1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/vmalloc.h> 21 #include <linux/security.h> 22 #include <linux/mutex.h> 23 #include <net/net_namespace.h> 24 #include <net/netlabel.h> 25 #include <net/cipso_ipv4.h> 26 #include <linux/seq_file.h> 27 #include <linux/ctype.h> 28 #include <linux/audit.h> 29 #include "smack.h" 30 31 /* 32 * smackfs pseudo filesystem. 33 */ 34 35 enum smk_inos { 36 SMK_ROOT_INO = 2, 37 SMK_LOAD = 3, /* load policy */ 38 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 39 SMK_DOI = 5, /* CIPSO DOI */ 40 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 41 SMK_AMBIENT = 7, /* internet ambient label */ 42 SMK_NETLBLADDR = 8, /* single label hosts */ 43 SMK_ONLYCAP = 9, /* the only "capable" label */ 44 }; 45 46 /* 47 * List locks 48 */ 49 static DEFINE_MUTEX(smack_list_lock); 50 static DEFINE_MUTEX(smack_cipso_lock); 51 static DEFINE_MUTEX(smack_ambient_lock); 52 static DEFINE_MUTEX(smk_netlbladdr_lock); 53 54 /* 55 * This is the "ambient" label for network traffic. 56 * If it isn't somehow marked, use this. 57 * It can be reset via smackfs/ambient 58 */ 59 char *smack_net_ambient = smack_known_floor.smk_known; 60 61 /* 62 * This is the level in a CIPSO header that indicates a 63 * smack label is contained directly in the category set. 64 * It can be reset via smackfs/direct 65 */ 66 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 67 68 /* 69 * Unless a process is running with this label even 70 * having CAP_MAC_OVERRIDE isn't enough to grant 71 * privilege to violate MAC policy. If no label is 72 * designated (the NULL case) capabilities apply to 73 * everyone. It is expected that the hat (^) label 74 * will be used if any label is used. 75 */ 76 char *smack_onlycap; 77 78 /* 79 * Certain IP addresses may be designated as single label hosts. 80 * Packets are sent there unlabeled, but only from tasks that 81 * can write to the specified label. 82 */ 83 struct smk_netlbladdr *smack_netlbladdrs; 84 85 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 86 struct smk_list_entry *smack_list; 87 88 #define SEQ_READ_FINISHED 1 89 90 /* 91 * Values for parsing cipso rules 92 * SMK_DIGITLEN: Length of a digit field in a rule. 93 * SMK_CIPSOMIN: Minimum possible cipso rule length. 94 * SMK_CIPSOMAX: Maximum possible cipso rule length. 95 */ 96 #define SMK_DIGITLEN 4 97 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 98 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 99 100 /* 101 * Values for parsing MAC rules 102 * SMK_ACCESS: Maximum possible combination of access permissions 103 * SMK_ACCESSLEN: Maximum length for a rule access field 104 * SMK_LOADLEN: Smack rule length 105 */ 106 #define SMK_ACCESS "rwxa" 107 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 108 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 109 110 /** 111 * smk_netlabel_audit_set - fill a netlbl_audit struct 112 * @nap: structure to fill 113 */ 114 static void smk_netlabel_audit_set(struct netlbl_audit *nap) 115 { 116 nap->loginuid = audit_get_loginuid(current); 117 nap->sessionid = audit_get_sessionid(current); 118 nap->secid = smack_to_secid(current_security()); 119 } 120 121 /* 122 * Values for parsing single label host rules 123 * "1.2.3.4 X" 124 * "192.168.138.129/32 abcdefghijklmnopqrstuvw" 125 */ 126 #define SMK_NETLBLADDRMIN 9 127 #define SMK_NETLBLADDRMAX 42 128 129 /* 130 * Seq_file read operations for /smack/load 131 */ 132 133 static void *load_seq_start(struct seq_file *s, loff_t *pos) 134 { 135 if (*pos == SEQ_READ_FINISHED) 136 return NULL; 137 138 return smack_list; 139 } 140 141 static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) 142 { 143 struct smk_list_entry *skp = ((struct smk_list_entry *) v)->smk_next; 144 145 if (skp == NULL) 146 *pos = SEQ_READ_FINISHED; 147 148 return skp; 149 } 150 151 static int load_seq_show(struct seq_file *s, void *v) 152 { 153 struct smk_list_entry *slp = (struct smk_list_entry *) v; 154 struct smack_rule *srp = &slp->smk_rule; 155 156 seq_printf(s, "%s %s", (char *)srp->smk_subject, 157 (char *)srp->smk_object); 158 159 seq_putc(s, ' '); 160 161 if (srp->smk_access & MAY_READ) 162 seq_putc(s, 'r'); 163 if (srp->smk_access & MAY_WRITE) 164 seq_putc(s, 'w'); 165 if (srp->smk_access & MAY_EXEC) 166 seq_putc(s, 'x'); 167 if (srp->smk_access & MAY_APPEND) 168 seq_putc(s, 'a'); 169 if (srp->smk_access == 0) 170 seq_putc(s, '-'); 171 172 seq_putc(s, '\n'); 173 174 return 0; 175 } 176 177 static void load_seq_stop(struct seq_file *s, void *v) 178 { 179 /* No-op */ 180 } 181 182 static struct seq_operations load_seq_ops = { 183 .start = load_seq_start, 184 .next = load_seq_next, 185 .show = load_seq_show, 186 .stop = load_seq_stop, 187 }; 188 189 /** 190 * smk_open_load - open() for /smack/load 191 * @inode: inode structure representing file 192 * @file: "load" file pointer 193 * 194 * For reading, use load_seq_* seq_file reading operations. 195 */ 196 static int smk_open_load(struct inode *inode, struct file *file) 197 { 198 return seq_open(file, &load_seq_ops); 199 } 200 201 /** 202 * smk_set_access - add a rule to the rule list 203 * @srp: the new rule to add 204 * 205 * Looks through the current subject/object/access list for 206 * the subject/object pair and replaces the access that was 207 * there. If the pair isn't found add it with the specified 208 * access. 209 * 210 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 211 * during the allocation of the new pair to add. 212 */ 213 static int smk_set_access(struct smack_rule *srp) 214 { 215 struct smk_list_entry *sp; 216 struct smk_list_entry *newp; 217 int ret = 0; 218 219 mutex_lock(&smack_list_lock); 220 221 for (sp = smack_list; sp != NULL; sp = sp->smk_next) 222 if (sp->smk_rule.smk_subject == srp->smk_subject && 223 sp->smk_rule.smk_object == srp->smk_object) { 224 sp->smk_rule.smk_access = srp->smk_access; 225 break; 226 } 227 228 if (sp == NULL) { 229 newp = kzalloc(sizeof(struct smk_list_entry), GFP_KERNEL); 230 if (newp == NULL) { 231 ret = -ENOMEM; 232 goto out; 233 } 234 235 newp->smk_rule = *srp; 236 newp->smk_next = smack_list; 237 smack_list = newp; 238 } 239 240 out: 241 mutex_unlock(&smack_list_lock); 242 243 return ret; 244 } 245 246 /** 247 * smk_write_load - write() for /smack/load 248 * @file: file pointer, not actually used 249 * @buf: where to get the data from 250 * @count: bytes sent 251 * @ppos: where to start - must be 0 252 * 253 * Get one smack access rule from above. 254 * The format is exactly: 255 * char subject[SMK_LABELLEN] 256 * char object[SMK_LABELLEN] 257 * char access[SMK_ACCESSLEN] 258 * 259 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. 260 */ 261 static ssize_t smk_write_load(struct file *file, const char __user *buf, 262 size_t count, loff_t *ppos) 263 { 264 struct smack_rule rule; 265 char *data; 266 int rc = -EINVAL; 267 268 /* 269 * Must have privilege. 270 * No partial writes. 271 * Enough data must be present. 272 */ 273 if (!capable(CAP_MAC_ADMIN)) 274 return -EPERM; 275 if (*ppos != 0) 276 return -EINVAL; 277 if (count != SMK_LOADLEN) 278 return -EINVAL; 279 280 data = kzalloc(count, GFP_KERNEL); 281 if (data == NULL) 282 return -ENOMEM; 283 284 if (copy_from_user(data, buf, count) != 0) { 285 rc = -EFAULT; 286 goto out; 287 } 288 289 rule.smk_subject = smk_import(data, 0); 290 if (rule.smk_subject == NULL) 291 goto out; 292 293 rule.smk_object = smk_import(data + SMK_LABELLEN, 0); 294 if (rule.smk_object == NULL) 295 goto out; 296 297 rule.smk_access = 0; 298 299 switch (data[SMK_LABELLEN + SMK_LABELLEN]) { 300 case '-': 301 break; 302 case 'r': 303 case 'R': 304 rule.smk_access |= MAY_READ; 305 break; 306 default: 307 goto out; 308 } 309 310 switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) { 311 case '-': 312 break; 313 case 'w': 314 case 'W': 315 rule.smk_access |= MAY_WRITE; 316 break; 317 default: 318 goto out; 319 } 320 321 switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) { 322 case '-': 323 break; 324 case 'x': 325 case 'X': 326 rule.smk_access |= MAY_EXEC; 327 break; 328 default: 329 goto out; 330 } 331 332 switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) { 333 case '-': 334 break; 335 case 'a': 336 case 'A': 337 rule.smk_access |= MAY_APPEND; 338 break; 339 default: 340 goto out; 341 } 342 343 rc = smk_set_access(&rule); 344 345 if (!rc) 346 rc = count; 347 348 out: 349 kfree(data); 350 return rc; 351 } 352 353 static const struct file_operations smk_load_ops = { 354 .open = smk_open_load, 355 .read = seq_read, 356 .llseek = seq_lseek, 357 .write = smk_write_load, 358 .release = seq_release, 359 }; 360 361 /** 362 * smk_cipso_doi - initialize the CIPSO domain 363 */ 364 static void smk_cipso_doi(void) 365 { 366 int rc; 367 struct cipso_v4_doi *doip; 368 struct netlbl_audit nai; 369 370 smk_netlabel_audit_set(&nai); 371 372 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); 373 if (rc != 0) 374 printk(KERN_WARNING "%s:%d remove rc = %d\n", 375 __func__, __LINE__, rc); 376 377 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 378 if (doip == NULL) 379 panic("smack: Failed to initialize cipso DOI.\n"); 380 doip->map.std = NULL; 381 doip->doi = smk_cipso_doi_value; 382 doip->type = CIPSO_V4_MAP_PASS; 383 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 384 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 385 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 386 387 rc = netlbl_cfg_cipsov4_add(doip, &nai); 388 if (rc != 0) { 389 printk(KERN_WARNING "%s:%d cipso add rc = %d\n", 390 __func__, __LINE__, rc); 391 kfree(doip); 392 return; 393 } 394 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); 395 if (rc != 0) { 396 printk(KERN_WARNING "%s:%d map add rc = %d\n", 397 __func__, __LINE__, rc); 398 kfree(doip); 399 return; 400 } 401 } 402 403 /** 404 * smk_unlbl_ambient - initialize the unlabeled domain 405 * @oldambient: previous domain string 406 */ 407 static void smk_unlbl_ambient(char *oldambient) 408 { 409 int rc; 410 struct netlbl_audit nai; 411 412 smk_netlabel_audit_set(&nai); 413 414 if (oldambient != NULL) { 415 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); 416 if (rc != 0) 417 printk(KERN_WARNING "%s:%d remove rc = %d\n", 418 __func__, __LINE__, rc); 419 } 420 421 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient, PF_INET, 422 NULL, NULL, &nai); 423 if (rc != 0) 424 printk(KERN_WARNING "%s:%d add rc = %d\n", 425 __func__, __LINE__, rc); 426 } 427 428 /* 429 * Seq_file read operations for /smack/cipso 430 */ 431 432 static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 433 { 434 if (*pos == SEQ_READ_FINISHED) 435 return NULL; 436 437 return smack_known; 438 } 439 440 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 441 { 442 struct smack_known *skp = ((struct smack_known *) v)->smk_next; 443 444 /* 445 * Omit labels with no associated cipso value 446 */ 447 while (skp != NULL && !skp->smk_cipso) 448 skp = skp->smk_next; 449 450 if (skp == NULL) 451 *pos = SEQ_READ_FINISHED; 452 453 return skp; 454 } 455 456 /* 457 * Print cipso labels in format: 458 * label level[/cat[,cat]] 459 */ 460 static int cipso_seq_show(struct seq_file *s, void *v) 461 { 462 struct smack_known *skp = (struct smack_known *) v; 463 struct smack_cipso *scp = skp->smk_cipso; 464 char *cbp; 465 char sep = '/'; 466 int cat = 1; 467 int i; 468 unsigned char m; 469 470 if (scp == NULL) 471 return 0; 472 473 seq_printf(s, "%s %3d", (char *)&skp->smk_known, scp->smk_level); 474 475 cbp = scp->smk_catset; 476 for (i = 0; i < SMK_LABELLEN; i++) 477 for (m = 0x80; m != 0; m >>= 1) { 478 if (m & cbp[i]) { 479 seq_printf(s, "%c%d", sep, cat); 480 sep = ','; 481 } 482 cat++; 483 } 484 485 seq_putc(s, '\n'); 486 487 return 0; 488 } 489 490 static void cipso_seq_stop(struct seq_file *s, void *v) 491 { 492 /* No-op */ 493 } 494 495 static struct seq_operations cipso_seq_ops = { 496 .start = cipso_seq_start, 497 .stop = cipso_seq_stop, 498 .next = cipso_seq_next, 499 .show = cipso_seq_show, 500 }; 501 502 /** 503 * smk_open_cipso - open() for /smack/cipso 504 * @inode: inode structure representing file 505 * @file: "cipso" file pointer 506 * 507 * Connect our cipso_seq_* operations with /smack/cipso 508 * file_operations 509 */ 510 static int smk_open_cipso(struct inode *inode, struct file *file) 511 { 512 return seq_open(file, &cipso_seq_ops); 513 } 514 515 /** 516 * smk_write_cipso - write() for /smack/cipso 517 * @file: file pointer, not actually used 518 * @buf: where to get the data from 519 * @count: bytes sent 520 * @ppos: where to start 521 * 522 * Accepts only one cipso rule per write call. 523 * Returns number of bytes written or error code, as appropriate 524 */ 525 static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 526 size_t count, loff_t *ppos) 527 { 528 struct smack_known *skp; 529 struct smack_cipso *scp = NULL; 530 char mapcatset[SMK_LABELLEN]; 531 int maplevel; 532 int cat; 533 int catlen; 534 ssize_t rc = -EINVAL; 535 char *data = NULL; 536 char *rule; 537 int ret; 538 int i; 539 540 /* 541 * Must have privilege. 542 * No partial writes. 543 * Enough data must be present. 544 */ 545 if (!capable(CAP_MAC_ADMIN)) 546 return -EPERM; 547 if (*ppos != 0) 548 return -EINVAL; 549 if (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX) 550 return -EINVAL; 551 552 data = kzalloc(count + 1, GFP_KERNEL); 553 if (data == NULL) 554 return -ENOMEM; 555 556 if (copy_from_user(data, buf, count) != 0) { 557 rc = -EFAULT; 558 goto unlockedout; 559 } 560 561 data[count] = '\0'; 562 rule = data; 563 /* 564 * Only allow one writer at a time. Writes should be 565 * quite rare and small in any case. 566 */ 567 mutex_lock(&smack_cipso_lock); 568 569 skp = smk_import_entry(rule, 0); 570 if (skp == NULL) 571 goto out; 572 573 rule += SMK_LABELLEN; 574 ret = sscanf(rule, "%d", &maplevel); 575 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 576 goto out; 577 578 rule += SMK_DIGITLEN; 579 ret = sscanf(rule, "%d", &catlen); 580 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 581 goto out; 582 583 if (count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 584 goto out; 585 586 memset(mapcatset, 0, sizeof(mapcatset)); 587 588 for (i = 0; i < catlen; i++) { 589 rule += SMK_DIGITLEN; 590 ret = sscanf(rule, "%d", &cat); 591 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL) 592 goto out; 593 594 smack_catset_bit(cat, mapcatset); 595 } 596 597 if (skp->smk_cipso == NULL) { 598 scp = kzalloc(sizeof(struct smack_cipso), GFP_KERNEL); 599 if (scp == NULL) { 600 rc = -ENOMEM; 601 goto out; 602 } 603 } 604 605 spin_lock_bh(&skp->smk_cipsolock); 606 607 if (scp == NULL) 608 scp = skp->smk_cipso; 609 else 610 skp->smk_cipso = scp; 611 612 scp->smk_level = maplevel; 613 memcpy(scp->smk_catset, mapcatset, sizeof(mapcatset)); 614 615 spin_unlock_bh(&skp->smk_cipsolock); 616 617 rc = count; 618 out: 619 mutex_unlock(&smack_cipso_lock); 620 unlockedout: 621 kfree(data); 622 return rc; 623 } 624 625 static const struct file_operations smk_cipso_ops = { 626 .open = smk_open_cipso, 627 .read = seq_read, 628 .llseek = seq_lseek, 629 .write = smk_write_cipso, 630 .release = seq_release, 631 }; 632 633 /* 634 * Seq_file read operations for /smack/netlabel 635 */ 636 637 static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos) 638 { 639 if (*pos == SEQ_READ_FINISHED) 640 return NULL; 641 642 return smack_netlbladdrs; 643 } 644 645 static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos) 646 { 647 struct smk_netlbladdr *skp = ((struct smk_netlbladdr *) v)->smk_next; 648 649 if (skp == NULL) 650 *pos = SEQ_READ_FINISHED; 651 652 return skp; 653 } 654 #define BEBITS (sizeof(__be32) * 8) 655 656 /* 657 * Print host/label pairs 658 */ 659 static int netlbladdr_seq_show(struct seq_file *s, void *v) 660 { 661 struct smk_netlbladdr *skp = (struct smk_netlbladdr *) v; 662 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr; 663 int maskn; 664 u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr); 665 666 for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++); 667 668 seq_printf(s, "%u.%u.%u.%u/%d %s\n", 669 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label); 670 671 return 0; 672 } 673 674 static void netlbladdr_seq_stop(struct seq_file *s, void *v) 675 { 676 /* No-op */ 677 } 678 679 static struct seq_operations netlbladdr_seq_ops = { 680 .start = netlbladdr_seq_start, 681 .stop = netlbladdr_seq_stop, 682 .next = netlbladdr_seq_next, 683 .show = netlbladdr_seq_show, 684 }; 685 686 /** 687 * smk_open_netlbladdr - open() for /smack/netlabel 688 * @inode: inode structure representing file 689 * @file: "netlabel" file pointer 690 * 691 * Connect our netlbladdr_seq_* operations with /smack/netlabel 692 * file_operations 693 */ 694 static int smk_open_netlbladdr(struct inode *inode, struct file *file) 695 { 696 return seq_open(file, &netlbladdr_seq_ops); 697 } 698 699 /** 700 * smk_netlbladdr_insert 701 * @new : netlabel to insert 702 * 703 * This helper insert netlabel in the smack_netlbladdrs list 704 * sorted by netmask length (longest to smallest) 705 */ 706 static void smk_netlbladdr_insert(struct smk_netlbladdr *new) 707 { 708 struct smk_netlbladdr *m; 709 710 if (smack_netlbladdrs == NULL) { 711 smack_netlbladdrs = new; 712 return; 713 } 714 715 /* the comparison '>' is a bit hacky, but works */ 716 if (new->smk_mask.s_addr > smack_netlbladdrs->smk_mask.s_addr) { 717 new->smk_next = smack_netlbladdrs; 718 smack_netlbladdrs = new; 719 return; 720 } 721 for (m = smack_netlbladdrs; m != NULL; m = m->smk_next) { 722 if (m->smk_next == NULL) { 723 m->smk_next = new; 724 return; 725 } 726 if (new->smk_mask.s_addr > m->smk_next->smk_mask.s_addr) { 727 new->smk_next = m->smk_next; 728 m->smk_next = new; 729 return; 730 } 731 } 732 } 733 734 735 /** 736 * smk_write_netlbladdr - write() for /smack/netlabel 737 * @file: file pointer, not actually used 738 * @buf: where to get the data from 739 * @count: bytes sent 740 * @ppos: where to start 741 * 742 * Accepts only one netlbladdr per write call. 743 * Returns number of bytes written or error code, as appropriate 744 */ 745 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf, 746 size_t count, loff_t *ppos) 747 { 748 struct smk_netlbladdr *skp; 749 struct sockaddr_in newname; 750 char smack[SMK_LABELLEN]; 751 char *sp; 752 char data[SMK_NETLBLADDRMAX]; 753 char *host = (char *)&newname.sin_addr.s_addr; 754 int rc; 755 struct netlbl_audit audit_info; 756 struct in_addr mask; 757 unsigned int m; 758 u32 mask_bits = (1<<31); 759 __be32 nsa; 760 u32 temp_mask; 761 762 /* 763 * Must have privilege. 764 * No partial writes. 765 * Enough data must be present. 766 * "<addr/mask, as a.b.c.d/e><space><label>" 767 * "<addr, as a.b.c.d><space><label>" 768 */ 769 if (!capable(CAP_MAC_ADMIN)) 770 return -EPERM; 771 if (*ppos != 0) 772 return -EINVAL; 773 if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX) 774 return -EINVAL; 775 if (copy_from_user(data, buf, count) != 0) 776 return -EFAULT; 777 778 data[count] = '\0'; 779 780 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%d %s", 781 &host[0], &host[1], &host[2], &host[3], &m, smack); 782 if (rc != 6) { 783 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s", 784 &host[0], &host[1], &host[2], &host[3], smack); 785 if (rc != 5) 786 return -EINVAL; 787 m = BEBITS; 788 } 789 if (m > BEBITS) 790 return -EINVAL; 791 792 sp = smk_import(smack, 0); 793 if (sp == NULL) 794 return -EINVAL; 795 796 for (temp_mask = 0; m > 0; m--) { 797 temp_mask |= mask_bits; 798 mask_bits >>= 1; 799 } 800 mask.s_addr = cpu_to_be32(temp_mask); 801 802 newname.sin_addr.s_addr &= mask.s_addr; 803 /* 804 * Only allow one writer at a time. Writes should be 805 * quite rare and small in any case. 806 */ 807 mutex_lock(&smk_netlbladdr_lock); 808 809 nsa = newname.sin_addr.s_addr; 810 /* try to find if the prefix is already in the list */ 811 for (skp = smack_netlbladdrs; skp != NULL; skp = skp->smk_next) 812 if (skp->smk_host.sin_addr.s_addr == nsa && 813 skp->smk_mask.s_addr == mask.s_addr) 814 break; 815 816 smk_netlabel_audit_set(&audit_info); 817 818 if (skp == NULL) { 819 skp = kzalloc(sizeof(*skp), GFP_KERNEL); 820 if (skp == NULL) 821 rc = -ENOMEM; 822 else { 823 rc = 0; 824 skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr; 825 skp->smk_mask.s_addr = mask.s_addr; 826 skp->smk_label = sp; 827 smk_netlbladdr_insert(skp); 828 } 829 } else { 830 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL, 831 &skp->smk_host.sin_addr, &skp->smk_mask, 832 PF_INET, &audit_info); 833 skp->smk_label = sp; 834 } 835 836 /* 837 * Now tell netlabel about the single label nature of 838 * this host so that incoming packets get labeled. 839 */ 840 841 if (rc == 0) 842 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, 843 &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET, 844 smack_to_secid(skp->smk_label), &audit_info); 845 846 if (rc == 0) 847 rc = count; 848 849 mutex_unlock(&smk_netlbladdr_lock); 850 851 return rc; 852 } 853 854 static const struct file_operations smk_netlbladdr_ops = { 855 .open = smk_open_netlbladdr, 856 .read = seq_read, 857 .llseek = seq_lseek, 858 .write = smk_write_netlbladdr, 859 .release = seq_release, 860 }; 861 862 /** 863 * smk_read_doi - read() for /smack/doi 864 * @filp: file pointer, not actually used 865 * @buf: where to put the result 866 * @count: maximum to send along 867 * @ppos: where to start 868 * 869 * Returns number of bytes read or error code, as appropriate 870 */ 871 static ssize_t smk_read_doi(struct file *filp, char __user *buf, 872 size_t count, loff_t *ppos) 873 { 874 char temp[80]; 875 ssize_t rc; 876 877 if (*ppos != 0) 878 return 0; 879 880 sprintf(temp, "%d", smk_cipso_doi_value); 881 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 882 883 return rc; 884 } 885 886 /** 887 * smk_write_doi - write() for /smack/doi 888 * @file: file pointer, not actually used 889 * @buf: where to get the data from 890 * @count: bytes sent 891 * @ppos: where to start 892 * 893 * Returns number of bytes written or error code, as appropriate 894 */ 895 static ssize_t smk_write_doi(struct file *file, const char __user *buf, 896 size_t count, loff_t *ppos) 897 { 898 char temp[80]; 899 int i; 900 901 if (!capable(CAP_MAC_ADMIN)) 902 return -EPERM; 903 904 if (count >= sizeof(temp) || count == 0) 905 return -EINVAL; 906 907 if (copy_from_user(temp, buf, count) != 0) 908 return -EFAULT; 909 910 temp[count] = '\0'; 911 912 if (sscanf(temp, "%d", &i) != 1) 913 return -EINVAL; 914 915 smk_cipso_doi_value = i; 916 917 smk_cipso_doi(); 918 919 return count; 920 } 921 922 static const struct file_operations smk_doi_ops = { 923 .read = smk_read_doi, 924 .write = smk_write_doi, 925 }; 926 927 /** 928 * smk_read_direct - read() for /smack/direct 929 * @filp: file pointer, not actually used 930 * @buf: where to put the result 931 * @count: maximum to send along 932 * @ppos: where to start 933 * 934 * Returns number of bytes read or error code, as appropriate 935 */ 936 static ssize_t smk_read_direct(struct file *filp, char __user *buf, 937 size_t count, loff_t *ppos) 938 { 939 char temp[80]; 940 ssize_t rc; 941 942 if (*ppos != 0) 943 return 0; 944 945 sprintf(temp, "%d", smack_cipso_direct); 946 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 947 948 return rc; 949 } 950 951 /** 952 * smk_write_direct - write() for /smack/direct 953 * @file: file pointer, not actually used 954 * @buf: where to get the data from 955 * @count: bytes sent 956 * @ppos: where to start 957 * 958 * Returns number of bytes written or error code, as appropriate 959 */ 960 static ssize_t smk_write_direct(struct file *file, const char __user *buf, 961 size_t count, loff_t *ppos) 962 { 963 char temp[80]; 964 int i; 965 966 if (!capable(CAP_MAC_ADMIN)) 967 return -EPERM; 968 969 if (count >= sizeof(temp) || count == 0) 970 return -EINVAL; 971 972 if (copy_from_user(temp, buf, count) != 0) 973 return -EFAULT; 974 975 temp[count] = '\0'; 976 977 if (sscanf(temp, "%d", &i) != 1) 978 return -EINVAL; 979 980 smack_cipso_direct = i; 981 982 return count; 983 } 984 985 static const struct file_operations smk_direct_ops = { 986 .read = smk_read_direct, 987 .write = smk_write_direct, 988 }; 989 990 /** 991 * smk_read_ambient - read() for /smack/ambient 992 * @filp: file pointer, not actually used 993 * @buf: where to put the result 994 * @cn: maximum to send along 995 * @ppos: where to start 996 * 997 * Returns number of bytes read or error code, as appropriate 998 */ 999 static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 1000 size_t cn, loff_t *ppos) 1001 { 1002 ssize_t rc; 1003 int asize; 1004 1005 if (*ppos != 0) 1006 return 0; 1007 /* 1008 * Being careful to avoid a problem in the case where 1009 * smack_net_ambient gets changed in midstream. 1010 */ 1011 mutex_lock(&smack_ambient_lock); 1012 1013 asize = strlen(smack_net_ambient) + 1; 1014 1015 if (cn >= asize) 1016 rc = simple_read_from_buffer(buf, cn, ppos, 1017 smack_net_ambient, asize); 1018 else 1019 rc = -EINVAL; 1020 1021 mutex_unlock(&smack_ambient_lock); 1022 1023 return rc; 1024 } 1025 1026 /** 1027 * smk_write_ambient - write() for /smack/ambient 1028 * @file: file pointer, not actually used 1029 * @buf: where to get the data from 1030 * @count: bytes sent 1031 * @ppos: where to start 1032 * 1033 * Returns number of bytes written or error code, as appropriate 1034 */ 1035 static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 1036 size_t count, loff_t *ppos) 1037 { 1038 char in[SMK_LABELLEN]; 1039 char *oldambient; 1040 char *smack; 1041 1042 if (!capable(CAP_MAC_ADMIN)) 1043 return -EPERM; 1044 1045 if (count >= SMK_LABELLEN) 1046 return -EINVAL; 1047 1048 if (copy_from_user(in, buf, count) != 0) 1049 return -EFAULT; 1050 1051 smack = smk_import(in, count); 1052 if (smack == NULL) 1053 return -EINVAL; 1054 1055 mutex_lock(&smack_ambient_lock); 1056 1057 oldambient = smack_net_ambient; 1058 smack_net_ambient = smack; 1059 smk_unlbl_ambient(oldambient); 1060 1061 mutex_unlock(&smack_ambient_lock); 1062 1063 return count; 1064 } 1065 1066 static const struct file_operations smk_ambient_ops = { 1067 .read = smk_read_ambient, 1068 .write = smk_write_ambient, 1069 }; 1070 1071 /** 1072 * smk_read_onlycap - read() for /smack/onlycap 1073 * @filp: file pointer, not actually used 1074 * @buf: where to put the result 1075 * @cn: maximum to send along 1076 * @ppos: where to start 1077 * 1078 * Returns number of bytes read or error code, as appropriate 1079 */ 1080 static ssize_t smk_read_onlycap(struct file *filp, char __user *buf, 1081 size_t cn, loff_t *ppos) 1082 { 1083 char *smack = ""; 1084 ssize_t rc = -EINVAL; 1085 int asize; 1086 1087 if (*ppos != 0) 1088 return 0; 1089 1090 if (smack_onlycap != NULL) 1091 smack = smack_onlycap; 1092 1093 asize = strlen(smack) + 1; 1094 1095 if (cn >= asize) 1096 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 1097 1098 return rc; 1099 } 1100 1101 /** 1102 * smk_write_onlycap - write() for /smack/onlycap 1103 * @file: file pointer, not actually used 1104 * @buf: where to get the data from 1105 * @count: bytes sent 1106 * @ppos: where to start 1107 * 1108 * Returns number of bytes written or error code, as appropriate 1109 */ 1110 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 1111 size_t count, loff_t *ppos) 1112 { 1113 char in[SMK_LABELLEN]; 1114 char *sp = current->cred->security; 1115 1116 if (!capable(CAP_MAC_ADMIN)) 1117 return -EPERM; 1118 1119 /* 1120 * This can be done using smk_access() but is done 1121 * explicitly for clarity. The smk_access() implementation 1122 * would use smk_access(smack_onlycap, MAY_WRITE) 1123 */ 1124 if (smack_onlycap != NULL && smack_onlycap != sp) 1125 return -EPERM; 1126 1127 if (count >= SMK_LABELLEN) 1128 return -EINVAL; 1129 1130 if (copy_from_user(in, buf, count) != 0) 1131 return -EFAULT; 1132 1133 /* 1134 * Should the null string be passed in unset the onlycap value. 1135 * This seems like something to be careful with as usually 1136 * smk_import only expects to return NULL for errors. It 1137 * is usually the case that a nullstring or "\n" would be 1138 * bad to pass to smk_import but in fact this is useful here. 1139 */ 1140 smack_onlycap = smk_import(in, count); 1141 1142 return count; 1143 } 1144 1145 static const struct file_operations smk_onlycap_ops = { 1146 .read = smk_read_onlycap, 1147 .write = smk_write_onlycap, 1148 }; 1149 1150 /** 1151 * smk_fill_super - fill the /smackfs superblock 1152 * @sb: the empty superblock 1153 * @data: unused 1154 * @silent: unused 1155 * 1156 * Fill in the well known entries for /smack 1157 * 1158 * Returns 0 on success, an error code on failure 1159 */ 1160 static int smk_fill_super(struct super_block *sb, void *data, int silent) 1161 { 1162 int rc; 1163 struct inode *root_inode; 1164 1165 static struct tree_descr smack_files[] = { 1166 [SMK_LOAD] = 1167 {"load", &smk_load_ops, S_IRUGO|S_IWUSR}, 1168 [SMK_CIPSO] = 1169 {"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 1170 [SMK_DOI] = 1171 {"doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 1172 [SMK_DIRECT] = 1173 {"direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 1174 [SMK_AMBIENT] = 1175 {"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 1176 [SMK_NETLBLADDR] = 1177 {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, 1178 [SMK_ONLYCAP] = 1179 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 1180 /* last one */ {""} 1181 }; 1182 1183 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 1184 if (rc != 0) { 1185 printk(KERN_ERR "%s failed %d while creating inodes\n", 1186 __func__, rc); 1187 return rc; 1188 } 1189 1190 root_inode = sb->s_root->d_inode; 1191 root_inode->i_security = new_inode_smack(smack_known_floor.smk_known); 1192 1193 return 0; 1194 } 1195 1196 /** 1197 * smk_get_sb - get the smackfs superblock 1198 * @fs_type: passed along without comment 1199 * @flags: passed along without comment 1200 * @dev_name: passed along without comment 1201 * @data: passed along without comment 1202 * @mnt: passed along without comment 1203 * 1204 * Just passes everything along. 1205 * 1206 * Returns what the lower level code does. 1207 */ 1208 static int smk_get_sb(struct file_system_type *fs_type, 1209 int flags, const char *dev_name, void *data, 1210 struct vfsmount *mnt) 1211 { 1212 return get_sb_single(fs_type, flags, data, smk_fill_super, mnt); 1213 } 1214 1215 static struct file_system_type smk_fs_type = { 1216 .name = "smackfs", 1217 .get_sb = smk_get_sb, 1218 .kill_sb = kill_litter_super, 1219 }; 1220 1221 static struct vfsmount *smackfs_mount; 1222 1223 /** 1224 * init_smk_fs - get the smackfs superblock 1225 * 1226 * register the smackfs 1227 * 1228 * Do not register smackfs if Smack wasn't enabled 1229 * on boot. We can not put this method normally under the 1230 * smack_init() code path since the security subsystem get 1231 * initialized before the vfs caches. 1232 * 1233 * Returns true if we were not chosen on boot or if 1234 * we were chosen and filesystem registration succeeded. 1235 */ 1236 static int __init init_smk_fs(void) 1237 { 1238 int err; 1239 1240 if (!security_module_enable(&smack_ops)) 1241 return 0; 1242 1243 err = register_filesystem(&smk_fs_type); 1244 if (!err) { 1245 smackfs_mount = kern_mount(&smk_fs_type); 1246 if (IS_ERR(smackfs_mount)) { 1247 printk(KERN_ERR "smackfs: could not mount!\n"); 1248 err = PTR_ERR(smackfs_mount); 1249 smackfs_mount = NULL; 1250 } 1251 } 1252 1253 smk_cipso_doi(); 1254 smk_unlbl_ambient(NULL); 1255 1256 return err; 1257 } 1258 1259 __initcall(init_smk_fs); 1260