xref: /linux/security/smack/smack.h (revision 9f69e8a71026839d4bd2e0c6d269600bfaa6f84d) 
1 /*
2  * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3  *
4  *      This program is free software; you can redistribute it and/or modify
5  *      it under the terms of the GNU General Public License as published by
6  *      the Free Software Foundation, version 2.
7  *
8  * Author:
9  *      Casey Schaufler <casey@schaufler-ca.com>
10  *
11  */
12 
13 #ifndef _SECURITY_SMACK_H
14 #define _SECURITY_SMACK_H
15 
16 #include <linux/capability.h>
17 #include <linux/spinlock.h>
18 #include <linux/security.h>
19 #include <linux/in.h>
20 #include <net/netlabel.h>
21 #include <linux/list.h>
22 #include <linux/rculist.h>
23 #include <linux/lsm_audit.h>
24 
25 /*
26  * Smack labels were limited to 23 characters for a long time.
27  */
28 #define SMK_LABELLEN	24
29 #define SMK_LONGLABEL	256
30 
31 /*
32  * This is the repository for labels seen so that it is
33  * not necessary to keep allocating tiny chuncks of memory
34  * and so that they can be shared.
35  *
36  * Labels are never modified in place. Anytime a label
37  * is imported (e.g. xattrset on a file) the list is checked
38  * for it and it is added if it doesn't exist. The address
39  * is passed out in either case. Entries are added, but
40  * never deleted.
41  *
42  * Since labels are hanging around anyway it doesn't
43  * hurt to maintain a secid for those awkward situations
44  * where kernel components that ought to use LSM independent
45  * interfaces don't. The secid should go away when all of
46  * these components have been repaired.
47  *
48  * The cipso value associated with the label gets stored here, too.
49  *
50  * Keep the access rules for this subject label here so that
51  * the entire set of rules does not need to be examined every
52  * time.
53  */
54 struct smack_known {
55 	struct list_head		list;
56 	struct hlist_node		smk_hashed;
57 	char				*smk_known;
58 	u32				smk_secid;
59 	struct netlbl_lsm_secattr	smk_netlabel;	/* on wire labels */
60 	struct list_head		smk_rules;	/* access rules */
61 	struct mutex			smk_rules_lock;	/* lock for rules */
62 };
63 
64 /*
65  * Maximum number of bytes for the levels in a CIPSO IP option.
66  * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is
67  * bigger than can be used, and 24 is the next lower multiple
68  * of 8, and there are too many issues if there isn't space set
69  * aside for the terminating null byte.
70  */
71 #define SMK_CIPSOLEN	24
72 
73 struct superblock_smack {
74 	struct smack_known	*smk_root;
75 	struct smack_known	*smk_floor;
76 	struct smack_known	*smk_hat;
77 	struct smack_known	*smk_default;
78 	int			smk_initialized;
79 };
80 
81 struct socket_smack {
82 	struct smack_known	*smk_out;	/* outbound label */
83 	struct smack_known	*smk_in;	/* inbound label */
84 	struct smack_known	*smk_packet;	/* TCP peer label */
85 };
86 
87 /*
88  * Inode smack data
89  */
90 struct inode_smack {
91 	struct smack_known	*smk_inode;	/* label of the fso */
92 	struct smack_known	*smk_task;	/* label of the task */
93 	struct smack_known	*smk_mmap;	/* label of the mmap domain */
94 	struct mutex		smk_lock;	/* initialization lock */
95 	int			smk_flags;	/* smack inode flags */
96 };
97 
98 struct task_smack {
99 	struct smack_known	*smk_task;	/* label for access control */
100 	struct smack_known	*smk_forked;	/* label when forked */
101 	struct list_head	smk_rules;	/* per task access rules */
102 	struct mutex		smk_rules_lock;	/* lock for the rules */
103 };
104 
105 #define	SMK_INODE_INSTANT	0x01	/* inode is instantiated */
106 #define	SMK_INODE_TRANSMUTE	0x02	/* directory is transmuting */
107 #define	SMK_INODE_CHANGED	0x04	/* smack was transmuted */
108 #define	SMK_INODE_IMPURE	0x08	/* involved in an impure transaction */
109 
110 /*
111  * A label access rule.
112  */
113 struct smack_rule {
114 	struct list_head	list;
115 	struct smack_known	*smk_subject;
116 	struct smack_known	*smk_object;
117 	int			smk_access;
118 };
119 
120 /*
121  * An entry in the table identifying hosts.
122  */
123 struct smk_netlbladdr {
124 	struct list_head	list;
125 	struct sockaddr_in	smk_host;	/* network address */
126 	struct in_addr		smk_mask;	/* network mask */
127 	struct smack_known	*smk_label;	/* label */
128 };
129 
130 /*
131  * An entry in the table identifying ports.
132  */
133 struct smk_port_label {
134 	struct list_head	list;
135 	struct sock		*smk_sock;	/* socket initialized on */
136 	unsigned short		smk_port;	/* the port number */
137 	struct smack_known	*smk_in;	/* inbound label */
138 	struct smack_known	*smk_out;	/* outgoing label */
139 };
140 
141 /*
142  * Mount options
143  */
144 #define SMK_FSDEFAULT	"smackfsdef="
145 #define SMK_FSFLOOR	"smackfsfloor="
146 #define SMK_FSHAT	"smackfshat="
147 #define SMK_FSROOT	"smackfsroot="
148 #define SMK_FSTRANS	"smackfstransmute="
149 
150 #define SMACK_CIPSO_OPTION 	"-CIPSO"
151 
152 /*
153  * How communications on this socket are treated.
154  * Usually it's determined by the underlying netlabel code
155  * but there are certain cases, including single label hosts
156  * and potentially single label interfaces for which the
157  * treatment can not be known in advance.
158  *
159  * The possibility of additional labeling schemes being
160  * introduced in the future exists as well.
161  */
162 #define SMACK_UNLABELED_SOCKET	0
163 #define SMACK_CIPSO_SOCKET	1
164 
165 /*
166  * CIPSO defaults.
167  */
168 #define SMACK_CIPSO_DOI_DEFAULT		3	/* Historical */
169 #define SMACK_CIPSO_DOI_INVALID		-1	/* Not a DOI */
170 #define SMACK_CIPSO_DIRECT_DEFAULT	250	/* Arbitrary */
171 #define SMACK_CIPSO_MAPPED_DEFAULT	251	/* Also arbitrary */
172 #define SMACK_CIPSO_MAXLEVEL            255     /* CIPSO 2.2 standard */
173 /*
174  * CIPSO 2.2 standard is 239, but Smack wants to use the
175  * categories in a structured way that limits the value to
176  * the bits in 23 bytes, hence the unusual number.
177  */
178 #define SMACK_CIPSO_MAXCATNUM           184     /* 23 * 8 */
179 
180 /*
181  * Ptrace rules
182  */
183 #define SMACK_PTRACE_DEFAULT	0
184 #define SMACK_PTRACE_EXACT	1
185 #define SMACK_PTRACE_DRACONIAN	2
186 #define SMACK_PTRACE_MAX	SMACK_PTRACE_DRACONIAN
187 
188 /*
189  * Flags for untraditional access modes.
190  * It shouldn't be necessary to avoid conflicts with definitions
191  * in fs.h, but do so anyway.
192  */
193 #define MAY_TRANSMUTE	0x00001000	/* Controls directory labeling */
194 #define MAY_LOCK	0x00002000	/* Locks should be writes, but ... */
195 #define MAY_BRINGUP	0x00004000	/* Report use of this rule */
196 
197 #define SMACK_BRINGUP_ALLOW		1	/* Allow bringup mode */
198 #define SMACK_UNCONFINED_SUBJECT	2	/* Allow unconfined label */
199 #define SMACK_UNCONFINED_OBJECT		3	/* Allow unconfined label */
200 
201 /*
202  * Just to make the common cases easier to deal with
203  */
204 #define MAY_ANYREAD	(MAY_READ | MAY_EXEC)
205 #define MAY_READWRITE	(MAY_READ | MAY_WRITE)
206 #define MAY_NOT		0
207 
208 /*
209  * Number of access types used by Smack (rwxatlb)
210  */
211 #define SMK_NUM_ACCESS_TYPE 7
212 
213 /* SMACK data */
214 struct smack_audit_data {
215 	const char *function;
216 	char *subject;
217 	char *object;
218 	char *request;
219 	int result;
220 };
221 
222 /*
223  * Smack audit data; is empty if CONFIG_AUDIT not set
224  * to save some stack
225  */
226 struct smk_audit_info {
227 #ifdef CONFIG_AUDIT
228 	struct common_audit_data a;
229 	struct smack_audit_data sad;
230 #endif
231 };
232 /*
233  * These functions are in smack_lsm.c
234  */
235 struct inode_smack *new_inode_smack(struct smack_known *);
236 
237 /*
238  * These functions are in smack_access.c
239  */
240 int smk_access_entry(char *, char *, struct list_head *);
241 int smk_access(struct smack_known *, struct smack_known *,
242 	       int, struct smk_audit_info *);
243 int smk_tskacc(struct task_smack *, struct smack_known *,
244 	       u32, struct smk_audit_info *);
245 int smk_curacc(struct smack_known *, u32, struct smk_audit_info *);
246 struct smack_known *smack_from_secid(const u32);
247 char *smk_parse_smack(const char *string, int len);
248 int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int);
249 struct smack_known *smk_import_entry(const char *, int);
250 void smk_insert_entry(struct smack_known *skp);
251 struct smack_known *smk_find_entry(const char *);
252 
253 /*
254  * Shared data.
255  */
256 extern int smack_enabled;
257 extern int smack_cipso_direct;
258 extern int smack_cipso_mapped;
259 extern struct smack_known *smack_net_ambient;
260 extern struct smack_known *smack_onlycap;
261 extern struct smack_known *smack_syslog_label;
262 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
263 extern struct smack_known *smack_unconfined;
264 #endif
265 extern struct smack_known smack_cipso_option;
266 extern int smack_ptrace_rule;
267 
268 extern struct smack_known smack_known_floor;
269 extern struct smack_known smack_known_hat;
270 extern struct smack_known smack_known_huh;
271 extern struct smack_known smack_known_invalid;
272 extern struct smack_known smack_known_star;
273 extern struct smack_known smack_known_web;
274 
275 extern struct mutex	smack_known_lock;
276 extern struct list_head smack_known_list;
277 extern struct list_head smk_netlbladdr_list;
278 
279 extern struct security_operations smack_ops;
280 
281 #define SMACK_HASH_SLOTS 16
282 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
283 
284 /*
285  * Is the directory transmuting?
286  */
287 static inline int smk_inode_transmutable(const struct inode *isp)
288 {
289 	struct inode_smack *sip = isp->i_security;
290 	return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
291 }
292 
293 /*
294  * Present a pointer to the smack label entry in an inode blob.
295  */
296 static inline struct smack_known *smk_of_inode(const struct inode *isp)
297 {
298 	struct inode_smack *sip = isp->i_security;
299 	return sip->smk_inode;
300 }
301 
302 /*
303  * Present a pointer to the smack label entry in an task blob.
304  */
305 static inline struct smack_known *smk_of_task(const struct task_smack *tsp)
306 {
307 	return tsp->smk_task;
308 }
309 
310 static inline struct smack_known *smk_of_task_struct(const struct task_struct *t)
311 {
312 	struct smack_known *skp;
313 
314 	rcu_read_lock();
315 	skp = smk_of_task(__task_cred(t)->security);
316 	rcu_read_unlock();
317 	return skp;
318 }
319 
320 /*
321  * Present a pointer to the forked smack label entry in an task blob.
322  */
323 static inline struct smack_known *smk_of_forked(const struct task_smack *tsp)
324 {
325 	return tsp->smk_forked;
326 }
327 
328 /*
329  * Present a pointer to the smack label in the current task blob.
330  */
331 static inline struct smack_known *smk_of_current(void)
332 {
333 	return smk_of_task(current_security());
334 }
335 
336 /*
337  * Is the task privileged and allowed to be privileged
338  * by the onlycap rule.
339  */
340 static inline int smack_privileged(int cap)
341 {
342 	struct smack_known *skp = smk_of_current();
343 
344 	if (!capable(cap))
345 		return 0;
346 	if (smack_onlycap == NULL || smack_onlycap == skp)
347 		return 1;
348 	return 0;
349 }
350 
351 /*
352  * logging functions
353  */
354 #define SMACK_AUDIT_DENIED 0x1
355 #define SMACK_AUDIT_ACCEPT 0x2
356 extern int log_policy;
357 
358 void smack_log(char *subject_label, char *object_label,
359 		int request,
360 		int result, struct smk_audit_info *auditdata);
361 
362 #ifdef CONFIG_AUDIT
363 
364 /*
365  * some inline functions to set up audit data
366  * they do nothing if CONFIG_AUDIT is not set
367  *
368  */
369 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
370 			       char type)
371 {
372 	memset(&a->sad, 0, sizeof(a->sad));
373 	a->a.type = type;
374 	a->a.smack_audit_data = &a->sad;
375 	a->a.smack_audit_data->function = func;
376 }
377 
378 static inline void smk_ad_init_net(struct smk_audit_info *a, const char *func,
379 				   char type, struct lsm_network_audit *net)
380 {
381 	smk_ad_init(a, func, type);
382 	memset(net, 0, sizeof(*net));
383 	a->a.u.net = net;
384 }
385 
386 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
387 					 struct task_struct *t)
388 {
389 	a->a.u.tsk = t;
390 }
391 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
392 						    struct dentry *d)
393 {
394 	a->a.u.dentry = d;
395 }
396 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
397 					      struct inode *i)
398 {
399 	a->a.u.inode = i;
400 }
401 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
402 					     struct path p)
403 {
404 	a->a.u.path = p;
405 }
406 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
407 					    struct sock *sk)
408 {
409 	a->a.u.net->sk = sk;
410 }
411 
412 #else /* no AUDIT */
413 
414 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
415 			       char type)
416 {
417 }
418 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
419 					 struct task_struct *t)
420 {
421 }
422 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
423 						    struct dentry *d)
424 {
425 }
426 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
427 						 struct vfsmount *m)
428 {
429 }
430 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
431 					      struct inode *i)
432 {
433 }
434 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
435 					     struct path p)
436 {
437 }
438 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
439 					    struct sock *sk)
440 {
441 }
442 #endif
443 
444 #endif  /* _SECURITY_SMACK_H */
445