1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Simplified MAC Kernel (smack) security module
4 *
5 * This file contains the smack hook function implementations.
6 *
7 * Authors:
8 * Casey Schaufler <casey@schaufler-ca.com>
9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
10 *
11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
13 * Paul Moore <paul@paul-moore.com>
14 * Copyright (C) 2010 Nokia Corporation
15 * Copyright (C) 2011 Intel Corporation.
16 */
17
18 #include <linux/xattr.h>
19 #include <linux/pagemap.h>
20 #include <linux/mount.h>
21 #include <linux/stat.h>
22 #include <linux/kd.h>
23 #include <asm/ioctls.h>
24 #include <linux/ip.h>
25 #include <linux/tcp.h>
26 #include <linux/udp.h>
27 #include <linux/dccp.h>
28 #include <linux/icmpv6.h>
29 #include <linux/slab.h>
30 #include <linux/mutex.h>
31 #include <linux/pipe_fs_i.h>
32 #include <net/cipso_ipv4.h>
33 #include <net/ip.h>
34 #include <net/ipv6.h>
35 #include <linux/audit.h>
36 #include <linux/magic.h>
37 #include <linux/dcache.h>
38 #include <linux/personality.h>
39 #include <linux/msg.h>
40 #include <linux/shm.h>
41 #include <linux/binfmts.h>
42 #include <linux/parser.h>
43 #include <linux/fs_context.h>
44 #include <linux/fs_parser.h>
45 #include "smack.h"
46
47 #define TRANS_TRUE "TRUE"
48 #define TRANS_TRUE_SIZE 4
49
50 #define SMK_CONNECTING 0
51 #define SMK_RECEIVING 1
52 #define SMK_SENDING 2
53
54 #ifdef SMACK_IPV6_PORT_LABELING
55 DEFINE_MUTEX(smack_ipv6_lock);
56 static LIST_HEAD(smk_ipv6_port_list);
57 #endif
58 static struct kmem_cache *smack_inode_cache;
59 struct kmem_cache *smack_rule_cache;
60 int smack_enabled;
61
62 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
63 static struct {
64 const char *name;
65 int len;
66 int opt;
67 } smk_mount_opts[] = {
68 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
69 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
70 };
71 #undef A
72
match_opt_prefix(char * s,int l,char ** arg)73 static int match_opt_prefix(char *s, int l, char **arg)
74 {
75 int i;
76
77 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
78 size_t len = smk_mount_opts[i].len;
79 if (len > l || memcmp(s, smk_mount_opts[i].name, len))
80 continue;
81 if (len == l || s[len] != '=')
82 continue;
83 *arg = s + len + 1;
84 return smk_mount_opts[i].opt;
85 }
86 return Opt_error;
87 }
88
89 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
90 static char *smk_bu_mess[] = {
91 "Bringup Error", /* Unused */
92 "Bringup", /* SMACK_BRINGUP_ALLOW */
93 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
94 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
95 };
96
smk_bu_mode(int mode,char * s)97 static void smk_bu_mode(int mode, char *s)
98 {
99 int i = 0;
100
101 if (mode & MAY_READ)
102 s[i++] = 'r';
103 if (mode & MAY_WRITE)
104 s[i++] = 'w';
105 if (mode & MAY_EXEC)
106 s[i++] = 'x';
107 if (mode & MAY_APPEND)
108 s[i++] = 'a';
109 if (mode & MAY_TRANSMUTE)
110 s[i++] = 't';
111 if (mode & MAY_LOCK)
112 s[i++] = 'l';
113 if (i == 0)
114 s[i++] = '-';
115 s[i] = '\0';
116 }
117 #endif
118
119 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_note(char * note,struct smack_known * sskp,struct smack_known * oskp,int mode,int rc)120 static int smk_bu_note(char *note, struct smack_known *sskp,
121 struct smack_known *oskp, int mode, int rc)
122 {
123 char acc[SMK_NUM_ACCESS_TYPE + 1];
124
125 if (rc <= 0)
126 return rc;
127 if (rc > SMACK_UNCONFINED_OBJECT)
128 rc = 0;
129
130 smk_bu_mode(mode, acc);
131 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
132 sskp->smk_known, oskp->smk_known, acc, note);
133 return 0;
134 }
135 #else
136 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
137 #endif
138
139 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_current(char * note,struct smack_known * oskp,int mode,int rc)140 static int smk_bu_current(char *note, struct smack_known *oskp,
141 int mode, int rc)
142 {
143 struct task_smack *tsp = smack_cred(current_cred());
144 char acc[SMK_NUM_ACCESS_TYPE + 1];
145
146 if (rc <= 0)
147 return rc;
148 if (rc > SMACK_UNCONFINED_OBJECT)
149 rc = 0;
150
151 smk_bu_mode(mode, acc);
152 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
153 tsp->smk_task->smk_known, oskp->smk_known,
154 acc, current->comm, note);
155 return 0;
156 }
157 #else
158 #define smk_bu_current(note, oskp, mode, RC) (RC)
159 #endif
160
161 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_task(struct task_struct * otp,int mode,int rc)162 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
163 {
164 struct task_smack *tsp = smack_cred(current_cred());
165 struct smack_known *smk_task = smk_of_task_struct(otp);
166 char acc[SMK_NUM_ACCESS_TYPE + 1];
167
168 if (rc <= 0)
169 return rc;
170 if (rc > SMACK_UNCONFINED_OBJECT)
171 rc = 0;
172
173 smk_bu_mode(mode, acc);
174 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
175 tsp->smk_task->smk_known, smk_task->smk_known, acc,
176 current->comm, otp->comm);
177 return 0;
178 }
179 #else
180 #define smk_bu_task(otp, mode, RC) (RC)
181 #endif
182
183 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_inode(struct inode * inode,int mode,int rc)184 static int smk_bu_inode(struct inode *inode, int mode, int rc)
185 {
186 struct task_smack *tsp = smack_cred(current_cred());
187 struct inode_smack *isp = smack_inode(inode);
188 char acc[SMK_NUM_ACCESS_TYPE + 1];
189
190 if (isp->smk_flags & SMK_INODE_IMPURE)
191 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
192 inode->i_sb->s_id, inode->i_ino, current->comm);
193
194 if (rc <= 0)
195 return rc;
196 if (rc > SMACK_UNCONFINED_OBJECT)
197 rc = 0;
198 if (rc == SMACK_UNCONFINED_SUBJECT &&
199 (mode & (MAY_WRITE | MAY_APPEND)))
200 isp->smk_flags |= SMK_INODE_IMPURE;
201
202 smk_bu_mode(mode, acc);
203
204 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
205 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
206 inode->i_sb->s_id, inode->i_ino, current->comm);
207 return 0;
208 }
209 #else
210 #define smk_bu_inode(inode, mode, RC) (RC)
211 #endif
212
213 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_file(struct file * file,int mode,int rc)214 static int smk_bu_file(struct file *file, int mode, int rc)
215 {
216 struct task_smack *tsp = smack_cred(current_cred());
217 struct smack_known *sskp = tsp->smk_task;
218 struct inode *inode = file_inode(file);
219 struct inode_smack *isp = smack_inode(inode);
220 char acc[SMK_NUM_ACCESS_TYPE + 1];
221
222 if (isp->smk_flags & SMK_INODE_IMPURE)
223 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
224 inode->i_sb->s_id, inode->i_ino, current->comm);
225
226 if (rc <= 0)
227 return rc;
228 if (rc > SMACK_UNCONFINED_OBJECT)
229 rc = 0;
230
231 smk_bu_mode(mode, acc);
232 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
233 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
234 inode->i_sb->s_id, inode->i_ino, file,
235 current->comm);
236 return 0;
237 }
238 #else
239 #define smk_bu_file(file, mode, RC) (RC)
240 #endif
241
242 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_credfile(const struct cred * cred,struct file * file,int mode,int rc)243 static int smk_bu_credfile(const struct cred *cred, struct file *file,
244 int mode, int rc)
245 {
246 struct task_smack *tsp = smack_cred(cred);
247 struct smack_known *sskp = tsp->smk_task;
248 struct inode *inode = file_inode(file);
249 struct inode_smack *isp = smack_inode(inode);
250 char acc[SMK_NUM_ACCESS_TYPE + 1];
251
252 if (isp->smk_flags & SMK_INODE_IMPURE)
253 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
254 inode->i_sb->s_id, inode->i_ino, current->comm);
255
256 if (rc <= 0)
257 return rc;
258 if (rc > SMACK_UNCONFINED_OBJECT)
259 rc = 0;
260
261 smk_bu_mode(mode, acc);
262 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
263 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
264 inode->i_sb->s_id, inode->i_ino, file,
265 current->comm);
266 return 0;
267 }
268 #else
269 #define smk_bu_credfile(cred, file, mode, RC) (RC)
270 #endif
271
272 /**
273 * smk_fetch - Fetch the smack label from a file.
274 * @name: type of the label (attribute)
275 * @ip: a pointer to the inode
276 * @dp: a pointer to the dentry
277 *
278 * Returns a pointer to the master list entry for the Smack label,
279 * NULL if there was no label to fetch, or an error code.
280 */
smk_fetch(const char * name,struct inode * ip,struct dentry * dp)281 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
282 struct dentry *dp)
283 {
284 int rc;
285 char *buffer;
286 struct smack_known *skp = NULL;
287
288 if (!(ip->i_opflags & IOP_XATTR))
289 return ERR_PTR(-EOPNOTSUPP);
290
291 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
292 if (buffer == NULL)
293 return ERR_PTR(-ENOMEM);
294
295 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL,
296 XATTR_NOSECURITY);
297 if (rc < 0)
298 skp = ERR_PTR(rc);
299 else if (rc == 0)
300 skp = NULL;
301 else
302 skp = smk_import_entry(buffer, rc);
303
304 kfree(buffer);
305
306 return skp;
307 }
308
309 /**
310 * init_inode_smack - initialize an inode security blob
311 * @inode: inode to extract the info from
312 * @skp: a pointer to the Smack label entry to use in the blob
313 *
314 */
init_inode_smack(struct inode * inode,struct smack_known * skp)315 static void init_inode_smack(struct inode *inode, struct smack_known *skp)
316 {
317 struct inode_smack *isp = smack_inode(inode);
318
319 isp->smk_inode = skp;
320 isp->smk_flags = 0;
321 mutex_init(&isp->smk_lock);
322 }
323
324 /**
325 * init_task_smack - initialize a task security blob
326 * @tsp: blob to initialize
327 * @task: a pointer to the Smack label for the running task
328 * @forked: a pointer to the Smack label for the forked task
329 *
330 */
init_task_smack(struct task_smack * tsp,struct smack_known * task,struct smack_known * forked)331 static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
332 struct smack_known *forked)
333 {
334 tsp->smk_task = task;
335 tsp->smk_forked = forked;
336 INIT_LIST_HEAD(&tsp->smk_rules);
337 INIT_LIST_HEAD(&tsp->smk_relabel);
338 mutex_init(&tsp->smk_rules_lock);
339 }
340
341 /**
342 * smk_copy_rules - copy a rule set
343 * @nhead: new rules header pointer
344 * @ohead: old rules header pointer
345 * @gfp: type of the memory for the allocation
346 *
347 * Returns 0 on success, -ENOMEM on error
348 */
smk_copy_rules(struct list_head * nhead,struct list_head * ohead,gfp_t gfp)349 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
350 gfp_t gfp)
351 {
352 struct smack_rule *nrp;
353 struct smack_rule *orp;
354 int rc = 0;
355
356 list_for_each_entry_rcu(orp, ohead, list) {
357 nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
358 if (nrp == NULL) {
359 rc = -ENOMEM;
360 break;
361 }
362 *nrp = *orp;
363 list_add_rcu(&nrp->list, nhead);
364 }
365 return rc;
366 }
367
368 /**
369 * smk_copy_relabel - copy smk_relabel labels list
370 * @nhead: new rules header pointer
371 * @ohead: old rules header pointer
372 * @gfp: type of the memory for the allocation
373 *
374 * Returns 0 on success, -ENOMEM on error
375 */
smk_copy_relabel(struct list_head * nhead,struct list_head * ohead,gfp_t gfp)376 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
377 gfp_t gfp)
378 {
379 struct smack_known_list_elem *nklep;
380 struct smack_known_list_elem *oklep;
381
382 list_for_each_entry(oklep, ohead, list) {
383 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
384 if (nklep == NULL) {
385 smk_destroy_label_list(nhead);
386 return -ENOMEM;
387 }
388 nklep->smk_label = oklep->smk_label;
389 list_add(&nklep->list, nhead);
390 }
391
392 return 0;
393 }
394
395 /**
396 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
397 * @mode - input mode in form of PTRACE_MODE_*
398 *
399 * Returns a converted MAY_* mode usable by smack rules
400 */
smk_ptrace_mode(unsigned int mode)401 static inline unsigned int smk_ptrace_mode(unsigned int mode)
402 {
403 if (mode & PTRACE_MODE_ATTACH)
404 return MAY_READWRITE;
405 if (mode & PTRACE_MODE_READ)
406 return MAY_READ;
407
408 return 0;
409 }
410
411 /**
412 * smk_ptrace_rule_check - helper for ptrace access
413 * @tracer: tracer process
414 * @tracee_known: label entry of the process that's about to be traced
415 * @mode: ptrace attachment mode (PTRACE_MODE_*)
416 * @func: name of the function that called us, used for audit
417 *
418 * Returns 0 on access granted, -error on error
419 */
smk_ptrace_rule_check(struct task_struct * tracer,struct smack_known * tracee_known,unsigned int mode,const char * func)420 static int smk_ptrace_rule_check(struct task_struct *tracer,
421 struct smack_known *tracee_known,
422 unsigned int mode, const char *func)
423 {
424 int rc;
425 struct smk_audit_info ad, *saip = NULL;
426 struct task_smack *tsp;
427 struct smack_known *tracer_known;
428 const struct cred *tracercred;
429
430 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
431 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
432 smk_ad_setfield_u_tsk(&ad, tracer);
433 saip = &ad;
434 }
435
436 rcu_read_lock();
437 tracercred = __task_cred(tracer);
438 tsp = smack_cred(tracercred);
439 tracer_known = smk_of_task(tsp);
440
441 if ((mode & PTRACE_MODE_ATTACH) &&
442 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
443 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
444 if (tracer_known->smk_known == tracee_known->smk_known)
445 rc = 0;
446 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
447 rc = -EACCES;
448 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
449 rc = 0;
450 else
451 rc = -EACCES;
452
453 if (saip)
454 smack_log(tracer_known->smk_known,
455 tracee_known->smk_known,
456 0, rc, saip);
457
458 rcu_read_unlock();
459 return rc;
460 }
461
462 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
463 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
464
465 rcu_read_unlock();
466 return rc;
467 }
468
469 /*
470 * LSM hooks.
471 * We he, that is fun!
472 */
473
474 /**
475 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
476 * @ctp: child task pointer
477 * @mode: ptrace attachment mode (PTRACE_MODE_*)
478 *
479 * Returns 0 if access is OK, an error code otherwise
480 *
481 * Do the capability checks.
482 */
smack_ptrace_access_check(struct task_struct * ctp,unsigned int mode)483 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
484 {
485 struct smack_known *skp;
486
487 skp = smk_of_task_struct(ctp);
488
489 return smk_ptrace_rule_check(current, skp, mode, __func__);
490 }
491
492 /**
493 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
494 * @ptp: parent task pointer
495 *
496 * Returns 0 if access is OK, an error code otherwise
497 *
498 * Do the capability checks, and require PTRACE_MODE_ATTACH.
499 */
smack_ptrace_traceme(struct task_struct * ptp)500 static int smack_ptrace_traceme(struct task_struct *ptp)
501 {
502 int rc;
503 struct smack_known *skp;
504
505 skp = smk_of_task(smack_cred(current_cred()));
506
507 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
508 return rc;
509 }
510
511 /**
512 * smack_syslog - Smack approval on syslog
513 * @typefrom_file: unused
514 *
515 * Returns 0 on success, error code otherwise.
516 */
smack_syslog(int typefrom_file)517 static int smack_syslog(int typefrom_file)
518 {
519 int rc = 0;
520 struct smack_known *skp = smk_of_current();
521
522 if (smack_privileged(CAP_MAC_OVERRIDE))
523 return 0;
524
525 if (smack_syslog_label != NULL && smack_syslog_label != skp)
526 rc = -EACCES;
527
528 return rc;
529 }
530
531 /*
532 * Superblock Hooks.
533 */
534
535 /**
536 * smack_sb_alloc_security - allocate a superblock blob
537 * @sb: the superblock getting the blob
538 *
539 * Returns 0 on success or -ENOMEM on error.
540 */
smack_sb_alloc_security(struct super_block * sb)541 static int smack_sb_alloc_security(struct super_block *sb)
542 {
543 struct superblock_smack *sbsp;
544
545 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
546
547 if (sbsp == NULL)
548 return -ENOMEM;
549
550 sbsp->smk_root = &smack_known_floor;
551 sbsp->smk_default = &smack_known_floor;
552 sbsp->smk_floor = &smack_known_floor;
553 sbsp->smk_hat = &smack_known_hat;
554 /*
555 * SMK_SB_INITIALIZED will be zero from kzalloc.
556 */
557 sb->s_security = sbsp;
558
559 return 0;
560 }
561
562 /**
563 * smack_sb_free_security - free a superblock blob
564 * @sb: the superblock getting the blob
565 *
566 */
smack_sb_free_security(struct super_block * sb)567 static void smack_sb_free_security(struct super_block *sb)
568 {
569 kfree(sb->s_security);
570 sb->s_security = NULL;
571 }
572
573 struct smack_mnt_opts {
574 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
575 };
576
smack_free_mnt_opts(void * mnt_opts)577 static void smack_free_mnt_opts(void *mnt_opts)
578 {
579 struct smack_mnt_opts *opts = mnt_opts;
580 kfree(opts->fsdefault);
581 kfree(opts->fsfloor);
582 kfree(opts->fshat);
583 kfree(opts->fsroot);
584 kfree(opts->fstransmute);
585 kfree(opts);
586 }
587
smack_add_opt(int token,const char * s,void ** mnt_opts)588 static int smack_add_opt(int token, const char *s, void **mnt_opts)
589 {
590 struct smack_mnt_opts *opts = *mnt_opts;
591
592 if (!opts) {
593 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
594 if (!opts)
595 return -ENOMEM;
596 *mnt_opts = opts;
597 }
598 if (!s)
599 return -ENOMEM;
600
601 switch (token) {
602 case Opt_fsdefault:
603 if (opts->fsdefault)
604 goto out_opt_err;
605 opts->fsdefault = s;
606 break;
607 case Opt_fsfloor:
608 if (opts->fsfloor)
609 goto out_opt_err;
610 opts->fsfloor = s;
611 break;
612 case Opt_fshat:
613 if (opts->fshat)
614 goto out_opt_err;
615 opts->fshat = s;
616 break;
617 case Opt_fsroot:
618 if (opts->fsroot)
619 goto out_opt_err;
620 opts->fsroot = s;
621 break;
622 case Opt_fstransmute:
623 if (opts->fstransmute)
624 goto out_opt_err;
625 opts->fstransmute = s;
626 break;
627 }
628 return 0;
629
630 out_opt_err:
631 pr_warn("Smack: duplicate mount options\n");
632 return -EINVAL;
633 }
634
635 /**
636 * smack_fs_context_dup - Duplicate the security data on fs_context duplication
637 * @fc: The new filesystem context.
638 * @src_fc: The source filesystem context being duplicated.
639 *
640 * Returns 0 on success or -ENOMEM on error.
641 */
smack_fs_context_dup(struct fs_context * fc,struct fs_context * src_fc)642 static int smack_fs_context_dup(struct fs_context *fc,
643 struct fs_context *src_fc)
644 {
645 struct smack_mnt_opts *dst, *src = src_fc->security;
646
647 if (!src)
648 return 0;
649
650 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
651 if (!fc->security)
652 return -ENOMEM;
653 dst = fc->security;
654
655 if (src->fsdefault) {
656 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
657 if (!dst->fsdefault)
658 return -ENOMEM;
659 }
660 if (src->fsfloor) {
661 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
662 if (!dst->fsfloor)
663 return -ENOMEM;
664 }
665 if (src->fshat) {
666 dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
667 if (!dst->fshat)
668 return -ENOMEM;
669 }
670 if (src->fsroot) {
671 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
672 if (!dst->fsroot)
673 return -ENOMEM;
674 }
675 if (src->fstransmute) {
676 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
677 if (!dst->fstransmute)
678 return -ENOMEM;
679 }
680 return 0;
681 }
682
683 static const struct fs_parameter_spec smack_param_specs[] = {
684 fsparam_string("smackfsdef", Opt_fsdefault),
685 fsparam_string("smackfsdefault", Opt_fsdefault),
686 fsparam_string("smackfsfloor", Opt_fsfloor),
687 fsparam_string("smackfshat", Opt_fshat),
688 fsparam_string("smackfsroot", Opt_fsroot),
689 fsparam_string("smackfstransmute", Opt_fstransmute),
690 {}
691 };
692
693 static const struct fs_parameter_description smack_fs_parameters = {
694 .name = "smack",
695 .specs = smack_param_specs,
696 };
697
698 /**
699 * smack_fs_context_parse_param - Parse a single mount parameter
700 * @fc: The new filesystem context being constructed.
701 * @param: The parameter.
702 *
703 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
704 * error.
705 */
smack_fs_context_parse_param(struct fs_context * fc,struct fs_parameter * param)706 static int smack_fs_context_parse_param(struct fs_context *fc,
707 struct fs_parameter *param)
708 {
709 struct fs_parse_result result;
710 int opt, rc;
711
712 opt = fs_parse(fc, &smack_fs_parameters, param, &result);
713 if (opt < 0)
714 return opt;
715
716 rc = smack_add_opt(opt, param->string, &fc->security);
717 if (!rc)
718 param->string = NULL;
719 return rc;
720 }
721
smack_sb_eat_lsm_opts(char * options,void ** mnt_opts)722 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
723 {
724 char *from = options, *to = options;
725 bool first = true;
726
727 while (1) {
728 char *next = strchr(from, ',');
729 int token, len, rc;
730 char *arg = NULL;
731
732 if (next)
733 len = next - from;
734 else
735 len = strlen(from);
736
737 token = match_opt_prefix(from, len, &arg);
738 if (token != Opt_error) {
739 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
740 rc = smack_add_opt(token, arg, mnt_opts);
741 if (unlikely(rc)) {
742 kfree(arg);
743 if (*mnt_opts)
744 smack_free_mnt_opts(*mnt_opts);
745 *mnt_opts = NULL;
746 return rc;
747 }
748 } else {
749 if (!first) { // copy with preceding comma
750 from--;
751 len++;
752 }
753 if (to != from)
754 memmove(to, from, len);
755 to += len;
756 first = false;
757 }
758 if (!from[len])
759 break;
760 from += len + 1;
761 }
762 *to = '\0';
763 return 0;
764 }
765
766 /**
767 * smack_set_mnt_opts - set Smack specific mount options
768 * @sb: the file system superblock
769 * @mnt_opts: Smack mount options
770 * @kern_flags: mount option from kernel space or user space
771 * @set_kern_flags: where to store converted mount opts
772 *
773 * Returns 0 on success, an error code on failure
774 *
775 * Allow filesystems with binary mount data to explicitly set Smack mount
776 * labels.
777 */
smack_set_mnt_opts(struct super_block * sb,void * mnt_opts,unsigned long kern_flags,unsigned long * set_kern_flags)778 static int smack_set_mnt_opts(struct super_block *sb,
779 void *mnt_opts,
780 unsigned long kern_flags,
781 unsigned long *set_kern_flags)
782 {
783 struct dentry *root = sb->s_root;
784 struct inode *inode = d_backing_inode(root);
785 struct superblock_smack *sp = sb->s_security;
786 struct inode_smack *isp;
787 struct smack_known *skp;
788 struct smack_mnt_opts *opts = mnt_opts;
789 bool transmute = false;
790
791 if (sp->smk_flags & SMK_SB_INITIALIZED)
792 return 0;
793
794 if (inode->i_security == NULL) {
795 int rc = lsm_inode_alloc(inode);
796
797 if (rc)
798 return rc;
799 }
800
801 if (!smack_privileged(CAP_MAC_ADMIN)) {
802 /*
803 * Unprivileged mounts don't get to specify Smack values.
804 */
805 if (opts)
806 return -EPERM;
807 /*
808 * Unprivileged mounts get root and default from the caller.
809 */
810 skp = smk_of_current();
811 sp->smk_root = skp;
812 sp->smk_default = skp;
813 /*
814 * For a handful of fs types with no user-controlled
815 * backing store it's okay to trust security labels
816 * in the filesystem. The rest are untrusted.
817 */
818 if (sb->s_user_ns != &init_user_ns &&
819 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
820 sb->s_magic != RAMFS_MAGIC) {
821 transmute = true;
822 sp->smk_flags |= SMK_SB_UNTRUSTED;
823 }
824 }
825
826 sp->smk_flags |= SMK_SB_INITIALIZED;
827
828 if (opts) {
829 if (opts->fsdefault) {
830 skp = smk_import_entry(opts->fsdefault, 0);
831 if (IS_ERR(skp))
832 return PTR_ERR(skp);
833 sp->smk_default = skp;
834 }
835 if (opts->fsfloor) {
836 skp = smk_import_entry(opts->fsfloor, 0);
837 if (IS_ERR(skp))
838 return PTR_ERR(skp);
839 sp->smk_floor = skp;
840 }
841 if (opts->fshat) {
842 skp = smk_import_entry(opts->fshat, 0);
843 if (IS_ERR(skp))
844 return PTR_ERR(skp);
845 sp->smk_hat = skp;
846 }
847 if (opts->fsroot) {
848 skp = smk_import_entry(opts->fsroot, 0);
849 if (IS_ERR(skp))
850 return PTR_ERR(skp);
851 sp->smk_root = skp;
852 }
853 if (opts->fstransmute) {
854 skp = smk_import_entry(opts->fstransmute, 0);
855 if (IS_ERR(skp))
856 return PTR_ERR(skp);
857 sp->smk_root = skp;
858 transmute = true;
859 }
860 }
861
862 /*
863 * Initialize the root inode.
864 */
865 init_inode_smack(inode, sp->smk_root);
866
867 if (transmute) {
868 isp = smack_inode(inode);
869 isp->smk_flags |= SMK_INODE_TRANSMUTE;
870 }
871
872 return 0;
873 }
874
875 /**
876 * smack_sb_statfs - Smack check on statfs
877 * @dentry: identifies the file system in question
878 *
879 * Returns 0 if current can read the floor of the filesystem,
880 * and error code otherwise
881 */
smack_sb_statfs(struct dentry * dentry)882 static int smack_sb_statfs(struct dentry *dentry)
883 {
884 struct superblock_smack *sbp = dentry->d_sb->s_security;
885 int rc;
886 struct smk_audit_info ad;
887
888 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
889 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
890
891 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
892 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
893 return rc;
894 }
895
896 /*
897 * BPRM hooks
898 */
899
900 /**
901 * smack_bprm_set_creds - set creds for exec
902 * @bprm: the exec information
903 *
904 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
905 */
smack_bprm_set_creds(struct linux_binprm * bprm)906 static int smack_bprm_set_creds(struct linux_binprm *bprm)
907 {
908 struct inode *inode = file_inode(bprm->file);
909 struct task_smack *bsp = smack_cred(bprm->cred);
910 struct inode_smack *isp;
911 struct superblock_smack *sbsp;
912 int rc;
913
914 if (bprm->called_set_creds)
915 return 0;
916
917 isp = smack_inode(inode);
918 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
919 return 0;
920
921 sbsp = inode->i_sb->s_security;
922 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
923 isp->smk_task != sbsp->smk_root)
924 return 0;
925
926 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
927 struct task_struct *tracer;
928 rc = 0;
929
930 rcu_read_lock();
931 tracer = ptrace_parent(current);
932 if (likely(tracer != NULL))
933 rc = smk_ptrace_rule_check(tracer,
934 isp->smk_task,
935 PTRACE_MODE_ATTACH,
936 __func__);
937 rcu_read_unlock();
938
939 if (rc != 0)
940 return rc;
941 }
942 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
943 return -EPERM;
944
945 bsp->smk_task = isp->smk_task;
946 bprm->per_clear |= PER_CLEAR_ON_SETID;
947
948 /* Decide if this is a secure exec. */
949 if (bsp->smk_task != bsp->smk_forked)
950 bprm->secureexec = 1;
951
952 return 0;
953 }
954
955 /*
956 * Inode hooks
957 */
958
959 /**
960 * smack_inode_alloc_security - allocate an inode blob
961 * @inode: the inode in need of a blob
962 *
963 * Returns 0
964 */
smack_inode_alloc_security(struct inode * inode)965 static int smack_inode_alloc_security(struct inode *inode)
966 {
967 struct smack_known *skp = smk_of_current();
968
969 init_inode_smack(inode, skp);
970 return 0;
971 }
972
973 /**
974 * smack_inode_init_security - copy out the smack from an inode
975 * @inode: the newly created inode
976 * @dir: containing directory object
977 * @qstr: unused
978 * @name: where to put the attribute name
979 * @value: where to put the attribute value
980 * @len: where to put the length of the attribute
981 *
982 * Returns 0 if it all works out, -ENOMEM if there's no memory
983 */
smack_inode_init_security(struct inode * inode,struct inode * dir,const struct qstr * qstr,const char ** name,void ** value,size_t * len)984 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
985 const struct qstr *qstr, const char **name,
986 void **value, size_t *len)
987 {
988 struct inode_smack *issp = smack_inode(inode);
989 struct smack_known *skp = smk_of_current();
990 struct smack_known *isp = smk_of_inode(inode);
991 struct smack_known *dsp = smk_of_inode(dir);
992 int may;
993
994 if (name)
995 *name = XATTR_SMACK_SUFFIX;
996
997 if (value && len) {
998 rcu_read_lock();
999 may = smk_access_entry(skp->smk_known, dsp->smk_known,
1000 &skp->smk_rules);
1001 rcu_read_unlock();
1002
1003 /*
1004 * If the access rule allows transmutation and
1005 * the directory requests transmutation then
1006 * by all means transmute.
1007 * Mark the inode as changed.
1008 */
1009 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
1010 smk_inode_transmutable(dir)) {
1011 isp = dsp;
1012 issp->smk_flags |= SMK_INODE_CHANGED;
1013 }
1014
1015 *value = kstrdup(isp->smk_known, GFP_NOFS);
1016 if (*value == NULL)
1017 return -ENOMEM;
1018
1019 *len = strlen(isp->smk_known);
1020 }
1021
1022 return 0;
1023 }
1024
1025 /**
1026 * smack_inode_link - Smack check on link
1027 * @old_dentry: the existing object
1028 * @dir: unused
1029 * @new_dentry: the new object
1030 *
1031 * Returns 0 if access is permitted, an error code otherwise
1032 */
smack_inode_link(struct dentry * old_dentry,struct inode * dir,struct dentry * new_dentry)1033 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1034 struct dentry *new_dentry)
1035 {
1036 struct smack_known *isp;
1037 struct smk_audit_info ad;
1038 int rc;
1039
1040 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1041 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1042
1043 isp = smk_of_inode(d_backing_inode(old_dentry));
1044 rc = smk_curacc(isp, MAY_WRITE, &ad);
1045 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1046
1047 if (rc == 0 && d_is_positive(new_dentry)) {
1048 isp = smk_of_inode(d_backing_inode(new_dentry));
1049 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1050 rc = smk_curacc(isp, MAY_WRITE, &ad);
1051 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1052 }
1053
1054 return rc;
1055 }
1056
1057 /**
1058 * smack_inode_unlink - Smack check on inode deletion
1059 * @dir: containing directory object
1060 * @dentry: file to unlink
1061 *
1062 * Returns 0 if current can write the containing directory
1063 * and the object, error code otherwise
1064 */
smack_inode_unlink(struct inode * dir,struct dentry * dentry)1065 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1066 {
1067 struct inode *ip = d_backing_inode(dentry);
1068 struct smk_audit_info ad;
1069 int rc;
1070
1071 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1072 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1073
1074 /*
1075 * You need write access to the thing you're unlinking
1076 */
1077 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1078 rc = smk_bu_inode(ip, MAY_WRITE, rc);
1079 if (rc == 0) {
1080 /*
1081 * You also need write access to the containing directory
1082 */
1083 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1084 smk_ad_setfield_u_fs_inode(&ad, dir);
1085 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1086 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1087 }
1088 return rc;
1089 }
1090
1091 /**
1092 * smack_inode_rmdir - Smack check on directory deletion
1093 * @dir: containing directory object
1094 * @dentry: directory to unlink
1095 *
1096 * Returns 0 if current can write the containing directory
1097 * and the directory, error code otherwise
1098 */
smack_inode_rmdir(struct inode * dir,struct dentry * dentry)1099 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1100 {
1101 struct smk_audit_info ad;
1102 int rc;
1103
1104 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1105 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1106
1107 /*
1108 * You need write access to the thing you're removing
1109 */
1110 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1111 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1112 if (rc == 0) {
1113 /*
1114 * You also need write access to the containing directory
1115 */
1116 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1117 smk_ad_setfield_u_fs_inode(&ad, dir);
1118 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1119 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1120 }
1121
1122 return rc;
1123 }
1124
1125 /**
1126 * smack_inode_rename - Smack check on rename
1127 * @old_inode: unused
1128 * @old_dentry: the old object
1129 * @new_inode: unused
1130 * @new_dentry: the new object
1131 *
1132 * Read and write access is required on both the old and
1133 * new directories.
1134 *
1135 * Returns 0 if access is permitted, an error code otherwise
1136 */
smack_inode_rename(struct inode * old_inode,struct dentry * old_dentry,struct inode * new_inode,struct dentry * new_dentry)1137 static int smack_inode_rename(struct inode *old_inode,
1138 struct dentry *old_dentry,
1139 struct inode *new_inode,
1140 struct dentry *new_dentry)
1141 {
1142 int rc;
1143 struct smack_known *isp;
1144 struct smk_audit_info ad;
1145
1146 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1147 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1148
1149 isp = smk_of_inode(d_backing_inode(old_dentry));
1150 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1151 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1152
1153 if (rc == 0 && d_is_positive(new_dentry)) {
1154 isp = smk_of_inode(d_backing_inode(new_dentry));
1155 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1156 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1157 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1158 }
1159 return rc;
1160 }
1161
1162 /**
1163 * smack_inode_permission - Smack version of permission()
1164 * @inode: the inode in question
1165 * @mask: the access requested
1166 *
1167 * This is the important Smack hook.
1168 *
1169 * Returns 0 if access is permitted, an error code otherwise
1170 */
smack_inode_permission(struct inode * inode,int mask)1171 static int smack_inode_permission(struct inode *inode, int mask)
1172 {
1173 struct superblock_smack *sbsp = inode->i_sb->s_security;
1174 struct smk_audit_info ad;
1175 int no_block = mask & MAY_NOT_BLOCK;
1176 int rc;
1177
1178 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1179 /*
1180 * No permission to check. Existence test. Yup, it's there.
1181 */
1182 if (mask == 0)
1183 return 0;
1184
1185 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1186 if (smk_of_inode(inode) != sbsp->smk_root)
1187 return -EACCES;
1188 }
1189
1190 /* May be droppable after audit */
1191 if (no_block)
1192 return -ECHILD;
1193 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1194 smk_ad_setfield_u_fs_inode(&ad, inode);
1195 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1196 rc = smk_bu_inode(inode, mask, rc);
1197 return rc;
1198 }
1199
1200 /**
1201 * smack_inode_setattr - Smack check for setting attributes
1202 * @dentry: the object
1203 * @iattr: for the force flag
1204 *
1205 * Returns 0 if access is permitted, an error code otherwise
1206 */
smack_inode_setattr(struct dentry * dentry,struct iattr * iattr)1207 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1208 {
1209 struct smk_audit_info ad;
1210 int rc;
1211
1212 /*
1213 * Need to allow for clearing the setuid bit.
1214 */
1215 if (iattr->ia_valid & ATTR_FORCE)
1216 return 0;
1217 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1218 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1219
1220 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1221 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1222 return rc;
1223 }
1224
1225 /**
1226 * smack_inode_getattr - Smack check for getting attributes
1227 * @path: path to extract the info from
1228 *
1229 * Returns 0 if access is permitted, an error code otherwise
1230 */
smack_inode_getattr(const struct path * path)1231 static int smack_inode_getattr(const struct path *path)
1232 {
1233 struct smk_audit_info ad;
1234 struct inode *inode = d_backing_inode(path->dentry);
1235 int rc;
1236
1237 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1238 smk_ad_setfield_u_fs_path(&ad, *path);
1239 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1240 rc = smk_bu_inode(inode, MAY_READ, rc);
1241 return rc;
1242 }
1243
1244 /**
1245 * smack_inode_setxattr - Smack check for setting xattrs
1246 * @dentry: the object
1247 * @name: name of the attribute
1248 * @value: value of the attribute
1249 * @size: size of the value
1250 * @flags: unused
1251 *
1252 * This protects the Smack attribute explicitly.
1253 *
1254 * Returns 0 if access is permitted, an error code otherwise
1255 */
smack_inode_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)1256 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1257 const void *value, size_t size, int flags)
1258 {
1259 struct smk_audit_info ad;
1260 struct smack_known *skp;
1261 int check_priv = 0;
1262 int check_import = 0;
1263 int check_star = 0;
1264 int rc = 0;
1265
1266 /*
1267 * Check label validity here so import won't fail in post_setxattr
1268 */
1269 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1270 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1271 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1272 check_priv = 1;
1273 check_import = 1;
1274 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1275 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1276 check_priv = 1;
1277 check_import = 1;
1278 check_star = 1;
1279 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1280 check_priv = 1;
1281 if (size != TRANS_TRUE_SIZE ||
1282 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1283 rc = -EINVAL;
1284 } else
1285 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1286
1287 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1288 rc = -EPERM;
1289
1290 if (rc == 0 && check_import) {
1291 skp = size ? smk_import_entry(value, size) : NULL;
1292 if (IS_ERR(skp))
1293 rc = PTR_ERR(skp);
1294 else if (skp == NULL || (check_star &&
1295 (skp == &smack_known_star || skp == &smack_known_web)))
1296 rc = -EINVAL;
1297 }
1298
1299 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1300 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1301
1302 if (rc == 0) {
1303 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1304 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1305 }
1306
1307 return rc;
1308 }
1309
1310 /**
1311 * smack_inode_post_setxattr - Apply the Smack update approved above
1312 * @dentry: object
1313 * @name: attribute name
1314 * @value: attribute value
1315 * @size: attribute size
1316 * @flags: unused
1317 *
1318 * Set the pointer in the inode blob to the entry found
1319 * in the master label list.
1320 */
smack_inode_post_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)1321 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1322 const void *value, size_t size, int flags)
1323 {
1324 struct smack_known *skp;
1325 struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
1326
1327 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1328 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1329 return;
1330 }
1331
1332 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1333 skp = smk_import_entry(value, size);
1334 if (!IS_ERR(skp))
1335 isp->smk_inode = skp;
1336 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1337 skp = smk_import_entry(value, size);
1338 if (!IS_ERR(skp))
1339 isp->smk_task = skp;
1340 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1341 skp = smk_import_entry(value, size);
1342 if (!IS_ERR(skp))
1343 isp->smk_mmap = skp;
1344 }
1345
1346 return;
1347 }
1348
1349 /**
1350 * smack_inode_getxattr - Smack check on getxattr
1351 * @dentry: the object
1352 * @name: unused
1353 *
1354 * Returns 0 if access is permitted, an error code otherwise
1355 */
smack_inode_getxattr(struct dentry * dentry,const char * name)1356 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1357 {
1358 struct smk_audit_info ad;
1359 int rc;
1360
1361 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1362 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1363
1364 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1365 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1366 return rc;
1367 }
1368
1369 /**
1370 * smack_inode_removexattr - Smack check on removexattr
1371 * @dentry: the object
1372 * @name: name of the attribute
1373 *
1374 * Removing the Smack attribute requires CAP_MAC_ADMIN
1375 *
1376 * Returns 0 if access is permitted, an error code otherwise
1377 */
smack_inode_removexattr(struct dentry * dentry,const char * name)1378 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1379 {
1380 struct inode_smack *isp;
1381 struct smk_audit_info ad;
1382 int rc = 0;
1383
1384 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1385 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1386 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1387 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1388 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1389 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1390 if (!smack_privileged(CAP_MAC_ADMIN))
1391 rc = -EPERM;
1392 } else
1393 rc = cap_inode_removexattr(dentry, name);
1394
1395 if (rc != 0)
1396 return rc;
1397
1398 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1399 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1400
1401 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1402 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1403 if (rc != 0)
1404 return rc;
1405
1406 isp = smack_inode(d_backing_inode(dentry));
1407 /*
1408 * Don't do anything special for these.
1409 * XATTR_NAME_SMACKIPIN
1410 * XATTR_NAME_SMACKIPOUT
1411 */
1412 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1413 struct super_block *sbp = dentry->d_sb;
1414 struct superblock_smack *sbsp = sbp->s_security;
1415
1416 isp->smk_inode = sbsp->smk_default;
1417 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1418 isp->smk_task = NULL;
1419 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1420 isp->smk_mmap = NULL;
1421 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1422 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1423
1424 return 0;
1425 }
1426
1427 /**
1428 * smack_inode_getsecurity - get smack xattrs
1429 * @inode: the object
1430 * @name: attribute name
1431 * @buffer: where to put the result
1432 * @alloc: duplicate memory
1433 *
1434 * Returns the size of the attribute or an error code
1435 */
smack_inode_getsecurity(struct inode * inode,const char * name,void ** buffer,bool alloc)1436 static int smack_inode_getsecurity(struct inode *inode,
1437 const char *name, void **buffer,
1438 bool alloc)
1439 {
1440 struct socket_smack *ssp;
1441 struct socket *sock;
1442 struct super_block *sbp;
1443 struct inode *ip = (struct inode *)inode;
1444 struct smack_known *isp;
1445
1446 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
1447 isp = smk_of_inode(inode);
1448 else {
1449 /*
1450 * The rest of the Smack xattrs are only on sockets.
1451 */
1452 sbp = ip->i_sb;
1453 if (sbp->s_magic != SOCKFS_MAGIC)
1454 return -EOPNOTSUPP;
1455
1456 sock = SOCKET_I(ip);
1457 if (sock == NULL || sock->sk == NULL)
1458 return -EOPNOTSUPP;
1459
1460 ssp = sock->sk->sk_security;
1461
1462 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1463 isp = ssp->smk_in;
1464 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1465 isp = ssp->smk_out;
1466 else
1467 return -EOPNOTSUPP;
1468 }
1469
1470 if (alloc) {
1471 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1472 if (*buffer == NULL)
1473 return -ENOMEM;
1474 }
1475
1476 return strlen(isp->smk_known);
1477 }
1478
1479
1480 /**
1481 * smack_inode_listsecurity - list the Smack attributes
1482 * @inode: the object
1483 * @buffer: where they go
1484 * @buffer_size: size of buffer
1485 */
smack_inode_listsecurity(struct inode * inode,char * buffer,size_t buffer_size)1486 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1487 size_t buffer_size)
1488 {
1489 int len = sizeof(XATTR_NAME_SMACK);
1490
1491 if (buffer != NULL && len <= buffer_size)
1492 memcpy(buffer, XATTR_NAME_SMACK, len);
1493
1494 return len;
1495 }
1496
1497 /**
1498 * smack_inode_getsecid - Extract inode's security id
1499 * @inode: inode to extract the info from
1500 * @secid: where result will be saved
1501 */
smack_inode_getsecid(struct inode * inode,u32 * secid)1502 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1503 {
1504 struct smack_known *skp = smk_of_inode(inode);
1505
1506 *secid = skp->smk_secid;
1507 }
1508
1509 /*
1510 * File Hooks
1511 */
1512
1513 /*
1514 * There is no smack_file_permission hook
1515 *
1516 * Should access checks be done on each read or write?
1517 * UNICOS and SELinux say yes.
1518 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1519 *
1520 * I'll say no for now. Smack does not do the frequent
1521 * label changing that SELinux does.
1522 */
1523
1524 /**
1525 * smack_file_alloc_security - assign a file security blob
1526 * @file: the object
1527 *
1528 * The security blob for a file is a pointer to the master
1529 * label list, so no allocation is done.
1530 *
1531 * f_security is the owner security information. It
1532 * isn't used on file access checks, it's for send_sigio.
1533 *
1534 * Returns 0
1535 */
smack_file_alloc_security(struct file * file)1536 static int smack_file_alloc_security(struct file *file)
1537 {
1538 struct smack_known **blob = smack_file(file);
1539
1540 *blob = smk_of_current();
1541 return 0;
1542 }
1543
1544 /**
1545 * smack_file_ioctl - Smack check on ioctls
1546 * @file: the object
1547 * @cmd: what to do
1548 * @arg: unused
1549 *
1550 * Relies heavily on the correct use of the ioctl command conventions.
1551 *
1552 * Returns 0 if allowed, error code otherwise
1553 */
smack_file_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1554 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1555 unsigned long arg)
1556 {
1557 int rc = 0;
1558 struct smk_audit_info ad;
1559 struct inode *inode = file_inode(file);
1560
1561 if (unlikely(IS_PRIVATE(inode)))
1562 return 0;
1563
1564 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1565 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1566
1567 if (_IOC_DIR(cmd) & _IOC_WRITE) {
1568 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1569 rc = smk_bu_file(file, MAY_WRITE, rc);
1570 }
1571
1572 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1573 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1574 rc = smk_bu_file(file, MAY_READ, rc);
1575 }
1576
1577 return rc;
1578 }
1579
1580 /**
1581 * smack_file_lock - Smack check on file locking
1582 * @file: the object
1583 * @cmd: unused
1584 *
1585 * Returns 0 if current has lock access, error code otherwise
1586 */
smack_file_lock(struct file * file,unsigned int cmd)1587 static int smack_file_lock(struct file *file, unsigned int cmd)
1588 {
1589 struct smk_audit_info ad;
1590 int rc;
1591 struct inode *inode = file_inode(file);
1592
1593 if (unlikely(IS_PRIVATE(inode)))
1594 return 0;
1595
1596 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1597 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1598 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1599 rc = smk_bu_file(file, MAY_LOCK, rc);
1600 return rc;
1601 }
1602
1603 /**
1604 * smack_file_fcntl - Smack check on fcntl
1605 * @file: the object
1606 * @cmd: what action to check
1607 * @arg: unused
1608 *
1609 * Generally these operations are harmless.
1610 * File locking operations present an obvious mechanism
1611 * for passing information, so they require write access.
1612 *
1613 * Returns 0 if current has access, error code otherwise
1614 */
smack_file_fcntl(struct file * file,unsigned int cmd,unsigned long arg)1615 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1616 unsigned long arg)
1617 {
1618 struct smk_audit_info ad;
1619 int rc = 0;
1620 struct inode *inode = file_inode(file);
1621
1622 if (unlikely(IS_PRIVATE(inode)))
1623 return 0;
1624
1625 switch (cmd) {
1626 case F_GETLK:
1627 break;
1628 case F_SETLK:
1629 case F_SETLKW:
1630 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1631 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1632 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1633 rc = smk_bu_file(file, MAY_LOCK, rc);
1634 break;
1635 case F_SETOWN:
1636 case F_SETSIG:
1637 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1638 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1639 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1640 rc = smk_bu_file(file, MAY_WRITE, rc);
1641 break;
1642 default:
1643 break;
1644 }
1645
1646 return rc;
1647 }
1648
1649 /**
1650 * smack_mmap_file :
1651 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1652 * if mapping anonymous memory.
1653 * @file contains the file structure for file to map (may be NULL).
1654 * @reqprot contains the protection requested by the application.
1655 * @prot contains the protection that will be applied by the kernel.
1656 * @flags contains the operational flags.
1657 * Return 0 if permission is granted.
1658 */
smack_mmap_file(struct file * file,unsigned long reqprot,unsigned long prot,unsigned long flags)1659 static int smack_mmap_file(struct file *file,
1660 unsigned long reqprot, unsigned long prot,
1661 unsigned long flags)
1662 {
1663 struct smack_known *skp;
1664 struct smack_known *mkp;
1665 struct smack_rule *srp;
1666 struct task_smack *tsp;
1667 struct smack_known *okp;
1668 struct inode_smack *isp;
1669 struct superblock_smack *sbsp;
1670 int may;
1671 int mmay;
1672 int tmay;
1673 int rc;
1674
1675 if (file == NULL)
1676 return 0;
1677
1678 if (unlikely(IS_PRIVATE(file_inode(file))))
1679 return 0;
1680
1681 isp = smack_inode(file_inode(file));
1682 if (isp->smk_mmap == NULL)
1683 return 0;
1684 sbsp = file_inode(file)->i_sb->s_security;
1685 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1686 isp->smk_mmap != sbsp->smk_root)
1687 return -EACCES;
1688 mkp = isp->smk_mmap;
1689
1690 tsp = smack_cred(current_cred());
1691 skp = smk_of_current();
1692 rc = 0;
1693
1694 rcu_read_lock();
1695 /*
1696 * For each Smack rule associated with the subject
1697 * label verify that the SMACK64MMAP also has access
1698 * to that rule's object label.
1699 */
1700 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1701 okp = srp->smk_object;
1702 /*
1703 * Matching labels always allows access.
1704 */
1705 if (mkp->smk_known == okp->smk_known)
1706 continue;
1707 /*
1708 * If there is a matching local rule take
1709 * that into account as well.
1710 */
1711 may = smk_access_entry(srp->smk_subject->smk_known,
1712 okp->smk_known,
1713 &tsp->smk_rules);
1714 if (may == -ENOENT)
1715 may = srp->smk_access;
1716 else
1717 may &= srp->smk_access;
1718 /*
1719 * If may is zero the SMACK64MMAP subject can't
1720 * possibly have less access.
1721 */
1722 if (may == 0)
1723 continue;
1724
1725 /*
1726 * Fetch the global list entry.
1727 * If there isn't one a SMACK64MMAP subject
1728 * can't have as much access as current.
1729 */
1730 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1731 &mkp->smk_rules);
1732 if (mmay == -ENOENT) {
1733 rc = -EACCES;
1734 break;
1735 }
1736 /*
1737 * If there is a local entry it modifies the
1738 * potential access, too.
1739 */
1740 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1741 &tsp->smk_rules);
1742 if (tmay != -ENOENT)
1743 mmay &= tmay;
1744
1745 /*
1746 * If there is any access available to current that is
1747 * not available to a SMACK64MMAP subject
1748 * deny access.
1749 */
1750 if ((may | mmay) != mmay) {
1751 rc = -EACCES;
1752 break;
1753 }
1754 }
1755
1756 rcu_read_unlock();
1757
1758 return rc;
1759 }
1760
1761 /**
1762 * smack_file_set_fowner - set the file security blob value
1763 * @file: object in question
1764 *
1765 */
smack_file_set_fowner(struct file * file)1766 static void smack_file_set_fowner(struct file *file)
1767 {
1768 struct smack_known **blob = smack_file(file);
1769
1770 *blob = smk_of_current();
1771 }
1772
1773 /**
1774 * smack_file_send_sigiotask - Smack on sigio
1775 * @tsk: The target task
1776 * @fown: the object the signal come from
1777 * @signum: unused
1778 *
1779 * Allow a privileged task to get signals even if it shouldn't
1780 *
1781 * Returns 0 if a subject with the object's smack could
1782 * write to the task, an error code otherwise.
1783 */
smack_file_send_sigiotask(struct task_struct * tsk,struct fown_struct * fown,int signum)1784 static int smack_file_send_sigiotask(struct task_struct *tsk,
1785 struct fown_struct *fown, int signum)
1786 {
1787 struct smack_known **blob;
1788 struct smack_known *skp;
1789 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
1790 const struct cred *tcred;
1791 struct file *file;
1792 int rc;
1793 struct smk_audit_info ad;
1794
1795 /*
1796 * struct fown_struct is never outside the context of a struct file
1797 */
1798 file = container_of(fown, struct file, f_owner);
1799
1800 /* we don't log here as rc can be overriden */
1801 blob = smack_file(file);
1802 skp = *blob;
1803 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1804 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1805
1806 rcu_read_lock();
1807 tcred = __task_cred(tsk);
1808 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
1809 rc = 0;
1810 rcu_read_unlock();
1811
1812 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1813 smk_ad_setfield_u_tsk(&ad, tsk);
1814 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1815 return rc;
1816 }
1817
1818 /**
1819 * smack_file_receive - Smack file receive check
1820 * @file: the object
1821 *
1822 * Returns 0 if current has access, error code otherwise
1823 */
smack_file_receive(struct file * file)1824 static int smack_file_receive(struct file *file)
1825 {
1826 int rc;
1827 int may = 0;
1828 struct smk_audit_info ad;
1829 struct inode *inode = file_inode(file);
1830 struct socket *sock;
1831 struct task_smack *tsp;
1832 struct socket_smack *ssp;
1833
1834 if (unlikely(IS_PRIVATE(inode)))
1835 return 0;
1836
1837 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1838 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1839
1840 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1841 sock = SOCKET_I(inode);
1842 ssp = sock->sk->sk_security;
1843 tsp = smack_cred(current_cred());
1844 /*
1845 * If the receiving process can't write to the
1846 * passed socket or if the passed socket can't
1847 * write to the receiving process don't accept
1848 * the passed socket.
1849 */
1850 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1851 rc = smk_bu_file(file, may, rc);
1852 if (rc < 0)
1853 return rc;
1854 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1855 rc = smk_bu_file(file, may, rc);
1856 return rc;
1857 }
1858 /*
1859 * This code relies on bitmasks.
1860 */
1861 if (file->f_mode & FMODE_READ)
1862 may = MAY_READ;
1863 if (file->f_mode & FMODE_WRITE)
1864 may |= MAY_WRITE;
1865
1866 rc = smk_curacc(smk_of_inode(inode), may, &ad);
1867 rc = smk_bu_file(file, may, rc);
1868 return rc;
1869 }
1870
1871 /**
1872 * smack_file_open - Smack dentry open processing
1873 * @file: the object
1874 *
1875 * Set the security blob in the file structure.
1876 * Allow the open only if the task has read access. There are
1877 * many read operations (e.g. fstat) that you can do with an
1878 * fd even if you have the file open write-only.
1879 *
1880 * Returns 0 if current has access, error code otherwise
1881 */
smack_file_open(struct file * file)1882 static int smack_file_open(struct file *file)
1883 {
1884 struct task_smack *tsp = smack_cred(file->f_cred);
1885 struct inode *inode = file_inode(file);
1886 struct smk_audit_info ad;
1887 int rc;
1888
1889 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1890 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1891 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1892 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
1893
1894 return rc;
1895 }
1896
1897 /*
1898 * Task hooks
1899 */
1900
1901 /**
1902 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1903 * @cred: the new credentials
1904 * @gfp: the atomicity of any memory allocations
1905 *
1906 * Prepare a blank set of credentials for modification. This must allocate all
1907 * the memory the LSM module might require such that cred_transfer() can
1908 * complete without error.
1909 */
smack_cred_alloc_blank(struct cred * cred,gfp_t gfp)1910 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1911 {
1912 init_task_smack(smack_cred(cred), NULL, NULL);
1913 return 0;
1914 }
1915
1916
1917 /**
1918 * smack_cred_free - "free" task-level security credentials
1919 * @cred: the credentials in question
1920 *
1921 */
smack_cred_free(struct cred * cred)1922 static void smack_cred_free(struct cred *cred)
1923 {
1924 struct task_smack *tsp = smack_cred(cred);
1925 struct smack_rule *rp;
1926 struct list_head *l;
1927 struct list_head *n;
1928
1929 smk_destroy_label_list(&tsp->smk_relabel);
1930
1931 list_for_each_safe(l, n, &tsp->smk_rules) {
1932 rp = list_entry(l, struct smack_rule, list);
1933 list_del(&rp->list);
1934 kmem_cache_free(smack_rule_cache, rp);
1935 }
1936 }
1937
1938 /**
1939 * smack_cred_prepare - prepare new set of credentials for modification
1940 * @new: the new credentials
1941 * @old: the original credentials
1942 * @gfp: the atomicity of any memory allocations
1943 *
1944 * Prepare a new set of credentials for modification.
1945 */
smack_cred_prepare(struct cred * new,const struct cred * old,gfp_t gfp)1946 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1947 gfp_t gfp)
1948 {
1949 struct task_smack *old_tsp = smack_cred(old);
1950 struct task_smack *new_tsp = smack_cred(new);
1951 int rc;
1952
1953 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
1954
1955 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1956 if (rc != 0)
1957 return rc;
1958
1959 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
1960 gfp);
1961 return rc;
1962 }
1963
1964 /**
1965 * smack_cred_transfer - Transfer the old credentials to the new credentials
1966 * @new: the new credentials
1967 * @old: the original credentials
1968 *
1969 * Fill in a set of blank credentials from another set of credentials.
1970 */
smack_cred_transfer(struct cred * new,const struct cred * old)1971 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1972 {
1973 struct task_smack *old_tsp = smack_cred(old);
1974 struct task_smack *new_tsp = smack_cred(new);
1975
1976 new_tsp->smk_task = old_tsp->smk_task;
1977 new_tsp->smk_forked = old_tsp->smk_task;
1978 mutex_init(&new_tsp->smk_rules_lock);
1979 INIT_LIST_HEAD(&new_tsp->smk_rules);
1980
1981 /* cbs copy rule list */
1982 }
1983
1984 /**
1985 * smack_cred_getsecid - get the secid corresponding to a creds structure
1986 * @cred: the object creds
1987 * @secid: where to put the result
1988 *
1989 * Sets the secid to contain a u32 version of the smack label.
1990 */
smack_cred_getsecid(const struct cred * cred,u32 * secid)1991 static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
1992 {
1993 struct smack_known *skp;
1994
1995 rcu_read_lock();
1996 skp = smk_of_task(smack_cred(cred));
1997 *secid = skp->smk_secid;
1998 rcu_read_unlock();
1999 }
2000
2001 /**
2002 * smack_kernel_act_as - Set the subjective context in a set of credentials
2003 * @new: points to the set of credentials to be modified.
2004 * @secid: specifies the security ID to be set
2005 *
2006 * Set the security data for a kernel service.
2007 */
smack_kernel_act_as(struct cred * new,u32 secid)2008 static int smack_kernel_act_as(struct cred *new, u32 secid)
2009 {
2010 struct task_smack *new_tsp = smack_cred(new);
2011
2012 new_tsp->smk_task = smack_from_secid(secid);
2013 return 0;
2014 }
2015
2016 /**
2017 * smack_kernel_create_files_as - Set the file creation label in a set of creds
2018 * @new: points to the set of credentials to be modified
2019 * @inode: points to the inode to use as a reference
2020 *
2021 * Set the file creation context in a set of credentials to the same
2022 * as the objective context of the specified inode
2023 */
smack_kernel_create_files_as(struct cred * new,struct inode * inode)2024 static int smack_kernel_create_files_as(struct cred *new,
2025 struct inode *inode)
2026 {
2027 struct inode_smack *isp = smack_inode(inode);
2028 struct task_smack *tsp = smack_cred(new);
2029
2030 tsp->smk_forked = isp->smk_inode;
2031 tsp->smk_task = tsp->smk_forked;
2032 return 0;
2033 }
2034
2035 /**
2036 * smk_curacc_on_task - helper to log task related access
2037 * @p: the task object
2038 * @access: the access requested
2039 * @caller: name of the calling function for audit
2040 *
2041 * Return 0 if access is permitted
2042 */
smk_curacc_on_task(struct task_struct * p,int access,const char * caller)2043 static int smk_curacc_on_task(struct task_struct *p, int access,
2044 const char *caller)
2045 {
2046 struct smk_audit_info ad;
2047 struct smack_known *skp = smk_of_task_struct(p);
2048 int rc;
2049
2050 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2051 smk_ad_setfield_u_tsk(&ad, p);
2052 rc = smk_curacc(skp, access, &ad);
2053 rc = smk_bu_task(p, access, rc);
2054 return rc;
2055 }
2056
2057 /**
2058 * smack_task_setpgid - Smack check on setting pgid
2059 * @p: the task object
2060 * @pgid: unused
2061 *
2062 * Return 0 if write access is permitted
2063 */
smack_task_setpgid(struct task_struct * p,pid_t pgid)2064 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2065 {
2066 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2067 }
2068
2069 /**
2070 * smack_task_getpgid - Smack access check for getpgid
2071 * @p: the object task
2072 *
2073 * Returns 0 if current can read the object task, error code otherwise
2074 */
smack_task_getpgid(struct task_struct * p)2075 static int smack_task_getpgid(struct task_struct *p)
2076 {
2077 return smk_curacc_on_task(p, MAY_READ, __func__);
2078 }
2079
2080 /**
2081 * smack_task_getsid - Smack access check for getsid
2082 * @p: the object task
2083 *
2084 * Returns 0 if current can read the object task, error code otherwise
2085 */
smack_task_getsid(struct task_struct * p)2086 static int smack_task_getsid(struct task_struct *p)
2087 {
2088 return smk_curacc_on_task(p, MAY_READ, __func__);
2089 }
2090
2091 /**
2092 * smack_task_getsecid - get the secid of the task
2093 * @p: the object task
2094 * @secid: where to put the result
2095 *
2096 * Sets the secid to contain a u32 version of the smack label.
2097 */
smack_task_getsecid(struct task_struct * p,u32 * secid)2098 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2099 {
2100 struct smack_known *skp = smk_of_task_struct(p);
2101
2102 *secid = skp->smk_secid;
2103 }
2104
2105 /**
2106 * smack_task_setnice - Smack check on setting nice
2107 * @p: the task object
2108 * @nice: unused
2109 *
2110 * Return 0 if write access is permitted
2111 */
smack_task_setnice(struct task_struct * p,int nice)2112 static int smack_task_setnice(struct task_struct *p, int nice)
2113 {
2114 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2115 }
2116
2117 /**
2118 * smack_task_setioprio - Smack check on setting ioprio
2119 * @p: the task object
2120 * @ioprio: unused
2121 *
2122 * Return 0 if write access is permitted
2123 */
smack_task_setioprio(struct task_struct * p,int ioprio)2124 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2125 {
2126 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2127 }
2128
2129 /**
2130 * smack_task_getioprio - Smack check on reading ioprio
2131 * @p: the task object
2132 *
2133 * Return 0 if read access is permitted
2134 */
smack_task_getioprio(struct task_struct * p)2135 static int smack_task_getioprio(struct task_struct *p)
2136 {
2137 return smk_curacc_on_task(p, MAY_READ, __func__);
2138 }
2139
2140 /**
2141 * smack_task_setscheduler - Smack check on setting scheduler
2142 * @p: the task object
2143 *
2144 * Return 0 if read access is permitted
2145 */
smack_task_setscheduler(struct task_struct * p)2146 static int smack_task_setscheduler(struct task_struct *p)
2147 {
2148 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2149 }
2150
2151 /**
2152 * smack_task_getscheduler - Smack check on reading scheduler
2153 * @p: the task object
2154 *
2155 * Return 0 if read access is permitted
2156 */
smack_task_getscheduler(struct task_struct * p)2157 static int smack_task_getscheduler(struct task_struct *p)
2158 {
2159 return smk_curacc_on_task(p, MAY_READ, __func__);
2160 }
2161
2162 /**
2163 * smack_task_movememory - Smack check on moving memory
2164 * @p: the task object
2165 *
2166 * Return 0 if write access is permitted
2167 */
smack_task_movememory(struct task_struct * p)2168 static int smack_task_movememory(struct task_struct *p)
2169 {
2170 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2171 }
2172
2173 /**
2174 * smack_task_kill - Smack check on signal delivery
2175 * @p: the task object
2176 * @info: unused
2177 * @sig: unused
2178 * @cred: identifies the cred to use in lieu of current's
2179 *
2180 * Return 0 if write access is permitted
2181 *
2182 */
smack_task_kill(struct task_struct * p,struct kernel_siginfo * info,int sig,const struct cred * cred)2183 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
2184 int sig, const struct cred *cred)
2185 {
2186 struct smk_audit_info ad;
2187 struct smack_known *skp;
2188 struct smack_known *tkp = smk_of_task_struct(p);
2189 int rc;
2190
2191 if (!sig)
2192 return 0; /* null signal; existence test */
2193
2194 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2195 smk_ad_setfield_u_tsk(&ad, p);
2196 /*
2197 * Sending a signal requires that the sender
2198 * can write the receiver.
2199 */
2200 if (cred == NULL) {
2201 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2202 rc = smk_bu_task(p, MAY_DELIVER, rc);
2203 return rc;
2204 }
2205 /*
2206 * If the cred isn't NULL we're dealing with some USB IO
2207 * specific behavior. This is not clean. For one thing
2208 * we can't take privilege into account.
2209 */
2210 skp = smk_of_task(smack_cred(cred));
2211 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2212 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2213 return rc;
2214 }
2215
2216 /**
2217 * smack_task_to_inode - copy task smack into the inode blob
2218 * @p: task to copy from
2219 * @inode: inode to copy to
2220 *
2221 * Sets the smack pointer in the inode security blob
2222 */
smack_task_to_inode(struct task_struct * p,struct inode * inode)2223 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2224 {
2225 struct inode_smack *isp = smack_inode(inode);
2226 struct smack_known *skp = smk_of_task_struct(p);
2227
2228 isp->smk_inode = skp;
2229 isp->smk_flags |= SMK_INODE_INSTANT;
2230 }
2231
2232 /*
2233 * Socket hooks.
2234 */
2235
2236 /**
2237 * smack_sk_alloc_security - Allocate a socket blob
2238 * @sk: the socket
2239 * @family: unused
2240 * @gfp_flags: memory allocation flags
2241 *
2242 * Assign Smack pointers to current
2243 *
2244 * Returns 0 on success, -ENOMEM is there's no memory
2245 */
smack_sk_alloc_security(struct sock * sk,int family,gfp_t gfp_flags)2246 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2247 {
2248 struct smack_known *skp = smk_of_current();
2249 struct socket_smack *ssp;
2250
2251 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2252 if (ssp == NULL)
2253 return -ENOMEM;
2254
2255 /*
2256 * Sockets created by kernel threads receive web label.
2257 */
2258 if (unlikely(current->flags & PF_KTHREAD)) {
2259 ssp->smk_in = &smack_known_web;
2260 ssp->smk_out = &smack_known_web;
2261 } else {
2262 ssp->smk_in = skp;
2263 ssp->smk_out = skp;
2264 }
2265 ssp->smk_packet = NULL;
2266
2267 sk->sk_security = ssp;
2268
2269 return 0;
2270 }
2271
2272 /**
2273 * smack_sk_free_security - Free a socket blob
2274 * @sk: the socket
2275 *
2276 * Clears the blob pointer
2277 */
smack_sk_free_security(struct sock * sk)2278 static void smack_sk_free_security(struct sock *sk)
2279 {
2280 #ifdef SMACK_IPV6_PORT_LABELING
2281 struct smk_port_label *spp;
2282
2283 if (sk->sk_family == PF_INET6) {
2284 rcu_read_lock();
2285 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2286 if (spp->smk_sock != sk)
2287 continue;
2288 spp->smk_can_reuse = 1;
2289 break;
2290 }
2291 rcu_read_unlock();
2292 }
2293 #endif
2294 kfree(sk->sk_security);
2295 }
2296
2297 /**
2298 * smack_ipv4host_label - check host based restrictions
2299 * @sip: the object end
2300 *
2301 * looks for host based access restrictions
2302 *
2303 * This version will only be appropriate for really small sets of single label
2304 * hosts. The caller is responsible for ensuring that the RCU read lock is
2305 * taken before calling this function.
2306 *
2307 * Returns the label of the far end or NULL if it's not special.
2308 */
smack_ipv4host_label(struct sockaddr_in * sip)2309 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2310 {
2311 struct smk_net4addr *snp;
2312 struct in_addr *siap = &sip->sin_addr;
2313
2314 if (siap->s_addr == 0)
2315 return NULL;
2316
2317 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2318 /*
2319 * we break after finding the first match because
2320 * the list is sorted from longest to shortest mask
2321 * so we have found the most specific match
2322 */
2323 if (snp->smk_host.s_addr ==
2324 (siap->s_addr & snp->smk_mask.s_addr))
2325 return snp->smk_label;
2326
2327 return NULL;
2328 }
2329
2330 #if IS_ENABLED(CONFIG_IPV6)
2331 /*
2332 * smk_ipv6_localhost - Check for local ipv6 host address
2333 * @sip: the address
2334 *
2335 * Returns boolean true if this is the localhost address
2336 */
smk_ipv6_localhost(struct sockaddr_in6 * sip)2337 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2338 {
2339 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2340 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2341
2342 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2343 ntohs(be16p[7]) == 1)
2344 return true;
2345 return false;
2346 }
2347
2348 /**
2349 * smack_ipv6host_label - check host based restrictions
2350 * @sip: the object end
2351 *
2352 * looks for host based access restrictions
2353 *
2354 * This version will only be appropriate for really small sets of single label
2355 * hosts. The caller is responsible for ensuring that the RCU read lock is
2356 * taken before calling this function.
2357 *
2358 * Returns the label of the far end or NULL if it's not special.
2359 */
smack_ipv6host_label(struct sockaddr_in6 * sip)2360 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2361 {
2362 struct smk_net6addr *snp;
2363 struct in6_addr *sap = &sip->sin6_addr;
2364 int i;
2365 int found = 0;
2366
2367 /*
2368 * It's local. Don't look for a host label.
2369 */
2370 if (smk_ipv6_localhost(sip))
2371 return NULL;
2372
2373 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2374 /*
2375 * If the label is NULL the entry has
2376 * been renounced. Ignore it.
2377 */
2378 if (snp->smk_label == NULL)
2379 continue;
2380 /*
2381 * we break after finding the first match because
2382 * the list is sorted from longest to shortest mask
2383 * so we have found the most specific match
2384 */
2385 for (found = 1, i = 0; i < 8; i++) {
2386 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2387 snp->smk_host.s6_addr16[i]) {
2388 found = 0;
2389 break;
2390 }
2391 }
2392 if (found)
2393 return snp->smk_label;
2394 }
2395
2396 return NULL;
2397 }
2398 #endif /* CONFIG_IPV6 */
2399
2400 /**
2401 * smack_netlabel - Set the secattr on a socket
2402 * @sk: the socket
2403 * @labeled: socket label scheme
2404 *
2405 * Convert the outbound smack value (smk_out) to a
2406 * secattr and attach it to the socket.
2407 *
2408 * Returns 0 on success or an error code
2409 */
smack_netlabel(struct sock * sk,int labeled)2410 static int smack_netlabel(struct sock *sk, int labeled)
2411 {
2412 struct smack_known *skp;
2413 struct socket_smack *ssp = sk->sk_security;
2414 int rc = 0;
2415
2416 /*
2417 * Usually the netlabel code will handle changing the
2418 * packet labeling based on the label.
2419 * The case of a single label host is different, because
2420 * a single label host should never get a labeled packet
2421 * even though the label is usually associated with a packet
2422 * label.
2423 */
2424 local_bh_disable();
2425 bh_lock_sock_nested(sk);
2426
2427 if (ssp->smk_out == smack_net_ambient ||
2428 labeled == SMACK_UNLABELED_SOCKET)
2429 netlbl_sock_delattr(sk);
2430 else {
2431 skp = ssp->smk_out;
2432 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2433 }
2434
2435 bh_unlock_sock(sk);
2436 local_bh_enable();
2437
2438 return rc;
2439 }
2440
2441 /**
2442 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2443 * @sk: the socket
2444 * @sap: the destination address
2445 *
2446 * Set the correct secattr for the given socket based on the destination
2447 * address and perform any outbound access checks needed.
2448 *
2449 * Returns 0 on success or an error code.
2450 *
2451 */
smack_netlabel_send(struct sock * sk,struct sockaddr_in * sap)2452 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2453 {
2454 struct smack_known *skp;
2455 int rc;
2456 int sk_lbl;
2457 struct smack_known *hkp;
2458 struct socket_smack *ssp = sk->sk_security;
2459 struct smk_audit_info ad;
2460
2461 rcu_read_lock();
2462 hkp = smack_ipv4host_label(sap);
2463 if (hkp != NULL) {
2464 #ifdef CONFIG_AUDIT
2465 struct lsm_network_audit net;
2466
2467 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2468 ad.a.u.net->family = sap->sin_family;
2469 ad.a.u.net->dport = sap->sin_port;
2470 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2471 #endif
2472 sk_lbl = SMACK_UNLABELED_SOCKET;
2473 skp = ssp->smk_out;
2474 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2475 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2476 } else {
2477 sk_lbl = SMACK_CIPSO_SOCKET;
2478 rc = 0;
2479 }
2480 rcu_read_unlock();
2481 if (rc != 0)
2482 return rc;
2483
2484 return smack_netlabel(sk, sk_lbl);
2485 }
2486
2487 #if IS_ENABLED(CONFIG_IPV6)
2488 /**
2489 * smk_ipv6_check - check Smack access
2490 * @subject: subject Smack label
2491 * @object: object Smack label
2492 * @address: address
2493 * @act: the action being taken
2494 *
2495 * Check an IPv6 access
2496 */
smk_ipv6_check(struct smack_known * subject,struct smack_known * object,struct sockaddr_in6 * address,int act)2497 static int smk_ipv6_check(struct smack_known *subject,
2498 struct smack_known *object,
2499 struct sockaddr_in6 *address, int act)
2500 {
2501 #ifdef CONFIG_AUDIT
2502 struct lsm_network_audit net;
2503 #endif
2504 struct smk_audit_info ad;
2505 int rc;
2506
2507 #ifdef CONFIG_AUDIT
2508 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2509 ad.a.u.net->family = PF_INET6;
2510 ad.a.u.net->dport = ntohs(address->sin6_port);
2511 if (act == SMK_RECEIVING)
2512 ad.a.u.net->v6info.saddr = address->sin6_addr;
2513 else
2514 ad.a.u.net->v6info.daddr = address->sin6_addr;
2515 #endif
2516 rc = smk_access(subject, object, MAY_WRITE, &ad);
2517 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2518 return rc;
2519 }
2520 #endif /* CONFIG_IPV6 */
2521
2522 #ifdef SMACK_IPV6_PORT_LABELING
2523 /**
2524 * smk_ipv6_port_label - Smack port access table management
2525 * @sock: socket
2526 * @address: address
2527 *
2528 * Create or update the port list entry
2529 */
smk_ipv6_port_label(struct socket * sock,struct sockaddr * address)2530 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2531 {
2532 struct sock *sk = sock->sk;
2533 struct sockaddr_in6 *addr6;
2534 struct socket_smack *ssp = sock->sk->sk_security;
2535 struct smk_port_label *spp;
2536 unsigned short port = 0;
2537
2538 if (address == NULL) {
2539 /*
2540 * This operation is changing the Smack information
2541 * on the bound socket. Take the changes to the port
2542 * as well.
2543 */
2544 rcu_read_lock();
2545 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2546 if (sk != spp->smk_sock)
2547 continue;
2548 spp->smk_in = ssp->smk_in;
2549 spp->smk_out = ssp->smk_out;
2550 rcu_read_unlock();
2551 return;
2552 }
2553 /*
2554 * A NULL address is only used for updating existing
2555 * bound entries. If there isn't one, it's OK.
2556 */
2557 rcu_read_unlock();
2558 return;
2559 }
2560
2561 addr6 = (struct sockaddr_in6 *)address;
2562 port = ntohs(addr6->sin6_port);
2563 /*
2564 * This is a special case that is safely ignored.
2565 */
2566 if (port == 0)
2567 return;
2568
2569 /*
2570 * Look for an existing port list entry.
2571 * This is an indication that a port is getting reused.
2572 */
2573 rcu_read_lock();
2574 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2575 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2576 continue;
2577 if (spp->smk_can_reuse != 1) {
2578 rcu_read_unlock();
2579 return;
2580 }
2581 spp->smk_port = port;
2582 spp->smk_sock = sk;
2583 spp->smk_in = ssp->smk_in;
2584 spp->smk_out = ssp->smk_out;
2585 spp->smk_can_reuse = 0;
2586 rcu_read_unlock();
2587 return;
2588 }
2589 rcu_read_unlock();
2590 /*
2591 * A new port entry is required.
2592 */
2593 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2594 if (spp == NULL)
2595 return;
2596
2597 spp->smk_port = port;
2598 spp->smk_sock = sk;
2599 spp->smk_in = ssp->smk_in;
2600 spp->smk_out = ssp->smk_out;
2601 spp->smk_sock_type = sock->type;
2602 spp->smk_can_reuse = 0;
2603
2604 mutex_lock(&smack_ipv6_lock);
2605 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2606 mutex_unlock(&smack_ipv6_lock);
2607 return;
2608 }
2609
2610 /**
2611 * smk_ipv6_port_check - check Smack port access
2612 * @sk: socket
2613 * @address: address
2614 * @act: the action being taken
2615 *
2616 * Create or update the port list entry
2617 */
smk_ipv6_port_check(struct sock * sk,struct sockaddr_in6 * address,int act)2618 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2619 int act)
2620 {
2621 struct smk_port_label *spp;
2622 struct socket_smack *ssp = sk->sk_security;
2623 struct smack_known *skp = NULL;
2624 unsigned short port;
2625 struct smack_known *object;
2626
2627 if (act == SMK_RECEIVING) {
2628 skp = smack_ipv6host_label(address);
2629 object = ssp->smk_in;
2630 } else {
2631 skp = ssp->smk_out;
2632 object = smack_ipv6host_label(address);
2633 }
2634
2635 /*
2636 * The other end is a single label host.
2637 */
2638 if (skp != NULL && object != NULL)
2639 return smk_ipv6_check(skp, object, address, act);
2640 if (skp == NULL)
2641 skp = smack_net_ambient;
2642 if (object == NULL)
2643 object = smack_net_ambient;
2644
2645 /*
2646 * It's remote, so port lookup does no good.
2647 */
2648 if (!smk_ipv6_localhost(address))
2649 return smk_ipv6_check(skp, object, address, act);
2650
2651 /*
2652 * It's local so the send check has to have passed.
2653 */
2654 if (act == SMK_RECEIVING)
2655 return 0;
2656
2657 port = ntohs(address->sin6_port);
2658 rcu_read_lock();
2659 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2660 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2661 continue;
2662 object = spp->smk_in;
2663 if (act == SMK_CONNECTING)
2664 ssp->smk_packet = spp->smk_out;
2665 break;
2666 }
2667 rcu_read_unlock();
2668
2669 return smk_ipv6_check(skp, object, address, act);
2670 }
2671 #endif /* SMACK_IPV6_PORT_LABELING */
2672
2673 /**
2674 * smack_inode_setsecurity - set smack xattrs
2675 * @inode: the object
2676 * @name: attribute name
2677 * @value: attribute value
2678 * @size: size of the attribute
2679 * @flags: unused
2680 *
2681 * Sets the named attribute in the appropriate blob
2682 *
2683 * Returns 0 on success, or an error code
2684 */
smack_inode_setsecurity(struct inode * inode,const char * name,const void * value,size_t size,int flags)2685 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2686 const void *value, size_t size, int flags)
2687 {
2688 struct smack_known *skp;
2689 struct inode_smack *nsp = smack_inode(inode);
2690 struct socket_smack *ssp;
2691 struct socket *sock;
2692 int rc = 0;
2693
2694 if (value == NULL || size > SMK_LONGLABEL || size == 0)
2695 return -EINVAL;
2696
2697 skp = smk_import_entry(value, size);
2698 if (IS_ERR(skp))
2699 return PTR_ERR(skp);
2700
2701 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2702 nsp->smk_inode = skp;
2703 nsp->smk_flags |= SMK_INODE_INSTANT;
2704 return 0;
2705 }
2706 /*
2707 * The rest of the Smack xattrs are only on sockets.
2708 */
2709 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2710 return -EOPNOTSUPP;
2711
2712 sock = SOCKET_I(inode);
2713 if (sock == NULL || sock->sk == NULL)
2714 return -EOPNOTSUPP;
2715
2716 ssp = sock->sk->sk_security;
2717
2718 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2719 ssp->smk_in = skp;
2720 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2721 ssp->smk_out = skp;
2722 if (sock->sk->sk_family == PF_INET) {
2723 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2724 if (rc != 0)
2725 printk(KERN_WARNING
2726 "Smack: \"%s\" netlbl error %d.\n",
2727 __func__, -rc);
2728 }
2729 } else
2730 return -EOPNOTSUPP;
2731
2732 #ifdef SMACK_IPV6_PORT_LABELING
2733 if (sock->sk->sk_family == PF_INET6)
2734 smk_ipv6_port_label(sock, NULL);
2735 #endif
2736
2737 return 0;
2738 }
2739
2740 /**
2741 * smack_socket_post_create - finish socket setup
2742 * @sock: the socket
2743 * @family: protocol family
2744 * @type: unused
2745 * @protocol: unused
2746 * @kern: unused
2747 *
2748 * Sets the netlabel information on the socket
2749 *
2750 * Returns 0 on success, and error code otherwise
2751 */
smack_socket_post_create(struct socket * sock,int family,int type,int protocol,int kern)2752 static int smack_socket_post_create(struct socket *sock, int family,
2753 int type, int protocol, int kern)
2754 {
2755 struct socket_smack *ssp;
2756
2757 if (sock->sk == NULL)
2758 return 0;
2759
2760 /*
2761 * Sockets created by kernel threads receive web label.
2762 */
2763 if (unlikely(current->flags & PF_KTHREAD)) {
2764 ssp = sock->sk->sk_security;
2765 ssp->smk_in = &smack_known_web;
2766 ssp->smk_out = &smack_known_web;
2767 }
2768
2769 if (family != PF_INET)
2770 return 0;
2771 /*
2772 * Set the outbound netlbl.
2773 */
2774 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2775 }
2776
2777 /**
2778 * smack_socket_socketpair - create socket pair
2779 * @socka: one socket
2780 * @sockb: another socket
2781 *
2782 * Cross reference the peer labels for SO_PEERSEC
2783 *
2784 * Returns 0
2785 */
smack_socket_socketpair(struct socket * socka,struct socket * sockb)2786 static int smack_socket_socketpair(struct socket *socka,
2787 struct socket *sockb)
2788 {
2789 struct socket_smack *asp = socka->sk->sk_security;
2790 struct socket_smack *bsp = sockb->sk->sk_security;
2791
2792 asp->smk_packet = bsp->smk_out;
2793 bsp->smk_packet = asp->smk_out;
2794
2795 return 0;
2796 }
2797
2798 #ifdef SMACK_IPV6_PORT_LABELING
2799 /**
2800 * smack_socket_bind - record port binding information.
2801 * @sock: the socket
2802 * @address: the port address
2803 * @addrlen: size of the address
2804 *
2805 * Records the label bound to a port.
2806 *
2807 * Returns 0 on success, and error code otherwise
2808 */
smack_socket_bind(struct socket * sock,struct sockaddr * address,int addrlen)2809 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2810 int addrlen)
2811 {
2812 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
2813 if (addrlen < SIN6_LEN_RFC2133 ||
2814 address->sa_family != AF_INET6)
2815 return -EINVAL;
2816 smk_ipv6_port_label(sock, address);
2817 }
2818 return 0;
2819 }
2820 #endif /* SMACK_IPV6_PORT_LABELING */
2821
2822 /**
2823 * smack_socket_connect - connect access check
2824 * @sock: the socket
2825 * @sap: the other end
2826 * @addrlen: size of sap
2827 *
2828 * Verifies that a connection may be possible
2829 *
2830 * Returns 0 on success, and error code otherwise
2831 */
smack_socket_connect(struct socket * sock,struct sockaddr * sap,int addrlen)2832 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2833 int addrlen)
2834 {
2835 int rc = 0;
2836 #if IS_ENABLED(CONFIG_IPV6)
2837 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2838 #endif
2839 #ifdef SMACK_IPV6_SECMARK_LABELING
2840 struct smack_known *rsp;
2841 struct socket_smack *ssp;
2842 #endif
2843
2844 if (sock->sk == NULL)
2845 return 0;
2846
2847 #ifdef SMACK_IPV6_SECMARK_LABELING
2848 ssp = sock->sk->sk_security;
2849 #endif
2850
2851 switch (sock->sk->sk_family) {
2852 case PF_INET:
2853 if (addrlen < sizeof(struct sockaddr_in) ||
2854 sap->sa_family != AF_INET)
2855 return -EINVAL;
2856 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2857 break;
2858 case PF_INET6:
2859 if (addrlen < SIN6_LEN_RFC2133 || sap->sa_family != AF_INET6)
2860 return -EINVAL;
2861 #ifdef SMACK_IPV6_SECMARK_LABELING
2862 rsp = smack_ipv6host_label(sip);
2863 if (rsp != NULL)
2864 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2865 SMK_CONNECTING);
2866 #endif
2867 #ifdef SMACK_IPV6_PORT_LABELING
2868 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2869 #endif
2870 break;
2871 }
2872 return rc;
2873 }
2874
2875 /**
2876 * smack_flags_to_may - convert S_ to MAY_ values
2877 * @flags: the S_ value
2878 *
2879 * Returns the equivalent MAY_ value
2880 */
smack_flags_to_may(int flags)2881 static int smack_flags_to_may(int flags)
2882 {
2883 int may = 0;
2884
2885 if (flags & S_IRUGO)
2886 may |= MAY_READ;
2887 if (flags & S_IWUGO)
2888 may |= MAY_WRITE;
2889 if (flags & S_IXUGO)
2890 may |= MAY_EXEC;
2891
2892 return may;
2893 }
2894
2895 /**
2896 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2897 * @msg: the object
2898 *
2899 * Returns 0
2900 */
smack_msg_msg_alloc_security(struct msg_msg * msg)2901 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2902 {
2903 struct smack_known **blob = smack_msg_msg(msg);
2904
2905 *blob = smk_of_current();
2906 return 0;
2907 }
2908
2909 /**
2910 * smack_of_ipc - the smack pointer for the ipc
2911 * @isp: the object
2912 *
2913 * Returns a pointer to the smack value
2914 */
smack_of_ipc(struct kern_ipc_perm * isp)2915 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
2916 {
2917 struct smack_known **blob = smack_ipc(isp);
2918
2919 return *blob;
2920 }
2921
2922 /**
2923 * smack_ipc_alloc_security - Set the security blob for ipc
2924 * @isp: the object
2925 *
2926 * Returns 0
2927 */
smack_ipc_alloc_security(struct kern_ipc_perm * isp)2928 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
2929 {
2930 struct smack_known **blob = smack_ipc(isp);
2931
2932 *blob = smk_of_current();
2933 return 0;
2934 }
2935
2936 /**
2937 * smk_curacc_shm : check if current has access on shm
2938 * @isp : the object
2939 * @access : access requested
2940 *
2941 * Returns 0 if current has the requested access, error code otherwise
2942 */
smk_curacc_shm(struct kern_ipc_perm * isp,int access)2943 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
2944 {
2945 struct smack_known *ssp = smack_of_ipc(isp);
2946 struct smk_audit_info ad;
2947 int rc;
2948
2949 #ifdef CONFIG_AUDIT
2950 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2951 ad.a.u.ipc_id = isp->id;
2952 #endif
2953 rc = smk_curacc(ssp, access, &ad);
2954 rc = smk_bu_current("shm", ssp, access, rc);
2955 return rc;
2956 }
2957
2958 /**
2959 * smack_shm_associate - Smack access check for shm
2960 * @isp: the object
2961 * @shmflg: access requested
2962 *
2963 * Returns 0 if current has the requested access, error code otherwise
2964 */
smack_shm_associate(struct kern_ipc_perm * isp,int shmflg)2965 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
2966 {
2967 int may;
2968
2969 may = smack_flags_to_may(shmflg);
2970 return smk_curacc_shm(isp, may);
2971 }
2972
2973 /**
2974 * smack_shm_shmctl - Smack access check for shm
2975 * @isp: the object
2976 * @cmd: what it wants to do
2977 *
2978 * Returns 0 if current has the requested access, error code otherwise
2979 */
smack_shm_shmctl(struct kern_ipc_perm * isp,int cmd)2980 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
2981 {
2982 int may;
2983
2984 switch (cmd) {
2985 case IPC_STAT:
2986 case SHM_STAT:
2987 case SHM_STAT_ANY:
2988 may = MAY_READ;
2989 break;
2990 case IPC_SET:
2991 case SHM_LOCK:
2992 case SHM_UNLOCK:
2993 case IPC_RMID:
2994 may = MAY_READWRITE;
2995 break;
2996 case IPC_INFO:
2997 case SHM_INFO:
2998 /*
2999 * System level information.
3000 */
3001 return 0;
3002 default:
3003 return -EINVAL;
3004 }
3005 return smk_curacc_shm(isp, may);
3006 }
3007
3008 /**
3009 * smack_shm_shmat - Smack access for shmat
3010 * @isp: the object
3011 * @shmaddr: unused
3012 * @shmflg: access requested
3013 *
3014 * Returns 0 if current has the requested access, error code otherwise
3015 */
smack_shm_shmat(struct kern_ipc_perm * isp,char __user * shmaddr,int shmflg)3016 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
3017 int shmflg)
3018 {
3019 int may;
3020
3021 may = smack_flags_to_may(shmflg);
3022 return smk_curacc_shm(isp, may);
3023 }
3024
3025 /**
3026 * smk_curacc_sem : check if current has access on sem
3027 * @isp : the object
3028 * @access : access requested
3029 *
3030 * Returns 0 if current has the requested access, error code otherwise
3031 */
smk_curacc_sem(struct kern_ipc_perm * isp,int access)3032 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3033 {
3034 struct smack_known *ssp = smack_of_ipc(isp);
3035 struct smk_audit_info ad;
3036 int rc;
3037
3038 #ifdef CONFIG_AUDIT
3039 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3040 ad.a.u.ipc_id = isp->id;
3041 #endif
3042 rc = smk_curacc(ssp, access, &ad);
3043 rc = smk_bu_current("sem", ssp, access, rc);
3044 return rc;
3045 }
3046
3047 /**
3048 * smack_sem_associate - Smack access check for sem
3049 * @isp: the object
3050 * @semflg: access requested
3051 *
3052 * Returns 0 if current has the requested access, error code otherwise
3053 */
smack_sem_associate(struct kern_ipc_perm * isp,int semflg)3054 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3055 {
3056 int may;
3057
3058 may = smack_flags_to_may(semflg);
3059 return smk_curacc_sem(isp, may);
3060 }
3061
3062 /**
3063 * smack_sem_shmctl - Smack access check for sem
3064 * @isp: the object
3065 * @cmd: what it wants to do
3066 *
3067 * Returns 0 if current has the requested access, error code otherwise
3068 */
smack_sem_semctl(struct kern_ipc_perm * isp,int cmd)3069 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3070 {
3071 int may;
3072
3073 switch (cmd) {
3074 case GETPID:
3075 case GETNCNT:
3076 case GETZCNT:
3077 case GETVAL:
3078 case GETALL:
3079 case IPC_STAT:
3080 case SEM_STAT:
3081 case SEM_STAT_ANY:
3082 may = MAY_READ;
3083 break;
3084 case SETVAL:
3085 case SETALL:
3086 case IPC_RMID:
3087 case IPC_SET:
3088 may = MAY_READWRITE;
3089 break;
3090 case IPC_INFO:
3091 case SEM_INFO:
3092 /*
3093 * System level information
3094 */
3095 return 0;
3096 default:
3097 return -EINVAL;
3098 }
3099
3100 return smk_curacc_sem(isp, may);
3101 }
3102
3103 /**
3104 * smack_sem_semop - Smack checks of semaphore operations
3105 * @isp: the object
3106 * @sops: unused
3107 * @nsops: unused
3108 * @alter: unused
3109 *
3110 * Treated as read and write in all cases.
3111 *
3112 * Returns 0 if access is allowed, error code otherwise
3113 */
smack_sem_semop(struct kern_ipc_perm * isp,struct sembuf * sops,unsigned nsops,int alter)3114 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3115 unsigned nsops, int alter)
3116 {
3117 return smk_curacc_sem(isp, MAY_READWRITE);
3118 }
3119
3120 /**
3121 * smk_curacc_msq : helper to check if current has access on msq
3122 * @isp : the msq
3123 * @access : access requested
3124 *
3125 * return 0 if current has access, error otherwise
3126 */
smk_curacc_msq(struct kern_ipc_perm * isp,int access)3127 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3128 {
3129 struct smack_known *msp = smack_of_ipc(isp);
3130 struct smk_audit_info ad;
3131 int rc;
3132
3133 #ifdef CONFIG_AUDIT
3134 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3135 ad.a.u.ipc_id = isp->id;
3136 #endif
3137 rc = smk_curacc(msp, access, &ad);
3138 rc = smk_bu_current("msq", msp, access, rc);
3139 return rc;
3140 }
3141
3142 /**
3143 * smack_msg_queue_associate - Smack access check for msg_queue
3144 * @isp: the object
3145 * @msqflg: access requested
3146 *
3147 * Returns 0 if current has the requested access, error code otherwise
3148 */
smack_msg_queue_associate(struct kern_ipc_perm * isp,int msqflg)3149 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3150 {
3151 int may;
3152
3153 may = smack_flags_to_may(msqflg);
3154 return smk_curacc_msq(isp, may);
3155 }
3156
3157 /**
3158 * smack_msg_queue_msgctl - Smack access check for msg_queue
3159 * @isp: the object
3160 * @cmd: what it wants to do
3161 *
3162 * Returns 0 if current has the requested access, error code otherwise
3163 */
smack_msg_queue_msgctl(struct kern_ipc_perm * isp,int cmd)3164 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3165 {
3166 int may;
3167
3168 switch (cmd) {
3169 case IPC_STAT:
3170 case MSG_STAT:
3171 case MSG_STAT_ANY:
3172 may = MAY_READ;
3173 break;
3174 case IPC_SET:
3175 case IPC_RMID:
3176 may = MAY_READWRITE;
3177 break;
3178 case IPC_INFO:
3179 case MSG_INFO:
3180 /*
3181 * System level information
3182 */
3183 return 0;
3184 default:
3185 return -EINVAL;
3186 }
3187
3188 return smk_curacc_msq(isp, may);
3189 }
3190
3191 /**
3192 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3193 * @isp: the object
3194 * @msg: unused
3195 * @msqflg: access requested
3196 *
3197 * Returns 0 if current has the requested access, error code otherwise
3198 */
smack_msg_queue_msgsnd(struct kern_ipc_perm * isp,struct msg_msg * msg,int msqflg)3199 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3200 int msqflg)
3201 {
3202 int may;
3203
3204 may = smack_flags_to_may(msqflg);
3205 return smk_curacc_msq(isp, may);
3206 }
3207
3208 /**
3209 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3210 * @isp: the object
3211 * @msg: unused
3212 * @target: unused
3213 * @type: unused
3214 * @mode: unused
3215 *
3216 * Returns 0 if current has read and write access, error code otherwise
3217 */
smack_msg_queue_msgrcv(struct kern_ipc_perm * isp,struct msg_msg * msg,struct task_struct * target,long type,int mode)3218 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
3219 struct task_struct *target, long type, int mode)
3220 {
3221 return smk_curacc_msq(isp, MAY_READWRITE);
3222 }
3223
3224 /**
3225 * smack_ipc_permission - Smack access for ipc_permission()
3226 * @ipp: the object permissions
3227 * @flag: access requested
3228 *
3229 * Returns 0 if current has read and write access, error code otherwise
3230 */
smack_ipc_permission(struct kern_ipc_perm * ipp,short flag)3231 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3232 {
3233 struct smack_known **blob = smack_ipc(ipp);
3234 struct smack_known *iskp = *blob;
3235 int may = smack_flags_to_may(flag);
3236 struct smk_audit_info ad;
3237 int rc;
3238
3239 #ifdef CONFIG_AUDIT
3240 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3241 ad.a.u.ipc_id = ipp->id;
3242 #endif
3243 rc = smk_curacc(iskp, may, &ad);
3244 rc = smk_bu_current("svipc", iskp, may, rc);
3245 return rc;
3246 }
3247
3248 /**
3249 * smack_ipc_getsecid - Extract smack security id
3250 * @ipp: the object permissions
3251 * @secid: where result will be saved
3252 */
smack_ipc_getsecid(struct kern_ipc_perm * ipp,u32 * secid)3253 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3254 {
3255 struct smack_known **blob = smack_ipc(ipp);
3256 struct smack_known *iskp = *blob;
3257
3258 *secid = iskp->smk_secid;
3259 }
3260
3261 /**
3262 * smack_d_instantiate - Make sure the blob is correct on an inode
3263 * @opt_dentry: dentry where inode will be attached
3264 * @inode: the object
3265 *
3266 * Set the inode's security blob if it hasn't been done already.
3267 */
smack_d_instantiate(struct dentry * opt_dentry,struct inode * inode)3268 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3269 {
3270 struct super_block *sbp;
3271 struct superblock_smack *sbsp;
3272 struct inode_smack *isp;
3273 struct smack_known *skp;
3274 struct smack_known *ckp = smk_of_current();
3275 struct smack_known *final;
3276 char trattr[TRANS_TRUE_SIZE];
3277 int transflag = 0;
3278 int rc;
3279 struct dentry *dp;
3280
3281 if (inode == NULL)
3282 return;
3283
3284 isp = smack_inode(inode);
3285
3286 mutex_lock(&isp->smk_lock);
3287 /*
3288 * If the inode is already instantiated
3289 * take the quick way out
3290 */
3291 if (isp->smk_flags & SMK_INODE_INSTANT)
3292 goto unlockandout;
3293
3294 sbp = inode->i_sb;
3295 sbsp = sbp->s_security;
3296 /*
3297 * We're going to use the superblock default label
3298 * if there's no label on the file.
3299 */
3300 final = sbsp->smk_default;
3301
3302 /*
3303 * If this is the root inode the superblock
3304 * may be in the process of initialization.
3305 * If that is the case use the root value out
3306 * of the superblock.
3307 */
3308 if (opt_dentry->d_parent == opt_dentry) {
3309 switch (sbp->s_magic) {
3310 case CGROUP_SUPER_MAGIC:
3311 case CGROUP2_SUPER_MAGIC:
3312 /*
3313 * The cgroup filesystem is never mounted,
3314 * so there's no opportunity to set the mount
3315 * options.
3316 */
3317 sbsp->smk_root = &smack_known_star;
3318 sbsp->smk_default = &smack_known_star;
3319 isp->smk_inode = sbsp->smk_root;
3320 break;
3321 case TMPFS_MAGIC:
3322 /*
3323 * What about shmem/tmpfs anonymous files with dentry
3324 * obtained from d_alloc_pseudo()?
3325 */
3326 isp->smk_inode = smk_of_current();
3327 break;
3328 case PIPEFS_MAGIC:
3329 isp->smk_inode = smk_of_current();
3330 break;
3331 case SOCKFS_MAGIC:
3332 /*
3333 * Socket access is controlled by the socket
3334 * structures associated with the task involved.
3335 */
3336 isp->smk_inode = &smack_known_star;
3337 break;
3338 default:
3339 isp->smk_inode = sbsp->smk_root;
3340 break;
3341 }
3342 isp->smk_flags |= SMK_INODE_INSTANT;
3343 goto unlockandout;
3344 }
3345
3346 /*
3347 * This is pretty hackish.
3348 * Casey says that we shouldn't have to do
3349 * file system specific code, but it does help
3350 * with keeping it simple.
3351 */
3352 switch (sbp->s_magic) {
3353 case SMACK_MAGIC:
3354 case CGROUP_SUPER_MAGIC:
3355 case CGROUP2_SUPER_MAGIC:
3356 /*
3357 * Casey says that it's a little embarrassing
3358 * that the smack file system doesn't do
3359 * extended attributes.
3360 *
3361 * Cgroupfs is special
3362 */
3363 final = &smack_known_star;
3364 break;
3365 case DEVPTS_SUPER_MAGIC:
3366 /*
3367 * devpts seems content with the label of the task.
3368 * Programs that change smack have to treat the
3369 * pty with respect.
3370 */
3371 final = ckp;
3372 break;
3373 case PROC_SUPER_MAGIC:
3374 /*
3375 * Casey says procfs appears not to care.
3376 * The superblock default suffices.
3377 */
3378 break;
3379 case TMPFS_MAGIC:
3380 /*
3381 * Device labels should come from the filesystem,
3382 * but watch out, because they're volitile,
3383 * getting recreated on every reboot.
3384 */
3385 final = &smack_known_star;
3386 /*
3387 * If a smack value has been set we want to use it,
3388 * but since tmpfs isn't giving us the opportunity
3389 * to set mount options simulate setting the
3390 * superblock default.
3391 */
3392 /* Fall through */
3393 default:
3394 /*
3395 * This isn't an understood special case.
3396 * Get the value from the xattr.
3397 */
3398
3399 /*
3400 * UNIX domain sockets use lower level socket data.
3401 */
3402 if (S_ISSOCK(inode->i_mode)) {
3403 final = &smack_known_star;
3404 break;
3405 }
3406 /*
3407 * No xattr support means, alas, no SMACK label.
3408 * Use the aforeapplied default.
3409 * It would be curious if the label of the task
3410 * does not match that assigned.
3411 */
3412 if (!(inode->i_opflags & IOP_XATTR))
3413 break;
3414 /*
3415 * Get the dentry for xattr.
3416 */
3417 dp = dget(opt_dentry);
3418 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3419 if (!IS_ERR_OR_NULL(skp))
3420 final = skp;
3421
3422 /*
3423 * Transmuting directory
3424 */
3425 if (S_ISDIR(inode->i_mode)) {
3426 /*
3427 * If this is a new directory and the label was
3428 * transmuted when the inode was initialized
3429 * set the transmute attribute on the directory
3430 * and mark the inode.
3431 *
3432 * If there is a transmute attribute on the
3433 * directory mark the inode.
3434 */
3435 if (isp->smk_flags & SMK_INODE_CHANGED) {
3436 isp->smk_flags &= ~SMK_INODE_CHANGED;
3437 rc = __vfs_setxattr(dp, inode,
3438 XATTR_NAME_SMACKTRANSMUTE,
3439 TRANS_TRUE, TRANS_TRUE_SIZE,
3440 0);
3441 } else {
3442 rc = __vfs_getxattr(dp, inode,
3443 XATTR_NAME_SMACKTRANSMUTE, trattr,
3444 TRANS_TRUE_SIZE, XATTR_NOSECURITY);
3445 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3446 TRANS_TRUE_SIZE) != 0)
3447 rc = -EINVAL;
3448 }
3449 if (rc >= 0)
3450 transflag = SMK_INODE_TRANSMUTE;
3451 }
3452 /*
3453 * Don't let the exec or mmap label be "*" or "@".
3454 */
3455 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3456 if (IS_ERR(skp) || skp == &smack_known_star ||
3457 skp == &smack_known_web)
3458 skp = NULL;
3459 isp->smk_task = skp;
3460
3461 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3462 if (IS_ERR(skp) || skp == &smack_known_star ||
3463 skp == &smack_known_web)
3464 skp = NULL;
3465 isp->smk_mmap = skp;
3466
3467 dput(dp);
3468 break;
3469 }
3470
3471 if (final == NULL)
3472 isp->smk_inode = ckp;
3473 else
3474 isp->smk_inode = final;
3475
3476 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3477
3478 unlockandout:
3479 mutex_unlock(&isp->smk_lock);
3480 return;
3481 }
3482
3483 /**
3484 * smack_getprocattr - Smack process attribute access
3485 * @p: the object task
3486 * @name: the name of the attribute in /proc/.../attr
3487 * @value: where to put the result
3488 *
3489 * Places a copy of the task Smack into value
3490 *
3491 * Returns the length of the smack label or an error code
3492 */
smack_getprocattr(struct task_struct * p,char * name,char ** value)3493 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3494 {
3495 struct smack_known *skp = smk_of_task_struct(p);
3496 char *cp;
3497 int slen;
3498
3499 if (strcmp(name, "current") != 0)
3500 return -EINVAL;
3501
3502 cp = kstrdup(skp->smk_known, GFP_KERNEL);
3503 if (cp == NULL)
3504 return -ENOMEM;
3505
3506 slen = strlen(cp);
3507 *value = cp;
3508 return slen;
3509 }
3510
3511 /**
3512 * smack_setprocattr - Smack process attribute setting
3513 * @name: the name of the attribute in /proc/.../attr
3514 * @value: the value to set
3515 * @size: the size of the value
3516 *
3517 * Sets the Smack value of the task. Only setting self
3518 * is permitted and only with privilege
3519 *
3520 * Returns the length of the smack label or an error code
3521 */
smack_setprocattr(const char * name,void * value,size_t size)3522 static int smack_setprocattr(const char *name, void *value, size_t size)
3523 {
3524 struct task_smack *tsp = smack_cred(current_cred());
3525 struct cred *new;
3526 struct smack_known *skp;
3527 struct smack_known_list_elem *sklep;
3528 int rc;
3529
3530 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3531 return -EPERM;
3532
3533 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3534 return -EINVAL;
3535
3536 if (strcmp(name, "current") != 0)
3537 return -EINVAL;
3538
3539 skp = smk_import_entry(value, size);
3540 if (IS_ERR(skp))
3541 return PTR_ERR(skp);
3542
3543 /*
3544 * No process is ever allowed the web ("@") label
3545 * and the star ("*") label.
3546 */
3547 if (skp == &smack_known_web || skp == &smack_known_star)
3548 return -EINVAL;
3549
3550 if (!smack_privileged(CAP_MAC_ADMIN)) {
3551 rc = -EPERM;
3552 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3553 if (sklep->smk_label == skp) {
3554 rc = 0;
3555 break;
3556 }
3557 if (rc)
3558 return rc;
3559 }
3560
3561 new = prepare_creds();
3562 if (new == NULL)
3563 return -ENOMEM;
3564
3565 tsp = smack_cred(new);
3566 tsp->smk_task = skp;
3567 /*
3568 * process can change its label only once
3569 */
3570 smk_destroy_label_list(&tsp->smk_relabel);
3571
3572 commit_creds(new);
3573 return size;
3574 }
3575
3576 /**
3577 * smack_unix_stream_connect - Smack access on UDS
3578 * @sock: one sock
3579 * @other: the other sock
3580 * @newsk: unused
3581 *
3582 * Return 0 if a subject with the smack of sock could access
3583 * an object with the smack of other, otherwise an error code
3584 */
smack_unix_stream_connect(struct sock * sock,struct sock * other,struct sock * newsk)3585 static int smack_unix_stream_connect(struct sock *sock,
3586 struct sock *other, struct sock *newsk)
3587 {
3588 struct smack_known *skp;
3589 struct smack_known *okp;
3590 struct socket_smack *ssp = sock->sk_security;
3591 struct socket_smack *osp = other->sk_security;
3592 struct socket_smack *nsp = newsk->sk_security;
3593 struct smk_audit_info ad;
3594 int rc = 0;
3595 #ifdef CONFIG_AUDIT
3596 struct lsm_network_audit net;
3597 #endif
3598
3599 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3600 skp = ssp->smk_out;
3601 okp = osp->smk_in;
3602 #ifdef CONFIG_AUDIT
3603 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3604 smk_ad_setfield_u_net_sk(&ad, other);
3605 #endif
3606 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3607 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3608 if (rc == 0) {
3609 okp = osp->smk_out;
3610 skp = ssp->smk_in;
3611 rc = smk_access(okp, skp, MAY_WRITE, &ad);
3612 rc = smk_bu_note("UDS connect", okp, skp,
3613 MAY_WRITE, rc);
3614 }
3615 }
3616
3617 /*
3618 * Cross reference the peer labels for SO_PEERSEC.
3619 */
3620 if (rc == 0) {
3621 nsp->smk_packet = ssp->smk_out;
3622 ssp->smk_packet = osp->smk_out;
3623 }
3624
3625 return rc;
3626 }
3627
3628 /**
3629 * smack_unix_may_send - Smack access on UDS
3630 * @sock: one socket
3631 * @other: the other socket
3632 *
3633 * Return 0 if a subject with the smack of sock could access
3634 * an object with the smack of other, otherwise an error code
3635 */
smack_unix_may_send(struct socket * sock,struct socket * other)3636 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3637 {
3638 struct socket_smack *ssp = sock->sk->sk_security;
3639 struct socket_smack *osp = other->sk->sk_security;
3640 struct smk_audit_info ad;
3641 int rc;
3642
3643 #ifdef CONFIG_AUDIT
3644 struct lsm_network_audit net;
3645
3646 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3647 smk_ad_setfield_u_net_sk(&ad, other->sk);
3648 #endif
3649
3650 if (smack_privileged(CAP_MAC_OVERRIDE))
3651 return 0;
3652
3653 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3654 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3655 return rc;
3656 }
3657
3658 /**
3659 * smack_socket_sendmsg - Smack check based on destination host
3660 * @sock: the socket
3661 * @msg: the message
3662 * @size: the size of the message
3663 *
3664 * Return 0 if the current subject can write to the destination host.
3665 * For IPv4 this is only a question if the destination is a single label host.
3666 * For IPv6 this is a check against the label of the port.
3667 */
smack_socket_sendmsg(struct socket * sock,struct msghdr * msg,int size)3668 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3669 int size)
3670 {
3671 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3672 #if IS_ENABLED(CONFIG_IPV6)
3673 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3674 #endif
3675 #ifdef SMACK_IPV6_SECMARK_LABELING
3676 struct socket_smack *ssp = sock->sk->sk_security;
3677 struct smack_known *rsp;
3678 #endif
3679 int rc = 0;
3680
3681 /*
3682 * Perfectly reasonable for this to be NULL
3683 */
3684 if (sip == NULL)
3685 return 0;
3686
3687 switch (sock->sk->sk_family) {
3688 case AF_INET:
3689 if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3690 sip->sin_family != AF_INET)
3691 return -EINVAL;
3692 rc = smack_netlabel_send(sock->sk, sip);
3693 break;
3694 #if IS_ENABLED(CONFIG_IPV6)
3695 case AF_INET6:
3696 if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3697 sap->sin6_family != AF_INET6)
3698 return -EINVAL;
3699 #ifdef SMACK_IPV6_SECMARK_LABELING
3700 rsp = smack_ipv6host_label(sap);
3701 if (rsp != NULL)
3702 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3703 SMK_CONNECTING);
3704 #endif
3705 #ifdef SMACK_IPV6_PORT_LABELING
3706 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3707 #endif
3708 #endif /* IS_ENABLED(CONFIG_IPV6) */
3709 break;
3710 }
3711 return rc;
3712 }
3713
3714 /**
3715 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3716 * @sap: netlabel secattr
3717 * @ssp: socket security information
3718 *
3719 * Returns a pointer to a Smack label entry found on the label list.
3720 */
smack_from_secattr(struct netlbl_lsm_secattr * sap,struct socket_smack * ssp)3721 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3722 struct socket_smack *ssp)
3723 {
3724 struct smack_known *skp;
3725 int found = 0;
3726 int acat;
3727 int kcat;
3728
3729 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3730 /*
3731 * Looks like a CIPSO packet.
3732 * If there are flags but no level netlabel isn't
3733 * behaving the way we expect it to.
3734 *
3735 * Look it up in the label table
3736 * Without guidance regarding the smack value
3737 * for the packet fall back on the network
3738 * ambient value.
3739 */
3740 rcu_read_lock();
3741 list_for_each_entry_rcu(skp, &smack_known_list, list) {
3742 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3743 continue;
3744 /*
3745 * Compare the catsets. Use the netlbl APIs.
3746 */
3747 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3748 if ((skp->smk_netlabel.flags &
3749 NETLBL_SECATTR_MLS_CAT) == 0)
3750 found = 1;
3751 break;
3752 }
3753 for (acat = -1, kcat = -1; acat == kcat; ) {
3754 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3755 acat + 1);
3756 kcat = netlbl_catmap_walk(
3757 skp->smk_netlabel.attr.mls.cat,
3758 kcat + 1);
3759 if (acat < 0 || kcat < 0)
3760 break;
3761 }
3762 if (acat == kcat) {
3763 found = 1;
3764 break;
3765 }
3766 }
3767 rcu_read_unlock();
3768
3769 if (found)
3770 return skp;
3771
3772 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3773 return &smack_known_web;
3774 return &smack_known_star;
3775 }
3776 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3777 /*
3778 * Looks like a fallback, which gives us a secid.
3779 */
3780 return smack_from_secid(sap->attr.secid);
3781 /*
3782 * Without guidance regarding the smack value
3783 * for the packet fall back on the network
3784 * ambient value.
3785 */
3786 return smack_net_ambient;
3787 }
3788
3789 #if IS_ENABLED(CONFIG_IPV6)
smk_skb_to_addr_ipv6(struct sk_buff * skb,struct sockaddr_in6 * sip)3790 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3791 {
3792 u8 nexthdr;
3793 int offset;
3794 int proto = -EINVAL;
3795 struct ipv6hdr _ipv6h;
3796 struct ipv6hdr *ip6;
3797 __be16 frag_off;
3798 struct tcphdr _tcph, *th;
3799 struct udphdr _udph, *uh;
3800 struct dccp_hdr _dccph, *dh;
3801
3802 sip->sin6_port = 0;
3803
3804 offset = skb_network_offset(skb);
3805 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3806 if (ip6 == NULL)
3807 return -EINVAL;
3808 sip->sin6_addr = ip6->saddr;
3809
3810 nexthdr = ip6->nexthdr;
3811 offset += sizeof(_ipv6h);
3812 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3813 if (offset < 0)
3814 return -EINVAL;
3815
3816 proto = nexthdr;
3817 switch (proto) {
3818 case IPPROTO_TCP:
3819 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3820 if (th != NULL)
3821 sip->sin6_port = th->source;
3822 break;
3823 case IPPROTO_UDP:
3824 case IPPROTO_UDPLITE:
3825 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3826 if (uh != NULL)
3827 sip->sin6_port = uh->source;
3828 break;
3829 case IPPROTO_DCCP:
3830 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3831 if (dh != NULL)
3832 sip->sin6_port = dh->dccph_sport;
3833 break;
3834 }
3835 return proto;
3836 }
3837 #endif /* CONFIG_IPV6 */
3838
3839 /**
3840 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3841 * @sk: socket
3842 * @skb: packet
3843 *
3844 * Returns 0 if the packet should be delivered, an error code otherwise
3845 */
smack_socket_sock_rcv_skb(struct sock * sk,struct sk_buff * skb)3846 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3847 {
3848 struct netlbl_lsm_secattr secattr;
3849 struct socket_smack *ssp = sk->sk_security;
3850 struct smack_known *skp = NULL;
3851 int rc = 0;
3852 struct smk_audit_info ad;
3853 u16 family = sk->sk_family;
3854 #ifdef CONFIG_AUDIT
3855 struct lsm_network_audit net;
3856 #endif
3857 #if IS_ENABLED(CONFIG_IPV6)
3858 struct sockaddr_in6 sadd;
3859 int proto;
3860
3861 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3862 family = PF_INET;
3863 #endif /* CONFIG_IPV6 */
3864
3865 switch (family) {
3866 case PF_INET:
3867 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3868 /*
3869 * If there is a secmark use it rather than the CIPSO label.
3870 * If there is no secmark fall back to CIPSO.
3871 * The secmark is assumed to reflect policy better.
3872 */
3873 if (skb && skb->secmark != 0) {
3874 skp = smack_from_secid(skb->secmark);
3875 goto access_check;
3876 }
3877 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3878 /*
3879 * Translate what netlabel gave us.
3880 */
3881 netlbl_secattr_init(&secattr);
3882
3883 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3884 if (rc == 0)
3885 skp = smack_from_secattr(&secattr, ssp);
3886 else
3887 skp = smack_net_ambient;
3888
3889 netlbl_secattr_destroy(&secattr);
3890
3891 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3892 access_check:
3893 #endif
3894 #ifdef CONFIG_AUDIT
3895 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3896 ad.a.u.net->family = family;
3897 ad.a.u.net->netif = skb->skb_iif;
3898 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3899 #endif
3900 /*
3901 * Receiving a packet requires that the other end
3902 * be able to write here. Read access is not required.
3903 * This is the simplist possible security model
3904 * for networking.
3905 */
3906 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3907 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3908 MAY_WRITE, rc);
3909 if (rc != 0)
3910 netlbl_skbuff_err(skb, family, rc, 0);
3911 break;
3912 #if IS_ENABLED(CONFIG_IPV6)
3913 case PF_INET6:
3914 proto = smk_skb_to_addr_ipv6(skb, &sadd);
3915 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3916 proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
3917 break;
3918 #ifdef SMACK_IPV6_SECMARK_LABELING
3919 if (skb && skb->secmark != 0)
3920 skp = smack_from_secid(skb->secmark);
3921 else if (smk_ipv6_localhost(&sadd))
3922 break;
3923 else
3924 skp = smack_ipv6host_label(&sadd);
3925 if (skp == NULL)
3926 skp = smack_net_ambient;
3927 if (skb == NULL)
3928 break;
3929 #ifdef CONFIG_AUDIT
3930 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3931 ad.a.u.net->family = family;
3932 ad.a.u.net->netif = skb->skb_iif;
3933 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3934 #endif /* CONFIG_AUDIT */
3935 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3936 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3937 MAY_WRITE, rc);
3938 #endif /* SMACK_IPV6_SECMARK_LABELING */
3939 #ifdef SMACK_IPV6_PORT_LABELING
3940 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3941 #endif /* SMACK_IPV6_PORT_LABELING */
3942 if (rc != 0)
3943 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3944 ICMPV6_ADM_PROHIBITED, 0);
3945 break;
3946 #endif /* CONFIG_IPV6 */
3947 }
3948
3949 return rc;
3950 }
3951
3952 /**
3953 * smack_socket_getpeersec_stream - pull in packet label
3954 * @sock: the socket
3955 * @optval: user's destination
3956 * @optlen: size thereof
3957 * @len: max thereof
3958 *
3959 * returns zero on success, an error code otherwise
3960 */
smack_socket_getpeersec_stream(struct socket * sock,char __user * optval,int __user * optlen,unsigned len)3961 static int smack_socket_getpeersec_stream(struct socket *sock,
3962 char __user *optval,
3963 int __user *optlen, unsigned len)
3964 {
3965 struct socket_smack *ssp;
3966 char *rcp = "";
3967 int slen = 1;
3968 int rc = 0;
3969
3970 ssp = sock->sk->sk_security;
3971 if (ssp->smk_packet != NULL) {
3972 rcp = ssp->smk_packet->smk_known;
3973 slen = strlen(rcp) + 1;
3974 }
3975
3976 if (slen > len)
3977 rc = -ERANGE;
3978 else if (copy_to_user(optval, rcp, slen) != 0)
3979 rc = -EFAULT;
3980
3981 if (put_user(slen, optlen) != 0)
3982 rc = -EFAULT;
3983
3984 return rc;
3985 }
3986
3987
3988 /**
3989 * smack_socket_getpeersec_dgram - pull in packet label
3990 * @sock: the peer socket
3991 * @skb: packet data
3992 * @secid: pointer to where to put the secid of the packet
3993 *
3994 * Sets the netlabel socket state on sk from parent
3995 */
smack_socket_getpeersec_dgram(struct socket * sock,struct sk_buff * skb,u32 * secid)3996 static int smack_socket_getpeersec_dgram(struct socket *sock,
3997 struct sk_buff *skb, u32 *secid)
3998
3999 {
4000 struct netlbl_lsm_secattr secattr;
4001 struct socket_smack *ssp = NULL;
4002 struct smack_known *skp;
4003 int family = PF_UNSPEC;
4004 u32 s = 0; /* 0 is the invalid secid */
4005 int rc;
4006
4007 if (skb != NULL) {
4008 if (skb->protocol == htons(ETH_P_IP))
4009 family = PF_INET;
4010 #if IS_ENABLED(CONFIG_IPV6)
4011 else if (skb->protocol == htons(ETH_P_IPV6))
4012 family = PF_INET6;
4013 #endif /* CONFIG_IPV6 */
4014 }
4015 if (family == PF_UNSPEC && sock != NULL)
4016 family = sock->sk->sk_family;
4017
4018 switch (family) {
4019 case PF_UNIX:
4020 ssp = sock->sk->sk_security;
4021 s = ssp->smk_out->smk_secid;
4022 break;
4023 case PF_INET:
4024 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4025 s = skb->secmark;
4026 if (s != 0)
4027 break;
4028 #endif
4029 /*
4030 * Translate what netlabel gave us.
4031 */
4032 if (sock != NULL && sock->sk != NULL)
4033 ssp = sock->sk->sk_security;
4034 netlbl_secattr_init(&secattr);
4035 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4036 if (rc == 0) {
4037 skp = smack_from_secattr(&secattr, ssp);
4038 s = skp->smk_secid;
4039 }
4040 netlbl_secattr_destroy(&secattr);
4041 break;
4042 case PF_INET6:
4043 #ifdef SMACK_IPV6_SECMARK_LABELING
4044 s = skb->secmark;
4045 #endif
4046 break;
4047 }
4048 *secid = s;
4049 if (s == 0)
4050 return -EINVAL;
4051 return 0;
4052 }
4053
4054 /**
4055 * smack_sock_graft - Initialize a newly created socket with an existing sock
4056 * @sk: child sock
4057 * @parent: parent socket
4058 *
4059 * Set the smk_{in,out} state of an existing sock based on the process that
4060 * is creating the new socket.
4061 */
smack_sock_graft(struct sock * sk,struct socket * parent)4062 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4063 {
4064 struct socket_smack *ssp;
4065 struct smack_known *skp = smk_of_current();
4066
4067 if (sk == NULL ||
4068 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4069 return;
4070
4071 ssp = sk->sk_security;
4072 ssp->smk_in = skp;
4073 ssp->smk_out = skp;
4074 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
4075 }
4076
4077 /**
4078 * smack_inet_conn_request - Smack access check on connect
4079 * @sk: socket involved
4080 * @skb: packet
4081 * @req: unused
4082 *
4083 * Returns 0 if a task with the packet label could write to
4084 * the socket, otherwise an error code
4085 */
smack_inet_conn_request(struct sock * sk,struct sk_buff * skb,struct request_sock * req)4086 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4087 struct request_sock *req)
4088 {
4089 u16 family = sk->sk_family;
4090 struct smack_known *skp;
4091 struct socket_smack *ssp = sk->sk_security;
4092 struct netlbl_lsm_secattr secattr;
4093 struct sockaddr_in addr;
4094 struct iphdr *hdr;
4095 struct smack_known *hskp;
4096 int rc;
4097 struct smk_audit_info ad;
4098 #ifdef CONFIG_AUDIT
4099 struct lsm_network_audit net;
4100 #endif
4101
4102 #if IS_ENABLED(CONFIG_IPV6)
4103 if (family == PF_INET6) {
4104 /*
4105 * Handle mapped IPv4 packets arriving
4106 * via IPv6 sockets. Don't set up netlabel
4107 * processing on IPv6.
4108 */
4109 if (skb->protocol == htons(ETH_P_IP))
4110 family = PF_INET;
4111 else
4112 return 0;
4113 }
4114 #endif /* CONFIG_IPV6 */
4115
4116 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4117 /*
4118 * If there is a secmark use it rather than the CIPSO label.
4119 * If there is no secmark fall back to CIPSO.
4120 * The secmark is assumed to reflect policy better.
4121 */
4122 if (skb && skb->secmark != 0) {
4123 skp = smack_from_secid(skb->secmark);
4124 goto access_check;
4125 }
4126 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4127
4128 netlbl_secattr_init(&secattr);
4129 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4130 if (rc == 0)
4131 skp = smack_from_secattr(&secattr, ssp);
4132 else
4133 skp = &smack_known_huh;
4134 netlbl_secattr_destroy(&secattr);
4135
4136 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4137 access_check:
4138 #endif
4139
4140 #ifdef CONFIG_AUDIT
4141 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4142 ad.a.u.net->family = family;
4143 ad.a.u.net->netif = skb->skb_iif;
4144 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4145 #endif
4146 /*
4147 * Receiving a packet requires that the other end be able to write
4148 * here. Read access is not required.
4149 */
4150 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4151 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4152 if (rc != 0)
4153 return rc;
4154
4155 /*
4156 * Save the peer's label in the request_sock so we can later setup
4157 * smk_packet in the child socket so that SO_PEERCRED can report it.
4158 */
4159 req->peer_secid = skp->smk_secid;
4160
4161 /*
4162 * We need to decide if we want to label the incoming connection here
4163 * if we do we only need to label the request_sock and the stack will
4164 * propagate the wire-label to the sock when it is created.
4165 */
4166 hdr = ip_hdr(skb);
4167 addr.sin_addr.s_addr = hdr->saddr;
4168 rcu_read_lock();
4169 hskp = smack_ipv4host_label(&addr);
4170 rcu_read_unlock();
4171
4172 if (hskp == NULL)
4173 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4174 else
4175 netlbl_req_delattr(req);
4176
4177 return rc;
4178 }
4179
4180 /**
4181 * smack_inet_csk_clone - Copy the connection information to the new socket
4182 * @sk: the new socket
4183 * @req: the connection's request_sock
4184 *
4185 * Transfer the connection's peer label to the newly created socket.
4186 */
smack_inet_csk_clone(struct sock * sk,const struct request_sock * req)4187 static void smack_inet_csk_clone(struct sock *sk,
4188 const struct request_sock *req)
4189 {
4190 struct socket_smack *ssp = sk->sk_security;
4191 struct smack_known *skp;
4192
4193 if (req->peer_secid != 0) {
4194 skp = smack_from_secid(req->peer_secid);
4195 ssp->smk_packet = skp;
4196 } else
4197 ssp->smk_packet = NULL;
4198 }
4199
4200 /*
4201 * Key management security hooks
4202 *
4203 * Casey has not tested key support very heavily.
4204 * The permission check is most likely too restrictive.
4205 * If you care about keys please have a look.
4206 */
4207 #ifdef CONFIG_KEYS
4208
4209 /**
4210 * smack_key_alloc - Set the key security blob
4211 * @key: object
4212 * @cred: the credentials to use
4213 * @flags: unused
4214 *
4215 * No allocation required
4216 *
4217 * Returns 0
4218 */
smack_key_alloc(struct key * key,const struct cred * cred,unsigned long flags)4219 static int smack_key_alloc(struct key *key, const struct cred *cred,
4220 unsigned long flags)
4221 {
4222 struct smack_known *skp = smk_of_task(smack_cred(cred));
4223
4224 key->security = skp;
4225 return 0;
4226 }
4227
4228 /**
4229 * smack_key_free - Clear the key security blob
4230 * @key: the object
4231 *
4232 * Clear the blob pointer
4233 */
smack_key_free(struct key * key)4234 static void smack_key_free(struct key *key)
4235 {
4236 key->security = NULL;
4237 }
4238
4239 /**
4240 * smack_key_permission - Smack access on a key
4241 * @key_ref: gets to the object
4242 * @cred: the credentials to use
4243 * @perm: requested key permissions
4244 *
4245 * Return 0 if the task has read and write to the object,
4246 * an error code otherwise
4247 */
smack_key_permission(key_ref_t key_ref,const struct cred * cred,unsigned perm)4248 static int smack_key_permission(key_ref_t key_ref,
4249 const struct cred *cred, unsigned perm)
4250 {
4251 struct key *keyp;
4252 struct smk_audit_info ad;
4253 struct smack_known *tkp = smk_of_task(smack_cred(cred));
4254 int request = 0;
4255 int rc;
4256
4257 /*
4258 * Validate requested permissions
4259 */
4260 if (perm & ~KEY_NEED_ALL)
4261 return -EINVAL;
4262
4263 keyp = key_ref_to_ptr(key_ref);
4264 if (keyp == NULL)
4265 return -EINVAL;
4266 /*
4267 * If the key hasn't been initialized give it access so that
4268 * it may do so.
4269 */
4270 if (keyp->security == NULL)
4271 return 0;
4272 /*
4273 * This should not occur
4274 */
4275 if (tkp == NULL)
4276 return -EACCES;
4277
4278 if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4279 return 0;
4280
4281 #ifdef CONFIG_AUDIT
4282 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4283 ad.a.u.key_struct.key = keyp->serial;
4284 ad.a.u.key_struct.key_desc = keyp->description;
4285 #endif
4286 if (perm & (KEY_NEED_READ | KEY_NEED_SEARCH | KEY_NEED_VIEW))
4287 request |= MAY_READ;
4288 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4289 request |= MAY_WRITE;
4290 rc = smk_access(tkp, keyp->security, request, &ad);
4291 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4292 return rc;
4293 }
4294
4295 /*
4296 * smack_key_getsecurity - Smack label tagging the key
4297 * @key points to the key to be queried
4298 * @_buffer points to a pointer that should be set to point to the
4299 * resulting string (if no label or an error occurs).
4300 * Return the length of the string (including terminating NUL) or -ve if
4301 * an error.
4302 * May also return 0 (and a NULL buffer pointer) if there is no label.
4303 */
smack_key_getsecurity(struct key * key,char ** _buffer)4304 static int smack_key_getsecurity(struct key *key, char **_buffer)
4305 {
4306 struct smack_known *skp = key->security;
4307 size_t length;
4308 char *copy;
4309
4310 if (key->security == NULL) {
4311 *_buffer = NULL;
4312 return 0;
4313 }
4314
4315 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4316 if (copy == NULL)
4317 return -ENOMEM;
4318 length = strlen(copy) + 1;
4319
4320 *_buffer = copy;
4321 return length;
4322 }
4323
4324 #endif /* CONFIG_KEYS */
4325
4326 /*
4327 * Smack Audit hooks
4328 *
4329 * Audit requires a unique representation of each Smack specific
4330 * rule. This unique representation is used to distinguish the
4331 * object to be audited from remaining kernel objects and also
4332 * works as a glue between the audit hooks.
4333 *
4334 * Since repository entries are added but never deleted, we'll use
4335 * the smack_known label address related to the given audit rule as
4336 * the needed unique representation. This also better fits the smack
4337 * model where nearly everything is a label.
4338 */
4339 #ifdef CONFIG_AUDIT
4340
4341 /**
4342 * smack_audit_rule_init - Initialize a smack audit rule
4343 * @field: audit rule fields given from user-space (audit.h)
4344 * @op: required testing operator (=, !=, >, <, ...)
4345 * @rulestr: smack label to be audited
4346 * @vrule: pointer to save our own audit rule representation
4347 *
4348 * Prepare to audit cases where (@field @op @rulestr) is true.
4349 * The label to be audited is created if necessay.
4350 */
smack_audit_rule_init(u32 field,u32 op,char * rulestr,void ** vrule)4351 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4352 {
4353 struct smack_known *skp;
4354 char **rule = (char **)vrule;
4355 *rule = NULL;
4356
4357 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4358 return -EINVAL;
4359
4360 if (op != Audit_equal && op != Audit_not_equal)
4361 return -EINVAL;
4362
4363 skp = smk_import_entry(rulestr, 0);
4364 if (IS_ERR(skp))
4365 return PTR_ERR(skp);
4366
4367 *rule = skp->smk_known;
4368
4369 return 0;
4370 }
4371
4372 /**
4373 * smack_audit_rule_known - Distinguish Smack audit rules
4374 * @krule: rule of interest, in Audit kernel representation format
4375 *
4376 * This is used to filter Smack rules from remaining Audit ones.
4377 * If it's proved that this rule belongs to us, the
4378 * audit_rule_match hook will be called to do the final judgement.
4379 */
smack_audit_rule_known(struct audit_krule * krule)4380 static int smack_audit_rule_known(struct audit_krule *krule)
4381 {
4382 struct audit_field *f;
4383 int i;
4384
4385 for (i = 0; i < krule->field_count; i++) {
4386 f = &krule->fields[i];
4387
4388 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4389 return 1;
4390 }
4391
4392 return 0;
4393 }
4394
4395 /**
4396 * smack_audit_rule_match - Audit given object ?
4397 * @secid: security id for identifying the object to test
4398 * @field: audit rule flags given from user-space
4399 * @op: required testing operator
4400 * @vrule: smack internal rule presentation
4401 *
4402 * The core Audit hook. It's used to take the decision of
4403 * whether to audit or not to audit a given object.
4404 */
smack_audit_rule_match(u32 secid,u32 field,u32 op,void * vrule)4405 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
4406 {
4407 struct smack_known *skp;
4408 char *rule = vrule;
4409
4410 if (unlikely(!rule)) {
4411 WARN_ONCE(1, "Smack: missing rule\n");
4412 return -ENOENT;
4413 }
4414
4415 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4416 return 0;
4417
4418 skp = smack_from_secid(secid);
4419
4420 /*
4421 * No need to do string comparisons. If a match occurs,
4422 * both pointers will point to the same smack_known
4423 * label.
4424 */
4425 if (op == Audit_equal)
4426 return (rule == skp->smk_known);
4427 if (op == Audit_not_equal)
4428 return (rule != skp->smk_known);
4429
4430 return 0;
4431 }
4432
4433 /*
4434 * There is no need for a smack_audit_rule_free hook.
4435 * No memory was allocated.
4436 */
4437
4438 #endif /* CONFIG_AUDIT */
4439
4440 /**
4441 * smack_ismaclabel - check if xattr @name references a smack MAC label
4442 * @name: Full xattr name to check.
4443 */
smack_ismaclabel(const char * name)4444 static int smack_ismaclabel(const char *name)
4445 {
4446 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4447 }
4448
4449
4450 /**
4451 * smack_secid_to_secctx - return the smack label for a secid
4452 * @secid: incoming integer
4453 * @secdata: destination
4454 * @seclen: how long it is
4455 *
4456 * Exists for networking code.
4457 */
smack_secid_to_secctx(u32 secid,char ** secdata,u32 * seclen)4458 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4459 {
4460 struct smack_known *skp = smack_from_secid(secid);
4461
4462 if (secdata)
4463 *secdata = skp->smk_known;
4464 *seclen = strlen(skp->smk_known);
4465 return 0;
4466 }
4467
4468 /**
4469 * smack_secctx_to_secid - return the secid for a smack label
4470 * @secdata: smack label
4471 * @seclen: how long result is
4472 * @secid: outgoing integer
4473 *
4474 * Exists for audit and networking code.
4475 */
smack_secctx_to_secid(const char * secdata,u32 seclen,u32 * secid)4476 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4477 {
4478 struct smack_known *skp = smk_find_entry(secdata);
4479
4480 if (skp)
4481 *secid = skp->smk_secid;
4482 else
4483 *secid = 0;
4484 return 0;
4485 }
4486
4487 /*
4488 * There used to be a smack_release_secctx hook
4489 * that did nothing back when hooks were in a vector.
4490 * Now that there's a list such a hook adds cost.
4491 */
4492
smack_inode_notifysecctx(struct inode * inode,void * ctx,u32 ctxlen)4493 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4494 {
4495 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4496 }
4497
smack_inode_setsecctx(struct dentry * dentry,void * ctx,u32 ctxlen)4498 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4499 {
4500 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4501 }
4502
smack_inode_getsecctx(struct inode * inode,void ** ctx,u32 * ctxlen)4503 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4504 {
4505 struct smack_known *skp = smk_of_inode(inode);
4506
4507 *ctx = skp->smk_known;
4508 *ctxlen = strlen(skp->smk_known);
4509 return 0;
4510 }
4511
smack_inode_copy_up(struct dentry * dentry,struct cred ** new)4512 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4513 {
4514
4515 struct task_smack *tsp;
4516 struct smack_known *skp;
4517 struct inode_smack *isp;
4518 struct cred *new_creds = *new;
4519
4520 if (new_creds == NULL) {
4521 new_creds = prepare_creds();
4522 if (new_creds == NULL)
4523 return -ENOMEM;
4524 }
4525
4526 tsp = smack_cred(new_creds);
4527
4528 /*
4529 * Get label from overlay inode and set it in create_sid
4530 */
4531 isp = smack_inode(d_inode(dentry->d_parent));
4532 skp = isp->smk_inode;
4533 tsp->smk_task = skp;
4534 *new = new_creds;
4535 return 0;
4536 }
4537
smack_inode_copy_up_xattr(const char * name)4538 static int smack_inode_copy_up_xattr(const char *name)
4539 {
4540 /*
4541 * Return 1 if this is the smack access Smack attribute.
4542 */
4543 if (strcmp(name, XATTR_NAME_SMACK) == 0)
4544 return 1;
4545
4546 return -EOPNOTSUPP;
4547 }
4548
smack_dentry_create_files_as(struct dentry * dentry,int mode,struct qstr * name,const struct cred * old,struct cred * new)4549 static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4550 struct qstr *name,
4551 const struct cred *old,
4552 struct cred *new)
4553 {
4554 struct task_smack *otsp = smack_cred(old);
4555 struct task_smack *ntsp = smack_cred(new);
4556 struct inode_smack *isp;
4557 int may;
4558
4559 /*
4560 * Use the process credential unless all of
4561 * the transmuting criteria are met
4562 */
4563 ntsp->smk_task = otsp->smk_task;
4564
4565 /*
4566 * the attribute of the containing directory
4567 */
4568 isp = smack_inode(d_inode(dentry->d_parent));
4569
4570 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4571 rcu_read_lock();
4572 may = smk_access_entry(otsp->smk_task->smk_known,
4573 isp->smk_inode->smk_known,
4574 &otsp->smk_task->smk_rules);
4575 rcu_read_unlock();
4576
4577 /*
4578 * If the directory is transmuting and the rule
4579 * providing access is transmuting use the containing
4580 * directory label instead of the process label.
4581 */
4582 if (may > 0 && (may & MAY_TRANSMUTE))
4583 ntsp->smk_task = isp->smk_inode;
4584 }
4585 return 0;
4586 }
4587
4588 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
4589 .lbs_cred = sizeof(struct task_smack),
4590 .lbs_file = sizeof(struct smack_known *),
4591 .lbs_inode = sizeof(struct inode_smack),
4592 .lbs_ipc = sizeof(struct smack_known *),
4593 .lbs_msg_msg = sizeof(struct smack_known *),
4594 };
4595
4596 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
4597 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4598 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4599 LSM_HOOK_INIT(syslog, smack_syslog),
4600
4601 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
4602 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4603
4604 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4605 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
4606 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
4607 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
4608 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4609 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4610
4611 LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
4612
4613 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4614 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4615 LSM_HOOK_INIT(inode_link, smack_inode_link),
4616 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4617 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4618 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4619 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4620 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4621 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4622 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4623 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4624 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4625 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4626 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4627 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4628 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4629 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4630
4631 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4632 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4633 LSM_HOOK_INIT(file_lock, smack_file_lock),
4634 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4635 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4636 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4637 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4638 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4639 LSM_HOOK_INIT(file_receive, smack_file_receive),
4640
4641 LSM_HOOK_INIT(file_open, smack_file_open),
4642
4643 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4644 LSM_HOOK_INIT(cred_free, smack_cred_free),
4645 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4646 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4647 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
4648 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4649 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4650 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4651 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4652 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4653 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4654 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4655 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4656 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4657 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4658 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4659 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4660 LSM_HOOK_INIT(task_kill, smack_task_kill),
4661 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4662
4663 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4664 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4665
4666 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4667
4668 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4669 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4670 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4671 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4672 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4673
4674 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4675 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4676 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4677 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4678
4679 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4680 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4681 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4682 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4683
4684 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4685
4686 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4687 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4688
4689 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4690 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4691
4692 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4693 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
4694 #ifdef SMACK_IPV6_PORT_LABELING
4695 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4696 #endif
4697 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4698 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4699 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4700 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4701 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4702 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4703 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4704 LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4705 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4706 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4707
4708 /* key management security hooks */
4709 #ifdef CONFIG_KEYS
4710 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4711 LSM_HOOK_INIT(key_free, smack_key_free),
4712 LSM_HOOK_INIT(key_permission, smack_key_permission),
4713 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4714 #endif /* CONFIG_KEYS */
4715
4716 /* Audit hooks */
4717 #ifdef CONFIG_AUDIT
4718 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4719 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4720 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4721 #endif /* CONFIG_AUDIT */
4722
4723 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4724 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4725 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4726 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4727 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4728 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4729 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4730 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4731 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
4732 };
4733
4734
init_smack_known_list(void)4735 static __init void init_smack_known_list(void)
4736 {
4737 /*
4738 * Initialize rule list locks
4739 */
4740 mutex_init(&smack_known_huh.smk_rules_lock);
4741 mutex_init(&smack_known_hat.smk_rules_lock);
4742 mutex_init(&smack_known_floor.smk_rules_lock);
4743 mutex_init(&smack_known_star.smk_rules_lock);
4744 mutex_init(&smack_known_web.smk_rules_lock);
4745 /*
4746 * Initialize rule lists
4747 */
4748 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4749 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4750 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4751 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4752 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4753 /*
4754 * Create the known labels list
4755 */
4756 smk_insert_entry(&smack_known_huh);
4757 smk_insert_entry(&smack_known_hat);
4758 smk_insert_entry(&smack_known_star);
4759 smk_insert_entry(&smack_known_floor);
4760 smk_insert_entry(&smack_known_web);
4761 }
4762
4763 /**
4764 * smack_init - initialize the smack system
4765 *
4766 * Returns 0 on success, -ENOMEM is there's no memory
4767 */
smack_init(void)4768 static __init int smack_init(void)
4769 {
4770 struct cred *cred = (struct cred *) current->cred;
4771 struct task_smack *tsp;
4772
4773 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4774 if (!smack_inode_cache)
4775 return -ENOMEM;
4776
4777 smack_rule_cache = KMEM_CACHE(smack_rule, 0);
4778 if (!smack_rule_cache) {
4779 kmem_cache_destroy(smack_inode_cache);
4780 return -ENOMEM;
4781 }
4782
4783 /*
4784 * Set the security state for the initial task.
4785 */
4786 tsp = smack_cred(cred);
4787 init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
4788
4789 /*
4790 * Register with LSM
4791 */
4792 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
4793 smack_enabled = 1;
4794
4795 pr_info("Smack: Initializing.\n");
4796 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4797 pr_info("Smack: Netfilter enabled.\n");
4798 #endif
4799 #ifdef SMACK_IPV6_PORT_LABELING
4800 pr_info("Smack: IPv6 port labeling enabled.\n");
4801 #endif
4802 #ifdef SMACK_IPV6_SECMARK_LABELING
4803 pr_info("Smack: IPv6 Netfilter enabled.\n");
4804 #endif
4805
4806 /* initialize the smack_known_list */
4807 init_smack_known_list();
4808
4809 return 0;
4810 }
4811
4812 /*
4813 * Smack requires early initialization in order to label
4814 * all processes and objects when they are created.
4815 */
4816 DEFINE_LSM(smack) = {
4817 .name = "smack",
4818 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
4819 .blobs = &smack_blob_sizes,
4820 .init = smack_init,
4821 };
4822