1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include "smack.h" 46 47 #define TRANS_TRUE "TRUE" 48 #define TRANS_TRUE_SIZE 4 49 50 #define SMK_CONNECTING 0 51 #define SMK_RECEIVING 1 52 #define SMK_SENDING 2 53 54 static DEFINE_MUTEX(smack_ipv6_lock); 55 static LIST_HEAD(smk_ipv6_port_list); 56 struct kmem_cache *smack_rule_cache; 57 int smack_enabled; 58 59 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 60 static struct { 61 const char *name; 62 int len; 63 int opt; 64 } smk_mount_opts[] = { 65 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 66 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 67 }; 68 #undef A 69 70 static int match_opt_prefix(char *s, int l, char **arg) 71 { 72 int i; 73 74 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 75 size_t len = smk_mount_opts[i].len; 76 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 77 continue; 78 if (len == l || s[len] != '=') 79 continue; 80 *arg = s + len + 1; 81 return smk_mount_opts[i].opt; 82 } 83 return Opt_error; 84 } 85 86 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 87 static char *smk_bu_mess[] = { 88 "Bringup Error", /* Unused */ 89 "Bringup", /* SMACK_BRINGUP_ALLOW */ 90 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 91 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 92 }; 93 94 static void smk_bu_mode(int mode, char *s) 95 { 96 int i = 0; 97 98 if (mode & MAY_READ) 99 s[i++] = 'r'; 100 if (mode & MAY_WRITE) 101 s[i++] = 'w'; 102 if (mode & MAY_EXEC) 103 s[i++] = 'x'; 104 if (mode & MAY_APPEND) 105 s[i++] = 'a'; 106 if (mode & MAY_TRANSMUTE) 107 s[i++] = 't'; 108 if (mode & MAY_LOCK) 109 s[i++] = 'l'; 110 if (i == 0) 111 s[i++] = '-'; 112 s[i] = '\0'; 113 } 114 #endif 115 116 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 117 static int smk_bu_note(char *note, struct smack_known *sskp, 118 struct smack_known *oskp, int mode, int rc) 119 { 120 char acc[SMK_NUM_ACCESS_TYPE + 1]; 121 122 if (rc <= 0) 123 return rc; 124 if (rc > SMACK_UNCONFINED_OBJECT) 125 rc = 0; 126 127 smk_bu_mode(mode, acc); 128 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 129 sskp->smk_known, oskp->smk_known, acc, note); 130 return 0; 131 } 132 #else 133 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 134 #endif 135 136 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 137 static int smk_bu_current(char *note, struct smack_known *oskp, 138 int mode, int rc) 139 { 140 struct task_smack *tsp = smack_cred(current_cred()); 141 char acc[SMK_NUM_ACCESS_TYPE + 1]; 142 143 if (rc <= 0) 144 return rc; 145 if (rc > SMACK_UNCONFINED_OBJECT) 146 rc = 0; 147 148 smk_bu_mode(mode, acc); 149 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 150 tsp->smk_task->smk_known, oskp->smk_known, 151 acc, current->comm, note); 152 return 0; 153 } 154 #else 155 #define smk_bu_current(note, oskp, mode, RC) (RC) 156 #endif 157 158 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 159 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 160 { 161 struct task_smack *tsp = smack_cred(current_cred()); 162 struct smack_known *smk_task = smk_of_task_struct(otp); 163 char acc[SMK_NUM_ACCESS_TYPE + 1]; 164 165 if (rc <= 0) 166 return rc; 167 if (rc > SMACK_UNCONFINED_OBJECT) 168 rc = 0; 169 170 smk_bu_mode(mode, acc); 171 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 172 tsp->smk_task->smk_known, smk_task->smk_known, acc, 173 current->comm, otp->comm); 174 return 0; 175 } 176 #else 177 #define smk_bu_task(otp, mode, RC) (RC) 178 #endif 179 180 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 181 static int smk_bu_inode(struct inode *inode, int mode, int rc) 182 { 183 struct task_smack *tsp = smack_cred(current_cred()); 184 struct inode_smack *isp = smack_inode(inode); 185 char acc[SMK_NUM_ACCESS_TYPE + 1]; 186 187 if (isp->smk_flags & SMK_INODE_IMPURE) 188 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 189 inode->i_sb->s_id, inode->i_ino, current->comm); 190 191 if (rc <= 0) 192 return rc; 193 if (rc > SMACK_UNCONFINED_OBJECT) 194 rc = 0; 195 if (rc == SMACK_UNCONFINED_SUBJECT && 196 (mode & (MAY_WRITE | MAY_APPEND))) 197 isp->smk_flags |= SMK_INODE_IMPURE; 198 199 smk_bu_mode(mode, acc); 200 201 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 202 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 203 inode->i_sb->s_id, inode->i_ino, current->comm); 204 return 0; 205 } 206 #else 207 #define smk_bu_inode(inode, mode, RC) (RC) 208 #endif 209 210 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 211 static int smk_bu_file(struct file *file, int mode, int rc) 212 { 213 struct task_smack *tsp = smack_cred(current_cred()); 214 struct smack_known *sskp = tsp->smk_task; 215 struct inode *inode = file_inode(file); 216 struct inode_smack *isp = smack_inode(inode); 217 char acc[SMK_NUM_ACCESS_TYPE + 1]; 218 219 if (isp->smk_flags & SMK_INODE_IMPURE) 220 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 221 inode->i_sb->s_id, inode->i_ino, current->comm); 222 223 if (rc <= 0) 224 return rc; 225 if (rc > SMACK_UNCONFINED_OBJECT) 226 rc = 0; 227 228 smk_bu_mode(mode, acc); 229 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 230 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 231 inode->i_sb->s_id, inode->i_ino, file, 232 current->comm); 233 return 0; 234 } 235 #else 236 #define smk_bu_file(file, mode, RC) (RC) 237 #endif 238 239 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 240 static int smk_bu_credfile(const struct cred *cred, struct file *file, 241 int mode, int rc) 242 { 243 struct task_smack *tsp = smack_cred(cred); 244 struct smack_known *sskp = tsp->smk_task; 245 struct inode *inode = file_inode(file); 246 struct inode_smack *isp = smack_inode(inode); 247 char acc[SMK_NUM_ACCESS_TYPE + 1]; 248 249 if (isp->smk_flags & SMK_INODE_IMPURE) 250 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 251 inode->i_sb->s_id, inode->i_ino, current->comm); 252 253 if (rc <= 0) 254 return rc; 255 if (rc > SMACK_UNCONFINED_OBJECT) 256 rc = 0; 257 258 smk_bu_mode(mode, acc); 259 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 260 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 261 inode->i_sb->s_id, inode->i_ino, file, 262 current->comm); 263 return 0; 264 } 265 #else 266 #define smk_bu_credfile(cred, file, mode, RC) (RC) 267 #endif 268 269 /** 270 * smk_fetch - Fetch the smack label from a file. 271 * @name: type of the label (attribute) 272 * @ip: a pointer to the inode 273 * @dp: a pointer to the dentry 274 * 275 * Returns a pointer to the master list entry for the Smack label, 276 * NULL if there was no label to fetch, or an error code. 277 */ 278 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 279 struct dentry *dp) 280 { 281 int rc; 282 char *buffer; 283 struct smack_known *skp = NULL; 284 285 if (!(ip->i_opflags & IOP_XATTR)) 286 return ERR_PTR(-EOPNOTSUPP); 287 288 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 289 if (buffer == NULL) 290 return ERR_PTR(-ENOMEM); 291 292 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 293 if (rc < 0) 294 skp = ERR_PTR(rc); 295 else if (rc == 0) 296 skp = NULL; 297 else 298 skp = smk_import_entry(buffer, rc); 299 300 kfree(buffer); 301 302 return skp; 303 } 304 305 /** 306 * init_inode_smack - initialize an inode security blob 307 * @inode: inode to extract the info from 308 * @skp: a pointer to the Smack label entry to use in the blob 309 * 310 */ 311 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 312 { 313 struct inode_smack *isp = smack_inode(inode); 314 315 isp->smk_inode = skp; 316 isp->smk_flags = 0; 317 } 318 319 /** 320 * init_task_smack - initialize a task security blob 321 * @tsp: blob to initialize 322 * @task: a pointer to the Smack label for the running task 323 * @forked: a pointer to the Smack label for the forked task 324 * 325 */ 326 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 327 struct smack_known *forked) 328 { 329 tsp->smk_task = task; 330 tsp->smk_forked = forked; 331 INIT_LIST_HEAD(&tsp->smk_rules); 332 INIT_LIST_HEAD(&tsp->smk_relabel); 333 mutex_init(&tsp->smk_rules_lock); 334 } 335 336 /** 337 * smk_copy_rules - copy a rule set 338 * @nhead: new rules header pointer 339 * @ohead: old rules header pointer 340 * @gfp: type of the memory for the allocation 341 * 342 * Returns 0 on success, -ENOMEM on error 343 */ 344 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 345 gfp_t gfp) 346 { 347 struct smack_rule *nrp; 348 struct smack_rule *orp; 349 int rc = 0; 350 351 list_for_each_entry_rcu(orp, ohead, list) { 352 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 353 if (nrp == NULL) { 354 rc = -ENOMEM; 355 break; 356 } 357 *nrp = *orp; 358 list_add_rcu(&nrp->list, nhead); 359 } 360 return rc; 361 } 362 363 /** 364 * smk_copy_relabel - copy smk_relabel labels list 365 * @nhead: new rules header pointer 366 * @ohead: old rules header pointer 367 * @gfp: type of the memory for the allocation 368 * 369 * Returns 0 on success, -ENOMEM on error 370 */ 371 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 372 gfp_t gfp) 373 { 374 struct smack_known_list_elem *nklep; 375 struct smack_known_list_elem *oklep; 376 377 list_for_each_entry(oklep, ohead, list) { 378 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 379 if (nklep == NULL) { 380 smk_destroy_label_list(nhead); 381 return -ENOMEM; 382 } 383 nklep->smk_label = oklep->smk_label; 384 list_add(&nklep->list, nhead); 385 } 386 387 return 0; 388 } 389 390 /** 391 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 392 * @mode - input mode in form of PTRACE_MODE_* 393 * 394 * Returns a converted MAY_* mode usable by smack rules 395 */ 396 static inline unsigned int smk_ptrace_mode(unsigned int mode) 397 { 398 if (mode & PTRACE_MODE_ATTACH) 399 return MAY_READWRITE; 400 if (mode & PTRACE_MODE_READ) 401 return MAY_READ; 402 403 return 0; 404 } 405 406 /** 407 * smk_ptrace_rule_check - helper for ptrace access 408 * @tracer: tracer process 409 * @tracee_known: label entry of the process that's about to be traced 410 * @mode: ptrace attachment mode (PTRACE_MODE_*) 411 * @func: name of the function that called us, used for audit 412 * 413 * Returns 0 on access granted, -error on error 414 */ 415 static int smk_ptrace_rule_check(struct task_struct *tracer, 416 struct smack_known *tracee_known, 417 unsigned int mode, const char *func) 418 { 419 int rc; 420 struct smk_audit_info ad, *saip = NULL; 421 struct task_smack *tsp; 422 struct smack_known *tracer_known; 423 const struct cred *tracercred; 424 425 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 426 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 427 smk_ad_setfield_u_tsk(&ad, tracer); 428 saip = &ad; 429 } 430 431 rcu_read_lock(); 432 tracercred = __task_cred(tracer); 433 tsp = smack_cred(tracercred); 434 tracer_known = smk_of_task(tsp); 435 436 if ((mode & PTRACE_MODE_ATTACH) && 437 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 438 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 439 if (tracer_known->smk_known == tracee_known->smk_known) 440 rc = 0; 441 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 442 rc = -EACCES; 443 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 444 rc = 0; 445 else 446 rc = -EACCES; 447 448 if (saip) 449 smack_log(tracer_known->smk_known, 450 tracee_known->smk_known, 451 0, rc, saip); 452 453 rcu_read_unlock(); 454 return rc; 455 } 456 457 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 458 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 459 460 rcu_read_unlock(); 461 return rc; 462 } 463 464 /* 465 * LSM hooks. 466 * We he, that is fun! 467 */ 468 469 /** 470 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 471 * @ctp: child task pointer 472 * @mode: ptrace attachment mode (PTRACE_MODE_*) 473 * 474 * Returns 0 if access is OK, an error code otherwise 475 * 476 * Do the capability checks. 477 */ 478 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 479 { 480 struct smack_known *skp; 481 482 skp = smk_of_task_struct(ctp); 483 484 return smk_ptrace_rule_check(current, skp, mode, __func__); 485 } 486 487 /** 488 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 489 * @ptp: parent task pointer 490 * 491 * Returns 0 if access is OK, an error code otherwise 492 * 493 * Do the capability checks, and require PTRACE_MODE_ATTACH. 494 */ 495 static int smack_ptrace_traceme(struct task_struct *ptp) 496 { 497 int rc; 498 struct smack_known *skp; 499 500 skp = smk_of_task(smack_cred(current_cred())); 501 502 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 503 return rc; 504 } 505 506 /** 507 * smack_syslog - Smack approval on syslog 508 * @typefrom_file: unused 509 * 510 * Returns 0 on success, error code otherwise. 511 */ 512 static int smack_syslog(int typefrom_file) 513 { 514 int rc = 0; 515 struct smack_known *skp = smk_of_current(); 516 517 if (smack_privileged(CAP_MAC_OVERRIDE)) 518 return 0; 519 520 if (smack_syslog_label != NULL && smack_syslog_label != skp) 521 rc = -EACCES; 522 523 return rc; 524 } 525 526 /* 527 * Superblock Hooks. 528 */ 529 530 /** 531 * smack_sb_alloc_security - allocate a superblock blob 532 * @sb: the superblock getting the blob 533 * 534 * Returns 0 on success or -ENOMEM on error. 535 */ 536 static int smack_sb_alloc_security(struct super_block *sb) 537 { 538 struct superblock_smack *sbsp; 539 540 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 541 542 if (sbsp == NULL) 543 return -ENOMEM; 544 545 sbsp->smk_root = &smack_known_floor; 546 sbsp->smk_default = &smack_known_floor; 547 sbsp->smk_floor = &smack_known_floor; 548 sbsp->smk_hat = &smack_known_hat; 549 /* 550 * SMK_SB_INITIALIZED will be zero from kzalloc. 551 */ 552 sb->s_security = sbsp; 553 554 return 0; 555 } 556 557 /** 558 * smack_sb_free_security - free a superblock blob 559 * @sb: the superblock getting the blob 560 * 561 */ 562 static void smack_sb_free_security(struct super_block *sb) 563 { 564 kfree(sb->s_security); 565 sb->s_security = NULL; 566 } 567 568 struct smack_mnt_opts { 569 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; 570 }; 571 572 static void smack_free_mnt_opts(void *mnt_opts) 573 { 574 struct smack_mnt_opts *opts = mnt_opts; 575 kfree(opts->fsdefault); 576 kfree(opts->fsfloor); 577 kfree(opts->fshat); 578 kfree(opts->fsroot); 579 kfree(opts->fstransmute); 580 kfree(opts); 581 } 582 583 static int smack_add_opt(int token, const char *s, void **mnt_opts) 584 { 585 struct smack_mnt_opts *opts = *mnt_opts; 586 587 if (!opts) { 588 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 589 if (!opts) 590 return -ENOMEM; 591 *mnt_opts = opts; 592 } 593 if (!s) 594 return -ENOMEM; 595 596 switch (token) { 597 case Opt_fsdefault: 598 if (opts->fsdefault) 599 goto out_opt_err; 600 opts->fsdefault = s; 601 break; 602 case Opt_fsfloor: 603 if (opts->fsfloor) 604 goto out_opt_err; 605 opts->fsfloor = s; 606 break; 607 case Opt_fshat: 608 if (opts->fshat) 609 goto out_opt_err; 610 opts->fshat = s; 611 break; 612 case Opt_fsroot: 613 if (opts->fsroot) 614 goto out_opt_err; 615 opts->fsroot = s; 616 break; 617 case Opt_fstransmute: 618 if (opts->fstransmute) 619 goto out_opt_err; 620 opts->fstransmute = s; 621 break; 622 } 623 return 0; 624 625 out_opt_err: 626 pr_warn("Smack: duplicate mount options\n"); 627 return -EINVAL; 628 } 629 630 /** 631 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 632 * @fc: The new filesystem context. 633 * @src_fc: The source filesystem context being duplicated. 634 * 635 * Returns 0 on success or -ENOMEM on error. 636 */ 637 static int smack_fs_context_dup(struct fs_context *fc, 638 struct fs_context *src_fc) 639 { 640 struct smack_mnt_opts *dst, *src = src_fc->security; 641 642 if (!src) 643 return 0; 644 645 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 646 if (!fc->security) 647 return -ENOMEM; 648 dst = fc->security; 649 650 if (src->fsdefault) { 651 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); 652 if (!dst->fsdefault) 653 return -ENOMEM; 654 } 655 if (src->fsfloor) { 656 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL); 657 if (!dst->fsfloor) 658 return -ENOMEM; 659 } 660 if (src->fshat) { 661 dst->fshat = kstrdup(src->fshat, GFP_KERNEL); 662 if (!dst->fshat) 663 return -ENOMEM; 664 } 665 if (src->fsroot) { 666 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL); 667 if (!dst->fsroot) 668 return -ENOMEM; 669 } 670 if (src->fstransmute) { 671 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL); 672 if (!dst->fstransmute) 673 return -ENOMEM; 674 } 675 return 0; 676 } 677 678 static const struct fs_parameter_spec smack_fs_parameters[] = { 679 fsparam_string("smackfsdef", Opt_fsdefault), 680 fsparam_string("smackfsdefault", Opt_fsdefault), 681 fsparam_string("smackfsfloor", Opt_fsfloor), 682 fsparam_string("smackfshat", Opt_fshat), 683 fsparam_string("smackfsroot", Opt_fsroot), 684 fsparam_string("smackfstransmute", Opt_fstransmute), 685 {} 686 }; 687 688 /** 689 * smack_fs_context_parse_param - Parse a single mount parameter 690 * @fc: The new filesystem context being constructed. 691 * @param: The parameter. 692 * 693 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 694 * error. 695 */ 696 static int smack_fs_context_parse_param(struct fs_context *fc, 697 struct fs_parameter *param) 698 { 699 struct fs_parse_result result; 700 int opt, rc; 701 702 opt = fs_parse(fc, smack_fs_parameters, param, &result); 703 if (opt < 0) 704 return opt; 705 706 rc = smack_add_opt(opt, param->string, &fc->security); 707 if (!rc) 708 param->string = NULL; 709 return rc; 710 } 711 712 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 713 { 714 char *from = options, *to = options; 715 bool first = true; 716 717 while (1) { 718 char *next = strchr(from, ','); 719 int token, len, rc; 720 char *arg = NULL; 721 722 if (next) 723 len = next - from; 724 else 725 len = strlen(from); 726 727 token = match_opt_prefix(from, len, &arg); 728 if (token != Opt_error) { 729 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 730 rc = smack_add_opt(token, arg, mnt_opts); 731 if (unlikely(rc)) { 732 kfree(arg); 733 if (*mnt_opts) 734 smack_free_mnt_opts(*mnt_opts); 735 *mnt_opts = NULL; 736 return rc; 737 } 738 } else { 739 if (!first) { // copy with preceding comma 740 from--; 741 len++; 742 } 743 if (to != from) 744 memmove(to, from, len); 745 to += len; 746 first = false; 747 } 748 if (!from[len]) 749 break; 750 from += len + 1; 751 } 752 *to = '\0'; 753 return 0; 754 } 755 756 /** 757 * smack_set_mnt_opts - set Smack specific mount options 758 * @sb: the file system superblock 759 * @mnt_opts: Smack mount options 760 * @kern_flags: mount option from kernel space or user space 761 * @set_kern_flags: where to store converted mount opts 762 * 763 * Returns 0 on success, an error code on failure 764 * 765 * Allow filesystems with binary mount data to explicitly set Smack mount 766 * labels. 767 */ 768 static int smack_set_mnt_opts(struct super_block *sb, 769 void *mnt_opts, 770 unsigned long kern_flags, 771 unsigned long *set_kern_flags) 772 { 773 struct dentry *root = sb->s_root; 774 struct inode *inode = d_backing_inode(root); 775 struct superblock_smack *sp = sb->s_security; 776 struct inode_smack *isp; 777 struct smack_known *skp; 778 struct smack_mnt_opts *opts = mnt_opts; 779 bool transmute = false; 780 781 if (sp->smk_flags & SMK_SB_INITIALIZED) 782 return 0; 783 784 if (inode->i_security == NULL) { 785 int rc = lsm_inode_alloc(inode); 786 787 if (rc) 788 return rc; 789 } 790 791 if (!smack_privileged(CAP_MAC_ADMIN)) { 792 /* 793 * Unprivileged mounts don't get to specify Smack values. 794 */ 795 if (opts) 796 return -EPERM; 797 /* 798 * Unprivileged mounts get root and default from the caller. 799 */ 800 skp = smk_of_current(); 801 sp->smk_root = skp; 802 sp->smk_default = skp; 803 /* 804 * For a handful of fs types with no user-controlled 805 * backing store it's okay to trust security labels 806 * in the filesystem. The rest are untrusted. 807 */ 808 if (sb->s_user_ns != &init_user_ns && 809 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 810 sb->s_magic != RAMFS_MAGIC) { 811 transmute = true; 812 sp->smk_flags |= SMK_SB_UNTRUSTED; 813 } 814 } 815 816 sp->smk_flags |= SMK_SB_INITIALIZED; 817 818 if (opts) { 819 if (opts->fsdefault) { 820 skp = smk_import_entry(opts->fsdefault, 0); 821 if (IS_ERR(skp)) 822 return PTR_ERR(skp); 823 sp->smk_default = skp; 824 } 825 if (opts->fsfloor) { 826 skp = smk_import_entry(opts->fsfloor, 0); 827 if (IS_ERR(skp)) 828 return PTR_ERR(skp); 829 sp->smk_floor = skp; 830 } 831 if (opts->fshat) { 832 skp = smk_import_entry(opts->fshat, 0); 833 if (IS_ERR(skp)) 834 return PTR_ERR(skp); 835 sp->smk_hat = skp; 836 } 837 if (opts->fsroot) { 838 skp = smk_import_entry(opts->fsroot, 0); 839 if (IS_ERR(skp)) 840 return PTR_ERR(skp); 841 sp->smk_root = skp; 842 } 843 if (opts->fstransmute) { 844 skp = smk_import_entry(opts->fstransmute, 0); 845 if (IS_ERR(skp)) 846 return PTR_ERR(skp); 847 sp->smk_root = skp; 848 transmute = true; 849 } 850 } 851 852 /* 853 * Initialize the root inode. 854 */ 855 init_inode_smack(inode, sp->smk_root); 856 857 if (transmute) { 858 isp = smack_inode(inode); 859 isp->smk_flags |= SMK_INODE_TRANSMUTE; 860 } 861 862 return 0; 863 } 864 865 /** 866 * smack_sb_statfs - Smack check on statfs 867 * @dentry: identifies the file system in question 868 * 869 * Returns 0 if current can read the floor of the filesystem, 870 * and error code otherwise 871 */ 872 static int smack_sb_statfs(struct dentry *dentry) 873 { 874 struct superblock_smack *sbp = dentry->d_sb->s_security; 875 int rc; 876 struct smk_audit_info ad; 877 878 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 879 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 880 881 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 882 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 883 return rc; 884 } 885 886 /* 887 * BPRM hooks 888 */ 889 890 /** 891 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 892 * @bprm: the exec information 893 * 894 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 895 */ 896 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 897 { 898 struct inode *inode = file_inode(bprm->file); 899 struct task_smack *bsp = smack_cred(bprm->cred); 900 struct inode_smack *isp; 901 struct superblock_smack *sbsp; 902 int rc; 903 904 isp = smack_inode(inode); 905 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 906 return 0; 907 908 sbsp = inode->i_sb->s_security; 909 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 910 isp->smk_task != sbsp->smk_root) 911 return 0; 912 913 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 914 struct task_struct *tracer; 915 rc = 0; 916 917 rcu_read_lock(); 918 tracer = ptrace_parent(current); 919 if (likely(tracer != NULL)) 920 rc = smk_ptrace_rule_check(tracer, 921 isp->smk_task, 922 PTRACE_MODE_ATTACH, 923 __func__); 924 rcu_read_unlock(); 925 926 if (rc != 0) 927 return rc; 928 } 929 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 930 return -EPERM; 931 932 bsp->smk_task = isp->smk_task; 933 bprm->per_clear |= PER_CLEAR_ON_SETID; 934 935 /* Decide if this is a secure exec. */ 936 if (bsp->smk_task != bsp->smk_forked) 937 bprm->secureexec = 1; 938 939 return 0; 940 } 941 942 /* 943 * Inode hooks 944 */ 945 946 /** 947 * smack_inode_alloc_security - allocate an inode blob 948 * @inode: the inode in need of a blob 949 * 950 * Returns 0 951 */ 952 static int smack_inode_alloc_security(struct inode *inode) 953 { 954 struct smack_known *skp = smk_of_current(); 955 956 init_inode_smack(inode, skp); 957 return 0; 958 } 959 960 /** 961 * smack_inode_init_security - copy out the smack from an inode 962 * @inode: the newly created inode 963 * @dir: containing directory object 964 * @qstr: unused 965 * @name: where to put the attribute name 966 * @value: where to put the attribute value 967 * @len: where to put the length of the attribute 968 * 969 * Returns 0 if it all works out, -ENOMEM if there's no memory 970 */ 971 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 972 const struct qstr *qstr, const char **name, 973 void **value, size_t *len) 974 { 975 struct inode_smack *issp = smack_inode(inode); 976 struct smack_known *skp = smk_of_current(); 977 struct smack_known *isp = smk_of_inode(inode); 978 struct smack_known *dsp = smk_of_inode(dir); 979 int may; 980 981 if (name) 982 *name = XATTR_SMACK_SUFFIX; 983 984 if (value && len) { 985 rcu_read_lock(); 986 may = smk_access_entry(skp->smk_known, dsp->smk_known, 987 &skp->smk_rules); 988 rcu_read_unlock(); 989 990 /* 991 * If the access rule allows transmutation and 992 * the directory requests transmutation then 993 * by all means transmute. 994 * Mark the inode as changed. 995 */ 996 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 997 smk_inode_transmutable(dir)) { 998 isp = dsp; 999 issp->smk_flags |= SMK_INODE_CHANGED; 1000 } 1001 1002 *value = kstrdup(isp->smk_known, GFP_NOFS); 1003 if (*value == NULL) 1004 return -ENOMEM; 1005 1006 *len = strlen(isp->smk_known); 1007 } 1008 1009 return 0; 1010 } 1011 1012 /** 1013 * smack_inode_link - Smack check on link 1014 * @old_dentry: the existing object 1015 * @dir: unused 1016 * @new_dentry: the new object 1017 * 1018 * Returns 0 if access is permitted, an error code otherwise 1019 */ 1020 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1021 struct dentry *new_dentry) 1022 { 1023 struct smack_known *isp; 1024 struct smk_audit_info ad; 1025 int rc; 1026 1027 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1028 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1029 1030 isp = smk_of_inode(d_backing_inode(old_dentry)); 1031 rc = smk_curacc(isp, MAY_WRITE, &ad); 1032 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1033 1034 if (rc == 0 && d_is_positive(new_dentry)) { 1035 isp = smk_of_inode(d_backing_inode(new_dentry)); 1036 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1037 rc = smk_curacc(isp, MAY_WRITE, &ad); 1038 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1039 } 1040 1041 return rc; 1042 } 1043 1044 /** 1045 * smack_inode_unlink - Smack check on inode deletion 1046 * @dir: containing directory object 1047 * @dentry: file to unlink 1048 * 1049 * Returns 0 if current can write the containing directory 1050 * and the object, error code otherwise 1051 */ 1052 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1053 { 1054 struct inode *ip = d_backing_inode(dentry); 1055 struct smk_audit_info ad; 1056 int rc; 1057 1058 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1059 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1060 1061 /* 1062 * You need write access to the thing you're unlinking 1063 */ 1064 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1065 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1066 if (rc == 0) { 1067 /* 1068 * You also need write access to the containing directory 1069 */ 1070 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1071 smk_ad_setfield_u_fs_inode(&ad, dir); 1072 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1073 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1074 } 1075 return rc; 1076 } 1077 1078 /** 1079 * smack_inode_rmdir - Smack check on directory deletion 1080 * @dir: containing directory object 1081 * @dentry: directory to unlink 1082 * 1083 * Returns 0 if current can write the containing directory 1084 * and the directory, error code otherwise 1085 */ 1086 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1087 { 1088 struct smk_audit_info ad; 1089 int rc; 1090 1091 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1092 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1093 1094 /* 1095 * You need write access to the thing you're removing 1096 */ 1097 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1098 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1099 if (rc == 0) { 1100 /* 1101 * You also need write access to the containing directory 1102 */ 1103 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1104 smk_ad_setfield_u_fs_inode(&ad, dir); 1105 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1106 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1107 } 1108 1109 return rc; 1110 } 1111 1112 /** 1113 * smack_inode_rename - Smack check on rename 1114 * @old_inode: unused 1115 * @old_dentry: the old object 1116 * @new_inode: unused 1117 * @new_dentry: the new object 1118 * 1119 * Read and write access is required on both the old and 1120 * new directories. 1121 * 1122 * Returns 0 if access is permitted, an error code otherwise 1123 */ 1124 static int smack_inode_rename(struct inode *old_inode, 1125 struct dentry *old_dentry, 1126 struct inode *new_inode, 1127 struct dentry *new_dentry) 1128 { 1129 int rc; 1130 struct smack_known *isp; 1131 struct smk_audit_info ad; 1132 1133 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1134 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1135 1136 isp = smk_of_inode(d_backing_inode(old_dentry)); 1137 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1138 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1139 1140 if (rc == 0 && d_is_positive(new_dentry)) { 1141 isp = smk_of_inode(d_backing_inode(new_dentry)); 1142 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1143 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1144 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1145 } 1146 return rc; 1147 } 1148 1149 /** 1150 * smack_inode_permission - Smack version of permission() 1151 * @inode: the inode in question 1152 * @mask: the access requested 1153 * 1154 * This is the important Smack hook. 1155 * 1156 * Returns 0 if access is permitted, an error code otherwise 1157 */ 1158 static int smack_inode_permission(struct inode *inode, int mask) 1159 { 1160 struct superblock_smack *sbsp = inode->i_sb->s_security; 1161 struct smk_audit_info ad; 1162 int no_block = mask & MAY_NOT_BLOCK; 1163 int rc; 1164 1165 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1166 /* 1167 * No permission to check. Existence test. Yup, it's there. 1168 */ 1169 if (mask == 0) 1170 return 0; 1171 1172 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1173 if (smk_of_inode(inode) != sbsp->smk_root) 1174 return -EACCES; 1175 } 1176 1177 /* May be droppable after audit */ 1178 if (no_block) 1179 return -ECHILD; 1180 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1181 smk_ad_setfield_u_fs_inode(&ad, inode); 1182 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1183 rc = smk_bu_inode(inode, mask, rc); 1184 return rc; 1185 } 1186 1187 /** 1188 * smack_inode_setattr - Smack check for setting attributes 1189 * @dentry: the object 1190 * @iattr: for the force flag 1191 * 1192 * Returns 0 if access is permitted, an error code otherwise 1193 */ 1194 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1195 { 1196 struct smk_audit_info ad; 1197 int rc; 1198 1199 /* 1200 * Need to allow for clearing the setuid bit. 1201 */ 1202 if (iattr->ia_valid & ATTR_FORCE) 1203 return 0; 1204 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1205 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1206 1207 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1208 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1209 return rc; 1210 } 1211 1212 /** 1213 * smack_inode_getattr - Smack check for getting attributes 1214 * @path: path to extract the info from 1215 * 1216 * Returns 0 if access is permitted, an error code otherwise 1217 */ 1218 static int smack_inode_getattr(const struct path *path) 1219 { 1220 struct smk_audit_info ad; 1221 struct inode *inode = d_backing_inode(path->dentry); 1222 int rc; 1223 1224 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1225 smk_ad_setfield_u_fs_path(&ad, *path); 1226 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1227 rc = smk_bu_inode(inode, MAY_READ, rc); 1228 return rc; 1229 } 1230 1231 /** 1232 * smack_inode_setxattr - Smack check for setting xattrs 1233 * @dentry: the object 1234 * @name: name of the attribute 1235 * @value: value of the attribute 1236 * @size: size of the value 1237 * @flags: unused 1238 * 1239 * This protects the Smack attribute explicitly. 1240 * 1241 * Returns 0 if access is permitted, an error code otherwise 1242 */ 1243 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 1244 const void *value, size_t size, int flags) 1245 { 1246 struct smk_audit_info ad; 1247 struct smack_known *skp; 1248 int check_priv = 0; 1249 int check_import = 0; 1250 int check_star = 0; 1251 int rc = 0; 1252 1253 /* 1254 * Check label validity here so import won't fail in post_setxattr 1255 */ 1256 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1257 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1258 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1259 check_priv = 1; 1260 check_import = 1; 1261 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1262 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1263 check_priv = 1; 1264 check_import = 1; 1265 check_star = 1; 1266 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1267 check_priv = 1; 1268 if (size != TRANS_TRUE_SIZE || 1269 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1270 rc = -EINVAL; 1271 } else 1272 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1273 1274 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1275 rc = -EPERM; 1276 1277 if (rc == 0 && check_import) { 1278 skp = size ? smk_import_entry(value, size) : NULL; 1279 if (IS_ERR(skp)) 1280 rc = PTR_ERR(skp); 1281 else if (skp == NULL || (check_star && 1282 (skp == &smack_known_star || skp == &smack_known_web))) 1283 rc = -EINVAL; 1284 } 1285 1286 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1287 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1288 1289 if (rc == 0) { 1290 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1291 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1292 } 1293 1294 return rc; 1295 } 1296 1297 /** 1298 * smack_inode_post_setxattr - Apply the Smack update approved above 1299 * @dentry: object 1300 * @name: attribute name 1301 * @value: attribute value 1302 * @size: attribute size 1303 * @flags: unused 1304 * 1305 * Set the pointer in the inode blob to the entry found 1306 * in the master label list. 1307 */ 1308 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1309 const void *value, size_t size, int flags) 1310 { 1311 struct smack_known *skp; 1312 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1313 1314 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1315 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1316 return; 1317 } 1318 1319 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1320 skp = smk_import_entry(value, size); 1321 if (!IS_ERR(skp)) 1322 isp->smk_inode = skp; 1323 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1324 skp = smk_import_entry(value, size); 1325 if (!IS_ERR(skp)) 1326 isp->smk_task = skp; 1327 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1328 skp = smk_import_entry(value, size); 1329 if (!IS_ERR(skp)) 1330 isp->smk_mmap = skp; 1331 } 1332 1333 return; 1334 } 1335 1336 /** 1337 * smack_inode_getxattr - Smack check on getxattr 1338 * @dentry: the object 1339 * @name: unused 1340 * 1341 * Returns 0 if access is permitted, an error code otherwise 1342 */ 1343 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1344 { 1345 struct smk_audit_info ad; 1346 int rc; 1347 1348 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1349 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1350 1351 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1352 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1353 return rc; 1354 } 1355 1356 /** 1357 * smack_inode_removexattr - Smack check on removexattr 1358 * @dentry: the object 1359 * @name: name of the attribute 1360 * 1361 * Removing the Smack attribute requires CAP_MAC_ADMIN 1362 * 1363 * Returns 0 if access is permitted, an error code otherwise 1364 */ 1365 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 1366 { 1367 struct inode_smack *isp; 1368 struct smk_audit_info ad; 1369 int rc = 0; 1370 1371 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1372 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1373 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1374 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1375 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1376 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1377 if (!smack_privileged(CAP_MAC_ADMIN)) 1378 rc = -EPERM; 1379 } else 1380 rc = cap_inode_removexattr(dentry, name); 1381 1382 if (rc != 0) 1383 return rc; 1384 1385 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1386 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1387 1388 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1389 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1390 if (rc != 0) 1391 return rc; 1392 1393 isp = smack_inode(d_backing_inode(dentry)); 1394 /* 1395 * Don't do anything special for these. 1396 * XATTR_NAME_SMACKIPIN 1397 * XATTR_NAME_SMACKIPOUT 1398 */ 1399 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1400 struct super_block *sbp = dentry->d_sb; 1401 struct superblock_smack *sbsp = sbp->s_security; 1402 1403 isp->smk_inode = sbsp->smk_default; 1404 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1405 isp->smk_task = NULL; 1406 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1407 isp->smk_mmap = NULL; 1408 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1409 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1410 1411 return 0; 1412 } 1413 1414 /** 1415 * smack_inode_getsecurity - get smack xattrs 1416 * @inode: the object 1417 * @name: attribute name 1418 * @buffer: where to put the result 1419 * @alloc: duplicate memory 1420 * 1421 * Returns the size of the attribute or an error code 1422 */ 1423 static int smack_inode_getsecurity(struct inode *inode, 1424 const char *name, void **buffer, 1425 bool alloc) 1426 { 1427 struct socket_smack *ssp; 1428 struct socket *sock; 1429 struct super_block *sbp; 1430 struct inode *ip = (struct inode *)inode; 1431 struct smack_known *isp; 1432 1433 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1434 isp = smk_of_inode(inode); 1435 else { 1436 /* 1437 * The rest of the Smack xattrs are only on sockets. 1438 */ 1439 sbp = ip->i_sb; 1440 if (sbp->s_magic != SOCKFS_MAGIC) 1441 return -EOPNOTSUPP; 1442 1443 sock = SOCKET_I(ip); 1444 if (sock == NULL || sock->sk == NULL) 1445 return -EOPNOTSUPP; 1446 1447 ssp = sock->sk->sk_security; 1448 1449 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1450 isp = ssp->smk_in; 1451 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1452 isp = ssp->smk_out; 1453 else 1454 return -EOPNOTSUPP; 1455 } 1456 1457 if (alloc) { 1458 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1459 if (*buffer == NULL) 1460 return -ENOMEM; 1461 } 1462 1463 return strlen(isp->smk_known); 1464 } 1465 1466 1467 /** 1468 * smack_inode_listsecurity - list the Smack attributes 1469 * @inode: the object 1470 * @buffer: where they go 1471 * @buffer_size: size of buffer 1472 */ 1473 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1474 size_t buffer_size) 1475 { 1476 int len = sizeof(XATTR_NAME_SMACK); 1477 1478 if (buffer != NULL && len <= buffer_size) 1479 memcpy(buffer, XATTR_NAME_SMACK, len); 1480 1481 return len; 1482 } 1483 1484 /** 1485 * smack_inode_getsecid - Extract inode's security id 1486 * @inode: inode to extract the info from 1487 * @secid: where result will be saved 1488 */ 1489 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1490 { 1491 struct smack_known *skp = smk_of_inode(inode); 1492 1493 *secid = skp->smk_secid; 1494 } 1495 1496 /* 1497 * File Hooks 1498 */ 1499 1500 /* 1501 * There is no smack_file_permission hook 1502 * 1503 * Should access checks be done on each read or write? 1504 * UNICOS and SELinux say yes. 1505 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1506 * 1507 * I'll say no for now. Smack does not do the frequent 1508 * label changing that SELinux does. 1509 */ 1510 1511 /** 1512 * smack_file_alloc_security - assign a file security blob 1513 * @file: the object 1514 * 1515 * The security blob for a file is a pointer to the master 1516 * label list, so no allocation is done. 1517 * 1518 * f_security is the owner security information. It 1519 * isn't used on file access checks, it's for send_sigio. 1520 * 1521 * Returns 0 1522 */ 1523 static int smack_file_alloc_security(struct file *file) 1524 { 1525 struct smack_known **blob = smack_file(file); 1526 1527 *blob = smk_of_current(); 1528 return 0; 1529 } 1530 1531 /** 1532 * smack_file_ioctl - Smack check on ioctls 1533 * @file: the object 1534 * @cmd: what to do 1535 * @arg: unused 1536 * 1537 * Relies heavily on the correct use of the ioctl command conventions. 1538 * 1539 * Returns 0 if allowed, error code otherwise 1540 */ 1541 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1542 unsigned long arg) 1543 { 1544 int rc = 0; 1545 struct smk_audit_info ad; 1546 struct inode *inode = file_inode(file); 1547 1548 if (unlikely(IS_PRIVATE(inode))) 1549 return 0; 1550 1551 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1552 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1553 1554 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1555 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1556 rc = smk_bu_file(file, MAY_WRITE, rc); 1557 } 1558 1559 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1560 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1561 rc = smk_bu_file(file, MAY_READ, rc); 1562 } 1563 1564 return rc; 1565 } 1566 1567 /** 1568 * smack_file_lock - Smack check on file locking 1569 * @file: the object 1570 * @cmd: unused 1571 * 1572 * Returns 0 if current has lock access, error code otherwise 1573 */ 1574 static int smack_file_lock(struct file *file, unsigned int cmd) 1575 { 1576 struct smk_audit_info ad; 1577 int rc; 1578 struct inode *inode = file_inode(file); 1579 1580 if (unlikely(IS_PRIVATE(inode))) 1581 return 0; 1582 1583 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1584 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1585 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1586 rc = smk_bu_file(file, MAY_LOCK, rc); 1587 return rc; 1588 } 1589 1590 /** 1591 * smack_file_fcntl - Smack check on fcntl 1592 * @file: the object 1593 * @cmd: what action to check 1594 * @arg: unused 1595 * 1596 * Generally these operations are harmless. 1597 * File locking operations present an obvious mechanism 1598 * for passing information, so they require write access. 1599 * 1600 * Returns 0 if current has access, error code otherwise 1601 */ 1602 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1603 unsigned long arg) 1604 { 1605 struct smk_audit_info ad; 1606 int rc = 0; 1607 struct inode *inode = file_inode(file); 1608 1609 if (unlikely(IS_PRIVATE(inode))) 1610 return 0; 1611 1612 switch (cmd) { 1613 case F_GETLK: 1614 break; 1615 case F_SETLK: 1616 case F_SETLKW: 1617 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1618 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1619 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1620 rc = smk_bu_file(file, MAY_LOCK, rc); 1621 break; 1622 case F_SETOWN: 1623 case F_SETSIG: 1624 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1625 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1626 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1627 rc = smk_bu_file(file, MAY_WRITE, rc); 1628 break; 1629 default: 1630 break; 1631 } 1632 1633 return rc; 1634 } 1635 1636 /** 1637 * smack_mmap_file : 1638 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1639 * if mapping anonymous memory. 1640 * @file contains the file structure for file to map (may be NULL). 1641 * @reqprot contains the protection requested by the application. 1642 * @prot contains the protection that will be applied by the kernel. 1643 * @flags contains the operational flags. 1644 * Return 0 if permission is granted. 1645 */ 1646 static int smack_mmap_file(struct file *file, 1647 unsigned long reqprot, unsigned long prot, 1648 unsigned long flags) 1649 { 1650 struct smack_known *skp; 1651 struct smack_known *mkp; 1652 struct smack_rule *srp; 1653 struct task_smack *tsp; 1654 struct smack_known *okp; 1655 struct inode_smack *isp; 1656 struct superblock_smack *sbsp; 1657 int may; 1658 int mmay; 1659 int tmay; 1660 int rc; 1661 1662 if (file == NULL) 1663 return 0; 1664 1665 if (unlikely(IS_PRIVATE(file_inode(file)))) 1666 return 0; 1667 1668 isp = smack_inode(file_inode(file)); 1669 if (isp->smk_mmap == NULL) 1670 return 0; 1671 sbsp = file_inode(file)->i_sb->s_security; 1672 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1673 isp->smk_mmap != sbsp->smk_root) 1674 return -EACCES; 1675 mkp = isp->smk_mmap; 1676 1677 tsp = smack_cred(current_cred()); 1678 skp = smk_of_current(); 1679 rc = 0; 1680 1681 rcu_read_lock(); 1682 /* 1683 * For each Smack rule associated with the subject 1684 * label verify that the SMACK64MMAP also has access 1685 * to that rule's object label. 1686 */ 1687 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1688 okp = srp->smk_object; 1689 /* 1690 * Matching labels always allows access. 1691 */ 1692 if (mkp->smk_known == okp->smk_known) 1693 continue; 1694 /* 1695 * If there is a matching local rule take 1696 * that into account as well. 1697 */ 1698 may = smk_access_entry(srp->smk_subject->smk_known, 1699 okp->smk_known, 1700 &tsp->smk_rules); 1701 if (may == -ENOENT) 1702 may = srp->smk_access; 1703 else 1704 may &= srp->smk_access; 1705 /* 1706 * If may is zero the SMACK64MMAP subject can't 1707 * possibly have less access. 1708 */ 1709 if (may == 0) 1710 continue; 1711 1712 /* 1713 * Fetch the global list entry. 1714 * If there isn't one a SMACK64MMAP subject 1715 * can't have as much access as current. 1716 */ 1717 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1718 &mkp->smk_rules); 1719 if (mmay == -ENOENT) { 1720 rc = -EACCES; 1721 break; 1722 } 1723 /* 1724 * If there is a local entry it modifies the 1725 * potential access, too. 1726 */ 1727 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1728 &tsp->smk_rules); 1729 if (tmay != -ENOENT) 1730 mmay &= tmay; 1731 1732 /* 1733 * If there is any access available to current that is 1734 * not available to a SMACK64MMAP subject 1735 * deny access. 1736 */ 1737 if ((may | mmay) != mmay) { 1738 rc = -EACCES; 1739 break; 1740 } 1741 } 1742 1743 rcu_read_unlock(); 1744 1745 return rc; 1746 } 1747 1748 /** 1749 * smack_file_set_fowner - set the file security blob value 1750 * @file: object in question 1751 * 1752 */ 1753 static void smack_file_set_fowner(struct file *file) 1754 { 1755 struct smack_known **blob = smack_file(file); 1756 1757 *blob = smk_of_current(); 1758 } 1759 1760 /** 1761 * smack_file_send_sigiotask - Smack on sigio 1762 * @tsk: The target task 1763 * @fown: the object the signal come from 1764 * @signum: unused 1765 * 1766 * Allow a privileged task to get signals even if it shouldn't 1767 * 1768 * Returns 0 if a subject with the object's smack could 1769 * write to the task, an error code otherwise. 1770 */ 1771 static int smack_file_send_sigiotask(struct task_struct *tsk, 1772 struct fown_struct *fown, int signum) 1773 { 1774 struct smack_known **blob; 1775 struct smack_known *skp; 1776 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1777 const struct cred *tcred; 1778 struct file *file; 1779 int rc; 1780 struct smk_audit_info ad; 1781 1782 /* 1783 * struct fown_struct is never outside the context of a struct file 1784 */ 1785 file = container_of(fown, struct file, f_owner); 1786 1787 /* we don't log here as rc can be overriden */ 1788 blob = smack_file(file); 1789 skp = *blob; 1790 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1791 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1792 1793 rcu_read_lock(); 1794 tcred = __task_cred(tsk); 1795 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1796 rc = 0; 1797 rcu_read_unlock(); 1798 1799 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1800 smk_ad_setfield_u_tsk(&ad, tsk); 1801 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1802 return rc; 1803 } 1804 1805 /** 1806 * smack_file_receive - Smack file receive check 1807 * @file: the object 1808 * 1809 * Returns 0 if current has access, error code otherwise 1810 */ 1811 static int smack_file_receive(struct file *file) 1812 { 1813 int rc; 1814 int may = 0; 1815 struct smk_audit_info ad; 1816 struct inode *inode = file_inode(file); 1817 struct socket *sock; 1818 struct task_smack *tsp; 1819 struct socket_smack *ssp; 1820 1821 if (unlikely(IS_PRIVATE(inode))) 1822 return 0; 1823 1824 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1825 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1826 1827 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1828 sock = SOCKET_I(inode); 1829 ssp = sock->sk->sk_security; 1830 tsp = smack_cred(current_cred()); 1831 /* 1832 * If the receiving process can't write to the 1833 * passed socket or if the passed socket can't 1834 * write to the receiving process don't accept 1835 * the passed socket. 1836 */ 1837 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1838 rc = smk_bu_file(file, may, rc); 1839 if (rc < 0) 1840 return rc; 1841 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1842 rc = smk_bu_file(file, may, rc); 1843 return rc; 1844 } 1845 /* 1846 * This code relies on bitmasks. 1847 */ 1848 if (file->f_mode & FMODE_READ) 1849 may = MAY_READ; 1850 if (file->f_mode & FMODE_WRITE) 1851 may |= MAY_WRITE; 1852 1853 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1854 rc = smk_bu_file(file, may, rc); 1855 return rc; 1856 } 1857 1858 /** 1859 * smack_file_open - Smack dentry open processing 1860 * @file: the object 1861 * 1862 * Set the security blob in the file structure. 1863 * Allow the open only if the task has read access. There are 1864 * many read operations (e.g. fstat) that you can do with an 1865 * fd even if you have the file open write-only. 1866 * 1867 * Returns 0 if current has access, error code otherwise 1868 */ 1869 static int smack_file_open(struct file *file) 1870 { 1871 struct task_smack *tsp = smack_cred(file->f_cred); 1872 struct inode *inode = file_inode(file); 1873 struct smk_audit_info ad; 1874 int rc; 1875 1876 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1877 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1878 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1879 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1880 1881 return rc; 1882 } 1883 1884 /* 1885 * Task hooks 1886 */ 1887 1888 /** 1889 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1890 * @cred: the new credentials 1891 * @gfp: the atomicity of any memory allocations 1892 * 1893 * Prepare a blank set of credentials for modification. This must allocate all 1894 * the memory the LSM module might require such that cred_transfer() can 1895 * complete without error. 1896 */ 1897 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1898 { 1899 init_task_smack(smack_cred(cred), NULL, NULL); 1900 return 0; 1901 } 1902 1903 1904 /** 1905 * smack_cred_free - "free" task-level security credentials 1906 * @cred: the credentials in question 1907 * 1908 */ 1909 static void smack_cred_free(struct cred *cred) 1910 { 1911 struct task_smack *tsp = smack_cred(cred); 1912 struct smack_rule *rp; 1913 struct list_head *l; 1914 struct list_head *n; 1915 1916 smk_destroy_label_list(&tsp->smk_relabel); 1917 1918 list_for_each_safe(l, n, &tsp->smk_rules) { 1919 rp = list_entry(l, struct smack_rule, list); 1920 list_del(&rp->list); 1921 kmem_cache_free(smack_rule_cache, rp); 1922 } 1923 } 1924 1925 /** 1926 * smack_cred_prepare - prepare new set of credentials for modification 1927 * @new: the new credentials 1928 * @old: the original credentials 1929 * @gfp: the atomicity of any memory allocations 1930 * 1931 * Prepare a new set of credentials for modification. 1932 */ 1933 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1934 gfp_t gfp) 1935 { 1936 struct task_smack *old_tsp = smack_cred(old); 1937 struct task_smack *new_tsp = smack_cred(new); 1938 int rc; 1939 1940 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1941 1942 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1943 if (rc != 0) 1944 return rc; 1945 1946 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1947 gfp); 1948 return rc; 1949 } 1950 1951 /** 1952 * smack_cred_transfer - Transfer the old credentials to the new credentials 1953 * @new: the new credentials 1954 * @old: the original credentials 1955 * 1956 * Fill in a set of blank credentials from another set of credentials. 1957 */ 1958 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1959 { 1960 struct task_smack *old_tsp = smack_cred(old); 1961 struct task_smack *new_tsp = smack_cred(new); 1962 1963 new_tsp->smk_task = old_tsp->smk_task; 1964 new_tsp->smk_forked = old_tsp->smk_task; 1965 mutex_init(&new_tsp->smk_rules_lock); 1966 INIT_LIST_HEAD(&new_tsp->smk_rules); 1967 1968 /* cbs copy rule list */ 1969 } 1970 1971 /** 1972 * smack_cred_getsecid - get the secid corresponding to a creds structure 1973 * @cred: the object creds 1974 * @secid: where to put the result 1975 * 1976 * Sets the secid to contain a u32 version of the smack label. 1977 */ 1978 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 1979 { 1980 struct smack_known *skp; 1981 1982 rcu_read_lock(); 1983 skp = smk_of_task(smack_cred(cred)); 1984 *secid = skp->smk_secid; 1985 rcu_read_unlock(); 1986 } 1987 1988 /** 1989 * smack_kernel_act_as - Set the subjective context in a set of credentials 1990 * @new: points to the set of credentials to be modified. 1991 * @secid: specifies the security ID to be set 1992 * 1993 * Set the security data for a kernel service. 1994 */ 1995 static int smack_kernel_act_as(struct cred *new, u32 secid) 1996 { 1997 struct task_smack *new_tsp = smack_cred(new); 1998 1999 new_tsp->smk_task = smack_from_secid(secid); 2000 return 0; 2001 } 2002 2003 /** 2004 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2005 * @new: points to the set of credentials to be modified 2006 * @inode: points to the inode to use as a reference 2007 * 2008 * Set the file creation context in a set of credentials to the same 2009 * as the objective context of the specified inode 2010 */ 2011 static int smack_kernel_create_files_as(struct cred *new, 2012 struct inode *inode) 2013 { 2014 struct inode_smack *isp = smack_inode(inode); 2015 struct task_smack *tsp = smack_cred(new); 2016 2017 tsp->smk_forked = isp->smk_inode; 2018 tsp->smk_task = tsp->smk_forked; 2019 return 0; 2020 } 2021 2022 /** 2023 * smk_curacc_on_task - helper to log task related access 2024 * @p: the task object 2025 * @access: the access requested 2026 * @caller: name of the calling function for audit 2027 * 2028 * Return 0 if access is permitted 2029 */ 2030 static int smk_curacc_on_task(struct task_struct *p, int access, 2031 const char *caller) 2032 { 2033 struct smk_audit_info ad; 2034 struct smack_known *skp = smk_of_task_struct(p); 2035 int rc; 2036 2037 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2038 smk_ad_setfield_u_tsk(&ad, p); 2039 rc = smk_curacc(skp, access, &ad); 2040 rc = smk_bu_task(p, access, rc); 2041 return rc; 2042 } 2043 2044 /** 2045 * smack_task_setpgid - Smack check on setting pgid 2046 * @p: the task object 2047 * @pgid: unused 2048 * 2049 * Return 0 if write access is permitted 2050 */ 2051 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2052 { 2053 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2054 } 2055 2056 /** 2057 * smack_task_getpgid - Smack access check for getpgid 2058 * @p: the object task 2059 * 2060 * Returns 0 if current can read the object task, error code otherwise 2061 */ 2062 static int smack_task_getpgid(struct task_struct *p) 2063 { 2064 return smk_curacc_on_task(p, MAY_READ, __func__); 2065 } 2066 2067 /** 2068 * smack_task_getsid - Smack access check for getsid 2069 * @p: the object task 2070 * 2071 * Returns 0 if current can read the object task, error code otherwise 2072 */ 2073 static int smack_task_getsid(struct task_struct *p) 2074 { 2075 return smk_curacc_on_task(p, MAY_READ, __func__); 2076 } 2077 2078 /** 2079 * smack_task_getsecid - get the secid of the task 2080 * @p: the object task 2081 * @secid: where to put the result 2082 * 2083 * Sets the secid to contain a u32 version of the smack label. 2084 */ 2085 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 2086 { 2087 struct smack_known *skp = smk_of_task_struct(p); 2088 2089 *secid = skp->smk_secid; 2090 } 2091 2092 /** 2093 * smack_task_setnice - Smack check on setting nice 2094 * @p: the task object 2095 * @nice: unused 2096 * 2097 * Return 0 if write access is permitted 2098 */ 2099 static int smack_task_setnice(struct task_struct *p, int nice) 2100 { 2101 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2102 } 2103 2104 /** 2105 * smack_task_setioprio - Smack check on setting ioprio 2106 * @p: the task object 2107 * @ioprio: unused 2108 * 2109 * Return 0 if write access is permitted 2110 */ 2111 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2112 { 2113 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2114 } 2115 2116 /** 2117 * smack_task_getioprio - Smack check on reading ioprio 2118 * @p: the task object 2119 * 2120 * Return 0 if read access is permitted 2121 */ 2122 static int smack_task_getioprio(struct task_struct *p) 2123 { 2124 return smk_curacc_on_task(p, MAY_READ, __func__); 2125 } 2126 2127 /** 2128 * smack_task_setscheduler - Smack check on setting scheduler 2129 * @p: the task object 2130 * 2131 * Return 0 if read access is permitted 2132 */ 2133 static int smack_task_setscheduler(struct task_struct *p) 2134 { 2135 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2136 } 2137 2138 /** 2139 * smack_task_getscheduler - Smack check on reading scheduler 2140 * @p: the task object 2141 * 2142 * Return 0 if read access is permitted 2143 */ 2144 static int smack_task_getscheduler(struct task_struct *p) 2145 { 2146 return smk_curacc_on_task(p, MAY_READ, __func__); 2147 } 2148 2149 /** 2150 * smack_task_movememory - Smack check on moving memory 2151 * @p: the task object 2152 * 2153 * Return 0 if write access is permitted 2154 */ 2155 static int smack_task_movememory(struct task_struct *p) 2156 { 2157 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2158 } 2159 2160 /** 2161 * smack_task_kill - Smack check on signal delivery 2162 * @p: the task object 2163 * @info: unused 2164 * @sig: unused 2165 * @cred: identifies the cred to use in lieu of current's 2166 * 2167 * Return 0 if write access is permitted 2168 * 2169 */ 2170 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2171 int sig, const struct cred *cred) 2172 { 2173 struct smk_audit_info ad; 2174 struct smack_known *skp; 2175 struct smack_known *tkp = smk_of_task_struct(p); 2176 int rc; 2177 2178 if (!sig) 2179 return 0; /* null signal; existence test */ 2180 2181 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2182 smk_ad_setfield_u_tsk(&ad, p); 2183 /* 2184 * Sending a signal requires that the sender 2185 * can write the receiver. 2186 */ 2187 if (cred == NULL) { 2188 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2189 rc = smk_bu_task(p, MAY_DELIVER, rc); 2190 return rc; 2191 } 2192 /* 2193 * If the cred isn't NULL we're dealing with some USB IO 2194 * specific behavior. This is not clean. For one thing 2195 * we can't take privilege into account. 2196 */ 2197 skp = smk_of_task(smack_cred(cred)); 2198 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2199 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2200 return rc; 2201 } 2202 2203 /** 2204 * smack_task_to_inode - copy task smack into the inode blob 2205 * @p: task to copy from 2206 * @inode: inode to copy to 2207 * 2208 * Sets the smack pointer in the inode security blob 2209 */ 2210 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2211 { 2212 struct inode_smack *isp = smack_inode(inode); 2213 struct smack_known *skp = smk_of_task_struct(p); 2214 2215 isp->smk_inode = skp; 2216 isp->smk_flags |= SMK_INODE_INSTANT; 2217 } 2218 2219 /* 2220 * Socket hooks. 2221 */ 2222 2223 /** 2224 * smack_sk_alloc_security - Allocate a socket blob 2225 * @sk: the socket 2226 * @family: unused 2227 * @gfp_flags: memory allocation flags 2228 * 2229 * Assign Smack pointers to current 2230 * 2231 * Returns 0 on success, -ENOMEM is there's no memory 2232 */ 2233 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2234 { 2235 struct smack_known *skp = smk_of_current(); 2236 struct socket_smack *ssp; 2237 2238 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2239 if (ssp == NULL) 2240 return -ENOMEM; 2241 2242 /* 2243 * Sockets created by kernel threads receive web label. 2244 */ 2245 if (unlikely(current->flags & PF_KTHREAD)) { 2246 ssp->smk_in = &smack_known_web; 2247 ssp->smk_out = &smack_known_web; 2248 } else { 2249 ssp->smk_in = skp; 2250 ssp->smk_out = skp; 2251 } 2252 ssp->smk_packet = NULL; 2253 2254 sk->sk_security = ssp; 2255 2256 return 0; 2257 } 2258 2259 /** 2260 * smack_sk_free_security - Free a socket blob 2261 * @sk: the socket 2262 * 2263 * Clears the blob pointer 2264 */ 2265 static void smack_sk_free_security(struct sock *sk) 2266 { 2267 #ifdef SMACK_IPV6_PORT_LABELING 2268 struct smk_port_label *spp; 2269 2270 if (sk->sk_family == PF_INET6) { 2271 rcu_read_lock(); 2272 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2273 if (spp->smk_sock != sk) 2274 continue; 2275 spp->smk_can_reuse = 1; 2276 break; 2277 } 2278 rcu_read_unlock(); 2279 } 2280 #endif 2281 kfree(sk->sk_security); 2282 } 2283 2284 /** 2285 * smack_ipv4host_label - check host based restrictions 2286 * @sip: the object end 2287 * 2288 * looks for host based access restrictions 2289 * 2290 * This version will only be appropriate for really small sets of single label 2291 * hosts. The caller is responsible for ensuring that the RCU read lock is 2292 * taken before calling this function. 2293 * 2294 * Returns the label of the far end or NULL if it's not special. 2295 */ 2296 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2297 { 2298 struct smk_net4addr *snp; 2299 struct in_addr *siap = &sip->sin_addr; 2300 2301 if (siap->s_addr == 0) 2302 return NULL; 2303 2304 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2305 /* 2306 * we break after finding the first match because 2307 * the list is sorted from longest to shortest mask 2308 * so we have found the most specific match 2309 */ 2310 if (snp->smk_host.s_addr == 2311 (siap->s_addr & snp->smk_mask.s_addr)) 2312 return snp->smk_label; 2313 2314 return NULL; 2315 } 2316 2317 /* 2318 * smk_ipv6_localhost - Check for local ipv6 host address 2319 * @sip: the address 2320 * 2321 * Returns boolean true if this is the localhost address 2322 */ 2323 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2324 { 2325 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2326 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2327 2328 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2329 ntohs(be16p[7]) == 1) 2330 return true; 2331 return false; 2332 } 2333 2334 /** 2335 * smack_ipv6host_label - check host based restrictions 2336 * @sip: the object end 2337 * 2338 * looks for host based access restrictions 2339 * 2340 * This version will only be appropriate for really small sets of single label 2341 * hosts. The caller is responsible for ensuring that the RCU read lock is 2342 * taken before calling this function. 2343 * 2344 * Returns the label of the far end or NULL if it's not special. 2345 */ 2346 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2347 { 2348 struct smk_net6addr *snp; 2349 struct in6_addr *sap = &sip->sin6_addr; 2350 int i; 2351 int found = 0; 2352 2353 /* 2354 * It's local. Don't look for a host label. 2355 */ 2356 if (smk_ipv6_localhost(sip)) 2357 return NULL; 2358 2359 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2360 /* 2361 * If the label is NULL the entry has 2362 * been renounced. Ignore it. 2363 */ 2364 if (snp->smk_label == NULL) 2365 continue; 2366 /* 2367 * we break after finding the first match because 2368 * the list is sorted from longest to shortest mask 2369 * so we have found the most specific match 2370 */ 2371 for (found = 1, i = 0; i < 8; i++) { 2372 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2373 snp->smk_host.s6_addr16[i]) { 2374 found = 0; 2375 break; 2376 } 2377 } 2378 if (found) 2379 return snp->smk_label; 2380 } 2381 2382 return NULL; 2383 } 2384 2385 /** 2386 * smack_netlabel - Set the secattr on a socket 2387 * @sk: the socket 2388 * @labeled: socket label scheme 2389 * 2390 * Convert the outbound smack value (smk_out) to a 2391 * secattr and attach it to the socket. 2392 * 2393 * Returns 0 on success or an error code 2394 */ 2395 static int smack_netlabel(struct sock *sk, int labeled) 2396 { 2397 struct smack_known *skp; 2398 struct socket_smack *ssp = sk->sk_security; 2399 int rc = 0; 2400 2401 /* 2402 * Usually the netlabel code will handle changing the 2403 * packet labeling based on the label. 2404 * The case of a single label host is different, because 2405 * a single label host should never get a labeled packet 2406 * even though the label is usually associated with a packet 2407 * label. 2408 */ 2409 local_bh_disable(); 2410 bh_lock_sock_nested(sk); 2411 2412 if (ssp->smk_out == smack_net_ambient || 2413 labeled == SMACK_UNLABELED_SOCKET) 2414 netlbl_sock_delattr(sk); 2415 else { 2416 skp = ssp->smk_out; 2417 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2418 } 2419 2420 bh_unlock_sock(sk); 2421 local_bh_enable(); 2422 2423 return rc; 2424 } 2425 2426 /** 2427 * smack_netlbel_send - Set the secattr on a socket and perform access checks 2428 * @sk: the socket 2429 * @sap: the destination address 2430 * 2431 * Set the correct secattr for the given socket based on the destination 2432 * address and perform any outbound access checks needed. 2433 * 2434 * Returns 0 on success or an error code. 2435 * 2436 */ 2437 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) 2438 { 2439 struct smack_known *skp; 2440 int rc; 2441 int sk_lbl; 2442 struct smack_known *hkp; 2443 struct socket_smack *ssp = sk->sk_security; 2444 struct smk_audit_info ad; 2445 2446 rcu_read_lock(); 2447 hkp = smack_ipv4host_label(sap); 2448 if (hkp != NULL) { 2449 #ifdef CONFIG_AUDIT 2450 struct lsm_network_audit net; 2451 2452 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2453 ad.a.u.net->family = sap->sin_family; 2454 ad.a.u.net->dport = sap->sin_port; 2455 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2456 #endif 2457 sk_lbl = SMACK_UNLABELED_SOCKET; 2458 skp = ssp->smk_out; 2459 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2460 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2461 } else { 2462 sk_lbl = SMACK_CIPSO_SOCKET; 2463 rc = 0; 2464 } 2465 rcu_read_unlock(); 2466 if (rc != 0) 2467 return rc; 2468 2469 return smack_netlabel(sk, sk_lbl); 2470 } 2471 2472 /** 2473 * smk_ipv6_check - check Smack access 2474 * @subject: subject Smack label 2475 * @object: object Smack label 2476 * @address: address 2477 * @act: the action being taken 2478 * 2479 * Check an IPv6 access 2480 */ 2481 static int smk_ipv6_check(struct smack_known *subject, 2482 struct smack_known *object, 2483 struct sockaddr_in6 *address, int act) 2484 { 2485 #ifdef CONFIG_AUDIT 2486 struct lsm_network_audit net; 2487 #endif 2488 struct smk_audit_info ad; 2489 int rc; 2490 2491 #ifdef CONFIG_AUDIT 2492 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2493 ad.a.u.net->family = PF_INET6; 2494 ad.a.u.net->dport = ntohs(address->sin6_port); 2495 if (act == SMK_RECEIVING) 2496 ad.a.u.net->v6info.saddr = address->sin6_addr; 2497 else 2498 ad.a.u.net->v6info.daddr = address->sin6_addr; 2499 #endif 2500 rc = smk_access(subject, object, MAY_WRITE, &ad); 2501 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2502 return rc; 2503 } 2504 2505 #ifdef SMACK_IPV6_PORT_LABELING 2506 /** 2507 * smk_ipv6_port_label - Smack port access table management 2508 * @sock: socket 2509 * @address: address 2510 * 2511 * Create or update the port list entry 2512 */ 2513 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2514 { 2515 struct sock *sk = sock->sk; 2516 struct sockaddr_in6 *addr6; 2517 struct socket_smack *ssp = sock->sk->sk_security; 2518 struct smk_port_label *spp; 2519 unsigned short port = 0; 2520 2521 if (address == NULL) { 2522 /* 2523 * This operation is changing the Smack information 2524 * on the bound socket. Take the changes to the port 2525 * as well. 2526 */ 2527 rcu_read_lock(); 2528 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2529 if (sk != spp->smk_sock) 2530 continue; 2531 spp->smk_in = ssp->smk_in; 2532 spp->smk_out = ssp->smk_out; 2533 rcu_read_unlock(); 2534 return; 2535 } 2536 /* 2537 * A NULL address is only used for updating existing 2538 * bound entries. If there isn't one, it's OK. 2539 */ 2540 rcu_read_unlock(); 2541 return; 2542 } 2543 2544 addr6 = (struct sockaddr_in6 *)address; 2545 port = ntohs(addr6->sin6_port); 2546 /* 2547 * This is a special case that is safely ignored. 2548 */ 2549 if (port == 0) 2550 return; 2551 2552 /* 2553 * Look for an existing port list entry. 2554 * This is an indication that a port is getting reused. 2555 */ 2556 rcu_read_lock(); 2557 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2558 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2559 continue; 2560 if (spp->smk_can_reuse != 1) { 2561 rcu_read_unlock(); 2562 return; 2563 } 2564 spp->smk_port = port; 2565 spp->smk_sock = sk; 2566 spp->smk_in = ssp->smk_in; 2567 spp->smk_out = ssp->smk_out; 2568 spp->smk_can_reuse = 0; 2569 rcu_read_unlock(); 2570 return; 2571 } 2572 rcu_read_unlock(); 2573 /* 2574 * A new port entry is required. 2575 */ 2576 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2577 if (spp == NULL) 2578 return; 2579 2580 spp->smk_port = port; 2581 spp->smk_sock = sk; 2582 spp->smk_in = ssp->smk_in; 2583 spp->smk_out = ssp->smk_out; 2584 spp->smk_sock_type = sock->type; 2585 spp->smk_can_reuse = 0; 2586 2587 mutex_lock(&smack_ipv6_lock); 2588 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2589 mutex_unlock(&smack_ipv6_lock); 2590 return; 2591 } 2592 #endif 2593 2594 /** 2595 * smk_ipv6_port_check - check Smack port access 2596 * @sk: socket 2597 * @address: address 2598 * @act: the action being taken 2599 * 2600 * Create or update the port list entry 2601 */ 2602 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2603 int act) 2604 { 2605 struct smk_port_label *spp; 2606 struct socket_smack *ssp = sk->sk_security; 2607 struct smack_known *skp = NULL; 2608 unsigned short port; 2609 struct smack_known *object; 2610 2611 if (act == SMK_RECEIVING) { 2612 skp = smack_ipv6host_label(address); 2613 object = ssp->smk_in; 2614 } else { 2615 skp = ssp->smk_out; 2616 object = smack_ipv6host_label(address); 2617 } 2618 2619 /* 2620 * The other end is a single label host. 2621 */ 2622 if (skp != NULL && object != NULL) 2623 return smk_ipv6_check(skp, object, address, act); 2624 if (skp == NULL) 2625 skp = smack_net_ambient; 2626 if (object == NULL) 2627 object = smack_net_ambient; 2628 2629 /* 2630 * It's remote, so port lookup does no good. 2631 */ 2632 if (!smk_ipv6_localhost(address)) 2633 return smk_ipv6_check(skp, object, address, act); 2634 2635 /* 2636 * It's local so the send check has to have passed. 2637 */ 2638 if (act == SMK_RECEIVING) 2639 return 0; 2640 2641 port = ntohs(address->sin6_port); 2642 rcu_read_lock(); 2643 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2644 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2645 continue; 2646 object = spp->smk_in; 2647 if (act == SMK_CONNECTING) 2648 ssp->smk_packet = spp->smk_out; 2649 break; 2650 } 2651 rcu_read_unlock(); 2652 2653 return smk_ipv6_check(skp, object, address, act); 2654 } 2655 2656 /** 2657 * smack_inode_setsecurity - set smack xattrs 2658 * @inode: the object 2659 * @name: attribute name 2660 * @value: attribute value 2661 * @size: size of the attribute 2662 * @flags: unused 2663 * 2664 * Sets the named attribute in the appropriate blob 2665 * 2666 * Returns 0 on success, or an error code 2667 */ 2668 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2669 const void *value, size_t size, int flags) 2670 { 2671 struct smack_known *skp; 2672 struct inode_smack *nsp = smack_inode(inode); 2673 struct socket_smack *ssp; 2674 struct socket *sock; 2675 int rc = 0; 2676 2677 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2678 return -EINVAL; 2679 2680 skp = smk_import_entry(value, size); 2681 if (IS_ERR(skp)) 2682 return PTR_ERR(skp); 2683 2684 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2685 nsp->smk_inode = skp; 2686 nsp->smk_flags |= SMK_INODE_INSTANT; 2687 return 0; 2688 } 2689 /* 2690 * The rest of the Smack xattrs are only on sockets. 2691 */ 2692 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2693 return -EOPNOTSUPP; 2694 2695 sock = SOCKET_I(inode); 2696 if (sock == NULL || sock->sk == NULL) 2697 return -EOPNOTSUPP; 2698 2699 ssp = sock->sk->sk_security; 2700 2701 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2702 ssp->smk_in = skp; 2703 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2704 ssp->smk_out = skp; 2705 if (sock->sk->sk_family == PF_INET) { 2706 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2707 if (rc != 0) 2708 printk(KERN_WARNING 2709 "Smack: \"%s\" netlbl error %d.\n", 2710 __func__, -rc); 2711 } 2712 } else 2713 return -EOPNOTSUPP; 2714 2715 #ifdef SMACK_IPV6_PORT_LABELING 2716 if (sock->sk->sk_family == PF_INET6) 2717 smk_ipv6_port_label(sock, NULL); 2718 #endif 2719 2720 return 0; 2721 } 2722 2723 /** 2724 * smack_socket_post_create - finish socket setup 2725 * @sock: the socket 2726 * @family: protocol family 2727 * @type: unused 2728 * @protocol: unused 2729 * @kern: unused 2730 * 2731 * Sets the netlabel information on the socket 2732 * 2733 * Returns 0 on success, and error code otherwise 2734 */ 2735 static int smack_socket_post_create(struct socket *sock, int family, 2736 int type, int protocol, int kern) 2737 { 2738 struct socket_smack *ssp; 2739 2740 if (sock->sk == NULL) 2741 return 0; 2742 2743 /* 2744 * Sockets created by kernel threads receive web label. 2745 */ 2746 if (unlikely(current->flags & PF_KTHREAD)) { 2747 ssp = sock->sk->sk_security; 2748 ssp->smk_in = &smack_known_web; 2749 ssp->smk_out = &smack_known_web; 2750 } 2751 2752 if (family != PF_INET) 2753 return 0; 2754 /* 2755 * Set the outbound netlbl. 2756 */ 2757 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2758 } 2759 2760 /** 2761 * smack_socket_socketpair - create socket pair 2762 * @socka: one socket 2763 * @sockb: another socket 2764 * 2765 * Cross reference the peer labels for SO_PEERSEC 2766 * 2767 * Returns 0 2768 */ 2769 static int smack_socket_socketpair(struct socket *socka, 2770 struct socket *sockb) 2771 { 2772 struct socket_smack *asp = socka->sk->sk_security; 2773 struct socket_smack *bsp = sockb->sk->sk_security; 2774 2775 asp->smk_packet = bsp->smk_out; 2776 bsp->smk_packet = asp->smk_out; 2777 2778 return 0; 2779 } 2780 2781 #ifdef SMACK_IPV6_PORT_LABELING 2782 /** 2783 * smack_socket_bind - record port binding information. 2784 * @sock: the socket 2785 * @address: the port address 2786 * @addrlen: size of the address 2787 * 2788 * Records the label bound to a port. 2789 * 2790 * Returns 0 on success, and error code otherwise 2791 */ 2792 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2793 int addrlen) 2794 { 2795 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2796 if (addrlen < SIN6_LEN_RFC2133 || 2797 address->sa_family != AF_INET6) 2798 return -EINVAL; 2799 smk_ipv6_port_label(sock, address); 2800 } 2801 return 0; 2802 } 2803 #endif /* SMACK_IPV6_PORT_LABELING */ 2804 2805 /** 2806 * smack_socket_connect - connect access check 2807 * @sock: the socket 2808 * @sap: the other end 2809 * @addrlen: size of sap 2810 * 2811 * Verifies that a connection may be possible 2812 * 2813 * Returns 0 on success, and error code otherwise 2814 */ 2815 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2816 int addrlen) 2817 { 2818 int rc = 0; 2819 2820 if (sock->sk == NULL) 2821 return 0; 2822 if (sock->sk->sk_family != PF_INET && 2823 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2824 return 0; 2825 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2826 return 0; 2827 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2828 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2829 struct smack_known *rsp = NULL; 2830 2831 if (addrlen < SIN6_LEN_RFC2133) 2832 return 0; 2833 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2834 rsp = smack_ipv6host_label(sip); 2835 if (rsp != NULL) { 2836 struct socket_smack *ssp = sock->sk->sk_security; 2837 2838 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2839 SMK_CONNECTING); 2840 } 2841 if (__is_defined(SMACK_IPV6_PORT_LABELING)) 2842 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2843 2844 return rc; 2845 } 2846 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2847 return 0; 2848 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); 2849 return rc; 2850 } 2851 2852 /** 2853 * smack_flags_to_may - convert S_ to MAY_ values 2854 * @flags: the S_ value 2855 * 2856 * Returns the equivalent MAY_ value 2857 */ 2858 static int smack_flags_to_may(int flags) 2859 { 2860 int may = 0; 2861 2862 if (flags & S_IRUGO) 2863 may |= MAY_READ; 2864 if (flags & S_IWUGO) 2865 may |= MAY_WRITE; 2866 if (flags & S_IXUGO) 2867 may |= MAY_EXEC; 2868 2869 return may; 2870 } 2871 2872 /** 2873 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2874 * @msg: the object 2875 * 2876 * Returns 0 2877 */ 2878 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2879 { 2880 struct smack_known **blob = smack_msg_msg(msg); 2881 2882 *blob = smk_of_current(); 2883 return 0; 2884 } 2885 2886 /** 2887 * smack_of_ipc - the smack pointer for the ipc 2888 * @isp: the object 2889 * 2890 * Returns a pointer to the smack value 2891 */ 2892 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2893 { 2894 struct smack_known **blob = smack_ipc(isp); 2895 2896 return *blob; 2897 } 2898 2899 /** 2900 * smack_ipc_alloc_security - Set the security blob for ipc 2901 * @isp: the object 2902 * 2903 * Returns 0 2904 */ 2905 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 2906 { 2907 struct smack_known **blob = smack_ipc(isp); 2908 2909 *blob = smk_of_current(); 2910 return 0; 2911 } 2912 2913 /** 2914 * smk_curacc_shm : check if current has access on shm 2915 * @isp : the object 2916 * @access : access requested 2917 * 2918 * Returns 0 if current has the requested access, error code otherwise 2919 */ 2920 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 2921 { 2922 struct smack_known *ssp = smack_of_ipc(isp); 2923 struct smk_audit_info ad; 2924 int rc; 2925 2926 #ifdef CONFIG_AUDIT 2927 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2928 ad.a.u.ipc_id = isp->id; 2929 #endif 2930 rc = smk_curacc(ssp, access, &ad); 2931 rc = smk_bu_current("shm", ssp, access, rc); 2932 return rc; 2933 } 2934 2935 /** 2936 * smack_shm_associate - Smack access check for shm 2937 * @isp: the object 2938 * @shmflg: access requested 2939 * 2940 * Returns 0 if current has the requested access, error code otherwise 2941 */ 2942 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 2943 { 2944 int may; 2945 2946 may = smack_flags_to_may(shmflg); 2947 return smk_curacc_shm(isp, may); 2948 } 2949 2950 /** 2951 * smack_shm_shmctl - Smack access check for shm 2952 * @isp: the object 2953 * @cmd: what it wants to do 2954 * 2955 * Returns 0 if current has the requested access, error code otherwise 2956 */ 2957 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 2958 { 2959 int may; 2960 2961 switch (cmd) { 2962 case IPC_STAT: 2963 case SHM_STAT: 2964 case SHM_STAT_ANY: 2965 may = MAY_READ; 2966 break; 2967 case IPC_SET: 2968 case SHM_LOCK: 2969 case SHM_UNLOCK: 2970 case IPC_RMID: 2971 may = MAY_READWRITE; 2972 break; 2973 case IPC_INFO: 2974 case SHM_INFO: 2975 /* 2976 * System level information. 2977 */ 2978 return 0; 2979 default: 2980 return -EINVAL; 2981 } 2982 return smk_curacc_shm(isp, may); 2983 } 2984 2985 /** 2986 * smack_shm_shmat - Smack access for shmat 2987 * @isp: the object 2988 * @shmaddr: unused 2989 * @shmflg: access requested 2990 * 2991 * Returns 0 if current has the requested access, error code otherwise 2992 */ 2993 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 2994 int shmflg) 2995 { 2996 int may; 2997 2998 may = smack_flags_to_may(shmflg); 2999 return smk_curacc_shm(isp, may); 3000 } 3001 3002 /** 3003 * smk_curacc_sem : check if current has access on sem 3004 * @isp : the object 3005 * @access : access requested 3006 * 3007 * Returns 0 if current has the requested access, error code otherwise 3008 */ 3009 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3010 { 3011 struct smack_known *ssp = smack_of_ipc(isp); 3012 struct smk_audit_info ad; 3013 int rc; 3014 3015 #ifdef CONFIG_AUDIT 3016 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3017 ad.a.u.ipc_id = isp->id; 3018 #endif 3019 rc = smk_curacc(ssp, access, &ad); 3020 rc = smk_bu_current("sem", ssp, access, rc); 3021 return rc; 3022 } 3023 3024 /** 3025 * smack_sem_associate - Smack access check for sem 3026 * @isp: the object 3027 * @semflg: access requested 3028 * 3029 * Returns 0 if current has the requested access, error code otherwise 3030 */ 3031 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3032 { 3033 int may; 3034 3035 may = smack_flags_to_may(semflg); 3036 return smk_curacc_sem(isp, may); 3037 } 3038 3039 /** 3040 * smack_sem_shmctl - Smack access check for sem 3041 * @isp: the object 3042 * @cmd: what it wants to do 3043 * 3044 * Returns 0 if current has the requested access, error code otherwise 3045 */ 3046 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3047 { 3048 int may; 3049 3050 switch (cmd) { 3051 case GETPID: 3052 case GETNCNT: 3053 case GETZCNT: 3054 case GETVAL: 3055 case GETALL: 3056 case IPC_STAT: 3057 case SEM_STAT: 3058 case SEM_STAT_ANY: 3059 may = MAY_READ; 3060 break; 3061 case SETVAL: 3062 case SETALL: 3063 case IPC_RMID: 3064 case IPC_SET: 3065 may = MAY_READWRITE; 3066 break; 3067 case IPC_INFO: 3068 case SEM_INFO: 3069 /* 3070 * System level information 3071 */ 3072 return 0; 3073 default: 3074 return -EINVAL; 3075 } 3076 3077 return smk_curacc_sem(isp, may); 3078 } 3079 3080 /** 3081 * smack_sem_semop - Smack checks of semaphore operations 3082 * @isp: the object 3083 * @sops: unused 3084 * @nsops: unused 3085 * @alter: unused 3086 * 3087 * Treated as read and write in all cases. 3088 * 3089 * Returns 0 if access is allowed, error code otherwise 3090 */ 3091 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3092 unsigned nsops, int alter) 3093 { 3094 return smk_curacc_sem(isp, MAY_READWRITE); 3095 } 3096 3097 /** 3098 * smk_curacc_msq : helper to check if current has access on msq 3099 * @isp : the msq 3100 * @access : access requested 3101 * 3102 * return 0 if current has access, error otherwise 3103 */ 3104 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3105 { 3106 struct smack_known *msp = smack_of_ipc(isp); 3107 struct smk_audit_info ad; 3108 int rc; 3109 3110 #ifdef CONFIG_AUDIT 3111 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3112 ad.a.u.ipc_id = isp->id; 3113 #endif 3114 rc = smk_curacc(msp, access, &ad); 3115 rc = smk_bu_current("msq", msp, access, rc); 3116 return rc; 3117 } 3118 3119 /** 3120 * smack_msg_queue_associate - Smack access check for msg_queue 3121 * @isp: the object 3122 * @msqflg: access requested 3123 * 3124 * Returns 0 if current has the requested access, error code otherwise 3125 */ 3126 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3127 { 3128 int may; 3129 3130 may = smack_flags_to_may(msqflg); 3131 return smk_curacc_msq(isp, may); 3132 } 3133 3134 /** 3135 * smack_msg_queue_msgctl - Smack access check for msg_queue 3136 * @isp: the object 3137 * @cmd: what it wants to do 3138 * 3139 * Returns 0 if current has the requested access, error code otherwise 3140 */ 3141 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3142 { 3143 int may; 3144 3145 switch (cmd) { 3146 case IPC_STAT: 3147 case MSG_STAT: 3148 case MSG_STAT_ANY: 3149 may = MAY_READ; 3150 break; 3151 case IPC_SET: 3152 case IPC_RMID: 3153 may = MAY_READWRITE; 3154 break; 3155 case IPC_INFO: 3156 case MSG_INFO: 3157 /* 3158 * System level information 3159 */ 3160 return 0; 3161 default: 3162 return -EINVAL; 3163 } 3164 3165 return smk_curacc_msq(isp, may); 3166 } 3167 3168 /** 3169 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3170 * @isp: the object 3171 * @msg: unused 3172 * @msqflg: access requested 3173 * 3174 * Returns 0 if current has the requested access, error code otherwise 3175 */ 3176 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3177 int msqflg) 3178 { 3179 int may; 3180 3181 may = smack_flags_to_may(msqflg); 3182 return smk_curacc_msq(isp, may); 3183 } 3184 3185 /** 3186 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3187 * @isp: the object 3188 * @msg: unused 3189 * @target: unused 3190 * @type: unused 3191 * @mode: unused 3192 * 3193 * Returns 0 if current has read and write access, error code otherwise 3194 */ 3195 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg, 3196 struct task_struct *target, long type, int mode) 3197 { 3198 return smk_curacc_msq(isp, MAY_READWRITE); 3199 } 3200 3201 /** 3202 * smack_ipc_permission - Smack access for ipc_permission() 3203 * @ipp: the object permissions 3204 * @flag: access requested 3205 * 3206 * Returns 0 if current has read and write access, error code otherwise 3207 */ 3208 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3209 { 3210 struct smack_known **blob = smack_ipc(ipp); 3211 struct smack_known *iskp = *blob; 3212 int may = smack_flags_to_may(flag); 3213 struct smk_audit_info ad; 3214 int rc; 3215 3216 #ifdef CONFIG_AUDIT 3217 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3218 ad.a.u.ipc_id = ipp->id; 3219 #endif 3220 rc = smk_curacc(iskp, may, &ad); 3221 rc = smk_bu_current("svipc", iskp, may, rc); 3222 return rc; 3223 } 3224 3225 /** 3226 * smack_ipc_getsecid - Extract smack security id 3227 * @ipp: the object permissions 3228 * @secid: where result will be saved 3229 */ 3230 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3231 { 3232 struct smack_known **blob = smack_ipc(ipp); 3233 struct smack_known *iskp = *blob; 3234 3235 *secid = iskp->smk_secid; 3236 } 3237 3238 /** 3239 * smack_d_instantiate - Make sure the blob is correct on an inode 3240 * @opt_dentry: dentry where inode will be attached 3241 * @inode: the object 3242 * 3243 * Set the inode's security blob if it hasn't been done already. 3244 */ 3245 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3246 { 3247 struct super_block *sbp; 3248 struct superblock_smack *sbsp; 3249 struct inode_smack *isp; 3250 struct smack_known *skp; 3251 struct smack_known *ckp = smk_of_current(); 3252 struct smack_known *final; 3253 char trattr[TRANS_TRUE_SIZE]; 3254 int transflag = 0; 3255 int rc; 3256 struct dentry *dp; 3257 3258 if (inode == NULL) 3259 return; 3260 3261 isp = smack_inode(inode); 3262 3263 /* 3264 * If the inode is already instantiated 3265 * take the quick way out 3266 */ 3267 if (isp->smk_flags & SMK_INODE_INSTANT) 3268 return; 3269 3270 sbp = inode->i_sb; 3271 sbsp = sbp->s_security; 3272 /* 3273 * We're going to use the superblock default label 3274 * if there's no label on the file. 3275 */ 3276 final = sbsp->smk_default; 3277 3278 /* 3279 * If this is the root inode the superblock 3280 * may be in the process of initialization. 3281 * If that is the case use the root value out 3282 * of the superblock. 3283 */ 3284 if (opt_dentry->d_parent == opt_dentry) { 3285 switch (sbp->s_magic) { 3286 case CGROUP_SUPER_MAGIC: 3287 case CGROUP2_SUPER_MAGIC: 3288 /* 3289 * The cgroup filesystem is never mounted, 3290 * so there's no opportunity to set the mount 3291 * options. 3292 */ 3293 sbsp->smk_root = &smack_known_star; 3294 sbsp->smk_default = &smack_known_star; 3295 isp->smk_inode = sbsp->smk_root; 3296 break; 3297 case TMPFS_MAGIC: 3298 /* 3299 * What about shmem/tmpfs anonymous files with dentry 3300 * obtained from d_alloc_pseudo()? 3301 */ 3302 isp->smk_inode = smk_of_current(); 3303 break; 3304 case PIPEFS_MAGIC: 3305 isp->smk_inode = smk_of_current(); 3306 break; 3307 case SOCKFS_MAGIC: 3308 /* 3309 * Socket access is controlled by the socket 3310 * structures associated with the task involved. 3311 */ 3312 isp->smk_inode = &smack_known_star; 3313 break; 3314 default: 3315 isp->smk_inode = sbsp->smk_root; 3316 break; 3317 } 3318 isp->smk_flags |= SMK_INODE_INSTANT; 3319 return; 3320 } 3321 3322 /* 3323 * This is pretty hackish. 3324 * Casey says that we shouldn't have to do 3325 * file system specific code, but it does help 3326 * with keeping it simple. 3327 */ 3328 switch (sbp->s_magic) { 3329 case SMACK_MAGIC: 3330 case CGROUP_SUPER_MAGIC: 3331 case CGROUP2_SUPER_MAGIC: 3332 /* 3333 * Casey says that it's a little embarrassing 3334 * that the smack file system doesn't do 3335 * extended attributes. 3336 * 3337 * Cgroupfs is special 3338 */ 3339 final = &smack_known_star; 3340 break; 3341 case DEVPTS_SUPER_MAGIC: 3342 /* 3343 * devpts seems content with the label of the task. 3344 * Programs that change smack have to treat the 3345 * pty with respect. 3346 */ 3347 final = ckp; 3348 break; 3349 case PROC_SUPER_MAGIC: 3350 /* 3351 * Casey says procfs appears not to care. 3352 * The superblock default suffices. 3353 */ 3354 break; 3355 case TMPFS_MAGIC: 3356 /* 3357 * Device labels should come from the filesystem, 3358 * but watch out, because they're volitile, 3359 * getting recreated on every reboot. 3360 */ 3361 final = &smack_known_star; 3362 /* 3363 * If a smack value has been set we want to use it, 3364 * but since tmpfs isn't giving us the opportunity 3365 * to set mount options simulate setting the 3366 * superblock default. 3367 */ 3368 /* Fall through */ 3369 default: 3370 /* 3371 * This isn't an understood special case. 3372 * Get the value from the xattr. 3373 */ 3374 3375 /* 3376 * UNIX domain sockets use lower level socket data. 3377 */ 3378 if (S_ISSOCK(inode->i_mode)) { 3379 final = &smack_known_star; 3380 break; 3381 } 3382 /* 3383 * No xattr support means, alas, no SMACK label. 3384 * Use the aforeapplied default. 3385 * It would be curious if the label of the task 3386 * does not match that assigned. 3387 */ 3388 if (!(inode->i_opflags & IOP_XATTR)) 3389 break; 3390 /* 3391 * Get the dentry for xattr. 3392 */ 3393 dp = dget(opt_dentry); 3394 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3395 if (!IS_ERR_OR_NULL(skp)) 3396 final = skp; 3397 3398 /* 3399 * Transmuting directory 3400 */ 3401 if (S_ISDIR(inode->i_mode)) { 3402 /* 3403 * If this is a new directory and the label was 3404 * transmuted when the inode was initialized 3405 * set the transmute attribute on the directory 3406 * and mark the inode. 3407 * 3408 * If there is a transmute attribute on the 3409 * directory mark the inode. 3410 */ 3411 if (isp->smk_flags & SMK_INODE_CHANGED) { 3412 isp->smk_flags &= ~SMK_INODE_CHANGED; 3413 rc = __vfs_setxattr(dp, inode, 3414 XATTR_NAME_SMACKTRANSMUTE, 3415 TRANS_TRUE, TRANS_TRUE_SIZE, 3416 0); 3417 } else { 3418 rc = __vfs_getxattr(dp, inode, 3419 XATTR_NAME_SMACKTRANSMUTE, trattr, 3420 TRANS_TRUE_SIZE); 3421 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3422 TRANS_TRUE_SIZE) != 0) 3423 rc = -EINVAL; 3424 } 3425 if (rc >= 0) 3426 transflag = SMK_INODE_TRANSMUTE; 3427 } 3428 /* 3429 * Don't let the exec or mmap label be "*" or "@". 3430 */ 3431 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3432 if (IS_ERR(skp) || skp == &smack_known_star || 3433 skp == &smack_known_web) 3434 skp = NULL; 3435 isp->smk_task = skp; 3436 3437 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3438 if (IS_ERR(skp) || skp == &smack_known_star || 3439 skp == &smack_known_web) 3440 skp = NULL; 3441 isp->smk_mmap = skp; 3442 3443 dput(dp); 3444 break; 3445 } 3446 3447 if (final == NULL) 3448 isp->smk_inode = ckp; 3449 else 3450 isp->smk_inode = final; 3451 3452 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3453 3454 return; 3455 } 3456 3457 /** 3458 * smack_getprocattr - Smack process attribute access 3459 * @p: the object task 3460 * @name: the name of the attribute in /proc/.../attr 3461 * @value: where to put the result 3462 * 3463 * Places a copy of the task Smack into value 3464 * 3465 * Returns the length of the smack label or an error code 3466 */ 3467 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3468 { 3469 struct smack_known *skp = smk_of_task_struct(p); 3470 char *cp; 3471 int slen; 3472 3473 if (strcmp(name, "current") != 0) 3474 return -EINVAL; 3475 3476 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3477 if (cp == NULL) 3478 return -ENOMEM; 3479 3480 slen = strlen(cp); 3481 *value = cp; 3482 return slen; 3483 } 3484 3485 /** 3486 * smack_setprocattr - Smack process attribute setting 3487 * @name: the name of the attribute in /proc/.../attr 3488 * @value: the value to set 3489 * @size: the size of the value 3490 * 3491 * Sets the Smack value of the task. Only setting self 3492 * is permitted and only with privilege 3493 * 3494 * Returns the length of the smack label or an error code 3495 */ 3496 static int smack_setprocattr(const char *name, void *value, size_t size) 3497 { 3498 struct task_smack *tsp = smack_cred(current_cred()); 3499 struct cred *new; 3500 struct smack_known *skp; 3501 struct smack_known_list_elem *sklep; 3502 int rc; 3503 3504 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3505 return -EPERM; 3506 3507 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3508 return -EINVAL; 3509 3510 if (strcmp(name, "current") != 0) 3511 return -EINVAL; 3512 3513 skp = smk_import_entry(value, size); 3514 if (IS_ERR(skp)) 3515 return PTR_ERR(skp); 3516 3517 /* 3518 * No process is ever allowed the web ("@") label 3519 * and the star ("*") label. 3520 */ 3521 if (skp == &smack_known_web || skp == &smack_known_star) 3522 return -EINVAL; 3523 3524 if (!smack_privileged(CAP_MAC_ADMIN)) { 3525 rc = -EPERM; 3526 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3527 if (sklep->smk_label == skp) { 3528 rc = 0; 3529 break; 3530 } 3531 if (rc) 3532 return rc; 3533 } 3534 3535 new = prepare_creds(); 3536 if (new == NULL) 3537 return -ENOMEM; 3538 3539 tsp = smack_cred(new); 3540 tsp->smk_task = skp; 3541 /* 3542 * process can change its label only once 3543 */ 3544 smk_destroy_label_list(&tsp->smk_relabel); 3545 3546 commit_creds(new); 3547 return size; 3548 } 3549 3550 /** 3551 * smack_unix_stream_connect - Smack access on UDS 3552 * @sock: one sock 3553 * @other: the other sock 3554 * @newsk: unused 3555 * 3556 * Return 0 if a subject with the smack of sock could access 3557 * an object with the smack of other, otherwise an error code 3558 */ 3559 static int smack_unix_stream_connect(struct sock *sock, 3560 struct sock *other, struct sock *newsk) 3561 { 3562 struct smack_known *skp; 3563 struct smack_known *okp; 3564 struct socket_smack *ssp = sock->sk_security; 3565 struct socket_smack *osp = other->sk_security; 3566 struct socket_smack *nsp = newsk->sk_security; 3567 struct smk_audit_info ad; 3568 int rc = 0; 3569 #ifdef CONFIG_AUDIT 3570 struct lsm_network_audit net; 3571 #endif 3572 3573 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3574 skp = ssp->smk_out; 3575 okp = osp->smk_in; 3576 #ifdef CONFIG_AUDIT 3577 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3578 smk_ad_setfield_u_net_sk(&ad, other); 3579 #endif 3580 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3581 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3582 if (rc == 0) { 3583 okp = osp->smk_out; 3584 skp = ssp->smk_in; 3585 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3586 rc = smk_bu_note("UDS connect", okp, skp, 3587 MAY_WRITE, rc); 3588 } 3589 } 3590 3591 /* 3592 * Cross reference the peer labels for SO_PEERSEC. 3593 */ 3594 if (rc == 0) { 3595 nsp->smk_packet = ssp->smk_out; 3596 ssp->smk_packet = osp->smk_out; 3597 } 3598 3599 return rc; 3600 } 3601 3602 /** 3603 * smack_unix_may_send - Smack access on UDS 3604 * @sock: one socket 3605 * @other: the other socket 3606 * 3607 * Return 0 if a subject with the smack of sock could access 3608 * an object with the smack of other, otherwise an error code 3609 */ 3610 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3611 { 3612 struct socket_smack *ssp = sock->sk->sk_security; 3613 struct socket_smack *osp = other->sk->sk_security; 3614 struct smk_audit_info ad; 3615 int rc; 3616 3617 #ifdef CONFIG_AUDIT 3618 struct lsm_network_audit net; 3619 3620 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3621 smk_ad_setfield_u_net_sk(&ad, other->sk); 3622 #endif 3623 3624 if (smack_privileged(CAP_MAC_OVERRIDE)) 3625 return 0; 3626 3627 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3628 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3629 return rc; 3630 } 3631 3632 /** 3633 * smack_socket_sendmsg - Smack check based on destination host 3634 * @sock: the socket 3635 * @msg: the message 3636 * @size: the size of the message 3637 * 3638 * Return 0 if the current subject can write to the destination host. 3639 * For IPv4 this is only a question if the destination is a single label host. 3640 * For IPv6 this is a check against the label of the port. 3641 */ 3642 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3643 int size) 3644 { 3645 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3646 #if IS_ENABLED(CONFIG_IPV6) 3647 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3648 #endif 3649 #ifdef SMACK_IPV6_SECMARK_LABELING 3650 struct socket_smack *ssp = sock->sk->sk_security; 3651 struct smack_known *rsp; 3652 #endif 3653 int rc = 0; 3654 3655 /* 3656 * Perfectly reasonable for this to be NULL 3657 */ 3658 if (sip == NULL) 3659 return 0; 3660 3661 switch (sock->sk->sk_family) { 3662 case AF_INET: 3663 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3664 sip->sin_family != AF_INET) 3665 return -EINVAL; 3666 rc = smack_netlabel_send(sock->sk, sip); 3667 break; 3668 #if IS_ENABLED(CONFIG_IPV6) 3669 case AF_INET6: 3670 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3671 sap->sin6_family != AF_INET6) 3672 return -EINVAL; 3673 #ifdef SMACK_IPV6_SECMARK_LABELING 3674 rsp = smack_ipv6host_label(sap); 3675 if (rsp != NULL) 3676 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3677 SMK_CONNECTING); 3678 #endif 3679 #ifdef SMACK_IPV6_PORT_LABELING 3680 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3681 #endif 3682 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3683 break; 3684 } 3685 return rc; 3686 } 3687 3688 /** 3689 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3690 * @sap: netlabel secattr 3691 * @ssp: socket security information 3692 * 3693 * Returns a pointer to a Smack label entry found on the label list. 3694 */ 3695 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3696 struct socket_smack *ssp) 3697 { 3698 struct smack_known *skp; 3699 int found = 0; 3700 int acat; 3701 int kcat; 3702 3703 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3704 /* 3705 * Looks like a CIPSO packet. 3706 * If there are flags but no level netlabel isn't 3707 * behaving the way we expect it to. 3708 * 3709 * Look it up in the label table 3710 * Without guidance regarding the smack value 3711 * for the packet fall back on the network 3712 * ambient value. 3713 */ 3714 rcu_read_lock(); 3715 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3716 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3717 continue; 3718 /* 3719 * Compare the catsets. Use the netlbl APIs. 3720 */ 3721 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3722 if ((skp->smk_netlabel.flags & 3723 NETLBL_SECATTR_MLS_CAT) == 0) 3724 found = 1; 3725 break; 3726 } 3727 for (acat = -1, kcat = -1; acat == kcat; ) { 3728 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3729 acat + 1); 3730 kcat = netlbl_catmap_walk( 3731 skp->smk_netlabel.attr.mls.cat, 3732 kcat + 1); 3733 if (acat < 0 || kcat < 0) 3734 break; 3735 } 3736 if (acat == kcat) { 3737 found = 1; 3738 break; 3739 } 3740 } 3741 rcu_read_unlock(); 3742 3743 if (found) 3744 return skp; 3745 3746 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3747 return &smack_known_web; 3748 return &smack_known_star; 3749 } 3750 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3751 /* 3752 * Looks like a fallback, which gives us a secid. 3753 */ 3754 return smack_from_secid(sap->attr.secid); 3755 /* 3756 * Without guidance regarding the smack value 3757 * for the packet fall back on the network 3758 * ambient value. 3759 */ 3760 return smack_net_ambient; 3761 } 3762 3763 #if IS_ENABLED(CONFIG_IPV6) 3764 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3765 { 3766 u8 nexthdr; 3767 int offset; 3768 int proto = -EINVAL; 3769 struct ipv6hdr _ipv6h; 3770 struct ipv6hdr *ip6; 3771 __be16 frag_off; 3772 struct tcphdr _tcph, *th; 3773 struct udphdr _udph, *uh; 3774 struct dccp_hdr _dccph, *dh; 3775 3776 sip->sin6_port = 0; 3777 3778 offset = skb_network_offset(skb); 3779 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3780 if (ip6 == NULL) 3781 return -EINVAL; 3782 sip->sin6_addr = ip6->saddr; 3783 3784 nexthdr = ip6->nexthdr; 3785 offset += sizeof(_ipv6h); 3786 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3787 if (offset < 0) 3788 return -EINVAL; 3789 3790 proto = nexthdr; 3791 switch (proto) { 3792 case IPPROTO_TCP: 3793 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3794 if (th != NULL) 3795 sip->sin6_port = th->source; 3796 break; 3797 case IPPROTO_UDP: 3798 case IPPROTO_UDPLITE: 3799 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3800 if (uh != NULL) 3801 sip->sin6_port = uh->source; 3802 break; 3803 case IPPROTO_DCCP: 3804 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3805 if (dh != NULL) 3806 sip->sin6_port = dh->dccph_sport; 3807 break; 3808 } 3809 return proto; 3810 } 3811 #endif /* CONFIG_IPV6 */ 3812 3813 /** 3814 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3815 * @sk: socket 3816 * @skb: packet 3817 * 3818 * Returns 0 if the packet should be delivered, an error code otherwise 3819 */ 3820 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3821 { 3822 struct netlbl_lsm_secattr secattr; 3823 struct socket_smack *ssp = sk->sk_security; 3824 struct smack_known *skp = NULL; 3825 int rc = 0; 3826 struct smk_audit_info ad; 3827 u16 family = sk->sk_family; 3828 #ifdef CONFIG_AUDIT 3829 struct lsm_network_audit net; 3830 #endif 3831 #if IS_ENABLED(CONFIG_IPV6) 3832 struct sockaddr_in6 sadd; 3833 int proto; 3834 3835 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3836 family = PF_INET; 3837 #endif /* CONFIG_IPV6 */ 3838 3839 switch (family) { 3840 case PF_INET: 3841 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3842 /* 3843 * If there is a secmark use it rather than the CIPSO label. 3844 * If there is no secmark fall back to CIPSO. 3845 * The secmark is assumed to reflect policy better. 3846 */ 3847 if (skb && skb->secmark != 0) { 3848 skp = smack_from_secid(skb->secmark); 3849 goto access_check; 3850 } 3851 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3852 /* 3853 * Translate what netlabel gave us. 3854 */ 3855 netlbl_secattr_init(&secattr); 3856 3857 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3858 if (rc == 0) 3859 skp = smack_from_secattr(&secattr, ssp); 3860 else 3861 skp = smack_net_ambient; 3862 3863 netlbl_secattr_destroy(&secattr); 3864 3865 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3866 access_check: 3867 #endif 3868 #ifdef CONFIG_AUDIT 3869 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3870 ad.a.u.net->family = family; 3871 ad.a.u.net->netif = skb->skb_iif; 3872 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3873 #endif 3874 /* 3875 * Receiving a packet requires that the other end 3876 * be able to write here. Read access is not required. 3877 * This is the simplist possible security model 3878 * for networking. 3879 */ 3880 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3881 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3882 MAY_WRITE, rc); 3883 if (rc != 0) 3884 netlbl_skbuff_err(skb, family, rc, 0); 3885 break; 3886 #if IS_ENABLED(CONFIG_IPV6) 3887 case PF_INET6: 3888 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3889 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3890 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 3891 break; 3892 #ifdef SMACK_IPV6_SECMARK_LABELING 3893 if (skb && skb->secmark != 0) 3894 skp = smack_from_secid(skb->secmark); 3895 else if (smk_ipv6_localhost(&sadd)) 3896 break; 3897 else 3898 skp = smack_ipv6host_label(&sadd); 3899 if (skp == NULL) 3900 skp = smack_net_ambient; 3901 if (skb == NULL) 3902 break; 3903 #ifdef CONFIG_AUDIT 3904 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3905 ad.a.u.net->family = family; 3906 ad.a.u.net->netif = skb->skb_iif; 3907 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3908 #endif /* CONFIG_AUDIT */ 3909 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3910 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3911 MAY_WRITE, rc); 3912 #endif /* SMACK_IPV6_SECMARK_LABELING */ 3913 #ifdef SMACK_IPV6_PORT_LABELING 3914 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3915 #endif /* SMACK_IPV6_PORT_LABELING */ 3916 if (rc != 0) 3917 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 3918 ICMPV6_ADM_PROHIBITED, 0); 3919 break; 3920 #endif /* CONFIG_IPV6 */ 3921 } 3922 3923 return rc; 3924 } 3925 3926 /** 3927 * smack_socket_getpeersec_stream - pull in packet label 3928 * @sock: the socket 3929 * @optval: user's destination 3930 * @optlen: size thereof 3931 * @len: max thereof 3932 * 3933 * returns zero on success, an error code otherwise 3934 */ 3935 static int smack_socket_getpeersec_stream(struct socket *sock, 3936 char __user *optval, 3937 int __user *optlen, unsigned len) 3938 { 3939 struct socket_smack *ssp; 3940 char *rcp = ""; 3941 int slen = 1; 3942 int rc = 0; 3943 3944 ssp = sock->sk->sk_security; 3945 if (ssp->smk_packet != NULL) { 3946 rcp = ssp->smk_packet->smk_known; 3947 slen = strlen(rcp) + 1; 3948 } 3949 3950 if (slen > len) 3951 rc = -ERANGE; 3952 else if (copy_to_user(optval, rcp, slen) != 0) 3953 rc = -EFAULT; 3954 3955 if (put_user(slen, optlen) != 0) 3956 rc = -EFAULT; 3957 3958 return rc; 3959 } 3960 3961 3962 /** 3963 * smack_socket_getpeersec_dgram - pull in packet label 3964 * @sock: the peer socket 3965 * @skb: packet data 3966 * @secid: pointer to where to put the secid of the packet 3967 * 3968 * Sets the netlabel socket state on sk from parent 3969 */ 3970 static int smack_socket_getpeersec_dgram(struct socket *sock, 3971 struct sk_buff *skb, u32 *secid) 3972 3973 { 3974 struct netlbl_lsm_secattr secattr; 3975 struct socket_smack *ssp = NULL; 3976 struct smack_known *skp; 3977 int family = PF_UNSPEC; 3978 u32 s = 0; /* 0 is the invalid secid */ 3979 int rc; 3980 3981 if (skb != NULL) { 3982 if (skb->protocol == htons(ETH_P_IP)) 3983 family = PF_INET; 3984 #if IS_ENABLED(CONFIG_IPV6) 3985 else if (skb->protocol == htons(ETH_P_IPV6)) 3986 family = PF_INET6; 3987 #endif /* CONFIG_IPV6 */ 3988 } 3989 if (family == PF_UNSPEC && sock != NULL) 3990 family = sock->sk->sk_family; 3991 3992 switch (family) { 3993 case PF_UNIX: 3994 ssp = sock->sk->sk_security; 3995 s = ssp->smk_out->smk_secid; 3996 break; 3997 case PF_INET: 3998 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 3999 s = skb->secmark; 4000 if (s != 0) 4001 break; 4002 #endif 4003 /* 4004 * Translate what netlabel gave us. 4005 */ 4006 if (sock != NULL && sock->sk != NULL) 4007 ssp = sock->sk->sk_security; 4008 netlbl_secattr_init(&secattr); 4009 rc = netlbl_skbuff_getattr(skb, family, &secattr); 4010 if (rc == 0) { 4011 skp = smack_from_secattr(&secattr, ssp); 4012 s = skp->smk_secid; 4013 } 4014 netlbl_secattr_destroy(&secattr); 4015 break; 4016 case PF_INET6: 4017 #ifdef SMACK_IPV6_SECMARK_LABELING 4018 s = skb->secmark; 4019 #endif 4020 break; 4021 } 4022 *secid = s; 4023 if (s == 0) 4024 return -EINVAL; 4025 return 0; 4026 } 4027 4028 /** 4029 * smack_sock_graft - Initialize a newly created socket with an existing sock 4030 * @sk: child sock 4031 * @parent: parent socket 4032 * 4033 * Set the smk_{in,out} state of an existing sock based on the process that 4034 * is creating the new socket. 4035 */ 4036 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4037 { 4038 struct socket_smack *ssp; 4039 struct smack_known *skp = smk_of_current(); 4040 4041 if (sk == NULL || 4042 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4043 return; 4044 4045 ssp = sk->sk_security; 4046 ssp->smk_in = skp; 4047 ssp->smk_out = skp; 4048 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4049 } 4050 4051 /** 4052 * smack_inet_conn_request - Smack access check on connect 4053 * @sk: socket involved 4054 * @skb: packet 4055 * @req: unused 4056 * 4057 * Returns 0 if a task with the packet label could write to 4058 * the socket, otherwise an error code 4059 */ 4060 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 4061 struct request_sock *req) 4062 { 4063 u16 family = sk->sk_family; 4064 struct smack_known *skp; 4065 struct socket_smack *ssp = sk->sk_security; 4066 struct netlbl_lsm_secattr secattr; 4067 struct sockaddr_in addr; 4068 struct iphdr *hdr; 4069 struct smack_known *hskp; 4070 int rc; 4071 struct smk_audit_info ad; 4072 #ifdef CONFIG_AUDIT 4073 struct lsm_network_audit net; 4074 #endif 4075 4076 #if IS_ENABLED(CONFIG_IPV6) 4077 if (family == PF_INET6) { 4078 /* 4079 * Handle mapped IPv4 packets arriving 4080 * via IPv6 sockets. Don't set up netlabel 4081 * processing on IPv6. 4082 */ 4083 if (skb->protocol == htons(ETH_P_IP)) 4084 family = PF_INET; 4085 else 4086 return 0; 4087 } 4088 #endif /* CONFIG_IPV6 */ 4089 4090 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4091 /* 4092 * If there is a secmark use it rather than the CIPSO label. 4093 * If there is no secmark fall back to CIPSO. 4094 * The secmark is assumed to reflect policy better. 4095 */ 4096 if (skb && skb->secmark != 0) { 4097 skp = smack_from_secid(skb->secmark); 4098 goto access_check; 4099 } 4100 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 4101 4102 netlbl_secattr_init(&secattr); 4103 rc = netlbl_skbuff_getattr(skb, family, &secattr); 4104 if (rc == 0) 4105 skp = smack_from_secattr(&secattr, ssp); 4106 else 4107 skp = &smack_known_huh; 4108 netlbl_secattr_destroy(&secattr); 4109 4110 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4111 access_check: 4112 #endif 4113 4114 #ifdef CONFIG_AUDIT 4115 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4116 ad.a.u.net->family = family; 4117 ad.a.u.net->netif = skb->skb_iif; 4118 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4119 #endif 4120 /* 4121 * Receiving a packet requires that the other end be able to write 4122 * here. Read access is not required. 4123 */ 4124 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4125 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4126 if (rc != 0) 4127 return rc; 4128 4129 /* 4130 * Save the peer's label in the request_sock so we can later setup 4131 * smk_packet in the child socket so that SO_PEERCRED can report it. 4132 */ 4133 req->peer_secid = skp->smk_secid; 4134 4135 /* 4136 * We need to decide if we want to label the incoming connection here 4137 * if we do we only need to label the request_sock and the stack will 4138 * propagate the wire-label to the sock when it is created. 4139 */ 4140 hdr = ip_hdr(skb); 4141 addr.sin_addr.s_addr = hdr->saddr; 4142 rcu_read_lock(); 4143 hskp = smack_ipv4host_label(&addr); 4144 rcu_read_unlock(); 4145 4146 if (hskp == NULL) 4147 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4148 else 4149 netlbl_req_delattr(req); 4150 4151 return rc; 4152 } 4153 4154 /** 4155 * smack_inet_csk_clone - Copy the connection information to the new socket 4156 * @sk: the new socket 4157 * @req: the connection's request_sock 4158 * 4159 * Transfer the connection's peer label to the newly created socket. 4160 */ 4161 static void smack_inet_csk_clone(struct sock *sk, 4162 const struct request_sock *req) 4163 { 4164 struct socket_smack *ssp = sk->sk_security; 4165 struct smack_known *skp; 4166 4167 if (req->peer_secid != 0) { 4168 skp = smack_from_secid(req->peer_secid); 4169 ssp->smk_packet = skp; 4170 } else 4171 ssp->smk_packet = NULL; 4172 } 4173 4174 /* 4175 * Key management security hooks 4176 * 4177 * Casey has not tested key support very heavily. 4178 * The permission check is most likely too restrictive. 4179 * If you care about keys please have a look. 4180 */ 4181 #ifdef CONFIG_KEYS 4182 4183 /** 4184 * smack_key_alloc - Set the key security blob 4185 * @key: object 4186 * @cred: the credentials to use 4187 * @flags: unused 4188 * 4189 * No allocation required 4190 * 4191 * Returns 0 4192 */ 4193 static int smack_key_alloc(struct key *key, const struct cred *cred, 4194 unsigned long flags) 4195 { 4196 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4197 4198 key->security = skp; 4199 return 0; 4200 } 4201 4202 /** 4203 * smack_key_free - Clear the key security blob 4204 * @key: the object 4205 * 4206 * Clear the blob pointer 4207 */ 4208 static void smack_key_free(struct key *key) 4209 { 4210 key->security = NULL; 4211 } 4212 4213 /** 4214 * smack_key_permission - Smack access on a key 4215 * @key_ref: gets to the object 4216 * @cred: the credentials to use 4217 * @need_perm: requested key permission 4218 * 4219 * Return 0 if the task has read and write to the object, 4220 * an error code otherwise 4221 */ 4222 static int smack_key_permission(key_ref_t key_ref, 4223 const struct cred *cred, 4224 enum key_need_perm need_perm) 4225 { 4226 struct key *keyp; 4227 struct smk_audit_info ad; 4228 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4229 int request = 0; 4230 int rc; 4231 4232 /* 4233 * Validate requested permissions 4234 */ 4235 switch (need_perm) { 4236 case KEY_NEED_READ: 4237 case KEY_NEED_SEARCH: 4238 case KEY_NEED_VIEW: 4239 request |= MAY_READ; 4240 break; 4241 case KEY_NEED_WRITE: 4242 case KEY_NEED_LINK: 4243 case KEY_NEED_SETATTR: 4244 request |= MAY_WRITE; 4245 break; 4246 case KEY_NEED_UNSPECIFIED: 4247 case KEY_NEED_UNLINK: 4248 case KEY_SYSADMIN_OVERRIDE: 4249 case KEY_AUTHTOKEN_OVERRIDE: 4250 case KEY_DEFER_PERM_CHECK: 4251 return 0; 4252 default: 4253 return -EINVAL; 4254 } 4255 4256 keyp = key_ref_to_ptr(key_ref); 4257 if (keyp == NULL) 4258 return -EINVAL; 4259 /* 4260 * If the key hasn't been initialized give it access so that 4261 * it may do so. 4262 */ 4263 if (keyp->security == NULL) 4264 return 0; 4265 /* 4266 * This should not occur 4267 */ 4268 if (tkp == NULL) 4269 return -EACCES; 4270 4271 if (smack_privileged(CAP_MAC_OVERRIDE)) 4272 return 0; 4273 4274 #ifdef CONFIG_AUDIT 4275 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4276 ad.a.u.key_struct.key = keyp->serial; 4277 ad.a.u.key_struct.key_desc = keyp->description; 4278 #endif 4279 rc = smk_access(tkp, keyp->security, request, &ad); 4280 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4281 return rc; 4282 } 4283 4284 /* 4285 * smack_key_getsecurity - Smack label tagging the key 4286 * @key points to the key to be queried 4287 * @_buffer points to a pointer that should be set to point to the 4288 * resulting string (if no label or an error occurs). 4289 * Return the length of the string (including terminating NUL) or -ve if 4290 * an error. 4291 * May also return 0 (and a NULL buffer pointer) if there is no label. 4292 */ 4293 static int smack_key_getsecurity(struct key *key, char **_buffer) 4294 { 4295 struct smack_known *skp = key->security; 4296 size_t length; 4297 char *copy; 4298 4299 if (key->security == NULL) { 4300 *_buffer = NULL; 4301 return 0; 4302 } 4303 4304 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4305 if (copy == NULL) 4306 return -ENOMEM; 4307 length = strlen(copy) + 1; 4308 4309 *_buffer = copy; 4310 return length; 4311 } 4312 4313 4314 #ifdef CONFIG_KEY_NOTIFICATIONS 4315 /** 4316 * smack_watch_key - Smack access to watch a key for notifications. 4317 * @key: The key to be watched 4318 * 4319 * Return 0 if the @watch->cred has permission to read from the key object and 4320 * an error otherwise. 4321 */ 4322 static int smack_watch_key(struct key *key) 4323 { 4324 struct smk_audit_info ad; 4325 struct smack_known *tkp = smk_of_current(); 4326 int rc; 4327 4328 if (key == NULL) 4329 return -EINVAL; 4330 /* 4331 * If the key hasn't been initialized give it access so that 4332 * it may do so. 4333 */ 4334 if (key->security == NULL) 4335 return 0; 4336 /* 4337 * This should not occur 4338 */ 4339 if (tkp == NULL) 4340 return -EACCES; 4341 4342 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4343 return 0; 4344 4345 #ifdef CONFIG_AUDIT 4346 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4347 ad.a.u.key_struct.key = key->serial; 4348 ad.a.u.key_struct.key_desc = key->description; 4349 #endif 4350 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4351 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4352 return rc; 4353 } 4354 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4355 #endif /* CONFIG_KEYS */ 4356 4357 #ifdef CONFIG_WATCH_QUEUE 4358 /** 4359 * smack_post_notification - Smack access to post a notification to a queue 4360 * @w_cred: The credentials of the watcher. 4361 * @cred: The credentials of the event source (may be NULL). 4362 * @n: The notification message to be posted. 4363 */ 4364 static int smack_post_notification(const struct cred *w_cred, 4365 const struct cred *cred, 4366 struct watch_notification *n) 4367 { 4368 struct smk_audit_info ad; 4369 struct smack_known *subj, *obj; 4370 int rc; 4371 4372 /* Always let maintenance notifications through. */ 4373 if (n->type == WATCH_TYPE_META) 4374 return 0; 4375 4376 if (!cred) 4377 return 0; 4378 subj = smk_of_task(smack_cred(cred)); 4379 obj = smk_of_task(smack_cred(w_cred)); 4380 4381 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4382 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4383 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4384 return rc; 4385 } 4386 #endif /* CONFIG_WATCH_QUEUE */ 4387 4388 /* 4389 * Smack Audit hooks 4390 * 4391 * Audit requires a unique representation of each Smack specific 4392 * rule. This unique representation is used to distinguish the 4393 * object to be audited from remaining kernel objects and also 4394 * works as a glue between the audit hooks. 4395 * 4396 * Since repository entries are added but never deleted, we'll use 4397 * the smack_known label address related to the given audit rule as 4398 * the needed unique representation. This also better fits the smack 4399 * model where nearly everything is a label. 4400 */ 4401 #ifdef CONFIG_AUDIT 4402 4403 /** 4404 * smack_audit_rule_init - Initialize a smack audit rule 4405 * @field: audit rule fields given from user-space (audit.h) 4406 * @op: required testing operator (=, !=, >, <, ...) 4407 * @rulestr: smack label to be audited 4408 * @vrule: pointer to save our own audit rule representation 4409 * 4410 * Prepare to audit cases where (@field @op @rulestr) is true. 4411 * The label to be audited is created if necessay. 4412 */ 4413 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4414 { 4415 struct smack_known *skp; 4416 char **rule = (char **)vrule; 4417 *rule = NULL; 4418 4419 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4420 return -EINVAL; 4421 4422 if (op != Audit_equal && op != Audit_not_equal) 4423 return -EINVAL; 4424 4425 skp = smk_import_entry(rulestr, 0); 4426 if (IS_ERR(skp)) 4427 return PTR_ERR(skp); 4428 4429 *rule = skp->smk_known; 4430 4431 return 0; 4432 } 4433 4434 /** 4435 * smack_audit_rule_known - Distinguish Smack audit rules 4436 * @krule: rule of interest, in Audit kernel representation format 4437 * 4438 * This is used to filter Smack rules from remaining Audit ones. 4439 * If it's proved that this rule belongs to us, the 4440 * audit_rule_match hook will be called to do the final judgement. 4441 */ 4442 static int smack_audit_rule_known(struct audit_krule *krule) 4443 { 4444 struct audit_field *f; 4445 int i; 4446 4447 for (i = 0; i < krule->field_count; i++) { 4448 f = &krule->fields[i]; 4449 4450 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4451 return 1; 4452 } 4453 4454 return 0; 4455 } 4456 4457 /** 4458 * smack_audit_rule_match - Audit given object ? 4459 * @secid: security id for identifying the object to test 4460 * @field: audit rule flags given from user-space 4461 * @op: required testing operator 4462 * @vrule: smack internal rule presentation 4463 * 4464 * The core Audit hook. It's used to take the decision of 4465 * whether to audit or not to audit a given object. 4466 */ 4467 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4468 { 4469 struct smack_known *skp; 4470 char *rule = vrule; 4471 4472 if (unlikely(!rule)) { 4473 WARN_ONCE(1, "Smack: missing rule\n"); 4474 return -ENOENT; 4475 } 4476 4477 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4478 return 0; 4479 4480 skp = smack_from_secid(secid); 4481 4482 /* 4483 * No need to do string comparisons. If a match occurs, 4484 * both pointers will point to the same smack_known 4485 * label. 4486 */ 4487 if (op == Audit_equal) 4488 return (rule == skp->smk_known); 4489 if (op == Audit_not_equal) 4490 return (rule != skp->smk_known); 4491 4492 return 0; 4493 } 4494 4495 /* 4496 * There is no need for a smack_audit_rule_free hook. 4497 * No memory was allocated. 4498 */ 4499 4500 #endif /* CONFIG_AUDIT */ 4501 4502 /** 4503 * smack_ismaclabel - check if xattr @name references a smack MAC label 4504 * @name: Full xattr name to check. 4505 */ 4506 static int smack_ismaclabel(const char *name) 4507 { 4508 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4509 } 4510 4511 4512 /** 4513 * smack_secid_to_secctx - return the smack label for a secid 4514 * @secid: incoming integer 4515 * @secdata: destination 4516 * @seclen: how long it is 4517 * 4518 * Exists for networking code. 4519 */ 4520 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4521 { 4522 struct smack_known *skp = smack_from_secid(secid); 4523 4524 if (secdata) 4525 *secdata = skp->smk_known; 4526 *seclen = strlen(skp->smk_known); 4527 return 0; 4528 } 4529 4530 /** 4531 * smack_secctx_to_secid - return the secid for a smack label 4532 * @secdata: smack label 4533 * @seclen: how long result is 4534 * @secid: outgoing integer 4535 * 4536 * Exists for audit and networking code. 4537 */ 4538 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4539 { 4540 struct smack_known *skp = smk_find_entry(secdata); 4541 4542 if (skp) 4543 *secid = skp->smk_secid; 4544 else 4545 *secid = 0; 4546 return 0; 4547 } 4548 4549 /* 4550 * There used to be a smack_release_secctx hook 4551 * that did nothing back when hooks were in a vector. 4552 * Now that there's a list such a hook adds cost. 4553 */ 4554 4555 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4556 { 4557 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 4558 } 4559 4560 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4561 { 4562 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 4563 } 4564 4565 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4566 { 4567 struct smack_known *skp = smk_of_inode(inode); 4568 4569 *ctx = skp->smk_known; 4570 *ctxlen = strlen(skp->smk_known); 4571 return 0; 4572 } 4573 4574 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4575 { 4576 4577 struct task_smack *tsp; 4578 struct smack_known *skp; 4579 struct inode_smack *isp; 4580 struct cred *new_creds = *new; 4581 4582 if (new_creds == NULL) { 4583 new_creds = prepare_creds(); 4584 if (new_creds == NULL) 4585 return -ENOMEM; 4586 } 4587 4588 tsp = smack_cred(new_creds); 4589 4590 /* 4591 * Get label from overlay inode and set it in create_sid 4592 */ 4593 isp = smack_inode(d_inode(dentry->d_parent)); 4594 skp = isp->smk_inode; 4595 tsp->smk_task = skp; 4596 *new = new_creds; 4597 return 0; 4598 } 4599 4600 static int smack_inode_copy_up_xattr(const char *name) 4601 { 4602 /* 4603 * Return 1 if this is the smack access Smack attribute. 4604 */ 4605 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4606 return 1; 4607 4608 return -EOPNOTSUPP; 4609 } 4610 4611 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4612 struct qstr *name, 4613 const struct cred *old, 4614 struct cred *new) 4615 { 4616 struct task_smack *otsp = smack_cred(old); 4617 struct task_smack *ntsp = smack_cred(new); 4618 struct inode_smack *isp; 4619 int may; 4620 4621 /* 4622 * Use the process credential unless all of 4623 * the transmuting criteria are met 4624 */ 4625 ntsp->smk_task = otsp->smk_task; 4626 4627 /* 4628 * the attribute of the containing directory 4629 */ 4630 isp = smack_inode(d_inode(dentry->d_parent)); 4631 4632 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4633 rcu_read_lock(); 4634 may = smk_access_entry(otsp->smk_task->smk_known, 4635 isp->smk_inode->smk_known, 4636 &otsp->smk_task->smk_rules); 4637 rcu_read_unlock(); 4638 4639 /* 4640 * If the directory is transmuting and the rule 4641 * providing access is transmuting use the containing 4642 * directory label instead of the process label. 4643 */ 4644 if (may > 0 && (may & MAY_TRANSMUTE)) 4645 ntsp->smk_task = isp->smk_inode; 4646 } 4647 return 0; 4648 } 4649 4650 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4651 .lbs_cred = sizeof(struct task_smack), 4652 .lbs_file = sizeof(struct smack_known *), 4653 .lbs_inode = sizeof(struct inode_smack), 4654 .lbs_ipc = sizeof(struct smack_known *), 4655 .lbs_msg_msg = sizeof(struct smack_known *), 4656 }; 4657 4658 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4659 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4660 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4661 LSM_HOOK_INIT(syslog, smack_syslog), 4662 4663 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4664 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4665 4666 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4667 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), 4668 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4669 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4670 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4671 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4672 4673 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4674 4675 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4676 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4677 LSM_HOOK_INIT(inode_link, smack_inode_link), 4678 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4679 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4680 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4681 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4682 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4683 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4684 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4685 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4686 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4687 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4688 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4689 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4690 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4691 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4692 4693 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4694 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4695 LSM_HOOK_INIT(file_lock, smack_file_lock), 4696 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4697 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4698 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4699 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4700 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4701 LSM_HOOK_INIT(file_receive, smack_file_receive), 4702 4703 LSM_HOOK_INIT(file_open, smack_file_open), 4704 4705 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4706 LSM_HOOK_INIT(cred_free, smack_cred_free), 4707 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4708 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4709 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4710 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4711 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4712 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4713 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4714 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4715 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid), 4716 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4717 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4718 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4719 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4720 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4721 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4722 LSM_HOOK_INIT(task_kill, smack_task_kill), 4723 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4724 4725 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4726 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4727 4728 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4729 4730 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4731 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4732 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4733 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4734 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4735 4736 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4737 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4738 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4739 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4740 4741 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4742 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4743 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4744 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4745 4746 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4747 4748 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4749 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4750 4751 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4752 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4753 4754 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4755 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4756 #ifdef SMACK_IPV6_PORT_LABELING 4757 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4758 #endif 4759 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4760 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4761 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4762 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4763 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4764 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4765 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4766 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4767 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4768 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4769 4770 /* key management security hooks */ 4771 #ifdef CONFIG_KEYS 4772 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4773 LSM_HOOK_INIT(key_free, smack_key_free), 4774 LSM_HOOK_INIT(key_permission, smack_key_permission), 4775 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4776 #ifdef CONFIG_KEY_NOTIFICATIONS 4777 LSM_HOOK_INIT(watch_key, smack_watch_key), 4778 #endif 4779 #endif /* CONFIG_KEYS */ 4780 4781 #ifdef CONFIG_WATCH_QUEUE 4782 LSM_HOOK_INIT(post_notification, smack_post_notification), 4783 #endif 4784 4785 /* Audit hooks */ 4786 #ifdef CONFIG_AUDIT 4787 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4788 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4789 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4790 #endif /* CONFIG_AUDIT */ 4791 4792 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4793 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4794 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4795 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4796 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4797 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4798 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4799 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4800 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4801 }; 4802 4803 4804 static __init void init_smack_known_list(void) 4805 { 4806 /* 4807 * Initialize rule list locks 4808 */ 4809 mutex_init(&smack_known_huh.smk_rules_lock); 4810 mutex_init(&smack_known_hat.smk_rules_lock); 4811 mutex_init(&smack_known_floor.smk_rules_lock); 4812 mutex_init(&smack_known_star.smk_rules_lock); 4813 mutex_init(&smack_known_web.smk_rules_lock); 4814 /* 4815 * Initialize rule lists 4816 */ 4817 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4818 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4819 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4820 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4821 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4822 /* 4823 * Create the known labels list 4824 */ 4825 smk_insert_entry(&smack_known_huh); 4826 smk_insert_entry(&smack_known_hat); 4827 smk_insert_entry(&smack_known_star); 4828 smk_insert_entry(&smack_known_floor); 4829 smk_insert_entry(&smack_known_web); 4830 } 4831 4832 /** 4833 * smack_init - initialize the smack system 4834 * 4835 * Returns 0 on success, -ENOMEM is there's no memory 4836 */ 4837 static __init int smack_init(void) 4838 { 4839 struct cred *cred = (struct cred *) current->cred; 4840 struct task_smack *tsp; 4841 4842 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 4843 if (!smack_rule_cache) 4844 return -ENOMEM; 4845 4846 /* 4847 * Set the security state for the initial task. 4848 */ 4849 tsp = smack_cred(cred); 4850 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 4851 4852 /* 4853 * Register with LSM 4854 */ 4855 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4856 smack_enabled = 1; 4857 4858 pr_info("Smack: Initializing.\n"); 4859 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4860 pr_info("Smack: Netfilter enabled.\n"); 4861 #endif 4862 #ifdef SMACK_IPV6_PORT_LABELING 4863 pr_info("Smack: IPv6 port labeling enabled.\n"); 4864 #endif 4865 #ifdef SMACK_IPV6_SECMARK_LABELING 4866 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4867 #endif 4868 4869 /* initialize the smack_known_list */ 4870 init_smack_known_list(); 4871 4872 return 0; 4873 } 4874 4875 /* 4876 * Smack requires early initialization in order to label 4877 * all processes and objects when they are created. 4878 */ 4879 DEFINE_LSM(smack) = { 4880 .name = "smack", 4881 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 4882 .blobs = &smack_blob_sizes, 4883 .init = smack_init, 4884 }; 4885