1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/vmalloc.h> 21 #include <linux/security.h> 22 #include <linux/mutex.h> 23 #include <linux/slab.h> 24 #include <net/net_namespace.h> 25 #include <net/cipso_ipv4.h> 26 #include <linux/seq_file.h> 27 #include <linux/ctype.h> 28 #include <linux/audit.h> 29 #include "smack.h" 30 31 /* 32 * smackfs pseudo filesystem. 33 */ 34 35 enum smk_inos { 36 SMK_ROOT_INO = 2, 37 SMK_LOAD = 3, /* load policy */ 38 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 39 SMK_DOI = 5, /* CIPSO DOI */ 40 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 41 SMK_AMBIENT = 7, /* internet ambient label */ 42 SMK_NETLBLADDR = 8, /* single label hosts */ 43 SMK_ONLYCAP = 9, /* the only "capable" label */ 44 SMK_LOGGING = 10, /* logging */ 45 SMK_LOAD_SELF = 11, /* task specific rules */ 46 SMK_ACCESSES = 12, /* access policy */ 47 SMK_MAPPED = 13, /* CIPSO level indicating mapped label */ 48 SMK_LOAD2 = 14, /* load policy with long labels */ 49 SMK_LOAD_SELF2 = 15, /* load task specific rules with long labels */ 50 SMK_ACCESS2 = 16, /* make an access check with long labels */ 51 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */ 52 }; 53 54 /* 55 * List locks 56 */ 57 static DEFINE_MUTEX(smack_list_lock); 58 static DEFINE_MUTEX(smack_cipso_lock); 59 static DEFINE_MUTEX(smack_ambient_lock); 60 static DEFINE_MUTEX(smk_netlbladdr_lock); 61 62 /* 63 * This is the "ambient" label for network traffic. 64 * If it isn't somehow marked, use this. 65 * It can be reset via smackfs/ambient 66 */ 67 char *smack_net_ambient; 68 69 /* 70 * This is the level in a CIPSO header that indicates a 71 * smack label is contained directly in the category set. 72 * It can be reset via smackfs/direct 73 */ 74 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 75 76 /* 77 * This is the level in a CIPSO header that indicates a 78 * secid is contained directly in the category set. 79 * It can be reset via smackfs/mapped 80 */ 81 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT; 82 83 /* 84 * Unless a process is running with this label even 85 * having CAP_MAC_OVERRIDE isn't enough to grant 86 * privilege to violate MAC policy. If no label is 87 * designated (the NULL case) capabilities apply to 88 * everyone. It is expected that the hat (^) label 89 * will be used if any label is used. 90 */ 91 char *smack_onlycap; 92 93 /* 94 * Certain IP addresses may be designated as single label hosts. 95 * Packets are sent there unlabeled, but only from tasks that 96 * can write to the specified label. 97 */ 98 99 LIST_HEAD(smk_netlbladdr_list); 100 101 /* 102 * Rule lists are maintained for each label. 103 * This master list is just for reading /smack/load and /smack/load2. 104 */ 105 struct smack_master_list { 106 struct list_head list; 107 struct smack_rule *smk_rule; 108 }; 109 110 LIST_HEAD(smack_rule_list); 111 112 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 113 114 const char *smack_cipso_option = SMACK_CIPSO_OPTION; 115 116 /* 117 * Values for parsing cipso rules 118 * SMK_DIGITLEN: Length of a digit field in a rule. 119 * SMK_CIPSOMIN: Minimum possible cipso rule length. 120 * SMK_CIPSOMAX: Maximum possible cipso rule length. 121 */ 122 #define SMK_DIGITLEN 4 123 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 124 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 125 126 /* 127 * Values for parsing MAC rules 128 * SMK_ACCESS: Maximum possible combination of access permissions 129 * SMK_ACCESSLEN: Maximum length for a rule access field 130 * SMK_LOADLEN: Smack rule length 131 */ 132 #define SMK_OACCESS "rwxa" 133 #define SMK_ACCESS "rwxat" 134 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1) 135 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 136 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN) 137 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 138 139 /* 140 * Stricly for CIPSO level manipulation. 141 * Set the category bit number in a smack label sized buffer. 142 */ 143 static inline void smack_catset_bit(unsigned int cat, char *catsetp) 144 { 145 if (cat == 0 || cat > (SMK_CIPSOLEN * 8)) 146 return; 147 148 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8); 149 } 150 151 /** 152 * smk_netlabel_audit_set - fill a netlbl_audit struct 153 * @nap: structure to fill 154 */ 155 static void smk_netlabel_audit_set(struct netlbl_audit *nap) 156 { 157 nap->loginuid = audit_get_loginuid(current); 158 nap->sessionid = audit_get_sessionid(current); 159 nap->secid = smack_to_secid(smk_of_current()); 160 } 161 162 /* 163 * Value for parsing single label host rules 164 * "1.2.3.4 X" 165 */ 166 #define SMK_NETLBLADDRMIN 9 167 168 /** 169 * smk_set_access - add a rule to the rule list 170 * @srp: the new rule to add 171 * @rule_list: the list of rules 172 * @rule_lock: the rule list lock 173 * 174 * Looks through the current subject/object/access list for 175 * the subject/object pair and replaces the access that was 176 * there. If the pair isn't found add it with the specified 177 * access. 178 * 179 * Returns 1 if a rule was found to exist already, 0 if it is new 180 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 181 * during the allocation of the new pair to add. 182 */ 183 static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list, 184 struct mutex *rule_lock) 185 { 186 struct smack_rule *sp; 187 int found = 0; 188 189 mutex_lock(rule_lock); 190 191 /* 192 * Because the object label is less likely to match 193 * than the subject label check it first 194 */ 195 list_for_each_entry_rcu(sp, rule_list, list) { 196 if (sp->smk_object == srp->smk_object && 197 sp->smk_subject == srp->smk_subject) { 198 found = 1; 199 sp->smk_access = srp->smk_access; 200 break; 201 } 202 } 203 if (found == 0) 204 list_add_rcu(&srp->list, rule_list); 205 206 mutex_unlock(rule_lock); 207 208 return found; 209 } 210 211 /** 212 * smk_fill_rule - Fill Smack rule from strings 213 * @subject: subject label string 214 * @object: object label string 215 * @access: access string 216 * @rule: Smack rule 217 * @import: if non-zero, import labels 218 * @len: label length limit 219 * 220 * Returns 0 on success, -1 on failure 221 */ 222 static int smk_fill_rule(const char *subject, const char *object, 223 const char *access, struct smack_rule *rule, 224 int import, int len) 225 { 226 const char *cp; 227 struct smack_known *skp; 228 229 if (import) { 230 rule->smk_subject = smk_import(subject, len); 231 if (rule->smk_subject == NULL) 232 return -1; 233 234 rule->smk_object = smk_import(object, len); 235 if (rule->smk_object == NULL) 236 return -1; 237 } else { 238 cp = smk_parse_smack(subject, len); 239 if (cp == NULL) 240 return -1; 241 skp = smk_find_entry(cp); 242 kfree(cp); 243 if (skp == NULL) 244 return -1; 245 rule->smk_subject = skp->smk_known; 246 247 cp = smk_parse_smack(object, len); 248 if (cp == NULL) 249 return -1; 250 skp = smk_find_entry(cp); 251 kfree(cp); 252 if (skp == NULL) 253 return -1; 254 rule->smk_object = skp->smk_known; 255 } 256 257 rule->smk_access = 0; 258 259 for (cp = access; *cp != '\0'; cp++) { 260 switch (*cp) { 261 case '-': 262 break; 263 case 'r': 264 case 'R': 265 rule->smk_access |= MAY_READ; 266 break; 267 case 'w': 268 case 'W': 269 rule->smk_access |= MAY_WRITE; 270 break; 271 case 'x': 272 case 'X': 273 rule->smk_access |= MAY_EXEC; 274 break; 275 case 'a': 276 case 'A': 277 rule->smk_access |= MAY_APPEND; 278 break; 279 case 't': 280 case 'T': 281 rule->smk_access |= MAY_TRANSMUTE; 282 break; 283 default: 284 return 0; 285 } 286 } 287 288 return 0; 289 } 290 291 /** 292 * smk_parse_rule - parse Smack rule from load string 293 * @data: string to be parsed whose size is SMK_LOADLEN 294 * @rule: Smack rule 295 * @import: if non-zero, import labels 296 * 297 * Returns 0 on success, -1 on errors. 298 */ 299 static int smk_parse_rule(const char *data, struct smack_rule *rule, int import) 300 { 301 int rc; 302 303 rc = smk_fill_rule(data, data + SMK_LABELLEN, 304 data + SMK_LABELLEN + SMK_LABELLEN, rule, import, 305 SMK_LABELLEN); 306 return rc; 307 } 308 309 /** 310 * smk_parse_long_rule - parse Smack rule from rule string 311 * @data: string to be parsed, null terminated 312 * @rule: Smack rule 313 * @import: if non-zero, import labels 314 * 315 * Returns 0 on success, -1 on failure 316 */ 317 static int smk_parse_long_rule(const char *data, struct smack_rule *rule, 318 int import) 319 { 320 char *subject; 321 char *object; 322 char *access; 323 int datalen; 324 int rc = -1; 325 326 /* This is inefficient */ 327 datalen = strlen(data); 328 329 /* Our first element can be 64 + \0 with no spaces */ 330 subject = kzalloc(datalen + 1, GFP_KERNEL); 331 if (subject == NULL) 332 return -1; 333 object = kzalloc(datalen, GFP_KERNEL); 334 if (object == NULL) 335 goto free_out_s; 336 access = kzalloc(datalen, GFP_KERNEL); 337 if (access == NULL) 338 goto free_out_o; 339 340 if (sscanf(data, "%s %s %s", subject, object, access) == 3) 341 rc = smk_fill_rule(subject, object, access, rule, import, 0); 342 343 kfree(access); 344 free_out_o: 345 kfree(object); 346 free_out_s: 347 kfree(subject); 348 return rc; 349 } 350 351 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */ 352 #define SMK_LONG_FMT 1 /* Variable long label format */ 353 /** 354 * smk_write_rules_list - write() for any /smack rule file 355 * @file: file pointer, not actually used 356 * @buf: where to get the data from 357 * @count: bytes sent 358 * @ppos: where to start - must be 0 359 * @rule_list: the list of rules to write to 360 * @rule_lock: lock for the rule list 361 * @format: /smack/load or /smack/load2 format. 362 * 363 * Get one smack access rule from above. 364 * The format for SMK_LONG_FMT is: 365 * "subject<whitespace>object<whitespace>access[<whitespace>...]" 366 * The format for SMK_FIXED24_FMT is exactly: 367 * "subject object rwxat" 368 */ 369 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf, 370 size_t count, loff_t *ppos, 371 struct list_head *rule_list, 372 struct mutex *rule_lock, int format) 373 { 374 struct smack_master_list *smlp; 375 struct smack_known *skp; 376 struct smack_rule *rule; 377 char *data; 378 int datalen; 379 int rc = -EINVAL; 380 int load = 0; 381 382 /* 383 * No partial writes. 384 * Enough data must be present. 385 */ 386 if (*ppos != 0) 387 return -EINVAL; 388 389 if (format == SMK_FIXED24_FMT) { 390 /* 391 * Minor hack for backward compatibility 392 */ 393 if (count != SMK_OLOADLEN && count != SMK_LOADLEN) 394 return -EINVAL; 395 datalen = SMK_LOADLEN; 396 } else 397 datalen = count + 1; 398 399 data = kzalloc(datalen, GFP_KERNEL); 400 if (data == NULL) 401 return -ENOMEM; 402 403 if (copy_from_user(data, buf, count) != 0) { 404 rc = -EFAULT; 405 goto out; 406 } 407 408 rule = kzalloc(sizeof(*rule), GFP_KERNEL); 409 if (rule == NULL) { 410 rc = -ENOMEM; 411 goto out; 412 } 413 414 if (format == SMK_LONG_FMT) { 415 /* 416 * Be sure the data string is terminated. 417 */ 418 data[count] = '\0'; 419 if (smk_parse_long_rule(data, rule, 1)) 420 goto out_free_rule; 421 } else { 422 /* 423 * More on the minor hack for backward compatibility 424 */ 425 if (count == (SMK_OLOADLEN)) 426 data[SMK_OLOADLEN] = '-'; 427 if (smk_parse_rule(data, rule, 1)) 428 goto out_free_rule; 429 } 430 431 432 if (rule_list == NULL) { 433 load = 1; 434 skp = smk_find_entry(rule->smk_subject); 435 rule_list = &skp->smk_rules; 436 rule_lock = &skp->smk_rules_lock; 437 } 438 439 rc = count; 440 /* 441 * If this is a global as opposed to self and a new rule 442 * it needs to get added for reporting. 443 * smk_set_access returns true if there was already a rule 444 * for the subject/object pair, and false if it was new. 445 */ 446 if (!smk_set_access(rule, rule_list, rule_lock)) { 447 if (load) { 448 smlp = kzalloc(sizeof(*smlp), GFP_KERNEL); 449 if (smlp != NULL) { 450 smlp->smk_rule = rule; 451 list_add_rcu(&smlp->list, &smack_rule_list); 452 } else 453 rc = -ENOMEM; 454 } 455 goto out; 456 } 457 458 out_free_rule: 459 kfree(rule); 460 out: 461 kfree(data); 462 return rc; 463 } 464 465 /* 466 * Core logic for smackfs seq list operations. 467 */ 468 469 static void *smk_seq_start(struct seq_file *s, loff_t *pos, 470 struct list_head *head) 471 { 472 struct list_head *list; 473 474 /* 475 * This is 0 the first time through. 476 */ 477 if (s->index == 0) 478 s->private = head; 479 480 if (s->private == NULL) 481 return NULL; 482 483 list = s->private; 484 if (list_empty(list)) 485 return NULL; 486 487 if (s->index == 0) 488 return list->next; 489 return list; 490 } 491 492 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos, 493 struct list_head *head) 494 { 495 struct list_head *list = v; 496 497 if (list_is_last(list, head)) { 498 s->private = NULL; 499 return NULL; 500 } 501 s->private = list->next; 502 return list->next; 503 } 504 505 static void smk_seq_stop(struct seq_file *s, void *v) 506 { 507 /* No-op */ 508 } 509 510 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max) 511 { 512 /* 513 * Don't show any rules with label names too long for 514 * interface file (/smack/load or /smack/load2) 515 * because you should expect to be able to write 516 * anything you read back. 517 */ 518 if (strlen(srp->smk_subject) >= max || strlen(srp->smk_object) >= max) 519 return; 520 521 if (srp->smk_access == 0) 522 return; 523 524 seq_printf(s, "%s %s", srp->smk_subject, srp->smk_object); 525 526 seq_putc(s, ' '); 527 528 if (srp->smk_access & MAY_READ) 529 seq_putc(s, 'r'); 530 if (srp->smk_access & MAY_WRITE) 531 seq_putc(s, 'w'); 532 if (srp->smk_access & MAY_EXEC) 533 seq_putc(s, 'x'); 534 if (srp->smk_access & MAY_APPEND) 535 seq_putc(s, 'a'); 536 if (srp->smk_access & MAY_TRANSMUTE) 537 seq_putc(s, 't'); 538 539 seq_putc(s, '\n'); 540 } 541 542 /* 543 * Seq_file read operations for /smack/load 544 */ 545 546 static void *load2_seq_start(struct seq_file *s, loff_t *pos) 547 { 548 return smk_seq_start(s, pos, &smack_rule_list); 549 } 550 551 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos) 552 { 553 return smk_seq_next(s, v, pos, &smack_rule_list); 554 } 555 556 static int load_seq_show(struct seq_file *s, void *v) 557 { 558 struct list_head *list = v; 559 struct smack_master_list *smlp = 560 list_entry(list, struct smack_master_list, list); 561 562 smk_rule_show(s, smlp->smk_rule, SMK_LABELLEN); 563 564 return 0; 565 } 566 567 static const struct seq_operations load_seq_ops = { 568 .start = load2_seq_start, 569 .next = load2_seq_next, 570 .show = load_seq_show, 571 .stop = smk_seq_stop, 572 }; 573 574 /** 575 * smk_open_load - open() for /smack/load 576 * @inode: inode structure representing file 577 * @file: "load" file pointer 578 * 579 * For reading, use load_seq_* seq_file reading operations. 580 */ 581 static int smk_open_load(struct inode *inode, struct file *file) 582 { 583 return seq_open(file, &load_seq_ops); 584 } 585 586 /** 587 * smk_write_load - write() for /smack/load 588 * @file: file pointer, not actually used 589 * @buf: where to get the data from 590 * @count: bytes sent 591 * @ppos: where to start - must be 0 592 * 593 */ 594 static ssize_t smk_write_load(struct file *file, const char __user *buf, 595 size_t count, loff_t *ppos) 596 { 597 /* 598 * Must have privilege. 599 * No partial writes. 600 * Enough data must be present. 601 */ 602 if (!smack_privileged(CAP_MAC_ADMIN)) 603 return -EPERM; 604 605 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL, 606 SMK_FIXED24_FMT); 607 } 608 609 static const struct file_operations smk_load_ops = { 610 .open = smk_open_load, 611 .read = seq_read, 612 .llseek = seq_lseek, 613 .write = smk_write_load, 614 .release = seq_release, 615 }; 616 617 /** 618 * smk_cipso_doi - initialize the CIPSO domain 619 */ 620 static void smk_cipso_doi(void) 621 { 622 int rc; 623 struct cipso_v4_doi *doip; 624 struct netlbl_audit nai; 625 626 smk_netlabel_audit_set(&nai); 627 628 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); 629 if (rc != 0) 630 printk(KERN_WARNING "%s:%d remove rc = %d\n", 631 __func__, __LINE__, rc); 632 633 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 634 if (doip == NULL) 635 panic("smack: Failed to initialize cipso DOI.\n"); 636 doip->map.std = NULL; 637 doip->doi = smk_cipso_doi_value; 638 doip->type = CIPSO_V4_MAP_PASS; 639 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 640 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 641 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 642 643 rc = netlbl_cfg_cipsov4_add(doip, &nai); 644 if (rc != 0) { 645 printk(KERN_WARNING "%s:%d cipso add rc = %d\n", 646 __func__, __LINE__, rc); 647 kfree(doip); 648 return; 649 } 650 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); 651 if (rc != 0) { 652 printk(KERN_WARNING "%s:%d map add rc = %d\n", 653 __func__, __LINE__, rc); 654 kfree(doip); 655 return; 656 } 657 } 658 659 /** 660 * smk_unlbl_ambient - initialize the unlabeled domain 661 * @oldambient: previous domain string 662 */ 663 static void smk_unlbl_ambient(char *oldambient) 664 { 665 int rc; 666 struct netlbl_audit nai; 667 668 smk_netlabel_audit_set(&nai); 669 670 if (oldambient != NULL) { 671 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); 672 if (rc != 0) 673 printk(KERN_WARNING "%s:%d remove rc = %d\n", 674 __func__, __LINE__, rc); 675 } 676 if (smack_net_ambient == NULL) 677 smack_net_ambient = smack_known_floor.smk_known; 678 679 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient, PF_INET, 680 NULL, NULL, &nai); 681 if (rc != 0) 682 printk(KERN_WARNING "%s:%d add rc = %d\n", 683 __func__, __LINE__, rc); 684 } 685 686 /* 687 * Seq_file read operations for /smack/cipso 688 */ 689 690 static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 691 { 692 return smk_seq_start(s, pos, &smack_known_list); 693 } 694 695 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 696 { 697 return smk_seq_next(s, v, pos, &smack_known_list); 698 } 699 700 /* 701 * Print cipso labels in format: 702 * label level[/cat[,cat]] 703 */ 704 static int cipso_seq_show(struct seq_file *s, void *v) 705 { 706 struct list_head *list = v; 707 struct smack_known *skp = 708 list_entry(list, struct smack_known, list); 709 struct netlbl_lsm_secattr_catmap *cmp = skp->smk_netlabel.attr.mls.cat; 710 char sep = '/'; 711 int i; 712 713 /* 714 * Don't show a label that could not have been set using 715 * /smack/cipso. This is in support of the notion that 716 * anything read from /smack/cipso ought to be writeable 717 * to /smack/cipso. 718 * 719 * /smack/cipso2 should be used instead. 720 */ 721 if (strlen(skp->smk_known) >= SMK_LABELLEN) 722 return 0; 723 724 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl); 725 726 for (i = netlbl_secattr_catmap_walk(cmp, 0); i >= 0; 727 i = netlbl_secattr_catmap_walk(cmp, i + 1)) { 728 seq_printf(s, "%c%d", sep, i); 729 sep = ','; 730 } 731 732 seq_putc(s, '\n'); 733 734 return 0; 735 } 736 737 static const struct seq_operations cipso_seq_ops = { 738 .start = cipso_seq_start, 739 .next = cipso_seq_next, 740 .show = cipso_seq_show, 741 .stop = smk_seq_stop, 742 }; 743 744 /** 745 * smk_open_cipso - open() for /smack/cipso 746 * @inode: inode structure representing file 747 * @file: "cipso" file pointer 748 * 749 * Connect our cipso_seq_* operations with /smack/cipso 750 * file_operations 751 */ 752 static int smk_open_cipso(struct inode *inode, struct file *file) 753 { 754 return seq_open(file, &cipso_seq_ops); 755 } 756 757 /** 758 * smk_set_cipso - do the work for write() for cipso and cipso2 759 * @file: file pointer, not actually used 760 * @buf: where to get the data from 761 * @count: bytes sent 762 * @ppos: where to start 763 * @format: /smack/cipso or /smack/cipso2 764 * 765 * Accepts only one cipso rule per write call. 766 * Returns number of bytes written or error code, as appropriate 767 */ 768 static ssize_t smk_set_cipso(struct file *file, const char __user *buf, 769 size_t count, loff_t *ppos, int format) 770 { 771 struct smack_known *skp; 772 struct netlbl_lsm_secattr ncats; 773 char mapcatset[SMK_CIPSOLEN]; 774 int maplevel; 775 unsigned int cat; 776 int catlen; 777 ssize_t rc = -EINVAL; 778 char *data = NULL; 779 char *rule; 780 int ret; 781 int i; 782 783 /* 784 * Must have privilege. 785 * No partial writes. 786 * Enough data must be present. 787 */ 788 if (!smack_privileged(CAP_MAC_ADMIN)) 789 return -EPERM; 790 if (*ppos != 0) 791 return -EINVAL; 792 if (format == SMK_FIXED24_FMT && 793 (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX)) 794 return -EINVAL; 795 796 data = kzalloc(count + 1, GFP_KERNEL); 797 if (data == NULL) 798 return -ENOMEM; 799 800 if (copy_from_user(data, buf, count) != 0) { 801 rc = -EFAULT; 802 goto unlockedout; 803 } 804 805 data[count] = '\0'; 806 rule = data; 807 /* 808 * Only allow one writer at a time. Writes should be 809 * quite rare and small in any case. 810 */ 811 mutex_lock(&smack_cipso_lock); 812 813 skp = smk_import_entry(rule, 0); 814 if (skp == NULL) 815 goto out; 816 817 if (format == SMK_FIXED24_FMT) 818 rule += SMK_LABELLEN; 819 else 820 rule += strlen(skp->smk_known); 821 822 ret = sscanf(rule, "%d", &maplevel); 823 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 824 goto out; 825 826 rule += SMK_DIGITLEN; 827 ret = sscanf(rule, "%d", &catlen); 828 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 829 goto out; 830 831 if (format == SMK_FIXED24_FMT && 832 count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 833 goto out; 834 835 memset(mapcatset, 0, sizeof(mapcatset)); 836 837 for (i = 0; i < catlen; i++) { 838 rule += SMK_DIGITLEN; 839 ret = sscanf(rule, "%u", &cat); 840 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL) 841 goto out; 842 843 smack_catset_bit(cat, mapcatset); 844 } 845 846 rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN); 847 if (rc >= 0) { 848 netlbl_secattr_catmap_free(skp->smk_netlabel.attr.mls.cat); 849 skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat; 850 skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl; 851 rc = count; 852 } 853 854 out: 855 mutex_unlock(&smack_cipso_lock); 856 unlockedout: 857 kfree(data); 858 return rc; 859 } 860 861 /** 862 * smk_write_cipso - write() for /smack/cipso 863 * @file: file pointer, not actually used 864 * @buf: where to get the data from 865 * @count: bytes sent 866 * @ppos: where to start 867 * 868 * Accepts only one cipso rule per write call. 869 * Returns number of bytes written or error code, as appropriate 870 */ 871 static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 872 size_t count, loff_t *ppos) 873 { 874 return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT); 875 } 876 877 static const struct file_operations smk_cipso_ops = { 878 .open = smk_open_cipso, 879 .read = seq_read, 880 .llseek = seq_lseek, 881 .write = smk_write_cipso, 882 .release = seq_release, 883 }; 884 885 /* 886 * Seq_file read operations for /smack/cipso2 887 */ 888 889 /* 890 * Print cipso labels in format: 891 * label level[/cat[,cat]] 892 */ 893 static int cipso2_seq_show(struct seq_file *s, void *v) 894 { 895 struct list_head *list = v; 896 struct smack_known *skp = 897 list_entry(list, struct smack_known, list); 898 struct netlbl_lsm_secattr_catmap *cmp = skp->smk_netlabel.attr.mls.cat; 899 char sep = '/'; 900 int i; 901 902 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl); 903 904 for (i = netlbl_secattr_catmap_walk(cmp, 0); i >= 0; 905 i = netlbl_secattr_catmap_walk(cmp, i + 1)) { 906 seq_printf(s, "%c%d", sep, i); 907 sep = ','; 908 } 909 910 seq_putc(s, '\n'); 911 912 return 0; 913 } 914 915 static const struct seq_operations cipso2_seq_ops = { 916 .start = cipso_seq_start, 917 .next = cipso_seq_next, 918 .show = cipso2_seq_show, 919 .stop = smk_seq_stop, 920 }; 921 922 /** 923 * smk_open_cipso2 - open() for /smack/cipso2 924 * @inode: inode structure representing file 925 * @file: "cipso2" file pointer 926 * 927 * Connect our cipso_seq_* operations with /smack/cipso2 928 * file_operations 929 */ 930 static int smk_open_cipso2(struct inode *inode, struct file *file) 931 { 932 return seq_open(file, &cipso2_seq_ops); 933 } 934 935 /** 936 * smk_write_cipso2 - write() for /smack/cipso2 937 * @file: file pointer, not actually used 938 * @buf: where to get the data from 939 * @count: bytes sent 940 * @ppos: where to start 941 * 942 * Accepts only one cipso rule per write call. 943 * Returns number of bytes written or error code, as appropriate 944 */ 945 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf, 946 size_t count, loff_t *ppos) 947 { 948 return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT); 949 } 950 951 static const struct file_operations smk_cipso2_ops = { 952 .open = smk_open_cipso2, 953 .read = seq_read, 954 .llseek = seq_lseek, 955 .write = smk_write_cipso2, 956 .release = seq_release, 957 }; 958 959 /* 960 * Seq_file read operations for /smack/netlabel 961 */ 962 963 static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos) 964 { 965 return smk_seq_start(s, pos, &smk_netlbladdr_list); 966 } 967 968 static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos) 969 { 970 return smk_seq_next(s, v, pos, &smk_netlbladdr_list); 971 } 972 #define BEBITS (sizeof(__be32) * 8) 973 974 /* 975 * Print host/label pairs 976 */ 977 static int netlbladdr_seq_show(struct seq_file *s, void *v) 978 { 979 struct list_head *list = v; 980 struct smk_netlbladdr *skp = 981 list_entry(list, struct smk_netlbladdr, list); 982 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr; 983 int maskn; 984 u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr); 985 986 for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++); 987 988 seq_printf(s, "%u.%u.%u.%u/%d %s\n", 989 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label); 990 991 return 0; 992 } 993 994 static const struct seq_operations netlbladdr_seq_ops = { 995 .start = netlbladdr_seq_start, 996 .next = netlbladdr_seq_next, 997 .show = netlbladdr_seq_show, 998 .stop = smk_seq_stop, 999 }; 1000 1001 /** 1002 * smk_open_netlbladdr - open() for /smack/netlabel 1003 * @inode: inode structure representing file 1004 * @file: "netlabel" file pointer 1005 * 1006 * Connect our netlbladdr_seq_* operations with /smack/netlabel 1007 * file_operations 1008 */ 1009 static int smk_open_netlbladdr(struct inode *inode, struct file *file) 1010 { 1011 return seq_open(file, &netlbladdr_seq_ops); 1012 } 1013 1014 /** 1015 * smk_netlbladdr_insert 1016 * @new : netlabel to insert 1017 * 1018 * This helper insert netlabel in the smack_netlbladdrs list 1019 * sorted by netmask length (longest to smallest) 1020 * locked by &smk_netlbladdr_lock in smk_write_netlbladdr 1021 * 1022 */ 1023 static void smk_netlbladdr_insert(struct smk_netlbladdr *new) 1024 { 1025 struct smk_netlbladdr *m, *m_next; 1026 1027 if (list_empty(&smk_netlbladdr_list)) { 1028 list_add_rcu(&new->list, &smk_netlbladdr_list); 1029 return; 1030 } 1031 1032 m = list_entry_rcu(smk_netlbladdr_list.next, 1033 struct smk_netlbladdr, list); 1034 1035 /* the comparison '>' is a bit hacky, but works */ 1036 if (new->smk_mask.s_addr > m->smk_mask.s_addr) { 1037 list_add_rcu(&new->list, &smk_netlbladdr_list); 1038 return; 1039 } 1040 1041 list_for_each_entry_rcu(m, &smk_netlbladdr_list, list) { 1042 if (list_is_last(&m->list, &smk_netlbladdr_list)) { 1043 list_add_rcu(&new->list, &m->list); 1044 return; 1045 } 1046 m_next = list_entry_rcu(m->list.next, 1047 struct smk_netlbladdr, list); 1048 if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) { 1049 list_add_rcu(&new->list, &m->list); 1050 return; 1051 } 1052 } 1053 } 1054 1055 1056 /** 1057 * smk_write_netlbladdr - write() for /smack/netlabel 1058 * @file: file pointer, not actually used 1059 * @buf: where to get the data from 1060 * @count: bytes sent 1061 * @ppos: where to start 1062 * 1063 * Accepts only one netlbladdr per write call. 1064 * Returns number of bytes written or error code, as appropriate 1065 */ 1066 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf, 1067 size_t count, loff_t *ppos) 1068 { 1069 struct smk_netlbladdr *skp; 1070 struct sockaddr_in newname; 1071 char *smack; 1072 char *sp; 1073 char *data; 1074 char *host = (char *)&newname.sin_addr.s_addr; 1075 int rc; 1076 struct netlbl_audit audit_info; 1077 struct in_addr mask; 1078 unsigned int m; 1079 int found; 1080 u32 mask_bits = (1<<31); 1081 __be32 nsa; 1082 u32 temp_mask; 1083 1084 /* 1085 * Must have privilege. 1086 * No partial writes. 1087 * Enough data must be present. 1088 * "<addr/mask, as a.b.c.d/e><space><label>" 1089 * "<addr, as a.b.c.d><space><label>" 1090 */ 1091 if (!smack_privileged(CAP_MAC_ADMIN)) 1092 return -EPERM; 1093 if (*ppos != 0) 1094 return -EINVAL; 1095 if (count < SMK_NETLBLADDRMIN) 1096 return -EINVAL; 1097 1098 data = kzalloc(count + 1, GFP_KERNEL); 1099 if (data == NULL) 1100 return -ENOMEM; 1101 1102 if (copy_from_user(data, buf, count) != 0) { 1103 rc = -EFAULT; 1104 goto free_data_out; 1105 } 1106 1107 smack = kzalloc(count + 1, GFP_KERNEL); 1108 if (smack == NULL) { 1109 rc = -ENOMEM; 1110 goto free_data_out; 1111 } 1112 1113 data[count] = '\0'; 1114 1115 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%d %s", 1116 &host[0], &host[1], &host[2], &host[3], &m, smack); 1117 if (rc != 6) { 1118 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s", 1119 &host[0], &host[1], &host[2], &host[3], smack); 1120 if (rc != 5) { 1121 rc = -EINVAL; 1122 goto free_out; 1123 } 1124 m = BEBITS; 1125 } 1126 if (m > BEBITS) { 1127 rc = -EINVAL; 1128 goto free_out; 1129 } 1130 1131 /* 1132 * If smack begins with '-', it is an option, don't import it 1133 */ 1134 if (smack[0] != '-') { 1135 sp = smk_import(smack, 0); 1136 if (sp == NULL) { 1137 rc = -EINVAL; 1138 goto free_out; 1139 } 1140 } else { 1141 /* check known options */ 1142 if (strcmp(smack, smack_cipso_option) == 0) 1143 sp = (char *)smack_cipso_option; 1144 else { 1145 rc = -EINVAL; 1146 goto free_out; 1147 } 1148 } 1149 1150 for (temp_mask = 0; m > 0; m--) { 1151 temp_mask |= mask_bits; 1152 mask_bits >>= 1; 1153 } 1154 mask.s_addr = cpu_to_be32(temp_mask); 1155 1156 newname.sin_addr.s_addr &= mask.s_addr; 1157 /* 1158 * Only allow one writer at a time. Writes should be 1159 * quite rare and small in any case. 1160 */ 1161 mutex_lock(&smk_netlbladdr_lock); 1162 1163 nsa = newname.sin_addr.s_addr; 1164 /* try to find if the prefix is already in the list */ 1165 found = 0; 1166 list_for_each_entry_rcu(skp, &smk_netlbladdr_list, list) { 1167 if (skp->smk_host.sin_addr.s_addr == nsa && 1168 skp->smk_mask.s_addr == mask.s_addr) { 1169 found = 1; 1170 break; 1171 } 1172 } 1173 smk_netlabel_audit_set(&audit_info); 1174 1175 if (found == 0) { 1176 skp = kzalloc(sizeof(*skp), GFP_KERNEL); 1177 if (skp == NULL) 1178 rc = -ENOMEM; 1179 else { 1180 rc = 0; 1181 skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr; 1182 skp->smk_mask.s_addr = mask.s_addr; 1183 skp->smk_label = sp; 1184 smk_netlbladdr_insert(skp); 1185 } 1186 } else { 1187 /* we delete the unlabeled entry, only if the previous label 1188 * wasn't the special CIPSO option */ 1189 if (skp->smk_label != smack_cipso_option) 1190 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL, 1191 &skp->smk_host.sin_addr, &skp->smk_mask, 1192 PF_INET, &audit_info); 1193 else 1194 rc = 0; 1195 skp->smk_label = sp; 1196 } 1197 1198 /* 1199 * Now tell netlabel about the single label nature of 1200 * this host so that incoming packets get labeled. 1201 * but only if we didn't get the special CIPSO option 1202 */ 1203 if (rc == 0 && sp != smack_cipso_option) 1204 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, 1205 &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET, 1206 smack_to_secid(skp->smk_label), &audit_info); 1207 1208 if (rc == 0) 1209 rc = count; 1210 1211 mutex_unlock(&smk_netlbladdr_lock); 1212 1213 free_out: 1214 kfree(smack); 1215 free_data_out: 1216 kfree(data); 1217 1218 return rc; 1219 } 1220 1221 static const struct file_operations smk_netlbladdr_ops = { 1222 .open = smk_open_netlbladdr, 1223 .read = seq_read, 1224 .llseek = seq_lseek, 1225 .write = smk_write_netlbladdr, 1226 .release = seq_release, 1227 }; 1228 1229 /** 1230 * smk_read_doi - read() for /smack/doi 1231 * @filp: file pointer, not actually used 1232 * @buf: where to put the result 1233 * @count: maximum to send along 1234 * @ppos: where to start 1235 * 1236 * Returns number of bytes read or error code, as appropriate 1237 */ 1238 static ssize_t smk_read_doi(struct file *filp, char __user *buf, 1239 size_t count, loff_t *ppos) 1240 { 1241 char temp[80]; 1242 ssize_t rc; 1243 1244 if (*ppos != 0) 1245 return 0; 1246 1247 sprintf(temp, "%d", smk_cipso_doi_value); 1248 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1249 1250 return rc; 1251 } 1252 1253 /** 1254 * smk_write_doi - write() for /smack/doi 1255 * @file: file pointer, not actually used 1256 * @buf: where to get the data from 1257 * @count: bytes sent 1258 * @ppos: where to start 1259 * 1260 * Returns number of bytes written or error code, as appropriate 1261 */ 1262 static ssize_t smk_write_doi(struct file *file, const char __user *buf, 1263 size_t count, loff_t *ppos) 1264 { 1265 char temp[80]; 1266 int i; 1267 1268 if (!smack_privileged(CAP_MAC_ADMIN)) 1269 return -EPERM; 1270 1271 if (count >= sizeof(temp) || count == 0) 1272 return -EINVAL; 1273 1274 if (copy_from_user(temp, buf, count) != 0) 1275 return -EFAULT; 1276 1277 temp[count] = '\0'; 1278 1279 if (sscanf(temp, "%d", &i) != 1) 1280 return -EINVAL; 1281 1282 smk_cipso_doi_value = i; 1283 1284 smk_cipso_doi(); 1285 1286 return count; 1287 } 1288 1289 static const struct file_operations smk_doi_ops = { 1290 .read = smk_read_doi, 1291 .write = smk_write_doi, 1292 .llseek = default_llseek, 1293 }; 1294 1295 /** 1296 * smk_read_direct - read() for /smack/direct 1297 * @filp: file pointer, not actually used 1298 * @buf: where to put the result 1299 * @count: maximum to send along 1300 * @ppos: where to start 1301 * 1302 * Returns number of bytes read or error code, as appropriate 1303 */ 1304 static ssize_t smk_read_direct(struct file *filp, char __user *buf, 1305 size_t count, loff_t *ppos) 1306 { 1307 char temp[80]; 1308 ssize_t rc; 1309 1310 if (*ppos != 0) 1311 return 0; 1312 1313 sprintf(temp, "%d", smack_cipso_direct); 1314 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1315 1316 return rc; 1317 } 1318 1319 /** 1320 * smk_write_direct - write() for /smack/direct 1321 * @file: file pointer, not actually used 1322 * @buf: where to get the data from 1323 * @count: bytes sent 1324 * @ppos: where to start 1325 * 1326 * Returns number of bytes written or error code, as appropriate 1327 */ 1328 static ssize_t smk_write_direct(struct file *file, const char __user *buf, 1329 size_t count, loff_t *ppos) 1330 { 1331 struct smack_known *skp; 1332 char temp[80]; 1333 int i; 1334 1335 if (!smack_privileged(CAP_MAC_ADMIN)) 1336 return -EPERM; 1337 1338 if (count >= sizeof(temp) || count == 0) 1339 return -EINVAL; 1340 1341 if (copy_from_user(temp, buf, count) != 0) 1342 return -EFAULT; 1343 1344 temp[count] = '\0'; 1345 1346 if (sscanf(temp, "%d", &i) != 1) 1347 return -EINVAL; 1348 1349 /* 1350 * Don't do anything if the value hasn't actually changed. 1351 * If it is changing reset the level on entries that were 1352 * set up to be direct when they were created. 1353 */ 1354 if (smack_cipso_direct != i) { 1355 mutex_lock(&smack_known_lock); 1356 list_for_each_entry_rcu(skp, &smack_known_list, list) 1357 if (skp->smk_netlabel.attr.mls.lvl == 1358 smack_cipso_direct) 1359 skp->smk_netlabel.attr.mls.lvl = i; 1360 smack_cipso_direct = i; 1361 mutex_unlock(&smack_known_lock); 1362 } 1363 1364 return count; 1365 } 1366 1367 static const struct file_operations smk_direct_ops = { 1368 .read = smk_read_direct, 1369 .write = smk_write_direct, 1370 .llseek = default_llseek, 1371 }; 1372 1373 /** 1374 * smk_read_mapped - read() for /smack/mapped 1375 * @filp: file pointer, not actually used 1376 * @buf: where to put the result 1377 * @count: maximum to send along 1378 * @ppos: where to start 1379 * 1380 * Returns number of bytes read or error code, as appropriate 1381 */ 1382 static ssize_t smk_read_mapped(struct file *filp, char __user *buf, 1383 size_t count, loff_t *ppos) 1384 { 1385 char temp[80]; 1386 ssize_t rc; 1387 1388 if (*ppos != 0) 1389 return 0; 1390 1391 sprintf(temp, "%d", smack_cipso_mapped); 1392 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1393 1394 return rc; 1395 } 1396 1397 /** 1398 * smk_write_mapped - write() for /smack/mapped 1399 * @file: file pointer, not actually used 1400 * @buf: where to get the data from 1401 * @count: bytes sent 1402 * @ppos: where to start 1403 * 1404 * Returns number of bytes written or error code, as appropriate 1405 */ 1406 static ssize_t smk_write_mapped(struct file *file, const char __user *buf, 1407 size_t count, loff_t *ppos) 1408 { 1409 struct smack_known *skp; 1410 char temp[80]; 1411 int i; 1412 1413 if (!smack_privileged(CAP_MAC_ADMIN)) 1414 return -EPERM; 1415 1416 if (count >= sizeof(temp) || count == 0) 1417 return -EINVAL; 1418 1419 if (copy_from_user(temp, buf, count) != 0) 1420 return -EFAULT; 1421 1422 temp[count] = '\0'; 1423 1424 if (sscanf(temp, "%d", &i) != 1) 1425 return -EINVAL; 1426 1427 /* 1428 * Don't do anything if the value hasn't actually changed. 1429 * If it is changing reset the level on entries that were 1430 * set up to be mapped when they were created. 1431 */ 1432 if (smack_cipso_mapped != i) { 1433 mutex_lock(&smack_known_lock); 1434 list_for_each_entry_rcu(skp, &smack_known_list, list) 1435 if (skp->smk_netlabel.attr.mls.lvl == 1436 smack_cipso_mapped) 1437 skp->smk_netlabel.attr.mls.lvl = i; 1438 smack_cipso_mapped = i; 1439 mutex_unlock(&smack_known_lock); 1440 } 1441 1442 return count; 1443 } 1444 1445 static const struct file_operations smk_mapped_ops = { 1446 .read = smk_read_mapped, 1447 .write = smk_write_mapped, 1448 .llseek = default_llseek, 1449 }; 1450 1451 /** 1452 * smk_read_ambient - read() for /smack/ambient 1453 * @filp: file pointer, not actually used 1454 * @buf: where to put the result 1455 * @cn: maximum to send along 1456 * @ppos: where to start 1457 * 1458 * Returns number of bytes read or error code, as appropriate 1459 */ 1460 static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 1461 size_t cn, loff_t *ppos) 1462 { 1463 ssize_t rc; 1464 int asize; 1465 1466 if (*ppos != 0) 1467 return 0; 1468 /* 1469 * Being careful to avoid a problem in the case where 1470 * smack_net_ambient gets changed in midstream. 1471 */ 1472 mutex_lock(&smack_ambient_lock); 1473 1474 asize = strlen(smack_net_ambient) + 1; 1475 1476 if (cn >= asize) 1477 rc = simple_read_from_buffer(buf, cn, ppos, 1478 smack_net_ambient, asize); 1479 else 1480 rc = -EINVAL; 1481 1482 mutex_unlock(&smack_ambient_lock); 1483 1484 return rc; 1485 } 1486 1487 /** 1488 * smk_write_ambient - write() for /smack/ambient 1489 * @file: file pointer, not actually used 1490 * @buf: where to get the data from 1491 * @count: bytes sent 1492 * @ppos: where to start 1493 * 1494 * Returns number of bytes written or error code, as appropriate 1495 */ 1496 static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 1497 size_t count, loff_t *ppos) 1498 { 1499 char *oldambient; 1500 char *smack = NULL; 1501 char *data; 1502 int rc = count; 1503 1504 if (!smack_privileged(CAP_MAC_ADMIN)) 1505 return -EPERM; 1506 1507 data = kzalloc(count + 1, GFP_KERNEL); 1508 if (data == NULL) 1509 return -ENOMEM; 1510 1511 if (copy_from_user(data, buf, count) != 0) { 1512 rc = -EFAULT; 1513 goto out; 1514 } 1515 1516 smack = smk_import(data, count); 1517 if (smack == NULL) { 1518 rc = -EINVAL; 1519 goto out; 1520 } 1521 1522 mutex_lock(&smack_ambient_lock); 1523 1524 oldambient = smack_net_ambient; 1525 smack_net_ambient = smack; 1526 smk_unlbl_ambient(oldambient); 1527 1528 mutex_unlock(&smack_ambient_lock); 1529 1530 out: 1531 kfree(data); 1532 return rc; 1533 } 1534 1535 static const struct file_operations smk_ambient_ops = { 1536 .read = smk_read_ambient, 1537 .write = smk_write_ambient, 1538 .llseek = default_llseek, 1539 }; 1540 1541 /** 1542 * smk_read_onlycap - read() for /smack/onlycap 1543 * @filp: file pointer, not actually used 1544 * @buf: where to put the result 1545 * @cn: maximum to send along 1546 * @ppos: where to start 1547 * 1548 * Returns number of bytes read or error code, as appropriate 1549 */ 1550 static ssize_t smk_read_onlycap(struct file *filp, char __user *buf, 1551 size_t cn, loff_t *ppos) 1552 { 1553 char *smack = ""; 1554 ssize_t rc = -EINVAL; 1555 int asize; 1556 1557 if (*ppos != 0) 1558 return 0; 1559 1560 if (smack_onlycap != NULL) 1561 smack = smack_onlycap; 1562 1563 asize = strlen(smack) + 1; 1564 1565 if (cn >= asize) 1566 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 1567 1568 return rc; 1569 } 1570 1571 /** 1572 * smk_write_onlycap - write() for /smack/onlycap 1573 * @file: file pointer, not actually used 1574 * @buf: where to get the data from 1575 * @count: bytes sent 1576 * @ppos: where to start 1577 * 1578 * Returns number of bytes written or error code, as appropriate 1579 */ 1580 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 1581 size_t count, loff_t *ppos) 1582 { 1583 char *data; 1584 char *sp = smk_of_task(current->cred->security); 1585 int rc = count; 1586 1587 if (!smack_privileged(CAP_MAC_ADMIN)) 1588 return -EPERM; 1589 1590 /* 1591 * This can be done using smk_access() but is done 1592 * explicitly for clarity. The smk_access() implementation 1593 * would use smk_access(smack_onlycap, MAY_WRITE) 1594 */ 1595 if (smack_onlycap != NULL && smack_onlycap != sp) 1596 return -EPERM; 1597 1598 data = kzalloc(count, GFP_KERNEL); 1599 if (data == NULL) 1600 return -ENOMEM; 1601 1602 /* 1603 * Should the null string be passed in unset the onlycap value. 1604 * This seems like something to be careful with as usually 1605 * smk_import only expects to return NULL for errors. It 1606 * is usually the case that a nullstring or "\n" would be 1607 * bad to pass to smk_import but in fact this is useful here. 1608 * 1609 * smk_import will also reject a label beginning with '-', 1610 * so "-usecapabilities" will also work. 1611 */ 1612 if (copy_from_user(data, buf, count) != 0) 1613 rc = -EFAULT; 1614 else 1615 smack_onlycap = smk_import(data, count); 1616 1617 kfree(data); 1618 return rc; 1619 } 1620 1621 static const struct file_operations smk_onlycap_ops = { 1622 .read = smk_read_onlycap, 1623 .write = smk_write_onlycap, 1624 .llseek = default_llseek, 1625 }; 1626 1627 /** 1628 * smk_read_logging - read() for /smack/logging 1629 * @filp: file pointer, not actually used 1630 * @buf: where to put the result 1631 * @cn: maximum to send along 1632 * @ppos: where to start 1633 * 1634 * Returns number of bytes read or error code, as appropriate 1635 */ 1636 static ssize_t smk_read_logging(struct file *filp, char __user *buf, 1637 size_t count, loff_t *ppos) 1638 { 1639 char temp[32]; 1640 ssize_t rc; 1641 1642 if (*ppos != 0) 1643 return 0; 1644 1645 sprintf(temp, "%d\n", log_policy); 1646 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1647 return rc; 1648 } 1649 1650 /** 1651 * smk_write_logging - write() for /smack/logging 1652 * @file: file pointer, not actually used 1653 * @buf: where to get the data from 1654 * @count: bytes sent 1655 * @ppos: where to start 1656 * 1657 * Returns number of bytes written or error code, as appropriate 1658 */ 1659 static ssize_t smk_write_logging(struct file *file, const char __user *buf, 1660 size_t count, loff_t *ppos) 1661 { 1662 char temp[32]; 1663 int i; 1664 1665 if (!smack_privileged(CAP_MAC_ADMIN)) 1666 return -EPERM; 1667 1668 if (count >= sizeof(temp) || count == 0) 1669 return -EINVAL; 1670 1671 if (copy_from_user(temp, buf, count) != 0) 1672 return -EFAULT; 1673 1674 temp[count] = '\0'; 1675 1676 if (sscanf(temp, "%d", &i) != 1) 1677 return -EINVAL; 1678 if (i < 0 || i > 3) 1679 return -EINVAL; 1680 log_policy = i; 1681 return count; 1682 } 1683 1684 1685 1686 static const struct file_operations smk_logging_ops = { 1687 .read = smk_read_logging, 1688 .write = smk_write_logging, 1689 .llseek = default_llseek, 1690 }; 1691 1692 /* 1693 * Seq_file read operations for /smack/load-self 1694 */ 1695 1696 static void *load_self_seq_start(struct seq_file *s, loff_t *pos) 1697 { 1698 struct task_smack *tsp = current_security(); 1699 1700 return smk_seq_start(s, pos, &tsp->smk_rules); 1701 } 1702 1703 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) 1704 { 1705 struct task_smack *tsp = current_security(); 1706 1707 return smk_seq_next(s, v, pos, &tsp->smk_rules); 1708 } 1709 1710 static int load_self_seq_show(struct seq_file *s, void *v) 1711 { 1712 struct list_head *list = v; 1713 struct smack_rule *srp = 1714 list_entry(list, struct smack_rule, list); 1715 1716 smk_rule_show(s, srp, SMK_LABELLEN); 1717 1718 return 0; 1719 } 1720 1721 static const struct seq_operations load_self_seq_ops = { 1722 .start = load_self_seq_start, 1723 .next = load_self_seq_next, 1724 .show = load_self_seq_show, 1725 .stop = smk_seq_stop, 1726 }; 1727 1728 1729 /** 1730 * smk_open_load_self - open() for /smack/load-self2 1731 * @inode: inode structure representing file 1732 * @file: "load" file pointer 1733 * 1734 * For reading, use load_seq_* seq_file reading operations. 1735 */ 1736 static int smk_open_load_self(struct inode *inode, struct file *file) 1737 { 1738 return seq_open(file, &load_self_seq_ops); 1739 } 1740 1741 /** 1742 * smk_write_load_self - write() for /smack/load-self 1743 * @file: file pointer, not actually used 1744 * @buf: where to get the data from 1745 * @count: bytes sent 1746 * @ppos: where to start - must be 0 1747 * 1748 */ 1749 static ssize_t smk_write_load_self(struct file *file, const char __user *buf, 1750 size_t count, loff_t *ppos) 1751 { 1752 struct task_smack *tsp = current_security(); 1753 1754 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, 1755 &tsp->smk_rules_lock, SMK_FIXED24_FMT); 1756 } 1757 1758 static const struct file_operations smk_load_self_ops = { 1759 .open = smk_open_load_self, 1760 .read = seq_read, 1761 .llseek = seq_lseek, 1762 .write = smk_write_load_self, 1763 .release = seq_release, 1764 }; 1765 1766 /** 1767 * smk_user_access - handle access check transaction 1768 * @file: file pointer 1769 * @buf: data from user space 1770 * @count: bytes sent 1771 * @ppos: where to start - must be 0 1772 */ 1773 static ssize_t smk_user_access(struct file *file, const char __user *buf, 1774 size_t count, loff_t *ppos, int format) 1775 { 1776 struct smack_rule rule; 1777 char *data; 1778 char *cod; 1779 int res; 1780 1781 data = simple_transaction_get(file, buf, count); 1782 if (IS_ERR(data)) 1783 return PTR_ERR(data); 1784 1785 if (format == SMK_FIXED24_FMT) { 1786 if (count < SMK_LOADLEN) 1787 return -EINVAL; 1788 res = smk_parse_rule(data, &rule, 0); 1789 } else { 1790 /* 1791 * Copy the data to make sure the string is terminated. 1792 */ 1793 cod = kzalloc(count + 1, GFP_KERNEL); 1794 if (cod == NULL) 1795 return -ENOMEM; 1796 memcpy(cod, data, count); 1797 cod[count] = '\0'; 1798 res = smk_parse_long_rule(cod, &rule, 0); 1799 kfree(cod); 1800 } 1801 1802 if (res) 1803 return -EINVAL; 1804 1805 res = smk_access(rule.smk_subject, rule.smk_object, rule.smk_access, 1806 NULL); 1807 data[0] = res == 0 ? '1' : '0'; 1808 data[1] = '\0'; 1809 1810 simple_transaction_set(file, 2); 1811 1812 if (format == SMK_FIXED24_FMT) 1813 return SMK_LOADLEN; 1814 return count; 1815 } 1816 1817 /** 1818 * smk_write_access - handle access check transaction 1819 * @file: file pointer 1820 * @buf: data from user space 1821 * @count: bytes sent 1822 * @ppos: where to start - must be 0 1823 */ 1824 static ssize_t smk_write_access(struct file *file, const char __user *buf, 1825 size_t count, loff_t *ppos) 1826 { 1827 return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT); 1828 } 1829 1830 static const struct file_operations smk_access_ops = { 1831 .write = smk_write_access, 1832 .read = simple_transaction_read, 1833 .release = simple_transaction_release, 1834 .llseek = generic_file_llseek, 1835 }; 1836 1837 1838 /* 1839 * Seq_file read operations for /smack/load2 1840 */ 1841 1842 static int load2_seq_show(struct seq_file *s, void *v) 1843 { 1844 struct list_head *list = v; 1845 struct smack_master_list *smlp = 1846 list_entry(list, struct smack_master_list, list); 1847 1848 smk_rule_show(s, smlp->smk_rule, SMK_LONGLABEL); 1849 1850 return 0; 1851 } 1852 1853 static const struct seq_operations load2_seq_ops = { 1854 .start = load2_seq_start, 1855 .next = load2_seq_next, 1856 .show = load2_seq_show, 1857 .stop = smk_seq_stop, 1858 }; 1859 1860 /** 1861 * smk_open_load2 - open() for /smack/load2 1862 * @inode: inode structure representing file 1863 * @file: "load2" file pointer 1864 * 1865 * For reading, use load2_seq_* seq_file reading operations. 1866 */ 1867 static int smk_open_load2(struct inode *inode, struct file *file) 1868 { 1869 return seq_open(file, &load2_seq_ops); 1870 } 1871 1872 /** 1873 * smk_write_load2 - write() for /smack/load2 1874 * @file: file pointer, not actually used 1875 * @buf: where to get the data from 1876 * @count: bytes sent 1877 * @ppos: where to start - must be 0 1878 * 1879 */ 1880 static ssize_t smk_write_load2(struct file *file, const char __user *buf, 1881 size_t count, loff_t *ppos) 1882 { 1883 /* 1884 * Must have privilege. 1885 */ 1886 if (!smack_privileged(CAP_MAC_ADMIN)) 1887 return -EPERM; 1888 1889 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL, 1890 SMK_LONG_FMT); 1891 } 1892 1893 static const struct file_operations smk_load2_ops = { 1894 .open = smk_open_load2, 1895 .read = seq_read, 1896 .llseek = seq_lseek, 1897 .write = smk_write_load2, 1898 .release = seq_release, 1899 }; 1900 1901 /* 1902 * Seq_file read operations for /smack/load-self2 1903 */ 1904 1905 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos) 1906 { 1907 struct task_smack *tsp = current_security(); 1908 1909 return smk_seq_start(s, pos, &tsp->smk_rules); 1910 } 1911 1912 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos) 1913 { 1914 struct task_smack *tsp = current_security(); 1915 1916 return smk_seq_next(s, v, pos, &tsp->smk_rules); 1917 } 1918 1919 static int load_self2_seq_show(struct seq_file *s, void *v) 1920 { 1921 struct list_head *list = v; 1922 struct smack_rule *srp = 1923 list_entry(list, struct smack_rule, list); 1924 1925 smk_rule_show(s, srp, SMK_LONGLABEL); 1926 1927 return 0; 1928 } 1929 1930 static const struct seq_operations load_self2_seq_ops = { 1931 .start = load_self2_seq_start, 1932 .next = load_self2_seq_next, 1933 .show = load_self2_seq_show, 1934 .stop = smk_seq_stop, 1935 }; 1936 1937 /** 1938 * smk_open_load_self2 - open() for /smack/load-self2 1939 * @inode: inode structure representing file 1940 * @file: "load" file pointer 1941 * 1942 * For reading, use load_seq_* seq_file reading operations. 1943 */ 1944 static int smk_open_load_self2(struct inode *inode, struct file *file) 1945 { 1946 return seq_open(file, &load_self2_seq_ops); 1947 } 1948 1949 /** 1950 * smk_write_load_self2 - write() for /smack/load-self2 1951 * @file: file pointer, not actually used 1952 * @buf: where to get the data from 1953 * @count: bytes sent 1954 * @ppos: where to start - must be 0 1955 * 1956 */ 1957 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf, 1958 size_t count, loff_t *ppos) 1959 { 1960 struct task_smack *tsp = current_security(); 1961 1962 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, 1963 &tsp->smk_rules_lock, SMK_LONG_FMT); 1964 } 1965 1966 static const struct file_operations smk_load_self2_ops = { 1967 .open = smk_open_load_self2, 1968 .read = seq_read, 1969 .llseek = seq_lseek, 1970 .write = smk_write_load_self2, 1971 .release = seq_release, 1972 }; 1973 1974 /** 1975 * smk_write_access2 - handle access check transaction 1976 * @file: file pointer 1977 * @buf: data from user space 1978 * @count: bytes sent 1979 * @ppos: where to start - must be 0 1980 */ 1981 static ssize_t smk_write_access2(struct file *file, const char __user *buf, 1982 size_t count, loff_t *ppos) 1983 { 1984 return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT); 1985 } 1986 1987 static const struct file_operations smk_access2_ops = { 1988 .write = smk_write_access2, 1989 .read = simple_transaction_read, 1990 .release = simple_transaction_release, 1991 .llseek = generic_file_llseek, 1992 }; 1993 1994 /** 1995 * smk_fill_super - fill the /smackfs superblock 1996 * @sb: the empty superblock 1997 * @data: unused 1998 * @silent: unused 1999 * 2000 * Fill in the well known entries for /smack 2001 * 2002 * Returns 0 on success, an error code on failure 2003 */ 2004 static int smk_fill_super(struct super_block *sb, void *data, int silent) 2005 { 2006 int rc; 2007 struct inode *root_inode; 2008 2009 static struct tree_descr smack_files[] = { 2010 [SMK_LOAD] = { 2011 "load", &smk_load_ops, S_IRUGO|S_IWUSR}, 2012 [SMK_CIPSO] = { 2013 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 2014 [SMK_DOI] = { 2015 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 2016 [SMK_DIRECT] = { 2017 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 2018 [SMK_AMBIENT] = { 2019 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 2020 [SMK_NETLBLADDR] = { 2021 "netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, 2022 [SMK_ONLYCAP] = { 2023 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 2024 [SMK_LOGGING] = { 2025 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, 2026 [SMK_LOAD_SELF] = { 2027 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO}, 2028 [SMK_ACCESSES] = { 2029 "access", &smk_access_ops, S_IRUGO|S_IWUGO}, 2030 [SMK_MAPPED] = { 2031 "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR}, 2032 [SMK_LOAD2] = { 2033 "load2", &smk_load2_ops, S_IRUGO|S_IWUSR}, 2034 [SMK_LOAD_SELF2] = { 2035 "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO}, 2036 [SMK_ACCESS2] = { 2037 "access2", &smk_access2_ops, S_IRUGO|S_IWUGO}, 2038 [SMK_CIPSO2] = { 2039 "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR}, 2040 /* last one */ 2041 {""} 2042 }; 2043 2044 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 2045 if (rc != 0) { 2046 printk(KERN_ERR "%s failed %d while creating inodes\n", 2047 __func__, rc); 2048 return rc; 2049 } 2050 2051 root_inode = sb->s_root->d_inode; 2052 2053 return 0; 2054 } 2055 2056 /** 2057 * smk_mount - get the smackfs superblock 2058 * @fs_type: passed along without comment 2059 * @flags: passed along without comment 2060 * @dev_name: passed along without comment 2061 * @data: passed along without comment 2062 * 2063 * Just passes everything along. 2064 * 2065 * Returns what the lower level code does. 2066 */ 2067 static struct dentry *smk_mount(struct file_system_type *fs_type, 2068 int flags, const char *dev_name, void *data) 2069 { 2070 return mount_single(fs_type, flags, data, smk_fill_super); 2071 } 2072 2073 static struct file_system_type smk_fs_type = { 2074 .name = "smackfs", 2075 .mount = smk_mount, 2076 .kill_sb = kill_litter_super, 2077 }; 2078 2079 static struct vfsmount *smackfs_mount; 2080 2081 static int __init smk_preset_netlabel(struct smack_known *skp) 2082 { 2083 skp->smk_netlabel.domain = skp->smk_known; 2084 skp->smk_netlabel.flags = 2085 NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; 2086 return smk_netlbl_mls(smack_cipso_direct, skp->smk_known, 2087 &skp->smk_netlabel, strlen(skp->smk_known)); 2088 } 2089 2090 /** 2091 * init_smk_fs - get the smackfs superblock 2092 * 2093 * register the smackfs 2094 * 2095 * Do not register smackfs if Smack wasn't enabled 2096 * on boot. We can not put this method normally under the 2097 * smack_init() code path since the security subsystem get 2098 * initialized before the vfs caches. 2099 * 2100 * Returns true if we were not chosen on boot or if 2101 * we were chosen and filesystem registration succeeded. 2102 */ 2103 static int __init init_smk_fs(void) 2104 { 2105 int err; 2106 int rc; 2107 2108 if (!security_module_enable(&smack_ops)) 2109 return 0; 2110 2111 err = register_filesystem(&smk_fs_type); 2112 if (!err) { 2113 smackfs_mount = kern_mount(&smk_fs_type); 2114 if (IS_ERR(smackfs_mount)) { 2115 printk(KERN_ERR "smackfs: could not mount!\n"); 2116 err = PTR_ERR(smackfs_mount); 2117 smackfs_mount = NULL; 2118 } 2119 } 2120 2121 smk_cipso_doi(); 2122 smk_unlbl_ambient(NULL); 2123 2124 rc = smk_preset_netlabel(&smack_known_floor); 2125 if (err == 0 && rc < 0) 2126 err = rc; 2127 rc = smk_preset_netlabel(&smack_known_hat); 2128 if (err == 0 && rc < 0) 2129 err = rc; 2130 rc = smk_preset_netlabel(&smack_known_huh); 2131 if (err == 0 && rc < 0) 2132 err = rc; 2133 rc = smk_preset_netlabel(&smack_known_invalid); 2134 if (err == 0 && rc < 0) 2135 err = rc; 2136 rc = smk_preset_netlabel(&smack_known_star); 2137 if (err == 0 && rc < 0) 2138 err = rc; 2139 rc = smk_preset_netlabel(&smack_known_web); 2140 if (err == 0 && rc < 0) 2141 err = rc; 2142 2143 return err; 2144 } 2145 2146 __initcall(init_smk_fs); 2147