1/* 2 * Simplified MAC Kernel (smack) security module 3 * 4 * This file contains the smack hook function implementations. 5 * 6 * Authors: 7 * Casey Schaufler <casey@schaufler-ca.com> 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com> 9 * 10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 12 * Paul Moore <paul@paul-moore.com> 13 * Copyright (C) 2010 Nokia Corporation 14 * Copyright (C) 2011 Intel Corporation. 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License version 2, 18 * as published by the Free Software Foundation. 19 */ 20 21#include <linux/xattr.h> 22#include <linux/pagemap.h> 23#include <linux/mount.h> 24#include <linux/stat.h> 25#include <linux/kd.h> 26#include <asm/ioctls.h> 27#include <linux/ip.h> 28#include <linux/tcp.h> 29#include <linux/udp.h> 30#include <linux/dccp.h> 31#include <linux/slab.h> 32#include <linux/mutex.h> 33#include <linux/pipe_fs_i.h> 34#include <net/cipso_ipv4.h> 35#include <net/ip.h> 36#include <net/ipv6.h> 37#include <linux/audit.h> 38#include <linux/magic.h> 39#include <linux/dcache.h> 40#include <linux/personality.h> 41#include <linux/msg.h> 42#include <linux/shm.h> 43#include <linux/binfmts.h> 44#include "smack.h" 45 46#define TRANS_TRUE "TRUE" 47#define TRANS_TRUE_SIZE 4 48 49#define SMK_CONNECTING 0 50#define SMK_RECEIVING 1 51#define SMK_SENDING 2 52 53#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 54LIST_HEAD(smk_ipv6_port_list); 55#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 56static struct kmem_cache *smack_inode_cache; 57int smack_enabled; 58 59#ifdef CONFIG_SECURITY_SMACK_BRINGUP 60static char *smk_bu_mess[] = { 61 "Bringup Error", /* Unused */ 62 "Bringup", /* SMACK_BRINGUP_ALLOW */ 63 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ 64 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ 65}; 66 67static void smk_bu_mode(int mode, char *s) 68{ 69 int i = 0; 70 71 if (mode & MAY_READ) 72 s[i++] = 'r'; 73 if (mode & MAY_WRITE) 74 s[i++] = 'w'; 75 if (mode & MAY_EXEC) 76 s[i++] = 'x'; 77 if (mode & MAY_APPEND) 78 s[i++] = 'a'; 79 if (mode & MAY_TRANSMUTE) 80 s[i++] = 't'; 81 if (mode & MAY_LOCK) 82 s[i++] = 'l'; 83 if (i == 0) 84 s[i++] = '-'; 85 s[i] = '\0'; 86} 87#endif 88 89#ifdef CONFIG_SECURITY_SMACK_BRINGUP 90static int smk_bu_note(char *note, struct smack_known *sskp, 91 struct smack_known *oskp, int mode, int rc) 92{ 93 char acc[SMK_NUM_ACCESS_TYPE + 1]; 94 95 if (rc <= 0) 96 return rc; 97 if (rc > SMACK_UNCONFINED_OBJECT) 98 rc = 0; 99 100 smk_bu_mode(mode, acc); 101 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], 102 sskp->smk_known, oskp->smk_known, acc, note); 103 return 0; 104} 105#else 106#define smk_bu_note(note, sskp, oskp, mode, RC) (RC) 107#endif 108 109#ifdef CONFIG_SECURITY_SMACK_BRINGUP 110static int smk_bu_current(char *note, struct smack_known *oskp, 111 int mode, int rc) 112{ 113 struct task_smack *tsp = current_security(); 114 char acc[SMK_NUM_ACCESS_TYPE + 1]; 115 116 if (rc <= 0) 117 return rc; 118 if (rc > SMACK_UNCONFINED_OBJECT) 119 rc = 0; 120 121 smk_bu_mode(mode, acc); 122 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], 123 tsp->smk_task->smk_known, oskp->smk_known, 124 acc, current->comm, note); 125 return 0; 126} 127#else 128#define smk_bu_current(note, oskp, mode, RC) (RC) 129#endif 130 131#ifdef CONFIG_SECURITY_SMACK_BRINGUP 132static int smk_bu_task(struct task_struct *otp, int mode, int rc) 133{ 134 struct task_smack *tsp = current_security(); 135 struct smack_known *smk_task = smk_of_task_struct(otp); 136 char acc[SMK_NUM_ACCESS_TYPE + 1]; 137 138 if (rc <= 0) 139 return rc; 140 if (rc > SMACK_UNCONFINED_OBJECT) 141 rc = 0; 142 143 smk_bu_mode(mode, acc); 144 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], 145 tsp->smk_task->smk_known, smk_task->smk_known, acc, 146 current->comm, otp->comm); 147 return 0; 148} 149#else 150#define smk_bu_task(otp, mode, RC) (RC) 151#endif 152 153#ifdef CONFIG_SECURITY_SMACK_BRINGUP 154static int smk_bu_inode(struct inode *inode, int mode, int rc) 155{ 156 struct task_smack *tsp = current_security(); 157 struct inode_smack *isp = inode->i_security; 158 char acc[SMK_NUM_ACCESS_TYPE + 1]; 159 160 if (isp->smk_flags & SMK_INODE_IMPURE) 161 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 162 inode->i_sb->s_id, inode->i_ino, current->comm); 163 164 if (rc <= 0) 165 return rc; 166 if (rc > SMACK_UNCONFINED_OBJECT) 167 rc = 0; 168 if (rc == SMACK_UNCONFINED_SUBJECT && 169 (mode & (MAY_WRITE | MAY_APPEND))) 170 isp->smk_flags |= SMK_INODE_IMPURE; 171 172 smk_bu_mode(mode, acc); 173 174 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], 175 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, 176 inode->i_sb->s_id, inode->i_ino, current->comm); 177 return 0; 178} 179#else 180#define smk_bu_inode(inode, mode, RC) (RC) 181#endif 182 183#ifdef CONFIG_SECURITY_SMACK_BRINGUP 184static int smk_bu_file(struct file *file, int mode, int rc) 185{ 186 struct task_smack *tsp = current_security(); 187 struct smack_known *sskp = tsp->smk_task; 188 struct inode *inode = file_inode(file); 189 struct inode_smack *isp = inode->i_security; 190 char acc[SMK_NUM_ACCESS_TYPE + 1]; 191 192 if (isp->smk_flags & SMK_INODE_IMPURE) 193 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 194 inode->i_sb->s_id, inode->i_ino, current->comm); 195 196 if (rc <= 0) 197 return rc; 198 if (rc > SMACK_UNCONFINED_OBJECT) 199 rc = 0; 200 201 smk_bu_mode(mode, acc); 202 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 203 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 204 inode->i_sb->s_id, inode->i_ino, file, 205 current->comm); 206 return 0; 207} 208#else 209#define smk_bu_file(file, mode, RC) (RC) 210#endif 211 212#ifdef CONFIG_SECURITY_SMACK_BRINGUP 213static int smk_bu_credfile(const struct cred *cred, struct file *file, 214 int mode, int rc) 215{ 216 struct task_smack *tsp = cred->security; 217 struct smack_known *sskp = tsp->smk_task; 218 struct inode *inode = file->f_inode; 219 struct inode_smack *isp = inode->i_security; 220 char acc[SMK_NUM_ACCESS_TYPE + 1]; 221 222 if (isp->smk_flags & SMK_INODE_IMPURE) 223 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", 224 inode->i_sb->s_id, inode->i_ino, current->comm); 225 226 if (rc <= 0) 227 return rc; 228 if (rc > SMACK_UNCONFINED_OBJECT) 229 rc = 0; 230 231 smk_bu_mode(mode, acc); 232 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], 233 sskp->smk_known, smk_of_inode(inode)->smk_known, acc, 234 inode->i_sb->s_id, inode->i_ino, file, 235 current->comm); 236 return 0; 237} 238#else 239#define smk_bu_credfile(cred, file, mode, RC) (RC) 240#endif 241 242/** 243 * smk_fetch - Fetch the smack label from a file. 244 * @name: type of the label (attribute) 245 * @ip: a pointer to the inode 246 * @dp: a pointer to the dentry 247 * 248 * Returns a pointer to the master list entry for the Smack label 249 * or NULL if there was no label to fetch. 250 */ 251static struct smack_known *smk_fetch(const char *name, struct inode *ip, 252 struct dentry *dp) 253{ 254 int rc; 255 char *buffer; 256 struct smack_known *skp = NULL; 257 258 if (ip->i_op->getxattr == NULL) 259 return NULL; 260 261 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL); 262 if (buffer == NULL) 263 return NULL; 264 265 rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL); 266 if (rc > 0) 267 skp = smk_import_entry(buffer, rc); 268 269 kfree(buffer); 270 271 return skp; 272} 273 274/** 275 * new_inode_smack - allocate an inode security blob 276 * @skp: a pointer to the Smack label entry to use in the blob 277 * 278 * Returns the new blob or NULL if there's no memory available 279 */ 280struct inode_smack *new_inode_smack(struct smack_known *skp) 281{ 282 struct inode_smack *isp; 283 284 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS); 285 if (isp == NULL) 286 return NULL; 287 288 isp->smk_inode = skp; 289 isp->smk_flags = 0; 290 mutex_init(&isp->smk_lock); 291 292 return isp; 293} 294 295/** 296 * new_task_smack - allocate a task security blob 297 * @task: a pointer to the Smack label for the running task 298 * @forked: a pointer to the Smack label for the forked task 299 * @gfp: type of the memory for the allocation 300 * 301 * Returns the new blob or NULL if there's no memory available 302 */ 303static struct task_smack *new_task_smack(struct smack_known *task, 304 struct smack_known *forked, gfp_t gfp) 305{ 306 struct task_smack *tsp; 307 308 tsp = kzalloc(sizeof(struct task_smack), gfp); 309 if (tsp == NULL) 310 return NULL; 311 312 tsp->smk_task = task; 313 tsp->smk_forked = forked; 314 INIT_LIST_HEAD(&tsp->smk_rules); 315 mutex_init(&tsp->smk_rules_lock); 316 317 return tsp; 318} 319 320/** 321 * smk_copy_rules - copy a rule set 322 * @nhead: new rules header pointer 323 * @ohead: old rules header pointer 324 * @gfp: type of the memory for the allocation 325 * 326 * Returns 0 on success, -ENOMEM on error 327 */ 328static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 329 gfp_t gfp) 330{ 331 struct smack_rule *nrp; 332 struct smack_rule *orp; 333 int rc = 0; 334 335 INIT_LIST_HEAD(nhead); 336 337 list_for_each_entry_rcu(orp, ohead, list) { 338 nrp = kzalloc(sizeof(struct smack_rule), gfp); 339 if (nrp == NULL) { 340 rc = -ENOMEM; 341 break; 342 } 343 *nrp = *orp; 344 list_add_rcu(&nrp->list, nhead); 345 } 346 return rc; 347} 348 349/** 350 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* 351 * @mode - input mode in form of PTRACE_MODE_* 352 * 353 * Returns a converted MAY_* mode usable by smack rules 354 */ 355static inline unsigned int smk_ptrace_mode(unsigned int mode) 356{ 357 if (mode & PTRACE_MODE_ATTACH) 358 return MAY_READWRITE; 359 if (mode & PTRACE_MODE_READ) 360 return MAY_READ; 361 362 return 0; 363} 364 365/** 366 * smk_ptrace_rule_check - helper for ptrace access 367 * @tracer: tracer process 368 * @tracee_known: label entry of the process that's about to be traced 369 * @mode: ptrace attachment mode (PTRACE_MODE_*) 370 * @func: name of the function that called us, used for audit 371 * 372 * Returns 0 on access granted, -error on error 373 */ 374static int smk_ptrace_rule_check(struct task_struct *tracer, 375 struct smack_known *tracee_known, 376 unsigned int mode, const char *func) 377{ 378 int rc; 379 struct smk_audit_info ad, *saip = NULL; 380 struct task_smack *tsp; 381 struct smack_known *tracer_known; 382 383 if ((mode & PTRACE_MODE_NOAUDIT) == 0) { 384 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); 385 smk_ad_setfield_u_tsk(&ad, tracer); 386 saip = &ad; 387 } 388 389 rcu_read_lock(); 390 tsp = __task_cred(tracer)->security; 391 tracer_known = smk_of_task(tsp); 392 393 if ((mode & PTRACE_MODE_ATTACH) && 394 (smack_ptrace_rule == SMACK_PTRACE_EXACT || 395 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) { 396 if (tracer_known->smk_known == tracee_known->smk_known) 397 rc = 0; 398 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) 399 rc = -EACCES; 400 else if (capable(CAP_SYS_PTRACE)) 401 rc = 0; 402 else 403 rc = -EACCES; 404 405 if (saip) 406 smack_log(tracer_known->smk_known, 407 tracee_known->smk_known, 408 0, rc, saip); 409 410 rcu_read_unlock(); 411 return rc; 412 } 413 414 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 415 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 416 417 rcu_read_unlock(); 418 return rc; 419} 420 421/* 422 * LSM hooks. 423 * We he, that is fun! 424 */ 425 426/** 427 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 428 * @ctp: child task pointer 429 * @mode: ptrace attachment mode (PTRACE_MODE_*) 430 * 431 * Returns 0 if access is OK, an error code otherwise 432 * 433 * Do the capability checks. 434 */ 435static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 436{ 437 int rc; 438 struct smack_known *skp; 439 440 rc = cap_ptrace_access_check(ctp, mode); 441 if (rc != 0) 442 return rc; 443 444 skp = smk_of_task_struct(ctp); 445 446 rc = smk_ptrace_rule_check(current, skp, mode, __func__); 447 return rc; 448} 449 450/** 451 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 452 * @ptp: parent task pointer 453 * 454 * Returns 0 if access is OK, an error code otherwise 455 * 456 * Do the capability checks, and require PTRACE_MODE_ATTACH. 457 */ 458static int smack_ptrace_traceme(struct task_struct *ptp) 459{ 460 int rc; 461 struct smack_known *skp; 462 463 rc = cap_ptrace_traceme(ptp); 464 if (rc != 0) 465 return rc; 466 467 skp = smk_of_task(current_security()); 468 469 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 470 return rc; 471} 472 473/** 474 * smack_syslog - Smack approval on syslog 475 * @type: message type 476 * 477 * Returns 0 on success, error code otherwise. 478 */ 479static int smack_syslog(int typefrom_file) 480{ 481 int rc = 0; 482 struct smack_known *skp = smk_of_current(); 483 484 if (smack_privileged(CAP_MAC_OVERRIDE)) 485 return 0; 486 487 if (smack_syslog_label != NULL && smack_syslog_label != skp) 488 rc = -EACCES; 489 490 return rc; 491} 492 493 494/* 495 * Superblock Hooks. 496 */ 497 498/** 499 * smack_sb_alloc_security - allocate a superblock blob 500 * @sb: the superblock getting the blob 501 * 502 * Returns 0 on success or -ENOMEM on error. 503 */ 504static int smack_sb_alloc_security(struct super_block *sb) 505{ 506 struct superblock_smack *sbsp; 507 508 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 509 510 if (sbsp == NULL) 511 return -ENOMEM; 512 513 sbsp->smk_root = &smack_known_floor; 514 sbsp->smk_default = &smack_known_floor; 515 sbsp->smk_floor = &smack_known_floor; 516 sbsp->smk_hat = &smack_known_hat; 517 /* 518 * smk_initialized will be zero from kzalloc. 519 */ 520 sb->s_security = sbsp; 521 522 return 0; 523} 524 525/** 526 * smack_sb_free_security - free a superblock blob 527 * @sb: the superblock getting the blob 528 * 529 */ 530static void smack_sb_free_security(struct super_block *sb) 531{ 532 kfree(sb->s_security); 533 sb->s_security = NULL; 534} 535 536/** 537 * smack_sb_copy_data - copy mount options data for processing 538 * @orig: where to start 539 * @smackopts: mount options string 540 * 541 * Returns 0 on success or -ENOMEM on error. 542 * 543 * Copy the Smack specific mount options out of the mount 544 * options list. 545 */ 546static int smack_sb_copy_data(char *orig, char *smackopts) 547{ 548 char *cp, *commap, *otheropts, *dp; 549 550 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 551 if (otheropts == NULL) 552 return -ENOMEM; 553 554 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 555 if (strstr(cp, SMK_FSDEFAULT) == cp) 556 dp = smackopts; 557 else if (strstr(cp, SMK_FSFLOOR) == cp) 558 dp = smackopts; 559 else if (strstr(cp, SMK_FSHAT) == cp) 560 dp = smackopts; 561 else if (strstr(cp, SMK_FSROOT) == cp) 562 dp = smackopts; 563 else if (strstr(cp, SMK_FSTRANS) == cp) 564 dp = smackopts; 565 else 566 dp = otheropts; 567 568 commap = strchr(cp, ','); 569 if (commap != NULL) 570 *commap = '\0'; 571 572 if (*dp != '\0') 573 strcat(dp, ","); 574 strcat(dp, cp); 575 } 576 577 strcpy(orig, otheropts); 578 free_page((unsigned long)otheropts); 579 580 return 0; 581} 582 583/** 584 * smack_sb_kern_mount - Smack specific mount processing 585 * @sb: the file system superblock 586 * @flags: the mount flags 587 * @data: the smack mount options 588 * 589 * Returns 0 on success, an error code on failure 590 */ 591static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 592{ 593 struct dentry *root = sb->s_root; 594 struct inode *inode = d_backing_inode(root); 595 struct superblock_smack *sp = sb->s_security; 596 struct inode_smack *isp; 597 struct smack_known *skp; 598 char *op; 599 char *commap; 600 int transmute = 0; 601 int specified = 0; 602 603 if (sp->smk_initialized) 604 return 0; 605 606 sp->smk_initialized = 1; 607 608 for (op = data; op != NULL; op = commap) { 609 commap = strchr(op, ','); 610 if (commap != NULL) 611 *commap++ = '\0'; 612 613 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { 614 op += strlen(SMK_FSHAT); 615 skp = smk_import_entry(op, 0); 616 if (skp != NULL) { 617 sp->smk_hat = skp; 618 specified = 1; 619 } 620 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { 621 op += strlen(SMK_FSFLOOR); 622 skp = smk_import_entry(op, 0); 623 if (skp != NULL) { 624 sp->smk_floor = skp; 625 specified = 1; 626 } 627 } else if (strncmp(op, SMK_FSDEFAULT, 628 strlen(SMK_FSDEFAULT)) == 0) { 629 op += strlen(SMK_FSDEFAULT); 630 skp = smk_import_entry(op, 0); 631 if (skp != NULL) { 632 sp->smk_default = skp; 633 specified = 1; 634 } 635 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { 636 op += strlen(SMK_FSROOT); 637 skp = smk_import_entry(op, 0); 638 if (skp != NULL) { 639 sp->smk_root = skp; 640 specified = 1; 641 } 642 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) { 643 op += strlen(SMK_FSTRANS); 644 skp = smk_import_entry(op, 0); 645 if (skp != NULL) { 646 sp->smk_root = skp; 647 transmute = 1; 648 specified = 1; 649 } 650 } 651 } 652 653 if (!smack_privileged(CAP_MAC_ADMIN)) { 654 /* 655 * Unprivileged mounts don't get to specify Smack values. 656 */ 657 if (specified) 658 return -EPERM; 659 /* 660 * Unprivileged mounts get root and default from the caller. 661 */ 662 skp = smk_of_current(); 663 sp->smk_root = skp; 664 sp->smk_default = skp; 665 } 666 /* 667 * Initialize the root inode. 668 */ 669 isp = inode->i_security; 670 if (isp == NULL) { 671 isp = new_inode_smack(sp->smk_root); 672 if (isp == NULL) 673 return -ENOMEM; 674 inode->i_security = isp; 675 } else 676 isp->smk_inode = sp->smk_root; 677 678 if (transmute) 679 isp->smk_flags |= SMK_INODE_TRANSMUTE; 680 681 return 0; 682} 683 684/** 685 * smack_sb_statfs - Smack check on statfs 686 * @dentry: identifies the file system in question 687 * 688 * Returns 0 if current can read the floor of the filesystem, 689 * and error code otherwise 690 */ 691static int smack_sb_statfs(struct dentry *dentry) 692{ 693 struct superblock_smack *sbp = dentry->d_sb->s_security; 694 int rc; 695 struct smk_audit_info ad; 696 697 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 698 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 699 700 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 701 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc); 702 return rc; 703} 704 705/* 706 * BPRM hooks 707 */ 708 709/** 710 * smack_bprm_set_creds - set creds for exec 711 * @bprm: the exec information 712 * 713 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise 714 */ 715static int smack_bprm_set_creds(struct linux_binprm *bprm) 716{ 717 struct inode *inode = file_inode(bprm->file); 718 struct task_smack *bsp = bprm->cred->security; 719 struct inode_smack *isp; 720 int rc; 721 722 rc = cap_bprm_set_creds(bprm); 723 if (rc != 0) 724 return rc; 725 726 if (bprm->cred_prepared) 727 return 0; 728 729 isp = inode->i_security; 730 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 731 return 0; 732 733 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { 734 struct task_struct *tracer; 735 rc = 0; 736 737 rcu_read_lock(); 738 tracer = ptrace_parent(current); 739 if (likely(tracer != NULL)) 740 rc = smk_ptrace_rule_check(tracer, 741 isp->smk_task, 742 PTRACE_MODE_ATTACH, 743 __func__); 744 rcu_read_unlock(); 745 746 if (rc != 0) 747 return rc; 748 } else if (bprm->unsafe) 749 return -EPERM; 750 751 bsp->smk_task = isp->smk_task; 752 bprm->per_clear |= PER_CLEAR_ON_SETID; 753 754 return 0; 755} 756 757/** 758 * smack_bprm_committing_creds - Prepare to install the new credentials 759 * from bprm. 760 * 761 * @bprm: binprm for exec 762 */ 763static void smack_bprm_committing_creds(struct linux_binprm *bprm) 764{ 765 struct task_smack *bsp = bprm->cred->security; 766 767 if (bsp->smk_task != bsp->smk_forked) 768 current->pdeath_signal = 0; 769} 770 771/** 772 * smack_bprm_secureexec - Return the decision to use secureexec. 773 * @bprm: binprm for exec 774 * 775 * Returns 0 on success. 776 */ 777static int smack_bprm_secureexec(struct linux_binprm *bprm) 778{ 779 struct task_smack *tsp = current_security(); 780 int ret = cap_bprm_secureexec(bprm); 781 782 if (!ret && (tsp->smk_task != tsp->smk_forked)) 783 ret = 1; 784 785 return ret; 786} 787 788/* 789 * Inode hooks 790 */ 791 792/** 793 * smack_inode_alloc_security - allocate an inode blob 794 * @inode: the inode in need of a blob 795 * 796 * Returns 0 if it gets a blob, -ENOMEM otherwise 797 */ 798static int smack_inode_alloc_security(struct inode *inode) 799{ 800 struct smack_known *skp = smk_of_current(); 801 802 inode->i_security = new_inode_smack(skp); 803 if (inode->i_security == NULL) 804 return -ENOMEM; 805 return 0; 806} 807 808/** 809 * smack_inode_free_security - free an inode blob 810 * @inode: the inode with a blob 811 * 812 * Clears the blob pointer in inode 813 */ 814static void smack_inode_free_security(struct inode *inode) 815{ 816 kmem_cache_free(smack_inode_cache, inode->i_security); 817 inode->i_security = NULL; 818} 819 820/** 821 * smack_inode_init_security - copy out the smack from an inode 822 * @inode: the newly created inode 823 * @dir: containing directory object 824 * @qstr: unused 825 * @name: where to put the attribute name 826 * @value: where to put the attribute value 827 * @len: where to put the length of the attribute 828 * 829 * Returns 0 if it all works out, -ENOMEM if there's no memory 830 */ 831static int smack_inode_init_security(struct inode *inode, struct inode *dir, 832 const struct qstr *qstr, const char **name, 833 void **value, size_t *len) 834{ 835 struct inode_smack *issp = inode->i_security; 836 struct smack_known *skp = smk_of_current(); 837 struct smack_known *isp = smk_of_inode(inode); 838 struct smack_known *dsp = smk_of_inode(dir); 839 int may; 840 841 if (name) 842 *name = XATTR_SMACK_SUFFIX; 843 844 if (value && len) { 845 rcu_read_lock(); 846 may = smk_access_entry(skp->smk_known, dsp->smk_known, 847 &skp->smk_rules); 848 rcu_read_unlock(); 849 850 /* 851 * If the access rule allows transmutation and 852 * the directory requests transmutation then 853 * by all means transmute. 854 * Mark the inode as changed. 855 */ 856 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 857 smk_inode_transmutable(dir)) { 858 isp = dsp; 859 issp->smk_flags |= SMK_INODE_CHANGED; 860 } 861 862 *value = kstrdup(isp->smk_known, GFP_NOFS); 863 if (*value == NULL) 864 return -ENOMEM; 865 866 *len = strlen(isp->smk_known); 867 } 868 869 return 0; 870} 871 872/** 873 * smack_inode_link - Smack check on link 874 * @old_dentry: the existing object 875 * @dir: unused 876 * @new_dentry: the new object 877 * 878 * Returns 0 if access is permitted, an error code otherwise 879 */ 880static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 881 struct dentry *new_dentry) 882{ 883 struct smack_known *isp; 884 struct smk_audit_info ad; 885 int rc; 886 887 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 888 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 889 890 isp = smk_of_inode(d_backing_inode(old_dentry)); 891 rc = smk_curacc(isp, MAY_WRITE, &ad); 892 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); 893 894 if (rc == 0 && d_is_positive(new_dentry)) { 895 isp = smk_of_inode(d_backing_inode(new_dentry)); 896 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 897 rc = smk_curacc(isp, MAY_WRITE, &ad); 898 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); 899 } 900 901 return rc; 902} 903 904/** 905 * smack_inode_unlink - Smack check on inode deletion 906 * @dir: containing directory object 907 * @dentry: file to unlink 908 * 909 * Returns 0 if current can write the containing directory 910 * and the object, error code otherwise 911 */ 912static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 913{ 914 struct inode *ip = d_backing_inode(dentry); 915 struct smk_audit_info ad; 916 int rc; 917 918 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 919 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 920 921 /* 922 * You need write access to the thing you're unlinking 923 */ 924 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 925 rc = smk_bu_inode(ip, MAY_WRITE, rc); 926 if (rc == 0) { 927 /* 928 * You also need write access to the containing directory 929 */ 930 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 931 smk_ad_setfield_u_fs_inode(&ad, dir); 932 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 933 rc = smk_bu_inode(dir, MAY_WRITE, rc); 934 } 935 return rc; 936} 937 938/** 939 * smack_inode_rmdir - Smack check on directory deletion 940 * @dir: containing directory object 941 * @dentry: directory to unlink 942 * 943 * Returns 0 if current can write the containing directory 944 * and the directory, error code otherwise 945 */ 946static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 947{ 948 struct smk_audit_info ad; 949 int rc; 950 951 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 952 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 953 954 /* 955 * You need write access to the thing you're removing 956 */ 957 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 958 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 959 if (rc == 0) { 960 /* 961 * You also need write access to the containing directory 962 */ 963 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 964 smk_ad_setfield_u_fs_inode(&ad, dir); 965 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 966 rc = smk_bu_inode(dir, MAY_WRITE, rc); 967 } 968 969 return rc; 970} 971 972/** 973 * smack_inode_rename - Smack check on rename 974 * @old_inode: unused 975 * @old_dentry: the old object 976 * @new_inode: unused 977 * @new_dentry: the new object 978 * 979 * Read and write access is required on both the old and 980 * new directories. 981 * 982 * Returns 0 if access is permitted, an error code otherwise 983 */ 984static int smack_inode_rename(struct inode *old_inode, 985 struct dentry *old_dentry, 986 struct inode *new_inode, 987 struct dentry *new_dentry) 988{ 989 int rc; 990 struct smack_known *isp; 991 struct smk_audit_info ad; 992 993 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 994 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 995 996 isp = smk_of_inode(d_backing_inode(old_dentry)); 997 rc = smk_curacc(isp, MAY_READWRITE, &ad); 998 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); 999 1000 if (rc == 0 && d_is_positive(new_dentry)) { 1001 isp = smk_of_inode(d_backing_inode(new_dentry)); 1002 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 1003 rc = smk_curacc(isp, MAY_READWRITE, &ad); 1004 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); 1005 } 1006 return rc; 1007} 1008 1009/** 1010 * smack_inode_permission - Smack version of permission() 1011 * @inode: the inode in question 1012 * @mask: the access requested 1013 * 1014 * This is the important Smack hook. 1015 * 1016 * Returns 0 if access is permitted, -EACCES otherwise 1017 */ 1018static int smack_inode_permission(struct inode *inode, int mask) 1019{ 1020 struct smk_audit_info ad; 1021 int no_block = mask & MAY_NOT_BLOCK; 1022 int rc; 1023 1024 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 1025 /* 1026 * No permission to check. Existence test. Yup, it's there. 1027 */ 1028 if (mask == 0) 1029 return 0; 1030 1031 /* May be droppable after audit */ 1032 if (no_block) 1033 return -ECHILD; 1034 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 1035 smk_ad_setfield_u_fs_inode(&ad, inode); 1036 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 1037 rc = smk_bu_inode(inode, mask, rc); 1038 return rc; 1039} 1040 1041/** 1042 * smack_inode_setattr - Smack check for setting attributes 1043 * @dentry: the object 1044 * @iattr: for the force flag 1045 * 1046 * Returns 0 if access is permitted, an error code otherwise 1047 */ 1048static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1049{ 1050 struct smk_audit_info ad; 1051 int rc; 1052 1053 /* 1054 * Need to allow for clearing the setuid bit. 1055 */ 1056 if (iattr->ia_valid & ATTR_FORCE) 1057 return 0; 1058 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1059 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1060 1061 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1062 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1063 return rc; 1064} 1065 1066/** 1067 * smack_inode_getattr - Smack check for getting attributes 1068 * @mnt: vfsmount of the object 1069 * @dentry: the object 1070 * 1071 * Returns 0 if access is permitted, an error code otherwise 1072 */ 1073static int smack_inode_getattr(const struct path *path) 1074{ 1075 struct smk_audit_info ad; 1076 struct inode *inode = d_backing_inode(path->dentry); 1077 int rc; 1078 1079 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1080 smk_ad_setfield_u_fs_path(&ad, *path); 1081 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1082 rc = smk_bu_inode(inode, MAY_READ, rc); 1083 return rc; 1084} 1085 1086/** 1087 * smack_inode_setxattr - Smack check for setting xattrs 1088 * @dentry: the object 1089 * @name: name of the attribute 1090 * @value: value of the attribute 1091 * @size: size of the value 1092 * @flags: unused 1093 * 1094 * This protects the Smack attribute explicitly. 1095 * 1096 * Returns 0 if access is permitted, an error code otherwise 1097 */ 1098static int smack_inode_setxattr(struct dentry *dentry, const char *name, 1099 const void *value, size_t size, int flags) 1100{ 1101 struct smk_audit_info ad; 1102 struct smack_known *skp; 1103 int check_priv = 0; 1104 int check_import = 0; 1105 int check_star = 0; 1106 int rc = 0; 1107 1108 /* 1109 * Check label validity here so import won't fail in post_setxattr 1110 */ 1111 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1112 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1113 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 1114 check_priv = 1; 1115 check_import = 1; 1116 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1117 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1118 check_priv = 1; 1119 check_import = 1; 1120 check_star = 1; 1121 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1122 check_priv = 1; 1123 if (size != TRANS_TRUE_SIZE || 1124 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 1125 rc = -EINVAL; 1126 } else 1127 rc = cap_inode_setxattr(dentry, name, value, size, flags); 1128 1129 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) 1130 rc = -EPERM; 1131 1132 if (rc == 0 && check_import) { 1133 skp = size ? smk_import_entry(value, size) : NULL; 1134 if (skp == NULL || (check_star && 1135 (skp == &smack_known_star || skp == &smack_known_web))) 1136 rc = -EINVAL; 1137 } 1138 1139 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1140 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1141 1142 if (rc == 0) { 1143 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1144 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1145 } 1146 1147 return rc; 1148} 1149 1150/** 1151 * smack_inode_post_setxattr - Apply the Smack update approved above 1152 * @dentry: object 1153 * @name: attribute name 1154 * @value: attribute value 1155 * @size: attribute size 1156 * @flags: unused 1157 * 1158 * Set the pointer in the inode blob to the entry found 1159 * in the master label list. 1160 */ 1161static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 1162 const void *value, size_t size, int flags) 1163{ 1164 struct smack_known *skp; 1165 struct inode_smack *isp = d_backing_inode(dentry)->i_security; 1166 1167 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1168 isp->smk_flags |= SMK_INODE_TRANSMUTE; 1169 return; 1170 } 1171 1172 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1173 skp = smk_import_entry(value, size); 1174 if (skp != NULL) 1175 isp->smk_inode = skp; 1176 else 1177 isp->smk_inode = &smack_known_invalid; 1178 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 1179 skp = smk_import_entry(value, size); 1180 if (skp != NULL) 1181 isp->smk_task = skp; 1182 else 1183 isp->smk_task = &smack_known_invalid; 1184 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1185 skp = smk_import_entry(value, size); 1186 if (skp != NULL) 1187 isp->smk_mmap = skp; 1188 else 1189 isp->smk_mmap = &smack_known_invalid; 1190 } 1191 1192 return; 1193} 1194 1195/** 1196 * smack_inode_getxattr - Smack check on getxattr 1197 * @dentry: the object 1198 * @name: unused 1199 * 1200 * Returns 0 if access is permitted, an error code otherwise 1201 */ 1202static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1203{ 1204 struct smk_audit_info ad; 1205 int rc; 1206 1207 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1208 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1209 1210 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); 1211 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); 1212 return rc; 1213} 1214 1215/** 1216 * smack_inode_removexattr - Smack check on removexattr 1217 * @dentry: the object 1218 * @name: name of the attribute 1219 * 1220 * Removing the Smack attribute requires CAP_MAC_ADMIN 1221 * 1222 * Returns 0 if access is permitted, an error code otherwise 1223 */ 1224static int smack_inode_removexattr(struct dentry *dentry, const char *name) 1225{ 1226 struct inode_smack *isp; 1227 struct smk_audit_info ad; 1228 int rc = 0; 1229 1230 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 1231 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 1232 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 1233 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 1234 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 1235 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 1236 if (!smack_privileged(CAP_MAC_ADMIN)) 1237 rc = -EPERM; 1238 } else 1239 rc = cap_inode_removexattr(dentry, name); 1240 1241 if (rc != 0) 1242 return rc; 1243 1244 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1245 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1246 1247 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); 1248 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); 1249 if (rc != 0) 1250 return rc; 1251 1252 isp = d_backing_inode(dentry)->i_security; 1253 /* 1254 * Don't do anything special for these. 1255 * XATTR_NAME_SMACKIPIN 1256 * XATTR_NAME_SMACKIPOUT 1257 * XATTR_NAME_SMACKEXEC 1258 */ 1259 if (strcmp(name, XATTR_NAME_SMACK) == 0) 1260 isp->smk_task = NULL; 1261 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1262 isp->smk_mmap = NULL; 1263 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 1264 isp->smk_flags &= ~SMK_INODE_TRANSMUTE; 1265 1266 return 0; 1267} 1268 1269/** 1270 * smack_inode_getsecurity - get smack xattrs 1271 * @inode: the object 1272 * @name: attribute name 1273 * @buffer: where to put the result 1274 * @alloc: unused 1275 * 1276 * Returns the size of the attribute or an error code 1277 */ 1278static int smack_inode_getsecurity(const struct inode *inode, 1279 const char *name, void **buffer, 1280 bool alloc) 1281{ 1282 struct socket_smack *ssp; 1283 struct socket *sock; 1284 struct super_block *sbp; 1285 struct inode *ip = (struct inode *)inode; 1286 struct smack_known *isp; 1287 int ilen; 1288 int rc = 0; 1289 1290 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1291 isp = smk_of_inode(inode); 1292 ilen = strlen(isp->smk_known); 1293 *buffer = isp->smk_known; 1294 return ilen; 1295 } 1296 1297 /* 1298 * The rest of the Smack xattrs are only on sockets. 1299 */ 1300 sbp = ip->i_sb; 1301 if (sbp->s_magic != SOCKFS_MAGIC) 1302 return -EOPNOTSUPP; 1303 1304 sock = SOCKET_I(ip); 1305 if (sock == NULL || sock->sk == NULL) 1306 return -EOPNOTSUPP; 1307 1308 ssp = sock->sk->sk_security; 1309 1310 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1311 isp = ssp->smk_in; 1312 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 1313 isp = ssp->smk_out; 1314 else 1315 return -EOPNOTSUPP; 1316 1317 ilen = strlen(isp->smk_known); 1318 if (rc == 0) { 1319 *buffer = isp->smk_known; 1320 rc = ilen; 1321 } 1322 1323 return rc; 1324} 1325 1326 1327/** 1328 * smack_inode_listsecurity - list the Smack attributes 1329 * @inode: the object 1330 * @buffer: where they go 1331 * @buffer_size: size of buffer 1332 * 1333 * Returns 0 on success, -EINVAL otherwise 1334 */ 1335static int smack_inode_listsecurity(struct inode *inode, char *buffer, 1336 size_t buffer_size) 1337{ 1338 int len = sizeof(XATTR_NAME_SMACK); 1339 1340 if (buffer != NULL && len <= buffer_size) 1341 memcpy(buffer, XATTR_NAME_SMACK, len); 1342 1343 return len; 1344} 1345 1346/** 1347 * smack_inode_getsecid - Extract inode's security id 1348 * @inode: inode to extract the info from 1349 * @secid: where result will be saved 1350 */ 1351static void smack_inode_getsecid(const struct inode *inode, u32 *secid) 1352{ 1353 struct inode_smack *isp = inode->i_security; 1354 1355 *secid = isp->smk_inode->smk_secid; 1356} 1357 1358/* 1359 * File Hooks 1360 */ 1361 1362/** 1363 * smack_file_permission - Smack check on file operations 1364 * @file: unused 1365 * @mask: unused 1366 * 1367 * Returns 0 1368 * 1369 * Should access checks be done on each read or write? 1370 * UNICOS and SELinux say yes. 1371 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 1372 * 1373 * I'll say no for now. Smack does not do the frequent 1374 * label changing that SELinux does. 1375 */ 1376static int smack_file_permission(struct file *file, int mask) 1377{ 1378 return 0; 1379} 1380 1381/** 1382 * smack_file_alloc_security - assign a file security blob 1383 * @file: the object 1384 * 1385 * The security blob for a file is a pointer to the master 1386 * label list, so no allocation is done. 1387 * 1388 * f_security is the owner security information. It 1389 * isn't used on file access checks, it's for send_sigio. 1390 * 1391 * Returns 0 1392 */ 1393static int smack_file_alloc_security(struct file *file) 1394{ 1395 struct smack_known *skp = smk_of_current(); 1396 1397 file->f_security = skp; 1398 return 0; 1399} 1400 1401/** 1402 * smack_file_free_security - clear a file security blob 1403 * @file: the object 1404 * 1405 * The security blob for a file is a pointer to the master 1406 * label list, so no memory is freed. 1407 */ 1408static void smack_file_free_security(struct file *file) 1409{ 1410 file->f_security = NULL; 1411} 1412 1413/** 1414 * smack_file_ioctl - Smack check on ioctls 1415 * @file: the object 1416 * @cmd: what to do 1417 * @arg: unused 1418 * 1419 * Relies heavily on the correct use of the ioctl command conventions. 1420 * 1421 * Returns 0 if allowed, error code otherwise 1422 */ 1423static int smack_file_ioctl(struct file *file, unsigned int cmd, 1424 unsigned long arg) 1425{ 1426 int rc = 0; 1427 struct smk_audit_info ad; 1428 struct inode *inode = file_inode(file); 1429 1430 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1431 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1432 1433 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1434 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1435 rc = smk_bu_file(file, MAY_WRITE, rc); 1436 } 1437 1438 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) { 1439 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); 1440 rc = smk_bu_file(file, MAY_READ, rc); 1441 } 1442 1443 return rc; 1444} 1445 1446/** 1447 * smack_file_lock - Smack check on file locking 1448 * @file: the object 1449 * @cmd: unused 1450 * 1451 * Returns 0 if current has lock access, error code otherwise 1452 */ 1453static int smack_file_lock(struct file *file, unsigned int cmd) 1454{ 1455 struct smk_audit_info ad; 1456 int rc; 1457 struct inode *inode = file_inode(file); 1458 1459 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1460 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1461 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1462 rc = smk_bu_file(file, MAY_LOCK, rc); 1463 return rc; 1464} 1465 1466/** 1467 * smack_file_fcntl - Smack check on fcntl 1468 * @file: the object 1469 * @cmd: what action to check 1470 * @arg: unused 1471 * 1472 * Generally these operations are harmless. 1473 * File locking operations present an obvious mechanism 1474 * for passing information, so they require write access. 1475 * 1476 * Returns 0 if current has access, error code otherwise 1477 */ 1478static int smack_file_fcntl(struct file *file, unsigned int cmd, 1479 unsigned long arg) 1480{ 1481 struct smk_audit_info ad; 1482 int rc = 0; 1483 struct inode *inode = file_inode(file); 1484 1485 switch (cmd) { 1486 case F_GETLK: 1487 break; 1488 case F_SETLK: 1489 case F_SETLKW: 1490 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1491 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1492 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); 1493 rc = smk_bu_file(file, MAY_LOCK, rc); 1494 break; 1495 case F_SETOWN: 1496 case F_SETSIG: 1497 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1498 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1499 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); 1500 rc = smk_bu_file(file, MAY_WRITE, rc); 1501 break; 1502 default: 1503 break; 1504 } 1505 1506 return rc; 1507} 1508 1509/** 1510 * smack_mmap_file : 1511 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1512 * if mapping anonymous memory. 1513 * @file contains the file structure for file to map (may be NULL). 1514 * @reqprot contains the protection requested by the application. 1515 * @prot contains the protection that will be applied by the kernel. 1516 * @flags contains the operational flags. 1517 * Return 0 if permission is granted. 1518 */ 1519static int smack_mmap_file(struct file *file, 1520 unsigned long reqprot, unsigned long prot, 1521 unsigned long flags) 1522{ 1523 struct smack_known *skp; 1524 struct smack_known *mkp; 1525 struct smack_rule *srp; 1526 struct task_smack *tsp; 1527 struct smack_known *okp; 1528 struct inode_smack *isp; 1529 int may; 1530 int mmay; 1531 int tmay; 1532 int rc; 1533 1534 if (file == NULL) 1535 return 0; 1536 1537 isp = file_inode(file)->i_security; 1538 if (isp->smk_mmap == NULL) 1539 return 0; 1540 mkp = isp->smk_mmap; 1541 1542 tsp = current_security(); 1543 skp = smk_of_current(); 1544 rc = 0; 1545 1546 rcu_read_lock(); 1547 /* 1548 * For each Smack rule associated with the subject 1549 * label verify that the SMACK64MMAP also has access 1550 * to that rule's object label. 1551 */ 1552 list_for_each_entry_rcu(srp, &skp->smk_rules, list) { 1553 okp = srp->smk_object; 1554 /* 1555 * Matching labels always allows access. 1556 */ 1557 if (mkp->smk_known == okp->smk_known) 1558 continue; 1559 /* 1560 * If there is a matching local rule take 1561 * that into account as well. 1562 */ 1563 may = smk_access_entry(srp->smk_subject->smk_known, 1564 okp->smk_known, 1565 &tsp->smk_rules); 1566 if (may == -ENOENT) 1567 may = srp->smk_access; 1568 else 1569 may &= srp->smk_access; 1570 /* 1571 * If may is zero the SMACK64MMAP subject can't 1572 * possibly have less access. 1573 */ 1574 if (may == 0) 1575 continue; 1576 1577 /* 1578 * Fetch the global list entry. 1579 * If there isn't one a SMACK64MMAP subject 1580 * can't have as much access as current. 1581 */ 1582 mmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1583 &mkp->smk_rules); 1584 if (mmay == -ENOENT) { 1585 rc = -EACCES; 1586 break; 1587 } 1588 /* 1589 * If there is a local entry it modifies the 1590 * potential access, too. 1591 */ 1592 tmay = smk_access_entry(mkp->smk_known, okp->smk_known, 1593 &tsp->smk_rules); 1594 if (tmay != -ENOENT) 1595 mmay &= tmay; 1596 1597 /* 1598 * If there is any access available to current that is 1599 * not available to a SMACK64MMAP subject 1600 * deny access. 1601 */ 1602 if ((may | mmay) != mmay) { 1603 rc = -EACCES; 1604 break; 1605 } 1606 } 1607 1608 rcu_read_unlock(); 1609 1610 return rc; 1611} 1612 1613/** 1614 * smack_file_set_fowner - set the file security blob value 1615 * @file: object in question 1616 * 1617 */ 1618static void smack_file_set_fowner(struct file *file) 1619{ 1620 file->f_security = smk_of_current(); 1621} 1622 1623/** 1624 * smack_file_send_sigiotask - Smack on sigio 1625 * @tsk: The target task 1626 * @fown: the object the signal come from 1627 * @signum: unused 1628 * 1629 * Allow a privileged task to get signals even if it shouldn't 1630 * 1631 * Returns 0 if a subject with the object's smack could 1632 * write to the task, an error code otherwise. 1633 */ 1634static int smack_file_send_sigiotask(struct task_struct *tsk, 1635 struct fown_struct *fown, int signum) 1636{ 1637 struct smack_known *skp; 1638 struct smack_known *tkp = smk_of_task(tsk->cred->security); 1639 struct file *file; 1640 int rc; 1641 struct smk_audit_info ad; 1642 1643 /* 1644 * struct fown_struct is never outside the context of a struct file 1645 */ 1646 file = container_of(fown, struct file, f_owner); 1647 1648 /* we don't log here as rc can be overriden */ 1649 skp = file->f_security; 1650 rc = smk_access(skp, tkp, MAY_WRITE, NULL); 1651 rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc); 1652 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1653 rc = 0; 1654 1655 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1656 smk_ad_setfield_u_tsk(&ad, tsk); 1657 smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad); 1658 return rc; 1659} 1660 1661/** 1662 * smack_file_receive - Smack file receive check 1663 * @file: the object 1664 * 1665 * Returns 0 if current has access, error code otherwise 1666 */ 1667static int smack_file_receive(struct file *file) 1668{ 1669 int rc; 1670 int may = 0; 1671 struct smk_audit_info ad; 1672 struct inode *inode = file_inode(file); 1673 1674 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1675 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1676 /* 1677 * This code relies on bitmasks. 1678 */ 1679 if (file->f_mode & FMODE_READ) 1680 may = MAY_READ; 1681 if (file->f_mode & FMODE_WRITE) 1682 may |= MAY_WRITE; 1683 1684 rc = smk_curacc(smk_of_inode(inode), may, &ad); 1685 rc = smk_bu_file(file, may, rc); 1686 return rc; 1687} 1688 1689/** 1690 * smack_file_open - Smack dentry open processing 1691 * @file: the object 1692 * @cred: task credential 1693 * 1694 * Set the security blob in the file structure. 1695 * Allow the open only if the task has read access. There are 1696 * many read operations (e.g. fstat) that you can do with an 1697 * fd even if you have the file open write-only. 1698 * 1699 * Returns 0 1700 */ 1701static int smack_file_open(struct file *file, const struct cred *cred) 1702{ 1703 struct task_smack *tsp = cred->security; 1704 struct inode *inode = file_inode(file); 1705 struct smk_audit_info ad; 1706 int rc; 1707 1708 if (smack_privileged(CAP_MAC_OVERRIDE)) 1709 return 0; 1710 1711 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1712 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1713 rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad); 1714 rc = smk_bu_credfile(cred, file, MAY_READ, rc); 1715 1716 return rc; 1717} 1718 1719/* 1720 * Task hooks 1721 */ 1722 1723/** 1724 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1725 * @new: the new credentials 1726 * @gfp: the atomicity of any memory allocations 1727 * 1728 * Prepare a blank set of credentials for modification. This must allocate all 1729 * the memory the LSM module might require such that cred_transfer() can 1730 * complete without error. 1731 */ 1732static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1733{ 1734 struct task_smack *tsp; 1735 1736 tsp = new_task_smack(NULL, NULL, gfp); 1737 if (tsp == NULL) 1738 return -ENOMEM; 1739 1740 cred->security = tsp; 1741 1742 return 0; 1743} 1744 1745 1746/** 1747 * smack_cred_free - "free" task-level security credentials 1748 * @cred: the credentials in question 1749 * 1750 */ 1751static void smack_cred_free(struct cred *cred) 1752{ 1753 struct task_smack *tsp = cred->security; 1754 struct smack_rule *rp; 1755 struct list_head *l; 1756 struct list_head *n; 1757 1758 if (tsp == NULL) 1759 return; 1760 cred->security = NULL; 1761 1762 list_for_each_safe(l, n, &tsp->smk_rules) { 1763 rp = list_entry(l, struct smack_rule, list); 1764 list_del(&rp->list); 1765 kfree(rp); 1766 } 1767 kfree(tsp); 1768} 1769 1770/** 1771 * smack_cred_prepare - prepare new set of credentials for modification 1772 * @new: the new credentials 1773 * @old: the original credentials 1774 * @gfp: the atomicity of any memory allocations 1775 * 1776 * Prepare a new set of credentials for modification. 1777 */ 1778static int smack_cred_prepare(struct cred *new, const struct cred *old, 1779 gfp_t gfp) 1780{ 1781 struct task_smack *old_tsp = old->security; 1782 struct task_smack *new_tsp; 1783 int rc; 1784 1785 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); 1786 if (new_tsp == NULL) 1787 return -ENOMEM; 1788 1789 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1790 if (rc != 0) 1791 return rc; 1792 1793 new->security = new_tsp; 1794 return 0; 1795} 1796 1797/** 1798 * smack_cred_transfer - Transfer the old credentials to the new credentials 1799 * @new: the new credentials 1800 * @old: the original credentials 1801 * 1802 * Fill in a set of blank credentials from another set of credentials. 1803 */ 1804static void smack_cred_transfer(struct cred *new, const struct cred *old) 1805{ 1806 struct task_smack *old_tsp = old->security; 1807 struct task_smack *new_tsp = new->security; 1808 1809 new_tsp->smk_task = old_tsp->smk_task; 1810 new_tsp->smk_forked = old_tsp->smk_task; 1811 mutex_init(&new_tsp->smk_rules_lock); 1812 INIT_LIST_HEAD(&new_tsp->smk_rules); 1813 1814 1815 /* cbs copy rule list */ 1816} 1817 1818/** 1819 * smack_kernel_act_as - Set the subjective context in a set of credentials 1820 * @new: points to the set of credentials to be modified. 1821 * @secid: specifies the security ID to be set 1822 * 1823 * Set the security data for a kernel service. 1824 */ 1825static int smack_kernel_act_as(struct cred *new, u32 secid) 1826{ 1827 struct task_smack *new_tsp = new->security; 1828 struct smack_known *skp = smack_from_secid(secid); 1829 1830 if (skp == NULL) 1831 return -EINVAL; 1832 1833 new_tsp->smk_task = skp; 1834 return 0; 1835} 1836 1837/** 1838 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1839 * @new: points to the set of credentials to be modified 1840 * @inode: points to the inode to use as a reference 1841 * 1842 * Set the file creation context in a set of credentials to the same 1843 * as the objective context of the specified inode 1844 */ 1845static int smack_kernel_create_files_as(struct cred *new, 1846 struct inode *inode) 1847{ 1848 struct inode_smack *isp = inode->i_security; 1849 struct task_smack *tsp = new->security; 1850 1851 tsp->smk_forked = isp->smk_inode; 1852 tsp->smk_task = tsp->smk_forked; 1853 return 0; 1854} 1855 1856/** 1857 * smk_curacc_on_task - helper to log task related access 1858 * @p: the task object 1859 * @access: the access requested 1860 * @caller: name of the calling function for audit 1861 * 1862 * Return 0 if access is permitted 1863 */ 1864static int smk_curacc_on_task(struct task_struct *p, int access, 1865 const char *caller) 1866{ 1867 struct smk_audit_info ad; 1868 struct smack_known *skp = smk_of_task_struct(p); 1869 int rc; 1870 1871 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 1872 smk_ad_setfield_u_tsk(&ad, p); 1873 rc = smk_curacc(skp, access, &ad); 1874 rc = smk_bu_task(p, access, rc); 1875 return rc; 1876} 1877 1878/** 1879 * smack_task_setpgid - Smack check on setting pgid 1880 * @p: the task object 1881 * @pgid: unused 1882 * 1883 * Return 0 if write access is permitted 1884 */ 1885static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1886{ 1887 return smk_curacc_on_task(p, MAY_WRITE, __func__); 1888} 1889 1890/** 1891 * smack_task_getpgid - Smack access check for getpgid 1892 * @p: the object task 1893 * 1894 * Returns 0 if current can read the object task, error code otherwise 1895 */ 1896static int smack_task_getpgid(struct task_struct *p) 1897{ 1898 return smk_curacc_on_task(p, MAY_READ, __func__); 1899} 1900 1901/** 1902 * smack_task_getsid - Smack access check for getsid 1903 * @p: the object task 1904 * 1905 * Returns 0 if current can read the object task, error code otherwise 1906 */ 1907static int smack_task_getsid(struct task_struct *p) 1908{ 1909 return smk_curacc_on_task(p, MAY_READ, __func__); 1910} 1911 1912/** 1913 * smack_task_getsecid - get the secid of the task 1914 * @p: the object task 1915 * @secid: where to put the result 1916 * 1917 * Sets the secid to contain a u32 version of the smack label. 1918 */ 1919static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1920{ 1921 struct smack_known *skp = smk_of_task_struct(p); 1922 1923 *secid = skp->smk_secid; 1924} 1925 1926/** 1927 * smack_task_setnice - Smack check on setting nice 1928 * @p: the task object 1929 * @nice: unused 1930 * 1931 * Return 0 if write access is permitted 1932 */ 1933static int smack_task_setnice(struct task_struct *p, int nice) 1934{ 1935 int rc; 1936 1937 rc = cap_task_setnice(p, nice); 1938 if (rc == 0) 1939 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1940 return rc; 1941} 1942 1943/** 1944 * smack_task_setioprio - Smack check on setting ioprio 1945 * @p: the task object 1946 * @ioprio: unused 1947 * 1948 * Return 0 if write access is permitted 1949 */ 1950static int smack_task_setioprio(struct task_struct *p, int ioprio) 1951{ 1952 int rc; 1953 1954 rc = cap_task_setioprio(p, ioprio); 1955 if (rc == 0) 1956 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1957 return rc; 1958} 1959 1960/** 1961 * smack_task_getioprio - Smack check on reading ioprio 1962 * @p: the task object 1963 * 1964 * Return 0 if read access is permitted 1965 */ 1966static int smack_task_getioprio(struct task_struct *p) 1967{ 1968 return smk_curacc_on_task(p, MAY_READ, __func__); 1969} 1970 1971/** 1972 * smack_task_setscheduler - Smack check on setting scheduler 1973 * @p: the task object 1974 * @policy: unused 1975 * @lp: unused 1976 * 1977 * Return 0 if read access is permitted 1978 */ 1979static int smack_task_setscheduler(struct task_struct *p) 1980{ 1981 int rc; 1982 1983 rc = cap_task_setscheduler(p); 1984 if (rc == 0) 1985 rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1986 return rc; 1987} 1988 1989/** 1990 * smack_task_getscheduler - Smack check on reading scheduler 1991 * @p: the task object 1992 * 1993 * Return 0 if read access is permitted 1994 */ 1995static int smack_task_getscheduler(struct task_struct *p) 1996{ 1997 return smk_curacc_on_task(p, MAY_READ, __func__); 1998} 1999 2000/** 2001 * smack_task_movememory - Smack check on moving memory 2002 * @p: the task object 2003 * 2004 * Return 0 if write access is permitted 2005 */ 2006static int smack_task_movememory(struct task_struct *p) 2007{ 2008 return smk_curacc_on_task(p, MAY_WRITE, __func__); 2009} 2010 2011/** 2012 * smack_task_kill - Smack check on signal delivery 2013 * @p: the task object 2014 * @info: unused 2015 * @sig: unused 2016 * @secid: identifies the smack to use in lieu of current's 2017 * 2018 * Return 0 if write access is permitted 2019 * 2020 * The secid behavior is an artifact of an SELinux hack 2021 * in the USB code. Someday it may go away. 2022 */ 2023static int smack_task_kill(struct task_struct *p, struct siginfo *info, 2024 int sig, u32 secid) 2025{ 2026 struct smk_audit_info ad; 2027 struct smack_known *skp; 2028 struct smack_known *tkp = smk_of_task_struct(p); 2029 int rc; 2030 2031 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 2032 smk_ad_setfield_u_tsk(&ad, p); 2033 /* 2034 * Sending a signal requires that the sender 2035 * can write the receiver. 2036 */ 2037 if (secid == 0) { 2038 rc = smk_curacc(tkp, MAY_WRITE, &ad); 2039 rc = smk_bu_task(p, MAY_WRITE, rc); 2040 return rc; 2041 } 2042 /* 2043 * If the secid isn't 0 we're dealing with some USB IO 2044 * specific behavior. This is not clean. For one thing 2045 * we can't take privilege into account. 2046 */ 2047 skp = smack_from_secid(secid); 2048 rc = smk_access(skp, tkp, MAY_WRITE, &ad); 2049 rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc); 2050 return rc; 2051} 2052 2053/** 2054 * smack_task_wait - Smack access check for waiting 2055 * @p: task to wait for 2056 * 2057 * Returns 0 2058 */ 2059static int smack_task_wait(struct task_struct *p) 2060{ 2061 /* 2062 * Allow the operation to succeed. 2063 * Zombies are bad. 2064 * In userless environments (e.g. phones) programs 2065 * get marked with SMACK64EXEC and even if the parent 2066 * and child shouldn't be talking the parent still 2067 * may expect to know when the child exits. 2068 */ 2069 return 0; 2070} 2071 2072/** 2073 * smack_task_to_inode - copy task smack into the inode blob 2074 * @p: task to copy from 2075 * @inode: inode to copy to 2076 * 2077 * Sets the smack pointer in the inode security blob 2078 */ 2079static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2080{ 2081 struct inode_smack *isp = inode->i_security; 2082 struct smack_known *skp = smk_of_task_struct(p); 2083 2084 isp->smk_inode = skp; 2085} 2086 2087/* 2088 * Socket hooks. 2089 */ 2090 2091/** 2092 * smack_sk_alloc_security - Allocate a socket blob 2093 * @sk: the socket 2094 * @family: unused 2095 * @gfp_flags: memory allocation flags 2096 * 2097 * Assign Smack pointers to current 2098 * 2099 * Returns 0 on success, -ENOMEM is there's no memory 2100 */ 2101static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 2102{ 2103 struct smack_known *skp = smk_of_current(); 2104 struct socket_smack *ssp; 2105 2106 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 2107 if (ssp == NULL) 2108 return -ENOMEM; 2109 2110 ssp->smk_in = skp; 2111 ssp->smk_out = skp; 2112 ssp->smk_packet = NULL; 2113 2114 sk->sk_security = ssp; 2115 2116 return 0; 2117} 2118 2119/** 2120 * smack_sk_free_security - Free a socket blob 2121 * @sk: the socket 2122 * 2123 * Clears the blob pointer 2124 */ 2125static void smack_sk_free_security(struct sock *sk) 2126{ 2127 kfree(sk->sk_security); 2128} 2129 2130/** 2131* smack_host_label - check host based restrictions 2132* @sip: the object end 2133* 2134* looks for host based access restrictions 2135* 2136* This version will only be appropriate for really small sets of single label 2137* hosts. The caller is responsible for ensuring that the RCU read lock is 2138* taken before calling this function. 2139* 2140* Returns the label of the far end or NULL if it's not special. 2141*/ 2142static struct smack_known *smack_host_label(struct sockaddr_in *sip) 2143{ 2144 struct smk_netlbladdr *snp; 2145 struct in_addr *siap = &sip->sin_addr; 2146 2147 if (siap->s_addr == 0) 2148 return NULL; 2149 2150 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) 2151 /* 2152 * we break after finding the first match because 2153 * the list is sorted from longest to shortest mask 2154 * so we have found the most specific match 2155 */ 2156 if ((&snp->smk_host.sin_addr)->s_addr == 2157 (siap->s_addr & (&snp->smk_mask)->s_addr)) { 2158 /* we have found the special CIPSO option */ 2159 if (snp->smk_label == &smack_cipso_option) 2160 return NULL; 2161 return snp->smk_label; 2162 } 2163 2164 return NULL; 2165} 2166 2167/** 2168 * smack_netlabel - Set the secattr on a socket 2169 * @sk: the socket 2170 * @labeled: socket label scheme 2171 * 2172 * Convert the outbound smack value (smk_out) to a 2173 * secattr and attach it to the socket. 2174 * 2175 * Returns 0 on success or an error code 2176 */ 2177static int smack_netlabel(struct sock *sk, int labeled) 2178{ 2179 struct smack_known *skp; 2180 struct socket_smack *ssp = sk->sk_security; 2181 int rc = 0; 2182 2183 /* 2184 * Usually the netlabel code will handle changing the 2185 * packet labeling based on the label. 2186 * The case of a single label host is different, because 2187 * a single label host should never get a labeled packet 2188 * even though the label is usually associated with a packet 2189 * label. 2190 */ 2191 local_bh_disable(); 2192 bh_lock_sock_nested(sk); 2193 2194 if (ssp->smk_out == smack_net_ambient || 2195 labeled == SMACK_UNLABELED_SOCKET) 2196 netlbl_sock_delattr(sk); 2197 else { 2198 skp = ssp->smk_out; 2199 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); 2200 } 2201 2202 bh_unlock_sock(sk); 2203 local_bh_enable(); 2204 2205 return rc; 2206} 2207 2208/** 2209 * smack_netlbel_send - Set the secattr on a socket and perform access checks 2210 * @sk: the socket 2211 * @sap: the destination address 2212 * 2213 * Set the correct secattr for the given socket based on the destination 2214 * address and perform any outbound access checks needed. 2215 * 2216 * Returns 0 on success or an error code. 2217 * 2218 */ 2219static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) 2220{ 2221 struct smack_known *skp; 2222 int rc; 2223 int sk_lbl; 2224 struct smack_known *hkp; 2225 struct socket_smack *ssp = sk->sk_security; 2226 struct smk_audit_info ad; 2227 2228 rcu_read_lock(); 2229 hkp = smack_host_label(sap); 2230 if (hkp != NULL) { 2231#ifdef CONFIG_AUDIT 2232 struct lsm_network_audit net; 2233 2234 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2235 ad.a.u.net->family = sap->sin_family; 2236 ad.a.u.net->dport = sap->sin_port; 2237 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; 2238#endif 2239 sk_lbl = SMACK_UNLABELED_SOCKET; 2240 skp = ssp->smk_out; 2241 rc = smk_access(skp, hkp, MAY_WRITE, &ad); 2242 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc); 2243 } else { 2244 sk_lbl = SMACK_CIPSO_SOCKET; 2245 rc = 0; 2246 } 2247 rcu_read_unlock(); 2248 if (rc != 0) 2249 return rc; 2250 2251 return smack_netlabel(sk, sk_lbl); 2252} 2253 2254#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2255/** 2256 * smk_ipv6_port_label - Smack port access table management 2257 * @sock: socket 2258 * @address: address 2259 * 2260 * Create or update the port list entry 2261 */ 2262static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) 2263{ 2264 struct sock *sk = sock->sk; 2265 struct sockaddr_in6 *addr6; 2266 struct socket_smack *ssp = sock->sk->sk_security; 2267 struct smk_port_label *spp; 2268 unsigned short port = 0; 2269 2270 if (address == NULL) { 2271 /* 2272 * This operation is changing the Smack information 2273 * on the bound socket. Take the changes to the port 2274 * as well. 2275 */ 2276 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2277 if (sk != spp->smk_sock) 2278 continue; 2279 spp->smk_in = ssp->smk_in; 2280 spp->smk_out = ssp->smk_out; 2281 return; 2282 } 2283 /* 2284 * A NULL address is only used for updating existing 2285 * bound entries. If there isn't one, it's OK. 2286 */ 2287 return; 2288 } 2289 2290 addr6 = (struct sockaddr_in6 *)address; 2291 port = ntohs(addr6->sin6_port); 2292 /* 2293 * This is a special case that is safely ignored. 2294 */ 2295 if (port == 0) 2296 return; 2297 2298 /* 2299 * Look for an existing port list entry. 2300 * This is an indication that a port is getting reused. 2301 */ 2302 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2303 if (spp->smk_port != port) 2304 continue; 2305 spp->smk_port = port; 2306 spp->smk_sock = sk; 2307 spp->smk_in = ssp->smk_in; 2308 spp->smk_out = ssp->smk_out; 2309 return; 2310 } 2311 2312 /* 2313 * A new port entry is required. 2314 */ 2315 spp = kzalloc(sizeof(*spp), GFP_KERNEL); 2316 if (spp == NULL) 2317 return; 2318 2319 spp->smk_port = port; 2320 spp->smk_sock = sk; 2321 spp->smk_in = ssp->smk_in; 2322 spp->smk_out = ssp->smk_out; 2323 2324 list_add(&spp->list, &smk_ipv6_port_list); 2325 return; 2326} 2327 2328/** 2329 * smk_ipv6_port_check - check Smack port access 2330 * @sock: socket 2331 * @address: address 2332 * 2333 * Create or update the port list entry 2334 */ 2335static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, 2336 int act) 2337{ 2338 __be16 *bep; 2339 __be32 *be32p; 2340 struct smk_port_label *spp; 2341 struct socket_smack *ssp = sk->sk_security; 2342 struct smack_known *skp; 2343 unsigned short port = 0; 2344 struct smack_known *object; 2345 struct smk_audit_info ad; 2346 int rc; 2347#ifdef CONFIG_AUDIT 2348 struct lsm_network_audit net; 2349#endif 2350 2351 if (act == SMK_RECEIVING) { 2352 skp = smack_net_ambient; 2353 object = ssp->smk_in; 2354 } else { 2355 skp = ssp->smk_out; 2356 object = smack_net_ambient; 2357 } 2358 2359 /* 2360 * Get the IP address and port from the address. 2361 */ 2362 port = ntohs(address->sin6_port); 2363 bep = (__be16 *)(&address->sin6_addr); 2364 be32p = (__be32 *)(&address->sin6_addr); 2365 2366 /* 2367 * It's remote, so port lookup does no good. 2368 */ 2369 if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1) 2370 goto auditout; 2371 2372 /* 2373 * It's local so the send check has to have passed. 2374 */ 2375 if (act == SMK_RECEIVING) { 2376 skp = &smack_known_web; 2377 goto auditout; 2378 } 2379 2380 list_for_each_entry(spp, &smk_ipv6_port_list, list) { 2381 if (spp->smk_port != port) 2382 continue; 2383 object = spp->smk_in; 2384 if (act == SMK_CONNECTING) 2385 ssp->smk_packet = spp->smk_out; 2386 break; 2387 } 2388 2389auditout: 2390 2391#ifdef CONFIG_AUDIT 2392 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 2393 ad.a.u.net->family = sk->sk_family; 2394 ad.a.u.net->dport = port; 2395 if (act == SMK_RECEIVING) 2396 ad.a.u.net->v6info.saddr = address->sin6_addr; 2397 else 2398 ad.a.u.net->v6info.daddr = address->sin6_addr; 2399#endif 2400 rc = smk_access(skp, object, MAY_WRITE, &ad); 2401 rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc); 2402 return rc; 2403} 2404#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2405 2406/** 2407 * smack_inode_setsecurity - set smack xattrs 2408 * @inode: the object 2409 * @name: attribute name 2410 * @value: attribute value 2411 * @size: size of the attribute 2412 * @flags: unused 2413 * 2414 * Sets the named attribute in the appropriate blob 2415 * 2416 * Returns 0 on success, or an error code 2417 */ 2418static int smack_inode_setsecurity(struct inode *inode, const char *name, 2419 const void *value, size_t size, int flags) 2420{ 2421 struct smack_known *skp; 2422 struct inode_smack *nsp = inode->i_security; 2423 struct socket_smack *ssp; 2424 struct socket *sock; 2425 int rc = 0; 2426 2427 if (value == NULL || size > SMK_LONGLABEL || size == 0) 2428 return -EINVAL; 2429 2430 skp = smk_import_entry(value, size); 2431 if (skp == NULL) 2432 return -EINVAL; 2433 2434 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 2435 nsp->smk_inode = skp; 2436 nsp->smk_flags |= SMK_INODE_INSTANT; 2437 return 0; 2438 } 2439 /* 2440 * The rest of the Smack xattrs are only on sockets. 2441 */ 2442 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 2443 return -EOPNOTSUPP; 2444 2445 sock = SOCKET_I(inode); 2446 if (sock == NULL || sock->sk == NULL) 2447 return -EOPNOTSUPP; 2448 2449 ssp = sock->sk->sk_security; 2450 2451 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 2452 ssp->smk_in = skp; 2453 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 2454 ssp->smk_out = skp; 2455 if (sock->sk->sk_family == PF_INET) { 2456 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2457 if (rc != 0) 2458 printk(KERN_WARNING 2459 "Smack: \"%s\" netlbl error %d.\n", 2460 __func__, -rc); 2461 } 2462 } else 2463 return -EOPNOTSUPP; 2464 2465#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2466 if (sock->sk->sk_family == PF_INET6) 2467 smk_ipv6_port_label(sock, NULL); 2468#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2469 2470 return 0; 2471} 2472 2473/** 2474 * smack_socket_post_create - finish socket setup 2475 * @sock: the socket 2476 * @family: protocol family 2477 * @type: unused 2478 * @protocol: unused 2479 * @kern: unused 2480 * 2481 * Sets the netlabel information on the socket 2482 * 2483 * Returns 0 on success, and error code otherwise 2484 */ 2485static int smack_socket_post_create(struct socket *sock, int family, 2486 int type, int protocol, int kern) 2487{ 2488 struct socket_smack *ssp; 2489 2490 if (sock->sk == NULL) 2491 return 0; 2492 2493 /* 2494 * Sockets created by kernel threads receive web label. 2495 */ 2496 if (unlikely(current->flags & PF_KTHREAD)) { 2497 ssp = sock->sk->sk_security; 2498 ssp->smk_in = &smack_known_web; 2499 ssp->smk_out = &smack_known_web; 2500 } 2501 2502 if (family != PF_INET) 2503 return 0; 2504 /* 2505 * Set the outbound netlbl. 2506 */ 2507 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 2508} 2509 2510#ifndef CONFIG_SECURITY_SMACK_NETFILTER 2511/** 2512 * smack_socket_bind - record port binding information. 2513 * @sock: the socket 2514 * @address: the port address 2515 * @addrlen: size of the address 2516 * 2517 * Records the label bound to a port. 2518 * 2519 * Returns 0 2520 */ 2521static int smack_socket_bind(struct socket *sock, struct sockaddr *address, 2522 int addrlen) 2523{ 2524#if IS_ENABLED(CONFIG_IPV6) 2525 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) 2526 smk_ipv6_port_label(sock, address); 2527#endif 2528 2529 return 0; 2530} 2531#endif /* !CONFIG_SECURITY_SMACK_NETFILTER */ 2532 2533/** 2534 * smack_socket_connect - connect access check 2535 * @sock: the socket 2536 * @sap: the other end 2537 * @addrlen: size of sap 2538 * 2539 * Verifies that a connection may be possible 2540 * 2541 * Returns 0 on success, and error code otherwise 2542 */ 2543static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2544 int addrlen) 2545{ 2546 int rc = 0; 2547 2548 if (sock->sk == NULL) 2549 return 0; 2550 2551 switch (sock->sk->sk_family) { 2552 case PF_INET: 2553 if (addrlen < sizeof(struct sockaddr_in)) 2554 return -EINVAL; 2555 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); 2556 break; 2557 case PF_INET6: 2558 if (addrlen < sizeof(struct sockaddr_in6)) 2559 return -EINVAL; 2560#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 2561 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap, 2562 SMK_CONNECTING); 2563#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 2564 break; 2565 } 2566 return rc; 2567} 2568 2569/** 2570 * smack_flags_to_may - convert S_ to MAY_ values 2571 * @flags: the S_ value 2572 * 2573 * Returns the equivalent MAY_ value 2574 */ 2575static int smack_flags_to_may(int flags) 2576{ 2577 int may = 0; 2578 2579 if (flags & S_IRUGO) 2580 may |= MAY_READ; 2581 if (flags & S_IWUGO) 2582 may |= MAY_WRITE; 2583 if (flags & S_IXUGO) 2584 may |= MAY_EXEC; 2585 2586 return may; 2587} 2588 2589/** 2590 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2591 * @msg: the object 2592 * 2593 * Returns 0 2594 */ 2595static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2596{ 2597 struct smack_known *skp = smk_of_current(); 2598 2599 msg->security = skp; 2600 return 0; 2601} 2602 2603/** 2604 * smack_msg_msg_free_security - Clear the security blob for msg_msg 2605 * @msg: the object 2606 * 2607 * Clears the blob pointer 2608 */ 2609static void smack_msg_msg_free_security(struct msg_msg *msg) 2610{ 2611 msg->security = NULL; 2612} 2613 2614/** 2615 * smack_of_shm - the smack pointer for the shm 2616 * @shp: the object 2617 * 2618 * Returns a pointer to the smack value 2619 */ 2620static struct smack_known *smack_of_shm(struct shmid_kernel *shp) 2621{ 2622 return (struct smack_known *)shp->shm_perm.security; 2623} 2624 2625/** 2626 * smack_shm_alloc_security - Set the security blob for shm 2627 * @shp: the object 2628 * 2629 * Returns 0 2630 */ 2631static int smack_shm_alloc_security(struct shmid_kernel *shp) 2632{ 2633 struct kern_ipc_perm *isp = &shp->shm_perm; 2634 struct smack_known *skp = smk_of_current(); 2635 2636 isp->security = skp; 2637 return 0; 2638} 2639 2640/** 2641 * smack_shm_free_security - Clear the security blob for shm 2642 * @shp: the object 2643 * 2644 * Clears the blob pointer 2645 */ 2646static void smack_shm_free_security(struct shmid_kernel *shp) 2647{ 2648 struct kern_ipc_perm *isp = &shp->shm_perm; 2649 2650 isp->security = NULL; 2651} 2652 2653/** 2654 * smk_curacc_shm : check if current has access on shm 2655 * @shp : the object 2656 * @access : access requested 2657 * 2658 * Returns 0 if current has the requested access, error code otherwise 2659 */ 2660static int smk_curacc_shm(struct shmid_kernel *shp, int access) 2661{ 2662 struct smack_known *ssp = smack_of_shm(shp); 2663 struct smk_audit_info ad; 2664 int rc; 2665 2666#ifdef CONFIG_AUDIT 2667 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2668 ad.a.u.ipc_id = shp->shm_perm.id; 2669#endif 2670 rc = smk_curacc(ssp, access, &ad); 2671 rc = smk_bu_current("shm", ssp, access, rc); 2672 return rc; 2673} 2674 2675/** 2676 * smack_shm_associate - Smack access check for shm 2677 * @shp: the object 2678 * @shmflg: access requested 2679 * 2680 * Returns 0 if current has the requested access, error code otherwise 2681 */ 2682static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 2683{ 2684 int may; 2685 2686 may = smack_flags_to_may(shmflg); 2687 return smk_curacc_shm(shp, may); 2688} 2689 2690/** 2691 * smack_shm_shmctl - Smack access check for shm 2692 * @shp: the object 2693 * @cmd: what it wants to do 2694 * 2695 * Returns 0 if current has the requested access, error code otherwise 2696 */ 2697static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 2698{ 2699 int may; 2700 2701 switch (cmd) { 2702 case IPC_STAT: 2703 case SHM_STAT: 2704 may = MAY_READ; 2705 break; 2706 case IPC_SET: 2707 case SHM_LOCK: 2708 case SHM_UNLOCK: 2709 case IPC_RMID: 2710 may = MAY_READWRITE; 2711 break; 2712 case IPC_INFO: 2713 case SHM_INFO: 2714 /* 2715 * System level information. 2716 */ 2717 return 0; 2718 default: 2719 return -EINVAL; 2720 } 2721 return smk_curacc_shm(shp, may); 2722} 2723 2724/** 2725 * smack_shm_shmat - Smack access for shmat 2726 * @shp: the object 2727 * @shmaddr: unused 2728 * @shmflg: access requested 2729 * 2730 * Returns 0 if current has the requested access, error code otherwise 2731 */ 2732static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 2733 int shmflg) 2734{ 2735 int may; 2736 2737 may = smack_flags_to_may(shmflg); 2738 return smk_curacc_shm(shp, may); 2739} 2740 2741/** 2742 * smack_of_sem - the smack pointer for the sem 2743 * @sma: the object 2744 * 2745 * Returns a pointer to the smack value 2746 */ 2747static struct smack_known *smack_of_sem(struct sem_array *sma) 2748{ 2749 return (struct smack_known *)sma->sem_perm.security; 2750} 2751 2752/** 2753 * smack_sem_alloc_security - Set the security blob for sem 2754 * @sma: the object 2755 * 2756 * Returns 0 2757 */ 2758static int smack_sem_alloc_security(struct sem_array *sma) 2759{ 2760 struct kern_ipc_perm *isp = &sma->sem_perm; 2761 struct smack_known *skp = smk_of_current(); 2762 2763 isp->security = skp; 2764 return 0; 2765} 2766 2767/** 2768 * smack_sem_free_security - Clear the security blob for sem 2769 * @sma: the object 2770 * 2771 * Clears the blob pointer 2772 */ 2773static void smack_sem_free_security(struct sem_array *sma) 2774{ 2775 struct kern_ipc_perm *isp = &sma->sem_perm; 2776 2777 isp->security = NULL; 2778} 2779 2780/** 2781 * smk_curacc_sem : check if current has access on sem 2782 * @sma : the object 2783 * @access : access requested 2784 * 2785 * Returns 0 if current has the requested access, error code otherwise 2786 */ 2787static int smk_curacc_sem(struct sem_array *sma, int access) 2788{ 2789 struct smack_known *ssp = smack_of_sem(sma); 2790 struct smk_audit_info ad; 2791 int rc; 2792 2793#ifdef CONFIG_AUDIT 2794 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2795 ad.a.u.ipc_id = sma->sem_perm.id; 2796#endif 2797 rc = smk_curacc(ssp, access, &ad); 2798 rc = smk_bu_current("sem", ssp, access, rc); 2799 return rc; 2800} 2801 2802/** 2803 * smack_sem_associate - Smack access check for sem 2804 * @sma: the object 2805 * @semflg: access requested 2806 * 2807 * Returns 0 if current has the requested access, error code otherwise 2808 */ 2809static int smack_sem_associate(struct sem_array *sma, int semflg) 2810{ 2811 int may; 2812 2813 may = smack_flags_to_may(semflg); 2814 return smk_curacc_sem(sma, may); 2815} 2816 2817/** 2818 * smack_sem_shmctl - Smack access check for sem 2819 * @sma: the object 2820 * @cmd: what it wants to do 2821 * 2822 * Returns 0 if current has the requested access, error code otherwise 2823 */ 2824static int smack_sem_semctl(struct sem_array *sma, int cmd) 2825{ 2826 int may; 2827 2828 switch (cmd) { 2829 case GETPID: 2830 case GETNCNT: 2831 case GETZCNT: 2832 case GETVAL: 2833 case GETALL: 2834 case IPC_STAT: 2835 case SEM_STAT: 2836 may = MAY_READ; 2837 break; 2838 case SETVAL: 2839 case SETALL: 2840 case IPC_RMID: 2841 case IPC_SET: 2842 may = MAY_READWRITE; 2843 break; 2844 case IPC_INFO: 2845 case SEM_INFO: 2846 /* 2847 * System level information 2848 */ 2849 return 0; 2850 default: 2851 return -EINVAL; 2852 } 2853 2854 return smk_curacc_sem(sma, may); 2855} 2856 2857/** 2858 * smack_sem_semop - Smack checks of semaphore operations 2859 * @sma: the object 2860 * @sops: unused 2861 * @nsops: unused 2862 * @alter: unused 2863 * 2864 * Treated as read and write in all cases. 2865 * 2866 * Returns 0 if access is allowed, error code otherwise 2867 */ 2868static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, 2869 unsigned nsops, int alter) 2870{ 2871 return smk_curacc_sem(sma, MAY_READWRITE); 2872} 2873 2874/** 2875 * smack_msg_alloc_security - Set the security blob for msg 2876 * @msq: the object 2877 * 2878 * Returns 0 2879 */ 2880static int smack_msg_queue_alloc_security(struct msg_queue *msq) 2881{ 2882 struct kern_ipc_perm *kisp = &msq->q_perm; 2883 struct smack_known *skp = smk_of_current(); 2884 2885 kisp->security = skp; 2886 return 0; 2887} 2888 2889/** 2890 * smack_msg_free_security - Clear the security blob for msg 2891 * @msq: the object 2892 * 2893 * Clears the blob pointer 2894 */ 2895static void smack_msg_queue_free_security(struct msg_queue *msq) 2896{ 2897 struct kern_ipc_perm *kisp = &msq->q_perm; 2898 2899 kisp->security = NULL; 2900} 2901 2902/** 2903 * smack_of_msq - the smack pointer for the msq 2904 * @msq: the object 2905 * 2906 * Returns a pointer to the smack label entry 2907 */ 2908static struct smack_known *smack_of_msq(struct msg_queue *msq) 2909{ 2910 return (struct smack_known *)msq->q_perm.security; 2911} 2912 2913/** 2914 * smk_curacc_msq : helper to check if current has access on msq 2915 * @msq : the msq 2916 * @access : access requested 2917 * 2918 * return 0 if current has access, error otherwise 2919 */ 2920static int smk_curacc_msq(struct msg_queue *msq, int access) 2921{ 2922 struct smack_known *msp = smack_of_msq(msq); 2923 struct smk_audit_info ad; 2924 int rc; 2925 2926#ifdef CONFIG_AUDIT 2927 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2928 ad.a.u.ipc_id = msq->q_perm.id; 2929#endif 2930 rc = smk_curacc(msp, access, &ad); 2931 rc = smk_bu_current("msq", msp, access, rc); 2932 return rc; 2933} 2934 2935/** 2936 * smack_msg_queue_associate - Smack access check for msg_queue 2937 * @msq: the object 2938 * @msqflg: access requested 2939 * 2940 * Returns 0 if current has the requested access, error code otherwise 2941 */ 2942static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) 2943{ 2944 int may; 2945 2946 may = smack_flags_to_may(msqflg); 2947 return smk_curacc_msq(msq, may); 2948} 2949 2950/** 2951 * smack_msg_queue_msgctl - Smack access check for msg_queue 2952 * @msq: the object 2953 * @cmd: what it wants to do 2954 * 2955 * Returns 0 if current has the requested access, error code otherwise 2956 */ 2957static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 2958{ 2959 int may; 2960 2961 switch (cmd) { 2962 case IPC_STAT: 2963 case MSG_STAT: 2964 may = MAY_READ; 2965 break; 2966 case IPC_SET: 2967 case IPC_RMID: 2968 may = MAY_READWRITE; 2969 break; 2970 case IPC_INFO: 2971 case MSG_INFO: 2972 /* 2973 * System level information 2974 */ 2975 return 0; 2976 default: 2977 return -EINVAL; 2978 } 2979 2980 return smk_curacc_msq(msq, may); 2981} 2982 2983/** 2984 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2985 * @msq: the object 2986 * @msg: unused 2987 * @msqflg: access requested 2988 * 2989 * Returns 0 if current has the requested access, error code otherwise 2990 */ 2991static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 2992 int msqflg) 2993{ 2994 int may; 2995 2996 may = smack_flags_to_may(msqflg); 2997 return smk_curacc_msq(msq, may); 2998} 2999 3000/** 3001 * smack_msg_queue_msgsnd - Smack access check for msg_queue 3002 * @msq: the object 3003 * @msg: unused 3004 * @target: unused 3005 * @type: unused 3006 * @mode: unused 3007 * 3008 * Returns 0 if current has read and write access, error code otherwise 3009 */ 3010static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 3011 struct task_struct *target, long type, int mode) 3012{ 3013 return smk_curacc_msq(msq, MAY_READWRITE); 3014} 3015 3016/** 3017 * smack_ipc_permission - Smack access for ipc_permission() 3018 * @ipp: the object permissions 3019 * @flag: access requested 3020 * 3021 * Returns 0 if current has read and write access, error code otherwise 3022 */ 3023static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3024{ 3025 struct smack_known *iskp = ipp->security; 3026 int may = smack_flags_to_may(flag); 3027 struct smk_audit_info ad; 3028 int rc; 3029 3030#ifdef CONFIG_AUDIT 3031 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3032 ad.a.u.ipc_id = ipp->id; 3033#endif 3034 rc = smk_curacc(iskp, may, &ad); 3035 rc = smk_bu_current("svipc", iskp, may, rc); 3036 return rc; 3037} 3038 3039/** 3040 * smack_ipc_getsecid - Extract smack security id 3041 * @ipp: the object permissions 3042 * @secid: where result will be saved 3043 */ 3044static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3045{ 3046 struct smack_known *iskp = ipp->security; 3047 3048 *secid = iskp->smk_secid; 3049} 3050 3051/** 3052 * smack_d_instantiate - Make sure the blob is correct on an inode 3053 * @opt_dentry: dentry where inode will be attached 3054 * @inode: the object 3055 * 3056 * Set the inode's security blob if it hasn't been done already. 3057 */ 3058static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 3059{ 3060 struct super_block *sbp; 3061 struct superblock_smack *sbsp; 3062 struct inode_smack *isp; 3063 struct smack_known *skp; 3064 struct smack_known *ckp = smk_of_current(); 3065 struct smack_known *final; 3066 char trattr[TRANS_TRUE_SIZE]; 3067 int transflag = 0; 3068 int rc; 3069 struct dentry *dp; 3070 3071 if (inode == NULL) 3072 return; 3073 3074 isp = inode->i_security; 3075 3076 mutex_lock(&isp->smk_lock); 3077 /* 3078 * If the inode is already instantiated 3079 * take the quick way out 3080 */ 3081 if (isp->smk_flags & SMK_INODE_INSTANT) 3082 goto unlockandout; 3083 3084 sbp = inode->i_sb; 3085 sbsp = sbp->s_security; 3086 /* 3087 * We're going to use the superblock default label 3088 * if there's no label on the file. 3089 */ 3090 final = sbsp->smk_default; 3091 3092 /* 3093 * If this is the root inode the superblock 3094 * may be in the process of initialization. 3095 * If that is the case use the root value out 3096 * of the superblock. 3097 */ 3098 if (opt_dentry->d_parent == opt_dentry) { 3099 switch (sbp->s_magic) { 3100 case CGROUP_SUPER_MAGIC: 3101 /* 3102 * The cgroup filesystem is never mounted, 3103 * so there's no opportunity to set the mount 3104 * options. 3105 */ 3106 sbsp->smk_root = &smack_known_star; 3107 sbsp->smk_default = &smack_known_star; 3108 isp->smk_inode = sbsp->smk_root; 3109 break; 3110 case TMPFS_MAGIC: 3111 /* 3112 * What about shmem/tmpfs anonymous files with dentry 3113 * obtained from d_alloc_pseudo()? 3114 */ 3115 isp->smk_inode = smk_of_current(); 3116 break; 3117 default: 3118 isp->smk_inode = sbsp->smk_root; 3119 break; 3120 } 3121 isp->smk_flags |= SMK_INODE_INSTANT; 3122 goto unlockandout; 3123 } 3124 3125 /* 3126 * This is pretty hackish. 3127 * Casey says that we shouldn't have to do 3128 * file system specific code, but it does help 3129 * with keeping it simple. 3130 */ 3131 switch (sbp->s_magic) { 3132 case SMACK_MAGIC: 3133 case PIPEFS_MAGIC: 3134 case SOCKFS_MAGIC: 3135 case CGROUP_SUPER_MAGIC: 3136 /* 3137 * Casey says that it's a little embarrassing 3138 * that the smack file system doesn't do 3139 * extended attributes. 3140 * 3141 * Casey says pipes are easy (?) 3142 * 3143 * Socket access is controlled by the socket 3144 * structures associated with the task involved. 3145 * 3146 * Cgroupfs is special 3147 */ 3148 final = &smack_known_star; 3149 break; 3150 case DEVPTS_SUPER_MAGIC: 3151 /* 3152 * devpts seems content with the label of the task. 3153 * Programs that change smack have to treat the 3154 * pty with respect. 3155 */ 3156 final = ckp; 3157 break; 3158 case PROC_SUPER_MAGIC: 3159 /* 3160 * Casey says procfs appears not to care. 3161 * The superblock default suffices. 3162 */ 3163 break; 3164 case TMPFS_MAGIC: 3165 /* 3166 * Device labels should come from the filesystem, 3167 * but watch out, because they're volitile, 3168 * getting recreated on every reboot. 3169 */ 3170 final = &smack_known_star; 3171 /* 3172 * No break. 3173 * 3174 * If a smack value has been set we want to use it, 3175 * but since tmpfs isn't giving us the opportunity 3176 * to set mount options simulate setting the 3177 * superblock default. 3178 */ 3179 default: 3180 /* 3181 * This isn't an understood special case. 3182 * Get the value from the xattr. 3183 */ 3184 3185 /* 3186 * UNIX domain sockets use lower level socket data. 3187 */ 3188 if (S_ISSOCK(inode->i_mode)) { 3189 final = &smack_known_star; 3190 break; 3191 } 3192 /* 3193 * No xattr support means, alas, no SMACK label. 3194 * Use the aforeapplied default. 3195 * It would be curious if the label of the task 3196 * does not match that assigned. 3197 */ 3198 if (inode->i_op->getxattr == NULL) 3199 break; 3200 /* 3201 * Get the dentry for xattr. 3202 */ 3203 dp = dget(opt_dentry); 3204 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp); 3205 if (skp != NULL) 3206 final = skp; 3207 3208 /* 3209 * Transmuting directory 3210 */ 3211 if (S_ISDIR(inode->i_mode)) { 3212 /* 3213 * If this is a new directory and the label was 3214 * transmuted when the inode was initialized 3215 * set the transmute attribute on the directory 3216 * and mark the inode. 3217 * 3218 * If there is a transmute attribute on the 3219 * directory mark the inode. 3220 */ 3221 if (isp->smk_flags & SMK_INODE_CHANGED) { 3222 isp->smk_flags &= ~SMK_INODE_CHANGED; 3223 rc = inode->i_op->setxattr(dp, 3224 XATTR_NAME_SMACKTRANSMUTE, 3225 TRANS_TRUE, TRANS_TRUE_SIZE, 3226 0); 3227 } else { 3228 rc = inode->i_op->getxattr(dp, 3229 XATTR_NAME_SMACKTRANSMUTE, trattr, 3230 TRANS_TRUE_SIZE); 3231 if (rc >= 0 && strncmp(trattr, TRANS_TRUE, 3232 TRANS_TRUE_SIZE) != 0) 3233 rc = -EINVAL; 3234 } 3235 if (rc >= 0) 3236 transflag = SMK_INODE_TRANSMUTE; 3237 } 3238 /* 3239 * Don't let the exec or mmap label be "*" or "@". 3240 */ 3241 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 3242 if (skp == &smack_known_star || skp == &smack_known_web) 3243 skp = NULL; 3244 isp->smk_task = skp; 3245 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 3246 if (skp == &smack_known_star || skp == &smack_known_web) 3247 skp = NULL; 3248 isp->smk_mmap = skp; 3249 3250 dput(dp); 3251 break; 3252 } 3253 3254 if (final == NULL) 3255 isp->smk_inode = ckp; 3256 else 3257 isp->smk_inode = final; 3258 3259 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 3260 3261unlockandout: 3262 mutex_unlock(&isp->smk_lock); 3263 return; 3264} 3265 3266/** 3267 * smack_getprocattr - Smack process attribute access 3268 * @p: the object task 3269 * @name: the name of the attribute in /proc/.../attr 3270 * @value: where to put the result 3271 * 3272 * Places a copy of the task Smack into value 3273 * 3274 * Returns the length of the smack label or an error code 3275 */ 3276static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3277{ 3278 struct smack_known *skp = smk_of_task_struct(p); 3279 char *cp; 3280 int slen; 3281 3282 if (strcmp(name, "current") != 0) 3283 return -EINVAL; 3284 3285 cp = kstrdup(skp->smk_known, GFP_KERNEL); 3286 if (cp == NULL) 3287 return -ENOMEM; 3288 3289 slen = strlen(cp); 3290 *value = cp; 3291 return slen; 3292} 3293 3294/** 3295 * smack_setprocattr - Smack process attribute setting 3296 * @p: the object task 3297 * @name: the name of the attribute in /proc/.../attr 3298 * @value: the value to set 3299 * @size: the size of the value 3300 * 3301 * Sets the Smack value of the task. Only setting self 3302 * is permitted and only with privilege 3303 * 3304 * Returns the length of the smack label or an error code 3305 */ 3306static int smack_setprocattr(struct task_struct *p, char *name, 3307 void *value, size_t size) 3308{ 3309 struct task_smack *tsp; 3310 struct cred *new; 3311 struct smack_known *skp; 3312 3313 /* 3314 * Changing another process' Smack value is too dangerous 3315 * and supports no sane use case. 3316 */ 3317 if (p != current) 3318 return -EPERM; 3319 3320 if (!smack_privileged(CAP_MAC_ADMIN)) 3321 return -EPERM; 3322 3323 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3324 return -EINVAL; 3325 3326 if (strcmp(name, "current") != 0) 3327 return -EINVAL; 3328 3329 skp = smk_import_entry(value, size); 3330 if (skp == NULL) 3331 return -EINVAL; 3332 3333 /* 3334 * No process is ever allowed the web ("@") label. 3335 */ 3336 if (skp == &smack_known_web) 3337 return -EPERM; 3338 3339 new = prepare_creds(); 3340 if (new == NULL) 3341 return -ENOMEM; 3342 3343 tsp = new->security; 3344 tsp->smk_task = skp; 3345 3346 commit_creds(new); 3347 return size; 3348} 3349 3350/** 3351 * smack_unix_stream_connect - Smack access on UDS 3352 * @sock: one sock 3353 * @other: the other sock 3354 * @newsk: unused 3355 * 3356 * Return 0 if a subject with the smack of sock could access 3357 * an object with the smack of other, otherwise an error code 3358 */ 3359static int smack_unix_stream_connect(struct sock *sock, 3360 struct sock *other, struct sock *newsk) 3361{ 3362 struct smack_known *skp; 3363 struct smack_known *okp; 3364 struct socket_smack *ssp = sock->sk_security; 3365 struct socket_smack *osp = other->sk_security; 3366 struct socket_smack *nsp = newsk->sk_security; 3367 struct smk_audit_info ad; 3368 int rc = 0; 3369#ifdef CONFIG_AUDIT 3370 struct lsm_network_audit net; 3371#endif 3372 3373 if (!smack_privileged(CAP_MAC_OVERRIDE)) { 3374 skp = ssp->smk_out; 3375 okp = osp->smk_in; 3376#ifdef CONFIG_AUDIT 3377 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3378 smk_ad_setfield_u_net_sk(&ad, other); 3379#endif 3380 rc = smk_access(skp, okp, MAY_WRITE, &ad); 3381 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); 3382 if (rc == 0) { 3383 okp = osp->smk_out; 3384 skp = ssp->smk_in; 3385 rc = smk_access(okp, skp, MAY_WRITE, &ad); 3386 rc = smk_bu_note("UDS connect", okp, skp, 3387 MAY_WRITE, rc); 3388 } 3389 } 3390 3391 /* 3392 * Cross reference the peer labels for SO_PEERSEC. 3393 */ 3394 if (rc == 0) { 3395 nsp->smk_packet = ssp->smk_out; 3396 ssp->smk_packet = osp->smk_out; 3397 } 3398 3399 return rc; 3400} 3401 3402/** 3403 * smack_unix_may_send - Smack access on UDS 3404 * @sock: one socket 3405 * @other: the other socket 3406 * 3407 * Return 0 if a subject with the smack of sock could access 3408 * an object with the smack of other, otherwise an error code 3409 */ 3410static int smack_unix_may_send(struct socket *sock, struct socket *other) 3411{ 3412 struct socket_smack *ssp = sock->sk->sk_security; 3413 struct socket_smack *osp = other->sk->sk_security; 3414 struct smk_audit_info ad; 3415 int rc; 3416 3417#ifdef CONFIG_AUDIT 3418 struct lsm_network_audit net; 3419 3420 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3421 smk_ad_setfield_u_net_sk(&ad, other->sk); 3422#endif 3423 3424 if (smack_privileged(CAP_MAC_OVERRIDE)) 3425 return 0; 3426 3427 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 3428 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc); 3429 return rc; 3430} 3431 3432/** 3433 * smack_socket_sendmsg - Smack check based on destination host 3434 * @sock: the socket 3435 * @msg: the message 3436 * @size: the size of the message 3437 * 3438 * Return 0 if the current subject can write to the destination host. 3439 * For IPv4 this is only a question if the destination is a single label host. 3440 * For IPv6 this is a check against the label of the port. 3441 */ 3442static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3443 int size) 3444{ 3445 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 3446#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 3447 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; 3448#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 3449 int rc = 0; 3450 3451 /* 3452 * Perfectly reasonable for this to be NULL 3453 */ 3454 if (sip == NULL) 3455 return 0; 3456 3457 switch (sip->sin_family) { 3458 case AF_INET: 3459 rc = smack_netlabel_send(sock->sk, sip); 3460 break; 3461 case AF_INET6: 3462#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) 3463 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); 3464#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ 3465 break; 3466 } 3467 return rc; 3468} 3469 3470/** 3471 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 3472 * @sap: netlabel secattr 3473 * @ssp: socket security information 3474 * 3475 * Returns a pointer to a Smack label entry found on the label list. 3476 */ 3477static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, 3478 struct socket_smack *ssp) 3479{ 3480 struct smack_known *skp; 3481 int found = 0; 3482 int acat; 3483 int kcat; 3484 3485 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 3486 /* 3487 * Looks like a CIPSO packet. 3488 * If there are flags but no level netlabel isn't 3489 * behaving the way we expect it to. 3490 * 3491 * Look it up in the label table 3492 * Without guidance regarding the smack value 3493 * for the packet fall back on the network 3494 * ambient value. 3495 */ 3496 rcu_read_lock(); 3497 list_for_each_entry(skp, &smack_known_list, list) { 3498 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl) 3499 continue; 3500 /* 3501 * Compare the catsets. Use the netlbl APIs. 3502 */ 3503 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) { 3504 if ((skp->smk_netlabel.flags & 3505 NETLBL_SECATTR_MLS_CAT) == 0) 3506 found = 1; 3507 break; 3508 } 3509 for (acat = -1, kcat = -1; acat == kcat; ) { 3510 acat = netlbl_catmap_walk(sap->attr.mls.cat, 3511 acat + 1); 3512 kcat = netlbl_catmap_walk( 3513 skp->smk_netlabel.attr.mls.cat, 3514 kcat + 1); 3515 if (acat < 0 || kcat < 0) 3516 break; 3517 } 3518 if (acat == kcat) { 3519 found = 1; 3520 break; 3521 } 3522 } 3523 rcu_read_unlock(); 3524 3525 if (found) 3526 return skp; 3527 3528 if (ssp != NULL && ssp->smk_in == &smack_known_star) 3529 return &smack_known_web; 3530 return &smack_known_star; 3531 } 3532 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { 3533 /* 3534 * Looks like a fallback, which gives us a secid. 3535 */ 3536 skp = smack_from_secid(sap->attr.secid); 3537 /* 3538 * This has got to be a bug because it is 3539 * impossible to specify a fallback without 3540 * specifying the label, which will ensure 3541 * it has a secid, and the only way to get a 3542 * secid is from a fallback. 3543 */ 3544 BUG_ON(skp == NULL); 3545 return skp; 3546 } 3547 /* 3548 * Without guidance regarding the smack value 3549 * for the packet fall back on the network 3550 * ambient value. 3551 */ 3552 return smack_net_ambient; 3553} 3554 3555#if IS_ENABLED(CONFIG_IPV6) 3556static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) 3557{ 3558 u8 nexthdr; 3559 int offset; 3560 int proto = -EINVAL; 3561 struct ipv6hdr _ipv6h; 3562 struct ipv6hdr *ip6; 3563 __be16 frag_off; 3564 struct tcphdr _tcph, *th; 3565 struct udphdr _udph, *uh; 3566 struct dccp_hdr _dccph, *dh; 3567 3568 sip->sin6_port = 0; 3569 3570 offset = skb_network_offset(skb); 3571 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3572 if (ip6 == NULL) 3573 return -EINVAL; 3574 sip->sin6_addr = ip6->saddr; 3575 3576 nexthdr = ip6->nexthdr; 3577 offset += sizeof(_ipv6h); 3578 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); 3579 if (offset < 0) 3580 return -EINVAL; 3581 3582 proto = nexthdr; 3583 switch (proto) { 3584 case IPPROTO_TCP: 3585 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3586 if (th != NULL) 3587 sip->sin6_port = th->source; 3588 break; 3589 case IPPROTO_UDP: 3590 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3591 if (uh != NULL) 3592 sip->sin6_port = uh->source; 3593 break; 3594 case IPPROTO_DCCP: 3595 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3596 if (dh != NULL) 3597 sip->sin6_port = dh->dccph_sport; 3598 break; 3599 } 3600 return proto; 3601} 3602#endif /* CONFIG_IPV6 */ 3603 3604/** 3605 * smack_socket_sock_rcv_skb - Smack packet delivery access check 3606 * @sk: socket 3607 * @skb: packet 3608 * 3609 * Returns 0 if the packet should be delivered, an error code otherwise 3610 */ 3611static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3612{ 3613 struct netlbl_lsm_secattr secattr; 3614 struct socket_smack *ssp = sk->sk_security; 3615 struct smack_known *skp = NULL; 3616 int rc = 0; 3617 struct smk_audit_info ad; 3618#ifdef CONFIG_AUDIT 3619 struct lsm_network_audit net; 3620#endif 3621#if IS_ENABLED(CONFIG_IPV6) 3622 struct sockaddr_in6 sadd; 3623 int proto; 3624#endif /* CONFIG_IPV6 */ 3625 3626 switch (sk->sk_family) { 3627 case PF_INET: 3628#ifdef CONFIG_SECURITY_SMACK_NETFILTER 3629 /* 3630 * If there is a secmark use it rather than the CIPSO label. 3631 * If there is no secmark fall back to CIPSO. 3632 * The secmark is assumed to reflect policy better. 3633 */ 3634 if (skb && skb->secmark != 0) { 3635 skp = smack_from_secid(skb->secmark); 3636 goto access_check; 3637 } 3638#endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3639 /* 3640 * Translate what netlabel gave us. 3641 */ 3642 netlbl_secattr_init(&secattr); 3643 3644 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); 3645 if (rc == 0) 3646 skp = smack_from_secattr(&secattr, ssp); 3647 else 3648 skp = smack_net_ambient; 3649 3650 netlbl_secattr_destroy(&secattr); 3651 3652#ifdef CONFIG_SECURITY_SMACK_NETFILTER 3653access_check: 3654#endif 3655#ifdef CONFIG_AUDIT 3656 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3657 ad.a.u.net->family = sk->sk_family; 3658 ad.a.u.net->netif = skb->skb_iif; 3659 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3660#endif 3661 /* 3662 * Receiving a packet requires that the other end 3663 * be able to write here. Read access is not required. 3664 * This is the simplist possible security model 3665 * for networking. 3666 */ 3667 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3668 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, 3669 MAY_WRITE, rc); 3670 if (rc != 0) 3671 netlbl_skbuff_err(skb, rc, 0); 3672 break; 3673#if IS_ENABLED(CONFIG_IPV6) 3674 case PF_INET6: 3675 proto = smk_skb_to_addr_ipv6(skb, &sadd); 3676 if (proto != IPPROTO_UDP && proto != IPPROTO_TCP) 3677 break; 3678#ifdef CONFIG_SECURITY_SMACK_NETFILTER 3679 if (skb && skb->secmark != 0) 3680 skp = smack_from_secid(skb->secmark); 3681 else 3682 skp = smack_net_ambient; 3683#ifdef CONFIG_AUDIT 3684 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3685 ad.a.u.net->family = sk->sk_family; 3686 ad.a.u.net->netif = skb->skb_iif; 3687 ipv6_skb_to_auditdata(skb, &ad.a, NULL); 3688#endif /* CONFIG_AUDIT */ 3689 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3690 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in, 3691 MAY_WRITE, rc); 3692#else /* CONFIG_SECURITY_SMACK_NETFILTER */ 3693 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); 3694#endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3695 break; 3696#endif /* CONFIG_IPV6 */ 3697 } 3698 3699 return rc; 3700} 3701 3702/** 3703 * smack_socket_getpeersec_stream - pull in packet label 3704 * @sock: the socket 3705 * @optval: user's destination 3706 * @optlen: size thereof 3707 * @len: max thereof 3708 * 3709 * returns zero on success, an error code otherwise 3710 */ 3711static int smack_socket_getpeersec_stream(struct socket *sock, 3712 char __user *optval, 3713 int __user *optlen, unsigned len) 3714{ 3715 struct socket_smack *ssp; 3716 char *rcp = ""; 3717 int slen = 1; 3718 int rc = 0; 3719 3720 ssp = sock->sk->sk_security; 3721 if (ssp->smk_packet != NULL) { 3722 rcp = ssp->smk_packet->smk_known; 3723 slen = strlen(rcp) + 1; 3724 } 3725 3726 if (slen > len) 3727 rc = -ERANGE; 3728 else if (copy_to_user(optval, rcp, slen) != 0) 3729 rc = -EFAULT; 3730 3731 if (put_user(slen, optlen) != 0) 3732 rc = -EFAULT; 3733 3734 return rc; 3735} 3736 3737 3738/** 3739 * smack_socket_getpeersec_dgram - pull in packet label 3740 * @sock: the peer socket 3741 * @skb: packet data 3742 * @secid: pointer to where to put the secid of the packet 3743 * 3744 * Sets the netlabel socket state on sk from parent 3745 */ 3746static int smack_socket_getpeersec_dgram(struct socket *sock, 3747 struct sk_buff *skb, u32 *secid) 3748 3749{ 3750 struct netlbl_lsm_secattr secattr; 3751 struct socket_smack *ssp = NULL; 3752 struct smack_known *skp; 3753 int family = PF_UNSPEC; 3754 u32 s = 0; /* 0 is the invalid secid */ 3755 int rc; 3756 3757 if (skb != NULL) { 3758 if (skb->protocol == htons(ETH_P_IP)) 3759 family = PF_INET; 3760#if IS_ENABLED(CONFIG_IPV6) 3761 else if (skb->protocol == htons(ETH_P_IPV6)) 3762 family = PF_INET6; 3763#endif /* CONFIG_IPV6 */ 3764 } 3765 if (family == PF_UNSPEC && sock != NULL) 3766 family = sock->sk->sk_family; 3767 3768 switch (family) { 3769 case PF_UNIX: 3770 ssp = sock->sk->sk_security; 3771 s = ssp->smk_out->smk_secid; 3772 break; 3773 case PF_INET: 3774#ifdef CONFIG_SECURITY_SMACK_NETFILTER 3775 s = skb->secmark; 3776 if (s != 0) 3777 break; 3778#endif 3779 /* 3780 * Translate what netlabel gave us. 3781 */ 3782 if (sock != NULL && sock->sk != NULL) 3783 ssp = sock->sk->sk_security; 3784 netlbl_secattr_init(&secattr); 3785 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3786 if (rc == 0) { 3787 skp = smack_from_secattr(&secattr, ssp); 3788 s = skp->smk_secid; 3789 } 3790 netlbl_secattr_destroy(&secattr); 3791 break; 3792#if IS_ENABLED(CONFIG_IPV6) 3793 case PF_INET6: 3794#ifdef CONFIG_SECURITY_SMACK_NETFILTER 3795 s = skb->secmark; 3796#endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3797 break; 3798#endif /* CONFIG_IPV6 */ 3799 } 3800 *secid = s; 3801 if (s == 0) 3802 return -EINVAL; 3803 return 0; 3804} 3805 3806/** 3807 * smack_sock_graft - Initialize a newly created socket with an existing sock 3808 * @sk: child sock 3809 * @parent: parent socket 3810 * 3811 * Set the smk_{in,out} state of an existing sock based on the process that 3812 * is creating the new socket. 3813 */ 3814static void smack_sock_graft(struct sock *sk, struct socket *parent) 3815{ 3816 struct socket_smack *ssp; 3817 struct smack_known *skp = smk_of_current(); 3818 3819 if (sk == NULL || 3820 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 3821 return; 3822 3823 ssp = sk->sk_security; 3824 ssp->smk_in = skp; 3825 ssp->smk_out = skp; 3826 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 3827} 3828 3829/** 3830 * smack_inet_conn_request - Smack access check on connect 3831 * @sk: socket involved 3832 * @skb: packet 3833 * @req: unused 3834 * 3835 * Returns 0 if a task with the packet label could write to 3836 * the socket, otherwise an error code 3837 */ 3838static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 3839 struct request_sock *req) 3840{ 3841 u16 family = sk->sk_family; 3842 struct smack_known *skp; 3843 struct socket_smack *ssp = sk->sk_security; 3844 struct netlbl_lsm_secattr secattr; 3845 struct sockaddr_in addr; 3846 struct iphdr *hdr; 3847 struct smack_known *hskp; 3848 int rc; 3849 struct smk_audit_info ad; 3850#ifdef CONFIG_AUDIT 3851 struct lsm_network_audit net; 3852#endif 3853 3854#if IS_ENABLED(CONFIG_IPV6) 3855 if (family == PF_INET6) { 3856 /* 3857 * Handle mapped IPv4 packets arriving 3858 * via IPv6 sockets. Don't set up netlabel 3859 * processing on IPv6. 3860 */ 3861 if (skb->protocol == htons(ETH_P_IP)) 3862 family = PF_INET; 3863 else 3864 return 0; 3865 } 3866#endif /* CONFIG_IPV6 */ 3867 3868#ifdef CONFIG_SECURITY_SMACK_NETFILTER 3869 /* 3870 * If there is a secmark use it rather than the CIPSO label. 3871 * If there is no secmark fall back to CIPSO. 3872 * The secmark is assumed to reflect policy better. 3873 */ 3874 if (skb && skb->secmark != 0) { 3875 skp = smack_from_secid(skb->secmark); 3876 goto access_check; 3877 } 3878#endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 3879 3880 netlbl_secattr_init(&secattr); 3881 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3882 if (rc == 0) 3883 skp = smack_from_secattr(&secattr, ssp); 3884 else 3885 skp = &smack_known_huh; 3886 netlbl_secattr_destroy(&secattr); 3887 3888#ifdef CONFIG_SECURITY_SMACK_NETFILTER 3889access_check: 3890#endif 3891 3892#ifdef CONFIG_AUDIT 3893 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); 3894 ad.a.u.net->family = family; 3895 ad.a.u.net->netif = skb->skb_iif; 3896 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3897#endif 3898 /* 3899 * Receiving a packet requires that the other end be able to write 3900 * here. Read access is not required. 3901 */ 3902 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad); 3903 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc); 3904 if (rc != 0) 3905 return rc; 3906 3907 /* 3908 * Save the peer's label in the request_sock so we can later setup 3909 * smk_packet in the child socket so that SO_PEERCRED can report it. 3910 */ 3911 req->peer_secid = skp->smk_secid; 3912 3913 /* 3914 * We need to decide if we want to label the incoming connection here 3915 * if we do we only need to label the request_sock and the stack will 3916 * propagate the wire-label to the sock when it is created. 3917 */ 3918 hdr = ip_hdr(skb); 3919 addr.sin_addr.s_addr = hdr->saddr; 3920 rcu_read_lock(); 3921 hskp = smack_host_label(&addr); 3922 rcu_read_unlock(); 3923 3924 if (hskp == NULL) 3925 rc = netlbl_req_setattr(req, &skp->smk_netlabel); 3926 else 3927 netlbl_req_delattr(req); 3928 3929 return rc; 3930} 3931 3932/** 3933 * smack_inet_csk_clone - Copy the connection information to the new socket 3934 * @sk: the new socket 3935 * @req: the connection's request_sock 3936 * 3937 * Transfer the connection's peer label to the newly created socket. 3938 */ 3939static void smack_inet_csk_clone(struct sock *sk, 3940 const struct request_sock *req) 3941{ 3942 struct socket_smack *ssp = sk->sk_security; 3943 struct smack_known *skp; 3944 3945 if (req->peer_secid != 0) { 3946 skp = smack_from_secid(req->peer_secid); 3947 ssp->smk_packet = skp; 3948 } else 3949 ssp->smk_packet = NULL; 3950} 3951 3952/* 3953 * Key management security hooks 3954 * 3955 * Casey has not tested key support very heavily. 3956 * The permission check is most likely too restrictive. 3957 * If you care about keys please have a look. 3958 */ 3959#ifdef CONFIG_KEYS 3960 3961/** 3962 * smack_key_alloc - Set the key security blob 3963 * @key: object 3964 * @cred: the credentials to use 3965 * @flags: unused 3966 * 3967 * No allocation required 3968 * 3969 * Returns 0 3970 */ 3971static int smack_key_alloc(struct key *key, const struct cred *cred, 3972 unsigned long flags) 3973{ 3974 struct smack_known *skp = smk_of_task(cred->security); 3975 3976 key->security = skp; 3977 return 0; 3978} 3979 3980/** 3981 * smack_key_free - Clear the key security blob 3982 * @key: the object 3983 * 3984 * Clear the blob pointer 3985 */ 3986static void smack_key_free(struct key *key) 3987{ 3988 key->security = NULL; 3989} 3990 3991/** 3992 * smack_key_permission - Smack access on a key 3993 * @key_ref: gets to the object 3994 * @cred: the credentials to use 3995 * @perm: requested key permissions 3996 * 3997 * Return 0 if the task has read and write to the object, 3998 * an error code otherwise 3999 */ 4000static int smack_key_permission(key_ref_t key_ref, 4001 const struct cred *cred, unsigned perm) 4002{ 4003 struct key *keyp; 4004 struct smk_audit_info ad; 4005 struct smack_known *tkp = smk_of_task(cred->security); 4006 int request = 0; 4007 int rc; 4008 4009 keyp = key_ref_to_ptr(key_ref); 4010 if (keyp == NULL) 4011 return -EINVAL; 4012 /* 4013 * If the key hasn't been initialized give it access so that 4014 * it may do so. 4015 */ 4016 if (keyp->security == NULL) 4017 return 0; 4018 /* 4019 * This should not occur 4020 */ 4021 if (tkp == NULL) 4022 return -EACCES; 4023#ifdef CONFIG_AUDIT 4024 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 4025 ad.a.u.key_struct.key = keyp->serial; 4026 ad.a.u.key_struct.key_desc = keyp->description; 4027#endif 4028 if (perm & KEY_NEED_READ) 4029 request = MAY_READ; 4030 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR)) 4031 request = MAY_WRITE; 4032 rc = smk_access(tkp, keyp->security, request, &ad); 4033 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4034 return rc; 4035} 4036 4037/* 4038 * smack_key_getsecurity - Smack label tagging the key 4039 * @key points to the key to be queried 4040 * @_buffer points to a pointer that should be set to point to the 4041 * resulting string (if no label or an error occurs). 4042 * Return the length of the string (including terminating NUL) or -ve if 4043 * an error. 4044 * May also return 0 (and a NULL buffer pointer) if there is no label. 4045 */ 4046static int smack_key_getsecurity(struct key *key, char **_buffer) 4047{ 4048 struct smack_known *skp = key->security; 4049 size_t length; 4050 char *copy; 4051 4052 if (key->security == NULL) { 4053 *_buffer = NULL; 4054 return 0; 4055 } 4056 4057 copy = kstrdup(skp->smk_known, GFP_KERNEL); 4058 if (copy == NULL) 4059 return -ENOMEM; 4060 length = strlen(copy) + 1; 4061 4062 *_buffer = copy; 4063 return length; 4064} 4065 4066#endif /* CONFIG_KEYS */ 4067 4068/* 4069 * Smack Audit hooks 4070 * 4071 * Audit requires a unique representation of each Smack specific 4072 * rule. This unique representation is used to distinguish the 4073 * object to be audited from remaining kernel objects and also 4074 * works as a glue between the audit hooks. 4075 * 4076 * Since repository entries are added but never deleted, we'll use 4077 * the smack_known label address related to the given audit rule as 4078 * the needed unique representation. This also better fits the smack 4079 * model where nearly everything is a label. 4080 */ 4081#ifdef CONFIG_AUDIT 4082 4083/** 4084 * smack_audit_rule_init - Initialize a smack audit rule 4085 * @field: audit rule fields given from user-space (audit.h) 4086 * @op: required testing operator (=, !=, >, <, ...) 4087 * @rulestr: smack label to be audited 4088 * @vrule: pointer to save our own audit rule representation 4089 * 4090 * Prepare to audit cases where (@field @op @rulestr) is true. 4091 * The label to be audited is created if necessay. 4092 */ 4093static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 4094{ 4095 struct smack_known *skp; 4096 char **rule = (char **)vrule; 4097 *rule = NULL; 4098 4099 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4100 return -EINVAL; 4101 4102 if (op != Audit_equal && op != Audit_not_equal) 4103 return -EINVAL; 4104 4105 skp = smk_import_entry(rulestr, 0); 4106 if (skp) 4107 *rule = skp->smk_known; 4108 4109 return 0; 4110} 4111 4112/** 4113 * smack_audit_rule_known - Distinguish Smack audit rules 4114 * @krule: rule of interest, in Audit kernel representation format 4115 * 4116 * This is used to filter Smack rules from remaining Audit ones. 4117 * If it's proved that this rule belongs to us, the 4118 * audit_rule_match hook will be called to do the final judgement. 4119 */ 4120static int smack_audit_rule_known(struct audit_krule *krule) 4121{ 4122 struct audit_field *f; 4123 int i; 4124 4125 for (i = 0; i < krule->field_count; i++) { 4126 f = &krule->fields[i]; 4127 4128 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 4129 return 1; 4130 } 4131 4132 return 0; 4133} 4134 4135/** 4136 * smack_audit_rule_match - Audit given object ? 4137 * @secid: security id for identifying the object to test 4138 * @field: audit rule flags given from user-space 4139 * @op: required testing operator 4140 * @vrule: smack internal rule presentation 4141 * @actx: audit context associated with the check 4142 * 4143 * The core Audit hook. It's used to take the decision of 4144 * whether to audit or not to audit a given object. 4145 */ 4146static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 4147 struct audit_context *actx) 4148{ 4149 struct smack_known *skp; 4150 char *rule = vrule; 4151 4152 if (unlikely(!rule)) { 4153 WARN_ONCE(1, "Smack: missing rule\n"); 4154 return -ENOENT; 4155 } 4156 4157 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 4158 return 0; 4159 4160 skp = smack_from_secid(secid); 4161 4162 /* 4163 * No need to do string comparisons. If a match occurs, 4164 * both pointers will point to the same smack_known 4165 * label. 4166 */ 4167 if (op == Audit_equal) 4168 return (rule == skp->smk_known); 4169 if (op == Audit_not_equal) 4170 return (rule != skp->smk_known); 4171 4172 return 0; 4173} 4174 4175/** 4176 * smack_audit_rule_free - free smack rule representation 4177 * @vrule: rule to be freed. 4178 * 4179 * No memory was allocated. 4180 */ 4181static void smack_audit_rule_free(void *vrule) 4182{ 4183 /* No-op */ 4184} 4185 4186#endif /* CONFIG_AUDIT */ 4187 4188/** 4189 * smack_ismaclabel - check if xattr @name references a smack MAC label 4190 * @name: Full xattr name to check. 4191 */ 4192static int smack_ismaclabel(const char *name) 4193{ 4194 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0); 4195} 4196 4197 4198/** 4199 * smack_secid_to_secctx - return the smack label for a secid 4200 * @secid: incoming integer 4201 * @secdata: destination 4202 * @seclen: how long it is 4203 * 4204 * Exists for networking code. 4205 */ 4206static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4207{ 4208 struct smack_known *skp = smack_from_secid(secid); 4209 4210 if (secdata) 4211 *secdata = skp->smk_known; 4212 *seclen = strlen(skp->smk_known); 4213 return 0; 4214} 4215 4216/** 4217 * smack_secctx_to_secid - return the secid for a smack label 4218 * @secdata: smack label 4219 * @seclen: how long result is 4220 * @secid: outgoing integer 4221 * 4222 * Exists for audit and networking code. 4223 */ 4224static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4225{ 4226 struct smack_known *skp = smk_find_entry(secdata); 4227 4228 if (skp) 4229 *secid = skp->smk_secid; 4230 else 4231 *secid = 0; 4232 return 0; 4233} 4234 4235/** 4236 * smack_release_secctx - don't do anything. 4237 * @secdata: unused 4238 * @seclen: unused 4239 * 4240 * Exists to make sure nothing gets done, and properly 4241 */ 4242static void smack_release_secctx(char *secdata, u32 seclen) 4243{ 4244} 4245 4246static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4247{ 4248 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 4249} 4250 4251static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4252{ 4253 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 4254} 4255 4256static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4257{ 4258 int len = 0; 4259 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); 4260 4261 if (len < 0) 4262 return len; 4263 *ctxlen = len; 4264 return 0; 4265} 4266 4267struct security_operations smack_ops = { 4268 .name = "smack", 4269 4270 .ptrace_access_check = smack_ptrace_access_check, 4271 .ptrace_traceme = smack_ptrace_traceme, 4272 .syslog = smack_syslog, 4273 4274 .sb_alloc_security = smack_sb_alloc_security, 4275 .sb_free_security = smack_sb_free_security, 4276 .sb_copy_data = smack_sb_copy_data, 4277 .sb_kern_mount = smack_sb_kern_mount, 4278 .sb_statfs = smack_sb_statfs, 4279 4280 .bprm_set_creds = smack_bprm_set_creds, 4281 .bprm_committing_creds = smack_bprm_committing_creds, 4282 .bprm_secureexec = smack_bprm_secureexec, 4283 4284 .inode_alloc_security = smack_inode_alloc_security, 4285 .inode_free_security = smack_inode_free_security, 4286 .inode_init_security = smack_inode_init_security, 4287 .inode_link = smack_inode_link, 4288 .inode_unlink = smack_inode_unlink, 4289 .inode_rmdir = smack_inode_rmdir, 4290 .inode_rename = smack_inode_rename, 4291 .inode_permission = smack_inode_permission, 4292 .inode_setattr = smack_inode_setattr, 4293 .inode_getattr = smack_inode_getattr, 4294 .inode_setxattr = smack_inode_setxattr, 4295 .inode_post_setxattr = smack_inode_post_setxattr, 4296 .inode_getxattr = smack_inode_getxattr, 4297 .inode_removexattr = smack_inode_removexattr, 4298 .inode_getsecurity = smack_inode_getsecurity, 4299 .inode_setsecurity = smack_inode_setsecurity, 4300 .inode_listsecurity = smack_inode_listsecurity, 4301 .inode_getsecid = smack_inode_getsecid, 4302 4303 .file_permission = smack_file_permission, 4304 .file_alloc_security = smack_file_alloc_security, 4305 .file_free_security = smack_file_free_security, 4306 .file_ioctl = smack_file_ioctl, 4307 .file_lock = smack_file_lock, 4308 .file_fcntl = smack_file_fcntl, 4309 .mmap_file = smack_mmap_file, 4310 .mmap_addr = cap_mmap_addr, 4311 .file_set_fowner = smack_file_set_fowner, 4312 .file_send_sigiotask = smack_file_send_sigiotask, 4313 .file_receive = smack_file_receive, 4314 4315 .file_open = smack_file_open, 4316 4317 .cred_alloc_blank = smack_cred_alloc_blank, 4318 .cred_free = smack_cred_free, 4319 .cred_prepare = smack_cred_prepare, 4320 .cred_transfer = smack_cred_transfer, 4321 .kernel_act_as = smack_kernel_act_as, 4322 .kernel_create_files_as = smack_kernel_create_files_as, 4323 .task_setpgid = smack_task_setpgid, 4324 .task_getpgid = smack_task_getpgid, 4325 .task_getsid = smack_task_getsid, 4326 .task_getsecid = smack_task_getsecid, 4327 .task_setnice = smack_task_setnice, 4328 .task_setioprio = smack_task_setioprio, 4329 .task_getioprio = smack_task_getioprio, 4330 .task_setscheduler = smack_task_setscheduler, 4331 .task_getscheduler = smack_task_getscheduler, 4332 .task_movememory = smack_task_movememory, 4333 .task_kill = smack_task_kill, 4334 .task_wait = smack_task_wait, 4335 .task_to_inode = smack_task_to_inode, 4336 4337 .ipc_permission = smack_ipc_permission, 4338 .ipc_getsecid = smack_ipc_getsecid, 4339 4340 .msg_msg_alloc_security = smack_msg_msg_alloc_security, 4341 .msg_msg_free_security = smack_msg_msg_free_security, 4342 4343 .msg_queue_alloc_security = smack_msg_queue_alloc_security, 4344 .msg_queue_free_security = smack_msg_queue_free_security, 4345 .msg_queue_associate = smack_msg_queue_associate, 4346 .msg_queue_msgctl = smack_msg_queue_msgctl, 4347 .msg_queue_msgsnd = smack_msg_queue_msgsnd, 4348 .msg_queue_msgrcv = smack_msg_queue_msgrcv, 4349 4350 .shm_alloc_security = smack_shm_alloc_security, 4351 .shm_free_security = smack_shm_free_security, 4352 .shm_associate = smack_shm_associate, 4353 .shm_shmctl = smack_shm_shmctl, 4354 .shm_shmat = smack_shm_shmat, 4355 4356 .sem_alloc_security = smack_sem_alloc_security, 4357 .sem_free_security = smack_sem_free_security, 4358 .sem_associate = smack_sem_associate, 4359 .sem_semctl = smack_sem_semctl, 4360 .sem_semop = smack_sem_semop, 4361 4362 .d_instantiate = smack_d_instantiate, 4363 4364 .getprocattr = smack_getprocattr, 4365 .setprocattr = smack_setprocattr, 4366 4367 .unix_stream_connect = smack_unix_stream_connect, 4368 .unix_may_send = smack_unix_may_send, 4369 4370 .socket_post_create = smack_socket_post_create, 4371#ifndef CONFIG_SECURITY_SMACK_NETFILTER 4372 .socket_bind = smack_socket_bind, 4373#endif /* CONFIG_SECURITY_SMACK_NETFILTER */ 4374 .socket_connect = smack_socket_connect, 4375 .socket_sendmsg = smack_socket_sendmsg, 4376 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, 4377 .socket_getpeersec_stream = smack_socket_getpeersec_stream, 4378 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, 4379 .sk_alloc_security = smack_sk_alloc_security, 4380 .sk_free_security = smack_sk_free_security, 4381 .sock_graft = smack_sock_graft, 4382 .inet_conn_request = smack_inet_conn_request, 4383 .inet_csk_clone = smack_inet_csk_clone, 4384 4385 /* key management security hooks */ 4386#ifdef CONFIG_KEYS 4387 .key_alloc = smack_key_alloc, 4388 .key_free = smack_key_free, 4389 .key_permission = smack_key_permission, 4390 .key_getsecurity = smack_key_getsecurity, 4391#endif /* CONFIG_KEYS */ 4392 4393 /* Audit hooks */ 4394#ifdef CONFIG_AUDIT 4395 .audit_rule_init = smack_audit_rule_init, 4396 .audit_rule_known = smack_audit_rule_known, 4397 .audit_rule_match = smack_audit_rule_match, 4398 .audit_rule_free = smack_audit_rule_free, 4399#endif /* CONFIG_AUDIT */ 4400 4401 .ismaclabel = smack_ismaclabel, 4402 .secid_to_secctx = smack_secid_to_secctx, 4403 .secctx_to_secid = smack_secctx_to_secid, 4404 .release_secctx = smack_release_secctx, 4405 .inode_notifysecctx = smack_inode_notifysecctx, 4406 .inode_setsecctx = smack_inode_setsecctx, 4407 .inode_getsecctx = smack_inode_getsecctx, 4408}; 4409 4410 4411static __init void init_smack_known_list(void) 4412{ 4413 /* 4414 * Initialize rule list locks 4415 */ 4416 mutex_init(&smack_known_huh.smk_rules_lock); 4417 mutex_init(&smack_known_hat.smk_rules_lock); 4418 mutex_init(&smack_known_floor.smk_rules_lock); 4419 mutex_init(&smack_known_star.smk_rules_lock); 4420 mutex_init(&smack_known_invalid.smk_rules_lock); 4421 mutex_init(&smack_known_web.smk_rules_lock); 4422 /* 4423 * Initialize rule lists 4424 */ 4425 INIT_LIST_HEAD(&smack_known_huh.smk_rules); 4426 INIT_LIST_HEAD(&smack_known_hat.smk_rules); 4427 INIT_LIST_HEAD(&smack_known_star.smk_rules); 4428 INIT_LIST_HEAD(&smack_known_floor.smk_rules); 4429 INIT_LIST_HEAD(&smack_known_invalid.smk_rules); 4430 INIT_LIST_HEAD(&smack_known_web.smk_rules); 4431 /* 4432 * Create the known labels list 4433 */ 4434 smk_insert_entry(&smack_known_huh); 4435 smk_insert_entry(&smack_known_hat); 4436 smk_insert_entry(&smack_known_star); 4437 smk_insert_entry(&smack_known_floor); 4438 smk_insert_entry(&smack_known_invalid); 4439 smk_insert_entry(&smack_known_web); 4440} 4441 4442/** 4443 * smack_init - initialize the smack system 4444 * 4445 * Returns 0 4446 */ 4447static __init int smack_init(void) 4448{ 4449 struct cred *cred; 4450 struct task_smack *tsp; 4451 4452 if (!security_module_enable(&smack_ops)) 4453 return 0; 4454 4455 smack_enabled = 1; 4456 4457 smack_inode_cache = KMEM_CACHE(inode_smack, 0); 4458 if (!smack_inode_cache) 4459 return -ENOMEM; 4460 4461 tsp = new_task_smack(&smack_known_floor, &smack_known_floor, 4462 GFP_KERNEL); 4463 if (tsp == NULL) { 4464 kmem_cache_destroy(smack_inode_cache); 4465 return -ENOMEM; 4466 } 4467 4468 printk(KERN_INFO "Smack: Initializing.\n"); 4469 4470 /* 4471 * Set the security state for the initial task. 4472 */ 4473 cred = (struct cred *) current->cred; 4474 cred->security = tsp; 4475 4476 /* initialize the smack_known_list */ 4477 init_smack_known_list(); 4478 4479 /* 4480 * Register with LSM 4481 */ 4482 if (register_security(&smack_ops)) 4483 panic("smack: Unable to register with kernel.\n"); 4484 4485 return 0; 4486} 4487 4488/* 4489 * Smack requires early initialization in order to label 4490 * all processes and objects when they are created. 4491 */ 4492security_initcall(smack_init); 4493