smack_lsm.c 131 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Simplified MAC Kernel (smack) security module
  4. *
  5. * This file contains the smack hook function implementations.
  6. *
  7. * Authors:
  8. * Casey Schaufler <casey@schaufler-ca.com>
  9. * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
  10. *
  11. * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
  12. * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
  13. * Paul Moore <paul@paul-moore.com>
  14. * Copyright (C) 2010 Nokia Corporation
  15. * Copyright (C) 2011 Intel Corporation.
  16. */
  17. #include <linux/xattr.h>
  18. #include <linux/pagemap.h>
  19. #include <linux/mount.h>
  20. #include <linux/stat.h>
  21. #include <linux/kd.h>
  22. #include <asm/ioctls.h>
  23. #include <linux/ip.h>
  24. #include <linux/tcp.h>
  25. #include <linux/udp.h>
  26. #include <linux/icmpv6.h>
  27. #include <linux/slab.h>
  28. #include <linux/mutex.h>
  29. #include <net/cipso_ipv4.h>
  30. #include <net/ip.h>
  31. #include <net/ipv6.h>
  32. #include <linux/audit.h>
  33. #include <linux/magic.h>
  34. #include <linux/dcache.h>
  35. #include <linux/personality.h>
  36. #include <linux/msg.h>
  37. #include <linux/shm.h>
  38. #include <uapi/linux/shm.h>
  39. #include <linux/binfmts.h>
  40. #include <linux/parser.h>
  41. #include <linux/fs_context.h>
  42. #include <linux/fs_parser.h>
  43. #include <linux/watch_queue.h>
  44. #include <linux/io_uring/cmd.h>
  45. #include <uapi/linux/lsm.h>
  46. #include "smack.h"
  47. #define TRANS_TRUE "TRUE"
  48. #define TRANS_TRUE_SIZE 4
  49. #define SMK_CONNECTING 0
  50. #define SMK_RECEIVING 1
  51. #define SMK_SENDING 2
  52. /*
  53. * Smack uses multiple xattrs.
  54. * SMACK64 - for access control,
  55. * SMACK64TRANSMUTE - label initialization,
  56. * Not saved on files - SMACK64IPIN and SMACK64IPOUT,
  57. * Must be set explicitly - SMACK64EXEC and SMACK64MMAP
  58. */
  59. #define SMACK_INODE_INIT_XATTRS 2
  60. #ifdef SMACK_IPV6_PORT_LABELING
  61. static DEFINE_MUTEX(smack_ipv6_lock);
  62. static LIST_HEAD(smk_ipv6_port_list);
  63. #endif
  64. struct kmem_cache *smack_rule_cache;
  65. int smack_enabled __initdata;
  66. #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
  67. static struct {
  68. const char *name;
  69. int len;
  70. int opt;
  71. } smk_mount_opts[] = {
  72. {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
  73. A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
  74. };
  75. #undef A
  76. static int match_opt_prefix(char *s, int l, char **arg)
  77. {
  78. int i;
  79. for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
  80. size_t len = smk_mount_opts[i].len;
  81. if (len > l || memcmp(s, smk_mount_opts[i].name, len))
  82. continue;
  83. if (len == l || s[len] != '=')
  84. continue;
  85. *arg = s + len + 1;
  86. return smk_mount_opts[i].opt;
  87. }
  88. return Opt_error;
  89. }
  90. #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  91. static char *smk_bu_mess[] = {
  92. "Bringup Error", /* Unused */
  93. "Bringup", /* SMACK_BRINGUP_ALLOW */
  94. "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
  95. "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
  96. };
  97. static void smk_bu_mode(int mode, char *s)
  98. {
  99. smack_str_from_perm(s, mode);
  100. }
  101. #endif
  102. #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  103. static int smk_bu_note(char *note, struct smack_known *sskp,
  104. struct smack_known *oskp, int mode, int rc)
  105. {
  106. char acc[SMK_NUM_ACCESS_TYPE + 1];
  107. if (rc <= 0)
  108. return rc;
  109. if (rc > SMACK_UNCONFINED_OBJECT)
  110. rc = 0;
  111. smk_bu_mode(mode, acc);
  112. pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
  113. sskp->smk_known, oskp->smk_known, acc, note);
  114. return 0;
  115. }
  116. #else
  117. #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
  118. #endif
  119. #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  120. static int smk_bu_current(char *note, struct smack_known *oskp,
  121. int mode, int rc)
  122. {
  123. struct task_smack *tsp = smack_cred(current_cred());
  124. char acc[SMK_NUM_ACCESS_TYPE + 1];
  125. if (rc <= 0)
  126. return rc;
  127. if (rc > SMACK_UNCONFINED_OBJECT)
  128. rc = 0;
  129. smk_bu_mode(mode, acc);
  130. pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
  131. tsp->smk_task->smk_known, oskp->smk_known,
  132. acc, current->comm, note);
  133. return 0;
  134. }
  135. #else
  136. #define smk_bu_current(note, oskp, mode, RC) (RC)
  137. #endif
  138. #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  139. static int smk_bu_task(struct task_struct *otp, int mode, int rc)
  140. {
  141. struct task_smack *tsp = smack_cred(current_cred());
  142. struct smack_known *smk_task = smk_of_task_struct_obj(otp);
  143. char acc[SMK_NUM_ACCESS_TYPE + 1];
  144. if (rc <= 0)
  145. return rc;
  146. if (rc > SMACK_UNCONFINED_OBJECT)
  147. rc = 0;
  148. smk_bu_mode(mode, acc);
  149. pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
  150. tsp->smk_task->smk_known, smk_task->smk_known, acc,
  151. current->comm, otp->comm);
  152. return 0;
  153. }
  154. #else
  155. #define smk_bu_task(otp, mode, RC) (RC)
  156. #endif
  157. #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  158. static int smk_bu_inode(struct inode *inode, int mode, int rc)
  159. {
  160. struct task_smack *tsp = smack_cred(current_cred());
  161. struct inode_smack *isp = smack_inode(inode);
  162. char acc[SMK_NUM_ACCESS_TYPE + 1];
  163. if (isp->smk_flags & SMK_INODE_IMPURE)
  164. pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
  165. inode->i_sb->s_id, inode->i_ino, current->comm);
  166. if (rc <= 0)
  167. return rc;
  168. if (rc > SMACK_UNCONFINED_OBJECT)
  169. rc = 0;
  170. if (rc == SMACK_UNCONFINED_SUBJECT &&
  171. (mode & (MAY_WRITE | MAY_APPEND)))
  172. isp->smk_flags |= SMK_INODE_IMPURE;
  173. smk_bu_mode(mode, acc);
  174. pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
  175. tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
  176. inode->i_sb->s_id, inode->i_ino, current->comm);
  177. return 0;
  178. }
  179. #else
  180. #define smk_bu_inode(inode, mode, RC) (RC)
  181. #endif
  182. #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  183. static int smk_bu_file(struct file *file, int mode, int rc)
  184. {
  185. struct task_smack *tsp = smack_cred(current_cred());
  186. struct smack_known *sskp = tsp->smk_task;
  187. struct inode *inode = file_inode(file);
  188. struct inode_smack *isp = smack_inode(inode);
  189. char acc[SMK_NUM_ACCESS_TYPE + 1];
  190. if (isp->smk_flags & SMK_INODE_IMPURE)
  191. pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
  192. inode->i_sb->s_id, inode->i_ino, current->comm);
  193. if (rc <= 0)
  194. return rc;
  195. if (rc > SMACK_UNCONFINED_OBJECT)
  196. rc = 0;
  197. smk_bu_mode(mode, acc);
  198. pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
  199. sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
  200. inode->i_sb->s_id, inode->i_ino, file,
  201. current->comm);
  202. return 0;
  203. }
  204. #else
  205. #define smk_bu_file(file, mode, RC) (RC)
  206. #endif
  207. #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  208. static int smk_bu_credfile(const struct cred *cred, struct file *file,
  209. int mode, int rc)
  210. {
  211. struct task_smack *tsp = smack_cred(cred);
  212. struct smack_known *sskp = tsp->smk_task;
  213. struct inode *inode = file_inode(file);
  214. struct inode_smack *isp = smack_inode(inode);
  215. char acc[SMK_NUM_ACCESS_TYPE + 1];
  216. if (isp->smk_flags & SMK_INODE_IMPURE)
  217. pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
  218. inode->i_sb->s_id, inode->i_ino, current->comm);
  219. if (rc <= 0)
  220. return rc;
  221. if (rc > SMACK_UNCONFINED_OBJECT)
  222. rc = 0;
  223. smk_bu_mode(mode, acc);
  224. pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
  225. sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
  226. inode->i_sb->s_id, inode->i_ino, file,
  227. current->comm);
  228. return 0;
  229. }
  230. #else
  231. #define smk_bu_credfile(cred, file, mode, RC) (RC)
  232. #endif
  233. /**
  234. * smk_fetch - Fetch the smack label from a file.
  235. * @name: type of the label (attribute)
  236. * @ip: a pointer to the inode
  237. * @dp: a pointer to the dentry
  238. *
  239. * Returns a pointer to the master list entry for the Smack label,
  240. * NULL if there was no label to fetch, or an error code.
  241. */
  242. static struct smack_known *smk_fetch(const char *name, struct inode *ip,
  243. struct dentry *dp)
  244. {
  245. int rc;
  246. char *buffer;
  247. struct smack_known *skp = NULL;
  248. if (!(ip->i_opflags & IOP_XATTR))
  249. return ERR_PTR(-EOPNOTSUPP);
  250. buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
  251. if (buffer == NULL)
  252. return ERR_PTR(-ENOMEM);
  253. rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
  254. if (rc < 0)
  255. skp = ERR_PTR(rc);
  256. else if (rc == 0)
  257. skp = NULL;
  258. else
  259. skp = smk_import_entry(buffer, rc);
  260. kfree(buffer);
  261. return skp;
  262. }
  263. /**
  264. * init_inode_smack - initialize an inode security blob
  265. * @inode: inode to extract the info from
  266. * @skp: a pointer to the Smack label entry to use in the blob
  267. *
  268. */
  269. static void init_inode_smack(struct inode *inode, struct smack_known *skp)
  270. {
  271. struct inode_smack *isp = smack_inode(inode);
  272. isp->smk_inode = skp;
  273. isp->smk_flags = 0;
  274. }
  275. /**
  276. * init_task_smack - initialize a task security blob
  277. * @tsp: blob to initialize
  278. * @task: a pointer to the Smack label for the running task
  279. * @forked: a pointer to the Smack label for the forked task
  280. *
  281. */
  282. static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
  283. struct smack_known *forked)
  284. {
  285. tsp->smk_task = task;
  286. tsp->smk_forked = forked;
  287. INIT_LIST_HEAD(&tsp->smk_rules);
  288. INIT_LIST_HEAD(&tsp->smk_relabel);
  289. mutex_init(&tsp->smk_rules_lock);
  290. }
  291. /**
  292. * smk_copy_rules - copy a rule set
  293. * @nhead: new rules header pointer
  294. * @ohead: old rules header pointer
  295. * @gfp: type of the memory for the allocation
  296. *
  297. * Returns 0 on success, -ENOMEM on error
  298. */
  299. static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
  300. gfp_t gfp)
  301. {
  302. struct smack_rule *nrp;
  303. struct smack_rule *orp;
  304. int rc = 0;
  305. list_for_each_entry_rcu(orp, ohead, list) {
  306. nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
  307. if (nrp == NULL) {
  308. rc = -ENOMEM;
  309. break;
  310. }
  311. *nrp = *orp;
  312. list_add_rcu(&nrp->list, nhead);
  313. }
  314. return rc;
  315. }
  316. /**
  317. * smk_copy_relabel - copy smk_relabel labels list
  318. * @nhead: new rules header pointer
  319. * @ohead: old rules header pointer
  320. * @gfp: type of the memory for the allocation
  321. *
  322. * Returns 0 on success, -ENOMEM on error
  323. */
  324. static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
  325. gfp_t gfp)
  326. {
  327. struct smack_known_list_elem *nklep;
  328. struct smack_known_list_elem *oklep;
  329. list_for_each_entry(oklep, ohead, list) {
  330. nklep = kzalloc_obj(struct smack_known_list_elem, gfp);
  331. if (nklep == NULL) {
  332. smk_destroy_label_list(nhead);
  333. return -ENOMEM;
  334. }
  335. nklep->smk_label = oklep->smk_label;
  336. list_add(&nklep->list, nhead);
  337. }
  338. return 0;
  339. }
  340. /**
  341. * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
  342. * @mode: input mode in form of PTRACE_MODE_*
  343. *
  344. * Returns a converted MAY_* mode usable by smack rules
  345. */
  346. static inline unsigned int smk_ptrace_mode(unsigned int mode)
  347. {
  348. if (mode & PTRACE_MODE_ATTACH)
  349. return MAY_READWRITE;
  350. if (mode & PTRACE_MODE_READ)
  351. return MAY_READ;
  352. return 0;
  353. }
  354. /**
  355. * smk_ptrace_rule_check - helper for ptrace access
  356. * @tracer: tracer process
  357. * @tracee_known: label entry of the process that's about to be traced
  358. * @mode: ptrace attachment mode (PTRACE_MODE_*)
  359. * @func: name of the function that called us, used for audit
  360. *
  361. * Returns 0 on access granted, -error on error
  362. */
  363. static int smk_ptrace_rule_check(struct task_struct *tracer,
  364. struct smack_known *tracee_known,
  365. unsigned int mode, const char *func)
  366. {
  367. int rc;
  368. struct smk_audit_info ad, *saip = NULL;
  369. struct task_smack *tsp;
  370. struct smack_known *tracer_known;
  371. const struct cred *tracercred;
  372. if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
  373. smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
  374. smk_ad_setfield_u_tsk(&ad, tracer);
  375. saip = &ad;
  376. }
  377. rcu_read_lock();
  378. tracercred = __task_cred(tracer);
  379. tsp = smack_cred(tracercred);
  380. tracer_known = smk_of_task(tsp);
  381. if ((mode & PTRACE_MODE_ATTACH) &&
  382. (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
  383. smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
  384. if (tracer_known->smk_known == tracee_known->smk_known)
  385. rc = 0;
  386. else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
  387. rc = -EACCES;
  388. else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
  389. rc = 0;
  390. else
  391. rc = -EACCES;
  392. if (saip)
  393. smack_log(tracer_known->smk_known,
  394. tracee_known->smk_known,
  395. 0, rc, saip);
  396. rcu_read_unlock();
  397. return rc;
  398. }
  399. /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
  400. rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
  401. rcu_read_unlock();
  402. return rc;
  403. }
  404. /*
  405. * LSM hooks.
  406. * We he, that is fun!
  407. */
  408. /**
  409. * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
  410. * @ctp: child task pointer
  411. * @mode: ptrace attachment mode (PTRACE_MODE_*)
  412. *
  413. * Returns 0 if access is OK, an error code otherwise
  414. *
  415. * Do the capability checks.
  416. */
  417. static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
  418. {
  419. struct smack_known *skp;
  420. skp = smk_of_task_struct_obj(ctp);
  421. return smk_ptrace_rule_check(current, skp, mode, __func__);
  422. }
  423. /**
  424. * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
  425. * @ptp: parent task pointer
  426. *
  427. * Returns 0 if access is OK, an error code otherwise
  428. *
  429. * Do the capability checks, and require PTRACE_MODE_ATTACH.
  430. */
  431. static int smack_ptrace_traceme(struct task_struct *ptp)
  432. {
  433. struct smack_known *skp;
  434. skp = smk_of_task(smack_cred(current_cred()));
  435. return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
  436. }
  437. /**
  438. * smack_syslog - Smack approval on syslog
  439. * @typefrom_file: unused
  440. *
  441. * Returns 0 on success, error code otherwise.
  442. */
  443. static int smack_syslog(int typefrom_file)
  444. {
  445. int rc = 0;
  446. struct smack_known *skp = smk_of_current();
  447. if (smack_privileged(CAP_MAC_OVERRIDE))
  448. return 0;
  449. if (smack_syslog_label != NULL && smack_syslog_label != skp)
  450. rc = -EACCES;
  451. return rc;
  452. }
  453. /*
  454. * Superblock Hooks.
  455. */
  456. /**
  457. * smack_sb_alloc_security - allocate a superblock blob
  458. * @sb: the superblock getting the blob
  459. *
  460. * Returns 0 on success or -ENOMEM on error.
  461. */
  462. static int smack_sb_alloc_security(struct super_block *sb)
  463. {
  464. struct superblock_smack *sbsp = smack_superblock(sb);
  465. sbsp->smk_root = &smack_known_floor;
  466. sbsp->smk_default = &smack_known_floor;
  467. sbsp->smk_floor = &smack_known_floor;
  468. sbsp->smk_hat = &smack_known_hat;
  469. /*
  470. * SMK_SB_INITIALIZED will be zero from kzalloc.
  471. */
  472. return 0;
  473. }
  474. struct smack_mnt_opts {
  475. const char *fsdefault;
  476. const char *fsfloor;
  477. const char *fshat;
  478. const char *fsroot;
  479. const char *fstransmute;
  480. };
  481. static void smack_free_mnt_opts(void *mnt_opts)
  482. {
  483. kfree(mnt_opts);
  484. }
  485. static int smack_add_opt(int token, const char *s, void **mnt_opts)
  486. {
  487. struct smack_mnt_opts *opts = *mnt_opts;
  488. struct smack_known *skp;
  489. if (!opts) {
  490. opts = kzalloc_obj(struct smack_mnt_opts);
  491. if (!opts)
  492. return -ENOMEM;
  493. *mnt_opts = opts;
  494. }
  495. if (!s)
  496. return -ENOMEM;
  497. skp = smk_import_entry(s, 0);
  498. if (IS_ERR(skp))
  499. return PTR_ERR(skp);
  500. switch (token) {
  501. case Opt_fsdefault:
  502. if (opts->fsdefault)
  503. goto out_opt_err;
  504. opts->fsdefault = skp->smk_known;
  505. break;
  506. case Opt_fsfloor:
  507. if (opts->fsfloor)
  508. goto out_opt_err;
  509. opts->fsfloor = skp->smk_known;
  510. break;
  511. case Opt_fshat:
  512. if (opts->fshat)
  513. goto out_opt_err;
  514. opts->fshat = skp->smk_known;
  515. break;
  516. case Opt_fsroot:
  517. if (opts->fsroot)
  518. goto out_opt_err;
  519. opts->fsroot = skp->smk_known;
  520. break;
  521. case Opt_fstransmute:
  522. if (opts->fstransmute)
  523. goto out_opt_err;
  524. opts->fstransmute = skp->smk_known;
  525. break;
  526. }
  527. return 0;
  528. out_opt_err:
  529. pr_warn("Smack: duplicate mount options\n");
  530. return -EINVAL;
  531. }
  532. /**
  533. * smack_fs_context_submount - Initialise security data for a filesystem context
  534. * @fc: The filesystem context.
  535. * @reference: reference superblock
  536. *
  537. * Returns 0 on success or -ENOMEM on error.
  538. */
  539. static int smack_fs_context_submount(struct fs_context *fc,
  540. struct super_block *reference)
  541. {
  542. struct superblock_smack *sbsp;
  543. struct smack_mnt_opts *ctx;
  544. struct inode_smack *isp;
  545. ctx = kzalloc_obj(*ctx);
  546. if (!ctx)
  547. return -ENOMEM;
  548. fc->security = ctx;
  549. sbsp = smack_superblock(reference);
  550. isp = smack_inode(reference->s_root->d_inode);
  551. if (sbsp->smk_default) {
  552. ctx->fsdefault = kstrdup(sbsp->smk_default->smk_known, GFP_KERNEL);
  553. if (!ctx->fsdefault)
  554. return -ENOMEM;
  555. }
  556. if (sbsp->smk_floor) {
  557. ctx->fsfloor = kstrdup(sbsp->smk_floor->smk_known, GFP_KERNEL);
  558. if (!ctx->fsfloor)
  559. return -ENOMEM;
  560. }
  561. if (sbsp->smk_hat) {
  562. ctx->fshat = kstrdup(sbsp->smk_hat->smk_known, GFP_KERNEL);
  563. if (!ctx->fshat)
  564. return -ENOMEM;
  565. }
  566. if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
  567. if (sbsp->smk_root) {
  568. ctx->fstransmute = kstrdup(sbsp->smk_root->smk_known, GFP_KERNEL);
  569. if (!ctx->fstransmute)
  570. return -ENOMEM;
  571. }
  572. }
  573. return 0;
  574. }
  575. /**
  576. * smack_fs_context_dup - Duplicate the security data on fs_context duplication
  577. * @fc: The new filesystem context.
  578. * @src_fc: The source filesystem context being duplicated.
  579. *
  580. * Returns 0 on success or -ENOMEM on error.
  581. */
  582. static int smack_fs_context_dup(struct fs_context *fc,
  583. struct fs_context *src_fc)
  584. {
  585. struct smack_mnt_opts *dst, *src = src_fc->security;
  586. if (!src)
  587. return 0;
  588. fc->security = kzalloc_obj(struct smack_mnt_opts);
  589. if (!fc->security)
  590. return -ENOMEM;
  591. dst = fc->security;
  592. dst->fsdefault = src->fsdefault;
  593. dst->fsfloor = src->fsfloor;
  594. dst->fshat = src->fshat;
  595. dst->fsroot = src->fsroot;
  596. dst->fstransmute = src->fstransmute;
  597. return 0;
  598. }
  599. static const struct fs_parameter_spec smack_fs_parameters[] = {
  600. fsparam_string("smackfsdef", Opt_fsdefault),
  601. fsparam_string("smackfsdefault", Opt_fsdefault),
  602. fsparam_string("smackfsfloor", Opt_fsfloor),
  603. fsparam_string("smackfshat", Opt_fshat),
  604. fsparam_string("smackfsroot", Opt_fsroot),
  605. fsparam_string("smackfstransmute", Opt_fstransmute),
  606. {}
  607. };
  608. /**
  609. * smack_fs_context_parse_param - Parse a single mount parameter
  610. * @fc: The new filesystem context being constructed.
  611. * @param: The parameter.
  612. *
  613. * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
  614. * error.
  615. */
  616. static int smack_fs_context_parse_param(struct fs_context *fc,
  617. struct fs_parameter *param)
  618. {
  619. struct fs_parse_result result;
  620. int opt, rc;
  621. opt = fs_parse(fc, smack_fs_parameters, param, &result);
  622. if (opt < 0)
  623. return opt;
  624. rc = smack_add_opt(opt, param->string, &fc->security);
  625. if (!rc)
  626. param->string = NULL;
  627. return rc;
  628. }
  629. static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
  630. {
  631. char *from = options, *to = options;
  632. bool first = true;
  633. while (1) {
  634. char *next = strchr(from, ',');
  635. int token, len, rc;
  636. char *arg = NULL;
  637. if (next)
  638. len = next - from;
  639. else
  640. len = strlen(from);
  641. token = match_opt_prefix(from, len, &arg);
  642. if (token != Opt_error) {
  643. arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
  644. rc = smack_add_opt(token, arg, mnt_opts);
  645. kfree(arg);
  646. if (unlikely(rc)) {
  647. if (*mnt_opts)
  648. smack_free_mnt_opts(*mnt_opts);
  649. *mnt_opts = NULL;
  650. return rc;
  651. }
  652. } else {
  653. if (!first) { // copy with preceding comma
  654. from--;
  655. len++;
  656. }
  657. if (to != from)
  658. memmove(to, from, len);
  659. to += len;
  660. first = false;
  661. }
  662. if (!from[len])
  663. break;
  664. from += len + 1;
  665. }
  666. *to = '\0';
  667. return 0;
  668. }
  669. /**
  670. * smack_set_mnt_opts - set Smack specific mount options
  671. * @sb: the file system superblock
  672. * @mnt_opts: Smack mount options
  673. * @kern_flags: mount option from kernel space or user space
  674. * @set_kern_flags: where to store converted mount opts
  675. *
  676. * Returns 0 on success, an error code on failure
  677. *
  678. * Allow filesystems with binary mount data to explicitly set Smack mount
  679. * labels.
  680. */
  681. static int smack_set_mnt_opts(struct super_block *sb,
  682. void *mnt_opts,
  683. unsigned long kern_flags,
  684. unsigned long *set_kern_flags)
  685. {
  686. struct dentry *root = sb->s_root;
  687. struct inode *inode = d_backing_inode(root);
  688. struct superblock_smack *sp = smack_superblock(sb);
  689. struct inode_smack *isp;
  690. struct smack_known *skp;
  691. struct smack_mnt_opts *opts = mnt_opts;
  692. bool transmute = false;
  693. if (sp->smk_flags & SMK_SB_INITIALIZED)
  694. return 0;
  695. if (!smack_privileged(CAP_MAC_ADMIN)) {
  696. /*
  697. * Unprivileged mounts don't get to specify Smack values.
  698. */
  699. if (opts)
  700. return -EPERM;
  701. /*
  702. * Unprivileged mounts get root and default from the caller.
  703. */
  704. skp = smk_of_current();
  705. sp->smk_root = skp;
  706. sp->smk_default = skp;
  707. /*
  708. * For a handful of fs types with no user-controlled
  709. * backing store it's okay to trust security labels
  710. * in the filesystem. The rest are untrusted.
  711. */
  712. if (sb->s_user_ns != &init_user_ns &&
  713. sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
  714. sb->s_magic != RAMFS_MAGIC) {
  715. transmute = true;
  716. sp->smk_flags |= SMK_SB_UNTRUSTED;
  717. }
  718. }
  719. sp->smk_flags |= SMK_SB_INITIALIZED;
  720. if (opts) {
  721. if (opts->fsdefault) {
  722. skp = smk_import_entry(opts->fsdefault, 0);
  723. if (IS_ERR(skp))
  724. return PTR_ERR(skp);
  725. sp->smk_default = skp;
  726. }
  727. if (opts->fsfloor) {
  728. skp = smk_import_entry(opts->fsfloor, 0);
  729. if (IS_ERR(skp))
  730. return PTR_ERR(skp);
  731. sp->smk_floor = skp;
  732. }
  733. if (opts->fshat) {
  734. skp = smk_import_entry(opts->fshat, 0);
  735. if (IS_ERR(skp))
  736. return PTR_ERR(skp);
  737. sp->smk_hat = skp;
  738. }
  739. if (opts->fsroot) {
  740. skp = smk_import_entry(opts->fsroot, 0);
  741. if (IS_ERR(skp))
  742. return PTR_ERR(skp);
  743. sp->smk_root = skp;
  744. }
  745. if (opts->fstransmute) {
  746. skp = smk_import_entry(opts->fstransmute, 0);
  747. if (IS_ERR(skp))
  748. return PTR_ERR(skp);
  749. sp->smk_root = skp;
  750. transmute = true;
  751. }
  752. }
  753. /*
  754. * Initialize the root inode.
  755. */
  756. init_inode_smack(inode, sp->smk_root);
  757. if (transmute) {
  758. isp = smack_inode(inode);
  759. isp->smk_flags |= SMK_INODE_TRANSMUTE;
  760. }
  761. return 0;
  762. }
  763. /**
  764. * smack_sb_statfs - Smack check on statfs
  765. * @dentry: identifies the file system in question
  766. *
  767. * Returns 0 if current can read the floor of the filesystem,
  768. * and error code otherwise
  769. */
  770. static int smack_sb_statfs(struct dentry *dentry)
  771. {
  772. struct superblock_smack *sbp = smack_superblock(dentry->d_sb);
  773. int rc;
  774. struct smk_audit_info ad;
  775. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  776. smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  777. rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
  778. rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
  779. return rc;
  780. }
  781. /*
  782. * BPRM hooks
  783. */
  784. /**
  785. * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec
  786. * @bprm: the exec information
  787. *
  788. * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
  789. */
  790. static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)
  791. {
  792. struct inode *inode = file_inode(bprm->file);
  793. struct task_smack *bsp = smack_cred(bprm->cred);
  794. struct inode_smack *isp;
  795. struct superblock_smack *sbsp;
  796. int rc;
  797. isp = smack_inode(inode);
  798. if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
  799. return 0;
  800. sbsp = smack_superblock(inode->i_sb);
  801. if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
  802. isp->smk_task != sbsp->smk_root)
  803. return 0;
  804. if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
  805. struct task_struct *tracer;
  806. rc = 0;
  807. rcu_read_lock();
  808. tracer = ptrace_parent(current);
  809. if (likely(tracer != NULL))
  810. rc = smk_ptrace_rule_check(tracer,
  811. isp->smk_task,
  812. PTRACE_MODE_ATTACH,
  813. __func__);
  814. rcu_read_unlock();
  815. if (rc != 0)
  816. return rc;
  817. }
  818. if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
  819. return -EPERM;
  820. bsp->smk_task = isp->smk_task;
  821. bprm->per_clear |= PER_CLEAR_ON_SETID;
  822. /* Decide if this is a secure exec. */
  823. if (bsp->smk_task != bsp->smk_forked)
  824. bprm->secureexec = 1;
  825. return 0;
  826. }
  827. /*
  828. * Inode hooks
  829. */
  830. /**
  831. * smack_inode_alloc_security - allocate an inode blob
  832. * @inode: the inode in need of a blob
  833. *
  834. * Returns 0
  835. */
  836. static int smack_inode_alloc_security(struct inode *inode)
  837. {
  838. struct smack_known *skp = smk_of_current();
  839. init_inode_smack(inode, skp);
  840. return 0;
  841. }
  842. /**
  843. * smk_rule_transmutes - does access rule for (subject,object) contain 't'?
  844. * @subject: a pointer to the subject's Smack label entry
  845. * @object: a pointer to the object's Smack label entry
  846. */
  847. static bool
  848. smk_rule_transmutes(struct smack_known *subject,
  849. const struct smack_known *object)
  850. {
  851. int may;
  852. rcu_read_lock();
  853. may = smk_access_entry(subject->smk_known, object->smk_known,
  854. &subject->smk_rules);
  855. rcu_read_unlock();
  856. return (may > 0) && (may & MAY_TRANSMUTE);
  857. }
  858. static int
  859. xattr_dupval(struct xattr *xattrs, int *xattr_count,
  860. const char *name, const void *value, unsigned int vallen)
  861. {
  862. struct xattr * const xattr = lsm_get_xattr_slot(xattrs, xattr_count);
  863. if (!xattr)
  864. return 0;
  865. xattr->value = kmemdup(value, vallen, GFP_NOFS);
  866. if (!xattr->value)
  867. return -ENOMEM;
  868. xattr->value_len = vallen;
  869. xattr->name = name;
  870. return 0;
  871. }
  872. /**
  873. * smack_inode_init_security - copy out the smack from an inode
  874. * @inode: the newly created inode
  875. * @dir: containing directory object
  876. * @qstr: unused
  877. * @xattrs: where to put the attributes
  878. * @xattr_count: current number of LSM-provided xattrs (updated)
  879. *
  880. * Returns 0 if it all works out, -ENOMEM if there's no memory
  881. */
  882. static int smack_inode_init_security(struct inode *inode, struct inode *dir,
  883. const struct qstr *qstr,
  884. struct xattr *xattrs, int *xattr_count)
  885. {
  886. struct task_smack *tsp = smack_cred(current_cred());
  887. struct inode_smack * const issp = smack_inode(inode);
  888. struct smack_known *dsp = smk_of_inode(dir);
  889. int rc = 0;
  890. int transflag = 0;
  891. bool trans_cred;
  892. bool trans_rule;
  893. /*
  894. * UNIX domain sockets use lower level socket data. Let
  895. * UDS inode have fixed * label to keep smack_inode_permission() calm
  896. * when called from unix_find_bsd()
  897. */
  898. if (S_ISSOCK(inode->i_mode)) {
  899. /* forced label, no need to save to xattrs */
  900. issp->smk_inode = &smack_known_star;
  901. goto instant_inode;
  902. }
  903. /*
  904. * If equal, transmuting already occurred in
  905. * smack_dentry_create_files_as(). No need to check again.
  906. */
  907. trans_cred = (tsp->smk_task == tsp->smk_transmuted);
  908. if (!trans_cred)
  909. trans_rule = smk_rule_transmutes(smk_of_task(tsp), dsp);
  910. /*
  911. * In addition to having smk_task equal to smk_transmuted,
  912. * if the access rule allows transmutation and the directory
  913. * requests transmutation then by all means transmute.
  914. * Mark the inode as changed.
  915. */
  916. if (trans_cred || (trans_rule && smk_inode_transmutable(dir))) {
  917. /*
  918. * The caller of smack_dentry_create_files_as()
  919. * should have overridden the current cred, so the
  920. * inode label was already set correctly in
  921. * smack_inode_alloc_security().
  922. */
  923. if (!trans_cred)
  924. issp->smk_inode = dsp;
  925. if (S_ISDIR(inode->i_mode)) {
  926. transflag = SMK_INODE_TRANSMUTE;
  927. if (xattr_dupval(xattrs, xattr_count,
  928. XATTR_SMACK_TRANSMUTE,
  929. TRANS_TRUE,
  930. TRANS_TRUE_SIZE
  931. ))
  932. rc = -ENOMEM;
  933. }
  934. }
  935. if (rc == 0)
  936. if (xattr_dupval(xattrs, xattr_count,
  937. XATTR_SMACK_SUFFIX,
  938. issp->smk_inode->smk_known,
  939. strlen(issp->smk_inode->smk_known)
  940. ))
  941. rc = -ENOMEM;
  942. instant_inode:
  943. issp->smk_flags |= (SMK_INODE_INSTANT | transflag);
  944. return rc;
  945. }
  946. /**
  947. * smack_inode_link - Smack check on link
  948. * @old_dentry: the existing object
  949. * @dir: unused
  950. * @new_dentry: the new object
  951. *
  952. * Returns 0 if access is permitted, an error code otherwise
  953. */
  954. static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
  955. struct dentry *new_dentry)
  956. {
  957. struct smack_known *isp;
  958. struct smk_audit_info ad;
  959. int rc;
  960. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  961. smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
  962. isp = smk_of_inode(d_backing_inode(old_dentry));
  963. rc = smk_curacc(isp, MAY_WRITE, &ad);
  964. rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
  965. if (rc == 0 && d_is_positive(new_dentry)) {
  966. isp = smk_of_inode(d_backing_inode(new_dentry));
  967. smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
  968. rc = smk_curacc(isp, MAY_WRITE, &ad);
  969. rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
  970. }
  971. return rc;
  972. }
  973. /**
  974. * smack_inode_unlink - Smack check on inode deletion
  975. * @dir: containing directory object
  976. * @dentry: file to unlink
  977. *
  978. * Returns 0 if current can write the containing directory
  979. * and the object, error code otherwise
  980. */
  981. static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
  982. {
  983. struct inode *ip = d_backing_inode(dentry);
  984. struct smk_audit_info ad;
  985. int rc;
  986. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  987. smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  988. /*
  989. * You need write access to the thing you're unlinking
  990. */
  991. rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
  992. rc = smk_bu_inode(ip, MAY_WRITE, rc);
  993. if (rc == 0) {
  994. /*
  995. * You also need write access to the containing directory
  996. */
  997. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
  998. smk_ad_setfield_u_fs_inode(&ad, dir);
  999. rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
  1000. rc = smk_bu_inode(dir, MAY_WRITE, rc);
  1001. }
  1002. return rc;
  1003. }
  1004. /**
  1005. * smack_inode_rmdir - Smack check on directory deletion
  1006. * @dir: containing directory object
  1007. * @dentry: directory to unlink
  1008. *
  1009. * Returns 0 if current can write the containing directory
  1010. * and the directory, error code otherwise
  1011. */
  1012. static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
  1013. {
  1014. struct smk_audit_info ad;
  1015. int rc;
  1016. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  1017. smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  1018. /*
  1019. * You need write access to the thing you're removing
  1020. */
  1021. rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  1022. rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
  1023. if (rc == 0) {
  1024. /*
  1025. * You also need write access to the containing directory
  1026. */
  1027. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
  1028. smk_ad_setfield_u_fs_inode(&ad, dir);
  1029. rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
  1030. rc = smk_bu_inode(dir, MAY_WRITE, rc);
  1031. }
  1032. return rc;
  1033. }
  1034. /**
  1035. * smack_inode_rename - Smack check on rename
  1036. * @old_inode: unused
  1037. * @old_dentry: the old object
  1038. * @new_inode: unused
  1039. * @new_dentry: the new object
  1040. *
  1041. * Read and write access is required on both the old and
  1042. * new directories.
  1043. *
  1044. * Returns 0 if access is permitted, an error code otherwise
  1045. */
  1046. static int smack_inode_rename(struct inode *old_inode,
  1047. struct dentry *old_dentry,
  1048. struct inode *new_inode,
  1049. struct dentry *new_dentry)
  1050. {
  1051. int rc;
  1052. struct smack_known *isp;
  1053. struct smk_audit_info ad;
  1054. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  1055. smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
  1056. isp = smk_of_inode(d_backing_inode(old_dentry));
  1057. rc = smk_curacc(isp, MAY_READWRITE, &ad);
  1058. rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
  1059. if (rc == 0 && d_is_positive(new_dentry)) {
  1060. isp = smk_of_inode(d_backing_inode(new_dentry));
  1061. smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
  1062. rc = smk_curacc(isp, MAY_READWRITE, &ad);
  1063. rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
  1064. }
  1065. return rc;
  1066. }
  1067. /**
  1068. * smack_inode_permission - Smack version of permission()
  1069. * @inode: the inode in question
  1070. * @mask: the access requested
  1071. *
  1072. * This is the important Smack hook.
  1073. *
  1074. * Returns 0 if access is permitted, an error code otherwise
  1075. */
  1076. static int smack_inode_permission(struct inode *inode, int mask)
  1077. {
  1078. struct superblock_smack *sbsp = smack_superblock(inode->i_sb);
  1079. struct smk_audit_info ad;
  1080. int no_block = mask & MAY_NOT_BLOCK;
  1081. int rc;
  1082. mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
  1083. /*
  1084. * No permission to check. Existence test. Yup, it's there.
  1085. */
  1086. if (mask == 0)
  1087. return 0;
  1088. if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
  1089. if (smk_of_inode(inode) != sbsp->smk_root)
  1090. return -EACCES;
  1091. }
  1092. /* May be droppable after audit */
  1093. if (no_block)
  1094. return -ECHILD;
  1095. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
  1096. smk_ad_setfield_u_fs_inode(&ad, inode);
  1097. rc = smk_curacc(smk_of_inode(inode), mask, &ad);
  1098. rc = smk_bu_inode(inode, mask, rc);
  1099. return rc;
  1100. }
  1101. /**
  1102. * smack_inode_setattr - Smack check for setting attributes
  1103. * @idmap: idmap of the mount
  1104. * @dentry: the object
  1105. * @iattr: for the force flag
  1106. *
  1107. * Returns 0 if access is permitted, an error code otherwise
  1108. */
  1109. static int smack_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
  1110. struct iattr *iattr)
  1111. {
  1112. struct smk_audit_info ad;
  1113. int rc;
  1114. /*
  1115. * Need to allow for clearing the setuid bit.
  1116. */
  1117. if (iattr->ia_valid & ATTR_FORCE)
  1118. return 0;
  1119. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  1120. smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  1121. rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  1122. rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
  1123. return rc;
  1124. }
  1125. /**
  1126. * smack_inode_getattr - Smack check for getting attributes
  1127. * @path: path to extract the info from
  1128. *
  1129. * Returns 0 if access is permitted, an error code otherwise
  1130. */
  1131. static int smack_inode_getattr(const struct path *path)
  1132. {
  1133. struct smk_audit_info ad;
  1134. struct inode *inode = d_backing_inode(path->dentry);
  1135. int rc;
  1136. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  1137. smk_ad_setfield_u_fs_path(&ad, *path);
  1138. rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
  1139. rc = smk_bu_inode(inode, MAY_READ, rc);
  1140. return rc;
  1141. }
  1142. /**
  1143. * smack_inode_xattr_skipcap - Skip the xattr capability checks?
  1144. * @name: name of the xattr
  1145. *
  1146. * Returns 1 to indicate that Smack "owns" the access control rights to xattrs
  1147. * named @name; the LSM layer should avoid enforcing any traditional
  1148. * capability based access controls on this xattr. Returns 0 to indicate that
  1149. * Smack does not "own" the access control rights to xattrs named @name and is
  1150. * deferring to the LSM layer for further access controls, including capability
  1151. * based controls.
  1152. */
  1153. static int smack_inode_xattr_skipcap(const char *name)
  1154. {
  1155. if (strncmp(name, XATTR_SMACK_SUFFIX, strlen(XATTR_SMACK_SUFFIX)))
  1156. return 0;
  1157. if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
  1158. strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
  1159. strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
  1160. strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
  1161. strcmp(name, XATTR_NAME_SMACKMMAP) == 0 ||
  1162. strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
  1163. return 1;
  1164. return 0;
  1165. }
  1166. /**
  1167. * smack_inode_setxattr - Smack check for setting xattrs
  1168. * @idmap: idmap of the mount
  1169. * @dentry: the object
  1170. * @name: name of the attribute
  1171. * @value: value of the attribute
  1172. * @size: size of the value
  1173. * @flags: unused
  1174. *
  1175. * This protects the Smack attribute explicitly.
  1176. *
  1177. * Returns 0 if access is permitted, an error code otherwise
  1178. */
  1179. static int smack_inode_setxattr(struct mnt_idmap *idmap,
  1180. struct dentry *dentry, const char *name,
  1181. const void *value, size_t size, int flags)
  1182. {
  1183. struct smk_audit_info ad;
  1184. struct smack_known *skp;
  1185. int check_priv = 0;
  1186. int check_import = 0;
  1187. int check_star = 0;
  1188. int rc = 0;
  1189. umode_t const i_mode = d_backing_inode(dentry)->i_mode;
  1190. /*
  1191. * Check label validity here so import won't fail in post_setxattr
  1192. */
  1193. if (strcmp(name, XATTR_NAME_SMACK) == 0) {
  1194. /*
  1195. * UDS inode has fixed label
  1196. */
  1197. if (S_ISSOCK(i_mode)) {
  1198. rc = -EINVAL;
  1199. } else {
  1200. check_priv = 1;
  1201. check_import = 1;
  1202. }
  1203. } else if (strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
  1204. strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
  1205. check_priv = 1;
  1206. check_import = 1;
  1207. } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
  1208. strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
  1209. check_priv = 1;
  1210. check_import = 1;
  1211. check_star = 1;
  1212. } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
  1213. check_priv = 1;
  1214. if (!S_ISDIR(i_mode) ||
  1215. size != TRANS_TRUE_SIZE ||
  1216. strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
  1217. rc = -EINVAL;
  1218. }
  1219. if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
  1220. rc = -EPERM;
  1221. if (rc == 0 && check_import) {
  1222. skp = size ? smk_import_entry(value, size) : NULL;
  1223. if (IS_ERR(skp))
  1224. rc = PTR_ERR(skp);
  1225. else if (skp == NULL || (check_star &&
  1226. (skp == &smack_known_star || skp == &smack_known_web)))
  1227. rc = -EINVAL;
  1228. }
  1229. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  1230. smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  1231. if (rc == 0) {
  1232. rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  1233. rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
  1234. }
  1235. return rc;
  1236. }
  1237. /**
  1238. * smack_inode_post_setxattr - Apply the Smack update approved above
  1239. * @dentry: object
  1240. * @name: attribute name
  1241. * @value: attribute value
  1242. * @size: attribute size
  1243. * @flags: unused
  1244. *
  1245. * Set the pointer in the inode blob to the entry found
  1246. * in the master label list.
  1247. */
  1248. static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
  1249. const void *value, size_t size, int flags)
  1250. {
  1251. struct smack_known *skp;
  1252. struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
  1253. if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
  1254. isp->smk_flags |= SMK_INODE_TRANSMUTE;
  1255. return;
  1256. }
  1257. if (strcmp(name, XATTR_NAME_SMACK) == 0) {
  1258. skp = smk_import_entry(value, size);
  1259. if (!IS_ERR(skp))
  1260. isp->smk_inode = skp;
  1261. } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
  1262. skp = smk_import_entry(value, size);
  1263. if (!IS_ERR(skp))
  1264. isp->smk_task = skp;
  1265. } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
  1266. skp = smk_import_entry(value, size);
  1267. if (!IS_ERR(skp))
  1268. isp->smk_mmap = skp;
  1269. }
  1270. return;
  1271. }
  1272. /**
  1273. * smack_inode_getxattr - Smack check on getxattr
  1274. * @dentry: the object
  1275. * @name: unused
  1276. *
  1277. * Returns 0 if access is permitted, an error code otherwise
  1278. */
  1279. static int smack_inode_getxattr(struct dentry *dentry, const char *name)
  1280. {
  1281. struct smk_audit_info ad;
  1282. int rc;
  1283. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  1284. smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  1285. rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
  1286. rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
  1287. return rc;
  1288. }
  1289. /**
  1290. * smack_inode_removexattr - Smack check on removexattr
  1291. * @idmap: idmap of the mount
  1292. * @dentry: the object
  1293. * @name: name of the attribute
  1294. *
  1295. * Removing the Smack attribute requires CAP_MAC_ADMIN
  1296. *
  1297. * Returns 0 if access is permitted, an error code otherwise
  1298. */
  1299. static int smack_inode_removexattr(struct mnt_idmap *idmap,
  1300. struct dentry *dentry, const char *name)
  1301. {
  1302. struct inode_smack *isp;
  1303. struct smk_audit_info ad;
  1304. int rc = 0;
  1305. if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
  1306. strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
  1307. strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
  1308. strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
  1309. strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
  1310. strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
  1311. if (!smack_privileged(CAP_MAC_ADMIN))
  1312. rc = -EPERM;
  1313. }
  1314. if (rc != 0)
  1315. return rc;
  1316. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  1317. smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  1318. rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  1319. rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
  1320. if (rc != 0)
  1321. return rc;
  1322. isp = smack_inode(d_backing_inode(dentry));
  1323. /*
  1324. * Don't do anything special for these.
  1325. * XATTR_NAME_SMACKIPIN
  1326. * XATTR_NAME_SMACKIPOUT
  1327. * XATTR_NAME_SMACK if S_ISSOCK (UDS inode has fixed label)
  1328. */
  1329. if (strcmp(name, XATTR_NAME_SMACK) == 0) {
  1330. if (!S_ISSOCK(d_backing_inode(dentry)->i_mode)) {
  1331. struct super_block *sbp = dentry->d_sb;
  1332. struct superblock_smack *sbsp = smack_superblock(sbp);
  1333. isp->smk_inode = sbsp->smk_default;
  1334. }
  1335. } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
  1336. isp->smk_task = NULL;
  1337. else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
  1338. isp->smk_mmap = NULL;
  1339. else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
  1340. isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
  1341. return 0;
  1342. }
  1343. /**
  1344. * smack_inode_set_acl - Smack check for setting posix acls
  1345. * @idmap: idmap of the mnt this request came from
  1346. * @dentry: the object
  1347. * @acl_name: name of the posix acl
  1348. * @kacl: the posix acls
  1349. *
  1350. * Returns 0 if access is permitted, an error code otherwise
  1351. */
  1352. static int smack_inode_set_acl(struct mnt_idmap *idmap,
  1353. struct dentry *dentry, const char *acl_name,
  1354. struct posix_acl *kacl)
  1355. {
  1356. struct smk_audit_info ad;
  1357. int rc;
  1358. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  1359. smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  1360. rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  1361. rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
  1362. return rc;
  1363. }
  1364. /**
  1365. * smack_inode_get_acl - Smack check for getting posix acls
  1366. * @idmap: idmap of the mnt this request came from
  1367. * @dentry: the object
  1368. * @acl_name: name of the posix acl
  1369. *
  1370. * Returns 0 if access is permitted, an error code otherwise
  1371. */
  1372. static int smack_inode_get_acl(struct mnt_idmap *idmap,
  1373. struct dentry *dentry, const char *acl_name)
  1374. {
  1375. struct smk_audit_info ad;
  1376. int rc;
  1377. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  1378. smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  1379. rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
  1380. rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
  1381. return rc;
  1382. }
  1383. /**
  1384. * smack_inode_remove_acl - Smack check for getting posix acls
  1385. * @idmap: idmap of the mnt this request came from
  1386. * @dentry: the object
  1387. * @acl_name: name of the posix acl
  1388. *
  1389. * Returns 0 if access is permitted, an error code otherwise
  1390. */
  1391. static int smack_inode_remove_acl(struct mnt_idmap *idmap,
  1392. struct dentry *dentry, const char *acl_name)
  1393. {
  1394. struct smk_audit_info ad;
  1395. int rc;
  1396. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
  1397. smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  1398. rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  1399. rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
  1400. return rc;
  1401. }
  1402. /**
  1403. * smack_inode_getsecurity - get smack xattrs
  1404. * @idmap: idmap of the mount
  1405. * @inode: the object
  1406. * @name: attribute name
  1407. * @buffer: where to put the result
  1408. * @alloc: duplicate memory
  1409. *
  1410. * Returns the size of the attribute or an error code
  1411. */
  1412. static int smack_inode_getsecurity(struct mnt_idmap *idmap,
  1413. struct inode *inode, const char *name,
  1414. void **buffer, bool alloc)
  1415. {
  1416. struct socket_smack *ssp;
  1417. struct socket *sock;
  1418. struct super_block *sbp;
  1419. struct inode *ip = inode;
  1420. struct smack_known *isp;
  1421. struct inode_smack *ispp;
  1422. size_t label_len;
  1423. char *label = NULL;
  1424. if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
  1425. isp = smk_of_inode(inode);
  1426. } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
  1427. ispp = smack_inode(inode);
  1428. if (ispp->smk_flags & SMK_INODE_TRANSMUTE)
  1429. label = TRANS_TRUE;
  1430. else
  1431. label = "";
  1432. } else {
  1433. /*
  1434. * The rest of the Smack xattrs are only on sockets.
  1435. */
  1436. sbp = ip->i_sb;
  1437. if (sbp->s_magic != SOCKFS_MAGIC)
  1438. return -EOPNOTSUPP;
  1439. sock = SOCKET_I(ip);
  1440. if (sock == NULL || sock->sk == NULL)
  1441. return -EOPNOTSUPP;
  1442. ssp = smack_sock(sock->sk);
  1443. if (strcmp(name, XATTR_SMACK_IPIN) == 0)
  1444. isp = ssp->smk_in;
  1445. else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
  1446. isp = ssp->smk_out;
  1447. else
  1448. return -EOPNOTSUPP;
  1449. }
  1450. if (!label)
  1451. label = isp->smk_known;
  1452. label_len = strlen(label);
  1453. if (alloc) {
  1454. *buffer = kstrdup(label, GFP_KERNEL);
  1455. if (*buffer == NULL)
  1456. return -ENOMEM;
  1457. }
  1458. return label_len;
  1459. }
  1460. /**
  1461. * smack_inode_listsecurity - list the Smack attributes
  1462. * @inode: the object
  1463. * @buffer: where they go
  1464. * @buffer_size: size of buffer
  1465. */
  1466. static int smack_inode_listsecurity(struct inode *inode, char *buffer,
  1467. size_t buffer_size)
  1468. {
  1469. int len = sizeof(XATTR_NAME_SMACK);
  1470. if (buffer != NULL && len <= buffer_size)
  1471. memcpy(buffer, XATTR_NAME_SMACK, len);
  1472. return len;
  1473. }
  1474. /**
  1475. * smack_inode_getlsmprop - Extract inode's security id
  1476. * @inode: inode to extract the info from
  1477. * @prop: where result will be saved
  1478. */
  1479. static void smack_inode_getlsmprop(struct inode *inode, struct lsm_prop *prop)
  1480. {
  1481. prop->smack.skp = smk_of_inode(inode);
  1482. }
  1483. /*
  1484. * File Hooks
  1485. */
  1486. /*
  1487. * There is no smack_file_permission hook
  1488. *
  1489. * Should access checks be done on each read or write?
  1490. * UNICOS and SELinux say yes.
  1491. * Trusted Solaris, Trusted Irix, and just about everyone else says no.
  1492. *
  1493. * I'll say no for now. Smack does not do the frequent
  1494. * label changing that SELinux does.
  1495. */
  1496. /**
  1497. * smack_file_alloc_security - assign a file security blob
  1498. * @file: the object
  1499. *
  1500. * The security blob for a file is a pointer to the master
  1501. * label list, so no allocation is done.
  1502. *
  1503. * f_security is the owner security information. It
  1504. * isn't used on file access checks, it's for send_sigio.
  1505. *
  1506. * Returns 0
  1507. */
  1508. static int smack_file_alloc_security(struct file *file)
  1509. {
  1510. struct smack_known **blob = smack_file(file);
  1511. *blob = smk_of_current();
  1512. return 0;
  1513. }
  1514. /**
  1515. * smack_file_ioctl - Smack check on ioctls
  1516. * @file: the object
  1517. * @cmd: what to do
  1518. * @arg: unused
  1519. *
  1520. * Relies heavily on the correct use of the ioctl command conventions.
  1521. *
  1522. * Returns 0 if allowed, error code otherwise
  1523. */
  1524. static int smack_file_ioctl(struct file *file, unsigned int cmd,
  1525. unsigned long arg)
  1526. {
  1527. int rc = 0;
  1528. struct smk_audit_info ad;
  1529. struct inode *inode = file_inode(file);
  1530. if (unlikely(IS_PRIVATE(inode)))
  1531. return 0;
  1532. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  1533. smk_ad_setfield_u_fs_path(&ad, file->f_path);
  1534. if (_IOC_DIR(cmd) & _IOC_WRITE) {
  1535. rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
  1536. rc = smk_bu_file(file, MAY_WRITE, rc);
  1537. }
  1538. if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
  1539. rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
  1540. rc = smk_bu_file(file, MAY_READ, rc);
  1541. }
  1542. return rc;
  1543. }
  1544. /**
  1545. * smack_file_lock - Smack check on file locking
  1546. * @file: the object
  1547. * @cmd: unused
  1548. *
  1549. * Returns 0 if current has lock access, error code otherwise
  1550. */
  1551. static int smack_file_lock(struct file *file, unsigned int cmd)
  1552. {
  1553. struct smk_audit_info ad;
  1554. int rc;
  1555. struct inode *inode = file_inode(file);
  1556. if (unlikely(IS_PRIVATE(inode)))
  1557. return 0;
  1558. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  1559. smk_ad_setfield_u_fs_path(&ad, file->f_path);
  1560. rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
  1561. rc = smk_bu_file(file, MAY_LOCK, rc);
  1562. return rc;
  1563. }
  1564. /**
  1565. * smack_file_fcntl - Smack check on fcntl
  1566. * @file: the object
  1567. * @cmd: what action to check
  1568. * @arg: unused
  1569. *
  1570. * Generally these operations are harmless.
  1571. * File locking operations present an obvious mechanism
  1572. * for passing information, so they require write access.
  1573. *
  1574. * Returns 0 if current has access, error code otherwise
  1575. */
  1576. static int smack_file_fcntl(struct file *file, unsigned int cmd,
  1577. unsigned long arg)
  1578. {
  1579. struct smk_audit_info ad;
  1580. int rc = 0;
  1581. struct inode *inode = file_inode(file);
  1582. if (unlikely(IS_PRIVATE(inode)))
  1583. return 0;
  1584. switch (cmd) {
  1585. case F_GETLK:
  1586. break;
  1587. case F_SETLK:
  1588. case F_SETLKW:
  1589. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  1590. smk_ad_setfield_u_fs_path(&ad, file->f_path);
  1591. rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
  1592. rc = smk_bu_file(file, MAY_LOCK, rc);
  1593. break;
  1594. case F_SETOWN:
  1595. case F_SETSIG:
  1596. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  1597. smk_ad_setfield_u_fs_path(&ad, file->f_path);
  1598. rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
  1599. rc = smk_bu_file(file, MAY_WRITE, rc);
  1600. break;
  1601. default:
  1602. break;
  1603. }
  1604. return rc;
  1605. }
  1606. /**
  1607. * smack_mmap_file - Check permissions for a mmap operation.
  1608. * @file: contains the file structure for file to map (may be NULL).
  1609. * @reqprot: contains the protection requested by the application.
  1610. * @prot: contains the protection that will be applied by the kernel.
  1611. * @flags: contains the operational flags.
  1612. *
  1613. * The @file may be NULL, e.g. if mapping anonymous memory.
  1614. *
  1615. * Return 0 if permission is granted.
  1616. */
  1617. static int smack_mmap_file(struct file *file,
  1618. unsigned long reqprot, unsigned long prot,
  1619. unsigned long flags)
  1620. {
  1621. struct smack_known *skp;
  1622. struct smack_known *mkp;
  1623. struct smack_rule *srp;
  1624. struct task_smack *tsp;
  1625. struct smack_known *okp;
  1626. struct inode_smack *isp;
  1627. struct superblock_smack *sbsp;
  1628. int may;
  1629. int mmay;
  1630. int tmay;
  1631. int rc;
  1632. if (file == NULL)
  1633. return 0;
  1634. if (unlikely(IS_PRIVATE(file_inode(file))))
  1635. return 0;
  1636. isp = smack_inode(file_inode(file));
  1637. if (isp->smk_mmap == NULL)
  1638. return 0;
  1639. sbsp = smack_superblock(file_inode(file)->i_sb);
  1640. if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
  1641. isp->smk_mmap != sbsp->smk_root)
  1642. return -EACCES;
  1643. mkp = isp->smk_mmap;
  1644. tsp = smack_cred(current_cred());
  1645. skp = smk_of_current();
  1646. rc = 0;
  1647. rcu_read_lock();
  1648. /*
  1649. * For each Smack rule associated with the subject
  1650. * label verify that the SMACK64MMAP also has access
  1651. * to that rule's object label.
  1652. */
  1653. list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
  1654. okp = srp->smk_object;
  1655. /*
  1656. * Matching labels always allows access.
  1657. */
  1658. if (mkp->smk_known == okp->smk_known)
  1659. continue;
  1660. /*
  1661. * If there is a matching local rule take
  1662. * that into account as well.
  1663. */
  1664. may = smk_access_entry(srp->smk_subject->smk_known,
  1665. okp->smk_known,
  1666. &tsp->smk_rules);
  1667. if (may == -ENOENT)
  1668. may = srp->smk_access;
  1669. else
  1670. may &= srp->smk_access;
  1671. /*
  1672. * If may is zero the SMACK64MMAP subject can't
  1673. * possibly have less access.
  1674. */
  1675. if (may == 0)
  1676. continue;
  1677. /*
  1678. * Fetch the global list entry.
  1679. * If there isn't one a SMACK64MMAP subject
  1680. * can't have as much access as current.
  1681. */
  1682. mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
  1683. &mkp->smk_rules);
  1684. if (mmay == -ENOENT) {
  1685. rc = -EACCES;
  1686. break;
  1687. }
  1688. /*
  1689. * If there is a local entry it modifies the
  1690. * potential access, too.
  1691. */
  1692. tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
  1693. &tsp->smk_rules);
  1694. if (tmay != -ENOENT)
  1695. mmay &= tmay;
  1696. /*
  1697. * If there is any access available to current that is
  1698. * not available to a SMACK64MMAP subject
  1699. * deny access.
  1700. */
  1701. if ((may | mmay) != mmay) {
  1702. rc = -EACCES;
  1703. break;
  1704. }
  1705. }
  1706. rcu_read_unlock();
  1707. return rc;
  1708. }
  1709. /**
  1710. * smack_file_set_fowner - set the file security blob value
  1711. * @file: object in question
  1712. *
  1713. */
  1714. static void smack_file_set_fowner(struct file *file)
  1715. {
  1716. struct smack_known **blob = smack_file(file);
  1717. *blob = smk_of_current();
  1718. }
  1719. /**
  1720. * smack_file_send_sigiotask - Smack on sigio
  1721. * @tsk: The target task
  1722. * @fown: the object the signal come from
  1723. * @signum: unused
  1724. *
  1725. * Allow a privileged task to get signals even if it shouldn't
  1726. *
  1727. * Returns 0 if a subject with the object's smack could
  1728. * write to the task, an error code otherwise.
  1729. */
  1730. static int smack_file_send_sigiotask(struct task_struct *tsk,
  1731. struct fown_struct *fown, int signum)
  1732. {
  1733. struct smack_known **blob;
  1734. struct smack_known *skp;
  1735. struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
  1736. const struct cred *tcred;
  1737. struct file *file;
  1738. int rc;
  1739. struct smk_audit_info ad;
  1740. /*
  1741. * struct fown_struct is never outside the context of a struct file
  1742. */
  1743. file = fown->file;
  1744. /* we don't log here as rc can be overridden */
  1745. blob = smack_file(file);
  1746. skp = *blob;
  1747. rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
  1748. rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
  1749. rcu_read_lock();
  1750. tcred = __task_cred(tsk);
  1751. if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
  1752. rc = 0;
  1753. rcu_read_unlock();
  1754. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
  1755. smk_ad_setfield_u_tsk(&ad, tsk);
  1756. smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
  1757. return rc;
  1758. }
  1759. /**
  1760. * smack_file_receive - Smack file receive check
  1761. * @file: the object
  1762. *
  1763. * Returns 0 if current has access, error code otherwise
  1764. */
  1765. static int smack_file_receive(struct file *file)
  1766. {
  1767. int rc;
  1768. int may = 0;
  1769. struct smk_audit_info ad;
  1770. struct inode *inode = file_inode(file);
  1771. struct socket *sock;
  1772. struct task_smack *tsp;
  1773. struct socket_smack *ssp;
  1774. if (unlikely(IS_PRIVATE(inode)))
  1775. return 0;
  1776. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  1777. smk_ad_setfield_u_fs_path(&ad, file->f_path);
  1778. if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
  1779. sock = SOCKET_I(inode);
  1780. ssp = smack_sock(sock->sk);
  1781. tsp = smack_cred(current_cred());
  1782. /*
  1783. * If the receiving process can't write to the
  1784. * passed socket or if the passed socket can't
  1785. * write to the receiving process don't accept
  1786. * the passed socket.
  1787. */
  1788. rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
  1789. rc = smk_bu_file(file, may, rc);
  1790. if (rc < 0)
  1791. return rc;
  1792. rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
  1793. rc = smk_bu_file(file, may, rc);
  1794. return rc;
  1795. }
  1796. /*
  1797. * This code relies on bitmasks.
  1798. */
  1799. if (file->f_mode & FMODE_READ)
  1800. may = MAY_READ;
  1801. if (file->f_mode & FMODE_WRITE)
  1802. may |= MAY_WRITE;
  1803. rc = smk_curacc(smk_of_inode(inode), may, &ad);
  1804. rc = smk_bu_file(file, may, rc);
  1805. return rc;
  1806. }
  1807. /**
  1808. * smack_file_open - Smack dentry open processing
  1809. * @file: the object
  1810. *
  1811. * Set the security blob in the file structure.
  1812. * Allow the open only if the task has read access. There are
  1813. * many read operations (e.g. fstat) that you can do with an
  1814. * fd even if you have the file open write-only.
  1815. *
  1816. * Returns 0 if current has access, error code otherwise
  1817. */
  1818. static int smack_file_open(struct file *file)
  1819. {
  1820. struct task_smack *tsp = smack_cred(file->f_cred);
  1821. struct inode *inode = file_inode(file);
  1822. struct smk_audit_info ad;
  1823. int rc;
  1824. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  1825. smk_ad_setfield_u_fs_path(&ad, file->f_path);
  1826. rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
  1827. rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
  1828. return rc;
  1829. }
  1830. /*
  1831. * Task hooks
  1832. */
  1833. /**
  1834. * smack_cred_alloc_blank - "allocate" blank task-level security credentials
  1835. * @cred: the new credentials
  1836. * @gfp: the atomicity of any memory allocations
  1837. *
  1838. * Prepare a blank set of credentials for modification. This must allocate all
  1839. * the memory the LSM module might require such that cred_transfer() can
  1840. * complete without error.
  1841. */
  1842. static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
  1843. {
  1844. init_task_smack(smack_cred(cred), NULL, NULL);
  1845. return 0;
  1846. }
  1847. /**
  1848. * smack_cred_free - "free" task-level security credentials
  1849. * @cred: the credentials in question
  1850. *
  1851. */
  1852. static void smack_cred_free(struct cred *cred)
  1853. {
  1854. struct task_smack *tsp = smack_cred(cred);
  1855. struct smack_rule *rp;
  1856. struct list_head *l;
  1857. struct list_head *n;
  1858. smk_destroy_label_list(&tsp->smk_relabel);
  1859. list_for_each_safe(l, n, &tsp->smk_rules) {
  1860. rp = list_entry(l, struct smack_rule, list);
  1861. list_del(&rp->list);
  1862. kmem_cache_free(smack_rule_cache, rp);
  1863. }
  1864. }
  1865. /**
  1866. * smack_cred_prepare - prepare new set of credentials for modification
  1867. * @new: the new credentials
  1868. * @old: the original credentials
  1869. * @gfp: the atomicity of any memory allocations
  1870. *
  1871. * Prepare a new set of credentials for modification.
  1872. */
  1873. static int smack_cred_prepare(struct cred *new, const struct cred *old,
  1874. gfp_t gfp)
  1875. {
  1876. struct task_smack *old_tsp = smack_cred(old);
  1877. struct task_smack *new_tsp = smack_cred(new);
  1878. int rc;
  1879. init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
  1880. rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
  1881. if (rc != 0)
  1882. return rc;
  1883. rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
  1884. gfp);
  1885. return rc;
  1886. }
  1887. /**
  1888. * smack_cred_transfer - Transfer the old credentials to the new credentials
  1889. * @new: the new credentials
  1890. * @old: the original credentials
  1891. *
  1892. * Fill in a set of blank credentials from another set of credentials.
  1893. */
  1894. static void smack_cred_transfer(struct cred *new, const struct cred *old)
  1895. {
  1896. struct task_smack *old_tsp = smack_cred(old);
  1897. struct task_smack *new_tsp = smack_cred(new);
  1898. init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
  1899. }
  1900. /**
  1901. * smack_cred_getsecid - get the secid corresponding to a creds structure
  1902. * @cred: the object creds
  1903. * @secid: where to put the result
  1904. *
  1905. * Sets the secid to contain a u32 version of the smack label.
  1906. */
  1907. static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
  1908. {
  1909. struct smack_known *skp;
  1910. rcu_read_lock();
  1911. skp = smk_of_task(smack_cred(cred));
  1912. *secid = skp->smk_secid;
  1913. rcu_read_unlock();
  1914. }
  1915. /**
  1916. * smack_cred_getlsmprop - get the Smack label for a creds structure
  1917. * @cred: the object creds
  1918. * @prop: where to put the data
  1919. *
  1920. * Sets the Smack part of the ref
  1921. */
  1922. static void smack_cred_getlsmprop(const struct cred *cred,
  1923. struct lsm_prop *prop)
  1924. {
  1925. rcu_read_lock();
  1926. prop->smack.skp = smk_of_task(smack_cred(cred));
  1927. rcu_read_unlock();
  1928. }
  1929. /**
  1930. * smack_kernel_act_as - Set the subjective context in a set of credentials
  1931. * @new: points to the set of credentials to be modified.
  1932. * @secid: specifies the security ID to be set
  1933. *
  1934. * Set the security data for a kernel service.
  1935. */
  1936. static int smack_kernel_act_as(struct cred *new, u32 secid)
  1937. {
  1938. struct task_smack *new_tsp = smack_cred(new);
  1939. new_tsp->smk_task = smack_from_secid(secid);
  1940. return 0;
  1941. }
  1942. /**
  1943. * smack_kernel_create_files_as - Set the file creation label in a set of creds
  1944. * @new: points to the set of credentials to be modified
  1945. * @inode: points to the inode to use as a reference
  1946. *
  1947. * Set the file creation context in a set of credentials to the same
  1948. * as the objective context of the specified inode
  1949. */
  1950. static int smack_kernel_create_files_as(struct cred *new,
  1951. struct inode *inode)
  1952. {
  1953. struct inode_smack *isp = smack_inode(inode);
  1954. struct task_smack *tsp = smack_cred(new);
  1955. tsp->smk_forked = isp->smk_inode;
  1956. tsp->smk_task = tsp->smk_forked;
  1957. return 0;
  1958. }
  1959. /**
  1960. * smk_curacc_on_task - helper to log task related access
  1961. * @p: the task object
  1962. * @access: the access requested
  1963. * @caller: name of the calling function for audit
  1964. *
  1965. * Return 0 if access is permitted
  1966. */
  1967. static int smk_curacc_on_task(struct task_struct *p, int access,
  1968. const char *caller)
  1969. {
  1970. struct smk_audit_info ad;
  1971. struct smack_known *skp = smk_of_task_struct_obj(p);
  1972. int rc;
  1973. smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
  1974. smk_ad_setfield_u_tsk(&ad, p);
  1975. rc = smk_curacc(skp, access, &ad);
  1976. rc = smk_bu_task(p, access, rc);
  1977. return rc;
  1978. }
  1979. /**
  1980. * smack_task_setpgid - Smack check on setting pgid
  1981. * @p: the task object
  1982. * @pgid: unused
  1983. *
  1984. * Return 0 if write access is permitted
  1985. */
  1986. static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
  1987. {
  1988. return smk_curacc_on_task(p, MAY_WRITE, __func__);
  1989. }
  1990. /**
  1991. * smack_task_getpgid - Smack access check for getpgid
  1992. * @p: the object task
  1993. *
  1994. * Returns 0 if current can read the object task, error code otherwise
  1995. */
  1996. static int smack_task_getpgid(struct task_struct *p)
  1997. {
  1998. return smk_curacc_on_task(p, MAY_READ, __func__);
  1999. }
  2000. /**
  2001. * smack_task_getsid - Smack access check for getsid
  2002. * @p: the object task
  2003. *
  2004. * Returns 0 if current can read the object task, error code otherwise
  2005. */
  2006. static int smack_task_getsid(struct task_struct *p)
  2007. {
  2008. return smk_curacc_on_task(p, MAY_READ, __func__);
  2009. }
  2010. /**
  2011. * smack_current_getlsmprop_subj - get the subjective secid of the current task
  2012. * @prop: where to put the result
  2013. *
  2014. * Sets the secid to contain a u32 version of the task's subjective smack label.
  2015. */
  2016. static void smack_current_getlsmprop_subj(struct lsm_prop *prop)
  2017. {
  2018. prop->smack.skp = smk_of_current();
  2019. }
  2020. /**
  2021. * smack_task_getlsmprop_obj - get the objective data of the task
  2022. * @p: the task
  2023. * @prop: where to put the result
  2024. *
  2025. * Sets the secid to contain a u32 version of the task's objective smack label.
  2026. */
  2027. static void smack_task_getlsmprop_obj(struct task_struct *p,
  2028. struct lsm_prop *prop)
  2029. {
  2030. prop->smack.skp = smk_of_task_struct_obj(p);
  2031. }
  2032. /**
  2033. * smack_task_setnice - Smack check on setting nice
  2034. * @p: the task object
  2035. * @nice: unused
  2036. *
  2037. * Return 0 if write access is permitted
  2038. */
  2039. static int smack_task_setnice(struct task_struct *p, int nice)
  2040. {
  2041. return smk_curacc_on_task(p, MAY_WRITE, __func__);
  2042. }
  2043. /**
  2044. * smack_task_setioprio - Smack check on setting ioprio
  2045. * @p: the task object
  2046. * @ioprio: unused
  2047. *
  2048. * Return 0 if write access is permitted
  2049. */
  2050. static int smack_task_setioprio(struct task_struct *p, int ioprio)
  2051. {
  2052. return smk_curacc_on_task(p, MAY_WRITE, __func__);
  2053. }
  2054. /**
  2055. * smack_task_getioprio - Smack check on reading ioprio
  2056. * @p: the task object
  2057. *
  2058. * Return 0 if read access is permitted
  2059. */
  2060. static int smack_task_getioprio(struct task_struct *p)
  2061. {
  2062. return smk_curacc_on_task(p, MAY_READ, __func__);
  2063. }
  2064. /**
  2065. * smack_task_setscheduler - Smack check on setting scheduler
  2066. * @p: the task object
  2067. *
  2068. * Return 0 if read access is permitted
  2069. */
  2070. static int smack_task_setscheduler(struct task_struct *p)
  2071. {
  2072. return smk_curacc_on_task(p, MAY_WRITE, __func__);
  2073. }
  2074. /**
  2075. * smack_task_getscheduler - Smack check on reading scheduler
  2076. * @p: the task object
  2077. *
  2078. * Return 0 if read access is permitted
  2079. */
  2080. static int smack_task_getscheduler(struct task_struct *p)
  2081. {
  2082. return smk_curacc_on_task(p, MAY_READ, __func__);
  2083. }
  2084. /**
  2085. * smack_task_movememory - Smack check on moving memory
  2086. * @p: the task object
  2087. *
  2088. * Return 0 if write access is permitted
  2089. */
  2090. static int smack_task_movememory(struct task_struct *p)
  2091. {
  2092. return smk_curacc_on_task(p, MAY_WRITE, __func__);
  2093. }
  2094. /**
  2095. * smack_task_kill - Smack check on signal delivery
  2096. * @p: the task object
  2097. * @info: unused
  2098. * @sig: unused
  2099. * @cred: identifies the cred to use in lieu of current's
  2100. *
  2101. * Return 0 if write access is permitted
  2102. *
  2103. */
  2104. static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
  2105. int sig, const struct cred *cred)
  2106. {
  2107. struct smk_audit_info ad;
  2108. struct smack_known *skp;
  2109. struct smack_known *tkp = smk_of_task_struct_obj(p);
  2110. int rc;
  2111. if (!sig)
  2112. return 0; /* null signal; existence test */
  2113. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
  2114. smk_ad_setfield_u_tsk(&ad, p);
  2115. /*
  2116. * Sending a signal requires that the sender
  2117. * can write the receiver.
  2118. */
  2119. if (cred == NULL) {
  2120. rc = smk_curacc(tkp, MAY_DELIVER, &ad);
  2121. rc = smk_bu_task(p, MAY_DELIVER, rc);
  2122. return rc;
  2123. }
  2124. /*
  2125. * If the cred isn't NULL we're dealing with some USB IO
  2126. * specific behavior. This is not clean. For one thing
  2127. * we can't take privilege into account.
  2128. */
  2129. skp = smk_of_task(smack_cred(cred));
  2130. rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
  2131. rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
  2132. return rc;
  2133. }
  2134. /**
  2135. * smack_task_to_inode - copy task smack into the inode blob
  2136. * @p: task to copy from
  2137. * @inode: inode to copy to
  2138. *
  2139. * Sets the smack pointer in the inode security blob
  2140. */
  2141. static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
  2142. {
  2143. struct inode_smack *isp = smack_inode(inode);
  2144. struct smack_known *skp = smk_of_task_struct_obj(p);
  2145. isp->smk_inode = skp;
  2146. isp->smk_flags |= SMK_INODE_INSTANT;
  2147. }
  2148. /*
  2149. * Socket hooks.
  2150. */
  2151. /**
  2152. * smack_sk_alloc_security - Allocate a socket blob
  2153. * @sk: the socket
  2154. * @family: unused
  2155. * @gfp_flags: memory allocation flags
  2156. *
  2157. * Assign Smack pointers to current
  2158. *
  2159. * Returns 0 on success, -ENOMEM is there's no memory
  2160. */
  2161. static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
  2162. {
  2163. struct smack_known *skp = smk_of_current();
  2164. struct socket_smack *ssp = smack_sock(sk);
  2165. /*
  2166. * Sockets created by kernel threads receive web label.
  2167. */
  2168. if (unlikely(current->flags & PF_KTHREAD)) {
  2169. ssp->smk_in = &smack_known_web;
  2170. ssp->smk_out = &smack_known_web;
  2171. } else {
  2172. ssp->smk_in = skp;
  2173. ssp->smk_out = skp;
  2174. }
  2175. ssp->smk_packet = NULL;
  2176. return 0;
  2177. }
  2178. #ifdef SMACK_IPV6_PORT_LABELING
  2179. /**
  2180. * smack_sk_free_security - Free a socket blob
  2181. * @sk: the socket
  2182. *
  2183. * Clears the blob pointer
  2184. */
  2185. static void smack_sk_free_security(struct sock *sk)
  2186. {
  2187. struct smk_port_label *spp;
  2188. if (sk->sk_family == PF_INET6) {
  2189. rcu_read_lock();
  2190. list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
  2191. if (spp->smk_sock != sk)
  2192. continue;
  2193. spp->smk_can_reuse = 1;
  2194. break;
  2195. }
  2196. rcu_read_unlock();
  2197. }
  2198. }
  2199. #endif
  2200. /**
  2201. * smack_sk_clone_security - Copy security context
  2202. * @sk: the old socket
  2203. * @newsk: the new socket
  2204. *
  2205. * Copy the security context of the old socket pointer to the cloned
  2206. */
  2207. static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk)
  2208. {
  2209. struct socket_smack *ssp_old = smack_sock(sk);
  2210. struct socket_smack *ssp_new = smack_sock(newsk);
  2211. *ssp_new = *ssp_old;
  2212. }
  2213. /**
  2214. * smack_ipv4host_label - check host based restrictions
  2215. * @sip: the object end
  2216. *
  2217. * looks for host based access restrictions
  2218. *
  2219. * This version will only be appropriate for really small sets of single label
  2220. * hosts. The caller is responsible for ensuring that the RCU read lock is
  2221. * taken before calling this function.
  2222. *
  2223. * Returns the label of the far end or NULL if it's not special.
  2224. */
  2225. static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
  2226. {
  2227. struct smk_net4addr *snp;
  2228. struct in_addr *siap = &sip->sin_addr;
  2229. if (siap->s_addr == 0)
  2230. return NULL;
  2231. list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
  2232. /*
  2233. * we break after finding the first match because
  2234. * the list is sorted from longest to shortest mask
  2235. * so we have found the most specific match
  2236. */
  2237. if (snp->smk_host.s_addr ==
  2238. (siap->s_addr & snp->smk_mask.s_addr))
  2239. return snp->smk_label;
  2240. return NULL;
  2241. }
  2242. #if IS_ENABLED(CONFIG_IPV6)
  2243. /*
  2244. * smk_ipv6_localhost - Check for local ipv6 host address
  2245. * @sip: the address
  2246. *
  2247. * Returns boolean true if this is the localhost address
  2248. */
  2249. static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
  2250. {
  2251. __be16 *be16p = (__be16 *)&sip->sin6_addr;
  2252. __be32 *be32p = (__be32 *)&sip->sin6_addr;
  2253. if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
  2254. ntohs(be16p[7]) == 1)
  2255. return true;
  2256. return false;
  2257. }
  2258. /**
  2259. * smack_ipv6host_label - check host based restrictions
  2260. * @sip: the object end
  2261. *
  2262. * looks for host based access restrictions
  2263. *
  2264. * This version will only be appropriate for really small sets of single label
  2265. * hosts. The caller is responsible for ensuring that the RCU read lock is
  2266. * taken before calling this function.
  2267. *
  2268. * Returns the label of the far end or NULL if it's not special.
  2269. */
  2270. static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
  2271. {
  2272. struct smk_net6addr *snp;
  2273. struct in6_addr *sap = &sip->sin6_addr;
  2274. int i;
  2275. int found = 0;
  2276. /*
  2277. * It's local. Don't look for a host label.
  2278. */
  2279. if (smk_ipv6_localhost(sip))
  2280. return NULL;
  2281. list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
  2282. /*
  2283. * If the label is NULL the entry has
  2284. * been renounced. Ignore it.
  2285. */
  2286. if (snp->smk_label == NULL)
  2287. continue;
  2288. /*
  2289. * we break after finding the first match because
  2290. * the list is sorted from longest to shortest mask
  2291. * so we have found the most specific match
  2292. */
  2293. for (found = 1, i = 0; i < 8; i++) {
  2294. if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
  2295. snp->smk_host.s6_addr16[i]) {
  2296. found = 0;
  2297. break;
  2298. }
  2299. }
  2300. if (found)
  2301. return snp->smk_label;
  2302. }
  2303. return NULL;
  2304. }
  2305. #endif /* CONFIG_IPV6 */
  2306. /**
  2307. * smack_netlbl_add - Set the secattr on a socket
  2308. * @sk: the socket
  2309. *
  2310. * Attach the outbound smack value (smk_out) to the socket.
  2311. *
  2312. * Returns 0 on success or an error code
  2313. */
  2314. static int smack_netlbl_add(struct sock *sk)
  2315. {
  2316. struct socket_smack *ssp = smack_sock(sk);
  2317. struct smack_known *skp = ssp->smk_out;
  2318. int rc;
  2319. local_bh_disable();
  2320. bh_lock_sock_nested(sk);
  2321. rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel,
  2322. netlbl_sk_lock_check(sk));
  2323. switch (rc) {
  2324. case 0:
  2325. ssp->smk_state = SMK_NETLBL_LABELED;
  2326. break;
  2327. case -EDESTADDRREQ:
  2328. ssp->smk_state = SMK_NETLBL_REQSKB;
  2329. rc = 0;
  2330. break;
  2331. }
  2332. bh_unlock_sock(sk);
  2333. local_bh_enable();
  2334. return rc;
  2335. }
  2336. /**
  2337. * smack_netlbl_delete - Remove the secattr from a socket
  2338. * @sk: the socket
  2339. *
  2340. * Remove the outbound smack value from a socket
  2341. */
  2342. static void smack_netlbl_delete(struct sock *sk)
  2343. {
  2344. struct socket_smack *ssp = smack_sock(sk);
  2345. /*
  2346. * Take the label off the socket if one is set.
  2347. */
  2348. if (ssp->smk_state != SMK_NETLBL_LABELED)
  2349. return;
  2350. local_bh_disable();
  2351. bh_lock_sock_nested(sk);
  2352. netlbl_sock_delattr(sk);
  2353. bh_unlock_sock(sk);
  2354. local_bh_enable();
  2355. ssp->smk_state = SMK_NETLBL_UNLABELED;
  2356. }
  2357. /**
  2358. * smk_ipv4_check - Perform IPv4 host access checks
  2359. * @sk: the socket
  2360. * @sap: the destination address
  2361. *
  2362. * Set the correct secattr for the given socket based on the destination
  2363. * address and perform any outbound access checks needed.
  2364. *
  2365. * Returns 0 on success or an error code.
  2366. *
  2367. */
  2368. static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
  2369. {
  2370. struct smack_known *skp;
  2371. int rc = 0;
  2372. struct smack_known *hkp;
  2373. struct socket_smack *ssp = smack_sock(sk);
  2374. struct smk_audit_info ad;
  2375. rcu_read_lock();
  2376. hkp = smack_ipv4host_label(sap);
  2377. if (hkp != NULL) {
  2378. #ifdef CONFIG_AUDIT
  2379. struct lsm_network_audit net;
  2380. smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
  2381. ad.a.u.net->family = sap->sin_family;
  2382. ad.a.u.net->dport = sap->sin_port;
  2383. ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
  2384. #endif
  2385. skp = ssp->smk_out;
  2386. rc = smk_access(skp, hkp, MAY_WRITE, &ad);
  2387. rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
  2388. /*
  2389. * Clear the socket netlabel if it's set.
  2390. */
  2391. if (!rc)
  2392. smack_netlbl_delete(sk);
  2393. }
  2394. rcu_read_unlock();
  2395. return rc;
  2396. }
  2397. #if IS_ENABLED(CONFIG_IPV6)
  2398. /**
  2399. * smk_ipv6_check - check Smack access
  2400. * @subject: subject Smack label
  2401. * @object: object Smack label
  2402. * @address: address
  2403. * @act: the action being taken
  2404. *
  2405. * Check an IPv6 access
  2406. */
  2407. static int smk_ipv6_check(struct smack_known *subject,
  2408. struct smack_known *object,
  2409. struct sockaddr_in6 *address, int act)
  2410. {
  2411. #ifdef CONFIG_AUDIT
  2412. struct lsm_network_audit net;
  2413. #endif
  2414. struct smk_audit_info ad;
  2415. int rc;
  2416. #ifdef CONFIG_AUDIT
  2417. smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
  2418. ad.a.u.net->family = PF_INET6;
  2419. ad.a.u.net->dport = address->sin6_port;
  2420. if (act == SMK_RECEIVING)
  2421. ad.a.u.net->v6info.saddr = address->sin6_addr;
  2422. else
  2423. ad.a.u.net->v6info.daddr = address->sin6_addr;
  2424. #endif
  2425. rc = smk_access(subject, object, MAY_WRITE, &ad);
  2426. rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
  2427. return rc;
  2428. }
  2429. #endif /* CONFIG_IPV6 */
  2430. #ifdef SMACK_IPV6_PORT_LABELING
  2431. /**
  2432. * smk_ipv6_port_label - Smack port access table management
  2433. * @sock: socket
  2434. * @address: address
  2435. *
  2436. * Create or update the port list entry
  2437. */
  2438. static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
  2439. {
  2440. struct sock *sk = sock->sk;
  2441. struct sockaddr_in6 *addr6;
  2442. struct socket_smack *ssp = smack_sock(sock->sk);
  2443. struct smk_port_label *spp;
  2444. unsigned short port = 0;
  2445. if (address == NULL) {
  2446. /*
  2447. * This operation is changing the Smack information
  2448. * on the bound socket. Take the changes to the port
  2449. * as well.
  2450. */
  2451. rcu_read_lock();
  2452. list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
  2453. if (sk != spp->smk_sock)
  2454. continue;
  2455. spp->smk_in = ssp->smk_in;
  2456. spp->smk_out = ssp->smk_out;
  2457. rcu_read_unlock();
  2458. return;
  2459. }
  2460. /*
  2461. * A NULL address is only used for updating existing
  2462. * bound entries. If there isn't one, it's OK.
  2463. */
  2464. rcu_read_unlock();
  2465. return;
  2466. }
  2467. addr6 = (struct sockaddr_in6 *)address;
  2468. port = ntohs(addr6->sin6_port);
  2469. /*
  2470. * This is a special case that is safely ignored.
  2471. */
  2472. if (port == 0)
  2473. return;
  2474. /*
  2475. * Look for an existing port list entry.
  2476. * This is an indication that a port is getting reused.
  2477. */
  2478. rcu_read_lock();
  2479. list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
  2480. if (spp->smk_port != port || spp->smk_sock_type != sock->type)
  2481. continue;
  2482. if (spp->smk_can_reuse != 1) {
  2483. rcu_read_unlock();
  2484. return;
  2485. }
  2486. spp->smk_port = port;
  2487. spp->smk_sock = sk;
  2488. spp->smk_in = ssp->smk_in;
  2489. spp->smk_out = ssp->smk_out;
  2490. spp->smk_can_reuse = 0;
  2491. rcu_read_unlock();
  2492. return;
  2493. }
  2494. rcu_read_unlock();
  2495. /*
  2496. * A new port entry is required.
  2497. */
  2498. spp = kzalloc_obj(*spp);
  2499. if (spp == NULL)
  2500. return;
  2501. spp->smk_port = port;
  2502. spp->smk_sock = sk;
  2503. spp->smk_in = ssp->smk_in;
  2504. spp->smk_out = ssp->smk_out;
  2505. spp->smk_sock_type = sock->type;
  2506. spp->smk_can_reuse = 0;
  2507. mutex_lock(&smack_ipv6_lock);
  2508. list_add_rcu(&spp->list, &smk_ipv6_port_list);
  2509. mutex_unlock(&smack_ipv6_lock);
  2510. return;
  2511. }
  2512. /**
  2513. * smk_ipv6_port_check - check Smack port access
  2514. * @sk: socket
  2515. * @address: address
  2516. * @act: the action being taken
  2517. *
  2518. * Create or update the port list entry
  2519. */
  2520. static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
  2521. int act)
  2522. {
  2523. struct smk_port_label *spp;
  2524. struct socket_smack *ssp = smack_sock(sk);
  2525. struct smack_known *skp = NULL;
  2526. unsigned short port;
  2527. struct smack_known *object;
  2528. if (act == SMK_RECEIVING) {
  2529. skp = smack_ipv6host_label(address);
  2530. object = ssp->smk_in;
  2531. } else {
  2532. skp = ssp->smk_out;
  2533. object = smack_ipv6host_label(address);
  2534. }
  2535. /*
  2536. * The other end is a single label host.
  2537. */
  2538. if (skp != NULL && object != NULL)
  2539. return smk_ipv6_check(skp, object, address, act);
  2540. if (skp == NULL)
  2541. skp = smack_net_ambient;
  2542. if (object == NULL)
  2543. object = smack_net_ambient;
  2544. /*
  2545. * It's remote, so port lookup does no good.
  2546. */
  2547. if (!smk_ipv6_localhost(address))
  2548. return smk_ipv6_check(skp, object, address, act);
  2549. /*
  2550. * It's local so the send check has to have passed.
  2551. */
  2552. if (act == SMK_RECEIVING)
  2553. return 0;
  2554. port = ntohs(address->sin6_port);
  2555. rcu_read_lock();
  2556. list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
  2557. if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
  2558. continue;
  2559. object = spp->smk_in;
  2560. if (act == SMK_CONNECTING)
  2561. ssp->smk_packet = spp->smk_out;
  2562. break;
  2563. }
  2564. rcu_read_unlock();
  2565. return smk_ipv6_check(skp, object, address, act);
  2566. }
  2567. #endif
  2568. /**
  2569. * smack_inode_setsecurity - set smack xattrs
  2570. * @inode: the object
  2571. * @name: attribute name
  2572. * @value: attribute value
  2573. * @size: size of the attribute
  2574. * @flags: unused
  2575. *
  2576. * Sets the named attribute in the appropriate blob
  2577. *
  2578. * Returns 0 on success, or an error code
  2579. */
  2580. static int smack_inode_setsecurity(struct inode *inode, const char *name,
  2581. const void *value, size_t size, int flags)
  2582. {
  2583. struct smack_known *skp;
  2584. struct inode_smack *nsp = smack_inode(inode);
  2585. struct socket_smack *ssp;
  2586. struct socket *sock;
  2587. int rc = 0;
  2588. if (value == NULL || size > SMK_LONGLABEL || size == 0)
  2589. return -EINVAL;
  2590. if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
  2591. if (!S_ISDIR(inode->i_mode) || size != TRANS_TRUE_SIZE ||
  2592. strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
  2593. return -EINVAL;
  2594. nsp->smk_flags |= SMK_INODE_TRANSMUTE;
  2595. return 0;
  2596. }
  2597. skp = smk_import_entry(value, size);
  2598. if (IS_ERR(skp))
  2599. return PTR_ERR(skp);
  2600. if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
  2601. nsp->smk_inode = skp;
  2602. nsp->smk_flags |= SMK_INODE_INSTANT;
  2603. return 0;
  2604. }
  2605. /*
  2606. * The rest of the Smack xattrs are only on sockets.
  2607. */
  2608. if (inode->i_sb->s_magic != SOCKFS_MAGIC)
  2609. return -EOPNOTSUPP;
  2610. sock = SOCKET_I(inode);
  2611. if (sock == NULL || sock->sk == NULL)
  2612. return -EOPNOTSUPP;
  2613. ssp = smack_sock(sock->sk);
  2614. if (strcmp(name, XATTR_SMACK_IPIN) == 0)
  2615. ssp->smk_in = skp;
  2616. else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
  2617. ssp->smk_out = skp;
  2618. if (sock->sk->sk_family == PF_INET) {
  2619. rc = smack_netlbl_add(sock->sk);
  2620. if (rc != 0)
  2621. printk(KERN_WARNING
  2622. "Smack: \"%s\" netlbl error %d.\n",
  2623. __func__, -rc);
  2624. }
  2625. } else
  2626. return -EOPNOTSUPP;
  2627. #ifdef SMACK_IPV6_PORT_LABELING
  2628. if (sock->sk->sk_family == PF_INET6)
  2629. smk_ipv6_port_label(sock, NULL);
  2630. #endif
  2631. return 0;
  2632. }
  2633. /**
  2634. * smack_socket_post_create - finish socket setup
  2635. * @sock: the socket
  2636. * @family: protocol family
  2637. * @type: unused
  2638. * @protocol: unused
  2639. * @kern: unused
  2640. *
  2641. * Sets the netlabel information on the socket
  2642. *
  2643. * Returns 0 on success, and error code otherwise
  2644. */
  2645. static int smack_socket_post_create(struct socket *sock, int family,
  2646. int type, int protocol, int kern)
  2647. {
  2648. struct socket_smack *ssp;
  2649. if (sock->sk == NULL)
  2650. return 0;
  2651. /*
  2652. * Sockets created by kernel threads receive web label.
  2653. */
  2654. if (unlikely(current->flags & PF_KTHREAD)) {
  2655. ssp = smack_sock(sock->sk);
  2656. ssp->smk_in = &smack_known_web;
  2657. ssp->smk_out = &smack_known_web;
  2658. }
  2659. if (family != PF_INET)
  2660. return 0;
  2661. /*
  2662. * Set the outbound netlbl.
  2663. */
  2664. return smack_netlbl_add(sock->sk);
  2665. }
  2666. /**
  2667. * smack_socket_socketpair - create socket pair
  2668. * @socka: one socket
  2669. * @sockb: another socket
  2670. *
  2671. * Cross reference the peer labels for SO_PEERSEC
  2672. *
  2673. * Returns 0
  2674. */
  2675. static int smack_socket_socketpair(struct socket *socka,
  2676. struct socket *sockb)
  2677. {
  2678. struct socket_smack *asp = smack_sock(socka->sk);
  2679. struct socket_smack *bsp = smack_sock(sockb->sk);
  2680. asp->smk_packet = bsp->smk_out;
  2681. bsp->smk_packet = asp->smk_out;
  2682. return 0;
  2683. }
  2684. #ifdef SMACK_IPV6_PORT_LABELING
  2685. /**
  2686. * smack_socket_bind - record port binding information.
  2687. * @sock: the socket
  2688. * @address: the port address
  2689. * @addrlen: size of the address
  2690. *
  2691. * Records the label bound to a port.
  2692. *
  2693. * Returns 0 on success, and error code otherwise
  2694. */
  2695. static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
  2696. int addrlen)
  2697. {
  2698. if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
  2699. if (addrlen < SIN6_LEN_RFC2133 ||
  2700. address->sa_family != AF_INET6)
  2701. return -EINVAL;
  2702. smk_ipv6_port_label(sock, address);
  2703. }
  2704. return 0;
  2705. }
  2706. #endif /* SMACK_IPV6_PORT_LABELING */
  2707. /**
  2708. * smack_socket_connect - connect access check
  2709. * @sock: the socket
  2710. * @sap: the other end
  2711. * @addrlen: size of sap
  2712. *
  2713. * Verifies that a connection may be possible
  2714. *
  2715. * Returns 0 on success, and error code otherwise
  2716. */
  2717. static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
  2718. int addrlen)
  2719. {
  2720. int rc = 0;
  2721. if (sock->sk == NULL)
  2722. return 0;
  2723. if (sock->sk->sk_family != PF_INET &&
  2724. (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
  2725. return 0;
  2726. if (addrlen < offsetofend(struct sockaddr, sa_family))
  2727. return 0;
  2728. #if IS_ENABLED(CONFIG_IPV6)
  2729. if (sap->sa_family == AF_INET6) {
  2730. struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
  2731. struct smack_known *rsp = NULL;
  2732. if (addrlen < SIN6_LEN_RFC2133)
  2733. return 0;
  2734. if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
  2735. rsp = smack_ipv6host_label(sip);
  2736. if (rsp != NULL) {
  2737. struct socket_smack *ssp = smack_sock(sock->sk);
  2738. rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
  2739. SMK_CONNECTING);
  2740. }
  2741. #ifdef SMACK_IPV6_PORT_LABELING
  2742. rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
  2743. #endif
  2744. return rc;
  2745. }
  2746. #endif /* CONFIG_IPV6 */
  2747. if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
  2748. return 0;
  2749. rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap);
  2750. return rc;
  2751. }
  2752. /**
  2753. * smack_flags_to_may - convert S_ to MAY_ values
  2754. * @flags: the S_ value
  2755. *
  2756. * Returns the equivalent MAY_ value
  2757. */
  2758. static int smack_flags_to_may(int flags)
  2759. {
  2760. int may = 0;
  2761. if (flags & S_IRUGO)
  2762. may |= MAY_READ;
  2763. if (flags & S_IWUGO)
  2764. may |= MAY_WRITE;
  2765. if (flags & S_IXUGO)
  2766. may |= MAY_EXEC;
  2767. return may;
  2768. }
  2769. /**
  2770. * smack_msg_msg_alloc_security - Set the security blob for msg_msg
  2771. * @msg: the object
  2772. *
  2773. * Returns 0
  2774. */
  2775. static int smack_msg_msg_alloc_security(struct msg_msg *msg)
  2776. {
  2777. struct smack_known **blob = smack_msg_msg(msg);
  2778. *blob = smk_of_current();
  2779. return 0;
  2780. }
  2781. /**
  2782. * smack_of_ipc - the smack pointer for the ipc
  2783. * @isp: the object
  2784. *
  2785. * Returns a pointer to the smack value
  2786. */
  2787. static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
  2788. {
  2789. struct smack_known **blob = smack_ipc(isp);
  2790. return *blob;
  2791. }
  2792. /**
  2793. * smack_ipc_alloc_security - Set the security blob for ipc
  2794. * @isp: the object
  2795. *
  2796. * Returns 0
  2797. */
  2798. static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
  2799. {
  2800. struct smack_known **blob = smack_ipc(isp);
  2801. *blob = smk_of_current();
  2802. return 0;
  2803. }
  2804. /**
  2805. * smk_curacc_shm : check if current has access on shm
  2806. * @isp : the object
  2807. * @access : access requested
  2808. *
  2809. * Returns 0 if current has the requested access, error code otherwise
  2810. */
  2811. static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
  2812. {
  2813. struct smack_known *ssp = smack_of_ipc(isp);
  2814. struct smk_audit_info ad;
  2815. int rc;
  2816. #ifdef CONFIG_AUDIT
  2817. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
  2818. ad.a.u.ipc_id = isp->id;
  2819. #endif
  2820. rc = smk_curacc(ssp, access, &ad);
  2821. rc = smk_bu_current("shm", ssp, access, rc);
  2822. return rc;
  2823. }
  2824. /**
  2825. * smack_shm_associate - Smack access check for shm
  2826. * @isp: the object
  2827. * @shmflg: access requested
  2828. *
  2829. * Returns 0 if current has the requested access, error code otherwise
  2830. */
  2831. static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
  2832. {
  2833. int may;
  2834. may = smack_flags_to_may(shmflg);
  2835. return smk_curacc_shm(isp, may);
  2836. }
  2837. /**
  2838. * smack_shm_shmctl - Smack access check for shm
  2839. * @isp: the object
  2840. * @cmd: what it wants to do
  2841. *
  2842. * Returns 0 if current has the requested access, error code otherwise
  2843. */
  2844. static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
  2845. {
  2846. int may;
  2847. switch (cmd) {
  2848. case IPC_STAT:
  2849. case SHM_STAT:
  2850. case SHM_STAT_ANY:
  2851. may = MAY_READ;
  2852. break;
  2853. case IPC_SET:
  2854. case SHM_LOCK:
  2855. case SHM_UNLOCK:
  2856. case IPC_RMID:
  2857. may = MAY_READWRITE;
  2858. break;
  2859. case IPC_INFO:
  2860. case SHM_INFO:
  2861. /*
  2862. * System level information.
  2863. */
  2864. return 0;
  2865. default:
  2866. return -EINVAL;
  2867. }
  2868. return smk_curacc_shm(isp, may);
  2869. }
  2870. /**
  2871. * smack_shm_shmat - Smack access for shmat
  2872. * @isp: the object
  2873. * @shmaddr: unused
  2874. * @shmflg: access requested
  2875. *
  2876. * Returns 0 if current has the requested access, error code otherwise
  2877. */
  2878. static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
  2879. int shmflg)
  2880. {
  2881. int may;
  2882. may = smack_flags_to_may(shmflg);
  2883. return smk_curacc_shm(isp, may);
  2884. }
  2885. /**
  2886. * smk_curacc_sem : check if current has access on sem
  2887. * @isp : the object
  2888. * @access : access requested
  2889. *
  2890. * Returns 0 if current has the requested access, error code otherwise
  2891. */
  2892. static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
  2893. {
  2894. struct smack_known *ssp = smack_of_ipc(isp);
  2895. struct smk_audit_info ad;
  2896. int rc;
  2897. #ifdef CONFIG_AUDIT
  2898. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
  2899. ad.a.u.ipc_id = isp->id;
  2900. #endif
  2901. rc = smk_curacc(ssp, access, &ad);
  2902. rc = smk_bu_current("sem", ssp, access, rc);
  2903. return rc;
  2904. }
  2905. /**
  2906. * smack_sem_associate - Smack access check for sem
  2907. * @isp: the object
  2908. * @semflg: access requested
  2909. *
  2910. * Returns 0 if current has the requested access, error code otherwise
  2911. */
  2912. static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
  2913. {
  2914. int may;
  2915. may = smack_flags_to_may(semflg);
  2916. return smk_curacc_sem(isp, may);
  2917. }
  2918. /**
  2919. * smack_sem_semctl - Smack access check for sem
  2920. * @isp: the object
  2921. * @cmd: what it wants to do
  2922. *
  2923. * Returns 0 if current has the requested access, error code otherwise
  2924. */
  2925. static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
  2926. {
  2927. int may;
  2928. switch (cmd) {
  2929. case GETPID:
  2930. case GETNCNT:
  2931. case GETZCNT:
  2932. case GETVAL:
  2933. case GETALL:
  2934. case IPC_STAT:
  2935. case SEM_STAT:
  2936. case SEM_STAT_ANY:
  2937. may = MAY_READ;
  2938. break;
  2939. case SETVAL:
  2940. case SETALL:
  2941. case IPC_RMID:
  2942. case IPC_SET:
  2943. may = MAY_READWRITE;
  2944. break;
  2945. case IPC_INFO:
  2946. case SEM_INFO:
  2947. /*
  2948. * System level information
  2949. */
  2950. return 0;
  2951. default:
  2952. return -EINVAL;
  2953. }
  2954. return smk_curacc_sem(isp, may);
  2955. }
  2956. /**
  2957. * smack_sem_semop - Smack checks of semaphore operations
  2958. * @isp: the object
  2959. * @sops: unused
  2960. * @nsops: unused
  2961. * @alter: unused
  2962. *
  2963. * Treated as read and write in all cases.
  2964. *
  2965. * Returns 0 if access is allowed, error code otherwise
  2966. */
  2967. static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
  2968. unsigned nsops, int alter)
  2969. {
  2970. return smk_curacc_sem(isp, MAY_READWRITE);
  2971. }
  2972. /**
  2973. * smk_curacc_msq : helper to check if current has access on msq
  2974. * @isp : the msq
  2975. * @access : access requested
  2976. *
  2977. * return 0 if current has access, error otherwise
  2978. */
  2979. static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
  2980. {
  2981. struct smack_known *msp = smack_of_ipc(isp);
  2982. struct smk_audit_info ad;
  2983. int rc;
  2984. #ifdef CONFIG_AUDIT
  2985. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
  2986. ad.a.u.ipc_id = isp->id;
  2987. #endif
  2988. rc = smk_curacc(msp, access, &ad);
  2989. rc = smk_bu_current("msq", msp, access, rc);
  2990. return rc;
  2991. }
  2992. /**
  2993. * smack_msg_queue_associate - Smack access check for msg_queue
  2994. * @isp: the object
  2995. * @msqflg: access requested
  2996. *
  2997. * Returns 0 if current has the requested access, error code otherwise
  2998. */
  2999. static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
  3000. {
  3001. int may;
  3002. may = smack_flags_to_may(msqflg);
  3003. return smk_curacc_msq(isp, may);
  3004. }
  3005. /**
  3006. * smack_msg_queue_msgctl - Smack access check for msg_queue
  3007. * @isp: the object
  3008. * @cmd: what it wants to do
  3009. *
  3010. * Returns 0 if current has the requested access, error code otherwise
  3011. */
  3012. static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
  3013. {
  3014. int may;
  3015. switch (cmd) {
  3016. case IPC_STAT:
  3017. case MSG_STAT:
  3018. case MSG_STAT_ANY:
  3019. may = MAY_READ;
  3020. break;
  3021. case IPC_SET:
  3022. case IPC_RMID:
  3023. may = MAY_READWRITE;
  3024. break;
  3025. case IPC_INFO:
  3026. case MSG_INFO:
  3027. /*
  3028. * System level information
  3029. */
  3030. return 0;
  3031. default:
  3032. return -EINVAL;
  3033. }
  3034. return smk_curacc_msq(isp, may);
  3035. }
  3036. /**
  3037. * smack_msg_queue_msgsnd - Smack access check for msg_queue
  3038. * @isp: the object
  3039. * @msg: unused
  3040. * @msqflg: access requested
  3041. *
  3042. * Returns 0 if current has the requested access, error code otherwise
  3043. */
  3044. static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
  3045. int msqflg)
  3046. {
  3047. int may;
  3048. may = smack_flags_to_may(msqflg);
  3049. return smk_curacc_msq(isp, may);
  3050. }
  3051. /**
  3052. * smack_msg_queue_msgrcv - Smack access check for msg_queue
  3053. * @isp: the object
  3054. * @msg: unused
  3055. * @target: unused
  3056. * @type: unused
  3057. * @mode: unused
  3058. *
  3059. * Returns 0 if current has read and write access, error code otherwise
  3060. */
  3061. static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp,
  3062. struct msg_msg *msg,
  3063. struct task_struct *target, long type,
  3064. int mode)
  3065. {
  3066. return smk_curacc_msq(isp, MAY_READWRITE);
  3067. }
  3068. /**
  3069. * smack_ipc_permission - Smack access for ipc_permission()
  3070. * @ipp: the object permissions
  3071. * @flag: access requested
  3072. *
  3073. * Returns 0 if current has read and write access, error code otherwise
  3074. */
  3075. static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
  3076. {
  3077. struct smack_known **blob = smack_ipc(ipp);
  3078. struct smack_known *iskp = *blob;
  3079. int may = smack_flags_to_may(flag);
  3080. struct smk_audit_info ad;
  3081. int rc;
  3082. #ifdef CONFIG_AUDIT
  3083. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
  3084. ad.a.u.ipc_id = ipp->id;
  3085. #endif
  3086. rc = smk_curacc(iskp, may, &ad);
  3087. rc = smk_bu_current("svipc", iskp, may, rc);
  3088. return rc;
  3089. }
  3090. /**
  3091. * smack_ipc_getlsmprop - Extract smack security data
  3092. * @ipp: the object permissions
  3093. * @prop: where result will be saved
  3094. */
  3095. static void smack_ipc_getlsmprop(struct kern_ipc_perm *ipp, struct lsm_prop *prop)
  3096. {
  3097. struct smack_known **iskpp = smack_ipc(ipp);
  3098. prop->smack.skp = *iskpp;
  3099. }
  3100. /**
  3101. * smack_d_instantiate - Make sure the blob is correct on an inode
  3102. * @opt_dentry: dentry where inode will be attached
  3103. * @inode: the object
  3104. *
  3105. * Set the inode's security blob if it hasn't been done already.
  3106. */
  3107. static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
  3108. {
  3109. struct super_block *sbp;
  3110. struct superblock_smack *sbsp;
  3111. struct inode_smack *isp;
  3112. struct smack_known *skp;
  3113. struct smack_known *ckp = smk_of_current();
  3114. struct smack_known *final;
  3115. char trattr[TRANS_TRUE_SIZE];
  3116. int transflag = 0;
  3117. int rc;
  3118. struct dentry *dp;
  3119. if (inode == NULL)
  3120. return;
  3121. isp = smack_inode(inode);
  3122. /*
  3123. * If the inode is already instantiated
  3124. * take the quick way out
  3125. */
  3126. if (isp->smk_flags & SMK_INODE_INSTANT)
  3127. return;
  3128. sbp = inode->i_sb;
  3129. sbsp = smack_superblock(sbp);
  3130. /*
  3131. * We're going to use the superblock default label
  3132. * if there's no label on the file.
  3133. */
  3134. final = sbsp->smk_default;
  3135. /*
  3136. * If this is the root inode the superblock
  3137. * may be in the process of initialization.
  3138. * If that is the case use the root value out
  3139. * of the superblock.
  3140. */
  3141. if (opt_dentry->d_parent == opt_dentry) {
  3142. switch (sbp->s_magic) {
  3143. case CGROUP_SUPER_MAGIC:
  3144. case CGROUP2_SUPER_MAGIC:
  3145. /*
  3146. * The cgroup filesystem is never mounted,
  3147. * so there's no opportunity to set the mount
  3148. * options.
  3149. */
  3150. sbsp->smk_root = &smack_known_star;
  3151. sbsp->smk_default = &smack_known_star;
  3152. isp->smk_inode = sbsp->smk_root;
  3153. break;
  3154. case TMPFS_MAGIC:
  3155. /*
  3156. * What about shmem/tmpfs anonymous files with dentry
  3157. * obtained from d_alloc_pseudo()?
  3158. */
  3159. isp->smk_inode = smk_of_current();
  3160. break;
  3161. case PIPEFS_MAGIC:
  3162. isp->smk_inode = smk_of_current();
  3163. break;
  3164. case SOCKFS_MAGIC:
  3165. /*
  3166. * Socket access is controlled by the socket
  3167. * structures associated with the task involved.
  3168. */
  3169. isp->smk_inode = &smack_known_star;
  3170. break;
  3171. default:
  3172. isp->smk_inode = sbsp->smk_root;
  3173. break;
  3174. }
  3175. isp->smk_flags |= SMK_INODE_INSTANT;
  3176. return;
  3177. }
  3178. /*
  3179. * This is pretty hackish.
  3180. * Casey says that we shouldn't have to do
  3181. * file system specific code, but it does help
  3182. * with keeping it simple.
  3183. */
  3184. switch (sbp->s_magic) {
  3185. case SMACK_MAGIC:
  3186. case CGROUP_SUPER_MAGIC:
  3187. case CGROUP2_SUPER_MAGIC:
  3188. /*
  3189. * Casey says that it's a little embarrassing
  3190. * that the smack file system doesn't do
  3191. * extended attributes.
  3192. *
  3193. * Cgroupfs is special
  3194. */
  3195. final = &smack_known_star;
  3196. break;
  3197. case DEVPTS_SUPER_MAGIC:
  3198. /*
  3199. * devpts seems content with the label of the task.
  3200. * Programs that change smack have to treat the
  3201. * pty with respect.
  3202. */
  3203. final = ckp;
  3204. break;
  3205. case PROC_SUPER_MAGIC:
  3206. /*
  3207. * Casey says procfs appears not to care.
  3208. * The superblock default suffices.
  3209. */
  3210. break;
  3211. case TMPFS_MAGIC:
  3212. /*
  3213. * Device labels should come from the filesystem,
  3214. * but watch out, because they're volitile,
  3215. * getting recreated on every reboot.
  3216. */
  3217. final = &smack_known_star;
  3218. /*
  3219. * If a smack value has been set we want to use it,
  3220. * but since tmpfs isn't giving us the opportunity
  3221. * to set mount options simulate setting the
  3222. * superblock default.
  3223. */
  3224. fallthrough;
  3225. default:
  3226. /*
  3227. * This isn't an understood special case.
  3228. * Get the value from the xattr.
  3229. */
  3230. /*
  3231. * UDS inode has fixed label (*)
  3232. */
  3233. if (S_ISSOCK(inode->i_mode)) {
  3234. final = &smack_known_star;
  3235. break;
  3236. }
  3237. /*
  3238. * No xattr support means, alas, no SMACK label.
  3239. * Use the aforeapplied default.
  3240. * It would be curious if the label of the task
  3241. * does not match that assigned.
  3242. */
  3243. if (!(inode->i_opflags & IOP_XATTR))
  3244. break;
  3245. /*
  3246. * Get the dentry for xattr.
  3247. */
  3248. dp = dget(opt_dentry);
  3249. skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
  3250. if (!IS_ERR_OR_NULL(skp))
  3251. final = skp;
  3252. /*
  3253. * Transmuting directory
  3254. */
  3255. if (S_ISDIR(inode->i_mode)) {
  3256. /*
  3257. * If this is a new directory and the label was
  3258. * transmuted when the inode was initialized
  3259. * set the transmute attribute on the directory
  3260. * and mark the inode.
  3261. *
  3262. * If there is a transmute attribute on the
  3263. * directory mark the inode.
  3264. */
  3265. rc = __vfs_getxattr(dp, inode,
  3266. XATTR_NAME_SMACKTRANSMUTE, trattr,
  3267. TRANS_TRUE_SIZE);
  3268. if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
  3269. TRANS_TRUE_SIZE) != 0)
  3270. rc = -EINVAL;
  3271. if (rc >= 0)
  3272. transflag = SMK_INODE_TRANSMUTE;
  3273. }
  3274. /*
  3275. * Don't let the exec or mmap label be "*" or "@".
  3276. */
  3277. skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
  3278. if (IS_ERR(skp) || skp == &smack_known_star ||
  3279. skp == &smack_known_web)
  3280. skp = NULL;
  3281. isp->smk_task = skp;
  3282. skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
  3283. if (IS_ERR(skp) || skp == &smack_known_star ||
  3284. skp == &smack_known_web)
  3285. skp = NULL;
  3286. isp->smk_mmap = skp;
  3287. dput(dp);
  3288. break;
  3289. }
  3290. if (final == NULL)
  3291. isp->smk_inode = ckp;
  3292. else
  3293. isp->smk_inode = final;
  3294. isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
  3295. return;
  3296. }
  3297. /**
  3298. * smack_getselfattr - Smack current process attribute
  3299. * @attr: which attribute to fetch
  3300. * @ctx: buffer to receive the result
  3301. * @size: available size in, actual size out
  3302. * @flags: reserved, currently zero
  3303. *
  3304. * Fill the passed user space @ctx with the details of the requested
  3305. * attribute.
  3306. *
  3307. * Returns the number of attributes on success, an error code otherwise.
  3308. * There will only ever be one attribute.
  3309. */
  3310. static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
  3311. u32 *size, u32 flags)
  3312. {
  3313. int rc;
  3314. struct smack_known *skp;
  3315. if (attr != LSM_ATTR_CURRENT)
  3316. return -EOPNOTSUPP;
  3317. skp = smk_of_current();
  3318. rc = lsm_fill_user_ctx(ctx, size,
  3319. skp->smk_known, strlen(skp->smk_known) + 1,
  3320. LSM_ID_SMACK, 0);
  3321. return (!rc ? 1 : rc);
  3322. }
  3323. /**
  3324. * smack_getprocattr - Smack process attribute access
  3325. * @p: the object task
  3326. * @name: the name of the attribute in /proc/.../attr
  3327. * @value: where to put the result
  3328. *
  3329. * Places a copy of the task Smack into value
  3330. *
  3331. * Returns the length of the smack label or an error code
  3332. */
  3333. static int smack_getprocattr(struct task_struct *p, const char *name, char **value)
  3334. {
  3335. struct smack_known *skp = smk_of_task_struct_obj(p);
  3336. char *cp;
  3337. int slen;
  3338. if (strcmp(name, "current") != 0)
  3339. return -EINVAL;
  3340. cp = kstrdup(skp->smk_known, GFP_KERNEL);
  3341. if (cp == NULL)
  3342. return -ENOMEM;
  3343. slen = strlen(cp);
  3344. *value = cp;
  3345. return slen;
  3346. }
  3347. /**
  3348. * do_setattr - Smack process attribute setting
  3349. * @attr: the ID of the attribute
  3350. * @value: the value to set
  3351. * @size: the size of the value
  3352. *
  3353. * Sets the Smack value of the task. Only setting self
  3354. * is permitted and only with privilege
  3355. *
  3356. * Returns zero on success or an error code
  3357. */
  3358. static int do_setattr(unsigned int attr, void *value, size_t size)
  3359. {
  3360. struct task_smack *tsp = smack_cred(current_cred());
  3361. struct cred *new;
  3362. struct smack_known *skp;
  3363. int label_len;
  3364. /*
  3365. * let unprivileged user validate input, check permissions later
  3366. */
  3367. if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
  3368. return -EINVAL;
  3369. label_len = smk_parse_label_len(value, size);
  3370. if (label_len < 0 || label_len != size)
  3371. return -EINVAL;
  3372. /*
  3373. * No process is ever allowed the web ("@") label
  3374. * and the star ("*") label.
  3375. */
  3376. if (label_len == 1 /* '@', '*' */) {
  3377. const char c = *(const char *)value;
  3378. if (c == *smack_known_web.smk_known ||
  3379. c == *smack_known_star.smk_known)
  3380. return -EPERM;
  3381. }
  3382. if (!smack_privileged(CAP_MAC_ADMIN)) {
  3383. const struct smack_known_list_elem *sklep;
  3384. list_for_each_entry(sklep, &tsp->smk_relabel, list) {
  3385. const char *cp = sklep->smk_label->smk_known;
  3386. if (strlen(cp) == label_len &&
  3387. strncmp(cp, value, label_len) == 0)
  3388. goto in_relabel;
  3389. }
  3390. return -EPERM;
  3391. in_relabel:
  3392. ;
  3393. }
  3394. skp = smk_import_valid_label(value, label_len, GFP_KERNEL);
  3395. if (IS_ERR(skp))
  3396. return PTR_ERR(skp);
  3397. new = prepare_creds();
  3398. if (new == NULL)
  3399. return -ENOMEM;
  3400. tsp = smack_cred(new);
  3401. tsp->smk_task = skp;
  3402. /*
  3403. * process can change its label only once
  3404. */
  3405. smk_destroy_label_list(&tsp->smk_relabel);
  3406. commit_creds(new);
  3407. return 0;
  3408. }
  3409. /**
  3410. * smack_setselfattr - Set a Smack process attribute
  3411. * @attr: which attribute to set
  3412. * @ctx: buffer containing the data
  3413. * @size: size of @ctx
  3414. * @flags: reserved, must be zero
  3415. *
  3416. * Fill the passed user space @ctx with the details of the requested
  3417. * attribute.
  3418. *
  3419. * Returns 0 on success, an error code otherwise.
  3420. */
  3421. static int smack_setselfattr(unsigned int attr, struct lsm_ctx *ctx,
  3422. u32 size, u32 flags)
  3423. {
  3424. if (attr != LSM_ATTR_CURRENT)
  3425. return -EOPNOTSUPP;
  3426. if (ctx->flags)
  3427. return -EINVAL;
  3428. /*
  3429. * string must have \0 terminator, included in ctx->ctx
  3430. * (see description of struct lsm_ctx)
  3431. */
  3432. if (ctx->ctx_len == 0)
  3433. return -EINVAL;
  3434. if (ctx->ctx[ctx->ctx_len - 1] != '\0')
  3435. return -EINVAL;
  3436. /*
  3437. * other do_setattr() caller, smack_setprocattr(),
  3438. * does not count \0 into size, so
  3439. * decreasing length by 1 to accommodate the divergence.
  3440. */
  3441. return do_setattr(attr, ctx->ctx, ctx->ctx_len - 1);
  3442. }
  3443. /**
  3444. * smack_setprocattr - Smack process attribute setting
  3445. * @name: the name of the attribute in /proc/.../attr
  3446. * @value: the value to set
  3447. * @size: the size of the value
  3448. *
  3449. * Sets the Smack value of the task. Only setting self
  3450. * is permitted and only with privilege
  3451. *
  3452. * Returns the size of the input value or an error code
  3453. */
  3454. static int smack_setprocattr(const char *name, void *value, size_t size)
  3455. {
  3456. size_t realsize = size;
  3457. unsigned int attr = lsm_name_to_attr(name);
  3458. switch (attr) {
  3459. case LSM_ATTR_UNDEF: return -EINVAL;
  3460. default: return -EOPNOTSUPP;
  3461. case LSM_ATTR_CURRENT:
  3462. ;
  3463. }
  3464. /*
  3465. * The value for the "current" attribute is the label
  3466. * followed by one of the 4 trailers: none, \0, \n, \n\0
  3467. *
  3468. * I.e. following inputs are accepted as 3-characters long label "foo":
  3469. *
  3470. * "foo" (3 characters)
  3471. * "foo\0" (4 characters)
  3472. * "foo\n" (4 characters)
  3473. * "foo\n\0" (5 characters)
  3474. */
  3475. if (realsize && (((const char *)value)[realsize - 1] == '\0'))
  3476. --realsize;
  3477. if (realsize && (((const char *)value)[realsize - 1] == '\n'))
  3478. --realsize;
  3479. return do_setattr(attr, value, realsize) ? : size;
  3480. }
  3481. /**
  3482. * smack_unix_stream_connect - Smack access on UDS
  3483. * @sock: one sock
  3484. * @other: the other sock
  3485. * @newsk: unused
  3486. *
  3487. * Return 0 if a subject with the smack of sock could access
  3488. * an object with the smack of other, otherwise an error code
  3489. */
  3490. static int smack_unix_stream_connect(struct sock *sock,
  3491. struct sock *other, struct sock *newsk)
  3492. {
  3493. struct smack_known *skp;
  3494. struct smack_known *okp;
  3495. struct socket_smack *ssp = smack_sock(sock);
  3496. struct socket_smack *osp = smack_sock(other);
  3497. struct socket_smack *nsp = smack_sock(newsk);
  3498. struct smk_audit_info ad;
  3499. int rc = 0;
  3500. #ifdef CONFIG_AUDIT
  3501. struct lsm_network_audit net;
  3502. #endif
  3503. if (!smack_privileged(CAP_MAC_OVERRIDE)) {
  3504. skp = ssp->smk_out;
  3505. okp = osp->smk_in;
  3506. #ifdef CONFIG_AUDIT
  3507. smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
  3508. smk_ad_setfield_u_net_sk(&ad, other);
  3509. #endif
  3510. rc = smk_access(skp, okp, MAY_WRITE, &ad);
  3511. rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
  3512. if (rc == 0) {
  3513. okp = osp->smk_out;
  3514. skp = ssp->smk_in;
  3515. rc = smk_access(okp, skp, MAY_WRITE, &ad);
  3516. rc = smk_bu_note("UDS connect", okp, skp,
  3517. MAY_WRITE, rc);
  3518. }
  3519. }
  3520. if (rc == 0) {
  3521. /*
  3522. * Cross reference the peer labels for SO_PEERSEC.
  3523. */
  3524. nsp->smk_packet = ssp->smk_out;
  3525. ssp->smk_packet = osp->smk_out;
  3526. /*
  3527. * new/child/established socket must inherit listening socket labels
  3528. */
  3529. nsp->smk_out = osp->smk_out;
  3530. nsp->smk_in = osp->smk_in;
  3531. }
  3532. return rc;
  3533. }
  3534. /**
  3535. * smack_unix_may_send - Smack access on UDS
  3536. * @sock: one socket
  3537. * @other: the other socket
  3538. *
  3539. * Return 0 if a subject with the smack of sock could access
  3540. * an object with the smack of other, otherwise an error code
  3541. */
  3542. static int smack_unix_may_send(struct socket *sock, struct socket *other)
  3543. {
  3544. struct socket_smack *ssp = smack_sock(sock->sk);
  3545. struct socket_smack *osp = smack_sock(other->sk);
  3546. struct smk_audit_info ad;
  3547. int rc;
  3548. #ifdef CONFIG_AUDIT
  3549. struct lsm_network_audit net;
  3550. smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
  3551. smk_ad_setfield_u_net_sk(&ad, other->sk);
  3552. #endif
  3553. if (smack_privileged(CAP_MAC_OVERRIDE))
  3554. return 0;
  3555. rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
  3556. rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
  3557. return rc;
  3558. }
  3559. /**
  3560. * smack_socket_sendmsg - Smack check based on destination host
  3561. * @sock: the socket
  3562. * @msg: the message
  3563. * @size: the size of the message
  3564. *
  3565. * Return 0 if the current subject can write to the destination host.
  3566. * For IPv4 this is only a question if the destination is a single label host.
  3567. * For IPv6 this is a check against the label of the port.
  3568. */
  3569. static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
  3570. int size)
  3571. {
  3572. struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
  3573. #if IS_ENABLED(CONFIG_IPV6)
  3574. struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
  3575. #endif
  3576. #ifdef SMACK_IPV6_SECMARK_LABELING
  3577. struct socket_smack *ssp = smack_sock(sock->sk);
  3578. struct smack_known *rsp;
  3579. #endif
  3580. int rc = 0;
  3581. /*
  3582. * Perfectly reasonable for this to be NULL
  3583. */
  3584. if (sip == NULL)
  3585. return 0;
  3586. switch (sock->sk->sk_family) {
  3587. case AF_INET:
  3588. if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
  3589. sip->sin_family != AF_INET)
  3590. return -EINVAL;
  3591. rc = smk_ipv4_check(sock->sk, sip);
  3592. break;
  3593. #if IS_ENABLED(CONFIG_IPV6)
  3594. case AF_INET6:
  3595. if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
  3596. sap->sin6_family != AF_INET6)
  3597. return -EINVAL;
  3598. #ifdef SMACK_IPV6_SECMARK_LABELING
  3599. rsp = smack_ipv6host_label(sap);
  3600. if (rsp != NULL)
  3601. rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
  3602. SMK_CONNECTING);
  3603. #endif
  3604. #ifdef SMACK_IPV6_PORT_LABELING
  3605. rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
  3606. #endif
  3607. #endif /* IS_ENABLED(CONFIG_IPV6) */
  3608. break;
  3609. }
  3610. return rc;
  3611. }
  3612. /**
  3613. * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
  3614. * @sap: netlabel secattr
  3615. * @ssp: socket security information
  3616. *
  3617. * Returns a pointer to a Smack label entry found on the label list.
  3618. */
  3619. static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
  3620. struct socket_smack *ssp)
  3621. {
  3622. struct smack_known *skp;
  3623. int found = 0;
  3624. int acat;
  3625. int kcat;
  3626. /*
  3627. * Netlabel found it in the cache.
  3628. */
  3629. if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
  3630. return (struct smack_known *)sap->cache->data;
  3631. if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
  3632. /*
  3633. * Looks like a fallback, which gives us a secid.
  3634. */
  3635. return smack_from_secid(sap->attr.secid);
  3636. if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
  3637. /*
  3638. * Looks like a CIPSO packet.
  3639. * If there are flags but no level netlabel isn't
  3640. * behaving the way we expect it to.
  3641. *
  3642. * Look it up in the label table
  3643. * Without guidance regarding the smack value
  3644. * for the packet fall back on the network
  3645. * ambient value.
  3646. */
  3647. rcu_read_lock();
  3648. list_for_each_entry_rcu(skp, &smack_known_list, list) {
  3649. if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
  3650. continue;
  3651. /*
  3652. * Compare the catsets. Use the netlbl APIs.
  3653. */
  3654. if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
  3655. if ((skp->smk_netlabel.flags &
  3656. NETLBL_SECATTR_MLS_CAT) == 0)
  3657. found = 1;
  3658. break;
  3659. }
  3660. for (acat = -1, kcat = -1; acat == kcat; ) {
  3661. acat = netlbl_catmap_walk(sap->attr.mls.cat,
  3662. acat + 1);
  3663. kcat = netlbl_catmap_walk(
  3664. skp->smk_netlabel.attr.mls.cat,
  3665. kcat + 1);
  3666. if (acat < 0 || kcat < 0)
  3667. break;
  3668. }
  3669. if (acat == kcat) {
  3670. found = 1;
  3671. break;
  3672. }
  3673. }
  3674. rcu_read_unlock();
  3675. if (found)
  3676. return skp;
  3677. if (ssp != NULL && ssp->smk_in == &smack_known_star)
  3678. return &smack_known_web;
  3679. return &smack_known_star;
  3680. }
  3681. /*
  3682. * Without guidance regarding the smack value
  3683. * for the packet fall back on the network
  3684. * ambient value.
  3685. */
  3686. return smack_net_ambient;
  3687. }
  3688. #if IS_ENABLED(CONFIG_IPV6)
  3689. static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
  3690. {
  3691. u8 nexthdr;
  3692. int offset;
  3693. int proto = -EINVAL;
  3694. struct ipv6hdr _ipv6h;
  3695. struct ipv6hdr *ip6;
  3696. __be16 frag_off;
  3697. struct tcphdr _tcph, *th;
  3698. struct udphdr _udph, *uh;
  3699. sip->sin6_port = 0;
  3700. offset = skb_network_offset(skb);
  3701. ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
  3702. if (ip6 == NULL)
  3703. return -EINVAL;
  3704. sip->sin6_addr = ip6->saddr;
  3705. nexthdr = ip6->nexthdr;
  3706. offset += sizeof(_ipv6h);
  3707. offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
  3708. if (offset < 0)
  3709. return -EINVAL;
  3710. proto = nexthdr;
  3711. switch (proto) {
  3712. case IPPROTO_TCP:
  3713. th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
  3714. if (th != NULL)
  3715. sip->sin6_port = th->source;
  3716. break;
  3717. case IPPROTO_UDP:
  3718. case IPPROTO_UDPLITE:
  3719. uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
  3720. if (uh != NULL)
  3721. sip->sin6_port = uh->source;
  3722. break;
  3723. }
  3724. return proto;
  3725. }
  3726. #endif /* CONFIG_IPV6 */
  3727. /**
  3728. * smack_from_skb - Smack data from the secmark in an skb
  3729. * @skb: packet
  3730. *
  3731. * Returns smack_known of the secmark or NULL if that won't work.
  3732. */
  3733. #ifdef CONFIG_NETWORK_SECMARK
  3734. static struct smack_known *smack_from_skb(struct sk_buff *skb)
  3735. {
  3736. if (skb == NULL || skb->secmark == 0)
  3737. return NULL;
  3738. return smack_from_secid(skb->secmark);
  3739. }
  3740. #else
  3741. static inline struct smack_known *smack_from_skb(struct sk_buff *skb)
  3742. {
  3743. return NULL;
  3744. }
  3745. #endif
  3746. /**
  3747. * smack_from_netlbl - Smack data from the IP options in an skb
  3748. * @sk: socket data came in on
  3749. * @family: address family
  3750. * @skb: packet
  3751. *
  3752. * Find the Smack label in the IP options. If it hasn't been
  3753. * added to the netlabel cache, add it here.
  3754. *
  3755. * Returns smack_known of the IP options or NULL if that won't work.
  3756. */
  3757. static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
  3758. struct sk_buff *skb)
  3759. {
  3760. struct netlbl_lsm_secattr secattr;
  3761. struct socket_smack *ssp = NULL;
  3762. struct smack_known *skp = NULL;
  3763. netlbl_secattr_init(&secattr);
  3764. if (sk)
  3765. ssp = smack_sock(sk);
  3766. if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
  3767. skp = smack_from_secattr(&secattr, ssp);
  3768. if (secattr.flags & NETLBL_SECATTR_CACHEABLE)
  3769. netlbl_cache_add(skb, family, &skp->smk_netlabel);
  3770. }
  3771. netlbl_secattr_destroy(&secattr);
  3772. return skp;
  3773. }
  3774. /**
  3775. * smack_socket_sock_rcv_skb - Smack packet delivery access check
  3776. * @sk: socket
  3777. * @skb: packet
  3778. *
  3779. * Returns 0 if the packet should be delivered, an error code otherwise
  3780. */
  3781. static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
  3782. {
  3783. struct socket_smack *ssp = smack_sock(sk);
  3784. struct smack_known *skp = NULL;
  3785. int rc = 0;
  3786. struct smk_audit_info ad;
  3787. u16 family = sk->sk_family;
  3788. #ifdef CONFIG_AUDIT
  3789. struct lsm_network_audit net;
  3790. #endif
  3791. #if IS_ENABLED(CONFIG_IPV6)
  3792. struct sockaddr_in6 sadd;
  3793. int proto;
  3794. if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
  3795. family = PF_INET;
  3796. #endif /* CONFIG_IPV6 */
  3797. switch (family) {
  3798. case PF_INET:
  3799. /*
  3800. * If there is a secmark use it rather than the CIPSO label.
  3801. * If there is no secmark fall back to CIPSO.
  3802. * The secmark is assumed to reflect policy better.
  3803. */
  3804. skp = smack_from_skb(skb);
  3805. if (skp == NULL) {
  3806. skp = smack_from_netlbl(sk, family, skb);
  3807. if (skp == NULL)
  3808. skp = smack_net_ambient;
  3809. }
  3810. #ifdef CONFIG_AUDIT
  3811. smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
  3812. ad.a.u.net->family = family;
  3813. ad.a.u.net->netif = skb->skb_iif;
  3814. ipv4_skb_to_auditdata(skb, &ad.a, NULL);
  3815. #endif
  3816. /*
  3817. * Receiving a packet requires that the other end
  3818. * be able to write here. Read access is not required.
  3819. * This is the simplest possible security model
  3820. * for networking.
  3821. */
  3822. rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
  3823. rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
  3824. MAY_WRITE, rc);
  3825. if (rc != 0)
  3826. netlbl_skbuff_err(skb, family, rc, 0);
  3827. break;
  3828. #if IS_ENABLED(CONFIG_IPV6)
  3829. case PF_INET6:
  3830. proto = smk_skb_to_addr_ipv6(skb, &sadd);
  3831. if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
  3832. proto != IPPROTO_TCP)
  3833. break;
  3834. #ifdef SMACK_IPV6_SECMARK_LABELING
  3835. skp = smack_from_skb(skb);
  3836. if (skp == NULL) {
  3837. if (smk_ipv6_localhost(&sadd))
  3838. break;
  3839. skp = smack_ipv6host_label(&sadd);
  3840. if (skp == NULL)
  3841. skp = smack_net_ambient;
  3842. }
  3843. #ifdef CONFIG_AUDIT
  3844. smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
  3845. ad.a.u.net->family = family;
  3846. ad.a.u.net->netif = skb->skb_iif;
  3847. ipv6_skb_to_auditdata(skb, &ad.a, NULL);
  3848. #endif /* CONFIG_AUDIT */
  3849. rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
  3850. rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
  3851. MAY_WRITE, rc);
  3852. #endif /* SMACK_IPV6_SECMARK_LABELING */
  3853. #ifdef SMACK_IPV6_PORT_LABELING
  3854. rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
  3855. #endif /* SMACK_IPV6_PORT_LABELING */
  3856. if (rc != 0)
  3857. icmpv6_send(skb, ICMPV6_DEST_UNREACH,
  3858. ICMPV6_ADM_PROHIBITED, 0);
  3859. break;
  3860. #endif /* CONFIG_IPV6 */
  3861. }
  3862. return rc;
  3863. }
  3864. /**
  3865. * smack_socket_getpeersec_stream - pull in packet label
  3866. * @sock: the socket
  3867. * @optval: user's destination
  3868. * @optlen: size thereof
  3869. * @len: max thereof
  3870. *
  3871. * returns zero on success, an error code otherwise
  3872. */
  3873. static int smack_socket_getpeersec_stream(struct socket *sock,
  3874. sockptr_t optval, sockptr_t optlen,
  3875. unsigned int len)
  3876. {
  3877. struct socket_smack *ssp;
  3878. char *rcp = "";
  3879. u32 slen = 1;
  3880. int rc = 0;
  3881. ssp = smack_sock(sock->sk);
  3882. if (ssp->smk_packet != NULL) {
  3883. rcp = ssp->smk_packet->smk_known;
  3884. slen = strlen(rcp) + 1;
  3885. }
  3886. if (slen > len) {
  3887. rc = -ERANGE;
  3888. goto out_len;
  3889. }
  3890. if (copy_to_sockptr(optval, rcp, slen))
  3891. rc = -EFAULT;
  3892. out_len:
  3893. if (copy_to_sockptr(optlen, &slen, sizeof(slen)))
  3894. rc = -EFAULT;
  3895. return rc;
  3896. }
  3897. /**
  3898. * smack_socket_getpeersec_dgram - pull in packet label
  3899. * @sock: the peer socket
  3900. * @skb: packet data
  3901. * @secid: pointer to where to put the secid of the packet
  3902. *
  3903. * Sets the netlabel socket state on sk from parent
  3904. */
  3905. static int smack_socket_getpeersec_dgram(struct socket *sock,
  3906. struct sk_buff *skb, u32 *secid)
  3907. {
  3908. struct socket_smack *ssp = NULL;
  3909. struct smack_known *skp;
  3910. struct sock *sk = NULL;
  3911. int family = PF_UNSPEC;
  3912. u32 s = 0; /* 0 is the invalid secid */
  3913. if (skb != NULL) {
  3914. if (skb->protocol == htons(ETH_P_IP))
  3915. family = PF_INET;
  3916. #if IS_ENABLED(CONFIG_IPV6)
  3917. else if (skb->protocol == htons(ETH_P_IPV6))
  3918. family = PF_INET6;
  3919. #endif /* CONFIG_IPV6 */
  3920. }
  3921. if (family == PF_UNSPEC && sock != NULL)
  3922. family = sock->sk->sk_family;
  3923. switch (family) {
  3924. case PF_UNIX:
  3925. ssp = smack_sock(sock->sk);
  3926. s = ssp->smk_out->smk_secid;
  3927. break;
  3928. case PF_INET:
  3929. skp = smack_from_skb(skb);
  3930. if (skp) {
  3931. s = skp->smk_secid;
  3932. break;
  3933. }
  3934. /*
  3935. * Translate what netlabel gave us.
  3936. */
  3937. if (sock != NULL)
  3938. sk = sock->sk;
  3939. skp = smack_from_netlbl(sk, family, skb);
  3940. if (skp != NULL)
  3941. s = skp->smk_secid;
  3942. break;
  3943. case PF_INET6:
  3944. #ifdef SMACK_IPV6_SECMARK_LABELING
  3945. skp = smack_from_skb(skb);
  3946. if (skp)
  3947. s = skp->smk_secid;
  3948. #endif
  3949. break;
  3950. }
  3951. *secid = s;
  3952. if (s == 0)
  3953. return -EINVAL;
  3954. return 0;
  3955. }
  3956. /**
  3957. * smack_inet_conn_request - Smack access check on connect
  3958. * @sk: socket involved
  3959. * @skb: packet
  3960. * @req: unused
  3961. *
  3962. * Returns 0 if a task with the packet label could write to
  3963. * the socket, otherwise an error code
  3964. */
  3965. static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
  3966. struct request_sock *req)
  3967. {
  3968. u16 family = sk->sk_family;
  3969. struct smack_known *skp;
  3970. struct socket_smack *ssp = smack_sock(sk);
  3971. struct sockaddr_in addr;
  3972. struct iphdr *hdr;
  3973. struct smack_known *hskp;
  3974. int rc;
  3975. struct smk_audit_info ad;
  3976. #ifdef CONFIG_AUDIT
  3977. struct lsm_network_audit net;
  3978. #endif
  3979. #if IS_ENABLED(CONFIG_IPV6)
  3980. if (family == PF_INET6) {
  3981. /*
  3982. * Handle mapped IPv4 packets arriving
  3983. * via IPv6 sockets. Don't set up netlabel
  3984. * processing on IPv6.
  3985. */
  3986. if (skb->protocol == htons(ETH_P_IP))
  3987. family = PF_INET;
  3988. else
  3989. return 0;
  3990. }
  3991. #endif /* CONFIG_IPV6 */
  3992. /*
  3993. * If there is a secmark use it rather than the CIPSO label.
  3994. * If there is no secmark fall back to CIPSO.
  3995. * The secmark is assumed to reflect policy better.
  3996. */
  3997. skp = smack_from_skb(skb);
  3998. if (skp == NULL) {
  3999. skp = smack_from_netlbl(sk, family, skb);
  4000. if (skp == NULL)
  4001. skp = &smack_known_huh;
  4002. }
  4003. #ifdef CONFIG_AUDIT
  4004. smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
  4005. ad.a.u.net->family = family;
  4006. ad.a.u.net->netif = skb->skb_iif;
  4007. ipv4_skb_to_auditdata(skb, &ad.a, NULL);
  4008. #endif
  4009. /*
  4010. * Receiving a packet requires that the other end be able to write
  4011. * here. Read access is not required.
  4012. */
  4013. rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
  4014. rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
  4015. if (rc != 0)
  4016. return rc;
  4017. /*
  4018. * Save the peer's label in the request_sock so we can later setup
  4019. * smk_packet in the child socket so that SO_PEERCRED can report it.
  4020. */
  4021. req->peer_secid = skp->smk_secid;
  4022. /*
  4023. * We need to decide if we want to label the incoming connection here
  4024. * if we do we only need to label the request_sock and the stack will
  4025. * propagate the wire-label to the sock when it is created.
  4026. */
  4027. hdr = ip_hdr(skb);
  4028. addr.sin_addr.s_addr = hdr->saddr;
  4029. rcu_read_lock();
  4030. hskp = smack_ipv4host_label(&addr);
  4031. rcu_read_unlock();
  4032. if (hskp == NULL)
  4033. rc = netlbl_req_setattr(req, &ssp->smk_out->smk_netlabel);
  4034. else
  4035. netlbl_req_delattr(req);
  4036. return rc;
  4037. }
  4038. /**
  4039. * smack_inet_csk_clone - Copy the connection information to the new socket
  4040. * @sk: the new socket
  4041. * @req: the connection's request_sock
  4042. *
  4043. * Transfer the connection's peer label to the newly created socket.
  4044. */
  4045. static void smack_inet_csk_clone(struct sock *sk,
  4046. const struct request_sock *req)
  4047. {
  4048. struct socket_smack *ssp = smack_sock(sk);
  4049. struct smack_known *skp;
  4050. if (req->peer_secid != 0) {
  4051. skp = smack_from_secid(req->peer_secid);
  4052. ssp->smk_packet = skp;
  4053. } else
  4054. ssp->smk_packet = NULL;
  4055. }
  4056. /*
  4057. * Key management security hooks
  4058. *
  4059. * Casey has not tested key support very heavily.
  4060. * The permission check is most likely too restrictive.
  4061. * If you care about keys please have a look.
  4062. */
  4063. #ifdef CONFIG_KEYS
  4064. /**
  4065. * smack_key_alloc - Set the key security blob
  4066. * @key: object
  4067. * @cred: the credentials to use
  4068. * @flags: unused
  4069. *
  4070. * No allocation required
  4071. *
  4072. * Returns 0
  4073. */
  4074. static int smack_key_alloc(struct key *key, const struct cred *cred,
  4075. unsigned long flags)
  4076. {
  4077. struct smack_known **blob = smack_key(key);
  4078. struct smack_known *skp = smk_of_task(smack_cred(cred));
  4079. *blob = skp;
  4080. return 0;
  4081. }
  4082. /**
  4083. * smack_key_permission - Smack access on a key
  4084. * @key_ref: gets to the object
  4085. * @cred: the credentials to use
  4086. * @need_perm: requested key permission
  4087. *
  4088. * Return 0 if the task has read and write to the object,
  4089. * an error code otherwise
  4090. */
  4091. static int smack_key_permission(key_ref_t key_ref,
  4092. const struct cred *cred,
  4093. enum key_need_perm need_perm)
  4094. {
  4095. struct smack_known **blob;
  4096. struct smack_known *skp;
  4097. struct key *keyp;
  4098. struct smk_audit_info ad;
  4099. struct smack_known *tkp = smk_of_task(smack_cred(cred));
  4100. int request = 0;
  4101. int rc;
  4102. /*
  4103. * Validate requested permissions
  4104. */
  4105. switch (need_perm) {
  4106. case KEY_NEED_READ:
  4107. case KEY_NEED_SEARCH:
  4108. case KEY_NEED_VIEW:
  4109. request |= MAY_READ;
  4110. break;
  4111. case KEY_NEED_WRITE:
  4112. case KEY_NEED_LINK:
  4113. case KEY_NEED_SETATTR:
  4114. request |= MAY_WRITE;
  4115. break;
  4116. case KEY_NEED_UNSPECIFIED:
  4117. case KEY_NEED_UNLINK:
  4118. case KEY_SYSADMIN_OVERRIDE:
  4119. case KEY_AUTHTOKEN_OVERRIDE:
  4120. case KEY_DEFER_PERM_CHECK:
  4121. return 0;
  4122. default:
  4123. return -EINVAL;
  4124. }
  4125. keyp = key_ref_to_ptr(key_ref);
  4126. if (keyp == NULL)
  4127. return -EINVAL;
  4128. /*
  4129. * If the key hasn't been initialized give it access so that
  4130. * it may do so.
  4131. */
  4132. blob = smack_key(keyp);
  4133. skp = *blob;
  4134. if (skp == NULL)
  4135. return 0;
  4136. /*
  4137. * This should not occur
  4138. */
  4139. if (tkp == NULL)
  4140. return -EACCES;
  4141. if (smack_privileged(CAP_MAC_OVERRIDE))
  4142. return 0;
  4143. #ifdef CONFIG_AUDIT
  4144. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
  4145. ad.a.u.key_struct.key = keyp->serial;
  4146. ad.a.u.key_struct.key_desc = keyp->description;
  4147. #endif
  4148. rc = smk_access(tkp, skp, request, &ad);
  4149. rc = smk_bu_note("key access", tkp, skp, request, rc);
  4150. return rc;
  4151. }
  4152. /*
  4153. * smack_key_getsecurity - Smack label tagging the key
  4154. * @key points to the key to be queried
  4155. * @_buffer points to a pointer that should be set to point to the
  4156. * resulting string (if no label or an error occurs).
  4157. * Return the length of the string (including terminating NUL) or -ve if
  4158. * an error.
  4159. * May also return 0 (and a NULL buffer pointer) if there is no label.
  4160. */
  4161. static int smack_key_getsecurity(struct key *key, char **_buffer)
  4162. {
  4163. struct smack_known **blob = smack_key(key);
  4164. struct smack_known *skp = *blob;
  4165. size_t length;
  4166. char *copy;
  4167. if (skp == NULL) {
  4168. *_buffer = NULL;
  4169. return 0;
  4170. }
  4171. copy = kstrdup(skp->smk_known, GFP_KERNEL);
  4172. if (copy == NULL)
  4173. return -ENOMEM;
  4174. length = strlen(copy) + 1;
  4175. *_buffer = copy;
  4176. return length;
  4177. }
  4178. #ifdef CONFIG_KEY_NOTIFICATIONS
  4179. /**
  4180. * smack_watch_key - Smack access to watch a key for notifications.
  4181. * @key: The key to be watched
  4182. *
  4183. * Return 0 if the @watch->cred has permission to read from the key object and
  4184. * an error otherwise.
  4185. */
  4186. static int smack_watch_key(struct key *key)
  4187. {
  4188. struct smk_audit_info ad;
  4189. struct smack_known *tkp = smk_of_current();
  4190. struct smack_known **blob = smack_key(key);
  4191. int rc;
  4192. /*
  4193. * This should not occur
  4194. */
  4195. if (tkp == NULL)
  4196. return -EACCES;
  4197. if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
  4198. return 0;
  4199. #ifdef CONFIG_AUDIT
  4200. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
  4201. ad.a.u.key_struct.key = key->serial;
  4202. ad.a.u.key_struct.key_desc = key->description;
  4203. #endif
  4204. rc = smk_access(tkp, *blob, MAY_READ, &ad);
  4205. rc = smk_bu_note("key watch", tkp, *blob, MAY_READ, rc);
  4206. return rc;
  4207. }
  4208. #endif /* CONFIG_KEY_NOTIFICATIONS */
  4209. #endif /* CONFIG_KEYS */
  4210. #ifdef CONFIG_WATCH_QUEUE
  4211. /**
  4212. * smack_post_notification - Smack access to post a notification to a queue
  4213. * @w_cred: The credentials of the watcher.
  4214. * @cred: The credentials of the event source (may be NULL).
  4215. * @n: The notification message to be posted.
  4216. */
  4217. static int smack_post_notification(const struct cred *w_cred,
  4218. const struct cred *cred,
  4219. struct watch_notification *n)
  4220. {
  4221. struct smk_audit_info ad;
  4222. struct smack_known *subj, *obj;
  4223. int rc;
  4224. /* Always let maintenance notifications through. */
  4225. if (n->type == WATCH_TYPE_META)
  4226. return 0;
  4227. if (!cred)
  4228. return 0;
  4229. subj = smk_of_task(smack_cred(cred));
  4230. obj = smk_of_task(smack_cred(w_cred));
  4231. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION);
  4232. rc = smk_access(subj, obj, MAY_WRITE, &ad);
  4233. rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc);
  4234. return rc;
  4235. }
  4236. #endif /* CONFIG_WATCH_QUEUE */
  4237. /*
  4238. * Smack Audit hooks
  4239. *
  4240. * Audit requires a unique representation of each Smack specific
  4241. * rule. This unique representation is used to distinguish the
  4242. * object to be audited from remaining kernel objects and also
  4243. * works as a glue between the audit hooks.
  4244. *
  4245. * Since repository entries are added but never deleted, we'll use
  4246. * the smack_known label address related to the given audit rule as
  4247. * the needed unique representation. This also better fits the smack
  4248. * model where nearly everything is a label.
  4249. */
  4250. #ifdef CONFIG_AUDIT
  4251. /**
  4252. * smack_audit_rule_init - Initialize a smack audit rule
  4253. * @field: audit rule fields given from user-space (audit.h)
  4254. * @op: required testing operator (=, !=, >, <, ...)
  4255. * @rulestr: smack label to be audited
  4256. * @vrule: pointer to save our own audit rule representation
  4257. * @gfp: type of the memory for the allocation
  4258. *
  4259. * Prepare to audit cases where (@field @op @rulestr) is true.
  4260. * The label to be audited is created if necessary.
  4261. */
  4262. static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule,
  4263. gfp_t gfp)
  4264. {
  4265. struct smack_known *skp;
  4266. char **rule = (char **)vrule;
  4267. *rule = NULL;
  4268. if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
  4269. return -EINVAL;
  4270. if (op != Audit_equal && op != Audit_not_equal)
  4271. return -EINVAL;
  4272. skp = smk_import_entry(rulestr, 0);
  4273. if (IS_ERR(skp))
  4274. return PTR_ERR(skp);
  4275. *rule = skp->smk_known;
  4276. return 0;
  4277. }
  4278. /**
  4279. * smack_audit_rule_known - Distinguish Smack audit rules
  4280. * @krule: rule of interest, in Audit kernel representation format
  4281. *
  4282. * This is used to filter Smack rules from remaining Audit ones.
  4283. * If it's proved that this rule belongs to us, the
  4284. * audit_rule_match hook will be called to do the final judgement.
  4285. */
  4286. static int smack_audit_rule_known(struct audit_krule *krule)
  4287. {
  4288. struct audit_field *f;
  4289. int i;
  4290. for (i = 0; i < krule->field_count; i++) {
  4291. f = &krule->fields[i];
  4292. if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
  4293. return 1;
  4294. }
  4295. return 0;
  4296. }
  4297. /**
  4298. * smack_audit_rule_match - Audit given object ?
  4299. * @prop: security id for identifying the object to test
  4300. * @field: audit rule flags given from user-space
  4301. * @op: required testing operator
  4302. * @vrule: smack internal rule presentation
  4303. *
  4304. * The core Audit hook. It's used to take the decision of
  4305. * whether to audit or not to audit a given object.
  4306. */
  4307. static int smack_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,
  4308. void *vrule)
  4309. {
  4310. struct smack_known *skp = prop->smack.skp;
  4311. char *rule = vrule;
  4312. if (unlikely(!rule)) {
  4313. WARN_ONCE(1, "Smack: missing rule\n");
  4314. return -ENOENT;
  4315. }
  4316. if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
  4317. return 0;
  4318. /*
  4319. * No need to do string comparisons. If a match occurs,
  4320. * both pointers will point to the same smack_known
  4321. * label.
  4322. */
  4323. if (op == Audit_equal)
  4324. return (rule == skp->smk_known);
  4325. if (op == Audit_not_equal)
  4326. return (rule != skp->smk_known);
  4327. return 0;
  4328. }
  4329. /*
  4330. * There is no need for a smack_audit_rule_free hook.
  4331. * No memory was allocated.
  4332. */
  4333. #endif /* CONFIG_AUDIT */
  4334. /**
  4335. * smack_ismaclabel - check if xattr @name references a smack MAC label
  4336. * @name: Full xattr name to check.
  4337. */
  4338. static int smack_ismaclabel(const char *name)
  4339. {
  4340. return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
  4341. }
  4342. /**
  4343. * smack_to_secctx - fill a lsm_context
  4344. * @skp: Smack label
  4345. * @cp: destination
  4346. *
  4347. * Fill the passed @cp and return the length of the string
  4348. */
  4349. static int smack_to_secctx(struct smack_known *skp, struct lsm_context *cp)
  4350. {
  4351. int len = strlen(skp->smk_known);
  4352. if (cp) {
  4353. cp->context = skp->smk_known;
  4354. cp->len = len;
  4355. cp->id = LSM_ID_SMACK;
  4356. }
  4357. return len;
  4358. }
  4359. /**
  4360. * smack_secid_to_secctx - return the smack label for a secid
  4361. * @secid: incoming integer
  4362. * @cp: destination
  4363. *
  4364. * Exists for networking code.
  4365. */
  4366. static int smack_secid_to_secctx(u32 secid, struct lsm_context *cp)
  4367. {
  4368. return smack_to_secctx(smack_from_secid(secid), cp);
  4369. }
  4370. /**
  4371. * smack_lsmprop_to_secctx - return the smack label
  4372. * @prop: includes incoming Smack data
  4373. * @cp: destination
  4374. *
  4375. * Exists for audit code.
  4376. */
  4377. static int smack_lsmprop_to_secctx(struct lsm_prop *prop,
  4378. struct lsm_context *cp)
  4379. {
  4380. return smack_to_secctx(prop->smack.skp, cp);
  4381. }
  4382. /**
  4383. * smack_secctx_to_secid - return the secid for a smack label
  4384. * @secdata: smack label
  4385. * @seclen: how long result is
  4386. * @secid: outgoing integer
  4387. *
  4388. * Exists for audit and networking code.
  4389. */
  4390. static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
  4391. {
  4392. struct smack_known *skp = smk_find_entry(secdata);
  4393. if (skp)
  4394. *secid = skp->smk_secid;
  4395. else
  4396. *secid = 0;
  4397. return 0;
  4398. }
  4399. /*
  4400. * There used to be a smack_release_secctx hook
  4401. * that did nothing back when hooks were in a vector.
  4402. * Now that there's a list such a hook adds cost.
  4403. */
  4404. static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
  4405. {
  4406. /*
  4407. * UDS inode has fixed label. Ignore nfs label.
  4408. */
  4409. if (S_ISSOCK(inode->i_mode))
  4410. return 0;
  4411. return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx,
  4412. ctxlen, 0);
  4413. }
  4414. static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
  4415. {
  4416. return __vfs_setxattr_locked(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK,
  4417. ctx, ctxlen, 0, NULL);
  4418. }
  4419. static int smack_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
  4420. {
  4421. struct smack_known *skp = smk_of_inode(inode);
  4422. cp->context = skp->smk_known;
  4423. cp->len = strlen(skp->smk_known);
  4424. cp->id = LSM_ID_SMACK;
  4425. return 0;
  4426. }
  4427. static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
  4428. {
  4429. struct task_smack *tsp;
  4430. struct smack_known *skp;
  4431. struct inode_smack *isp;
  4432. struct cred *new_creds = *new;
  4433. if (new_creds == NULL) {
  4434. new_creds = prepare_creds();
  4435. if (new_creds == NULL)
  4436. return -ENOMEM;
  4437. }
  4438. tsp = smack_cred(new_creds);
  4439. /*
  4440. * Get label from overlay inode and set it in create_sid
  4441. */
  4442. isp = smack_inode(d_inode(dentry));
  4443. skp = isp->smk_inode;
  4444. tsp->smk_task = skp;
  4445. *new = new_creds;
  4446. return 0;
  4447. }
  4448. static int smack_inode_copy_up_xattr(struct dentry *src, const char *name)
  4449. {
  4450. /*
  4451. * Return -ECANCELED if this is the smack access Smack attribute.
  4452. */
  4453. if (!strcmp(name, XATTR_NAME_SMACK))
  4454. return -ECANCELED;
  4455. return -EOPNOTSUPP;
  4456. }
  4457. static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
  4458. const struct qstr *name,
  4459. const struct cred *old,
  4460. struct cred *new)
  4461. {
  4462. struct task_smack *otsp = smack_cred(old);
  4463. struct task_smack *ntsp = smack_cred(new);
  4464. struct inode_smack *isp;
  4465. /*
  4466. * Use the process credential unless all of
  4467. * the transmuting criteria are met
  4468. */
  4469. ntsp->smk_task = otsp->smk_task;
  4470. /*
  4471. * the attribute of the containing directory
  4472. */
  4473. isp = smack_inode(d_inode(dentry->d_parent));
  4474. if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
  4475. /*
  4476. * If the directory is transmuting and the rule
  4477. * providing access is transmuting use the containing
  4478. * directory label instead of the process label.
  4479. */
  4480. if (smk_rule_transmutes(otsp->smk_task, isp->smk_inode)) {
  4481. ntsp->smk_task = isp->smk_inode;
  4482. ntsp->smk_transmuted = ntsp->smk_task;
  4483. }
  4484. }
  4485. return 0;
  4486. }
  4487. #ifdef CONFIG_IO_URING
  4488. /**
  4489. * smack_uring_override_creds - Is io_uring cred override allowed?
  4490. * @new: the target creds
  4491. *
  4492. * Check to see if the current task is allowed to override it's credentials
  4493. * to service an io_uring operation.
  4494. */
  4495. static int smack_uring_override_creds(const struct cred *new)
  4496. {
  4497. struct task_smack *tsp = smack_cred(current_cred());
  4498. struct task_smack *nsp = smack_cred(new);
  4499. /*
  4500. * Allow the degenerate case where the new Smack value is
  4501. * the same as the current Smack value.
  4502. */
  4503. if (tsp->smk_task == nsp->smk_task)
  4504. return 0;
  4505. if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
  4506. return 0;
  4507. return -EPERM;
  4508. }
  4509. /**
  4510. * smack_uring_sqpoll - check if a io_uring polling thread can be created
  4511. *
  4512. * Check to see if the current task is allowed to create a new io_uring
  4513. * kernel polling thread.
  4514. */
  4515. static int smack_uring_sqpoll(void)
  4516. {
  4517. if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred()))
  4518. return 0;
  4519. return -EPERM;
  4520. }
  4521. /**
  4522. * smack_uring_cmd - check on file operations for io_uring
  4523. * @ioucmd: the command in question
  4524. *
  4525. * Make a best guess about whether a io_uring "command" should
  4526. * be allowed. Use the same logic used for determining if the
  4527. * file could be opened for read in the absence of better criteria.
  4528. */
  4529. static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
  4530. {
  4531. struct file *file = ioucmd->file;
  4532. struct smk_audit_info ad;
  4533. struct task_smack *tsp;
  4534. struct inode *inode;
  4535. int rc;
  4536. if (!file)
  4537. return -EINVAL;
  4538. tsp = smack_cred(file->f_cred);
  4539. inode = file_inode(file);
  4540. smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  4541. smk_ad_setfield_u_fs_path(&ad, file->f_path);
  4542. rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
  4543. rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
  4544. return rc;
  4545. }
  4546. #endif /* CONFIG_IO_URING */
  4547. struct lsm_blob_sizes smack_blob_sizes __ro_after_init = {
  4548. .lbs_cred = sizeof(struct task_smack),
  4549. .lbs_file = sizeof(struct smack_known *),
  4550. .lbs_inode = sizeof(struct inode_smack),
  4551. .lbs_ipc = sizeof(struct smack_known *),
  4552. .lbs_key = sizeof(struct smack_known *),
  4553. .lbs_msg_msg = sizeof(struct smack_known *),
  4554. .lbs_sock = sizeof(struct socket_smack),
  4555. .lbs_superblock = sizeof(struct superblock_smack),
  4556. .lbs_xattr_count = SMACK_INODE_INIT_XATTRS,
  4557. };
  4558. static const struct lsm_id smack_lsmid = {
  4559. .name = "smack",
  4560. .id = LSM_ID_SMACK,
  4561. };
  4562. static struct security_hook_list smack_hooks[] __ro_after_init = {
  4563. LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
  4564. LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
  4565. LSM_HOOK_INIT(syslog, smack_syslog),
  4566. LSM_HOOK_INIT(fs_context_submount, smack_fs_context_submount),
  4567. LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
  4568. LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
  4569. LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
  4570. LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
  4571. LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
  4572. LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
  4573. LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
  4574. LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),
  4575. LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
  4576. LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
  4577. LSM_HOOK_INIT(inode_link, smack_inode_link),
  4578. LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
  4579. LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
  4580. LSM_HOOK_INIT(inode_rename, smack_inode_rename),
  4581. LSM_HOOK_INIT(inode_permission, smack_inode_permission),
  4582. LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
  4583. LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
  4584. LSM_HOOK_INIT(inode_xattr_skipcap, smack_inode_xattr_skipcap),
  4585. LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
  4586. LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
  4587. LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
  4588. LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
  4589. LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl),
  4590. LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl),
  4591. LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl),
  4592. LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
  4593. LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
  4594. LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
  4595. LSM_HOOK_INIT(inode_getlsmprop, smack_inode_getlsmprop),
  4596. LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
  4597. LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
  4598. LSM_HOOK_INIT(file_ioctl_compat, smack_file_ioctl),
  4599. LSM_HOOK_INIT(file_lock, smack_file_lock),
  4600. LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
  4601. LSM_HOOK_INIT(mmap_file, smack_mmap_file),
  4602. LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
  4603. LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
  4604. LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
  4605. LSM_HOOK_INIT(file_receive, smack_file_receive),
  4606. LSM_HOOK_INIT(file_open, smack_file_open),
  4607. LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
  4608. LSM_HOOK_INIT(cred_free, smack_cred_free),
  4609. LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
  4610. LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
  4611. LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
  4612. LSM_HOOK_INIT(cred_getlsmprop, smack_cred_getlsmprop),
  4613. LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
  4614. LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
  4615. LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
  4616. LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
  4617. LSM_HOOK_INIT(task_getsid, smack_task_getsid),
  4618. LSM_HOOK_INIT(current_getlsmprop_subj, smack_current_getlsmprop_subj),
  4619. LSM_HOOK_INIT(task_getlsmprop_obj, smack_task_getlsmprop_obj),
  4620. LSM_HOOK_INIT(task_setnice, smack_task_setnice),
  4621. LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
  4622. LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
  4623. LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
  4624. LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
  4625. LSM_HOOK_INIT(task_movememory, smack_task_movememory),
  4626. LSM_HOOK_INIT(task_kill, smack_task_kill),
  4627. LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
  4628. LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
  4629. LSM_HOOK_INIT(ipc_getlsmprop, smack_ipc_getlsmprop),
  4630. LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
  4631. LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
  4632. LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
  4633. LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
  4634. LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
  4635. LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
  4636. LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
  4637. LSM_HOOK_INIT(shm_associate, smack_shm_associate),
  4638. LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
  4639. LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
  4640. LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
  4641. LSM_HOOK_INIT(sem_associate, smack_sem_associate),
  4642. LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
  4643. LSM_HOOK_INIT(sem_semop, smack_sem_semop),
  4644. LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
  4645. LSM_HOOK_INIT(getselfattr, smack_getselfattr),
  4646. LSM_HOOK_INIT(setselfattr, smack_setselfattr),
  4647. LSM_HOOK_INIT(getprocattr, smack_getprocattr),
  4648. LSM_HOOK_INIT(setprocattr, smack_setprocattr),
  4649. LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
  4650. LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
  4651. LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
  4652. LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
  4653. #ifdef SMACK_IPV6_PORT_LABELING
  4654. LSM_HOOK_INIT(socket_bind, smack_socket_bind),
  4655. #endif
  4656. LSM_HOOK_INIT(socket_connect, smack_socket_connect),
  4657. LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
  4658. LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
  4659. LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
  4660. LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
  4661. LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
  4662. #ifdef SMACK_IPV6_PORT_LABELING
  4663. LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
  4664. #endif
  4665. LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security),
  4666. LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
  4667. LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
  4668. /* key management security hooks */
  4669. #ifdef CONFIG_KEYS
  4670. LSM_HOOK_INIT(key_alloc, smack_key_alloc),
  4671. LSM_HOOK_INIT(key_permission, smack_key_permission),
  4672. LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
  4673. #ifdef CONFIG_KEY_NOTIFICATIONS
  4674. LSM_HOOK_INIT(watch_key, smack_watch_key),
  4675. #endif
  4676. #endif /* CONFIG_KEYS */
  4677. #ifdef CONFIG_WATCH_QUEUE
  4678. LSM_HOOK_INIT(post_notification, smack_post_notification),
  4679. #endif
  4680. /* Audit hooks */
  4681. #ifdef CONFIG_AUDIT
  4682. LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
  4683. LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
  4684. LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
  4685. #endif /* CONFIG_AUDIT */
  4686. LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
  4687. LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
  4688. LSM_HOOK_INIT(lsmprop_to_secctx, smack_lsmprop_to_secctx),
  4689. LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
  4690. LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
  4691. LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
  4692. LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
  4693. LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
  4694. LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
  4695. LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
  4696. #ifdef CONFIG_IO_URING
  4697. LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds),
  4698. LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll),
  4699. LSM_HOOK_INIT(uring_cmd, smack_uring_cmd),
  4700. #endif
  4701. };
  4702. static __init void init_smack_known_list(void)
  4703. {
  4704. /*
  4705. * Initialize rule list locks
  4706. */
  4707. mutex_init(&smack_known_huh.smk_rules_lock);
  4708. mutex_init(&smack_known_hat.smk_rules_lock);
  4709. mutex_init(&smack_known_floor.smk_rules_lock);
  4710. mutex_init(&smack_known_star.smk_rules_lock);
  4711. mutex_init(&smack_known_web.smk_rules_lock);
  4712. /*
  4713. * Initialize rule lists
  4714. */
  4715. INIT_LIST_HEAD(&smack_known_huh.smk_rules);
  4716. INIT_LIST_HEAD(&smack_known_hat.smk_rules);
  4717. INIT_LIST_HEAD(&smack_known_star.smk_rules);
  4718. INIT_LIST_HEAD(&smack_known_floor.smk_rules);
  4719. INIT_LIST_HEAD(&smack_known_web.smk_rules);
  4720. /*
  4721. * Create the known labels list
  4722. */
  4723. smk_insert_entry(&smack_known_huh);
  4724. smk_insert_entry(&smack_known_hat);
  4725. smk_insert_entry(&smack_known_star);
  4726. smk_insert_entry(&smack_known_floor);
  4727. smk_insert_entry(&smack_known_web);
  4728. }
  4729. /**
  4730. * smack_init - initialize the smack system
  4731. *
  4732. * Returns 0 on success, -ENOMEM is there's no memory
  4733. */
  4734. static __init int smack_init(void)
  4735. {
  4736. struct cred *cred = (struct cred *) current->cred;
  4737. struct task_smack *tsp;
  4738. smack_rule_cache = KMEM_CACHE(smack_rule, 0);
  4739. if (!smack_rule_cache)
  4740. return -ENOMEM;
  4741. /*
  4742. * Set the security state for the initial task.
  4743. */
  4744. tsp = smack_cred(cred);
  4745. init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
  4746. /*
  4747. * Register with LSM
  4748. */
  4749. security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid);
  4750. smack_enabled = 1;
  4751. pr_info("Smack: Initializing.\n");
  4752. #ifdef CONFIG_SECURITY_SMACK_NETFILTER
  4753. pr_info("Smack: Netfilter enabled.\n");
  4754. #endif
  4755. #ifdef SMACK_IPV6_PORT_LABELING
  4756. pr_info("Smack: IPv6 port labeling enabled.\n");
  4757. #endif
  4758. #ifdef SMACK_IPV6_SECMARK_LABELING
  4759. pr_info("Smack: IPv6 Netfilter enabled.\n");
  4760. #endif
  4761. /* initialize the smack_known_list */
  4762. init_smack_known_list();
  4763. /* Inform the audit system that secctx is used */
  4764. audit_cfg_lsm(&smack_lsmid,
  4765. AUDIT_CFG_LSM_SECCTX_SUBJECT |
  4766. AUDIT_CFG_LSM_SECCTX_OBJECT);
  4767. return 0;
  4768. }
  4769. int __init smack_initcall(void)
  4770. {
  4771. int rc_fs = init_smk_fs();
  4772. int rc_nf = smack_nf_ip_init();
  4773. return rc_fs ? rc_fs : rc_nf;
  4774. }
  4775. /*
  4776. * Smack requires early initialization in order to label
  4777. * all processes and objects when they are created.
  4778. */
  4779. DEFINE_LSM(smack) = {
  4780. .id = &smack_lsmid,
  4781. .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
  4782. .blobs = &smack_blob_sizes,
  4783. .init = smack_init,
  4784. .initcall_device = smack_initcall,
  4785. };