1 /* 2 * Simplified MAC Kernel (smack) security module 3 * 4 * This file contains the smack hook function implementations. 5 * 6 * Author: 7 * Casey Schaufler <casey@schaufler-ca.com> 8 * 9 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 10 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 11 * Paul Moore <paul.moore@hp.com> 12 * 13 * This program is free software; you can redistribute it and/or modify 14 * it under the terms of the GNU General Public License version 2, 15 * as published by the Free Software Foundation. 16 */ 17 18 #include <linux/xattr.h> 19 #include <linux/pagemap.h> 20 #include <linux/mount.h> 21 #include <linux/stat.h> 22 #include <linux/kd.h> 23 #include <asm/ioctls.h> 24 #include <linux/ip.h> 25 #include <linux/tcp.h> 26 #include <linux/udp.h> 27 #include <linux/slab.h> 28 #include <linux/mutex.h> 29 #include <linux/pipe_fs_i.h> 30 #include <net/netlabel.h> 31 #include <net/cipso_ipv4.h> 32 #include <linux/audit.h> 33 #include <linux/magic.h> 34 #include "smack.h" 35 36 #define task_security(task) (task_cred_xxx((task), security)) 37 38 /** 39 * smk_fetch - Fetch the smack label from a file. 40 * @ip: a pointer to the inode 41 * @dp: a pointer to the dentry 42 * 43 * Returns a pointer to the master list entry for the Smack label 44 * or NULL if there was no label to fetch. 45 */ 46 static char *smk_fetch(struct inode *ip, struct dentry *dp) 47 { 48 int rc; 49 char in[SMK_LABELLEN]; 50 51 if (ip->i_op->getxattr == NULL) 52 return NULL; 53 54 rc = ip->i_op->getxattr(dp, XATTR_NAME_SMACK, in, SMK_LABELLEN); 55 if (rc < 0) 56 return NULL; 57 58 return smk_import(in, rc); 59 } 60 61 /** 62 * new_inode_smack - allocate an inode security blob 63 * @smack: a pointer to the Smack label to use in the blob 64 * 65 * Returns the new blob or NULL if there's no memory available 66 */ 67 struct inode_smack *new_inode_smack(char *smack) 68 { 69 struct inode_smack *isp; 70 71 isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL); 72 if (isp == NULL) 73 return NULL; 74 75 isp->smk_inode = smack; 76 isp->smk_flags = 0; 77 mutex_init(&isp->smk_lock); 78 79 return isp; 80 } 81 82 /* 83 * LSM hooks. 84 * We he, that is fun! 85 */ 86 87 /** 88 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 89 * @ctp: child task pointer 90 * @mode: ptrace attachment mode 91 * 92 * Returns 0 if access is OK, an error code otherwise 93 * 94 * Do the capability checks, and require read and write. 95 */ 96 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 97 { 98 int rc; 99 struct smk_audit_info ad; 100 char *sp, *tsp; 101 102 rc = cap_ptrace_access_check(ctp, mode); 103 if (rc != 0) 104 return rc; 105 106 sp = current_security(); 107 tsp = task_security(ctp); 108 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 109 smk_ad_setfield_u_tsk(&ad, ctp); 110 111 /* we won't log here, because rc can be overriden */ 112 rc = smk_access(sp, tsp, MAY_READWRITE, NULL); 113 if (rc != 0 && capable(CAP_MAC_OVERRIDE)) 114 rc = 0; 115 116 smack_log(sp, tsp, MAY_READWRITE, rc, &ad); 117 return rc; 118 } 119 120 /** 121 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 122 * @ptp: parent task pointer 123 * 124 * Returns 0 if access is OK, an error code otherwise 125 * 126 * Do the capability checks, and require read and write. 127 */ 128 static int smack_ptrace_traceme(struct task_struct *ptp) 129 { 130 int rc; 131 struct smk_audit_info ad; 132 char *sp, *tsp; 133 134 rc = cap_ptrace_traceme(ptp); 135 if (rc != 0) 136 return rc; 137 138 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 139 smk_ad_setfield_u_tsk(&ad, ptp); 140 141 sp = current_security(); 142 tsp = task_security(ptp); 143 /* we won't log here, because rc can be overriden */ 144 rc = smk_access(tsp, sp, MAY_READWRITE, NULL); 145 if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) 146 rc = 0; 147 148 smack_log(tsp, sp, MAY_READWRITE, rc, &ad); 149 return rc; 150 } 151 152 /** 153 * smack_syslog - Smack approval on syslog 154 * @type: message type 155 * 156 * Require that the task has the floor label 157 * 158 * Returns 0 on success, error code otherwise. 159 */ 160 static int smack_syslog(int type, bool from_file) 161 { 162 int rc; 163 char *sp = current_security(); 164 165 rc = cap_syslog(type, from_file); 166 if (rc != 0) 167 return rc; 168 169 if (capable(CAP_MAC_OVERRIDE)) 170 return 0; 171 172 if (sp != smack_known_floor.smk_known) 173 rc = -EACCES; 174 175 return rc; 176 } 177 178 179 /* 180 * Superblock Hooks. 181 */ 182 183 /** 184 * smack_sb_alloc_security - allocate a superblock blob 185 * @sb: the superblock getting the blob 186 * 187 * Returns 0 on success or -ENOMEM on error. 188 */ 189 static int smack_sb_alloc_security(struct super_block *sb) 190 { 191 struct superblock_smack *sbsp; 192 193 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 194 195 if (sbsp == NULL) 196 return -ENOMEM; 197 198 sbsp->smk_root = smack_known_floor.smk_known; 199 sbsp->smk_default = smack_known_floor.smk_known; 200 sbsp->smk_floor = smack_known_floor.smk_known; 201 sbsp->smk_hat = smack_known_hat.smk_known; 202 sbsp->smk_initialized = 0; 203 spin_lock_init(&sbsp->smk_sblock); 204 205 sb->s_security = sbsp; 206 207 return 0; 208 } 209 210 /** 211 * smack_sb_free_security - free a superblock blob 212 * @sb: the superblock getting the blob 213 * 214 */ 215 static void smack_sb_free_security(struct super_block *sb) 216 { 217 kfree(sb->s_security); 218 sb->s_security = NULL; 219 } 220 221 /** 222 * smack_sb_copy_data - copy mount options data for processing 223 * @orig: where to start 224 * @smackopts: mount options string 225 * 226 * Returns 0 on success or -ENOMEM on error. 227 * 228 * Copy the Smack specific mount options out of the mount 229 * options list. 230 */ 231 static int smack_sb_copy_data(char *orig, char *smackopts) 232 { 233 char *cp, *commap, *otheropts, *dp; 234 235 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 236 if (otheropts == NULL) 237 return -ENOMEM; 238 239 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 240 if (strstr(cp, SMK_FSDEFAULT) == cp) 241 dp = smackopts; 242 else if (strstr(cp, SMK_FSFLOOR) == cp) 243 dp = smackopts; 244 else if (strstr(cp, SMK_FSHAT) == cp) 245 dp = smackopts; 246 else if (strstr(cp, SMK_FSROOT) == cp) 247 dp = smackopts; 248 else 249 dp = otheropts; 250 251 commap = strchr(cp, ','); 252 if (commap != NULL) 253 *commap = '\0'; 254 255 if (*dp != '\0') 256 strcat(dp, ","); 257 strcat(dp, cp); 258 } 259 260 strcpy(orig, otheropts); 261 free_page((unsigned long)otheropts); 262 263 return 0; 264 } 265 266 /** 267 * smack_sb_kern_mount - Smack specific mount processing 268 * @sb: the file system superblock 269 * @flags: the mount flags 270 * @data: the smack mount options 271 * 272 * Returns 0 on success, an error code on failure 273 */ 274 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 275 { 276 struct dentry *root = sb->s_root; 277 struct inode *inode = root->d_inode; 278 struct superblock_smack *sp = sb->s_security; 279 struct inode_smack *isp; 280 char *op; 281 char *commap; 282 char *nsp; 283 284 spin_lock(&sp->smk_sblock); 285 if (sp->smk_initialized != 0) { 286 spin_unlock(&sp->smk_sblock); 287 return 0; 288 } 289 sp->smk_initialized = 1; 290 spin_unlock(&sp->smk_sblock); 291 292 for (op = data; op != NULL; op = commap) { 293 commap = strchr(op, ','); 294 if (commap != NULL) 295 *commap++ = '\0'; 296 297 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { 298 op += strlen(SMK_FSHAT); 299 nsp = smk_import(op, 0); 300 if (nsp != NULL) 301 sp->smk_hat = nsp; 302 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { 303 op += strlen(SMK_FSFLOOR); 304 nsp = smk_import(op, 0); 305 if (nsp != NULL) 306 sp->smk_floor = nsp; 307 } else if (strncmp(op, SMK_FSDEFAULT, 308 strlen(SMK_FSDEFAULT)) == 0) { 309 op += strlen(SMK_FSDEFAULT); 310 nsp = smk_import(op, 0); 311 if (nsp != NULL) 312 sp->smk_default = nsp; 313 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { 314 op += strlen(SMK_FSROOT); 315 nsp = smk_import(op, 0); 316 if (nsp != NULL) 317 sp->smk_root = nsp; 318 } 319 } 320 321 /* 322 * Initialize the root inode. 323 */ 324 isp = inode->i_security; 325 if (isp == NULL) 326 inode->i_security = new_inode_smack(sp->smk_root); 327 else 328 isp->smk_inode = sp->smk_root; 329 330 return 0; 331 } 332 333 /** 334 * smack_sb_statfs - Smack check on statfs 335 * @dentry: identifies the file system in question 336 * 337 * Returns 0 if current can read the floor of the filesystem, 338 * and error code otherwise 339 */ 340 static int smack_sb_statfs(struct dentry *dentry) 341 { 342 struct superblock_smack *sbp = dentry->d_sb->s_security; 343 int rc; 344 struct smk_audit_info ad; 345 346 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 347 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 348 349 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 350 return rc; 351 } 352 353 /** 354 * smack_sb_mount - Smack check for mounting 355 * @dev_name: unused 356 * @path: mount point 357 * @type: unused 358 * @flags: unused 359 * @data: unused 360 * 361 * Returns 0 if current can write the floor of the filesystem 362 * being mounted on, an error code otherwise. 363 */ 364 static int smack_sb_mount(char *dev_name, struct path *path, 365 char *type, unsigned long flags, void *data) 366 { 367 struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; 368 struct smk_audit_info ad; 369 370 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 371 smk_ad_setfield_u_fs_path(&ad, *path); 372 373 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); 374 } 375 376 /** 377 * smack_sb_umount - Smack check for unmounting 378 * @mnt: file system to unmount 379 * @flags: unused 380 * 381 * Returns 0 if current can write the floor of the filesystem 382 * being unmounted, an error code otherwise. 383 */ 384 static int smack_sb_umount(struct vfsmount *mnt, int flags) 385 { 386 struct superblock_smack *sbp; 387 struct smk_audit_info ad; 388 389 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 390 smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root); 391 smk_ad_setfield_u_fs_path_mnt(&ad, mnt); 392 393 sbp = mnt->mnt_sb->s_security; 394 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); 395 } 396 397 /* 398 * Inode hooks 399 */ 400 401 /** 402 * smack_inode_alloc_security - allocate an inode blob 403 * @inode: the inode in need of a blob 404 * 405 * Returns 0 if it gets a blob, -ENOMEM otherwise 406 */ 407 static int smack_inode_alloc_security(struct inode *inode) 408 { 409 inode->i_security = new_inode_smack(current_security()); 410 if (inode->i_security == NULL) 411 return -ENOMEM; 412 return 0; 413 } 414 415 /** 416 * smack_inode_free_security - free an inode blob 417 * @inode: the inode with a blob 418 * 419 * Clears the blob pointer in inode 420 */ 421 static void smack_inode_free_security(struct inode *inode) 422 { 423 kfree(inode->i_security); 424 inode->i_security = NULL; 425 } 426 427 /** 428 * smack_inode_init_security - copy out the smack from an inode 429 * @inode: the inode 430 * @dir: unused 431 * @name: where to put the attribute name 432 * @value: where to put the attribute value 433 * @len: where to put the length of the attribute 434 * 435 * Returns 0 if it all works out, -ENOMEM if there's no memory 436 */ 437 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 438 char **name, void **value, size_t *len) 439 { 440 char *isp = smk_of_inode(inode); 441 442 if (name) { 443 *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL); 444 if (*name == NULL) 445 return -ENOMEM; 446 } 447 448 if (value) { 449 *value = kstrdup(isp, GFP_KERNEL); 450 if (*value == NULL) 451 return -ENOMEM; 452 } 453 454 if (len) 455 *len = strlen(isp) + 1; 456 457 return 0; 458 } 459 460 /** 461 * smack_inode_link - Smack check on link 462 * @old_dentry: the existing object 463 * @dir: unused 464 * @new_dentry: the new object 465 * 466 * Returns 0 if access is permitted, an error code otherwise 467 */ 468 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 469 struct dentry *new_dentry) 470 { 471 char *isp; 472 struct smk_audit_info ad; 473 int rc; 474 475 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 476 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 477 478 isp = smk_of_inode(old_dentry->d_inode); 479 rc = smk_curacc(isp, MAY_WRITE, &ad); 480 481 if (rc == 0 && new_dentry->d_inode != NULL) { 482 isp = smk_of_inode(new_dentry->d_inode); 483 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 484 rc = smk_curacc(isp, MAY_WRITE, &ad); 485 } 486 487 return rc; 488 } 489 490 /** 491 * smack_inode_unlink - Smack check on inode deletion 492 * @dir: containing directory object 493 * @dentry: file to unlink 494 * 495 * Returns 0 if current can write the containing directory 496 * and the object, error code otherwise 497 */ 498 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 499 { 500 struct inode *ip = dentry->d_inode; 501 struct smk_audit_info ad; 502 int rc; 503 504 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 505 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 506 507 /* 508 * You need write access to the thing you're unlinking 509 */ 510 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 511 if (rc == 0) { 512 /* 513 * You also need write access to the containing directory 514 */ 515 smk_ad_setfield_u_fs_path_dentry(&ad, NULL); 516 smk_ad_setfield_u_fs_inode(&ad, dir); 517 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 518 } 519 return rc; 520 } 521 522 /** 523 * smack_inode_rmdir - Smack check on directory deletion 524 * @dir: containing directory object 525 * @dentry: directory to unlink 526 * 527 * Returns 0 if current can write the containing directory 528 * and the directory, error code otherwise 529 */ 530 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 531 { 532 struct smk_audit_info ad; 533 int rc; 534 535 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 536 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 537 538 /* 539 * You need write access to the thing you're removing 540 */ 541 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 542 if (rc == 0) { 543 /* 544 * You also need write access to the containing directory 545 */ 546 smk_ad_setfield_u_fs_path_dentry(&ad, NULL); 547 smk_ad_setfield_u_fs_inode(&ad, dir); 548 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 549 } 550 551 return rc; 552 } 553 554 /** 555 * smack_inode_rename - Smack check on rename 556 * @old_inode: the old directory 557 * @old_dentry: unused 558 * @new_inode: the new directory 559 * @new_dentry: unused 560 * 561 * Read and write access is required on both the old and 562 * new directories. 563 * 564 * Returns 0 if access is permitted, an error code otherwise 565 */ 566 static int smack_inode_rename(struct inode *old_inode, 567 struct dentry *old_dentry, 568 struct inode *new_inode, 569 struct dentry *new_dentry) 570 { 571 int rc; 572 char *isp; 573 struct smk_audit_info ad; 574 575 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 576 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 577 578 isp = smk_of_inode(old_dentry->d_inode); 579 rc = smk_curacc(isp, MAY_READWRITE, &ad); 580 581 if (rc == 0 && new_dentry->d_inode != NULL) { 582 isp = smk_of_inode(new_dentry->d_inode); 583 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 584 rc = smk_curacc(isp, MAY_READWRITE, &ad); 585 } 586 return rc; 587 } 588 589 /** 590 * smack_inode_permission - Smack version of permission() 591 * @inode: the inode in question 592 * @mask: the access requested 593 * 594 * This is the important Smack hook. 595 * 596 * Returns 0 if access is permitted, -EACCES otherwise 597 */ 598 static int smack_inode_permission(struct inode *inode, int mask) 599 { 600 struct smk_audit_info ad; 601 602 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 603 /* 604 * No permission to check. Existence test. Yup, it's there. 605 */ 606 if (mask == 0) 607 return 0; 608 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 609 smk_ad_setfield_u_fs_inode(&ad, inode); 610 return smk_curacc(smk_of_inode(inode), mask, &ad); 611 } 612 613 /** 614 * smack_inode_setattr - Smack check for setting attributes 615 * @dentry: the object 616 * @iattr: for the force flag 617 * 618 * Returns 0 if access is permitted, an error code otherwise 619 */ 620 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 621 { 622 struct smk_audit_info ad; 623 /* 624 * Need to allow for clearing the setuid bit. 625 */ 626 if (iattr->ia_valid & ATTR_FORCE) 627 return 0; 628 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 629 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 630 631 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 632 } 633 634 /** 635 * smack_inode_getattr - Smack check for getting attributes 636 * @mnt: unused 637 * @dentry: the object 638 * 639 * Returns 0 if access is permitted, an error code otherwise 640 */ 641 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 642 { 643 struct smk_audit_info ad; 644 645 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 646 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 647 smk_ad_setfield_u_fs_path_mnt(&ad, mnt); 648 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); 649 } 650 651 /** 652 * smack_inode_setxattr - Smack check for setting xattrs 653 * @dentry: the object 654 * @name: name of the attribute 655 * @value: unused 656 * @size: unused 657 * @flags: unused 658 * 659 * This protects the Smack attribute explicitly. 660 * 661 * Returns 0 if access is permitted, an error code otherwise 662 */ 663 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 664 const void *value, size_t size, int flags) 665 { 666 struct smk_audit_info ad; 667 int rc = 0; 668 669 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 670 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 671 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 672 if (!capable(CAP_MAC_ADMIN)) 673 rc = -EPERM; 674 /* 675 * check label validity here so import wont fail on 676 * post_setxattr 677 */ 678 if (size == 0 || size >= SMK_LABELLEN || 679 smk_import(value, size) == NULL) 680 rc = -EINVAL; 681 } else 682 rc = cap_inode_setxattr(dentry, name, value, size, flags); 683 684 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 685 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 686 687 if (rc == 0) 688 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 689 690 return rc; 691 } 692 693 /** 694 * smack_inode_post_setxattr - Apply the Smack update approved above 695 * @dentry: object 696 * @name: attribute name 697 * @value: attribute value 698 * @size: attribute size 699 * @flags: unused 700 * 701 * Set the pointer in the inode blob to the entry found 702 * in the master label list. 703 */ 704 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 705 const void *value, size_t size, int flags) 706 { 707 struct inode_smack *isp; 708 char *nsp; 709 710 /* 711 * Not SMACK 712 */ 713 if (strcmp(name, XATTR_NAME_SMACK)) 714 return; 715 716 isp = dentry->d_inode->i_security; 717 718 /* 719 * No locking is done here. This is a pointer 720 * assignment. 721 */ 722 nsp = smk_import(value, size); 723 if (nsp != NULL) 724 isp->smk_inode = nsp; 725 else 726 isp->smk_inode = smack_known_invalid.smk_known; 727 728 return; 729 } 730 731 /* 732 * smack_inode_getxattr - Smack check on getxattr 733 * @dentry: the object 734 * @name: unused 735 * 736 * Returns 0 if access is permitted, an error code otherwise 737 */ 738 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 739 { 740 struct smk_audit_info ad; 741 742 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 743 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 744 745 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); 746 } 747 748 /* 749 * smack_inode_removexattr - Smack check on removexattr 750 * @dentry: the object 751 * @name: name of the attribute 752 * 753 * Removing the Smack attribute requires CAP_MAC_ADMIN 754 * 755 * Returns 0 if access is permitted, an error code otherwise 756 */ 757 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 758 { 759 struct smk_audit_info ad; 760 int rc = 0; 761 762 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 763 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 764 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 765 if (!capable(CAP_MAC_ADMIN)) 766 rc = -EPERM; 767 } else 768 rc = cap_inode_removexattr(dentry, name); 769 770 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 771 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 772 if (rc == 0) 773 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 774 775 return rc; 776 } 777 778 /** 779 * smack_inode_getsecurity - get smack xattrs 780 * @inode: the object 781 * @name: attribute name 782 * @buffer: where to put the result 783 * @alloc: unused 784 * 785 * Returns the size of the attribute or an error code 786 */ 787 static int smack_inode_getsecurity(const struct inode *inode, 788 const char *name, void **buffer, 789 bool alloc) 790 { 791 struct socket_smack *ssp; 792 struct socket *sock; 793 struct super_block *sbp; 794 struct inode *ip = (struct inode *)inode; 795 char *isp; 796 int ilen; 797 int rc = 0; 798 799 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 800 isp = smk_of_inode(inode); 801 ilen = strlen(isp) + 1; 802 *buffer = isp; 803 return ilen; 804 } 805 806 /* 807 * The rest of the Smack xattrs are only on sockets. 808 */ 809 sbp = ip->i_sb; 810 if (sbp->s_magic != SOCKFS_MAGIC) 811 return -EOPNOTSUPP; 812 813 sock = SOCKET_I(ip); 814 if (sock == NULL || sock->sk == NULL) 815 return -EOPNOTSUPP; 816 817 ssp = sock->sk->sk_security; 818 819 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 820 isp = ssp->smk_in; 821 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 822 isp = ssp->smk_out; 823 else 824 return -EOPNOTSUPP; 825 826 ilen = strlen(isp) + 1; 827 if (rc == 0) { 828 *buffer = isp; 829 rc = ilen; 830 } 831 832 return rc; 833 } 834 835 836 /** 837 * smack_inode_listsecurity - list the Smack attributes 838 * @inode: the object 839 * @buffer: where they go 840 * @buffer_size: size of buffer 841 * 842 * Returns 0 on success, -EINVAL otherwise 843 */ 844 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 845 size_t buffer_size) 846 { 847 int len = strlen(XATTR_NAME_SMACK); 848 849 if (buffer != NULL && len <= buffer_size) { 850 memcpy(buffer, XATTR_NAME_SMACK, len); 851 return len; 852 } 853 return -EINVAL; 854 } 855 856 /** 857 * smack_inode_getsecid - Extract inode's security id 858 * @inode: inode to extract the info from 859 * @secid: where result will be saved 860 */ 861 static void smack_inode_getsecid(const struct inode *inode, u32 *secid) 862 { 863 struct inode_smack *isp = inode->i_security; 864 865 *secid = smack_to_secid(isp->smk_inode); 866 } 867 868 /* 869 * File Hooks 870 */ 871 872 /** 873 * smack_file_permission - Smack check on file operations 874 * @file: unused 875 * @mask: unused 876 * 877 * Returns 0 878 * 879 * Should access checks be done on each read or write? 880 * UNICOS and SELinux say yes. 881 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 882 * 883 * I'll say no for now. Smack does not do the frequent 884 * label changing that SELinux does. 885 */ 886 static int smack_file_permission(struct file *file, int mask) 887 { 888 return 0; 889 } 890 891 /** 892 * smack_file_alloc_security - assign a file security blob 893 * @file: the object 894 * 895 * The security blob for a file is a pointer to the master 896 * label list, so no allocation is done. 897 * 898 * Returns 0 899 */ 900 static int smack_file_alloc_security(struct file *file) 901 { 902 file->f_security = current_security(); 903 return 0; 904 } 905 906 /** 907 * smack_file_free_security - clear a file security blob 908 * @file: the object 909 * 910 * The security blob for a file is a pointer to the master 911 * label list, so no memory is freed. 912 */ 913 static void smack_file_free_security(struct file *file) 914 { 915 file->f_security = NULL; 916 } 917 918 /** 919 * smack_file_ioctl - Smack check on ioctls 920 * @file: the object 921 * @cmd: what to do 922 * @arg: unused 923 * 924 * Relies heavily on the correct use of the ioctl command conventions. 925 * 926 * Returns 0 if allowed, error code otherwise 927 */ 928 static int smack_file_ioctl(struct file *file, unsigned int cmd, 929 unsigned long arg) 930 { 931 int rc = 0; 932 struct smk_audit_info ad; 933 934 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 935 smk_ad_setfield_u_fs_path(&ad, file->f_path); 936 937 if (_IOC_DIR(cmd) & _IOC_WRITE) 938 rc = smk_curacc(file->f_security, MAY_WRITE, &ad); 939 940 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) 941 rc = smk_curacc(file->f_security, MAY_READ, &ad); 942 943 return rc; 944 } 945 946 /** 947 * smack_file_lock - Smack check on file locking 948 * @file: the object 949 * @cmd: unused 950 * 951 * Returns 0 if current has write access, error code otherwise 952 */ 953 static int smack_file_lock(struct file *file, unsigned int cmd) 954 { 955 struct smk_audit_info ad; 956 957 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 958 smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry); 959 return smk_curacc(file->f_security, MAY_WRITE, &ad); 960 } 961 962 /** 963 * smack_file_fcntl - Smack check on fcntl 964 * @file: the object 965 * @cmd: what action to check 966 * @arg: unused 967 * 968 * Returns 0 if current has access, error code otherwise 969 */ 970 static int smack_file_fcntl(struct file *file, unsigned int cmd, 971 unsigned long arg) 972 { 973 struct smk_audit_info ad; 974 int rc; 975 976 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 977 smk_ad_setfield_u_fs_path(&ad, file->f_path); 978 979 switch (cmd) { 980 case F_DUPFD: 981 case F_GETFD: 982 case F_GETFL: 983 case F_GETLK: 984 case F_GETOWN: 985 case F_GETSIG: 986 rc = smk_curacc(file->f_security, MAY_READ, &ad); 987 break; 988 case F_SETFD: 989 case F_SETFL: 990 case F_SETLK: 991 case F_SETLKW: 992 case F_SETOWN: 993 case F_SETSIG: 994 rc = smk_curacc(file->f_security, MAY_WRITE, &ad); 995 break; 996 default: 997 rc = smk_curacc(file->f_security, MAY_READWRITE, &ad); 998 } 999 1000 return rc; 1001 } 1002 1003 /** 1004 * smack_file_set_fowner - set the file security blob value 1005 * @file: object in question 1006 * 1007 * Returns 0 1008 * Further research may be required on this one. 1009 */ 1010 static int smack_file_set_fowner(struct file *file) 1011 { 1012 file->f_security = current_security(); 1013 return 0; 1014 } 1015 1016 /** 1017 * smack_file_send_sigiotask - Smack on sigio 1018 * @tsk: The target task 1019 * @fown: the object the signal come from 1020 * @signum: unused 1021 * 1022 * Allow a privileged task to get signals even if it shouldn't 1023 * 1024 * Returns 0 if a subject with the object's smack could 1025 * write to the task, an error code otherwise. 1026 */ 1027 static int smack_file_send_sigiotask(struct task_struct *tsk, 1028 struct fown_struct *fown, int signum) 1029 { 1030 struct file *file; 1031 int rc; 1032 char *tsp = tsk->cred->security; 1033 struct smk_audit_info ad; 1034 1035 /* 1036 * struct fown_struct is never outside the context of a struct file 1037 */ 1038 file = container_of(fown, struct file, f_owner); 1039 /* we don't log here as rc can be overriden */ 1040 rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL); 1041 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1042 rc = 0; 1043 1044 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1045 smk_ad_setfield_u_tsk(&ad, tsk); 1046 smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad); 1047 return rc; 1048 } 1049 1050 /** 1051 * smack_file_receive - Smack file receive check 1052 * @file: the object 1053 * 1054 * Returns 0 if current has access, error code otherwise 1055 */ 1056 static int smack_file_receive(struct file *file) 1057 { 1058 int may = 0; 1059 struct smk_audit_info ad; 1060 1061 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1062 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1063 /* 1064 * This code relies on bitmasks. 1065 */ 1066 if (file->f_mode & FMODE_READ) 1067 may = MAY_READ; 1068 if (file->f_mode & FMODE_WRITE) 1069 may |= MAY_WRITE; 1070 1071 return smk_curacc(file->f_security, may, &ad); 1072 } 1073 1074 /* 1075 * Task hooks 1076 */ 1077 1078 /** 1079 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1080 * @new: the new credentials 1081 * @gfp: the atomicity of any memory allocations 1082 * 1083 * Prepare a blank set of credentials for modification. This must allocate all 1084 * the memory the LSM module might require such that cred_transfer() can 1085 * complete without error. 1086 */ 1087 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1088 { 1089 cred->security = NULL; 1090 return 0; 1091 } 1092 1093 1094 /** 1095 * smack_cred_free - "free" task-level security credentials 1096 * @cred: the credentials in question 1097 * 1098 * Smack isn't using copies of blobs. Everyone 1099 * points to an immutable list. The blobs never go away. 1100 * There is no leak here. 1101 */ 1102 static void smack_cred_free(struct cred *cred) 1103 { 1104 cred->security = NULL; 1105 } 1106 1107 /** 1108 * smack_cred_prepare - prepare new set of credentials for modification 1109 * @new: the new credentials 1110 * @old: the original credentials 1111 * @gfp: the atomicity of any memory allocations 1112 * 1113 * Prepare a new set of credentials for modification. 1114 */ 1115 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1116 gfp_t gfp) 1117 { 1118 new->security = old->security; 1119 return 0; 1120 } 1121 1122 /** 1123 * smack_cred_transfer - Transfer the old credentials to the new credentials 1124 * @new: the new credentials 1125 * @old: the original credentials 1126 * 1127 * Fill in a set of blank credentials from another set of credentials. 1128 */ 1129 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1130 { 1131 new->security = old->security; 1132 } 1133 1134 /** 1135 * smack_kernel_act_as - Set the subjective context in a set of credentials 1136 * @new: points to the set of credentials to be modified. 1137 * @secid: specifies the security ID to be set 1138 * 1139 * Set the security data for a kernel service. 1140 */ 1141 static int smack_kernel_act_as(struct cred *new, u32 secid) 1142 { 1143 char *smack = smack_from_secid(secid); 1144 1145 if (smack == NULL) 1146 return -EINVAL; 1147 1148 new->security = smack; 1149 return 0; 1150 } 1151 1152 /** 1153 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1154 * @new: points to the set of credentials to be modified 1155 * @inode: points to the inode to use as a reference 1156 * 1157 * Set the file creation context in a set of credentials to the same 1158 * as the objective context of the specified inode 1159 */ 1160 static int smack_kernel_create_files_as(struct cred *new, 1161 struct inode *inode) 1162 { 1163 struct inode_smack *isp = inode->i_security; 1164 1165 new->security = isp->smk_inode; 1166 return 0; 1167 } 1168 1169 /** 1170 * smk_curacc_on_task - helper to log task related access 1171 * @p: the task object 1172 * @access : the access requested 1173 * 1174 * Return 0 if access is permitted 1175 */ 1176 static int smk_curacc_on_task(struct task_struct *p, int access) 1177 { 1178 struct smk_audit_info ad; 1179 1180 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1181 smk_ad_setfield_u_tsk(&ad, p); 1182 return smk_curacc(task_security(p), access, &ad); 1183 } 1184 1185 /** 1186 * smack_task_setpgid - Smack check on setting pgid 1187 * @p: the task object 1188 * @pgid: unused 1189 * 1190 * Return 0 if write access is permitted 1191 */ 1192 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1193 { 1194 return smk_curacc_on_task(p, MAY_WRITE); 1195 } 1196 1197 /** 1198 * smack_task_getpgid - Smack access check for getpgid 1199 * @p: the object task 1200 * 1201 * Returns 0 if current can read the object task, error code otherwise 1202 */ 1203 static int smack_task_getpgid(struct task_struct *p) 1204 { 1205 return smk_curacc_on_task(p, MAY_READ); 1206 } 1207 1208 /** 1209 * smack_task_getsid - Smack access check for getsid 1210 * @p: the object task 1211 * 1212 * Returns 0 if current can read the object task, error code otherwise 1213 */ 1214 static int smack_task_getsid(struct task_struct *p) 1215 { 1216 return smk_curacc_on_task(p, MAY_READ); 1217 } 1218 1219 /** 1220 * smack_task_getsecid - get the secid of the task 1221 * @p: the object task 1222 * @secid: where to put the result 1223 * 1224 * Sets the secid to contain a u32 version of the smack label. 1225 */ 1226 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1227 { 1228 *secid = smack_to_secid(task_security(p)); 1229 } 1230 1231 /** 1232 * smack_task_setnice - Smack check on setting nice 1233 * @p: the task object 1234 * @nice: unused 1235 * 1236 * Return 0 if write access is permitted 1237 */ 1238 static int smack_task_setnice(struct task_struct *p, int nice) 1239 { 1240 int rc; 1241 1242 rc = cap_task_setnice(p, nice); 1243 if (rc == 0) 1244 rc = smk_curacc_on_task(p, MAY_WRITE); 1245 return rc; 1246 } 1247 1248 /** 1249 * smack_task_setioprio - Smack check on setting ioprio 1250 * @p: the task object 1251 * @ioprio: unused 1252 * 1253 * Return 0 if write access is permitted 1254 */ 1255 static int smack_task_setioprio(struct task_struct *p, int ioprio) 1256 { 1257 int rc; 1258 1259 rc = cap_task_setioprio(p, ioprio); 1260 if (rc == 0) 1261 rc = smk_curacc_on_task(p, MAY_WRITE); 1262 return rc; 1263 } 1264 1265 /** 1266 * smack_task_getioprio - Smack check on reading ioprio 1267 * @p: the task object 1268 * 1269 * Return 0 if read access is permitted 1270 */ 1271 static int smack_task_getioprio(struct task_struct *p) 1272 { 1273 return smk_curacc_on_task(p, MAY_READ); 1274 } 1275 1276 /** 1277 * smack_task_setscheduler - Smack check on setting scheduler 1278 * @p: the task object 1279 * @policy: unused 1280 * @lp: unused 1281 * 1282 * Return 0 if read access is permitted 1283 */ 1284 static int smack_task_setscheduler(struct task_struct *p, int policy, 1285 struct sched_param *lp) 1286 { 1287 int rc; 1288 1289 rc = cap_task_setscheduler(p, policy, lp); 1290 if (rc == 0) 1291 rc = smk_curacc_on_task(p, MAY_WRITE); 1292 return rc; 1293 } 1294 1295 /** 1296 * smack_task_getscheduler - Smack check on reading scheduler 1297 * @p: the task object 1298 * 1299 * Return 0 if read access is permitted 1300 */ 1301 static int smack_task_getscheduler(struct task_struct *p) 1302 { 1303 return smk_curacc_on_task(p, MAY_READ); 1304 } 1305 1306 /** 1307 * smack_task_movememory - Smack check on moving memory 1308 * @p: the task object 1309 * 1310 * Return 0 if write access is permitted 1311 */ 1312 static int smack_task_movememory(struct task_struct *p) 1313 { 1314 return smk_curacc_on_task(p, MAY_WRITE); 1315 } 1316 1317 /** 1318 * smack_task_kill - Smack check on signal delivery 1319 * @p: the task object 1320 * @info: unused 1321 * @sig: unused 1322 * @secid: identifies the smack to use in lieu of current's 1323 * 1324 * Return 0 if write access is permitted 1325 * 1326 * The secid behavior is an artifact of an SELinux hack 1327 * in the USB code. Someday it may go away. 1328 */ 1329 static int smack_task_kill(struct task_struct *p, struct siginfo *info, 1330 int sig, u32 secid) 1331 { 1332 struct smk_audit_info ad; 1333 1334 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1335 smk_ad_setfield_u_tsk(&ad, p); 1336 /* 1337 * Sending a signal requires that the sender 1338 * can write the receiver. 1339 */ 1340 if (secid == 0) 1341 return smk_curacc(task_security(p), MAY_WRITE, &ad); 1342 /* 1343 * If the secid isn't 0 we're dealing with some USB IO 1344 * specific behavior. This is not clean. For one thing 1345 * we can't take privilege into account. 1346 */ 1347 return smk_access(smack_from_secid(secid), task_security(p), 1348 MAY_WRITE, &ad); 1349 } 1350 1351 /** 1352 * smack_task_wait - Smack access check for waiting 1353 * @p: task to wait for 1354 * 1355 * Returns 0 if current can wait for p, error code otherwise 1356 */ 1357 static int smack_task_wait(struct task_struct *p) 1358 { 1359 struct smk_audit_info ad; 1360 char *sp = current_security(); 1361 char *tsp = task_security(p); 1362 int rc; 1363 1364 /* we don't log here, we can be overriden */ 1365 rc = smk_access(sp, tsp, MAY_WRITE, NULL); 1366 if (rc == 0) 1367 goto out_log; 1368 1369 /* 1370 * Allow the operation to succeed if either task 1371 * has privilege to perform operations that might 1372 * account for the smack labels having gotten to 1373 * be different in the first place. 1374 * 1375 * This breaks the strict subject/object access 1376 * control ideal, taking the object's privilege 1377 * state into account in the decision as well as 1378 * the smack value. 1379 */ 1380 if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE)) 1381 rc = 0; 1382 /* we log only if we didn't get overriden */ 1383 out_log: 1384 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1385 smk_ad_setfield_u_tsk(&ad, p); 1386 smack_log(sp, tsp, MAY_WRITE, rc, &ad); 1387 return rc; 1388 } 1389 1390 /** 1391 * smack_task_to_inode - copy task smack into the inode blob 1392 * @p: task to copy from 1393 * @inode: inode to copy to 1394 * 1395 * Sets the smack pointer in the inode security blob 1396 */ 1397 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 1398 { 1399 struct inode_smack *isp = inode->i_security; 1400 isp->smk_inode = task_security(p); 1401 } 1402 1403 /* 1404 * Socket hooks. 1405 */ 1406 1407 /** 1408 * smack_sk_alloc_security - Allocate a socket blob 1409 * @sk: the socket 1410 * @family: unused 1411 * @gfp_flags: memory allocation flags 1412 * 1413 * Assign Smack pointers to current 1414 * 1415 * Returns 0 on success, -ENOMEM is there's no memory 1416 */ 1417 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 1418 { 1419 char *csp = current_security(); 1420 struct socket_smack *ssp; 1421 1422 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 1423 if (ssp == NULL) 1424 return -ENOMEM; 1425 1426 ssp->smk_in = csp; 1427 ssp->smk_out = csp; 1428 ssp->smk_packet[0] = '\0'; 1429 1430 sk->sk_security = ssp; 1431 1432 return 0; 1433 } 1434 1435 /** 1436 * smack_sk_free_security - Free a socket blob 1437 * @sk: the socket 1438 * 1439 * Clears the blob pointer 1440 */ 1441 static void smack_sk_free_security(struct sock *sk) 1442 { 1443 kfree(sk->sk_security); 1444 } 1445 1446 /** 1447 * smack_host_label - check host based restrictions 1448 * @sip: the object end 1449 * 1450 * looks for host based access restrictions 1451 * 1452 * This version will only be appropriate for really small sets of single label 1453 * hosts. The caller is responsible for ensuring that the RCU read lock is 1454 * taken before calling this function. 1455 * 1456 * Returns the label of the far end or NULL if it's not special. 1457 */ 1458 static char *smack_host_label(struct sockaddr_in *sip) 1459 { 1460 struct smk_netlbladdr *snp; 1461 struct in_addr *siap = &sip->sin_addr; 1462 1463 if (siap->s_addr == 0) 1464 return NULL; 1465 1466 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) 1467 /* 1468 * we break after finding the first match because 1469 * the list is sorted from longest to shortest mask 1470 * so we have found the most specific match 1471 */ 1472 if ((&snp->smk_host.sin_addr)->s_addr == 1473 (siap->s_addr & (&snp->smk_mask)->s_addr)) { 1474 /* we have found the special CIPSO option */ 1475 if (snp->smk_label == smack_cipso_option) 1476 return NULL; 1477 return snp->smk_label; 1478 } 1479 1480 return NULL; 1481 } 1482 1483 /** 1484 * smack_set_catset - convert a capset to netlabel mls categories 1485 * @catset: the Smack categories 1486 * @sap: where to put the netlabel categories 1487 * 1488 * Allocates and fills attr.mls.cat 1489 */ 1490 static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap) 1491 { 1492 unsigned char *cp; 1493 unsigned char m; 1494 int cat; 1495 int rc; 1496 int byte; 1497 1498 if (!catset) 1499 return; 1500 1501 sap->flags |= NETLBL_SECATTR_MLS_CAT; 1502 sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC); 1503 sap->attr.mls.cat->startbit = 0; 1504 1505 for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++) 1506 for (m = 0x80; m != 0; m >>= 1, cat++) { 1507 if ((m & *cp) == 0) 1508 continue; 1509 rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat, 1510 cat, GFP_ATOMIC); 1511 } 1512 } 1513 1514 /** 1515 * smack_to_secattr - fill a secattr from a smack value 1516 * @smack: the smack value 1517 * @nlsp: where the result goes 1518 * 1519 * Casey says that CIPSO is good enough for now. 1520 * It can be used to effect. 1521 * It can also be abused to effect when necessary. 1522 * Appologies to the TSIG group in general and GW in particular. 1523 */ 1524 static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) 1525 { 1526 struct smack_cipso cipso; 1527 int rc; 1528 1529 nlsp->domain = smack; 1530 nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; 1531 1532 rc = smack_to_cipso(smack, &cipso); 1533 if (rc == 0) { 1534 nlsp->attr.mls.lvl = cipso.smk_level; 1535 smack_set_catset(cipso.smk_catset, nlsp); 1536 } else { 1537 nlsp->attr.mls.lvl = smack_cipso_direct; 1538 smack_set_catset(smack, nlsp); 1539 } 1540 } 1541 1542 /** 1543 * smack_netlabel - Set the secattr on a socket 1544 * @sk: the socket 1545 * @labeled: socket label scheme 1546 * 1547 * Convert the outbound smack value (smk_out) to a 1548 * secattr and attach it to the socket. 1549 * 1550 * Returns 0 on success or an error code 1551 */ 1552 static int smack_netlabel(struct sock *sk, int labeled) 1553 { 1554 struct socket_smack *ssp = sk->sk_security; 1555 struct netlbl_lsm_secattr secattr; 1556 int rc = 0; 1557 1558 /* 1559 * Usually the netlabel code will handle changing the 1560 * packet labeling based on the label. 1561 * The case of a single label host is different, because 1562 * a single label host should never get a labeled packet 1563 * even though the label is usually associated with a packet 1564 * label. 1565 */ 1566 local_bh_disable(); 1567 bh_lock_sock_nested(sk); 1568 1569 if (ssp->smk_out == smack_net_ambient || 1570 labeled == SMACK_UNLABELED_SOCKET) 1571 netlbl_sock_delattr(sk); 1572 else { 1573 netlbl_secattr_init(&secattr); 1574 smack_to_secattr(ssp->smk_out, &secattr); 1575 rc = netlbl_sock_setattr(sk, sk->sk_family, &secattr); 1576 netlbl_secattr_destroy(&secattr); 1577 } 1578 1579 bh_unlock_sock(sk); 1580 local_bh_enable(); 1581 1582 return rc; 1583 } 1584 1585 /** 1586 * smack_netlbel_send - Set the secattr on a socket and perform access checks 1587 * @sk: the socket 1588 * @sap: the destination address 1589 * 1590 * Set the correct secattr for the given socket based on the destination 1591 * address and perform any outbound access checks needed. 1592 * 1593 * Returns 0 on success or an error code. 1594 * 1595 */ 1596 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) 1597 { 1598 int rc; 1599 int sk_lbl; 1600 char *hostsp; 1601 struct socket_smack *ssp = sk->sk_security; 1602 struct smk_audit_info ad; 1603 1604 rcu_read_lock(); 1605 hostsp = smack_host_label(sap); 1606 if (hostsp != NULL) { 1607 sk_lbl = SMACK_UNLABELED_SOCKET; 1608 #ifdef CONFIG_AUDIT 1609 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 1610 ad.a.u.net.family = sap->sin_family; 1611 ad.a.u.net.dport = sap->sin_port; 1612 ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr; 1613 #endif 1614 rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad); 1615 } else { 1616 sk_lbl = SMACK_CIPSO_SOCKET; 1617 rc = 0; 1618 } 1619 rcu_read_unlock(); 1620 if (rc != 0) 1621 return rc; 1622 1623 return smack_netlabel(sk, sk_lbl); 1624 } 1625 1626 /** 1627 * smack_inode_setsecurity - set smack xattrs 1628 * @inode: the object 1629 * @name: attribute name 1630 * @value: attribute value 1631 * @size: size of the attribute 1632 * @flags: unused 1633 * 1634 * Sets the named attribute in the appropriate blob 1635 * 1636 * Returns 0 on success, or an error code 1637 */ 1638 static int smack_inode_setsecurity(struct inode *inode, const char *name, 1639 const void *value, size_t size, int flags) 1640 { 1641 char *sp; 1642 struct inode_smack *nsp = inode->i_security; 1643 struct socket_smack *ssp; 1644 struct socket *sock; 1645 int rc = 0; 1646 1647 if (value == NULL || size > SMK_LABELLEN || size == 0) 1648 return -EACCES; 1649 1650 sp = smk_import(value, size); 1651 if (sp == NULL) 1652 return -EINVAL; 1653 1654 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1655 nsp->smk_inode = sp; 1656 nsp->smk_flags |= SMK_INODE_INSTANT; 1657 return 0; 1658 } 1659 /* 1660 * The rest of the Smack xattrs are only on sockets. 1661 */ 1662 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 1663 return -EOPNOTSUPP; 1664 1665 sock = SOCKET_I(inode); 1666 if (sock == NULL || sock->sk == NULL) 1667 return -EOPNOTSUPP; 1668 1669 ssp = sock->sk->sk_security; 1670 1671 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1672 ssp->smk_in = sp; 1673 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 1674 ssp->smk_out = sp; 1675 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 1676 if (rc != 0) 1677 printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n", 1678 __func__, -rc); 1679 } else 1680 return -EOPNOTSUPP; 1681 1682 return 0; 1683 } 1684 1685 /** 1686 * smack_socket_post_create - finish socket setup 1687 * @sock: the socket 1688 * @family: protocol family 1689 * @type: unused 1690 * @protocol: unused 1691 * @kern: unused 1692 * 1693 * Sets the netlabel information on the socket 1694 * 1695 * Returns 0 on success, and error code otherwise 1696 */ 1697 static int smack_socket_post_create(struct socket *sock, int family, 1698 int type, int protocol, int kern) 1699 { 1700 if (family != PF_INET || sock->sk == NULL) 1701 return 0; 1702 /* 1703 * Set the outbound netlbl. 1704 */ 1705 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 1706 } 1707 1708 /** 1709 * smack_socket_connect - connect access check 1710 * @sock: the socket 1711 * @sap: the other end 1712 * @addrlen: size of sap 1713 * 1714 * Verifies that a connection may be possible 1715 * 1716 * Returns 0 on success, and error code otherwise 1717 */ 1718 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 1719 int addrlen) 1720 { 1721 if (sock->sk == NULL || sock->sk->sk_family != PF_INET) 1722 return 0; 1723 if (addrlen < sizeof(struct sockaddr_in)) 1724 return -EINVAL; 1725 1726 return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); 1727 } 1728 1729 /** 1730 * smack_flags_to_may - convert S_ to MAY_ values 1731 * @flags: the S_ value 1732 * 1733 * Returns the equivalent MAY_ value 1734 */ 1735 static int smack_flags_to_may(int flags) 1736 { 1737 int may = 0; 1738 1739 if (flags & S_IRUGO) 1740 may |= MAY_READ; 1741 if (flags & S_IWUGO) 1742 may |= MAY_WRITE; 1743 if (flags & S_IXUGO) 1744 may |= MAY_EXEC; 1745 1746 return may; 1747 } 1748 1749 /** 1750 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 1751 * @msg: the object 1752 * 1753 * Returns 0 1754 */ 1755 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 1756 { 1757 msg->security = current_security(); 1758 return 0; 1759 } 1760 1761 /** 1762 * smack_msg_msg_free_security - Clear the security blob for msg_msg 1763 * @msg: the object 1764 * 1765 * Clears the blob pointer 1766 */ 1767 static void smack_msg_msg_free_security(struct msg_msg *msg) 1768 { 1769 msg->security = NULL; 1770 } 1771 1772 /** 1773 * smack_of_shm - the smack pointer for the shm 1774 * @shp: the object 1775 * 1776 * Returns a pointer to the smack value 1777 */ 1778 static char *smack_of_shm(struct shmid_kernel *shp) 1779 { 1780 return (char *)shp->shm_perm.security; 1781 } 1782 1783 /** 1784 * smack_shm_alloc_security - Set the security blob for shm 1785 * @shp: the object 1786 * 1787 * Returns 0 1788 */ 1789 static int smack_shm_alloc_security(struct shmid_kernel *shp) 1790 { 1791 struct kern_ipc_perm *isp = &shp->shm_perm; 1792 1793 isp->security = current_security(); 1794 return 0; 1795 } 1796 1797 /** 1798 * smack_shm_free_security - Clear the security blob for shm 1799 * @shp: the object 1800 * 1801 * Clears the blob pointer 1802 */ 1803 static void smack_shm_free_security(struct shmid_kernel *shp) 1804 { 1805 struct kern_ipc_perm *isp = &shp->shm_perm; 1806 1807 isp->security = NULL; 1808 } 1809 1810 /** 1811 * smk_curacc_shm : check if current has access on shm 1812 * @shp : the object 1813 * @access : access requested 1814 * 1815 * Returns 0 if current has the requested access, error code otherwise 1816 */ 1817 static int smk_curacc_shm(struct shmid_kernel *shp, int access) 1818 { 1819 char *ssp = smack_of_shm(shp); 1820 struct smk_audit_info ad; 1821 1822 #ifdef CONFIG_AUDIT 1823 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 1824 ad.a.u.ipc_id = shp->shm_perm.id; 1825 #endif 1826 return smk_curacc(ssp, access, &ad); 1827 } 1828 1829 /** 1830 * smack_shm_associate - Smack access check for shm 1831 * @shp: the object 1832 * @shmflg: access requested 1833 * 1834 * Returns 0 if current has the requested access, error code otherwise 1835 */ 1836 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 1837 { 1838 int may; 1839 1840 may = smack_flags_to_may(shmflg); 1841 return smk_curacc_shm(shp, may); 1842 } 1843 1844 /** 1845 * smack_shm_shmctl - Smack access check for shm 1846 * @shp: the object 1847 * @cmd: what it wants to do 1848 * 1849 * Returns 0 if current has the requested access, error code otherwise 1850 */ 1851 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 1852 { 1853 int may; 1854 1855 switch (cmd) { 1856 case IPC_STAT: 1857 case SHM_STAT: 1858 may = MAY_READ; 1859 break; 1860 case IPC_SET: 1861 case SHM_LOCK: 1862 case SHM_UNLOCK: 1863 case IPC_RMID: 1864 may = MAY_READWRITE; 1865 break; 1866 case IPC_INFO: 1867 case SHM_INFO: 1868 /* 1869 * System level information. 1870 */ 1871 return 0; 1872 default: 1873 return -EINVAL; 1874 } 1875 return smk_curacc_shm(shp, may); 1876 } 1877 1878 /** 1879 * smack_shm_shmat - Smack access for shmat 1880 * @shp: the object 1881 * @shmaddr: unused 1882 * @shmflg: access requested 1883 * 1884 * Returns 0 if current has the requested access, error code otherwise 1885 */ 1886 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 1887 int shmflg) 1888 { 1889 int may; 1890 1891 may = smack_flags_to_may(shmflg); 1892 return smk_curacc_shm(shp, may); 1893 } 1894 1895 /** 1896 * smack_of_sem - the smack pointer for the sem 1897 * @sma: the object 1898 * 1899 * Returns a pointer to the smack value 1900 */ 1901 static char *smack_of_sem(struct sem_array *sma) 1902 { 1903 return (char *)sma->sem_perm.security; 1904 } 1905 1906 /** 1907 * smack_sem_alloc_security - Set the security blob for sem 1908 * @sma: the object 1909 * 1910 * Returns 0 1911 */ 1912 static int smack_sem_alloc_security(struct sem_array *sma) 1913 { 1914 struct kern_ipc_perm *isp = &sma->sem_perm; 1915 1916 isp->security = current_security(); 1917 return 0; 1918 } 1919 1920 /** 1921 * smack_sem_free_security - Clear the security blob for sem 1922 * @sma: the object 1923 * 1924 * Clears the blob pointer 1925 */ 1926 static void smack_sem_free_security(struct sem_array *sma) 1927 { 1928 struct kern_ipc_perm *isp = &sma->sem_perm; 1929 1930 isp->security = NULL; 1931 } 1932 1933 /** 1934 * smk_curacc_sem : check if current has access on sem 1935 * @sma : the object 1936 * @access : access requested 1937 * 1938 * Returns 0 if current has the requested access, error code otherwise 1939 */ 1940 static int smk_curacc_sem(struct sem_array *sma, int access) 1941 { 1942 char *ssp = smack_of_sem(sma); 1943 struct smk_audit_info ad; 1944 1945 #ifdef CONFIG_AUDIT 1946 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 1947 ad.a.u.ipc_id = sma->sem_perm.id; 1948 #endif 1949 return smk_curacc(ssp, access, &ad); 1950 } 1951 1952 /** 1953 * smack_sem_associate - Smack access check for sem 1954 * @sma: the object 1955 * @semflg: access requested 1956 * 1957 * Returns 0 if current has the requested access, error code otherwise 1958 */ 1959 static int smack_sem_associate(struct sem_array *sma, int semflg) 1960 { 1961 int may; 1962 1963 may = smack_flags_to_may(semflg); 1964 return smk_curacc_sem(sma, may); 1965 } 1966 1967 /** 1968 * smack_sem_shmctl - Smack access check for sem 1969 * @sma: the object 1970 * @cmd: what it wants to do 1971 * 1972 * Returns 0 if current has the requested access, error code otherwise 1973 */ 1974 static int smack_sem_semctl(struct sem_array *sma, int cmd) 1975 { 1976 int may; 1977 1978 switch (cmd) { 1979 case GETPID: 1980 case GETNCNT: 1981 case GETZCNT: 1982 case GETVAL: 1983 case GETALL: 1984 case IPC_STAT: 1985 case SEM_STAT: 1986 may = MAY_READ; 1987 break; 1988 case SETVAL: 1989 case SETALL: 1990 case IPC_RMID: 1991 case IPC_SET: 1992 may = MAY_READWRITE; 1993 break; 1994 case IPC_INFO: 1995 case SEM_INFO: 1996 /* 1997 * System level information 1998 */ 1999 return 0; 2000 default: 2001 return -EINVAL; 2002 } 2003 2004 return smk_curacc_sem(sma, may); 2005 } 2006 2007 /** 2008 * smack_sem_semop - Smack checks of semaphore operations 2009 * @sma: the object 2010 * @sops: unused 2011 * @nsops: unused 2012 * @alter: unused 2013 * 2014 * Treated as read and write in all cases. 2015 * 2016 * Returns 0 if access is allowed, error code otherwise 2017 */ 2018 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, 2019 unsigned nsops, int alter) 2020 { 2021 return smk_curacc_sem(sma, MAY_READWRITE); 2022 } 2023 2024 /** 2025 * smack_msg_alloc_security - Set the security blob for msg 2026 * @msq: the object 2027 * 2028 * Returns 0 2029 */ 2030 static int smack_msg_queue_alloc_security(struct msg_queue *msq) 2031 { 2032 struct kern_ipc_perm *kisp = &msq->q_perm; 2033 2034 kisp->security = current_security(); 2035 return 0; 2036 } 2037 2038 /** 2039 * smack_msg_free_security - Clear the security blob for msg 2040 * @msq: the object 2041 * 2042 * Clears the blob pointer 2043 */ 2044 static void smack_msg_queue_free_security(struct msg_queue *msq) 2045 { 2046 struct kern_ipc_perm *kisp = &msq->q_perm; 2047 2048 kisp->security = NULL; 2049 } 2050 2051 /** 2052 * smack_of_msq - the smack pointer for the msq 2053 * @msq: the object 2054 * 2055 * Returns a pointer to the smack value 2056 */ 2057 static char *smack_of_msq(struct msg_queue *msq) 2058 { 2059 return (char *)msq->q_perm.security; 2060 } 2061 2062 /** 2063 * smk_curacc_msq : helper to check if current has access on msq 2064 * @msq : the msq 2065 * @access : access requested 2066 * 2067 * return 0 if current has access, error otherwise 2068 */ 2069 static int smk_curacc_msq(struct msg_queue *msq, int access) 2070 { 2071 char *msp = smack_of_msq(msq); 2072 struct smk_audit_info ad; 2073 2074 #ifdef CONFIG_AUDIT 2075 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2076 ad.a.u.ipc_id = msq->q_perm.id; 2077 #endif 2078 return smk_curacc(msp, access, &ad); 2079 } 2080 2081 /** 2082 * smack_msg_queue_associate - Smack access check for msg_queue 2083 * @msq: the object 2084 * @msqflg: access requested 2085 * 2086 * Returns 0 if current has the requested access, error code otherwise 2087 */ 2088 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) 2089 { 2090 int may; 2091 2092 may = smack_flags_to_may(msqflg); 2093 return smk_curacc_msq(msq, may); 2094 } 2095 2096 /** 2097 * smack_msg_queue_msgctl - Smack access check for msg_queue 2098 * @msq: the object 2099 * @cmd: what it wants to do 2100 * 2101 * Returns 0 if current has the requested access, error code otherwise 2102 */ 2103 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 2104 { 2105 int may; 2106 2107 switch (cmd) { 2108 case IPC_STAT: 2109 case MSG_STAT: 2110 may = MAY_READ; 2111 break; 2112 case IPC_SET: 2113 case IPC_RMID: 2114 may = MAY_READWRITE; 2115 break; 2116 case IPC_INFO: 2117 case MSG_INFO: 2118 /* 2119 * System level information 2120 */ 2121 return 0; 2122 default: 2123 return -EINVAL; 2124 } 2125 2126 return smk_curacc_msq(msq, may); 2127 } 2128 2129 /** 2130 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2131 * @msq: the object 2132 * @msg: unused 2133 * @msqflg: access requested 2134 * 2135 * Returns 0 if current has the requested access, error code otherwise 2136 */ 2137 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 2138 int msqflg) 2139 { 2140 int may; 2141 2142 may = smack_flags_to_may(msqflg); 2143 return smk_curacc_msq(msq, may); 2144 } 2145 2146 /** 2147 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2148 * @msq: the object 2149 * @msg: unused 2150 * @target: unused 2151 * @type: unused 2152 * @mode: unused 2153 * 2154 * Returns 0 if current has read and write access, error code otherwise 2155 */ 2156 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 2157 struct task_struct *target, long type, int mode) 2158 { 2159 return smk_curacc_msq(msq, MAY_READWRITE); 2160 } 2161 2162 /** 2163 * smack_ipc_permission - Smack access for ipc_permission() 2164 * @ipp: the object permissions 2165 * @flag: access requested 2166 * 2167 * Returns 0 if current has read and write access, error code otherwise 2168 */ 2169 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 2170 { 2171 char *isp = ipp->security; 2172 int may = smack_flags_to_may(flag); 2173 struct smk_audit_info ad; 2174 2175 #ifdef CONFIG_AUDIT 2176 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2177 ad.a.u.ipc_id = ipp->id; 2178 #endif 2179 return smk_curacc(isp, may, &ad); 2180 } 2181 2182 /** 2183 * smack_ipc_getsecid - Extract smack security id 2184 * @ipp: the object permissions 2185 * @secid: where result will be saved 2186 */ 2187 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 2188 { 2189 char *smack = ipp->security; 2190 2191 *secid = smack_to_secid(smack); 2192 } 2193 2194 /** 2195 * smack_d_instantiate - Make sure the blob is correct on an inode 2196 * @opt_dentry: dentry where inode will be attached 2197 * @inode: the object 2198 * 2199 * Set the inode's security blob if it hasn't been done already. 2200 */ 2201 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 2202 { 2203 struct super_block *sbp; 2204 struct superblock_smack *sbsp; 2205 struct inode_smack *isp; 2206 char *csp = current_security(); 2207 char *fetched; 2208 char *final; 2209 struct dentry *dp; 2210 2211 if (inode == NULL) 2212 return; 2213 2214 isp = inode->i_security; 2215 2216 mutex_lock(&isp->smk_lock); 2217 /* 2218 * If the inode is already instantiated 2219 * take the quick way out 2220 */ 2221 if (isp->smk_flags & SMK_INODE_INSTANT) 2222 goto unlockandout; 2223 2224 sbp = inode->i_sb; 2225 sbsp = sbp->s_security; 2226 /* 2227 * We're going to use the superblock default label 2228 * if there's no label on the file. 2229 */ 2230 final = sbsp->smk_default; 2231 2232 /* 2233 * If this is the root inode the superblock 2234 * may be in the process of initialization. 2235 * If that is the case use the root value out 2236 * of the superblock. 2237 */ 2238 if (opt_dentry->d_parent == opt_dentry) { 2239 isp->smk_inode = sbsp->smk_root; 2240 isp->smk_flags |= SMK_INODE_INSTANT; 2241 goto unlockandout; 2242 } 2243 2244 /* 2245 * This is pretty hackish. 2246 * Casey says that we shouldn't have to do 2247 * file system specific code, but it does help 2248 * with keeping it simple. 2249 */ 2250 switch (sbp->s_magic) { 2251 case SMACK_MAGIC: 2252 /* 2253 * Casey says that it's a little embarassing 2254 * that the smack file system doesn't do 2255 * extended attributes. 2256 */ 2257 final = smack_known_star.smk_known; 2258 break; 2259 case PIPEFS_MAGIC: 2260 /* 2261 * Casey says pipes are easy (?) 2262 */ 2263 final = smack_known_star.smk_known; 2264 break; 2265 case DEVPTS_SUPER_MAGIC: 2266 /* 2267 * devpts seems content with the label of the task. 2268 * Programs that change smack have to treat the 2269 * pty with respect. 2270 */ 2271 final = csp; 2272 break; 2273 case SOCKFS_MAGIC: 2274 /* 2275 * Casey says sockets get the smack of the task. 2276 */ 2277 final = csp; 2278 break; 2279 case PROC_SUPER_MAGIC: 2280 /* 2281 * Casey says procfs appears not to care. 2282 * The superblock default suffices. 2283 */ 2284 break; 2285 case TMPFS_MAGIC: 2286 /* 2287 * Device labels should come from the filesystem, 2288 * but watch out, because they're volitile, 2289 * getting recreated on every reboot. 2290 */ 2291 final = smack_known_star.smk_known; 2292 /* 2293 * No break. 2294 * 2295 * If a smack value has been set we want to use it, 2296 * but since tmpfs isn't giving us the opportunity 2297 * to set mount options simulate setting the 2298 * superblock default. 2299 */ 2300 default: 2301 /* 2302 * This isn't an understood special case. 2303 * Get the value from the xattr. 2304 * 2305 * No xattr support means, alas, no SMACK label. 2306 * Use the aforeapplied default. 2307 * It would be curious if the label of the task 2308 * does not match that assigned. 2309 */ 2310 if (inode->i_op->getxattr == NULL) 2311 break; 2312 /* 2313 * Get the dentry for xattr. 2314 */ 2315 dp = dget(opt_dentry); 2316 fetched = smk_fetch(inode, dp); 2317 if (fetched != NULL) 2318 final = fetched; 2319 dput(dp); 2320 break; 2321 } 2322 2323 if (final == NULL) 2324 isp->smk_inode = csp; 2325 else 2326 isp->smk_inode = final; 2327 2328 isp->smk_flags |= SMK_INODE_INSTANT; 2329 2330 unlockandout: 2331 mutex_unlock(&isp->smk_lock); 2332 return; 2333 } 2334 2335 /** 2336 * smack_getprocattr - Smack process attribute access 2337 * @p: the object task 2338 * @name: the name of the attribute in /proc/.../attr 2339 * @value: where to put the result 2340 * 2341 * Places a copy of the task Smack into value 2342 * 2343 * Returns the length of the smack label or an error code 2344 */ 2345 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 2346 { 2347 char *cp; 2348 int slen; 2349 2350 if (strcmp(name, "current") != 0) 2351 return -EINVAL; 2352 2353 cp = kstrdup(task_security(p), GFP_KERNEL); 2354 if (cp == NULL) 2355 return -ENOMEM; 2356 2357 slen = strlen(cp); 2358 *value = cp; 2359 return slen; 2360 } 2361 2362 /** 2363 * smack_setprocattr - Smack process attribute setting 2364 * @p: the object task 2365 * @name: the name of the attribute in /proc/.../attr 2366 * @value: the value to set 2367 * @size: the size of the value 2368 * 2369 * Sets the Smack value of the task. Only setting self 2370 * is permitted and only with privilege 2371 * 2372 * Returns the length of the smack label or an error code 2373 */ 2374 static int smack_setprocattr(struct task_struct *p, char *name, 2375 void *value, size_t size) 2376 { 2377 struct cred *new; 2378 char *newsmack; 2379 2380 /* 2381 * Changing another process' Smack value is too dangerous 2382 * and supports no sane use case. 2383 */ 2384 if (p != current) 2385 return -EPERM; 2386 2387 if (!capable(CAP_MAC_ADMIN)) 2388 return -EPERM; 2389 2390 if (value == NULL || size == 0 || size >= SMK_LABELLEN) 2391 return -EINVAL; 2392 2393 if (strcmp(name, "current") != 0) 2394 return -EINVAL; 2395 2396 newsmack = smk_import(value, size); 2397 if (newsmack == NULL) 2398 return -EINVAL; 2399 2400 /* 2401 * No process is ever allowed the web ("@") label. 2402 */ 2403 if (newsmack == smack_known_web.smk_known) 2404 return -EPERM; 2405 2406 new = prepare_creds(); 2407 if (new == NULL) 2408 return -ENOMEM; 2409 new->security = newsmack; 2410 commit_creds(new); 2411 return size; 2412 } 2413 2414 /** 2415 * smack_unix_stream_connect - Smack access on UDS 2416 * @sock: one socket 2417 * @other: the other socket 2418 * @newsk: unused 2419 * 2420 * Return 0 if a subject with the smack of sock could access 2421 * an object with the smack of other, otherwise an error code 2422 */ 2423 static int smack_unix_stream_connect(struct socket *sock, 2424 struct socket *other, struct sock *newsk) 2425 { 2426 struct inode *sp = SOCK_INODE(sock); 2427 struct inode *op = SOCK_INODE(other); 2428 struct smk_audit_info ad; 2429 2430 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 2431 smk_ad_setfield_u_net_sk(&ad, other->sk); 2432 return smk_access(smk_of_inode(sp), smk_of_inode(op), 2433 MAY_READWRITE, &ad); 2434 } 2435 2436 /** 2437 * smack_unix_may_send - Smack access on UDS 2438 * @sock: one socket 2439 * @other: the other socket 2440 * 2441 * Return 0 if a subject with the smack of sock could access 2442 * an object with the smack of other, otherwise an error code 2443 */ 2444 static int smack_unix_may_send(struct socket *sock, struct socket *other) 2445 { 2446 struct inode *sp = SOCK_INODE(sock); 2447 struct inode *op = SOCK_INODE(other); 2448 struct smk_audit_info ad; 2449 2450 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 2451 smk_ad_setfield_u_net_sk(&ad, other->sk); 2452 return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE, &ad); 2453 } 2454 2455 /** 2456 * smack_socket_sendmsg - Smack check based on destination host 2457 * @sock: the socket 2458 * @msg: the message 2459 * @size: the size of the message 2460 * 2461 * Return 0 if the current subject can write to the destination 2462 * host. This is only a question if the destination is a single 2463 * label host. 2464 */ 2465 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 2466 int size) 2467 { 2468 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 2469 2470 /* 2471 * Perfectly reasonable for this to be NULL 2472 */ 2473 if (sip == NULL || sip->sin_family != AF_INET) 2474 return 0; 2475 2476 return smack_netlabel_send(sock->sk, sip); 2477 } 2478 2479 2480 /** 2481 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 2482 * @sap: netlabel secattr 2483 * @sip: where to put the result 2484 * 2485 * Copies a smack label into sip 2486 */ 2487 static void smack_from_secattr(struct netlbl_lsm_secattr *sap, char *sip) 2488 { 2489 char smack[SMK_LABELLEN]; 2490 char *sp; 2491 int pcat; 2492 2493 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 2494 /* 2495 * Looks like a CIPSO packet. 2496 * If there are flags but no level netlabel isn't 2497 * behaving the way we expect it to. 2498 * 2499 * Get the categories, if any 2500 * Without guidance regarding the smack value 2501 * for the packet fall back on the network 2502 * ambient value. 2503 */ 2504 memset(smack, '\0', SMK_LABELLEN); 2505 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0) 2506 for (pcat = -1;;) { 2507 pcat = netlbl_secattr_catmap_walk( 2508 sap->attr.mls.cat, pcat + 1); 2509 if (pcat < 0) 2510 break; 2511 smack_catset_bit(pcat, smack); 2512 } 2513 /* 2514 * If it is CIPSO using smack direct mapping 2515 * we are already done. WeeHee. 2516 */ 2517 if (sap->attr.mls.lvl == smack_cipso_direct) { 2518 memcpy(sip, smack, SMK_MAXLEN); 2519 return; 2520 } 2521 /* 2522 * Look it up in the supplied table if it is not 2523 * a direct mapping. 2524 */ 2525 smack_from_cipso(sap->attr.mls.lvl, smack, sip); 2526 return; 2527 } 2528 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { 2529 /* 2530 * Looks like a fallback, which gives us a secid. 2531 */ 2532 sp = smack_from_secid(sap->attr.secid); 2533 /* 2534 * This has got to be a bug because it is 2535 * impossible to specify a fallback without 2536 * specifying the label, which will ensure 2537 * it has a secid, and the only way to get a 2538 * secid is from a fallback. 2539 */ 2540 BUG_ON(sp == NULL); 2541 strncpy(sip, sp, SMK_MAXLEN); 2542 return; 2543 } 2544 /* 2545 * Without guidance regarding the smack value 2546 * for the packet fall back on the network 2547 * ambient value. 2548 */ 2549 strncpy(sip, smack_net_ambient, SMK_MAXLEN); 2550 return; 2551 } 2552 2553 /** 2554 * smack_socket_sock_rcv_skb - Smack packet delivery access check 2555 * @sk: socket 2556 * @skb: packet 2557 * 2558 * Returns 0 if the packet should be delivered, an error code otherwise 2559 */ 2560 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 2561 { 2562 struct netlbl_lsm_secattr secattr; 2563 struct socket_smack *ssp = sk->sk_security; 2564 char smack[SMK_LABELLEN]; 2565 char *csp; 2566 int rc; 2567 struct smk_audit_info ad; 2568 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2569 return 0; 2570 2571 /* 2572 * Translate what netlabel gave us. 2573 */ 2574 netlbl_secattr_init(&secattr); 2575 2576 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); 2577 if (rc == 0) { 2578 smack_from_secattr(&secattr, smack); 2579 csp = smack; 2580 } else 2581 csp = smack_net_ambient; 2582 2583 netlbl_secattr_destroy(&secattr); 2584 2585 #ifdef CONFIG_AUDIT 2586 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 2587 ad.a.u.net.family = sk->sk_family; 2588 ad.a.u.net.netif = skb->skb_iif; 2589 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 2590 #endif 2591 /* 2592 * Receiving a packet requires that the other end 2593 * be able to write here. Read access is not required. 2594 * This is the simplist possible security model 2595 * for networking. 2596 */ 2597 rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad); 2598 if (rc != 0) 2599 netlbl_skbuff_err(skb, rc, 0); 2600 return rc; 2601 } 2602 2603 /** 2604 * smack_socket_getpeersec_stream - pull in packet label 2605 * @sock: the socket 2606 * @optval: user's destination 2607 * @optlen: size thereof 2608 * @len: max thereof 2609 * 2610 * returns zero on success, an error code otherwise 2611 */ 2612 static int smack_socket_getpeersec_stream(struct socket *sock, 2613 char __user *optval, 2614 int __user *optlen, unsigned len) 2615 { 2616 struct socket_smack *ssp; 2617 int slen; 2618 int rc = 0; 2619 2620 ssp = sock->sk->sk_security; 2621 slen = strlen(ssp->smk_packet) + 1; 2622 2623 if (slen > len) 2624 rc = -ERANGE; 2625 else if (copy_to_user(optval, ssp->smk_packet, slen) != 0) 2626 rc = -EFAULT; 2627 2628 if (put_user(slen, optlen) != 0) 2629 rc = -EFAULT; 2630 2631 return rc; 2632 } 2633 2634 2635 /** 2636 * smack_socket_getpeersec_dgram - pull in packet label 2637 * @sock: the socket 2638 * @skb: packet data 2639 * @secid: pointer to where to put the secid of the packet 2640 * 2641 * Sets the netlabel socket state on sk from parent 2642 */ 2643 static int smack_socket_getpeersec_dgram(struct socket *sock, 2644 struct sk_buff *skb, u32 *secid) 2645 2646 { 2647 struct netlbl_lsm_secattr secattr; 2648 struct sock *sk; 2649 char smack[SMK_LABELLEN]; 2650 int family = PF_INET; 2651 u32 s; 2652 int rc; 2653 2654 /* 2655 * Only works for families with packets. 2656 */ 2657 if (sock != NULL) { 2658 sk = sock->sk; 2659 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2660 return 0; 2661 family = sk->sk_family; 2662 } 2663 /* 2664 * Translate what netlabel gave us. 2665 */ 2666 netlbl_secattr_init(&secattr); 2667 rc = netlbl_skbuff_getattr(skb, family, &secattr); 2668 if (rc == 0) 2669 smack_from_secattr(&secattr, smack); 2670 netlbl_secattr_destroy(&secattr); 2671 2672 /* 2673 * Give up if we couldn't get anything 2674 */ 2675 if (rc != 0) 2676 return rc; 2677 2678 s = smack_to_secid(smack); 2679 if (s == 0) 2680 return -EINVAL; 2681 2682 *secid = s; 2683 return 0; 2684 } 2685 2686 /** 2687 * smack_sock_graft - Initialize a newly created socket with an existing sock 2688 * @sk: child sock 2689 * @parent: parent socket 2690 * 2691 * Set the smk_{in,out} state of an existing sock based on the process that 2692 * is creating the new socket. 2693 */ 2694 static void smack_sock_graft(struct sock *sk, struct socket *parent) 2695 { 2696 struct socket_smack *ssp; 2697 2698 if (sk == NULL || 2699 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 2700 return; 2701 2702 ssp = sk->sk_security; 2703 ssp->smk_in = ssp->smk_out = current_security(); 2704 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 2705 } 2706 2707 /** 2708 * smack_inet_conn_request - Smack access check on connect 2709 * @sk: socket involved 2710 * @skb: packet 2711 * @req: unused 2712 * 2713 * Returns 0 if a task with the packet label could write to 2714 * the socket, otherwise an error code 2715 */ 2716 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 2717 struct request_sock *req) 2718 { 2719 u16 family = sk->sk_family; 2720 struct socket_smack *ssp = sk->sk_security; 2721 struct netlbl_lsm_secattr secattr; 2722 struct sockaddr_in addr; 2723 struct iphdr *hdr; 2724 char smack[SMK_LABELLEN]; 2725 int rc; 2726 struct smk_audit_info ad; 2727 2728 /* handle mapped IPv4 packets arriving via IPv6 sockets */ 2729 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 2730 family = PF_INET; 2731 2732 netlbl_secattr_init(&secattr); 2733 rc = netlbl_skbuff_getattr(skb, family, &secattr); 2734 if (rc == 0) 2735 smack_from_secattr(&secattr, smack); 2736 else 2737 strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); 2738 netlbl_secattr_destroy(&secattr); 2739 2740 #ifdef CONFIG_AUDIT 2741 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 2742 ad.a.u.net.family = family; 2743 ad.a.u.net.netif = skb->skb_iif; 2744 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 2745 #endif 2746 /* 2747 * Receiving a packet requires that the other end be able to write 2748 * here. Read access is not required. 2749 */ 2750 rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad); 2751 if (rc != 0) 2752 return rc; 2753 2754 /* 2755 * Save the peer's label in the request_sock so we can later setup 2756 * smk_packet in the child socket so that SO_PEERCRED can report it. 2757 */ 2758 req->peer_secid = smack_to_secid(smack); 2759 2760 /* 2761 * We need to decide if we want to label the incoming connection here 2762 * if we do we only need to label the request_sock and the stack will 2763 * propogate the wire-label to the sock when it is created. 2764 */ 2765 hdr = ip_hdr(skb); 2766 addr.sin_addr.s_addr = hdr->saddr; 2767 rcu_read_lock(); 2768 if (smack_host_label(&addr) == NULL) { 2769 rcu_read_unlock(); 2770 netlbl_secattr_init(&secattr); 2771 smack_to_secattr(smack, &secattr); 2772 rc = netlbl_req_setattr(req, &secattr); 2773 netlbl_secattr_destroy(&secattr); 2774 } else { 2775 rcu_read_unlock(); 2776 netlbl_req_delattr(req); 2777 } 2778 2779 return rc; 2780 } 2781 2782 /** 2783 * smack_inet_csk_clone - Copy the connection information to the new socket 2784 * @sk: the new socket 2785 * @req: the connection's request_sock 2786 * 2787 * Transfer the connection's peer label to the newly created socket. 2788 */ 2789 static void smack_inet_csk_clone(struct sock *sk, 2790 const struct request_sock *req) 2791 { 2792 struct socket_smack *ssp = sk->sk_security; 2793 char *smack; 2794 2795 if (req->peer_secid != 0) { 2796 smack = smack_from_secid(req->peer_secid); 2797 strncpy(ssp->smk_packet, smack, SMK_MAXLEN); 2798 } else 2799 ssp->smk_packet[0] = '\0'; 2800 } 2801 2802 /* 2803 * Key management security hooks 2804 * 2805 * Casey has not tested key support very heavily. 2806 * The permission check is most likely too restrictive. 2807 * If you care about keys please have a look. 2808 */ 2809 #ifdef CONFIG_KEYS 2810 2811 /** 2812 * smack_key_alloc - Set the key security blob 2813 * @key: object 2814 * @cred: the credentials to use 2815 * @flags: unused 2816 * 2817 * No allocation required 2818 * 2819 * Returns 0 2820 */ 2821 static int smack_key_alloc(struct key *key, const struct cred *cred, 2822 unsigned long flags) 2823 { 2824 key->security = cred->security; 2825 return 0; 2826 } 2827 2828 /** 2829 * smack_key_free - Clear the key security blob 2830 * @key: the object 2831 * 2832 * Clear the blob pointer 2833 */ 2834 static void smack_key_free(struct key *key) 2835 { 2836 key->security = NULL; 2837 } 2838 2839 /* 2840 * smack_key_permission - Smack access on a key 2841 * @key_ref: gets to the object 2842 * @cred: the credentials to use 2843 * @perm: unused 2844 * 2845 * Return 0 if the task has read and write to the object, 2846 * an error code otherwise 2847 */ 2848 static int smack_key_permission(key_ref_t key_ref, 2849 const struct cred *cred, key_perm_t perm) 2850 { 2851 struct key *keyp; 2852 struct smk_audit_info ad; 2853 2854 keyp = key_ref_to_ptr(key_ref); 2855 if (keyp == NULL) 2856 return -EINVAL; 2857 /* 2858 * If the key hasn't been initialized give it access so that 2859 * it may do so. 2860 */ 2861 if (keyp->security == NULL) 2862 return 0; 2863 /* 2864 * This should not occur 2865 */ 2866 if (cred->security == NULL) 2867 return -EACCES; 2868 #ifdef CONFIG_AUDIT 2869 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 2870 ad.a.u.key_struct.key = keyp->serial; 2871 ad.a.u.key_struct.key_desc = keyp->description; 2872 #endif 2873 return smk_access(cred->security, keyp->security, 2874 MAY_READWRITE, &ad); 2875 } 2876 #endif /* CONFIG_KEYS */ 2877 2878 /* 2879 * Smack Audit hooks 2880 * 2881 * Audit requires a unique representation of each Smack specific 2882 * rule. This unique representation is used to distinguish the 2883 * object to be audited from remaining kernel objects and also 2884 * works as a glue between the audit hooks. 2885 * 2886 * Since repository entries are added but never deleted, we'll use 2887 * the smack_known label address related to the given audit rule as 2888 * the needed unique representation. This also better fits the smack 2889 * model where nearly everything is a label. 2890 */ 2891 #ifdef CONFIG_AUDIT 2892 2893 /** 2894 * smack_audit_rule_init - Initialize a smack audit rule 2895 * @field: audit rule fields given from user-space (audit.h) 2896 * @op: required testing operator (=, !=, >, <, ...) 2897 * @rulestr: smack label to be audited 2898 * @vrule: pointer to save our own audit rule representation 2899 * 2900 * Prepare to audit cases where (@field @op @rulestr) is true. 2901 * The label to be audited is created if necessay. 2902 */ 2903 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 2904 { 2905 char **rule = (char **)vrule; 2906 *rule = NULL; 2907 2908 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 2909 return -EINVAL; 2910 2911 if (op != Audit_equal && op != Audit_not_equal) 2912 return -EINVAL; 2913 2914 *rule = smk_import(rulestr, 0); 2915 2916 return 0; 2917 } 2918 2919 /** 2920 * smack_audit_rule_known - Distinguish Smack audit rules 2921 * @krule: rule of interest, in Audit kernel representation format 2922 * 2923 * This is used to filter Smack rules from remaining Audit ones. 2924 * If it's proved that this rule belongs to us, the 2925 * audit_rule_match hook will be called to do the final judgement. 2926 */ 2927 static int smack_audit_rule_known(struct audit_krule *krule) 2928 { 2929 struct audit_field *f; 2930 int i; 2931 2932 for (i = 0; i < krule->field_count; i++) { 2933 f = &krule->fields[i]; 2934 2935 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 2936 return 1; 2937 } 2938 2939 return 0; 2940 } 2941 2942 /** 2943 * smack_audit_rule_match - Audit given object ? 2944 * @secid: security id for identifying the object to test 2945 * @field: audit rule flags given from user-space 2946 * @op: required testing operator 2947 * @vrule: smack internal rule presentation 2948 * @actx: audit context associated with the check 2949 * 2950 * The core Audit hook. It's used to take the decision of 2951 * whether to audit or not to audit a given object. 2952 */ 2953 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 2954 struct audit_context *actx) 2955 { 2956 char *smack; 2957 char *rule = vrule; 2958 2959 if (!rule) { 2960 audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR, 2961 "Smack: missing rule\n"); 2962 return -ENOENT; 2963 } 2964 2965 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 2966 return 0; 2967 2968 smack = smack_from_secid(secid); 2969 2970 /* 2971 * No need to do string comparisons. If a match occurs, 2972 * both pointers will point to the same smack_known 2973 * label. 2974 */ 2975 if (op == Audit_equal) 2976 return (rule == smack); 2977 if (op == Audit_not_equal) 2978 return (rule != smack); 2979 2980 return 0; 2981 } 2982 2983 /** 2984 * smack_audit_rule_free - free smack rule representation 2985 * @vrule: rule to be freed. 2986 * 2987 * No memory was allocated. 2988 */ 2989 static void smack_audit_rule_free(void *vrule) 2990 { 2991 /* No-op */ 2992 } 2993 2994 #endif /* CONFIG_AUDIT */ 2995 2996 /** 2997 * smack_secid_to_secctx - return the smack label for a secid 2998 * @secid: incoming integer 2999 * @secdata: destination 3000 * @seclen: how long it is 3001 * 3002 * Exists for networking code. 3003 */ 3004 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 3005 { 3006 char *sp = smack_from_secid(secid); 3007 3008 *secdata = sp; 3009 *seclen = strlen(sp); 3010 return 0; 3011 } 3012 3013 /** 3014 * smack_secctx_to_secid - return the secid for a smack label 3015 * @secdata: smack label 3016 * @seclen: how long result is 3017 * @secid: outgoing integer 3018 * 3019 * Exists for audit and networking code. 3020 */ 3021 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 3022 { 3023 *secid = smack_to_secid(secdata); 3024 return 0; 3025 } 3026 3027 /** 3028 * smack_release_secctx - don't do anything. 3029 * @secdata: unused 3030 * @seclen: unused 3031 * 3032 * Exists to make sure nothing gets done, and properly 3033 */ 3034 static void smack_release_secctx(char *secdata, u32 seclen) 3035 { 3036 } 3037 3038 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 3039 { 3040 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 3041 } 3042 3043 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 3044 { 3045 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 3046 } 3047 3048 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 3049 { 3050 int len = 0; 3051 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); 3052 3053 if (len < 0) 3054 return len; 3055 *ctxlen = len; 3056 return 0; 3057 } 3058 3059 struct security_operations smack_ops = { 3060 .name = "smack", 3061 3062 .ptrace_access_check = smack_ptrace_access_check, 3063 .ptrace_traceme = smack_ptrace_traceme, 3064 .syslog = smack_syslog, 3065 3066 .sb_alloc_security = smack_sb_alloc_security, 3067 .sb_free_security = smack_sb_free_security, 3068 .sb_copy_data = smack_sb_copy_data, 3069 .sb_kern_mount = smack_sb_kern_mount, 3070 .sb_statfs = smack_sb_statfs, 3071 .sb_mount = smack_sb_mount, 3072 .sb_umount = smack_sb_umount, 3073 3074 .inode_alloc_security = smack_inode_alloc_security, 3075 .inode_free_security = smack_inode_free_security, 3076 .inode_init_security = smack_inode_init_security, 3077 .inode_link = smack_inode_link, 3078 .inode_unlink = smack_inode_unlink, 3079 .inode_rmdir = smack_inode_rmdir, 3080 .inode_rename = smack_inode_rename, 3081 .inode_permission = smack_inode_permission, 3082 .inode_setattr = smack_inode_setattr, 3083 .inode_getattr = smack_inode_getattr, 3084 .inode_setxattr = smack_inode_setxattr, 3085 .inode_post_setxattr = smack_inode_post_setxattr, 3086 .inode_getxattr = smack_inode_getxattr, 3087 .inode_removexattr = smack_inode_removexattr, 3088 .inode_getsecurity = smack_inode_getsecurity, 3089 .inode_setsecurity = smack_inode_setsecurity, 3090 .inode_listsecurity = smack_inode_listsecurity, 3091 .inode_getsecid = smack_inode_getsecid, 3092 3093 .file_permission = smack_file_permission, 3094 .file_alloc_security = smack_file_alloc_security, 3095 .file_free_security = smack_file_free_security, 3096 .file_ioctl = smack_file_ioctl, 3097 .file_lock = smack_file_lock, 3098 .file_fcntl = smack_file_fcntl, 3099 .file_set_fowner = smack_file_set_fowner, 3100 .file_send_sigiotask = smack_file_send_sigiotask, 3101 .file_receive = smack_file_receive, 3102 3103 .cred_alloc_blank = smack_cred_alloc_blank, 3104 .cred_free = smack_cred_free, 3105 .cred_prepare = smack_cred_prepare, 3106 .cred_transfer = smack_cred_transfer, 3107 .kernel_act_as = smack_kernel_act_as, 3108 .kernel_create_files_as = smack_kernel_create_files_as, 3109 .task_setpgid = smack_task_setpgid, 3110 .task_getpgid = smack_task_getpgid, 3111 .task_getsid = smack_task_getsid, 3112 .task_getsecid = smack_task_getsecid, 3113 .task_setnice = smack_task_setnice, 3114 .task_setioprio = smack_task_setioprio, 3115 .task_getioprio = smack_task_getioprio, 3116 .task_setscheduler = smack_task_setscheduler, 3117 .task_getscheduler = smack_task_getscheduler, 3118 .task_movememory = smack_task_movememory, 3119 .task_kill = smack_task_kill, 3120 .task_wait = smack_task_wait, 3121 .task_to_inode = smack_task_to_inode, 3122 3123 .ipc_permission = smack_ipc_permission, 3124 .ipc_getsecid = smack_ipc_getsecid, 3125 3126 .msg_msg_alloc_security = smack_msg_msg_alloc_security, 3127 .msg_msg_free_security = smack_msg_msg_free_security, 3128 3129 .msg_queue_alloc_security = smack_msg_queue_alloc_security, 3130 .msg_queue_free_security = smack_msg_queue_free_security, 3131 .msg_queue_associate = smack_msg_queue_associate, 3132 .msg_queue_msgctl = smack_msg_queue_msgctl, 3133 .msg_queue_msgsnd = smack_msg_queue_msgsnd, 3134 .msg_queue_msgrcv = smack_msg_queue_msgrcv, 3135 3136 .shm_alloc_security = smack_shm_alloc_security, 3137 .shm_free_security = smack_shm_free_security, 3138 .shm_associate = smack_shm_associate, 3139 .shm_shmctl = smack_shm_shmctl, 3140 .shm_shmat = smack_shm_shmat, 3141 3142 .sem_alloc_security = smack_sem_alloc_security, 3143 .sem_free_security = smack_sem_free_security, 3144 .sem_associate = smack_sem_associate, 3145 .sem_semctl = smack_sem_semctl, 3146 .sem_semop = smack_sem_semop, 3147 3148 .d_instantiate = smack_d_instantiate, 3149 3150 .getprocattr = smack_getprocattr, 3151 .setprocattr = smack_setprocattr, 3152 3153 .unix_stream_connect = smack_unix_stream_connect, 3154 .unix_may_send = smack_unix_may_send, 3155 3156 .socket_post_create = smack_socket_post_create, 3157 .socket_connect = smack_socket_connect, 3158 .socket_sendmsg = smack_socket_sendmsg, 3159 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, 3160 .socket_getpeersec_stream = smack_socket_getpeersec_stream, 3161 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, 3162 .sk_alloc_security = smack_sk_alloc_security, 3163 .sk_free_security = smack_sk_free_security, 3164 .sock_graft = smack_sock_graft, 3165 .inet_conn_request = smack_inet_conn_request, 3166 .inet_csk_clone = smack_inet_csk_clone, 3167 3168 /* key management security hooks */ 3169 #ifdef CONFIG_KEYS 3170 .key_alloc = smack_key_alloc, 3171 .key_free = smack_key_free, 3172 .key_permission = smack_key_permission, 3173 #endif /* CONFIG_KEYS */ 3174 3175 /* Audit hooks */ 3176 #ifdef CONFIG_AUDIT 3177 .audit_rule_init = smack_audit_rule_init, 3178 .audit_rule_known = smack_audit_rule_known, 3179 .audit_rule_match = smack_audit_rule_match, 3180 .audit_rule_free = smack_audit_rule_free, 3181 #endif /* CONFIG_AUDIT */ 3182 3183 .secid_to_secctx = smack_secid_to_secctx, 3184 .secctx_to_secid = smack_secctx_to_secid, 3185 .release_secctx = smack_release_secctx, 3186 .inode_notifysecctx = smack_inode_notifysecctx, 3187 .inode_setsecctx = smack_inode_setsecctx, 3188 .inode_getsecctx = smack_inode_getsecctx, 3189 }; 3190 3191 3192 static __init void init_smack_know_list(void) 3193 { 3194 list_add(&smack_known_huh.list, &smack_known_list); 3195 list_add(&smack_known_hat.list, &smack_known_list); 3196 list_add(&smack_known_star.list, &smack_known_list); 3197 list_add(&smack_known_floor.list, &smack_known_list); 3198 list_add(&smack_known_invalid.list, &smack_known_list); 3199 list_add(&smack_known_web.list, &smack_known_list); 3200 } 3201 3202 /** 3203 * smack_init - initialize the smack system 3204 * 3205 * Returns 0 3206 */ 3207 static __init int smack_init(void) 3208 { 3209 struct cred *cred; 3210 3211 if (!security_module_enable(&smack_ops)) 3212 return 0; 3213 3214 printk(KERN_INFO "Smack: Initializing.\n"); 3215 3216 /* 3217 * Set the security state for the initial task. 3218 */ 3219 cred = (struct cred *) current->cred; 3220 cred->security = &smack_known_floor.smk_known; 3221 3222 /* initialize the smack_know_list */ 3223 init_smack_know_list(); 3224 /* 3225 * Initialize locks 3226 */ 3227 spin_lock_init(&smack_known_huh.smk_cipsolock); 3228 spin_lock_init(&smack_known_hat.smk_cipsolock); 3229 spin_lock_init(&smack_known_star.smk_cipsolock); 3230 spin_lock_init(&smack_known_floor.smk_cipsolock); 3231 spin_lock_init(&smack_known_invalid.smk_cipsolock); 3232 3233 /* 3234 * Register with LSM 3235 */ 3236 if (register_security(&smack_ops)) 3237 panic("smack: Unable to register with kernel.\n"); 3238 3239 return 0; 3240 } 3241 3242 /* 3243 * Smack requires early initialization in order to label 3244 * all processes and objects when they are created. 3245 */ 3246 security_initcall(smack_init); 3247