1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/dccp.h> 28 #include <linux/icmpv6.h> 29 #include <linux/slab.h> 30 #include <linux/mutex.h> 31 #include <net/cipso_ipv4.h> 32 #include <net/ip.h> 33 #include <net/ipv6.h> 34 #include <linux/audit.h> 35 #include <linux/magic.h> 36 #include <linux/dcache.h> 37 #include <linux/personality.h> 38 #include <linux/msg.h> 39 #include <linux/shm.h> 40 #include <linux/binfmts.h> 41 #include <linux/parser.h> 42 #include <linux/fs_context.h> 43 #include <linux/fs_parser.h> 44 #include <linux/watch_queue.h> 45 #include "smack.h" 46 47 #define TRANS_TRUE "TRUE" 48 #define TRANS_TRUE_SIZE 4 49 50 #define SMK_CONNECTING 0 51 #define SMK_RECEIVING 1 52 #define SMK_SENDING 2 53 54 static DEFINE_MUTEX(smack_ipv6_lock); 55 static LIST_HEAD(smk_ipv6_port_list); 56 struct kmem_cache *smack_rule_cache; 57 int smack_enabled; 58 59 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 60 static struct { 61 const char *name; 62 int len; 63 int opt; 64 } smk_mount_opts[] = { 65 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 66 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 67 }; 68 #undef A 69 70 static int match_opt_prefix(char *s, int l, char **arg) 71 { 72 int i; 73 74 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 75 size_t len = smk_mount_opts[i].len; 76 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 77 continue; 78 if (len == l || s[len] != '=') 79 continue; 80 *arg = s + len + 1; 81 return smk_mount_opts[i].opt; 82 } 83 return Opt_error; 84 } 85 86 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 87 static char *smk_bu_mess[] = { 88 "Bringup Error", /* Unused */ 89 "Bringup", /* SMACK_BRINGUP_ALLOW */ 90 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 91 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 92 }; 93 94 static void smk_bu_mode(int mode, char *s) 95 { 96 int i = 0; 97 98 if (mode & MAY_READ) 99 s[i++] = 'r'; 100 if (mode & MAY_WRITE) 101 s[i++] = 'w'; 102 if (mode & MAY_EXEC) 103 s[i++] = 'x'; 104 if (mode & MAY_APPEND) 105 s[i++] = 'a'; 106 if (mode & MAY_TRANSMUTE) 107 s[i++] = 't'; 108 if (mode & MAY_LOCK) 109 s[i++] = 'l'; 110 if (i == 0) 111 s[i++] = '-'; 112 s[i] = '\0'; 113 } 114 #endif 115 116 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 117 static int smk_bu_note(char *note, struct smack_known *sskp, 118 struct smack_known *oskp, int mode, int rc) 119 { 120 char acc[SMK_NUM_ACCESS_TYPE + 1]; 121 122 if (rc <= 0) 123 return rc; 124 if (rc > SMACK_UNCONFINED_OBJECT) 125 rc = 0; 126 127 smk_bu_mode(mode, acc); 128 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 129 sskp->smk_known, oskp->smk_known, acc, note); 130 return 0; 131 } 132 #else 133 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 134 #endif 135 136 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 137 static int smk_bu_current(char *note, struct smack_known *oskp, 138 int mode, int rc) 139 { 140 struct task_smack *tsp = smack_cred(current_cred()); 141 char acc[SMK_NUM_ACCESS_TYPE + 1]; 142 143 if (rc <= 0) 144 return rc; 145 if (rc > SMACK_UNCONFINED_OBJECT) 146 rc = 0; 147 148 smk_bu_mode(mode, acc); 149 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 150 tsp->smk_task->smk_known, oskp->smk_known, 151 acc, current->comm, note); 152 return 0; 153 } 154 #else 155 #define smk_bu_current(note, oskp, mode, RC) (RC) 156 #endif 157 158 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 159 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 160 { 161 struct task_smack *tsp = smack_cred(current_cred()); 162 struct smack_known *smk_task = smk_of_task_struct(otp); 163 char acc[SMK_NUM_ACCESS_TYPE + 1]; 164 165 if (rc <= 0) 166 return rc; 167 if (rc > SMACK_UNCONFINED_OBJECT) 168 rc = 0; 169 170 smk_bu_mode(mode, acc); 171 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 172 tsp->smk_task->smk_known, smk_task->smk_known, acc, 173 current->comm, otp->comm); 174 return 0; 175 } 176 #else 177 #define smk_bu_task(otp, mode, RC) (RC) 178 #endif 179 180 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 181 static int smk_bu_inode(struct inode *inode, int mode, int rc) 182 { 183 struct task_smack *tsp = smack_cred(current_cred()); 184 struct inode_smack *isp = smack_inode(inode); 185 char acc[SMK_NUM_ACCESS_TYPE + 1]; 186 187 if (isp->smk_flags & SMK_INODE_IMPURE) 188 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 189 inode->i_sb->s_id, inode->i_ino, current->comm); 190 191 if (rc <= 0) 192 return rc; 193 if (rc > SMACK_UNCONFINED_OBJECT) 194 rc = 0; 195 if (rc == SMACK_UNCONFINED_SUBJECT && 196 (mode & (MAY_WRITE | MAY_APPEND))) 197 isp->smk_flags |= SMK_INODE_IMPURE; 198 199 smk_bu_mode(mode, acc); 200 201 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 202 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 203 inode->i_sb->s_id, inode->i_ino, current->comm); 204 return 0; 205 } 206 #else 207 #define smk_bu_inode(inode, mode, RC) (RC) 208 #endif 209 210 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 211 static int smk_bu_file(struct file *file, int mode, int rc) 212 { 213 struct task_smack *tsp = smack_cred(current_cred()); 214 struct smack_known *sskp = tsp->smk_task; 215 struct inode *inode = file_inode(file); 216 struct inode_smack *isp = smack_inode(inode); 217 char acc[SMK_NUM_ACCESS_TYPE + 1]; 218 219 if (isp->smk_flags & SMK_INODE_IMPURE) 220 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 221 inode->i_sb->s_id, inode->i_ino, current->comm); 222 223 if (rc <= 0) 224 return rc; 225 if (rc > SMACK_UNCONFINED_OBJECT) 226 rc = 0; 227 228 smk_bu_mode(mode, acc); 229 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 230 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 231 inode->i_sb->s_id, inode->i_ino, file, 232 current->comm); 233 return 0; 234 } 235 #else 236 #define smk_bu_file(file, mode, RC) (RC) 237 #endif 238 239 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 240 static int smk_bu_credfile(const struct cred *cred, struct file *file, 241 int mode, int rc) 242 { 243 struct task_smack *tsp = smack_cred(cred); 244 struct smack_known *sskp = tsp->smk_task; 245 struct inode *inode = file_inode(file); 246 struct inode_smack *isp = smack_inode(inode); 247 char acc[SMK_NUM_ACCESS_TYPE + 1]; 248 249 if (isp->smk_flags & SMK_INODE_IMPURE) 250 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 251 inode->i_sb->s_id, inode->i_ino, current->comm); 252 253 if (rc <= 0) 254 return rc; 255 if (rc > SMACK_UNCONFINED_OBJECT) 256 rc = 0; 257 258 smk_bu_mode(mode, acc); 259 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 260 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 261 inode->i_sb->s_id, inode->i_ino, file, 262 current->comm); 263 return 0; 264 } 265 #else 266 #define smk_bu_credfile(cred, file, mode, RC) (RC) 267 #endif 268 269 /** 270 * smk_fetch - Fetch the smack label from a file. 271 * @name: type of the label (attribute) 272 * @ip: a pointer to the inode 273 * @dp: a pointer to the dentry 274 * 275 * Returns a pointer to the master list entry for the Smack label, 276 * NULL if there was no label to fetch, or an error code. 277 */ 278 static struct smack_known *smk_fetch(const char *name, struct inode *ip, 279 struct dentry *dp) 280 { 281 int rc; 282 char *buffer; 283 struct smack_known *skp = NULL; 284 285 if (!(ip->i_opflags & IOP_XATTR)) 286 return ERR_PTR(-EOPNOTSUPP); 287 288 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 289 if (buffer == NULL) 290 return ERR_PTR(-ENOMEM); 291 292 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 293 if (rc < 0) 294 skp = ERR_PTR(rc); 295 else if (rc == 0) 296 skp = NULL; 297 else 298 skp = smk_import_entry(buffer, rc); 299 300 kfree(buffer); 301 302 return skp; 303 } 304 305 /** 306 * init_inode_smack - initialize an inode security blob 307 * @inode: inode to extract the info from 308 * @skp: a pointer to the Smack label entry to use in the blob 309 * 310 */ 311 static void init_inode_smack(struct inode *inode, struct smack_known *skp) 312 { 313 struct inode_smack *isp = smack_inode(inode); 314 315 isp->smk_inode = skp; 316 isp->smk_flags = 0; 317 } 318 319 /** 320 * init_task_smack - initialize a task security blob 321 * @tsp: blob to initialize 322 * @task: a pointer to the Smack label for the running task 323 * @forked: a pointer to the Smack label for the forked task 324 * 325 */ 326 static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 327 struct smack_known *forked) 328 { 329 tsp->smk_task = task; 330 tsp->smk_forked = forked; 331 INIT_LIST_HEAD(&tsp->smk_rules); 332 INIT_LIST_HEAD(&tsp->smk_relabel); 333 mutex_init(&tsp->smk_rules_lock); 334 } 335 336 /** 337 * smk_copy_rules - copy a rule set 338 * @nhead: new rules header pointer 339 * @ohead: old rules header pointer 340 * @gfp: type of the memory for the allocation 341 * 342 * Returns 0 on success, -ENOMEM on error 343 */ 344 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 345 gfp_t gfp) 346 { 347 struct smack_rule *nrp; 348 struct smack_rule *orp; 349 int rc = 0; 350 351 list_for_each_entry_rcu(orp, ohead, list) { 352 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 353 if (nrp == NULL) { 354 rc = -ENOMEM; 355 break; 356 } 357 *nrp = *orp; 358 list_add_rcu(&nrp->list, nhead); 359 } 360 return rc; 361 } 362 363 /** 364 * smk_copy_relabel - copy smk_relabel labels list 365 * @nhead: new rules header pointer 366 * @ohead: old rules header pointer 367 * @gfp: type of the memory for the allocation 368 * 369 * Returns 0 on success, -ENOMEM on error 370 */ 371 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 372 gfp_t gfp) 373 { 374 struct smack_known_list_elem *nklep; 375 struct smack_known_list_elem *oklep; 376 377 list_for_each_entry(oklep, ohead, list) { 378 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 379 if (nklep == NULL) { 380 smk_destroy_label_list(nhead); 381 return -ENOMEM; 382 } 383 nklep->smk_label = oklep->smk_label; 384 list_add(&nklep->list, nhead); 385 } 386 387 return 0; 388 } 389 390 /** 391 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 392 * @mode - input mode in form of PTRACE_MODE_* 393 * 394 * Returns a converted MAY_* mode usable by smack rules 395 */ 396 static inline unsigned int smk_ptrace_mode(unsigned int mode) 397 { 398 if (mode & PTRACE_MODE_ATTACH) 399 return MAY_READWRITE; 400 if (mode & PTRACE_MODE_READ) 401 return MAY_READ; 402 403 return 0; 404 } 405 406 /** 407 * smk_ptrace_rule_check - helper for ptrace access 408 * @tracer: tracer process 409 * @tracee_known: label entry of the process that's about to be traced 410 * @mode: ptrace attachment mode (PTRACE_MODE_*) 411 * @func: name of the function that called us, used for audit 412 * 413 * Returns 0 on access granted, -error on error 414 */ 415 static int smk_ptrace_rule_check(struct task_struct *tracer, 416 struct smack_known *tracee_known, 417 unsigned int mode, const char *func) 418 { 419 int rc; 420 struct smk_audit_info ad, *saip = NULL; 421 struct task_smack *tsp; 422 struct smack_known *tracer_known; 423 const struct cred *tracercred; 424 425 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 426 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 427 smk_ad_setfield_u_tsk(&ad, tracer); 428 saip = &ad; 429 } 430 431 rcu_read_lock(); 432 tracercred = __task_cred(tracer); 433 tsp = smack_cred(tracercred); 434 tracer_known = smk_of_task(tsp); 435 436 if ((mode & PTRACE_MODE_ATTACH) && 437 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 438 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 439 if (tracer_known->smk_known == tracee_known->smk_known) 440 rc = 0; 441 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 442 rc = -EACCES; 443 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 444 rc = 0; 445 else 446 rc = -EACCES; 447 448 if (saip) 449 smack_log(tracer_known->smk_known, 450 tracee_known->smk_known, 451 0, rc, saip); 452 453 rcu_read_unlock(); 454 return rc; 455 } 456 457 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 458 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 459 460 rcu_read_unlock(); 461 return rc; 462 } 463 464 /* 465 * LSM hooks. 466 * We he, that is fun! 467 */ 468 469 /** 470 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 471 * @ctp: child task pointer 472 * @mode: ptrace attachment mode (PTRACE_MODE_*) 473 * 474 * Returns 0 if access is OK, an error code otherwise 475 * 476 * Do the capability checks. 477 */ 478 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 479 { 480 struct smack_known *skp; 481 482 skp = smk_of_task_struct(ctp); 483 484 return smk_ptrace_rule_check(current, skp, mode, __func__); 485 } 486 487 /** 488 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 489 * @ptp: parent task pointer 490 * 491 * Returns 0 if access is OK, an error code otherwise 492 * 493 * Do the capability checks, and require PTRACE_MODE_ATTACH. 494 */ 495 static int smack_ptrace_traceme(struct task_struct *ptp) 496 { 497 int rc; 498 struct smack_known *skp; 499 500 skp = smk_of_task(smack_cred(current_cred())); 501 502 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 503 return rc; 504 } 505 506 /** 507 * smack_syslog - Smack approval on syslog 508 * @typefrom_file: unused 509 * 510 * Returns 0 on success, error code otherwise. 511 */ 512 static int smack_syslog(int typefrom_file) 513 { 514 int rc = 0; 515 struct smack_known *skp = smk_of_current(); 516 517 if (smack_privileged(CAP_MAC_OVERRIDE)) 518 return 0; 519 520 if (smack_syslog_label != NULL && smack_syslog_label != skp) 521 rc = -EACCES; 522 523 return rc; 524 } 525 526 /* 527 * Superblock Hooks. 528 */ 529 530 /** 531 * smack_sb_alloc_security - allocate a superblock blob 532 * @sb: the superblock getting the blob 533 * 534 * Returns 0 on success or -ENOMEM on error. 535 */ 536 static int smack_sb_alloc_security(struct super_block *sb) 537 { 538 struct superblock_smack *sbsp; 539 540 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 541 542 if (sbsp == NULL) 543 return -ENOMEM; 544 545 sbsp->smk_root = &smack_known_floor; 546 sbsp->smk_default = &smack_known_floor; 547 sbsp->smk_floor = &smack_known_floor; 548 sbsp->smk_hat = &smack_known_hat; 549 /* 550 * SMK_SB_INITIALIZED will be zero from kzalloc. 551 */ 552 sb->s_security = sbsp; 553 554 return 0; 555 } 556 557 /** 558 * smack_sb_free_security - free a superblock blob 559 * @sb: the superblock getting the blob 560 * 561 */ 562 static void smack_sb_free_security(struct super_block *sb) 563 { 564 kfree(sb->s_security); 565 sb->s_security = NULL; 566 } 567 568 struct smack_mnt_opts { 569 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; 570 }; 571 572 static void smack_free_mnt_opts(void *mnt_opts) 573 { 574 struct smack_mnt_opts *opts = mnt_opts; 575 kfree(opts->fsdefault); 576 kfree(opts->fsfloor); 577 kfree(opts->fshat); 578 kfree(opts->fsroot); 579 kfree(opts->fstransmute); 580 kfree(opts); 581 } 582 583 static int smack_add_opt(int token, const char *s, void **mnt_opts) 584 { 585 struct smack_mnt_opts *opts = *mnt_opts; 586 587 if (!opts) { 588 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 589 if (!opts) 590 return -ENOMEM; 591 *mnt_opts = opts; 592 } 593 if (!s) 594 return -ENOMEM; 595 596 switch (token) { 597 case Opt_fsdefault: 598 if (opts->fsdefault) 599 goto out_opt_err; 600 opts->fsdefault = s; 601 break; 602 case Opt_fsfloor: 603 if (opts->fsfloor) 604 goto out_opt_err; 605 opts->fsfloor = s; 606 break; 607 case Opt_fshat: 608 if (opts->fshat) 609 goto out_opt_err; 610 opts->fshat = s; 611 break; 612 case Opt_fsroot: 613 if (opts->fsroot) 614 goto out_opt_err; 615 opts->fsroot = s; 616 break; 617 case Opt_fstransmute: 618 if (opts->fstransmute) 619 goto out_opt_err; 620 opts->fstransmute = s; 621 break; 622 } 623 return 0; 624 625 out_opt_err: 626 pr_warn("Smack: duplicate mount options\n"); 627 return -EINVAL; 628 } 629 630 /** 631 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 632 * @fc: The new filesystem context. 633 * @src_fc: The source filesystem context being duplicated. 634 * 635 * Returns 0 on success or -ENOMEM on error. 636 */ 637 static int smack_fs_context_dup(struct fs_context *fc, 638 struct fs_context *src_fc) 639 { 640 struct smack_mnt_opts *dst, *src = src_fc->security; 641 642 if (!src) 643 return 0; 644 645 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 646 if (!fc->security) 647 return -ENOMEM; 648 dst = fc->security; 649 650 if (src->fsdefault) { 651 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); 652 if (!dst->fsdefault) 653 return -ENOMEM; 654 } 655 if (src->fsfloor) { 656 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL); 657 if (!dst->fsfloor) 658 return -ENOMEM; 659 } 660 if (src->fshat) { 661 dst->fshat = kstrdup(src->fshat, GFP_KERNEL); 662 if (!dst->fshat) 663 return -ENOMEM; 664 } 665 if (src->fsroot) { 666 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL); 667 if (!dst->fsroot) 668 return -ENOMEM; 669 } 670 if (src->fstransmute) { 671 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL); 672 if (!dst->fstransmute) 673 return -ENOMEM; 674 } 675 return 0; 676 } 677 678 static const struct fs_parameter_spec smack_fs_parameters[] = { 679 fsparam_string("smackfsdef", Opt_fsdefault), 680 fsparam_string("smackfsdefault", Opt_fsdefault), 681 fsparam_string("smackfsfloor", Opt_fsfloor), 682 fsparam_string("smackfshat", Opt_fshat), 683 fsparam_string("smackfsroot", Opt_fsroot), 684 fsparam_string("smackfstransmute", Opt_fstransmute), 685 {} 686 }; 687 688 /** 689 * smack_fs_context_parse_param - Parse a single mount parameter 690 * @fc: The new filesystem context being constructed. 691 * @param: The parameter. 692 * 693 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 694 * error. 695 */ 696 static int smack_fs_context_parse_param(struct fs_context *fc, 697 struct fs_parameter *param) 698 { 699 struct fs_parse_result result; 700 int opt, rc; 701 702 opt = fs_parse(fc, smack_fs_parameters, param, &result); 703 if (opt < 0) 704 return opt; 705 706 rc = smack_add_opt(opt, param->string, &fc->security); 707 if (!rc) 708 param->string = NULL; 709 return rc; 710 } 711 712 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 713 { 714 char *from = options, *to = options; 715 bool first = true; 716 717 while (1) { 718 char *next = strchr(from, ','); 719 int token, len, rc; 720 char *arg = NULL; 721 722 if (next) 723 len = next - from; 724 else 725 len = strlen(from); 726 727 token = match_opt_prefix(from, len, &arg); 728 if (token != Opt_error) { 729 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 730 rc = smack_add_opt(token, arg, mnt_opts); 731 if (unlikely(rc)) { 732 kfree(arg); 733 if (*mnt_opts) 734 smack_free_mnt_opts(*mnt_opts); 735 *mnt_opts = NULL; 736 return rc; 737 } 738 } else { 739 if (!first) { // copy with preceding comma 740 from--; 741 len++; 742 } 743 if (to != from) 744 memmove(to, from, len); 745 to += len; 746 first = false; 747 } 748 if (!from[len]) 749 break; 750 from += len + 1; 751 } 752 *to = '\0'; 753 return 0; 754 } 755 756 /** 757 * smack_set_mnt_opts - set Smack specific mount options 758 * @sb: the file system superblock 759 * @mnt_opts: Smack mount options 760 * @kern_flags: mount option from kernel space or user space 761 * @set_kern_flags: where to store converted mount opts 762 * 763 * Returns 0 on success, an error code on failure 764 * 765 * Allow filesystems with binary mount data to explicitly set Smack mount 766 * labels. 767 */ 768 static int smack_set_mnt_opts(struct super_block *sb, 769 void *mnt_opts, 770 unsigned long kern_flags, 771 unsigned long *set_kern_flags) 772 { 773 struct dentry *root = sb->s_root; 774 struct inode *inode = d_backing_inode(root); 775 struct superblock_smack *sp = sb->s_security; 776 struct inode_smack *isp; 777 struct smack_known *skp; 778 struct smack_mnt_opts *opts = mnt_opts; 779 bool transmute = false; 780 781 if (sp->smk_flags & SMK_SB_INITIALIZED) 782 return 0; 783 784 if (inode->i_security == NULL) { 785 int rc = lsm_inode_alloc(inode); 786 787 if (rc) 788 return rc; 789 } 790 791 if (!smack_privileged(CAP_MAC_ADMIN)) { 792 /* 793 * Unprivileged mounts don't get to specify Smack values. 794 */ 795 if (opts) 796 return -EPERM; 797 /* 798 * Unprivileged mounts get root and default from the caller. 799 */ 800 skp = smk_of_current(); 801 sp->smk_root = skp; 802 sp->smk_default = skp; 803 /* 804 * For a handful of fs types with no user-controlled 805 * backing store it's okay to trust security labels 806 * in the filesystem. The rest are untrusted. 807 */ 808 if (sb->s_user_ns != &init_user_ns && 809 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 810 sb->s_magic != RAMFS_MAGIC) { 811 transmute = true; 812 sp->smk_flags |= SMK_SB_UNTRUSTED; 813 } 814 } 815 816 sp->smk_flags |= SMK_SB_INITIALIZED; 817 818 if (opts) { 819 if (opts->fsdefault) { 820 skp = smk_import_entry(opts->fsdefault, 0); 821 if (IS_ERR(skp)) 822 return PTR_ERR(skp); 823 sp->smk_default = skp; 824 } 825 if (opts->fsfloor) { 826 skp = smk_import_entry(opts->fsfloor, 0); 827 if (IS_ERR(skp)) 828 return PTR_ERR(skp); 829 sp->smk_floor = skp; 830 } 831 if (opts->fshat) { 832 skp = smk_import_entry(opts->fshat, 0); 833 if (IS_ERR(skp)) 834 return PTR_ERR(skp); 835 sp->smk_hat = skp; 836 } 837 if (opts->fsroot) { 838 skp = smk_import_entry(opts->fsroot, 0); 839 if (IS_ERR(skp)) 840 return PTR_ERR(skp); 841 sp->smk_root = skp; 842 } 843 if (opts->fstransmute) { 844 skp = smk_import_entry(opts->fstransmute, 0); 845 if (IS_ERR(skp)) 846 return PTR_ERR(skp); 847 sp->smk_root = skp; 848 transmute = true; 849 } 850 } 851 852 /* 853 * Initialize the root inode. 854 */ 855 init_inode_smack(inode, sp->smk_root); 856 857 if (transmute) { 858 isp = smack_inode(inode); 859 isp->smk_flags |= SMK_INODE_TRANSMUTE; 860 } 861 862 return 0; 863 } 864 865 /** 866 * smack_sb_statfs - Smack check on statfs 867 * @dentry: identifies the file system in question 868 * 869 * Returns 0 if current can read the floor of the filesystem, 870 * and error code otherwise 871 */ 872 static int smack_sb_statfs(struct dentry *dentry) 873 { 874 struct superblock_smack *sbp = dentry->d_sb->s_security; 875 int rc; 876 struct smk_audit_info ad; 877 878 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 879 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 880 881 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 882 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 883 return rc; 884 } 885 886 /* 887 * BPRM hooks 888 */ 889 890 /** 891 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 892 * @bprm: the exec information 893 * 894 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 895 */ 896 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 897 { 898 struct inode *inode = file_inode(bprm->file); 899 struct task_smack *bsp = smack_cred(bprm->cred); 900 struct inode_smack *isp; 901 struct superblock_smack *sbsp; 902 int rc; 903 904 isp = smack_inode(inode); 905 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 906 return 0; 907 908 sbsp = inode->i_sb->s_security; 909 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 910 isp->smk_task != sbsp->smk_root) 911 return 0; 912 913 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 914 struct task_struct *tracer; 915 rc = 0; 916 917 rcu_read_lock(); 918 tracer = ptrace_parent(current); 919 if (likely(tracer != NULL)) 920 rc = smk_ptrace_rule_check(tracer, 921 isp->smk_task, 922 PTRACE_MODE_ATTACH, 923 __func__); 924 rcu_read_unlock(); 925 926 if (rc != 0) 927 return rc; 928 } 929 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 930 return -EPERM; 931 932 bsp->smk_task = isp->smk_task; 933 bprm->per_clear |= PER_CLEAR_ON_SETID; 934 935 /* Decide if this is a secure exec. */ 936 if (bsp->smk_task != bsp->smk_forked) 937 bprm->secureexec = 1; 938 939 return 0; 940 } 941 942 /* 943 * Inode hooks 944 */ 945 946 /** 947 * smack_inode_alloc_security - allocate an inode blob 948 * @inode: the inode in need of a blob 949 * 950 * Returns 0 951 */ 952 static int smack_inode_alloc_security(struct inode *inode) 953 { 954 struct smack_known *skp = smk_of_current(); 955 956 init_inode_smack(inode, skp); 957 return 0; 958 } 959 960 /** 961 * smack_inode_init_security - copy out the smack from an inode 962 * @inode: the newly created inode 963 * @dir: containing directory object 964 * @qstr: unused 965 * @name: where to put the attribute name 966 * @value: where to put the attribute value 967 * @len: where to put the length of the attribute 968 * 969 * Returns 0 if it all works out, -ENOMEM if there's no memory 970 */ 971 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 972 const struct qstr *qstr, const char **name, 973 void **value, size_t *len) 974 { 975 struct inode_smack *issp = smack_inode(inode); 976 struct smack_known *skp = smk_of_current(); 977 struct smack_known *isp = smk_of_inode(inode); 978 struct smack_known *dsp = smk_of_inode(dir); 979 int may; 980 981 if (name) 982 *name = XATTR_SMACK_SUFFIX; 983 984 if (value && len) { 985 rcu_read_lock(); 986 may = smk_access_entry(skp->smk_known, dsp->smk_known, 987 &skp->smk_rules); 988 rcu_read_unlock(); 989 990 /* 991 * If the access rule allows transmutation and 992 * the directory requests transmutation then 993 * by all means transmute. 994 * Mark the inode as changed. 995 */ 996 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 997 smk_inode_transmutable(dir)) { 998 isp = dsp; 999 issp->smk_flags |= SMK_INODE_CHANGED; 1000 } 1001 1002 *value = kstrdup(isp->smk_known, GFP_NOFS); 1003 if (*value == NULL) 1004 return -ENOMEM; 1005 1006 *len = strlen(isp->smk_known); 1007 } 1008 1009 return 0; 1010 } 1011 1012 /** 1013 * smack_inode_link - Smack check on link 1014 * @old_dentry: the existing object 1015 * @dir: unused 1016 * @new_dentry: the new object 1017 * 1018 * Returns 0 if access is permitted, an error code otherwise 1019 */ 1020 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1021 struct dentry *new_dentry) 1022 { 1023 struct smack_known *isp; 1024 struct smk_audit_info ad; 1025 int rc; 1026 1027 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1028 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1029 1030 isp = smk_of_inode(d_backing_inode(old_dentry)); 1031 rc = smk_curacc(isp, MAY_WRITE, &ad); 1032 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1033 1034 if (rc == 0 && d_is_positive(new_dentry)) { 1035 isp = smk_of_inode(d_backing_inode(new_dentry)); 1036 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1037 rc = smk_curacc(isp, MAY_WRITE, &ad); 1038 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1039 } 1040 1041 return rc; 1042 } 1043 1044 /** 1045 * smack_inode_unlink - Smack check on inode deletion 1046 * @dir: containing directory object 1047 * @dentry: file to unlink 1048 * 1049 * Returns 0 if current can write the containing directory 1050 * and the object, error code otherwise 1051 */ 1052 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1053 { 1054 struct inode *ip = d_backing_inode(dentry); 1055 struct smk_audit_info ad; 1056 int rc; 1057 1058 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1059 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1060 1061 /* 1062 * You need write access to the thing you're unlinking 1063 */ 1064 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1065 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1066 if (rc == 0) { 1067 /* 1068 * You also need write access to the containing directory 1069 */ 1070 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1071 smk_ad_setfield_u_fs_inode(&ad, dir); 1072 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1073 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1074 } 1075 return rc; 1076 } 1077 1078 /** 1079 * smack_inode_rmdir - Smack check on directory deletion 1080 * @dir: containing directory object 1081 * @dentry: directory to unlink 1082 * 1083 * Returns 0 if current can write the containing directory 1084 * and the directory, error code otherwise 1085 */ 1086 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1087 { 1088 struct smk_audit_info ad; 1089 int rc; 1090 1091 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1092 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1093 1094 /* 1095 * You need write access to the thing you're removing 1096 */ 1097 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1098 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1099 if (rc == 0) { 1100 /* 1101 * You also need write access to the containing directory 1102 */ 1103 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1104 smk_ad_setfield_u_fs_inode(&ad, dir); 1105 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1106 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1107 } 1108 1109 return rc; 1110 } 1111 1112 /** 1113 * smack_inode_rename - Smack check on rename 1114 * @old_inode: unused 1115 * @old_dentry: the old object 1116 * @new_inode: unused 1117 * @new_dentry: the new object 1118 * 1119 * Read and write access is required on both the old and 1120 * new directories. 1121 * 1122 * Returns 0 if access is permitted, an error code otherwise 1123 */ 1124 static int smack_inode_rename(struct inode *old_inode, 1125 struct dentry *old_dentry, 1126 struct inode *new_inode, 1127 struct dentry *new_dentry) 1128 { 1129 int rc; 1130 struct smack_known *isp; 1131 struct smk_audit_info ad; 1132 1133 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1134 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1135 1136 isp = smk_of_inode(d_backing_inode(old_dentry)); 1137 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1138 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1139 1140 if (rc == 0 && d_is_positive(new_dentry)) { 1141 isp = smk_of_inode(d_backing_inode(new_dentry)); 1142 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1143 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1144 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1145 } 1146 return rc; 1147 } 1148 1149 /** 1150 * smack_inode_permission - Smack version of permission() 1151 * @inode: the inode in question 1152 * @mask: the access requested 1153 * 1154 * This is the important Smack hook. 1155 * 1156 * Returns 0 if access is permitted, an error code otherwise 1157 */ 1158 static int smack_inode_permission(struct inode *inode, int mask) 1159 { 1160 struct superblock_smack *sbsp = inode->i_sb->s_security; 1161 struct smk_audit_info ad; 1162 int no_block = mask & MAY_NOT_BLOCK; 1163 int rc; 1164 1165 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1166 /* 1167 * No permission to check. Existence test. Yup, it's there. 1168 */ 1169 if (mask == 0) 1170 return 0; 1171 1172 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1173 if (smk_of_inode(inode) != sbsp->smk_root) 1174 return -EACCES; 1175 } 1176 1177 /* May be droppable after audit */ 1178 if (no_block) 1179 return -ECHILD; 1180 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1181 smk_ad_setfield_u_fs_inode(&ad, inode); 1182 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1183 rc = smk_bu_inode(inode, mask, rc); 1184 return rc; 1185 } 1186 1187 /** 1188 * smack_inode_setattr - Smack check for setting attributes 1189 * @dentry: the object 1190 * @iattr: for the force flag 1191 * 1192 * Returns 0 if access is permitted, an error code otherwise 1193 */ 1194 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1195 { 1196 struct smk_audit_info ad; 1197 int rc; 1198 1199 /* 1200 * Need to allow for clearing the setuid bit. 1201 */ 1202 if (iattr->ia_valid & ATTR_FORCE) 1203 return 0; 1204 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1205 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1206 1207 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1208 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1209 return rc; 1210 } 1211 1212 /** 1213 * smack_inode_getattr - Smack check for getting attributes 1214 * @path: path to extract the info from 1215 * 1216 * Returns 0 if access is permitted, an error code otherwise 1217 */ 1218 static int smack_inode_getattr(const struct path *path) 1219 { 1220 struct smk_audit_info ad; 1221 struct inode *inode = d_backing_inode(path->dentry); 1222 int rc; 1223 1224 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1225 smk_ad_setfield_u_fs_path(&ad, *path); 1226 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1227 rc = smk_bu_inode(inode, MAY_READ, rc); 1228 return rc; 1229 } 1230 1231 /** 1232 * smack_inode_setxattr - Smack check for setting xattrs 1233 * @dentry: the object 1234 * @name: name of the attribute 1235 * @value: value of the attribute 1236 * @size: size of the value 1237 * @flags: unused 1238 * 1239 * This protects the Smack attribute explicitly. 1240 * 1241 * Returns 0 if access is permitted, an error code otherwise 1242 */ 1243 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 1244 const void *value, size_t size, int flags) 1245 { 1246 struct smk_audit_info ad; 1247 struct smack_known *skp; 1248 int check_priv = 0; 1249 int check_import = 0; 1250 int check_star = 0; 1251 int rc = 0; 1252 1253 /* 1254 * Check label validity here so import won't fail in post_setxattr 1255 */ 1256 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1257 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1258 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1259 check_priv = 1; 1260 check_import = 1; 1261 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1262 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1263 check_priv = 1; 1264 check_import = 1; 1265 check_star = 1; 1266 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1267 check_priv = 1; 1268 if (size != TRANS_TRUE_SIZE || 1269 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1270 rc = -EINVAL; 1271 } else 1272 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1273 1274 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1275 rc = -EPERM; 1276 1277 if (rc == 0 && check_import) { 1278 skp = size ? smk_import_entry(value, size) : NULL; 1279 if (IS_ERR(skp)) 1280 rc = PTR_ERR(skp); 1281 else if (skp == NULL || (check_star && 1282 (skp == &smack_known_star || skp == &smack_known_web))) 1283 rc = -EINVAL; 1284 } 1285 1286 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1287 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1288 1289 if (rc == 0) { 1290 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1291 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1292 } 1293 1294 return rc; 1295 } 1296 1297 /** 1298 * smack_inode_post_setxattr - Apply the Smack update approved above 1299 * @dentry: object 1300 * @name: attribute name 1301 * @value: attribute value 1302 * @size: attribute size 1303 * @flags: unused 1304 * 1305 * Set the pointer in the inode blob to the entry found 1306 * in the master label list. 1307 */ 1308 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1309 const void *value, size_t size, int flags) 1310 { 1311 struct smack_known *skp; 1312 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1313 1314 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1315 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1316 return; 1317 } 1318 1319 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1320 skp = smk_import_entry(value, size); 1321 if (!IS_ERR(skp)) 1322 isp->smk_inode = skp; 1323 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1324 skp = smk_import_entry(value, size); 1325 if (!IS_ERR(skp)) 1326 isp->smk_task = skp; 1327 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1328 skp = smk_import_entry(value, size); 1329 if (!IS_ERR(skp)) 1330 isp->smk_mmap = skp; 1331 } 1332 1333 return; 1334 } 1335 1336 /** 1337 * smack_inode_getxattr - Smack check on getxattr 1338 * @dentry: the object 1339 * @name: unused 1340 * 1341 * Returns 0 if access is permitted, an error code otherwise 1342 */ 1343 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1344 { 1345 struct smk_audit_info ad; 1346 int rc; 1347 1348 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1349 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1350 1351 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1352 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1353 return rc; 1354 } 1355 1356 /** 1357 * smack_inode_removexattr - Smack check on removexattr 1358 * @dentry: the object 1359 * @name: name of the attribute 1360 * 1361 * Removing the Smack attribute requires CAP_MAC_ADMIN 1362 * 1363 * Returns 0 if access is permitted, an error code otherwise 1364 */ 1365 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 1366 { 1367 struct inode_smack *isp; 1368 struct smk_audit_info ad; 1369 int rc = 0; 1370 1371 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1372 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1373 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1374 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1375 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1376 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1377 if (!smack_privileged(CAP_MAC_ADMIN)) 1378 rc = -EPERM; 1379 } else 1380 rc = cap_inode_removexattr(dentry, name); 1381 1382 if (rc != 0) 1383 return rc; 1384 1385 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1386 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1387 1388 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1389 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1390 if (rc != 0) 1391 return rc; 1392 1393 isp = smack_inode(d_backing_inode(dentry)); 1394 /* 1395 * Don't do anything special for these. 1396 * XATTR_NAME_SMACKIPIN 1397 * XATTR_NAME_SMACKIPOUT 1398 */ 1399 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1400 struct super_block *sbp = dentry->d_sb; 1401 struct superblock_smack *sbsp = sbp->s_security; 1402 1403 isp->smk_inode = sbsp->smk_default; 1404 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1405 isp->smk_task = NULL; 1406 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1407 isp->smk_mmap = NULL; 1408 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1409 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1410 1411 return 0; 1412 } 1413 1414 /** 1415 * smack_inode_getsecurity - get smack xattrs 1416 * @inode: the object 1417 * @name: attribute name 1418 * @buffer: where to put the result 1419 * @alloc: duplicate memory 1420 * 1421 * Returns the size of the attribute or an error code 1422 */ 1423 static int smack_inode_getsecurity(struct inode *inode, 1424 const char *name, void **buffer, 1425 bool alloc) 1426 { 1427 struct socket_smack *ssp; 1428 struct socket *sock; 1429 struct super_block *sbp; 1430 struct inode *ip = (struct inode *)inode; 1431 struct smack_known *isp; 1432 1433 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) 1434 isp = smk_of_inode(inode); 1435 else { 1436 /* 1437 * The rest of the Smack xattrs are only on sockets. 1438 */ 1439 sbp = ip->i_sb; 1440 if (sbp->s_magic != SOCKFS_MAGIC) 1441 return -EOPNOTSUPP; 1442 1443 sock = SOCKET_I(ip); 1444 if (sock == NULL || sock->sk == NULL) 1445 return -EOPNOTSUPP; 1446 1447 ssp = sock->sk->sk_security; 1448 1449 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1450 isp = ssp->smk_in; 1451 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1452 isp = ssp->smk_out; 1453 else 1454 return -EOPNOTSUPP; 1455 } 1456 1457 if (alloc) { 1458 *buffer = kstrdup(isp->smk_known, GFP_KERNEL); 1459 if (*buffer == NULL) 1460 return -ENOMEM; 1461 } 1462 1463 return strlen(isp->smk_known); 1464 } 1465 1466 1467 /** 1468 * smack_inode_listsecurity - list the Smack attributes 1469 * @inode: the object 1470 * @buffer: where they go 1471 * @buffer_size: size of buffer 1472 */ 1473 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1474 size_t buffer_size) 1475 { 1476 int len = sizeof(XATTR_NAME_SMACK); 1477 1478 if (buffer != NULL && len <= buffer_size) 1479 memcpy(buffer, XATTR_NAME_SMACK, len); 1480 1481 return len; 1482 } 1483 1484 /** 1485 * smack_inode_getsecid - Extract inode's security id 1486 * @inode: inode to extract the info from 1487 * @secid: where result will be saved 1488 */ 1489 static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1490 { 1491 struct smack_known *skp = smk_of_inode(inode); 1492 1493 *secid = skp->smk_secid; 1494 } 1495 1496 /* 1497 * File Hooks 1498 */ 1499 1500 /* 1501 * There is no smack_file_permission hook 1502 * 1503 * Should access checks be done on each read or write? 1504 * UNICOS and SELinux say yes. 1505 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1506 * 1507 * I'll say no for now. Smack does not do the frequent 1508 * label changing that SELinux does. 1509 */ 1510 1511 /** 1512 * smack_file_alloc_security - assign a file security blob 1513 * @file: the object 1514 * 1515 * The security blob for a file is a pointer to the master 1516 * label list, so no allocation is done. 1517 * 1518 * f_security is the owner security information. It 1519 * isn't used on file access checks, it's for send_sigio. 1520 * 1521 * Returns 0 1522 */ 1523 static int smack_file_alloc_security(struct file *file) 1524 { 1525 struct smack_known **blob = smack_file(file); 1526 1527 *blob = smk_of_current(); 1528 return 0; 1529 } 1530 1531 /** 1532 * smack_file_ioctl - Smack check on ioctls 1533 * @file: the object 1534 * @cmd: what to do 1535 * @arg: unused 1536 * 1537 * Relies heavily on the correct use of the ioctl command conventions. 1538 * 1539 * Returns 0 if allowed, error code otherwise 1540 */ 1541 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1542 unsigned long arg) 1543 { 1544 int rc = 0; 1545 struct smk_audit_info ad; 1546 struct inode *inode = file_inode(file); 1547 1548 if (unlikely(IS_PRIVATE(inode))) 1549 return 0; 1550 1551 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1552 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1553 1554 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1555 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1556 rc = smk_bu_file(file, MAY_WRITE, rc); 1557 } 1558 1559 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1560 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1561 rc = smk_bu_file(file, MAY_READ, rc); 1562 } 1563 1564 return rc; 1565 } 1566 1567 /** 1568 * smack_file_lock - Smack check on file locking 1569 * @file: the object 1570 * @cmd: unused 1571 * 1572 * Returns 0 if current has lock access, error code otherwise 1573 */ 1574 static int smack_file_lock(struct file *file, unsigned int cmd) 1575 { 1576 struct smk_audit_info ad; 1577 int rc; 1578 struct inode *inode = file_inode(file); 1579 1580 if (unlikely(IS_PRIVATE(inode))) 1581 return 0; 1582 1583 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1584 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1585 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1586 rc = smk_bu_file(file, MAY_LOCK, rc); 1587 return rc; 1588 } 1589 1590 /** 1591 * smack_file_fcntl - Smack check on fcntl 1592 * @file: the object 1593 * @cmd: what action to check 1594 * @arg: unused 1595 * 1596 * Generally these operations are harmless. 1597 * File locking operations present an obvious mechanism 1598 * for passing information, so they require write access. 1599 * 1600 * Returns 0 if current has access, error code otherwise 1601 */ 1602 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1603 unsigned long arg) 1604 { 1605 struct smk_audit_info ad; 1606 int rc = 0; 1607 struct inode *inode = file_inode(file); 1608 1609 if (unlikely(IS_PRIVATE(inode))) 1610 return 0; 1611 1612 switch (cmd) { 1613 case F_GETLK: 1614 break; 1615 case F_SETLK: 1616 case F_SETLKW: 1617 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1618 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1619 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1620 rc = smk_bu_file(file, MAY_LOCK, rc); 1621 break; 1622 case F_SETOWN: 1623 case F_SETSIG: 1624 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1625 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1626 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1627 rc = smk_bu_file(file, MAY_WRITE, rc); 1628 break; 1629 default: 1630 break; 1631 } 1632 1633 return rc; 1634 } 1635 1636 /** 1637 * smack_mmap_file : 1638 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1639 * if mapping anonymous memory. 1640 * @file contains the file structure for file to map (may be NULL). 1641 * @reqprot contains the protection requested by the application. 1642 * @prot contains the protection that will be applied by the kernel. 1643 * @flags contains the operational flags. 1644 * Return 0 if permission is granted. 1645 */ 1646 static int smack_mmap_file(struct file *file, 1647 unsigned long reqprot, unsigned long prot, 1648 unsigned long flags) 1649 { 1650 struct smack_known *skp; 1651 struct smack_known *mkp; 1652 struct smack_rule *srp; 1653 struct task_smack *tsp; 1654 struct smack_known *okp; 1655 struct inode_smack *isp; 1656 struct superblock_smack *sbsp; 1657 int may; 1658 int mmay; 1659 int tmay; 1660 int rc; 1661 1662 if (file == NULL) 1663 return 0; 1664 1665 if (unlikely(IS_PRIVATE(file_inode(file)))) 1666 return 0; 1667 1668 isp = smack_inode(file_inode(file)); 1669 if (isp->smk_mmap == NULL) 1670 return 0; 1671 sbsp = file_inode(file)->i_sb->s_security; 1672 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1673 isp->smk_mmap != sbsp->smk_root) 1674 return -EACCES; 1675 mkp = isp->smk_mmap; 1676 1677 tsp = smack_cred(current_cred()); 1678 skp = smk_of_current(); 1679 rc = 0; 1680 1681 rcu_read_lock(); 1682 /* 1683 * For each Smack rule associated with the subject 1684 * label verify that the SMACK64MMAP also has access 1685 * to that rule's object label. 1686 */ 1687 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1688 okp = srp->smk_object; 1689 /* 1690 * Matching labels always allows access. 1691 */ 1692 if (mkp->smk_known == okp->smk_known) 1693 continue; 1694 /* 1695 * If there is a matching local rule take 1696 * that into account as well. 1697 */ 1698 may = smk_access_entry(srp->smk_subject->smk_known, 1699 okp->smk_known, 1700 &tsp->smk_rules); 1701 if (may == -ENOENT) 1702 may = srp->smk_access; 1703 else 1704 may &= srp->smk_access; 1705 /* 1706 * If may is zero the SMACK64MMAP subject can't 1707 * possibly have less access. 1708 */ 1709 if (may == 0) 1710 continue; 1711 1712 /* 1713 * Fetch the global list entry. 1714 * If there isn't one a SMACK64MMAP subject 1715 * can't have as much access as current. 1716 */ 1717 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1718 &mkp->smk_rules); 1719 if (mmay == -ENOENT) { 1720 rc = -EACCES; 1721 break; 1722 } 1723 /* 1724 * If there is a local entry it modifies the 1725 * potential access, too. 1726 */ 1727 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1728 &tsp->smk_rules); 1729 if (tmay != -ENOENT) 1730 mmay &= tmay; 1731 1732 /* 1733 * If there is any access available to current that is 1734 * not available to a SMACK64MMAP subject 1735 * deny access. 1736 */ 1737 if ((may | mmay) != mmay) { 1738 rc = -EACCES; 1739 break; 1740 } 1741 } 1742 1743 rcu_read_unlock(); 1744 1745 return rc; 1746 } 1747 1748 /** 1749 * smack_file_set_fowner - set the file security blob value 1750 * @file: object in question 1751 * 1752 */ 1753 static void smack_file_set_fowner(struct file *file) 1754 { 1755 struct smack_known **blob = smack_file(file); 1756 1757 *blob = smk_of_current(); 1758 } 1759 1760 /** 1761 * smack_file_send_sigiotask - Smack on sigio 1762 * @tsk: The target task 1763 * @fown: the object the signal come from 1764 * @signum: unused 1765 * 1766 * Allow a privileged task to get signals even if it shouldn't 1767 * 1768 * Returns 0 if a subject with the object's smack could 1769 * write to the task, an error code otherwise. 1770 */ 1771 static int smack_file_send_sigiotask(struct task_struct *tsk, 1772 struct fown_struct *fown, int signum) 1773 { 1774 struct smack_known **blob; 1775 struct smack_known *skp; 1776 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1777 const struct cred *tcred; 1778 struct file *file; 1779 int rc; 1780 struct smk_audit_info ad; 1781 1782 /* 1783 * struct fown_struct is never outside the context of a struct file 1784 */ 1785 file = container_of(fown, struct file, f_owner); 1786 1787 /* we don't log here as rc can be overriden */ 1788 blob = smack_file(file); 1789 skp = *blob; 1790 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1791 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1792 1793 rcu_read_lock(); 1794 tcred = __task_cred(tsk); 1795 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1796 rc = 0; 1797 rcu_read_unlock(); 1798 1799 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1800 smk_ad_setfield_u_tsk(&ad, tsk); 1801 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1802 return rc; 1803 } 1804 1805 /** 1806 * smack_file_receive - Smack file receive check 1807 * @file: the object 1808 * 1809 * Returns 0 if current has access, error code otherwise 1810 */ 1811 static int smack_file_receive(struct file *file) 1812 { 1813 int rc; 1814 int may = 0; 1815 struct smk_audit_info ad; 1816 struct inode *inode = file_inode(file); 1817 struct socket *sock; 1818 struct task_smack *tsp; 1819 struct socket_smack *ssp; 1820 1821 if (unlikely(IS_PRIVATE(inode))) 1822 return 0; 1823 1824 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1825 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1826 1827 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1828 sock = SOCKET_I(inode); 1829 ssp = sock->sk->sk_security; 1830 tsp = smack_cred(current_cred()); 1831 /* 1832 * If the receiving process can't write to the 1833 * passed socket or if the passed socket can't 1834 * write to the receiving process don't accept 1835 * the passed socket. 1836 */ 1837 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1838 rc = smk_bu_file(file, may, rc); 1839 if (rc < 0) 1840 return rc; 1841 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1842 rc = smk_bu_file(file, may, rc); 1843 return rc; 1844 } 1845 /* 1846 * This code relies on bitmasks. 1847 */ 1848 if (file->f_mode & FMODE_READ) 1849 may = MAY_READ; 1850 if (file->f_mode & FMODE_WRITE) 1851 may |= MAY_WRITE; 1852 1853 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1854 rc = smk_bu_file(file, may, rc); 1855 return rc; 1856 } 1857 1858 /** 1859 * smack_file_open - Smack dentry open processing 1860 * @file: the object 1861 * 1862 * Set the security blob in the file structure. 1863 * Allow the open only if the task has read access. There are 1864 * many read operations (e.g. fstat) that you can do with an 1865 * fd even if you have the file open write-only. 1866 * 1867 * Returns 0 if current has access, error code otherwise 1868 */ 1869 static int smack_file_open(struct file *file) 1870 { 1871 struct task_smack *tsp = smack_cred(file->f_cred); 1872 struct inode *inode = file_inode(file); 1873 struct smk_audit_info ad; 1874 int rc; 1875 1876 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1877 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1878 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1879 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1880 1881 return rc; 1882 } 1883 1884 /* 1885 * Task hooks 1886 */ 1887 1888 /** 1889 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1890 * @cred: the new credentials 1891 * @gfp: the atomicity of any memory allocations 1892 * 1893 * Prepare a blank set of credentials for modification. This must allocate all 1894 * the memory the LSM module might require such that cred_transfer() can 1895 * complete without error. 1896 */ 1897 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1898 { 1899 init_task_smack(smack_cred(cred), NULL, NULL); 1900 return 0; 1901 } 1902 1903 1904 /** 1905 * smack_cred_free - "free" task-level security credentials 1906 * @cred: the credentials in question 1907 * 1908 */ 1909 static void smack_cred_free(struct cred *cred) 1910 { 1911 struct task_smack *tsp = smack_cred(cred); 1912 struct smack_rule *rp; 1913 struct list_head *l; 1914 struct list_head *n; 1915 1916 smk_destroy_label_list(&tsp->smk_relabel); 1917 1918 list_for_each_safe(l, n, &tsp->smk_rules) { 1919 rp = list_entry(l, struct smack_rule, list); 1920 list_del(&rp->list); 1921 kmem_cache_free(smack_rule_cache, rp); 1922 } 1923 } 1924 1925 /** 1926 * smack_cred_prepare - prepare new set of credentials for modification 1927 * @new: the new credentials 1928 * @old: the original credentials 1929 * @gfp: the atomicity of any memory allocations 1930 * 1931 * Prepare a new set of credentials for modification. 1932 */ 1933 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1934 gfp_t gfp) 1935 { 1936 struct task_smack *old_tsp = smack_cred(old); 1937 struct task_smack *new_tsp = smack_cred(new); 1938 int rc; 1939 1940 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1941 1942 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1943 if (rc != 0) 1944 return rc; 1945 1946 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1947 gfp); 1948 return rc; 1949 } 1950 1951 /** 1952 * smack_cred_transfer - Transfer the old credentials to the new credentials 1953 * @new: the new credentials 1954 * @old: the original credentials 1955 * 1956 * Fill in a set of blank credentials from another set of credentials. 1957 */ 1958 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1959 { 1960 struct task_smack *old_tsp = smack_cred(old); 1961 struct task_smack *new_tsp = smack_cred(new); 1962 1963 new_tsp->smk_task = old_tsp->smk_task; 1964 new_tsp->smk_forked = old_tsp->smk_task; 1965 mutex_init(&new_tsp->smk_rules_lock); 1966 INIT_LIST_HEAD(&new_tsp->smk_rules); 1967 1968 /* cbs copy rule list */ 1969 } 1970 1971 /** 1972 * smack_cred_getsecid - get the secid corresponding to a creds structure 1973 * @cred: the object creds 1974 * @secid: where to put the result 1975 * 1976 * Sets the secid to contain a u32 version of the smack label. 1977 */ 1978 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 1979 { 1980 struct smack_known *skp; 1981 1982 rcu_read_lock(); 1983 skp = smk_of_task(smack_cred(cred)); 1984 *secid = skp->smk_secid; 1985 rcu_read_unlock(); 1986 } 1987 1988 /** 1989 * smack_kernel_act_as - Set the subjective context in a set of credentials 1990 * @new: points to the set of credentials to be modified. 1991 * @secid: specifies the security ID to be set 1992 * 1993 * Set the security data for a kernel service. 1994 */ 1995 static int smack_kernel_act_as(struct cred *new, u32 secid) 1996 { 1997 struct task_smack *new_tsp = smack_cred(new); 1998 1999 new_tsp->smk_task = smack_from_secid(secid); 2000 return 0; 2001 } 2002 2003 /** 2004 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2005 * @new: points to the set of credentials to be modified 2006 * @inode: points to the inode to use as a reference 2007 * 2008 * Set the file creation context in a set of credentials to the same 2009 * as the objective context of the specified inode 2010 */ 2011 static int smack_kernel_create_files_as(struct cred *new, 2012 struct inode *inode) 2013 { 2014 struct inode_smack *isp = smack_inode(inode); 2015 struct task_smack *tsp = smack_cred(new); 2016 2017 tsp->smk_forked = isp->smk_inode; 2018 tsp->smk_task = tsp->smk_forked; 2019 return 0; 2020 } 2021 2022 /** 2023 * smk_curacc_on_task - helper to log task related access 2024 * @p: the task object 2025 * @access: the access requested 2026 * @caller: name of the calling function for audit 2027 * 2028 * Return 0 if access is permitted 2029 */ 2030 static int smk_curacc_on_task(struct task_struct *p, int access, 2031 const char *caller) 2032 { 2033 struct smk_audit_info ad; 2034 struct smack_known *skp = smk_of_task_struct(p); 2035 int rc; 2036 2037 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2038 smk_ad_setfield_u_tsk(&ad, p); 2039 rc = smk_curacc(skp, access, &ad); 2040 rc = smk_bu_task(p, access, rc); 2041 return rc; 2042 } 2043 2044 /** 2045 * smack_task_setpgid - Smack check on setting pgid 2046 * @p: the task object 2047 * @pgid: unused 2048 * 2049 * Return 0 if write access is permitted 2050 */ 2051 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2052 { 2053 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2054 } 2055 2056 /** 2057 * smack_task_getpgid - Smack access check for getpgid 2058 * @p: the object task 2059 * 2060 * Returns 0 if current can read the object task, error code otherwise 2061 */ 2062 static int smack_task_getpgid(struct task_struct *p) 2063 { 2064 return smk_curacc_on_task(p, MAY_READ, __func__); 2065 } 2066 2067 /** 2068 * smack_task_getsid - Smack access check for getsid 2069 * @p: the object task 2070 * 2071 * Returns 0 if current can read the object task, error code otherwise 2072 */ 2073 static int smack_task_getsid(struct task_struct *p) 2074 { 2075 return smk_curacc_on_task(p, MAY_READ, __func__); 2076 } 2077 2078 /** 2079 * smack_task_getsecid - get the secid of the task 2080 * @p: the object task 2081 * @secid: where to put the result 2082 * 2083 * Sets the secid to contain a u32 version of the smack label. 2084 */ 2085 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 2086 { 2087 struct smack_known *skp = smk_of_task_struct(p); 2088 2089 *secid = skp->smk_secid; 2090 } 2091 2092 /** 2093 * smack_task_setnice - Smack check on setting nice 2094 * @p: the task object 2095 * @nice: unused 2096 * 2097 * Return 0 if write access is permitted 2098 */ 2099 static int smack_task_setnice(struct task_struct *p, int nice) 2100 { 2101 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2102 } 2103 2104 /** 2105 * smack_task_setioprio - Smack check on setting ioprio 2106 * @p: the task object 2107 * @ioprio: unused 2108 * 2109 * Return 0 if write access is permitted 2110 */ 2111 static int smack_task_setioprio(struct task_struct *p, int ioprio) 2112 { 2113 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2114 } 2115 2116 /** 2117 * smack_task_getioprio - Smack check on reading ioprio 2118 * @p: the task object 2119 * 2120 * Return 0 if read access is permitted 2121 */ 2122 static int smack_task_getioprio(struct task_struct *p) 2123 { 2124 return smk_curacc_on_task(p, MAY_READ, __func__); 2125 } 2126 2127 /** 2128 * smack_task_setscheduler - Smack check on setting scheduler 2129 * @p: the task object 2130 * 2131 * Return 0 if read access is permitted 2132 */ 2133 static int smack_task_setscheduler(struct task_struct *p) 2134 { 2135 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2136 } 2137 2138 /** 2139 * smack_task_getscheduler - Smack check on reading scheduler 2140 * @p: the task object 2141 * 2142 * Return 0 if read access is permitted 2143 */ 2144 static int smack_task_getscheduler(struct task_struct *p) 2145 { 2146 return smk_curacc_on_task(p, MAY_READ, __func__); 2147 } 2148 2149 /** 2150 * smack_task_movememory - Smack check on moving memory 2151 * @p: the task object 2152 * 2153 * Return 0 if write access is permitted 2154 */ 2155 static int smack_task_movememory(struct task_struct *p) 2156 { 2157 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2158 } 2159 2160 /** 2161 * smack_task_kill - Smack check on signal delivery 2162 * @p: the task object 2163 * @info: unused 2164 * @sig: unused 2165 * @cred: identifies the cred to use in lieu of current's 2166 * 2167 * Return 0 if write access is permitted 2168 * 2169 */ 2170 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2171 int sig, const struct cred *cred) 2172 { 2173 struct smk_audit_info ad; 2174 struct smack_known *skp; 2175 struct smack_known *tkp = smk_of_task_struct(p); 2176 int rc; 2177 2178 if (!sig) 2179 return 0; /* null signal; existence test */ 2180 2181 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2182 smk_ad_setfield_u_tsk(&ad, p); 2183 /* 2184 * Sending a signal requires that the sender 2185 * can write the receiver. 2186 */ 2187 if (cred == NULL) { 2188 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2189 rc = smk_bu_task(p, MAY_DELIVER, rc); 2190 return rc; 2191 } 2192 /* 2193 * If the cred isn't NULL we're dealing with some USB IO 2194 * specific behavior. This is not clean. For one thing 2195 * we can't take privilege into account. 2196 */ 2197 skp = smk_of_task(smack_cred(cred)); 2198 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2199 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2200 return rc; 2201 } 2202 2203 /** 2204 * smack_task_to_inode - copy task smack into the inode blob 2205 * @p: task to copy from 2206 * @inode: inode to copy to 2207 * 2208 * Sets the smack pointer in the inode security blob 2209 */ 2210 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2211 { 2212 struct inode_smack *isp = smack_inode(inode); 2213 struct smack_known *skp = smk_of_task_struct(p); 2214 2215 isp->smk_inode = skp; 2216 isp->smk_flags |= SMK_INODE_INSTANT; 2217 } 2218 2219 /* 2220 * Socket hooks. 2221 */ 2222 2223 /** 2224 * smack_sk_alloc_security - Allocate a socket blob 2225 * @sk: the socket 2226 * @family: unused 2227 * @gfp_flags: memory allocation flags 2228 * 2229 * Assign Smack pointers to current 2230 * 2231 * Returns 0 on success, -ENOMEM is there's no memory 2232 */ 2233 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2234 { 2235 struct smack_known *skp = smk_of_current(); 2236 struct socket_smack *ssp; 2237 2238 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2239 if (ssp == NULL) 2240 return -ENOMEM; 2241 2242 /* 2243 * Sockets created by kernel threads receive web label. 2244 */ 2245 if (unlikely(current->flags & PF_KTHREAD)) { 2246 ssp->smk_in = &smack_known_web; 2247 ssp->smk_out = &smack_known_web; 2248 } else { 2249 ssp->smk_in = skp; 2250 ssp->smk_out = skp; 2251 } 2252 ssp->smk_packet = NULL; 2253 2254 sk->sk_security = ssp; 2255 2256 return 0; 2257 } 2258 2259 /** 2260 * smack_sk_free_security - Free a socket blob 2261 * @sk: the socket 2262 * 2263 * Clears the blob pointer 2264 */ 2265 static void smack_sk_free_security(struct sock *sk) 2266 { 2267 #ifdef SMACK_IPV6_PORT_LABELING 2268 struct smk_port_label *spp; 2269 2270 if (sk->sk_family == PF_INET6) { 2271 rcu_read_lock(); 2272 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2273 if (spp->smk_sock != sk) 2274 continue; 2275 spp->smk_can_reuse = 1; 2276 break; 2277 } 2278 rcu_read_unlock(); 2279 } 2280 #endif 2281 kfree(sk->sk_security); 2282 } 2283 2284 /** 2285 * smack_ipv4host_label - check host based restrictions 2286 * @sip: the object end 2287 * 2288 * looks for host based access restrictions 2289 * 2290 * This version will only be appropriate for really small sets of single label 2291 * hosts. The caller is responsible for ensuring that the RCU read lock is 2292 * taken before calling this function. 2293 * 2294 * Returns the label of the far end or NULL if it's not special. 2295 */ 2296 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2297 { 2298 struct smk_net4addr *snp; 2299 struct in_addr *siap = &sip->sin_addr; 2300 2301 if (siap->s_addr == 0) 2302 return NULL; 2303 2304 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2305 /* 2306 * we break after finding the first match because 2307 * the list is sorted from longest to shortest mask 2308 * so we have found the most specific match 2309 */ 2310 if (snp->smk_host.s_addr == 2311 (siap->s_addr & snp->smk_mask.s_addr)) 2312 return snp->smk_label; 2313 2314 return NULL; 2315 } 2316 2317 /* 2318 * smk_ipv6_localhost - Check for local ipv6 host address 2319 * @sip: the address 2320 * 2321 * Returns boolean true if this is the localhost address 2322 */ 2323 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2324 { 2325 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2326 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2327 2328 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2329 ntohs(be16p[7]) == 1) 2330 return true; 2331 return false; 2332 } 2333 2334 /** 2335 * smack_ipv6host_label - check host based restrictions 2336 * @sip: the object end 2337 * 2338 * looks for host based access restrictions 2339 * 2340 * This version will only be appropriate for really small sets of single label 2341 * hosts. The caller is responsible for ensuring that the RCU read lock is 2342 * taken before calling this function. 2343 * 2344 * Returns the label of the far end or NULL if it's not special. 2345 */ 2346 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2347 { 2348 struct smk_net6addr *snp; 2349 struct in6_addr *sap = &sip->sin6_addr; 2350 int i; 2351 int found = 0; 2352 2353 /* 2354 * It's local. Don't look for a host label. 2355 */ 2356 if (smk_ipv6_localhost(sip)) 2357 return NULL; 2358 2359 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2360 /* 2361 * If the label is NULL the entry has 2362 * been renounced. Ignore it. 2363 */ 2364 if (snp->smk_label == NULL) 2365 continue; 2366 /* 2367 * we break after finding the first match because 2368 * the list is sorted from longest to shortest mask 2369 * so we have found the most specific match 2370 */ 2371 for (found = 1, i = 0; i < 8; i++) { 2372 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2373 snp->smk_host.s6_addr16[i]) { 2374 found = 0; 2375 break; 2376 } 2377 } 2378 if (found) 2379 return snp->smk_label; 2380 } 2381 2382 return NULL; 2383 } 2384 2385 /** 2386 * smack_netlbl_add - Set the secattr on a socket 2387 * @sk: the socket 2388 * 2389 * Attach the outbound smack value (smk_out) to the socket. 2390 * 2391 * Returns 0 on success or an error code 2392 */ 2393 static int smack_netlbl_add(struct sock *sk) 2394 { 2395 struct socket_smack *ssp = sk->sk_security; 2396 struct smack_known *skp = ssp->smk_out; 2397 int rc; 2398 2399 local_bh_disable(); 2400 bh_lock_sock_nested(sk); 2401 2402 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2403 switch (rc) { 2404 case 0: 2405 ssp->smk_state = SMK_NETLBL_LABELED; 2406 break; 2407 case -EDESTADDRREQ: 2408 ssp->smk_state = SMK_NETLBL_REQSKB; 2409 rc = 0; 2410 break; 2411 } 2412 2413 bh_unlock_sock(sk); 2414 local_bh_enable(); 2415 2416 return rc; 2417 } 2418 2419 /** 2420 * smack_netlbl_delete - Remove the secattr from a socket 2421 * @sk: the socket 2422 * 2423 * Remove the outbound smack value from a socket 2424 */ 2425 static void smack_netlbl_delete(struct sock *sk) 2426 { 2427 struct socket_smack *ssp = sk->sk_security; 2428 2429 /* 2430 * Take the label off the socket if one is set. 2431 */ 2432 if (ssp->smk_state != SMK_NETLBL_LABELED) 2433 return; 2434 2435 local_bh_disable(); 2436 bh_lock_sock_nested(sk); 2437 netlbl_sock_delattr(sk); 2438 bh_unlock_sock(sk); 2439 local_bh_enable(); 2440 ssp->smk_state = SMK_NETLBL_UNLABELED; 2441 } 2442 2443 /** 2444 * smk_ipv4_check - Perform IPv4 host access checks 2445 * @sk: the socket 2446 * @sap: the destination address 2447 * 2448 * Set the correct secattr for the given socket based on the destination 2449 * address and perform any outbound access checks needed. 2450 * 2451 * Returns 0 on success or an error code. 2452 * 2453 */ 2454 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2455 { 2456 struct smack_known *skp; 2457 int rc = 0; 2458 struct smack_known *hkp; 2459 struct socket_smack *ssp = sk->sk_security; 2460 struct smk_audit_info ad; 2461 2462 rcu_read_lock(); 2463 hkp = smack_ipv4host_label(sap); 2464 if (hkp != NULL) { 2465 #ifdef CONFIG_AUDIT 2466 struct lsm_network_audit net; 2467 2468 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2469 ad.a.u.net->family = sap->sin_family; 2470 ad.a.u.net->dport = sap->sin_port; 2471 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2472 #endif 2473 skp = ssp->smk_out; 2474 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2475 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2476 /* 2477 * Clear the socket netlabel if it's set. 2478 */ 2479 if (!rc) 2480 smack_netlbl_delete(sk); 2481 } 2482 rcu_read_unlock(); 2483 2484 return rc; 2485 } 2486 2487 /** 2488 * smk_ipv6_check - check Smack access 2489 * @subject: subject Smack label 2490 * @object: object Smack label 2491 * @address: address 2492 * @act: the action being taken 2493 * 2494 * Check an IPv6 access 2495 */ 2496 static int smk_ipv6_check(struct smack_known *subject, 2497 struct smack_known *object, 2498 struct sockaddr_in6 *address, int act) 2499 { 2500 #ifdef CONFIG_AUDIT 2501 struct lsm_network_audit net; 2502 #endif 2503 struct smk_audit_info ad; 2504 int rc; 2505 2506 #ifdef CONFIG_AUDIT 2507 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2508 ad.a.u.net->family = PF_INET6; 2509 ad.a.u.net->dport = ntohs(address->sin6_port); 2510 if (act == SMK_RECEIVING) 2511 ad.a.u.net->v6info.saddr = address->sin6_addr; 2512 else 2513 ad.a.u.net->v6info.daddr = address->sin6_addr; 2514 #endif 2515 rc = smk_access(subject, object, MAY_WRITE, &ad); 2516 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2517 return rc; 2518 } 2519 2520 #ifdef SMACK_IPV6_PORT_LABELING 2521 /** 2522 * smk_ipv6_port_label - Smack port access table management 2523 * @sock: socket 2524 * @address: address 2525 * 2526 * Create or update the port list entry 2527 */ 2528 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2529 { 2530 struct sock *sk = sock->sk; 2531 struct sockaddr_in6 *addr6; 2532 struct socket_smack *ssp = sock->sk->sk_security; 2533 struct smk_port_label *spp; 2534 unsigned short port = 0; 2535 2536 if (address == NULL) { 2537 /* 2538 * This operation is changing the Smack information 2539 * on the bound socket. Take the changes to the port 2540 * as well. 2541 */ 2542 rcu_read_lock(); 2543 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2544 if (sk != spp->smk_sock) 2545 continue; 2546 spp->smk_in = ssp->smk_in; 2547 spp->smk_out = ssp->smk_out; 2548 rcu_read_unlock(); 2549 return; 2550 } 2551 /* 2552 * A NULL address is only used for updating existing 2553 * bound entries. If there isn't one, it's OK. 2554 */ 2555 rcu_read_unlock(); 2556 return; 2557 } 2558 2559 addr6 = (struct sockaddr_in6 *)address; 2560 port = ntohs(addr6->sin6_port); 2561 /* 2562 * This is a special case that is safely ignored. 2563 */ 2564 if (port == 0) 2565 return; 2566 2567 /* 2568 * Look for an existing port list entry. 2569 * This is an indication that a port is getting reused. 2570 */ 2571 rcu_read_lock(); 2572 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2573 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2574 continue; 2575 if (spp->smk_can_reuse != 1) { 2576 rcu_read_unlock(); 2577 return; 2578 } 2579 spp->smk_port = port; 2580 spp->smk_sock = sk; 2581 spp->smk_in = ssp->smk_in; 2582 spp->smk_out = ssp->smk_out; 2583 spp->smk_can_reuse = 0; 2584 rcu_read_unlock(); 2585 return; 2586 } 2587 rcu_read_unlock(); 2588 /* 2589 * A new port entry is required. 2590 */ 2591 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2592 if (spp == NULL) 2593 return; 2594 2595 spp->smk_port = port; 2596 spp->smk_sock = sk; 2597 spp->smk_in = ssp->smk_in; 2598 spp->smk_out = ssp->smk_out; 2599 spp->smk_sock_type = sock->type; 2600 spp->smk_can_reuse = 0; 2601 2602 mutex_lock(&smack_ipv6_lock); 2603 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2604 mutex_unlock(&smack_ipv6_lock); 2605 return; 2606 } 2607 #endif 2608 2609 /** 2610 * smk_ipv6_port_check - check Smack port access 2611 * @sk: socket 2612 * @address: address 2613 * @act: the action being taken 2614 * 2615 * Create or update the port list entry 2616 */ 2617 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2618 int act) 2619 { 2620 struct smk_port_label *spp; 2621 struct socket_smack *ssp = sk->sk_security; 2622 struct smack_known *skp = NULL; 2623 unsigned short port; 2624 struct smack_known *object; 2625 2626 if (act == SMK_RECEIVING) { 2627 skp = smack_ipv6host_label(address); 2628 object = ssp->smk_in; 2629 } else { 2630 skp = ssp->smk_out; 2631 object = smack_ipv6host_label(address); 2632 } 2633 2634 /* 2635 * The other end is a single label host. 2636 */ 2637 if (skp != NULL && object != NULL) 2638 return smk_ipv6_check(skp, object, address, act); 2639 if (skp == NULL) 2640 skp = smack_net_ambient; 2641 if (object == NULL) 2642 object = smack_net_ambient; 2643 2644 /* 2645 * It's remote, so port lookup does no good. 2646 */ 2647 if (!smk_ipv6_localhost(address)) 2648 return smk_ipv6_check(skp, object, address, act); 2649 2650 /* 2651 * It's local so the send check has to have passed. 2652 */ 2653 if (act == SMK_RECEIVING) 2654 return 0; 2655 2656 port = ntohs(address->sin6_port); 2657 rcu_read_lock(); 2658 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2659 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2660 continue; 2661 object = spp->smk_in; 2662 if (act == SMK_CONNECTING) 2663 ssp->smk_packet = spp->smk_out; 2664 break; 2665 } 2666 rcu_read_unlock(); 2667 2668 return smk_ipv6_check(skp, object, address, act); 2669 } 2670 2671 /** 2672 * smack_inode_setsecurity - set smack xattrs 2673 * @inode: the object 2674 * @name: attribute name 2675 * @value: attribute value 2676 * @size: size of the attribute 2677 * @flags: unused 2678 * 2679 * Sets the named attribute in the appropriate blob 2680 * 2681 * Returns 0 on success, or an error code 2682 */ 2683 static int smack_inode_setsecurity(struct inode *inode, const char *name, 2684 const void *value, size_t size, int flags) 2685 { 2686 struct smack_known *skp; 2687 struct inode_smack *nsp = smack_inode(inode); 2688 struct socket_smack *ssp; 2689 struct socket *sock; 2690 int rc = 0; 2691 2692 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2693 return -EINVAL; 2694 2695 skp = smk_import_entry(value, size); 2696 if (IS_ERR(skp)) 2697 return PTR_ERR(skp); 2698 2699 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2700 nsp->smk_inode = skp; 2701 nsp->smk_flags |= SMK_INODE_INSTANT; 2702 return 0; 2703 } 2704 /* 2705 * The rest of the Smack xattrs are only on sockets. 2706 */ 2707 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2708 return -EOPNOTSUPP; 2709 2710 sock = SOCKET_I(inode); 2711 if (sock == NULL || sock->sk == NULL) 2712 return -EOPNOTSUPP; 2713 2714 ssp = sock->sk->sk_security; 2715 2716 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2717 ssp->smk_in = skp; 2718 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2719 ssp->smk_out = skp; 2720 if (sock->sk->sk_family == PF_INET) { 2721 rc = smack_netlbl_add(sock->sk); 2722 if (rc != 0) 2723 printk(KERN_WARNING 2724 "Smack: \"%s\" netlbl error %d.\n", 2725 __func__, -rc); 2726 } 2727 } else 2728 return -EOPNOTSUPP; 2729 2730 #ifdef SMACK_IPV6_PORT_LABELING 2731 if (sock->sk->sk_family == PF_INET6) 2732 smk_ipv6_port_label(sock, NULL); 2733 #endif 2734 2735 return 0; 2736 } 2737 2738 /** 2739 * smack_socket_post_create - finish socket setup 2740 * @sock: the socket 2741 * @family: protocol family 2742 * @type: unused 2743 * @protocol: unused 2744 * @kern: unused 2745 * 2746 * Sets the netlabel information on the socket 2747 * 2748 * Returns 0 on success, and error code otherwise 2749 */ 2750 static int smack_socket_post_create(struct socket *sock, int family, 2751 int type, int protocol, int kern) 2752 { 2753 struct socket_smack *ssp; 2754 2755 if (sock->sk == NULL) 2756 return 0; 2757 2758 /* 2759 * Sockets created by kernel threads receive web label. 2760 */ 2761 if (unlikely(current->flags & PF_KTHREAD)) { 2762 ssp = sock->sk->sk_security; 2763 ssp->smk_in = &smack_known_web; 2764 ssp->smk_out = &smack_known_web; 2765 } 2766 2767 if (family != PF_INET) 2768 return 0; 2769 /* 2770 * Set the outbound netlbl. 2771 */ 2772 return smack_netlbl_add(sock->sk); 2773 } 2774 2775 /** 2776 * smack_socket_socketpair - create socket pair 2777 * @socka: one socket 2778 * @sockb: another socket 2779 * 2780 * Cross reference the peer labels for SO_PEERSEC 2781 * 2782 * Returns 0 2783 */ 2784 static int smack_socket_socketpair(struct socket *socka, 2785 struct socket *sockb) 2786 { 2787 struct socket_smack *asp = socka->sk->sk_security; 2788 struct socket_smack *bsp = sockb->sk->sk_security; 2789 2790 asp->smk_packet = bsp->smk_out; 2791 bsp->smk_packet = asp->smk_out; 2792 2793 return 0; 2794 } 2795 2796 #ifdef SMACK_IPV6_PORT_LABELING 2797 /** 2798 * smack_socket_bind - record port binding information. 2799 * @sock: the socket 2800 * @address: the port address 2801 * @addrlen: size of the address 2802 * 2803 * Records the label bound to a port. 2804 * 2805 * Returns 0 on success, and error code otherwise 2806 */ 2807 static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2808 int addrlen) 2809 { 2810 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2811 if (addrlen < SIN6_LEN_RFC2133 || 2812 address->sa_family != AF_INET6) 2813 return -EINVAL; 2814 smk_ipv6_port_label(sock, address); 2815 } 2816 return 0; 2817 } 2818 #endif /* SMACK_IPV6_PORT_LABELING */ 2819 2820 /** 2821 * smack_socket_connect - connect access check 2822 * @sock: the socket 2823 * @sap: the other end 2824 * @addrlen: size of sap 2825 * 2826 * Verifies that a connection may be possible 2827 * 2828 * Returns 0 on success, and error code otherwise 2829 */ 2830 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2831 int addrlen) 2832 { 2833 int rc = 0; 2834 2835 if (sock->sk == NULL) 2836 return 0; 2837 if (sock->sk->sk_family != PF_INET && 2838 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2839 return 0; 2840 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2841 return 0; 2842 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2843 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2844 struct smack_known *rsp = NULL; 2845 2846 if (addrlen < SIN6_LEN_RFC2133) 2847 return 0; 2848 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2849 rsp = smack_ipv6host_label(sip); 2850 if (rsp != NULL) { 2851 struct socket_smack *ssp = sock->sk->sk_security; 2852 2853 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2854 SMK_CONNECTING); 2855 } 2856 if (__is_defined(SMACK_IPV6_PORT_LABELING)) 2857 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2858 2859 return rc; 2860 } 2861 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2862 return 0; 2863 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 2864 return rc; 2865 } 2866 2867 /** 2868 * smack_flags_to_may - convert S_ to MAY_ values 2869 * @flags: the S_ value 2870 * 2871 * Returns the equivalent MAY_ value 2872 */ 2873 static int smack_flags_to_may(int flags) 2874 { 2875 int may = 0; 2876 2877 if (flags & S_IRUGO) 2878 may |= MAY_READ; 2879 if (flags & S_IWUGO) 2880 may |= MAY_WRITE; 2881 if (flags & S_IXUGO) 2882 may |= MAY_EXEC; 2883 2884 return may; 2885 } 2886 2887 /** 2888 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2889 * @msg: the object 2890 * 2891 * Returns 0 2892 */ 2893 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2894 { 2895 struct smack_known **blob = smack_msg_msg(msg); 2896 2897 *blob = smk_of_current(); 2898 return 0; 2899 } 2900 2901 /** 2902 * smack_of_ipc - the smack pointer for the ipc 2903 * @isp: the object 2904 * 2905 * Returns a pointer to the smack value 2906 */ 2907 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2908 { 2909 struct smack_known **blob = smack_ipc(isp); 2910 2911 return *blob; 2912 } 2913 2914 /** 2915 * smack_ipc_alloc_security - Set the security blob for ipc 2916 * @isp: the object 2917 * 2918 * Returns 0 2919 */ 2920 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 2921 { 2922 struct smack_known **blob = smack_ipc(isp); 2923 2924 *blob = smk_of_current(); 2925 return 0; 2926 } 2927 2928 /** 2929 * smk_curacc_shm : check if current has access on shm 2930 * @isp : the object 2931 * @access : access requested 2932 * 2933 * Returns 0 if current has the requested access, error code otherwise 2934 */ 2935 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 2936 { 2937 struct smack_known *ssp = smack_of_ipc(isp); 2938 struct smk_audit_info ad; 2939 int rc; 2940 2941 #ifdef CONFIG_AUDIT 2942 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2943 ad.a.u.ipc_id = isp->id; 2944 #endif 2945 rc = smk_curacc(ssp, access, &ad); 2946 rc = smk_bu_current("shm", ssp, access, rc); 2947 return rc; 2948 } 2949 2950 /** 2951 * smack_shm_associate - Smack access check for shm 2952 * @isp: the object 2953 * @shmflg: access requested 2954 * 2955 * Returns 0 if current has the requested access, error code otherwise 2956 */ 2957 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 2958 { 2959 int may; 2960 2961 may = smack_flags_to_may(shmflg); 2962 return smk_curacc_shm(isp, may); 2963 } 2964 2965 /** 2966 * smack_shm_shmctl - Smack access check for shm 2967 * @isp: the object 2968 * @cmd: what it wants to do 2969 * 2970 * Returns 0 if current has the requested access, error code otherwise 2971 */ 2972 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 2973 { 2974 int may; 2975 2976 switch (cmd) { 2977 case IPC_STAT: 2978 case SHM_STAT: 2979 case SHM_STAT_ANY: 2980 may = MAY_READ; 2981 break; 2982 case IPC_SET: 2983 case SHM_LOCK: 2984 case SHM_UNLOCK: 2985 case IPC_RMID: 2986 may = MAY_READWRITE; 2987 break; 2988 case IPC_INFO: 2989 case SHM_INFO: 2990 /* 2991 * System level information. 2992 */ 2993 return 0; 2994 default: 2995 return -EINVAL; 2996 } 2997 return smk_curacc_shm(isp, may); 2998 } 2999 3000 /** 3001 * smack_shm_shmat - Smack access for shmat 3002 * @isp: the object 3003 * @shmaddr: unused 3004 * @shmflg: access requested 3005 * 3006 * Returns 0 if current has the requested access, error code otherwise 3007 */ 3008 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3009 int shmflg) 3010 { 3011 int may; 3012 3013 may = smack_flags_to_may(shmflg); 3014 return smk_curacc_shm(isp, may); 3015 } 3016 3017 /** 3018 * smk_curacc_sem : check if current has access on sem 3019 * @isp : the object 3020 * @access : access requested 3021 * 3022 * Returns 0 if current has the requested access, error code otherwise 3023 */ 3024 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3025 { 3026 struct smack_known *ssp = smack_of_ipc(isp); 3027 struct smk_audit_info ad; 3028 int rc; 3029 3030 #ifdef CONFIG_AUDIT 3031 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3032 ad.a.u.ipc_id = isp->id; 3033 #endif 3034 rc = smk_curacc(ssp, access, &ad); 3035 rc = smk_bu_current("sem", ssp, access, rc); 3036 return rc; 3037 } 3038 3039 /** 3040 * smack_sem_associate - Smack access check for sem 3041 * @isp: the object 3042 * @semflg: access requested 3043 * 3044 * Returns 0 if current has the requested access, error code otherwise 3045 */ 3046 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3047 { 3048 int may; 3049 3050 may = smack_flags_to_may(semflg); 3051 return smk_curacc_sem(isp, may); 3052 } 3053 3054 /** 3055 * smack_sem_shmctl - Smack access check for sem 3056 * @isp: the object 3057 * @cmd: what it wants to do 3058 * 3059 * Returns 0 if current has the requested access, error code otherwise 3060 */ 3061 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3062 { 3063 int may; 3064 3065 switch (cmd) { 3066 case GETPID: 3067 case GETNCNT: 3068 case GETZCNT: 3069 case GETVAL: 3070 case GETALL: 3071 case IPC_STAT: 3072 case SEM_STAT: 3073 case SEM_STAT_ANY: 3074 may = MAY_READ; 3075 break; 3076 case SETVAL: 3077 case SETALL: 3078 case IPC_RMID: 3079 case IPC_SET: 3080 may = MAY_READWRITE; 3081 break; 3082 case IPC_INFO: 3083 case SEM_INFO: 3084 /* 3085 * System level information 3086 */ 3087 return 0; 3088 default: 3089 return -EINVAL; 3090 } 3091 3092 return smk_curacc_sem(isp, may); 3093 } 3094 3095 /** 3096 * smack_sem_semop - Smack checks of semaphore operations 3097 * @isp: the object 3098 * @sops: unused 3099 * @nsops: unused 3100 * @alter: unused 3101 * 3102 * Treated as read and write in all cases. 3103 * 3104 * Returns 0 if access is allowed, error code otherwise 3105 */ 3106 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3107 unsigned nsops, int alter) 3108 { 3109 return smk_curacc_sem(isp, MAY_READWRITE); 3110 } 3111 3112 /** 3113 * smk_curacc_msq : helper to check if current has access on msq 3114 * @isp : the msq 3115 * @access : access requested 3116 * 3117 * return 0 if current has access, error otherwise 3118 */ 3119 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3120 { 3121 struct smack_known *msp = smack_of_ipc(isp); 3122 struct smk_audit_info ad; 3123 int rc; 3124 3125 #ifdef CONFIG_AUDIT 3126 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3127 ad.a.u.ipc_id = isp->id; 3128 #endif 3129 rc = smk_curacc(msp, access, &ad); 3130 rc = smk_bu_current("msq", msp, access, rc); 3131 return rc; 3132 } 3133 3134 /** 3135 * smack_msg_queue_associate - Smack access check for msg_queue 3136 * @isp: the object 3137 * @msqflg: access requested 3138 * 3139 * Returns 0 if current has the requested access, error code otherwise 3140 */ 3141 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3142 { 3143 int may; 3144 3145 may = smack_flags_to_may(msqflg); 3146 return smk_curacc_msq(isp, may); 3147 } 3148 3149 /** 3150 * smack_msg_queue_msgctl - Smack access check for msg_queue 3151 * @isp: the object 3152 * @cmd: what it wants to do 3153 * 3154 * Returns 0 if current has the requested access, error code otherwise 3155 */ 3156 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3157 { 3158 int may; 3159 3160 switch (cmd) { 3161 case IPC_STAT: 3162 case MSG_STAT: 3163 case MSG_STAT_ANY: 3164 may = MAY_READ; 3165 break; 3166 case IPC_SET: 3167 case IPC_RMID: 3168 may = MAY_READWRITE; 3169 break; 3170 case IPC_INFO: 3171 case MSG_INFO: 3172 /* 3173 * System level information 3174 */ 3175 return 0; 3176 default: 3177 return -EINVAL; 3178 } 3179 3180 return smk_curacc_msq(isp, may); 3181 } 3182 3183 /** 3184 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3185 * @isp: the object 3186 * @msg: unused 3187 * @msqflg: access requested 3188 * 3189 * Returns 0 if current has the requested access, error code otherwise 3190 */ 3191 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3192 int msqflg) 3193 { 3194 int may; 3195 3196 may = smack_flags_to_may(msqflg); 3197 return smk_curacc_msq(isp, may); 3198 } 3199 3200 /** 3201 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3202 * @isp: the object 3203 * @msg: unused 3204 * @target: unused 3205 * @type: unused 3206 * @mode: unused 3207 * 3208 * Returns 0 if current has read and write access, error code otherwise 3209 */ 3210 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg, 3211 struct task_struct *target, long type, int mode) 3212 { 3213 return smk_curacc_msq(isp, MAY_READWRITE); 3214 } 3215 3216 /** 3217 * smack_ipc_permission - Smack access for ipc_permission() 3218 * @ipp: the object permissions 3219 * @flag: access requested 3220 * 3221 * Returns 0 if current has read and write access, error code otherwise 3222 */ 3223 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3224 { 3225 struct smack_known **blob = smack_ipc(ipp); 3226 struct smack_known *iskp = *blob; 3227 int may = smack_flags_to_may(flag); 3228 struct smk_audit_info ad; 3229 int rc; 3230 3231 #ifdef CONFIG_AUDIT 3232 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3233 ad.a.u.ipc_id = ipp->id; 3234 #endif 3235 rc = smk_curacc(iskp, may, &ad); 3236 rc = smk_bu_current("svipc", iskp, may, rc); 3237 return rc; 3238 } 3239 3240 /** 3241 * smack_ipc_getsecid - Extract smack security id 3242 * @ipp: the object permissions 3243 * @secid: where result will be saved 3244 */ 3245 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3246 { 3247 struct smack_known **blob = smack_ipc(ipp); 3248 struct smack_known *iskp = *blob; 3249 3250 *secid = iskp->smk_secid; 3251 } 3252 3253 /** 3254 * smack_d_instantiate - Make sure the blob is correct on an inode 3255 * @opt_dentry: dentry where inode will be attached 3256 * @inode: the object 3257 * 3258 * Set the inode's security blob if it hasn't been done already. 3259 */ 3260 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3261 { 3262 struct super_block *sbp; 3263 struct superblock_smack *sbsp; 3264 struct inode_smack *isp; 3265 struct smack_known *skp; 3266 struct smack_known *ckp = smk_of_current(); 3267 struct smack_known *final; 3268 char trattr[TRANS_TRUE_SIZE]; 3269 int transflag = 0; 3270 int rc; 3271 struct dentry *dp; 3272 3273 if (inode == NULL) 3274 return; 3275 3276 isp = smack_inode(inode); 3277 3278 /* 3279 * If the inode is already instantiated 3280 * take the quick way out 3281 */ 3282 if (isp->smk_flags & SMK_INODE_INSTANT) 3283 return; 3284 3285 sbp = inode->i_sb; 3286 sbsp = sbp->s_security; 3287 /* 3288 * We're going to use the superblock default label 3289 * if there's no label on the file. 3290 */ 3291 final = sbsp->smk_default; 3292 3293 /* 3294 * If this is the root inode the superblock 3295 * may be in the process of initialization. 3296 * If that is the case use the root value out 3297 * of the superblock. 3298 */ 3299 if (opt_dentry->d_parent == opt_dentry) { 3300 switch (sbp->s_magic) { 3301 case CGROUP_SUPER_MAGIC: 3302 case CGROUP2_SUPER_MAGIC: 3303 /* 3304 * The cgroup filesystem is never mounted, 3305 * so there's no opportunity to set the mount 3306 * options. 3307 */ 3308 sbsp->smk_root = &smack_known_star; 3309 sbsp->smk_default = &smack_known_star; 3310 isp->smk_inode = sbsp->smk_root; 3311 break; 3312 case TMPFS_MAGIC: 3313 /* 3314 * What about shmem/tmpfs anonymous files with dentry 3315 * obtained from d_alloc_pseudo()? 3316 */ 3317 isp->smk_inode = smk_of_current(); 3318 break; 3319 case PIPEFS_MAGIC: 3320 isp->smk_inode = smk_of_current(); 3321 break; 3322 case SOCKFS_MAGIC: 3323 /* 3324 * Socket access is controlled by the socket 3325 * structures associated with the task involved. 3326 */ 3327 isp->smk_inode = &smack_known_star; 3328 break; 3329 default: 3330 isp->smk_inode = sbsp->smk_root; 3331 break; 3332 } 3333 isp->smk_flags |= SMK_INODE_INSTANT; 3334 return; 3335 } 3336 3337 /* 3338 * This is pretty hackish. 3339 * Casey says that we shouldn't have to do 3340 * file system specific code, but it does help 3341 * with keeping it simple. 3342 */ 3343 switch (sbp->s_magic) { 3344 case SMACK_MAGIC: 3345 case CGROUP_SUPER_MAGIC: 3346 case CGROUP2_SUPER_MAGIC: 3347 /* 3348 * Casey says that it's a little embarrassing 3349 * that the smack file system doesn't do 3350 * extended attributes. 3351 * 3352 * Cgroupfs is special 3353 */ 3354 final = &smack_known_star; 3355 break; 3356 case DEVPTS_SUPER_MAGIC: 3357 /* 3358 * devpts seems content with the label of the task. 3359 * Programs that change smack have to treat the 3360 * pty with respect. 3361 */ 3362 final = ckp; 3363 break; 3364 case PROC_SUPER_MAGIC: 3365 /* 3366 * Casey says procfs appears not to care. 3367 * The superblock default suffices. 3368 */ 3369 break; 3370 case TMPFS_MAGIC: 3371 /* 3372 * Device labels should come from the filesystem, 3373 * but watch out, because they're volitile, 3374 * getting recreated on every reboot. 3375 */ 3376 final = &smack_known_star; 3377 /* 3378 * If a smack value has been set we want to use it, 3379 * but since tmpfs isn't giving us the opportunity 3380 * to set mount options simulate setting the 3381 * superblock default. 3382 */ 3383 fallthrough; 3384 default: 3385 /* 3386 * This isn't an understood special case. 3387 * Get the value from the xattr. 3388 */ 3389 3390 /* 3391 * UNIX domain sockets use lower level socket data. 3392 */ 3393 if (S_ISSOCK(inode->i_mode)) { 3394 final = &smack_known_star; 3395 break; 3396 } 3397 /* 3398 * No xattr support means, alas, no SMACK label. 3399 * Use the aforeapplied default. 3400 * It would be curious if the label of the task 3401 * does not match that assigned. 3402 */ 3403 if (!(inode->i_opflags & IOP_XATTR)) 3404 break; 3405 /* 3406 * Get the dentry for xattr. 3407 */ 3408 dp = dget(opt_dentry); 3409 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3410 if (!IS_ERR_OR_NULL(skp)) 3411 final = skp; 3412 3413 /* 3414 * Transmuting directory 3415 */ 3416 if (S_ISDIR(inode->i_mode)) { 3417 /* 3418 * If this is a new directory and the label was 3419 * transmuted when the inode was initialized 3420 * set the transmute attribute on the directory 3421 * and mark the inode. 3422 * 3423 * If there is a transmute attribute on the 3424 * directory mark the inode. 3425 */ 3426 if (isp->smk_flags & SMK_INODE_CHANGED) { 3427 isp->smk_flags &= ~SMK_INODE_CHANGED; 3428 rc = __vfs_setxattr(dp, inode, 3429 XATTR_NAME_SMACKTRANSMUTE, 3430 TRANS_TRUE, TRANS_TRUE_SIZE, 3431 0); 3432 } else { 3433 rc = __vfs_getxattr(dp, inode, 3434 XATTR_NAME_SMACKTRANSMUTE, trattr, 3435 TRANS_TRUE_SIZE); 3436 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3437 TRANS_TRUE_SIZE) != 0) 3438 rc = -EINVAL; 3439 } 3440 if (rc >= 0) 3441 transflag = SMK_INODE_TRANSMUTE; 3442 } 3443 /* 3444 * Don't let the exec or mmap label be "*" or "@". 3445 */ 3446 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3447 if (IS_ERR(skp) || skp == &smack_known_star || 3448 skp == &smack_known_web) 3449 skp = NULL; 3450 isp->smk_task = skp; 3451 3452 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3453 if (IS_ERR(skp) || skp == &smack_known_star || 3454 skp == &smack_known_web) 3455 skp = NULL; 3456 isp->smk_mmap = skp; 3457 3458 dput(dp); 3459 break; 3460 } 3461 3462 if (final == NULL) 3463 isp->smk_inode = ckp; 3464 else 3465 isp->smk_inode = final; 3466 3467 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3468 3469 return; 3470 } 3471 3472 /** 3473 * smack_getprocattr - Smack process attribute access 3474 * @p: the object task 3475 * @name: the name of the attribute in /proc/.../attr 3476 * @value: where to put the result 3477 * 3478 * Places a copy of the task Smack into value 3479 * 3480 * Returns the length of the smack label or an error code 3481 */ 3482 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3483 { 3484 struct smack_known *skp = smk_of_task_struct(p); 3485 char *cp; 3486 int slen; 3487 3488 if (strcmp(name, "current") != 0) 3489 return -EINVAL; 3490 3491 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3492 if (cp == NULL) 3493 return -ENOMEM; 3494 3495 slen = strlen(cp); 3496 *value = cp; 3497 return slen; 3498 } 3499 3500 /** 3501 * smack_setprocattr - Smack process attribute setting 3502 * @name: the name of the attribute in /proc/.../attr 3503 * @value: the value to set 3504 * @size: the size of the value 3505 * 3506 * Sets the Smack value of the task. Only setting self 3507 * is permitted and only with privilege 3508 * 3509 * Returns the length of the smack label or an error code 3510 */ 3511 static int smack_setprocattr(const char *name, void *value, size_t size) 3512 { 3513 struct task_smack *tsp = smack_cred(current_cred()); 3514 struct cred *new; 3515 struct smack_known *skp; 3516 struct smack_known_list_elem *sklep; 3517 int rc; 3518 3519 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3520 return -EPERM; 3521 3522 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3523 return -EINVAL; 3524 3525 if (strcmp(name, "current") != 0) 3526 return -EINVAL; 3527 3528 skp = smk_import_entry(value, size); 3529 if (IS_ERR(skp)) 3530 return PTR_ERR(skp); 3531 3532 /* 3533 * No process is ever allowed the web ("@") label 3534 * and the star ("*") label. 3535 */ 3536 if (skp == &smack_known_web || skp == &smack_known_star) 3537 return -EINVAL; 3538 3539 if (!smack_privileged(CAP_MAC_ADMIN)) { 3540 rc = -EPERM; 3541 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3542 if (sklep->smk_label == skp) { 3543 rc = 0; 3544 break; 3545 } 3546 if (rc) 3547 return rc; 3548 } 3549 3550 new = prepare_creds(); 3551 if (new == NULL) 3552 return -ENOMEM; 3553 3554 tsp = smack_cred(new); 3555 tsp->smk_task = skp; 3556 /* 3557 * process can change its label only once 3558 */ 3559 smk_destroy_label_list(&tsp->smk_relabel); 3560 3561 commit_creds(new); 3562 return size; 3563 } 3564 3565 /** 3566 * smack_unix_stream_connect - Smack access on UDS 3567 * @sock: one sock 3568 * @other: the other sock 3569 * @newsk: unused 3570 * 3571 * Return 0 if a subject with the smack of sock could access 3572 * an object with the smack of other, otherwise an error code 3573 */ 3574 static int smack_unix_stream_connect(struct sock *sock, 3575 struct sock *other, struct sock *newsk) 3576 { 3577 struct smack_known *skp; 3578 struct smack_known *okp; 3579 struct socket_smack *ssp = sock->sk_security; 3580 struct socket_smack *osp = other->sk_security; 3581 struct socket_smack *nsp = newsk->sk_security; 3582 struct smk_audit_info ad; 3583 int rc = 0; 3584 #ifdef CONFIG_AUDIT 3585 struct lsm_network_audit net; 3586 #endif 3587 3588 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3589 skp = ssp->smk_out; 3590 okp = osp->smk_in; 3591 #ifdef CONFIG_AUDIT 3592 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3593 smk_ad_setfield_u_net_sk(&ad, other); 3594 #endif 3595 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3596 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3597 if (rc == 0) { 3598 okp = osp->smk_out; 3599 skp = ssp->smk_in; 3600 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3601 rc = smk_bu_note("UDS connect", okp, skp, 3602 MAY_WRITE, rc); 3603 } 3604 } 3605 3606 /* 3607 * Cross reference the peer labels for SO_PEERSEC. 3608 */ 3609 if (rc == 0) { 3610 nsp->smk_packet = ssp->smk_out; 3611 ssp->smk_packet = osp->smk_out; 3612 } 3613 3614 return rc; 3615 } 3616 3617 /** 3618 * smack_unix_may_send - Smack access on UDS 3619 * @sock: one socket 3620 * @other: the other socket 3621 * 3622 * Return 0 if a subject with the smack of sock could access 3623 * an object with the smack of other, otherwise an error code 3624 */ 3625 static int smack_unix_may_send(struct socket *sock, struct socket *other) 3626 { 3627 struct socket_smack *ssp = sock->sk->sk_security; 3628 struct socket_smack *osp = other->sk->sk_security; 3629 struct smk_audit_info ad; 3630 int rc; 3631 3632 #ifdef CONFIG_AUDIT 3633 struct lsm_network_audit net; 3634 3635 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3636 smk_ad_setfield_u_net_sk(&ad, other->sk); 3637 #endif 3638 3639 if (smack_privileged(CAP_MAC_OVERRIDE)) 3640 return 0; 3641 3642 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3643 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3644 return rc; 3645 } 3646 3647 /** 3648 * smack_socket_sendmsg - Smack check based on destination host 3649 * @sock: the socket 3650 * @msg: the message 3651 * @size: the size of the message 3652 * 3653 * Return 0 if the current subject can write to the destination host. 3654 * For IPv4 this is only a question if the destination is a single label host. 3655 * For IPv6 this is a check against the label of the port. 3656 */ 3657 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3658 int size) 3659 { 3660 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3661 #if IS_ENABLED(CONFIG_IPV6) 3662 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3663 #endif 3664 #ifdef SMACK_IPV6_SECMARK_LABELING 3665 struct socket_smack *ssp = sock->sk->sk_security; 3666 struct smack_known *rsp; 3667 #endif 3668 int rc = 0; 3669 3670 /* 3671 * Perfectly reasonable for this to be NULL 3672 */ 3673 if (sip == NULL) 3674 return 0; 3675 3676 switch (sock->sk->sk_family) { 3677 case AF_INET: 3678 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3679 sip->sin_family != AF_INET) 3680 return -EINVAL; 3681 rc = smk_ipv4_check(sock->sk, sip); 3682 break; 3683 #if IS_ENABLED(CONFIG_IPV6) 3684 case AF_INET6: 3685 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3686 sap->sin6_family != AF_INET6) 3687 return -EINVAL; 3688 #ifdef SMACK_IPV6_SECMARK_LABELING 3689 rsp = smack_ipv6host_label(sap); 3690 if (rsp != NULL) 3691 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3692 SMK_CONNECTING); 3693 #endif 3694 #ifdef SMACK_IPV6_PORT_LABELING 3695 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3696 #endif 3697 #endif /* IS_ENABLED(CONFIG_IPV6) */ 3698 break; 3699 } 3700 return rc; 3701 } 3702 3703 /** 3704 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3705 * @sap: netlabel secattr 3706 * @ssp: socket security information 3707 * 3708 * Returns a pointer to a Smack label entry found on the label list. 3709 */ 3710 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3711 struct socket_smack *ssp) 3712 { 3713 struct smack_known *skp; 3714 int found = 0; 3715 int acat; 3716 int kcat; 3717 3718 /* 3719 * Netlabel found it in the cache. 3720 */ 3721 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3722 return (struct smack_known *)sap->cache->data; 3723 3724 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3725 /* 3726 * Looks like a fallback, which gives us a secid. 3727 */ 3728 return smack_from_secid(sap->attr.secid); 3729 3730 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3731 /* 3732 * Looks like a CIPSO packet. 3733 * If there are flags but no level netlabel isn't 3734 * behaving the way we expect it to. 3735 * 3736 * Look it up in the label table 3737 * Without guidance regarding the smack value 3738 * for the packet fall back on the network 3739 * ambient value. 3740 */ 3741 rcu_read_lock(); 3742 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3743 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3744 continue; 3745 /* 3746 * Compare the catsets. Use the netlbl APIs. 3747 */ 3748 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3749 if ((skp->smk_netlabel.flags & 3750 NETLBL_SECATTR_MLS_CAT) == 0) 3751 found = 1; 3752 break; 3753 } 3754 for (acat = -1, kcat = -1; acat == kcat; ) { 3755 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3756 acat + 1); 3757 kcat = netlbl_catmap_walk( 3758 skp->smk_netlabel.attr.mls.cat, 3759 kcat + 1); 3760 if (acat < 0 || kcat < 0) 3761 break; 3762 } 3763 if (acat == kcat) { 3764 found = 1; 3765 break; 3766 } 3767 } 3768 rcu_read_unlock(); 3769 3770 if (found) 3771 return skp; 3772 3773 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3774 return &smack_known_web; 3775 return &smack_known_star; 3776 } 3777 /* 3778 * Without guidance regarding the smack value 3779 * for the packet fall back on the network 3780 * ambient value. 3781 */ 3782 return smack_net_ambient; 3783 } 3784 3785 #if IS_ENABLED(CONFIG_IPV6) 3786 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3787 { 3788 u8 nexthdr; 3789 int offset; 3790 int proto = -EINVAL; 3791 struct ipv6hdr _ipv6h; 3792 struct ipv6hdr *ip6; 3793 __be16 frag_off; 3794 struct tcphdr _tcph, *th; 3795 struct udphdr _udph, *uh; 3796 struct dccp_hdr _dccph, *dh; 3797 3798 sip->sin6_port = 0; 3799 3800 offset = skb_network_offset(skb); 3801 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3802 if (ip6 == NULL) 3803 return -EINVAL; 3804 sip->sin6_addr = ip6->saddr; 3805 3806 nexthdr = ip6->nexthdr; 3807 offset += sizeof(_ipv6h); 3808 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3809 if (offset < 0) 3810 return -EINVAL; 3811 3812 proto = nexthdr; 3813 switch (proto) { 3814 case IPPROTO_TCP: 3815 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3816 if (th != NULL) 3817 sip->sin6_port = th->source; 3818 break; 3819 case IPPROTO_UDP: 3820 case IPPROTO_UDPLITE: 3821 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3822 if (uh != NULL) 3823 sip->sin6_port = uh->source; 3824 break; 3825 case IPPROTO_DCCP: 3826 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3827 if (dh != NULL) 3828 sip->sin6_port = dh->dccph_sport; 3829 break; 3830 } 3831 return proto; 3832 } 3833 #endif /* CONFIG_IPV6 */ 3834 3835 /** 3836 * smack_from_skb - Smack data from the secmark in an skb 3837 * @skb: packet 3838 * 3839 * Returns smack_known of the secmark or NULL if that won't work. 3840 */ 3841 #ifdef CONFIG_NETWORK_SECMARK 3842 static struct smack_known *smack_from_skb(struct sk_buff *skb) 3843 { 3844 if (skb == NULL || skb->secmark == 0) 3845 return NULL; 3846 3847 return smack_from_secid(skb->secmark); 3848 } 3849 #else 3850 static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3851 { 3852 return NULL; 3853 } 3854 #endif 3855 3856 /** 3857 * smack_from_netlbl - Smack data from the IP options in an skb 3858 * @sk: socket data came in on 3859 * @family: address family 3860 * @skb: packet 3861 * 3862 * Find the Smack label in the IP options. If it hasn't been 3863 * added to the netlabel cache, add it here. 3864 * 3865 * Returns smack_known of the IP options or NULL if that won't work. 3866 */ 3867 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, 3868 struct sk_buff *skb) 3869 { 3870 struct netlbl_lsm_secattr secattr; 3871 struct socket_smack *ssp = NULL; 3872 struct smack_known *skp = NULL; 3873 3874 netlbl_secattr_init(&secattr); 3875 3876 if (sk) 3877 ssp = sk->sk_security; 3878 3879 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 3880 skp = smack_from_secattr(&secattr, ssp); 3881 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 3882 netlbl_cache_add(skb, family, &skp->smk_netlabel); 3883 } 3884 3885 netlbl_secattr_destroy(&secattr); 3886 3887 return skp; 3888 } 3889 3890 /** 3891 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3892 * @sk: socket 3893 * @skb: packet 3894 * 3895 * Returns 0 if the packet should be delivered, an error code otherwise 3896 */ 3897 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3898 { 3899 struct socket_smack *ssp = sk->sk_security; 3900 struct smack_known *skp = NULL; 3901 int rc = 0; 3902 struct smk_audit_info ad; 3903 u16 family = sk->sk_family; 3904 #ifdef CONFIG_AUDIT 3905 struct lsm_network_audit net; 3906 #endif 3907 #if IS_ENABLED(CONFIG_IPV6) 3908 struct sockaddr_in6 sadd; 3909 int proto; 3910 3911 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3912 family = PF_INET; 3913 #endif /* CONFIG_IPV6 */ 3914 3915 switch (family) { 3916 case PF_INET: 3917 /* 3918 * If there is a secmark use it rather than the CIPSO label. 3919 * If there is no secmark fall back to CIPSO. 3920 * The secmark is assumed to reflect policy better. 3921 */ 3922 skp = smack_from_skb(skb); 3923 if (skp == NULL) { 3924 skp = smack_from_netlbl(sk, family, skb); 3925 if (skp == NULL) 3926 skp = smack_net_ambient; 3927 } 3928 3929 #ifdef CONFIG_AUDIT 3930 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3931 ad.a.u.net->family = family; 3932 ad.a.u.net->netif = skb->skb_iif; 3933 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3934 #endif 3935 /* 3936 * Receiving a packet requires that the other end 3937 * be able to write here. Read access is not required. 3938 * This is the simplist possible security model 3939 * for networking. 3940 */ 3941 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3942 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3943 MAY_WRITE, rc); 3944 if (rc != 0) 3945 netlbl_skbuff_err(skb, family, rc, 0); 3946 break; 3947 #if IS_ENABLED(CONFIG_IPV6) 3948 case PF_INET6: 3949 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3950 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3951 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 3952 break; 3953 #ifdef SMACK_IPV6_SECMARK_LABELING 3954 skp = smack_from_skb(skb); 3955 if (skp == NULL) { 3956 if (smk_ipv6_localhost(&sadd)) 3957 break; 3958 skp = smack_ipv6host_label(&sadd); 3959 if (skp == NULL) 3960 skp = smack_net_ambient; 3961 } 3962 #ifdef CONFIG_AUDIT 3963 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3964 ad.a.u.net->family = family; 3965 ad.a.u.net->netif = skb->skb_iif; 3966 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3967 #endif /* CONFIG_AUDIT */ 3968 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3969 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3970 MAY_WRITE, rc); 3971 #endif /* SMACK_IPV6_SECMARK_LABELING */ 3972 #ifdef SMACK_IPV6_PORT_LABELING 3973 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3974 #endif /* SMACK_IPV6_PORT_LABELING */ 3975 if (rc != 0) 3976 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 3977 ICMPV6_ADM_PROHIBITED, 0); 3978 break; 3979 #endif /* CONFIG_IPV6 */ 3980 } 3981 3982 return rc; 3983 } 3984 3985 /** 3986 * smack_socket_getpeersec_stream - pull in packet label 3987 * @sock: the socket 3988 * @optval: user's destination 3989 * @optlen: size thereof 3990 * @len: max thereof 3991 * 3992 * returns zero on success, an error code otherwise 3993 */ 3994 static int smack_socket_getpeersec_stream(struct socket *sock, 3995 char __user *optval, 3996 int __user *optlen, unsigned len) 3997 { 3998 struct socket_smack *ssp; 3999 char *rcp = ""; 4000 int slen = 1; 4001 int rc = 0; 4002 4003 ssp = sock->sk->sk_security; 4004 if (ssp->smk_packet != NULL) { 4005 rcp = ssp->smk_packet->smk_known; 4006 slen = strlen(rcp) + 1; 4007 } 4008 4009 if (slen > len) 4010 rc = -ERANGE; 4011 else if (copy_to_user(optval, rcp, slen) != 0) 4012 rc = -EFAULT; 4013 4014 if (put_user(slen, optlen) != 0) 4015 rc = -EFAULT; 4016 4017 return rc; 4018 } 4019 4020 4021 /** 4022 * smack_socket_getpeersec_dgram - pull in packet label 4023 * @sock: the peer socket 4024 * @skb: packet data 4025 * @secid: pointer to where to put the secid of the packet 4026 * 4027 * Sets the netlabel socket state on sk from parent 4028 */ 4029 static int smack_socket_getpeersec_dgram(struct socket *sock, 4030 struct sk_buff *skb, u32 *secid) 4031 4032 { 4033 struct socket_smack *ssp = NULL; 4034 struct smack_known *skp; 4035 struct sock *sk = NULL; 4036 int family = PF_UNSPEC; 4037 u32 s = 0; /* 0 is the invalid secid */ 4038 4039 if (skb != NULL) { 4040 if (skb->protocol == htons(ETH_P_IP)) 4041 family = PF_INET; 4042 #if IS_ENABLED(CONFIG_IPV6) 4043 else if (skb->protocol == htons(ETH_P_IPV6)) 4044 family = PF_INET6; 4045 #endif /* CONFIG_IPV6 */ 4046 } 4047 if (family == PF_UNSPEC && sock != NULL) 4048 family = sock->sk->sk_family; 4049 4050 switch (family) { 4051 case PF_UNIX: 4052 ssp = sock->sk->sk_security; 4053 s = ssp->smk_out->smk_secid; 4054 break; 4055 case PF_INET: 4056 skp = smack_from_skb(skb); 4057 if (skp) { 4058 s = skp->smk_secid; 4059 break; 4060 } 4061 /* 4062 * Translate what netlabel gave us. 4063 */ 4064 if (sock != NULL) 4065 sk = sock->sk; 4066 skp = smack_from_netlbl(sk, family, skb); 4067 if (skp != NULL) 4068 s = skp->smk_secid; 4069 break; 4070 case PF_INET6: 4071 #ifdef SMACK_IPV6_SECMARK_LABELING 4072 skp = smack_from_skb(skb); 4073 if (skp) 4074 s = skp->smk_secid; 4075 #endif 4076 break; 4077 } 4078 *secid = s; 4079 if (s == 0) 4080 return -EINVAL; 4081 return 0; 4082 } 4083 4084 /** 4085 * smack_sock_graft - Initialize a newly created socket with an existing sock 4086 * @sk: child sock 4087 * @parent: parent socket 4088 * 4089 * Set the smk_{in,out} state of an existing sock based on the process that 4090 * is creating the new socket. 4091 */ 4092 static void smack_sock_graft(struct sock *sk, struct socket *parent) 4093 { 4094 struct socket_smack *ssp; 4095 struct smack_known *skp = smk_of_current(); 4096 4097 if (sk == NULL || 4098 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4099 return; 4100 4101 ssp = sk->sk_security; 4102 ssp->smk_in = skp; 4103 ssp->smk_out = skp; 4104 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4105 } 4106 4107 /** 4108 * smack_inet_conn_request - Smack access check on connect 4109 * @sk: socket involved 4110 * @skb: packet 4111 * @req: unused 4112 * 4113 * Returns 0 if a task with the packet label could write to 4114 * the socket, otherwise an error code 4115 */ 4116 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 4117 struct request_sock *req) 4118 { 4119 u16 family = sk->sk_family; 4120 struct smack_known *skp; 4121 struct socket_smack *ssp = sk->sk_security; 4122 struct sockaddr_in addr; 4123 struct iphdr *hdr; 4124 struct smack_known *hskp; 4125 int rc; 4126 struct smk_audit_info ad; 4127 #ifdef CONFIG_AUDIT 4128 struct lsm_network_audit net; 4129 #endif 4130 4131 #if IS_ENABLED(CONFIG_IPV6) 4132 if (family == PF_INET6) { 4133 /* 4134 * Handle mapped IPv4 packets arriving 4135 * via IPv6 sockets. Don't set up netlabel 4136 * processing on IPv6. 4137 */ 4138 if (skb->protocol == htons(ETH_P_IP)) 4139 family = PF_INET; 4140 else 4141 return 0; 4142 } 4143 #endif /* CONFIG_IPV6 */ 4144 4145 /* 4146 * If there is a secmark use it rather than the CIPSO label. 4147 * If there is no secmark fall back to CIPSO. 4148 * The secmark is assumed to reflect policy better. 4149 */ 4150 skp = smack_from_skb(skb); 4151 if (skp == NULL) { 4152 skp = smack_from_netlbl(sk, family, skb); 4153 if (skp == NULL) 4154 skp = &smack_known_huh; 4155 } 4156 4157 #ifdef CONFIG_AUDIT 4158 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4159 ad.a.u.net->family = family; 4160 ad.a.u.net->netif = skb->skb_iif; 4161 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4162 #endif 4163 /* 4164 * Receiving a packet requires that the other end be able to write 4165 * here. Read access is not required. 4166 */ 4167 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4168 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4169 if (rc != 0) 4170 return rc; 4171 4172 /* 4173 * Save the peer's label in the request_sock so we can later setup 4174 * smk_packet in the child socket so that SO_PEERCRED can report it. 4175 */ 4176 req->peer_secid = skp->smk_secid; 4177 4178 /* 4179 * We need to decide if we want to label the incoming connection here 4180 * if we do we only need to label the request_sock and the stack will 4181 * propagate the wire-label to the sock when it is created. 4182 */ 4183 hdr = ip_hdr(skb); 4184 addr.sin_addr.s_addr = hdr->saddr; 4185 rcu_read_lock(); 4186 hskp = smack_ipv4host_label(&addr); 4187 rcu_read_unlock(); 4188 4189 if (hskp == NULL) 4190 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4191 else 4192 netlbl_req_delattr(req); 4193 4194 return rc; 4195 } 4196 4197 /** 4198 * smack_inet_csk_clone - Copy the connection information to the new socket 4199 * @sk: the new socket 4200 * @req: the connection's request_sock 4201 * 4202 * Transfer the connection's peer label to the newly created socket. 4203 */ 4204 static void smack_inet_csk_clone(struct sock *sk, 4205 const struct request_sock *req) 4206 { 4207 struct socket_smack *ssp = sk->sk_security; 4208 struct smack_known *skp; 4209 4210 if (req->peer_secid != 0) { 4211 skp = smack_from_secid(req->peer_secid); 4212 ssp->smk_packet = skp; 4213 } else 4214 ssp->smk_packet = NULL; 4215 } 4216 4217 /* 4218 * Key management security hooks 4219 * 4220 * Casey has not tested key support very heavily. 4221 * The permission check is most likely too restrictive. 4222 * If you care about keys please have a look. 4223 */ 4224 #ifdef CONFIG_KEYS 4225 4226 /** 4227 * smack_key_alloc - Set the key security blob 4228 * @key: object 4229 * @cred: the credentials to use 4230 * @flags: unused 4231 * 4232 * No allocation required 4233 * 4234 * Returns 0 4235 */ 4236 static int smack_key_alloc(struct key *key, const struct cred *cred, 4237 unsigned long flags) 4238 { 4239 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4240 4241 key->security = skp; 4242 return 0; 4243 } 4244 4245 /** 4246 * smack_key_free - Clear the key security blob 4247 * @key: the object 4248 * 4249 * Clear the blob pointer 4250 */ 4251 static void smack_key_free(struct key *key) 4252 { 4253 key->security = NULL; 4254 } 4255 4256 /** 4257 * smack_key_permission - Smack access on a key 4258 * @key_ref: gets to the object 4259 * @cred: the credentials to use 4260 * @need_perm: requested key permission 4261 * 4262 * Return 0 if the task has read and write to the object, 4263 * an error code otherwise 4264 */ 4265 static int smack_key_permission(key_ref_t key_ref, 4266 const struct cred *cred, 4267 enum key_need_perm need_perm) 4268 { 4269 struct key *keyp; 4270 struct smk_audit_info ad; 4271 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4272 int request = 0; 4273 int rc; 4274 4275 /* 4276 * Validate requested permissions 4277 */ 4278 switch (need_perm) { 4279 case KEY_NEED_READ: 4280 case KEY_NEED_SEARCH: 4281 case KEY_NEED_VIEW: 4282 request |= MAY_READ; 4283 break; 4284 case KEY_NEED_WRITE: 4285 case KEY_NEED_LINK: 4286 case KEY_NEED_SETATTR: 4287 request |= MAY_WRITE; 4288 break; 4289 case KEY_NEED_UNSPECIFIED: 4290 case KEY_NEED_UNLINK: 4291 case KEY_SYSADMIN_OVERRIDE: 4292 case KEY_AUTHTOKEN_OVERRIDE: 4293 case KEY_DEFER_PERM_CHECK: 4294 return 0; 4295 default: 4296 return -EINVAL; 4297 } 4298 4299 keyp = key_ref_to_ptr(key_ref); 4300 if (keyp == NULL) 4301 return -EINVAL; 4302 /* 4303 * If the key hasn't been initialized give it access so that 4304 * it may do so. 4305 */ 4306 if (keyp->security == NULL) 4307 return 0; 4308 /* 4309 * This should not occur 4310 */ 4311 if (tkp == NULL) 4312 return -EACCES; 4313 4314 if (smack_privileged(CAP_MAC_OVERRIDE)) 4315 return 0; 4316 4317 #ifdef CONFIG_AUDIT 4318 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4319 ad.a.u.key_struct.key = keyp->serial; 4320 ad.a.u.key_struct.key_desc = keyp->description; 4321 #endif 4322 rc = smk_access(tkp, keyp->security, request, &ad); 4323 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4324 return rc; 4325 } 4326 4327 /* 4328 * smack_key_getsecurity - Smack label tagging the key 4329 * @key points to the key to be queried 4330 * @_buffer points to a pointer that should be set to point to the 4331 * resulting string (if no label or an error occurs). 4332 * Return the length of the string (including terminating NUL) or -ve if 4333 * an error. 4334 * May also return 0 (and a NULL buffer pointer) if there is no label. 4335 */ 4336 static int smack_key_getsecurity(struct key *key, char **_buffer) 4337 { 4338 struct smack_known *skp = key->security; 4339 size_t length; 4340 char *copy; 4341 4342 if (key->security == NULL) { 4343 *_buffer = NULL; 4344 return 0; 4345 } 4346 4347 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4348 if (copy == NULL) 4349 return -ENOMEM; 4350 length = strlen(copy) + 1; 4351 4352 *_buffer = copy; 4353 return length; 4354 } 4355 4356 4357 #ifdef CONFIG_KEY_NOTIFICATIONS 4358 /** 4359 * smack_watch_key - Smack access to watch a key for notifications. 4360 * @key: The key to be watched 4361 * 4362 * Return 0 if the @watch->cred has permission to read from the key object and 4363 * an error otherwise. 4364 */ 4365 static int smack_watch_key(struct key *key) 4366 { 4367 struct smk_audit_info ad; 4368 struct smack_known *tkp = smk_of_current(); 4369 int rc; 4370 4371 if (key == NULL) 4372 return -EINVAL; 4373 /* 4374 * If the key hasn't been initialized give it access so that 4375 * it may do so. 4376 */ 4377 if (key->security == NULL) 4378 return 0; 4379 /* 4380 * This should not occur 4381 */ 4382 if (tkp == NULL) 4383 return -EACCES; 4384 4385 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4386 return 0; 4387 4388 #ifdef CONFIG_AUDIT 4389 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4390 ad.a.u.key_struct.key = key->serial; 4391 ad.a.u.key_struct.key_desc = key->description; 4392 #endif 4393 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4394 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4395 return rc; 4396 } 4397 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4398 #endif /* CONFIG_KEYS */ 4399 4400 #ifdef CONFIG_WATCH_QUEUE 4401 /** 4402 * smack_post_notification - Smack access to post a notification to a queue 4403 * @w_cred: The credentials of the watcher. 4404 * @cred: The credentials of the event source (may be NULL). 4405 * @n: The notification message to be posted. 4406 */ 4407 static int smack_post_notification(const struct cred *w_cred, 4408 const struct cred *cred, 4409 struct watch_notification *n) 4410 { 4411 struct smk_audit_info ad; 4412 struct smack_known *subj, *obj; 4413 int rc; 4414 4415 /* Always let maintenance notifications through. */ 4416 if (n->type == WATCH_TYPE_META) 4417 return 0; 4418 4419 if (!cred) 4420 return 0; 4421 subj = smk_of_task(smack_cred(cred)); 4422 obj = smk_of_task(smack_cred(w_cred)); 4423 4424 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4425 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4426 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4427 return rc; 4428 } 4429 #endif /* CONFIG_WATCH_QUEUE */ 4430 4431 /* 4432 * Smack Audit hooks 4433 * 4434 * Audit requires a unique representation of each Smack specific 4435 * rule. This unique representation is used to distinguish the 4436 * object to be audited from remaining kernel objects and also 4437 * works as a glue between the audit hooks. 4438 * 4439 * Since repository entries are added but never deleted, we'll use 4440 * the smack_known label address related to the given audit rule as 4441 * the needed unique representation. This also better fits the smack 4442 * model where nearly everything is a label. 4443 */ 4444 #ifdef CONFIG_AUDIT 4445 4446 /** 4447 * smack_audit_rule_init - Initialize a smack audit rule 4448 * @field: audit rule fields given from user-space (audit.h) 4449 * @op: required testing operator (=, !=, >, <, ...) 4450 * @rulestr: smack label to be audited 4451 * @vrule: pointer to save our own audit rule representation 4452 * 4453 * Prepare to audit cases where (@field @op @rulestr) is true. 4454 * The label to be audited is created if necessay. 4455 */ 4456 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4457 { 4458 struct smack_known *skp; 4459 char **rule = (char **)vrule; 4460 *rule = NULL; 4461 4462 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4463 return -EINVAL; 4464 4465 if (op != Audit_equal && op != Audit_not_equal) 4466 return -EINVAL; 4467 4468 skp = smk_import_entry(rulestr, 0); 4469 if (IS_ERR(skp)) 4470 return PTR_ERR(skp); 4471 4472 *rule = skp->smk_known; 4473 4474 return 0; 4475 } 4476 4477 /** 4478 * smack_audit_rule_known - Distinguish Smack audit rules 4479 * @krule: rule of interest, in Audit kernel representation format 4480 * 4481 * This is used to filter Smack rules from remaining Audit ones. 4482 * If it's proved that this rule belongs to us, the 4483 * audit_rule_match hook will be called to do the final judgement. 4484 */ 4485 static int smack_audit_rule_known(struct audit_krule *krule) 4486 { 4487 struct audit_field *f; 4488 int i; 4489 4490 for (i = 0; i < krule->field_count; i++) { 4491 f = &krule->fields[i]; 4492 4493 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4494 return 1; 4495 } 4496 4497 return 0; 4498 } 4499 4500 /** 4501 * smack_audit_rule_match - Audit given object ? 4502 * @secid: security id for identifying the object to test 4503 * @field: audit rule flags given from user-space 4504 * @op: required testing operator 4505 * @vrule: smack internal rule presentation 4506 * 4507 * The core Audit hook. It's used to take the decision of 4508 * whether to audit or not to audit a given object. 4509 */ 4510 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4511 { 4512 struct smack_known *skp; 4513 char *rule = vrule; 4514 4515 if (unlikely(!rule)) { 4516 WARN_ONCE(1, "Smack: missing rule\n"); 4517 return -ENOENT; 4518 } 4519 4520 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4521 return 0; 4522 4523 skp = smack_from_secid(secid); 4524 4525 /* 4526 * No need to do string comparisons. If a match occurs, 4527 * both pointers will point to the same smack_known 4528 * label. 4529 */ 4530 if (op == Audit_equal) 4531 return (rule == skp->smk_known); 4532 if (op == Audit_not_equal) 4533 return (rule != skp->smk_known); 4534 4535 return 0; 4536 } 4537 4538 /* 4539 * There is no need for a smack_audit_rule_free hook. 4540 * No memory was allocated. 4541 */ 4542 4543 #endif /* CONFIG_AUDIT */ 4544 4545 /** 4546 * smack_ismaclabel - check if xattr @name references a smack MAC label 4547 * @name: Full xattr name to check. 4548 */ 4549 static int smack_ismaclabel(const char *name) 4550 { 4551 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4552 } 4553 4554 4555 /** 4556 * smack_secid_to_secctx - return the smack label for a secid 4557 * @secid: incoming integer 4558 * @secdata: destination 4559 * @seclen: how long it is 4560 * 4561 * Exists for networking code. 4562 */ 4563 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4564 { 4565 struct smack_known *skp = smack_from_secid(secid); 4566 4567 if (secdata) 4568 *secdata = skp->smk_known; 4569 *seclen = strlen(skp->smk_known); 4570 return 0; 4571 } 4572 4573 /** 4574 * smack_secctx_to_secid - return the secid for a smack label 4575 * @secdata: smack label 4576 * @seclen: how long result is 4577 * @secid: outgoing integer 4578 * 4579 * Exists for audit and networking code. 4580 */ 4581 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4582 { 4583 struct smack_known *skp = smk_find_entry(secdata); 4584 4585 if (skp) 4586 *secid = skp->smk_secid; 4587 else 4588 *secid = 0; 4589 return 0; 4590 } 4591 4592 /* 4593 * There used to be a smack_release_secctx hook 4594 * that did nothing back when hooks were in a vector. 4595 * Now that there's a list such a hook adds cost. 4596 */ 4597 4598 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4599 { 4600 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 4601 } 4602 4603 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4604 { 4605 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 4606 } 4607 4608 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4609 { 4610 struct smack_known *skp = smk_of_inode(inode); 4611 4612 *ctx = skp->smk_known; 4613 *ctxlen = strlen(skp->smk_known); 4614 return 0; 4615 } 4616 4617 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4618 { 4619 4620 struct task_smack *tsp; 4621 struct smack_known *skp; 4622 struct inode_smack *isp; 4623 struct cred *new_creds = *new; 4624 4625 if (new_creds == NULL) { 4626 new_creds = prepare_creds(); 4627 if (new_creds == NULL) 4628 return -ENOMEM; 4629 } 4630 4631 tsp = smack_cred(new_creds); 4632 4633 /* 4634 * Get label from overlay inode and set it in create_sid 4635 */ 4636 isp = smack_inode(d_inode(dentry->d_parent)); 4637 skp = isp->smk_inode; 4638 tsp->smk_task = skp; 4639 *new = new_creds; 4640 return 0; 4641 } 4642 4643 static int smack_inode_copy_up_xattr(const char *name) 4644 { 4645 /* 4646 * Return 1 if this is the smack access Smack attribute. 4647 */ 4648 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4649 return 1; 4650 4651 return -EOPNOTSUPP; 4652 } 4653 4654 static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4655 struct qstr *name, 4656 const struct cred *old, 4657 struct cred *new) 4658 { 4659 struct task_smack *otsp = smack_cred(old); 4660 struct task_smack *ntsp = smack_cred(new); 4661 struct inode_smack *isp; 4662 int may; 4663 4664 /* 4665 * Use the process credential unless all of 4666 * the transmuting criteria are met 4667 */ 4668 ntsp->smk_task = otsp->smk_task; 4669 4670 /* 4671 * the attribute of the containing directory 4672 */ 4673 isp = smack_inode(d_inode(dentry->d_parent)); 4674 4675 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4676 rcu_read_lock(); 4677 may = smk_access_entry(otsp->smk_task->smk_known, 4678 isp->smk_inode->smk_known, 4679 &otsp->smk_task->smk_rules); 4680 rcu_read_unlock(); 4681 4682 /* 4683 * If the directory is transmuting and the rule 4684 * providing access is transmuting use the containing 4685 * directory label instead of the process label. 4686 */ 4687 if (may > 0 && (may & MAY_TRANSMUTE)) 4688 ntsp->smk_task = isp->smk_inode; 4689 } 4690 return 0; 4691 } 4692 4693 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4694 .lbs_cred = sizeof(struct task_smack), 4695 .lbs_file = sizeof(struct smack_known *), 4696 .lbs_inode = sizeof(struct inode_smack), 4697 .lbs_ipc = sizeof(struct smack_known *), 4698 .lbs_msg_msg = sizeof(struct smack_known *), 4699 }; 4700 4701 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4702 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4703 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4704 LSM_HOOK_INIT(syslog, smack_syslog), 4705 4706 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4707 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4708 4709 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4710 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), 4711 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4712 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4713 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4714 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4715 4716 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4717 4718 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4719 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4720 LSM_HOOK_INIT(inode_link, smack_inode_link), 4721 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4722 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4723 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4724 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4725 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4726 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4727 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4728 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4729 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4730 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4731 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4732 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4733 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4734 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4735 4736 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4737 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4738 LSM_HOOK_INIT(file_lock, smack_file_lock), 4739 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4740 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4741 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4742 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4743 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4744 LSM_HOOK_INIT(file_receive, smack_file_receive), 4745 4746 LSM_HOOK_INIT(file_open, smack_file_open), 4747 4748 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4749 LSM_HOOK_INIT(cred_free, smack_cred_free), 4750 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4751 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4752 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4753 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4754 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4755 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4756 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4757 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4758 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid), 4759 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4760 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4761 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4762 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4763 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4764 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4765 LSM_HOOK_INIT(task_kill, smack_task_kill), 4766 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4767 4768 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4769 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4770 4771 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4772 4773 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4774 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4775 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4776 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4777 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4778 4779 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4780 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4781 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4782 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4783 4784 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4785 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4786 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4787 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4788 4789 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4790 4791 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4792 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4793 4794 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4795 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4796 4797 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4798 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4799 #ifdef SMACK_IPV6_PORT_LABELING 4800 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4801 #endif 4802 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4803 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4804 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4805 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4806 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4807 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4808 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4809 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4810 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4811 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4812 4813 /* key management security hooks */ 4814 #ifdef CONFIG_KEYS 4815 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4816 LSM_HOOK_INIT(key_free, smack_key_free), 4817 LSM_HOOK_INIT(key_permission, smack_key_permission), 4818 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4819 #ifdef CONFIG_KEY_NOTIFICATIONS 4820 LSM_HOOK_INIT(watch_key, smack_watch_key), 4821 #endif 4822 #endif /* CONFIG_KEYS */ 4823 4824 #ifdef CONFIG_WATCH_QUEUE 4825 LSM_HOOK_INIT(post_notification, smack_post_notification), 4826 #endif 4827 4828 /* Audit hooks */ 4829 #ifdef CONFIG_AUDIT 4830 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4831 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4832 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4833 #endif /* CONFIG_AUDIT */ 4834 4835 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4836 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4837 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4838 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4839 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4840 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4841 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4842 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4843 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4844 }; 4845 4846 4847 static __init void init_smack_known_list(void) 4848 { 4849 /* 4850 * Initialize rule list locks 4851 */ 4852 mutex_init(&smack_known_huh.smk_rules_lock); 4853 mutex_init(&smack_known_hat.smk_rules_lock); 4854 mutex_init(&smack_known_floor.smk_rules_lock); 4855 mutex_init(&smack_known_star.smk_rules_lock); 4856 mutex_init(&smack_known_web.smk_rules_lock); 4857 /* 4858 * Initialize rule lists 4859 */ 4860 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4861 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4862 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4863 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4864 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4865 /* 4866 * Create the known labels list 4867 */ 4868 smk_insert_entry(&smack_known_huh); 4869 smk_insert_entry(&smack_known_hat); 4870 smk_insert_entry(&smack_known_star); 4871 smk_insert_entry(&smack_known_floor); 4872 smk_insert_entry(&smack_known_web); 4873 } 4874 4875 /** 4876 * smack_init - initialize the smack system 4877 * 4878 * Returns 0 on success, -ENOMEM is there's no memory 4879 */ 4880 static __init int smack_init(void) 4881 { 4882 struct cred *cred = (struct cred *) current->cred; 4883 struct task_smack *tsp; 4884 4885 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 4886 if (!smack_rule_cache) 4887 return -ENOMEM; 4888 4889 /* 4890 * Set the security state for the initial task. 4891 */ 4892 tsp = smack_cred(cred); 4893 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 4894 4895 /* 4896 * Register with LSM 4897 */ 4898 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4899 smack_enabled = 1; 4900 4901 pr_info("Smack: Initializing.\n"); 4902 #ifdef CONFIG_SECURITY_SMACK_NETFILTER 4903 pr_info("Smack: Netfilter enabled.\n"); 4904 #endif 4905 #ifdef SMACK_IPV6_PORT_LABELING 4906 pr_info("Smack: IPv6 port labeling enabled.\n"); 4907 #endif 4908 #ifdef SMACK_IPV6_SECMARK_LABELING 4909 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4910 #endif 4911 4912 /* initialize the smack_known_list */ 4913 init_smack_known_list(); 4914 4915 return 0; 4916 } 4917 4918 /* 4919 * Smack requires early initialization in order to label 4920 * all processes and objects when they are created. 4921 */ 4922 DEFINE_LSM(smack) = { 4923 .name = "smack", 4924 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 4925 .blobs = &smack_blob_sizes, 4926 .init = smack_init, 4927 }; 4928