count] = '\0'; 896 rule = data; 897 /* 898 * Only allow one writer at a time. Writes should be 899 * quite rare and small in any case. 900 */ 901 mutex_lock(&smack_cipso_lock); 902 903 skp = smk_import_entry(rule, 0); 904 if (IS_ERR(skp)) { 905 rc = PTR_ERR(skp); 906 goto out; 907 } 908 909 if (format == SMK_FIXED24_FMT) 910 rule += SMK_LABELLEN; 911 else 912 rule += strlen(skp->smk_known) + 1; 913 914 ret = sscanf(rule, "%d", &maplevel); 915 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 916 goto out; 917 918 rule += SMK_DIGITLEN; 919 ret = sscanf(rule, "%d", &catlen); 920 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 921 goto out; 922 923 if (format == SMK_FIXED24_FMT && 924 count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 925 goto out; 926 927 memset(mapcatset, 0, sizeof(mapcatset)); 928 929 for (i = 0; i < catlen; i++) { 930 rule += SMK_DIGITLEN; 931 ret = sscanf(rule, "%u", &cat); 932 if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM) 933 goto out; 934 935 smack_catset_bit(cat, mapcatset); 936 } 937 938 rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN); 939 if (rc >= 0) { 940 netlbl_catmap_free(skp->smk_netlabel.attr.mls.cat); 941 skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat; 942 skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl; 943 rc = count; 944 } 945 946 out: 947 mutex_unlock(&smack_cipso_lock); 948 unlockedout: 949 kfree(data); 950 return rc; 951 } 952 953 /** 954 * smk_write_cipso - write() for /smack/cipso 955 * @file: file pointer, not actually used 956 * @buf: where to get the data from 957 * @count: bytes sent 958 * @ppos: where to start 959 * 960 * Accepts only one cipso rule per write call. 961 * Returns number of bytes written or error code, as appropriate 962 */ 963 static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 964 size_t count, loff_t *ppos) 965 { 966 return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT); 967 } 968 969 static const struct file_operations smk_cipso_ops = { 970 .open = smk_open_cipso, 971 .read = seq_read, 972 .llseek = seq_lseek, 973 .write = smk_write_cipso, 974 .release = seq_release, 975 }; 976 977 /* 978 * Seq_file read operations for /smack/cipso2 979 */ 980 981 /* 982 * Print cipso labels in format: 983 * label level[/cat[,cat]] 984 */ 985 static int cipso2_seq_show(struct seq_file *s, void *v) 986 { 987 struct list_head *list = v; 988 struct smack_known *skp = 989 list_entry_rcu(list, struct smack_known, list); 990 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat; 991 char sep = '/'; 992 int i; 993 994 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl); 995 996 for (i = netlbl_catmap_walk(cmp, 0); i >= 0; 997 i = netlbl_catmap_walk(cmp, i + 1)) { 998 seq_printf(s, "%c%d", sep, i); 999 sep = ','; 1000 } 1001 1002 seq_putc(s, '\n'); 1003 1004 return 0; 1005 } 1006 1007 static const struct seq_operations cipso2_seq_ops = { 1008 .start = cipso_seq_start, 1009 .next = cipso_seq_next, 1010 .show = cipso2_seq_show, 1011 .stop = smk_seq_stop, 1012 }; 1013 1014 /** 1015 * smk_open_cipso2 - open() for /smack/cipso2 1016 * @inode: inode structure representing file 1017 * @file: "cipso2" file pointer 1018 * 1019 * Connect our cipso_seq_* operations with /smack/cipso2 1020 * file_operations 1021 */ 1022 static int smk_open_cipso2(struct inode *inode, struct file *file) 1023 { 1024 return seq_open(file, &cipso2_seq_ops); 1025 } 1026 1027 /** 1028 * smk_write_cipso2 - write() for /smack/cipso2 1029 * @file: file pointer, not actually used 1030 * @buf: where to get the data from 1031 * @count: bytes sent 1032 * @ppos: where to start 1033 * 1034 * Accepts only one cipso rule per write call. 1035 * Returns number of bytes written or error code, as appropriate 1036 */ 1037 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf, 1038 size_t count, loff_t *ppos) 1039 { 1040 return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT); 1041 } 1042 1043 static const struct file_operations smk_cipso2_ops = { 1044 .open = smk_open_cipso2, 1045 .read = seq_read, 1046 .llseek = seq_lseek, 1047 .write = smk_write_cipso2, 1048 .release = seq_release, 1049 }; 1050 1051 /* 1052 * Seq_file read operations for /smack/netlabel 1053 */ 1054 1055 static void *net4addr_seq_start(struct seq_file *s, loff_t *pos) 1056 { 1057 return smk_seq_start(s, pos, &smk_net4addr_list); 1058 } 1059 1060 static void *net4addr_seq_next(struct seq_file *s, void *v, loff_t *pos) 1061 { 1062 return smk_seq_next(s, v, pos, &smk_net4addr_list); 1063 } 1064 1065 /* 1066 * Print host/label pairs 1067 */ 1068 static int net4addr_seq_show(struct seq_file *s, void *v) 1069 { 1070 struct list_head *list = v; 1071 struct smk_net4addr *skp = 1072 list_entry_rcu(list, struct smk_net4addr, list); 1073 char *kp = SMACK_CIPSO_OPTION; 1074 1075 if (skp->smk_label != NULL) 1076 kp = skp->smk_label->smk_known; 1077 seq_printf(s, "%pI4/%d %s\n", &skp->smk_host.s_addr, 1078 skp->smk_masks, kp); 1079 1080 return 0; 1081 } 1082 1083 static const struct seq_operations net4addr_seq_ops = { 1084 .start = net4addr_seq_start, 1085 .next = net4addr_seq_next, 1086 .show = net4addr_seq_show, 1087 .stop = smk_seq_stop, 1088 }; 1089 1090 /** 1091 * smk_open_net4addr - open() for /smack/netlabel 1092 * @inode: inode structure representing file 1093 * @file: "netlabel" file pointer 1094 * 1095 * Connect our net4addr_seq_* operations with /smack/netlabel 1096 * file_operations 1097 */ 1098 static int smk_open_net4addr(struct inode *inode, struct file *file) 1099 { 1100 return seq_open(file, &net4addr_seq_ops); 1101 } 1102 1103 /** 1104 * smk_net4addr_insert 1105 * @new : netlabel to insert 1106 * 1107 * This helper insert netlabel in the smack_net4addrs list 1108 * sorted by netmask length (longest to smallest) 1109 * locked by &smk_net4addr_lock in smk_write_net4addr 1110 * 1111 */ 1112 static void smk_net4addr_insert(struct smk_net4addr *new) 1113 { 1114 struct smk_net4addr *m; 1115 struct smk_net4addr *m_next; 1116 1117 if (list_empty(&smk_net4addr_list)) { 1118 list_add_rcu(&new->list, &smk_net4addr_list); 1119 return; 1120 } 1121 1122 m = list_entry_rcu(smk_net4addr_list.next, 1123 struct smk_net4addr, list); 1124 1125 /* the comparison '>' is a bit hacky, but works */ 1126 if (new->smk_masks > m->smk_masks) { 1127 list_add_rcu(&new->list, &smk_net4addr_list); 1128 return; 1129 } 1130 1131 list_for_each_entry_rcu(m, &smk_net4addr_list, list) { 1132 if (list_is_last(&m->list, &smk_net4addr_list)) { 1133 list_add_rcu(&new->list, &m->list); 1134 return; 1135 } 1136 m_next = list_entry_rcu(m->list.next, 1137 struct smk_net4addr, list); 1138 if (new->smk_masks > m_next->smk_masks) { 1139 list_add_rcu(&new->list, &m->list); 1140 return; 1141 } 1142 } 1143 } 1144 1145 1146 /** 1147 * smk_write_net4addr - write() for /smack/netlabel 1148 * @file: file pointer, not actually used 1149 * @buf: where to get the data from 1150 * @count: bytes sent 1151 * @ppos: where to start 1152 * 1153 * Accepts only one net4addr per write call. 1154 * Returns number of bytes written or error code, as appropriate 1155 */ 1156 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, 1157 size_t count, loff_t *ppos) 1158 { 1159 struct smk_net4addr *snp; 1160 struct sockaddr_in newname; 1161 char *smack; 1162 struct smack_known *skp = NULL; 1163 char *data; 1164 char *host = (char *)&newname.sin_addr.s_addr; 1165 int rc; 1166 struct netlbl_audit audit_info; 1167 struct in_addr mask; 1168 unsigned int m; 1169 unsigned int masks; 1170 int found; 1171 u32 mask_bits = (1<<31); 1172 __be32 nsa; 1173 u32 temp_mask; 1174 1175 /* 1176 * Must have privilege. 1177 * No partial writes. 1178 * Enough data must be present. 1179 * "<addr/mask, as a.b.c.d/e><space><label>" 1180 * "<addr, as a.b.c.d><space><label>" 1181 */ 1182 if (!smack_privileged(CAP_MAC_ADMIN)) 1183 return -EPERM; 1184 if (*ppos != 0) 1185 return -EINVAL; 1186 if (count < SMK_NETLBLADDRMIN) 1187 return -EINVAL; 1188 1189 data = kzalloc(count + 1, GFP_KERNEL); 1190 if (data == NULL) 1191 return -ENOMEM; 1192 1193 if (copy_from_user(data, buf, count) != 0) { 1194 rc = -EFAULT; 1195 goto free_data_out; 1196 } 1197 1198 smack = kzalloc(count + 1, GFP_KERNEL); 1199 if (smack == NULL) { 1200 rc = -ENOMEM; 1201 goto free_data_out; 1202 } 1203 1204 data[count] = '\0'; 1205 1206 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s", 1207 &host[0], &host[1], &host[2], &host[3], &masks, smack); 1208 if (rc != 6) { 1209 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s", 1210 &host[0], &host[1], &host[2], &host[3], smack); 1211 if (rc != 5) { 1212 rc = -EINVAL; 1213 goto free_out; 1214 } 1215 m = BEBITS; 1216 masks = 32; 1217 } 1218 if (masks > BEBITS) { 1219 rc = -EINVAL; 1220 goto free_out; 1221 } 1222 1223 /* 1224 * If smack begins with '-', it is an option, don't import it 1225 */ 1226 if (smack[0] != '-') { 1227 skp = smk_import_entry(smack, 0); 1228 if (IS_ERR(skp)) { 1229 rc = PTR_ERR(skp); 1230 goto free_out; 1231 } 1232 } else { 1233 /* 1234 * Only the -CIPSO option is supported for IPv4 1235 */ 1236 if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) { 1237 rc = -EINVAL; 1238 goto free_out; 1239 } 1240 } 1241 1242 for (m = masks, temp_mask = 0; m > 0; m--) { 1243 temp_mask |= mask_bits; 1244 mask_bits >>= 1; 1245 } 1246 mask.s_addr = cpu_to_be32(temp_mask); 1247 1248 newname.sin_addr.s_addr &= mask.s_addr; 1249 /* 1250 * Only allow one writer at a time. Writes should be 1251 * quite rare and small in any case. 1252 */ 1253 mutex_lock(&smk_net4addr_lock); 1254 1255 nsa = newname.sin_addr.s_addr; 1256 /* try to find if the prefix is already in the list */ 1257 found = 0; 1258 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) { 1259 if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) { 1260 found = 1; 1261 break; 1262 } 1263 } 1264 smk_netlabel_audit_set(&audit_info); 1265 1266 if (found == 0) { 1267 snp = kzalloc(sizeof(*snp), GFP_KERNEL); 1268 if (snp == NULL) 1269 rc = -ENOMEM; 1270 else { 1271 rc = 0; 1272 snp->smk_host.s_addr = newname.sin_addr.s_addr; 1273 snp->smk_mask.s_addr = mask.s_addr; 1274 snp->smk_label = skp; 1275 snp->smk_masks = masks; 1276 smk_net4addr_insert(snp); 1277 } 1278 } else { 1279 /* 1280 * Delete the unlabeled entry, only if the previous label 1281 * wasn't the special CIPSO option 1282 */ 1283 if (snp->smk_label != NULL) 1284 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL, 1285 &snp->smk_host, &snp->smk_mask, 1286 PF_INET, &audit_info); 1287 else 1288 rc = 0; 1289 snp->smk_label = skp; 1290 } 1291 1292 /* 1293 * Now tell netlabel about the single label nature of 1294 * this host so that incoming packets get labeled. 1295 * but only if we didn't get the special CIPSO option 1296 */ 1297 if (rc == 0 && skp != NULL) 1298 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, 1299 &snp->smk_host, &snp->smk_mask, PF_INET, 1300 snp->smk_label->smk_secid, &audit_info); 1301 1302 if (rc == 0) 1303 rc = count; 1304 1305 mutex_unlock(&smk_net4addr_lock); 1306 1307 free_out: 1308 kfree(smack); 1309 free_data_out: 1310 kfree(data); 1311 1312 return rc; 1313 } 1314 1315 static const struct file_operations smk_net4addr_ops = { 1316 .open = smk_open_net4addr, 1317 .read = seq_read, 1318 .llseek = seq_lseek, 1319 .write = smk_write_net4addr, 1320 .release = seq_release, 1321 }; 1322 1323 #if IS_ENABLED(CONFIG_IPV6) 1324 /* 1325 * Seq_file read operations for /smack/netlabel6 1326 */ 1327 1328 static void *net6addr_seq_start(struct seq_file *s, loff_t *pos) 1329 { 1330 return smk_seq_start(s, pos, &smk_net6addr_list); 1331 } 1332 1333 static void *net6addr_seq_next(struct seq_file *s, void *v, loff_t *pos) 1334 { 1335 return smk_seq_next(s, v, pos, &smk_net6addr_list); 1336 } 1337 1338 /* 1339 * Print host/label pairs 1340 */ 1341 static int net6addr_seq_show(struct seq_file *s, void *v) 1342 { 1343 struct list_head *list = v; 1344 struct smk_net6addr *skp = 1345 list_entry(list, struct smk_net6addr, list); 1346 1347 if (skp->smk_label != NULL) 1348 seq_printf(s, "%pI6/%d %s\n", &skp->smk_host, skp->smk_masks, 1349 skp->smk_label->smk_known); 1350 1351 return 0; 1352 } 1353 1354 static const struct seq_operations net6addr_seq_ops = { 1355 .start = net6addr_seq_start, 1356 .next = net6addr_seq_next, 1357 .show = net6addr_seq_show, 1358 .stop = smk_seq_stop, 1359 }; 1360 1361 /** 1362 * smk_open_net6addr - open() for /smack/netlabel 1363 * @inode: inode structure representing file 1364 * @file: "netlabel" file pointer 1365 * 1366 * Connect our net6addr_seq_* operations with /smack/netlabel 1367 * file_operations 1368 */ 1369 static int smk_open_net6addr(struct inode *inode, struct file *file) 1370 { 1371 return seq_open(file, &net6addr_seq_ops); 1372 } 1373 1374 /** 1375 * smk_net6addr_insert 1376 * @new : entry to insert 1377 * 1378 * This inserts an entry in the smack_net6addrs list 1379 * sorted by netmask length (longest to smallest) 1380 * locked by &smk_net6addr_lock in smk_write_net6addr 1381 * 1382 */ 1383 static void smk_net6addr_insert(struct smk_net6addr *new) 1384 { 1385 struct smk_net6addr *m_next; 1386 struct smk_net6addr *m; 1387 1388 if (list_empty(&smk_net6addr_list)) { 1389 list_add_rcu(&new->list, &smk_net6addr_list); 1390 return; 1391 } 1392 1393 m = list_entry_rcu(smk_net6addr_list.next, 1394 struct smk_net6addr, list); 1395 1396 if (new->smk_masks > m->smk_masks) { 1397 list_add_rcu(&new->list, &smk_net6addr_list); 1398 return; 1399 } 1400 1401 list_for_each_entry_rcu(m, &smk_net6addr_list, list) { 1402 if (list_is_last(&m->list, &smk_net6addr_list)) { 1403 list_add_rcu(&new->list, &m->list); 1404 return; 1405 } 1406 m_next = list_entry_rcu(m->list.next, 1407 struct smk_net6addr, list); 1408 if (new->smk_masks > m_next->smk_masks) { 1409 list_add_rcu(&new->list, &m->list); 1410 return; 1411 } 1412 } 1413 } 1414 1415 1416 /** 1417 * smk_write_net6addr - write() for /smack/netlabel 1418 * @file: file pointer, not actually used 1419 * @buf: where to get the data from 1420 * @count: bytes sent 1421 * @ppos: where to start 1422 * 1423 * Accepts only one net6addr per write call. 1424 * Returns number of bytes written or error code, as appropriate 1425 */ 1426 static ssize_t smk_write_net6addr(struct file *file, const char __user *buf, 1427 size_t count, loff_t *ppos) 1428 { 1429 struct smk_net6addr *snp; 1430 struct in6_addr newname; 1431 struct in6_addr fullmask; 1432 struct smack_known *skp = NULL; 1433 char *smack; 1434 char *data; 1435 int rc = 0; 1436 int found = 0; 1437 int i; 1438 unsigned int scanned[8]; 1439 unsigned int m; 1440 unsigned int mask = 128; 1441 1442 /* 1443 * Must have privilege. 1444 * No partial writes. 1445 * Enough data must be present. 1446 * "<addr/mask, as a:b:c:d:e:f:g:h/e><space><label>" 1447 * "<addr, as a:b:c:d:e:f:g:h><space><label>" 1448 */ 1449 if (!smack_privileged(CAP_MAC_ADMIN)) 1450 return -EPERM; 1451 if (*ppos != 0) 1452 return -EINVAL; 1453 if (count < SMK_NETLBLADDRMIN) 1454 return -EINVAL; 1455 1456 data = kzalloc(count + 1, GFP_KERNEL); 1457 if (data == NULL) 1458 return -ENOMEM; 1459 1460 if (copy_from_user(data, buf, count) != 0) { 1461 rc = -EFAULT; 1462 goto free_data_out; 1463 } 1464 1465 smack = kzalloc(count + 1, GFP_KERNEL); 1466 if (smack == NULL) { 1467 rc = -ENOMEM; 1468 goto free_data_out; 1469 } 1470 1471 data[count] = '\0'; 1472 1473 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s", 1474 &scanned[0], &scanned[1], &scanned[2], &scanned[3], 1475 &scanned[4], &scanned[5], &scanned[6], &scanned[7], 1476 &mask, smack); 1477 if (i != 10) { 1478 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s", 1479 &scanned[0], &scanned[1], &scanned[2], 1480 &scanned[3], &scanned[4], &scanned[5], 1481 &scanned[6], &scanned[7], smack); 1482 if (i != 9) { 1483 rc = -EINVAL; 1484 goto free_out; 1485 } 1486 } 1487 if (mask > 128) { 1488 rc = -EINVAL; 1489 goto free_out; 1490 } 1491 for (i = 0; i < 8; i++) { 1492 if (scanned[i] > 0xffff) { 1493 rc = -EINVAL; 1494 goto free_out; 1495 } 1496 newname.s6_addr16[i] = htons(scanned[i]); 1497 } 1498 1499 /* 1500 * If smack begins with '-', it is an option, don't import it 1501 */ 1502 if (smack[0] != '-') { 1503 skp = smk_import_entry(smack, 0); 1504 if (skp == NULL) { 1505 rc = -EINVAL; 1506 goto free_out; 1507 } 1508 } else { 1509 /* 1510 * Only -DELETE is supported for IPv6 1511 */ 1512 if (strcmp(smack, SMACK_DELETE_OPTION) != 0) { 1513 rc = -EINVAL; 1514 goto free_out; 1515 } 1516 } 1517 1518 for (i = 0, m = mask; i < 8; i++) { 1519 if (m >= 16) { 1520 fullmask.s6_addr16[i] = 0xffff; 1521 m -= 16; 1522 } else if (m > 0) { 1523 fullmask.s6_addr16[i] = (1 << m) - 1; 1524 m = 0; 1525 } else 1526 fullmask.s6_addr16[i] = 0; 1527 newname.s6_addr16[i] &= fullmask.s6_addr16[i]; 1528 } 1529 1530 /* 1531 * Only allow one writer at a time. Writes should be 1532 * quite rare and small in any case. 1533 */ 1534 mutex_lock(&smk_net6addr_lock); 1535 /* 1536 * Try to find the prefix in the list 1537 */ 1538 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 1539 if (mask != snp->smk_masks) 1540 continue; 1541 for (found = 1, i = 0; i < 8; i++) { 1542 if (newname.s6_addr16[i] != 1543 snp->smk_host.s6_addr16[i]) { 1544 found = 0; 1545 break; 1546 } 1547 } 1548 if (found == 1) 1549 break; 1550 } 1551 if (found == 0) { 1552 snp = kzalloc(sizeof(*snp), GFP_KERNEL); 1553 if (snp == NULL) 1554 rc = -ENOMEM; 1555 else { 1556 snp->smk_host = newname; 1557 snp->smk_mask = fullmask; 1558 snp->smk_masks = mask; 1559 snp->smk_label = skp; 1560 smk_net6addr_insert(snp); 1561 } 1562 } else { 1563 snp->smk_label = skp; 1564 } 1565 1566 if (rc == 0) 1567 rc = count; 1568 1569 mutex_unlock(&smk_net6addr_lock); 1570 1571 free_out: 1572 kfree(smack); 1573 free_data_out: 1574 kfree(data); 1575 1576 return rc; 1577 } 1578 1579 static const struct file_operations smk_net6addr_ops = { 1580 .open = smk_open_net6addr, 1581 .read = seq_read, 1582 .llseek = seq_lseek, 1583 .write = smk_write_net6addr, 1584 .release = seq_release, 1585 }; 1586 #endif /* CONFIG_IPV6 */ 1587 1588 /** 1589 * smk_read_doi - read() for /smack/doi 1590 * @filp: file pointer, not actually used 1591 * @buf: where to put the result 1592 * @count: maximum to send along 1593 * @ppos: where to start 1594 * 1595 * Returns number of bytes read or error code, as appropriate 1596 */ 1597 static ssize_t smk_read_doi(struct file *filp, char __user *buf, 1598 size_t count, loff_t *ppos) 1599 { 1600 char temp[80]; 1601 ssize_t rc; 1602 1603 if (*ppos != 0) 1604 return 0; 1605 1606 sprintf(temp, "%d", smk_cipso_doi_value); 1607 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1608 1609 return rc; 1610 } 1611 1612 /** 1613 * smk_write_doi - write() for /smack/doi 1614 * @file: file pointer, not actually used 1615 * @buf: where to get the data from 1616 * @count: bytes sent 1617 * @ppos: where to start 1618 * 1619 * Returns number of bytes written or error code, as appropriate 1620 */ 1621 static ssize_t smk_write_doi(struct file *file, const char __user *buf, 1622 size_t count, loff_t *ppos) 1623 { 1624 char temp[80]; 1625 int i; 1626 1627 if (!smack_privileged(CAP_MAC_ADMIN)) 1628 return -EPERM; 1629 1630 if (count >= sizeof(temp) || count == 0) 1631 return -EINVAL; 1632 1633 if (copy_from_user(temp, buf, count) != 0) 1634 return -EFAULT; 1635 1636 temp[count] = '\0'; 1637 1638 if (sscanf(temp, "%d", &i) != 1) 1639 return -EINVAL; 1640 1641 smk_cipso_doi_value = i; 1642 1643 smk_cipso_doi(); 1644 1645 return count; 1646 } 1647 1648 static const struct file_operations smk_doi_ops = { 1649 .read = smk_read_doi, 1650 .write = smk_write_doi, 1651 .llseek = default_llseek, 1652 }; 1653 1654 /** 1655 * smk_read_direct - read() for /smack/direct 1656 * @filp: file pointer, not actually used 1657 * @buf: where to put the result 1658 * @count: maximum to send along 1659 * @ppos: where to start 1660 * 1661 * Returns number of bytes read or error code, as appropriate 1662 */ 1663 static ssize_t smk_read_direct(struct file *filp, char __user *buf, 1664 size_t count, loff_t *ppos) 1665 { 1666 char temp[80]; 1667 ssize_t rc; 1668 1669 if (*ppos != 0) 1670 return 0; 1671 1672 sprintf(temp, "%d", smack_cipso_direct); 1673 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1674 1675 return rc; 1676 } 1677 1678 /** 1679 * smk_write_direct - write() for /smack/direct 1680 * @file: file pointer, not actually used 1681 * @buf: where to get the data from 1682 * @count: bytes sent 1683 * @ppos: where to start 1684 * 1685 * Returns number of bytes written or error code, as appropriate 1686 */ 1687 static ssize_t smk_write_direct(struct file *file, const char __user *buf, 1688 size_t count, loff_t *ppos) 1689 { 1690 struct smack_known *skp; 1691 char temp[80]; 1692 int i; 1693 1694 if (!smack_privileged(CAP_MAC_ADMIN)) 1695 return -EPERM; 1696 1697 if (count >= sizeof(temp) || count == 0) 1698 return -EINVAL; 1699 1700 if (copy_from_user(temp, buf, count) != 0) 1701 return -EFAULT; 1702 1703 temp[count] = '\0'; 1704 1705 if (sscanf(temp, "%d", &i) != 1) 1706 return -EINVAL; 1707 1708 /* 1709 * Don't do anything if the value hasn't actually changed. 1710 * If it is changing reset the level on entries that were 1711 * set up to be direct when they were created. 1712 */ 1713 if (smack_cipso_direct != i) { 1714 mutex_lock(&smack_known_lock); 1715 list_for_each_entry_rcu(skp, &smack_known_list, list) 1716 if (skp->smk_netlabel.attr.mls.lvl == 1717 smack_cipso_direct) 1718 skp->smk_netlabel.attr.mls.lvl = i; 1719 smack_cipso_direct = i; 1720 mutex_unlock(&smack_known_lock); 1721 } 1722 1723 return count; 1724 } 1725 1726 static const struct file_operations smk_direct_ops = { 1727 .read = smk_read_direct, 1728 .write = smk_write_direct, 1729 .llseek = default_llseek, 1730 }; 1731 1732 /** 1733 * smk_read_mapped - read() for /smack/mapped 1734 * @filp: file pointer, not actually used 1735 * @buf: where to put the result 1736 * @count: maximum to send along 1737 * @ppos: where to start 1738 * 1739 * Returns number of bytes read or error code, as appropriate 1740 */ 1741 static ssize_t smk_read_mapped(struct file *filp, char __user *buf, 1742 size_t count, loff_t *ppos) 1743 { 1744 char temp[80]; 1745 ssize_t rc; 1746 1747 if (*ppos != 0) 1748 return 0; 1749 1750 sprintf(temp, "%d", smack_cipso_mapped); 1751 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1752 1753 return rc; 1754 } 1755 1756 /** 1757 * smk_write_mapped - write() for /smack/mapped 1758 * @file: file pointer, not actually used 1759 * @buf: where to get the data from 1760 * @count: bytes sent 1761 * @ppos: where to start 1762 * 1763 * Returns number of bytes written or error code, as appropriate 1764 */ 1765 static ssize_t smk_write_mapped(struct file *file, const char __user *buf, 1766 size_t count, loff_t *ppos) 1767 { 1768 struct smack_known *skp; 1769 char temp[80]; 1770 int i; 1771 1772 if (!smack_privileged(CAP_MAC_ADMIN)) 1773 return -EPERM; 1774 1775 if (count >= sizeof(temp) || count == 0) 1776 return -EINVAL; 1777 1778 if (copy_from_user(temp, buf, count) != 0) 1779 return -EFAULT; 1780 1781 temp[count] = '\0'; 1782 1783 if (sscanf(temp, "%d", &i) != 1) 1784 return -EINVAL; 1785 1786 /* 1787 * Don't do anything if the value hasn't actually changed. 1788 * If it is changing reset the level on entries that were 1789 * set up to be mapped when they were created. 1790 */ 1791 if (smack_cipso_mapped != i) { 1792 mutex_lock(&smack_known_lock); 1793 list_for_each_entry_rcu(skp, &smack_known_list, list) 1794 if (skp->smk_netlabel.attr.mls.lvl == 1795 smack_cipso_mapped) 1796 skp->smk_netlabel.attr.mls.lvl = i; 1797 smack_cipso_mapped = i; 1798 mutex_unlock(&smack_known_lock); 1799 } 1800 1801 return count; 1802 } 1803 1804 static const struct file_operations smk_mapped_ops = { 1805 .read = smk_read_mapped, 1806 .write = smk_write_mapped, 1807 .llseek = default_llseek, 1808 }; 1809 1810 /** 1811 * smk_read_ambient - read() for /smack/ambient 1812 * @filp: file pointer, not actually used 1813 * @buf: where to put the result 1814 * @cn: maximum to send along 1815 * @ppos: where to start 1816 * 1817 * Returns number of bytes read or error code, as appropriate 1818 */ 1819 static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 1820 size_t cn, loff_t *ppos) 1821 { 1822 ssize_t rc; 1823 int asize; 1824 1825 if (*ppos != 0) 1826 return 0; 1827 /* 1828 * Being careful to avoid a problem in the case where 1829 * smack_net_ambient gets changed in midstream. 1830 */ 1831 mutex_lock(&smack_ambient_lock); 1832 1833 asize = strlen(smack_net_ambient->smk_known) + 1; 1834 1835 if (cn >= asize) 1836 rc = simple_read_from_buffer(buf, cn, ppos, 1837 smack_net_ambient->smk_known, 1838 asize); 1839 else 1840 rc = -EINVAL; 1841 1842 mutex_unlock(&smack_ambient_lock); 1843 1844 return rc; 1845 } 1846 1847 /** 1848 * smk_write_ambient - write() for /smack/ambient 1849 * @file: file pointer, not actually used 1850 * @buf: where to get the data from 1851 * @count: bytes sent 1852 * @ppos: where to start 1853 * 1854 * Returns number of bytes written or error code, as appropriate 1855 */ 1856 static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 1857 size_t count, loff_t *ppos) 1858 { 1859 struct smack_known *skp; 1860 char *oldambient; 1861 char *data; 1862 int rc = count; 1863 1864 if (!smack_privileged(CAP_MAC_ADMIN)) 1865 return -EPERM; 1866 1867 data = kzalloc(count + 1, GFP_KERNEL); 1868 if (data == NULL) 1869 return -ENOMEM; 1870 1871 if (copy_from_user(data, buf, count) != 0) { 1872 rc = -EFAULT; 1873 goto out; 1874 } 1875 1876 skp = smk_import_entry(data, count); 1877 if (IS_ERR(skp)) { 1878 rc = PTR_ERR(skp); 1879 goto out; 1880 } 1881 1882 mutex_lock(&smack_ambient_lock); 1883 1884 oldambient = smack_net_ambient->smk_known; 1885 smack_net_ambient = skp; 1886 smk_unlbl_ambient(oldambient); 1887 1888 mutex_unlock(&smack_ambient_lock); 1889 1890 out: 1891 kfree(data); 1892 return rc; 1893 } 1894 1895 static const struct file_operations smk_ambient_ops = { 1896 .read = smk_read_ambient, 1897 .write = smk_write_ambient, 1898 .llseek = default_llseek, 1899 }; 1900 1901 /* 1902 * Seq_file operations for /smack/onlycap 1903 */ 1904 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos) 1905 { 1906 return smk_seq_start(s, pos, &smack_onlycap_list); 1907 } 1908 1909 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos) 1910 { 1911 return smk_seq_next(s, v, pos, &smack_onlycap_list); 1912 } 1913 1914 static int onlycap_seq_show(struct seq_file *s, void *v) 1915 { 1916 struct list_head *list = v; 1917 struct smack_onlycap *sop = 1918 list_entry_rcu(list, struct smack_onlycap, list); 1919 1920 seq_puts(s, sop->smk_label->smk_known); 1921 seq_putc(s, ' '); 1922 1923 return 0; 1924 } 1925 1926 static const struct seq_operations onlycap_seq_ops = { 1927 .start = onlycap_seq_start, 1928 .next = onlycap_seq_next, 1929 .show = onlycap_seq_show, 1930 .stop = smk_seq_stop, 1931 }; 1932 1933 static int smk_open_onlycap(struct inode *inode, struct file *file) 1934 { 1935 return seq_open(file, &onlycap_seq_ops); 1936 } 1937 1938 /** 1939 * smk_list_swap_rcu - swap public list with a private one in RCU-safe way 1940 * The caller must hold appropriate mutex to prevent concurrent modifications 1941 * to the public list. 1942 * Private list is assumed to be not accessible to other threads yet. 1943 * 1944 * @public: public list 1945 * @private: private list 1946 */ 1947 static void smk_list_swap_rcu(struct list_head *public, 1948 struct list_head *private) 1949 { 1950 struct list_head *first, *last; 1951 1952 if (list_empty(public)) { 1953 list_splice_init_rcu(private, public, synchronize_rcu); 1954 } else { 1955 /* Remember public list before replacing it */ 1956 first = public->next; 1957 last = public->prev; 1958 1959 /* Publish private list in place of public in RCU-safe way */ 1960 private->prev->next = public; 1961 private->next->prev = public; 1962 rcu_assign_pointer(public->next, private->next); 1963 public->prev = private->prev; 1964 1965 synchronize_rcu(); 1966 1967 /* When all readers are done with the old public list, 1968 * attach it in place of private */ 1969 private->next = first; 1970 private->prev = last; 1971 first->prev = private; 1972 last->next = private; 1973 } 1974 } 1975 1976 /** 1977 * smk_write_onlycap - write() for smackfs/onlycap 1978 * @file: file pointer, not actually used 1979 * @buf: where to get the data from 1980 * @count: bytes sent 1981 * @ppos: where to start 1982 * 1983 * Returns number of bytes written or error code, as appropriate 1984 */ 1985 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 1986 size_t count, loff_t *ppos) 1987 { 1988 char *data; 1989 char *data_parse; 1990 char *tok; 1991 struct smack_known *skp; 1992 struct smack_onlycap *sop; 1993 struct smack_onlycap *sop2; 1994 LIST_HEAD(list_tmp); 1995 int rc = count; 1996 1997 if (!smack_privileged(CAP_MAC_ADMIN)) 1998 return -EPERM; 1999 2000 data = kzalloc(count + 1, GFP_KERNEL); 2001 if (data == NULL) 2002 return -ENOMEM; 2003 2004 if (copy_from_user(data, buf, count) != 0) { 2005 kfree(data); 2006 return -EFAULT; 2007 } 2008 2009 data_parse = data; 2010 while ((tok = strsep(&data_parse, " ")) != NULL) { 2011 if (!*tok) 2012 continue; 2013 2014 skp = smk_import_entry(tok, 0); 2015 if (IS_ERR(skp)) { 2016 rc = PTR_ERR(skp); 2017 break; 2018 } 2019 2020 sop = kzalloc(sizeof(*sop), GFP_KERNEL); 2021 if (sop == NULL) { 2022 rc = -ENOMEM; 2023 break; 2024 } 2025 2026 sop->smk_label = skp; 2027 list_add_rcu(&sop->list, &list_tmp); 2028 } 2029 kfree(data); 2030 2031 /* 2032 * Clear the smack_onlycap on invalid label errors. This means 2033 * that we can pass a null string to unset the onlycap value. 2034 * 2035 * Importing will also reject a label beginning with '-', 2036 * so "-usecapabilities" will also work. 2037 * 2038 * But do so only on invalid label, not on system errors. 2039 * The invalid label must be first to count as clearing attempt. 2040 */ 2041 if (rc == -EINVAL && list_empty(&list_tmp)) 2042 rc = count; 2043 2044 if (rc >= 0) { 2045 mutex_lock(&smack_onlycap_lock); 2046 smk_list_swap_rcu(&smack_onlycap_list, &list_tmp); 2047 mutex_unlock(&smack_onlycap_lock); 2048 } 2049 2050 list_for_each_entry_safe(sop, sop2, &list_tmp, list) 2051 kfree(sop); 2052 2053 return rc; 2054 } 2055 2056 static const struct file_operations smk_onlycap_ops = { 2057 .open = smk_open_onlycap, 2058 .read = seq_read, 2059 .write = smk_write_onlycap, 2060 .llseek = seq_lseek, 2061 .release = seq_release, 2062 }; 2063 2064 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 2065 /** 2066 * smk_read_unconfined - read() for smackfs/unconfined 2067 * @filp: file pointer, not actually used 2068 * @buf: where to put the result 2069 * @cn: maximum to send along 2070 * @ppos: where to start 2071 * 2072 * Returns number of bytes read or error code, as appropriate 2073 */ 2074 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf, 2075 size_t cn, loff_t *ppos) 2076 { 2077 char *smack = ""; 2078 ssize_t rc = -EINVAL; 2079 int asize; 2080 2081 if (*ppos != 0) 2082 return 0; 2083 2084 if (smack_unconfined != NULL) 2085 smack = smack_unconfined->smk_known; 2086 2087 asize = strlen(smack) + 1; 2088 2089 if (cn >= asize) 2090 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 2091 2092 return rc; 2093 } 2094 2095 /** 2096 * smk_write_unconfined - write() for smackfs/unconfined 2097 * @file: file pointer, not actually used 2098 * @buf: where to get the data from 2099 * @count: bytes sent 2100 * @ppos: where to start 2101 * 2102 * Returns number of bytes written or error code, as appropriate 2103 */ 2104 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf, 2105 size_t count, loff_t *ppos) 2106 { 2107 char *data; 2108 struct smack_known *skp; 2109 int rc = count; 2110 2111 if (!smack_privileged(CAP_MAC_ADMIN)) 2112 return -EPERM; 2113 2114 data = kzalloc(count + 1, GFP_KERNEL); 2115 if (data == NULL) 2116 return -ENOMEM; 2117 2118 if (copy_from_user(data, buf, count) != 0) { 2119 rc = -EFAULT; 2120 goto freeout; 2121 } 2122 2123 /* 2124 * Clear the smack_unconfined on invalid label errors. This means 2125 * that we can pass a null string to unset the unconfined value. 2126 * 2127 * Importing will also reject a label beginning with '-', 2128 * so "-confine" will also work. 2129 * 2130 * But do so only on invalid label, not on system errors. 2131 */ 2132 skp = smk_import_entry(data, count); 2133 if (PTR_ERR(skp) == -EINVAL) 2134 skp = NULL; 2135 else if (IS_ERR(skp)) { 2136 rc = PTR_ERR(skp); 2137 goto freeout; 2138 } 2139 2140 smack_unconfined = skp; 2141 2142 freeout: 2143 kfree(data); 2144 return rc; 2145 } 2146 2147 static const struct file_operations smk_unconfined_ops = { 2148 .read = smk_read_unconfined, 2149 .write = smk_write_unconfined, 2150 .llseek = default_llseek, 2151 }; 2152 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */ 2153 2154 /** 2155 * smk_read_logging - read() for /smack/logging 2156 * @filp: file pointer, not actually used 2157 * @buf: where to put the result 2158 * @cn: maximum to send along 2159 * @ppos: where to start 2160 * 2161 * Returns number of bytes read or error code, as appropriate 2162 */ 2163 static ssize_t smk_read_logging(struct file *filp, char __user *buf, 2164 size_t count, loff_t *ppos) 2165 { 2166 char temp[32]; 2167 ssize_t rc; 2168 2169 if (*ppos != 0) 2170 return 0; 2171 2172 sprintf(temp, "%d\n", log_policy); 2173 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 2174 return rc; 2175 } 2176 2177 /** 2178 * smk_write_logging - write() for /smack/logging 2179 * @file: file pointer, not actually used 2180 * @buf: where to get the data from 2181 * @count: bytes sent 2182 * @ppos: where to start 2183 * 2184 * Returns number of bytes written or error code, as appropriate 2185 */ 2186 static ssize_t smk_write_logging(struct file *file, const char __user *buf, 2187 size_t count, loff_t *ppos) 2188 { 2189 char temp[32]; 2190 int i; 2191 2192 if (!smack_privileged(CAP_MAC_ADMIN)) 2193 return -EPERM; 2194 2195 if (count >= sizeof(temp) || count == 0) 2196 return -EINVAL; 2197 2198 if (copy_from_user(temp, buf, count) != 0) 2199 return -EFAULT; 2200 2201 temp[count] = '\0'; 2202 2203 if (sscanf(temp, "%d", &i) != 1) 2204 return -EINVAL; 2205 if (i < 0 || i > 3) 2206 return -EINVAL; 2207 log_policy = i; 2208 return count; 2209 } 2210 2211 2212 2213 static const struct file_operations smk_logging_ops = { 2214 .read = smk_read_logging, 2215 .write = smk_write_logging, 2216 .llseek = default_llseek, 2217 }; 2218 2219 /* 2220 * Seq_file read operations for /smack/load-self 2221 */ 2222 2223 static void *load_self_seq_start(struct seq_file *s, loff_t *pos) 2224 { 2225 struct task_smack *tsp = current_security(); 2226 2227 return smk_seq_start(s, pos, &tsp->smk_rules); 2228 } 2229 2230 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) 2231 { 2232 struct task_smack *tsp = current_security(); 2233 2234 return smk_seq_next(s, v, pos, &tsp->smk_rules); 2235 } 2236 2237 static int load_self_seq_show(struct seq_file *s, void *v) 2238 { 2239 struct list_head *list = v; 2240 struct smack_rule *srp = 2241 list_entry_rcu(list, struct smack_rule, list); 2242 2243 smk_rule_show(s, srp, SMK_LABELLEN); 2244 2245 return 0; 2246 } 2247 2248 static const struct seq_operations load_self_seq_ops = { 2249 .start = load_self_seq_start, 2250 .next = load_self_seq_next, 2251 .show = load_self_seq_show, 2252 .stop = smk_seq_stop, 2253 }; 2254 2255 2256 /** 2257 * smk_open_load_self - open() for /smack/load-self2 2258 * @inode: inode structure representing file 2259 * @file: "load" file pointer 2260 * 2261 * For reading, use load_seq_* seq_file reading operations. 2262 */ 2263 static int smk_open_load_self(struct inode *inode, struct file *file) 2264 { 2265 return seq_open(file, &load_self_seq_ops); 2266 } 2267 2268 /** 2269 * smk_write_load_self - write() for /smack/load-self 2270 * @file: file pointer, not actually used 2271 * @buf: where to get the data from 2272 * @count: bytes sent 2273 * @ppos: where to start - must be 0 2274 * 2275 */ 2276 static ssize_t smk_write_load_self(struct file *file, const char __user *buf, 2277 size_t count, loff_t *ppos) 2278 { 2279 struct task_smack *tsp = current_security(); 2280 2281 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, 2282 &tsp->smk_rules_lock, SMK_FIXED24_FMT); 2283 } 2284 2285 static const struct file_operations smk_load_self_ops = { 2286 .open = smk_open_load_self, 2287 .read = seq_read, 2288 .llseek = seq_lseek, 2289 .write = smk_write_load_self, 2290 .release = seq_release, 2291 }; 2292 2293 /** 2294 * smk_user_access - handle access check transaction 2295 * @file: file pointer 2296 * @buf: data from user space 2297 * @count: bytes sent 2298 * @ppos: where to start - must be 0 2299 */ 2300 static ssize_t smk_user_access(struct file *file, const char __user *buf, 2301 size_t count, loff_t *ppos, int format) 2302 { 2303 struct smack_parsed_rule rule; 2304 char *data; 2305 int res; 2306 2307 data = simple_transaction_get(file, buf, count); 2308 if (IS_ERR(data)) 2309 return PTR_ERR(data); 2310 2311 if (format == SMK_FIXED24_FMT) { 2312 if (count < SMK_LOADLEN) 2313 return -EINVAL; 2314 res = smk_parse_rule(data, &rule, 0); 2315 } else { 2316 /* 2317 * simple_transaction_get() returns null-terminated data 2318 */ 2319 res = smk_parse_long_rule(data, &rule, 0, 3); 2320 } 2321 2322 if (res >= 0) 2323 res = smk_access(rule.smk_subject, rule.smk_object, 2324 rule.smk_access1, NULL); 2325 else if (res != -ENOENT) 2326 return res; 2327 2328 /* 2329 * smk_access() can return a value > 0 in the "bringup" case. 2330 */ 2331 data[0] = res >= 0 ? '1' : '0'; 2332 data[1] = '\0'; 2333 2334 simple_transaction_set(file, 2); 2335 2336 if (format == SMK_FIXED24_FMT) 2337 return SMK_LOADLEN; 2338 return count; 2339 } 2340 2341 /** 2342 * smk_write_access - handle access check transaction 2343 * @file: file pointer 2344 * @buf: data from user space 2345 * @count: bytes sent 2346 * @ppos: where to start - must be 0 2347 */ 2348 static ssize_t smk_write_access(struct file *file, const char __user *buf, 2349 size_t count, loff_t *ppos) 2350 { 2351 return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT); 2352 } 2353 2354 static const struct file_operations smk_access_ops = { 2355 .write = smk_write_access, 2356 .read = simple_transaction_read, 2357 .release = simple_transaction_release, 2358 .llseek = generic_file_llseek, 2359 }; 2360 2361 2362 /* 2363 * Seq_file read operations for /smack/load2 2364 */ 2365 2366 static int load2_seq_show(struct seq_file *s, void *v) 2367 { 2368 struct list_head *list = v; 2369 struct smack_master_list *smlp = 2370 list_entry_rcu(list, struct smack_master_list, list); 2371 2372 smk_rule_show(s, smlp->smk_rule, SMK_LONGLABEL); 2373 2374 return 0; 2375 } 2376 2377 static const struct seq_operations load2_seq_ops = { 2378 .start = load2_seq_start, 2379 .next = load2_seq_next, 2380 .show = load2_seq_show, 2381 .stop = smk_seq_stop, 2382 }; 2383 2384 /** 2385 * smk_open_load2 - open() for /smack/load2 2386 * @inode: inode structure representing file 2387 * @file: "load2" file pointer 2388 * 2389 * For reading, use load2_seq_* seq_file reading operations. 2390 */ 2391 static int smk_open_load2(struct inode *inode, struct file *file) 2392 { 2393 return seq_open(file, &load2_seq_ops); 2394 } 2395 2396 /** 2397 * smk_write_load2 - write() for /smack/load2 2398 * @file: file pointer, not actually used 2399 * @buf: where to get the data from 2400 * @count: bytes sent 2401 * @ppos: where to start - must be 0 2402 * 2403 */ 2404 static ssize_t smk_write_load2(struct file *file, const char __user *buf, 2405 size_t count, loff_t *ppos) 2406 { 2407 /* 2408 * Must have privilege. 2409 */ 2410 if (!smack_privileged(CAP_MAC_ADMIN)) 2411 return -EPERM; 2412 2413 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL, 2414 SMK_LONG_FMT); 2415 } 2416 2417 static const struct file_operations smk_load2_ops = { 2418 .open = smk_open_load2, 2419 .read = seq_read, 2420 .llseek = seq_lseek, 2421 .write = smk_write_load2, 2422 .release = seq_release, 2423 }; 2424 2425 /* 2426 * Seq_file read operations for /smack/load-self2 2427 */ 2428 2429 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos) 2430 { 2431 struct task_smack *tsp = current_security(); 2432 2433 return smk_seq_start(s, pos, &tsp->smk_rules); 2434 } 2435 2436 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos) 2437 { 2438 struct task_smack *tsp = current_security(); 2439 2440 return smk_seq_next(s, v, pos, &tsp->smk_rules); 2441 } 2442 2443 static int load_self2_seq_show(struct seq_file *s, void *v) 2444 { 2445 struct list_head *list = v; 2446 struct smack_rule *srp = 2447 list_entry_rcu(list, struct smack_rule, list); 2448 2449 smk_rule_show(s, srp, SMK_LONGLABEL); 2450 2451 return 0; 2452 } 2453 2454 static const struct seq_operations load_self2_seq_ops = { 2455 .start = load_self2_seq_start, 2456 .next = load_self2_seq_next, 2457 .show = load_self2_seq_show, 2458 .stop = smk_seq_stop, 2459 }; 2460 2461 /** 2462 * smk_open_load_self2 - open() for /smack/load-self2 2463 * @inode: inode structure representing file 2464 * @file: "load" file pointer 2465 * 2466 * For reading, use load_seq_* seq_file reading operations. 2467 */ 2468 static int smk_open_load_self2(struct inode *inode, struct file *file) 2469 { 2470 return seq_open(file, &load_self2_seq_ops); 2471 } 2472 2473 /** 2474 * smk_write_load_self2 - write() for /smack/load-self2 2475 * @file: file pointer, not actually used 2476 * @buf: where to get the data from 2477 * @count: bytes sent 2478 * @ppos: where to start - must be 0 2479 * 2480 */ 2481 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf, 2482 size_t count, loff_t *ppos) 2483 { 2484 struct task_smack *tsp = current_security(); 2485 2486 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, 2487 &tsp->smk_rules_lock, SMK_LONG_FMT); 2488 } 2489 2490 static const struct file_operations smk_load_self2_ops = { 2491 .open = smk_open_load_self2, 2492 .read = seq_read, 2493 .llseek = seq_lseek, 2494 .write = smk_write_load_self2, 2495 .release = seq_release, 2496 }; 2497 2498 /** 2499 * smk_write_access2 - handle access check transaction 2500 * @file: file pointer 2501 * @buf: data from user space 2502 * @count: bytes sent 2503 * @ppos: where to start - must be 0 2504 */ 2505 static ssize_t smk_write_access2(struct file *file, const char __user *buf, 2506 size_t count, loff_t *ppos) 2507 { 2508 return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT); 2509 } 2510 2511 static const struct file_operations smk_access2_ops = { 2512 .write = smk_write_access2, 2513 .read = simple_transaction_read, 2514 .release = simple_transaction_release, 2515 .llseek = generic_file_llseek, 2516 }; 2517 2518 /** 2519 * smk_write_revoke_subj - write() for /smack/revoke-subject 2520 * @file: file pointer 2521 * @buf: data from user space 2522 * @count: bytes sent 2523 * @ppos: where to start - must be 0 2524 */ 2525 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf, 2526 size_t count, loff_t *ppos) 2527 { 2528 char *data; 2529 const char *cp; 2530 struct smack_known *skp; 2531 struct smack_rule *sp; 2532 struct list_head *rule_list; 2533 struct mutex *rule_lock; 2534 int rc = count; 2535 2536 if (*ppos != 0) 2537 return -EINVAL; 2538 2539 if (!smack_privileged(CAP_MAC_ADMIN)) 2540 return -EPERM; 2541 2542 if (count == 0 || count > SMK_LONGLABEL) 2543 return -EINVAL; 2544 2545 data = kzalloc(count, GFP_KERNEL); 2546 if (data == NULL) 2547 return -ENOMEM; 2548 2549 if (copy_from_user(data, buf, count) != 0) { 2550 rc = -EFAULT; 2551 goto out_data; 2552 } 2553 2554 cp = smk_parse_smack(data, count); 2555 if (IS_ERR(cp)) { 2556 rc = PTR_ERR(cp); 2557 goto out_data; 2558 } 2559 2560 skp = smk_find_entry(cp); 2561 if (skp == NULL) 2562 goto out_cp; 2563 2564 rule_list = &skp->smk_rules; 2565 rule_lock = &skp->smk_rules_lock; 2566 2567 mutex_lock(rule_lock); 2568 2569 list_for_each_entry_rcu(sp, rule_list, list) 2570 sp->smk_access = 0; 2571 2572 mutex_unlock(rule_lock); 2573 2574 out_cp: 2575 kfree(cp); 2576 out_data: 2577 kfree(data); 2578 2579 return rc; 2580 } 2581 2582 static const struct file_operations smk_revoke_subj_ops = { 2583 .write = smk_write_revoke_subj, 2584 .read = simple_transaction_read, 2585 .release = simple_transaction_release, 2586 .llseek = generic_file_llseek, 2587 }; 2588 2589 /** 2590 * smk_init_sysfs - initialize /sys/fs/smackfs 2591 * 2592 */ 2593 static int smk_init_sysfs(void) 2594 { 2595 return sysfs_create_mount_point(fs_kobj, "smackfs"); 2596 } 2597 2598 /** 2599 * smk_write_change_rule - write() for /smack/change-rule 2600 * @file: file pointer 2601 * @buf: data from user space 2602 * @count: bytes sent 2603 * @ppos: where to start - must be 0 2604 */ 2605 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf, 2606 size_t count, loff_t *ppos) 2607 { 2608 /* 2609 * Must have privilege. 2610 */ 2611 if (!smack_privileged(CAP_MAC_ADMIN)) 2612 return -EPERM; 2613 2614 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL, 2615 SMK_CHANGE_FMT); 2616 } 2617 2618 static const struct file_operations smk_change_rule_ops = { 2619 .write = smk_write_change_rule, 2620 .read = simple_transaction_read, 2621 .release = simple_transaction_release, 2622 .llseek = generic_file_llseek, 2623 }; 2624 2625 /** 2626 * smk_read_syslog - read() for smackfs/syslog 2627 * @filp: file pointer, not actually used 2628 * @buf: where to put the result 2629 * @cn: maximum to send along 2630 * @ppos: where to start 2631 * 2632 * Returns number of bytes read or error code, as appropriate 2633 */ 2634 static ssize_t smk_read_syslog(struct file *filp, char __user *buf, 2635 size_t cn, loff_t *ppos) 2636 { 2637 struct smack_known *skp; 2638 ssize_t rc = -EINVAL; 2639 int asize; 2640 2641 if (*ppos != 0) 2642 return 0; 2643 2644 if (smack_syslog_label == NULL) 2645 skp = &smack_known_star; 2646 else 2647 skp = smack_syslog_label; 2648 2649 asize = strlen(skp->smk_known) + 1; 2650 2651 if (cn >= asize) 2652 rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known, 2653 asize); 2654 2655 return rc; 2656 } 2657 2658 /** 2659 * smk_write_syslog - write() for smackfs/syslog 2660 * @file: file pointer, not actually used 2661 * @buf: where to get the data from 2662 * @count: bytes sent 2663 * @ppos: where to start 2664 * 2665 * Returns number of bytes written or error code, as appropriate 2666 */ 2667 static ssize_t smk_write_syslog(struct file *file, const char __user *buf, 2668 size_t count, loff_t *ppos) 2669 { 2670 char *data; 2671 struct smack_known *skp; 2672 int rc = count; 2673 2674 if (!smack_privileged(CAP_MAC_ADMIN)) 2675 return -EPERM; 2676 2677 data = kzalloc(count + 1, GFP_KERNEL); 2678 if (data == NULL) 2679 return -ENOMEM; 2680 2681 if (copy_from_user(data, buf, count) != 0) 2682 rc = -EFAULT; 2683 else { 2684 skp = smk_import_entry(data, count); 2685 if (IS_ERR(skp)) 2686 rc = PTR_ERR(skp); 2687 else 2688 smack_syslog_label = skp; 2689 } 2690 2691 kfree(data); 2692 return rc; 2693 } 2694 2695 static const struct file_operations smk_syslog_ops = { 2696 .read = smk_read_syslog, 2697 .write = smk_write_syslog, 2698 .llseek = default_llseek, 2699 }; 2700 2701 2702 /** 2703 * smk_read_ptrace - read() for /smack/ptrace 2704 * @filp: file pointer, not actually used 2705 * @buf: where to put the result 2706 * @count: maximum to send along 2707 * @ppos: where to start 2708 * 2709 * Returns number of bytes read or error code, as appropriate 2710 */ 2711 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf, 2712 size_t count, loff_t *ppos) 2713 { 2714 char temp[32]; 2715 ssize_t rc; 2716 2717 if (*ppos != 0) 2718 return 0; 2719 2720 sprintf(temp, "%d\n", smack_ptrace_rule); 2721 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 2722 return rc; 2723 } 2724 2725 /** 2726 * smk_write_ptrace - write() for /smack/ptrace 2727 * @file: file pointer 2728 * @buf: data from user space 2729 * @count: bytes sent 2730 * @ppos: where to start - must be 0 2731 */ 2732 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf, 2733 size_t count, loff_t *ppos) 2734 { 2735 char temp[32]; 2736 int i; 2737 2738 if (!smack_privileged(CAP_MAC_ADMIN)) 2739 return -EPERM; 2740 2741 if (*ppos != 0 || count >= sizeof(temp) || count == 0) 2742 return -EINVAL; 2743 2744 if (copy_from_user(temp, buf, count) != 0) 2745 return -EFAULT; 2746 2747 temp[count] = '\0'; 2748 2749 if (sscanf(temp, "%d", &i) != 1) 2750 return -EINVAL; 2751 if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX) 2752 return -EINVAL; 2753 smack_ptrace_rule = i; 2754 2755 return count; 2756 } 2757 2758 static const struct file_operations smk_ptrace_ops = { 2759 .write = smk_write_ptrace, 2760 .read = smk_read_ptrace, 2761 .llseek = default_llseek, 2762 }; 2763 2764 /** 2765 * smk_fill_super - fill the smackfs superblock 2766 * @sb: the empty superblock 2767 * @data: unused 2768 * @silent: unused 2769 * 2770 * Fill in the well known entries for the smack filesystem 2771 * 2772 * Returns 0 on success, an error code on failure 2773 */ 2774 static int smk_fill_super(struct super_block *sb, void *data, int silent) 2775 { 2776 int rc; 2777 struct inode *root_inode; 2778 2779 static struct tree_descr smack_files[] = { 2780 [SMK_LOAD] = { 2781 "load", &smk_load_ops, S_IRUGO|S_IWUSR}, 2782 [SMK_CIPSO] = { 2783 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 2784 [SMK_DOI] = { 2785 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 2786 [SMK_DIRECT] = { 2787 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 2788 [SMK_AMBIENT] = { 2789 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 2790 [SMK_NET4ADDR] = { 2791 "netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR}, 2792 [SMK_ONLYCAP] = { 2793 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 2794 [SMK_LOGGING] = { 2795 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, 2796 [SMK_LOAD_SELF] = { 2797 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO}, 2798 [SMK_ACCESSES] = { 2799 "access", &smk_access_ops, S_IRUGO|S_IWUGO}, 2800 [SMK_MAPPED] = { 2801 "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR}, 2802 [SMK_LOAD2] = { 2803 "load2", &smk_load2_ops, S_IRUGO|S_IWUSR}, 2804 [SMK_LOAD_SELF2] = { 2805 "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO}, 2806 [SMK_ACCESS2] = { 2807 "access2", &smk_access2_ops, S_IRUGO|S_IWUGO}, 2808 [SMK_CIPSO2] = { 2809 "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR}, 2810 [SMK_REVOKE_SUBJ] = { 2811 "revoke-subject", &smk_revoke_subj_ops, 2812 S_IRUGO|S_IWUSR}, 2813 [SMK_CHANGE_RULE] = { 2814 "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR}, 2815 [SMK_SYSLOG] = { 2816 "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR}, 2817 [SMK_PTRACE] = { 2818 "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR}, 2819 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 2820 [SMK_UNCONFINED] = { 2821 "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR}, 2822 #endif 2823 #if IS_ENABLED(CONFIG_IPV6) 2824 [SMK_NET6ADDR] = { 2825 "ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR}, 2826 #endif /* CONFIG_IPV6 */ 2827 /* last one */ 2828 {""} 2829 }; 2830 2831 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 2832 if (rc != 0) { 2833 printk(KERN_ERR "%s failed %d while creating inodes\n", 2834 __func__, rc); 2835 return rc; 2836 } 2837 2838 root_inode = d_inode(sb->s_root); 2839 2840 return 0; 2841 } 2842 2843 /** 2844 * smk_mount - get the smackfs superblock 2845 * @fs_type: passed along without comment 2846 * @flags: passed along without comment 2847 * @dev_name: passed along without comment 2848 * @data: passed along without comment 2849 * 2850 * Just passes everything along. 2851 * 2852 * Returns what the lower level code does. 2853 */ 2854 static struct dentry *smk_mount(struct file_system_type *fs_type, 2855 int flags, const char *dev_name, void *data) 2856 { 2857 return mount_single(fs_type, flags, data, smk_fill_super); 2858 } 2859 2860 static struct file_system_type smk_fs_type = { 2861 .name = "smackfs", 2862 .mount = smk_mount, 2863 .kill_sb = kill_litter_super, 2864 }; 2865 2866 static struct vfsmount *smackfs_mount; 2867 2868 static int __init smk_preset_netlabel(struct smack_known *skp) 2869 { 2870 skp->smk_netlabel.domain = skp->smk_known; 2871 skp->smk_netlabel.flags = 2872 NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; 2873 return smk_netlbl_mls(smack_cipso_direct, skp->smk_known, 2874 &skp->smk_netlabel, strlen(skp->smk_known)); 2875 } 2876 2877 /** 2878 * init_smk_fs - get the smackfs superblock 2879 * 2880 * register the smackfs 2881 * 2882 * Do not register smackfs if Smack wasn't enabled 2883 * on boot. We can not put this method normally under the 2884 * smack_init() code path since the security subsystem get 2885 * initialized before the vfs caches. 2886 * 2887 * Returns true if we were not chosen on boot or if 2888 * we were chosen and filesystem registration succeeded. 2889 */ 2890 static int __init init_smk_fs(void) 2891 { 2892 int err; 2893 int rc; 2894 2895 if (!security_module_enable("smack")) 2896 return 0; 2897 2898 err = smk_init_sysfs(); 2899 if (err) 2900 printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n"); 2901 2902 err = register_filesystem(&smk_fs_type); 2903 if (!err) { 2904 smackfs_mount = kern_mount(&smk_fs_type); 2905 if (IS_ERR(smackfs_mount)) { 2906 printk(KERN_ERR "smackfs: could not mount!\n"); 2907 err = PTR_ERR(smackfs_mount); 2908 smackfs_mount = NULL; 2909 } 2910 } 2911 2912 smk_cipso_doi(); 2913 smk_unlbl_ambient(NULL); 2914 2915 rc = smk_preset_netlabel(&smack_known_floor); 2916 if (err == 0 && rc < 0) 2917 err = rc; 2918 rc = smk_preset_netlabel(&smack_known_hat); 2919 if (err == 0 && rc < 0) 2920 err = rc; 2921 rc = smk_preset_netlabel(&smack_known_huh); 2922 if (err == 0 && rc < 0) 2923 err = rc; 2924 rc = smk_preset_netlabel(&smack_known_invalid); 2925 if (err == 0 && rc < 0) 2926 err = rc; 2927 rc = smk_preset_netlabel(&smack_known_star); 2928 if (err == 0 && rc < 0) 2929 err = rc; 2930 rc = smk_preset_netlabel(&smack_known_web); 2931 if (err == 0 && rc < 0) 2932 err = rc; 2933 2934 return err; 2935 } 2936 2937 __initcall(init_smk_fs); 2938