1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
4 *
5 * Authors:
6 * Casey Schaufler <casey@schaufler-ca.com>
7 * Ahmed S. Darwish <darwish.07@gmail.com>
8 *
9 * Special thanks to the authors of selinuxfs.
10 *
11 * Karl MacMillan <kmacmillan@tresys.com>
12 * James Morris <jmorris@redhat.com>
13 */
14
15 #include <linux/kernel.h>
16 #include <linux/vmalloc.h>
17 #include <linux/security.h>
18 #include <linux/mutex.h>
19 #include <linux/slab.h>
20 #include <net/net_namespace.h>
21 #include <net/cipso_ipv4.h>
22 #include <linux/seq_file.h>
23 #include <linux/ctype.h>
24 #include <linux/audit.h>
25 #include <linux/magic.h>
26 #include <linux/mount.h>
27 #include <linux/fs_context.h>
28 #include "smack.h"
29
30 #define BEBITS (sizeof(__be32) * 8)
31 /*
32 * smackfs pseudo filesystem.
33 */
34
35 enum smk_inos {
36 SMK_ROOT_INO = 2,
37 SMK_LOAD = 3, /* load policy */
38 SMK_CIPSO = 4, /* load label -> CIPSO mapping */
39 SMK_DOI = 5, /* CIPSO DOI */
40 SMK_DIRECT = 6, /* CIPSO level indicating direct label */
41 SMK_AMBIENT = 7, /* internet ambient label */
42 SMK_NET4ADDR = 8, /* single label hosts */
43 SMK_ONLYCAP = 9, /* the only "capable" label */
44 #ifdef CONFIG_AUDIT
45 SMK_LOGGING = 10, /* logging */
46 #endif /* CONFIG_AUDIT */
47 SMK_LOAD_SELF = 11, /* task specific rules */
48 SMK_ACCESSES = 12, /* access policy */
49 SMK_MAPPED = 13, /* CIPSO level indicating mapped label */
50 SMK_LOAD2 = 14, /* load policy with long labels */
51 SMK_LOAD_SELF2 = 15, /* load task specific rules with long labels */
52 SMK_ACCESS2 = 16, /* make an access check with long labels */
53 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */
54 SMK_REVOKE_SUBJ = 18, /* set rules with subject label to '-' */
55 SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */
56 SMK_SYSLOG = 20, /* change syslog label) */
57 SMK_PTRACE = 21, /* set ptrace rule */
58 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
59 SMK_UNCONFINED = 22, /* define an unconfined label */
60 #endif
61 #if IS_ENABLED(CONFIG_IPV6)
62 SMK_NET6ADDR = 23, /* single label IPv6 hosts */
63 #endif /* CONFIG_IPV6 */
64 SMK_RELABEL_SELF = 24, /* relabel possible without CAP_MAC_ADMIN */
65 };
66
67 /*
68 * List locks
69 */
70 static DEFINE_MUTEX(smack_cipso_lock);
71 static DEFINE_MUTEX(smack_ambient_lock);
72 static DEFINE_MUTEX(smk_net4addr_lock);
73 static DEFINE_MUTEX(smk_cipso_doi_lock);
74 #if IS_ENABLED(CONFIG_IPV6)
75 static DEFINE_MUTEX(smk_net6addr_lock);
76 #endif /* CONFIG_IPV6 */
77
78 /*
79 * This is the "ambient" label for network traffic.
80 * If it isn't somehow marked, use this.
81 * It can be reset via smackfs/ambient
82 */
83 struct smack_known *smack_net_ambient;
84
85 /*
86 * This is the level in a CIPSO header that indicates a
87 * smack label is contained directly in the category set.
88 * It can be reset via smackfs/direct
89 */
90 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
91
92 /*
93 * This is the level in a CIPSO header that indicates a
94 * secid is contained directly in the category set.
95 * It can be reset via smackfs/mapped
96 */
97 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
98
99 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
100 /*
101 * Allow one label to be unconfined. This is for
102 * debugging and application bring-up purposes only.
103 * It is bad and wrong, but everyone seems to expect
104 * to have it.
105 */
106 struct smack_known *smack_unconfined;
107 #endif
108
109 /*
110 * If this value is set restrict syslog use to the label specified.
111 * It can be reset via smackfs/syslog
112 */
113 struct smack_known *smack_syslog_label;
114
115 /*
116 * Ptrace current rule
117 * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based)
118 * SMACK_PTRACE_EXACT labels must match, but can be overriden with
119 * CAP_SYS_PTRACE
120 * SMACK_PTRACE_DRACONIAN labels must match, CAP_SYS_PTRACE has no effect
121 */
122 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
123
124 /*
125 * Certain IP addresses may be designated as single label hosts.
126 * Packets are sent there unlabeled, but only from tasks that
127 * can write to the specified label.
128 */
129
130 LIST_HEAD(smk_net4addr_list);
131 #if IS_ENABLED(CONFIG_IPV6)
132 LIST_HEAD(smk_net6addr_list);
133 #endif /* CONFIG_IPV6 */
134
135 /*
136 * Rule lists are maintained for each label.
137 */
138 struct smack_parsed_rule {
139 struct smack_known *smk_subject;
140 struct smack_known *smk_object;
141 int smk_access1;
142 int smk_access2;
143 };
144
145 static u32 smk_cipso_doi_value = CIPSO_V4_DOI_UNKNOWN;
146
147 /*
148 * Values for parsing cipso rules
149 * SMK_DIGITLEN: Length of a digit field in a rule.
150 * SMK_CIPSOMIN: Minimum possible cipso rule length.
151 * SMK_CIPSOMAX: Maximum possible cipso rule length.
152 */
153 #define SMK_DIGITLEN 4
154 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
155 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
156
157 /*
158 * Values for parsing MAC rules
159 * SMK_ACCESS: Maximum possible combination of access permissions
160 * SMK_ACCESSLEN: Maximum length for a rule access field
161 * SMK_LOADLEN: Smack rule length
162 */
163 #define SMK_OACCESS "rwxa"
164 #define SMK_ACCESS "rwxatl"
165 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1)
166 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
167 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
168 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
169
170 /*
171 * Strictly for CIPSO level manipulation.
172 * Set the category bit number in a smack label sized buffer.
173 */
smack_catset_bit(unsigned int cat,char * catsetp)174 static inline void smack_catset_bit(unsigned int cat, char *catsetp)
175 {
176 if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
177 return;
178
179 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
180 }
181
182 /**
183 * smk_netlabel_audit_set - fill a netlbl_audit struct
184 * @nap: structure to fill
185 */
smk_netlabel_audit_set(struct netlbl_audit * nap)186 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
187 {
188 nap->loginuid = audit_get_loginuid(current);
189 nap->sessionid = audit_get_sessionid(current);
190 nap->prop.smack.skp = smk_of_current();
191 }
192
193 /*
194 * Value for parsing single label host rules
195 * "1.2.3.4 X"
196 */
197 #define SMK_NETLBLADDRMIN 9
198
199 /**
200 * smk_set_access - add a rule to the rule list or replace an old rule
201 * @srp: the rule to add or replace
202 * @rule_list: the list of rules
203 * @rule_lock: the rule list lock
204 *
205 * Looks through the current subject/object/access list for
206 * the subject/object pair and replaces the access that was
207 * there. If the pair isn't found add it with the specified
208 * access.
209 *
210 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
211 * during the allocation of the new pair to add.
212 */
smk_set_access(struct smack_parsed_rule * srp,struct list_head * rule_list,struct mutex * rule_lock)213 static int smk_set_access(struct smack_parsed_rule *srp,
214 struct list_head *rule_list,
215 struct mutex *rule_lock)
216 {
217 struct smack_rule *sp;
218 int found = 0;
219 int rc = 0;
220
221 mutex_lock(rule_lock);
222
223 /*
224 * Because the object label is less likely to match
225 * than the subject label check it first
226 */
227 list_for_each_entry_rcu(sp, rule_list, list) {
228 if (sp->smk_object == srp->smk_object &&
229 sp->smk_subject == srp->smk_subject) {
230 found = 1;
231 sp->smk_access |= srp->smk_access1;
232 sp->smk_access &= ~srp->smk_access2;
233 break;
234 }
235 }
236
237 if (found == 0) {
238 sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
239 if (sp == NULL) {
240 rc = -ENOMEM;
241 goto out;
242 }
243
244 sp->smk_subject = srp->smk_subject;
245 sp->smk_object = srp->smk_object;
246 sp->smk_access = srp->smk_access1 & ~srp->smk_access2;
247
248 list_add_rcu(&sp->list, rule_list);
249 }
250
251 out:
252 mutex_unlock(rule_lock);
253 return rc;
254 }
255
256 /**
257 * smk_perm_from_str - parse smack accesses from a text string
258 * @string: a text string that contains a Smack accesses code
259 *
260 * Returns an integer with respective bits set for specified accesses.
261 */
smk_perm_from_str(const char * string)262 static int smk_perm_from_str(const char *string)
263 {
264 int perm = 0;
265 const char *cp;
266
267 for (cp = string; ; cp++)
268 switch (*cp) {
269 case '-':
270 break;
271 case 'r':
272 case 'R':
273 perm |= MAY_READ;
274 break;
275 case 'w':
276 case 'W':
277 perm |= MAY_WRITE;
278 break;
279 case 'x':
280 case 'X':
281 perm |= MAY_EXEC;
282 break;
283 case 'a':
284 case 'A':
285 perm |= MAY_APPEND;
286 break;
287 case 't':
288 case 'T':
289 perm |= MAY_TRANSMUTE;
290 break;
291 case 'l':
292 case 'L':
293 perm |= MAY_LOCK;
294 break;
295 case 'b':
296 case 'B':
297 perm |= MAY_BRINGUP;
298 break;
299 default:
300 return perm;
301 }
302 }
303
304 /**
305 * smk_fill_rule - Fill Smack rule from strings
306 * @subject: subject label string
307 * @object: object label string
308 * @access1: access string
309 * @access2: string with permissions to be removed
310 * @rule: Smack rule
311 * @import: if non-zero, import labels
312 * @len: label length limit
313 *
314 * Returns 0 on success, appropriate error code on failure.
315 */
smk_fill_rule(const char * subject,const char * object,const char * access1,const char * access2,struct smack_parsed_rule * rule,int import,int len)316 static int smk_fill_rule(const char *subject, const char *object,
317 const char *access1, const char *access2,
318 struct smack_parsed_rule *rule, int import,
319 int len)
320 {
321 const char *cp;
322 struct smack_known *skp;
323
324 if (import) {
325 rule->smk_subject = smk_import_entry(subject, len);
326 if (IS_ERR(rule->smk_subject))
327 return PTR_ERR(rule->smk_subject);
328
329 rule->smk_object = smk_import_entry(object, len);
330 if (IS_ERR(rule->smk_object))
331 return PTR_ERR(rule->smk_object);
332 } else {
333 cp = smk_parse_smack(subject, len);
334 if (IS_ERR(cp))
335 return PTR_ERR(cp);
336 skp = smk_find_entry(cp);
337 kfree(cp);
338 if (skp == NULL)
339 return -ENOENT;
340 rule->smk_subject = skp;
341
342 cp = smk_parse_smack(object, len);
343 if (IS_ERR(cp))
344 return PTR_ERR(cp);
345 skp = smk_find_entry(cp);
346 kfree(cp);
347 if (skp == NULL)
348 return -ENOENT;
349 rule->smk_object = skp;
350 }
351
352 rule->smk_access1 = smk_perm_from_str(access1);
353 if (access2)
354 rule->smk_access2 = smk_perm_from_str(access2);
355 else
356 rule->smk_access2 = ~rule->smk_access1;
357
358 return 0;
359 }
360
361 /**
362 * smk_parse_rule - parse Smack rule from load string
363 * @data: string to be parsed whose size is SMK_LOADLEN
364 * @rule: Smack rule
365 * @import: if non-zero, import labels
366 *
367 * Returns 0 on success, -1 on errors.
368 */
smk_parse_rule(const char * data,struct smack_parsed_rule * rule,int import)369 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
370 int import)
371 {
372 int rc;
373
374 rc = smk_fill_rule(data, data + SMK_LABELLEN,
375 data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule,
376 import, SMK_LABELLEN);
377 return rc;
378 }
379
380 /**
381 * smk_parse_long_rule - parse Smack rule from rule string
382 * @data: string to be parsed, null terminated
383 * @rule: Will be filled with Smack parsed rule
384 * @import: if non-zero, import labels
385 * @tokens: number of substrings expected in data
386 *
387 * Returns number of processed bytes on success, -ERRNO on failure.
388 */
smk_parse_long_rule(char * data,struct smack_parsed_rule * rule,int import,int tokens)389 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
390 int import, int tokens)
391 {
392 ssize_t cnt = 0;
393 char *tok[4];
394 int rc;
395 int i;
396
397 /*
398 * Parsing the rule in-place, filling all white-spaces with '\0'
399 */
400 for (i = 0; i < tokens; ++i) {
401 while (isspace(data[cnt]))
402 data[cnt++] = '\0';
403
404 if (data[cnt] == '\0')
405 /* Unexpected end of data */
406 return -EINVAL;
407
408 tok[i] = data + cnt;
409
410 while (data[cnt] && !isspace(data[cnt]))
411 ++cnt;
412 }
413 while (isspace(data[cnt]))
414 data[cnt++] = '\0';
415
416 while (i < 4)
417 tok[i++] = NULL;
418
419 rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
420 return rc == 0 ? cnt : rc;
421 }
422
423 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */
424 #define SMK_LONG_FMT 1 /* Variable long label format */
425 #define SMK_CHANGE_FMT 2 /* Rule modification format */
426 /**
427 * smk_write_rules_list - write() for any /smack rule file
428 * @file: file pointer, not actually used
429 * @buf: where to get the data from
430 * @count: bytes sent
431 * @ppos: where to start - must be 0
432 * @rule_list: the list of rules to write to
433 * @rule_lock: lock for the rule list
434 * @format: /smack/load or /smack/load2 or /smack/change-rule format.
435 *
436 * Get one smack access rule from above.
437 * The format for SMK_LONG_FMT is:
438 * "subject<whitespace>object<whitespace>access[<whitespace>...]"
439 * The format for SMK_FIXED24_FMT is exactly:
440 * "subject object rwxat"
441 * The format for SMK_CHANGE_FMT is:
442 * "subject<whitespace>object<whitespace>
443 * acc_enable<whitespace>acc_disable[<whitespace>...]"
444 */
smk_write_rules_list(struct file * file,const char __user * buf,size_t count,loff_t * ppos,struct list_head * rule_list,struct mutex * rule_lock,int format)445 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
446 size_t count, loff_t *ppos,
447 struct list_head *rule_list,
448 struct mutex *rule_lock, int format)
449 {
450 struct smack_parsed_rule rule;
451 char *data;
452 int rc;
453 int trunc = 0;
454 int tokens;
455 ssize_t cnt = 0;
456
457 /*
458 * No partial writes.
459 * Enough data must be present.
460 */
461 if (*ppos != 0)
462 return -EINVAL;
463
464 if (format == SMK_FIXED24_FMT) {
465 /*
466 * Minor hack for backward compatibility
467 */
468 if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
469 return -EINVAL;
470 } else {
471 if (count >= PAGE_SIZE) {
472 count = PAGE_SIZE - 1;
473 trunc = 1;
474 }
475 }
476
477 data = memdup_user_nul(buf, count);
478 if (IS_ERR(data))
479 return PTR_ERR(data);
480
481 /*
482 * In case of parsing only part of user buf,
483 * avoid having partial rule at the data buffer
484 */
485 if (trunc) {
486 while (count > 0 && (data[count - 1] != '\n'))
487 --count;
488 if (count == 0) {
489 rc = -EINVAL;
490 goto out;
491 }
492 }
493
494 data[count] = '\0';
495 tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
496 while (cnt < count) {
497 if (format == SMK_FIXED24_FMT) {
498 rc = smk_parse_rule(data, &rule, 1);
499 if (rc < 0)
500 goto out;
501 cnt = count;
502 } else {
503 rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
504 if (rc < 0)
505 goto out;
506 if (rc == 0) {
507 rc = -EINVAL;
508 goto out;
509 }
510 cnt += rc;
511 }
512
513 if (rule_list == NULL)
514 rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
515 &rule.smk_subject->smk_rules_lock);
516 else
517 rc = smk_set_access(&rule, rule_list, rule_lock);
518
519 if (rc)
520 goto out;
521 }
522
523 rc = cnt;
524 out:
525 kfree(data);
526 return rc;
527 }
528
529 /*
530 * Core logic for smackfs seq list operations.
531 */
532
smk_seq_start(struct seq_file * s,loff_t * pos,struct list_head * head)533 static void *smk_seq_start(struct seq_file *s, loff_t *pos,
534 struct list_head *head)
535 {
536 struct list_head *list;
537 int i = *pos;
538
539 rcu_read_lock();
540 for (list = rcu_dereference(list_next_rcu(head));
541 list != head;
542 list = rcu_dereference(list_next_rcu(list))) {
543 if (i-- == 0)
544 return list;
545 }
546
547 return NULL;
548 }
549
smk_seq_next(struct seq_file * s,void * v,loff_t * pos,struct list_head * head)550 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
551 struct list_head *head)
552 {
553 struct list_head *list = v;
554
555 ++*pos;
556 list = rcu_dereference(list_next_rcu(list));
557
558 return (list == head) ? NULL : list;
559 }
560
smk_seq_stop(struct seq_file * s,void * v)561 static void smk_seq_stop(struct seq_file *s, void *v)
562 {
563 rcu_read_unlock();
564 }
565
smk_rule_show(struct seq_file * s,struct smack_rule * srp,int max)566 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
567 {
568 char acc[SMK_NUM_ACCESS_TYPE + 1];
569 /*
570 * Don't show any rules with label names too long for
571 * interface file (/smack/load or /smack/load2)
572 * because you should expect to be able to write
573 * anything you read back.
574 */
575 if (strlen(srp->smk_subject->smk_known) >= max ||
576 strlen(srp->smk_object->smk_known) >= max)
577 return;
578
579 if (srp->smk_access == 0)
580 return;
581
582 smack_str_from_perm(acc, srp->smk_access);
583 seq_printf(s, "%s %s %s\n",
584 srp->smk_subject->smk_known,
585 srp->smk_object->smk_known,
586 acc);
587 }
588
589 /*
590 * Seq_file read operations for /smack/load
591 */
592
load2_seq_start(struct seq_file * s,loff_t * pos)593 static void *load2_seq_start(struct seq_file *s, loff_t *pos)
594 {
595 return smk_seq_start(s, pos, &smack_known_list);
596 }
597
load2_seq_next(struct seq_file * s,void * v,loff_t * pos)598 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
599 {
600 return smk_seq_next(s, v, pos, &smack_known_list);
601 }
602
load_seq_show(struct seq_file * s,void * v)603 static int load_seq_show(struct seq_file *s, void *v)
604 {
605 struct list_head *list = v;
606 struct smack_rule *srp;
607 struct smack_known *skp =
608 list_entry_rcu(list, struct smack_known, list);
609
610 list_for_each_entry_rcu(srp, &skp->smk_rules, list)
611 smk_rule_show(s, srp, SMK_LABELLEN);
612
613 return 0;
614 }
615
616 static const struct seq_operations load_seq_ops = {
617 .start = load2_seq_start,
618 .next = load2_seq_next,
619 .show = load_seq_show,
620 .stop = smk_seq_stop,
621 };
622
623 /**
624 * smk_open_load - open() for /smack/load
625 * @inode: inode structure representing file
626 * @file: "load" file pointer
627 *
628 * For reading, use load_seq_* seq_file reading operations.
629 */
smk_open_load(struct inode * inode,struct file * file)630 static int smk_open_load(struct inode *inode, struct file *file)
631 {
632 return seq_open(file, &load_seq_ops);
633 }
634
635 /**
636 * smk_write_load - write() for /smack/load
637 * @file: file pointer, not actually used
638 * @buf: where to get the data from
639 * @count: bytes sent
640 * @ppos: where to start - must be 0
641 *
642 */
smk_write_load(struct file * file,const char __user * buf,size_t count,loff_t * ppos)643 static ssize_t smk_write_load(struct file *file, const char __user *buf,
644 size_t count, loff_t *ppos)
645 {
646 /*
647 * Must have privilege.
648 * No partial writes.
649 * Enough data must be present.
650 */
651 if (!smack_privileged(CAP_MAC_ADMIN))
652 return -EPERM;
653
654 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
655 SMK_FIXED24_FMT);
656 }
657
658 static const struct file_operations smk_load_ops = {
659 .open = smk_open_load,
660 .read = seq_read,
661 .llseek = seq_lseek,
662 .write = smk_write_load,
663 .release = seq_release,
664 };
665
666 /**
667 * smk_cipso_doi - set netlabel maps
668 * @ndoi: new value for our CIPSO DOI
669 * @gfp_flags: kmalloc allocation context
670 */
671 static int
smk_cipso_doi(u32 ndoi,gfp_t gfp_flags)672 smk_cipso_doi(u32 ndoi, gfp_t gfp_flags)
673 {
674 int rc = 0;
675 struct cipso_v4_doi *doip;
676 struct netlbl_audit nai;
677
678 mutex_lock(&smk_cipso_doi_lock);
679
680 if (smk_cipso_doi_value == ndoi)
681 goto clr_doi_lock;
682
683 smk_netlabel_audit_set(&nai);
684
685 doip = kmalloc_obj(struct cipso_v4_doi, gfp_flags);
686 if (!doip) {
687 rc = -ENOMEM;
688 goto clr_doi_lock;
689 }
690 doip->map.std = NULL;
691 doip->doi = ndoi;
692 doip->type = CIPSO_V4_MAP_PASS;
693 doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
694 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
695 doip->tags[rc] = CIPSO_V4_TAG_INVALID;
696
697 rc = netlbl_cfg_cipsov4_add(doip, &nai);
698 if (rc) {
699 kfree(doip);
700 goto clr_doi_lock;
701 }
702
703 if (smk_cipso_doi_value != CIPSO_V4_DOI_UNKNOWN) {
704 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
705 if (rc && rc != -ENOENT)
706 goto clr_ndoi_def;
707
708 netlbl_cfg_cipsov4_del(smk_cipso_doi_value, &nai);
709 }
710
711 rc = netlbl_cfg_cipsov4_map_add(ndoi, NULL, NULL, NULL, &nai);
712 if (rc) {
713 smk_cipso_doi_value = CIPSO_V4_DOI_UNKNOWN; // no default map
714 clr_ndoi_def: netlbl_cfg_cipsov4_del(ndoi, &nai);
715 } else
716 smk_cipso_doi_value = ndoi;
717
718 clr_doi_lock:
719 mutex_unlock(&smk_cipso_doi_lock);
720 return rc;
721 }
722
723 /**
724 * smk_unlbl_ambient - initialize the unlabeled domain
725 * @oldambient: previous domain string
726 */
smk_unlbl_ambient(char * oldambient)727 static void smk_unlbl_ambient(char *oldambient)
728 {
729 int rc;
730 struct netlbl_audit nai;
731
732 smk_netlabel_audit_set(&nai);
733
734 if (oldambient != NULL) {
735 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
736 if (rc != 0)
737 printk(KERN_WARNING "%s:%d remove rc = %d\n",
738 __func__, __LINE__, rc);
739 }
740 if (smack_net_ambient == NULL)
741 smack_net_ambient = &smack_known_floor;
742
743 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
744 NULL, NULL, &nai);
745 if (rc != 0)
746 printk(KERN_WARNING "%s:%d add rc = %d\n",
747 __func__, __LINE__, rc);
748 }
749
750 /*
751 * Seq_file read operations for /smack/cipso
752 */
753
cipso_seq_start(struct seq_file * s,loff_t * pos)754 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
755 {
756 return smk_seq_start(s, pos, &smack_known_list);
757 }
758
cipso_seq_next(struct seq_file * s,void * v,loff_t * pos)759 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
760 {
761 return smk_seq_next(s, v, pos, &smack_known_list);
762 }
763
764 /*
765 * Print cipso labels in format:
766 * label level[/cat[,cat]]
767 */
cipso_seq_show(struct seq_file * s,void * v)768 static int cipso_seq_show(struct seq_file *s, void *v)
769 {
770 struct list_head *list = v;
771 struct smack_known *skp =
772 list_entry_rcu(list, struct smack_known, list);
773 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
774 char sep = '/';
775 int i;
776
777 /*
778 * Don't show a label that could not have been set using
779 * /smack/cipso. This is in support of the notion that
780 * anything read from /smack/cipso ought to be writeable
781 * to /smack/cipso.
782 *
783 * /smack/cipso2 should be used instead.
784 */
785 if (strlen(skp->smk_known) >= SMK_LABELLEN)
786 return 0;
787
788 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
789
790 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
791 i = netlbl_catmap_walk(cmp, i + 1)) {
792 seq_printf(s, "%c%d", sep, i);
793 sep = ',';
794 }
795
796 seq_putc(s, '\n');
797
798 return 0;
799 }
800
801 static const struct seq_operations cipso_seq_ops = {
802 .start = cipso_seq_start,
803 .next = cipso_seq_next,
804 .show = cipso_seq_show,
805 .stop = smk_seq_stop,
806 };
807
808 /**
809 * smk_open_cipso - open() for /smack/cipso
810 * @inode: inode structure representing file
811 * @file: "cipso" file pointer
812 *
813 * Connect our cipso_seq_* operations with /smack/cipso
814 * file_operations
815 */
smk_open_cipso(struct inode * inode,struct file * file)816 static int smk_open_cipso(struct inode *inode, struct file *file)
817 {
818 return seq_open(file, &cipso_seq_ops);
819 }
820
821 /**
822 * smk_set_cipso - do the work for write() for cipso and cipso2
823 * @file: file pointer, not actually used
824 * @buf: where to get the data from
825 * @count: bytes sent
826 * @ppos: where to start
827 * @format: /smack/cipso or /smack/cipso2
828 *
829 * Accepts only one cipso rule per write call.
830 * Returns number of bytes written or error code, as appropriate
831 */
smk_set_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)832 static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
833 size_t count, loff_t *ppos, int format)
834 {
835 struct netlbl_lsm_catmap *old_cat;
836 struct smack_known *skp;
837 struct netlbl_lsm_secattr ncats;
838 char mapcatset[SMK_CIPSOLEN];
839 int maplevel;
840 unsigned int cat;
841 int catlen;
842 ssize_t rc = -EINVAL;
843 char *data = NULL;
844 char *rule;
845 int ret;
846 int i;
847
848 /*
849 * Must have privilege.
850 * No partial writes.
851 * Enough data must be present.
852 */
853 if (!smack_privileged(CAP_MAC_ADMIN))
854 return -EPERM;
855 if (*ppos != 0)
856 return -EINVAL;
857 if (format == SMK_FIXED24_FMT &&
858 (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
859 return -EINVAL;
860 if (count > PAGE_SIZE)
861 return -EINVAL;
862
863 data = memdup_user_nul(buf, count);
864 if (IS_ERR(data))
865 return PTR_ERR(data);
866
867 rule = data;
868 /*
869 * Only allow one writer at a time. Writes should be
870 * quite rare and small in any case.
871 */
872 mutex_lock(&smack_cipso_lock);
873
874 skp = smk_import_entry(rule, 0);
875 if (IS_ERR(skp)) {
876 rc = PTR_ERR(skp);
877 goto out;
878 }
879
880 if (format == SMK_FIXED24_FMT)
881 rule += SMK_LABELLEN;
882 else
883 rule += strlen(skp->smk_known) + 1;
884
885 if (rule > data + count) {
886 rc = -EOVERFLOW;
887 goto out;
888 }
889
890 ret = sscanf(rule, "%d", &maplevel);
891 if (ret != 1 || maplevel < 0 || maplevel > SMACK_CIPSO_MAXLEVEL)
892 goto out;
893
894 rule += SMK_DIGITLEN;
895 if (rule > data + count) {
896 rc = -EOVERFLOW;
897 goto out;
898 }
899
900 ret = sscanf(rule, "%d", &catlen);
901 if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM)
902 goto out;
903
904 if (format == SMK_FIXED24_FMT &&
905 count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
906 goto out;
907
908 memset(mapcatset, 0, sizeof(mapcatset));
909
910 for (i = 0; i < catlen; i++) {
911 rule += SMK_DIGITLEN;
912 if (rule > data + count) {
913 rc = -EOVERFLOW;
914 goto out;
915 }
916 ret = sscanf(rule, "%u", &cat);
917 if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
918 goto out;
919
920 smack_catset_bit(cat, mapcatset);
921 }
922
923 rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
924 if (rc >= 0) {
925 old_cat = skp->smk_netlabel.attr.mls.cat;
926 rcu_assign_pointer(skp->smk_netlabel.attr.mls.cat, ncats.attr.mls.cat);
927 if (ncats.attr.mls.cat)
928 skp->smk_netlabel.flags |= NETLBL_SECATTR_MLS_CAT;
929 else
930 skp->smk_netlabel.flags &= ~(u32)NETLBL_SECATTR_MLS_CAT;
931 skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
932 synchronize_rcu();
933 netlbl_catmap_free(old_cat);
934 rc = count;
935 /*
936 * This mapping may have been cached, so clear the cache.
937 */
938 netlbl_cache_invalidate();
939 }
940
941 out:
942 mutex_unlock(&smack_cipso_lock);
943 kfree(data);
944 return rc;
945 }
946
947 /**
948 * smk_write_cipso - write() for /smack/cipso
949 * @file: file pointer, not actually used
950 * @buf: where to get the data from
951 * @count: bytes sent
952 * @ppos: where to start
953 *
954 * Accepts only one cipso rule per write call.
955 * Returns number of bytes written or error code, as appropriate
956 */
smk_write_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos)957 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
958 size_t count, loff_t *ppos)
959 {
960 return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
961 }
962
963 static const struct file_operations smk_cipso_ops = {
964 .open = smk_open_cipso,
965 .read = seq_read,
966 .llseek = seq_lseek,
967 .write = smk_write_cipso,
968 .release = seq_release,
969 };
970
971 /*
972 * Seq_file read operations for /smack/cipso2
973 */
974
975 /*
976 * Print cipso labels in format:
977 * label level[/cat[,cat]]
978 */
cipso2_seq_show(struct seq_file * s,void * v)979 static int cipso2_seq_show(struct seq_file *s, void *v)
980 {
981 struct list_head *list = v;
982 struct smack_known *skp =
983 list_entry_rcu(list, struct smack_known, list);
984 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
985 char sep = '/';
986 int i;
987
988 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
989
990 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
991 i = netlbl_catmap_walk(cmp, i + 1)) {
992 seq_printf(s, "%c%d", sep, i);
993 sep = ',';
994 }
995
996 seq_putc(s, '\n');
997
998 return 0;
999 }
1000
1001 static const struct seq_operations cipso2_seq_ops = {
1002 .start = cipso_seq_start,
1003 .next = cipso_seq_next,
1004 .show = cipso2_seq_show,
1005 .stop = smk_seq_stop,
1006 };
1007
1008 /**
1009 * smk_open_cipso2 - open() for /smack/cipso2
1010 * @inode: inode structure representing file
1011 * @file: "cipso2" file pointer
1012 *
1013 * Connect our cipso_seq_* operations with /smack/cipso2
1014 * file_operations
1015 */
smk_open_cipso2(struct inode * inode,struct file * file)1016 static int smk_open_cipso2(struct inode *inode, struct file *file)
1017 {
1018 return seq_open(file, &cipso2_seq_ops);
1019 }
1020
1021 /**
1022 * smk_write_cipso2 - write() for /smack/cipso2
1023 * @file: file pointer, not actually used
1024 * @buf: where to get the data from
1025 * @count: bytes sent
1026 * @ppos: where to start
1027 *
1028 * Accepts only one cipso rule per write call.
1029 * Returns number of bytes written or error code, as appropriate
1030 */
smk_write_cipso2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1031 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
1032 size_t count, loff_t *ppos)
1033 {
1034 return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
1035 }
1036
1037 static const struct file_operations smk_cipso2_ops = {
1038 .open = smk_open_cipso2,
1039 .read = seq_read,
1040 .llseek = seq_lseek,
1041 .write = smk_write_cipso2,
1042 .release = seq_release,
1043 };
1044
1045 /*
1046 * Seq_file read operations for /smack/netlabel
1047 */
1048
net4addr_seq_start(struct seq_file * s,loff_t * pos)1049 static void *net4addr_seq_start(struct seq_file *s, loff_t *pos)
1050 {
1051 return smk_seq_start(s, pos, &smk_net4addr_list);
1052 }
1053
net4addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1054 static void *net4addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1055 {
1056 return smk_seq_next(s, v, pos, &smk_net4addr_list);
1057 }
1058
1059 /*
1060 * Print host/label pairs
1061 */
net4addr_seq_show(struct seq_file * s,void * v)1062 static int net4addr_seq_show(struct seq_file *s, void *v)
1063 {
1064 struct list_head *list = v;
1065 struct smk_net4addr *skp =
1066 list_entry_rcu(list, struct smk_net4addr, list);
1067 char *kp = SMACK_CIPSO_OPTION;
1068
1069 if (skp->smk_label != NULL)
1070 kp = skp->smk_label->smk_known;
1071 seq_printf(s, "%pI4/%d %s\n", &skp->smk_host.s_addr,
1072 skp->smk_masks, kp);
1073
1074 return 0;
1075 }
1076
1077 static const struct seq_operations net4addr_seq_ops = {
1078 .start = net4addr_seq_start,
1079 .next = net4addr_seq_next,
1080 .show = net4addr_seq_show,
1081 .stop = smk_seq_stop,
1082 };
1083
1084 /**
1085 * smk_open_net4addr - open() for /smack/netlabel
1086 * @inode: inode structure representing file
1087 * @file: "netlabel" file pointer
1088 *
1089 * Connect our net4addr_seq_* operations with /smack/netlabel
1090 * file_operations
1091 */
smk_open_net4addr(struct inode * inode,struct file * file)1092 static int smk_open_net4addr(struct inode *inode, struct file *file)
1093 {
1094 return seq_open(file, &net4addr_seq_ops);
1095 }
1096
1097 /**
1098 * smk_net4addr_insert - insert a new entry into the net4addrs list
1099 * @new : netlabel to insert
1100 *
1101 * This helper inserts netlabel in the smack_net4addrs list
1102 * sorted by netmask length (longest to smallest)
1103 * locked by &smk_net4addr_lock in smk_write_net4addr.
1104 */
smk_net4addr_insert(struct smk_net4addr * new)1105 static void smk_net4addr_insert(struct smk_net4addr *new)
1106 {
1107 struct smk_net4addr *m;
1108 struct smk_net4addr *m_next;
1109
1110 if (list_empty(&smk_net4addr_list)) {
1111 list_add_rcu(&new->list, &smk_net4addr_list);
1112 return;
1113 }
1114
1115 m = list_entry_rcu(smk_net4addr_list.next,
1116 struct smk_net4addr, list);
1117
1118 /* the comparison '>' is a bit hacky, but works */
1119 if (new->smk_masks > m->smk_masks) {
1120 list_add_rcu(&new->list, &smk_net4addr_list);
1121 return;
1122 }
1123
1124 list_for_each_entry_rcu(m, &smk_net4addr_list, list) {
1125 if (list_is_last(&m->list, &smk_net4addr_list)) {
1126 list_add_rcu(&new->list, &m->list);
1127 return;
1128 }
1129 m_next = list_entry_rcu(m->list.next,
1130 struct smk_net4addr, list);
1131 if (new->smk_masks > m_next->smk_masks) {
1132 list_add_rcu(&new->list, &m->list);
1133 return;
1134 }
1135 }
1136 }
1137
1138
1139 /**
1140 * smk_write_net4addr - write() for /smack/netlabel
1141 * @file: file pointer, not actually used
1142 * @buf: where to get the data from
1143 * @count: bytes sent
1144 * @ppos: where to start
1145 *
1146 * Accepts only one net4addr per write call.
1147 * Returns number of bytes written or error code, as appropriate
1148 */
smk_write_net4addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1149 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
1150 size_t count, loff_t *ppos)
1151 {
1152 struct smk_net4addr *snp;
1153 struct sockaddr_in newname;
1154 char *smack;
1155 struct smack_known *skp = NULL;
1156 char *data;
1157 char *host = (char *)&newname.sin_addr.s_addr;
1158 int rc;
1159 struct netlbl_audit audit_info;
1160 struct in_addr mask;
1161 unsigned int m;
1162 unsigned int masks;
1163 int found;
1164 u32 mask_bits = (1<<31);
1165 __be32 nsa;
1166 u32 temp_mask;
1167
1168 /*
1169 * Must have privilege.
1170 * No partial writes.
1171 * Enough data must be present.
1172 * "<addr/mask, as a.b.c.d/e><space><label>"
1173 * "<addr, as a.b.c.d><space><label>"
1174 */
1175 if (!smack_privileged(CAP_MAC_ADMIN))
1176 return -EPERM;
1177 if (*ppos != 0)
1178 return -EINVAL;
1179 if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1180 return -EINVAL;
1181
1182 data = memdup_user_nul(buf, count);
1183 if (IS_ERR(data))
1184 return PTR_ERR(data);
1185
1186 smack = kzalloc(count + 1, GFP_KERNEL);
1187 if (smack == NULL) {
1188 rc = -ENOMEM;
1189 goto free_data_out;
1190 }
1191
1192 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
1193 &host[0], &host[1], &host[2], &host[3], &masks, smack);
1194 if (rc != 6) {
1195 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1196 &host[0], &host[1], &host[2], &host[3], smack);
1197 if (rc != 5) {
1198 rc = -EINVAL;
1199 goto free_out;
1200 }
1201 masks = 32;
1202 }
1203 if (masks > BEBITS) {
1204 rc = -EINVAL;
1205 goto free_out;
1206 }
1207
1208 /*
1209 * If smack begins with '-', it is an option, don't import it
1210 */
1211 if (smack[0] != '-') {
1212 skp = smk_import_entry(smack, 0);
1213 if (IS_ERR(skp)) {
1214 rc = PTR_ERR(skp);
1215 goto free_out;
1216 }
1217 } else {
1218 /*
1219 * Only the -CIPSO option is supported for IPv4
1220 */
1221 if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) {
1222 rc = -EINVAL;
1223 goto free_out;
1224 }
1225 }
1226
1227 for (m = masks, temp_mask = 0; m > 0; m--) {
1228 temp_mask |= mask_bits;
1229 mask_bits >>= 1;
1230 }
1231 mask.s_addr = cpu_to_be32(temp_mask);
1232
1233 newname.sin_addr.s_addr &= mask.s_addr;
1234 /*
1235 * Only allow one writer at a time. Writes should be
1236 * quite rare and small in any case.
1237 */
1238 mutex_lock(&smk_net4addr_lock);
1239
1240 nsa = newname.sin_addr.s_addr;
1241 /* try to find if the prefix is already in the list */
1242 found = 0;
1243 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) {
1244 if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) {
1245 found = 1;
1246 break;
1247 }
1248 }
1249 smk_netlabel_audit_set(&audit_info);
1250
1251 if (found == 0) {
1252 snp = kzalloc_obj(*snp);
1253 if (snp == NULL)
1254 rc = -ENOMEM;
1255 else {
1256 rc = 0;
1257 snp->smk_host.s_addr = newname.sin_addr.s_addr;
1258 snp->smk_mask.s_addr = mask.s_addr;
1259 snp->smk_label = skp;
1260 snp->smk_masks = masks;
1261 smk_net4addr_insert(snp);
1262 }
1263 } else {
1264 /*
1265 * Delete the unlabeled entry, only if the previous label
1266 * wasn't the special CIPSO option
1267 */
1268 if (snp->smk_label != NULL)
1269 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1270 &snp->smk_host, &snp->smk_mask,
1271 PF_INET, &audit_info);
1272 else
1273 rc = 0;
1274 snp->smk_label = skp;
1275 }
1276
1277 /*
1278 * Now tell netlabel about the single label nature of
1279 * this host so that incoming packets get labeled.
1280 * but only if we didn't get the special CIPSO option
1281 */
1282 if (rc == 0 && skp != NULL)
1283 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1284 &snp->smk_host, &snp->smk_mask, PF_INET,
1285 snp->smk_label->smk_secid, &audit_info);
1286
1287 if (rc == 0)
1288 rc = count;
1289
1290 mutex_unlock(&smk_net4addr_lock);
1291
1292 free_out:
1293 kfree(smack);
1294 free_data_out:
1295 kfree(data);
1296
1297 return rc;
1298 }
1299
1300 static const struct file_operations smk_net4addr_ops = {
1301 .open = smk_open_net4addr,
1302 .read = seq_read,
1303 .llseek = seq_lseek,
1304 .write = smk_write_net4addr,
1305 .release = seq_release,
1306 };
1307
1308 #if IS_ENABLED(CONFIG_IPV6)
1309 /*
1310 * Seq_file read operations for /smack/netlabel6
1311 */
1312
net6addr_seq_start(struct seq_file * s,loff_t * pos)1313 static void *net6addr_seq_start(struct seq_file *s, loff_t *pos)
1314 {
1315 return smk_seq_start(s, pos, &smk_net6addr_list);
1316 }
1317
net6addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1318 static void *net6addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1319 {
1320 return smk_seq_next(s, v, pos, &smk_net6addr_list);
1321 }
1322
1323 /*
1324 * Print host/label pairs
1325 */
net6addr_seq_show(struct seq_file * s,void * v)1326 static int net6addr_seq_show(struct seq_file *s, void *v)
1327 {
1328 struct list_head *list = v;
1329 struct smk_net6addr *skp =
1330 list_entry(list, struct smk_net6addr, list);
1331
1332 if (skp->smk_label != NULL)
1333 seq_printf(s, "%pI6/%d %s\n", &skp->smk_host, skp->smk_masks,
1334 skp->smk_label->smk_known);
1335
1336 return 0;
1337 }
1338
1339 static const struct seq_operations net6addr_seq_ops = {
1340 .start = net6addr_seq_start,
1341 .next = net6addr_seq_next,
1342 .show = net6addr_seq_show,
1343 .stop = smk_seq_stop,
1344 };
1345
1346 /**
1347 * smk_open_net6addr - open() for /smack/netlabel
1348 * @inode: inode structure representing file
1349 * @file: "netlabel" file pointer
1350 *
1351 * Connect our net6addr_seq_* operations with /smack/netlabel
1352 * file_operations
1353 */
smk_open_net6addr(struct inode * inode,struct file * file)1354 static int smk_open_net6addr(struct inode *inode, struct file *file)
1355 {
1356 return seq_open(file, &net6addr_seq_ops);
1357 }
1358
1359 /**
1360 * smk_net6addr_insert - insert a new entry into the net6addrs list
1361 * @new : entry to insert
1362 *
1363 * This inserts an entry in the smack_net6addrs list
1364 * sorted by netmask length (longest to smallest)
1365 * locked by &smk_net6addr_lock in smk_write_net6addr.
1366 */
smk_net6addr_insert(struct smk_net6addr * new)1367 static void smk_net6addr_insert(struct smk_net6addr *new)
1368 {
1369 struct smk_net6addr *m_next;
1370 struct smk_net6addr *m;
1371
1372 if (list_empty(&smk_net6addr_list)) {
1373 list_add_rcu(&new->list, &smk_net6addr_list);
1374 return;
1375 }
1376
1377 m = list_entry_rcu(smk_net6addr_list.next,
1378 struct smk_net6addr, list);
1379
1380 if (new->smk_masks > m->smk_masks) {
1381 list_add_rcu(&new->list, &smk_net6addr_list);
1382 return;
1383 }
1384
1385 list_for_each_entry_rcu(m, &smk_net6addr_list, list) {
1386 if (list_is_last(&m->list, &smk_net6addr_list)) {
1387 list_add_rcu(&new->list, &m->list);
1388 return;
1389 }
1390 m_next = list_entry_rcu(m->list.next,
1391 struct smk_net6addr, list);
1392 if (new->smk_masks > m_next->smk_masks) {
1393 list_add_rcu(&new->list, &m->list);
1394 return;
1395 }
1396 }
1397 }
1398
1399
1400 /**
1401 * smk_write_net6addr - write() for /smack/netlabel
1402 * @file: file pointer, not actually used
1403 * @buf: where to get the data from
1404 * @count: bytes sent
1405 * @ppos: where to start
1406 *
1407 * Accepts only one net6addr per write call.
1408 * Returns number of bytes written or error code, as appropriate
1409 */
smk_write_net6addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1410 static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
1411 size_t count, loff_t *ppos)
1412 {
1413 struct smk_net6addr *snp;
1414 struct in6_addr newname;
1415 struct in6_addr fullmask;
1416 struct smack_known *skp = NULL;
1417 char *smack;
1418 char *data;
1419 int rc = 0;
1420 int found = 0;
1421 int i;
1422 unsigned int scanned[8];
1423 unsigned int m;
1424 unsigned int mask = 128;
1425
1426 /*
1427 * Must have privilege.
1428 * No partial writes.
1429 * Enough data must be present.
1430 * "<addr/mask, as a:b:c:d:e:f:g:h/e><space><label>"
1431 * "<addr, as a:b:c:d:e:f:g:h><space><label>"
1432 */
1433 if (!smack_privileged(CAP_MAC_ADMIN))
1434 return -EPERM;
1435 if (*ppos != 0)
1436 return -EINVAL;
1437 if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1438 return -EINVAL;
1439
1440 data = memdup_user_nul(buf, count);
1441 if (IS_ERR(data))
1442 return PTR_ERR(data);
1443
1444 smack = kzalloc(count + 1, GFP_KERNEL);
1445 if (smack == NULL) {
1446 rc = -ENOMEM;
1447 goto free_data_out;
1448 }
1449
1450 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
1451 &scanned[0], &scanned[1], &scanned[2], &scanned[3],
1452 &scanned[4], &scanned[5], &scanned[6], &scanned[7],
1453 &mask, smack);
1454 if (i != 10) {
1455 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
1456 &scanned[0], &scanned[1], &scanned[2],
1457 &scanned[3], &scanned[4], &scanned[5],
1458 &scanned[6], &scanned[7], smack);
1459 if (i != 9) {
1460 rc = -EINVAL;
1461 goto free_out;
1462 }
1463 }
1464 if (mask > 128) {
1465 rc = -EINVAL;
1466 goto free_out;
1467 }
1468 for (i = 0; i < 8; i++) {
1469 if (scanned[i] > 0xffff) {
1470 rc = -EINVAL;
1471 goto free_out;
1472 }
1473 newname.s6_addr16[i] = htons(scanned[i]);
1474 }
1475
1476 /*
1477 * If smack begins with '-', it is an option, don't import it
1478 */
1479 if (smack[0] != '-') {
1480 skp = smk_import_entry(smack, 0);
1481 if (IS_ERR(skp)) {
1482 rc = PTR_ERR(skp);
1483 goto free_out;
1484 }
1485 } else {
1486 /*
1487 * Only -DELETE is supported for IPv6
1488 */
1489 if (strcmp(smack, SMACK_DELETE_OPTION) != 0) {
1490 rc = -EINVAL;
1491 goto free_out;
1492 }
1493 }
1494
1495 for (i = 0, m = mask; i < 8; i++) {
1496 if (m >= 16) {
1497 fullmask.s6_addr16[i] = 0xffff;
1498 m -= 16;
1499 } else if (m > 0) {
1500 fullmask.s6_addr16[i] = (1 << m) - 1;
1501 m = 0;
1502 } else
1503 fullmask.s6_addr16[i] = 0;
1504 newname.s6_addr16[i] &= fullmask.s6_addr16[i];
1505 }
1506
1507 /*
1508 * Only allow one writer at a time. Writes should be
1509 * quite rare and small in any case.
1510 */
1511 mutex_lock(&smk_net6addr_lock);
1512 /*
1513 * Try to find the prefix in the list
1514 */
1515 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
1516 if (mask != snp->smk_masks)
1517 continue;
1518 for (found = 1, i = 0; i < 8; i++) {
1519 if (newname.s6_addr16[i] !=
1520 snp->smk_host.s6_addr16[i]) {
1521 found = 0;
1522 break;
1523 }
1524 }
1525 if (found == 1)
1526 break;
1527 }
1528 if (found == 0) {
1529 snp = kzalloc_obj(*snp);
1530 if (snp == NULL)
1531 rc = -ENOMEM;
1532 else {
1533 snp->smk_host = newname;
1534 snp->smk_mask = fullmask;
1535 snp->smk_masks = mask;
1536 snp->smk_label = skp;
1537 smk_net6addr_insert(snp);
1538 }
1539 } else {
1540 snp->smk_label = skp;
1541 }
1542
1543 if (rc == 0)
1544 rc = count;
1545
1546 mutex_unlock(&smk_net6addr_lock);
1547
1548 free_out:
1549 kfree(smack);
1550 free_data_out:
1551 kfree(data);
1552
1553 return rc;
1554 }
1555
1556 static const struct file_operations smk_net6addr_ops = {
1557 .open = smk_open_net6addr,
1558 .read = seq_read,
1559 .llseek = seq_lseek,
1560 .write = smk_write_net6addr,
1561 .release = seq_release,
1562 };
1563 #endif /* CONFIG_IPV6 */
1564
1565 /**
1566 * smk_read_doi - read() for /smack/doi
1567 * @filp: file pointer, not actually used
1568 * @buf: where to put the result
1569 * @count: maximum to send along
1570 * @ppos: where to start
1571 *
1572 * Returns number of bytes read or error code, as appropriate
1573 */
smk_read_doi(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1574 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1575 size_t count, loff_t *ppos)
1576 {
1577 char temp[80];
1578 ssize_t rc;
1579
1580 if (*ppos != 0)
1581 return 0;
1582
1583 sprintf(temp, "%lu", (unsigned long)smk_cipso_doi_value);
1584 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1585
1586 return rc;
1587 }
1588
1589 /**
1590 * smk_write_doi - write() for /smack/doi
1591 * @file: file pointer, not actually used
1592 * @buf: where to get the data from
1593 * @count: bytes sent
1594 * @ppos: where to start
1595 *
1596 * Returns number of bytes written or error code, as appropriate
1597 */
smk_write_doi(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1598 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1599 size_t count, loff_t *ppos)
1600 {
1601 char temp[80];
1602 unsigned long u;
1603
1604 if (!smack_privileged(CAP_MAC_ADMIN))
1605 return -EPERM;
1606
1607 if (count >= sizeof(temp) || count == 0)
1608 return -EINVAL;
1609
1610 if (copy_from_user(temp, buf, count) != 0)
1611 return -EFAULT;
1612
1613 temp[count] = '\0';
1614
1615 if (kstrtoul(temp, 10, &u))
1616 return -EINVAL;
1617
1618 if (u == CIPSO_V4_DOI_UNKNOWN || u > U32_MAX)
1619 return -EINVAL;
1620
1621 return smk_cipso_doi(u, GFP_KERNEL) ? : count;
1622 }
1623
1624 static const struct file_operations smk_doi_ops = {
1625 .read = smk_read_doi,
1626 .write = smk_write_doi,
1627 .llseek = default_llseek,
1628 };
1629
1630 /**
1631 * smk_read_direct - read() for /smack/direct
1632 * @filp: file pointer, not actually used
1633 * @buf: where to put the result
1634 * @count: maximum to send along
1635 * @ppos: where to start
1636 *
1637 * Returns number of bytes read or error code, as appropriate
1638 */
smk_read_direct(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1639 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1640 size_t count, loff_t *ppos)
1641 {
1642 char temp[80];
1643 ssize_t rc;
1644
1645 if (*ppos != 0)
1646 return 0;
1647
1648 sprintf(temp, "%d", smack_cipso_direct);
1649 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1650
1651 return rc;
1652 }
1653
1654 /**
1655 * smk_write_direct - write() for /smack/direct
1656 * @file: file pointer, not actually used
1657 * @buf: where to get the data from
1658 * @count: bytes sent
1659 * @ppos: where to start
1660 *
1661 * Returns number of bytes written or error code, as appropriate
1662 */
smk_write_direct(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1663 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1664 size_t count, loff_t *ppos)
1665 {
1666 struct smack_known *skp;
1667 char temp[80];
1668 int i;
1669
1670 if (!smack_privileged(CAP_MAC_ADMIN))
1671 return -EPERM;
1672
1673 if (count >= sizeof(temp) || count == 0)
1674 return -EINVAL;
1675
1676 if (copy_from_user(temp, buf, count) != 0)
1677 return -EFAULT;
1678
1679 temp[count] = '\0';
1680
1681 if (sscanf(temp, "%d", &i) != 1)
1682 return -EINVAL;
1683
1684 /*
1685 * Don't do anything if the value hasn't actually changed.
1686 * If it is changing reset the level on entries that were
1687 * set up to be direct when they were created.
1688 */
1689 if (smack_cipso_direct != i) {
1690 mutex_lock(&smack_known_lock);
1691 list_for_each_entry_rcu(skp, &smack_known_list, list)
1692 if (skp->smk_netlabel.attr.mls.lvl ==
1693 smack_cipso_direct)
1694 skp->smk_netlabel.attr.mls.lvl = i;
1695 smack_cipso_direct = i;
1696 mutex_unlock(&smack_known_lock);
1697 }
1698
1699 return count;
1700 }
1701
1702 static const struct file_operations smk_direct_ops = {
1703 .read = smk_read_direct,
1704 .write = smk_write_direct,
1705 .llseek = default_llseek,
1706 };
1707
1708 /**
1709 * smk_read_mapped - read() for /smack/mapped
1710 * @filp: file pointer, not actually used
1711 * @buf: where to put the result
1712 * @count: maximum to send along
1713 * @ppos: where to start
1714 *
1715 * Returns number of bytes read or error code, as appropriate
1716 */
smk_read_mapped(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1717 static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1718 size_t count, loff_t *ppos)
1719 {
1720 char temp[80];
1721 ssize_t rc;
1722
1723 if (*ppos != 0)
1724 return 0;
1725
1726 sprintf(temp, "%d", smack_cipso_mapped);
1727 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1728
1729 return rc;
1730 }
1731
1732 /**
1733 * smk_write_mapped - write() for /smack/mapped
1734 * @file: file pointer, not actually used
1735 * @buf: where to get the data from
1736 * @count: bytes sent
1737 * @ppos: where to start
1738 *
1739 * Returns number of bytes written or error code, as appropriate
1740 */
smk_write_mapped(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1741 static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1742 size_t count, loff_t *ppos)
1743 {
1744 struct smack_known *skp;
1745 char temp[80];
1746 int i;
1747
1748 if (!smack_privileged(CAP_MAC_ADMIN))
1749 return -EPERM;
1750
1751 if (count >= sizeof(temp) || count == 0)
1752 return -EINVAL;
1753
1754 if (copy_from_user(temp, buf, count) != 0)
1755 return -EFAULT;
1756
1757 temp[count] = '\0';
1758
1759 if (sscanf(temp, "%d", &i) != 1)
1760 return -EINVAL;
1761
1762 /*
1763 * Don't do anything if the value hasn't actually changed.
1764 * If it is changing reset the level on entries that were
1765 * set up to be mapped when they were created.
1766 */
1767 if (smack_cipso_mapped != i) {
1768 mutex_lock(&smack_known_lock);
1769 list_for_each_entry_rcu(skp, &smack_known_list, list)
1770 if (skp->smk_netlabel.attr.mls.lvl ==
1771 smack_cipso_mapped)
1772 skp->smk_netlabel.attr.mls.lvl = i;
1773 smack_cipso_mapped = i;
1774 mutex_unlock(&smack_known_lock);
1775 }
1776
1777 return count;
1778 }
1779
1780 static const struct file_operations smk_mapped_ops = {
1781 .read = smk_read_mapped,
1782 .write = smk_write_mapped,
1783 .llseek = default_llseek,
1784 };
1785
1786 /**
1787 * smk_read_ambient - read() for /smack/ambient
1788 * @filp: file pointer, not actually used
1789 * @buf: where to put the result
1790 * @cn: maximum to send along
1791 * @ppos: where to start
1792 *
1793 * Returns number of bytes read or error code, as appropriate
1794 */
smk_read_ambient(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)1795 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1796 size_t cn, loff_t *ppos)
1797 {
1798 ssize_t rc;
1799 int asize;
1800
1801 if (*ppos != 0)
1802 return 0;
1803 /*
1804 * Being careful to avoid a problem in the case where
1805 * smack_net_ambient gets changed in midstream.
1806 */
1807 mutex_lock(&smack_ambient_lock);
1808
1809 asize = strlen(smack_net_ambient->smk_known) + 1;
1810
1811 if (cn >= asize)
1812 rc = simple_read_from_buffer(buf, cn, ppos,
1813 smack_net_ambient->smk_known,
1814 asize);
1815 else
1816 rc = -EINVAL;
1817
1818 mutex_unlock(&smack_ambient_lock);
1819
1820 return rc;
1821 }
1822
1823 /**
1824 * smk_write_ambient - write() for /smack/ambient
1825 * @file: file pointer, not actually used
1826 * @buf: where to get the data from
1827 * @count: bytes sent
1828 * @ppos: where to start
1829 *
1830 * Returns number of bytes written or error code, as appropriate
1831 */
smk_write_ambient(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1832 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1833 size_t count, loff_t *ppos)
1834 {
1835 struct smack_known *skp;
1836 char *oldambient;
1837 char *data;
1838 int rc = count;
1839
1840 if (!smack_privileged(CAP_MAC_ADMIN))
1841 return -EPERM;
1842
1843 /* Enough data must be present */
1844 if (count == 0 || count > PAGE_SIZE)
1845 return -EINVAL;
1846
1847 data = memdup_user_nul(buf, count);
1848 if (IS_ERR(data))
1849 return PTR_ERR(data);
1850
1851 skp = smk_import_entry(data, count);
1852 if (IS_ERR(skp)) {
1853 rc = PTR_ERR(skp);
1854 goto out;
1855 }
1856
1857 mutex_lock(&smack_ambient_lock);
1858
1859 oldambient = smack_net_ambient->smk_known;
1860 smack_net_ambient = skp;
1861 smk_unlbl_ambient(oldambient);
1862
1863 mutex_unlock(&smack_ambient_lock);
1864
1865 out:
1866 kfree(data);
1867 return rc;
1868 }
1869
1870 static const struct file_operations smk_ambient_ops = {
1871 .read = smk_read_ambient,
1872 .write = smk_write_ambient,
1873 .llseek = default_llseek,
1874 };
1875
1876 /*
1877 * Seq_file operations for /smack/onlycap
1878 */
onlycap_seq_start(struct seq_file * s,loff_t * pos)1879 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
1880 {
1881 return smk_seq_start(s, pos, &smack_onlycap_list);
1882 }
1883
onlycap_seq_next(struct seq_file * s,void * v,loff_t * pos)1884 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
1885 {
1886 return smk_seq_next(s, v, pos, &smack_onlycap_list);
1887 }
1888
onlycap_seq_show(struct seq_file * s,void * v)1889 static int onlycap_seq_show(struct seq_file *s, void *v)
1890 {
1891 struct list_head *list = v;
1892 struct smack_known_list_elem *sklep =
1893 list_entry_rcu(list, struct smack_known_list_elem, list);
1894
1895 seq_puts(s, sklep->smk_label->smk_known);
1896 seq_putc(s, ' ');
1897
1898 return 0;
1899 }
1900
1901 static const struct seq_operations onlycap_seq_ops = {
1902 .start = onlycap_seq_start,
1903 .next = onlycap_seq_next,
1904 .show = onlycap_seq_show,
1905 .stop = smk_seq_stop,
1906 };
1907
smk_open_onlycap(struct inode * inode,struct file * file)1908 static int smk_open_onlycap(struct inode *inode, struct file *file)
1909 {
1910 return seq_open(file, &onlycap_seq_ops);
1911 }
1912
1913 /**
1914 * smk_list_swap_rcu - swap public list with a private one in RCU-safe way
1915 * The caller must hold appropriate mutex to prevent concurrent modifications
1916 * to the public list.
1917 * Private list is assumed to be not accessible to other threads yet.
1918 *
1919 * @public: public list
1920 * @private: private list
1921 */
smk_list_swap_rcu(struct list_head * public,struct list_head * private)1922 static void smk_list_swap_rcu(struct list_head *public,
1923 struct list_head *private)
1924 {
1925 struct list_head *first, *last;
1926
1927 if (list_empty(public)) {
1928 list_splice_init_rcu(private, public, synchronize_rcu);
1929 } else {
1930 /* Remember public list before replacing it */
1931 first = public->next;
1932 last = public->prev;
1933
1934 /* Publish private list in place of public in RCU-safe way */
1935 private->prev->next = public;
1936 private->next->prev = public;
1937 rcu_assign_pointer(public->next, private->next);
1938 public->prev = private->prev;
1939
1940 synchronize_rcu();
1941
1942 /* When all readers are done with the old public list,
1943 * attach it in place of private */
1944 private->next = first;
1945 private->prev = last;
1946 first->prev = private;
1947 last->next = private;
1948 }
1949 }
1950
1951 /**
1952 * smk_parse_label_list - parse list of Smack labels, separated by spaces
1953 *
1954 * @data: the string to parse
1955 * @list: destination list
1956 *
1957 * Returns zero on success or error code, as appropriate
1958 */
smk_parse_label_list(char * data,struct list_head * list)1959 static int smk_parse_label_list(char *data, struct list_head *list)
1960 {
1961 char *tok;
1962 struct smack_known *skp;
1963 struct smack_known_list_elem *sklep;
1964
1965 while ((tok = strsep(&data, " ")) != NULL) {
1966 if (!*tok)
1967 continue;
1968
1969 skp = smk_import_entry(tok, 0);
1970 if (IS_ERR(skp))
1971 return PTR_ERR(skp);
1972
1973 sklep = kzalloc_obj(*sklep);
1974 if (sklep == NULL)
1975 return -ENOMEM;
1976
1977 sklep->smk_label = skp;
1978 list_add(&sklep->list, list);
1979 }
1980
1981 return 0;
1982 }
1983
1984 /**
1985 * smk_destroy_label_list - destroy a list of smack_known_list_elem
1986 * @list: header pointer of the list to destroy
1987 */
smk_destroy_label_list(struct list_head * list)1988 void smk_destroy_label_list(struct list_head *list)
1989 {
1990 struct smack_known_list_elem *sklep;
1991 struct smack_known_list_elem *sklep2;
1992
1993 list_for_each_entry_safe(sklep, sklep2, list, list)
1994 kfree(sklep);
1995
1996 INIT_LIST_HEAD(list);
1997 }
1998
1999 /**
2000 * smk_write_onlycap - write() for smackfs/onlycap
2001 * @file: file pointer, not actually used
2002 * @buf: where to get the data from
2003 * @count: bytes sent
2004 * @ppos: where to start
2005 *
2006 * Returns number of bytes written or error code, as appropriate
2007 */
smk_write_onlycap(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2008 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
2009 size_t count, loff_t *ppos)
2010 {
2011 char *data;
2012 LIST_HEAD(list_tmp);
2013 int rc;
2014
2015 if (!smack_privileged(CAP_MAC_ADMIN))
2016 return -EPERM;
2017
2018 if (count > PAGE_SIZE)
2019 return -EINVAL;
2020
2021 data = memdup_user_nul(buf, count);
2022 if (IS_ERR(data))
2023 return PTR_ERR(data);
2024
2025 rc = smk_parse_label_list(data, &list_tmp);
2026 kfree(data);
2027
2028 /*
2029 * Clear the smack_onlycap on invalid label errors. This means
2030 * that we can pass a null string to unset the onlycap value.
2031 *
2032 * Importing will also reject a label beginning with '-',
2033 * so "-usecapabilities" will also work.
2034 *
2035 * But do so only on invalid label, not on system errors.
2036 * The invalid label must be first to count as clearing attempt.
2037 */
2038 if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2039 mutex_lock(&smack_onlycap_lock);
2040 smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
2041 mutex_unlock(&smack_onlycap_lock);
2042 rc = count;
2043 }
2044
2045 smk_destroy_label_list(&list_tmp);
2046
2047 return rc;
2048 }
2049
2050 static const struct file_operations smk_onlycap_ops = {
2051 .open = smk_open_onlycap,
2052 .read = seq_read,
2053 .write = smk_write_onlycap,
2054 .llseek = seq_lseek,
2055 .release = seq_release,
2056 };
2057
2058 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2059 /**
2060 * smk_read_unconfined - read() for smackfs/unconfined
2061 * @filp: file pointer, not actually used
2062 * @buf: where to put the result
2063 * @cn: maximum to send along
2064 * @ppos: where to start
2065 *
2066 * Returns number of bytes read or error code, as appropriate
2067 */
smk_read_unconfined(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2068 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
2069 size_t cn, loff_t *ppos)
2070 {
2071 char *smack = "";
2072 ssize_t rc = -EINVAL;
2073 int asize;
2074
2075 if (*ppos != 0)
2076 return 0;
2077
2078 if (smack_unconfined != NULL)
2079 smack = smack_unconfined->smk_known;
2080
2081 asize = strlen(smack) + 1;
2082
2083 if (cn >= asize)
2084 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
2085
2086 return rc;
2087 }
2088
2089 /**
2090 * smk_write_unconfined - write() for smackfs/unconfined
2091 * @file: file pointer, not actually used
2092 * @buf: where to get the data from
2093 * @count: bytes sent
2094 * @ppos: where to start
2095 *
2096 * Returns number of bytes written or error code, as appropriate
2097 */
smk_write_unconfined(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2098 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
2099 size_t count, loff_t *ppos)
2100 {
2101 char *data;
2102 struct smack_known *skp;
2103 int rc = count;
2104
2105 if (!smack_privileged(CAP_MAC_ADMIN))
2106 return -EPERM;
2107
2108 if (count > PAGE_SIZE)
2109 return -EINVAL;
2110
2111 data = memdup_user_nul(buf, count);
2112 if (IS_ERR(data))
2113 return PTR_ERR(data);
2114
2115 /*
2116 * Clear the smack_unconfined on invalid label errors. This means
2117 * that we can pass a null string to unset the unconfined value.
2118 *
2119 * Importing will also reject a label beginning with '-',
2120 * so "-confine" will also work.
2121 *
2122 * But do so only on invalid label, not on system errors.
2123 */
2124 skp = smk_import_entry(data, count);
2125 if (PTR_ERR(skp) == -EINVAL)
2126 skp = NULL;
2127 else if (IS_ERR(skp)) {
2128 rc = PTR_ERR(skp);
2129 goto freeout;
2130 }
2131
2132 smack_unconfined = skp;
2133
2134 freeout:
2135 kfree(data);
2136 return rc;
2137 }
2138
2139 static const struct file_operations smk_unconfined_ops = {
2140 .read = smk_read_unconfined,
2141 .write = smk_write_unconfined,
2142 .llseek = default_llseek,
2143 };
2144 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */
2145
2146 #ifdef CONFIG_AUDIT
2147 /**
2148 * smk_read_logging - read() for /smack/logging
2149 * @filp: file pointer, not actually used
2150 * @buf: where to put the result
2151 * @count: maximum to send along
2152 * @ppos: where to start
2153 *
2154 * Returns number of bytes read or error code, as appropriate
2155 */
smk_read_logging(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2156 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
2157 size_t count, loff_t *ppos)
2158 {
2159 char temp[32];
2160 ssize_t rc;
2161
2162 if (*ppos != 0)
2163 return 0;
2164
2165 sprintf(temp, "%d\n", log_policy);
2166 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2167 return rc;
2168 }
2169
2170 /**
2171 * smk_write_logging - write() for /smack/logging
2172 * @file: file pointer, not actually used
2173 * @buf: where to get the data from
2174 * @count: bytes sent
2175 * @ppos: where to start
2176 *
2177 * Returns number of bytes written or error code, as appropriate
2178 */
smk_write_logging(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2179 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
2180 size_t count, loff_t *ppos)
2181 {
2182 char temp[32];
2183 int i;
2184
2185 if (!smack_privileged(CAP_MAC_ADMIN))
2186 return -EPERM;
2187
2188 if (count >= sizeof(temp) || count == 0)
2189 return -EINVAL;
2190
2191 if (copy_from_user(temp, buf, count) != 0)
2192 return -EFAULT;
2193
2194 temp[count] = '\0';
2195
2196 if (sscanf(temp, "%d", &i) != 1)
2197 return -EINVAL;
2198 if (i < 0 || i > 3)
2199 return -EINVAL;
2200 log_policy = i;
2201 return count;
2202 }
2203
2204
2205
2206 static const struct file_operations smk_logging_ops = {
2207 .read = smk_read_logging,
2208 .write = smk_write_logging,
2209 .llseek = default_llseek,
2210 };
2211 #endif /* CONFIG_AUDIT */
2212
2213 /*
2214 * Seq_file read operations for /smack/load-self
2215 */
2216
load_self_seq_start(struct seq_file * s,loff_t * pos)2217 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
2218 {
2219 struct task_smack *tsp = smack_cred(current_cred());
2220
2221 return smk_seq_start(s, pos, &tsp->smk_rules);
2222 }
2223
load_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2224 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2225 {
2226 struct task_smack *tsp = smack_cred(current_cred());
2227
2228 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2229 }
2230
load_self_seq_show(struct seq_file * s,void * v)2231 static int load_self_seq_show(struct seq_file *s, void *v)
2232 {
2233 struct list_head *list = v;
2234 struct smack_rule *srp =
2235 list_entry_rcu(list, struct smack_rule, list);
2236
2237 smk_rule_show(s, srp, SMK_LABELLEN);
2238
2239 return 0;
2240 }
2241
2242 static const struct seq_operations load_self_seq_ops = {
2243 .start = load_self_seq_start,
2244 .next = load_self_seq_next,
2245 .show = load_self_seq_show,
2246 .stop = smk_seq_stop,
2247 };
2248
2249
2250 /**
2251 * smk_open_load_self - open() for /smack/load-self2
2252 * @inode: inode structure representing file
2253 * @file: "load" file pointer
2254 *
2255 * For reading, use load_seq_* seq_file reading operations.
2256 */
smk_open_load_self(struct inode * inode,struct file * file)2257 static int smk_open_load_self(struct inode *inode, struct file *file)
2258 {
2259 return seq_open(file, &load_self_seq_ops);
2260 }
2261
2262 /**
2263 * smk_write_load_self - write() for /smack/load-self
2264 * @file: file pointer, not actually used
2265 * @buf: where to get the data from
2266 * @count: bytes sent
2267 * @ppos: where to start - must be 0
2268 *
2269 */
smk_write_load_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2270 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
2271 size_t count, loff_t *ppos)
2272 {
2273 struct task_smack *tsp = smack_cred(current_cred());
2274
2275 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2276 &tsp->smk_rules_lock, SMK_FIXED24_FMT);
2277 }
2278
2279 static const struct file_operations smk_load_self_ops = {
2280 .open = smk_open_load_self,
2281 .read = seq_read,
2282 .llseek = seq_lseek,
2283 .write = smk_write_load_self,
2284 .release = seq_release,
2285 };
2286
2287 /**
2288 * smk_user_access - handle access check transaction
2289 * @file: file pointer
2290 * @buf: data from user space
2291 * @count: bytes sent
2292 * @ppos: where to start - must be 0
2293 * @format: /smack/load or /smack/load2 or /smack/change-rule format.
2294 */
smk_user_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)2295 static ssize_t smk_user_access(struct file *file, const char __user *buf,
2296 size_t count, loff_t *ppos, int format)
2297 {
2298 struct smack_parsed_rule rule;
2299 char *data;
2300 int res;
2301
2302 data = simple_transaction_get(file, buf, count);
2303 if (IS_ERR(data))
2304 return PTR_ERR(data);
2305
2306 if (format == SMK_FIXED24_FMT) {
2307 if (count < SMK_LOADLEN)
2308 return -EINVAL;
2309 res = smk_parse_rule(data, &rule, 0);
2310 } else {
2311 /*
2312 * simple_transaction_get() returns null-terminated data
2313 */
2314 res = smk_parse_long_rule(data, &rule, 0, 3);
2315 }
2316
2317 if (res >= 0)
2318 res = smk_access(rule.smk_subject, rule.smk_object,
2319 rule.smk_access1, NULL);
2320 else if (res != -ENOENT)
2321 return res;
2322
2323 /*
2324 * smk_access() can return a value > 0 in the "bringup" case.
2325 */
2326 data[0] = res >= 0 ? '1' : '0';
2327 data[1] = '\0';
2328
2329 simple_transaction_set(file, 2);
2330
2331 if (format == SMK_FIXED24_FMT)
2332 return SMK_LOADLEN;
2333 return count;
2334 }
2335
2336 /**
2337 * smk_write_access - handle access check transaction
2338 * @file: file pointer
2339 * @buf: data from user space
2340 * @count: bytes sent
2341 * @ppos: where to start - must be 0
2342 */
smk_write_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2343 static ssize_t smk_write_access(struct file *file, const char __user *buf,
2344 size_t count, loff_t *ppos)
2345 {
2346 return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
2347 }
2348
2349 static const struct file_operations smk_access_ops = {
2350 .write = smk_write_access,
2351 .read = simple_transaction_read,
2352 .release = simple_transaction_release,
2353 .llseek = generic_file_llseek,
2354 };
2355
2356
2357 /*
2358 * Seq_file read operations for /smack/load2
2359 */
2360
load2_seq_show(struct seq_file * s,void * v)2361 static int load2_seq_show(struct seq_file *s, void *v)
2362 {
2363 struct list_head *list = v;
2364 struct smack_rule *srp;
2365 struct smack_known *skp =
2366 list_entry_rcu(list, struct smack_known, list);
2367
2368 list_for_each_entry_rcu(srp, &skp->smk_rules, list)
2369 smk_rule_show(s, srp, SMK_LONGLABEL);
2370
2371 return 0;
2372 }
2373
2374 static const struct seq_operations load2_seq_ops = {
2375 .start = load2_seq_start,
2376 .next = load2_seq_next,
2377 .show = load2_seq_show,
2378 .stop = smk_seq_stop,
2379 };
2380
2381 /**
2382 * smk_open_load2 - open() for /smack/load2
2383 * @inode: inode structure representing file
2384 * @file: "load2" file pointer
2385 *
2386 * For reading, use load2_seq_* seq_file reading operations.
2387 */
smk_open_load2(struct inode * inode,struct file * file)2388 static int smk_open_load2(struct inode *inode, struct file *file)
2389 {
2390 return seq_open(file, &load2_seq_ops);
2391 }
2392
2393 /**
2394 * smk_write_load2 - write() for /smack/load2
2395 * @file: file pointer, not actually used
2396 * @buf: where to get the data from
2397 * @count: bytes sent
2398 * @ppos: where to start - must be 0
2399 *
2400 */
smk_write_load2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2401 static ssize_t smk_write_load2(struct file *file, const char __user *buf,
2402 size_t count, loff_t *ppos)
2403 {
2404 /*
2405 * Must have privilege.
2406 */
2407 if (!smack_privileged(CAP_MAC_ADMIN))
2408 return -EPERM;
2409
2410 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2411 SMK_LONG_FMT);
2412 }
2413
2414 static const struct file_operations smk_load2_ops = {
2415 .open = smk_open_load2,
2416 .read = seq_read,
2417 .llseek = seq_lseek,
2418 .write = smk_write_load2,
2419 .release = seq_release,
2420 };
2421
2422 /*
2423 * Seq_file read operations for /smack/load-self2
2424 */
2425
load_self2_seq_start(struct seq_file * s,loff_t * pos)2426 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
2427 {
2428 struct task_smack *tsp = smack_cred(current_cred());
2429
2430 return smk_seq_start(s, pos, &tsp->smk_rules);
2431 }
2432
load_self2_seq_next(struct seq_file * s,void * v,loff_t * pos)2433 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
2434 {
2435 struct task_smack *tsp = smack_cred(current_cred());
2436
2437 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2438 }
2439
load_self2_seq_show(struct seq_file * s,void * v)2440 static int load_self2_seq_show(struct seq_file *s, void *v)
2441 {
2442 struct list_head *list = v;
2443 struct smack_rule *srp =
2444 list_entry_rcu(list, struct smack_rule, list);
2445
2446 smk_rule_show(s, srp, SMK_LONGLABEL);
2447
2448 return 0;
2449 }
2450
2451 static const struct seq_operations load_self2_seq_ops = {
2452 .start = load_self2_seq_start,
2453 .next = load_self2_seq_next,
2454 .show = load_self2_seq_show,
2455 .stop = smk_seq_stop,
2456 };
2457
2458 /**
2459 * smk_open_load_self2 - open() for /smack/load-self2
2460 * @inode: inode structure representing file
2461 * @file: "load" file pointer
2462 *
2463 * For reading, use load_seq_* seq_file reading operations.
2464 */
smk_open_load_self2(struct inode * inode,struct file * file)2465 static int smk_open_load_self2(struct inode *inode, struct file *file)
2466 {
2467 return seq_open(file, &load_self2_seq_ops);
2468 }
2469
2470 /**
2471 * smk_write_load_self2 - write() for /smack/load-self2
2472 * @file: file pointer, not actually used
2473 * @buf: where to get the data from
2474 * @count: bytes sent
2475 * @ppos: where to start - must be 0
2476 *
2477 */
smk_write_load_self2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2478 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
2479 size_t count, loff_t *ppos)
2480 {
2481 struct task_smack *tsp = smack_cred(current_cred());
2482
2483 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2484 &tsp->smk_rules_lock, SMK_LONG_FMT);
2485 }
2486
2487 static const struct file_operations smk_load_self2_ops = {
2488 .open = smk_open_load_self2,
2489 .read = seq_read,
2490 .llseek = seq_lseek,
2491 .write = smk_write_load_self2,
2492 .release = seq_release,
2493 };
2494
2495 /**
2496 * smk_write_access2 - handle access check transaction
2497 * @file: file pointer
2498 * @buf: data from user space
2499 * @count: bytes sent
2500 * @ppos: where to start - must be 0
2501 */
smk_write_access2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2502 static ssize_t smk_write_access2(struct file *file, const char __user *buf,
2503 size_t count, loff_t *ppos)
2504 {
2505 return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
2506 }
2507
2508 static const struct file_operations smk_access2_ops = {
2509 .write = smk_write_access2,
2510 .read = simple_transaction_read,
2511 .release = simple_transaction_release,
2512 .llseek = generic_file_llseek,
2513 };
2514
2515 /**
2516 * smk_write_revoke_subj - write() for /smack/revoke-subject
2517 * @file: file pointer
2518 * @buf: data from user space
2519 * @count: bytes sent
2520 * @ppos: where to start - must be 0
2521 */
smk_write_revoke_subj(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2522 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
2523 size_t count, loff_t *ppos)
2524 {
2525 char *data;
2526 const char *cp;
2527 struct smack_known *skp;
2528 struct smack_rule *sp;
2529 struct list_head *rule_list;
2530 struct mutex *rule_lock;
2531 int rc = count;
2532
2533 if (*ppos != 0)
2534 return -EINVAL;
2535
2536 if (!smack_privileged(CAP_MAC_ADMIN))
2537 return -EPERM;
2538
2539 if (count == 0 || count > SMK_LONGLABEL)
2540 return -EINVAL;
2541
2542 data = memdup_user(buf, count);
2543 if (IS_ERR(data))
2544 return PTR_ERR(data);
2545
2546 cp = smk_parse_smack(data, count);
2547 if (IS_ERR(cp)) {
2548 rc = PTR_ERR(cp);
2549 goto out_data;
2550 }
2551
2552 skp = smk_find_entry(cp);
2553 if (skp == NULL)
2554 goto out_cp;
2555
2556 rule_list = &skp->smk_rules;
2557 rule_lock = &skp->smk_rules_lock;
2558
2559 mutex_lock(rule_lock);
2560
2561 list_for_each_entry_rcu(sp, rule_list, list)
2562 sp->smk_access = 0;
2563
2564 mutex_unlock(rule_lock);
2565
2566 out_cp:
2567 kfree(cp);
2568 out_data:
2569 kfree(data);
2570
2571 return rc;
2572 }
2573
2574 static const struct file_operations smk_revoke_subj_ops = {
2575 .write = smk_write_revoke_subj,
2576 .read = simple_transaction_read,
2577 .release = simple_transaction_release,
2578 .llseek = generic_file_llseek,
2579 };
2580
2581 /**
2582 * smk_init_sysfs - initialize /sys/fs/smackfs
2583 *
2584 */
smk_init_sysfs(void)2585 static int smk_init_sysfs(void)
2586 {
2587 return sysfs_create_mount_point(fs_kobj, "smackfs");
2588 }
2589
2590 /**
2591 * smk_write_change_rule - write() for /smack/change-rule
2592 * @file: file pointer
2593 * @buf: data from user space
2594 * @count: bytes sent
2595 * @ppos: where to start - must be 0
2596 */
smk_write_change_rule(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2597 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
2598 size_t count, loff_t *ppos)
2599 {
2600 /*
2601 * Must have privilege.
2602 */
2603 if (!smack_privileged(CAP_MAC_ADMIN))
2604 return -EPERM;
2605
2606 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2607 SMK_CHANGE_FMT);
2608 }
2609
2610 static const struct file_operations smk_change_rule_ops = {
2611 .write = smk_write_change_rule,
2612 .read = simple_transaction_read,
2613 .release = simple_transaction_release,
2614 .llseek = generic_file_llseek,
2615 };
2616
2617 /**
2618 * smk_read_syslog - read() for smackfs/syslog
2619 * @filp: file pointer, not actually used
2620 * @buf: where to put the result
2621 * @cn: maximum to send along
2622 * @ppos: where to start
2623 *
2624 * Returns number of bytes read or error code, as appropriate
2625 */
smk_read_syslog(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2626 static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
2627 size_t cn, loff_t *ppos)
2628 {
2629 struct smack_known *skp;
2630 ssize_t rc = -EINVAL;
2631 int asize;
2632
2633 if (*ppos != 0)
2634 return 0;
2635
2636 if (smack_syslog_label == NULL)
2637 skp = &smack_known_star;
2638 else
2639 skp = smack_syslog_label;
2640
2641 asize = strlen(skp->smk_known) + 1;
2642
2643 if (cn >= asize)
2644 rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
2645 asize);
2646
2647 return rc;
2648 }
2649
2650 /**
2651 * smk_write_syslog - write() for smackfs/syslog
2652 * @file: file pointer, not actually used
2653 * @buf: where to get the data from
2654 * @count: bytes sent
2655 * @ppos: where to start
2656 *
2657 * Returns number of bytes written or error code, as appropriate
2658 */
smk_write_syslog(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2659 static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
2660 size_t count, loff_t *ppos)
2661 {
2662 char *data;
2663 struct smack_known *skp;
2664 int rc = count;
2665
2666 if (!smack_privileged(CAP_MAC_ADMIN))
2667 return -EPERM;
2668
2669 /* Enough data must be present */
2670 if (count == 0 || count > PAGE_SIZE)
2671 return -EINVAL;
2672
2673 data = memdup_user_nul(buf, count);
2674 if (IS_ERR(data))
2675 return PTR_ERR(data);
2676
2677 skp = smk_import_entry(data, count);
2678 if (IS_ERR(skp))
2679 rc = PTR_ERR(skp);
2680 else
2681 smack_syslog_label = skp;
2682
2683 kfree(data);
2684 return rc;
2685 }
2686
2687 static const struct file_operations smk_syslog_ops = {
2688 .read = smk_read_syslog,
2689 .write = smk_write_syslog,
2690 .llseek = default_llseek,
2691 };
2692
2693 /*
2694 * Seq_file read operations for /smack/relabel-self
2695 */
2696
relabel_self_seq_start(struct seq_file * s,loff_t * pos)2697 static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos)
2698 {
2699 struct task_smack *tsp = smack_cred(current_cred());
2700
2701 return smk_seq_start(s, pos, &tsp->smk_relabel);
2702 }
2703
relabel_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2704 static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2705 {
2706 struct task_smack *tsp = smack_cred(current_cred());
2707
2708 return smk_seq_next(s, v, pos, &tsp->smk_relabel);
2709 }
2710
relabel_self_seq_show(struct seq_file * s,void * v)2711 static int relabel_self_seq_show(struct seq_file *s, void *v)
2712 {
2713 struct list_head *list = v;
2714 struct smack_known_list_elem *sklep =
2715 list_entry(list, struct smack_known_list_elem, list);
2716
2717 seq_puts(s, sklep->smk_label->smk_known);
2718 seq_putc(s, ' ');
2719
2720 return 0;
2721 }
2722
2723 static const struct seq_operations relabel_self_seq_ops = {
2724 .start = relabel_self_seq_start,
2725 .next = relabel_self_seq_next,
2726 .show = relabel_self_seq_show,
2727 .stop = smk_seq_stop,
2728 };
2729
2730 /**
2731 * smk_open_relabel_self - open() for /smack/relabel-self
2732 * @inode: inode structure representing file
2733 * @file: "relabel-self" file pointer
2734 *
2735 * Connect our relabel_self_seq_* operations with /smack/relabel-self
2736 * file_operations
2737 */
smk_open_relabel_self(struct inode * inode,struct file * file)2738 static int smk_open_relabel_self(struct inode *inode, struct file *file)
2739 {
2740 return seq_open(file, &relabel_self_seq_ops);
2741 }
2742
2743 /**
2744 * smk_write_relabel_self - write() for /smack/relabel-self
2745 * @file: file pointer, not actually used
2746 * @buf: where to get the data from
2747 * @count: bytes sent
2748 * @ppos: where to start - must be 0
2749 *
2750 */
smk_write_relabel_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2751 static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
2752 size_t count, loff_t *ppos)
2753 {
2754 char *data;
2755 int rc;
2756 LIST_HEAD(list_tmp);
2757
2758 /*
2759 * Must have privilege.
2760 */
2761 if (!smack_privileged(CAP_MAC_ADMIN))
2762 return -EPERM;
2763
2764 /*
2765 * No partial write.
2766 * Enough data must be present.
2767 */
2768 if (*ppos != 0)
2769 return -EINVAL;
2770 if (count == 0 || count > PAGE_SIZE)
2771 return -EINVAL;
2772
2773 data = memdup_user_nul(buf, count);
2774 if (IS_ERR(data))
2775 return PTR_ERR(data);
2776
2777 rc = smk_parse_label_list(data, &list_tmp);
2778 kfree(data);
2779
2780 if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2781 struct cred *new;
2782 struct task_smack *tsp;
2783
2784 new = prepare_creds();
2785 if (!new) {
2786 rc = -ENOMEM;
2787 goto out;
2788 }
2789 tsp = smack_cred(new);
2790 smk_destroy_label_list(&tsp->smk_relabel);
2791 list_splice(&list_tmp, &tsp->smk_relabel);
2792 commit_creds(new);
2793 return count;
2794 }
2795 out:
2796 smk_destroy_label_list(&list_tmp);
2797 return rc;
2798 }
2799
2800 static const struct file_operations smk_relabel_self_ops = {
2801 .open = smk_open_relabel_self,
2802 .read = seq_read,
2803 .llseek = seq_lseek,
2804 .write = smk_write_relabel_self,
2805 .release = seq_release,
2806 };
2807
2808 /**
2809 * smk_read_ptrace - read() for /smack/ptrace
2810 * @filp: file pointer, not actually used
2811 * @buf: where to put the result
2812 * @count: maximum to send along
2813 * @ppos: where to start
2814 *
2815 * Returns number of bytes read or error code, as appropriate
2816 */
smk_read_ptrace(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2817 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf,
2818 size_t count, loff_t *ppos)
2819 {
2820 char temp[32];
2821 ssize_t rc;
2822
2823 if (*ppos != 0)
2824 return 0;
2825
2826 sprintf(temp, "%d\n", smack_ptrace_rule);
2827 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2828 return rc;
2829 }
2830
2831 /**
2832 * smk_write_ptrace - write() for /smack/ptrace
2833 * @file: file pointer
2834 * @buf: data from user space
2835 * @count: bytes sent
2836 * @ppos: where to start - must be 0
2837 */
smk_write_ptrace(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2838 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf,
2839 size_t count, loff_t *ppos)
2840 {
2841 char temp[32];
2842 int i;
2843
2844 if (!smack_privileged(CAP_MAC_ADMIN))
2845 return -EPERM;
2846
2847 if (*ppos != 0 || count >= sizeof(temp) || count == 0)
2848 return -EINVAL;
2849
2850 if (copy_from_user(temp, buf, count) != 0)
2851 return -EFAULT;
2852
2853 temp[count] = '\0';
2854
2855 if (sscanf(temp, "%d", &i) != 1)
2856 return -EINVAL;
2857 if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX)
2858 return -EINVAL;
2859 smack_ptrace_rule = i;
2860
2861 return count;
2862 }
2863
2864 static const struct file_operations smk_ptrace_ops = {
2865 .write = smk_write_ptrace,
2866 .read = smk_read_ptrace,
2867 .llseek = default_llseek,
2868 };
2869
2870 /**
2871 * smk_fill_super - fill the smackfs superblock
2872 * @sb: the empty superblock
2873 * @fc: unused
2874 *
2875 * Fill in the well known entries for the smack filesystem
2876 *
2877 * Returns 0 on success, an error code on failure
2878 */
smk_fill_super(struct super_block * sb,struct fs_context * fc)2879 static int smk_fill_super(struct super_block *sb, struct fs_context *fc)
2880 {
2881 int rc;
2882
2883 static const struct tree_descr smack_files[] = {
2884 [SMK_LOAD] = {
2885 "load", &smk_load_ops, S_IRUGO|S_IWUSR},
2886 [SMK_CIPSO] = {
2887 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2888 [SMK_DOI] = {
2889 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2890 [SMK_DIRECT] = {
2891 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2892 [SMK_AMBIENT] = {
2893 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2894 [SMK_NET4ADDR] = {
2895 "netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR},
2896 [SMK_ONLYCAP] = {
2897 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2898 #ifdef CONFIG_AUDIT
2899 [SMK_LOGGING] = {
2900 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2901 #endif /* CONFIG_AUDIT */
2902 [SMK_LOAD_SELF] = {
2903 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2904 [SMK_ACCESSES] = {
2905 "access", &smk_access_ops, S_IRUGO|S_IWUGO},
2906 [SMK_MAPPED] = {
2907 "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2908 [SMK_LOAD2] = {
2909 "load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2910 [SMK_LOAD_SELF2] = {
2911 "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2912 [SMK_ACCESS2] = {
2913 "access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2914 [SMK_CIPSO2] = {
2915 "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2916 [SMK_REVOKE_SUBJ] = {
2917 "revoke-subject", &smk_revoke_subj_ops,
2918 S_IRUGO|S_IWUSR},
2919 [SMK_CHANGE_RULE] = {
2920 "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
2921 [SMK_SYSLOG] = {
2922 "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
2923 [SMK_PTRACE] = {
2924 "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
2925 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2926 [SMK_UNCONFINED] = {
2927 "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
2928 #endif
2929 #if IS_ENABLED(CONFIG_IPV6)
2930 [SMK_NET6ADDR] = {
2931 "ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR},
2932 #endif /* CONFIG_IPV6 */
2933 [SMK_RELABEL_SELF] = {
2934 "relabel-self", &smk_relabel_self_ops,
2935 S_IRUGO|S_IWUGO},
2936 /* last one */
2937 {""}
2938 };
2939
2940 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2941 if (rc != 0) {
2942 printk(KERN_ERR "%s failed %d while creating inodes\n",
2943 __func__, rc);
2944 return rc;
2945 }
2946
2947 return 0;
2948 }
2949
2950 /**
2951 * smk_get_tree - get the smackfs superblock
2952 * @fc: The mount context, including any options
2953 *
2954 * Just passes everything along.
2955 *
2956 * Returns what the lower level code does.
2957 */
smk_get_tree(struct fs_context * fc)2958 static int smk_get_tree(struct fs_context *fc)
2959 {
2960 return get_tree_single(fc, smk_fill_super);
2961 }
2962
2963 static const struct fs_context_operations smk_context_ops = {
2964 .get_tree = smk_get_tree,
2965 };
2966
2967 /**
2968 * smk_init_fs_context - Initialise a filesystem context for smackfs
2969 * @fc: The blank mount context
2970 */
smk_init_fs_context(struct fs_context * fc)2971 static int smk_init_fs_context(struct fs_context *fc)
2972 {
2973 fc->ops = &smk_context_ops;
2974 return 0;
2975 }
2976
2977 static struct file_system_type smk_fs_type = {
2978 .name = "smackfs",
2979 .init_fs_context = smk_init_fs_context,
2980 .kill_sb = kill_anon_super,
2981 };
2982
2983 static struct vfsmount *smackfs_mount;
2984
2985 /**
2986 * init_smk_fs - get the smackfs superblock
2987 *
2988 * register the smackfs
2989 *
2990 * Do not register smackfs if Smack wasn't enabled
2991 * on boot. We can not put this method normally under the
2992 * smack_init() code path since the security subsystem get
2993 * initialized before the vfs caches.
2994 *
2995 * Returns true if we were not chosen on boot or if
2996 * we were chosen and filesystem registration succeeded.
2997 */
init_smk_fs(void)2998 int __init init_smk_fs(void)
2999 {
3000 int err;
3001 int rc;
3002 struct netlbl_audit nai;
3003
3004 if (smack_enabled == 0)
3005 return 0;
3006
3007 err = smk_init_sysfs();
3008 if (err)
3009 printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
3010
3011 err = register_filesystem(&smk_fs_type);
3012 if (!err) {
3013 smackfs_mount = kern_mount(&smk_fs_type);
3014 if (IS_ERR(smackfs_mount)) {
3015 printk(KERN_ERR "smackfs: could not mount!\n");
3016 err = PTR_ERR(smackfs_mount);
3017 smackfs_mount = NULL;
3018 }
3019 }
3020
3021 smk_netlabel_audit_set(&nai);
3022 (void) netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
3023 (void) smk_cipso_doi(SMACK_CIPSO_DOI_DEFAULT,
3024 GFP_KERNEL | __GFP_NOFAIL);
3025 smk_unlbl_ambient(NULL);
3026
3027 rc = smack_populate_secattr(&smack_known_floor);
3028 if (err == 0 && rc < 0)
3029 err = rc;
3030 rc = smack_populate_secattr(&smack_known_hat);
3031 if (err == 0 && rc < 0)
3032 err = rc;
3033 rc = smack_populate_secattr(&smack_known_huh);
3034 if (err == 0 && rc < 0)
3035 err = rc;
3036 rc = smack_populate_secattr(&smack_known_star);
3037 if (err == 0 && rc < 0)
3038 err = rc;
3039 rc = smack_populate_secattr(&smack_known_web);
3040 if (err == 0 && rc < 0)
3041 err = rc;
3042
3043 return err;
3044 }
3045