1 /*
2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, version 2.
7 *
8 * Authors:
9 * Casey Schaufler <casey@schaufler-ca.com>
10 * Ahmed S. Darwish <darwish.07@gmail.com>
11 *
12 * Special thanks to the authors of selinuxfs.
13 *
14 * Karl MacMillan <kmacmillan@tresys.com>
15 * James Morris <jmorris@redhat.com>
16 *
17 */
18
19 #include <linux/kernel.h>
20 #include <linux/vmalloc.h>
21 #include <linux/security.h>
22 #include <linux/mutex.h>
23 #include <linux/slab.h>
24 #include <net/net_namespace.h>
25 #include <net/cipso_ipv4.h>
26 #include <linux/seq_file.h>
27 #include <linux/ctype.h>
28 #include <linux/audit.h>
29 #include <linux/magic.h>
30 #include "smack.h"
31
32 #define BEBITS (sizeof(__be32) * 8)
33 /*
34 * smackfs pseudo filesystem.
35 */
36
37 enum smk_inos {
38 SMK_ROOT_INO = 2,
39 SMK_LOAD = 3, /* load policy */
40 SMK_CIPSO = 4, /* load label -> CIPSO mapping */
41 SMK_DOI = 5, /* CIPSO DOI */
42 SMK_DIRECT = 6, /* CIPSO level indicating direct label */
43 SMK_AMBIENT = 7, /* internet ambient label */
44 SMK_NET4ADDR = 8, /* single label hosts */
45 SMK_ONLYCAP = 9, /* the only "capable" label */
46 SMK_LOGGING = 10, /* logging */
47 SMK_LOAD_SELF = 11, /* task specific rules */
48 SMK_ACCESSES = 12, /* access policy */
49 SMK_MAPPED = 13, /* CIPSO level indicating mapped label */
50 SMK_LOAD2 = 14, /* load policy with long labels */
51 SMK_LOAD_SELF2 = 15, /* load task specific rules with long labels */
52 SMK_ACCESS2 = 16, /* make an access check with long labels */
53 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */
54 SMK_REVOKE_SUBJ = 18, /* set rules with subject label to '-' */
55 SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */
56 SMK_SYSLOG = 20, /* change syslog label) */
57 SMK_PTRACE = 21, /* set ptrace rule */
58 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
59 SMK_UNCONFINED = 22, /* define an unconfined label */
60 #endif
61 #if IS_ENABLED(CONFIG_IPV6)
62 SMK_NET6ADDR = 23, /* single label IPv6 hosts */
63 #endif /* CONFIG_IPV6 */
64 SMK_RELABEL_SELF = 24, /* relabel possible without CAP_MAC_ADMIN */
65 };
66
67 /*
68 * List locks
69 */
70 static DEFINE_MUTEX(smack_master_list_lock);
71 static DEFINE_MUTEX(smack_cipso_lock);
72 static DEFINE_MUTEX(smack_ambient_lock);
73 static DEFINE_MUTEX(smk_net4addr_lock);
74 #if IS_ENABLED(CONFIG_IPV6)
75 static DEFINE_MUTEX(smk_net6addr_lock);
76 #endif /* CONFIG_IPV6 */
77
78 /*
79 * This is the "ambient" label for network traffic.
80 * If it isn't somehow marked, use this.
81 * It can be reset via smackfs/ambient
82 */
83 struct smack_known *smack_net_ambient;
84
85 /*
86 * This is the level in a CIPSO header that indicates a
87 * smack label is contained directly in the category set.
88 * It can be reset via smackfs/direct
89 */
90 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
91
92 /*
93 * This is the level in a CIPSO header that indicates a
94 * secid is contained directly in the category set.
95 * It can be reset via smackfs/mapped
96 */
97 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
98
99 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
100 /*
101 * Allow one label to be unconfined. This is for
102 * debugging and application bring-up purposes only.
103 * It is bad and wrong, but everyone seems to expect
104 * to have it.
105 */
106 struct smack_known *smack_unconfined;
107 #endif
108
109 /*
110 * If this value is set restrict syslog use to the label specified.
111 * It can be reset via smackfs/syslog
112 */
113 struct smack_known *smack_syslog_label;
114
115 /*
116 * Ptrace current rule
117 * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based)
118 * SMACK_PTRACE_EXACT labels must match, but can be overriden with
119 * CAP_SYS_PTRACE
120 * SMACK_PTRACE_DRACONIAN lables must match, CAP_SYS_PTRACE has no effect
121 */
122 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
123
124 /*
125 * Certain IP addresses may be designated as single label hosts.
126 * Packets are sent there unlabeled, but only from tasks that
127 * can write to the specified label.
128 */
129
130 LIST_HEAD(smk_net4addr_list);
131 #if IS_ENABLED(CONFIG_IPV6)
132 LIST_HEAD(smk_net6addr_list);
133 #endif /* CONFIG_IPV6 */
134
135 /*
136 * Rule lists are maintained for each label.
137 * This master list is just for reading /smack/load and /smack/load2.
138 */
139 struct smack_master_list {
140 struct list_head list;
141 struct smack_rule *smk_rule;
142 };
143
144 static LIST_HEAD(smack_rule_list);
145
146 struct smack_parsed_rule {
147 struct smack_known *smk_subject;
148 struct smack_known *smk_object;
149 int smk_access1;
150 int smk_access2;
151 };
152
153 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
154
155 /*
156 * Values for parsing cipso rules
157 * SMK_DIGITLEN: Length of a digit field in a rule.
158 * SMK_CIPSOMIN: Minimum possible cipso rule length.
159 * SMK_CIPSOMAX: Maximum possible cipso rule length.
160 */
161 #define SMK_DIGITLEN 4
162 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
163 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
164
165 /*
166 * Values for parsing MAC rules
167 * SMK_ACCESS: Maximum possible combination of access permissions
168 * SMK_ACCESSLEN: Maximum length for a rule access field
169 * SMK_LOADLEN: Smack rule length
170 */
171 #define SMK_OACCESS "rwxa"
172 #define SMK_ACCESS "rwxatl"
173 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1)
174 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
175 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
176 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
177
178 /*
179 * Stricly for CIPSO level manipulation.
180 * Set the category bit number in a smack label sized buffer.
181 */
smack_catset_bit(unsigned int cat,char * catsetp)182 static inline void smack_catset_bit(unsigned int cat, char *catsetp)
183 {
184 if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
185 return;
186
187 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
188 }
189
190 /**
191 * smk_netlabel_audit_set - fill a netlbl_audit struct
192 * @nap: structure to fill
193 */
smk_netlabel_audit_set(struct netlbl_audit * nap)194 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
195 {
196 struct smack_known *skp = smk_of_current();
197
198 nap->loginuid = audit_get_loginuid(current);
199 nap->sessionid = audit_get_sessionid(current);
200 nap->secid = skp->smk_secid;
201 }
202
203 /*
204 * Value for parsing single label host rules
205 * "1.2.3.4 X"
206 */
207 #define SMK_NETLBLADDRMIN 9
208
209 /**
210 * smk_set_access - add a rule to the rule list or replace an old rule
211 * @srp: the rule to add or replace
212 * @rule_list: the list of rules
213 * @rule_lock: the rule list lock
214 * @global: if non-zero, indicates a global rule
215 *
216 * Looks through the current subject/object/access list for
217 * the subject/object pair and replaces the access that was
218 * there. If the pair isn't found add it with the specified
219 * access.
220 *
221 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
222 * during the allocation of the new pair to add.
223 */
smk_set_access(struct smack_parsed_rule * srp,struct list_head * rule_list,struct mutex * rule_lock,int global)224 static int smk_set_access(struct smack_parsed_rule *srp,
225 struct list_head *rule_list,
226 struct mutex *rule_lock, int global)
227 {
228 struct smack_rule *sp;
229 struct smack_master_list *smlp;
230 int found = 0;
231 int rc = 0;
232
233 mutex_lock(rule_lock);
234
235 /*
236 * Because the object label is less likely to match
237 * than the subject label check it first
238 */
239 list_for_each_entry_rcu(sp, rule_list, list) {
240 if (sp->smk_object == srp->smk_object &&
241 sp->smk_subject == srp->smk_subject) {
242 found = 1;
243 sp->smk_access |= srp->smk_access1;
244 sp->smk_access &= ~srp->smk_access2;
245 break;
246 }
247 }
248
249 if (found == 0) {
250 sp = kzalloc(sizeof(*sp), GFP_KERNEL);
251 if (sp == NULL) {
252 rc = -ENOMEM;
253 goto out;
254 }
255
256 sp->smk_subject = srp->smk_subject;
257 sp->smk_object = srp->smk_object;
258 sp->smk_access = srp->smk_access1 & ~srp->smk_access2;
259
260 list_add_rcu(&sp->list, rule_list);
261 /*
262 * If this is a global as opposed to self and a new rule
263 * it needs to get added for reporting.
264 */
265 if (global) {
266 mutex_unlock(rule_lock);
267 smlp = kzalloc(sizeof(*smlp), GFP_KERNEL);
268 if (smlp != NULL) {
269 smlp->smk_rule = sp;
270 mutex_lock(&smack_master_list_lock);
271 list_add_rcu(&smlp->list, &smack_rule_list);
272 mutex_unlock(&smack_master_list_lock);
273 } else
274 rc = -ENOMEM;
275 return rc;
276 }
277 }
278
279 out:
280 mutex_unlock(rule_lock);
281 return rc;
282 }
283
284 /**
285 * smk_perm_from_str - parse smack accesses from a text string
286 * @string: a text string that contains a Smack accesses code
287 *
288 * Returns an integer with respective bits set for specified accesses.
289 */
smk_perm_from_str(const char * string)290 static int smk_perm_from_str(const char *string)
291 {
292 int perm = 0;
293 const char *cp;
294
295 for (cp = string; ; cp++)
296 switch (*cp) {
297 case '-':
298 break;
299 case 'r':
300 case 'R':
301 perm |= MAY_READ;
302 break;
303 case 'w':
304 case 'W':
305 perm |= MAY_WRITE;
306 break;
307 case 'x':
308 case 'X':
309 perm |= MAY_EXEC;
310 break;
311 case 'a':
312 case 'A':
313 perm |= MAY_APPEND;
314 break;
315 case 't':
316 case 'T':
317 perm |= MAY_TRANSMUTE;
318 break;
319 case 'l':
320 case 'L':
321 perm |= MAY_LOCK;
322 break;
323 case 'b':
324 case 'B':
325 perm |= MAY_BRINGUP;
326 break;
327 default:
328 return perm;
329 }
330 }
331
332 /**
333 * smk_fill_rule - Fill Smack rule from strings
334 * @subject: subject label string
335 * @object: object label string
336 * @access1: access string
337 * @access2: string with permissions to be removed
338 * @rule: Smack rule
339 * @import: if non-zero, import labels
340 * @len: label length limit
341 *
342 * Returns 0 on success, appropriate error code on failure.
343 */
smk_fill_rule(const char * subject,const char * object,const char * access1,const char * access2,struct smack_parsed_rule * rule,int import,int len)344 static int smk_fill_rule(const char *subject, const char *object,
345 const char *access1, const char *access2,
346 struct smack_parsed_rule *rule, int import,
347 int len)
348 {
349 const char *cp;
350 struct smack_known *skp;
351
352 if (import) {
353 rule->smk_subject = smk_import_entry(subject, len);
354 if (IS_ERR(rule->smk_subject))
355 return PTR_ERR(rule->smk_subject);
356
357 rule->smk_object = smk_import_entry(object, len);
358 if (IS_ERR(rule->smk_object))
359 return PTR_ERR(rule->smk_object);
360 } else {
361 cp = smk_parse_smack(subject, len);
362 if (IS_ERR(cp))
363 return PTR_ERR(cp);
364 skp = smk_find_entry(cp);
365 kfree(cp);
366 if (skp == NULL)
367 return -ENOENT;
368 rule->smk_subject = skp;
369
370 cp = smk_parse_smack(object, len);
371 if (IS_ERR(cp))
372 return PTR_ERR(cp);
373 skp = smk_find_entry(cp);
374 kfree(cp);
375 if (skp == NULL)
376 return -ENOENT;
377 rule->smk_object = skp;
378 }
379
380 rule->smk_access1 = smk_perm_from_str(access1);
381 if (access2)
382 rule->smk_access2 = smk_perm_from_str(access2);
383 else
384 rule->smk_access2 = ~rule->smk_access1;
385
386 return 0;
387 }
388
389 /**
390 * smk_parse_rule - parse Smack rule from load string
391 * @data: string to be parsed whose size is SMK_LOADLEN
392 * @rule: Smack rule
393 * @import: if non-zero, import labels
394 *
395 * Returns 0 on success, -1 on errors.
396 */
smk_parse_rule(const char * data,struct smack_parsed_rule * rule,int import)397 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
398 int import)
399 {
400 int rc;
401
402 rc = smk_fill_rule(data, data + SMK_LABELLEN,
403 data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule,
404 import, SMK_LABELLEN);
405 return rc;
406 }
407
408 /**
409 * smk_parse_long_rule - parse Smack rule from rule string
410 * @data: string to be parsed, null terminated
411 * @rule: Will be filled with Smack parsed rule
412 * @import: if non-zero, import labels
413 * @tokens: numer of substrings expected in data
414 *
415 * Returns number of processed bytes on success, -ERRNO on failure.
416 */
smk_parse_long_rule(char * data,struct smack_parsed_rule * rule,int import,int tokens)417 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
418 int import, int tokens)
419 {
420 ssize_t cnt = 0;
421 char *tok[4];
422 int rc;
423 int i;
424
425 /*
426 * Parsing the rule in-place, filling all white-spaces with '\0'
427 */
428 for (i = 0; i < tokens; ++i) {
429 while (isspace(data[cnt]))
430 data[cnt++] = '\0';
431
432 if (data[cnt] == '\0')
433 /* Unexpected end of data */
434 return -EINVAL;
435
436 tok[i] = data + cnt;
437
438 while (data[cnt] && !isspace(data[cnt]))
439 ++cnt;
440 }
441 while (isspace(data[cnt]))
442 data[cnt++] = '\0';
443
444 while (i < 4)
445 tok[i++] = NULL;
446
447 rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
448 return rc == 0 ? cnt : rc;
449 }
450
451 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */
452 #define SMK_LONG_FMT 1 /* Variable long label format */
453 #define SMK_CHANGE_FMT 2 /* Rule modification format */
454 /**
455 * smk_write_rules_list - write() for any /smack rule file
456 * @file: file pointer, not actually used
457 * @buf: where to get the data from
458 * @count: bytes sent
459 * @ppos: where to start - must be 0
460 * @rule_list: the list of rules to write to
461 * @rule_lock: lock for the rule list
462 * @format: /smack/load or /smack/load2 or /smack/change-rule format.
463 *
464 * Get one smack access rule from above.
465 * The format for SMK_LONG_FMT is:
466 * "subject<whitespace>object<whitespace>access[<whitespace>...]"
467 * The format for SMK_FIXED24_FMT is exactly:
468 * "subject object rwxat"
469 * The format for SMK_CHANGE_FMT is:
470 * "subject<whitespace>object<whitespace>
471 * acc_enable<whitespace>acc_disable[<whitespace>...]"
472 */
smk_write_rules_list(struct file * file,const char __user * buf,size_t count,loff_t * ppos,struct list_head * rule_list,struct mutex * rule_lock,int format)473 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
474 size_t count, loff_t *ppos,
475 struct list_head *rule_list,
476 struct mutex *rule_lock, int format)
477 {
478 struct smack_parsed_rule rule;
479 char *data;
480 int rc;
481 int trunc = 0;
482 int tokens;
483 ssize_t cnt = 0;
484
485 /*
486 * No partial writes.
487 * Enough data must be present.
488 */
489 if (*ppos != 0)
490 return -EINVAL;
491
492 if (format == SMK_FIXED24_FMT) {
493 /*
494 * Minor hack for backward compatibility
495 */
496 if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
497 return -EINVAL;
498 } else {
499 if (count >= PAGE_SIZE) {
500 count = PAGE_SIZE - 1;
501 trunc = 1;
502 }
503 }
504
505 data = memdup_user_nul(buf, count);
506 if (IS_ERR(data))
507 return PTR_ERR(data);
508
509 /*
510 * In case of parsing only part of user buf,
511 * avoid having partial rule at the data buffer
512 */
513 if (trunc) {
514 while (count > 0 && (data[count - 1] != '\n'))
515 --count;
516 if (count == 0) {
517 rc = -EINVAL;
518 goto out;
519 }
520 }
521
522 data[count] = '\0';
523 tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
524 while (cnt < count) {
525 if (format == SMK_FIXED24_FMT) {
526 rc = smk_parse_rule(data, &rule, 1);
527 if (rc < 0)
528 goto out;
529 cnt = count;
530 } else {
531 rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
532 if (rc < 0)
533 goto out;
534 if (rc == 0) {
535 rc = -EINVAL;
536 goto out;
537 }
538 cnt += rc;
539 }
540
541 if (rule_list == NULL)
542 rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
543 &rule.smk_subject->smk_rules_lock, 1);
544 else
545 rc = smk_set_access(&rule, rule_list, rule_lock, 0);
546
547 if (rc)
548 goto out;
549 }
550
551 rc = cnt;
552 out:
553 kfree(data);
554 return rc;
555 }
556
557 /*
558 * Core logic for smackfs seq list operations.
559 */
560
smk_seq_start(struct seq_file * s,loff_t * pos,struct list_head * head)561 static void *smk_seq_start(struct seq_file *s, loff_t *pos,
562 struct list_head *head)
563 {
564 struct list_head *list;
565 int i = *pos;
566
567 rcu_read_lock();
568 for (list = rcu_dereference(list_next_rcu(head));
569 list != head;
570 list = rcu_dereference(list_next_rcu(list))) {
571 if (i-- == 0)
572 return list;
573 }
574
575 return NULL;
576 }
577
smk_seq_next(struct seq_file * s,void * v,loff_t * pos,struct list_head * head)578 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
579 struct list_head *head)
580 {
581 struct list_head *list = v;
582
583 ++*pos;
584 list = rcu_dereference(list_next_rcu(list));
585
586 return (list == head) ? NULL : list;
587 }
588
smk_seq_stop(struct seq_file * s,void * v)589 static void smk_seq_stop(struct seq_file *s, void *v)
590 {
591 rcu_read_unlock();
592 }
593
smk_rule_show(struct seq_file * s,struct smack_rule * srp,int max)594 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
595 {
596 /*
597 * Don't show any rules with label names too long for
598 * interface file (/smack/load or /smack/load2)
599 * because you should expect to be able to write
600 * anything you read back.
601 */
602 if (strlen(srp->smk_subject->smk_known) >= max ||
603 strlen(srp->smk_object->smk_known) >= max)
604 return;
605
606 if (srp->smk_access == 0)
607 return;
608
609 seq_printf(s, "%s %s",
610 srp->smk_subject->smk_known,
611 srp->smk_object->smk_known);
612
613 seq_putc(s, ' ');
614
615 if (srp->smk_access & MAY_READ)
616 seq_putc(s, 'r');
617 if (srp->smk_access & MAY_WRITE)
618 seq_putc(s, 'w');
619 if (srp->smk_access & MAY_EXEC)
620 seq_putc(s, 'x');
621 if (srp->smk_access & MAY_APPEND)
622 seq_putc(s, 'a');
623 if (srp->smk_access & MAY_TRANSMUTE)
624 seq_putc(s, 't');
625 if (srp->smk_access & MAY_LOCK)
626 seq_putc(s, 'l');
627 if (srp->smk_access & MAY_BRINGUP)
628 seq_putc(s, 'b');
629
630 seq_putc(s, '\n');
631 }
632
633 /*
634 * Seq_file read operations for /smack/load
635 */
636
load2_seq_start(struct seq_file * s,loff_t * pos)637 static void *load2_seq_start(struct seq_file *s, loff_t *pos)
638 {
639 return smk_seq_start(s, pos, &smack_rule_list);
640 }
641
load2_seq_next(struct seq_file * s,void * v,loff_t * pos)642 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
643 {
644 return smk_seq_next(s, v, pos, &smack_rule_list);
645 }
646
load_seq_show(struct seq_file * s,void * v)647 static int load_seq_show(struct seq_file *s, void *v)
648 {
649 struct list_head *list = v;
650 struct smack_master_list *smlp =
651 list_entry_rcu(list, struct smack_master_list, list);
652
653 smk_rule_show(s, smlp->smk_rule, SMK_LABELLEN);
654
655 return 0;
656 }
657
658 static const struct seq_operations load_seq_ops = {
659 .start = load2_seq_start,
660 .next = load2_seq_next,
661 .show = load_seq_show,
662 .stop = smk_seq_stop,
663 };
664
665 /**
666 * smk_open_load - open() for /smack/load
667 * @inode: inode structure representing file
668 * @file: "load" file pointer
669 *
670 * For reading, use load_seq_* seq_file reading operations.
671 */
smk_open_load(struct inode * inode,struct file * file)672 static int smk_open_load(struct inode *inode, struct file *file)
673 {
674 return seq_open(file, &load_seq_ops);
675 }
676
677 /**
678 * smk_write_load - write() for /smack/load
679 * @file: file pointer, not actually used
680 * @buf: where to get the data from
681 * @count: bytes sent
682 * @ppos: where to start - must be 0
683 *
684 */
smk_write_load(struct file * file,const char __user * buf,size_t count,loff_t * ppos)685 static ssize_t smk_write_load(struct file *file, const char __user *buf,
686 size_t count, loff_t *ppos)
687 {
688 /*
689 * Must have privilege.
690 * No partial writes.
691 * Enough data must be present.
692 */
693 if (!smack_privileged(CAP_MAC_ADMIN))
694 return -EPERM;
695
696 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
697 SMK_FIXED24_FMT);
698 }
699
700 static const struct file_operations smk_load_ops = {
701 .open = smk_open_load,
702 .read = seq_read,
703 .llseek = seq_lseek,
704 .write = smk_write_load,
705 .release = seq_release,
706 };
707
708 /**
709 * smk_cipso_doi - initialize the CIPSO domain
710 */
smk_cipso_doi(void)711 static void smk_cipso_doi(void)
712 {
713 int rc;
714 struct cipso_v4_doi *doip;
715 struct netlbl_audit nai;
716
717 smk_netlabel_audit_set(&nai);
718
719 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
720 if (rc != 0)
721 printk(KERN_WARNING "%s:%d remove rc = %d\n",
722 __func__, __LINE__, rc);
723
724 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
725 if (doip == NULL)
726 panic("smack: Failed to initialize cipso DOI.\n");
727 doip->map.std = NULL;
728 doip->doi = smk_cipso_doi_value;
729 doip->type = CIPSO_V4_MAP_PASS;
730 doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
731 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
732 doip->tags[rc] = CIPSO_V4_TAG_INVALID;
733
734 rc = netlbl_cfg_cipsov4_add(doip, &nai);
735 if (rc != 0) {
736 printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
737 __func__, __LINE__, rc);
738 kfree(doip);
739 return;
740 }
741 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
742 if (rc != 0) {
743 printk(KERN_WARNING "%s:%d map add rc = %d\n",
744 __func__, __LINE__, rc);
745 kfree(doip);
746 return;
747 }
748 }
749
750 /**
751 * smk_unlbl_ambient - initialize the unlabeled domain
752 * @oldambient: previous domain string
753 */
smk_unlbl_ambient(char * oldambient)754 static void smk_unlbl_ambient(char *oldambient)
755 {
756 int rc;
757 struct netlbl_audit nai;
758
759 smk_netlabel_audit_set(&nai);
760
761 if (oldambient != NULL) {
762 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
763 if (rc != 0)
764 printk(KERN_WARNING "%s:%d remove rc = %d\n",
765 __func__, __LINE__, rc);
766 }
767 if (smack_net_ambient == NULL)
768 smack_net_ambient = &smack_known_floor;
769
770 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
771 NULL, NULL, &nai);
772 if (rc != 0)
773 printk(KERN_WARNING "%s:%d add rc = %d\n",
774 __func__, __LINE__, rc);
775 }
776
777 /*
778 * Seq_file read operations for /smack/cipso
779 */
780
cipso_seq_start(struct seq_file * s,loff_t * pos)781 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
782 {
783 return smk_seq_start(s, pos, &smack_known_list);
784 }
785
cipso_seq_next(struct seq_file * s,void * v,loff_t * pos)786 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
787 {
788 return smk_seq_next(s, v, pos, &smack_known_list);
789 }
790
791 /*
792 * Print cipso labels in format:
793 * label level[/cat[,cat]]
794 */
cipso_seq_show(struct seq_file * s,void * v)795 static int cipso_seq_show(struct seq_file *s, void *v)
796 {
797 struct list_head *list = v;
798 struct smack_known *skp =
799 list_entry_rcu(list, struct smack_known, list);
800 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
801 char sep = '/';
802 int i;
803
804 /*
805 * Don't show a label that could not have been set using
806 * /smack/cipso. This is in support of the notion that
807 * anything read from /smack/cipso ought to be writeable
808 * to /smack/cipso.
809 *
810 * /smack/cipso2 should be used instead.
811 */
812 if (strlen(skp->smk_known) >= SMK_LABELLEN)
813 return 0;
814
815 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
816
817 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
818 i = netlbl_catmap_walk(cmp, i + 1)) {
819 seq_printf(s, "%c%d", sep, i);
820 sep = ',';
821 }
822
823 seq_putc(s, '\n');
824
825 return 0;
826 }
827
828 static const struct seq_operations cipso_seq_ops = {
829 .start = cipso_seq_start,
830 .next = cipso_seq_next,
831 .show = cipso_seq_show,
832 .stop = smk_seq_stop,
833 };
834
835 /**
836 * smk_open_cipso - open() for /smack/cipso
837 * @inode: inode structure representing file
838 * @file: "cipso" file pointer
839 *
840 * Connect our cipso_seq_* operations with /smack/cipso
841 * file_operations
842 */
smk_open_cipso(struct inode * inode,struct file * file)843 static int smk_open_cipso(struct inode *inode, struct file *file)
844 {
845 return seq_open(file, &cipso_seq_ops);
846 }
847
848 /**
849 * smk_set_cipso - do the work for write() for cipso and cipso2
850 * @file: file pointer, not actually used
851 * @buf: where to get the data from
852 * @count: bytes sent
853 * @ppos: where to start
854 * @format: /smack/cipso or /smack/cipso2
855 *
856 * Accepts only one cipso rule per write call.
857 * Returns number of bytes written or error code, as appropriate
858 */
smk_set_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)859 static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
860 size_t count, loff_t *ppos, int format)
861 {
862 struct smack_known *skp;
863 struct netlbl_lsm_secattr ncats;
864 char mapcatset[SMK_CIPSOLEN];
865 int maplevel;
866 unsigned int cat;
867 int catlen;
868 ssize_t rc = -EINVAL;
869 char *data = NULL;
870 char *rule;
871 int ret;
872 int i;
873
874 /*
875 * Must have privilege.
876 * No partial writes.
877 * Enough data must be present.
878 */
879 if (!smack_privileged(CAP_MAC_ADMIN))
880 return -EPERM;
881 if (*ppos != 0)
882 return -EINVAL;
883 if (format == SMK_FIXED24_FMT &&
884 (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
885 return -EINVAL;
886
887 data = memdup_user_nul(buf, count);
888 if (IS_ERR(data))
889 return PTR_ERR(data);
890
891 rule = data;
892 /*
893 * Only allow one writer at a time. Writes should be
894 * quite rare and small in any case.
895 */
896 mutex_lock(&smack_cipso_lock);
897
898 skp = smk_import_entry(rule, 0);
899 if (IS_ERR(skp)) {
900 rc = PTR_ERR(skp);
901 goto out;
902 }
903
904 if (format == SMK_FIXED24_FMT)
905 rule += SMK_LABELLEN;
906 else
907 rule += strlen(skp->smk_known) + 1;
908
909 if (rule > data + count) {
910 rc = -EOVERFLOW;
911 goto out;
912 }
913
914 ret = sscanf(rule, "%d", &maplevel);
915 if (ret != 1 || maplevel < 0 || maplevel > SMACK_CIPSO_MAXLEVEL)
916 goto out;
917
918 rule += SMK_DIGITLEN;
919 if (rule > data + count) {
920 rc = -EOVERFLOW;
921 goto out;
922 }
923
924 ret = sscanf(rule, "%d", &catlen);
925 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
926 goto out;
927
928 if (format == SMK_FIXED24_FMT &&
929 count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
930 goto out;
931
932 memset(mapcatset, 0, sizeof(mapcatset));
933
934 for (i = 0; i < catlen; i++) {
935 rule += SMK_DIGITLEN;
936 if (rule > data + count) {
937 rc = -EOVERFLOW;
938 goto out;
939 }
940 ret = sscanf(rule, "%u", &cat);
941 if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
942 goto out;
943
944 smack_catset_bit(cat, mapcatset);
945 }
946
947 rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
948 if (rc >= 0) {
949 netlbl_catmap_free(skp->smk_netlabel.attr.mls.cat);
950 skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat;
951 skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
952 rc = count;
953 }
954
955 out:
956 mutex_unlock(&smack_cipso_lock);
957 kfree(data);
958 return rc;
959 }
960
961 /**
962 * smk_write_cipso - write() for /smack/cipso
963 * @file: file pointer, not actually used
964 * @buf: where to get the data from
965 * @count: bytes sent
966 * @ppos: where to start
967 *
968 * Accepts only one cipso rule per write call.
969 * Returns number of bytes written or error code, as appropriate
970 */
smk_write_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos)971 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
972 size_t count, loff_t *ppos)
973 {
974 return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
975 }
976
977 static const struct file_operations smk_cipso_ops = {
978 .open = smk_open_cipso,
979 .read = seq_read,
980 .llseek = seq_lseek,
981 .write = smk_write_cipso,
982 .release = seq_release,
983 };
984
985 /*
986 * Seq_file read operations for /smack/cipso2
987 */
988
989 /*
990 * Print cipso labels in format:
991 * label level[/cat[,cat]]
992 */
cipso2_seq_show(struct seq_file * s,void * v)993 static int cipso2_seq_show(struct seq_file *s, void *v)
994 {
995 struct list_head *list = v;
996 struct smack_known *skp =
997 list_entry_rcu(list, struct smack_known, list);
998 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
999 char sep = '/';
1000 int i;
1001
1002 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
1003
1004 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
1005 i = netlbl_catmap_walk(cmp, i + 1)) {
1006 seq_printf(s, "%c%d", sep, i);
1007 sep = ',';
1008 }
1009
1010 seq_putc(s, '\n');
1011
1012 return 0;
1013 }
1014
1015 static const struct seq_operations cipso2_seq_ops = {
1016 .start = cipso_seq_start,
1017 .next = cipso_seq_next,
1018 .show = cipso2_seq_show,
1019 .stop = smk_seq_stop,
1020 };
1021
1022 /**
1023 * smk_open_cipso2 - open() for /smack/cipso2
1024 * @inode: inode structure representing file
1025 * @file: "cipso2" file pointer
1026 *
1027 * Connect our cipso_seq_* operations with /smack/cipso2
1028 * file_operations
1029 */
smk_open_cipso2(struct inode * inode,struct file * file)1030 static int smk_open_cipso2(struct inode *inode, struct file *file)
1031 {
1032 return seq_open(file, &cipso2_seq_ops);
1033 }
1034
1035 /**
1036 * smk_write_cipso2 - write() for /smack/cipso2
1037 * @file: file pointer, not actually used
1038 * @buf: where to get the data from
1039 * @count: bytes sent
1040 * @ppos: where to start
1041 *
1042 * Accepts only one cipso rule per write call.
1043 * Returns number of bytes written or error code, as appropriate
1044 */
smk_write_cipso2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1045 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
1046 size_t count, loff_t *ppos)
1047 {
1048 return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
1049 }
1050
1051 static const struct file_operations smk_cipso2_ops = {
1052 .open = smk_open_cipso2,
1053 .read = seq_read,
1054 .llseek = seq_lseek,
1055 .write = smk_write_cipso2,
1056 .release = seq_release,
1057 };
1058
1059 /*
1060 * Seq_file read operations for /smack/netlabel
1061 */
1062
net4addr_seq_start(struct seq_file * s,loff_t * pos)1063 static void *net4addr_seq_start(struct seq_file *s, loff_t *pos)
1064 {
1065 return smk_seq_start(s, pos, &smk_net4addr_list);
1066 }
1067
net4addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1068 static void *net4addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1069 {
1070 return smk_seq_next(s, v, pos, &smk_net4addr_list);
1071 }
1072
1073 /*
1074 * Print host/label pairs
1075 */
net4addr_seq_show(struct seq_file * s,void * v)1076 static int net4addr_seq_show(struct seq_file *s, void *v)
1077 {
1078 struct list_head *list = v;
1079 struct smk_net4addr *skp =
1080 list_entry_rcu(list, struct smk_net4addr, list);
1081 char *kp = SMACK_CIPSO_OPTION;
1082
1083 if (skp->smk_label != NULL)
1084 kp = skp->smk_label->smk_known;
1085 seq_printf(s, "%pI4/%d %s\n", &skp->smk_host.s_addr,
1086 skp->smk_masks, kp);
1087
1088 return 0;
1089 }
1090
1091 static const struct seq_operations net4addr_seq_ops = {
1092 .start = net4addr_seq_start,
1093 .next = net4addr_seq_next,
1094 .show = net4addr_seq_show,
1095 .stop = smk_seq_stop,
1096 };
1097
1098 /**
1099 * smk_open_net4addr - open() for /smack/netlabel
1100 * @inode: inode structure representing file
1101 * @file: "netlabel" file pointer
1102 *
1103 * Connect our net4addr_seq_* operations with /smack/netlabel
1104 * file_operations
1105 */
smk_open_net4addr(struct inode * inode,struct file * file)1106 static int smk_open_net4addr(struct inode *inode, struct file *file)
1107 {
1108 return seq_open(file, &net4addr_seq_ops);
1109 }
1110
1111 /**
1112 * smk_net4addr_insert
1113 * @new : netlabel to insert
1114 *
1115 * This helper insert netlabel in the smack_net4addrs list
1116 * sorted by netmask length (longest to smallest)
1117 * locked by &smk_net4addr_lock in smk_write_net4addr
1118 *
1119 */
smk_net4addr_insert(struct smk_net4addr * new)1120 static void smk_net4addr_insert(struct smk_net4addr *new)
1121 {
1122 struct smk_net4addr *m;
1123 struct smk_net4addr *m_next;
1124
1125 if (list_empty(&smk_net4addr_list)) {
1126 list_add_rcu(&new->list, &smk_net4addr_list);
1127 return;
1128 }
1129
1130 m = list_entry_rcu(smk_net4addr_list.next,
1131 struct smk_net4addr, list);
1132
1133 /* the comparison '>' is a bit hacky, but works */
1134 if (new->smk_masks > m->smk_masks) {
1135 list_add_rcu(&new->list, &smk_net4addr_list);
1136 return;
1137 }
1138
1139 list_for_each_entry_rcu(m, &smk_net4addr_list, list) {
1140 if (list_is_last(&m->list, &smk_net4addr_list)) {
1141 list_add_rcu(&new->list, &m->list);
1142 return;
1143 }
1144 m_next = list_entry_rcu(m->list.next,
1145 struct smk_net4addr, list);
1146 if (new->smk_masks > m_next->smk_masks) {
1147 list_add_rcu(&new->list, &m->list);
1148 return;
1149 }
1150 }
1151 }
1152
1153
1154 /**
1155 * smk_write_net4addr - write() for /smack/netlabel
1156 * @file: file pointer, not actually used
1157 * @buf: where to get the data from
1158 * @count: bytes sent
1159 * @ppos: where to start
1160 *
1161 * Accepts only one net4addr per write call.
1162 * Returns number of bytes written or error code, as appropriate
1163 */
smk_write_net4addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1164 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
1165 size_t count, loff_t *ppos)
1166 {
1167 struct smk_net4addr *snp;
1168 struct sockaddr_in newname;
1169 char *smack;
1170 struct smack_known *skp = NULL;
1171 char *data;
1172 char *host = (char *)&newname.sin_addr.s_addr;
1173 int rc;
1174 struct netlbl_audit audit_info;
1175 struct in_addr mask;
1176 unsigned int m;
1177 unsigned int masks;
1178 int found;
1179 u32 mask_bits = (1<<31);
1180 __be32 nsa;
1181 u32 temp_mask;
1182
1183 /*
1184 * Must have privilege.
1185 * No partial writes.
1186 * Enough data must be present.
1187 * "<addr/mask, as a.b.c.d/e><space><label>"
1188 * "<addr, as a.b.c.d><space><label>"
1189 */
1190 if (!smack_privileged(CAP_MAC_ADMIN))
1191 return -EPERM;
1192 if (*ppos != 0)
1193 return -EINVAL;
1194 if (count < SMK_NETLBLADDRMIN)
1195 return -EINVAL;
1196
1197 data = memdup_user_nul(buf, count);
1198 if (IS_ERR(data))
1199 return PTR_ERR(data);
1200
1201 smack = kzalloc(count + 1, GFP_KERNEL);
1202 if (smack == NULL) {
1203 rc = -ENOMEM;
1204 goto free_data_out;
1205 }
1206
1207 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
1208 &host[0], &host[1], &host[2], &host[3], &masks, smack);
1209 if (rc != 6) {
1210 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1211 &host[0], &host[1], &host[2], &host[3], smack);
1212 if (rc != 5) {
1213 rc = -EINVAL;
1214 goto free_out;
1215 }
1216 m = BEBITS;
1217 masks = 32;
1218 }
1219 if (masks > BEBITS) {
1220 rc = -EINVAL;
1221 goto free_out;
1222 }
1223
1224 /*
1225 * If smack begins with '-', it is an option, don't import it
1226 */
1227 if (smack[0] != '-') {
1228 skp = smk_import_entry(smack, 0);
1229 if (IS_ERR(skp)) {
1230 rc = PTR_ERR(skp);
1231 goto free_out;
1232 }
1233 } else {
1234 /*
1235 * Only the -CIPSO option is supported for IPv4
1236 */
1237 if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) {
1238 rc = -EINVAL;
1239 goto free_out;
1240 }
1241 }
1242
1243 for (m = masks, temp_mask = 0; m > 0; m--) {
1244 temp_mask |= mask_bits;
1245 mask_bits >>= 1;
1246 }
1247 mask.s_addr = cpu_to_be32(temp_mask);
1248
1249 newname.sin_addr.s_addr &= mask.s_addr;
1250 /*
1251 * Only allow one writer at a time. Writes should be
1252 * quite rare and small in any case.
1253 */
1254 mutex_lock(&smk_net4addr_lock);
1255
1256 nsa = newname.sin_addr.s_addr;
1257 /* try to find if the prefix is already in the list */
1258 found = 0;
1259 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) {
1260 if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) {
1261 found = 1;
1262 break;
1263 }
1264 }
1265 smk_netlabel_audit_set(&audit_info);
1266
1267 if (found == 0) {
1268 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1269 if (snp == NULL)
1270 rc = -ENOMEM;
1271 else {
1272 rc = 0;
1273 snp->smk_host.s_addr = newname.sin_addr.s_addr;
1274 snp->smk_mask.s_addr = mask.s_addr;
1275 snp->smk_label = skp;
1276 snp->smk_masks = masks;
1277 smk_net4addr_insert(snp);
1278 }
1279 } else {
1280 /*
1281 * Delete the unlabeled entry, only if the previous label
1282 * wasn't the special CIPSO option
1283 */
1284 if (snp->smk_label != NULL)
1285 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1286 &snp->smk_host, &snp->smk_mask,
1287 PF_INET, &audit_info);
1288 else
1289 rc = 0;
1290 snp->smk_label = skp;
1291 }
1292
1293 /*
1294 * Now tell netlabel about the single label nature of
1295 * this host so that incoming packets get labeled.
1296 * but only if we didn't get the special CIPSO option
1297 */
1298 if (rc == 0 && skp != NULL)
1299 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1300 &snp->smk_host, &snp->smk_mask, PF_INET,
1301 snp->smk_label->smk_secid, &audit_info);
1302
1303 if (rc == 0)
1304 rc = count;
1305
1306 mutex_unlock(&smk_net4addr_lock);
1307
1308 free_out:
1309 kfree(smack);
1310 free_data_out:
1311 kfree(data);
1312
1313 return rc;
1314 }
1315
1316 static const struct file_operations smk_net4addr_ops = {
1317 .open = smk_open_net4addr,
1318 .read = seq_read,
1319 .llseek = seq_lseek,
1320 .write = smk_write_net4addr,
1321 .release = seq_release,
1322 };
1323
1324 #if IS_ENABLED(CONFIG_IPV6)
1325 /*
1326 * Seq_file read operations for /smack/netlabel6
1327 */
1328
net6addr_seq_start(struct seq_file * s,loff_t * pos)1329 static void *net6addr_seq_start(struct seq_file *s, loff_t *pos)
1330 {
1331 return smk_seq_start(s, pos, &smk_net6addr_list);
1332 }
1333
net6addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1334 static void *net6addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1335 {
1336 return smk_seq_next(s, v, pos, &smk_net6addr_list);
1337 }
1338
1339 /*
1340 * Print host/label pairs
1341 */
net6addr_seq_show(struct seq_file * s,void * v)1342 static int net6addr_seq_show(struct seq_file *s, void *v)
1343 {
1344 struct list_head *list = v;
1345 struct smk_net6addr *skp =
1346 list_entry(list, struct smk_net6addr, list);
1347
1348 if (skp->smk_label != NULL)
1349 seq_printf(s, "%pI6/%d %s\n", &skp->smk_host, skp->smk_masks,
1350 skp->smk_label->smk_known);
1351
1352 return 0;
1353 }
1354
1355 static const struct seq_operations net6addr_seq_ops = {
1356 .start = net6addr_seq_start,
1357 .next = net6addr_seq_next,
1358 .show = net6addr_seq_show,
1359 .stop = smk_seq_stop,
1360 };
1361
1362 /**
1363 * smk_open_net6addr - open() for /smack/netlabel
1364 * @inode: inode structure representing file
1365 * @file: "netlabel" file pointer
1366 *
1367 * Connect our net6addr_seq_* operations with /smack/netlabel
1368 * file_operations
1369 */
smk_open_net6addr(struct inode * inode,struct file * file)1370 static int smk_open_net6addr(struct inode *inode, struct file *file)
1371 {
1372 return seq_open(file, &net6addr_seq_ops);
1373 }
1374
1375 /**
1376 * smk_net6addr_insert
1377 * @new : entry to insert
1378 *
1379 * This inserts an entry in the smack_net6addrs list
1380 * sorted by netmask length (longest to smallest)
1381 * locked by &smk_net6addr_lock in smk_write_net6addr
1382 *
1383 */
smk_net6addr_insert(struct smk_net6addr * new)1384 static void smk_net6addr_insert(struct smk_net6addr *new)
1385 {
1386 struct smk_net6addr *m_next;
1387 struct smk_net6addr *m;
1388
1389 if (list_empty(&smk_net6addr_list)) {
1390 list_add_rcu(&new->list, &smk_net6addr_list);
1391 return;
1392 }
1393
1394 m = list_entry_rcu(smk_net6addr_list.next,
1395 struct smk_net6addr, list);
1396
1397 if (new->smk_masks > m->smk_masks) {
1398 list_add_rcu(&new->list, &smk_net6addr_list);
1399 return;
1400 }
1401
1402 list_for_each_entry_rcu(m, &smk_net6addr_list, list) {
1403 if (list_is_last(&m->list, &smk_net6addr_list)) {
1404 list_add_rcu(&new->list, &m->list);
1405 return;
1406 }
1407 m_next = list_entry_rcu(m->list.next,
1408 struct smk_net6addr, list);
1409 if (new->smk_masks > m_next->smk_masks) {
1410 list_add_rcu(&new->list, &m->list);
1411 return;
1412 }
1413 }
1414 }
1415
1416
1417 /**
1418 * smk_write_net6addr - write() for /smack/netlabel
1419 * @file: file pointer, not actually used
1420 * @buf: where to get the data from
1421 * @count: bytes sent
1422 * @ppos: where to start
1423 *
1424 * Accepts only one net6addr per write call.
1425 * Returns number of bytes written or error code, as appropriate
1426 */
smk_write_net6addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1427 static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
1428 size_t count, loff_t *ppos)
1429 {
1430 struct smk_net6addr *snp;
1431 struct in6_addr newname;
1432 struct in6_addr fullmask;
1433 struct smack_known *skp = NULL;
1434 char *smack;
1435 char *data;
1436 int rc = 0;
1437 int found = 0;
1438 int i;
1439 unsigned int scanned[8];
1440 unsigned int m;
1441 unsigned int mask = 128;
1442
1443 /*
1444 * Must have privilege.
1445 * No partial writes.
1446 * Enough data must be present.
1447 * "<addr/mask, as a:b:c:d:e:f:g:h/e><space><label>"
1448 * "<addr, as a:b:c:d:e:f:g:h><space><label>"
1449 */
1450 if (!smack_privileged(CAP_MAC_ADMIN))
1451 return -EPERM;
1452 if (*ppos != 0)
1453 return -EINVAL;
1454 if (count < SMK_NETLBLADDRMIN)
1455 return -EINVAL;
1456
1457 data = memdup_user_nul(buf, count);
1458 if (IS_ERR(data))
1459 return PTR_ERR(data);
1460
1461 smack = kzalloc(count + 1, GFP_KERNEL);
1462 if (smack == NULL) {
1463 rc = -ENOMEM;
1464 goto free_data_out;
1465 }
1466
1467 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
1468 &scanned[0], &scanned[1], &scanned[2], &scanned[3],
1469 &scanned[4], &scanned[5], &scanned[6], &scanned[7],
1470 &mask, smack);
1471 if (i != 10) {
1472 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
1473 &scanned[0], &scanned[1], &scanned[2],
1474 &scanned[3], &scanned[4], &scanned[5],
1475 &scanned[6], &scanned[7], smack);
1476 if (i != 9) {
1477 rc = -EINVAL;
1478 goto free_out;
1479 }
1480 }
1481 if (mask > 128) {
1482 rc = -EINVAL;
1483 goto free_out;
1484 }
1485 for (i = 0; i < 8; i++) {
1486 if (scanned[i] > 0xffff) {
1487 rc = -EINVAL;
1488 goto free_out;
1489 }
1490 newname.s6_addr16[i] = htons(scanned[i]);
1491 }
1492
1493 /*
1494 * If smack begins with '-', it is an option, don't import it
1495 */
1496 if (smack[0] != '-') {
1497 skp = smk_import_entry(smack, 0);
1498 if (IS_ERR(skp)) {
1499 rc = PTR_ERR(skp);
1500 goto free_out;
1501 }
1502 } else {
1503 /*
1504 * Only -DELETE is supported for IPv6
1505 */
1506 if (strcmp(smack, SMACK_DELETE_OPTION) != 0) {
1507 rc = -EINVAL;
1508 goto free_out;
1509 }
1510 }
1511
1512 for (i = 0, m = mask; i < 8; i++) {
1513 if (m >= 16) {
1514 fullmask.s6_addr16[i] = 0xffff;
1515 m -= 16;
1516 } else if (m > 0) {
1517 fullmask.s6_addr16[i] = (1 << m) - 1;
1518 m = 0;
1519 } else
1520 fullmask.s6_addr16[i] = 0;
1521 newname.s6_addr16[i] &= fullmask.s6_addr16[i];
1522 }
1523
1524 /*
1525 * Only allow one writer at a time. Writes should be
1526 * quite rare and small in any case.
1527 */
1528 mutex_lock(&smk_net6addr_lock);
1529 /*
1530 * Try to find the prefix in the list
1531 */
1532 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
1533 if (mask != snp->smk_masks)
1534 continue;
1535 for (found = 1, i = 0; i < 8; i++) {
1536 if (newname.s6_addr16[i] !=
1537 snp->smk_host.s6_addr16[i]) {
1538 found = 0;
1539 break;
1540 }
1541 }
1542 if (found == 1)
1543 break;
1544 }
1545 if (found == 0) {
1546 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1547 if (snp == NULL)
1548 rc = -ENOMEM;
1549 else {
1550 snp->smk_host = newname;
1551 snp->smk_mask = fullmask;
1552 snp->smk_masks = mask;
1553 snp->smk_label = skp;
1554 smk_net6addr_insert(snp);
1555 }
1556 } else {
1557 snp->smk_label = skp;
1558 }
1559
1560 if (rc == 0)
1561 rc = count;
1562
1563 mutex_unlock(&smk_net6addr_lock);
1564
1565 free_out:
1566 kfree(smack);
1567 free_data_out:
1568 kfree(data);
1569
1570 return rc;
1571 }
1572
1573 static const struct file_operations smk_net6addr_ops = {
1574 .open = smk_open_net6addr,
1575 .read = seq_read,
1576 .llseek = seq_lseek,
1577 .write = smk_write_net6addr,
1578 .release = seq_release,
1579 };
1580 #endif /* CONFIG_IPV6 */
1581
1582 /**
1583 * smk_read_doi - read() for /smack/doi
1584 * @filp: file pointer, not actually used
1585 * @buf: where to put the result
1586 * @count: maximum to send along
1587 * @ppos: where to start
1588 *
1589 * Returns number of bytes read or error code, as appropriate
1590 */
smk_read_doi(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1591 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1592 size_t count, loff_t *ppos)
1593 {
1594 char temp[80];
1595 ssize_t rc;
1596
1597 if (*ppos != 0)
1598 return 0;
1599
1600 sprintf(temp, "%d", smk_cipso_doi_value);
1601 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1602
1603 return rc;
1604 }
1605
1606 /**
1607 * smk_write_doi - write() for /smack/doi
1608 * @file: file pointer, not actually used
1609 * @buf: where to get the data from
1610 * @count: bytes sent
1611 * @ppos: where to start
1612 *
1613 * Returns number of bytes written or error code, as appropriate
1614 */
smk_write_doi(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1615 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1616 size_t count, loff_t *ppos)
1617 {
1618 char temp[80];
1619 int i;
1620
1621 if (!smack_privileged(CAP_MAC_ADMIN))
1622 return -EPERM;
1623
1624 if (count >= sizeof(temp) || count == 0)
1625 return -EINVAL;
1626
1627 if (copy_from_user(temp, buf, count) != 0)
1628 return -EFAULT;
1629
1630 temp[count] = '\0';
1631
1632 if (sscanf(temp, "%d", &i) != 1)
1633 return -EINVAL;
1634
1635 smk_cipso_doi_value = i;
1636
1637 smk_cipso_doi();
1638
1639 return count;
1640 }
1641
1642 static const struct file_operations smk_doi_ops = {
1643 .read = smk_read_doi,
1644 .write = smk_write_doi,
1645 .llseek = default_llseek,
1646 };
1647
1648 /**
1649 * smk_read_direct - read() for /smack/direct
1650 * @filp: file pointer, not actually used
1651 * @buf: where to put the result
1652 * @count: maximum to send along
1653 * @ppos: where to start
1654 *
1655 * Returns number of bytes read or error code, as appropriate
1656 */
smk_read_direct(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1657 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1658 size_t count, loff_t *ppos)
1659 {
1660 char temp[80];
1661 ssize_t rc;
1662
1663 if (*ppos != 0)
1664 return 0;
1665
1666 sprintf(temp, "%d", smack_cipso_direct);
1667 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1668
1669 return rc;
1670 }
1671
1672 /**
1673 * smk_write_direct - write() for /smack/direct
1674 * @file: file pointer, not actually used
1675 * @buf: where to get the data from
1676 * @count: bytes sent
1677 * @ppos: where to start
1678 *
1679 * Returns number of bytes written or error code, as appropriate
1680 */
smk_write_direct(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1681 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1682 size_t count, loff_t *ppos)
1683 {
1684 struct smack_known *skp;
1685 char temp[80];
1686 int i;
1687
1688 if (!smack_privileged(CAP_MAC_ADMIN))
1689 return -EPERM;
1690
1691 if (count >= sizeof(temp) || count == 0)
1692 return -EINVAL;
1693
1694 if (copy_from_user(temp, buf, count) != 0)
1695 return -EFAULT;
1696
1697 temp[count] = '\0';
1698
1699 if (sscanf(temp, "%d", &i) != 1)
1700 return -EINVAL;
1701
1702 /*
1703 * Don't do anything if the value hasn't actually changed.
1704 * If it is changing reset the level on entries that were
1705 * set up to be direct when they were created.
1706 */
1707 if (smack_cipso_direct != i) {
1708 mutex_lock(&smack_known_lock);
1709 list_for_each_entry_rcu(skp, &smack_known_list, list)
1710 if (skp->smk_netlabel.attr.mls.lvl ==
1711 smack_cipso_direct)
1712 skp->smk_netlabel.attr.mls.lvl = i;
1713 smack_cipso_direct = i;
1714 mutex_unlock(&smack_known_lock);
1715 }
1716
1717 return count;
1718 }
1719
1720 static const struct file_operations smk_direct_ops = {
1721 .read = smk_read_direct,
1722 .write = smk_write_direct,
1723 .llseek = default_llseek,
1724 };
1725
1726 /**
1727 * smk_read_mapped - read() for /smack/mapped
1728 * @filp: file pointer, not actually used
1729 * @buf: where to put the result
1730 * @count: maximum to send along
1731 * @ppos: where to start
1732 *
1733 * Returns number of bytes read or error code, as appropriate
1734 */
smk_read_mapped(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1735 static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1736 size_t count, loff_t *ppos)
1737 {
1738 char temp[80];
1739 ssize_t rc;
1740
1741 if (*ppos != 0)
1742 return 0;
1743
1744 sprintf(temp, "%d", smack_cipso_mapped);
1745 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1746
1747 return rc;
1748 }
1749
1750 /**
1751 * smk_write_mapped - write() for /smack/mapped
1752 * @file: file pointer, not actually used
1753 * @buf: where to get the data from
1754 * @count: bytes sent
1755 * @ppos: where to start
1756 *
1757 * Returns number of bytes written or error code, as appropriate
1758 */
smk_write_mapped(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1759 static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1760 size_t count, loff_t *ppos)
1761 {
1762 struct smack_known *skp;
1763 char temp[80];
1764 int i;
1765
1766 if (!smack_privileged(CAP_MAC_ADMIN))
1767 return -EPERM;
1768
1769 if (count >= sizeof(temp) || count == 0)
1770 return -EINVAL;
1771
1772 if (copy_from_user(temp, buf, count) != 0)
1773 return -EFAULT;
1774
1775 temp[count] = '\0';
1776
1777 if (sscanf(temp, "%d", &i) != 1)
1778 return -EINVAL;
1779
1780 /*
1781 * Don't do anything if the value hasn't actually changed.
1782 * If it is changing reset the level on entries that were
1783 * set up to be mapped when they were created.
1784 */
1785 if (smack_cipso_mapped != i) {
1786 mutex_lock(&smack_known_lock);
1787 list_for_each_entry_rcu(skp, &smack_known_list, list)
1788 if (skp->smk_netlabel.attr.mls.lvl ==
1789 smack_cipso_mapped)
1790 skp->smk_netlabel.attr.mls.lvl = i;
1791 smack_cipso_mapped = i;
1792 mutex_unlock(&smack_known_lock);
1793 }
1794
1795 return count;
1796 }
1797
1798 static const struct file_operations smk_mapped_ops = {
1799 .read = smk_read_mapped,
1800 .write = smk_write_mapped,
1801 .llseek = default_llseek,
1802 };
1803
1804 /**
1805 * smk_read_ambient - read() for /smack/ambient
1806 * @filp: file pointer, not actually used
1807 * @buf: where to put the result
1808 * @cn: maximum to send along
1809 * @ppos: where to start
1810 *
1811 * Returns number of bytes read or error code, as appropriate
1812 */
smk_read_ambient(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)1813 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1814 size_t cn, loff_t *ppos)
1815 {
1816 ssize_t rc;
1817 int asize;
1818
1819 if (*ppos != 0)
1820 return 0;
1821 /*
1822 * Being careful to avoid a problem in the case where
1823 * smack_net_ambient gets changed in midstream.
1824 */
1825 mutex_lock(&smack_ambient_lock);
1826
1827 asize = strlen(smack_net_ambient->smk_known) + 1;
1828
1829 if (cn >= asize)
1830 rc = simple_read_from_buffer(buf, cn, ppos,
1831 smack_net_ambient->smk_known,
1832 asize);
1833 else
1834 rc = -EINVAL;
1835
1836 mutex_unlock(&smack_ambient_lock);
1837
1838 return rc;
1839 }
1840
1841 /**
1842 * smk_write_ambient - write() for /smack/ambient
1843 * @file: file pointer, not actually used
1844 * @buf: where to get the data from
1845 * @count: bytes sent
1846 * @ppos: where to start
1847 *
1848 * Returns number of bytes written or error code, as appropriate
1849 */
smk_write_ambient(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1850 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1851 size_t count, loff_t *ppos)
1852 {
1853 struct smack_known *skp;
1854 char *oldambient;
1855 char *data;
1856 int rc = count;
1857
1858 if (!smack_privileged(CAP_MAC_ADMIN))
1859 return -EPERM;
1860
1861 data = memdup_user_nul(buf, count);
1862 if (IS_ERR(data))
1863 return PTR_ERR(data);
1864
1865 skp = smk_import_entry(data, count);
1866 if (IS_ERR(skp)) {
1867 rc = PTR_ERR(skp);
1868 goto out;
1869 }
1870
1871 mutex_lock(&smack_ambient_lock);
1872
1873 oldambient = smack_net_ambient->smk_known;
1874 smack_net_ambient = skp;
1875 smk_unlbl_ambient(oldambient);
1876
1877 mutex_unlock(&smack_ambient_lock);
1878
1879 out:
1880 kfree(data);
1881 return rc;
1882 }
1883
1884 static const struct file_operations smk_ambient_ops = {
1885 .read = smk_read_ambient,
1886 .write = smk_write_ambient,
1887 .llseek = default_llseek,
1888 };
1889
1890 /*
1891 * Seq_file operations for /smack/onlycap
1892 */
onlycap_seq_start(struct seq_file * s,loff_t * pos)1893 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
1894 {
1895 return smk_seq_start(s, pos, &smack_onlycap_list);
1896 }
1897
onlycap_seq_next(struct seq_file * s,void * v,loff_t * pos)1898 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
1899 {
1900 return smk_seq_next(s, v, pos, &smack_onlycap_list);
1901 }
1902
onlycap_seq_show(struct seq_file * s,void * v)1903 static int onlycap_seq_show(struct seq_file *s, void *v)
1904 {
1905 struct list_head *list = v;
1906 struct smack_known_list_elem *sklep =
1907 list_entry_rcu(list, struct smack_known_list_elem, list);
1908
1909 seq_puts(s, sklep->smk_label->smk_known);
1910 seq_putc(s, ' ');
1911
1912 return 0;
1913 }
1914
1915 static const struct seq_operations onlycap_seq_ops = {
1916 .start = onlycap_seq_start,
1917 .next = onlycap_seq_next,
1918 .show = onlycap_seq_show,
1919 .stop = smk_seq_stop,
1920 };
1921
smk_open_onlycap(struct inode * inode,struct file * file)1922 static int smk_open_onlycap(struct inode *inode, struct file *file)
1923 {
1924 return seq_open(file, &onlycap_seq_ops);
1925 }
1926
1927 /**
1928 * smk_list_swap_rcu - swap public list with a private one in RCU-safe way
1929 * The caller must hold appropriate mutex to prevent concurrent modifications
1930 * to the public list.
1931 * Private list is assumed to be not accessible to other threads yet.
1932 *
1933 * @public: public list
1934 * @private: private list
1935 */
smk_list_swap_rcu(struct list_head * public,struct list_head * private)1936 static void smk_list_swap_rcu(struct list_head *public,
1937 struct list_head *private)
1938 {
1939 struct list_head *first, *last;
1940
1941 if (list_empty(public)) {
1942 list_splice_init_rcu(private, public, synchronize_rcu);
1943 } else {
1944 /* Remember public list before replacing it */
1945 first = public->next;
1946 last = public->prev;
1947
1948 /* Publish private list in place of public in RCU-safe way */
1949 private->prev->next = public;
1950 private->next->prev = public;
1951 rcu_assign_pointer(public->next, private->next);
1952 public->prev = private->prev;
1953
1954 synchronize_rcu();
1955
1956 /* When all readers are done with the old public list,
1957 * attach it in place of private */
1958 private->next = first;
1959 private->prev = last;
1960 first->prev = private;
1961 last->next = private;
1962 }
1963 }
1964
1965 /**
1966 * smk_parse_label_list - parse list of Smack labels, separated by spaces
1967 *
1968 * @data: the string to parse
1969 * @private: destination list
1970 *
1971 * Returns zero on success or error code, as appropriate
1972 */
smk_parse_label_list(char * data,struct list_head * list)1973 static int smk_parse_label_list(char *data, struct list_head *list)
1974 {
1975 char *tok;
1976 struct smack_known *skp;
1977 struct smack_known_list_elem *sklep;
1978
1979 while ((tok = strsep(&data, " ")) != NULL) {
1980 if (!*tok)
1981 continue;
1982
1983 skp = smk_import_entry(tok, 0);
1984 if (IS_ERR(skp))
1985 return PTR_ERR(skp);
1986
1987 sklep = kzalloc(sizeof(*sklep), GFP_KERNEL);
1988 if (sklep == NULL)
1989 return -ENOMEM;
1990
1991 sklep->smk_label = skp;
1992 list_add(&sklep->list, list);
1993 }
1994
1995 return 0;
1996 }
1997
1998 /**
1999 * smk_destroy_label_list - destroy a list of smack_known_list_elem
2000 * @head: header pointer of the list to destroy
2001 */
smk_destroy_label_list(struct list_head * list)2002 void smk_destroy_label_list(struct list_head *list)
2003 {
2004 struct smack_known_list_elem *sklep;
2005 struct smack_known_list_elem *sklep2;
2006
2007 list_for_each_entry_safe(sklep, sklep2, list, list)
2008 kfree(sklep);
2009
2010 INIT_LIST_HEAD(list);
2011 }
2012
2013 /**
2014 * smk_write_onlycap - write() for smackfs/onlycap
2015 * @file: file pointer, not actually used
2016 * @buf: where to get the data from
2017 * @count: bytes sent
2018 * @ppos: where to start
2019 *
2020 * Returns number of bytes written or error code, as appropriate
2021 */
smk_write_onlycap(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2022 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
2023 size_t count, loff_t *ppos)
2024 {
2025 char *data;
2026 LIST_HEAD(list_tmp);
2027 int rc;
2028
2029 if (!smack_privileged(CAP_MAC_ADMIN))
2030 return -EPERM;
2031
2032 data = memdup_user_nul(buf, count);
2033 if (IS_ERR(data))
2034 return PTR_ERR(data);
2035
2036 rc = smk_parse_label_list(data, &list_tmp);
2037 kfree(data);
2038
2039 /*
2040 * Clear the smack_onlycap on invalid label errors. This means
2041 * that we can pass a null string to unset the onlycap value.
2042 *
2043 * Importing will also reject a label beginning with '-',
2044 * so "-usecapabilities" will also work.
2045 *
2046 * But do so only on invalid label, not on system errors.
2047 * The invalid label must be first to count as clearing attempt.
2048 */
2049 if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2050 mutex_lock(&smack_onlycap_lock);
2051 smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
2052 mutex_unlock(&smack_onlycap_lock);
2053 rc = count;
2054 }
2055
2056 smk_destroy_label_list(&list_tmp);
2057
2058 return rc;
2059 }
2060
2061 static const struct file_operations smk_onlycap_ops = {
2062 .open = smk_open_onlycap,
2063 .read = seq_read,
2064 .write = smk_write_onlycap,
2065 .llseek = seq_lseek,
2066 .release = seq_release,
2067 };
2068
2069 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2070 /**
2071 * smk_read_unconfined - read() for smackfs/unconfined
2072 * @filp: file pointer, not actually used
2073 * @buf: where to put the result
2074 * @cn: maximum to send along
2075 * @ppos: where to start
2076 *
2077 * Returns number of bytes read or error code, as appropriate
2078 */
smk_read_unconfined(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2079 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
2080 size_t cn, loff_t *ppos)
2081 {
2082 char *smack = "";
2083 ssize_t rc = -EINVAL;
2084 int asize;
2085
2086 if (*ppos != 0)
2087 return 0;
2088
2089 if (smack_unconfined != NULL)
2090 smack = smack_unconfined->smk_known;
2091
2092 asize = strlen(smack) + 1;
2093
2094 if (cn >= asize)
2095 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
2096
2097 return rc;
2098 }
2099
2100 /**
2101 * smk_write_unconfined - write() for smackfs/unconfined
2102 * @file: file pointer, not actually used
2103 * @buf: where to get the data from
2104 * @count: bytes sent
2105 * @ppos: where to start
2106 *
2107 * Returns number of bytes written or error code, as appropriate
2108 */
smk_write_unconfined(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2109 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
2110 size_t count, loff_t *ppos)
2111 {
2112 char *data;
2113 struct smack_known *skp;
2114 int rc = count;
2115
2116 if (!smack_privileged(CAP_MAC_ADMIN))
2117 return -EPERM;
2118
2119 data = memdup_user_nul(buf, count);
2120 if (IS_ERR(data))
2121 return PTR_ERR(data);
2122
2123 /*
2124 * Clear the smack_unconfined on invalid label errors. This means
2125 * that we can pass a null string to unset the unconfined value.
2126 *
2127 * Importing will also reject a label beginning with '-',
2128 * so "-confine" will also work.
2129 *
2130 * But do so only on invalid label, not on system errors.
2131 */
2132 skp = smk_import_entry(data, count);
2133 if (PTR_ERR(skp) == -EINVAL)
2134 skp = NULL;
2135 else if (IS_ERR(skp)) {
2136 rc = PTR_ERR(skp);
2137 goto freeout;
2138 }
2139
2140 smack_unconfined = skp;
2141
2142 freeout:
2143 kfree(data);
2144 return rc;
2145 }
2146
2147 static const struct file_operations smk_unconfined_ops = {
2148 .read = smk_read_unconfined,
2149 .write = smk_write_unconfined,
2150 .llseek = default_llseek,
2151 };
2152 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */
2153
2154 /**
2155 * smk_read_logging - read() for /smack/logging
2156 * @filp: file pointer, not actually used
2157 * @buf: where to put the result
2158 * @cn: maximum to send along
2159 * @ppos: where to start
2160 *
2161 * Returns number of bytes read or error code, as appropriate
2162 */
smk_read_logging(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2163 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
2164 size_t count, loff_t *ppos)
2165 {
2166 char temp[32];
2167 ssize_t rc;
2168
2169 if (*ppos != 0)
2170 return 0;
2171
2172 sprintf(temp, "%d\n", log_policy);
2173 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2174 return rc;
2175 }
2176
2177 /**
2178 * smk_write_logging - write() for /smack/logging
2179 * @file: file pointer, not actually used
2180 * @buf: where to get the data from
2181 * @count: bytes sent
2182 * @ppos: where to start
2183 *
2184 * Returns number of bytes written or error code, as appropriate
2185 */
smk_write_logging(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2186 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
2187 size_t count, loff_t *ppos)
2188 {
2189 char temp[32];
2190 int i;
2191
2192 if (!smack_privileged(CAP_MAC_ADMIN))
2193 return -EPERM;
2194
2195 if (count >= sizeof(temp) || count == 0)
2196 return -EINVAL;
2197
2198 if (copy_from_user(temp, buf, count) != 0)
2199 return -EFAULT;
2200
2201 temp[count] = '\0';
2202
2203 if (sscanf(temp, "%d", &i) != 1)
2204 return -EINVAL;
2205 if (i < 0 || i > 3)
2206 return -EINVAL;
2207 log_policy = i;
2208 return count;
2209 }
2210
2211
2212
2213 static const struct file_operations smk_logging_ops = {
2214 .read = smk_read_logging,
2215 .write = smk_write_logging,
2216 .llseek = default_llseek,
2217 };
2218
2219 /*
2220 * Seq_file read operations for /smack/load-self
2221 */
2222
load_self_seq_start(struct seq_file * s,loff_t * pos)2223 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
2224 {
2225 struct task_smack *tsp = current_security();
2226
2227 return smk_seq_start(s, pos, &tsp->smk_rules);
2228 }
2229
load_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2230 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2231 {
2232 struct task_smack *tsp = current_security();
2233
2234 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2235 }
2236
load_self_seq_show(struct seq_file * s,void * v)2237 static int load_self_seq_show(struct seq_file *s, void *v)
2238 {
2239 struct list_head *list = v;
2240 struct smack_rule *srp =
2241 list_entry_rcu(list, struct smack_rule, list);
2242
2243 smk_rule_show(s, srp, SMK_LABELLEN);
2244
2245 return 0;
2246 }
2247
2248 static const struct seq_operations load_self_seq_ops = {
2249 .start = load_self_seq_start,
2250 .next = load_self_seq_next,
2251 .show = load_self_seq_show,
2252 .stop = smk_seq_stop,
2253 };
2254
2255
2256 /**
2257 * smk_open_load_self - open() for /smack/load-self2
2258 * @inode: inode structure representing file
2259 * @file: "load" file pointer
2260 *
2261 * For reading, use load_seq_* seq_file reading operations.
2262 */
smk_open_load_self(struct inode * inode,struct file * file)2263 static int smk_open_load_self(struct inode *inode, struct file *file)
2264 {
2265 return seq_open(file, &load_self_seq_ops);
2266 }
2267
2268 /**
2269 * smk_write_load_self - write() for /smack/load-self
2270 * @file: file pointer, not actually used
2271 * @buf: where to get the data from
2272 * @count: bytes sent
2273 * @ppos: where to start - must be 0
2274 *
2275 */
smk_write_load_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2276 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
2277 size_t count, loff_t *ppos)
2278 {
2279 struct task_smack *tsp = current_security();
2280
2281 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2282 &tsp->smk_rules_lock, SMK_FIXED24_FMT);
2283 }
2284
2285 static const struct file_operations smk_load_self_ops = {
2286 .open = smk_open_load_self,
2287 .read = seq_read,
2288 .llseek = seq_lseek,
2289 .write = smk_write_load_self,
2290 .release = seq_release,
2291 };
2292
2293 /**
2294 * smk_user_access - handle access check transaction
2295 * @file: file pointer
2296 * @buf: data from user space
2297 * @count: bytes sent
2298 * @ppos: where to start - must be 0
2299 */
smk_user_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)2300 static ssize_t smk_user_access(struct file *file, const char __user *buf,
2301 size_t count, loff_t *ppos, int format)
2302 {
2303 struct smack_parsed_rule rule;
2304 char *data;
2305 int res;
2306
2307 data = simple_transaction_get(file, buf, count);
2308 if (IS_ERR(data))
2309 return PTR_ERR(data);
2310
2311 if (format == SMK_FIXED24_FMT) {
2312 if (count < SMK_LOADLEN)
2313 return -EINVAL;
2314 res = smk_parse_rule(data, &rule, 0);
2315 } else {
2316 /*
2317 * simple_transaction_get() returns null-terminated data
2318 */
2319 res = smk_parse_long_rule(data, &rule, 0, 3);
2320 }
2321
2322 if (res >= 0)
2323 res = smk_access(rule.smk_subject, rule.smk_object,
2324 rule.smk_access1, NULL);
2325 else if (res != -ENOENT)
2326 return res;
2327
2328 /*
2329 * smk_access() can return a value > 0 in the "bringup" case.
2330 */
2331 data[0] = res >= 0 ? '1' : '0';
2332 data[1] = '\0';
2333
2334 simple_transaction_set(file, 2);
2335
2336 if (format == SMK_FIXED24_FMT)
2337 return SMK_LOADLEN;
2338 return count;
2339 }
2340
2341 /**
2342 * smk_write_access - handle access check transaction
2343 * @file: file pointer
2344 * @buf: data from user space
2345 * @count: bytes sent
2346 * @ppos: where to start - must be 0
2347 */
smk_write_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2348 static ssize_t smk_write_access(struct file *file, const char __user *buf,
2349 size_t count, loff_t *ppos)
2350 {
2351 return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
2352 }
2353
2354 static const struct file_operations smk_access_ops = {
2355 .write = smk_write_access,
2356 .read = simple_transaction_read,
2357 .release = simple_transaction_release,
2358 .llseek = generic_file_llseek,
2359 };
2360
2361
2362 /*
2363 * Seq_file read operations for /smack/load2
2364 */
2365
load2_seq_show(struct seq_file * s,void * v)2366 static int load2_seq_show(struct seq_file *s, void *v)
2367 {
2368 struct list_head *list = v;
2369 struct smack_master_list *smlp =
2370 list_entry_rcu(list, struct smack_master_list, list);
2371
2372 smk_rule_show(s, smlp->smk_rule, SMK_LONGLABEL);
2373
2374 return 0;
2375 }
2376
2377 static const struct seq_operations load2_seq_ops = {
2378 .start = load2_seq_start,
2379 .next = load2_seq_next,
2380 .show = load2_seq_show,
2381 .stop = smk_seq_stop,
2382 };
2383
2384 /**
2385 * smk_open_load2 - open() for /smack/load2
2386 * @inode: inode structure representing file
2387 * @file: "load2" file pointer
2388 *
2389 * For reading, use load2_seq_* seq_file reading operations.
2390 */
smk_open_load2(struct inode * inode,struct file * file)2391 static int smk_open_load2(struct inode *inode, struct file *file)
2392 {
2393 return seq_open(file, &load2_seq_ops);
2394 }
2395
2396 /**
2397 * smk_write_load2 - write() for /smack/load2
2398 * @file: file pointer, not actually used
2399 * @buf: where to get the data from
2400 * @count: bytes sent
2401 * @ppos: where to start - must be 0
2402 *
2403 */
smk_write_load2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2404 static ssize_t smk_write_load2(struct file *file, const char __user *buf,
2405 size_t count, loff_t *ppos)
2406 {
2407 /*
2408 * Must have privilege.
2409 */
2410 if (!smack_privileged(CAP_MAC_ADMIN))
2411 return -EPERM;
2412
2413 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2414 SMK_LONG_FMT);
2415 }
2416
2417 static const struct file_operations smk_load2_ops = {
2418 .open = smk_open_load2,
2419 .read = seq_read,
2420 .llseek = seq_lseek,
2421 .write = smk_write_load2,
2422 .release = seq_release,
2423 };
2424
2425 /*
2426 * Seq_file read operations for /smack/load-self2
2427 */
2428
load_self2_seq_start(struct seq_file * s,loff_t * pos)2429 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
2430 {
2431 struct task_smack *tsp = current_security();
2432
2433 return smk_seq_start(s, pos, &tsp->smk_rules);
2434 }
2435
load_self2_seq_next(struct seq_file * s,void * v,loff_t * pos)2436 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
2437 {
2438 struct task_smack *tsp = current_security();
2439
2440 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2441 }
2442
load_self2_seq_show(struct seq_file * s,void * v)2443 static int load_self2_seq_show(struct seq_file *s, void *v)
2444 {
2445 struct list_head *list = v;
2446 struct smack_rule *srp =
2447 list_entry_rcu(list, struct smack_rule, list);
2448
2449 smk_rule_show(s, srp, SMK_LONGLABEL);
2450
2451 return 0;
2452 }
2453
2454 static const struct seq_operations load_self2_seq_ops = {
2455 .start = load_self2_seq_start,
2456 .next = load_self2_seq_next,
2457 .show = load_self2_seq_show,
2458 .stop = smk_seq_stop,
2459 };
2460
2461 /**
2462 * smk_open_load_self2 - open() for /smack/load-self2
2463 * @inode: inode structure representing file
2464 * @file: "load" file pointer
2465 *
2466 * For reading, use load_seq_* seq_file reading operations.
2467 */
smk_open_load_self2(struct inode * inode,struct file * file)2468 static int smk_open_load_self2(struct inode *inode, struct file *file)
2469 {
2470 return seq_open(file, &load_self2_seq_ops);
2471 }
2472
2473 /**
2474 * smk_write_load_self2 - write() for /smack/load-self2
2475 * @file: file pointer, not actually used
2476 * @buf: where to get the data from
2477 * @count: bytes sent
2478 * @ppos: where to start - must be 0
2479 *
2480 */
smk_write_load_self2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2481 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
2482 size_t count, loff_t *ppos)
2483 {
2484 struct task_smack *tsp = current_security();
2485
2486 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2487 &tsp->smk_rules_lock, SMK_LONG_FMT);
2488 }
2489
2490 static const struct file_operations smk_load_self2_ops = {
2491 .open = smk_open_load_self2,
2492 .read = seq_read,
2493 .llseek = seq_lseek,
2494 .write = smk_write_load_self2,
2495 .release = seq_release,
2496 };
2497
2498 /**
2499 * smk_write_access2 - handle access check transaction
2500 * @file: file pointer
2501 * @buf: data from user space
2502 * @count: bytes sent
2503 * @ppos: where to start - must be 0
2504 */
smk_write_access2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2505 static ssize_t smk_write_access2(struct file *file, const char __user *buf,
2506 size_t count, loff_t *ppos)
2507 {
2508 return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
2509 }
2510
2511 static const struct file_operations smk_access2_ops = {
2512 .write = smk_write_access2,
2513 .read = simple_transaction_read,
2514 .release = simple_transaction_release,
2515 .llseek = generic_file_llseek,
2516 };
2517
2518 /**
2519 * smk_write_revoke_subj - write() for /smack/revoke-subject
2520 * @file: file pointer
2521 * @buf: data from user space
2522 * @count: bytes sent
2523 * @ppos: where to start - must be 0
2524 */
smk_write_revoke_subj(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2525 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
2526 size_t count, loff_t *ppos)
2527 {
2528 char *data;
2529 const char *cp;
2530 struct smack_known *skp;
2531 struct smack_rule *sp;
2532 struct list_head *rule_list;
2533 struct mutex *rule_lock;
2534 int rc = count;
2535
2536 if (*ppos != 0)
2537 return -EINVAL;
2538
2539 if (!smack_privileged(CAP_MAC_ADMIN))
2540 return -EPERM;
2541
2542 if (count == 0 || count > SMK_LONGLABEL)
2543 return -EINVAL;
2544
2545 data = memdup_user(buf, count);
2546 if (IS_ERR(data))
2547 return PTR_ERR(data);
2548
2549 cp = smk_parse_smack(data, count);
2550 if (IS_ERR(cp)) {
2551 rc = PTR_ERR(cp);
2552 goto out_data;
2553 }
2554
2555 skp = smk_find_entry(cp);
2556 if (skp == NULL)
2557 goto out_cp;
2558
2559 rule_list = &skp->smk_rules;
2560 rule_lock = &skp->smk_rules_lock;
2561
2562 mutex_lock(rule_lock);
2563
2564 list_for_each_entry_rcu(sp, rule_list, list)
2565 sp->smk_access = 0;
2566
2567 mutex_unlock(rule_lock);
2568
2569 out_cp:
2570 kfree(cp);
2571 out_data:
2572 kfree(data);
2573
2574 return rc;
2575 }
2576
2577 static const struct file_operations smk_revoke_subj_ops = {
2578 .write = smk_write_revoke_subj,
2579 .read = simple_transaction_read,
2580 .release = simple_transaction_release,
2581 .llseek = generic_file_llseek,
2582 };
2583
2584 /**
2585 * smk_init_sysfs - initialize /sys/fs/smackfs
2586 *
2587 */
smk_init_sysfs(void)2588 static int smk_init_sysfs(void)
2589 {
2590 return sysfs_create_mount_point(fs_kobj, "smackfs");
2591 }
2592
2593 /**
2594 * smk_write_change_rule - write() for /smack/change-rule
2595 * @file: file pointer
2596 * @buf: data from user space
2597 * @count: bytes sent
2598 * @ppos: where to start - must be 0
2599 */
smk_write_change_rule(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2600 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
2601 size_t count, loff_t *ppos)
2602 {
2603 /*
2604 * Must have privilege.
2605 */
2606 if (!smack_privileged(CAP_MAC_ADMIN))
2607 return -EPERM;
2608
2609 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2610 SMK_CHANGE_FMT);
2611 }
2612
2613 static const struct file_operations smk_change_rule_ops = {
2614 .write = smk_write_change_rule,
2615 .read = simple_transaction_read,
2616 .release = simple_transaction_release,
2617 .llseek = generic_file_llseek,
2618 };
2619
2620 /**
2621 * smk_read_syslog - read() for smackfs/syslog
2622 * @filp: file pointer, not actually used
2623 * @buf: where to put the result
2624 * @cn: maximum to send along
2625 * @ppos: where to start
2626 *
2627 * Returns number of bytes read or error code, as appropriate
2628 */
smk_read_syslog(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2629 static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
2630 size_t cn, loff_t *ppos)
2631 {
2632 struct smack_known *skp;
2633 ssize_t rc = -EINVAL;
2634 int asize;
2635
2636 if (*ppos != 0)
2637 return 0;
2638
2639 if (smack_syslog_label == NULL)
2640 skp = &smack_known_star;
2641 else
2642 skp = smack_syslog_label;
2643
2644 asize = strlen(skp->smk_known) + 1;
2645
2646 if (cn >= asize)
2647 rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
2648 asize);
2649
2650 return rc;
2651 }
2652
2653 /**
2654 * smk_write_syslog - write() for smackfs/syslog
2655 * @file: file pointer, not actually used
2656 * @buf: where to get the data from
2657 * @count: bytes sent
2658 * @ppos: where to start
2659 *
2660 * Returns number of bytes written or error code, as appropriate
2661 */
smk_write_syslog(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2662 static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
2663 size_t count, loff_t *ppos)
2664 {
2665 char *data;
2666 struct smack_known *skp;
2667 int rc = count;
2668
2669 if (!smack_privileged(CAP_MAC_ADMIN))
2670 return -EPERM;
2671
2672 data = memdup_user_nul(buf, count);
2673 if (IS_ERR(data))
2674 return PTR_ERR(data);
2675
2676 skp = smk_import_entry(data, count);
2677 if (IS_ERR(skp))
2678 rc = PTR_ERR(skp);
2679 else
2680 smack_syslog_label = skp;
2681
2682 kfree(data);
2683 return rc;
2684 }
2685
2686 static const struct file_operations smk_syslog_ops = {
2687 .read = smk_read_syslog,
2688 .write = smk_write_syslog,
2689 .llseek = default_llseek,
2690 };
2691
2692 /*
2693 * Seq_file read operations for /smack/relabel-self
2694 */
2695
relabel_self_seq_start(struct seq_file * s,loff_t * pos)2696 static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos)
2697 {
2698 struct task_smack *tsp = current_security();
2699
2700 return smk_seq_start(s, pos, &tsp->smk_relabel);
2701 }
2702
relabel_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2703 static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2704 {
2705 struct task_smack *tsp = current_security();
2706
2707 return smk_seq_next(s, v, pos, &tsp->smk_relabel);
2708 }
2709
relabel_self_seq_show(struct seq_file * s,void * v)2710 static int relabel_self_seq_show(struct seq_file *s, void *v)
2711 {
2712 struct list_head *list = v;
2713 struct smack_known_list_elem *sklep =
2714 list_entry(list, struct smack_known_list_elem, list);
2715
2716 seq_puts(s, sklep->smk_label->smk_known);
2717 seq_putc(s, ' ');
2718
2719 return 0;
2720 }
2721
2722 static const struct seq_operations relabel_self_seq_ops = {
2723 .start = relabel_self_seq_start,
2724 .next = relabel_self_seq_next,
2725 .show = relabel_self_seq_show,
2726 .stop = smk_seq_stop,
2727 };
2728
2729 /**
2730 * smk_open_relabel_self - open() for /smack/relabel-self
2731 * @inode: inode structure representing file
2732 * @file: "relabel-self" file pointer
2733 *
2734 * Connect our relabel_self_seq_* operations with /smack/relabel-self
2735 * file_operations
2736 */
smk_open_relabel_self(struct inode * inode,struct file * file)2737 static int smk_open_relabel_self(struct inode *inode, struct file *file)
2738 {
2739 return seq_open(file, &relabel_self_seq_ops);
2740 }
2741
2742 /**
2743 * smk_write_relabel_self - write() for /smack/relabel-self
2744 * @file: file pointer, not actually used
2745 * @buf: where to get the data from
2746 * @count: bytes sent
2747 * @ppos: where to start - must be 0
2748 *
2749 */
smk_write_relabel_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2750 static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
2751 size_t count, loff_t *ppos)
2752 {
2753 char *data;
2754 int rc;
2755 LIST_HEAD(list_tmp);
2756
2757 /*
2758 * Must have privilege.
2759 */
2760 if (!smack_privileged(CAP_MAC_ADMIN))
2761 return -EPERM;
2762
2763 /*
2764 * Enough data must be present.
2765 */
2766 if (*ppos != 0)
2767 return -EINVAL;
2768
2769 data = memdup_user_nul(buf, count);
2770 if (IS_ERR(data))
2771 return PTR_ERR(data);
2772
2773 rc = smk_parse_label_list(data, &list_tmp);
2774 kfree(data);
2775
2776 if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2777 struct cred *new;
2778 struct task_smack *tsp;
2779
2780 new = prepare_creds();
2781 if (!new) {
2782 rc = -ENOMEM;
2783 goto out;
2784 }
2785 tsp = new->security;
2786 smk_destroy_label_list(&tsp->smk_relabel);
2787 list_splice(&list_tmp, &tsp->smk_relabel);
2788 commit_creds(new);
2789 return count;
2790 }
2791 out:
2792 smk_destroy_label_list(&list_tmp);
2793 return rc;
2794 }
2795
2796 static const struct file_operations smk_relabel_self_ops = {
2797 .open = smk_open_relabel_self,
2798 .read = seq_read,
2799 .llseek = seq_lseek,
2800 .write = smk_write_relabel_self,
2801 .release = seq_release,
2802 };
2803
2804 /**
2805 * smk_read_ptrace - read() for /smack/ptrace
2806 * @filp: file pointer, not actually used
2807 * @buf: where to put the result
2808 * @count: maximum to send along
2809 * @ppos: where to start
2810 *
2811 * Returns number of bytes read or error code, as appropriate
2812 */
smk_read_ptrace(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2813 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf,
2814 size_t count, loff_t *ppos)
2815 {
2816 char temp[32];
2817 ssize_t rc;
2818
2819 if (*ppos != 0)
2820 return 0;
2821
2822 sprintf(temp, "%d\n", smack_ptrace_rule);
2823 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2824 return rc;
2825 }
2826
2827 /**
2828 * smk_write_ptrace - write() for /smack/ptrace
2829 * @file: file pointer
2830 * @buf: data from user space
2831 * @count: bytes sent
2832 * @ppos: where to start - must be 0
2833 */
smk_write_ptrace(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2834 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf,
2835 size_t count, loff_t *ppos)
2836 {
2837 char temp[32];
2838 int i;
2839
2840 if (!smack_privileged(CAP_MAC_ADMIN))
2841 return -EPERM;
2842
2843 if (*ppos != 0 || count >= sizeof(temp) || count == 0)
2844 return -EINVAL;
2845
2846 if (copy_from_user(temp, buf, count) != 0)
2847 return -EFAULT;
2848
2849 temp[count] = '\0';
2850
2851 if (sscanf(temp, "%d", &i) != 1)
2852 return -EINVAL;
2853 if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX)
2854 return -EINVAL;
2855 smack_ptrace_rule = i;
2856
2857 return count;
2858 }
2859
2860 static const struct file_operations smk_ptrace_ops = {
2861 .write = smk_write_ptrace,
2862 .read = smk_read_ptrace,
2863 .llseek = default_llseek,
2864 };
2865
2866 /**
2867 * smk_fill_super - fill the smackfs superblock
2868 * @sb: the empty superblock
2869 * @data: unused
2870 * @silent: unused
2871 *
2872 * Fill in the well known entries for the smack filesystem
2873 *
2874 * Returns 0 on success, an error code on failure
2875 */
smk_fill_super(struct super_block * sb,void * data,int silent)2876 static int smk_fill_super(struct super_block *sb, void *data, int silent)
2877 {
2878 int rc;
2879 struct inode *root_inode;
2880
2881 static const struct tree_descr smack_files[] = {
2882 [SMK_LOAD] = {
2883 "load", &smk_load_ops, S_IRUGO|S_IWUSR},
2884 [SMK_CIPSO] = {
2885 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2886 [SMK_DOI] = {
2887 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2888 [SMK_DIRECT] = {
2889 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2890 [SMK_AMBIENT] = {
2891 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2892 [SMK_NET4ADDR] = {
2893 "netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR},
2894 [SMK_ONLYCAP] = {
2895 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2896 [SMK_LOGGING] = {
2897 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2898 [SMK_LOAD_SELF] = {
2899 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2900 [SMK_ACCESSES] = {
2901 "access", &smk_access_ops, S_IRUGO|S_IWUGO},
2902 [SMK_MAPPED] = {
2903 "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2904 [SMK_LOAD2] = {
2905 "load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2906 [SMK_LOAD_SELF2] = {
2907 "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2908 [SMK_ACCESS2] = {
2909 "access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2910 [SMK_CIPSO2] = {
2911 "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2912 [SMK_REVOKE_SUBJ] = {
2913 "revoke-subject", &smk_revoke_subj_ops,
2914 S_IRUGO|S_IWUSR},
2915 [SMK_CHANGE_RULE] = {
2916 "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
2917 [SMK_SYSLOG] = {
2918 "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
2919 [SMK_PTRACE] = {
2920 "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
2921 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2922 [SMK_UNCONFINED] = {
2923 "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
2924 #endif
2925 #if IS_ENABLED(CONFIG_IPV6)
2926 [SMK_NET6ADDR] = {
2927 "ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR},
2928 #endif /* CONFIG_IPV6 */
2929 [SMK_RELABEL_SELF] = {
2930 "relabel-self", &smk_relabel_self_ops,
2931 S_IRUGO|S_IWUGO},
2932 /* last one */
2933 {""}
2934 };
2935
2936 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2937 if (rc != 0) {
2938 printk(KERN_ERR "%s failed %d while creating inodes\n",
2939 __func__, rc);
2940 return rc;
2941 }
2942
2943 root_inode = d_inode(sb->s_root);
2944
2945 return 0;
2946 }
2947
2948 /**
2949 * smk_mount - get the smackfs superblock
2950 * @fs_type: passed along without comment
2951 * @flags: passed along without comment
2952 * @dev_name: passed along without comment
2953 * @data: passed along without comment
2954 *
2955 * Just passes everything along.
2956 *
2957 * Returns what the lower level code does.
2958 */
smk_mount(struct file_system_type * fs_type,int flags,const char * dev_name,void * data)2959 static struct dentry *smk_mount(struct file_system_type *fs_type,
2960 int flags, const char *dev_name, void *data)
2961 {
2962 return mount_single(fs_type, flags, data, smk_fill_super);
2963 }
2964
2965 static struct file_system_type smk_fs_type = {
2966 .name = "smackfs",
2967 .mount = smk_mount,
2968 .kill_sb = kill_litter_super,
2969 };
2970
2971 static struct vfsmount *smackfs_mount;
2972
smk_preset_netlabel(struct smack_known * skp)2973 static int __init smk_preset_netlabel(struct smack_known *skp)
2974 {
2975 skp->smk_netlabel.domain = skp->smk_known;
2976 skp->smk_netlabel.flags =
2977 NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
2978 return smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
2979 &skp->smk_netlabel, strlen(skp->smk_known));
2980 }
2981
2982 /**
2983 * init_smk_fs - get the smackfs superblock
2984 *
2985 * register the smackfs
2986 *
2987 * Do not register smackfs if Smack wasn't enabled
2988 * on boot. We can not put this method normally under the
2989 * smack_init() code path since the security subsystem get
2990 * initialized before the vfs caches.
2991 *
2992 * Returns true if we were not chosen on boot or if
2993 * we were chosen and filesystem registration succeeded.
2994 */
init_smk_fs(void)2995 static int __init init_smk_fs(void)
2996 {
2997 int err;
2998 int rc;
2999
3000 if (smack_enabled == 0)
3001 return 0;
3002
3003 err = smk_init_sysfs();
3004 if (err)
3005 printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
3006
3007 err = register_filesystem(&smk_fs_type);
3008 if (!err) {
3009 smackfs_mount = kern_mount(&smk_fs_type);
3010 if (IS_ERR(smackfs_mount)) {
3011 printk(KERN_ERR "smackfs: could not mount!\n");
3012 err = PTR_ERR(smackfs_mount);
3013 smackfs_mount = NULL;
3014 }
3015 }
3016
3017 smk_cipso_doi();
3018 smk_unlbl_ambient(NULL);
3019
3020 rc = smk_preset_netlabel(&smack_known_floor);
3021 if (err == 0 && rc < 0)
3022 err = rc;
3023 rc = smk_preset_netlabel(&smack_known_hat);
3024 if (err == 0 && rc < 0)
3025 err = rc;
3026 rc = smk_preset_netlabel(&smack_known_huh);
3027 if (err == 0 && rc < 0)
3028 err = rc;
3029 rc = smk_preset_netlabel(&smack_known_star);
3030 if (err == 0 && rc < 0)
3031 err = rc;
3032 rc = smk_preset_netlabel(&smack_known_web);
3033 if (err == 0 && rc < 0)
3034 err = rc;
3035
3036 return err;
3037 }
3038
3039 __initcall(init_smk_fs);
3040