1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
4 *
5 * Authors:
6 * Casey Schaufler <casey@schaufler-ca.com>
7 * Ahmed S. Darwish <darwish.07@gmail.com>
8 *
9 * Special thanks to the authors of selinuxfs.
10 *
11 * Karl MacMillan <kmacmillan@tresys.com>
12 * James Morris <jmorris@redhat.com>
13 */
14
15 #include <linux/kernel.h>
16 #include <linux/vmalloc.h>
17 #include <linux/security.h>
18 #include <linux/mutex.h>
19 #include <linux/slab.h>
20 #include <net/net_namespace.h>
21 #include <net/cipso_ipv4.h>
22 #include <linux/seq_file.h>
23 #include <linux/ctype.h>
24 #include <linux/audit.h>
25 #include <linux/magic.h>
26 #include <linux/mount.h>
27 #include <linux/fs_context.h>
28 #include "smack.h"
29
30 #define BEBITS (sizeof(__be32) * 8)
31 /*
32 * smackfs pseudo filesystem.
33 */
34
35 enum smk_inos {
36 SMK_ROOT_INO = 2,
37 SMK_LOAD = 3, /* load policy */
38 SMK_CIPSO = 4, /* load label -> CIPSO mapping */
39 SMK_DOI = 5, /* CIPSO DOI */
40 SMK_DIRECT = 6, /* CIPSO level indicating direct label */
41 SMK_AMBIENT = 7, /* internet ambient label */
42 SMK_NET4ADDR = 8, /* single label hosts */
43 SMK_ONLYCAP = 9, /* the only "capable" label */
44 #ifdef CONFIG_AUDIT
45 SMK_LOGGING = 10, /* logging */
46 #endif /* CONFIG_AUDIT */
47 SMK_LOAD_SELF = 11, /* task specific rules */
48 SMK_ACCESSES = 12, /* access policy */
49 SMK_MAPPED = 13, /* CIPSO level indicating mapped label */
50 SMK_LOAD2 = 14, /* load policy with long labels */
51 SMK_LOAD_SELF2 = 15, /* load task specific rules with long labels */
52 SMK_ACCESS2 = 16, /* make an access check with long labels */
53 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */
54 SMK_REVOKE_SUBJ = 18, /* set rules with subject label to '-' */
55 SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */
56 SMK_SYSLOG = 20, /* change syslog label) */
57 SMK_PTRACE = 21, /* set ptrace rule */
58 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
59 SMK_UNCONFINED = 22, /* define an unconfined label */
60 #endif
61 #if IS_ENABLED(CONFIG_IPV6)
62 SMK_NET6ADDR = 23, /* single label IPv6 hosts */
63 #endif /* CONFIG_IPV6 */
64 SMK_RELABEL_SELF = 24, /* relabel possible without CAP_MAC_ADMIN */
65 };
66
67 /*
68 * List locks
69 */
70 static DEFINE_MUTEX(smack_cipso_lock);
71 static DEFINE_MUTEX(smack_ambient_lock);
72 static DEFINE_MUTEX(smk_net4addr_lock);
73 #if IS_ENABLED(CONFIG_IPV6)
74 static DEFINE_MUTEX(smk_net6addr_lock);
75 #endif /* CONFIG_IPV6 */
76
77 /*
78 * This is the "ambient" label for network traffic.
79 * If it isn't somehow marked, use this.
80 * It can be reset via smackfs/ambient
81 */
82 struct smack_known *smack_net_ambient;
83
84 /*
85 * This is the level in a CIPSO header that indicates a
86 * smack label is contained directly in the category set.
87 * It can be reset via smackfs/direct
88 */
89 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
90
91 /*
92 * This is the level in a CIPSO header that indicates a
93 * secid is contained directly in the category set.
94 * It can be reset via smackfs/mapped
95 */
96 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
97
98 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
99 /*
100 * Allow one label to be unconfined. This is for
101 * debugging and application bring-up purposes only.
102 * It is bad and wrong, but everyone seems to expect
103 * to have it.
104 */
105 struct smack_known *smack_unconfined;
106 #endif
107
108 /*
109 * If this value is set restrict syslog use to the label specified.
110 * It can be reset via smackfs/syslog
111 */
112 struct smack_known *smack_syslog_label;
113
114 /*
115 * Ptrace current rule
116 * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based)
117 * SMACK_PTRACE_EXACT labels must match, but can be overriden with
118 * CAP_SYS_PTRACE
119 * SMACK_PTRACE_DRACONIAN labels must match, CAP_SYS_PTRACE has no effect
120 */
121 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
122
123 /*
124 * Certain IP addresses may be designated as single label hosts.
125 * Packets are sent there unlabeled, but only from tasks that
126 * can write to the specified label.
127 */
128
129 LIST_HEAD(smk_net4addr_list);
130 #if IS_ENABLED(CONFIG_IPV6)
131 LIST_HEAD(smk_net6addr_list);
132 #endif /* CONFIG_IPV6 */
133
134 /*
135 * Rule lists are maintained for each label.
136 */
137 struct smack_parsed_rule {
138 struct smack_known *smk_subject;
139 struct smack_known *smk_object;
140 int smk_access1;
141 int smk_access2;
142 };
143
144 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
145
146 /*
147 * Values for parsing cipso rules
148 * SMK_DIGITLEN: Length of a digit field in a rule.
149 * SMK_CIPSOMIN: Minimum possible cipso rule length.
150 * SMK_CIPSOMAX: Maximum possible cipso rule length.
151 */
152 #define SMK_DIGITLEN 4
153 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
154 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
155
156 /*
157 * Values for parsing MAC rules
158 * SMK_ACCESS: Maximum possible combination of access permissions
159 * SMK_ACCESSLEN: Maximum length for a rule access field
160 * SMK_LOADLEN: Smack rule length
161 */
162 #define SMK_OACCESS "rwxa"
163 #define SMK_ACCESS "rwxatl"
164 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1)
165 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
166 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
167 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
168
169 /*
170 * Strictly for CIPSO level manipulation.
171 * Set the category bit number in a smack label sized buffer.
172 */
smack_catset_bit(unsigned int cat,char * catsetp)173 static inline void smack_catset_bit(unsigned int cat, char *catsetp)
174 {
175 if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
176 return;
177
178 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
179 }
180
181 /**
182 * smk_netlabel_audit_set - fill a netlbl_audit struct
183 * @nap: structure to fill
184 */
smk_netlabel_audit_set(struct netlbl_audit * nap)185 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
186 {
187 nap->loginuid = audit_get_loginuid(current);
188 nap->sessionid = audit_get_sessionid(current);
189 nap->prop.smack.skp = smk_of_current();
190 }
191
192 /*
193 * Value for parsing single label host rules
194 * "1.2.3.4 X"
195 */
196 #define SMK_NETLBLADDRMIN 9
197
198 /**
199 * smk_set_access - add a rule to the rule list or replace an old rule
200 * @srp: the rule to add or replace
201 * @rule_list: the list of rules
202 * @rule_lock: the rule list lock
203 *
204 * Looks through the current subject/object/access list for
205 * the subject/object pair and replaces the access that was
206 * there. If the pair isn't found add it with the specified
207 * access.
208 *
209 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
210 * during the allocation of the new pair to add.
211 */
smk_set_access(struct smack_parsed_rule * srp,struct list_head * rule_list,struct mutex * rule_lock)212 static int smk_set_access(struct smack_parsed_rule *srp,
213 struct list_head *rule_list,
214 struct mutex *rule_lock)
215 {
216 struct smack_rule *sp;
217 int found = 0;
218 int rc = 0;
219
220 mutex_lock(rule_lock);
221
222 /*
223 * Because the object label is less likely to match
224 * than the subject label check it first
225 */
226 list_for_each_entry_rcu(sp, rule_list, list) {
227 if (sp->smk_object == srp->smk_object &&
228 sp->smk_subject == srp->smk_subject) {
229 found = 1;
230 sp->smk_access |= srp->smk_access1;
231 sp->smk_access &= ~srp->smk_access2;
232 break;
233 }
234 }
235
236 if (found == 0) {
237 sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
238 if (sp == NULL) {
239 rc = -ENOMEM;
240 goto out;
241 }
242
243 sp->smk_subject = srp->smk_subject;
244 sp->smk_object = srp->smk_object;
245 sp->smk_access = srp->smk_access1 & ~srp->smk_access2;
246
247 list_add_rcu(&sp->list, rule_list);
248 }
249
250 out:
251 mutex_unlock(rule_lock);
252 return rc;
253 }
254
255 /**
256 * smk_perm_from_str - parse smack accesses from a text string
257 * @string: a text string that contains a Smack accesses code
258 *
259 * Returns an integer with respective bits set for specified accesses.
260 */
smk_perm_from_str(const char * string)261 static int smk_perm_from_str(const char *string)
262 {
263 int perm = 0;
264 const char *cp;
265
266 for (cp = string; ; cp++)
267 switch (*cp) {
268 case '-':
269 break;
270 case 'r':
271 case 'R':
272 perm |= MAY_READ;
273 break;
274 case 'w':
275 case 'W':
276 perm |= MAY_WRITE;
277 break;
278 case 'x':
279 case 'X':
280 perm |= MAY_EXEC;
281 break;
282 case 'a':
283 case 'A':
284 perm |= MAY_APPEND;
285 break;
286 case 't':
287 case 'T':
288 perm |= MAY_TRANSMUTE;
289 break;
290 case 'l':
291 case 'L':
292 perm |= MAY_LOCK;
293 break;
294 case 'b':
295 case 'B':
296 perm |= MAY_BRINGUP;
297 break;
298 default:
299 return perm;
300 }
301 }
302
303 /**
304 * smk_fill_rule - Fill Smack rule from strings
305 * @subject: subject label string
306 * @object: object label string
307 * @access1: access string
308 * @access2: string with permissions to be removed
309 * @rule: Smack rule
310 * @import: if non-zero, import labels
311 * @len: label length limit
312 *
313 * Returns 0 on success, appropriate error code on failure.
314 */
smk_fill_rule(const char * subject,const char * object,const char * access1,const char * access2,struct smack_parsed_rule * rule,int import,int len)315 static int smk_fill_rule(const char *subject, const char *object,
316 const char *access1, const char *access2,
317 struct smack_parsed_rule *rule, int import,
318 int len)
319 {
320 const char *cp;
321 struct smack_known *skp;
322
323 if (import) {
324 rule->smk_subject = smk_import_entry(subject, len);
325 if (IS_ERR(rule->smk_subject))
326 return PTR_ERR(rule->smk_subject);
327
328 rule->smk_object = smk_import_entry(object, len);
329 if (IS_ERR(rule->smk_object))
330 return PTR_ERR(rule->smk_object);
331 } else {
332 cp = smk_parse_smack(subject, len);
333 if (IS_ERR(cp))
334 return PTR_ERR(cp);
335 skp = smk_find_entry(cp);
336 kfree(cp);
337 if (skp == NULL)
338 return -ENOENT;
339 rule->smk_subject = skp;
340
341 cp = smk_parse_smack(object, len);
342 if (IS_ERR(cp))
343 return PTR_ERR(cp);
344 skp = smk_find_entry(cp);
345 kfree(cp);
346 if (skp == NULL)
347 return -ENOENT;
348 rule->smk_object = skp;
349 }
350
351 rule->smk_access1 = smk_perm_from_str(access1);
352 if (access2)
353 rule->smk_access2 = smk_perm_from_str(access2);
354 else
355 rule->smk_access2 = ~rule->smk_access1;
356
357 return 0;
358 }
359
360 /**
361 * smk_parse_rule - parse Smack rule from load string
362 * @data: string to be parsed whose size is SMK_LOADLEN
363 * @rule: Smack rule
364 * @import: if non-zero, import labels
365 *
366 * Returns 0 on success, -1 on errors.
367 */
smk_parse_rule(const char * data,struct smack_parsed_rule * rule,int import)368 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
369 int import)
370 {
371 int rc;
372
373 rc = smk_fill_rule(data, data + SMK_LABELLEN,
374 data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule,
375 import, SMK_LABELLEN);
376 return rc;
377 }
378
379 /**
380 * smk_parse_long_rule - parse Smack rule from rule string
381 * @data: string to be parsed, null terminated
382 * @rule: Will be filled with Smack parsed rule
383 * @import: if non-zero, import labels
384 * @tokens: number of substrings expected in data
385 *
386 * Returns number of processed bytes on success, -ERRNO on failure.
387 */
smk_parse_long_rule(char * data,struct smack_parsed_rule * rule,int import,int tokens)388 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
389 int import, int tokens)
390 {
391 ssize_t cnt = 0;
392 char *tok[4];
393 int rc;
394 int i;
395
396 /*
397 * Parsing the rule in-place, filling all white-spaces with '\0'
398 */
399 for (i = 0; i < tokens; ++i) {
400 while (isspace(data[cnt]))
401 data[cnt++] = '\0';
402
403 if (data[cnt] == '\0')
404 /* Unexpected end of data */
405 return -EINVAL;
406
407 tok[i] = data + cnt;
408
409 while (data[cnt] && !isspace(data[cnt]))
410 ++cnt;
411 }
412 while (isspace(data[cnt]))
413 data[cnt++] = '\0';
414
415 while (i < 4)
416 tok[i++] = NULL;
417
418 rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
419 return rc == 0 ? cnt : rc;
420 }
421
422 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */
423 #define SMK_LONG_FMT 1 /* Variable long label format */
424 #define SMK_CHANGE_FMT 2 /* Rule modification format */
425 /**
426 * smk_write_rules_list - write() for any /smack rule file
427 * @file: file pointer, not actually used
428 * @buf: where to get the data from
429 * @count: bytes sent
430 * @ppos: where to start - must be 0
431 * @rule_list: the list of rules to write to
432 * @rule_lock: lock for the rule list
433 * @format: /smack/load or /smack/load2 or /smack/change-rule format.
434 *
435 * Get one smack access rule from above.
436 * The format for SMK_LONG_FMT is:
437 * "subject<whitespace>object<whitespace>access[<whitespace>...]"
438 * The format for SMK_FIXED24_FMT is exactly:
439 * "subject object rwxat"
440 * The format for SMK_CHANGE_FMT is:
441 * "subject<whitespace>object<whitespace>
442 * acc_enable<whitespace>acc_disable[<whitespace>...]"
443 */
smk_write_rules_list(struct file * file,const char __user * buf,size_t count,loff_t * ppos,struct list_head * rule_list,struct mutex * rule_lock,int format)444 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
445 size_t count, loff_t *ppos,
446 struct list_head *rule_list,
447 struct mutex *rule_lock, int format)
448 {
449 struct smack_parsed_rule rule;
450 char *data;
451 int rc;
452 int trunc = 0;
453 int tokens;
454 ssize_t cnt = 0;
455
456 /*
457 * No partial writes.
458 * Enough data must be present.
459 */
460 if (*ppos != 0)
461 return -EINVAL;
462
463 if (format == SMK_FIXED24_FMT) {
464 /*
465 * Minor hack for backward compatibility
466 */
467 if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
468 return -EINVAL;
469 } else {
470 if (count >= PAGE_SIZE) {
471 count = PAGE_SIZE - 1;
472 trunc = 1;
473 }
474 }
475
476 data = memdup_user_nul(buf, count);
477 if (IS_ERR(data))
478 return PTR_ERR(data);
479
480 /*
481 * In case of parsing only part of user buf,
482 * avoid having partial rule at the data buffer
483 */
484 if (trunc) {
485 while (count > 0 && (data[count - 1] != '\n'))
486 --count;
487 if (count == 0) {
488 rc = -EINVAL;
489 goto out;
490 }
491 }
492
493 data[count] = '\0';
494 tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
495 while (cnt < count) {
496 if (format == SMK_FIXED24_FMT) {
497 rc = smk_parse_rule(data, &rule, 1);
498 if (rc < 0)
499 goto out;
500 cnt = count;
501 } else {
502 rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
503 if (rc < 0)
504 goto out;
505 if (rc == 0) {
506 rc = -EINVAL;
507 goto out;
508 }
509 cnt += rc;
510 }
511
512 if (rule_list == NULL)
513 rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
514 &rule.smk_subject->smk_rules_lock);
515 else
516 rc = smk_set_access(&rule, rule_list, rule_lock);
517
518 if (rc)
519 goto out;
520 }
521
522 rc = cnt;
523 out:
524 kfree(data);
525 return rc;
526 }
527
528 /*
529 * Core logic for smackfs seq list operations.
530 */
531
smk_seq_start(struct seq_file * s,loff_t * pos,struct list_head * head)532 static void *smk_seq_start(struct seq_file *s, loff_t *pos,
533 struct list_head *head)
534 {
535 struct list_head *list;
536 int i = *pos;
537
538 rcu_read_lock();
539 for (list = rcu_dereference(list_next_rcu(head));
540 list != head;
541 list = rcu_dereference(list_next_rcu(list))) {
542 if (i-- == 0)
543 return list;
544 }
545
546 return NULL;
547 }
548
smk_seq_next(struct seq_file * s,void * v,loff_t * pos,struct list_head * head)549 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
550 struct list_head *head)
551 {
552 struct list_head *list = v;
553
554 ++*pos;
555 list = rcu_dereference(list_next_rcu(list));
556
557 return (list == head) ? NULL : list;
558 }
559
smk_seq_stop(struct seq_file * s,void * v)560 static void smk_seq_stop(struct seq_file *s, void *v)
561 {
562 rcu_read_unlock();
563 }
564
smk_rule_show(struct seq_file * s,struct smack_rule * srp,int max)565 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
566 {
567 char acc[SMK_NUM_ACCESS_TYPE + 1];
568 /*
569 * Don't show any rules with label names too long for
570 * interface file (/smack/load or /smack/load2)
571 * because you should expect to be able to write
572 * anything you read back.
573 */
574 if (strlen(srp->smk_subject->smk_known) >= max ||
575 strlen(srp->smk_object->smk_known) >= max)
576 return;
577
578 if (srp->smk_access == 0)
579 return;
580
581 smack_str_from_perm(acc, srp->smk_access);
582 seq_printf(s, "%s %s %s\n",
583 srp->smk_subject->smk_known,
584 srp->smk_object->smk_known,
585 acc);
586 }
587
588 /*
589 * Seq_file read operations for /smack/load
590 */
591
load2_seq_start(struct seq_file * s,loff_t * pos)592 static void *load2_seq_start(struct seq_file *s, loff_t *pos)
593 {
594 return smk_seq_start(s, pos, &smack_known_list);
595 }
596
load2_seq_next(struct seq_file * s,void * v,loff_t * pos)597 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
598 {
599 return smk_seq_next(s, v, pos, &smack_known_list);
600 }
601
load_seq_show(struct seq_file * s,void * v)602 static int load_seq_show(struct seq_file *s, void *v)
603 {
604 struct list_head *list = v;
605 struct smack_rule *srp;
606 struct smack_known *skp =
607 list_entry_rcu(list, struct smack_known, list);
608
609 list_for_each_entry_rcu(srp, &skp->smk_rules, list)
610 smk_rule_show(s, srp, SMK_LABELLEN);
611
612 return 0;
613 }
614
615 static const struct seq_operations load_seq_ops = {
616 .start = load2_seq_start,
617 .next = load2_seq_next,
618 .show = load_seq_show,
619 .stop = smk_seq_stop,
620 };
621
622 /**
623 * smk_open_load - open() for /smack/load
624 * @inode: inode structure representing file
625 * @file: "load" file pointer
626 *
627 * For reading, use load_seq_* seq_file reading operations.
628 */
smk_open_load(struct inode * inode,struct file * file)629 static int smk_open_load(struct inode *inode, struct file *file)
630 {
631 return seq_open(file, &load_seq_ops);
632 }
633
634 /**
635 * smk_write_load - write() for /smack/load
636 * @file: file pointer, not actually used
637 * @buf: where to get the data from
638 * @count: bytes sent
639 * @ppos: where to start - must be 0
640 *
641 */
smk_write_load(struct file * file,const char __user * buf,size_t count,loff_t * ppos)642 static ssize_t smk_write_load(struct file *file, const char __user *buf,
643 size_t count, loff_t *ppos)
644 {
645 /*
646 * Must have privilege.
647 * No partial writes.
648 * Enough data must be present.
649 */
650 if (!smack_privileged(CAP_MAC_ADMIN))
651 return -EPERM;
652
653 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
654 SMK_FIXED24_FMT);
655 }
656
657 static const struct file_operations smk_load_ops = {
658 .open = smk_open_load,
659 .read = seq_read,
660 .llseek = seq_lseek,
661 .write = smk_write_load,
662 .release = seq_release,
663 };
664
665 /**
666 * smk_cipso_doi - initialize the CIPSO domain
667 */
smk_cipso_doi(void)668 static void smk_cipso_doi(void)
669 {
670 int rc;
671 struct cipso_v4_doi *doip;
672 struct netlbl_audit nai;
673
674 smk_netlabel_audit_set(&nai);
675
676 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
677 if (rc != 0)
678 printk(KERN_WARNING "%s:%d remove rc = %d\n",
679 __func__, __LINE__, rc);
680
681 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL | __GFP_NOFAIL);
682 doip->map.std = NULL;
683 doip->doi = smk_cipso_doi_value;
684 doip->type = CIPSO_V4_MAP_PASS;
685 doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
686 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
687 doip->tags[rc] = CIPSO_V4_TAG_INVALID;
688
689 rc = netlbl_cfg_cipsov4_add(doip, &nai);
690 if (rc != 0) {
691 printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
692 __func__, __LINE__, rc);
693 kfree(doip);
694 return;
695 }
696 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
697 if (rc != 0) {
698 printk(KERN_WARNING "%s:%d map add rc = %d\n",
699 __func__, __LINE__, rc);
700 netlbl_cfg_cipsov4_del(doip->doi, &nai);
701 return;
702 }
703 }
704
705 /**
706 * smk_unlbl_ambient - initialize the unlabeled domain
707 * @oldambient: previous domain string
708 */
smk_unlbl_ambient(char * oldambient)709 static void smk_unlbl_ambient(char *oldambient)
710 {
711 int rc;
712 struct netlbl_audit nai;
713
714 smk_netlabel_audit_set(&nai);
715
716 if (oldambient != NULL) {
717 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
718 if (rc != 0)
719 printk(KERN_WARNING "%s:%d remove rc = %d\n",
720 __func__, __LINE__, rc);
721 }
722 if (smack_net_ambient == NULL)
723 smack_net_ambient = &smack_known_floor;
724
725 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
726 NULL, NULL, &nai);
727 if (rc != 0)
728 printk(KERN_WARNING "%s:%d add rc = %d\n",
729 __func__, __LINE__, rc);
730 }
731
732 /*
733 * Seq_file read operations for /smack/cipso
734 */
735
cipso_seq_start(struct seq_file * s,loff_t * pos)736 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
737 {
738 return smk_seq_start(s, pos, &smack_known_list);
739 }
740
cipso_seq_next(struct seq_file * s,void * v,loff_t * pos)741 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
742 {
743 return smk_seq_next(s, v, pos, &smack_known_list);
744 }
745
746 /*
747 * Print cipso labels in format:
748 * label level[/cat[,cat]]
749 */
cipso_seq_show(struct seq_file * s,void * v)750 static int cipso_seq_show(struct seq_file *s, void *v)
751 {
752 struct list_head *list = v;
753 struct smack_known *skp =
754 list_entry_rcu(list, struct smack_known, list);
755 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
756 char sep = '/';
757 int i;
758
759 /*
760 * Don't show a label that could not have been set using
761 * /smack/cipso. This is in support of the notion that
762 * anything read from /smack/cipso ought to be writeable
763 * to /smack/cipso.
764 *
765 * /smack/cipso2 should be used instead.
766 */
767 if (strlen(skp->smk_known) >= SMK_LABELLEN)
768 return 0;
769
770 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
771
772 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
773 i = netlbl_catmap_walk(cmp, i + 1)) {
774 seq_printf(s, "%c%d", sep, i);
775 sep = ',';
776 }
777
778 seq_putc(s, '\n');
779
780 return 0;
781 }
782
783 static const struct seq_operations cipso_seq_ops = {
784 .start = cipso_seq_start,
785 .next = cipso_seq_next,
786 .show = cipso_seq_show,
787 .stop = smk_seq_stop,
788 };
789
790 /**
791 * smk_open_cipso - open() for /smack/cipso
792 * @inode: inode structure representing file
793 * @file: "cipso" file pointer
794 *
795 * Connect our cipso_seq_* operations with /smack/cipso
796 * file_operations
797 */
smk_open_cipso(struct inode * inode,struct file * file)798 static int smk_open_cipso(struct inode *inode, struct file *file)
799 {
800 return seq_open(file, &cipso_seq_ops);
801 }
802
803 /**
804 * smk_set_cipso - do the work for write() for cipso and cipso2
805 * @file: file pointer, not actually used
806 * @buf: where to get the data from
807 * @count: bytes sent
808 * @ppos: where to start
809 * @format: /smack/cipso or /smack/cipso2
810 *
811 * Accepts only one cipso rule per write call.
812 * Returns number of bytes written or error code, as appropriate
813 */
smk_set_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)814 static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
815 size_t count, loff_t *ppos, int format)
816 {
817 struct netlbl_lsm_catmap *old_cat;
818 struct smack_known *skp;
819 struct netlbl_lsm_secattr ncats;
820 char mapcatset[SMK_CIPSOLEN];
821 int maplevel;
822 unsigned int cat;
823 int catlen;
824 ssize_t rc = -EINVAL;
825 char *data = NULL;
826 char *rule;
827 int ret;
828 int i;
829
830 /*
831 * Must have privilege.
832 * No partial writes.
833 * Enough data must be present.
834 */
835 if (!smack_privileged(CAP_MAC_ADMIN))
836 return -EPERM;
837 if (*ppos != 0)
838 return -EINVAL;
839 if (format == SMK_FIXED24_FMT &&
840 (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
841 return -EINVAL;
842 if (count > PAGE_SIZE)
843 return -EINVAL;
844
845 data = memdup_user_nul(buf, count);
846 if (IS_ERR(data))
847 return PTR_ERR(data);
848
849 rule = data;
850 /*
851 * Only allow one writer at a time. Writes should be
852 * quite rare and small in any case.
853 */
854 mutex_lock(&smack_cipso_lock);
855
856 skp = smk_import_entry(rule, 0);
857 if (IS_ERR(skp)) {
858 rc = PTR_ERR(skp);
859 goto out;
860 }
861
862 if (format == SMK_FIXED24_FMT)
863 rule += SMK_LABELLEN;
864 else
865 rule += strlen(skp->smk_known) + 1;
866
867 if (rule > data + count) {
868 rc = -EOVERFLOW;
869 goto out;
870 }
871
872 ret = sscanf(rule, "%d", &maplevel);
873 if (ret != 1 || maplevel < 0 || maplevel > SMACK_CIPSO_MAXLEVEL)
874 goto out;
875
876 rule += SMK_DIGITLEN;
877 if (rule > data + count) {
878 rc = -EOVERFLOW;
879 goto out;
880 }
881
882 ret = sscanf(rule, "%d", &catlen);
883 if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM)
884 goto out;
885
886 if (format == SMK_FIXED24_FMT &&
887 count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
888 goto out;
889
890 memset(mapcatset, 0, sizeof(mapcatset));
891
892 for (i = 0; i < catlen; i++) {
893 rule += SMK_DIGITLEN;
894 if (rule > data + count) {
895 rc = -EOVERFLOW;
896 goto out;
897 }
898 ret = sscanf(rule, "%u", &cat);
899 if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
900 goto out;
901
902 smack_catset_bit(cat, mapcatset);
903 }
904
905 rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
906 if (rc >= 0) {
907 old_cat = skp->smk_netlabel.attr.mls.cat;
908 rcu_assign_pointer(skp->smk_netlabel.attr.mls.cat, ncats.attr.mls.cat);
909 if (ncats.attr.mls.cat)
910 skp->smk_netlabel.flags |= NETLBL_SECATTR_MLS_CAT;
911 else
912 skp->smk_netlabel.flags &= ~(u32)NETLBL_SECATTR_MLS_CAT;
913 skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
914 synchronize_rcu();
915 netlbl_catmap_free(old_cat);
916 rc = count;
917 /*
918 * This mapping may have been cached, so clear the cache.
919 */
920 netlbl_cache_invalidate();
921 }
922
923 out:
924 mutex_unlock(&smack_cipso_lock);
925 kfree(data);
926 return rc;
927 }
928
929 /**
930 * smk_write_cipso - write() for /smack/cipso
931 * @file: file pointer, not actually used
932 * @buf: where to get the data from
933 * @count: bytes sent
934 * @ppos: where to start
935 *
936 * Accepts only one cipso rule per write call.
937 * Returns number of bytes written or error code, as appropriate
938 */
smk_write_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos)939 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
940 size_t count, loff_t *ppos)
941 {
942 return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
943 }
944
945 static const struct file_operations smk_cipso_ops = {
946 .open = smk_open_cipso,
947 .read = seq_read,
948 .llseek = seq_lseek,
949 .write = smk_write_cipso,
950 .release = seq_release,
951 };
952
953 /*
954 * Seq_file read operations for /smack/cipso2
955 */
956
957 /*
958 * Print cipso labels in format:
959 * label level[/cat[,cat]]
960 */
cipso2_seq_show(struct seq_file * s,void * v)961 static int cipso2_seq_show(struct seq_file *s, void *v)
962 {
963 struct list_head *list = v;
964 struct smack_known *skp =
965 list_entry_rcu(list, struct smack_known, list);
966 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
967 char sep = '/';
968 int i;
969
970 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
971
972 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
973 i = netlbl_catmap_walk(cmp, i + 1)) {
974 seq_printf(s, "%c%d", sep, i);
975 sep = ',';
976 }
977
978 seq_putc(s, '\n');
979
980 return 0;
981 }
982
983 static const struct seq_operations cipso2_seq_ops = {
984 .start = cipso_seq_start,
985 .next = cipso_seq_next,
986 .show = cipso2_seq_show,
987 .stop = smk_seq_stop,
988 };
989
990 /**
991 * smk_open_cipso2 - open() for /smack/cipso2
992 * @inode: inode structure representing file
993 * @file: "cipso2" file pointer
994 *
995 * Connect our cipso_seq_* operations with /smack/cipso2
996 * file_operations
997 */
smk_open_cipso2(struct inode * inode,struct file * file)998 static int smk_open_cipso2(struct inode *inode, struct file *file)
999 {
1000 return seq_open(file, &cipso2_seq_ops);
1001 }
1002
1003 /**
1004 * smk_write_cipso2 - write() for /smack/cipso2
1005 * @file: file pointer, not actually used
1006 * @buf: where to get the data from
1007 * @count: bytes sent
1008 * @ppos: where to start
1009 *
1010 * Accepts only one cipso rule per write call.
1011 * Returns number of bytes written or error code, as appropriate
1012 */
smk_write_cipso2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1013 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
1014 size_t count, loff_t *ppos)
1015 {
1016 return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
1017 }
1018
1019 static const struct file_operations smk_cipso2_ops = {
1020 .open = smk_open_cipso2,
1021 .read = seq_read,
1022 .llseek = seq_lseek,
1023 .write = smk_write_cipso2,
1024 .release = seq_release,
1025 };
1026
1027 /*
1028 * Seq_file read operations for /smack/netlabel
1029 */
1030
net4addr_seq_start(struct seq_file * s,loff_t * pos)1031 static void *net4addr_seq_start(struct seq_file *s, loff_t *pos)
1032 {
1033 return smk_seq_start(s, pos, &smk_net4addr_list);
1034 }
1035
net4addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1036 static void *net4addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1037 {
1038 return smk_seq_next(s, v, pos, &smk_net4addr_list);
1039 }
1040
1041 /*
1042 * Print host/label pairs
1043 */
net4addr_seq_show(struct seq_file * s,void * v)1044 static int net4addr_seq_show(struct seq_file *s, void *v)
1045 {
1046 struct list_head *list = v;
1047 struct smk_net4addr *skp =
1048 list_entry_rcu(list, struct smk_net4addr, list);
1049 char *kp = SMACK_CIPSO_OPTION;
1050
1051 if (skp->smk_label != NULL)
1052 kp = skp->smk_label->smk_known;
1053 seq_printf(s, "%pI4/%d %s\n", &skp->smk_host.s_addr,
1054 skp->smk_masks, kp);
1055
1056 return 0;
1057 }
1058
1059 static const struct seq_operations net4addr_seq_ops = {
1060 .start = net4addr_seq_start,
1061 .next = net4addr_seq_next,
1062 .show = net4addr_seq_show,
1063 .stop = smk_seq_stop,
1064 };
1065
1066 /**
1067 * smk_open_net4addr - open() for /smack/netlabel
1068 * @inode: inode structure representing file
1069 * @file: "netlabel" file pointer
1070 *
1071 * Connect our net4addr_seq_* operations with /smack/netlabel
1072 * file_operations
1073 */
smk_open_net4addr(struct inode * inode,struct file * file)1074 static int smk_open_net4addr(struct inode *inode, struct file *file)
1075 {
1076 return seq_open(file, &net4addr_seq_ops);
1077 }
1078
1079 /**
1080 * smk_net4addr_insert - insert a new entry into the net4addrs list
1081 * @new : netlabel to insert
1082 *
1083 * This helper inserts netlabel in the smack_net4addrs list
1084 * sorted by netmask length (longest to smallest)
1085 * locked by &smk_net4addr_lock in smk_write_net4addr.
1086 */
smk_net4addr_insert(struct smk_net4addr * new)1087 static void smk_net4addr_insert(struct smk_net4addr *new)
1088 {
1089 struct smk_net4addr *m;
1090 struct smk_net4addr *m_next;
1091
1092 if (list_empty(&smk_net4addr_list)) {
1093 list_add_rcu(&new->list, &smk_net4addr_list);
1094 return;
1095 }
1096
1097 m = list_entry_rcu(smk_net4addr_list.next,
1098 struct smk_net4addr, list);
1099
1100 /* the comparison '>' is a bit hacky, but works */
1101 if (new->smk_masks > m->smk_masks) {
1102 list_add_rcu(&new->list, &smk_net4addr_list);
1103 return;
1104 }
1105
1106 list_for_each_entry_rcu(m, &smk_net4addr_list, list) {
1107 if (list_is_last(&m->list, &smk_net4addr_list)) {
1108 list_add_rcu(&new->list, &m->list);
1109 return;
1110 }
1111 m_next = list_entry_rcu(m->list.next,
1112 struct smk_net4addr, list);
1113 if (new->smk_masks > m_next->smk_masks) {
1114 list_add_rcu(&new->list, &m->list);
1115 return;
1116 }
1117 }
1118 }
1119
1120
1121 /**
1122 * smk_write_net4addr - write() for /smack/netlabel
1123 * @file: file pointer, not actually used
1124 * @buf: where to get the data from
1125 * @count: bytes sent
1126 * @ppos: where to start
1127 *
1128 * Accepts only one net4addr per write call.
1129 * Returns number of bytes written or error code, as appropriate
1130 */
smk_write_net4addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1131 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
1132 size_t count, loff_t *ppos)
1133 {
1134 struct smk_net4addr *snp;
1135 struct sockaddr_in newname;
1136 char *smack;
1137 struct smack_known *skp = NULL;
1138 char *data;
1139 char *host = (char *)&newname.sin_addr.s_addr;
1140 int rc;
1141 struct netlbl_audit audit_info;
1142 struct in_addr mask;
1143 unsigned int m;
1144 unsigned int masks;
1145 int found;
1146 u32 mask_bits = (1<<31);
1147 __be32 nsa;
1148 u32 temp_mask;
1149
1150 /*
1151 * Must have privilege.
1152 * No partial writes.
1153 * Enough data must be present.
1154 * "<addr/mask, as a.b.c.d/e><space><label>"
1155 * "<addr, as a.b.c.d><space><label>"
1156 */
1157 if (!smack_privileged(CAP_MAC_ADMIN))
1158 return -EPERM;
1159 if (*ppos != 0)
1160 return -EINVAL;
1161 if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1162 return -EINVAL;
1163
1164 data = memdup_user_nul(buf, count);
1165 if (IS_ERR(data))
1166 return PTR_ERR(data);
1167
1168 smack = kzalloc(count + 1, GFP_KERNEL);
1169 if (smack == NULL) {
1170 rc = -ENOMEM;
1171 goto free_data_out;
1172 }
1173
1174 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
1175 &host[0], &host[1], &host[2], &host[3], &masks, smack);
1176 if (rc != 6) {
1177 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1178 &host[0], &host[1], &host[2], &host[3], smack);
1179 if (rc != 5) {
1180 rc = -EINVAL;
1181 goto free_out;
1182 }
1183 masks = 32;
1184 }
1185 if (masks > BEBITS) {
1186 rc = -EINVAL;
1187 goto free_out;
1188 }
1189
1190 /*
1191 * If smack begins with '-', it is an option, don't import it
1192 */
1193 if (smack[0] != '-') {
1194 skp = smk_import_entry(smack, 0);
1195 if (IS_ERR(skp)) {
1196 rc = PTR_ERR(skp);
1197 goto free_out;
1198 }
1199 } else {
1200 /*
1201 * Only the -CIPSO option is supported for IPv4
1202 */
1203 if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) {
1204 rc = -EINVAL;
1205 goto free_out;
1206 }
1207 }
1208
1209 for (m = masks, temp_mask = 0; m > 0; m--) {
1210 temp_mask |= mask_bits;
1211 mask_bits >>= 1;
1212 }
1213 mask.s_addr = cpu_to_be32(temp_mask);
1214
1215 newname.sin_addr.s_addr &= mask.s_addr;
1216 /*
1217 * Only allow one writer at a time. Writes should be
1218 * quite rare and small in any case.
1219 */
1220 mutex_lock(&smk_net4addr_lock);
1221
1222 nsa = newname.sin_addr.s_addr;
1223 /* try to find if the prefix is already in the list */
1224 found = 0;
1225 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) {
1226 if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) {
1227 found = 1;
1228 break;
1229 }
1230 }
1231 smk_netlabel_audit_set(&audit_info);
1232
1233 if (found == 0) {
1234 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1235 if (snp == NULL)
1236 rc = -ENOMEM;
1237 else {
1238 rc = 0;
1239 snp->smk_host.s_addr = newname.sin_addr.s_addr;
1240 snp->smk_mask.s_addr = mask.s_addr;
1241 snp->smk_label = skp;
1242 snp->smk_masks = masks;
1243 smk_net4addr_insert(snp);
1244 }
1245 } else {
1246 /*
1247 * Delete the unlabeled entry, only if the previous label
1248 * wasn't the special CIPSO option
1249 */
1250 if (snp->smk_label != NULL)
1251 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1252 &snp->smk_host, &snp->smk_mask,
1253 PF_INET, &audit_info);
1254 else
1255 rc = 0;
1256 snp->smk_label = skp;
1257 }
1258
1259 /*
1260 * Now tell netlabel about the single label nature of
1261 * this host so that incoming packets get labeled.
1262 * but only if we didn't get the special CIPSO option
1263 */
1264 if (rc == 0 && skp != NULL)
1265 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1266 &snp->smk_host, &snp->smk_mask, PF_INET,
1267 snp->smk_label->smk_secid, &audit_info);
1268
1269 if (rc == 0)
1270 rc = count;
1271
1272 mutex_unlock(&smk_net4addr_lock);
1273
1274 free_out:
1275 kfree(smack);
1276 free_data_out:
1277 kfree(data);
1278
1279 return rc;
1280 }
1281
1282 static const struct file_operations smk_net4addr_ops = {
1283 .open = smk_open_net4addr,
1284 .read = seq_read,
1285 .llseek = seq_lseek,
1286 .write = smk_write_net4addr,
1287 .release = seq_release,
1288 };
1289
1290 #if IS_ENABLED(CONFIG_IPV6)
1291 /*
1292 * Seq_file read operations for /smack/netlabel6
1293 */
1294
net6addr_seq_start(struct seq_file * s,loff_t * pos)1295 static void *net6addr_seq_start(struct seq_file *s, loff_t *pos)
1296 {
1297 return smk_seq_start(s, pos, &smk_net6addr_list);
1298 }
1299
net6addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1300 static void *net6addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1301 {
1302 return smk_seq_next(s, v, pos, &smk_net6addr_list);
1303 }
1304
1305 /*
1306 * Print host/label pairs
1307 */
net6addr_seq_show(struct seq_file * s,void * v)1308 static int net6addr_seq_show(struct seq_file *s, void *v)
1309 {
1310 struct list_head *list = v;
1311 struct smk_net6addr *skp =
1312 list_entry(list, struct smk_net6addr, list);
1313
1314 if (skp->smk_label != NULL)
1315 seq_printf(s, "%pI6/%d %s\n", &skp->smk_host, skp->smk_masks,
1316 skp->smk_label->smk_known);
1317
1318 return 0;
1319 }
1320
1321 static const struct seq_operations net6addr_seq_ops = {
1322 .start = net6addr_seq_start,
1323 .next = net6addr_seq_next,
1324 .show = net6addr_seq_show,
1325 .stop = smk_seq_stop,
1326 };
1327
1328 /**
1329 * smk_open_net6addr - open() for /smack/netlabel
1330 * @inode: inode structure representing file
1331 * @file: "netlabel" file pointer
1332 *
1333 * Connect our net6addr_seq_* operations with /smack/netlabel
1334 * file_operations
1335 */
smk_open_net6addr(struct inode * inode,struct file * file)1336 static int smk_open_net6addr(struct inode *inode, struct file *file)
1337 {
1338 return seq_open(file, &net6addr_seq_ops);
1339 }
1340
1341 /**
1342 * smk_net6addr_insert - insert a new entry into the net6addrs list
1343 * @new : entry to insert
1344 *
1345 * This inserts an entry in the smack_net6addrs list
1346 * sorted by netmask length (longest to smallest)
1347 * locked by &smk_net6addr_lock in smk_write_net6addr.
1348 */
smk_net6addr_insert(struct smk_net6addr * new)1349 static void smk_net6addr_insert(struct smk_net6addr *new)
1350 {
1351 struct smk_net6addr *m_next;
1352 struct smk_net6addr *m;
1353
1354 if (list_empty(&smk_net6addr_list)) {
1355 list_add_rcu(&new->list, &smk_net6addr_list);
1356 return;
1357 }
1358
1359 m = list_entry_rcu(smk_net6addr_list.next,
1360 struct smk_net6addr, list);
1361
1362 if (new->smk_masks > m->smk_masks) {
1363 list_add_rcu(&new->list, &smk_net6addr_list);
1364 return;
1365 }
1366
1367 list_for_each_entry_rcu(m, &smk_net6addr_list, list) {
1368 if (list_is_last(&m->list, &smk_net6addr_list)) {
1369 list_add_rcu(&new->list, &m->list);
1370 return;
1371 }
1372 m_next = list_entry_rcu(m->list.next,
1373 struct smk_net6addr, list);
1374 if (new->smk_masks > m_next->smk_masks) {
1375 list_add_rcu(&new->list, &m->list);
1376 return;
1377 }
1378 }
1379 }
1380
1381
1382 /**
1383 * smk_write_net6addr - write() for /smack/netlabel
1384 * @file: file pointer, not actually used
1385 * @buf: where to get the data from
1386 * @count: bytes sent
1387 * @ppos: where to start
1388 *
1389 * Accepts only one net6addr per write call.
1390 * Returns number of bytes written or error code, as appropriate
1391 */
smk_write_net6addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1392 static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
1393 size_t count, loff_t *ppos)
1394 {
1395 struct smk_net6addr *snp;
1396 struct in6_addr newname;
1397 struct in6_addr fullmask;
1398 struct smack_known *skp = NULL;
1399 char *smack;
1400 char *data;
1401 int rc = 0;
1402 int found = 0;
1403 int i;
1404 unsigned int scanned[8];
1405 unsigned int m;
1406 unsigned int mask = 128;
1407
1408 /*
1409 * Must have privilege.
1410 * No partial writes.
1411 * Enough data must be present.
1412 * "<addr/mask, as a:b:c:d:e:f:g:h/e><space><label>"
1413 * "<addr, as a:b:c:d:e:f:g:h><space><label>"
1414 */
1415 if (!smack_privileged(CAP_MAC_ADMIN))
1416 return -EPERM;
1417 if (*ppos != 0)
1418 return -EINVAL;
1419 if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1420 return -EINVAL;
1421
1422 data = memdup_user_nul(buf, count);
1423 if (IS_ERR(data))
1424 return PTR_ERR(data);
1425
1426 smack = kzalloc(count + 1, GFP_KERNEL);
1427 if (smack == NULL) {
1428 rc = -ENOMEM;
1429 goto free_data_out;
1430 }
1431
1432 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
1433 &scanned[0], &scanned[1], &scanned[2], &scanned[3],
1434 &scanned[4], &scanned[5], &scanned[6], &scanned[7],
1435 &mask, smack);
1436 if (i != 10) {
1437 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
1438 &scanned[0], &scanned[1], &scanned[2],
1439 &scanned[3], &scanned[4], &scanned[5],
1440 &scanned[6], &scanned[7], smack);
1441 if (i != 9) {
1442 rc = -EINVAL;
1443 goto free_out;
1444 }
1445 }
1446 if (mask > 128) {
1447 rc = -EINVAL;
1448 goto free_out;
1449 }
1450 for (i = 0; i < 8; i++) {
1451 if (scanned[i] > 0xffff) {
1452 rc = -EINVAL;
1453 goto free_out;
1454 }
1455 newname.s6_addr16[i] = htons(scanned[i]);
1456 }
1457
1458 /*
1459 * If smack begins with '-', it is an option, don't import it
1460 */
1461 if (smack[0] != '-') {
1462 skp = smk_import_entry(smack, 0);
1463 if (IS_ERR(skp)) {
1464 rc = PTR_ERR(skp);
1465 goto free_out;
1466 }
1467 } else {
1468 /*
1469 * Only -DELETE is supported for IPv6
1470 */
1471 if (strcmp(smack, SMACK_DELETE_OPTION) != 0) {
1472 rc = -EINVAL;
1473 goto free_out;
1474 }
1475 }
1476
1477 for (i = 0, m = mask; i < 8; i++) {
1478 if (m >= 16) {
1479 fullmask.s6_addr16[i] = 0xffff;
1480 m -= 16;
1481 } else if (m > 0) {
1482 fullmask.s6_addr16[i] = (1 << m) - 1;
1483 m = 0;
1484 } else
1485 fullmask.s6_addr16[i] = 0;
1486 newname.s6_addr16[i] &= fullmask.s6_addr16[i];
1487 }
1488
1489 /*
1490 * Only allow one writer at a time. Writes should be
1491 * quite rare and small in any case.
1492 */
1493 mutex_lock(&smk_net6addr_lock);
1494 /*
1495 * Try to find the prefix in the list
1496 */
1497 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
1498 if (mask != snp->smk_masks)
1499 continue;
1500 for (found = 1, i = 0; i < 8; i++) {
1501 if (newname.s6_addr16[i] !=
1502 snp->smk_host.s6_addr16[i]) {
1503 found = 0;
1504 break;
1505 }
1506 }
1507 if (found == 1)
1508 break;
1509 }
1510 if (found == 0) {
1511 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1512 if (snp == NULL)
1513 rc = -ENOMEM;
1514 else {
1515 snp->smk_host = newname;
1516 snp->smk_mask = fullmask;
1517 snp->smk_masks = mask;
1518 snp->smk_label = skp;
1519 smk_net6addr_insert(snp);
1520 }
1521 } else {
1522 snp->smk_label = skp;
1523 }
1524
1525 if (rc == 0)
1526 rc = count;
1527
1528 mutex_unlock(&smk_net6addr_lock);
1529
1530 free_out:
1531 kfree(smack);
1532 free_data_out:
1533 kfree(data);
1534
1535 return rc;
1536 }
1537
1538 static const struct file_operations smk_net6addr_ops = {
1539 .open = smk_open_net6addr,
1540 .read = seq_read,
1541 .llseek = seq_lseek,
1542 .write = smk_write_net6addr,
1543 .release = seq_release,
1544 };
1545 #endif /* CONFIG_IPV6 */
1546
1547 /**
1548 * smk_read_doi - read() for /smack/doi
1549 * @filp: file pointer, not actually used
1550 * @buf: where to put the result
1551 * @count: maximum to send along
1552 * @ppos: where to start
1553 *
1554 * Returns number of bytes read or error code, as appropriate
1555 */
smk_read_doi(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1556 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1557 size_t count, loff_t *ppos)
1558 {
1559 char temp[80];
1560 ssize_t rc;
1561
1562 if (*ppos != 0)
1563 return 0;
1564
1565 sprintf(temp, "%d", smk_cipso_doi_value);
1566 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1567
1568 return rc;
1569 }
1570
1571 /**
1572 * smk_write_doi - write() for /smack/doi
1573 * @file: file pointer, not actually used
1574 * @buf: where to get the data from
1575 * @count: bytes sent
1576 * @ppos: where to start
1577 *
1578 * Returns number of bytes written or error code, as appropriate
1579 */
smk_write_doi(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1580 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1581 size_t count, loff_t *ppos)
1582 {
1583 char temp[80];
1584 int i;
1585
1586 if (!smack_privileged(CAP_MAC_ADMIN))
1587 return -EPERM;
1588
1589 if (count >= sizeof(temp) || count == 0)
1590 return -EINVAL;
1591
1592 if (copy_from_user(temp, buf, count) != 0)
1593 return -EFAULT;
1594
1595 temp[count] = '\0';
1596
1597 if (sscanf(temp, "%d", &i) != 1)
1598 return -EINVAL;
1599
1600 smk_cipso_doi_value = i;
1601
1602 smk_cipso_doi();
1603
1604 return count;
1605 }
1606
1607 static const struct file_operations smk_doi_ops = {
1608 .read = smk_read_doi,
1609 .write = smk_write_doi,
1610 .llseek = default_llseek,
1611 };
1612
1613 /**
1614 * smk_read_direct - read() for /smack/direct
1615 * @filp: file pointer, not actually used
1616 * @buf: where to put the result
1617 * @count: maximum to send along
1618 * @ppos: where to start
1619 *
1620 * Returns number of bytes read or error code, as appropriate
1621 */
smk_read_direct(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1622 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1623 size_t count, loff_t *ppos)
1624 {
1625 char temp[80];
1626 ssize_t rc;
1627
1628 if (*ppos != 0)
1629 return 0;
1630
1631 sprintf(temp, "%d", smack_cipso_direct);
1632 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1633
1634 return rc;
1635 }
1636
1637 /**
1638 * smk_write_direct - write() for /smack/direct
1639 * @file: file pointer, not actually used
1640 * @buf: where to get the data from
1641 * @count: bytes sent
1642 * @ppos: where to start
1643 *
1644 * Returns number of bytes written or error code, as appropriate
1645 */
smk_write_direct(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1646 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1647 size_t count, loff_t *ppos)
1648 {
1649 struct smack_known *skp;
1650 char temp[80];
1651 int i;
1652
1653 if (!smack_privileged(CAP_MAC_ADMIN))
1654 return -EPERM;
1655
1656 if (count >= sizeof(temp) || count == 0)
1657 return -EINVAL;
1658
1659 if (copy_from_user(temp, buf, count) != 0)
1660 return -EFAULT;
1661
1662 temp[count] = '\0';
1663
1664 if (sscanf(temp, "%d", &i) != 1)
1665 return -EINVAL;
1666
1667 /*
1668 * Don't do anything if the value hasn't actually changed.
1669 * If it is changing reset the level on entries that were
1670 * set up to be direct when they were created.
1671 */
1672 if (smack_cipso_direct != i) {
1673 mutex_lock(&smack_known_lock);
1674 list_for_each_entry_rcu(skp, &smack_known_list, list)
1675 if (skp->smk_netlabel.attr.mls.lvl ==
1676 smack_cipso_direct)
1677 skp->smk_netlabel.attr.mls.lvl = i;
1678 smack_cipso_direct = i;
1679 mutex_unlock(&smack_known_lock);
1680 }
1681
1682 return count;
1683 }
1684
1685 static const struct file_operations smk_direct_ops = {
1686 .read = smk_read_direct,
1687 .write = smk_write_direct,
1688 .llseek = default_llseek,
1689 };
1690
1691 /**
1692 * smk_read_mapped - read() for /smack/mapped
1693 * @filp: file pointer, not actually used
1694 * @buf: where to put the result
1695 * @count: maximum to send along
1696 * @ppos: where to start
1697 *
1698 * Returns number of bytes read or error code, as appropriate
1699 */
smk_read_mapped(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1700 static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1701 size_t count, loff_t *ppos)
1702 {
1703 char temp[80];
1704 ssize_t rc;
1705
1706 if (*ppos != 0)
1707 return 0;
1708
1709 sprintf(temp, "%d", smack_cipso_mapped);
1710 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1711
1712 return rc;
1713 }
1714
1715 /**
1716 * smk_write_mapped - write() for /smack/mapped
1717 * @file: file pointer, not actually used
1718 * @buf: where to get the data from
1719 * @count: bytes sent
1720 * @ppos: where to start
1721 *
1722 * Returns number of bytes written or error code, as appropriate
1723 */
smk_write_mapped(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1724 static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1725 size_t count, loff_t *ppos)
1726 {
1727 struct smack_known *skp;
1728 char temp[80];
1729 int i;
1730
1731 if (!smack_privileged(CAP_MAC_ADMIN))
1732 return -EPERM;
1733
1734 if (count >= sizeof(temp) || count == 0)
1735 return -EINVAL;
1736
1737 if (copy_from_user(temp, buf, count) != 0)
1738 return -EFAULT;
1739
1740 temp[count] = '\0';
1741
1742 if (sscanf(temp, "%d", &i) != 1)
1743 return -EINVAL;
1744
1745 /*
1746 * Don't do anything if the value hasn't actually changed.
1747 * If it is changing reset the level on entries that were
1748 * set up to be mapped when they were created.
1749 */
1750 if (smack_cipso_mapped != i) {
1751 mutex_lock(&smack_known_lock);
1752 list_for_each_entry_rcu(skp, &smack_known_list, list)
1753 if (skp->smk_netlabel.attr.mls.lvl ==
1754 smack_cipso_mapped)
1755 skp->smk_netlabel.attr.mls.lvl = i;
1756 smack_cipso_mapped = i;
1757 mutex_unlock(&smack_known_lock);
1758 }
1759
1760 return count;
1761 }
1762
1763 static const struct file_operations smk_mapped_ops = {
1764 .read = smk_read_mapped,
1765 .write = smk_write_mapped,
1766 .llseek = default_llseek,
1767 };
1768
1769 /**
1770 * smk_read_ambient - read() for /smack/ambient
1771 * @filp: file pointer, not actually used
1772 * @buf: where to put the result
1773 * @cn: maximum to send along
1774 * @ppos: where to start
1775 *
1776 * Returns number of bytes read or error code, as appropriate
1777 */
smk_read_ambient(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)1778 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1779 size_t cn, loff_t *ppos)
1780 {
1781 ssize_t rc;
1782 int asize;
1783
1784 if (*ppos != 0)
1785 return 0;
1786 /*
1787 * Being careful to avoid a problem in the case where
1788 * smack_net_ambient gets changed in midstream.
1789 */
1790 mutex_lock(&smack_ambient_lock);
1791
1792 asize = strlen(smack_net_ambient->smk_known) + 1;
1793
1794 if (cn >= asize)
1795 rc = simple_read_from_buffer(buf, cn, ppos,
1796 smack_net_ambient->smk_known,
1797 asize);
1798 else
1799 rc = -EINVAL;
1800
1801 mutex_unlock(&smack_ambient_lock);
1802
1803 return rc;
1804 }
1805
1806 /**
1807 * smk_write_ambient - write() for /smack/ambient
1808 * @file: file pointer, not actually used
1809 * @buf: where to get the data from
1810 * @count: bytes sent
1811 * @ppos: where to start
1812 *
1813 * Returns number of bytes written or error code, as appropriate
1814 */
smk_write_ambient(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1815 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1816 size_t count, loff_t *ppos)
1817 {
1818 struct smack_known *skp;
1819 char *oldambient;
1820 char *data;
1821 int rc = count;
1822
1823 if (!smack_privileged(CAP_MAC_ADMIN))
1824 return -EPERM;
1825
1826 /* Enough data must be present */
1827 if (count == 0 || count > PAGE_SIZE)
1828 return -EINVAL;
1829
1830 data = memdup_user_nul(buf, count);
1831 if (IS_ERR(data))
1832 return PTR_ERR(data);
1833
1834 skp = smk_import_entry(data, count);
1835 if (IS_ERR(skp)) {
1836 rc = PTR_ERR(skp);
1837 goto out;
1838 }
1839
1840 mutex_lock(&smack_ambient_lock);
1841
1842 oldambient = smack_net_ambient->smk_known;
1843 smack_net_ambient = skp;
1844 smk_unlbl_ambient(oldambient);
1845
1846 mutex_unlock(&smack_ambient_lock);
1847
1848 out:
1849 kfree(data);
1850 return rc;
1851 }
1852
1853 static const struct file_operations smk_ambient_ops = {
1854 .read = smk_read_ambient,
1855 .write = smk_write_ambient,
1856 .llseek = default_llseek,
1857 };
1858
1859 /*
1860 * Seq_file operations for /smack/onlycap
1861 */
onlycap_seq_start(struct seq_file * s,loff_t * pos)1862 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
1863 {
1864 return smk_seq_start(s, pos, &smack_onlycap_list);
1865 }
1866
onlycap_seq_next(struct seq_file * s,void * v,loff_t * pos)1867 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
1868 {
1869 return smk_seq_next(s, v, pos, &smack_onlycap_list);
1870 }
1871
onlycap_seq_show(struct seq_file * s,void * v)1872 static int onlycap_seq_show(struct seq_file *s, void *v)
1873 {
1874 struct list_head *list = v;
1875 struct smack_known_list_elem *sklep =
1876 list_entry_rcu(list, struct smack_known_list_elem, list);
1877
1878 seq_puts(s, sklep->smk_label->smk_known);
1879 seq_putc(s, ' ');
1880
1881 return 0;
1882 }
1883
1884 static const struct seq_operations onlycap_seq_ops = {
1885 .start = onlycap_seq_start,
1886 .next = onlycap_seq_next,
1887 .show = onlycap_seq_show,
1888 .stop = smk_seq_stop,
1889 };
1890
smk_open_onlycap(struct inode * inode,struct file * file)1891 static int smk_open_onlycap(struct inode *inode, struct file *file)
1892 {
1893 return seq_open(file, &onlycap_seq_ops);
1894 }
1895
1896 /**
1897 * smk_list_swap_rcu - swap public list with a private one in RCU-safe way
1898 * The caller must hold appropriate mutex to prevent concurrent modifications
1899 * to the public list.
1900 * Private list is assumed to be not accessible to other threads yet.
1901 *
1902 * @public: public list
1903 * @private: private list
1904 */
smk_list_swap_rcu(struct list_head * public,struct list_head * private)1905 static void smk_list_swap_rcu(struct list_head *public,
1906 struct list_head *private)
1907 {
1908 struct list_head *first, *last;
1909
1910 if (list_empty(public)) {
1911 list_splice_init_rcu(private, public, synchronize_rcu);
1912 } else {
1913 /* Remember public list before replacing it */
1914 first = public->next;
1915 last = public->prev;
1916
1917 /* Publish private list in place of public in RCU-safe way */
1918 private->prev->next = public;
1919 private->next->prev = public;
1920 rcu_assign_pointer(public->next, private->next);
1921 public->prev = private->prev;
1922
1923 synchronize_rcu();
1924
1925 /* When all readers are done with the old public list,
1926 * attach it in place of private */
1927 private->next = first;
1928 private->prev = last;
1929 first->prev = private;
1930 last->next = private;
1931 }
1932 }
1933
1934 /**
1935 * smk_parse_label_list - parse list of Smack labels, separated by spaces
1936 *
1937 * @data: the string to parse
1938 * @list: destination list
1939 *
1940 * Returns zero on success or error code, as appropriate
1941 */
smk_parse_label_list(char * data,struct list_head * list)1942 static int smk_parse_label_list(char *data, struct list_head *list)
1943 {
1944 char *tok;
1945 struct smack_known *skp;
1946 struct smack_known_list_elem *sklep;
1947
1948 while ((tok = strsep(&data, " ")) != NULL) {
1949 if (!*tok)
1950 continue;
1951
1952 skp = smk_import_entry(tok, 0);
1953 if (IS_ERR(skp))
1954 return PTR_ERR(skp);
1955
1956 sklep = kzalloc(sizeof(*sklep), GFP_KERNEL);
1957 if (sklep == NULL)
1958 return -ENOMEM;
1959
1960 sklep->smk_label = skp;
1961 list_add(&sklep->list, list);
1962 }
1963
1964 return 0;
1965 }
1966
1967 /**
1968 * smk_destroy_label_list - destroy a list of smack_known_list_elem
1969 * @list: header pointer of the list to destroy
1970 */
smk_destroy_label_list(struct list_head * list)1971 void smk_destroy_label_list(struct list_head *list)
1972 {
1973 struct smack_known_list_elem *sklep;
1974 struct smack_known_list_elem *sklep2;
1975
1976 list_for_each_entry_safe(sklep, sklep2, list, list)
1977 kfree(sklep);
1978
1979 INIT_LIST_HEAD(list);
1980 }
1981
1982 /**
1983 * smk_write_onlycap - write() for smackfs/onlycap
1984 * @file: file pointer, not actually used
1985 * @buf: where to get the data from
1986 * @count: bytes sent
1987 * @ppos: where to start
1988 *
1989 * Returns number of bytes written or error code, as appropriate
1990 */
smk_write_onlycap(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1991 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
1992 size_t count, loff_t *ppos)
1993 {
1994 char *data;
1995 LIST_HEAD(list_tmp);
1996 int rc;
1997
1998 if (!smack_privileged(CAP_MAC_ADMIN))
1999 return -EPERM;
2000
2001 if (count > PAGE_SIZE)
2002 return -EINVAL;
2003
2004 data = memdup_user_nul(buf, count);
2005 if (IS_ERR(data))
2006 return PTR_ERR(data);
2007
2008 rc = smk_parse_label_list(data, &list_tmp);
2009 kfree(data);
2010
2011 /*
2012 * Clear the smack_onlycap on invalid label errors. This means
2013 * that we can pass a null string to unset the onlycap value.
2014 *
2015 * Importing will also reject a label beginning with '-',
2016 * so "-usecapabilities" will also work.
2017 *
2018 * But do so only on invalid label, not on system errors.
2019 * The invalid label must be first to count as clearing attempt.
2020 */
2021 if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2022 mutex_lock(&smack_onlycap_lock);
2023 smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
2024 mutex_unlock(&smack_onlycap_lock);
2025 rc = count;
2026 }
2027
2028 smk_destroy_label_list(&list_tmp);
2029
2030 return rc;
2031 }
2032
2033 static const struct file_operations smk_onlycap_ops = {
2034 .open = smk_open_onlycap,
2035 .read = seq_read,
2036 .write = smk_write_onlycap,
2037 .llseek = seq_lseek,
2038 .release = seq_release,
2039 };
2040
2041 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2042 /**
2043 * smk_read_unconfined - read() for smackfs/unconfined
2044 * @filp: file pointer, not actually used
2045 * @buf: where to put the result
2046 * @cn: maximum to send along
2047 * @ppos: where to start
2048 *
2049 * Returns number of bytes read or error code, as appropriate
2050 */
smk_read_unconfined(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2051 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
2052 size_t cn, loff_t *ppos)
2053 {
2054 char *smack = "";
2055 ssize_t rc = -EINVAL;
2056 int asize;
2057
2058 if (*ppos != 0)
2059 return 0;
2060
2061 if (smack_unconfined != NULL)
2062 smack = smack_unconfined->smk_known;
2063
2064 asize = strlen(smack) + 1;
2065
2066 if (cn >= asize)
2067 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
2068
2069 return rc;
2070 }
2071
2072 /**
2073 * smk_write_unconfined - write() for smackfs/unconfined
2074 * @file: file pointer, not actually used
2075 * @buf: where to get the data from
2076 * @count: bytes sent
2077 * @ppos: where to start
2078 *
2079 * Returns number of bytes written or error code, as appropriate
2080 */
smk_write_unconfined(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2081 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
2082 size_t count, loff_t *ppos)
2083 {
2084 char *data;
2085 struct smack_known *skp;
2086 int rc = count;
2087
2088 if (!smack_privileged(CAP_MAC_ADMIN))
2089 return -EPERM;
2090
2091 if (count > PAGE_SIZE)
2092 return -EINVAL;
2093
2094 data = memdup_user_nul(buf, count);
2095 if (IS_ERR(data))
2096 return PTR_ERR(data);
2097
2098 /*
2099 * Clear the smack_unconfined on invalid label errors. This means
2100 * that we can pass a null string to unset the unconfined value.
2101 *
2102 * Importing will also reject a label beginning with '-',
2103 * so "-confine" will also work.
2104 *
2105 * But do so only on invalid label, not on system errors.
2106 */
2107 skp = smk_import_entry(data, count);
2108 if (PTR_ERR(skp) == -EINVAL)
2109 skp = NULL;
2110 else if (IS_ERR(skp)) {
2111 rc = PTR_ERR(skp);
2112 goto freeout;
2113 }
2114
2115 smack_unconfined = skp;
2116
2117 freeout:
2118 kfree(data);
2119 return rc;
2120 }
2121
2122 static const struct file_operations smk_unconfined_ops = {
2123 .read = smk_read_unconfined,
2124 .write = smk_write_unconfined,
2125 .llseek = default_llseek,
2126 };
2127 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */
2128
2129 #ifdef CONFIG_AUDIT
2130 /**
2131 * smk_read_logging - read() for /smack/logging
2132 * @filp: file pointer, not actually used
2133 * @buf: where to put the result
2134 * @count: maximum to send along
2135 * @ppos: where to start
2136 *
2137 * Returns number of bytes read or error code, as appropriate
2138 */
smk_read_logging(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2139 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
2140 size_t count, loff_t *ppos)
2141 {
2142 char temp[32];
2143 ssize_t rc;
2144
2145 if (*ppos != 0)
2146 return 0;
2147
2148 sprintf(temp, "%d\n", log_policy);
2149 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2150 return rc;
2151 }
2152
2153 /**
2154 * smk_write_logging - write() for /smack/logging
2155 * @file: file pointer, not actually used
2156 * @buf: where to get the data from
2157 * @count: bytes sent
2158 * @ppos: where to start
2159 *
2160 * Returns number of bytes written or error code, as appropriate
2161 */
smk_write_logging(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2162 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
2163 size_t count, loff_t *ppos)
2164 {
2165 char temp[32];
2166 int i;
2167
2168 if (!smack_privileged(CAP_MAC_ADMIN))
2169 return -EPERM;
2170
2171 if (count >= sizeof(temp) || count == 0)
2172 return -EINVAL;
2173
2174 if (copy_from_user(temp, buf, count) != 0)
2175 return -EFAULT;
2176
2177 temp[count] = '\0';
2178
2179 if (sscanf(temp, "%d", &i) != 1)
2180 return -EINVAL;
2181 if (i < 0 || i > 3)
2182 return -EINVAL;
2183 log_policy = i;
2184 return count;
2185 }
2186
2187
2188
2189 static const struct file_operations smk_logging_ops = {
2190 .read = smk_read_logging,
2191 .write = smk_write_logging,
2192 .llseek = default_llseek,
2193 };
2194 #endif /* CONFIG_AUDIT */
2195
2196 /*
2197 * Seq_file read operations for /smack/load-self
2198 */
2199
load_self_seq_start(struct seq_file * s,loff_t * pos)2200 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
2201 {
2202 struct task_smack *tsp = smack_cred(current_cred());
2203
2204 return smk_seq_start(s, pos, &tsp->smk_rules);
2205 }
2206
load_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2207 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2208 {
2209 struct task_smack *tsp = smack_cred(current_cred());
2210
2211 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2212 }
2213
load_self_seq_show(struct seq_file * s,void * v)2214 static int load_self_seq_show(struct seq_file *s, void *v)
2215 {
2216 struct list_head *list = v;
2217 struct smack_rule *srp =
2218 list_entry_rcu(list, struct smack_rule, list);
2219
2220 smk_rule_show(s, srp, SMK_LABELLEN);
2221
2222 return 0;
2223 }
2224
2225 static const struct seq_operations load_self_seq_ops = {
2226 .start = load_self_seq_start,
2227 .next = load_self_seq_next,
2228 .show = load_self_seq_show,
2229 .stop = smk_seq_stop,
2230 };
2231
2232
2233 /**
2234 * smk_open_load_self - open() for /smack/load-self2
2235 * @inode: inode structure representing file
2236 * @file: "load" file pointer
2237 *
2238 * For reading, use load_seq_* seq_file reading operations.
2239 */
smk_open_load_self(struct inode * inode,struct file * file)2240 static int smk_open_load_self(struct inode *inode, struct file *file)
2241 {
2242 return seq_open(file, &load_self_seq_ops);
2243 }
2244
2245 /**
2246 * smk_write_load_self - write() for /smack/load-self
2247 * @file: file pointer, not actually used
2248 * @buf: where to get the data from
2249 * @count: bytes sent
2250 * @ppos: where to start - must be 0
2251 *
2252 */
smk_write_load_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2253 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
2254 size_t count, loff_t *ppos)
2255 {
2256 struct task_smack *tsp = smack_cred(current_cred());
2257
2258 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2259 &tsp->smk_rules_lock, SMK_FIXED24_FMT);
2260 }
2261
2262 static const struct file_operations smk_load_self_ops = {
2263 .open = smk_open_load_self,
2264 .read = seq_read,
2265 .llseek = seq_lseek,
2266 .write = smk_write_load_self,
2267 .release = seq_release,
2268 };
2269
2270 /**
2271 * smk_user_access - handle access check transaction
2272 * @file: file pointer
2273 * @buf: data from user space
2274 * @count: bytes sent
2275 * @ppos: where to start - must be 0
2276 * @format: /smack/load or /smack/load2 or /smack/change-rule format.
2277 */
smk_user_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)2278 static ssize_t smk_user_access(struct file *file, const char __user *buf,
2279 size_t count, loff_t *ppos, int format)
2280 {
2281 struct smack_parsed_rule rule;
2282 char *data;
2283 int res;
2284
2285 data = simple_transaction_get(file, buf, count);
2286 if (IS_ERR(data))
2287 return PTR_ERR(data);
2288
2289 if (format == SMK_FIXED24_FMT) {
2290 if (count < SMK_LOADLEN)
2291 return -EINVAL;
2292 res = smk_parse_rule(data, &rule, 0);
2293 } else {
2294 /*
2295 * simple_transaction_get() returns null-terminated data
2296 */
2297 res = smk_parse_long_rule(data, &rule, 0, 3);
2298 }
2299
2300 if (res >= 0)
2301 res = smk_access(rule.smk_subject, rule.smk_object,
2302 rule.smk_access1, NULL);
2303 else if (res != -ENOENT)
2304 return res;
2305
2306 /*
2307 * smk_access() can return a value > 0 in the "bringup" case.
2308 */
2309 data[0] = res >= 0 ? '1' : '0';
2310 data[1] = '\0';
2311
2312 simple_transaction_set(file, 2);
2313
2314 if (format == SMK_FIXED24_FMT)
2315 return SMK_LOADLEN;
2316 return count;
2317 }
2318
2319 /**
2320 * smk_write_access - handle access check transaction
2321 * @file: file pointer
2322 * @buf: data from user space
2323 * @count: bytes sent
2324 * @ppos: where to start - must be 0
2325 */
smk_write_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2326 static ssize_t smk_write_access(struct file *file, const char __user *buf,
2327 size_t count, loff_t *ppos)
2328 {
2329 return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
2330 }
2331
2332 static const struct file_operations smk_access_ops = {
2333 .write = smk_write_access,
2334 .read = simple_transaction_read,
2335 .release = simple_transaction_release,
2336 .llseek = generic_file_llseek,
2337 };
2338
2339
2340 /*
2341 * Seq_file read operations for /smack/load2
2342 */
2343
load2_seq_show(struct seq_file * s,void * v)2344 static int load2_seq_show(struct seq_file *s, void *v)
2345 {
2346 struct list_head *list = v;
2347 struct smack_rule *srp;
2348 struct smack_known *skp =
2349 list_entry_rcu(list, struct smack_known, list);
2350
2351 list_for_each_entry_rcu(srp, &skp->smk_rules, list)
2352 smk_rule_show(s, srp, SMK_LONGLABEL);
2353
2354 return 0;
2355 }
2356
2357 static const struct seq_operations load2_seq_ops = {
2358 .start = load2_seq_start,
2359 .next = load2_seq_next,
2360 .show = load2_seq_show,
2361 .stop = smk_seq_stop,
2362 };
2363
2364 /**
2365 * smk_open_load2 - open() for /smack/load2
2366 * @inode: inode structure representing file
2367 * @file: "load2" file pointer
2368 *
2369 * For reading, use load2_seq_* seq_file reading operations.
2370 */
smk_open_load2(struct inode * inode,struct file * file)2371 static int smk_open_load2(struct inode *inode, struct file *file)
2372 {
2373 return seq_open(file, &load2_seq_ops);
2374 }
2375
2376 /**
2377 * smk_write_load2 - write() for /smack/load2
2378 * @file: file pointer, not actually used
2379 * @buf: where to get the data from
2380 * @count: bytes sent
2381 * @ppos: where to start - must be 0
2382 *
2383 */
smk_write_load2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2384 static ssize_t smk_write_load2(struct file *file, const char __user *buf,
2385 size_t count, loff_t *ppos)
2386 {
2387 /*
2388 * Must have privilege.
2389 */
2390 if (!smack_privileged(CAP_MAC_ADMIN))
2391 return -EPERM;
2392
2393 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2394 SMK_LONG_FMT);
2395 }
2396
2397 static const struct file_operations smk_load2_ops = {
2398 .open = smk_open_load2,
2399 .read = seq_read,
2400 .llseek = seq_lseek,
2401 .write = smk_write_load2,
2402 .release = seq_release,
2403 };
2404
2405 /*
2406 * Seq_file read operations for /smack/load-self2
2407 */
2408
load_self2_seq_start(struct seq_file * s,loff_t * pos)2409 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
2410 {
2411 struct task_smack *tsp = smack_cred(current_cred());
2412
2413 return smk_seq_start(s, pos, &tsp->smk_rules);
2414 }
2415
load_self2_seq_next(struct seq_file * s,void * v,loff_t * pos)2416 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
2417 {
2418 struct task_smack *tsp = smack_cred(current_cred());
2419
2420 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2421 }
2422
load_self2_seq_show(struct seq_file * s,void * v)2423 static int load_self2_seq_show(struct seq_file *s, void *v)
2424 {
2425 struct list_head *list = v;
2426 struct smack_rule *srp =
2427 list_entry_rcu(list, struct smack_rule, list);
2428
2429 smk_rule_show(s, srp, SMK_LONGLABEL);
2430
2431 return 0;
2432 }
2433
2434 static const struct seq_operations load_self2_seq_ops = {
2435 .start = load_self2_seq_start,
2436 .next = load_self2_seq_next,
2437 .show = load_self2_seq_show,
2438 .stop = smk_seq_stop,
2439 };
2440
2441 /**
2442 * smk_open_load_self2 - open() for /smack/load-self2
2443 * @inode: inode structure representing file
2444 * @file: "load" file pointer
2445 *
2446 * For reading, use load_seq_* seq_file reading operations.
2447 */
smk_open_load_self2(struct inode * inode,struct file * file)2448 static int smk_open_load_self2(struct inode *inode, struct file *file)
2449 {
2450 return seq_open(file, &load_self2_seq_ops);
2451 }
2452
2453 /**
2454 * smk_write_load_self2 - write() for /smack/load-self2
2455 * @file: file pointer, not actually used
2456 * @buf: where to get the data from
2457 * @count: bytes sent
2458 * @ppos: where to start - must be 0
2459 *
2460 */
smk_write_load_self2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2461 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
2462 size_t count, loff_t *ppos)
2463 {
2464 struct task_smack *tsp = smack_cred(current_cred());
2465
2466 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2467 &tsp->smk_rules_lock, SMK_LONG_FMT);
2468 }
2469
2470 static const struct file_operations smk_load_self2_ops = {
2471 .open = smk_open_load_self2,
2472 .read = seq_read,
2473 .llseek = seq_lseek,
2474 .write = smk_write_load_self2,
2475 .release = seq_release,
2476 };
2477
2478 /**
2479 * smk_write_access2 - handle access check transaction
2480 * @file: file pointer
2481 * @buf: data from user space
2482 * @count: bytes sent
2483 * @ppos: where to start - must be 0
2484 */
smk_write_access2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2485 static ssize_t smk_write_access2(struct file *file, const char __user *buf,
2486 size_t count, loff_t *ppos)
2487 {
2488 return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
2489 }
2490
2491 static const struct file_operations smk_access2_ops = {
2492 .write = smk_write_access2,
2493 .read = simple_transaction_read,
2494 .release = simple_transaction_release,
2495 .llseek = generic_file_llseek,
2496 };
2497
2498 /**
2499 * smk_write_revoke_subj - write() for /smack/revoke-subject
2500 * @file: file pointer
2501 * @buf: data from user space
2502 * @count: bytes sent
2503 * @ppos: where to start - must be 0
2504 */
smk_write_revoke_subj(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2505 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
2506 size_t count, loff_t *ppos)
2507 {
2508 char *data;
2509 const char *cp;
2510 struct smack_known *skp;
2511 struct smack_rule *sp;
2512 struct list_head *rule_list;
2513 struct mutex *rule_lock;
2514 int rc = count;
2515
2516 if (*ppos != 0)
2517 return -EINVAL;
2518
2519 if (!smack_privileged(CAP_MAC_ADMIN))
2520 return -EPERM;
2521
2522 if (count == 0 || count > SMK_LONGLABEL)
2523 return -EINVAL;
2524
2525 data = memdup_user(buf, count);
2526 if (IS_ERR(data))
2527 return PTR_ERR(data);
2528
2529 cp = smk_parse_smack(data, count);
2530 if (IS_ERR(cp)) {
2531 rc = PTR_ERR(cp);
2532 goto out_data;
2533 }
2534
2535 skp = smk_find_entry(cp);
2536 if (skp == NULL)
2537 goto out_cp;
2538
2539 rule_list = &skp->smk_rules;
2540 rule_lock = &skp->smk_rules_lock;
2541
2542 mutex_lock(rule_lock);
2543
2544 list_for_each_entry_rcu(sp, rule_list, list)
2545 sp->smk_access = 0;
2546
2547 mutex_unlock(rule_lock);
2548
2549 out_cp:
2550 kfree(cp);
2551 out_data:
2552 kfree(data);
2553
2554 return rc;
2555 }
2556
2557 static const struct file_operations smk_revoke_subj_ops = {
2558 .write = smk_write_revoke_subj,
2559 .read = simple_transaction_read,
2560 .release = simple_transaction_release,
2561 .llseek = generic_file_llseek,
2562 };
2563
2564 /**
2565 * smk_init_sysfs - initialize /sys/fs/smackfs
2566 *
2567 */
smk_init_sysfs(void)2568 static int smk_init_sysfs(void)
2569 {
2570 return sysfs_create_mount_point(fs_kobj, "smackfs");
2571 }
2572
2573 /**
2574 * smk_write_change_rule - write() for /smack/change-rule
2575 * @file: file pointer
2576 * @buf: data from user space
2577 * @count: bytes sent
2578 * @ppos: where to start - must be 0
2579 */
smk_write_change_rule(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2580 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
2581 size_t count, loff_t *ppos)
2582 {
2583 /*
2584 * Must have privilege.
2585 */
2586 if (!smack_privileged(CAP_MAC_ADMIN))
2587 return -EPERM;
2588
2589 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2590 SMK_CHANGE_FMT);
2591 }
2592
2593 static const struct file_operations smk_change_rule_ops = {
2594 .write = smk_write_change_rule,
2595 .read = simple_transaction_read,
2596 .release = simple_transaction_release,
2597 .llseek = generic_file_llseek,
2598 };
2599
2600 /**
2601 * smk_read_syslog - read() for smackfs/syslog
2602 * @filp: file pointer, not actually used
2603 * @buf: where to put the result
2604 * @cn: maximum to send along
2605 * @ppos: where to start
2606 *
2607 * Returns number of bytes read or error code, as appropriate
2608 */
smk_read_syslog(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2609 static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
2610 size_t cn, loff_t *ppos)
2611 {
2612 struct smack_known *skp;
2613 ssize_t rc = -EINVAL;
2614 int asize;
2615
2616 if (*ppos != 0)
2617 return 0;
2618
2619 if (smack_syslog_label == NULL)
2620 skp = &smack_known_star;
2621 else
2622 skp = smack_syslog_label;
2623
2624 asize = strlen(skp->smk_known) + 1;
2625
2626 if (cn >= asize)
2627 rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
2628 asize);
2629
2630 return rc;
2631 }
2632
2633 /**
2634 * smk_write_syslog - write() for smackfs/syslog
2635 * @file: file pointer, not actually used
2636 * @buf: where to get the data from
2637 * @count: bytes sent
2638 * @ppos: where to start
2639 *
2640 * Returns number of bytes written or error code, as appropriate
2641 */
smk_write_syslog(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2642 static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
2643 size_t count, loff_t *ppos)
2644 {
2645 char *data;
2646 struct smack_known *skp;
2647 int rc = count;
2648
2649 if (!smack_privileged(CAP_MAC_ADMIN))
2650 return -EPERM;
2651
2652 /* Enough data must be present */
2653 if (count == 0 || count > PAGE_SIZE)
2654 return -EINVAL;
2655
2656 data = memdup_user_nul(buf, count);
2657 if (IS_ERR(data))
2658 return PTR_ERR(data);
2659
2660 skp = smk_import_entry(data, count);
2661 if (IS_ERR(skp))
2662 rc = PTR_ERR(skp);
2663 else
2664 smack_syslog_label = skp;
2665
2666 kfree(data);
2667 return rc;
2668 }
2669
2670 static const struct file_operations smk_syslog_ops = {
2671 .read = smk_read_syslog,
2672 .write = smk_write_syslog,
2673 .llseek = default_llseek,
2674 };
2675
2676 /*
2677 * Seq_file read operations for /smack/relabel-self
2678 */
2679
relabel_self_seq_start(struct seq_file * s,loff_t * pos)2680 static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos)
2681 {
2682 struct task_smack *tsp = smack_cred(current_cred());
2683
2684 return smk_seq_start(s, pos, &tsp->smk_relabel);
2685 }
2686
relabel_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2687 static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2688 {
2689 struct task_smack *tsp = smack_cred(current_cred());
2690
2691 return smk_seq_next(s, v, pos, &tsp->smk_relabel);
2692 }
2693
relabel_self_seq_show(struct seq_file * s,void * v)2694 static int relabel_self_seq_show(struct seq_file *s, void *v)
2695 {
2696 struct list_head *list = v;
2697 struct smack_known_list_elem *sklep =
2698 list_entry(list, struct smack_known_list_elem, list);
2699
2700 seq_puts(s, sklep->smk_label->smk_known);
2701 seq_putc(s, ' ');
2702
2703 return 0;
2704 }
2705
2706 static const struct seq_operations relabel_self_seq_ops = {
2707 .start = relabel_self_seq_start,
2708 .next = relabel_self_seq_next,
2709 .show = relabel_self_seq_show,
2710 .stop = smk_seq_stop,
2711 };
2712
2713 /**
2714 * smk_open_relabel_self - open() for /smack/relabel-self
2715 * @inode: inode structure representing file
2716 * @file: "relabel-self" file pointer
2717 *
2718 * Connect our relabel_self_seq_* operations with /smack/relabel-self
2719 * file_operations
2720 */
smk_open_relabel_self(struct inode * inode,struct file * file)2721 static int smk_open_relabel_self(struct inode *inode, struct file *file)
2722 {
2723 return seq_open(file, &relabel_self_seq_ops);
2724 }
2725
2726 /**
2727 * smk_write_relabel_self - write() for /smack/relabel-self
2728 * @file: file pointer, not actually used
2729 * @buf: where to get the data from
2730 * @count: bytes sent
2731 * @ppos: where to start - must be 0
2732 *
2733 */
smk_write_relabel_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2734 static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
2735 size_t count, loff_t *ppos)
2736 {
2737 char *data;
2738 int rc;
2739 LIST_HEAD(list_tmp);
2740
2741 /*
2742 * Must have privilege.
2743 */
2744 if (!smack_privileged(CAP_MAC_ADMIN))
2745 return -EPERM;
2746
2747 /*
2748 * No partial write.
2749 * Enough data must be present.
2750 */
2751 if (*ppos != 0)
2752 return -EINVAL;
2753 if (count == 0 || count > PAGE_SIZE)
2754 return -EINVAL;
2755
2756 data = memdup_user_nul(buf, count);
2757 if (IS_ERR(data))
2758 return PTR_ERR(data);
2759
2760 rc = smk_parse_label_list(data, &list_tmp);
2761 kfree(data);
2762
2763 if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2764 struct cred *new;
2765 struct task_smack *tsp;
2766
2767 new = prepare_creds();
2768 if (!new) {
2769 rc = -ENOMEM;
2770 goto out;
2771 }
2772 tsp = smack_cred(new);
2773 smk_destroy_label_list(&tsp->smk_relabel);
2774 list_splice(&list_tmp, &tsp->smk_relabel);
2775 commit_creds(new);
2776 return count;
2777 }
2778 out:
2779 smk_destroy_label_list(&list_tmp);
2780 return rc;
2781 }
2782
2783 static const struct file_operations smk_relabel_self_ops = {
2784 .open = smk_open_relabel_self,
2785 .read = seq_read,
2786 .llseek = seq_lseek,
2787 .write = smk_write_relabel_self,
2788 .release = seq_release,
2789 };
2790
2791 /**
2792 * smk_read_ptrace - read() for /smack/ptrace
2793 * @filp: file pointer, not actually used
2794 * @buf: where to put the result
2795 * @count: maximum to send along
2796 * @ppos: where to start
2797 *
2798 * Returns number of bytes read or error code, as appropriate
2799 */
smk_read_ptrace(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2800 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf,
2801 size_t count, loff_t *ppos)
2802 {
2803 char temp[32];
2804 ssize_t rc;
2805
2806 if (*ppos != 0)
2807 return 0;
2808
2809 sprintf(temp, "%d\n", smack_ptrace_rule);
2810 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2811 return rc;
2812 }
2813
2814 /**
2815 * smk_write_ptrace - write() for /smack/ptrace
2816 * @file: file pointer
2817 * @buf: data from user space
2818 * @count: bytes sent
2819 * @ppos: where to start - must be 0
2820 */
smk_write_ptrace(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2821 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf,
2822 size_t count, loff_t *ppos)
2823 {
2824 char temp[32];
2825 int i;
2826
2827 if (!smack_privileged(CAP_MAC_ADMIN))
2828 return -EPERM;
2829
2830 if (*ppos != 0 || count >= sizeof(temp) || count == 0)
2831 return -EINVAL;
2832
2833 if (copy_from_user(temp, buf, count) != 0)
2834 return -EFAULT;
2835
2836 temp[count] = '\0';
2837
2838 if (sscanf(temp, "%d", &i) != 1)
2839 return -EINVAL;
2840 if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX)
2841 return -EINVAL;
2842 smack_ptrace_rule = i;
2843
2844 return count;
2845 }
2846
2847 static const struct file_operations smk_ptrace_ops = {
2848 .write = smk_write_ptrace,
2849 .read = smk_read_ptrace,
2850 .llseek = default_llseek,
2851 };
2852
2853 /**
2854 * smk_fill_super - fill the smackfs superblock
2855 * @sb: the empty superblock
2856 * @fc: unused
2857 *
2858 * Fill in the well known entries for the smack filesystem
2859 *
2860 * Returns 0 on success, an error code on failure
2861 */
smk_fill_super(struct super_block * sb,struct fs_context * fc)2862 static int smk_fill_super(struct super_block *sb, struct fs_context *fc)
2863 {
2864 int rc;
2865
2866 static const struct tree_descr smack_files[] = {
2867 [SMK_LOAD] = {
2868 "load", &smk_load_ops, S_IRUGO|S_IWUSR},
2869 [SMK_CIPSO] = {
2870 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2871 [SMK_DOI] = {
2872 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2873 [SMK_DIRECT] = {
2874 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2875 [SMK_AMBIENT] = {
2876 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2877 [SMK_NET4ADDR] = {
2878 "netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR},
2879 [SMK_ONLYCAP] = {
2880 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2881 #ifdef CONFIG_AUDIT
2882 [SMK_LOGGING] = {
2883 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2884 #endif /* CONFIG_AUDIT */
2885 [SMK_LOAD_SELF] = {
2886 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2887 [SMK_ACCESSES] = {
2888 "access", &smk_access_ops, S_IRUGO|S_IWUGO},
2889 [SMK_MAPPED] = {
2890 "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2891 [SMK_LOAD2] = {
2892 "load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2893 [SMK_LOAD_SELF2] = {
2894 "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2895 [SMK_ACCESS2] = {
2896 "access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2897 [SMK_CIPSO2] = {
2898 "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2899 [SMK_REVOKE_SUBJ] = {
2900 "revoke-subject", &smk_revoke_subj_ops,
2901 S_IRUGO|S_IWUSR},
2902 [SMK_CHANGE_RULE] = {
2903 "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
2904 [SMK_SYSLOG] = {
2905 "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
2906 [SMK_PTRACE] = {
2907 "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
2908 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2909 [SMK_UNCONFINED] = {
2910 "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
2911 #endif
2912 #if IS_ENABLED(CONFIG_IPV6)
2913 [SMK_NET6ADDR] = {
2914 "ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR},
2915 #endif /* CONFIG_IPV6 */
2916 [SMK_RELABEL_SELF] = {
2917 "relabel-self", &smk_relabel_self_ops,
2918 S_IRUGO|S_IWUGO},
2919 /* last one */
2920 {""}
2921 };
2922
2923 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2924 if (rc != 0) {
2925 printk(KERN_ERR "%s failed %d while creating inodes\n",
2926 __func__, rc);
2927 return rc;
2928 }
2929
2930 return 0;
2931 }
2932
2933 /**
2934 * smk_get_tree - get the smackfs superblock
2935 * @fc: The mount context, including any options
2936 *
2937 * Just passes everything along.
2938 *
2939 * Returns what the lower level code does.
2940 */
smk_get_tree(struct fs_context * fc)2941 static int smk_get_tree(struct fs_context *fc)
2942 {
2943 return get_tree_single(fc, smk_fill_super);
2944 }
2945
2946 static const struct fs_context_operations smk_context_ops = {
2947 .get_tree = smk_get_tree,
2948 };
2949
2950 /**
2951 * smk_init_fs_context - Initialise a filesystem context for smackfs
2952 * @fc: The blank mount context
2953 */
smk_init_fs_context(struct fs_context * fc)2954 static int smk_init_fs_context(struct fs_context *fc)
2955 {
2956 fc->ops = &smk_context_ops;
2957 return 0;
2958 }
2959
2960 static struct file_system_type smk_fs_type = {
2961 .name = "smackfs",
2962 .init_fs_context = smk_init_fs_context,
2963 .kill_sb = kill_litter_super,
2964 };
2965
2966 static struct vfsmount *smackfs_mount;
2967
2968 /**
2969 * init_smk_fs - get the smackfs superblock
2970 *
2971 * register the smackfs
2972 *
2973 * Do not register smackfs if Smack wasn't enabled
2974 * on boot. We can not put this method normally under the
2975 * smack_init() code path since the security subsystem get
2976 * initialized before the vfs caches.
2977 *
2978 * Returns true if we were not chosen on boot or if
2979 * we were chosen and filesystem registration succeeded.
2980 */
init_smk_fs(void)2981 int __init init_smk_fs(void)
2982 {
2983 int err;
2984 int rc;
2985
2986 if (smack_enabled == 0)
2987 return 0;
2988
2989 err = smk_init_sysfs();
2990 if (err)
2991 printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
2992
2993 err = register_filesystem(&smk_fs_type);
2994 if (!err) {
2995 smackfs_mount = kern_mount(&smk_fs_type);
2996 if (IS_ERR(smackfs_mount)) {
2997 printk(KERN_ERR "smackfs: could not mount!\n");
2998 err = PTR_ERR(smackfs_mount);
2999 smackfs_mount = NULL;
3000 }
3001 }
3002
3003 smk_cipso_doi();
3004 smk_unlbl_ambient(NULL);
3005
3006 rc = smack_populate_secattr(&smack_known_floor);
3007 if (err == 0 && rc < 0)
3008 err = rc;
3009 rc = smack_populate_secattr(&smack_known_hat);
3010 if (err == 0 && rc < 0)
3011 err = rc;
3012 rc = smack_populate_secattr(&smack_known_huh);
3013 if (err == 0 && rc < 0)
3014 err = rc;
3015 rc = smack_populate_secattr(&smack_known_star);
3016 if (err == 0 && rc < 0)
3017 err = rc;
3018 rc = smack_populate_secattr(&smack_known_web);
3019 if (err == 0 && rc < 0)
3020 err = rc;
3021
3022 return err;
3023 }
3024