1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include <linux/io_uring.h> 46 #include <uapi/linux/lsm.h> 47 #include "smack.h" 48 49 #define TRANS_TRUE "TRUE" 50 #define TRANS_TRUE_SIZE 4 51 52 #define SMK_CONNECTING 0 53 #define SMK_RECEIVING 1 54 #define SMK_SENDING 2 55 56 /* 57 * Smack uses multiple xattrs. 58 * SMACK64 - for access control, 59 * SMACK64TRANSMUTE - label initialization, 60 * Not saved on files - SMACK64IPIN and SMACK64IPOUT, 61 * Must be set explicitly - SMACK64EXEC and SMACK64MMAP 62 */ 63 #define SMACK_INODE_INIT_XATTRS 2 64 65 #ifdef SMACK_IPV6_PORT_LABELING 66 static DEFINE_MUTEX(smack_ipv6_lock); 67 static LIST_HEAD(smk_ipv6_port_list); 68 #endif 69 struct kmem_cache *smack_rule_cache; 70 int smack_enabled __initdata; 71 72 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 73 static struct { 74 const char *name; 75 int len; 76 int opt; 77 } smk_mount_opts[] = { 78 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 79 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 80 }; 81 #undef A 82 83 static int match_opt_prefix(char *s, int l, char **arg) 84 { 85 int i; 86 87 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 88 size_t len = smk_mount_opts[i].len; 89 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 90 continue; 91 if (len == l || s[len] != '=') 92 continue; 93 *arg = s + len + 1; 94 return smk_mount_opts[i].opt; 95 } 96 return Opt_error; 97 } 98 99 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 100 static char *smk_bu_mess[] = { 101 "Bringup Error", /* Unused */ 102 "Bringup", /* SMACK_BRINGUP_ALLOW */ 103 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 104 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 105 }; 106 107 static void smk_bu_mode(int mode, char *s) 108 { 109 int i = 0; 110 111 if (mode & MAY_READ) 112 s[i++] = 'r'; 113 if (mode & MAY_WRITE) 114 s[i++] = 'w'; 115 if (mode & MAY_EXEC) 116 s[i++] = 'x'; 117 if (mode & MAY_APPEND) 118 s[i++] = 'a'; 119 if (mode & MAY_TRANSMUTE) 120 s[i++] = 't'; 121 if (mode & MAY_LOCK) 122 s[i++] = 'l'; 123 if (i == 0) 124 s[i++] = '-'; 125 s[i] = '\0'; 126 } 127 #endif 128 129 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 130 static int smk_bu_note(char *note, struct smack_known *sskp, 131 struct smack_known *oskp, int mode, int rc) 132 { 133 char acc[SMK_NUM_ACCESS_TYPE + 1]; 134 135 if (rc <= 0) 136 return rc; 137 if (rc > SMACK_UNCONFINED_OBJECT) 138 rc = 0; 139 140 smk_bu_mode(mode, acc); 141 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 142 sskp->smk_known, oskp->smk_known, acc, note); 143 return 0; 144 } 145 #else 146 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 147 #endif 148 149 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 150 static int smk_bu_current(char *note, struct smack_known *oskp, 151 int mode, int rc) 152 { 153 struct task_smack *tsp = smack_cred(current_cred()); 154 char acc[SMK_NUM_ACCESS_TYPE + 1]; 155 156 if (rc <= 0) 157 return rc; 158 if (rc > SMACK_UNCONFINED_OBJECT) 159 rc = 0; 160 161 smk_bu_mode(mode, acc); 162 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 163 tsp->smk_task->smk_known, oskp->smk_known, 164 acc, current->comm, note); 165 return 0; 166 } 167 #else 168 #define smk_bu_current(note, oskp, mode, RC) (RC) 169 #endif 170 171 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 172 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 173 { 174 struct task_smack *tsp = smack_cred(current_cred()); 175 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 176 char acc[SMK_NUM_ACCESS_TYPE + 1]; 177 178 if (rc <= 0) 179 return rc; 180 if (rc > SMACK_UNCONFINED_OBJECT) 181 rc = 0; 182 183 smk_bu_mode(mode, acc); 184 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 185 tsp->smk_task->smk_known, smk_task->smk_known, acc, 186 current->comm, otp->comm); 187 return 0; 188 } 189 #else 190 #define smk_bu_task(otp, mode, RC) (RC) 191 #endif 192 193 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 194 static int smk_bu_inode(struct inode *inode, int mode, int rc) 195 { 196 struct task_smack *tsp = smack_cred(current_cred()); 197 struct inode_smack *isp = smack_inode(inode); 198 char acc[SMK_NUM_ACCESS_TYPE + 1]; 199 200 if (isp->smk_flags & SMK_INODE_IMPURE) 201 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 202 inode->i_sb->s_id, inode->i_ino, current->comm); 203 204 if (rc <= 0) 205 return rc; 206 if (rc > SMACK_UNCONFINED_OBJECT) 207 rc = 0; 208 if (rc == SMACK_UNCONFINED_SUBJECT && 209 (mode & (MAY_WRITE | MAY_APPEND))) 210 isp->smk_flags |= SMK_INODE_IMPURE; 211 212 smk_bu_mode(mode, acc); 213 214 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 215 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 216 inode->i_sb->s_id, inode->i_ino, current->comm); 217 return 0; 218 } 219 #else 220 #define smk_bu_inode(inode, mode, RC) (RC) 221 #endif 222 223 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 224 static int smk_bu_file(struct file *file, int mode, int rc) 225 { 226 struct task_smack *tsp = smack_cred(current_cred()); 227 struct smack_known *sskp = tsp->smk_task; 228 struct inode *inode = file_inode(file); 229 struct inode_smack *isp = smack_inode(inode); 230 char acc[SMK_NUM_ACCESS_TYPE + 1]; 231 232 if (isp->smk_flags & SMK_INODE_IMPURE) 233 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 234 inode->i_sb->s_id, inode->i_ino, current->comm); 235 236 if (rc <= 0) 237 return rc; 238 if (rc > SMACK_UNCONFINED_OBJECT) 239 rc = 0; 240 241 smk_bu_mode(mode, acc); 242 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 243 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 244 inode->i_sb->s_id, inode->i_ino, file, 245 current->comm); 246 return 0; 247 } 248 #else 249 #define smk_bu_file(file, mode, RC) (RC) 250 #endif 251 252 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 253 static int smk_bu_credfile(const struct cred *cred, struct file *file, 254 int mode, int rc) 255 { 256 struct task_smack *tsp = smack_cred(cred); 257 struct smack_known *sskp = tsp->smk_task; 258 struct inode *inode = file_inode(file); 259 struct inode_smack *isp = smack_inode(inode); 260 char acc[SMK_NUM_ACCESS_TYPE + 1]; 261 262 if (isp->smk_flags & SMK_INODE_IMPURE) 263 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 264 inode->i_sb->s_id, inode->i_ino, current->comm); 265 266 if (rc <= 0) 267 return rc; 268 if (rc > SMACK_UNCONFINED_OBJECT) 269 rc = 0; 270 271 smk_bu_mode(mode, acc); 272 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 273 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 274 inode->i_sb->s_id, inode->i_ino, file, 275 current->comm); 276 return 0; 277 } 278 #else 279 #define smk_bu_credfile(cred, file, mode, RC) (RC) 280 #endif 281 282 /** 283 * smk_fetch - Fetch the smack label from a file. 284 * @name: type of the label (attribute) 285 * @ip: a pointer to the inode 286 * @dp: a pointer to the dentry 287 * 288 * Returns a pointer to the master list entry for the Smack label, 289 * NULL if there was no label to fetch, or an error code. 290 */ 291 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 292 struct dentry *dp) 293 { 294 int rc; 295 char *buffer; 296 struct smack_known *skp = NULL; 297 298 if (!(ip->i_opflags & IOP_XATTR)) 299 return ERR_PTR(-EOPNOTSUPP); 300 301 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 302 if (buffer == NULL) 303 return ERR_PTR(-ENOMEM); 304 305 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 306 if (rc < 0) 307 skp = ERR_PTR(rc); 308 else if (rc == 0) 309 skp = NULL; 310 else 311 skp = smk_import_entry(buffer, rc); 312 313 kfree(buffer); 314 315 return skp; 316 } 317 318 /** 319 * init_inode_smack - initialize an inode security blob 320 * @inode: inode to extract the info from 321 * @skp: a pointer to the Smack label entry to use in the blob 322 * 323 */ 324 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 325 { 326 struct inode_smack *isp = smack_inode(inode); 327 328 isp->smk_inode = skp; 329 isp->smk_flags = 0; 330 } 331 332 /** 333 * init_task_smack - initialize a task security blob 334 * @tsp: blob to initialize 335 * @task: a pointer to the Smack label for the running task 336 * @forked: a pointer to the Smack label for the forked task 337 * 338 */ 339 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 340 struct smack_known *forked) 341 { 342 tsp->smk_task = task; 343 tsp->smk_forked = forked; 344 INIT_LIST_HEAD(&tsp->smk_rules); 345 INIT_LIST_HEAD(&tsp->smk_relabel); 346 mutex_init(&tsp->smk_rules_lock); 347 } 348 349 /** 350 * smk_copy_rules - copy a rule set 351 * @nhead: new rules header pointer 352 * @ohead: old rules header pointer 353 * @gfp: type of the memory for the allocation 354 * 355 * Returns 0 on success, -ENOMEM on error 356 */ 357 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 358 gfp_t gfp) 359 { 360 struct smack_rule *nrp; 361 struct smack_rule *orp; 362 int rc = 0; 363 364 list_for_each_entry_rcu(orp, ohead, list) { 365 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 366 if (nrp == NULL) { 367 rc = -ENOMEM; 368 break; 369 } 370 *nrp = *orp; 371 list_add_rcu(&nrp->list, nhead); 372 } 373 return rc; 374 } 375 376 /** 377 * smk_copy_relabel - copy smk_relabel labels list 378 * @nhead: new rules header pointer 379 * @ohead: old rules header pointer 380 * @gfp: type of the memory for the allocation 381 * 382 * Returns 0 on success, -ENOMEM on error 383 */ 384 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 385 gfp_t gfp) 386 { 387 struct smack_known_list_elem *nklep; 388 struct smack_known_list_elem *oklep; 389 390 list_for_each_entry(oklep, ohead, list) { 391 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 392 if (nklep == NULL) { 393 smk_destroy_label_list(nhead); 394 return -ENOMEM; 395 } 396 nklep->smk_label = oklep->smk_label; 397 list_add(&nklep->list, nhead); 398 } 399 400 return 0; 401 } 402 403 /** 404 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 405 * @mode: input mode in form of PTRACE_MODE_* 406 * 407 * Returns a converted MAY_* mode usable by smack rules 408 */ 409 static inline unsigned int smk_ptrace_mode(unsigned int mode) 410 { 411 if (mode & PTRACE_MODE_ATTACH) 412 return MAY_READWRITE; 413 if (mode & PTRACE_MODE_READ) 414 return MAY_READ; 415 416 return 0; 417 } 418 419 /** 420 * smk_ptrace_rule_check - helper for ptrace access 421 * @tracer: tracer process 422 * @tracee_known: label entry of the process that's about to be traced 423 * @mode: ptrace attachment mode (PTRACE_MODE_*) 424 * @func: name of the function that called us, used for audit 425 * 426 * Returns 0 on access granted, -error on error 427 */ 428 static int smk_ptrace_rule_check(struct task_struct *tracer, 429 struct smack_known *tracee_known, 430 unsigned int mode, const char *func) 431 { 432 int rc; 433 struct smk_audit_info ad, *saip = NULL; 434 struct task_smack *tsp; 435 struct smack_known *tracer_known; 436 const struct cred *tracercred; 437 438 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 439 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 440 smk_ad_setfield_u_tsk(&ad, tracer); 441 saip = &ad; 442 } 443 444 rcu_read_lock(); 445 tracercred = __task_cred(tracer); 446 tsp = smack_cred(tracercred); 447 tracer_known = smk_of_task(tsp); 448 449 if ((mode & PTRACE_MODE_ATTACH) && 450 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 451 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 452 if (tracer_known->smk_known == tracee_known->smk_known) 453 rc = 0; 454 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 455 rc = -EACCES; 456 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 457 rc = 0; 458 else 459 rc = -EACCES; 460 461 if (saip) 462 smack_log(tracer_known->smk_known, 463 tracee_known->smk_known, 464 0, rc, saip); 465 466 rcu_read_unlock(); 467 return rc; 468 } 469 470 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 471 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 472 473 rcu_read_unlock(); 474 return rc; 475 } 476 477 /* 478 * LSM hooks. 479 * We he, that is fun! 480 */ 481 482 /** 483 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 484 * @ctp: child task pointer 485 * @mode: ptrace attachment mode (PTRACE_MODE_*) 486 * 487 * Returns 0 if access is OK, an error code otherwise 488 * 489 * Do the capability checks. 490 */ 491 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 492 { 493 struct smack_known *skp; 494 495 skp = smk_of_task_struct_obj(ctp); 496 497 return smk_ptrace_rule_check(current, skp, mode, __func__); 498 } 499 500 /** 501 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 502 * @ptp: parent task pointer 503 * 504 * Returns 0 if access is OK, an error code otherwise 505 * 506 * Do the capability checks, and require PTRACE_MODE_ATTACH. 507 */ 508 static int smack_ptrace_traceme(struct task_struct *ptp) 509 { 510 struct smack_known *skp; 511 512 skp = smk_of_task(smack_cred(current_cred())); 513 514 return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 515 } 516 517 /** 518 * smack_syslog - Smack approval on syslog 519 * @typefrom_file: unused 520 * 521 * Returns 0 on success, error code otherwise. 522 */ 523 static int smack_syslog(int typefrom_file) 524 { 525 int rc = 0; 526 struct smack_known *skp = smk_of_current(); 527 528 if (smack_privileged(CAP_MAC_OVERRIDE)) 529 return 0; 530 531 if (smack_syslog_label != NULL && smack_syslog_label != skp) 532 rc = -EACCES; 533 534 return rc; 535 } 536 537 /* 538 * Superblock Hooks. 539 */ 540 541 /** 542 * smack_sb_alloc_security - allocate a superblock blob 543 * @sb: the superblock getting the blob 544 * 545 * Returns 0 on success or -ENOMEM on error. 546 */ 547 static int smack_sb_alloc_security(struct super_block *sb) 548 { 549 struct superblock_smack *sbsp = smack_superblock(sb); 550 551 sbsp->smk_root = &smack_known_floor; 552 sbsp->smk_default = &smack_known_floor; 553 sbsp->smk_floor = &smack_known_floor; 554 sbsp->smk_hat = &smack_known_hat; 555 /* 556 * SMK_SB_INITIALIZED will be zero from kzalloc. 557 */ 558 559 return 0; 560 } 561 562 struct smack_mnt_opts { 563 const char *fsdefault; 564 const char *fsfloor; 565 const char *fshat; 566 const char *fsroot; 567 const char *fstransmute; 568 }; 569 570 static void smack_free_mnt_opts(void *mnt_opts) 571 { 572 kfree(mnt_opts); 573 } 574 575 static int smack_add_opt(int token, const char *s, void **mnt_opts) 576 { 577 struct smack_mnt_opts *opts = *mnt_opts; 578 struct smack_known *skp; 579 580 if (!opts) { 581 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 582 if (!opts) 583 return -ENOMEM; 584 *mnt_opts = opts; 585 } 586 if (!s) 587 return -ENOMEM; 588 589 skp = smk_import_entry(s, 0); 590 if (IS_ERR(skp)) 591 return PTR_ERR(skp); 592 593 switch (token) { 594 case Opt_fsdefault: 595 if (opts->fsdefault) 596 goto out_opt_err; 597 opts->fsdefault = skp->smk_known; 598 break; 599 case Opt_fsfloor: 600 if (opts->fsfloor) 601 goto out_opt_err; 602 opts->fsfloor = skp->smk_known; 603 break; 604 case Opt_fshat: 605 if (opts->fshat) 606 goto out_opt_err; 607 opts->fshat = skp->smk_known; 608 break; 609 case Opt_fsroot: 610 if (opts->fsroot) 611 goto out_opt_err; 612 opts->fsroot = skp->smk_known; 613 break; 614 case Opt_fstransmute: 615 if (opts->fstransmute) 616 goto out_opt_err; 617 opts->fstransmute = skp->smk_known; 618 break; 619 } 620 return 0; 621 622 out_opt_err: 623 pr_warn("Smack: duplicate mount options\n"); 624 return -EINVAL; 625 } 626 627 /** 628 * smack_fs_context_submount - Initialise security data for a filesystem context 629 * @fc: The filesystem context. 630 * @reference: reference superblock 631 * 632 * Returns 0 on success or -ENOMEM on error. 633 */ 634 static int smack_fs_context_submount(struct fs_context *fc, 635 struct super_block *reference) 636 { 637 struct superblock_smack *sbsp; 638 struct smack_mnt_opts *ctx; 639 struct inode_smack *isp; 640 641 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 642 if (!ctx) 643 return -ENOMEM; 644 fc->security = ctx; 645 646 sbsp = smack_superblock(reference); 647 isp = smack_inode(reference->s_root->d_inode); 648 649 if (sbsp->smk_default) { 650 ctx->fsdefault = kstrdup(sbsp->smk_default->smk_known, GFP_KERNEL); 651 if (!ctx->fsdefault) 652 return -ENOMEM; 653 } 654 655 if (sbsp->smk_floor) { 656 ctx->fsfloor = kstrdup(sbsp->smk_floor->smk_known, GFP_KERNEL); 657 if (!ctx->fsfloor) 658 return -ENOMEM; 659 } 660 661 if (sbsp->smk_hat) { 662 ctx->fshat = kstrdup(sbsp->smk_hat->smk_known, GFP_KERNEL); 663 if (!ctx->fshat) 664 return -ENOMEM; 665 } 666 667 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 668 if (sbsp->smk_root) { 669 ctx->fstransmute = kstrdup(sbsp->smk_root->smk_known, GFP_KERNEL); 670 if (!ctx->fstransmute) 671 return -ENOMEM; 672 } 673 } 674 return 0; 675 } 676 677 /** 678 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 679 * @fc: The new filesystem context. 680 * @src_fc: The source filesystem context being duplicated. 681 * 682 * Returns 0 on success or -ENOMEM on error. 683 */ 684 static int smack_fs_context_dup(struct fs_context *fc, 685 struct fs_context *src_fc) 686 { 687 struct smack_mnt_opts *dst, *src = src_fc->security; 688 689 if (!src) 690 return 0; 691 692 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 693 if (!fc->security) 694 return -ENOMEM; 695 696 dst = fc->security; 697 dst->fsdefault = src->fsdefault; 698 dst->fsfloor = src->fsfloor; 699 dst->fshat = src->fshat; 700 dst->fsroot = src->fsroot; 701 dst->fstransmute = src->fstransmute; 702 703 return 0; 704 } 705 706 static const struct fs_parameter_spec smack_fs_parameters[] = { 707 fsparam_string("smackfsdef", Opt_fsdefault), 708 fsparam_string("smackfsdefault", Opt_fsdefault), 709 fsparam_string("smackfsfloor", Opt_fsfloor), 710 fsparam_string("smackfshat", Opt_fshat), 711 fsparam_string("smackfsroot", Opt_fsroot), 712 fsparam_string("smackfstransmute", Opt_fstransmute), 713 {} 714 }; 715 716 /** 717 * smack_fs_context_parse_param - Parse a single mount parameter 718 * @fc: The new filesystem context being constructed. 719 * @param: The parameter. 720 * 721 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 722 * error. 723 */ 724 static int smack_fs_context_parse_param(struct fs_context *fc, 725 struct fs_parameter *param) 726 { 727 struct fs_parse_result result; 728 int opt, rc; 729 730 opt = fs_parse(fc, smack_fs_parameters, param, &result); 731 if (opt < 0) 732 return opt; 733 734 rc = smack_add_opt(opt, param->string, &fc->security); 735 if (!rc) 736 param->string = NULL; 737 return rc; 738 } 739 740 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 741 { 742 char *from = options, *to = options; 743 bool first = true; 744 745 while (1) { 746 char *next = strchr(from, ','); 747 int token, len, rc; 748 char *arg = NULL; 749 750 if (next) 751 len = next - from; 752 else 753 len = strlen(from); 754 755 token = match_opt_prefix(from, len, &arg); 756 if (token != Opt_error) { 757 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 758 rc = smack_add_opt(token, arg, mnt_opts); 759 kfree(arg); 760 if (unlikely(rc)) { 761 if (*mnt_opts) 762 smack_free_mnt_opts(*mnt_opts); 763 *mnt_opts = NULL; 764 return rc; 765 } 766 } else { 767 if (!first) { // copy with preceding comma 768 from--; 769 len++; 770 } 771 if (to != from) 772 memmove(to, from, len); 773 to += len; 774 first = false; 775 } 776 if (!from[len]) 777 break; 778 from += len + 1; 779 } 780 *to = '\0'; 781 return 0; 782 } 783 784 /** 785 * smack_set_mnt_opts - set Smack specific mount options 786 * @sb: the file system superblock 787 * @mnt_opts: Smack mount options 788 * @kern_flags: mount option from kernel space or user space 789 * @set_kern_flags: where to store converted mount opts 790 * 791 * Returns 0 on success, an error code on failure 792 * 793 * Allow filesystems with binary mount data to explicitly set Smack mount 794 * labels. 795 */ 796 static int smack_set_mnt_opts(struct super_block *sb, 797 void *mnt_opts, 798 unsigned long kern_flags, 799 unsigned long *set_kern_flags) 800 { 801 struct dentry *root = sb->s_root; 802 struct inode *inode = d_backing_inode(root); 803 struct superblock_smack *sp = smack_superblock(sb); 804 struct inode_smack *isp; 805 struct smack_known *skp; 806 struct smack_mnt_opts *opts = mnt_opts; 807 bool transmute = false; 808 809 if (sp->smk_flags & SMK_SB_INITIALIZED) 810 return 0; 811 812 if (!smack_privileged(CAP_MAC_ADMIN)) { 813 /* 814 * Unprivileged mounts don't get to specify Smack values. 815 */ 816 if (opts) 817 return -EPERM; 818 /* 819 * Unprivileged mounts get root and default from the caller. 820 */ 821 skp = smk_of_current(); 822 sp->smk_root = skp; 823 sp->smk_default = skp; 824 /* 825 * For a handful of fs types with no user-controlled 826 * backing store it's okay to trust security labels 827 * in the filesystem. The rest are untrusted. 828 */ 829 if (sb->s_user_ns != &init_user_ns && 830 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 831 sb->s_magic != RAMFS_MAGIC) { 832 transmute = true; 833 sp->smk_flags |= SMK_SB_UNTRUSTED; 834 } 835 } 836 837 sp->smk_flags |= SMK_SB_INITIALIZED; 838 839 if (opts) { 840 if (opts->fsdefault) { 841 skp = smk_import_entry(opts->fsdefault, 0); 842 if (IS_ERR(skp)) 843 return PTR_ERR(skp); 844 sp->smk_default = skp; 845 } 846 if (opts->fsfloor) { 847 skp = smk_import_entry(opts->fsfloor, 0); 848 if (IS_ERR(skp)) 849 return PTR_ERR(skp); 850 sp->smk_floor = skp; 851 } 852 if (opts->fshat) { 853 skp = smk_import_entry(opts->fshat, 0); 854 if (IS_ERR(skp)) 855 return PTR_ERR(skp); 856 sp->smk_hat = skp; 857 } 858 if (opts->fsroot) { 859 skp = smk_import_entry(opts->fsroot, 0); 860 if (IS_ERR(skp)) 861 return PTR_ERR(skp); 862 sp->smk_root = skp; 863 } 864 if (opts->fstransmute) { 865 skp = smk_import_entry(opts->fstransmute, 0); 866 if (IS_ERR(skp)) 867 return PTR_ERR(skp); 868 sp->smk_root = skp; 869 transmute = true; 870 } 871 } 872 873 /* 874 * Initialize the root inode. 875 */ 876 init_inode_smack(inode, sp->smk_root); 877 878 if (transmute) { 879 isp = smack_inode(inode); 880 isp->smk_flags |= SMK_INODE_TRANSMUTE; 881 } 882 883 return 0; 884 } 885 886 /** 887 * smack_sb_statfs - Smack check on statfs 888 * @dentry: identifies the file system in question 889 * 890 * Returns 0 if current can read the floor of the filesystem, 891 * and error code otherwise 892 */ 893 static int smack_sb_statfs(struct dentry *dentry) 894 { 895 struct superblock_smack *sbp = smack_superblock(dentry->d_sb); 896 int rc; 897 struct smk_audit_info ad; 898 899 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 900 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 901 902 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 903 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 904 return rc; 905 } 906 907 /* 908 * BPRM hooks 909 */ 910 911 /** 912 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 913 * @bprm: the exec information 914 * 915 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 916 */ 917 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 918 { 919 struct inode *inode = file_inode(bprm->file); 920 struct task_smack *bsp = smack_cred(bprm->cred); 921 struct inode_smack *isp; 922 struct superblock_smack *sbsp; 923 int rc; 924 925 isp = smack_inode(inode); 926 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 927 return 0; 928 929 sbsp = smack_superblock(inode->i_sb); 930 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 931 isp->smk_task != sbsp->smk_root) 932 return 0; 933 934 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 935 struct task_struct *tracer; 936 rc = 0; 937 938 rcu_read_lock(); 939 tracer = ptrace_parent(current); 940 if (likely(tracer != NULL)) 941 rc = smk_ptrace_rule_check(tracer, 942 isp->smk_task, 943 PTRACE_MODE_ATTACH, 944 __func__); 945 rcu_read_unlock(); 946 947 if (rc != 0) 948 return rc; 949 } 950 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 951 return -EPERM; 952 953 bsp->smk_task = isp->smk_task; 954 bprm->per_clear |= PER_CLEAR_ON_SETID; 955 956 /* Decide if this is a secure exec. */ 957 if (bsp->smk_task != bsp->smk_forked) 958 bprm->secureexec = 1; 959 960 return 0; 961 } 962 963 /* 964 * Inode hooks 965 */ 966 967 /** 968 * smack_inode_alloc_security - allocate an inode blob 969 * @inode: the inode in need of a blob 970 * 971 * Returns 0 972 */ 973 static int smack_inode_alloc_security(struct inode *inode) 974 { 975 struct smack_known *skp = smk_of_current(); 976 977 init_inode_smack(inode, skp); 978 return 0; 979 } 980 981 /** 982 * smack_inode_init_security - copy out the smack from an inode 983 * @inode: the newly created inode 984 * @dir: containing directory object 985 * @qstr: unused 986 * @xattrs: where to put the attributes 987 * @xattr_count: current number of LSM-provided xattrs (updated) 988 * 989 * Returns 0 if it all works out, -ENOMEM if there's no memory 990 */ 991 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 992 const struct qstr *qstr, 993 struct xattr *xattrs, int *xattr_count) 994 { 995 struct task_smack *tsp = smack_cred(current_cred()); 996 struct smack_known *skp = smk_of_task(tsp); 997 struct smack_known *isp = smk_of_inode(inode); 998 struct smack_known *dsp = smk_of_inode(dir); 999 struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count); 1000 int may; 1001 1002 if (xattr) { 1003 /* 1004 * If equal, transmuting already occurred in 1005 * smack_dentry_create_files_as(). No need to check again. 1006 */ 1007 if (tsp->smk_task != tsp->smk_transmuted) { 1008 rcu_read_lock(); 1009 may = smk_access_entry(skp->smk_known, dsp->smk_known, 1010 &skp->smk_rules); 1011 rcu_read_unlock(); 1012 } 1013 1014 /* 1015 * In addition to having smk_task equal to smk_transmuted, 1016 * if the access rule allows transmutation and the directory 1017 * requests transmutation then by all means transmute. 1018 * Mark the inode as changed. 1019 */ 1020 if ((tsp->smk_task == tsp->smk_transmuted) || 1021 (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 1022 smk_inode_transmutable(dir))) { 1023 struct xattr *xattr_transmute; 1024 1025 /* 1026 * The caller of smack_dentry_create_files_as() 1027 * should have overridden the current cred, so the 1028 * inode label was already set correctly in 1029 * smack_inode_alloc_security(). 1030 */ 1031 if (tsp->smk_task != tsp->smk_transmuted) 1032 isp = dsp; 1033 xattr_transmute = lsm_get_xattr_slot(xattrs, 1034 xattr_count); 1035 if (xattr_transmute) { 1036 xattr_transmute->value = kmemdup(TRANS_TRUE, 1037 TRANS_TRUE_SIZE, 1038 GFP_NOFS); 1039 if (!xattr_transmute->value) 1040 return -ENOMEM; 1041 1042 xattr_transmute->value_len = TRANS_TRUE_SIZE; 1043 xattr_transmute->name = XATTR_SMACK_TRANSMUTE; 1044 } 1045 } 1046 1047 xattr->value = kstrdup(isp->smk_known, GFP_NOFS); 1048 if (!xattr->value) 1049 return -ENOMEM; 1050 1051 xattr->value_len = strlen(isp->smk_known); 1052 xattr->name = XATTR_SMACK_SUFFIX; 1053 } 1054 1055 return 0; 1056 } 1057 1058 /** 1059 * smack_inode_link - Smack check on link 1060 * @old_dentry: the existing object 1061 * @dir: unused 1062 * @new_dentry: the new object 1063 * 1064 * Returns 0 if access is permitted, an error code otherwise 1065 */ 1066 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1067 struct dentry *new_dentry) 1068 { 1069 struct smack_known *isp; 1070 struct smk_audit_info ad; 1071 int rc; 1072 1073 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1074 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1075 1076 isp = smk_of_inode(d_backing_inode(old_dentry)); 1077 rc = smk_curacc(isp, MAY_WRITE, &ad); 1078 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1079 1080 if (rc == 0 && d_is_positive(new_dentry)) { 1081 isp = smk_of_inode(d_backing_inode(new_dentry)); 1082 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1083 rc = smk_curacc(isp, MAY_WRITE, &ad); 1084 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1085 } 1086 1087 return rc; 1088 } 1089 1090 /** 1091 * smack_inode_unlink - Smack check on inode deletion 1092 * @dir: containing directory object 1093 * @dentry: file to unlink 1094 * 1095 * Returns 0 if current can write the containing directory 1096 * and the object, error code otherwise 1097 */ 1098 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1099 { 1100 struct inode *ip = d_backing_inode(dentry); 1101 struct smk_audit_info ad; 1102 int rc; 1103 1104 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1105 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1106 1107 /* 1108 * You need write access to the thing you're unlinking 1109 */ 1110 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1111 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1112 if (rc == 0) { 1113 /* 1114 * You also need write access to the containing directory 1115 */ 1116 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1117 smk_ad_setfield_u_fs_inode(&ad, dir); 1118 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1119 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1120 } 1121 return rc; 1122 } 1123 1124 /** 1125 * smack_inode_rmdir - Smack check on directory deletion 1126 * @dir: containing directory object 1127 * @dentry: directory to unlink 1128 * 1129 * Returns 0 if current can write the containing directory 1130 * and the directory, error code otherwise 1131 */ 1132 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1133 { 1134 struct smk_audit_info ad; 1135 int rc; 1136 1137 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1138 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1139 1140 /* 1141 * You need write access to the thing you're removing 1142 */ 1143 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1144 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1145 if (rc == 0) { 1146 /* 1147 * You also need write access to the containing directory 1148 */ 1149 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1150 smk_ad_setfield_u_fs_inode(&ad, dir); 1151 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1152 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1153 } 1154 1155 return rc; 1156 } 1157 1158 /** 1159 * smack_inode_rename - Smack check on rename 1160 * @old_inode: unused 1161 * @old_dentry: the old object 1162 * @new_inode: unused 1163 * @new_dentry: the new object 1164 * 1165 * Read and write access is required on both the old and 1166 * new directories. 1167 * 1168 * Returns 0 if access is permitted, an error code otherwise 1169 */ 1170 static int smack_inode_rename(struct inode *old_inode, 1171 struct dentry *old_dentry, 1172 struct inode *new_inode, 1173 struct dentry *new_dentry) 1174 { 1175 int rc; 1176 struct smack_known *isp; 1177 struct smk_audit_info ad; 1178 1179 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1180 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1181 1182 isp = smk_of_inode(d_backing_inode(old_dentry)); 1183 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1184 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1185 1186 if (rc == 0 && d_is_positive(new_dentry)) { 1187 isp = smk_of_inode(d_backing_inode(new_dentry)); 1188 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1189 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1190 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1191 } 1192 return rc; 1193 } 1194 1195 /** 1196 * smack_inode_permission - Smack version of permission() 1197 * @inode: the inode in question 1198 * @mask: the access requested 1199 * 1200 * This is the important Smack hook. 1201 * 1202 * Returns 0 if access is permitted, an error code otherwise 1203 */ 1204 static int smack_inode_permission(struct inode *inode, int mask) 1205 { 1206 struct superblock_smack *sbsp = smack_superblock(inode->i_sb); 1207 struct smk_audit_info ad; 1208 int no_block = mask & MAY_NOT_BLOCK; 1209 int rc; 1210 1211 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1212 /* 1213 * No permission to check. Existence test. Yup, it's there. 1214 */ 1215 if (mask == 0) 1216 return 0; 1217 1218 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1219 if (smk_of_inode(inode) != sbsp->smk_root) 1220 return -EACCES; 1221 } 1222 1223 /* May be droppable after audit */ 1224 if (no_block) 1225 return -ECHILD; 1226 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1227 smk_ad_setfield_u_fs_inode(&ad, inode); 1228 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1229 rc = smk_bu_inode(inode, mask, rc); 1230 return rc; 1231 } 1232 1233 /** 1234 * smack_inode_setattr - Smack check for setting attributes 1235 * @dentry: the object 1236 * @iattr: for the force flag 1237 * 1238 * Returns 0 if access is permitted, an error code otherwise 1239 */ 1240 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1241 { 1242 struct smk_audit_info ad; 1243 int rc; 1244 1245 /* 1246 * Need to allow for clearing the setuid bit. 1247 */ 1248 if (iattr->ia_valid & ATTR_FORCE) 1249 return 0; 1250 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1251 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1252 1253 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1254 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1255 return rc; 1256 } 1257 1258 /** 1259 * smack_inode_getattr - Smack check for getting attributes 1260 * @path: path to extract the info from 1261 * 1262 * Returns 0 if access is permitted, an error code otherwise 1263 */ 1264 static int smack_inode_getattr(const struct path *path) 1265 { 1266 struct smk_audit_info ad; 1267 struct inode *inode = d_backing_inode(path->dentry); 1268 int rc; 1269 1270 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1271 smk_ad_setfield_u_fs_path(&ad, *path); 1272 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1273 rc = smk_bu_inode(inode, MAY_READ, rc); 1274 return rc; 1275 } 1276 1277 /** 1278 * smack_inode_setxattr - Smack check for setting xattrs 1279 * @idmap: idmap of the mount 1280 * @dentry: the object 1281 * @name: name of the attribute 1282 * @value: value of the attribute 1283 * @size: size of the value 1284 * @flags: unused 1285 * 1286 * This protects the Smack attribute explicitly. 1287 * 1288 * Returns 0 if access is permitted, an error code otherwise 1289 */ 1290 static int smack_inode_setxattr(struct mnt_idmap *idmap, 1291 struct dentry *dentry, const char *name, 1292 const void *value, size_t size, int flags) 1293 { 1294 struct smk_audit_info ad; 1295 struct smack_known *skp; 1296 int check_priv = 0; 1297 int check_import = 0; 1298 int check_star = 0; 1299 int rc = 0; 1300 1301 /* 1302 * Check label validity here so import won't fail in post_setxattr 1303 */ 1304 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1305 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1306 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1307 check_priv = 1; 1308 check_import = 1; 1309 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1310 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1311 check_priv = 1; 1312 check_import = 1; 1313 check_star = 1; 1314 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1315 check_priv = 1; 1316 if (size != TRANS_TRUE_SIZE || 1317 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1318 rc = -EINVAL; 1319 } else 1320 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1321 1322 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1323 rc = -EPERM; 1324 1325 if (rc == 0 && check_import) { 1326 skp = size ? smk_import_entry(value, size) : NULL; 1327 if (IS_ERR(skp)) 1328 rc = PTR_ERR(skp); 1329 else if (skp == NULL || (check_star && 1330 (skp == &smack_known_star || skp == &smack_known_web))) 1331 rc = -EINVAL; 1332 } 1333 1334 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1335 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1336 1337 if (rc == 0) { 1338 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1339 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1340 } 1341 1342 return rc; 1343 } 1344 1345 /** 1346 * smack_inode_post_setxattr - Apply the Smack update approved above 1347 * @dentry: object 1348 * @name: attribute name 1349 * @value: attribute value 1350 * @size: attribute size 1351 * @flags: unused 1352 * 1353 * Set the pointer in the inode blob to the entry found 1354 * in the master label list. 1355 */ 1356 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1357 const void *value, size_t size, int flags) 1358 { 1359 struct smack_known *skp; 1360 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1361 1362 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1363 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1364 return; 1365 } 1366 1367 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1368 skp = smk_import_entry(value, size); 1369 if (!IS_ERR(skp)) 1370 isp->smk_inode = skp; 1371 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1372 skp = smk_import_entry(value, size); 1373 if (!IS_ERR(skp)) 1374 isp->smk_task = skp; 1375 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1376 skp = smk_import_entry(value, size); 1377 if (!IS_ERR(skp)) 1378 isp->smk_mmap = skp; 1379 } 1380 1381 return; 1382 } 1383 1384 /** 1385 * smack_inode_getxattr - Smack check on getxattr 1386 * @dentry: the object 1387 * @name: unused 1388 * 1389 * Returns 0 if access is permitted, an error code otherwise 1390 */ 1391 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1392 { 1393 struct smk_audit_info ad; 1394 int rc; 1395 1396 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1397 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1398 1399 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1400 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1401 return rc; 1402 } 1403 1404 /** 1405 * smack_inode_removexattr - Smack check on removexattr 1406 * @idmap: idmap of the mount 1407 * @dentry: the object 1408 * @name: name of the attribute 1409 * 1410 * Removing the Smack attribute requires CAP_MAC_ADMIN 1411 * 1412 * Returns 0 if access is permitted, an error code otherwise 1413 */ 1414 static int smack_inode_removexattr(struct mnt_idmap *idmap, 1415 struct dentry *dentry, const char *name) 1416 { 1417 struct inode_smack *isp; 1418 struct smk_audit_info ad; 1419 int rc = 0; 1420 1421 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1422 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1423 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1424 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1425 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1426 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1427 if (!smack_privileged(CAP_MAC_ADMIN)) 1428 rc = -EPERM; 1429 } else 1430 rc = cap_inode_removexattr(idmap, dentry, name); 1431 1432 if (rc != 0) 1433 return rc; 1434 1435 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1436 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1437 1438 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1439 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1440 if (rc != 0) 1441 return rc; 1442 1443 isp = smack_inode(d_backing_inode(dentry)); 1444 /* 1445 * Don't do anything special for these. 1446 * XATTR_NAME_SMACKIPIN 1447 * XATTR_NAME_SMACKIPOUT 1448 */ 1449 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1450 struct super_block *sbp = dentry->d_sb; 1451 struct superblock_smack *sbsp = smack_superblock(sbp); 1452 1453 isp->smk_inode = sbsp->smk_default; 1454 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1455 isp->smk_task = NULL; 1456 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1457 isp->smk_mmap = NULL; 1458 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1459 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1460 1461 return 0; 1462 } 1463 1464 /** 1465 * smack_inode_set_acl - Smack check for setting posix acls 1466 * @idmap: idmap of the mnt this request came from 1467 * @dentry: the object 1468 * @acl_name: name of the posix acl 1469 * @kacl: the posix acls 1470 * 1471 * Returns 0 if access is permitted, an error code otherwise 1472 */ 1473 static int smack_inode_set_acl(struct mnt_idmap *idmap, 1474 struct dentry *dentry, const char *acl_name, 1475 struct posix_acl *kacl) 1476 { 1477 struct smk_audit_info ad; 1478 int rc; 1479 1480 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1481 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1482 1483 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1484 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1485 return rc; 1486 } 1487 1488 /** 1489 * smack_inode_get_acl - Smack check for getting posix acls 1490 * @idmap: idmap of the mnt this request came from 1491 * @dentry: the object 1492 * @acl_name: name of the posix acl 1493 * 1494 * Returns 0 if access is permitted, an error code otherwise 1495 */ 1496 static int smack_inode_get_acl(struct mnt_idmap *idmap, 1497 struct dentry *dentry, const char *acl_name) 1498 { 1499 struct smk_audit_info ad; 1500 int rc; 1501 1502 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1503 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1504 1505 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1506 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1507 return rc; 1508 } 1509 1510 /** 1511 * smack_inode_remove_acl - Smack check for getting posix acls 1512 * @idmap: idmap of the mnt this request came from 1513 * @dentry: the object 1514 * @acl_name: name of the posix acl 1515 * 1516 * Returns 0 if access is permitted, an error code otherwise 1517 */ 1518 static int smack_inode_remove_acl(struct mnt_idmap *idmap, 1519 struct dentry *dentry, const char *acl_name) 1520 { 1521 struct smk_audit_info ad; 1522 int rc; 1523 1524 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1525 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1526 1527 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1528 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1529 return rc; 1530 } 1531 1532 /** 1533 * smack_inode_getsecurity - get smack xattrs 1534 * @idmap: idmap of the mount 1535 * @inode: the object 1536 * @name: attribute name 1537 * @buffer: where to put the result 1538 * @alloc: duplicate memory 1539 * 1540 * Returns the size of the attribute or an error code 1541 */ 1542 static int smack_inode_getsecurity(struct mnt_idmap *idmap, 1543 struct inode *inode, const char *name, 1544 void **buffer, bool alloc) 1545 { 1546 struct socket_smack *ssp; 1547 struct socket *sock; 1548 struct super_block *sbp; 1549 struct inode *ip = inode; 1550 struct smack_known *isp; 1551 struct inode_smack *ispp; 1552 size_t label_len; 1553 char *label = NULL; 1554 1555 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1556 isp = smk_of_inode(inode); 1557 } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) { 1558 ispp = smack_inode(inode); 1559 if (ispp->smk_flags & SMK_INODE_TRANSMUTE) 1560 label = TRANS_TRUE; 1561 else 1562 label = ""; 1563 } else { 1564 /* 1565 * The rest of the Smack xattrs are only on sockets. 1566 */ 1567 sbp = ip->i_sb; 1568 if (sbp->s_magic != SOCKFS_MAGIC) 1569 return -EOPNOTSUPP; 1570 1571 sock = SOCKET_I(ip); 1572 if (sock == NULL || sock->sk == NULL) 1573 return -EOPNOTSUPP; 1574 1575 ssp = sock->sk->sk_security; 1576 1577 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1578 isp = ssp->smk_in; 1579 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1580 isp = ssp->smk_out; 1581 else 1582 return -EOPNOTSUPP; 1583 } 1584 1585 if (!label) 1586 label = isp->smk_known; 1587 1588 label_len = strlen(label); 1589 1590 if (alloc) { 1591 *buffer = kstrdup(label, GFP_KERNEL); 1592 if (*buffer == NULL) 1593 return -ENOMEM; 1594 } 1595 1596 return label_len; 1597 } 1598 1599 1600 /** 1601 * smack_inode_listsecurity - list the Smack attributes 1602 * @inode: the object 1603 * @buffer: where they go 1604 * @buffer_size: size of buffer 1605 */ 1606 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1607 size_t buffer_size) 1608 { 1609 int len = sizeof(XATTR_NAME_SMACK); 1610 1611 if (buffer != NULL && len <= buffer_size) 1612 memcpy(buffer, XATTR_NAME_SMACK, len); 1613 1614 return len; 1615 } 1616 1617 /** 1618 * smack_inode_getsecid - Extract inode's security id 1619 * @inode: inode to extract the info from 1620 * @secid: where result will be saved 1621 */ 1622 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1623 { 1624 struct smack_known *skp = smk_of_inode(inode); 1625 1626 *secid = skp->smk_secid; 1627 } 1628 1629 /* 1630 * File Hooks 1631 */ 1632 1633 /* 1634 * There is no smack_file_permission hook 1635 * 1636 * Should access checks be done on each read or write? 1637 * UNICOS and SELinux say yes. 1638 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1639 * 1640 * I'll say no for now. Smack does not do the frequent 1641 * label changing that SELinux does. 1642 */ 1643 1644 /** 1645 * smack_file_alloc_security - assign a file security blob 1646 * @file: the object 1647 * 1648 * The security blob for a file is a pointer to the master 1649 * label list, so no allocation is done. 1650 * 1651 * f_security is the owner security information. It 1652 * isn't used on file access checks, it's for send_sigio. 1653 * 1654 * Returns 0 1655 */ 1656 static int smack_file_alloc_security(struct file *file) 1657 { 1658 struct smack_known **blob = smack_file(file); 1659 1660 *blob = smk_of_current(); 1661 return 0; 1662 } 1663 1664 /** 1665 * smack_file_ioctl - Smack check on ioctls 1666 * @file: the object 1667 * @cmd: what to do 1668 * @arg: unused 1669 * 1670 * Relies heavily on the correct use of the ioctl command conventions. 1671 * 1672 * Returns 0 if allowed, error code otherwise 1673 */ 1674 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1675 unsigned long arg) 1676 { 1677 int rc = 0; 1678 struct smk_audit_info ad; 1679 struct inode *inode = file_inode(file); 1680 1681 if (unlikely(IS_PRIVATE(inode))) 1682 return 0; 1683 1684 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1685 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1686 1687 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1688 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1689 rc = smk_bu_file(file, MAY_WRITE, rc); 1690 } 1691 1692 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1693 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1694 rc = smk_bu_file(file, MAY_READ, rc); 1695 } 1696 1697 return rc; 1698 } 1699 1700 /** 1701 * smack_file_lock - Smack check on file locking 1702 * @file: the object 1703 * @cmd: unused 1704 * 1705 * Returns 0 if current has lock access, error code otherwise 1706 */ 1707 static int smack_file_lock(struct file *file, unsigned int cmd) 1708 { 1709 struct smk_audit_info ad; 1710 int rc; 1711 struct inode *inode = file_inode(file); 1712 1713 if (unlikely(IS_PRIVATE(inode))) 1714 return 0; 1715 1716 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1717 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1718 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1719 rc = smk_bu_file(file, MAY_LOCK, rc); 1720 return rc; 1721 } 1722 1723 /** 1724 * smack_file_fcntl - Smack check on fcntl 1725 * @file: the object 1726 * @cmd: what action to check 1727 * @arg: unused 1728 * 1729 * Generally these operations are harmless. 1730 * File locking operations present an obvious mechanism 1731 * for passing information, so they require write access. 1732 * 1733 * Returns 0 if current has access, error code otherwise 1734 */ 1735 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1736 unsigned long arg) 1737 { 1738 struct smk_audit_info ad; 1739 int rc = 0; 1740 struct inode *inode = file_inode(file); 1741 1742 if (unlikely(IS_PRIVATE(inode))) 1743 return 0; 1744 1745 switch (cmd) { 1746 case F_GETLK: 1747 break; 1748 case F_SETLK: 1749 case F_SETLKW: 1750 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1751 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1752 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1753 rc = smk_bu_file(file, MAY_LOCK, rc); 1754 break; 1755 case F_SETOWN: 1756 case F_SETSIG: 1757 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1758 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1759 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1760 rc = smk_bu_file(file, MAY_WRITE, rc); 1761 break; 1762 default: 1763 break; 1764 } 1765 1766 return rc; 1767 } 1768 1769 /** 1770 * smack_mmap_file - Check permissions for a mmap operation. 1771 * @file: contains the file structure for file to map (may be NULL). 1772 * @reqprot: contains the protection requested by the application. 1773 * @prot: contains the protection that will be applied by the kernel. 1774 * @flags: contains the operational flags. 1775 * 1776 * The @file may be NULL, e.g. if mapping anonymous memory. 1777 * 1778 * Return 0 if permission is granted. 1779 */ 1780 static int smack_mmap_file(struct file *file, 1781 unsigned long reqprot, unsigned long prot, 1782 unsigned long flags) 1783 { 1784 struct smack_known *skp; 1785 struct smack_known *mkp; 1786 struct smack_rule *srp; 1787 struct task_smack *tsp; 1788 struct smack_known *okp; 1789 struct inode_smack *isp; 1790 struct superblock_smack *sbsp; 1791 int may; 1792 int mmay; 1793 int tmay; 1794 int rc; 1795 1796 if (file == NULL) 1797 return 0; 1798 1799 if (unlikely(IS_PRIVATE(file_inode(file)))) 1800 return 0; 1801 1802 isp = smack_inode(file_inode(file)); 1803 if (isp->smk_mmap == NULL) 1804 return 0; 1805 sbsp = smack_superblock(file_inode(file)->i_sb); 1806 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1807 isp->smk_mmap != sbsp->smk_root) 1808 return -EACCES; 1809 mkp = isp->smk_mmap; 1810 1811 tsp = smack_cred(current_cred()); 1812 skp = smk_of_current(); 1813 rc = 0; 1814 1815 rcu_read_lock(); 1816 /* 1817 * For each Smack rule associated with the subject 1818 * label verify that the SMACK64MMAP also has access 1819 * to that rule's object label. 1820 */ 1821 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1822 okp = srp->smk_object; 1823 /* 1824 * Matching labels always allows access. 1825 */ 1826 if (mkp->smk_known == okp->smk_known) 1827 continue; 1828 /* 1829 * If there is a matching local rule take 1830 * that into account as well. 1831 */ 1832 may = smk_access_entry(srp->smk_subject->smk_known, 1833 okp->smk_known, 1834 &tsp->smk_rules); 1835 if (may == -ENOENT) 1836 may = srp->smk_access; 1837 else 1838 may &= srp->smk_access; 1839 /* 1840 * If may is zero the SMACK64MMAP subject can't 1841 * possibly have less access. 1842 */ 1843 if (may == 0) 1844 continue; 1845 1846 /* 1847 * Fetch the global list entry. 1848 * If there isn't one a SMACK64MMAP subject 1849 * can't have as much access as current. 1850 */ 1851 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1852 &mkp->smk_rules); 1853 if (mmay == -ENOENT) { 1854 rc = -EACCES; 1855 break; 1856 } 1857 /* 1858 * If there is a local entry it modifies the 1859 * potential access, too. 1860 */ 1861 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1862 &tsp->smk_rules); 1863 if (tmay != -ENOENT) 1864 mmay &= tmay; 1865 1866 /* 1867 * If there is any access available to current that is 1868 * not available to a SMACK64MMAP subject 1869 * deny access. 1870 */ 1871 if ((may | mmay) != mmay) { 1872 rc = -EACCES; 1873 break; 1874 } 1875 } 1876 1877 rcu_read_unlock(); 1878 1879 return rc; 1880 } 1881 1882 /** 1883 * smack_file_set_fowner - set the file security blob value 1884 * @file: object in question 1885 * 1886 */ 1887 static void smack_file_set_fowner(struct file *file) 1888 { 1889 struct smack_known **blob = smack_file(file); 1890 1891 *blob = smk_of_current(); 1892 } 1893 1894 /** 1895 * smack_file_send_sigiotask - Smack on sigio 1896 * @tsk: The target task 1897 * @fown: the object the signal come from 1898 * @signum: unused 1899 * 1900 * Allow a privileged task to get signals even if it shouldn't 1901 * 1902 * Returns 0 if a subject with the object's smack could 1903 * write to the task, an error code otherwise. 1904 */ 1905 static int smack_file_send_sigiotask(struct task_struct *tsk, 1906 struct fown_struct *fown, int signum) 1907 { 1908 struct smack_known **blob; 1909 struct smack_known *skp; 1910 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1911 const struct cred *tcred; 1912 struct file *file; 1913 int rc; 1914 struct smk_audit_info ad; 1915 1916 /* 1917 * struct fown_struct is never outside the context of a struct file 1918 */ 1919 file = container_of(fown, struct file, f_owner); 1920 1921 /* we don't log here as rc can be overriden */ 1922 blob = smack_file(file); 1923 skp = *blob; 1924 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1925 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1926 1927 rcu_read_lock(); 1928 tcred = __task_cred(tsk); 1929 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1930 rc = 0; 1931 rcu_read_unlock(); 1932 1933 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1934 smk_ad_setfield_u_tsk(&ad, tsk); 1935 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1936 return rc; 1937 } 1938 1939 /** 1940 * smack_file_receive - Smack file receive check 1941 * @file: the object 1942 * 1943 * Returns 0 if current has access, error code otherwise 1944 */ 1945 static int smack_file_receive(struct file *file) 1946 { 1947 int rc; 1948 int may = 0; 1949 struct smk_audit_info ad; 1950 struct inode *inode = file_inode(file); 1951 struct socket *sock; 1952 struct task_smack *tsp; 1953 struct socket_smack *ssp; 1954 1955 if (unlikely(IS_PRIVATE(inode))) 1956 return 0; 1957 1958 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1959 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1960 1961 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1962 sock = SOCKET_I(inode); 1963 ssp = sock->sk->sk_security; 1964 tsp = smack_cred(current_cred()); 1965 /* 1966 * If the receiving process can't write to the 1967 * passed socket or if the passed socket can't 1968 * write to the receiving process don't accept 1969 * the passed socket. 1970 */ 1971 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1972 rc = smk_bu_file(file, may, rc); 1973 if (rc < 0) 1974 return rc; 1975 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1976 rc = smk_bu_file(file, may, rc); 1977 return rc; 1978 } 1979 /* 1980 * This code relies on bitmasks. 1981 */ 1982 if (file->f_mode & FMODE_READ) 1983 may = MAY_READ; 1984 if (file->f_mode & FMODE_WRITE) 1985 may |= MAY_WRITE; 1986 1987 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1988 rc = smk_bu_file(file, may, rc); 1989 return rc; 1990 } 1991 1992 /** 1993 * smack_file_open - Smack dentry open processing 1994 * @file: the object 1995 * 1996 * Set the security blob in the file structure. 1997 * Allow the open only if the task has read access. There are 1998 * many read operations (e.g. fstat) that you can do with an 1999 * fd even if you have the file open write-only. 2000 * 2001 * Returns 0 if current has access, error code otherwise 2002 */ 2003 static int smack_file_open(struct file *file) 2004 { 2005 struct task_smack *tsp = smack_cred(file->f_cred); 2006 struct inode *inode = file_inode(file); 2007 struct smk_audit_info ad; 2008 int rc; 2009 2010 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 2011 smk_ad_setfield_u_fs_path(&ad, file->f_path); 2012 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 2013 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 2014 2015 return rc; 2016 } 2017 2018 /* 2019 * Task hooks 2020 */ 2021 2022 /** 2023 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 2024 * @cred: the new credentials 2025 * @gfp: the atomicity of any memory allocations 2026 * 2027 * Prepare a blank set of credentials for modification. This must allocate all 2028 * the memory the LSM module might require such that cred_transfer() can 2029 * complete without error. 2030 */ 2031 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 2032 { 2033 init_task_smack(smack_cred(cred), NULL, NULL); 2034 return 0; 2035 } 2036 2037 2038 /** 2039 * smack_cred_free - "free" task-level security credentials 2040 * @cred: the credentials in question 2041 * 2042 */ 2043 static void smack_cred_free(struct cred *cred) 2044 { 2045 struct task_smack *tsp = smack_cred(cred); 2046 struct smack_rule *rp; 2047 struct list_head *l; 2048 struct list_head *n; 2049 2050 smk_destroy_label_list(&tsp->smk_relabel); 2051 2052 list_for_each_safe(l, n, &tsp->smk_rules) { 2053 rp = list_entry(l, struct smack_rule, list); 2054 list_del(&rp->list); 2055 kmem_cache_free(smack_rule_cache, rp); 2056 } 2057 } 2058 2059 /** 2060 * smack_cred_prepare - prepare new set of credentials for modification 2061 * @new: the new credentials 2062 * @old: the original credentials 2063 * @gfp: the atomicity of any memory allocations 2064 * 2065 * Prepare a new set of credentials for modification. 2066 */ 2067 static int smack_cred_prepare(struct cred *new, const struct cred *old, 2068 gfp_t gfp) 2069 { 2070 struct task_smack *old_tsp = smack_cred(old); 2071 struct task_smack *new_tsp = smack_cred(new); 2072 int rc; 2073 2074 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 2075 2076 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 2077 if (rc != 0) 2078 return rc; 2079 2080 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 2081 gfp); 2082 return rc; 2083 } 2084 2085 /** 2086 * smack_cred_transfer - Transfer the old credentials to the new credentials 2087 * @new: the new credentials 2088 * @old: the original credentials 2089 * 2090 * Fill in a set of blank credentials from another set of credentials. 2091 */ 2092 static void smack_cred_transfer(struct cred *new, const struct cred *old) 2093 { 2094 struct task_smack *old_tsp = smack_cred(old); 2095 struct task_smack *new_tsp = smack_cred(new); 2096 2097 new_tsp->smk_task = old_tsp->smk_task; 2098 new_tsp->smk_forked = old_tsp->smk_task; 2099 mutex_init(&new_tsp->smk_rules_lock); 2100 INIT_LIST_HEAD(&new_tsp->smk_rules); 2101 2102 /* cbs copy rule list */ 2103 } 2104 2105 /** 2106 * smack_cred_getsecid - get the secid corresponding to a creds structure 2107 * @cred: the object creds 2108 * @secid: where to put the result 2109 * 2110 * Sets the secid to contain a u32 version of the smack label. 2111 */ 2112 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 2113 { 2114 struct smack_known *skp; 2115 2116 rcu_read_lock(); 2117 skp = smk_of_task(smack_cred(cred)); 2118 *secid = skp->smk_secid; 2119 rcu_read_unlock(); 2120 } 2121 2122 /** 2123 * smack_kernel_act_as - Set the subjective context in a set of credentials 2124 * @new: points to the set of credentials to be modified. 2125 * @secid: specifies the security ID to be set 2126 * 2127 * Set the security data for a kernel service. 2128 */ 2129 static int smack_kernel_act_as(struct cred *new, u32 secid) 2130 { 2131 struct task_smack *new_tsp = smack_cred(new); 2132 2133 new_tsp->smk_task = smack_from_secid(secid); 2134 return 0; 2135 } 2136 2137 /** 2138 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2139 * @new: points to the set of credentials to be modified 2140 * @inode: points to the inode to use as a reference 2141 * 2142 * Set the file creation context in a set of credentials to the same 2143 * as the objective context of the specified inode 2144 */ 2145 static int smack_kernel_create_files_as(struct cred *new, 2146 struct inode *inode) 2147 { 2148 struct inode_smack *isp = smack_inode(inode); 2149 struct task_smack *tsp = smack_cred(new); 2150 2151 tsp->smk_forked = isp->smk_inode; 2152 tsp->smk_task = tsp->smk_forked; 2153 return 0; 2154 } 2155 2156 /** 2157 * smk_curacc_on_task - helper to log task related access 2158 * @p: the task object 2159 * @access: the access requested 2160 * @caller: name of the calling function for audit 2161 * 2162 * Return 0 if access is permitted 2163 */ 2164 static int smk_curacc_on_task(struct task_struct *p, int access, 2165 const char *caller) 2166 { 2167 struct smk_audit_info ad; 2168 struct smack_known *skp = smk_of_task_struct_obj(p); 2169 int rc; 2170 2171 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2172 smk_ad_setfield_u_tsk(&ad, p); 2173 rc = smk_curacc(skp, access, &ad); 2174 rc = smk_bu_task(p, access, rc); 2175 return rc; 2176 } 2177 2178 /** 2179 * smack_task_setpgid - Smack check on setting pgid 2180 * @p: the task object 2181 * @pgid: unused 2182 * 2183 * Return 0 if write access is permitted 2184 */ 2185 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2186 { 2187 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2188 } 2189 2190 /** 2191 * smack_task_getpgid - Smack access check for getpgid 2192 * @p: the object task 2193 * 2194 * Returns 0 if current can read the object task, error code otherwise 2195 */ 2196 static int smack_task_getpgid(struct task_struct *p) 2197 { 2198 return smk_curacc_on_task(p, MAY_READ, __func__); 2199 } 2200 2201 /** 2202 * smack_task_getsid - Smack access check for getsid 2203 * @p: the object task 2204 * 2205 * Returns 0 if current can read the object task, error code otherwise 2206 */ 2207 static int smack_task_getsid(struct task_struct *p) 2208 { 2209 return smk_curacc_on_task(p, MAY_READ, __func__); 2210 } 2211 2212 /** 2213 * smack_current_getsecid_subj - get the subjective secid of the current task 2214 * @secid: where to put the result 2215 * 2216 * Sets the secid to contain a u32 version of the task's subjective smack label. 2217 */ 2218 static void smack_current_getsecid_subj(u32 *secid) 2219 { 2220 struct smack_known *skp = smk_of_current(); 2221 2222 *secid = skp->smk_secid; 2223 } 2224 2225 /** 2226 * smack_task_getsecid_obj - get the objective secid of the task 2227 * @p: the task 2228 * @secid: where to put the result 2229 * 2230 * Sets the secid to contain a u32 version of the task's objective smack label. 2231 */ 2232 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2233 { 2234 struct smack_known *skp = smk_of_task_struct_obj(p); 2235 2236 *secid = skp->smk_secid; 2237 } 2238 2239 /** 2240 * smack_task_setnice - Smack check on setting nice 2241 * @p: the task object 2242 * @nice: unused 2243 * 2244 * Return 0 if write access is permitted 2245 */ 2246 static int smack_task_setnice(struct task_struct *p, int nice) 2247 { 2248 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2249 } 2250 2251 /** 2252 * smack_task_setioprio - Smack check on setting ioprio 2253 * @p: the task object 2254 * @ioprio: unused 2255 * 2256 * Return 0 if write access is permitted 2257 */ 2258 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2259 { 2260 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2261 } 2262 2263 /** 2264 * smack_task_getioprio - Smack check on reading ioprio 2265 * @p: the task object 2266 * 2267 * Return 0 if read access is permitted 2268 */ 2269 static int smack_task_getioprio(struct task_struct *p) 2270 { 2271 return smk_curacc_on_task(p, MAY_READ, __func__); 2272 } 2273 2274 /** 2275 * smack_task_setscheduler - Smack check on setting scheduler 2276 * @p: the task object 2277 * 2278 * Return 0 if read access is permitted 2279 */ 2280 static int smack_task_setscheduler(struct task_struct *p) 2281 { 2282 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2283 } 2284 2285 /** 2286 * smack_task_getscheduler - Smack check on reading scheduler 2287 * @p: the task object 2288 * 2289 * Return 0 if read access is permitted 2290 */ 2291 static int smack_task_getscheduler(struct task_struct *p) 2292 { 2293 return smk_curacc_on_task(p, MAY_READ, __func__); 2294 } 2295 2296 /** 2297 * smack_task_movememory - Smack check on moving memory 2298 * @p: the task object 2299 * 2300 * Return 0 if write access is permitted 2301 */ 2302 static int smack_task_movememory(struct task_struct *p) 2303 { 2304 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2305 } 2306 2307 /** 2308 * smack_task_kill - Smack check on signal delivery 2309 * @p: the task object 2310 * @info: unused 2311 * @sig: unused 2312 * @cred: identifies the cred to use in lieu of current's 2313 * 2314 * Return 0 if write access is permitted 2315 * 2316 */ 2317 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2318 int sig, const struct cred *cred) 2319 { 2320 struct smk_audit_info ad; 2321 struct smack_known *skp; 2322 struct smack_known *tkp = smk_of_task_struct_obj(p); 2323 int rc; 2324 2325 if (!sig) 2326 return 0; /* null signal; existence test */ 2327 2328 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2329 smk_ad_setfield_u_tsk(&ad, p); 2330 /* 2331 * Sending a signal requires that the sender 2332 * can write the receiver. 2333 */ 2334 if (cred == NULL) { 2335 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2336 rc = smk_bu_task(p, MAY_DELIVER, rc); 2337 return rc; 2338 } 2339 /* 2340 * If the cred isn't NULL we're dealing with some USB IO 2341 * specific behavior. This is not clean. For one thing 2342 * we can't take privilege into account. 2343 */ 2344 skp = smk_of_task(smack_cred(cred)); 2345 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2346 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2347 return rc; 2348 } 2349 2350 /** 2351 * smack_task_to_inode - copy task smack into the inode blob 2352 * @p: task to copy from 2353 * @inode: inode to copy to 2354 * 2355 * Sets the smack pointer in the inode security blob 2356 */ 2357 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2358 { 2359 struct inode_smack *isp = smack_inode(inode); 2360 struct smack_known *skp = smk_of_task_struct_obj(p); 2361 2362 isp->smk_inode = skp; 2363 isp->smk_flags |= SMK_INODE_INSTANT; 2364 } 2365 2366 /* 2367 * Socket hooks. 2368 */ 2369 2370 /** 2371 * smack_sk_alloc_security - Allocate a socket blob 2372 * @sk: the socket 2373 * @family: unused 2374 * @gfp_flags: memory allocation flags 2375 * 2376 * Assign Smack pointers to current 2377 * 2378 * Returns 0 on success, -ENOMEM is there's no memory 2379 */ 2380 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2381 { 2382 struct smack_known *skp = smk_of_current(); 2383 struct socket_smack *ssp; 2384 2385 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2386 if (ssp == NULL) 2387 return -ENOMEM; 2388 2389 /* 2390 * Sockets created by kernel threads receive web label. 2391 */ 2392 if (unlikely(current->flags & PF_KTHREAD)) { 2393 ssp->smk_in = &smack_known_web; 2394 ssp->smk_out = &smack_known_web; 2395 } else { 2396 ssp->smk_in = skp; 2397 ssp->smk_out = skp; 2398 } 2399 ssp->smk_packet = NULL; 2400 2401 sk->sk_security = ssp; 2402 2403 return 0; 2404 } 2405 2406 /** 2407 * smack_sk_free_security - Free a socket blob 2408 * @sk: the socket 2409 * 2410 * Clears the blob pointer 2411 */ 2412 static void smack_sk_free_security(struct sock *sk) 2413 { 2414 #ifdef SMACK_IPV6_PORT_LABELING 2415 struct smk_port_label *spp; 2416 2417 if (sk->sk_family == PF_INET6) { 2418 rcu_read_lock(); 2419 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2420 if (spp->smk_sock != sk) 2421 continue; 2422 spp->smk_can_reuse = 1; 2423 break; 2424 } 2425 rcu_read_unlock(); 2426 } 2427 #endif 2428 kfree(sk->sk_security); 2429 } 2430 2431 /** 2432 * smack_sk_clone_security - Copy security context 2433 * @sk: the old socket 2434 * @newsk: the new socket 2435 * 2436 * Copy the security context of the old socket pointer to the cloned 2437 */ 2438 static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk) 2439 { 2440 struct socket_smack *ssp_old = sk->sk_security; 2441 struct socket_smack *ssp_new = newsk->sk_security; 2442 2443 *ssp_new = *ssp_old; 2444 } 2445 2446 /** 2447 * smack_ipv4host_label - check host based restrictions 2448 * @sip: the object end 2449 * 2450 * looks for host based access restrictions 2451 * 2452 * This version will only be appropriate for really small sets of single label 2453 * hosts. The caller is responsible for ensuring that the RCU read lock is 2454 * taken before calling this function. 2455 * 2456 * Returns the label of the far end or NULL if it's not special. 2457 */ 2458 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2459 { 2460 struct smk_net4addr *snp; 2461 struct in_addr *siap = &sip->sin_addr; 2462 2463 if (siap->s_addr == 0) 2464 return NULL; 2465 2466 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2467 /* 2468 * we break after finding the first match because 2469 * the list is sorted from longest to shortest mask 2470 * so we have found the most specific match 2471 */ 2472 if (snp->smk_host.s_addr == 2473 (siap->s_addr & snp->smk_mask.s_addr)) 2474 return snp->smk_label; 2475 2476 return NULL; 2477 } 2478 2479 /* 2480 * smk_ipv6_localhost - Check for local ipv6 host address 2481 * @sip: the address 2482 * 2483 * Returns boolean true if this is the localhost address 2484 */ 2485 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2486 { 2487 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2488 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2489 2490 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2491 ntohs(be16p[7]) == 1) 2492 return true; 2493 return false; 2494 } 2495 2496 /** 2497 * smack_ipv6host_label - check host based restrictions 2498 * @sip: the object end 2499 * 2500 * looks for host based access restrictions 2501 * 2502 * This version will only be appropriate for really small sets of single label 2503 * hosts. The caller is responsible for ensuring that the RCU read lock is 2504 * taken before calling this function. 2505 * 2506 * Returns the label of the far end or NULL if it's not special. 2507 */ 2508 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2509 { 2510 struct smk_net6addr *snp; 2511 struct in6_addr *sap = &sip->sin6_addr; 2512 int i; 2513 int found = 0; 2514 2515 /* 2516 * It's local. Don't look for a host label. 2517 */ 2518 if (smk_ipv6_localhost(sip)) 2519 return NULL; 2520 2521 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2522 /* 2523 * If the label is NULL the entry has 2524 * been renounced. Ignore it. 2525 */ 2526 if (snp->smk_label == NULL) 2527 continue; 2528 /* 2529 * we break after finding the first match because 2530 * the list is sorted from longest to shortest mask 2531 * so we have found the most specific match 2532 */ 2533 for (found = 1, i = 0; i < 8; i++) { 2534 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2535 snp->smk_host.s6_addr16[i]) { 2536 found = 0; 2537 break; 2538 } 2539 } 2540 if (found) 2541 return snp->smk_label; 2542 } 2543 2544 return NULL; 2545 } 2546 2547 /** 2548 * smack_netlbl_add - Set the secattr on a socket 2549 * @sk: the socket 2550 * 2551 * Attach the outbound smack value (smk_out) to the socket. 2552 * 2553 * Returns 0 on success or an error code 2554 */ 2555 static int smack_netlbl_add(struct sock *sk) 2556 { 2557 struct socket_smack *ssp = sk->sk_security; 2558 struct smack_known *skp = ssp->smk_out; 2559 int rc; 2560 2561 local_bh_disable(); 2562 bh_lock_sock_nested(sk); 2563 2564 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2565 switch (rc) { 2566 case 0: 2567 ssp->smk_state = SMK_NETLBL_LABELED; 2568 break; 2569 case -EDESTADDRREQ: 2570 ssp->smk_state = SMK_NETLBL_REQSKB; 2571 rc = 0; 2572 break; 2573 } 2574 2575 bh_unlock_sock(sk); 2576 local_bh_enable(); 2577 2578 return rc; 2579 } 2580 2581 /** 2582 * smack_netlbl_delete - Remove the secattr from a socket 2583 * @sk: the socket 2584 * 2585 * Remove the outbound smack value from a socket 2586 */ 2587 static void smack_netlbl_delete(struct sock *sk) 2588 { 2589 struct socket_smack *ssp = sk->sk_security; 2590 2591 /* 2592 * Take the label off the socket if one is set. 2593 */ 2594 if (ssp->smk_state != SMK_NETLBL_LABELED) 2595 return; 2596 2597 local_bh_disable(); 2598 bh_lock_sock_nested(sk); 2599 netlbl_sock_delattr(sk); 2600 bh_unlock_sock(sk); 2601 local_bh_enable(); 2602 ssp->smk_state = SMK_NETLBL_UNLABELED; 2603 } 2604 2605 /** 2606 * smk_ipv4_check - Perform IPv4 host access checks 2607 * @sk: the socket 2608 * @sap: the destination address 2609 * 2610 * Set the correct secattr for the given socket based on the destination 2611 * address and perform any outbound access checks needed. 2612 * 2613 * Returns 0 on success or an error code. 2614 * 2615 */ 2616 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2617 { 2618 struct smack_known *skp; 2619 int rc = 0; 2620 struct smack_known *hkp; 2621 struct socket_smack *ssp = sk->sk_security; 2622 struct smk_audit_info ad; 2623 2624 rcu_read_lock(); 2625 hkp = smack_ipv4host_label(sap); 2626 if (hkp != NULL) { 2627 #ifdef CONFIG_AUDIT 2628 struct lsm_network_audit net; 2629 2630 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2631 ad.a.u.net->family = sap->sin_family; 2632 ad.a.u.net->dport = sap->sin_port; 2633 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2634 #endif 2635 skp = ssp->smk_out; 2636 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2637 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2638 /* 2639 * Clear the socket netlabel if it's set. 2640 */ 2641 if (!rc) 2642 smack_netlbl_delete(sk); 2643 } 2644 rcu_read_unlock(); 2645 2646 return rc; 2647 } 2648 2649 /** 2650 * smk_ipv6_check - check Smack access 2651 * @subject: subject Smack label 2652 * @object: object Smack label 2653 * @address: address 2654 * @act: the action being taken 2655 * 2656 * Check an IPv6 access 2657 */ 2658 static int smk_ipv6_check(struct smack_known *subject, 2659 struct smack_known *object, 2660 struct sockaddr_in6 *address, int act) 2661 { 2662 #ifdef CONFIG_AUDIT 2663 struct lsm_network_audit net; 2664 #endif 2665 struct smk_audit_info ad; 2666 int rc; 2667 2668 #ifdef CONFIG_AUDIT 2669 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2670 ad.a.u.net->family = PF_INET6; 2671 ad.a.u.net->dport = address->sin6_port; 2672 if (act == SMK_RECEIVING) 2673 ad.a.u.net->v6info.saddr = address->sin6_addr; 2674 else 2675 ad.a.u.net->v6info.daddr = address->sin6_addr; 2676 #endif 2677 rc = smk_access(subject, object, MAY_WRITE, &ad); 2678 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2679 return rc; 2680 } 2681 2682 #ifdef SMACK_IPV6_PORT_LABELING 2683 /** 2684 * smk_ipv6_port_label - Smack port access table management 2685 * @sock: socket 2686 * @address: address 2687 * 2688 * Create or update the port list entry 2689 */ 2690 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2691 { 2692 struct sock *sk = sock->sk; 2693 struct sockaddr_in6 *addr6; 2694 struct socket_smack *ssp = sock->sk->sk_security; 2695 struct smk_port_label *spp; 2696 unsigned short port = 0; 2697 2698 if (address == NULL) { 2699 /* 2700 * This operation is changing the Smack information 2701 * on the bound socket. Take the changes to the port 2702 * as well. 2703 */ 2704 rcu_read_lock(); 2705 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2706 if (sk != spp->smk_sock) 2707 continue; 2708 spp->smk_in = ssp->smk_in; 2709 spp->smk_out = ssp->smk_out; 2710 rcu_read_unlock(); 2711 return; 2712 } 2713 /* 2714 * A NULL address is only used for updating existing 2715 * bound entries. If there isn't one, it's OK. 2716 */ 2717 rcu_read_unlock(); 2718 return; 2719 } 2720 2721 addr6 = (struct sockaddr_in6 *)address; 2722 port = ntohs(addr6->sin6_port); 2723 /* 2724 * This is a special case that is safely ignored. 2725 */ 2726 if (port == 0) 2727 return; 2728 2729 /* 2730 * Look for an existing port list entry. 2731 * This is an indication that a port is getting reused. 2732 */ 2733 rcu_read_lock(); 2734 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2735 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2736 continue; 2737 if (spp->smk_can_reuse != 1) { 2738 rcu_read_unlock(); 2739 return; 2740 } 2741 spp->smk_port = port; 2742 spp->smk_sock = sk; 2743 spp->smk_in = ssp->smk_in; 2744 spp->smk_out = ssp->smk_out; 2745 spp->smk_can_reuse = 0; 2746 rcu_read_unlock(); 2747 return; 2748 } 2749 rcu_read_unlock(); 2750 /* 2751 * A new port entry is required. 2752 */ 2753 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2754 if (spp == NULL) 2755 return; 2756 2757 spp->smk_port = port; 2758 spp->smk_sock = sk; 2759 spp->smk_in = ssp->smk_in; 2760 spp->smk_out = ssp->smk_out; 2761 spp->smk_sock_type = sock->type; 2762 spp->smk_can_reuse = 0; 2763 2764 mutex_lock(&smack_ipv6_lock); 2765 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2766 mutex_unlock(&smack_ipv6_lock); 2767 return; 2768 } 2769 2770 /** 2771 * smk_ipv6_port_check - check Smack port access 2772 * @sk: socket 2773 * @address: address 2774 * @act: the action being taken 2775 * 2776 * Create or update the port list entry 2777 */ 2778 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2779 int act) 2780 { 2781 struct smk_port_label *spp; 2782 struct socket_smack *ssp = sk->sk_security; 2783 struct smack_known *skp = NULL; 2784 unsigned short port; 2785 struct smack_known *object; 2786 2787 if (act == SMK_RECEIVING) { 2788 skp = smack_ipv6host_label(address); 2789 object = ssp->smk_in; 2790 } else { 2791 skp = ssp->smk_out; 2792 object = smack_ipv6host_label(address); 2793 } 2794 2795 /* 2796 * The other end is a single label host. 2797 */ 2798 if (skp != NULL && object != NULL) 2799 return smk_ipv6_check(skp, object, address, act); 2800 if (skp == NULL) 2801 skp = smack_net_ambient; 2802 if (object == NULL) 2803 object = smack_net_ambient; 2804 2805 /* 2806 * It's remote, so port lookup does no good. 2807 */ 2808 if (!smk_ipv6_localhost(address)) 2809 return smk_ipv6_check(skp, object, address, act); 2810 2811 /* 2812 * It's local so the send check has to have passed. 2813 */ 2814 if (act == SMK_RECEIVING) 2815 return 0; 2816 2817 port = ntohs(address->sin6_port); 2818 rcu_read_lock(); 2819 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2820 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2821 continue; 2822 object = spp->smk_in; 2823 if (act == SMK_CONNECTING) 2824 ssp->smk_packet = spp->smk_out; 2825 break; 2826 } 2827 rcu_read_unlock(); 2828 2829 return smk_ipv6_check(skp, object, address, act); 2830 } 2831 #endif 2832 2833 /** 2834 * smack_inode_setsecurity - set smack xattrs 2835 * @inode: the object 2836 * @name: attribute name 2837 * @value: attribute value 2838 * @size: size of the attribute 2839 * @flags: unused 2840 * 2841 * Sets the named attribute in the appropriate blob 2842 * 2843 * Returns 0 on success, or an error code 2844 */ 2845 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2846 const void *value, size_t size, int flags) 2847 { 2848 struct smack_known *skp; 2849 struct inode_smack *nsp = smack_inode(inode); 2850 struct socket_smack *ssp; 2851 struct socket *sock; 2852 int rc = 0; 2853 2854 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2855 return -EINVAL; 2856 2857 skp = smk_import_entry(value, size); 2858 if (IS_ERR(skp)) 2859 return PTR_ERR(skp); 2860 2861 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2862 nsp->smk_inode = skp; 2863 nsp->smk_flags |= SMK_INODE_INSTANT; 2864 return 0; 2865 } 2866 /* 2867 * The rest of the Smack xattrs are only on sockets. 2868 */ 2869 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2870 return -EOPNOTSUPP; 2871 2872 sock = SOCKET_I(inode); 2873 if (sock == NULL || sock->sk == NULL) 2874 return -EOPNOTSUPP; 2875 2876 ssp = sock->sk->sk_security; 2877 2878 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2879 ssp->smk_in = skp; 2880 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2881 ssp->smk_out = skp; 2882 if (sock->sk->sk_family == PF_INET) { 2883 rc = smack_netlbl_add(sock->sk); 2884 if (rc != 0) 2885 printk(KERN_WARNING 2886 "Smack: \"%s\" netlbl error %d.\n", 2887 __func__, -rc); 2888 } 2889 } else 2890 return -EOPNOTSUPP; 2891 2892 #ifdef SMACK_IPV6_PORT_LABELING 2893 if (sock->sk->sk_family == PF_INET6) 2894 smk_ipv6_port_label(sock, NULL); 2895 #endif 2896 2897 return 0; 2898 } 2899 2900 /** 2901 * smack_socket_post_create - finish socket setup 2902 * @sock: the socket 2903 * @family: protocol family 2904 * @type: unused 2905 * @protocol: unused 2906 * @kern: unused 2907 * 2908 * Sets the netlabel information on the socket 2909 * 2910 * Returns 0 on success, and error code otherwise 2911 */ 2912 static int smack_socket_post_create(struct socket *sock, int family, 2913 int type, int protocol, int kern) 2914 { 2915 struct socket_smack *ssp; 2916 2917 if (sock->sk == NULL) 2918 return 0; 2919 2920 /* 2921 * Sockets created by kernel threads receive web label. 2922 */ 2923 if (unlikely(current->flags & PF_KTHREAD)) { 2924 ssp = sock->sk->sk_security; 2925 ssp->smk_in = &smack_known_web; 2926 ssp->smk_out = &smack_known_web; 2927 } 2928 2929 if (family != PF_INET) 2930 return 0; 2931 /* 2932 * Set the outbound netlbl. 2933 */ 2934 return smack_netlbl_add(sock->sk); 2935 } 2936 2937 /** 2938 * smack_socket_socketpair - create socket pair 2939 * @socka: one socket 2940 * @sockb: another socket 2941 * 2942 * Cross reference the peer labels for SO_PEERSEC 2943 * 2944 * Returns 0 2945 */ 2946 static int smack_socket_socketpair(struct socket *socka, 2947 struct socket *sockb) 2948 { 2949 struct socket_smack *asp = socka->sk->sk_security; 2950 struct socket_smack *bsp = sockb->sk->sk_security; 2951 2952 asp->smk_packet = bsp->smk_out; 2953 bsp->smk_packet = asp->smk_out; 2954 2955 return 0; 2956 } 2957 2958 #ifdef SMACK_IPV6_PORT_LABELING 2959 /** 2960 * smack_socket_bind - record port binding information. 2961 * @sock: the socket 2962 * @address: the port address 2963 * @addrlen: size of the address 2964 * 2965 * Records the label bound to a port. 2966 * 2967 * Returns 0 on success, and error code otherwise 2968 */ 2969 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2970 int addrlen) 2971 { 2972 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2973 if (addrlen < SIN6_LEN_RFC2133 || 2974 address->sa_family != AF_INET6) 2975 return -EINVAL; 2976 smk_ipv6_port_label(sock, address); 2977 } 2978 return 0; 2979 } 2980 #endif /* SMACK_IPV6_PORT_LABELING */ 2981 2982 /** 2983 * smack_socket_connect - connect access check 2984 * @sock: the socket 2985 * @sap: the other end 2986 * @addrlen: size of sap 2987 * 2988 * Verifies that a connection may be possible 2989 * 2990 * Returns 0 on success, and error code otherwise 2991 */ 2992 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2993 int addrlen) 2994 { 2995 int rc = 0; 2996 2997 if (sock->sk == NULL) 2998 return 0; 2999 if (sock->sk->sk_family != PF_INET && 3000 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 3001 return 0; 3002 if (addrlen < offsetofend(struct sockaddr, sa_family)) 3003 return 0; 3004 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 3005 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 3006 struct smack_known *rsp = NULL; 3007 3008 if (addrlen < SIN6_LEN_RFC2133) 3009 return 0; 3010 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 3011 rsp = smack_ipv6host_label(sip); 3012 if (rsp != NULL) { 3013 struct socket_smack *ssp = sock->sk->sk_security; 3014 3015 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 3016 SMK_CONNECTING); 3017 } 3018 #ifdef SMACK_IPV6_PORT_LABELING 3019 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 3020 #endif 3021 3022 return rc; 3023 } 3024 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 3025 return 0; 3026 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 3027 return rc; 3028 } 3029 3030 /** 3031 * smack_flags_to_may - convert S_ to MAY_ values 3032 * @flags: the S_ value 3033 * 3034 * Returns the equivalent MAY_ value 3035 */ 3036 static int smack_flags_to_may(int flags) 3037 { 3038 int may = 0; 3039 3040 if (flags & S_IRUGO) 3041 may |= MAY_READ; 3042 if (flags & S_IWUGO) 3043 may |= MAY_WRITE; 3044 if (flags & S_IXUGO) 3045 may |= MAY_EXEC; 3046 3047 return may; 3048 } 3049 3050 /** 3051 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 3052 * @msg: the object 3053 * 3054 * Returns 0 3055 */ 3056 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 3057 { 3058 struct smack_known **blob = smack_msg_msg(msg); 3059 3060 *blob = smk_of_current(); 3061 return 0; 3062 } 3063 3064 /** 3065 * smack_of_ipc - the smack pointer for the ipc 3066 * @isp: the object 3067 * 3068 * Returns a pointer to the smack value 3069 */ 3070 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 3071 { 3072 struct smack_known **blob = smack_ipc(isp); 3073 3074 return *blob; 3075 } 3076 3077 /** 3078 * smack_ipc_alloc_security - Set the security blob for ipc 3079 * @isp: the object 3080 * 3081 * Returns 0 3082 */ 3083 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 3084 { 3085 struct smack_known **blob = smack_ipc(isp); 3086 3087 *blob = smk_of_current(); 3088 return 0; 3089 } 3090 3091 /** 3092 * smk_curacc_shm : check if current has access on shm 3093 * @isp : the object 3094 * @access : access requested 3095 * 3096 * Returns 0 if current has the requested access, error code otherwise 3097 */ 3098 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 3099 { 3100 struct smack_known *ssp = smack_of_ipc(isp); 3101 struct smk_audit_info ad; 3102 int rc; 3103 3104 #ifdef CONFIG_AUDIT 3105 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3106 ad.a.u.ipc_id = isp->id; 3107 #endif 3108 rc = smk_curacc(ssp, access, &ad); 3109 rc = smk_bu_current("shm", ssp, access, rc); 3110 return rc; 3111 } 3112 3113 /** 3114 * smack_shm_associate - Smack access check for shm 3115 * @isp: the object 3116 * @shmflg: access requested 3117 * 3118 * Returns 0 if current has the requested access, error code otherwise 3119 */ 3120 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 3121 { 3122 int may; 3123 3124 may = smack_flags_to_may(shmflg); 3125 return smk_curacc_shm(isp, may); 3126 } 3127 3128 /** 3129 * smack_shm_shmctl - Smack access check for shm 3130 * @isp: the object 3131 * @cmd: what it wants to do 3132 * 3133 * Returns 0 if current has the requested access, error code otherwise 3134 */ 3135 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 3136 { 3137 int may; 3138 3139 switch (cmd) { 3140 case IPC_STAT: 3141 case SHM_STAT: 3142 case SHM_STAT_ANY: 3143 may = MAY_READ; 3144 break; 3145 case IPC_SET: 3146 case SHM_LOCK: 3147 case SHM_UNLOCK: 3148 case IPC_RMID: 3149 may = MAY_READWRITE; 3150 break; 3151 case IPC_INFO: 3152 case SHM_INFO: 3153 /* 3154 * System level information. 3155 */ 3156 return 0; 3157 default: 3158 return -EINVAL; 3159 } 3160 return smk_curacc_shm(isp, may); 3161 } 3162 3163 /** 3164 * smack_shm_shmat - Smack access for shmat 3165 * @isp: the object 3166 * @shmaddr: unused 3167 * @shmflg: access requested 3168 * 3169 * Returns 0 if current has the requested access, error code otherwise 3170 */ 3171 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3172 int shmflg) 3173 { 3174 int may; 3175 3176 may = smack_flags_to_may(shmflg); 3177 return smk_curacc_shm(isp, may); 3178 } 3179 3180 /** 3181 * smk_curacc_sem : check if current has access on sem 3182 * @isp : the object 3183 * @access : access requested 3184 * 3185 * Returns 0 if current has the requested access, error code otherwise 3186 */ 3187 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3188 { 3189 struct smack_known *ssp = smack_of_ipc(isp); 3190 struct smk_audit_info ad; 3191 int rc; 3192 3193 #ifdef CONFIG_AUDIT 3194 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3195 ad.a.u.ipc_id = isp->id; 3196 #endif 3197 rc = smk_curacc(ssp, access, &ad); 3198 rc = smk_bu_current("sem", ssp, access, rc); 3199 return rc; 3200 } 3201 3202 /** 3203 * smack_sem_associate - Smack access check for sem 3204 * @isp: the object 3205 * @semflg: access requested 3206 * 3207 * Returns 0 if current has the requested access, error code otherwise 3208 */ 3209 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3210 { 3211 int may; 3212 3213 may = smack_flags_to_may(semflg); 3214 return smk_curacc_sem(isp, may); 3215 } 3216 3217 /** 3218 * smack_sem_semctl - Smack access check for sem 3219 * @isp: the object 3220 * @cmd: what it wants to do 3221 * 3222 * Returns 0 if current has the requested access, error code otherwise 3223 */ 3224 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3225 { 3226 int may; 3227 3228 switch (cmd) { 3229 case GETPID: 3230 case GETNCNT: 3231 case GETZCNT: 3232 case GETVAL: 3233 case GETALL: 3234 case IPC_STAT: 3235 case SEM_STAT: 3236 case SEM_STAT_ANY: 3237 may = MAY_READ; 3238 break; 3239 case SETVAL: 3240 case SETALL: 3241 case IPC_RMID: 3242 case IPC_SET: 3243 may = MAY_READWRITE; 3244 break; 3245 case IPC_INFO: 3246 case SEM_INFO: 3247 /* 3248 * System level information 3249 */ 3250 return 0; 3251 default: 3252 return -EINVAL; 3253 } 3254 3255 return smk_curacc_sem(isp, may); 3256 } 3257 3258 /** 3259 * smack_sem_semop - Smack checks of semaphore operations 3260 * @isp: the object 3261 * @sops: unused 3262 * @nsops: unused 3263 * @alter: unused 3264 * 3265 * Treated as read and write in all cases. 3266 * 3267 * Returns 0 if access is allowed, error code otherwise 3268 */ 3269 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3270 unsigned nsops, int alter) 3271 { 3272 return smk_curacc_sem(isp, MAY_READWRITE); 3273 } 3274 3275 /** 3276 * smk_curacc_msq : helper to check if current has access on msq 3277 * @isp : the msq 3278 * @access : access requested 3279 * 3280 * return 0 if current has access, error otherwise 3281 */ 3282 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3283 { 3284 struct smack_known *msp = smack_of_ipc(isp); 3285 struct smk_audit_info ad; 3286 int rc; 3287 3288 #ifdef CONFIG_AUDIT 3289 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3290 ad.a.u.ipc_id = isp->id; 3291 #endif 3292 rc = smk_curacc(msp, access, &ad); 3293 rc = smk_bu_current("msq", msp, access, rc); 3294 return rc; 3295 } 3296 3297 /** 3298 * smack_msg_queue_associate - Smack access check for msg_queue 3299 * @isp: the object 3300 * @msqflg: access requested 3301 * 3302 * Returns 0 if current has the requested access, error code otherwise 3303 */ 3304 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3305 { 3306 int may; 3307 3308 may = smack_flags_to_may(msqflg); 3309 return smk_curacc_msq(isp, may); 3310 } 3311 3312 /** 3313 * smack_msg_queue_msgctl - Smack access check for msg_queue 3314 * @isp: the object 3315 * @cmd: what it wants to do 3316 * 3317 * Returns 0 if current has the requested access, error code otherwise 3318 */ 3319 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3320 { 3321 int may; 3322 3323 switch (cmd) { 3324 case IPC_STAT: 3325 case MSG_STAT: 3326 case MSG_STAT_ANY: 3327 may = MAY_READ; 3328 break; 3329 case IPC_SET: 3330 case IPC_RMID: 3331 may = MAY_READWRITE; 3332 break; 3333 case IPC_INFO: 3334 case MSG_INFO: 3335 /* 3336 * System level information 3337 */ 3338 return 0; 3339 default: 3340 return -EINVAL; 3341 } 3342 3343 return smk_curacc_msq(isp, may); 3344 } 3345 3346 /** 3347 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3348 * @isp: the object 3349 * @msg: unused 3350 * @msqflg: access requested 3351 * 3352 * Returns 0 if current has the requested access, error code otherwise 3353 */ 3354 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3355 int msqflg) 3356 { 3357 int may; 3358 3359 may = smack_flags_to_may(msqflg); 3360 return smk_curacc_msq(isp, may); 3361 } 3362 3363 /** 3364 * smack_msg_queue_msgrcv - Smack access check for msg_queue 3365 * @isp: the object 3366 * @msg: unused 3367 * @target: unused 3368 * @type: unused 3369 * @mode: unused 3370 * 3371 * Returns 0 if current has read and write access, error code otherwise 3372 */ 3373 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, 3374 struct msg_msg *msg, 3375 struct task_struct *target, long type, 3376 int mode) 3377 { 3378 return smk_curacc_msq(isp, MAY_READWRITE); 3379 } 3380 3381 /** 3382 * smack_ipc_permission - Smack access for ipc_permission() 3383 * @ipp: the object permissions 3384 * @flag: access requested 3385 * 3386 * Returns 0 if current has read and write access, error code otherwise 3387 */ 3388 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3389 { 3390 struct smack_known **blob = smack_ipc(ipp); 3391 struct smack_known *iskp = *blob; 3392 int may = smack_flags_to_may(flag); 3393 struct smk_audit_info ad; 3394 int rc; 3395 3396 #ifdef CONFIG_AUDIT 3397 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3398 ad.a.u.ipc_id = ipp->id; 3399 #endif 3400 rc = smk_curacc(iskp, may, &ad); 3401 rc = smk_bu_current("svipc", iskp, may, rc); 3402 return rc; 3403 } 3404 3405 /** 3406 * smack_ipc_getsecid - Extract smack security id 3407 * @ipp: the object permissions 3408 * @secid: where result will be saved 3409 */ 3410 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3411 { 3412 struct smack_known **blob = smack_ipc(ipp); 3413 struct smack_known *iskp = *blob; 3414 3415 *secid = iskp->smk_secid; 3416 } 3417 3418 /** 3419 * smack_d_instantiate - Make sure the blob is correct on an inode 3420 * @opt_dentry: dentry where inode will be attached 3421 * @inode: the object 3422 * 3423 * Set the inode's security blob if it hasn't been done already. 3424 */ 3425 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3426 { 3427 struct super_block *sbp; 3428 struct superblock_smack *sbsp; 3429 struct inode_smack *isp; 3430 struct smack_known *skp; 3431 struct smack_known *ckp = smk_of_current(); 3432 struct smack_known *final; 3433 char trattr[TRANS_TRUE_SIZE]; 3434 int transflag = 0; 3435 int rc; 3436 struct dentry *dp; 3437 3438 if (inode == NULL) 3439 return; 3440 3441 isp = smack_inode(inode); 3442 3443 /* 3444 * If the inode is already instantiated 3445 * take the quick way out 3446 */ 3447 if (isp->smk_flags & SMK_INODE_INSTANT) 3448 return; 3449 3450 sbp = inode->i_sb; 3451 sbsp = smack_superblock(sbp); 3452 /* 3453 * We're going to use the superblock default label 3454 * if there's no label on the file. 3455 */ 3456 final = sbsp->smk_default; 3457 3458 /* 3459 * If this is the root inode the superblock 3460 * may be in the process of initialization. 3461 * If that is the case use the root value out 3462 * of the superblock. 3463 */ 3464 if (opt_dentry->d_parent == opt_dentry) { 3465 switch (sbp->s_magic) { 3466 case CGROUP_SUPER_MAGIC: 3467 case CGROUP2_SUPER_MAGIC: 3468 /* 3469 * The cgroup filesystem is never mounted, 3470 * so there's no opportunity to set the mount 3471 * options. 3472 */ 3473 sbsp->smk_root = &smack_known_star; 3474 sbsp->smk_default = &smack_known_star; 3475 isp->smk_inode = sbsp->smk_root; 3476 break; 3477 case TMPFS_MAGIC: 3478 /* 3479 * What about shmem/tmpfs anonymous files with dentry 3480 * obtained from d_alloc_pseudo()? 3481 */ 3482 isp->smk_inode = smk_of_current(); 3483 break; 3484 case PIPEFS_MAGIC: 3485 isp->smk_inode = smk_of_current(); 3486 break; 3487 case SOCKFS_MAGIC: 3488 /* 3489 * Socket access is controlled by the socket 3490 * structures associated with the task involved. 3491 */ 3492 isp->smk_inode = &smack_known_star; 3493 break; 3494 default: 3495 isp->smk_inode = sbsp->smk_root; 3496 break; 3497 } 3498 isp->smk_flags |= SMK_INODE_INSTANT; 3499 return; 3500 } 3501 3502 /* 3503 * This is pretty hackish. 3504 * Casey says that we shouldn't have to do 3505 * file system specific code, but it does help 3506 * with keeping it simple. 3507 */ 3508 switch (sbp->s_magic) { 3509 case SMACK_MAGIC: 3510 case CGROUP_SUPER_MAGIC: 3511 case CGROUP2_SUPER_MAGIC: 3512 /* 3513 * Casey says that it's a little embarrassing 3514 * that the smack file system doesn't do 3515 * extended attributes. 3516 * 3517 * Cgroupfs is special 3518 */ 3519 final = &smack_known_star; 3520 break; 3521 case DEVPTS_SUPER_MAGIC: 3522 /* 3523 * devpts seems content with the label of the task. 3524 * Programs that change smack have to treat the 3525 * pty with respect. 3526 */ 3527 final = ckp; 3528 break; 3529 case PROC_SUPER_MAGIC: 3530 /* 3531 * Casey says procfs appears not to care. 3532 * The superblock default suffices. 3533 */ 3534 break; 3535 case TMPFS_MAGIC: 3536 /* 3537 * Device labels should come from the filesystem, 3538 * but watch out, because they're volitile, 3539 * getting recreated on every reboot. 3540 */ 3541 final = &smack_known_star; 3542 /* 3543 * If a smack value has been set we want to use it, 3544 * but since tmpfs isn't giving us the opportunity 3545 * to set mount options simulate setting the 3546 * superblock default. 3547 */ 3548 fallthrough; 3549 default: 3550 /* 3551 * This isn't an understood special case. 3552 * Get the value from the xattr. 3553 */ 3554 3555 /* 3556 * UNIX domain sockets use lower level socket data. 3557 */ 3558 if (S_ISSOCK(inode->i_mode)) { 3559 final = &smack_known_star; 3560 break; 3561 } 3562 /* 3563 * No xattr support means, alas, no SMACK label. 3564 * Use the aforeapplied default. 3565 * It would be curious if the label of the task 3566 * does not match that assigned. 3567 */ 3568 if (!(inode->i_opflags & IOP_XATTR)) 3569 break; 3570 /* 3571 * Get the dentry for xattr. 3572 */ 3573 dp = dget(opt_dentry); 3574 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3575 if (!IS_ERR_OR_NULL(skp)) 3576 final = skp; 3577 3578 /* 3579 * Transmuting directory 3580 */ 3581 if (S_ISDIR(inode->i_mode)) { 3582 /* 3583 * If this is a new directory and the label was 3584 * transmuted when the inode was initialized 3585 * set the transmute attribute on the directory 3586 * and mark the inode. 3587 * 3588 * If there is a transmute attribute on the 3589 * directory mark the inode. 3590 */ 3591 rc = __vfs_getxattr(dp, inode, 3592 XATTR_NAME_SMACKTRANSMUTE, trattr, 3593 TRANS_TRUE_SIZE); 3594 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3595 TRANS_TRUE_SIZE) != 0) 3596 rc = -EINVAL; 3597 if (rc >= 0) 3598 transflag = SMK_INODE_TRANSMUTE; 3599 } 3600 /* 3601 * Don't let the exec or mmap label be "*" or "@". 3602 */ 3603 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3604 if (IS_ERR(skp) || skp == &smack_known_star || 3605 skp == &smack_known_web) 3606 skp = NULL; 3607 isp->smk_task = skp; 3608 3609 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3610 if (IS_ERR(skp) || skp == &smack_known_star || 3611 skp == &smack_known_web) 3612 skp = NULL; 3613 isp->smk_mmap = skp; 3614 3615 dput(dp); 3616 break; 3617 } 3618 3619 if (final == NULL) 3620 isp->smk_inode = ckp; 3621 else 3622 isp->smk_inode = final; 3623 3624 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3625 3626 return; 3627 } 3628 3629 /** 3630 * smack_getselfattr - Smack current process attribute 3631 * @attr: which attribute to fetch 3632 * @ctx: buffer to receive the result 3633 * @size: available size in, actual size out 3634 * @flags: unused 3635 * 3636 * Fill the passed user space @ctx with the details of the requested 3637 * attribute. 3638 * 3639 * Returns the number of attributes on success, an error code otherwise. 3640 * There will only ever be one attribute. 3641 */ 3642 static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, 3643 size_t *size, u32 flags) 3644 { 3645 struct smack_known *skp = smk_of_current(); 3646 int total; 3647 int slen; 3648 int rc; 3649 3650 if (attr != LSM_ATTR_CURRENT) 3651 return -EOPNOTSUPP; 3652 3653 slen = strlen(skp->smk_known) + 1; 3654 total = ALIGN(slen + sizeof(*ctx), 8); 3655 if (total > *size) 3656 rc = -E2BIG; 3657 else if (ctx) 3658 rc = lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK, 3659 0); 3660 else 3661 rc = 1; 3662 3663 *size = total; 3664 if (rc >= 0) 3665 return 1; 3666 return rc; 3667 } 3668 3669 /** 3670 * smack_getprocattr - Smack process attribute access 3671 * @p: the object task 3672 * @name: the name of the attribute in /proc/.../attr 3673 * @value: where to put the result 3674 * 3675 * Places a copy of the task Smack into value 3676 * 3677 * Returns the length of the smack label or an error code 3678 */ 3679 static int smack_getprocattr(struct task_struct *p, const char *name, char **value) 3680 { 3681 struct smack_known *skp = smk_of_task_struct_obj(p); 3682 char *cp; 3683 int slen; 3684 3685 if (strcmp(name, "current") != 0) 3686 return -EINVAL; 3687 3688 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3689 if (cp == NULL) 3690 return -ENOMEM; 3691 3692 slen = strlen(cp); 3693 *value = cp; 3694 return slen; 3695 } 3696 3697 /** 3698 * do_setattr - Smack process attribute setting 3699 * @attr: the ID of the attribute 3700 * @value: the value to set 3701 * @size: the size of the value 3702 * 3703 * Sets the Smack value of the task. Only setting self 3704 * is permitted and only with privilege 3705 * 3706 * Returns the length of the smack label or an error code 3707 */ 3708 static int do_setattr(u64 attr, void *value, size_t size) 3709 { 3710 struct task_smack *tsp = smack_cred(current_cred()); 3711 struct cred *new; 3712 struct smack_known *skp; 3713 struct smack_known_list_elem *sklep; 3714 int rc; 3715 3716 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3717 return -EPERM; 3718 3719 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3720 return -EINVAL; 3721 3722 if (attr != LSM_ATTR_CURRENT) 3723 return -EOPNOTSUPP; 3724 3725 skp = smk_import_entry(value, size); 3726 if (IS_ERR(skp)) 3727 return PTR_ERR(skp); 3728 3729 /* 3730 * No process is ever allowed the web ("@") label 3731 * and the star ("*") label. 3732 */ 3733 if (skp == &smack_known_web || skp == &smack_known_star) 3734 return -EINVAL; 3735 3736 if (!smack_privileged(CAP_MAC_ADMIN)) { 3737 rc = -EPERM; 3738 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3739 if (sklep->smk_label == skp) { 3740 rc = 0; 3741 break; 3742 } 3743 if (rc) 3744 return rc; 3745 } 3746 3747 new = prepare_creds(); 3748 if (new == NULL) 3749 return -ENOMEM; 3750 3751 tsp = smack_cred(new); 3752 tsp->smk_task = skp; 3753 /* 3754 * process can change its label only once 3755 */ 3756 smk_destroy_label_list(&tsp->smk_relabel); 3757 3758 commit_creds(new); 3759 return size; 3760 } 3761 3762 /** 3763 * smack_setselfattr - Set a Smack process attribute 3764 * @attr: which attribute to set 3765 * @ctx: buffer containing the data 3766 * @size: size of @ctx 3767 * @flags: unused 3768 * 3769 * Fill the passed user space @ctx with the details of the requested 3770 * attribute. 3771 * 3772 * Returns 0 on success, an error code otherwise. 3773 */ 3774 static int smack_setselfattr(unsigned int attr, struct lsm_ctx *ctx, 3775 size_t size, u32 flags) 3776 { 3777 int rc; 3778 3779 rc = do_setattr(attr, ctx->ctx, ctx->ctx_len); 3780 if (rc > 0) 3781 return 0; 3782 return rc; 3783 } 3784 3785 /** 3786 * smack_setprocattr - Smack process attribute setting 3787 * @name: the name of the attribute in /proc/.../attr 3788 * @value: the value to set 3789 * @size: the size of the value 3790 * 3791 * Sets the Smack value of the task. Only setting self 3792 * is permitted and only with privilege 3793 * 3794 * Returns the length of the smack label or an error code 3795 */ 3796 static int smack_setprocattr(const char *name, void *value, size_t size) 3797 { 3798 int attr = lsm_name_to_attr(name); 3799 3800 if (attr != LSM_ATTR_UNDEF) 3801 return do_setattr(attr, value, size); 3802 return -EINVAL; 3803 } 3804 3805 /** 3806 * smack_unix_stream_connect - Smack access on UDS 3807 * @sock: one sock 3808 * @other: the other sock 3809 * @newsk: unused 3810 * 3811 * Return 0 if a subject with the smack of sock could access 3812 * an object with the smack of other, otherwise an error code 3813 */ 3814 static int smack_unix_stream_connect(struct sock *sock, 3815 struct sock *other, struct sock *newsk) 3816 { 3817 struct smack_known *skp; 3818 struct smack_known *okp; 3819 struct socket_smack *ssp = sock->sk_security; 3820 struct socket_smack *osp = other->sk_security; 3821 struct socket_smack *nsp = newsk->sk_security; 3822 struct smk_audit_info ad; 3823 int rc = 0; 3824 #ifdef CONFIG_AUDIT 3825 struct lsm_network_audit net; 3826 #endif 3827 3828 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3829 skp = ssp->smk_out; 3830 okp = osp->smk_in; 3831 #ifdef CONFIG_AUDIT 3832 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3833 smk_ad_setfield_u_net_sk(&ad, other); 3834 #endif 3835 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3836 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3837 if (rc == 0) { 3838 okp = osp->smk_out; 3839 skp = ssp->smk_in; 3840 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3841 rc = smk_bu_note("UDS connect", okp, skp, 3842 MAY_WRITE, rc); 3843 } 3844 } 3845 3846 /* 3847 * Cross reference the peer labels for SO_PEERSEC. 3848 */ 3849 if (rc == 0) { 3850 nsp->smk_packet = ssp->smk_out; 3851 ssp->smk_packet = osp->smk_out; 3852 } 3853 3854 return rc; 3855 } 3856 3857 /** 3858 * smack_unix_may_send - Smack access on UDS 3859 * @sock: one socket 3860 * @other: the other socket 3861 * 3862 * Return 0 if a subject with the smack of sock could access 3863 * an object with the smack of other, otherwise an error code 3864 */ 3865 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3866 { 3867 struct socket_smack *ssp = sock->sk->sk_security; 3868 struct socket_smack *osp = other->sk->sk_security; 3869 struct smk_audit_info ad; 3870 int rc; 3871 3872 #ifdef CONFIG_AUDIT 3873 struct lsm_network_audit net; 3874 3875 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3876 smk_ad_setfield_u_net_sk(&ad, other->sk); 3877 #endif 3878 3879 if (smack_privileged(CAP_MAC_OVERRIDE)) 3880 return 0; 3881 3882 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3883 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3884 return rc; 3885 } 3886 3887 /** 3888 * smack_socket_sendmsg - Smack check based on destination host 3889 * @sock: the socket 3890 * @msg: the message 3891 * @size: the size of the message 3892 * 3893 * Return 0 if the current subject can write to the destination host. 3894 * For IPv4 this is only a question if the destination is a single label host. 3895 * For IPv6 this is a check against the label of the port. 3896 */ 3897 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3898 int size) 3899 { 3900 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3901 #if IS_ENABLED(CONFIG_IPV6) 3902 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3903 #endif 3904 #ifdef SMACK_IPV6_SECMARK_LABELING 3905 struct socket_smack *ssp = sock->sk->sk_security; 3906 struct smack_known *rsp; 3907 #endif 3908 int rc = 0; 3909 3910 /* 3911 * Perfectly reasonable for this to be NULL 3912 */ 3913 if (sip == NULL) 3914 return 0; 3915 3916 switch (sock->sk->sk_family) { 3917 case AF_INET: 3918 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3919 sip->sin_family != AF_INET) 3920 return -EINVAL; 3921 rc = smk_ipv4_check(sock->sk, sip); 3922 break; 3923 #if IS_ENABLED(CONFIG_IPV6) 3924 case AF_INET6: 3925 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3926 sap->sin6_family != AF_INET6) 3927 return -EINVAL; 3928 #ifdef SMACK_IPV6_SECMARK_LABELING 3929 rsp = smack_ipv6host_label(sap); 3930 if (rsp != NULL) 3931 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3932 SMK_CONNECTING); 3933 #endif 3934 #ifdef SMACK_IPV6_PORT_LABELING 3935 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3936 #endif 3937 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3938 break; 3939 } 3940 return rc; 3941 } 3942 3943 /** 3944 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3945 * @sap: netlabel secattr 3946 * @ssp: socket security information 3947 * 3948 * Returns a pointer to a Smack label entry found on the label list. 3949 */ 3950 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3951 struct socket_smack *ssp) 3952 { 3953 struct smack_known *skp; 3954 int found = 0; 3955 int acat; 3956 int kcat; 3957 3958 /* 3959 * Netlabel found it in the cache. 3960 */ 3961 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3962 return (struct smack_known *)sap->cache->data; 3963 3964 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3965 /* 3966 * Looks like a fallback, which gives us a secid. 3967 */ 3968 return smack_from_secid(sap->attr.secid); 3969 3970 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3971 /* 3972 * Looks like a CIPSO packet. 3973 * If there are flags but no level netlabel isn't 3974 * behaving the way we expect it to. 3975 * 3976 * Look it up in the label table 3977 * Without guidance regarding the smack value 3978 * for the packet fall back on the network 3979 * ambient value. 3980 */ 3981 rcu_read_lock(); 3982 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3983 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3984 continue; 3985 /* 3986 * Compare the catsets. Use the netlbl APIs. 3987 */ 3988 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3989 if ((skp->smk_netlabel.flags & 3990 NETLBL_SECATTR_MLS_CAT) == 0) 3991 found = 1; 3992 break; 3993 } 3994 for (acat = -1, kcat = -1; acat == kcat; ) { 3995 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3996 acat + 1); 3997 kcat = netlbl_catmap_walk( 3998 skp->smk_netlabel.attr.mls.cat, 3999 kcat + 1); 4000 if (acat < 0 || kcat < 0) 4001 break; 4002 } 4003 if (acat == kcat) { 4004 found = 1; 4005 break; 4006 } 4007 } 4008 rcu_read_unlock(); 4009 4010 if (found) 4011 return skp; 4012 4013 if (ssp != NULL && ssp->smk_in == &smack_known_star) 4014 return &smack_known_web; 4015 return &smack_known_star; 4016 } 4017 /* 4018 * Without guidance regarding the smack value 4019 * for the packet fall back on the network 4020 * ambient value. 4021 */ 4022 return smack_net_ambient; 4023 } 4024 4025 #if IS_ENABLED(CONFIG_IPV6) 4026 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 4027 { 4028 u8 nexthdr; 4029 int offset; 4030 int proto = -EINVAL; 4031 struct ipv6hdr _ipv6h; 4032 struct ipv6hdr *ip6; 4033 __be16 frag_off; 4034 struct tcphdr _tcph, *th; 4035 struct udphdr _udph, *uh; 4036 struct dccp_hdr _dccph, *dh; 4037 4038 sip->sin6_port = 0; 4039 4040 offset = skb_network_offset(skb); 4041 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 4042 if (ip6 == NULL) 4043 return -EINVAL; 4044 sip->sin6_addr = ip6->saddr; 4045 4046 nexthdr = ip6->nexthdr; 4047 offset += sizeof(_ipv6h); 4048 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 4049 if (offset < 0) 4050 return -EINVAL; 4051 4052 proto = nexthdr; 4053 switch (proto) { 4054 case IPPROTO_TCP: 4055 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 4056 if (th != NULL) 4057 sip->sin6_port = th->source; 4058 break; 4059 case IPPROTO_UDP: 4060 case IPPROTO_UDPLITE: 4061 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 4062 if (uh != NULL) 4063 sip->sin6_port = uh->source; 4064 break; 4065 case IPPROTO_DCCP: 4066 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 4067 if (dh != NULL) 4068 sip->sin6_port = dh->dccph_sport; 4069 break; 4070 } 4071 return proto; 4072 } 4073 #endif /* CONFIG_IPV6 */ 4074 4075 /** 4076 * smack_from_skb - Smack data from the secmark in an skb 4077 * @skb: packet 4078 * 4079 * Returns smack_known of the secmark or NULL if that won't work. 4080 */ 4081 #ifdef CONFIG_NETWORK_SECMARK 4082 static struct smack_known *smack_from_skb(struct sk_buff *skb) 4083 { 4084 if (skb == NULL || skb->secmark == 0) 4085 return NULL; 4086 4087 return smack_from_secid(skb->secmark); 4088 } 4089 #else 4090 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 4091 { 4092 return NULL; 4093 } 4094 #endif 4095 4096 /** 4097 * smack_from_netlbl - Smack data from the IP options in an skb 4098 * @sk: socket data came in on 4099 * @family: address family 4100 * @skb: packet 4101 * 4102 * Find the Smack label in the IP options. If it hasn't been 4103 * added to the netlabel cache, add it here. 4104 * 4105 * Returns smack_known of the IP options or NULL if that won't work. 4106 */ 4107 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 4108 struct sk_buff *skb) 4109 { 4110 struct netlbl_lsm_secattr secattr; 4111 struct socket_smack *ssp = NULL; 4112 struct smack_known *skp = NULL; 4113 4114 netlbl_secattr_init(&secattr); 4115 4116 if (sk) 4117 ssp = sk->sk_security; 4118 4119 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 4120 skp = smack_from_secattr(&secattr, ssp); 4121 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 4122 netlbl_cache_add(skb, family, &skp->smk_netlabel); 4123 } 4124 4125 netlbl_secattr_destroy(&secattr); 4126 4127 return skp; 4128 } 4129 4130 /** 4131 * smack_socket_sock_rcv_skb - Smack packet delivery access check 4132 * @sk: socket 4133 * @skb: packet 4134 * 4135 * Returns 0 if the packet should be delivered, an error code otherwise 4136 */ 4137 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 4138 { 4139 struct socket_smack *ssp = sk->sk_security; 4140 struct smack_known *skp = NULL; 4141 int rc = 0; 4142 struct smk_audit_info ad; 4143 u16 family = sk->sk_family; 4144 #ifdef CONFIG_AUDIT 4145 struct lsm_network_audit net; 4146 #endif 4147 #if IS_ENABLED(CONFIG_IPV6) 4148 struct sockaddr_in6 sadd; 4149 int proto; 4150 4151 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 4152 family = PF_INET; 4153 #endif /* CONFIG_IPV6 */ 4154 4155 switch (family) { 4156 case PF_INET: 4157 /* 4158 * If there is a secmark use it rather than the CIPSO label. 4159 * If there is no secmark fall back to CIPSO. 4160 * The secmark is assumed to reflect policy better. 4161 */ 4162 skp = smack_from_skb(skb); 4163 if (skp == NULL) { 4164 skp = smack_from_netlbl(sk, family, skb); 4165 if (skp == NULL) 4166 skp = smack_net_ambient; 4167 } 4168 4169 #ifdef CONFIG_AUDIT 4170 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4171 ad.a.u.net->family = family; 4172 ad.a.u.net->netif = skb->skb_iif; 4173 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4174 #endif 4175 /* 4176 * Receiving a packet requires that the other end 4177 * be able to write here. Read access is not required. 4178 * This is the simplist possible security model 4179 * for networking. 4180 */ 4181 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4182 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 4183 MAY_WRITE, rc); 4184 if (rc != 0) 4185 netlbl_skbuff_err(skb, family, rc, 0); 4186 break; 4187 #if IS_ENABLED(CONFIG_IPV6) 4188 case PF_INET6: 4189 proto = smk_skb_to_addr_ipv6(skb, &sadd); 4190 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 4191 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 4192 break; 4193 #ifdef SMACK_IPV6_SECMARK_LABELING 4194 skp = smack_from_skb(skb); 4195 if (skp == NULL) { 4196 if (smk_ipv6_localhost(&sadd)) 4197 break; 4198 skp = smack_ipv6host_label(&sadd); 4199 if (skp == NULL) 4200 skp = smack_net_ambient; 4201 } 4202 #ifdef CONFIG_AUDIT 4203 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4204 ad.a.u.net->family = family; 4205 ad.a.u.net->netif = skb->skb_iif; 4206 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 4207 #endif /* CONFIG_AUDIT */ 4208 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4209 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 4210 MAY_WRITE, rc); 4211 #endif /* SMACK_IPV6_SECMARK_LABELING */ 4212 #ifdef SMACK_IPV6_PORT_LABELING 4213 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 4214 #endif /* SMACK_IPV6_PORT_LABELING */ 4215 if (rc != 0) 4216 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 4217 ICMPV6_ADM_PROHIBITED, 0); 4218 break; 4219 #endif /* CONFIG_IPV6 */ 4220 } 4221 4222 return rc; 4223 } 4224 4225 /** 4226 * smack_socket_getpeersec_stream - pull in packet label 4227 * @sock: the socket 4228 * @optval: user's destination 4229 * @optlen: size thereof 4230 * @len: max thereof 4231 * 4232 * returns zero on success, an error code otherwise 4233 */ 4234 static int smack_socket_getpeersec_stream(struct socket *sock, 4235 sockptr_t optval, sockptr_t optlen, 4236 unsigned int len) 4237 { 4238 struct socket_smack *ssp; 4239 char *rcp = ""; 4240 u32 slen = 1; 4241 int rc = 0; 4242 4243 ssp = sock->sk->sk_security; 4244 if (ssp->smk_packet != NULL) { 4245 rcp = ssp->smk_packet->smk_known; 4246 slen = strlen(rcp) + 1; 4247 } 4248 if (slen > len) { 4249 rc = -ERANGE; 4250 goto out_len; 4251 } 4252 4253 if (copy_to_sockptr(optval, rcp, slen)) 4254 rc = -EFAULT; 4255 out_len: 4256 if (copy_to_sockptr(optlen, &slen, sizeof(slen))) 4257 rc = -EFAULT; 4258 return rc; 4259 } 4260 4261 4262 /** 4263 * smack_socket_getpeersec_dgram - pull in packet label 4264 * @sock: the peer socket 4265 * @skb: packet data 4266 * @secid: pointer to where to put the secid of the packet 4267 * 4268 * Sets the netlabel socket state on sk from parent 4269 */ 4270 static int smack_socket_getpeersec_dgram(struct socket *sock, 4271 struct sk_buff *skb, u32 *secid) 4272 4273 { 4274 struct socket_smack *ssp = NULL; 4275 struct smack_known *skp; 4276 struct sock *sk = NULL; 4277 int family = PF_UNSPEC; 4278 u32 s = 0; /* 0 is the invalid secid */ 4279 4280 if (skb != NULL) { 4281 if (skb->protocol == htons(ETH_P_IP)) 4282 family = PF_INET; 4283 #if IS_ENABLED(CONFIG_IPV6) 4284 else if (skb->protocol == htons(ETH_P_IPV6)) 4285 family = PF_INET6; 4286 #endif /* CONFIG_IPV6 */ 4287 } 4288 if (family == PF_UNSPEC && sock != NULL) 4289 family = sock->sk->sk_family; 4290 4291 switch (family) { 4292 case PF_UNIX: 4293 ssp = sock->sk->sk_security; 4294 s = ssp->smk_out->smk_secid; 4295 break; 4296 case PF_INET: 4297 skp = smack_from_skb(skb); 4298 if (skp) { 4299 s = skp->smk_secid; 4300 break; 4301 } 4302 /* 4303 * Translate what netlabel gave us. 4304 */ 4305 if (sock != NULL) 4306 sk = sock->sk; 4307 skp = smack_from_netlbl(sk, family, skb); 4308 if (skp != NULL) 4309 s = skp->smk_secid; 4310 break; 4311 case PF_INET6: 4312 #ifdef SMACK_IPV6_SECMARK_LABELING 4313 skp = smack_from_skb(skb); 4314 if (skp) 4315 s = skp->smk_secid; 4316 #endif 4317 break; 4318 } 4319 *secid = s; 4320 if (s == 0) 4321 return -EINVAL; 4322 return 0; 4323 } 4324 4325 /** 4326 * smack_sock_graft - Initialize a newly created socket with an existing sock 4327 * @sk: child sock 4328 * @parent: parent socket 4329 * 4330 * Set the smk_{in,out} state of an existing sock based on the process that 4331 * is creating the new socket. 4332 */ 4333 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4334 { 4335 struct socket_smack *ssp; 4336 struct smack_known *skp = smk_of_current(); 4337 4338 if (sk == NULL || 4339 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4340 return; 4341 4342 ssp = sk->sk_security; 4343 ssp->smk_in = skp; 4344 ssp->smk_out = skp; 4345 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4346 } 4347 4348 /** 4349 * smack_inet_conn_request - Smack access check on connect 4350 * @sk: socket involved 4351 * @skb: packet 4352 * @req: unused 4353 * 4354 * Returns 0 if a task with the packet label could write to 4355 * the socket, otherwise an error code 4356 */ 4357 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4358 struct request_sock *req) 4359 { 4360 u16 family = sk->sk_family; 4361 struct smack_known *skp; 4362 struct socket_smack *ssp = sk->sk_security; 4363 struct sockaddr_in addr; 4364 struct iphdr *hdr; 4365 struct smack_known *hskp; 4366 int rc; 4367 struct smk_audit_info ad; 4368 #ifdef CONFIG_AUDIT 4369 struct lsm_network_audit net; 4370 #endif 4371 4372 #if IS_ENABLED(CONFIG_IPV6) 4373 if (family == PF_INET6) { 4374 /* 4375 * Handle mapped IPv4 packets arriving 4376 * via IPv6 sockets. Don't set up netlabel 4377 * processing on IPv6. 4378 */ 4379 if (skb->protocol == htons(ETH_P_IP)) 4380 family = PF_INET; 4381 else 4382 return 0; 4383 } 4384 #endif /* CONFIG_IPV6 */ 4385 4386 /* 4387 * If there is a secmark use it rather than the CIPSO label. 4388 * If there is no secmark fall back to CIPSO. 4389 * The secmark is assumed to reflect policy better. 4390 */ 4391 skp = smack_from_skb(skb); 4392 if (skp == NULL) { 4393 skp = smack_from_netlbl(sk, family, skb); 4394 if (skp == NULL) 4395 skp = &smack_known_huh; 4396 } 4397 4398 #ifdef CONFIG_AUDIT 4399 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4400 ad.a.u.net->family = family; 4401 ad.a.u.net->netif = skb->skb_iif; 4402 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4403 #endif 4404 /* 4405 * Receiving a packet requires that the other end be able to write 4406 * here. Read access is not required. 4407 */ 4408 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4409 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4410 if (rc != 0) 4411 return rc; 4412 4413 /* 4414 * Save the peer's label in the request_sock so we can later setup 4415 * smk_packet in the child socket so that SO_PEERCRED can report it. 4416 */ 4417 req->peer_secid = skp->smk_secid; 4418 4419 /* 4420 * We need to decide if we want to label the incoming connection here 4421 * if we do we only need to label the request_sock and the stack will 4422 * propagate the wire-label to the sock when it is created. 4423 */ 4424 hdr = ip_hdr(skb); 4425 addr.sin_addr.s_addr = hdr->saddr; 4426 rcu_read_lock(); 4427 hskp = smack_ipv4host_label(&addr); 4428 rcu_read_unlock(); 4429 4430 if (hskp == NULL) 4431 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4432 else 4433 netlbl_req_delattr(req); 4434 4435 return rc; 4436 } 4437 4438 /** 4439 * smack_inet_csk_clone - Copy the connection information to the new socket 4440 * @sk: the new socket 4441 * @req: the connection's request_sock 4442 * 4443 * Transfer the connection's peer label to the newly created socket. 4444 */ 4445 static void smack_inet_csk_clone(struct sock *sk, 4446 const struct request_sock *req) 4447 { 4448 struct socket_smack *ssp = sk->sk_security; 4449 struct smack_known *skp; 4450 4451 if (req->peer_secid != 0) { 4452 skp = smack_from_secid(req->peer_secid); 4453 ssp->smk_packet = skp; 4454 } else 4455 ssp->smk_packet = NULL; 4456 } 4457 4458 /* 4459 * Key management security hooks 4460 * 4461 * Casey has not tested key support very heavily. 4462 * The permission check is most likely too restrictive. 4463 * If you care about keys please have a look. 4464 */ 4465 #ifdef CONFIG_KEYS 4466 4467 /** 4468 * smack_key_alloc - Set the key security blob 4469 * @key: object 4470 * @cred: the credentials to use 4471 * @flags: unused 4472 * 4473 * No allocation required 4474 * 4475 * Returns 0 4476 */ 4477 static int smack_key_alloc(struct key *key, const struct cred *cred, 4478 unsigned long flags) 4479 { 4480 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4481 4482 key->security = skp; 4483 return 0; 4484 } 4485 4486 /** 4487 * smack_key_free - Clear the key security blob 4488 * @key: the object 4489 * 4490 * Clear the blob pointer 4491 */ 4492 static void smack_key_free(struct key *key) 4493 { 4494 key->security = NULL; 4495 } 4496 4497 /** 4498 * smack_key_permission - Smack access on a key 4499 * @key_ref: gets to the object 4500 * @cred: the credentials to use 4501 * @need_perm: requested key permission 4502 * 4503 * Return 0 if the task has read and write to the object, 4504 * an error code otherwise 4505 */ 4506 static int smack_key_permission(key_ref_t key_ref, 4507 const struct cred *cred, 4508 enum key_need_perm need_perm) 4509 { 4510 struct key *keyp; 4511 struct smk_audit_info ad; 4512 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4513 int request = 0; 4514 int rc; 4515 4516 /* 4517 * Validate requested permissions 4518 */ 4519 switch (need_perm) { 4520 case KEY_NEED_READ: 4521 case KEY_NEED_SEARCH: 4522 case KEY_NEED_VIEW: 4523 request |= MAY_READ; 4524 break; 4525 case KEY_NEED_WRITE: 4526 case KEY_NEED_LINK: 4527 case KEY_NEED_SETATTR: 4528 request |= MAY_WRITE; 4529 break; 4530 case KEY_NEED_UNSPECIFIED: 4531 case KEY_NEED_UNLINK: 4532 case KEY_SYSADMIN_OVERRIDE: 4533 case KEY_AUTHTOKEN_OVERRIDE: 4534 case KEY_DEFER_PERM_CHECK: 4535 return 0; 4536 default: 4537 return -EINVAL; 4538 } 4539 4540 keyp = key_ref_to_ptr(key_ref); 4541 if (keyp == NULL) 4542 return -EINVAL; 4543 /* 4544 * If the key hasn't been initialized give it access so that 4545 * it may do so. 4546 */ 4547 if (keyp->security == NULL) 4548 return 0; 4549 /* 4550 * This should not occur 4551 */ 4552 if (tkp == NULL) 4553 return -EACCES; 4554 4555 if (smack_privileged(CAP_MAC_OVERRIDE)) 4556 return 0; 4557 4558 #ifdef CONFIG_AUDIT 4559 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4560 ad.a.u.key_struct.key = keyp->serial; 4561 ad.a.u.key_struct.key_desc = keyp->description; 4562 #endif 4563 rc = smk_access(tkp, keyp->security, request, &ad); 4564 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4565 return rc; 4566 } 4567 4568 /* 4569 * smack_key_getsecurity - Smack label tagging the key 4570 * @key points to the key to be queried 4571 * @_buffer points to a pointer that should be set to point to the 4572 * resulting string (if no label or an error occurs). 4573 * Return the length of the string (including terminating NUL) or -ve if 4574 * an error. 4575 * May also return 0 (and a NULL buffer pointer) if there is no label. 4576 */ 4577 static int smack_key_getsecurity(struct key *key, char **_buffer) 4578 { 4579 struct smack_known *skp = key->security; 4580 size_t length; 4581 char *copy; 4582 4583 if (key->security == NULL) { 4584 *_buffer = NULL; 4585 return 0; 4586 } 4587 4588 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4589 if (copy == NULL) 4590 return -ENOMEM; 4591 length = strlen(copy) + 1; 4592 4593 *_buffer = copy; 4594 return length; 4595 } 4596 4597 4598 #ifdef CONFIG_KEY_NOTIFICATIONS 4599 /** 4600 * smack_watch_key - Smack access to watch a key for notifications. 4601 * @key: The key to be watched 4602 * 4603 * Return 0 if the @watch->cred has permission to read from the key object and 4604 * an error otherwise. 4605 */ 4606 static int smack_watch_key(struct key *key) 4607 { 4608 struct smk_audit_info ad; 4609 struct smack_known *tkp = smk_of_current(); 4610 int rc; 4611 4612 if (key == NULL) 4613 return -EINVAL; 4614 /* 4615 * If the key hasn't been initialized give it access so that 4616 * it may do so. 4617 */ 4618 if (key->security == NULL) 4619 return 0; 4620 /* 4621 * This should not occur 4622 */ 4623 if (tkp == NULL) 4624 return -EACCES; 4625 4626 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4627 return 0; 4628 4629 #ifdef CONFIG_AUDIT 4630 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4631 ad.a.u.key_struct.key = key->serial; 4632 ad.a.u.key_struct.key_desc = key->description; 4633 #endif 4634 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4635 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4636 return rc; 4637 } 4638 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4639 #endif /* CONFIG_KEYS */ 4640 4641 #ifdef CONFIG_WATCH_QUEUE 4642 /** 4643 * smack_post_notification - Smack access to post a notification to a queue 4644 * @w_cred: The credentials of the watcher. 4645 * @cred: The credentials of the event source (may be NULL). 4646 * @n: The notification message to be posted. 4647 */ 4648 static int smack_post_notification(const struct cred *w_cred, 4649 const struct cred *cred, 4650 struct watch_notification *n) 4651 { 4652 struct smk_audit_info ad; 4653 struct smack_known *subj, *obj; 4654 int rc; 4655 4656 /* Always let maintenance notifications through. */ 4657 if (n->type == WATCH_TYPE_META) 4658 return 0; 4659 4660 if (!cred) 4661 return 0; 4662 subj = smk_of_task(smack_cred(cred)); 4663 obj = smk_of_task(smack_cred(w_cred)); 4664 4665 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4666 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4667 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4668 return rc; 4669 } 4670 #endif /* CONFIG_WATCH_QUEUE */ 4671 4672 /* 4673 * Smack Audit hooks 4674 * 4675 * Audit requires a unique representation of each Smack specific 4676 * rule. This unique representation is used to distinguish the 4677 * object to be audited from remaining kernel objects and also 4678 * works as a glue between the audit hooks. 4679 * 4680 * Since repository entries are added but never deleted, we'll use 4681 * the smack_known label address related to the given audit rule as 4682 * the needed unique representation. This also better fits the smack 4683 * model where nearly everything is a label. 4684 */ 4685 #ifdef CONFIG_AUDIT 4686 4687 /** 4688 * smack_audit_rule_init - Initialize a smack audit rule 4689 * @field: audit rule fields given from user-space (audit.h) 4690 * @op: required testing operator (=, !=, >, <, ...) 4691 * @rulestr: smack label to be audited 4692 * @vrule: pointer to save our own audit rule representation 4693 * 4694 * Prepare to audit cases where (@field @op @rulestr) is true. 4695 * The label to be audited is created if necessay. 4696 */ 4697 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4698 { 4699 struct smack_known *skp; 4700 char **rule = (char **)vrule; 4701 *rule = NULL; 4702 4703 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4704 return -EINVAL; 4705 4706 if (op != Audit_equal && op != Audit_not_equal) 4707 return -EINVAL; 4708 4709 skp = smk_import_entry(rulestr, 0); 4710 if (IS_ERR(skp)) 4711 return PTR_ERR(skp); 4712 4713 *rule = skp->smk_known; 4714 4715 return 0; 4716 } 4717 4718 /** 4719 * smack_audit_rule_known - Distinguish Smack audit rules 4720 * @krule: rule of interest, in Audit kernel representation format 4721 * 4722 * This is used to filter Smack rules from remaining Audit ones. 4723 * If it's proved that this rule belongs to us, the 4724 * audit_rule_match hook will be called to do the final judgement. 4725 */ 4726 static int smack_audit_rule_known(struct audit_krule *krule) 4727 { 4728 struct audit_field *f; 4729 int i; 4730 4731 for (i = 0; i < krule->field_count; i++) { 4732 f = &krule->fields[i]; 4733 4734 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4735 return 1; 4736 } 4737 4738 return 0; 4739 } 4740 4741 /** 4742 * smack_audit_rule_match - Audit given object ? 4743 * @secid: security id for identifying the object to test 4744 * @field: audit rule flags given from user-space 4745 * @op: required testing operator 4746 * @vrule: smack internal rule presentation 4747 * 4748 * The core Audit hook. It's used to take the decision of 4749 * whether to audit or not to audit a given object. 4750 */ 4751 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4752 { 4753 struct smack_known *skp; 4754 char *rule = vrule; 4755 4756 if (unlikely(!rule)) { 4757 WARN_ONCE(1, "Smack: missing rule\n"); 4758 return -ENOENT; 4759 } 4760 4761 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4762 return 0; 4763 4764 skp = smack_from_secid(secid); 4765 4766 /* 4767 * No need to do string comparisons. If a match occurs, 4768 * both pointers will point to the same smack_known 4769 * label. 4770 */ 4771 if (op == Audit_equal) 4772 return (rule == skp->smk_known); 4773 if (op == Audit_not_equal) 4774 return (rule != skp->smk_known); 4775 4776 return 0; 4777 } 4778 4779 /* 4780 * There is no need for a smack_audit_rule_free hook. 4781 * No memory was allocated. 4782 */ 4783 4784 #endif /* CONFIG_AUDIT */ 4785 4786 /** 4787 * smack_ismaclabel - check if xattr @name references a smack MAC label 4788 * @name: Full xattr name to check. 4789 */ 4790 static int smack_ismaclabel(const char *name) 4791 { 4792 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4793 } 4794 4795 4796 /** 4797 * smack_secid_to_secctx - return the smack label for a secid 4798 * @secid: incoming integer 4799 * @secdata: destination 4800 * @seclen: how long it is 4801 * 4802 * Exists for networking code. 4803 */ 4804 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4805 { 4806 struct smack_known *skp = smack_from_secid(secid); 4807 4808 if (secdata) 4809 *secdata = skp->smk_known; 4810 *seclen = strlen(skp->smk_known); 4811 return 0; 4812 } 4813 4814 /** 4815 * smack_secctx_to_secid - return the secid for a smack label 4816 * @secdata: smack label 4817 * @seclen: how long result is 4818 * @secid: outgoing integer 4819 * 4820 * Exists for audit and networking code. 4821 */ 4822 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4823 { 4824 struct smack_known *skp = smk_find_entry(secdata); 4825 4826 if (skp) 4827 *secid = skp->smk_secid; 4828 else 4829 *secid = 0; 4830 return 0; 4831 } 4832 4833 /* 4834 * There used to be a smack_release_secctx hook 4835 * that did nothing back when hooks were in a vector. 4836 * Now that there's a list such a hook adds cost. 4837 */ 4838 4839 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4840 { 4841 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4842 ctxlen, 0); 4843 } 4844 4845 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4846 { 4847 return __vfs_setxattr_noperm(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK, 4848 ctx, ctxlen, 0); 4849 } 4850 4851 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4852 { 4853 struct smack_known *skp = smk_of_inode(inode); 4854 4855 *ctx = skp->smk_known; 4856 *ctxlen = strlen(skp->smk_known); 4857 return 0; 4858 } 4859 4860 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4861 { 4862 4863 struct task_smack *tsp; 4864 struct smack_known *skp; 4865 struct inode_smack *isp; 4866 struct cred *new_creds = *new; 4867 4868 if (new_creds == NULL) { 4869 new_creds = prepare_creds(); 4870 if (new_creds == NULL) 4871 return -ENOMEM; 4872 } 4873 4874 tsp = smack_cred(new_creds); 4875 4876 /* 4877 * Get label from overlay inode and set it in create_sid 4878 */ 4879 isp = smack_inode(d_inode(dentry)); 4880 skp = isp->smk_inode; 4881 tsp->smk_task = skp; 4882 *new = new_creds; 4883 return 0; 4884 } 4885 4886 static int smack_inode_copy_up_xattr(const char *name) 4887 { 4888 /* 4889 * Return 1 if this is the smack access Smack attribute. 4890 */ 4891 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4892 return 1; 4893 4894 return -EOPNOTSUPP; 4895 } 4896 4897 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4898 struct qstr *name, 4899 const struct cred *old, 4900 struct cred *new) 4901 { 4902 struct task_smack *otsp = smack_cred(old); 4903 struct task_smack *ntsp = smack_cred(new); 4904 struct inode_smack *isp; 4905 int may; 4906 4907 /* 4908 * Use the process credential unless all of 4909 * the transmuting criteria are met 4910 */ 4911 ntsp->smk_task = otsp->smk_task; 4912 4913 /* 4914 * the attribute of the containing directory 4915 */ 4916 isp = smack_inode(d_inode(dentry->d_parent)); 4917 4918 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4919 rcu_read_lock(); 4920 may = smk_access_entry(otsp->smk_task->smk_known, 4921 isp->smk_inode->smk_known, 4922 &otsp->smk_task->smk_rules); 4923 rcu_read_unlock(); 4924 4925 /* 4926 * If the directory is transmuting and the rule 4927 * providing access is transmuting use the containing 4928 * directory label instead of the process label. 4929 */ 4930 if (may > 0 && (may & MAY_TRANSMUTE)) { 4931 ntsp->smk_task = isp->smk_inode; 4932 ntsp->smk_transmuted = ntsp->smk_task; 4933 } 4934 } 4935 return 0; 4936 } 4937 4938 #ifdef CONFIG_IO_URING 4939 /** 4940 * smack_uring_override_creds - Is io_uring cred override allowed? 4941 * @new: the target creds 4942 * 4943 * Check to see if the current task is allowed to override it's credentials 4944 * to service an io_uring operation. 4945 */ 4946 static int smack_uring_override_creds(const struct cred *new) 4947 { 4948 struct task_smack *tsp = smack_cred(current_cred()); 4949 struct task_smack *nsp = smack_cred(new); 4950 4951 /* 4952 * Allow the degenerate case where the new Smack value is 4953 * the same as the current Smack value. 4954 */ 4955 if (tsp->smk_task == nsp->smk_task) 4956 return 0; 4957 4958 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4959 return 0; 4960 4961 return -EPERM; 4962 } 4963 4964 /** 4965 * smack_uring_sqpoll - check if a io_uring polling thread can be created 4966 * 4967 * Check to see if the current task is allowed to create a new io_uring 4968 * kernel polling thread. 4969 */ 4970 static int smack_uring_sqpoll(void) 4971 { 4972 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) 4973 return 0; 4974 4975 return -EPERM; 4976 } 4977 4978 /** 4979 * smack_uring_cmd - check on file operations for io_uring 4980 * @ioucmd: the command in question 4981 * 4982 * Make a best guess about whether a io_uring "command" should 4983 * be allowed. Use the same logic used for determining if the 4984 * file could be opened for read in the absence of better criteria. 4985 */ 4986 static int smack_uring_cmd(struct io_uring_cmd *ioucmd) 4987 { 4988 struct file *file = ioucmd->file; 4989 struct smk_audit_info ad; 4990 struct task_smack *tsp; 4991 struct inode *inode; 4992 int rc; 4993 4994 if (!file) 4995 return -EINVAL; 4996 4997 tsp = smack_cred(file->f_cred); 4998 inode = file_inode(file); 4999 5000 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 5001 smk_ad_setfield_u_fs_path(&ad, file->f_path); 5002 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 5003 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 5004 5005 return rc; 5006 } 5007 5008 #endif /* CONFIG_IO_URING */ 5009 5010 struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { 5011 .lbs_cred = sizeof(struct task_smack), 5012 .lbs_file = sizeof(struct smack_known *), 5013 .lbs_inode = sizeof(struct inode_smack), 5014 .lbs_ipc = sizeof(struct smack_known *), 5015 .lbs_msg_msg = sizeof(struct smack_known *), 5016 .lbs_superblock = sizeof(struct superblock_smack), 5017 .lbs_xattr_count = SMACK_INODE_INIT_XATTRS, 5018 }; 5019 5020 const struct lsm_id smack_lsmid = { 5021 .name = "smack", 5022 .id = LSM_ID_SMACK, 5023 }; 5024 5025 static struct security_hook_list smack_hooks[] __ro_after_init = { 5026 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 5027 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 5028 LSM_HOOK_INIT(syslog, smack_syslog), 5029 5030 LSM_HOOK_INIT(fs_context_submount, smack_fs_context_submount), 5031 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 5032 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 5033 5034 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 5035 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 5036 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 5037 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 5038 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 5039 5040 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 5041 5042 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 5043 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 5044 LSM_HOOK_INIT(inode_link, smack_inode_link), 5045 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 5046 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 5047 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 5048 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 5049 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 5050 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 5051 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 5052 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 5053 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 5054 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 5055 LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl), 5056 LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl), 5057 LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl), 5058 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 5059 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 5060 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 5061 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 5062 5063 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 5064 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 5065 LSM_HOOK_INIT(file_lock, smack_file_lock), 5066 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 5067 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 5068 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 5069 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 5070 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 5071 LSM_HOOK_INIT(file_receive, smack_file_receive), 5072 5073 LSM_HOOK_INIT(file_open, smack_file_open), 5074 5075 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 5076 LSM_HOOK_INIT(cred_free, smack_cred_free), 5077 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 5078 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 5079 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 5080 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 5081 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 5082 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 5083 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 5084 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 5085 LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj), 5086 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 5087 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 5088 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 5089 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 5090 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 5091 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 5092 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 5093 LSM_HOOK_INIT(task_kill, smack_task_kill), 5094 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 5095 5096 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 5097 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 5098 5099 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 5100 5101 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 5102 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 5103 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 5104 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 5105 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 5106 5107 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 5108 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 5109 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 5110 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 5111 5112 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 5113 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 5114 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 5115 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 5116 5117 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 5118 5119 LSM_HOOK_INIT(getselfattr, smack_getselfattr), 5120 LSM_HOOK_INIT(setselfattr, smack_setselfattr), 5121 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 5122 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 5123 5124 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 5125 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 5126 5127 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 5128 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 5129 #ifdef SMACK_IPV6_PORT_LABELING 5130 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 5131 #endif 5132 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 5133 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 5134 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 5135 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 5136 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 5137 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 5138 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 5139 LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security), 5140 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 5141 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 5142 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 5143 5144 /* key management security hooks */ 5145 #ifdef CONFIG_KEYS 5146 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 5147 LSM_HOOK_INIT(key_free, smack_key_free), 5148 LSM_HOOK_INIT(key_permission, smack_key_permission), 5149 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 5150 #ifdef CONFIG_KEY_NOTIFICATIONS 5151 LSM_HOOK_INIT(watch_key, smack_watch_key), 5152 #endif 5153 #endif /* CONFIG_KEYS */ 5154 5155 #ifdef CONFIG_WATCH_QUEUE 5156 LSM_HOOK_INIT(post_notification, smack_post_notification), 5157 #endif 5158 5159 /* Audit hooks */ 5160 #ifdef CONFIG_AUDIT 5161 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 5162 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 5163 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 5164 #endif /* CONFIG_AUDIT */ 5165 5166 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 5167 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 5168 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 5169 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 5170 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 5171 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 5172 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 5173 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 5174 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 5175 #ifdef CONFIG_IO_URING 5176 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds), 5177 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll), 5178 LSM_HOOK_INIT(uring_cmd, smack_uring_cmd), 5179 #endif 5180 }; 5181 5182 5183 static __init void init_smack_known_list(void) 5184 { 5185 /* 5186 * Initialize rule list locks 5187 */ 5188 mutex_init(&smack_known_huh.smk_rules_lock); 5189 mutex_init(&smack_known_hat.smk_rules_lock); 5190 mutex_init(&smack_known_floor.smk_rules_lock); 5191 mutex_init(&smack_known_star.smk_rules_lock); 5192 mutex_init(&smack_known_web.smk_rules_lock); 5193 /* 5194 * Initialize rule lists 5195 */ 5196 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 5197 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 5198 INIT_LIST_HEAD(&smack_known_star.smk_rules); 5199 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 5200 INIT_LIST_HEAD(&smack_known_web.smk_rules); 5201 /* 5202 * Create the known labels list 5203 */ 5204 smk_insert_entry(&smack_known_huh); 5205 smk_insert_entry(&smack_known_hat); 5206 smk_insert_entry(&smack_known_star); 5207 smk_insert_entry(&smack_known_floor); 5208 smk_insert_entry(&smack_known_web); 5209 } 5210 5211 /** 5212 * smack_init - initialize the smack system 5213 * 5214 * Returns 0 on success, -ENOMEM is there's no memory 5215 */ 5216 static __init int smack_init(void) 5217 { 5218 struct cred *cred = (struct cred *) current->cred; 5219 struct task_smack *tsp; 5220 5221 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 5222 if (!smack_rule_cache) 5223 return -ENOMEM; 5224 5225 /* 5226 * Set the security state for the initial task. 5227 */ 5228 tsp = smack_cred(cred); 5229 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 5230 5231 /* 5232 * Register with LSM 5233 */ 5234 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); 5235 smack_enabled = 1; 5236 5237 pr_info("Smack: Initializing.\n"); 5238 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 5239 pr_info("Smack: Netfilter enabled.\n"); 5240 #endif 5241 #ifdef SMACK_IPV6_PORT_LABELING 5242 pr_info("Smack: IPv6 port labeling enabled.\n"); 5243 #endif 5244 #ifdef SMACK_IPV6_SECMARK_LABELING 5245 pr_info("Smack: IPv6 Netfilter enabled.\n"); 5246 #endif 5247 5248 /* initialize the smack_known_list */ 5249 init_smack_known_list(); 5250 5251 return 0; 5252 } 5253 5254 /* 5255 * Smack requires early initialization in order to label 5256 * all processes and objects when they are created. 5257 */ 5258 DEFINE_LSM(smack) = { 5259 .name = "smack", 5260 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 5261 .blobs = &smack_blob_sizes, 5262 .init = smack_init, 5263 }; 5264