1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include "smack.h" 46 47 #define TRANS_TRUE "TRUE" 48 #define TRANS_TRUE_SIZE 4 49 50 #define SMK_CONNECTING 0 51 #define SMK_RECEIVING 1 52 #define SMK_SENDING 2 53 54 static DEFINE_MUTEX(smack_ipv6_lock); 55 static LIST_HEAD(smk_ipv6_port_list); 56 struct kmem_cache *smack_rule_cache; 57 int smack_enabled; 58 59 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 60 static struct { 61 const char *name; 62 int len; 63 int opt; 64 } smk_mount_opts[] = { 65 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 66 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 67 }; 68 #undef A 69 70 static int match_opt_prefix(char *s, int l, char **arg) 71 { 72 int i; 73 74 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 75 size_t len = smk_mount_opts[i].len; 76 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 77 continue; 78 if (len == l || s[len] != '=') 79 continue; 80 *arg = s + len + 1; 81 return smk_mount_opts[i].opt; 82 } 83 return Opt_error; 84 } 85 86 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 87 static char *smk_bu_mess[] = { 88 "Bringup Error", /* Unused */ 89 "Bringup", /* SMACK_BRINGUP_ALLOW */ 90 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 91 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 92 }; 93 94 static void smk_bu_mode(int mode, char *s) 95 { 96 int i = 0; 97 98 if (mode & MAY_READ) 99 s[i++] = 'r'; 100 if (mode & MAY_WRITE) 101 s[i++] = 'w'; 102 if (mode & MAY_EXEC) 103 s[i++] = 'x'; 104 if (mode & MAY_APPEND) 105 s[i++] = 'a'; 106 if (mode & MAY_TRANSMUTE) 107 s[i++] = 't'; 108 if (mode & MAY_LOCK) 109 s[i++] = 'l'; 110 if (i == 0) 111 s[i++] = '-'; 112 s[i] = '\0'; 113 } 114 #endif 115 116 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 117 static int smk_bu_note(char *note, struct smack_known *sskp, 118 struct smack_known *oskp, int mode, int rc) 119 { 120 char acc[SMK_NUM_ACCESS_TYPE + 1]; 121 122 if (rc <= 0) 123 return rc; 124 if (rc > SMACK_UNCONFINED_OBJECT) 125 rc = 0; 126 127 smk_bu_mode(mode, acc); 128 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 129 sskp->smk_known, oskp->smk_known, acc, note); 130 return 0; 131 } 132 #else 133 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 134 #endif 135 136 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 137 static int smk_bu_current(char *note, struct smack_known *oskp, 138 int mode, int rc) 139 { 140 struct task_smack *tsp = smack_cred(current_cred()); 141 char acc[SMK_NUM_ACCESS_TYPE + 1]; 142 143 if (rc <= 0) 144 return rc; 145 if (rc > SMACK_UNCONFINED_OBJECT) 146 rc = 0; 147 148 smk_bu_mode(mode, acc); 149 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 150 tsp->smk_task->smk_known, oskp->smk_known, 151 acc, current->comm, note); 152 return 0; 153 } 154 #else 155 #define smk_bu_current(note, oskp, mode, RC) (RC) 156 #endif 157 158 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 159 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 160 { 161 struct task_smack *tsp = smack_cred(current_cred()); 162 struct smack_known *smk_task = smk_of_task_struct(otp); 163 char acc[SMK_NUM_ACCESS_TYPE + 1]; 164 165 if (rc <= 0) 166 return rc; 167 if (rc > SMACK_UNCONFINED_OBJECT) 168 rc = 0; 169 170 smk_bu_mode(mode, acc); 171 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 172 tsp->smk_task->smk_known, smk_task->smk_known, acc, 173 current->comm, otp->comm); 174 return 0; 175 } 176 #else 177 #define smk_bu_task(otp, mode, RC) (RC) 178 #endif 179 180 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 181 static int smk_bu_inode(struct inode *inode, int mode, int rc) 182 { 183 struct task_smack *tsp = smack_cred(current_cred()); 184 struct inode_smack *isp = smack_inode(inode); 185 char acc[SMK_NUM_ACCESS_TYPE + 1]; 186 187 if (isp->smk_flags & SMK_INODE_IMPURE) 188 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 189 inode->i_sb->s_id, inode->i_ino, current->comm); 190 191 if (rc <= 0) 192 return rc; 193 if (rc > SMACK_UNCONFINED_OBJECT) 194 rc = 0; 195 if (rc == SMACK_UNCONFINED_SUBJECT && 196 (mode & (MAY_WRITE | MAY_APPEND))) 197 isp->smk_flags |= SMK_INODE_IMPURE; 198 199 smk_bu_mode(mode, acc); 200 201 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 202 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 203 inode->i_sb->s_id, inode->i_ino, current->comm); 204 return 0; 205 } 206 #else 207 #define smk_bu_inode(inode, mode, RC) (RC) 208 #endif 209 210 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 211 static int smk_bu_file(struct file *file, int mode, int rc) 212 { 213 struct task_smack *tsp = smack_cred(current_cred()); 214 struct smack_known *sskp = tsp->smk_task; 215 struct inode *inode = file_inode(file); 216 struct inode_smack *isp = smack_inode(inode); 217 char acc[SMK_NUM_ACCESS_TYPE + 1]; 218 219 if (isp->smk_flags & SMK_INODE_IMPURE) 220 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 221 inode->i_sb->s_id, inode->i_ino, current->comm); 222 223 if (rc <= 0) 224 return rc; 225 if (rc > SMACK_UNCONFINED_OBJECT) 226 rc = 0; 227 228 smk_bu_mode(mode, acc); 229 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 230 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 231 inode->i_sb->s_id, inode->i_ino, file, 232 current->comm); 233 return 0; 234 } 235 #else 236 #define smk_bu_file(file, mode, RC) (RC) 237 #endif 238 239 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 240 static int smk_bu_credfile(const struct cred *cred, struct file *file, 241 int mode, int rc) 242 { 243 struct task_smack *tsp = smack_cred(cred); 244 struct smack_known *sskp = tsp->smk_task; 245 struct inode *inode = file_inode(file); 246 struct inode_smack *isp = smack_inode(inode); 247 char acc[SMK_NUM_ACCESS_TYPE + 1]; 248 249 if (isp->smk_flags & SMK_INODE_IMPURE) 250 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 251 inode->i_sb->s_id, inode->i_ino, current->comm); 252 253 if (rc <= 0) 254 return rc; 255 if (rc > SMACK_UNCONFINED_OBJECT) 256 rc = 0; 257 258 smk_bu_mode(mode, acc); 259 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 260 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 261 inode->i_sb->s_id, inode->i_ino, file, 262 current->comm); 263 return 0; 264 } 265 #else 266 #define smk_bu_credfile(cred, file, mode, RC) (RC) 267 #endif 268 269 /** 270 * smk_fetch - Fetch the smack label from a file. 271 * @name: type of the label (attribute) 272 * @ip: a pointer to the inode 273 * @dp: a pointer to the dentry 274 * 275 * Returns a pointer to the master list entry for the Smack label, 276 * NULL if there was no label to fetch, or an error code. 277 */ 278 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 279 struct dentry *dp) 280 { 281 int rc; 282 char *buffer; 283 struct smack_known *skp = NULL; 284 285 if (!(ip->i_opflags & IOP_XATTR)) 286 return ERR_PTR(-EOPNOTSUPP); 287 288 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 289 if (buffer == NULL) 290 return ERR_PTR(-ENOMEM); 291 292 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 293 if (rc < 0) 294 skp = ERR_PTR(rc); 295 else if (rc == 0) 296 skp = NULL; 297 else 298 skp = smk_import_entry(buffer, rc); 299 300 kfree(buffer); 301 302 return skp; 303 } 304 305 /** 306 * init_inode_smack - initialize an inode security blob 307 * @inode: inode to extract the info from 308 * @skp: a pointer to the Smack label entry to use in the blob 309 * 310 */ 311 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 312 { 313 struct inode_smack *isp = smack_inode(inode); 314 315 isp->smk_inode = skp; 316 isp->smk_flags = 0; 317 } 318 319 /** 320 * init_task_smack - initialize a task security blob 321 * @tsp: blob to initialize 322 * @task: a pointer to the Smack label for the running task 323 * @forked: a pointer to the Smack label for the forked task 324 * 325 */ 326 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 327 struct smack_known *forked) 328 { 329 tsp->smk_task = task; 330 tsp->smk_forked = forked; 331 INIT_LIST_HEAD(&tsp->smk_rules); 332 INIT_LIST_HEAD(&tsp->smk_relabel); 333 mutex_init(&tsp->smk_rules_lock); 334 } 335 336 /** 337 * smk_copy_rules - copy a rule set 338 * @nhead: new rules header pointer 339 * @ohead: old rules header pointer 340 * @gfp: type of the memory for the allocation 341 * 342 * Returns 0 on success, -ENOMEM on error 343 */ 344 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 345 gfp_t gfp) 346 { 347 struct smack_rule *nrp; 348 struct smack_rule *orp; 349 int rc = 0; 350 351 list_for_each_entry_rcu(orp, ohead, list) { 352 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 353 if (nrp == NULL) { 354 rc = -ENOMEM; 355 break; 356 } 357 *nrp = *orp; 358 list_add_rcu(&nrp->list, nhead); 359 } 360 return rc; 361 } 362 363 /** 364 * smk_copy_relabel - copy smk_relabel labels list 365 * @nhead: new rules header pointer 366 * @ohead: old rules header pointer 367 * @gfp: type of the memory for the allocation 368 * 369 * Returns 0 on success, -ENOMEM on error 370 */ 371 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 372 gfp_t gfp) 373 { 374 struct smack_known_list_elem *nklep; 375 struct smack_known_list_elem *oklep; 376 377 list_for_each_entry(oklep, ohead, list) { 378 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 379 if (nklep == NULL) { 380 smk_destroy_label_list(nhead); 381 return -ENOMEM; 382 } 383 nklep->smk_label = oklep->smk_label; 384 list_add(&nklep->list, nhead); 385 } 386 387 return 0; 388 } 389 390 /** 391 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 392 * @mode - input mode in form of PTRACE_MODE_* 393 * 394 * Returns a converted MAY_* mode usable by smack rules 395 */ 396 static inline unsigned int smk_ptrace_mode(unsigned int mode) 397 { 398 if (mode & PTRACE_MODE_ATTACH) 399 return MAY_READWRITE; 400 if (mode & PTRACE_MODE_READ) 401 return MAY_READ; 402 403 return 0; 404 } 405 406 /** 407 * smk_ptrace_rule_check - helper for ptrace access 408 * @tracer: tracer process 409 * @tracee_known: label entry of the process that's about to be traced 410 * @mode: ptrace attachment mode (PTRACE_MODE_*) 411 * @func: name of the function that called us, used for audit 412 * 413 * Returns 0 on access granted, -error on error 414 */ 415 static int smk_ptrace_rule_check(struct task_struct *tracer, 416 struct smack_known *tracee_known, 417 unsigned int mode, const char *func) 418 { 419 int rc; 420 struct smk_audit_info ad, *saip = NULL; 421 struct task_smack *tsp; 422 struct smack_known *tracer_known; 423 const struct cred *tracercred; 424 425 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 426 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 427 smk_ad_setfield_u_tsk(&ad, tracer); 428 saip = &ad; 429 } 430 431 rcu_read_lock(); 432 tracercred = __task_cred(tracer); 433 tsp = smack_cred(tracercred); 434 tracer_known = smk_of_task(tsp); 435 436 if ((mode & PTRACE_MODE_ATTACH) && 437 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 438 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 439 if (tracer_known->smk_known == tracee_known->smk_known) 440 rc = 0; 441 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 442 rc = -EACCES; 443 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 444 rc = 0; 445 else 446 rc = -EACCES; 447 448 if (saip) 449 smack_log(tracer_known->smk_known, 450 tracee_known->smk_known, 451 0, rc, saip); 452 453 rcu_read_unlock(); 454 return rc; 455 } 456 457 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 458 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 459 460 rcu_read_unlock(); 461 return rc; 462 } 463 464 /* 465 * LSM hooks. 466 * We he, that is fun! 467 */ 468 469 /** 470 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 471 * @ctp: child task pointer 472 * @mode: ptrace attachment mode (PTRACE_MODE_*) 473 * 474 * Returns 0 if access is OK, an error code otherwise 475 * 476 * Do the capability checks. 477 */ 478 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 479 { 480 struct smack_known *skp; 481 482 skp = smk_of_task_struct(ctp); 483 484 return smk_ptrace_rule_check(current, skp, mode, __func__); 485 } 486 487 /** 488 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 489 * @ptp: parent task pointer 490 * 491 * Returns 0 if access is OK, an error code otherwise 492 * 493 * Do the capability checks, and require PTRACE_MODE_ATTACH. 494 */ 495 static int smack_ptrace_traceme(struct task_struct *ptp) 496 { 497 int rc; 498 struct smack_known *skp; 499 500 skp = smk_of_task(smack_cred(current_cred())); 501 502 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 503 return rc; 504 } 505 506 /** 507 * smack_syslog - Smack approval on syslog 508 * @typefrom_file: unused 509 * 510 * Returns 0 on success, error code otherwise. 511 */ 512 static int smack_syslog(int typefrom_file) 513 { 514 int rc = 0; 515 struct smack_known *skp = smk_of_current(); 516 517 if (smack_privileged(CAP_MAC_OVERRIDE)) 518 return 0; 519 520 if (smack_syslog_label != NULL && smack_syslog_label != skp) 521 rc = -EACCES; 522 523 return rc; 524 } 525 526 /* 527 * Superblock Hooks. 528 */ 529 530 /** 531 * smack_sb_alloc_security - allocate a superblock blob 532 * @sb: the superblock getting the blob 533 * 534 * Returns 0 on success or -ENOMEM on error. 535 */ 536 static int smack_sb_alloc_security(struct super_block *sb) 537 { 538 struct superblock_smack *sbsp; 539 540 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 541 542 if (sbsp == NULL) 543 return -ENOMEM; 544 545 sbsp->smk_root = &smack_known_floor; 546 sbsp->smk_default = &smack_known_floor; 547 sbsp->smk_floor = &smack_known_floor; 548 sbsp->smk_hat = &smack_known_hat; 549 /* 550 * SMK_SB_INITIALIZED will be zero from kzalloc. 551 */ 552 sb->s_security = sbsp; 553 554 return 0; 555 } 556 557 /** 558 * smack_sb_free_security - free a superblock blob 559 * @sb: the superblock getting the blob 560 * 561 */ 562 static void smack_sb_free_security(struct super_block *sb) 563 { 564 kfree(sb->s_security); 565 sb->s_security = NULL; 566 } 567 568 struct smack_mnt_opts { 569 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; 570 }; 571 572 static void smack_free_mnt_opts(void *mnt_opts) 573 { 574 struct smack_mnt_opts *opts = mnt_opts; 575 kfree(opts->fsdefault); 576 kfree(opts->fsfloor); 577 kfree(opts->fshat); 578 kfree(opts->fsroot); 579 kfree(opts->fstransmute); 580 kfree(opts); 581 } 582 583 static int smack_add_opt(int token, const char *s, void **mnt_opts) 584 { 585 struct smack_mnt_opts *opts = *mnt_opts; 586 587 if (!opts) { 588 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 589 if (!opts) 590 return -ENOMEM; 591 *mnt_opts = opts; 592 } 593 if (!s) 594 return -ENOMEM; 595 596 switch (token) { 597 case Opt_fsdefault: 598 if (opts->fsdefault) 599 goto out_opt_err; 600 opts->fsdefault = s; 601 break; 602 case Opt_fsfloor: 603 if (opts->fsfloor) 604 goto out_opt_err; 605 opts->fsfloor = s; 606 break; 607 case Opt_fshat: 608 if (opts->fshat) 609 goto out_opt_err; 610 opts->fshat = s; 611 break; 612 case Opt_fsroot: 613 if (opts->fsroot) 614 goto out_opt_err; 615 opts->fsroot = s; 616 break; 617 case Opt_fstransmute: 618 if (opts->fstransmute) 619 goto out_opt_err; 620 opts->fstransmute = s; 621 break; 622 } 623 return 0; 624 625 out_opt_err: 626 pr_warn("Smack: duplicate mount options\n"); 627 return -EINVAL; 628 } 629 630 /** 631 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 632 * @fc: The new filesystem context. 633 * @src_fc: The source filesystem context being duplicated. 634 * 635 * Returns 0 on success or -ENOMEM on error. 636 */ 637 static int smack_fs_context_dup(struct fs_context *fc, 638 struct fs_context *src_fc) 639 { 640 struct smack_mnt_opts *dst, *src = src_fc->security; 641 642 if (!src) 643 return 0; 644 645 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 646 if (!fc->security) 647 return -ENOMEM; 648 dst = fc->security; 649 650 if (src->fsdefault) { 651 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); 652 if (!dst->fsdefault) 653 return -ENOMEM; 654 } 655 if (src->fsfloor) { 656 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL); 657 if (!dst->fsfloor) 658 return -ENOMEM; 659 } 660 if (src->fshat) { 661 dst->fshat = kstrdup(src->fshat, GFP_KERNEL); 662 if (!dst->fshat) 663 return -ENOMEM; 664 } 665 if (src->fsroot) { 666 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL); 667 if (!dst->fsroot) 668 return -ENOMEM; 669 } 670 if (src->fstransmute) { 671 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL); 672 if (!dst->fstransmute) 673 return -ENOMEM; 674 } 675 return 0; 676 } 677 678 static const struct fs_parameter_spec smack_fs_parameters[] = { 679 fsparam_string("smackfsdef", Opt_fsdefault), 680 fsparam_string("smackfsdefault", Opt_fsdefault), 681 fsparam_string("smackfsfloor", Opt_fsfloor), 682 fsparam_string("smackfshat", Opt_fshat), 683 fsparam_string("smackfsroot", Opt_fsroot), 684 fsparam_string("smackfstransmute", Opt_fstransmute), 685 {} 686 }; 687 688 /** 689 * smack_fs_context_parse_param - Parse a single mount parameter 690 * @fc: The new filesystem context being constructed. 691 * @param: The parameter. 692 * 693 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 694 * error. 695 */ 696 static int smack_fs_context_parse_param(struct fs_context *fc, 697 struct fs_parameter *param) 698 { 699 struct fs_parse_result result; 700 int opt, rc; 701 702 opt = fs_parse(fc, smack_fs_parameters, param, &result); 703 if (opt < 0) 704 return opt; 705 706 rc = smack_add_opt(opt, param->string, &fc->security); 707 if (!rc) 708 param->string = NULL; 709 return rc; 710 } 711 712 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 713 { 714 char *from = options, *to = options; 715 bool first = true; 716 717 while (1) { 718 char *next = strchr(from, ','); 719 int token, len, rc; 720 char *arg = NULL; 721 722 if (next) 723 len = next - from; 724 else 725 len = strlen(from); 726 727 token = match_opt_prefix(from, len, &arg); 728 if (token != Opt_error) { 729 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 730 rc = smack_add_opt(token, arg, mnt_opts); 731 if (unlikely(rc)) { 732 kfree(arg); 733 if (*mnt_opts) 734 smack_free_mnt_opts(*mnt_opts); 735 *mnt_opts = NULL; 736 return rc; 737 } 738 } else { 739 if (!first) { // copy with preceding comma 740 from--; 741 len++; 742 } 743 if (to != from) 744 memmove(to, from, len); 745 to += len; 746 first = false; 747 } 748 if (!from[len]) 749 break; 750 from += len + 1; 751 } 752 *to = '\0'; 753 return 0; 754 } 755 756 /** 757 * smack_set_mnt_opts - set Smack specific mount options 758 * @sb: the file system superblock 759 * @mnt_opts: Smack mount options 760 * @kern_flags: mount option from kernel space or user space 761 * @set_kern_flags: where to store converted mount opts 762 * 763 * Returns 0 on success, an error code on failure 764 * 765 * Allow filesystems with binary mount data to explicitly set Smack mount 766 * labels. 767 */ 768 static int smack_set_mnt_opts(struct super_block *sb, 769 void *mnt_opts, 770 unsigned long kern_flags, 771 unsigned long *set_kern_flags) 772 { 773 struct dentry *root = sb->s_root; 774 struct inode *inode = d_backing_inode(root); 775 struct superblock_smack *sp = sb->s_security; 776 struct inode_smack *isp; 777 struct smack_known *skp; 778 struct smack_mnt_opts *opts = mnt_opts; 779 bool transmute = false; 780 781 if (sp->smk_flags & SMK_SB_INITIALIZED) 782 return 0; 783 784 if (inode->i_security == NULL) { 785 int rc = lsm_inode_alloc(inode); 786 787 if (rc) 788 return rc; 789 } 790 791 if (!smack_privileged(CAP_MAC_ADMIN)) { 792 /* 793 * Unprivileged mounts don't get to specify Smack values. 794 */ 795 if (opts) 796 return -EPERM; 797 /* 798 * Unprivileged mounts get root and default from the caller. 799 */ 800 skp = smk_of_current(); 801 sp->smk_root = skp; 802 sp->smk_default = skp; 803 /* 804 * For a handful of fs types with no user-controlled 805 * backing store it's okay to trust security labels 806 * in the filesystem. The rest are untrusted. 807 */ 808 if (sb->s_user_ns != &init_user_ns && 809 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 810 sb->s_magic != RAMFS_MAGIC) { 811 transmute = true; 812 sp->smk_flags |= SMK_SB_UNTRUSTED; 813 } 814 } 815 816 sp->smk_flags |= SMK_SB_INITIALIZED; 817 818 if (opts) { 819 if (opts->fsdefault) { 820 skp = smk_import_entry(opts->fsdefault, 0); 821 if (IS_ERR(skp)) 822 return PTR_ERR(skp); 823 sp->smk_default = skp; 824 } 825 if (opts->fsfloor) { 826 skp = smk_import_entry(opts->fsfloor, 0); 827 if (IS_ERR(skp)) 828 return PTR_ERR(skp); 829 sp->smk_floor = skp; 830 } 831 if (opts->fshat) { 832 skp = smk_import_entry(opts->fshat, 0); 833 if (IS_ERR(skp)) 834 return PTR_ERR(skp); 835 sp->smk_hat = skp; 836 } 837 if (opts->fsroot) { 838 skp = smk_import_entry(opts->fsroot, 0); 839 if (IS_ERR(skp)) 840 return PTR_ERR(skp); 841 sp->smk_root = skp; 842 } 843 if (opts->fstransmute) { 844 skp = smk_import_entry(opts->fstransmute, 0); 845 if (IS_ERR(skp)) 846 return PTR_ERR(skp); 847 sp->smk_root = skp; 848 transmute = true; 849 } 850 } 851 852 /* 853 * Initialize the root inode. 854 */ 855 init_inode_smack(inode, sp->smk_root); 856 857 if (transmute) { 858 isp = smack_inode(inode); 859 isp->smk_flags |= SMK_INODE_TRANSMUTE; 860 } 861 862 return 0; 863 } 864 865 /** 866 * smack_sb_statfs - Smack check on statfs 867 * @dentry: identifies the file system in question 868 * 869 * Returns 0 if current can read the floor of the filesystem, 870 * and error code otherwise 871 */ 872 static int smack_sb_statfs(struct dentry *dentry) 873 { 874 struct superblock_smack *sbp = dentry->d_sb->s_security; 875 int rc; 876 struct smk_audit_info ad; 877 878 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 879 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 880 881 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 882 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 883 return rc; 884 } 885 886 /* 887 * BPRM hooks 888 */ 889 890 /** 891 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 892 * @bprm: the exec information 893 * 894 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 895 */ 896 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 897 { 898 struct inode *inode = file_inode(bprm->file); 899 struct task_smack *bsp = smack_cred(bprm->cred); 900 struct inode_smack *isp; 901 struct superblock_smack *sbsp; 902 int rc; 903 904 isp = smack_inode(inode); 905 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 906 return 0; 907 908 sbsp = inode->i_sb->s_security; 909 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 910 isp->smk_task != sbsp->smk_root) 911 return 0; 912 913 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 914 struct task_struct *tracer; 915 rc = 0; 916 917 rcu_read_lock(); 918 tracer = ptrace_parent(current); 919 if (likely(tracer != NULL)) 920 rc = smk_ptrace_rule_check(tracer, 921 isp->smk_task, 922 PTRACE_MODE_ATTACH, 923 __func__); 924 rcu_read_unlock(); 925 926 if (rc != 0) 927 return rc; 928 } 929 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 930 return -EPERM; 931 932 bsp->smk_task = isp->smk_task; 933 bprm->per_clear |= PER_CLEAR_ON_SETID; 934 935 /* Decide if this is a secure exec. */ 936 if (bsp->smk_task != bsp->smk_forked) 937 bprm->secureexec = 1; 938 939 return 0; 940 } 941 942 /* 943 * Inode hooks 944 */ 945 946 /** 947 * smack_inode_alloc_security - allocate an inode blob 948 * @inode: the inode in need of a blob 949 * 950 * Returns 0 951 */ 952 static int smack_inode_alloc_security(struct inode *inode) 953 { 954 struct smack_known *skp = smk_of_current(); 955 956 init_inode_smack(inode, skp); 957 return 0; 958 } 959 960 /** 961 * smack_inode_init_security - copy out the smack from an inode 962 * @inode: the newly created inode 963 * @dir: containing directory object 964 * @qstr: unused 965 * @name: where to put the attribute name 966 * @value: where to put the attribute value 967 * @len: where to put the length of the attribute 968 * 969 * Returns 0 if it all works out, -ENOMEM if there's no memory 970 */ 971 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 972 const struct qstr *qstr, const char **name, 973 void **value, size_t *len) 974 { 975 struct inode_smack *issp = smack_inode(inode); 976 struct smack_known *skp = smk_of_current(); 977 struct smack_known *isp = smk_of_inode(inode); 978 struct smack_known *dsp = smk_of_inode(dir); 979 int may; 980 981 if (name) 982 *name = XATTR_SMACK_SUFFIX; 983 984 if (value && len) { 985 rcu_read_lock(); 986 may = smk_access_entry(skp->smk_known, dsp->smk_known, 987 &skp->smk_rules); 988 rcu_read_unlock(); 989 990 /* 991 * If the access rule allows transmutation and 992 * the directory requests transmutation then 993 * by all means transmute. 994 * Mark the inode as changed. 995 */ 996 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 997 smk_inode_transmutable(dir)) { 998 isp = dsp; 999 issp->smk_flags |= SMK_INODE_CHANGED; 1000 } 1001 1002 *value = kstrdup(isp->smk_known, GFP_NOFS); 1003 if (*value == NULL) 1004 return -ENOMEM; 1005 1006 *len = strlen(isp->smk_known); 1007 } 1008 1009 return 0; 1010 } 1011 1012 /** 1013 * smack_inode_link - Smack check on link 1014 * @old_dentry: the existing object 1015 * @dir: unused 1016 * @new_dentry: the new object 1017 * 1018 * Returns 0 if access is permitted, an error code otherwise 1019 */ 1020 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1021 struct dentry *new_dentry) 1022 { 1023 struct smack_known *isp; 1024 struct smk_audit_info ad; 1025 int rc; 1026 1027 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1028 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1029 1030 isp = smk_of_inode(d_backing_inode(old_dentry)); 1031 rc = smk_curacc(isp, MAY_WRITE, &ad); 1032 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1033 1034 if (rc == 0 && d_is_positive(new_dentry)) { 1035 isp = smk_of_inode(d_backing_inode(new_dentry)); 1036 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1037 rc = smk_curacc(isp, MAY_WRITE, &ad); 1038 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1039 } 1040 1041 return rc; 1042 } 1043 1044 /** 1045 * smack_inode_unlink - Smack check on inode deletion 1046 * @dir: containing directory object 1047 * @dentry: file to unlink 1048 * 1049 * Returns 0 if current can write the containing directory 1050 * and the object, error code otherwise 1051 */ 1052 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1053 { 1054 struct inode *ip = d_backing_inode(dentry); 1055 struct smk_audit_info ad; 1056 int rc; 1057 1058 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1059 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1060 1061 /* 1062 * You need write access to the thing you're unlinking 1063 */ 1064 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1065 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1066 if (rc == 0) { 1067 /* 1068 * You also need write access to the containing directory 1069 */ 1070 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1071 smk_ad_setfield_u_fs_inode(&ad, dir); 1072 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1073 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1074 } 1075 return rc; 1076 } 1077 1078 /** 1079 * smack_inode_rmdir - Smack check on directory deletion 1080 * @dir: containing directory object 1081 * @dentry: directory to unlink 1082 * 1083 * Returns 0 if current can write the containing directory 1084 * and the directory, error code otherwise 1085 */ 1086 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1087 { 1088 struct smk_audit_info ad; 1089 int rc; 1090 1091 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1092 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1093 1094 /* 1095 * You need write access to the thing you're removing 1096 */ 1097 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1098 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1099 if (rc == 0) { 1100 /* 1101 * You also need write access to the containing directory 1102 */ 1103 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1104 smk_ad_setfield_u_fs_inode(&ad, dir); 1105 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1106 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1107 } 1108 1109 return rc; 1110 } 1111 1112 /** 1113 * smack_inode_rename - Smack check on rename 1114 * @old_inode: unused 1115 * @old_dentry: the old object 1116 * @new_inode: unused 1117 * @new_dentry: the new object 1118 * 1119 * Read and write access is required on both the old and 1120 * new directories. 1121 * 1122 * Returns 0 if access is permitted, an error code otherwise 1123 */ 1124 static int smack_inode_rename(struct inode *old_inode, 1125 struct dentry *old_dentry, 1126 struct inode *new_inode, 1127 struct dentry *new_dentry) 1128 { 1129 int rc; 1130 struct smack_known *isp; 1131 struct smk_audit_info ad; 1132 1133 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1134 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1135 1136 isp = smk_of_inode(d_backing_inode(old_dentry)); 1137 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1138 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1139 1140 if (rc == 0 && d_is_positive(new_dentry)) { 1141 isp = smk_of_inode(d_backing_inode(new_dentry)); 1142 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1143 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1144 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1145 } 1146 return rc; 1147 } 1148 1149 /** 1150 * smack_inode_permission - Smack version of permission() 1151 * @inode: the inode in question 1152 * @mask: the access requested 1153 * 1154 * This is the important Smack hook. 1155 * 1156 * Returns 0 if access is permitted, an error code otherwise 1157 */ 1158 static int smack_inode_permission(struct inode *inode, int mask) 1159 { 1160 struct superblock_smack *sbsp = inode->i_sb->s_security; 1161 struct smk_audit_info ad; 1162 int no_block = mask & MAY_NOT_BLOCK; 1163 int rc; 1164 1165 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1166 /* 1167 * No permission to check. Existence test. Yup, it's there. 1168 */ 1169 if (mask == 0) 1170 return 0; 1171 1172 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1173 if (smk_of_inode(inode) != sbsp->smk_root) 1174 return -EACCES; 1175 } 1176 1177 /* May be droppable after audit */ 1178 if (no_block) 1179 return -ECHILD; 1180 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1181 smk_ad_setfield_u_fs_inode(&ad, inode); 1182 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1183 rc = smk_bu_inode(inode, mask, rc); 1184 return rc; 1185 } 1186 1187 /** 1188 * smack_inode_setattr - Smack check for setting attributes 1189 * @dentry: the object 1190 * @iattr: for the force flag 1191 * 1192 * Returns 0 if access is permitted, an error code otherwise 1193 */ 1194 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1195 { 1196 struct smk_audit_info ad; 1197 int rc; 1198 1199 /* 1200 * Need to allow for clearing the setuid bit. 1201 */ 1202 if (iattr->ia_valid & ATTR_FORCE) 1203 return 0; 1204 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1205 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1206 1207 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1208 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1209 return rc; 1210 } 1211 1212 /** 1213 * smack_inode_getattr - Smack check for getting attributes 1214 * @path: path to extract the info from 1215 * 1216 * Returns 0 if access is permitted, an error code otherwise 1217 */ 1218 static int smack_inode_getattr(const struct path *path) 1219 { 1220 struct smk_audit_info ad; 1221 struct inode *inode = d_backing_inode(path->dentry); 1222 int rc; 1223 1224 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1225 smk_ad_setfield_u_fs_path(&ad, *path); 1226 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1227 rc = smk_bu_inode(inode, MAY_READ, rc); 1228 return rc; 1229 } 1230 1231 /** 1232 * smack_inode_setxattr - Smack check for setting xattrs 1233 * @dentry: the object 1234 * @name: name of the attribute 1235 * @value: value of the attribute 1236 * @size: size of the value 1237 * @flags: unused 1238 * 1239 * This protects the Smack attribute explicitly. 1240 * 1241 * Returns 0 if access is permitted, an error code otherwise 1242 */ 1243 static int smack_inode_setxattr(struct user_namespace *mnt_userns, 1244 struct dentry *dentry, const char *name, 1245 const void *value, size_t size, int flags) 1246 { 1247 struct smk_audit_info ad; 1248 struct smack_known *skp; 1249 int check_priv = 0; 1250 int check_import = 0; 1251 int check_star = 0; 1252 int rc = 0; 1253 1254 /* 1255 * Check label validity here so import won't fail in post_setxattr 1256 */ 1257 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1258 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1259 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1260 check_priv = 1; 1261 check_import = 1; 1262 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1263 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1264 check_priv = 1; 1265 check_import = 1; 1266 check_star = 1; 1267 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1268 check_priv = 1; 1269 if (size != TRANS_TRUE_SIZE || 1270 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1271 rc = -EINVAL; 1272 } else 1273 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1274 1275 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1276 rc = -EPERM; 1277 1278 if (rc == 0 && check_import) { 1279 skp = size ? smk_import_entry(value, size) : NULL; 1280 if (IS_ERR(skp)) 1281 rc = PTR_ERR(skp); 1282 else if (skp == NULL || (check_star && 1283 (skp == &smack_known_star || skp == &smack_known_web))) 1284 rc = -EINVAL; 1285 } 1286 1287 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1288 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1289 1290 if (rc == 0) { 1291 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1292 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1293 } 1294 1295 return rc; 1296 } 1297 1298 /** 1299 * smack_inode_post_setxattr - Apply the Smack update approved above 1300 * @dentry: object 1301 * @name: attribute name 1302 * @value: attribute value 1303 * @size: attribute size 1304 * @flags: unused 1305 * 1306 * Set the pointer in the inode blob to the entry found 1307 * in the master label list. 1308 */ 1309 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1310 const void *value, size_t size, int flags) 1311 { 1312 struct smack_known *skp; 1313 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1314 1315 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1316 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1317 return; 1318 } 1319 1320 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1321 skp = smk_import_entry(value, size); 1322 if (!IS_ERR(skp)) 1323 isp->smk_inode = skp; 1324 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1325 skp = smk_import_entry(value, size); 1326 if (!IS_ERR(skp)) 1327 isp->smk_task = skp; 1328 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1329 skp = smk_import_entry(value, size); 1330 if (!IS_ERR(skp)) 1331 isp->smk_mmap = skp; 1332 } 1333 1334 return; 1335 } 1336 1337 /** 1338 * smack_inode_getxattr - Smack check on getxattr 1339 * @dentry: the object 1340 * @name: unused 1341 * 1342 * Returns 0 if access is permitted, an error code otherwise 1343 */ 1344 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1345 { 1346 struct smk_audit_info ad; 1347 int rc; 1348 1349 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1350 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1351 1352 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1353 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1354 return rc; 1355 } 1356 1357 /** 1358 * smack_inode_removexattr - Smack check on removexattr 1359 * @dentry: the object 1360 * @name: name of the attribute 1361 * 1362 * Removing the Smack attribute requires CAP_MAC_ADMIN 1363 * 1364 * Returns 0 if access is permitted, an error code otherwise 1365 */ 1366 static int smack_inode_removexattr(struct user_namespace *mnt_userns, 1367 struct dentry *dentry, const char *name) 1368 { 1369 struct inode_smack *isp; 1370 struct smk_audit_info ad; 1371 int rc = 0; 1372 1373 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1374 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1375 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1376 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1377 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1378 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1379 if (!smack_privileged(CAP_MAC_ADMIN)) 1380 rc = -EPERM; 1381 } else 1382 rc = cap_inode_removexattr(mnt_userns, dentry, name); 1383 1384 if (rc != 0) 1385 return rc; 1386 1387 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1388 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1389 1390 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1391 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1392 if (rc != 0) 1393 return rc; 1394 1395 isp = smack_inode(d_backing_inode(dentry)); 1396 /* 1397 * Don't do anything special for these. 1398 * XATTR_NAME_SMACKIPIN 1399 * XATTR_NAME_SMACKIPOUT 1400 */ 1401 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1402 struct super_block *sbp = dentry->d_sb; 1403 struct superblock_smack *sbsp = sbp->s_security; 1404 1405 isp->smk_inode = sbsp->smk_default; 1406 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1407 isp->smk_task = NULL; 1408 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1409 isp->smk_mmap = NULL; 1410 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1411 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1412 1413 return 0; 1414 } 1415 1416 /** 1417 * smack_inode_getsecurity - get smack xattrs 1418 * @inode: the object 1419 * @name: attribute name 1420 * @buffer: where to put the result 1421 * @alloc: duplicate memory 1422 * 1423 * Returns the size of the attribute or an error code 1424 */ 1425 static int smack_inode_getsecurity(struct user_namespace *mnt_userns, 1426 struct inode *inode, const char *name, 1427 void **buffer, bool alloc) 1428 { 1429 struct socket_smack *ssp; 1430 struct socket *sock; 1431 struct super_block *sbp; 1432 struct inode *ip = (struct inode *)inode; 1433 struct smack_known *isp; 1434 1435 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1436 isp = smk_of_inode(inode); 1437 else { 1438 /* 1439 * The rest of the Smack xattrs are only on sockets. 1440 */ 1441 sbp = ip->i_sb; 1442 if (sbp->s_magic != SOCKFS_MAGIC) 1443 return -EOPNOTSUPP; 1444 1445 sock = SOCKET_I(ip); 1446 if (sock == NULL || sock->sk == NULL) 1447 return -EOPNOTSUPP; 1448 1449 ssp = sock->sk->sk_security; 1450 1451 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1452 isp = ssp->smk_in; 1453 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1454 isp = ssp->smk_out; 1455 else 1456 return -EOPNOTSUPP; 1457 } 1458 1459 if (alloc) { 1460 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1461 if (*buffer == NULL) 1462 return -ENOMEM; 1463 } 1464 1465 return strlen(isp->smk_known); 1466 } 1467 1468 1469 /** 1470 * smack_inode_listsecurity - list the Smack attributes 1471 * @inode: the object 1472 * @buffer: where they go 1473 * @buffer_size: size of buffer 1474 */ 1475 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1476 size_t buffer_size) 1477 { 1478 int len = sizeof(XATTR_NAME_SMACK); 1479 1480 if (buffer != NULL && len <= buffer_size) 1481 memcpy(buffer, XATTR_NAME_SMACK, len); 1482 1483 return len; 1484 } 1485 1486 /** 1487 * smack_inode_getsecid - Extract inode's security id 1488 * @inode: inode to extract the info from 1489 * @secid: where result will be saved 1490 */ 1491 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1492 { 1493 struct smack_known *skp = smk_of_inode(inode); 1494 1495 *secid = skp->smk_secid; 1496 } 1497 1498 /* 1499 * File Hooks 1500 */ 1501 1502 /* 1503 * There is no smack_file_permission hook 1504 * 1505 * Should access checks be done on each read or write? 1506 * UNICOS and SELinux say yes. 1507 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1508 * 1509 * I'll say no for now. Smack does not do the frequent 1510 * label changing that SELinux does. 1511 */ 1512 1513 /** 1514 * smack_file_alloc_security - assign a file security blob 1515 * @file: the object 1516 * 1517 * The security blob for a file is a pointer to the master 1518 * label list, so no allocation is done. 1519 * 1520 * f_security is the owner security information. It 1521 * isn't used on file access checks, it's for send_sigio. 1522 * 1523 * Returns 0 1524 */ 1525 static int smack_file_alloc_security(struct file *file) 1526 { 1527 struct smack_known **blob = smack_file(file); 1528 1529 *blob = smk_of_current(); 1530 return 0; 1531 } 1532 1533 /** 1534 * smack_file_ioctl - Smack check on ioctls 1535 * @file: the object 1536 * @cmd: what to do 1537 * @arg: unused 1538 * 1539 * Relies heavily on the correct use of the ioctl command conventions. 1540 * 1541 * Returns 0 if allowed, error code otherwise 1542 */ 1543 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1544 unsigned long arg) 1545 { 1546 int rc = 0; 1547 struct smk_audit_info ad; 1548 struct inode *inode = file_inode(file); 1549 1550 if (unlikely(IS_PRIVATE(inode))) 1551 return 0; 1552 1553 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1554 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1555 1556 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1557 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1558 rc = smk_bu_file(file, MAY_WRITE, rc); 1559 } 1560 1561 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1562 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1563 rc = smk_bu_file(file, MAY_READ, rc); 1564 } 1565 1566 return rc; 1567 } 1568 1569 /** 1570 * smack_file_lock - Smack check on file locking 1571 * @file: the object 1572 * @cmd: unused 1573 * 1574 * Returns 0 if current has lock access, error code otherwise 1575 */ 1576 static int smack_file_lock(struct file *file, unsigned int cmd) 1577 { 1578 struct smk_audit_info ad; 1579 int rc; 1580 struct inode *inode = file_inode(file); 1581 1582 if (unlikely(IS_PRIVATE(inode))) 1583 return 0; 1584 1585 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1586 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1587 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1588 rc = smk_bu_file(file, MAY_LOCK, rc); 1589 return rc; 1590 } 1591 1592 /** 1593 * smack_file_fcntl - Smack check on fcntl 1594 * @file: the object 1595 * @cmd: what action to check 1596 * @arg: unused 1597 * 1598 * Generally these operations are harmless. 1599 * File locking operations present an obvious mechanism 1600 * for passing information, so they require write access. 1601 * 1602 * Returns 0 if current has access, error code otherwise 1603 */ 1604 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1605 unsigned long arg) 1606 { 1607 struct smk_audit_info ad; 1608 int rc = 0; 1609 struct inode *inode = file_inode(file); 1610 1611 if (unlikely(IS_PRIVATE(inode))) 1612 return 0; 1613 1614 switch (cmd) { 1615 case F_GETLK: 1616 break; 1617 case F_SETLK: 1618 case F_SETLKW: 1619 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1620 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1621 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1622 rc = smk_bu_file(file, MAY_LOCK, rc); 1623 break; 1624 case F_SETOWN: 1625 case F_SETSIG: 1626 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1627 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1628 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1629 rc = smk_bu_file(file, MAY_WRITE, rc); 1630 break; 1631 default: 1632 break; 1633 } 1634 1635 return rc; 1636 } 1637 1638 /** 1639 * smack_mmap_file : 1640 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1641 * if mapping anonymous memory. 1642 * @file contains the file structure for file to map (may be NULL). 1643 * @reqprot contains the protection requested by the application. 1644 * @prot contains the protection that will be applied by the kernel. 1645 * @flags contains the operational flags. 1646 * Return 0 if permission is granted. 1647 */ 1648 static int smack_mmap_file(struct file *file, 1649 unsigned long reqprot, unsigned long prot, 1650 unsigned long flags) 1651 { 1652 struct smack_known *skp; 1653 struct smack_known *mkp; 1654 struct smack_rule *srp; 1655 struct task_smack *tsp; 1656 struct smack_known *okp; 1657 struct inode_smack *isp; 1658 struct superblock_smack *sbsp; 1659 int may; 1660 int mmay; 1661 int tmay; 1662 int rc; 1663 1664 if (file == NULL) 1665 return 0; 1666 1667 if (unlikely(IS_PRIVATE(file_inode(file)))) 1668 return 0; 1669 1670 isp = smack_inode(file_inode(file)); 1671 if (isp->smk_mmap == NULL) 1672 return 0; 1673 sbsp = file_inode(file)->i_sb->s_security; 1674 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1675 isp->smk_mmap != sbsp->smk_root) 1676 return -EACCES; 1677 mkp = isp->smk_mmap; 1678 1679 tsp = smack_cred(current_cred()); 1680 skp = smk_of_current(); 1681 rc = 0; 1682 1683 rcu_read_lock(); 1684 /* 1685 * For each Smack rule associated with the subject 1686 * label verify that the SMACK64MMAP also has access 1687 * to that rule's object label. 1688 */ 1689 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1690 okp = srp->smk_object; 1691 /* 1692 * Matching labels always allows access. 1693 */ 1694 if (mkp->smk_known == okp->smk_known) 1695 continue; 1696 /* 1697 * If there is a matching local rule take 1698 * that into account as well. 1699 */ 1700 may = smk_access_entry(srp->smk_subject->smk_known, 1701 okp->smk_known, 1702 &tsp->smk_rules); 1703 if (may == -ENOENT) 1704 may = srp->smk_access; 1705 else 1706 may &= srp->smk_access; 1707 /* 1708 * If may is zero the SMACK64MMAP subject can't 1709 * possibly have less access. 1710 */ 1711 if (may == 0) 1712 continue; 1713 1714 /* 1715 * Fetch the global list entry. 1716 * If there isn't one a SMACK64MMAP subject 1717 * can't have as much access as current. 1718 */ 1719 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1720 &mkp->smk_rules); 1721 if (mmay == -ENOENT) { 1722 rc = -EACCES; 1723 break; 1724 } 1725 /* 1726 * If there is a local entry it modifies the 1727 * potential access, too. 1728 */ 1729 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1730 &tsp->smk_rules); 1731 if (tmay != -ENOENT) 1732 mmay &= tmay; 1733 1734 /* 1735 * If there is any access available to current that is 1736 * not available to a SMACK64MMAP subject 1737 * deny access. 1738 */ 1739 if ((may | mmay) != mmay) { 1740 rc = -EACCES; 1741 break; 1742 } 1743 } 1744 1745 rcu_read_unlock(); 1746 1747 return rc; 1748 } 1749 1750 /** 1751 * smack_file_set_fowner - set the file security blob value 1752 * @file: object in question 1753 * 1754 */ 1755 static void smack_file_set_fowner(struct file *file) 1756 { 1757 struct smack_known **blob = smack_file(file); 1758 1759 *blob = smk_of_current(); 1760 } 1761 1762 /** 1763 * smack_file_send_sigiotask - Smack on sigio 1764 * @tsk: The target task 1765 * @fown: the object the signal come from 1766 * @signum: unused 1767 * 1768 * Allow a privileged task to get signals even if it shouldn't 1769 * 1770 * Returns 0 if a subject with the object's smack could 1771 * write to the task, an error code otherwise. 1772 */ 1773 static int smack_file_send_sigiotask(struct task_struct *tsk, 1774 struct fown_struct *fown, int signum) 1775 { 1776 struct smack_known **blob; 1777 struct smack_known *skp; 1778 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1779 const struct cred *tcred; 1780 struct file *file; 1781 int rc; 1782 struct smk_audit_info ad; 1783 1784 /* 1785 * struct fown_struct is never outside the context of a struct file 1786 */ 1787 file = container_of(fown, struct file, f_owner); 1788 1789 /* we don't log here as rc can be overriden */ 1790 blob = smack_file(file); 1791 skp = *blob; 1792 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1793 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1794 1795 rcu_read_lock(); 1796 tcred = __task_cred(tsk); 1797 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1798 rc = 0; 1799 rcu_read_unlock(); 1800 1801 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1802 smk_ad_setfield_u_tsk(&ad, tsk); 1803 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1804 return rc; 1805 } 1806 1807 /** 1808 * smack_file_receive - Smack file receive check 1809 * @file: the object 1810 * 1811 * Returns 0 if current has access, error code otherwise 1812 */ 1813 static int smack_file_receive(struct file *file) 1814 { 1815 int rc; 1816 int may = 0; 1817 struct smk_audit_info ad; 1818 struct inode *inode = file_inode(file); 1819 struct socket *sock; 1820 struct task_smack *tsp; 1821 struct socket_smack *ssp; 1822 1823 if (unlikely(IS_PRIVATE(inode))) 1824 return 0; 1825 1826 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1827 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1828 1829 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1830 sock = SOCKET_I(inode); 1831 ssp = sock->sk->sk_security; 1832 tsp = smack_cred(current_cred()); 1833 /* 1834 * If the receiving process can't write to the 1835 * passed socket or if the passed socket can't 1836 * write to the receiving process don't accept 1837 * the passed socket. 1838 */ 1839 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1840 rc = smk_bu_file(file, may, rc); 1841 if (rc < 0) 1842 return rc; 1843 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1844 rc = smk_bu_file(file, may, rc); 1845 return rc; 1846 } 1847 /* 1848 * This code relies on bitmasks. 1849 */ 1850 if (file->f_mode & FMODE_READ) 1851 may = MAY_READ; 1852 if (file->f_mode & FMODE_WRITE) 1853 may |= MAY_WRITE; 1854 1855 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1856 rc = smk_bu_file(file, may, rc); 1857 return rc; 1858 } 1859 1860 /** 1861 * smack_file_open - Smack dentry open processing 1862 * @file: the object 1863 * 1864 * Set the security blob in the file structure. 1865 * Allow the open only if the task has read access. There are 1866 * many read operations (e.g. fstat) that you can do with an 1867 * fd even if you have the file open write-only. 1868 * 1869 * Returns 0 if current has access, error code otherwise 1870 */ 1871 static int smack_file_open(struct file *file) 1872 { 1873 struct task_smack *tsp = smack_cred(file->f_cred); 1874 struct inode *inode = file_inode(file); 1875 struct smk_audit_info ad; 1876 int rc; 1877 1878 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1879 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1880 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1881 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1882 1883 return rc; 1884 } 1885 1886 /* 1887 * Task hooks 1888 */ 1889 1890 /** 1891 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1892 * @cred: the new credentials 1893 * @gfp: the atomicity of any memory allocations 1894 * 1895 * Prepare a blank set of credentials for modification. This must allocate all 1896 * the memory the LSM module might require such that cred_transfer() can 1897 * complete without error. 1898 */ 1899 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1900 { 1901 init_task_smack(smack_cred(cred), NULL, NULL); 1902 return 0; 1903 } 1904 1905 1906 /** 1907 * smack_cred_free - "free" task-level security credentials 1908 * @cred: the credentials in question 1909 * 1910 */ 1911 static void smack_cred_free(struct cred *cred) 1912 { 1913 struct task_smack *tsp = smack_cred(cred); 1914 struct smack_rule *rp; 1915 struct list_head *l; 1916 struct list_head *n; 1917 1918 smk_destroy_label_list(&tsp->smk_relabel); 1919 1920 list_for_each_safe(l, n, &tsp->smk_rules) { 1921 rp = list_entry(l, struct smack_rule, list); 1922 list_del(&rp->list); 1923 kmem_cache_free(smack_rule_cache, rp); 1924 } 1925 } 1926 1927 /** 1928 * smack_cred_prepare - prepare new set of credentials for modification 1929 * @new: the new credentials 1930 * @old: the original credentials 1931 * @gfp: the atomicity of any memory allocations 1932 * 1933 * Prepare a new set of credentials for modification. 1934 */ 1935 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1936 gfp_t gfp) 1937 { 1938 struct task_smack *old_tsp = smack_cred(old); 1939 struct task_smack *new_tsp = smack_cred(new); 1940 int rc; 1941 1942 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1943 1944 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1945 if (rc != 0) 1946 return rc; 1947 1948 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1949 gfp); 1950 return rc; 1951 } 1952 1953 /** 1954 * smack_cred_transfer - Transfer the old credentials to the new credentials 1955 * @new: the new credentials 1956 * @old: the original credentials 1957 * 1958 * Fill in a set of blank credentials from another set of credentials. 1959 */ 1960 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1961 { 1962 struct task_smack *old_tsp = smack_cred(old); 1963 struct task_smack *new_tsp = smack_cred(new); 1964 1965 new_tsp->smk_task = old_tsp->smk_task; 1966 new_tsp->smk_forked = old_tsp->smk_task; 1967 mutex_init(&new_tsp->smk_rules_lock); 1968 INIT_LIST_HEAD(&new_tsp->smk_rules); 1969 1970 /* cbs copy rule list */ 1971 } 1972 1973 /** 1974 * smack_cred_getsecid - get the secid corresponding to a creds structure 1975 * @cred: the object creds 1976 * @secid: where to put the result 1977 * 1978 * Sets the secid to contain a u32 version of the smack label. 1979 */ 1980 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 1981 { 1982 struct smack_known *skp; 1983 1984 rcu_read_lock(); 1985 skp = smk_of_task(smack_cred(cred)); 1986 *secid = skp->smk_secid; 1987 rcu_read_unlock(); 1988 } 1989 1990 /** 1991 * smack_kernel_act_as - Set the subjective context in a set of credentials 1992 * @new: points to the set of credentials to be modified. 1993 * @secid: specifies the security ID to be set 1994 * 1995 * Set the security data for a kernel service. 1996 */ 1997 static int smack_kernel_act_as(struct cred *new, u32 secid) 1998 { 1999 struct task_smack *new_tsp = smack_cred(new); 2000 2001 new_tsp->smk_task = smack_from_secid(secid); 2002 return 0; 2003 } 2004 2005 /** 2006 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2007 * @new: points to the set of credentials to be modified 2008 * @inode: points to the inode to use as a reference 2009 * 2010 * Set the file creation context in a set of credentials to the same 2011 * as the objective context of the specified inode 2012 */ 2013 static int smack_kernel_create_files_as(struct cred *new, 2014 struct inode *inode) 2015 { 2016 struct inode_smack *isp = smack_inode(inode); 2017 struct task_smack *tsp = smack_cred(new); 2018 2019 tsp->smk_forked = isp->smk_inode; 2020 tsp->smk_task = tsp->smk_forked; 2021 return 0; 2022 } 2023 2024 /** 2025 * smk_curacc_on_task - helper to log task related access 2026 * @p: the task object 2027 * @access: the access requested 2028 * @caller: name of the calling function for audit 2029 * 2030 * Return 0 if access is permitted 2031 */ 2032 static int smk_curacc_on_task(struct task_struct *p, int access, 2033 const char *caller) 2034 { 2035 struct smk_audit_info ad; 2036 struct smack_known *skp = smk_of_task_struct(p); 2037 int rc; 2038 2039 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2040 smk_ad_setfield_u_tsk(&ad, p); 2041 rc = smk_curacc(skp, access, &ad); 2042 rc = smk_bu_task(p, access, rc); 2043 return rc; 2044 } 2045 2046 /** 2047 * smack_task_setpgid - Smack check on setting pgid 2048 * @p: the task object 2049 * @pgid: unused 2050 * 2051 * Return 0 if write access is permitted 2052 */ 2053 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2054 { 2055 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2056 } 2057 2058 /** 2059 * smack_task_getpgid - Smack access check for getpgid 2060 * @p: the object task 2061 * 2062 * Returns 0 if current can read the object task, error code otherwise 2063 */ 2064 static int smack_task_getpgid(struct task_struct *p) 2065 { 2066 return smk_curacc_on_task(p, MAY_READ, __func__); 2067 } 2068 2069 /** 2070 * smack_task_getsid - Smack access check for getsid 2071 * @p: the object task 2072 * 2073 * Returns 0 if current can read the object task, error code otherwise 2074 */ 2075 static int smack_task_getsid(struct task_struct *p) 2076 { 2077 return smk_curacc_on_task(p, MAY_READ, __func__); 2078 } 2079 2080 /** 2081 * smack_task_getsecid - get the secid of the task 2082 * @p: the object task 2083 * @secid: where to put the result 2084 * 2085 * Sets the secid to contain a u32 version of the smack label. 2086 */ 2087 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 2088 { 2089 struct smack_known *skp = smk_of_task_struct(p); 2090 2091 *secid = skp->smk_secid; 2092 } 2093 2094 /** 2095 * smack_task_setnice - Smack check on setting nice 2096 * @p: the task object 2097 * @nice: unused 2098 * 2099 * Return 0 if write access is permitted 2100 */ 2101 static int smack_task_setnice(struct task_struct *p, int nice) 2102 { 2103 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2104 } 2105 2106 /** 2107 * smack_task_setioprio - Smack check on setting ioprio 2108 * @p: the task object 2109 * @ioprio: unused 2110 * 2111 * Return 0 if write access is permitted 2112 */ 2113 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2114 { 2115 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2116 } 2117 2118 /** 2119 * smack_task_getioprio - Smack check on reading ioprio 2120 * @p: the task object 2121 * 2122 * Return 0 if read access is permitted 2123 */ 2124 static int smack_task_getioprio(struct task_struct *p) 2125 { 2126 return smk_curacc_on_task(p, MAY_READ, __func__); 2127 } 2128 2129 /** 2130 * smack_task_setscheduler - Smack check on setting scheduler 2131 * @p: the task object 2132 * 2133 * Return 0 if read access is permitted 2134 */ 2135 static int smack_task_setscheduler(struct task_struct *p) 2136 { 2137 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2138 } 2139 2140 /** 2141 * smack_task_getscheduler - Smack check on reading scheduler 2142 * @p: the task object 2143 * 2144 * Return 0 if read access is permitted 2145 */ 2146 static int smack_task_getscheduler(struct task_struct *p) 2147 { 2148 return smk_curacc_on_task(p, MAY_READ, __func__); 2149 } 2150 2151 /** 2152 * smack_task_movememory - Smack check on moving memory 2153 * @p: the task object 2154 * 2155 * Return 0 if write access is permitted 2156 */ 2157 static int smack_task_movememory(struct task_struct *p) 2158 { 2159 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2160 } 2161 2162 /** 2163 * smack_task_kill - Smack check on signal delivery 2164 * @p: the task object 2165 * @info: unused 2166 * @sig: unused 2167 * @cred: identifies the cred to use in lieu of current's 2168 * 2169 * Return 0 if write access is permitted 2170 * 2171 */ 2172 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2173 int sig, const struct cred *cred) 2174 { 2175 struct smk_audit_info ad; 2176 struct smack_known *skp; 2177 struct smack_known *tkp = smk_of_task_struct(p); 2178 int rc; 2179 2180 if (!sig) 2181 return 0; /* null signal; existence test */ 2182 2183 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2184 smk_ad_setfield_u_tsk(&ad, p); 2185 /* 2186 * Sending a signal requires that the sender 2187 * can write the receiver. 2188 */ 2189 if (cred == NULL) { 2190 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2191 rc = smk_bu_task(p, MAY_DELIVER, rc); 2192 return rc; 2193 } 2194 /* 2195 * If the cred isn't NULL we're dealing with some USB IO 2196 * specific behavior. This is not clean. For one thing 2197 * we can't take privilege into account. 2198 */ 2199 skp = smk_of_task(smack_cred(cred)); 2200 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2201 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2202 return rc; 2203 } 2204 2205 /** 2206 * smack_task_to_inode - copy task smack into the inode blob 2207 * @p: task to copy from 2208 * @inode: inode to copy to 2209 * 2210 * Sets the smack pointer in the inode security blob 2211 */ 2212 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2213 { 2214 struct inode_smack *isp = smack_inode(inode); 2215 struct smack_known *skp = smk_of_task_struct(p); 2216 2217 isp->smk_inode = skp; 2218 isp->smk_flags |= SMK_INODE_INSTANT; 2219 } 2220 2221 /* 2222 * Socket hooks. 2223 */ 2224 2225 /** 2226 * smack_sk_alloc_security - Allocate a socket blob 2227 * @sk: the socket 2228 * @family: unused 2229 * @gfp_flags: memory allocation flags 2230 * 2231 * Assign Smack pointers to current 2232 * 2233 * Returns 0 on success, -ENOMEM is there's no memory 2234 */ 2235 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2236 { 2237 struct smack_known *skp = smk_of_current(); 2238 struct socket_smack *ssp; 2239 2240 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2241 if (ssp == NULL) 2242 return -ENOMEM; 2243 2244 /* 2245 * Sockets created by kernel threads receive web label. 2246 */ 2247 if (unlikely(current->flags & PF_KTHREAD)) { 2248 ssp->smk_in = &smack_known_web; 2249 ssp->smk_out = &smack_known_web; 2250 } else { 2251 ssp->smk_in = skp; 2252 ssp->smk_out = skp; 2253 } 2254 ssp->smk_packet = NULL; 2255 2256 sk->sk_security = ssp; 2257 2258 return 0; 2259 } 2260 2261 /** 2262 * smack_sk_free_security - Free a socket blob 2263 * @sk: the socket 2264 * 2265 * Clears the blob pointer 2266 */ 2267 static void smack_sk_free_security(struct sock *sk) 2268 { 2269 #ifdef SMACK_IPV6_PORT_LABELING 2270 struct smk_port_label *spp; 2271 2272 if (sk->sk_family == PF_INET6) { 2273 rcu_read_lock(); 2274 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2275 if (spp->smk_sock != sk) 2276 continue; 2277 spp->smk_can_reuse = 1; 2278 break; 2279 } 2280 rcu_read_unlock(); 2281 } 2282 #endif 2283 kfree(sk->sk_security); 2284 } 2285 2286 /** 2287 * smack_ipv4host_label - check host based restrictions 2288 * @sip: the object end 2289 * 2290 * looks for host based access restrictions 2291 * 2292 * This version will only be appropriate for really small sets of single label 2293 * hosts. The caller is responsible for ensuring that the RCU read lock is 2294 * taken before calling this function. 2295 * 2296 * Returns the label of the far end or NULL if it's not special. 2297 */ 2298 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2299 { 2300 struct smk_net4addr *snp; 2301 struct in_addr *siap = &sip->sin_addr; 2302 2303 if (siap->s_addr == 0) 2304 return NULL; 2305 2306 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2307 /* 2308 * we break after finding the first match because 2309 * the list is sorted from longest to shortest mask 2310 * so we have found the most specific match 2311 */ 2312 if (snp->smk_host.s_addr == 2313 (siap->s_addr & snp->smk_mask.s_addr)) 2314 return snp->smk_label; 2315 2316 return NULL; 2317 } 2318 2319 /* 2320 * smk_ipv6_localhost - Check for local ipv6 host address 2321 * @sip: the address 2322 * 2323 * Returns boolean true if this is the localhost address 2324 */ 2325 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2326 { 2327 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2328 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2329 2330 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2331 ntohs(be16p[7]) == 1) 2332 return true; 2333 return false; 2334 } 2335 2336 /** 2337 * smack_ipv6host_label - check host based restrictions 2338 * @sip: the object end 2339 * 2340 * looks for host based access restrictions 2341 * 2342 * This version will only be appropriate for really small sets of single label 2343 * hosts. The caller is responsible for ensuring that the RCU read lock is 2344 * taken before calling this function. 2345 * 2346 * Returns the label of the far end or NULL if it's not special. 2347 */ 2348 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2349 { 2350 struct smk_net6addr *snp; 2351 struct in6_addr *sap = &sip->sin6_addr; 2352 int i; 2353 int found = 0; 2354 2355 /* 2356 * It's local. Don't look for a host label. 2357 */ 2358 if (smk_ipv6_localhost(sip)) 2359 return NULL; 2360 2361 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2362 /* 2363 * If the label is NULL the entry has 2364 * been renounced. Ignore it. 2365 */ 2366 if (snp->smk_label == NULL) 2367 continue; 2368 /* 2369 * we break after finding the first match because 2370 * the list is sorted from longest to shortest mask 2371 * so we have found the most specific match 2372 */ 2373 for (found = 1, i = 0; i < 8; i++) { 2374 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2375 snp->smk_host.s6_addr16[i]) { 2376 found = 0; 2377 break; 2378 } 2379 } 2380 if (found) 2381 return snp->smk_label; 2382 } 2383 2384 return NULL; 2385 } 2386 2387 /** 2388 * smack_netlbl_add - Set the secattr on a socket 2389 * @sk: the socket 2390 * 2391 * Attach the outbound smack value (smk_out) to the socket. 2392 * 2393 * Returns 0 on success or an error code 2394 */ 2395 static int smack_netlbl_add(struct sock *sk) 2396 { 2397 struct socket_smack *ssp = sk->sk_security; 2398 struct smack_known *skp = ssp->smk_out; 2399 int rc; 2400 2401 local_bh_disable(); 2402 bh_lock_sock_nested(sk); 2403 2404 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2405 switch (rc) { 2406 case 0: 2407 ssp->smk_state = SMK_NETLBL_LABELED; 2408 break; 2409 case -EDESTADDRREQ: 2410 ssp->smk_state = SMK_NETLBL_REQSKB; 2411 rc = 0; 2412 break; 2413 } 2414 2415 bh_unlock_sock(sk); 2416 local_bh_enable(); 2417 2418 return rc; 2419 } 2420 2421 /** 2422 * smack_netlbl_delete - Remove the secattr from a socket 2423 * @sk: the socket 2424 * 2425 * Remove the outbound smack value from a socket 2426 */ 2427 static void smack_netlbl_delete(struct sock *sk) 2428 { 2429 struct socket_smack *ssp = sk->sk_security; 2430 2431 /* 2432 * Take the label off the socket if one is set. 2433 */ 2434 if (ssp->smk_state != SMK_NETLBL_LABELED) 2435 return; 2436 2437 local_bh_disable(); 2438 bh_lock_sock_nested(sk); 2439 netlbl_sock_delattr(sk); 2440 bh_unlock_sock(sk); 2441 local_bh_enable(); 2442 ssp->smk_state = SMK_NETLBL_UNLABELED; 2443 } 2444 2445 /** 2446 * smk_ipv4_check - Perform IPv4 host access checks 2447 * @sk: the socket 2448 * @sap: the destination address 2449 * 2450 * Set the correct secattr for the given socket based on the destination 2451 * address and perform any outbound access checks needed. 2452 * 2453 * Returns 0 on success or an error code. 2454 * 2455 */ 2456 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2457 { 2458 struct smack_known *skp; 2459 int rc = 0; 2460 struct smack_known *hkp; 2461 struct socket_smack *ssp = sk->sk_security; 2462 struct smk_audit_info ad; 2463 2464 rcu_read_lock(); 2465 hkp = smack_ipv4host_label(sap); 2466 if (hkp != NULL) { 2467 #ifdef CONFIG_AUDIT 2468 struct lsm_network_audit net; 2469 2470 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2471 ad.a.u.net->family = sap->sin_family; 2472 ad.a.u.net->dport = sap->sin_port; 2473 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2474 #endif 2475 skp = ssp->smk_out; 2476 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2477 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2478 /* 2479 * Clear the socket netlabel if it's set. 2480 */ 2481 if (!rc) 2482 smack_netlbl_delete(sk); 2483 } 2484 rcu_read_unlock(); 2485 2486 return rc; 2487 } 2488 2489 /** 2490 * smk_ipv6_check - check Smack access 2491 * @subject: subject Smack label 2492 * @object: object Smack label 2493 * @address: address 2494 * @act: the action being taken 2495 * 2496 * Check an IPv6 access 2497 */ 2498 static int smk_ipv6_check(struct smack_known *subject, 2499 struct smack_known *object, 2500 struct sockaddr_in6 *address, int act) 2501 { 2502 #ifdef CONFIG_AUDIT 2503 struct lsm_network_audit net; 2504 #endif 2505 struct smk_audit_info ad; 2506 int rc; 2507 2508 #ifdef CONFIG_AUDIT 2509 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2510 ad.a.u.net->family = PF_INET6; 2511 ad.a.u.net->dport = ntohs(address->sin6_port); 2512 if (act == SMK_RECEIVING) 2513 ad.a.u.net->v6info.saddr = address->sin6_addr; 2514 else 2515 ad.a.u.net->v6info.daddr = address->sin6_addr; 2516 #endif 2517 rc = smk_access(subject, object, MAY_WRITE, &ad); 2518 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2519 return rc; 2520 } 2521 2522 #ifdef SMACK_IPV6_PORT_LABELING 2523 /** 2524 * smk_ipv6_port_label - Smack port access table management 2525 * @sock: socket 2526 * @address: address 2527 * 2528 * Create or update the port list entry 2529 */ 2530 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2531 { 2532 struct sock *sk = sock->sk; 2533 struct sockaddr_in6 *addr6; 2534 struct socket_smack *ssp = sock->sk->sk_security; 2535 struct smk_port_label *spp; 2536 unsigned short port = 0; 2537 2538 if (address == NULL) { 2539 /* 2540 * This operation is changing the Smack information 2541 * on the bound socket. Take the changes to the port 2542 * as well. 2543 */ 2544 rcu_read_lock(); 2545 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2546 if (sk != spp->smk_sock) 2547 continue; 2548 spp->smk_in = ssp->smk_in; 2549 spp->smk_out = ssp->smk_out; 2550 rcu_read_unlock(); 2551 return; 2552 } 2553 /* 2554 * A NULL address is only used for updating existing 2555 * bound entries. If there isn't one, it's OK. 2556 */ 2557 rcu_read_unlock(); 2558 return; 2559 } 2560 2561 addr6 = (struct sockaddr_in6 *)address; 2562 port = ntohs(addr6->sin6_port); 2563 /* 2564 * This is a special case that is safely ignored. 2565 */ 2566 if (port == 0) 2567 return; 2568 2569 /* 2570 * Look for an existing port list entry. 2571 * This is an indication that a port is getting reused. 2572 */ 2573 rcu_read_lock(); 2574 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2575 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2576 continue; 2577 if (spp->smk_can_reuse != 1) { 2578 rcu_read_unlock(); 2579 return; 2580 } 2581 spp->smk_port = port; 2582 spp->smk_sock = sk; 2583 spp->smk_in = ssp->smk_in; 2584 spp->smk_out = ssp->smk_out; 2585 spp->smk_can_reuse = 0; 2586 rcu_read_unlock(); 2587 return; 2588 } 2589 rcu_read_unlock(); 2590 /* 2591 * A new port entry is required. 2592 */ 2593 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2594 if (spp == NULL) 2595 return; 2596 2597 spp->smk_port = port; 2598 spp->smk_sock = sk; 2599 spp->smk_in = ssp->smk_in; 2600 spp->smk_out = ssp->smk_out; 2601 spp->smk_sock_type = sock->type; 2602 spp->smk_can_reuse = 0; 2603 2604 mutex_lock(&smack_ipv6_lock); 2605 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2606 mutex_unlock(&smack_ipv6_lock); 2607 return; 2608 } 2609 #endif 2610 2611 /** 2612 * smk_ipv6_port_check - check Smack port access 2613 * @sk: socket 2614 * @address: address 2615 * @act: the action being taken 2616 * 2617 * Create or update the port list entry 2618 */ 2619 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2620 int act) 2621 { 2622 struct smk_port_label *spp; 2623 struct socket_smack *ssp = sk->sk_security; 2624 struct smack_known *skp = NULL; 2625 unsigned short port; 2626 struct smack_known *object; 2627 2628 if (act == SMK_RECEIVING) { 2629 skp = smack_ipv6host_label(address); 2630 object = ssp->smk_in; 2631 } else { 2632 skp = ssp->smk_out; 2633 object = smack_ipv6host_label(address); 2634 } 2635 2636 /* 2637 * The other end is a single label host. 2638 */ 2639 if (skp != NULL && object != NULL) 2640 return smk_ipv6_check(skp, object, address, act); 2641 if (skp == NULL) 2642 skp = smack_net_ambient; 2643 if (object == NULL) 2644 object = smack_net_ambient; 2645 2646 /* 2647 * It's remote, so port lookup does no good. 2648 */ 2649 if (!smk_ipv6_localhost(address)) 2650 return smk_ipv6_check(skp, object, address, act); 2651 2652 /* 2653 * It's local so the send check has to have passed. 2654 */ 2655 if (act == SMK_RECEIVING) 2656 return 0; 2657 2658 port = ntohs(address->sin6_port); 2659 rcu_read_lock(); 2660 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2661 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2662 continue; 2663 object = spp->smk_in; 2664 if (act == SMK_CONNECTING) 2665 ssp->smk_packet = spp->smk_out; 2666 break; 2667 } 2668 rcu_read_unlock(); 2669 2670 return smk_ipv6_check(skp, object, address, act); 2671 } 2672 2673 /** 2674 * smack_inode_setsecurity - set smack xattrs 2675 * @inode: the object 2676 * @name: attribute name 2677 * @value: attribute value 2678 * @size: size of the attribute 2679 * @flags: unused 2680 * 2681 * Sets the named attribute in the appropriate blob 2682 * 2683 * Returns 0 on success, or an error code 2684 */ 2685 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2686 const void *value, size_t size, int flags) 2687 { 2688 struct smack_known *skp; 2689 struct inode_smack *nsp = smack_inode(inode); 2690 struct socket_smack *ssp; 2691 struct socket *sock; 2692 int rc = 0; 2693 2694 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2695 return -EINVAL; 2696 2697 skp = smk_import_entry(value, size); 2698 if (IS_ERR(skp)) 2699 return PTR_ERR(skp); 2700 2701 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2702 nsp->smk_inode = skp; 2703 nsp->smk_flags |= SMK_INODE_INSTANT; 2704 return 0; 2705 } 2706 /* 2707 * The rest of the Smack xattrs are only on sockets. 2708 */ 2709 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2710 return -EOPNOTSUPP; 2711 2712 sock = SOCKET_I(inode); 2713 if (sock == NULL || sock->sk == NULL) 2714 return -EOPNOTSUPP; 2715 2716 ssp = sock->sk->sk_security; 2717 2718 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2719 ssp->smk_in = skp; 2720 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2721 ssp->smk_out = skp; 2722 if (sock->sk->sk_family == PF_INET) { 2723 rc = smack_netlbl_add(sock->sk); 2724 if (rc != 0) 2725 printk(KERN_WARNING 2726 "Smack: \"%s\" netlbl error %d.\n", 2727 __func__, -rc); 2728 } 2729 } else 2730 return -EOPNOTSUPP; 2731 2732 #ifdef SMACK_IPV6_PORT_LABELING 2733 if (sock->sk->sk_family == PF_INET6) 2734 smk_ipv6_port_label(sock, NULL); 2735 #endif 2736 2737 return 0; 2738 } 2739 2740 /** 2741 * smack_socket_post_create - finish socket setup 2742 * @sock: the socket 2743 * @family: protocol family 2744 * @type: unused 2745 * @protocol: unused 2746 * @kern: unused 2747 * 2748 * Sets the netlabel information on the socket 2749 * 2750 * Returns 0 on success, and error code otherwise 2751 */ 2752 static int smack_socket_post_create(struct socket *sock, int family, 2753 int type, int protocol, int kern) 2754 { 2755 struct socket_smack *ssp; 2756 2757 if (sock->sk == NULL) 2758 return 0; 2759 2760 /* 2761 * Sockets created by kernel threads receive web label. 2762 */ 2763 if (unlikely(current->flags & PF_KTHREAD)) { 2764 ssp = sock->sk->sk_security; 2765 ssp->smk_in = &smack_known_web; 2766 ssp->smk_out = &smack_known_web; 2767 } 2768 2769 if (family != PF_INET) 2770 return 0; 2771 /* 2772 * Set the outbound netlbl. 2773 */ 2774 return smack_netlbl_add(sock->sk); 2775 } 2776 2777 /** 2778 * smack_socket_socketpair - create socket pair 2779 * @socka: one socket 2780 * @sockb: another socket 2781 * 2782 * Cross reference the peer labels for SO_PEERSEC 2783 * 2784 * Returns 0 2785 */ 2786 static int smack_socket_socketpair(struct socket *socka, 2787 struct socket *sockb) 2788 { 2789 struct socket_smack *asp = socka->sk->sk_security; 2790 struct socket_smack *bsp = sockb->sk->sk_security; 2791 2792 asp->smk_packet = bsp->smk_out; 2793 bsp->smk_packet = asp->smk_out; 2794 2795 return 0; 2796 } 2797 2798 #ifdef SMACK_IPV6_PORT_LABELING 2799 /** 2800 * smack_socket_bind - record port binding information. 2801 * @sock: the socket 2802 * @address: the port address 2803 * @addrlen: size of the address 2804 * 2805 * Records the label bound to a port. 2806 * 2807 * Returns 0 on success, and error code otherwise 2808 */ 2809 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2810 int addrlen) 2811 { 2812 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2813 if (addrlen < SIN6_LEN_RFC2133 || 2814 address->sa_family != AF_INET6) 2815 return -EINVAL; 2816 smk_ipv6_port_label(sock, address); 2817 } 2818 return 0; 2819 } 2820 #endif /* SMACK_IPV6_PORT_LABELING */ 2821 2822 /** 2823 * smack_socket_connect - connect access check 2824 * @sock: the socket 2825 * @sap: the other end 2826 * @addrlen: size of sap 2827 * 2828 * Verifies that a connection may be possible 2829 * 2830 * Returns 0 on success, and error code otherwise 2831 */ 2832 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2833 int addrlen) 2834 { 2835 int rc = 0; 2836 2837 if (sock->sk == NULL) 2838 return 0; 2839 if (sock->sk->sk_family != PF_INET && 2840 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2841 return 0; 2842 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2843 return 0; 2844 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2845 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2846 struct smack_known *rsp = NULL; 2847 2848 if (addrlen < SIN6_LEN_RFC2133) 2849 return 0; 2850 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2851 rsp = smack_ipv6host_label(sip); 2852 if (rsp != NULL) { 2853 struct socket_smack *ssp = sock->sk->sk_security; 2854 2855 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2856 SMK_CONNECTING); 2857 } 2858 if (__is_defined(SMACK_IPV6_PORT_LABELING)) 2859 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2860 2861 return rc; 2862 } 2863 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2864 return 0; 2865 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 2866 return rc; 2867 } 2868 2869 /** 2870 * smack_flags_to_may - convert S_ to MAY_ values 2871 * @flags: the S_ value 2872 * 2873 * Returns the equivalent MAY_ value 2874 */ 2875 static int smack_flags_to_may(int flags) 2876 { 2877 int may = 0; 2878 2879 if (flags & S_IRUGO) 2880 may |= MAY_READ; 2881 if (flags & S_IWUGO) 2882 may |= MAY_WRITE; 2883 if (flags & S_IXUGO) 2884 may |= MAY_EXEC; 2885 2886 return may; 2887 } 2888 2889 /** 2890 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2891 * @msg: the object 2892 * 2893 * Returns 0 2894 */ 2895 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2896 { 2897 struct smack_known **blob = smack_msg_msg(msg); 2898 2899 *blob = smk_of_current(); 2900 return 0; 2901 } 2902 2903 /** 2904 * smack_of_ipc - the smack pointer for the ipc 2905 * @isp: the object 2906 * 2907 * Returns a pointer to the smack value 2908 */ 2909 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2910 { 2911 struct smack_known **blob = smack_ipc(isp); 2912 2913 return *blob; 2914 } 2915 2916 /** 2917 * smack_ipc_alloc_security - Set the security blob for ipc 2918 * @isp: the object 2919 * 2920 * Returns 0 2921 */ 2922 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 2923 { 2924 struct smack_known **blob = smack_ipc(isp); 2925 2926 *blob = smk_of_current(); 2927 return 0; 2928 } 2929 2930 /** 2931 * smk_curacc_shm : check if current has access on shm 2932 * @isp : the object 2933 * @access : access requested 2934 * 2935 * Returns 0 if current has the requested access, error code otherwise 2936 */ 2937 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 2938 { 2939 struct smack_known *ssp = smack_of_ipc(isp); 2940 struct smk_audit_info ad; 2941 int rc; 2942 2943 #ifdef CONFIG_AUDIT 2944 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2945 ad.a.u.ipc_id = isp->id; 2946 #endif 2947 rc = smk_curacc(ssp, access, &ad); 2948 rc = smk_bu_current("shm", ssp, access, rc); 2949 return rc; 2950 } 2951 2952 /** 2953 * smack_shm_associate - Smack access check for shm 2954 * @isp: the object 2955 * @shmflg: access requested 2956 * 2957 * Returns 0 if current has the requested access, error code otherwise 2958 */ 2959 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 2960 { 2961 int may; 2962 2963 may = smack_flags_to_may(shmflg); 2964 return smk_curacc_shm(isp, may); 2965 } 2966 2967 /** 2968 * smack_shm_shmctl - Smack access check for shm 2969 * @isp: the object 2970 * @cmd: what it wants to do 2971 * 2972 * Returns 0 if current has the requested access, error code otherwise 2973 */ 2974 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 2975 { 2976 int may; 2977 2978 switch (cmd) { 2979 case IPC_STAT: 2980 case SHM_STAT: 2981 case SHM_STAT_ANY: 2982 may = MAY_READ; 2983 break; 2984 case IPC_SET: 2985 case SHM_LOCK: 2986 case SHM_UNLOCK: 2987 case IPC_RMID: 2988 may = MAY_READWRITE; 2989 break; 2990 case IPC_INFO: 2991 case SHM_INFO: 2992 /* 2993 * System level information. 2994 */ 2995 return 0; 2996 default: 2997 return -EINVAL; 2998 } 2999 return smk_curacc_shm(isp, may); 3000 } 3001 3002 /** 3003 * smack_shm_shmat - Smack access for shmat 3004 * @isp: the object 3005 * @shmaddr: unused 3006 * @shmflg: access requested 3007 * 3008 * Returns 0 if current has the requested access, error code otherwise 3009 */ 3010 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3011 int shmflg) 3012 { 3013 int may; 3014 3015 may = smack_flags_to_may(shmflg); 3016 return smk_curacc_shm(isp, may); 3017 } 3018 3019 /** 3020 * smk_curacc_sem : check if current has access on sem 3021 * @isp : the object 3022 * @access : access requested 3023 * 3024 * Returns 0 if current has the requested access, error code otherwise 3025 */ 3026 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3027 { 3028 struct smack_known *ssp = smack_of_ipc(isp); 3029 struct smk_audit_info ad; 3030 int rc; 3031 3032 #ifdef CONFIG_AUDIT 3033 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3034 ad.a.u.ipc_id = isp->id; 3035 #endif 3036 rc = smk_curacc(ssp, access, &ad); 3037 rc = smk_bu_current("sem", ssp, access, rc); 3038 return rc; 3039 } 3040 3041 /** 3042 * smack_sem_associate - Smack access check for sem 3043 * @isp: the object 3044 * @semflg: access requested 3045 * 3046 * Returns 0 if current has the requested access, error code otherwise 3047 */ 3048 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3049 { 3050 int may; 3051 3052 may = smack_flags_to_may(semflg); 3053 return smk_curacc_sem(isp, may); 3054 } 3055 3056 /** 3057 * smack_sem_shmctl - Smack access check for sem 3058 * @isp: the object 3059 * @cmd: what it wants to do 3060 * 3061 * Returns 0 if current has the requested access, error code otherwise 3062 */ 3063 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3064 { 3065 int may; 3066 3067 switch (cmd) { 3068 case GETPID: 3069 case GETNCNT: 3070 case GETZCNT: 3071 case GETVAL: 3072 case GETALL: 3073 case IPC_STAT: 3074 case SEM_STAT: 3075 case SEM_STAT_ANY: 3076 may = MAY_READ; 3077 break; 3078 case SETVAL: 3079 case SETALL: 3080 case IPC_RMID: 3081 case IPC_SET: 3082 may = MAY_READWRITE; 3083 break; 3084 case IPC_INFO: 3085 case SEM_INFO: 3086 /* 3087 * System level information 3088 */ 3089 return 0; 3090 default: 3091 return -EINVAL; 3092 } 3093 3094 return smk_curacc_sem(isp, may); 3095 } 3096 3097 /** 3098 * smack_sem_semop - Smack checks of semaphore operations 3099 * @isp: the object 3100 * @sops: unused 3101 * @nsops: unused 3102 * @alter: unused 3103 * 3104 * Treated as read and write in all cases. 3105 * 3106 * Returns 0 if access is allowed, error code otherwise 3107 */ 3108 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3109 unsigned nsops, int alter) 3110 { 3111 return smk_curacc_sem(isp, MAY_READWRITE); 3112 } 3113 3114 /** 3115 * smk_curacc_msq : helper to check if current has access on msq 3116 * @isp : the msq 3117 * @access : access requested 3118 * 3119 * return 0 if current has access, error otherwise 3120 */ 3121 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3122 { 3123 struct smack_known *msp = smack_of_ipc(isp); 3124 struct smk_audit_info ad; 3125 int rc; 3126 3127 #ifdef CONFIG_AUDIT 3128 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3129 ad.a.u.ipc_id = isp->id; 3130 #endif 3131 rc = smk_curacc(msp, access, &ad); 3132 rc = smk_bu_current("msq", msp, access, rc); 3133 return rc; 3134 } 3135 3136 /** 3137 * smack_msg_queue_associate - Smack access check for msg_queue 3138 * @isp: the object 3139 * @msqflg: access requested 3140 * 3141 * Returns 0 if current has the requested access, error code otherwise 3142 */ 3143 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3144 { 3145 int may; 3146 3147 may = smack_flags_to_may(msqflg); 3148 return smk_curacc_msq(isp, may); 3149 } 3150 3151 /** 3152 * smack_msg_queue_msgctl - Smack access check for msg_queue 3153 * @isp: the object 3154 * @cmd: what it wants to do 3155 * 3156 * Returns 0 if current has the requested access, error code otherwise 3157 */ 3158 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3159 { 3160 int may; 3161 3162 switch (cmd) { 3163 case IPC_STAT: 3164 case MSG_STAT: 3165 case MSG_STAT_ANY: 3166 may = MAY_READ; 3167 break; 3168 case IPC_SET: 3169 case IPC_RMID: 3170 may = MAY_READWRITE; 3171 break; 3172 case IPC_INFO: 3173 case MSG_INFO: 3174 /* 3175 * System level information 3176 */ 3177 return 0; 3178 default: 3179 return -EINVAL; 3180 } 3181 3182 return smk_curacc_msq(isp, may); 3183 } 3184 3185 /** 3186 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3187 * @isp: the object 3188 * @msg: unused 3189 * @msqflg: access requested 3190 * 3191 * Returns 0 if current has the requested access, error code otherwise 3192 */ 3193 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3194 int msqflg) 3195 { 3196 int may; 3197 3198 may = smack_flags_to_may(msqflg); 3199 return smk_curacc_msq(isp, may); 3200 } 3201 3202 /** 3203 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3204 * @isp: the object 3205 * @msg: unused 3206 * @target: unused 3207 * @type: unused 3208 * @mode: unused 3209 * 3210 * Returns 0 if current has read and write access, error code otherwise 3211 */ 3212 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg, 3213 struct task_struct *target, long type, int mode) 3214 { 3215 return smk_curacc_msq(isp, MAY_READWRITE); 3216 } 3217 3218 /** 3219 * smack_ipc_permission - Smack access for ipc_permission() 3220 * @ipp: the object permissions 3221 * @flag: access requested 3222 * 3223 * Returns 0 if current has read and write access, error code otherwise 3224 */ 3225 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3226 { 3227 struct smack_known **blob = smack_ipc(ipp); 3228 struct smack_known *iskp = *blob; 3229 int may = smack_flags_to_may(flag); 3230 struct smk_audit_info ad; 3231 int rc; 3232 3233 #ifdef CONFIG_AUDIT 3234 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3235 ad.a.u.ipc_id = ipp->id; 3236 #endif 3237 rc = smk_curacc(iskp, may, &ad); 3238 rc = smk_bu_current("svipc", iskp, may, rc); 3239 return rc; 3240 } 3241 3242 /** 3243 * smack_ipc_getsecid - Extract smack security id 3244 * @ipp: the object permissions 3245 * @secid: where result will be saved 3246 */ 3247 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3248 { 3249 struct smack_known **blob = smack_ipc(ipp); 3250 struct smack_known *iskp = *blob; 3251 3252 *secid = iskp->smk_secid; 3253 } 3254 3255 /** 3256 * smack_d_instantiate - Make sure the blob is correct on an inode 3257 * @opt_dentry: dentry where inode will be attached 3258 * @inode: the object 3259 * 3260 * Set the inode's security blob if it hasn't been done already. 3261 */ 3262 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3263 { 3264 struct super_block *sbp; 3265 struct superblock_smack *sbsp; 3266 struct inode_smack *isp; 3267 struct smack_known *skp; 3268 struct smack_known *ckp = smk_of_current(); 3269 struct smack_known *final; 3270 char trattr[TRANS_TRUE_SIZE]; 3271 int transflag = 0; 3272 int rc; 3273 struct dentry *dp; 3274 3275 if (inode == NULL) 3276 return; 3277 3278 isp = smack_inode(inode); 3279 3280 /* 3281 * If the inode is already instantiated 3282 * take the quick way out 3283 */ 3284 if (isp->smk_flags & SMK_INODE_INSTANT) 3285 return; 3286 3287 sbp = inode->i_sb; 3288 sbsp = sbp->s_security; 3289 /* 3290 * We're going to use the superblock default label 3291 * if there's no label on the file. 3292 */ 3293 final = sbsp->smk_default; 3294 3295 /* 3296 * If this is the root inode the superblock 3297 * may be in the process of initialization. 3298 * If that is the case use the root value out 3299 * of the superblock. 3300 */ 3301 if (opt_dentry->d_parent == opt_dentry) { 3302 switch (sbp->s_magic) { 3303 case CGROUP_SUPER_MAGIC: 3304 case CGROUP2_SUPER_MAGIC: 3305 /* 3306 * The cgroup filesystem is never mounted, 3307 * so there's no opportunity to set the mount 3308 * options. 3309 */ 3310 sbsp->smk_root = &smack_known_star; 3311 sbsp->smk_default = &smack_known_star; 3312 isp->smk_inode = sbsp->smk_root; 3313 break; 3314 case TMPFS_MAGIC: 3315 /* 3316 * What about shmem/tmpfs anonymous files with dentry 3317 * obtained from d_alloc_pseudo()? 3318 */ 3319 isp->smk_inode = smk_of_current(); 3320 break; 3321 case PIPEFS_MAGIC: 3322 isp->smk_inode = smk_of_current(); 3323 break; 3324 case SOCKFS_MAGIC: 3325 /* 3326 * Socket access is controlled by the socket 3327 * structures associated with the task involved. 3328 */ 3329 isp->smk_inode = &smack_known_star; 3330 break; 3331 default: 3332 isp->smk_inode = sbsp->smk_root; 3333 break; 3334 } 3335 isp->smk_flags |= SMK_INODE_INSTANT; 3336 return; 3337 } 3338 3339 /* 3340 * This is pretty hackish. 3341 * Casey says that we shouldn't have to do 3342 * file system specific code, but it does help 3343 * with keeping it simple. 3344 */ 3345 switch (sbp->s_magic) { 3346 case SMACK_MAGIC: 3347 case CGROUP_SUPER_MAGIC: 3348 case CGROUP2_SUPER_MAGIC: 3349 /* 3350 * Casey says that it's a little embarrassing 3351 * that the smack file system doesn't do 3352 * extended attributes. 3353 * 3354 * Cgroupfs is special 3355 */ 3356 final = &smack_known_star; 3357 break; 3358 case DEVPTS_SUPER_MAGIC: 3359 /* 3360 * devpts seems content with the label of the task. 3361 * Programs that change smack have to treat the 3362 * pty with respect. 3363 */ 3364 final = ckp; 3365 break; 3366 case PROC_SUPER_MAGIC: 3367 /* 3368 * Casey says procfs appears not to care. 3369 * The superblock default suffices. 3370 */ 3371 break; 3372 case TMPFS_MAGIC: 3373 /* 3374 * Device labels should come from the filesystem, 3375 * but watch out, because they're volitile, 3376 * getting recreated on every reboot. 3377 */ 3378 final = &smack_known_star; 3379 /* 3380 * If a smack value has been set we want to use it, 3381 * but since tmpfs isn't giving us the opportunity 3382 * to set mount options simulate setting the 3383 * superblock default. 3384 */ 3385 fallthrough; 3386 default: 3387 /* 3388 * This isn't an understood special case. 3389 * Get the value from the xattr. 3390 */ 3391 3392 /* 3393 * UNIX domain sockets use lower level socket data. 3394 */ 3395 if (S_ISSOCK(inode->i_mode)) { 3396 final = &smack_known_star; 3397 break; 3398 } 3399 /* 3400 * No xattr support means, alas, no SMACK label. 3401 * Use the aforeapplied default. 3402 * It would be curious if the label of the task 3403 * does not match that assigned. 3404 */ 3405 if (!(inode->i_opflags & IOP_XATTR)) 3406 break; 3407 /* 3408 * Get the dentry for xattr. 3409 */ 3410 dp = dget(opt_dentry); 3411 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3412 if (!IS_ERR_OR_NULL(skp)) 3413 final = skp; 3414 3415 /* 3416 * Transmuting directory 3417 */ 3418 if (S_ISDIR(inode->i_mode)) { 3419 /* 3420 * If this is a new directory and the label was 3421 * transmuted when the inode was initialized 3422 * set the transmute attribute on the directory 3423 * and mark the inode. 3424 * 3425 * If there is a transmute attribute on the 3426 * directory mark the inode. 3427 */ 3428 if (isp->smk_flags & SMK_INODE_CHANGED) { 3429 isp->smk_flags &= ~SMK_INODE_CHANGED; 3430 rc = __vfs_setxattr(&init_user_ns, dp, inode, 3431 XATTR_NAME_SMACKTRANSMUTE, 3432 TRANS_TRUE, TRANS_TRUE_SIZE, 3433 0); 3434 } else { 3435 rc = __vfs_getxattr(dp, inode, 3436 XATTR_NAME_SMACKTRANSMUTE, trattr, 3437 TRANS_TRUE_SIZE); 3438 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3439 TRANS_TRUE_SIZE) != 0) 3440 rc = -EINVAL; 3441 } 3442 if (rc >= 0) 3443 transflag = SMK_INODE_TRANSMUTE; 3444 } 3445 /* 3446 * Don't let the exec or mmap label be "*" or "@". 3447 */ 3448 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3449 if (IS_ERR(skp) || skp == &smack_known_star || 3450 skp == &smack_known_web) 3451 skp = NULL; 3452 isp->smk_task = skp; 3453 3454 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3455 if (IS_ERR(skp) || skp == &smack_known_star || 3456 skp == &smack_known_web) 3457 skp = NULL; 3458 isp->smk_mmap = skp; 3459 3460 dput(dp); 3461 break; 3462 } 3463 3464 if (final == NULL) 3465 isp->smk_inode = ckp; 3466 else 3467 isp->smk_inode = final; 3468 3469 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3470 3471 return; 3472 } 3473 3474 /** 3475 * smack_getprocattr - Smack process attribute access 3476 * @p: the object task 3477 * @name: the name of the attribute in /proc/.../attr 3478 * @value: where to put the result 3479 * 3480 * Places a copy of the task Smack into value 3481 * 3482 * Returns the length of the smack label or an error code 3483 */ 3484 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3485 { 3486 struct smack_known *skp = smk_of_task_struct(p); 3487 char *cp; 3488 int slen; 3489 3490 if (strcmp(name, "current") != 0) 3491 return -EINVAL; 3492 3493 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3494 if (cp == NULL) 3495 return -ENOMEM; 3496 3497 slen = strlen(cp); 3498 *value = cp; 3499 return slen; 3500 } 3501 3502 /** 3503 * smack_setprocattr - Smack process attribute setting 3504 * @name: the name of the attribute in /proc/.../attr 3505 * @value: the value to set 3506 * @size: the size of the value 3507 * 3508 * Sets the Smack value of the task. Only setting self 3509 * is permitted and only with privilege 3510 * 3511 * Returns the length of the smack label or an error code 3512 */ 3513 static int smack_setprocattr(const char *name, void *value, size_t size) 3514 { 3515 struct task_smack *tsp = smack_cred(current_cred()); 3516 struct cred *new; 3517 struct smack_known *skp; 3518 struct smack_known_list_elem *sklep; 3519 int rc; 3520 3521 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3522 return -EPERM; 3523 3524 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3525 return -EINVAL; 3526 3527 if (strcmp(name, "current") != 0) 3528 return -EINVAL; 3529 3530 skp = smk_import_entry(value, size); 3531 if (IS_ERR(skp)) 3532 return PTR_ERR(skp); 3533 3534 /* 3535 * No process is ever allowed the web ("@") label 3536 * and the star ("*") label. 3537 */ 3538 if (skp == &smack_known_web || skp == &smack_known_star) 3539 return -EINVAL; 3540 3541 if (!smack_privileged(CAP_MAC_ADMIN)) { 3542 rc = -EPERM; 3543 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3544 if (sklep->smk_label == skp) { 3545 rc = 0; 3546 break; 3547 } 3548 if (rc) 3549 return rc; 3550 } 3551 3552 new = prepare_creds(); 3553 if (new == NULL) 3554 return -ENOMEM; 3555 3556 tsp = smack_cred(new); 3557 tsp->smk_task = skp; 3558 /* 3559 * process can change its label only once 3560 */ 3561 smk_destroy_label_list(&tsp->smk_relabel); 3562 3563 commit_creds(new); 3564 return size; 3565 } 3566 3567 /** 3568 * smack_unix_stream_connect - Smack access on UDS 3569 * @sock: one sock 3570 * @other: the other sock 3571 * @newsk: unused 3572 * 3573 * Return 0 if a subject with the smack of sock could access 3574 * an object with the smack of other, otherwise an error code 3575 */ 3576 static int smack_unix_stream_connect(struct sock *sock, 3577 struct sock *other, struct sock *newsk) 3578 { 3579 struct smack_known *skp; 3580 struct smack_known *okp; 3581 struct socket_smack *ssp = sock->sk_security; 3582 struct socket_smack *osp = other->sk_security; 3583 struct socket_smack *nsp = newsk->sk_security; 3584 struct smk_audit_info ad; 3585 int rc = 0; 3586 #ifdef CONFIG_AUDIT 3587 struct lsm_network_audit net; 3588 #endif 3589 3590 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3591 skp = ssp->smk_out; 3592 okp = osp->smk_in; 3593 #ifdef CONFIG_AUDIT 3594 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3595 smk_ad_setfield_u_net_sk(&ad, other); 3596 #endif 3597 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3598 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3599 if (rc == 0) { 3600 okp = osp->smk_out; 3601 skp = ssp->smk_in; 3602 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3603 rc = smk_bu_note("UDS connect", okp, skp, 3604 MAY_WRITE, rc); 3605 } 3606 } 3607 3608 /* 3609 * Cross reference the peer labels for SO_PEERSEC. 3610 */ 3611 if (rc == 0) { 3612 nsp->smk_packet = ssp->smk_out; 3613 ssp->smk_packet = osp->smk_out; 3614 } 3615 3616 return rc; 3617 } 3618 3619 /** 3620 * smack_unix_may_send - Smack access on UDS 3621 * @sock: one socket 3622 * @other: the other socket 3623 * 3624 * Return 0 if a subject with the smack of sock could access 3625 * an object with the smack of other, otherwise an error code 3626 */ 3627 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3628 { 3629 struct socket_smack *ssp = sock->sk->sk_security; 3630 struct socket_smack *osp = other->sk->sk_security; 3631 struct smk_audit_info ad; 3632 int rc; 3633 3634 #ifdef CONFIG_AUDIT 3635 struct lsm_network_audit net; 3636 3637 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3638 smk_ad_setfield_u_net_sk(&ad, other->sk); 3639 #endif 3640 3641 if (smack_privileged(CAP_MAC_OVERRIDE)) 3642 return 0; 3643 3644 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3645 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3646 return rc; 3647 } 3648 3649 /** 3650 * smack_socket_sendmsg - Smack check based on destination host 3651 * @sock: the socket 3652 * @msg: the message 3653 * @size: the size of the message 3654 * 3655 * Return 0 if the current subject can write to the destination host. 3656 * For IPv4 this is only a question if the destination is a single label host. 3657 * For IPv6 this is a check against the label of the port. 3658 */ 3659 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3660 int size) 3661 { 3662 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3663 #if IS_ENABLED(CONFIG_IPV6) 3664 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3665 #endif 3666 #ifdef SMACK_IPV6_SECMARK_LABELING 3667 struct socket_smack *ssp = sock->sk->sk_security; 3668 struct smack_known *rsp; 3669 #endif 3670 int rc = 0; 3671 3672 /* 3673 * Perfectly reasonable for this to be NULL 3674 */ 3675 if (sip == NULL) 3676 return 0; 3677 3678 switch (sock->sk->sk_family) { 3679 case AF_INET: 3680 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3681 sip->sin_family != AF_INET) 3682 return -EINVAL; 3683 rc = smk_ipv4_check(sock->sk, sip); 3684 break; 3685 #if IS_ENABLED(CONFIG_IPV6) 3686 case AF_INET6: 3687 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3688 sap->sin6_family != AF_INET6) 3689 return -EINVAL; 3690 #ifdef SMACK_IPV6_SECMARK_LABELING 3691 rsp = smack_ipv6host_label(sap); 3692 if (rsp != NULL) 3693 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3694 SMK_CONNECTING); 3695 #endif 3696 #ifdef SMACK_IPV6_PORT_LABELING 3697 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3698 #endif 3699 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3700 break; 3701 } 3702 return rc; 3703 } 3704 3705 /** 3706 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3707 * @sap: netlabel secattr 3708 * @ssp: socket security information 3709 * 3710 * Returns a pointer to a Smack label entry found on the label list. 3711 */ 3712 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3713 struct socket_smack *ssp) 3714 { 3715 struct smack_known *skp; 3716 int found = 0; 3717 int acat; 3718 int kcat; 3719 3720 /* 3721 * Netlabel found it in the cache. 3722 */ 3723 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3724 return (struct smack_known *)sap->cache->data; 3725 3726 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3727 /* 3728 * Looks like a fallback, which gives us a secid. 3729 */ 3730 return smack_from_secid(sap->attr.secid); 3731 3732 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3733 /* 3734 * Looks like a CIPSO packet. 3735 * If there are flags but no level netlabel isn't 3736 * behaving the way we expect it to. 3737 * 3738 * Look it up in the label table 3739 * Without guidance regarding the smack value 3740 * for the packet fall back on the network 3741 * ambient value. 3742 */ 3743 rcu_read_lock(); 3744 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3745 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3746 continue; 3747 /* 3748 * Compare the catsets. Use the netlbl APIs. 3749 */ 3750 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3751 if ((skp->smk_netlabel.flags & 3752 NETLBL_SECATTR_MLS_CAT) == 0) 3753 found = 1; 3754 break; 3755 } 3756 for (acat = -1, kcat = -1; acat == kcat; ) { 3757 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3758 acat + 1); 3759 kcat = netlbl_catmap_walk( 3760 skp->smk_netlabel.attr.mls.cat, 3761 kcat + 1); 3762 if (acat < 0 || kcat < 0) 3763 break; 3764 } 3765 if (acat == kcat) { 3766 found = 1; 3767 break; 3768 } 3769 } 3770 rcu_read_unlock(); 3771 3772 if (found) 3773 return skp; 3774 3775 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3776 return &smack_known_web; 3777 return &smack_known_star; 3778 } 3779 /* 3780 * Without guidance regarding the smack value 3781 * for the packet fall back on the network 3782 * ambient value. 3783 */ 3784 return smack_net_ambient; 3785 } 3786 3787 #if IS_ENABLED(CONFIG_IPV6) 3788 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3789 { 3790 u8 nexthdr; 3791 int offset; 3792 int proto = -EINVAL; 3793 struct ipv6hdr _ipv6h; 3794 struct ipv6hdr *ip6; 3795 __be16 frag_off; 3796 struct tcphdr _tcph, *th; 3797 struct udphdr _udph, *uh; 3798 struct dccp_hdr _dccph, *dh; 3799 3800 sip->sin6_port = 0; 3801 3802 offset = skb_network_offset(skb); 3803 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3804 if (ip6 == NULL) 3805 return -EINVAL; 3806 sip->sin6_addr = ip6->saddr; 3807 3808 nexthdr = ip6->nexthdr; 3809 offset += sizeof(_ipv6h); 3810 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3811 if (offset < 0) 3812 return -EINVAL; 3813 3814 proto = nexthdr; 3815 switch (proto) { 3816 case IPPROTO_TCP: 3817 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3818 if (th != NULL) 3819 sip->sin6_port = th->source; 3820 break; 3821 case IPPROTO_UDP: 3822 case IPPROTO_UDPLITE: 3823 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3824 if (uh != NULL) 3825 sip->sin6_port = uh->source; 3826 break; 3827 case IPPROTO_DCCP: 3828 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3829 if (dh != NULL) 3830 sip->sin6_port = dh->dccph_sport; 3831 break; 3832 } 3833 return proto; 3834 } 3835 #endif /* CONFIG_IPV6 */ 3836 3837 /** 3838 * smack_from_skb - Smack data from the secmark in an skb 3839 * @skb: packet 3840 * 3841 * Returns smack_known of the secmark or NULL if that won't work. 3842 */ 3843 #ifdef CONFIG_NETWORK_SECMARK 3844 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3845 { 3846 if (skb == NULL || skb->secmark == 0) 3847 return NULL; 3848 3849 return smack_from_secid(skb->secmark); 3850 } 3851 #else 3852 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3853 { 3854 return NULL; 3855 } 3856 #endif 3857 3858 /** 3859 * smack_from_netlbl - Smack data from the IP options in an skb 3860 * @sk: socket data came in on 3861 * @family: address family 3862 * @skb: packet 3863 * 3864 * Find the Smack label in the IP options. If it hasn't been 3865 * added to the netlabel cache, add it here. 3866 * 3867 * Returns smack_known of the IP options or NULL if that won't work. 3868 */ 3869 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 3870 struct sk_buff *skb) 3871 { 3872 struct netlbl_lsm_secattr secattr; 3873 struct socket_smack *ssp = NULL; 3874 struct smack_known *skp = NULL; 3875 3876 netlbl_secattr_init(&secattr); 3877 3878 if (sk) 3879 ssp = sk->sk_security; 3880 3881 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 3882 skp = smack_from_secattr(&secattr, ssp); 3883 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 3884 netlbl_cache_add(skb, family, &skp->smk_netlabel); 3885 } 3886 3887 netlbl_secattr_destroy(&secattr); 3888 3889 return skp; 3890 } 3891 3892 /** 3893 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3894 * @sk: socket 3895 * @skb: packet 3896 * 3897 * Returns 0 if the packet should be delivered, an error code otherwise 3898 */ 3899 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3900 { 3901 struct socket_smack *ssp = sk->sk_security; 3902 struct smack_known *skp = NULL; 3903 int rc = 0; 3904 struct smk_audit_info ad; 3905 u16 family = sk->sk_family; 3906 #ifdef CONFIG_AUDIT 3907 struct lsm_network_audit net; 3908 #endif 3909 #if IS_ENABLED(CONFIG_IPV6) 3910 struct sockaddr_in6 sadd; 3911 int proto; 3912 3913 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3914 family = PF_INET; 3915 #endif /* CONFIG_IPV6 */ 3916 3917 switch (family) { 3918 case PF_INET: 3919 /* 3920 * If there is a secmark use it rather than the CIPSO label. 3921 * If there is no secmark fall back to CIPSO. 3922 * The secmark is assumed to reflect policy better. 3923 */ 3924 skp = smack_from_skb(skb); 3925 if (skp == NULL) { 3926 skp = smack_from_netlbl(sk, family, skb); 3927 if (skp == NULL) 3928 skp = smack_net_ambient; 3929 } 3930 3931 #ifdef CONFIG_AUDIT 3932 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3933 ad.a.u.net->family = family; 3934 ad.a.u.net->netif = skb->skb_iif; 3935 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3936 #endif 3937 /* 3938 * Receiving a packet requires that the other end 3939 * be able to write here. Read access is not required. 3940 * This is the simplist possible security model 3941 * for networking. 3942 */ 3943 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3944 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3945 MAY_WRITE, rc); 3946 if (rc != 0) 3947 netlbl_skbuff_err(skb, family, rc, 0); 3948 break; 3949 #if IS_ENABLED(CONFIG_IPV6) 3950 case PF_INET6: 3951 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3952 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3953 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 3954 break; 3955 #ifdef SMACK_IPV6_SECMARK_LABELING 3956 skp = smack_from_skb(skb); 3957 if (skp == NULL) { 3958 if (smk_ipv6_localhost(&sadd)) 3959 break; 3960 skp = smack_ipv6host_label(&sadd); 3961 if (skp == NULL) 3962 skp = smack_net_ambient; 3963 } 3964 #ifdef CONFIG_AUDIT 3965 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3966 ad.a.u.net->family = family; 3967 ad.a.u.net->netif = skb->skb_iif; 3968 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3969 #endif /* CONFIG_AUDIT */ 3970 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3971 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3972 MAY_WRITE, rc); 3973 #endif /* SMACK_IPV6_SECMARK_LABELING */ 3974 #ifdef SMACK_IPV6_PORT_LABELING 3975 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3976 #endif /* SMACK_IPV6_PORT_LABELING */ 3977 if (rc != 0) 3978 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 3979 ICMPV6_ADM_PROHIBITED, 0); 3980 break; 3981 #endif /* CONFIG_IPV6 */ 3982 } 3983 3984 return rc; 3985 } 3986 3987 /** 3988 * smack_socket_getpeersec_stream - pull in packet label 3989 * @sock: the socket 3990 * @optval: user's destination 3991 * @optlen: size thereof 3992 * @len: max thereof 3993 * 3994 * returns zero on success, an error code otherwise 3995 */ 3996 static int smack_socket_getpeersec_stream(struct socket *sock, 3997 char __user *optval, 3998 int __user *optlen, unsigned len) 3999 { 4000 struct socket_smack *ssp; 4001 char *rcp = ""; 4002 int slen = 1; 4003 int rc = 0; 4004 4005 ssp = sock->sk->sk_security; 4006 if (ssp->smk_packet != NULL) { 4007 rcp = ssp->smk_packet->smk_known; 4008 slen = strlen(rcp) + 1; 4009 } 4010 4011 if (slen > len) 4012 rc = -ERANGE; 4013 else if (copy_to_user(optval, rcp, slen) != 0) 4014 rc = -EFAULT; 4015 4016 if (put_user(slen, optlen) != 0) 4017 rc = -EFAULT; 4018 4019 return rc; 4020 } 4021 4022 4023 /** 4024 * smack_socket_getpeersec_dgram - pull in packet label 4025 * @sock: the peer socket 4026 * @skb: packet data 4027 * @secid: pointer to where to put the secid of the packet 4028 * 4029 * Sets the netlabel socket state on sk from parent 4030 */ 4031 static int smack_socket_getpeersec_dgram(struct socket *sock, 4032 struct sk_buff *skb, u32 *secid) 4033 4034 { 4035 struct socket_smack *ssp = NULL; 4036 struct smack_known *skp; 4037 struct sock *sk = NULL; 4038 int family = PF_UNSPEC; 4039 u32 s = 0; /* 0 is the invalid secid */ 4040 4041 if (skb != NULL) { 4042 if (skb->protocol == htons(ETH_P_IP)) 4043 family = PF_INET; 4044 #if IS_ENABLED(CONFIG_IPV6) 4045 else if (skb->protocol == htons(ETH_P_IPV6)) 4046 family = PF_INET6; 4047 #endif /* CONFIG_IPV6 */ 4048 } 4049 if (family == PF_UNSPEC && sock != NULL) 4050 family = sock->sk->sk_family; 4051 4052 switch (family) { 4053 case PF_UNIX: 4054 ssp = sock->sk->sk_security; 4055 s = ssp->smk_out->smk_secid; 4056 break; 4057 case PF_INET: 4058 skp = smack_from_skb(skb); 4059 if (skp) { 4060 s = skp->smk_secid; 4061 break; 4062 } 4063 /* 4064 * Translate what netlabel gave us. 4065 */ 4066 if (sock != NULL) 4067 sk = sock->sk; 4068 skp = smack_from_netlbl(sk, family, skb); 4069 if (skp != NULL) 4070 s = skp->smk_secid; 4071 break; 4072 case PF_INET6: 4073 #ifdef SMACK_IPV6_SECMARK_LABELING 4074 skp = smack_from_skb(skb); 4075 if (skp) 4076 s = skp->smk_secid; 4077 #endif 4078 break; 4079 } 4080 *secid = s; 4081 if (s == 0) 4082 return -EINVAL; 4083 return 0; 4084 } 4085 4086 /** 4087 * smack_sock_graft - Initialize a newly created socket with an existing sock 4088 * @sk: child sock 4089 * @parent: parent socket 4090 * 4091 * Set the smk_{in,out} state of an existing sock based on the process that 4092 * is creating the new socket. 4093 */ 4094 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4095 { 4096 struct socket_smack *ssp; 4097 struct smack_known *skp = smk_of_current(); 4098 4099 if (sk == NULL || 4100 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4101 return; 4102 4103 ssp = sk->sk_security; 4104 ssp->smk_in = skp; 4105 ssp->smk_out = skp; 4106 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4107 } 4108 4109 /** 4110 * smack_inet_conn_request - Smack access check on connect 4111 * @sk: socket involved 4112 * @skb: packet 4113 * @req: unused 4114 * 4115 * Returns 0 if a task with the packet label could write to 4116 * the socket, otherwise an error code 4117 */ 4118 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4119 struct request_sock *req) 4120 { 4121 u16 family = sk->sk_family; 4122 struct smack_known *skp; 4123 struct socket_smack *ssp = sk->sk_security; 4124 struct sockaddr_in addr; 4125 struct iphdr *hdr; 4126 struct smack_known *hskp; 4127 int rc; 4128 struct smk_audit_info ad; 4129 #ifdef CONFIG_AUDIT 4130 struct lsm_network_audit net; 4131 #endif 4132 4133 #if IS_ENABLED(CONFIG_IPV6) 4134 if (family == PF_INET6) { 4135 /* 4136 * Handle mapped IPv4 packets arriving 4137 * via IPv6 sockets. Don't set up netlabel 4138 * processing on IPv6. 4139 */ 4140 if (skb->protocol == htons(ETH_P_IP)) 4141 family = PF_INET; 4142 else 4143 return 0; 4144 } 4145 #endif /* CONFIG_IPV6 */ 4146 4147 /* 4148 * If there is a secmark use it rather than the CIPSO label. 4149 * If there is no secmark fall back to CIPSO. 4150 * The secmark is assumed to reflect policy better. 4151 */ 4152 skp = smack_from_skb(skb); 4153 if (skp == NULL) { 4154 skp = smack_from_netlbl(sk, family, skb); 4155 if (skp == NULL) 4156 skp = &smack_known_huh; 4157 } 4158 4159 #ifdef CONFIG_AUDIT 4160 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4161 ad.a.u.net->family = family; 4162 ad.a.u.net->netif = skb->skb_iif; 4163 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4164 #endif 4165 /* 4166 * Receiving a packet requires that the other end be able to write 4167 * here. Read access is not required. 4168 */ 4169 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4170 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4171 if (rc != 0) 4172 return rc; 4173 4174 /* 4175 * Save the peer's label in the request_sock so we can later setup 4176 * smk_packet in the child socket so that SO_PEERCRED can report it. 4177 */ 4178 req->peer_secid = skp->smk_secid; 4179 4180 /* 4181 * We need to decide if we want to label the incoming connection here 4182 * if we do we only need to label the request_sock and the stack will 4183 * propagate the wire-label to the sock when it is created. 4184 */ 4185 hdr = ip_hdr(skb); 4186 addr.sin_addr.s_addr = hdr->saddr; 4187 rcu_read_lock(); 4188 hskp = smack_ipv4host_label(&addr); 4189 rcu_read_unlock(); 4190 4191 if (hskp == NULL) 4192 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4193 else 4194 netlbl_req_delattr(req); 4195 4196 return rc; 4197 } 4198 4199 /** 4200 * smack_inet_csk_clone - Copy the connection information to the new socket 4201 * @sk: the new socket 4202 * @req: the connection's request_sock 4203 * 4204 * Transfer the connection's peer label to the newly created socket. 4205 */ 4206 static void smack_inet_csk_clone(struct sock *sk, 4207 const struct request_sock *req) 4208 { 4209 struct socket_smack *ssp = sk->sk_security; 4210 struct smack_known *skp; 4211 4212 if (req->peer_secid != 0) { 4213 skp = smack_from_secid(req->peer_secid); 4214 ssp->smk_packet = skp; 4215 } else 4216 ssp->smk_packet = NULL; 4217 } 4218 4219 /* 4220 * Key management security hooks 4221 * 4222 * Casey has not tested key support very heavily. 4223 * The permission check is most likely too restrictive. 4224 * If you care about keys please have a look. 4225 */ 4226 #ifdef CONFIG_KEYS 4227 4228 /** 4229 * smack_key_alloc - Set the key security blob 4230 * @key: object 4231 * @cred: the credentials to use 4232 * @flags: unused 4233 * 4234 * No allocation required 4235 * 4236 * Returns 0 4237 */ 4238 static int smack_key_alloc(struct key *key, const struct cred *cred, 4239 unsigned long flags) 4240 { 4241 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4242 4243 key->security = skp; 4244 return 0; 4245 } 4246 4247 /** 4248 * smack_key_free - Clear the key security blob 4249 * @key: the object 4250 * 4251 * Clear the blob pointer 4252 */ 4253 static void smack_key_free(struct key *key) 4254 { 4255 key->security = NULL; 4256 } 4257 4258 /** 4259 * smack_key_permission - Smack access on a key 4260 * @key_ref: gets to the object 4261 * @cred: the credentials to use 4262 * @need_perm: requested key permission 4263 * 4264 * Return 0 if the task has read and write to the object, 4265 * an error code otherwise 4266 */ 4267 static int smack_key_permission(key_ref_t key_ref, 4268 const struct cred *cred, 4269 enum key_need_perm need_perm) 4270 { 4271 struct key *keyp; 4272 struct smk_audit_info ad; 4273 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4274 int request = 0; 4275 int rc; 4276 4277 /* 4278 * Validate requested permissions 4279 */ 4280 switch (need_perm) { 4281 case KEY_NEED_READ: 4282 case KEY_NEED_SEARCH: 4283 case KEY_NEED_VIEW: 4284 request |= MAY_READ; 4285 break; 4286 case KEY_NEED_WRITE: 4287 case KEY_NEED_LINK: 4288 case KEY_NEED_SETATTR: 4289 request |= MAY_WRITE; 4290 break; 4291 case KEY_NEED_UNSPECIFIED: 4292 case KEY_NEED_UNLINK: 4293 case KEY_SYSADMIN_OVERRIDE: 4294 case KEY_AUTHTOKEN_OVERRIDE: 4295 case KEY_DEFER_PERM_CHECK: 4296 return 0; 4297 default: 4298 return -EINVAL; 4299 } 4300 4301 keyp = key_ref_to_ptr(key_ref); 4302 if (keyp == NULL) 4303 return -EINVAL; 4304 /* 4305 * If the key hasn't been initialized give it access so that 4306 * it may do so. 4307 */ 4308 if (keyp->security == NULL) 4309 return 0; 4310 /* 4311 * This should not occur 4312 */ 4313 if (tkp == NULL) 4314 return -EACCES; 4315 4316 if (smack_privileged(CAP_MAC_OVERRIDE)) 4317 return 0; 4318 4319 #ifdef CONFIG_AUDIT 4320 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4321 ad.a.u.key_struct.key = keyp->serial; 4322 ad.a.u.key_struct.key_desc = keyp->description; 4323 #endif 4324 rc = smk_access(tkp, keyp->security, request, &ad); 4325 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4326 return rc; 4327 } 4328 4329 /* 4330 * smack_key_getsecurity - Smack label tagging the key 4331 * @key points to the key to be queried 4332 * @_buffer points to a pointer that should be set to point to the 4333 * resulting string (if no label or an error occurs). 4334 * Return the length of the string (including terminating NUL) or -ve if 4335 * an error. 4336 * May also return 0 (and a NULL buffer pointer) if there is no label. 4337 */ 4338 static int smack_key_getsecurity(struct key *key, char **_buffer) 4339 { 4340 struct smack_known *skp = key->security; 4341 size_t length; 4342 char *copy; 4343 4344 if (key->security == NULL) { 4345 *_buffer = NULL; 4346 return 0; 4347 } 4348 4349 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4350 if (copy == NULL) 4351 return -ENOMEM; 4352 length = strlen(copy) + 1; 4353 4354 *_buffer = copy; 4355 return length; 4356 } 4357 4358 4359 #ifdef CONFIG_KEY_NOTIFICATIONS 4360 /** 4361 * smack_watch_key - Smack access to watch a key for notifications. 4362 * @key: The key to be watched 4363 * 4364 * Return 0 if the @watch->cred has permission to read from the key object and 4365 * an error otherwise. 4366 */ 4367 static int smack_watch_key(struct key *key) 4368 { 4369 struct smk_audit_info ad; 4370 struct smack_known *tkp = smk_of_current(); 4371 int rc; 4372 4373 if (key == NULL) 4374 return -EINVAL; 4375 /* 4376 * If the key hasn't been initialized give it access so that 4377 * it may do so. 4378 */ 4379 if (key->security == NULL) 4380 return 0; 4381 /* 4382 * This should not occur 4383 */ 4384 if (tkp == NULL) 4385 return -EACCES; 4386 4387 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4388 return 0; 4389 4390 #ifdef CONFIG_AUDIT 4391 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4392 ad.a.u.key_struct.key = key->serial; 4393 ad.a.u.key_struct.key_desc = key->description; 4394 #endif 4395 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4396 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4397 return rc; 4398 } 4399 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4400 #endif /* CONFIG_KEYS */ 4401 4402 #ifdef CONFIG_WATCH_QUEUE 4403 /** 4404 * smack_post_notification - Smack access to post a notification to a queue 4405 * @w_cred: The credentials of the watcher. 4406 * @cred: The credentials of the event source (may be NULL). 4407 * @n: The notification message to be posted. 4408 */ 4409 static int smack_post_notification(const struct cred *w_cred, 4410 const struct cred *cred, 4411 struct watch_notification *n) 4412 { 4413 struct smk_audit_info ad; 4414 struct smack_known *subj, *obj; 4415 int rc; 4416 4417 /* Always let maintenance notifications through. */ 4418 if (n->type == WATCH_TYPE_META) 4419 return 0; 4420 4421 if (!cred) 4422 return 0; 4423 subj = smk_of_task(smack_cred(cred)); 4424 obj = smk_of_task(smack_cred(w_cred)); 4425 4426 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4427 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4428 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4429 return rc; 4430 } 4431 #endif /* CONFIG_WATCH_QUEUE */ 4432 4433 /* 4434 * Smack Audit hooks 4435 * 4436 * Audit requires a unique representation of each Smack specific 4437 * rule. This unique representation is used to distinguish the 4438 * object to be audited from remaining kernel objects and also 4439 * works as a glue between the audit hooks. 4440 * 4441 * Since repository entries are added but never deleted, we'll use 4442 * the smack_known label address related to the given audit rule as 4443 * the needed unique representation. This also better fits the smack 4444 * model where nearly everything is a label. 4445 */ 4446 #ifdef CONFIG_AUDIT 4447 4448 /** 4449 * smack_audit_rule_init - Initialize a smack audit rule 4450 * @field: audit rule fields given from user-space (audit.h) 4451 * @op: required testing operator (=, !=, >, <, ...) 4452 * @rulestr: smack label to be audited 4453 * @vrule: pointer to save our own audit rule representation 4454 * 4455 * Prepare to audit cases where (@field @op @rulestr) is true. 4456 * The label to be audited is created if necessay. 4457 */ 4458 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4459 { 4460 struct smack_known *skp; 4461 char **rule = (char **)vrule; 4462 *rule = NULL; 4463 4464 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4465 return -EINVAL; 4466 4467 if (op != Audit_equal && op != Audit_not_equal) 4468 return -EINVAL; 4469 4470 skp = smk_import_entry(rulestr, 0); 4471 if (IS_ERR(skp)) 4472 return PTR_ERR(skp); 4473 4474 *rule = skp->smk_known; 4475 4476 return 0; 4477 } 4478 4479 /** 4480 * smack_audit_rule_known - Distinguish Smack audit rules 4481 * @krule: rule of interest, in Audit kernel representation format 4482 * 4483 * This is used to filter Smack rules from remaining Audit ones. 4484 * If it's proved that this rule belongs to us, the 4485 * audit_rule_match hook will be called to do the final judgement. 4486 */ 4487 static int smack_audit_rule_known(struct audit_krule *krule) 4488 { 4489 struct audit_field *f; 4490 int i; 4491 4492 for (i = 0; i < krule->field_count; i++) { 4493 f = &krule->fields[i]; 4494 4495 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4496 return 1; 4497 } 4498 4499 return 0; 4500 } 4501 4502 /** 4503 * smack_audit_rule_match - Audit given object ? 4504 * @secid: security id for identifying the object to test 4505 * @field: audit rule flags given from user-space 4506 * @op: required testing operator 4507 * @vrule: smack internal rule presentation 4508 * 4509 * The core Audit hook. It's used to take the decision of 4510 * whether to audit or not to audit a given object. 4511 */ 4512 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4513 { 4514 struct smack_known *skp; 4515 char *rule = vrule; 4516 4517 if (unlikely(!rule)) { 4518 WARN_ONCE(1, "Smack: missing rule\n"); 4519 return -ENOENT; 4520 } 4521 4522 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4523 return 0; 4524 4525 skp = smack_from_secid(secid); 4526 4527 /* 4528 * No need to do string comparisons. If a match occurs, 4529 * both pointers will point to the same smack_known 4530 * label. 4531 */ 4532 if (op == Audit_equal) 4533 return (rule == skp->smk_known); 4534 if (op == Audit_not_equal) 4535 return (rule != skp->smk_known); 4536 4537 return 0; 4538 } 4539 4540 /* 4541 * There is no need for a smack_audit_rule_free hook. 4542 * No memory was allocated. 4543 */ 4544 4545 #endif /* CONFIG_AUDIT */ 4546 4547 /** 4548 * smack_ismaclabel - check if xattr @name references a smack MAC label 4549 * @name: Full xattr name to check. 4550 */ 4551 static int smack_ismaclabel(const char *name) 4552 { 4553 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4554 } 4555 4556 4557 /** 4558 * smack_secid_to_secctx - return the smack label for a secid 4559 * @secid: incoming integer 4560 * @secdata: destination 4561 * @seclen: how long it is 4562 * 4563 * Exists for networking code. 4564 */ 4565 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4566 { 4567 struct smack_known *skp = smack_from_secid(secid); 4568 4569 if (secdata) 4570 *secdata = skp->smk_known; 4571 *seclen = strlen(skp->smk_known); 4572 return 0; 4573 } 4574 4575 /** 4576 * smack_secctx_to_secid - return the secid for a smack label 4577 * @secdata: smack label 4578 * @seclen: how long result is 4579 * @secid: outgoing integer 4580 * 4581 * Exists for audit and networking code. 4582 */ 4583 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4584 { 4585 struct smack_known *skp = smk_find_entry(secdata); 4586 4587 if (skp) 4588 *secid = skp->smk_secid; 4589 else 4590 *secid = 0; 4591 return 0; 4592 } 4593 4594 /* 4595 * There used to be a smack_release_secctx hook 4596 * that did nothing back when hooks were in a vector. 4597 * Now that there's a list such a hook adds cost. 4598 */ 4599 4600 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4601 { 4602 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, 4603 ctxlen, 0); 4604 } 4605 4606 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4607 { 4608 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK, 4609 ctx, ctxlen, 0); 4610 } 4611 4612 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4613 { 4614 struct smack_known *skp = smk_of_inode(inode); 4615 4616 *ctx = skp->smk_known; 4617 *ctxlen = strlen(skp->smk_known); 4618 return 0; 4619 } 4620 4621 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4622 { 4623 4624 struct task_smack *tsp; 4625 struct smack_known *skp; 4626 struct inode_smack *isp; 4627 struct cred *new_creds = *new; 4628 4629 if (new_creds == NULL) { 4630 new_creds = prepare_creds(); 4631 if (new_creds == NULL) 4632 return -ENOMEM; 4633 } 4634 4635 tsp = smack_cred(new_creds); 4636 4637 /* 4638 * Get label from overlay inode and set it in create_sid 4639 */ 4640 isp = smack_inode(d_inode(dentry->d_parent)); 4641 skp = isp->smk_inode; 4642 tsp->smk_task = skp; 4643 *new = new_creds; 4644 return 0; 4645 } 4646 4647 static int smack_inode_copy_up_xattr(const char *name) 4648 { 4649 /* 4650 * Return 1 if this is the smack access Smack attribute. 4651 */ 4652 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4653 return 1; 4654 4655 return -EOPNOTSUPP; 4656 } 4657 4658 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4659 struct qstr *name, 4660 const struct cred *old, 4661 struct cred *new) 4662 { 4663 struct task_smack *otsp = smack_cred(old); 4664 struct task_smack *ntsp = smack_cred(new); 4665 struct inode_smack *isp; 4666 int may; 4667 4668 /* 4669 * Use the process credential unless all of 4670 * the transmuting criteria are met 4671 */ 4672 ntsp->smk_task = otsp->smk_task; 4673 4674 /* 4675 * the attribute of the containing directory 4676 */ 4677 isp = smack_inode(d_inode(dentry->d_parent)); 4678 4679 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4680 rcu_read_lock(); 4681 may = smk_access_entry(otsp->smk_task->smk_known, 4682 isp->smk_inode->smk_known, 4683 &otsp->smk_task->smk_rules); 4684 rcu_read_unlock(); 4685 4686 /* 4687 * If the directory is transmuting and the rule 4688 * providing access is transmuting use the containing 4689 * directory label instead of the process label. 4690 */ 4691 if (may > 0 && (may & MAY_TRANSMUTE)) 4692 ntsp->smk_task = isp->smk_inode; 4693 } 4694 return 0; 4695 } 4696 4697 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4698 .lbs_cred = sizeof(struct task_smack), 4699 .lbs_file = sizeof(struct smack_known *), 4700 .lbs_inode = sizeof(struct inode_smack), 4701 .lbs_ipc = sizeof(struct smack_known *), 4702 .lbs_msg_msg = sizeof(struct smack_known *), 4703 }; 4704 4705 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4706 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4707 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4708 LSM_HOOK_INIT(syslog, smack_syslog), 4709 4710 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4711 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4712 4713 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4714 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), 4715 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4716 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4717 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4718 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4719 4720 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4721 4722 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4723 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4724 LSM_HOOK_INIT(inode_link, smack_inode_link), 4725 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4726 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4727 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4728 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4729 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4730 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4731 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4732 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4733 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4734 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4735 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4736 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4737 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4738 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4739 4740 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4741 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4742 LSM_HOOK_INIT(file_lock, smack_file_lock), 4743 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4744 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4745 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4746 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4747 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4748 LSM_HOOK_INIT(file_receive, smack_file_receive), 4749 4750 LSM_HOOK_INIT(file_open, smack_file_open), 4751 4752 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4753 LSM_HOOK_INIT(cred_free, smack_cred_free), 4754 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4755 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4756 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4757 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4758 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4759 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4760 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4761 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4762 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid), 4763 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4764 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4765 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4766 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4767 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4768 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4769 LSM_HOOK_INIT(task_kill, smack_task_kill), 4770 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4771 4772 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4773 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4774 4775 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4776 4777 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4778 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4779 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4780 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4781 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4782 4783 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4784 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4785 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4786 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4787 4788 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4789 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4790 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4791 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4792 4793 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4794 4795 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4796 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4797 4798 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4799 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4800 4801 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4802 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4803 #ifdef SMACK_IPV6_PORT_LABELING 4804 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4805 #endif 4806 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4807 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4808 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4809 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4810 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4811 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4812 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4813 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4814 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4815 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4816 4817 /* key management security hooks */ 4818 #ifdef CONFIG_KEYS 4819 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4820 LSM_HOOK_INIT(key_free, smack_key_free), 4821 LSM_HOOK_INIT(key_permission, smack_key_permission), 4822 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4823 #ifdef CONFIG_KEY_NOTIFICATIONS 4824 LSM_HOOK_INIT(watch_key, smack_watch_key), 4825 #endif 4826 #endif /* CONFIG_KEYS */ 4827 4828 #ifdef CONFIG_WATCH_QUEUE 4829 LSM_HOOK_INIT(post_notification, smack_post_notification), 4830 #endif 4831 4832 /* Audit hooks */ 4833 #ifdef CONFIG_AUDIT 4834 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4835 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4836 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4837 #endif /* CONFIG_AUDIT */ 4838 4839 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4840 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4841 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4842 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4843 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4844 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4845 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4846 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4847 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4848 }; 4849 4850 4851 static __init void init_smack_known_list(void) 4852 { 4853 /* 4854 * Initialize rule list locks 4855 */ 4856 mutex_init(&smack_known_huh.smk_rules_lock); 4857 mutex_init(&smack_known_hat.smk_rules_lock); 4858 mutex_init(&smack_known_floor.smk_rules_lock); 4859 mutex_init(&smack_known_star.smk_rules_lock); 4860 mutex_init(&smack_known_web.smk_rules_lock); 4861 /* 4862 * Initialize rule lists 4863 */ 4864 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4865 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4866 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4867 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4868 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4869 /* 4870 * Create the known labels list 4871 */ 4872 smk_insert_entry(&smack_known_huh); 4873 smk_insert_entry(&smack_known_hat); 4874 smk_insert_entry(&smack_known_star); 4875 smk_insert_entry(&smack_known_floor); 4876 smk_insert_entry(&smack_known_web); 4877 } 4878 4879 /** 4880 * smack_init - initialize the smack system 4881 * 4882 * Returns 0 on success, -ENOMEM is there's no memory 4883 */ 4884 static __init int smack_init(void) 4885 { 4886 struct cred *cred = (struct cred *) current->cred; 4887 struct task_smack *tsp; 4888 4889 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 4890 if (!smack_rule_cache) 4891 return -ENOMEM; 4892 4893 /* 4894 * Set the security state for the initial task. 4895 */ 4896 tsp = smack_cred(cred); 4897 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 4898 4899 /* 4900 * Register with LSM 4901 */ 4902 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4903 smack_enabled = 1; 4904 4905 pr_info("Smack: Initializing.\n"); 4906 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4907 pr_info("Smack: Netfilter enabled.\n"); 4908 #endif 4909 #ifdef SMACK_IPV6_PORT_LABELING 4910 pr_info("Smack: IPv6 port labeling enabled.\n"); 4911 #endif 4912 #ifdef SMACK_IPV6_SECMARK_LABELING 4913 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4914 #endif 4915 4916 /* initialize the smack_known_list */ 4917 init_smack_known_list(); 4918 4919 return 0; 4920 } 4921 4922 /* 4923 * Smack requires early initialization in order to label 4924 * all processes and objects when they are created. 4925 */ 4926 DEFINE_LSM(smack) = { 4927 .name = "smack", 4928 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 4929 .blobs = &smack_blob_sizes, 4930 .init = smack_init, 4931 }; 4932