1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include <linux/io_uring.h> 46 #include "smack.h" 47 48 #define TRANS_TRUE "TRUE" 49 #define TRANS_TRUE_SIZE 4 50 51 #define SMK_CONNECTING 0 52 #define SMK_RECEIVING 1 53 #define SMK_SENDING 2 54 55 #ifdef SMACK_IPV6_PORT_LABELING 56 static DEFINE_MUTEX(smack_ipv6_lock); 57 static LIST_HEAD(smk_ipv6_port_list); 58 #endif 59 struct kmem_cache *smack_rule_cache; 60 int smack_enabled __initdata; 61 62 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 63 static struct { 64 const char *name; 65 int len; 66 int opt; 67 } smk_mount_opts[] = { 68 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 69 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 70 }; 71 #undef A 72 73 static int match_opt_prefix(char *s, int l, char **arg) 74 { 75 int i; 76 77 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 78 size_t len = smk_mount_opts[i].len; 79 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 80 continue; 81 if (len == l || s[len] != '=') 82 continue; 83 *arg = s + len + 1; 84 return smk_mount_opts[i].opt; 85 } 86 return Opt_error; 87 } 88 89 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 90 static char *smk_bu_mess[] = { 91 "Bringup Error", /* Unused */ 92 "Bringup", /* SMACK_BRINGUP_ALLOW */ 93 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 94 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 95 }; 96 97 static void smk_bu_mode(int mode, char *s) 98 { 99 int i = 0; 100 101 if (mode & MAY_READ) 102 s[i++] = 'r'; 103 if (mode & MAY_WRITE) 104 s[i++] = 'w'; 105 if (mode & MAY_EXEC) 106 s[i++] = 'x'; 107 if (mode & MAY_APPEND) 108 s[i++] = 'a'; 109 if (mode & MAY_TRANSMUTE) 110 s[i++] = 't'; 111 if (mode & MAY_LOCK) 112 s[i++] = 'l'; 113 if (i == 0) 114 s[i++] = '-'; 115 s[i] = '\0'; 116 } 117 #endif 118 119 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 120 static int smk_bu_note(char *note, struct smack_known *sskp, 121 struct smack_known *oskp, int mode, int rc) 122 { 123 char acc[SMK_NUM_ACCESS_TYPE + 1]; 124 125 if (rc <= 0) 126 return rc; 127 if (rc > SMACK_UNCONFINED_OBJECT) 128 rc = 0; 129 130 smk_bu_mode(mode, acc); 131 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 132 sskp->smk_known, oskp->smk_known, acc, note); 133 return 0; 134 } 135 #else 136 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 137 #endif 138 139 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 140 static int smk_bu_current(char *note, struct smack_known *oskp, 141 int mode, int rc) 142 { 143 struct task_smack *tsp = smack_cred(current_cred()); 144 char acc[SMK_NUM_ACCESS_TYPE + 1]; 145 146 if (rc <= 0) 147 return rc; 148 if (rc > SMACK_UNCONFINED_OBJECT) 149 rc = 0; 150 151 smk_bu_mode(mode, acc); 152 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 153 tsp->smk_task->smk_known, oskp->smk_known, 154 acc, current->comm, note); 155 return 0; 156 } 157 #else 158 #define smk_bu_current(note, oskp, mode, RC) (RC) 159 #endif 160 161 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 162 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 163 { 164 struct task_smack *tsp = smack_cred(current_cred()); 165 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 166 char acc[SMK_NUM_ACCESS_TYPE + 1]; 167 168 if (rc <= 0) 169 return rc; 170 if (rc > SMACK_UNCONFINED_OBJECT) 171 rc = 0; 172 173 smk_bu_mode(mode, acc); 174 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 175 tsp->smk_task->smk_known, smk_task->smk_known, acc, 176 current->comm, otp->comm); 177 return 0; 178 } 179 #else 180 #define smk_bu_task(otp, mode, RC) (RC) 181 #endif 182 183 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 184 static int smk_bu_inode(struct inode *inode, int mode, int rc) 185 { 186 struct task_smack *tsp = smack_cred(current_cred()); 187 struct inode_smack *isp = smack_inode(inode); 188 char acc[SMK_NUM_ACCESS_TYPE + 1]; 189 190 if (isp->smk_flags & SMK_INODE_IMPURE) 191 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 192 inode->i_sb->s_id, inode->i_ino, current->comm); 193 194 if (rc <= 0) 195 return rc; 196 if (rc > SMACK_UNCONFINED_OBJECT) 197 rc = 0; 198 if (rc == SMACK_UNCONFINED_SUBJECT && 199 (mode & (MAY_WRITE | MAY_APPEND))) 200 isp->smk_flags |= SMK_INODE_IMPURE; 201 202 smk_bu_mode(mode, acc); 203 204 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 205 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 206 inode->i_sb->s_id, inode->i_ino, current->comm); 207 return 0; 208 } 209 #else 210 #define smk_bu_inode(inode, mode, RC) (RC) 211 #endif 212 213 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 214 static int smk_bu_file(struct file *file, int mode, int rc) 215 { 216 struct task_smack *tsp = smack_cred(current_cred()); 217 struct smack_known *sskp = tsp->smk_task; 218 struct inode *inode = file_inode(file); 219 struct inode_smack *isp = smack_inode(inode); 220 char acc[SMK_NUM_ACCESS_TYPE + 1]; 221 222 if (isp->smk_flags & SMK_INODE_IMPURE) 223 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 224 inode->i_sb->s_id, inode->i_ino, current->comm); 225 226 if (rc <= 0) 227 return rc; 228 if (rc > SMACK_UNCONFINED_OBJECT) 229 rc = 0; 230 231 smk_bu_mode(mode, acc); 232 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 233 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 234 inode->i_sb->s_id, inode->i_ino, file, 235 current->comm); 236 return 0; 237 } 238 #else 239 #define smk_bu_file(file, mode, RC) (RC) 240 #endif 241 242 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 243 static int smk_bu_credfile(const struct cred *cred, struct file *file, 244 int mode, int rc) 245 { 246 struct task_smack *tsp = smack_cred(cred); 247 struct smack_known *sskp = tsp->smk_task; 248 struct inode *inode = file_inode(file); 249 struct inode_smack *isp = smack_inode(inode); 250 char acc[SMK_NUM_ACCESS_TYPE + 1]; 251 252 if (isp->smk_flags & SMK_INODE_IMPURE) 253 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 254 inode->i_sb->s_id, inode->i_ino, current->comm); 255 256 if (rc <= 0) 257 return rc; 258 if (rc > SMACK_UNCONFINED_OBJECT) 259 rc = 0; 260 261 smk_bu_mode(mode, acc); 262 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 263 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 264 inode->i_sb->s_id, inode->i_ino, file, 265 current->comm); 266 return 0; 267 } 268 #else 269 #define smk_bu_credfile(cred, file, mode, RC) (RC) 270 #endif 271 272 /** 273 * smk_fetch - Fetch the smack label from a file. 274 * @name: type of the label (attribute) 275 * @ip: a pointer to the inode 276 * @dp: a pointer to the dentry 277 * 278 * Returns a pointer to the master list entry for the Smack label, 279 * NULL if there was no label to fetch, or an error code. 280 */ 281 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 282 struct dentry *dp) 283 { 284 int rc; 285 char *buffer; 286 struct smack_known *skp = NULL; 287 288 if (!(ip->i_opflags & IOP_XATTR)) 289 return ERR_PTR(-EOPNOTSUPP); 290 291 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 292 if (buffer == NULL) 293 return ERR_PTR(-ENOMEM); 294 295 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 296 if (rc < 0) 297 skp = ERR_PTR(rc); 298 else if (rc == 0) 299 skp = NULL; 300 else 301 skp = smk_import_entry(buffer, rc); 302 303 kfree(buffer); 304 305 return skp; 306 } 307 308 /** 309 * init_inode_smack - initialize an inode security blob 310 * @inode: inode to extract the info from 311 * @skp: a pointer to the Smack label entry to use in the blob 312 * 313 */ 314 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 315 { 316 struct inode_smack *isp = smack_inode(inode); 317 318 isp->smk_inode = skp; 319 isp->smk_flags = 0; 320 } 321 322 /** 323 * init_task_smack - initialize a task security blob 324 * @tsp: blob to initialize 325 * @task: a pointer to the Smack label for the running task 326 * @forked: a pointer to the Smack label for the forked task 327 * 328 */ 329 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 330 struct smack_known *forked) 331 { 332 tsp->smk_task = task; 333 tsp->smk_forked = forked; 334 INIT_LIST_HEAD(&tsp->smk_rules); 335 INIT_LIST_HEAD(&tsp->smk_relabel); 336 mutex_init(&tsp->smk_rules_lock); 337 } 338 339 /** 340 * smk_copy_rules - copy a rule set 341 * @nhead: new rules header pointer 342 * @ohead: old rules header pointer 343 * @gfp: type of the memory for the allocation 344 * 345 * Returns 0 on success, -ENOMEM on error 346 */ 347 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 348 gfp_t gfp) 349 { 350 struct smack_rule *nrp; 351 struct smack_rule *orp; 352 int rc = 0; 353 354 list_for_each_entry_rcu(orp, ohead, list) { 355 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 356 if (nrp == NULL) { 357 rc = -ENOMEM; 358 break; 359 } 360 *nrp = *orp; 361 list_add_rcu(&nrp->list, nhead); 362 } 363 return rc; 364 } 365 366 /** 367 * smk_copy_relabel - copy smk_relabel labels list 368 * @nhead: new rules header pointer 369 * @ohead: old rules header pointer 370 * @gfp: type of the memory for the allocation 371 * 372 * Returns 0 on success, -ENOMEM on error 373 */ 374 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 375 gfp_t gfp) 376 { 377 struct smack_known_list_elem *nklep; 378 struct smack_known_list_elem *oklep; 379 380 list_for_each_entry(oklep, ohead, list) { 381 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 382 if (nklep == NULL) { 383 smk_destroy_label_list(nhead); 384 return -ENOMEM; 385 } 386 nklep->smk_label = oklep->smk_label; 387 list_add(&nklep->list, nhead); 388 } 389 390 return 0; 391 } 392 393 /** 394 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 395 * @mode: input mode in form of PTRACE_MODE_* 396 * 397 * Returns a converted MAY_* mode usable by smack rules 398 */ 399 static inline unsigned int smk_ptrace_mode(unsigned int mode) 400 { 401 if (mode & PTRACE_MODE_ATTACH) 402 return MAY_READWRITE; 403 if (mode & PTRACE_MODE_READ) 404 return MAY_READ; 405 406 return 0; 407 } 408 409 /** 410 * smk_ptrace_rule_check - helper for ptrace access 411 * @tracer: tracer process 412 * @tracee_known: label entry of the process that's about to be traced 413 * @mode: ptrace attachment mode (PTRACE_MODE_*) 414 * @func: name of the function that called us, used for audit 415 * 416 * Returns 0 on access granted, -error on error 417 */ 418 static int smk_ptrace_rule_check(struct task_struct *tracer, 419 struct smack_known *tracee_known, 420 unsigned int mode, const char *func) 421 { 422 int rc; 423 struct smk_audit_info ad, *saip = NULL; 424 struct task_smack *tsp; 425 struct smack_known *tracer_known; 426 const struct cred *tracercred; 427 428 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 429 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 430 smk_ad_setfield_u_tsk(&ad, tracer); 431 saip = &ad; 432 } 433 434 rcu_read_lock(); 435 tracercred = __task_cred(tracer); 436 tsp = smack_cred(tracercred); 437 tracer_known = smk_of_task(tsp); 438 439 if ((mode & PTRACE_MODE_ATTACH) && 440 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 441 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 442 if (tracer_known->smk_known == tracee_known->smk_known) 443 rc = 0; 444 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 445 rc = -EACCES; 446 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 447 rc = 0; 448 else 449 rc = -EACCES; 450 451 if (saip) 452 smack_log(tracer_known->smk_known, 453 tracee_known->smk_known, 454 0, rc, saip); 455 456 rcu_read_unlock(); 457 return rc; 458 } 459 460 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 461 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 462 463 rcu_read_unlock(); 464 return rc; 465 } 466 467 /* 468 * LSM hooks. 469 * We he, that is fun! 470 */ 471 472 /** 473 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 474 * @ctp: child task pointer 475 * @mode: ptrace attachment mode (PTRACE_MODE_*) 476 * 477 * Returns 0 if access is OK, an error code otherwise 478 * 479 * Do the capability checks. 480 */ 481 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 482 { 483 struct smack_known *skp; 484 485 skp = smk_of_task_struct_obj(ctp); 486 487 return smk_ptrace_rule_check(current, skp, mode, __func__); 488 } 489 490 /** 491 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 492 * @ptp: parent task pointer 493 * 494 * Returns 0 if access is OK, an error code otherwise 495 * 496 * Do the capability checks, and require PTRACE_MODE_ATTACH. 497 */ 498 static int smack_ptrace_traceme(struct task_struct *ptp) 499 { 500 struct smack_known *skp; 501 502 skp = smk_of_task(smack_cred(current_cred())); 503 504 return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 505 } 506 507 /** 508 * smack_syslog - Smack approval on syslog 509 * @typefrom_file: unused 510 * 511 * Returns 0 on success, error code otherwise. 512 */ 513 static int smack_syslog(int typefrom_file) 514 { 515 int rc = 0; 516 struct smack_known *skp = smk_of_current(); 517 518 if (smack_privileged(CAP_MAC_OVERRIDE)) 519 return 0; 520 521 if (smack_syslog_label != NULL && smack_syslog_label != skp) 522 rc = -EACCES; 523 524 return rc; 525 } 526 527 /* 528 * Superblock Hooks. 529 */ 530 531 /** 532 * smack_sb_alloc_security - allocate a superblock blob 533 * @sb: the superblock getting the blob 534 * 535 * Returns 0 on success or -ENOMEM on error. 536 */ 537 static int smack_sb_alloc_security(struct super_block *sb) 538 { 539 struct superblock_smack *sbsp = smack_superblock(sb); 540 541 sbsp->smk_root = &smack_known_floor; 542 sbsp->smk_default = &smack_known_floor; 543 sbsp->smk_floor = &smack_known_floor; 544 sbsp->smk_hat = &smack_known_hat; 545 /* 546 * SMK_SB_INITIALIZED will be zero from kzalloc. 547 */ 548 549 return 0; 550 } 551 552 struct smack_mnt_opts { 553 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; 554 }; 555 556 static void smack_free_mnt_opts(void *mnt_opts) 557 { 558 struct smack_mnt_opts *opts = mnt_opts; 559 kfree(opts->fsdefault); 560 kfree(opts->fsfloor); 561 kfree(opts->fshat); 562 kfree(opts->fsroot); 563 kfree(opts->fstransmute); 564 kfree(opts); 565 } 566 567 static int smack_add_opt(int token, const char *s, void **mnt_opts) 568 { 569 struct smack_mnt_opts *opts = *mnt_opts; 570 571 if (!opts) { 572 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 573 if (!opts) 574 return -ENOMEM; 575 *mnt_opts = opts; 576 } 577 if (!s) 578 return -ENOMEM; 579 580 switch (token) { 581 case Opt_fsdefault: 582 if (opts->fsdefault) 583 goto out_opt_err; 584 opts->fsdefault = s; 585 break; 586 case Opt_fsfloor: 587 if (opts->fsfloor) 588 goto out_opt_err; 589 opts->fsfloor = s; 590 break; 591 case Opt_fshat: 592 if (opts->fshat) 593 goto out_opt_err; 594 opts->fshat = s; 595 break; 596 case Opt_fsroot: 597 if (opts->fsroot) 598 goto out_opt_err; 599 opts->fsroot = s; 600 break; 601 case Opt_fstransmute: 602 if (opts->fstransmute) 603 goto out_opt_err; 604 opts->fstransmute = s; 605 break; 606 } 607 return 0; 608 609 out_opt_err: 610 pr_warn("Smack: duplicate mount options\n"); 611 return -EINVAL; 612 } 613 614 /** 615 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 616 * @fc: The new filesystem context. 617 * @src_fc: The source filesystem context being duplicated. 618 * 619 * Returns 0 on success or -ENOMEM on error. 620 */ 621 static int smack_fs_context_dup(struct fs_context *fc, 622 struct fs_context *src_fc) 623 { 624 struct smack_mnt_opts *dst, *src = src_fc->security; 625 626 if (!src) 627 return 0; 628 629 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 630 if (!fc->security) 631 return -ENOMEM; 632 dst = fc->security; 633 634 if (src->fsdefault) { 635 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); 636 if (!dst->fsdefault) 637 return -ENOMEM; 638 } 639 if (src->fsfloor) { 640 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL); 641 if (!dst->fsfloor) 642 return -ENOMEM; 643 } 644 if (src->fshat) { 645 dst->fshat = kstrdup(src->fshat, GFP_KERNEL); 646 if (!dst->fshat) 647 return -ENOMEM; 648 } 649 if (src->fsroot) { 650 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL); 651 if (!dst->fsroot) 652 return -ENOMEM; 653 } 654 if (src->fstransmute) { 655 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL); 656 if (!dst->fstransmute) 657 return -ENOMEM; 658 } 659 return 0; 660 } 661 662 static const struct fs_parameter_spec smack_fs_parameters[] = { 663 fsparam_string("smackfsdef", Opt_fsdefault), 664 fsparam_string("smackfsdefault", Opt_fsdefault), 665 fsparam_string("smackfsfloor", Opt_fsfloor), 666 fsparam_string("smackfshat", Opt_fshat), 667 fsparam_string("smackfsroot", Opt_fsroot), 668 fsparam_string("smackfstransmute", Opt_fstransmute), 669 {} 670 }; 671 672 /** 673 * smack_fs_context_parse_param - Parse a single mount parameter 674 * @fc: The new filesystem context being constructed. 675 * @param: The parameter. 676 * 677 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 678 * error. 679 */ 680 static int smack_fs_context_parse_param(struct fs_context *fc, 681 struct fs_parameter *param) 682 { 683 struct fs_parse_result result; 684 int opt, rc; 685 686 opt = fs_parse(fc, smack_fs_parameters, param, &result); 687 if (opt < 0) 688 return opt; 689 690 rc = smack_add_opt(opt, param->string, &fc->security); 691 if (!rc) 692 param->string = NULL; 693 return rc; 694 } 695 696 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 697 { 698 char *from = options, *to = options; 699 bool first = true; 700 701 while (1) { 702 char *next = strchr(from, ','); 703 int token, len, rc; 704 char *arg = NULL; 705 706 if (next) 707 len = next - from; 708 else 709 len = strlen(from); 710 711 token = match_opt_prefix(from, len, &arg); 712 if (token != Opt_error) { 713 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 714 rc = smack_add_opt(token, arg, mnt_opts); 715 if (unlikely(rc)) { 716 kfree(arg); 717 if (*mnt_opts) 718 smack_free_mnt_opts(*mnt_opts); 719 *mnt_opts = NULL; 720 return rc; 721 } 722 } else { 723 if (!first) { // copy with preceding comma 724 from--; 725 len++; 726 } 727 if (to != from) 728 memmove(to, from, len); 729 to += len; 730 first = false; 731 } 732 if (!from[len]) 733 break; 734 from += len + 1; 735 } 736 *to = '\0'; 737 return 0; 738 } 739 740 /** 741 * smack_set_mnt_opts - set Smack specific mount options 742 * @sb: the file system superblock 743 * @mnt_opts: Smack mount options 744 * @kern_flags: mount option from kernel space or user space 745 * @set_kern_flags: where to store converted mount opts 746 * 747 * Returns 0 on success, an error code on failure 748 * 749 * Allow filesystems with binary mount data to explicitly set Smack mount 750 * labels. 751 */ 752 static int smack_set_mnt_opts(struct super_block *sb, 753 void *mnt_opts, 754 unsigned long kern_flags, 755 unsigned long *set_kern_flags) 756 { 757 struct dentry *root = sb->s_root; 758 struct inode *inode = d_backing_inode(root); 759 struct superblock_smack *sp = smack_superblock(sb); 760 struct inode_smack *isp; 761 struct smack_known *skp; 762 struct smack_mnt_opts *opts = mnt_opts; 763 bool transmute = false; 764 765 if (sp->smk_flags & SMK_SB_INITIALIZED) 766 return 0; 767 768 if (!smack_privileged(CAP_MAC_ADMIN)) { 769 /* 770 * Unprivileged mounts don't get to specify Smack values. 771 */ 772 if (opts) 773 return -EPERM; 774 /* 775 * Unprivileged mounts get root and default from the caller. 776 */ 777 skp = smk_of_current(); 778 sp->smk_root = skp; 779 sp->smk_default = skp; 780 /* 781 * For a handful of fs types with no user-controlled 782 * backing store it's okay to trust security labels 783 * in the filesystem. The rest are untrusted. 784 */ 785 if (sb->s_user_ns != &init_user_ns && 786 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 787 sb->s_magic != RAMFS_MAGIC) { 788 transmute = true; 789 sp->smk_flags |= SMK_SB_UNTRUSTED; 790 } 791 } 792 793 sp->smk_flags |= SMK_SB_INITIALIZED; 794 795 if (opts) { 796 if (opts->fsdefault) { 797 skp = smk_import_entry(opts->fsdefault, 0); 798 if (IS_ERR(skp)) 799 return PTR_ERR(skp); 800 sp->smk_default = skp; 801 } 802 if (opts->fsfloor) { 803 skp = smk_import_entry(opts->fsfloor, 0); 804 if (IS_ERR(skp)) 805 return PTR_ERR(skp); 806 sp->smk_floor = skp; 807 } 808 if (opts->fshat) { 809 skp = smk_import_entry(opts->fshat, 0); 810 if (IS_ERR(skp)) 811 return PTR_ERR(skp); 812 sp->smk_hat = skp; 813 } 814 if (opts->fsroot) { 815 skp = smk_import_entry(opts->fsroot, 0); 816 if (IS_ERR(skp)) 817 return PTR_ERR(skp); 818 sp->smk_root = skp; 819 } 820 if (opts->fstransmute) { 821 skp = smk_import_entry(opts->fstransmute, 0); 822 if (IS_ERR(skp)) 823 return PTR_ERR(skp); 824 sp->smk_root = skp; 825 transmute = true; 826 } 827 } 828 829 /* 830 * Initialize the root inode. 831 */ 832 init_inode_smack(inode, sp->smk_root); 833 834 if (transmute) { 835 isp = smack_inode(inode); 836 isp->smk_flags |= SMK_INODE_TRANSMUTE; 837 } 838 839 return 0; 840 } 841 842 /** 843 * smack_sb_statfs - Smack check on statfs 844 * @dentry: identifies the file system in question 845 * 846 * Returns 0 if current can read the floor of the filesystem, 847 * and error code otherwise 848 */ 849 static int smack_sb_statfs(struct dentry *dentry) 850 { 851 struct superblock_smack *sbp = smack_superblock(dentry->d_sb); 852 int rc; 853 struct smk_audit_info ad; 854 855 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 856 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 857 858 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 859 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 860 return rc; 861 } 862 863 /* 864 * BPRM hooks 865 */ 866 867 /** 868 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 869 * @bprm: the exec information 870 * 871 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 872 */ 873 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 874 { 875 struct inode *inode = file_inode(bprm->file); 876 struct task_smack *bsp = smack_cred(bprm->cred); 877 struct inode_smack *isp; 878 struct superblock_smack *sbsp; 879 int rc; 880 881 isp = smack_inode(inode); 882 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 883 return 0; 884 885 sbsp = smack_superblock(inode->i_sb); 886 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 887 isp->smk_task != sbsp->smk_root) 888 return 0; 889 890 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 891 struct task_struct *tracer; 892 rc = 0; 893 894 rcu_read_lock(); 895 tracer = ptrace_parent(current); 896 if (likely(tracer != NULL)) 897 rc = smk_ptrace_rule_check(tracer, 898 isp->smk_task, 899 PTRACE_MODE_ATTACH, 900 __func__); 901 rcu_read_unlock(); 902 903 if (rc != 0) 904 return rc; 905 } 906 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 907 return -EPERM; 908 909 bsp->smk_task = isp->smk_task; 910 bprm->per_clear |= PER_CLEAR_ON_SETID; 911 912 /* Decide if this is a secure exec. */ 913 if (bsp->smk_task != bsp->smk_forked) 914 bprm->secureexec = 1; 915 916 return 0; 917 } 918 919 /* 920 * Inode hooks 921 */ 922 923 /** 924 * smack_inode_alloc_security - allocate an inode blob 925 * @inode: the inode in need of a blob 926 * 927 * Returns 0 928 */ 929 static int smack_inode_alloc_security(struct inode *inode) 930 { 931 struct smack_known *skp = smk_of_current(); 932 933 init_inode_smack(inode, skp); 934 return 0; 935 } 936 937 /** 938 * smack_inode_init_security - copy out the smack from an inode 939 * @inode: the newly created inode 940 * @dir: containing directory object 941 * @qstr: unused 942 * @name: where to put the attribute name 943 * @value: where to put the attribute value 944 * @len: where to put the length of the attribute 945 * 946 * Returns 0 if it all works out, -ENOMEM if there's no memory 947 */ 948 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 949 const struct qstr *qstr, const char **name, 950 void **value, size_t *len) 951 { 952 struct inode_smack *issp = smack_inode(inode); 953 struct smack_known *skp = smk_of_current(); 954 struct smack_known *isp = smk_of_inode(inode); 955 struct smack_known *dsp = smk_of_inode(dir); 956 int may; 957 958 if (name) 959 *name = XATTR_SMACK_SUFFIX; 960 961 if (value && len) { 962 rcu_read_lock(); 963 may = smk_access_entry(skp->smk_known, dsp->smk_known, 964 &skp->smk_rules); 965 rcu_read_unlock(); 966 967 /* 968 * If the access rule allows transmutation and 969 * the directory requests transmutation then 970 * by all means transmute. 971 * Mark the inode as changed. 972 */ 973 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 974 smk_inode_transmutable(dir)) { 975 isp = dsp; 976 issp->smk_flags |= SMK_INODE_CHANGED; 977 } 978 979 *value = kstrdup(isp->smk_known, GFP_NOFS); 980 if (*value == NULL) 981 return -ENOMEM; 982 983 *len = strlen(isp->smk_known); 984 } 985 986 return 0; 987 } 988 989 /** 990 * smack_inode_link - Smack check on link 991 * @old_dentry: the existing object 992 * @dir: unused 993 * @new_dentry: the new object 994 * 995 * Returns 0 if access is permitted, an error code otherwise 996 */ 997 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 998 struct dentry *new_dentry) 999 { 1000 struct smack_known *isp; 1001 struct smk_audit_info ad; 1002 int rc; 1003 1004 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1005 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1006 1007 isp = smk_of_inode(d_backing_inode(old_dentry)); 1008 rc = smk_curacc(isp, MAY_WRITE, &ad); 1009 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1010 1011 if (rc == 0 && d_is_positive(new_dentry)) { 1012 isp = smk_of_inode(d_backing_inode(new_dentry)); 1013 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1014 rc = smk_curacc(isp, MAY_WRITE, &ad); 1015 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1016 } 1017 1018 return rc; 1019 } 1020 1021 /** 1022 * smack_inode_unlink - Smack check on inode deletion 1023 * @dir: containing directory object 1024 * @dentry: file to unlink 1025 * 1026 * Returns 0 if current can write the containing directory 1027 * and the object, error code otherwise 1028 */ 1029 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1030 { 1031 struct inode *ip = d_backing_inode(dentry); 1032 struct smk_audit_info ad; 1033 int rc; 1034 1035 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1036 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1037 1038 /* 1039 * You need write access to the thing you're unlinking 1040 */ 1041 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1042 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1043 if (rc == 0) { 1044 /* 1045 * You also need write access to the containing directory 1046 */ 1047 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1048 smk_ad_setfield_u_fs_inode(&ad, dir); 1049 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1050 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1051 } 1052 return rc; 1053 } 1054 1055 /** 1056 * smack_inode_rmdir - Smack check on directory deletion 1057 * @dir: containing directory object 1058 * @dentry: directory to unlink 1059 * 1060 * Returns 0 if current can write the containing directory 1061 * and the directory, error code otherwise 1062 */ 1063 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1064 { 1065 struct smk_audit_info ad; 1066 int rc; 1067 1068 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1069 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1070 1071 /* 1072 * You need write access to the thing you're removing 1073 */ 1074 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1075 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1076 if (rc == 0) { 1077 /* 1078 * You also need write access to the containing directory 1079 */ 1080 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1081 smk_ad_setfield_u_fs_inode(&ad, dir); 1082 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1083 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1084 } 1085 1086 return rc; 1087 } 1088 1089 /** 1090 * smack_inode_rename - Smack check on rename 1091 * @old_inode: unused 1092 * @old_dentry: the old object 1093 * @new_inode: unused 1094 * @new_dentry: the new object 1095 * 1096 * Read and write access is required on both the old and 1097 * new directories. 1098 * 1099 * Returns 0 if access is permitted, an error code otherwise 1100 */ 1101 static int smack_inode_rename(struct inode *old_inode, 1102 struct dentry *old_dentry, 1103 struct inode *new_inode, 1104 struct dentry *new_dentry) 1105 { 1106 int rc; 1107 struct smack_known *isp; 1108 struct smk_audit_info ad; 1109 1110 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1111 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1112 1113 isp = smk_of_inode(d_backing_inode(old_dentry)); 1114 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1115 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1116 1117 if (rc == 0 && d_is_positive(new_dentry)) { 1118 isp = smk_of_inode(d_backing_inode(new_dentry)); 1119 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1120 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1121 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1122 } 1123 return rc; 1124 } 1125 1126 /** 1127 * smack_inode_permission - Smack version of permission() 1128 * @inode: the inode in question 1129 * @mask: the access requested 1130 * 1131 * This is the important Smack hook. 1132 * 1133 * Returns 0 if access is permitted, an error code otherwise 1134 */ 1135 static int smack_inode_permission(struct inode *inode, int mask) 1136 { 1137 struct superblock_smack *sbsp = smack_superblock(inode->i_sb); 1138 struct smk_audit_info ad; 1139 int no_block = mask & MAY_NOT_BLOCK; 1140 int rc; 1141 1142 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1143 /* 1144 * No permission to check. Existence test. Yup, it's there. 1145 */ 1146 if (mask == 0) 1147 return 0; 1148 1149 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1150 if (smk_of_inode(inode) != sbsp->smk_root) 1151 return -EACCES; 1152 } 1153 1154 /* May be droppable after audit */ 1155 if (no_block) 1156 return -ECHILD; 1157 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1158 smk_ad_setfield_u_fs_inode(&ad, inode); 1159 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1160 rc = smk_bu_inode(inode, mask, rc); 1161 return rc; 1162 } 1163 1164 /** 1165 * smack_inode_setattr - Smack check for setting attributes 1166 * @dentry: the object 1167 * @iattr: for the force flag 1168 * 1169 * Returns 0 if access is permitted, an error code otherwise 1170 */ 1171 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1172 { 1173 struct smk_audit_info ad; 1174 int rc; 1175 1176 /* 1177 * Need to allow for clearing the setuid bit. 1178 */ 1179 if (iattr->ia_valid & ATTR_FORCE) 1180 return 0; 1181 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1182 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1183 1184 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1185 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1186 return rc; 1187 } 1188 1189 /** 1190 * smack_inode_getattr - Smack check for getting attributes 1191 * @path: path to extract the info from 1192 * 1193 * Returns 0 if access is permitted, an error code otherwise 1194 */ 1195 static int smack_inode_getattr(const struct path *path) 1196 { 1197 struct smk_audit_info ad; 1198 struct inode *inode = d_backing_inode(path->dentry); 1199 int rc; 1200 1201 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1202 smk_ad_setfield_u_fs_path(&ad, *path); 1203 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1204 rc = smk_bu_inode(inode, MAY_READ, rc); 1205 return rc; 1206 } 1207 1208 /** 1209 * smack_inode_setxattr - Smack check for setting xattrs 1210 * @mnt_userns: active user namespace 1211 * @dentry: the object 1212 * @name: name of the attribute 1213 * @value: value of the attribute 1214 * @size: size of the value 1215 * @flags: unused 1216 * 1217 * This protects the Smack attribute explicitly. 1218 * 1219 * Returns 0 if access is permitted, an error code otherwise 1220 */ 1221 static int smack_inode_setxattr(struct user_namespace *mnt_userns, 1222 struct dentry *dentry, const char *name, 1223 const void *value, size_t size, int flags) 1224 { 1225 struct smk_audit_info ad; 1226 struct smack_known *skp; 1227 int check_priv = 0; 1228 int check_import = 0; 1229 int check_star = 0; 1230 int rc = 0; 1231 1232 /* 1233 * Check label validity here so import won't fail in post_setxattr 1234 */ 1235 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1236 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1237 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1238 check_priv = 1; 1239 check_import = 1; 1240 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1241 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1242 check_priv = 1; 1243 check_import = 1; 1244 check_star = 1; 1245 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1246 check_priv = 1; 1247 if (size != TRANS_TRUE_SIZE || 1248 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1249 rc = -EINVAL; 1250 } else 1251 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1252 1253 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1254 rc = -EPERM; 1255 1256 if (rc == 0 && check_import) { 1257 skp = size ? smk_import_entry(value, size) : NULL; 1258 if (IS_ERR(skp)) 1259 rc = PTR_ERR(skp); 1260 else if (skp == NULL || (check_star && 1261 (skp == &smack_known_star || skp == &smack_known_web))) 1262 rc = -EINVAL; 1263 } 1264 1265 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1266 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1267 1268 if (rc == 0) { 1269 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1270 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1271 } 1272 1273 return rc; 1274 } 1275 1276 /** 1277 * smack_inode_post_setxattr - Apply the Smack update approved above 1278 * @dentry: object 1279 * @name: attribute name 1280 * @value: attribute value 1281 * @size: attribute size 1282 * @flags: unused 1283 * 1284 * Set the pointer in the inode blob to the entry found 1285 * in the master label list. 1286 */ 1287 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1288 const void *value, size_t size, int flags) 1289 { 1290 struct smack_known *skp; 1291 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1292 1293 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1294 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1295 return; 1296 } 1297 1298 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1299 skp = smk_import_entry(value, size); 1300 if (!IS_ERR(skp)) 1301 isp->smk_inode = skp; 1302 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1303 skp = smk_import_entry(value, size); 1304 if (!IS_ERR(skp)) 1305 isp->smk_task = skp; 1306 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1307 skp = smk_import_entry(value, size); 1308 if (!IS_ERR(skp)) 1309 isp->smk_mmap = skp; 1310 } 1311 1312 return; 1313 } 1314 1315 /** 1316 * smack_inode_getxattr - Smack check on getxattr 1317 * @dentry: the object 1318 * @name: unused 1319 * 1320 * Returns 0 if access is permitted, an error code otherwise 1321 */ 1322 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1323 { 1324 struct smk_audit_info ad; 1325 int rc; 1326 1327 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1328 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1329 1330 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1331 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1332 return rc; 1333 } 1334 1335 /** 1336 * smack_inode_removexattr - Smack check on removexattr 1337 * @mnt_userns: active user namespace 1338 * @dentry: the object 1339 * @name: name of the attribute 1340 * 1341 * Removing the Smack attribute requires CAP_MAC_ADMIN 1342 * 1343 * Returns 0 if access is permitted, an error code otherwise 1344 */ 1345 static int smack_inode_removexattr(struct user_namespace *mnt_userns, 1346 struct dentry *dentry, const char *name) 1347 { 1348 struct inode_smack *isp; 1349 struct smk_audit_info ad; 1350 int rc = 0; 1351 1352 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1353 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1354 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1355 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1356 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1357 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1358 if (!smack_privileged(CAP_MAC_ADMIN)) 1359 rc = -EPERM; 1360 } else 1361 rc = cap_inode_removexattr(mnt_userns, dentry, name); 1362 1363 if (rc != 0) 1364 return rc; 1365 1366 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1367 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1368 1369 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1370 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1371 if (rc != 0) 1372 return rc; 1373 1374 isp = smack_inode(d_backing_inode(dentry)); 1375 /* 1376 * Don't do anything special for these. 1377 * XATTR_NAME_SMACKIPIN 1378 * XATTR_NAME_SMACKIPOUT 1379 */ 1380 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1381 struct super_block *sbp = dentry->d_sb; 1382 struct superblock_smack *sbsp = smack_superblock(sbp); 1383 1384 isp->smk_inode = sbsp->smk_default; 1385 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1386 isp->smk_task = NULL; 1387 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1388 isp->smk_mmap = NULL; 1389 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1390 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1391 1392 return 0; 1393 } 1394 1395 /** 1396 * smack_inode_set_acl - Smack check for setting posix acls 1397 * @mnt_userns: the userns attached to the mnt this request came from 1398 * @dentry: the object 1399 * @acl_name: name of the posix acl 1400 * @kacl: the posix acls 1401 * 1402 * Returns 0 if access is permitted, an error code otherwise 1403 */ 1404 static int smack_inode_set_acl(struct user_namespace *mnt_userns, 1405 struct dentry *dentry, const char *acl_name, 1406 struct posix_acl *kacl) 1407 { 1408 struct smk_audit_info ad; 1409 int rc; 1410 1411 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1412 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1413 1414 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1415 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1416 return rc; 1417 } 1418 1419 /** 1420 * smack_inode_get_acl - Smack check for getting posix acls 1421 * @mnt_userns: the userns attached to the mnt this request came from 1422 * @dentry: the object 1423 * @acl_name: name of the posix acl 1424 * 1425 * Returns 0 if access is permitted, an error code otherwise 1426 */ 1427 static int smack_inode_get_acl(struct user_namespace *mnt_userns, 1428 struct dentry *dentry, const char *acl_name) 1429 { 1430 struct smk_audit_info ad; 1431 int rc; 1432 1433 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1434 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1435 1436 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1437 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1438 return rc; 1439 } 1440 1441 /** 1442 * smack_inode_remove_acl - Smack check for getting posix acls 1443 * @mnt_userns: the userns attached to the mnt this request came from 1444 * @dentry: the object 1445 * @acl_name: name of the posix acl 1446 * 1447 * Returns 0 if access is permitted, an error code otherwise 1448 */ 1449 static int smack_inode_remove_acl(struct user_namespace *mnt_userns, 1450 struct dentry *dentry, const char *acl_name) 1451 { 1452 struct smk_audit_info ad; 1453 int rc; 1454 1455 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1456 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1457 1458 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1459 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1460 return rc; 1461 } 1462 1463 /** 1464 * smack_inode_getsecurity - get smack xattrs 1465 * @mnt_userns: active user namespace 1466 * @inode: the object 1467 * @name: attribute name 1468 * @buffer: where to put the result 1469 * @alloc: duplicate memory 1470 * 1471 * Returns the size of the attribute or an error code 1472 */ 1473 static int smack_inode_getsecurity(struct user_namespace *mnt_userns, 1474 struct inode *inode, const char *name, 1475 void **buffer, bool alloc) 1476 { 1477 struct socket_smack *ssp; 1478 struct socket *sock; 1479 struct super_block *sbp; 1480 struct inode *ip = (struct inode *)inode; 1481 struct smack_known *isp; 1482 1483 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1484 isp = smk_of_inode(inode); 1485 else { 1486 /* 1487 * The rest of the Smack xattrs are only on sockets. 1488 */ 1489 sbp = ip->i_sb; 1490 if (sbp->s_magic != SOCKFS_MAGIC) 1491 return -EOPNOTSUPP; 1492 1493 sock = SOCKET_I(ip); 1494 if (sock == NULL || sock->sk == NULL) 1495 return -EOPNOTSUPP; 1496 1497 ssp = sock->sk->sk_security; 1498 1499 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1500 isp = ssp->smk_in; 1501 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1502 isp = ssp->smk_out; 1503 else 1504 return -EOPNOTSUPP; 1505 } 1506 1507 if (alloc) { 1508 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1509 if (*buffer == NULL) 1510 return -ENOMEM; 1511 } 1512 1513 return strlen(isp->smk_known); 1514 } 1515 1516 1517 /** 1518 * smack_inode_listsecurity - list the Smack attributes 1519 * @inode: the object 1520 * @buffer: where they go 1521 * @buffer_size: size of buffer 1522 */ 1523 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1524 size_t buffer_size) 1525 { 1526 int len = sizeof(XATTR_NAME_SMACK); 1527 1528 if (buffer != NULL && len <= buffer_size) 1529 memcpy(buffer, XATTR_NAME_SMACK, len); 1530 1531 return len; 1532 } 1533 1534 /** 1535 * smack_inode_getsecid - Extract inode's security id 1536 * @inode: inode to extract the info from 1537 * @secid: where result will be saved 1538 */ 1539 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1540 { 1541 struct smack_known *skp = smk_of_inode(inode); 1542 1543 *secid = skp->smk_secid; 1544 } 1545 1546 /* 1547 * File Hooks 1548 */ 1549 1550 /* 1551 * There is no smack_file_permission hook 1552 * 1553 * Should access checks be done on each read or write? 1554 * UNICOS and SELinux say yes. 1555 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1556 * 1557 * I'll say no for now. Smack does not do the frequent 1558 * label changing that SELinux does. 1559 */ 1560 1561 /** 1562 * smack_file_alloc_security - assign a file security blob 1563 * @file: the object 1564 * 1565 * The security blob for a file is a pointer to the master 1566 * label list, so no allocation is done. 1567 * 1568 * f_security is the owner security information. It 1569 * isn't used on file access checks, it's for send_sigio. 1570 * 1571 * Returns 0 1572 */ 1573 static int smack_file_alloc_security(struct file *file) 1574 { 1575 struct smack_known **blob = smack_file(file); 1576 1577 *blob = smk_of_current(); 1578 return 0; 1579 } 1580 1581 /** 1582 * smack_file_ioctl - Smack check on ioctls 1583 * @file: the object 1584 * @cmd: what to do 1585 * @arg: unused 1586 * 1587 * Relies heavily on the correct use of the ioctl command conventions. 1588 * 1589 * Returns 0 if allowed, error code otherwise 1590 */ 1591 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1592 unsigned long arg) 1593 { 1594 int rc = 0; 1595 struct smk_audit_info ad; 1596 struct inode *inode = file_inode(file); 1597 1598 if (unlikely(IS_PRIVATE(inode))) 1599 return 0; 1600 1601 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1602 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1603 1604 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1605 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1606 rc = smk_bu_file(file, MAY_WRITE, rc); 1607 } 1608 1609 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1610 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1611 rc = smk_bu_file(file, MAY_READ, rc); 1612 } 1613 1614 return rc; 1615 } 1616 1617 /** 1618 * smack_file_lock - Smack check on file locking 1619 * @file: the object 1620 * @cmd: unused 1621 * 1622 * Returns 0 if current has lock access, error code otherwise 1623 */ 1624 static int smack_file_lock(struct file *file, unsigned int cmd) 1625 { 1626 struct smk_audit_info ad; 1627 int rc; 1628 struct inode *inode = file_inode(file); 1629 1630 if (unlikely(IS_PRIVATE(inode))) 1631 return 0; 1632 1633 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1634 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1635 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1636 rc = smk_bu_file(file, MAY_LOCK, rc); 1637 return rc; 1638 } 1639 1640 /** 1641 * smack_file_fcntl - Smack check on fcntl 1642 * @file: the object 1643 * @cmd: what action to check 1644 * @arg: unused 1645 * 1646 * Generally these operations are harmless. 1647 * File locking operations present an obvious mechanism 1648 * for passing information, so they require write access. 1649 * 1650 * Returns 0 if current has access, error code otherwise 1651 */ 1652 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1653 unsigned long arg) 1654 { 1655 struct smk_audit_info ad; 1656 int rc = 0; 1657 struct inode *inode = file_inode(file); 1658 1659 if (unlikely(IS_PRIVATE(inode))) 1660 return 0; 1661 1662 switch (cmd) { 1663 case F_GETLK: 1664 break; 1665 case F_SETLK: 1666 case F_SETLKW: 1667 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1668 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1669 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1670 rc = smk_bu_file(file, MAY_LOCK, rc); 1671 break; 1672 case F_SETOWN: 1673 case F_SETSIG: 1674 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1675 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1676 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1677 rc = smk_bu_file(file, MAY_WRITE, rc); 1678 break; 1679 default: 1680 break; 1681 } 1682 1683 return rc; 1684 } 1685 1686 /** 1687 * smack_mmap_file - Check permissions for a mmap operation. 1688 * @file: contains the file structure for file to map (may be NULL). 1689 * @reqprot: contains the protection requested by the application. 1690 * @prot: contains the protection that will be applied by the kernel. 1691 * @flags: contains the operational flags. 1692 * 1693 * The @file may be NULL, e.g. if mapping anonymous memory. 1694 * 1695 * Return 0 if permission is granted. 1696 */ 1697 static int smack_mmap_file(struct file *file, 1698 unsigned long reqprot, unsigned long prot, 1699 unsigned long flags) 1700 { 1701 struct smack_known *skp; 1702 struct smack_known *mkp; 1703 struct smack_rule *srp; 1704 struct task_smack *tsp; 1705 struct smack_known *okp; 1706 struct inode_smack *isp; 1707 struct superblock_smack *sbsp; 1708 int may; 1709 int mmay; 1710 int tmay; 1711 int rc; 1712 1713 if (file == NULL) 1714 return 0; 1715 1716 if (unlikely(IS_PRIVATE(file_inode(file)))) 1717 return 0; 1718 1719 isp = smack_inode(file_inode(file)); 1720 if (isp->smk_mmap == NULL) 1721 return 0; 1722 sbsp = smack_superblock(file_inode(file)->i_sb); 1723 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1724 isp->smk_mmap != sbsp->smk_root) 1725 return -EACCES; 1726 mkp = isp->smk_mmap; 1727 1728 tsp = smack_cred(current_cred()); 1729 skp = smk_of_current(); 1730 rc = 0; 1731 1732 rcu_read_lock(); 1733 /* 1734 * For each Smack rule associated with the subject 1735 * label verify that the SMACK64MMAP also has access 1736 * to that rule's object label. 1737 */ 1738 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1739 okp = srp->smk_object; 1740 /* 1741 * Matching labels always allows access. 1742 */ 1743 if (mkp->smk_known == okp->smk_known) 1744 continue; 1745 /* 1746 * If there is a matching local rule take 1747 * that into account as well. 1748 */ 1749 may = smk_access_entry(srp->smk_subject->smk_known, 1750 okp->smk_known, 1751 &tsp->smk_rules); 1752 if (may == -ENOENT) 1753 may = srp->smk_access; 1754 else 1755 may &= srp->smk_access; 1756 /* 1757 * If may is zero the SMACK64MMAP subject can't 1758 * possibly have less access. 1759 */ 1760 if (may == 0) 1761 continue; 1762 1763 /* 1764 * Fetch the global list entry. 1765 * If there isn't one a SMACK64MMAP subject 1766 * can't have as much access as current. 1767 */ 1768 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1769 &mkp->smk_rules); 1770 if (mmay == -ENOENT) { 1771 rc = -EACCES; 1772 break; 1773 } 1774 /* 1775 * If there is a local entry it modifies the 1776 * potential access, too. 1777 */ 1778 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1779 &tsp->smk_rules); 1780 if (tmay != -ENOENT) 1781 mmay &= tmay; 1782 1783 /* 1784 * If there is any access available to current that is 1785 * not available to a SMACK64MMAP subject 1786 * deny access. 1787 */ 1788 if ((may | mmay) != mmay) { 1789 rc = -EACCES; 1790 break; 1791 } 1792 } 1793 1794 rcu_read_unlock(); 1795 1796 return rc; 1797 } 1798 1799 /** 1800 * smack_file_set_fowner - set the file security blob value 1801 * @file: object in question 1802 * 1803 */ 1804 static void smack_file_set_fowner(struct file *file) 1805 { 1806 struct smack_known **blob = smack_file(file); 1807 1808 *blob = smk_of_current(); 1809 } 1810 1811 /** 1812 * smack_file_send_sigiotask - Smack on sigio 1813 * @tsk: The target task 1814 * @fown: the object the signal come from 1815 * @signum: unused 1816 * 1817 * Allow a privileged task to get signals even if it shouldn't 1818 * 1819 * Returns 0 if a subject with the object's smack could 1820 * write to the task, an error code otherwise. 1821 */ 1822 static int smack_file_send_sigiotask(struct task_struct *tsk, 1823 struct fown_struct *fown, int signum) 1824 { 1825 struct smack_known **blob; 1826 struct smack_known *skp; 1827 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1828 const struct cred *tcred; 1829 struct file *file; 1830 int rc; 1831 struct smk_audit_info ad; 1832 1833 /* 1834 * struct fown_struct is never outside the context of a struct file 1835 */ 1836 file = container_of(fown, struct file, f_owner); 1837 1838 /* we don't log here as rc can be overriden */ 1839 blob = smack_file(file); 1840 skp = *blob; 1841 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1842 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1843 1844 rcu_read_lock(); 1845 tcred = __task_cred(tsk); 1846 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1847 rc = 0; 1848 rcu_read_unlock(); 1849 1850 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1851 smk_ad_setfield_u_tsk(&ad, tsk); 1852 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1853 return rc; 1854 } 1855 1856 /** 1857 * smack_file_receive - Smack file receive check 1858 * @file: the object 1859 * 1860 * Returns 0 if current has access, error code otherwise 1861 */ 1862 static int smack_file_receive(struct file *file) 1863 { 1864 int rc; 1865 int may = 0; 1866 struct smk_audit_info ad; 1867 struct inode *inode = file_inode(file); 1868 struct socket *sock; 1869 struct task_smack *tsp; 1870 struct socket_smack *ssp; 1871 1872 if (unlikely(IS_PRIVATE(inode))) 1873 return 0; 1874 1875 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1876 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1877 1878 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1879 sock = SOCKET_I(inode); 1880 ssp = sock->sk->sk_security; 1881 tsp = smack_cred(current_cred()); 1882 /* 1883 * If the receiving process can't write to the 1884 * passed socket or if the passed socket can't 1885 * write to the receiving process don't accept 1886 * the passed socket. 1887 */ 1888 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1889 rc = smk_bu_file(file, may, rc); 1890 if (rc < 0) 1891 return rc; 1892 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1893 rc = smk_bu_file(file, may, rc); 1894 return rc; 1895 } 1896 /* 1897 * This code relies on bitmasks. 1898 */ 1899 if (file->f_mode & FMODE_READ) 1900 may = MAY_READ; 1901 if (file->f_mode & FMODE_WRITE) 1902 may |= MAY_WRITE; 1903 1904 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1905 rc = smk_bu_file(file, may, rc); 1906 return rc; 1907 } 1908 1909 /** 1910 * smack_file_open - Smack dentry open processing 1911 * @file: the object 1912 * 1913 * Set the security blob in the file structure. 1914 * Allow the open only if the task has read access. There are 1915 * many read operations (e.g. fstat) that you can do with an 1916 * fd even if you have the file open write-only. 1917 * 1918 * Returns 0 if current has access, error code otherwise 1919 */ 1920 static int smack_file_open(struct file *file) 1921 { 1922 struct task_smack *tsp = smack_cred(file->f_cred); 1923 struct inode *inode = file_inode(file); 1924 struct smk_audit_info ad; 1925 int rc; 1926 1927 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1928 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1929 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1930 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1931 1932 return rc; 1933 } 1934 1935 /* 1936 * Task hooks 1937 */ 1938 1939 /** 1940 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1941 * @cred: the new credentials 1942 * @gfp: the atomicity of any memory allocations 1943 * 1944 * Prepare a blank set of credentials for modification. This must allocate all 1945 * the memory the LSM module might require such that cred_transfer() can 1946 * complete without error. 1947 */ 1948 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1949 { 1950 init_task_smack(smack_cred(cred), NULL, NULL); 1951 return 0; 1952 } 1953 1954 1955 /** 1956 * smack_cred_free - "free" task-level security credentials 1957 * @cred: the credentials in question 1958 * 1959 */ 1960 static void smack_cred_free(struct cred *cred) 1961 { 1962 struct task_smack *tsp = smack_cred(cred); 1963 struct smack_rule *rp; 1964 struct list_head *l; 1965 struct list_head *n; 1966 1967 smk_destroy_label_list(&tsp->smk_relabel); 1968 1969 list_for_each_safe(l, n, &tsp->smk_rules) { 1970 rp = list_entry(l, struct smack_rule, list); 1971 list_del(&rp->list); 1972 kmem_cache_free(smack_rule_cache, rp); 1973 } 1974 } 1975 1976 /** 1977 * smack_cred_prepare - prepare new set of credentials for modification 1978 * @new: the new credentials 1979 * @old: the original credentials 1980 * @gfp: the atomicity of any memory allocations 1981 * 1982 * Prepare a new set of credentials for modification. 1983 */ 1984 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1985 gfp_t gfp) 1986 { 1987 struct task_smack *old_tsp = smack_cred(old); 1988 struct task_smack *new_tsp = smack_cred(new); 1989 int rc; 1990 1991 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1992 1993 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1994 if (rc != 0) 1995 return rc; 1996 1997 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1998 gfp); 1999 return rc; 2000 } 2001 2002 /** 2003 * smack_cred_transfer - Transfer the old credentials to the new credentials 2004 * @new: the new credentials 2005 * @old: the original credentials 2006 * 2007 * Fill in a set of blank credentials from another set of credentials. 2008 */ 2009 static void smack_cred_transfer(struct cred *new, const struct cred *old) 2010 { 2011 struct task_smack *old_tsp = smack_cred(old); 2012 struct task_smack *new_tsp = smack_cred(new); 2013 2014 new_tsp->smk_task = old_tsp->smk_task; 2015 new_tsp->smk_forked = old_tsp->smk_task; 2016 mutex_init(&new_tsp->smk_rules_lock); 2017 INIT_LIST_HEAD(&new_tsp->smk_rules); 2018 2019 /* cbs copy rule list */ 2020 } 2021 2022 /** 2023 * smack_cred_getsecid - get the secid corresponding to a creds structure 2024 * @cred: the object creds 2025 * @secid: where to put the result 2026 * 2027 * Sets the secid to contain a u32 version of the smack label. 2028 */ 2029 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 2030 { 2031 struct smack_known *skp; 2032 2033 rcu_read_lock(); 2034 skp = smk_of_task(smack_cred(cred)); 2035 *secid = skp->smk_secid; 2036 rcu_read_unlock(); 2037 } 2038 2039 /** 2040 * smack_kernel_act_as - Set the subjective context in a set of credentials 2041 * @new: points to the set of credentials to be modified. 2042 * @secid: specifies the security ID to be set 2043 * 2044 * Set the security data for a kernel service. 2045 */ 2046 static int smack_kernel_act_as(struct cred *new, u32 secid) 2047 { 2048 struct task_smack *new_tsp = smack_cred(new); 2049 2050 new_tsp->smk_task = smack_from_secid(secid); 2051 return 0; 2052 } 2053 2054 /** 2055 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2056 * @new: points to the set of credentials to be modified 2057 * @inode: points to the inode to use as a reference 2058 * 2059 * Set the file creation context in a set of credentials to the same 2060 * as the objective context of the specified inode 2061 */ 2062 static int smack_kernel_create_files_as(struct cred *new, 2063 struct inode *inode) 2064 { 2065 struct inode_smack *isp = smack_inode(inode); 2066 struct task_smack *tsp = smack_cred(new); 2067 2068 tsp->smk_forked = isp->smk_inode; 2069 tsp->smk_task = tsp->smk_forked; 2070 return 0; 2071 } 2072 2073 /** 2074 * smk_curacc_on_task - helper to log task related access 2075 * @p: the task object 2076 * @access: the access requested 2077 * @caller: name of the calling function for audit 2078 * 2079 * Return 0 if access is permitted 2080 */ 2081 static int smk_curacc_on_task(struct task_struct *p, int access, 2082 const char *caller) 2083 { 2084 struct smk_audit_info ad; 2085 struct smack_known *skp = smk_of_task_struct_obj(p); 2086 int rc; 2087 2088 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2089 smk_ad_setfield_u_tsk(&ad, p); 2090 rc = smk_curacc(skp, access, &ad); 2091 rc = smk_bu_task(p, access, rc); 2092 return rc; 2093 } 2094 2095 /** 2096 * smack_task_setpgid - Smack check on setting pgid 2097 * @p: the task object 2098 * @pgid: unused 2099 * 2100 * Return 0 if write access is permitted 2101 */ 2102 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2103 { 2104 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2105 } 2106 2107 /** 2108 * smack_task_getpgid - Smack access check for getpgid 2109 * @p: the object task 2110 * 2111 * Returns 0 if current can read the object task, error code otherwise 2112 */ 2113 static int smack_task_getpgid(struct task_struct *p) 2114 { 2115 return smk_curacc_on_task(p, MAY_READ, __func__); 2116 } 2117 2118 /** 2119 * smack_task_getsid - Smack access check for getsid 2120 * @p: the object task 2121 * 2122 * Returns 0 if current can read the object task, error code otherwise 2123 */ 2124 static int smack_task_getsid(struct task_struct *p) 2125 { 2126 return smk_curacc_on_task(p, MAY_READ, __func__); 2127 } 2128 2129 /** 2130 * smack_current_getsecid_subj - get the subjective secid of the current task 2131 * @secid: where to put the result 2132 * 2133 * Sets the secid to contain a u32 version of the task's subjective smack label. 2134 */ 2135 static void smack_current_getsecid_subj(u32 *secid) 2136 { 2137 struct smack_known *skp = smk_of_current(); 2138 2139 *secid = skp->smk_secid; 2140 } 2141 2142 /** 2143 * smack_task_getsecid_obj - get the objective secid of the task 2144 * @p: the task 2145 * @secid: where to put the result 2146 * 2147 * Sets the secid to contain a u32 version of the task's objective smack label. 2148 */ 2149 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2150 { 2151 struct smack_known *skp = smk_of_task_struct_obj(p); 2152 2153 *secid = skp->smk_secid; 2154 } 2155 2156 /** 2157 * smack_task_setnice - Smack check on setting nice 2158 * @p: the task object 2159 * @nice: unused 2160 * 2161 * Return 0 if write access is permitted 2162 */ 2163 static int smack_task_setnice(struct task_struct *p, int nice) 2164 { 2165 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2166 } 2167 2168 /** 2169 * smack_task_setioprio - Smack check on setting ioprio 2170 * @p: the task object 2171 * @ioprio: unused 2172 * 2173 * Return 0 if write access is permitted 2174 */ 2175 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2176 { 2177 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2178 } 2179 2180 /** 2181 * smack_task_getioprio - Smack check on reading ioprio 2182 * @p: the task object 2183 * 2184 * Return 0 if read access is permitted 2185 */ 2186 static int smack_task_getioprio(struct task_struct *p) 2187 { 2188 return smk_curacc_on_task(p, MAY_READ, __func__); 2189 } 2190 2191 /** 2192 * smack_task_setscheduler - Smack check on setting scheduler 2193 * @p: the task object 2194 * 2195 * Return 0 if read access is permitted 2196 */ 2197 static int smack_task_setscheduler(struct task_struct *p) 2198 { 2199 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2200 } 2201 2202 /** 2203 * smack_task_getscheduler - Smack check on reading scheduler 2204 * @p: the task object 2205 * 2206 * Return 0 if read access is permitted 2207 */ 2208 static int smack_task_getscheduler(struct task_struct *p) 2209 { 2210 return smk_curacc_on_task(p, MAY_READ, __func__); 2211 } 2212 2213 /** 2214 * smack_task_movememory - Smack check on moving memory 2215 * @p: the task object 2216 * 2217 * Return 0 if write access is permitted 2218 */ 2219 static int smack_task_movememory(struct task_struct *p) 2220 { 2221 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2222 } 2223 2224 /** 2225 * smack_task_kill - Smack check on signal delivery 2226 * @p: the task object 2227 * @info: unused 2228 * @sig: unused 2229 * @cred: identifies the cred to use in lieu of current's 2230 * 2231 * Return 0 if write access is permitted 2232 * 2233 */ 2234 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2235 int sig, const struct cred *cred) 2236 { 2237 struct smk_audit_info ad; 2238 struct smack_known *skp; 2239 struct smack_known *tkp = smk_of_task_struct_obj(p); 2240 int rc; 2241 2242 if (!sig) 2243 return 0; /* null signal; existence test */ 2244 2245 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2246 smk_ad_setfield_u_tsk(&ad, p); 2247 /* 2248 * Sending a signal requires that the sender 2249 * can write the receiver. 2250 */ 2251 if (cred == NULL) { 2252 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2253 rc = smk_bu_task(p, MAY_DELIVER, rc); 2254 return rc; 2255 } 2256 /* 2257 * If the cred isn't NULL we're dealing with some USB IO 2258 * specific behavior. This is not clean. For one thing 2259 * we can't take privilege into account. 2260 */ 2261 skp = smk_of_task(smack_cred(cred)); 2262 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2263 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2264 return rc; 2265 } 2266 2267 /** 2268 * smack_task_to_inode - copy task smack into the inode blob 2269 * @p: task to copy from 2270 * @inode: inode to copy to 2271 * 2272 * Sets the smack pointer in the inode security blob 2273 */ 2274 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2275 { 2276 struct inode_smack *isp = smack_inode(inode); 2277 struct smack_known *skp = smk_of_task_struct_obj(p); 2278 2279 isp->smk_inode = skp; 2280 isp->smk_flags |= SMK_INODE_INSTANT; 2281 } 2282 2283 /* 2284 * Socket hooks. 2285 */ 2286 2287 /** 2288 * smack_sk_alloc_security - Allocate a socket blob 2289 * @sk: the socket 2290 * @family: unused 2291 * @gfp_flags: memory allocation flags 2292 * 2293 * Assign Smack pointers to current 2294 * 2295 * Returns 0 on success, -ENOMEM is there's no memory 2296 */ 2297 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2298 { 2299 struct smack_known *skp = smk_of_current(); 2300 struct socket_smack *ssp; 2301 2302 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2303 if (ssp == NULL) 2304 return -ENOMEM; 2305 2306 /* 2307 * Sockets created by kernel threads receive web label. 2308 */ 2309 if (unlikely(current->flags & PF_KTHREAD)) { 2310 ssp->smk_in = &smack_known_web; 2311 ssp->smk_out = &smack_known_web; 2312 } else { 2313 ssp->smk_in = skp; 2314 ssp->smk_out = skp; 2315 } 2316 ssp->smk_packet = NULL; 2317 2318 sk->sk_security = ssp; 2319 2320 return 0; 2321 } 2322 2323 /** 2324 * smack_sk_free_security - Free a socket blob 2325 * @sk: the socket 2326 * 2327 * Clears the blob pointer 2328 */ 2329 static void smack_sk_free_security(struct sock *sk) 2330 { 2331 #ifdef SMACK_IPV6_PORT_LABELING 2332 struct smk_port_label *spp; 2333 2334 if (sk->sk_family == PF_INET6) { 2335 rcu_read_lock(); 2336 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2337 if (spp->smk_sock != sk) 2338 continue; 2339 spp->smk_can_reuse = 1; 2340 break; 2341 } 2342 rcu_read_unlock(); 2343 } 2344 #endif 2345 kfree(sk->sk_security); 2346 } 2347 2348 /** 2349 * smack_sk_clone_security - Copy security context 2350 * @sk: the old socket 2351 * @newsk: the new socket 2352 * 2353 * Copy the security context of the old socket pointer to the cloned 2354 */ 2355 static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk) 2356 { 2357 struct socket_smack *ssp_old = sk->sk_security; 2358 struct socket_smack *ssp_new = newsk->sk_security; 2359 2360 *ssp_new = *ssp_old; 2361 } 2362 2363 /** 2364 * smack_ipv4host_label - check host based restrictions 2365 * @sip: the object end 2366 * 2367 * looks for host based access restrictions 2368 * 2369 * This version will only be appropriate for really small sets of single label 2370 * hosts. The caller is responsible for ensuring that the RCU read lock is 2371 * taken before calling this function. 2372 * 2373 * Returns the label of the far end or NULL if it's not special. 2374 */ 2375 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2376 { 2377 struct smk_net4addr *snp; 2378 struct in_addr *siap = &sip->sin_addr; 2379 2380 if (siap->s_addr == 0) 2381 return NULL; 2382 2383 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2384 /* 2385 * we break after finding the first match because 2386 * the list is sorted from longest to shortest mask 2387 * so we have found the most specific match 2388 */ 2389 if (snp->smk_host.s_addr == 2390 (siap->s_addr & snp->smk_mask.s_addr)) 2391 return snp->smk_label; 2392 2393 return NULL; 2394 } 2395 2396 /* 2397 * smk_ipv6_localhost - Check for local ipv6 host address 2398 * @sip: the address 2399 * 2400 * Returns boolean true if this is the localhost address 2401 */ 2402 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2403 { 2404 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2405 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2406 2407 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2408 ntohs(be16p[7]) == 1) 2409 return true; 2410 return false; 2411 } 2412 2413 /** 2414 * smack_ipv6host_label - check host based restrictions 2415 * @sip: the object end 2416 * 2417 * looks for host based access restrictions 2418 * 2419 * This version will only be appropriate for really small sets of single label 2420 * hosts. The caller is responsible for ensuring that the RCU read lock is 2421 * taken before calling this function. 2422 * 2423 * Returns the label of the far end or NULL if it's not special. 2424 */ 2425 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2426 { 2427 struct smk_net6addr *snp; 2428 struct in6_addr *sap = &sip->sin6_addr; 2429 int i; 2430 int found = 0; 2431 2432 /* 2433 * It's local. Don't look for a host label. 2434 */ 2435 if (smk_ipv6_localhost(sip)) 2436 return NULL; 2437 2438 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2439 /* 2440 * If the label is NULL the entry has 2441 * been renounced. Ignore it. 2442 */ 2443 if (snp->smk_label == NULL) 2444 continue; 2445 /* 2446 * we break after finding the first match because 2447 * the list is sorted from longest to shortest mask 2448 * so we have found the most specific match 2449 */ 2450 for (found = 1, i = 0; i < 8; i++) { 2451 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2452 snp->smk_host.s6_addr16[i]) { 2453 found = 0; 2454 break; 2455 } 2456 } 2457 if (found) 2458 return snp->smk_label; 2459 } 2460 2461 return NULL; 2462 } 2463 2464 /** 2465 * smack_netlbl_add - Set the secattr on a socket 2466 * @sk: the socket 2467 * 2468 * Attach the outbound smack value (smk_out) to the socket. 2469 * 2470 * Returns 0 on success or an error code 2471 */ 2472 static int smack_netlbl_add(struct sock *sk) 2473 { 2474 struct socket_smack *ssp = sk->sk_security; 2475 struct smack_known *skp = ssp->smk_out; 2476 int rc; 2477 2478 local_bh_disable(); 2479 bh_lock_sock_nested(sk); 2480 2481 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2482 switch (rc) { 2483 case 0: 2484 ssp->smk_state = SMK_NETLBL_LABELED; 2485 break; 2486 case -EDESTADDRREQ: 2487 ssp->smk_state = SMK_NETLBL_REQSKB; 2488 rc = 0; 2489 break; 2490 } 2491 2492 bh_unlock_sock(sk); 2493 local_bh_enable(); 2494 2495 return rc; 2496 } 2497 2498 /** 2499 * smack_netlbl_delete - Remove the secattr from a socket 2500 * @sk: the socket 2501 * 2502 * Remove the outbound smack value from a socket 2503 */ 2504 static void smack_netlbl_delete(struct sock *sk) 2505 { 2506 struct socket_smack *ssp = sk->sk_security; 2507 2508 /* 2509 * Take the label off the socket if one is set. 2510 */ 2511 if (ssp->smk_state != SMK_NETLBL_LABELED) 2512 return; 2513 2514 local_bh_disable(); 2515 bh_lock_sock_nested(sk); 2516 netlbl_sock_delattr(sk); 2517 bh_unlock_sock(sk); 2518 local_bh_enable(); 2519 ssp->smk_state = SMK_NETLBL_UNLABELED; 2520 } 2521 2522 /** 2523 * smk_ipv4_check - Perform IPv4 host access checks 2524 * @sk: the socket 2525 * @sap: the destination address 2526 * 2527 * Set the correct secattr for the given socket based on the destination 2528 * address and perform any outbound access checks needed. 2529 * 2530 * Returns 0 on success or an error code. 2531 * 2532 */ 2533 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2534 { 2535 struct smack_known *skp; 2536 int rc = 0; 2537 struct smack_known *hkp; 2538 struct socket_smack *ssp = sk->sk_security; 2539 struct smk_audit_info ad; 2540 2541 rcu_read_lock(); 2542 hkp = smack_ipv4host_label(sap); 2543 if (hkp != NULL) { 2544 #ifdef CONFIG_AUDIT 2545 struct lsm_network_audit net; 2546 2547 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2548 ad.a.u.net->family = sap->sin_family; 2549 ad.a.u.net->dport = sap->sin_port; 2550 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2551 #endif 2552 skp = ssp->smk_out; 2553 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2554 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2555 /* 2556 * Clear the socket netlabel if it's set. 2557 */ 2558 if (!rc) 2559 smack_netlbl_delete(sk); 2560 } 2561 rcu_read_unlock(); 2562 2563 return rc; 2564 } 2565 2566 /** 2567 * smk_ipv6_check - check Smack access 2568 * @subject: subject Smack label 2569 * @object: object Smack label 2570 * @address: address 2571 * @act: the action being taken 2572 * 2573 * Check an IPv6 access 2574 */ 2575 static int smk_ipv6_check(struct smack_known *subject, 2576 struct smack_known *object, 2577 struct sockaddr_in6 *address, int act) 2578 { 2579 #ifdef CONFIG_AUDIT 2580 struct lsm_network_audit net; 2581 #endif 2582 struct smk_audit_info ad; 2583 int rc; 2584 2585 #ifdef CONFIG_AUDIT 2586 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2587 ad.a.u.net->family = PF_INET6; 2588 ad.a.u.net->dport = address->sin6_port; 2589 if (act == SMK_RECEIVING) 2590 ad.a.u.net->v6info.saddr = address->sin6_addr; 2591 else 2592 ad.a.u.net->v6info.daddr = address->sin6_addr; 2593 #endif 2594 rc = smk_access(subject, object, MAY_WRITE, &ad); 2595 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2596 return rc; 2597 } 2598 2599 #ifdef SMACK_IPV6_PORT_LABELING 2600 /** 2601 * smk_ipv6_port_label - Smack port access table management 2602 * @sock: socket 2603 * @address: address 2604 * 2605 * Create or update the port list entry 2606 */ 2607 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2608 { 2609 struct sock *sk = sock->sk; 2610 struct sockaddr_in6 *addr6; 2611 struct socket_smack *ssp = sock->sk->sk_security; 2612 struct smk_port_label *spp; 2613 unsigned short port = 0; 2614 2615 if (address == NULL) { 2616 /* 2617 * This operation is changing the Smack information 2618 * on the bound socket. Take the changes to the port 2619 * as well. 2620 */ 2621 rcu_read_lock(); 2622 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2623 if (sk != spp->smk_sock) 2624 continue; 2625 spp->smk_in = ssp->smk_in; 2626 spp->smk_out = ssp->smk_out; 2627 rcu_read_unlock(); 2628 return; 2629 } 2630 /* 2631 * A NULL address is only used for updating existing 2632 * bound entries. If there isn't one, it's OK. 2633 */ 2634 rcu_read_unlock(); 2635 return; 2636 } 2637 2638 addr6 = (struct sockaddr_in6 *)address; 2639 port = ntohs(addr6->sin6_port); 2640 /* 2641 * This is a special case that is safely ignored. 2642 */ 2643 if (port == 0) 2644 return; 2645 2646 /* 2647 * Look for an existing port list entry. 2648 * This is an indication that a port is getting reused. 2649 */ 2650 rcu_read_lock(); 2651 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2652 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2653 continue; 2654 if (spp->smk_can_reuse != 1) { 2655 rcu_read_unlock(); 2656 return; 2657 } 2658 spp->smk_port = port; 2659 spp->smk_sock = sk; 2660 spp->smk_in = ssp->smk_in; 2661 spp->smk_out = ssp->smk_out; 2662 spp->smk_can_reuse = 0; 2663 rcu_read_unlock(); 2664 return; 2665 } 2666 rcu_read_unlock(); 2667 /* 2668 * A new port entry is required. 2669 */ 2670 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2671 if (spp == NULL) 2672 return; 2673 2674 spp->smk_port = port; 2675 spp->smk_sock = sk; 2676 spp->smk_in = ssp->smk_in; 2677 spp->smk_out = ssp->smk_out; 2678 spp->smk_sock_type = sock->type; 2679 spp->smk_can_reuse = 0; 2680 2681 mutex_lock(&smack_ipv6_lock); 2682 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2683 mutex_unlock(&smack_ipv6_lock); 2684 return; 2685 } 2686 2687 /** 2688 * smk_ipv6_port_check - check Smack port access 2689 * @sk: socket 2690 * @address: address 2691 * @act: the action being taken 2692 * 2693 * Create or update the port list entry 2694 */ 2695 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2696 int act) 2697 { 2698 struct smk_port_label *spp; 2699 struct socket_smack *ssp = sk->sk_security; 2700 struct smack_known *skp = NULL; 2701 unsigned short port; 2702 struct smack_known *object; 2703 2704 if (act == SMK_RECEIVING) { 2705 skp = smack_ipv6host_label(address); 2706 object = ssp->smk_in; 2707 } else { 2708 skp = ssp->smk_out; 2709 object = smack_ipv6host_label(address); 2710 } 2711 2712 /* 2713 * The other end is a single label host. 2714 */ 2715 if (skp != NULL && object != NULL) 2716 return smk_ipv6_check(skp, object, address, act); 2717 if (skp == NULL) 2718 skp = smack_net_ambient; 2719 if (object == NULL) 2720 object = smack_net_ambient; 2721 2722 /* 2723 * It's remote, so port lookup does no good. 2724 */ 2725 if (!smk_ipv6_localhost(address)) 2726 return smk_ipv6_check(skp, object, address, act); 2727 2728 /* 2729 * It's local so the send check has to have passed. 2730 */ 2731 if (act == SMK_RECEIVING) 2732 return 0; 2733 2734 port = ntohs(address->sin6_port); 2735 rcu_read_lock(); 2736 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2737 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2738 continue; 2739 object = spp->smk_in; 2740 if (act == SMK_CONNECTING) 2741 ssp->smk_packet = spp->smk_out; 2742 break; 2743 } 2744 rcu_read_unlock(); 2745 2746 return smk_ipv6_check(skp, object, address, act); 2747 } 2748 #endif 2749 2750 /** 2751 * smack_inode_setsecurity - set smack xattrs 2752 * @inode: the object 2753 * @name: attribute name 2754 * @value: attribute value 2755 * @size: size of the attribute 2756 * @flags: unused 2757 * 2758 * Sets the named attribute in the appropriate blob 2759 * 2760 * Returns 0 on success, or an error code 2761 */ 2762 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2763 const void *value, size_t size, int flags) 2764 { 2765 struct smack_known *skp; 2766 struct inode_smack *nsp = smack_inode(inode); 2767 struct socket_smack *ssp; 2768 struct socket *sock; 2769 int rc = 0; 2770 2771 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2772 return -EINVAL; 2773 2774 skp = smk_import_entry(value, size); 2775 if (IS_ERR(skp)) 2776 return PTR_ERR(skp); 2777 2778 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2779 nsp->smk_inode = skp; 2780 nsp->smk_flags |= SMK_INODE_INSTANT; 2781 return 0; 2782 } 2783 /* 2784 * The rest of the Smack xattrs are only on sockets. 2785 */ 2786 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2787 return -EOPNOTSUPP; 2788 2789 sock = SOCKET_I(inode); 2790 if (sock == NULL || sock->sk == NULL) 2791 return -EOPNOTSUPP; 2792 2793 ssp = sock->sk->sk_security; 2794 2795 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2796 ssp->smk_in = skp; 2797 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2798 ssp->smk_out = skp; 2799 if (sock->sk->sk_family == PF_INET) { 2800 rc = smack_netlbl_add(sock->sk); 2801 if (rc != 0) 2802 printk(KERN_WARNING 2803 "Smack: \"%s\" netlbl error %d.\n", 2804 __func__, -rc); 2805 } 2806 } else 2807 return -EOPNOTSUPP; 2808 2809 #ifdef SMACK_IPV6_PORT_LABELING 2810 if (sock->sk->sk_family == PF_INET6) 2811 smk_ipv6_port_label(sock, NULL); 2812 #endif 2813 2814 return 0; 2815 } 2816 2817 /** 2818 * smack_socket_post_create - finish socket setup 2819 * @sock: the socket 2820 * @family: protocol family 2821 * @type: unused 2822 * @protocol: unused 2823 * @kern: unused 2824 * 2825 * Sets the netlabel information on the socket 2826 * 2827 * Returns 0 on success, and error code otherwise 2828 */ 2829 static int smack_socket_post_create(struct socket *sock, int family, 2830 int type, int protocol, int kern) 2831 { 2832 struct socket_smack *ssp; 2833 2834 if (sock->sk == NULL) 2835 return 0; 2836 2837 /* 2838 * Sockets created by kernel threads receive web label. 2839 */ 2840 if (unlikely(current->flags & PF_KTHREAD)) { 2841 ssp = sock->sk->sk_security; 2842 ssp->smk_in = &smack_known_web; 2843 ssp->smk_out = &smack_known_web; 2844 } 2845 2846 if (family != PF_INET) 2847 return 0; 2848 /* 2849 * Set the outbound netlbl. 2850 */ 2851 return smack_netlbl_add(sock->sk); 2852 } 2853 2854 /** 2855 * smack_socket_socketpair - create socket pair 2856 * @socka: one socket 2857 * @sockb: another socket 2858 * 2859 * Cross reference the peer labels for SO_PEERSEC 2860 * 2861 * Returns 0 2862 */ 2863 static int smack_socket_socketpair(struct socket *socka, 2864 struct socket *sockb) 2865 { 2866 struct socket_smack *asp = socka->sk->sk_security; 2867 struct socket_smack *bsp = sockb->sk->sk_security; 2868 2869 asp->smk_packet = bsp->smk_out; 2870 bsp->smk_packet = asp->smk_out; 2871 2872 return 0; 2873 } 2874 2875 #ifdef SMACK_IPV6_PORT_LABELING 2876 /** 2877 * smack_socket_bind - record port binding information. 2878 * @sock: the socket 2879 * @address: the port address 2880 * @addrlen: size of the address 2881 * 2882 * Records the label bound to a port. 2883 * 2884 * Returns 0 on success, and error code otherwise 2885 */ 2886 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2887 int addrlen) 2888 { 2889 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2890 if (addrlen < SIN6_LEN_RFC2133 || 2891 address->sa_family != AF_INET6) 2892 return -EINVAL; 2893 smk_ipv6_port_label(sock, address); 2894 } 2895 return 0; 2896 } 2897 #endif /* SMACK_IPV6_PORT_LABELING */ 2898 2899 /** 2900 * smack_socket_connect - connect access check 2901 * @sock: the socket 2902 * @sap: the other end 2903 * @addrlen: size of sap 2904 * 2905 * Verifies that a connection may be possible 2906 * 2907 * Returns 0 on success, and error code otherwise 2908 */ 2909 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2910 int addrlen) 2911 { 2912 int rc = 0; 2913 2914 if (sock->sk == NULL) 2915 return 0; 2916 if (sock->sk->sk_family != PF_INET && 2917 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2918 return 0; 2919 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2920 return 0; 2921 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2922 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2923 struct smack_known *rsp = NULL; 2924 2925 if (addrlen < SIN6_LEN_RFC2133) 2926 return 0; 2927 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2928 rsp = smack_ipv6host_label(sip); 2929 if (rsp != NULL) { 2930 struct socket_smack *ssp = sock->sk->sk_security; 2931 2932 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2933 SMK_CONNECTING); 2934 } 2935 #ifdef SMACK_IPV6_PORT_LABELING 2936 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2937 #endif 2938 2939 return rc; 2940 } 2941 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2942 return 0; 2943 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 2944 return rc; 2945 } 2946 2947 /** 2948 * smack_flags_to_may - convert S_ to MAY_ values 2949 * @flags: the S_ value 2950 * 2951 * Returns the equivalent MAY_ value 2952 */ 2953 static int smack_flags_to_may(int flags) 2954 { 2955 int may = 0; 2956 2957 if (flags & S_IRUGO) 2958 may |= MAY_READ; 2959 if (flags & S_IWUGO) 2960 may |= MAY_WRITE; 2961 if (flags & S_IXUGO) 2962 may |= MAY_EXEC; 2963 2964 return may; 2965 } 2966 2967 /** 2968 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2969 * @msg: the object 2970 * 2971 * Returns 0 2972 */ 2973 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2974 { 2975 struct smack_known **blob = smack_msg_msg(msg); 2976 2977 *blob = smk_of_current(); 2978 return 0; 2979 } 2980 2981 /** 2982 * smack_of_ipc - the smack pointer for the ipc 2983 * @isp: the object 2984 * 2985 * Returns a pointer to the smack value 2986 */ 2987 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2988 { 2989 struct smack_known **blob = smack_ipc(isp); 2990 2991 return *blob; 2992 } 2993 2994 /** 2995 * smack_ipc_alloc_security - Set the security blob for ipc 2996 * @isp: the object 2997 * 2998 * Returns 0 2999 */ 3000 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 3001 { 3002 struct smack_known **blob = smack_ipc(isp); 3003 3004 *blob = smk_of_current(); 3005 return 0; 3006 } 3007 3008 /** 3009 * smk_curacc_shm : check if current has access on shm 3010 * @isp : the object 3011 * @access : access requested 3012 * 3013 * Returns 0 if current has the requested access, error code otherwise 3014 */ 3015 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 3016 { 3017 struct smack_known *ssp = smack_of_ipc(isp); 3018 struct smk_audit_info ad; 3019 int rc; 3020 3021 #ifdef CONFIG_AUDIT 3022 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3023 ad.a.u.ipc_id = isp->id; 3024 #endif 3025 rc = smk_curacc(ssp, access, &ad); 3026 rc = smk_bu_current("shm", ssp, access, rc); 3027 return rc; 3028 } 3029 3030 /** 3031 * smack_shm_associate - Smack access check for shm 3032 * @isp: the object 3033 * @shmflg: access requested 3034 * 3035 * Returns 0 if current has the requested access, error code otherwise 3036 */ 3037 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 3038 { 3039 int may; 3040 3041 may = smack_flags_to_may(shmflg); 3042 return smk_curacc_shm(isp, may); 3043 } 3044 3045 /** 3046 * smack_shm_shmctl - Smack access check for shm 3047 * @isp: the object 3048 * @cmd: what it wants to do 3049 * 3050 * Returns 0 if current has the requested access, error code otherwise 3051 */ 3052 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 3053 { 3054 int may; 3055 3056 switch (cmd) { 3057 case IPC_STAT: 3058 case SHM_STAT: 3059 case SHM_STAT_ANY: 3060 may = MAY_READ; 3061 break; 3062 case IPC_SET: 3063 case SHM_LOCK: 3064 case SHM_UNLOCK: 3065 case IPC_RMID: 3066 may = MAY_READWRITE; 3067 break; 3068 case IPC_INFO: 3069 case SHM_INFO: 3070 /* 3071 * System level information. 3072 */ 3073 return 0; 3074 default: 3075 return -EINVAL; 3076 } 3077 return smk_curacc_shm(isp, may); 3078 } 3079 3080 /** 3081 * smack_shm_shmat - Smack access for shmat 3082 * @isp: the object 3083 * @shmaddr: unused 3084 * @shmflg: access requested 3085 * 3086 * Returns 0 if current has the requested access, error code otherwise 3087 */ 3088 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3089 int shmflg) 3090 { 3091 int may; 3092 3093 may = smack_flags_to_may(shmflg); 3094 return smk_curacc_shm(isp, may); 3095 } 3096 3097 /** 3098 * smk_curacc_sem : check if current has access on sem 3099 * @isp : the object 3100 * @access : access requested 3101 * 3102 * Returns 0 if current has the requested access, error code otherwise 3103 */ 3104 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3105 { 3106 struct smack_known *ssp = smack_of_ipc(isp); 3107 struct smk_audit_info ad; 3108 int rc; 3109 3110 #ifdef CONFIG_AUDIT 3111 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3112 ad.a.u.ipc_id = isp->id; 3113 #endif 3114 rc = smk_curacc(ssp, access, &ad); 3115 rc = smk_bu_current("sem", ssp, access, rc); 3116 return rc; 3117 } 3118 3119 /** 3120 * smack_sem_associate - Smack access check for sem 3121 * @isp: the object 3122 * @semflg: access requested 3123 * 3124 * Returns 0 if current has the requested access, error code otherwise 3125 */ 3126 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3127 { 3128 int may; 3129 3130 may = smack_flags_to_may(semflg); 3131 return smk_curacc_sem(isp, may); 3132 } 3133 3134 /** 3135 * smack_sem_semctl - Smack access check for sem 3136 * @isp: the object 3137 * @cmd: what it wants to do 3138 * 3139 * Returns 0 if current has the requested access, error code otherwise 3140 */ 3141 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3142 { 3143 int may; 3144 3145 switch (cmd) { 3146 case GETPID: 3147 case GETNCNT: 3148 case GETZCNT: 3149 case GETVAL: 3150 case GETALL: 3151 case IPC_STAT: 3152 case SEM_STAT: 3153 case SEM_STAT_ANY: 3154 may = MAY_READ; 3155 break; 3156 case SETVAL: 3157 case SETALL: 3158 case IPC_RMID: 3159 case IPC_SET: 3160 may = MAY_READWRITE; 3161 break; 3162 case IPC_INFO: 3163 case SEM_INFO: 3164 /* 3165 * System level information 3166 */ 3167 return 0; 3168 default: 3169 return -EINVAL; 3170 } 3171 3172 return smk_curacc_sem(isp, may); 3173 } 3174 3175 /** 3176 * smack_sem_semop - Smack checks of semaphore operations 3177 * @isp: the object 3178 * @sops: unused 3179 * @nsops: unused 3180 * @alter: unused 3181 * 3182 * Treated as read and write in all cases. 3183 * 3184 * Returns 0 if access is allowed, error code otherwise 3185 */ 3186 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3187 unsigned nsops, int alter) 3188 { 3189 return smk_curacc_sem(isp, MAY_READWRITE); 3190 } 3191 3192 /** 3193 * smk_curacc_msq : helper to check if current has access on msq 3194 * @isp : the msq 3195 * @access : access requested 3196 * 3197 * return 0 if current has access, error otherwise 3198 */ 3199 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3200 { 3201 struct smack_known *msp = smack_of_ipc(isp); 3202 struct smk_audit_info ad; 3203 int rc; 3204 3205 #ifdef CONFIG_AUDIT 3206 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3207 ad.a.u.ipc_id = isp->id; 3208 #endif 3209 rc = smk_curacc(msp, access, &ad); 3210 rc = smk_bu_current("msq", msp, access, rc); 3211 return rc; 3212 } 3213 3214 /** 3215 * smack_msg_queue_associate - Smack access check for msg_queue 3216 * @isp: the object 3217 * @msqflg: access requested 3218 * 3219 * Returns 0 if current has the requested access, error code otherwise 3220 */ 3221 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3222 { 3223 int may; 3224 3225 may = smack_flags_to_may(msqflg); 3226 return smk_curacc_msq(isp, may); 3227 } 3228 3229 /** 3230 * smack_msg_queue_msgctl - Smack access check for msg_queue 3231 * @isp: the object 3232 * @cmd: what it wants to do 3233 * 3234 * Returns 0 if current has the requested access, error code otherwise 3235 */ 3236 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3237 { 3238 int may; 3239 3240 switch (cmd) { 3241 case IPC_STAT: 3242 case MSG_STAT: 3243 case MSG_STAT_ANY: 3244 may = MAY_READ; 3245 break; 3246 case IPC_SET: 3247 case IPC_RMID: 3248 may = MAY_READWRITE; 3249 break; 3250 case IPC_INFO: 3251 case MSG_INFO: 3252 /* 3253 * System level information 3254 */ 3255 return 0; 3256 default: 3257 return -EINVAL; 3258 } 3259 3260 return smk_curacc_msq(isp, may); 3261 } 3262 3263 /** 3264 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3265 * @isp: the object 3266 * @msg: unused 3267 * @msqflg: access requested 3268 * 3269 * Returns 0 if current has the requested access, error code otherwise 3270 */ 3271 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3272 int msqflg) 3273 { 3274 int may; 3275 3276 may = smack_flags_to_may(msqflg); 3277 return smk_curacc_msq(isp, may); 3278 } 3279 3280 /** 3281 * smack_msg_queue_msgrcv - Smack access check for msg_queue 3282 * @isp: the object 3283 * @msg: unused 3284 * @target: unused 3285 * @type: unused 3286 * @mode: unused 3287 * 3288 * Returns 0 if current has read and write access, error code otherwise 3289 */ 3290 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, 3291 struct msg_msg *msg, 3292 struct task_struct *target, long type, 3293 int mode) 3294 { 3295 return smk_curacc_msq(isp, MAY_READWRITE); 3296 } 3297 3298 /** 3299 * smack_ipc_permission - Smack access for ipc_permission() 3300 * @ipp: the object permissions 3301 * @flag: access requested 3302 * 3303 * Returns 0 if current has read and write access, error code otherwise 3304 */ 3305 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3306 { 3307 struct smack_known **blob = smack_ipc(ipp); 3308 struct smack_known *iskp = *blob; 3309 int may = smack_flags_to_may(flag); 3310 struct smk_audit_info ad; 3311 int rc; 3312 3313 #ifdef CONFIG_AUDIT 3314 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3315 ad.a.u.ipc_id = ipp->id; 3316 #endif 3317 rc = smk_curacc(iskp, may, &ad); 3318 rc = smk_bu_current("svipc", iskp, may, rc); 3319 return rc; 3320 } 3321 3322 /** 3323 * smack_ipc_getsecid - Extract smack security id 3324 * @ipp: the object permissions 3325 * @secid: where result will be saved 3326 */ 3327 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3328 { 3329 struct smack_known **blob = smack_ipc(ipp); 3330 struct smack_known *iskp = *blob; 3331 3332 *secid = iskp->smk_secid; 3333 } 3334 3335 /** 3336 * smack_d_instantiate - Make sure the blob is correct on an inode 3337 * @opt_dentry: dentry where inode will be attached 3338 * @inode: the object 3339 * 3340 * Set the inode's security blob if it hasn't been done already. 3341 */ 3342 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3343 { 3344 struct super_block *sbp; 3345 struct superblock_smack *sbsp; 3346 struct inode_smack *isp; 3347 struct smack_known *skp; 3348 struct smack_known *ckp = smk_of_current(); 3349 struct smack_known *final; 3350 char trattr[TRANS_TRUE_SIZE]; 3351 int transflag = 0; 3352 int rc; 3353 struct dentry *dp; 3354 3355 if (inode == NULL) 3356 return; 3357 3358 isp = smack_inode(inode); 3359 3360 /* 3361 * If the inode is already instantiated 3362 * take the quick way out 3363 */ 3364 if (isp->smk_flags & SMK_INODE_INSTANT) 3365 return; 3366 3367 sbp = inode->i_sb; 3368 sbsp = smack_superblock(sbp); 3369 /* 3370 * We're going to use the superblock default label 3371 * if there's no label on the file. 3372 */ 3373 final = sbsp->smk_default; 3374 3375 /* 3376 * If this is the root inode the superblock 3377 * may be in the process of initialization. 3378 * If that is the case use the root value out 3379 * of the superblock. 3380 */ 3381 if (opt_dentry->d_parent == opt_dentry) { 3382 switch (sbp->s_magic) { 3383 case CGROUP_SUPER_MAGIC: 3384 case CGROUP2_SUPER_MAGIC: 3385 /* 3386 * The cgroup filesystem is never mounted, 3387 * so there's no opportunity to set the mount 3388 * options. 3389 */ 3390 sbsp->smk_root = &smack_known_star; 3391 sbsp->smk_default = &smack_known_star; 3392 isp->smk_inode = sbsp->smk_root; 3393 break; 3394 case TMPFS_MAGIC: 3395 /* 3396 * What about shmem/tmpfs anonymous files with dentry 3397 * obtained from d_alloc_pseudo()? 3398 */ 3399 isp->smk_inode = smk_of_current(); 3400 break; 3401 case PIPEFS_MAGIC: 3402 isp->smk_inode = smk_of_current(); 3403 break; 3404 case SOCKFS_MAGIC: 3405 /* 3406 * Socket access is controlled by the socket 3407 * structures associated with the task involved. 3408 */ 3409 isp->smk_inode = &smack_known_star; 3410 break; 3411 default: 3412 isp->smk_inode = sbsp->smk_root; 3413 break; 3414 } 3415 isp->smk_flags |= SMK_INODE_INSTANT; 3416 return; 3417 } 3418 3419 /* 3420 * This is pretty hackish. 3421 * Casey says that we shouldn't have to do 3422 * file system specific code, but it does help 3423 * with keeping it simple. 3424 */ 3425 switch (sbp->s_magic) { 3426 case SMACK_MAGIC: 3427 case CGROUP_SUPER_MAGIC: 3428 case CGROUP2_SUPER_MAGIC: 3429 /* 3430 * Casey says that it's a little embarrassing 3431 * that the smack file system doesn't do 3432 * extended attributes. 3433 * 3434 * Cgroupfs is special 3435 */ 3436 final = &smack_known_star; 3437 break; 3438 case DEVPTS_SUPER_MAGIC: 3439 /* 3440 * devpts seems content with the label of the task. 3441 * Programs that change smack have to treat the 3442 * pty with respect. 3443 */ 3444 final = ckp; 3445 break; 3446 case PROC_SUPER_MAGIC: 3447 /* 3448 * Casey says procfs appears not to care. 3449 * The superblock default suffices. 3450 */ 3451 break; 3452 case TMPFS_MAGIC: 3453 /* 3454 * Device labels should come from the filesystem, 3455 * but watch out, because they're volitile, 3456 * getting recreated on every reboot. 3457 */ 3458 final = &smack_known_star; 3459 /* 3460 * If a smack value has been set we want to use it, 3461 * but since tmpfs isn't giving us the opportunity 3462 * to set mount options simulate setting the 3463 * superblock default. 3464 */ 3465 fallthrough; 3466 default: 3467 /* 3468 * This isn't an understood special case. 3469 * Get the value from the xattr. 3470 */ 3471 3472 /* 3473 * UNIX domain sockets use lower level socket data. 3474 */ 3475 if (S_ISSOCK(inode->i_mode)) { 3476 final = &smack_known_star; 3477 break; 3478 } 3479 /* 3480 * No xattr support means, alas, no SMACK label. 3481 * Use the aforeapplied default. 3482 * It would be curious if the label of the task 3483 * does not match that assigned. 3484 */ 3485 if (!(inode->i_opflags & IOP_XATTR)) 3486 break; 3487 /* 3488 * Get the dentry for xattr. 3489 */ 3490 dp = dget(opt_dentry); 3491 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3492 if (!IS_ERR_OR_NULL(skp)) 3493 final = skp; 3494 3495 /* 3496 * Transmuting directory 3497 */ 3498 if (S_ISDIR(inode->i_mode)) { 3499 /* 3500 * If this is a new directory and the label was 3501 * transmuted when the inode was initialized 3502 * set the transmute attribute on the directory 3503 * and mark the inode. 3504 * 3505 * If there is a transmute attribute on the 3506 * directory mark the inode. 3507 */ 3508 if (isp->smk_flags & SMK_INODE_CHANGED) { 3509 isp->smk_flags &= ~SMK_INODE_CHANGED; 3510 rc = __vfs_setxattr(&init_user_ns, dp, inode, 3511 XATTR_NAME_SMACKTRANSMUTE, 3512 TRANS_TRUE, TRANS_TRUE_SIZE, 3513 0); 3514 } else { 3515 rc = __vfs_getxattr(dp, inode, 3516 XATTR_NAME_SMACKTRANSMUTE, trattr, 3517 TRANS_TRUE_SIZE); 3518 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3519 TRANS_TRUE_SIZE) != 0) 3520 rc = -EINVAL; 3521 } 3522 if (rc >= 0) 3523 transflag = SMK_INODE_TRANSMUTE; 3524 } 3525 /* 3526 * Don't let the exec or mmap label be "*" or "@". 3527 */ 3528 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3529 if (IS_ERR(skp) || skp == &smack_known_star || 3530 skp == &smack_known_web) 3531 skp = NULL; 3532 isp->smk_task = skp; 3533 3534 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3535 if (IS_ERR(skp) || skp == &smack_known_star || 3536 skp == &smack_known_web) 3537 skp = NULL; 3538 isp->smk_mmap = skp; 3539 3540 dput(dp); 3541 break; 3542 } 3543 3544 if (final == NULL) 3545 isp->smk_inode = ckp; 3546 else 3547 isp->smk_inode = final; 3548 3549 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3550 3551 return; 3552 } 3553 3554 /** 3555 * smack_getprocattr - Smack process attribute access 3556 * @p: the object task 3557 * @name: the name of the attribute in /proc/.../attr 3558 * @value: where to put the result 3559 * 3560 * Places a copy of the task Smack into value 3561 * 3562 * Returns the length of the smack label or an error code 3563 */ 3564 static int smack_getprocattr(struct task_struct *p, const char *name, char **value) 3565 { 3566 struct smack_known *skp = smk_of_task_struct_obj(p); 3567 char *cp; 3568 int slen; 3569 3570 if (strcmp(name, "current") != 0) 3571 return -EINVAL; 3572 3573 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3574 if (cp == NULL) 3575 return -ENOMEM; 3576 3577 slen = strlen(cp); 3578 *value = cp; 3579 return slen; 3580 } 3581 3582 /** 3583 * smack_setprocattr - Smack process attribute setting 3584 * @name: the name of the attribute in /proc/.../attr 3585 * @value: the value to set 3586 * @size: the size of the value 3587 * 3588 * Sets the Smack value of the task. Only setting self 3589 * is permitted and only with privilege 3590 * 3591 * Returns the length of the smack label or an error code 3592 */ 3593 static int smack_setprocattr(const char *name, void *value, size_t size) 3594 { 3595 struct task_smack *tsp = smack_cred(current_cred()); 3596 struct cred *new; 3597 struct smack_known *skp; 3598 struct smack_known_list_elem *sklep; 3599 int rc; 3600 3601 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3602 return -EPERM; 3603 3604 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3605 return -EINVAL; 3606 3607 if (strcmp(name, "current") != 0) 3608 return -EINVAL; 3609 3610 skp = smk_import_entry(value, size); 3611 if (IS_ERR(skp)) 3612 return PTR_ERR(skp); 3613 3614 /* 3615 * No process is ever allowed the web ("@") label 3616 * and the star ("*") label. 3617 */ 3618 if (skp == &smack_known_web || skp == &smack_known_star) 3619 return -EINVAL; 3620 3621 if (!smack_privileged(CAP_MAC_ADMIN)) { 3622 rc = -EPERM; 3623 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3624 if (sklep->smk_label == skp) { 3625 rc = 0; 3626 break; 3627 } 3628 if (rc) 3629 return rc; 3630 } 3631 3632 new = prepare_creds(); 3633 if (new == NULL) 3634 return -ENOMEM; 3635 3636 tsp = smack_cred(new); 3637 tsp->smk_task = skp; 3638 /* 3639 * process can change its label only once 3640 */ 3641 smk_destroy_label_list(&tsp->smk_relabel); 3642 3643 commit_creds(new); 3644 return size; 3645 } 3646 3647 /** 3648 * smack_unix_stream_connect - Smack access on UDS 3649 * @sock: one sock 3650 * @other: the other sock 3651 * @newsk: unused 3652 * 3653 * Return 0 if a subject with the smack of sock could access 3654 * an object with the smack of other, otherwise an error code 3655 */ 3656 static int smack_unix_stream_connect(struct sock *sock, 3657 struct sock *other, struct sock *newsk) 3658 { 3659 struct smack_known *skp; 3660 struct smack_known *okp; 3661 struct socket_smack *ssp = sock->sk_security; 3662 struct socket_smack *osp = other->sk_security; 3663 struct socket_smack *nsp = newsk->sk_security; 3664 struct smk_audit_info ad; 3665 int rc = 0; 3666 #ifdef CONFIG_AUDIT 3667 struct lsm_network_audit net; 3668 #endif 3669 3670 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3671 skp = ssp->smk_out; 3672 okp = osp->smk_in; 3673 #ifdef CONFIG_AUDIT 3674 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3675 smk_ad_setfield_u_net_sk(&ad, other); 3676 #endif 3677 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3678 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3679 if (rc == 0) { 3680 okp = osp->smk_out; 3681 skp = ssp->smk_in; 3682 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3683 rc = smk_bu_note("UDS connect", okp, skp, 3684 MAY_WRITE, rc); 3685 } 3686 } 3687 3688 /* 3689 * Cross reference the peer labels for SO_PEERSEC. 3690 */ 3691 if (rc == 0) { 3692 nsp->smk_packet = ssp->smk_out; 3693 ssp->smk_packet = osp->smk_out; 3694 } 3695 3696 return rc; 3697 } 3698 3699 /** 3700 * smack_unix_may_send - Smack access on UDS 3701 * @sock: one socket 3702 * @other: the other socket 3703 * 3704 * Return 0 if a subject with the smack of sock could access 3705 * an object with the smack of other, otherwise an error code 3706 */ 3707 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3708 { 3709 struct socket_smack *ssp = sock->sk->sk_security; 3710 struct socket_smack *osp = other->sk->sk_security; 3711 struct smk_audit_info ad; 3712 int rc; 3713 3714 #ifdef CONFIG_AUDIT 3715 struct lsm_network_audit net; 3716 3717 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3718 smk_ad_setfield_u_net_sk(&ad, other->sk); 3719 #endif 3720 3721 if (smack_privileged(CAP_MAC_OVERRIDE)) 3722 return 0; 3723 3724 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3725 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3726 return rc; 3727 } 3728 3729 /** 3730 * smack_socket_sendmsg - Smack check based on destination host 3731 * @sock: the socket 3732 * @msg: the message 3733 * @size: the size of the message 3734 * 3735 * Return 0 if the current subject can write to the destination host. 3736 * For IPv4 this is only a question if the destination is a single label host. 3737 * For IPv6 this is a check against the label of the port. 3738 */ 3739 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3740 int size) 3741 { 3742 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3743 #if IS_ENABLED(CONFIG_IPV6) 3744 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3745 #endif 3746 #ifdef SMACK_IPV6_SECMARK_LABELING 3747 struct socket_smack *ssp = sock->sk->sk_security; 3748 struct smack_known *rsp; 3749 #endif 3750 int rc = 0; 3751 3752 /* 3753 * Perfectly reasonable for this to be NULL 3754 */ 3755 if (sip == NULL) 3756 return 0; 3757 3758 switch (sock->sk->sk_family) { 3759 case AF_INET: 3760 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3761 sip->sin_family != AF_INET) 3762 return -EINVAL; 3763 rc = smk_ipv4_check(sock->sk, sip); 3764 break; 3765 #if IS_ENABLED(CONFIG_IPV6) 3766 case AF_INET6: 3767 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3768 sap->sin6_family != AF_INET6) 3769 return -EINVAL; 3770 #ifdef SMACK_IPV6_SECMARK_LABELING 3771 rsp = smack_ipv6host_label(sap); 3772 if (rsp != NULL) 3773 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3774 SMK_CONNECTING); 3775 #endif 3776 #ifdef SMACK_IPV6_PORT_LABELING 3777 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3778 #endif 3779 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3780 break; 3781 } 3782 return rc; 3783 } 3784 3785 /** 3786 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3787 * @sap: netlabel secattr 3788 * @ssp: socket security information 3789 * 3790 * Returns a pointer to a Smack label entry found on the label list. 3791 */ 3792 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3793 struct socket_smack *ssp) 3794 { 3795 struct smack_known *skp; 3796 int found = 0; 3797 int acat; 3798 int kcat; 3799 3800 /* 3801 * Netlabel found it in the cache. 3802 */ 3803 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3804 return (struct smack_known *)sap->cache->data; 3805 3806 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3807 /* 3808 * Looks like a fallback, which gives us a secid. 3809 */ 3810 return smack_from_secid(sap->attr.secid); 3811 3812 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3813 /* 3814 * Looks like a CIPSO packet. 3815 * If there are flags but no level netlabel isn't 3816 * behaving the way we expect it to. 3817 * 3818 * Look it up in the label table 3819 * Without guidance regarding the smack value 3820 * for the packet fall back on the network 3821 * ambient value. 3822 */ 3823 rcu_read_lock(); 3824 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3825 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3826 continue; 3827 /* 3828 * Compare the catsets. Use the netlbl APIs. 3829 */ 3830 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3831 if ((skp->smk_netlabel.flags & 3832 NETLBL_SECATTR_MLS_CAT) == 0) 3833 found = 1; 3834 break; 3835 } 3836 for (acat = -1, kcat = -1; acat == kcat; ) { 3837 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3838 acat + 1); 3839 kcat = netlbl_catmap_walk( 3840 skp->smk_netlabel.attr.mls.cat, 3841 kcat + 1); 3842 if (acat < 0 || kcat < 0) 3843 break; 3844 } 3845 if (acat == kcat) { 3846 found = 1; 3847 break; 3848 } 3849 } 3850 rcu_read_unlock(); 3851 3852 if (found) 3853 return skp; 3854 3855 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3856 return &smack_known_web; 3857 return &smack_known_star; 3858 } 3859 /* 3860 * Without guidance regarding the smack value 3861 * for the packet fall back on the network 3862 * ambient value. 3863 */ 3864 return smack_net_ambient; 3865 } 3866 3867 #if IS_ENABLED(CONFIG_IPV6) 3868 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3869 { 3870 u8 nexthdr; 3871 int offset; 3872 int proto = -EINVAL; 3873 struct ipv6hdr _ipv6h; 3874 struct ipv6hdr *ip6; 3875 __be16 frag_off; 3876 struct tcphdr _tcph, *th; 3877 struct udphdr _udph, *uh; 3878 struct dccp_hdr _dccph, *dh; 3879 3880 sip->sin6_port = 0; 3881 3882 offset = skb_network_offset(skb); 3883 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3884 if (ip6 == NULL) 3885 return -EINVAL; 3886 sip->sin6_addr = ip6->saddr; 3887 3888 nexthdr = ip6->nexthdr; 3889 offset += sizeof(_ipv6h); 3890 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3891 if (offset < 0) 3892 return -EINVAL; 3893 3894 proto = nexthdr; 3895 switch (proto) { 3896 case IPPROTO_TCP: 3897 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3898 if (th != NULL) 3899 sip->sin6_port = th->source; 3900 break; 3901 case IPPROTO_UDP: 3902 case IPPROTO_UDPLITE: 3903 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3904 if (uh != NULL) 3905 sip->sin6_port = uh->source; 3906 break; 3907 case IPPROTO_DCCP: 3908 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3909 if (dh != NULL) 3910 sip->sin6_port = dh->dccph_sport; 3911 break; 3912 } 3913 return proto; 3914 } 3915 #endif /* CONFIG_IPV6 */ 3916 3917 /** 3918 * smack_from_skb - Smack data from the secmark in an skb 3919 * @skb: packet 3920 * 3921 * Returns smack_known of the secmark or NULL if that won't work. 3922 */ 3923 #ifdef CONFIG_NETWORK_SECMARK 3924 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3925 { 3926 if (skb == NULL || skb->secmark == 0) 3927 return NULL; 3928 3929 return smack_from_secid(skb->secmark); 3930 } 3931 #else 3932 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3933 { 3934 return NULL; 3935 } 3936 #endif 3937 3938 /** 3939 * smack_from_netlbl - Smack data from the IP options in an skb 3940 * @sk: socket data came in on 3941 * @family: address family 3942 * @skb: packet 3943 * 3944 * Find the Smack label in the IP options. If it hasn't been 3945 * added to the netlabel cache, add it here. 3946 * 3947 * Returns smack_known of the IP options or NULL if that won't work. 3948 */ 3949 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 3950 struct sk_buff *skb) 3951 { 3952 struct netlbl_lsm_secattr secattr; 3953 struct socket_smack *ssp = NULL; 3954 struct smack_known *skp = NULL; 3955 3956 netlbl_secattr_init(&secattr); 3957 3958 if (sk) 3959 ssp = sk->sk_security; 3960 3961 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 3962 skp = smack_from_secattr(&secattr, ssp); 3963 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 3964 netlbl_cache_add(skb, family, &skp->smk_netlabel); 3965 } 3966 3967 netlbl_secattr_destroy(&secattr); 3968 3969 return skp; 3970 } 3971 3972 /** 3973 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3974 * @sk: socket 3975 * @skb: packet 3976 * 3977 * Returns 0 if the packet should be delivered, an error code otherwise 3978 */ 3979 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3980 { 3981 struct socket_smack *ssp = sk->sk_security; 3982 struct smack_known *skp = NULL; 3983 int rc = 0; 3984 struct smk_audit_info ad; 3985 u16 family = sk->sk_family; 3986 #ifdef CONFIG_AUDIT 3987 struct lsm_network_audit net; 3988 #endif 3989 #if IS_ENABLED(CONFIG_IPV6) 3990 struct sockaddr_in6 sadd; 3991 int proto; 3992 3993 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3994 family = PF_INET; 3995 #endif /* CONFIG_IPV6 */ 3996 3997 switch (family) { 3998 case PF_INET: 3999 /* 4000 * If there is a secmark use it rather than the CIPSO label. 4001 * If there is no secmark fall back to CIPSO. 4002 * The secmark is assumed to reflect policy better. 4003 */ 4004 skp = smack_from_skb(skb); 4005 if (skp == NULL) { 4006 skp = smack_from_netlbl(sk, family, skb); 4007 if (skp == NULL) 4008 skp = smack_net_ambient; 4009 } 4010 4011 #ifdef CONFIG_AUDIT 4012 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4013 ad.a.u.net->family = family; 4014 ad.a.u.net->netif = skb->skb_iif; 4015 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4016 #endif 4017 /* 4018 * Receiving a packet requires that the other end 4019 * be able to write here. Read access is not required. 4020 * This is the simplist possible security model 4021 * for networking. 4022 */ 4023 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4024 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 4025 MAY_WRITE, rc); 4026 if (rc != 0) 4027 netlbl_skbuff_err(skb, family, rc, 0); 4028 break; 4029 #if IS_ENABLED(CONFIG_IPV6) 4030 case PF_INET6: 4031 proto = smk_skb_to_addr_ipv6(skb, &sadd); 4032 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 4033 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 4034 break; 4035 #ifdef SMACK_IPV6_SECMARK_LABELING 4036 skp = smack_from_skb(skb); 4037 if (skp == NULL) { 4038 if (smk_ipv6_localhost(&sadd)) 4039 break; 4040 skp = smack_ipv6host_label(&sadd); 4041 if (skp == NULL) 4042 skp = smack_net_ambient; 4043 } 4044 #ifdef CONFIG_AUDIT 4045 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4046 ad.a.u.net->family = family; 4047 ad.a.u.net->netif = skb->skb_iif; 4048 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 4049 #endif /* CONFIG_AUDIT */ 4050 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4051 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 4052 MAY_WRITE, rc); 4053 #endif /* SMACK_IPV6_SECMARK_LABELING */ 4054 #ifdef SMACK_IPV6_PORT_LABELING 4055 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 4056 #endif /* SMACK_IPV6_PORT_LABELING */ 4057 if (rc != 0) 4058 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 4059 ICMPV6_ADM_PROHIBITED, 0); 4060 break; 4061 #endif /* CONFIG_IPV6 */ 4062 } 4063 4064 return rc; 4065 } 4066 4067 /** 4068 * smack_socket_getpeersec_stream - pull in packet label 4069 * @sock: the socket 4070 * @optval: user's destination 4071 * @optlen: size thereof 4072 * @len: max thereof 4073 * 4074 * returns zero on success, an error code otherwise 4075 */ 4076 static int smack_socket_getpeersec_stream(struct socket *sock, 4077 sockptr_t optval, sockptr_t optlen, 4078 unsigned int len) 4079 { 4080 struct socket_smack *ssp; 4081 char *rcp = ""; 4082 u32 slen = 1; 4083 int rc = 0; 4084 4085 ssp = sock->sk->sk_security; 4086 if (ssp->smk_packet != NULL) { 4087 rcp = ssp->smk_packet->smk_known; 4088 slen = strlen(rcp) + 1; 4089 } 4090 if (slen > len) { 4091 rc = -ERANGE; 4092 goto out_len; 4093 } 4094 4095 if (copy_to_sockptr(optval, rcp, slen)) 4096 rc = -EFAULT; 4097 out_len: 4098 if (copy_to_sockptr(optlen, &slen, sizeof(slen))) 4099 rc = -EFAULT; 4100 return rc; 4101 } 4102 4103 4104 /** 4105 * smack_socket_getpeersec_dgram - pull in packet label 4106 * @sock: the peer socket 4107 * @skb: packet data 4108 * @secid: pointer to where to put the secid of the packet 4109 * 4110 * Sets the netlabel socket state on sk from parent 4111 */ 4112 static int smack_socket_getpeersec_dgram(struct socket *sock, 4113 struct sk_buff *skb, u32 *secid) 4114 4115 { 4116 struct socket_smack *ssp = NULL; 4117 struct smack_known *skp; 4118 struct sock *sk = NULL; 4119 int family = PF_UNSPEC; 4120 u32 s = 0; /* 0 is the invalid secid */ 4121 4122 if (skb != NULL) { 4123 if (skb->protocol == htons(ETH_P_IP)) 4124 family = PF_INET; 4125 #if IS_ENABLED(CONFIG_IPV6) 4126 else if (skb->protocol == htons(ETH_P_IPV6)) 4127 family = PF_INET6; 4128 #endif /* CONFIG_IPV6 */ 4129 } 4130 if (family == PF_UNSPEC && sock != NULL) 4131 family = sock->sk->sk_family; 4132 4133 switch (family) { 4134 case PF_UNIX: 4135 ssp = sock->sk->sk_security; 4136 s = ssp->smk_out->smk_secid; 4137 break; 4138 case PF_INET: 4139 skp = smack_from_skb(skb); 4140 if (skp) { 4141 s = skp->smk_secid; 4142 break; 4143 } 4144 /* 4145 * Translate what netlabel gave us. 4146 */ 4147 if (sock != NULL) 4148 sk = sock->sk; 4149 skp = smack_from_netlbl(sk, family, skb); 4150 if (skp != NULL) 4151 s = skp->smk_secid; 4152 break; 4153 case PF_INET6: 4154 #ifdef SMACK_IPV6_SECMARK_LABELING 4155 skp = smack_from_skb(skb); 4156 if (skp) 4157 s = skp->smk_secid; 4158 #endif 4159 break; 4160 } 4161 *secid = s; 4162 if (s == 0) 4163 return -EINVAL; 4164 return 0; 4165 } 4166 4167 /** 4168 * smack_sock_graft - Initialize a newly created socket with an existing sock 4169 * @sk: child sock 4170 * @parent: parent socket 4171 * 4172 * Set the smk_{in,out} state of an existing sock based on the process that 4173 * is creating the new socket. 4174 */ 4175 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4176 { 4177 struct socket_smack *ssp; 4178 struct smack_known *skp = smk_of_current(); 4179 4180 if (sk == NULL || 4181 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4182 return; 4183 4184 ssp = sk->sk_security; 4185 ssp->smk_in = skp; 4186 ssp->smk_out = skp; 4187 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4188 } 4189 4190 /** 4191 * smack_inet_conn_request - Smack access check on connect 4192 * @sk: socket involved 4193 * @skb: packet 4194 * @req: unused 4195 * 4196 * Returns 0 if a task with the packet label could write to 4197 * the socket, otherwise an error code 4198 */ 4199 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4200 struct request_sock *req) 4201 { 4202 u16 family = sk->sk_family; 4203 struct smack_known *skp; 4204 struct socket_smack *ssp = sk->sk_security; 4205 struct sockaddr_in addr; 4206 struct iphdr *hdr; 4207 struct smack_known *hskp; 4208 int rc; 4209 struct smk_audit_info ad; 4210 #ifdef CONFIG_AUDIT 4211 struct lsm_network_audit net; 4212 #endif 4213 4214 #if IS_ENABLED(CONFIG_IPV6) 4215 if (family == PF_INET6) { 4216 /* 4217 * Handle mapped IPv4 packets arriving 4218 * via IPv6 sockets. Don't set up netlabel 4219 * processing on IPv6. 4220 */ 4221 if (skb->protocol == htons(ETH_P_IP)) 4222 family = PF_INET; 4223 else 4224 return 0; 4225 } 4226 #endif /* CONFIG_IPV6 */ 4227 4228 /* 4229 * If there is a secmark use it rather than the CIPSO label. 4230 * If there is no secmark fall back to CIPSO. 4231 * The secmark is assumed to reflect policy better. 4232 */ 4233 skp = smack_from_skb(skb); 4234 if (skp == NULL) { 4235 skp = smack_from_netlbl(sk, family, skb); 4236 if (skp == NULL) 4237 skp = &smack_known_huh; 4238 } 4239 4240 #ifdef CONFIG_AUDIT 4241 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4242 ad.a.u.net->family = family; 4243 ad.a.u.net->netif = skb->skb_iif; 4244 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4245 #endif 4246 /* 4247 * Receiving a packet requires that the other end be able to write 4248 * here. Read access is not required. 4249 */ 4250 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4251 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4252 if (rc != 0) 4253 return rc; 4254 4255 /* 4256 * Save the peer's label in the request_sock so we can later setup 4257 * smk_packet in the child socket so that SO_PEERCRED can report it. 4258 */ 4259 req->peer_secid = skp->smk_secid; 4260 4261 /* 4262 * We need to decide if we want to label the incoming connection here 4263 * if we do we only need to label the request_sock and the stack will 4264 * propagate the wire-label to the sock when it is created. 4265 */ 4266 hdr = ip_hdr(skb); 4267 addr.sin_addr.s_addr = hdr->saddr; 4268 rcu_read_lock(); 4269 hskp = smack_ipv4host_label(&addr); 4270 rcu_read_unlock(); 4271 4272 if (hskp == NULL) 4273 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4274 else 4275 netlbl_req_delattr(req); 4276 4277 return rc; 4278 } 4279 4280 /** 4281 * smack_inet_csk_clone - Copy the connection information to the new socket 4282 * @sk: the new socket 4283 * @req: the connection's request_sock 4284 * 4285 * Transfer the connection's peer label to the newly created socket. 4286 */ 4287 static void smack_inet_csk_clone(struct sock *sk, 4288 const struct request_sock *req) 4289 { 4290 struct socket_smack *ssp = sk->sk_security; 4291 struct smack_known *skp; 4292 4293 if (req->peer_secid != 0) { 4294 skp = smack_from_secid(req->peer_secid); 4295 ssp->smk_packet = skp; 4296 } else 4297 ssp->smk_packet = NULL; 4298 } 4299 4300 /* 4301 * Key management security hooks 4302 * 4303 * Casey has not tested key support very heavily. 4304 * The permission check is most likely too restrictive. 4305 * If you care about keys please have a look. 4306 */ 4307 #ifdef CONFIG_KEYS 4308 4309 /** 4310 * smack_key_alloc - Set the key security blob 4311 * @key: object 4312 * @cred: the credentials to use 4313 * @flags: unused 4314 * 4315 * No allocation required 4316 * 4317 * Returns 0 4318 */ 4319 static int smack_key_alloc(struct key *key, const struct cred *cred, 4320 unsigned long flags) 4321 { 4322 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4323 4324 key->security = skp; 4325 return 0; 4326 } 4327 4328 /** 4329 * smack_key_free - Clear the key security blob 4330 * @key: the object 4331 * 4332 * Clear the blob pointer 4333 */ 4334 static void smack_key_free(struct key *key) 4335 { 4336 key->security = NULL; 4337 } 4338 4339 /** 4340 * smack_key_permission - Smack access on a key 4341 * @key_ref: gets to the object 4342 * @cred: the credentials to use 4343 * @need_perm: requested key permission 4344 * 4345 * Return 0 if the task has read and write to the object, 4346 * an error code otherwise 4347 */ 4348 static int smack_key_permission(key_ref_t key_ref, 4349 const struct cred *cred, 4350 enum key_need_perm need_perm) 4351 { 4352 struct key *keyp; 4353 struct smk_audit_info ad; 4354 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4355 int request = 0; 4356 int rc; 4357 4358 /* 4359 * Validate requested permissions 4360 */ 4361 switch (need_perm) { 4362 case KEY_NEED_READ: 4363 case KEY_NEED_SEARCH: 4364 case KEY_NEED_VIEW: 4365 request |= MAY_READ; 4366 break; 4367 case KEY_NEED_WRITE: 4368 case KEY_NEED_LINK: 4369 case KEY_NEED_SETATTR: 4370 request |= MAY_WRITE; 4371 break; 4372 case KEY_NEED_UNSPECIFIED: 4373 case KEY_NEED_UNLINK: 4374 case KEY_SYSADMIN_OVERRIDE: 4375 case KEY_AUTHTOKEN_OVERRIDE: 4376 case KEY_DEFER_PERM_CHECK: 4377 return 0; 4378 default: 4379 return -EINVAL; 4380 } 4381 4382 keyp = key_ref_to_ptr(key_ref); 4383 if (keyp == NULL) 4384 return -EINVAL; 4385 /* 4386 * If the key hasn't been initialized give it access so that 4387 * it may do so. 4388 */ 4389 if (keyp->security == NULL) 4390 return 0; 4391 /* 4392 * This should not occur 4393 */ 4394 if (tkp == NULL) 4395 return -EACCES; 4396 4397 if (smack_privileged(CAP_MAC_OVERRIDE)) 4398 return 0; 4399 4400 #ifdef CONFIG_AUDIT 4401 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4402 ad.a.u.key_struct.key = keyp->serial; 4403 ad.a.u.key_struct.key_desc = keyp->description; 4404 #endif 4405 rc = smk_access(tkp, keyp->security, request, &ad); 4406 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4407 return rc; 4408 } 4409 4410 /* 4411 * smack_key_getsecurity - Smack label tagging the key 4412 * @key points to the key to be queried 4413 * @_buffer points to a pointer that should be set to point to the 4414 * resulting string (if no label or an error occurs). 4415 * Return the length of the string (including terminating NUL) or -ve if 4416 * an error. 4417 * May also return 0 (and a NULL buffer pointer) if there is no label. 4418 */ 4419 static int smack_key_getsecurity(struct key *key, char **_buffer) 4420 { 4421 struct smack_known *skp = key->security; 4422 size_t length; 4423 char *copy; 4424 4425 if (key->security == NULL) { 4426 *_buffer = NULL; 4427 return 0; 4428 } 4429 4430 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4431 if (copy == NULL) 4432 return -ENOMEM; 4433 length = strlen(copy) + 1; 4434 4435 *_buffer = copy; 4436 return length; 4437 } 4438 4439 4440 #ifdef CONFIG_KEY_NOTIFICATIONS 4441 /** 4442 * smack_watch_key - Smack access to watch a key for notifications. 4443 * @key: The key to be watched 4444 * 4445 * Return 0 if the @watch->cred has permission to read from the key object and 4446 * an error otherwise. 4447 */ 4448 static int smack_watch_key(struct key *key) 4449 { 4450 struct smk_audit_info ad; 4451 struct smack_known *tkp = smk_of_current(); 4452 int rc; 4453 4454 if (key == NULL) 4455 return -EINVAL; 4456 /* 4457 * If the key hasn't been initialized give it access so that 4458 * it may do so. 4459 */ 4460 if (key->security == NULL) 4461 return 0; 4462 /* 4463 * This should not occur 4464 */ 4465 if (tkp == NULL) 4466 return -EACCES; 4467 4468 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4469 return 0; 4470 4471 #ifdef CONFIG_AUDIT 4472 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4473 ad.a.u.key_struct.key = key->serial; 4474 ad.a.u.key_struct.key_desc = key->description; 4475 #endif 4476 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4477 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4478 return rc; 4479 } 4480 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4481 #endif /* CONFIG_KEYS */ 4482 4483 #ifdef CONFIG_WATCH_QUEUE 4484 /** 4485 * smack_post_notification - Smack access to post a notification to a queue 4486 * @w_cred: The credentials of the watcher. 4487 * @cred: The credentials of the event source (may be NULL). 4488 * @n: The notification message to be posted. 4489 */ 4490 static int smack_post_notification(const struct cred *w_cred, 4491 const struct cred *cred, 4492 struct watch_notification *n) 4493 { 4494 struct smk_audit_info ad; 4495 struct smack_known *subj, *obj; 4496 int rc; 4497 4498 /* Always let maintenance notifications through. */ 4499 if (n->type == WATCH_TYPE_META) 4500 return 0; 4501 4502 if (!cred) 4503 return 0; 4504 subj = smk_of_task(smack_cred(cred)); 4505 obj = smk_of_task(smack_cred(w_cred)); 4506 4507 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4508 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4509 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4510 return rc; 4511 } 4512 #endif /* CONFIG_WATCH_QUEUE */ 4513 4514 /* 4515 * Smack Audit hooks 4516 * 4517 * Audit requires a unique representation of each Smack specific 4518 * rule. This unique representation is used to distinguish the 4519 * object to be audited from remaining kernel objects and also 4520 * works as a glue between the audit hooks. 4521 * 4522 * Since repository entries are added but never deleted, we'll use 4523 * the smack_known label address related to the given audit rule as 4524 * the needed unique representation. This also better fits the smack 4525 * model where nearly everything is a label. 4526 */ 4527 #ifdef CONFIG_AUDIT 4528 4529 /** 4530 * smack_audit_rule_init - Initialize a smack audit rule 4531 * @field: audit rule fields given from user-space (audit.h) 4532 * @op: required testing operator (=, !=, >, <, ...) 4533 * @rulestr: smack label to be audited 4534 * @vrule: pointer to save our own audit rule representation 4535 * 4536 * Prepare to audit cases where (@field @op @rulestr) is true. 4537 * The label to be audited is created if necessay. 4538 */ 4539 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4540 { 4541 struct smack_known *skp; 4542 char **rule = (char **)vrule; 4543 *rule = NULL; 4544 4545 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4546 return -EINVAL; 4547 4548 if (op != Audit_equal && op != Audit_not_equal) 4549 return -EINVAL; 4550 4551 skp = smk_import_entry(rulestr, 0); 4552 if (IS_ERR(skp)) 4553 return PTR_ERR(skp); 4554 4555 *rule = skp->smk_known; 4556 4557 return 0; 4558 } 4559 4560 /** 4561 * smack_audit_rule_known - Distinguish Smack audit rules 4562 * @krule: rule of interest, in Audit kernel representation format 4563 * 4564 * This is used to filter Smack rules from remaining Audit ones. 4565 * If it's proved that this rule belongs to us, the 4566 * audit_rule_match hook will be called to do the final judgement. 4567 */ 4568 static int smack_audit_rule_known(struct audit_krule *krule) 4569 { 4570 struct audit_field *f; 4571 int i; 4572 4573 for (i = 0; i < krule->field_count; i++) { 4574 f = &krule->fields[i]; 4575 4576 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4577 return 1; 4578 } 4579 4580 return 0; 4581 } 4582 4583 /** 4584 * smack_audit_rule_match - Audit given object ? 4585 * @secid: security id for identifying the object to test 4586 * @field: audit rule flags given from user-space 4587 * @op: required testing operator 4588 * @vrule: smack internal rule presentation 4589 * 4590 * The core Audit hook. It's used to take the decision of 4591 * whether to audit or not to audit a given object. 4592 */ 4593 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4594 { 4595 struct smack_known *skp; 4596 char *rule = vrule; 4597 4598 if (unlikely(!rule)) { 4599 WARN_ONCE(1, "Smack: missing rule\n"); 4600 return -ENOENT; 4601 } 4602 4603 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4604 return 0; 4605 4606 skp = smack_from_secid(secid); 4607 4608 /* 4609 * No need to do string comparisons. If a match occurs, 4610 * both pointers will point to the same smack_known 4611 * label. 4612 */ 4613 if (op == Audit_equal) 4614 return (rule == skp->smk_known); 4615 if (op == Audit_not_equal) 4616 return (rule != skp->smk_known); 4617 4618 return 0; 4619 } 4620 4621 /* 4622 * There is no need for a smack_audit_rule_free hook. 4623 * No memory was allocated. 4624 */ 4625 4626 #endif /* CONFIG_AUDIT */ 4627 4628 /** 4629 * smack_ismaclabel - check if xattr @name references a smack MAC label 4630 * @name: Full xattr name to check. 4631 */ 4632 static int smack_ismaclabel(const char *name) 4633 { 4634 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4635 } 4636 4637 4638 /** 4639 * smack_secid_to_secctx - return the smack label for a secid 4640 * @secid: incoming integer 4641 * @secdata: destination 4642 * @seclen: how long it is 4643 * 4644 * Exists for networking code. 4645 */ 4646 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4647 { 4648 struct smack_known *skp = smack_from_secid(secid); 4649 4650 if (secdata) 4651 *secdata = skp->smk_known; 4652 *seclen = strlen(skp->smk_known); 4653 return 0; 4654 } 4655 4656 /** 4657 * smack_secctx_to_secid - return the secid for a smack label 4658 * @secdata: smack label 4659 * @seclen: how long result is 4660 * @secid: outgoing integer 4661 * 4662 * Exists for audit and networking code. 4663 */ 4664 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4665 { 4666 struct smack_known *skp = smk_find_entry(secdata); 4667 4668 if (skp) 4669 *secid = skp->smk_secid; 4670 else 4671 *secid = 0; 4672 return 0; 4673 } 4674 4675 /* 4676 * There used to be a smack_release_secctx hook 4677 * that did nothing back when hooks were in a vector. 4678 * Now that there's a list such a hook adds cost. 4679 */ 4680 4681 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4682 { 4683 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4684 ctxlen, 0); 4685 } 4686 4687 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4688 { 4689 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK, 4690 ctx, ctxlen, 0); 4691 } 4692 4693 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4694 { 4695 struct smack_known *skp = smk_of_inode(inode); 4696 4697 *ctx = skp->smk_known; 4698 *ctxlen = strlen(skp->smk_known); 4699 return 0; 4700 } 4701 4702 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4703 { 4704 4705 struct task_smack *tsp; 4706 struct smack_known *skp; 4707 struct inode_smack *isp; 4708 struct cred *new_creds = *new; 4709 4710 if (new_creds == NULL) { 4711 new_creds = prepare_creds(); 4712 if (new_creds == NULL) 4713 return -ENOMEM; 4714 } 4715 4716 tsp = smack_cred(new_creds); 4717 4718 /* 4719 * Get label from overlay inode and set it in create_sid 4720 */ 4721 isp = smack_inode(d_inode(dentry)); 4722 skp = isp->smk_inode; 4723 tsp->smk_task = skp; 4724 *new = new_creds; 4725 return 0; 4726 } 4727 4728 static int smack_inode_copy_up_xattr(const char *name) 4729 { 4730 /* 4731 * Return 1 if this is the smack access Smack attribute. 4732 */ 4733 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4734 return 1; 4735 4736 return -EOPNOTSUPP; 4737 } 4738 4739 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4740 struct qstr *name, 4741 const struct cred *old, 4742 struct cred *new) 4743 { 4744 struct task_smack *otsp = smack_cred(old); 4745 struct task_smack *ntsp = smack_cred(new); 4746 struct inode_smack *isp; 4747 int may; 4748 4749 /* 4750 * Use the process credential unless all of 4751 * the transmuting criteria are met 4752 */ 4753 ntsp->smk_task = otsp->smk_task; 4754 4755 /* 4756 * the attribute of the containing directory 4757 */ 4758 isp = smack_inode(d_inode(dentry->d_parent)); 4759 4760 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4761 rcu_read_lock(); 4762 may = smk_access_entry(otsp->smk_task->smk_known, 4763 isp->smk_inode->smk_known, 4764 &otsp->smk_task->smk_rules); 4765 rcu_read_unlock(); 4766 4767 /* 4768 * If the directory is transmuting and the rule 4769 * providing access is transmuting use the containing 4770 * directory label instead of the process label. 4771 */ 4772 if (may > 0 && (may & MAY_TRANSMUTE)) 4773 ntsp->smk_task = isp->smk_inode; 4774 } 4775 return 0; 4776 } 4777 4778 #ifdef CONFIG_IO_URING 4779 /** 4780 * smack_uring_override_creds - Is io_uring cred override allowed? 4781 * @new: the target creds 4782 * 4783 * Check to see if the current task is allowed to override it's credentials 4784 * to service an io_uring operation. 4785 */ 4786 static int smack_uring_override_creds(const struct cred *new) 4787 { 4788 struct task_smack *tsp = smack_cred(current_cred()); 4789 struct task_smack *nsp = smack_cred(new); 4790 4791 /* 4792 * Allow the degenerate case where the new Smack value is 4793 * the same as the current Smack value. 4794 */ 4795 if (tsp->smk_task == nsp->smk_task) 4796 return 0; 4797 4798 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4799 return 0; 4800 4801 return -EPERM; 4802 } 4803 4804 /** 4805 * smack_uring_sqpoll - check if a io_uring polling thread can be created 4806 * 4807 * Check to see if the current task is allowed to create a new io_uring 4808 * kernel polling thread. 4809 */ 4810 static int smack_uring_sqpoll(void) 4811 { 4812 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) 4813 return 0; 4814 4815 return -EPERM; 4816 } 4817 4818 /** 4819 * smack_uring_cmd - check on file operations for io_uring 4820 * @ioucmd: the command in question 4821 * 4822 * Make a best guess about whether a io_uring "command" should 4823 * be allowed. Use the same logic used for determining if the 4824 * file could be opened for read in the absence of better criteria. 4825 */ 4826 static int smack_uring_cmd(struct io_uring_cmd *ioucmd) 4827 { 4828 struct file *file = ioucmd->file; 4829 struct smk_audit_info ad; 4830 struct task_smack *tsp; 4831 struct inode *inode; 4832 int rc; 4833 4834 if (!file) 4835 return -EINVAL; 4836 4837 tsp = smack_cred(file->f_cred); 4838 inode = file_inode(file); 4839 4840 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 4841 smk_ad_setfield_u_fs_path(&ad, file->f_path); 4842 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 4843 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 4844 4845 return rc; 4846 } 4847 4848 #endif /* CONFIG_IO_URING */ 4849 4850 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4851 .lbs_cred = sizeof(struct task_smack), 4852 .lbs_file = sizeof(struct smack_known *), 4853 .lbs_inode = sizeof(struct inode_smack), 4854 .lbs_ipc = sizeof(struct smack_known *), 4855 .lbs_msg_msg = sizeof(struct smack_known *), 4856 .lbs_superblock = sizeof(struct superblock_smack), 4857 }; 4858 4859 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4860 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4861 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4862 LSM_HOOK_INIT(syslog, smack_syslog), 4863 4864 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4865 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4866 4867 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4868 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4869 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4870 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4871 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4872 4873 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4874 4875 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4876 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4877 LSM_HOOK_INIT(inode_link, smack_inode_link), 4878 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4879 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4880 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4881 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4882 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4883 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4884 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4885 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4886 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4887 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4888 LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl), 4889 LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl), 4890 LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl), 4891 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4892 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4893 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4894 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4895 4896 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4897 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4898 LSM_HOOK_INIT(file_lock, smack_file_lock), 4899 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4900 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4901 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4902 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4903 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4904 LSM_HOOK_INIT(file_receive, smack_file_receive), 4905 4906 LSM_HOOK_INIT(file_open, smack_file_open), 4907 4908 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4909 LSM_HOOK_INIT(cred_free, smack_cred_free), 4910 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4911 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4912 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4913 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4914 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4915 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4916 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4917 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4918 LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj), 4919 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 4920 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4921 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4922 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4923 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4924 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4925 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4926 LSM_HOOK_INIT(task_kill, smack_task_kill), 4927 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4928 4929 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4930 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4931 4932 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4933 4934 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4935 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4936 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4937 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4938 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4939 4940 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4941 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4942 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4943 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4944 4945 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4946 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4947 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4948 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4949 4950 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4951 4952 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4953 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4954 4955 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4956 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4957 4958 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4959 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4960 #ifdef SMACK_IPV6_PORT_LABELING 4961 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4962 #endif 4963 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4964 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4965 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4966 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4967 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4968 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4969 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4970 LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security), 4971 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4972 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4973 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4974 4975 /* key management security hooks */ 4976 #ifdef CONFIG_KEYS 4977 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4978 LSM_HOOK_INIT(key_free, smack_key_free), 4979 LSM_HOOK_INIT(key_permission, smack_key_permission), 4980 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4981 #ifdef CONFIG_KEY_NOTIFICATIONS 4982 LSM_HOOK_INIT(watch_key, smack_watch_key), 4983 #endif 4984 #endif /* CONFIG_KEYS */ 4985 4986 #ifdef CONFIG_WATCH_QUEUE 4987 LSM_HOOK_INIT(post_notification, smack_post_notification), 4988 #endif 4989 4990 /* Audit hooks */ 4991 #ifdef CONFIG_AUDIT 4992 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4993 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4994 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4995 #endif /* CONFIG_AUDIT */ 4996 4997 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4998 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4999 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 5000 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 5001 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 5002 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 5003 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 5004 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 5005 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 5006 #ifdef CONFIG_IO_URING 5007 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds), 5008 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll), 5009 LSM_HOOK_INIT(uring_cmd, smack_uring_cmd), 5010 #endif 5011 }; 5012 5013 5014 static __init void init_smack_known_list(void) 5015 { 5016 /* 5017 * Initialize rule list locks 5018 */ 5019 mutex_init(&smack_known_huh.smk_rules_lock); 5020 mutex_init(&smack_known_hat.smk_rules_lock); 5021 mutex_init(&smack_known_floor.smk_rules_lock); 5022 mutex_init(&smack_known_star.smk_rules_lock); 5023 mutex_init(&smack_known_web.smk_rules_lock); 5024 /* 5025 * Initialize rule lists 5026 */ 5027 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 5028 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 5029 INIT_LIST_HEAD(&smack_known_star.smk_rules); 5030 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 5031 INIT_LIST_HEAD(&smack_known_web.smk_rules); 5032 /* 5033 * Create the known labels list 5034 */ 5035 smk_insert_entry(&smack_known_huh); 5036 smk_insert_entry(&smack_known_hat); 5037 smk_insert_entry(&smack_known_star); 5038 smk_insert_entry(&smack_known_floor); 5039 smk_insert_entry(&smack_known_web); 5040 } 5041 5042 /** 5043 * smack_init - initialize the smack system 5044 * 5045 * Returns 0 on success, -ENOMEM is there's no memory 5046 */ 5047 static __init int smack_init(void) 5048 { 5049 struct cred *cred = (struct cred *) current->cred; 5050 struct task_smack *tsp; 5051 5052 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 5053 if (!smack_rule_cache) 5054 return -ENOMEM; 5055 5056 /* 5057 * Set the security state for the initial task. 5058 */ 5059 tsp = smack_cred(cred); 5060 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 5061 5062 /* 5063 * Register with LSM 5064 */ 5065 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 5066 smack_enabled = 1; 5067 5068 pr_info("Smack: Initializing.\n"); 5069 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 5070 pr_info("Smack: Netfilter enabled.\n"); 5071 #endif 5072 #ifdef SMACK_IPV6_PORT_LABELING 5073 pr_info("Smack: IPv6 port labeling enabled.\n"); 5074 #endif 5075 #ifdef SMACK_IPV6_SECMARK_LABELING 5076 pr_info("Smack: IPv6 Netfilter enabled.\n"); 5077 #endif 5078 5079 /* initialize the smack_known_list */ 5080 init_smack_known_list(); 5081 5082 return 0; 5083 } 5084 5085 /* 5086 * Smack requires early initialization in order to label 5087 * all processes and objects when they are created. 5088 */ 5089 DEFINE_LSM(smack) = { 5090 .name = "smack", 5091 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 5092 .blobs = &smack_blob_sizes, 5093 .init = smack_init, 5094 }; 5095