Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
smack.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2007 Casey Schaufler <[email protected]>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation, version 2.
7  *
8  * Author:
9  * Casey Schaufler <[email protected]>
10  *
11  */
12 
13 #ifndef _SECURITY_SMACK_H
14 #define _SECURITY_SMACK_H
15 
16 #include <linux/capability.h>
17 #include <linux/spinlock.h>
18 #include <linux/security.h>
19 #include <linux/in.h>
20 #include <net/netlabel.h>
21 #include <linux/list.h>
22 #include <linux/rculist.h>
23 #include <linux/lsm_audit.h>
24 
25 /*
26  * Smack labels were limited to 23 characters for a long time.
27  */
28 #define SMK_LABELLEN 24
29 #define SMK_LONGLABEL 256
30 
31 /*
32  * Maximum number of bytes for the levels in a CIPSO IP option.
33  * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is
34  * bigger than can be used, and 24 is the next lower multiple
35  * of 8, and there are too many issues if there isn't space set
36  * aside for the terminating null byte.
37  */
38 #define SMK_CIPSOLEN 24
39 
41  char *smk_root;
42  char *smk_floor;
43  char *smk_hat;
44  char *smk_default;
46 };
47 
48 struct socket_smack {
49  char *smk_out; /* outbound label */
50  char *smk_in; /* inbound label */
51  char *smk_packet; /* TCP peer label */
52 };
53 
54 /*
55  * Inode smack data
56  */
57 struct inode_smack {
58  char *smk_inode; /* label of the fso */
59  char *smk_task; /* label of the task */
60  char *smk_mmap; /* label of the mmap domain */
61  struct mutex smk_lock; /* initialization lock */
62  int smk_flags; /* smack inode flags */
63 };
64 
65 struct task_smack {
66  char *smk_task; /* label for access control */
67  char *smk_forked; /* label when forked */
68  struct list_head smk_rules; /* per task access rules */
69  struct mutex smk_rules_lock; /* lock for the rules */
70 };
71 
72 #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */
73 #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */
74 #define SMK_INODE_CHANGED 0x04 /* smack was transmuted */
75 
76 /*
77  * A label access rule.
78  */
79 struct smack_rule {
80  struct list_head list;
81  char *smk_subject;
82  char *smk_object;
84 };
85 
86 /*
87  * An entry in the table identifying hosts.
88  */
90  struct list_head list;
91  struct sockaddr_in smk_host; /* network address */
92  struct in_addr smk_mask; /* network mask */
93  char *smk_label; /* label */
94 };
95 
96 /*
97  * This is the repository for labels seen so that it is
98  * not necessary to keep allocating tiny chuncks of memory
99  * and so that they can be shared.
100  *
101  * Labels are never modified in place. Anytime a label
102  * is imported (e.g. xattrset on a file) the list is checked
103  * for it and it is added if it doesn't exist. The address
104  * is passed out in either case. Entries are added, but
105  * never deleted.
106  *
107  * Since labels are hanging around anyway it doesn't
108  * hurt to maintain a secid for those awkward situations
109  * where kernel components that ought to use LSM independent
110  * interfaces don't. The secid should go away when all of
111  * these components have been repaired.
112  *
113  * The cipso value associated with the label gets stored here, too.
114  *
115  * Keep the access rules for this subject label here so that
116  * the entire set of rules does not need to be examined every
117  * time.
118  */
119 struct smack_known {
120  struct list_head list;
121  char *smk_known;
123  struct netlbl_lsm_secattr smk_netlabel; /* on wire labels */
124  struct list_head smk_rules; /* access rules */
125  struct mutex smk_rules_lock; /* lock for rules */
126 };
127 
128 /*
129  * Mount options
130  */
131 #define SMK_FSDEFAULT "smackfsdef="
132 #define SMK_FSFLOOR "smackfsfloor="
133 #define SMK_FSHAT "smackfshat="
134 #define SMK_FSROOT "smackfsroot="
135 
136 #define SMACK_CIPSO_OPTION "-CIPSO"
137 
138 /*
139  * How communications on this socket are treated.
140  * Usually it's determined by the underlying netlabel code
141  * but there are certain cases, including single label hosts
142  * and potentially single label interfaces for which the
143  * treatment can not be known in advance.
144  *
145  * The possibility of additional labeling schemes being
146  * introduced in the future exists as well.
147  */
148 #define SMACK_UNLABELED_SOCKET 0
149 #define SMACK_CIPSO_SOCKET 1
150 
151 /*
152  * smackfs magic number
153  */
154 #define SMACK_MAGIC 0x43415d53 /* "SMAC" */
155 
156 /*
157  * CIPSO defaults.
158  */
159 #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */
160 #define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */
161 #define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */
162 #define SMACK_CIPSO_MAPPED_DEFAULT 251 /* Also arbitrary */
163 #define SMACK_CIPSO_MAXCATVAL 63 /* Bigger gets harder */
164 #define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */
165 #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */
166 
167 /*
168  * Flag for transmute access
169  */
170 #define MAY_TRANSMUTE 64
171 /*
172  * Just to make the common cases easier to deal with
173  */
174 #define MAY_ANYREAD (MAY_READ | MAY_EXEC)
175 #define MAY_READWRITE (MAY_READ | MAY_WRITE)
176 #define MAY_NOT 0
177 
178 /*
179  * Number of access types used by Smack (rwxat)
180  */
181 #define SMK_NUM_ACCESS_TYPE 5
182 
183 /* SMACK data */
185  const char *function;
186  char *subject;
187  char *object;
188  char *request;
189  int result;
190 };
191 
192 /*
193  * Smack audit data; is empty if CONFIG_AUDIT not set
194  * to save some stack
195  */
197 #ifdef CONFIG_AUDIT
198  struct common_audit_data a;
199  struct smack_audit_data sad;
200 #endif
201 };
202 /*
203  * These functions are in smack_lsm.c
204  */
205 struct inode_smack *new_inode_smack(char *);
206 
207 /*
208  * These functions are in smack_access.c
209  */
210 int smk_access_entry(char *, char *, struct list_head *);
211 int smk_access(char *, char *, int, struct smk_audit_info *);
212 int smk_curacc(char *, u32, struct smk_audit_info *);
213 char *smack_from_secid(const u32);
214 char *smk_parse_smack(const char *string, int len);
215 int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int);
216 char *smk_import(const char *, int);
217 struct smack_known *smk_import_entry(const char *, int);
218 struct smack_known *smk_find_entry(const char *);
219 u32 smack_to_secid(const char *);
220 
221 /*
222  * Shared data.
223  */
224 extern int smack_cipso_direct;
225 extern int smack_cipso_mapped;
226 extern char *smack_net_ambient;
227 extern char *smack_onlycap;
228 extern const char *smack_cipso_option;
229 
230 extern struct smack_known smack_known_floor;
231 extern struct smack_known smack_known_hat;
232 extern struct smack_known smack_known_huh;
233 extern struct smack_known smack_known_invalid;
234 extern struct smack_known smack_known_star;
235 extern struct smack_known smack_known_web;
236 
237 extern struct mutex smack_known_lock;
238 extern struct list_head smack_known_list;
239 extern struct list_head smk_netlbladdr_list;
240 
241 extern struct security_operations smack_ops;
242 
243 /*
244  * Is the directory transmuting?
245  */
246 static inline int smk_inode_transmutable(const struct inode *isp)
247 {
248  struct inode_smack *sip = isp->i_security;
249  return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
250 }
251 
252 /*
253  * Present a pointer to the smack label in an inode blob.
254  */
255 static inline char *smk_of_inode(const struct inode *isp)
256 {
257  struct inode_smack *sip = isp->i_security;
258  return sip->smk_inode;
259 }
260 
261 /*
262  * Present a pointer to the smack label in an task blob.
263  */
264 static inline char *smk_of_task(const struct task_smack *tsp)
265 {
266  return tsp->smk_task;
267 }
268 
269 /*
270  * Present a pointer to the forked smack label in an task blob.
271  */
272 static inline char *smk_of_forked(const struct task_smack *tsp)
273 {
274  return tsp->smk_forked;
275 }
276 
277 /*
278  * Present a pointer to the smack label in the current task blob.
279  */
280 static inline char *smk_of_current(void)
281 {
282  return smk_of_task(current_security());
283 }
284 
285 /*
286  * Is the task privileged and allowed to be privileged
287  * by the onlycap rule.
288  */
289 static inline int smack_privileged(int cap)
290 {
291  if (!capable(cap))
292  return 0;
293  if (smack_onlycap == NULL || smack_onlycap == smk_of_current())
294  return 1;
295  return 0;
296 }
297 
298 /*
299  * logging functions
300  */
301 #define SMACK_AUDIT_DENIED 0x1
302 #define SMACK_AUDIT_ACCEPT 0x2
303 extern int log_policy;
304 
305 void smack_log(char *subject_label, char *object_label,
306  int request,
307  int result, struct smk_audit_info *auditdata);
308 
309 #ifdef CONFIG_AUDIT
310 
311 /*
312  * some inline functions to set up audit data
313  * they do nothing if CONFIG_AUDIT is not set
314  *
315  */
316 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
317  char type)
318 {
319  memset(&a->sad, 0, sizeof(a->sad));
320  a->a.type = type;
321  a->a.smack_audit_data = &a->sad;
322  a->a.smack_audit_data->function = func;
323 }
324 
325 static inline void smk_ad_init_net(struct smk_audit_info *a, const char *func,
326  char type, struct lsm_network_audit *net)
327 {
328  smk_ad_init(a, func, type);
329  memset(net, 0, sizeof(*net));
330  a->a.u.net = net;
331 }
332 
333 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
334  struct task_struct *t)
335 {
336  a->a.u.tsk = t;
337 }
338 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
339  struct dentry *d)
340 {
341  a->a.u.dentry = d;
342 }
343 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
344  struct inode *i)
345 {
346  a->a.u.inode = i;
347 }
348 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
349  struct path p)
350 {
351  a->a.u.path = p;
352 }
353 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
354  struct sock *sk)
355 {
356  a->a.u.net->sk = sk;
357 }
358 
359 #else /* no AUDIT */
360 
361 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
362  char type)
363 {
364 }
365 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
366  struct task_struct *t)
367 {
368 }
369 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
370  struct dentry *d)
371 {
372 }
373 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
374  struct vfsmount *m)
375 {
376 }
377 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
378  struct inode *i)
379 {
380 }
381 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
382  struct path p)
383 {
384 }
385 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
386  struct sock *sk)
387 {
388 }
389 #endif
390 
391 #endif /* _SECURITY_SMACK_H */