1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Simplified MAC Kernel (smack) security module
4 *
5 * This file contains the smack hook function implementations.
6 *
7 * Authors:
8 * Casey Schaufler <casey@schaufler-ca.com>
9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
10 *
11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
13 * Paul Moore <paul@paul-moore.com>
14 * Copyright (C) 2010 Nokia Corporation
15 * Copyright (C) 2011 Intel Corporation.
16 */
17
18 #include <linux/xattr.h>
19 #include <linux/pagemap.h>
20 #include <linux/mount.h>
21 #include <linux/stat.h>
22 #include <linux/kd.h>
23 #include <asm/ioctls.h>
24 #include <linux/ip.h>
25 #include <linux/tcp.h>
26 #include <linux/udp.h>
27 #include <linux/dccp.h>
28 #include <linux/icmpv6.h>
29 #include <linux/slab.h>
30 #include <linux/mutex.h>
31 #include <net/cipso_ipv4.h>
32 #include <net/ip.h>
33 #include <net/ipv6.h>
34 #include <linux/audit.h>
35 #include <linux/magic.h>
36 #include <linux/dcache.h>
37 #include <linux/personality.h>
38 #include <linux/msg.h>
39 #include <linux/shm.h>
40 #include <linux/binfmts.h>
41 #include <linux/parser.h>
42 #include <linux/fs_context.h>
43 #include <linux/fs_parser.h>
44 #include <linux/watch_queue.h>
45 #include "smack.h"
46
47 #define TRANS_TRUE "TRUE"
48 #define TRANS_TRUE_SIZE 4
49
50 #define SMK_CONNECTING 0
51 #define SMK_RECEIVING 1
52 #define SMK_SENDING 2
53
54 static DEFINE_MUTEX(smack_ipv6_lock);
55 static LIST_HEAD(smk_ipv6_port_list);
56 struct kmem_cache *smack_rule_cache;
57 int smack_enabled;
58
59 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
60 static struct {
61 const char *name;
62 int len;
63 int opt;
64 } smk_mount_opts[] = {
65 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
66 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
67 };
68 #undef A
69
match_opt_prefix(char * s,int l,char ** arg)70 static int match_opt_prefix(char *s, int l, char **arg)
71 {
72 int i;
73
74 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
75 size_t len = smk_mount_opts[i].len;
76 if (len > l || memcmp(s, smk_mount_opts[i].name, len))
77 continue;
78 if (len == l || s[len] != '=')
79 continue;
80 *arg = s + len + 1;
81 return smk_mount_opts[i].opt;
82 }
83 return Opt_error;
84 }
85
86 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
87 static char *smk_bu_mess[] = {
88 "Bringup Error", /* Unused */
89 "Bringup", /* SMACK_BRINGUP_ALLOW */
90 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
91 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
92 };
93
smk_bu_mode(int mode,char * s)94 static void smk_bu_mode(int mode, char *s)
95 {
96 int i = 0;
97
98 if (mode & MAY_READ)
99 s[i++] = 'r';
100 if (mode & MAY_WRITE)
101 s[i++] = 'w';
102 if (mode & MAY_EXEC)
103 s[i++] = 'x';
104 if (mode & MAY_APPEND)
105 s[i++] = 'a';
106 if (mode & MAY_TRANSMUTE)
107 s[i++] = 't';
108 if (mode & MAY_LOCK)
109 s[i++] = 'l';
110 if (i == 0)
111 s[i++] = '-';
112 s[i] = '\0';
113 }
114 #endif
115
116 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_note(char * note,struct smack_known * sskp,struct smack_known * oskp,int mode,int rc)117 static int smk_bu_note(char *note, struct smack_known *sskp,
118 struct smack_known *oskp, int mode, int rc)
119 {
120 char acc[SMK_NUM_ACCESS_TYPE + 1];
121
122 if (rc <= 0)
123 return rc;
124 if (rc > SMACK_UNCONFINED_OBJECT)
125 rc = 0;
126
127 smk_bu_mode(mode, acc);
128 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
129 sskp->smk_known, oskp->smk_known, acc, note);
130 return 0;
131 }
132 #else
133 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
134 #endif
135
136 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_current(char * note,struct smack_known * oskp,int mode,int rc)137 static int smk_bu_current(char *note, struct smack_known *oskp,
138 int mode, int rc)
139 {
140 struct task_smack *tsp = smack_cred(current_cred());
141 char acc[SMK_NUM_ACCESS_TYPE + 1];
142
143 if (rc <= 0)
144 return rc;
145 if (rc > SMACK_UNCONFINED_OBJECT)
146 rc = 0;
147
148 smk_bu_mode(mode, acc);
149 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
150 tsp->smk_task->smk_known, oskp->smk_known,
151 acc, current->comm, note);
152 return 0;
153 }
154 #else
155 #define smk_bu_current(note, oskp, mode, RC) (RC)
156 #endif
157
158 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_task(struct task_struct * otp,int mode,int rc)159 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
160 {
161 struct task_smack *tsp = smack_cred(current_cred());
162 struct smack_known *smk_task = smk_of_task_struct(otp);
163 char acc[SMK_NUM_ACCESS_TYPE + 1];
164
165 if (rc <= 0)
166 return rc;
167 if (rc > SMACK_UNCONFINED_OBJECT)
168 rc = 0;
169
170 smk_bu_mode(mode, acc);
171 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
172 tsp->smk_task->smk_known, smk_task->smk_known, acc,
173 current->comm, otp->comm);
174 return 0;
175 }
176 #else
177 #define smk_bu_task(otp, mode, RC) (RC)
178 #endif
179
180 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_inode(struct inode * inode,int mode,int rc)181 static int smk_bu_inode(struct inode *inode, int mode, int rc)
182 {
183 struct task_smack *tsp = smack_cred(current_cred());
184 struct inode_smack *isp = smack_inode(inode);
185 char acc[SMK_NUM_ACCESS_TYPE + 1];
186
187 if (isp->smk_flags & SMK_INODE_IMPURE)
188 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
189 inode->i_sb->s_id, inode->i_ino, current->comm);
190
191 if (rc <= 0)
192 return rc;
193 if (rc > SMACK_UNCONFINED_OBJECT)
194 rc = 0;
195 if (rc == SMACK_UNCONFINED_SUBJECT &&
196 (mode & (MAY_WRITE | MAY_APPEND)))
197 isp->smk_flags |= SMK_INODE_IMPURE;
198
199 smk_bu_mode(mode, acc);
200
201 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
202 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
203 inode->i_sb->s_id, inode->i_ino, current->comm);
204 return 0;
205 }
206 #else
207 #define smk_bu_inode(inode, mode, RC) (RC)
208 #endif
209
210 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_file(struct file * file,int mode,int rc)211 static int smk_bu_file(struct file *file, int mode, int rc)
212 {
213 struct task_smack *tsp = smack_cred(current_cred());
214 struct smack_known *sskp = tsp->smk_task;
215 struct inode *inode = file_inode(file);
216 struct inode_smack *isp = smack_inode(inode);
217 char acc[SMK_NUM_ACCESS_TYPE + 1];
218
219 if (isp->smk_flags & SMK_INODE_IMPURE)
220 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
221 inode->i_sb->s_id, inode->i_ino, current->comm);
222
223 if (rc <= 0)
224 return rc;
225 if (rc > SMACK_UNCONFINED_OBJECT)
226 rc = 0;
227
228 smk_bu_mode(mode, acc);
229 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
230 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
231 inode->i_sb->s_id, inode->i_ino, file,
232 current->comm);
233 return 0;
234 }
235 #else
236 #define smk_bu_file(file, mode, RC) (RC)
237 #endif
238
239 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_credfile(const struct cred * cred,struct file * file,int mode,int rc)240 static int smk_bu_credfile(const struct cred *cred, struct file *file,
241 int mode, int rc)
242 {
243 struct task_smack *tsp = smack_cred(cred);
244 struct smack_known *sskp = tsp->smk_task;
245 struct inode *inode = file_inode(file);
246 struct inode_smack *isp = smack_inode(inode);
247 char acc[SMK_NUM_ACCESS_TYPE + 1];
248
249 if (isp->smk_flags & SMK_INODE_IMPURE)
250 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
251 inode->i_sb->s_id, inode->i_ino, current->comm);
252
253 if (rc <= 0)
254 return rc;
255 if (rc > SMACK_UNCONFINED_OBJECT)
256 rc = 0;
257
258 smk_bu_mode(mode, acc);
259 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
260 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
261 inode->i_sb->s_id, inode->i_ino, file,
262 current->comm);
263 return 0;
264 }
265 #else
266 #define smk_bu_credfile(cred, file, mode, RC) (RC)
267 #endif
268
269 /**
270 * smk_fetch - Fetch the smack label from a file.
271 * @name: type of the label (attribute)
272 * @ip: a pointer to the inode
273 * @dp: a pointer to the dentry
274 *
275 * Returns a pointer to the master list entry for the Smack label,
276 * NULL if there was no label to fetch, or an error code.
277 */
smk_fetch(const char * name,struct inode * ip,struct dentry * dp)278 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
279 struct dentry *dp)
280 {
281 int rc;
282 char *buffer;
283 struct smack_known *skp = NULL;
284
285 if (!(ip->i_opflags & IOP_XATTR))
286 return ERR_PTR(-EOPNOTSUPP);
287
288 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
289 if (buffer == NULL)
290 return ERR_PTR(-ENOMEM);
291
292 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL,
293 XATTR_NOSECURITY);
294 if (rc < 0)
295 skp = ERR_PTR(rc);
296 else if (rc == 0)
297 skp = NULL;
298 else
299 skp = smk_import_entry(buffer, rc);
300
301 kfree(buffer);
302
303 return skp;
304 }
305
306 /**
307 * init_inode_smack - initialize an inode security blob
308 * @inode: inode to extract the info from
309 * @skp: a pointer to the Smack label entry to use in the blob
310 *
311 */
init_inode_smack(struct inode * inode,struct smack_known * skp)312 static void init_inode_smack(struct inode *inode, struct smack_known *skp)
313 {
314 struct inode_smack *isp = smack_inode(inode);
315
316 isp->smk_inode = skp;
317 isp->smk_flags = 0;
318 }
319
320 /**
321 * init_task_smack - initialize a task security blob
322 * @tsp: blob to initialize
323 * @task: a pointer to the Smack label for the running task
324 * @forked: a pointer to the Smack label for the forked task
325 *
326 */
init_task_smack(struct task_smack * tsp,struct smack_known * task,struct smack_known * forked)327 static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
328 struct smack_known *forked)
329 {
330 tsp->smk_task = task;
331 tsp->smk_forked = forked;
332 INIT_LIST_HEAD(&tsp->smk_rules);
333 INIT_LIST_HEAD(&tsp->smk_relabel);
334 mutex_init(&tsp->smk_rules_lock);
335 }
336
337 /**
338 * smk_copy_rules - copy a rule set
339 * @nhead: new rules header pointer
340 * @ohead: old rules header pointer
341 * @gfp: type of the memory for the allocation
342 *
343 * Returns 0 on success, -ENOMEM on error
344 */
smk_copy_rules(struct list_head * nhead,struct list_head * ohead,gfp_t gfp)345 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
346 gfp_t gfp)
347 {
348 struct smack_rule *nrp;
349 struct smack_rule *orp;
350 int rc = 0;
351
352 list_for_each_entry_rcu(orp, ohead, list) {
353 nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
354 if (nrp == NULL) {
355 rc = -ENOMEM;
356 break;
357 }
358 *nrp = *orp;
359 list_add_rcu(&nrp->list, nhead);
360 }
361 return rc;
362 }
363
364 /**
365 * smk_copy_relabel - copy smk_relabel labels list
366 * @nhead: new rules header pointer
367 * @ohead: old rules header pointer
368 * @gfp: type of the memory for the allocation
369 *
370 * Returns 0 on success, -ENOMEM on error
371 */
smk_copy_relabel(struct list_head * nhead,struct list_head * ohead,gfp_t gfp)372 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
373 gfp_t gfp)
374 {
375 struct smack_known_list_elem *nklep;
376 struct smack_known_list_elem *oklep;
377
378 list_for_each_entry(oklep, ohead, list) {
379 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
380 if (nklep == NULL) {
381 smk_destroy_label_list(nhead);
382 return -ENOMEM;
383 }
384 nklep->smk_label = oklep->smk_label;
385 list_add(&nklep->list, nhead);
386 }
387
388 return 0;
389 }
390
391 /**
392 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
393 * @mode - input mode in form of PTRACE_MODE_*
394 *
395 * Returns a converted MAY_* mode usable by smack rules
396 */
smk_ptrace_mode(unsigned int mode)397 static inline unsigned int smk_ptrace_mode(unsigned int mode)
398 {
399 if (mode & PTRACE_MODE_ATTACH)
400 return MAY_READWRITE;
401 if (mode & PTRACE_MODE_READ)
402 return MAY_READ;
403
404 return 0;
405 }
406
407 /**
408 * smk_ptrace_rule_check - helper for ptrace access
409 * @tracer: tracer process
410 * @tracee_known: label entry of the process that's about to be traced
411 * @mode: ptrace attachment mode (PTRACE_MODE_*)
412 * @func: name of the function that called us, used for audit
413 *
414 * Returns 0 on access granted, -error on error
415 */
smk_ptrace_rule_check(struct task_struct * tracer,struct smack_known * tracee_known,unsigned int mode,const char * func)416 static int smk_ptrace_rule_check(struct task_struct *tracer,
417 struct smack_known *tracee_known,
418 unsigned int mode, const char *func)
419 {
420 int rc;
421 struct smk_audit_info ad, *saip = NULL;
422 struct task_smack *tsp;
423 struct smack_known *tracer_known;
424 const struct cred *tracercred;
425
426 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
427 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
428 smk_ad_setfield_u_tsk(&ad, tracer);
429 saip = &ad;
430 }
431
432 rcu_read_lock();
433 tracercred = __task_cred(tracer);
434 tsp = smack_cred(tracercred);
435 tracer_known = smk_of_task(tsp);
436
437 if ((mode & PTRACE_MODE_ATTACH) &&
438 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
439 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
440 if (tracer_known->smk_known == tracee_known->smk_known)
441 rc = 0;
442 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
443 rc = -EACCES;
444 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
445 rc = 0;
446 else
447 rc = -EACCES;
448
449 if (saip)
450 smack_log(tracer_known->smk_known,
451 tracee_known->smk_known,
452 0, rc, saip);
453
454 rcu_read_unlock();
455 return rc;
456 }
457
458 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
459 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
460
461 rcu_read_unlock();
462 return rc;
463 }
464
465 /*
466 * LSM hooks.
467 * We he, that is fun!
468 */
469
470 /**
471 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
472 * @ctp: child task pointer
473 * @mode: ptrace attachment mode (PTRACE_MODE_*)
474 *
475 * Returns 0 if access is OK, an error code otherwise
476 *
477 * Do the capability checks.
478 */
smack_ptrace_access_check(struct task_struct * ctp,unsigned int mode)479 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
480 {
481 struct smack_known *skp;
482
483 skp = smk_of_task_struct(ctp);
484
485 return smk_ptrace_rule_check(current, skp, mode, __func__);
486 }
487
488 /**
489 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
490 * @ptp: parent task pointer
491 *
492 * Returns 0 if access is OK, an error code otherwise
493 *
494 * Do the capability checks, and require PTRACE_MODE_ATTACH.
495 */
smack_ptrace_traceme(struct task_struct * ptp)496 static int smack_ptrace_traceme(struct task_struct *ptp)
497 {
498 int rc;
499 struct smack_known *skp;
500
501 skp = smk_of_task(smack_cred(current_cred()));
502
503 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
504 return rc;
505 }
506
507 /**
508 * smack_syslog - Smack approval on syslog
509 * @typefrom_file: unused
510 *
511 * Returns 0 on success, error code otherwise.
512 */
smack_syslog(int typefrom_file)513 static int smack_syslog(int typefrom_file)
514 {
515 int rc = 0;
516 struct smack_known *skp = smk_of_current();
517
518 if (smack_privileged(CAP_MAC_OVERRIDE))
519 return 0;
520
521 if (smack_syslog_label != NULL && smack_syslog_label != skp)
522 rc = -EACCES;
523
524 return rc;
525 }
526
527 /*
528 * Superblock Hooks.
529 */
530
531 /**
532 * smack_sb_alloc_security - allocate a superblock blob
533 * @sb: the superblock getting the blob
534 *
535 * Returns 0 on success or -ENOMEM on error.
536 */
smack_sb_alloc_security(struct super_block * sb)537 static int smack_sb_alloc_security(struct super_block *sb)
538 {
539 struct superblock_smack *sbsp;
540
541 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
542
543 if (sbsp == NULL)
544 return -ENOMEM;
545
546 sbsp->smk_root = &smack_known_floor;
547 sbsp->smk_default = &smack_known_floor;
548 sbsp->smk_floor = &smack_known_floor;
549 sbsp->smk_hat = &smack_known_hat;
550 /*
551 * SMK_SB_INITIALIZED will be zero from kzalloc.
552 */
553 sb->s_security = sbsp;
554
555 return 0;
556 }
557
558 /**
559 * smack_sb_free_security - free a superblock blob
560 * @sb: the superblock getting the blob
561 *
562 */
smack_sb_free_security(struct super_block * sb)563 static void smack_sb_free_security(struct super_block *sb)
564 {
565 kfree(sb->s_security);
566 sb->s_security = NULL;
567 }
568
569 struct smack_mnt_opts {
570 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
571 };
572
smack_free_mnt_opts(void * mnt_opts)573 static void smack_free_mnt_opts(void *mnt_opts)
574 {
575 struct smack_mnt_opts *opts = mnt_opts;
576 kfree(opts->fsdefault);
577 kfree(opts->fsfloor);
578 kfree(opts->fshat);
579 kfree(opts->fsroot);
580 kfree(opts->fstransmute);
581 kfree(opts);
582 }
583
smack_add_opt(int token,const char * s,void ** mnt_opts)584 static int smack_add_opt(int token, const char *s, void **mnt_opts)
585 {
586 struct smack_mnt_opts *opts = *mnt_opts;
587
588 if (!opts) {
589 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
590 if (!opts)
591 return -ENOMEM;
592 *mnt_opts = opts;
593 }
594 if (!s)
595 return -ENOMEM;
596
597 switch (token) {
598 case Opt_fsdefault:
599 if (opts->fsdefault)
600 goto out_opt_err;
601 opts->fsdefault = s;
602 break;
603 case Opt_fsfloor:
604 if (opts->fsfloor)
605 goto out_opt_err;
606 opts->fsfloor = s;
607 break;
608 case Opt_fshat:
609 if (opts->fshat)
610 goto out_opt_err;
611 opts->fshat = s;
612 break;
613 case Opt_fsroot:
614 if (opts->fsroot)
615 goto out_opt_err;
616 opts->fsroot = s;
617 break;
618 case Opt_fstransmute:
619 if (opts->fstransmute)
620 goto out_opt_err;
621 opts->fstransmute = s;
622 break;
623 }
624 return 0;
625
626 out_opt_err:
627 pr_warn("Smack: duplicate mount options\n");
628 return -EINVAL;
629 }
630
631 /**
632 * smack_fs_context_dup - Duplicate the security data on fs_context duplication
633 * @fc: The new filesystem context.
634 * @src_fc: The source filesystem context being duplicated.
635 *
636 * Returns 0 on success or -ENOMEM on error.
637 */
smack_fs_context_dup(struct fs_context * fc,struct fs_context * src_fc)638 static int smack_fs_context_dup(struct fs_context *fc,
639 struct fs_context *src_fc)
640 {
641 struct smack_mnt_opts *dst, *src = src_fc->security;
642
643 if (!src)
644 return 0;
645
646 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
647 if (!fc->security)
648 return -ENOMEM;
649 dst = fc->security;
650
651 if (src->fsdefault) {
652 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
653 if (!dst->fsdefault)
654 return -ENOMEM;
655 }
656 if (src->fsfloor) {
657 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
658 if (!dst->fsfloor)
659 return -ENOMEM;
660 }
661 if (src->fshat) {
662 dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
663 if (!dst->fshat)
664 return -ENOMEM;
665 }
666 if (src->fsroot) {
667 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
668 if (!dst->fsroot)
669 return -ENOMEM;
670 }
671 if (src->fstransmute) {
672 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
673 if (!dst->fstransmute)
674 return -ENOMEM;
675 }
676 return 0;
677 }
678
679 static const struct fs_parameter_spec smack_fs_parameters[] = {
680 fsparam_string("smackfsdef", Opt_fsdefault),
681 fsparam_string("smackfsdefault", Opt_fsdefault),
682 fsparam_string("smackfsfloor", Opt_fsfloor),
683 fsparam_string("smackfshat", Opt_fshat),
684 fsparam_string("smackfsroot", Opt_fsroot),
685 fsparam_string("smackfstransmute", Opt_fstransmute),
686 {}
687 };
688
689 /**
690 * smack_fs_context_parse_param - Parse a single mount parameter
691 * @fc: The new filesystem context being constructed.
692 * @param: The parameter.
693 *
694 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
695 * error.
696 */
smack_fs_context_parse_param(struct fs_context * fc,struct fs_parameter * param)697 static int smack_fs_context_parse_param(struct fs_context *fc,
698 struct fs_parameter *param)
699 {
700 struct fs_parse_result result;
701 int opt, rc;
702
703 opt = fs_parse(fc, smack_fs_parameters, param, &result);
704 if (opt < 0)
705 return opt;
706
707 rc = smack_add_opt(opt, param->string, &fc->security);
708 if (!rc)
709 param->string = NULL;
710 return rc;
711 }
712
smack_sb_eat_lsm_opts(char * options,void ** mnt_opts)713 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
714 {
715 char *from = options, *to = options;
716 bool first = true;
717
718 while (1) {
719 char *next = strchr(from, ',');
720 int token, len, rc;
721 char *arg = NULL;
722
723 if (next)
724 len = next - from;
725 else
726 len = strlen(from);
727
728 token = match_opt_prefix(from, len, &arg);
729 if (token != Opt_error) {
730 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
731 rc = smack_add_opt(token, arg, mnt_opts);
732 if (unlikely(rc)) {
733 kfree(arg);
734 if (*mnt_opts)
735 smack_free_mnt_opts(*mnt_opts);
736 *mnt_opts = NULL;
737 return rc;
738 }
739 } else {
740 if (!first) { // copy with preceding comma
741 from--;
742 len++;
743 }
744 if (to != from)
745 memmove(to, from, len);
746 to += len;
747 first = false;
748 }
749 if (!from[len])
750 break;
751 from += len + 1;
752 }
753 *to = '\0';
754 return 0;
755 }
756
757 /**
758 * smack_set_mnt_opts - set Smack specific mount options
759 * @sb: the file system superblock
760 * @mnt_opts: Smack mount options
761 * @kern_flags: mount option from kernel space or user space
762 * @set_kern_flags: where to store converted mount opts
763 *
764 * Returns 0 on success, an error code on failure
765 *
766 * Allow filesystems with binary mount data to explicitly set Smack mount
767 * labels.
768 */
smack_set_mnt_opts(struct super_block * sb,void * mnt_opts,unsigned long kern_flags,unsigned long * set_kern_flags)769 static int smack_set_mnt_opts(struct super_block *sb,
770 void *mnt_opts,
771 unsigned long kern_flags,
772 unsigned long *set_kern_flags)
773 {
774 struct dentry *root = sb->s_root;
775 struct inode *inode = d_backing_inode(root);
776 struct superblock_smack *sp = sb->s_security;
777 struct inode_smack *isp;
778 struct smack_known *skp;
779 struct smack_mnt_opts *opts = mnt_opts;
780 bool transmute = false;
781
782 if (sp->smk_flags & SMK_SB_INITIALIZED)
783 return 0;
784
785 if (inode->i_security == NULL) {
786 int rc = lsm_inode_alloc(inode);
787
788 if (rc)
789 return rc;
790 }
791
792 if (!smack_privileged(CAP_MAC_ADMIN)) {
793 /*
794 * Unprivileged mounts don't get to specify Smack values.
795 */
796 if (opts)
797 return -EPERM;
798 /*
799 * Unprivileged mounts get root and default from the caller.
800 */
801 skp = smk_of_current();
802 sp->smk_root = skp;
803 sp->smk_default = skp;
804 /*
805 * For a handful of fs types with no user-controlled
806 * backing store it's okay to trust security labels
807 * in the filesystem. The rest are untrusted.
808 */
809 if (sb->s_user_ns != &init_user_ns &&
810 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
811 sb->s_magic != RAMFS_MAGIC) {
812 transmute = true;
813 sp->smk_flags |= SMK_SB_UNTRUSTED;
814 }
815 }
816
817 sp->smk_flags |= SMK_SB_INITIALIZED;
818
819 if (opts) {
820 if (opts->fsdefault) {
821 skp = smk_import_entry(opts->fsdefault, 0);
822 if (IS_ERR(skp))
823 return PTR_ERR(skp);
824 sp->smk_default = skp;
825 }
826 if (opts->fsfloor) {
827 skp = smk_import_entry(opts->fsfloor, 0);
828 if (IS_ERR(skp))
829 return PTR_ERR(skp);
830 sp->smk_floor = skp;
831 }
832 if (opts->fshat) {
833 skp = smk_import_entry(opts->fshat, 0);
834 if (IS_ERR(skp))
835 return PTR_ERR(skp);
836 sp->smk_hat = skp;
837 }
838 if (opts->fsroot) {
839 skp = smk_import_entry(opts->fsroot, 0);
840 if (IS_ERR(skp))
841 return PTR_ERR(skp);
842 sp->smk_root = skp;
843 }
844 if (opts->fstransmute) {
845 skp = smk_import_entry(opts->fstransmute, 0);
846 if (IS_ERR(skp))
847 return PTR_ERR(skp);
848 sp->smk_root = skp;
849 transmute = true;
850 }
851 }
852
853 /*
854 * Initialize the root inode.
855 */
856 init_inode_smack(inode, sp->smk_root);
857
858 if (transmute) {
859 isp = smack_inode(inode);
860 isp->smk_flags |= SMK_INODE_TRANSMUTE;
861 }
862
863 return 0;
864 }
865
866 /**
867 * smack_sb_statfs - Smack check on statfs
868 * @dentry: identifies the file system in question
869 *
870 * Returns 0 if current can read the floor of the filesystem,
871 * and error code otherwise
872 */
smack_sb_statfs(struct dentry * dentry)873 static int smack_sb_statfs(struct dentry *dentry)
874 {
875 struct superblock_smack *sbp = dentry->d_sb->s_security;
876 int rc;
877 struct smk_audit_info ad;
878
879 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
880 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
881
882 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
883 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
884 return rc;
885 }
886
887 /*
888 * BPRM hooks
889 */
890
891 /**
892 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec
893 * @bprm: the exec information
894 *
895 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
896 */
smack_bprm_creds_for_exec(struct linux_binprm * bprm)897 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)
898 {
899 struct inode *inode = file_inode(bprm->file);
900 struct task_smack *bsp = smack_cred(bprm->cred);
901 struct inode_smack *isp;
902 struct superblock_smack *sbsp;
903 int rc;
904
905 isp = smack_inode(inode);
906 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
907 return 0;
908
909 sbsp = inode->i_sb->s_security;
910 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
911 isp->smk_task != sbsp->smk_root)
912 return 0;
913
914 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
915 struct task_struct *tracer;
916 rc = 0;
917
918 rcu_read_lock();
919 tracer = ptrace_parent(current);
920 if (likely(tracer != NULL))
921 rc = smk_ptrace_rule_check(tracer,
922 isp->smk_task,
923 PTRACE_MODE_ATTACH,
924 __func__);
925 rcu_read_unlock();
926
927 if (rc != 0)
928 return rc;
929 }
930 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
931 return -EPERM;
932
933 bsp->smk_task = isp->smk_task;
934 bprm->per_clear |= PER_CLEAR_ON_SETID;
935
936 /* Decide if this is a secure exec. */
937 if (bsp->smk_task != bsp->smk_forked)
938 bprm->secureexec = 1;
939
940 return 0;
941 }
942
943 /*
944 * Inode hooks
945 */
946
947 /**
948 * smack_inode_alloc_security - allocate an inode blob
949 * @inode: the inode in need of a blob
950 *
951 * Returns 0
952 */
smack_inode_alloc_security(struct inode * inode)953 static int smack_inode_alloc_security(struct inode *inode)
954 {
955 struct smack_known *skp = smk_of_current();
956
957 init_inode_smack(inode, skp);
958 return 0;
959 }
960
961 /**
962 * smack_inode_init_security - copy out the smack from an inode
963 * @inode: the newly created inode
964 * @dir: containing directory object
965 * @qstr: unused
966 * @name: where to put the attribute name
967 * @value: where to put the attribute value
968 * @len: where to put the length of the attribute
969 *
970 * Returns 0 if it all works out, -ENOMEM if there's no memory
971 */
smack_inode_init_security(struct inode * inode,struct inode * dir,const struct qstr * qstr,const char ** name,void ** value,size_t * len)972 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
973 const struct qstr *qstr, const char **name,
974 void **value, size_t *len)
975 {
976 struct inode_smack *issp = smack_inode(inode);
977 struct smack_known *skp = smk_of_current();
978 struct smack_known *isp = smk_of_inode(inode);
979 struct smack_known *dsp = smk_of_inode(dir);
980 int may;
981
982 if (name)
983 *name = XATTR_SMACK_SUFFIX;
984
985 if (value && len) {
986 rcu_read_lock();
987 may = smk_access_entry(skp->smk_known, dsp->smk_known,
988 &skp->smk_rules);
989 rcu_read_unlock();
990
991 /*
992 * If the access rule allows transmutation and
993 * the directory requests transmutation then
994 * by all means transmute.
995 * Mark the inode as changed.
996 */
997 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
998 smk_inode_transmutable(dir)) {
999 isp = dsp;
1000 issp->smk_flags |= SMK_INODE_CHANGED;
1001 }
1002
1003 *value = kstrdup(isp->smk_known, GFP_NOFS);
1004 if (*value == NULL)
1005 return -ENOMEM;
1006
1007 *len = strlen(isp->smk_known);
1008 }
1009
1010 return 0;
1011 }
1012
1013 /**
1014 * smack_inode_link - Smack check on link
1015 * @old_dentry: the existing object
1016 * @dir: unused
1017 * @new_dentry: the new object
1018 *
1019 * Returns 0 if access is permitted, an error code otherwise
1020 */
smack_inode_link(struct dentry * old_dentry,struct inode * dir,struct dentry * new_dentry)1021 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1022 struct dentry *new_dentry)
1023 {
1024 struct smack_known *isp;
1025 struct smk_audit_info ad;
1026 int rc;
1027
1028 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1029 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1030
1031 isp = smk_of_inode(d_backing_inode(old_dentry));
1032 rc = smk_curacc(isp, MAY_WRITE, &ad);
1033 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1034
1035 if (rc == 0 && d_is_positive(new_dentry)) {
1036 isp = smk_of_inode(d_backing_inode(new_dentry));
1037 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1038 rc = smk_curacc(isp, MAY_WRITE, &ad);
1039 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1040 }
1041
1042 return rc;
1043 }
1044
1045 /**
1046 * smack_inode_unlink - Smack check on inode deletion
1047 * @dir: containing directory object
1048 * @dentry: file to unlink
1049 *
1050 * Returns 0 if current can write the containing directory
1051 * and the object, error code otherwise
1052 */
smack_inode_unlink(struct inode * dir,struct dentry * dentry)1053 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1054 {
1055 struct inode *ip = d_backing_inode(dentry);
1056 struct smk_audit_info ad;
1057 int rc;
1058
1059 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1060 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1061
1062 /*
1063 * You need write access to the thing you're unlinking
1064 */
1065 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1066 rc = smk_bu_inode(ip, MAY_WRITE, rc);
1067 if (rc == 0) {
1068 /*
1069 * You also need write access to the containing directory
1070 */
1071 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1072 smk_ad_setfield_u_fs_inode(&ad, dir);
1073 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1074 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1075 }
1076 return rc;
1077 }
1078
1079 /**
1080 * smack_inode_rmdir - Smack check on directory deletion
1081 * @dir: containing directory object
1082 * @dentry: directory to unlink
1083 *
1084 * Returns 0 if current can write the containing directory
1085 * and the directory, error code otherwise
1086 */
smack_inode_rmdir(struct inode * dir,struct dentry * dentry)1087 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1088 {
1089 struct smk_audit_info ad;
1090 int rc;
1091
1092 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1093 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1094
1095 /*
1096 * You need write access to the thing you're removing
1097 */
1098 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1099 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1100 if (rc == 0) {
1101 /*
1102 * You also need write access to the containing directory
1103 */
1104 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1105 smk_ad_setfield_u_fs_inode(&ad, dir);
1106 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1107 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1108 }
1109
1110 return rc;
1111 }
1112
1113 /**
1114 * smack_inode_rename - Smack check on rename
1115 * @old_inode: unused
1116 * @old_dentry: the old object
1117 * @new_inode: unused
1118 * @new_dentry: the new object
1119 *
1120 * Read and write access is required on both the old and
1121 * new directories.
1122 *
1123 * Returns 0 if access is permitted, an error code otherwise
1124 */
smack_inode_rename(struct inode * old_inode,struct dentry * old_dentry,struct inode * new_inode,struct dentry * new_dentry)1125 static int smack_inode_rename(struct inode *old_inode,
1126 struct dentry *old_dentry,
1127 struct inode *new_inode,
1128 struct dentry *new_dentry)
1129 {
1130 int rc;
1131 struct smack_known *isp;
1132 struct smk_audit_info ad;
1133
1134 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1135 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1136
1137 isp = smk_of_inode(d_backing_inode(old_dentry));
1138 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1139 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1140
1141 if (rc == 0 && d_is_positive(new_dentry)) {
1142 isp = smk_of_inode(d_backing_inode(new_dentry));
1143 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1144 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1145 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1146 }
1147 return rc;
1148 }
1149
1150 /**
1151 * smack_inode_permission - Smack version of permission()
1152 * @inode: the inode in question
1153 * @mask: the access requested
1154 *
1155 * This is the important Smack hook.
1156 *
1157 * Returns 0 if access is permitted, an error code otherwise
1158 */
smack_inode_permission(struct inode * inode,int mask)1159 static int smack_inode_permission(struct inode *inode, int mask)
1160 {
1161 struct superblock_smack *sbsp = inode->i_sb->s_security;
1162 struct smk_audit_info ad;
1163 int no_block = mask & MAY_NOT_BLOCK;
1164 int rc;
1165
1166 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1167 /*
1168 * No permission to check. Existence test. Yup, it's there.
1169 */
1170 if (mask == 0)
1171 return 0;
1172
1173 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1174 if (smk_of_inode(inode) != sbsp->smk_root)
1175 return -EACCES;
1176 }
1177
1178 /* May be droppable after audit */
1179 if (no_block)
1180 return -ECHILD;
1181 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1182 smk_ad_setfield_u_fs_inode(&ad, inode);
1183 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1184 rc = smk_bu_inode(inode, mask, rc);
1185 return rc;
1186 }
1187
1188 /**
1189 * smack_inode_setattr - Smack check for setting attributes
1190 * @dentry: the object
1191 * @iattr: for the force flag
1192 *
1193 * Returns 0 if access is permitted, an error code otherwise
1194 */
smack_inode_setattr(struct dentry * dentry,struct iattr * iattr)1195 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1196 {
1197 struct smk_audit_info ad;
1198 int rc;
1199
1200 /*
1201 * Need to allow for clearing the setuid bit.
1202 */
1203 if (iattr->ia_valid & ATTR_FORCE)
1204 return 0;
1205 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1206 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1207
1208 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1209 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1210 return rc;
1211 }
1212
1213 /**
1214 * smack_inode_getattr - Smack check for getting attributes
1215 * @path: path to extract the info from
1216 *
1217 * Returns 0 if access is permitted, an error code otherwise
1218 */
smack_inode_getattr(const struct path * path)1219 static int smack_inode_getattr(const struct path *path)
1220 {
1221 struct smk_audit_info ad;
1222 struct inode *inode = d_backing_inode(path->dentry);
1223 int rc;
1224
1225 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1226 smk_ad_setfield_u_fs_path(&ad, *path);
1227 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1228 rc = smk_bu_inode(inode, MAY_READ, rc);
1229 return rc;
1230 }
1231
1232 /**
1233 * smack_inode_setxattr - Smack check for setting xattrs
1234 * @dentry: the object
1235 * @name: name of the attribute
1236 * @value: value of the attribute
1237 * @size: size of the value
1238 * @flags: unused
1239 *
1240 * This protects the Smack attribute explicitly.
1241 *
1242 * Returns 0 if access is permitted, an error code otherwise
1243 */
smack_inode_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)1244 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1245 const void *value, size_t size, int flags)
1246 {
1247 struct smk_audit_info ad;
1248 struct smack_known *skp;
1249 int check_priv = 0;
1250 int check_import = 0;
1251 int check_star = 0;
1252 int rc = 0;
1253
1254 /*
1255 * Check label validity here so import won't fail in post_setxattr
1256 */
1257 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1258 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1259 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1260 check_priv = 1;
1261 check_import = 1;
1262 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1263 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1264 check_priv = 1;
1265 check_import = 1;
1266 check_star = 1;
1267 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1268 check_priv = 1;
1269 if (size != TRANS_TRUE_SIZE ||
1270 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1271 rc = -EINVAL;
1272 } else
1273 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1274
1275 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1276 rc = -EPERM;
1277
1278 if (rc == 0 && check_import) {
1279 skp = size ? smk_import_entry(value, size) : NULL;
1280 if (IS_ERR(skp))
1281 rc = PTR_ERR(skp);
1282 else if (skp == NULL || (check_star &&
1283 (skp == &smack_known_star || skp == &smack_known_web)))
1284 rc = -EINVAL;
1285 }
1286
1287 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1288 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1289
1290 if (rc == 0) {
1291 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1292 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1293 }
1294
1295 return rc;
1296 }
1297
1298 /**
1299 * smack_inode_post_setxattr - Apply the Smack update approved above
1300 * @dentry: object
1301 * @name: attribute name
1302 * @value: attribute value
1303 * @size: attribute size
1304 * @flags: unused
1305 *
1306 * Set the pointer in the inode blob to the entry found
1307 * in the master label list.
1308 */
smack_inode_post_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)1309 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1310 const void *value, size_t size, int flags)
1311 {
1312 struct smack_known *skp;
1313 struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
1314
1315 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1316 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1317 return;
1318 }
1319
1320 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1321 skp = smk_import_entry(value, size);
1322 if (!IS_ERR(skp))
1323 isp->smk_inode = skp;
1324 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1325 skp = smk_import_entry(value, size);
1326 if (!IS_ERR(skp))
1327 isp->smk_task = skp;
1328 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1329 skp = smk_import_entry(value, size);
1330 if (!IS_ERR(skp))
1331 isp->smk_mmap = skp;
1332 }
1333
1334 return;
1335 }
1336
1337 /**
1338 * smack_inode_getxattr - Smack check on getxattr
1339 * @dentry: the object
1340 * @name: unused
1341 *
1342 * Returns 0 if access is permitted, an error code otherwise
1343 */
smack_inode_getxattr(struct dentry * dentry,const char * name)1344 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1345 {
1346 struct smk_audit_info ad;
1347 int rc;
1348
1349 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1350 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1351
1352 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1353 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1354 return rc;
1355 }
1356
1357 /**
1358 * smack_inode_removexattr - Smack check on removexattr
1359 * @dentry: the object
1360 * @name: name of the attribute
1361 *
1362 * Removing the Smack attribute requires CAP_MAC_ADMIN
1363 *
1364 * Returns 0 if access is permitted, an error code otherwise
1365 */
smack_inode_removexattr(struct dentry * dentry,const char * name)1366 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1367 {
1368 struct inode_smack *isp;
1369 struct smk_audit_info ad;
1370 int rc = 0;
1371
1372 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1373 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1374 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1375 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1376 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1377 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1378 if (!smack_privileged(CAP_MAC_ADMIN))
1379 rc = -EPERM;
1380 } else
1381 rc = cap_inode_removexattr(dentry, name);
1382
1383 if (rc != 0)
1384 return rc;
1385
1386 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1387 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1388
1389 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1390 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1391 if (rc != 0)
1392 return rc;
1393
1394 isp = smack_inode(d_backing_inode(dentry));
1395 /*
1396 * Don't do anything special for these.
1397 * XATTR_NAME_SMACKIPIN
1398 * XATTR_NAME_SMACKIPOUT
1399 */
1400 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1401 struct super_block *sbp = dentry->d_sb;
1402 struct superblock_smack *sbsp = sbp->s_security;
1403
1404 isp->smk_inode = sbsp->smk_default;
1405 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1406 isp->smk_task = NULL;
1407 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1408 isp->smk_mmap = NULL;
1409 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1410 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1411
1412 return 0;
1413 }
1414
1415 /**
1416 * smack_inode_getsecurity - get smack xattrs
1417 * @inode: the object
1418 * @name: attribute name
1419 * @buffer: where to put the result
1420 * @alloc: duplicate memory
1421 *
1422 * Returns the size of the attribute or an error code
1423 */
smack_inode_getsecurity(struct inode * inode,const char * name,void ** buffer,bool alloc)1424 static int smack_inode_getsecurity(struct inode *inode,
1425 const char *name, void **buffer,
1426 bool alloc)
1427 {
1428 struct socket_smack *ssp;
1429 struct socket *sock;
1430 struct super_block *sbp;
1431 struct inode *ip = (struct inode *)inode;
1432 struct smack_known *isp;
1433
1434 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
1435 isp = smk_of_inode(inode);
1436 else {
1437 /*
1438 * The rest of the Smack xattrs are only on sockets.
1439 */
1440 sbp = ip->i_sb;
1441 if (sbp->s_magic != SOCKFS_MAGIC)
1442 return -EOPNOTSUPP;
1443
1444 sock = SOCKET_I(ip);
1445 if (sock == NULL || sock->sk == NULL)
1446 return -EOPNOTSUPP;
1447
1448 ssp = sock->sk->sk_security;
1449
1450 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1451 isp = ssp->smk_in;
1452 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1453 isp = ssp->smk_out;
1454 else
1455 return -EOPNOTSUPP;
1456 }
1457
1458 if (alloc) {
1459 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1460 if (*buffer == NULL)
1461 return -ENOMEM;
1462 }
1463
1464 return strlen(isp->smk_known);
1465 }
1466
1467
1468 /**
1469 * smack_inode_listsecurity - list the Smack attributes
1470 * @inode: the object
1471 * @buffer: where they go
1472 * @buffer_size: size of buffer
1473 */
smack_inode_listsecurity(struct inode * inode,char * buffer,size_t buffer_size)1474 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1475 size_t buffer_size)
1476 {
1477 int len = sizeof(XATTR_NAME_SMACK);
1478
1479 if (buffer != NULL && len <= buffer_size)
1480 memcpy(buffer, XATTR_NAME_SMACK, len);
1481
1482 return len;
1483 }
1484
1485 /**
1486 * smack_inode_getsecid - Extract inode's security id
1487 * @inode: inode to extract the info from
1488 * @secid: where result will be saved
1489 */
smack_inode_getsecid(struct inode * inode,u32 * secid)1490 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1491 {
1492 struct smack_known *skp = smk_of_inode(inode);
1493
1494 *secid = skp->smk_secid;
1495 }
1496
1497 /*
1498 * File Hooks
1499 */
1500
1501 /*
1502 * There is no smack_file_permission hook
1503 *
1504 * Should access checks be done on each read or write?
1505 * UNICOS and SELinux say yes.
1506 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1507 *
1508 * I'll say no for now. Smack does not do the frequent
1509 * label changing that SELinux does.
1510 */
1511
1512 /**
1513 * smack_file_alloc_security - assign a file security blob
1514 * @file: the object
1515 *
1516 * The security blob for a file is a pointer to the master
1517 * label list, so no allocation is done.
1518 *
1519 * f_security is the owner security information. It
1520 * isn't used on file access checks, it's for send_sigio.
1521 *
1522 * Returns 0
1523 */
smack_file_alloc_security(struct file * file)1524 static int smack_file_alloc_security(struct file *file)
1525 {
1526 struct smack_known **blob = smack_file(file);
1527
1528 *blob = smk_of_current();
1529 return 0;
1530 }
1531
1532 /**
1533 * smack_file_ioctl - Smack check on ioctls
1534 * @file: the object
1535 * @cmd: what to do
1536 * @arg: unused
1537 *
1538 * Relies heavily on the correct use of the ioctl command conventions.
1539 *
1540 * Returns 0 if allowed, error code otherwise
1541 */
smack_file_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1542 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1543 unsigned long arg)
1544 {
1545 int rc = 0;
1546 struct smk_audit_info ad;
1547 struct inode *inode = file_inode(file);
1548
1549 if (unlikely(IS_PRIVATE(inode)))
1550 return 0;
1551
1552 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1553 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1554
1555 if (_IOC_DIR(cmd) & _IOC_WRITE) {
1556 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1557 rc = smk_bu_file(file, MAY_WRITE, rc);
1558 }
1559
1560 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1561 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1562 rc = smk_bu_file(file, MAY_READ, rc);
1563 }
1564
1565 return rc;
1566 }
1567
1568 /**
1569 * smack_file_lock - Smack check on file locking
1570 * @file: the object
1571 * @cmd: unused
1572 *
1573 * Returns 0 if current has lock access, error code otherwise
1574 */
smack_file_lock(struct file * file,unsigned int cmd)1575 static int smack_file_lock(struct file *file, unsigned int cmd)
1576 {
1577 struct smk_audit_info ad;
1578 int rc;
1579 struct inode *inode = file_inode(file);
1580
1581 if (unlikely(IS_PRIVATE(inode)))
1582 return 0;
1583
1584 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1585 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1586 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1587 rc = smk_bu_file(file, MAY_LOCK, rc);
1588 return rc;
1589 }
1590
1591 /**
1592 * smack_file_fcntl - Smack check on fcntl
1593 * @file: the object
1594 * @cmd: what action to check
1595 * @arg: unused
1596 *
1597 * Generally these operations are harmless.
1598 * File locking operations present an obvious mechanism
1599 * for passing information, so they require write access.
1600 *
1601 * Returns 0 if current has access, error code otherwise
1602 */
smack_file_fcntl(struct file * file,unsigned int cmd,unsigned long arg)1603 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1604 unsigned long arg)
1605 {
1606 struct smk_audit_info ad;
1607 int rc = 0;
1608 struct inode *inode = file_inode(file);
1609
1610 if (unlikely(IS_PRIVATE(inode)))
1611 return 0;
1612
1613 switch (cmd) {
1614 case F_GETLK:
1615 break;
1616 case F_SETLK:
1617 case F_SETLKW:
1618 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1619 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1620 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1621 rc = smk_bu_file(file, MAY_LOCK, rc);
1622 break;
1623 case F_SETOWN:
1624 case F_SETSIG:
1625 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1626 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1627 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1628 rc = smk_bu_file(file, MAY_WRITE, rc);
1629 break;
1630 default:
1631 break;
1632 }
1633
1634 return rc;
1635 }
1636
1637 /**
1638 * smack_mmap_file :
1639 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1640 * if mapping anonymous memory.
1641 * @file contains the file structure for file to map (may be NULL).
1642 * @reqprot contains the protection requested by the application.
1643 * @prot contains the protection that will be applied by the kernel.
1644 * @flags contains the operational flags.
1645 * Return 0 if permission is granted.
1646 */
smack_mmap_file(struct file * file,unsigned long reqprot,unsigned long prot,unsigned long flags)1647 static int smack_mmap_file(struct file *file,
1648 unsigned long reqprot, unsigned long prot,
1649 unsigned long flags)
1650 {
1651 struct smack_known *skp;
1652 struct smack_known *mkp;
1653 struct smack_rule *srp;
1654 struct task_smack *tsp;
1655 struct smack_known *okp;
1656 struct inode_smack *isp;
1657 struct superblock_smack *sbsp;
1658 int may;
1659 int mmay;
1660 int tmay;
1661 int rc;
1662
1663 if (file == NULL)
1664 return 0;
1665
1666 if (unlikely(IS_PRIVATE(file_inode(file))))
1667 return 0;
1668
1669 isp = smack_inode(file_inode(file));
1670 if (isp->smk_mmap == NULL)
1671 return 0;
1672 sbsp = file_inode(file)->i_sb->s_security;
1673 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1674 isp->smk_mmap != sbsp->smk_root)
1675 return -EACCES;
1676 mkp = isp->smk_mmap;
1677
1678 tsp = smack_cred(current_cred());
1679 skp = smk_of_current();
1680 rc = 0;
1681
1682 rcu_read_lock();
1683 /*
1684 * For each Smack rule associated with the subject
1685 * label verify that the SMACK64MMAP also has access
1686 * to that rule's object label.
1687 */
1688 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1689 okp = srp->smk_object;
1690 /*
1691 * Matching labels always allows access.
1692 */
1693 if (mkp->smk_known == okp->smk_known)
1694 continue;
1695 /*
1696 * If there is a matching local rule take
1697 * that into account as well.
1698 */
1699 may = smk_access_entry(srp->smk_subject->smk_known,
1700 okp->smk_known,
1701 &tsp->smk_rules);
1702 if (may == -ENOENT)
1703 may = srp->smk_access;
1704 else
1705 may &= srp->smk_access;
1706 /*
1707 * If may is zero the SMACK64MMAP subject can't
1708 * possibly have less access.
1709 */
1710 if (may == 0)
1711 continue;
1712
1713 /*
1714 * Fetch the global list entry.
1715 * If there isn't one a SMACK64MMAP subject
1716 * can't have as much access as current.
1717 */
1718 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1719 &mkp->smk_rules);
1720 if (mmay == -ENOENT) {
1721 rc = -EACCES;
1722 break;
1723 }
1724 /*
1725 * If there is a local entry it modifies the
1726 * potential access, too.
1727 */
1728 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1729 &tsp->smk_rules);
1730 if (tmay != -ENOENT)
1731 mmay &= tmay;
1732
1733 /*
1734 * If there is any access available to current that is
1735 * not available to a SMACK64MMAP subject
1736 * deny access.
1737 */
1738 if ((may | mmay) != mmay) {
1739 rc = -EACCES;
1740 break;
1741 }
1742 }
1743
1744 rcu_read_unlock();
1745
1746 return rc;
1747 }
1748
1749 /**
1750 * smack_file_set_fowner - set the file security blob value
1751 * @file: object in question
1752 *
1753 */
smack_file_set_fowner(struct file * file)1754 static void smack_file_set_fowner(struct file *file)
1755 {
1756 struct smack_known **blob = smack_file(file);
1757
1758 *blob = smk_of_current();
1759 }
1760
1761 /**
1762 * smack_file_send_sigiotask - Smack on sigio
1763 * @tsk: The target task
1764 * @fown: the object the signal come from
1765 * @signum: unused
1766 *
1767 * Allow a privileged task to get signals even if it shouldn't
1768 *
1769 * Returns 0 if a subject with the object's smack could
1770 * write to the task, an error code otherwise.
1771 */
smack_file_send_sigiotask(struct task_struct * tsk,struct fown_struct * fown,int signum)1772 static int smack_file_send_sigiotask(struct task_struct *tsk,
1773 struct fown_struct *fown, int signum)
1774 {
1775 struct smack_known **blob;
1776 struct smack_known *skp;
1777 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
1778 const struct cred *tcred;
1779 struct file *file;
1780 int rc;
1781 struct smk_audit_info ad;
1782
1783 /*
1784 * struct fown_struct is never outside the context of a struct file
1785 */
1786 file = container_of(fown, struct file, f_owner);
1787
1788 /* we don't log here as rc can be overriden */
1789 blob = smack_file(file);
1790 skp = *blob;
1791 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1792 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1793
1794 rcu_read_lock();
1795 tcred = __task_cred(tsk);
1796 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
1797 rc = 0;
1798 rcu_read_unlock();
1799
1800 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1801 smk_ad_setfield_u_tsk(&ad, tsk);
1802 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1803 return rc;
1804 }
1805
1806 /**
1807 * smack_file_receive - Smack file receive check
1808 * @file: the object
1809 *
1810 * Returns 0 if current has access, error code otherwise
1811 */
smack_file_receive(struct file * file)1812 static int smack_file_receive(struct file *file)
1813 {
1814 int rc;
1815 int may = 0;
1816 struct smk_audit_info ad;
1817 struct inode *inode = file_inode(file);
1818 struct socket *sock;
1819 struct task_smack *tsp;
1820 struct socket_smack *ssp;
1821
1822 if (unlikely(IS_PRIVATE(inode)))
1823 return 0;
1824
1825 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1826 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1827
1828 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1829 sock = SOCKET_I(inode);
1830 ssp = sock->sk->sk_security;
1831 tsp = smack_cred(current_cred());
1832 /*
1833 * If the receiving process can't write to the
1834 * passed socket or if the passed socket can't
1835 * write to the receiving process don't accept
1836 * the passed socket.
1837 */
1838 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1839 rc = smk_bu_file(file, may, rc);
1840 if (rc < 0)
1841 return rc;
1842 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1843 rc = smk_bu_file(file, may, rc);
1844 return rc;
1845 }
1846 /*
1847 * This code relies on bitmasks.
1848 */
1849 if (file->f_mode & FMODE_READ)
1850 may = MAY_READ;
1851 if (file->f_mode & FMODE_WRITE)
1852 may |= MAY_WRITE;
1853
1854 rc = smk_curacc(smk_of_inode(inode), may, &ad);
1855 rc = smk_bu_file(file, may, rc);
1856 return rc;
1857 }
1858
1859 /**
1860 * smack_file_open - Smack dentry open processing
1861 * @file: the object
1862 *
1863 * Set the security blob in the file structure.
1864 * Allow the open only if the task has read access. There are
1865 * many read operations (e.g. fstat) that you can do with an
1866 * fd even if you have the file open write-only.
1867 *
1868 * Returns 0 if current has access, error code otherwise
1869 */
smack_file_open(struct file * file)1870 static int smack_file_open(struct file *file)
1871 {
1872 struct task_smack *tsp = smack_cred(file->f_cred);
1873 struct inode *inode = file_inode(file);
1874 struct smk_audit_info ad;
1875 int rc;
1876
1877 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1878 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1879 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1880 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
1881
1882 return rc;
1883 }
1884
1885 /*
1886 * Task hooks
1887 */
1888
1889 /**
1890 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1891 * @cred: the new credentials
1892 * @gfp: the atomicity of any memory allocations
1893 *
1894 * Prepare a blank set of credentials for modification. This must allocate all
1895 * the memory the LSM module might require such that cred_transfer() can
1896 * complete without error.
1897 */
smack_cred_alloc_blank(struct cred * cred,gfp_t gfp)1898 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1899 {
1900 init_task_smack(smack_cred(cred), NULL, NULL);
1901 return 0;
1902 }
1903
1904
1905 /**
1906 * smack_cred_free - "free" task-level security credentials
1907 * @cred: the credentials in question
1908 *
1909 */
smack_cred_free(struct cred * cred)1910 static void smack_cred_free(struct cred *cred)
1911 {
1912 struct task_smack *tsp = smack_cred(cred);
1913 struct smack_rule *rp;
1914 struct list_head *l;
1915 struct list_head *n;
1916
1917 smk_destroy_label_list(&tsp->smk_relabel);
1918
1919 list_for_each_safe(l, n, &tsp->smk_rules) {
1920 rp = list_entry(l, struct smack_rule, list);
1921 list_del(&rp->list);
1922 kmem_cache_free(smack_rule_cache, rp);
1923 }
1924 }
1925
1926 /**
1927 * smack_cred_prepare - prepare new set of credentials for modification
1928 * @new: the new credentials
1929 * @old: the original credentials
1930 * @gfp: the atomicity of any memory allocations
1931 *
1932 * Prepare a new set of credentials for modification.
1933 */
smack_cred_prepare(struct cred * new,const struct cred * old,gfp_t gfp)1934 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1935 gfp_t gfp)
1936 {
1937 struct task_smack *old_tsp = smack_cred(old);
1938 struct task_smack *new_tsp = smack_cred(new);
1939 int rc;
1940
1941 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
1942
1943 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1944 if (rc != 0)
1945 return rc;
1946
1947 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
1948 gfp);
1949 return rc;
1950 }
1951
1952 /**
1953 * smack_cred_transfer - Transfer the old credentials to the new credentials
1954 * @new: the new credentials
1955 * @old: the original credentials
1956 *
1957 * Fill in a set of blank credentials from another set of credentials.
1958 */
smack_cred_transfer(struct cred * new,const struct cred * old)1959 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1960 {
1961 struct task_smack *old_tsp = smack_cred(old);
1962 struct task_smack *new_tsp = smack_cred(new);
1963
1964 new_tsp->smk_task = old_tsp->smk_task;
1965 new_tsp->smk_forked = old_tsp->smk_task;
1966 mutex_init(&new_tsp->smk_rules_lock);
1967 INIT_LIST_HEAD(&new_tsp->smk_rules);
1968
1969 /* cbs copy rule list */
1970 }
1971
1972 /**
1973 * smack_cred_getsecid - get the secid corresponding to a creds structure
1974 * @cred: the object creds
1975 * @secid: where to put the result
1976 *
1977 * Sets the secid to contain a u32 version of the smack label.
1978 */
smack_cred_getsecid(const struct cred * cred,u32 * secid)1979 static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
1980 {
1981 struct smack_known *skp;
1982
1983 rcu_read_lock();
1984 skp = smk_of_task(smack_cred(cred));
1985 *secid = skp->smk_secid;
1986 rcu_read_unlock();
1987 }
1988
1989 /**
1990 * smack_kernel_act_as - Set the subjective context in a set of credentials
1991 * @new: points to the set of credentials to be modified.
1992 * @secid: specifies the security ID to be set
1993 *
1994 * Set the security data for a kernel service.
1995 */
smack_kernel_act_as(struct cred * new,u32 secid)1996 static int smack_kernel_act_as(struct cred *new, u32 secid)
1997 {
1998 struct task_smack *new_tsp = smack_cred(new);
1999
2000 new_tsp->smk_task = smack_from_secid(secid);
2001 return 0;
2002 }
2003
2004 /**
2005 * smack_kernel_create_files_as - Set the file creation label in a set of creds
2006 * @new: points to the set of credentials to be modified
2007 * @inode: points to the inode to use as a reference
2008 *
2009 * Set the file creation context in a set of credentials to the same
2010 * as the objective context of the specified inode
2011 */
smack_kernel_create_files_as(struct cred * new,struct inode * inode)2012 static int smack_kernel_create_files_as(struct cred *new,
2013 struct inode *inode)
2014 {
2015 struct inode_smack *isp = smack_inode(inode);
2016 struct task_smack *tsp = smack_cred(new);
2017
2018 tsp->smk_forked = isp->smk_inode;
2019 tsp->smk_task = tsp->smk_forked;
2020 return 0;
2021 }
2022
2023 /**
2024 * smk_curacc_on_task - helper to log task related access
2025 * @p: the task object
2026 * @access: the access requested
2027 * @caller: name of the calling function for audit
2028 *
2029 * Return 0 if access is permitted
2030 */
smk_curacc_on_task(struct task_struct * p,int access,const char * caller)2031 static int smk_curacc_on_task(struct task_struct *p, int access,
2032 const char *caller)
2033 {
2034 struct smk_audit_info ad;
2035 struct smack_known *skp = smk_of_task_struct(p);
2036 int rc;
2037
2038 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2039 smk_ad_setfield_u_tsk(&ad, p);
2040 rc = smk_curacc(skp, access, &ad);
2041 rc = smk_bu_task(p, access, rc);
2042 return rc;
2043 }
2044
2045 /**
2046 * smack_task_setpgid - Smack check on setting pgid
2047 * @p: the task object
2048 * @pgid: unused
2049 *
2050 * Return 0 if write access is permitted
2051 */
smack_task_setpgid(struct task_struct * p,pid_t pgid)2052 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2053 {
2054 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2055 }
2056
2057 /**
2058 * smack_task_getpgid - Smack access check for getpgid
2059 * @p: the object task
2060 *
2061 * Returns 0 if current can read the object task, error code otherwise
2062 */
smack_task_getpgid(struct task_struct * p)2063 static int smack_task_getpgid(struct task_struct *p)
2064 {
2065 return smk_curacc_on_task(p, MAY_READ, __func__);
2066 }
2067
2068 /**
2069 * smack_task_getsid - Smack access check for getsid
2070 * @p: the object task
2071 *
2072 * Returns 0 if current can read the object task, error code otherwise
2073 */
smack_task_getsid(struct task_struct * p)2074 static int smack_task_getsid(struct task_struct *p)
2075 {
2076 return smk_curacc_on_task(p, MAY_READ, __func__);
2077 }
2078
2079 /**
2080 * smack_task_getsecid - get the secid of the task
2081 * @p: the object task
2082 * @secid: where to put the result
2083 *
2084 * Sets the secid to contain a u32 version of the smack label.
2085 */
smack_task_getsecid(struct task_struct * p,u32 * secid)2086 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2087 {
2088 struct smack_known *skp = smk_of_task_struct(p);
2089
2090 *secid = skp->smk_secid;
2091 }
2092
2093 /**
2094 * smack_task_setnice - Smack check on setting nice
2095 * @p: the task object
2096 * @nice: unused
2097 *
2098 * Return 0 if write access is permitted
2099 */
smack_task_setnice(struct task_struct * p,int nice)2100 static int smack_task_setnice(struct task_struct *p, int nice)
2101 {
2102 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2103 }
2104
2105 /**
2106 * smack_task_setioprio - Smack check on setting ioprio
2107 * @p: the task object
2108 * @ioprio: unused
2109 *
2110 * Return 0 if write access is permitted
2111 */
smack_task_setioprio(struct task_struct * p,int ioprio)2112 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2113 {
2114 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2115 }
2116
2117 /**
2118 * smack_task_getioprio - Smack check on reading ioprio
2119 * @p: the task object
2120 *
2121 * Return 0 if read access is permitted
2122 */
smack_task_getioprio(struct task_struct * p)2123 static int smack_task_getioprio(struct task_struct *p)
2124 {
2125 return smk_curacc_on_task(p, MAY_READ, __func__);
2126 }
2127
2128 /**
2129 * smack_task_setscheduler - Smack check on setting scheduler
2130 * @p: the task object
2131 *
2132 * Return 0 if read access is permitted
2133 */
smack_task_setscheduler(struct task_struct * p)2134 static int smack_task_setscheduler(struct task_struct *p)
2135 {
2136 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2137 }
2138
2139 /**
2140 * smack_task_getscheduler - Smack check on reading scheduler
2141 * @p: the task object
2142 *
2143 * Return 0 if read access is permitted
2144 */
smack_task_getscheduler(struct task_struct * p)2145 static int smack_task_getscheduler(struct task_struct *p)
2146 {
2147 return smk_curacc_on_task(p, MAY_READ, __func__);
2148 }
2149
2150 /**
2151 * smack_task_movememory - Smack check on moving memory
2152 * @p: the task object
2153 *
2154 * Return 0 if write access is permitted
2155 */
smack_task_movememory(struct task_struct * p)2156 static int smack_task_movememory(struct task_struct *p)
2157 {
2158 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2159 }
2160
2161 /**
2162 * smack_task_kill - Smack check on signal delivery
2163 * @p: the task object
2164 * @info: unused
2165 * @sig: unused
2166 * @cred: identifies the cred to use in lieu of current's
2167 *
2168 * Return 0 if write access is permitted
2169 *
2170 */
smack_task_kill(struct task_struct * p,struct kernel_siginfo * info,int sig,const struct cred * cred)2171 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
2172 int sig, const struct cred *cred)
2173 {
2174 struct smk_audit_info ad;
2175 struct smack_known *skp;
2176 struct smack_known *tkp = smk_of_task_struct(p);
2177 int rc;
2178
2179 if (!sig)
2180 return 0; /* null signal; existence test */
2181
2182 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2183 smk_ad_setfield_u_tsk(&ad, p);
2184 /*
2185 * Sending a signal requires that the sender
2186 * can write the receiver.
2187 */
2188 if (cred == NULL) {
2189 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2190 rc = smk_bu_task(p, MAY_DELIVER, rc);
2191 return rc;
2192 }
2193 /*
2194 * If the cred isn't NULL we're dealing with some USB IO
2195 * specific behavior. This is not clean. For one thing
2196 * we can't take privilege into account.
2197 */
2198 skp = smk_of_task(smack_cred(cred));
2199 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2200 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2201 return rc;
2202 }
2203
2204 /**
2205 * smack_task_to_inode - copy task smack into the inode blob
2206 * @p: task to copy from
2207 * @inode: inode to copy to
2208 *
2209 * Sets the smack pointer in the inode security blob
2210 */
smack_task_to_inode(struct task_struct * p,struct inode * inode)2211 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2212 {
2213 struct inode_smack *isp = smack_inode(inode);
2214 struct smack_known *skp = smk_of_task_struct(p);
2215
2216 isp->smk_inode = skp;
2217 isp->smk_flags |= SMK_INODE_INSTANT;
2218 }
2219
2220 /*
2221 * Socket hooks.
2222 */
2223
2224 /**
2225 * smack_sk_alloc_security - Allocate a socket blob
2226 * @sk: the socket
2227 * @family: unused
2228 * @gfp_flags: memory allocation flags
2229 *
2230 * Assign Smack pointers to current
2231 *
2232 * Returns 0 on success, -ENOMEM is there's no memory
2233 */
smack_sk_alloc_security(struct sock * sk,int family,gfp_t gfp_flags)2234 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2235 {
2236 struct smack_known *skp = smk_of_current();
2237 struct socket_smack *ssp;
2238
2239 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2240 if (ssp == NULL)
2241 return -ENOMEM;
2242
2243 /*
2244 * Sockets created by kernel threads receive web label.
2245 */
2246 if (unlikely(current->flags & PF_KTHREAD)) {
2247 ssp->smk_in = &smack_known_web;
2248 ssp->smk_out = &smack_known_web;
2249 } else {
2250 ssp->smk_in = skp;
2251 ssp->smk_out = skp;
2252 }
2253 ssp->smk_packet = NULL;
2254
2255 sk->sk_security = ssp;
2256
2257 return 0;
2258 }
2259
2260 /**
2261 * smack_sk_free_security - Free a socket blob
2262 * @sk: the socket
2263 *
2264 * Clears the blob pointer
2265 */
smack_sk_free_security(struct sock * sk)2266 static void smack_sk_free_security(struct sock *sk)
2267 {
2268 #ifdef SMACK_IPV6_PORT_LABELING
2269 struct smk_port_label *spp;
2270
2271 if (sk->sk_family == PF_INET6) {
2272 rcu_read_lock();
2273 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2274 if (spp->smk_sock != sk)
2275 continue;
2276 spp->smk_can_reuse = 1;
2277 break;
2278 }
2279 rcu_read_unlock();
2280 }
2281 #endif
2282 kfree(sk->sk_security);
2283 }
2284
2285 /**
2286 * smack_ipv4host_label - check host based restrictions
2287 * @sip: the object end
2288 *
2289 * looks for host based access restrictions
2290 *
2291 * This version will only be appropriate for really small sets of single label
2292 * hosts. The caller is responsible for ensuring that the RCU read lock is
2293 * taken before calling this function.
2294 *
2295 * Returns the label of the far end or NULL if it's not special.
2296 */
smack_ipv4host_label(struct sockaddr_in * sip)2297 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2298 {
2299 struct smk_net4addr *snp;
2300 struct in_addr *siap = &sip->sin_addr;
2301
2302 if (siap->s_addr == 0)
2303 return NULL;
2304
2305 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2306 /*
2307 * we break after finding the first match because
2308 * the list is sorted from longest to shortest mask
2309 * so we have found the most specific match
2310 */
2311 if (snp->smk_host.s_addr ==
2312 (siap->s_addr & snp->smk_mask.s_addr))
2313 return snp->smk_label;
2314
2315 return NULL;
2316 }
2317
2318 /*
2319 * smk_ipv6_localhost - Check for local ipv6 host address
2320 * @sip: the address
2321 *
2322 * Returns boolean true if this is the localhost address
2323 */
smk_ipv6_localhost(struct sockaddr_in6 * sip)2324 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2325 {
2326 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2327 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2328
2329 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2330 ntohs(be16p[7]) == 1)
2331 return true;
2332 return false;
2333 }
2334
2335 /**
2336 * smack_ipv6host_label - check host based restrictions
2337 * @sip: the object end
2338 *
2339 * looks for host based access restrictions
2340 *
2341 * This version will only be appropriate for really small sets of single label
2342 * hosts. The caller is responsible for ensuring that the RCU read lock is
2343 * taken before calling this function.
2344 *
2345 * Returns the label of the far end or NULL if it's not special.
2346 */
smack_ipv6host_label(struct sockaddr_in6 * sip)2347 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2348 {
2349 struct smk_net6addr *snp;
2350 struct in6_addr *sap = &sip->sin6_addr;
2351 int i;
2352 int found = 0;
2353
2354 /*
2355 * It's local. Don't look for a host label.
2356 */
2357 if (smk_ipv6_localhost(sip))
2358 return NULL;
2359
2360 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2361 /*
2362 * If the label is NULL the entry has
2363 * been renounced. Ignore it.
2364 */
2365 if (snp->smk_label == NULL)
2366 continue;
2367 /*
2368 * we break after finding the first match because
2369 * the list is sorted from longest to shortest mask
2370 * so we have found the most specific match
2371 */
2372 for (found = 1, i = 0; i < 8; i++) {
2373 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2374 snp->smk_host.s6_addr16[i]) {
2375 found = 0;
2376 break;
2377 }
2378 }
2379 if (found)
2380 return snp->smk_label;
2381 }
2382
2383 return NULL;
2384 }
2385
2386 /**
2387 * smack_netlbl_add - Set the secattr on a socket
2388 * @sk: the socket
2389 *
2390 * Attach the outbound smack value (smk_out) to the socket.
2391 *
2392 * Returns 0 on success or an error code
2393 */
smack_netlbl_add(struct sock * sk)2394 static int smack_netlbl_add(struct sock *sk)
2395 {
2396 struct socket_smack *ssp = sk->sk_security;
2397 struct smack_known *skp = ssp->smk_out;
2398 int rc;
2399
2400 local_bh_disable();
2401 bh_lock_sock_nested(sk);
2402
2403 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2404 switch (rc) {
2405 case 0:
2406 ssp->smk_state = SMK_NETLBL_LABELED;
2407 break;
2408 case -EDESTADDRREQ:
2409 ssp->smk_state = SMK_NETLBL_REQSKB;
2410 rc = 0;
2411 break;
2412 }
2413
2414 bh_unlock_sock(sk);
2415 local_bh_enable();
2416
2417 return rc;
2418 }
2419
2420 /**
2421 * smack_netlbl_delete - Remove the secattr from a socket
2422 * @sk: the socket
2423 *
2424 * Remove the outbound smack value from a socket
2425 */
smack_netlbl_delete(struct sock * sk)2426 static void smack_netlbl_delete(struct sock *sk)
2427 {
2428 struct socket_smack *ssp = sk->sk_security;
2429
2430 /*
2431 * Take the label off the socket if one is set.
2432 */
2433 if (ssp->smk_state != SMK_NETLBL_LABELED)
2434 return;
2435
2436 local_bh_disable();
2437 bh_lock_sock_nested(sk);
2438 netlbl_sock_delattr(sk);
2439 bh_unlock_sock(sk);
2440 local_bh_enable();
2441 ssp->smk_state = SMK_NETLBL_UNLABELED;
2442 }
2443
2444 /**
2445 * smk_ipv4_check - Perform IPv4 host access checks
2446 * @sk: the socket
2447 * @sap: the destination address
2448 *
2449 * Set the correct secattr for the given socket based on the destination
2450 * address and perform any outbound access checks needed.
2451 *
2452 * Returns 0 on success or an error code.
2453 *
2454 */
smk_ipv4_check(struct sock * sk,struct sockaddr_in * sap)2455 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
2456 {
2457 struct smack_known *skp;
2458 int rc = 0;
2459 struct smack_known *hkp;
2460 struct socket_smack *ssp = sk->sk_security;
2461 struct smk_audit_info ad;
2462
2463 rcu_read_lock();
2464 hkp = smack_ipv4host_label(sap);
2465 if (hkp != NULL) {
2466 #ifdef CONFIG_AUDIT
2467 struct lsm_network_audit net;
2468
2469 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2470 ad.a.u.net->family = sap->sin_family;
2471 ad.a.u.net->dport = sap->sin_port;
2472 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2473 #endif
2474 skp = ssp->smk_out;
2475 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2476 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2477 /*
2478 * Clear the socket netlabel if it's set.
2479 */
2480 if (!rc)
2481 smack_netlbl_delete(sk);
2482 }
2483 rcu_read_unlock();
2484
2485 return rc;
2486 }
2487
2488 /**
2489 * smk_ipv6_check - check Smack access
2490 * @subject: subject Smack label
2491 * @object: object Smack label
2492 * @address: address
2493 * @act: the action being taken
2494 *
2495 * Check an IPv6 access
2496 */
smk_ipv6_check(struct smack_known * subject,struct smack_known * object,struct sockaddr_in6 * address,int act)2497 static int smk_ipv6_check(struct smack_known *subject,
2498 struct smack_known *object,
2499 struct sockaddr_in6 *address, int act)
2500 {
2501 #ifdef CONFIG_AUDIT
2502 struct lsm_network_audit net;
2503 #endif
2504 struct smk_audit_info ad;
2505 int rc;
2506
2507 #ifdef CONFIG_AUDIT
2508 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2509 ad.a.u.net->family = PF_INET6;
2510 ad.a.u.net->dport = address->sin6_port;
2511 if (act == SMK_RECEIVING)
2512 ad.a.u.net->v6info.saddr = address->sin6_addr;
2513 else
2514 ad.a.u.net->v6info.daddr = address->sin6_addr;
2515 #endif
2516 rc = smk_access(subject, object, MAY_WRITE, &ad);
2517 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2518 return rc;
2519 }
2520
2521 #ifdef SMACK_IPV6_PORT_LABELING
2522 /**
2523 * smk_ipv6_port_label - Smack port access table management
2524 * @sock: socket
2525 * @address: address
2526 *
2527 * Create or update the port list entry
2528 */
smk_ipv6_port_label(struct socket * sock,struct sockaddr * address)2529 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2530 {
2531 struct sock *sk = sock->sk;
2532 struct sockaddr_in6 *addr6;
2533 struct socket_smack *ssp = sock->sk->sk_security;
2534 struct smk_port_label *spp;
2535 unsigned short port = 0;
2536
2537 if (address == NULL) {
2538 /*
2539 * This operation is changing the Smack information
2540 * on the bound socket. Take the changes to the port
2541 * as well.
2542 */
2543 rcu_read_lock();
2544 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2545 if (sk != spp->smk_sock)
2546 continue;
2547 spp->smk_in = ssp->smk_in;
2548 spp->smk_out = ssp->smk_out;
2549 rcu_read_unlock();
2550 return;
2551 }
2552 /*
2553 * A NULL address is only used for updating existing
2554 * bound entries. If there isn't one, it's OK.
2555 */
2556 rcu_read_unlock();
2557 return;
2558 }
2559
2560 addr6 = (struct sockaddr_in6 *)address;
2561 port = ntohs(addr6->sin6_port);
2562 /*
2563 * This is a special case that is safely ignored.
2564 */
2565 if (port == 0)
2566 return;
2567
2568 /*
2569 * Look for an existing port list entry.
2570 * This is an indication that a port is getting reused.
2571 */
2572 rcu_read_lock();
2573 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2574 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2575 continue;
2576 if (spp->smk_can_reuse != 1) {
2577 rcu_read_unlock();
2578 return;
2579 }
2580 spp->smk_port = port;
2581 spp->smk_sock = sk;
2582 spp->smk_in = ssp->smk_in;
2583 spp->smk_out = ssp->smk_out;
2584 spp->smk_can_reuse = 0;
2585 rcu_read_unlock();
2586 return;
2587 }
2588 rcu_read_unlock();
2589 /*
2590 * A new port entry is required.
2591 */
2592 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2593 if (spp == NULL)
2594 return;
2595
2596 spp->smk_port = port;
2597 spp->smk_sock = sk;
2598 spp->smk_in = ssp->smk_in;
2599 spp->smk_out = ssp->smk_out;
2600 spp->smk_sock_type = sock->type;
2601 spp->smk_can_reuse = 0;
2602
2603 mutex_lock(&smack_ipv6_lock);
2604 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2605 mutex_unlock(&smack_ipv6_lock);
2606 return;
2607 }
2608 #endif
2609
2610 /**
2611 * smk_ipv6_port_check - check Smack port access
2612 * @sk: socket
2613 * @address: address
2614 * @act: the action being taken
2615 *
2616 * Create or update the port list entry
2617 */
smk_ipv6_port_check(struct sock * sk,struct sockaddr_in6 * address,int act)2618 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2619 int act)
2620 {
2621 struct smk_port_label *spp;
2622 struct socket_smack *ssp = sk->sk_security;
2623 struct smack_known *skp = NULL;
2624 unsigned short port;
2625 struct smack_known *object;
2626
2627 if (act == SMK_RECEIVING) {
2628 skp = smack_ipv6host_label(address);
2629 object = ssp->smk_in;
2630 } else {
2631 skp = ssp->smk_out;
2632 object = smack_ipv6host_label(address);
2633 }
2634
2635 /*
2636 * The other end is a single label host.
2637 */
2638 if (skp != NULL && object != NULL)
2639 return smk_ipv6_check(skp, object, address, act);
2640 if (skp == NULL)
2641 skp = smack_net_ambient;
2642 if (object == NULL)
2643 object = smack_net_ambient;
2644
2645 /*
2646 * It's remote, so port lookup does no good.
2647 */
2648 if (!smk_ipv6_localhost(address))
2649 return smk_ipv6_check(skp, object, address, act);
2650
2651 /*
2652 * It's local so the send check has to have passed.
2653 */
2654 if (act == SMK_RECEIVING)
2655 return 0;
2656
2657 port = ntohs(address->sin6_port);
2658 rcu_read_lock();
2659 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2660 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2661 continue;
2662 object = spp->smk_in;
2663 if (act == SMK_CONNECTING)
2664 ssp->smk_packet = spp->smk_out;
2665 break;
2666 }
2667 rcu_read_unlock();
2668
2669 return smk_ipv6_check(skp, object, address, act);
2670 }
2671
2672 /**
2673 * smack_inode_setsecurity - set smack xattrs
2674 * @inode: the object
2675 * @name: attribute name
2676 * @value: attribute value
2677 * @size: size of the attribute
2678 * @flags: unused
2679 *
2680 * Sets the named attribute in the appropriate blob
2681 *
2682 * Returns 0 on success, or an error code
2683 */
smack_inode_setsecurity(struct inode * inode,const char * name,const void * value,size_t size,int flags)2684 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2685 const void *value, size_t size, int flags)
2686 {
2687 struct smack_known *skp;
2688 struct inode_smack *nsp = smack_inode(inode);
2689 struct socket_smack *ssp;
2690 struct socket *sock;
2691 int rc = 0;
2692
2693 if (value == NULL || size > SMK_LONGLABEL || size == 0)
2694 return -EINVAL;
2695
2696 skp = smk_import_entry(value, size);
2697 if (IS_ERR(skp))
2698 return PTR_ERR(skp);
2699
2700 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2701 nsp->smk_inode = skp;
2702 nsp->smk_flags |= SMK_INODE_INSTANT;
2703 return 0;
2704 }
2705 /*
2706 * The rest of the Smack xattrs are only on sockets.
2707 */
2708 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2709 return -EOPNOTSUPP;
2710
2711 sock = SOCKET_I(inode);
2712 if (sock == NULL || sock->sk == NULL)
2713 return -EOPNOTSUPP;
2714
2715 ssp = sock->sk->sk_security;
2716
2717 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2718 ssp->smk_in = skp;
2719 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2720 ssp->smk_out = skp;
2721 if (sock->sk->sk_family == PF_INET) {
2722 rc = smack_netlbl_add(sock->sk);
2723 if (rc != 0)
2724 printk(KERN_WARNING
2725 "Smack: \"%s\" netlbl error %d.\n",
2726 __func__, -rc);
2727 }
2728 } else
2729 return -EOPNOTSUPP;
2730
2731 #ifdef SMACK_IPV6_PORT_LABELING
2732 if (sock->sk->sk_family == PF_INET6)
2733 smk_ipv6_port_label(sock, NULL);
2734 #endif
2735
2736 return 0;
2737 }
2738
2739 /**
2740 * smack_socket_post_create - finish socket setup
2741 * @sock: the socket
2742 * @family: protocol family
2743 * @type: unused
2744 * @protocol: unused
2745 * @kern: unused
2746 *
2747 * Sets the netlabel information on the socket
2748 *
2749 * Returns 0 on success, and error code otherwise
2750 */
smack_socket_post_create(struct socket * sock,int family,int type,int protocol,int kern)2751 static int smack_socket_post_create(struct socket *sock, int family,
2752 int type, int protocol, int kern)
2753 {
2754 struct socket_smack *ssp;
2755
2756 if (sock->sk == NULL)
2757 return 0;
2758
2759 /*
2760 * Sockets created by kernel threads receive web label.
2761 */
2762 if (unlikely(current->flags & PF_KTHREAD)) {
2763 ssp = sock->sk->sk_security;
2764 ssp->smk_in = &smack_known_web;
2765 ssp->smk_out = &smack_known_web;
2766 }
2767
2768 if (family != PF_INET)
2769 return 0;
2770 /*
2771 * Set the outbound netlbl.
2772 */
2773 return smack_netlbl_add(sock->sk);
2774 }
2775
2776 /**
2777 * smack_socket_socketpair - create socket pair
2778 * @socka: one socket
2779 * @sockb: another socket
2780 *
2781 * Cross reference the peer labels for SO_PEERSEC
2782 *
2783 * Returns 0
2784 */
smack_socket_socketpair(struct socket * socka,struct socket * sockb)2785 static int smack_socket_socketpair(struct socket *socka,
2786 struct socket *sockb)
2787 {
2788 struct socket_smack *asp = socka->sk->sk_security;
2789 struct socket_smack *bsp = sockb->sk->sk_security;
2790
2791 asp->smk_packet = bsp->smk_out;
2792 bsp->smk_packet = asp->smk_out;
2793
2794 return 0;
2795 }
2796
2797 #ifdef SMACK_IPV6_PORT_LABELING
2798 /**
2799 * smack_socket_bind - record port binding information.
2800 * @sock: the socket
2801 * @address: the port address
2802 * @addrlen: size of the address
2803 *
2804 * Records the label bound to a port.
2805 *
2806 * Returns 0 on success, and error code otherwise
2807 */
smack_socket_bind(struct socket * sock,struct sockaddr * address,int addrlen)2808 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2809 int addrlen)
2810 {
2811 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
2812 if (addrlen < SIN6_LEN_RFC2133 ||
2813 address->sa_family != AF_INET6)
2814 return -EINVAL;
2815 smk_ipv6_port_label(sock, address);
2816 }
2817 return 0;
2818 }
2819 #endif /* SMACK_IPV6_PORT_LABELING */
2820
2821 /**
2822 * smack_socket_connect - connect access check
2823 * @sock: the socket
2824 * @sap: the other end
2825 * @addrlen: size of sap
2826 *
2827 * Verifies that a connection may be possible
2828 *
2829 * Returns 0 on success, and error code otherwise
2830 */
smack_socket_connect(struct socket * sock,struct sockaddr * sap,int addrlen)2831 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2832 int addrlen)
2833 {
2834 int rc = 0;
2835
2836 if (sock->sk == NULL)
2837 return 0;
2838 if (sock->sk->sk_family != PF_INET &&
2839 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
2840 return 0;
2841 if (addrlen < offsetofend(struct sockaddr, sa_family))
2842 return 0;
2843 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
2844 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2845 struct smack_known *rsp = NULL;
2846
2847 if (addrlen < SIN6_LEN_RFC2133)
2848 return 0;
2849 if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
2850 rsp = smack_ipv6host_label(sip);
2851 if (rsp != NULL) {
2852 struct socket_smack *ssp = sock->sk->sk_security;
2853
2854 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2855 SMK_CONNECTING);
2856 }
2857 if (__is_defined(SMACK_IPV6_PORT_LABELING))
2858 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2859
2860 return rc;
2861 }
2862 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
2863 return 0;
2864 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap);
2865 return rc;
2866 }
2867
2868 /**
2869 * smack_flags_to_may - convert S_ to MAY_ values
2870 * @flags: the S_ value
2871 *
2872 * Returns the equivalent MAY_ value
2873 */
smack_flags_to_may(int flags)2874 static int smack_flags_to_may(int flags)
2875 {
2876 int may = 0;
2877
2878 if (flags & S_IRUGO)
2879 may |= MAY_READ;
2880 if (flags & S_IWUGO)
2881 may |= MAY_WRITE;
2882 if (flags & S_IXUGO)
2883 may |= MAY_EXEC;
2884
2885 return may;
2886 }
2887
2888 /**
2889 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2890 * @msg: the object
2891 *
2892 * Returns 0
2893 */
smack_msg_msg_alloc_security(struct msg_msg * msg)2894 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2895 {
2896 struct smack_known **blob = smack_msg_msg(msg);
2897
2898 *blob = smk_of_current();
2899 return 0;
2900 }
2901
2902 /**
2903 * smack_of_ipc - the smack pointer for the ipc
2904 * @isp: the object
2905 *
2906 * Returns a pointer to the smack value
2907 */
smack_of_ipc(struct kern_ipc_perm * isp)2908 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
2909 {
2910 struct smack_known **blob = smack_ipc(isp);
2911
2912 return *blob;
2913 }
2914
2915 /**
2916 * smack_ipc_alloc_security - Set the security blob for ipc
2917 * @isp: the object
2918 *
2919 * Returns 0
2920 */
smack_ipc_alloc_security(struct kern_ipc_perm * isp)2921 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
2922 {
2923 struct smack_known **blob = smack_ipc(isp);
2924
2925 *blob = smk_of_current();
2926 return 0;
2927 }
2928
2929 /**
2930 * smk_curacc_shm : check if current has access on shm
2931 * @isp : the object
2932 * @access : access requested
2933 *
2934 * Returns 0 if current has the requested access, error code otherwise
2935 */
smk_curacc_shm(struct kern_ipc_perm * isp,int access)2936 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
2937 {
2938 struct smack_known *ssp = smack_of_ipc(isp);
2939 struct smk_audit_info ad;
2940 int rc;
2941
2942 #ifdef CONFIG_AUDIT
2943 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2944 ad.a.u.ipc_id = isp->id;
2945 #endif
2946 rc = smk_curacc(ssp, access, &ad);
2947 rc = smk_bu_current("shm", ssp, access, rc);
2948 return rc;
2949 }
2950
2951 /**
2952 * smack_shm_associate - Smack access check for shm
2953 * @isp: the object
2954 * @shmflg: access requested
2955 *
2956 * Returns 0 if current has the requested access, error code otherwise
2957 */
smack_shm_associate(struct kern_ipc_perm * isp,int shmflg)2958 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
2959 {
2960 int may;
2961
2962 may = smack_flags_to_may(shmflg);
2963 return smk_curacc_shm(isp, may);
2964 }
2965
2966 /**
2967 * smack_shm_shmctl - Smack access check for shm
2968 * @isp: the object
2969 * @cmd: what it wants to do
2970 *
2971 * Returns 0 if current has the requested access, error code otherwise
2972 */
smack_shm_shmctl(struct kern_ipc_perm * isp,int cmd)2973 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
2974 {
2975 int may;
2976
2977 switch (cmd) {
2978 case IPC_STAT:
2979 case SHM_STAT:
2980 case SHM_STAT_ANY:
2981 may = MAY_READ;
2982 break;
2983 case IPC_SET:
2984 case SHM_LOCK:
2985 case SHM_UNLOCK:
2986 case IPC_RMID:
2987 may = MAY_READWRITE;
2988 break;
2989 case IPC_INFO:
2990 case SHM_INFO:
2991 /*
2992 * System level information.
2993 */
2994 return 0;
2995 default:
2996 return -EINVAL;
2997 }
2998 return smk_curacc_shm(isp, may);
2999 }
3000
3001 /**
3002 * smack_shm_shmat - Smack access for shmat
3003 * @isp: the object
3004 * @shmaddr: unused
3005 * @shmflg: access requested
3006 *
3007 * Returns 0 if current has the requested access, error code otherwise
3008 */
smack_shm_shmat(struct kern_ipc_perm * isp,char __user * shmaddr,int shmflg)3009 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
3010 int shmflg)
3011 {
3012 int may;
3013
3014 may = smack_flags_to_may(shmflg);
3015 return smk_curacc_shm(isp, may);
3016 }
3017
3018 /**
3019 * smk_curacc_sem : check if current has access on sem
3020 * @isp : the object
3021 * @access : access requested
3022 *
3023 * Returns 0 if current has the requested access, error code otherwise
3024 */
smk_curacc_sem(struct kern_ipc_perm * isp,int access)3025 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3026 {
3027 struct smack_known *ssp = smack_of_ipc(isp);
3028 struct smk_audit_info ad;
3029 int rc;
3030
3031 #ifdef CONFIG_AUDIT
3032 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3033 ad.a.u.ipc_id = isp->id;
3034 #endif
3035 rc = smk_curacc(ssp, access, &ad);
3036 rc = smk_bu_current("sem", ssp, access, rc);
3037 return rc;
3038 }
3039
3040 /**
3041 * smack_sem_associate - Smack access check for sem
3042 * @isp: the object
3043 * @semflg: access requested
3044 *
3045 * Returns 0 if current has the requested access, error code otherwise
3046 */
smack_sem_associate(struct kern_ipc_perm * isp,int semflg)3047 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3048 {
3049 int may;
3050
3051 may = smack_flags_to_may(semflg);
3052 return smk_curacc_sem(isp, may);
3053 }
3054
3055 /**
3056 * smack_sem_shmctl - Smack access check for sem
3057 * @isp: the object
3058 * @cmd: what it wants to do
3059 *
3060 * Returns 0 if current has the requested access, error code otherwise
3061 */
smack_sem_semctl(struct kern_ipc_perm * isp,int cmd)3062 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3063 {
3064 int may;
3065
3066 switch (cmd) {
3067 case GETPID:
3068 case GETNCNT:
3069 case GETZCNT:
3070 case GETVAL:
3071 case GETALL:
3072 case IPC_STAT:
3073 case SEM_STAT:
3074 case SEM_STAT_ANY:
3075 may = MAY_READ;
3076 break;
3077 case SETVAL:
3078 case SETALL:
3079 case IPC_RMID:
3080 case IPC_SET:
3081 may = MAY_READWRITE;
3082 break;
3083 case IPC_INFO:
3084 case SEM_INFO:
3085 /*
3086 * System level information
3087 */
3088 return 0;
3089 default:
3090 return -EINVAL;
3091 }
3092
3093 return smk_curacc_sem(isp, may);
3094 }
3095
3096 /**
3097 * smack_sem_semop - Smack checks of semaphore operations
3098 * @isp: the object
3099 * @sops: unused
3100 * @nsops: unused
3101 * @alter: unused
3102 *
3103 * Treated as read and write in all cases.
3104 *
3105 * Returns 0 if access is allowed, error code otherwise
3106 */
smack_sem_semop(struct kern_ipc_perm * isp,struct sembuf * sops,unsigned nsops,int alter)3107 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3108 unsigned nsops, int alter)
3109 {
3110 return smk_curacc_sem(isp, MAY_READWRITE);
3111 }
3112
3113 /**
3114 * smk_curacc_msq : helper to check if current has access on msq
3115 * @isp : the msq
3116 * @access : access requested
3117 *
3118 * return 0 if current has access, error otherwise
3119 */
smk_curacc_msq(struct kern_ipc_perm * isp,int access)3120 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3121 {
3122 struct smack_known *msp = smack_of_ipc(isp);
3123 struct smk_audit_info ad;
3124 int rc;
3125
3126 #ifdef CONFIG_AUDIT
3127 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3128 ad.a.u.ipc_id = isp->id;
3129 #endif
3130 rc = smk_curacc(msp, access, &ad);
3131 rc = smk_bu_current("msq", msp, access, rc);
3132 return rc;
3133 }
3134
3135 /**
3136 * smack_msg_queue_associate - Smack access check for msg_queue
3137 * @isp: the object
3138 * @msqflg: access requested
3139 *
3140 * Returns 0 if current has the requested access, error code otherwise
3141 */
smack_msg_queue_associate(struct kern_ipc_perm * isp,int msqflg)3142 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3143 {
3144 int may;
3145
3146 may = smack_flags_to_may(msqflg);
3147 return smk_curacc_msq(isp, may);
3148 }
3149
3150 /**
3151 * smack_msg_queue_msgctl - Smack access check for msg_queue
3152 * @isp: the object
3153 * @cmd: what it wants to do
3154 *
3155 * Returns 0 if current has the requested access, error code otherwise
3156 */
smack_msg_queue_msgctl(struct kern_ipc_perm * isp,int cmd)3157 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3158 {
3159 int may;
3160
3161 switch (cmd) {
3162 case IPC_STAT:
3163 case MSG_STAT:
3164 case MSG_STAT_ANY:
3165 may = MAY_READ;
3166 break;
3167 case IPC_SET:
3168 case IPC_RMID:
3169 may = MAY_READWRITE;
3170 break;
3171 case IPC_INFO:
3172 case MSG_INFO:
3173 /*
3174 * System level information
3175 */
3176 return 0;
3177 default:
3178 return -EINVAL;
3179 }
3180
3181 return smk_curacc_msq(isp, may);
3182 }
3183
3184 /**
3185 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3186 * @isp: the object
3187 * @msg: unused
3188 * @msqflg: access requested
3189 *
3190 * Returns 0 if current has the requested access, error code otherwise
3191 */
smack_msg_queue_msgsnd(struct kern_ipc_perm * isp,struct msg_msg * msg,int msqflg)3192 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3193 int msqflg)
3194 {
3195 int may;
3196
3197 may = smack_flags_to_may(msqflg);
3198 return smk_curacc_msq(isp, may);
3199 }
3200
3201 /**
3202 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3203 * @isp: the object
3204 * @msg: unused
3205 * @target: unused
3206 * @type: unused
3207 * @mode: unused
3208 *
3209 * Returns 0 if current has read and write access, error code otherwise
3210 */
smack_msg_queue_msgrcv(struct kern_ipc_perm * isp,struct msg_msg * msg,struct task_struct * target,long type,int mode)3211 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
3212 struct task_struct *target, long type, int mode)
3213 {
3214 return smk_curacc_msq(isp, MAY_READWRITE);
3215 }
3216
3217 /**
3218 * smack_ipc_permission - Smack access for ipc_permission()
3219 * @ipp: the object permissions
3220 * @flag: access requested
3221 *
3222 * Returns 0 if current has read and write access, error code otherwise
3223 */
smack_ipc_permission(struct kern_ipc_perm * ipp,short flag)3224 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3225 {
3226 struct smack_known **blob = smack_ipc(ipp);
3227 struct smack_known *iskp = *blob;
3228 int may = smack_flags_to_may(flag);
3229 struct smk_audit_info ad;
3230 int rc;
3231
3232 #ifdef CONFIG_AUDIT
3233 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3234 ad.a.u.ipc_id = ipp->id;
3235 #endif
3236 rc = smk_curacc(iskp, may, &ad);
3237 rc = smk_bu_current("svipc", iskp, may, rc);
3238 return rc;
3239 }
3240
3241 /**
3242 * smack_ipc_getsecid - Extract smack security id
3243 * @ipp: the object permissions
3244 * @secid: where result will be saved
3245 */
smack_ipc_getsecid(struct kern_ipc_perm * ipp,u32 * secid)3246 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3247 {
3248 struct smack_known **blob = smack_ipc(ipp);
3249 struct smack_known *iskp = *blob;
3250
3251 *secid = iskp->smk_secid;
3252 }
3253
3254 /**
3255 * smack_d_instantiate - Make sure the blob is correct on an inode
3256 * @opt_dentry: dentry where inode will be attached
3257 * @inode: the object
3258 *
3259 * Set the inode's security blob if it hasn't been done already.
3260 */
smack_d_instantiate(struct dentry * opt_dentry,struct inode * inode)3261 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3262 {
3263 struct super_block *sbp;
3264 struct superblock_smack *sbsp;
3265 struct inode_smack *isp;
3266 struct smack_known *skp;
3267 struct smack_known *ckp = smk_of_current();
3268 struct smack_known *final;
3269 char trattr[TRANS_TRUE_SIZE];
3270 int transflag = 0;
3271 int rc;
3272 struct dentry *dp;
3273
3274 if (inode == NULL)
3275 return;
3276
3277 isp = smack_inode(inode);
3278
3279 /*
3280 * If the inode is already instantiated
3281 * take the quick way out
3282 */
3283 if (isp->smk_flags & SMK_INODE_INSTANT)
3284 return;
3285
3286 sbp = inode->i_sb;
3287 sbsp = sbp->s_security;
3288 /*
3289 * We're going to use the superblock default label
3290 * if there's no label on the file.
3291 */
3292 final = sbsp->smk_default;
3293
3294 /*
3295 * If this is the root inode the superblock
3296 * may be in the process of initialization.
3297 * If that is the case use the root value out
3298 * of the superblock.
3299 */
3300 if (opt_dentry->d_parent == opt_dentry) {
3301 switch (sbp->s_magic) {
3302 case CGROUP_SUPER_MAGIC:
3303 case CGROUP2_SUPER_MAGIC:
3304 /*
3305 * The cgroup filesystem is never mounted,
3306 * so there's no opportunity to set the mount
3307 * options.
3308 */
3309 sbsp->smk_root = &smack_known_star;
3310 sbsp->smk_default = &smack_known_star;
3311 isp->smk_inode = sbsp->smk_root;
3312 break;
3313 case TMPFS_MAGIC:
3314 /*
3315 * What about shmem/tmpfs anonymous files with dentry
3316 * obtained from d_alloc_pseudo()?
3317 */
3318 isp->smk_inode = smk_of_current();
3319 break;
3320 case PIPEFS_MAGIC:
3321 isp->smk_inode = smk_of_current();
3322 break;
3323 case SOCKFS_MAGIC:
3324 /*
3325 * Socket access is controlled by the socket
3326 * structures associated with the task involved.
3327 */
3328 isp->smk_inode = &smack_known_star;
3329 break;
3330 default:
3331 isp->smk_inode = sbsp->smk_root;
3332 break;
3333 }
3334 isp->smk_flags |= SMK_INODE_INSTANT;
3335 return;
3336 }
3337
3338 /*
3339 * This is pretty hackish.
3340 * Casey says that we shouldn't have to do
3341 * file system specific code, but it does help
3342 * with keeping it simple.
3343 */
3344 switch (sbp->s_magic) {
3345 case SMACK_MAGIC:
3346 case CGROUP_SUPER_MAGIC:
3347 case CGROUP2_SUPER_MAGIC:
3348 /*
3349 * Casey says that it's a little embarrassing
3350 * that the smack file system doesn't do
3351 * extended attributes.
3352 *
3353 * Cgroupfs is special
3354 */
3355 final = &smack_known_star;
3356 break;
3357 case DEVPTS_SUPER_MAGIC:
3358 /*
3359 * devpts seems content with the label of the task.
3360 * Programs that change smack have to treat the
3361 * pty with respect.
3362 */
3363 final = ckp;
3364 break;
3365 case PROC_SUPER_MAGIC:
3366 /*
3367 * Casey says procfs appears not to care.
3368 * The superblock default suffices.
3369 */
3370 break;
3371 case TMPFS_MAGIC:
3372 /*
3373 * Device labels should come from the filesystem,
3374 * but watch out, because they're volitile,
3375 * getting recreated on every reboot.
3376 */
3377 final = &smack_known_star;
3378 /*
3379 * If a smack value has been set we want to use it,
3380 * but since tmpfs isn't giving us the opportunity
3381 * to set mount options simulate setting the
3382 * superblock default.
3383 */
3384 fallthrough;
3385 default:
3386 /*
3387 * This isn't an understood special case.
3388 * Get the value from the xattr.
3389 */
3390
3391 /*
3392 * UNIX domain sockets use lower level socket data.
3393 */
3394 if (S_ISSOCK(inode->i_mode)) {
3395 final = &smack_known_star;
3396 break;
3397 }
3398 /*
3399 * No xattr support means, alas, no SMACK label.
3400 * Use the aforeapplied default.
3401 * It would be curious if the label of the task
3402 * does not match that assigned.
3403 */
3404 if (!(inode->i_opflags & IOP_XATTR))
3405 break;
3406 /*
3407 * Get the dentry for xattr.
3408 */
3409 dp = dget(opt_dentry);
3410 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3411 if (!IS_ERR_OR_NULL(skp))
3412 final = skp;
3413
3414 /*
3415 * Transmuting directory
3416 */
3417 if (S_ISDIR(inode->i_mode)) {
3418 /*
3419 * If this is a new directory and the label was
3420 * transmuted when the inode was initialized
3421 * set the transmute attribute on the directory
3422 * and mark the inode.
3423 *
3424 * If there is a transmute attribute on the
3425 * directory mark the inode.
3426 */
3427 if (isp->smk_flags & SMK_INODE_CHANGED) {
3428 isp->smk_flags &= ~SMK_INODE_CHANGED;
3429 rc = __vfs_setxattr(dp, inode,
3430 XATTR_NAME_SMACKTRANSMUTE,
3431 TRANS_TRUE, TRANS_TRUE_SIZE,
3432 0);
3433 } else {
3434 rc = __vfs_getxattr(dp, inode,
3435 XATTR_NAME_SMACKTRANSMUTE, trattr,
3436 TRANS_TRUE_SIZE, XATTR_NOSECURITY);
3437 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3438 TRANS_TRUE_SIZE) != 0)
3439 rc = -EINVAL;
3440 }
3441 if (rc >= 0)
3442 transflag = SMK_INODE_TRANSMUTE;
3443 }
3444 /*
3445 * Don't let the exec or mmap label be "*" or "@".
3446 */
3447 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3448 if (IS_ERR(skp) || skp == &smack_known_star ||
3449 skp == &smack_known_web)
3450 skp = NULL;
3451 isp->smk_task = skp;
3452
3453 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3454 if (IS_ERR(skp) || skp == &smack_known_star ||
3455 skp == &smack_known_web)
3456 skp = NULL;
3457 isp->smk_mmap = skp;
3458
3459 dput(dp);
3460 break;
3461 }
3462
3463 if (final == NULL)
3464 isp->smk_inode = ckp;
3465 else
3466 isp->smk_inode = final;
3467
3468 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3469
3470 return;
3471 }
3472
3473 /**
3474 * smack_getprocattr - Smack process attribute access
3475 * @p: the object task
3476 * @name: the name of the attribute in /proc/.../attr
3477 * @value: where to put the result
3478 *
3479 * Places a copy of the task Smack into value
3480 *
3481 * Returns the length of the smack label or an error code
3482 */
smack_getprocattr(struct task_struct * p,char * name,char ** value)3483 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3484 {
3485 struct smack_known *skp = smk_of_task_struct(p);
3486 char *cp;
3487 int slen;
3488
3489 if (strcmp(name, "current") != 0)
3490 return -EINVAL;
3491
3492 cp = kstrdup(skp->smk_known, GFP_KERNEL);
3493 if (cp == NULL)
3494 return -ENOMEM;
3495
3496 slen = strlen(cp);
3497 *value = cp;
3498 return slen;
3499 }
3500
3501 /**
3502 * smack_setprocattr - Smack process attribute setting
3503 * @name: the name of the attribute in /proc/.../attr
3504 * @value: the value to set
3505 * @size: the size of the value
3506 *
3507 * Sets the Smack value of the task. Only setting self
3508 * is permitted and only with privilege
3509 *
3510 * Returns the length of the smack label or an error code
3511 */
smack_setprocattr(const char * name,void * value,size_t size)3512 static int smack_setprocattr(const char *name, void *value, size_t size)
3513 {
3514 struct task_smack *tsp = smack_cred(current_cred());
3515 struct cred *new;
3516 struct smack_known *skp;
3517 struct smack_known_list_elem *sklep;
3518 int rc;
3519
3520 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3521 return -EPERM;
3522
3523 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3524 return -EINVAL;
3525
3526 if (strcmp(name, "current") != 0)
3527 return -EINVAL;
3528
3529 skp = smk_import_entry(value, size);
3530 if (IS_ERR(skp))
3531 return PTR_ERR(skp);
3532
3533 /*
3534 * No process is ever allowed the web ("@") label
3535 * and the star ("*") label.
3536 */
3537 if (skp == &smack_known_web || skp == &smack_known_star)
3538 return -EINVAL;
3539
3540 if (!smack_privileged(CAP_MAC_ADMIN)) {
3541 rc = -EPERM;
3542 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3543 if (sklep->smk_label == skp) {
3544 rc = 0;
3545 break;
3546 }
3547 if (rc)
3548 return rc;
3549 }
3550
3551 new = prepare_creds();
3552 if (new == NULL)
3553 return -ENOMEM;
3554
3555 tsp = smack_cred(new);
3556 tsp->smk_task = skp;
3557 /*
3558 * process can change its label only once
3559 */
3560 smk_destroy_label_list(&tsp->smk_relabel);
3561
3562 commit_creds(new);
3563 return size;
3564 }
3565
3566 /**
3567 * smack_unix_stream_connect - Smack access on UDS
3568 * @sock: one sock
3569 * @other: the other sock
3570 * @newsk: unused
3571 *
3572 * Return 0 if a subject with the smack of sock could access
3573 * an object with the smack of other, otherwise an error code
3574 */
smack_unix_stream_connect(struct sock * sock,struct sock * other,struct sock * newsk)3575 static int smack_unix_stream_connect(struct sock *sock,
3576 struct sock *other, struct sock *newsk)
3577 {
3578 struct smack_known *skp;
3579 struct smack_known *okp;
3580 struct socket_smack *ssp = sock->sk_security;
3581 struct socket_smack *osp = other->sk_security;
3582 struct socket_smack *nsp = newsk->sk_security;
3583 struct smk_audit_info ad;
3584 int rc = 0;
3585 #ifdef CONFIG_AUDIT
3586 struct lsm_network_audit net;
3587 #endif
3588
3589 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3590 skp = ssp->smk_out;
3591 okp = osp->smk_in;
3592 #ifdef CONFIG_AUDIT
3593 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3594 smk_ad_setfield_u_net_sk(&ad, other);
3595 #endif
3596 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3597 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3598 if (rc == 0) {
3599 okp = osp->smk_out;
3600 skp = ssp->smk_in;
3601 rc = smk_access(okp, skp, MAY_WRITE, &ad);
3602 rc = smk_bu_note("UDS connect", okp, skp,
3603 MAY_WRITE, rc);
3604 }
3605 }
3606
3607 /*
3608 * Cross reference the peer labels for SO_PEERSEC.
3609 */
3610 if (rc == 0) {
3611 nsp->smk_packet = ssp->smk_out;
3612 ssp->smk_packet = osp->smk_out;
3613 }
3614
3615 return rc;
3616 }
3617
3618 /**
3619 * smack_unix_may_send - Smack access on UDS
3620 * @sock: one socket
3621 * @other: the other socket
3622 *
3623 * Return 0 if a subject with the smack of sock could access
3624 * an object with the smack of other, otherwise an error code
3625 */
smack_unix_may_send(struct socket * sock,struct socket * other)3626 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3627 {
3628 struct socket_smack *ssp = sock->sk->sk_security;
3629 struct socket_smack *osp = other->sk->sk_security;
3630 struct smk_audit_info ad;
3631 int rc;
3632
3633 #ifdef CONFIG_AUDIT
3634 struct lsm_network_audit net;
3635
3636 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3637 smk_ad_setfield_u_net_sk(&ad, other->sk);
3638 #endif
3639
3640 if (smack_privileged(CAP_MAC_OVERRIDE))
3641 return 0;
3642
3643 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3644 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3645 return rc;
3646 }
3647
3648 /**
3649 * smack_socket_sendmsg - Smack check based on destination host
3650 * @sock: the socket
3651 * @msg: the message
3652 * @size: the size of the message
3653 *
3654 * Return 0 if the current subject can write to the destination host.
3655 * For IPv4 this is only a question if the destination is a single label host.
3656 * For IPv6 this is a check against the label of the port.
3657 */
smack_socket_sendmsg(struct socket * sock,struct msghdr * msg,int size)3658 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3659 int size)
3660 {
3661 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3662 #if IS_ENABLED(CONFIG_IPV6)
3663 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3664 #endif
3665 #ifdef SMACK_IPV6_SECMARK_LABELING
3666 struct socket_smack *ssp = sock->sk->sk_security;
3667 struct smack_known *rsp;
3668 #endif
3669 int rc = 0;
3670
3671 /*
3672 * Perfectly reasonable for this to be NULL
3673 */
3674 if (sip == NULL)
3675 return 0;
3676
3677 switch (sock->sk->sk_family) {
3678 case AF_INET:
3679 if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3680 sip->sin_family != AF_INET)
3681 return -EINVAL;
3682 rc = smk_ipv4_check(sock->sk, sip);
3683 break;
3684 #if IS_ENABLED(CONFIG_IPV6)
3685 case AF_INET6:
3686 if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3687 sap->sin6_family != AF_INET6)
3688 return -EINVAL;
3689 #ifdef SMACK_IPV6_SECMARK_LABELING
3690 rsp = smack_ipv6host_label(sap);
3691 if (rsp != NULL)
3692 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3693 SMK_CONNECTING);
3694 #endif
3695 #ifdef SMACK_IPV6_PORT_LABELING
3696 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3697 #endif
3698 #endif /* IS_ENABLED(CONFIG_IPV6) */
3699 break;
3700 }
3701 return rc;
3702 }
3703
3704 /**
3705 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3706 * @sap: netlabel secattr
3707 * @ssp: socket security information
3708 *
3709 * Returns a pointer to a Smack label entry found on the label list.
3710 */
smack_from_secattr(struct netlbl_lsm_secattr * sap,struct socket_smack * ssp)3711 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3712 struct socket_smack *ssp)
3713 {
3714 struct smack_known *skp;
3715 int found = 0;
3716 int acat;
3717 int kcat;
3718
3719 /*
3720 * Netlabel found it in the cache.
3721 */
3722 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
3723 return (struct smack_known *)sap->cache->data;
3724
3725 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3726 /*
3727 * Looks like a fallback, which gives us a secid.
3728 */
3729 return smack_from_secid(sap->attr.secid);
3730
3731 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3732 /*
3733 * Looks like a CIPSO packet.
3734 * If there are flags but no level netlabel isn't
3735 * behaving the way we expect it to.
3736 *
3737 * Look it up in the label table
3738 * Without guidance regarding the smack value
3739 * for the packet fall back on the network
3740 * ambient value.
3741 */
3742 rcu_read_lock();
3743 list_for_each_entry_rcu(skp, &smack_known_list, list) {
3744 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3745 continue;
3746 /*
3747 * Compare the catsets. Use the netlbl APIs.
3748 */
3749 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3750 if ((skp->smk_netlabel.flags &
3751 NETLBL_SECATTR_MLS_CAT) == 0)
3752 found = 1;
3753 break;
3754 }
3755 for (acat = -1, kcat = -1; acat == kcat; ) {
3756 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3757 acat + 1);
3758 kcat = netlbl_catmap_walk(
3759 skp->smk_netlabel.attr.mls.cat,
3760 kcat + 1);
3761 if (acat < 0 || kcat < 0)
3762 break;
3763 }
3764 if (acat == kcat) {
3765 found = 1;
3766 break;
3767 }
3768 }
3769 rcu_read_unlock();
3770
3771 if (found)
3772 return skp;
3773
3774 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3775 return &smack_known_web;
3776 return &smack_known_star;
3777 }
3778 /*
3779 * Without guidance regarding the smack value
3780 * for the packet fall back on the network
3781 * ambient value.
3782 */
3783 return smack_net_ambient;
3784 }
3785
3786 #if IS_ENABLED(CONFIG_IPV6)
smk_skb_to_addr_ipv6(struct sk_buff * skb,struct sockaddr_in6 * sip)3787 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3788 {
3789 u8 nexthdr;
3790 int offset;
3791 int proto = -EINVAL;
3792 struct ipv6hdr _ipv6h;
3793 struct ipv6hdr *ip6;
3794 __be16 frag_off;
3795 struct tcphdr _tcph, *th;
3796 struct udphdr _udph, *uh;
3797 struct dccp_hdr _dccph, *dh;
3798
3799 sip->sin6_port = 0;
3800
3801 offset = skb_network_offset(skb);
3802 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3803 if (ip6 == NULL)
3804 return -EINVAL;
3805 sip->sin6_addr = ip6->saddr;
3806
3807 nexthdr = ip6->nexthdr;
3808 offset += sizeof(_ipv6h);
3809 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3810 if (offset < 0)
3811 return -EINVAL;
3812
3813 proto = nexthdr;
3814 switch (proto) {
3815 case IPPROTO_TCP:
3816 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3817 if (th != NULL)
3818 sip->sin6_port = th->source;
3819 break;
3820 case IPPROTO_UDP:
3821 case IPPROTO_UDPLITE:
3822 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3823 if (uh != NULL)
3824 sip->sin6_port = uh->source;
3825 break;
3826 case IPPROTO_DCCP:
3827 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3828 if (dh != NULL)
3829 sip->sin6_port = dh->dccph_sport;
3830 break;
3831 }
3832 return proto;
3833 }
3834 #endif /* CONFIG_IPV6 */
3835
3836 /**
3837 * smack_from_skb - Smack data from the secmark in an skb
3838 * @skb: packet
3839 *
3840 * Returns smack_known of the secmark or NULL if that won't work.
3841 */
3842 #ifdef CONFIG_NETWORK_SECMARK
smack_from_skb(struct sk_buff * skb)3843 static struct smack_known *smack_from_skb(struct sk_buff *skb)
3844 {
3845 if (skb == NULL || skb->secmark == 0)
3846 return NULL;
3847
3848 return smack_from_secid(skb->secmark);
3849 }
3850 #else
smack_from_skb(struct sk_buff * skb)3851 static inline struct smack_known *smack_from_skb(struct sk_buff *skb)
3852 {
3853 return NULL;
3854 }
3855 #endif
3856
3857 /**
3858 * smack_from_netlbl - Smack data from the IP options in an skb
3859 * @sk: socket data came in on
3860 * @family: address family
3861 * @skb: packet
3862 *
3863 * Find the Smack label in the IP options. If it hasn't been
3864 * added to the netlabel cache, add it here.
3865 *
3866 * Returns smack_known of the IP options or NULL if that won't work.
3867 */
smack_from_netlbl(struct sock * sk,u16 family,struct sk_buff * skb)3868 static struct smack_known *smack_from_netlbl(struct sock *sk, u16 family,
3869 struct sk_buff *skb)
3870 {
3871 struct netlbl_lsm_secattr secattr;
3872 struct socket_smack *ssp = NULL;
3873 struct smack_known *skp = NULL;
3874 int rc;
3875
3876 netlbl_secattr_init(&secattr);
3877
3878 if (sk)
3879 ssp = sk->sk_security;
3880
3881 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
3882 skp = smack_from_secattr(&secattr, ssp);
3883 if (secattr.flags & NETLBL_SECATTR_CACHEABLE)
3884 rc = netlbl_cache_add(skb, family, &skp->smk_netlabel);
3885 }
3886
3887 netlbl_secattr_destroy(&secattr);
3888
3889 return skp;
3890 }
3891
3892 /**
3893 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3894 * @sk: socket
3895 * @skb: packet
3896 *
3897 * Returns 0 if the packet should be delivered, an error code otherwise
3898 */
smack_socket_sock_rcv_skb(struct sock * sk,struct sk_buff * skb)3899 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3900 {
3901 struct socket_smack *ssp = sk->sk_security;
3902 struct smack_known *skp = NULL;
3903 int rc = 0;
3904 struct smk_audit_info ad;
3905 u16 family = sk->sk_family;
3906 #ifdef CONFIG_AUDIT
3907 struct lsm_network_audit net;
3908 #endif
3909 #if IS_ENABLED(CONFIG_IPV6)
3910 struct sockaddr_in6 sadd;
3911 int proto;
3912
3913 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3914 family = PF_INET;
3915 #endif /* CONFIG_IPV6 */
3916
3917 switch (family) {
3918 case PF_INET:
3919 /*
3920 * If there is a secmark use it rather than the CIPSO label.
3921 * If there is no secmark fall back to CIPSO.
3922 * The secmark is assumed to reflect policy better.
3923 */
3924 skp = smack_from_skb(skb);
3925 if (skp == NULL) {
3926 skp = smack_from_netlbl(sk, family, skb);
3927 if (skp == NULL)
3928 skp = smack_net_ambient;
3929 }
3930
3931 #ifdef CONFIG_AUDIT
3932 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3933 ad.a.u.net->family = family;
3934 ad.a.u.net->netif = skb->skb_iif;
3935 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3936 #endif
3937 /*
3938 * Receiving a packet requires that the other end
3939 * be able to write here. Read access is not required.
3940 * This is the simplist possible security model
3941 * for networking.
3942 */
3943 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3944 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3945 MAY_WRITE, rc);
3946 if (rc != 0)
3947 netlbl_skbuff_err(skb, family, rc, 0);
3948 break;
3949 #if IS_ENABLED(CONFIG_IPV6)
3950 case PF_INET6:
3951 proto = smk_skb_to_addr_ipv6(skb, &sadd);
3952 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3953 proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
3954 break;
3955 #ifdef SMACK_IPV6_SECMARK_LABELING
3956 skp = smack_from_skb(skb);
3957 if (skp == NULL) {
3958 if (smk_ipv6_localhost(&sadd))
3959 break;
3960 skp = smack_ipv6host_label(&sadd);
3961 if (skp == NULL)
3962 skp = smack_net_ambient;
3963 }
3964 #ifdef CONFIG_AUDIT
3965 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3966 ad.a.u.net->family = family;
3967 ad.a.u.net->netif = skb->skb_iif;
3968 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3969 #endif /* CONFIG_AUDIT */
3970 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3971 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3972 MAY_WRITE, rc);
3973 #endif /* SMACK_IPV6_SECMARK_LABELING */
3974 #ifdef SMACK_IPV6_PORT_LABELING
3975 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3976 #endif /* SMACK_IPV6_PORT_LABELING */
3977 if (rc != 0)
3978 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3979 ICMPV6_ADM_PROHIBITED, 0);
3980 break;
3981 #endif /* CONFIG_IPV6 */
3982 }
3983
3984 return rc;
3985 }
3986
3987 /**
3988 * smack_socket_getpeersec_stream - pull in packet label
3989 * @sock: the socket
3990 * @optval: user's destination
3991 * @optlen: size thereof
3992 * @len: max thereof
3993 *
3994 * returns zero on success, an error code otherwise
3995 */
smack_socket_getpeersec_stream(struct socket * sock,char __user * optval,int __user * optlen,unsigned len)3996 static int smack_socket_getpeersec_stream(struct socket *sock,
3997 char __user *optval,
3998 int __user *optlen, unsigned len)
3999 {
4000 struct socket_smack *ssp;
4001 char *rcp = "";
4002 int slen = 1;
4003 int rc = 0;
4004
4005 ssp = sock->sk->sk_security;
4006 if (ssp->smk_packet != NULL) {
4007 rcp = ssp->smk_packet->smk_known;
4008 slen = strlen(rcp) + 1;
4009 }
4010
4011 if (slen > len)
4012 rc = -ERANGE;
4013 else if (copy_to_user(optval, rcp, slen) != 0)
4014 rc = -EFAULT;
4015
4016 if (put_user(slen, optlen) != 0)
4017 rc = -EFAULT;
4018
4019 return rc;
4020 }
4021
4022
4023 /**
4024 * smack_socket_getpeersec_dgram - pull in packet label
4025 * @sock: the peer socket
4026 * @skb: packet data
4027 * @secid: pointer to where to put the secid of the packet
4028 *
4029 * Sets the netlabel socket state on sk from parent
4030 */
smack_socket_getpeersec_dgram(struct socket * sock,struct sk_buff * skb,u32 * secid)4031 static int smack_socket_getpeersec_dgram(struct socket *sock,
4032 struct sk_buff *skb, u32 *secid)
4033
4034 {
4035 struct socket_smack *ssp = NULL;
4036 struct smack_known *skp;
4037 struct sock *sk = NULL;
4038 int family = PF_UNSPEC;
4039 u32 s = 0; /* 0 is the invalid secid */
4040
4041 if (skb != NULL) {
4042 if (skb->protocol == htons(ETH_P_IP))
4043 family = PF_INET;
4044 #if IS_ENABLED(CONFIG_IPV6)
4045 else if (skb->protocol == htons(ETH_P_IPV6))
4046 family = PF_INET6;
4047 #endif /* CONFIG_IPV6 */
4048 }
4049 if (family == PF_UNSPEC && sock != NULL)
4050 family = sock->sk->sk_family;
4051
4052 switch (family) {
4053 case PF_UNIX:
4054 ssp = sock->sk->sk_security;
4055 s = ssp->smk_out->smk_secid;
4056 break;
4057 case PF_INET:
4058 skp = smack_from_skb(skb);
4059 if (skp) {
4060 s = skp->smk_secid;
4061 break;
4062 }
4063 /*
4064 * Translate what netlabel gave us.
4065 */
4066 if (sock != NULL)
4067 sk = sock->sk;
4068 skp = smack_from_netlbl(sk, family, skb);
4069 if (skp != NULL)
4070 s = skp->smk_secid;
4071 break;
4072 case PF_INET6:
4073 #ifdef SMACK_IPV6_SECMARK_LABELING
4074 skp = smack_from_skb(skb);
4075 if (skp)
4076 s = skp->smk_secid;
4077 #endif
4078 break;
4079 }
4080 *secid = s;
4081 if (s == 0)
4082 return -EINVAL;
4083 return 0;
4084 }
4085
4086 /**
4087 * smack_sock_graft - Initialize a newly created socket with an existing sock
4088 * @sk: child sock
4089 * @parent: parent socket
4090 *
4091 * Set the smk_{in,out} state of an existing sock based on the process that
4092 * is creating the new socket.
4093 */
smack_sock_graft(struct sock * sk,struct socket * parent)4094 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4095 {
4096 struct socket_smack *ssp;
4097 struct smack_known *skp = smk_of_current();
4098
4099 if (sk == NULL ||
4100 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4101 return;
4102
4103 ssp = sk->sk_security;
4104 ssp->smk_in = skp;
4105 ssp->smk_out = skp;
4106 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
4107 }
4108
4109 /**
4110 * smack_inet_conn_request - Smack access check on connect
4111 * @sk: socket involved
4112 * @skb: packet
4113 * @req: unused
4114 *
4115 * Returns 0 if a task with the packet label could write to
4116 * the socket, otherwise an error code
4117 */
smack_inet_conn_request(struct sock * sk,struct sk_buff * skb,struct request_sock * req)4118 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4119 struct request_sock *req)
4120 {
4121 u16 family = sk->sk_family;
4122 struct smack_known *skp;
4123 struct socket_smack *ssp = sk->sk_security;
4124 struct sockaddr_in addr;
4125 struct iphdr *hdr;
4126 struct smack_known *hskp;
4127 int rc;
4128 struct smk_audit_info ad;
4129 #ifdef CONFIG_AUDIT
4130 struct lsm_network_audit net;
4131 #endif
4132
4133 #if IS_ENABLED(CONFIG_IPV6)
4134 if (family == PF_INET6) {
4135 /*
4136 * Handle mapped IPv4 packets arriving
4137 * via IPv6 sockets. Don't set up netlabel
4138 * processing on IPv6.
4139 */
4140 if (skb->protocol == htons(ETH_P_IP))
4141 family = PF_INET;
4142 else
4143 return 0;
4144 }
4145 #endif /* CONFIG_IPV6 */
4146
4147 /*
4148 * If there is a secmark use it rather than the CIPSO label.
4149 * If there is no secmark fall back to CIPSO.
4150 * The secmark is assumed to reflect policy better.
4151 */
4152 skp = smack_from_skb(skb);
4153 if (skp == NULL) {
4154 skp = smack_from_netlbl(sk, family, skb);
4155 if (skp == NULL)
4156 skp = &smack_known_huh;
4157 }
4158
4159 #ifdef CONFIG_AUDIT
4160 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4161 ad.a.u.net->family = family;
4162 ad.a.u.net->netif = skb->skb_iif;
4163 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4164 #endif
4165 /*
4166 * Receiving a packet requires that the other end be able to write
4167 * here. Read access is not required.
4168 */
4169 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4170 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4171 if (rc != 0)
4172 return rc;
4173
4174 /*
4175 * Save the peer's label in the request_sock so we can later setup
4176 * smk_packet in the child socket so that SO_PEERCRED can report it.
4177 */
4178 req->peer_secid = skp->smk_secid;
4179
4180 /*
4181 * We need to decide if we want to label the incoming connection here
4182 * if we do we only need to label the request_sock and the stack will
4183 * propagate the wire-label to the sock when it is created.
4184 */
4185 hdr = ip_hdr(skb);
4186 addr.sin_addr.s_addr = hdr->saddr;
4187 rcu_read_lock();
4188 hskp = smack_ipv4host_label(&addr);
4189 rcu_read_unlock();
4190
4191 if (hskp == NULL)
4192 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4193 else
4194 netlbl_req_delattr(req);
4195
4196 return rc;
4197 }
4198
4199 /**
4200 * smack_inet_csk_clone - Copy the connection information to the new socket
4201 * @sk: the new socket
4202 * @req: the connection's request_sock
4203 *
4204 * Transfer the connection's peer label to the newly created socket.
4205 */
smack_inet_csk_clone(struct sock * sk,const struct request_sock * req)4206 static void smack_inet_csk_clone(struct sock *sk,
4207 const struct request_sock *req)
4208 {
4209 struct socket_smack *ssp = sk->sk_security;
4210 struct smack_known *skp;
4211
4212 if (req->peer_secid != 0) {
4213 skp = smack_from_secid(req->peer_secid);
4214 ssp->smk_packet = skp;
4215 } else
4216 ssp->smk_packet = NULL;
4217 }
4218
4219 /*
4220 * Key management security hooks
4221 *
4222 * Casey has not tested key support very heavily.
4223 * The permission check is most likely too restrictive.
4224 * If you care about keys please have a look.
4225 */
4226 #ifdef CONFIG_KEYS
4227
4228 /**
4229 * smack_key_alloc - Set the key security blob
4230 * @key: object
4231 * @cred: the credentials to use
4232 * @flags: unused
4233 *
4234 * No allocation required
4235 *
4236 * Returns 0
4237 */
smack_key_alloc(struct key * key,const struct cred * cred,unsigned long flags)4238 static int smack_key_alloc(struct key *key, const struct cred *cred,
4239 unsigned long flags)
4240 {
4241 struct smack_known *skp = smk_of_task(smack_cred(cred));
4242
4243 key->security = skp;
4244 return 0;
4245 }
4246
4247 /**
4248 * smack_key_free - Clear the key security blob
4249 * @key: the object
4250 *
4251 * Clear the blob pointer
4252 */
smack_key_free(struct key * key)4253 static void smack_key_free(struct key *key)
4254 {
4255 key->security = NULL;
4256 }
4257
4258 /**
4259 * smack_key_permission - Smack access on a key
4260 * @key_ref: gets to the object
4261 * @cred: the credentials to use
4262 * @need_perm: requested key permission
4263 *
4264 * Return 0 if the task has read and write to the object,
4265 * an error code otherwise
4266 */
smack_key_permission(key_ref_t key_ref,const struct cred * cred,enum key_need_perm need_perm)4267 static int smack_key_permission(key_ref_t key_ref,
4268 const struct cred *cred,
4269 enum key_need_perm need_perm)
4270 {
4271 struct key *keyp;
4272 struct smk_audit_info ad;
4273 struct smack_known *tkp = smk_of_task(smack_cred(cred));
4274 int request = 0;
4275 int rc;
4276
4277 /*
4278 * Validate requested permissions
4279 */
4280 switch (need_perm) {
4281 case KEY_NEED_READ:
4282 case KEY_NEED_SEARCH:
4283 case KEY_NEED_VIEW:
4284 request |= MAY_READ;
4285 break;
4286 case KEY_NEED_WRITE:
4287 case KEY_NEED_LINK:
4288 case KEY_NEED_SETATTR:
4289 request |= MAY_WRITE;
4290 break;
4291 case KEY_NEED_UNSPECIFIED:
4292 case KEY_NEED_UNLINK:
4293 case KEY_SYSADMIN_OVERRIDE:
4294 case KEY_AUTHTOKEN_OVERRIDE:
4295 case KEY_DEFER_PERM_CHECK:
4296 return 0;
4297 default:
4298 return -EINVAL;
4299 }
4300
4301 keyp = key_ref_to_ptr(key_ref);
4302 if (keyp == NULL)
4303 return -EINVAL;
4304 /*
4305 * If the key hasn't been initialized give it access so that
4306 * it may do so.
4307 */
4308 if (keyp->security == NULL)
4309 return 0;
4310 /*
4311 * This should not occur
4312 */
4313 if (tkp == NULL)
4314 return -EACCES;
4315
4316 if (smack_privileged(CAP_MAC_OVERRIDE))
4317 return 0;
4318
4319 #ifdef CONFIG_AUDIT
4320 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4321 ad.a.u.key_struct.key = keyp->serial;
4322 ad.a.u.key_struct.key_desc = keyp->description;
4323 #endif
4324 rc = smk_access(tkp, keyp->security, request, &ad);
4325 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4326 return rc;
4327 }
4328
4329 /*
4330 * smack_key_getsecurity - Smack label tagging the key
4331 * @key points to the key to be queried
4332 * @_buffer points to a pointer that should be set to point to the
4333 * resulting string (if no label or an error occurs).
4334 * Return the length of the string (including terminating NUL) or -ve if
4335 * an error.
4336 * May also return 0 (and a NULL buffer pointer) if there is no label.
4337 */
smack_key_getsecurity(struct key * key,char ** _buffer)4338 static int smack_key_getsecurity(struct key *key, char **_buffer)
4339 {
4340 struct smack_known *skp = key->security;
4341 size_t length;
4342 char *copy;
4343
4344 if (key->security == NULL) {
4345 *_buffer = NULL;
4346 return 0;
4347 }
4348
4349 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4350 if (copy == NULL)
4351 return -ENOMEM;
4352 length = strlen(copy) + 1;
4353
4354 *_buffer = copy;
4355 return length;
4356 }
4357
4358
4359 #ifdef CONFIG_KEY_NOTIFICATIONS
4360 /**
4361 * smack_watch_key - Smack access to watch a key for notifications.
4362 * @key: The key to be watched
4363 *
4364 * Return 0 if the @watch->cred has permission to read from the key object and
4365 * an error otherwise.
4366 */
smack_watch_key(struct key * key)4367 static int smack_watch_key(struct key *key)
4368 {
4369 struct smk_audit_info ad;
4370 struct smack_known *tkp = smk_of_current();
4371 int rc;
4372
4373 if (key == NULL)
4374 return -EINVAL;
4375 /*
4376 * If the key hasn't been initialized give it access so that
4377 * it may do so.
4378 */
4379 if (key->security == NULL)
4380 return 0;
4381 /*
4382 * This should not occur
4383 */
4384 if (tkp == NULL)
4385 return -EACCES;
4386
4387 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4388 return 0;
4389
4390 #ifdef CONFIG_AUDIT
4391 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4392 ad.a.u.key_struct.key = key->serial;
4393 ad.a.u.key_struct.key_desc = key->description;
4394 #endif
4395 rc = smk_access(tkp, key->security, MAY_READ, &ad);
4396 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc);
4397 return rc;
4398 }
4399 #endif /* CONFIG_KEY_NOTIFICATIONS */
4400 #endif /* CONFIG_KEYS */
4401
4402 #ifdef CONFIG_WATCH_QUEUE
4403 /**
4404 * smack_post_notification - Smack access to post a notification to a queue
4405 * @w_cred: The credentials of the watcher.
4406 * @cred: The credentials of the event source (may be NULL).
4407 * @n: The notification message to be posted.
4408 */
smack_post_notification(const struct cred * w_cred,const struct cred * cred,struct watch_notification * n)4409 static int smack_post_notification(const struct cred *w_cred,
4410 const struct cred *cred,
4411 struct watch_notification *n)
4412 {
4413 struct smk_audit_info ad;
4414 struct smack_known *subj, *obj;
4415 int rc;
4416
4417 /* Always let maintenance notifications through. */
4418 if (n->type == WATCH_TYPE_META)
4419 return 0;
4420
4421 if (!cred)
4422 return 0;
4423 subj = smk_of_task(smack_cred(cred));
4424 obj = smk_of_task(smack_cred(w_cred));
4425
4426 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION);
4427 rc = smk_access(subj, obj, MAY_WRITE, &ad);
4428 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc);
4429 return rc;
4430 }
4431 #endif /* CONFIG_WATCH_QUEUE */
4432
4433 /*
4434 * Smack Audit hooks
4435 *
4436 * Audit requires a unique representation of each Smack specific
4437 * rule. This unique representation is used to distinguish the
4438 * object to be audited from remaining kernel objects and also
4439 * works as a glue between the audit hooks.
4440 *
4441 * Since repository entries are added but never deleted, we'll use
4442 * the smack_known label address related to the given audit rule as
4443 * the needed unique representation. This also better fits the smack
4444 * model where nearly everything is a label.
4445 */
4446 #ifdef CONFIG_AUDIT
4447
4448 /**
4449 * smack_audit_rule_init - Initialize a smack audit rule
4450 * @field: audit rule fields given from user-space (audit.h)
4451 * @op: required testing operator (=, !=, >, <, ...)
4452 * @rulestr: smack label to be audited
4453 * @vrule: pointer to save our own audit rule representation
4454 *
4455 * Prepare to audit cases where (@field @op @rulestr) is true.
4456 * The label to be audited is created if necessay.
4457 */
smack_audit_rule_init(u32 field,u32 op,char * rulestr,void ** vrule)4458 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4459 {
4460 struct smack_known *skp;
4461 char **rule = (char **)vrule;
4462 *rule = NULL;
4463
4464 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4465 return -EINVAL;
4466
4467 if (op != Audit_equal && op != Audit_not_equal)
4468 return -EINVAL;
4469
4470 skp = smk_import_entry(rulestr, 0);
4471 if (IS_ERR(skp))
4472 return PTR_ERR(skp);
4473
4474 *rule = skp->smk_known;
4475
4476 return 0;
4477 }
4478
4479 /**
4480 * smack_audit_rule_known - Distinguish Smack audit rules
4481 * @krule: rule of interest, in Audit kernel representation format
4482 *
4483 * This is used to filter Smack rules from remaining Audit ones.
4484 * If it's proved that this rule belongs to us, the
4485 * audit_rule_match hook will be called to do the final judgement.
4486 */
smack_audit_rule_known(struct audit_krule * krule)4487 static int smack_audit_rule_known(struct audit_krule *krule)
4488 {
4489 struct audit_field *f;
4490 int i;
4491
4492 for (i = 0; i < krule->field_count; i++) {
4493 f = &krule->fields[i];
4494
4495 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4496 return 1;
4497 }
4498
4499 return 0;
4500 }
4501
4502 /**
4503 * smack_audit_rule_match - Audit given object ?
4504 * @secid: security id for identifying the object to test
4505 * @field: audit rule flags given from user-space
4506 * @op: required testing operator
4507 * @vrule: smack internal rule presentation
4508 *
4509 * The core Audit hook. It's used to take the decision of
4510 * whether to audit or not to audit a given object.
4511 */
smack_audit_rule_match(u32 secid,u32 field,u32 op,void * vrule)4512 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
4513 {
4514 struct smack_known *skp;
4515 char *rule = vrule;
4516
4517 if (unlikely(!rule)) {
4518 WARN_ONCE(1, "Smack: missing rule\n");
4519 return -ENOENT;
4520 }
4521
4522 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4523 return 0;
4524
4525 skp = smack_from_secid(secid);
4526
4527 /*
4528 * No need to do string comparisons. If a match occurs,
4529 * both pointers will point to the same smack_known
4530 * label.
4531 */
4532 if (op == Audit_equal)
4533 return (rule == skp->smk_known);
4534 if (op == Audit_not_equal)
4535 return (rule != skp->smk_known);
4536
4537 return 0;
4538 }
4539
4540 /*
4541 * There is no need for a smack_audit_rule_free hook.
4542 * No memory was allocated.
4543 */
4544
4545 #endif /* CONFIG_AUDIT */
4546
4547 /**
4548 * smack_ismaclabel - check if xattr @name references a smack MAC label
4549 * @name: Full xattr name to check.
4550 */
smack_ismaclabel(const char * name)4551 static int smack_ismaclabel(const char *name)
4552 {
4553 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4554 }
4555
4556
4557 /**
4558 * smack_secid_to_secctx - return the smack label for a secid
4559 * @secid: incoming integer
4560 * @secdata: destination
4561 * @seclen: how long it is
4562 *
4563 * Exists for networking code.
4564 */
smack_secid_to_secctx(u32 secid,char ** secdata,u32 * seclen)4565 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4566 {
4567 struct smack_known *skp = smack_from_secid(secid);
4568
4569 if (secdata)
4570 *secdata = skp->smk_known;
4571 *seclen = strlen(skp->smk_known);
4572 return 0;
4573 }
4574
4575 /**
4576 * smack_secctx_to_secid - return the secid for a smack label
4577 * @secdata: smack label
4578 * @seclen: how long result is
4579 * @secid: outgoing integer
4580 *
4581 * Exists for audit and networking code.
4582 */
smack_secctx_to_secid(const char * secdata,u32 seclen,u32 * secid)4583 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4584 {
4585 struct smack_known *skp = smk_find_entry(secdata);
4586
4587 if (skp)
4588 *secid = skp->smk_secid;
4589 else
4590 *secid = 0;
4591 return 0;
4592 }
4593
4594 /*
4595 * There used to be a smack_release_secctx hook
4596 * that did nothing back when hooks were in a vector.
4597 * Now that there's a list such a hook adds cost.
4598 */
4599
smack_inode_notifysecctx(struct inode * inode,void * ctx,u32 ctxlen)4600 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4601 {
4602 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4603 }
4604
smack_inode_setsecctx(struct dentry * dentry,void * ctx,u32 ctxlen)4605 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4606 {
4607 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4608 }
4609
smack_inode_getsecctx(struct inode * inode,void ** ctx,u32 * ctxlen)4610 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4611 {
4612 struct smack_known *skp = smk_of_inode(inode);
4613
4614 *ctx = skp->smk_known;
4615 *ctxlen = strlen(skp->smk_known);
4616 return 0;
4617 }
4618
smack_inode_copy_up(struct dentry * dentry,struct cred ** new)4619 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4620 {
4621
4622 struct task_smack *tsp;
4623 struct smack_known *skp;
4624 struct inode_smack *isp;
4625 struct cred *new_creds = *new;
4626
4627 if (new_creds == NULL) {
4628 new_creds = prepare_creds();
4629 if (new_creds == NULL)
4630 return -ENOMEM;
4631 }
4632
4633 tsp = smack_cred(new_creds);
4634
4635 /*
4636 * Get label from overlay inode and set it in create_sid
4637 */
4638 isp = smack_inode(d_inode(dentry->d_parent));
4639 skp = isp->smk_inode;
4640 tsp->smk_task = skp;
4641 *new = new_creds;
4642 return 0;
4643 }
4644
smack_inode_copy_up_xattr(const char * name)4645 static int smack_inode_copy_up_xattr(const char *name)
4646 {
4647 /*
4648 * Return 1 if this is the smack access Smack attribute.
4649 */
4650 if (strcmp(name, XATTR_NAME_SMACK) == 0)
4651 return 1;
4652
4653 return -EOPNOTSUPP;
4654 }
4655
smack_dentry_create_files_as(struct dentry * dentry,int mode,struct qstr * name,const struct cred * old,struct cred * new)4656 static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4657 struct qstr *name,
4658 const struct cred *old,
4659 struct cred *new)
4660 {
4661 struct task_smack *otsp = smack_cred(old);
4662 struct task_smack *ntsp = smack_cred(new);
4663 struct inode_smack *isp;
4664 int may;
4665
4666 /*
4667 * Use the process credential unless all of
4668 * the transmuting criteria are met
4669 */
4670 ntsp->smk_task = otsp->smk_task;
4671
4672 /*
4673 * the attribute of the containing directory
4674 */
4675 isp = smack_inode(d_inode(dentry->d_parent));
4676
4677 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4678 rcu_read_lock();
4679 may = smk_access_entry(otsp->smk_task->smk_known,
4680 isp->smk_inode->smk_known,
4681 &otsp->smk_task->smk_rules);
4682 rcu_read_unlock();
4683
4684 /*
4685 * If the directory is transmuting and the rule
4686 * providing access is transmuting use the containing
4687 * directory label instead of the process label.
4688 */
4689 if (may > 0 && (may & MAY_TRANSMUTE))
4690 ntsp->smk_task = isp->smk_inode;
4691 }
4692 return 0;
4693 }
4694
4695 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
4696 .lbs_cred = sizeof(struct task_smack),
4697 .lbs_file = sizeof(struct smack_known *),
4698 .lbs_inode = sizeof(struct inode_smack),
4699 .lbs_ipc = sizeof(struct smack_known *),
4700 .lbs_msg_msg = sizeof(struct smack_known *),
4701 };
4702
4703 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
4704 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4705 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4706 LSM_HOOK_INIT(syslog, smack_syslog),
4707
4708 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
4709 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4710
4711 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4712 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
4713 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
4714 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
4715 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4716 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4717
4718 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),
4719
4720 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4721 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4722 LSM_HOOK_INIT(inode_link, smack_inode_link),
4723 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4724 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4725 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4726 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4727 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4728 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4729 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4730 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4731 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4732 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4733 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4734 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4735 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4736 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4737
4738 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4739 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4740 LSM_HOOK_INIT(file_lock, smack_file_lock),
4741 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4742 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4743 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4744 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4745 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4746 LSM_HOOK_INIT(file_receive, smack_file_receive),
4747
4748 LSM_HOOK_INIT(file_open, smack_file_open),
4749
4750 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4751 LSM_HOOK_INIT(cred_free, smack_cred_free),
4752 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4753 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4754 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
4755 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4756 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4757 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4758 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4759 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4760 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4761 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4762 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4763 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4764 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4765 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4766 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4767 LSM_HOOK_INIT(task_kill, smack_task_kill),
4768 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4769
4770 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4771 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4772
4773 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4774
4775 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4776 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4777 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4778 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4779 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4780
4781 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4782 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4783 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4784 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4785
4786 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4787 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4788 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4789 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4790
4791 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4792
4793 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4794 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4795
4796 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4797 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4798
4799 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4800 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
4801 #ifdef SMACK_IPV6_PORT_LABELING
4802 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4803 #endif
4804 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4805 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4806 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4807 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4808 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4809 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4810 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4811 LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4812 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4813 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4814
4815 /* key management security hooks */
4816 #ifdef CONFIG_KEYS
4817 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4818 LSM_HOOK_INIT(key_free, smack_key_free),
4819 LSM_HOOK_INIT(key_permission, smack_key_permission),
4820 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4821 #ifdef CONFIG_KEY_NOTIFICATIONS
4822 LSM_HOOK_INIT(watch_key, smack_watch_key),
4823 #endif
4824 #endif /* CONFIG_KEYS */
4825
4826 #ifdef CONFIG_WATCH_QUEUE
4827 LSM_HOOK_INIT(post_notification, smack_post_notification),
4828 #endif
4829
4830 /* Audit hooks */
4831 #ifdef CONFIG_AUDIT
4832 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4833 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4834 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4835 #endif /* CONFIG_AUDIT */
4836
4837 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4838 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4839 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4840 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4841 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4842 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4843 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4844 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4845 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
4846 };
4847
4848
init_smack_known_list(void)4849 static __init void init_smack_known_list(void)
4850 {
4851 /*
4852 * Initialize rule list locks
4853 */
4854 mutex_init(&smack_known_huh.smk_rules_lock);
4855 mutex_init(&smack_known_hat.smk_rules_lock);
4856 mutex_init(&smack_known_floor.smk_rules_lock);
4857 mutex_init(&smack_known_star.smk_rules_lock);
4858 mutex_init(&smack_known_web.smk_rules_lock);
4859 /*
4860 * Initialize rule lists
4861 */
4862 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4863 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4864 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4865 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4866 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4867 /*
4868 * Create the known labels list
4869 */
4870 smk_insert_entry(&smack_known_huh);
4871 smk_insert_entry(&smack_known_hat);
4872 smk_insert_entry(&smack_known_star);
4873 smk_insert_entry(&smack_known_floor);
4874 smk_insert_entry(&smack_known_web);
4875 }
4876
4877 /**
4878 * smack_init - initialize the smack system
4879 *
4880 * Returns 0 on success, -ENOMEM is there's no memory
4881 */
smack_init(void)4882 static __init int smack_init(void)
4883 {
4884 struct cred *cred = (struct cred *) current->cred;
4885 struct task_smack *tsp;
4886
4887 smack_rule_cache = KMEM_CACHE(smack_rule, 0);
4888 if (!smack_rule_cache)
4889 return -ENOMEM;
4890
4891 /*
4892 * Set the security state for the initial task.
4893 */
4894 tsp = smack_cred(cred);
4895 init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
4896
4897 /*
4898 * Register with LSM
4899 */
4900 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
4901 smack_enabled = 1;
4902
4903 pr_info("Smack: Initializing.\n");
4904 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4905 pr_info("Smack: Netfilter enabled.\n");
4906 #endif
4907 #ifdef SMACK_IPV6_PORT_LABELING
4908 pr_info("Smack: IPv6 port labeling enabled.\n");
4909 #endif
4910 #ifdef SMACK_IPV6_SECMARK_LABELING
4911 pr_info("Smack: IPv6 Netfilter enabled.\n");
4912 #endif
4913
4914 /* initialize the smack_known_list */
4915 init_smack_known_list();
4916
4917 return 0;
4918 }
4919
4920 /*
4921 * Smack requires early initialization in order to label
4922 * all processes and objects when they are created.
4923 */
4924 DEFINE_LSM(smack) = {
4925 .name = "smack",
4926 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
4927 .blobs = &smack_blob_sizes,
4928 .init = smack_init,
4929 };
4930