smack_lsm.c 61 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733
  1. /*
  2. * Simplified MAC Kernel (smack) security module
  3. *
  4. * This file contains the smack hook function implementations.
  5. *
  6. * Author:
  7. * Casey Schaufler <casey@schaufler-ca.com>
  8. *
  9. * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
  10. *
  11. * This program is free software; you can redistribute it and/or modify
  12. * it under the terms of the GNU General Public License version 2,
  13. * as published by the Free Software Foundation.
  14. */
  15. #include <linux/xattr.h>
  16. #include <linux/pagemap.h>
  17. #include <linux/mount.h>
  18. #include <linux/stat.h>
  19. #include <linux/ext2_fs.h>
  20. #include <linux/kd.h>
  21. #include <asm/ioctls.h>
  22. #include <linux/tcp.h>
  23. #include <linux/udp.h>
  24. #include <linux/mutex.h>
  25. #include <linux/pipe_fs_i.h>
  26. #include <net/netlabel.h>
  27. #include <net/cipso_ipv4.h>
  28. #include <linux/audit.h>
  29. #include "smack.h"
  30. /*
  31. * I hope these are the hokeyist lines of code in the module. Casey.
  32. */
  33. #define DEVPTS_SUPER_MAGIC 0x1cd1
  34. #define SOCKFS_MAGIC 0x534F434B
  35. #define TMPFS_MAGIC 0x01021994
  36. /**
  37. * smk_fetch - Fetch the smack label from a file.
  38. * @ip: a pointer to the inode
  39. * @dp: a pointer to the dentry
  40. *
  41. * Returns a pointer to the master list entry for the Smack label
  42. * or NULL if there was no label to fetch.
  43. */
  44. static char *smk_fetch(struct inode *ip, struct dentry *dp)
  45. {
  46. int rc;
  47. char in[SMK_LABELLEN];
  48. if (ip->i_op->getxattr == NULL)
  49. return NULL;
  50. rc = ip->i_op->getxattr(dp, XATTR_NAME_SMACK, in, SMK_LABELLEN);
  51. if (rc < 0)
  52. return NULL;
  53. return smk_import(in, rc);
  54. }
  55. /**
  56. * new_inode_smack - allocate an inode security blob
  57. * @smack: a pointer to the Smack label to use in the blob
  58. *
  59. * Returns the new blob or NULL if there's no memory available
  60. */
  61. struct inode_smack *new_inode_smack(char *smack)
  62. {
  63. struct inode_smack *isp;
  64. isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL);
  65. if (isp == NULL)
  66. return NULL;
  67. isp->smk_inode = smack;
  68. isp->smk_flags = 0;
  69. mutex_init(&isp->smk_lock);
  70. return isp;
  71. }
  72. /*
  73. * LSM hooks.
  74. * We he, that is fun!
  75. */
  76. /**
  77. * smack_ptrace - Smack approval on ptrace
  78. * @ptp: parent task pointer
  79. * @ctp: child task pointer
  80. *
  81. * Returns 0 if access is OK, an error code otherwise
  82. *
  83. * Do the capability checks, and require read and write.
  84. */
  85. static int smack_ptrace(struct task_struct *ptp, struct task_struct *ctp,
  86. unsigned int mode)
  87. {
  88. int rc;
  89. rc = cap_ptrace(ptp, ctp, mode);
  90. if (rc != 0)
  91. return rc;
  92. rc = smk_access(ptp->security, ctp->security, MAY_READWRITE);
  93. if (rc != 0 && __capable(ptp, CAP_MAC_OVERRIDE))
  94. return 0;
  95. return rc;
  96. }
  97. /**
  98. * smack_syslog - Smack approval on syslog
  99. * @type: message type
  100. *
  101. * Require that the task has the floor label
  102. *
  103. * Returns 0 on success, error code otherwise.
  104. */
  105. static int smack_syslog(int type)
  106. {
  107. int rc;
  108. char *sp = current->security;
  109. rc = cap_syslog(type);
  110. if (rc != 0)
  111. return rc;
  112. if (capable(CAP_MAC_OVERRIDE))
  113. return 0;
  114. if (sp != smack_known_floor.smk_known)
  115. rc = -EACCES;
  116. return rc;
  117. }
  118. /*
  119. * Superblock Hooks.
  120. */
  121. /**
  122. * smack_sb_alloc_security - allocate a superblock blob
  123. * @sb: the superblock getting the blob
  124. *
  125. * Returns 0 on success or -ENOMEM on error.
  126. */
  127. static int smack_sb_alloc_security(struct super_block *sb)
  128. {
  129. struct superblock_smack *sbsp;
  130. sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
  131. if (sbsp == NULL)
  132. return -ENOMEM;
  133. sbsp->smk_root = smack_known_floor.smk_known;
  134. sbsp->smk_default = smack_known_floor.smk_known;
  135. sbsp->smk_floor = smack_known_floor.smk_known;
  136. sbsp->smk_hat = smack_known_hat.smk_known;
  137. sbsp->smk_initialized = 0;
  138. spin_lock_init(&sbsp->smk_sblock);
  139. sb->s_security = sbsp;
  140. return 0;
  141. }
  142. /**
  143. * smack_sb_free_security - free a superblock blob
  144. * @sb: the superblock getting the blob
  145. *
  146. */
  147. static void smack_sb_free_security(struct super_block *sb)
  148. {
  149. kfree(sb->s_security);
  150. sb->s_security = NULL;
  151. }
  152. /**
  153. * smack_sb_copy_data - copy mount options data for processing
  154. * @type: file system type
  155. * @orig: where to start
  156. * @smackopts
  157. *
  158. * Returns 0 on success or -ENOMEM on error.
  159. *
  160. * Copy the Smack specific mount options out of the mount
  161. * options list.
  162. */
  163. static int smack_sb_copy_data(char *orig, char *smackopts)
  164. {
  165. char *cp, *commap, *otheropts, *dp;
  166. otheropts = (char *)get_zeroed_page(GFP_KERNEL);
  167. if (otheropts == NULL)
  168. return -ENOMEM;
  169. for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
  170. if (strstr(cp, SMK_FSDEFAULT) == cp)
  171. dp = smackopts;
  172. else if (strstr(cp, SMK_FSFLOOR) == cp)
  173. dp = smackopts;
  174. else if (strstr(cp, SMK_FSHAT) == cp)
  175. dp = smackopts;
  176. else if (strstr(cp, SMK_FSROOT) == cp)
  177. dp = smackopts;
  178. else
  179. dp = otheropts;
  180. commap = strchr(cp, ',');
  181. if (commap != NULL)
  182. *commap = '\0';
  183. if (*dp != '\0')
  184. strcat(dp, ",");
  185. strcat(dp, cp);
  186. }
  187. strcpy(orig, otheropts);
  188. free_page((unsigned long)otheropts);
  189. return 0;
  190. }
  191. /**
  192. * smack_sb_kern_mount - Smack specific mount processing
  193. * @sb: the file system superblock
  194. * @data: the smack mount options
  195. *
  196. * Returns 0 on success, an error code on failure
  197. */
  198. static int smack_sb_kern_mount(struct super_block *sb, void *data)
  199. {
  200. struct dentry *root = sb->s_root;
  201. struct inode *inode = root->d_inode;
  202. struct superblock_smack *sp = sb->s_security;
  203. struct inode_smack *isp;
  204. char *op;
  205. char *commap;
  206. char *nsp;
  207. spin_lock(&sp->smk_sblock);
  208. if (sp->smk_initialized != 0) {
  209. spin_unlock(&sp->smk_sblock);
  210. return 0;
  211. }
  212. sp->smk_initialized = 1;
  213. spin_unlock(&sp->smk_sblock);
  214. for (op = data; op != NULL; op = commap) {
  215. commap = strchr(op, ',');
  216. if (commap != NULL)
  217. *commap++ = '\0';
  218. if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
  219. op += strlen(SMK_FSHAT);
  220. nsp = smk_import(op, 0);
  221. if (nsp != NULL)
  222. sp->smk_hat = nsp;
  223. } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
  224. op += strlen(SMK_FSFLOOR);
  225. nsp = smk_import(op, 0);
  226. if (nsp != NULL)
  227. sp->smk_floor = nsp;
  228. } else if (strncmp(op, SMK_FSDEFAULT,
  229. strlen(SMK_FSDEFAULT)) == 0) {
  230. op += strlen(SMK_FSDEFAULT);
  231. nsp = smk_import(op, 0);
  232. if (nsp != NULL)
  233. sp->smk_default = nsp;
  234. } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
  235. op += strlen(SMK_FSROOT);
  236. nsp = smk_import(op, 0);
  237. if (nsp != NULL)
  238. sp->smk_root = nsp;
  239. }
  240. }
  241. /*
  242. * Initialize the root inode.
  243. */
  244. isp = inode->i_security;
  245. if (isp == NULL)
  246. inode->i_security = new_inode_smack(sp->smk_root);
  247. else
  248. isp->smk_inode = sp->smk_root;
  249. return 0;
  250. }
  251. /**
  252. * smack_sb_statfs - Smack check on statfs
  253. * @dentry: identifies the file system in question
  254. *
  255. * Returns 0 if current can read the floor of the filesystem,
  256. * and error code otherwise
  257. */
  258. static int smack_sb_statfs(struct dentry *dentry)
  259. {
  260. struct superblock_smack *sbp = dentry->d_sb->s_security;
  261. return smk_curacc(sbp->smk_floor, MAY_READ);
  262. }
  263. /**
  264. * smack_sb_mount - Smack check for mounting
  265. * @dev_name: unused
  266. * @nd: mount point
  267. * @type: unused
  268. * @flags: unused
  269. * @data: unused
  270. *
  271. * Returns 0 if current can write the floor of the filesystem
  272. * being mounted on, an error code otherwise.
  273. */
  274. static int smack_sb_mount(char *dev_name, struct path *path,
  275. char *type, unsigned long flags, void *data)
  276. {
  277. struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
  278. return smk_curacc(sbp->smk_floor, MAY_WRITE);
  279. }
  280. /**
  281. * smack_sb_umount - Smack check for unmounting
  282. * @mnt: file system to unmount
  283. * @flags: unused
  284. *
  285. * Returns 0 if current can write the floor of the filesystem
  286. * being unmounted, an error code otherwise.
  287. */
  288. static int smack_sb_umount(struct vfsmount *mnt, int flags)
  289. {
  290. struct superblock_smack *sbp;
  291. sbp = mnt->mnt_sb->s_security;
  292. return smk_curacc(sbp->smk_floor, MAY_WRITE);
  293. }
  294. /*
  295. * Inode hooks
  296. */
  297. /**
  298. * smack_inode_alloc_security - allocate an inode blob
  299. * @inode - the inode in need of a blob
  300. *
  301. * Returns 0 if it gets a blob, -ENOMEM otherwise
  302. */
  303. static int smack_inode_alloc_security(struct inode *inode)
  304. {
  305. inode->i_security = new_inode_smack(current->security);
  306. if (inode->i_security == NULL)
  307. return -ENOMEM;
  308. return 0;
  309. }
  310. /**
  311. * smack_inode_free_security - free an inode blob
  312. * @inode - the inode with a blob
  313. *
  314. * Clears the blob pointer in inode
  315. */
  316. static void smack_inode_free_security(struct inode *inode)
  317. {
  318. kfree(inode->i_security);
  319. inode->i_security = NULL;
  320. }
  321. /**
  322. * smack_inode_init_security - copy out the smack from an inode
  323. * @inode: the inode
  324. * @dir: unused
  325. * @name: where to put the attribute name
  326. * @value: where to put the attribute value
  327. * @len: where to put the length of the attribute
  328. *
  329. * Returns 0 if it all works out, -ENOMEM if there's no memory
  330. */
  331. static int smack_inode_init_security(struct inode *inode, struct inode *dir,
  332. char **name, void **value, size_t *len)
  333. {
  334. char *isp = smk_of_inode(inode);
  335. if (name) {
  336. *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL);
  337. if (*name == NULL)
  338. return -ENOMEM;
  339. }
  340. if (value) {
  341. *value = kstrdup(isp, GFP_KERNEL);
  342. if (*value == NULL)
  343. return -ENOMEM;
  344. }
  345. if (len)
  346. *len = strlen(isp) + 1;
  347. return 0;
  348. }
  349. /**
  350. * smack_inode_link - Smack check on link
  351. * @old_dentry: the existing object
  352. * @dir: unused
  353. * @new_dentry: the new object
  354. *
  355. * Returns 0 if access is permitted, an error code otherwise
  356. */
  357. static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
  358. struct dentry *new_dentry)
  359. {
  360. int rc;
  361. char *isp;
  362. isp = smk_of_inode(old_dentry->d_inode);
  363. rc = smk_curacc(isp, MAY_WRITE);
  364. if (rc == 0 && new_dentry->d_inode != NULL) {
  365. isp = smk_of_inode(new_dentry->d_inode);
  366. rc = smk_curacc(isp, MAY_WRITE);
  367. }
  368. return rc;
  369. }
  370. /**
  371. * smack_inode_unlink - Smack check on inode deletion
  372. * @dir: containing directory object
  373. * @dentry: file to unlink
  374. *
  375. * Returns 0 if current can write the containing directory
  376. * and the object, error code otherwise
  377. */
  378. static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
  379. {
  380. struct inode *ip = dentry->d_inode;
  381. int rc;
  382. /*
  383. * You need write access to the thing you're unlinking
  384. */
  385. rc = smk_curacc(smk_of_inode(ip), MAY_WRITE);
  386. if (rc == 0)
  387. /*
  388. * You also need write access to the containing directory
  389. */
  390. rc = smk_curacc(smk_of_inode(dir), MAY_WRITE);
  391. return rc;
  392. }
  393. /**
  394. * smack_inode_rmdir - Smack check on directory deletion
  395. * @dir: containing directory object
  396. * @dentry: directory to unlink
  397. *
  398. * Returns 0 if current can write the containing directory
  399. * and the directory, error code otherwise
  400. */
  401. static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
  402. {
  403. int rc;
  404. /*
  405. * You need write access to the thing you're removing
  406. */
  407. rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
  408. if (rc == 0)
  409. /*
  410. * You also need write access to the containing directory
  411. */
  412. rc = smk_curacc(smk_of_inode(dir), MAY_WRITE);
  413. return rc;
  414. }
  415. /**
  416. * smack_inode_rename - Smack check on rename
  417. * @old_inode: the old directory
  418. * @old_dentry: unused
  419. * @new_inode: the new directory
  420. * @new_dentry: unused
  421. *
  422. * Read and write access is required on both the old and
  423. * new directories.
  424. *
  425. * Returns 0 if access is permitted, an error code otherwise
  426. */
  427. static int smack_inode_rename(struct inode *old_inode,
  428. struct dentry *old_dentry,
  429. struct inode *new_inode,
  430. struct dentry *new_dentry)
  431. {
  432. int rc;
  433. char *isp;
  434. isp = smk_of_inode(old_dentry->d_inode);
  435. rc = smk_curacc(isp, MAY_READWRITE);
  436. if (rc == 0 && new_dentry->d_inode != NULL) {
  437. isp = smk_of_inode(new_dentry->d_inode);
  438. rc = smk_curacc(isp, MAY_READWRITE);
  439. }
  440. return rc;
  441. }
  442. /**
  443. * smack_inode_permission - Smack version of permission()
  444. * @inode: the inode in question
  445. * @mask: the access requested
  446. * @nd: unused
  447. *
  448. * This is the important Smack hook.
  449. *
  450. * Returns 0 if access is permitted, -EACCES otherwise
  451. */
  452. static int smack_inode_permission(struct inode *inode, int mask,
  453. struct nameidata *nd)
  454. {
  455. /*
  456. * No permission to check. Existence test. Yup, it's there.
  457. */
  458. if (mask == 0)
  459. return 0;
  460. return smk_curacc(smk_of_inode(inode), mask);
  461. }
  462. /**
  463. * smack_inode_setattr - Smack check for setting attributes
  464. * @dentry: the object
  465. * @iattr: for the force flag
  466. *
  467. * Returns 0 if access is permitted, an error code otherwise
  468. */
  469. static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
  470. {
  471. /*
  472. * Need to allow for clearing the setuid bit.
  473. */
  474. if (iattr->ia_valid & ATTR_FORCE)
  475. return 0;
  476. return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
  477. }
  478. /**
  479. * smack_inode_getattr - Smack check for getting attributes
  480. * @mnt: unused
  481. * @dentry: the object
  482. *
  483. * Returns 0 if access is permitted, an error code otherwise
  484. */
  485. static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
  486. {
  487. return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
  488. }
  489. /**
  490. * smack_inode_setxattr - Smack check for setting xattrs
  491. * @dentry: the object
  492. * @name: name of the attribute
  493. * @value: unused
  494. * @size: unused
  495. * @flags: unused
  496. *
  497. * This protects the Smack attribute explicitly.
  498. *
  499. * Returns 0 if access is permitted, an error code otherwise
  500. */
  501. static int smack_inode_setxattr(struct dentry *dentry, const char *name,
  502. const void *value, size_t size, int flags)
  503. {
  504. int rc = 0;
  505. if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
  506. strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
  507. strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
  508. if (!capable(CAP_MAC_ADMIN))
  509. rc = -EPERM;
  510. } else
  511. rc = cap_inode_setxattr(dentry, name, value, size, flags);
  512. if (rc == 0)
  513. rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
  514. return rc;
  515. }
  516. /**
  517. * smack_inode_post_setxattr - Apply the Smack update approved above
  518. * @dentry: object
  519. * @name: attribute name
  520. * @value: attribute value
  521. * @size: attribute size
  522. * @flags: unused
  523. *
  524. * Set the pointer in the inode blob to the entry found
  525. * in the master label list.
  526. */
  527. static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
  528. const void *value, size_t size, int flags)
  529. {
  530. struct inode_smack *isp;
  531. char *nsp;
  532. /*
  533. * Not SMACK
  534. */
  535. if (strcmp(name, XATTR_NAME_SMACK))
  536. return;
  537. if (size >= SMK_LABELLEN)
  538. return;
  539. isp = dentry->d_inode->i_security;
  540. /*
  541. * No locking is done here. This is a pointer
  542. * assignment.
  543. */
  544. nsp = smk_import(value, size);
  545. if (nsp != NULL)
  546. isp->smk_inode = nsp;
  547. else
  548. isp->smk_inode = smack_known_invalid.smk_known;
  549. return;
  550. }
  551. /*
  552. * smack_inode_getxattr - Smack check on getxattr
  553. * @dentry: the object
  554. * @name: unused
  555. *
  556. * Returns 0 if access is permitted, an error code otherwise
  557. */
  558. static int smack_inode_getxattr(struct dentry *dentry, const char *name)
  559. {
  560. return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
  561. }
  562. /*
  563. * smack_inode_removexattr - Smack check on removexattr
  564. * @dentry: the object
  565. * @name: name of the attribute
  566. *
  567. * Removing the Smack attribute requires CAP_MAC_ADMIN
  568. *
  569. * Returns 0 if access is permitted, an error code otherwise
  570. */
  571. static int smack_inode_removexattr(struct dentry *dentry, const char *name)
  572. {
  573. int rc = 0;
  574. if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
  575. strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
  576. strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
  577. if (!capable(CAP_MAC_ADMIN))
  578. rc = -EPERM;
  579. } else
  580. rc = cap_inode_removexattr(dentry, name);
  581. if (rc == 0)
  582. rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
  583. return rc;
  584. }
  585. /**
  586. * smack_inode_getsecurity - get smack xattrs
  587. * @inode: the object
  588. * @name: attribute name
  589. * @buffer: where to put the result
  590. * @size: size of the buffer
  591. * @err: unused
  592. *
  593. * Returns the size of the attribute or an error code
  594. */
  595. static int smack_inode_getsecurity(const struct inode *inode,
  596. const char *name, void **buffer,
  597. bool alloc)
  598. {
  599. struct socket_smack *ssp;
  600. struct socket *sock;
  601. struct super_block *sbp;
  602. struct inode *ip = (struct inode *)inode;
  603. char *isp;
  604. int ilen;
  605. int rc = 0;
  606. if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
  607. isp = smk_of_inode(inode);
  608. ilen = strlen(isp) + 1;
  609. *buffer = isp;
  610. return ilen;
  611. }
  612. /*
  613. * The rest of the Smack xattrs are only on sockets.
  614. */
  615. sbp = ip->i_sb;
  616. if (sbp->s_magic != SOCKFS_MAGIC)
  617. return -EOPNOTSUPP;
  618. sock = SOCKET_I(ip);
  619. if (sock == NULL || sock->sk == NULL)
  620. return -EOPNOTSUPP;
  621. ssp = sock->sk->sk_security;
  622. if (strcmp(name, XATTR_SMACK_IPIN) == 0)
  623. isp = ssp->smk_in;
  624. else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
  625. isp = ssp->smk_out;
  626. else
  627. return -EOPNOTSUPP;
  628. ilen = strlen(isp) + 1;
  629. if (rc == 0) {
  630. *buffer = isp;
  631. rc = ilen;
  632. }
  633. return rc;
  634. }
  635. /**
  636. * smack_inode_listsecurity - list the Smack attributes
  637. * @inode: the object
  638. * @buffer: where they go
  639. * @buffer_size: size of buffer
  640. *
  641. * Returns 0 on success, -EINVAL otherwise
  642. */
  643. static int smack_inode_listsecurity(struct inode *inode, char *buffer,
  644. size_t buffer_size)
  645. {
  646. int len = strlen(XATTR_NAME_SMACK);
  647. if (buffer != NULL && len <= buffer_size) {
  648. memcpy(buffer, XATTR_NAME_SMACK, len);
  649. return len;
  650. }
  651. return -EINVAL;
  652. }
  653. /**
  654. * smack_inode_getsecid - Extract inode's security id
  655. * @inode: inode to extract the info from
  656. * @secid: where result will be saved
  657. */
  658. static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
  659. {
  660. struct inode_smack *isp = inode->i_security;
  661. *secid = smack_to_secid(isp->smk_inode);
  662. }
  663. /*
  664. * File Hooks
  665. */
  666. /**
  667. * smack_file_permission - Smack check on file operations
  668. * @file: unused
  669. * @mask: unused
  670. *
  671. * Returns 0
  672. *
  673. * Should access checks be done on each read or write?
  674. * UNICOS and SELinux say yes.
  675. * Trusted Solaris, Trusted Irix, and just about everyone else says no.
  676. *
  677. * I'll say no for now. Smack does not do the frequent
  678. * label changing that SELinux does.
  679. */
  680. static int smack_file_permission(struct file *file, int mask)
  681. {
  682. return 0;
  683. }
  684. /**
  685. * smack_file_alloc_security - assign a file security blob
  686. * @file: the object
  687. *
  688. * The security blob for a file is a pointer to the master
  689. * label list, so no allocation is done.
  690. *
  691. * Returns 0
  692. */
  693. static int smack_file_alloc_security(struct file *file)
  694. {
  695. file->f_security = current->security;
  696. return 0;
  697. }
  698. /**
  699. * smack_file_free_security - clear a file security blob
  700. * @file: the object
  701. *
  702. * The security blob for a file is a pointer to the master
  703. * label list, so no memory is freed.
  704. */
  705. static void smack_file_free_security(struct file *file)
  706. {
  707. file->f_security = NULL;
  708. }
  709. /**
  710. * smack_file_ioctl - Smack check on ioctls
  711. * @file: the object
  712. * @cmd: what to do
  713. * @arg: unused
  714. *
  715. * Relies heavily on the correct use of the ioctl command conventions.
  716. *
  717. * Returns 0 if allowed, error code otherwise
  718. */
  719. static int smack_file_ioctl(struct file *file, unsigned int cmd,
  720. unsigned long arg)
  721. {
  722. int rc = 0;
  723. if (_IOC_DIR(cmd) & _IOC_WRITE)
  724. rc = smk_curacc(file->f_security, MAY_WRITE);
  725. if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
  726. rc = smk_curacc(file->f_security, MAY_READ);
  727. return rc;
  728. }
  729. /**
  730. * smack_file_lock - Smack check on file locking
  731. * @file: the object
  732. * @cmd unused
  733. *
  734. * Returns 0 if current has write access, error code otherwise
  735. */
  736. static int smack_file_lock(struct file *file, unsigned int cmd)
  737. {
  738. return smk_curacc(file->f_security, MAY_WRITE);
  739. }
  740. /**
  741. * smack_file_fcntl - Smack check on fcntl
  742. * @file: the object
  743. * @cmd: what action to check
  744. * @arg: unused
  745. *
  746. * Returns 0 if current has access, error code otherwise
  747. */
  748. static int smack_file_fcntl(struct file *file, unsigned int cmd,
  749. unsigned long arg)
  750. {
  751. int rc;
  752. switch (cmd) {
  753. case F_DUPFD:
  754. case F_GETFD:
  755. case F_GETFL:
  756. case F_GETLK:
  757. case F_GETOWN:
  758. case F_GETSIG:
  759. rc = smk_curacc(file->f_security, MAY_READ);
  760. break;
  761. case F_SETFD:
  762. case F_SETFL:
  763. case F_SETLK:
  764. case F_SETLKW:
  765. case F_SETOWN:
  766. case F_SETSIG:
  767. rc = smk_curacc(file->f_security, MAY_WRITE);
  768. break;
  769. default:
  770. rc = smk_curacc(file->f_security, MAY_READWRITE);
  771. }
  772. return rc;
  773. }
  774. /**
  775. * smack_file_set_fowner - set the file security blob value
  776. * @file: object in question
  777. *
  778. * Returns 0
  779. * Further research may be required on this one.
  780. */
  781. static int smack_file_set_fowner(struct file *file)
  782. {
  783. file->f_security = current->security;
  784. return 0;
  785. }
  786. /**
  787. * smack_file_send_sigiotask - Smack on sigio
  788. * @tsk: The target task
  789. * @fown: the object the signal come from
  790. * @signum: unused
  791. *
  792. * Allow a privileged task to get signals even if it shouldn't
  793. *
  794. * Returns 0 if a subject with the object's smack could
  795. * write to the task, an error code otherwise.
  796. */
  797. static int smack_file_send_sigiotask(struct task_struct *tsk,
  798. struct fown_struct *fown, int signum)
  799. {
  800. struct file *file;
  801. int rc;
  802. /*
  803. * struct fown_struct is never outside the context of a struct file
  804. */
  805. file = container_of(fown, struct file, f_owner);
  806. rc = smk_access(file->f_security, tsk->security, MAY_WRITE);
  807. if (rc != 0 && __capable(tsk, CAP_MAC_OVERRIDE))
  808. return 0;
  809. return rc;
  810. }
  811. /**
  812. * smack_file_receive - Smack file receive check
  813. * @file: the object
  814. *
  815. * Returns 0 if current has access, error code otherwise
  816. */
  817. static int smack_file_receive(struct file *file)
  818. {
  819. int may = 0;
  820. /*
  821. * This code relies on bitmasks.
  822. */
  823. if (file->f_mode & FMODE_READ)
  824. may = MAY_READ;
  825. if (file->f_mode & FMODE_WRITE)
  826. may |= MAY_WRITE;
  827. return smk_curacc(file->f_security, may);
  828. }
  829. /*
  830. * Task hooks
  831. */
  832. /**
  833. * smack_task_alloc_security - "allocate" a task blob
  834. * @tsk: the task in need of a blob
  835. *
  836. * Smack isn't using copies of blobs. Everyone
  837. * points to an immutable list. No alloc required.
  838. * No data copy required.
  839. *
  840. * Always returns 0
  841. */
  842. static int smack_task_alloc_security(struct task_struct *tsk)
  843. {
  844. tsk->security = current->security;
  845. return 0;
  846. }
  847. /**
  848. * smack_task_free_security - "free" a task blob
  849. * @task: the task with the blob
  850. *
  851. * Smack isn't using copies of blobs. Everyone
  852. * points to an immutable list. The blobs never go away.
  853. * There is no leak here.
  854. */
  855. static void smack_task_free_security(struct task_struct *task)
  856. {
  857. task->security = NULL;
  858. }
  859. /**
  860. * smack_task_setpgid - Smack check on setting pgid
  861. * @p: the task object
  862. * @pgid: unused
  863. *
  864. * Return 0 if write access is permitted
  865. */
  866. static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
  867. {
  868. return smk_curacc(p->security, MAY_WRITE);
  869. }
  870. /**
  871. * smack_task_getpgid - Smack access check for getpgid
  872. * @p: the object task
  873. *
  874. * Returns 0 if current can read the object task, error code otherwise
  875. */
  876. static int smack_task_getpgid(struct task_struct *p)
  877. {
  878. return smk_curacc(p->security, MAY_READ);
  879. }
  880. /**
  881. * smack_task_getsid - Smack access check for getsid
  882. * @p: the object task
  883. *
  884. * Returns 0 if current can read the object task, error code otherwise
  885. */
  886. static int smack_task_getsid(struct task_struct *p)
  887. {
  888. return smk_curacc(p->security, MAY_READ);
  889. }
  890. /**
  891. * smack_task_getsecid - get the secid of the task
  892. * @p: the object task
  893. * @secid: where to put the result
  894. *
  895. * Sets the secid to contain a u32 version of the smack label.
  896. */
  897. static void smack_task_getsecid(struct task_struct *p, u32 *secid)
  898. {
  899. *secid = smack_to_secid(p->security);
  900. }
  901. /**
  902. * smack_task_setnice - Smack check on setting nice
  903. * @p: the task object
  904. * @nice: unused
  905. *
  906. * Return 0 if write access is permitted
  907. */
  908. static int smack_task_setnice(struct task_struct *p, int nice)
  909. {
  910. int rc;
  911. rc = cap_task_setnice(p, nice);
  912. if (rc == 0)
  913. rc = smk_curacc(p->security, MAY_WRITE);
  914. return rc;
  915. }
  916. /**
  917. * smack_task_setioprio - Smack check on setting ioprio
  918. * @p: the task object
  919. * @ioprio: unused
  920. *
  921. * Return 0 if write access is permitted
  922. */
  923. static int smack_task_setioprio(struct task_struct *p, int ioprio)
  924. {
  925. int rc;
  926. rc = cap_task_setioprio(p, ioprio);
  927. if (rc == 0)
  928. rc = smk_curacc(p->security, MAY_WRITE);
  929. return rc;
  930. }
  931. /**
  932. * smack_task_getioprio - Smack check on reading ioprio
  933. * @p: the task object
  934. *
  935. * Return 0 if read access is permitted
  936. */
  937. static int smack_task_getioprio(struct task_struct *p)
  938. {
  939. return smk_curacc(p->security, MAY_READ);
  940. }
  941. /**
  942. * smack_task_setscheduler - Smack check on setting scheduler
  943. * @p: the task object
  944. * @policy: unused
  945. * @lp: unused
  946. *
  947. * Return 0 if read access is permitted
  948. */
  949. static int smack_task_setscheduler(struct task_struct *p, int policy,
  950. struct sched_param *lp)
  951. {
  952. int rc;
  953. rc = cap_task_setscheduler(p, policy, lp);
  954. if (rc == 0)
  955. rc = smk_curacc(p->security, MAY_WRITE);
  956. return rc;
  957. }
  958. /**
  959. * smack_task_getscheduler - Smack check on reading scheduler
  960. * @p: the task object
  961. *
  962. * Return 0 if read access is permitted
  963. */
  964. static int smack_task_getscheduler(struct task_struct *p)
  965. {
  966. return smk_curacc(p->security, MAY_READ);
  967. }
  968. /**
  969. * smack_task_movememory - Smack check on moving memory
  970. * @p: the task object
  971. *
  972. * Return 0 if write access is permitted
  973. */
  974. static int smack_task_movememory(struct task_struct *p)
  975. {
  976. return smk_curacc(p->security, MAY_WRITE);
  977. }
  978. /**
  979. * smack_task_kill - Smack check on signal delivery
  980. * @p: the task object
  981. * @info: unused
  982. * @sig: unused
  983. * @secid: identifies the smack to use in lieu of current's
  984. *
  985. * Return 0 if write access is permitted
  986. *
  987. * The secid behavior is an artifact of an SELinux hack
  988. * in the USB code. Someday it may go away.
  989. */
  990. static int smack_task_kill(struct task_struct *p, struct siginfo *info,
  991. int sig, u32 secid)
  992. {
  993. /*
  994. * Sending a signal requires that the sender
  995. * can write the receiver.
  996. */
  997. if (secid == 0)
  998. return smk_curacc(p->security, MAY_WRITE);
  999. /*
  1000. * If the secid isn't 0 we're dealing with some USB IO
  1001. * specific behavior. This is not clean. For one thing
  1002. * we can't take privilege into account.
  1003. */
  1004. return smk_access(smack_from_secid(secid), p->security, MAY_WRITE);
  1005. }
  1006. /**
  1007. * smack_task_wait - Smack access check for waiting
  1008. * @p: task to wait for
  1009. *
  1010. * Returns 0 if current can wait for p, error code otherwise
  1011. */
  1012. static int smack_task_wait(struct task_struct *p)
  1013. {
  1014. int rc;
  1015. rc = smk_access(current->security, p->security, MAY_WRITE);
  1016. if (rc == 0)
  1017. return 0;
  1018. /*
  1019. * Allow the operation to succeed if either task
  1020. * has privilege to perform operations that might
  1021. * account for the smack labels having gotten to
  1022. * be different in the first place.
  1023. *
  1024. * This breaks the strict subjet/object access
  1025. * control ideal, taking the object's privilege
  1026. * state into account in the decision as well as
  1027. * the smack value.
  1028. */
  1029. if (capable(CAP_MAC_OVERRIDE) || __capable(p, CAP_MAC_OVERRIDE))
  1030. return 0;
  1031. return rc;
  1032. }
  1033. /**
  1034. * smack_task_to_inode - copy task smack into the inode blob
  1035. * @p: task to copy from
  1036. * inode: inode to copy to
  1037. *
  1038. * Sets the smack pointer in the inode security blob
  1039. */
  1040. static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
  1041. {
  1042. struct inode_smack *isp = inode->i_security;
  1043. isp->smk_inode = p->security;
  1044. }
  1045. /*
  1046. * Socket hooks.
  1047. */
  1048. /**
  1049. * smack_sk_alloc_security - Allocate a socket blob
  1050. * @sk: the socket
  1051. * @family: unused
  1052. * @priority: memory allocation priority
  1053. *
  1054. * Assign Smack pointers to current
  1055. *
  1056. * Returns 0 on success, -ENOMEM is there's no memory
  1057. */
  1058. static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
  1059. {
  1060. char *csp = current->security;
  1061. struct socket_smack *ssp;
  1062. ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
  1063. if (ssp == NULL)
  1064. return -ENOMEM;
  1065. ssp->smk_in = csp;
  1066. ssp->smk_out = csp;
  1067. ssp->smk_packet[0] = '\0';
  1068. sk->sk_security = ssp;
  1069. return 0;
  1070. }
  1071. /**
  1072. * smack_sk_free_security - Free a socket blob
  1073. * @sk: the socket
  1074. *
  1075. * Clears the blob pointer
  1076. */
  1077. static void smack_sk_free_security(struct sock *sk)
  1078. {
  1079. kfree(sk->sk_security);
  1080. }
  1081. /**
  1082. * smack_set_catset - convert a capset to netlabel mls categories
  1083. * @catset: the Smack categories
  1084. * @sap: where to put the netlabel categories
  1085. *
  1086. * Allocates and fills attr.mls.cat
  1087. */
  1088. static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
  1089. {
  1090. unsigned char *cp;
  1091. unsigned char m;
  1092. int cat;
  1093. int rc;
  1094. int byte;
  1095. if (!catset)
  1096. return;
  1097. sap->flags |= NETLBL_SECATTR_MLS_CAT;
  1098. sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
  1099. sap->attr.mls.cat->startbit = 0;
  1100. for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++)
  1101. for (m = 0x80; m != 0; m >>= 1, cat++) {
  1102. if ((m & *cp) == 0)
  1103. continue;
  1104. rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,
  1105. cat, GFP_ATOMIC);
  1106. }
  1107. }
  1108. /**
  1109. * smack_to_secattr - fill a secattr from a smack value
  1110. * @smack: the smack value
  1111. * @nlsp: where the result goes
  1112. *
  1113. * Casey says that CIPSO is good enough for now.
  1114. * It can be used to effect.
  1115. * It can also be abused to effect when necessary.
  1116. * Appologies to the TSIG group in general and GW in particular.
  1117. */
  1118. static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
  1119. {
  1120. struct smack_cipso cipso;
  1121. int rc;
  1122. switch (smack_net_nltype) {
  1123. case NETLBL_NLTYPE_CIPSOV4:
  1124. nlsp->domain = smack;
  1125. nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
  1126. rc = smack_to_cipso(smack, &cipso);
  1127. if (rc == 0) {
  1128. nlsp->attr.mls.lvl = cipso.smk_level;
  1129. smack_set_catset(cipso.smk_catset, nlsp);
  1130. } else {
  1131. nlsp->attr.mls.lvl = smack_cipso_direct;
  1132. smack_set_catset(smack, nlsp);
  1133. }
  1134. break;
  1135. default:
  1136. break;
  1137. }
  1138. }
  1139. /**
  1140. * smack_netlabel - Set the secattr on a socket
  1141. * @sk: the socket
  1142. *
  1143. * Convert the outbound smack value (smk_out) to a
  1144. * secattr and attach it to the socket.
  1145. *
  1146. * Returns 0 on success or an error code
  1147. */
  1148. static int smack_netlabel(struct sock *sk)
  1149. {
  1150. struct socket_smack *ssp;
  1151. struct netlbl_lsm_secattr secattr;
  1152. int rc;
  1153. ssp = sk->sk_security;
  1154. netlbl_secattr_init(&secattr);
  1155. smack_to_secattr(ssp->smk_out, &secattr);
  1156. rc = netlbl_sock_setattr(sk, &secattr);
  1157. netlbl_secattr_destroy(&secattr);
  1158. return rc;
  1159. }
  1160. /**
  1161. * smack_inode_setsecurity - set smack xattrs
  1162. * @inode: the object
  1163. * @name: attribute name
  1164. * @value: attribute value
  1165. * @size: size of the attribute
  1166. * @flags: unused
  1167. *
  1168. * Sets the named attribute in the appropriate blob
  1169. *
  1170. * Returns 0 on success, or an error code
  1171. */
  1172. static int smack_inode_setsecurity(struct inode *inode, const char *name,
  1173. const void *value, size_t size, int flags)
  1174. {
  1175. char *sp;
  1176. struct inode_smack *nsp = inode->i_security;
  1177. struct socket_smack *ssp;
  1178. struct socket *sock;
  1179. int rc = 0;
  1180. if (value == NULL || size > SMK_LABELLEN)
  1181. return -EACCES;
  1182. sp = smk_import(value, size);
  1183. if (sp == NULL)
  1184. return -EINVAL;
  1185. if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
  1186. nsp->smk_inode = sp;
  1187. return 0;
  1188. }
  1189. /*
  1190. * The rest of the Smack xattrs are only on sockets.
  1191. */
  1192. if (inode->i_sb->s_magic != SOCKFS_MAGIC)
  1193. return -EOPNOTSUPP;
  1194. sock = SOCKET_I(inode);
  1195. if (sock == NULL || sock->sk == NULL)
  1196. return -EOPNOTSUPP;
  1197. ssp = sock->sk->sk_security;
  1198. if (strcmp(name, XATTR_SMACK_IPIN) == 0)
  1199. ssp->smk_in = sp;
  1200. else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
  1201. ssp->smk_out = sp;
  1202. rc = smack_netlabel(sock->sk);
  1203. if (rc != 0)
  1204. printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n",
  1205. __func__, -rc);
  1206. } else
  1207. return -EOPNOTSUPP;
  1208. return 0;
  1209. }
  1210. /**
  1211. * smack_socket_post_create - finish socket setup
  1212. * @sock: the socket
  1213. * @family: protocol family
  1214. * @type: unused
  1215. * @protocol: unused
  1216. * @kern: unused
  1217. *
  1218. * Sets the netlabel information on the socket
  1219. *
  1220. * Returns 0 on success, and error code otherwise
  1221. */
  1222. static int smack_socket_post_create(struct socket *sock, int family,
  1223. int type, int protocol, int kern)
  1224. {
  1225. if (family != PF_INET || sock->sk == NULL)
  1226. return 0;
  1227. /*
  1228. * Set the outbound netlbl.
  1229. */
  1230. return smack_netlabel(sock->sk);
  1231. }
  1232. /**
  1233. * smack_flags_to_may - convert S_ to MAY_ values
  1234. * @flags: the S_ value
  1235. *
  1236. * Returns the equivalent MAY_ value
  1237. */
  1238. static int smack_flags_to_may(int flags)
  1239. {
  1240. int may = 0;
  1241. if (flags & S_IRUGO)
  1242. may |= MAY_READ;
  1243. if (flags & S_IWUGO)
  1244. may |= MAY_WRITE;
  1245. if (flags & S_IXUGO)
  1246. may |= MAY_EXEC;
  1247. return may;
  1248. }
  1249. /**
  1250. * smack_msg_msg_alloc_security - Set the security blob for msg_msg
  1251. * @msg: the object
  1252. *
  1253. * Returns 0
  1254. */
  1255. static int smack_msg_msg_alloc_security(struct msg_msg *msg)
  1256. {
  1257. msg->security = current->security;
  1258. return 0;
  1259. }
  1260. /**
  1261. * smack_msg_msg_free_security - Clear the security blob for msg_msg
  1262. * @msg: the object
  1263. *
  1264. * Clears the blob pointer
  1265. */
  1266. static void smack_msg_msg_free_security(struct msg_msg *msg)
  1267. {
  1268. msg->security = NULL;
  1269. }
  1270. /**
  1271. * smack_of_shm - the smack pointer for the shm
  1272. * @shp: the object
  1273. *
  1274. * Returns a pointer to the smack value
  1275. */
  1276. static char *smack_of_shm(struct shmid_kernel *shp)
  1277. {
  1278. return (char *)shp->shm_perm.security;
  1279. }
  1280. /**
  1281. * smack_shm_alloc_security - Set the security blob for shm
  1282. * @shp: the object
  1283. *
  1284. * Returns 0
  1285. */
  1286. static int smack_shm_alloc_security(struct shmid_kernel *shp)
  1287. {
  1288. struct kern_ipc_perm *isp = &shp->shm_perm;
  1289. isp->security = current->security;
  1290. return 0;
  1291. }
  1292. /**
  1293. * smack_shm_free_security - Clear the security blob for shm
  1294. * @shp: the object
  1295. *
  1296. * Clears the blob pointer
  1297. */
  1298. static void smack_shm_free_security(struct shmid_kernel *shp)
  1299. {
  1300. struct kern_ipc_perm *isp = &shp->shm_perm;
  1301. isp->security = NULL;
  1302. }
  1303. /**
  1304. * smack_shm_associate - Smack access check for shm
  1305. * @shp: the object
  1306. * @shmflg: access requested
  1307. *
  1308. * Returns 0 if current has the requested access, error code otherwise
  1309. */
  1310. static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
  1311. {
  1312. char *ssp = smack_of_shm(shp);
  1313. int may;
  1314. may = smack_flags_to_may(shmflg);
  1315. return smk_curacc(ssp, may);
  1316. }
  1317. /**
  1318. * smack_shm_shmctl - Smack access check for shm
  1319. * @shp: the object
  1320. * @cmd: what it wants to do
  1321. *
  1322. * Returns 0 if current has the requested access, error code otherwise
  1323. */
  1324. static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
  1325. {
  1326. char *ssp;
  1327. int may;
  1328. switch (cmd) {
  1329. case IPC_STAT:
  1330. case SHM_STAT:
  1331. may = MAY_READ;
  1332. break;
  1333. case IPC_SET:
  1334. case SHM_LOCK:
  1335. case SHM_UNLOCK:
  1336. case IPC_RMID:
  1337. may = MAY_READWRITE;
  1338. break;
  1339. case IPC_INFO:
  1340. case SHM_INFO:
  1341. /*
  1342. * System level information.
  1343. */
  1344. return 0;
  1345. default:
  1346. return -EINVAL;
  1347. }
  1348. ssp = smack_of_shm(shp);
  1349. return smk_curacc(ssp, may);
  1350. }
  1351. /**
  1352. * smack_shm_shmat - Smack access for shmat
  1353. * @shp: the object
  1354. * @shmaddr: unused
  1355. * @shmflg: access requested
  1356. *
  1357. * Returns 0 if current has the requested access, error code otherwise
  1358. */
  1359. static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
  1360. int shmflg)
  1361. {
  1362. char *ssp = smack_of_shm(shp);
  1363. int may;
  1364. may = smack_flags_to_may(shmflg);
  1365. return smk_curacc(ssp, may);
  1366. }
  1367. /**
  1368. * smack_of_sem - the smack pointer for the sem
  1369. * @sma: the object
  1370. *
  1371. * Returns a pointer to the smack value
  1372. */
  1373. static char *smack_of_sem(struct sem_array *sma)
  1374. {
  1375. return (char *)sma->sem_perm.security;
  1376. }
  1377. /**
  1378. * smack_sem_alloc_security - Set the security blob for sem
  1379. * @sma: the object
  1380. *
  1381. * Returns 0
  1382. */
  1383. static int smack_sem_alloc_security(struct sem_array *sma)
  1384. {
  1385. struct kern_ipc_perm *isp = &sma->sem_perm;
  1386. isp->security = current->security;
  1387. return 0;
  1388. }
  1389. /**
  1390. * smack_sem_free_security - Clear the security blob for sem
  1391. * @sma: the object
  1392. *
  1393. * Clears the blob pointer
  1394. */
  1395. static void smack_sem_free_security(struct sem_array *sma)
  1396. {
  1397. struct kern_ipc_perm *isp = &sma->sem_perm;
  1398. isp->security = NULL;
  1399. }
  1400. /**
  1401. * smack_sem_associate - Smack access check for sem
  1402. * @sma: the object
  1403. * @semflg: access requested
  1404. *
  1405. * Returns 0 if current has the requested access, error code otherwise
  1406. */
  1407. static int smack_sem_associate(struct sem_array *sma, int semflg)
  1408. {
  1409. char *ssp = smack_of_sem(sma);
  1410. int may;
  1411. may = smack_flags_to_may(semflg);
  1412. return smk_curacc(ssp, may);
  1413. }
  1414. /**
  1415. * smack_sem_shmctl - Smack access check for sem
  1416. * @sma: the object
  1417. * @cmd: what it wants to do
  1418. *
  1419. * Returns 0 if current has the requested access, error code otherwise
  1420. */
  1421. static int smack_sem_semctl(struct sem_array *sma, int cmd)
  1422. {
  1423. char *ssp;
  1424. int may;
  1425. switch (cmd) {
  1426. case GETPID:
  1427. case GETNCNT:
  1428. case GETZCNT:
  1429. case GETVAL:
  1430. case GETALL:
  1431. case IPC_STAT:
  1432. case SEM_STAT:
  1433. may = MAY_READ;
  1434. break;
  1435. case SETVAL:
  1436. case SETALL:
  1437. case IPC_RMID:
  1438. case IPC_SET:
  1439. may = MAY_READWRITE;
  1440. break;
  1441. case IPC_INFO:
  1442. case SEM_INFO:
  1443. /*
  1444. * System level information
  1445. */
  1446. return 0;
  1447. default:
  1448. return -EINVAL;
  1449. }
  1450. ssp = smack_of_sem(sma);
  1451. return smk_curacc(ssp, may);
  1452. }
  1453. /**
  1454. * smack_sem_semop - Smack checks of semaphore operations
  1455. * @sma: the object
  1456. * @sops: unused
  1457. * @nsops: unused
  1458. * @alter: unused
  1459. *
  1460. * Treated as read and write in all cases.
  1461. *
  1462. * Returns 0 if access is allowed, error code otherwise
  1463. */
  1464. static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
  1465. unsigned nsops, int alter)
  1466. {
  1467. char *ssp = smack_of_sem(sma);
  1468. return smk_curacc(ssp, MAY_READWRITE);
  1469. }
  1470. /**
  1471. * smack_msg_alloc_security - Set the security blob for msg
  1472. * @msq: the object
  1473. *
  1474. * Returns 0
  1475. */
  1476. static int smack_msg_queue_alloc_security(struct msg_queue *msq)
  1477. {
  1478. struct kern_ipc_perm *kisp = &msq->q_perm;
  1479. kisp->security = current->security;
  1480. return 0;
  1481. }
  1482. /**
  1483. * smack_msg_free_security - Clear the security blob for msg
  1484. * @msq: the object
  1485. *
  1486. * Clears the blob pointer
  1487. */
  1488. static void smack_msg_queue_free_security(struct msg_queue *msq)
  1489. {
  1490. struct kern_ipc_perm *kisp = &msq->q_perm;
  1491. kisp->security = NULL;
  1492. }
  1493. /**
  1494. * smack_of_msq - the smack pointer for the msq
  1495. * @msq: the object
  1496. *
  1497. * Returns a pointer to the smack value
  1498. */
  1499. static char *smack_of_msq(struct msg_queue *msq)
  1500. {
  1501. return (char *)msq->q_perm.security;
  1502. }
  1503. /**
  1504. * smack_msg_queue_associate - Smack access check for msg_queue
  1505. * @msq: the object
  1506. * @msqflg: access requested
  1507. *
  1508. * Returns 0 if current has the requested access, error code otherwise
  1509. */
  1510. static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
  1511. {
  1512. char *msp = smack_of_msq(msq);
  1513. int may;
  1514. may = smack_flags_to_may(msqflg);
  1515. return smk_curacc(msp, may);
  1516. }
  1517. /**
  1518. * smack_msg_queue_msgctl - Smack access check for msg_queue
  1519. * @msq: the object
  1520. * @cmd: what it wants to do
  1521. *
  1522. * Returns 0 if current has the requested access, error code otherwise
  1523. */
  1524. static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
  1525. {
  1526. char *msp;
  1527. int may;
  1528. switch (cmd) {
  1529. case IPC_STAT:
  1530. case MSG_STAT:
  1531. may = MAY_READ;
  1532. break;
  1533. case IPC_SET:
  1534. case IPC_RMID:
  1535. may = MAY_READWRITE;
  1536. break;
  1537. case IPC_INFO:
  1538. case MSG_INFO:
  1539. /*
  1540. * System level information
  1541. */
  1542. return 0;
  1543. default:
  1544. return -EINVAL;
  1545. }
  1546. msp = smack_of_msq(msq);
  1547. return smk_curacc(msp, may);
  1548. }
  1549. /**
  1550. * smack_msg_queue_msgsnd - Smack access check for msg_queue
  1551. * @msq: the object
  1552. * @msg: unused
  1553. * @msqflg: access requested
  1554. *
  1555. * Returns 0 if current has the requested access, error code otherwise
  1556. */
  1557. static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
  1558. int msqflg)
  1559. {
  1560. char *msp = smack_of_msq(msq);
  1561. int rc;
  1562. rc = smack_flags_to_may(msqflg);
  1563. return smk_curacc(msp, rc);
  1564. }
  1565. /**
  1566. * smack_msg_queue_msgsnd - Smack access check for msg_queue
  1567. * @msq: the object
  1568. * @msg: unused
  1569. * @target: unused
  1570. * @type: unused
  1571. * @mode: unused
  1572. *
  1573. * Returns 0 if current has read and write access, error code otherwise
  1574. */
  1575. static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
  1576. struct task_struct *target, long type, int mode)
  1577. {
  1578. char *msp = smack_of_msq(msq);
  1579. return smk_curacc(msp, MAY_READWRITE);
  1580. }
  1581. /**
  1582. * smack_ipc_permission - Smack access for ipc_permission()
  1583. * @ipp: the object permissions
  1584. * @flag: access requested
  1585. *
  1586. * Returns 0 if current has read and write access, error code otherwise
  1587. */
  1588. static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
  1589. {
  1590. char *isp = ipp->security;
  1591. int may;
  1592. may = smack_flags_to_may(flag);
  1593. return smk_curacc(isp, may);
  1594. }
  1595. /**
  1596. * smack_ipc_getsecid - Extract smack security id
  1597. * @ipcp: the object permissions
  1598. * @secid: where result will be saved
  1599. */
  1600. static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
  1601. {
  1602. char *smack = ipp->security;
  1603. *secid = smack_to_secid(smack);
  1604. }
  1605. /**
  1606. * smack_d_instantiate - Make sure the blob is correct on an inode
  1607. * @opt_dentry: unused
  1608. * @inode: the object
  1609. *
  1610. * Set the inode's security blob if it hasn't been done already.
  1611. */
  1612. static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
  1613. {
  1614. struct super_block *sbp;
  1615. struct superblock_smack *sbsp;
  1616. struct inode_smack *isp;
  1617. char *csp = current->security;
  1618. char *fetched;
  1619. char *final;
  1620. struct dentry *dp;
  1621. if (inode == NULL)
  1622. return;
  1623. isp = inode->i_security;
  1624. mutex_lock(&isp->smk_lock);
  1625. /*
  1626. * If the inode is already instantiated
  1627. * take the quick way out
  1628. */
  1629. if (isp->smk_flags & SMK_INODE_INSTANT)
  1630. goto unlockandout;
  1631. sbp = inode->i_sb;
  1632. sbsp = sbp->s_security;
  1633. /*
  1634. * We're going to use the superblock default label
  1635. * if there's no label on the file.
  1636. */
  1637. final = sbsp->smk_default;
  1638. /*
  1639. * If this is the root inode the superblock
  1640. * may be in the process of initialization.
  1641. * If that is the case use the root value out
  1642. * of the superblock.
  1643. */
  1644. if (opt_dentry->d_parent == opt_dentry) {
  1645. isp->smk_inode = sbsp->smk_root;
  1646. isp->smk_flags |= SMK_INODE_INSTANT;
  1647. goto unlockandout;
  1648. }
  1649. /*
  1650. * This is pretty hackish.
  1651. * Casey says that we shouldn't have to do
  1652. * file system specific code, but it does help
  1653. * with keeping it simple.
  1654. */
  1655. switch (sbp->s_magic) {
  1656. case SMACK_MAGIC:
  1657. /*
  1658. * Casey says that it's a little embarassing
  1659. * that the smack file system doesn't do
  1660. * extended attributes.
  1661. */
  1662. final = smack_known_star.smk_known;
  1663. break;
  1664. case PIPEFS_MAGIC:
  1665. /*
  1666. * Casey says pipes are easy (?)
  1667. */
  1668. final = smack_known_star.smk_known;
  1669. break;
  1670. case DEVPTS_SUPER_MAGIC:
  1671. /*
  1672. * devpts seems content with the label of the task.
  1673. * Programs that change smack have to treat the
  1674. * pty with respect.
  1675. */
  1676. final = csp;
  1677. break;
  1678. case SOCKFS_MAGIC:
  1679. /*
  1680. * Casey says sockets get the smack of the task.
  1681. */
  1682. final = csp;
  1683. break;
  1684. case PROC_SUPER_MAGIC:
  1685. /*
  1686. * Casey says procfs appears not to care.
  1687. * The superblock default suffices.
  1688. */
  1689. break;
  1690. case TMPFS_MAGIC:
  1691. /*
  1692. * Device labels should come from the filesystem,
  1693. * but watch out, because they're volitile,
  1694. * getting recreated on every reboot.
  1695. */
  1696. final = smack_known_star.smk_known;
  1697. /*
  1698. * No break.
  1699. *
  1700. * If a smack value has been set we want to use it,
  1701. * but since tmpfs isn't giving us the opportunity
  1702. * to set mount options simulate setting the
  1703. * superblock default.
  1704. */
  1705. default:
  1706. /*
  1707. * This isn't an understood special case.
  1708. * Get the value from the xattr.
  1709. *
  1710. * No xattr support means, alas, no SMACK label.
  1711. * Use the aforeapplied default.
  1712. * It would be curious if the label of the task
  1713. * does not match that assigned.
  1714. */
  1715. if (inode->i_op->getxattr == NULL)
  1716. break;
  1717. /*
  1718. * Get the dentry for xattr.
  1719. */
  1720. if (opt_dentry == NULL) {
  1721. dp = d_find_alias(inode);
  1722. if (dp == NULL)
  1723. break;
  1724. } else {
  1725. dp = dget(opt_dentry);
  1726. if (dp == NULL)
  1727. break;
  1728. }
  1729. fetched = smk_fetch(inode, dp);
  1730. if (fetched != NULL)
  1731. final = fetched;
  1732. dput(dp);
  1733. break;
  1734. }
  1735. if (final == NULL)
  1736. isp->smk_inode = csp;
  1737. else
  1738. isp->smk_inode = final;
  1739. isp->smk_flags |= SMK_INODE_INSTANT;
  1740. unlockandout:
  1741. mutex_unlock(&isp->smk_lock);
  1742. return;
  1743. }
  1744. /**
  1745. * smack_getprocattr - Smack process attribute access
  1746. * @p: the object task
  1747. * @name: the name of the attribute in /proc/.../attr
  1748. * @value: where to put the result
  1749. *
  1750. * Places a copy of the task Smack into value
  1751. *
  1752. * Returns the length of the smack label or an error code
  1753. */
  1754. static int smack_getprocattr(struct task_struct *p, char *name, char **value)
  1755. {
  1756. char *cp;
  1757. int slen;
  1758. if (strcmp(name, "current") != 0)
  1759. return -EINVAL;
  1760. cp = kstrdup(p->security, GFP_KERNEL);
  1761. if (cp == NULL)
  1762. return -ENOMEM;
  1763. slen = strlen(cp);
  1764. *value = cp;
  1765. return slen;
  1766. }
  1767. /**
  1768. * smack_setprocattr - Smack process attribute setting
  1769. * @p: the object task
  1770. * @name: the name of the attribute in /proc/.../attr
  1771. * @value: the value to set
  1772. * @size: the size of the value
  1773. *
  1774. * Sets the Smack value of the task. Only setting self
  1775. * is permitted and only with privilege
  1776. *
  1777. * Returns the length of the smack label or an error code
  1778. */
  1779. static int smack_setprocattr(struct task_struct *p, char *name,
  1780. void *value, size_t size)
  1781. {
  1782. char *newsmack;
  1783. if (!__capable(p, CAP_MAC_ADMIN))
  1784. return -EPERM;
  1785. /*
  1786. * Changing another process' Smack value is too dangerous
  1787. * and supports no sane use case.
  1788. */
  1789. if (p != current)
  1790. return -EPERM;
  1791. if (value == NULL || size == 0 || size >= SMK_LABELLEN)
  1792. return -EINVAL;
  1793. if (strcmp(name, "current") != 0)
  1794. return -EINVAL;
  1795. newsmack = smk_import(value, size);
  1796. if (newsmack == NULL)
  1797. return -EINVAL;
  1798. p->security = newsmack;
  1799. return size;
  1800. }
  1801. /**
  1802. * smack_unix_stream_connect - Smack access on UDS
  1803. * @sock: one socket
  1804. * @other: the other socket
  1805. * @newsk: unused
  1806. *
  1807. * Return 0 if a subject with the smack of sock could access
  1808. * an object with the smack of other, otherwise an error code
  1809. */
  1810. static int smack_unix_stream_connect(struct socket *sock,
  1811. struct socket *other, struct sock *newsk)
  1812. {
  1813. struct inode *sp = SOCK_INODE(sock);
  1814. struct inode *op = SOCK_INODE(other);
  1815. return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_READWRITE);
  1816. }
  1817. /**
  1818. * smack_unix_may_send - Smack access on UDS
  1819. * @sock: one socket
  1820. * @other: the other socket
  1821. *
  1822. * Return 0 if a subject with the smack of sock could access
  1823. * an object with the smack of other, otherwise an error code
  1824. */
  1825. static int smack_unix_may_send(struct socket *sock, struct socket *other)
  1826. {
  1827. struct inode *sp = SOCK_INODE(sock);
  1828. struct inode *op = SOCK_INODE(other);
  1829. return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE);
  1830. }
  1831. /**
  1832. * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat
  1833. * pair to smack
  1834. * @sap: netlabel secattr
  1835. * @sip: where to put the result
  1836. *
  1837. * Copies a smack label into sip
  1838. */
  1839. static void smack_from_secattr(struct netlbl_lsm_secattr *sap, char *sip)
  1840. {
  1841. char smack[SMK_LABELLEN];
  1842. int pcat;
  1843. if ((sap->flags & NETLBL_SECATTR_MLS_LVL) == 0) {
  1844. /*
  1845. * If there are flags but no level netlabel isn't
  1846. * behaving the way we expect it to.
  1847. *
  1848. * Without guidance regarding the smack value
  1849. * for the packet fall back on the network
  1850. * ambient value.
  1851. */
  1852. strncpy(sip, smack_net_ambient, SMK_MAXLEN);
  1853. return;
  1854. }
  1855. /*
  1856. * Get the categories, if any
  1857. */
  1858. memset(smack, '\0', SMK_LABELLEN);
  1859. if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0)
  1860. for (pcat = -1;;) {
  1861. pcat = netlbl_secattr_catmap_walk(sap->attr.mls.cat,
  1862. pcat + 1);
  1863. if (pcat < 0)
  1864. break;
  1865. smack_catset_bit(pcat, smack);
  1866. }
  1867. /*
  1868. * If it is CIPSO using smack direct mapping
  1869. * we are already done. WeeHee.
  1870. */
  1871. if (sap->attr.mls.lvl == smack_cipso_direct) {
  1872. memcpy(sip, smack, SMK_MAXLEN);
  1873. return;
  1874. }
  1875. /*
  1876. * Look it up in the supplied table if it is not a direct mapping.
  1877. */
  1878. smack_from_cipso(sap->attr.mls.lvl, smack, sip);
  1879. return;
  1880. }
  1881. /**
  1882. * smack_socket_sock_rcv_skb - Smack packet delivery access check
  1883. * @sk: socket
  1884. * @skb: packet
  1885. *
  1886. * Returns 0 if the packet should be delivered, an error code otherwise
  1887. */
  1888. static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
  1889. {
  1890. struct netlbl_lsm_secattr secattr;
  1891. struct socket_smack *ssp = sk->sk_security;
  1892. char smack[SMK_LABELLEN];
  1893. int rc;
  1894. if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
  1895. return 0;
  1896. /*
  1897. * Translate what netlabel gave us.
  1898. */
  1899. memset(smack, '\0', SMK_LABELLEN);
  1900. netlbl_secattr_init(&secattr);
  1901. rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
  1902. if (rc == 0)
  1903. smack_from_secattr(&secattr, smack);
  1904. else
  1905. strncpy(smack, smack_net_ambient, SMK_MAXLEN);
  1906. netlbl_secattr_destroy(&secattr);
  1907. /*
  1908. * Receiving a packet requires that the other end
  1909. * be able to write here. Read access is not required.
  1910. * This is the simplist possible security model
  1911. * for networking.
  1912. */
  1913. return smk_access(smack, ssp->smk_in, MAY_WRITE);
  1914. }
  1915. /**
  1916. * smack_socket_getpeersec_stream - pull in packet label
  1917. * @sock: the socket
  1918. * @optval: user's destination
  1919. * @optlen: size thereof
  1920. * @len: max thereoe
  1921. *
  1922. * returns zero on success, an error code otherwise
  1923. */
  1924. static int smack_socket_getpeersec_stream(struct socket *sock,
  1925. char __user *optval,
  1926. int __user *optlen, unsigned len)
  1927. {
  1928. struct socket_smack *ssp;
  1929. int slen;
  1930. int rc = 0;
  1931. ssp = sock->sk->sk_security;
  1932. slen = strlen(ssp->smk_packet) + 1;
  1933. if (slen > len)
  1934. rc = -ERANGE;
  1935. else if (copy_to_user(optval, ssp->smk_packet, slen) != 0)
  1936. rc = -EFAULT;
  1937. if (put_user(slen, optlen) != 0)
  1938. rc = -EFAULT;
  1939. return rc;
  1940. }
  1941. /**
  1942. * smack_socket_getpeersec_dgram - pull in packet label
  1943. * @sock: the socket
  1944. * @skb: packet data
  1945. * @secid: pointer to where to put the secid of the packet
  1946. *
  1947. * Sets the netlabel socket state on sk from parent
  1948. */
  1949. static int smack_socket_getpeersec_dgram(struct socket *sock,
  1950. struct sk_buff *skb, u32 *secid)
  1951. {
  1952. struct netlbl_lsm_secattr secattr;
  1953. struct sock *sk;
  1954. char smack[SMK_LABELLEN];
  1955. int family = PF_INET;
  1956. u32 s;
  1957. int rc;
  1958. /*
  1959. * Only works for families with packets.
  1960. */
  1961. if (sock != NULL) {
  1962. sk = sock->sk;
  1963. if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
  1964. return 0;
  1965. family = sk->sk_family;
  1966. }
  1967. /*
  1968. * Translate what netlabel gave us.
  1969. */
  1970. memset(smack, '\0', SMK_LABELLEN);
  1971. netlbl_secattr_init(&secattr);
  1972. rc = netlbl_skbuff_getattr(skb, family, &secattr);
  1973. if (rc == 0)
  1974. smack_from_secattr(&secattr, smack);
  1975. netlbl_secattr_destroy(&secattr);
  1976. /*
  1977. * Give up if we couldn't get anything
  1978. */
  1979. if (rc != 0)
  1980. return rc;
  1981. s = smack_to_secid(smack);
  1982. if (s == 0)
  1983. return -EINVAL;
  1984. *secid = s;
  1985. return 0;
  1986. }
  1987. /**
  1988. * smack_sock_graft - graft access state between two sockets
  1989. * @sk: fresh sock
  1990. * @parent: donor socket
  1991. *
  1992. * Sets the netlabel socket state on sk from parent
  1993. */
  1994. static void smack_sock_graft(struct sock *sk, struct socket *parent)
  1995. {
  1996. struct socket_smack *ssp;
  1997. int rc;
  1998. if (sk == NULL)
  1999. return;
  2000. if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
  2001. return;
  2002. ssp = sk->sk_security;
  2003. ssp->smk_in = current->security;
  2004. ssp->smk_out = current->security;
  2005. ssp->smk_packet[0] = '\0';
  2006. rc = smack_netlabel(sk);
  2007. if (rc != 0)
  2008. printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n",
  2009. __func__, -rc);
  2010. }
  2011. /**
  2012. * smack_inet_conn_request - Smack access check on connect
  2013. * @sk: socket involved
  2014. * @skb: packet
  2015. * @req: unused
  2016. *
  2017. * Returns 0 if a task with the packet label could write to
  2018. * the socket, otherwise an error code
  2019. */
  2020. static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
  2021. struct request_sock *req)
  2022. {
  2023. struct netlbl_lsm_secattr skb_secattr;
  2024. struct socket_smack *ssp = sk->sk_security;
  2025. char smack[SMK_LABELLEN];
  2026. int rc;
  2027. if (skb == NULL)
  2028. return -EACCES;
  2029. memset(smack, '\0', SMK_LABELLEN);
  2030. netlbl_secattr_init(&skb_secattr);
  2031. rc = netlbl_skbuff_getattr(skb, sk->sk_family, &skb_secattr);
  2032. if (rc == 0)
  2033. smack_from_secattr(&skb_secattr, smack);
  2034. else
  2035. strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN);
  2036. netlbl_secattr_destroy(&skb_secattr);
  2037. /*
  2038. * Receiving a packet requires that the other end
  2039. * be able to write here. Read access is not required.
  2040. *
  2041. * If the request is successful save the peer's label
  2042. * so that SO_PEERCRED can report it.
  2043. */
  2044. rc = smk_access(smack, ssp->smk_in, MAY_WRITE);
  2045. if (rc == 0)
  2046. strncpy(ssp->smk_packet, smack, SMK_MAXLEN);
  2047. return rc;
  2048. }
  2049. /*
  2050. * Key management security hooks
  2051. *
  2052. * Casey has not tested key support very heavily.
  2053. * The permission check is most likely too restrictive.
  2054. * If you care about keys please have a look.
  2055. */
  2056. #ifdef CONFIG_KEYS
  2057. /**
  2058. * smack_key_alloc - Set the key security blob
  2059. * @key: object
  2060. * @tsk: the task associated with the key
  2061. * @flags: unused
  2062. *
  2063. * No allocation required
  2064. *
  2065. * Returns 0
  2066. */
  2067. static int smack_key_alloc(struct key *key, struct task_struct *tsk,
  2068. unsigned long flags)
  2069. {
  2070. key->security = tsk->security;
  2071. return 0;
  2072. }
  2073. /**
  2074. * smack_key_free - Clear the key security blob
  2075. * @key: the object
  2076. *
  2077. * Clear the blob pointer
  2078. */
  2079. static void smack_key_free(struct key *key)
  2080. {
  2081. key->security = NULL;
  2082. }
  2083. /*
  2084. * smack_key_permission - Smack access on a key
  2085. * @key_ref: gets to the object
  2086. * @context: task involved
  2087. * @perm: unused
  2088. *
  2089. * Return 0 if the task has read and write to the object,
  2090. * an error code otherwise
  2091. */
  2092. static int smack_key_permission(key_ref_t key_ref,
  2093. struct task_struct *context, key_perm_t perm)
  2094. {
  2095. struct key *keyp;
  2096. keyp = key_ref_to_ptr(key_ref);
  2097. if (keyp == NULL)
  2098. return -EINVAL;
  2099. /*
  2100. * If the key hasn't been initialized give it access so that
  2101. * it may do so.
  2102. */
  2103. if (keyp->security == NULL)
  2104. return 0;
  2105. /*
  2106. * This should not occur
  2107. */
  2108. if (context->security == NULL)
  2109. return -EACCES;
  2110. return smk_access(context->security, keyp->security, MAY_READWRITE);
  2111. }
  2112. #endif /* CONFIG_KEYS */
  2113. /*
  2114. * Smack Audit hooks
  2115. *
  2116. * Audit requires a unique representation of each Smack specific
  2117. * rule. This unique representation is used to distinguish the
  2118. * object to be audited from remaining kernel objects and also
  2119. * works as a glue between the audit hooks.
  2120. *
  2121. * Since repository entries are added but never deleted, we'll use
  2122. * the smack_known label address related to the given audit rule as
  2123. * the needed unique representation. This also better fits the smack
  2124. * model where nearly everything is a label.
  2125. */
  2126. #ifdef CONFIG_AUDIT
  2127. /**
  2128. * smack_audit_rule_init - Initialize a smack audit rule
  2129. * @field: audit rule fields given from user-space (audit.h)
  2130. * @op: required testing operator (=, !=, >, <, ...)
  2131. * @rulestr: smack label to be audited
  2132. * @vrule: pointer to save our own audit rule representation
  2133. *
  2134. * Prepare to audit cases where (@field @op @rulestr) is true.
  2135. * The label to be audited is created if necessay.
  2136. */
  2137. static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
  2138. {
  2139. char **rule = (char **)vrule;
  2140. *rule = NULL;
  2141. if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
  2142. return -EINVAL;
  2143. if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
  2144. return -EINVAL;
  2145. *rule = smk_import(rulestr, 0);
  2146. return 0;
  2147. }
  2148. /**
  2149. * smack_audit_rule_known - Distinguish Smack audit rules
  2150. * @krule: rule of interest, in Audit kernel representation format
  2151. *
  2152. * This is used to filter Smack rules from remaining Audit ones.
  2153. * If it's proved that this rule belongs to us, the
  2154. * audit_rule_match hook will be called to do the final judgement.
  2155. */
  2156. static int smack_audit_rule_known(struct audit_krule *krule)
  2157. {
  2158. struct audit_field *f;
  2159. int i;
  2160. for (i = 0; i < krule->field_count; i++) {
  2161. f = &krule->fields[i];
  2162. if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
  2163. return 1;
  2164. }
  2165. return 0;
  2166. }
  2167. /**
  2168. * smack_audit_rule_match - Audit given object ?
  2169. * @secid: security id for identifying the object to test
  2170. * @field: audit rule flags given from user-space
  2171. * @op: required testing operator
  2172. * @vrule: smack internal rule presentation
  2173. * @actx: audit context associated with the check
  2174. *
  2175. * The core Audit hook. It's used to take the decision of
  2176. * whether to audit or not to audit a given object.
  2177. */
  2178. static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
  2179. struct audit_context *actx)
  2180. {
  2181. char *smack;
  2182. char *rule = vrule;
  2183. if (!rule) {
  2184. audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR,
  2185. "Smack: missing rule\n");
  2186. return -ENOENT;
  2187. }
  2188. if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
  2189. return 0;
  2190. smack = smack_from_secid(secid);
  2191. /*
  2192. * No need to do string comparisons. If a match occurs,
  2193. * both pointers will point to the same smack_known
  2194. * label.
  2195. */
  2196. if (op == AUDIT_EQUAL)
  2197. return (rule == smack);
  2198. if (op == AUDIT_NOT_EQUAL)
  2199. return (rule != smack);
  2200. return 0;
  2201. }
  2202. /**
  2203. * smack_audit_rule_free - free smack rule representation
  2204. * @vrule: rule to be freed.
  2205. *
  2206. * No memory was allocated.
  2207. */
  2208. static void smack_audit_rule_free(void *vrule)
  2209. {
  2210. /* No-op */
  2211. }
  2212. #endif /* CONFIG_AUDIT */
  2213. /*
  2214. * smack_secid_to_secctx - return the smack label for a secid
  2215. * @secid: incoming integer
  2216. * @secdata: destination
  2217. * @seclen: how long it is
  2218. *
  2219. * Exists for networking code.
  2220. */
  2221. static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
  2222. {
  2223. char *sp = smack_from_secid(secid);
  2224. *secdata = sp;
  2225. *seclen = strlen(sp);
  2226. return 0;
  2227. }
  2228. /*
  2229. * smack_secctx_to_secid - return the secid for a smack label
  2230. * @secdata: smack label
  2231. * @seclen: how long result is
  2232. * @secid: outgoing integer
  2233. *
  2234. * Exists for audit and networking code.
  2235. */
  2236. static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
  2237. {
  2238. *secid = smack_to_secid(secdata);
  2239. return 0;
  2240. }
  2241. /*
  2242. * smack_release_secctx - don't do anything.
  2243. * @key_ref: unused
  2244. * @context: unused
  2245. * @perm: unused
  2246. *
  2247. * Exists to make sure nothing gets done, and properly
  2248. */
  2249. static void smack_release_secctx(char *secdata, u32 seclen)
  2250. {
  2251. }
  2252. struct security_operations smack_ops = {
  2253. .name = "smack",
  2254. .ptrace = smack_ptrace,
  2255. .capget = cap_capget,
  2256. .capset_check = cap_capset_check,
  2257. .capset_set = cap_capset_set,
  2258. .capable = cap_capable,
  2259. .syslog = smack_syslog,
  2260. .settime = cap_settime,
  2261. .vm_enough_memory = cap_vm_enough_memory,
  2262. .bprm_apply_creds = cap_bprm_apply_creds,
  2263. .bprm_set_security = cap_bprm_set_security,
  2264. .bprm_secureexec = cap_bprm_secureexec,
  2265. .sb_alloc_security = smack_sb_alloc_security,
  2266. .sb_free_security = smack_sb_free_security,
  2267. .sb_copy_data = smack_sb_copy_data,
  2268. .sb_kern_mount = smack_sb_kern_mount,
  2269. .sb_statfs = smack_sb_statfs,
  2270. .sb_mount = smack_sb_mount,
  2271. .sb_umount = smack_sb_umount,
  2272. .inode_alloc_security = smack_inode_alloc_security,
  2273. .inode_free_security = smack_inode_free_security,
  2274. .inode_init_security = smack_inode_init_security,
  2275. .inode_link = smack_inode_link,
  2276. .inode_unlink = smack_inode_unlink,
  2277. .inode_rmdir = smack_inode_rmdir,
  2278. .inode_rename = smack_inode_rename,
  2279. .inode_permission = smack_inode_permission,
  2280. .inode_setattr = smack_inode_setattr,
  2281. .inode_getattr = smack_inode_getattr,
  2282. .inode_setxattr = smack_inode_setxattr,
  2283. .inode_post_setxattr = smack_inode_post_setxattr,
  2284. .inode_getxattr = smack_inode_getxattr,
  2285. .inode_removexattr = smack_inode_removexattr,
  2286. .inode_need_killpriv = cap_inode_need_killpriv,
  2287. .inode_killpriv = cap_inode_killpriv,
  2288. .inode_getsecurity = smack_inode_getsecurity,
  2289. .inode_setsecurity = smack_inode_setsecurity,
  2290. .inode_listsecurity = smack_inode_listsecurity,
  2291. .inode_getsecid = smack_inode_getsecid,
  2292. .file_permission = smack_file_permission,
  2293. .file_alloc_security = smack_file_alloc_security,
  2294. .file_free_security = smack_file_free_security,
  2295. .file_ioctl = smack_file_ioctl,
  2296. .file_lock = smack_file_lock,
  2297. .file_fcntl = smack_file_fcntl,
  2298. .file_set_fowner = smack_file_set_fowner,
  2299. .file_send_sigiotask = smack_file_send_sigiotask,
  2300. .file_receive = smack_file_receive,
  2301. .task_alloc_security = smack_task_alloc_security,
  2302. .task_free_security = smack_task_free_security,
  2303. .task_post_setuid = cap_task_post_setuid,
  2304. .task_setpgid = smack_task_setpgid,
  2305. .task_getpgid = smack_task_getpgid,
  2306. .task_getsid = smack_task_getsid,
  2307. .task_getsecid = smack_task_getsecid,
  2308. .task_setnice = smack_task_setnice,
  2309. .task_setioprio = smack_task_setioprio,
  2310. .task_getioprio = smack_task_getioprio,
  2311. .task_setscheduler = smack_task_setscheduler,
  2312. .task_getscheduler = smack_task_getscheduler,
  2313. .task_movememory = smack_task_movememory,
  2314. .task_kill = smack_task_kill,
  2315. .task_wait = smack_task_wait,
  2316. .task_reparent_to_init = cap_task_reparent_to_init,
  2317. .task_to_inode = smack_task_to_inode,
  2318. .task_prctl = cap_task_prctl,
  2319. .ipc_permission = smack_ipc_permission,
  2320. .ipc_getsecid = smack_ipc_getsecid,
  2321. .msg_msg_alloc_security = smack_msg_msg_alloc_security,
  2322. .msg_msg_free_security = smack_msg_msg_free_security,
  2323. .msg_queue_alloc_security = smack_msg_queue_alloc_security,
  2324. .msg_queue_free_security = smack_msg_queue_free_security,
  2325. .msg_queue_associate = smack_msg_queue_associate,
  2326. .msg_queue_msgctl = smack_msg_queue_msgctl,
  2327. .msg_queue_msgsnd = smack_msg_queue_msgsnd,
  2328. .msg_queue_msgrcv = smack_msg_queue_msgrcv,
  2329. .shm_alloc_security = smack_shm_alloc_security,
  2330. .shm_free_security = smack_shm_free_security,
  2331. .shm_associate = smack_shm_associate,
  2332. .shm_shmctl = smack_shm_shmctl,
  2333. .shm_shmat = smack_shm_shmat,
  2334. .sem_alloc_security = smack_sem_alloc_security,
  2335. .sem_free_security = smack_sem_free_security,
  2336. .sem_associate = smack_sem_associate,
  2337. .sem_semctl = smack_sem_semctl,
  2338. .sem_semop = smack_sem_semop,
  2339. .netlink_send = cap_netlink_send,
  2340. .netlink_recv = cap_netlink_recv,
  2341. .d_instantiate = smack_d_instantiate,
  2342. .getprocattr = smack_getprocattr,
  2343. .setprocattr = smack_setprocattr,
  2344. .unix_stream_connect = smack_unix_stream_connect,
  2345. .unix_may_send = smack_unix_may_send,
  2346. .socket_post_create = smack_socket_post_create,
  2347. .socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
  2348. .socket_getpeersec_stream = smack_socket_getpeersec_stream,
  2349. .socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
  2350. .sk_alloc_security = smack_sk_alloc_security,
  2351. .sk_free_security = smack_sk_free_security,
  2352. .sock_graft = smack_sock_graft,
  2353. .inet_conn_request = smack_inet_conn_request,
  2354. /* key management security hooks */
  2355. #ifdef CONFIG_KEYS
  2356. .key_alloc = smack_key_alloc,
  2357. .key_free = smack_key_free,
  2358. .key_permission = smack_key_permission,
  2359. #endif /* CONFIG_KEYS */
  2360. /* Audit hooks */
  2361. #ifdef CONFIG_AUDIT
  2362. .audit_rule_init = smack_audit_rule_init,
  2363. .audit_rule_known = smack_audit_rule_known,
  2364. .audit_rule_match = smack_audit_rule_match,
  2365. .audit_rule_free = smack_audit_rule_free,
  2366. #endif /* CONFIG_AUDIT */
  2367. .secid_to_secctx = smack_secid_to_secctx,
  2368. .secctx_to_secid = smack_secctx_to_secid,
  2369. .release_secctx = smack_release_secctx,
  2370. };
  2371. /**
  2372. * smack_init - initialize the smack system
  2373. *
  2374. * Returns 0
  2375. */
  2376. static __init int smack_init(void)
  2377. {
  2378. if (!security_module_enable(&smack_ops))
  2379. return 0;
  2380. printk(KERN_INFO "Smack: Initializing.\n");
  2381. /*
  2382. * Set the security state for the initial task.
  2383. */
  2384. current->security = &smack_known_floor.smk_known;
  2385. /*
  2386. * Initialize locks
  2387. */
  2388. spin_lock_init(&smack_known_unset.smk_cipsolock);
  2389. spin_lock_init(&smack_known_huh.smk_cipsolock);
  2390. spin_lock_init(&smack_known_hat.smk_cipsolock);
  2391. spin_lock_init(&smack_known_star.smk_cipsolock);
  2392. spin_lock_init(&smack_known_floor.smk_cipsolock);
  2393. spin_lock_init(&smack_known_invalid.smk_cipsolock);
  2394. /*
  2395. * Register with LSM
  2396. */
  2397. if (register_security(&smack_ops))
  2398. panic("smack: Unable to register with kernel.\n");
  2399. return 0;
  2400. }
  2401. /*
  2402. * Smack requires early initialization in order to label
  2403. * all processes and objects when they are created.
  2404. */
  2405. security_initcall(smack_init);