xref: /linux/security/smack/smackfs.c (revision 3fd6c59042dbba50391e30862beac979491145fe)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
4  *
5  * Authors:
6  * 	Casey Schaufler <casey@schaufler-ca.com>
7  * 	Ahmed S. Darwish <darwish.07@gmail.com>
8  *
9  * Special thanks to the authors of selinuxfs.
10  *
11  *	Karl MacMillan <kmacmillan@tresys.com>
12  *	James Morris <jmorris@redhat.com>
13  */
14 
15 #include <linux/kernel.h>
16 #include <linux/vmalloc.h>
17 #include <linux/security.h>
18 #include <linux/mutex.h>
19 #include <linux/slab.h>
20 #include <net/net_namespace.h>
21 #include <net/cipso_ipv4.h>
22 #include <linux/seq_file.h>
23 #include <linux/ctype.h>
24 #include <linux/audit.h>
25 #include <linux/magic.h>
26 #include <linux/mount.h>
27 #include <linux/fs_context.h>
28 #include "smack.h"
29 
30 #define BEBITS	(sizeof(__be32) * 8)
31 /*
32  * smackfs pseudo filesystem.
33  */
34 
35 enum smk_inos {
36 	SMK_ROOT_INO	= 2,
37 	SMK_LOAD	= 3,	/* load policy */
38 	SMK_CIPSO	= 4,	/* load label -> CIPSO mapping */
39 	SMK_DOI		= 5,	/* CIPSO DOI */
40 	SMK_DIRECT	= 6,	/* CIPSO level indicating direct label */
41 	SMK_AMBIENT	= 7,	/* internet ambient label */
42 	SMK_NET4ADDR	= 8,	/* single label hosts */
43 	SMK_ONLYCAP	= 9,	/* the only "capable" label */
44 	SMK_LOGGING	= 10,	/* logging */
45 	SMK_LOAD_SELF	= 11,	/* task specific rules */
46 	SMK_ACCESSES	= 12,	/* access policy */
47 	SMK_MAPPED	= 13,	/* CIPSO level indicating mapped label */
48 	SMK_LOAD2	= 14,	/* load policy with long labels */
49 	SMK_LOAD_SELF2	= 15,	/* load task specific rules with long labels */
50 	SMK_ACCESS2	= 16,	/* make an access check with long labels */
51 	SMK_CIPSO2	= 17,	/* load long label -> CIPSO mapping */
52 	SMK_REVOKE_SUBJ	= 18,	/* set rules with subject label to '-' */
53 	SMK_CHANGE_RULE	= 19,	/* change or add rules (long labels) */
54 	SMK_SYSLOG	= 20,	/* change syslog label) */
55 	SMK_PTRACE	= 21,	/* set ptrace rule */
56 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
57 	SMK_UNCONFINED	= 22,	/* define an unconfined label */
58 #endif
59 #if IS_ENABLED(CONFIG_IPV6)
60 	SMK_NET6ADDR	= 23,	/* single label IPv6 hosts */
61 #endif /* CONFIG_IPV6 */
62 	SMK_RELABEL_SELF = 24, /* relabel possible without CAP_MAC_ADMIN */
63 };
64 
65 /*
66  * List locks
67  */
68 static DEFINE_MUTEX(smack_cipso_lock);
69 static DEFINE_MUTEX(smack_ambient_lock);
70 static DEFINE_MUTEX(smk_net4addr_lock);
71 #if IS_ENABLED(CONFIG_IPV6)
72 static DEFINE_MUTEX(smk_net6addr_lock);
73 #endif /* CONFIG_IPV6 */
74 
75 /*
76  * This is the "ambient" label for network traffic.
77  * If it isn't somehow marked, use this.
78  * It can be reset via smackfs/ambient
79  */
80 struct smack_known *smack_net_ambient;
81 
82 /*
83  * This is the level in a CIPSO header that indicates a
84  * smack label is contained directly in the category set.
85  * It can be reset via smackfs/direct
86  */
87 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
88 
89 /*
90  * This is the level in a CIPSO header that indicates a
91  * secid is contained directly in the category set.
92  * It can be reset via smackfs/mapped
93  */
94 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
95 
96 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
97 /*
98  * Allow one label to be unconfined. This is for
99  * debugging and application bring-up purposes only.
100  * It is bad and wrong, but everyone seems to expect
101  * to have it.
102  */
103 struct smack_known *smack_unconfined;
104 #endif
105 
106 /*
107  * If this value is set restrict syslog use to the label specified.
108  * It can be reset via smackfs/syslog
109  */
110 struct smack_known *smack_syslog_label;
111 
112 /*
113  * Ptrace current rule
114  * SMACK_PTRACE_DEFAULT    regular smack ptrace rules (/proc based)
115  * SMACK_PTRACE_EXACT      labels must match, but can be overriden with
116  *			   CAP_SYS_PTRACE
117  * SMACK_PTRACE_DRACONIAN  labels must match, CAP_SYS_PTRACE has no effect
118  */
119 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
120 
121 /*
122  * Certain IP addresses may be designated as single label hosts.
123  * Packets are sent there unlabeled, but only from tasks that
124  * can write to the specified label.
125  */
126 
127 LIST_HEAD(smk_net4addr_list);
128 #if IS_ENABLED(CONFIG_IPV6)
129 LIST_HEAD(smk_net6addr_list);
130 #endif /* CONFIG_IPV6 */
131 
132 /*
133  * Rule lists are maintained for each label.
134  */
135 struct smack_parsed_rule {
136 	struct smack_known	*smk_subject;
137 	struct smack_known	*smk_object;
138 	int			smk_access1;
139 	int			smk_access2;
140 };
141 
142 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
143 
144 /*
145  * Values for parsing cipso rules
146  * SMK_DIGITLEN: Length of a digit field in a rule.
147  * SMK_CIPSOMIN: Minimum possible cipso rule length.
148  * SMK_CIPSOMAX: Maximum possible cipso rule length.
149  */
150 #define SMK_DIGITLEN 4
151 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
152 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
153 
154 /*
155  * Values for parsing MAC rules
156  * SMK_ACCESS: Maximum possible combination of access permissions
157  * SMK_ACCESSLEN: Maximum length for a rule access field
158  * SMK_LOADLEN: Smack rule length
159  */
160 #define SMK_OACCESS	"rwxa"
161 #define SMK_ACCESS	"rwxatl"
162 #define SMK_OACCESSLEN	(sizeof(SMK_OACCESS) - 1)
163 #define SMK_ACCESSLEN	(sizeof(SMK_ACCESS) - 1)
164 #define SMK_OLOADLEN	(SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
165 #define SMK_LOADLEN	(SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
166 
167 /*
168  * Stricly for CIPSO level manipulation.
169  * Set the category bit number in a smack label sized buffer.
170  */
smack_catset_bit(unsigned int cat,char * catsetp)171 static inline void smack_catset_bit(unsigned int cat, char *catsetp)
172 {
173 	if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
174 		return;
175 
176 	catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
177 }
178 
179 /**
180  * smk_netlabel_audit_set - fill a netlbl_audit struct
181  * @nap: structure to fill
182  */
smk_netlabel_audit_set(struct netlbl_audit * nap)183 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
184 {
185 	nap->loginuid = audit_get_loginuid(current);
186 	nap->sessionid = audit_get_sessionid(current);
187 	nap->prop.smack.skp = smk_of_current();
188 }
189 
190 /*
191  * Value for parsing single label host rules
192  * "1.2.3.4 X"
193  */
194 #define SMK_NETLBLADDRMIN	9
195 
196 /**
197  * smk_set_access - add a rule to the rule list or replace an old rule
198  * @srp: the rule to add or replace
199  * @rule_list: the list of rules
200  * @rule_lock: the rule list lock
201  *
202  * Looks through the current subject/object/access list for
203  * the subject/object pair and replaces the access that was
204  * there. If the pair isn't found add it with the specified
205  * access.
206  *
207  * Returns 0 if nothing goes wrong or -ENOMEM if it fails
208  * during the allocation of the new pair to add.
209  */
smk_set_access(struct smack_parsed_rule * srp,struct list_head * rule_list,struct mutex * rule_lock)210 static int smk_set_access(struct smack_parsed_rule *srp,
211 				struct list_head *rule_list,
212 				struct mutex *rule_lock)
213 {
214 	struct smack_rule *sp;
215 	int found = 0;
216 	int rc = 0;
217 
218 	mutex_lock(rule_lock);
219 
220 	/*
221 	 * Because the object label is less likely to match
222 	 * than the subject label check it first
223 	 */
224 	list_for_each_entry_rcu(sp, rule_list, list) {
225 		if (sp->smk_object == srp->smk_object &&
226 		    sp->smk_subject == srp->smk_subject) {
227 			found = 1;
228 			sp->smk_access |= srp->smk_access1;
229 			sp->smk_access &= ~srp->smk_access2;
230 			break;
231 		}
232 	}
233 
234 	if (found == 0) {
235 		sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
236 		if (sp == NULL) {
237 			rc = -ENOMEM;
238 			goto out;
239 		}
240 
241 		sp->smk_subject = srp->smk_subject;
242 		sp->smk_object = srp->smk_object;
243 		sp->smk_access = srp->smk_access1 & ~srp->smk_access2;
244 
245 		list_add_rcu(&sp->list, rule_list);
246 	}
247 
248 out:
249 	mutex_unlock(rule_lock);
250 	return rc;
251 }
252 
253 /**
254  * smk_perm_from_str - parse smack accesses from a text string
255  * @string: a text string that contains a Smack accesses code
256  *
257  * Returns an integer with respective bits set for specified accesses.
258  */
smk_perm_from_str(const char * string)259 static int smk_perm_from_str(const char *string)
260 {
261 	int perm = 0;
262 	const char *cp;
263 
264 	for (cp = string; ; cp++)
265 		switch (*cp) {
266 		case '-':
267 			break;
268 		case 'r':
269 		case 'R':
270 			perm |= MAY_READ;
271 			break;
272 		case 'w':
273 		case 'W':
274 			perm |= MAY_WRITE;
275 			break;
276 		case 'x':
277 		case 'X':
278 			perm |= MAY_EXEC;
279 			break;
280 		case 'a':
281 		case 'A':
282 			perm |= MAY_APPEND;
283 			break;
284 		case 't':
285 		case 'T':
286 			perm |= MAY_TRANSMUTE;
287 			break;
288 		case 'l':
289 		case 'L':
290 			perm |= MAY_LOCK;
291 			break;
292 		case 'b':
293 		case 'B':
294 			perm |= MAY_BRINGUP;
295 			break;
296 		default:
297 			return perm;
298 		}
299 }
300 
301 /**
302  * smk_fill_rule - Fill Smack rule from strings
303  * @subject: subject label string
304  * @object: object label string
305  * @access1: access string
306  * @access2: string with permissions to be removed
307  * @rule: Smack rule
308  * @import: if non-zero, import labels
309  * @len: label length limit
310  *
311  * Returns 0 on success, appropriate error code on failure.
312  */
smk_fill_rule(const char * subject,const char * object,const char * access1,const char * access2,struct smack_parsed_rule * rule,int import,int len)313 static int smk_fill_rule(const char *subject, const char *object,
314 				const char *access1, const char *access2,
315 				struct smack_parsed_rule *rule, int import,
316 				int len)
317 {
318 	const char *cp;
319 	struct smack_known *skp;
320 
321 	if (import) {
322 		rule->smk_subject = smk_import_entry(subject, len);
323 		if (IS_ERR(rule->smk_subject))
324 			return PTR_ERR(rule->smk_subject);
325 
326 		rule->smk_object = smk_import_entry(object, len);
327 		if (IS_ERR(rule->smk_object))
328 			return PTR_ERR(rule->smk_object);
329 	} else {
330 		cp = smk_parse_smack(subject, len);
331 		if (IS_ERR(cp))
332 			return PTR_ERR(cp);
333 		skp = smk_find_entry(cp);
334 		kfree(cp);
335 		if (skp == NULL)
336 			return -ENOENT;
337 		rule->smk_subject = skp;
338 
339 		cp = smk_parse_smack(object, len);
340 		if (IS_ERR(cp))
341 			return PTR_ERR(cp);
342 		skp = smk_find_entry(cp);
343 		kfree(cp);
344 		if (skp == NULL)
345 			return -ENOENT;
346 		rule->smk_object = skp;
347 	}
348 
349 	rule->smk_access1 = smk_perm_from_str(access1);
350 	if (access2)
351 		rule->smk_access2 = smk_perm_from_str(access2);
352 	else
353 		rule->smk_access2 = ~rule->smk_access1;
354 
355 	return 0;
356 }
357 
358 /**
359  * smk_parse_rule - parse Smack rule from load string
360  * @data: string to be parsed whose size is SMK_LOADLEN
361  * @rule: Smack rule
362  * @import: if non-zero, import labels
363  *
364  * Returns 0 on success, -1 on errors.
365  */
smk_parse_rule(const char * data,struct smack_parsed_rule * rule,int import)366 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
367 				int import)
368 {
369 	int rc;
370 
371 	rc = smk_fill_rule(data, data + SMK_LABELLEN,
372 			   data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule,
373 			   import, SMK_LABELLEN);
374 	return rc;
375 }
376 
377 /**
378  * smk_parse_long_rule - parse Smack rule from rule string
379  * @data: string to be parsed, null terminated
380  * @rule: Will be filled with Smack parsed rule
381  * @import: if non-zero, import labels
382  * @tokens: number of substrings expected in data
383  *
384  * Returns number of processed bytes on success, -ERRNO on failure.
385  */
smk_parse_long_rule(char * data,struct smack_parsed_rule * rule,int import,int tokens)386 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
387 				int import, int tokens)
388 {
389 	ssize_t cnt = 0;
390 	char *tok[4];
391 	int rc;
392 	int i;
393 
394 	/*
395 	 * Parsing the rule in-place, filling all white-spaces with '\0'
396 	 */
397 	for (i = 0; i < tokens; ++i) {
398 		while (isspace(data[cnt]))
399 			data[cnt++] = '\0';
400 
401 		if (data[cnt] == '\0')
402 			/* Unexpected end of data */
403 			return -EINVAL;
404 
405 		tok[i] = data + cnt;
406 
407 		while (data[cnt] && !isspace(data[cnt]))
408 			++cnt;
409 	}
410 	while (isspace(data[cnt]))
411 		data[cnt++] = '\0';
412 
413 	while (i < 4)
414 		tok[i++] = NULL;
415 
416 	rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
417 	return rc == 0 ? cnt : rc;
418 }
419 
420 #define SMK_FIXED24_FMT	0	/* Fixed 24byte label format */
421 #define SMK_LONG_FMT	1	/* Variable long label format */
422 #define SMK_CHANGE_FMT	2	/* Rule modification format */
423 /**
424  * smk_write_rules_list - write() for any /smack rule file
425  * @file: file pointer, not actually used
426  * @buf: where to get the data from
427  * @count: bytes sent
428  * @ppos: where to start - must be 0
429  * @rule_list: the list of rules to write to
430  * @rule_lock: lock for the rule list
431  * @format: /smack/load or /smack/load2 or /smack/change-rule format.
432  *
433  * Get one smack access rule from above.
434  * The format for SMK_LONG_FMT is:
435  *	"subject<whitespace>object<whitespace>access[<whitespace>...]"
436  * The format for SMK_FIXED24_FMT is exactly:
437  *	"subject                 object                  rwxat"
438  * The format for SMK_CHANGE_FMT is:
439  *	"subject<whitespace>object<whitespace>
440  *	 acc_enable<whitespace>acc_disable[<whitespace>...]"
441  */
smk_write_rules_list(struct file * file,const char __user * buf,size_t count,loff_t * ppos,struct list_head * rule_list,struct mutex * rule_lock,int format)442 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
443 					size_t count, loff_t *ppos,
444 					struct list_head *rule_list,
445 					struct mutex *rule_lock, int format)
446 {
447 	struct smack_parsed_rule rule;
448 	char *data;
449 	int rc;
450 	int trunc = 0;
451 	int tokens;
452 	ssize_t cnt = 0;
453 
454 	/*
455 	 * No partial writes.
456 	 * Enough data must be present.
457 	 */
458 	if (*ppos != 0)
459 		return -EINVAL;
460 
461 	if (format == SMK_FIXED24_FMT) {
462 		/*
463 		 * Minor hack for backward compatibility
464 		 */
465 		if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
466 			return -EINVAL;
467 	} else {
468 		if (count >= PAGE_SIZE) {
469 			count = PAGE_SIZE - 1;
470 			trunc = 1;
471 		}
472 	}
473 
474 	data = memdup_user_nul(buf, count);
475 	if (IS_ERR(data))
476 		return PTR_ERR(data);
477 
478 	/*
479 	 * In case of parsing only part of user buf,
480 	 * avoid having partial rule at the data buffer
481 	 */
482 	if (trunc) {
483 		while (count > 0 && (data[count - 1] != '\n'))
484 			--count;
485 		if (count == 0) {
486 			rc = -EINVAL;
487 			goto out;
488 		}
489 	}
490 
491 	data[count] = '\0';
492 	tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
493 	while (cnt < count) {
494 		if (format == SMK_FIXED24_FMT) {
495 			rc = smk_parse_rule(data, &rule, 1);
496 			if (rc < 0)
497 				goto out;
498 			cnt = count;
499 		} else {
500 			rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
501 			if (rc < 0)
502 				goto out;
503 			if (rc == 0) {
504 				rc = -EINVAL;
505 				goto out;
506 			}
507 			cnt += rc;
508 		}
509 
510 		if (rule_list == NULL)
511 			rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
512 				&rule.smk_subject->smk_rules_lock);
513 		else
514 			rc = smk_set_access(&rule, rule_list, rule_lock);
515 
516 		if (rc)
517 			goto out;
518 	}
519 
520 	rc = cnt;
521 out:
522 	kfree(data);
523 	return rc;
524 }
525 
526 /*
527  * Core logic for smackfs seq list operations.
528  */
529 
smk_seq_start(struct seq_file * s,loff_t * pos,struct list_head * head)530 static void *smk_seq_start(struct seq_file *s, loff_t *pos,
531 				struct list_head *head)
532 {
533 	struct list_head *list;
534 	int i = *pos;
535 
536 	rcu_read_lock();
537 	for (list = rcu_dereference(list_next_rcu(head));
538 		list != head;
539 		list = rcu_dereference(list_next_rcu(list))) {
540 		if (i-- == 0)
541 			return list;
542 	}
543 
544 	return NULL;
545 }
546 
smk_seq_next(struct seq_file * s,void * v,loff_t * pos,struct list_head * head)547 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
548 				struct list_head *head)
549 {
550 	struct list_head *list = v;
551 
552 	++*pos;
553 	list = rcu_dereference(list_next_rcu(list));
554 
555 	return (list == head) ? NULL : list;
556 }
557 
smk_seq_stop(struct seq_file * s,void * v)558 static void smk_seq_stop(struct seq_file *s, void *v)
559 {
560 	rcu_read_unlock();
561 }
562 
smk_rule_show(struct seq_file * s,struct smack_rule * srp,int max)563 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
564 {
565 	/*
566 	 * Don't show any rules with label names too long for
567 	 * interface file (/smack/load or /smack/load2)
568 	 * because you should expect to be able to write
569 	 * anything you read back.
570 	 */
571 	if (strlen(srp->smk_subject->smk_known) >= max ||
572 	    strlen(srp->smk_object->smk_known) >= max)
573 		return;
574 
575 	if (srp->smk_access == 0)
576 		return;
577 
578 	seq_printf(s, "%s %s",
579 		   srp->smk_subject->smk_known,
580 		   srp->smk_object->smk_known);
581 
582 	seq_putc(s, ' ');
583 
584 	if (srp->smk_access & MAY_READ)
585 		seq_putc(s, 'r');
586 	if (srp->smk_access & MAY_WRITE)
587 		seq_putc(s, 'w');
588 	if (srp->smk_access & MAY_EXEC)
589 		seq_putc(s, 'x');
590 	if (srp->smk_access & MAY_APPEND)
591 		seq_putc(s, 'a');
592 	if (srp->smk_access & MAY_TRANSMUTE)
593 		seq_putc(s, 't');
594 	if (srp->smk_access & MAY_LOCK)
595 		seq_putc(s, 'l');
596 	if (srp->smk_access & MAY_BRINGUP)
597 		seq_putc(s, 'b');
598 
599 	seq_putc(s, '\n');
600 }
601 
602 /*
603  * Seq_file read operations for /smack/load
604  */
605 
load2_seq_start(struct seq_file * s,loff_t * pos)606 static void *load2_seq_start(struct seq_file *s, loff_t *pos)
607 {
608 	return smk_seq_start(s, pos, &smack_known_list);
609 }
610 
load2_seq_next(struct seq_file * s,void * v,loff_t * pos)611 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
612 {
613 	return smk_seq_next(s, v, pos, &smack_known_list);
614 }
615 
load_seq_show(struct seq_file * s,void * v)616 static int load_seq_show(struct seq_file *s, void *v)
617 {
618 	struct list_head *list = v;
619 	struct smack_rule *srp;
620 	struct smack_known *skp =
621 		list_entry_rcu(list, struct smack_known, list);
622 
623 	list_for_each_entry_rcu(srp, &skp->smk_rules, list)
624 		smk_rule_show(s, srp, SMK_LABELLEN);
625 
626 	return 0;
627 }
628 
629 static const struct seq_operations load_seq_ops = {
630 	.start = load2_seq_start,
631 	.next  = load2_seq_next,
632 	.show  = load_seq_show,
633 	.stop  = smk_seq_stop,
634 };
635 
636 /**
637  * smk_open_load - open() for /smack/load
638  * @inode: inode structure representing file
639  * @file: "load" file pointer
640  *
641  * For reading, use load_seq_* seq_file reading operations.
642  */
smk_open_load(struct inode * inode,struct file * file)643 static int smk_open_load(struct inode *inode, struct file *file)
644 {
645 	return seq_open(file, &load_seq_ops);
646 }
647 
648 /**
649  * smk_write_load - write() for /smack/load
650  * @file: file pointer, not actually used
651  * @buf: where to get the data from
652  * @count: bytes sent
653  * @ppos: where to start - must be 0
654  *
655  */
smk_write_load(struct file * file,const char __user * buf,size_t count,loff_t * ppos)656 static ssize_t smk_write_load(struct file *file, const char __user *buf,
657 			      size_t count, loff_t *ppos)
658 {
659 	/*
660 	 * Must have privilege.
661 	 * No partial writes.
662 	 * Enough data must be present.
663 	 */
664 	if (!smack_privileged(CAP_MAC_ADMIN))
665 		return -EPERM;
666 
667 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
668 				    SMK_FIXED24_FMT);
669 }
670 
671 static const struct file_operations smk_load_ops = {
672 	.open           = smk_open_load,
673 	.read		= seq_read,
674 	.llseek         = seq_lseek,
675 	.write		= smk_write_load,
676 	.release        = seq_release,
677 };
678 
679 /**
680  * smk_cipso_doi - initialize the CIPSO domain
681  */
smk_cipso_doi(void)682 static void smk_cipso_doi(void)
683 {
684 	int rc;
685 	struct cipso_v4_doi *doip;
686 	struct netlbl_audit nai;
687 
688 	smk_netlabel_audit_set(&nai);
689 
690 	rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
691 	if (rc != 0)
692 		printk(KERN_WARNING "%s:%d remove rc = %d\n",
693 		       __func__, __LINE__, rc);
694 
695 	doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL | __GFP_NOFAIL);
696 	doip->map.std = NULL;
697 	doip->doi = smk_cipso_doi_value;
698 	doip->type = CIPSO_V4_MAP_PASS;
699 	doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
700 	for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
701 		doip->tags[rc] = CIPSO_V4_TAG_INVALID;
702 
703 	rc = netlbl_cfg_cipsov4_add(doip, &nai);
704 	if (rc != 0) {
705 		printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
706 		       __func__, __LINE__, rc);
707 		kfree(doip);
708 		return;
709 	}
710 	rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
711 	if (rc != 0) {
712 		printk(KERN_WARNING "%s:%d map add rc = %d\n",
713 		       __func__, __LINE__, rc);
714 		netlbl_cfg_cipsov4_del(doip->doi, &nai);
715 		return;
716 	}
717 }
718 
719 /**
720  * smk_unlbl_ambient - initialize the unlabeled domain
721  * @oldambient: previous domain string
722  */
smk_unlbl_ambient(char * oldambient)723 static void smk_unlbl_ambient(char *oldambient)
724 {
725 	int rc;
726 	struct netlbl_audit nai;
727 
728 	smk_netlabel_audit_set(&nai);
729 
730 	if (oldambient != NULL) {
731 		rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
732 		if (rc != 0)
733 			printk(KERN_WARNING "%s:%d remove rc = %d\n",
734 			       __func__, __LINE__, rc);
735 	}
736 	if (smack_net_ambient == NULL)
737 		smack_net_ambient = &smack_known_floor;
738 
739 	rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
740 				      NULL, NULL, &nai);
741 	if (rc != 0)
742 		printk(KERN_WARNING "%s:%d add rc = %d\n",
743 		       __func__, __LINE__, rc);
744 }
745 
746 /*
747  * Seq_file read operations for /smack/cipso
748  */
749 
cipso_seq_start(struct seq_file * s,loff_t * pos)750 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
751 {
752 	return smk_seq_start(s, pos, &smack_known_list);
753 }
754 
cipso_seq_next(struct seq_file * s,void * v,loff_t * pos)755 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
756 {
757 	return smk_seq_next(s, v, pos, &smack_known_list);
758 }
759 
760 /*
761  * Print cipso labels in format:
762  * label level[/cat[,cat]]
763  */
cipso_seq_show(struct seq_file * s,void * v)764 static int cipso_seq_show(struct seq_file *s, void *v)
765 {
766 	struct list_head  *list = v;
767 	struct smack_known *skp =
768 		list_entry_rcu(list, struct smack_known, list);
769 	struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
770 	char sep = '/';
771 	int i;
772 
773 	/*
774 	 * Don't show a label that could not have been set using
775 	 * /smack/cipso. This is in support of the notion that
776 	 * anything read from /smack/cipso ought to be writeable
777 	 * to /smack/cipso.
778 	 *
779 	 * /smack/cipso2 should be used instead.
780 	 */
781 	if (strlen(skp->smk_known) >= SMK_LABELLEN)
782 		return 0;
783 
784 	seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
785 
786 	for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
787 	     i = netlbl_catmap_walk(cmp, i + 1)) {
788 		seq_printf(s, "%c%d", sep, i);
789 		sep = ',';
790 	}
791 
792 	seq_putc(s, '\n');
793 
794 	return 0;
795 }
796 
797 static const struct seq_operations cipso_seq_ops = {
798 	.start = cipso_seq_start,
799 	.next  = cipso_seq_next,
800 	.show  = cipso_seq_show,
801 	.stop  = smk_seq_stop,
802 };
803 
804 /**
805  * smk_open_cipso - open() for /smack/cipso
806  * @inode: inode structure representing file
807  * @file: "cipso" file pointer
808  *
809  * Connect our cipso_seq_* operations with /smack/cipso
810  * file_operations
811  */
smk_open_cipso(struct inode * inode,struct file * file)812 static int smk_open_cipso(struct inode *inode, struct file *file)
813 {
814 	return seq_open(file, &cipso_seq_ops);
815 }
816 
817 /**
818  * smk_set_cipso - do the work for write() for cipso and cipso2
819  * @file: file pointer, not actually used
820  * @buf: where to get the data from
821  * @count: bytes sent
822  * @ppos: where to start
823  * @format: /smack/cipso or /smack/cipso2
824  *
825  * Accepts only one cipso rule per write call.
826  * Returns number of bytes written or error code, as appropriate
827  */
smk_set_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)828 static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
829 				size_t count, loff_t *ppos, int format)
830 {
831 	struct netlbl_lsm_catmap *old_cat, *new_cat = NULL;
832 	struct smack_known *skp;
833 	struct netlbl_lsm_secattr ncats;
834 	char mapcatset[SMK_CIPSOLEN];
835 	int maplevel;
836 	unsigned int cat;
837 	int catlen;
838 	ssize_t rc = -EINVAL;
839 	char *data = NULL;
840 	char *rule;
841 	int ret;
842 	int i;
843 
844 	/*
845 	 * Must have privilege.
846 	 * No partial writes.
847 	 * Enough data must be present.
848 	 */
849 	if (!smack_privileged(CAP_MAC_ADMIN))
850 		return -EPERM;
851 	if (*ppos != 0)
852 		return -EINVAL;
853 	if (format == SMK_FIXED24_FMT &&
854 	    (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
855 		return -EINVAL;
856 	if (count > PAGE_SIZE)
857 		return -EINVAL;
858 
859 	data = memdup_user_nul(buf, count);
860 	if (IS_ERR(data))
861 		return PTR_ERR(data);
862 
863 	rule = data;
864 	/*
865 	 * Only allow one writer at a time. Writes should be
866 	 * quite rare and small in any case.
867 	 */
868 	mutex_lock(&smack_cipso_lock);
869 
870 	skp = smk_import_entry(rule, 0);
871 	if (IS_ERR(skp)) {
872 		rc = PTR_ERR(skp);
873 		goto out;
874 	}
875 
876 	if (format == SMK_FIXED24_FMT)
877 		rule += SMK_LABELLEN;
878 	else
879 		rule += strlen(skp->smk_known) + 1;
880 
881 	if (rule > data + count) {
882 		rc = -EOVERFLOW;
883 		goto out;
884 	}
885 
886 	ret = sscanf(rule, "%d", &maplevel);
887 	if (ret != 1 || maplevel < 0 || maplevel > SMACK_CIPSO_MAXLEVEL)
888 		goto out;
889 
890 	rule += SMK_DIGITLEN;
891 	if (rule > data + count) {
892 		rc = -EOVERFLOW;
893 		goto out;
894 	}
895 
896 	ret = sscanf(rule, "%d", &catlen);
897 	if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM)
898 		goto out;
899 
900 	if (format == SMK_FIXED24_FMT &&
901 	    count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
902 		goto out;
903 
904 	memset(mapcatset, 0, sizeof(mapcatset));
905 
906 	for (i = 0; i < catlen; i++) {
907 		rule += SMK_DIGITLEN;
908 		if (rule > data + count) {
909 			rc = -EOVERFLOW;
910 			goto out;
911 		}
912 		ret = sscanf(rule, "%u", &cat);
913 		if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
914 			goto out;
915 
916 		smack_catset_bit(cat, mapcatset);
917 	}
918 	ncats.flags = 0;
919 	if (catlen == 0) {
920 		ncats.attr.mls.cat = NULL;
921 		ncats.attr.mls.lvl = maplevel;
922 		new_cat = netlbl_catmap_alloc(GFP_ATOMIC);
923 		if (new_cat)
924 			new_cat->next = ncats.attr.mls.cat;
925 		ncats.attr.mls.cat = new_cat;
926 		skp->smk_netlabel.flags &= ~(1U << 3);
927 		rc = 0;
928 	} else {
929 		rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
930 	}
931 	if (rc >= 0) {
932 		old_cat = skp->smk_netlabel.attr.mls.cat;
933 		rcu_assign_pointer(skp->smk_netlabel.attr.mls.cat, ncats.attr.mls.cat);
934 		skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
935 		synchronize_rcu();
936 		netlbl_catmap_free(old_cat);
937 		rc = count;
938 		/*
939 		 * This mapping may have been cached, so clear the cache.
940 		 */
941 		netlbl_cache_invalidate();
942 	}
943 
944 out:
945 	mutex_unlock(&smack_cipso_lock);
946 	kfree(data);
947 	return rc;
948 }
949 
950 /**
951  * smk_write_cipso - write() for /smack/cipso
952  * @file: file pointer, not actually used
953  * @buf: where to get the data from
954  * @count: bytes sent
955  * @ppos: where to start
956  *
957  * Accepts only one cipso rule per write call.
958  * Returns number of bytes written or error code, as appropriate
959  */
smk_write_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos)960 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
961 			       size_t count, loff_t *ppos)
962 {
963 	return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
964 }
965 
966 static const struct file_operations smk_cipso_ops = {
967 	.open           = smk_open_cipso,
968 	.read		= seq_read,
969 	.llseek         = seq_lseek,
970 	.write		= smk_write_cipso,
971 	.release        = seq_release,
972 };
973 
974 /*
975  * Seq_file read operations for /smack/cipso2
976  */
977 
978 /*
979  * Print cipso labels in format:
980  * label level[/cat[,cat]]
981  */
cipso2_seq_show(struct seq_file * s,void * v)982 static int cipso2_seq_show(struct seq_file *s, void *v)
983 {
984 	struct list_head  *list = v;
985 	struct smack_known *skp =
986 		list_entry_rcu(list, struct smack_known, list);
987 	struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
988 	char sep = '/';
989 	int i;
990 
991 	seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
992 
993 	for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
994 	     i = netlbl_catmap_walk(cmp, i + 1)) {
995 		seq_printf(s, "%c%d", sep, i);
996 		sep = ',';
997 	}
998 
999 	seq_putc(s, '\n');
1000 
1001 	return 0;
1002 }
1003 
1004 static const struct seq_operations cipso2_seq_ops = {
1005 	.start = cipso_seq_start,
1006 	.next  = cipso_seq_next,
1007 	.show  = cipso2_seq_show,
1008 	.stop  = smk_seq_stop,
1009 };
1010 
1011 /**
1012  * smk_open_cipso2 - open() for /smack/cipso2
1013  * @inode: inode structure representing file
1014  * @file: "cipso2" file pointer
1015  *
1016  * Connect our cipso_seq_* operations with /smack/cipso2
1017  * file_operations
1018  */
smk_open_cipso2(struct inode * inode,struct file * file)1019 static int smk_open_cipso2(struct inode *inode, struct file *file)
1020 {
1021 	return seq_open(file, &cipso2_seq_ops);
1022 }
1023 
1024 /**
1025  * smk_write_cipso2 - write() for /smack/cipso2
1026  * @file: file pointer, not actually used
1027  * @buf: where to get the data from
1028  * @count: bytes sent
1029  * @ppos: where to start
1030  *
1031  * Accepts only one cipso rule per write call.
1032  * Returns number of bytes written or error code, as appropriate
1033  */
smk_write_cipso2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1034 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
1035 			      size_t count, loff_t *ppos)
1036 {
1037 	return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
1038 }
1039 
1040 static const struct file_operations smk_cipso2_ops = {
1041 	.open           = smk_open_cipso2,
1042 	.read		= seq_read,
1043 	.llseek         = seq_lseek,
1044 	.write		= smk_write_cipso2,
1045 	.release        = seq_release,
1046 };
1047 
1048 /*
1049  * Seq_file read operations for /smack/netlabel
1050  */
1051 
net4addr_seq_start(struct seq_file * s,loff_t * pos)1052 static void *net4addr_seq_start(struct seq_file *s, loff_t *pos)
1053 {
1054 	return smk_seq_start(s, pos, &smk_net4addr_list);
1055 }
1056 
net4addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1057 static void *net4addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1058 {
1059 	return smk_seq_next(s, v, pos, &smk_net4addr_list);
1060 }
1061 
1062 /*
1063  * Print host/label pairs
1064  */
net4addr_seq_show(struct seq_file * s,void * v)1065 static int net4addr_seq_show(struct seq_file *s, void *v)
1066 {
1067 	struct list_head *list = v;
1068 	struct smk_net4addr *skp =
1069 			list_entry_rcu(list, struct smk_net4addr, list);
1070 	char *kp = SMACK_CIPSO_OPTION;
1071 
1072 	if (skp->smk_label != NULL)
1073 		kp = skp->smk_label->smk_known;
1074 	seq_printf(s, "%pI4/%d %s\n", &skp->smk_host.s_addr,
1075 			skp->smk_masks, kp);
1076 
1077 	return 0;
1078 }
1079 
1080 static const struct seq_operations net4addr_seq_ops = {
1081 	.start = net4addr_seq_start,
1082 	.next  = net4addr_seq_next,
1083 	.show  = net4addr_seq_show,
1084 	.stop  = smk_seq_stop,
1085 };
1086 
1087 /**
1088  * smk_open_net4addr - open() for /smack/netlabel
1089  * @inode: inode structure representing file
1090  * @file: "netlabel" file pointer
1091  *
1092  * Connect our net4addr_seq_* operations with /smack/netlabel
1093  * file_operations
1094  */
smk_open_net4addr(struct inode * inode,struct file * file)1095 static int smk_open_net4addr(struct inode *inode, struct file *file)
1096 {
1097 	return seq_open(file, &net4addr_seq_ops);
1098 }
1099 
1100 /**
1101  * smk_net4addr_insert
1102  * @new : netlabel to insert
1103  *
1104  * This helper insert netlabel in the smack_net4addrs list
1105  * sorted by netmask length (longest to smallest)
1106  * locked by &smk_net4addr_lock in smk_write_net4addr
1107  *
1108  */
smk_net4addr_insert(struct smk_net4addr * new)1109 static void smk_net4addr_insert(struct smk_net4addr *new)
1110 {
1111 	struct smk_net4addr *m;
1112 	struct smk_net4addr *m_next;
1113 
1114 	if (list_empty(&smk_net4addr_list)) {
1115 		list_add_rcu(&new->list, &smk_net4addr_list);
1116 		return;
1117 	}
1118 
1119 	m = list_entry_rcu(smk_net4addr_list.next,
1120 			   struct smk_net4addr, list);
1121 
1122 	/* the comparison '>' is a bit hacky, but works */
1123 	if (new->smk_masks > m->smk_masks) {
1124 		list_add_rcu(&new->list, &smk_net4addr_list);
1125 		return;
1126 	}
1127 
1128 	list_for_each_entry_rcu(m, &smk_net4addr_list, list) {
1129 		if (list_is_last(&m->list, &smk_net4addr_list)) {
1130 			list_add_rcu(&new->list, &m->list);
1131 			return;
1132 		}
1133 		m_next = list_entry_rcu(m->list.next,
1134 					struct smk_net4addr, list);
1135 		if (new->smk_masks > m_next->smk_masks) {
1136 			list_add_rcu(&new->list, &m->list);
1137 			return;
1138 		}
1139 	}
1140 }
1141 
1142 
1143 /**
1144  * smk_write_net4addr - write() for /smack/netlabel
1145  * @file: file pointer, not actually used
1146  * @buf: where to get the data from
1147  * @count: bytes sent
1148  * @ppos: where to start
1149  *
1150  * Accepts only one net4addr per write call.
1151  * Returns number of bytes written or error code, as appropriate
1152  */
smk_write_net4addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1153 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
1154 				size_t count, loff_t *ppos)
1155 {
1156 	struct smk_net4addr *snp;
1157 	struct sockaddr_in newname;
1158 	char *smack;
1159 	struct smack_known *skp = NULL;
1160 	char *data;
1161 	char *host = (char *)&newname.sin_addr.s_addr;
1162 	int rc;
1163 	struct netlbl_audit audit_info;
1164 	struct in_addr mask;
1165 	unsigned int m;
1166 	unsigned int masks;
1167 	int found;
1168 	u32 mask_bits = (1<<31);
1169 	__be32 nsa;
1170 	u32 temp_mask;
1171 
1172 	/*
1173 	 * Must have privilege.
1174 	 * No partial writes.
1175 	 * Enough data must be present.
1176 	 * "<addr/mask, as a.b.c.d/e><space><label>"
1177 	 * "<addr, as a.b.c.d><space><label>"
1178 	 */
1179 	if (!smack_privileged(CAP_MAC_ADMIN))
1180 		return -EPERM;
1181 	if (*ppos != 0)
1182 		return -EINVAL;
1183 	if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1184 		return -EINVAL;
1185 
1186 	data = memdup_user_nul(buf, count);
1187 	if (IS_ERR(data))
1188 		return PTR_ERR(data);
1189 
1190 	smack = kzalloc(count + 1, GFP_KERNEL);
1191 	if (smack == NULL) {
1192 		rc = -ENOMEM;
1193 		goto free_data_out;
1194 	}
1195 
1196 	rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
1197 		&host[0], &host[1], &host[2], &host[3], &masks, smack);
1198 	if (rc != 6) {
1199 		rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1200 			&host[0], &host[1], &host[2], &host[3], smack);
1201 		if (rc != 5) {
1202 			rc = -EINVAL;
1203 			goto free_out;
1204 		}
1205 		masks = 32;
1206 	}
1207 	if (masks > BEBITS) {
1208 		rc = -EINVAL;
1209 		goto free_out;
1210 	}
1211 
1212 	/*
1213 	 * If smack begins with '-', it is an option, don't import it
1214 	 */
1215 	if (smack[0] != '-') {
1216 		skp = smk_import_entry(smack, 0);
1217 		if (IS_ERR(skp)) {
1218 			rc = PTR_ERR(skp);
1219 			goto free_out;
1220 		}
1221 	} else {
1222 		/*
1223 		 * Only the -CIPSO option is supported for IPv4
1224 		 */
1225 		if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) {
1226 			rc = -EINVAL;
1227 			goto free_out;
1228 		}
1229 	}
1230 
1231 	for (m = masks, temp_mask = 0; m > 0; m--) {
1232 		temp_mask |= mask_bits;
1233 		mask_bits >>= 1;
1234 	}
1235 	mask.s_addr = cpu_to_be32(temp_mask);
1236 
1237 	newname.sin_addr.s_addr &= mask.s_addr;
1238 	/*
1239 	 * Only allow one writer at a time. Writes should be
1240 	 * quite rare and small in any case.
1241 	 */
1242 	mutex_lock(&smk_net4addr_lock);
1243 
1244 	nsa = newname.sin_addr.s_addr;
1245 	/* try to find if the prefix is already in the list */
1246 	found = 0;
1247 	list_for_each_entry_rcu(snp, &smk_net4addr_list, list) {
1248 		if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) {
1249 			found = 1;
1250 			break;
1251 		}
1252 	}
1253 	smk_netlabel_audit_set(&audit_info);
1254 
1255 	if (found == 0) {
1256 		snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1257 		if (snp == NULL)
1258 			rc = -ENOMEM;
1259 		else {
1260 			rc = 0;
1261 			snp->smk_host.s_addr = newname.sin_addr.s_addr;
1262 			snp->smk_mask.s_addr = mask.s_addr;
1263 			snp->smk_label = skp;
1264 			snp->smk_masks = masks;
1265 			smk_net4addr_insert(snp);
1266 		}
1267 	} else {
1268 		/*
1269 		 * Delete the unlabeled entry, only if the previous label
1270 		 * wasn't the special CIPSO option
1271 		 */
1272 		if (snp->smk_label != NULL)
1273 			rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1274 					&snp->smk_host, &snp->smk_mask,
1275 					PF_INET, &audit_info);
1276 		else
1277 			rc = 0;
1278 		snp->smk_label = skp;
1279 	}
1280 
1281 	/*
1282 	 * Now tell netlabel about the single label nature of
1283 	 * this host so that incoming packets get labeled.
1284 	 * but only if we didn't get the special CIPSO option
1285 	 */
1286 	if (rc == 0 && skp != NULL)
1287 		rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1288 			&snp->smk_host, &snp->smk_mask, PF_INET,
1289 			snp->smk_label->smk_secid, &audit_info);
1290 
1291 	if (rc == 0)
1292 		rc = count;
1293 
1294 	mutex_unlock(&smk_net4addr_lock);
1295 
1296 free_out:
1297 	kfree(smack);
1298 free_data_out:
1299 	kfree(data);
1300 
1301 	return rc;
1302 }
1303 
1304 static const struct file_operations smk_net4addr_ops = {
1305 	.open           = smk_open_net4addr,
1306 	.read		= seq_read,
1307 	.llseek         = seq_lseek,
1308 	.write		= smk_write_net4addr,
1309 	.release        = seq_release,
1310 };
1311 
1312 #if IS_ENABLED(CONFIG_IPV6)
1313 /*
1314  * Seq_file read operations for /smack/netlabel6
1315  */
1316 
net6addr_seq_start(struct seq_file * s,loff_t * pos)1317 static void *net6addr_seq_start(struct seq_file *s, loff_t *pos)
1318 {
1319 	return smk_seq_start(s, pos, &smk_net6addr_list);
1320 }
1321 
net6addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1322 static void *net6addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1323 {
1324 	return smk_seq_next(s, v, pos, &smk_net6addr_list);
1325 }
1326 
1327 /*
1328  * Print host/label pairs
1329  */
net6addr_seq_show(struct seq_file * s,void * v)1330 static int net6addr_seq_show(struct seq_file *s, void *v)
1331 {
1332 	struct list_head *list = v;
1333 	struct smk_net6addr *skp =
1334 			 list_entry(list, struct smk_net6addr, list);
1335 
1336 	if (skp->smk_label != NULL)
1337 		seq_printf(s, "%pI6/%d %s\n", &skp->smk_host, skp->smk_masks,
1338 				skp->smk_label->smk_known);
1339 
1340 	return 0;
1341 }
1342 
1343 static const struct seq_operations net6addr_seq_ops = {
1344 	.start = net6addr_seq_start,
1345 	.next  = net6addr_seq_next,
1346 	.show  = net6addr_seq_show,
1347 	.stop  = smk_seq_stop,
1348 };
1349 
1350 /**
1351  * smk_open_net6addr - open() for /smack/netlabel
1352  * @inode: inode structure representing file
1353  * @file: "netlabel" file pointer
1354  *
1355  * Connect our net6addr_seq_* operations with /smack/netlabel
1356  * file_operations
1357  */
smk_open_net6addr(struct inode * inode,struct file * file)1358 static int smk_open_net6addr(struct inode *inode, struct file *file)
1359 {
1360 	return seq_open(file, &net6addr_seq_ops);
1361 }
1362 
1363 /**
1364  * smk_net6addr_insert
1365  * @new : entry to insert
1366  *
1367  * This inserts an entry in the smack_net6addrs list
1368  * sorted by netmask length (longest to smallest)
1369  * locked by &smk_net6addr_lock in smk_write_net6addr
1370  *
1371  */
smk_net6addr_insert(struct smk_net6addr * new)1372 static void smk_net6addr_insert(struct smk_net6addr *new)
1373 {
1374 	struct smk_net6addr *m_next;
1375 	struct smk_net6addr *m;
1376 
1377 	if (list_empty(&smk_net6addr_list)) {
1378 		list_add_rcu(&new->list, &smk_net6addr_list);
1379 		return;
1380 	}
1381 
1382 	m = list_entry_rcu(smk_net6addr_list.next,
1383 			   struct smk_net6addr, list);
1384 
1385 	if (new->smk_masks > m->smk_masks) {
1386 		list_add_rcu(&new->list, &smk_net6addr_list);
1387 		return;
1388 	}
1389 
1390 	list_for_each_entry_rcu(m, &smk_net6addr_list, list) {
1391 		if (list_is_last(&m->list, &smk_net6addr_list)) {
1392 			list_add_rcu(&new->list, &m->list);
1393 			return;
1394 		}
1395 		m_next = list_entry_rcu(m->list.next,
1396 					struct smk_net6addr, list);
1397 		if (new->smk_masks > m_next->smk_masks) {
1398 			list_add_rcu(&new->list, &m->list);
1399 			return;
1400 		}
1401 	}
1402 }
1403 
1404 
1405 /**
1406  * smk_write_net6addr - write() for /smack/netlabel
1407  * @file: file pointer, not actually used
1408  * @buf: where to get the data from
1409  * @count: bytes sent
1410  * @ppos: where to start
1411  *
1412  * Accepts only one net6addr per write call.
1413  * Returns number of bytes written or error code, as appropriate
1414  */
smk_write_net6addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1415 static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
1416 				size_t count, loff_t *ppos)
1417 {
1418 	struct smk_net6addr *snp;
1419 	struct in6_addr newname;
1420 	struct in6_addr fullmask;
1421 	struct smack_known *skp = NULL;
1422 	char *smack;
1423 	char *data;
1424 	int rc = 0;
1425 	int found = 0;
1426 	int i;
1427 	unsigned int scanned[8];
1428 	unsigned int m;
1429 	unsigned int mask = 128;
1430 
1431 	/*
1432 	 * Must have privilege.
1433 	 * No partial writes.
1434 	 * Enough data must be present.
1435 	 * "<addr/mask, as a:b:c:d:e:f:g:h/e><space><label>"
1436 	 * "<addr, as a:b:c:d:e:f:g:h><space><label>"
1437 	 */
1438 	if (!smack_privileged(CAP_MAC_ADMIN))
1439 		return -EPERM;
1440 	if (*ppos != 0)
1441 		return -EINVAL;
1442 	if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1443 		return -EINVAL;
1444 
1445 	data = memdup_user_nul(buf, count);
1446 	if (IS_ERR(data))
1447 		return PTR_ERR(data);
1448 
1449 	smack = kzalloc(count + 1, GFP_KERNEL);
1450 	if (smack == NULL) {
1451 		rc = -ENOMEM;
1452 		goto free_data_out;
1453 	}
1454 
1455 	i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
1456 			&scanned[0], &scanned[1], &scanned[2], &scanned[3],
1457 			&scanned[4], &scanned[5], &scanned[6], &scanned[7],
1458 			&mask, smack);
1459 	if (i != 10) {
1460 		i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
1461 				&scanned[0], &scanned[1], &scanned[2],
1462 				&scanned[3], &scanned[4], &scanned[5],
1463 				&scanned[6], &scanned[7], smack);
1464 		if (i != 9) {
1465 			rc = -EINVAL;
1466 			goto free_out;
1467 		}
1468 	}
1469 	if (mask > 128) {
1470 		rc = -EINVAL;
1471 		goto free_out;
1472 	}
1473 	for (i = 0; i < 8; i++) {
1474 		if (scanned[i] > 0xffff) {
1475 			rc = -EINVAL;
1476 			goto free_out;
1477 		}
1478 		newname.s6_addr16[i] = htons(scanned[i]);
1479 	}
1480 
1481 	/*
1482 	 * If smack begins with '-', it is an option, don't import it
1483 	 */
1484 	if (smack[0] != '-') {
1485 		skp = smk_import_entry(smack, 0);
1486 		if (IS_ERR(skp)) {
1487 			rc = PTR_ERR(skp);
1488 			goto free_out;
1489 		}
1490 	} else {
1491 		/*
1492 		 * Only -DELETE is supported for IPv6
1493 		 */
1494 		if (strcmp(smack, SMACK_DELETE_OPTION) != 0) {
1495 			rc = -EINVAL;
1496 			goto free_out;
1497 		}
1498 	}
1499 
1500 	for (i = 0, m = mask; i < 8; i++) {
1501 		if (m >= 16) {
1502 			fullmask.s6_addr16[i] = 0xffff;
1503 			m -= 16;
1504 		} else if (m > 0) {
1505 			fullmask.s6_addr16[i] = (1 << m) - 1;
1506 			m = 0;
1507 		} else
1508 			fullmask.s6_addr16[i] = 0;
1509 		newname.s6_addr16[i] &= fullmask.s6_addr16[i];
1510 	}
1511 
1512 	/*
1513 	 * Only allow one writer at a time. Writes should be
1514 	 * quite rare and small in any case.
1515 	 */
1516 	mutex_lock(&smk_net6addr_lock);
1517 	/*
1518 	 * Try to find the prefix in the list
1519 	 */
1520 	list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
1521 		if (mask != snp->smk_masks)
1522 			continue;
1523 		for (found = 1, i = 0; i < 8; i++) {
1524 			if (newname.s6_addr16[i] !=
1525 			    snp->smk_host.s6_addr16[i]) {
1526 				found = 0;
1527 				break;
1528 			}
1529 		}
1530 		if (found == 1)
1531 			break;
1532 	}
1533 	if (found == 0) {
1534 		snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1535 		if (snp == NULL)
1536 			rc = -ENOMEM;
1537 		else {
1538 			snp->smk_host = newname;
1539 			snp->smk_mask = fullmask;
1540 			snp->smk_masks = mask;
1541 			snp->smk_label = skp;
1542 			smk_net6addr_insert(snp);
1543 		}
1544 	} else {
1545 		snp->smk_label = skp;
1546 	}
1547 
1548 	if (rc == 0)
1549 		rc = count;
1550 
1551 	mutex_unlock(&smk_net6addr_lock);
1552 
1553 free_out:
1554 	kfree(smack);
1555 free_data_out:
1556 	kfree(data);
1557 
1558 	return rc;
1559 }
1560 
1561 static const struct file_operations smk_net6addr_ops = {
1562 	.open           = smk_open_net6addr,
1563 	.read		= seq_read,
1564 	.llseek         = seq_lseek,
1565 	.write		= smk_write_net6addr,
1566 	.release        = seq_release,
1567 };
1568 #endif /* CONFIG_IPV6 */
1569 
1570 /**
1571  * smk_read_doi - read() for /smack/doi
1572  * @filp: file pointer, not actually used
1573  * @buf: where to put the result
1574  * @count: maximum to send along
1575  * @ppos: where to start
1576  *
1577  * Returns number of bytes read or error code, as appropriate
1578  */
smk_read_doi(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1579 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1580 			    size_t count, loff_t *ppos)
1581 {
1582 	char temp[80];
1583 	ssize_t rc;
1584 
1585 	if (*ppos != 0)
1586 		return 0;
1587 
1588 	sprintf(temp, "%d", smk_cipso_doi_value);
1589 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1590 
1591 	return rc;
1592 }
1593 
1594 /**
1595  * smk_write_doi - write() for /smack/doi
1596  * @file: file pointer, not actually used
1597  * @buf: where to get the data from
1598  * @count: bytes sent
1599  * @ppos: where to start
1600  *
1601  * Returns number of bytes written or error code, as appropriate
1602  */
smk_write_doi(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1603 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1604 			     size_t count, loff_t *ppos)
1605 {
1606 	char temp[80];
1607 	int i;
1608 
1609 	if (!smack_privileged(CAP_MAC_ADMIN))
1610 		return -EPERM;
1611 
1612 	if (count >= sizeof(temp) || count == 0)
1613 		return -EINVAL;
1614 
1615 	if (copy_from_user(temp, buf, count) != 0)
1616 		return -EFAULT;
1617 
1618 	temp[count] = '\0';
1619 
1620 	if (sscanf(temp, "%d", &i) != 1)
1621 		return -EINVAL;
1622 
1623 	smk_cipso_doi_value = i;
1624 
1625 	smk_cipso_doi();
1626 
1627 	return count;
1628 }
1629 
1630 static const struct file_operations smk_doi_ops = {
1631 	.read		= smk_read_doi,
1632 	.write		= smk_write_doi,
1633 	.llseek		= default_llseek,
1634 };
1635 
1636 /**
1637  * smk_read_direct - read() for /smack/direct
1638  * @filp: file pointer, not actually used
1639  * @buf: where to put the result
1640  * @count: maximum to send along
1641  * @ppos: where to start
1642  *
1643  * Returns number of bytes read or error code, as appropriate
1644  */
smk_read_direct(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1645 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1646 			       size_t count, loff_t *ppos)
1647 {
1648 	char temp[80];
1649 	ssize_t rc;
1650 
1651 	if (*ppos != 0)
1652 		return 0;
1653 
1654 	sprintf(temp, "%d", smack_cipso_direct);
1655 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1656 
1657 	return rc;
1658 }
1659 
1660 /**
1661  * smk_write_direct - write() for /smack/direct
1662  * @file: file pointer, not actually used
1663  * @buf: where to get the data from
1664  * @count: bytes sent
1665  * @ppos: where to start
1666  *
1667  * Returns number of bytes written or error code, as appropriate
1668  */
smk_write_direct(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1669 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1670 				size_t count, loff_t *ppos)
1671 {
1672 	struct smack_known *skp;
1673 	char temp[80];
1674 	int i;
1675 
1676 	if (!smack_privileged(CAP_MAC_ADMIN))
1677 		return -EPERM;
1678 
1679 	if (count >= sizeof(temp) || count == 0)
1680 		return -EINVAL;
1681 
1682 	if (copy_from_user(temp, buf, count) != 0)
1683 		return -EFAULT;
1684 
1685 	temp[count] = '\0';
1686 
1687 	if (sscanf(temp, "%d", &i) != 1)
1688 		return -EINVAL;
1689 
1690 	/*
1691 	 * Don't do anything if the value hasn't actually changed.
1692 	 * If it is changing reset the level on entries that were
1693 	 * set up to be direct when they were created.
1694 	 */
1695 	if (smack_cipso_direct != i) {
1696 		mutex_lock(&smack_known_lock);
1697 		list_for_each_entry_rcu(skp, &smack_known_list, list)
1698 			if (skp->smk_netlabel.attr.mls.lvl ==
1699 			    smack_cipso_direct)
1700 				skp->smk_netlabel.attr.mls.lvl = i;
1701 		smack_cipso_direct = i;
1702 		mutex_unlock(&smack_known_lock);
1703 	}
1704 
1705 	return count;
1706 }
1707 
1708 static const struct file_operations smk_direct_ops = {
1709 	.read		= smk_read_direct,
1710 	.write		= smk_write_direct,
1711 	.llseek		= default_llseek,
1712 };
1713 
1714 /**
1715  * smk_read_mapped - read() for /smack/mapped
1716  * @filp: file pointer, not actually used
1717  * @buf: where to put the result
1718  * @count: maximum to send along
1719  * @ppos: where to start
1720  *
1721  * Returns number of bytes read or error code, as appropriate
1722  */
smk_read_mapped(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1723 static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1724 			       size_t count, loff_t *ppos)
1725 {
1726 	char temp[80];
1727 	ssize_t rc;
1728 
1729 	if (*ppos != 0)
1730 		return 0;
1731 
1732 	sprintf(temp, "%d", smack_cipso_mapped);
1733 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1734 
1735 	return rc;
1736 }
1737 
1738 /**
1739  * smk_write_mapped - write() for /smack/mapped
1740  * @file: file pointer, not actually used
1741  * @buf: where to get the data from
1742  * @count: bytes sent
1743  * @ppos: where to start
1744  *
1745  * Returns number of bytes written or error code, as appropriate
1746  */
smk_write_mapped(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1747 static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1748 				size_t count, loff_t *ppos)
1749 {
1750 	struct smack_known *skp;
1751 	char temp[80];
1752 	int i;
1753 
1754 	if (!smack_privileged(CAP_MAC_ADMIN))
1755 		return -EPERM;
1756 
1757 	if (count >= sizeof(temp) || count == 0)
1758 		return -EINVAL;
1759 
1760 	if (copy_from_user(temp, buf, count) != 0)
1761 		return -EFAULT;
1762 
1763 	temp[count] = '\0';
1764 
1765 	if (sscanf(temp, "%d", &i) != 1)
1766 		return -EINVAL;
1767 
1768 	/*
1769 	 * Don't do anything if the value hasn't actually changed.
1770 	 * If it is changing reset the level on entries that were
1771 	 * set up to be mapped when they were created.
1772 	 */
1773 	if (smack_cipso_mapped != i) {
1774 		mutex_lock(&smack_known_lock);
1775 		list_for_each_entry_rcu(skp, &smack_known_list, list)
1776 			if (skp->smk_netlabel.attr.mls.lvl ==
1777 			    smack_cipso_mapped)
1778 				skp->smk_netlabel.attr.mls.lvl = i;
1779 		smack_cipso_mapped = i;
1780 		mutex_unlock(&smack_known_lock);
1781 	}
1782 
1783 	return count;
1784 }
1785 
1786 static const struct file_operations smk_mapped_ops = {
1787 	.read		= smk_read_mapped,
1788 	.write		= smk_write_mapped,
1789 	.llseek		= default_llseek,
1790 };
1791 
1792 /**
1793  * smk_read_ambient - read() for /smack/ambient
1794  * @filp: file pointer, not actually used
1795  * @buf: where to put the result
1796  * @cn: maximum to send along
1797  * @ppos: where to start
1798  *
1799  * Returns number of bytes read or error code, as appropriate
1800  */
smk_read_ambient(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)1801 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1802 				size_t cn, loff_t *ppos)
1803 {
1804 	ssize_t rc;
1805 	int asize;
1806 
1807 	if (*ppos != 0)
1808 		return 0;
1809 	/*
1810 	 * Being careful to avoid a problem in the case where
1811 	 * smack_net_ambient gets changed in midstream.
1812 	 */
1813 	mutex_lock(&smack_ambient_lock);
1814 
1815 	asize = strlen(smack_net_ambient->smk_known) + 1;
1816 
1817 	if (cn >= asize)
1818 		rc = simple_read_from_buffer(buf, cn, ppos,
1819 					     smack_net_ambient->smk_known,
1820 					     asize);
1821 	else
1822 		rc = -EINVAL;
1823 
1824 	mutex_unlock(&smack_ambient_lock);
1825 
1826 	return rc;
1827 }
1828 
1829 /**
1830  * smk_write_ambient - write() for /smack/ambient
1831  * @file: file pointer, not actually used
1832  * @buf: where to get the data from
1833  * @count: bytes sent
1834  * @ppos: where to start
1835  *
1836  * Returns number of bytes written or error code, as appropriate
1837  */
smk_write_ambient(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1838 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1839 				 size_t count, loff_t *ppos)
1840 {
1841 	struct smack_known *skp;
1842 	char *oldambient;
1843 	char *data;
1844 	int rc = count;
1845 
1846 	if (!smack_privileged(CAP_MAC_ADMIN))
1847 		return -EPERM;
1848 
1849 	/* Enough data must be present */
1850 	if (count == 0 || count > PAGE_SIZE)
1851 		return -EINVAL;
1852 
1853 	data = memdup_user_nul(buf, count);
1854 	if (IS_ERR(data))
1855 		return PTR_ERR(data);
1856 
1857 	skp = smk_import_entry(data, count);
1858 	if (IS_ERR(skp)) {
1859 		rc = PTR_ERR(skp);
1860 		goto out;
1861 	}
1862 
1863 	mutex_lock(&smack_ambient_lock);
1864 
1865 	oldambient = smack_net_ambient->smk_known;
1866 	smack_net_ambient = skp;
1867 	smk_unlbl_ambient(oldambient);
1868 
1869 	mutex_unlock(&smack_ambient_lock);
1870 
1871 out:
1872 	kfree(data);
1873 	return rc;
1874 }
1875 
1876 static const struct file_operations smk_ambient_ops = {
1877 	.read		= smk_read_ambient,
1878 	.write		= smk_write_ambient,
1879 	.llseek		= default_llseek,
1880 };
1881 
1882 /*
1883  * Seq_file operations for /smack/onlycap
1884  */
onlycap_seq_start(struct seq_file * s,loff_t * pos)1885 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
1886 {
1887 	return smk_seq_start(s, pos, &smack_onlycap_list);
1888 }
1889 
onlycap_seq_next(struct seq_file * s,void * v,loff_t * pos)1890 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
1891 {
1892 	return smk_seq_next(s, v, pos, &smack_onlycap_list);
1893 }
1894 
onlycap_seq_show(struct seq_file * s,void * v)1895 static int onlycap_seq_show(struct seq_file *s, void *v)
1896 {
1897 	struct list_head *list = v;
1898 	struct smack_known_list_elem *sklep =
1899 		list_entry_rcu(list, struct smack_known_list_elem, list);
1900 
1901 	seq_puts(s, sklep->smk_label->smk_known);
1902 	seq_putc(s, ' ');
1903 
1904 	return 0;
1905 }
1906 
1907 static const struct seq_operations onlycap_seq_ops = {
1908 	.start = onlycap_seq_start,
1909 	.next  = onlycap_seq_next,
1910 	.show  = onlycap_seq_show,
1911 	.stop  = smk_seq_stop,
1912 };
1913 
smk_open_onlycap(struct inode * inode,struct file * file)1914 static int smk_open_onlycap(struct inode *inode, struct file *file)
1915 {
1916 	return seq_open(file, &onlycap_seq_ops);
1917 }
1918 
1919 /**
1920  * smk_list_swap_rcu - swap public list with a private one in RCU-safe way
1921  * The caller must hold appropriate mutex to prevent concurrent modifications
1922  * to the public list.
1923  * Private list is assumed to be not accessible to other threads yet.
1924  *
1925  * @public: public list
1926  * @private: private list
1927  */
smk_list_swap_rcu(struct list_head * public,struct list_head * private)1928 static void smk_list_swap_rcu(struct list_head *public,
1929 			      struct list_head *private)
1930 {
1931 	struct list_head *first, *last;
1932 
1933 	if (list_empty(public)) {
1934 		list_splice_init_rcu(private, public, synchronize_rcu);
1935 	} else {
1936 		/* Remember public list before replacing it */
1937 		first = public->next;
1938 		last = public->prev;
1939 
1940 		/* Publish private list in place of public in RCU-safe way */
1941 		private->prev->next = public;
1942 		private->next->prev = public;
1943 		rcu_assign_pointer(public->next, private->next);
1944 		public->prev = private->prev;
1945 
1946 		synchronize_rcu();
1947 
1948 		/* When all readers are done with the old public list,
1949 		 * attach it in place of private */
1950 		private->next = first;
1951 		private->prev = last;
1952 		first->prev = private;
1953 		last->next = private;
1954 	}
1955 }
1956 
1957 /**
1958  * smk_parse_label_list - parse list of Smack labels, separated by spaces
1959  *
1960  * @data: the string to parse
1961  * @list: destination list
1962  *
1963  * Returns zero on success or error code, as appropriate
1964  */
smk_parse_label_list(char * data,struct list_head * list)1965 static int smk_parse_label_list(char *data, struct list_head *list)
1966 {
1967 	char *tok;
1968 	struct smack_known *skp;
1969 	struct smack_known_list_elem *sklep;
1970 
1971 	while ((tok = strsep(&data, " ")) != NULL) {
1972 		if (!*tok)
1973 			continue;
1974 
1975 		skp = smk_import_entry(tok, 0);
1976 		if (IS_ERR(skp))
1977 			return PTR_ERR(skp);
1978 
1979 		sklep = kzalloc(sizeof(*sklep), GFP_KERNEL);
1980 		if (sklep == NULL)
1981 			return -ENOMEM;
1982 
1983 		sklep->smk_label = skp;
1984 		list_add(&sklep->list, list);
1985 	}
1986 
1987 	return 0;
1988 }
1989 
1990 /**
1991  * smk_destroy_label_list - destroy a list of smack_known_list_elem
1992  * @list: header pointer of the list to destroy
1993  */
smk_destroy_label_list(struct list_head * list)1994 void smk_destroy_label_list(struct list_head *list)
1995 {
1996 	struct smack_known_list_elem *sklep;
1997 	struct smack_known_list_elem *sklep2;
1998 
1999 	list_for_each_entry_safe(sklep, sklep2, list, list)
2000 		kfree(sklep);
2001 
2002 	INIT_LIST_HEAD(list);
2003 }
2004 
2005 /**
2006  * smk_write_onlycap - write() for smackfs/onlycap
2007  * @file: file pointer, not actually used
2008  * @buf: where to get the data from
2009  * @count: bytes sent
2010  * @ppos: where to start
2011  *
2012  * Returns number of bytes written or error code, as appropriate
2013  */
smk_write_onlycap(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2014 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
2015 				 size_t count, loff_t *ppos)
2016 {
2017 	char *data;
2018 	LIST_HEAD(list_tmp);
2019 	int rc;
2020 
2021 	if (!smack_privileged(CAP_MAC_ADMIN))
2022 		return -EPERM;
2023 
2024 	if (count > PAGE_SIZE)
2025 		return -EINVAL;
2026 
2027 	data = memdup_user_nul(buf, count);
2028 	if (IS_ERR(data))
2029 		return PTR_ERR(data);
2030 
2031 	rc = smk_parse_label_list(data, &list_tmp);
2032 	kfree(data);
2033 
2034 	/*
2035 	 * Clear the smack_onlycap on invalid label errors. This means
2036 	 * that we can pass a null string to unset the onlycap value.
2037 	 *
2038 	 * Importing will also reject a label beginning with '-',
2039 	 * so "-usecapabilities" will also work.
2040 	 *
2041 	 * But do so only on invalid label, not on system errors.
2042 	 * The invalid label must be first to count as clearing attempt.
2043 	 */
2044 	if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2045 		mutex_lock(&smack_onlycap_lock);
2046 		smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
2047 		mutex_unlock(&smack_onlycap_lock);
2048 		rc = count;
2049 	}
2050 
2051 	smk_destroy_label_list(&list_tmp);
2052 
2053 	return rc;
2054 }
2055 
2056 static const struct file_operations smk_onlycap_ops = {
2057 	.open		= smk_open_onlycap,
2058 	.read		= seq_read,
2059 	.write		= smk_write_onlycap,
2060 	.llseek		= seq_lseek,
2061 	.release	= seq_release,
2062 };
2063 
2064 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2065 /**
2066  * smk_read_unconfined - read() for smackfs/unconfined
2067  * @filp: file pointer, not actually used
2068  * @buf: where to put the result
2069  * @cn: maximum to send along
2070  * @ppos: where to start
2071  *
2072  * Returns number of bytes read or error code, as appropriate
2073  */
smk_read_unconfined(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2074 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
2075 					size_t cn, loff_t *ppos)
2076 {
2077 	char *smack = "";
2078 	ssize_t rc = -EINVAL;
2079 	int asize;
2080 
2081 	if (*ppos != 0)
2082 		return 0;
2083 
2084 	if (smack_unconfined != NULL)
2085 		smack = smack_unconfined->smk_known;
2086 
2087 	asize = strlen(smack) + 1;
2088 
2089 	if (cn >= asize)
2090 		rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
2091 
2092 	return rc;
2093 }
2094 
2095 /**
2096  * smk_write_unconfined - write() for smackfs/unconfined
2097  * @file: file pointer, not actually used
2098  * @buf: where to get the data from
2099  * @count: bytes sent
2100  * @ppos: where to start
2101  *
2102  * Returns number of bytes written or error code, as appropriate
2103  */
smk_write_unconfined(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2104 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
2105 					size_t count, loff_t *ppos)
2106 {
2107 	char *data;
2108 	struct smack_known *skp;
2109 	int rc = count;
2110 
2111 	if (!smack_privileged(CAP_MAC_ADMIN))
2112 		return -EPERM;
2113 
2114 	if (count > PAGE_SIZE)
2115 		return -EINVAL;
2116 
2117 	data = memdup_user_nul(buf, count);
2118 	if (IS_ERR(data))
2119 		return PTR_ERR(data);
2120 
2121 	/*
2122 	 * Clear the smack_unconfined on invalid label errors. This means
2123 	 * that we can pass a null string to unset the unconfined value.
2124 	 *
2125 	 * Importing will also reject a label beginning with '-',
2126 	 * so "-confine" will also work.
2127 	 *
2128 	 * But do so only on invalid label, not on system errors.
2129 	 */
2130 	skp = smk_import_entry(data, count);
2131 	if (PTR_ERR(skp) == -EINVAL)
2132 		skp = NULL;
2133 	else if (IS_ERR(skp)) {
2134 		rc = PTR_ERR(skp);
2135 		goto freeout;
2136 	}
2137 
2138 	smack_unconfined = skp;
2139 
2140 freeout:
2141 	kfree(data);
2142 	return rc;
2143 }
2144 
2145 static const struct file_operations smk_unconfined_ops = {
2146 	.read		= smk_read_unconfined,
2147 	.write		= smk_write_unconfined,
2148 	.llseek		= default_llseek,
2149 };
2150 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */
2151 
2152 /**
2153  * smk_read_logging - read() for /smack/logging
2154  * @filp: file pointer, not actually used
2155  * @buf: where to put the result
2156  * @count: maximum to send along
2157  * @ppos: where to start
2158  *
2159  * Returns number of bytes read or error code, as appropriate
2160  */
smk_read_logging(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2161 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
2162 				size_t count, loff_t *ppos)
2163 {
2164 	char temp[32];
2165 	ssize_t rc;
2166 
2167 	if (*ppos != 0)
2168 		return 0;
2169 
2170 	sprintf(temp, "%d\n", log_policy);
2171 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2172 	return rc;
2173 }
2174 
2175 /**
2176  * smk_write_logging - write() for /smack/logging
2177  * @file: file pointer, not actually used
2178  * @buf: where to get the data from
2179  * @count: bytes sent
2180  * @ppos: where to start
2181  *
2182  * Returns number of bytes written or error code, as appropriate
2183  */
smk_write_logging(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2184 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
2185 				size_t count, loff_t *ppos)
2186 {
2187 	char temp[32];
2188 	int i;
2189 
2190 	if (!smack_privileged(CAP_MAC_ADMIN))
2191 		return -EPERM;
2192 
2193 	if (count >= sizeof(temp) || count == 0)
2194 		return -EINVAL;
2195 
2196 	if (copy_from_user(temp, buf, count) != 0)
2197 		return -EFAULT;
2198 
2199 	temp[count] = '\0';
2200 
2201 	if (sscanf(temp, "%d", &i) != 1)
2202 		return -EINVAL;
2203 	if (i < 0 || i > 3)
2204 		return -EINVAL;
2205 	log_policy = i;
2206 	return count;
2207 }
2208 
2209 
2210 
2211 static const struct file_operations smk_logging_ops = {
2212 	.read		= smk_read_logging,
2213 	.write		= smk_write_logging,
2214 	.llseek		= default_llseek,
2215 };
2216 
2217 /*
2218  * Seq_file read operations for /smack/load-self
2219  */
2220 
load_self_seq_start(struct seq_file * s,loff_t * pos)2221 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
2222 {
2223 	struct task_smack *tsp = smack_cred(current_cred());
2224 
2225 	return smk_seq_start(s, pos, &tsp->smk_rules);
2226 }
2227 
load_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2228 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2229 {
2230 	struct task_smack *tsp = smack_cred(current_cred());
2231 
2232 	return smk_seq_next(s, v, pos, &tsp->smk_rules);
2233 }
2234 
load_self_seq_show(struct seq_file * s,void * v)2235 static int load_self_seq_show(struct seq_file *s, void *v)
2236 {
2237 	struct list_head *list = v;
2238 	struct smack_rule *srp =
2239 		list_entry_rcu(list, struct smack_rule, list);
2240 
2241 	smk_rule_show(s, srp, SMK_LABELLEN);
2242 
2243 	return 0;
2244 }
2245 
2246 static const struct seq_operations load_self_seq_ops = {
2247 	.start = load_self_seq_start,
2248 	.next  = load_self_seq_next,
2249 	.show  = load_self_seq_show,
2250 	.stop  = smk_seq_stop,
2251 };
2252 
2253 
2254 /**
2255  * smk_open_load_self - open() for /smack/load-self2
2256  * @inode: inode structure representing file
2257  * @file: "load" file pointer
2258  *
2259  * For reading, use load_seq_* seq_file reading operations.
2260  */
smk_open_load_self(struct inode * inode,struct file * file)2261 static int smk_open_load_self(struct inode *inode, struct file *file)
2262 {
2263 	return seq_open(file, &load_self_seq_ops);
2264 }
2265 
2266 /**
2267  * smk_write_load_self - write() for /smack/load-self
2268  * @file: file pointer, not actually used
2269  * @buf: where to get the data from
2270  * @count: bytes sent
2271  * @ppos: where to start - must be 0
2272  *
2273  */
smk_write_load_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2274 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
2275 			      size_t count, loff_t *ppos)
2276 {
2277 	struct task_smack *tsp = smack_cred(current_cred());
2278 
2279 	return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2280 				    &tsp->smk_rules_lock, SMK_FIXED24_FMT);
2281 }
2282 
2283 static const struct file_operations smk_load_self_ops = {
2284 	.open           = smk_open_load_self,
2285 	.read		= seq_read,
2286 	.llseek         = seq_lseek,
2287 	.write		= smk_write_load_self,
2288 	.release        = seq_release,
2289 };
2290 
2291 /**
2292  * smk_user_access - handle access check transaction
2293  * @file: file pointer
2294  * @buf: data from user space
2295  * @count: bytes sent
2296  * @ppos: where to start - must be 0
2297  * @format: /smack/load or /smack/load2 or /smack/change-rule format.
2298  */
smk_user_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)2299 static ssize_t smk_user_access(struct file *file, const char __user *buf,
2300 				size_t count, loff_t *ppos, int format)
2301 {
2302 	struct smack_parsed_rule rule;
2303 	char *data;
2304 	int res;
2305 
2306 	data = simple_transaction_get(file, buf, count);
2307 	if (IS_ERR(data))
2308 		return PTR_ERR(data);
2309 
2310 	if (format == SMK_FIXED24_FMT) {
2311 		if (count < SMK_LOADLEN)
2312 			return -EINVAL;
2313 		res = smk_parse_rule(data, &rule, 0);
2314 	} else {
2315 		/*
2316 		 * simple_transaction_get() returns null-terminated data
2317 		 */
2318 		res = smk_parse_long_rule(data, &rule, 0, 3);
2319 	}
2320 
2321 	if (res >= 0)
2322 		res = smk_access(rule.smk_subject, rule.smk_object,
2323 				 rule.smk_access1, NULL);
2324 	else if (res != -ENOENT)
2325 		return res;
2326 
2327 	/*
2328 	 * smk_access() can return a value > 0 in the "bringup" case.
2329 	 */
2330 	data[0] = res >= 0 ? '1' : '0';
2331 	data[1] = '\0';
2332 
2333 	simple_transaction_set(file, 2);
2334 
2335 	if (format == SMK_FIXED24_FMT)
2336 		return SMK_LOADLEN;
2337 	return count;
2338 }
2339 
2340 /**
2341  * smk_write_access - handle access check transaction
2342  * @file: file pointer
2343  * @buf: data from user space
2344  * @count: bytes sent
2345  * @ppos: where to start - must be 0
2346  */
smk_write_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2347 static ssize_t smk_write_access(struct file *file, const char __user *buf,
2348 				size_t count, loff_t *ppos)
2349 {
2350 	return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
2351 }
2352 
2353 static const struct file_operations smk_access_ops = {
2354 	.write		= smk_write_access,
2355 	.read		= simple_transaction_read,
2356 	.release	= simple_transaction_release,
2357 	.llseek		= generic_file_llseek,
2358 };
2359 
2360 
2361 /*
2362  * Seq_file read operations for /smack/load2
2363  */
2364 
load2_seq_show(struct seq_file * s,void * v)2365 static int load2_seq_show(struct seq_file *s, void *v)
2366 {
2367 	struct list_head *list = v;
2368 	struct smack_rule *srp;
2369 	struct smack_known *skp =
2370 		list_entry_rcu(list, struct smack_known, list);
2371 
2372 	list_for_each_entry_rcu(srp, &skp->smk_rules, list)
2373 		smk_rule_show(s, srp, SMK_LONGLABEL);
2374 
2375 	return 0;
2376 }
2377 
2378 static const struct seq_operations load2_seq_ops = {
2379 	.start = load2_seq_start,
2380 	.next  = load2_seq_next,
2381 	.show  = load2_seq_show,
2382 	.stop  = smk_seq_stop,
2383 };
2384 
2385 /**
2386  * smk_open_load2 - open() for /smack/load2
2387  * @inode: inode structure representing file
2388  * @file: "load2" file pointer
2389  *
2390  * For reading, use load2_seq_* seq_file reading operations.
2391  */
smk_open_load2(struct inode * inode,struct file * file)2392 static int smk_open_load2(struct inode *inode, struct file *file)
2393 {
2394 	return seq_open(file, &load2_seq_ops);
2395 }
2396 
2397 /**
2398  * smk_write_load2 - write() for /smack/load2
2399  * @file: file pointer, not actually used
2400  * @buf: where to get the data from
2401  * @count: bytes sent
2402  * @ppos: where to start - must be 0
2403  *
2404  */
smk_write_load2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2405 static ssize_t smk_write_load2(struct file *file, const char __user *buf,
2406 				size_t count, loff_t *ppos)
2407 {
2408 	/*
2409 	 * Must have privilege.
2410 	 */
2411 	if (!smack_privileged(CAP_MAC_ADMIN))
2412 		return -EPERM;
2413 
2414 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2415 				    SMK_LONG_FMT);
2416 }
2417 
2418 static const struct file_operations smk_load2_ops = {
2419 	.open           = smk_open_load2,
2420 	.read		= seq_read,
2421 	.llseek         = seq_lseek,
2422 	.write		= smk_write_load2,
2423 	.release        = seq_release,
2424 };
2425 
2426 /*
2427  * Seq_file read operations for /smack/load-self2
2428  */
2429 
load_self2_seq_start(struct seq_file * s,loff_t * pos)2430 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
2431 {
2432 	struct task_smack *tsp = smack_cred(current_cred());
2433 
2434 	return smk_seq_start(s, pos, &tsp->smk_rules);
2435 }
2436 
load_self2_seq_next(struct seq_file * s,void * v,loff_t * pos)2437 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
2438 {
2439 	struct task_smack *tsp = smack_cred(current_cred());
2440 
2441 	return smk_seq_next(s, v, pos, &tsp->smk_rules);
2442 }
2443 
load_self2_seq_show(struct seq_file * s,void * v)2444 static int load_self2_seq_show(struct seq_file *s, void *v)
2445 {
2446 	struct list_head *list = v;
2447 	struct smack_rule *srp =
2448 		list_entry_rcu(list, struct smack_rule, list);
2449 
2450 	smk_rule_show(s, srp, SMK_LONGLABEL);
2451 
2452 	return 0;
2453 }
2454 
2455 static const struct seq_operations load_self2_seq_ops = {
2456 	.start = load_self2_seq_start,
2457 	.next  = load_self2_seq_next,
2458 	.show  = load_self2_seq_show,
2459 	.stop  = smk_seq_stop,
2460 };
2461 
2462 /**
2463  * smk_open_load_self2 - open() for /smack/load-self2
2464  * @inode: inode structure representing file
2465  * @file: "load" file pointer
2466  *
2467  * For reading, use load_seq_* seq_file reading operations.
2468  */
smk_open_load_self2(struct inode * inode,struct file * file)2469 static int smk_open_load_self2(struct inode *inode, struct file *file)
2470 {
2471 	return seq_open(file, &load_self2_seq_ops);
2472 }
2473 
2474 /**
2475  * smk_write_load_self2 - write() for /smack/load-self2
2476  * @file: file pointer, not actually used
2477  * @buf: where to get the data from
2478  * @count: bytes sent
2479  * @ppos: where to start - must be 0
2480  *
2481  */
smk_write_load_self2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2482 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
2483 			      size_t count, loff_t *ppos)
2484 {
2485 	struct task_smack *tsp = smack_cred(current_cred());
2486 
2487 	return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2488 				    &tsp->smk_rules_lock, SMK_LONG_FMT);
2489 }
2490 
2491 static const struct file_operations smk_load_self2_ops = {
2492 	.open           = smk_open_load_self2,
2493 	.read		= seq_read,
2494 	.llseek         = seq_lseek,
2495 	.write		= smk_write_load_self2,
2496 	.release        = seq_release,
2497 };
2498 
2499 /**
2500  * smk_write_access2 - handle access check transaction
2501  * @file: file pointer
2502  * @buf: data from user space
2503  * @count: bytes sent
2504  * @ppos: where to start - must be 0
2505  */
smk_write_access2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2506 static ssize_t smk_write_access2(struct file *file, const char __user *buf,
2507 					size_t count, loff_t *ppos)
2508 {
2509 	return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
2510 }
2511 
2512 static const struct file_operations smk_access2_ops = {
2513 	.write		= smk_write_access2,
2514 	.read		= simple_transaction_read,
2515 	.release	= simple_transaction_release,
2516 	.llseek		= generic_file_llseek,
2517 };
2518 
2519 /**
2520  * smk_write_revoke_subj - write() for /smack/revoke-subject
2521  * @file: file pointer
2522  * @buf: data from user space
2523  * @count: bytes sent
2524  * @ppos: where to start - must be 0
2525  */
smk_write_revoke_subj(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2526 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
2527 				size_t count, loff_t *ppos)
2528 {
2529 	char *data;
2530 	const char *cp;
2531 	struct smack_known *skp;
2532 	struct smack_rule *sp;
2533 	struct list_head *rule_list;
2534 	struct mutex *rule_lock;
2535 	int rc = count;
2536 
2537 	if (*ppos != 0)
2538 		return -EINVAL;
2539 
2540 	if (!smack_privileged(CAP_MAC_ADMIN))
2541 		return -EPERM;
2542 
2543 	if (count == 0 || count > SMK_LONGLABEL)
2544 		return -EINVAL;
2545 
2546 	data = memdup_user(buf, count);
2547 	if (IS_ERR(data))
2548 		return PTR_ERR(data);
2549 
2550 	cp = smk_parse_smack(data, count);
2551 	if (IS_ERR(cp)) {
2552 		rc = PTR_ERR(cp);
2553 		goto out_data;
2554 	}
2555 
2556 	skp = smk_find_entry(cp);
2557 	if (skp == NULL)
2558 		goto out_cp;
2559 
2560 	rule_list = &skp->smk_rules;
2561 	rule_lock = &skp->smk_rules_lock;
2562 
2563 	mutex_lock(rule_lock);
2564 
2565 	list_for_each_entry_rcu(sp, rule_list, list)
2566 		sp->smk_access = 0;
2567 
2568 	mutex_unlock(rule_lock);
2569 
2570 out_cp:
2571 	kfree(cp);
2572 out_data:
2573 	kfree(data);
2574 
2575 	return rc;
2576 }
2577 
2578 static const struct file_operations smk_revoke_subj_ops = {
2579 	.write		= smk_write_revoke_subj,
2580 	.read		= simple_transaction_read,
2581 	.release	= simple_transaction_release,
2582 	.llseek		= generic_file_llseek,
2583 };
2584 
2585 /**
2586  * smk_init_sysfs - initialize /sys/fs/smackfs
2587  *
2588  */
smk_init_sysfs(void)2589 static int smk_init_sysfs(void)
2590 {
2591 	return sysfs_create_mount_point(fs_kobj, "smackfs");
2592 }
2593 
2594 /**
2595  * smk_write_change_rule - write() for /smack/change-rule
2596  * @file: file pointer
2597  * @buf: data from user space
2598  * @count: bytes sent
2599  * @ppos: where to start - must be 0
2600  */
smk_write_change_rule(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2601 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
2602 				size_t count, loff_t *ppos)
2603 {
2604 	/*
2605 	 * Must have privilege.
2606 	 */
2607 	if (!smack_privileged(CAP_MAC_ADMIN))
2608 		return -EPERM;
2609 
2610 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2611 				    SMK_CHANGE_FMT);
2612 }
2613 
2614 static const struct file_operations smk_change_rule_ops = {
2615 	.write		= smk_write_change_rule,
2616 	.read		= simple_transaction_read,
2617 	.release	= simple_transaction_release,
2618 	.llseek		= generic_file_llseek,
2619 };
2620 
2621 /**
2622  * smk_read_syslog - read() for smackfs/syslog
2623  * @filp: file pointer, not actually used
2624  * @buf: where to put the result
2625  * @cn: maximum to send along
2626  * @ppos: where to start
2627  *
2628  * Returns number of bytes read or error code, as appropriate
2629  */
smk_read_syslog(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2630 static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
2631 				size_t cn, loff_t *ppos)
2632 {
2633 	struct smack_known *skp;
2634 	ssize_t rc = -EINVAL;
2635 	int asize;
2636 
2637 	if (*ppos != 0)
2638 		return 0;
2639 
2640 	if (smack_syslog_label == NULL)
2641 		skp = &smack_known_star;
2642 	else
2643 		skp = smack_syslog_label;
2644 
2645 	asize = strlen(skp->smk_known) + 1;
2646 
2647 	if (cn >= asize)
2648 		rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
2649 						asize);
2650 
2651 	return rc;
2652 }
2653 
2654 /**
2655  * smk_write_syslog - write() for smackfs/syslog
2656  * @file: file pointer, not actually used
2657  * @buf: where to get the data from
2658  * @count: bytes sent
2659  * @ppos: where to start
2660  *
2661  * Returns number of bytes written or error code, as appropriate
2662  */
smk_write_syslog(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2663 static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
2664 				size_t count, loff_t *ppos)
2665 {
2666 	char *data;
2667 	struct smack_known *skp;
2668 	int rc = count;
2669 
2670 	if (!smack_privileged(CAP_MAC_ADMIN))
2671 		return -EPERM;
2672 
2673 	/* Enough data must be present */
2674 	if (count == 0 || count > PAGE_SIZE)
2675 		return -EINVAL;
2676 
2677 	data = memdup_user_nul(buf, count);
2678 	if (IS_ERR(data))
2679 		return PTR_ERR(data);
2680 
2681 	skp = smk_import_entry(data, count);
2682 	if (IS_ERR(skp))
2683 		rc = PTR_ERR(skp);
2684 	else
2685 		smack_syslog_label = skp;
2686 
2687 	kfree(data);
2688 	return rc;
2689 }
2690 
2691 static const struct file_operations smk_syslog_ops = {
2692 	.read		= smk_read_syslog,
2693 	.write		= smk_write_syslog,
2694 	.llseek		= default_llseek,
2695 };
2696 
2697 /*
2698  * Seq_file read operations for /smack/relabel-self
2699  */
2700 
relabel_self_seq_start(struct seq_file * s,loff_t * pos)2701 static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos)
2702 {
2703 	struct task_smack *tsp = smack_cred(current_cred());
2704 
2705 	return smk_seq_start(s, pos, &tsp->smk_relabel);
2706 }
2707 
relabel_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2708 static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2709 {
2710 	struct task_smack *tsp = smack_cred(current_cred());
2711 
2712 	return smk_seq_next(s, v, pos, &tsp->smk_relabel);
2713 }
2714 
relabel_self_seq_show(struct seq_file * s,void * v)2715 static int relabel_self_seq_show(struct seq_file *s, void *v)
2716 {
2717 	struct list_head *list = v;
2718 	struct smack_known_list_elem *sklep =
2719 		list_entry(list, struct smack_known_list_elem, list);
2720 
2721 	seq_puts(s, sklep->smk_label->smk_known);
2722 	seq_putc(s, ' ');
2723 
2724 	return 0;
2725 }
2726 
2727 static const struct seq_operations relabel_self_seq_ops = {
2728 	.start = relabel_self_seq_start,
2729 	.next  = relabel_self_seq_next,
2730 	.show  = relabel_self_seq_show,
2731 	.stop  = smk_seq_stop,
2732 };
2733 
2734 /**
2735  * smk_open_relabel_self - open() for /smack/relabel-self
2736  * @inode: inode structure representing file
2737  * @file: "relabel-self" file pointer
2738  *
2739  * Connect our relabel_self_seq_* operations with /smack/relabel-self
2740  * file_operations
2741  */
smk_open_relabel_self(struct inode * inode,struct file * file)2742 static int smk_open_relabel_self(struct inode *inode, struct file *file)
2743 {
2744 	return seq_open(file, &relabel_self_seq_ops);
2745 }
2746 
2747 /**
2748  * smk_write_relabel_self - write() for /smack/relabel-self
2749  * @file: file pointer, not actually used
2750  * @buf: where to get the data from
2751  * @count: bytes sent
2752  * @ppos: where to start - must be 0
2753  *
2754  */
smk_write_relabel_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2755 static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
2756 				size_t count, loff_t *ppos)
2757 {
2758 	char *data;
2759 	int rc;
2760 	LIST_HEAD(list_tmp);
2761 
2762 	/*
2763 	 * Must have privilege.
2764 	 */
2765 	if (!smack_privileged(CAP_MAC_ADMIN))
2766 		return -EPERM;
2767 
2768 	/*
2769 	 * No partial write.
2770 	 * Enough data must be present.
2771 	 */
2772 	if (*ppos != 0)
2773 		return -EINVAL;
2774 	if (count == 0 || count > PAGE_SIZE)
2775 		return -EINVAL;
2776 
2777 	data = memdup_user_nul(buf, count);
2778 	if (IS_ERR(data))
2779 		return PTR_ERR(data);
2780 
2781 	rc = smk_parse_label_list(data, &list_tmp);
2782 	kfree(data);
2783 
2784 	if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2785 		struct cred *new;
2786 		struct task_smack *tsp;
2787 
2788 		new = prepare_creds();
2789 		if (!new) {
2790 			rc = -ENOMEM;
2791 			goto out;
2792 		}
2793 		tsp = smack_cred(new);
2794 		smk_destroy_label_list(&tsp->smk_relabel);
2795 		list_splice(&list_tmp, &tsp->smk_relabel);
2796 		commit_creds(new);
2797 		return count;
2798 	}
2799 out:
2800 	smk_destroy_label_list(&list_tmp);
2801 	return rc;
2802 }
2803 
2804 static const struct file_operations smk_relabel_self_ops = {
2805 	.open		= smk_open_relabel_self,
2806 	.read		= seq_read,
2807 	.llseek		= seq_lseek,
2808 	.write		= smk_write_relabel_self,
2809 	.release	= seq_release,
2810 };
2811 
2812 /**
2813  * smk_read_ptrace - read() for /smack/ptrace
2814  * @filp: file pointer, not actually used
2815  * @buf: where to put the result
2816  * @count: maximum to send along
2817  * @ppos: where to start
2818  *
2819  * Returns number of bytes read or error code, as appropriate
2820  */
smk_read_ptrace(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2821 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf,
2822 			       size_t count, loff_t *ppos)
2823 {
2824 	char temp[32];
2825 	ssize_t rc;
2826 
2827 	if (*ppos != 0)
2828 		return 0;
2829 
2830 	sprintf(temp, "%d\n", smack_ptrace_rule);
2831 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2832 	return rc;
2833 }
2834 
2835 /**
2836  * smk_write_ptrace - write() for /smack/ptrace
2837  * @file: file pointer
2838  * @buf: data from user space
2839  * @count: bytes sent
2840  * @ppos: where to start - must be 0
2841  */
smk_write_ptrace(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2842 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf,
2843 				size_t count, loff_t *ppos)
2844 {
2845 	char temp[32];
2846 	int i;
2847 
2848 	if (!smack_privileged(CAP_MAC_ADMIN))
2849 		return -EPERM;
2850 
2851 	if (*ppos != 0 || count >= sizeof(temp) || count == 0)
2852 		return -EINVAL;
2853 
2854 	if (copy_from_user(temp, buf, count) != 0)
2855 		return -EFAULT;
2856 
2857 	temp[count] = '\0';
2858 
2859 	if (sscanf(temp, "%d", &i) != 1)
2860 		return -EINVAL;
2861 	if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX)
2862 		return -EINVAL;
2863 	smack_ptrace_rule = i;
2864 
2865 	return count;
2866 }
2867 
2868 static const struct file_operations smk_ptrace_ops = {
2869 	.write		= smk_write_ptrace,
2870 	.read		= smk_read_ptrace,
2871 	.llseek		= default_llseek,
2872 };
2873 
2874 /**
2875  * smk_fill_super - fill the smackfs superblock
2876  * @sb: the empty superblock
2877  * @fc: unused
2878  *
2879  * Fill in the well known entries for the smack filesystem
2880  *
2881  * Returns 0 on success, an error code on failure
2882  */
smk_fill_super(struct super_block * sb,struct fs_context * fc)2883 static int smk_fill_super(struct super_block *sb, struct fs_context *fc)
2884 {
2885 	int rc;
2886 
2887 	static const struct tree_descr smack_files[] = {
2888 		[SMK_LOAD] = {
2889 			"load", &smk_load_ops, S_IRUGO|S_IWUSR},
2890 		[SMK_CIPSO] = {
2891 			"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2892 		[SMK_DOI] = {
2893 			"doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2894 		[SMK_DIRECT] = {
2895 			"direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2896 		[SMK_AMBIENT] = {
2897 			"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2898 		[SMK_NET4ADDR] = {
2899 			"netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR},
2900 		[SMK_ONLYCAP] = {
2901 			"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2902 		[SMK_LOGGING] = {
2903 			"logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2904 		[SMK_LOAD_SELF] = {
2905 			"load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2906 		[SMK_ACCESSES] = {
2907 			"access", &smk_access_ops, S_IRUGO|S_IWUGO},
2908 		[SMK_MAPPED] = {
2909 			"mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2910 		[SMK_LOAD2] = {
2911 			"load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2912 		[SMK_LOAD_SELF2] = {
2913 			"load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2914 		[SMK_ACCESS2] = {
2915 			"access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2916 		[SMK_CIPSO2] = {
2917 			"cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2918 		[SMK_REVOKE_SUBJ] = {
2919 			"revoke-subject", &smk_revoke_subj_ops,
2920 			S_IRUGO|S_IWUSR},
2921 		[SMK_CHANGE_RULE] = {
2922 			"change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
2923 		[SMK_SYSLOG] = {
2924 			"syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
2925 		[SMK_PTRACE] = {
2926 			"ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
2927 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2928 		[SMK_UNCONFINED] = {
2929 			"unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
2930 #endif
2931 #if IS_ENABLED(CONFIG_IPV6)
2932 		[SMK_NET6ADDR] = {
2933 			"ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR},
2934 #endif /* CONFIG_IPV6 */
2935 		[SMK_RELABEL_SELF] = {
2936 			"relabel-self", &smk_relabel_self_ops,
2937 				S_IRUGO|S_IWUGO},
2938 		/* last one */
2939 			{""}
2940 	};
2941 
2942 	rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2943 	if (rc != 0) {
2944 		printk(KERN_ERR "%s failed %d while creating inodes\n",
2945 			__func__, rc);
2946 		return rc;
2947 	}
2948 
2949 	return 0;
2950 }
2951 
2952 /**
2953  * smk_get_tree - get the smackfs superblock
2954  * @fc: The mount context, including any options
2955  *
2956  * Just passes everything along.
2957  *
2958  * Returns what the lower level code does.
2959  */
smk_get_tree(struct fs_context * fc)2960 static int smk_get_tree(struct fs_context *fc)
2961 {
2962 	return get_tree_single(fc, smk_fill_super);
2963 }
2964 
2965 static const struct fs_context_operations smk_context_ops = {
2966 	.get_tree	= smk_get_tree,
2967 };
2968 
2969 /**
2970  * smk_init_fs_context - Initialise a filesystem context for smackfs
2971  * @fc: The blank mount context
2972  */
smk_init_fs_context(struct fs_context * fc)2973 static int smk_init_fs_context(struct fs_context *fc)
2974 {
2975 	fc->ops = &smk_context_ops;
2976 	return 0;
2977 }
2978 
2979 static struct file_system_type smk_fs_type = {
2980 	.name		= "smackfs",
2981 	.init_fs_context = smk_init_fs_context,
2982 	.kill_sb	= kill_litter_super,
2983 };
2984 
2985 static struct vfsmount *smackfs_mount;
2986 
2987 /**
2988  * init_smk_fs - get the smackfs superblock
2989  *
2990  * register the smackfs
2991  *
2992  * Do not register smackfs if Smack wasn't enabled
2993  * on boot. We can not put this method normally under the
2994  * smack_init() code path since the security subsystem get
2995  * initialized before the vfs caches.
2996  *
2997  * Returns true if we were not chosen on boot or if
2998  * we were chosen and filesystem registration succeeded.
2999  */
init_smk_fs(void)3000 static int __init init_smk_fs(void)
3001 {
3002 	int err;
3003 	int rc;
3004 
3005 	if (smack_enabled == 0)
3006 		return 0;
3007 
3008 	err = smk_init_sysfs();
3009 	if (err)
3010 		printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
3011 
3012 	err = register_filesystem(&smk_fs_type);
3013 	if (!err) {
3014 		smackfs_mount = kern_mount(&smk_fs_type);
3015 		if (IS_ERR(smackfs_mount)) {
3016 			printk(KERN_ERR "smackfs:  could not mount!\n");
3017 			err = PTR_ERR(smackfs_mount);
3018 			smackfs_mount = NULL;
3019 		}
3020 	}
3021 
3022 	smk_cipso_doi();
3023 	smk_unlbl_ambient(NULL);
3024 
3025 	rc = smack_populate_secattr(&smack_known_floor);
3026 	if (err == 0 && rc < 0)
3027 		err = rc;
3028 	rc = smack_populate_secattr(&smack_known_hat);
3029 	if (err == 0 && rc < 0)
3030 		err = rc;
3031 	rc = smack_populate_secattr(&smack_known_huh);
3032 	if (err == 0 && rc < 0)
3033 		err = rc;
3034 	rc = smack_populate_secattr(&smack_known_star);
3035 	if (err == 0 && rc < 0)
3036 		err = rc;
3037 	rc = smack_populate_secattr(&smack_known_web);
3038 	if (err == 0 && rc < 0)
3039 		err = rc;
3040 
3041 	return err;
3042 }
3043 
3044 __initcall(init_smk_fs);
3045