]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - security/smack/smack_lsm.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
smack: Fix a bidirectional UDS connect check typo
[mirror_ubuntu-artful-kernel.git] / security / smack / smack_lsm.c
1 /*
2 * Simplified MAC Kernel (smack) security module
3 *
4 * This file contains the smack hook function implementations.
5 *
6 * Authors:
7 * Casey Schaufler <casey@schaufler-ca.com>
8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
9 *
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
12 * Paul Moore <paul@paul-moore.com>
13 * Copyright (C) 2010 Nokia Corporation
14 * Copyright (C) 2011 Intel Corporation.
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
19 */
20
21 #include <linux/xattr.h>
22 #include <linux/pagemap.h>
23 #include <linux/mount.h>
24 #include <linux/stat.h>
25 #include <linux/kd.h>
26 #include <asm/ioctls.h>
27 #include <linux/ip.h>
28 #include <linux/tcp.h>
29 #include <linux/udp.h>
30 #include <linux/dccp.h>
31 #include <linux/slab.h>
32 #include <linux/mutex.h>
33 #include <linux/pipe_fs_i.h>
34 #include <net/cipso_ipv4.h>
35 #include <net/ip.h>
36 #include <net/ipv6.h>
37 #include <linux/audit.h>
38 #include <linux/magic.h>
39 #include <linux/dcache.h>
40 #include <linux/personality.h>
41 #include <linux/msg.h>
42 #include <linux/shm.h>
43 #include <linux/binfmts.h>
44 #include "smack.h"
45
46 #define task_security(task) (task_cred_xxx((task), security))
47
48 #define TRANS_TRUE "TRUE"
49 #define TRANS_TRUE_SIZE 4
50
51 #define SMK_CONNECTING 0
52 #define SMK_RECEIVING 1
53 #define SMK_SENDING 2
54
55 LIST_HEAD(smk_ipv6_port_list);
56 static struct kmem_cache *smack_inode_cache;
57
58 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
59 static void smk_bu_mode(int mode, char *s)
60 {
61 int i = 0;
62
63 if (mode & MAY_READ)
64 s[i++] = 'r';
65 if (mode & MAY_WRITE)
66 s[i++] = 'w';
67 if (mode & MAY_EXEC)
68 s[i++] = 'x';
69 if (mode & MAY_APPEND)
70 s[i++] = 'a';
71 if (mode & MAY_TRANSMUTE)
72 s[i++] = 't';
73 if (mode & MAY_LOCK)
74 s[i++] = 'l';
75 if (i == 0)
76 s[i++] = '-';
77 s[i] = '\0';
78 }
79 #endif
80
81 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
82 static int smk_bu_note(char *note, struct smack_known *sskp,
83 struct smack_known *oskp, int mode, int rc)
84 {
85 char acc[SMK_NUM_ACCESS_TYPE + 1];
86
87 if (rc <= 0)
88 return rc;
89
90 smk_bu_mode(mode, acc);
91 pr_info("Smack Bringup: (%s %s %s) %s\n",
92 sskp->smk_known, oskp->smk_known, acc, note);
93 return 0;
94 }
95 #else
96 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
97 #endif
98
99 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
100 static int smk_bu_current(char *note, struct smack_known *oskp,
101 int mode, int rc)
102 {
103 struct task_smack *tsp = current_security();
104 char acc[SMK_NUM_ACCESS_TYPE + 1];
105
106 if (rc <= 0)
107 return rc;
108
109 smk_bu_mode(mode, acc);
110 pr_info("Smack Bringup: (%s %s %s) %s %s\n",
111 tsp->smk_task->smk_known, oskp->smk_known,
112 acc, current->comm, note);
113 return 0;
114 }
115 #else
116 #define smk_bu_current(note, oskp, mode, RC) (RC)
117 #endif
118
119 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
120 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
121 {
122 struct task_smack *tsp = current_security();
123 struct task_smack *otsp = task_security(otp);
124 char acc[SMK_NUM_ACCESS_TYPE + 1];
125
126 if (rc <= 0)
127 return rc;
128
129 smk_bu_mode(mode, acc);
130 pr_info("Smack Bringup: (%s %s %s) %s to %s\n",
131 tsp->smk_task->smk_known, otsp->smk_task->smk_known, acc,
132 current->comm, otp->comm);
133 return 0;
134 }
135 #else
136 #define smk_bu_task(otp, mode, RC) (RC)
137 #endif
138
139 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
140 static int smk_bu_inode(struct inode *inode, int mode, int rc)
141 {
142 struct task_smack *tsp = current_security();
143 char acc[SMK_NUM_ACCESS_TYPE + 1];
144
145 if (rc <= 0)
146 return rc;
147
148 smk_bu_mode(mode, acc);
149 pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n",
150 tsp->smk_task->smk_known, smk_of_inode(inode)->smk_known, acc,
151 inode->i_sb->s_id, inode->i_ino, current->comm);
152 return 0;
153 }
154 #else
155 #define smk_bu_inode(inode, mode, RC) (RC)
156 #endif
157
158 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
159 static int smk_bu_file(struct file *file, int mode, int rc)
160 {
161 struct task_smack *tsp = current_security();
162 struct smack_known *sskp = tsp->smk_task;
163 struct inode *inode = file->f_inode;
164 char acc[SMK_NUM_ACCESS_TYPE + 1];
165
166 if (rc <= 0)
167 return rc;
168
169 smk_bu_mode(mode, acc);
170 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
171 sskp->smk_known, (char *)file->f_security, acc,
172 inode->i_sb->s_id, inode->i_ino, file,
173 current->comm);
174 return 0;
175 }
176 #else
177 #define smk_bu_file(file, mode, RC) (RC)
178 #endif
179
180 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
181 static int smk_bu_credfile(const struct cred *cred, struct file *file,
182 int mode, int rc)
183 {
184 struct task_smack *tsp = cred->security;
185 struct smack_known *sskp = tsp->smk_task;
186 struct inode *inode = file->f_inode;
187 char acc[SMK_NUM_ACCESS_TYPE + 1];
188
189 if (rc <= 0)
190 return rc;
191
192 smk_bu_mode(mode, acc);
193 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
194 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
195 inode->i_sb->s_id, inode->i_ino, file,
196 current->comm);
197 return 0;
198 }
199 #else
200 #define smk_bu_credfile(cred, file, mode, RC) (RC)
201 #endif
202
203 /**
204 * smk_fetch - Fetch the smack label from a file.
205 * @name: type of the label (attribute)
206 * @ip: a pointer to the inode
207 * @dp: a pointer to the dentry
208 *
209 * Returns a pointer to the master list entry for the Smack label
210 * or NULL if there was no label to fetch.
211 */
212 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
213 struct dentry *dp)
214 {
215 int rc;
216 char *buffer;
217 struct smack_known *skp = NULL;
218
219 if (ip->i_op->getxattr == NULL)
220 return NULL;
221
222 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
223 if (buffer == NULL)
224 return NULL;
225
226 rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
227 if (rc > 0)
228 skp = smk_import_entry(buffer, rc);
229
230 kfree(buffer);
231
232 return skp;
233 }
234
235 /**
236 * new_inode_smack - allocate an inode security blob
237 * @skp: a pointer to the Smack label entry to use in the blob
238 *
239 * Returns the new blob or NULL if there's no memory available
240 */
241 struct inode_smack *new_inode_smack(struct smack_known *skp)
242 {
243 struct inode_smack *isp;
244
245 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
246 if (isp == NULL)
247 return NULL;
248
249 isp->smk_inode = skp;
250 isp->smk_flags = 0;
251 mutex_init(&isp->smk_lock);
252
253 return isp;
254 }
255
256 /**
257 * new_task_smack - allocate a task security blob
258 * @task: a pointer to the Smack label for the running task
259 * @forked: a pointer to the Smack label for the forked task
260 * @gfp: type of the memory for the allocation
261 *
262 * Returns the new blob or NULL if there's no memory available
263 */
264 static struct task_smack *new_task_smack(struct smack_known *task,
265 struct smack_known *forked, gfp_t gfp)
266 {
267 struct task_smack *tsp;
268
269 tsp = kzalloc(sizeof(struct task_smack), gfp);
270 if (tsp == NULL)
271 return NULL;
272
273 tsp->smk_task = task;
274 tsp->smk_forked = forked;
275 INIT_LIST_HEAD(&tsp->smk_rules);
276 mutex_init(&tsp->smk_rules_lock);
277
278 return tsp;
279 }
280
281 /**
282 * smk_copy_rules - copy a rule set
283 * @nhead: new rules header pointer
284 * @ohead: old rules header pointer
285 * @gfp: type of the memory for the allocation
286 *
287 * Returns 0 on success, -ENOMEM on error
288 */
289 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
290 gfp_t gfp)
291 {
292 struct smack_rule *nrp;
293 struct smack_rule *orp;
294 int rc = 0;
295
296 INIT_LIST_HEAD(nhead);
297
298 list_for_each_entry_rcu(orp, ohead, list) {
299 nrp = kzalloc(sizeof(struct smack_rule), gfp);
300 if (nrp == NULL) {
301 rc = -ENOMEM;
302 break;
303 }
304 *nrp = *orp;
305 list_add_rcu(&nrp->list, nhead);
306 }
307 return rc;
308 }
309
310 /**
311 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
312 * @mode - input mode in form of PTRACE_MODE_*
313 *
314 * Returns a converted MAY_* mode usable by smack rules
315 */
316 static inline unsigned int smk_ptrace_mode(unsigned int mode)
317 {
318 switch (mode) {
319 case PTRACE_MODE_READ:
320 return MAY_READ;
321 case PTRACE_MODE_ATTACH:
322 return MAY_READWRITE;
323 }
324
325 return 0;
326 }
327
328 /**
329 * smk_ptrace_rule_check - helper for ptrace access
330 * @tracer: tracer process
331 * @tracee_known: label entry of the process that's about to be traced
332 * @mode: ptrace attachment mode (PTRACE_MODE_*)
333 * @func: name of the function that called us, used for audit
334 *
335 * Returns 0 on access granted, -error on error
336 */
337 static int smk_ptrace_rule_check(struct task_struct *tracer,
338 struct smack_known *tracee_known,
339 unsigned int mode, const char *func)
340 {
341 int rc;
342 struct smk_audit_info ad, *saip = NULL;
343 struct task_smack *tsp;
344 struct smack_known *tracer_known;
345
346 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
347 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
348 smk_ad_setfield_u_tsk(&ad, tracer);
349 saip = &ad;
350 }
351
352 tsp = task_security(tracer);
353 tracer_known = smk_of_task(tsp);
354
355 if ((mode & PTRACE_MODE_ATTACH) &&
356 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
357 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
358 if (tracer_known->smk_known == tracee_known->smk_known)
359 rc = 0;
360 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
361 rc = -EACCES;
362 else if (capable(CAP_SYS_PTRACE))
363 rc = 0;
364 else
365 rc = -EACCES;
366
367 if (saip)
368 smack_log(tracer_known->smk_known,
369 tracee_known->smk_known,
370 0, rc, saip);
371
372 return rc;
373 }
374
375 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
376 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
377 return rc;
378 }
379
380 /*
381 * LSM hooks.
382 * We he, that is fun!
383 */
384
385 /**
386 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
387 * @ctp: child task pointer
388 * @mode: ptrace attachment mode (PTRACE_MODE_*)
389 *
390 * Returns 0 if access is OK, an error code otherwise
391 *
392 * Do the capability checks.
393 */
394 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
395 {
396 int rc;
397 struct smack_known *skp;
398
399 rc = cap_ptrace_access_check(ctp, mode);
400 if (rc != 0)
401 return rc;
402
403 skp = smk_of_task(task_security(ctp));
404
405 rc = smk_ptrace_rule_check(current, skp, mode, __func__);
406 return rc;
407 }
408
409 /**
410 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
411 * @ptp: parent task pointer
412 *
413 * Returns 0 if access is OK, an error code otherwise
414 *
415 * Do the capability checks, and require PTRACE_MODE_ATTACH.
416 */
417 static int smack_ptrace_traceme(struct task_struct *ptp)
418 {
419 int rc;
420 struct smack_known *skp;
421
422 rc = cap_ptrace_traceme(ptp);
423 if (rc != 0)
424 return rc;
425
426 skp = smk_of_task(current_security());
427
428 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
429 return rc;
430 }
431
432 /**
433 * smack_syslog - Smack approval on syslog
434 * @type: message type
435 *
436 * Returns 0 on success, error code otherwise.
437 */
438 static int smack_syslog(int typefrom_file)
439 {
440 int rc = 0;
441 struct smack_known *skp = smk_of_current();
442
443 if (smack_privileged(CAP_MAC_OVERRIDE))
444 return 0;
445
446 if (smack_syslog_label != NULL && smack_syslog_label != skp)
447 rc = -EACCES;
448
449 return rc;
450 }
451
452
453 /*
454 * Superblock Hooks.
455 */
456
457 /**
458 * smack_sb_alloc_security - allocate a superblock blob
459 * @sb: the superblock getting the blob
460 *
461 * Returns 0 on success or -ENOMEM on error.
462 */
463 static int smack_sb_alloc_security(struct super_block *sb)
464 {
465 struct superblock_smack *sbsp;
466
467 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
468
469 if (sbsp == NULL)
470 return -ENOMEM;
471
472 sbsp->smk_root = &smack_known_floor;
473 sbsp->smk_default = &smack_known_floor;
474 sbsp->smk_floor = &smack_known_floor;
475 sbsp->smk_hat = &smack_known_hat;
476 /*
477 * smk_initialized will be zero from kzalloc.
478 */
479 sb->s_security = sbsp;
480
481 return 0;
482 }
483
484 /**
485 * smack_sb_free_security - free a superblock blob
486 * @sb: the superblock getting the blob
487 *
488 */
489 static void smack_sb_free_security(struct super_block *sb)
490 {
491 kfree(sb->s_security);
492 sb->s_security = NULL;
493 }
494
495 /**
496 * smack_sb_copy_data - copy mount options data for processing
497 * @orig: where to start
498 * @smackopts: mount options string
499 *
500 * Returns 0 on success or -ENOMEM on error.
501 *
502 * Copy the Smack specific mount options out of the mount
503 * options list.
504 */
505 static int smack_sb_copy_data(char *orig, char *smackopts)
506 {
507 char *cp, *commap, *otheropts, *dp;
508
509 otheropts = (char *)get_zeroed_page(GFP_KERNEL);
510 if (otheropts == NULL)
511 return -ENOMEM;
512
513 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
514 if (strstr(cp, SMK_FSDEFAULT) == cp)
515 dp = smackopts;
516 else if (strstr(cp, SMK_FSFLOOR) == cp)
517 dp = smackopts;
518 else if (strstr(cp, SMK_FSHAT) == cp)
519 dp = smackopts;
520 else if (strstr(cp, SMK_FSROOT) == cp)
521 dp = smackopts;
522 else if (strstr(cp, SMK_FSTRANS) == cp)
523 dp = smackopts;
524 else
525 dp = otheropts;
526
527 commap = strchr(cp, ',');
528 if (commap != NULL)
529 *commap = '\0';
530
531 if (*dp != '\0')
532 strcat(dp, ",");
533 strcat(dp, cp);
534 }
535
536 strcpy(orig, otheropts);
537 free_page((unsigned long)otheropts);
538
539 return 0;
540 }
541
542 /**
543 * smack_sb_kern_mount - Smack specific mount processing
544 * @sb: the file system superblock
545 * @flags: the mount flags
546 * @data: the smack mount options
547 *
548 * Returns 0 on success, an error code on failure
549 */
550 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
551 {
552 struct dentry *root = sb->s_root;
553 struct inode *inode = root->d_inode;
554 struct superblock_smack *sp = sb->s_security;
555 struct inode_smack *isp;
556 struct smack_known *skp;
557 char *op;
558 char *commap;
559 int transmute = 0;
560 int specified = 0;
561
562 if (sp->smk_initialized)
563 return 0;
564
565 sp->smk_initialized = 1;
566
567 for (op = data; op != NULL; op = commap) {
568 commap = strchr(op, ',');
569 if (commap != NULL)
570 *commap++ = '\0';
571
572 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
573 op += strlen(SMK_FSHAT);
574 skp = smk_import_entry(op, 0);
575 if (skp != NULL) {
576 sp->smk_hat = skp;
577 specified = 1;
578 }
579 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
580 op += strlen(SMK_FSFLOOR);
581 skp = smk_import_entry(op, 0);
582 if (skp != NULL) {
583 sp->smk_floor = skp;
584 specified = 1;
585 }
586 } else if (strncmp(op, SMK_FSDEFAULT,
587 strlen(SMK_FSDEFAULT)) == 0) {
588 op += strlen(SMK_FSDEFAULT);
589 skp = smk_import_entry(op, 0);
590 if (skp != NULL) {
591 sp->smk_default = skp;
592 specified = 1;
593 }
594 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
595 op += strlen(SMK_FSROOT);
596 skp = smk_import_entry(op, 0);
597 if (skp != NULL) {
598 sp->smk_root = skp;
599 specified = 1;
600 }
601 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
602 op += strlen(SMK_FSTRANS);
603 skp = smk_import_entry(op, 0);
604 if (skp != NULL) {
605 sp->smk_root = skp;
606 transmute = 1;
607 specified = 1;
608 }
609 }
610 }
611
612 if (!smack_privileged(CAP_MAC_ADMIN)) {
613 /*
614 * Unprivileged mounts don't get to specify Smack values.
615 */
616 if (specified)
617 return -EPERM;
618 /*
619 * Unprivileged mounts get root and default from the caller.
620 */
621 skp = smk_of_current();
622 sp->smk_root = skp;
623 sp->smk_default = skp;
624 }
625 /*
626 * Initialize the root inode.
627 */
628 isp = inode->i_security;
629 if (isp == NULL) {
630 isp = new_inode_smack(sp->smk_root);
631 if (isp == NULL)
632 return -ENOMEM;
633 inode->i_security = isp;
634 } else
635 isp->smk_inode = sp->smk_root;
636
637 if (transmute)
638 isp->smk_flags |= SMK_INODE_TRANSMUTE;
639
640 return 0;
641 }
642
643 /**
644 * smack_sb_statfs - Smack check on statfs
645 * @dentry: identifies the file system in question
646 *
647 * Returns 0 if current can read the floor of the filesystem,
648 * and error code otherwise
649 */
650 static int smack_sb_statfs(struct dentry *dentry)
651 {
652 struct superblock_smack *sbp = dentry->d_sb->s_security;
653 int rc;
654 struct smk_audit_info ad;
655
656 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
657 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
658
659 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
660 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
661 return rc;
662 }
663
664 /*
665 * BPRM hooks
666 */
667
668 /**
669 * smack_bprm_set_creds - set creds for exec
670 * @bprm: the exec information
671 *
672 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
673 */
674 static int smack_bprm_set_creds(struct linux_binprm *bprm)
675 {
676 struct inode *inode = file_inode(bprm->file);
677 struct task_smack *bsp = bprm->cred->security;
678 struct inode_smack *isp;
679 int rc;
680
681 rc = cap_bprm_set_creds(bprm);
682 if (rc != 0)
683 return rc;
684
685 if (bprm->cred_prepared)
686 return 0;
687
688 isp = inode->i_security;
689 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
690 return 0;
691
692 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
693 struct task_struct *tracer;
694 rc = 0;
695
696 rcu_read_lock();
697 tracer = ptrace_parent(current);
698 if (likely(tracer != NULL))
699 rc = smk_ptrace_rule_check(tracer,
700 isp->smk_task,
701 PTRACE_MODE_ATTACH,
702 __func__);
703 rcu_read_unlock();
704
705 if (rc != 0)
706 return rc;
707 } else if (bprm->unsafe)
708 return -EPERM;
709
710 bsp->smk_task = isp->smk_task;
711 bprm->per_clear |= PER_CLEAR_ON_SETID;
712
713 return 0;
714 }
715
716 /**
717 * smack_bprm_committing_creds - Prepare to install the new credentials
718 * from bprm.
719 *
720 * @bprm: binprm for exec
721 */
722 static void smack_bprm_committing_creds(struct linux_binprm *bprm)
723 {
724 struct task_smack *bsp = bprm->cred->security;
725
726 if (bsp->smk_task != bsp->smk_forked)
727 current->pdeath_signal = 0;
728 }
729
730 /**
731 * smack_bprm_secureexec - Return the decision to use secureexec.
732 * @bprm: binprm for exec
733 *
734 * Returns 0 on success.
735 */
736 static int smack_bprm_secureexec(struct linux_binprm *bprm)
737 {
738 struct task_smack *tsp = current_security();
739 int ret = cap_bprm_secureexec(bprm);
740
741 if (!ret && (tsp->smk_task != tsp->smk_forked))
742 ret = 1;
743
744 return ret;
745 }
746
747 /*
748 * Inode hooks
749 */
750
751 /**
752 * smack_inode_alloc_security - allocate an inode blob
753 * @inode: the inode in need of a blob
754 *
755 * Returns 0 if it gets a blob, -ENOMEM otherwise
756 */
757 static int smack_inode_alloc_security(struct inode *inode)
758 {
759 struct smack_known *skp = smk_of_current();
760
761 inode->i_security = new_inode_smack(skp);
762 if (inode->i_security == NULL)
763 return -ENOMEM;
764 return 0;
765 }
766
767 /**
768 * smack_inode_free_security - free an inode blob
769 * @inode: the inode with a blob
770 *
771 * Clears the blob pointer in inode
772 */
773 static void smack_inode_free_security(struct inode *inode)
774 {
775 kmem_cache_free(smack_inode_cache, inode->i_security);
776 inode->i_security = NULL;
777 }
778
779 /**
780 * smack_inode_init_security - copy out the smack from an inode
781 * @inode: the newly created inode
782 * @dir: containing directory object
783 * @qstr: unused
784 * @name: where to put the attribute name
785 * @value: where to put the attribute value
786 * @len: where to put the length of the attribute
787 *
788 * Returns 0 if it all works out, -ENOMEM if there's no memory
789 */
790 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
791 const struct qstr *qstr, const char **name,
792 void **value, size_t *len)
793 {
794 struct inode_smack *issp = inode->i_security;
795 struct smack_known *skp = smk_of_current();
796 struct smack_known *isp = smk_of_inode(inode);
797 struct smack_known *dsp = smk_of_inode(dir);
798 int may;
799
800 if (name)
801 *name = XATTR_SMACK_SUFFIX;
802
803 if (value && len) {
804 rcu_read_lock();
805 may = smk_access_entry(skp->smk_known, dsp->smk_known,
806 &skp->smk_rules);
807 rcu_read_unlock();
808
809 /*
810 * If the access rule allows transmutation and
811 * the directory requests transmutation then
812 * by all means transmute.
813 * Mark the inode as changed.
814 */
815 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
816 smk_inode_transmutable(dir)) {
817 isp = dsp;
818 issp->smk_flags |= SMK_INODE_CHANGED;
819 }
820
821 *value = kstrdup(isp->smk_known, GFP_NOFS);
822 if (*value == NULL)
823 return -ENOMEM;
824
825 *len = strlen(isp->smk_known);
826 }
827
828 return 0;
829 }
830
831 /**
832 * smack_inode_link - Smack check on link
833 * @old_dentry: the existing object
834 * @dir: unused
835 * @new_dentry: the new object
836 *
837 * Returns 0 if access is permitted, an error code otherwise
838 */
839 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
840 struct dentry *new_dentry)
841 {
842 struct smack_known *isp;
843 struct smk_audit_info ad;
844 int rc;
845
846 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
847 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
848
849 isp = smk_of_inode(old_dentry->d_inode);
850 rc = smk_curacc(isp, MAY_WRITE, &ad);
851 rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc);
852
853 if (rc == 0 && new_dentry->d_inode != NULL) {
854 isp = smk_of_inode(new_dentry->d_inode);
855 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
856 rc = smk_curacc(isp, MAY_WRITE, &ad);
857 rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc);
858 }
859
860 return rc;
861 }
862
863 /**
864 * smack_inode_unlink - Smack check on inode deletion
865 * @dir: containing directory object
866 * @dentry: file to unlink
867 *
868 * Returns 0 if current can write the containing directory
869 * and the object, error code otherwise
870 */
871 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
872 {
873 struct inode *ip = dentry->d_inode;
874 struct smk_audit_info ad;
875 int rc;
876
877 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
878 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
879
880 /*
881 * You need write access to the thing you're unlinking
882 */
883 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
884 rc = smk_bu_inode(ip, MAY_WRITE, rc);
885 if (rc == 0) {
886 /*
887 * You also need write access to the containing directory
888 */
889 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
890 smk_ad_setfield_u_fs_inode(&ad, dir);
891 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
892 rc = smk_bu_inode(dir, MAY_WRITE, rc);
893 }
894 return rc;
895 }
896
897 /**
898 * smack_inode_rmdir - Smack check on directory deletion
899 * @dir: containing directory object
900 * @dentry: directory to unlink
901 *
902 * Returns 0 if current can write the containing directory
903 * and the directory, error code otherwise
904 */
905 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
906 {
907 struct smk_audit_info ad;
908 int rc;
909
910 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
911 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
912
913 /*
914 * You need write access to the thing you're removing
915 */
916 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
917 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
918 if (rc == 0) {
919 /*
920 * You also need write access to the containing directory
921 */
922 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
923 smk_ad_setfield_u_fs_inode(&ad, dir);
924 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
925 rc = smk_bu_inode(dir, MAY_WRITE, rc);
926 }
927
928 return rc;
929 }
930
931 /**
932 * smack_inode_rename - Smack check on rename
933 * @old_inode: unused
934 * @old_dentry: the old object
935 * @new_inode: unused
936 * @new_dentry: the new object
937 *
938 * Read and write access is required on both the old and
939 * new directories.
940 *
941 * Returns 0 if access is permitted, an error code otherwise
942 */
943 static int smack_inode_rename(struct inode *old_inode,
944 struct dentry *old_dentry,
945 struct inode *new_inode,
946 struct dentry *new_dentry)
947 {
948 int rc;
949 struct smack_known *isp;
950 struct smk_audit_info ad;
951
952 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
953 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
954
955 isp = smk_of_inode(old_dentry->d_inode);
956 rc = smk_curacc(isp, MAY_READWRITE, &ad);
957 rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc);
958
959 if (rc == 0 && new_dentry->d_inode != NULL) {
960 isp = smk_of_inode(new_dentry->d_inode);
961 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
962 rc = smk_curacc(isp, MAY_READWRITE, &ad);
963 rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc);
964 }
965 return rc;
966 }
967
968 /**
969 * smack_inode_permission - Smack version of permission()
970 * @inode: the inode in question
971 * @mask: the access requested
972 *
973 * This is the important Smack hook.
974 *
975 * Returns 0 if access is permitted, -EACCES otherwise
976 */
977 static int smack_inode_permission(struct inode *inode, int mask)
978 {
979 struct smk_audit_info ad;
980 int no_block = mask & MAY_NOT_BLOCK;
981 int rc;
982
983 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
984 /*
985 * No permission to check. Existence test. Yup, it's there.
986 */
987 if (mask == 0)
988 return 0;
989
990 /* May be droppable after audit */
991 if (no_block)
992 return -ECHILD;
993 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
994 smk_ad_setfield_u_fs_inode(&ad, inode);
995 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
996 rc = smk_bu_inode(inode, mask, rc);
997 return rc;
998 }
999
1000 /**
1001 * smack_inode_setattr - Smack check for setting attributes
1002 * @dentry: the object
1003 * @iattr: for the force flag
1004 *
1005 * Returns 0 if access is permitted, an error code otherwise
1006 */
1007 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1008 {
1009 struct smk_audit_info ad;
1010 int rc;
1011
1012 /*
1013 * Need to allow for clearing the setuid bit.
1014 */
1015 if (iattr->ia_valid & ATTR_FORCE)
1016 return 0;
1017 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1018 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1019
1020 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1021 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1022 return rc;
1023 }
1024
1025 /**
1026 * smack_inode_getattr - Smack check for getting attributes
1027 * @mnt: vfsmount of the object
1028 * @dentry: the object
1029 *
1030 * Returns 0 if access is permitted, an error code otherwise
1031 */
1032 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
1033 {
1034 struct smk_audit_info ad;
1035 struct path path;
1036 int rc;
1037
1038 path.dentry = dentry;
1039 path.mnt = mnt;
1040
1041 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1042 smk_ad_setfield_u_fs_path(&ad, path);
1043 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1044 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1045 return rc;
1046 }
1047
1048 /**
1049 * smack_inode_setxattr - Smack check for setting xattrs
1050 * @dentry: the object
1051 * @name: name of the attribute
1052 * @value: value of the attribute
1053 * @size: size of the value
1054 * @flags: unused
1055 *
1056 * This protects the Smack attribute explicitly.
1057 *
1058 * Returns 0 if access is permitted, an error code otherwise
1059 */
1060 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1061 const void *value, size_t size, int flags)
1062 {
1063 struct smk_audit_info ad;
1064 struct smack_known *skp;
1065 int check_priv = 0;
1066 int check_import = 0;
1067 int check_star = 0;
1068 int rc = 0;
1069
1070 /*
1071 * Check label validity here so import won't fail in post_setxattr
1072 */
1073 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1074 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1075 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1076 check_priv = 1;
1077 check_import = 1;
1078 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1079 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1080 check_priv = 1;
1081 check_import = 1;
1082 check_star = 1;
1083 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1084 check_priv = 1;
1085 if (size != TRANS_TRUE_SIZE ||
1086 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1087 rc = -EINVAL;
1088 } else
1089 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1090
1091 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1092 rc = -EPERM;
1093
1094 if (rc == 0 && check_import) {
1095 skp = size ? smk_import_entry(value, size) : NULL;
1096 if (skp == NULL || (check_star &&
1097 (skp == &smack_known_star || skp == &smack_known_web)))
1098 rc = -EINVAL;
1099 }
1100
1101 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1102 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1103
1104 if (rc == 0) {
1105 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1106 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1107 }
1108
1109 return rc;
1110 }
1111
1112 /**
1113 * smack_inode_post_setxattr - Apply the Smack update approved above
1114 * @dentry: object
1115 * @name: attribute name
1116 * @value: attribute value
1117 * @size: attribute size
1118 * @flags: unused
1119 *
1120 * Set the pointer in the inode blob to the entry found
1121 * in the master label list.
1122 */
1123 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1124 const void *value, size_t size, int flags)
1125 {
1126 struct smack_known *skp;
1127 struct inode_smack *isp = dentry->d_inode->i_security;
1128
1129 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1130 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1131 return;
1132 }
1133
1134 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1135 skp = smk_import_entry(value, size);
1136 if (skp != NULL)
1137 isp->smk_inode = skp;
1138 else
1139 isp->smk_inode = &smack_known_invalid;
1140 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1141 skp = smk_import_entry(value, size);
1142 if (skp != NULL)
1143 isp->smk_task = skp;
1144 else
1145 isp->smk_task = &smack_known_invalid;
1146 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1147 skp = smk_import_entry(value, size);
1148 if (skp != NULL)
1149 isp->smk_mmap = skp;
1150 else
1151 isp->smk_mmap = &smack_known_invalid;
1152 }
1153
1154 return;
1155 }
1156
1157 /**
1158 * smack_inode_getxattr - Smack check on getxattr
1159 * @dentry: the object
1160 * @name: unused
1161 *
1162 * Returns 0 if access is permitted, an error code otherwise
1163 */
1164 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1165 {
1166 struct smk_audit_info ad;
1167 int rc;
1168
1169 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1170 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1171
1172 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1173 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1174 return rc;
1175 }
1176
1177 /**
1178 * smack_inode_removexattr - Smack check on removexattr
1179 * @dentry: the object
1180 * @name: name of the attribute
1181 *
1182 * Removing the Smack attribute requires CAP_MAC_ADMIN
1183 *
1184 * Returns 0 if access is permitted, an error code otherwise
1185 */
1186 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1187 {
1188 struct inode_smack *isp;
1189 struct smk_audit_info ad;
1190 int rc = 0;
1191
1192 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1193 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1194 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1195 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1196 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1197 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1198 if (!smack_privileged(CAP_MAC_ADMIN))
1199 rc = -EPERM;
1200 } else
1201 rc = cap_inode_removexattr(dentry, name);
1202
1203 if (rc != 0)
1204 return rc;
1205
1206 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1207 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1208
1209 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1210 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1211 if (rc != 0)
1212 return rc;
1213
1214 isp = dentry->d_inode->i_security;
1215 /*
1216 * Don't do anything special for these.
1217 * XATTR_NAME_SMACKIPIN
1218 * XATTR_NAME_SMACKIPOUT
1219 * XATTR_NAME_SMACKEXEC
1220 */
1221 if (strcmp(name, XATTR_NAME_SMACK) == 0)
1222 isp->smk_task = NULL;
1223 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1224 isp->smk_mmap = NULL;
1225 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1226 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1227
1228 return 0;
1229 }
1230
1231 /**
1232 * smack_inode_getsecurity - get smack xattrs
1233 * @inode: the object
1234 * @name: attribute name
1235 * @buffer: where to put the result
1236 * @alloc: unused
1237 *
1238 * Returns the size of the attribute or an error code
1239 */
1240 static int smack_inode_getsecurity(const struct inode *inode,
1241 const char *name, void **buffer,
1242 bool alloc)
1243 {
1244 struct socket_smack *ssp;
1245 struct socket *sock;
1246 struct super_block *sbp;
1247 struct inode *ip = (struct inode *)inode;
1248 struct smack_known *isp;
1249 int ilen;
1250 int rc = 0;
1251
1252 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1253 isp = smk_of_inode(inode);
1254 ilen = strlen(isp->smk_known);
1255 *buffer = isp->smk_known;
1256 return ilen;
1257 }
1258
1259 /*
1260 * The rest of the Smack xattrs are only on sockets.
1261 */
1262 sbp = ip->i_sb;
1263 if (sbp->s_magic != SOCKFS_MAGIC)
1264 return -EOPNOTSUPP;
1265
1266 sock = SOCKET_I(ip);
1267 if (sock == NULL || sock->sk == NULL)
1268 return -EOPNOTSUPP;
1269
1270 ssp = sock->sk->sk_security;
1271
1272 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1273 isp = ssp->smk_in;
1274 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1275 isp = ssp->smk_out;
1276 else
1277 return -EOPNOTSUPP;
1278
1279 ilen = strlen(isp->smk_known);
1280 if (rc == 0) {
1281 *buffer = isp->smk_known;
1282 rc = ilen;
1283 }
1284
1285 return rc;
1286 }
1287
1288
1289 /**
1290 * smack_inode_listsecurity - list the Smack attributes
1291 * @inode: the object
1292 * @buffer: where they go
1293 * @buffer_size: size of buffer
1294 *
1295 * Returns 0 on success, -EINVAL otherwise
1296 */
1297 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1298 size_t buffer_size)
1299 {
1300 int len = sizeof(XATTR_NAME_SMACK);
1301
1302 if (buffer != NULL && len <= buffer_size)
1303 memcpy(buffer, XATTR_NAME_SMACK, len);
1304
1305 return len;
1306 }
1307
1308 /**
1309 * smack_inode_getsecid - Extract inode's security id
1310 * @inode: inode to extract the info from
1311 * @secid: where result will be saved
1312 */
1313 static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1314 {
1315 struct inode_smack *isp = inode->i_security;
1316
1317 *secid = isp->smk_inode->smk_secid;
1318 }
1319
1320 /*
1321 * File Hooks
1322 */
1323
1324 /**
1325 * smack_file_permission - Smack check on file operations
1326 * @file: unused
1327 * @mask: unused
1328 *
1329 * Returns 0
1330 *
1331 * Should access checks be done on each read or write?
1332 * UNICOS and SELinux say yes.
1333 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1334 *
1335 * I'll say no for now. Smack does not do the frequent
1336 * label changing that SELinux does.
1337 */
1338 static int smack_file_permission(struct file *file, int mask)
1339 {
1340 return 0;
1341 }
1342
1343 /**
1344 * smack_file_alloc_security - assign a file security blob
1345 * @file: the object
1346 *
1347 * The security blob for a file is a pointer to the master
1348 * label list, so no allocation is done.
1349 *
1350 * Returns 0
1351 */
1352 static int smack_file_alloc_security(struct file *file)
1353 {
1354 struct smack_known *skp = smk_of_current();
1355
1356 file->f_security = skp;
1357 return 0;
1358 }
1359
1360 /**
1361 * smack_file_free_security - clear a file security blob
1362 * @file: the object
1363 *
1364 * The security blob for a file is a pointer to the master
1365 * label list, so no memory is freed.
1366 */
1367 static void smack_file_free_security(struct file *file)
1368 {
1369 file->f_security = NULL;
1370 }
1371
1372 /**
1373 * smack_file_ioctl - Smack check on ioctls
1374 * @file: the object
1375 * @cmd: what to do
1376 * @arg: unused
1377 *
1378 * Relies heavily on the correct use of the ioctl command conventions.
1379 *
1380 * Returns 0 if allowed, error code otherwise
1381 */
1382 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1383 unsigned long arg)
1384 {
1385 int rc = 0;
1386 struct smk_audit_info ad;
1387
1388 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1389 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1390
1391 if (_IOC_DIR(cmd) & _IOC_WRITE) {
1392 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1393 rc = smk_bu_file(file, MAY_WRITE, rc);
1394 }
1395
1396 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1397 rc = smk_curacc(file->f_security, MAY_READ, &ad);
1398 rc = smk_bu_file(file, MAY_READ, rc);
1399 }
1400
1401 return rc;
1402 }
1403
1404 /**
1405 * smack_file_lock - Smack check on file locking
1406 * @file: the object
1407 * @cmd: unused
1408 *
1409 * Returns 0 if current has lock access, error code otherwise
1410 */
1411 static int smack_file_lock(struct file *file, unsigned int cmd)
1412 {
1413 struct smk_audit_info ad;
1414 int rc;
1415
1416 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1417 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1418 rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1419 rc = smk_bu_file(file, MAY_LOCK, rc);
1420 return rc;
1421 }
1422
1423 /**
1424 * smack_file_fcntl - Smack check on fcntl
1425 * @file: the object
1426 * @cmd: what action to check
1427 * @arg: unused
1428 *
1429 * Generally these operations are harmless.
1430 * File locking operations present an obvious mechanism
1431 * for passing information, so they require write access.
1432 *
1433 * Returns 0 if current has access, error code otherwise
1434 */
1435 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1436 unsigned long arg)
1437 {
1438 struct smk_audit_info ad;
1439 int rc = 0;
1440
1441
1442 switch (cmd) {
1443 case F_GETLK:
1444 break;
1445 case F_SETLK:
1446 case F_SETLKW:
1447 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1448 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1449 rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1450 rc = smk_bu_file(file, MAY_LOCK, rc);
1451 break;
1452 case F_SETOWN:
1453 case F_SETSIG:
1454 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1455 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1456 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1457 rc = smk_bu_file(file, MAY_WRITE, rc);
1458 break;
1459 default:
1460 break;
1461 }
1462
1463 return rc;
1464 }
1465
1466 /**
1467 * smack_mmap_file :
1468 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1469 * if mapping anonymous memory.
1470 * @file contains the file structure for file to map (may be NULL).
1471 * @reqprot contains the protection requested by the application.
1472 * @prot contains the protection that will be applied by the kernel.
1473 * @flags contains the operational flags.
1474 * Return 0 if permission is granted.
1475 */
1476 static int smack_mmap_file(struct file *file,
1477 unsigned long reqprot, unsigned long prot,
1478 unsigned long flags)
1479 {
1480 struct smack_known *skp;
1481 struct smack_known *mkp;
1482 struct smack_rule *srp;
1483 struct task_smack *tsp;
1484 struct smack_known *okp;
1485 struct inode_smack *isp;
1486 int may;
1487 int mmay;
1488 int tmay;
1489 int rc;
1490
1491 if (file == NULL)
1492 return 0;
1493
1494 isp = file_inode(file)->i_security;
1495 if (isp->smk_mmap == NULL)
1496 return 0;
1497 mkp = isp->smk_mmap;
1498
1499 tsp = current_security();
1500 skp = smk_of_current();
1501 rc = 0;
1502
1503 rcu_read_lock();
1504 /*
1505 * For each Smack rule associated with the subject
1506 * label verify that the SMACK64MMAP also has access
1507 * to that rule's object label.
1508 */
1509 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1510 okp = srp->smk_object;
1511 /*
1512 * Matching labels always allows access.
1513 */
1514 if (mkp->smk_known == okp->smk_known)
1515 continue;
1516 /*
1517 * If there is a matching local rule take
1518 * that into account as well.
1519 */
1520 may = smk_access_entry(srp->smk_subject->smk_known,
1521 okp->smk_known,
1522 &tsp->smk_rules);
1523 if (may == -ENOENT)
1524 may = srp->smk_access;
1525 else
1526 may &= srp->smk_access;
1527 /*
1528 * If may is zero the SMACK64MMAP subject can't
1529 * possibly have less access.
1530 */
1531 if (may == 0)
1532 continue;
1533
1534 /*
1535 * Fetch the global list entry.
1536 * If there isn't one a SMACK64MMAP subject
1537 * can't have as much access as current.
1538 */
1539 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1540 &mkp->smk_rules);
1541 if (mmay == -ENOENT) {
1542 rc = -EACCES;
1543 break;
1544 }
1545 /*
1546 * If there is a local entry it modifies the
1547 * potential access, too.
1548 */
1549 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1550 &tsp->smk_rules);
1551 if (tmay != -ENOENT)
1552 mmay &= tmay;
1553
1554 /*
1555 * If there is any access available to current that is
1556 * not available to a SMACK64MMAP subject
1557 * deny access.
1558 */
1559 if ((may | mmay) != mmay) {
1560 rc = -EACCES;
1561 break;
1562 }
1563 }
1564
1565 rcu_read_unlock();
1566
1567 return rc;
1568 }
1569
1570 /**
1571 * smack_file_set_fowner - set the file security blob value
1572 * @file: object in question
1573 *
1574 * Returns 0
1575 * Further research may be required on this one.
1576 */
1577 static void smack_file_set_fowner(struct file *file)
1578 {
1579 struct smack_known *skp = smk_of_current();
1580
1581 file->f_security = skp;
1582 }
1583
1584 /**
1585 * smack_file_send_sigiotask - Smack on sigio
1586 * @tsk: The target task
1587 * @fown: the object the signal come from
1588 * @signum: unused
1589 *
1590 * Allow a privileged task to get signals even if it shouldn't
1591 *
1592 * Returns 0 if a subject with the object's smack could
1593 * write to the task, an error code otherwise.
1594 */
1595 static int smack_file_send_sigiotask(struct task_struct *tsk,
1596 struct fown_struct *fown, int signum)
1597 {
1598 struct smack_known *skp;
1599 struct smack_known *tkp = smk_of_task(tsk->cred->security);
1600 struct file *file;
1601 int rc;
1602 struct smk_audit_info ad;
1603
1604 /*
1605 * struct fown_struct is never outside the context of a struct file
1606 */
1607 file = container_of(fown, struct file, f_owner);
1608
1609 /* we don't log here as rc can be overriden */
1610 skp = file->f_security;
1611 rc = smk_access(skp, tkp, MAY_WRITE, NULL);
1612 rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc);
1613 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1614 rc = 0;
1615
1616 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1617 smk_ad_setfield_u_tsk(&ad, tsk);
1618 smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad);
1619 return rc;
1620 }
1621
1622 /**
1623 * smack_file_receive - Smack file receive check
1624 * @file: the object
1625 *
1626 * Returns 0 if current has access, error code otherwise
1627 */
1628 static int smack_file_receive(struct file *file)
1629 {
1630 int rc;
1631 int may = 0;
1632 struct smk_audit_info ad;
1633
1634 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1635 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1636 /*
1637 * This code relies on bitmasks.
1638 */
1639 if (file->f_mode & FMODE_READ)
1640 may = MAY_READ;
1641 if (file->f_mode & FMODE_WRITE)
1642 may |= MAY_WRITE;
1643
1644 rc = smk_curacc(file->f_security, may, &ad);
1645 rc = smk_bu_file(file, may, rc);
1646 return rc;
1647 }
1648
1649 /**
1650 * smack_file_open - Smack dentry open processing
1651 * @file: the object
1652 * @cred: task credential
1653 *
1654 * Set the security blob in the file structure.
1655 * Allow the open only if the task has read access. There are
1656 * many read operations (e.g. fstat) that you can do with an
1657 * fd even if you have the file open write-only.
1658 *
1659 * Returns 0
1660 */
1661 static int smack_file_open(struct file *file, const struct cred *cred)
1662 {
1663 struct task_smack *tsp = cred->security;
1664 struct inode_smack *isp = file_inode(file)->i_security;
1665 struct smk_audit_info ad;
1666 int rc;
1667
1668 if (smack_privileged(CAP_MAC_OVERRIDE)) {
1669 file->f_security = isp->smk_inode;
1670 return 0;
1671 }
1672
1673 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1674 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1675 rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad);
1676 rc = smk_bu_credfile(cred, file, MAY_READ, rc);
1677 if (rc == 0)
1678 file->f_security = isp->smk_inode;
1679
1680 return rc;
1681 }
1682
1683 /*
1684 * Task hooks
1685 */
1686
1687 /**
1688 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1689 * @new: the new credentials
1690 * @gfp: the atomicity of any memory allocations
1691 *
1692 * Prepare a blank set of credentials for modification. This must allocate all
1693 * the memory the LSM module might require such that cred_transfer() can
1694 * complete without error.
1695 */
1696 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1697 {
1698 struct task_smack *tsp;
1699
1700 tsp = new_task_smack(NULL, NULL, gfp);
1701 if (tsp == NULL)
1702 return -ENOMEM;
1703
1704 cred->security = tsp;
1705
1706 return 0;
1707 }
1708
1709
1710 /**
1711 * smack_cred_free - "free" task-level security credentials
1712 * @cred: the credentials in question
1713 *
1714 */
1715 static void smack_cred_free(struct cred *cred)
1716 {
1717 struct task_smack *tsp = cred->security;
1718 struct smack_rule *rp;
1719 struct list_head *l;
1720 struct list_head *n;
1721
1722 if (tsp == NULL)
1723 return;
1724 cred->security = NULL;
1725
1726 list_for_each_safe(l, n, &tsp->smk_rules) {
1727 rp = list_entry(l, struct smack_rule, list);
1728 list_del(&rp->list);
1729 kfree(rp);
1730 }
1731 kfree(tsp);
1732 }
1733
1734 /**
1735 * smack_cred_prepare - prepare new set of credentials for modification
1736 * @new: the new credentials
1737 * @old: the original credentials
1738 * @gfp: the atomicity of any memory allocations
1739 *
1740 * Prepare a new set of credentials for modification.
1741 */
1742 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1743 gfp_t gfp)
1744 {
1745 struct task_smack *old_tsp = old->security;
1746 struct task_smack *new_tsp;
1747 int rc;
1748
1749 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1750 if (new_tsp == NULL)
1751 return -ENOMEM;
1752
1753 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1754 if (rc != 0)
1755 return rc;
1756
1757 new->security = new_tsp;
1758 return 0;
1759 }
1760
1761 /**
1762 * smack_cred_transfer - Transfer the old credentials to the new credentials
1763 * @new: the new credentials
1764 * @old: the original credentials
1765 *
1766 * Fill in a set of blank credentials from another set of credentials.
1767 */
1768 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1769 {
1770 struct task_smack *old_tsp = old->security;
1771 struct task_smack *new_tsp = new->security;
1772
1773 new_tsp->smk_task = old_tsp->smk_task;
1774 new_tsp->smk_forked = old_tsp->smk_task;
1775 mutex_init(&new_tsp->smk_rules_lock);
1776 INIT_LIST_HEAD(&new_tsp->smk_rules);
1777
1778
1779 /* cbs copy rule list */
1780 }
1781
1782 /**
1783 * smack_kernel_act_as - Set the subjective context in a set of credentials
1784 * @new: points to the set of credentials to be modified.
1785 * @secid: specifies the security ID to be set
1786 *
1787 * Set the security data for a kernel service.
1788 */
1789 static int smack_kernel_act_as(struct cred *new, u32 secid)
1790 {
1791 struct task_smack *new_tsp = new->security;
1792 struct smack_known *skp = smack_from_secid(secid);
1793
1794 if (skp == NULL)
1795 return -EINVAL;
1796
1797 new_tsp->smk_task = skp;
1798 return 0;
1799 }
1800
1801 /**
1802 * smack_kernel_create_files_as - Set the file creation label in a set of creds
1803 * @new: points to the set of credentials to be modified
1804 * @inode: points to the inode to use as a reference
1805 *
1806 * Set the file creation context in a set of credentials to the same
1807 * as the objective context of the specified inode
1808 */
1809 static int smack_kernel_create_files_as(struct cred *new,
1810 struct inode *inode)
1811 {
1812 struct inode_smack *isp = inode->i_security;
1813 struct task_smack *tsp = new->security;
1814
1815 tsp->smk_forked = isp->smk_inode;
1816 tsp->smk_task = tsp->smk_forked;
1817 return 0;
1818 }
1819
1820 /**
1821 * smk_curacc_on_task - helper to log task related access
1822 * @p: the task object
1823 * @access: the access requested
1824 * @caller: name of the calling function for audit
1825 *
1826 * Return 0 if access is permitted
1827 */
1828 static int smk_curacc_on_task(struct task_struct *p, int access,
1829 const char *caller)
1830 {
1831 struct smk_audit_info ad;
1832 struct smack_known *skp = smk_of_task(task_security(p));
1833 int rc;
1834
1835 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1836 smk_ad_setfield_u_tsk(&ad, p);
1837 rc = smk_curacc(skp, access, &ad);
1838 rc = smk_bu_task(p, access, rc);
1839 return rc;
1840 }
1841
1842 /**
1843 * smack_task_setpgid - Smack check on setting pgid
1844 * @p: the task object
1845 * @pgid: unused
1846 *
1847 * Return 0 if write access is permitted
1848 */
1849 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1850 {
1851 return smk_curacc_on_task(p, MAY_WRITE, __func__);
1852 }
1853
1854 /**
1855 * smack_task_getpgid - Smack access check for getpgid
1856 * @p: the object task
1857 *
1858 * Returns 0 if current can read the object task, error code otherwise
1859 */
1860 static int smack_task_getpgid(struct task_struct *p)
1861 {
1862 return smk_curacc_on_task(p, MAY_READ, __func__);
1863 }
1864
1865 /**
1866 * smack_task_getsid - Smack access check for getsid
1867 * @p: the object task
1868 *
1869 * Returns 0 if current can read the object task, error code otherwise
1870 */
1871 static int smack_task_getsid(struct task_struct *p)
1872 {
1873 return smk_curacc_on_task(p, MAY_READ, __func__);
1874 }
1875
1876 /**
1877 * smack_task_getsecid - get the secid of the task
1878 * @p: the object task
1879 * @secid: where to put the result
1880 *
1881 * Sets the secid to contain a u32 version of the smack label.
1882 */
1883 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1884 {
1885 struct smack_known *skp = smk_of_task(task_security(p));
1886
1887 *secid = skp->smk_secid;
1888 }
1889
1890 /**
1891 * smack_task_setnice - Smack check on setting nice
1892 * @p: the task object
1893 * @nice: unused
1894 *
1895 * Return 0 if write access is permitted
1896 */
1897 static int smack_task_setnice(struct task_struct *p, int nice)
1898 {
1899 int rc;
1900
1901 rc = cap_task_setnice(p, nice);
1902 if (rc == 0)
1903 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1904 return rc;
1905 }
1906
1907 /**
1908 * smack_task_setioprio - Smack check on setting ioprio
1909 * @p: the task object
1910 * @ioprio: unused
1911 *
1912 * Return 0 if write access is permitted
1913 */
1914 static int smack_task_setioprio(struct task_struct *p, int ioprio)
1915 {
1916 int rc;
1917
1918 rc = cap_task_setioprio(p, ioprio);
1919 if (rc == 0)
1920 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1921 return rc;
1922 }
1923
1924 /**
1925 * smack_task_getioprio - Smack check on reading ioprio
1926 * @p: the task object
1927 *
1928 * Return 0 if read access is permitted
1929 */
1930 static int smack_task_getioprio(struct task_struct *p)
1931 {
1932 return smk_curacc_on_task(p, MAY_READ, __func__);
1933 }
1934
1935 /**
1936 * smack_task_setscheduler - Smack check on setting scheduler
1937 * @p: the task object
1938 * @policy: unused
1939 * @lp: unused
1940 *
1941 * Return 0 if read access is permitted
1942 */
1943 static int smack_task_setscheduler(struct task_struct *p)
1944 {
1945 int rc;
1946
1947 rc = cap_task_setscheduler(p);
1948 if (rc == 0)
1949 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1950 return rc;
1951 }
1952
1953 /**
1954 * smack_task_getscheduler - Smack check on reading scheduler
1955 * @p: the task object
1956 *
1957 * Return 0 if read access is permitted
1958 */
1959 static int smack_task_getscheduler(struct task_struct *p)
1960 {
1961 return smk_curacc_on_task(p, MAY_READ, __func__);
1962 }
1963
1964 /**
1965 * smack_task_movememory - Smack check on moving memory
1966 * @p: the task object
1967 *
1968 * Return 0 if write access is permitted
1969 */
1970 static int smack_task_movememory(struct task_struct *p)
1971 {
1972 return smk_curacc_on_task(p, MAY_WRITE, __func__);
1973 }
1974
1975 /**
1976 * smack_task_kill - Smack check on signal delivery
1977 * @p: the task object
1978 * @info: unused
1979 * @sig: unused
1980 * @secid: identifies the smack to use in lieu of current's
1981 *
1982 * Return 0 if write access is permitted
1983 *
1984 * The secid behavior is an artifact of an SELinux hack
1985 * in the USB code. Someday it may go away.
1986 */
1987 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1988 int sig, u32 secid)
1989 {
1990 struct smk_audit_info ad;
1991 struct smack_known *skp;
1992 struct smack_known *tkp = smk_of_task(task_security(p));
1993 int rc;
1994
1995 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1996 smk_ad_setfield_u_tsk(&ad, p);
1997 /*
1998 * Sending a signal requires that the sender
1999 * can write the receiver.
2000 */
2001 if (secid == 0) {
2002 rc = smk_curacc(tkp, MAY_WRITE, &ad);
2003 rc = smk_bu_task(p, MAY_WRITE, rc);
2004 return rc;
2005 }
2006 /*
2007 * If the secid isn't 0 we're dealing with some USB IO
2008 * specific behavior. This is not clean. For one thing
2009 * we can't take privilege into account.
2010 */
2011 skp = smack_from_secid(secid);
2012 rc = smk_access(skp, tkp, MAY_WRITE, &ad);
2013 rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc);
2014 return rc;
2015 }
2016
2017 /**
2018 * smack_task_wait - Smack access check for waiting
2019 * @p: task to wait for
2020 *
2021 * Returns 0
2022 */
2023 static int smack_task_wait(struct task_struct *p)
2024 {
2025 /*
2026 * Allow the operation to succeed.
2027 * Zombies are bad.
2028 * In userless environments (e.g. phones) programs
2029 * get marked with SMACK64EXEC and even if the parent
2030 * and child shouldn't be talking the parent still
2031 * may expect to know when the child exits.
2032 */
2033 return 0;
2034 }
2035
2036 /**
2037 * smack_task_to_inode - copy task smack into the inode blob
2038 * @p: task to copy from
2039 * @inode: inode to copy to
2040 *
2041 * Sets the smack pointer in the inode security blob
2042 */
2043 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2044 {
2045 struct inode_smack *isp = inode->i_security;
2046 struct smack_known *skp = smk_of_task(task_security(p));
2047
2048 isp->smk_inode = skp;
2049 }
2050
2051 /*
2052 * Socket hooks.
2053 */
2054
2055 /**
2056 * smack_sk_alloc_security - Allocate a socket blob
2057 * @sk: the socket
2058 * @family: unused
2059 * @gfp_flags: memory allocation flags
2060 *
2061 * Assign Smack pointers to current
2062 *
2063 * Returns 0 on success, -ENOMEM is there's no memory
2064 */
2065 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2066 {
2067 struct smack_known *skp = smk_of_current();
2068 struct socket_smack *ssp;
2069
2070 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2071 if (ssp == NULL)
2072 return -ENOMEM;
2073
2074 ssp->smk_in = skp;
2075 ssp->smk_out = skp;
2076 ssp->smk_packet = NULL;
2077
2078 sk->sk_security = ssp;
2079
2080 return 0;
2081 }
2082
2083 /**
2084 * smack_sk_free_security - Free a socket blob
2085 * @sk: the socket
2086 *
2087 * Clears the blob pointer
2088 */
2089 static void smack_sk_free_security(struct sock *sk)
2090 {
2091 kfree(sk->sk_security);
2092 }
2093
2094 /**
2095 * smack_host_label - check host based restrictions
2096 * @sip: the object end
2097 *
2098 * looks for host based access restrictions
2099 *
2100 * This version will only be appropriate for really small sets of single label
2101 * hosts. The caller is responsible for ensuring that the RCU read lock is
2102 * taken before calling this function.
2103 *
2104 * Returns the label of the far end or NULL if it's not special.
2105 */
2106 static struct smack_known *smack_host_label(struct sockaddr_in *sip)
2107 {
2108 struct smk_netlbladdr *snp;
2109 struct in_addr *siap = &sip->sin_addr;
2110
2111 if (siap->s_addr == 0)
2112 return NULL;
2113
2114 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
2115 /*
2116 * we break after finding the first match because
2117 * the list is sorted from longest to shortest mask
2118 * so we have found the most specific match
2119 */
2120 if ((&snp->smk_host.sin_addr)->s_addr ==
2121 (siap->s_addr & (&snp->smk_mask)->s_addr)) {
2122 /* we have found the special CIPSO option */
2123 if (snp->smk_label == &smack_cipso_option)
2124 return NULL;
2125 return snp->smk_label;
2126 }
2127
2128 return NULL;
2129 }
2130
2131 /**
2132 * smack_netlabel - Set the secattr on a socket
2133 * @sk: the socket
2134 * @labeled: socket label scheme
2135 *
2136 * Convert the outbound smack value (smk_out) to a
2137 * secattr and attach it to the socket.
2138 *
2139 * Returns 0 on success or an error code
2140 */
2141 static int smack_netlabel(struct sock *sk, int labeled)
2142 {
2143 struct smack_known *skp;
2144 struct socket_smack *ssp = sk->sk_security;
2145 int rc = 0;
2146
2147 /*
2148 * Usually the netlabel code will handle changing the
2149 * packet labeling based on the label.
2150 * The case of a single label host is different, because
2151 * a single label host should never get a labeled packet
2152 * even though the label is usually associated with a packet
2153 * label.
2154 */
2155 local_bh_disable();
2156 bh_lock_sock_nested(sk);
2157
2158 if (ssp->smk_out == smack_net_ambient ||
2159 labeled == SMACK_UNLABELED_SOCKET)
2160 netlbl_sock_delattr(sk);
2161 else {
2162 skp = ssp->smk_out;
2163 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2164 }
2165
2166 bh_unlock_sock(sk);
2167 local_bh_enable();
2168
2169 return rc;
2170 }
2171
2172 /**
2173 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2174 * @sk: the socket
2175 * @sap: the destination address
2176 *
2177 * Set the correct secattr for the given socket based on the destination
2178 * address and perform any outbound access checks needed.
2179 *
2180 * Returns 0 on success or an error code.
2181 *
2182 */
2183 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2184 {
2185 struct smack_known *skp;
2186 int rc;
2187 int sk_lbl;
2188 struct smack_known *hkp;
2189 struct socket_smack *ssp = sk->sk_security;
2190 struct smk_audit_info ad;
2191
2192 rcu_read_lock();
2193 hkp = smack_host_label(sap);
2194 if (hkp != NULL) {
2195 #ifdef CONFIG_AUDIT
2196 struct lsm_network_audit net;
2197
2198 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2199 ad.a.u.net->family = sap->sin_family;
2200 ad.a.u.net->dport = sap->sin_port;
2201 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2202 #endif
2203 sk_lbl = SMACK_UNLABELED_SOCKET;
2204 skp = ssp->smk_out;
2205 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2206 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2207 } else {
2208 sk_lbl = SMACK_CIPSO_SOCKET;
2209 rc = 0;
2210 }
2211 rcu_read_unlock();
2212 if (rc != 0)
2213 return rc;
2214
2215 return smack_netlabel(sk, sk_lbl);
2216 }
2217
2218 /**
2219 * smk_ipv6_port_label - Smack port access table management
2220 * @sock: socket
2221 * @address: address
2222 *
2223 * Create or update the port list entry
2224 */
2225 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2226 {
2227 struct sock *sk = sock->sk;
2228 struct sockaddr_in6 *addr6;
2229 struct socket_smack *ssp = sock->sk->sk_security;
2230 struct smk_port_label *spp;
2231 unsigned short port = 0;
2232
2233 if (address == NULL) {
2234 /*
2235 * This operation is changing the Smack information
2236 * on the bound socket. Take the changes to the port
2237 * as well.
2238 */
2239 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2240 if (sk != spp->smk_sock)
2241 continue;
2242 spp->smk_in = ssp->smk_in;
2243 spp->smk_out = ssp->smk_out;
2244 return;
2245 }
2246 /*
2247 * A NULL address is only used for updating existing
2248 * bound entries. If there isn't one, it's OK.
2249 */
2250 return;
2251 }
2252
2253 addr6 = (struct sockaddr_in6 *)address;
2254 port = ntohs(addr6->sin6_port);
2255 /*
2256 * This is a special case that is safely ignored.
2257 */
2258 if (port == 0)
2259 return;
2260
2261 /*
2262 * Look for an existing port list entry.
2263 * This is an indication that a port is getting reused.
2264 */
2265 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2266 if (spp->smk_port != port)
2267 continue;
2268 spp->smk_port = port;
2269 spp->smk_sock = sk;
2270 spp->smk_in = ssp->smk_in;
2271 spp->smk_out = ssp->smk_out;
2272 return;
2273 }
2274
2275 /*
2276 * A new port entry is required.
2277 */
2278 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2279 if (spp == NULL)
2280 return;
2281
2282 spp->smk_port = port;
2283 spp->smk_sock = sk;
2284 spp->smk_in = ssp->smk_in;
2285 spp->smk_out = ssp->smk_out;
2286
2287 list_add(&spp->list, &smk_ipv6_port_list);
2288 return;
2289 }
2290
2291 /**
2292 * smk_ipv6_port_check - check Smack port access
2293 * @sock: socket
2294 * @address: address
2295 *
2296 * Create or update the port list entry
2297 */
2298 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2299 int act)
2300 {
2301 __be16 *bep;
2302 __be32 *be32p;
2303 struct smk_port_label *spp;
2304 struct socket_smack *ssp = sk->sk_security;
2305 struct smack_known *skp;
2306 unsigned short port = 0;
2307 struct smack_known *object;
2308 struct smk_audit_info ad;
2309 int rc;
2310 #ifdef CONFIG_AUDIT
2311 struct lsm_network_audit net;
2312 #endif
2313
2314 if (act == SMK_RECEIVING) {
2315 skp = smack_net_ambient;
2316 object = ssp->smk_in;
2317 } else {
2318 skp = ssp->smk_out;
2319 object = smack_net_ambient;
2320 }
2321
2322 /*
2323 * Get the IP address and port from the address.
2324 */
2325 port = ntohs(address->sin6_port);
2326 bep = (__be16 *)(&address->sin6_addr);
2327 be32p = (__be32 *)(&address->sin6_addr);
2328
2329 /*
2330 * It's remote, so port lookup does no good.
2331 */
2332 if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1)
2333 goto auditout;
2334
2335 /*
2336 * It's local so the send check has to have passed.
2337 */
2338 if (act == SMK_RECEIVING) {
2339 skp = &smack_known_web;
2340 goto auditout;
2341 }
2342
2343 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2344 if (spp->smk_port != port)
2345 continue;
2346 object = spp->smk_in;
2347 if (act == SMK_CONNECTING)
2348 ssp->smk_packet = spp->smk_out;
2349 break;
2350 }
2351
2352 auditout:
2353
2354 #ifdef CONFIG_AUDIT
2355 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2356 ad.a.u.net->family = sk->sk_family;
2357 ad.a.u.net->dport = port;
2358 if (act == SMK_RECEIVING)
2359 ad.a.u.net->v6info.saddr = address->sin6_addr;
2360 else
2361 ad.a.u.net->v6info.daddr = address->sin6_addr;
2362 #endif
2363 rc = smk_access(skp, object, MAY_WRITE, &ad);
2364 rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
2365 return rc;
2366 }
2367
2368 /**
2369 * smack_inode_setsecurity - set smack xattrs
2370 * @inode: the object
2371 * @name: attribute name
2372 * @value: attribute value
2373 * @size: size of the attribute
2374 * @flags: unused
2375 *
2376 * Sets the named attribute in the appropriate blob
2377 *
2378 * Returns 0 on success, or an error code
2379 */
2380 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2381 const void *value, size_t size, int flags)
2382 {
2383 struct smack_known *skp;
2384 struct inode_smack *nsp = inode->i_security;
2385 struct socket_smack *ssp;
2386 struct socket *sock;
2387 int rc = 0;
2388
2389 if (value == NULL || size > SMK_LONGLABEL || size == 0)
2390 return -EINVAL;
2391
2392 skp = smk_import_entry(value, size);
2393 if (skp == NULL)
2394 return -EINVAL;
2395
2396 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2397 nsp->smk_inode = skp;
2398 nsp->smk_flags |= SMK_INODE_INSTANT;
2399 return 0;
2400 }
2401 /*
2402 * The rest of the Smack xattrs are only on sockets.
2403 */
2404 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2405 return -EOPNOTSUPP;
2406
2407 sock = SOCKET_I(inode);
2408 if (sock == NULL || sock->sk == NULL)
2409 return -EOPNOTSUPP;
2410
2411 ssp = sock->sk->sk_security;
2412
2413 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2414 ssp->smk_in = skp;
2415 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2416 ssp->smk_out = skp;
2417 if (sock->sk->sk_family == PF_INET) {
2418 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2419 if (rc != 0)
2420 printk(KERN_WARNING
2421 "Smack: \"%s\" netlbl error %d.\n",
2422 __func__, -rc);
2423 }
2424 } else
2425 return -EOPNOTSUPP;
2426
2427 if (sock->sk->sk_family == PF_INET6)
2428 smk_ipv6_port_label(sock, NULL);
2429
2430 return 0;
2431 }
2432
2433 /**
2434 * smack_socket_post_create - finish socket setup
2435 * @sock: the socket
2436 * @family: protocol family
2437 * @type: unused
2438 * @protocol: unused
2439 * @kern: unused
2440 *
2441 * Sets the netlabel information on the socket
2442 *
2443 * Returns 0 on success, and error code otherwise
2444 */
2445 static int smack_socket_post_create(struct socket *sock, int family,
2446 int type, int protocol, int kern)
2447 {
2448 if (family != PF_INET || sock->sk == NULL)
2449 return 0;
2450 /*
2451 * Set the outbound netlbl.
2452 */
2453 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2454 }
2455
2456 /**
2457 * smack_socket_bind - record port binding information.
2458 * @sock: the socket
2459 * @address: the port address
2460 * @addrlen: size of the address
2461 *
2462 * Records the label bound to a port.
2463 *
2464 * Returns 0
2465 */
2466 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2467 int addrlen)
2468 {
2469 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2470 smk_ipv6_port_label(sock, address);
2471
2472 return 0;
2473 }
2474
2475 /**
2476 * smack_socket_connect - connect access check
2477 * @sock: the socket
2478 * @sap: the other end
2479 * @addrlen: size of sap
2480 *
2481 * Verifies that a connection may be possible
2482 *
2483 * Returns 0 on success, and error code otherwise
2484 */
2485 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2486 int addrlen)
2487 {
2488 int rc = 0;
2489
2490 if (sock->sk == NULL)
2491 return 0;
2492
2493 switch (sock->sk->sk_family) {
2494 case PF_INET:
2495 if (addrlen < sizeof(struct sockaddr_in))
2496 return -EINVAL;
2497 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2498 break;
2499 case PF_INET6:
2500 if (addrlen < sizeof(struct sockaddr_in6))
2501 return -EINVAL;
2502 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
2503 SMK_CONNECTING);
2504 break;
2505 }
2506 return rc;
2507 }
2508
2509 /**
2510 * smack_flags_to_may - convert S_ to MAY_ values
2511 * @flags: the S_ value
2512 *
2513 * Returns the equivalent MAY_ value
2514 */
2515 static int smack_flags_to_may(int flags)
2516 {
2517 int may = 0;
2518
2519 if (flags & S_IRUGO)
2520 may |= MAY_READ;
2521 if (flags & S_IWUGO)
2522 may |= MAY_WRITE;
2523 if (flags & S_IXUGO)
2524 may |= MAY_EXEC;
2525
2526 return may;
2527 }
2528
2529 /**
2530 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2531 * @msg: the object
2532 *
2533 * Returns 0
2534 */
2535 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2536 {
2537 struct smack_known *skp = smk_of_current();
2538
2539 msg->security = skp;
2540 return 0;
2541 }
2542
2543 /**
2544 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2545 * @msg: the object
2546 *
2547 * Clears the blob pointer
2548 */
2549 static void smack_msg_msg_free_security(struct msg_msg *msg)
2550 {
2551 msg->security = NULL;
2552 }
2553
2554 /**
2555 * smack_of_shm - the smack pointer for the shm
2556 * @shp: the object
2557 *
2558 * Returns a pointer to the smack value
2559 */
2560 static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
2561 {
2562 return (struct smack_known *)shp->shm_perm.security;
2563 }
2564
2565 /**
2566 * smack_shm_alloc_security - Set the security blob for shm
2567 * @shp: the object
2568 *
2569 * Returns 0
2570 */
2571 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2572 {
2573 struct kern_ipc_perm *isp = &shp->shm_perm;
2574 struct smack_known *skp = smk_of_current();
2575
2576 isp->security = skp;
2577 return 0;
2578 }
2579
2580 /**
2581 * smack_shm_free_security - Clear the security blob for shm
2582 * @shp: the object
2583 *
2584 * Clears the blob pointer
2585 */
2586 static void smack_shm_free_security(struct shmid_kernel *shp)
2587 {
2588 struct kern_ipc_perm *isp = &shp->shm_perm;
2589
2590 isp->security = NULL;
2591 }
2592
2593 /**
2594 * smk_curacc_shm : check if current has access on shm
2595 * @shp : the object
2596 * @access : access requested
2597 *
2598 * Returns 0 if current has the requested access, error code otherwise
2599 */
2600 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2601 {
2602 struct smack_known *ssp = smack_of_shm(shp);
2603 struct smk_audit_info ad;
2604 int rc;
2605
2606 #ifdef CONFIG_AUDIT
2607 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2608 ad.a.u.ipc_id = shp->shm_perm.id;
2609 #endif
2610 rc = smk_curacc(ssp, access, &ad);
2611 rc = smk_bu_current("shm", ssp, access, rc);
2612 return rc;
2613 }
2614
2615 /**
2616 * smack_shm_associate - Smack access check for shm
2617 * @shp: the object
2618 * @shmflg: access requested
2619 *
2620 * Returns 0 if current has the requested access, error code otherwise
2621 */
2622 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2623 {
2624 int may;
2625
2626 may = smack_flags_to_may(shmflg);
2627 return smk_curacc_shm(shp, may);
2628 }
2629
2630 /**
2631 * smack_shm_shmctl - Smack access check for shm
2632 * @shp: the object
2633 * @cmd: what it wants to do
2634 *
2635 * Returns 0 if current has the requested access, error code otherwise
2636 */
2637 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2638 {
2639 int may;
2640
2641 switch (cmd) {
2642 case IPC_STAT:
2643 case SHM_STAT:
2644 may = MAY_READ;
2645 break;
2646 case IPC_SET:
2647 case SHM_LOCK:
2648 case SHM_UNLOCK:
2649 case IPC_RMID:
2650 may = MAY_READWRITE;
2651 break;
2652 case IPC_INFO:
2653 case SHM_INFO:
2654 /*
2655 * System level information.
2656 */
2657 return 0;
2658 default:
2659 return -EINVAL;
2660 }
2661 return smk_curacc_shm(shp, may);
2662 }
2663
2664 /**
2665 * smack_shm_shmat - Smack access for shmat
2666 * @shp: the object
2667 * @shmaddr: unused
2668 * @shmflg: access requested
2669 *
2670 * Returns 0 if current has the requested access, error code otherwise
2671 */
2672 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2673 int shmflg)
2674 {
2675 int may;
2676
2677 may = smack_flags_to_may(shmflg);
2678 return smk_curacc_shm(shp, may);
2679 }
2680
2681 /**
2682 * smack_of_sem - the smack pointer for the sem
2683 * @sma: the object
2684 *
2685 * Returns a pointer to the smack value
2686 */
2687 static struct smack_known *smack_of_sem(struct sem_array *sma)
2688 {
2689 return (struct smack_known *)sma->sem_perm.security;
2690 }
2691
2692 /**
2693 * smack_sem_alloc_security - Set the security blob for sem
2694 * @sma: the object
2695 *
2696 * Returns 0
2697 */
2698 static int smack_sem_alloc_security(struct sem_array *sma)
2699 {
2700 struct kern_ipc_perm *isp = &sma->sem_perm;
2701 struct smack_known *skp = smk_of_current();
2702
2703 isp->security = skp;
2704 return 0;
2705 }
2706
2707 /**
2708 * smack_sem_free_security - Clear the security blob for sem
2709 * @sma: the object
2710 *
2711 * Clears the blob pointer
2712 */
2713 static void smack_sem_free_security(struct sem_array *sma)
2714 {
2715 struct kern_ipc_perm *isp = &sma->sem_perm;
2716
2717 isp->security = NULL;
2718 }
2719
2720 /**
2721 * smk_curacc_sem : check if current has access on sem
2722 * @sma : the object
2723 * @access : access requested
2724 *
2725 * Returns 0 if current has the requested access, error code otherwise
2726 */
2727 static int smk_curacc_sem(struct sem_array *sma, int access)
2728 {
2729 struct smack_known *ssp = smack_of_sem(sma);
2730 struct smk_audit_info ad;
2731 int rc;
2732
2733 #ifdef CONFIG_AUDIT
2734 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2735 ad.a.u.ipc_id = sma->sem_perm.id;
2736 #endif
2737 rc = smk_curacc(ssp, access, &ad);
2738 rc = smk_bu_current("sem", ssp, access, rc);
2739 return rc;
2740 }
2741
2742 /**
2743 * smack_sem_associate - Smack access check for sem
2744 * @sma: the object
2745 * @semflg: access requested
2746 *
2747 * Returns 0 if current has the requested access, error code otherwise
2748 */
2749 static int smack_sem_associate(struct sem_array *sma, int semflg)
2750 {
2751 int may;
2752
2753 may = smack_flags_to_may(semflg);
2754 return smk_curacc_sem(sma, may);
2755 }
2756
2757 /**
2758 * smack_sem_shmctl - Smack access check for sem
2759 * @sma: the object
2760 * @cmd: what it wants to do
2761 *
2762 * Returns 0 if current has the requested access, error code otherwise
2763 */
2764 static int smack_sem_semctl(struct sem_array *sma, int cmd)
2765 {
2766 int may;
2767
2768 switch (cmd) {
2769 case GETPID:
2770 case GETNCNT:
2771 case GETZCNT:
2772 case GETVAL:
2773 case GETALL:
2774 case IPC_STAT:
2775 case SEM_STAT:
2776 may = MAY_READ;
2777 break;
2778 case SETVAL:
2779 case SETALL:
2780 case IPC_RMID:
2781 case IPC_SET:
2782 may = MAY_READWRITE;
2783 break;
2784 case IPC_INFO:
2785 case SEM_INFO:
2786 /*
2787 * System level information
2788 */
2789 return 0;
2790 default:
2791 return -EINVAL;
2792 }
2793
2794 return smk_curacc_sem(sma, may);
2795 }
2796
2797 /**
2798 * smack_sem_semop - Smack checks of semaphore operations
2799 * @sma: the object
2800 * @sops: unused
2801 * @nsops: unused
2802 * @alter: unused
2803 *
2804 * Treated as read and write in all cases.
2805 *
2806 * Returns 0 if access is allowed, error code otherwise
2807 */
2808 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2809 unsigned nsops, int alter)
2810 {
2811 return smk_curacc_sem(sma, MAY_READWRITE);
2812 }
2813
2814 /**
2815 * smack_msg_alloc_security - Set the security blob for msg
2816 * @msq: the object
2817 *
2818 * Returns 0
2819 */
2820 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2821 {
2822 struct kern_ipc_perm *kisp = &msq->q_perm;
2823 struct smack_known *skp = smk_of_current();
2824
2825 kisp->security = skp;
2826 return 0;
2827 }
2828
2829 /**
2830 * smack_msg_free_security - Clear the security blob for msg
2831 * @msq: the object
2832 *
2833 * Clears the blob pointer
2834 */
2835 static void smack_msg_queue_free_security(struct msg_queue *msq)
2836 {
2837 struct kern_ipc_perm *kisp = &msq->q_perm;
2838
2839 kisp->security = NULL;
2840 }
2841
2842 /**
2843 * smack_of_msq - the smack pointer for the msq
2844 * @msq: the object
2845 *
2846 * Returns a pointer to the smack label entry
2847 */
2848 static struct smack_known *smack_of_msq(struct msg_queue *msq)
2849 {
2850 return (struct smack_known *)msq->q_perm.security;
2851 }
2852
2853 /**
2854 * smk_curacc_msq : helper to check if current has access on msq
2855 * @msq : the msq
2856 * @access : access requested
2857 *
2858 * return 0 if current has access, error otherwise
2859 */
2860 static int smk_curacc_msq(struct msg_queue *msq, int access)
2861 {
2862 struct smack_known *msp = smack_of_msq(msq);
2863 struct smk_audit_info ad;
2864 int rc;
2865
2866 #ifdef CONFIG_AUDIT
2867 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2868 ad.a.u.ipc_id = msq->q_perm.id;
2869 #endif
2870 rc = smk_curacc(msp, access, &ad);
2871 rc = smk_bu_current("msq", msp, access, rc);
2872 return rc;
2873 }
2874
2875 /**
2876 * smack_msg_queue_associate - Smack access check for msg_queue
2877 * @msq: the object
2878 * @msqflg: access requested
2879 *
2880 * Returns 0 if current has the requested access, error code otherwise
2881 */
2882 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2883 {
2884 int may;
2885
2886 may = smack_flags_to_may(msqflg);
2887 return smk_curacc_msq(msq, may);
2888 }
2889
2890 /**
2891 * smack_msg_queue_msgctl - Smack access check for msg_queue
2892 * @msq: the object
2893 * @cmd: what it wants to do
2894 *
2895 * Returns 0 if current has the requested access, error code otherwise
2896 */
2897 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2898 {
2899 int may;
2900
2901 switch (cmd) {
2902 case IPC_STAT:
2903 case MSG_STAT:
2904 may = MAY_READ;
2905 break;
2906 case IPC_SET:
2907 case IPC_RMID:
2908 may = MAY_READWRITE;
2909 break;
2910 case IPC_INFO:
2911 case MSG_INFO:
2912 /*
2913 * System level information
2914 */
2915 return 0;
2916 default:
2917 return -EINVAL;
2918 }
2919
2920 return smk_curacc_msq(msq, may);
2921 }
2922
2923 /**
2924 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2925 * @msq: the object
2926 * @msg: unused
2927 * @msqflg: access requested
2928 *
2929 * Returns 0 if current has the requested access, error code otherwise
2930 */
2931 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2932 int msqflg)
2933 {
2934 int may;
2935
2936 may = smack_flags_to_may(msqflg);
2937 return smk_curacc_msq(msq, may);
2938 }
2939
2940 /**
2941 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2942 * @msq: the object
2943 * @msg: unused
2944 * @target: unused
2945 * @type: unused
2946 * @mode: unused
2947 *
2948 * Returns 0 if current has read and write access, error code otherwise
2949 */
2950 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2951 struct task_struct *target, long type, int mode)
2952 {
2953 return smk_curacc_msq(msq, MAY_READWRITE);
2954 }
2955
2956 /**
2957 * smack_ipc_permission - Smack access for ipc_permission()
2958 * @ipp: the object permissions
2959 * @flag: access requested
2960 *
2961 * Returns 0 if current has read and write access, error code otherwise
2962 */
2963 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2964 {
2965 struct smack_known *iskp = ipp->security;
2966 int may = smack_flags_to_may(flag);
2967 struct smk_audit_info ad;
2968 int rc;
2969
2970 #ifdef CONFIG_AUDIT
2971 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2972 ad.a.u.ipc_id = ipp->id;
2973 #endif
2974 rc = smk_curacc(iskp, may, &ad);
2975 rc = smk_bu_current("svipc", iskp, may, rc);
2976 return rc;
2977 }
2978
2979 /**
2980 * smack_ipc_getsecid - Extract smack security id
2981 * @ipp: the object permissions
2982 * @secid: where result will be saved
2983 */
2984 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2985 {
2986 struct smack_known *iskp = ipp->security;
2987
2988 *secid = iskp->smk_secid;
2989 }
2990
2991 /**
2992 * smack_d_instantiate - Make sure the blob is correct on an inode
2993 * @opt_dentry: dentry where inode will be attached
2994 * @inode: the object
2995 *
2996 * Set the inode's security blob if it hasn't been done already.
2997 */
2998 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2999 {
3000 struct super_block *sbp;
3001 struct superblock_smack *sbsp;
3002 struct inode_smack *isp;
3003 struct smack_known *skp;
3004 struct smack_known *ckp = smk_of_current();
3005 struct smack_known *final;
3006 char trattr[TRANS_TRUE_SIZE];
3007 int transflag = 0;
3008 int rc;
3009 struct dentry *dp;
3010
3011 if (inode == NULL)
3012 return;
3013
3014 isp = inode->i_security;
3015
3016 mutex_lock(&isp->smk_lock);
3017 /*
3018 * If the inode is already instantiated
3019 * take the quick way out
3020 */
3021 if (isp->smk_flags & SMK_INODE_INSTANT)
3022 goto unlockandout;
3023
3024 sbp = inode->i_sb;
3025 sbsp = sbp->s_security;
3026 /*
3027 * We're going to use the superblock default label
3028 * if there's no label on the file.
3029 */
3030 final = sbsp->smk_default;
3031
3032 /*
3033 * If this is the root inode the superblock
3034 * may be in the process of initialization.
3035 * If that is the case use the root value out
3036 * of the superblock.
3037 */
3038 if (opt_dentry->d_parent == opt_dentry) {
3039 switch (sbp->s_magic) {
3040 case CGROUP_SUPER_MAGIC:
3041 /*
3042 * The cgroup filesystem is never mounted,
3043 * so there's no opportunity to set the mount
3044 * options.
3045 */
3046 sbsp->smk_root = &smack_known_star;
3047 sbsp->smk_default = &smack_known_star;
3048 isp->smk_inode = sbsp->smk_root;
3049 break;
3050 case TMPFS_MAGIC:
3051 /*
3052 * What about shmem/tmpfs anonymous files with dentry
3053 * obtained from d_alloc_pseudo()?
3054 */
3055 isp->smk_inode = smk_of_current();
3056 break;
3057 default:
3058 isp->smk_inode = sbsp->smk_root;
3059 break;
3060 }
3061 isp->smk_flags |= SMK_INODE_INSTANT;
3062 goto unlockandout;
3063 }
3064
3065 /*
3066 * This is pretty hackish.
3067 * Casey says that we shouldn't have to do
3068 * file system specific code, but it does help
3069 * with keeping it simple.
3070 */
3071 switch (sbp->s_magic) {
3072 case SMACK_MAGIC:
3073 case PIPEFS_MAGIC:
3074 case SOCKFS_MAGIC:
3075 case CGROUP_SUPER_MAGIC:
3076 /*
3077 * Casey says that it's a little embarrassing
3078 * that the smack file system doesn't do
3079 * extended attributes.
3080 *
3081 * Casey says pipes are easy (?)
3082 *
3083 * Socket access is controlled by the socket
3084 * structures associated with the task involved.
3085 *
3086 * Cgroupfs is special
3087 */
3088 final = &smack_known_star;
3089 break;
3090 case DEVPTS_SUPER_MAGIC:
3091 /*
3092 * devpts seems content with the label of the task.
3093 * Programs that change smack have to treat the
3094 * pty with respect.
3095 */
3096 final = ckp;
3097 break;
3098 case PROC_SUPER_MAGIC:
3099 /*
3100 * Casey says procfs appears not to care.
3101 * The superblock default suffices.
3102 */
3103 break;
3104 case TMPFS_MAGIC:
3105 /*
3106 * Device labels should come from the filesystem,
3107 * but watch out, because they're volitile,
3108 * getting recreated on every reboot.
3109 */
3110 final = &smack_known_star;
3111 /*
3112 * No break.
3113 *
3114 * If a smack value has been set we want to use it,
3115 * but since tmpfs isn't giving us the opportunity
3116 * to set mount options simulate setting the
3117 * superblock default.
3118 */
3119 default:
3120 /*
3121 * This isn't an understood special case.
3122 * Get the value from the xattr.
3123 */
3124
3125 /*
3126 * UNIX domain sockets use lower level socket data.
3127 */
3128 if (S_ISSOCK(inode->i_mode)) {
3129 final = &smack_known_star;
3130 break;
3131 }
3132 /*
3133 * No xattr support means, alas, no SMACK label.
3134 * Use the aforeapplied default.
3135 * It would be curious if the label of the task
3136 * does not match that assigned.
3137 */
3138 if (inode->i_op->getxattr == NULL)
3139 break;
3140 /*
3141 * Get the dentry for xattr.
3142 */
3143 dp = dget(opt_dentry);
3144 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3145 if (skp != NULL)
3146 final = skp;
3147
3148 /*
3149 * Transmuting directory
3150 */
3151 if (S_ISDIR(inode->i_mode)) {
3152 /*
3153 * If this is a new directory and the label was
3154 * transmuted when the inode was initialized
3155 * set the transmute attribute on the directory
3156 * and mark the inode.
3157 *
3158 * If there is a transmute attribute on the
3159 * directory mark the inode.
3160 */
3161 if (isp->smk_flags & SMK_INODE_CHANGED) {
3162 isp->smk_flags &= ~SMK_INODE_CHANGED;
3163 rc = inode->i_op->setxattr(dp,
3164 XATTR_NAME_SMACKTRANSMUTE,
3165 TRANS_TRUE, TRANS_TRUE_SIZE,
3166 0);
3167 } else {
3168 rc = inode->i_op->getxattr(dp,
3169 XATTR_NAME_SMACKTRANSMUTE, trattr,
3170 TRANS_TRUE_SIZE);
3171 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3172 TRANS_TRUE_SIZE) != 0)
3173 rc = -EINVAL;
3174 }
3175 if (rc >= 0)
3176 transflag = SMK_INODE_TRANSMUTE;
3177 }
3178 /*
3179 * Don't let the exec or mmap label be "*" or "@".
3180 */
3181 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3182 if (skp == &smack_known_star || skp == &smack_known_web)
3183 skp = NULL;
3184 isp->smk_task = skp;
3185 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3186 if (skp == &smack_known_star || skp == &smack_known_web)
3187 skp = NULL;
3188 isp->smk_mmap = skp;
3189
3190 dput(dp);
3191 break;
3192 }
3193
3194 if (final == NULL)
3195 isp->smk_inode = ckp;
3196 else
3197 isp->smk_inode = final;
3198
3199 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3200
3201 unlockandout:
3202 mutex_unlock(&isp->smk_lock);
3203 return;
3204 }
3205
3206 /**
3207 * smack_getprocattr - Smack process attribute access
3208 * @p: the object task
3209 * @name: the name of the attribute in /proc/.../attr
3210 * @value: where to put the result
3211 *
3212 * Places a copy of the task Smack into value
3213 *
3214 * Returns the length of the smack label or an error code
3215 */
3216 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3217 {
3218 struct smack_known *skp = smk_of_task(task_security(p));
3219 char *cp;
3220 int slen;
3221
3222 if (strcmp(name, "current") != 0)
3223 return -EINVAL;
3224
3225 cp = kstrdup(skp->smk_known, GFP_KERNEL);
3226 if (cp == NULL)
3227 return -ENOMEM;
3228
3229 slen = strlen(cp);
3230 *value = cp;
3231 return slen;
3232 }
3233
3234 /**
3235 * smack_setprocattr - Smack process attribute setting
3236 * @p: the object task
3237 * @name: the name of the attribute in /proc/.../attr
3238 * @value: the value to set
3239 * @size: the size of the value
3240 *
3241 * Sets the Smack value of the task. Only setting self
3242 * is permitted and only with privilege
3243 *
3244 * Returns the length of the smack label or an error code
3245 */
3246 static int smack_setprocattr(struct task_struct *p, char *name,
3247 void *value, size_t size)
3248 {
3249 struct task_smack *tsp;
3250 struct cred *new;
3251 struct smack_known *skp;
3252
3253 /*
3254 * Changing another process' Smack value is too dangerous
3255 * and supports no sane use case.
3256 */
3257 if (p != current)
3258 return -EPERM;
3259
3260 if (!smack_privileged(CAP_MAC_ADMIN))
3261 return -EPERM;
3262
3263 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3264 return -EINVAL;
3265
3266 if (strcmp(name, "current") != 0)
3267 return -EINVAL;
3268
3269 skp = smk_import_entry(value, size);
3270 if (skp == NULL)
3271 return -EINVAL;
3272
3273 /*
3274 * No process is ever allowed the web ("@") label.
3275 */
3276 if (skp == &smack_known_web)
3277 return -EPERM;
3278
3279 new = prepare_creds();
3280 if (new == NULL)
3281 return -ENOMEM;
3282
3283 tsp = new->security;
3284 tsp->smk_task = skp;
3285
3286 commit_creds(new);
3287 return size;
3288 }
3289
3290 /**
3291 * smack_unix_stream_connect - Smack access on UDS
3292 * @sock: one sock
3293 * @other: the other sock
3294 * @newsk: unused
3295 *
3296 * Return 0 if a subject with the smack of sock could access
3297 * an object with the smack of other, otherwise an error code
3298 */
3299 static int smack_unix_stream_connect(struct sock *sock,
3300 struct sock *other, struct sock *newsk)
3301 {
3302 struct smack_known *skp;
3303 struct smack_known *okp;
3304 struct socket_smack *ssp = sock->sk_security;
3305 struct socket_smack *osp = other->sk_security;
3306 struct socket_smack *nsp = newsk->sk_security;
3307 struct smk_audit_info ad;
3308 int rc = 0;
3309 #ifdef CONFIG_AUDIT
3310 struct lsm_network_audit net;
3311 #endif
3312
3313 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3314 skp = ssp->smk_out;
3315 okp = osp->smk_in;
3316 #ifdef CONFIG_AUDIT
3317 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3318 smk_ad_setfield_u_net_sk(&ad, other);
3319 #endif
3320 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3321 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3322 if (rc == 0) {
3323 okp = osp->smk_out;
3324 skp = ssp->smk_in;
3325 rc = smk_access(okp, skp, MAY_WRITE, NULL);
3326 rc = smk_bu_note("UDS connect", okp, skp,
3327 MAY_WRITE, rc);
3328 }
3329 }
3330
3331 /*
3332 * Cross reference the peer labels for SO_PEERSEC.
3333 */
3334 if (rc == 0) {
3335 nsp->smk_packet = ssp->smk_out;
3336 ssp->smk_packet = osp->smk_out;
3337 }
3338
3339 return rc;
3340 }
3341
3342 /**
3343 * smack_unix_may_send - Smack access on UDS
3344 * @sock: one socket
3345 * @other: the other socket
3346 *
3347 * Return 0 if a subject with the smack of sock could access
3348 * an object with the smack of other, otherwise an error code
3349 */
3350 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3351 {
3352 struct socket_smack *ssp = sock->sk->sk_security;
3353 struct socket_smack *osp = other->sk->sk_security;
3354 struct smk_audit_info ad;
3355 int rc;
3356
3357 #ifdef CONFIG_AUDIT
3358 struct lsm_network_audit net;
3359
3360 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3361 smk_ad_setfield_u_net_sk(&ad, other->sk);
3362 #endif
3363
3364 if (smack_privileged(CAP_MAC_OVERRIDE))
3365 return 0;
3366
3367 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3368 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3369 return rc;
3370 }
3371
3372 /**
3373 * smack_socket_sendmsg - Smack check based on destination host
3374 * @sock: the socket
3375 * @msg: the message
3376 * @size: the size of the message
3377 *
3378 * Return 0 if the current subject can write to the destination host.
3379 * For IPv4 this is only a question if the destination is a single label host.
3380 * For IPv6 this is a check against the label of the port.
3381 */
3382 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3383 int size)
3384 {
3385 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3386 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3387 int rc = 0;
3388
3389 /*
3390 * Perfectly reasonable for this to be NULL
3391 */
3392 if (sip == NULL)
3393 return 0;
3394
3395 switch (sip->sin_family) {
3396 case AF_INET:
3397 rc = smack_netlabel_send(sock->sk, sip);
3398 break;
3399 case AF_INET6:
3400 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3401 break;
3402 }
3403 return rc;
3404 }
3405
3406 /**
3407 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3408 * @sap: netlabel secattr
3409 * @ssp: socket security information
3410 *
3411 * Returns a pointer to a Smack label entry found on the label list.
3412 */
3413 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3414 struct socket_smack *ssp)
3415 {
3416 struct smack_known *skp;
3417 int found = 0;
3418 int acat;
3419 int kcat;
3420
3421 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3422 /*
3423 * Looks like a CIPSO packet.
3424 * If there are flags but no level netlabel isn't
3425 * behaving the way we expect it to.
3426 *
3427 * Look it up in the label table
3428 * Without guidance regarding the smack value
3429 * for the packet fall back on the network
3430 * ambient value.
3431 */
3432 rcu_read_lock();
3433 list_for_each_entry(skp, &smack_known_list, list) {
3434 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3435 continue;
3436 /*
3437 * Compare the catsets. Use the netlbl APIs.
3438 */
3439 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3440 if ((skp->smk_netlabel.flags &
3441 NETLBL_SECATTR_MLS_CAT) == 0)
3442 found = 1;
3443 break;
3444 }
3445 for (acat = -1, kcat = -1; acat == kcat; ) {
3446 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3447 acat + 1);
3448 kcat = netlbl_catmap_walk(
3449 skp->smk_netlabel.attr.mls.cat,
3450 kcat + 1);
3451 if (acat < 0 || kcat < 0)
3452 break;
3453 }
3454 if (acat == kcat) {
3455 found = 1;
3456 break;
3457 }
3458 }
3459 rcu_read_unlock();
3460
3461 if (found)
3462 return skp;
3463
3464 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3465 return &smack_known_web;
3466 return &smack_known_star;
3467 }
3468 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
3469 /*
3470 * Looks like a fallback, which gives us a secid.
3471 */
3472 skp = smack_from_secid(sap->attr.secid);
3473 /*
3474 * This has got to be a bug because it is
3475 * impossible to specify a fallback without
3476 * specifying the label, which will ensure
3477 * it has a secid, and the only way to get a
3478 * secid is from a fallback.
3479 */
3480 BUG_ON(skp == NULL);
3481 return skp;
3482 }
3483 /*
3484 * Without guidance regarding the smack value
3485 * for the packet fall back on the network
3486 * ambient value.
3487 */
3488 return smack_net_ambient;
3489 }
3490
3491 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3492 {
3493 u8 nexthdr;
3494 int offset;
3495 int proto = -EINVAL;
3496 struct ipv6hdr _ipv6h;
3497 struct ipv6hdr *ip6;
3498 __be16 frag_off;
3499 struct tcphdr _tcph, *th;
3500 struct udphdr _udph, *uh;
3501 struct dccp_hdr _dccph, *dh;
3502
3503 sip->sin6_port = 0;
3504
3505 offset = skb_network_offset(skb);
3506 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3507 if (ip6 == NULL)
3508 return -EINVAL;
3509 sip->sin6_addr = ip6->saddr;
3510
3511 nexthdr = ip6->nexthdr;
3512 offset += sizeof(_ipv6h);
3513 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3514 if (offset < 0)
3515 return -EINVAL;
3516
3517 proto = nexthdr;
3518 switch (proto) {
3519 case IPPROTO_TCP:
3520 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3521 if (th != NULL)
3522 sip->sin6_port = th->source;
3523 break;
3524 case IPPROTO_UDP:
3525 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3526 if (uh != NULL)
3527 sip->sin6_port = uh->source;
3528 break;
3529 case IPPROTO_DCCP:
3530 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3531 if (dh != NULL)
3532 sip->sin6_port = dh->dccph_sport;
3533 break;
3534 }
3535 return proto;
3536 }
3537
3538 /**
3539 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3540 * @sk: socket
3541 * @skb: packet
3542 *
3543 * Returns 0 if the packet should be delivered, an error code otherwise
3544 */
3545 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3546 {
3547 struct netlbl_lsm_secattr secattr;
3548 struct socket_smack *ssp = sk->sk_security;
3549 struct smack_known *skp;
3550 struct sockaddr_in6 sadd;
3551 int rc = 0;
3552 struct smk_audit_info ad;
3553 #ifdef CONFIG_AUDIT
3554 struct lsm_network_audit net;
3555 #endif
3556 switch (sk->sk_family) {
3557 case PF_INET:
3558 /*
3559 * Translate what netlabel gave us.
3560 */
3561 netlbl_secattr_init(&secattr);
3562
3563 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3564 if (rc == 0)
3565 skp = smack_from_secattr(&secattr, ssp);
3566 else
3567 skp = smack_net_ambient;
3568
3569 netlbl_secattr_destroy(&secattr);
3570
3571 #ifdef CONFIG_AUDIT
3572 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3573 ad.a.u.net->family = sk->sk_family;
3574 ad.a.u.net->netif = skb->skb_iif;
3575 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3576 #endif
3577 /*
3578 * Receiving a packet requires that the other end
3579 * be able to write here. Read access is not required.
3580 * This is the simplist possible security model
3581 * for networking.
3582 */
3583 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3584 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3585 MAY_WRITE, rc);
3586 if (rc != 0)
3587 netlbl_skbuff_err(skb, rc, 0);
3588 break;
3589 case PF_INET6:
3590 rc = smk_skb_to_addr_ipv6(skb, &sadd);
3591 if (rc == IPPROTO_UDP || rc == IPPROTO_TCP)
3592 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3593 else
3594 rc = 0;
3595 break;
3596 }
3597 return rc;
3598 }
3599
3600 /**
3601 * smack_socket_getpeersec_stream - pull in packet label
3602 * @sock: the socket
3603 * @optval: user's destination
3604 * @optlen: size thereof
3605 * @len: max thereof
3606 *
3607 * returns zero on success, an error code otherwise
3608 */
3609 static int smack_socket_getpeersec_stream(struct socket *sock,
3610 char __user *optval,
3611 int __user *optlen, unsigned len)
3612 {
3613 struct socket_smack *ssp;
3614 char *rcp = "";
3615 int slen = 1;
3616 int rc = 0;
3617
3618 ssp = sock->sk->sk_security;
3619 if (ssp->smk_packet != NULL) {
3620 rcp = ssp->smk_packet->smk_known;
3621 slen = strlen(rcp) + 1;
3622 }
3623
3624 if (slen > len)
3625 rc = -ERANGE;
3626 else if (copy_to_user(optval, rcp, slen) != 0)
3627 rc = -EFAULT;
3628
3629 if (put_user(slen, optlen) != 0)
3630 rc = -EFAULT;
3631
3632 return rc;
3633 }
3634
3635
3636 /**
3637 * smack_socket_getpeersec_dgram - pull in packet label
3638 * @sock: the peer socket
3639 * @skb: packet data
3640 * @secid: pointer to where to put the secid of the packet
3641 *
3642 * Sets the netlabel socket state on sk from parent
3643 */
3644 static int smack_socket_getpeersec_dgram(struct socket *sock,
3645 struct sk_buff *skb, u32 *secid)
3646
3647 {
3648 struct netlbl_lsm_secattr secattr;
3649 struct socket_smack *ssp = NULL;
3650 struct smack_known *skp;
3651 int family = PF_UNSPEC;
3652 u32 s = 0; /* 0 is the invalid secid */
3653 int rc;
3654
3655 if (skb != NULL) {
3656 if (skb->protocol == htons(ETH_P_IP))
3657 family = PF_INET;
3658 else if (skb->protocol == htons(ETH_P_IPV6))
3659 family = PF_INET6;
3660 }
3661 if (family == PF_UNSPEC && sock != NULL)
3662 family = sock->sk->sk_family;
3663
3664 if (family == PF_UNIX) {
3665 ssp = sock->sk->sk_security;
3666 s = ssp->smk_out->smk_secid;
3667 } else if (family == PF_INET || family == PF_INET6) {
3668 /*
3669 * Translate what netlabel gave us.
3670 */
3671 if (sock != NULL && sock->sk != NULL)
3672 ssp = sock->sk->sk_security;
3673 netlbl_secattr_init(&secattr);
3674 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3675 if (rc == 0) {
3676 skp = smack_from_secattr(&secattr, ssp);
3677 s = skp->smk_secid;
3678 }
3679 netlbl_secattr_destroy(&secattr);
3680 }
3681 *secid = s;
3682 if (s == 0)
3683 return -EINVAL;
3684 return 0;
3685 }
3686
3687 /**
3688 * smack_sock_graft - Initialize a newly created socket with an existing sock
3689 * @sk: child sock
3690 * @parent: parent socket
3691 *
3692 * Set the smk_{in,out} state of an existing sock based on the process that
3693 * is creating the new socket.
3694 */
3695 static void smack_sock_graft(struct sock *sk, struct socket *parent)
3696 {
3697 struct socket_smack *ssp;
3698 struct smack_known *skp = smk_of_current();
3699
3700 if (sk == NULL ||
3701 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3702 return;
3703
3704 ssp = sk->sk_security;
3705 ssp->smk_in = skp;
3706 ssp->smk_out = skp;
3707 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
3708 }
3709
3710 /**
3711 * smack_inet_conn_request - Smack access check on connect
3712 * @sk: socket involved
3713 * @skb: packet
3714 * @req: unused
3715 *
3716 * Returns 0 if a task with the packet label could write to
3717 * the socket, otherwise an error code
3718 */
3719 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3720 struct request_sock *req)
3721 {
3722 u16 family = sk->sk_family;
3723 struct smack_known *skp;
3724 struct socket_smack *ssp = sk->sk_security;
3725 struct netlbl_lsm_secattr secattr;
3726 struct sockaddr_in addr;
3727 struct iphdr *hdr;
3728 struct smack_known *hskp;
3729 int rc;
3730 struct smk_audit_info ad;
3731 #ifdef CONFIG_AUDIT
3732 struct lsm_network_audit net;
3733 #endif
3734
3735 if (family == PF_INET6) {
3736 /*
3737 * Handle mapped IPv4 packets arriving
3738 * via IPv6 sockets. Don't set up netlabel
3739 * processing on IPv6.
3740 */
3741 if (skb->protocol == htons(ETH_P_IP))
3742 family = PF_INET;
3743 else
3744 return 0;
3745 }
3746
3747 netlbl_secattr_init(&secattr);
3748 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3749 if (rc == 0)
3750 skp = smack_from_secattr(&secattr, ssp);
3751 else
3752 skp = &smack_known_huh;
3753 netlbl_secattr_destroy(&secattr);
3754
3755 #ifdef CONFIG_AUDIT
3756 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3757 ad.a.u.net->family = family;
3758 ad.a.u.net->netif = skb->skb_iif;
3759 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3760 #endif
3761 /*
3762 * Receiving a packet requires that the other end be able to write
3763 * here. Read access is not required.
3764 */
3765 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3766 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
3767 if (rc != 0)
3768 return rc;
3769
3770 /*
3771 * Save the peer's label in the request_sock so we can later setup
3772 * smk_packet in the child socket so that SO_PEERCRED can report it.
3773 */
3774 req->peer_secid = skp->smk_secid;
3775
3776 /*
3777 * We need to decide if we want to label the incoming connection here
3778 * if we do we only need to label the request_sock and the stack will
3779 * propagate the wire-label to the sock when it is created.
3780 */
3781 hdr = ip_hdr(skb);
3782 addr.sin_addr.s_addr = hdr->saddr;
3783 rcu_read_lock();
3784 hskp = smack_host_label(&addr);
3785 rcu_read_unlock();
3786
3787 if (hskp == NULL)
3788 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
3789 else
3790 netlbl_req_delattr(req);
3791
3792 return rc;
3793 }
3794
3795 /**
3796 * smack_inet_csk_clone - Copy the connection information to the new socket
3797 * @sk: the new socket
3798 * @req: the connection's request_sock
3799 *
3800 * Transfer the connection's peer label to the newly created socket.
3801 */
3802 static void smack_inet_csk_clone(struct sock *sk,
3803 const struct request_sock *req)
3804 {
3805 struct socket_smack *ssp = sk->sk_security;
3806 struct smack_known *skp;
3807
3808 if (req->peer_secid != 0) {
3809 skp = smack_from_secid(req->peer_secid);
3810 ssp->smk_packet = skp;
3811 } else
3812 ssp->smk_packet = NULL;
3813 }
3814
3815 /*
3816 * Key management security hooks
3817 *
3818 * Casey has not tested key support very heavily.
3819 * The permission check is most likely too restrictive.
3820 * If you care about keys please have a look.
3821 */
3822 #ifdef CONFIG_KEYS
3823
3824 /**
3825 * smack_key_alloc - Set the key security blob
3826 * @key: object
3827 * @cred: the credentials to use
3828 * @flags: unused
3829 *
3830 * No allocation required
3831 *
3832 * Returns 0
3833 */
3834 static int smack_key_alloc(struct key *key, const struct cred *cred,
3835 unsigned long flags)
3836 {
3837 struct smack_known *skp = smk_of_task(cred->security);
3838
3839 key->security = skp;
3840 return 0;
3841 }
3842
3843 /**
3844 * smack_key_free - Clear the key security blob
3845 * @key: the object
3846 *
3847 * Clear the blob pointer
3848 */
3849 static void smack_key_free(struct key *key)
3850 {
3851 key->security = NULL;
3852 }
3853
3854 /**
3855 * smack_key_permission - Smack access on a key
3856 * @key_ref: gets to the object
3857 * @cred: the credentials to use
3858 * @perm: requested key permissions
3859 *
3860 * Return 0 if the task has read and write to the object,
3861 * an error code otherwise
3862 */
3863 static int smack_key_permission(key_ref_t key_ref,
3864 const struct cred *cred, unsigned perm)
3865 {
3866 struct key *keyp;
3867 struct smk_audit_info ad;
3868 struct smack_known *tkp = smk_of_task(cred->security);
3869 int request = 0;
3870 int rc;
3871
3872 keyp = key_ref_to_ptr(key_ref);
3873 if (keyp == NULL)
3874 return -EINVAL;
3875 /*
3876 * If the key hasn't been initialized give it access so that
3877 * it may do so.
3878 */
3879 if (keyp->security == NULL)
3880 return 0;
3881 /*
3882 * This should not occur
3883 */
3884 if (tkp == NULL)
3885 return -EACCES;
3886 #ifdef CONFIG_AUDIT
3887 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3888 ad.a.u.key_struct.key = keyp->serial;
3889 ad.a.u.key_struct.key_desc = keyp->description;
3890 #endif
3891 if (perm & KEY_NEED_READ)
3892 request = MAY_READ;
3893 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
3894 request = MAY_WRITE;
3895 rc = smk_access(tkp, keyp->security, request, &ad);
3896 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
3897 return rc;
3898 }
3899 #endif /* CONFIG_KEYS */
3900
3901 /*
3902 * Smack Audit hooks
3903 *
3904 * Audit requires a unique representation of each Smack specific
3905 * rule. This unique representation is used to distinguish the
3906 * object to be audited from remaining kernel objects and also
3907 * works as a glue between the audit hooks.
3908 *
3909 * Since repository entries are added but never deleted, we'll use
3910 * the smack_known label address related to the given audit rule as
3911 * the needed unique representation. This also better fits the smack
3912 * model where nearly everything is a label.
3913 */
3914 #ifdef CONFIG_AUDIT
3915
3916 /**
3917 * smack_audit_rule_init - Initialize a smack audit rule
3918 * @field: audit rule fields given from user-space (audit.h)
3919 * @op: required testing operator (=, !=, >, <, ...)
3920 * @rulestr: smack label to be audited
3921 * @vrule: pointer to save our own audit rule representation
3922 *
3923 * Prepare to audit cases where (@field @op @rulestr) is true.
3924 * The label to be audited is created if necessay.
3925 */
3926 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3927 {
3928 struct smack_known *skp;
3929 char **rule = (char **)vrule;
3930 *rule = NULL;
3931
3932 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3933 return -EINVAL;
3934
3935 if (op != Audit_equal && op != Audit_not_equal)
3936 return -EINVAL;
3937
3938 skp = smk_import_entry(rulestr, 0);
3939 if (skp)
3940 *rule = skp->smk_known;
3941
3942 return 0;
3943 }
3944
3945 /**
3946 * smack_audit_rule_known - Distinguish Smack audit rules
3947 * @krule: rule of interest, in Audit kernel representation format
3948 *
3949 * This is used to filter Smack rules from remaining Audit ones.
3950 * If it's proved that this rule belongs to us, the
3951 * audit_rule_match hook will be called to do the final judgement.
3952 */
3953 static int smack_audit_rule_known(struct audit_krule *krule)
3954 {
3955 struct audit_field *f;
3956 int i;
3957
3958 for (i = 0; i < krule->field_count; i++) {
3959 f = &krule->fields[i];
3960
3961 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3962 return 1;
3963 }
3964
3965 return 0;
3966 }
3967
3968 /**
3969 * smack_audit_rule_match - Audit given object ?
3970 * @secid: security id for identifying the object to test
3971 * @field: audit rule flags given from user-space
3972 * @op: required testing operator
3973 * @vrule: smack internal rule presentation
3974 * @actx: audit context associated with the check
3975 *
3976 * The core Audit hook. It's used to take the decision of
3977 * whether to audit or not to audit a given object.
3978 */
3979 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3980 struct audit_context *actx)
3981 {
3982 struct smack_known *skp;
3983 char *rule = vrule;
3984
3985 if (unlikely(!rule)) {
3986 WARN_ONCE(1, "Smack: missing rule\n");
3987 return -ENOENT;
3988 }
3989
3990 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3991 return 0;
3992
3993 skp = smack_from_secid(secid);
3994
3995 /*
3996 * No need to do string comparisons. If a match occurs,
3997 * both pointers will point to the same smack_known
3998 * label.
3999 */
4000 if (op == Audit_equal)
4001 return (rule == skp->smk_known);
4002 if (op == Audit_not_equal)
4003 return (rule != skp->smk_known);
4004
4005 return 0;
4006 }
4007
4008 /**
4009 * smack_audit_rule_free - free smack rule representation
4010 * @vrule: rule to be freed.
4011 *
4012 * No memory was allocated.
4013 */
4014 static void smack_audit_rule_free(void *vrule)
4015 {
4016 /* No-op */
4017 }
4018
4019 #endif /* CONFIG_AUDIT */
4020
4021 /**
4022 * smack_ismaclabel - check if xattr @name references a smack MAC label
4023 * @name: Full xattr name to check.
4024 */
4025 static int smack_ismaclabel(const char *name)
4026 {
4027 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4028 }
4029
4030
4031 /**
4032 * smack_secid_to_secctx - return the smack label for a secid
4033 * @secid: incoming integer
4034 * @secdata: destination
4035 * @seclen: how long it is
4036 *
4037 * Exists for networking code.
4038 */
4039 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4040 {
4041 struct smack_known *skp = smack_from_secid(secid);
4042
4043 if (secdata)
4044 *secdata = skp->smk_known;
4045 *seclen = strlen(skp->smk_known);
4046 return 0;
4047 }
4048
4049 /**
4050 * smack_secctx_to_secid - return the secid for a smack label
4051 * @secdata: smack label
4052 * @seclen: how long result is
4053 * @secid: outgoing integer
4054 *
4055 * Exists for audit and networking code.
4056 */
4057 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4058 {
4059 struct smack_known *skp = smk_find_entry(secdata);
4060
4061 if (skp)
4062 *secid = skp->smk_secid;
4063 else
4064 *secid = 0;
4065 return 0;
4066 }
4067
4068 /**
4069 * smack_release_secctx - don't do anything.
4070 * @secdata: unused
4071 * @seclen: unused
4072 *
4073 * Exists to make sure nothing gets done, and properly
4074 */
4075 static void smack_release_secctx(char *secdata, u32 seclen)
4076 {
4077 }
4078
4079 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4080 {
4081 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4082 }
4083
4084 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4085 {
4086 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4087 }
4088
4089 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4090 {
4091 int len = 0;
4092 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4093
4094 if (len < 0)
4095 return len;
4096 *ctxlen = len;
4097 return 0;
4098 }
4099
4100 struct security_operations smack_ops = {
4101 .name = "smack",
4102
4103 .ptrace_access_check = smack_ptrace_access_check,
4104 .ptrace_traceme = smack_ptrace_traceme,
4105 .syslog = smack_syslog,
4106
4107 .sb_alloc_security = smack_sb_alloc_security,
4108 .sb_free_security = smack_sb_free_security,
4109 .sb_copy_data = smack_sb_copy_data,
4110 .sb_kern_mount = smack_sb_kern_mount,
4111 .sb_statfs = smack_sb_statfs,
4112
4113 .bprm_set_creds = smack_bprm_set_creds,
4114 .bprm_committing_creds = smack_bprm_committing_creds,
4115 .bprm_secureexec = smack_bprm_secureexec,
4116
4117 .inode_alloc_security = smack_inode_alloc_security,
4118 .inode_free_security = smack_inode_free_security,
4119 .inode_init_security = smack_inode_init_security,
4120 .inode_link = smack_inode_link,
4121 .inode_unlink = smack_inode_unlink,
4122 .inode_rmdir = smack_inode_rmdir,
4123 .inode_rename = smack_inode_rename,
4124 .inode_permission = smack_inode_permission,
4125 .inode_setattr = smack_inode_setattr,
4126 .inode_getattr = smack_inode_getattr,
4127 .inode_setxattr = smack_inode_setxattr,
4128 .inode_post_setxattr = smack_inode_post_setxattr,
4129 .inode_getxattr = smack_inode_getxattr,
4130 .inode_removexattr = smack_inode_removexattr,
4131 .inode_getsecurity = smack_inode_getsecurity,
4132 .inode_setsecurity = smack_inode_setsecurity,
4133 .inode_listsecurity = smack_inode_listsecurity,
4134 .inode_getsecid = smack_inode_getsecid,
4135
4136 .file_permission = smack_file_permission,
4137 .file_alloc_security = smack_file_alloc_security,
4138 .file_free_security = smack_file_free_security,
4139 .file_ioctl = smack_file_ioctl,
4140 .file_lock = smack_file_lock,
4141 .file_fcntl = smack_file_fcntl,
4142 .mmap_file = smack_mmap_file,
4143 .mmap_addr = cap_mmap_addr,
4144 .file_set_fowner = smack_file_set_fowner,
4145 .file_send_sigiotask = smack_file_send_sigiotask,
4146 .file_receive = smack_file_receive,
4147
4148 .file_open = smack_file_open,
4149
4150 .cred_alloc_blank = smack_cred_alloc_blank,
4151 .cred_free = smack_cred_free,
4152 .cred_prepare = smack_cred_prepare,
4153 .cred_transfer = smack_cred_transfer,
4154 .kernel_act_as = smack_kernel_act_as,
4155 .kernel_create_files_as = smack_kernel_create_files_as,
4156 .task_setpgid = smack_task_setpgid,
4157 .task_getpgid = smack_task_getpgid,
4158 .task_getsid = smack_task_getsid,
4159 .task_getsecid = smack_task_getsecid,
4160 .task_setnice = smack_task_setnice,
4161 .task_setioprio = smack_task_setioprio,
4162 .task_getioprio = smack_task_getioprio,
4163 .task_setscheduler = smack_task_setscheduler,
4164 .task_getscheduler = smack_task_getscheduler,
4165 .task_movememory = smack_task_movememory,
4166 .task_kill = smack_task_kill,
4167 .task_wait = smack_task_wait,
4168 .task_to_inode = smack_task_to_inode,
4169
4170 .ipc_permission = smack_ipc_permission,
4171 .ipc_getsecid = smack_ipc_getsecid,
4172
4173 .msg_msg_alloc_security = smack_msg_msg_alloc_security,
4174 .msg_msg_free_security = smack_msg_msg_free_security,
4175
4176 .msg_queue_alloc_security = smack_msg_queue_alloc_security,
4177 .msg_queue_free_security = smack_msg_queue_free_security,
4178 .msg_queue_associate = smack_msg_queue_associate,
4179 .msg_queue_msgctl = smack_msg_queue_msgctl,
4180 .msg_queue_msgsnd = smack_msg_queue_msgsnd,
4181 .msg_queue_msgrcv = smack_msg_queue_msgrcv,
4182
4183 .shm_alloc_security = smack_shm_alloc_security,
4184 .shm_free_security = smack_shm_free_security,
4185 .shm_associate = smack_shm_associate,
4186 .shm_shmctl = smack_shm_shmctl,
4187 .shm_shmat = smack_shm_shmat,
4188
4189 .sem_alloc_security = smack_sem_alloc_security,
4190 .sem_free_security = smack_sem_free_security,
4191 .sem_associate = smack_sem_associate,
4192 .sem_semctl = smack_sem_semctl,
4193 .sem_semop = smack_sem_semop,
4194
4195 .d_instantiate = smack_d_instantiate,
4196
4197 .getprocattr = smack_getprocattr,
4198 .setprocattr = smack_setprocattr,
4199
4200 .unix_stream_connect = smack_unix_stream_connect,
4201 .unix_may_send = smack_unix_may_send,
4202
4203 .socket_post_create = smack_socket_post_create,
4204 .socket_bind = smack_socket_bind,
4205 .socket_connect = smack_socket_connect,
4206 .socket_sendmsg = smack_socket_sendmsg,
4207 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
4208 .socket_getpeersec_stream = smack_socket_getpeersec_stream,
4209 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
4210 .sk_alloc_security = smack_sk_alloc_security,
4211 .sk_free_security = smack_sk_free_security,
4212 .sock_graft = smack_sock_graft,
4213 .inet_conn_request = smack_inet_conn_request,
4214 .inet_csk_clone = smack_inet_csk_clone,
4215
4216 /* key management security hooks */
4217 #ifdef CONFIG_KEYS
4218 .key_alloc = smack_key_alloc,
4219 .key_free = smack_key_free,
4220 .key_permission = smack_key_permission,
4221 #endif /* CONFIG_KEYS */
4222
4223 /* Audit hooks */
4224 #ifdef CONFIG_AUDIT
4225 .audit_rule_init = smack_audit_rule_init,
4226 .audit_rule_known = smack_audit_rule_known,
4227 .audit_rule_match = smack_audit_rule_match,
4228 .audit_rule_free = smack_audit_rule_free,
4229 #endif /* CONFIG_AUDIT */
4230
4231 .ismaclabel = smack_ismaclabel,
4232 .secid_to_secctx = smack_secid_to_secctx,
4233 .secctx_to_secid = smack_secctx_to_secid,
4234 .release_secctx = smack_release_secctx,
4235 .inode_notifysecctx = smack_inode_notifysecctx,
4236 .inode_setsecctx = smack_inode_setsecctx,
4237 .inode_getsecctx = smack_inode_getsecctx,
4238 };
4239
4240
4241 static __init void init_smack_known_list(void)
4242 {
4243 /*
4244 * Initialize rule list locks
4245 */
4246 mutex_init(&smack_known_huh.smk_rules_lock);
4247 mutex_init(&smack_known_hat.smk_rules_lock);
4248 mutex_init(&smack_known_floor.smk_rules_lock);
4249 mutex_init(&smack_known_star.smk_rules_lock);
4250 mutex_init(&smack_known_invalid.smk_rules_lock);
4251 mutex_init(&smack_known_web.smk_rules_lock);
4252 /*
4253 * Initialize rule lists
4254 */
4255 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4256 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4257 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4258 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4259 INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
4260 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4261 /*
4262 * Create the known labels list
4263 */
4264 smk_insert_entry(&smack_known_huh);
4265 smk_insert_entry(&smack_known_hat);
4266 smk_insert_entry(&smack_known_star);
4267 smk_insert_entry(&smack_known_floor);
4268 smk_insert_entry(&smack_known_invalid);
4269 smk_insert_entry(&smack_known_web);
4270 }
4271
4272 /**
4273 * smack_init - initialize the smack system
4274 *
4275 * Returns 0
4276 */
4277 static __init int smack_init(void)
4278 {
4279 struct cred *cred;
4280 struct task_smack *tsp;
4281
4282 if (!security_module_enable(&smack_ops))
4283 return 0;
4284
4285 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4286 if (!smack_inode_cache)
4287 return -ENOMEM;
4288
4289 tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4290 GFP_KERNEL);
4291 if (tsp == NULL) {
4292 kmem_cache_destroy(smack_inode_cache);
4293 return -ENOMEM;
4294 }
4295
4296 printk(KERN_INFO "Smack: Initializing.\n");
4297
4298 /*
4299 * Set the security state for the initial task.
4300 */
4301 cred = (struct cred *) current->cred;
4302 cred->security = tsp;
4303
4304 /* initialize the smack_known_list */
4305 init_smack_known_list();
4306
4307 /*
4308 * Register with LSM
4309 */
4310 if (register_security(&smack_ops))
4311 panic("smack: Unable to register with kernel.\n");
4312
4313 return 0;
4314 }
4315
4316 /*
4317 * Smack requires early initialization in order to label
4318 * all processes and objects when they are created.
4319 */
4320 security_initcall(smack_init);
Ubuntu Artful kernel mirror