1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Simplified MAC Kernel (smack) security module 4 * 5 * This file contains the smack hook function implementations. 6 * 7 * Authors: 8 * Casey Schaufler <casey@schaufler-ca.com> 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 10 * 11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 13 * Paul Moore <paul@paul-moore.com> 14 * Copyright (C) 2010 Nokia Corporation 15 * Copyright (C) 2011 Intel Corporation. 16 */ 17 18#include <linux/xattr.h> 19#include <linux/pagemap.h> 20#include <linux/mount.h> 21#include <linux/stat.h> 22#include <linux/kd.h> 23#include <asm/ioctls.h> 24#include <linux/ip.h> 25#include <linux/tcp.h> 26#include <linux/udp.h> 27#include <linux/dccp.h> 28#include <linux/icmpv6.h> 29#include <linux/slab.h> 30#include <linux/mutex.h> 31#include <net/cipso_ipv4.h> 32#include <net/ip.h> 33#include <net/ipv6.h> 34#include <linux/audit.h> 35#include <linux/magic.h> 36#include <linux/dcache.h> 37#include <linux/personality.h> 38#include <linux/msg.h> 39#include <linux/shm.h> 40#include <linux/binfmts.h> 41#include <linux/parser.h> 42#include <linux/fs_context.h> 43#include <linux/fs_parser.h> 44#include <linux/watch_queue.h> 45#include "smack.h" 46 47#define TRANS_TRUE "TRUE" 48#define TRANS_TRUE_SIZE 4 49 50#define SMK_CONNECTING 0 51#define SMK_RECEIVING 1 52#define SMK_SENDING 2 53 54static DEFINE_MUTEX(smack_ipv6_lock); 55static LIST_HEAD(smk_ipv6_port_list); 56struct kmem_cache *smack_rule_cache; 57int smack_enabled; 58 59#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} 60static struct { 61 const char *name; 62 int len; 63 int opt; 64} smk_mount_opts[] = { 65 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, 66 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) 67}; 68#undef A 69 70static int match_opt_prefix(char *s, int l, char **arg) 71{ 72 int i; 73 74 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) { 75 size_t len = smk_mount_opts[i].len; 76 if (len > l || memcmp(s, smk_mount_opts[i].name, len)) 77 continue; 78 if (len == l || s[len] != '=') 79 continue; 80 *arg = s + len + 1; 81 return smk_mount_opts[i].opt; 82 } 83 return Opt_error; 84} 85 86#ifdef CONFIG_SECURITY_SMACK_BRINGUP 87static char *smk_bu_mess[] = { 88 "Bringup Error", /* Unused */ 89 "Bringup", /* SMACK_BRINGUP_ALLOW */ 90 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 91 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 92}; 93 94static void smk_bu_mode(int mode, char *s) 95{ 96 int i = 0; 97 98 if (mode & MAY_READ) 99 s[i++] = 'r'; 100 if (mode & MAY_WRITE) 101 s[i++] = 'w'; 102 if (mode & MAY_EXEC) 103 s[i++] = 'x'; 104 if (mode & MAY_APPEND) 105 s[i++] = 'a'; 106 if (mode & MAY_TRANSMUTE) 107 s[i++] = 't'; 108 if (mode & MAY_LOCK) 109 s[i++] = 'l'; 110 if (i == 0) 111 s[i++] = '-'; 112 s[i] = '\0'; 113} 114#endif 115 116#ifdef CONFIG_SECURITY_SMACK_BRINGUP 117static int smk_bu_note(char *note, struct smack_known *sskp, 118 struct smack_known *oskp, int mode, int rc) 119{ 120 char acc[SMK_NUM_ACCESS_TYPE + 1]; 121 122 if (rc <= 0) 123 return rc; 124 if (rc > SMACK_UNCONFINED_OBJECT) 125 rc = 0; 126 127 smk_bu_mode(mode, acc); 128 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 129 sskp->smk_known, oskp->smk_known, acc, note); 130 return 0; 131} 132#else 133#define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 134#endif 135 136#ifdef CONFIG_SECURITY_SMACK_BRINGUP 137static int smk_bu_current(char *note, struct smack_known *oskp, 138 int mode, int rc) 139{ 140 struct task_smack *tsp = smack_cred(current_cred()); 141 char acc[SMK_NUM_ACCESS_TYPE + 1]; 142 143 if (rc <= 0) 144 return rc; 145 if (rc > SMACK_UNCONFINED_OBJECT) 146 rc = 0; 147 148 smk_bu_mode(mode, acc); 149 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 150 tsp->smk_task->smk_known, oskp->smk_known, 151 acc, current->comm, note); 152 return 0; 153} 154#else 155#define smk_bu_current(note, oskp, mode, RC) (RC) 156#endif 157 158#ifdef CONFIG_SECURITY_SMACK_BRINGUP 159static int smk_bu_task(struct task_struct *otp, int mode, int rc) 160{ 161 struct task_smack *tsp = smack_cred(current_cred()); 162 struct smack_known *smk_task = smk_of_task_struct(otp); 163 char acc[SMK_NUM_ACCESS_TYPE + 1]; 164 165 if (rc <= 0) 166 return rc; 167 if (rc > SMACK_UNCONFINED_OBJECT) 168 rc = 0; 169 170 smk_bu_mode(mode, acc); 171 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 172 tsp->smk_task->smk_known, smk_task->smk_known, acc, 173 current->comm, otp->comm); 174 return 0; 175} 176#else 177#define smk_bu_task(otp, mode, RC) (RC) 178#endif 179 180#ifdef CONFIG_SECURITY_SMACK_BRINGUP 181static int smk_bu_inode(struct inode *inode, int mode, int rc) 182{ 183 struct task_smack *tsp = smack_cred(current_cred()); 184 struct inode_smack *isp = smack_inode(inode); 185 char acc[SMK_NUM_ACCESS_TYPE + 1]; 186 187 if (isp->smk_flags & SMK_INODE_IMPURE) 188 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 189 inode->i_sb->s_id, inode->i_ino, current->comm); 190 191 if (rc <= 0) 192 return rc; 193 if (rc > SMACK_UNCONFINED_OBJECT) 194 rc = 0; 195 if (rc == SMACK_UNCONFINED_SUBJECT && 196 (mode & (MAY_WRITE | MAY_APPEND))) 197 isp->smk_flags |= SMK_INODE_IMPURE; 198 199 smk_bu_mode(mode, acc); 200 201 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 202 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 203 inode->i_sb->s_id, inode->i_ino, current->comm); 204 return 0; 205} 206#else 207#define smk_bu_inode(inode, mode, RC) (RC) 208#endif 209 210#ifdef CONFIG_SECURITY_SMACK_BRINGUP 211static int smk_bu_file(struct file *file, int mode, int rc) 212{ 213 struct task_smack *tsp = smack_cred(current_cred()); 214 struct smack_known *sskp = tsp->smk_task; 215 struct inode *inode = file_inode(file); 216 struct inode_smack *isp = smack_inode(inode); 217 char acc[SMK_NUM_ACCESS_TYPE + 1]; 218 219 if (isp->smk_flags & SMK_INODE_IMPURE) 220 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 221 inode->i_sb->s_id, inode->i_ino, current->comm); 222 223 if (rc <= 0) 224 return rc; 225 if (rc > SMACK_UNCONFINED_OBJECT) 226 rc = 0; 227 228 smk_bu_mode(mode, acc); 229 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 230 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 231 inode->i_sb->s_id, inode->i_ino, file, 232 current->comm); 233 return 0; 234} 235#else 236#define smk_bu_file(file, mode, RC) (RC) 237#endif 238 239#ifdef CONFIG_SECURITY_SMACK_BRINGUP 240static int smk_bu_credfile(const struct cred *cred, struct file *file, 241 int mode, int rc) 242{ 243 struct task_smack *tsp = smack_cred(cred); 244 struct smack_known *sskp = tsp->smk_task; 245 struct inode *inode = file_inode(file); 246 struct inode_smack *isp = smack_inode(inode); 247 char acc[SMK_NUM_ACCESS_TYPE + 1]; 248 249 if (isp->smk_flags & SMK_INODE_IMPURE) 250 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 251 inode->i_sb->s_id, inode->i_ino, current->comm); 252 253 if (rc <= 0) 254 return rc; 255 if (rc > SMACK_UNCONFINED_OBJECT) 256 rc = 0; 257 258 smk_bu_mode(mode, acc); 259 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 260 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 261 inode->i_sb->s_id, inode->i_ino, file, 262 current->comm); 263 return 0; 264} 265#else 266#define smk_bu_credfile(cred, file, mode, RC) (RC) 267#endif 268 269/** 270 * smk_fetch - Fetch the smack label from a file. 271 * @name: type of the label (attribute) 272 * @ip: a pointer to the inode 273 * @dp: a pointer to the dentry 274 * 275 * Returns a pointer to the master list entry for the Smack label, 276 * NULL if there was no label to fetch, or an error code. 277 */ 278static struct smack_known *smk_fetch(const char *name, struct inode *ip, 279 struct dentry *dp) 280{ 281 int rc; 282 char *buffer; 283 struct smack_known *skp = NULL; 284 285 if (!(ip->i_opflags & IOP_XATTR)) 286 return ERR_PTR(-EOPNOTSUPP); 287 288 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); 289 if (buffer == NULL) 290 return ERR_PTR(-ENOMEM); 291 292 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL); 293 if (rc < 0) 294 skp = ERR_PTR(rc); 295 else if (rc == 0) 296 skp = NULL; 297 else 298 skp = smk_import_entry(buffer, rc); 299 300 kfree(buffer); 301 302 return skp; 303} 304 305/** 306 * init_inode_smack - initialize an inode security blob 307 * @inode: inode to extract the info from 308 * @skp: a pointer to the Smack label entry to use in the blob 309 * 310 */ 311static void init_inode_smack(struct inode *inode, struct smack_known *skp) 312{ 313 struct inode_smack *isp = smack_inode(inode); 314 315 isp->smk_inode = skp; 316 isp->smk_flags = 0; 317} 318 319/** 320 * init_task_smack - initialize a task security blob 321 * @tsp: blob to initialize 322 * @task: a pointer to the Smack label for the running task 323 * @forked: a pointer to the Smack label for the forked task 324 * 325 */ 326static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 327 struct smack_known *forked) 328{ 329 tsp->smk_task = task; 330 tsp->smk_forked = forked; 331 INIT_LIST_HEAD(&tsp->smk_rules); 332 INIT_LIST_HEAD(&tsp->smk_relabel); 333 mutex_init(&tsp->smk_rules_lock); 334} 335 336/** 337 * smk_copy_rules - copy a rule set 338 * @nhead: new rules header pointer 339 * @ohead: old rules header pointer 340 * @gfp: type of the memory for the allocation 341 * 342 * Returns 0 on success, -ENOMEM on error 343 */ 344static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 345 gfp_t gfp) 346{ 347 struct smack_rule *nrp; 348 struct smack_rule *orp; 349 int rc = 0; 350 351 list_for_each_entry_rcu(orp, ohead, list) { 352 nrp = kmem_cache_zalloc(smack_rule_cache, gfp); 353 if (nrp == NULL) { 354 rc = -ENOMEM; 355 break; 356 } 357 *nrp = *orp; 358 list_add_rcu(&nrp->list, nhead); 359 } 360 return rc; 361} 362 363/** 364 * smk_copy_relabel - copy smk_relabel labels list 365 * @nhead: new rules header pointer 366 * @ohead: old rules header pointer 367 * @gfp: type of the memory for the allocation 368 * 369 * Returns 0 on success, -ENOMEM on error 370 */ 371static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, 372 gfp_t gfp) 373{ 374 struct smack_known_list_elem *nklep; 375 struct smack_known_list_elem *oklep; 376 377 list_for_each_entry(oklep, ohead, list) { 378 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); 379 if (nklep == NULL) { 380 smk_destroy_label_list(nhead); 381 return -ENOMEM; 382 } 383 nklep->smk_label = oklep->smk_label; 384 list_add(&nklep->list, nhead); 385 } 386 387 return 0; 388} 389 390/** 391 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 392 * @mode - input mode in form of PTRACE_MODE_* 393 * 394 * Returns a converted MAY_* mode usable by smack rules 395 */ 396static inline unsigned int smk_ptrace_mode(unsigned int mode) 397{ 398 if (mode & PTRACE_MODE_ATTACH) 399 return MAY_READWRITE; 400 if (mode & PTRACE_MODE_READ) 401 return MAY_READ; 402 403 return 0; 404} 405 406/** 407 * smk_ptrace_rule_check - helper for ptrace access 408 * @tracer: tracer process 409 * @tracee_known: label entry of the process that's about to be traced 410 * @mode: ptrace attachment mode (PTRACE_MODE_*) 411 * @func: name of the function that called us, used for audit 412 * 413 * Returns 0 on access granted, -error on error 414 */ 415static int smk_ptrace_rule_check(struct task_struct *tracer, 416 struct smack_known *tracee_known, 417 unsigned int mode, const char *func) 418{ 419 int rc; 420 struct smk_audit_info ad, *saip = NULL; 421 struct task_smack *tsp; 422 struct smack_known *tracer_known; 423 const struct cred *tracercred; 424 425 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 426 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 427 smk_ad_setfield_u_tsk(&ad, tracer); 428 saip = &ad; 429 } 430 431 rcu_read_lock(); 432 tracercred = __task_cred(tracer); 433 tsp = smack_cred(tracercred); 434 tracer_known = smk_of_task(tsp); 435 436 if ((mode & PTRACE_MODE_ATTACH) && 437 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 438 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 439 if (tracer_known->smk_known == tracee_known->smk_known) 440 rc = 0; 441 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 442 rc = -EACCES; 443 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) 444 rc = 0; 445 else 446 rc = -EACCES; 447 448 if (saip) 449 smack_log(tracer_known->smk_known, 450 tracee_known->smk_known, 451 0, rc, saip); 452 453 rcu_read_unlock(); 454 return rc; 455 } 456 457 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 458 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 459 460 rcu_read_unlock(); 461 return rc; 462} 463 464/* 465 * LSM hooks. 466 * We he, that is fun! 467 */ 468 469/** 470 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 471 * @ctp: child task pointer 472 * @mode: ptrace attachment mode (PTRACE_MODE_*) 473 * 474 * Returns 0 if access is OK, an error code otherwise 475 * 476 * Do the capability checks. 477 */ 478static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 479{ 480 struct smack_known *skp; 481 482 skp = smk_of_task_struct(ctp); 483 484 return smk_ptrace_rule_check(current, skp, mode, __func__); 485} 486 487/** 488 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 489 * @ptp: parent task pointer 490 * 491 * Returns 0 if access is OK, an error code otherwise 492 * 493 * Do the capability checks, and require PTRACE_MODE_ATTACH. 494 */ 495static int smack_ptrace_traceme(struct task_struct *ptp) 496{ 497 int rc; 498 struct smack_known *skp; 499 500 skp = smk_of_task(smack_cred(current_cred())); 501 502 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 503 return rc; 504} 505 506/** 507 * smack_syslog - Smack approval on syslog 508 * @typefrom_file: unused 509 * 510 * Returns 0 on success, error code otherwise. 511 */ 512static int smack_syslog(int typefrom_file) 513{ 514 int rc = 0; 515 struct smack_known *skp = smk_of_current(); 516 517 if (smack_privileged(CAP_MAC_OVERRIDE)) 518 return 0; 519 520 if (smack_syslog_label != NULL && smack_syslog_label != skp) 521 rc = -EACCES; 522 523 return rc; 524} 525 526/* 527 * Superblock Hooks. 528 */ 529 530/** 531 * smack_sb_alloc_security - allocate a superblock blob 532 * @sb: the superblock getting the blob 533 * 534 * Returns 0 on success or -ENOMEM on error. 535 */ 536static int smack_sb_alloc_security(struct super_block *sb) 537{ 538 struct superblock_smack *sbsp; 539 540 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 541 542 if (sbsp == NULL) 543 return -ENOMEM; 544 545 sbsp->smk_root = &smack_known_floor; 546 sbsp->smk_default = &smack_known_floor; 547 sbsp->smk_floor = &smack_known_floor; 548 sbsp->smk_hat = &smack_known_hat; 549 /* 550 * SMK_SB_INITIALIZED will be zero from kzalloc. 551 */ 552 sb->s_security = sbsp; 553 554 return 0; 555} 556 557/** 558 * smack_sb_free_security - free a superblock blob 559 * @sb: the superblock getting the blob 560 * 561 */ 562static void smack_sb_free_security(struct super_block *sb) 563{ 564 kfree(sb->s_security); 565 sb->s_security = NULL; 566} 567 568struct smack_mnt_opts { 569 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; 570}; 571 572static void smack_free_mnt_opts(void *mnt_opts) 573{ 574 struct smack_mnt_opts *opts = mnt_opts; 575 kfree(opts->fsdefault); 576 kfree(opts->fsfloor); 577 kfree(opts->fshat); 578 kfree(opts->fsroot); 579 kfree(opts->fstransmute); 580 kfree(opts); 581} 582 583static int smack_add_opt(int token, const char *s, void **mnt_opts) 584{ 585 struct smack_mnt_opts *opts = *mnt_opts; 586 587 if (!opts) { 588 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 589 if (!opts) 590 return -ENOMEM; 591 *mnt_opts = opts; 592 } 593 if (!s) 594 return -ENOMEM; 595 596 switch (token) { 597 case Opt_fsdefault: 598 if (opts->fsdefault) 599 goto out_opt_err; 600 opts->fsdefault = s; 601 break; 602 case Opt_fsfloor: 603 if (opts->fsfloor) 604 goto out_opt_err; 605 opts->fsfloor = s; 606 break; 607 case Opt_fshat: 608 if (opts->fshat) 609 goto out_opt_err; 610 opts->fshat = s; 611 break; 612 case Opt_fsroot: 613 if (opts->fsroot) 614 goto out_opt_err; 615 opts->fsroot = s; 616 break; 617 case Opt_fstransmute: 618 if (opts->fstransmute) 619 goto out_opt_err; 620 opts->fstransmute = s; 621 break; 622 } 623 return 0; 624 625out_opt_err: 626 pr_warn("Smack: duplicate mount options\n"); 627 return -EINVAL; 628} 629 630/** 631 * smack_fs_context_dup - Duplicate the security data on fs_context duplication 632 * @fc: The new filesystem context. 633 * @src_fc: The source filesystem context being duplicated. 634 * 635 * Returns 0 on success or -ENOMEM on error. 636 */ 637static int smack_fs_context_dup(struct fs_context *fc, 638 struct fs_context *src_fc) 639{ 640 struct smack_mnt_opts *dst, *src = src_fc->security; 641 642 if (!src) 643 return 0; 644 645 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); 646 if (!fc->security) 647 return -ENOMEM; 648 dst = fc->security; 649 650 if (src->fsdefault) { 651 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); 652 if (!dst->fsdefault) 653 return -ENOMEM; 654 } 655 if (src->fsfloor) { 656 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL); 657 if (!dst->fsfloor) 658 return -ENOMEM; 659 } 660 if (src->fshat) { 661 dst->fshat = kstrdup(src->fshat, GFP_KERNEL); 662 if (!dst->fshat) 663 return -ENOMEM; 664 } 665 if (src->fsroot) { 666 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL); 667 if (!dst->fsroot) 668 return -ENOMEM; 669 } 670 if (src->fstransmute) { 671 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL); 672 if (!dst->fstransmute) 673 return -ENOMEM; 674 } 675 return 0; 676} 677 678static const struct fs_parameter_spec smack_fs_parameters[] = { 679 fsparam_string("smackfsdef", Opt_fsdefault), 680 fsparam_string("smackfsdefault", Opt_fsdefault), 681 fsparam_string("smackfsfloor", Opt_fsfloor), 682 fsparam_string("smackfshat", Opt_fshat), 683 fsparam_string("smackfsroot", Opt_fsroot), 684 fsparam_string("smackfstransmute", Opt_fstransmute), 685 {} 686}; 687 688/** 689 * smack_fs_context_parse_param - Parse a single mount parameter 690 * @fc: The new filesystem context being constructed. 691 * @param: The parameter. 692 * 693 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on 694 * error. 695 */ 696static int smack_fs_context_parse_param(struct fs_context *fc, 697 struct fs_parameter *param) 698{ 699 struct fs_parse_result result; 700 int opt, rc; 701 702 opt = fs_parse(fc, smack_fs_parameters, param, &result); 703 if (opt < 0) 704 return opt; 705 706 rc = smack_add_opt(opt, param->string, &fc->security); 707 if (!rc) 708 param->string = NULL; 709 return rc; 710} 711 712static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 713{ 714 char *from = options, *to = options; 715 bool first = true; 716 717 while (1) { 718 char *next = strchr(from, ','); 719 int token, len, rc; 720 char *arg = NULL; 721 722 if (next) 723 len = next - from; 724 else 725 len = strlen(from); 726 727 token = match_opt_prefix(from, len, &arg); 728 if (token != Opt_error) { 729 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); 730 rc = smack_add_opt(token, arg, mnt_opts); 731 if (unlikely(rc)) { 732 kfree(arg); 733 if (*mnt_opts) 734 smack_free_mnt_opts(*mnt_opts); 735 *mnt_opts = NULL; 736 return rc; 737 } 738 } else { 739 if (!first) { // copy with preceding comma 740 from--; 741 len++; 742 } 743 if (to != from) 744 memmove(to, from, len); 745 to += len; 746 first = false; 747 } 748 if (!from[len]) 749 break; 750 from += len + 1; 751 } 752 *to = '\0'; 753 return 0; 754} 755 756/** 757 * smack_set_mnt_opts - set Smack specific mount options 758 * @sb: the file system superblock 759 * @mnt_opts: Smack mount options 760 * @kern_flags: mount option from kernel space or user space 761 * @set_kern_flags: where to store converted mount opts 762 * 763 * Returns 0 on success, an error code on failure 764 * 765 * Allow filesystems with binary mount data to explicitly set Smack mount 766 * labels. 767 */ 768static int smack_set_mnt_opts(struct super_block *sb, 769 void *mnt_opts, 770 unsigned long kern_flags, 771 unsigned long *set_kern_flags) 772{ 773 struct dentry *root = sb->s_root; 774 struct inode *inode = d_backing_inode(root); 775 struct superblock_smack *sp = sb->s_security; 776 struct inode_smack *isp; 777 struct smack_known *skp; 778 struct smack_mnt_opts *opts = mnt_opts; 779 bool transmute = false; 780 781 if (sp->smk_flags & SMK_SB_INITIALIZED) 782 return 0; 783 784 if (inode->i_security == NULL) { 785 int rc = lsm_inode_alloc(inode); 786 787 if (rc) 788 return rc; 789 } 790 791 if (!smack_privileged(CAP_MAC_ADMIN)) { 792 /* 793 * Unprivileged mounts don't get to specify Smack values. 794 */ 795 if (opts) 796 return -EPERM; 797 /* 798 * Unprivileged mounts get root and default from the caller. 799 */ 800 skp = smk_of_current(); 801 sp->smk_root = skp; 802 sp->smk_default = skp; 803 /* 804 * For a handful of fs types with no user-controlled 805 * backing store it's okay to trust security labels 806 * in the filesystem. The rest are untrusted. 807 */ 808 if (sb->s_user_ns != &init_user_ns && 809 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC && 810 sb->s_magic != RAMFS_MAGIC) { 811 transmute = true; 812 sp->smk_flags |= SMK_SB_UNTRUSTED; 813 } 814 } 815 816 sp->smk_flags |= SMK_SB_INITIALIZED; 817 818 if (opts) { 819 if (opts->fsdefault) { 820 skp = smk_import_entry(opts->fsdefault, 0); 821 if (IS_ERR(skp)) 822 return PTR_ERR(skp); 823 sp->smk_default = skp; 824 } 825 if (opts->fsfloor) { 826 skp = smk_import_entry(opts->fsfloor, 0); 827 if (IS_ERR(skp)) 828 return PTR_ERR(skp); 829 sp->smk_floor = skp; 830 } 831 if (opts->fshat) { 832 skp = smk_import_entry(opts->fshat, 0); 833 if (IS_ERR(skp)) 834 return PTR_ERR(skp); 835 sp->smk_hat = skp; 836 } 837 if (opts->fsroot) { 838 skp = smk_import_entry(opts->fsroot, 0); 839 if (IS_ERR(skp)) 840 return PTR_ERR(skp); 841 sp->smk_root = skp; 842 } 843 if (opts->fstransmute) { 844 skp = smk_import_entry(opts->fstransmute, 0); 845 if (IS_ERR(skp)) 846 return PTR_ERR(skp); 847 sp->smk_root = skp; 848 transmute = true; 849 } 850 } 851 852 /* 853 * Initialize the root inode. 854 */ 855 init_inode_smack(inode, sp->smk_root); 856 857 if (transmute) { 858 isp = smack_inode(inode); 859 isp->smk_flags |= SMK_INODE_TRANSMUTE; 860 } 861 862 return 0; 863} 864 865/** 866 * smack_sb_statfs - Smack check on statfs 867 * @dentry: identifies the file system in question 868 * 869 * Returns 0 if current can read the floor of the filesystem, 870 * and error code otherwise 871 */ 872static int smack_sb_statfs(struct dentry *dentry) 873{ 874 struct superblock_smack *sbp = dentry->d_sb->s_security; 875 int rc; 876 struct smk_audit_info ad; 877 878 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 879 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 880 881 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 882 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 883 return rc; 884} 885 886/* 887 * BPRM hooks 888 */ 889 890/** 891 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec 892 * @bprm: the exec information 893 * 894 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 895 */ 896static int smack_bprm_creds_for_exec(struct linux_binprm *bprm) 897{ 898 struct inode *inode = file_inode(bprm->file); 899 struct task_smack *bsp = smack_cred(bprm->cred); 900 struct inode_smack *isp; 901 struct superblock_smack *sbsp; 902 int rc; 903 904 isp = smack_inode(inode); 905 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 906 return 0; 907 908 sbsp = inode->i_sb->s_security; 909 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) && 910 isp->smk_task != sbsp->smk_root) 911 return 0; 912 913 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 914 struct task_struct *tracer; 915 rc = 0; 916 917 rcu_read_lock(); 918 tracer = ptrace_parent(current); 919 if (likely(tracer != NULL)) 920 rc = smk_ptrace_rule_check(tracer, 921 isp->smk_task, 922 PTRACE_MODE_ATTACH, 923 __func__); 924 rcu_read_unlock(); 925 926 if (rc != 0) 927 return rc; 928 } 929 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) 930 return -EPERM; 931 932 bsp->smk_task = isp->smk_task; 933 bprm->per_clear |= PER_CLEAR_ON_SETID; 934 935 /* Decide if this is a secure exec. */ 936 if (bsp->smk_task != bsp->smk_forked) 937 bprm->secureexec = 1; 938 939 return 0; 940} 941 942/* 943 * Inode hooks 944 */ 945 946/** 947 * smack_inode_alloc_security - allocate an inode blob 948 * @inode: the inode in need of a blob 949 * 950 * Returns 0 951 */ 952static int smack_inode_alloc_security(struct inode *inode) 953{ 954 struct smack_known *skp = smk_of_current(); 955 956 init_inode_smack(inode, skp); 957 return 0; 958} 959 960/** 961 * smack_inode_init_security - copy out the smack from an inode 962 * @inode: the newly created inode 963 * @dir: containing directory object 964 * @qstr: unused 965 * @name: where to put the attribute name 966 * @value: where to put the attribute value 967 * @len: where to put the length of the attribute 968 * 969 * Returns 0 if it all works out, -ENOMEM if there's no memory 970 */ 971static int smack_inode_init_security(struct inode *inode, struct inode *dir, 972 const struct qstr *qstr, const char **name, 973 void **value, size_t *len) 974{ 975 struct task_smack *tsp = smack_cred(current_cred()); 976 struct inode_smack *issp = smack_inode(inode); 977 struct smack_known *skp = smk_of_task(tsp); 978 struct smack_known *isp = smk_of_inode(inode); 979 struct smack_known *dsp = smk_of_inode(dir); 980 int may; 981 982 if (name) 983 *name = XATTR_SMACK_SUFFIX; 984 985 if (value && len) { 986 /* 987 * If equal, transmuting already occurred in 988 * smack_dentry_create_files_as(). No need to check again. 989 */ 990 if (tsp->smk_task != tsp->smk_transmuted) { 991 rcu_read_lock(); 992 may = smk_access_entry(skp->smk_known, dsp->smk_known, 993 &skp->smk_rules); 994 rcu_read_unlock(); 995 } 996 997 /* 998 * In addition to having smk_task equal to smk_transmuted, 999 * if the access rule allows transmutation and the directory 1000 * requests transmutation then by all means transmute. 1001 * Mark the inode as changed. 1002 */ 1003 if ((tsp->smk_task == tsp->smk_transmuted) || 1004 (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 1005 smk_inode_transmutable(dir))) { 1006 /* 1007 * The caller of smack_dentry_create_files_as() 1008 * should have overridden the current cred, so the 1009 * inode label was already set correctly in 1010 * smack_inode_alloc_security(). 1011 */ 1012 if (tsp->smk_task != tsp->smk_transmuted) 1013 isp = dsp; 1014 issp->smk_flags |= SMK_INODE_CHANGED; 1015 } 1016 1017 *value = kstrdup(isp->smk_known, GFP_NOFS); 1018 if (*value == NULL) 1019 return -ENOMEM; 1020 1021 *len = strlen(isp->smk_known); 1022 } 1023 1024 return 0; 1025} 1026 1027/** 1028 * smack_inode_link - Smack check on link 1029 * @old_dentry: the existing object 1030 * @dir: unused 1031 * @new_dentry: the new object 1032 * 1033 * Returns 0 if access is permitted, an error code otherwise 1034 */ 1035static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 1036 struct dentry *new_dentry) 1037{ 1038 struct smack_known *isp; 1039 struct smk_audit_info ad; 1040 int rc; 1041 1042 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1043 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1044 1045 isp = smk_of_inode(d_backing_inode(old_dentry)); 1046 rc = smk_curacc(isp, MAY_WRITE, &ad); 1047 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 1048 1049 if (rc == 0 && d_is_positive(new_dentry)) { 1050 isp = smk_of_inode(d_backing_inode(new_dentry)); 1051 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1052 rc = smk_curacc(isp, MAY_WRITE, &ad); 1053 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 1054 } 1055 1056 return rc; 1057} 1058 1059/** 1060 * smack_inode_unlink - Smack check on inode deletion 1061 * @dir: containing directory object 1062 * @dentry: file to unlink 1063 * 1064 * Returns 0 if current can write the containing directory 1065 * and the object, error code otherwise 1066 */ 1067static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 1068{ 1069 struct inode *ip = d_backing_inode(dentry); 1070 struct smk_audit_info ad; 1071 int rc; 1072 1073 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1074 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1075 1076 /* 1077 * You need write access to the thing you're unlinking 1078 */ 1079 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 1080 rc = smk_bu_inode(ip, MAY_WRITE, rc); 1081 if (rc == 0) { 1082 /* 1083 * You also need write access to the containing directory 1084 */ 1085 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1086 smk_ad_setfield_u_fs_inode(&ad, dir); 1087 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1088 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1089 } 1090 return rc; 1091} 1092 1093/** 1094 * smack_inode_rmdir - Smack check on directory deletion 1095 * @dir: containing directory object 1096 * @dentry: directory to unlink 1097 * 1098 * Returns 0 if current can write the containing directory 1099 * and the directory, error code otherwise 1100 */ 1101static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 1102{ 1103 struct smk_audit_info ad; 1104 int rc; 1105 1106 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1107 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1108 1109 /* 1110 * You need write access to the thing you're removing 1111 */ 1112 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1113 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1114 if (rc == 0) { 1115 /* 1116 * You also need write access to the containing directory 1117 */ 1118 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1119 smk_ad_setfield_u_fs_inode(&ad, dir); 1120 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 1121 rc = smk_bu_inode(dir, MAY_WRITE, rc); 1122 } 1123 1124 return rc; 1125} 1126 1127/** 1128 * smack_inode_rename - Smack check on rename 1129 * @old_inode: unused 1130 * @old_dentry: the old object 1131 * @new_inode: unused 1132 * @new_dentry: the new object 1133 * 1134 * Read and write access is required on both the old and 1135 * new directories. 1136 * 1137 * Returns 0 if access is permitted, an error code otherwise 1138 */ 1139static int smack_inode_rename(struct inode *old_inode, 1140 struct dentry *old_dentry, 1141 struct inode *new_inode, 1142 struct dentry *new_dentry) 1143{ 1144 int rc; 1145 struct smack_known *isp; 1146 struct smk_audit_info ad; 1147 1148 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1149 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 1150 1151 isp = smk_of_inode(d_backing_inode(old_dentry)); 1152 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1153 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 1154 1155 if (rc == 0 && d_is_positive(new_dentry)) { 1156 isp = smk_of_inode(d_backing_inode(new_dentry)); 1157 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1158 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1159 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1160 } 1161 return rc; 1162} 1163 1164/** 1165 * smack_inode_permission - Smack version of permission() 1166 * @inode: the inode in question 1167 * @mask: the access requested 1168 * 1169 * This is the important Smack hook. 1170 * 1171 * Returns 0 if access is permitted, an error code otherwise 1172 */ 1173static int smack_inode_permission(struct inode *inode, int mask) 1174{ 1175 struct superblock_smack *sbsp = inode->i_sb->s_security; 1176 struct smk_audit_info ad; 1177 int no_block = mask & MAY_NOT_BLOCK; 1178 int rc; 1179 1180 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1181 /* 1182 * No permission to check. Existence test. Yup, it's there. 1183 */ 1184 if (mask == 0) 1185 return 0; 1186 1187 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) { 1188 if (smk_of_inode(inode) != sbsp->smk_root) 1189 return -EACCES; 1190 } 1191 1192 /* May be droppable after audit */ 1193 if (no_block) 1194 return -ECHILD; 1195 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1196 smk_ad_setfield_u_fs_inode(&ad, inode); 1197 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1198 rc = smk_bu_inode(inode, mask, rc); 1199 return rc; 1200} 1201 1202/** 1203 * smack_inode_setattr - Smack check for setting attributes 1204 * @dentry: the object 1205 * @iattr: for the force flag 1206 * 1207 * Returns 0 if access is permitted, an error code otherwise 1208 */ 1209static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1210{ 1211 struct smk_audit_info ad; 1212 int rc; 1213 1214 /* 1215 * Need to allow for clearing the setuid bit. 1216 */ 1217 if (iattr->ia_valid & ATTR_FORCE) 1218 return 0; 1219 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1220 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1221 1222 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1223 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1224 return rc; 1225} 1226 1227/** 1228 * smack_inode_getattr - Smack check for getting attributes 1229 * @path: path to extract the info from 1230 * 1231 * Returns 0 if access is permitted, an error code otherwise 1232 */ 1233static int smack_inode_getattr(const struct path *path) 1234{ 1235 struct smk_audit_info ad; 1236 struct inode *inode = d_backing_inode(path->dentry); 1237 int rc; 1238 1239 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1240 smk_ad_setfield_u_fs_path(&ad, *path); 1241 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1242 rc = smk_bu_inode(inode, MAY_READ, rc); 1243 return rc; 1244} 1245 1246/** 1247 * smack_inode_setxattr - Smack check for setting xattrs 1248 * @dentry: the object 1249 * @name: name of the attribute 1250 * @value: value of the attribute 1251 * @size: size of the value 1252 * @flags: unused 1253 * 1254 * This protects the Smack attribute explicitly. 1255 * 1256 * Returns 0 if access is permitted, an error code otherwise 1257 */ 1258static int smack_inode_setxattr(struct dentry *dentry, const char *name, 1259 const void *value, size_t size, int flags) 1260{ 1261 struct smk_audit_info ad; 1262 struct smack_known *skp; 1263 int check_priv = 0; 1264 int check_import = 0; 1265 int check_star = 0; 1266 int rc = 0; 1267 1268 /* 1269 * Check label validity here so import won't fail in post_setxattr 1270 */ 1271 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1272 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1273 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1274 check_priv = 1; 1275 check_import = 1; 1276 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1277 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1278 check_priv = 1; 1279 check_import = 1; 1280 check_star = 1; 1281 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1282 check_priv = 1; 1283 if (size != TRANS_TRUE_SIZE || 1284 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1285 rc = -EINVAL; 1286 } else 1287 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1288 1289 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1290 rc = -EPERM; 1291 1292 if (rc == 0 && check_import) { 1293 skp = size ? smk_import_entry(value, size) : NULL; 1294 if (IS_ERR(skp)) 1295 rc = PTR_ERR(skp); 1296 else if (skp == NULL || (check_star && 1297 (skp == &smack_known_star || skp == &smack_known_web))) 1298 rc = -EINVAL; 1299 } 1300 1301 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1302 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1303 1304 if (rc == 0) { 1305 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1306 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1307 } 1308 1309 return rc; 1310} 1311 1312/** 1313 * smack_inode_post_setxattr - Apply the Smack update approved above 1314 * @dentry: object 1315 * @name: attribute name 1316 * @value: attribute value 1317 * @size: attribute size 1318 * @flags: unused 1319 * 1320 * Set the pointer in the inode blob to the entry found 1321 * in the master label list. 1322 */ 1323static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1324 const void *value, size_t size, int flags) 1325{ 1326 struct smack_known *skp; 1327 struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1328 1329 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1330 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1331 return; 1332 } 1333 1334 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1335 skp = smk_import_entry(value, size); 1336 if (!IS_ERR(skp)) 1337 isp->smk_inode = skp; 1338 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1339 skp = smk_import_entry(value, size); 1340 if (!IS_ERR(skp)) 1341 isp->smk_task = skp; 1342 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1343 skp = smk_import_entry(value, size); 1344 if (!IS_ERR(skp)) 1345 isp->smk_mmap = skp; 1346 } 1347 1348 return; 1349} 1350 1351/** 1352 * smack_inode_getxattr - Smack check on getxattr 1353 * @dentry: the object 1354 * @name: unused 1355 * 1356 * Returns 0 if access is permitted, an error code otherwise 1357 */ 1358static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1359{ 1360 struct smk_audit_info ad; 1361 int rc; 1362 1363 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1364 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1365 1366 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1367 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1368 return rc; 1369} 1370 1371/** 1372 * smack_inode_removexattr - Smack check on removexattr 1373 * @dentry: the object 1374 * @name: name of the attribute 1375 * 1376 * Removing the Smack attribute requires CAP_MAC_ADMIN 1377 * 1378 * Returns 0 if access is permitted, an error code otherwise 1379 */ 1380static int smack_inode_removexattr(struct dentry *dentry, const char *name) 1381{ 1382 struct inode_smack *isp; 1383 struct smk_audit_info ad; 1384 int rc = 0; 1385 1386 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1387 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1388 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1389 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1390 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1391 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1392 if (!smack_privileged(CAP_MAC_ADMIN)) 1393 rc = -EPERM; 1394 } else 1395 rc = cap_inode_removexattr(dentry, name); 1396 1397 if (rc != 0) 1398 return rc; 1399 1400 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1401 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1402 1403 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1404 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1405 if (rc != 0) 1406 return rc; 1407 1408 isp = smack_inode(d_backing_inode(dentry)); 1409 /* 1410 * Don't do anything special for these. 1411 * XATTR_NAME_SMACKIPIN 1412 * XATTR_NAME_SMACKIPOUT 1413 */ 1414 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1415 struct super_block *sbp = dentry->d_sb; 1416 struct superblock_smack *sbsp = sbp->s_security; 1417 1418 isp->smk_inode = sbsp->smk_default; 1419 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1420 isp->smk_task = NULL; 1421 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1422 isp->smk_mmap = NULL; 1423 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1424 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1425 1426 return 0; 1427} 1428 1429/** 1430 * smack_inode_getsecurity - get smack xattrs 1431 * @inode: the object 1432 * @name: attribute name 1433 * @buffer: where to put the result 1434 * @alloc: duplicate memory 1435 * 1436 * Returns the size of the attribute or an error code 1437 */ 1438static int smack_inode_getsecurity(struct inode *inode, 1439 const char *name, void **buffer, 1440 bool alloc) 1441{ 1442 struct socket_smack *ssp; 1443 struct socket *sock; 1444 struct super_block *sbp; 1445 struct inode *ip = (struct inode *)inode; 1446 struct smack_known *isp; 1447 struct inode_smack *ispp; 1448 size_t label_len; 1449 char *label = NULL; 1450 1451 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1452 isp = smk_of_inode(inode); 1453 } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) { 1454 ispp = smack_inode(inode); 1455 if (ispp->smk_flags & SMK_INODE_TRANSMUTE) 1456 label = TRANS_TRUE; 1457 else 1458 label = ""; 1459 } else { 1460 /* 1461 * The rest of the Smack xattrs are only on sockets. 1462 */ 1463 sbp = ip->i_sb; 1464 if (sbp->s_magic != SOCKFS_MAGIC) 1465 return -EOPNOTSUPP; 1466 1467 sock = SOCKET_I(ip); 1468 if (sock == NULL || sock->sk == NULL) 1469 return -EOPNOTSUPP; 1470 1471 ssp = sock->sk->sk_security; 1472 1473 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1474 isp = ssp->smk_in; 1475 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1476 isp = ssp->smk_out; 1477 else 1478 return -EOPNOTSUPP; 1479 } 1480 1481 if (!label) 1482 label = isp->smk_known; 1483 1484 label_len = strlen(label); 1485 1486 if (alloc) { 1487 *buffer = kstrdup(label, GFP_KERNEL); 1488 if (*buffer == NULL) 1489 return -ENOMEM; 1490 } 1491 1492 return label_len; 1493} 1494 1495 1496/** 1497 * smack_inode_listsecurity - list the Smack attributes 1498 * @inode: the object 1499 * @buffer: where they go 1500 * @buffer_size: size of buffer 1501 */ 1502static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1503 size_t buffer_size) 1504{ 1505 int len = sizeof(XATTR_NAME_SMACK); 1506 1507 if (buffer != NULL && len <= buffer_size) 1508 memcpy(buffer, XATTR_NAME_SMACK, len); 1509 1510 return len; 1511} 1512 1513/** 1514 * smack_inode_getsecid - Extract inode's security id 1515 * @inode: inode to extract the info from 1516 * @secid: where result will be saved 1517 */ 1518static void smack_inode_getsecid(struct inode *inode, u32 *secid) 1519{ 1520 struct smack_known *skp = smk_of_inode(inode); 1521 1522 *secid = skp->smk_secid; 1523} 1524 1525/* 1526 * File Hooks 1527 */ 1528 1529/* 1530 * There is no smack_file_permission hook 1531 * 1532 * Should access checks be done on each read or write? 1533 * UNICOS and SELinux say yes. 1534 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1535 * 1536 * I'll say no for now. Smack does not do the frequent 1537 * label changing that SELinux does. 1538 */ 1539 1540/** 1541 * smack_file_alloc_security - assign a file security blob 1542 * @file: the object 1543 * 1544 * The security blob for a file is a pointer to the master 1545 * label list, so no allocation is done. 1546 * 1547 * f_security is the owner security information. It 1548 * isn't used on file access checks, it's for send_sigio. 1549 * 1550 * Returns 0 1551 */ 1552static int smack_file_alloc_security(struct file *file) 1553{ 1554 struct smack_known **blob = smack_file(file); 1555 1556 *blob = smk_of_current(); 1557 return 0; 1558} 1559 1560/** 1561 * smack_file_ioctl - Smack check on ioctls 1562 * @file: the object 1563 * @cmd: what to do 1564 * @arg: unused 1565 * 1566 * Relies heavily on the correct use of the ioctl command conventions. 1567 * 1568 * Returns 0 if allowed, error code otherwise 1569 */ 1570static int smack_file_ioctl(struct file *file, unsigned int cmd, 1571 unsigned long arg) 1572{ 1573 int rc = 0; 1574 struct smk_audit_info ad; 1575 struct inode *inode = file_inode(file); 1576 1577 if (unlikely(IS_PRIVATE(inode))) 1578 return 0; 1579 1580 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1581 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1582 1583 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1584 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1585 rc = smk_bu_file(file, MAY_WRITE, rc); 1586 } 1587 1588 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1589 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1590 rc = smk_bu_file(file, MAY_READ, rc); 1591 } 1592 1593 return rc; 1594} 1595 1596/** 1597 * smack_file_lock - Smack check on file locking 1598 * @file: the object 1599 * @cmd: unused 1600 * 1601 * Returns 0 if current has lock access, error code otherwise 1602 */ 1603static int smack_file_lock(struct file *file, unsigned int cmd) 1604{ 1605 struct smk_audit_info ad; 1606 int rc; 1607 struct inode *inode = file_inode(file); 1608 1609 if (unlikely(IS_PRIVATE(inode))) 1610 return 0; 1611 1612 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1613 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1614 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1615 rc = smk_bu_file(file, MAY_LOCK, rc); 1616 return rc; 1617} 1618 1619/** 1620 * smack_file_fcntl - Smack check on fcntl 1621 * @file: the object 1622 * @cmd: what action to check 1623 * @arg: unused 1624 * 1625 * Generally these operations are harmless. 1626 * File locking operations present an obvious mechanism 1627 * for passing information, so they require write access. 1628 * 1629 * Returns 0 if current has access, error code otherwise 1630 */ 1631static int smack_file_fcntl(struct file *file, unsigned int cmd, 1632 unsigned long arg) 1633{ 1634 struct smk_audit_info ad; 1635 int rc = 0; 1636 struct inode *inode = file_inode(file); 1637 1638 if (unlikely(IS_PRIVATE(inode))) 1639 return 0; 1640 1641 switch (cmd) { 1642 case F_GETLK: 1643 break; 1644 case F_SETLK: 1645 case F_SETLKW: 1646 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1647 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1648 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1649 rc = smk_bu_file(file, MAY_LOCK, rc); 1650 break; 1651 case F_SETOWN: 1652 case F_SETSIG: 1653 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1654 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1655 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1656 rc = smk_bu_file(file, MAY_WRITE, rc); 1657 break; 1658 default: 1659 break; 1660 } 1661 1662 return rc; 1663} 1664 1665/** 1666 * smack_mmap_file : 1667 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1668 * if mapping anonymous memory. 1669 * @file contains the file structure for file to map (may be NULL). 1670 * @reqprot contains the protection requested by the application. 1671 * @prot contains the protection that will be applied by the kernel. 1672 * @flags contains the operational flags. 1673 * Return 0 if permission is granted. 1674 */ 1675static int smack_mmap_file(struct file *file, 1676 unsigned long reqprot, unsigned long prot, 1677 unsigned long flags) 1678{ 1679 struct smack_known *skp; 1680 struct smack_known *mkp; 1681 struct smack_rule *srp; 1682 struct task_smack *tsp; 1683 struct smack_known *okp; 1684 struct inode_smack *isp; 1685 struct superblock_smack *sbsp; 1686 int may; 1687 int mmay; 1688 int tmay; 1689 int rc; 1690 1691 if (file == NULL) 1692 return 0; 1693 1694 if (unlikely(IS_PRIVATE(file_inode(file)))) 1695 return 0; 1696 1697 isp = smack_inode(file_inode(file)); 1698 if (isp->smk_mmap == NULL) 1699 return 0; 1700 sbsp = file_inode(file)->i_sb->s_security; 1701 if (sbsp->smk_flags & SMK_SB_UNTRUSTED && 1702 isp->smk_mmap != sbsp->smk_root) 1703 return -EACCES; 1704 mkp = isp->smk_mmap; 1705 1706 tsp = smack_cred(current_cred()); 1707 skp = smk_of_current(); 1708 rc = 0; 1709 1710 rcu_read_lock(); 1711 /* 1712 * For each Smack rule associated with the subject 1713 * label verify that the SMACK64MMAP also has access 1714 * to that rule's object label. 1715 */ 1716 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1717 okp = srp->smk_object; 1718 /* 1719 * Matching labels always allows access. 1720 */ 1721 if (mkp->smk_known == okp->smk_known) 1722 continue; 1723 /* 1724 * If there is a matching local rule take 1725 * that into account as well. 1726 */ 1727 may = smk_access_entry(srp->smk_subject->smk_known, 1728 okp->smk_known, 1729 &tsp->smk_rules); 1730 if (may == -ENOENT) 1731 may = srp->smk_access; 1732 else 1733 may &= srp->smk_access; 1734 /* 1735 * If may is zero the SMACK64MMAP subject can't 1736 * possibly have less access. 1737 */ 1738 if (may == 0) 1739 continue; 1740 1741 /* 1742 * Fetch the global list entry. 1743 * If there isn't one a SMACK64MMAP subject 1744 * can't have as much access as current. 1745 */ 1746 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1747 &mkp->smk_rules); 1748 if (mmay == -ENOENT) { 1749 rc = -EACCES; 1750 break; 1751 } 1752 /* 1753 * If there is a local entry it modifies the 1754 * potential access, too. 1755 */ 1756 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1757 &tsp->smk_rules); 1758 if (tmay != -ENOENT) 1759 mmay &= tmay; 1760 1761 /* 1762 * If there is any access available to current that is 1763 * not available to a SMACK64MMAP subject 1764 * deny access. 1765 */ 1766 if ((may | mmay) != mmay) { 1767 rc = -EACCES; 1768 break; 1769 } 1770 } 1771 1772 rcu_read_unlock(); 1773 1774 return rc; 1775} 1776 1777/** 1778 * smack_file_set_fowner - set the file security blob value 1779 * @file: object in question 1780 * 1781 */ 1782static void smack_file_set_fowner(struct file *file) 1783{ 1784 struct smack_known **blob = smack_file(file); 1785 1786 *blob = smk_of_current(); 1787} 1788 1789/** 1790 * smack_file_send_sigiotask - Smack on sigio 1791 * @tsk: The target task 1792 * @fown: the object the signal come from 1793 * @signum: unused 1794 * 1795 * Allow a privileged task to get signals even if it shouldn't 1796 * 1797 * Returns 0 if a subject with the object's smack could 1798 * write to the task, an error code otherwise. 1799 */ 1800static int smack_file_send_sigiotask(struct task_struct *tsk, 1801 struct fown_struct *fown, int signum) 1802{ 1803 struct smack_known **blob; 1804 struct smack_known *skp; 1805 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1806 const struct cred *tcred; 1807 struct file *file; 1808 int rc; 1809 struct smk_audit_info ad; 1810 1811 /* 1812 * struct fown_struct is never outside the context of a struct file 1813 */ 1814 file = container_of(fown, struct file, f_owner); 1815 1816 /* we don't log here as rc can be overriden */ 1817 blob = smack_file(file); 1818 skp = *blob; 1819 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1820 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1821 1822 rcu_read_lock(); 1823 tcred = __task_cred(tsk); 1824 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) 1825 rc = 0; 1826 rcu_read_unlock(); 1827 1828 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1829 smk_ad_setfield_u_tsk(&ad, tsk); 1830 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad); 1831 return rc; 1832} 1833 1834/** 1835 * smack_file_receive - Smack file receive check 1836 * @file: the object 1837 * 1838 * Returns 0 if current has access, error code otherwise 1839 */ 1840static int smack_file_receive(struct file *file) 1841{ 1842 int rc; 1843 int may = 0; 1844 struct smk_audit_info ad; 1845 struct inode *inode = file_inode(file); 1846 struct socket *sock; 1847 struct task_smack *tsp; 1848 struct socket_smack *ssp; 1849 1850 if (unlikely(IS_PRIVATE(inode))) 1851 return 0; 1852 1853 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1854 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1855 1856 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1857 sock = SOCKET_I(inode); 1858 ssp = sock->sk->sk_security; 1859 tsp = smack_cred(current_cred()); 1860 /* 1861 * If the receiving process can't write to the 1862 * passed socket or if the passed socket can't 1863 * write to the receiving process don't accept 1864 * the passed socket. 1865 */ 1866 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); 1867 rc = smk_bu_file(file, may, rc); 1868 if (rc < 0) 1869 return rc; 1870 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); 1871 rc = smk_bu_file(file, may, rc); 1872 return rc; 1873 } 1874 /* 1875 * This code relies on bitmasks. 1876 */ 1877 if (file->f_mode & FMODE_READ) 1878 may = MAY_READ; 1879 if (file->f_mode & FMODE_WRITE) 1880 may |= MAY_WRITE; 1881 1882 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1883 rc = smk_bu_file(file, may, rc); 1884 return rc; 1885} 1886 1887/** 1888 * smack_file_open - Smack dentry open processing 1889 * @file: the object 1890 * 1891 * Set the security blob in the file structure. 1892 * Allow the open only if the task has read access. There are 1893 * many read operations (e.g. fstat) that you can do with an 1894 * fd even if you have the file open write-only. 1895 * 1896 * Returns 0 if current has access, error code otherwise 1897 */ 1898static int smack_file_open(struct file *file) 1899{ 1900 struct task_smack *tsp = smack_cred(file->f_cred); 1901 struct inode *inode = file_inode(file); 1902 struct smk_audit_info ad; 1903 int rc; 1904 1905 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1906 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1907 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); 1908 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); 1909 1910 return rc; 1911} 1912 1913/* 1914 * Task hooks 1915 */ 1916 1917/** 1918 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1919 * @cred: the new credentials 1920 * @gfp: the atomicity of any memory allocations 1921 * 1922 * Prepare a blank set of credentials for modification. This must allocate all 1923 * the memory the LSM module might require such that cred_transfer() can 1924 * complete without error. 1925 */ 1926static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1927{ 1928 init_task_smack(smack_cred(cred), NULL, NULL); 1929 return 0; 1930} 1931 1932 1933/** 1934 * smack_cred_free - "free" task-level security credentials 1935 * @cred: the credentials in question 1936 * 1937 */ 1938static void smack_cred_free(struct cred *cred) 1939{ 1940 struct task_smack *tsp = smack_cred(cred); 1941 struct smack_rule *rp; 1942 struct list_head *l; 1943 struct list_head *n; 1944 1945 smk_destroy_label_list(&tsp->smk_relabel); 1946 1947 list_for_each_safe(l, n, &tsp->smk_rules) { 1948 rp = list_entry(l, struct smack_rule, list); 1949 list_del(&rp->list); 1950 kmem_cache_free(smack_rule_cache, rp); 1951 } 1952} 1953 1954/** 1955 * smack_cred_prepare - prepare new set of credentials for modification 1956 * @new: the new credentials 1957 * @old: the original credentials 1958 * @gfp: the atomicity of any memory allocations 1959 * 1960 * Prepare a new set of credentials for modification. 1961 */ 1962static int smack_cred_prepare(struct cred *new, const struct cred *old, 1963 gfp_t gfp) 1964{ 1965 struct task_smack *old_tsp = smack_cred(old); 1966 struct task_smack *new_tsp = smack_cred(new); 1967 int rc; 1968 1969 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1970 1971 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1972 if (rc != 0) 1973 return rc; 1974 1975 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1976 gfp); 1977 return rc; 1978} 1979 1980/** 1981 * smack_cred_transfer - Transfer the old credentials to the new credentials 1982 * @new: the new credentials 1983 * @old: the original credentials 1984 * 1985 * Fill in a set of blank credentials from another set of credentials. 1986 */ 1987static void smack_cred_transfer(struct cred *new, const struct cred *old) 1988{ 1989 struct task_smack *old_tsp = smack_cred(old); 1990 struct task_smack *new_tsp = smack_cred(new); 1991 1992 new_tsp->smk_task = old_tsp->smk_task; 1993 new_tsp->smk_forked = old_tsp->smk_task; 1994 mutex_init(&new_tsp->smk_rules_lock); 1995 INIT_LIST_HEAD(&new_tsp->smk_rules); 1996 1997 /* cbs copy rule list */ 1998} 1999 2000/** 2001 * smack_cred_getsecid - get the secid corresponding to a creds structure 2002 * @cred: the object creds 2003 * @secid: where to put the result 2004 * 2005 * Sets the secid to contain a u32 version of the smack label. 2006 */ 2007static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 2008{ 2009 struct smack_known *skp; 2010 2011 rcu_read_lock(); 2012 skp = smk_of_task(smack_cred(cred)); 2013 *secid = skp->smk_secid; 2014 rcu_read_unlock(); 2015} 2016 2017/** 2018 * smack_kernel_act_as - Set the subjective context in a set of credentials 2019 * @new: points to the set of credentials to be modified. 2020 * @secid: specifies the security ID to be set 2021 * 2022 * Set the security data for a kernel service. 2023 */ 2024static int smack_kernel_act_as(struct cred *new, u32 secid) 2025{ 2026 struct task_smack *new_tsp = smack_cred(new); 2027 2028 new_tsp->smk_task = smack_from_secid(secid); 2029 return 0; 2030} 2031 2032/** 2033 * smack_kernel_create_files_as - Set the file creation label in a set of creds 2034 * @new: points to the set of credentials to be modified 2035 * @inode: points to the inode to use as a reference 2036 * 2037 * Set the file creation context in a set of credentials to the same 2038 * as the objective context of the specified inode 2039 */ 2040static int smack_kernel_create_files_as(struct cred *new, 2041 struct inode *inode) 2042{ 2043 struct inode_smack *isp = smack_inode(inode); 2044 struct task_smack *tsp = smack_cred(new); 2045 2046 tsp->smk_forked = isp->smk_inode; 2047 tsp->smk_task = tsp->smk_forked; 2048 return 0; 2049} 2050 2051/** 2052 * smk_curacc_on_task - helper to log task related access 2053 * @p: the task object 2054 * @access: the access requested 2055 * @caller: name of the calling function for audit 2056 * 2057 * Return 0 if access is permitted 2058 */ 2059static int smk_curacc_on_task(struct task_struct *p, int access, 2060 const char *caller) 2061{ 2062 struct smk_audit_info ad; 2063 struct smack_known *skp = smk_of_task_struct(p); 2064 int rc; 2065 2066 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 2067 smk_ad_setfield_u_tsk(&ad, p); 2068 rc = smk_curacc(skp, access, &ad); 2069 rc = smk_bu_task(p, access, rc); 2070 return rc; 2071} 2072 2073/** 2074 * smack_task_setpgid - Smack check on setting pgid 2075 * @p: the task object 2076 * @pgid: unused 2077 * 2078 * Return 0 if write access is permitted 2079 */ 2080static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 2081{ 2082 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2083} 2084 2085/** 2086 * smack_task_getpgid - Smack access check for getpgid 2087 * @p: the object task 2088 * 2089 * Returns 0 if current can read the object task, error code otherwise 2090 */ 2091static int smack_task_getpgid(struct task_struct *p) 2092{ 2093 return smk_curacc_on_task(p, MAY_READ, __func__); 2094} 2095 2096/** 2097 * smack_task_getsid - Smack access check for getsid 2098 * @p: the object task 2099 * 2100 * Returns 0 if current can read the object task, error code otherwise 2101 */ 2102static int smack_task_getsid(struct task_struct *p) 2103{ 2104 return smk_curacc_on_task(p, MAY_READ, __func__); 2105} 2106 2107/** 2108 * smack_task_getsecid - get the secid of the task 2109 * @p: the object task 2110 * @secid: where to put the result 2111 * 2112 * Sets the secid to contain a u32 version of the smack label. 2113 */ 2114static void smack_task_getsecid(struct task_struct *p, u32 *secid) 2115{ 2116 struct smack_known *skp = smk_of_task_struct(p); 2117 2118 *secid = skp->smk_secid; 2119} 2120 2121/** 2122 * smack_task_setnice - Smack check on setting nice 2123 * @p: the task object 2124 * @nice: unused 2125 * 2126 * Return 0 if write access is permitted 2127 */ 2128static int smack_task_setnice(struct task_struct *p, int nice) 2129{ 2130 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2131} 2132 2133/** 2134 * smack_task_setioprio - Smack check on setting ioprio 2135 * @p: the task object 2136 * @ioprio: unused 2137 * 2138 * Return 0 if write access is permitted 2139 */ 2140static int smack_task_setioprio(struct task_struct *p, int ioprio) 2141{ 2142 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2143} 2144 2145/** 2146 * smack_task_getioprio - Smack check on reading ioprio 2147 * @p: the task object 2148 * 2149 * Return 0 if read access is permitted 2150 */ 2151static int smack_task_getioprio(struct task_struct *p) 2152{ 2153 return smk_curacc_on_task(p, MAY_READ, __func__); 2154} 2155 2156/** 2157 * smack_task_setscheduler - Smack check on setting scheduler 2158 * @p: the task object 2159 * 2160 * Return 0 if read access is permitted 2161 */ 2162static int smack_task_setscheduler(struct task_struct *p) 2163{ 2164 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2165} 2166 2167/** 2168 * smack_task_getscheduler - Smack check on reading scheduler 2169 * @p: the task object 2170 * 2171 * Return 0 if read access is permitted 2172 */ 2173static int smack_task_getscheduler(struct task_struct *p) 2174{ 2175 return smk_curacc_on_task(p, MAY_READ, __func__); 2176} 2177 2178/** 2179 * smack_task_movememory - Smack check on moving memory 2180 * @p: the task object 2181 * 2182 * Return 0 if write access is permitted 2183 */ 2184static int smack_task_movememory(struct task_struct *p) 2185{ 2186 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2187} 2188 2189/** 2190 * smack_task_kill - Smack check on signal delivery 2191 * @p: the task object 2192 * @info: unused 2193 * @sig: unused 2194 * @cred: identifies the cred to use in lieu of current's 2195 * 2196 * Return 0 if write access is permitted 2197 * 2198 */ 2199static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, 2200 int sig, const struct cred *cred) 2201{ 2202 struct smk_audit_info ad; 2203 struct smack_known *skp; 2204 struct smack_known *tkp = smk_of_task_struct(p); 2205 int rc; 2206 2207 if (!sig) 2208 return 0; /* null signal; existence test */ 2209 2210 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2211 smk_ad_setfield_u_tsk(&ad, p); 2212 /* 2213 * Sending a signal requires that the sender 2214 * can write the receiver. 2215 */ 2216 if (cred == NULL) { 2217 rc = smk_curacc(tkp, MAY_DELIVER, &ad); 2218 rc = smk_bu_task(p, MAY_DELIVER, rc); 2219 return rc; 2220 } 2221 /* 2222 * If the cred isn't NULL we're dealing with some USB IO 2223 * specific behavior. This is not clean. For one thing 2224 * we can't take privilege into account. 2225 */ 2226 skp = smk_of_task(smack_cred(cred)); 2227 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2228 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2229 return rc; 2230} 2231 2232/** 2233 * smack_task_to_inode - copy task smack into the inode blob 2234 * @p: task to copy from 2235 * @inode: inode to copy to 2236 * 2237 * Sets the smack pointer in the inode security blob 2238 */ 2239static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2240{ 2241 struct inode_smack *isp = smack_inode(inode); 2242 struct smack_known *skp = smk_of_task_struct(p); 2243 2244 isp->smk_inode = skp; 2245 isp->smk_flags |= SMK_INODE_INSTANT; 2246} 2247 2248/* 2249 * Socket hooks. 2250 */ 2251 2252/** 2253 * smack_sk_alloc_security - Allocate a socket blob 2254 * @sk: the socket 2255 * @family: unused 2256 * @gfp_flags: memory allocation flags 2257 * 2258 * Assign Smack pointers to current 2259 * 2260 * Returns 0 on success, -ENOMEM is there's no memory 2261 */ 2262static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2263{ 2264 struct smack_known *skp = smk_of_current(); 2265 struct socket_smack *ssp; 2266 2267 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2268 if (ssp == NULL) 2269 return -ENOMEM; 2270 2271 /* 2272 * Sockets created by kernel threads receive web label. 2273 */ 2274 if (unlikely(current->flags & PF_KTHREAD)) { 2275 ssp->smk_in = &smack_known_web; 2276 ssp->smk_out = &smack_known_web; 2277 } else { 2278 ssp->smk_in = skp; 2279 ssp->smk_out = skp; 2280 } 2281 ssp->smk_packet = NULL; 2282 2283 sk->sk_security = ssp; 2284 2285 return 0; 2286} 2287 2288/** 2289 * smack_sk_free_security - Free a socket blob 2290 * @sk: the socket 2291 * 2292 * Clears the blob pointer 2293 */ 2294static void smack_sk_free_security(struct sock *sk) 2295{ 2296#ifdef SMACK_IPV6_PORT_LABELING 2297 struct smk_port_label *spp; 2298 2299 if (sk->sk_family == PF_INET6) { 2300 rcu_read_lock(); 2301 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2302 if (spp->smk_sock != sk) 2303 continue; 2304 spp->smk_can_reuse = 1; 2305 break; 2306 } 2307 rcu_read_unlock(); 2308 } 2309#endif 2310 kfree(sk->sk_security); 2311} 2312 2313/** 2314* smack_ipv4host_label - check host based restrictions 2315* @sip: the object end 2316* 2317* looks for host based access restrictions 2318* 2319* This version will only be appropriate for really small sets of single label 2320* hosts. The caller is responsible for ensuring that the RCU read lock is 2321* taken before calling this function. 2322* 2323* Returns the label of the far end or NULL if it's not special. 2324*/ 2325static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip) 2326{ 2327 struct smk_net4addr *snp; 2328 struct in_addr *siap = &sip->sin_addr; 2329 2330 if (siap->s_addr == 0) 2331 return NULL; 2332 2333 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) 2334 /* 2335 * we break after finding the first match because 2336 * the list is sorted from longest to shortest mask 2337 * so we have found the most specific match 2338 */ 2339 if (snp->smk_host.s_addr == 2340 (siap->s_addr & snp->smk_mask.s_addr)) 2341 return snp->smk_label; 2342 2343 return NULL; 2344} 2345 2346/* 2347 * smk_ipv6_localhost - Check for local ipv6 host address 2348 * @sip: the address 2349 * 2350 * Returns boolean true if this is the localhost address 2351 */ 2352static bool smk_ipv6_localhost(struct sockaddr_in6 *sip) 2353{ 2354 __be16 *be16p = (__be16 *)&sip->sin6_addr; 2355 __be32 *be32p = (__be32 *)&sip->sin6_addr; 2356 2357 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 && 2358 ntohs(be16p[7]) == 1) 2359 return true; 2360 return false; 2361} 2362 2363/** 2364* smack_ipv6host_label - check host based restrictions 2365* @sip: the object end 2366* 2367* looks for host based access restrictions 2368* 2369* This version will only be appropriate for really small sets of single label 2370* hosts. The caller is responsible for ensuring that the RCU read lock is 2371* taken before calling this function. 2372* 2373* Returns the label of the far end or NULL if it's not special. 2374*/ 2375static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) 2376{ 2377 struct smk_net6addr *snp; 2378 struct in6_addr *sap = &sip->sin6_addr; 2379 int i; 2380 int found = 0; 2381 2382 /* 2383 * It's local. Don't look for a host label. 2384 */ 2385 if (smk_ipv6_localhost(sip)) 2386 return NULL; 2387 2388 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { 2389 /* 2390 * If the label is NULL the entry has 2391 * been renounced. Ignore it. 2392 */ 2393 if (snp->smk_label == NULL) 2394 continue; 2395 /* 2396 * we break after finding the first match because 2397 * the list is sorted from longest to shortest mask 2398 * so we have found the most specific match 2399 */ 2400 for (found = 1, i = 0; i < 8; i++) { 2401 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != 2402 snp->smk_host.s6_addr16[i]) { 2403 found = 0; 2404 break; 2405 } 2406 } 2407 if (found) 2408 return snp->smk_label; 2409 } 2410 2411 return NULL; 2412} 2413 2414/** 2415 * smack_netlbl_add - Set the secattr on a socket 2416 * @sk: the socket 2417 * 2418 * Attach the outbound smack value (smk_out) to the socket. 2419 * 2420 * Returns 0 on success or an error code 2421 */ 2422static int smack_netlbl_add(struct sock *sk) 2423{ 2424 struct socket_smack *ssp = sk->sk_security; 2425 struct smack_known *skp = ssp->smk_out; 2426 int rc; 2427 2428 local_bh_disable(); 2429 bh_lock_sock_nested(sk); 2430 2431 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2432 switch (rc) { 2433 case 0: 2434 ssp->smk_state = SMK_NETLBL_LABELED; 2435 break; 2436 case -EDESTADDRREQ: 2437 ssp->smk_state = SMK_NETLBL_REQSKB; 2438 rc = 0; 2439 break; 2440 } 2441 2442 bh_unlock_sock(sk); 2443 local_bh_enable(); 2444 2445 return rc; 2446} 2447 2448/** 2449 * smack_netlbl_delete - Remove the secattr from a socket 2450 * @sk: the socket 2451 * 2452 * Remove the outbound smack value from a socket 2453 */ 2454static void smack_netlbl_delete(struct sock *sk) 2455{ 2456 struct socket_smack *ssp = sk->sk_security; 2457 2458 /* 2459 * Take the label off the socket if one is set. 2460 */ 2461 if (ssp->smk_state != SMK_NETLBL_LABELED) 2462 return; 2463 2464 local_bh_disable(); 2465 bh_lock_sock_nested(sk); 2466 netlbl_sock_delattr(sk); 2467 bh_unlock_sock(sk); 2468 local_bh_enable(); 2469 ssp->smk_state = SMK_NETLBL_UNLABELED; 2470} 2471 2472/** 2473 * smk_ipv4_check - Perform IPv4 host access checks 2474 * @sk: the socket 2475 * @sap: the destination address 2476 * 2477 * Set the correct secattr for the given socket based on the destination 2478 * address and perform any outbound access checks needed. 2479 * 2480 * Returns 0 on success or an error code. 2481 * 2482 */ 2483static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) 2484{ 2485 struct smack_known *skp; 2486 int rc = 0; 2487 struct smack_known *hkp; 2488 struct socket_smack *ssp = sk->sk_security; 2489 struct smk_audit_info ad; 2490 2491 rcu_read_lock(); 2492 hkp = smack_ipv4host_label(sap); 2493 if (hkp != NULL) { 2494#ifdef CONFIG_AUDIT 2495 struct lsm_network_audit net; 2496 2497 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2498 ad.a.u.net->family = sap->sin_family; 2499 ad.a.u.net->dport = sap->sin_port; 2500 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2501#endif 2502 skp = ssp->smk_out; 2503 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2504 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2505 /* 2506 * Clear the socket netlabel if it's set. 2507 */ 2508 if (!rc) 2509 smack_netlbl_delete(sk); 2510 } 2511 rcu_read_unlock(); 2512 2513 return rc; 2514} 2515 2516/** 2517 * smk_ipv6_check - check Smack access 2518 * @subject: subject Smack label 2519 * @object: object Smack label 2520 * @address: address 2521 * @act: the action being taken 2522 * 2523 * Check an IPv6 access 2524 */ 2525static int smk_ipv6_check(struct smack_known *subject, 2526 struct smack_known *object, 2527 struct sockaddr_in6 *address, int act) 2528{ 2529#ifdef CONFIG_AUDIT 2530 struct lsm_network_audit net; 2531#endif 2532 struct smk_audit_info ad; 2533 int rc; 2534 2535#ifdef CONFIG_AUDIT 2536 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2537 ad.a.u.net->family = PF_INET6; 2538 ad.a.u.net->dport = address->sin6_port; 2539 if (act == SMK_RECEIVING) 2540 ad.a.u.net->v6info.saddr = address->sin6_addr; 2541 else 2542 ad.a.u.net->v6info.daddr = address->sin6_addr; 2543#endif 2544 rc = smk_access(subject, object, MAY_WRITE, &ad); 2545 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc); 2546 return rc; 2547} 2548 2549#ifdef SMACK_IPV6_PORT_LABELING 2550/** 2551 * smk_ipv6_port_label - Smack port access table management 2552 * @sock: socket 2553 * @address: address 2554 * 2555 * Create or update the port list entry 2556 */ 2557static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2558{ 2559 struct sock *sk = sock->sk; 2560 struct sockaddr_in6 *addr6; 2561 struct socket_smack *ssp = sock->sk->sk_security; 2562 struct smk_port_label *spp; 2563 unsigned short port = 0; 2564 2565 if (address == NULL) { 2566 /* 2567 * This operation is changing the Smack information 2568 * on the bound socket. Take the changes to the port 2569 * as well. 2570 */ 2571 rcu_read_lock(); 2572 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2573 if (sk != spp->smk_sock) 2574 continue; 2575 spp->smk_in = ssp->smk_in; 2576 spp->smk_out = ssp->smk_out; 2577 rcu_read_unlock(); 2578 return; 2579 } 2580 /* 2581 * A NULL address is only used for updating existing 2582 * bound entries. If there isn't one, it's OK. 2583 */ 2584 rcu_read_unlock(); 2585 return; 2586 } 2587 2588 addr6 = (struct sockaddr_in6 *)address; 2589 port = ntohs(addr6->sin6_port); 2590 /* 2591 * This is a special case that is safely ignored. 2592 */ 2593 if (port == 0) 2594 return; 2595 2596 /* 2597 * Look for an existing port list entry. 2598 * This is an indication that a port is getting reused. 2599 */ 2600 rcu_read_lock(); 2601 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2602 if (spp->smk_port != port || spp->smk_sock_type != sock->type) 2603 continue; 2604 if (spp->smk_can_reuse != 1) { 2605 rcu_read_unlock(); 2606 return; 2607 } 2608 spp->smk_port = port; 2609 spp->smk_sock = sk; 2610 spp->smk_in = ssp->smk_in; 2611 spp->smk_out = ssp->smk_out; 2612 spp->smk_can_reuse = 0; 2613 rcu_read_unlock(); 2614 return; 2615 } 2616 rcu_read_unlock(); 2617 /* 2618 * A new port entry is required. 2619 */ 2620 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2621 if (spp == NULL) 2622 return; 2623 2624 spp->smk_port = port; 2625 spp->smk_sock = sk; 2626 spp->smk_in = ssp->smk_in; 2627 spp->smk_out = ssp->smk_out; 2628 spp->smk_sock_type = sock->type; 2629 spp->smk_can_reuse = 0; 2630 2631 mutex_lock(&smack_ipv6_lock); 2632 list_add_rcu(&spp->list, &smk_ipv6_port_list); 2633 mutex_unlock(&smack_ipv6_lock); 2634 return; 2635} 2636#endif 2637 2638/** 2639 * smk_ipv6_port_check - check Smack port access 2640 * @sk: socket 2641 * @address: address 2642 * @act: the action being taken 2643 * 2644 * Create or update the port list entry 2645 */ 2646static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2647 int act) 2648{ 2649 struct smk_port_label *spp; 2650 struct socket_smack *ssp = sk->sk_security; 2651 struct smack_known *skp = NULL; 2652 unsigned short port; 2653 struct smack_known *object; 2654 2655 if (act == SMK_RECEIVING) { 2656 skp = smack_ipv6host_label(address); 2657 object = ssp->smk_in; 2658 } else { 2659 skp = ssp->smk_out; 2660 object = smack_ipv6host_label(address); 2661 } 2662 2663 /* 2664 * The other end is a single label host. 2665 */ 2666 if (skp != NULL && object != NULL) 2667 return smk_ipv6_check(skp, object, address, act); 2668 if (skp == NULL) 2669 skp = smack_net_ambient; 2670 if (object == NULL) 2671 object = smack_net_ambient; 2672 2673 /* 2674 * It's remote, so port lookup does no good. 2675 */ 2676 if (!smk_ipv6_localhost(address)) 2677 return smk_ipv6_check(skp, object, address, act); 2678 2679 /* 2680 * It's local so the send check has to have passed. 2681 */ 2682 if (act == SMK_RECEIVING) 2683 return 0; 2684 2685 port = ntohs(address->sin6_port); 2686 rcu_read_lock(); 2687 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) { 2688 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type) 2689 continue; 2690 object = spp->smk_in; 2691 if (act == SMK_CONNECTING) 2692 ssp->smk_packet = spp->smk_out; 2693 break; 2694 } 2695 rcu_read_unlock(); 2696 2697 return smk_ipv6_check(skp, object, address, act); 2698} 2699 2700/** 2701 * smack_inode_setsecurity - set smack xattrs 2702 * @inode: the object 2703 * @name: attribute name 2704 * @value: attribute value 2705 * @size: size of the attribute 2706 * @flags: unused 2707 * 2708 * Sets the named attribute in the appropriate blob 2709 * 2710 * Returns 0 on success, or an error code 2711 */ 2712static int smack_inode_setsecurity(struct inode *inode, const char *name, 2713 const void *value, size_t size, int flags) 2714{ 2715 struct smack_known *skp; 2716 struct inode_smack *nsp = smack_inode(inode); 2717 struct socket_smack *ssp; 2718 struct socket *sock; 2719 int rc = 0; 2720 2721 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2722 return -EINVAL; 2723 2724 skp = smk_import_entry(value, size); 2725 if (IS_ERR(skp)) 2726 return PTR_ERR(skp); 2727 2728 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2729 nsp->smk_inode = skp; 2730 nsp->smk_flags |= SMK_INODE_INSTANT; 2731 return 0; 2732 } 2733 /* 2734 * The rest of the Smack xattrs are only on sockets. 2735 */ 2736 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2737 return -EOPNOTSUPP; 2738 2739 sock = SOCKET_I(inode); 2740 if (sock == NULL || sock->sk == NULL) 2741 return -EOPNOTSUPP; 2742 2743 ssp = sock->sk->sk_security; 2744 2745 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2746 ssp->smk_in = skp; 2747 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2748 ssp->smk_out = skp; 2749 if (sock->sk->sk_family == PF_INET) { 2750 rc = smack_netlbl_add(sock->sk); 2751 if (rc != 0) 2752 printk(KERN_WARNING 2753 "Smack: \"%s\" netlbl error %d.\n", 2754 __func__, -rc); 2755 } 2756 } else 2757 return -EOPNOTSUPP; 2758 2759#ifdef SMACK_IPV6_PORT_LABELING 2760 if (sock->sk->sk_family == PF_INET6) 2761 smk_ipv6_port_label(sock, NULL); 2762#endif 2763 2764 return 0; 2765} 2766 2767/** 2768 * smack_socket_post_create - finish socket setup 2769 * @sock: the socket 2770 * @family: protocol family 2771 * @type: unused 2772 * @protocol: unused 2773 * @kern: unused 2774 * 2775 * Sets the netlabel information on the socket 2776 * 2777 * Returns 0 on success, and error code otherwise 2778 */ 2779static int smack_socket_post_create(struct socket *sock, int family, 2780 int type, int protocol, int kern) 2781{ 2782 struct socket_smack *ssp; 2783 2784 if (sock->sk == NULL) 2785 return 0; 2786 2787 /* 2788 * Sockets created by kernel threads receive web label. 2789 */ 2790 if (unlikely(current->flags & PF_KTHREAD)) { 2791 ssp = sock->sk->sk_security; 2792 ssp->smk_in = &smack_known_web; 2793 ssp->smk_out = &smack_known_web; 2794 } 2795 2796 if (family != PF_INET) 2797 return 0; 2798 /* 2799 * Set the outbound netlbl. 2800 */ 2801 return smack_netlbl_add(sock->sk); 2802} 2803 2804/** 2805 * smack_socket_socketpair - create socket pair 2806 * @socka: one socket 2807 * @sockb: another socket 2808 * 2809 * Cross reference the peer labels for SO_PEERSEC 2810 * 2811 * Returns 0 2812 */ 2813static int smack_socket_socketpair(struct socket *socka, 2814 struct socket *sockb) 2815{ 2816 struct socket_smack *asp = socka->sk->sk_security; 2817 struct socket_smack *bsp = sockb->sk->sk_security; 2818 2819 asp->smk_packet = bsp->smk_out; 2820 bsp->smk_packet = asp->smk_out; 2821 2822 return 0; 2823} 2824 2825#ifdef SMACK_IPV6_PORT_LABELING 2826/** 2827 * smack_socket_bind - record port binding information. 2828 * @sock: the socket 2829 * @address: the port address 2830 * @addrlen: size of the address 2831 * 2832 * Records the label bound to a port. 2833 * 2834 * Returns 0 on success, and error code otherwise 2835 */ 2836static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2837 int addrlen) 2838{ 2839 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { 2840 if (addrlen < SIN6_LEN_RFC2133 || 2841 address->sa_family != AF_INET6) 2842 return -EINVAL; 2843 smk_ipv6_port_label(sock, address); 2844 } 2845 return 0; 2846} 2847#endif /* SMACK_IPV6_PORT_LABELING */ 2848 2849/** 2850 * smack_socket_connect - connect access check 2851 * @sock: the socket 2852 * @sap: the other end 2853 * @addrlen: size of sap 2854 * 2855 * Verifies that a connection may be possible 2856 * 2857 * Returns 0 on success, and error code otherwise 2858 */ 2859static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2860 int addrlen) 2861{ 2862 int rc = 0; 2863 2864 if (sock->sk == NULL) 2865 return 0; 2866 if (sock->sk->sk_family != PF_INET && 2867 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) 2868 return 0; 2869 if (addrlen < offsetofend(struct sockaddr, sa_family)) 2870 return 0; 2871 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { 2872 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; 2873 struct smack_known *rsp = NULL; 2874 2875 if (addrlen < SIN6_LEN_RFC2133) 2876 return 0; 2877 if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) 2878 rsp = smack_ipv6host_label(sip); 2879 if (rsp != NULL) { 2880 struct socket_smack *ssp = sock->sk->sk_security; 2881 2882 rc = smk_ipv6_check(ssp->smk_out, rsp, sip, 2883 SMK_CONNECTING); 2884 } 2885 if (__is_defined(SMACK_IPV6_PORT_LABELING)) 2886 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); 2887 2888 return rc; 2889 } 2890 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) 2891 return 0; 2892 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap); 2893 return rc; 2894} 2895 2896/** 2897 * smack_flags_to_may - convert S_ to MAY_ values 2898 * @flags: the S_ value 2899 * 2900 * Returns the equivalent MAY_ value 2901 */ 2902static int smack_flags_to_may(int flags) 2903{ 2904 int may = 0; 2905 2906 if (flags & S_IRUGO) 2907 may |= MAY_READ; 2908 if (flags & S_IWUGO) 2909 may |= MAY_WRITE; 2910 if (flags & S_IXUGO) 2911 may |= MAY_EXEC; 2912 2913 return may; 2914} 2915 2916/** 2917 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2918 * @msg: the object 2919 * 2920 * Returns 0 2921 */ 2922static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2923{ 2924 struct smack_known **blob = smack_msg_msg(msg); 2925 2926 *blob = smk_of_current(); 2927 return 0; 2928} 2929 2930/** 2931 * smack_of_ipc - the smack pointer for the ipc 2932 * @isp: the object 2933 * 2934 * Returns a pointer to the smack value 2935 */ 2936static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2937{ 2938 struct smack_known **blob = smack_ipc(isp); 2939 2940 return *blob; 2941} 2942 2943/** 2944 * smack_ipc_alloc_security - Set the security blob for ipc 2945 * @isp: the object 2946 * 2947 * Returns 0 2948 */ 2949static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 2950{ 2951 struct smack_known **blob = smack_ipc(isp); 2952 2953 *blob = smk_of_current(); 2954 return 0; 2955} 2956 2957/** 2958 * smk_curacc_shm : check if current has access on shm 2959 * @isp : the object 2960 * @access : access requested 2961 * 2962 * Returns 0 if current has the requested access, error code otherwise 2963 */ 2964static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) 2965{ 2966 struct smack_known *ssp = smack_of_ipc(isp); 2967 struct smk_audit_info ad; 2968 int rc; 2969 2970#ifdef CONFIG_AUDIT 2971 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2972 ad.a.u.ipc_id = isp->id; 2973#endif 2974 rc = smk_curacc(ssp, access, &ad); 2975 rc = smk_bu_current("shm", ssp, access, rc); 2976 return rc; 2977} 2978 2979/** 2980 * smack_shm_associate - Smack access check for shm 2981 * @isp: the object 2982 * @shmflg: access requested 2983 * 2984 * Returns 0 if current has the requested access, error code otherwise 2985 */ 2986static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg) 2987{ 2988 int may; 2989 2990 may = smack_flags_to_may(shmflg); 2991 return smk_curacc_shm(isp, may); 2992} 2993 2994/** 2995 * smack_shm_shmctl - Smack access check for shm 2996 * @isp: the object 2997 * @cmd: what it wants to do 2998 * 2999 * Returns 0 if current has the requested access, error code otherwise 3000 */ 3001static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd) 3002{ 3003 int may; 3004 3005 switch (cmd) { 3006 case IPC_STAT: 3007 case SHM_STAT: 3008 case SHM_STAT_ANY: 3009 may = MAY_READ; 3010 break; 3011 case IPC_SET: 3012 case SHM_LOCK: 3013 case SHM_UNLOCK: 3014 case IPC_RMID: 3015 may = MAY_READWRITE; 3016 break; 3017 case IPC_INFO: 3018 case SHM_INFO: 3019 /* 3020 * System level information. 3021 */ 3022 return 0; 3023 default: 3024 return -EINVAL; 3025 } 3026 return smk_curacc_shm(isp, may); 3027} 3028 3029/** 3030 * smack_shm_shmat - Smack access for shmat 3031 * @isp: the object 3032 * @shmaddr: unused 3033 * @shmflg: access requested 3034 * 3035 * Returns 0 if current has the requested access, error code otherwise 3036 */ 3037static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr, 3038 int shmflg) 3039{ 3040 int may; 3041 3042 may = smack_flags_to_may(shmflg); 3043 return smk_curacc_shm(isp, may); 3044} 3045 3046/** 3047 * smk_curacc_sem : check if current has access on sem 3048 * @isp : the object 3049 * @access : access requested 3050 * 3051 * Returns 0 if current has the requested access, error code otherwise 3052 */ 3053static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) 3054{ 3055 struct smack_known *ssp = smack_of_ipc(isp); 3056 struct smk_audit_info ad; 3057 int rc; 3058 3059#ifdef CONFIG_AUDIT 3060 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3061 ad.a.u.ipc_id = isp->id; 3062#endif 3063 rc = smk_curacc(ssp, access, &ad); 3064 rc = smk_bu_current("sem", ssp, access, rc); 3065 return rc; 3066} 3067 3068/** 3069 * smack_sem_associate - Smack access check for sem 3070 * @isp: the object 3071 * @semflg: access requested 3072 * 3073 * Returns 0 if current has the requested access, error code otherwise 3074 */ 3075static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg) 3076{ 3077 int may; 3078 3079 may = smack_flags_to_may(semflg); 3080 return smk_curacc_sem(isp, may); 3081} 3082 3083/** 3084 * smack_sem_shmctl - Smack access check for sem 3085 * @isp: the object 3086 * @cmd: what it wants to do 3087 * 3088 * Returns 0 if current has the requested access, error code otherwise 3089 */ 3090static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd) 3091{ 3092 int may; 3093 3094 switch (cmd) { 3095 case GETPID: 3096 case GETNCNT: 3097 case GETZCNT: 3098 case GETVAL: 3099 case GETALL: 3100 case IPC_STAT: 3101 case SEM_STAT: 3102 case SEM_STAT_ANY: 3103 may = MAY_READ; 3104 break; 3105 case SETVAL: 3106 case SETALL: 3107 case IPC_RMID: 3108 case IPC_SET: 3109 may = MAY_READWRITE; 3110 break; 3111 case IPC_INFO: 3112 case SEM_INFO: 3113 /* 3114 * System level information 3115 */ 3116 return 0; 3117 default: 3118 return -EINVAL; 3119 } 3120 3121 return smk_curacc_sem(isp, may); 3122} 3123 3124/** 3125 * smack_sem_semop - Smack checks of semaphore operations 3126 * @isp: the object 3127 * @sops: unused 3128 * @nsops: unused 3129 * @alter: unused 3130 * 3131 * Treated as read and write in all cases. 3132 * 3133 * Returns 0 if access is allowed, error code otherwise 3134 */ 3135static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops, 3136 unsigned nsops, int alter) 3137{ 3138 return smk_curacc_sem(isp, MAY_READWRITE); 3139} 3140 3141/** 3142 * smk_curacc_msq : helper to check if current has access on msq 3143 * @isp : the msq 3144 * @access : access requested 3145 * 3146 * return 0 if current has access, error otherwise 3147 */ 3148static int smk_curacc_msq(struct kern_ipc_perm *isp, int access) 3149{ 3150 struct smack_known *msp = smack_of_ipc(isp); 3151 struct smk_audit_info ad; 3152 int rc; 3153 3154#ifdef CONFIG_AUDIT 3155 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3156 ad.a.u.ipc_id = isp->id; 3157#endif 3158 rc = smk_curacc(msp, access, &ad); 3159 rc = smk_bu_current("msq", msp, access, rc); 3160 return rc; 3161} 3162 3163/** 3164 * smack_msg_queue_associate - Smack access check for msg_queue 3165 * @isp: the object 3166 * @msqflg: access requested 3167 * 3168 * Returns 0 if current has the requested access, error code otherwise 3169 */ 3170static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg) 3171{ 3172 int may; 3173 3174 may = smack_flags_to_may(msqflg); 3175 return smk_curacc_msq(isp, may); 3176} 3177 3178/** 3179 * smack_msg_queue_msgctl - Smack access check for msg_queue 3180 * @isp: the object 3181 * @cmd: what it wants to do 3182 * 3183 * Returns 0 if current has the requested access, error code otherwise 3184 */ 3185static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd) 3186{ 3187 int may; 3188 3189 switch (cmd) { 3190 case IPC_STAT: 3191 case MSG_STAT: 3192 case MSG_STAT_ANY: 3193 may = MAY_READ; 3194 break; 3195 case IPC_SET: 3196 case IPC_RMID: 3197 may = MAY_READWRITE; 3198 break; 3199 case IPC_INFO: 3200 case MSG_INFO: 3201 /* 3202 * System level information 3203 */ 3204 return 0; 3205 default: 3206 return -EINVAL; 3207 } 3208 3209 return smk_curacc_msq(isp, may); 3210} 3211 3212/** 3213 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3214 * @isp: the object 3215 * @msg: unused 3216 * @msqflg: access requested 3217 * 3218 * Returns 0 if current has the requested access, error code otherwise 3219 */ 3220static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg, 3221 int msqflg) 3222{ 3223 int may; 3224 3225 may = smack_flags_to_may(msqflg); 3226 return smk_curacc_msq(isp, may); 3227} 3228 3229/** 3230 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3231 * @isp: the object 3232 * @msg: unused 3233 * @target: unused 3234 * @type: unused 3235 * @mode: unused 3236 * 3237 * Returns 0 if current has read and write access, error code otherwise 3238 */ 3239static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg, 3240 struct task_struct *target, long type, int mode) 3241{ 3242 return smk_curacc_msq(isp, MAY_READWRITE); 3243} 3244 3245/** 3246 * smack_ipc_permission - Smack access for ipc_permission() 3247 * @ipp: the object permissions 3248 * @flag: access requested 3249 * 3250 * Returns 0 if current has read and write access, error code otherwise 3251 */ 3252static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3253{ 3254 struct smack_known **blob = smack_ipc(ipp); 3255 struct smack_known *iskp = *blob; 3256 int may = smack_flags_to_may(flag); 3257 struct smk_audit_info ad; 3258 int rc; 3259 3260#ifdef CONFIG_AUDIT 3261 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3262 ad.a.u.ipc_id = ipp->id; 3263#endif 3264 rc = smk_curacc(iskp, may, &ad); 3265 rc = smk_bu_current("svipc", iskp, may, rc); 3266 return rc; 3267} 3268 3269/** 3270 * smack_ipc_getsecid - Extract smack security id 3271 * @ipp: the object permissions 3272 * @secid: where result will be saved 3273 */ 3274static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3275{ 3276 struct smack_known **blob = smack_ipc(ipp); 3277 struct smack_known *iskp = *blob; 3278 3279 *secid = iskp->smk_secid; 3280} 3281 3282/** 3283 * smack_d_instantiate - Make sure the blob is correct on an inode 3284 * @opt_dentry: dentry where inode will be attached 3285 * @inode: the object 3286 * 3287 * Set the inode's security blob if it hasn't been done already. 3288 */ 3289static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3290{ 3291 struct super_block *sbp; 3292 struct superblock_smack *sbsp; 3293 struct inode_smack *isp; 3294 struct smack_known *skp; 3295 struct smack_known *ckp = smk_of_current(); 3296 struct smack_known *final; 3297 char trattr[TRANS_TRUE_SIZE]; 3298 int transflag = 0; 3299 int rc; 3300 struct dentry *dp; 3301 3302 if (inode == NULL) 3303 return; 3304 3305 isp = smack_inode(inode); 3306 3307 /* 3308 * If the inode is already instantiated 3309 * take the quick way out 3310 */ 3311 if (isp->smk_flags & SMK_INODE_INSTANT) 3312 return; 3313 3314 sbp = inode->i_sb; 3315 sbsp = sbp->s_security; 3316 /* 3317 * We're going to use the superblock default label 3318 * if there's no label on the file. 3319 */ 3320 final = sbsp->smk_default; 3321 3322 /* 3323 * If this is the root inode the superblock 3324 * may be in the process of initialization. 3325 * If that is the case use the root value out 3326 * of the superblock. 3327 */ 3328 if (opt_dentry->d_parent == opt_dentry) { 3329 switch (sbp->s_magic) { 3330 case CGROUP_SUPER_MAGIC: 3331 case CGROUP2_SUPER_MAGIC: 3332 /* 3333 * The cgroup filesystem is never mounted, 3334 * so there's no opportunity to set the mount 3335 * options. 3336 */ 3337 sbsp->smk_root = &smack_known_star; 3338 sbsp->smk_default = &smack_known_star; 3339 isp->smk_inode = sbsp->smk_root; 3340 break; 3341 case TMPFS_MAGIC: 3342 /* 3343 * What about shmem/tmpfs anonymous files with dentry 3344 * obtained from d_alloc_pseudo()? 3345 */ 3346 isp->smk_inode = smk_of_current(); 3347 break; 3348 case PIPEFS_MAGIC: 3349 isp->smk_inode = smk_of_current(); 3350 break; 3351 case SOCKFS_MAGIC: 3352 /* 3353 * Socket access is controlled by the socket 3354 * structures associated with the task involved. 3355 */ 3356 isp->smk_inode = &smack_known_star; 3357 break; 3358 default: 3359 isp->smk_inode = sbsp->smk_root; 3360 break; 3361 } 3362 isp->smk_flags |= SMK_INODE_INSTANT; 3363 return; 3364 } 3365 3366 /* 3367 * This is pretty hackish. 3368 * Casey says that we shouldn't have to do 3369 * file system specific code, but it does help 3370 * with keeping it simple. 3371 */ 3372 switch (sbp->s_magic) { 3373 case SMACK_MAGIC: 3374 case CGROUP_SUPER_MAGIC: 3375 case CGROUP2_SUPER_MAGIC: 3376 /* 3377 * Casey says that it's a little embarrassing 3378 * that the smack file system doesn't do 3379 * extended attributes. 3380 * 3381 * Cgroupfs is special 3382 */ 3383 final = &smack_known_star; 3384 break; 3385 case DEVPTS_SUPER_MAGIC: 3386 /* 3387 * devpts seems content with the label of the task. 3388 * Programs that change smack have to treat the 3389 * pty with respect. 3390 */ 3391 final = ckp; 3392 break; 3393 case PROC_SUPER_MAGIC: 3394 /* 3395 * Casey says procfs appears not to care. 3396 * The superblock default suffices. 3397 */ 3398 break; 3399 case TMPFS_MAGIC: 3400 /* 3401 * Device labels should come from the filesystem, 3402 * but watch out, because they're volitile, 3403 * getting recreated on every reboot. 3404 */ 3405 final = &smack_known_star; 3406 /* 3407 * If a smack value has been set we want to use it, 3408 * but since tmpfs isn't giving us the opportunity 3409 * to set mount options simulate setting the 3410 * superblock default. 3411 */ 3412 fallthrough; 3413 default: 3414 /* 3415 * This isn't an understood special case. 3416 * Get the value from the xattr. 3417 */ 3418 3419 /* 3420 * UNIX domain sockets use lower level socket data. 3421 */ 3422 if (S_ISSOCK(inode->i_mode)) { 3423 final = &smack_known_star; 3424 break; 3425 } 3426 /* 3427 * No xattr support means, alas, no SMACK label. 3428 * Use the aforeapplied default. 3429 * It would be curious if the label of the task 3430 * does not match that assigned. 3431 */ 3432 if (!(inode->i_opflags & IOP_XATTR)) 3433 break; 3434 /* 3435 * Get the dentry for xattr. 3436 */ 3437 dp = dget(opt_dentry); 3438 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3439 if (!IS_ERR_OR_NULL(skp)) 3440 final = skp; 3441 3442 /* 3443 * Transmuting directory 3444 */ 3445 if (S_ISDIR(inode->i_mode)) { 3446 /* 3447 * If this is a new directory and the label was 3448 * transmuted when the inode was initialized 3449 * set the transmute attribute on the directory 3450 * and mark the inode. 3451 * 3452 * If there is a transmute attribute on the 3453 * directory mark the inode. 3454 */ 3455 if (isp->smk_flags & SMK_INODE_CHANGED) { 3456 isp->smk_flags &= ~SMK_INODE_CHANGED; 3457 rc = __vfs_setxattr(dp, inode, 3458 XATTR_NAME_SMACKTRANSMUTE, 3459 TRANS_TRUE, TRANS_TRUE_SIZE, 3460 0); 3461 } else { 3462 rc = __vfs_getxattr(dp, inode, 3463 XATTR_NAME_SMACKTRANSMUTE, trattr, 3464 TRANS_TRUE_SIZE); 3465 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3466 TRANS_TRUE_SIZE) != 0) 3467 rc = -EINVAL; 3468 } 3469 if (rc >= 0) 3470 transflag = SMK_INODE_TRANSMUTE; 3471 } 3472 /* 3473 * Don't let the exec or mmap label be "*" or "@". 3474 */ 3475 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3476 if (IS_ERR(skp) || skp == &smack_known_star || 3477 skp == &smack_known_web) 3478 skp = NULL; 3479 isp->smk_task = skp; 3480 3481 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3482 if (IS_ERR(skp) || skp == &smack_known_star || 3483 skp == &smack_known_web) 3484 skp = NULL; 3485 isp->smk_mmap = skp; 3486 3487 dput(dp); 3488 break; 3489 } 3490 3491 if (final == NULL) 3492 isp->smk_inode = ckp; 3493 else 3494 isp->smk_inode = final; 3495 3496 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3497 3498 return; 3499} 3500 3501/** 3502 * smack_getprocattr - Smack process attribute access 3503 * @p: the object task 3504 * @name: the name of the attribute in /proc/.../attr 3505 * @value: where to put the result 3506 * 3507 * Places a copy of the task Smack into value 3508 * 3509 * Returns the length of the smack label or an error code 3510 */ 3511static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3512{ 3513 struct smack_known *skp = smk_of_task_struct(p); 3514 char *cp; 3515 int slen; 3516 3517 if (strcmp(name, "current") != 0) 3518 return -EINVAL; 3519 3520 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3521 if (cp == NULL) 3522 return -ENOMEM; 3523 3524 slen = strlen(cp); 3525 *value = cp; 3526 return slen; 3527} 3528 3529/** 3530 * smack_setprocattr - Smack process attribute setting 3531 * @name: the name of the attribute in /proc/.../attr 3532 * @value: the value to set 3533 * @size: the size of the value 3534 * 3535 * Sets the Smack value of the task. Only setting self 3536 * is permitted and only with privilege 3537 * 3538 * Returns the length of the smack label or an error code 3539 */ 3540static int smack_setprocattr(const char *name, void *value, size_t size) 3541{ 3542 struct task_smack *tsp = smack_cred(current_cred()); 3543 struct cred *new; 3544 struct smack_known *skp; 3545 struct smack_known_list_elem *sklep; 3546 int rc; 3547 3548 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) 3549 return -EPERM; 3550 3551 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3552 return -EINVAL; 3553 3554 if (strcmp(name, "current") != 0) 3555 return -EINVAL; 3556 3557 skp = smk_import_entry(value, size); 3558 if (IS_ERR(skp)) 3559 return PTR_ERR(skp); 3560 3561 /* 3562 * No process is ever allowed the web ("@") label 3563 * and the star ("*") label. 3564 */ 3565 if (skp == &smack_known_web || skp == &smack_known_star) 3566 return -EINVAL; 3567 3568 if (!smack_privileged(CAP_MAC_ADMIN)) { 3569 rc = -EPERM; 3570 list_for_each_entry(sklep, &tsp->smk_relabel, list) 3571 if (sklep->smk_label == skp) { 3572 rc = 0; 3573 break; 3574 } 3575 if (rc) 3576 return rc; 3577 } 3578 3579 new = prepare_creds(); 3580 if (new == NULL) 3581 return -ENOMEM; 3582 3583 tsp = smack_cred(new); 3584 tsp->smk_task = skp; 3585 /* 3586 * process can change its label only once 3587 */ 3588 smk_destroy_label_list(&tsp->smk_relabel); 3589 3590 commit_creds(new); 3591 return size; 3592} 3593 3594/** 3595 * smack_unix_stream_connect - Smack access on UDS 3596 * @sock: one sock 3597 * @other: the other sock 3598 * @newsk: unused 3599 * 3600 * Return 0 if a subject with the smack of sock could access 3601 * an object with the smack of other, otherwise an error code 3602 */ 3603static int smack_unix_stream_connect(struct sock *sock, 3604 struct sock *other, struct sock *newsk) 3605{ 3606 struct smack_known *skp; 3607 struct smack_known *okp; 3608 struct socket_smack *ssp = sock->sk_security; 3609 struct socket_smack *osp = other->sk_security; 3610 struct socket_smack *nsp = newsk->sk_security; 3611 struct smk_audit_info ad; 3612 int rc = 0; 3613#ifdef CONFIG_AUDIT 3614 struct lsm_network_audit net; 3615#endif 3616 3617 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3618 skp = ssp->smk_out; 3619 okp = osp->smk_in; 3620#ifdef CONFIG_AUDIT 3621 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3622 smk_ad_setfield_u_net_sk(&ad, other); 3623#endif 3624 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3625 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3626 if (rc == 0) { 3627 okp = osp->smk_out; 3628 skp = ssp->smk_in; 3629 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3630 rc = smk_bu_note("UDS connect", okp, skp, 3631 MAY_WRITE, rc); 3632 } 3633 } 3634 3635 /* 3636 * Cross reference the peer labels for SO_PEERSEC. 3637 */ 3638 if (rc == 0) { 3639 nsp->smk_packet = ssp->smk_out; 3640 ssp->smk_packet = osp->smk_out; 3641 } 3642 3643 return rc; 3644} 3645 3646/** 3647 * smack_unix_may_send - Smack access on UDS 3648 * @sock: one socket 3649 * @other: the other socket 3650 * 3651 * Return 0 if a subject with the smack of sock could access 3652 * an object with the smack of other, otherwise an error code 3653 */ 3654static int smack_unix_may_send(struct socket *sock, struct socket *other) 3655{ 3656 struct socket_smack *ssp = sock->sk->sk_security; 3657 struct socket_smack *osp = other->sk->sk_security; 3658 struct smk_audit_info ad; 3659 int rc; 3660 3661#ifdef CONFIG_AUDIT 3662 struct lsm_network_audit net; 3663 3664 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3665 smk_ad_setfield_u_net_sk(&ad, other->sk); 3666#endif 3667 3668 if (smack_privileged(CAP_MAC_OVERRIDE)) 3669 return 0; 3670 3671 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3672 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3673 return rc; 3674} 3675 3676/** 3677 * smack_socket_sendmsg - Smack check based on destination host 3678 * @sock: the socket 3679 * @msg: the message 3680 * @size: the size of the message 3681 * 3682 * Return 0 if the current subject can write to the destination host. 3683 * For IPv4 this is only a question if the destination is a single label host. 3684 * For IPv6 this is a check against the label of the port. 3685 */ 3686static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3687 int size) 3688{ 3689 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3690#if IS_ENABLED(CONFIG_IPV6) 3691 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3692#endif 3693#ifdef SMACK_IPV6_SECMARK_LABELING 3694 struct socket_smack *ssp = sock->sk->sk_security; 3695 struct smack_known *rsp; 3696#endif 3697 int rc = 0; 3698 3699 /* 3700 * Perfectly reasonable for this to be NULL 3701 */ 3702 if (sip == NULL) 3703 return 0; 3704 3705 switch (sock->sk->sk_family) { 3706 case AF_INET: 3707 if (msg->msg_namelen < sizeof(struct sockaddr_in) || 3708 sip->sin_family != AF_INET) 3709 return -EINVAL; 3710 rc = smk_ipv4_check(sock->sk, sip); 3711 break; 3712#if IS_ENABLED(CONFIG_IPV6) 3713 case AF_INET6: 3714 if (msg->msg_namelen < SIN6_LEN_RFC2133 || 3715 sap->sin6_family != AF_INET6) 3716 return -EINVAL; 3717#ifdef SMACK_IPV6_SECMARK_LABELING 3718 rsp = smack_ipv6host_label(sap); 3719 if (rsp != NULL) 3720 rc = smk_ipv6_check(ssp->smk_out, rsp, sap, 3721 SMK_CONNECTING); 3722#endif 3723#ifdef SMACK_IPV6_PORT_LABELING 3724 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3725#endif 3726#endif /* IS_ENABLED(CONFIG_IPV6) */ 3727 break; 3728 } 3729 return rc; 3730} 3731 3732/** 3733 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3734 * @sap: netlabel secattr 3735 * @ssp: socket security information 3736 * 3737 * Returns a pointer to a Smack label entry found on the label list. 3738 */ 3739static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3740 struct socket_smack *ssp) 3741{ 3742 struct smack_known *skp; 3743 int found = 0; 3744 int acat; 3745 int kcat; 3746 3747 /* 3748 * Netlabel found it in the cache. 3749 */ 3750 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) 3751 return (struct smack_known *)sap->cache->data; 3752 3753 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) 3754 /* 3755 * Looks like a fallback, which gives us a secid. 3756 */ 3757 return smack_from_secid(sap->attr.secid); 3758 3759 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3760 /* 3761 * Looks like a CIPSO packet. 3762 * If there are flags but no level netlabel isn't 3763 * behaving the way we expect it to. 3764 * 3765 * Look it up in the label table 3766 * Without guidance regarding the smack value 3767 * for the packet fall back on the network 3768 * ambient value. 3769 */ 3770 rcu_read_lock(); 3771 list_for_each_entry_rcu(skp, &smack_known_list, list) { 3772 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3773 continue; 3774 /* 3775 * Compare the catsets. Use the netlbl APIs. 3776 */ 3777 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3778 if ((skp->smk_netlabel.flags & 3779 NETLBL_SECATTR_MLS_CAT) == 0) 3780 found = 1; 3781 break; 3782 } 3783 for (acat = -1, kcat = -1; acat == kcat; ) { 3784 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3785 acat + 1); 3786 kcat = netlbl_catmap_walk( 3787 skp->smk_netlabel.attr.mls.cat, 3788 kcat + 1); 3789 if (acat < 0 || kcat < 0) 3790 break; 3791 } 3792 if (acat == kcat) { 3793 found = 1; 3794 break; 3795 } 3796 } 3797 rcu_read_unlock(); 3798 3799 if (found) 3800 return skp; 3801 3802 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3803 return &smack_known_web; 3804 return &smack_known_star; 3805 } 3806 /* 3807 * Without guidance regarding the smack value 3808 * for the packet fall back on the network 3809 * ambient value. 3810 */ 3811 return smack_net_ambient; 3812} 3813 3814#if IS_ENABLED(CONFIG_IPV6) 3815static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3816{ 3817 u8 nexthdr; 3818 int offset; 3819 int proto = -EINVAL; 3820 struct ipv6hdr _ipv6h; 3821 struct ipv6hdr *ip6; 3822 __be16 frag_off; 3823 struct tcphdr _tcph, *th; 3824 struct udphdr _udph, *uh; 3825 struct dccp_hdr _dccph, *dh; 3826 3827 sip->sin6_port = 0; 3828 3829 offset = skb_network_offset(skb); 3830 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3831 if (ip6 == NULL) 3832 return -EINVAL; 3833 sip->sin6_addr = ip6->saddr; 3834 3835 nexthdr = ip6->nexthdr; 3836 offset += sizeof(_ipv6h); 3837 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3838 if (offset < 0) 3839 return -EINVAL; 3840 3841 proto = nexthdr; 3842 switch (proto) { 3843 case IPPROTO_TCP: 3844 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3845 if (th != NULL) 3846 sip->sin6_port = th->source; 3847 break; 3848 case IPPROTO_UDP: 3849 case IPPROTO_UDPLITE: 3850 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3851 if (uh != NULL) 3852 sip->sin6_port = uh->source; 3853 break; 3854 case IPPROTO_DCCP: 3855 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3856 if (dh != NULL) 3857 sip->sin6_port = dh->dccph_sport; 3858 break; 3859 } 3860 return proto; 3861} 3862#endif /* CONFIG_IPV6 */ 3863 3864/** 3865 * smack_from_skb - Smack data from the secmark in an skb 3866 * @skb: packet 3867 * 3868 * Returns smack_known of the secmark or NULL if that won't work. 3869 */ 3870#ifdef CONFIG_NETWORK_SECMARK 3871static struct smack_known *smack_from_skb(struct sk_buff *skb) 3872{ 3873 if (skb == NULL || skb->secmark == 0) 3874 return NULL; 3875 3876 return smack_from_secid(skb->secmark); 3877} 3878#else 3879static inline struct smack_known *smack_from_skb(struct sk_buff *skb) 3880{ 3881 return NULL; 3882} 3883#endif 3884 3885/** 3886 * smack_from_netlbl - Smack data from the IP options in an skb 3887 * @sk: socket data came in on 3888 * @family: address family 3889 * @skb: packet 3890 * 3891 * Find the Smack label in the IP options. If it hasn't been 3892 * added to the netlabel cache, add it here. 3893 * 3894 * Returns smack_known of the IP options or NULL if that won't work. 3895 */ 3896static struct smack_known *smack_from_netlbl(struct sock *sk, u16 family, 3897 struct sk_buff *skb) 3898{ 3899 struct netlbl_lsm_secattr secattr; 3900 struct socket_smack *ssp = NULL; 3901 struct smack_known *skp = NULL; 3902 int rc; 3903 3904 netlbl_secattr_init(&secattr); 3905 3906 if (sk) 3907 ssp = sk->sk_security; 3908 3909 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { 3910 skp = smack_from_secattr(&secattr, ssp); 3911 if (secattr.flags & NETLBL_SECATTR_CACHEABLE) 3912 rc = netlbl_cache_add(skb, family, &skp->smk_netlabel); 3913 } 3914 3915 netlbl_secattr_destroy(&secattr); 3916 3917 return skp; 3918} 3919 3920/** 3921 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3922 * @sk: socket 3923 * @skb: packet 3924 * 3925 * Returns 0 if the packet should be delivered, an error code otherwise 3926 */ 3927static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3928{ 3929 struct socket_smack *ssp = sk->sk_security; 3930 struct smack_known *skp = NULL; 3931 int rc = 0; 3932 struct smk_audit_info ad; 3933 u16 family = sk->sk_family; 3934#ifdef CONFIG_AUDIT 3935 struct lsm_network_audit net; 3936#endif 3937#if IS_ENABLED(CONFIG_IPV6) 3938 struct sockaddr_in6 sadd; 3939 int proto; 3940 3941 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3942 family = PF_INET; 3943#endif /* CONFIG_IPV6 */ 3944 3945 switch (family) { 3946 case PF_INET: 3947 /* 3948 * If there is a secmark use it rather than the CIPSO label. 3949 * If there is no secmark fall back to CIPSO. 3950 * The secmark is assumed to reflect policy better. 3951 */ 3952 skp = smack_from_skb(skb); 3953 if (skp == NULL) { 3954 skp = smack_from_netlbl(sk, family, skb); 3955 if (skp == NULL) 3956 skp = smack_net_ambient; 3957 } 3958 3959#ifdef CONFIG_AUDIT 3960 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3961 ad.a.u.net->family = family; 3962 ad.a.u.net->netif = skb->skb_iif; 3963 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3964#endif 3965 /* 3966 * Receiving a packet requires that the other end 3967 * be able to write here. Read access is not required. 3968 * This is the simplist possible security model 3969 * for networking. 3970 */ 3971 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3972 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3973 MAY_WRITE, rc); 3974 if (rc != 0) 3975 netlbl_skbuff_err(skb, family, rc, 0); 3976 break; 3977#if IS_ENABLED(CONFIG_IPV6) 3978 case PF_INET6: 3979 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3980 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && 3981 proto != IPPROTO_TCP && proto != IPPROTO_DCCP) 3982 break; 3983#ifdef SMACK_IPV6_SECMARK_LABELING 3984 skp = smack_from_skb(skb); 3985 if (skp == NULL) { 3986 if (smk_ipv6_localhost(&sadd)) 3987 break; 3988 skp = smack_ipv6host_label(&sadd); 3989 if (skp == NULL) 3990 skp = smack_net_ambient; 3991 } 3992#ifdef CONFIG_AUDIT 3993 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3994 ad.a.u.net->family = family; 3995 ad.a.u.net->netif = skb->skb_iif; 3996 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3997#endif /* CONFIG_AUDIT */ 3998 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3999 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 4000 MAY_WRITE, rc); 4001#endif /* SMACK_IPV6_SECMARK_LABELING */ 4002#ifdef SMACK_IPV6_PORT_LABELING 4003 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 4004#endif /* SMACK_IPV6_PORT_LABELING */ 4005 if (rc != 0) 4006 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 4007 ICMPV6_ADM_PROHIBITED, 0); 4008 break; 4009#endif /* CONFIG_IPV6 */ 4010 } 4011 4012 return rc; 4013} 4014 4015/** 4016 * smack_socket_getpeersec_stream - pull in packet label 4017 * @sock: the socket 4018 * @optval: user's destination 4019 * @optlen: size thereof 4020 * @len: max thereof 4021 * 4022 * returns zero on success, an error code otherwise 4023 */ 4024static int smack_socket_getpeersec_stream(struct socket *sock, 4025 char __user *optval, 4026 int __user *optlen, unsigned len) 4027{ 4028 struct socket_smack *ssp; 4029 char *rcp = ""; 4030 int slen = 1; 4031 int rc = 0; 4032 4033 ssp = sock->sk->sk_security; 4034 if (ssp->smk_packet != NULL) { 4035 rcp = ssp->smk_packet->smk_known; 4036 slen = strlen(rcp) + 1; 4037 } 4038 4039 if (slen > len) 4040 rc = -ERANGE; 4041 else if (copy_to_user(optval, rcp, slen) != 0) 4042 rc = -EFAULT; 4043 4044 if (put_user(slen, optlen) != 0) 4045 rc = -EFAULT; 4046 4047 return rc; 4048} 4049 4050 4051/** 4052 * smack_socket_getpeersec_dgram - pull in packet label 4053 * @sock: the peer socket 4054 * @skb: packet data 4055 * @secid: pointer to where to put the secid of the packet 4056 * 4057 * Sets the netlabel socket state on sk from parent 4058 */ 4059static int smack_socket_getpeersec_dgram(struct socket *sock, 4060 struct sk_buff *skb, u32 *secid) 4061 4062{ 4063 struct socket_smack *ssp = NULL; 4064 struct smack_known *skp; 4065 struct sock *sk = NULL; 4066 int family = PF_UNSPEC; 4067 u32 s = 0; /* 0 is the invalid secid */ 4068 4069 if (skb != NULL) { 4070 if (skb->protocol == htons(ETH_P_IP)) 4071 family = PF_INET; 4072#if IS_ENABLED(CONFIG_IPV6) 4073 else if (skb->protocol == htons(ETH_P_IPV6)) 4074 family = PF_INET6; 4075#endif /* CONFIG_IPV6 */ 4076 } 4077 if (family == PF_UNSPEC && sock != NULL) 4078 family = sock->sk->sk_family; 4079 4080 switch (family) { 4081 case PF_UNIX: 4082 ssp = sock->sk->sk_security; 4083 s = ssp->smk_out->smk_secid; 4084 break; 4085 case PF_INET: 4086 skp = smack_from_skb(skb); 4087 if (skp) { 4088 s = skp->smk_secid; 4089 break; 4090 } 4091 /* 4092 * Translate what netlabel gave us. 4093 */ 4094 if (sock != NULL) 4095 sk = sock->sk; 4096 skp = smack_from_netlbl(sk, family, skb); 4097 if (skp != NULL) 4098 s = skp->smk_secid; 4099 break; 4100 case PF_INET6: 4101#ifdef SMACK_IPV6_SECMARK_LABELING 4102 skp = smack_from_skb(skb); 4103 if (skp) 4104 s = skp->smk_secid; 4105#endif 4106 break; 4107 } 4108 *secid = s; 4109 if (s == 0) 4110 return -EINVAL; 4111 return 0; 4112} 4113 4114/** 4115 * smack_sock_graft - Initialize a newly created socket with an existing sock 4116 * @sk: child sock 4117 * @parent: parent socket 4118 * 4119 * Set the smk_{in,out} state of an existing sock based on the process that 4120 * is creating the new socket. 4121 */ 4122static void smack_sock_graft(struct sock *sk, struct socket *parent) 4123{ 4124 struct socket_smack *ssp; 4125 struct smack_known *skp = smk_of_current(); 4126 4127 if (sk == NULL || 4128 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 4129 return; 4130 4131 ssp = sk->sk_security; 4132 ssp->smk_in = skp; 4133 ssp->smk_out = skp; 4134 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 4135} 4136 4137/** 4138 * smack_inet_conn_request - Smack access check on connect 4139 * @sk: socket involved 4140 * @skb: packet 4141 * @req: unused 4142 * 4143 * Returns 0 if a task with the packet label could write to 4144 * the socket, otherwise an error code 4145 */ 4146static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 4147 struct request_sock *req) 4148{ 4149 u16 family = sk->sk_family; 4150 struct smack_known *skp; 4151 struct socket_smack *ssp = sk->sk_security; 4152 struct sockaddr_in addr; 4153 struct iphdr *hdr; 4154 struct smack_known *hskp; 4155 int rc; 4156 struct smk_audit_info ad; 4157#ifdef CONFIG_AUDIT 4158 struct lsm_network_audit net; 4159#endif 4160 4161#if IS_ENABLED(CONFIG_IPV6) 4162 if (family == PF_INET6) { 4163 /* 4164 * Handle mapped IPv4 packets arriving 4165 * via IPv6 sockets. Don't set up netlabel 4166 * processing on IPv6. 4167 */ 4168 if (skb->protocol == htons(ETH_P_IP)) 4169 family = PF_INET; 4170 else 4171 return 0; 4172 } 4173#endif /* CONFIG_IPV6 */ 4174 4175 /* 4176 * If there is a secmark use it rather than the CIPSO label. 4177 * If there is no secmark fall back to CIPSO. 4178 * The secmark is assumed to reflect policy better. 4179 */ 4180 skp = smack_from_skb(skb); 4181 if (skp == NULL) { 4182 skp = smack_from_netlbl(sk, family, skb); 4183 if (skp == NULL) 4184 skp = &smack_known_huh; 4185 } 4186 4187#ifdef CONFIG_AUDIT 4188 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 4189 ad.a.u.net->family = family; 4190 ad.a.u.net->netif = skb->skb_iif; 4191 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 4192#endif 4193 /* 4194 * Receiving a packet requires that the other end be able to write 4195 * here. Read access is not required. 4196 */ 4197 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 4198 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 4199 if (rc != 0) 4200 return rc; 4201 4202 /* 4203 * Save the peer's label in the request_sock so we can later setup 4204 * smk_packet in the child socket so that SO_PEERCRED can report it. 4205 */ 4206 req->peer_secid = skp->smk_secid; 4207 4208 /* 4209 * We need to decide if we want to label the incoming connection here 4210 * if we do we only need to label the request_sock and the stack will 4211 * propagate the wire-label to the sock when it is created. 4212 */ 4213 hdr = ip_hdr(skb); 4214 addr.sin_addr.s_addr = hdr->saddr; 4215 rcu_read_lock(); 4216 hskp = smack_ipv4host_label(&addr); 4217 rcu_read_unlock(); 4218 4219 if (hskp == NULL) 4220 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 4221 else 4222 netlbl_req_delattr(req); 4223 4224 return rc; 4225} 4226 4227/** 4228 * smack_inet_csk_clone - Copy the connection information to the new socket 4229 * @sk: the new socket 4230 * @req: the connection's request_sock 4231 * 4232 * Transfer the connection's peer label to the newly created socket. 4233 */ 4234static void smack_inet_csk_clone(struct sock *sk, 4235 const struct request_sock *req) 4236{ 4237 struct socket_smack *ssp = sk->sk_security; 4238 struct smack_known *skp; 4239 4240 if (req->peer_secid != 0) { 4241 skp = smack_from_secid(req->peer_secid); 4242 ssp->smk_packet = skp; 4243 } else 4244 ssp->smk_packet = NULL; 4245} 4246 4247/* 4248 * Key management security hooks 4249 * 4250 * Casey has not tested key support very heavily. 4251 * The permission check is most likely too restrictive. 4252 * If you care about keys please have a look. 4253 */ 4254#ifdef CONFIG_KEYS 4255 4256/** 4257 * smack_key_alloc - Set the key security blob 4258 * @key: object 4259 * @cred: the credentials to use 4260 * @flags: unused 4261 * 4262 * No allocation required 4263 * 4264 * Returns 0 4265 */ 4266static int smack_key_alloc(struct key *key, const struct cred *cred, 4267 unsigned long flags) 4268{ 4269 struct smack_known *skp = smk_of_task(smack_cred(cred)); 4270 4271 key->security = skp; 4272 return 0; 4273} 4274 4275/** 4276 * smack_key_free - Clear the key security blob 4277 * @key: the object 4278 * 4279 * Clear the blob pointer 4280 */ 4281static void smack_key_free(struct key *key) 4282{ 4283 key->security = NULL; 4284} 4285 4286/** 4287 * smack_key_permission - Smack access on a key 4288 * @key_ref: gets to the object 4289 * @cred: the credentials to use 4290 * @need_perm: requested key permission 4291 * 4292 * Return 0 if the task has read and write to the object, 4293 * an error code otherwise 4294 */ 4295static int smack_key_permission(key_ref_t key_ref, 4296 const struct cred *cred, 4297 enum key_need_perm need_perm) 4298{ 4299 struct key *keyp; 4300 struct smk_audit_info ad; 4301 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4302 int request = 0; 4303 int rc; 4304 4305 /* 4306 * Validate requested permissions 4307 */ 4308 switch (need_perm) { 4309 case KEY_NEED_READ: 4310 case KEY_NEED_SEARCH: 4311 case KEY_NEED_VIEW: 4312 request |= MAY_READ; 4313 break; 4314 case KEY_NEED_WRITE: 4315 case KEY_NEED_LINK: 4316 case KEY_NEED_SETATTR: 4317 request |= MAY_WRITE; 4318 break; 4319 case KEY_NEED_UNSPECIFIED: 4320 case KEY_NEED_UNLINK: 4321 case KEY_SYSADMIN_OVERRIDE: 4322 case KEY_AUTHTOKEN_OVERRIDE: 4323 case KEY_DEFER_PERM_CHECK: 4324 return 0; 4325 default: 4326 return -EINVAL; 4327 } 4328 4329 keyp = key_ref_to_ptr(key_ref); 4330 if (keyp == NULL) 4331 return -EINVAL; 4332 /* 4333 * If the key hasn't been initialized give it access so that 4334 * it may do so. 4335 */ 4336 if (keyp->security == NULL) 4337 return 0; 4338 /* 4339 * This should not occur 4340 */ 4341 if (tkp == NULL) 4342 return -EACCES; 4343 4344 if (smack_privileged(CAP_MAC_OVERRIDE)) 4345 return 0; 4346 4347#ifdef CONFIG_AUDIT 4348 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4349 ad.a.u.key_struct.key = keyp->serial; 4350 ad.a.u.key_struct.key_desc = keyp->description; 4351#endif 4352 rc = smk_access(tkp, keyp->security, request, &ad); 4353 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4354 return rc; 4355} 4356 4357/* 4358 * smack_key_getsecurity - Smack label tagging the key 4359 * @key points to the key to be queried 4360 * @_buffer points to a pointer that should be set to point to the 4361 * resulting string (if no label or an error occurs). 4362 * Return the length of the string (including terminating NUL) or -ve if 4363 * an error. 4364 * May also return 0 (and a NULL buffer pointer) if there is no label. 4365 */ 4366static int smack_key_getsecurity(struct key *key, char **_buffer) 4367{ 4368 struct smack_known *skp = key->security; 4369 size_t length; 4370 char *copy; 4371 4372 if (key->security == NULL) { 4373 *_buffer = NULL; 4374 return 0; 4375 } 4376 4377 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4378 if (copy == NULL) 4379 return -ENOMEM; 4380 length = strlen(copy) + 1; 4381 4382 *_buffer = copy; 4383 return length; 4384} 4385 4386 4387#ifdef CONFIG_KEY_NOTIFICATIONS 4388/** 4389 * smack_watch_key - Smack access to watch a key for notifications. 4390 * @key: The key to be watched 4391 * 4392 * Return 0 if the @watch->cred has permission to read from the key object and 4393 * an error otherwise. 4394 */ 4395static int smack_watch_key(struct key *key) 4396{ 4397 struct smk_audit_info ad; 4398 struct smack_known *tkp = smk_of_current(); 4399 int rc; 4400 4401 if (key == NULL) 4402 return -EINVAL; 4403 /* 4404 * If the key hasn't been initialized give it access so that 4405 * it may do so. 4406 */ 4407 if (key->security == NULL) 4408 return 0; 4409 /* 4410 * This should not occur 4411 */ 4412 if (tkp == NULL) 4413 return -EACCES; 4414 4415 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred())) 4416 return 0; 4417 4418#ifdef CONFIG_AUDIT 4419 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4420 ad.a.u.key_struct.key = key->serial; 4421 ad.a.u.key_struct.key_desc = key->description; 4422#endif 4423 rc = smk_access(tkp, key->security, MAY_READ, &ad); 4424 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4425 return rc; 4426} 4427#endif /* CONFIG_KEY_NOTIFICATIONS */ 4428#endif /* CONFIG_KEYS */ 4429 4430#ifdef CONFIG_WATCH_QUEUE 4431/** 4432 * smack_post_notification - Smack access to post a notification to a queue 4433 * @w_cred: The credentials of the watcher. 4434 * @cred: The credentials of the event source (may be NULL). 4435 * @n: The notification message to be posted. 4436 */ 4437static int smack_post_notification(const struct cred *w_cred, 4438 const struct cred *cred, 4439 struct watch_notification *n) 4440{ 4441 struct smk_audit_info ad; 4442 struct smack_known *subj, *obj; 4443 int rc; 4444 4445 /* Always let maintenance notifications through. */ 4446 if (n->type == WATCH_TYPE_META) 4447 return 0; 4448 4449 if (!cred) 4450 return 0; 4451 subj = smk_of_task(smack_cred(cred)); 4452 obj = smk_of_task(smack_cred(w_cred)); 4453 4454 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION); 4455 rc = smk_access(subj, obj, MAY_WRITE, &ad); 4456 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc); 4457 return rc; 4458} 4459#endif /* CONFIG_WATCH_QUEUE */ 4460 4461/* 4462 * Smack Audit hooks 4463 * 4464 * Audit requires a unique representation of each Smack specific 4465 * rule. This unique representation is used to distinguish the 4466 * object to be audited from remaining kernel objects and also 4467 * works as a glue between the audit hooks. 4468 * 4469 * Since repository entries are added but never deleted, we'll use 4470 * the smack_known label address related to the given audit rule as 4471 * the needed unique representation. This also better fits the smack 4472 * model where nearly everything is a label. 4473 */ 4474#ifdef CONFIG_AUDIT 4475 4476/** 4477 * smack_audit_rule_init - Initialize a smack audit rule 4478 * @field: audit rule fields given from user-space (audit.h) 4479 * @op: required testing operator (=, !=, >, <, ...) 4480 * @rulestr: smack label to be audited 4481 * @vrule: pointer to save our own audit rule representation 4482 * 4483 * Prepare to audit cases where (@field @op @rulestr) is true. 4484 * The label to be audited is created if necessay. 4485 */ 4486static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4487{ 4488 struct smack_known *skp; 4489 char **rule = (char **)vrule; 4490 *rule = NULL; 4491 4492 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4493 return -EINVAL; 4494 4495 if (op != Audit_equal && op != Audit_not_equal) 4496 return -EINVAL; 4497 4498 skp = smk_import_entry(rulestr, 0); 4499 if (IS_ERR(skp)) 4500 return PTR_ERR(skp); 4501 4502 *rule = skp->smk_known; 4503 4504 return 0; 4505} 4506 4507/** 4508 * smack_audit_rule_known - Distinguish Smack audit rules 4509 * @krule: rule of interest, in Audit kernel representation format 4510 * 4511 * This is used to filter Smack rules from remaining Audit ones. 4512 * If it's proved that this rule belongs to us, the 4513 * audit_rule_match hook will be called to do the final judgement. 4514 */ 4515static int smack_audit_rule_known(struct audit_krule *krule) 4516{ 4517 struct audit_field *f; 4518 int i; 4519 4520 for (i = 0; i < krule->field_count; i++) { 4521 f = &krule->fields[i]; 4522 4523 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4524 return 1; 4525 } 4526 4527 return 0; 4528} 4529 4530/** 4531 * smack_audit_rule_match - Audit given object ? 4532 * @secid: security id for identifying the object to test 4533 * @field: audit rule flags given from user-space 4534 * @op: required testing operator 4535 * @vrule: smack internal rule presentation 4536 * 4537 * The core Audit hook. It's used to take the decision of 4538 * whether to audit or not to audit a given object. 4539 */ 4540static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) 4541{ 4542 struct smack_known *skp; 4543 char *rule = vrule; 4544 4545 if (unlikely(!rule)) { 4546 WARN_ONCE(1, "Smack: missing rule\n"); 4547 return -ENOENT; 4548 } 4549 4550 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4551 return 0; 4552 4553 skp = smack_from_secid(secid); 4554 4555 /* 4556 * No need to do string comparisons. If a match occurs, 4557 * both pointers will point to the same smack_known 4558 * label. 4559 */ 4560 if (op == Audit_equal) 4561 return (rule == skp->smk_known); 4562 if (op == Audit_not_equal) 4563 return (rule != skp->smk_known); 4564 4565 return 0; 4566} 4567 4568/* 4569 * There is no need for a smack_audit_rule_free hook. 4570 * No memory was allocated. 4571 */ 4572 4573#endif /* CONFIG_AUDIT */ 4574 4575/** 4576 * smack_ismaclabel - check if xattr @name references a smack MAC label 4577 * @name: Full xattr name to check. 4578 */ 4579static int smack_ismaclabel(const char *name) 4580{ 4581 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4582} 4583 4584 4585/** 4586 * smack_secid_to_secctx - return the smack label for a secid 4587 * @secid: incoming integer 4588 * @secdata: destination 4589 * @seclen: how long it is 4590 * 4591 * Exists for networking code. 4592 */ 4593static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4594{ 4595 struct smack_known *skp = smack_from_secid(secid); 4596 4597 if (secdata) 4598 *secdata = skp->smk_known; 4599 *seclen = strlen(skp->smk_known); 4600 return 0; 4601} 4602 4603/** 4604 * smack_secctx_to_secid - return the secid for a smack label 4605 * @secdata: smack label 4606 * @seclen: how long result is 4607 * @secid: outgoing integer 4608 * 4609 * Exists for audit and networking code. 4610 */ 4611static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4612{ 4613 struct smack_known *skp = smk_find_entry(secdata); 4614 4615 if (skp) 4616 *secid = skp->smk_secid; 4617 else 4618 *secid = 0; 4619 return 0; 4620} 4621 4622/* 4623 * There used to be a smack_release_secctx hook 4624 * that did nothing back when hooks were in a vector. 4625 * Now that there's a list such a hook adds cost. 4626 */ 4627 4628static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4629{ 4630 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 4631} 4632 4633static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4634{ 4635 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 4636} 4637 4638static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4639{ 4640 struct smack_known *skp = smk_of_inode(inode); 4641 4642 *ctx = skp->smk_known; 4643 *ctxlen = strlen(skp->smk_known); 4644 return 0; 4645} 4646 4647static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) 4648{ 4649 4650 struct task_smack *tsp; 4651 struct smack_known *skp; 4652 struct inode_smack *isp; 4653 struct cred *new_creds = *new; 4654 4655 if (new_creds == NULL) { 4656 new_creds = prepare_creds(); 4657 if (new_creds == NULL) 4658 return -ENOMEM; 4659 } 4660 4661 tsp = smack_cred(new_creds); 4662 4663 /* 4664 * Get label from overlay inode and set it in create_sid 4665 */ 4666 isp = smack_inode(d_inode(dentry)); 4667 skp = isp->smk_inode; 4668 tsp->smk_task = skp; 4669 *new = new_creds; 4670 return 0; 4671} 4672 4673static int smack_inode_copy_up_xattr(const char *name) 4674{ 4675 /* 4676 * Return 1 if this is the smack access Smack attribute. 4677 */ 4678 if (strcmp(name, XATTR_NAME_SMACK) == 0) 4679 return 1; 4680 4681 return -EOPNOTSUPP; 4682} 4683 4684static int smack_dentry_create_files_as(struct dentry *dentry, int mode, 4685 struct qstr *name, 4686 const struct cred *old, 4687 struct cred *new) 4688{ 4689 struct task_smack *otsp = smack_cred(old); 4690 struct task_smack *ntsp = smack_cred(new); 4691 struct inode_smack *isp; 4692 int may; 4693 4694 /* 4695 * Use the process credential unless all of 4696 * the transmuting criteria are met 4697 */ 4698 ntsp->smk_task = otsp->smk_task; 4699 4700 /* 4701 * the attribute of the containing directory 4702 */ 4703 isp = smack_inode(d_inode(dentry->d_parent)); 4704 4705 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4706 rcu_read_lock(); 4707 may = smk_access_entry(otsp->smk_task->smk_known, 4708 isp->smk_inode->smk_known, 4709 &otsp->smk_task->smk_rules); 4710 rcu_read_unlock(); 4711 4712 /* 4713 * If the directory is transmuting and the rule 4714 * providing access is transmuting use the containing 4715 * directory label instead of the process label. 4716 */ 4717 if (may > 0 && (may & MAY_TRANSMUTE)) { 4718 ntsp->smk_task = isp->smk_inode; 4719 ntsp->smk_transmuted = ntsp->smk_task; 4720 } 4721 } 4722 return 0; 4723} 4724 4725struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4726 .lbs_cred = sizeof(struct task_smack), 4727 .lbs_file = sizeof(struct smack_known *), 4728 .lbs_inode = sizeof(struct inode_smack), 4729 .lbs_ipc = sizeof(struct smack_known *), 4730 .lbs_msg_msg = sizeof(struct smack_known *), 4731}; 4732 4733static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4734 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4735 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4736 LSM_HOOK_INIT(syslog, smack_syslog), 4737 4738 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup), 4739 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), 4740 4741 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4742 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), 4743 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4744 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4745 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4746 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), 4747 4748 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec), 4749 4750 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4751 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4752 LSM_HOOK_INIT(inode_link, smack_inode_link), 4753 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), 4754 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), 4755 LSM_HOOK_INIT(inode_rename, smack_inode_rename), 4756 LSM_HOOK_INIT(inode_permission, smack_inode_permission), 4757 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), 4758 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), 4759 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), 4760 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), 4761 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), 4762 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), 4763 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), 4764 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), 4765 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4766 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4767 4768 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4769 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4770 LSM_HOOK_INIT(file_ioctl_compat, smack_file_ioctl), 4771 LSM_HOOK_INIT(file_lock, smack_file_lock), 4772 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), 4773 LSM_HOOK_INIT(mmap_file, smack_mmap_file), 4774 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 4775 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), 4776 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), 4777 LSM_HOOK_INIT(file_receive, smack_file_receive), 4778 4779 LSM_HOOK_INIT(file_open, smack_file_open), 4780 4781 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), 4782 LSM_HOOK_INIT(cred_free, smack_cred_free), 4783 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), 4784 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), 4785 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), 4786 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), 4787 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), 4788 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), 4789 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), 4790 LSM_HOOK_INIT(task_getsid, smack_task_getsid), 4791 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid), 4792 LSM_HOOK_INIT(task_setnice, smack_task_setnice), 4793 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), 4794 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), 4795 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), 4796 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), 4797 LSM_HOOK_INIT(task_movememory, smack_task_movememory), 4798 LSM_HOOK_INIT(task_kill, smack_task_kill), 4799 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), 4800 4801 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), 4802 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4803 4804 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4805 4806 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4807 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4808 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4809 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4810 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4811 4812 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4813 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4814 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4815 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4816 4817 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4818 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4819 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4820 LSM_HOOK_INIT(sem_semop, smack_sem_semop), 4821 4822 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 4823 4824 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 4825 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 4826 4827 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), 4828 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), 4829 4830 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), 4831 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), 4832#ifdef SMACK_IPV6_PORT_LABELING 4833 LSM_HOOK_INIT(socket_bind, smack_socket_bind), 4834#endif 4835 LSM_HOOK_INIT(socket_connect, smack_socket_connect), 4836 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), 4837 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), 4838 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), 4839 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4840 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4841 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4842 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4843 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4844 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), 4845 4846 /* key management security hooks */ 4847#ifdef CONFIG_KEYS 4848 LSM_HOOK_INIT(key_alloc, smack_key_alloc), 4849 LSM_HOOK_INIT(key_free, smack_key_free), 4850 LSM_HOOK_INIT(key_permission, smack_key_permission), 4851 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), 4852#ifdef CONFIG_KEY_NOTIFICATIONS 4853 LSM_HOOK_INIT(watch_key, smack_watch_key), 4854#endif 4855#endif /* CONFIG_KEYS */ 4856 4857#ifdef CONFIG_WATCH_QUEUE 4858 LSM_HOOK_INIT(post_notification, smack_post_notification), 4859#endif 4860 4861 /* Audit hooks */ 4862#ifdef CONFIG_AUDIT 4863 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4864 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4865 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4866#endif /* CONFIG_AUDIT */ 4867 4868 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4869 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4870 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4871 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4872 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4873 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), 4874 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), 4875 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), 4876 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), 4877}; 4878 4879 4880static __init void init_smack_known_list(void) 4881{ 4882 /* 4883 * Initialize rule list locks 4884 */ 4885 mutex_init(&smack_known_huh.smk_rules_lock); 4886 mutex_init(&smack_known_hat.smk_rules_lock); 4887 mutex_init(&smack_known_floor.smk_rules_lock); 4888 mutex_init(&smack_known_star.smk_rules_lock); 4889 mutex_init(&smack_known_web.smk_rules_lock); 4890 /* 4891 * Initialize rule lists 4892 */ 4893 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4894 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4895 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4896 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4897 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4898 /* 4899 * Create the known labels list 4900 */ 4901 smk_insert_entry(&smack_known_huh); 4902 smk_insert_entry(&smack_known_hat); 4903 smk_insert_entry(&smack_known_star); 4904 smk_insert_entry(&smack_known_floor); 4905 smk_insert_entry(&smack_known_web); 4906} 4907 4908/** 4909 * smack_init - initialize the smack system 4910 * 4911 * Returns 0 on success, -ENOMEM is there's no memory 4912 */ 4913static __init int smack_init(void) 4914{ 4915 struct cred *cred = (struct cred *) current->cred; 4916 struct task_smack *tsp; 4917 4918 smack_rule_cache = KMEM_CACHE(smack_rule, 0); 4919 if (!smack_rule_cache) 4920 return -ENOMEM; 4921 4922 /* 4923 * Set the security state for the initial task. 4924 */ 4925 tsp = smack_cred(cred); 4926 init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 4927 4928 /* 4929 * Register with LSM 4930 */ 4931 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4932 smack_enabled = 1; 4933 4934 pr_info("Smack: Initializing.\n"); 4935#ifdef CONFIG_SECURITY_SMACK_NETFILTER 4936 pr_info("Smack: Netfilter enabled.\n"); 4937#endif 4938#ifdef SMACK_IPV6_PORT_LABELING 4939 pr_info("Smack: IPv6 port labeling enabled.\n"); 4940#endif 4941#ifdef SMACK_IPV6_SECMARK_LABELING 4942 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4943#endif 4944 4945 /* initialize the smack_known_list */ 4946 init_smack_known_list(); 4947 4948 return 0; 4949} 4950 4951/* 4952 * Smack requires early initialization in order to label 4953 * all processes and objects when they are created. 4954 */ 4955DEFINE_LSM(smack) = { 4956 .name = "smack", 4957 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 4958 .blobs = &smack_blob_sizes, 4959 .init = smack_init, 4960}; 4961