1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Simplified MAC Kernel (smack) security module
4 *
5 * This file contains the smack hook function implementations.
6 *
7 * Authors:
8 * Casey Schaufler <[email protected]>
9 * Jarkko Sakkinen <[email protected]>
10 *
11 * Copyright (C) 2007 Casey Schaufler <[email protected]>
12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
13 * Paul Moore <[email protected]>
14 * Copyright (C) 2010 Nokia Corporation
15 * Copyright (C) 2011 Intel Corporation.
16 */
17
18 #include <linux/xattr.h>
19 #include <linux/pagemap.h>
20 #include <linux/mount.h>
21 #include <linux/stat.h>
22 #include <linux/kd.h>
23 #include <asm/ioctls.h>
24 #include <linux/ip.h>
25 #include <linux/tcp.h>
26 #include <linux/udp.h>
27 #include <linux/dccp.h>
28 #include <linux/icmpv6.h>
29 #include <linux/slab.h>
30 #include <linux/mutex.h>
31 #include <net/cipso_ipv4.h>
32 #include <net/ip.h>
33 #include <net/ipv6.h>
34 #include <linux/audit.h>
35 #include <linux/magic.h>
36 #include <linux/dcache.h>
37 #include <linux/personality.h>
38 #include <linux/msg.h>
39 #include <linux/shm.h>
40 #include <uapi/linux/shm.h>
41 #include <linux/binfmts.h>
42 #include <linux/parser.h>
43 #include <linux/fs_context.h>
44 #include <linux/fs_parser.h>
45 #include <linux/watch_queue.h>
46 #include <linux/io_uring/cmd.h>
47 #include <uapi/linux/lsm.h>
48 #include "smack.h"
49
50 #define TRANS_TRUE "TRUE"
51 #define TRANS_TRUE_SIZE 4
52
53 #define SMK_CONNECTING 0
54 #define SMK_RECEIVING 1
55 #define SMK_SENDING 2
56
57 /*
58 * Smack uses multiple xattrs.
59 * SMACK64 - for access control,
60 * SMACK64TRANSMUTE - label initialization,
61 * Not saved on files - SMACK64IPIN and SMACK64IPOUT,
62 * Must be set explicitly - SMACK64EXEC and SMACK64MMAP
63 */
64 #define SMACK_INODE_INIT_XATTRS 2
65
66 #ifdef SMACK_IPV6_PORT_LABELING
67 static DEFINE_MUTEX(smack_ipv6_lock);
68 static LIST_HEAD(smk_ipv6_port_list);
69 #endif
70 struct kmem_cache *smack_rule_cache;
71 int smack_enabled __initdata;
72
73 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
74 static struct {
75 const char *name;
76 int len;
77 int opt;
78 } smk_mount_opts[] = {
79 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
80 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
81 };
82 #undef A
83
match_opt_prefix(char * s,int l,char ** arg)84 static int match_opt_prefix(char *s, int l, char **arg)
85 {
86 int i;
87
88 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
89 size_t len = smk_mount_opts[i].len;
90 if (len > l || memcmp(s, smk_mount_opts[i].name, len))
91 continue;
92 if (len == l || s[len] != '=')
93 continue;
94 *arg = s + len + 1;
95 return smk_mount_opts[i].opt;
96 }
97 return Opt_error;
98 }
99
100 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
101 static char *smk_bu_mess[] = {
102 "Bringup Error", /* Unused */
103 "Bringup", /* SMACK_BRINGUP_ALLOW */
104 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
105 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
106 };
107
smk_bu_mode(int mode,char * s)108 static void smk_bu_mode(int mode, char *s)
109 {
110 smack_str_from_perm(s, mode);
111 }
112 #endif
113
114 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_note(char * note,struct smack_known * sskp,struct smack_known * oskp,int mode,int rc)115 static int smk_bu_note(char *note, struct smack_known *sskp,
116 struct smack_known *oskp, int mode, int rc)
117 {
118 char acc[SMK_NUM_ACCESS_TYPE + 1];
119
120 if (rc <= 0)
121 return rc;
122 if (rc > SMACK_UNCONFINED_OBJECT)
123 rc = 0;
124
125 smk_bu_mode(mode, acc);
126 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
127 sskp->smk_known, oskp->smk_known, acc, note);
128 return 0;
129 }
130 #else
131 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
132 #endif
133
134 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_current(char * note,struct smack_known * oskp,int mode,int rc)135 static int smk_bu_current(char *note, struct smack_known *oskp,
136 int mode, int rc)
137 {
138 struct task_smack *tsp = smack_cred(current_cred());
139 char acc[SMK_NUM_ACCESS_TYPE + 1];
140
141 if (rc <= 0)
142 return rc;
143 if (rc > SMACK_UNCONFINED_OBJECT)
144 rc = 0;
145
146 smk_bu_mode(mode, acc);
147 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
148 tsp->smk_task->smk_known, oskp->smk_known,
149 acc, current->comm, note);
150 return 0;
151 }
152 #else
153 #define smk_bu_current(note, oskp, mode, RC) (RC)
154 #endif
155
156 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_task(struct task_struct * otp,int mode,int rc)157 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
158 {
159 struct task_smack *tsp = smack_cred(current_cred());
160 struct smack_known *smk_task = smk_of_task_struct_obj(otp);
161 char acc[SMK_NUM_ACCESS_TYPE + 1];
162
163 if (rc <= 0)
164 return rc;
165 if (rc > SMACK_UNCONFINED_OBJECT)
166 rc = 0;
167
168 smk_bu_mode(mode, acc);
169 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
170 tsp->smk_task->smk_known, smk_task->smk_known, acc,
171 current->comm, otp->comm);
172 return 0;
173 }
174 #else
175 #define smk_bu_task(otp, mode, RC) (RC)
176 #endif
177
178 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_inode(struct inode * inode,int mode,int rc)179 static int smk_bu_inode(struct inode *inode, int mode, int rc)
180 {
181 struct task_smack *tsp = smack_cred(current_cred());
182 struct inode_smack *isp = smack_inode(inode);
183 char acc[SMK_NUM_ACCESS_TYPE + 1];
184
185 if (isp->smk_flags & SMK_INODE_IMPURE)
186 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
187 inode->i_sb->s_id, inode->i_ino, current->comm);
188
189 if (rc <= 0)
190 return rc;
191 if (rc > SMACK_UNCONFINED_OBJECT)
192 rc = 0;
193 if (rc == SMACK_UNCONFINED_SUBJECT &&
194 (mode & (MAY_WRITE | MAY_APPEND)))
195 isp->smk_flags |= SMK_INODE_IMPURE;
196
197 smk_bu_mode(mode, acc);
198
199 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
200 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
201 inode->i_sb->s_id, inode->i_ino, current->comm);
202 return 0;
203 }
204 #else
205 #define smk_bu_inode(inode, mode, RC) (RC)
206 #endif
207
208 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_file(struct file * file,int mode,int rc)209 static int smk_bu_file(struct file *file, int mode, int rc)
210 {
211 struct task_smack *tsp = smack_cred(current_cred());
212 struct smack_known *sskp = tsp->smk_task;
213 struct inode *inode = file_inode(file);
214 struct inode_smack *isp = smack_inode(inode);
215 char acc[SMK_NUM_ACCESS_TYPE + 1];
216
217 if (isp->smk_flags & SMK_INODE_IMPURE)
218 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
219 inode->i_sb->s_id, inode->i_ino, current->comm);
220
221 if (rc <= 0)
222 return rc;
223 if (rc > SMACK_UNCONFINED_OBJECT)
224 rc = 0;
225
226 smk_bu_mode(mode, acc);
227 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
228 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
229 inode->i_sb->s_id, inode->i_ino, file,
230 current->comm);
231 return 0;
232 }
233 #else
234 #define smk_bu_file(file, mode, RC) (RC)
235 #endif
236
237 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
smk_bu_credfile(const struct cred * cred,struct file * file,int mode,int rc)238 static int smk_bu_credfile(const struct cred *cred, struct file *file,
239 int mode, int rc)
240 {
241 struct task_smack *tsp = smack_cred(cred);
242 struct smack_known *sskp = tsp->smk_task;
243 struct inode *inode = file_inode(file);
244 struct inode_smack *isp = smack_inode(inode);
245 char acc[SMK_NUM_ACCESS_TYPE + 1];
246
247 if (isp->smk_flags & SMK_INODE_IMPURE)
248 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
249 inode->i_sb->s_id, inode->i_ino, current->comm);
250
251 if (rc <= 0)
252 return rc;
253 if (rc > SMACK_UNCONFINED_OBJECT)
254 rc = 0;
255
256 smk_bu_mode(mode, acc);
257 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
258 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
259 inode->i_sb->s_id, inode->i_ino, file,
260 current->comm);
261 return 0;
262 }
263 #else
264 #define smk_bu_credfile(cred, file, mode, RC) (RC)
265 #endif
266
267 /**
268 * smk_fetch - Fetch the smack label from a file.
269 * @name: type of the label (attribute)
270 * @ip: a pointer to the inode
271 * @dp: a pointer to the dentry
272 *
273 * Returns a pointer to the master list entry for the Smack label,
274 * NULL if there was no label to fetch, or an error code.
275 */
smk_fetch(const char * name,struct inode * ip,struct dentry * dp)276 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
277 struct dentry *dp)
278 {
279 int rc;
280 char *buffer;
281 struct smack_known *skp = NULL;
282
283 if (!(ip->i_opflags & IOP_XATTR))
284 return ERR_PTR(-EOPNOTSUPP);
285
286 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
287 if (buffer == NULL)
288 return ERR_PTR(-ENOMEM);
289
290 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
291 if (rc < 0)
292 skp = ERR_PTR(rc);
293 else if (rc == 0)
294 skp = NULL;
295 else
296 skp = smk_import_entry(buffer, rc);
297
298 kfree(buffer);
299
300 return skp;
301 }
302
303 /**
304 * init_inode_smack - initialize an inode security blob
305 * @inode: inode to extract the info from
306 * @skp: a pointer to the Smack label entry to use in the blob
307 *
308 */
init_inode_smack(struct inode * inode,struct smack_known * skp)309 static void init_inode_smack(struct inode *inode, struct smack_known *skp)
310 {
311 struct inode_smack *isp = smack_inode(inode);
312
313 isp->smk_inode = skp;
314 isp->smk_flags = 0;
315 }
316
317 /**
318 * init_task_smack - initialize a task security blob
319 * @tsp: blob to initialize
320 * @task: a pointer to the Smack label for the running task
321 * @forked: a pointer to the Smack label for the forked task
322 *
323 */
init_task_smack(struct task_smack * tsp,struct smack_known * task,struct smack_known * forked)324 static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
325 struct smack_known *forked)
326 {
327 tsp->smk_task = task;
328 tsp->smk_forked = forked;
329 INIT_LIST_HEAD(&tsp->smk_rules);
330 INIT_LIST_HEAD(&tsp->smk_relabel);
331 mutex_init(&tsp->smk_rules_lock);
332 }
333
334 /**
335 * smk_copy_rules - copy a rule set
336 * @nhead: new rules header pointer
337 * @ohead: old rules header pointer
338 * @gfp: type of the memory for the allocation
339 *
340 * Returns 0 on success, -ENOMEM on error
341 */
smk_copy_rules(struct list_head * nhead,struct list_head * ohead,gfp_t gfp)342 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
343 gfp_t gfp)
344 {
345 struct smack_rule *nrp;
346 struct smack_rule *orp;
347 int rc = 0;
348
349 list_for_each_entry_rcu(orp, ohead, list) {
350 nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
351 if (nrp == NULL) {
352 rc = -ENOMEM;
353 break;
354 }
355 *nrp = *orp;
356 list_add_rcu(&nrp->list, nhead);
357 }
358 return rc;
359 }
360
361 /**
362 * smk_copy_relabel - copy smk_relabel labels list
363 * @nhead: new rules header pointer
364 * @ohead: old rules header pointer
365 * @gfp: type of the memory for the allocation
366 *
367 * Returns 0 on success, -ENOMEM on error
368 */
smk_copy_relabel(struct list_head * nhead,struct list_head * ohead,gfp_t gfp)369 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
370 gfp_t gfp)
371 {
372 struct smack_known_list_elem *nklep;
373 struct smack_known_list_elem *oklep;
374
375 list_for_each_entry(oklep, ohead, list) {
376 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
377 if (nklep == NULL) {
378 smk_destroy_label_list(nhead);
379 return -ENOMEM;
380 }
381 nklep->smk_label = oklep->smk_label;
382 list_add(&nklep->list, nhead);
383 }
384
385 return 0;
386 }
387
388 /**
389 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
390 * @mode: input mode in form of PTRACE_MODE_*
391 *
392 * Returns a converted MAY_* mode usable by smack rules
393 */
smk_ptrace_mode(unsigned int mode)394 static inline unsigned int smk_ptrace_mode(unsigned int mode)
395 {
396 if (mode & PTRACE_MODE_ATTACH)
397 return MAY_READWRITE;
398 if (mode & PTRACE_MODE_READ)
399 return MAY_READ;
400
401 return 0;
402 }
403
404 /**
405 * smk_ptrace_rule_check - helper for ptrace access
406 * @tracer: tracer process
407 * @tracee_known: label entry of the process that's about to be traced
408 * @mode: ptrace attachment mode (PTRACE_MODE_*)
409 * @func: name of the function that called us, used for audit
410 *
411 * Returns 0 on access granted, -error on error
412 */
smk_ptrace_rule_check(struct task_struct * tracer,struct smack_known * tracee_known,unsigned int mode,const char * func)413 static int smk_ptrace_rule_check(struct task_struct *tracer,
414 struct smack_known *tracee_known,
415 unsigned int mode, const char *func)
416 {
417 int rc;
418 struct smk_audit_info ad, *saip = NULL;
419 struct task_smack *tsp;
420 struct smack_known *tracer_known;
421 const struct cred *tracercred;
422
423 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
424 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
425 smk_ad_setfield_u_tsk(&ad, tracer);
426 saip = &ad;
427 }
428
429 rcu_read_lock();
430 tracercred = __task_cred(tracer);
431 tsp = smack_cred(tracercred);
432 tracer_known = smk_of_task(tsp);
433
434 if ((mode & PTRACE_MODE_ATTACH) &&
435 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
436 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
437 if (tracer_known->smk_known == tracee_known->smk_known)
438 rc = 0;
439 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
440 rc = -EACCES;
441 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
442 rc = 0;
443 else
444 rc = -EACCES;
445
446 if (saip)
447 smack_log(tracer_known->smk_known,
448 tracee_known->smk_known,
449 0, rc, saip);
450
451 rcu_read_unlock();
452 return rc;
453 }
454
455 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
456 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
457
458 rcu_read_unlock();
459 return rc;
460 }
461
462 /*
463 * LSM hooks.
464 * We he, that is fun!
465 */
466
467 /**
468 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
469 * @ctp: child task pointer
470 * @mode: ptrace attachment mode (PTRACE_MODE_*)
471 *
472 * Returns 0 if access is OK, an error code otherwise
473 *
474 * Do the capability checks.
475 */
smack_ptrace_access_check(struct task_struct * ctp,unsigned int mode)476 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
477 {
478 struct smack_known *skp;
479
480 skp = smk_of_task_struct_obj(ctp);
481
482 return smk_ptrace_rule_check(current, skp, mode, __func__);
483 }
484
485 /**
486 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
487 * @ptp: parent task pointer
488 *
489 * Returns 0 if access is OK, an error code otherwise
490 *
491 * Do the capability checks, and require PTRACE_MODE_ATTACH.
492 */
smack_ptrace_traceme(struct task_struct * ptp)493 static int smack_ptrace_traceme(struct task_struct *ptp)
494 {
495 struct smack_known *skp;
496
497 skp = smk_of_task(smack_cred(current_cred()));
498
499 return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
500 }
501
502 /**
503 * smack_syslog - Smack approval on syslog
504 * @typefrom_file: unused
505 *
506 * Returns 0 on success, error code otherwise.
507 */
smack_syslog(int typefrom_file)508 static int smack_syslog(int typefrom_file)
509 {
510 int rc = 0;
511 struct smack_known *skp = smk_of_current();
512
513 if (smack_privileged(CAP_MAC_OVERRIDE))
514 return 0;
515
516 if (smack_syslog_label != NULL && smack_syslog_label != skp)
517 rc = -EACCES;
518
519 return rc;
520 }
521
522 /*
523 * Superblock Hooks.
524 */
525
526 /**
527 * smack_sb_alloc_security - allocate a superblock blob
528 * @sb: the superblock getting the blob
529 *
530 * Returns 0 on success or -ENOMEM on error.
531 */
smack_sb_alloc_security(struct super_block * sb)532 static int smack_sb_alloc_security(struct super_block *sb)
533 {
534 struct superblock_smack *sbsp = smack_superblock(sb);
535
536 sbsp->smk_root = &smack_known_floor;
537 sbsp->smk_default = &smack_known_floor;
538 sbsp->smk_floor = &smack_known_floor;
539 sbsp->smk_hat = &smack_known_hat;
540 /*
541 * SMK_SB_INITIALIZED will be zero from kzalloc.
542 */
543
544 return 0;
545 }
546
547 struct smack_mnt_opts {
548 const char *fsdefault;
549 const char *fsfloor;
550 const char *fshat;
551 const char *fsroot;
552 const char *fstransmute;
553 };
554
smack_free_mnt_opts(void * mnt_opts)555 static void smack_free_mnt_opts(void *mnt_opts)
556 {
557 kfree(mnt_opts);
558 }
559
smack_add_opt(int token,const char * s,void ** mnt_opts)560 static int smack_add_opt(int token, const char *s, void **mnt_opts)
561 {
562 struct smack_mnt_opts *opts = *mnt_opts;
563 struct smack_known *skp;
564
565 if (!opts) {
566 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
567 if (!opts)
568 return -ENOMEM;
569 *mnt_opts = opts;
570 }
571 if (!s)
572 return -ENOMEM;
573
574 skp = smk_import_entry(s, 0);
575 if (IS_ERR(skp))
576 return PTR_ERR(skp);
577
578 switch (token) {
579 case Opt_fsdefault:
580 if (opts->fsdefault)
581 goto out_opt_err;
582 opts->fsdefault = skp->smk_known;
583 break;
584 case Opt_fsfloor:
585 if (opts->fsfloor)
586 goto out_opt_err;
587 opts->fsfloor = skp->smk_known;
588 break;
589 case Opt_fshat:
590 if (opts->fshat)
591 goto out_opt_err;
592 opts->fshat = skp->smk_known;
593 break;
594 case Opt_fsroot:
595 if (opts->fsroot)
596 goto out_opt_err;
597 opts->fsroot = skp->smk_known;
598 break;
599 case Opt_fstransmute:
600 if (opts->fstransmute)
601 goto out_opt_err;
602 opts->fstransmute = skp->smk_known;
603 break;
604 }
605 return 0;
606
607 out_opt_err:
608 pr_warn("Smack: duplicate mount options\n");
609 return -EINVAL;
610 }
611
612 /**
613 * smack_fs_context_submount - Initialise security data for a filesystem context
614 * @fc: The filesystem context.
615 * @reference: reference superblock
616 *
617 * Returns 0 on success or -ENOMEM on error.
618 */
smack_fs_context_submount(struct fs_context * fc,struct super_block * reference)619 static int smack_fs_context_submount(struct fs_context *fc,
620 struct super_block *reference)
621 {
622 struct superblock_smack *sbsp;
623 struct smack_mnt_opts *ctx;
624 struct inode_smack *isp;
625
626 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
627 if (!ctx)
628 return -ENOMEM;
629 fc->security = ctx;
630
631 sbsp = smack_superblock(reference);
632 isp = smack_inode(reference->s_root->d_inode);
633
634 if (sbsp->smk_default) {
635 ctx->fsdefault = kstrdup(sbsp->smk_default->smk_known, GFP_KERNEL);
636 if (!ctx->fsdefault)
637 return -ENOMEM;
638 }
639
640 if (sbsp->smk_floor) {
641 ctx->fsfloor = kstrdup(sbsp->smk_floor->smk_known, GFP_KERNEL);
642 if (!ctx->fsfloor)
643 return -ENOMEM;
644 }
645
646 if (sbsp->smk_hat) {
647 ctx->fshat = kstrdup(sbsp->smk_hat->smk_known, GFP_KERNEL);
648 if (!ctx->fshat)
649 return -ENOMEM;
650 }
651
652 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
653 if (sbsp->smk_root) {
654 ctx->fstransmute = kstrdup(sbsp->smk_root->smk_known, GFP_KERNEL);
655 if (!ctx->fstransmute)
656 return -ENOMEM;
657 }
658 }
659 return 0;
660 }
661
662 /**
663 * smack_fs_context_dup - Duplicate the security data on fs_context duplication
664 * @fc: The new filesystem context.
665 * @src_fc: The source filesystem context being duplicated.
666 *
667 * Returns 0 on success or -ENOMEM on error.
668 */
smack_fs_context_dup(struct fs_context * fc,struct fs_context * src_fc)669 static int smack_fs_context_dup(struct fs_context *fc,
670 struct fs_context *src_fc)
671 {
672 struct smack_mnt_opts *dst, *src = src_fc->security;
673
674 if (!src)
675 return 0;
676
677 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
678 if (!fc->security)
679 return -ENOMEM;
680
681 dst = fc->security;
682 dst->fsdefault = src->fsdefault;
683 dst->fsfloor = src->fsfloor;
684 dst->fshat = src->fshat;
685 dst->fsroot = src->fsroot;
686 dst->fstransmute = src->fstransmute;
687
688 return 0;
689 }
690
691 static const struct fs_parameter_spec smack_fs_parameters[] = {
692 fsparam_string("smackfsdef", Opt_fsdefault),
693 fsparam_string("smackfsdefault", Opt_fsdefault),
694 fsparam_string("smackfsfloor", Opt_fsfloor),
695 fsparam_string("smackfshat", Opt_fshat),
696 fsparam_string("smackfsroot", Opt_fsroot),
697 fsparam_string("smackfstransmute", Opt_fstransmute),
698 {}
699 };
700
701 /**
702 * smack_fs_context_parse_param - Parse a single mount parameter
703 * @fc: The new filesystem context being constructed.
704 * @param: The parameter.
705 *
706 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
707 * error.
708 */
smack_fs_context_parse_param(struct fs_context * fc,struct fs_parameter * param)709 static int smack_fs_context_parse_param(struct fs_context *fc,
710 struct fs_parameter *param)
711 {
712 struct fs_parse_result result;
713 int opt, rc;
714
715 opt = fs_parse(fc, smack_fs_parameters, param, &result);
716 if (opt < 0)
717 return opt;
718
719 rc = smack_add_opt(opt, param->string, &fc->security);
720 if (!rc)
721 param->string = NULL;
722 return rc;
723 }
724
smack_sb_eat_lsm_opts(char * options,void ** mnt_opts)725 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
726 {
727 char *from = options, *to = options;
728 bool first = true;
729
730 while (1) {
731 char *next = strchr(from, ',');
732 int token, len, rc;
733 char *arg = NULL;
734
735 if (next)
736 len = next - from;
737 else
738 len = strlen(from);
739
740 token = match_opt_prefix(from, len, &arg);
741 if (token != Opt_error) {
742 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
743 rc = smack_add_opt(token, arg, mnt_opts);
744 kfree(arg);
745 if (unlikely(rc)) {
746 if (*mnt_opts)
747 smack_free_mnt_opts(*mnt_opts);
748 *mnt_opts = NULL;
749 return rc;
750 }
751 } else {
752 if (!first) { // copy with preceding comma
753 from--;
754 len++;
755 }
756 if (to != from)
757 memmove(to, from, len);
758 to += len;
759 first = false;
760 }
761 if (!from[len])
762 break;
763 from += len + 1;
764 }
765 *to = '\0';
766 return 0;
767 }
768
769 /**
770 * smack_set_mnt_opts - set Smack specific mount options
771 * @sb: the file system superblock
772 * @mnt_opts: Smack mount options
773 * @kern_flags: mount option from kernel space or user space
774 * @set_kern_flags: where to store converted mount opts
775 *
776 * Returns 0 on success, an error code on failure
777 *
778 * Allow filesystems with binary mount data to explicitly set Smack mount
779 * labels.
780 */
smack_set_mnt_opts(struct super_block * sb,void * mnt_opts,unsigned long kern_flags,unsigned long * set_kern_flags)781 static int smack_set_mnt_opts(struct super_block *sb,
782 void *mnt_opts,
783 unsigned long kern_flags,
784 unsigned long *set_kern_flags)
785 {
786 struct dentry *root = sb->s_root;
787 struct inode *inode = d_backing_inode(root);
788 struct superblock_smack *sp = smack_superblock(sb);
789 struct inode_smack *isp;
790 struct smack_known *skp;
791 struct smack_mnt_opts *opts = mnt_opts;
792 bool transmute = false;
793
794 if (sp->smk_flags & SMK_SB_INITIALIZED)
795 return 0;
796
797 if (!smack_privileged(CAP_MAC_ADMIN)) {
798 /*
799 * Unprivileged mounts don't get to specify Smack values.
800 */
801 if (opts)
802 return -EPERM;
803 /*
804 * Unprivileged mounts get root and default from the caller.
805 */
806 skp = smk_of_current();
807 sp->smk_root = skp;
808 sp->smk_default = skp;
809 /*
810 * For a handful of fs types with no user-controlled
811 * backing store it's okay to trust security labels
812 * in the filesystem. The rest are untrusted.
813 */
814 if (sb->s_user_ns != &init_user_ns &&
815 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
816 sb->s_magic != RAMFS_MAGIC) {
817 transmute = true;
818 sp->smk_flags |= SMK_SB_UNTRUSTED;
819 }
820 }
821
822 sp->smk_flags |= SMK_SB_INITIALIZED;
823
824 if (opts) {
825 if (opts->fsdefault) {
826 skp = smk_import_entry(opts->fsdefault, 0);
827 if (IS_ERR(skp))
828 return PTR_ERR(skp);
829 sp->smk_default = skp;
830 }
831 if (opts->fsfloor) {
832 skp = smk_import_entry(opts->fsfloor, 0);
833 if (IS_ERR(skp))
834 return PTR_ERR(skp);
835 sp->smk_floor = skp;
836 }
837 if (opts->fshat) {
838 skp = smk_import_entry(opts->fshat, 0);
839 if (IS_ERR(skp))
840 return PTR_ERR(skp);
841 sp->smk_hat = skp;
842 }
843 if (opts->fsroot) {
844 skp = smk_import_entry(opts->fsroot, 0);
845 if (IS_ERR(skp))
846 return PTR_ERR(skp);
847 sp->smk_root = skp;
848 }
849 if (opts->fstransmute) {
850 skp = smk_import_entry(opts->fstransmute, 0);
851 if (IS_ERR(skp))
852 return PTR_ERR(skp);
853 sp->smk_root = skp;
854 transmute = true;
855 }
856 }
857
858 /*
859 * Initialize the root inode.
860 */
861 init_inode_smack(inode, sp->smk_root);
862
863 if (transmute) {
864 isp = smack_inode(inode);
865 isp->smk_flags |= SMK_INODE_TRANSMUTE;
866 }
867
868 return 0;
869 }
870
871 /**
872 * smack_sb_statfs - Smack check on statfs
873 * @dentry: identifies the file system in question
874 *
875 * Returns 0 if current can read the floor of the filesystem,
876 * and error code otherwise
877 */
smack_sb_statfs(struct dentry * dentry)878 static int smack_sb_statfs(struct dentry *dentry)
879 {
880 struct superblock_smack *sbp = smack_superblock(dentry->d_sb);
881 int rc;
882 struct smk_audit_info ad;
883
884 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
885 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
886
887 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
888 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
889 return rc;
890 }
891
892 /*
893 * BPRM hooks
894 */
895
896 /**
897 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec
898 * @bprm: the exec information
899 *
900 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
901 */
smack_bprm_creds_for_exec(struct linux_binprm * bprm)902 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)
903 {
904 struct inode *inode = file_inode(bprm->file);
905 struct task_smack *bsp = smack_cred(bprm->cred);
906 struct inode_smack *isp;
907 struct superblock_smack *sbsp;
908 int rc;
909
910 isp = smack_inode(inode);
911 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
912 return 0;
913
914 sbsp = smack_superblock(inode->i_sb);
915 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
916 isp->smk_task != sbsp->smk_root)
917 return 0;
918
919 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
920 struct task_struct *tracer;
921 rc = 0;
922
923 rcu_read_lock();
924 tracer = ptrace_parent(current);
925 if (likely(tracer != NULL))
926 rc = smk_ptrace_rule_check(tracer,
927 isp->smk_task,
928 PTRACE_MODE_ATTACH,
929 __func__);
930 rcu_read_unlock();
931
932 if (rc != 0)
933 return rc;
934 }
935 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
936 return -EPERM;
937
938 bsp->smk_task = isp->smk_task;
939 bprm->per_clear |= PER_CLEAR_ON_SETID;
940
941 /* Decide if this is a secure exec. */
942 if (bsp->smk_task != bsp->smk_forked)
943 bprm->secureexec = 1;
944
945 return 0;
946 }
947
948 /*
949 * Inode hooks
950 */
951
952 /**
953 * smack_inode_alloc_security - allocate an inode blob
954 * @inode: the inode in need of a blob
955 *
956 * Returns 0
957 */
smack_inode_alloc_security(struct inode * inode)958 static int smack_inode_alloc_security(struct inode *inode)
959 {
960 struct smack_known *skp = smk_of_current();
961
962 init_inode_smack(inode, skp);
963 return 0;
964 }
965
966 /**
967 * smack_inode_init_security - copy out the smack from an inode
968 * @inode: the newly created inode
969 * @dir: containing directory object
970 * @qstr: unused
971 * @xattrs: where to put the attributes
972 * @xattr_count: current number of LSM-provided xattrs (updated)
973 *
974 * Returns 0 if it all works out, -ENOMEM if there's no memory
975 */
smack_inode_init_security(struct inode * inode,struct inode * dir,const struct qstr * qstr,struct xattr * xattrs,int * xattr_count)976 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
977 const struct qstr *qstr,
978 struct xattr *xattrs, int *xattr_count)
979 {
980 struct task_smack *tsp = smack_cred(current_cred());
981 struct inode_smack *issp = smack_inode(inode);
982 struct smack_known *skp = smk_of_task(tsp);
983 struct smack_known *isp = smk_of_inode(inode);
984 struct smack_known *dsp = smk_of_inode(dir);
985 struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count);
986 int may;
987
988 /*
989 * If equal, transmuting already occurred in
990 * smack_dentry_create_files_as(). No need to check again.
991 */
992 if (tsp->smk_task != tsp->smk_transmuted) {
993 rcu_read_lock();
994 may = smk_access_entry(skp->smk_known, dsp->smk_known,
995 &skp->smk_rules);
996 rcu_read_unlock();
997 }
998
999 /*
1000 * In addition to having smk_task equal to smk_transmuted,
1001 * if the access rule allows transmutation and the directory
1002 * requests transmutation then by all means transmute.
1003 * Mark the inode as changed.
1004 */
1005 if ((tsp->smk_task == tsp->smk_transmuted) ||
1006 (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
1007 smk_inode_transmutable(dir))) {
1008 struct xattr *xattr_transmute;
1009
1010 /*
1011 * The caller of smack_dentry_create_files_as()
1012 * should have overridden the current cred, so the
1013 * inode label was already set correctly in
1014 * smack_inode_alloc_security().
1015 */
1016 if (tsp->smk_task != tsp->smk_transmuted)
1017 isp = issp->smk_inode = dsp;
1018
1019 issp->smk_flags |= SMK_INODE_TRANSMUTE;
1020 xattr_transmute = lsm_get_xattr_slot(xattrs,
1021 xattr_count);
1022 if (xattr_transmute) {
1023 xattr_transmute->value = kmemdup(TRANS_TRUE,
1024 TRANS_TRUE_SIZE,
1025 GFP_NOFS);
1026 if (!xattr_transmute->value)
1027 return -ENOMEM;
1028
1029 xattr_transmute->value_len = TRANS_TRUE_SIZE;
1030 xattr_transmute->name = XATTR_SMACK_TRANSMUTE;
1031 }
1032 }
1033
1034 issp->smk_flags |= SMK_INODE_INSTANT;
1035
1036 if (xattr) {
1037 xattr->value = kstrdup(isp->smk_known, GFP_NOFS);
1038 if (!xattr->value)
1039 return -ENOMEM;
1040
1041 xattr->value_len = strlen(isp->smk_known);
1042 xattr->name = XATTR_SMACK_SUFFIX;
1043 }
1044
1045 return 0;
1046 }
1047
1048 /**
1049 * smack_inode_link - Smack check on link
1050 * @old_dentry: the existing object
1051 * @dir: unused
1052 * @new_dentry: the new object
1053 *
1054 * Returns 0 if access is permitted, an error code otherwise
1055 */
smack_inode_link(struct dentry * old_dentry,struct inode * dir,struct dentry * new_dentry)1056 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1057 struct dentry *new_dentry)
1058 {
1059 struct smack_known *isp;
1060 struct smk_audit_info ad;
1061 int rc;
1062
1063 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1064 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1065
1066 isp = smk_of_inode(d_backing_inode(old_dentry));
1067 rc = smk_curacc(isp, MAY_WRITE, &ad);
1068 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1069
1070 if (rc == 0 && d_is_positive(new_dentry)) {
1071 isp = smk_of_inode(d_backing_inode(new_dentry));
1072 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1073 rc = smk_curacc(isp, MAY_WRITE, &ad);
1074 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1075 }
1076
1077 return rc;
1078 }
1079
1080 /**
1081 * smack_inode_unlink - Smack check on inode deletion
1082 * @dir: containing directory object
1083 * @dentry: file to unlink
1084 *
1085 * Returns 0 if current can write the containing directory
1086 * and the object, error code otherwise
1087 */
smack_inode_unlink(struct inode * dir,struct dentry * dentry)1088 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1089 {
1090 struct inode *ip = d_backing_inode(dentry);
1091 struct smk_audit_info ad;
1092 int rc;
1093
1094 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1095 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1096
1097 /*
1098 * You need write access to the thing you're unlinking
1099 */
1100 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1101 rc = smk_bu_inode(ip, MAY_WRITE, rc);
1102 if (rc == 0) {
1103 /*
1104 * You also need write access to the containing directory
1105 */
1106 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1107 smk_ad_setfield_u_fs_inode(&ad, dir);
1108 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1109 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1110 }
1111 return rc;
1112 }
1113
1114 /**
1115 * smack_inode_rmdir - Smack check on directory deletion
1116 * @dir: containing directory object
1117 * @dentry: directory to unlink
1118 *
1119 * Returns 0 if current can write the containing directory
1120 * and the directory, error code otherwise
1121 */
smack_inode_rmdir(struct inode * dir,struct dentry * dentry)1122 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1123 {
1124 struct smk_audit_info ad;
1125 int rc;
1126
1127 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1128 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1129
1130 /*
1131 * You need write access to the thing you're removing
1132 */
1133 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1134 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1135 if (rc == 0) {
1136 /*
1137 * You also need write access to the containing directory
1138 */
1139 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1140 smk_ad_setfield_u_fs_inode(&ad, dir);
1141 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1142 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1143 }
1144
1145 return rc;
1146 }
1147
1148 /**
1149 * smack_inode_rename - Smack check on rename
1150 * @old_inode: unused
1151 * @old_dentry: the old object
1152 * @new_inode: unused
1153 * @new_dentry: the new object
1154 *
1155 * Read and write access is required on both the old and
1156 * new directories.
1157 *
1158 * Returns 0 if access is permitted, an error code otherwise
1159 */
smack_inode_rename(struct inode * old_inode,struct dentry * old_dentry,struct inode * new_inode,struct dentry * new_dentry)1160 static int smack_inode_rename(struct inode *old_inode,
1161 struct dentry *old_dentry,
1162 struct inode *new_inode,
1163 struct dentry *new_dentry)
1164 {
1165 int rc;
1166 struct smack_known *isp;
1167 struct smk_audit_info ad;
1168
1169 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1170 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1171
1172 isp = smk_of_inode(d_backing_inode(old_dentry));
1173 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1174 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1175
1176 if (rc == 0 && d_is_positive(new_dentry)) {
1177 isp = smk_of_inode(d_backing_inode(new_dentry));
1178 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1179 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1180 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1181 }
1182 return rc;
1183 }
1184
1185 /**
1186 * smack_inode_permission - Smack version of permission()
1187 * @inode: the inode in question
1188 * @mask: the access requested
1189 *
1190 * This is the important Smack hook.
1191 *
1192 * Returns 0 if access is permitted, an error code otherwise
1193 */
smack_inode_permission(struct inode * inode,int mask)1194 static int smack_inode_permission(struct inode *inode, int mask)
1195 {
1196 struct superblock_smack *sbsp = smack_superblock(inode->i_sb);
1197 struct smk_audit_info ad;
1198 int no_block = mask & MAY_NOT_BLOCK;
1199 int rc;
1200
1201 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1202 /*
1203 * No permission to check. Existence test. Yup, it's there.
1204 */
1205 if (mask == 0)
1206 return 0;
1207
1208 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1209 if (smk_of_inode(inode) != sbsp->smk_root)
1210 return -EACCES;
1211 }
1212
1213 /* May be droppable after audit */
1214 if (no_block)
1215 return -ECHILD;
1216 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1217 smk_ad_setfield_u_fs_inode(&ad, inode);
1218 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1219 rc = smk_bu_inode(inode, mask, rc);
1220 return rc;
1221 }
1222
1223 /**
1224 * smack_inode_setattr - Smack check for setting attributes
1225 * @idmap: idmap of the mount
1226 * @dentry: the object
1227 * @iattr: for the force flag
1228 *
1229 * Returns 0 if access is permitted, an error code otherwise
1230 */
smack_inode_setattr(struct mnt_idmap * idmap,struct dentry * dentry,struct iattr * iattr)1231 static int smack_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
1232 struct iattr *iattr)
1233 {
1234 struct smk_audit_info ad;
1235 int rc;
1236
1237 /*
1238 * Need to allow for clearing the setuid bit.
1239 */
1240 if (iattr->ia_valid & ATTR_FORCE)
1241 return 0;
1242 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1243 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1244
1245 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1246 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1247 return rc;
1248 }
1249
1250 /**
1251 * smack_inode_getattr - Smack check for getting attributes
1252 * @path: path to extract the info from
1253 *
1254 * Returns 0 if access is permitted, an error code otherwise
1255 */
smack_inode_getattr(const struct path * path)1256 static int smack_inode_getattr(const struct path *path)
1257 {
1258 struct smk_audit_info ad;
1259 struct inode *inode = d_backing_inode(path->dentry);
1260 int rc;
1261
1262 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1263 smk_ad_setfield_u_fs_path(&ad, *path);
1264 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1265 rc = smk_bu_inode(inode, MAY_READ, rc);
1266 return rc;
1267 }
1268
1269 /**
1270 * smack_inode_xattr_skipcap - Skip the xattr capability checks?
1271 * @name: name of the xattr
1272 *
1273 * Returns 1 to indicate that Smack "owns" the access control rights to xattrs
1274 * named @name; the LSM layer should avoid enforcing any traditional
1275 * capability based access controls on this xattr. Returns 0 to indicate that
1276 * Smack does not "own" the access control rights to xattrs named @name and is
1277 * deferring to the LSM layer for further access controls, including capability
1278 * based controls.
1279 */
smack_inode_xattr_skipcap(const char * name)1280 static int smack_inode_xattr_skipcap(const char *name)
1281 {
1282 if (strncmp(name, XATTR_SMACK_SUFFIX, strlen(XATTR_SMACK_SUFFIX)))
1283 return 0;
1284
1285 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1286 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1287 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1288 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1289 strcmp(name, XATTR_NAME_SMACKMMAP) == 0 ||
1290 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1291 return 1;
1292
1293 return 0;
1294 }
1295
1296 /**
1297 * smack_inode_setxattr - Smack check for setting xattrs
1298 * @idmap: idmap of the mount
1299 * @dentry: the object
1300 * @name: name of the attribute
1301 * @value: value of the attribute
1302 * @size: size of the value
1303 * @flags: unused
1304 *
1305 * This protects the Smack attribute explicitly.
1306 *
1307 * Returns 0 if access is permitted, an error code otherwise
1308 */
smack_inode_setxattr(struct mnt_idmap * idmap,struct dentry * dentry,const char * name,const void * value,size_t size,int flags)1309 static int smack_inode_setxattr(struct mnt_idmap *idmap,
1310 struct dentry *dentry, const char *name,
1311 const void *value, size_t size, int flags)
1312 {
1313 struct smk_audit_info ad;
1314 struct smack_known *skp;
1315 int check_priv = 0;
1316 int check_import = 0;
1317 int check_star = 0;
1318 int rc = 0;
1319
1320 /*
1321 * Check label validity here so import won't fail in post_setxattr
1322 */
1323 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1324 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1325 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1326 check_priv = 1;
1327 check_import = 1;
1328 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1329 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1330 check_priv = 1;
1331 check_import = 1;
1332 check_star = 1;
1333 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1334 check_priv = 1;
1335 if (!S_ISDIR(d_backing_inode(dentry)->i_mode) ||
1336 size != TRANS_TRUE_SIZE ||
1337 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1338 rc = -EINVAL;
1339 }
1340
1341 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1342 rc = -EPERM;
1343
1344 if (rc == 0 && check_import) {
1345 skp = size ? smk_import_entry(value, size) : NULL;
1346 if (IS_ERR(skp))
1347 rc = PTR_ERR(skp);
1348 else if (skp == NULL || (check_star &&
1349 (skp == &smack_known_star || skp == &smack_known_web)))
1350 rc = -EINVAL;
1351 }
1352
1353 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1354 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1355
1356 if (rc == 0) {
1357 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1358 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1359 }
1360
1361 return rc;
1362 }
1363
1364 /**
1365 * smack_inode_post_setxattr - Apply the Smack update approved above
1366 * @dentry: object
1367 * @name: attribute name
1368 * @value: attribute value
1369 * @size: attribute size
1370 * @flags: unused
1371 *
1372 * Set the pointer in the inode blob to the entry found
1373 * in the master label list.
1374 */
smack_inode_post_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)1375 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1376 const void *value, size_t size, int flags)
1377 {
1378 struct smack_known *skp;
1379 struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
1380
1381 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1382 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1383 return;
1384 }
1385
1386 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1387 skp = smk_import_entry(value, size);
1388 if (!IS_ERR(skp))
1389 isp->smk_inode = skp;
1390 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1391 skp = smk_import_entry(value, size);
1392 if (!IS_ERR(skp))
1393 isp->smk_task = skp;
1394 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1395 skp = smk_import_entry(value, size);
1396 if (!IS_ERR(skp))
1397 isp->smk_mmap = skp;
1398 }
1399
1400 return;
1401 }
1402
1403 /**
1404 * smack_inode_getxattr - Smack check on getxattr
1405 * @dentry: the object
1406 * @name: unused
1407 *
1408 * Returns 0 if access is permitted, an error code otherwise
1409 */
smack_inode_getxattr(struct dentry * dentry,const char * name)1410 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1411 {
1412 struct smk_audit_info ad;
1413 int rc;
1414
1415 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1416 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1417
1418 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1419 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1420 return rc;
1421 }
1422
1423 /**
1424 * smack_inode_removexattr - Smack check on removexattr
1425 * @idmap: idmap of the mount
1426 * @dentry: the object
1427 * @name: name of the attribute
1428 *
1429 * Removing the Smack attribute requires CAP_MAC_ADMIN
1430 *
1431 * Returns 0 if access is permitted, an error code otherwise
1432 */
smack_inode_removexattr(struct mnt_idmap * idmap,struct dentry * dentry,const char * name)1433 static int smack_inode_removexattr(struct mnt_idmap *idmap,
1434 struct dentry *dentry, const char *name)
1435 {
1436 struct inode_smack *isp;
1437 struct smk_audit_info ad;
1438 int rc = 0;
1439
1440 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1441 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1442 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1443 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1444 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1445 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1446 if (!smack_privileged(CAP_MAC_ADMIN))
1447 rc = -EPERM;
1448 }
1449
1450 if (rc != 0)
1451 return rc;
1452
1453 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1454 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1455
1456 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1457 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1458 if (rc != 0)
1459 return rc;
1460
1461 isp = smack_inode(d_backing_inode(dentry));
1462 /*
1463 * Don't do anything special for these.
1464 * XATTR_NAME_SMACKIPIN
1465 * XATTR_NAME_SMACKIPOUT
1466 */
1467 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1468 struct super_block *sbp = dentry->d_sb;
1469 struct superblock_smack *sbsp = smack_superblock(sbp);
1470
1471 isp->smk_inode = sbsp->smk_default;
1472 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1473 isp->smk_task = NULL;
1474 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1475 isp->smk_mmap = NULL;
1476 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1477 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1478
1479 return 0;
1480 }
1481
1482 /**
1483 * smack_inode_set_acl - Smack check for setting posix acls
1484 * @idmap: idmap of the mnt this request came from
1485 * @dentry: the object
1486 * @acl_name: name of the posix acl
1487 * @kacl: the posix acls
1488 *
1489 * Returns 0 if access is permitted, an error code otherwise
1490 */
smack_inode_set_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name,struct posix_acl * kacl)1491 static int smack_inode_set_acl(struct mnt_idmap *idmap,
1492 struct dentry *dentry, const char *acl_name,
1493 struct posix_acl *kacl)
1494 {
1495 struct smk_audit_info ad;
1496 int rc;
1497
1498 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1499 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1500
1501 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1502 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1503 return rc;
1504 }
1505
1506 /**
1507 * smack_inode_get_acl - Smack check for getting posix acls
1508 * @idmap: idmap of the mnt this request came from
1509 * @dentry: the object
1510 * @acl_name: name of the posix acl
1511 *
1512 * Returns 0 if access is permitted, an error code otherwise
1513 */
smack_inode_get_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)1514 static int smack_inode_get_acl(struct mnt_idmap *idmap,
1515 struct dentry *dentry, const char *acl_name)
1516 {
1517 struct smk_audit_info ad;
1518 int rc;
1519
1520 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1521 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1522
1523 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1524 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1525 return rc;
1526 }
1527
1528 /**
1529 * smack_inode_remove_acl - Smack check for getting posix acls
1530 * @idmap: idmap of the mnt this request came from
1531 * @dentry: the object
1532 * @acl_name: name of the posix acl
1533 *
1534 * Returns 0 if access is permitted, an error code otherwise
1535 */
smack_inode_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)1536 static int smack_inode_remove_acl(struct mnt_idmap *idmap,
1537 struct dentry *dentry, const char *acl_name)
1538 {
1539 struct smk_audit_info ad;
1540 int rc;
1541
1542 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1543 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1544
1545 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1546 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1547 return rc;
1548 }
1549
1550 /**
1551 * smack_inode_getsecurity - get smack xattrs
1552 * @idmap: idmap of the mount
1553 * @inode: the object
1554 * @name: attribute name
1555 * @buffer: where to put the result
1556 * @alloc: duplicate memory
1557 *
1558 * Returns the size of the attribute or an error code
1559 */
smack_inode_getsecurity(struct mnt_idmap * idmap,struct inode * inode,const char * name,void ** buffer,bool alloc)1560 static int smack_inode_getsecurity(struct mnt_idmap *idmap,
1561 struct inode *inode, const char *name,
1562 void **buffer, bool alloc)
1563 {
1564 struct socket_smack *ssp;
1565 struct socket *sock;
1566 struct super_block *sbp;
1567 struct inode *ip = inode;
1568 struct smack_known *isp;
1569 struct inode_smack *ispp;
1570 size_t label_len;
1571 char *label = NULL;
1572
1573 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1574 isp = smk_of_inode(inode);
1575 } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
1576 ispp = smack_inode(inode);
1577 if (ispp->smk_flags & SMK_INODE_TRANSMUTE)
1578 label = TRANS_TRUE;
1579 else
1580 label = "";
1581 } else {
1582 /*
1583 * The rest of the Smack xattrs are only on sockets.
1584 */
1585 sbp = ip->i_sb;
1586 if (sbp->s_magic != SOCKFS_MAGIC)
1587 return -EOPNOTSUPP;
1588
1589 sock = SOCKET_I(ip);
1590 if (sock == NULL || sock->sk == NULL)
1591 return -EOPNOTSUPP;
1592
1593 ssp = smack_sock(sock->sk);
1594
1595 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1596 isp = ssp->smk_in;
1597 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1598 isp = ssp->smk_out;
1599 else
1600 return -EOPNOTSUPP;
1601 }
1602
1603 if (!label)
1604 label = isp->smk_known;
1605
1606 label_len = strlen(label);
1607
1608 if (alloc) {
1609 *buffer = kstrdup(label, GFP_KERNEL);
1610 if (*buffer == NULL)
1611 return -ENOMEM;
1612 }
1613
1614 return label_len;
1615 }
1616
1617
1618 /**
1619 * smack_inode_listsecurity - list the Smack attributes
1620 * @inode: the object
1621 * @buffer: where they go
1622 * @buffer_size: size of buffer
1623 */
smack_inode_listsecurity(struct inode * inode,char * buffer,size_t buffer_size)1624 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1625 size_t buffer_size)
1626 {
1627 int len = sizeof(XATTR_NAME_SMACK);
1628
1629 if (buffer != NULL && len <= buffer_size)
1630 memcpy(buffer, XATTR_NAME_SMACK, len);
1631
1632 return len;
1633 }
1634
1635 /**
1636 * smack_inode_getlsmprop - Extract inode's security id
1637 * @inode: inode to extract the info from
1638 * @prop: where result will be saved
1639 */
smack_inode_getlsmprop(struct inode * inode,struct lsm_prop * prop)1640 static void smack_inode_getlsmprop(struct inode *inode, struct lsm_prop *prop)
1641 {
1642 prop->smack.skp = smk_of_inode(inode);
1643 }
1644
1645 /*
1646 * File Hooks
1647 */
1648
1649 /*
1650 * There is no smack_file_permission hook
1651 *
1652 * Should access checks be done on each read or write?
1653 * UNICOS and SELinux say yes.
1654 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1655 *
1656 * I'll say no for now. Smack does not do the frequent
1657 * label changing that SELinux does.
1658 */
1659
1660 /**
1661 * smack_file_alloc_security - assign a file security blob
1662 * @file: the object
1663 *
1664 * The security blob for a file is a pointer to the master
1665 * label list, so no allocation is done.
1666 *
1667 * f_security is the owner security information. It
1668 * isn't used on file access checks, it's for send_sigio.
1669 *
1670 * Returns 0
1671 */
smack_file_alloc_security(struct file * file)1672 static int smack_file_alloc_security(struct file *file)
1673 {
1674 struct smack_known **blob = smack_file(file);
1675
1676 *blob = smk_of_current();
1677 return 0;
1678 }
1679
1680 /**
1681 * smack_file_ioctl - Smack check on ioctls
1682 * @file: the object
1683 * @cmd: what to do
1684 * @arg: unused
1685 *
1686 * Relies heavily on the correct use of the ioctl command conventions.
1687 *
1688 * Returns 0 if allowed, error code otherwise
1689 */
smack_file_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1690 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1691 unsigned long arg)
1692 {
1693 int rc = 0;
1694 struct smk_audit_info ad;
1695 struct inode *inode = file_inode(file);
1696
1697 if (unlikely(IS_PRIVATE(inode)))
1698 return 0;
1699
1700 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1701 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1702
1703 if (_IOC_DIR(cmd) & _IOC_WRITE) {
1704 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1705 rc = smk_bu_file(file, MAY_WRITE, rc);
1706 }
1707
1708 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1709 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1710 rc = smk_bu_file(file, MAY_READ, rc);
1711 }
1712
1713 return rc;
1714 }
1715
1716 /**
1717 * smack_file_lock - Smack check on file locking
1718 * @file: the object
1719 * @cmd: unused
1720 *
1721 * Returns 0 if current has lock access, error code otherwise
1722 */
smack_file_lock(struct file * file,unsigned int cmd)1723 static int smack_file_lock(struct file *file, unsigned int cmd)
1724 {
1725 struct smk_audit_info ad;
1726 int rc;
1727 struct inode *inode = file_inode(file);
1728
1729 if (unlikely(IS_PRIVATE(inode)))
1730 return 0;
1731
1732 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1733 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1734 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1735 rc = smk_bu_file(file, MAY_LOCK, rc);
1736 return rc;
1737 }
1738
1739 /**
1740 * smack_file_fcntl - Smack check on fcntl
1741 * @file: the object
1742 * @cmd: what action to check
1743 * @arg: unused
1744 *
1745 * Generally these operations are harmless.
1746 * File locking operations present an obvious mechanism
1747 * for passing information, so they require write access.
1748 *
1749 * Returns 0 if current has access, error code otherwise
1750 */
smack_file_fcntl(struct file * file,unsigned int cmd,unsigned long arg)1751 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1752 unsigned long arg)
1753 {
1754 struct smk_audit_info ad;
1755 int rc = 0;
1756 struct inode *inode = file_inode(file);
1757
1758 if (unlikely(IS_PRIVATE(inode)))
1759 return 0;
1760
1761 switch (cmd) {
1762 case F_GETLK:
1763 break;
1764 case F_SETLK:
1765 case F_SETLKW:
1766 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1767 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1768 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1769 rc = smk_bu_file(file, MAY_LOCK, rc);
1770 break;
1771 case F_SETOWN:
1772 case F_SETSIG:
1773 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1774 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1775 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1776 rc = smk_bu_file(file, MAY_WRITE, rc);
1777 break;
1778 default:
1779 break;
1780 }
1781
1782 return rc;
1783 }
1784
1785 /**
1786 * smack_mmap_file - Check permissions for a mmap operation.
1787 * @file: contains the file structure for file to map (may be NULL).
1788 * @reqprot: contains the protection requested by the application.
1789 * @prot: contains the protection that will be applied by the kernel.
1790 * @flags: contains the operational flags.
1791 *
1792 * The @file may be NULL, e.g. if mapping anonymous memory.
1793 *
1794 * Return 0 if permission is granted.
1795 */
smack_mmap_file(struct file * file,unsigned long reqprot,unsigned long prot,unsigned long flags)1796 static int smack_mmap_file(struct file *file,
1797 unsigned long reqprot, unsigned long prot,
1798 unsigned long flags)
1799 {
1800 struct smack_known *skp;
1801 struct smack_known *mkp;
1802 struct smack_rule *srp;
1803 struct task_smack *tsp;
1804 struct smack_known *okp;
1805 struct inode_smack *isp;
1806 struct superblock_smack *sbsp;
1807 int may;
1808 int mmay;
1809 int tmay;
1810 int rc;
1811
1812 if (file == NULL)
1813 return 0;
1814
1815 if (unlikely(IS_PRIVATE(file_inode(file))))
1816 return 0;
1817
1818 isp = smack_inode(file_inode(file));
1819 if (isp->smk_mmap == NULL)
1820 return 0;
1821 sbsp = smack_superblock(file_inode(file)->i_sb);
1822 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1823 isp->smk_mmap != sbsp->smk_root)
1824 return -EACCES;
1825 mkp = isp->smk_mmap;
1826
1827 tsp = smack_cred(current_cred());
1828 skp = smk_of_current();
1829 rc = 0;
1830
1831 rcu_read_lock();
1832 /*
1833 * For each Smack rule associated with the subject
1834 * label verify that the SMACK64MMAP also has access
1835 * to that rule's object label.
1836 */
1837 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1838 okp = srp->smk_object;
1839 /*
1840 * Matching labels always allows access.
1841 */
1842 if (mkp->smk_known == okp->smk_known)
1843 continue;
1844 /*
1845 * If there is a matching local rule take
1846 * that into account as well.
1847 */
1848 may = smk_access_entry(srp->smk_subject->smk_known,
1849 okp->smk_known,
1850 &tsp->smk_rules);
1851 if (may == -ENOENT)
1852 may = srp->smk_access;
1853 else
1854 may &= srp->smk_access;
1855 /*
1856 * If may is zero the SMACK64MMAP subject can't
1857 * possibly have less access.
1858 */
1859 if (may == 0)
1860 continue;
1861
1862 /*
1863 * Fetch the global list entry.
1864 * If there isn't one a SMACK64MMAP subject
1865 * can't have as much access as current.
1866 */
1867 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1868 &mkp->smk_rules);
1869 if (mmay == -ENOENT) {
1870 rc = -EACCES;
1871 break;
1872 }
1873 /*
1874 * If there is a local entry it modifies the
1875 * potential access, too.
1876 */
1877 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1878 &tsp->smk_rules);
1879 if (tmay != -ENOENT)
1880 mmay &= tmay;
1881
1882 /*
1883 * If there is any access available to current that is
1884 * not available to a SMACK64MMAP subject
1885 * deny access.
1886 */
1887 if ((may | mmay) != mmay) {
1888 rc = -EACCES;
1889 break;
1890 }
1891 }
1892
1893 rcu_read_unlock();
1894
1895 return rc;
1896 }
1897
1898 /**
1899 * smack_file_set_fowner - set the file security blob value
1900 * @file: object in question
1901 *
1902 */
smack_file_set_fowner(struct file * file)1903 static void smack_file_set_fowner(struct file *file)
1904 {
1905 struct smack_known **blob = smack_file(file);
1906
1907 *blob = smk_of_current();
1908 }
1909
1910 /**
1911 * smack_file_send_sigiotask - Smack on sigio
1912 * @tsk: The target task
1913 * @fown: the object the signal come from
1914 * @signum: unused
1915 *
1916 * Allow a privileged task to get signals even if it shouldn't
1917 *
1918 * Returns 0 if a subject with the object's smack could
1919 * write to the task, an error code otherwise.
1920 */
smack_file_send_sigiotask(struct task_struct * tsk,struct fown_struct * fown,int signum)1921 static int smack_file_send_sigiotask(struct task_struct *tsk,
1922 struct fown_struct *fown, int signum)
1923 {
1924 struct smack_known **blob;
1925 struct smack_known *skp;
1926 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
1927 const struct cred *tcred;
1928 struct file *file;
1929 int rc;
1930 struct smk_audit_info ad;
1931
1932 /*
1933 * struct fown_struct is never outside the context of a struct file
1934 */
1935 file = fown->file;
1936
1937 /* we don't log here as rc can be overriden */
1938 blob = smack_file(file);
1939 skp = *blob;
1940 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1941 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1942
1943 rcu_read_lock();
1944 tcred = __task_cred(tsk);
1945 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
1946 rc = 0;
1947 rcu_read_unlock();
1948
1949 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1950 smk_ad_setfield_u_tsk(&ad, tsk);
1951 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1952 return rc;
1953 }
1954
1955 /**
1956 * smack_file_receive - Smack file receive check
1957 * @file: the object
1958 *
1959 * Returns 0 if current has access, error code otherwise
1960 */
smack_file_receive(struct file * file)1961 static int smack_file_receive(struct file *file)
1962 {
1963 int rc;
1964 int may = 0;
1965 struct smk_audit_info ad;
1966 struct inode *inode = file_inode(file);
1967 struct socket *sock;
1968 struct task_smack *tsp;
1969 struct socket_smack *ssp;
1970
1971 if (unlikely(IS_PRIVATE(inode)))
1972 return 0;
1973
1974 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1975 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1976
1977 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1978 sock = SOCKET_I(inode);
1979 ssp = smack_sock(sock->sk);
1980 tsp = smack_cred(current_cred());
1981 /*
1982 * If the receiving process can't write to the
1983 * passed socket or if the passed socket can't
1984 * write to the receiving process don't accept
1985 * the passed socket.
1986 */
1987 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1988 rc = smk_bu_file(file, may, rc);
1989 if (rc < 0)
1990 return rc;
1991 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1992 rc = smk_bu_file(file, may, rc);
1993 return rc;
1994 }
1995 /*
1996 * This code relies on bitmasks.
1997 */
1998 if (file->f_mode & FMODE_READ)
1999 may = MAY_READ;
2000 if (file->f_mode & FMODE_WRITE)
2001 may |= MAY_WRITE;
2002
2003 rc = smk_curacc(smk_of_inode(inode), may, &ad);
2004 rc = smk_bu_file(file, may, rc);
2005 return rc;
2006 }
2007
2008 /**
2009 * smack_file_open - Smack dentry open processing
2010 * @file: the object
2011 *
2012 * Set the security blob in the file structure.
2013 * Allow the open only if the task has read access. There are
2014 * many read operations (e.g. fstat) that you can do with an
2015 * fd even if you have the file open write-only.
2016 *
2017 * Returns 0 if current has access, error code otherwise
2018 */
smack_file_open(struct file * file)2019 static int smack_file_open(struct file *file)
2020 {
2021 struct task_smack *tsp = smack_cred(file->f_cred);
2022 struct inode *inode = file_inode(file);
2023 struct smk_audit_info ad;
2024 int rc;
2025
2026 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
2027 smk_ad_setfield_u_fs_path(&ad, file->f_path);
2028 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
2029 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
2030
2031 return rc;
2032 }
2033
2034 /*
2035 * Task hooks
2036 */
2037
2038 /**
2039 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
2040 * @cred: the new credentials
2041 * @gfp: the atomicity of any memory allocations
2042 *
2043 * Prepare a blank set of credentials for modification. This must allocate all
2044 * the memory the LSM module might require such that cred_transfer() can
2045 * complete without error.
2046 */
smack_cred_alloc_blank(struct cred * cred,gfp_t gfp)2047 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2048 {
2049 init_task_smack(smack_cred(cred), NULL, NULL);
2050 return 0;
2051 }
2052
2053
2054 /**
2055 * smack_cred_free - "free" task-level security credentials
2056 * @cred: the credentials in question
2057 *
2058 */
smack_cred_free(struct cred * cred)2059 static void smack_cred_free(struct cred *cred)
2060 {
2061 struct task_smack *tsp = smack_cred(cred);
2062 struct smack_rule *rp;
2063 struct list_head *l;
2064 struct list_head *n;
2065
2066 smk_destroy_label_list(&tsp->smk_relabel);
2067
2068 list_for_each_safe(l, n, &tsp->smk_rules) {
2069 rp = list_entry(l, struct smack_rule, list);
2070 list_del(&rp->list);
2071 kmem_cache_free(smack_rule_cache, rp);
2072 }
2073 }
2074
2075 /**
2076 * smack_cred_prepare - prepare new set of credentials for modification
2077 * @new: the new credentials
2078 * @old: the original credentials
2079 * @gfp: the atomicity of any memory allocations
2080 *
2081 * Prepare a new set of credentials for modification.
2082 */
smack_cred_prepare(struct cred * new,const struct cred * old,gfp_t gfp)2083 static int smack_cred_prepare(struct cred *new, const struct cred *old,
2084 gfp_t gfp)
2085 {
2086 struct task_smack *old_tsp = smack_cred(old);
2087 struct task_smack *new_tsp = smack_cred(new);
2088 int rc;
2089
2090 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
2091
2092 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2093 if (rc != 0)
2094 return rc;
2095
2096 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2097 gfp);
2098 return rc;
2099 }
2100
2101 /**
2102 * smack_cred_transfer - Transfer the old credentials to the new credentials
2103 * @new: the new credentials
2104 * @old: the original credentials
2105 *
2106 * Fill in a set of blank credentials from another set of credentials.
2107 */
smack_cred_transfer(struct cred * new,const struct cred * old)2108 static void smack_cred_transfer(struct cred *new, const struct cred *old)
2109 {
2110 struct task_smack *old_tsp = smack_cred(old);
2111 struct task_smack *new_tsp = smack_cred(new);
2112
2113 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
2114 }
2115
2116 /**
2117 * smack_cred_getsecid - get the secid corresponding to a creds structure
2118 * @cred: the object creds
2119 * @secid: where to put the result
2120 *
2121 * Sets the secid to contain a u32 version of the smack label.
2122 */
smack_cred_getsecid(const struct cred * cred,u32 * secid)2123 static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
2124 {
2125 struct smack_known *skp;
2126
2127 rcu_read_lock();
2128 skp = smk_of_task(smack_cred(cred));
2129 *secid = skp->smk_secid;
2130 rcu_read_unlock();
2131 }
2132
2133 /**
2134 * smack_cred_getlsmprop - get the Smack label for a creds structure
2135 * @cred: the object creds
2136 * @prop: where to put the data
2137 *
2138 * Sets the Smack part of the ref
2139 */
smack_cred_getlsmprop(const struct cred * cred,struct lsm_prop * prop)2140 static void smack_cred_getlsmprop(const struct cred *cred,
2141 struct lsm_prop *prop)
2142 {
2143 rcu_read_lock();
2144 prop->smack.skp = smk_of_task(smack_cred(cred));
2145 rcu_read_unlock();
2146 }
2147
2148 /**
2149 * smack_kernel_act_as - Set the subjective context in a set of credentials
2150 * @new: points to the set of credentials to be modified.
2151 * @secid: specifies the security ID to be set
2152 *
2153 * Set the security data for a kernel service.
2154 */
smack_kernel_act_as(struct cred * new,u32 secid)2155 static int smack_kernel_act_as(struct cred *new, u32 secid)
2156 {
2157 struct task_smack *new_tsp = smack_cred(new);
2158
2159 new_tsp->smk_task = smack_from_secid(secid);
2160 return 0;
2161 }
2162
2163 /**
2164 * smack_kernel_create_files_as - Set the file creation label in a set of creds
2165 * @new: points to the set of credentials to be modified
2166 * @inode: points to the inode to use as a reference
2167 *
2168 * Set the file creation context in a set of credentials to the same
2169 * as the objective context of the specified inode
2170 */
smack_kernel_create_files_as(struct cred * new,struct inode * inode)2171 static int smack_kernel_create_files_as(struct cred *new,
2172 struct inode *inode)
2173 {
2174 struct inode_smack *isp = smack_inode(inode);
2175 struct task_smack *tsp = smack_cred(new);
2176
2177 tsp->smk_forked = isp->smk_inode;
2178 tsp->smk_task = tsp->smk_forked;
2179 return 0;
2180 }
2181
2182 /**
2183 * smk_curacc_on_task - helper to log task related access
2184 * @p: the task object
2185 * @access: the access requested
2186 * @caller: name of the calling function for audit
2187 *
2188 * Return 0 if access is permitted
2189 */
smk_curacc_on_task(struct task_struct * p,int access,const char * caller)2190 static int smk_curacc_on_task(struct task_struct *p, int access,
2191 const char *caller)
2192 {
2193 struct smk_audit_info ad;
2194 struct smack_known *skp = smk_of_task_struct_obj(p);
2195 int rc;
2196
2197 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2198 smk_ad_setfield_u_tsk(&ad, p);
2199 rc = smk_curacc(skp, access, &ad);
2200 rc = smk_bu_task(p, access, rc);
2201 return rc;
2202 }
2203
2204 /**
2205 * smack_task_setpgid - Smack check on setting pgid
2206 * @p: the task object
2207 * @pgid: unused
2208 *
2209 * Return 0 if write access is permitted
2210 */
smack_task_setpgid(struct task_struct * p,pid_t pgid)2211 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2212 {
2213 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2214 }
2215
2216 /**
2217 * smack_task_getpgid - Smack access check for getpgid
2218 * @p: the object task
2219 *
2220 * Returns 0 if current can read the object task, error code otherwise
2221 */
smack_task_getpgid(struct task_struct * p)2222 static int smack_task_getpgid(struct task_struct *p)
2223 {
2224 return smk_curacc_on_task(p, MAY_READ, __func__);
2225 }
2226
2227 /**
2228 * smack_task_getsid - Smack access check for getsid
2229 * @p: the object task
2230 *
2231 * Returns 0 if current can read the object task, error code otherwise
2232 */
smack_task_getsid(struct task_struct * p)2233 static int smack_task_getsid(struct task_struct *p)
2234 {
2235 return smk_curacc_on_task(p, MAY_READ, __func__);
2236 }
2237
2238 /**
2239 * smack_current_getlsmprop_subj - get the subjective secid of the current task
2240 * @prop: where to put the result
2241 *
2242 * Sets the secid to contain a u32 version of the task's subjective smack label.
2243 */
smack_current_getlsmprop_subj(struct lsm_prop * prop)2244 static void smack_current_getlsmprop_subj(struct lsm_prop *prop)
2245 {
2246 prop->smack.skp = smk_of_current();
2247 }
2248
2249 /**
2250 * smack_task_getlsmprop_obj - get the objective data of the task
2251 * @p: the task
2252 * @prop: where to put the result
2253 *
2254 * Sets the secid to contain a u32 version of the task's objective smack label.
2255 */
smack_task_getlsmprop_obj(struct task_struct * p,struct lsm_prop * prop)2256 static void smack_task_getlsmprop_obj(struct task_struct *p,
2257 struct lsm_prop *prop)
2258 {
2259 prop->smack.skp = smk_of_task_struct_obj(p);
2260 }
2261
2262 /**
2263 * smack_task_setnice - Smack check on setting nice
2264 * @p: the task object
2265 * @nice: unused
2266 *
2267 * Return 0 if write access is permitted
2268 */
smack_task_setnice(struct task_struct * p,int nice)2269 static int smack_task_setnice(struct task_struct *p, int nice)
2270 {
2271 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2272 }
2273
2274 /**
2275 * smack_task_setioprio - Smack check on setting ioprio
2276 * @p: the task object
2277 * @ioprio: unused
2278 *
2279 * Return 0 if write access is permitted
2280 */
smack_task_setioprio(struct task_struct * p,int ioprio)2281 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2282 {
2283 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2284 }
2285
2286 /**
2287 * smack_task_getioprio - Smack check on reading ioprio
2288 * @p: the task object
2289 *
2290 * Return 0 if read access is permitted
2291 */
smack_task_getioprio(struct task_struct * p)2292 static int smack_task_getioprio(struct task_struct *p)
2293 {
2294 return smk_curacc_on_task(p, MAY_READ, __func__);
2295 }
2296
2297 /**
2298 * smack_task_setscheduler - Smack check on setting scheduler
2299 * @p: the task object
2300 *
2301 * Return 0 if read access is permitted
2302 */
smack_task_setscheduler(struct task_struct * p)2303 static int smack_task_setscheduler(struct task_struct *p)
2304 {
2305 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2306 }
2307
2308 /**
2309 * smack_task_getscheduler - Smack check on reading scheduler
2310 * @p: the task object
2311 *
2312 * Return 0 if read access is permitted
2313 */
smack_task_getscheduler(struct task_struct * p)2314 static int smack_task_getscheduler(struct task_struct *p)
2315 {
2316 return smk_curacc_on_task(p, MAY_READ, __func__);
2317 }
2318
2319 /**
2320 * smack_task_movememory - Smack check on moving memory
2321 * @p: the task object
2322 *
2323 * Return 0 if write access is permitted
2324 */
smack_task_movememory(struct task_struct * p)2325 static int smack_task_movememory(struct task_struct *p)
2326 {
2327 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2328 }
2329
2330 /**
2331 * smack_task_kill - Smack check on signal delivery
2332 * @p: the task object
2333 * @info: unused
2334 * @sig: unused
2335 * @cred: identifies the cred to use in lieu of current's
2336 *
2337 * Return 0 if write access is permitted
2338 *
2339 */
smack_task_kill(struct task_struct * p,struct kernel_siginfo * info,int sig,const struct cred * cred)2340 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
2341 int sig, const struct cred *cred)
2342 {
2343 struct smk_audit_info ad;
2344 struct smack_known *skp;
2345 struct smack_known *tkp = smk_of_task_struct_obj(p);
2346 int rc;
2347
2348 if (!sig)
2349 return 0; /* null signal; existence test */
2350
2351 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2352 smk_ad_setfield_u_tsk(&ad, p);
2353 /*
2354 * Sending a signal requires that the sender
2355 * can write the receiver.
2356 */
2357 if (cred == NULL) {
2358 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2359 rc = smk_bu_task(p, MAY_DELIVER, rc);
2360 return rc;
2361 }
2362 /*
2363 * If the cred isn't NULL we're dealing with some USB IO
2364 * specific behavior. This is not clean. For one thing
2365 * we can't take privilege into account.
2366 */
2367 skp = smk_of_task(smack_cred(cred));
2368 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2369 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2370 return rc;
2371 }
2372
2373 /**
2374 * smack_task_to_inode - copy task smack into the inode blob
2375 * @p: task to copy from
2376 * @inode: inode to copy to
2377 *
2378 * Sets the smack pointer in the inode security blob
2379 */
smack_task_to_inode(struct task_struct * p,struct inode * inode)2380 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2381 {
2382 struct inode_smack *isp = smack_inode(inode);
2383 struct smack_known *skp = smk_of_task_struct_obj(p);
2384
2385 isp->smk_inode = skp;
2386 isp->smk_flags |= SMK_INODE_INSTANT;
2387 }
2388
2389 /*
2390 * Socket hooks.
2391 */
2392
2393 /**
2394 * smack_sk_alloc_security - Allocate a socket blob
2395 * @sk: the socket
2396 * @family: unused
2397 * @gfp_flags: memory allocation flags
2398 *
2399 * Assign Smack pointers to current
2400 *
2401 * Returns 0 on success, -ENOMEM is there's no memory
2402 */
smack_sk_alloc_security(struct sock * sk,int family,gfp_t gfp_flags)2403 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2404 {
2405 struct smack_known *skp = smk_of_current();
2406 struct socket_smack *ssp = smack_sock(sk);
2407
2408 /*
2409 * Sockets created by kernel threads receive web label.
2410 */
2411 if (unlikely(current->flags & PF_KTHREAD)) {
2412 ssp->smk_in = &smack_known_web;
2413 ssp->smk_out = &smack_known_web;
2414 } else {
2415 ssp->smk_in = skp;
2416 ssp->smk_out = skp;
2417 }
2418 ssp->smk_packet = NULL;
2419
2420 return 0;
2421 }
2422
2423 #ifdef SMACK_IPV6_PORT_LABELING
2424 /**
2425 * smack_sk_free_security - Free a socket blob
2426 * @sk: the socket
2427 *
2428 * Clears the blob pointer
2429 */
smack_sk_free_security(struct sock * sk)2430 static void smack_sk_free_security(struct sock *sk)
2431 {
2432 struct smk_port_label *spp;
2433
2434 if (sk->sk_family == PF_INET6) {
2435 rcu_read_lock();
2436 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2437 if (spp->smk_sock != sk)
2438 continue;
2439 spp->smk_can_reuse = 1;
2440 break;
2441 }
2442 rcu_read_unlock();
2443 }
2444 }
2445 #endif
2446
2447 /**
2448 * smack_sk_clone_security - Copy security context
2449 * @sk: the old socket
2450 * @newsk: the new socket
2451 *
2452 * Copy the security context of the old socket pointer to the cloned
2453 */
smack_sk_clone_security(const struct sock * sk,struct sock * newsk)2454 static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk)
2455 {
2456 struct socket_smack *ssp_old = smack_sock(sk);
2457 struct socket_smack *ssp_new = smack_sock(newsk);
2458
2459 *ssp_new = *ssp_old;
2460 }
2461
2462 /**
2463 * smack_ipv4host_label - check host based restrictions
2464 * @sip: the object end
2465 *
2466 * looks for host based access restrictions
2467 *
2468 * This version will only be appropriate for really small sets of single label
2469 * hosts. The caller is responsible for ensuring that the RCU read lock is
2470 * taken before calling this function.
2471 *
2472 * Returns the label of the far end or NULL if it's not special.
2473 */
smack_ipv4host_label(struct sockaddr_in * sip)2474 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2475 {
2476 struct smk_net4addr *snp;
2477 struct in_addr *siap = &sip->sin_addr;
2478
2479 if (siap->s_addr == 0)
2480 return NULL;
2481
2482 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2483 /*
2484 * we break after finding the first match because
2485 * the list is sorted from longest to shortest mask
2486 * so we have found the most specific match
2487 */
2488 if (snp->smk_host.s_addr ==
2489 (siap->s_addr & snp->smk_mask.s_addr))
2490 return snp->smk_label;
2491
2492 return NULL;
2493 }
2494
2495 #if IS_ENABLED(CONFIG_IPV6)
2496 /*
2497 * smk_ipv6_localhost - Check for local ipv6 host address
2498 * @sip: the address
2499 *
2500 * Returns boolean true if this is the localhost address
2501 */
smk_ipv6_localhost(struct sockaddr_in6 * sip)2502 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2503 {
2504 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2505 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2506
2507 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2508 ntohs(be16p[7]) == 1)
2509 return true;
2510 return false;
2511 }
2512
2513 /**
2514 * smack_ipv6host_label - check host based restrictions
2515 * @sip: the object end
2516 *
2517 * looks for host based access restrictions
2518 *
2519 * This version will only be appropriate for really small sets of single label
2520 * hosts. The caller is responsible for ensuring that the RCU read lock is
2521 * taken before calling this function.
2522 *
2523 * Returns the label of the far end or NULL if it's not special.
2524 */
smack_ipv6host_label(struct sockaddr_in6 * sip)2525 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2526 {
2527 struct smk_net6addr *snp;
2528 struct in6_addr *sap = &sip->sin6_addr;
2529 int i;
2530 int found = 0;
2531
2532 /*
2533 * It's local. Don't look for a host label.
2534 */
2535 if (smk_ipv6_localhost(sip))
2536 return NULL;
2537
2538 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2539 /*
2540 * If the label is NULL the entry has
2541 * been renounced. Ignore it.
2542 */
2543 if (snp->smk_label == NULL)
2544 continue;
2545 /*
2546 * we break after finding the first match because
2547 * the list is sorted from longest to shortest mask
2548 * so we have found the most specific match
2549 */
2550 for (found = 1, i = 0; i < 8; i++) {
2551 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2552 snp->smk_host.s6_addr16[i]) {
2553 found = 0;
2554 break;
2555 }
2556 }
2557 if (found)
2558 return snp->smk_label;
2559 }
2560
2561 return NULL;
2562 }
2563 #endif /* CONFIG_IPV6 */
2564
2565 /**
2566 * smack_netlbl_add - Set the secattr on a socket
2567 * @sk: the socket
2568 *
2569 * Attach the outbound smack value (smk_out) to the socket.
2570 *
2571 * Returns 0 on success or an error code
2572 */
smack_netlbl_add(struct sock * sk)2573 static int smack_netlbl_add(struct sock *sk)
2574 {
2575 struct socket_smack *ssp = smack_sock(sk);
2576 struct smack_known *skp = ssp->smk_out;
2577 int rc;
2578
2579 local_bh_disable();
2580 bh_lock_sock_nested(sk);
2581
2582 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel,
2583 netlbl_sk_lock_check(sk));
2584 switch (rc) {
2585 case 0:
2586 ssp->smk_state = SMK_NETLBL_LABELED;
2587 break;
2588 case -EDESTADDRREQ:
2589 ssp->smk_state = SMK_NETLBL_REQSKB;
2590 rc = 0;
2591 break;
2592 }
2593
2594 bh_unlock_sock(sk);
2595 local_bh_enable();
2596
2597 return rc;
2598 }
2599
2600 /**
2601 * smack_netlbl_delete - Remove the secattr from a socket
2602 * @sk: the socket
2603 *
2604 * Remove the outbound smack value from a socket
2605 */
smack_netlbl_delete(struct sock * sk)2606 static void smack_netlbl_delete(struct sock *sk)
2607 {
2608 struct socket_smack *ssp = smack_sock(sk);
2609
2610 /*
2611 * Take the label off the socket if one is set.
2612 */
2613 if (ssp->smk_state != SMK_NETLBL_LABELED)
2614 return;
2615
2616 local_bh_disable();
2617 bh_lock_sock_nested(sk);
2618 netlbl_sock_delattr(sk);
2619 bh_unlock_sock(sk);
2620 local_bh_enable();
2621 ssp->smk_state = SMK_NETLBL_UNLABELED;
2622 }
2623
2624 /**
2625 * smk_ipv4_check - Perform IPv4 host access checks
2626 * @sk: the socket
2627 * @sap: the destination address
2628 *
2629 * Set the correct secattr for the given socket based on the destination
2630 * address and perform any outbound access checks needed.
2631 *
2632 * Returns 0 on success or an error code.
2633 *
2634 */
smk_ipv4_check(struct sock * sk,struct sockaddr_in * sap)2635 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
2636 {
2637 struct smack_known *skp;
2638 int rc = 0;
2639 struct smack_known *hkp;
2640 struct socket_smack *ssp = smack_sock(sk);
2641 struct smk_audit_info ad;
2642
2643 rcu_read_lock();
2644 hkp = smack_ipv4host_label(sap);
2645 if (hkp != NULL) {
2646 #ifdef CONFIG_AUDIT
2647 struct lsm_network_audit net;
2648
2649 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2650 ad.a.u.net->family = sap->sin_family;
2651 ad.a.u.net->dport = sap->sin_port;
2652 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2653 #endif
2654 skp = ssp->smk_out;
2655 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2656 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2657 /*
2658 * Clear the socket netlabel if it's set.
2659 */
2660 if (!rc)
2661 smack_netlbl_delete(sk);
2662 }
2663 rcu_read_unlock();
2664
2665 return rc;
2666 }
2667
2668 #if IS_ENABLED(CONFIG_IPV6)
2669 /**
2670 * smk_ipv6_check - check Smack access
2671 * @subject: subject Smack label
2672 * @object: object Smack label
2673 * @address: address
2674 * @act: the action being taken
2675 *
2676 * Check an IPv6 access
2677 */
smk_ipv6_check(struct smack_known * subject,struct smack_known * object,struct sockaddr_in6 * address,int act)2678 static int smk_ipv6_check(struct smack_known *subject,
2679 struct smack_known *object,
2680 struct sockaddr_in6 *address, int act)
2681 {
2682 #ifdef CONFIG_AUDIT
2683 struct lsm_network_audit net;
2684 #endif
2685 struct smk_audit_info ad;
2686 int rc;
2687
2688 #ifdef CONFIG_AUDIT
2689 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2690 ad.a.u.net->family = PF_INET6;
2691 ad.a.u.net->dport = address->sin6_port;
2692 if (act == SMK_RECEIVING)
2693 ad.a.u.net->v6info.saddr = address->sin6_addr;
2694 else
2695 ad.a.u.net->v6info.daddr = address->sin6_addr;
2696 #endif
2697 rc = smk_access(subject, object, MAY_WRITE, &ad);
2698 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2699 return rc;
2700 }
2701 #endif /* CONFIG_IPV6 */
2702
2703 #ifdef SMACK_IPV6_PORT_LABELING
2704 /**
2705 * smk_ipv6_port_label - Smack port access table management
2706 * @sock: socket
2707 * @address: address
2708 *
2709 * Create or update the port list entry
2710 */
smk_ipv6_port_label(struct socket * sock,struct sockaddr * address)2711 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2712 {
2713 struct sock *sk = sock->sk;
2714 struct sockaddr_in6 *addr6;
2715 struct socket_smack *ssp = smack_sock(sock->sk);
2716 struct smk_port_label *spp;
2717 unsigned short port = 0;
2718
2719 if (address == NULL) {
2720 /*
2721 * This operation is changing the Smack information
2722 * on the bound socket. Take the changes to the port
2723 * as well.
2724 */
2725 rcu_read_lock();
2726 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2727 if (sk != spp->smk_sock)
2728 continue;
2729 spp->smk_in = ssp->smk_in;
2730 spp->smk_out = ssp->smk_out;
2731 rcu_read_unlock();
2732 return;
2733 }
2734 /*
2735 * A NULL address is only used for updating existing
2736 * bound entries. If there isn't one, it's OK.
2737 */
2738 rcu_read_unlock();
2739 return;
2740 }
2741
2742 addr6 = (struct sockaddr_in6 *)address;
2743 port = ntohs(addr6->sin6_port);
2744 /*
2745 * This is a special case that is safely ignored.
2746 */
2747 if (port == 0)
2748 return;
2749
2750 /*
2751 * Look for an existing port list entry.
2752 * This is an indication that a port is getting reused.
2753 */
2754 rcu_read_lock();
2755 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2756 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2757 continue;
2758 if (spp->smk_can_reuse != 1) {
2759 rcu_read_unlock();
2760 return;
2761 }
2762 spp->smk_port = port;
2763 spp->smk_sock = sk;
2764 spp->smk_in = ssp->smk_in;
2765 spp->smk_out = ssp->smk_out;
2766 spp->smk_can_reuse = 0;
2767 rcu_read_unlock();
2768 return;
2769 }
2770 rcu_read_unlock();
2771 /*
2772 * A new port entry is required.
2773 */
2774 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2775 if (spp == NULL)
2776 return;
2777
2778 spp->smk_port = port;
2779 spp->smk_sock = sk;
2780 spp->smk_in = ssp->smk_in;
2781 spp->smk_out = ssp->smk_out;
2782 spp->smk_sock_type = sock->type;
2783 spp->smk_can_reuse = 0;
2784
2785 mutex_lock(&smack_ipv6_lock);
2786 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2787 mutex_unlock(&smack_ipv6_lock);
2788 return;
2789 }
2790
2791 /**
2792 * smk_ipv6_port_check - check Smack port access
2793 * @sk: socket
2794 * @address: address
2795 * @act: the action being taken
2796 *
2797 * Create or update the port list entry
2798 */
smk_ipv6_port_check(struct sock * sk,struct sockaddr_in6 * address,int act)2799 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2800 int act)
2801 {
2802 struct smk_port_label *spp;
2803 struct socket_smack *ssp = smack_sock(sk);
2804 struct smack_known *skp = NULL;
2805 unsigned short port;
2806 struct smack_known *object;
2807
2808 if (act == SMK_RECEIVING) {
2809 skp = smack_ipv6host_label(address);
2810 object = ssp->smk_in;
2811 } else {
2812 skp = ssp->smk_out;
2813 object = smack_ipv6host_label(address);
2814 }
2815
2816 /*
2817 * The other end is a single label host.
2818 */
2819 if (skp != NULL && object != NULL)
2820 return smk_ipv6_check(skp, object, address, act);
2821 if (skp == NULL)
2822 skp = smack_net_ambient;
2823 if (object == NULL)
2824 object = smack_net_ambient;
2825
2826 /*
2827 * It's remote, so port lookup does no good.
2828 */
2829 if (!smk_ipv6_localhost(address))
2830 return smk_ipv6_check(skp, object, address, act);
2831
2832 /*
2833 * It's local so the send check has to have passed.
2834 */
2835 if (act == SMK_RECEIVING)
2836 return 0;
2837
2838 port = ntohs(address->sin6_port);
2839 rcu_read_lock();
2840 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2841 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2842 continue;
2843 object = spp->smk_in;
2844 if (act == SMK_CONNECTING)
2845 ssp->smk_packet = spp->smk_out;
2846 break;
2847 }
2848 rcu_read_unlock();
2849
2850 return smk_ipv6_check(skp, object, address, act);
2851 }
2852 #endif
2853
2854 /**
2855 * smack_inode_setsecurity - set smack xattrs
2856 * @inode: the object
2857 * @name: attribute name
2858 * @value: attribute value
2859 * @size: size of the attribute
2860 * @flags: unused
2861 *
2862 * Sets the named attribute in the appropriate blob
2863 *
2864 * Returns 0 on success, or an error code
2865 */
smack_inode_setsecurity(struct inode * inode,const char * name,const void * value,size_t size,int flags)2866 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2867 const void *value, size_t size, int flags)
2868 {
2869 struct smack_known *skp;
2870 struct inode_smack *nsp = smack_inode(inode);
2871 struct socket_smack *ssp;
2872 struct socket *sock;
2873 int rc = 0;
2874
2875 if (value == NULL || size > SMK_LONGLABEL || size == 0)
2876 return -EINVAL;
2877
2878 if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
2879 if (!S_ISDIR(inode->i_mode) || size != TRANS_TRUE_SIZE ||
2880 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
2881 return -EINVAL;
2882
2883 nsp->smk_flags |= SMK_INODE_TRANSMUTE;
2884 return 0;
2885 }
2886
2887 skp = smk_import_entry(value, size);
2888 if (IS_ERR(skp))
2889 return PTR_ERR(skp);
2890
2891 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2892 nsp->smk_inode = skp;
2893 nsp->smk_flags |= SMK_INODE_INSTANT;
2894 return 0;
2895 }
2896 /*
2897 * The rest of the Smack xattrs are only on sockets.
2898 */
2899 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2900 return -EOPNOTSUPP;
2901
2902 sock = SOCKET_I(inode);
2903 if (sock == NULL || sock->sk == NULL)
2904 return -EOPNOTSUPP;
2905
2906 ssp = smack_sock(sock->sk);
2907
2908 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2909 ssp->smk_in = skp;
2910 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2911 ssp->smk_out = skp;
2912 if (sock->sk->sk_family == PF_INET) {
2913 rc = smack_netlbl_add(sock->sk);
2914 if (rc != 0)
2915 printk(KERN_WARNING
2916 "Smack: \"%s\" netlbl error %d.\n",
2917 __func__, -rc);
2918 }
2919 } else
2920 return -EOPNOTSUPP;
2921
2922 #ifdef SMACK_IPV6_PORT_LABELING
2923 if (sock->sk->sk_family == PF_INET6)
2924 smk_ipv6_port_label(sock, NULL);
2925 #endif
2926
2927 return 0;
2928 }
2929
2930 /**
2931 * smack_socket_post_create - finish socket setup
2932 * @sock: the socket
2933 * @family: protocol family
2934 * @type: unused
2935 * @protocol: unused
2936 * @kern: unused
2937 *
2938 * Sets the netlabel information on the socket
2939 *
2940 * Returns 0 on success, and error code otherwise
2941 */
smack_socket_post_create(struct socket * sock,int family,int type,int protocol,int kern)2942 static int smack_socket_post_create(struct socket *sock, int family,
2943 int type, int protocol, int kern)
2944 {
2945 struct socket_smack *ssp;
2946
2947 if (sock->sk == NULL)
2948 return 0;
2949
2950 /*
2951 * Sockets created by kernel threads receive web label.
2952 */
2953 if (unlikely(current->flags & PF_KTHREAD)) {
2954 ssp = smack_sock(sock->sk);
2955 ssp->smk_in = &smack_known_web;
2956 ssp->smk_out = &smack_known_web;
2957 }
2958
2959 if (family != PF_INET)
2960 return 0;
2961 /*
2962 * Set the outbound netlbl.
2963 */
2964 return smack_netlbl_add(sock->sk);
2965 }
2966
2967 /**
2968 * smack_socket_socketpair - create socket pair
2969 * @socka: one socket
2970 * @sockb: another socket
2971 *
2972 * Cross reference the peer labels for SO_PEERSEC
2973 *
2974 * Returns 0
2975 */
smack_socket_socketpair(struct socket * socka,struct socket * sockb)2976 static int smack_socket_socketpair(struct socket *socka,
2977 struct socket *sockb)
2978 {
2979 struct socket_smack *asp = smack_sock(socka->sk);
2980 struct socket_smack *bsp = smack_sock(sockb->sk);
2981
2982 asp->smk_packet = bsp->smk_out;
2983 bsp->smk_packet = asp->smk_out;
2984
2985 return 0;
2986 }
2987
2988 #ifdef SMACK_IPV6_PORT_LABELING
2989 /**
2990 * smack_socket_bind - record port binding information.
2991 * @sock: the socket
2992 * @address: the port address
2993 * @addrlen: size of the address
2994 *
2995 * Records the label bound to a port.
2996 *
2997 * Returns 0 on success, and error code otherwise
2998 */
smack_socket_bind(struct socket * sock,struct sockaddr * address,int addrlen)2999 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
3000 int addrlen)
3001 {
3002 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
3003 if (addrlen < SIN6_LEN_RFC2133 ||
3004 address->sa_family != AF_INET6)
3005 return -EINVAL;
3006 smk_ipv6_port_label(sock, address);
3007 }
3008 return 0;
3009 }
3010 #endif /* SMACK_IPV6_PORT_LABELING */
3011
3012 /**
3013 * smack_socket_connect - connect access check
3014 * @sock: the socket
3015 * @sap: the other end
3016 * @addrlen: size of sap
3017 *
3018 * Verifies that a connection may be possible
3019 *
3020 * Returns 0 on success, and error code otherwise
3021 */
smack_socket_connect(struct socket * sock,struct sockaddr * sap,int addrlen)3022 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
3023 int addrlen)
3024 {
3025 int rc = 0;
3026
3027 if (sock->sk == NULL)
3028 return 0;
3029 if (sock->sk->sk_family != PF_INET &&
3030 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
3031 return 0;
3032 if (addrlen < offsetofend(struct sockaddr, sa_family))
3033 return 0;
3034
3035 #if IS_ENABLED(CONFIG_IPV6)
3036 if (sap->sa_family == AF_INET6) {
3037 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
3038 struct smack_known *rsp = NULL;
3039
3040 if (addrlen < SIN6_LEN_RFC2133)
3041 return 0;
3042 if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
3043 rsp = smack_ipv6host_label(sip);
3044 if (rsp != NULL) {
3045 struct socket_smack *ssp = smack_sock(sock->sk);
3046
3047 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
3048 SMK_CONNECTING);
3049 }
3050 #ifdef SMACK_IPV6_PORT_LABELING
3051 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
3052 #endif
3053
3054 return rc;
3055 }
3056 #endif /* CONFIG_IPV6 */
3057
3058 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
3059 return 0;
3060 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap);
3061 return rc;
3062 }
3063
3064 /**
3065 * smack_flags_to_may - convert S_ to MAY_ values
3066 * @flags: the S_ value
3067 *
3068 * Returns the equivalent MAY_ value
3069 */
smack_flags_to_may(int flags)3070 static int smack_flags_to_may(int flags)
3071 {
3072 int may = 0;
3073
3074 if (flags & S_IRUGO)
3075 may |= MAY_READ;
3076 if (flags & S_IWUGO)
3077 may |= MAY_WRITE;
3078 if (flags & S_IXUGO)
3079 may |= MAY_EXEC;
3080
3081 return may;
3082 }
3083
3084 /**
3085 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
3086 * @msg: the object
3087 *
3088 * Returns 0
3089 */
smack_msg_msg_alloc_security(struct msg_msg * msg)3090 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
3091 {
3092 struct smack_known **blob = smack_msg_msg(msg);
3093
3094 *blob = smk_of_current();
3095 return 0;
3096 }
3097
3098 /**
3099 * smack_of_ipc - the smack pointer for the ipc
3100 * @isp: the object
3101 *
3102 * Returns a pointer to the smack value
3103 */
smack_of_ipc(struct kern_ipc_perm * isp)3104 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
3105 {
3106 struct smack_known **blob = smack_ipc(isp);
3107
3108 return *blob;
3109 }
3110
3111 /**
3112 * smack_ipc_alloc_security - Set the security blob for ipc
3113 * @isp: the object
3114 *
3115 * Returns 0
3116 */
smack_ipc_alloc_security(struct kern_ipc_perm * isp)3117 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
3118 {
3119 struct smack_known **blob = smack_ipc(isp);
3120
3121 *blob = smk_of_current();
3122 return 0;
3123 }
3124
3125 /**
3126 * smk_curacc_shm : check if current has access on shm
3127 * @isp : the object
3128 * @access : access requested
3129 *
3130 * Returns 0 if current has the requested access, error code otherwise
3131 */
smk_curacc_shm(struct kern_ipc_perm * isp,int access)3132 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
3133 {
3134 struct smack_known *ssp = smack_of_ipc(isp);
3135 struct smk_audit_info ad;
3136 int rc;
3137
3138 #ifdef CONFIG_AUDIT
3139 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3140 ad.a.u.ipc_id = isp->id;
3141 #endif
3142 rc = smk_curacc(ssp, access, &ad);
3143 rc = smk_bu_current("shm", ssp, access, rc);
3144 return rc;
3145 }
3146
3147 /**
3148 * smack_shm_associate - Smack access check for shm
3149 * @isp: the object
3150 * @shmflg: access requested
3151 *
3152 * Returns 0 if current has the requested access, error code otherwise
3153 */
smack_shm_associate(struct kern_ipc_perm * isp,int shmflg)3154 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
3155 {
3156 int may;
3157
3158 may = smack_flags_to_may(shmflg);
3159 return smk_curacc_shm(isp, may);
3160 }
3161
3162 /**
3163 * smack_shm_shmctl - Smack access check for shm
3164 * @isp: the object
3165 * @cmd: what it wants to do
3166 *
3167 * Returns 0 if current has the requested access, error code otherwise
3168 */
smack_shm_shmctl(struct kern_ipc_perm * isp,int cmd)3169 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
3170 {
3171 int may;
3172
3173 switch (cmd) {
3174 case IPC_STAT:
3175 case SHM_STAT:
3176 case SHM_STAT_ANY:
3177 may = MAY_READ;
3178 break;
3179 case IPC_SET:
3180 case SHM_LOCK:
3181 case SHM_UNLOCK:
3182 case IPC_RMID:
3183 may = MAY_READWRITE;
3184 break;
3185 case IPC_INFO:
3186 case SHM_INFO:
3187 /*
3188 * System level information.
3189 */
3190 return 0;
3191 default:
3192 return -EINVAL;
3193 }
3194 return smk_curacc_shm(isp, may);
3195 }
3196
3197 /**
3198 * smack_shm_shmat - Smack access for shmat
3199 * @isp: the object
3200 * @shmaddr: unused
3201 * @shmflg: access requested
3202 *
3203 * Returns 0 if current has the requested access, error code otherwise
3204 */
smack_shm_shmat(struct kern_ipc_perm * isp,char __user * shmaddr,int shmflg)3205 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
3206 int shmflg)
3207 {
3208 int may;
3209
3210 may = smack_flags_to_may(shmflg);
3211 return smk_curacc_shm(isp, may);
3212 }
3213
3214 /**
3215 * smk_curacc_sem : check if current has access on sem
3216 * @isp : the object
3217 * @access : access requested
3218 *
3219 * Returns 0 if current has the requested access, error code otherwise
3220 */
smk_curacc_sem(struct kern_ipc_perm * isp,int access)3221 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3222 {
3223 struct smack_known *ssp = smack_of_ipc(isp);
3224 struct smk_audit_info ad;
3225 int rc;
3226
3227 #ifdef CONFIG_AUDIT
3228 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3229 ad.a.u.ipc_id = isp->id;
3230 #endif
3231 rc = smk_curacc(ssp, access, &ad);
3232 rc = smk_bu_current("sem", ssp, access, rc);
3233 return rc;
3234 }
3235
3236 /**
3237 * smack_sem_associate - Smack access check for sem
3238 * @isp: the object
3239 * @semflg: access requested
3240 *
3241 * Returns 0 if current has the requested access, error code otherwise
3242 */
smack_sem_associate(struct kern_ipc_perm * isp,int semflg)3243 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3244 {
3245 int may;
3246
3247 may = smack_flags_to_may(semflg);
3248 return smk_curacc_sem(isp, may);
3249 }
3250
3251 /**
3252 * smack_sem_semctl - Smack access check for sem
3253 * @isp: the object
3254 * @cmd: what it wants to do
3255 *
3256 * Returns 0 if current has the requested access, error code otherwise
3257 */
smack_sem_semctl(struct kern_ipc_perm * isp,int cmd)3258 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3259 {
3260 int may;
3261
3262 switch (cmd) {
3263 case GETPID:
3264 case GETNCNT:
3265 case GETZCNT:
3266 case GETVAL:
3267 case GETALL:
3268 case IPC_STAT:
3269 case SEM_STAT:
3270 case SEM_STAT_ANY:
3271 may = MAY_READ;
3272 break;
3273 case SETVAL:
3274 case SETALL:
3275 case IPC_RMID:
3276 case IPC_SET:
3277 may = MAY_READWRITE;
3278 break;
3279 case IPC_INFO:
3280 case SEM_INFO:
3281 /*
3282 * System level information
3283 */
3284 return 0;
3285 default:
3286 return -EINVAL;
3287 }
3288
3289 return smk_curacc_sem(isp, may);
3290 }
3291
3292 /**
3293 * smack_sem_semop - Smack checks of semaphore operations
3294 * @isp: the object
3295 * @sops: unused
3296 * @nsops: unused
3297 * @alter: unused
3298 *
3299 * Treated as read and write in all cases.
3300 *
3301 * Returns 0 if access is allowed, error code otherwise
3302 */
smack_sem_semop(struct kern_ipc_perm * isp,struct sembuf * sops,unsigned nsops,int alter)3303 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3304 unsigned nsops, int alter)
3305 {
3306 return smk_curacc_sem(isp, MAY_READWRITE);
3307 }
3308
3309 /**
3310 * smk_curacc_msq : helper to check if current has access on msq
3311 * @isp : the msq
3312 * @access : access requested
3313 *
3314 * return 0 if current has access, error otherwise
3315 */
smk_curacc_msq(struct kern_ipc_perm * isp,int access)3316 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3317 {
3318 struct smack_known *msp = smack_of_ipc(isp);
3319 struct smk_audit_info ad;
3320 int rc;
3321
3322 #ifdef CONFIG_AUDIT
3323 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3324 ad.a.u.ipc_id = isp->id;
3325 #endif
3326 rc = smk_curacc(msp, access, &ad);
3327 rc = smk_bu_current("msq", msp, access, rc);
3328 return rc;
3329 }
3330
3331 /**
3332 * smack_msg_queue_associate - Smack access check for msg_queue
3333 * @isp: the object
3334 * @msqflg: access requested
3335 *
3336 * Returns 0 if current has the requested access, error code otherwise
3337 */
smack_msg_queue_associate(struct kern_ipc_perm * isp,int msqflg)3338 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3339 {
3340 int may;
3341
3342 may = smack_flags_to_may(msqflg);
3343 return smk_curacc_msq(isp, may);
3344 }
3345
3346 /**
3347 * smack_msg_queue_msgctl - Smack access check for msg_queue
3348 * @isp: the object
3349 * @cmd: what it wants to do
3350 *
3351 * Returns 0 if current has the requested access, error code otherwise
3352 */
smack_msg_queue_msgctl(struct kern_ipc_perm * isp,int cmd)3353 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3354 {
3355 int may;
3356
3357 switch (cmd) {
3358 case IPC_STAT:
3359 case MSG_STAT:
3360 case MSG_STAT_ANY:
3361 may = MAY_READ;
3362 break;
3363 case IPC_SET:
3364 case IPC_RMID:
3365 may = MAY_READWRITE;
3366 break;
3367 case IPC_INFO:
3368 case MSG_INFO:
3369 /*
3370 * System level information
3371 */
3372 return 0;
3373 default:
3374 return -EINVAL;
3375 }
3376
3377 return smk_curacc_msq(isp, may);
3378 }
3379
3380 /**
3381 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3382 * @isp: the object
3383 * @msg: unused
3384 * @msqflg: access requested
3385 *
3386 * Returns 0 if current has the requested access, error code otherwise
3387 */
smack_msg_queue_msgsnd(struct kern_ipc_perm * isp,struct msg_msg * msg,int msqflg)3388 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3389 int msqflg)
3390 {
3391 int may;
3392
3393 may = smack_flags_to_may(msqflg);
3394 return smk_curacc_msq(isp, may);
3395 }
3396
3397 /**
3398 * smack_msg_queue_msgrcv - Smack access check for msg_queue
3399 * @isp: the object
3400 * @msg: unused
3401 * @target: unused
3402 * @type: unused
3403 * @mode: unused
3404 *
3405 * Returns 0 if current has read and write access, error code otherwise
3406 */
smack_msg_queue_msgrcv(struct kern_ipc_perm * isp,struct msg_msg * msg,struct task_struct * target,long type,int mode)3407 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp,
3408 struct msg_msg *msg,
3409 struct task_struct *target, long type,
3410 int mode)
3411 {
3412 return smk_curacc_msq(isp, MAY_READWRITE);
3413 }
3414
3415 /**
3416 * smack_ipc_permission - Smack access for ipc_permission()
3417 * @ipp: the object permissions
3418 * @flag: access requested
3419 *
3420 * Returns 0 if current has read and write access, error code otherwise
3421 */
smack_ipc_permission(struct kern_ipc_perm * ipp,short flag)3422 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3423 {
3424 struct smack_known **blob = smack_ipc(ipp);
3425 struct smack_known *iskp = *blob;
3426 int may = smack_flags_to_may(flag);
3427 struct smk_audit_info ad;
3428 int rc;
3429
3430 #ifdef CONFIG_AUDIT
3431 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3432 ad.a.u.ipc_id = ipp->id;
3433 #endif
3434 rc = smk_curacc(iskp, may, &ad);
3435 rc = smk_bu_current("svipc", iskp, may, rc);
3436 return rc;
3437 }
3438
3439 /**
3440 * smack_ipc_getlsmprop - Extract smack security data
3441 * @ipp: the object permissions
3442 * @prop: where result will be saved
3443 */
smack_ipc_getlsmprop(struct kern_ipc_perm * ipp,struct lsm_prop * prop)3444 static void smack_ipc_getlsmprop(struct kern_ipc_perm *ipp, struct lsm_prop *prop)
3445 {
3446 struct smack_known **iskpp = smack_ipc(ipp);
3447
3448 prop->smack.skp = *iskpp;
3449 }
3450
3451 /**
3452 * smack_d_instantiate - Make sure the blob is correct on an inode
3453 * @opt_dentry: dentry where inode will be attached
3454 * @inode: the object
3455 *
3456 * Set the inode's security blob if it hasn't been done already.
3457 */
smack_d_instantiate(struct dentry * opt_dentry,struct inode * inode)3458 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3459 {
3460 struct super_block *sbp;
3461 struct superblock_smack *sbsp;
3462 struct inode_smack *isp;
3463 struct smack_known *skp;
3464 struct smack_known *ckp = smk_of_current();
3465 struct smack_known *final;
3466 char trattr[TRANS_TRUE_SIZE];
3467 int transflag = 0;
3468 int rc;
3469 struct dentry *dp;
3470
3471 if (inode == NULL)
3472 return;
3473
3474 isp = smack_inode(inode);
3475
3476 /*
3477 * If the inode is already instantiated
3478 * take the quick way out
3479 */
3480 if (isp->smk_flags & SMK_INODE_INSTANT)
3481 return;
3482
3483 sbp = inode->i_sb;
3484 sbsp = smack_superblock(sbp);
3485 /*
3486 * We're going to use the superblock default label
3487 * if there's no label on the file.
3488 */
3489 final = sbsp->smk_default;
3490
3491 /*
3492 * If this is the root inode the superblock
3493 * may be in the process of initialization.
3494 * If that is the case use the root value out
3495 * of the superblock.
3496 */
3497 if (opt_dentry->d_parent == opt_dentry) {
3498 switch (sbp->s_magic) {
3499 case CGROUP_SUPER_MAGIC:
3500 case CGROUP2_SUPER_MAGIC:
3501 /*
3502 * The cgroup filesystem is never mounted,
3503 * so there's no opportunity to set the mount
3504 * options.
3505 */
3506 sbsp->smk_root = &smack_known_star;
3507 sbsp->smk_default = &smack_known_star;
3508 isp->smk_inode = sbsp->smk_root;
3509 break;
3510 case TMPFS_MAGIC:
3511 /*
3512 * What about shmem/tmpfs anonymous files with dentry
3513 * obtained from d_alloc_pseudo()?
3514 */
3515 isp->smk_inode = smk_of_current();
3516 break;
3517 case PIPEFS_MAGIC:
3518 isp->smk_inode = smk_of_current();
3519 break;
3520 case SOCKFS_MAGIC:
3521 /*
3522 * Socket access is controlled by the socket
3523 * structures associated with the task involved.
3524 */
3525 isp->smk_inode = &smack_known_star;
3526 break;
3527 default:
3528 isp->smk_inode = sbsp->smk_root;
3529 break;
3530 }
3531 isp->smk_flags |= SMK_INODE_INSTANT;
3532 return;
3533 }
3534
3535 /*
3536 * This is pretty hackish.
3537 * Casey says that we shouldn't have to do
3538 * file system specific code, but it does help
3539 * with keeping it simple.
3540 */
3541 switch (sbp->s_magic) {
3542 case SMACK_MAGIC:
3543 case CGROUP_SUPER_MAGIC:
3544 case CGROUP2_SUPER_MAGIC:
3545 /*
3546 * Casey says that it's a little embarrassing
3547 * that the smack file system doesn't do
3548 * extended attributes.
3549 *
3550 * Cgroupfs is special
3551 */
3552 final = &smack_known_star;
3553 break;
3554 case DEVPTS_SUPER_MAGIC:
3555 /*
3556 * devpts seems content with the label of the task.
3557 * Programs that change smack have to treat the
3558 * pty with respect.
3559 */
3560 final = ckp;
3561 break;
3562 case PROC_SUPER_MAGIC:
3563 /*
3564 * Casey says procfs appears not to care.
3565 * The superblock default suffices.
3566 */
3567 break;
3568 case TMPFS_MAGIC:
3569 /*
3570 * Device labels should come from the filesystem,
3571 * but watch out, because they're volitile,
3572 * getting recreated on every reboot.
3573 */
3574 final = &smack_known_star;
3575 /*
3576 * If a smack value has been set we want to use it,
3577 * but since tmpfs isn't giving us the opportunity
3578 * to set mount options simulate setting the
3579 * superblock default.
3580 */
3581 fallthrough;
3582 default:
3583 /*
3584 * This isn't an understood special case.
3585 * Get the value from the xattr.
3586 */
3587
3588 /*
3589 * UNIX domain sockets use lower level socket data.
3590 */
3591 if (S_ISSOCK(inode->i_mode)) {
3592 final = &smack_known_star;
3593 break;
3594 }
3595 /*
3596 * No xattr support means, alas, no SMACK label.
3597 * Use the aforeapplied default.
3598 * It would be curious if the label of the task
3599 * does not match that assigned.
3600 */
3601 if (!(inode->i_opflags & IOP_XATTR))
3602 break;
3603 /*
3604 * Get the dentry for xattr.
3605 */
3606 dp = dget(opt_dentry);
3607 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3608 if (!IS_ERR_OR_NULL(skp))
3609 final = skp;
3610
3611 /*
3612 * Transmuting directory
3613 */
3614 if (S_ISDIR(inode->i_mode)) {
3615 /*
3616 * If this is a new directory and the label was
3617 * transmuted when the inode was initialized
3618 * set the transmute attribute on the directory
3619 * and mark the inode.
3620 *
3621 * If there is a transmute attribute on the
3622 * directory mark the inode.
3623 */
3624 rc = __vfs_getxattr(dp, inode,
3625 XATTR_NAME_SMACKTRANSMUTE, trattr,
3626 TRANS_TRUE_SIZE);
3627 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3628 TRANS_TRUE_SIZE) != 0)
3629 rc = -EINVAL;
3630 if (rc >= 0)
3631 transflag = SMK_INODE_TRANSMUTE;
3632 }
3633 /*
3634 * Don't let the exec or mmap label be "*" or "@".
3635 */
3636 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3637 if (IS_ERR(skp) || skp == &smack_known_star ||
3638 skp == &smack_known_web)
3639 skp = NULL;
3640 isp->smk_task = skp;
3641
3642 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3643 if (IS_ERR(skp) || skp == &smack_known_star ||
3644 skp == &smack_known_web)
3645 skp = NULL;
3646 isp->smk_mmap = skp;
3647
3648 dput(dp);
3649 break;
3650 }
3651
3652 if (final == NULL)
3653 isp->smk_inode = ckp;
3654 else
3655 isp->smk_inode = final;
3656
3657 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3658
3659 return;
3660 }
3661
3662 /**
3663 * smack_getselfattr - Smack current process attribute
3664 * @attr: which attribute to fetch
3665 * @ctx: buffer to receive the result
3666 * @size: available size in, actual size out
3667 * @flags: unused
3668 *
3669 * Fill the passed user space @ctx with the details of the requested
3670 * attribute.
3671 *
3672 * Returns the number of attributes on success, an error code otherwise.
3673 * There will only ever be one attribute.
3674 */
smack_getselfattr(unsigned int attr,struct lsm_ctx __user * ctx,u32 * size,u32 flags)3675 static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
3676 u32 *size, u32 flags)
3677 {
3678 int rc;
3679 struct smack_known *skp;
3680
3681 if (attr != LSM_ATTR_CURRENT)
3682 return -EOPNOTSUPP;
3683
3684 skp = smk_of_current();
3685 rc = lsm_fill_user_ctx(ctx, size,
3686 skp->smk_known, strlen(skp->smk_known) + 1,
3687 LSM_ID_SMACK, 0);
3688 return (!rc ? 1 : rc);
3689 }
3690
3691 /**
3692 * smack_getprocattr - Smack process attribute access
3693 * @p: the object task
3694 * @name: the name of the attribute in /proc/.../attr
3695 * @value: where to put the result
3696 *
3697 * Places a copy of the task Smack into value
3698 *
3699 * Returns the length of the smack label or an error code
3700 */
smack_getprocattr(struct task_struct * p,const char * name,char ** value)3701 static int smack_getprocattr(struct task_struct *p, const char *name, char **value)
3702 {
3703 struct smack_known *skp = smk_of_task_struct_obj(p);
3704 char *cp;
3705 int slen;
3706
3707 if (strcmp(name, "current") != 0)
3708 return -EINVAL;
3709
3710 cp = kstrdup(skp->smk_known, GFP_KERNEL);
3711 if (cp == NULL)
3712 return -ENOMEM;
3713
3714 slen = strlen(cp);
3715 *value = cp;
3716 return slen;
3717 }
3718
3719 /**
3720 * do_setattr - Smack process attribute setting
3721 * @attr: the ID of the attribute
3722 * @value: the value to set
3723 * @size: the size of the value
3724 *
3725 * Sets the Smack value of the task. Only setting self
3726 * is permitted and only with privilege
3727 *
3728 * Returns the length of the smack label or an error code
3729 */
do_setattr(u64 attr,void * value,size_t size)3730 static int do_setattr(u64 attr, void *value, size_t size)
3731 {
3732 struct task_smack *tsp = smack_cred(current_cred());
3733 struct cred *new;
3734 struct smack_known *skp;
3735 struct smack_known_list_elem *sklep;
3736 int rc;
3737
3738 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3739 return -EPERM;
3740
3741 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3742 return -EINVAL;
3743
3744 if (attr != LSM_ATTR_CURRENT)
3745 return -EOPNOTSUPP;
3746
3747 skp = smk_import_entry(value, size);
3748 if (IS_ERR(skp))
3749 return PTR_ERR(skp);
3750
3751 /*
3752 * No process is ever allowed the web ("@") label
3753 * and the star ("*") label.
3754 */
3755 if (skp == &smack_known_web || skp == &smack_known_star)
3756 return -EINVAL;
3757
3758 if (!smack_privileged(CAP_MAC_ADMIN)) {
3759 rc = -EPERM;
3760 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3761 if (sklep->smk_label == skp) {
3762 rc = 0;
3763 break;
3764 }
3765 if (rc)
3766 return rc;
3767 }
3768
3769 new = prepare_creds();
3770 if (new == NULL)
3771 return -ENOMEM;
3772
3773 tsp = smack_cred(new);
3774 tsp->smk_task = skp;
3775 /*
3776 * process can change its label only once
3777 */
3778 smk_destroy_label_list(&tsp->smk_relabel);
3779
3780 commit_creds(new);
3781 return size;
3782 }
3783
3784 /**
3785 * smack_setselfattr - Set a Smack process attribute
3786 * @attr: which attribute to set
3787 * @ctx: buffer containing the data
3788 * @size: size of @ctx
3789 * @flags: unused
3790 *
3791 * Fill the passed user space @ctx with the details of the requested
3792 * attribute.
3793 *
3794 * Returns 0 on success, an error code otherwise.
3795 */
smack_setselfattr(unsigned int attr,struct lsm_ctx * ctx,u32 size,u32 flags)3796 static int smack_setselfattr(unsigned int attr, struct lsm_ctx *ctx,
3797 u32 size, u32 flags)
3798 {
3799 int rc;
3800
3801 rc = do_setattr(attr, ctx->ctx, ctx->ctx_len);
3802 if (rc > 0)
3803 return 0;
3804 return rc;
3805 }
3806
3807 /**
3808 * smack_setprocattr - Smack process attribute setting
3809 * @name: the name of the attribute in /proc/.../attr
3810 * @value: the value to set
3811 * @size: the size of the value
3812 *
3813 * Sets the Smack value of the task. Only setting self
3814 * is permitted and only with privilege
3815 *
3816 * Returns the length of the smack label or an error code
3817 */
smack_setprocattr(const char * name,void * value,size_t size)3818 static int smack_setprocattr(const char *name, void *value, size_t size)
3819 {
3820 int attr = lsm_name_to_attr(name);
3821
3822 if (attr != LSM_ATTR_UNDEF)
3823 return do_setattr(attr, value, size);
3824 return -EINVAL;
3825 }
3826
3827 /**
3828 * smack_unix_stream_connect - Smack access on UDS
3829 * @sock: one sock
3830 * @other: the other sock
3831 * @newsk: unused
3832 *
3833 * Return 0 if a subject with the smack of sock could access
3834 * an object with the smack of other, otherwise an error code
3835 */
smack_unix_stream_connect(struct sock * sock,struct sock * other,struct sock * newsk)3836 static int smack_unix_stream_connect(struct sock *sock,
3837 struct sock *other, struct sock *newsk)
3838 {
3839 struct smack_known *skp;
3840 struct smack_known *okp;
3841 struct socket_smack *ssp = smack_sock(sock);
3842 struct socket_smack *osp = smack_sock(other);
3843 struct socket_smack *nsp = smack_sock(newsk);
3844 struct smk_audit_info ad;
3845 int rc = 0;
3846 #ifdef CONFIG_AUDIT
3847 struct lsm_network_audit net;
3848 #endif
3849
3850 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3851 skp = ssp->smk_out;
3852 okp = osp->smk_in;
3853 #ifdef CONFIG_AUDIT
3854 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3855 smk_ad_setfield_u_net_sk(&ad, other);
3856 #endif
3857 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3858 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3859 if (rc == 0) {
3860 okp = osp->smk_out;
3861 skp = ssp->smk_in;
3862 rc = smk_access(okp, skp, MAY_WRITE, &ad);
3863 rc = smk_bu_note("UDS connect", okp, skp,
3864 MAY_WRITE, rc);
3865 }
3866 }
3867
3868 if (rc == 0) {
3869 /*
3870 * Cross reference the peer labels for SO_PEERSEC.
3871 */
3872 nsp->smk_packet = ssp->smk_out;
3873 ssp->smk_packet = osp->smk_out;
3874
3875 /*
3876 * new/child/established socket must inherit listening socket labels
3877 */
3878 nsp->smk_out = osp->smk_out;
3879 nsp->smk_in = osp->smk_in;
3880 }
3881
3882 return rc;
3883 }
3884
3885 /**
3886 * smack_unix_may_send - Smack access on UDS
3887 * @sock: one socket
3888 * @other: the other socket
3889 *
3890 * Return 0 if a subject with the smack of sock could access
3891 * an object with the smack of other, otherwise an error code
3892 */
smack_unix_may_send(struct socket * sock,struct socket * other)3893 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3894 {
3895 struct socket_smack *ssp = smack_sock(sock->sk);
3896 struct socket_smack *osp = smack_sock(other->sk);
3897 struct smk_audit_info ad;
3898 int rc;
3899
3900 #ifdef CONFIG_AUDIT
3901 struct lsm_network_audit net;
3902
3903 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3904 smk_ad_setfield_u_net_sk(&ad, other->sk);
3905 #endif
3906
3907 if (smack_privileged(CAP_MAC_OVERRIDE))
3908 return 0;
3909
3910 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3911 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3912 return rc;
3913 }
3914
3915 /**
3916 * smack_socket_sendmsg - Smack check based on destination host
3917 * @sock: the socket
3918 * @msg: the message
3919 * @size: the size of the message
3920 *
3921 * Return 0 if the current subject can write to the destination host.
3922 * For IPv4 this is only a question if the destination is a single label host.
3923 * For IPv6 this is a check against the label of the port.
3924 */
smack_socket_sendmsg(struct socket * sock,struct msghdr * msg,int size)3925 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3926 int size)
3927 {
3928 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3929 #if IS_ENABLED(CONFIG_IPV6)
3930 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3931 #endif
3932 #ifdef SMACK_IPV6_SECMARK_LABELING
3933 struct socket_smack *ssp = smack_sock(sock->sk);
3934 struct smack_known *rsp;
3935 #endif
3936 int rc = 0;
3937
3938 /*
3939 * Perfectly reasonable for this to be NULL
3940 */
3941 if (sip == NULL)
3942 return 0;
3943
3944 switch (sock->sk->sk_family) {
3945 case AF_INET:
3946 if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3947 sip->sin_family != AF_INET)
3948 return -EINVAL;
3949 rc = smk_ipv4_check(sock->sk, sip);
3950 break;
3951 #if IS_ENABLED(CONFIG_IPV6)
3952 case AF_INET6:
3953 if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3954 sap->sin6_family != AF_INET6)
3955 return -EINVAL;
3956 #ifdef SMACK_IPV6_SECMARK_LABELING
3957 rsp = smack_ipv6host_label(sap);
3958 if (rsp != NULL)
3959 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3960 SMK_CONNECTING);
3961 #endif
3962 #ifdef SMACK_IPV6_PORT_LABELING
3963 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3964 #endif
3965 #endif /* IS_ENABLED(CONFIG_IPV6) */
3966 break;
3967 }
3968 return rc;
3969 }
3970
3971 /**
3972 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3973 * @sap: netlabel secattr
3974 * @ssp: socket security information
3975 *
3976 * Returns a pointer to a Smack label entry found on the label list.
3977 */
smack_from_secattr(struct netlbl_lsm_secattr * sap,struct socket_smack * ssp)3978 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3979 struct socket_smack *ssp)
3980 {
3981 struct smack_known *skp;
3982 int found = 0;
3983 int acat;
3984 int kcat;
3985
3986 /*
3987 * Netlabel found it in the cache.
3988 */
3989 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
3990 return (struct smack_known *)sap->cache->data;
3991
3992 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3993 /*
3994 * Looks like a fallback, which gives us a secid.
3995 */
3996 return smack_from_secid(sap->attr.secid);
3997
3998 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3999 /*
4000 * Looks like a CIPSO packet.
4001 * If there are flags but no level netlabel isn't
4002 * behaving the way we expect it to.
4003 *
4004 * Look it up in the label table
4005 * Without guidance regarding the smack value
4006 * for the packet fall back on the network
4007 * ambient value.
4008 */
4009 rcu_read_lock();
4010 list_for_each_entry_rcu(skp, &smack_known_list, list) {
4011 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
4012 continue;
4013 /*
4014 * Compare the catsets. Use the netlbl APIs.
4015 */
4016 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
4017 if ((skp->smk_netlabel.flags &
4018 NETLBL_SECATTR_MLS_CAT) == 0)
4019 found = 1;
4020 break;
4021 }
4022 for (acat = -1, kcat = -1; acat == kcat; ) {
4023 acat = netlbl_catmap_walk(sap->attr.mls.cat,
4024 acat + 1);
4025 kcat = netlbl_catmap_walk(
4026 skp->smk_netlabel.attr.mls.cat,
4027 kcat + 1);
4028 if (acat < 0 || kcat < 0)
4029 break;
4030 }
4031 if (acat == kcat) {
4032 found = 1;
4033 break;
4034 }
4035 }
4036 rcu_read_unlock();
4037
4038 if (found)
4039 return skp;
4040
4041 if (ssp != NULL && ssp->smk_in == &smack_known_star)
4042 return &smack_known_web;
4043 return &smack_known_star;
4044 }
4045 /*
4046 * Without guidance regarding the smack value
4047 * for the packet fall back on the network
4048 * ambient value.
4049 */
4050 return smack_net_ambient;
4051 }
4052
4053 #if IS_ENABLED(CONFIG_IPV6)
smk_skb_to_addr_ipv6(struct sk_buff * skb,struct sockaddr_in6 * sip)4054 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
4055 {
4056 u8 nexthdr;
4057 int offset;
4058 int proto = -EINVAL;
4059 struct ipv6hdr _ipv6h;
4060 struct ipv6hdr *ip6;
4061 __be16 frag_off;
4062 struct tcphdr _tcph, *th;
4063 struct udphdr _udph, *uh;
4064 struct dccp_hdr _dccph, *dh;
4065
4066 sip->sin6_port = 0;
4067
4068 offset = skb_network_offset(skb);
4069 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4070 if (ip6 == NULL)
4071 return -EINVAL;
4072 sip->sin6_addr = ip6->saddr;
4073
4074 nexthdr = ip6->nexthdr;
4075 offset += sizeof(_ipv6h);
4076 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4077 if (offset < 0)
4078 return -EINVAL;
4079
4080 proto = nexthdr;
4081 switch (proto) {
4082 case IPPROTO_TCP:
4083 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4084 if (th != NULL)
4085 sip->sin6_port = th->source;
4086 break;
4087 case IPPROTO_UDP:
4088 case IPPROTO_UDPLITE:
4089 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4090 if (uh != NULL)
4091 sip->sin6_port = uh->source;
4092 break;
4093 case IPPROTO_DCCP:
4094 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4095 if (dh != NULL)
4096 sip->sin6_port = dh->dccph_sport;
4097 break;
4098 }
4099 return proto;
4100 }
4101 #endif /* CONFIG_IPV6 */
4102
4103 /**
4104 * smack_from_skb - Smack data from the secmark in an skb
4105 * @skb: packet
4106 *
4107 * Returns smack_known of the secmark or NULL if that won't work.
4108 */
4109 #ifdef CONFIG_NETWORK_SECMARK
smack_from_skb(struct sk_buff * skb)4110 static struct smack_known *smack_from_skb(struct sk_buff *skb)
4111 {
4112 if (skb == NULL || skb->secmark == 0)
4113 return NULL;
4114
4115 return smack_from_secid(skb->secmark);
4116 }
4117 #else
smack_from_skb(struct sk_buff * skb)4118 static inline struct smack_known *smack_from_skb(struct sk_buff *skb)
4119 {
4120 return NULL;
4121 }
4122 #endif
4123
4124 /**
4125 * smack_from_netlbl - Smack data from the IP options in an skb
4126 * @sk: socket data came in on
4127 * @family: address family
4128 * @skb: packet
4129 *
4130 * Find the Smack label in the IP options. If it hasn't been
4131 * added to the netlabel cache, add it here.
4132 *
4133 * Returns smack_known of the IP options or NULL if that won't work.
4134 */
smack_from_netlbl(const struct sock * sk,u16 family,struct sk_buff * skb)4135 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
4136 struct sk_buff *skb)
4137 {
4138 struct netlbl_lsm_secattr secattr;
4139 struct socket_smack *ssp = NULL;
4140 struct smack_known *skp = NULL;
4141
4142 netlbl_secattr_init(&secattr);
4143
4144 if (sk)
4145 ssp = smack_sock(sk);
4146
4147 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
4148 skp = smack_from_secattr(&secattr, ssp);
4149 if (secattr.flags & NETLBL_SECATTR_CACHEABLE)
4150 netlbl_cache_add(skb, family, &skp->smk_netlabel);
4151 }
4152
4153 netlbl_secattr_destroy(&secattr);
4154
4155 return skp;
4156 }
4157
4158 /**
4159 * smack_socket_sock_rcv_skb - Smack packet delivery access check
4160 * @sk: socket
4161 * @skb: packet
4162 *
4163 * Returns 0 if the packet should be delivered, an error code otherwise
4164 */
smack_socket_sock_rcv_skb(struct sock * sk,struct sk_buff * skb)4165 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4166 {
4167 struct socket_smack *ssp = smack_sock(sk);
4168 struct smack_known *skp = NULL;
4169 int rc = 0;
4170 struct smk_audit_info ad;
4171 u16 family = sk->sk_family;
4172 #ifdef CONFIG_AUDIT
4173 struct lsm_network_audit net;
4174 #endif
4175 #if IS_ENABLED(CONFIG_IPV6)
4176 struct sockaddr_in6 sadd;
4177 int proto;
4178
4179 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4180 family = PF_INET;
4181 #endif /* CONFIG_IPV6 */
4182
4183 switch (family) {
4184 case PF_INET:
4185 /*
4186 * If there is a secmark use it rather than the CIPSO label.
4187 * If there is no secmark fall back to CIPSO.
4188 * The secmark is assumed to reflect policy better.
4189 */
4190 skp = smack_from_skb(skb);
4191 if (skp == NULL) {
4192 skp = smack_from_netlbl(sk, family, skb);
4193 if (skp == NULL)
4194 skp = smack_net_ambient;
4195 }
4196
4197 #ifdef CONFIG_AUDIT
4198 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4199 ad.a.u.net->family = family;
4200 ad.a.u.net->netif = skb->skb_iif;
4201 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4202 #endif
4203 /*
4204 * Receiving a packet requires that the other end
4205 * be able to write here. Read access is not required.
4206 * This is the simplist possible security model
4207 * for networking.
4208 */
4209 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4210 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
4211 MAY_WRITE, rc);
4212 if (rc != 0)
4213 netlbl_skbuff_err(skb, family, rc, 0);
4214 break;
4215 #if IS_ENABLED(CONFIG_IPV6)
4216 case PF_INET6:
4217 proto = smk_skb_to_addr_ipv6(skb, &sadd);
4218 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
4219 proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
4220 break;
4221 #ifdef SMACK_IPV6_SECMARK_LABELING
4222 skp = smack_from_skb(skb);
4223 if (skp == NULL) {
4224 if (smk_ipv6_localhost(&sadd))
4225 break;
4226 skp = smack_ipv6host_label(&sadd);
4227 if (skp == NULL)
4228 skp = smack_net_ambient;
4229 }
4230 #ifdef CONFIG_AUDIT
4231 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4232 ad.a.u.net->family = family;
4233 ad.a.u.net->netif = skb->skb_iif;
4234 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4235 #endif /* CONFIG_AUDIT */
4236 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4237 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4238 MAY_WRITE, rc);
4239 #endif /* SMACK_IPV6_SECMARK_LABELING */
4240 #ifdef SMACK_IPV6_PORT_LABELING
4241 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
4242 #endif /* SMACK_IPV6_PORT_LABELING */
4243 if (rc != 0)
4244 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
4245 ICMPV6_ADM_PROHIBITED, 0);
4246 break;
4247 #endif /* CONFIG_IPV6 */
4248 }
4249
4250 return rc;
4251 }
4252
4253 /**
4254 * smack_socket_getpeersec_stream - pull in packet label
4255 * @sock: the socket
4256 * @optval: user's destination
4257 * @optlen: size thereof
4258 * @len: max thereof
4259 *
4260 * returns zero on success, an error code otherwise
4261 */
smack_socket_getpeersec_stream(struct socket * sock,sockptr_t optval,sockptr_t optlen,unsigned int len)4262 static int smack_socket_getpeersec_stream(struct socket *sock,
4263 sockptr_t optval, sockptr_t optlen,
4264 unsigned int len)
4265 {
4266 struct socket_smack *ssp;
4267 char *rcp = "";
4268 u32 slen = 1;
4269 int rc = 0;
4270
4271 ssp = smack_sock(sock->sk);
4272 if (ssp->smk_packet != NULL) {
4273 rcp = ssp->smk_packet->smk_known;
4274 slen = strlen(rcp) + 1;
4275 }
4276 if (slen > len) {
4277 rc = -ERANGE;
4278 goto out_len;
4279 }
4280
4281 if (copy_to_sockptr(optval, rcp, slen))
4282 rc = -EFAULT;
4283 out_len:
4284 if (copy_to_sockptr(optlen, &slen, sizeof(slen)))
4285 rc = -EFAULT;
4286 return rc;
4287 }
4288
4289
4290 /**
4291 * smack_socket_getpeersec_dgram - pull in packet label
4292 * @sock: the peer socket
4293 * @skb: packet data
4294 * @secid: pointer to where to put the secid of the packet
4295 *
4296 * Sets the netlabel socket state on sk from parent
4297 */
smack_socket_getpeersec_dgram(struct socket * sock,struct sk_buff * skb,u32 * secid)4298 static int smack_socket_getpeersec_dgram(struct socket *sock,
4299 struct sk_buff *skb, u32 *secid)
4300
4301 {
4302 struct socket_smack *ssp = NULL;
4303 struct smack_known *skp;
4304 struct sock *sk = NULL;
4305 int family = PF_UNSPEC;
4306 u32 s = 0; /* 0 is the invalid secid */
4307
4308 if (skb != NULL) {
4309 if (skb->protocol == htons(ETH_P_IP))
4310 family = PF_INET;
4311 #if IS_ENABLED(CONFIG_IPV6)
4312 else if (skb->protocol == htons(ETH_P_IPV6))
4313 family = PF_INET6;
4314 #endif /* CONFIG_IPV6 */
4315 }
4316 if (family == PF_UNSPEC && sock != NULL)
4317 family = sock->sk->sk_family;
4318
4319 switch (family) {
4320 case PF_UNIX:
4321 ssp = smack_sock(sock->sk);
4322 s = ssp->smk_out->smk_secid;
4323 break;
4324 case PF_INET:
4325 skp = smack_from_skb(skb);
4326 if (skp) {
4327 s = skp->smk_secid;
4328 break;
4329 }
4330 /*
4331 * Translate what netlabel gave us.
4332 */
4333 if (sock != NULL)
4334 sk = sock->sk;
4335 skp = smack_from_netlbl(sk, family, skb);
4336 if (skp != NULL)
4337 s = skp->smk_secid;
4338 break;
4339 case PF_INET6:
4340 #ifdef SMACK_IPV6_SECMARK_LABELING
4341 skp = smack_from_skb(skb);
4342 if (skp)
4343 s = skp->smk_secid;
4344 #endif
4345 break;
4346 }
4347 *secid = s;
4348 if (s == 0)
4349 return -EINVAL;
4350 return 0;
4351 }
4352
4353 /**
4354 * smack_inet_conn_request - Smack access check on connect
4355 * @sk: socket involved
4356 * @skb: packet
4357 * @req: unused
4358 *
4359 * Returns 0 if a task with the packet label could write to
4360 * the socket, otherwise an error code
4361 */
smack_inet_conn_request(const struct sock * sk,struct sk_buff * skb,struct request_sock * req)4362 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
4363 struct request_sock *req)
4364 {
4365 u16 family = sk->sk_family;
4366 struct smack_known *skp;
4367 struct socket_smack *ssp = smack_sock(sk);
4368 struct sockaddr_in addr;
4369 struct iphdr *hdr;
4370 struct smack_known *hskp;
4371 int rc;
4372 struct smk_audit_info ad;
4373 #ifdef CONFIG_AUDIT
4374 struct lsm_network_audit net;
4375 #endif
4376
4377 #if IS_ENABLED(CONFIG_IPV6)
4378 if (family == PF_INET6) {
4379 /*
4380 * Handle mapped IPv4 packets arriving
4381 * via IPv6 sockets. Don't set up netlabel
4382 * processing on IPv6.
4383 */
4384 if (skb->protocol == htons(ETH_P_IP))
4385 family = PF_INET;
4386 else
4387 return 0;
4388 }
4389 #endif /* CONFIG_IPV6 */
4390
4391 /*
4392 * If there is a secmark use it rather than the CIPSO label.
4393 * If there is no secmark fall back to CIPSO.
4394 * The secmark is assumed to reflect policy better.
4395 */
4396 skp = smack_from_skb(skb);
4397 if (skp == NULL) {
4398 skp = smack_from_netlbl(sk, family, skb);
4399 if (skp == NULL)
4400 skp = &smack_known_huh;
4401 }
4402
4403 #ifdef CONFIG_AUDIT
4404 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4405 ad.a.u.net->family = family;
4406 ad.a.u.net->netif = skb->skb_iif;
4407 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4408 #endif
4409 /*
4410 * Receiving a packet requires that the other end be able to write
4411 * here. Read access is not required.
4412 */
4413 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4414 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4415 if (rc != 0)
4416 return rc;
4417
4418 /*
4419 * Save the peer's label in the request_sock so we can later setup
4420 * smk_packet in the child socket so that SO_PEERCRED can report it.
4421 */
4422 req->peer_secid = skp->smk_secid;
4423
4424 /*
4425 * We need to decide if we want to label the incoming connection here
4426 * if we do we only need to label the request_sock and the stack will
4427 * propagate the wire-label to the sock when it is created.
4428 */
4429 hdr = ip_hdr(skb);
4430 addr.sin_addr.s_addr = hdr->saddr;
4431 rcu_read_lock();
4432 hskp = smack_ipv4host_label(&addr);
4433 rcu_read_unlock();
4434
4435 if (hskp == NULL)
4436 rc = netlbl_req_setattr(req, &ssp->smk_out->smk_netlabel);
4437 else
4438 netlbl_req_delattr(req);
4439
4440 return rc;
4441 }
4442
4443 /**
4444 * smack_inet_csk_clone - Copy the connection information to the new socket
4445 * @sk: the new socket
4446 * @req: the connection's request_sock
4447 *
4448 * Transfer the connection's peer label to the newly created socket.
4449 */
smack_inet_csk_clone(struct sock * sk,const struct request_sock * req)4450 static void smack_inet_csk_clone(struct sock *sk,
4451 const struct request_sock *req)
4452 {
4453 struct socket_smack *ssp = smack_sock(sk);
4454 struct smack_known *skp;
4455
4456 if (req->peer_secid != 0) {
4457 skp = smack_from_secid(req->peer_secid);
4458 ssp->smk_packet = skp;
4459 } else
4460 ssp->smk_packet = NULL;
4461 }
4462
4463 /*
4464 * Key management security hooks
4465 *
4466 * Casey has not tested key support very heavily.
4467 * The permission check is most likely too restrictive.
4468 * If you care about keys please have a look.
4469 */
4470 #ifdef CONFIG_KEYS
4471
4472 /**
4473 * smack_key_alloc - Set the key security blob
4474 * @key: object
4475 * @cred: the credentials to use
4476 * @flags: unused
4477 *
4478 * No allocation required
4479 *
4480 * Returns 0
4481 */
smack_key_alloc(struct key * key,const struct cred * cred,unsigned long flags)4482 static int smack_key_alloc(struct key *key, const struct cred *cred,
4483 unsigned long flags)
4484 {
4485 struct smack_known **blob = smack_key(key);
4486 struct smack_known *skp = smk_of_task(smack_cred(cred));
4487
4488 *blob = skp;
4489 return 0;
4490 }
4491
4492 /**
4493 * smack_key_permission - Smack access on a key
4494 * @key_ref: gets to the object
4495 * @cred: the credentials to use
4496 * @need_perm: requested key permission
4497 *
4498 * Return 0 if the task has read and write to the object,
4499 * an error code otherwise
4500 */
smack_key_permission(key_ref_t key_ref,const struct cred * cred,enum key_need_perm need_perm)4501 static int smack_key_permission(key_ref_t key_ref,
4502 const struct cred *cred,
4503 enum key_need_perm need_perm)
4504 {
4505 struct smack_known **blob;
4506 struct smack_known *skp;
4507 struct key *keyp;
4508 struct smk_audit_info ad;
4509 struct smack_known *tkp = smk_of_task(smack_cred(cred));
4510 int request = 0;
4511 int rc;
4512
4513 /*
4514 * Validate requested permissions
4515 */
4516 switch (need_perm) {
4517 case KEY_NEED_READ:
4518 case KEY_NEED_SEARCH:
4519 case KEY_NEED_VIEW:
4520 request |= MAY_READ;
4521 break;
4522 case KEY_NEED_WRITE:
4523 case KEY_NEED_LINK:
4524 case KEY_NEED_SETATTR:
4525 request |= MAY_WRITE;
4526 break;
4527 case KEY_NEED_UNSPECIFIED:
4528 case KEY_NEED_UNLINK:
4529 case KEY_SYSADMIN_OVERRIDE:
4530 case KEY_AUTHTOKEN_OVERRIDE:
4531 case KEY_DEFER_PERM_CHECK:
4532 return 0;
4533 default:
4534 return -EINVAL;
4535 }
4536
4537 keyp = key_ref_to_ptr(key_ref);
4538 if (keyp == NULL)
4539 return -EINVAL;
4540 /*
4541 * If the key hasn't been initialized give it access so that
4542 * it may do so.
4543 */
4544 blob = smack_key(keyp);
4545 skp = *blob;
4546 if (skp == NULL)
4547 return 0;
4548 /*
4549 * This should not occur
4550 */
4551 if (tkp == NULL)
4552 return -EACCES;
4553
4554 if (smack_privileged(CAP_MAC_OVERRIDE))
4555 return 0;
4556
4557 #ifdef CONFIG_AUDIT
4558 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4559 ad.a.u.key_struct.key = keyp->serial;
4560 ad.a.u.key_struct.key_desc = keyp->description;
4561 #endif
4562 rc = smk_access(tkp, skp, request, &ad);
4563 rc = smk_bu_note("key access", tkp, skp, request, rc);
4564 return rc;
4565 }
4566
4567 /*
4568 * smack_key_getsecurity - Smack label tagging the key
4569 * @key points to the key to be queried
4570 * @_buffer points to a pointer that should be set to point to the
4571 * resulting string (if no label or an error occurs).
4572 * Return the length of the string (including terminating NUL) or -ve if
4573 * an error.
4574 * May also return 0 (and a NULL buffer pointer) if there is no label.
4575 */
smack_key_getsecurity(struct key * key,char ** _buffer)4576 static int smack_key_getsecurity(struct key *key, char **_buffer)
4577 {
4578 struct smack_known **blob = smack_key(key);
4579 struct smack_known *skp = *blob;
4580 size_t length;
4581 char *copy;
4582
4583 if (skp == NULL) {
4584 *_buffer = NULL;
4585 return 0;
4586 }
4587
4588 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4589 if (copy == NULL)
4590 return -ENOMEM;
4591 length = strlen(copy) + 1;
4592
4593 *_buffer = copy;
4594 return length;
4595 }
4596
4597
4598 #ifdef CONFIG_KEY_NOTIFICATIONS
4599 /**
4600 * smack_watch_key - Smack access to watch a key for notifications.
4601 * @key: The key to be watched
4602 *
4603 * Return 0 if the @watch->cred has permission to read from the key object and
4604 * an error otherwise.
4605 */
smack_watch_key(struct key * key)4606 static int smack_watch_key(struct key *key)
4607 {
4608 struct smk_audit_info ad;
4609 struct smack_known *tkp = smk_of_current();
4610 struct smack_known **blob = smack_key(key);
4611 int rc;
4612
4613 /*
4614 * This should not occur
4615 */
4616 if (tkp == NULL)
4617 return -EACCES;
4618
4619 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4620 return 0;
4621
4622 #ifdef CONFIG_AUDIT
4623 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4624 ad.a.u.key_struct.key = key->serial;
4625 ad.a.u.key_struct.key_desc = key->description;
4626 #endif
4627 rc = smk_access(tkp, *blob, MAY_READ, &ad);
4628 rc = smk_bu_note("key watch", tkp, *blob, MAY_READ, rc);
4629 return rc;
4630 }
4631 #endif /* CONFIG_KEY_NOTIFICATIONS */
4632 #endif /* CONFIG_KEYS */
4633
4634 #ifdef CONFIG_WATCH_QUEUE
4635 /**
4636 * smack_post_notification - Smack access to post a notification to a queue
4637 * @w_cred: The credentials of the watcher.
4638 * @cred: The credentials of the event source (may be NULL).
4639 * @n: The notification message to be posted.
4640 */
smack_post_notification(const struct cred * w_cred,const struct cred * cred,struct watch_notification * n)4641 static int smack_post_notification(const struct cred *w_cred,
4642 const struct cred *cred,
4643 struct watch_notification *n)
4644 {
4645 struct smk_audit_info ad;
4646 struct smack_known *subj, *obj;
4647 int rc;
4648
4649 /* Always let maintenance notifications through. */
4650 if (n->type == WATCH_TYPE_META)
4651 return 0;
4652
4653 if (!cred)
4654 return 0;
4655 subj = smk_of_task(smack_cred(cred));
4656 obj = smk_of_task(smack_cred(w_cred));
4657
4658 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION);
4659 rc = smk_access(subj, obj, MAY_WRITE, &ad);
4660 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc);
4661 return rc;
4662 }
4663 #endif /* CONFIG_WATCH_QUEUE */
4664
4665 /*
4666 * Smack Audit hooks
4667 *
4668 * Audit requires a unique representation of each Smack specific
4669 * rule. This unique representation is used to distinguish the
4670 * object to be audited from remaining kernel objects and also
4671 * works as a glue between the audit hooks.
4672 *
4673 * Since repository entries are added but never deleted, we'll use
4674 * the smack_known label address related to the given audit rule as
4675 * the needed unique representation. This also better fits the smack
4676 * model where nearly everything is a label.
4677 */
4678 #ifdef CONFIG_AUDIT
4679
4680 /**
4681 * smack_audit_rule_init - Initialize a smack audit rule
4682 * @field: audit rule fields given from user-space (audit.h)
4683 * @op: required testing operator (=, !=, >, <, ...)
4684 * @rulestr: smack label to be audited
4685 * @vrule: pointer to save our own audit rule representation
4686 * @gfp: type of the memory for the allocation
4687 *
4688 * Prepare to audit cases where (@field @op @rulestr) is true.
4689 * The label to be audited is created if necessay.
4690 */
smack_audit_rule_init(u32 field,u32 op,char * rulestr,void ** vrule,gfp_t gfp)4691 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule,
4692 gfp_t gfp)
4693 {
4694 struct smack_known *skp;
4695 char **rule = (char **)vrule;
4696 *rule = NULL;
4697
4698 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4699 return -EINVAL;
4700
4701 if (op != Audit_equal && op != Audit_not_equal)
4702 return -EINVAL;
4703
4704 skp = smk_import_entry(rulestr, 0);
4705 if (IS_ERR(skp))
4706 return PTR_ERR(skp);
4707
4708 *rule = skp->smk_known;
4709
4710 return 0;
4711 }
4712
4713 /**
4714 * smack_audit_rule_known - Distinguish Smack audit rules
4715 * @krule: rule of interest, in Audit kernel representation format
4716 *
4717 * This is used to filter Smack rules from remaining Audit ones.
4718 * If it's proved that this rule belongs to us, the
4719 * audit_rule_match hook will be called to do the final judgement.
4720 */
smack_audit_rule_known(struct audit_krule * krule)4721 static int smack_audit_rule_known(struct audit_krule *krule)
4722 {
4723 struct audit_field *f;
4724 int i;
4725
4726 for (i = 0; i < krule->field_count; i++) {
4727 f = &krule->fields[i];
4728
4729 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4730 return 1;
4731 }
4732
4733 return 0;
4734 }
4735
4736 /**
4737 * smack_audit_rule_match - Audit given object ?
4738 * @prop: security id for identifying the object to test
4739 * @field: audit rule flags given from user-space
4740 * @op: required testing operator
4741 * @vrule: smack internal rule presentation
4742 *
4743 * The core Audit hook. It's used to take the decision of
4744 * whether to audit or not to audit a given object.
4745 */
smack_audit_rule_match(struct lsm_prop * prop,u32 field,u32 op,void * vrule)4746 static int smack_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,
4747 void *vrule)
4748 {
4749 struct smack_known *skp = prop->smack.skp;
4750 char *rule = vrule;
4751
4752 if (unlikely(!rule)) {
4753 WARN_ONCE(1, "Smack: missing rule\n");
4754 return -ENOENT;
4755 }
4756
4757 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4758 return 0;
4759
4760 /*
4761 * No need to do string comparisons. If a match occurs,
4762 * both pointers will point to the same smack_known
4763 * label.
4764 */
4765 if (op == Audit_equal)
4766 return (rule == skp->smk_known);
4767 if (op == Audit_not_equal)
4768 return (rule != skp->smk_known);
4769
4770 return 0;
4771 }
4772
4773 /*
4774 * There is no need for a smack_audit_rule_free hook.
4775 * No memory was allocated.
4776 */
4777
4778 #endif /* CONFIG_AUDIT */
4779
4780 /**
4781 * smack_ismaclabel - check if xattr @name references a smack MAC label
4782 * @name: Full xattr name to check.
4783 */
smack_ismaclabel(const char * name)4784 static int smack_ismaclabel(const char *name)
4785 {
4786 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4787 }
4788
4789 /**
4790 * smack_to_secctx - fill a lsm_context
4791 * @skp: Smack label
4792 * @cp: destination
4793 *
4794 * Fill the passed @cp and return the length of the string
4795 */
smack_to_secctx(struct smack_known * skp,struct lsm_context * cp)4796 static int smack_to_secctx(struct smack_known *skp, struct lsm_context *cp)
4797 {
4798 int len = strlen(skp->smk_known);
4799
4800 if (cp) {
4801 cp->context = skp->smk_known;
4802 cp->len = len;
4803 cp->id = LSM_ID_SMACK;
4804 }
4805 return len;
4806 }
4807
4808 /**
4809 * smack_secid_to_secctx - return the smack label for a secid
4810 * @secid: incoming integer
4811 * @cp: destination
4812 *
4813 * Exists for networking code.
4814 */
smack_secid_to_secctx(u32 secid,struct lsm_context * cp)4815 static int smack_secid_to_secctx(u32 secid, struct lsm_context *cp)
4816 {
4817 return smack_to_secctx(smack_from_secid(secid), cp);
4818 }
4819
4820 /**
4821 * smack_lsmprop_to_secctx - return the smack label
4822 * @prop: includes incoming Smack data
4823 * @cp: destination
4824 *
4825 * Exists for audit code.
4826 */
smack_lsmprop_to_secctx(struct lsm_prop * prop,struct lsm_context * cp)4827 static int smack_lsmprop_to_secctx(struct lsm_prop *prop,
4828 struct lsm_context *cp)
4829 {
4830 return smack_to_secctx(prop->smack.skp, cp);
4831 }
4832
4833 /**
4834 * smack_secctx_to_secid - return the secid for a smack label
4835 * @secdata: smack label
4836 * @seclen: how long result is
4837 * @secid: outgoing integer
4838 *
4839 * Exists for audit and networking code.
4840 */
smack_secctx_to_secid(const char * secdata,u32 seclen,u32 * secid)4841 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4842 {
4843 struct smack_known *skp = smk_find_entry(secdata);
4844
4845 if (skp)
4846 *secid = skp->smk_secid;
4847 else
4848 *secid = 0;
4849 return 0;
4850 }
4851
4852 /*
4853 * There used to be a smack_release_secctx hook
4854 * that did nothing back when hooks were in a vector.
4855 * Now that there's a list such a hook adds cost.
4856 */
4857
smack_inode_notifysecctx(struct inode * inode,void * ctx,u32 ctxlen)4858 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4859 {
4860 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx,
4861 ctxlen, 0);
4862 }
4863
smack_inode_setsecctx(struct dentry * dentry,void * ctx,u32 ctxlen)4864 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4865 {
4866 return __vfs_setxattr_locked(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK,
4867 ctx, ctxlen, 0, NULL);
4868 }
4869
smack_inode_getsecctx(struct inode * inode,struct lsm_context * cp)4870 static int smack_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
4871 {
4872 struct smack_known *skp = smk_of_inode(inode);
4873
4874 cp->context = skp->smk_known;
4875 cp->len = strlen(skp->smk_known);
4876 cp->id = LSM_ID_SMACK;
4877 return 0;
4878 }
4879
smack_inode_copy_up(struct dentry * dentry,struct cred ** new)4880 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4881 {
4882
4883 struct task_smack *tsp;
4884 struct smack_known *skp;
4885 struct inode_smack *isp;
4886 struct cred *new_creds = *new;
4887
4888 if (new_creds == NULL) {
4889 new_creds = prepare_creds();
4890 if (new_creds == NULL)
4891 return -ENOMEM;
4892 }
4893
4894 tsp = smack_cred(new_creds);
4895
4896 /*
4897 * Get label from overlay inode and set it in create_sid
4898 */
4899 isp = smack_inode(d_inode(dentry));
4900 skp = isp->smk_inode;
4901 tsp->smk_task = skp;
4902 *new = new_creds;
4903 return 0;
4904 }
4905
smack_inode_copy_up_xattr(struct dentry * src,const char * name)4906 static int smack_inode_copy_up_xattr(struct dentry *src, const char *name)
4907 {
4908 /*
4909 * Return -ECANCELED if this is the smack access Smack attribute.
4910 */
4911 if (!strcmp(name, XATTR_NAME_SMACK))
4912 return -ECANCELED;
4913
4914 return -EOPNOTSUPP;
4915 }
4916
smack_dentry_create_files_as(struct dentry * dentry,int mode,struct qstr * name,const struct cred * old,struct cred * new)4917 static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4918 struct qstr *name,
4919 const struct cred *old,
4920 struct cred *new)
4921 {
4922 struct task_smack *otsp = smack_cred(old);
4923 struct task_smack *ntsp = smack_cred(new);
4924 struct inode_smack *isp;
4925 int may;
4926
4927 /*
4928 * Use the process credential unless all of
4929 * the transmuting criteria are met
4930 */
4931 ntsp->smk_task = otsp->smk_task;
4932
4933 /*
4934 * the attribute of the containing directory
4935 */
4936 isp = smack_inode(d_inode(dentry->d_parent));
4937
4938 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4939 rcu_read_lock();
4940 may = smk_access_entry(otsp->smk_task->smk_known,
4941 isp->smk_inode->smk_known,
4942 &otsp->smk_task->smk_rules);
4943 rcu_read_unlock();
4944
4945 /*
4946 * If the directory is transmuting and the rule
4947 * providing access is transmuting use the containing
4948 * directory label instead of the process label.
4949 */
4950 if (may > 0 && (may & MAY_TRANSMUTE)) {
4951 ntsp->smk_task = isp->smk_inode;
4952 ntsp->smk_transmuted = ntsp->smk_task;
4953 }
4954 }
4955 return 0;
4956 }
4957
4958 #ifdef CONFIG_IO_URING
4959 /**
4960 * smack_uring_override_creds - Is io_uring cred override allowed?
4961 * @new: the target creds
4962 *
4963 * Check to see if the current task is allowed to override it's credentials
4964 * to service an io_uring operation.
4965 */
smack_uring_override_creds(const struct cred * new)4966 static int smack_uring_override_creds(const struct cred *new)
4967 {
4968 struct task_smack *tsp = smack_cred(current_cred());
4969 struct task_smack *nsp = smack_cred(new);
4970
4971 /*
4972 * Allow the degenerate case where the new Smack value is
4973 * the same as the current Smack value.
4974 */
4975 if (tsp->smk_task == nsp->smk_task)
4976 return 0;
4977
4978 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4979 return 0;
4980
4981 return -EPERM;
4982 }
4983
4984 /**
4985 * smack_uring_sqpoll - check if a io_uring polling thread can be created
4986 *
4987 * Check to see if the current task is allowed to create a new io_uring
4988 * kernel polling thread.
4989 */
smack_uring_sqpoll(void)4990 static int smack_uring_sqpoll(void)
4991 {
4992 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred()))
4993 return 0;
4994
4995 return -EPERM;
4996 }
4997
4998 /**
4999 * smack_uring_cmd - check on file operations for io_uring
5000 * @ioucmd: the command in question
5001 *
5002 * Make a best guess about whether a io_uring "command" should
5003 * be allowed. Use the same logic used for determining if the
5004 * file could be opened for read in the absence of better criteria.
5005 */
smack_uring_cmd(struct io_uring_cmd * ioucmd)5006 static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
5007 {
5008 struct file *file = ioucmd->file;
5009 struct smk_audit_info ad;
5010 struct task_smack *tsp;
5011 struct inode *inode;
5012 int rc;
5013
5014 if (!file)
5015 return -EINVAL;
5016
5017 tsp = smack_cred(file->f_cred);
5018 inode = file_inode(file);
5019
5020 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
5021 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5022 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
5023 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
5024
5025 return rc;
5026 }
5027
5028 #endif /* CONFIG_IO_URING */
5029
5030 struct lsm_blob_sizes smack_blob_sizes __ro_after_init = {
5031 .lbs_cred = sizeof(struct task_smack),
5032 .lbs_file = sizeof(struct smack_known *),
5033 .lbs_inode = sizeof(struct inode_smack),
5034 .lbs_ipc = sizeof(struct smack_known *),
5035 .lbs_key = sizeof(struct smack_known *),
5036 .lbs_msg_msg = sizeof(struct smack_known *),
5037 .lbs_sock = sizeof(struct socket_smack),
5038 .lbs_superblock = sizeof(struct superblock_smack),
5039 .lbs_xattr_count = SMACK_INODE_INIT_XATTRS,
5040 };
5041
5042 static const struct lsm_id smack_lsmid = {
5043 .name = "smack",
5044 .id = LSM_ID_SMACK,
5045 };
5046
5047 static struct security_hook_list smack_hooks[] __ro_after_init = {
5048 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
5049 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
5050 LSM_HOOK_INIT(syslog, smack_syslog),
5051
5052 LSM_HOOK_INIT(fs_context_submount, smack_fs_context_submount),
5053 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
5054 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
5055
5056 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
5057 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
5058 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
5059 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
5060 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
5061
5062 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),
5063
5064 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
5065 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
5066 LSM_HOOK_INIT(inode_link, smack_inode_link),
5067 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
5068 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
5069 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
5070 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
5071 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
5072 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
5073 LSM_HOOK_INIT(inode_xattr_skipcap, smack_inode_xattr_skipcap),
5074 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
5075 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
5076 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
5077 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
5078 LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl),
5079 LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl),
5080 LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl),
5081 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
5082 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
5083 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
5084 LSM_HOOK_INIT(inode_getlsmprop, smack_inode_getlsmprop),
5085
5086 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
5087 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
5088 LSM_HOOK_INIT(file_ioctl_compat, smack_file_ioctl),
5089 LSM_HOOK_INIT(file_lock, smack_file_lock),
5090 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
5091 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
5092 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
5093 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
5094 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
5095 LSM_HOOK_INIT(file_receive, smack_file_receive),
5096
5097 LSM_HOOK_INIT(file_open, smack_file_open),
5098
5099 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
5100 LSM_HOOK_INIT(cred_free, smack_cred_free),
5101 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
5102 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
5103 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
5104 LSM_HOOK_INIT(cred_getlsmprop, smack_cred_getlsmprop),
5105 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
5106 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
5107 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
5108 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
5109 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
5110 LSM_HOOK_INIT(current_getlsmprop_subj, smack_current_getlsmprop_subj),
5111 LSM_HOOK_INIT(task_getlsmprop_obj, smack_task_getlsmprop_obj),
5112 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
5113 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
5114 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
5115 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
5116 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
5117 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
5118 LSM_HOOK_INIT(task_kill, smack_task_kill),
5119 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
5120
5121 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
5122 LSM_HOOK_INIT(ipc_getlsmprop, smack_ipc_getlsmprop),
5123
5124 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
5125
5126 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
5127 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
5128 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
5129 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
5130 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
5131
5132 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
5133 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
5134 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
5135 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
5136
5137 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
5138 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
5139 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
5140 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
5141
5142 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
5143
5144 LSM_HOOK_INIT(getselfattr, smack_getselfattr),
5145 LSM_HOOK_INIT(setselfattr, smack_setselfattr),
5146 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
5147 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
5148
5149 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
5150 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
5151
5152 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
5153 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
5154 #ifdef SMACK_IPV6_PORT_LABELING
5155 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
5156 #endif
5157 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
5158 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
5159 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
5160 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
5161 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
5162 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
5163 #ifdef SMACK_IPV6_PORT_LABELING
5164 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
5165 #endif
5166 LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security),
5167 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
5168 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
5169
5170 /* key management security hooks */
5171 #ifdef CONFIG_KEYS
5172 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
5173 LSM_HOOK_INIT(key_permission, smack_key_permission),
5174 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
5175 #ifdef CONFIG_KEY_NOTIFICATIONS
5176 LSM_HOOK_INIT(watch_key, smack_watch_key),
5177 #endif
5178 #endif /* CONFIG_KEYS */
5179
5180 #ifdef CONFIG_WATCH_QUEUE
5181 LSM_HOOK_INIT(post_notification, smack_post_notification),
5182 #endif
5183
5184 /* Audit hooks */
5185 #ifdef CONFIG_AUDIT
5186 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
5187 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
5188 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
5189 #endif /* CONFIG_AUDIT */
5190
5191 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
5192 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
5193 LSM_HOOK_INIT(lsmprop_to_secctx, smack_lsmprop_to_secctx),
5194 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
5195 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
5196 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
5197 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
5198 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
5199 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
5200 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
5201 #ifdef CONFIG_IO_URING
5202 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds),
5203 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll),
5204 LSM_HOOK_INIT(uring_cmd, smack_uring_cmd),
5205 #endif
5206 };
5207
5208
init_smack_known_list(void)5209 static __init void init_smack_known_list(void)
5210 {
5211 /*
5212 * Initialize rule list locks
5213 */
5214 mutex_init(&smack_known_huh.smk_rules_lock);
5215 mutex_init(&smack_known_hat.smk_rules_lock);
5216 mutex_init(&smack_known_floor.smk_rules_lock);
5217 mutex_init(&smack_known_star.smk_rules_lock);
5218 mutex_init(&smack_known_web.smk_rules_lock);
5219 /*
5220 * Initialize rule lists
5221 */
5222 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
5223 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
5224 INIT_LIST_HEAD(&smack_known_star.smk_rules);
5225 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
5226 INIT_LIST_HEAD(&smack_known_web.smk_rules);
5227 /*
5228 * Create the known labels list
5229 */
5230 smk_insert_entry(&smack_known_huh);
5231 smk_insert_entry(&smack_known_hat);
5232 smk_insert_entry(&smack_known_star);
5233 smk_insert_entry(&smack_known_floor);
5234 smk_insert_entry(&smack_known_web);
5235 }
5236
5237 /**
5238 * smack_init - initialize the smack system
5239 *
5240 * Returns 0 on success, -ENOMEM is there's no memory
5241 */
smack_init(void)5242 static __init int smack_init(void)
5243 {
5244 struct cred *cred = (struct cred *) current->cred;
5245 struct task_smack *tsp;
5246
5247 smack_rule_cache = KMEM_CACHE(smack_rule, 0);
5248 if (!smack_rule_cache)
5249 return -ENOMEM;
5250
5251 /*
5252 * Set the security state for the initial task.
5253 */
5254 tsp = smack_cred(cred);
5255 init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
5256
5257 /*
5258 * Register with LSM
5259 */
5260 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid);
5261 smack_enabled = 1;
5262
5263 pr_info("Smack: Initializing.\n");
5264 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
5265 pr_info("Smack: Netfilter enabled.\n");
5266 #endif
5267 #ifdef SMACK_IPV6_PORT_LABELING
5268 pr_info("Smack: IPv6 port labeling enabled.\n");
5269 #endif
5270 #ifdef SMACK_IPV6_SECMARK_LABELING
5271 pr_info("Smack: IPv6 Netfilter enabled.\n");
5272 #endif
5273
5274 /* initialize the smack_known_list */
5275 init_smack_known_list();
5276
5277 return 0;
5278 }
5279
5280 /*
5281 * Smack requires early initialization in order to label
5282 * all processes and objects when they are created.
5283 */
5284 DEFINE_LSM(smack) = {
5285 .name = "smack",
5286 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
5287 .blobs = &smack_blob_sizes,
5288 .init = smack_init,
5289 };
5290