1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
4 *
5 * Authors:
6 * Casey Schaufler <casey@schaufler-ca.com>
7 * Ahmed S. Darwish <darwish.07@gmail.com>
8 *
9 * Special thanks to the authors of selinuxfs.
10 *
11 * Karl MacMillan <kmacmillan@tresys.com>
12 * James Morris <jmorris@redhat.com>
13 */
14
15 #include <linux/kernel.h>
16 #include <linux/vmalloc.h>
17 #include <linux/security.h>
18 #include <linux/mutex.h>
19 #include <linux/slab.h>
20 #include <net/net_namespace.h>
21 #include <net/cipso_ipv4.h>
22 #include <linux/seq_file.h>
23 #include <linux/ctype.h>
24 #include <linux/audit.h>
25 #include <linux/magic.h>
26 #include <linux/fs_context.h>
27 #include "smack.h"
28
29 #define BEBITS (sizeof(__be32) * 8)
30 /*
31 * smackfs pseudo filesystem.
32 */
33
34 enum smk_inos {
35 SMK_ROOT_INO = 2,
36 SMK_LOAD = 3, /* load policy */
37 SMK_CIPSO = 4, /* load label -> CIPSO mapping */
38 SMK_DOI = 5, /* CIPSO DOI */
39 SMK_DIRECT = 6, /* CIPSO level indicating direct label */
40 SMK_AMBIENT = 7, /* internet ambient label */
41 SMK_NET4ADDR = 8, /* single label hosts */
42 SMK_ONLYCAP = 9, /* the only "capable" label */
43 SMK_LOGGING = 10, /* logging */
44 SMK_LOAD_SELF = 11, /* task specific rules */
45 SMK_ACCESSES = 12, /* access policy */
46 SMK_MAPPED = 13, /* CIPSO level indicating mapped label */
47 SMK_LOAD2 = 14, /* load policy with long labels */
48 SMK_LOAD_SELF2 = 15, /* load task specific rules with long labels */
49 SMK_ACCESS2 = 16, /* make an access check with long labels */
50 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */
51 SMK_REVOKE_SUBJ = 18, /* set rules with subject label to '-' */
52 SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */
53 SMK_SYSLOG = 20, /* change syslog label) */
54 SMK_PTRACE = 21, /* set ptrace rule */
55 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
56 SMK_UNCONFINED = 22, /* define an unconfined label */
57 #endif
58 #if IS_ENABLED(CONFIG_IPV6)
59 SMK_NET6ADDR = 23, /* single label IPv6 hosts */
60 #endif /* CONFIG_IPV6 */
61 SMK_RELABEL_SELF = 24, /* relabel possible without CAP_MAC_ADMIN */
62 };
63
64 /*
65 * List locks
66 */
67 static DEFINE_MUTEX(smack_cipso_lock);
68 static DEFINE_MUTEX(smack_ambient_lock);
69 static DEFINE_MUTEX(smk_net4addr_lock);
70 #if IS_ENABLED(CONFIG_IPV6)
71 static DEFINE_MUTEX(smk_net6addr_lock);
72 #endif /* CONFIG_IPV6 */
73
74 /*
75 * This is the "ambient" label for network traffic.
76 * If it isn't somehow marked, use this.
77 * It can be reset via smackfs/ambient
78 */
79 struct smack_known *smack_net_ambient;
80
81 /*
82 * This is the level in a CIPSO header that indicates a
83 * smack label is contained directly in the category set.
84 * It can be reset via smackfs/direct
85 */
86 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
87
88 /*
89 * This is the level in a CIPSO header that indicates a
90 * secid is contained directly in the category set.
91 * It can be reset via smackfs/mapped
92 */
93 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
94
95 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
96 /*
97 * Allow one label to be unconfined. This is for
98 * debugging and application bring-up purposes only.
99 * It is bad and wrong, but everyone seems to expect
100 * to have it.
101 */
102 struct smack_known *smack_unconfined;
103 #endif
104
105 /*
106 * If this value is set restrict syslog use to the label specified.
107 * It can be reset via smackfs/syslog
108 */
109 struct smack_known *smack_syslog_label;
110
111 /*
112 * Ptrace current rule
113 * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based)
114 * SMACK_PTRACE_EXACT labels must match, but can be overriden with
115 * CAP_SYS_PTRACE
116 * SMACK_PTRACE_DRACONIAN lables must match, CAP_SYS_PTRACE has no effect
117 */
118 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
119
120 /*
121 * Certain IP addresses may be designated as single label hosts.
122 * Packets are sent there unlabeled, but only from tasks that
123 * can write to the specified label.
124 */
125
126 LIST_HEAD(smk_net4addr_list);
127 #if IS_ENABLED(CONFIG_IPV6)
128 LIST_HEAD(smk_net6addr_list);
129 #endif /* CONFIG_IPV6 */
130
131 /*
132 * Rule lists are maintained for each label.
133 */
134 struct smack_parsed_rule {
135 struct smack_known *smk_subject;
136 struct smack_known *smk_object;
137 int smk_access1;
138 int smk_access2;
139 };
140
141 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
142
143 /*
144 * Values for parsing cipso rules
145 * SMK_DIGITLEN: Length of a digit field in a rule.
146 * SMK_CIPSOMIN: Minimum possible cipso rule length.
147 * SMK_CIPSOMAX: Maximum possible cipso rule length.
148 */
149 #define SMK_DIGITLEN 4
150 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
151 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
152
153 /*
154 * Values for parsing MAC rules
155 * SMK_ACCESS: Maximum possible combination of access permissions
156 * SMK_ACCESSLEN: Maximum length for a rule access field
157 * SMK_LOADLEN: Smack rule length
158 */
159 #define SMK_OACCESS "rwxa"
160 #define SMK_ACCESS "rwxatl"
161 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1)
162 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
163 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
164 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
165
166 /*
167 * Stricly for CIPSO level manipulation.
168 * Set the category bit number in a smack label sized buffer.
169 */
smack_catset_bit(unsigned int cat,char * catsetp)170 static inline void smack_catset_bit(unsigned int cat, char *catsetp)
171 {
172 if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
173 return;
174
175 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
176 }
177
178 /**
179 * smk_netlabel_audit_set - fill a netlbl_audit struct
180 * @nap: structure to fill
181 */
smk_netlabel_audit_set(struct netlbl_audit * nap)182 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
183 {
184 struct smack_known *skp = smk_of_current();
185
186 nap->loginuid = audit_get_loginuid(current);
187 nap->sessionid = audit_get_sessionid(current);
188 nap->secid = skp->smk_secid;
189 }
190
191 /*
192 * Value for parsing single label host rules
193 * "1.2.3.4 X"
194 */
195 #define SMK_NETLBLADDRMIN 9
196
197 /**
198 * smk_set_access - add a rule to the rule list or replace an old rule
199 * @srp: the rule to add or replace
200 * @rule_list: the list of rules
201 * @rule_lock: the rule list lock
202 *
203 * Looks through the current subject/object/access list for
204 * the subject/object pair and replaces the access that was
205 * there. If the pair isn't found add it with the specified
206 * access.
207 *
208 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
209 * during the allocation of the new pair to add.
210 */
smk_set_access(struct smack_parsed_rule * srp,struct list_head * rule_list,struct mutex * rule_lock)211 static int smk_set_access(struct smack_parsed_rule *srp,
212 struct list_head *rule_list,
213 struct mutex *rule_lock)
214 {
215 struct smack_rule *sp;
216 int found = 0;
217 int rc = 0;
218
219 mutex_lock(rule_lock);
220
221 /*
222 * Because the object label is less likely to match
223 * than the subject label check it first
224 */
225 list_for_each_entry_rcu(sp, rule_list, list) {
226 if (sp->smk_object == srp->smk_object &&
227 sp->smk_subject == srp->smk_subject) {
228 found = 1;
229 sp->smk_access |= srp->smk_access1;
230 sp->smk_access &= ~srp->smk_access2;
231 break;
232 }
233 }
234
235 if (found == 0) {
236 sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
237 if (sp == NULL) {
238 rc = -ENOMEM;
239 goto out;
240 }
241
242 sp->smk_subject = srp->smk_subject;
243 sp->smk_object = srp->smk_object;
244 sp->smk_access = srp->smk_access1 & ~srp->smk_access2;
245
246 list_add_rcu(&sp->list, rule_list);
247 }
248
249 out:
250 mutex_unlock(rule_lock);
251 return rc;
252 }
253
254 /**
255 * smk_perm_from_str - parse smack accesses from a text string
256 * @string: a text string that contains a Smack accesses code
257 *
258 * Returns an integer with respective bits set for specified accesses.
259 */
smk_perm_from_str(const char * string)260 static int smk_perm_from_str(const char *string)
261 {
262 int perm = 0;
263 const char *cp;
264
265 for (cp = string; ; cp++)
266 switch (*cp) {
267 case '-':
268 break;
269 case 'r':
270 case 'R':
271 perm |= MAY_READ;
272 break;
273 case 'w':
274 case 'W':
275 perm |= MAY_WRITE;
276 break;
277 case 'x':
278 case 'X':
279 perm |= MAY_EXEC;
280 break;
281 case 'a':
282 case 'A':
283 perm |= MAY_APPEND;
284 break;
285 case 't':
286 case 'T':
287 perm |= MAY_TRANSMUTE;
288 break;
289 case 'l':
290 case 'L':
291 perm |= MAY_LOCK;
292 break;
293 case 'b':
294 case 'B':
295 perm |= MAY_BRINGUP;
296 break;
297 default:
298 return perm;
299 }
300 }
301
302 /**
303 * smk_fill_rule - Fill Smack rule from strings
304 * @subject: subject label string
305 * @object: object label string
306 * @access1: access string
307 * @access2: string with permissions to be removed
308 * @rule: Smack rule
309 * @import: if non-zero, import labels
310 * @len: label length limit
311 *
312 * Returns 0 on success, appropriate error code on failure.
313 */
smk_fill_rule(const char * subject,const char * object,const char * access1,const char * access2,struct smack_parsed_rule * rule,int import,int len)314 static int smk_fill_rule(const char *subject, const char *object,
315 const char *access1, const char *access2,
316 struct smack_parsed_rule *rule, int import,
317 int len)
318 {
319 const char *cp;
320 struct smack_known *skp;
321
322 if (import) {
323 rule->smk_subject = smk_import_entry(subject, len);
324 if (IS_ERR(rule->smk_subject))
325 return PTR_ERR(rule->smk_subject);
326
327 rule->smk_object = smk_import_entry(object, len);
328 if (IS_ERR(rule->smk_object))
329 return PTR_ERR(rule->smk_object);
330 } else {
331 cp = smk_parse_smack(subject, len);
332 if (IS_ERR(cp))
333 return PTR_ERR(cp);
334 skp = smk_find_entry(cp);
335 kfree(cp);
336 if (skp == NULL)
337 return -ENOENT;
338 rule->smk_subject = skp;
339
340 cp = smk_parse_smack(object, len);
341 if (IS_ERR(cp))
342 return PTR_ERR(cp);
343 skp = smk_find_entry(cp);
344 kfree(cp);
345 if (skp == NULL)
346 return -ENOENT;
347 rule->smk_object = skp;
348 }
349
350 rule->smk_access1 = smk_perm_from_str(access1);
351 if (access2)
352 rule->smk_access2 = smk_perm_from_str(access2);
353 else
354 rule->smk_access2 = ~rule->smk_access1;
355
356 return 0;
357 }
358
359 /**
360 * smk_parse_rule - parse Smack rule from load string
361 * @data: string to be parsed whose size is SMK_LOADLEN
362 * @rule: Smack rule
363 * @import: if non-zero, import labels
364 *
365 * Returns 0 on success, -1 on errors.
366 */
smk_parse_rule(const char * data,struct smack_parsed_rule * rule,int import)367 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
368 int import)
369 {
370 int rc;
371
372 rc = smk_fill_rule(data, data + SMK_LABELLEN,
373 data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule,
374 import, SMK_LABELLEN);
375 return rc;
376 }
377
378 /**
379 * smk_parse_long_rule - parse Smack rule from rule string
380 * @data: string to be parsed, null terminated
381 * @rule: Will be filled with Smack parsed rule
382 * @import: if non-zero, import labels
383 * @tokens: numer of substrings expected in data
384 *
385 * Returns number of processed bytes on success, -ERRNO on failure.
386 */
smk_parse_long_rule(char * data,struct smack_parsed_rule * rule,int import,int tokens)387 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
388 int import, int tokens)
389 {
390 ssize_t cnt = 0;
391 char *tok[4];
392 int rc;
393 int i;
394
395 /*
396 * Parsing the rule in-place, filling all white-spaces with '\0'
397 */
398 for (i = 0; i < tokens; ++i) {
399 while (isspace(data[cnt]))
400 data[cnt++] = '\0';
401
402 if (data[cnt] == '\0')
403 /* Unexpected end of data */
404 return -EINVAL;
405
406 tok[i] = data + cnt;
407
408 while (data[cnt] && !isspace(data[cnt]))
409 ++cnt;
410 }
411 while (isspace(data[cnt]))
412 data[cnt++] = '\0';
413
414 while (i < 4)
415 tok[i++] = NULL;
416
417 rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
418 return rc == 0 ? cnt : rc;
419 }
420
421 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */
422 #define SMK_LONG_FMT 1 /* Variable long label format */
423 #define SMK_CHANGE_FMT 2 /* Rule modification format */
424 /**
425 * smk_write_rules_list - write() for any /smack rule file
426 * @file: file pointer, not actually used
427 * @buf: where to get the data from
428 * @count: bytes sent
429 * @ppos: where to start - must be 0
430 * @rule_list: the list of rules to write to
431 * @rule_lock: lock for the rule list
432 * @format: /smack/load or /smack/load2 or /smack/change-rule format.
433 *
434 * Get one smack access rule from above.
435 * The format for SMK_LONG_FMT is:
436 * "subject<whitespace>object<whitespace>access[<whitespace>...]"
437 * The format for SMK_FIXED24_FMT is exactly:
438 * "subject object rwxat"
439 * The format for SMK_CHANGE_FMT is:
440 * "subject<whitespace>object<whitespace>
441 * acc_enable<whitespace>acc_disable[<whitespace>...]"
442 */
smk_write_rules_list(struct file * file,const char __user * buf,size_t count,loff_t * ppos,struct list_head * rule_list,struct mutex * rule_lock,int format)443 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
444 size_t count, loff_t *ppos,
445 struct list_head *rule_list,
446 struct mutex *rule_lock, int format)
447 {
448 struct smack_parsed_rule rule;
449 char *data;
450 int rc;
451 int trunc = 0;
452 int tokens;
453 ssize_t cnt = 0;
454
455 /*
456 * No partial writes.
457 * Enough data must be present.
458 */
459 if (*ppos != 0)
460 return -EINVAL;
461
462 if (format == SMK_FIXED24_FMT) {
463 /*
464 * Minor hack for backward compatibility
465 */
466 if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
467 return -EINVAL;
468 } else {
469 if (count >= PAGE_SIZE) {
470 count = PAGE_SIZE - 1;
471 trunc = 1;
472 }
473 }
474
475 data = memdup_user_nul(buf, count);
476 if (IS_ERR(data))
477 return PTR_ERR(data);
478
479 /*
480 * In case of parsing only part of user buf,
481 * avoid having partial rule at the data buffer
482 */
483 if (trunc) {
484 while (count > 0 && (data[count - 1] != '\n'))
485 --count;
486 if (count == 0) {
487 rc = -EINVAL;
488 goto out;
489 }
490 }
491
492 data[count] = '\0';
493 tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
494 while (cnt < count) {
495 if (format == SMK_FIXED24_FMT) {
496 rc = smk_parse_rule(data, &rule, 1);
497 if (rc < 0)
498 goto out;
499 cnt = count;
500 } else {
501 rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
502 if (rc < 0)
503 goto out;
504 if (rc == 0) {
505 rc = -EINVAL;
506 goto out;
507 }
508 cnt += rc;
509 }
510
511 if (rule_list == NULL)
512 rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
513 &rule.smk_subject->smk_rules_lock);
514 else
515 rc = smk_set_access(&rule, rule_list, rule_lock);
516
517 if (rc)
518 goto out;
519 }
520
521 rc = cnt;
522 out:
523 kfree(data);
524 return rc;
525 }
526
527 /*
528 * Core logic for smackfs seq list operations.
529 */
530
smk_seq_start(struct seq_file * s,loff_t * pos,struct list_head * head)531 static void *smk_seq_start(struct seq_file *s, loff_t *pos,
532 struct list_head *head)
533 {
534 struct list_head *list;
535 int i = *pos;
536
537 rcu_read_lock();
538 for (list = rcu_dereference(list_next_rcu(head));
539 list != head;
540 list = rcu_dereference(list_next_rcu(list))) {
541 if (i-- == 0)
542 return list;
543 }
544
545 return NULL;
546 }
547
smk_seq_next(struct seq_file * s,void * v,loff_t * pos,struct list_head * head)548 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
549 struct list_head *head)
550 {
551 struct list_head *list = v;
552
553 ++*pos;
554 list = rcu_dereference(list_next_rcu(list));
555
556 return (list == head) ? NULL : list;
557 }
558
smk_seq_stop(struct seq_file * s,void * v)559 static void smk_seq_stop(struct seq_file *s, void *v)
560 {
561 rcu_read_unlock();
562 }
563
smk_rule_show(struct seq_file * s,struct smack_rule * srp,int max)564 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
565 {
566 /*
567 * Don't show any rules with label names too long for
568 * interface file (/smack/load or /smack/load2)
569 * because you should expect to be able to write
570 * anything you read back.
571 */
572 if (strlen(srp->smk_subject->smk_known) >= max ||
573 strlen(srp->smk_object->smk_known) >= max)
574 return;
575
576 if (srp->smk_access == 0)
577 return;
578
579 seq_printf(s, "%s %s",
580 srp->smk_subject->smk_known,
581 srp->smk_object->smk_known);
582
583 seq_putc(s, ' ');
584
585 if (srp->smk_access & MAY_READ)
586 seq_putc(s, 'r');
587 if (srp->smk_access & MAY_WRITE)
588 seq_putc(s, 'w');
589 if (srp->smk_access & MAY_EXEC)
590 seq_putc(s, 'x');
591 if (srp->smk_access & MAY_APPEND)
592 seq_putc(s, 'a');
593 if (srp->smk_access & MAY_TRANSMUTE)
594 seq_putc(s, 't');
595 if (srp->smk_access & MAY_LOCK)
596 seq_putc(s, 'l');
597 if (srp->smk_access & MAY_BRINGUP)
598 seq_putc(s, 'b');
599
600 seq_putc(s, '\n');
601 }
602
603 /*
604 * Seq_file read operations for /smack/load
605 */
606
load2_seq_start(struct seq_file * s,loff_t * pos)607 static void *load2_seq_start(struct seq_file *s, loff_t *pos)
608 {
609 return smk_seq_start(s, pos, &smack_known_list);
610 }
611
load2_seq_next(struct seq_file * s,void * v,loff_t * pos)612 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
613 {
614 return smk_seq_next(s, v, pos, &smack_known_list);
615 }
616
load_seq_show(struct seq_file * s,void * v)617 static int load_seq_show(struct seq_file *s, void *v)
618 {
619 struct list_head *list = v;
620 struct smack_rule *srp;
621 struct smack_known *skp =
622 list_entry_rcu(list, struct smack_known, list);
623
624 list_for_each_entry_rcu(srp, &skp->smk_rules, list)
625 smk_rule_show(s, srp, SMK_LABELLEN);
626
627 return 0;
628 }
629
630 static const struct seq_operations load_seq_ops = {
631 .start = load2_seq_start,
632 .next = load2_seq_next,
633 .show = load_seq_show,
634 .stop = smk_seq_stop,
635 };
636
637 /**
638 * smk_open_load - open() for /smack/load
639 * @inode: inode structure representing file
640 * @file: "load" file pointer
641 *
642 * For reading, use load_seq_* seq_file reading operations.
643 */
smk_open_load(struct inode * inode,struct file * file)644 static int smk_open_load(struct inode *inode, struct file *file)
645 {
646 return seq_open(file, &load_seq_ops);
647 }
648
649 /**
650 * smk_write_load - write() for /smack/load
651 * @file: file pointer, not actually used
652 * @buf: where to get the data from
653 * @count: bytes sent
654 * @ppos: where to start - must be 0
655 *
656 */
smk_write_load(struct file * file,const char __user * buf,size_t count,loff_t * ppos)657 static ssize_t smk_write_load(struct file *file, const char __user *buf,
658 size_t count, loff_t *ppos)
659 {
660 /*
661 * Must have privilege.
662 * No partial writes.
663 * Enough data must be present.
664 */
665 if (!smack_privileged(CAP_MAC_ADMIN))
666 return -EPERM;
667
668 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
669 SMK_FIXED24_FMT);
670 }
671
672 static const struct file_operations smk_load_ops = {
673 .open = smk_open_load,
674 .read = seq_read,
675 .llseek = seq_lseek,
676 .write = smk_write_load,
677 .release = seq_release,
678 };
679
680 /**
681 * smk_cipso_doi - initialize the CIPSO domain
682 */
smk_cipso_doi(void)683 static void smk_cipso_doi(void)
684 {
685 int rc;
686 struct cipso_v4_doi *doip;
687 struct netlbl_audit nai;
688
689 smk_netlabel_audit_set(&nai);
690
691 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
692 if (rc != 0)
693 printk(KERN_WARNING "%s:%d remove rc = %d\n",
694 __func__, __LINE__, rc);
695
696 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
697 if (doip == NULL)
698 panic("smack: Failed to initialize cipso DOI.\n");
699 doip->map.std = NULL;
700 doip->doi = smk_cipso_doi_value;
701 doip->type = CIPSO_V4_MAP_PASS;
702 doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
703 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
704 doip->tags[rc] = CIPSO_V4_TAG_INVALID;
705
706 rc = netlbl_cfg_cipsov4_add(doip, &nai);
707 if (rc != 0) {
708 printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
709 __func__, __LINE__, rc);
710 kfree(doip);
711 return;
712 }
713 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
714 if (rc != 0) {
715 printk(KERN_WARNING "%s:%d map add rc = %d\n",
716 __func__, __LINE__, rc);
717 kfree(doip);
718 return;
719 }
720 }
721
722 /**
723 * smk_unlbl_ambient - initialize the unlabeled domain
724 * @oldambient: previous domain string
725 */
smk_unlbl_ambient(char * oldambient)726 static void smk_unlbl_ambient(char *oldambient)
727 {
728 int rc;
729 struct netlbl_audit nai;
730
731 smk_netlabel_audit_set(&nai);
732
733 if (oldambient != NULL) {
734 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
735 if (rc != 0)
736 printk(KERN_WARNING "%s:%d remove rc = %d\n",
737 __func__, __LINE__, rc);
738 }
739 if (smack_net_ambient == NULL)
740 smack_net_ambient = &smack_known_floor;
741
742 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
743 NULL, NULL, &nai);
744 if (rc != 0)
745 printk(KERN_WARNING "%s:%d add rc = %d\n",
746 __func__, __LINE__, rc);
747 }
748
749 /*
750 * Seq_file read operations for /smack/cipso
751 */
752
cipso_seq_start(struct seq_file * s,loff_t * pos)753 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
754 {
755 return smk_seq_start(s, pos, &smack_known_list);
756 }
757
cipso_seq_next(struct seq_file * s,void * v,loff_t * pos)758 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
759 {
760 return smk_seq_next(s, v, pos, &smack_known_list);
761 }
762
763 /*
764 * Print cipso labels in format:
765 * label level[/cat[,cat]]
766 */
cipso_seq_show(struct seq_file * s,void * v)767 static int cipso_seq_show(struct seq_file *s, void *v)
768 {
769 struct list_head *list = v;
770 struct smack_known *skp =
771 list_entry_rcu(list, struct smack_known, list);
772 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
773 char sep = '/';
774 int i;
775
776 /*
777 * Don't show a label that could not have been set using
778 * /smack/cipso. This is in support of the notion that
779 * anything read from /smack/cipso ought to be writeable
780 * to /smack/cipso.
781 *
782 * /smack/cipso2 should be used instead.
783 */
784 if (strlen(skp->smk_known) >= SMK_LABELLEN)
785 return 0;
786
787 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
788
789 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
790 i = netlbl_catmap_walk(cmp, i + 1)) {
791 seq_printf(s, "%c%d", sep, i);
792 sep = ',';
793 }
794
795 seq_putc(s, '\n');
796
797 return 0;
798 }
799
800 static const struct seq_operations cipso_seq_ops = {
801 .start = cipso_seq_start,
802 .next = cipso_seq_next,
803 .show = cipso_seq_show,
804 .stop = smk_seq_stop,
805 };
806
807 /**
808 * smk_open_cipso - open() for /smack/cipso
809 * @inode: inode structure representing file
810 * @file: "cipso" file pointer
811 *
812 * Connect our cipso_seq_* operations with /smack/cipso
813 * file_operations
814 */
smk_open_cipso(struct inode * inode,struct file * file)815 static int smk_open_cipso(struct inode *inode, struct file *file)
816 {
817 return seq_open(file, &cipso_seq_ops);
818 }
819
820 /**
821 * smk_set_cipso - do the work for write() for cipso and cipso2
822 * @file: file pointer, not actually used
823 * @buf: where to get the data from
824 * @count: bytes sent
825 * @ppos: where to start
826 * @format: /smack/cipso or /smack/cipso2
827 *
828 * Accepts only one cipso rule per write call.
829 * Returns number of bytes written or error code, as appropriate
830 */
smk_set_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)831 static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
832 size_t count, loff_t *ppos, int format)
833 {
834 struct smack_known *skp;
835 struct netlbl_lsm_secattr ncats;
836 char mapcatset[SMK_CIPSOLEN];
837 int maplevel;
838 unsigned int cat;
839 int catlen;
840 ssize_t rc = -EINVAL;
841 char *data = NULL;
842 char *rule;
843 int ret;
844 int i;
845
846 /*
847 * Must have privilege.
848 * No partial writes.
849 * Enough data must be present.
850 */
851 if (!smack_privileged(CAP_MAC_ADMIN))
852 return -EPERM;
853 if (*ppos != 0)
854 return -EINVAL;
855 if (format == SMK_FIXED24_FMT &&
856 (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
857 return -EINVAL;
858 if (count > PAGE_SIZE)
859 return -EINVAL;
860
861 data = memdup_user_nul(buf, count);
862 if (IS_ERR(data))
863 return PTR_ERR(data);
864
865 rule = data;
866 /*
867 * Only allow one writer at a time. Writes should be
868 * quite rare and small in any case.
869 */
870 mutex_lock(&smack_cipso_lock);
871
872 skp = smk_import_entry(rule, 0);
873 if (IS_ERR(skp)) {
874 rc = PTR_ERR(skp);
875 goto out;
876 }
877
878 if (format == SMK_FIXED24_FMT)
879 rule += SMK_LABELLEN;
880 else
881 rule += strlen(skp->smk_known) + 1;
882
883 if (rule > data + count) {
884 rc = -EOVERFLOW;
885 goto out;
886 }
887
888 ret = sscanf(rule, "%d", &maplevel);
889 if (ret != 1 || maplevel < 0 || maplevel > SMACK_CIPSO_MAXLEVEL)
890 goto out;
891
892 rule += SMK_DIGITLEN;
893 if (rule > data + count) {
894 rc = -EOVERFLOW;
895 goto out;
896 }
897
898 ret = sscanf(rule, "%d", &catlen);
899 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
900 goto out;
901
902 if (format == SMK_FIXED24_FMT &&
903 count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
904 goto out;
905
906 memset(mapcatset, 0, sizeof(mapcatset));
907
908 for (i = 0; i < catlen; i++) {
909 rule += SMK_DIGITLEN;
910 if (rule > data + count) {
911 rc = -EOVERFLOW;
912 goto out;
913 }
914 ret = sscanf(rule, "%u", &cat);
915 if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
916 goto out;
917
918 smack_catset_bit(cat, mapcatset);
919 }
920
921 rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
922 if (rc >= 0) {
923 netlbl_catmap_free(skp->smk_netlabel.attr.mls.cat);
924 skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat;
925 skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
926 rc = count;
927 /*
928 * This mapping may have been cached, so clear the cache.
929 */
930 netlbl_cache_invalidate();
931 }
932
933 out:
934 mutex_unlock(&smack_cipso_lock);
935 kfree(data);
936 return rc;
937 }
938
939 /**
940 * smk_write_cipso - write() for /smack/cipso
941 * @file: file pointer, not actually used
942 * @buf: where to get the data from
943 * @count: bytes sent
944 * @ppos: where to start
945 *
946 * Accepts only one cipso rule per write call.
947 * Returns number of bytes written or error code, as appropriate
948 */
smk_write_cipso(struct file * file,const char __user * buf,size_t count,loff_t * ppos)949 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
950 size_t count, loff_t *ppos)
951 {
952 return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
953 }
954
955 static const struct file_operations smk_cipso_ops = {
956 .open = smk_open_cipso,
957 .read = seq_read,
958 .llseek = seq_lseek,
959 .write = smk_write_cipso,
960 .release = seq_release,
961 };
962
963 /*
964 * Seq_file read operations for /smack/cipso2
965 */
966
967 /*
968 * Print cipso labels in format:
969 * label level[/cat[,cat]]
970 */
cipso2_seq_show(struct seq_file * s,void * v)971 static int cipso2_seq_show(struct seq_file *s, void *v)
972 {
973 struct list_head *list = v;
974 struct smack_known *skp =
975 list_entry_rcu(list, struct smack_known, list);
976 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
977 char sep = '/';
978 int i;
979
980 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
981
982 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
983 i = netlbl_catmap_walk(cmp, i + 1)) {
984 seq_printf(s, "%c%d", sep, i);
985 sep = ',';
986 }
987
988 seq_putc(s, '\n');
989
990 return 0;
991 }
992
993 static const struct seq_operations cipso2_seq_ops = {
994 .start = cipso_seq_start,
995 .next = cipso_seq_next,
996 .show = cipso2_seq_show,
997 .stop = smk_seq_stop,
998 };
999
1000 /**
1001 * smk_open_cipso2 - open() for /smack/cipso2
1002 * @inode: inode structure representing file
1003 * @file: "cipso2" file pointer
1004 *
1005 * Connect our cipso_seq_* operations with /smack/cipso2
1006 * file_operations
1007 */
smk_open_cipso2(struct inode * inode,struct file * file)1008 static int smk_open_cipso2(struct inode *inode, struct file *file)
1009 {
1010 return seq_open(file, &cipso2_seq_ops);
1011 }
1012
1013 /**
1014 * smk_write_cipso2 - write() for /smack/cipso2
1015 * @file: file pointer, not actually used
1016 * @buf: where to get the data from
1017 * @count: bytes sent
1018 * @ppos: where to start
1019 *
1020 * Accepts only one cipso rule per write call.
1021 * Returns number of bytes written or error code, as appropriate
1022 */
smk_write_cipso2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1023 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
1024 size_t count, loff_t *ppos)
1025 {
1026 return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
1027 }
1028
1029 static const struct file_operations smk_cipso2_ops = {
1030 .open = smk_open_cipso2,
1031 .read = seq_read,
1032 .llseek = seq_lseek,
1033 .write = smk_write_cipso2,
1034 .release = seq_release,
1035 };
1036
1037 /*
1038 * Seq_file read operations for /smack/netlabel
1039 */
1040
net4addr_seq_start(struct seq_file * s,loff_t * pos)1041 static void *net4addr_seq_start(struct seq_file *s, loff_t *pos)
1042 {
1043 return smk_seq_start(s, pos, &smk_net4addr_list);
1044 }
1045
net4addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1046 static void *net4addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1047 {
1048 return smk_seq_next(s, v, pos, &smk_net4addr_list);
1049 }
1050
1051 /*
1052 * Print host/label pairs
1053 */
net4addr_seq_show(struct seq_file * s,void * v)1054 static int net4addr_seq_show(struct seq_file *s, void *v)
1055 {
1056 struct list_head *list = v;
1057 struct smk_net4addr *skp =
1058 list_entry_rcu(list, struct smk_net4addr, list);
1059 char *kp = SMACK_CIPSO_OPTION;
1060
1061 if (skp->smk_label != NULL)
1062 kp = skp->smk_label->smk_known;
1063 seq_printf(s, "%pI4/%d %s\n", &skp->smk_host.s_addr,
1064 skp->smk_masks, kp);
1065
1066 return 0;
1067 }
1068
1069 static const struct seq_operations net4addr_seq_ops = {
1070 .start = net4addr_seq_start,
1071 .next = net4addr_seq_next,
1072 .show = net4addr_seq_show,
1073 .stop = smk_seq_stop,
1074 };
1075
1076 /**
1077 * smk_open_net4addr - open() for /smack/netlabel
1078 * @inode: inode structure representing file
1079 * @file: "netlabel" file pointer
1080 *
1081 * Connect our net4addr_seq_* operations with /smack/netlabel
1082 * file_operations
1083 */
smk_open_net4addr(struct inode * inode,struct file * file)1084 static int smk_open_net4addr(struct inode *inode, struct file *file)
1085 {
1086 return seq_open(file, &net4addr_seq_ops);
1087 }
1088
1089 /**
1090 * smk_net4addr_insert
1091 * @new : netlabel to insert
1092 *
1093 * This helper insert netlabel in the smack_net4addrs list
1094 * sorted by netmask length (longest to smallest)
1095 * locked by &smk_net4addr_lock in smk_write_net4addr
1096 *
1097 */
smk_net4addr_insert(struct smk_net4addr * new)1098 static void smk_net4addr_insert(struct smk_net4addr *new)
1099 {
1100 struct smk_net4addr *m;
1101 struct smk_net4addr *m_next;
1102
1103 if (list_empty(&smk_net4addr_list)) {
1104 list_add_rcu(&new->list, &smk_net4addr_list);
1105 return;
1106 }
1107
1108 m = list_entry_rcu(smk_net4addr_list.next,
1109 struct smk_net4addr, list);
1110
1111 /* the comparison '>' is a bit hacky, but works */
1112 if (new->smk_masks > m->smk_masks) {
1113 list_add_rcu(&new->list, &smk_net4addr_list);
1114 return;
1115 }
1116
1117 list_for_each_entry_rcu(m, &smk_net4addr_list, list) {
1118 if (list_is_last(&m->list, &smk_net4addr_list)) {
1119 list_add_rcu(&new->list, &m->list);
1120 return;
1121 }
1122 m_next = list_entry_rcu(m->list.next,
1123 struct smk_net4addr, list);
1124 if (new->smk_masks > m_next->smk_masks) {
1125 list_add_rcu(&new->list, &m->list);
1126 return;
1127 }
1128 }
1129 }
1130
1131
1132 /**
1133 * smk_write_net4addr - write() for /smack/netlabel
1134 * @file: file pointer, not actually used
1135 * @buf: where to get the data from
1136 * @count: bytes sent
1137 * @ppos: where to start
1138 *
1139 * Accepts only one net4addr per write call.
1140 * Returns number of bytes written or error code, as appropriate
1141 */
smk_write_net4addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1142 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
1143 size_t count, loff_t *ppos)
1144 {
1145 struct smk_net4addr *snp;
1146 struct sockaddr_in newname;
1147 char *smack;
1148 struct smack_known *skp = NULL;
1149 char *data;
1150 char *host = (char *)&newname.sin_addr.s_addr;
1151 int rc;
1152 struct netlbl_audit audit_info;
1153 struct in_addr mask;
1154 unsigned int m;
1155 unsigned int masks;
1156 int found;
1157 u32 mask_bits = (1<<31);
1158 __be32 nsa;
1159 u32 temp_mask;
1160
1161 /*
1162 * Must have privilege.
1163 * No partial writes.
1164 * Enough data must be present.
1165 * "<addr/mask, as a.b.c.d/e><space><label>"
1166 * "<addr, as a.b.c.d><space><label>"
1167 */
1168 if (!smack_privileged(CAP_MAC_ADMIN))
1169 return -EPERM;
1170 if (*ppos != 0)
1171 return -EINVAL;
1172 if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1173 return -EINVAL;
1174
1175 data = memdup_user_nul(buf, count);
1176 if (IS_ERR(data))
1177 return PTR_ERR(data);
1178
1179 smack = kzalloc(count + 1, GFP_KERNEL);
1180 if (smack == NULL) {
1181 rc = -ENOMEM;
1182 goto free_data_out;
1183 }
1184
1185 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
1186 &host[0], &host[1], &host[2], &host[3], &masks, smack);
1187 if (rc != 6) {
1188 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1189 &host[0], &host[1], &host[2], &host[3], smack);
1190 if (rc != 5) {
1191 rc = -EINVAL;
1192 goto free_out;
1193 }
1194 m = BEBITS;
1195 masks = 32;
1196 }
1197 if (masks > BEBITS) {
1198 rc = -EINVAL;
1199 goto free_out;
1200 }
1201
1202 /*
1203 * If smack begins with '-', it is an option, don't import it
1204 */
1205 if (smack[0] != '-') {
1206 skp = smk_import_entry(smack, 0);
1207 if (IS_ERR(skp)) {
1208 rc = PTR_ERR(skp);
1209 goto free_out;
1210 }
1211 } else {
1212 /*
1213 * Only the -CIPSO option is supported for IPv4
1214 */
1215 if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) {
1216 rc = -EINVAL;
1217 goto free_out;
1218 }
1219 }
1220
1221 for (m = masks, temp_mask = 0; m > 0; m--) {
1222 temp_mask |= mask_bits;
1223 mask_bits >>= 1;
1224 }
1225 mask.s_addr = cpu_to_be32(temp_mask);
1226
1227 newname.sin_addr.s_addr &= mask.s_addr;
1228 /*
1229 * Only allow one writer at a time. Writes should be
1230 * quite rare and small in any case.
1231 */
1232 mutex_lock(&smk_net4addr_lock);
1233
1234 nsa = newname.sin_addr.s_addr;
1235 /* try to find if the prefix is already in the list */
1236 found = 0;
1237 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) {
1238 if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) {
1239 found = 1;
1240 break;
1241 }
1242 }
1243 smk_netlabel_audit_set(&audit_info);
1244
1245 if (found == 0) {
1246 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1247 if (snp == NULL)
1248 rc = -ENOMEM;
1249 else {
1250 rc = 0;
1251 snp->smk_host.s_addr = newname.sin_addr.s_addr;
1252 snp->smk_mask.s_addr = mask.s_addr;
1253 snp->smk_label = skp;
1254 snp->smk_masks = masks;
1255 smk_net4addr_insert(snp);
1256 }
1257 } else {
1258 /*
1259 * Delete the unlabeled entry, only if the previous label
1260 * wasn't the special CIPSO option
1261 */
1262 if (snp->smk_label != NULL)
1263 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1264 &snp->smk_host, &snp->smk_mask,
1265 PF_INET, &audit_info);
1266 else
1267 rc = 0;
1268 snp->smk_label = skp;
1269 }
1270
1271 /*
1272 * Now tell netlabel about the single label nature of
1273 * this host so that incoming packets get labeled.
1274 * but only if we didn't get the special CIPSO option
1275 */
1276 if (rc == 0 && skp != NULL)
1277 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1278 &snp->smk_host, &snp->smk_mask, PF_INET,
1279 snp->smk_label->smk_secid, &audit_info);
1280
1281 if (rc == 0)
1282 rc = count;
1283
1284 mutex_unlock(&smk_net4addr_lock);
1285
1286 free_out:
1287 kfree(smack);
1288 free_data_out:
1289 kfree(data);
1290
1291 return rc;
1292 }
1293
1294 static const struct file_operations smk_net4addr_ops = {
1295 .open = smk_open_net4addr,
1296 .read = seq_read,
1297 .llseek = seq_lseek,
1298 .write = smk_write_net4addr,
1299 .release = seq_release,
1300 };
1301
1302 #if IS_ENABLED(CONFIG_IPV6)
1303 /*
1304 * Seq_file read operations for /smack/netlabel6
1305 */
1306
net6addr_seq_start(struct seq_file * s,loff_t * pos)1307 static void *net6addr_seq_start(struct seq_file *s, loff_t *pos)
1308 {
1309 return smk_seq_start(s, pos, &smk_net6addr_list);
1310 }
1311
net6addr_seq_next(struct seq_file * s,void * v,loff_t * pos)1312 static void *net6addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1313 {
1314 return smk_seq_next(s, v, pos, &smk_net6addr_list);
1315 }
1316
1317 /*
1318 * Print host/label pairs
1319 */
net6addr_seq_show(struct seq_file * s,void * v)1320 static int net6addr_seq_show(struct seq_file *s, void *v)
1321 {
1322 struct list_head *list = v;
1323 struct smk_net6addr *skp =
1324 list_entry(list, struct smk_net6addr, list);
1325
1326 if (skp->smk_label != NULL)
1327 seq_printf(s, "%pI6/%d %s\n", &skp->smk_host, skp->smk_masks,
1328 skp->smk_label->smk_known);
1329
1330 return 0;
1331 }
1332
1333 static const struct seq_operations net6addr_seq_ops = {
1334 .start = net6addr_seq_start,
1335 .next = net6addr_seq_next,
1336 .show = net6addr_seq_show,
1337 .stop = smk_seq_stop,
1338 };
1339
1340 /**
1341 * smk_open_net6addr - open() for /smack/netlabel
1342 * @inode: inode structure representing file
1343 * @file: "netlabel" file pointer
1344 *
1345 * Connect our net6addr_seq_* operations with /smack/netlabel
1346 * file_operations
1347 */
smk_open_net6addr(struct inode * inode,struct file * file)1348 static int smk_open_net6addr(struct inode *inode, struct file *file)
1349 {
1350 return seq_open(file, &net6addr_seq_ops);
1351 }
1352
1353 /**
1354 * smk_net6addr_insert
1355 * @new : entry to insert
1356 *
1357 * This inserts an entry in the smack_net6addrs list
1358 * sorted by netmask length (longest to smallest)
1359 * locked by &smk_net6addr_lock in smk_write_net6addr
1360 *
1361 */
smk_net6addr_insert(struct smk_net6addr * new)1362 static void smk_net6addr_insert(struct smk_net6addr *new)
1363 {
1364 struct smk_net6addr *m_next;
1365 struct smk_net6addr *m;
1366
1367 if (list_empty(&smk_net6addr_list)) {
1368 list_add_rcu(&new->list, &smk_net6addr_list);
1369 return;
1370 }
1371
1372 m = list_entry_rcu(smk_net6addr_list.next,
1373 struct smk_net6addr, list);
1374
1375 if (new->smk_masks > m->smk_masks) {
1376 list_add_rcu(&new->list, &smk_net6addr_list);
1377 return;
1378 }
1379
1380 list_for_each_entry_rcu(m, &smk_net6addr_list, list) {
1381 if (list_is_last(&m->list, &smk_net6addr_list)) {
1382 list_add_rcu(&new->list, &m->list);
1383 return;
1384 }
1385 m_next = list_entry_rcu(m->list.next,
1386 struct smk_net6addr, list);
1387 if (new->smk_masks > m_next->smk_masks) {
1388 list_add_rcu(&new->list, &m->list);
1389 return;
1390 }
1391 }
1392 }
1393
1394
1395 /**
1396 * smk_write_net6addr - write() for /smack/netlabel
1397 * @file: file pointer, not actually used
1398 * @buf: where to get the data from
1399 * @count: bytes sent
1400 * @ppos: where to start
1401 *
1402 * Accepts only one net6addr per write call.
1403 * Returns number of bytes written or error code, as appropriate
1404 */
smk_write_net6addr(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1405 static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
1406 size_t count, loff_t *ppos)
1407 {
1408 struct smk_net6addr *snp;
1409 struct in6_addr newname;
1410 struct in6_addr fullmask;
1411 struct smack_known *skp = NULL;
1412 char *smack;
1413 char *data;
1414 int rc = 0;
1415 int found = 0;
1416 int i;
1417 unsigned int scanned[8];
1418 unsigned int m;
1419 unsigned int mask = 128;
1420
1421 /*
1422 * Must have privilege.
1423 * No partial writes.
1424 * Enough data must be present.
1425 * "<addr/mask, as a:b:c:d:e:f:g:h/e><space><label>"
1426 * "<addr, as a:b:c:d:e:f:g:h><space><label>"
1427 */
1428 if (!smack_privileged(CAP_MAC_ADMIN))
1429 return -EPERM;
1430 if (*ppos != 0)
1431 return -EINVAL;
1432 if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1433 return -EINVAL;
1434
1435 data = memdup_user_nul(buf, count);
1436 if (IS_ERR(data))
1437 return PTR_ERR(data);
1438
1439 smack = kzalloc(count + 1, GFP_KERNEL);
1440 if (smack == NULL) {
1441 rc = -ENOMEM;
1442 goto free_data_out;
1443 }
1444
1445 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
1446 &scanned[0], &scanned[1], &scanned[2], &scanned[3],
1447 &scanned[4], &scanned[5], &scanned[6], &scanned[7],
1448 &mask, smack);
1449 if (i != 10) {
1450 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
1451 &scanned[0], &scanned[1], &scanned[2],
1452 &scanned[3], &scanned[4], &scanned[5],
1453 &scanned[6], &scanned[7], smack);
1454 if (i != 9) {
1455 rc = -EINVAL;
1456 goto free_out;
1457 }
1458 }
1459 if (mask > 128) {
1460 rc = -EINVAL;
1461 goto free_out;
1462 }
1463 for (i = 0; i < 8; i++) {
1464 if (scanned[i] > 0xffff) {
1465 rc = -EINVAL;
1466 goto free_out;
1467 }
1468 newname.s6_addr16[i] = htons(scanned[i]);
1469 }
1470
1471 /*
1472 * If smack begins with '-', it is an option, don't import it
1473 */
1474 if (smack[0] != '-') {
1475 skp = smk_import_entry(smack, 0);
1476 if (IS_ERR(skp)) {
1477 rc = PTR_ERR(skp);
1478 goto free_out;
1479 }
1480 } else {
1481 /*
1482 * Only -DELETE is supported for IPv6
1483 */
1484 if (strcmp(smack, SMACK_DELETE_OPTION) != 0) {
1485 rc = -EINVAL;
1486 goto free_out;
1487 }
1488 }
1489
1490 for (i = 0, m = mask; i < 8; i++) {
1491 if (m >= 16) {
1492 fullmask.s6_addr16[i] = 0xffff;
1493 m -= 16;
1494 } else if (m > 0) {
1495 fullmask.s6_addr16[i] = (1 << m) - 1;
1496 m = 0;
1497 } else
1498 fullmask.s6_addr16[i] = 0;
1499 newname.s6_addr16[i] &= fullmask.s6_addr16[i];
1500 }
1501
1502 /*
1503 * Only allow one writer at a time. Writes should be
1504 * quite rare and small in any case.
1505 */
1506 mutex_lock(&smk_net6addr_lock);
1507 /*
1508 * Try to find the prefix in the list
1509 */
1510 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
1511 if (mask != snp->smk_masks)
1512 continue;
1513 for (found = 1, i = 0; i < 8; i++) {
1514 if (newname.s6_addr16[i] !=
1515 snp->smk_host.s6_addr16[i]) {
1516 found = 0;
1517 break;
1518 }
1519 }
1520 if (found == 1)
1521 break;
1522 }
1523 if (found == 0) {
1524 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1525 if (snp == NULL)
1526 rc = -ENOMEM;
1527 else {
1528 snp->smk_host = newname;
1529 snp->smk_mask = fullmask;
1530 snp->smk_masks = mask;
1531 snp->smk_label = skp;
1532 smk_net6addr_insert(snp);
1533 }
1534 } else {
1535 snp->smk_label = skp;
1536 }
1537
1538 if (rc == 0)
1539 rc = count;
1540
1541 mutex_unlock(&smk_net6addr_lock);
1542
1543 free_out:
1544 kfree(smack);
1545 free_data_out:
1546 kfree(data);
1547
1548 return rc;
1549 }
1550
1551 static const struct file_operations smk_net6addr_ops = {
1552 .open = smk_open_net6addr,
1553 .read = seq_read,
1554 .llseek = seq_lseek,
1555 .write = smk_write_net6addr,
1556 .release = seq_release,
1557 };
1558 #endif /* CONFIG_IPV6 */
1559
1560 /**
1561 * smk_read_doi - read() for /smack/doi
1562 * @filp: file pointer, not actually used
1563 * @buf: where to put the result
1564 * @count: maximum to send along
1565 * @ppos: where to start
1566 *
1567 * Returns number of bytes read or error code, as appropriate
1568 */
smk_read_doi(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1569 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1570 size_t count, loff_t *ppos)
1571 {
1572 char temp[80];
1573 ssize_t rc;
1574
1575 if (*ppos != 0)
1576 return 0;
1577
1578 sprintf(temp, "%d", smk_cipso_doi_value);
1579 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1580
1581 return rc;
1582 }
1583
1584 /**
1585 * smk_write_doi - write() for /smack/doi
1586 * @file: file pointer, not actually used
1587 * @buf: where to get the data from
1588 * @count: bytes sent
1589 * @ppos: where to start
1590 *
1591 * Returns number of bytes written or error code, as appropriate
1592 */
smk_write_doi(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1593 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1594 size_t count, loff_t *ppos)
1595 {
1596 char temp[80];
1597 int i;
1598
1599 if (!smack_privileged(CAP_MAC_ADMIN))
1600 return -EPERM;
1601
1602 if (count >= sizeof(temp) || count == 0)
1603 return -EINVAL;
1604
1605 if (copy_from_user(temp, buf, count) != 0)
1606 return -EFAULT;
1607
1608 temp[count] = '\0';
1609
1610 if (sscanf(temp, "%d", &i) != 1)
1611 return -EINVAL;
1612
1613 smk_cipso_doi_value = i;
1614
1615 smk_cipso_doi();
1616
1617 return count;
1618 }
1619
1620 static const struct file_operations smk_doi_ops = {
1621 .read = smk_read_doi,
1622 .write = smk_write_doi,
1623 .llseek = default_llseek,
1624 };
1625
1626 /**
1627 * smk_read_direct - read() for /smack/direct
1628 * @filp: file pointer, not actually used
1629 * @buf: where to put the result
1630 * @count: maximum to send along
1631 * @ppos: where to start
1632 *
1633 * Returns number of bytes read or error code, as appropriate
1634 */
smk_read_direct(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1635 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1636 size_t count, loff_t *ppos)
1637 {
1638 char temp[80];
1639 ssize_t rc;
1640
1641 if (*ppos != 0)
1642 return 0;
1643
1644 sprintf(temp, "%d", smack_cipso_direct);
1645 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1646
1647 return rc;
1648 }
1649
1650 /**
1651 * smk_write_direct - write() for /smack/direct
1652 * @file: file pointer, not actually used
1653 * @buf: where to get the data from
1654 * @count: bytes sent
1655 * @ppos: where to start
1656 *
1657 * Returns number of bytes written or error code, as appropriate
1658 */
smk_write_direct(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1659 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1660 size_t count, loff_t *ppos)
1661 {
1662 struct smack_known *skp;
1663 char temp[80];
1664 int i;
1665
1666 if (!smack_privileged(CAP_MAC_ADMIN))
1667 return -EPERM;
1668
1669 if (count >= sizeof(temp) || count == 0)
1670 return -EINVAL;
1671
1672 if (copy_from_user(temp, buf, count) != 0)
1673 return -EFAULT;
1674
1675 temp[count] = '\0';
1676
1677 if (sscanf(temp, "%d", &i) != 1)
1678 return -EINVAL;
1679
1680 /*
1681 * Don't do anything if the value hasn't actually changed.
1682 * If it is changing reset the level on entries that were
1683 * set up to be direct when they were created.
1684 */
1685 if (smack_cipso_direct != i) {
1686 mutex_lock(&smack_known_lock);
1687 list_for_each_entry_rcu(skp, &smack_known_list, list)
1688 if (skp->smk_netlabel.attr.mls.lvl ==
1689 smack_cipso_direct)
1690 skp->smk_netlabel.attr.mls.lvl = i;
1691 smack_cipso_direct = i;
1692 mutex_unlock(&smack_known_lock);
1693 }
1694
1695 return count;
1696 }
1697
1698 static const struct file_operations smk_direct_ops = {
1699 .read = smk_read_direct,
1700 .write = smk_write_direct,
1701 .llseek = default_llseek,
1702 };
1703
1704 /**
1705 * smk_read_mapped - read() for /smack/mapped
1706 * @filp: file pointer, not actually used
1707 * @buf: where to put the result
1708 * @count: maximum to send along
1709 * @ppos: where to start
1710 *
1711 * Returns number of bytes read or error code, as appropriate
1712 */
smk_read_mapped(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1713 static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1714 size_t count, loff_t *ppos)
1715 {
1716 char temp[80];
1717 ssize_t rc;
1718
1719 if (*ppos != 0)
1720 return 0;
1721
1722 sprintf(temp, "%d", smack_cipso_mapped);
1723 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1724
1725 return rc;
1726 }
1727
1728 /**
1729 * smk_write_mapped - write() for /smack/mapped
1730 * @file: file pointer, not actually used
1731 * @buf: where to get the data from
1732 * @count: bytes sent
1733 * @ppos: where to start
1734 *
1735 * Returns number of bytes written or error code, as appropriate
1736 */
smk_write_mapped(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1737 static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1738 size_t count, loff_t *ppos)
1739 {
1740 struct smack_known *skp;
1741 char temp[80];
1742 int i;
1743
1744 if (!smack_privileged(CAP_MAC_ADMIN))
1745 return -EPERM;
1746
1747 if (count >= sizeof(temp) || count == 0)
1748 return -EINVAL;
1749
1750 if (copy_from_user(temp, buf, count) != 0)
1751 return -EFAULT;
1752
1753 temp[count] = '\0';
1754
1755 if (sscanf(temp, "%d", &i) != 1)
1756 return -EINVAL;
1757
1758 /*
1759 * Don't do anything if the value hasn't actually changed.
1760 * If it is changing reset the level on entries that were
1761 * set up to be mapped when they were created.
1762 */
1763 if (smack_cipso_mapped != i) {
1764 mutex_lock(&smack_known_lock);
1765 list_for_each_entry_rcu(skp, &smack_known_list, list)
1766 if (skp->smk_netlabel.attr.mls.lvl ==
1767 smack_cipso_mapped)
1768 skp->smk_netlabel.attr.mls.lvl = i;
1769 smack_cipso_mapped = i;
1770 mutex_unlock(&smack_known_lock);
1771 }
1772
1773 return count;
1774 }
1775
1776 static const struct file_operations smk_mapped_ops = {
1777 .read = smk_read_mapped,
1778 .write = smk_write_mapped,
1779 .llseek = default_llseek,
1780 };
1781
1782 /**
1783 * smk_read_ambient - read() for /smack/ambient
1784 * @filp: file pointer, not actually used
1785 * @buf: where to put the result
1786 * @cn: maximum to send along
1787 * @ppos: where to start
1788 *
1789 * Returns number of bytes read or error code, as appropriate
1790 */
smk_read_ambient(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)1791 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1792 size_t cn, loff_t *ppos)
1793 {
1794 ssize_t rc;
1795 int asize;
1796
1797 if (*ppos != 0)
1798 return 0;
1799 /*
1800 * Being careful to avoid a problem in the case where
1801 * smack_net_ambient gets changed in midstream.
1802 */
1803 mutex_lock(&smack_ambient_lock);
1804
1805 asize = strlen(smack_net_ambient->smk_known) + 1;
1806
1807 if (cn >= asize)
1808 rc = simple_read_from_buffer(buf, cn, ppos,
1809 smack_net_ambient->smk_known,
1810 asize);
1811 else
1812 rc = -EINVAL;
1813
1814 mutex_unlock(&smack_ambient_lock);
1815
1816 return rc;
1817 }
1818
1819 /**
1820 * smk_write_ambient - write() for /smack/ambient
1821 * @file: file pointer, not actually used
1822 * @buf: where to get the data from
1823 * @count: bytes sent
1824 * @ppos: where to start
1825 *
1826 * Returns number of bytes written or error code, as appropriate
1827 */
smk_write_ambient(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1828 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1829 size_t count, loff_t *ppos)
1830 {
1831 struct smack_known *skp;
1832 char *oldambient;
1833 char *data;
1834 int rc = count;
1835
1836 if (!smack_privileged(CAP_MAC_ADMIN))
1837 return -EPERM;
1838
1839 /* Enough data must be present */
1840 if (count == 0 || count > PAGE_SIZE)
1841 return -EINVAL;
1842
1843 data = memdup_user_nul(buf, count);
1844 if (IS_ERR(data))
1845 return PTR_ERR(data);
1846
1847 skp = smk_import_entry(data, count);
1848 if (IS_ERR(skp)) {
1849 rc = PTR_ERR(skp);
1850 goto out;
1851 }
1852
1853 mutex_lock(&smack_ambient_lock);
1854
1855 oldambient = smack_net_ambient->smk_known;
1856 smack_net_ambient = skp;
1857 smk_unlbl_ambient(oldambient);
1858
1859 mutex_unlock(&smack_ambient_lock);
1860
1861 out:
1862 kfree(data);
1863 return rc;
1864 }
1865
1866 static const struct file_operations smk_ambient_ops = {
1867 .read = smk_read_ambient,
1868 .write = smk_write_ambient,
1869 .llseek = default_llseek,
1870 };
1871
1872 /*
1873 * Seq_file operations for /smack/onlycap
1874 */
onlycap_seq_start(struct seq_file * s,loff_t * pos)1875 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
1876 {
1877 return smk_seq_start(s, pos, &smack_onlycap_list);
1878 }
1879
onlycap_seq_next(struct seq_file * s,void * v,loff_t * pos)1880 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
1881 {
1882 return smk_seq_next(s, v, pos, &smack_onlycap_list);
1883 }
1884
onlycap_seq_show(struct seq_file * s,void * v)1885 static int onlycap_seq_show(struct seq_file *s, void *v)
1886 {
1887 struct list_head *list = v;
1888 struct smack_known_list_elem *sklep =
1889 list_entry_rcu(list, struct smack_known_list_elem, list);
1890
1891 seq_puts(s, sklep->smk_label->smk_known);
1892 seq_putc(s, ' ');
1893
1894 return 0;
1895 }
1896
1897 static const struct seq_operations onlycap_seq_ops = {
1898 .start = onlycap_seq_start,
1899 .next = onlycap_seq_next,
1900 .show = onlycap_seq_show,
1901 .stop = smk_seq_stop,
1902 };
1903
smk_open_onlycap(struct inode * inode,struct file * file)1904 static int smk_open_onlycap(struct inode *inode, struct file *file)
1905 {
1906 return seq_open(file, &onlycap_seq_ops);
1907 }
1908
1909 /**
1910 * smk_list_swap_rcu - swap public list with a private one in RCU-safe way
1911 * The caller must hold appropriate mutex to prevent concurrent modifications
1912 * to the public list.
1913 * Private list is assumed to be not accessible to other threads yet.
1914 *
1915 * @public: public list
1916 * @private: private list
1917 */
smk_list_swap_rcu(struct list_head * public,struct list_head * private)1918 static void smk_list_swap_rcu(struct list_head *public,
1919 struct list_head *private)
1920 {
1921 struct list_head *first, *last;
1922
1923 if (list_empty(public)) {
1924 list_splice_init_rcu(private, public, synchronize_rcu);
1925 } else {
1926 /* Remember public list before replacing it */
1927 first = public->next;
1928 last = public->prev;
1929
1930 /* Publish private list in place of public in RCU-safe way */
1931 private->prev->next = public;
1932 private->next->prev = public;
1933 rcu_assign_pointer(public->next, private->next);
1934 public->prev = private->prev;
1935
1936 synchronize_rcu();
1937
1938 /* When all readers are done with the old public list,
1939 * attach it in place of private */
1940 private->next = first;
1941 private->prev = last;
1942 first->prev = private;
1943 last->next = private;
1944 }
1945 }
1946
1947 /**
1948 * smk_parse_label_list - parse list of Smack labels, separated by spaces
1949 *
1950 * @data: the string to parse
1951 * @private: destination list
1952 *
1953 * Returns zero on success or error code, as appropriate
1954 */
smk_parse_label_list(char * data,struct list_head * list)1955 static int smk_parse_label_list(char *data, struct list_head *list)
1956 {
1957 char *tok;
1958 struct smack_known *skp;
1959 struct smack_known_list_elem *sklep;
1960
1961 while ((tok = strsep(&data, " ")) != NULL) {
1962 if (!*tok)
1963 continue;
1964
1965 skp = smk_import_entry(tok, 0);
1966 if (IS_ERR(skp))
1967 return PTR_ERR(skp);
1968
1969 sklep = kzalloc(sizeof(*sklep), GFP_KERNEL);
1970 if (sklep == NULL)
1971 return -ENOMEM;
1972
1973 sklep->smk_label = skp;
1974 list_add(&sklep->list, list);
1975 }
1976
1977 return 0;
1978 }
1979
1980 /**
1981 * smk_destroy_label_list - destroy a list of smack_known_list_elem
1982 * @head: header pointer of the list to destroy
1983 */
smk_destroy_label_list(struct list_head * list)1984 void smk_destroy_label_list(struct list_head *list)
1985 {
1986 struct smack_known_list_elem *sklep;
1987 struct smack_known_list_elem *sklep2;
1988
1989 list_for_each_entry_safe(sklep, sklep2, list, list)
1990 kfree(sklep);
1991
1992 INIT_LIST_HEAD(list);
1993 }
1994
1995 /**
1996 * smk_write_onlycap - write() for smackfs/onlycap
1997 * @file: file pointer, not actually used
1998 * @buf: where to get the data from
1999 * @count: bytes sent
2000 * @ppos: where to start
2001 *
2002 * Returns number of bytes written or error code, as appropriate
2003 */
smk_write_onlycap(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2004 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
2005 size_t count, loff_t *ppos)
2006 {
2007 char *data;
2008 LIST_HEAD(list_tmp);
2009 int rc;
2010
2011 if (!smack_privileged(CAP_MAC_ADMIN))
2012 return -EPERM;
2013
2014 if (count > PAGE_SIZE)
2015 return -EINVAL;
2016
2017 data = memdup_user_nul(buf, count);
2018 if (IS_ERR(data))
2019 return PTR_ERR(data);
2020
2021 rc = smk_parse_label_list(data, &list_tmp);
2022 kfree(data);
2023
2024 /*
2025 * Clear the smack_onlycap on invalid label errors. This means
2026 * that we can pass a null string to unset the onlycap value.
2027 *
2028 * Importing will also reject a label beginning with '-',
2029 * so "-usecapabilities" will also work.
2030 *
2031 * But do so only on invalid label, not on system errors.
2032 * The invalid label must be first to count as clearing attempt.
2033 */
2034 if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2035 mutex_lock(&smack_onlycap_lock);
2036 smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
2037 mutex_unlock(&smack_onlycap_lock);
2038 rc = count;
2039 }
2040
2041 smk_destroy_label_list(&list_tmp);
2042
2043 return rc;
2044 }
2045
2046 static const struct file_operations smk_onlycap_ops = {
2047 .open = smk_open_onlycap,
2048 .read = seq_read,
2049 .write = smk_write_onlycap,
2050 .llseek = seq_lseek,
2051 .release = seq_release,
2052 };
2053
2054 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2055 /**
2056 * smk_read_unconfined - read() for smackfs/unconfined
2057 * @filp: file pointer, not actually used
2058 * @buf: where to put the result
2059 * @cn: maximum to send along
2060 * @ppos: where to start
2061 *
2062 * Returns number of bytes read or error code, as appropriate
2063 */
smk_read_unconfined(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2064 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
2065 size_t cn, loff_t *ppos)
2066 {
2067 char *smack = "";
2068 ssize_t rc = -EINVAL;
2069 int asize;
2070
2071 if (*ppos != 0)
2072 return 0;
2073
2074 if (smack_unconfined != NULL)
2075 smack = smack_unconfined->smk_known;
2076
2077 asize = strlen(smack) + 1;
2078
2079 if (cn >= asize)
2080 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
2081
2082 return rc;
2083 }
2084
2085 /**
2086 * smk_write_unconfined - write() for smackfs/unconfined
2087 * @file: file pointer, not actually used
2088 * @buf: where to get the data from
2089 * @count: bytes sent
2090 * @ppos: where to start
2091 *
2092 * Returns number of bytes written or error code, as appropriate
2093 */
smk_write_unconfined(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2094 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
2095 size_t count, loff_t *ppos)
2096 {
2097 char *data;
2098 struct smack_known *skp;
2099 int rc = count;
2100
2101 if (!smack_privileged(CAP_MAC_ADMIN))
2102 return -EPERM;
2103
2104 if (count > PAGE_SIZE)
2105 return -EINVAL;
2106
2107 data = memdup_user_nul(buf, count);
2108 if (IS_ERR(data))
2109 return PTR_ERR(data);
2110
2111 /*
2112 * Clear the smack_unconfined on invalid label errors. This means
2113 * that we can pass a null string to unset the unconfined value.
2114 *
2115 * Importing will also reject a label beginning with '-',
2116 * so "-confine" will also work.
2117 *
2118 * But do so only on invalid label, not on system errors.
2119 */
2120 skp = smk_import_entry(data, count);
2121 if (PTR_ERR(skp) == -EINVAL)
2122 skp = NULL;
2123 else if (IS_ERR(skp)) {
2124 rc = PTR_ERR(skp);
2125 goto freeout;
2126 }
2127
2128 smack_unconfined = skp;
2129
2130 freeout:
2131 kfree(data);
2132 return rc;
2133 }
2134
2135 static const struct file_operations smk_unconfined_ops = {
2136 .read = smk_read_unconfined,
2137 .write = smk_write_unconfined,
2138 .llseek = default_llseek,
2139 };
2140 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */
2141
2142 /**
2143 * smk_read_logging - read() for /smack/logging
2144 * @filp: file pointer, not actually used
2145 * @buf: where to put the result
2146 * @cn: maximum to send along
2147 * @ppos: where to start
2148 *
2149 * Returns number of bytes read or error code, as appropriate
2150 */
smk_read_logging(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2151 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
2152 size_t count, loff_t *ppos)
2153 {
2154 char temp[32];
2155 ssize_t rc;
2156
2157 if (*ppos != 0)
2158 return 0;
2159
2160 sprintf(temp, "%d\n", log_policy);
2161 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2162 return rc;
2163 }
2164
2165 /**
2166 * smk_write_logging - write() for /smack/logging
2167 * @file: file pointer, not actually used
2168 * @buf: where to get the data from
2169 * @count: bytes sent
2170 * @ppos: where to start
2171 *
2172 * Returns number of bytes written or error code, as appropriate
2173 */
smk_write_logging(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2174 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
2175 size_t count, loff_t *ppos)
2176 {
2177 char temp[32];
2178 int i;
2179
2180 if (!smack_privileged(CAP_MAC_ADMIN))
2181 return -EPERM;
2182
2183 if (count >= sizeof(temp) || count == 0)
2184 return -EINVAL;
2185
2186 if (copy_from_user(temp, buf, count) != 0)
2187 return -EFAULT;
2188
2189 temp[count] = '\0';
2190
2191 if (sscanf(temp, "%d", &i) != 1)
2192 return -EINVAL;
2193 if (i < 0 || i > 3)
2194 return -EINVAL;
2195 log_policy = i;
2196 return count;
2197 }
2198
2199
2200
2201 static const struct file_operations smk_logging_ops = {
2202 .read = smk_read_logging,
2203 .write = smk_write_logging,
2204 .llseek = default_llseek,
2205 };
2206
2207 /*
2208 * Seq_file read operations for /smack/load-self
2209 */
2210
load_self_seq_start(struct seq_file * s,loff_t * pos)2211 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
2212 {
2213 struct task_smack *tsp = smack_cred(current_cred());
2214
2215 return smk_seq_start(s, pos, &tsp->smk_rules);
2216 }
2217
load_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2218 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2219 {
2220 struct task_smack *tsp = smack_cred(current_cred());
2221
2222 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2223 }
2224
load_self_seq_show(struct seq_file * s,void * v)2225 static int load_self_seq_show(struct seq_file *s, void *v)
2226 {
2227 struct list_head *list = v;
2228 struct smack_rule *srp =
2229 list_entry_rcu(list, struct smack_rule, list);
2230
2231 smk_rule_show(s, srp, SMK_LABELLEN);
2232
2233 return 0;
2234 }
2235
2236 static const struct seq_operations load_self_seq_ops = {
2237 .start = load_self_seq_start,
2238 .next = load_self_seq_next,
2239 .show = load_self_seq_show,
2240 .stop = smk_seq_stop,
2241 };
2242
2243
2244 /**
2245 * smk_open_load_self - open() for /smack/load-self2
2246 * @inode: inode structure representing file
2247 * @file: "load" file pointer
2248 *
2249 * For reading, use load_seq_* seq_file reading operations.
2250 */
smk_open_load_self(struct inode * inode,struct file * file)2251 static int smk_open_load_self(struct inode *inode, struct file *file)
2252 {
2253 return seq_open(file, &load_self_seq_ops);
2254 }
2255
2256 /**
2257 * smk_write_load_self - write() for /smack/load-self
2258 * @file: file pointer, not actually used
2259 * @buf: where to get the data from
2260 * @count: bytes sent
2261 * @ppos: where to start - must be 0
2262 *
2263 */
smk_write_load_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2264 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
2265 size_t count, loff_t *ppos)
2266 {
2267 struct task_smack *tsp = smack_cred(current_cred());
2268
2269 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2270 &tsp->smk_rules_lock, SMK_FIXED24_FMT);
2271 }
2272
2273 static const struct file_operations smk_load_self_ops = {
2274 .open = smk_open_load_self,
2275 .read = seq_read,
2276 .llseek = seq_lseek,
2277 .write = smk_write_load_self,
2278 .release = seq_release,
2279 };
2280
2281 /**
2282 * smk_user_access - handle access check transaction
2283 * @file: file pointer
2284 * @buf: data from user space
2285 * @count: bytes sent
2286 * @ppos: where to start - must be 0
2287 */
smk_user_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos,int format)2288 static ssize_t smk_user_access(struct file *file, const char __user *buf,
2289 size_t count, loff_t *ppos, int format)
2290 {
2291 struct smack_parsed_rule rule;
2292 char *data;
2293 int res;
2294
2295 data = simple_transaction_get(file, buf, count);
2296 if (IS_ERR(data))
2297 return PTR_ERR(data);
2298
2299 if (format == SMK_FIXED24_FMT) {
2300 if (count < SMK_LOADLEN)
2301 return -EINVAL;
2302 res = smk_parse_rule(data, &rule, 0);
2303 } else {
2304 /*
2305 * simple_transaction_get() returns null-terminated data
2306 */
2307 res = smk_parse_long_rule(data, &rule, 0, 3);
2308 }
2309
2310 if (res >= 0)
2311 res = smk_access(rule.smk_subject, rule.smk_object,
2312 rule.smk_access1, NULL);
2313 else if (res != -ENOENT)
2314 return res;
2315
2316 /*
2317 * smk_access() can return a value > 0 in the "bringup" case.
2318 */
2319 data[0] = res >= 0 ? '1' : '0';
2320 data[1] = '\0';
2321
2322 simple_transaction_set(file, 2);
2323
2324 if (format == SMK_FIXED24_FMT)
2325 return SMK_LOADLEN;
2326 return count;
2327 }
2328
2329 /**
2330 * smk_write_access - handle access check transaction
2331 * @file: file pointer
2332 * @buf: data from user space
2333 * @count: bytes sent
2334 * @ppos: where to start - must be 0
2335 */
smk_write_access(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2336 static ssize_t smk_write_access(struct file *file, const char __user *buf,
2337 size_t count, loff_t *ppos)
2338 {
2339 return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
2340 }
2341
2342 static const struct file_operations smk_access_ops = {
2343 .write = smk_write_access,
2344 .read = simple_transaction_read,
2345 .release = simple_transaction_release,
2346 .llseek = generic_file_llseek,
2347 };
2348
2349
2350 /*
2351 * Seq_file read operations for /smack/load2
2352 */
2353
load2_seq_show(struct seq_file * s,void * v)2354 static int load2_seq_show(struct seq_file *s, void *v)
2355 {
2356 struct list_head *list = v;
2357 struct smack_rule *srp;
2358 struct smack_known *skp =
2359 list_entry_rcu(list, struct smack_known, list);
2360
2361 list_for_each_entry_rcu(srp, &skp->smk_rules, list)
2362 smk_rule_show(s, srp, SMK_LONGLABEL);
2363
2364 return 0;
2365 }
2366
2367 static const struct seq_operations load2_seq_ops = {
2368 .start = load2_seq_start,
2369 .next = load2_seq_next,
2370 .show = load2_seq_show,
2371 .stop = smk_seq_stop,
2372 };
2373
2374 /**
2375 * smk_open_load2 - open() for /smack/load2
2376 * @inode: inode structure representing file
2377 * @file: "load2" file pointer
2378 *
2379 * For reading, use load2_seq_* seq_file reading operations.
2380 */
smk_open_load2(struct inode * inode,struct file * file)2381 static int smk_open_load2(struct inode *inode, struct file *file)
2382 {
2383 return seq_open(file, &load2_seq_ops);
2384 }
2385
2386 /**
2387 * smk_write_load2 - write() for /smack/load2
2388 * @file: file pointer, not actually used
2389 * @buf: where to get the data from
2390 * @count: bytes sent
2391 * @ppos: where to start - must be 0
2392 *
2393 */
smk_write_load2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2394 static ssize_t smk_write_load2(struct file *file, const char __user *buf,
2395 size_t count, loff_t *ppos)
2396 {
2397 /*
2398 * Must have privilege.
2399 */
2400 if (!smack_privileged(CAP_MAC_ADMIN))
2401 return -EPERM;
2402
2403 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2404 SMK_LONG_FMT);
2405 }
2406
2407 static const struct file_operations smk_load2_ops = {
2408 .open = smk_open_load2,
2409 .read = seq_read,
2410 .llseek = seq_lseek,
2411 .write = smk_write_load2,
2412 .release = seq_release,
2413 };
2414
2415 /*
2416 * Seq_file read operations for /smack/load-self2
2417 */
2418
load_self2_seq_start(struct seq_file * s,loff_t * pos)2419 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
2420 {
2421 struct task_smack *tsp = smack_cred(current_cred());
2422
2423 return smk_seq_start(s, pos, &tsp->smk_rules);
2424 }
2425
load_self2_seq_next(struct seq_file * s,void * v,loff_t * pos)2426 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
2427 {
2428 struct task_smack *tsp = smack_cred(current_cred());
2429
2430 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2431 }
2432
load_self2_seq_show(struct seq_file * s,void * v)2433 static int load_self2_seq_show(struct seq_file *s, void *v)
2434 {
2435 struct list_head *list = v;
2436 struct smack_rule *srp =
2437 list_entry_rcu(list, struct smack_rule, list);
2438
2439 smk_rule_show(s, srp, SMK_LONGLABEL);
2440
2441 return 0;
2442 }
2443
2444 static const struct seq_operations load_self2_seq_ops = {
2445 .start = load_self2_seq_start,
2446 .next = load_self2_seq_next,
2447 .show = load_self2_seq_show,
2448 .stop = smk_seq_stop,
2449 };
2450
2451 /**
2452 * smk_open_load_self2 - open() for /smack/load-self2
2453 * @inode: inode structure representing file
2454 * @file: "load" file pointer
2455 *
2456 * For reading, use load_seq_* seq_file reading operations.
2457 */
smk_open_load_self2(struct inode * inode,struct file * file)2458 static int smk_open_load_self2(struct inode *inode, struct file *file)
2459 {
2460 return seq_open(file, &load_self2_seq_ops);
2461 }
2462
2463 /**
2464 * smk_write_load_self2 - write() for /smack/load-self2
2465 * @file: file pointer, not actually used
2466 * @buf: where to get the data from
2467 * @count: bytes sent
2468 * @ppos: where to start - must be 0
2469 *
2470 */
smk_write_load_self2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2471 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
2472 size_t count, loff_t *ppos)
2473 {
2474 struct task_smack *tsp = smack_cred(current_cred());
2475
2476 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2477 &tsp->smk_rules_lock, SMK_LONG_FMT);
2478 }
2479
2480 static const struct file_operations smk_load_self2_ops = {
2481 .open = smk_open_load_self2,
2482 .read = seq_read,
2483 .llseek = seq_lseek,
2484 .write = smk_write_load_self2,
2485 .release = seq_release,
2486 };
2487
2488 /**
2489 * smk_write_access2 - handle access check transaction
2490 * @file: file pointer
2491 * @buf: data from user space
2492 * @count: bytes sent
2493 * @ppos: where to start - must be 0
2494 */
smk_write_access2(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2495 static ssize_t smk_write_access2(struct file *file, const char __user *buf,
2496 size_t count, loff_t *ppos)
2497 {
2498 return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
2499 }
2500
2501 static const struct file_operations smk_access2_ops = {
2502 .write = smk_write_access2,
2503 .read = simple_transaction_read,
2504 .release = simple_transaction_release,
2505 .llseek = generic_file_llseek,
2506 };
2507
2508 /**
2509 * smk_write_revoke_subj - write() for /smack/revoke-subject
2510 * @file: file pointer
2511 * @buf: data from user space
2512 * @count: bytes sent
2513 * @ppos: where to start - must be 0
2514 */
smk_write_revoke_subj(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2515 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
2516 size_t count, loff_t *ppos)
2517 {
2518 char *data;
2519 const char *cp;
2520 struct smack_known *skp;
2521 struct smack_rule *sp;
2522 struct list_head *rule_list;
2523 struct mutex *rule_lock;
2524 int rc = count;
2525
2526 if (*ppos != 0)
2527 return -EINVAL;
2528
2529 if (!smack_privileged(CAP_MAC_ADMIN))
2530 return -EPERM;
2531
2532 if (count == 0 || count > SMK_LONGLABEL)
2533 return -EINVAL;
2534
2535 data = memdup_user(buf, count);
2536 if (IS_ERR(data))
2537 return PTR_ERR(data);
2538
2539 cp = smk_parse_smack(data, count);
2540 if (IS_ERR(cp)) {
2541 rc = PTR_ERR(cp);
2542 goto out_data;
2543 }
2544
2545 skp = smk_find_entry(cp);
2546 if (skp == NULL)
2547 goto out_cp;
2548
2549 rule_list = &skp->smk_rules;
2550 rule_lock = &skp->smk_rules_lock;
2551
2552 mutex_lock(rule_lock);
2553
2554 list_for_each_entry_rcu(sp, rule_list, list)
2555 sp->smk_access = 0;
2556
2557 mutex_unlock(rule_lock);
2558
2559 out_cp:
2560 kfree(cp);
2561 out_data:
2562 kfree(data);
2563
2564 return rc;
2565 }
2566
2567 static const struct file_operations smk_revoke_subj_ops = {
2568 .write = smk_write_revoke_subj,
2569 .read = simple_transaction_read,
2570 .release = simple_transaction_release,
2571 .llseek = generic_file_llseek,
2572 };
2573
2574 /**
2575 * smk_init_sysfs - initialize /sys/fs/smackfs
2576 *
2577 */
smk_init_sysfs(void)2578 static int smk_init_sysfs(void)
2579 {
2580 return sysfs_create_mount_point(fs_kobj, "smackfs");
2581 }
2582
2583 /**
2584 * smk_write_change_rule - write() for /smack/change-rule
2585 * @file: file pointer
2586 * @buf: data from user space
2587 * @count: bytes sent
2588 * @ppos: where to start - must be 0
2589 */
smk_write_change_rule(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2590 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
2591 size_t count, loff_t *ppos)
2592 {
2593 /*
2594 * Must have privilege.
2595 */
2596 if (!smack_privileged(CAP_MAC_ADMIN))
2597 return -EPERM;
2598
2599 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2600 SMK_CHANGE_FMT);
2601 }
2602
2603 static const struct file_operations smk_change_rule_ops = {
2604 .write = smk_write_change_rule,
2605 .read = simple_transaction_read,
2606 .release = simple_transaction_release,
2607 .llseek = generic_file_llseek,
2608 };
2609
2610 /**
2611 * smk_read_syslog - read() for smackfs/syslog
2612 * @filp: file pointer, not actually used
2613 * @buf: where to put the result
2614 * @cn: maximum to send along
2615 * @ppos: where to start
2616 *
2617 * Returns number of bytes read or error code, as appropriate
2618 */
smk_read_syslog(struct file * filp,char __user * buf,size_t cn,loff_t * ppos)2619 static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
2620 size_t cn, loff_t *ppos)
2621 {
2622 struct smack_known *skp;
2623 ssize_t rc = -EINVAL;
2624 int asize;
2625
2626 if (*ppos != 0)
2627 return 0;
2628
2629 if (smack_syslog_label == NULL)
2630 skp = &smack_known_star;
2631 else
2632 skp = smack_syslog_label;
2633
2634 asize = strlen(skp->smk_known) + 1;
2635
2636 if (cn >= asize)
2637 rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
2638 asize);
2639
2640 return rc;
2641 }
2642
2643 /**
2644 * smk_write_syslog - write() for smackfs/syslog
2645 * @file: file pointer, not actually used
2646 * @buf: where to get the data from
2647 * @count: bytes sent
2648 * @ppos: where to start
2649 *
2650 * Returns number of bytes written or error code, as appropriate
2651 */
smk_write_syslog(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2652 static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
2653 size_t count, loff_t *ppos)
2654 {
2655 char *data;
2656 struct smack_known *skp;
2657 int rc = count;
2658
2659 if (!smack_privileged(CAP_MAC_ADMIN))
2660 return -EPERM;
2661
2662 /* Enough data must be present */
2663 if (count == 0 || count > PAGE_SIZE)
2664 return -EINVAL;
2665
2666 data = memdup_user_nul(buf, count);
2667 if (IS_ERR(data))
2668 return PTR_ERR(data);
2669
2670 skp = smk_import_entry(data, count);
2671 if (IS_ERR(skp))
2672 rc = PTR_ERR(skp);
2673 else
2674 smack_syslog_label = skp;
2675
2676 kfree(data);
2677 return rc;
2678 }
2679
2680 static const struct file_operations smk_syslog_ops = {
2681 .read = smk_read_syslog,
2682 .write = smk_write_syslog,
2683 .llseek = default_llseek,
2684 };
2685
2686 /*
2687 * Seq_file read operations for /smack/relabel-self
2688 */
2689
relabel_self_seq_start(struct seq_file * s,loff_t * pos)2690 static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos)
2691 {
2692 struct task_smack *tsp = smack_cred(current_cred());
2693
2694 return smk_seq_start(s, pos, &tsp->smk_relabel);
2695 }
2696
relabel_self_seq_next(struct seq_file * s,void * v,loff_t * pos)2697 static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2698 {
2699 struct task_smack *tsp = smack_cred(current_cred());
2700
2701 return smk_seq_next(s, v, pos, &tsp->smk_relabel);
2702 }
2703
relabel_self_seq_show(struct seq_file * s,void * v)2704 static int relabel_self_seq_show(struct seq_file *s, void *v)
2705 {
2706 struct list_head *list = v;
2707 struct smack_known_list_elem *sklep =
2708 list_entry(list, struct smack_known_list_elem, list);
2709
2710 seq_puts(s, sklep->smk_label->smk_known);
2711 seq_putc(s, ' ');
2712
2713 return 0;
2714 }
2715
2716 static const struct seq_operations relabel_self_seq_ops = {
2717 .start = relabel_self_seq_start,
2718 .next = relabel_self_seq_next,
2719 .show = relabel_self_seq_show,
2720 .stop = smk_seq_stop,
2721 };
2722
2723 /**
2724 * smk_open_relabel_self - open() for /smack/relabel-self
2725 * @inode: inode structure representing file
2726 * @file: "relabel-self" file pointer
2727 *
2728 * Connect our relabel_self_seq_* operations with /smack/relabel-self
2729 * file_operations
2730 */
smk_open_relabel_self(struct inode * inode,struct file * file)2731 static int smk_open_relabel_self(struct inode *inode, struct file *file)
2732 {
2733 return seq_open(file, &relabel_self_seq_ops);
2734 }
2735
2736 /**
2737 * smk_write_relabel_self - write() for /smack/relabel-self
2738 * @file: file pointer, not actually used
2739 * @buf: where to get the data from
2740 * @count: bytes sent
2741 * @ppos: where to start - must be 0
2742 *
2743 */
smk_write_relabel_self(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2744 static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
2745 size_t count, loff_t *ppos)
2746 {
2747 char *data;
2748 int rc;
2749 LIST_HEAD(list_tmp);
2750
2751 /*
2752 * Must have privilege.
2753 */
2754 if (!smack_privileged(CAP_MAC_ADMIN))
2755 return -EPERM;
2756
2757 /*
2758 * No partial write.
2759 * Enough data must be present.
2760 */
2761 if (*ppos != 0)
2762 return -EINVAL;
2763 if (count == 0 || count > PAGE_SIZE)
2764 return -EINVAL;
2765
2766 data = memdup_user_nul(buf, count);
2767 if (IS_ERR(data))
2768 return PTR_ERR(data);
2769
2770 rc = smk_parse_label_list(data, &list_tmp);
2771 kfree(data);
2772
2773 if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2774 struct cred *new;
2775 struct task_smack *tsp;
2776
2777 new = prepare_creds();
2778 if (!new) {
2779 rc = -ENOMEM;
2780 goto out;
2781 }
2782 tsp = smack_cred(new);
2783 smk_destroy_label_list(&tsp->smk_relabel);
2784 list_splice(&list_tmp, &tsp->smk_relabel);
2785 commit_creds(new);
2786 return count;
2787 }
2788 out:
2789 smk_destroy_label_list(&list_tmp);
2790 return rc;
2791 }
2792
2793 static const struct file_operations smk_relabel_self_ops = {
2794 .open = smk_open_relabel_self,
2795 .read = seq_read,
2796 .llseek = seq_lseek,
2797 .write = smk_write_relabel_self,
2798 .release = seq_release,
2799 };
2800
2801 /**
2802 * smk_read_ptrace - read() for /smack/ptrace
2803 * @filp: file pointer, not actually used
2804 * @buf: where to put the result
2805 * @count: maximum to send along
2806 * @ppos: where to start
2807 *
2808 * Returns number of bytes read or error code, as appropriate
2809 */
smk_read_ptrace(struct file * filp,char __user * buf,size_t count,loff_t * ppos)2810 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf,
2811 size_t count, loff_t *ppos)
2812 {
2813 char temp[32];
2814 ssize_t rc;
2815
2816 if (*ppos != 0)
2817 return 0;
2818
2819 sprintf(temp, "%d\n", smack_ptrace_rule);
2820 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2821 return rc;
2822 }
2823
2824 /**
2825 * smk_write_ptrace - write() for /smack/ptrace
2826 * @file: file pointer
2827 * @buf: data from user space
2828 * @count: bytes sent
2829 * @ppos: where to start - must be 0
2830 */
smk_write_ptrace(struct file * file,const char __user * buf,size_t count,loff_t * ppos)2831 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf,
2832 size_t count, loff_t *ppos)
2833 {
2834 char temp[32];
2835 int i;
2836
2837 if (!smack_privileged(CAP_MAC_ADMIN))
2838 return -EPERM;
2839
2840 if (*ppos != 0 || count >= sizeof(temp) || count == 0)
2841 return -EINVAL;
2842
2843 if (copy_from_user(temp, buf, count) != 0)
2844 return -EFAULT;
2845
2846 temp[count] = '\0';
2847
2848 if (sscanf(temp, "%d", &i) != 1)
2849 return -EINVAL;
2850 if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX)
2851 return -EINVAL;
2852 smack_ptrace_rule = i;
2853
2854 return count;
2855 }
2856
2857 static const struct file_operations smk_ptrace_ops = {
2858 .write = smk_write_ptrace,
2859 .read = smk_read_ptrace,
2860 .llseek = default_llseek,
2861 };
2862
2863 /**
2864 * smk_fill_super - fill the smackfs superblock
2865 * @sb: the empty superblock
2866 * @fc: unused
2867 *
2868 * Fill in the well known entries for the smack filesystem
2869 *
2870 * Returns 0 on success, an error code on failure
2871 */
smk_fill_super(struct super_block * sb,struct fs_context * fc)2872 static int smk_fill_super(struct super_block *sb, struct fs_context *fc)
2873 {
2874 int rc;
2875
2876 static const struct tree_descr smack_files[] = {
2877 [SMK_LOAD] = {
2878 "load", &smk_load_ops, S_IRUGO|S_IWUSR},
2879 [SMK_CIPSO] = {
2880 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2881 [SMK_DOI] = {
2882 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2883 [SMK_DIRECT] = {
2884 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2885 [SMK_AMBIENT] = {
2886 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2887 [SMK_NET4ADDR] = {
2888 "netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR},
2889 [SMK_ONLYCAP] = {
2890 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2891 [SMK_LOGGING] = {
2892 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2893 [SMK_LOAD_SELF] = {
2894 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2895 [SMK_ACCESSES] = {
2896 "access", &smk_access_ops, S_IRUGO|S_IWUGO},
2897 [SMK_MAPPED] = {
2898 "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2899 [SMK_LOAD2] = {
2900 "load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2901 [SMK_LOAD_SELF2] = {
2902 "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2903 [SMK_ACCESS2] = {
2904 "access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2905 [SMK_CIPSO2] = {
2906 "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2907 [SMK_REVOKE_SUBJ] = {
2908 "revoke-subject", &smk_revoke_subj_ops,
2909 S_IRUGO|S_IWUSR},
2910 [SMK_CHANGE_RULE] = {
2911 "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
2912 [SMK_SYSLOG] = {
2913 "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
2914 [SMK_PTRACE] = {
2915 "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
2916 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2917 [SMK_UNCONFINED] = {
2918 "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
2919 #endif
2920 #if IS_ENABLED(CONFIG_IPV6)
2921 [SMK_NET6ADDR] = {
2922 "ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR},
2923 #endif /* CONFIG_IPV6 */
2924 [SMK_RELABEL_SELF] = {
2925 "relabel-self", &smk_relabel_self_ops,
2926 S_IRUGO|S_IWUGO},
2927 /* last one */
2928 {""}
2929 };
2930
2931 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2932 if (rc != 0) {
2933 printk(KERN_ERR "%s failed %d while creating inodes\n",
2934 __func__, rc);
2935 return rc;
2936 }
2937
2938 return 0;
2939 }
2940
2941 /**
2942 * smk_get_tree - get the smackfs superblock
2943 * @fc: The mount context, including any options
2944 *
2945 * Just passes everything along.
2946 *
2947 * Returns what the lower level code does.
2948 */
smk_get_tree(struct fs_context * fc)2949 static int smk_get_tree(struct fs_context *fc)
2950 {
2951 return get_tree_single(fc, smk_fill_super);
2952 }
2953
2954 static const struct fs_context_operations smk_context_ops = {
2955 .get_tree = smk_get_tree,
2956 };
2957
2958 /**
2959 * smk_init_fs_context - Initialise a filesystem context for smackfs
2960 * @fc: The blank mount context
2961 */
smk_init_fs_context(struct fs_context * fc)2962 static int smk_init_fs_context(struct fs_context *fc)
2963 {
2964 fc->ops = &smk_context_ops;
2965 return 0;
2966 }
2967
2968 static struct file_system_type smk_fs_type = {
2969 .name = "smackfs",
2970 .init_fs_context = smk_init_fs_context,
2971 .kill_sb = kill_litter_super,
2972 };
2973
2974 static struct vfsmount *smackfs_mount;
2975
2976 /**
2977 * init_smk_fs - get the smackfs superblock
2978 *
2979 * register the smackfs
2980 *
2981 * Do not register smackfs if Smack wasn't enabled
2982 * on boot. We can not put this method normally under the
2983 * smack_init() code path since the security subsystem get
2984 * initialized before the vfs caches.
2985 *
2986 * Returns true if we were not chosen on boot or if
2987 * we were chosen and filesystem registration succeeded.
2988 */
init_smk_fs(void)2989 static int __init init_smk_fs(void)
2990 {
2991 int err;
2992 int rc;
2993
2994 if (smack_enabled == 0)
2995 return 0;
2996
2997 err = smk_init_sysfs();
2998 if (err)
2999 printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
3000
3001 err = register_filesystem(&smk_fs_type);
3002 if (!err) {
3003 smackfs_mount = kern_mount(&smk_fs_type);
3004 if (IS_ERR(smackfs_mount)) {
3005 printk(KERN_ERR "smackfs: could not mount!\n");
3006 err = PTR_ERR(smackfs_mount);
3007 smackfs_mount = NULL;
3008 }
3009 }
3010
3011 smk_cipso_doi();
3012 smk_unlbl_ambient(NULL);
3013
3014 rc = smack_populate_secattr(&smack_known_floor);
3015 if (err == 0 && rc < 0)
3016 err = rc;
3017 rc = smack_populate_secattr(&smack_known_hat);
3018 if (err == 0 && rc < 0)
3019 err = rc;
3020 rc = smack_populate_secattr(&smack_known_huh);
3021 if (err == 0 && rc < 0)
3022 err = rc;
3023 rc = smack_populate_secattr(&smack_known_star);
3024 if (err == 0 && rc < 0)
3025 err = rc;
3026 rc = smack_populate_secattr(&smack_known_web);
3027 if (err == 0 && rc < 0)
3028 err = rc;
3029
3030 return err;
3031 }
3032
3033 __initcall(init_smk_fs);
3034