1 /* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/vmalloc.h> 21 #include <linux/security.h> 22 #include <linux/mutex.h> 23 #include <net/net_namespace.h> 24 #include <net/netlabel.h> 25 #include <net/cipso_ipv4.h> 26 #include <linux/seq_file.h> 27 #include <linux/ctype.h> 28 #include <linux/audit.h> 29 #include "smack.h" 30 31 /* 32 * smackfs pseudo filesystem. 33 */ 34 35 enum smk_inos { 36 SMK_ROOT_INO = 2, 37 SMK_LOAD = 3, /* load policy */ 38 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 39 SMK_DOI = 5, /* CIPSO DOI */ 40 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 41 SMK_AMBIENT = 7, /* internet ambient label */ 42 SMK_NETLBLADDR = 8, /* single label hosts */ 43 SMK_ONLYCAP = 9, /* the only "capable" label */ 44 }; 45 46 /* 47 * List locks 48 */ 49 static DEFINE_MUTEX(smack_list_lock); 50 static DEFINE_MUTEX(smack_cipso_lock); 51 static DEFINE_MUTEX(smack_ambient_lock); 52 static DEFINE_MUTEX(smk_netlbladdr_lock); 53 54 /* 55 * This is the "ambient" label for network traffic. 56 * If it isn't somehow marked, use this. 57 * It can be reset via smackfs/ambient 58 */ 59 char *smack_net_ambient = smack_known_floor.smk_known; 60 61 /* 62 * This is the level in a CIPSO header that indicates a 63 * smack label is contained directly in the category set. 64 * It can be reset via smackfs/direct 65 */ 66 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 67 68 /* 69 * Unless a process is running with this label even 70 * having CAP_MAC_OVERRIDE isn't enough to grant 71 * privilege to violate MAC policy. If no label is 72 * designated (the NULL case) capabilities apply to 73 * everyone. It is expected that the hat (^) label 74 * will be used if any label is used. 75 */ 76 char *smack_onlycap; 77 78 /* 79 * Certain IP addresses may be designated as single label hosts. 80 * Packets are sent there unlabeled, but only from tasks that 81 * can write to the specified label. 82 */ 83 struct smk_netlbladdr *smack_netlbladdrs; 84 85 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 86 struct smk_list_entry *smack_list; 87 88 #define SEQ_READ_FINISHED 1 89 90 /* 91 * Values for parsing cipso rules 92 * SMK_DIGITLEN: Length of a digit field in a rule. 93 * SMK_CIPSOMIN: Minimum possible cipso rule length. 94 * SMK_CIPSOMAX: Maximum possible cipso rule length. 95 */ 96 #define SMK_DIGITLEN 4 97 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 98 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 99 100 /* 101 * Values for parsing MAC rules 102 * SMK_ACCESS: Maximum possible combination of access permissions 103 * SMK_ACCESSLEN: Maximum length for a rule access field 104 * SMK_LOADLEN: Smack rule length 105 */ 106 #define SMK_ACCESS "rwxa" 107 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 108 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 109 110 /** 111 * smk_netlabel_audit_set - fill a netlbl_audit struct 112 * @nap: structure to fill 113 */ 114 static void smk_netlabel_audit_set(struct netlbl_audit *nap) 115 { 116 nap->loginuid = audit_get_loginuid(current); 117 nap->sessionid = audit_get_sessionid(current); 118 nap->secid = smack_to_secid(current_security()); 119 } 120 121 /* 122 * Values for parsing single label host rules 123 * "1.2.3.4 X" 124 * "192.168.138.129/32 abcdefghijklmnopqrstuvw" 125 */ 126 #define SMK_NETLBLADDRMIN 9 127 #define SMK_NETLBLADDRMAX 42 128 129 /* 130 * Seq_file read operations for /smack/load 131 */ 132 133 static void *load_seq_start(struct seq_file *s, loff_t *pos) 134 { 135 if (*pos == SEQ_READ_FINISHED) 136 return NULL; 137 138 return smack_list; 139 } 140 141 static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) 142 { 143 struct smk_list_entry *skp = ((struct smk_list_entry *) v)->smk_next; 144 145 if (skp == NULL) 146 *pos = SEQ_READ_FINISHED; 147 148 return skp; 149 } 150 151 static int load_seq_show(struct seq_file *s, void *v) 152 { 153 struct smk_list_entry *slp = (struct smk_list_entry *) v; 154 struct smack_rule *srp = &slp->smk_rule; 155 156 seq_printf(s, "%s %s", (char *)srp->smk_subject, 157 (char *)srp->smk_object); 158 159 seq_putc(s, ' '); 160 161 if (srp->smk_access & MAY_READ) 162 seq_putc(s, 'r'); 163 if (srp->smk_access & MAY_WRITE) 164 seq_putc(s, 'w'); 165 if (srp->smk_access & MAY_EXEC) 166 seq_putc(s, 'x'); 167 if (srp->smk_access & MAY_APPEND) 168 seq_putc(s, 'a'); 169 if (srp->smk_access == 0) 170 seq_putc(s, '-'); 171 172 seq_putc(s, '\n'); 173 174 return 0; 175 } 176 177 static void load_seq_stop(struct seq_file *s, void *v) 178 { 179 /* No-op */ 180 } 181 182 static struct seq_operations load_seq_ops = { 183 .start = load_seq_start, 184 .next = load_seq_next, 185 .show = load_seq_show, 186 .stop = load_seq_stop, 187 }; 188 189 /** 190 * smk_open_load - open() for /smack/load 191 * @inode: inode structure representing file 192 * @file: "load" file pointer 193 * 194 * For reading, use load_seq_* seq_file reading operations. 195 */ 196 static int smk_open_load(struct inode *inode, struct file *file) 197 { 198 return seq_open(file, &load_seq_ops); 199 } 200 201 /** 202 * smk_set_access - add a rule to the rule list 203 * @srp: the new rule to add 204 * 205 * Looks through the current subject/object/access list for 206 * the subject/object pair and replaces the access that was 207 * there. If the pair isn't found add it with the specified 208 * access. 209 * 210 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 211 * during the allocation of the new pair to add. 212 */ 213 static int smk_set_access(struct smack_rule *srp) 214 { 215 struct smk_list_entry *sp; 216 struct smk_list_entry *newp; 217 int ret = 0; 218 219 mutex_lock(&smack_list_lock); 220 221 for (sp = smack_list; sp != NULL; sp = sp->smk_next) 222 if (sp->smk_rule.smk_subject == srp->smk_subject && 223 sp->smk_rule.smk_object == srp->smk_object) { 224 sp->smk_rule.smk_access = srp->smk_access; 225 break; 226 } 227 228 if (sp == NULL) { 229 newp = kzalloc(sizeof(struct smk_list_entry), GFP_KERNEL); 230 if (newp == NULL) { 231 ret = -ENOMEM; 232 goto out; 233 } 234 235 newp->smk_rule = *srp; 236 newp->smk_next = smack_list; 237 smack_list = newp; 238 } 239 240 out: 241 mutex_unlock(&smack_list_lock); 242 243 return ret; 244 } 245 246 /** 247 * smk_write_load - write() for /smack/load 248 * @filp: file pointer, not actually used 249 * @buf: where to get the data from 250 * @count: bytes sent 251 * @ppos: where to start - must be 0 252 * 253 * Get one smack access rule from above. 254 * The format is exactly: 255 * char subject[SMK_LABELLEN] 256 * char object[SMK_LABELLEN] 257 * char access[SMK_ACCESSLEN] 258 * 259 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. 260 */ 261 static ssize_t smk_write_load(struct file *file, const char __user *buf, 262 size_t count, loff_t *ppos) 263 { 264 struct smack_rule rule; 265 char *data; 266 int rc = -EINVAL; 267 268 /* 269 * Must have privilege. 270 * No partial writes. 271 * Enough data must be present. 272 */ 273 if (!capable(CAP_MAC_ADMIN)) 274 return -EPERM; 275 if (*ppos != 0) 276 return -EINVAL; 277 if (count != SMK_LOADLEN) 278 return -EINVAL; 279 280 data = kzalloc(count, GFP_KERNEL); 281 if (data == NULL) 282 return -ENOMEM; 283 284 if (copy_from_user(data, buf, count) != 0) { 285 rc = -EFAULT; 286 goto out; 287 } 288 289 rule.smk_subject = smk_import(data, 0); 290 if (rule.smk_subject == NULL) 291 goto out; 292 293 rule.smk_object = smk_import(data + SMK_LABELLEN, 0); 294 if (rule.smk_object == NULL) 295 goto out; 296 297 rule.smk_access = 0; 298 299 switch (data[SMK_LABELLEN + SMK_LABELLEN]) { 300 case '-': 301 break; 302 case 'r': 303 case 'R': 304 rule.smk_access |= MAY_READ; 305 break; 306 default: 307 goto out; 308 } 309 310 switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) { 311 case '-': 312 break; 313 case 'w': 314 case 'W': 315 rule.smk_access |= MAY_WRITE; 316 break; 317 default: 318 goto out; 319 } 320 321 switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) { 322 case '-': 323 break; 324 case 'x': 325 case 'X': 326 rule.smk_access |= MAY_EXEC; 327 break; 328 default: 329 goto out; 330 } 331 332 switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) { 333 case '-': 334 break; 335 case 'a': 336 case 'A': 337 rule.smk_access |= MAY_APPEND; 338 break; 339 default: 340 goto out; 341 } 342 343 rc = smk_set_access(&rule); 344 345 if (!rc) 346 rc = count; 347 348 out: 349 kfree(data); 350 return rc; 351 } 352 353 static const struct file_operations smk_load_ops = { 354 .open = smk_open_load, 355 .read = seq_read, 356 .llseek = seq_lseek, 357 .write = smk_write_load, 358 .release = seq_release, 359 }; 360 361 /** 362 * smk_cipso_doi - initialize the CIPSO domain 363 */ 364 static void smk_cipso_doi(void) 365 { 366 int rc; 367 struct cipso_v4_doi *doip; 368 struct netlbl_audit nai; 369 370 smk_netlabel_audit_set(&nai); 371 372 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); 373 if (rc != 0) 374 printk(KERN_WARNING "%s:%d remove rc = %d\n", 375 __func__, __LINE__, rc); 376 377 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 378 if (doip == NULL) 379 panic("smack: Failed to initialize cipso DOI.\n"); 380 doip->map.std = NULL; 381 doip->doi = smk_cipso_doi_value; 382 doip->type = CIPSO_V4_MAP_PASS; 383 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 384 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 385 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 386 387 rc = netlbl_cfg_cipsov4_add(doip, &nai); 388 if (rc != 0) { 389 printk(KERN_WARNING "%s:%d cipso add rc = %d\n", 390 __func__, __LINE__, rc); 391 kfree(doip); 392 return; 393 } 394 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); 395 if (rc != 0) { 396 printk(KERN_WARNING "%s:%d map add rc = %d\n", 397 __func__, __LINE__, rc); 398 kfree(doip); 399 return; 400 } 401 } 402 403 /** 404 * smk_unlbl_ambient - initialize the unlabeled domain 405 */ 406 static void smk_unlbl_ambient(char *oldambient) 407 { 408 int rc; 409 struct netlbl_audit nai; 410 411 smk_netlabel_audit_set(&nai); 412 413 if (oldambient != NULL) { 414 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); 415 if (rc != 0) 416 printk(KERN_WARNING "%s:%d remove rc = %d\n", 417 __func__, __LINE__, rc); 418 } 419 420 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient, PF_INET, 421 NULL, NULL, &nai); 422 if (rc != 0) 423 printk(KERN_WARNING "%s:%d add rc = %d\n", 424 __func__, __LINE__, rc); 425 } 426 427 /* 428 * Seq_file read operations for /smack/cipso 429 */ 430 431 static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 432 { 433 if (*pos == SEQ_READ_FINISHED) 434 return NULL; 435 436 return smack_known; 437 } 438 439 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 440 { 441 struct smack_known *skp = ((struct smack_known *) v)->smk_next; 442 443 /* 444 * Omit labels with no associated cipso value 445 */ 446 while (skp != NULL && !skp->smk_cipso) 447 skp = skp->smk_next; 448 449 if (skp == NULL) 450 *pos = SEQ_READ_FINISHED; 451 452 return skp; 453 } 454 455 /* 456 * Print cipso labels in format: 457 * label level[/cat[,cat]] 458 */ 459 static int cipso_seq_show(struct seq_file *s, void *v) 460 { 461 struct smack_known *skp = (struct smack_known *) v; 462 struct smack_cipso *scp = skp->smk_cipso; 463 char *cbp; 464 char sep = '/'; 465 int cat = 1; 466 int i; 467 unsigned char m; 468 469 if (scp == NULL) 470 return 0; 471 472 seq_printf(s, "%s %3d", (char *)&skp->smk_known, scp->smk_level); 473 474 cbp = scp->smk_catset; 475 for (i = 0; i < SMK_LABELLEN; i++) 476 for (m = 0x80; m != 0; m >>= 1) { 477 if (m & cbp[i]) { 478 seq_printf(s, "%c%d", sep, cat); 479 sep = ','; 480 } 481 cat++; 482 } 483 484 seq_putc(s, '\n'); 485 486 return 0; 487 } 488 489 static void cipso_seq_stop(struct seq_file *s, void *v) 490 { 491 /* No-op */ 492 } 493 494 static struct seq_operations cipso_seq_ops = { 495 .start = cipso_seq_start, 496 .stop = cipso_seq_stop, 497 .next = cipso_seq_next, 498 .show = cipso_seq_show, 499 }; 500 501 /** 502 * smk_open_cipso - open() for /smack/cipso 503 * @inode: inode structure representing file 504 * @file: "cipso" file pointer 505 * 506 * Connect our cipso_seq_* operations with /smack/cipso 507 * file_operations 508 */ 509 static int smk_open_cipso(struct inode *inode, struct file *file) 510 { 511 return seq_open(file, &cipso_seq_ops); 512 } 513 514 /** 515 * smk_write_cipso - write() for /smack/cipso 516 * @filp: file pointer, not actually used 517 * @buf: where to get the data from 518 * @count: bytes sent 519 * @ppos: where to start 520 * 521 * Accepts only one cipso rule per write call. 522 * Returns number of bytes written or error code, as appropriate 523 */ 524 static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 525 size_t count, loff_t *ppos) 526 { 527 struct smack_known *skp; 528 struct smack_cipso *scp = NULL; 529 char mapcatset[SMK_LABELLEN]; 530 int maplevel; 531 int cat; 532 int catlen; 533 ssize_t rc = -EINVAL; 534 char *data = NULL; 535 char *rule; 536 int ret; 537 int i; 538 539 /* 540 * Must have privilege. 541 * No partial writes. 542 * Enough data must be present. 543 */ 544 if (!capable(CAP_MAC_ADMIN)) 545 return -EPERM; 546 if (*ppos != 0) 547 return -EINVAL; 548 if (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX) 549 return -EINVAL; 550 551 data = kzalloc(count + 1, GFP_KERNEL); 552 if (data == NULL) 553 return -ENOMEM; 554 555 if (copy_from_user(data, buf, count) != 0) { 556 rc = -EFAULT; 557 goto unlockedout; 558 } 559 560 data[count] = '\0'; 561 rule = data; 562 /* 563 * Only allow one writer at a time. Writes should be 564 * quite rare and small in any case. 565 */ 566 mutex_lock(&smack_cipso_lock); 567 568 skp = smk_import_entry(rule, 0); 569 if (skp == NULL) 570 goto out; 571 572 rule += SMK_LABELLEN; 573 ret = sscanf(rule, "%d", &maplevel); 574 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 575 goto out; 576 577 rule += SMK_DIGITLEN; 578 ret = sscanf(rule, "%d", &catlen); 579 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 580 goto out; 581 582 if (count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 583 goto out; 584 585 memset(mapcatset, 0, sizeof(mapcatset)); 586 587 for (i = 0; i < catlen; i++) { 588 rule += SMK_DIGITLEN; 589 ret = sscanf(rule, "%d", &cat); 590 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL) 591 goto out; 592 593 smack_catset_bit(cat, mapcatset); 594 } 595 596 if (skp->smk_cipso == NULL) { 597 scp = kzalloc(sizeof(struct smack_cipso), GFP_KERNEL); 598 if (scp == NULL) { 599 rc = -ENOMEM; 600 goto out; 601 } 602 } 603 604 spin_lock_bh(&skp->smk_cipsolock); 605 606 if (scp == NULL) 607 scp = skp->smk_cipso; 608 else 609 skp->smk_cipso = scp; 610 611 scp->smk_level = maplevel; 612 memcpy(scp->smk_catset, mapcatset, sizeof(mapcatset)); 613 614 spin_unlock_bh(&skp->smk_cipsolock); 615 616 rc = count; 617 out: 618 mutex_unlock(&smack_cipso_lock); 619 unlockedout: 620 kfree(data); 621 return rc; 622 } 623 624 static const struct file_operations smk_cipso_ops = { 625 .open = smk_open_cipso, 626 .read = seq_read, 627 .llseek = seq_lseek, 628 .write = smk_write_cipso, 629 .release = seq_release, 630 }; 631 632 /* 633 * Seq_file read operations for /smack/netlabel 634 */ 635 636 static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos) 637 { 638 if (*pos == SEQ_READ_FINISHED) 639 return NULL; 640 641 return smack_netlbladdrs; 642 } 643 644 static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos) 645 { 646 struct smk_netlbladdr *skp = ((struct smk_netlbladdr *) v)->smk_next; 647 648 if (skp == NULL) 649 *pos = SEQ_READ_FINISHED; 650 651 return skp; 652 } 653 /* 654 #define BEMASK 0x80000000 655 */ 656 #define BEMASK 0x00000001 657 #define BEBITS (sizeof(__be32) * 8) 658 659 /* 660 * Print host/label pairs 661 */ 662 static int netlbladdr_seq_show(struct seq_file *s, void *v) 663 { 664 struct smk_netlbladdr *skp = (struct smk_netlbladdr *) v; 665 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr; 666 __be32 bebits; 667 int maskn = 0; 668 669 for (bebits = BEMASK; bebits != 0; maskn++, bebits <<= 1) 670 if ((skp->smk_mask.s_addr & bebits) == 0) 671 break; 672 673 seq_printf(s, "%u.%u.%u.%u/%d %s\n", 674 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label); 675 676 return 0; 677 } 678 679 static void netlbladdr_seq_stop(struct seq_file *s, void *v) 680 { 681 /* No-op */ 682 } 683 684 static struct seq_operations netlbladdr_seq_ops = { 685 .start = netlbladdr_seq_start, 686 .stop = netlbladdr_seq_stop, 687 .next = netlbladdr_seq_next, 688 .show = netlbladdr_seq_show, 689 }; 690 691 /** 692 * smk_open_netlbladdr - open() for /smack/netlabel 693 * @inode: inode structure representing file 694 * @file: "netlabel" file pointer 695 * 696 * Connect our netlbladdr_seq_* operations with /smack/netlabel 697 * file_operations 698 */ 699 static int smk_open_netlbladdr(struct inode *inode, struct file *file) 700 { 701 return seq_open(file, &netlbladdr_seq_ops); 702 } 703 704 /** 705 * smk_write_netlbladdr - write() for /smack/netlabel 706 * @filp: file pointer, not actually used 707 * @buf: where to get the data from 708 * @count: bytes sent 709 * @ppos: where to start 710 * 711 * Accepts only one netlbladdr per write call. 712 * Returns number of bytes written or error code, as appropriate 713 */ 714 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf, 715 size_t count, loff_t *ppos) 716 { 717 struct smk_netlbladdr *skp; 718 struct sockaddr_in newname; 719 char smack[SMK_LABELLEN]; 720 char *sp; 721 char data[SMK_NETLBLADDRMAX]; 722 char *host = (char *)&newname.sin_addr.s_addr; 723 int rc; 724 struct netlbl_audit audit_info; 725 struct in_addr mask; 726 unsigned int m; 727 __be32 bebits = BEMASK; 728 __be32 nsa; 729 730 /* 731 * Must have privilege. 732 * No partial writes. 733 * Enough data must be present. 734 * "<addr/mask, as a.b.c.d/e><space><label>" 735 * "<addr, as a.b.c.d><space><label>" 736 */ 737 if (!capable(CAP_MAC_ADMIN)) 738 return -EPERM; 739 if (*ppos != 0) 740 return -EINVAL; 741 if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX) 742 return -EINVAL; 743 if (copy_from_user(data, buf, count) != 0) 744 return -EFAULT; 745 746 data[count] = '\0'; 747 748 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%d %s", 749 &host[0], &host[1], &host[2], &host[3], &m, smack); 750 if (rc != 6) { 751 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s", 752 &host[0], &host[1], &host[2], &host[3], smack); 753 if (rc != 5) 754 return -EINVAL; 755 m = BEBITS; 756 } 757 if (m > BEBITS) 758 return -EINVAL; 759 760 sp = smk_import(smack, 0); 761 if (sp == NULL) 762 return -EINVAL; 763 764 for (mask.s_addr = 0; m > 0; m--) { 765 mask.s_addr |= bebits; 766 bebits <<= 1; 767 } 768 /* 769 * Only allow one writer at a time. Writes should be 770 * quite rare and small in any case. 771 */ 772 mutex_lock(&smk_netlbladdr_lock); 773 774 nsa = newname.sin_addr.s_addr; 775 for (skp = smack_netlbladdrs; skp != NULL; skp = skp->smk_next) 776 if (skp->smk_host.sin_addr.s_addr == nsa && 777 skp->smk_mask.s_addr == mask.s_addr) 778 break; 779 780 smk_netlabel_audit_set(&audit_info); 781 782 if (skp == NULL) { 783 skp = kzalloc(sizeof(*skp), GFP_KERNEL); 784 if (skp == NULL) 785 rc = -ENOMEM; 786 else { 787 rc = 0; 788 skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr; 789 skp->smk_mask.s_addr = mask.s_addr; 790 skp->smk_next = smack_netlbladdrs; 791 skp->smk_label = sp; 792 smack_netlbladdrs = skp; 793 } 794 } else { 795 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL, 796 &skp->smk_host.sin_addr, &skp->smk_mask, 797 PF_INET, &audit_info); 798 skp->smk_label = sp; 799 } 800 801 /* 802 * Now tell netlabel about the single label nature of 803 * this host so that incoming packets get labeled. 804 */ 805 806 if (rc == 0) 807 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, 808 &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET, 809 smack_to_secid(skp->smk_label), &audit_info); 810 811 if (rc == 0) 812 rc = count; 813 814 mutex_unlock(&smk_netlbladdr_lock); 815 816 return rc; 817 } 818 819 static const struct file_operations smk_netlbladdr_ops = { 820 .open = smk_open_netlbladdr, 821 .read = seq_read, 822 .llseek = seq_lseek, 823 .write = smk_write_netlbladdr, 824 .release = seq_release, 825 }; 826 827 /** 828 * smk_read_doi - read() for /smack/doi 829 * @filp: file pointer, not actually used 830 * @buf: where to put the result 831 * @count: maximum to send along 832 * @ppos: where to start 833 * 834 * Returns number of bytes read or error code, as appropriate 835 */ 836 static ssize_t smk_read_doi(struct file *filp, char __user *buf, 837 size_t count, loff_t *ppos) 838 { 839 char temp[80]; 840 ssize_t rc; 841 842 if (*ppos != 0) 843 return 0; 844 845 sprintf(temp, "%d", smk_cipso_doi_value); 846 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 847 848 return rc; 849 } 850 851 /** 852 * smk_write_doi - write() for /smack/doi 853 * @filp: file pointer, not actually used 854 * @buf: where to get the data from 855 * @count: bytes sent 856 * @ppos: where to start 857 * 858 * Returns number of bytes written or error code, as appropriate 859 */ 860 static ssize_t smk_write_doi(struct file *file, const char __user *buf, 861 size_t count, loff_t *ppos) 862 { 863 char temp[80]; 864 int i; 865 866 if (!capable(CAP_MAC_ADMIN)) 867 return -EPERM; 868 869 if (count >= sizeof(temp) || count == 0) 870 return -EINVAL; 871 872 if (copy_from_user(temp, buf, count) != 0) 873 return -EFAULT; 874 875 temp[count] = '\0'; 876 877 if (sscanf(temp, "%d", &i) != 1) 878 return -EINVAL; 879 880 smk_cipso_doi_value = i; 881 882 smk_cipso_doi(); 883 884 return count; 885 } 886 887 static const struct file_operations smk_doi_ops = { 888 .read = smk_read_doi, 889 .write = smk_write_doi, 890 }; 891 892 /** 893 * smk_read_direct - read() for /smack/direct 894 * @filp: file pointer, not actually used 895 * @buf: where to put the result 896 * @count: maximum to send along 897 * @ppos: where to start 898 * 899 * Returns number of bytes read or error code, as appropriate 900 */ 901 static ssize_t smk_read_direct(struct file *filp, char __user *buf, 902 size_t count, loff_t *ppos) 903 { 904 char temp[80]; 905 ssize_t rc; 906 907 if (*ppos != 0) 908 return 0; 909 910 sprintf(temp, "%d", smack_cipso_direct); 911 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 912 913 return rc; 914 } 915 916 /** 917 * smk_write_direct - write() for /smack/direct 918 * @filp: file pointer, not actually used 919 * @buf: where to get the data from 920 * @count: bytes sent 921 * @ppos: where to start 922 * 923 * Returns number of bytes written or error code, as appropriate 924 */ 925 static ssize_t smk_write_direct(struct file *file, const char __user *buf, 926 size_t count, loff_t *ppos) 927 { 928 char temp[80]; 929 int i; 930 931 if (!capable(CAP_MAC_ADMIN)) 932 return -EPERM; 933 934 if (count >= sizeof(temp) || count == 0) 935 return -EINVAL; 936 937 if (copy_from_user(temp, buf, count) != 0) 938 return -EFAULT; 939 940 temp[count] = '\0'; 941 942 if (sscanf(temp, "%d", &i) != 1) 943 return -EINVAL; 944 945 smack_cipso_direct = i; 946 947 return count; 948 } 949 950 static const struct file_operations smk_direct_ops = { 951 .read = smk_read_direct, 952 .write = smk_write_direct, 953 }; 954 955 /** 956 * smk_read_ambient - read() for /smack/ambient 957 * @filp: file pointer, not actually used 958 * @buf: where to put the result 959 * @cn: maximum to send along 960 * @ppos: where to start 961 * 962 * Returns number of bytes read or error code, as appropriate 963 */ 964 static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 965 size_t cn, loff_t *ppos) 966 { 967 ssize_t rc; 968 int asize; 969 970 if (*ppos != 0) 971 return 0; 972 /* 973 * Being careful to avoid a problem in the case where 974 * smack_net_ambient gets changed in midstream. 975 */ 976 mutex_lock(&smack_ambient_lock); 977 978 asize = strlen(smack_net_ambient) + 1; 979 980 if (cn >= asize) 981 rc = simple_read_from_buffer(buf, cn, ppos, 982 smack_net_ambient, asize); 983 else 984 rc = -EINVAL; 985 986 mutex_unlock(&smack_ambient_lock); 987 988 return rc; 989 } 990 991 /** 992 * smk_write_ambient - write() for /smack/ambient 993 * @filp: file pointer, not actually used 994 * @buf: where to get the data from 995 * @count: bytes sent 996 * @ppos: where to start 997 * 998 * Returns number of bytes written or error code, as appropriate 999 */ 1000 static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 1001 size_t count, loff_t *ppos) 1002 { 1003 char in[SMK_LABELLEN]; 1004 char *oldambient; 1005 char *smack; 1006 1007 if (!capable(CAP_MAC_ADMIN)) 1008 return -EPERM; 1009 1010 if (count >= SMK_LABELLEN) 1011 return -EINVAL; 1012 1013 if (copy_from_user(in, buf, count) != 0) 1014 return -EFAULT; 1015 1016 smack = smk_import(in, count); 1017 if (smack == NULL) 1018 return -EINVAL; 1019 1020 mutex_lock(&smack_ambient_lock); 1021 1022 oldambient = smack_net_ambient; 1023 smack_net_ambient = smack; 1024 smk_unlbl_ambient(oldambient); 1025 1026 mutex_unlock(&smack_ambient_lock); 1027 1028 return count; 1029 } 1030 1031 static const struct file_operations smk_ambient_ops = { 1032 .read = smk_read_ambient, 1033 .write = smk_write_ambient, 1034 }; 1035 1036 /** 1037 * smk_read_onlycap - read() for /smack/onlycap 1038 * @filp: file pointer, not actually used 1039 * @buf: where to put the result 1040 * @cn: maximum to send along 1041 * @ppos: where to start 1042 * 1043 * Returns number of bytes read or error code, as appropriate 1044 */ 1045 static ssize_t smk_read_onlycap(struct file *filp, char __user *buf, 1046 size_t cn, loff_t *ppos) 1047 { 1048 char *smack = ""; 1049 ssize_t rc = -EINVAL; 1050 int asize; 1051 1052 if (*ppos != 0) 1053 return 0; 1054 1055 if (smack_onlycap != NULL) 1056 smack = smack_onlycap; 1057 1058 asize = strlen(smack) + 1; 1059 1060 if (cn >= asize) 1061 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 1062 1063 return rc; 1064 } 1065 1066 /** 1067 * smk_write_onlycap - write() for /smack/onlycap 1068 * @filp: file pointer, not actually used 1069 * @buf: where to get the data from 1070 * @count: bytes sent 1071 * @ppos: where to start 1072 * 1073 * Returns number of bytes written or error code, as appropriate 1074 */ 1075 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 1076 size_t count, loff_t *ppos) 1077 { 1078 char in[SMK_LABELLEN]; 1079 char *sp = current->cred->security; 1080 1081 if (!capable(CAP_MAC_ADMIN)) 1082 return -EPERM; 1083 1084 /* 1085 * This can be done using smk_access() but is done 1086 * explicitly for clarity. The smk_access() implementation 1087 * would use smk_access(smack_onlycap, MAY_WRITE) 1088 */ 1089 if (smack_onlycap != NULL && smack_onlycap != sp) 1090 return -EPERM; 1091 1092 if (count >= SMK_LABELLEN) 1093 return -EINVAL; 1094 1095 if (copy_from_user(in, buf, count) != 0) 1096 return -EFAULT; 1097 1098 /* 1099 * Should the null string be passed in unset the onlycap value. 1100 * This seems like something to be careful with as usually 1101 * smk_import only expects to return NULL for errors. It 1102 * is usually the case that a nullstring or "\n" would be 1103 * bad to pass to smk_import but in fact this is useful here. 1104 */ 1105 smack_onlycap = smk_import(in, count); 1106 1107 return count; 1108 } 1109 1110 static const struct file_operations smk_onlycap_ops = { 1111 .read = smk_read_onlycap, 1112 .write = smk_write_onlycap, 1113 }; 1114 1115 /** 1116 * smk_fill_super - fill the /smackfs superblock 1117 * @sb: the empty superblock 1118 * @data: unused 1119 * @silent: unused 1120 * 1121 * Fill in the well known entries for /smack 1122 * 1123 * Returns 0 on success, an error code on failure 1124 */ 1125 static int smk_fill_super(struct super_block *sb, void *data, int silent) 1126 { 1127 int rc; 1128 struct inode *root_inode; 1129 1130 static struct tree_descr smack_files[] = { 1131 [SMK_LOAD] = 1132 {"load", &smk_load_ops, S_IRUGO|S_IWUSR}, 1133 [SMK_CIPSO] = 1134 {"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 1135 [SMK_DOI] = 1136 {"doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 1137 [SMK_DIRECT] = 1138 {"direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 1139 [SMK_AMBIENT] = 1140 {"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 1141 [SMK_NETLBLADDR] = 1142 {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, 1143 [SMK_ONLYCAP] = 1144 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 1145 /* last one */ {""} 1146 }; 1147 1148 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 1149 if (rc != 0) { 1150 printk(KERN_ERR "%s failed %d while creating inodes\n", 1151 __func__, rc); 1152 return rc; 1153 } 1154 1155 root_inode = sb->s_root->d_inode; 1156 root_inode->i_security = new_inode_smack(smack_known_floor.smk_known); 1157 1158 return 0; 1159 } 1160 1161 /** 1162 * smk_get_sb - get the smackfs superblock 1163 * @fs_type: passed along without comment 1164 * @flags: passed along without comment 1165 * @dev_name: passed along without comment 1166 * @data: passed along without comment 1167 * @mnt: passed along without comment 1168 * 1169 * Just passes everything along. 1170 * 1171 * Returns what the lower level code does. 1172 */ 1173 static int smk_get_sb(struct file_system_type *fs_type, 1174 int flags, const char *dev_name, void *data, 1175 struct vfsmount *mnt) 1176 { 1177 return get_sb_single(fs_type, flags, data, smk_fill_super, mnt); 1178 } 1179 1180 static struct file_system_type smk_fs_type = { 1181 .name = "smackfs", 1182 .get_sb = smk_get_sb, 1183 .kill_sb = kill_litter_super, 1184 }; 1185 1186 static struct vfsmount *smackfs_mount; 1187 1188 /** 1189 * init_smk_fs - get the smackfs superblock 1190 * 1191 * register the smackfs 1192 * 1193 * Do not register smackfs if Smack wasn't enabled 1194 * on boot. We can not put this method normally under the 1195 * smack_init() code path since the security subsystem get 1196 * initialized before the vfs caches. 1197 * 1198 * Returns true if we were not chosen on boot or if 1199 * we were chosen and filesystem registration succeeded. 1200 */ 1201 static int __init init_smk_fs(void) 1202 { 1203 int err; 1204 1205 if (!security_module_enable(&smack_ops)) 1206 return 0; 1207 1208 err = register_filesystem(&smk_fs_type); 1209 if (!err) { 1210 smackfs_mount = kern_mount(&smk_fs_type); 1211 if (IS_ERR(smackfs_mount)) { 1212 printk(KERN_ERR "smackfs: could not mount!\n"); 1213 err = PTR_ERR(smackfs_mount); 1214 smackfs_mount = NULL; 1215 } 1216 } 1217 1218 smk_cipso_doi(); 1219 smk_unlbl_ambient(NULL); 1220 1221 return err; 1222 } 1223 1224 __initcall(init_smk_fs); 1225