Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
smack_lsm.c
Go to the documentation of this file.
1 /*
2  * Simplified MAC Kernel (smack) security module
3  *
4  * This file contains the smack hook function implementations.
5  *
6  * Authors:
7  * Casey Schaufler <[email protected]>
8  * Jarkko Sakkinen <[email protected]>
9  *
10  * Copyright (C) 2007 Casey Schaufler <[email protected]>
11  * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
12  * Paul Moore <[email protected]>
13  * Copyright (C) 2010 Nokia Corporation
14  * Copyright (C) 2011 Intel Corporation.
15  *
16  * This program is free software; you can redistribute it and/or modify
17  * it under the terms of the GNU General Public License version 2,
18  * as published by the Free Software Foundation.
19  */
20 
21 #include <linux/xattr.h>
22 #include <linux/pagemap.h>
23 #include <linux/mount.h>
24 #include <linux/stat.h>
25 #include <linux/kd.h>
26 #include <asm/ioctls.h>
27 #include <linux/ip.h>
28 #include <linux/tcp.h>
29 #include <linux/udp.h>
30 #include <linux/slab.h>
31 #include <linux/mutex.h>
32 #include <linux/pipe_fs_i.h>
33 #include <net/cipso_ipv4.h>
34 #include <linux/audit.h>
35 #include <linux/magic.h>
36 #include <linux/dcache.h>
37 #include <linux/personality.h>
38 #include <linux/msg.h>
39 #include <linux/shm.h>
40 #include <linux/binfmts.h>
41 #include "smack.h"
42 
43 #define task_security(task) (task_cred_xxx((task), security))
44 
45 #define TRANS_TRUE "TRUE"
46 #define TRANS_TRUE_SIZE 4
47 
56 static char *smk_fetch(const char *name, struct inode *ip, struct dentry *dp)
57 {
58  int rc;
59  char *buffer;
60  char *result = NULL;
61 
62  if (ip->i_op->getxattr == NULL)
63  return NULL;
64 
65  buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
66  if (buffer == NULL)
67  return NULL;
68 
69  rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
70  if (rc > 0)
71  result = smk_import(buffer, rc);
72 
73  kfree(buffer);
74 
75  return result;
76 }
77 
84 struct inode_smack *new_inode_smack(char *smack)
85 {
86  struct inode_smack *isp;
87 
88  isp = kzalloc(sizeof(struct inode_smack), GFP_NOFS);
89  if (isp == NULL)
90  return NULL;
91 
92  isp->smk_inode = smack;
93  isp->smk_flags = 0;
94  mutex_init(&isp->smk_lock);
95 
96  return isp;
97 }
98 
105 static struct task_smack *new_task_smack(char *task, char *forked, gfp_t gfp)
106 {
107  struct task_smack *tsp;
108 
109  tsp = kzalloc(sizeof(struct task_smack), gfp);
110  if (tsp == NULL)
111  return NULL;
112 
113  tsp->smk_task = task;
114  tsp->smk_forked = forked;
115  INIT_LIST_HEAD(&tsp->smk_rules);
116  mutex_init(&tsp->smk_rules_lock);
117 
118  return tsp;
119 }
120 
128 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
129  gfp_t gfp)
130 {
131  struct smack_rule *nrp;
132  struct smack_rule *orp;
133  int rc = 0;
134 
135  INIT_LIST_HEAD(nhead);
136 
137  list_for_each_entry_rcu(orp, ohead, list) {
138  nrp = kzalloc(sizeof(struct smack_rule), gfp);
139  if (nrp == NULL) {
140  rc = -ENOMEM;
141  break;
142  }
143  *nrp = *orp;
144  list_add_rcu(&nrp->list, nhead);
145  }
146  return rc;
147 }
148 
149 /*
150  * LSM hooks.
151  * We he, that is fun!
152  */
153 
163 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
164 {
165  int rc;
166  struct smk_audit_info ad;
167  char *tsp;
168 
169  rc = cap_ptrace_access_check(ctp, mode);
170  if (rc != 0)
171  return rc;
172 
173  tsp = smk_of_task(task_security(ctp));
174  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
175  smk_ad_setfield_u_tsk(&ad, ctp);
176 
177  rc = smk_curacc(tsp, MAY_READWRITE, &ad);
178  return rc;
179 }
180 
189 static int smack_ptrace_traceme(struct task_struct *ptp)
190 {
191  int rc;
192  struct smk_audit_info ad;
193  char *tsp;
194 
195  rc = cap_ptrace_traceme(ptp);
196  if (rc != 0)
197  return rc;
198 
199  tsp = smk_of_task(task_security(ptp));
200  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
201  smk_ad_setfield_u_tsk(&ad, ptp);
202 
203  rc = smk_curacc(tsp, MAY_READWRITE, &ad);
204  return rc;
205 }
206 
215 static int smack_syslog(int typefrom_file)
216 {
217  int rc = 0;
218  char *sp = smk_of_current();
219 
220  if (smack_privileged(CAP_MAC_OVERRIDE))
221  return 0;
222 
223  if (sp != smack_known_floor.smk_known)
224  rc = -EACCES;
225 
226  return rc;
227 }
228 
229 
230 /*
231  * Superblock Hooks.
232  */
233 
240 static int smack_sb_alloc_security(struct super_block *sb)
241 {
242  struct superblock_smack *sbsp;
243 
244  sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
245 
246  if (sbsp == NULL)
247  return -ENOMEM;
248 
249  sbsp->smk_root = smack_known_floor.smk_known;
250  sbsp->smk_default = smack_known_floor.smk_known;
251  sbsp->smk_floor = smack_known_floor.smk_known;
252  sbsp->smk_hat = smack_known_hat.smk_known;
253  sbsp->smk_initialized = 0;
254 
255  sb->s_security = sbsp;
256 
257  return 0;
258 }
259 
265 static void smack_sb_free_security(struct super_block *sb)
266 {
267  kfree(sb->s_security);
268  sb->s_security = NULL;
269 }
270 
281 static int smack_sb_copy_data(char *orig, char *smackopts)
282 {
283  char *cp, *commap, *otheropts, *dp;
284 
285  otheropts = (char *)get_zeroed_page(GFP_KERNEL);
286  if (otheropts == NULL)
287  return -ENOMEM;
288 
289  for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
290  if (strstr(cp, SMK_FSDEFAULT) == cp)
291  dp = smackopts;
292  else if (strstr(cp, SMK_FSFLOOR) == cp)
293  dp = smackopts;
294  else if (strstr(cp, SMK_FSHAT) == cp)
295  dp = smackopts;
296  else if (strstr(cp, SMK_FSROOT) == cp)
297  dp = smackopts;
298  else
299  dp = otheropts;
300 
301  commap = strchr(cp, ',');
302  if (commap != NULL)
303  *commap = '\0';
304 
305  if (*dp != '\0')
306  strcat(dp, ",");
307  strcat(dp, cp);
308  }
309 
310  strcpy(orig, otheropts);
311  free_page((unsigned long)otheropts);
312 
313  return 0;
314 }
315 
324 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
325 {
326  struct dentry *root = sb->s_root;
327  struct inode *inode = root->d_inode;
328  struct superblock_smack *sp = sb->s_security;
329  struct inode_smack *isp;
330  char *op;
331  char *commap;
332  char *nsp;
333 
334  if (sp->smk_initialized != 0)
335  return 0;
336 
337  sp->smk_initialized = 1;
338 
339  for (op = data; op != NULL; op = commap) {
340  commap = strchr(op, ',');
341  if (commap != NULL)
342  *commap++ = '\0';
343 
344  if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
345  op += strlen(SMK_FSHAT);
346  nsp = smk_import(op, 0);
347  if (nsp != NULL)
348  sp->smk_hat = nsp;
349  } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
350  op += strlen(SMK_FSFLOOR);
351  nsp = smk_import(op, 0);
352  if (nsp != NULL)
353  sp->smk_floor = nsp;
354  } else if (strncmp(op, SMK_FSDEFAULT,
355  strlen(SMK_FSDEFAULT)) == 0) {
356  op += strlen(SMK_FSDEFAULT);
357  nsp = smk_import(op, 0);
358  if (nsp != NULL)
359  sp->smk_default = nsp;
360  } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
361  op += strlen(SMK_FSROOT);
362  nsp = smk_import(op, 0);
363  if (nsp != NULL)
364  sp->smk_root = nsp;
365  }
366  }
367 
368  /*
369  * Initialize the root inode.
370  */
371  isp = inode->i_security;
372  if (isp == NULL)
373  inode->i_security = new_inode_smack(sp->smk_root);
374  else
375  isp->smk_inode = sp->smk_root;
376 
377  return 0;
378 }
379 
387 static int smack_sb_statfs(struct dentry *dentry)
388 {
389  struct superblock_smack *sbp = dentry->d_sb->s_security;
390  int rc;
391  struct smk_audit_info ad;
392 
393  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
394  smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
395 
396  rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
397  return rc;
398 }
399 
411 static int smack_sb_mount(const char *dev_name, struct path *path,
412  const char *type, unsigned long flags, void *data)
413 {
414  struct superblock_smack *sbp = path->dentry->d_sb->s_security;
415  struct smk_audit_info ad;
416 
417  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
418  smk_ad_setfield_u_fs_path(&ad, *path);
419 
420  return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
421 }
422 
431 static int smack_sb_umount(struct vfsmount *mnt, int flags)
432 {
433  struct superblock_smack *sbp;
434  struct smk_audit_info ad;
435  struct path path;
436 
437  path.dentry = mnt->mnt_root;
438  path.mnt = mnt;
439 
440  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
441  smk_ad_setfield_u_fs_path(&ad, path);
442 
443  sbp = path.dentry->d_sb->s_security;
444  return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
445 }
446 
447 /*
448  * BPRM hooks
449  */
450 
457 static int smack_bprm_set_creds(struct linux_binprm *bprm)
458 {
459  struct inode *inode = bprm->file->f_path.dentry->d_inode;
460  struct task_smack *bsp = bprm->cred->security;
461  struct inode_smack *isp;
462  int rc;
463 
464  rc = cap_bprm_set_creds(bprm);
465  if (rc != 0)
466  return rc;
467 
468  if (bprm->cred_prepared)
469  return 0;
470 
471  isp = inode->i_security;
472  if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
473  return 0;
474 
475  if (bprm->unsafe)
476  return -EPERM;
477 
478  bsp->smk_task = isp->smk_task;
479  bprm->per_clear |= PER_CLEAR_ON_SETID;
480 
481  return 0;
482 }
483 
490 static void smack_bprm_committing_creds(struct linux_binprm *bprm)
491 {
492  struct task_smack *bsp = bprm->cred->security;
493 
494  if (bsp->smk_task != bsp->smk_forked)
495  current->pdeath_signal = 0;
496 }
497 
504 static int smack_bprm_secureexec(struct linux_binprm *bprm)
505 {
506  struct task_smack *tsp = current_security();
507  int ret = cap_bprm_secureexec(bprm);
508 
509  if (!ret && (tsp->smk_task != tsp->smk_forked))
510  ret = 1;
511 
512  return ret;
513 }
514 
515 /*
516  * Inode hooks
517  */
518 
525 static int smack_inode_alloc_security(struct inode *inode)
526 {
527  inode->i_security = new_inode_smack(smk_of_current());
528  if (inode->i_security == NULL)
529  return -ENOMEM;
530  return 0;
531 }
532 
539 static void smack_inode_free_security(struct inode *inode)
540 {
541  kfree(inode->i_security);
542  inode->i_security = NULL;
543 }
544 
556 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
557  const struct qstr *qstr, char **name,
558  void **value, size_t *len)
559 {
560  struct smack_known *skp;
561  struct inode_smack *issp = inode->i_security;
562  char *csp = smk_of_current();
563  char *isp = smk_of_inode(inode);
564  char *dsp = smk_of_inode(dir);
565  int may;
566 
567  if (name) {
568  *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_NOFS);
569  if (*name == NULL)
570  return -ENOMEM;
571  }
572 
573  if (value) {
574  skp = smk_find_entry(csp);
575  rcu_read_lock();
576  may = smk_access_entry(csp, dsp, &skp->smk_rules);
577  rcu_read_unlock();
578 
579  /*
580  * If the access rule allows transmutation and
581  * the directory requests transmutation then
582  * by all means transmute.
583  * Mark the inode as changed.
584  */
585  if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
586  smk_inode_transmutable(dir)) {
587  isp = dsp;
588  issp->smk_flags |= SMK_INODE_CHANGED;
589  }
590 
591  *value = kstrdup(isp, GFP_NOFS);
592  if (*value == NULL)
593  return -ENOMEM;
594  }
595 
596  if (len)
597  *len = strlen(isp) + 1;
598 
599  return 0;
600 }
601 
610 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
611  struct dentry *new_dentry)
612 {
613  char *isp;
614  struct smk_audit_info ad;
615  int rc;
616 
617  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
618  smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
619 
620  isp = smk_of_inode(old_dentry->d_inode);
621  rc = smk_curacc(isp, MAY_WRITE, &ad);
622 
623  if (rc == 0 && new_dentry->d_inode != NULL) {
624  isp = smk_of_inode(new_dentry->d_inode);
625  smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
626  rc = smk_curacc(isp, MAY_WRITE, &ad);
627  }
628 
629  return rc;
630 }
631 
640 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
641 {
642  struct inode *ip = dentry->d_inode;
643  struct smk_audit_info ad;
644  int rc;
645 
646  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
647  smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
648 
649  /*
650  * You need write access to the thing you're unlinking
651  */
652  rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
653  if (rc == 0) {
654  /*
655  * You also need write access to the containing directory
656  */
657  smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
658  smk_ad_setfield_u_fs_inode(&ad, dir);
659  rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
660  }
661  return rc;
662 }
663 
672 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
673 {
674  struct smk_audit_info ad;
675  int rc;
676 
677  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
678  smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
679 
680  /*
681  * You need write access to the thing you're removing
682  */
683  rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
684  if (rc == 0) {
685  /*
686  * You also need write access to the containing directory
687  */
688  smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
689  smk_ad_setfield_u_fs_inode(&ad, dir);
690  rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
691  }
692 
693  return rc;
694 }
695 
708 static int smack_inode_rename(struct inode *old_inode,
709  struct dentry *old_dentry,
710  struct inode *new_inode,
711  struct dentry *new_dentry)
712 {
713  int rc;
714  char *isp;
715  struct smk_audit_info ad;
716 
717  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
718  smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
719 
720  isp = smk_of_inode(old_dentry->d_inode);
721  rc = smk_curacc(isp, MAY_READWRITE, &ad);
722 
723  if (rc == 0 && new_dentry->d_inode != NULL) {
724  isp = smk_of_inode(new_dentry->d_inode);
725  smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
726  rc = smk_curacc(isp, MAY_READWRITE, &ad);
727  }
728  return rc;
729 }
730 
740 static int smack_inode_permission(struct inode *inode, int mask)
741 {
742  struct smk_audit_info ad;
743  int no_block = mask & MAY_NOT_BLOCK;
744 
745  mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
746  /*
747  * No permission to check. Existence test. Yup, it's there.
748  */
749  if (mask == 0)
750  return 0;
751 
752  /* May be droppable after audit */
753  if (no_block)
754  return -ECHILD;
755  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
756  smk_ad_setfield_u_fs_inode(&ad, inode);
757  return smk_curacc(smk_of_inode(inode), mask, &ad);
758 }
759 
767 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
768 {
769  struct smk_audit_info ad;
770  /*
771  * Need to allow for clearing the setuid bit.
772  */
773  if (iattr->ia_valid & ATTR_FORCE)
774  return 0;
775  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
776  smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
777 
778  return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
779 }
780 
788 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
789 {
790  struct smk_audit_info ad;
791  struct path path;
792 
793  path.dentry = dentry;
794  path.mnt = mnt;
795 
796  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
797  smk_ad_setfield_u_fs_path(&ad, path);
798  return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
799 }
800 
813 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
814  const void *value, size_t size, int flags)
815 {
816  struct smk_audit_info ad;
817  int rc = 0;
818 
819  if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
820  strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
821  strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
822  strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
823  strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
824  if (!smack_privileged(CAP_MAC_ADMIN))
825  rc = -EPERM;
826  /*
827  * check label validity here so import wont fail on
828  * post_setxattr
829  */
830  if (size == 0 || size >= SMK_LONGLABEL ||
831  smk_import(value, size) == NULL)
832  rc = -EINVAL;
833  } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
834  if (!smack_privileged(CAP_MAC_ADMIN))
835  rc = -EPERM;
836  if (size != TRANS_TRUE_SIZE ||
837  strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
838  rc = -EINVAL;
839  } else
840  rc = cap_inode_setxattr(dentry, name, value, size, flags);
841 
842  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
843  smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
844 
845  if (rc == 0)
846  rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
847 
848  return rc;
849 }
850 
862 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
863  const void *value, size_t size, int flags)
864 {
865  char *nsp;
866  struct inode_smack *isp = dentry->d_inode->i_security;
867 
868  if (strcmp(name, XATTR_NAME_SMACK) == 0) {
869  nsp = smk_import(value, size);
870  if (nsp != NULL)
871  isp->smk_inode = nsp;
872  else
873  isp->smk_inode = smack_known_invalid.smk_known;
874  } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
875  nsp = smk_import(value, size);
876  if (nsp != NULL)
877  isp->smk_task = nsp;
878  else
879  isp->smk_task = smack_known_invalid.smk_known;
880  } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
881  nsp = smk_import(value, size);
882  if (nsp != NULL)
883  isp->smk_mmap = nsp;
884  else
885  isp->smk_mmap = smack_known_invalid.smk_known;
886  } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
887  isp->smk_flags |= SMK_INODE_TRANSMUTE;
888 
889  return;
890 }
891 
899 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
900 {
901  struct smk_audit_info ad;
902 
903  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
904  smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
905 
906  return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
907 }
908 
918 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
919 {
920  struct inode_smack *isp;
921  struct smk_audit_info ad;
922  int rc = 0;
923 
924  if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
925  strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
926  strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
927  strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
928  strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
929  strcmp(name, XATTR_NAME_SMACKMMAP)) {
930  if (!smack_privileged(CAP_MAC_ADMIN))
931  rc = -EPERM;
932  } else
933  rc = cap_inode_removexattr(dentry, name);
934 
935  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
936  smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
937  if (rc == 0)
938  rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
939 
940  if (rc == 0) {
941  isp = dentry->d_inode->i_security;
942  isp->smk_task = NULL;
943  isp->smk_mmap = NULL;
944  }
945 
946  return rc;
947 }
948 
958 static int smack_inode_getsecurity(const struct inode *inode,
959  const char *name, void **buffer,
960  bool alloc)
961 {
962  struct socket_smack *ssp;
963  struct socket *sock;
964  struct super_block *sbp;
965  struct inode *ip = (struct inode *)inode;
966  char *isp;
967  int ilen;
968  int rc = 0;
969 
970  if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
971  isp = smk_of_inode(inode);
972  ilen = strlen(isp) + 1;
973  *buffer = isp;
974  return ilen;
975  }
976 
977  /*
978  * The rest of the Smack xattrs are only on sockets.
979  */
980  sbp = ip->i_sb;
981  if (sbp->s_magic != SOCKFS_MAGIC)
982  return -EOPNOTSUPP;
983 
984  sock = SOCKET_I(ip);
985  if (sock == NULL || sock->sk == NULL)
986  return -EOPNOTSUPP;
987 
988  ssp = sock->sk->sk_security;
989 
990  if (strcmp(name, XATTR_SMACK_IPIN) == 0)
991  isp = ssp->smk_in;
992  else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
993  isp = ssp->smk_out;
994  else
995  return -EOPNOTSUPP;
996 
997  ilen = strlen(isp) + 1;
998  if (rc == 0) {
999  *buffer = isp;
1000  rc = ilen;
1001  }
1002 
1003  return rc;
1004 }
1005 
1006 
1015 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1016  size_t buffer_size)
1017 {
1018  int len = strlen(XATTR_NAME_SMACK);
1019 
1020  if (buffer != NULL && len <= buffer_size) {
1021  memcpy(buffer, XATTR_NAME_SMACK, len);
1022  return len;
1023  }
1024  return -EINVAL;
1025 }
1026 
1032 static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1033 {
1034  struct inode_smack *isp = inode->i_security;
1035 
1036  *secid = smack_to_secid(isp->smk_inode);
1037 }
1038 
1039 /*
1040  * File Hooks
1041  */
1042 
1057 static int smack_file_permission(struct file *file, int mask)
1058 {
1059  return 0;
1060 }
1061 
1071 static int smack_file_alloc_security(struct file *file)
1072 {
1073  file->f_security = smk_of_current();
1074  return 0;
1075 }
1076 
1084 static void smack_file_free_security(struct file *file)
1085 {
1086  file->f_security = NULL;
1087 }
1088 
1099 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1100  unsigned long arg)
1101 {
1102  int rc = 0;
1103  struct smk_audit_info ad;
1104 
1105  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1106  smk_ad_setfield_u_fs_path(&ad, file->f_path);
1107 
1108  if (_IOC_DIR(cmd) & _IOC_WRITE)
1109  rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1110 
1111  if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
1112  rc = smk_curacc(file->f_security, MAY_READ, &ad);
1113 
1114  return rc;
1115 }
1116 
1124 static int smack_file_lock(struct file *file, unsigned int cmd)
1125 {
1126  struct smk_audit_info ad;
1127 
1128  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1129  smk_ad_setfield_u_fs_path(&ad, file->f_path);
1130  return smk_curacc(file->f_security, MAY_WRITE, &ad);
1131 }
1132 
1145 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1146  unsigned long arg)
1147 {
1148  struct smk_audit_info ad;
1149  int rc = 0;
1150 
1151 
1152  switch (cmd) {
1153  case F_GETLK:
1154  case F_SETLK:
1155  case F_SETLKW:
1156  case F_SETOWN:
1157  case F_SETSIG:
1158  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1159  smk_ad_setfield_u_fs_path(&ad, file->f_path);
1160  rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1161  break;
1162  default:
1163  break;
1164  }
1165 
1166  return rc;
1167 }
1168 
1179 static int smack_mmap_file(struct file *file,
1180  unsigned long reqprot, unsigned long prot,
1181  unsigned long flags)
1182 {
1183  struct smack_known *skp;
1184  struct smack_rule *srp;
1185  struct task_smack *tsp;
1186  char *sp;
1187  char *msmack;
1188  char *osmack;
1189  struct inode_smack *isp;
1190  struct dentry *dp;
1191  int may;
1192  int mmay;
1193  int tmay;
1194  int rc;
1195 
1196  if (file == NULL || file->f_dentry == NULL)
1197  return 0;
1198 
1199  dp = file->f_dentry;
1200 
1201  if (dp->d_inode == NULL)
1202  return 0;
1203 
1204  isp = dp->d_inode->i_security;
1205  if (isp->smk_mmap == NULL)
1206  return 0;
1207  msmack = isp->smk_mmap;
1208 
1209  tsp = current_security();
1210  sp = smk_of_current();
1211  skp = smk_find_entry(sp);
1212  rc = 0;
1213 
1214  rcu_read_lock();
1215  /*
1216  * For each Smack rule associated with the subject
1217  * label verify that the SMACK64MMAP also has access
1218  * to that rule's object label.
1219  */
1220  list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1221  osmack = srp->smk_object;
1222  /*
1223  * Matching labels always allows access.
1224  */
1225  if (msmack == osmack)
1226  continue;
1227  /*
1228  * If there is a matching local rule take
1229  * that into account as well.
1230  */
1231  may = smk_access_entry(srp->smk_subject, osmack,
1232  &tsp->smk_rules);
1233  if (may == -ENOENT)
1234  may = srp->smk_access;
1235  else
1236  may &= srp->smk_access;
1237  /*
1238  * If may is zero the SMACK64MMAP subject can't
1239  * possibly have less access.
1240  */
1241  if (may == 0)
1242  continue;
1243 
1244  /*
1245  * Fetch the global list entry.
1246  * If there isn't one a SMACK64MMAP subject
1247  * can't have as much access as current.
1248  */
1249  skp = smk_find_entry(msmack);
1250  mmay = smk_access_entry(msmack, osmack, &skp->smk_rules);
1251  if (mmay == -ENOENT) {
1252  rc = -EACCES;
1253  break;
1254  }
1255  /*
1256  * If there is a local entry it modifies the
1257  * potential access, too.
1258  */
1259  tmay = smk_access_entry(msmack, osmack, &tsp->smk_rules);
1260  if (tmay != -ENOENT)
1261  mmay &= tmay;
1262 
1263  /*
1264  * If there is any access available to current that is
1265  * not available to a SMACK64MMAP subject
1266  * deny access.
1267  */
1268  if ((may | mmay) != mmay) {
1269  rc = -EACCES;
1270  break;
1271  }
1272  }
1273 
1274  rcu_read_unlock();
1275 
1276  return rc;
1277 }
1278 
1286 static int smack_file_set_fowner(struct file *file)
1287 {
1288  file->f_security = smk_of_current();
1289  return 0;
1290 }
1291 
1303 static int smack_file_send_sigiotask(struct task_struct *tsk,
1304  struct fown_struct *fown, int signum)
1305 {
1306  struct file *file;
1307  int rc;
1308  char *tsp = smk_of_task(tsk->cred->security);
1309  struct smk_audit_info ad;
1310 
1311  /*
1312  * struct fown_struct is never outside the context of a struct file
1313  */
1314  file = container_of(fown, struct file, f_owner);
1315 
1316  /* we don't log here as rc can be overriden */
1317  rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);
1318  if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1319  rc = 0;
1320 
1321  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1322  smk_ad_setfield_u_tsk(&ad, tsk);
1323  smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad);
1324  return rc;
1325 }
1326 
1333 static int smack_file_receive(struct file *file)
1334 {
1335  int may = 0;
1336  struct smk_audit_info ad;
1337 
1338  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1339  smk_ad_setfield_u_fs_path(&ad, file->f_path);
1340  /*
1341  * This code relies on bitmasks.
1342  */
1343  if (file->f_mode & FMODE_READ)
1344  may = MAY_READ;
1345  if (file->f_mode & FMODE_WRITE)
1346  may |= MAY_WRITE;
1347 
1348  return smk_curacc(file->f_security, may, &ad);
1349 }
1350 
1360 static int smack_file_open(struct file *file, const struct cred *cred)
1361 {
1362  struct inode_smack *isp = file->f_path.dentry->d_inode->i_security;
1363 
1364  file->f_security = isp->smk_inode;
1365 
1366  return 0;
1367 }
1368 
1369 /*
1370  * Task hooks
1371  */
1372 
1382 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1383 {
1384  struct task_smack *tsp;
1385 
1386  tsp = new_task_smack(NULL, NULL, gfp);
1387  if (tsp == NULL)
1388  return -ENOMEM;
1389 
1390  cred->security = tsp;
1391 
1392  return 0;
1393 }
1394 
1395 
1401 static void smack_cred_free(struct cred *cred)
1402 {
1403  struct task_smack *tsp = cred->security;
1404  struct smack_rule *rp;
1405  struct list_head *l;
1406  struct list_head *n;
1407 
1408  if (tsp == NULL)
1409  return;
1410  cred->security = NULL;
1411 
1412  list_for_each_safe(l, n, &tsp->smk_rules) {
1413  rp = list_entry(l, struct smack_rule, list);
1414  list_del(&rp->list);
1415  kfree(rp);
1416  }
1417  kfree(tsp);
1418 }
1419 
1428 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1429  gfp_t gfp)
1430 {
1431  struct task_smack *old_tsp = old->security;
1432  struct task_smack *new_tsp;
1433  int rc;
1434 
1435  new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1436  if (new_tsp == NULL)
1437  return -ENOMEM;
1438 
1439  rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1440  if (rc != 0)
1441  return rc;
1442 
1443  new->security = new_tsp;
1444  return 0;
1445 }
1446 
1454 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1455 {
1456  struct task_smack *old_tsp = old->security;
1457  struct task_smack *new_tsp = new->security;
1458 
1459  new_tsp->smk_task = old_tsp->smk_task;
1460  new_tsp->smk_forked = old_tsp->smk_task;
1461  mutex_init(&new_tsp->smk_rules_lock);
1462  INIT_LIST_HEAD(&new_tsp->smk_rules);
1463 
1464 
1465  /* cbs copy rule list */
1466 }
1467 
1475 static int smack_kernel_act_as(struct cred *new, u32 secid)
1476 {
1477  struct task_smack *new_tsp = new->security;
1478  char *smack = smack_from_secid(secid);
1479 
1480  if (smack == NULL)
1481  return -EINVAL;
1482 
1483  new_tsp->smk_task = smack;
1484  return 0;
1485 }
1486 
1495 static int smack_kernel_create_files_as(struct cred *new,
1496  struct inode *inode)
1497 {
1498  struct inode_smack *isp = inode->i_security;
1499  struct task_smack *tsp = new->security;
1500 
1501  tsp->smk_forked = isp->smk_inode;
1502  tsp->smk_task = isp->smk_inode;
1503  return 0;
1504 }
1505 
1514 static int smk_curacc_on_task(struct task_struct *p, int access,
1515  const char *caller)
1516 {
1517  struct smk_audit_info ad;
1518 
1519  smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1520  smk_ad_setfield_u_tsk(&ad, p);
1521  return smk_curacc(smk_of_task(task_security(p)), access, &ad);
1522 }
1523 
1531 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1532 {
1533  return smk_curacc_on_task(p, MAY_WRITE, __func__);
1534 }
1535 
1542 static int smack_task_getpgid(struct task_struct *p)
1543 {
1544  return smk_curacc_on_task(p, MAY_READ, __func__);
1545 }
1546 
1553 static int smack_task_getsid(struct task_struct *p)
1554 {
1555  return smk_curacc_on_task(p, MAY_READ, __func__);
1556 }
1557 
1565 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1566 {
1567  *secid = smack_to_secid(smk_of_task(task_security(p)));
1568 }
1569 
1577 static int smack_task_setnice(struct task_struct *p, int nice)
1578 {
1579  int rc;
1580 
1581  rc = cap_task_setnice(p, nice);
1582  if (rc == 0)
1583  rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1584  return rc;
1585 }
1586 
1594 static int smack_task_setioprio(struct task_struct *p, int ioprio)
1595 {
1596  int rc;
1597 
1598  rc = cap_task_setioprio(p, ioprio);
1599  if (rc == 0)
1600  rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1601  return rc;
1602 }
1603 
1610 static int smack_task_getioprio(struct task_struct *p)
1611 {
1612  return smk_curacc_on_task(p, MAY_READ, __func__);
1613 }
1614 
1623 static int smack_task_setscheduler(struct task_struct *p)
1624 {
1625  int rc;
1626 
1627  rc = cap_task_setscheduler(p);
1628  if (rc == 0)
1629  rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1630  return rc;
1631 }
1632 
1639 static int smack_task_getscheduler(struct task_struct *p)
1640 {
1641  return smk_curacc_on_task(p, MAY_READ, __func__);
1642 }
1643 
1650 static int smack_task_movememory(struct task_struct *p)
1651 {
1652  return smk_curacc_on_task(p, MAY_WRITE, __func__);
1653 }
1654 
1667 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1668  int sig, u32 secid)
1669 {
1670  struct smk_audit_info ad;
1671 
1672  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1673  smk_ad_setfield_u_tsk(&ad, p);
1674  /*
1675  * Sending a signal requires that the sender
1676  * can write the receiver.
1677  */
1678  if (secid == 0)
1679  return smk_curacc(smk_of_task(task_security(p)), MAY_WRITE,
1680  &ad);
1681  /*
1682  * If the secid isn't 0 we're dealing with some USB IO
1683  * specific behavior. This is not clean. For one thing
1684  * we can't take privilege into account.
1685  */
1686  return smk_access(smack_from_secid(secid),
1687  smk_of_task(task_security(p)), MAY_WRITE, &ad);
1688 }
1689 
1696 static int smack_task_wait(struct task_struct *p)
1697 {
1698  /*
1699  * Allow the operation to succeed.
1700  * Zombies are bad.
1701  * In userless environments (e.g. phones) programs
1702  * get marked with SMACK64EXEC and even if the parent
1703  * and child shouldn't be talking the parent still
1704  * may expect to know when the child exits.
1705  */
1706  return 0;
1707 }
1708 
1716 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1717 {
1718  struct inode_smack *isp = inode->i_security;
1719  isp->smk_inode = smk_of_task(task_security(p));
1720 }
1721 
1722 /*
1723  * Socket hooks.
1724  */
1725 
1736 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1737 {
1738  char *csp = smk_of_current();
1739  struct socket_smack *ssp;
1740 
1741  ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
1742  if (ssp == NULL)
1743  return -ENOMEM;
1744 
1745  ssp->smk_in = csp;
1746  ssp->smk_out = csp;
1747  ssp->smk_packet = NULL;
1748 
1749  sk->sk_security = ssp;
1750 
1751  return 0;
1752 }
1753 
1760 static void smack_sk_free_security(struct sock *sk)
1761 {
1762  kfree(sk->sk_security);
1763 }
1764 
1777 static char *smack_host_label(struct sockaddr_in *sip)
1778 {
1779  struct smk_netlbladdr *snp;
1780  struct in_addr *siap = &sip->sin_addr;
1781 
1782  if (siap->s_addr == 0)
1783  return NULL;
1784 
1785  list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
1786  /*
1787  * we break after finding the first match because
1788  * the list is sorted from longest to shortest mask
1789  * so we have found the most specific match
1790  */
1791  if ((&snp->smk_host.sin_addr)->s_addr ==
1792  (siap->s_addr & (&snp->smk_mask)->s_addr)) {
1793  /* we have found the special CIPSO option */
1794  if (snp->smk_label == smack_cipso_option)
1795  return NULL;
1796  return snp->smk_label;
1797  }
1798 
1799  return NULL;
1800 }
1801 
1812 static int smack_netlabel(struct sock *sk, int labeled)
1813 {
1814  struct smack_known *skp;
1815  struct socket_smack *ssp = sk->sk_security;
1816  int rc = 0;
1817 
1818  /*
1819  * Usually the netlabel code will handle changing the
1820  * packet labeling based on the label.
1821  * The case of a single label host is different, because
1822  * a single label host should never get a labeled packet
1823  * even though the label is usually associated with a packet
1824  * label.
1825  */
1826  local_bh_disable();
1827  bh_lock_sock_nested(sk);
1828 
1829  if (ssp->smk_out == smack_net_ambient ||
1830  labeled == SMACK_UNLABELED_SOCKET)
1831  netlbl_sock_delattr(sk);
1832  else {
1833  skp = smk_find_entry(ssp->smk_out);
1834  rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
1835  }
1836 
1837  bh_unlock_sock(sk);
1838  local_bh_enable();
1839 
1840  return rc;
1841 }
1842 
1854 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
1855 {
1856  int rc;
1857  int sk_lbl;
1858  char *hostsp;
1859  struct socket_smack *ssp = sk->sk_security;
1860  struct smk_audit_info ad;
1861 
1862  rcu_read_lock();
1863  hostsp = smack_host_label(sap);
1864  if (hostsp != NULL) {
1865 #ifdef CONFIG_AUDIT
1866  struct lsm_network_audit net;
1867 
1868  smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
1869  ad.a.u.net->family = sap->sin_family;
1870  ad.a.u.net->dport = sap->sin_port;
1871  ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
1872 #endif
1873  sk_lbl = SMACK_UNLABELED_SOCKET;
1874  rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
1875  } else {
1876  sk_lbl = SMACK_CIPSO_SOCKET;
1877  rc = 0;
1878  }
1879  rcu_read_unlock();
1880  if (rc != 0)
1881  return rc;
1882 
1883  return smack_netlabel(sk, sk_lbl);
1884 }
1885 
1898 static int smack_inode_setsecurity(struct inode *inode, const char *name,
1899  const void *value, size_t size, int flags)
1900 {
1901  char *sp;
1902  struct inode_smack *nsp = inode->i_security;
1903  struct socket_smack *ssp;
1904  struct socket *sock;
1905  int rc = 0;
1906 
1907  if (value == NULL || size > SMK_LONGLABEL || size == 0)
1908  return -EACCES;
1909 
1910  sp = smk_import(value, size);
1911  if (sp == NULL)
1912  return -EINVAL;
1913 
1914  if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1915  nsp->smk_inode = sp;
1916  nsp->smk_flags |= SMK_INODE_INSTANT;
1917  return 0;
1918  }
1919  /*
1920  * The rest of the Smack xattrs are only on sockets.
1921  */
1922  if (inode->i_sb->s_magic != SOCKFS_MAGIC)
1923  return -EOPNOTSUPP;
1924 
1925  sock = SOCKET_I(inode);
1926  if (sock == NULL || sock->sk == NULL)
1927  return -EOPNOTSUPP;
1928 
1929  ssp = sock->sk->sk_security;
1930 
1931  if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1932  ssp->smk_in = sp;
1933  else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
1934  ssp->smk_out = sp;
1935  if (sock->sk->sk_family != PF_UNIX) {
1936  rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
1937  if (rc != 0)
1938  printk(KERN_WARNING
1939  "Smack: \"%s\" netlbl error %d.\n",
1940  __func__, -rc);
1941  }
1942  } else
1943  return -EOPNOTSUPP;
1944 
1945  return 0;
1946 }
1947 
1960 static int smack_socket_post_create(struct socket *sock, int family,
1961  int type, int protocol, int kern)
1962 {
1963  if (family != PF_INET || sock->sk == NULL)
1964  return 0;
1965  /*
1966  * Set the outbound netlbl.
1967  */
1968  return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
1969 }
1970 
1981 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
1982  int addrlen)
1983 {
1984  if (sock->sk == NULL || sock->sk->sk_family != PF_INET)
1985  return 0;
1986  if (addrlen < sizeof(struct sockaddr_in))
1987  return -EINVAL;
1988 
1989  return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
1990 }
1991 
1998 static int smack_flags_to_may(int flags)
1999 {
2000  int may = 0;
2001 
2002  if (flags & S_IRUGO)
2003  may |= MAY_READ;
2004  if (flags & S_IWUGO)
2005  may |= MAY_WRITE;
2006  if (flags & S_IXUGO)
2007  may |= MAY_EXEC;
2008 
2009  return may;
2010 }
2011 
2018 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2019 {
2020  msg->security = smk_of_current();
2021  return 0;
2022 }
2023 
2030 static void smack_msg_msg_free_security(struct msg_msg *msg)
2031 {
2032  msg->security = NULL;
2033 }
2034 
2041 static char *smack_of_shm(struct shmid_kernel *shp)
2042 {
2043  return (char *)shp->shm_perm.security;
2044 }
2045 
2052 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2053 {
2054  struct kern_ipc_perm *isp = &shp->shm_perm;
2055 
2056  isp->security = smk_of_current();
2057  return 0;
2058 }
2059 
2066 static void smack_shm_free_security(struct shmid_kernel *shp)
2067 {
2068  struct kern_ipc_perm *isp = &shp->shm_perm;
2069 
2070  isp->security = NULL;
2071 }
2072 
2080 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2081 {
2082  char *ssp = smack_of_shm(shp);
2083  struct smk_audit_info ad;
2084 
2085 #ifdef CONFIG_AUDIT
2086  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2087  ad.a.u.ipc_id = shp->shm_perm.id;
2088 #endif
2089  return smk_curacc(ssp, access, &ad);
2090 }
2091 
2099 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2100 {
2101  int may;
2102 
2103  may = smack_flags_to_may(shmflg);
2104  return smk_curacc_shm(shp, may);
2105 }
2106 
2114 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2115 {
2116  int may;
2117 
2118  switch (cmd) {
2119  case IPC_STAT:
2120  case SHM_STAT:
2121  may = MAY_READ;
2122  break;
2123  case IPC_SET:
2124  case SHM_LOCK:
2125  case SHM_UNLOCK:
2126  case IPC_RMID:
2127  may = MAY_READWRITE;
2128  break;
2129  case IPC_INFO:
2130  case SHM_INFO:
2131  /*
2132  * System level information.
2133  */
2134  return 0;
2135  default:
2136  return -EINVAL;
2137  }
2138  return smk_curacc_shm(shp, may);
2139 }
2140 
2149 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2150  int shmflg)
2151 {
2152  int may;
2153 
2154  may = smack_flags_to_may(shmflg);
2155  return smk_curacc_shm(shp, may);
2156 }
2157 
2164 static char *smack_of_sem(struct sem_array *sma)
2165 {
2166  return (char *)sma->sem_perm.security;
2167 }
2168 
2175 static int smack_sem_alloc_security(struct sem_array *sma)
2176 {
2177  struct kern_ipc_perm *isp = &sma->sem_perm;
2178 
2179  isp->security = smk_of_current();
2180  return 0;
2181 }
2182 
2189 static void smack_sem_free_security(struct sem_array *sma)
2190 {
2191  struct kern_ipc_perm *isp = &sma->sem_perm;
2192 
2193  isp->security = NULL;
2194 }
2195 
2203 static int smk_curacc_sem(struct sem_array *sma, int access)
2204 {
2205  char *ssp = smack_of_sem(sma);
2206  struct smk_audit_info ad;
2207 
2208 #ifdef CONFIG_AUDIT
2209  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2210  ad.a.u.ipc_id = sma->sem_perm.id;
2211 #endif
2212  return smk_curacc(ssp, access, &ad);
2213 }
2214 
2222 static int smack_sem_associate(struct sem_array *sma, int semflg)
2223 {
2224  int may;
2225 
2226  may = smack_flags_to_may(semflg);
2227  return smk_curacc_sem(sma, may);
2228 }
2229 
2237 static int smack_sem_semctl(struct sem_array *sma, int cmd)
2238 {
2239  int may;
2240 
2241  switch (cmd) {
2242  case GETPID:
2243  case GETNCNT:
2244  case GETZCNT:
2245  case GETVAL:
2246  case GETALL:
2247  case IPC_STAT:
2248  case SEM_STAT:
2249  may = MAY_READ;
2250  break;
2251  case SETVAL:
2252  case SETALL:
2253  case IPC_RMID:
2254  case IPC_SET:
2255  may = MAY_READWRITE;
2256  break;
2257  case IPC_INFO:
2258  case SEM_INFO:
2259  /*
2260  * System level information
2261  */
2262  return 0;
2263  default:
2264  return -EINVAL;
2265  }
2266 
2267  return smk_curacc_sem(sma, may);
2268 }
2269 
2281 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2282  unsigned nsops, int alter)
2283 {
2284  return smk_curacc_sem(sma, MAY_READWRITE);
2285 }
2286 
2293 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2294 {
2295  struct kern_ipc_perm *kisp = &msq->q_perm;
2296 
2297  kisp->security = smk_of_current();
2298  return 0;
2299 }
2300 
2307 static void smack_msg_queue_free_security(struct msg_queue *msq)
2308 {
2309  struct kern_ipc_perm *kisp = &msq->q_perm;
2310 
2311  kisp->security = NULL;
2312 }
2313 
2320 static char *smack_of_msq(struct msg_queue *msq)
2321 {
2322  return (char *)msq->q_perm.security;
2323 }
2324 
2332 static int smk_curacc_msq(struct msg_queue *msq, int access)
2333 {
2334  char *msp = smack_of_msq(msq);
2335  struct smk_audit_info ad;
2336 
2337 #ifdef CONFIG_AUDIT
2338  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2339  ad.a.u.ipc_id = msq->q_perm.id;
2340 #endif
2341  return smk_curacc(msp, access, &ad);
2342 }
2343 
2351 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2352 {
2353  int may;
2354 
2355  may = smack_flags_to_may(msqflg);
2356  return smk_curacc_msq(msq, may);
2357 }
2358 
2366 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2367 {
2368  int may;
2369 
2370  switch (cmd) {
2371  case IPC_STAT:
2372  case MSG_STAT:
2373  may = MAY_READ;
2374  break;
2375  case IPC_SET:
2376  case IPC_RMID:
2377  may = MAY_READWRITE;
2378  break;
2379  case IPC_INFO:
2380  case MSG_INFO:
2381  /*
2382  * System level information
2383  */
2384  return 0;
2385  default:
2386  return -EINVAL;
2387  }
2388 
2389  return smk_curacc_msq(msq, may);
2390 }
2391 
2400 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2401  int msqflg)
2402 {
2403  int may;
2404 
2405  may = smack_flags_to_may(msqflg);
2406  return smk_curacc_msq(msq, may);
2407 }
2408 
2419 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2420  struct task_struct *target, long type, int mode)
2421 {
2422  return smk_curacc_msq(msq, MAY_READWRITE);
2423 }
2424 
2432 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2433 {
2434  char *isp = ipp->security;
2435  int may = smack_flags_to_may(flag);
2436  struct smk_audit_info ad;
2437 
2438 #ifdef CONFIG_AUDIT
2439  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2440  ad.a.u.ipc_id = ipp->id;
2441 #endif
2442  return smk_curacc(isp, may, &ad);
2443 }
2444 
2450 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2451 {
2452  char *smack = ipp->security;
2453 
2454  *secid = smack_to_secid(smack);
2455 }
2456 
2464 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2465 {
2466  struct super_block *sbp;
2467  struct superblock_smack *sbsp;
2468  struct inode_smack *isp;
2469  char *csp = smk_of_current();
2470  char *fetched;
2471  char *final;
2472  char trattr[TRANS_TRUE_SIZE];
2473  int transflag = 0;
2474  int rc;
2475  struct dentry *dp;
2476 
2477  if (inode == NULL)
2478  return;
2479 
2480  isp = inode->i_security;
2481 
2482  mutex_lock(&isp->smk_lock);
2483  /*
2484  * If the inode is already instantiated
2485  * take the quick way out
2486  */
2487  if (isp->smk_flags & SMK_INODE_INSTANT)
2488  goto unlockandout;
2489 
2490  sbp = inode->i_sb;
2491  sbsp = sbp->s_security;
2492  /*
2493  * We're going to use the superblock default label
2494  * if there's no label on the file.
2495  */
2496  final = sbsp->smk_default;
2497 
2498  /*
2499  * If this is the root inode the superblock
2500  * may be in the process of initialization.
2501  * If that is the case use the root value out
2502  * of the superblock.
2503  */
2504  if (opt_dentry->d_parent == opt_dentry) {
2505  isp->smk_inode = sbsp->smk_root;
2506  isp->smk_flags |= SMK_INODE_INSTANT;
2507  goto unlockandout;
2508  }
2509 
2510  /*
2511  * This is pretty hackish.
2512  * Casey says that we shouldn't have to do
2513  * file system specific code, but it does help
2514  * with keeping it simple.
2515  */
2516  switch (sbp->s_magic) {
2517  case SMACK_MAGIC:
2518  /*
2519  * Casey says that it's a little embarrassing
2520  * that the smack file system doesn't do
2521  * extended attributes.
2522  */
2523  final = smack_known_star.smk_known;
2524  break;
2525  case PIPEFS_MAGIC:
2526  /*
2527  * Casey says pipes are easy (?)
2528  */
2529  final = smack_known_star.smk_known;
2530  break;
2531  case DEVPTS_SUPER_MAGIC:
2532  /*
2533  * devpts seems content with the label of the task.
2534  * Programs that change smack have to treat the
2535  * pty with respect.
2536  */
2537  final = csp;
2538  break;
2539  case SOCKFS_MAGIC:
2540  /*
2541  * Socket access is controlled by the socket
2542  * structures associated with the task involved.
2543  */
2544  final = smack_known_star.smk_known;
2545  break;
2546  case PROC_SUPER_MAGIC:
2547  /*
2548  * Casey says procfs appears not to care.
2549  * The superblock default suffices.
2550  */
2551  break;
2552  case TMPFS_MAGIC:
2553  /*
2554  * Device labels should come from the filesystem,
2555  * but watch out, because they're volitile,
2556  * getting recreated on every reboot.
2557  */
2558  final = smack_known_star.smk_known;
2559  /*
2560  * No break.
2561  *
2562  * If a smack value has been set we want to use it,
2563  * but since tmpfs isn't giving us the opportunity
2564  * to set mount options simulate setting the
2565  * superblock default.
2566  */
2567  default:
2568  /*
2569  * This isn't an understood special case.
2570  * Get the value from the xattr.
2571  */
2572 
2573  /*
2574  * UNIX domain sockets use lower level socket data.
2575  */
2576  if (S_ISSOCK(inode->i_mode)) {
2577  final = smack_known_star.smk_known;
2578  break;
2579  }
2580  /*
2581  * No xattr support means, alas, no SMACK label.
2582  * Use the aforeapplied default.
2583  * It would be curious if the label of the task
2584  * does not match that assigned.
2585  */
2586  if (inode->i_op->getxattr == NULL)
2587  break;
2588  /*
2589  * Get the dentry for xattr.
2590  */
2591  dp = dget(opt_dentry);
2592  fetched = smk_fetch(XATTR_NAME_SMACK, inode, dp);
2593  if (fetched != NULL)
2594  final = fetched;
2595 
2596  /*
2597  * Transmuting directory
2598  */
2599  if (S_ISDIR(inode->i_mode)) {
2600  /*
2601  * If this is a new directory and the label was
2602  * transmuted when the inode was initialized
2603  * set the transmute attribute on the directory
2604  * and mark the inode.
2605  *
2606  * If there is a transmute attribute on the
2607  * directory mark the inode.
2608  */
2609  if (isp->smk_flags & SMK_INODE_CHANGED) {
2610  isp->smk_flags &= ~SMK_INODE_CHANGED;
2611  rc = inode->i_op->setxattr(dp,
2612  XATTR_NAME_SMACKTRANSMUTE,
2613  TRANS_TRUE, TRANS_TRUE_SIZE,
2614  0);
2615  } else {
2616  rc = inode->i_op->getxattr(dp,
2617  XATTR_NAME_SMACKTRANSMUTE, trattr,
2618  TRANS_TRUE_SIZE);
2619  if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
2620  TRANS_TRUE_SIZE) != 0)
2621  rc = -EINVAL;
2622  }
2623  if (rc >= 0)
2624  transflag = SMK_INODE_TRANSMUTE;
2625  }
2626  isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
2627  isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
2628 
2629  dput(dp);
2630  break;
2631  }
2632 
2633  if (final == NULL)
2634  isp->smk_inode = csp;
2635  else
2636  isp->smk_inode = final;
2637 
2638  isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
2639 
2640 unlockandout:
2641  mutex_unlock(&isp->smk_lock);
2642  return;
2643 }
2644 
2655 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
2656 {
2657  char *cp;
2658  int slen;
2659 
2660  if (strcmp(name, "current") != 0)
2661  return -EINVAL;
2662 
2663  cp = kstrdup(smk_of_task(task_security(p)), GFP_KERNEL);
2664  if (cp == NULL)
2665  return -ENOMEM;
2666 
2667  slen = strlen(cp);
2668  *value = cp;
2669  return slen;
2670 }
2671 
2684 static int smack_setprocattr(struct task_struct *p, char *name,
2685  void *value, size_t size)
2686 {
2687  struct task_smack *tsp;
2688  struct cred *new;
2689  char *newsmack;
2690 
2691  /*
2692  * Changing another process' Smack value is too dangerous
2693  * and supports no sane use case.
2694  */
2695  if (p != current)
2696  return -EPERM;
2697 
2698  if (!smack_privileged(CAP_MAC_ADMIN))
2699  return -EPERM;
2700 
2701  if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
2702  return -EINVAL;
2703 
2704  if (strcmp(name, "current") != 0)
2705  return -EINVAL;
2706 
2707  newsmack = smk_import(value, size);
2708  if (newsmack == NULL)
2709  return -EINVAL;
2710 
2711  /*
2712  * No process is ever allowed the web ("@") label.
2713  */
2714  if (newsmack == smack_known_web.smk_known)
2715  return -EPERM;
2716 
2717  new = prepare_creds();
2718  if (new == NULL)
2719  return -ENOMEM;
2720 
2721  tsp = new->security;
2722  tsp->smk_task = newsmack;
2723 
2724  commit_creds(new);
2725  return size;
2726 }
2727 
2737 static int smack_unix_stream_connect(struct sock *sock,
2738  struct sock *other, struct sock *newsk)
2739 {
2740  struct socket_smack *ssp = sock->sk_security;
2741  struct socket_smack *osp = other->sk_security;
2742  struct socket_smack *nsp = newsk->sk_security;
2743  struct smk_audit_info ad;
2744  int rc = 0;
2745 
2746 #ifdef CONFIG_AUDIT
2747  struct lsm_network_audit net;
2748 
2749  smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2750  smk_ad_setfield_u_net_sk(&ad, other);
2751 #endif
2752 
2753  if (!smack_privileged(CAP_MAC_OVERRIDE))
2754  rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
2755 
2756  /*
2757  * Cross reference the peer labels for SO_PEERSEC.
2758  */
2759  if (rc == 0) {
2760  nsp->smk_packet = ssp->smk_out;
2761  ssp->smk_packet = osp->smk_out;
2762  }
2763 
2764  return rc;
2765 }
2766 
2775 static int smack_unix_may_send(struct socket *sock, struct socket *other)
2776 {
2777  struct socket_smack *ssp = sock->sk->sk_security;
2778  struct socket_smack *osp = other->sk->sk_security;
2779  struct smk_audit_info ad;
2780  int rc = 0;
2781 
2782 #ifdef CONFIG_AUDIT
2783  struct lsm_network_audit net;
2784 
2785  smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2786  smk_ad_setfield_u_net_sk(&ad, other->sk);
2787 #endif
2788 
2789  if (!smack_privileged(CAP_MAC_OVERRIDE))
2790  rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
2791 
2792  return rc;
2793 }
2794 
2805 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
2806  int size)
2807 {
2808  struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
2809 
2810  /*
2811  * Perfectly reasonable for this to be NULL
2812  */
2813  if (sip == NULL || sip->sin_family != AF_INET)
2814  return 0;
2815 
2816  return smack_netlabel_send(sock->sk, sip);
2817 }
2818 
2826 static char *smack_from_secattr(struct netlbl_lsm_secattr *sap,
2827  struct socket_smack *ssp)
2828 {
2829  struct smack_known *kp;
2830  char *sp;
2831  int found = 0;
2832 
2833  if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
2834  /*
2835  * Looks like a CIPSO packet.
2836  * If there are flags but no level netlabel isn't
2837  * behaving the way we expect it to.
2838  *
2839  * Look it up in the label table
2840  * Without guidance regarding the smack value
2841  * for the packet fall back on the network
2842  * ambient value.
2843  */
2844  rcu_read_lock();
2845  list_for_each_entry(kp, &smack_known_list, list) {
2846  if (sap->attr.mls.lvl != kp->smk_netlabel.attr.mls.lvl)
2847  continue;
2848  if (memcmp(sap->attr.mls.cat,
2849  kp->smk_netlabel.attr.mls.cat,
2850  SMK_CIPSOLEN) != 0)
2851  continue;
2852  found = 1;
2853  break;
2854  }
2855  rcu_read_unlock();
2856 
2857  if (found)
2858  return kp->smk_known;
2859 
2860  if (ssp != NULL && ssp->smk_in == smack_known_star.smk_known)
2861  return smack_known_web.smk_known;
2862  return smack_known_star.smk_known;
2863  }
2864  if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
2865  /*
2866  * Looks like a fallback, which gives us a secid.
2867  */
2868  sp = smack_from_secid(sap->attr.secid);
2869  /*
2870  * This has got to be a bug because it is
2871  * impossible to specify a fallback without
2872  * specifying the label, which will ensure
2873  * it has a secid, and the only way to get a
2874  * secid is from a fallback.
2875  */
2876  BUG_ON(sp == NULL);
2877  return sp;
2878  }
2879  /*
2880  * Without guidance regarding the smack value
2881  * for the packet fall back on the network
2882  * ambient value.
2883  */
2884  return smack_net_ambient;
2885 }
2886 
2894 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2895 {
2896  struct netlbl_lsm_secattr secattr;
2897  struct socket_smack *ssp = sk->sk_security;
2898  char *csp;
2899  int rc;
2900  struct smk_audit_info ad;
2901 #ifdef CONFIG_AUDIT
2902  struct lsm_network_audit net;
2903 #endif
2904  if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2905  return 0;
2906 
2907  /*
2908  * Translate what netlabel gave us.
2909  */
2910  netlbl_secattr_init(&secattr);
2911 
2912  rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
2913  if (rc == 0)
2914  csp = smack_from_secattr(&secattr, ssp);
2915  else
2916  csp = smack_net_ambient;
2917 
2918  netlbl_secattr_destroy(&secattr);
2919 
2920 #ifdef CONFIG_AUDIT
2921  smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2922  ad.a.u.net->family = sk->sk_family;
2923  ad.a.u.net->netif = skb->skb_iif;
2924  ipv4_skb_to_auditdata(skb, &ad.a, NULL);
2925 #endif
2926  /*
2927  * Receiving a packet requires that the other end
2928  * be able to write here. Read access is not required.
2929  * This is the simplist possible security model
2930  * for networking.
2931  */
2932  rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad);
2933  if (rc != 0)
2934  netlbl_skbuff_err(skb, rc, 0);
2935  return rc;
2936 }
2937 
2947 static int smack_socket_getpeersec_stream(struct socket *sock,
2948  char __user *optval,
2949  int __user *optlen, unsigned len)
2950 {
2951  struct socket_smack *ssp;
2952  char *rcp = "";
2953  int slen = 1;
2954  int rc = 0;
2955 
2956  ssp = sock->sk->sk_security;
2957  if (ssp->smk_packet != NULL) {
2958  rcp = ssp->smk_packet;
2959  slen = strlen(rcp) + 1;
2960  }
2961 
2962  if (slen > len)
2963  rc = -ERANGE;
2964  else if (copy_to_user(optval, rcp, slen) != 0)
2965  rc = -EFAULT;
2966 
2967  if (put_user(slen, optlen) != 0)
2968  rc = -EFAULT;
2969 
2970  return rc;
2971 }
2972 
2973 
2982 static int smack_socket_getpeersec_dgram(struct socket *sock,
2983  struct sk_buff *skb, u32 *secid)
2984 
2985 {
2986  struct netlbl_lsm_secattr secattr;
2987  struct socket_smack *ssp = NULL;
2988  char *sp;
2989  int family = PF_UNSPEC;
2990  u32 s = 0; /* 0 is the invalid secid */
2991  int rc;
2992 
2993  if (skb != NULL) {
2994  if (skb->protocol == htons(ETH_P_IP))
2995  family = PF_INET;
2996  else if (skb->protocol == htons(ETH_P_IPV6))
2997  family = PF_INET6;
2998  }
2999  if (family == PF_UNSPEC && sock != NULL)
3000  family = sock->sk->sk_family;
3001 
3002  if (family == PF_UNIX) {
3003  ssp = sock->sk->sk_security;
3004  s = smack_to_secid(ssp->smk_out);
3005  } else if (family == PF_INET || family == PF_INET6) {
3006  /*
3007  * Translate what netlabel gave us.
3008  */
3009  if (sock != NULL && sock->sk != NULL)
3010  ssp = sock->sk->sk_security;
3011  netlbl_secattr_init(&secattr);
3012  rc = netlbl_skbuff_getattr(skb, family, &secattr);
3013  if (rc == 0) {
3014  sp = smack_from_secattr(&secattr, ssp);
3015  s = smack_to_secid(sp);
3016  }
3017  netlbl_secattr_destroy(&secattr);
3018  }
3019  *secid = s;
3020  if (s == 0)
3021  return -EINVAL;
3022  return 0;
3023 }
3024 
3033 static void smack_sock_graft(struct sock *sk, struct socket *parent)
3034 {
3035  struct socket_smack *ssp;
3036 
3037  if (sk == NULL ||
3038  (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3039  return;
3040 
3041  ssp = sk->sk_security;
3042  ssp->smk_in = ssp->smk_out = smk_of_current();
3043  /* cssp->smk_packet is already set in smack_inet_csk_clone() */
3044 }
3045 
3055 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3056  struct request_sock *req)
3057 {
3058  u16 family = sk->sk_family;
3059  struct smack_known *skp;
3060  struct socket_smack *ssp = sk->sk_security;
3061  struct netlbl_lsm_secattr secattr;
3062  struct sockaddr_in addr;
3063  struct iphdr *hdr;
3064  char *sp;
3065  char *hsp;
3066  int rc;
3067  struct smk_audit_info ad;
3068 #ifdef CONFIG_AUDIT
3069  struct lsm_network_audit net;
3070 #endif
3071 
3072  /* handle mapped IPv4 packets arriving via IPv6 sockets */
3073  if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3074  family = PF_INET;
3075 
3076  netlbl_secattr_init(&secattr);
3077  rc = netlbl_skbuff_getattr(skb, family, &secattr);
3078  if (rc == 0)
3079  sp = smack_from_secattr(&secattr, ssp);
3080  else
3081  sp = smack_known_huh.smk_known;
3082  netlbl_secattr_destroy(&secattr);
3083 
3084 #ifdef CONFIG_AUDIT
3085  smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3086  ad.a.u.net->family = family;
3087  ad.a.u.net->netif = skb->skb_iif;
3088  ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3089 #endif
3090  /*
3091  * Receiving a packet requires that the other end be able to write
3092  * here. Read access is not required.
3093  */
3094  rc = smk_access(sp, ssp->smk_in, MAY_WRITE, &ad);
3095  if (rc != 0)
3096  return rc;
3097 
3098  /*
3099  * Save the peer's label in the request_sock so we can later setup
3100  * smk_packet in the child socket so that SO_PEERCRED can report it.
3101  */
3102  req->peer_secid = smack_to_secid(sp);
3103 
3104  /*
3105  * We need to decide if we want to label the incoming connection here
3106  * if we do we only need to label the request_sock and the stack will
3107  * propagate the wire-label to the sock when it is created.
3108  */
3109  hdr = ip_hdr(skb);
3110  addr.sin_addr.s_addr = hdr->saddr;
3111  rcu_read_lock();
3112  hsp = smack_host_label(&addr);
3113  rcu_read_unlock();
3114 
3115  if (hsp == NULL) {
3116  skp = smk_find_entry(sp);
3117  rc = netlbl_req_setattr(req, &skp->smk_netlabel);
3118  } else
3119  netlbl_req_delattr(req);
3120 
3121  return rc;
3122 }
3123 
3131 static void smack_inet_csk_clone(struct sock *sk,
3132  const struct request_sock *req)
3133 {
3134  struct socket_smack *ssp = sk->sk_security;
3135 
3136  if (req->peer_secid != 0)
3137  ssp->smk_packet = smack_from_secid(req->peer_secid);
3138  else
3139  ssp->smk_packet = NULL;
3140 }
3141 
3142 /*
3143  * Key management security hooks
3144  *
3145  * Casey has not tested key support very heavily.
3146  * The permission check is most likely too restrictive.
3147  * If you care about keys please have a look.
3148  */
3149 #ifdef CONFIG_KEYS
3150 
3161 static int smack_key_alloc(struct key *key, const struct cred *cred,
3162  unsigned long flags)
3163 {
3164  key->security = smk_of_task(cred->security);
3165  return 0;
3166 }
3167 
3174 static void smack_key_free(struct key *key)
3175 {
3176  key->security = NULL;
3177 }
3178 
3179 /*
3180  * smack_key_permission - Smack access on a key
3181  * @key_ref: gets to the object
3182  * @cred: the credentials to use
3183  * @perm: unused
3184  *
3185  * Return 0 if the task has read and write to the object,
3186  * an error code otherwise
3187  */
3188 static int smack_key_permission(key_ref_t key_ref,
3189  const struct cred *cred, key_perm_t perm)
3190 {
3191  struct key *keyp;
3192  struct smk_audit_info ad;
3193  char *tsp = smk_of_task(cred->security);
3194 
3195  keyp = key_ref_to_ptr(key_ref);
3196  if (keyp == NULL)
3197  return -EINVAL;
3198  /*
3199  * If the key hasn't been initialized give it access so that
3200  * it may do so.
3201  */
3202  if (keyp->security == NULL)
3203  return 0;
3204  /*
3205  * This should not occur
3206  */
3207  if (tsp == NULL)
3208  return -EACCES;
3209 #ifdef CONFIG_AUDIT
3210  smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3211  ad.a.u.key_struct.key = keyp->serial;
3212  ad.a.u.key_struct.key_desc = keyp->description;
3213 #endif
3214  return smk_access(tsp, keyp->security,
3215  MAY_READWRITE, &ad);
3216 }
3217 #endif /* CONFIG_KEYS */
3218 
3219 /*
3220  * Smack Audit hooks
3221  *
3222  * Audit requires a unique representation of each Smack specific
3223  * rule. This unique representation is used to distinguish the
3224  * object to be audited from remaining kernel objects and also
3225  * works as a glue between the audit hooks.
3226  *
3227  * Since repository entries are added but never deleted, we'll use
3228  * the smack_known label address related to the given audit rule as
3229  * the needed unique representation. This also better fits the smack
3230  * model where nearly everything is a label.
3231  */
3232 #ifdef CONFIG_AUDIT
3233 
3244 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3245 {
3246  char **rule = (char **)vrule;
3247  *rule = NULL;
3248 
3249  if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3250  return -EINVAL;
3251 
3252  if (op != Audit_equal && op != Audit_not_equal)
3253  return -EINVAL;
3254 
3255  *rule = smk_import(rulestr, 0);
3256 
3257  return 0;
3258 }
3259 
3268 static int smack_audit_rule_known(struct audit_krule *krule)
3269 {
3270  struct audit_field *f;
3271  int i;
3272 
3273  for (i = 0; i < krule->field_count; i++) {
3274  f = &krule->fields[i];
3275 
3276  if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3277  return 1;
3278  }
3279 
3280  return 0;
3281 }
3282 
3294 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3295  struct audit_context *actx)
3296 {
3297  char *smack;
3298  char *rule = vrule;
3299 
3300  if (!rule) {
3301  audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
3302  "Smack: missing rule\n");
3303  return -ENOENT;
3304  }
3305 
3306  if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3307  return 0;
3308 
3309  smack = smack_from_secid(secid);
3310 
3311  /*
3312  * No need to do string comparisons. If a match occurs,
3313  * both pointers will point to the same smack_known
3314  * label.
3315  */
3316  if (op == Audit_equal)
3317  return (rule == smack);
3318  if (op == Audit_not_equal)
3319  return (rule != smack);
3320 
3321  return 0;
3322 }
3323 
3330 static void smack_audit_rule_free(void *vrule)
3331 {
3332  /* No-op */
3333 }
3334 
3335 #endif /* CONFIG_AUDIT */
3336 
3345 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
3346 {
3347  char *sp = smack_from_secid(secid);
3348 
3349  if (secdata)
3350  *secdata = sp;
3351  *seclen = strlen(sp);
3352  return 0;
3353 }
3354 
3363 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
3364 {
3365  *secid = smack_to_secid(secdata);
3366  return 0;
3367 }
3368 
3376 static void smack_release_secctx(char *secdata, u32 seclen)
3377 {
3378 }
3379 
3380 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
3381 {
3382  return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
3383 }
3384 
3385 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
3386 {
3387  return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
3388 }
3389 
3390 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
3391 {
3392  int len = 0;
3393  len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
3394 
3395  if (len < 0)
3396  return len;
3397  *ctxlen = len;
3398  return 0;
3399 }
3400 
3401 struct security_operations smack_ops = {
3402  .name = "smack",
3403 
3404  .ptrace_access_check = smack_ptrace_access_check,
3405  .ptrace_traceme = smack_ptrace_traceme,
3406  .syslog = smack_syslog,
3407 
3408  .sb_alloc_security = smack_sb_alloc_security,
3409  .sb_free_security = smack_sb_free_security,
3410  .sb_copy_data = smack_sb_copy_data,
3411  .sb_kern_mount = smack_sb_kern_mount,
3412  .sb_statfs = smack_sb_statfs,
3413  .sb_mount = smack_sb_mount,
3414  .sb_umount = smack_sb_umount,
3415 
3416  .bprm_set_creds = smack_bprm_set_creds,
3417  .bprm_committing_creds = smack_bprm_committing_creds,
3418  .bprm_secureexec = smack_bprm_secureexec,
3419 
3420  .inode_alloc_security = smack_inode_alloc_security,
3421  .inode_free_security = smack_inode_free_security,
3422  .inode_init_security = smack_inode_init_security,
3423  .inode_link = smack_inode_link,
3424  .inode_unlink = smack_inode_unlink,
3425  .inode_rmdir = smack_inode_rmdir,
3426  .inode_rename = smack_inode_rename,
3427  .inode_permission = smack_inode_permission,
3428  .inode_setattr = smack_inode_setattr,
3429  .inode_getattr = smack_inode_getattr,
3430  .inode_setxattr = smack_inode_setxattr,
3431  .inode_post_setxattr = smack_inode_post_setxattr,
3432  .inode_getxattr = smack_inode_getxattr,
3433  .inode_removexattr = smack_inode_removexattr,
3434  .inode_getsecurity = smack_inode_getsecurity,
3435  .inode_setsecurity = smack_inode_setsecurity,
3436  .inode_listsecurity = smack_inode_listsecurity,
3437  .inode_getsecid = smack_inode_getsecid,
3438 
3439  .file_permission = smack_file_permission,
3440  .file_alloc_security = smack_file_alloc_security,
3441  .file_free_security = smack_file_free_security,
3442  .file_ioctl = smack_file_ioctl,
3443  .file_lock = smack_file_lock,
3444  .file_fcntl = smack_file_fcntl,
3445  .mmap_file = smack_mmap_file,
3446  .mmap_addr = cap_mmap_addr,
3447  .file_set_fowner = smack_file_set_fowner,
3448  .file_send_sigiotask = smack_file_send_sigiotask,
3449  .file_receive = smack_file_receive,
3450 
3451  .file_open = smack_file_open,
3452 
3453  .cred_alloc_blank = smack_cred_alloc_blank,
3454  .cred_free = smack_cred_free,
3455  .cred_prepare = smack_cred_prepare,
3456  .cred_transfer = smack_cred_transfer,
3457  .kernel_act_as = smack_kernel_act_as,
3458  .kernel_create_files_as = smack_kernel_create_files_as,
3459  .task_setpgid = smack_task_setpgid,
3460  .task_getpgid = smack_task_getpgid,
3461  .task_getsid = smack_task_getsid,
3462  .task_getsecid = smack_task_getsecid,
3463  .task_setnice = smack_task_setnice,
3464  .task_setioprio = smack_task_setioprio,
3465  .task_getioprio = smack_task_getioprio,
3466  .task_setscheduler = smack_task_setscheduler,
3467  .task_getscheduler = smack_task_getscheduler,
3468  .task_movememory = smack_task_movememory,
3469  .task_kill = smack_task_kill,
3470  .task_wait = smack_task_wait,
3471  .task_to_inode = smack_task_to_inode,
3472 
3473  .ipc_permission = smack_ipc_permission,
3474  .ipc_getsecid = smack_ipc_getsecid,
3475 
3476  .msg_msg_alloc_security = smack_msg_msg_alloc_security,
3477  .msg_msg_free_security = smack_msg_msg_free_security,
3478 
3479  .msg_queue_alloc_security = smack_msg_queue_alloc_security,
3480  .msg_queue_free_security = smack_msg_queue_free_security,
3481  .msg_queue_associate = smack_msg_queue_associate,
3482  .msg_queue_msgctl = smack_msg_queue_msgctl,
3483  .msg_queue_msgsnd = smack_msg_queue_msgsnd,
3484  .msg_queue_msgrcv = smack_msg_queue_msgrcv,
3485 
3486  .shm_alloc_security = smack_shm_alloc_security,
3487  .shm_free_security = smack_shm_free_security,
3488  .shm_associate = smack_shm_associate,
3489  .shm_shmctl = smack_shm_shmctl,
3490  .shm_shmat = smack_shm_shmat,
3491 
3492  .sem_alloc_security = smack_sem_alloc_security,
3493  .sem_free_security = smack_sem_free_security,
3494  .sem_associate = smack_sem_associate,
3495  .sem_semctl = smack_sem_semctl,
3496  .sem_semop = smack_sem_semop,
3497 
3498  .d_instantiate = smack_d_instantiate,
3499 
3500  .getprocattr = smack_getprocattr,
3501  .setprocattr = smack_setprocattr,
3502 
3503  .unix_stream_connect = smack_unix_stream_connect,
3504  .unix_may_send = smack_unix_may_send,
3505 
3506  .socket_post_create = smack_socket_post_create,
3507  .socket_connect = smack_socket_connect,
3508  .socket_sendmsg = smack_socket_sendmsg,
3509  .socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
3510  .socket_getpeersec_stream = smack_socket_getpeersec_stream,
3511  .socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
3512  .sk_alloc_security = smack_sk_alloc_security,
3513  .sk_free_security = smack_sk_free_security,
3514  .sock_graft = smack_sock_graft,
3515  .inet_conn_request = smack_inet_conn_request,
3516  .inet_csk_clone = smack_inet_csk_clone,
3517 
3518  /* key management security hooks */
3519 #ifdef CONFIG_KEYS
3520  .key_alloc = smack_key_alloc,
3521  .key_free = smack_key_free,
3522  .key_permission = smack_key_permission,
3523 #endif /* CONFIG_KEYS */
3524 
3525  /* Audit hooks */
3526 #ifdef CONFIG_AUDIT
3527  .audit_rule_init = smack_audit_rule_init,
3528  .audit_rule_known = smack_audit_rule_known,
3529  .audit_rule_match = smack_audit_rule_match,
3530  .audit_rule_free = smack_audit_rule_free,
3531 #endif /* CONFIG_AUDIT */
3532 
3533  .secid_to_secctx = smack_secid_to_secctx,
3534  .secctx_to_secid = smack_secctx_to_secid,
3535  .release_secctx = smack_release_secctx,
3536  .inode_notifysecctx = smack_inode_notifysecctx,
3537  .inode_setsecctx = smack_inode_setsecctx,
3538  .inode_getsecctx = smack_inode_getsecctx,
3539 };
3540 
3541 
3542 static __init void init_smack_known_list(void)
3543 {
3544  /*
3545  * Initialize rule list locks
3546  */
3547  mutex_init(&smack_known_huh.smk_rules_lock);
3548  mutex_init(&smack_known_hat.smk_rules_lock);
3549  mutex_init(&smack_known_floor.smk_rules_lock);
3550  mutex_init(&smack_known_star.smk_rules_lock);
3551  mutex_init(&smack_known_invalid.smk_rules_lock);
3552  mutex_init(&smack_known_web.smk_rules_lock);
3553  /*
3554  * Initialize rule lists
3555  */
3556  INIT_LIST_HEAD(&smack_known_huh.smk_rules);
3557  INIT_LIST_HEAD(&smack_known_hat.smk_rules);
3558  INIT_LIST_HEAD(&smack_known_star.smk_rules);
3559  INIT_LIST_HEAD(&smack_known_floor.smk_rules);
3560  INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
3561  INIT_LIST_HEAD(&smack_known_web.smk_rules);
3562  /*
3563  * Create the known labels list
3564  */
3565  list_add(&smack_known_huh.list, &smack_known_list);
3566  list_add(&smack_known_hat.list, &smack_known_list);
3567  list_add(&smack_known_star.list, &smack_known_list);
3568  list_add(&smack_known_floor.list, &smack_known_list);
3569  list_add(&smack_known_invalid.list, &smack_known_list);
3570  list_add(&smack_known_web.list, &smack_known_list);
3571 }
3572 
3578 static __init int smack_init(void)
3579 {
3580  struct cred *cred;
3581  struct task_smack *tsp;
3582 
3583  if (!security_module_enable(&smack_ops))
3584  return 0;
3585 
3586  tsp = new_task_smack(smack_known_floor.smk_known,
3587  smack_known_floor.smk_known, GFP_KERNEL);
3588  if (tsp == NULL)
3589  return -ENOMEM;
3590 
3591  printk(KERN_INFO "Smack: Initializing.\n");
3592 
3593  /*
3594  * Set the security state for the initial task.
3595  */
3596  cred = (struct cred *) current->cred;
3597  cred->security = tsp;
3598 
3599  /* initialize the smack_known_list */
3600  init_smack_known_list();
3601 
3602  /*
3603  * Register with LSM
3604  */
3605  if (register_security(&smack_ops))
3606  panic("smack: Unable to register with kernel.\n");
3607 
3608  return 0;
3609 }
3610 
3611 /*
3612  * Smack requires early initialization in order to label
3613  * all processes and objects when they are created.
3614  */
3615 security_initcall(smack_init);
Generated on Thu Jan 10 2013 15:03:24 for Linux Kernel by   doxygen 1.8.2