1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Author: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * 11 */ 12 13 #ifndef _SECURITY_SMACK_H 14 #define _SECURITY_SMACK_H 15 16 #include <linux/capability.h> 17 #include <linux/spinlock.h> 18 #include <linux/security.h> 19 #include <linux/in.h> 20 #include <net/netlabel.h> 21 #include <linux/list.h> 22 #include <linux/rculist.h> 23 #include <linux/lsm_audit.h> 24 25 /* 26 * Smack labels were limited to 23 characters for a long time. 27 */ 28 #define SMK_LABELLEN 24 29 #define SMK_LONGLABEL 256 30 31 /* 32 * This is the repository for labels seen so that it is 33 * not necessary to keep allocating tiny chuncks of memory 34 * and so that they can be shared. 35 * 36 * Labels are never modified in place. Anytime a label 37 * is imported (e.g. xattrset on a file) the list is checked 38 * for it and it is added if it doesn't exist. The address 39 * is passed out in either case. Entries are added, but 40 * never deleted. 41 * 42 * Since labels are hanging around anyway it doesn't 43 * hurt to maintain a secid for those awkward situations 44 * where kernel components that ought to use LSM independent 45 * interfaces don't. The secid should go away when all of 46 * these components have been repaired. 47 * 48 * The cipso value associated with the label gets stored here, too. 49 * 50 * Keep the access rules for this subject label here so that 51 * the entire set of rules does not need to be examined every 52 * time. 53 */ 54 struct smack_known { 55 struct list_head list; 56 char *smk_known; 57 u32 smk_secid; 58 struct netlbl_lsm_secattr smk_netlabel; /* on wire labels */ 59 struct list_head smk_rules; /* access rules */ 60 struct mutex smk_rules_lock; /* lock for rules */ 61 }; 62 63 /* 64 * Maximum number of bytes for the levels in a CIPSO IP option. 65 * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is 66 * bigger than can be used, and 24 is the next lower multiple 67 * of 8, and there are too many issues if there isn't space set 68 * aside for the terminating null byte. 69 */ 70 #define SMK_CIPSOLEN 24 71 72 struct superblock_smack { 73 char *smk_root; 74 char *smk_floor; 75 char *smk_hat; 76 char *smk_default; 77 int smk_initialized; 78 }; 79 80 struct socket_smack { 81 struct smack_known *smk_out; /* outbound label */ 82 char *smk_in; /* inbound label */ 83 char *smk_packet; /* TCP peer label */ 84 }; 85 86 /* 87 * Inode smack data 88 */ 89 struct inode_smack { 90 char *smk_inode; /* label of the fso */ 91 struct smack_known *smk_task; /* label of the task */ 92 struct smack_known *smk_mmap; /* label of the mmap domain */ 93 struct mutex smk_lock; /* initialization lock */ 94 int smk_flags; /* smack inode flags */ 95 }; 96 97 struct task_smack { 98 struct smack_known *smk_task; /* label for access control */ 99 struct smack_known *smk_forked; /* label when forked */ 100 struct list_head smk_rules; /* per task access rules */ 101 struct mutex smk_rules_lock; /* lock for the rules */ 102 }; 103 104 #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ 105 #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ 106 #define SMK_INODE_CHANGED 0x04 /* smack was transmuted */ 107 108 /* 109 * A label access rule. 110 */ 111 struct smack_rule { 112 struct list_head list; 113 struct smack_known *smk_subject; 114 char *smk_object; 115 int smk_access; 116 }; 117 118 /* 119 * An entry in the table identifying hosts. 120 */ 121 struct smk_netlbladdr { 122 struct list_head list; 123 struct sockaddr_in smk_host; /* network address */ 124 struct in_addr smk_mask; /* network mask */ 125 char *smk_label; /* label */ 126 }; 127 128 /* 129 * An entry in the table identifying ports. 130 */ 131 struct smk_port_label { 132 struct list_head list; 133 struct sock *smk_sock; /* socket initialized on */ 134 unsigned short smk_port; /* the port number */ 135 char *smk_in; /* incoming label */ 136 struct smack_known *smk_out; /* outgoing label */ 137 }; 138 139 /* 140 * Mount options 141 */ 142 #define SMK_FSDEFAULT "smackfsdef=" 143 #define SMK_FSFLOOR "smackfsfloor=" 144 #define SMK_FSHAT "smackfshat=" 145 #define SMK_FSROOT "smackfsroot=" 146 #define SMK_FSTRANS "smackfstransmute=" 147 148 #define SMACK_CIPSO_OPTION "-CIPSO" 149 150 /* 151 * How communications on this socket are treated. 152 * Usually it's determined by the underlying netlabel code 153 * but there are certain cases, including single label hosts 154 * and potentially single label interfaces for which the 155 * treatment can not be known in advance. 156 * 157 * The possibility of additional labeling schemes being 158 * introduced in the future exists as well. 159 */ 160 #define SMACK_UNLABELED_SOCKET 0 161 #define SMACK_CIPSO_SOCKET 1 162 163 /* 164 * CIPSO defaults. 165 */ 166 #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ 167 #define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */ 168 #define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */ 169 #define SMACK_CIPSO_MAPPED_DEFAULT 251 /* Also arbitrary */ 170 #define SMACK_CIPSO_MAXCATVAL 63 /* Bigger gets harder */ 171 #define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */ 172 #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ 173 174 /* 175 * Flag for transmute access 176 */ 177 #define MAY_TRANSMUTE 64 178 /* 179 * Just to make the common cases easier to deal with 180 */ 181 #define MAY_ANYREAD (MAY_READ | MAY_EXEC) 182 #define MAY_READWRITE (MAY_READ | MAY_WRITE) 183 #define MAY_NOT 0 184 185 /* 186 * Number of access types used by Smack (rwxat) 187 */ 188 #define SMK_NUM_ACCESS_TYPE 5 189 190 /* SMACK data */ 191 struct smack_audit_data { 192 const char *function; 193 char *subject; 194 char *object; 195 char *request; 196 int result; 197 }; 198 199 /* 200 * Smack audit data; is empty if CONFIG_AUDIT not set 201 * to save some stack 202 */ 203 struct smk_audit_info { 204 #ifdef CONFIG_AUDIT 205 struct common_audit_data a; 206 struct smack_audit_data sad; 207 #endif 208 }; 209 /* 210 * These functions are in smack_lsm.c 211 */ 212 struct inode_smack *new_inode_smack(char *); 213 214 /* 215 * These functions are in smack_access.c 216 */ 217 int smk_access_entry(char *, char *, struct list_head *); 218 int smk_access(struct smack_known *, char *, int, struct smk_audit_info *); 219 int smk_curacc(char *, u32, struct smk_audit_info *); 220 struct smack_known *smack_from_secid(const u32); 221 char *smk_parse_smack(const char *string, int len); 222 int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int); 223 char *smk_import(const char *, int); 224 struct smack_known *smk_import_entry(const char *, int); 225 struct smack_known *smk_find_entry(const char *); 226 u32 smack_to_secid(const char *); 227 228 /* 229 * Shared data. 230 */ 231 extern int smack_cipso_direct; 232 extern int smack_cipso_mapped; 233 extern struct smack_known *smack_net_ambient; 234 extern char *smack_onlycap; 235 extern const char *smack_cipso_option; 236 237 extern struct smack_known smack_known_floor; 238 extern struct smack_known smack_known_hat; 239 extern struct smack_known smack_known_huh; 240 extern struct smack_known smack_known_invalid; 241 extern struct smack_known smack_known_star; 242 extern struct smack_known smack_known_web; 243 244 extern struct mutex smack_known_lock; 245 extern struct list_head smack_known_list; 246 extern struct list_head smk_netlbladdr_list; 247 248 extern struct security_operations smack_ops; 249 250 /* 251 * Is the directory transmuting? 252 */ 253 static inline int smk_inode_transmutable(const struct inode *isp) 254 { 255 struct inode_smack *sip = isp->i_security; 256 return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; 257 } 258 259 /* 260 * Present a pointer to the smack label in an inode blob. 261 */ 262 static inline char *smk_of_inode(const struct inode *isp) 263 { 264 struct inode_smack *sip = isp->i_security; 265 return sip->smk_inode; 266 } 267 268 /* 269 * Present a pointer to the smack label entry in an task blob. 270 */ 271 static inline struct smack_known *smk_of_task(const struct task_smack *tsp) 272 { 273 return tsp->smk_task; 274 } 275 276 /* 277 * Present a pointer to the forked smack label entry in an task blob. 278 */ 279 static inline struct smack_known *smk_of_forked(const struct task_smack *tsp) 280 { 281 return tsp->smk_forked; 282 } 283 284 /* 285 * Present a pointer to the smack label in the current task blob. 286 */ 287 static inline struct smack_known *smk_of_current(void) 288 { 289 return smk_of_task(current_security()); 290 } 291 292 /* 293 * Is the task privileged and allowed to be privileged 294 * by the onlycap rule. 295 */ 296 static inline int smack_privileged(int cap) 297 { 298 struct smack_known *skp = smk_of_current(); 299 300 if (!capable(cap)) 301 return 0; 302 if (smack_onlycap == NULL || smack_onlycap == skp->smk_known) 303 return 1; 304 return 0; 305 } 306 307 /* 308 * logging functions 309 */ 310 #define SMACK_AUDIT_DENIED 0x1 311 #define SMACK_AUDIT_ACCEPT 0x2 312 extern int log_policy; 313 314 void smack_log(char *subject_label, char *object_label, 315 int request, 316 int result, struct smk_audit_info *auditdata); 317 318 #ifdef CONFIG_AUDIT 319 320 /* 321 * some inline functions to set up audit data 322 * they do nothing if CONFIG_AUDIT is not set 323 * 324 */ 325 static inline void smk_ad_init(struct smk_audit_info *a, const char *func, 326 char type) 327 { 328 memset(&a->sad, 0, sizeof(a->sad)); 329 a->a.type = type; 330 a->a.smack_audit_data = &a->sad; 331 a->a.smack_audit_data->function = func; 332 } 333 334 static inline void smk_ad_init_net(struct smk_audit_info *a, const char *func, 335 char type, struct lsm_network_audit *net) 336 { 337 smk_ad_init(a, func, type); 338 memset(net, 0, sizeof(*net)); 339 a->a.u.net = net; 340 } 341 342 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, 343 struct task_struct *t) 344 { 345 a->a.u.tsk = t; 346 } 347 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, 348 struct dentry *d) 349 { 350 a->a.u.dentry = d; 351 } 352 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, 353 struct inode *i) 354 { 355 a->a.u.inode = i; 356 } 357 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, 358 struct path p) 359 { 360 a->a.u.path = p; 361 } 362 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, 363 struct sock *sk) 364 { 365 a->a.u.net->sk = sk; 366 } 367 368 #else /* no AUDIT */ 369 370 static inline void smk_ad_init(struct smk_audit_info *a, const char *func, 371 char type) 372 { 373 } 374 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, 375 struct task_struct *t) 376 { 377 } 378 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, 379 struct dentry *d) 380 { 381 } 382 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, 383 struct vfsmount *m) 384 { 385 } 386 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, 387 struct inode *i) 388 { 389 } 390 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, 391 struct path p) 392 { 393 } 394 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, 395 struct sock *sk) 396 { 397 } 398 #endif 399 400 #endif /* _SECURITY_SMACK_H */ 401