1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include <linux/io_uring.h> 46 #include "smack.h" 47 48 #define TRANS_TRUE "TRUE" 49 #define TRANS_TRUE_SIZE 4 50 51 #define SMK_CONNECTING 0 52 #define SMK_RECEIVING 1 53 #define SMK_SENDING 2 54 55 #ifdef SMACK_IPV6_PORT_LABELING 56 static DEFINE_MUTEX(smack_ipv6_lock); 57 static LIST_HEAD(smk_ipv6_port_list); 58 #endif 59 struct kmem_cache *smack_rule_cache; 60 int smack_enabled __initdata; 61 62 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 63 static struct { 64 const char *name; 65 int len; 66 int opt; 67 } smk_mount_opts[] = { 68 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 69 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 70 }; 71 #undef A 72 73 static int match_opt_prefix(char *s, int l, char **arg) 74 { 75 int i; 76 77 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 78 size_t len = smk_mount_opts[i].len; 79 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 80 continue; 81 if (len == l || s[len] != '=') 82 continue; 83 *arg = s + len + 1; 84 return smk_mount_opts[i].opt; 85 } 86 return Opt_error; 87 } 88 89 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 90 static char *smk_bu_mess[] = { 91 "Bringup Error", /* Unused */ 92 "Bringup", /* SMACK_BRINGUP_ALLOW */ 93 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 94 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 95 }; 96 97 static void smk_bu_mode(int mode, char *s) 98 { 99 int i = 0; 100 101 if (mode & MAY_READ) 102 s[i++] = 'r'; 103 if (mode & MAY_WRITE) 104 s[i++] = 'w'; 105 if (mode & MAY_EXEC) 106 s[i++] = 'x'; 107 if (mode & MAY_APPEND) 108 s[i++] = 'a'; 109 if (mode & MAY_TRANSMUTE) 110 s[i++] = 't'; 111 if (mode & MAY_LOCK) 112 s[i++] = 'l'; 113 if (i == 0) 114 s[i++] = '-'; 115 s[i] = '\0'; 116 } 117 #endif 118 119 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 120 static int smk_bu_note(char *note, struct smack_known *sskp, 121 struct smack_known *oskp, int mode, int rc) 122 { 123 char acc[SMK_NUM_ACCESS_TYPE + 1]; 124 125 if (rc <= 0) 126 return rc; 127 if (rc > SMACK_UNCONFINED_OBJECT) 128 rc = 0; 129 130 smk_bu_mode(mode, acc); 131 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 132 sskp->smk_known, oskp->smk_known, acc, note); 133 return 0; 134 } 135 #else 136 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 137 #endif 138 139 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 140 static int smk_bu_current(char *note, struct smack_known *oskp, 141 int mode, int rc) 142 { 143 struct task_smack *tsp = smack_cred(current_cred()); 144 char acc[SMK_NUM_ACCESS_TYPE + 1]; 145 146 if (rc <= 0) 147 return rc; 148 if (rc > SMACK_UNCONFINED_OBJECT) 149 rc = 0; 150 151 smk_bu_mode(mode, acc); 152 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 153 tsp->smk_task->smk_known, oskp->smk_known, 154 acc, current->comm, note); 155 return 0; 156 } 157 #else 158 #define smk_bu_current(note, oskp, mode, RC) (RC) 159 #endif 160 161 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 162 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 163 { 164 struct task_smack *tsp = smack_cred(current_cred()); 165 struct smack_known *smk_task = smk_of_task_struct_obj(otp); 166 char acc[SMK_NUM_ACCESS_TYPE + 1]; 167 168 if (rc <= 0) 169 return rc; 170 if (rc > SMACK_UNCONFINED_OBJECT) 171 rc = 0; 172 173 smk_bu_mode(mode, acc); 174 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 175 tsp->smk_task->smk_known, smk_task->smk_known, acc, 176 current->comm, otp->comm); 177 return 0; 178 } 179 #else 180 #define smk_bu_task(otp, mode, RC) (RC) 181 #endif 182 183 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 184 static int smk_bu_inode(struct inode *inode, int mode, int rc) 185 { 186 struct task_smack *tsp = smack_cred(current_cred()); 187 struct inode_smack *isp = smack_inode(inode); 188 char acc[SMK_NUM_ACCESS_TYPE + 1]; 189 190 if (isp->smk_flags & SMK_INODE_IMPURE) 191 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 192 inode->i_sb->s_id, inode->i_ino, current->comm); 193 194 if (rc <= 0) 195 return rc; 196 if (rc > SMACK_UNCONFINED_OBJECT) 197 rc = 0; 198 if (rc == SMACK_UNCONFINED_SUBJECT && 199 (mode & (MAY_WRITE | MAY_APPEND))) 200 isp->smk_flags |= SMK_INODE_IMPURE; 201 202 smk_bu_mode(mode, acc); 203 204 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 205 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 206 inode->i_sb->s_id, inode->i_ino, current->comm); 207 return 0; 208 } 209 #else 210 #define smk_bu_inode(inode, mode, RC) (RC) 211 #endif 212 213 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 214 static int smk_bu_file(struct file *file, int mode, int rc) 215 { 216 struct task_smack *tsp = smack_cred(current_cred()); 217 struct smack_known *sskp = tsp->smk_task; 218 struct inode *inode = file_inode(file); 219 struct inode_smack *isp = smack_inode(inode); 220 char acc[SMK_NUM_ACCESS_TYPE + 1]; 221 222 if (isp->smk_flags & SMK_INODE_IMPURE) 223 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 224 inode->i_sb->s_id, inode->i_ino, current->comm); 225 226 if (rc <= 0) 227 return rc; 228 if (rc > SMACK_UNCONFINED_OBJECT) 229 rc = 0; 230 231 smk_bu_mode(mode, acc); 232 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 233 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 234 inode->i_sb->s_id, inode->i_ino, file, 235 current->comm); 236 return 0; 237 } 238 #else 239 #define smk_bu_file(file, mode, RC) (RC) 240 #endif 241 242 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 243 static int smk_bu_credfile(const struct cred *cred, struct file *file, 244 int mode, int rc) 245 { 246 struct task_smack *tsp = smack_cred(cred); 247 struct smack_known *sskp = tsp->smk_task; 248 struct inode *inode = file_inode(file); 249 struct inode_smack *isp = smack_inode(inode); 250 char acc[SMK_NUM_ACCESS_TYPE + 1]; 251 252 if (isp->smk_flags & SMK_INODE_IMPURE) 253 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 254 inode->i_sb->s_id, inode->i_ino, current->comm); 255 256 if (rc <= 0) 257 return rc; 258 if (rc > SMACK_UNCONFINED_OBJECT) 259 rc = 0; 260 261 smk_bu_mode(mode, acc); 262 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 263 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 264 inode->i_sb->s_id, inode->i_ino, file, 265 current->comm); 266 return 0; 267 } 268 #else 269 #define smk_bu_credfile(cred, file, mode, RC) (RC) 270 #endif 271 272 /** 273 * smk_fetch - Fetch the smack label from a file. 274 * @name: type of the label (attribute) 275 * @ip: a pointer to the inode 276 * @dp: a pointer to the dentry 277 * 278 * Returns a pointer to the master list entry for the Smack label, 279 * NULL if there was no label to fetch, or an error code. 280 */ 281 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 282 struct dentry *dp) 283 { 284 int rc; 285 char *buffer; 286 struct smack_known *skp = NULL; 287 288 if (!(ip->i_opflags & IOP_XATTR)) 289 return ERR_PTR(-EOPNOTSUPP); 290 291 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 292 if (buffer == NULL) 293 return ERR_PTR(-ENOMEM); 294 295 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 296 if (rc < 0) 297 skp = ERR_PTR(rc); 298 else if (rc == 0) 299 skp = NULL; 300 else 301 skp = smk_import_entry(buffer, rc); 302 303 kfree(buffer); 304 305 return skp; 306 } 307 308 /** 309 * init_inode_smack - initialize an inode security blob 310 * @inode: inode to extract the info from 311 * @skp: a pointer to the Smack label entry to use in the blob 312 * 313 */ 314 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 315 { 316 struct inode_smack *isp = smack_inode(inode); 317 318 isp->smk_inode = skp; 319 isp->smk_flags = 0; 320 } 321 322 /** 323 * init_task_smack - initialize a task security blob 324 * @tsp: blob to initialize 325 * @task: a pointer to the Smack label for the running task 326 * @forked: a pointer to the Smack label for the forked task 327 * 328 */ 329 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 330 struct smack_known *forked) 331 { 332 tsp->smk_task = task; 333 tsp->smk_forked = forked; 334 INIT_LIST_HEAD(&tsp->smk_rules); 335 INIT_LIST_HEAD(&tsp->smk_relabel); 336 mutex_init(&tsp->smk_rules_lock); 337 } 338 339 /** 340 * smk_copy_rules - copy a rule set 341 * @nhead: new rules header pointer 342 * @ohead: old rules header pointer 343 * @gfp: type of the memory for the allocation 344 * 345 * Returns 0 on success, -ENOMEM on error 346 */ 347 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 348 gfp_t gfp) 349 { 350 struct smack_rule *nrp; 351 struct smack_rule *orp; 352 int rc = 0; 353 354 list_for_each_entry_rcu(orp, ohead, list) { 355 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 356 if (nrp == NULL) { 357 rc = -ENOMEM; 358 break; 359 } 360 *nrp = *orp; 361 list_add_rcu(&nrp->list, nhead); 362 } 363 return rc; 364 } 365 366 /** 367 * smk_copy_relabel - copy smk_relabel labels list 368 * @nhead: new rules header pointer 369 * @ohead: old rules header pointer 370 * @gfp: type of the memory for the allocation 371 * 372 * Returns 0 on success, -ENOMEM on error 373 */ 374 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 375 gfp_t gfp) 376 { 377 struct smack_known_list_elem *nklep; 378 struct smack_known_list_elem *oklep; 379 380 list_for_each_entry(oklep, ohead, list) { 381 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 382 if (nklep == NULL) { 383 smk_destroy_label_list(nhead); 384 return -ENOMEM; 385 } 386 nklep->smk_label = oklep->smk_label; 387 list_add(&nklep->list, nhead); 388 } 389 390 return 0; 391 } 392 393 /** 394 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 395 * @mode: input mode in form of PTRACE_MODE_* 396 * 397 * Returns a converted MAY_* mode usable by smack rules 398 */ 399 static inline unsigned int smk_ptrace_mode(unsigned int mode) 400 { 401 if (mode & PTRACE_MODE_ATTACH) 402 return MAY_READWRITE; 403 if (mode & PTRACE_MODE_READ) 404 return MAY_READ; 405 406 return 0; 407 } 408 409 /** 410 * smk_ptrace_rule_check - helper for ptrace access 411 * @tracer: tracer process 412 * @tracee_known: label entry of the process that's about to be traced 413 * @mode: ptrace attachment mode (PTRACE_MODE_*) 414 * @func: name of the function that called us, used for audit 415 * 416 * Returns 0 on access granted, -error on error 417 */ 418 static int smk_ptrace_rule_check(struct task_struct *tracer, 419 struct smack_known *tracee_known, 420 unsigned int mode, const char *func) 421 { 422 int rc; 423 struct smk_audit_info ad, *saip = NULL; 424 struct task_smack *tsp; 425 struct smack_known *tracer_known; 426 const struct cred *tracercred; 427 428 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 429 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 430 smk_ad_setfield_u_tsk(&ad, tracer); 431 saip = &ad; 432 } 433 434 rcu_read_lock(); 435 tracercred = __task_cred(tracer); 436 tsp = smack_cred(tracercred); 437 tracer_known = smk_of_task(tsp); 438 439 if ((mode & PTRACE_MODE_ATTACH) && 440 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 441 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 442 if (tracer_known->smk_known == tracee_known->smk_known) 443 rc = 0; 444 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 445 rc = -EACCES; 446 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 447 rc = 0; 448 else 449 rc = -EACCES; 450 451 if (saip) 452 smack_log(tracer_known->smk_known, 453 tracee_known->smk_known, 454 0, rc, saip); 455 456 rcu_read_unlock(); 457 return rc; 458 } 459 460 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 461 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 462 463 rcu_read_unlock(); 464 return rc; 465 } 466 467 /* 468 * LSM hooks. 469 * We he, that is fun! 470 */ 471 472 /** 473 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 474 * @ctp: child task pointer 475 * @mode: ptrace attachment mode (PTRACE_MODE_*) 476 * 477 * Returns 0 if access is OK, an error code otherwise 478 * 479 * Do the capability checks. 480 */ 481 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 482 { 483 struct smack_known *skp; 484 485 skp = smk_of_task_struct_obj(ctp); 486 487 return smk_ptrace_rule_check(current, skp, mode, __func__); 488 } 489 490 /** 491 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 492 * @ptp: parent task pointer 493 * 494 * Returns 0 if access is OK, an error code otherwise 495 * 496 * Do the capability checks, and require PTRACE_MODE_ATTACH. 497 */ 498 static int smack_ptrace_traceme(struct task_struct *ptp) 499 { 500 struct smack_known *skp; 501 502 skp = smk_of_task(smack_cred(current_cred())); 503 504 return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 505 } 506 507 /** 508 * smack_syslog - Smack approval on syslog 509 * @typefrom_file: unused 510 * 511 * Returns 0 on success, error code otherwise. 512 */ 513 static int smack_syslog(int typefrom_file) 514 { 515 int rc = 0; 516 struct smack_known *skp = smk_of_current(); 517 518 if (smack_privileged(CAP_MAC_OVERRIDE)) 519 return 0; 520 521 if (smack_syslog_label != NULL && smack_syslog_label != skp) 522 rc = -EACCES; 523 524 return rc; 525 } 526 527 /* 528 * Superblock Hooks. 529 */ 530 531 /** 532 * smack_sb_alloc_security - allocate a superblock blob 533 * @sb: the superblock getting the blob 534 * 535 * Returns 0 on success or -ENOMEM on error. 536 */ 537 static int smack_sb_alloc_security(struct super_block *sb) 538 { 539 struct superblock_smack *sbsp = smack_superblock(sb); 540 541 sbsp->smk_root = &smack_known_floor; 542 sbsp->smk_default = &smack_known_floor; 543 sbsp->smk_floor = &smack_known_floor; 544 sbsp->smk_hat = &smack_known_hat; 545 /* 546 * SMK_SB_INITIALIZED will be zero from kzalloc. 547 */ 548 549 return 0; 550 } 551 552 struct smack_mnt_opts { 553 const char *fsdefault; 554 const char *fsfloor; 555 const char *fshat; 556 const char *fsroot; 557 const char *fstransmute; 558 }; 559 560 static void smack_free_mnt_opts(void *mnt_opts) 561 { 562 kfree(mnt_opts); 563 } 564 565 static int smack_add_opt(int token, const char *s, void **mnt_opts) 566 { 567 struct smack_mnt_opts *opts = *mnt_opts; 568 struct smack_known *skp; 569 570 if (!opts) { 571 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 572 if (!opts) 573 return -ENOMEM; 574 *mnt_opts = opts; 575 } 576 if (!s) 577 return -ENOMEM; 578 579 skp = smk_import_entry(s, 0); 580 if (IS_ERR(skp)) 581 return PTR_ERR(skp); 582 583 switch (token) { 584 case Opt_fsdefault: 585 if (opts->fsdefault) 586 goto out_opt_err; 587 opts->fsdefault = skp->smk_known; 588 break; 589 case Opt_fsfloor: 590 if (opts->fsfloor) 591 goto out_opt_err; 592 opts->fsfloor = skp->smk_known; 593 break; 594 case Opt_fshat: 595 if (opts->fshat) 596 goto out_opt_err; 597 opts->fshat = skp->smk_known; 598 break; 599 case Opt_fsroot: 600 if (opts->fsroot) 601 goto out_opt_err; 602 opts->fsroot = skp->smk_known; 603 break; 604 case Opt_fstransmute: 605 if (opts->fstransmute) 606 goto out_opt_err; 607 opts->fstransmute = skp->smk_known; 608 break; 609 } 610 return 0; 611 612 out_opt_err: 613 pr_warn("Smack: duplicate mount options\n"); 614 return -EINVAL; 615 } 616 617 /** 618 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 619 * @fc: The new filesystem context. 620 * @src_fc: The source filesystem context being duplicated. 621 * 622 * Returns 0 on success or -ENOMEM on error. 623 */ 624 static int smack_fs_context_dup(struct fs_context *fc, 625 struct fs_context *src_fc) 626 { 627 struct smack_mnt_opts *dst, *src = src_fc->security; 628 629 if (!src) 630 return 0; 631 632 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 633 if (!fc->security) 634 return -ENOMEM; 635 636 dst = fc->security; 637 dst->fsdefault = src->fsdefault; 638 dst->fsfloor = src->fsfloor; 639 dst->fshat = src->fshat; 640 dst->fsroot = src->fsroot; 641 dst->fstransmute = src->fstransmute; 642 643 return 0; 644 } 645 646 static const struct fs_parameter_spec smack_fs_parameters[] = { 647 fsparam_string("smackfsdef", Opt_fsdefault), 648 fsparam_string("smackfsdefault", Opt_fsdefault), 649 fsparam_string("smackfsfloor", Opt_fsfloor), 650 fsparam_string("smackfshat", Opt_fshat), 651 fsparam_string("smackfsroot", Opt_fsroot), 652 fsparam_string("smackfstransmute", Opt_fstransmute), 653 {} 654 }; 655 656 /** 657 * smack_fs_context_parse_param - Parse a single mount parameter 658 * @fc: The new filesystem context being constructed. 659 * @param: The parameter. 660 * 661 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 662 * error. 663 */ 664 static int smack_fs_context_parse_param(struct fs_context *fc, 665 struct fs_parameter *param) 666 { 667 struct fs_parse_result result; 668 int opt, rc; 669 670 opt = fs_parse(fc, smack_fs_parameters, param, &result); 671 if (opt < 0) 672 return opt; 673 674 rc = smack_add_opt(opt, param->string, &fc->security); 675 if (!rc) 676 param->string = NULL; 677 return rc; 678 } 679 680 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 681 { 682 char *from = options, *to = options; 683 bool first = true; 684 685 while (1) { 686 char *next = strchr(from, ','); 687 int token, len, rc; 688 char *arg = NULL; 689 690 if (next) 691 len = next - from; 692 else 693 len = strlen(from); 694 695 token = match_opt_prefix(from, len, &arg); 696 if (token != Opt_error) { 697 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 698 rc = smack_add_opt(token, arg, mnt_opts); 699 kfree(arg); 700 if (unlikely(rc)) { 701 if (*mnt_opts) 702 smack_free_mnt_opts(*mnt_opts); 703 *mnt_opts = NULL; 704 return rc; 705 } 706 } else { 707 if (!first) { // copy with preceding comma 708 from--; 709 len++; 710 } 711 if (to != from) 712 memmove(to, from, len); 713 to += len; 714 first = false; 715 } 716 if (!from[len]) 717 break; 718 from += len + 1; 719 } 720 *to = '\0'; 721 return 0; 722 } 723 724 /** 725 * smack_set_mnt_opts - set Smack specific mount options 726 * @sb: the file system superblock 727 * @mnt_opts: Smack mount options 728 * @kern_flags: mount option from kernel space or user space 729 * @set_kern_flags: where to store converted mount opts 730 * 731 * Returns 0 on success, an error code on failure 732 * 733 * Allow filesystems with binary mount data to explicitly set Smack mount 734 * labels. 735 */ 736 static int smack_set_mnt_opts(struct super_block *sb, 737 void *mnt_opts, 738 unsigned long kern_flags, 739 unsigned long *set_kern_flags) 740 { 741 struct dentry *root = sb->s_root; 742 struct inode *inode = d_backing_inode(root); 743 struct superblock_smack *sp = smack_superblock(sb); 744 struct inode_smack *isp; 745 struct smack_known *skp; 746 struct smack_mnt_opts *opts = mnt_opts; 747 bool transmute = false; 748 749 if (sp->smk_flags & SMK_SB_INITIALIZED) 750 return 0; 751 752 if (!smack_privileged(CAP_MAC_ADMIN)) { 753 /* 754 * Unprivileged mounts don't get to specify Smack values. 755 */ 756 if (opts) 757 return -EPERM; 758 /* 759 * Unprivileged mounts get root and default from the caller. 760 */ 761 skp = smk_of_current(); 762 sp->smk_root = skp; 763 sp->smk_default = skp; 764 /* 765 * For a handful of fs types with no user-controlled 766 * backing store it's okay to trust security labels 767 * in the filesystem. The rest are untrusted. 768 */ 769 if (sb->s_user_ns != &init_user_ns && 770 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 771 sb->s_magic != RAMFS_MAGIC) { 772 transmute = true; 773 sp->smk_flags |= SMK_SB_UNTRUSTED; 774 } 775 } 776 777 sp->smk_flags |= SMK_SB_INITIALIZED; 778 779 if (opts) { 780 if (opts->fsdefault) { 781 skp = smk_import_entry(opts->fsdefault, 0); 782 if (IS_ERR(skp)) 783 return PTR_ERR(skp); 784 sp->smk_default = skp; 785 } 786 if (opts->fsfloor) { 787 skp = smk_import_entry(opts->fsfloor, 0); 788 if (IS_ERR(skp)) 789 return PTR_ERR(skp); 790 sp->smk_floor = skp; 791 } 792 if (opts->fshat) { 793 skp = smk_import_entry(opts->fshat, 0); 794 if (IS_ERR(skp)) 795 return PTR_ERR(skp); 796 sp->smk_hat = skp; 797 } 798 if (opts->fsroot) { 799 skp = smk_import_entry(opts->fsroot, 0); 800 if (IS_ERR(skp)) 801 return PTR_ERR(skp); 802 sp->smk_root = skp; 803 } 804 if (opts->fstransmute) { 805 skp = smk_import_entry(opts->fstransmute, 0); 806 if (IS_ERR(skp)) 807 return PTR_ERR(skp); 808 sp->smk_root = skp; 809 transmute = true; 810 } 811 } 812 813 /* 814 * Initialize the root inode. 815 */ 816 init_inode_smack(inode, sp->smk_root); 817 818 if (transmute) { 819 isp = smack_inode(inode); 820 isp->smk_flags |= SMK_INODE_TRANSMUTE; 821 } 822 823 return 0; 824 } 825 826 /** 827 * smack_sb_statfs - Smack check on statfs 828 * @dentry: identifies the file system in question 829 * 830 * Returns 0 if current can read the floor of the filesystem, 831 * and error code otherwise 832 */ 833 static int smack_sb_statfs(struct dentry *dentry) 834 { 835 struct superblock_smack *sbp = smack_superblock(dentry->d_sb); 836 int rc; 837 struct smk_audit_info ad; 838 839 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 840 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 841 842 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 843 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 844 return rc; 845 } 846 847 /* 848 * BPRM hooks 849 */ 850 851 /** 852 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 853 * @bprm: the exec information 854 * 855 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 856 */ 857 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 858 { 859 struct inode *inode = file_inode(bprm->file); 860 struct task_smack *bsp = smack_cred(bprm->cred); 861 struct inode_smack *isp; 862 struct superblock_smack *sbsp; 863 int rc; 864 865 isp = smack_inode(inode); 866 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 867 return 0; 868 869 sbsp = smack_superblock(inode->i_sb); 870 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 871 isp->smk_task != sbsp->smk_root) 872 return 0; 873 874 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 875 struct task_struct *tracer; 876 rc = 0; 877 878 rcu_read_lock(); 879 tracer = ptrace_parent(current); 880 if (likely(tracer != NULL)) 881 rc = smk_ptrace_rule_check(tracer, 882 isp->smk_task, 883 PTRACE_MODE_ATTACH, 884 __func__); 885 rcu_read_unlock(); 886 887 if (rc != 0) 888 return rc; 889 } 890 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 891 return -EPERM; 892 893 bsp->smk_task = isp->smk_task; 894 bprm->per_clear |= PER_CLEAR_ON_SETID; 895 896 /* Decide if this is a secure exec. */ 897 if (bsp->smk_task != bsp->smk_forked) 898 bprm->secureexec = 1; 899 900 return 0; 901 } 902 903 /* 904 * Inode hooks 905 */ 906 907 /** 908 * smack_inode_alloc_security - allocate an inode blob 909 * @inode: the inode in need of a blob 910 * 911 * Returns 0 912 */ 913 static int smack_inode_alloc_security(struct inode *inode) 914 { 915 struct smack_known *skp = smk_of_current(); 916 917 init_inode_smack(inode, skp); 918 return 0; 919 } 920 921 /** 922 * smack_inode_init_security - copy out the smack from an inode 923 * @inode: the newly created inode 924 * @dir: containing directory object 925 * @qstr: unused 926 * @name: where to put the attribute name 927 * @value: where to put the attribute value 928 * @len: where to put the length of the attribute 929 * 930 * Returns 0 if it all works out, -ENOMEM if there's no memory 931 */ 932 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 933 const struct qstr *qstr, const char **name, 934 void **value, size_t *len) 935 { 936 struct task_smack *tsp = smack_cred(current_cred()); 937 struct inode_smack *issp = smack_inode(inode); 938 struct smack_known *skp = smk_of_task(tsp); 939 struct smack_known *isp = smk_of_inode(inode); 940 struct smack_known *dsp = smk_of_inode(dir); 941 int may; 942 943 if (name) 944 *name = XATTR_SMACK_SUFFIX; 945 946 if (value && len) { 947 /* 948 * If equal, transmuting already occurred in 949 * smack_dentry_create_files_as(). No need to check again. 950 */ 951 if (tsp->smk_task != tsp->smk_transmuted) { 952 rcu_read_lock(); 953 may = smk_access_entry(skp->smk_known, dsp->smk_known, 954 &skp->smk_rules); 955 rcu_read_unlock(); 956 } 957 958 /* 959 * In addition to having smk_task equal to smk_transmuted, 960 * if the access rule allows transmutation and the directory 961 * requests transmutation then by all means transmute. 962 * Mark the inode as changed. 963 */ 964 if ((tsp->smk_task == tsp->smk_transmuted) || 965 (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 966 smk_inode_transmutable(dir))) { 967 /* 968 * The caller of smack_dentry_create_files_as() 969 * should have overridden the current cred, so the 970 * inode label was already set correctly in 971 * smack_inode_alloc_security(). 972 */ 973 if (tsp->smk_task != tsp->smk_transmuted) 974 isp = dsp; 975 issp->smk_flags |= SMK_INODE_CHANGED; 976 } 977 978 *value = kstrdup(isp->smk_known, GFP_NOFS); 979 if (*value == NULL) 980 return -ENOMEM; 981 982 *len = strlen(isp->smk_known); 983 } 984 985 return 0; 986 } 987 988 /** 989 * smack_inode_link - Smack check on link 990 * @old_dentry: the existing object 991 * @dir: unused 992 * @new_dentry: the new object 993 * 994 * Returns 0 if access is permitted, an error code otherwise 995 */ 996 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 997 struct dentry *new_dentry) 998 { 999 struct smack_known *isp; 1000 struct smk_audit_info ad; 1001 int rc; 1002 1003 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1004 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1005 1006 isp = smk_of_inode(d_backing_inode(old_dentry)); 1007 rc = smk_curacc(isp, MAY_WRITE, &ad); 1008 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1009 1010 if (rc == 0 && d_is_positive(new_dentry)) { 1011 isp = smk_of_inode(d_backing_inode(new_dentry)); 1012 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1013 rc = smk_curacc(isp, MAY_WRITE, &ad); 1014 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1015 } 1016 1017 return rc; 1018 } 1019 1020 /** 1021 * smack_inode_unlink - Smack check on inode deletion 1022 * @dir: containing directory object 1023 * @dentry: file to unlink 1024 * 1025 * Returns 0 if current can write the containing directory 1026 * and the object, error code otherwise 1027 */ 1028 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1029 { 1030 struct inode *ip = d_backing_inode(dentry); 1031 struct smk_audit_info ad; 1032 int rc; 1033 1034 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1035 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1036 1037 /* 1038 * You need write access to the thing you're unlinking 1039 */ 1040 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1041 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1042 if (rc == 0) { 1043 /* 1044 * You also need write access to the containing directory 1045 */ 1046 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1047 smk_ad_setfield_u_fs_inode(&ad, dir); 1048 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1049 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1050 } 1051 return rc; 1052 } 1053 1054 /** 1055 * smack_inode_rmdir - Smack check on directory deletion 1056 * @dir: containing directory object 1057 * @dentry: directory to unlink 1058 * 1059 * Returns 0 if current can write the containing directory 1060 * and the directory, error code otherwise 1061 */ 1062 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1063 { 1064 struct smk_audit_info ad; 1065 int rc; 1066 1067 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1068 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1069 1070 /* 1071 * You need write access to the thing you're removing 1072 */ 1073 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1074 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1075 if (rc == 0) { 1076 /* 1077 * You also need write access to the containing directory 1078 */ 1079 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1080 smk_ad_setfield_u_fs_inode(&ad, dir); 1081 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1082 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1083 } 1084 1085 return rc; 1086 } 1087 1088 /** 1089 * smack_inode_rename - Smack check on rename 1090 * @old_inode: unused 1091 * @old_dentry: the old object 1092 * @new_inode: unused 1093 * @new_dentry: the new object 1094 * 1095 * Read and write access is required on both the old and 1096 * new directories. 1097 * 1098 * Returns 0 if access is permitted, an error code otherwise 1099 */ 1100 static int smack_inode_rename(struct inode *old_inode, 1101 struct dentry *old_dentry, 1102 struct inode *new_inode, 1103 struct dentry *new_dentry) 1104 { 1105 int rc; 1106 struct smack_known *isp; 1107 struct smk_audit_info ad; 1108 1109 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1110 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1111 1112 isp = smk_of_inode(d_backing_inode(old_dentry)); 1113 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1114 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1115 1116 if (rc == 0 && d_is_positive(new_dentry)) { 1117 isp = smk_of_inode(d_backing_inode(new_dentry)); 1118 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1119 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1120 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1121 } 1122 return rc; 1123 } 1124 1125 /** 1126 * smack_inode_permission - Smack version of permission() 1127 * @inode: the inode in question 1128 * @mask: the access requested 1129 * 1130 * This is the important Smack hook. 1131 * 1132 * Returns 0 if access is permitted, an error code otherwise 1133 */ 1134 static int smack_inode_permission(struct inode *inode, int mask) 1135 { 1136 struct superblock_smack *sbsp = smack_superblock(inode->i_sb); 1137 struct smk_audit_info ad; 1138 int no_block = mask & MAY_NOT_BLOCK; 1139 int rc; 1140 1141 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1142 /* 1143 * No permission to check. Existence test. Yup, it's there. 1144 */ 1145 if (mask == 0) 1146 return 0; 1147 1148 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1149 if (smk_of_inode(inode) != sbsp->smk_root) 1150 return -EACCES; 1151 } 1152 1153 /* May be droppable after audit */ 1154 if (no_block) 1155 return -ECHILD; 1156 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1157 smk_ad_setfield_u_fs_inode(&ad, inode); 1158 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1159 rc = smk_bu_inode(inode, mask, rc); 1160 return rc; 1161 } 1162 1163 /** 1164 * smack_inode_setattr - Smack check for setting attributes 1165 * @dentry: the object 1166 * @iattr: for the force flag 1167 * 1168 * Returns 0 if access is permitted, an error code otherwise 1169 */ 1170 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1171 { 1172 struct smk_audit_info ad; 1173 int rc; 1174 1175 /* 1176 * Need to allow for clearing the setuid bit. 1177 */ 1178 if (iattr->ia_valid & ATTR_FORCE) 1179 return 0; 1180 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1181 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1182 1183 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1184 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1185 return rc; 1186 } 1187 1188 /** 1189 * smack_inode_getattr - Smack check for getting attributes 1190 * @path: path to extract the info from 1191 * 1192 * Returns 0 if access is permitted, an error code otherwise 1193 */ 1194 static int smack_inode_getattr(const struct path *path) 1195 { 1196 struct smk_audit_info ad; 1197 struct inode *inode = d_backing_inode(path->dentry); 1198 int rc; 1199 1200 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1201 smk_ad_setfield_u_fs_path(&ad, *path); 1202 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1203 rc = smk_bu_inode(inode, MAY_READ, rc); 1204 return rc; 1205 } 1206 1207 /** 1208 * smack_inode_setxattr - Smack check for setting xattrs 1209 * @idmap: idmap of the mount 1210 * @dentry: the object 1211 * @name: name of the attribute 1212 * @value: value of the attribute 1213 * @size: size of the value 1214 * @flags: unused 1215 * 1216 * This protects the Smack attribute explicitly. 1217 * 1218 * Returns 0 if access is permitted, an error code otherwise 1219 */ 1220 static int smack_inode_setxattr(struct mnt_idmap *idmap, 1221 struct dentry *dentry, const char *name, 1222 const void *value, size_t size, int flags) 1223 { 1224 struct smk_audit_info ad; 1225 struct smack_known *skp; 1226 int check_priv = 0; 1227 int check_import = 0; 1228 int check_star = 0; 1229 int rc = 0; 1230 1231 /* 1232 * Check label validity here so import won't fail in post_setxattr 1233 */ 1234 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1235 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1236 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1237 check_priv = 1; 1238 check_import = 1; 1239 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1240 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1241 check_priv = 1; 1242 check_import = 1; 1243 check_star = 1; 1244 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1245 check_priv = 1; 1246 if (size != TRANS_TRUE_SIZE || 1247 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1248 rc = -EINVAL; 1249 } else 1250 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1251 1252 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1253 rc = -EPERM; 1254 1255 if (rc == 0 && check_import) { 1256 skp = size ? smk_import_entry(value, size) : NULL; 1257 if (IS_ERR(skp)) 1258 rc = PTR_ERR(skp); 1259 else if (skp == NULL || (check_star && 1260 (skp == &smack_known_star || skp == &smack_known_web))) 1261 rc = -EINVAL; 1262 } 1263 1264 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1265 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1266 1267 if (rc == 0) { 1268 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1269 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1270 } 1271 1272 return rc; 1273 } 1274 1275 /** 1276 * smack_inode_post_setxattr - Apply the Smack update approved above 1277 * @dentry: object 1278 * @name: attribute name 1279 * @value: attribute value 1280 * @size: attribute size 1281 * @flags: unused 1282 * 1283 * Set the pointer in the inode blob to the entry found 1284 * in the master label list. 1285 */ 1286 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1287 const void *value, size_t size, int flags) 1288 { 1289 struct smack_known *skp; 1290 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1291 1292 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1293 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1294 return; 1295 } 1296 1297 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1298 skp = smk_import_entry(value, size); 1299 if (!IS_ERR(skp)) 1300 isp->smk_inode = skp; 1301 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1302 skp = smk_import_entry(value, size); 1303 if (!IS_ERR(skp)) 1304 isp->smk_task = skp; 1305 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1306 skp = smk_import_entry(value, size); 1307 if (!IS_ERR(skp)) 1308 isp->smk_mmap = skp; 1309 } 1310 1311 return; 1312 } 1313 1314 /** 1315 * smack_inode_getxattr - Smack check on getxattr 1316 * @dentry: the object 1317 * @name: unused 1318 * 1319 * Returns 0 if access is permitted, an error code otherwise 1320 */ 1321 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1322 { 1323 struct smk_audit_info ad; 1324 int rc; 1325 1326 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1327 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1328 1329 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1330 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1331 return rc; 1332 } 1333 1334 /** 1335 * smack_inode_removexattr - Smack check on removexattr 1336 * @idmap: idmap of the mount 1337 * @dentry: the object 1338 * @name: name of the attribute 1339 * 1340 * Removing the Smack attribute requires CAP_MAC_ADMIN 1341 * 1342 * Returns 0 if access is permitted, an error code otherwise 1343 */ 1344 static int smack_inode_removexattr(struct mnt_idmap *idmap, 1345 struct dentry *dentry, const char *name) 1346 { 1347 struct inode_smack *isp; 1348 struct smk_audit_info ad; 1349 int rc = 0; 1350 1351 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1352 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1353 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1354 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1355 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1356 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1357 if (!smack_privileged(CAP_MAC_ADMIN)) 1358 rc = -EPERM; 1359 } else 1360 rc = cap_inode_removexattr(idmap, dentry, name); 1361 1362 if (rc != 0) 1363 return rc; 1364 1365 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1366 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1367 1368 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1369 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1370 if (rc != 0) 1371 return rc; 1372 1373 isp = smack_inode(d_backing_inode(dentry)); 1374 /* 1375 * Don't do anything special for these. 1376 * XATTR_NAME_SMACKIPIN 1377 * XATTR_NAME_SMACKIPOUT 1378 */ 1379 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1380 struct super_block *sbp = dentry->d_sb; 1381 struct superblock_smack *sbsp = smack_superblock(sbp); 1382 1383 isp->smk_inode = sbsp->smk_default; 1384 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1385 isp->smk_task = NULL; 1386 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1387 isp->smk_mmap = NULL; 1388 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1389 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1390 1391 return 0; 1392 } 1393 1394 /** 1395 * smack_inode_set_acl - Smack check for setting posix acls 1396 * @idmap: idmap of the mnt this request came from 1397 * @dentry: the object 1398 * @acl_name: name of the posix acl 1399 * @kacl: the posix acls 1400 * 1401 * Returns 0 if access is permitted, an error code otherwise 1402 */ 1403 static int smack_inode_set_acl(struct mnt_idmap *idmap, 1404 struct dentry *dentry, const char *acl_name, 1405 struct posix_acl *kacl) 1406 { 1407 struct smk_audit_info ad; 1408 int rc; 1409 1410 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1411 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1412 1413 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1414 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1415 return rc; 1416 } 1417 1418 /** 1419 * smack_inode_get_acl - Smack check for getting posix acls 1420 * @idmap: idmap of the mnt this request came from 1421 * @dentry: the object 1422 * @acl_name: name of the posix acl 1423 * 1424 * Returns 0 if access is permitted, an error code otherwise 1425 */ 1426 static int smack_inode_get_acl(struct mnt_idmap *idmap, 1427 struct dentry *dentry, const char *acl_name) 1428 { 1429 struct smk_audit_info ad; 1430 int rc; 1431 1432 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1433 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1434 1435 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1436 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1437 return rc; 1438 } 1439 1440 /** 1441 * smack_inode_remove_acl - Smack check for getting posix acls 1442 * @idmap: idmap of the mnt this request came from 1443 * @dentry: the object 1444 * @acl_name: name of the posix acl 1445 * 1446 * Returns 0 if access is permitted, an error code otherwise 1447 */ 1448 static int smack_inode_remove_acl(struct mnt_idmap *idmap, 1449 struct dentry *dentry, const char *acl_name) 1450 { 1451 struct smk_audit_info ad; 1452 int rc; 1453 1454 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1455 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1456 1457 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1458 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1459 return rc; 1460 } 1461 1462 /** 1463 * smack_inode_getsecurity - get smack xattrs 1464 * @idmap: idmap of the mount 1465 * @inode: the object 1466 * @name: attribute name 1467 * @buffer: where to put the result 1468 * @alloc: duplicate memory 1469 * 1470 * Returns the size of the attribute or an error code 1471 */ 1472 static int smack_inode_getsecurity(struct mnt_idmap *idmap, 1473 struct inode *inode, const char *name, 1474 void **buffer, bool alloc) 1475 { 1476 struct socket_smack *ssp; 1477 struct socket *sock; 1478 struct super_block *sbp; 1479 struct inode *ip = inode; 1480 struct smack_known *isp; 1481 struct inode_smack *ispp; 1482 size_t label_len; 1483 char *label = NULL; 1484 1485 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1486 isp = smk_of_inode(inode); 1487 } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) { 1488 ispp = smack_inode(inode); 1489 if (ispp->smk_flags & SMK_INODE_TRANSMUTE) 1490 label = TRANS_TRUE; 1491 else 1492 label = ""; 1493 } else { 1494 /* 1495 * The rest of the Smack xattrs are only on sockets. 1496 */ 1497 sbp = ip->i_sb; 1498 if (sbp->s_magic != SOCKFS_MAGIC) 1499 return -EOPNOTSUPP; 1500 1501 sock = SOCKET_I(ip); 1502 if (sock == NULL || sock->sk == NULL) 1503 return -EOPNOTSUPP; 1504 1505 ssp = sock->sk->sk_security; 1506 1507 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1508 isp = ssp->smk_in; 1509 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1510 isp = ssp->smk_out; 1511 else 1512 return -EOPNOTSUPP; 1513 } 1514 1515 if (!label) 1516 label = isp->smk_known; 1517 1518 label_len = strlen(label); 1519 1520 if (alloc) { 1521 *buffer = kstrdup(label, GFP_KERNEL); 1522 if (*buffer == NULL) 1523 return -ENOMEM; 1524 } 1525 1526 return label_len; 1527 } 1528 1529 1530 /** 1531 * smack_inode_listsecurity - list the Smack attributes 1532 * @inode: the object 1533 * @buffer: where they go 1534 * @buffer_size: size of buffer 1535 */ 1536 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1537 size_t buffer_size) 1538 { 1539 int len = sizeof(XATTR_NAME_SMACK); 1540 1541 if (buffer != NULL && len <= buffer_size) 1542 memcpy(buffer, XATTR_NAME_SMACK, len); 1543 1544 return len; 1545 } 1546 1547 /** 1548 * smack_inode_getsecid - Extract inode's security id 1549 * @inode: inode to extract the info from 1550 * @secid: where result will be saved 1551 */ 1552 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1553 { 1554 struct smack_known *skp = smk_of_inode(inode); 1555 1556 *secid = skp->smk_secid; 1557 } 1558 1559 /* 1560 * File Hooks 1561 */ 1562 1563 /* 1564 * There is no smack_file_permission hook 1565 * 1566 * Should access checks be done on each read or write? 1567 * UNICOS and SELinux say yes. 1568 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1569 * 1570 * I'll say no for now. Smack does not do the frequent 1571 * label changing that SELinux does. 1572 */ 1573 1574 /** 1575 * smack_file_alloc_security - assign a file security blob 1576 * @file: the object 1577 * 1578 * The security blob for a file is a pointer to the master 1579 * label list, so no allocation is done. 1580 * 1581 * f_security is the owner security information. It 1582 * isn't used on file access checks, it's for send_sigio. 1583 * 1584 * Returns 0 1585 */ 1586 static int smack_file_alloc_security(struct file *file) 1587 { 1588 struct smack_known **blob = smack_file(file); 1589 1590 *blob = smk_of_current(); 1591 return 0; 1592 } 1593 1594 /** 1595 * smack_file_ioctl - Smack check on ioctls 1596 * @file: the object 1597 * @cmd: what to do 1598 * @arg: unused 1599 * 1600 * Relies heavily on the correct use of the ioctl command conventions. 1601 * 1602 * Returns 0 if allowed, error code otherwise 1603 */ 1604 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1605 unsigned long arg) 1606 { 1607 int rc = 0; 1608 struct smk_audit_info ad; 1609 struct inode *inode = file_inode(file); 1610 1611 if (unlikely(IS_PRIVATE(inode))) 1612 return 0; 1613 1614 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1615 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1616 1617 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1618 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1619 rc = smk_bu_file(file, MAY_WRITE, rc); 1620 } 1621 1622 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1623 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1624 rc = smk_bu_file(file, MAY_READ, rc); 1625 } 1626 1627 return rc; 1628 } 1629 1630 /** 1631 * smack_file_lock - Smack check on file locking 1632 * @file: the object 1633 * @cmd: unused 1634 * 1635 * Returns 0 if current has lock access, error code otherwise 1636 */ 1637 static int smack_file_lock(struct file *file, unsigned int cmd) 1638 { 1639 struct smk_audit_info ad; 1640 int rc; 1641 struct inode *inode = file_inode(file); 1642 1643 if (unlikely(IS_PRIVATE(inode))) 1644 return 0; 1645 1646 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1647 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1648 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1649 rc = smk_bu_file(file, MAY_LOCK, rc); 1650 return rc; 1651 } 1652 1653 /** 1654 * smack_file_fcntl - Smack check on fcntl 1655 * @file: the object 1656 * @cmd: what action to check 1657 * @arg: unused 1658 * 1659 * Generally these operations are harmless. 1660 * File locking operations present an obvious mechanism 1661 * for passing information, so they require write access. 1662 * 1663 * Returns 0 if current has access, error code otherwise 1664 */ 1665 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1666 unsigned long arg) 1667 { 1668 struct smk_audit_info ad; 1669 int rc = 0; 1670 struct inode *inode = file_inode(file); 1671 1672 if (unlikely(IS_PRIVATE(inode))) 1673 return 0; 1674 1675 switch (cmd) { 1676 case F_GETLK: 1677 break; 1678 case F_SETLK: 1679 case F_SETLKW: 1680 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1681 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1682 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1683 rc = smk_bu_file(file, MAY_LOCK, rc); 1684 break; 1685 case F_SETOWN: 1686 case F_SETSIG: 1687 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1688 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1689 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1690 rc = smk_bu_file(file, MAY_WRITE, rc); 1691 break; 1692 default: 1693 break; 1694 } 1695 1696 return rc; 1697 } 1698 1699 /** 1700 * smack_mmap_file - Check permissions for a mmap operation. 1701 * @file: contains the file structure for file to map (may be NULL). 1702 * @reqprot: contains the protection requested by the application. 1703 * @prot: contains the protection that will be applied by the kernel. 1704 * @flags: contains the operational flags. 1705 * 1706 * The @file may be NULL, e.g. if mapping anonymous memory. 1707 * 1708 * Return 0 if permission is granted. 1709 */ 1710 static int smack_mmap_file(struct file *file, 1711 unsigned long reqprot, unsigned long prot, 1712 unsigned long flags) 1713 { 1714 struct smack_known *skp; 1715 struct smack_known *mkp; 1716 struct smack_rule *srp; 1717 struct task_smack *tsp; 1718 struct smack_known *okp; 1719 struct inode_smack *isp; 1720 struct superblock_smack *sbsp; 1721 int may; 1722 int mmay; 1723 int tmay; 1724 int rc; 1725 1726 if (file == NULL) 1727 return 0; 1728 1729 if (unlikely(IS_PRIVATE(file_inode(file)))) 1730 return 0; 1731 1732 isp = smack_inode(file_inode(file)); 1733 if (isp->smk_mmap == NULL) 1734 return 0; 1735 sbsp = smack_superblock(file_inode(file)->i_sb); 1736 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1737 isp->smk_mmap != sbsp->smk_root) 1738 return -EACCES; 1739 mkp = isp->smk_mmap; 1740 1741 tsp = smack_cred(current_cred()); 1742 skp = smk_of_current(); 1743 rc = 0; 1744 1745 rcu_read_lock(); 1746 /* 1747 * For each Smack rule associated with the subject 1748 * label verify that the SMACK64MMAP also has access 1749 * to that rule's object label. 1750 */ 1751 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1752 okp = srp->smk_object; 1753 /* 1754 * Matching labels always allows access. 1755 */ 1756 if (mkp->smk_known == okp->smk_known) 1757 continue; 1758 /* 1759 * If there is a matching local rule take 1760 * that into account as well. 1761 */ 1762 may = smk_access_entry(srp->smk_subject->smk_known, 1763 okp->smk_known, 1764 &tsp->smk_rules); 1765 if (may == -ENOENT) 1766 may = srp->smk_access; 1767 else 1768 may &= srp->smk_access; 1769 /* 1770 * If may is zero the SMACK64MMAP subject can't 1771 * possibly have less access. 1772 */ 1773 if (may == 0) 1774 continue; 1775 1776 /* 1777 * Fetch the global list entry. 1778 * If there isn't one a SMACK64MMAP subject 1779 * can't have as much access as current. 1780 */ 1781 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1782 &mkp->smk_rules); 1783 if (mmay == -ENOENT) { 1784 rc = -EACCES; 1785 break; 1786 } 1787 /* 1788 * If there is a local entry it modifies the 1789 * potential access, too. 1790 */ 1791 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1792 &tsp->smk_rules); 1793 if (tmay != -ENOENT) 1794 mmay &= tmay; 1795 1796 /* 1797 * If there is any access available to current that is 1798 * not available to a SMACK64MMAP subject 1799 * deny access. 1800 */ 1801 if ((may | mmay) != mmay) { 1802 rc = -EACCES; 1803 break; 1804 } 1805 } 1806 1807 rcu_read_unlock(); 1808 1809 return rc; 1810 } 1811 1812 /** 1813 * smack_file_set_fowner - set the file security blob value 1814 * @file: object in question 1815 * 1816 */ 1817 static void smack_file_set_fowner(struct file *file) 1818 { 1819 struct smack_known **blob = smack_file(file); 1820 1821 *blob = smk_of_current(); 1822 } 1823 1824 /** 1825 * smack_file_send_sigiotask - Smack on sigio 1826 * @tsk: The target task 1827 * @fown: the object the signal come from 1828 * @signum: unused 1829 * 1830 * Allow a privileged task to get signals even if it shouldn't 1831 * 1832 * Returns 0 if a subject with the object's smack could 1833 * write to the task, an error code otherwise. 1834 */ 1835 static int smack_file_send_sigiotask(struct task_struct *tsk, 1836 struct fown_struct *fown, int signum) 1837 { 1838 struct smack_known **blob; 1839 struct smack_known *skp; 1840 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1841 const struct cred *tcred; 1842 struct file *file; 1843 int rc; 1844 struct smk_audit_info ad; 1845 1846 /* 1847 * struct fown_struct is never outside the context of a struct file 1848 */ 1849 file = container_of(fown, struct file, f_owner); 1850 1851 /* we don't log here as rc can be overriden */ 1852 blob = smack_file(file); 1853 skp = *blob; 1854 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1855 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1856 1857 rcu_read_lock(); 1858 tcred = __task_cred(tsk); 1859 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1860 rc = 0; 1861 rcu_read_unlock(); 1862 1863 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1864 smk_ad_setfield_u_tsk(&ad, tsk); 1865 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1866 return rc; 1867 } 1868 1869 /** 1870 * smack_file_receive - Smack file receive check 1871 * @file: the object 1872 * 1873 * Returns 0 if current has access, error code otherwise 1874 */ 1875 static int smack_file_receive(struct file *file) 1876 { 1877 int rc; 1878 int may = 0; 1879 struct smk_audit_info ad; 1880 struct inode *inode = file_inode(file); 1881 struct socket *sock; 1882 struct task_smack *tsp; 1883 struct socket_smack *ssp; 1884 1885 if (unlikely(IS_PRIVATE(inode))) 1886 return 0; 1887 1888 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1889 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1890 1891 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1892 sock = SOCKET_I(inode); 1893 ssp = sock->sk->sk_security; 1894 tsp = smack_cred(current_cred()); 1895 /* 1896 * If the receiving process can't write to the 1897 * passed socket or if the passed socket can't 1898 * write to the receiving process don't accept 1899 * the passed socket. 1900 */ 1901 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1902 rc = smk_bu_file(file, may, rc); 1903 if (rc < 0) 1904 return rc; 1905 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1906 rc = smk_bu_file(file, may, rc); 1907 return rc; 1908 } 1909 /* 1910 * This code relies on bitmasks. 1911 */ 1912 if (file->f_mode & FMODE_READ) 1913 may = MAY_READ; 1914 if (file->f_mode & FMODE_WRITE) 1915 may |= MAY_WRITE; 1916 1917 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1918 rc = smk_bu_file(file, may, rc); 1919 return rc; 1920 } 1921 1922 /** 1923 * smack_file_open - Smack dentry open processing 1924 * @file: the object 1925 * 1926 * Set the security blob in the file structure. 1927 * Allow the open only if the task has read access. There are 1928 * many read operations (e.g. fstat) that you can do with an 1929 * fd even if you have the file open write-only. 1930 * 1931 * Returns 0 if current has access, error code otherwise 1932 */ 1933 static int smack_file_open(struct file *file) 1934 { 1935 struct task_smack *tsp = smack_cred(file->f_cred); 1936 struct inode *inode = file_inode(file); 1937 struct smk_audit_info ad; 1938 int rc; 1939 1940 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1941 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1942 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1943 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1944 1945 return rc; 1946 } 1947 1948 /* 1949 * Task hooks 1950 */ 1951 1952 /** 1953 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1954 * @cred: the new credentials 1955 * @gfp: the atomicity of any memory allocations 1956 * 1957 * Prepare a blank set of credentials for modification. This must allocate all 1958 * the memory the LSM module might require such that cred_transfer() can 1959 * complete without error. 1960 */ 1961 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1962 { 1963 init_task_smack(smack_cred(cred), NULL, NULL); 1964 return 0; 1965 } 1966 1967 1968 /** 1969 * smack_cred_free - "free" task-level security credentials 1970 * @cred: the credentials in question 1971 * 1972 */ 1973 static void smack_cred_free(struct cred *cred) 1974 { 1975 struct task_smack *tsp = smack_cred(cred); 1976 struct smack_rule *rp; 1977 struct list_head *l; 1978 struct list_head *n; 1979 1980 smk_destroy_label_list(&tsp->smk_relabel); 1981 1982 list_for_each_safe(l, n, &tsp->smk_rules) { 1983 rp = list_entry(l, struct smack_rule, list); 1984 list_del(&rp->list); 1985 kmem_cache_free(smack_rule_cache, rp); 1986 } 1987 } 1988 1989 /** 1990 * smack_cred_prepare - prepare new set of credentials for modification 1991 * @new: the new credentials 1992 * @old: the original credentials 1993 * @gfp: the atomicity of any memory allocations 1994 * 1995 * Prepare a new set of credentials for modification. 1996 */ 1997 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1998 gfp_t gfp) 1999 { 2000 struct task_smack *old_tsp = smack_cred(old); 2001 struct task_smack *new_tsp = smack_cred(new); 2002 int rc; 2003 2004 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 2005 2006 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 2007 if (rc != 0) 2008 return rc; 2009 2010 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 2011 gfp); 2012 return rc; 2013 } 2014 2015 /** 2016 * smack_cred_transfer - Transfer the old credentials to the new credentials 2017 * @new: the new credentials 2018 * @old: the original credentials 2019 * 2020 * Fill in a set of blank credentials from another set of credentials. 2021 */ 2022 static void smack_cred_transfer(struct cred *new, const struct cred *old) 2023 { 2024 struct task_smack *old_tsp = smack_cred(old); 2025 struct task_smack *new_tsp = smack_cred(new); 2026 2027 new_tsp->smk_task = old_tsp->smk_task; 2028 new_tsp->smk_forked = old_tsp->smk_task; 2029 mutex_init(&new_tsp->smk_rules_lock); 2030 INIT_LIST_HEAD(&new_tsp->smk_rules); 2031 2032 /* cbs copy rule list */ 2033 } 2034 2035 /** 2036 * smack_cred_getsecid - get the secid corresponding to a creds structure 2037 * @cred: the object creds 2038 * @secid: where to put the result 2039 * 2040 * Sets the secid to contain a u32 version of the smack label. 2041 */ 2042 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 2043 { 2044 struct smack_known *skp; 2045 2046 rcu_read_lock(); 2047 skp = smk_of_task(smack_cred(cred)); 2048 *secid = skp->smk_secid; 2049 rcu_read_unlock(); 2050 } 2051 2052 /** 2053 * smack_kernel_act_as - Set the subjective context in a set of credentials 2054 * @new: points to the set of credentials to be modified. 2055 * @secid: specifies the security ID to be set 2056 * 2057 * Set the security data for a kernel service. 2058 */ 2059 static int smack_kernel_act_as(struct cred *new, u32 secid) 2060 { 2061 struct task_smack *new_tsp = smack_cred(new); 2062 2063 new_tsp->smk_task = smack_from_secid(secid); 2064 return 0; 2065 } 2066 2067 /** 2068 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2069 * @new: points to the set of credentials to be modified 2070 * @inode: points to the inode to use as a reference 2071 * 2072 * Set the file creation context in a set of credentials to the same 2073 * as the objective context of the specified inode 2074 */ 2075 static int smack_kernel_create_files_as(struct cred *new, 2076 struct inode *inode) 2077 { 2078 struct inode_smack *isp = smack_inode(inode); 2079 struct task_smack *tsp = smack_cred(new); 2080 2081 tsp->smk_forked = isp->smk_inode; 2082 tsp->smk_task = tsp->smk_forked; 2083 return 0; 2084 } 2085 2086 /** 2087 * smk_curacc_on_task - helper to log task related access 2088 * @p: the task object 2089 * @access: the access requested 2090 * @caller: name of the calling function for audit 2091 * 2092 * Return 0 if access is permitted 2093 */ 2094 static int smk_curacc_on_task(struct task_struct *p, int access, 2095 const char *caller) 2096 { 2097 struct smk_audit_info ad; 2098 struct smack_known *skp = smk_of_task_struct_obj(p); 2099 int rc; 2100 2101 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2102 smk_ad_setfield_u_tsk(&ad, p); 2103 rc = smk_curacc(skp, access, &ad); 2104 rc = smk_bu_task(p, access, rc); 2105 return rc; 2106 } 2107 2108 /** 2109 * smack_task_setpgid - Smack check on setting pgid 2110 * @p: the task object 2111 * @pgid: unused 2112 * 2113 * Return 0 if write access is permitted 2114 */ 2115 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2116 { 2117 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2118 } 2119 2120 /** 2121 * smack_task_getpgid - Smack access check for getpgid 2122 * @p: the object task 2123 * 2124 * Returns 0 if current can read the object task, error code otherwise 2125 */ 2126 static int smack_task_getpgid(struct task_struct *p) 2127 { 2128 return smk_curacc_on_task(p, MAY_READ, __func__); 2129 } 2130 2131 /** 2132 * smack_task_getsid - Smack access check for getsid 2133 * @p: the object task 2134 * 2135 * Returns 0 if current can read the object task, error code otherwise 2136 */ 2137 static int smack_task_getsid(struct task_struct *p) 2138 { 2139 return smk_curacc_on_task(p, MAY_READ, __func__); 2140 } 2141 2142 /** 2143 * smack_current_getsecid_subj - get the subjective secid of the current task 2144 * @secid: where to put the result 2145 * 2146 * Sets the secid to contain a u32 version of the task's subjective smack label. 2147 */ 2148 static void smack_current_getsecid_subj(u32 *secid) 2149 { 2150 struct smack_known *skp = smk_of_current(); 2151 2152 *secid = skp->smk_secid; 2153 } 2154 2155 /** 2156 * smack_task_getsecid_obj - get the objective secid of the task 2157 * @p: the task 2158 * @secid: where to put the result 2159 * 2160 * Sets the secid to contain a u32 version of the task's objective smack label. 2161 */ 2162 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) 2163 { 2164 struct smack_known *skp = smk_of_task_struct_obj(p); 2165 2166 *secid = skp->smk_secid; 2167 } 2168 2169 /** 2170 * smack_task_setnice - Smack check on setting nice 2171 * @p: the task object 2172 * @nice: unused 2173 * 2174 * Return 0 if write access is permitted 2175 */ 2176 static int smack_task_setnice(struct task_struct *p, int nice) 2177 { 2178 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2179 } 2180 2181 /** 2182 * smack_task_setioprio - Smack check on setting ioprio 2183 * @p: the task object 2184 * @ioprio: unused 2185 * 2186 * Return 0 if write access is permitted 2187 */ 2188 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2189 { 2190 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2191 } 2192 2193 /** 2194 * smack_task_getioprio - Smack check on reading ioprio 2195 * @p: the task object 2196 * 2197 * Return 0 if read access is permitted 2198 */ 2199 static int smack_task_getioprio(struct task_struct *p) 2200 { 2201 return smk_curacc_on_task(p, MAY_READ, __func__); 2202 } 2203 2204 /** 2205 * smack_task_setscheduler - Smack check on setting scheduler 2206 * @p: the task object 2207 * 2208 * Return 0 if read access is permitted 2209 */ 2210 static int smack_task_setscheduler(struct task_struct *p) 2211 { 2212 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2213 } 2214 2215 /** 2216 * smack_task_getscheduler - Smack check on reading scheduler 2217 * @p: the task object 2218 * 2219 * Return 0 if read access is permitted 2220 */ 2221 static int smack_task_getscheduler(struct task_struct *p) 2222 { 2223 return smk_curacc_on_task(p, MAY_READ, __func__); 2224 } 2225 2226 /** 2227 * smack_task_movememory - Smack check on moving memory 2228 * @p: the task object 2229 * 2230 * Return 0 if write access is permitted 2231 */ 2232 static int smack_task_movememory(struct task_struct *p) 2233 { 2234 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2235 } 2236 2237 /** 2238 * smack_task_kill - Smack check on signal delivery 2239 * @p: the task object 2240 * @info: unused 2241 * @sig: unused 2242 * @cred: identifies the cred to use in lieu of current's 2243 * 2244 * Return 0 if write access is permitted 2245 * 2246 */ 2247 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2248 int sig, const struct cred *cred) 2249 { 2250 struct smk_audit_info ad; 2251 struct smack_known *skp; 2252 struct smack_known *tkp = smk_of_task_struct_obj(p); 2253 int rc; 2254 2255 if (!sig) 2256 return 0; /* null signal; existence test */ 2257 2258 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2259 smk_ad_setfield_u_tsk(&ad, p); 2260 /* 2261 * Sending a signal requires that the sender 2262 * can write the receiver. 2263 */ 2264 if (cred == NULL) { 2265 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2266 rc = smk_bu_task(p, MAY_DELIVER, rc); 2267 return rc; 2268 } 2269 /* 2270 * If the cred isn't NULL we're dealing with some USB IO 2271 * specific behavior. This is not clean. For one thing 2272 * we can't take privilege into account. 2273 */ 2274 skp = smk_of_task(smack_cred(cred)); 2275 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2276 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2277 return rc; 2278 } 2279 2280 /** 2281 * smack_task_to_inode - copy task smack into the inode blob 2282 * @p: task to copy from 2283 * @inode: inode to copy to 2284 * 2285 * Sets the smack pointer in the inode security blob 2286 */ 2287 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2288 { 2289 struct inode_smack *isp = smack_inode(inode); 2290 struct smack_known *skp = smk_of_task_struct_obj(p); 2291 2292 isp->smk_inode = skp; 2293 isp->smk_flags |= SMK_INODE_INSTANT; 2294 } 2295 2296 /* 2297 * Socket hooks. 2298 */ 2299 2300 /** 2301 * smack_sk_alloc_security - Allocate a socket blob 2302 * @sk: the socket 2303 * @family: unused 2304 * @gfp_flags: memory allocation flags 2305 * 2306 * Assign Smack pointers to current 2307 * 2308 * Returns 0 on success, -ENOMEM is there's no memory 2309 */ 2310 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2311 { 2312 struct smack_known *skp = smk_of_current(); 2313 struct socket_smack *ssp; 2314 2315 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2316 if (ssp == NULL) 2317 return -ENOMEM; 2318 2319 /* 2320 * Sockets created by kernel threads receive web label. 2321 */ 2322 if (unlikely(current->flags & PF_KTHREAD)) { 2323 ssp->smk_in = &smack_known_web; 2324 ssp->smk_out = &smack_known_web; 2325 } else { 2326 ssp->smk_in = skp; 2327 ssp->smk_out = skp; 2328 } 2329 ssp->smk_packet = NULL; 2330 2331 sk->sk_security = ssp; 2332 2333 return 0; 2334 } 2335 2336 /** 2337 * smack_sk_free_security - Free a socket blob 2338 * @sk: the socket 2339 * 2340 * Clears the blob pointer 2341 */ 2342 static void smack_sk_free_security(struct sock *sk) 2343 { 2344 #ifdef SMACK_IPV6_PORT_LABELING 2345 struct smk_port_label *spp; 2346 2347 if (sk->sk_family == PF_INET6) { 2348 rcu_read_lock(); 2349 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2350 if (spp->smk_sock != sk) 2351 continue; 2352 spp->smk_can_reuse = 1; 2353 break; 2354 } 2355 rcu_read_unlock(); 2356 } 2357 #endif 2358 kfree(sk->sk_security); 2359 } 2360 2361 /** 2362 * smack_sk_clone_security - Copy security context 2363 * @sk: the old socket 2364 * @newsk: the new socket 2365 * 2366 * Copy the security context of the old socket pointer to the cloned 2367 */ 2368 static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk) 2369 { 2370 struct socket_smack *ssp_old = sk->sk_security; 2371 struct socket_smack *ssp_new = newsk->sk_security; 2372 2373 *ssp_new = *ssp_old; 2374 } 2375 2376 /** 2377 * smack_ipv4host_label - check host based restrictions 2378 * @sip: the object end 2379 * 2380 * looks for host based access restrictions 2381 * 2382 * This version will only be appropriate for really small sets of single label 2383 * hosts. The caller is responsible for ensuring that the RCU read lock is 2384 * taken before calling this function. 2385 * 2386 * Returns the label of the far end or NULL if it's not special. 2387 */ 2388 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2389 { 2390 struct smk_net4addr *snp; 2391 struct in_addr *siap = &sip->sin_addr; 2392 2393 if (siap->s_addr == 0) 2394 return NULL; 2395 2396 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2397 /* 2398 * we break after finding the first match because 2399 * the list is sorted from longest to shortest mask 2400 * so we have found the most specific match 2401 */ 2402 if (snp->smk_host.s_addr == 2403 (siap->s_addr & snp->smk_mask.s_addr)) 2404 return snp->smk_label; 2405 2406 return NULL; 2407 } 2408 2409 /* 2410 * smk_ipv6_localhost - Check for local ipv6 host address 2411 * @sip: the address 2412 * 2413 * Returns boolean true if this is the localhost address 2414 */ 2415 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2416 { 2417 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2418 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2419 2420 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2421 ntohs(be16p[7]) == 1) 2422 return true; 2423 return false; 2424 } 2425 2426 /** 2427 * smack_ipv6host_label - check host based restrictions 2428 * @sip: the object end 2429 * 2430 * looks for host based access restrictions 2431 * 2432 * This version will only be appropriate for really small sets of single label 2433 * hosts. The caller is responsible for ensuring that the RCU read lock is 2434 * taken before calling this function. 2435 * 2436 * Returns the label of the far end or NULL if it's not special. 2437 */ 2438 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2439 { 2440 struct smk_net6addr *snp; 2441 struct in6_addr *sap = &sip->sin6_addr; 2442 int i; 2443 int found = 0; 2444 2445 /* 2446 * It's local. Don't look for a host label. 2447 */ 2448 if (smk_ipv6_localhost(sip)) 2449 return NULL; 2450 2451 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2452 /* 2453 * If the label is NULL the entry has 2454 * been renounced. Ignore it. 2455 */ 2456 if (snp->smk_label == NULL) 2457 continue; 2458 /* 2459 * we break after finding the first match because 2460 * the list is sorted from longest to shortest mask 2461 * so we have found the most specific match 2462 */ 2463 for (found = 1, i = 0; i < 8; i++) { 2464 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2465 snp->smk_host.s6_addr16[i]) { 2466 found = 0; 2467 break; 2468 } 2469 } 2470 if (found) 2471 return snp->smk_label; 2472 } 2473 2474 return NULL; 2475 } 2476 2477 /** 2478 * smack_netlbl_add - Set the secattr on a socket 2479 * @sk: the socket 2480 * 2481 * Attach the outbound smack value (smk_out) to the socket. 2482 * 2483 * Returns 0 on success or an error code 2484 */ 2485 static int smack_netlbl_add(struct sock *sk) 2486 { 2487 struct socket_smack *ssp = sk->sk_security; 2488 struct smack_known *skp = ssp->smk_out; 2489 int rc; 2490 2491 local_bh_disable(); 2492 bh_lock_sock_nested(sk); 2493 2494 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2495 switch (rc) { 2496 case 0: 2497 ssp->smk_state = SMK_NETLBL_LABELED; 2498 break; 2499 case -EDESTADDRREQ: 2500 ssp->smk_state = SMK_NETLBL_REQSKB; 2501 rc = 0; 2502 break; 2503 } 2504 2505 bh_unlock_sock(sk); 2506 local_bh_enable(); 2507 2508 return rc; 2509 } 2510 2511 /** 2512 * smack_netlbl_delete - Remove the secattr from a socket 2513 * @sk: the socket 2514 * 2515 * Remove the outbound smack value from a socket 2516 */ 2517 static void smack_netlbl_delete(struct sock *sk) 2518 { 2519 struct socket_smack *ssp = sk->sk_security; 2520 2521 /* 2522 * Take the label off the socket if one is set. 2523 */ 2524 if (ssp->smk_state != SMK_NETLBL_LABELED) 2525 return; 2526 2527 local_bh_disable(); 2528 bh_lock_sock_nested(sk); 2529 netlbl_sock_delattr(sk); 2530 bh_unlock_sock(sk); 2531 local_bh_enable(); 2532 ssp->smk_state = SMK_NETLBL_UNLABELED; 2533 } 2534 2535 /** 2536 * smk_ipv4_check - Perform IPv4 host access checks 2537 * @sk: the socket 2538 * @sap: the destination address 2539 * 2540 * Set the correct secattr for the given socket based on the destination 2541 * address and perform any outbound access checks needed. 2542 * 2543 * Returns 0 on success or an error code. 2544 * 2545 */ 2546 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2547 { 2548 struct smack_known *skp; 2549 int rc = 0; 2550 struct smack_known *hkp; 2551 struct socket_smack *ssp = sk->sk_security; 2552 struct smk_audit_info ad; 2553 2554 rcu_read_lock(); 2555 hkp = smack_ipv4host_label(sap); 2556 if (hkp != NULL) { 2557 #ifdef CONFIG_AUDIT 2558 struct lsm_network_audit net; 2559 2560 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2561 ad.a.u.net->family = sap->sin_family; 2562 ad.a.u.net->dport = sap->sin_port; 2563 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2564 #endif 2565 skp = ssp->smk_out; 2566 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2567 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2568 /* 2569 * Clear the socket netlabel if it's set. 2570 */ 2571 if (!rc) 2572 smack_netlbl_delete(sk); 2573 } 2574 rcu_read_unlock(); 2575 2576 return rc; 2577 } 2578 2579 /** 2580 * smk_ipv6_check - check Smack access 2581 * @subject: subject Smack label 2582 * @object: object Smack label 2583 * @address: address 2584 * @act: the action being taken 2585 * 2586 * Check an IPv6 access 2587 */ 2588 static int smk_ipv6_check(struct smack_known *subject, 2589 struct smack_known *object, 2590 struct sockaddr_in6 *address, int act) 2591 { 2592 #ifdef CONFIG_AUDIT 2593 struct lsm_network_audit net; 2594 #endif 2595 struct smk_audit_info ad; 2596 int rc; 2597 2598 #ifdef CONFIG_AUDIT 2599 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2600 ad.a.u.net->family = PF_INET6; 2601 ad.a.u.net->dport = address->sin6_port; 2602 if (act == SMK_RECEIVING) 2603 ad.a.u.net->v6info.saddr = address->sin6_addr; 2604 else 2605 ad.a.u.net->v6info.daddr = address->sin6_addr; 2606 #endif 2607 rc = smk_access(subject, object, MAY_WRITE, &ad); 2608 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2609 return rc; 2610 } 2611 2612 #ifdef SMACK_IPV6_PORT_LABELING 2613 /** 2614 * smk_ipv6_port_label - Smack port access table management 2615 * @sock: socket 2616 * @address: address 2617 * 2618 * Create or update the port list entry 2619 */ 2620 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2621 { 2622 struct sock *sk = sock->sk; 2623 struct sockaddr_in6 *addr6; 2624 struct socket_smack *ssp = sock->sk->sk_security; 2625 struct smk_port_label *spp; 2626 unsigned short port = 0; 2627 2628 if (address == NULL) { 2629 /* 2630 * This operation is changing the Smack information 2631 * on the bound socket. Take the changes to the port 2632 * as well. 2633 */ 2634 rcu_read_lock(); 2635 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2636 if (sk != spp->smk_sock) 2637 continue; 2638 spp->smk_in = ssp->smk_in; 2639 spp->smk_out = ssp->smk_out; 2640 rcu_read_unlock(); 2641 return; 2642 } 2643 /* 2644 * A NULL address is only used for updating existing 2645 * bound entries. If there isn't one, it's OK. 2646 */ 2647 rcu_read_unlock(); 2648 return; 2649 } 2650 2651 addr6 = (struct sockaddr_in6 *)address; 2652 port = ntohs(addr6->sin6_port); 2653 /* 2654 * This is a special case that is safely ignored. 2655 */ 2656 if (port == 0) 2657 return; 2658 2659 /* 2660 * Look for an existing port list entry. 2661 * This is an indication that a port is getting reused. 2662 */ 2663 rcu_read_lock(); 2664 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2665 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2666 continue; 2667 if (spp->smk_can_reuse != 1) { 2668 rcu_read_unlock(); 2669 return; 2670 } 2671 spp->smk_port = port; 2672 spp->smk_sock = sk; 2673 spp->smk_in = ssp->smk_in; 2674 spp->smk_out = ssp->smk_out; 2675 spp->smk_can_reuse = 0; 2676 rcu_read_unlock(); 2677 return; 2678 } 2679 rcu_read_unlock(); 2680 /* 2681 * A new port entry is required. 2682 */ 2683 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2684 if (spp == NULL) 2685 return; 2686 2687 spp->smk_port = port; 2688 spp->smk_sock = sk; 2689 spp->smk_in = ssp->smk_in; 2690 spp->smk_out = ssp->smk_out; 2691 spp->smk_sock_type = sock->type; 2692 spp->smk_can_reuse = 0; 2693 2694 mutex_lock(&smack_ipv6_lock); 2695 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2696 mutex_unlock(&smack_ipv6_lock); 2697 return; 2698 } 2699 2700 /** 2701 * smk_ipv6_port_check - check Smack port access 2702 * @sk: socket 2703 * @address: address 2704 * @act: the action being taken 2705 * 2706 * Create or update the port list entry 2707 */ 2708 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2709 int act) 2710 { 2711 struct smk_port_label *spp; 2712 struct socket_smack *ssp = sk->sk_security; 2713 struct smack_known *skp = NULL; 2714 unsigned short port; 2715 struct smack_known *object; 2716 2717 if (act == SMK_RECEIVING) { 2718 skp = smack_ipv6host_label(address); 2719 object = ssp->smk_in; 2720 } else { 2721 skp = ssp->smk_out; 2722 object = smack_ipv6host_label(address); 2723 } 2724 2725 /* 2726 * The other end is a single label host. 2727 */ 2728 if (skp != NULL && object != NULL) 2729 return smk_ipv6_check(skp, object, address, act); 2730 if (skp == NULL) 2731 skp = smack_net_ambient; 2732 if (object == NULL) 2733 object = smack_net_ambient; 2734 2735 /* 2736 * It's remote, so port lookup does no good. 2737 */ 2738 if (!smk_ipv6_localhost(address)) 2739 return smk_ipv6_check(skp, object, address, act); 2740 2741 /* 2742 * It's local so the send check has to have passed. 2743 */ 2744 if (act == SMK_RECEIVING) 2745 return 0; 2746 2747 port = ntohs(address->sin6_port); 2748 rcu_read_lock(); 2749 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2750 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2751 continue; 2752 object = spp->smk_in; 2753 if (act == SMK_CONNECTING) 2754 ssp->smk_packet = spp->smk_out; 2755 break; 2756 } 2757 rcu_read_unlock(); 2758 2759 return smk_ipv6_check(skp, object, address, act); 2760 } 2761 #endif 2762 2763 /** 2764 * smack_inode_setsecurity - set smack xattrs 2765 * @inode: the object 2766 * @name: attribute name 2767 * @value: attribute value 2768 * @size: size of the attribute 2769 * @flags: unused 2770 * 2771 * Sets the named attribute in the appropriate blob 2772 * 2773 * Returns 0 on success, or an error code 2774 */ 2775 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2776 const void *value, size_t size, int flags) 2777 { 2778 struct smack_known *skp; 2779 struct inode_smack *nsp = smack_inode(inode); 2780 struct socket_smack *ssp; 2781 struct socket *sock; 2782 int rc = 0; 2783 2784 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2785 return -EINVAL; 2786 2787 skp = smk_import_entry(value, size); 2788 if (IS_ERR(skp)) 2789 return PTR_ERR(skp); 2790 2791 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2792 nsp->smk_inode = skp; 2793 nsp->smk_flags |= SMK_INODE_INSTANT; 2794 return 0; 2795 } 2796 /* 2797 * The rest of the Smack xattrs are only on sockets. 2798 */ 2799 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2800 return -EOPNOTSUPP; 2801 2802 sock = SOCKET_I(inode); 2803 if (sock == NULL || sock->sk == NULL) 2804 return -EOPNOTSUPP; 2805 2806 ssp = sock->sk->sk_security; 2807 2808 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2809 ssp->smk_in = skp; 2810 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2811 ssp->smk_out = skp; 2812 if (sock->sk->sk_family == PF_INET) { 2813 rc = smack_netlbl_add(sock->sk); 2814 if (rc != 0) 2815 printk(KERN_WARNING 2816 "Smack: \"%s\" netlbl error %d.\n", 2817 __func__, -rc); 2818 } 2819 } else 2820 return -EOPNOTSUPP; 2821 2822 #ifdef SMACK_IPV6_PORT_LABELING 2823 if (sock->sk->sk_family == PF_INET6) 2824 smk_ipv6_port_label(sock, NULL); 2825 #endif 2826 2827 return 0; 2828 } 2829 2830 /** 2831 * smack_socket_post_create - finish socket setup 2832 * @sock: the socket 2833 * @family: protocol family 2834 * @type: unused 2835 * @protocol: unused 2836 * @kern: unused 2837 * 2838 * Sets the netlabel information on the socket 2839 * 2840 * Returns 0 on success, and error code otherwise 2841 */ 2842 static int smack_socket_post_create(struct socket *sock, int family, 2843 int type, int protocol, int kern) 2844 { 2845 struct socket_smack *ssp; 2846 2847 if (sock->sk == NULL) 2848 return 0; 2849 2850 /* 2851 * Sockets created by kernel threads receive web label. 2852 */ 2853 if (unlikely(current->flags & PF_KTHREAD)) { 2854 ssp = sock->sk->sk_security; 2855 ssp->smk_in = &smack_known_web; 2856 ssp->smk_out = &smack_known_web; 2857 } 2858 2859 if (family != PF_INET) 2860 return 0; 2861 /* 2862 * Set the outbound netlbl. 2863 */ 2864 return smack_netlbl_add(sock->sk); 2865 } 2866 2867 /** 2868 * smack_socket_socketpair - create socket pair 2869 * @socka: one socket 2870 * @sockb: another socket 2871 * 2872 * Cross reference the peer labels for SO_PEERSEC 2873 * 2874 * Returns 0 2875 */ 2876 static int smack_socket_socketpair(struct socket *socka, 2877 struct socket *sockb) 2878 { 2879 struct socket_smack *asp = socka->sk->sk_security; 2880 struct socket_smack *bsp = sockb->sk->sk_security; 2881 2882 asp->smk_packet = bsp->smk_out; 2883 bsp->smk_packet = asp->smk_out; 2884 2885 return 0; 2886 } 2887 2888 #ifdef SMACK_IPV6_PORT_LABELING 2889 /** 2890 * smack_socket_bind - record port binding information. 2891 * @sock: the socket 2892 * @address: the port address 2893 * @addrlen: size of the address 2894 * 2895 * Records the label bound to a port. 2896 * 2897 * Returns 0 on success, and error code otherwise 2898 */ 2899 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2900 int addrlen) 2901 { 2902 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2903 if (addrlen < SIN6_LEN_RFC2133 || 2904 address->sa_family != AF_INET6) 2905 return -EINVAL; 2906 smk_ipv6_port_label(sock, address); 2907 } 2908 return 0; 2909 } 2910 #endif /* SMACK_IPV6_PORT_LABELING */ 2911 2912 /** 2913 * smack_socket_connect - connect access check 2914 * @sock: the socket 2915 * @sap: the other end 2916 * @addrlen: size of sap 2917 * 2918 * Verifies that a connection may be possible 2919 * 2920 * Returns 0 on success, and error code otherwise 2921 */ 2922 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2923 int addrlen) 2924 { 2925 int rc = 0; 2926 2927 if (sock->sk == NULL) 2928 return 0; 2929 if (sock->sk->sk_family != PF_INET && 2930 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2931 return 0; 2932 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2933 return 0; 2934 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2935 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2936 struct smack_known *rsp = NULL; 2937 2938 if (addrlen < SIN6_LEN_RFC2133) 2939 return 0; 2940 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2941 rsp = smack_ipv6host_label(sip); 2942 if (rsp != NULL) { 2943 struct socket_smack *ssp = sock->sk->sk_security; 2944 2945 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2946 SMK_CONNECTING); 2947 } 2948 #ifdef SMACK_IPV6_PORT_LABELING 2949 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2950 #endif 2951 2952 return rc; 2953 } 2954 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2955 return 0; 2956 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 2957 return rc; 2958 } 2959 2960 /** 2961 * smack_flags_to_may - convert S_ to MAY_ values 2962 * @flags: the S_ value 2963 * 2964 * Returns the equivalent MAY_ value 2965 */ 2966 static int smack_flags_to_may(int flags) 2967 { 2968 int may = 0; 2969 2970 if (flags & S_IRUGO) 2971 may |= MAY_READ; 2972 if (flags & S_IWUGO) 2973 may |= MAY_WRITE; 2974 if (flags & S_IXUGO) 2975 may |= MAY_EXEC; 2976 2977 return may; 2978 } 2979 2980 /** 2981 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2982 * @msg: the object 2983 * 2984 * Returns 0 2985 */ 2986 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2987 { 2988 struct smack_known **blob = smack_msg_msg(msg); 2989 2990 *blob = smk_of_current(); 2991 return 0; 2992 } 2993 2994 /** 2995 * smack_of_ipc - the smack pointer for the ipc 2996 * @isp: the object 2997 * 2998 * Returns a pointer to the smack value 2999 */ 3000 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 3001 { 3002 struct smack_known **blob = smack_ipc(isp); 3003 3004 return *blob; 3005 } 3006 3007 /** 3008 * smack_ipc_alloc_security - Set the security blob for ipc 3009 * @isp: the object 3010 * 3011 * Returns 0 3012 */ 3013 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 3014 { 3015 struct smack_known **blob = smack_ipc(isp); 3016 3017 *blob = smk_of_current(); 3018 return 0; 3019 } 3020 3021 /** 3022 * smk_curacc_shm : check if current has access on shm 3023 * @isp : the object 3024 * @access : access requested 3025 * 3026 * Returns 0 if current has the requested access, error code otherwise 3027 */ 3028 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 3029 { 3030 struct smack_known *ssp = smack_of_ipc(isp); 3031 struct smk_audit_info ad; 3032 int rc; 3033 3034 #ifdef CONFIG_AUDIT 3035 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3036 ad.a.u.ipc_id = isp->id; 3037 #endif 3038 rc = smk_curacc(ssp, access, &ad); 3039 rc = smk_bu_current("shm", ssp, access, rc); 3040 return rc; 3041 } 3042 3043 /** 3044 * smack_shm_associate - Smack access check for shm 3045 * @isp: the object 3046 * @shmflg: access requested 3047 * 3048 * Returns 0 if current has the requested access, error code otherwise 3049 */ 3050 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 3051 { 3052 int may; 3053 3054 may = smack_flags_to_may(shmflg); 3055 return smk_curacc_shm(isp, may); 3056 } 3057 3058 /** 3059 * smack_shm_shmctl - Smack access check for shm 3060 * @isp: the object 3061 * @cmd: what it wants to do 3062 * 3063 * Returns 0 if current has the requested access, error code otherwise 3064 */ 3065 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 3066 { 3067 int may; 3068 3069 switch (cmd) { 3070 case IPC_STAT: 3071 case SHM_STAT: 3072 case SHM_STAT_ANY: 3073 may = MAY_READ; 3074 break; 3075 case IPC_SET: 3076 case SHM_LOCK: 3077 case SHM_UNLOCK: 3078 case IPC_RMID: 3079 may = MAY_READWRITE; 3080 break; 3081 case IPC_INFO: 3082 case SHM_INFO: 3083 /* 3084 * System level information. 3085 */ 3086 return 0; 3087 default: 3088 return -EINVAL; 3089 } 3090 return smk_curacc_shm(isp, may); 3091 } 3092 3093 /** 3094 * smack_shm_shmat - Smack access for shmat 3095 * @isp: the object 3096 * @shmaddr: unused 3097 * @shmflg: access requested 3098 * 3099 * Returns 0 if current has the requested access, error code otherwise 3100 */ 3101 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3102 int shmflg) 3103 { 3104 int may; 3105 3106 may = smack_flags_to_may(shmflg); 3107 return smk_curacc_shm(isp, may); 3108 } 3109 3110 /** 3111 * smk_curacc_sem : check if current has access on sem 3112 * @isp : the object 3113 * @access : access requested 3114 * 3115 * Returns 0 if current has the requested access, error code otherwise 3116 */ 3117 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3118 { 3119 struct smack_known *ssp = smack_of_ipc(isp); 3120 struct smk_audit_info ad; 3121 int rc; 3122 3123 #ifdef CONFIG_AUDIT 3124 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3125 ad.a.u.ipc_id = isp->id; 3126 #endif 3127 rc = smk_curacc(ssp, access, &ad); 3128 rc = smk_bu_current("sem", ssp, access, rc); 3129 return rc; 3130 } 3131 3132 /** 3133 * smack_sem_associate - Smack access check for sem 3134 * @isp: the object 3135 * @semflg: access requested 3136 * 3137 * Returns 0 if current has the requested access, error code otherwise 3138 */ 3139 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3140 { 3141 int may; 3142 3143 may = smack_flags_to_may(semflg); 3144 return smk_curacc_sem(isp, may); 3145 } 3146 3147 /** 3148 * smack_sem_semctl - Smack access check for sem 3149 * @isp: the object 3150 * @cmd: what it wants to do 3151 * 3152 * Returns 0 if current has the requested access, error code otherwise 3153 */ 3154 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3155 { 3156 int may; 3157 3158 switch (cmd) { 3159 case GETPID: 3160 case GETNCNT: 3161 case GETZCNT: 3162 case GETVAL: 3163 case GETALL: 3164 case IPC_STAT: 3165 case SEM_STAT: 3166 case SEM_STAT_ANY: 3167 may = MAY_READ; 3168 break; 3169 case SETVAL: 3170 case SETALL: 3171 case IPC_RMID: 3172 case IPC_SET: 3173 may = MAY_READWRITE; 3174 break; 3175 case IPC_INFO: 3176 case SEM_INFO: 3177 /* 3178 * System level information 3179 */ 3180 return 0; 3181 default: 3182 return -EINVAL; 3183 } 3184 3185 return smk_curacc_sem(isp, may); 3186 } 3187 3188 /** 3189 * smack_sem_semop - Smack checks of semaphore operations 3190 * @isp: the object 3191 * @sops: unused 3192 * @nsops: unused 3193 * @alter: unused 3194 * 3195 * Treated as read and write in all cases. 3196 * 3197 * Returns 0 if access is allowed, error code otherwise 3198 */ 3199 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3200 unsigned nsops, int alter) 3201 { 3202 return smk_curacc_sem(isp, MAY_READWRITE); 3203 } 3204 3205 /** 3206 * smk_curacc_msq : helper to check if current has access on msq 3207 * @isp : the msq 3208 * @access : access requested 3209 * 3210 * return 0 if current has access, error otherwise 3211 */ 3212 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3213 { 3214 struct smack_known *msp = smack_of_ipc(isp); 3215 struct smk_audit_info ad; 3216 int rc; 3217 3218 #ifdef CONFIG_AUDIT 3219 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3220 ad.a.u.ipc_id = isp->id; 3221 #endif 3222 rc = smk_curacc(msp, access, &ad); 3223 rc = smk_bu_current("msq", msp, access, rc); 3224 return rc; 3225 } 3226 3227 /** 3228 * smack_msg_queue_associate - Smack access check for msg_queue 3229 * @isp: the object 3230 * @msqflg: access requested 3231 * 3232 * Returns 0 if current has the requested access, error code otherwise 3233 */ 3234 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3235 { 3236 int may; 3237 3238 may = smack_flags_to_may(msqflg); 3239 return smk_curacc_msq(isp, may); 3240 } 3241 3242 /** 3243 * smack_msg_queue_msgctl - Smack access check for msg_queue 3244 * @isp: the object 3245 * @cmd: what it wants to do 3246 * 3247 * Returns 0 if current has the requested access, error code otherwise 3248 */ 3249 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3250 { 3251 int may; 3252 3253 switch (cmd) { 3254 case IPC_STAT: 3255 case MSG_STAT: 3256 case MSG_STAT_ANY: 3257 may = MAY_READ; 3258 break; 3259 case IPC_SET: 3260 case IPC_RMID: 3261 may = MAY_READWRITE; 3262 break; 3263 case IPC_INFO: 3264 case MSG_INFO: 3265 /* 3266 * System level information 3267 */ 3268 return 0; 3269 default: 3270 return -EINVAL; 3271 } 3272 3273 return smk_curacc_msq(isp, may); 3274 } 3275 3276 /** 3277 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3278 * @isp: the object 3279 * @msg: unused 3280 * @msqflg: access requested 3281 * 3282 * Returns 0 if current has the requested access, error code otherwise 3283 */ 3284 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3285 int msqflg) 3286 { 3287 int may; 3288 3289 may = smack_flags_to_may(msqflg); 3290 return smk_curacc_msq(isp, may); 3291 } 3292 3293 /** 3294 * smack_msg_queue_msgrcv - Smack access check for msg_queue 3295 * @isp: the object 3296 * @msg: unused 3297 * @target: unused 3298 * @type: unused 3299 * @mode: unused 3300 * 3301 * Returns 0 if current has read and write access, error code otherwise 3302 */ 3303 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, 3304 struct msg_msg *msg, 3305 struct task_struct *target, long type, 3306 int mode) 3307 { 3308 return smk_curacc_msq(isp, MAY_READWRITE); 3309 } 3310 3311 /** 3312 * smack_ipc_permission - Smack access for ipc_permission() 3313 * @ipp: the object permissions 3314 * @flag: access requested 3315 * 3316 * Returns 0 if current has read and write access, error code otherwise 3317 */ 3318 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3319 { 3320 struct smack_known **blob = smack_ipc(ipp); 3321 struct smack_known *iskp = *blob; 3322 int may = smack_flags_to_may(flag); 3323 struct smk_audit_info ad; 3324 int rc; 3325 3326 #ifdef CONFIG_AUDIT 3327 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3328 ad.a.u.ipc_id = ipp->id; 3329 #endif 3330 rc = smk_curacc(iskp, may, &ad); 3331 rc = smk_bu_current("svipc", iskp, may, rc); 3332 return rc; 3333 } 3334 3335 /** 3336 * smack_ipc_getsecid - Extract smack security id 3337 * @ipp: the object permissions 3338 * @secid: where result will be saved 3339 */ 3340 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3341 { 3342 struct smack_known **blob = smack_ipc(ipp); 3343 struct smack_known *iskp = *blob; 3344 3345 *secid = iskp->smk_secid; 3346 } 3347 3348 /** 3349 * smack_d_instantiate - Make sure the blob is correct on an inode 3350 * @opt_dentry: dentry where inode will be attached 3351 * @inode: the object 3352 * 3353 * Set the inode's security blob if it hasn't been done already. 3354 */ 3355 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3356 { 3357 struct super_block *sbp; 3358 struct superblock_smack *sbsp; 3359 struct inode_smack *isp; 3360 struct smack_known *skp; 3361 struct smack_known *ckp = smk_of_current(); 3362 struct smack_known *final; 3363 char trattr[TRANS_TRUE_SIZE]; 3364 int transflag = 0; 3365 int rc; 3366 struct dentry *dp; 3367 3368 if (inode == NULL) 3369 return; 3370 3371 isp = smack_inode(inode); 3372 3373 /* 3374 * If the inode is already instantiated 3375 * take the quick way out 3376 */ 3377 if (isp->smk_flags & SMK_INODE_INSTANT) 3378 return; 3379 3380 sbp = inode->i_sb; 3381 sbsp = smack_superblock(sbp); 3382 /* 3383 * We're going to use the superblock default label 3384 * if there's no label on the file. 3385 */ 3386 final = sbsp->smk_default; 3387 3388 /* 3389 * If this is the root inode the superblock 3390 * may be in the process of initialization. 3391 * If that is the case use the root value out 3392 * of the superblock. 3393 */ 3394 if (opt_dentry->d_parent == opt_dentry) { 3395 switch (sbp->s_magic) { 3396 case CGROUP_SUPER_MAGIC: 3397 case CGROUP2_SUPER_MAGIC: 3398 /* 3399 * The cgroup filesystem is never mounted, 3400 * so there's no opportunity to set the mount 3401 * options. 3402 */ 3403 sbsp->smk_root = &smack_known_star; 3404 sbsp->smk_default = &smack_known_star; 3405 isp->smk_inode = sbsp->smk_root; 3406 break; 3407 case TMPFS_MAGIC: 3408 /* 3409 * What about shmem/tmpfs anonymous files with dentry 3410 * obtained from d_alloc_pseudo()? 3411 */ 3412 isp->smk_inode = smk_of_current(); 3413 break; 3414 case PIPEFS_MAGIC: 3415 isp->smk_inode = smk_of_current(); 3416 break; 3417 case SOCKFS_MAGIC: 3418 /* 3419 * Socket access is controlled by the socket 3420 * structures associated with the task involved. 3421 */ 3422 isp->smk_inode = &smack_known_star; 3423 break; 3424 default: 3425 isp->smk_inode = sbsp->smk_root; 3426 break; 3427 } 3428 isp->smk_flags |= SMK_INODE_INSTANT; 3429 return; 3430 } 3431 3432 /* 3433 * This is pretty hackish. 3434 * Casey says that we shouldn't have to do 3435 * file system specific code, but it does help 3436 * with keeping it simple. 3437 */ 3438 switch (sbp->s_magic) { 3439 case SMACK_MAGIC: 3440 case CGROUP_SUPER_MAGIC: 3441 case CGROUP2_SUPER_MAGIC: 3442 /* 3443 * Casey says that it's a little embarrassing 3444 * that the smack file system doesn't do 3445 * extended attributes. 3446 * 3447 * Cgroupfs is special 3448 */ 3449 final = &smack_known_star; 3450 break; 3451 case DEVPTS_SUPER_MAGIC: 3452 /* 3453 * devpts seems content with the label of the task. 3454 * Programs that change smack have to treat the 3455 * pty with respect. 3456 */ 3457 final = ckp; 3458 break; 3459 case PROC_SUPER_MAGIC: 3460 /* 3461 * Casey says procfs appears not to care. 3462 * The superblock default suffices. 3463 */ 3464 break; 3465 case TMPFS_MAGIC: 3466 /* 3467 * Device labels should come from the filesystem, 3468 * but watch out, because they're volitile, 3469 * getting recreated on every reboot. 3470 */ 3471 final = &smack_known_star; 3472 /* 3473 * If a smack value has been set we want to use it, 3474 * but since tmpfs isn't giving us the opportunity 3475 * to set mount options simulate setting the 3476 * superblock default. 3477 */ 3478 fallthrough; 3479 default: 3480 /* 3481 * This isn't an understood special case. 3482 * Get the value from the xattr. 3483 */ 3484 3485 /* 3486 * UNIX domain sockets use lower level socket data. 3487 */ 3488 if (S_ISSOCK(inode->i_mode)) { 3489 final = &smack_known_star; 3490 break; 3491 } 3492 /* 3493 * No xattr support means, alas, no SMACK label. 3494 * Use the aforeapplied default. 3495 * It would be curious if the label of the task 3496 * does not match that assigned. 3497 */ 3498 if (!(inode->i_opflags & IOP_XATTR)) 3499 break; 3500 /* 3501 * Get the dentry for xattr. 3502 */ 3503 dp = dget(opt_dentry); 3504 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3505 if (!IS_ERR_OR_NULL(skp)) 3506 final = skp; 3507 3508 /* 3509 * Transmuting directory 3510 */ 3511 if (S_ISDIR(inode->i_mode)) { 3512 /* 3513 * If this is a new directory and the label was 3514 * transmuted when the inode was initialized 3515 * set the transmute attribute on the directory 3516 * and mark the inode. 3517 * 3518 * If there is a transmute attribute on the 3519 * directory mark the inode. 3520 */ 3521 if (isp->smk_flags & SMK_INODE_CHANGED) { 3522 isp->smk_flags &= ~SMK_INODE_CHANGED; 3523 rc = __vfs_setxattr(&nop_mnt_idmap, dp, inode, 3524 XATTR_NAME_SMACKTRANSMUTE, 3525 TRANS_TRUE, TRANS_TRUE_SIZE, 3526 0); 3527 } else { 3528 rc = __vfs_getxattr(dp, inode, 3529 XATTR_NAME_SMACKTRANSMUTE, trattr, 3530 TRANS_TRUE_SIZE); 3531 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3532 TRANS_TRUE_SIZE) != 0) 3533 rc = -EINVAL; 3534 } 3535 if (rc >= 0) 3536 transflag = SMK_INODE_TRANSMUTE; 3537 } 3538 /* 3539 * Don't let the exec or mmap label be "*" or "@". 3540 */ 3541 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3542 if (IS_ERR(skp) || skp == &smack_known_star || 3543 skp == &smack_known_web) 3544 skp = NULL; 3545 isp->smk_task = skp; 3546 3547 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3548 if (IS_ERR(skp) || skp == &smack_known_star || 3549 skp == &smack_known_web) 3550 skp = NULL; 3551 isp->smk_mmap = skp; 3552 3553 dput(dp); 3554 break; 3555 } 3556 3557 if (final == NULL) 3558 isp->smk_inode = ckp; 3559 else 3560 isp->smk_inode = final; 3561 3562 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3563 3564 return; 3565 } 3566 3567 /** 3568 * smack_getprocattr - Smack process attribute access 3569 * @p: the object task 3570 * @name: the name of the attribute in /proc/.../attr 3571 * @value: where to put the result 3572 * 3573 * Places a copy of the task Smack into value 3574 * 3575 * Returns the length of the smack label or an error code 3576 */ 3577 static int smack_getprocattr(struct task_struct *p, const char *name, char **value) 3578 { 3579 struct smack_known *skp = smk_of_task_struct_obj(p); 3580 char *cp; 3581 int slen; 3582 3583 if (strcmp(name, "current") != 0) 3584 return -EINVAL; 3585 3586 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3587 if (cp == NULL) 3588 return -ENOMEM; 3589 3590 slen = strlen(cp); 3591 *value = cp; 3592 return slen; 3593 } 3594 3595 /** 3596 * smack_setprocattr - Smack process attribute setting 3597 * @name: the name of the attribute in /proc/.../attr 3598 * @value: the value to set 3599 * @size: the size of the value 3600 * 3601 * Sets the Smack value of the task. Only setting self 3602 * is permitted and only with privilege 3603 * 3604 * Returns the length of the smack label or an error code 3605 */ 3606 static int smack_setprocattr(const char *name, void *value, size_t size) 3607 { 3608 struct task_smack *tsp = smack_cred(current_cred()); 3609 struct cred *new; 3610 struct smack_known *skp; 3611 struct smack_known_list_elem *sklep; 3612 int rc; 3613 3614 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3615 return -EPERM; 3616 3617 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3618 return -EINVAL; 3619 3620 if (strcmp(name, "current") != 0) 3621 return -EINVAL; 3622 3623 skp = smk_import_entry(value, size); 3624 if (IS_ERR(skp)) 3625 return PTR_ERR(skp); 3626 3627 /* 3628 * No process is ever allowed the web ("@") label 3629 * and the star ("*") label. 3630 */ 3631 if (skp == &smack_known_web || skp == &smack_known_star) 3632 return -EINVAL; 3633 3634 if (!smack_privileged(CAP_MAC_ADMIN)) { 3635 rc = -EPERM; 3636 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3637 if (sklep->smk_label == skp) { 3638 rc = 0; 3639 break; 3640 } 3641 if (rc) 3642 return rc; 3643 } 3644 3645 new = prepare_creds(); 3646 if (new == NULL) 3647 return -ENOMEM; 3648 3649 tsp = smack_cred(new); 3650 tsp->smk_task = skp; 3651 /* 3652 * process can change its label only once 3653 */ 3654 smk_destroy_label_list(&tsp->smk_relabel); 3655 3656 commit_creds(new); 3657 return size; 3658 } 3659 3660 /** 3661 * smack_unix_stream_connect - Smack access on UDS 3662 * @sock: one sock 3663 * @other: the other sock 3664 * @newsk: unused 3665 * 3666 * Return 0 if a subject with the smack of sock could access 3667 * an object with the smack of other, otherwise an error code 3668 */ 3669 static int smack_unix_stream_connect(struct sock *sock, 3670 struct sock *other, struct sock *newsk) 3671 { 3672 struct smack_known *skp; 3673 struct smack_known *okp; 3674 struct socket_smack *ssp = sock->sk_security; 3675 struct socket_smack *osp = other->sk_security; 3676 struct socket_smack *nsp = newsk->sk_security; 3677 struct smk_audit_info ad; 3678 int rc = 0; 3679 #ifdef CONFIG_AUDIT 3680 struct lsm_network_audit net; 3681 #endif 3682 3683 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3684 skp = ssp->smk_out; 3685 okp = osp->smk_in; 3686 #ifdef CONFIG_AUDIT 3687 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3688 smk_ad_setfield_u_net_sk(&ad, other); 3689 #endif 3690 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3691 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3692 if (rc == 0) { 3693 okp = osp->smk_out; 3694 skp = ssp->smk_in; 3695 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3696 rc = smk_bu_note("UDS connect", okp, skp, 3697 MAY_WRITE, rc); 3698 } 3699 } 3700 3701 /* 3702 * Cross reference the peer labels for SO_PEERSEC. 3703 */ 3704 if (rc == 0) { 3705 nsp->smk_packet = ssp->smk_out; 3706 ssp->smk_packet = osp->smk_out; 3707 } 3708 3709 return rc; 3710 } 3711 3712 /** 3713 * smack_unix_may_send - Smack access on UDS 3714 * @sock: one socket 3715 * @other: the other socket 3716 * 3717 * Return 0 if a subject with the smack of sock could access 3718 * an object with the smack of other, otherwise an error code 3719 */ 3720 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3721 { 3722 struct socket_smack *ssp = sock->sk->sk_security; 3723 struct socket_smack *osp = other->sk->sk_security; 3724 struct smk_audit_info ad; 3725 int rc; 3726 3727 #ifdef CONFIG_AUDIT 3728 struct lsm_network_audit net; 3729 3730 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3731 smk_ad_setfield_u_net_sk(&ad, other->sk); 3732 #endif 3733 3734 if (smack_privileged(CAP_MAC_OVERRIDE)) 3735 return 0; 3736 3737 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3738 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3739 return rc; 3740 } 3741 3742 /** 3743 * smack_socket_sendmsg - Smack check based on destination host 3744 * @sock: the socket 3745 * @msg: the message 3746 * @size: the size of the message 3747 * 3748 * Return 0 if the current subject can write to the destination host. 3749 * For IPv4 this is only a question if the destination is a single label host. 3750 * For IPv6 this is a check against the label of the port. 3751 */ 3752 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3753 int size) 3754 { 3755 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3756 #if IS_ENABLED(CONFIG_IPV6) 3757 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3758 #endif 3759 #ifdef SMACK_IPV6_SECMARK_LABELING 3760 struct socket_smack *ssp = sock->sk->sk_security; 3761 struct smack_known *rsp; 3762 #endif 3763 int rc = 0; 3764 3765 /* 3766 * Perfectly reasonable for this to be NULL 3767 */ 3768 if (sip == NULL) 3769 return 0; 3770 3771 switch (sock->sk->sk_family) { 3772 case AF_INET: 3773 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3774 sip->sin_family != AF_INET) 3775 return -EINVAL; 3776 rc = smk_ipv4_check(sock->sk, sip); 3777 break; 3778 #if IS_ENABLED(CONFIG_IPV6) 3779 case AF_INET6: 3780 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3781 sap->sin6_family != AF_INET6) 3782 return -EINVAL; 3783 #ifdef SMACK_IPV6_SECMARK_LABELING 3784 rsp = smack_ipv6host_label(sap); 3785 if (rsp != NULL) 3786 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3787 SMK_CONNECTING); 3788 #endif 3789 #ifdef SMACK_IPV6_PORT_LABELING 3790 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3791 #endif 3792 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3793 break; 3794 } 3795 return rc; 3796 } 3797 3798 /** 3799 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3800 * @sap: netlabel secattr 3801 * @ssp: socket security information 3802 * 3803 * Returns a pointer to a Smack label entry found on the label list. 3804 */ 3805 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3806 struct socket_smack *ssp) 3807 { 3808 struct smack_known *skp; 3809 int found = 0; 3810 int acat; 3811 int kcat; 3812 3813 /* 3814 * Netlabel found it in the cache. 3815 */ 3816 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3817 return (struct smack_known *)sap->cache->data; 3818 3819 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3820 /* 3821 * Looks like a fallback, which gives us a secid. 3822 */ 3823 return smack_from_secid(sap->attr.secid); 3824 3825 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3826 /* 3827 * Looks like a CIPSO packet. 3828 * If there are flags but no level netlabel isn't 3829 * behaving the way we expect it to. 3830 * 3831 * Look it up in the label table 3832 * Without guidance regarding the smack value 3833 * for the packet fall back on the network 3834 * ambient value. 3835 */ 3836 rcu_read_lock(); 3837 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3838 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3839 continue; 3840 /* 3841 * Compare the catsets. Use the netlbl APIs. 3842 */ 3843 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3844 if ((skp->smk_netlabel.flags & 3845 NETLBL_SECATTR_MLS_CAT) == 0) 3846 found = 1; 3847 break; 3848 } 3849 for (acat = -1, kcat = -1; acat == kcat; ) { 3850 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3851 acat + 1); 3852 kcat = netlbl_catmap_walk( 3853 skp->smk_netlabel.attr.mls.cat, 3854 kcat + 1); 3855 if (acat < 0 || kcat < 0) 3856 break; 3857 } 3858 if (acat == kcat) { 3859 found = 1; 3860 break; 3861 } 3862 } 3863 rcu_read_unlock(); 3864 3865 if (found) 3866 return skp; 3867 3868 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3869 return &smack_known_web; 3870 return &smack_known_star; 3871 } 3872 /* 3873 * Without guidance regarding the smack value 3874 * for the packet fall back on the network 3875 * ambient value. 3876 */ 3877 return smack_net_ambient; 3878 } 3879 3880 #if IS_ENABLED(CONFIG_IPV6) 3881 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3882 { 3883 u8 nexthdr; 3884 int offset; 3885 int proto = -EINVAL; 3886 struct ipv6hdr _ipv6h; 3887 struct ipv6hdr *ip6; 3888 __be16 frag_off; 3889 struct tcphdr _tcph, *th; 3890 struct udphdr _udph, *uh; 3891 struct dccp_hdr _dccph, *dh; 3892 3893 sip->sin6_port = 0; 3894 3895 offset = skb_network_offset(skb); 3896 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3897 if (ip6 == NULL) 3898 return -EINVAL; 3899 sip->sin6_addr = ip6->saddr; 3900 3901 nexthdr = ip6->nexthdr; 3902 offset += sizeof(_ipv6h); 3903 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3904 if (offset < 0) 3905 return -EINVAL; 3906 3907 proto = nexthdr; 3908 switch (proto) { 3909 case IPPROTO_TCP: 3910 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3911 if (th != NULL) 3912 sip->sin6_port = th->source; 3913 break; 3914 case IPPROTO_UDP: 3915 case IPPROTO_UDPLITE: 3916 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3917 if (uh != NULL) 3918 sip->sin6_port = uh->source; 3919 break; 3920 case IPPROTO_DCCP: 3921 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3922 if (dh != NULL) 3923 sip->sin6_port = dh->dccph_sport; 3924 break; 3925 } 3926 return proto; 3927 } 3928 #endif /* CONFIG_IPV6 */ 3929 3930 /** 3931 * smack_from_skb - Smack data from the secmark in an skb 3932 * @skb: packet 3933 * 3934 * Returns smack_known of the secmark or NULL if that won't work. 3935 */ 3936 #ifdef CONFIG_NETWORK_SECMARK 3937 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3938 { 3939 if (skb == NULL || skb->secmark == 0) 3940 return NULL; 3941 3942 return smack_from_secid(skb->secmark); 3943 } 3944 #else 3945 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3946 { 3947 return NULL; 3948 } 3949 #endif 3950 3951 /** 3952 * smack_from_netlbl - Smack data from the IP options in an skb 3953 * @sk: socket data came in on 3954 * @family: address family 3955 * @skb: packet 3956 * 3957 * Find the Smack label in the IP options. If it hasn't been 3958 * added to the netlabel cache, add it here. 3959 * 3960 * Returns smack_known of the IP options or NULL if that won't work. 3961 */ 3962 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 3963 struct sk_buff *skb) 3964 { 3965 struct netlbl_lsm_secattr secattr; 3966 struct socket_smack *ssp = NULL; 3967 struct smack_known *skp = NULL; 3968 3969 netlbl_secattr_init(&secattr); 3970 3971 if (sk) 3972 ssp = sk->sk_security; 3973 3974 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 3975 skp = smack_from_secattr(&secattr, ssp); 3976 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 3977 netlbl_cache_add(skb, family, &skp->smk_netlabel); 3978 } 3979 3980 netlbl_secattr_destroy(&secattr); 3981 3982 return skp; 3983 } 3984 3985 /** 3986 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3987 * @sk: socket 3988 * @skb: packet 3989 * 3990 * Returns 0 if the packet should be delivered, an error code otherwise 3991 */ 3992 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3993 { 3994 struct socket_smack *ssp = sk->sk_security; 3995 struct smack_known *skp = NULL; 3996 int rc = 0; 3997 struct smk_audit_info ad; 3998 u16 family = sk->sk_family; 3999 #ifdef CONFIG_AUDIT 4000 struct lsm_network_audit net; 4001 #endif 4002 #if IS_ENABLED(CONFIG_IPV6) 4003 struct sockaddr_in6 sadd; 4004 int proto; 4005 4006 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 4007 family = PF_INET; 4008 #endif /* CONFIG_IPV6 */ 4009 4010 switch (family) { 4011 case PF_INET: 4012 /* 4013 * If there is a secmark use it rather than the CIPSO label. 4014 * If there is no secmark fall back to CIPSO. 4015 * The secmark is assumed to reflect policy better. 4016 */ 4017 skp = smack_from_skb(skb); 4018 if (skp == NULL) { 4019 skp = smack_from_netlbl(sk, family, skb); 4020 if (skp == NULL) 4021 skp = smack_net_ambient; 4022 } 4023 4024 #ifdef CONFIG_AUDIT 4025 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4026 ad.a.u.net->family = family; 4027 ad.a.u.net->netif = skb->skb_iif; 4028 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4029 #endif 4030 /* 4031 * Receiving a packet requires that the other end 4032 * be able to write here. Read access is not required. 4033 * This is the simplist possible security model 4034 * for networking. 4035 */ 4036 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4037 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 4038 MAY_WRITE, rc); 4039 if (rc != 0) 4040 netlbl_skbuff_err(skb, family, rc, 0); 4041 break; 4042 #if IS_ENABLED(CONFIG_IPV6) 4043 case PF_INET6: 4044 proto = smk_skb_to_addr_ipv6(skb, &sadd); 4045 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 4046 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 4047 break; 4048 #ifdef SMACK_IPV6_SECMARK_LABELING 4049 skp = smack_from_skb(skb); 4050 if (skp == NULL) { 4051 if (smk_ipv6_localhost(&sadd)) 4052 break; 4053 skp = smack_ipv6host_label(&sadd); 4054 if (skp == NULL) 4055 skp = smack_net_ambient; 4056 } 4057 #ifdef CONFIG_AUDIT 4058 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4059 ad.a.u.net->family = family; 4060 ad.a.u.net->netif = skb->skb_iif; 4061 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 4062 #endif /* CONFIG_AUDIT */ 4063 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4064 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 4065 MAY_WRITE, rc); 4066 #endif /* SMACK_IPV6_SECMARK_LABELING */ 4067 #ifdef SMACK_IPV6_PORT_LABELING 4068 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 4069 #endif /* SMACK_IPV6_PORT_LABELING */ 4070 if (rc != 0) 4071 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 4072 ICMPV6_ADM_PROHIBITED, 0); 4073 break; 4074 #endif /* CONFIG_IPV6 */ 4075 } 4076 4077 return rc; 4078 } 4079 4080 /** 4081 * smack_socket_getpeersec_stream - pull in packet label 4082 * @sock: the socket 4083 * @optval: user's destination 4084 * @optlen: size thereof 4085 * @len: max thereof 4086 * 4087 * returns zero on success, an error code otherwise 4088 */ 4089 static int smack_socket_getpeersec_stream(struct socket *sock, 4090 sockptr_t optval, sockptr_t optlen, 4091 unsigned int len) 4092 { 4093 struct socket_smack *ssp; 4094 char *rcp = ""; 4095 u32 slen = 1; 4096 int rc = 0; 4097 4098 ssp = sock->sk->sk_security; 4099 if (ssp->smk_packet != NULL) { 4100 rcp = ssp->smk_packet->smk_known; 4101 slen = strlen(rcp) + 1; 4102 } 4103 if (slen > len) { 4104 rc = -ERANGE; 4105 goto out_len; 4106 } 4107 4108 if (copy_to_sockptr(optval, rcp, slen)) 4109 rc = -EFAULT; 4110 out_len: 4111 if (copy_to_sockptr(optlen, &slen, sizeof(slen))) 4112 rc = -EFAULT; 4113 return rc; 4114 } 4115 4116 4117 /** 4118 * smack_socket_getpeersec_dgram - pull in packet label 4119 * @sock: the peer socket 4120 * @skb: packet data 4121 * @secid: pointer to where to put the secid of the packet 4122 * 4123 * Sets the netlabel socket state on sk from parent 4124 */ 4125 static int smack_socket_getpeersec_dgram(struct socket *sock, 4126 struct sk_buff *skb, u32 *secid) 4127 4128 { 4129 struct socket_smack *ssp = NULL; 4130 struct smack_known *skp; 4131 struct sock *sk = NULL; 4132 int family = PF_UNSPEC; 4133 u32 s = 0; /* 0 is the invalid secid */ 4134 4135 if (skb != NULL) { 4136 if (skb->protocol == htons(ETH_P_IP)) 4137 family = PF_INET; 4138 #if IS_ENABLED(CONFIG_IPV6) 4139 else if (skb->protocol == htons(ETH_P_IPV6)) 4140 family = PF_INET6; 4141 #endif /* CONFIG_IPV6 */ 4142 } 4143 if (family == PF_UNSPEC && sock != NULL) 4144 family = sock->sk->sk_family; 4145 4146 switch (family) { 4147 case PF_UNIX: 4148 ssp = sock->sk->sk_security; 4149 s = ssp->smk_out->smk_secid; 4150 break; 4151 case PF_INET: 4152 skp = smack_from_skb(skb); 4153 if (skp) { 4154 s = skp->smk_secid; 4155 break; 4156 } 4157 /* 4158 * Translate what netlabel gave us. 4159 */ 4160 if (sock != NULL) 4161 sk = sock->sk; 4162 skp = smack_from_netlbl(sk, family, skb); 4163 if (skp != NULL) 4164 s = skp->smk_secid; 4165 break; 4166 case PF_INET6: 4167 #ifdef SMACK_IPV6_SECMARK_LABELING 4168 skp = smack_from_skb(skb); 4169 if (skp) 4170 s = skp->smk_secid; 4171 #endif 4172 break; 4173 } 4174 *secid = s; 4175 if (s == 0) 4176 return -EINVAL; 4177 return 0; 4178 } 4179 4180 /** 4181 * smack_sock_graft - Initialize a newly created socket with an existing sock 4182 * @sk: child sock 4183 * @parent: parent socket 4184 * 4185 * Set the smk_{in,out} state of an existing sock based on the process that 4186 * is creating the new socket. 4187 */ 4188 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4189 { 4190 struct socket_smack *ssp; 4191 struct smack_known *skp = smk_of_current(); 4192 4193 if (sk == NULL || 4194 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4195 return; 4196 4197 ssp = sk->sk_security; 4198 ssp->smk_in = skp; 4199 ssp->smk_out = skp; 4200 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4201 } 4202 4203 /** 4204 * smack_inet_conn_request - Smack access check on connect 4205 * @sk: socket involved 4206 * @skb: packet 4207 * @req: unused 4208 * 4209 * Returns 0 if a task with the packet label could write to 4210 * the socket, otherwise an error code 4211 */ 4212 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4213 struct request_sock *req) 4214 { 4215 u16 family = sk->sk_family; 4216 struct smack_known *skp; 4217 struct socket_smack *ssp = sk->sk_security; 4218 struct sockaddr_in addr; 4219 struct iphdr *hdr; 4220 struct smack_known *hskp; 4221 int rc; 4222 struct smk_audit_info ad; 4223 #ifdef CONFIG_AUDIT 4224 struct lsm_network_audit net; 4225 #endif 4226 4227 #if IS_ENABLED(CONFIG_IPV6) 4228 if (family == PF_INET6) { 4229 /* 4230 * Handle mapped IPv4 packets arriving 4231 * via IPv6 sockets. Don't set up netlabel 4232 * processing on IPv6. 4233 */ 4234 if (skb->protocol == htons(ETH_P_IP)) 4235 family = PF_INET; 4236 else 4237 return 0; 4238 } 4239 #endif /* CONFIG_IPV6 */ 4240 4241 /* 4242 * If there is a secmark use it rather than the CIPSO label. 4243 * If there is no secmark fall back to CIPSO. 4244 * The secmark is assumed to reflect policy better. 4245 */ 4246 skp = smack_from_skb(skb); 4247 if (skp == NULL) { 4248 skp = smack_from_netlbl(sk, family, skb); 4249 if (skp == NULL) 4250 skp = &smack_known_huh; 4251 } 4252 4253 #ifdef CONFIG_AUDIT 4254 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4255 ad.a.u.net->family = family; 4256 ad.a.u.net->netif = skb->skb_iif; 4257 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4258 #endif 4259 /* 4260 * Receiving a packet requires that the other end be able to write 4261 * here. Read access is not required. 4262 */ 4263 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4264 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4265 if (rc != 0) 4266 return rc; 4267 4268 /* 4269 * Save the peer's label in the request_sock so we can later setup 4270 * smk_packet in the child socket so that SO_PEERCRED can report it. 4271 */ 4272 req->peer_secid = skp->smk_secid; 4273 4274 /* 4275 * We need to decide if we want to label the incoming connection here 4276 * if we do we only need to label the request_sock and the stack will 4277 * propagate the wire-label to the sock when it is created. 4278 */ 4279 hdr = ip_hdr(skb); 4280 addr.sin_addr.s_addr = hdr->saddr; 4281 rcu_read_lock(); 4282 hskp = smack_ipv4host_label(&addr); 4283 rcu_read_unlock(); 4284 4285 if (hskp == NULL) 4286 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4287 else 4288 netlbl_req_delattr(req); 4289 4290 return rc; 4291 } 4292 4293 /** 4294 * smack_inet_csk_clone - Copy the connection information to the new socket 4295 * @sk: the new socket 4296 * @req: the connection's request_sock 4297 * 4298 * Transfer the connection's peer label to the newly created socket. 4299 */ 4300 static void smack_inet_csk_clone(struct sock *sk, 4301 const struct request_sock *req) 4302 { 4303 struct socket_smack *ssp = sk->sk_security; 4304 struct smack_known *skp; 4305 4306 if (req->peer_secid != 0) { 4307 skp = smack_from_secid(req->peer_secid); 4308 ssp->smk_packet = skp; 4309 } else 4310 ssp->smk_packet = NULL; 4311 } 4312 4313 /* 4314 * Key management security hooks 4315 * 4316 * Casey has not tested key support very heavily. 4317 * The permission check is most likely too restrictive. 4318 * If you care about keys please have a look. 4319 */ 4320 #ifdef CONFIG_KEYS 4321 4322 /** 4323 * smack_key_alloc - Set the key security blob 4324 * @key: object 4325 * @cred: the credentials to use 4326 * @flags: unused 4327 * 4328 * No allocation required 4329 * 4330 * Returns 0 4331 */ 4332 static int smack_key_alloc(struct key *key, const struct cred *cred, 4333 unsigned long flags) 4334 { 4335 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4336 4337 key->security = skp; 4338 return 0; 4339 } 4340 4341 /** 4342 * smack_key_free - Clear the key security blob 4343 * @key: the object 4344 * 4345 * Clear the blob pointer 4346 */ 4347 static void smack_key_free(struct key *key) 4348 { 4349 key->security = NULL; 4350 } 4351 4352 /** 4353 * smack_key_permission - Smack access on a key 4354 * @key_ref: gets to the object 4355 * @cred: the credentials to use 4356 * @need_perm: requested key permission 4357 * 4358 * Return 0 if the task has read and write to the object, 4359 * an error code otherwise 4360 */ 4361 static int smack_key_permission(key_ref_t key_ref, 4362 const struct cred *cred, 4363 enum key_need_perm need_perm) 4364 { 4365 struct key *keyp; 4366 struct smk_audit_info ad; 4367 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4368 int request = 0; 4369 int rc; 4370 4371 /* 4372 * Validate requested permissions 4373 */ 4374 switch (need_perm) { 4375 case KEY_NEED_READ: 4376 case KEY_NEED_SEARCH: 4377 case KEY_NEED_VIEW: 4378 request |= MAY_READ; 4379 break; 4380 case KEY_NEED_WRITE: 4381 case KEY_NEED_LINK: 4382 case KEY_NEED_SETATTR: 4383 request |= MAY_WRITE; 4384 break; 4385 case KEY_NEED_UNSPECIFIED: 4386 case KEY_NEED_UNLINK: 4387 case KEY_SYSADMIN_OVERRIDE: 4388 case KEY_AUTHTOKEN_OVERRIDE: 4389 case KEY_DEFER_PERM_CHECK: 4390 return 0; 4391 default: 4392 return -EINVAL; 4393 } 4394 4395 keyp = key_ref_to_ptr(key_ref); 4396 if (keyp == NULL) 4397 return -EINVAL; 4398 /* 4399 * If the key hasn't been initialized give it access so that 4400 * it may do so. 4401 */ 4402 if (keyp->security == NULL) 4403 return 0; 4404 /* 4405 * This should not occur 4406 */ 4407 if (tkp == NULL) 4408 return -EACCES; 4409 4410 if (smack_privileged(CAP_MAC_OVERRIDE)) 4411 return 0; 4412 4413 #ifdef CONFIG_AUDIT 4414 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4415 ad.a.u.key_struct.key = keyp->serial; 4416 ad.a.u.key_struct.key_desc = keyp->description; 4417 #endif 4418 rc = smk_access(tkp, keyp->security, request, &ad); 4419 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4420 return rc; 4421 } 4422 4423 /* 4424 * smack_key_getsecurity - Smack label tagging the key 4425 * @key points to the key to be queried 4426 * @_buffer points to a pointer that should be set to point to the 4427 * resulting string (if no label or an error occurs). 4428 * Return the length of the string (including terminating NUL) or -ve if 4429 * an error. 4430 * May also return 0 (and a NULL buffer pointer) if there is no label. 4431 */ 4432 static int smack_key_getsecurity(struct key *key, char **_buffer) 4433 { 4434 struct smack_known *skp = key->security; 4435 size_t length; 4436 char *copy; 4437 4438 if (key->security == NULL) { 4439 *_buffer = NULL; 4440 return 0; 4441 } 4442 4443 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4444 if (copy == NULL) 4445 return -ENOMEM; 4446 length = strlen(copy) + 1; 4447 4448 *_buffer = copy; 4449 return length; 4450 } 4451 4452 4453 #ifdef CONFIG_KEY_NOTIFICATIONS 4454 /** 4455 * smack_watch_key - Smack access to watch a key for notifications. 4456 * @key: The key to be watched 4457 * 4458 * Return 0 if the @watch->cred has permission to read from the key object and 4459 * an error otherwise. 4460 */ 4461 static int smack_watch_key(struct key *key) 4462 { 4463 struct smk_audit_info ad; 4464 struct smack_known *tkp = smk_of_current(); 4465 int rc; 4466 4467 if (key == NULL) 4468 return -EINVAL; 4469 /* 4470 * If the key hasn't been initialized give it access so that 4471 * it may do so. 4472 */ 4473 if (key->security == NULL) 4474 return 0; 4475 /* 4476 * This should not occur 4477 */ 4478 if (tkp == NULL) 4479 return -EACCES; 4480 4481 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4482 return 0; 4483 4484 #ifdef CONFIG_AUDIT 4485 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4486 ad.a.u.key_struct.key = key->serial; 4487 ad.a.u.key_struct.key_desc = key->description; 4488 #endif 4489 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4490 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4491 return rc; 4492 } 4493 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4494 #endif /* CONFIG_KEYS */ 4495 4496 #ifdef CONFIG_WATCH_QUEUE 4497 /** 4498 * smack_post_notification - Smack access to post a notification to a queue 4499 * @w_cred: The credentials of the watcher. 4500 * @cred: The credentials of the event source (may be NULL). 4501 * @n: The notification message to be posted. 4502 */ 4503 static int smack_post_notification(const struct cred *w_cred, 4504 const struct cred *cred, 4505 struct watch_notification *n) 4506 { 4507 struct smk_audit_info ad; 4508 struct smack_known *subj, *obj; 4509 int rc; 4510 4511 /* Always let maintenance notifications through. */ 4512 if (n->type == WATCH_TYPE_META) 4513 return 0; 4514 4515 if (!cred) 4516 return 0; 4517 subj = smk_of_task(smack_cred(cred)); 4518 obj = smk_of_task(smack_cred(w_cred)); 4519 4520 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4521 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4522 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4523 return rc; 4524 } 4525 #endif /* CONFIG_WATCH_QUEUE */ 4526 4527 /* 4528 * Smack Audit hooks 4529 * 4530 * Audit requires a unique representation of each Smack specific 4531 * rule. This unique representation is used to distinguish the 4532 * object to be audited from remaining kernel objects and also 4533 * works as a glue between the audit hooks. 4534 * 4535 * Since repository entries are added but never deleted, we'll use 4536 * the smack_known label address related to the given audit rule as 4537 * the needed unique representation. This also better fits the smack 4538 * model where nearly everything is a label. 4539 */ 4540 #ifdef CONFIG_AUDIT 4541 4542 /** 4543 * smack_audit_rule_init - Initialize a smack audit rule 4544 * @field: audit rule fields given from user-space (audit.h) 4545 * @op: required testing operator (=, !=, >, <, ...) 4546 * @rulestr: smack label to be audited 4547 * @vrule: pointer to save our own audit rule representation 4548 * 4549 * Prepare to audit cases where (@field @op @rulestr) is true. 4550 * The label to be audited is created if necessay. 4551 */ 4552 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4553 { 4554 struct smack_known *skp; 4555 char **rule = (char **)vrule; 4556 *rule = NULL; 4557 4558 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4559 return -EINVAL; 4560 4561 if (op != Audit_equal && op != Audit_not_equal) 4562 return -EINVAL; 4563 4564 skp = smk_import_entry(rulestr, 0); 4565 if (IS_ERR(skp)) 4566 return PTR_ERR(skp); 4567 4568 *rule = skp->smk_known; 4569 4570 return 0; 4571 } 4572 4573 /** 4574 * smack_audit_rule_known - Distinguish Smack audit rules 4575 * @krule: rule of interest, in Audit kernel representation format 4576 * 4577 * This is used to filter Smack rules from remaining Audit ones. 4578 * If it's proved that this rule belongs to us, the 4579 * audit_rule_match hook will be called to do the final judgement. 4580 */ 4581 static int smack_audit_rule_known(struct audit_krule *krule) 4582 { 4583 struct audit_field *f; 4584 int i; 4585 4586 for (i = 0; i < krule->field_count; i++) { 4587 f = &krule->fields[i]; 4588 4589 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4590 return 1; 4591 } 4592 4593 return 0; 4594 } 4595 4596 /** 4597 * smack_audit_rule_match - Audit given object ? 4598 * @secid: security id for identifying the object to test 4599 * @field: audit rule flags given from user-space 4600 * @op: required testing operator 4601 * @vrule: smack internal rule presentation 4602 * 4603 * The core Audit hook. It's used to take the decision of 4604 * whether to audit or not to audit a given object. 4605 */ 4606 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4607 { 4608 struct smack_known *skp; 4609 char *rule = vrule; 4610 4611 if (unlikely(!rule)) { 4612 WARN_ONCE(1, "Smack: missing rule\n"); 4613 return -ENOENT; 4614 } 4615 4616 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4617 return 0; 4618 4619 skp = smack_from_secid(secid); 4620 4621 /* 4622 * No need to do string comparisons. If a match occurs, 4623 * both pointers will point to the same smack_known 4624 * label. 4625 */ 4626 if (op == Audit_equal) 4627 return (rule == skp->smk_known); 4628 if (op == Audit_not_equal) 4629 return (rule != skp->smk_known); 4630 4631 return 0; 4632 } 4633 4634 /* 4635 * There is no need for a smack_audit_rule_free hook. 4636 * No memory was allocated. 4637 */ 4638 4639 #endif /* CONFIG_AUDIT */ 4640 4641 /** 4642 * smack_ismaclabel - check if xattr @name references a smack MAC label 4643 * @name: Full xattr name to check. 4644 */ 4645 static int smack_ismaclabel(const char *name) 4646 { 4647 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4648 } 4649 4650 4651 /** 4652 * smack_secid_to_secctx - return the smack label for a secid 4653 * @secid: incoming integer 4654 * @secdata: destination 4655 * @seclen: how long it is 4656 * 4657 * Exists for networking code. 4658 */ 4659 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4660 { 4661 struct smack_known *skp = smack_from_secid(secid); 4662 4663 if (secdata) 4664 *secdata = skp->smk_known; 4665 *seclen = strlen(skp->smk_known); 4666 return 0; 4667 } 4668 4669 /** 4670 * smack_secctx_to_secid - return the secid for a smack label 4671 * @secdata: smack label 4672 * @seclen: how long result is 4673 * @secid: outgoing integer 4674 * 4675 * Exists for audit and networking code. 4676 */ 4677 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4678 { 4679 struct smack_known *skp = smk_find_entry(secdata); 4680 4681 if (skp) 4682 *secid = skp->smk_secid; 4683 else 4684 *secid = 0; 4685 return 0; 4686 } 4687 4688 /* 4689 * There used to be a smack_release_secctx hook 4690 * that did nothing back when hooks were in a vector. 4691 * Now that there's a list such a hook adds cost. 4692 */ 4693 4694 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4695 { 4696 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4697 ctxlen, 0); 4698 } 4699 4700 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4701 { 4702 return __vfs_setxattr_noperm(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK, 4703 ctx, ctxlen, 0); 4704 } 4705 4706 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4707 { 4708 struct smack_known *skp = smk_of_inode(inode); 4709 4710 *ctx = skp->smk_known; 4711 *ctxlen = strlen(skp->smk_known); 4712 return 0; 4713 } 4714 4715 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4716 { 4717 4718 struct task_smack *tsp; 4719 struct smack_known *skp; 4720 struct inode_smack *isp; 4721 struct cred *new_creds = *new; 4722 4723 if (new_creds == NULL) { 4724 new_creds = prepare_creds(); 4725 if (new_creds == NULL) 4726 return -ENOMEM; 4727 } 4728 4729 tsp = smack_cred(new_creds); 4730 4731 /* 4732 * Get label from overlay inode and set it in create_sid 4733 */ 4734 isp = smack_inode(d_inode(dentry)); 4735 skp = isp->smk_inode; 4736 tsp->smk_task = skp; 4737 *new = new_creds; 4738 return 0; 4739 } 4740 4741 static int smack_inode_copy_up_xattr(const char *name) 4742 { 4743 /* 4744 * Return 1 if this is the smack access Smack attribute. 4745 */ 4746 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4747 return 1; 4748 4749 return -EOPNOTSUPP; 4750 } 4751 4752 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4753 struct qstr *name, 4754 const struct cred *old, 4755 struct cred *new) 4756 { 4757 struct task_smack *otsp = smack_cred(old); 4758 struct task_smack *ntsp = smack_cred(new); 4759 struct inode_smack *isp; 4760 int may; 4761 4762 /* 4763 * Use the process credential unless all of 4764 * the transmuting criteria are met 4765 */ 4766 ntsp->smk_task = otsp->smk_task; 4767 4768 /* 4769 * the attribute of the containing directory 4770 */ 4771 isp = smack_inode(d_inode(dentry->d_parent)); 4772 4773 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4774 rcu_read_lock(); 4775 may = smk_access_entry(otsp->smk_task->smk_known, 4776 isp->smk_inode->smk_known, 4777 &otsp->smk_task->smk_rules); 4778 rcu_read_unlock(); 4779 4780 /* 4781 * If the directory is transmuting and the rule 4782 * providing access is transmuting use the containing 4783 * directory label instead of the process label. 4784 */ 4785 if (may > 0 && (may & MAY_TRANSMUTE)) { 4786 ntsp->smk_task = isp->smk_inode; 4787 ntsp->smk_transmuted = ntsp->smk_task; 4788 } 4789 } 4790 return 0; 4791 } 4792 4793 #ifdef CONFIG_IO_URING 4794 /** 4795 * smack_uring_override_creds - Is io_uring cred override allowed? 4796 * @new: the target creds 4797 * 4798 * Check to see if the current task is allowed to override it's credentials 4799 * to service an io_uring operation. 4800 */ 4801 static int smack_uring_override_creds(const struct cred *new) 4802 { 4803 struct task_smack *tsp = smack_cred(current_cred()); 4804 struct task_smack *nsp = smack_cred(new); 4805 4806 /* 4807 * Allow the degenerate case where the new Smack value is 4808 * the same as the current Smack value. 4809 */ 4810 if (tsp->smk_task == nsp->smk_task) 4811 return 0; 4812 4813 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4814 return 0; 4815 4816 return -EPERM; 4817 } 4818 4819 /** 4820 * smack_uring_sqpoll - check if a io_uring polling thread can be created 4821 * 4822 * Check to see if the current task is allowed to create a new io_uring 4823 * kernel polling thread. 4824 */ 4825 static int smack_uring_sqpoll(void) 4826 { 4827 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) 4828 return 0; 4829 4830 return -EPERM; 4831 } 4832 4833 /** 4834 * smack_uring_cmd - check on file operations for io_uring 4835 * @ioucmd: the command in question 4836 * 4837 * Make a best guess about whether a io_uring "command" should 4838 * be allowed. Use the same logic used for determining if the 4839 * file could be opened for read in the absence of better criteria. 4840 */ 4841 static int smack_uring_cmd(struct io_uring_cmd *ioucmd) 4842 { 4843 struct file *file = ioucmd->file; 4844 struct smk_audit_info ad; 4845 struct task_smack *tsp; 4846 struct inode *inode; 4847 int rc; 4848 4849 if (!file) 4850 return -EINVAL; 4851 4852 tsp = smack_cred(file->f_cred); 4853 inode = file_inode(file); 4854 4855 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 4856 smk_ad_setfield_u_fs_path(&ad, file->f_path); 4857 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 4858 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 4859 4860 return rc; 4861 } 4862 4863 #endif /* CONFIG_IO_URING */ 4864 4865 struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { 4866 .lbs_cred = sizeof(struct task_smack), 4867 .lbs_file = sizeof(struct smack_known *), 4868 .lbs_inode = sizeof(struct inode_smack), 4869 .lbs_ipc = sizeof(struct smack_known *), 4870 .lbs_msg_msg = sizeof(struct smack_known *), 4871 .lbs_superblock = sizeof(struct superblock_smack), 4872 }; 4873 4874 static struct security_hook_list smack_hooks[] __ro_after_init = { 4875 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4876 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4877 LSM_HOOK_INIT(syslog, smack_syslog), 4878 4879 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4880 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4881 4882 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4883 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4884 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4885 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4886 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4887 4888 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4889 4890 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4891 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4892 LSM_HOOK_INIT(inode_link, smack_inode_link), 4893 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4894 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4895 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4896 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4897 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4898 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4899 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4900 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4901 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4902 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4903 LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl), 4904 LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl), 4905 LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl), 4906 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4907 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4908 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4909 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4910 4911 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4912 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4913 LSM_HOOK_INIT(file_lock, smack_file_lock), 4914 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4915 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4916 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4917 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4918 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4919 LSM_HOOK_INIT(file_receive, smack_file_receive), 4920 4921 LSM_HOOK_INIT(file_open, smack_file_open), 4922 4923 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4924 LSM_HOOK_INIT(cred_free, smack_cred_free), 4925 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4926 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4927 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4928 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4929 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4930 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4931 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4932 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4933 LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj), 4934 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), 4935 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4936 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4937 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4938 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4939 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4940 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4941 LSM_HOOK_INIT(task_kill, smack_task_kill), 4942 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4943 4944 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4945 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4946 4947 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4948 4949 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4950 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4951 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4952 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4953 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4954 4955 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4956 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4957 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4958 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4959 4960 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4961 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4962 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4963 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4964 4965 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4966 4967 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4968 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4969 4970 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4971 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4972 4973 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4974 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4975 #ifdef SMACK_IPV6_PORT_LABELING 4976 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4977 #endif 4978 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4979 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4980 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4981 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4982 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4983 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4984 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4985 LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security), 4986 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4987 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4988 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4989 4990 /* key management security hooks */ 4991 #ifdef CONFIG_KEYS 4992 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4993 LSM_HOOK_INIT(key_free, smack_key_free), 4994 LSM_HOOK_INIT(key_permission, smack_key_permission), 4995 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4996 #ifdef CONFIG_KEY_NOTIFICATIONS 4997 LSM_HOOK_INIT(watch_key, smack_watch_key), 4998 #endif 4999 #endif /* CONFIG_KEYS */ 5000 5001 #ifdef CONFIG_WATCH_QUEUE 5002 LSM_HOOK_INIT(post_notification, smack_post_notification), 5003 #endif 5004 5005 /* Audit hooks */ 5006 #ifdef CONFIG_AUDIT 5007 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 5008 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 5009 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 5010 #endif /* CONFIG_AUDIT */ 5011 5012 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 5013 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 5014 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 5015 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 5016 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 5017 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 5018 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 5019 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 5020 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 5021 #ifdef CONFIG_IO_URING 5022 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds), 5023 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll), 5024 LSM_HOOK_INIT(uring_cmd, smack_uring_cmd), 5025 #endif 5026 }; 5027 5028 5029 static __init void init_smack_known_list(void) 5030 { 5031 /* 5032 * Initialize rule list locks 5033 */ 5034 mutex_init(&smack_known_huh.smk_rules_lock); 5035 mutex_init(&smack_known_hat.smk_rules_lock); 5036 mutex_init(&smack_known_floor.smk_rules_lock); 5037 mutex_init(&smack_known_star.smk_rules_lock); 5038 mutex_init(&smack_known_web.smk_rules_lock); 5039 /* 5040 * Initialize rule lists 5041 */ 5042 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 5043 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 5044 INIT_LIST_HEAD(&smack_known_star.smk_rules); 5045 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 5046 INIT_LIST_HEAD(&smack_known_web.smk_rules); 5047 /* 5048 * Create the known labels list 5049 */ 5050 smk_insert_entry(&smack_known_huh); 5051 smk_insert_entry(&smack_known_hat); 5052 smk_insert_entry(&smack_known_star); 5053 smk_insert_entry(&smack_known_floor); 5054 smk_insert_entry(&smack_known_web); 5055 } 5056 5057 /** 5058 * smack_init - initialize the smack system 5059 * 5060 * Returns 0 on success, -ENOMEM is there's no memory 5061 */ 5062 static __init int smack_init(void) 5063 { 5064 struct cred *cred = (struct cred *) current->cred; 5065 struct task_smack *tsp; 5066 5067 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 5068 if (!smack_rule_cache) 5069 return -ENOMEM; 5070 5071 /* 5072 * Set the security state for the initial task. 5073 */ 5074 tsp = smack_cred(cred); 5075 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 5076 5077 /* 5078 * Register with LSM 5079 */ 5080 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 5081 smack_enabled = 1; 5082 5083 pr_info("Smack: Initializing.\n"); 5084 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 5085 pr_info("Smack: Netfilter enabled.\n"); 5086 #endif 5087 #ifdef SMACK_IPV6_PORT_LABELING 5088 pr_info("Smack: IPv6 port labeling enabled.\n"); 5089 #endif 5090 #ifdef SMACK_IPV6_SECMARK_LABELING 5091 pr_info("Smack: IPv6 Netfilter enabled.\n"); 5092 #endif 5093 5094 /* initialize the smack_known_list */ 5095 init_smack_known_list(); 5096 5097 return 0; 5098 } 5099 5100 /* 5101 * Smack requires early initialization in order to label 5102 * all processes and objects when they are created. 5103 */ 5104 DEFINE_LSM(smack) = { 5105 .name = "smack", 5106 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 5107 .blobs = &smack_blob_sizes, 5108 .init = smack_init, 5109 }; 5110