]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - security/smack/smack_access.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux...
[mirror_ubuntu-zesty-kernel.git] / security / smack / smack_access.c
1 /*
2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, version 2.
7 *
8 * Author:
9 * Casey Schaufler <casey@schaufler-ca.com>
10 *
11 */
12
13 #include <linux/types.h>
14 #include <linux/slab.h>
15 #include <linux/fs.h>
16 #include <linux/sched.h>
17 #include "smack.h"
18
19 struct smack_known smack_known_huh = {
20 .smk_known = "?",
21 .smk_secid = 2,
22 };
23
24 struct smack_known smack_known_hat = {
25 .smk_known = "^",
26 .smk_secid = 3,
27 };
28
29 struct smack_known smack_known_star = {
30 .smk_known = "*",
31 .smk_secid = 4,
32 };
33
34 struct smack_known smack_known_floor = {
35 .smk_known = "_",
36 .smk_secid = 5,
37 };
38
39 struct smack_known smack_known_invalid = {
40 .smk_known = "",
41 .smk_secid = 6,
42 };
43
44 struct smack_known smack_known_web = {
45 .smk_known = "@",
46 .smk_secid = 7,
47 };
48
49 LIST_HEAD(smack_known_list);
50
51 /*
52 * The initial value needs to be bigger than any of the
53 * known values above.
54 */
55 static u32 smack_next_secid = 10;
56
57 /*
58 * what events do we log
59 * can be overwritten at run-time by /smack/logging
60 */
61 int log_policy = SMACK_AUDIT_DENIED;
62
63 /**
64 * smk_access_entry - look up matching access rule
65 * @subject_label: a pointer to the subject's Smack label
66 * @object_label: a pointer to the object's Smack label
67 * @rule_list: the list of rules to search
68 *
69 * This function looks up the subject/object pair in the
70 * access rule list and returns the access mode. If no
71 * entry is found returns -ENOENT.
72 *
73 * NOTE:
74 *
75 * Earlier versions of this function allowed for labels that
76 * were not on the label list. This was done to allow for
77 * labels to come over the network that had never been seen
78 * before on this host. Unless the receiving socket has the
79 * star label this will always result in a failure check. The
80 * star labeled socket case is now handled in the networking
81 * hooks so there is no case where the label is not on the
82 * label list. Checking to see if the address of two labels
83 * is the same is now a reliable test.
84 *
85 * Do the object check first because that is more
86 * likely to differ.
87 *
88 * Allowing write access implies allowing locking.
89 */
90 int smk_access_entry(char *subject_label, char *object_label,
91 struct list_head *rule_list)
92 {
93 int may = -ENOENT;
94 struct smack_rule *srp;
95
96 list_for_each_entry_rcu(srp, rule_list, list) {
97 if (srp->smk_object == object_label &&
98 srp->smk_subject->smk_known == subject_label) {
99 may = srp->smk_access;
100 break;
101 }
102 }
103
104 /*
105 * MAY_WRITE implies MAY_LOCK.
106 */
107 if ((may & MAY_WRITE) == MAY_WRITE)
108 may |= MAY_LOCK;
109 return may;
110 }
111
112 /**
113 * smk_access - determine if a subject has a specific access to an object
114 * @subject_known: a pointer to the subject's Smack label entry
115 * @object_label: a pointer to the object's Smack label
116 * @request: the access requested, in "MAY" format
117 * @a : a pointer to the audit data
118 *
119 * This function looks up the subject/object pair in the
120 * access rule list and returns 0 if the access is permitted,
121 * non zero otherwise.
122 *
123 * Smack labels are shared on smack_list
124 */
125 int smk_access(struct smack_known *subject_known, char *object_label,
126 int request, struct smk_audit_info *a)
127 {
128 int may = MAY_NOT;
129 int rc = 0;
130
131 /*
132 * Hardcoded comparisons.
133 *
134 * A star subject can't access any object.
135 */
136 if (subject_known == &smack_known_star) {
137 rc = -EACCES;
138 goto out_audit;
139 }
140 /*
141 * An internet object can be accessed by any subject.
142 * Tasks cannot be assigned the internet label.
143 * An internet subject can access any object.
144 */
145 if (object_label == smack_known_web.smk_known ||
146 subject_known == &smack_known_web)
147 goto out_audit;
148 /*
149 * A star object can be accessed by any subject.
150 */
151 if (object_label == smack_known_star.smk_known)
152 goto out_audit;
153 /*
154 * An object can be accessed in any way by a subject
155 * with the same label.
156 */
157 if (subject_known->smk_known == object_label)
158 goto out_audit;
159 /*
160 * A hat subject can read any object.
161 * A floor object can be read by any subject.
162 */
163 if ((request & MAY_ANYREAD) == request) {
164 if (object_label == smack_known_floor.smk_known)
165 goto out_audit;
166 if (subject_known == &smack_known_hat)
167 goto out_audit;
168 }
169 /*
170 * Beyond here an explicit relationship is required.
171 * If the requested access is contained in the available
172 * access (e.g. read is included in readwrite) it's
173 * good. A negative response from smk_access_entry()
174 * indicates there is no entry for this pair.
175 */
176 rcu_read_lock();
177 may = smk_access_entry(subject_known->smk_known, object_label,
178 &subject_known->smk_rules);
179 rcu_read_unlock();
180
181 if (may > 0 && (request & may) == request)
182 goto out_audit;
183
184 rc = -EACCES;
185 out_audit:
186 #ifdef CONFIG_AUDIT
187 if (a)
188 smack_log(subject_known->smk_known, object_label, request,
189 rc, a);
190 #endif
191 return rc;
192 }
193
194 /**
195 * smk_tskacc - determine if a task has a specific access to an object
196 * @tsp: a pointer to the subject task
197 * @obj_label: a pointer to the object's Smack label
198 * @mode: the access requested, in "MAY" format
199 * @a : common audit data
200 *
201 * This function checks the subject task's label/object label pair
202 * in the access rule list and returns 0 if the access is permitted,
203 * non zero otherwise. It allows that the task may have the capability
204 * to override the rules.
205 */
206 int smk_tskacc(struct task_smack *subject, char *obj_label,
207 u32 mode, struct smk_audit_info *a)
208 {
209 struct smack_known *skp = smk_of_task(subject);
210 int may;
211 int rc;
212
213 /*
214 * Check the global rule list
215 */
216 rc = smk_access(skp, obj_label, mode, NULL);
217 if (rc == 0) {
218 /*
219 * If there is an entry in the task's rule list
220 * it can further restrict access.
221 */
222 may = smk_access_entry(skp->smk_known, obj_label,
223 &subject->smk_rules);
224 if (may < 0)
225 goto out_audit;
226 if ((mode & may) == mode)
227 goto out_audit;
228 rc = -EACCES;
229 }
230
231 /*
232 * Allow for priviliged to override policy.
233 */
234 if (rc != 0 && smack_privileged(CAP_MAC_OVERRIDE))
235 rc = 0;
236
237 out_audit:
238 #ifdef CONFIG_AUDIT
239 if (a)
240 smack_log(skp->smk_known, obj_label, mode, rc, a);
241 #endif
242 return rc;
243 }
244
245 /**
246 * smk_curacc - determine if current has a specific access to an object
247 * @obj_label: a pointer to the object's Smack label
248 * @mode: the access requested, in "MAY" format
249 * @a : common audit data
250 *
251 * This function checks the current subject label/object label pair
252 * in the access rule list and returns 0 if the access is permitted,
253 * non zero otherwise. It allows that current may have the capability
254 * to override the rules.
255 */
256 int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
257 {
258 struct task_smack *tsp = current_security();
259
260 return smk_tskacc(tsp, obj_label, mode, a);
261 }
262
263 #ifdef CONFIG_AUDIT
264 /**
265 * smack_str_from_perm : helper to transalate an int to a
266 * readable string
267 * @string : the string to fill
268 * @access : the int
269 *
270 */
271 static inline void smack_str_from_perm(char *string, int access)
272 {
273 int i = 0;
274
275 if (access & MAY_READ)
276 string[i++] = 'r';
277 if (access & MAY_WRITE)
278 string[i++] = 'w';
279 if (access & MAY_EXEC)
280 string[i++] = 'x';
281 if (access & MAY_APPEND)
282 string[i++] = 'a';
283 if (access & MAY_TRANSMUTE)
284 string[i++] = 't';
285 if (access & MAY_LOCK)
286 string[i++] = 'l';
287 string[i] = '\0';
288 }
289 /**
290 * smack_log_callback - SMACK specific information
291 * will be called by generic audit code
292 * @ab : the audit_buffer
293 * @a : audit_data
294 *
295 */
296 static void smack_log_callback(struct audit_buffer *ab, void *a)
297 {
298 struct common_audit_data *ad = a;
299 struct smack_audit_data *sad = ad->smack_audit_data;
300 audit_log_format(ab, "lsm=SMACK fn=%s action=%s",
301 ad->smack_audit_data->function,
302 sad->result ? "denied" : "granted");
303 audit_log_format(ab, " subject=");
304 audit_log_untrustedstring(ab, sad->subject);
305 audit_log_format(ab, " object=");
306 audit_log_untrustedstring(ab, sad->object);
307 if (sad->request[0] == '\0')
308 audit_log_format(ab, " labels_differ");
309 else
310 audit_log_format(ab, " requested=%s", sad->request);
311 }
312
313 /**
314 * smack_log - Audit the granting or denial of permissions.
315 * @subject_label : smack label of the requester
316 * @object_label : smack label of the object being accessed
317 * @request: requested permissions
318 * @result: result from smk_access
319 * @a: auxiliary audit data
320 *
321 * Audit the granting or denial of permissions in accordance
322 * with the policy.
323 */
324 void smack_log(char *subject_label, char *object_label, int request,
325 int result, struct smk_audit_info *ad)
326 {
327 char request_buffer[SMK_NUM_ACCESS_TYPE + 1];
328 struct smack_audit_data *sad;
329 struct common_audit_data *a = &ad->a;
330
331 /* check if we have to log the current event */
332 if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
333 return;
334 if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
335 return;
336
337 sad = a->smack_audit_data;
338
339 if (sad->function == NULL)
340 sad->function = "unknown";
341
342 /* end preparing the audit data */
343 smack_str_from_perm(request_buffer, request);
344 sad->subject = subject_label;
345 sad->object = object_label;
346 sad->request = request_buffer;
347 sad->result = result;
348
349 common_lsm_audit(a, smack_log_callback, NULL);
350 }
351 #else /* #ifdef CONFIG_AUDIT */
352 void smack_log(char *subject_label, char *object_label, int request,
353 int result, struct smk_audit_info *ad)
354 {
355 }
356 #endif
357
358 DEFINE_MUTEX(smack_known_lock);
359
360 struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
361
362 /**
363 * smk_insert_entry - insert a smack label into a hash map,
364 *
365 * this function must be called under smack_known_lock
366 */
367 void smk_insert_entry(struct smack_known *skp)
368 {
369 unsigned int hash;
370 struct hlist_head *head;
371
372 hash = full_name_hash(skp->smk_known, strlen(skp->smk_known));
373 head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)];
374
375 hlist_add_head_rcu(&skp->smk_hashed, head);
376 list_add_rcu(&skp->list, &smack_known_list);
377 }
378
379 /**
380 * smk_find_entry - find a label on the list, return the list entry
381 * @string: a text string that might be a Smack label
382 *
383 * Returns a pointer to the entry in the label list that
384 * matches the passed string.
385 */
386 struct smack_known *smk_find_entry(const char *string)
387 {
388 unsigned int hash;
389 struct hlist_head *head;
390 struct smack_known *skp;
391
392 hash = full_name_hash(string, strlen(string));
393 head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)];
394
395 hlist_for_each_entry_rcu(skp, head, smk_hashed)
396 if (strcmp(skp->smk_known, string) == 0)
397 return skp;
398
399 return NULL;
400 }
401
402 /**
403 * smk_parse_smack - parse smack label from a text string
404 * @string: a text string that might contain a Smack label
405 * @len: the maximum size, or zero if it is NULL terminated.
406 *
407 * Returns a pointer to the clean label, or NULL
408 */
409 char *smk_parse_smack(const char *string, int len)
410 {
411 char *smack;
412 int i;
413
414 if (len <= 0)
415 len = strlen(string) + 1;
416
417 /*
418 * Reserve a leading '-' as an indicator that
419 * this isn't a label, but an option to interfaces
420 * including /smack/cipso and /smack/cipso2
421 */
422 if (string[0] == '-')
423 return NULL;
424
425 for (i = 0; i < len; i++)
426 if (string[i] > '~' || string[i] <= ' ' || string[i] == '/' ||
427 string[i] == '"' || string[i] == '\\' || string[i] == '\'')
428 break;
429
430 if (i == 0 || i >= SMK_LONGLABEL)
431 return NULL;
432
433 smack = kzalloc(i + 1, GFP_KERNEL);
434 if (smack != NULL) {
435 strncpy(smack, string, i + 1);
436 smack[i] = '\0';
437 }
438 return smack;
439 }
440
441 /**
442 * smk_netlbl_mls - convert a catset to netlabel mls categories
443 * @catset: the Smack categories
444 * @sap: where to put the netlabel categories
445 *
446 * Allocates and fills attr.mls
447 * Returns 0 on success, error code on failure.
448 */
449 int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
450 int len)
451 {
452 unsigned char *cp;
453 unsigned char m;
454 int cat;
455 int rc;
456 int byte;
457
458 sap->flags |= NETLBL_SECATTR_MLS_CAT;
459 sap->attr.mls.lvl = level;
460 sap->attr.mls.cat = NULL;
461
462 for (cat = 1, cp = catset, byte = 0; byte < len; cp++, byte++)
463 for (m = 0x80; m != 0; m >>= 1, cat++) {
464 if ((m & *cp) == 0)
465 continue;
466 rc = netlbl_catmap_setbit(&sap->attr.mls.cat,
467 cat, GFP_ATOMIC);
468 if (rc < 0) {
469 netlbl_catmap_free(sap->attr.mls.cat);
470 return rc;
471 }
472 }
473
474 return 0;
475 }
476
477 /**
478 * smk_import_entry - import a label, return the list entry
479 * @string: a text string that might be a Smack label
480 * @len: the maximum size, or zero if it is NULL terminated.
481 *
482 * Returns a pointer to the entry in the label list that
483 * matches the passed string, adding it if necessary.
484 */
485 struct smack_known *smk_import_entry(const char *string, int len)
486 {
487 struct smack_known *skp;
488 char *smack;
489 int slen;
490 int rc;
491
492 smack = smk_parse_smack(string, len);
493 if (smack == NULL)
494 return NULL;
495
496 mutex_lock(&smack_known_lock);
497
498 skp = smk_find_entry(smack);
499 if (skp != NULL)
500 goto freeout;
501
502 skp = kzalloc(sizeof(*skp), GFP_KERNEL);
503 if (skp == NULL)
504 goto freeout;
505
506 skp->smk_known = smack;
507 skp->smk_secid = smack_next_secid++;
508 skp->smk_netlabel.domain = skp->smk_known;
509 skp->smk_netlabel.flags =
510 NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
511 /*
512 * If direct labeling works use it.
513 * Otherwise use mapped labeling.
514 */
515 slen = strlen(smack);
516 if (slen < SMK_CIPSOLEN)
517 rc = smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
518 &skp->smk_netlabel, slen);
519 else
520 rc = smk_netlbl_mls(smack_cipso_mapped, (char *)&skp->smk_secid,
521 &skp->smk_netlabel, sizeof(skp->smk_secid));
522
523 if (rc >= 0) {
524 INIT_LIST_HEAD(&skp->smk_rules);
525 mutex_init(&skp->smk_rules_lock);
526 /*
527 * Make sure that the entry is actually
528 * filled before putting it on the list.
529 */
530 smk_insert_entry(skp);
531 goto unlockout;
532 }
533 /*
534 * smk_netlbl_mls failed.
535 */
536 kfree(skp);
537 skp = NULL;
538 freeout:
539 kfree(smack);
540 unlockout:
541 mutex_unlock(&smack_known_lock);
542
543 return skp;
544 }
545
546 /**
547 * smk_import - import a smack label
548 * @string: a text string that might be a Smack label
549 * @len: the maximum size, or zero if it is NULL terminated.
550 *
551 * Returns a pointer to the label in the label list that
552 * matches the passed string, adding it if necessary.
553 */
554 char *smk_import(const char *string, int len)
555 {
556 struct smack_known *skp;
557
558 /* labels cannot begin with a '-' */
559 if (string[0] == '-')
560 return NULL;
561 skp = smk_import_entry(string, len);
562 if (skp == NULL)
563 return NULL;
564 return skp->smk_known;
565 }
566
567 /**
568 * smack_from_secid - find the Smack label associated with a secid
569 * @secid: an integer that might be associated with a Smack label
570 *
571 * Returns a pointer to the appropriate Smack label entry if there is one,
572 * otherwise a pointer to the invalid Smack label.
573 */
574 struct smack_known *smack_from_secid(const u32 secid)
575 {
576 struct smack_known *skp;
577
578 rcu_read_lock();
579 list_for_each_entry_rcu(skp, &smack_known_list, list) {
580 if (skp->smk_secid == secid) {
581 rcu_read_unlock();
582 return skp;
583 }
584 }
585
586 /*
587 * If we got this far someone asked for the translation
588 * of a secid that is not on the list.
589 */
590 rcu_read_unlock();
591 return &smack_known_invalid;
592 }
593
594 /**
595 * smack_to_secid - find the secid associated with a Smack label
596 * @smack: the Smack label
597 *
598 * Returns the appropriate secid if there is one,
599 * otherwise 0
600 */
601 u32 smack_to_secid(const char *smack)
602 {
603 struct smack_known *skp = smk_find_entry(smack);
604
605 if (skp == NULL)
606 return 0;
607 return skp->smk_secid;
608 }
ubuntu-zesty-kernel mirror