2 * Simplified MAC Kernel (smack) security module
4 * This file contains the smack hook function implementations.
7 * Casey Schaufler <casey@schaufler-ca.com>
8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
12 * Paul Moore <paul@paul-moore.com>
13 * Copyright (C) 2010 Nokia Corporation
14 * Copyright (C) 2011 Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
21 #include <linux/xattr.h>
22 #include <linux/pagemap.h>
23 #include <linux/mount.h>
24 #include <linux/stat.h>
26 #include <asm/ioctls.h>
28 #include <linux/tcp.h>
29 #include <linux/udp.h>
30 #include <linux/slab.h>
31 #include <linux/mutex.h>
32 #include <linux/pipe_fs_i.h>
33 #include <net/cipso_ipv4.h>
34 #include <linux/audit.h>
35 #include <linux/magic.h>
36 #include <linux/dcache.h>
37 #include <linux/personality.h>
38 #include <linux/msg.h>
39 #include <linux/shm.h>
40 #include <linux/binfmts.h>
43 #define task_security(task) (task_cred_xxx((task), security))
45 #define TRANS_TRUE "TRUE"
46 #define TRANS_TRUE_SIZE 4
49 * smk_fetch - Fetch the smack label from a file.
50 * @ip: a pointer to the inode
51 * @dp: a pointer to the dentry
53 * Returns a pointer to the master list entry for the Smack label
54 * or NULL if there was no label to fetch.
56 static char *smk_fetch(const char *name
, struct inode
*ip
, struct dentry
*dp
)
62 if (ip
->i_op
->getxattr
== NULL
)
65 buffer
= kzalloc(SMK_LONGLABEL
, GFP_KERNEL
);
69 rc
= ip
->i_op
->getxattr(dp
, name
, buffer
, SMK_LONGLABEL
);
71 result
= smk_import(buffer
, rc
);
79 * new_inode_smack - allocate an inode security blob
80 * @smack: a pointer to the Smack label to use in the blob
82 * Returns the new blob or NULL if there's no memory available
84 struct inode_smack
*new_inode_smack(char *smack
)
86 struct inode_smack
*isp
;
88 isp
= kzalloc(sizeof(struct inode_smack
), GFP_NOFS
);
92 isp
->smk_inode
= smack
;
94 mutex_init(&isp
->smk_lock
);
100 * new_task_smack - allocate a task security blob
101 * @smack: a pointer to the Smack label to use in the blob
103 * Returns the new blob or NULL if there's no memory available
105 static struct task_smack
*new_task_smack(char *task
, char *forked
, gfp_t gfp
)
107 struct task_smack
*tsp
;
109 tsp
= kzalloc(sizeof(struct task_smack
), gfp
);
113 tsp
->smk_task
= task
;
114 tsp
->smk_forked
= forked
;
115 INIT_LIST_HEAD(&tsp
->smk_rules
);
116 mutex_init(&tsp
->smk_rules_lock
);
122 * smk_copy_rules - copy a rule set
123 * @nhead - new rules header pointer
124 * @ohead - old rules header pointer
126 * Returns 0 on success, -ENOMEM on error
128 static int smk_copy_rules(struct list_head
*nhead
, struct list_head
*ohead
,
131 struct smack_rule
*nrp
;
132 struct smack_rule
*orp
;
135 INIT_LIST_HEAD(nhead
);
137 list_for_each_entry_rcu(orp
, ohead
, list
) {
138 nrp
= kzalloc(sizeof(struct smack_rule
), gfp
);
144 list_add_rcu(&nrp
->list
, nhead
);
151 * We he, that is fun!
155 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
156 * @ctp: child task pointer
157 * @mode: ptrace attachment mode
159 * Returns 0 if access is OK, an error code otherwise
161 * Do the capability checks, and require read and write.
163 static int smack_ptrace_access_check(struct task_struct
*ctp
, unsigned int mode
)
166 struct smk_audit_info ad
;
169 rc
= cap_ptrace_access_check(ctp
, mode
);
173 tsp
= smk_of_task(task_security(ctp
));
174 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_TASK
);
175 smk_ad_setfield_u_tsk(&ad
, ctp
);
177 rc
= smk_curacc(tsp
, MAY_READWRITE
, &ad
);
182 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
183 * @ptp: parent task pointer
185 * Returns 0 if access is OK, an error code otherwise
187 * Do the capability checks, and require read and write.
189 static int smack_ptrace_traceme(struct task_struct
*ptp
)
192 struct smk_audit_info ad
;
195 rc
= cap_ptrace_traceme(ptp
);
199 tsp
= smk_of_task(task_security(ptp
));
200 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_TASK
);
201 smk_ad_setfield_u_tsk(&ad
, ptp
);
203 rc
= smk_curacc(tsp
, MAY_READWRITE
, &ad
);
208 * smack_syslog - Smack approval on syslog
209 * @type: message type
211 * Require that the task has the floor label
213 * Returns 0 on success, error code otherwise.
215 static int smack_syslog(int typefrom_file
)
218 char *sp
= smk_of_current();
220 if (smack_privileged(CAP_MAC_OVERRIDE
))
223 if (sp
!= smack_known_floor
.smk_known
)
235 * smack_sb_alloc_security - allocate a superblock blob
236 * @sb: the superblock getting the blob
238 * Returns 0 on success or -ENOMEM on error.
240 static int smack_sb_alloc_security(struct super_block
*sb
)
242 struct superblock_smack
*sbsp
;
244 sbsp
= kzalloc(sizeof(struct superblock_smack
), GFP_KERNEL
);
249 sbsp
->smk_root
= smack_known_floor
.smk_known
;
250 sbsp
->smk_default
= smack_known_floor
.smk_known
;
251 sbsp
->smk_floor
= smack_known_floor
.smk_known
;
252 sbsp
->smk_hat
= smack_known_hat
.smk_known
;
253 sbsp
->smk_initialized
= 0;
255 sb
->s_security
= sbsp
;
261 * smack_sb_free_security - free a superblock blob
262 * @sb: the superblock getting the blob
265 static void smack_sb_free_security(struct super_block
*sb
)
267 kfree(sb
->s_security
);
268 sb
->s_security
= NULL
;
272 * smack_sb_copy_data - copy mount options data for processing
273 * @orig: where to start
274 * @smackopts: mount options string
276 * Returns 0 on success or -ENOMEM on error.
278 * Copy the Smack specific mount options out of the mount
281 static int smack_sb_copy_data(char *orig
, char *smackopts
)
283 char *cp
, *commap
, *otheropts
, *dp
;
285 otheropts
= (char *)get_zeroed_page(GFP_KERNEL
);
286 if (otheropts
== NULL
)
289 for (cp
= orig
, commap
= orig
; commap
!= NULL
; cp
= commap
+ 1) {
290 if (strstr(cp
, SMK_FSDEFAULT
) == cp
)
292 else if (strstr(cp
, SMK_FSFLOOR
) == cp
)
294 else if (strstr(cp
, SMK_FSHAT
) == cp
)
296 else if (strstr(cp
, SMK_FSROOT
) == cp
)
301 commap
= strchr(cp
, ',');
310 strcpy(orig
, otheropts
);
311 free_page((unsigned long)otheropts
);
317 * smack_sb_kern_mount - Smack specific mount processing
318 * @sb: the file system superblock
319 * @flags: the mount flags
320 * @data: the smack mount options
322 * Returns 0 on success, an error code on failure
324 static int smack_sb_kern_mount(struct super_block
*sb
, int flags
, void *data
)
326 struct dentry
*root
= sb
->s_root
;
327 struct inode
*inode
= root
->d_inode
;
328 struct superblock_smack
*sp
= sb
->s_security
;
329 struct inode_smack
*isp
;
334 if (sp
->smk_initialized
!= 0)
337 sp
->smk_initialized
= 1;
339 for (op
= data
; op
!= NULL
; op
= commap
) {
340 commap
= strchr(op
, ',');
344 if (strncmp(op
, SMK_FSHAT
, strlen(SMK_FSHAT
)) == 0) {
345 op
+= strlen(SMK_FSHAT
);
346 nsp
= smk_import(op
, 0);
349 } else if (strncmp(op
, SMK_FSFLOOR
, strlen(SMK_FSFLOOR
)) == 0) {
350 op
+= strlen(SMK_FSFLOOR
);
351 nsp
= smk_import(op
, 0);
354 } else if (strncmp(op
, SMK_FSDEFAULT
,
355 strlen(SMK_FSDEFAULT
)) == 0) {
356 op
+= strlen(SMK_FSDEFAULT
);
357 nsp
= smk_import(op
, 0);
359 sp
->smk_default
= nsp
;
360 } else if (strncmp(op
, SMK_FSROOT
, strlen(SMK_FSROOT
)) == 0) {
361 op
+= strlen(SMK_FSROOT
);
362 nsp
= smk_import(op
, 0);
369 * Initialize the root inode.
371 isp
= inode
->i_security
;
373 inode
->i_security
= new_inode_smack(sp
->smk_root
);
375 isp
->smk_inode
= sp
->smk_root
;
381 * smack_sb_statfs - Smack check on statfs
382 * @dentry: identifies the file system in question
384 * Returns 0 if current can read the floor of the filesystem,
385 * and error code otherwise
387 static int smack_sb_statfs(struct dentry
*dentry
)
389 struct superblock_smack
*sbp
= dentry
->d_sb
->s_security
;
391 struct smk_audit_info ad
;
393 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_DENTRY
);
394 smk_ad_setfield_u_fs_path_dentry(&ad
, dentry
);
396 rc
= smk_curacc(sbp
->smk_floor
, MAY_READ
, &ad
);
401 * smack_sb_mount - Smack check for mounting
408 * Returns 0 if current can write the floor of the filesystem
409 * being mounted on, an error code otherwise.
411 static int smack_sb_mount(const char *dev_name
, struct path
*path
,
412 const char *type
, unsigned long flags
, void *data
)
414 struct superblock_smack
*sbp
= path
->dentry
->d_sb
->s_security
;
415 struct smk_audit_info ad
;
417 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_PATH
);
418 smk_ad_setfield_u_fs_path(&ad
, *path
);
420 return smk_curacc(sbp
->smk_floor
, MAY_WRITE
, &ad
);
424 * smack_sb_umount - Smack check for unmounting
425 * @mnt: file system to unmount
428 * Returns 0 if current can write the floor of the filesystem
429 * being unmounted, an error code otherwise.
431 static int smack_sb_umount(struct vfsmount
*mnt
, int flags
)
433 struct superblock_smack
*sbp
;
434 struct smk_audit_info ad
;
437 path
.dentry
= mnt
->mnt_root
;
440 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_PATH
);
441 smk_ad_setfield_u_fs_path(&ad
, path
);
443 sbp
= path
.dentry
->d_sb
->s_security
;
444 return smk_curacc(sbp
->smk_floor
, MAY_WRITE
, &ad
);
452 * smack_bprm_set_creds - set creds for exec
453 * @bprm: the exec information
455 * Returns 0 if it gets a blob, -ENOMEM otherwise
457 static int smack_bprm_set_creds(struct linux_binprm
*bprm
)
459 struct inode
*inode
= bprm
->file
->f_path
.dentry
->d_inode
;
460 struct task_smack
*bsp
= bprm
->cred
->security
;
461 struct inode_smack
*isp
;
464 rc
= cap_bprm_set_creds(bprm
);
468 if (bprm
->cred_prepared
)
471 isp
= inode
->i_security
;
472 if (isp
->smk_task
== NULL
|| isp
->smk_task
== bsp
->smk_task
)
478 bsp
->smk_task
= isp
->smk_task
;
479 bprm
->per_clear
|= PER_CLEAR_ON_SETID
;
485 * smack_bprm_committing_creds - Prepare to install the new credentials
488 * @bprm: binprm for exec
490 static void smack_bprm_committing_creds(struct linux_binprm
*bprm
)
492 struct task_smack
*bsp
= bprm
->cred
->security
;
494 if (bsp
->smk_task
!= bsp
->smk_forked
)
495 current
->pdeath_signal
= 0;
499 * smack_bprm_secureexec - Return the decision to use secureexec.
500 * @bprm: binprm for exec
502 * Returns 0 on success.
504 static int smack_bprm_secureexec(struct linux_binprm
*bprm
)
506 struct task_smack
*tsp
= current_security();
507 int ret
= cap_bprm_secureexec(bprm
);
509 if (!ret
&& (tsp
->smk_task
!= tsp
->smk_forked
))
520 * smack_inode_alloc_security - allocate an inode blob
521 * @inode: the inode in need of a blob
523 * Returns 0 if it gets a blob, -ENOMEM otherwise
525 static int smack_inode_alloc_security(struct inode
*inode
)
527 inode
->i_security
= new_inode_smack(smk_of_current());
528 if (inode
->i_security
== NULL
)
534 * smack_inode_free_security - free an inode blob
535 * @inode: the inode with a blob
537 * Clears the blob pointer in inode
539 static void smack_inode_free_security(struct inode
*inode
)
541 kfree(inode
->i_security
);
542 inode
->i_security
= NULL
;
546 * smack_inode_init_security - copy out the smack from an inode
550 * @name: where to put the attribute name
551 * @value: where to put the attribute value
552 * @len: where to put the length of the attribute
554 * Returns 0 if it all works out, -ENOMEM if there's no memory
556 static int smack_inode_init_security(struct inode
*inode
, struct inode
*dir
,
557 const struct qstr
*qstr
, char **name
,
558 void **value
, size_t *len
)
560 struct smack_known
*skp
;
561 struct inode_smack
*issp
= inode
->i_security
;
562 char *csp
= smk_of_current();
563 char *isp
= smk_of_inode(inode
);
564 char *dsp
= smk_of_inode(dir
);
568 *name
= kstrdup(XATTR_SMACK_SUFFIX
, GFP_NOFS
);
574 skp
= smk_find_entry(csp
);
576 may
= smk_access_entry(csp
, dsp
, &skp
->smk_rules
);
580 * If the access rule allows transmutation and
581 * the directory requests transmutation then
582 * by all means transmute.
583 * Mark the inode as changed.
585 if (may
> 0 && ((may
& MAY_TRANSMUTE
) != 0) &&
586 smk_inode_transmutable(dir
)) {
588 issp
->smk_flags
|= SMK_INODE_CHANGED
;
591 *value
= kstrdup(isp
, GFP_NOFS
);
597 *len
= strlen(isp
) + 1;
603 * smack_inode_link - Smack check on link
604 * @old_dentry: the existing object
606 * @new_dentry: the new object
608 * Returns 0 if access is permitted, an error code otherwise
610 static int smack_inode_link(struct dentry
*old_dentry
, struct inode
*dir
,
611 struct dentry
*new_dentry
)
614 struct smk_audit_info ad
;
617 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_DENTRY
);
618 smk_ad_setfield_u_fs_path_dentry(&ad
, old_dentry
);
620 isp
= smk_of_inode(old_dentry
->d_inode
);
621 rc
= smk_curacc(isp
, MAY_WRITE
, &ad
);
623 if (rc
== 0 && new_dentry
->d_inode
!= NULL
) {
624 isp
= smk_of_inode(new_dentry
->d_inode
);
625 smk_ad_setfield_u_fs_path_dentry(&ad
, new_dentry
);
626 rc
= smk_curacc(isp
, MAY_WRITE
, &ad
);
633 * smack_inode_unlink - Smack check on inode deletion
634 * @dir: containing directory object
635 * @dentry: file to unlink
637 * Returns 0 if current can write the containing directory
638 * and the object, error code otherwise
640 static int smack_inode_unlink(struct inode
*dir
, struct dentry
*dentry
)
642 struct inode
*ip
= dentry
->d_inode
;
643 struct smk_audit_info ad
;
646 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_DENTRY
);
647 smk_ad_setfield_u_fs_path_dentry(&ad
, dentry
);
650 * You need write access to the thing you're unlinking
652 rc
= smk_curacc(smk_of_inode(ip
), MAY_WRITE
, &ad
);
655 * You also need write access to the containing directory
657 smk_ad_setfield_u_fs_path_dentry(&ad
, NULL
);
658 smk_ad_setfield_u_fs_inode(&ad
, dir
);
659 rc
= smk_curacc(smk_of_inode(dir
), MAY_WRITE
, &ad
);
665 * smack_inode_rmdir - Smack check on directory deletion
666 * @dir: containing directory object
667 * @dentry: directory to unlink
669 * Returns 0 if current can write the containing directory
670 * and the directory, error code otherwise
672 static int smack_inode_rmdir(struct inode
*dir
, struct dentry
*dentry
)
674 struct smk_audit_info ad
;
677 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_DENTRY
);
678 smk_ad_setfield_u_fs_path_dentry(&ad
, dentry
);
681 * You need write access to the thing you're removing
683 rc
= smk_curacc(smk_of_inode(dentry
->d_inode
), MAY_WRITE
, &ad
);
686 * You also need write access to the containing directory
688 smk_ad_setfield_u_fs_path_dentry(&ad
, NULL
);
689 smk_ad_setfield_u_fs_inode(&ad
, dir
);
690 rc
= smk_curacc(smk_of_inode(dir
), MAY_WRITE
, &ad
);
697 * smack_inode_rename - Smack check on rename
698 * @old_inode: the old directory
699 * @old_dentry: unused
700 * @new_inode: the new directory
701 * @new_dentry: unused
703 * Read and write access is required on both the old and
706 * Returns 0 if access is permitted, an error code otherwise
708 static int smack_inode_rename(struct inode
*old_inode
,
709 struct dentry
*old_dentry
,
710 struct inode
*new_inode
,
711 struct dentry
*new_dentry
)
715 struct smk_audit_info ad
;
717 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_DENTRY
);
718 smk_ad_setfield_u_fs_path_dentry(&ad
, old_dentry
);
720 isp
= smk_of_inode(old_dentry
->d_inode
);
721 rc
= smk_curacc(isp
, MAY_READWRITE
, &ad
);
723 if (rc
== 0 && new_dentry
->d_inode
!= NULL
) {
724 isp
= smk_of_inode(new_dentry
->d_inode
);
725 smk_ad_setfield_u_fs_path_dentry(&ad
, new_dentry
);
726 rc
= smk_curacc(isp
, MAY_READWRITE
, &ad
);
732 * smack_inode_permission - Smack version of permission()
733 * @inode: the inode in question
734 * @mask: the access requested
736 * This is the important Smack hook.
738 * Returns 0 if access is permitted, -EACCES otherwise
740 static int smack_inode_permission(struct inode
*inode
, int mask
)
742 struct smk_audit_info ad
;
743 int no_block
= mask
& MAY_NOT_BLOCK
;
745 mask
&= (MAY_READ
|MAY_WRITE
|MAY_EXEC
|MAY_APPEND
);
747 * No permission to check. Existence test. Yup, it's there.
752 /* May be droppable after audit */
755 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_INODE
);
756 smk_ad_setfield_u_fs_inode(&ad
, inode
);
757 return smk_curacc(smk_of_inode(inode
), mask
, &ad
);
761 * smack_inode_setattr - Smack check for setting attributes
762 * @dentry: the object
763 * @iattr: for the force flag
765 * Returns 0 if access is permitted, an error code otherwise
767 static int smack_inode_setattr(struct dentry
*dentry
, struct iattr
*iattr
)
769 struct smk_audit_info ad
;
771 * Need to allow for clearing the setuid bit.
773 if (iattr
->ia_valid
& ATTR_FORCE
)
775 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_DENTRY
);
776 smk_ad_setfield_u_fs_path_dentry(&ad
, dentry
);
778 return smk_curacc(smk_of_inode(dentry
->d_inode
), MAY_WRITE
, &ad
);
782 * smack_inode_getattr - Smack check for getting attributes
784 * @dentry: the object
786 * Returns 0 if access is permitted, an error code otherwise
788 static int smack_inode_getattr(struct vfsmount
*mnt
, struct dentry
*dentry
)
790 struct smk_audit_info ad
;
793 path
.dentry
= dentry
;
796 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_PATH
);
797 smk_ad_setfield_u_fs_path(&ad
, path
);
798 return smk_curacc(smk_of_inode(dentry
->d_inode
), MAY_READ
, &ad
);
802 * smack_inode_setxattr - Smack check for setting xattrs
803 * @dentry: the object
804 * @name: name of the attribute
809 * This protects the Smack attribute explicitly.
811 * Returns 0 if access is permitted, an error code otherwise
813 static int smack_inode_setxattr(struct dentry
*dentry
, const char *name
,
814 const void *value
, size_t size
, int flags
)
816 struct smk_audit_info ad
;
819 if (strcmp(name
, XATTR_NAME_SMACK
) == 0 ||
820 strcmp(name
, XATTR_NAME_SMACKIPIN
) == 0 ||
821 strcmp(name
, XATTR_NAME_SMACKIPOUT
) == 0 ||
822 strcmp(name
, XATTR_NAME_SMACKEXEC
) == 0 ||
823 strcmp(name
, XATTR_NAME_SMACKMMAP
) == 0) {
824 if (!smack_privileged(CAP_MAC_ADMIN
))
827 * check label validity here so import wont fail on
830 if (size
== 0 || size
>= SMK_LONGLABEL
||
831 smk_import(value
, size
) == NULL
)
833 } else if (strcmp(name
, XATTR_NAME_SMACKTRANSMUTE
) == 0) {
834 if (!smack_privileged(CAP_MAC_ADMIN
))
836 if (size
!= TRANS_TRUE_SIZE
||
837 strncmp(value
, TRANS_TRUE
, TRANS_TRUE_SIZE
) != 0)
840 rc
= cap_inode_setxattr(dentry
, name
, value
, size
, flags
);
842 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_DENTRY
);
843 smk_ad_setfield_u_fs_path_dentry(&ad
, dentry
);
846 rc
= smk_curacc(smk_of_inode(dentry
->d_inode
), MAY_WRITE
, &ad
);
852 * smack_inode_post_setxattr - Apply the Smack update approved above
854 * @name: attribute name
855 * @value: attribute value
856 * @size: attribute size
859 * Set the pointer in the inode blob to the entry found
860 * in the master label list.
862 static void smack_inode_post_setxattr(struct dentry
*dentry
, const char *name
,
863 const void *value
, size_t size
, int flags
)
866 struct inode_smack
*isp
= dentry
->d_inode
->i_security
;
868 if (strcmp(name
, XATTR_NAME_SMACK
) == 0) {
869 nsp
= smk_import(value
, size
);
871 isp
->smk_inode
= nsp
;
873 isp
->smk_inode
= smack_known_invalid
.smk_known
;
874 } else if (strcmp(name
, XATTR_NAME_SMACKEXEC
) == 0) {
875 nsp
= smk_import(value
, size
);
879 isp
->smk_task
= smack_known_invalid
.smk_known
;
880 } else if (strcmp(name
, XATTR_NAME_SMACKMMAP
) == 0) {
881 nsp
= smk_import(value
, size
);
885 isp
->smk_mmap
= smack_known_invalid
.smk_known
;
886 } else if (strcmp(name
, XATTR_NAME_SMACKTRANSMUTE
) == 0)
887 isp
->smk_flags
|= SMK_INODE_TRANSMUTE
;
893 * smack_inode_getxattr - Smack check on getxattr
894 * @dentry: the object
897 * Returns 0 if access is permitted, an error code otherwise
899 static int smack_inode_getxattr(struct dentry
*dentry
, const char *name
)
901 struct smk_audit_info ad
;
903 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_DENTRY
);
904 smk_ad_setfield_u_fs_path_dentry(&ad
, dentry
);
906 return smk_curacc(smk_of_inode(dentry
->d_inode
), MAY_READ
, &ad
);
910 * smack_inode_removexattr - Smack check on removexattr
911 * @dentry: the object
912 * @name: name of the attribute
914 * Removing the Smack attribute requires CAP_MAC_ADMIN
916 * Returns 0 if access is permitted, an error code otherwise
918 static int smack_inode_removexattr(struct dentry
*dentry
, const char *name
)
920 struct inode_smack
*isp
;
921 struct smk_audit_info ad
;
924 if (strcmp(name
, XATTR_NAME_SMACK
) == 0 ||
925 strcmp(name
, XATTR_NAME_SMACKIPIN
) == 0 ||
926 strcmp(name
, XATTR_NAME_SMACKIPOUT
) == 0 ||
927 strcmp(name
, XATTR_NAME_SMACKEXEC
) == 0 ||
928 strcmp(name
, XATTR_NAME_SMACKTRANSMUTE
) == 0 ||
929 strcmp(name
, XATTR_NAME_SMACKMMAP
)) {
930 if (!smack_privileged(CAP_MAC_ADMIN
))
933 rc
= cap_inode_removexattr(dentry
, name
);
935 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_DENTRY
);
936 smk_ad_setfield_u_fs_path_dentry(&ad
, dentry
);
938 rc
= smk_curacc(smk_of_inode(dentry
->d_inode
), MAY_WRITE
, &ad
);
941 isp
= dentry
->d_inode
->i_security
;
942 isp
->smk_task
= NULL
;
943 isp
->smk_mmap
= NULL
;
950 * smack_inode_getsecurity - get smack xattrs
952 * @name: attribute name
953 * @buffer: where to put the result
956 * Returns the size of the attribute or an error code
958 static int smack_inode_getsecurity(const struct inode
*inode
,
959 const char *name
, void **buffer
,
962 struct socket_smack
*ssp
;
964 struct super_block
*sbp
;
965 struct inode
*ip
= (struct inode
*)inode
;
970 if (strcmp(name
, XATTR_SMACK_SUFFIX
) == 0) {
971 isp
= smk_of_inode(inode
);
972 ilen
= strlen(isp
) + 1;
978 * The rest of the Smack xattrs are only on sockets.
981 if (sbp
->s_magic
!= SOCKFS_MAGIC
)
985 if (sock
== NULL
|| sock
->sk
== NULL
)
988 ssp
= sock
->sk
->sk_security
;
990 if (strcmp(name
, XATTR_SMACK_IPIN
) == 0)
992 else if (strcmp(name
, XATTR_SMACK_IPOUT
) == 0)
997 ilen
= strlen(isp
) + 1;
1008 * smack_inode_listsecurity - list the Smack attributes
1009 * @inode: the object
1010 * @buffer: where they go
1011 * @buffer_size: size of buffer
1013 * Returns 0 on success, -EINVAL otherwise
1015 static int smack_inode_listsecurity(struct inode
*inode
, char *buffer
,
1018 int len
= strlen(XATTR_NAME_SMACK
);
1020 if (buffer
!= NULL
&& len
<= buffer_size
) {
1021 memcpy(buffer
, XATTR_NAME_SMACK
, len
);
1028 * smack_inode_getsecid - Extract inode's security id
1029 * @inode: inode to extract the info from
1030 * @secid: where result will be saved
1032 static void smack_inode_getsecid(const struct inode
*inode
, u32
*secid
)
1034 struct inode_smack
*isp
= inode
->i_security
;
1036 *secid
= smack_to_secid(isp
->smk_inode
);
1044 * smack_file_permission - Smack check on file operations
1050 * Should access checks be done on each read or write?
1051 * UNICOS and SELinux say yes.
1052 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1054 * I'll say no for now. Smack does not do the frequent
1055 * label changing that SELinux does.
1057 static int smack_file_permission(struct file
*file
, int mask
)
1063 * smack_file_alloc_security - assign a file security blob
1066 * The security blob for a file is a pointer to the master
1067 * label list, so no allocation is done.
1071 static int smack_file_alloc_security(struct file
*file
)
1073 file
->f_security
= smk_of_current();
1078 * smack_file_free_security - clear a file security blob
1081 * The security blob for a file is a pointer to the master
1082 * label list, so no memory is freed.
1084 static void smack_file_free_security(struct file
*file
)
1086 file
->f_security
= NULL
;
1090 * smack_file_ioctl - Smack check on ioctls
1095 * Relies heavily on the correct use of the ioctl command conventions.
1097 * Returns 0 if allowed, error code otherwise
1099 static int smack_file_ioctl(struct file
*file
, unsigned int cmd
,
1103 struct smk_audit_info ad
;
1105 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_PATH
);
1106 smk_ad_setfield_u_fs_path(&ad
, file
->f_path
);
1108 if (_IOC_DIR(cmd
) & _IOC_WRITE
)
1109 rc
= smk_curacc(file
->f_security
, MAY_WRITE
, &ad
);
1111 if (rc
== 0 && (_IOC_DIR(cmd
) & _IOC_READ
))
1112 rc
= smk_curacc(file
->f_security
, MAY_READ
, &ad
);
1118 * smack_file_lock - Smack check on file locking
1122 * Returns 0 if current has write access, error code otherwise
1124 static int smack_file_lock(struct file
*file
, unsigned int cmd
)
1126 struct smk_audit_info ad
;
1128 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_PATH
);
1129 smk_ad_setfield_u_fs_path(&ad
, file
->f_path
);
1130 return smk_curacc(file
->f_security
, MAY_WRITE
, &ad
);
1134 * smack_file_fcntl - Smack check on fcntl
1136 * @cmd: what action to check
1139 * Generally these operations are harmless.
1140 * File locking operations present an obvious mechanism
1141 * for passing information, so they require write access.
1143 * Returns 0 if current has access, error code otherwise
1145 static int smack_file_fcntl(struct file
*file
, unsigned int cmd
,
1148 struct smk_audit_info ad
;
1158 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_PATH
);
1159 smk_ad_setfield_u_fs_path(&ad
, file
->f_path
);
1160 rc
= smk_curacc(file
->f_security
, MAY_WRITE
, &ad
);
1171 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1172 * if mapping anonymous memory.
1173 * @file contains the file structure for file to map (may be NULL).
1174 * @reqprot contains the protection requested by the application.
1175 * @prot contains the protection that will be applied by the kernel.
1176 * @flags contains the operational flags.
1177 * Return 0 if permission is granted.
1179 static int smack_mmap_file(struct file
*file
,
1180 unsigned long reqprot
, unsigned long prot
,
1181 unsigned long flags
)
1183 struct smack_known
*skp
;
1184 struct smack_rule
*srp
;
1185 struct task_smack
*tsp
;
1189 struct inode_smack
*isp
;
1196 if (file
== NULL
|| file
->f_dentry
== NULL
)
1199 dp
= file
->f_dentry
;
1201 if (dp
->d_inode
== NULL
)
1204 isp
= dp
->d_inode
->i_security
;
1205 if (isp
->smk_mmap
== NULL
)
1207 msmack
= isp
->smk_mmap
;
1209 tsp
= current_security();
1210 sp
= smk_of_current();
1211 skp
= smk_find_entry(sp
);
1216 * For each Smack rule associated with the subject
1217 * label verify that the SMACK64MMAP also has access
1218 * to that rule's object label.
1220 list_for_each_entry_rcu(srp
, &skp
->smk_rules
, list
) {
1221 osmack
= srp
->smk_object
;
1223 * Matching labels always allows access.
1225 if (msmack
== osmack
)
1228 * If there is a matching local rule take
1229 * that into account as well.
1231 may
= smk_access_entry(srp
->smk_subject
, osmack
,
1234 may
= srp
->smk_access
;
1236 may
&= srp
->smk_access
;
1238 * If may is zero the SMACK64MMAP subject can't
1239 * possibly have less access.
1245 * Fetch the global list entry.
1246 * If there isn't one a SMACK64MMAP subject
1247 * can't have as much access as current.
1249 skp
= smk_find_entry(msmack
);
1250 mmay
= smk_access_entry(msmack
, osmack
, &skp
->smk_rules
);
1251 if (mmay
== -ENOENT
) {
1256 * If there is a local entry it modifies the
1257 * potential access, too.
1259 tmay
= smk_access_entry(msmack
, osmack
, &tsp
->smk_rules
);
1260 if (tmay
!= -ENOENT
)
1264 * If there is any access available to current that is
1265 * not available to a SMACK64MMAP subject
1268 if ((may
| mmay
) != mmay
) {
1280 * smack_file_set_fowner - set the file security blob value
1281 * @file: object in question
1284 * Further research may be required on this one.
1286 static int smack_file_set_fowner(struct file
*file
)
1288 file
->f_security
= smk_of_current();
1293 * smack_file_send_sigiotask - Smack on sigio
1294 * @tsk: The target task
1295 * @fown: the object the signal come from
1298 * Allow a privileged task to get signals even if it shouldn't
1300 * Returns 0 if a subject with the object's smack could
1301 * write to the task, an error code otherwise.
1303 static int smack_file_send_sigiotask(struct task_struct
*tsk
,
1304 struct fown_struct
*fown
, int signum
)
1308 char *tsp
= smk_of_task(tsk
->cred
->security
);
1309 struct smk_audit_info ad
;
1312 * struct fown_struct is never outside the context of a struct file
1314 file
= container_of(fown
, struct file
, f_owner
);
1316 /* we don't log here as rc can be overriden */
1317 rc
= smk_access(file
->f_security
, tsp
, MAY_WRITE
, NULL
);
1318 if (rc
!= 0 && has_capability(tsk
, CAP_MAC_OVERRIDE
))
1321 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_TASK
);
1322 smk_ad_setfield_u_tsk(&ad
, tsk
);
1323 smack_log(file
->f_security
, tsp
, MAY_WRITE
, rc
, &ad
);
1328 * smack_file_receive - Smack file receive check
1331 * Returns 0 if current has access, error code otherwise
1333 static int smack_file_receive(struct file
*file
)
1336 struct smk_audit_info ad
;
1338 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_TASK
);
1339 smk_ad_setfield_u_fs_path(&ad
, file
->f_path
);
1341 * This code relies on bitmasks.
1343 if (file
->f_mode
& FMODE_READ
)
1345 if (file
->f_mode
& FMODE_WRITE
)
1348 return smk_curacc(file
->f_security
, may
, &ad
);
1352 * smack_file_open - Smack dentry open processing
1356 * Set the security blob in the file structure.
1360 static int smack_file_open(struct file
*file
, const struct cred
*cred
)
1362 struct inode_smack
*isp
= file
->f_path
.dentry
->d_inode
->i_security
;
1364 file
->f_security
= isp
->smk_inode
;
1374 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1375 * @new: the new credentials
1376 * @gfp: the atomicity of any memory allocations
1378 * Prepare a blank set of credentials for modification. This must allocate all
1379 * the memory the LSM module might require such that cred_transfer() can
1380 * complete without error.
1382 static int smack_cred_alloc_blank(struct cred
*cred
, gfp_t gfp
)
1384 struct task_smack
*tsp
;
1386 tsp
= new_task_smack(NULL
, NULL
, gfp
);
1390 cred
->security
= tsp
;
1397 * smack_cred_free - "free" task-level security credentials
1398 * @cred: the credentials in question
1401 static void smack_cred_free(struct cred
*cred
)
1403 struct task_smack
*tsp
= cred
->security
;
1404 struct smack_rule
*rp
;
1405 struct list_head
*l
;
1406 struct list_head
*n
;
1410 cred
->security
= NULL
;
1412 list_for_each_safe(l
, n
, &tsp
->smk_rules
) {
1413 rp
= list_entry(l
, struct smack_rule
, list
);
1414 list_del(&rp
->list
);
1421 * smack_cred_prepare - prepare new set of credentials for modification
1422 * @new: the new credentials
1423 * @old: the original credentials
1424 * @gfp: the atomicity of any memory allocations
1426 * Prepare a new set of credentials for modification.
1428 static int smack_cred_prepare(struct cred
*new, const struct cred
*old
,
1431 struct task_smack
*old_tsp
= old
->security
;
1432 struct task_smack
*new_tsp
;
1435 new_tsp
= new_task_smack(old_tsp
->smk_task
, old_tsp
->smk_task
, gfp
);
1436 if (new_tsp
== NULL
)
1439 rc
= smk_copy_rules(&new_tsp
->smk_rules
, &old_tsp
->smk_rules
, gfp
);
1443 new->security
= new_tsp
;
1448 * smack_cred_transfer - Transfer the old credentials to the new credentials
1449 * @new: the new credentials
1450 * @old: the original credentials
1452 * Fill in a set of blank credentials from another set of credentials.
1454 static void smack_cred_transfer(struct cred
*new, const struct cred
*old
)
1456 struct task_smack
*old_tsp
= old
->security
;
1457 struct task_smack
*new_tsp
= new->security
;
1459 new_tsp
->smk_task
= old_tsp
->smk_task
;
1460 new_tsp
->smk_forked
= old_tsp
->smk_task
;
1461 mutex_init(&new_tsp
->smk_rules_lock
);
1462 INIT_LIST_HEAD(&new_tsp
->smk_rules
);
1465 /* cbs copy rule list */
1469 * smack_kernel_act_as - Set the subjective context in a set of credentials
1470 * @new: points to the set of credentials to be modified.
1471 * @secid: specifies the security ID to be set
1473 * Set the security data for a kernel service.
1475 static int smack_kernel_act_as(struct cred
*new, u32 secid
)
1477 struct task_smack
*new_tsp
= new->security
;
1478 char *smack
= smack_from_secid(secid
);
1483 new_tsp
->smk_task
= smack
;
1488 * smack_kernel_create_files_as - Set the file creation label in a set of creds
1489 * @new: points to the set of credentials to be modified
1490 * @inode: points to the inode to use as a reference
1492 * Set the file creation context in a set of credentials to the same
1493 * as the objective context of the specified inode
1495 static int smack_kernel_create_files_as(struct cred
*new,
1496 struct inode
*inode
)
1498 struct inode_smack
*isp
= inode
->i_security
;
1499 struct task_smack
*tsp
= new->security
;
1501 tsp
->smk_forked
= isp
->smk_inode
;
1502 tsp
->smk_task
= isp
->smk_inode
;
1507 * smk_curacc_on_task - helper to log task related access
1508 * @p: the task object
1509 * @access: the access requested
1510 * @caller: name of the calling function for audit
1512 * Return 0 if access is permitted
1514 static int smk_curacc_on_task(struct task_struct
*p
, int access
,
1517 struct smk_audit_info ad
;
1519 smk_ad_init(&ad
, caller
, LSM_AUDIT_DATA_TASK
);
1520 smk_ad_setfield_u_tsk(&ad
, p
);
1521 return smk_curacc(smk_of_task(task_security(p
)), access
, &ad
);
1525 * smack_task_setpgid - Smack check on setting pgid
1526 * @p: the task object
1529 * Return 0 if write access is permitted
1531 static int smack_task_setpgid(struct task_struct
*p
, pid_t pgid
)
1533 return smk_curacc_on_task(p
, MAY_WRITE
, __func__
);
1537 * smack_task_getpgid - Smack access check for getpgid
1538 * @p: the object task
1540 * Returns 0 if current can read the object task, error code otherwise
1542 static int smack_task_getpgid(struct task_struct
*p
)
1544 return smk_curacc_on_task(p
, MAY_READ
, __func__
);
1548 * smack_task_getsid - Smack access check for getsid
1549 * @p: the object task
1551 * Returns 0 if current can read the object task, error code otherwise
1553 static int smack_task_getsid(struct task_struct
*p
)
1555 return smk_curacc_on_task(p
, MAY_READ
, __func__
);
1559 * smack_task_getsecid - get the secid of the task
1560 * @p: the object task
1561 * @secid: where to put the result
1563 * Sets the secid to contain a u32 version of the smack label.
1565 static void smack_task_getsecid(struct task_struct
*p
, u32
*secid
)
1567 *secid
= smack_to_secid(smk_of_task(task_security(p
)));
1571 * smack_task_setnice - Smack check on setting nice
1572 * @p: the task object
1575 * Return 0 if write access is permitted
1577 static int smack_task_setnice(struct task_struct
*p
, int nice
)
1581 rc
= cap_task_setnice(p
, nice
);
1583 rc
= smk_curacc_on_task(p
, MAY_WRITE
, __func__
);
1588 * smack_task_setioprio - Smack check on setting ioprio
1589 * @p: the task object
1592 * Return 0 if write access is permitted
1594 static int smack_task_setioprio(struct task_struct
*p
, int ioprio
)
1598 rc
= cap_task_setioprio(p
, ioprio
);
1600 rc
= smk_curacc_on_task(p
, MAY_WRITE
, __func__
);
1605 * smack_task_getioprio - Smack check on reading ioprio
1606 * @p: the task object
1608 * Return 0 if read access is permitted
1610 static int smack_task_getioprio(struct task_struct
*p
)
1612 return smk_curacc_on_task(p
, MAY_READ
, __func__
);
1616 * smack_task_setscheduler - Smack check on setting scheduler
1617 * @p: the task object
1621 * Return 0 if read access is permitted
1623 static int smack_task_setscheduler(struct task_struct
*p
)
1627 rc
= cap_task_setscheduler(p
);
1629 rc
= smk_curacc_on_task(p
, MAY_WRITE
, __func__
);
1634 * smack_task_getscheduler - Smack check on reading scheduler
1635 * @p: the task object
1637 * Return 0 if read access is permitted
1639 static int smack_task_getscheduler(struct task_struct
*p
)
1641 return smk_curacc_on_task(p
, MAY_READ
, __func__
);
1645 * smack_task_movememory - Smack check on moving memory
1646 * @p: the task object
1648 * Return 0 if write access is permitted
1650 static int smack_task_movememory(struct task_struct
*p
)
1652 return smk_curacc_on_task(p
, MAY_WRITE
, __func__
);
1656 * smack_task_kill - Smack check on signal delivery
1657 * @p: the task object
1660 * @secid: identifies the smack to use in lieu of current's
1662 * Return 0 if write access is permitted
1664 * The secid behavior is an artifact of an SELinux hack
1665 * in the USB code. Someday it may go away.
1667 static int smack_task_kill(struct task_struct
*p
, struct siginfo
*info
,
1670 struct smk_audit_info ad
;
1672 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_TASK
);
1673 smk_ad_setfield_u_tsk(&ad
, p
);
1675 * Sending a signal requires that the sender
1676 * can write the receiver.
1679 return smk_curacc(smk_of_task(task_security(p
)), MAY_WRITE
,
1682 * If the secid isn't 0 we're dealing with some USB IO
1683 * specific behavior. This is not clean. For one thing
1684 * we can't take privilege into account.
1686 return smk_access(smack_from_secid(secid
),
1687 smk_of_task(task_security(p
)), MAY_WRITE
, &ad
);
1691 * smack_task_wait - Smack access check for waiting
1692 * @p: task to wait for
1696 static int smack_task_wait(struct task_struct
*p
)
1699 * Allow the operation to succeed.
1701 * In userless environments (e.g. phones) programs
1702 * get marked with SMACK64EXEC and even if the parent
1703 * and child shouldn't be talking the parent still
1704 * may expect to know when the child exits.
1710 * smack_task_to_inode - copy task smack into the inode blob
1711 * @p: task to copy from
1712 * @inode: inode to copy to
1714 * Sets the smack pointer in the inode security blob
1716 static void smack_task_to_inode(struct task_struct
*p
, struct inode
*inode
)
1718 struct inode_smack
*isp
= inode
->i_security
;
1719 isp
->smk_inode
= smk_of_task(task_security(p
));
1727 * smack_sk_alloc_security - Allocate a socket blob
1730 * @gfp_flags: memory allocation flags
1732 * Assign Smack pointers to current
1734 * Returns 0 on success, -ENOMEM is there's no memory
1736 static int smack_sk_alloc_security(struct sock
*sk
, int family
, gfp_t gfp_flags
)
1738 char *csp
= smk_of_current();
1739 struct socket_smack
*ssp
;
1741 ssp
= kzalloc(sizeof(struct socket_smack
), gfp_flags
);
1747 ssp
->smk_packet
= NULL
;
1749 sk
->sk_security
= ssp
;
1755 * smack_sk_free_security - Free a socket blob
1758 * Clears the blob pointer
1760 static void smack_sk_free_security(struct sock
*sk
)
1762 kfree(sk
->sk_security
);
1766 * smack_host_label - check host based restrictions
1767 * @sip: the object end
1769 * looks for host based access restrictions
1771 * This version will only be appropriate for really small sets of single label
1772 * hosts. The caller is responsible for ensuring that the RCU read lock is
1773 * taken before calling this function.
1775 * Returns the label of the far end or NULL if it's not special.
1777 static char *smack_host_label(struct sockaddr_in
*sip
)
1779 struct smk_netlbladdr
*snp
;
1780 struct in_addr
*siap
= &sip
->sin_addr
;
1782 if (siap
->s_addr
== 0)
1785 list_for_each_entry_rcu(snp
, &smk_netlbladdr_list
, list
)
1787 * we break after finding the first match because
1788 * the list is sorted from longest to shortest mask
1789 * so we have found the most specific match
1791 if ((&snp
->smk_host
.sin_addr
)->s_addr
==
1792 (siap
->s_addr
& (&snp
->smk_mask
)->s_addr
)) {
1793 /* we have found the special CIPSO option */
1794 if (snp
->smk_label
== smack_cipso_option
)
1796 return snp
->smk_label
;
1803 * smack_netlabel - Set the secattr on a socket
1805 * @labeled: socket label scheme
1807 * Convert the outbound smack value (smk_out) to a
1808 * secattr and attach it to the socket.
1810 * Returns 0 on success or an error code
1812 static int smack_netlabel(struct sock
*sk
, int labeled
)
1814 struct smack_known
*skp
;
1815 struct socket_smack
*ssp
= sk
->sk_security
;
1819 * Usually the netlabel code will handle changing the
1820 * packet labeling based on the label.
1821 * The case of a single label host is different, because
1822 * a single label host should never get a labeled packet
1823 * even though the label is usually associated with a packet
1827 bh_lock_sock_nested(sk
);
1829 if (ssp
->smk_out
== smack_net_ambient
||
1830 labeled
== SMACK_UNLABELED_SOCKET
)
1831 netlbl_sock_delattr(sk
);
1833 skp
= smk_find_entry(ssp
->smk_out
);
1834 rc
= netlbl_sock_setattr(sk
, sk
->sk_family
, &skp
->smk_netlabel
);
1844 * smack_netlbel_send - Set the secattr on a socket and perform access checks
1846 * @sap: the destination address
1848 * Set the correct secattr for the given socket based on the destination
1849 * address and perform any outbound access checks needed.
1851 * Returns 0 on success or an error code.
1854 static int smack_netlabel_send(struct sock
*sk
, struct sockaddr_in
*sap
)
1859 struct socket_smack
*ssp
= sk
->sk_security
;
1860 struct smk_audit_info ad
;
1863 hostsp
= smack_host_label(sap
);
1864 if (hostsp
!= NULL
) {
1866 struct lsm_network_audit net
;
1868 smk_ad_init_net(&ad
, __func__
, LSM_AUDIT_DATA_NET
, &net
);
1869 ad
.a
.u
.net
->family
= sap
->sin_family
;
1870 ad
.a
.u
.net
->dport
= sap
->sin_port
;
1871 ad
.a
.u
.net
->v4info
.daddr
= sap
->sin_addr
.s_addr
;
1873 sk_lbl
= SMACK_UNLABELED_SOCKET
;
1874 rc
= smk_access(ssp
->smk_out
, hostsp
, MAY_WRITE
, &ad
);
1876 sk_lbl
= SMACK_CIPSO_SOCKET
;
1883 return smack_netlabel(sk
, sk_lbl
);
1887 * smack_inode_setsecurity - set smack xattrs
1888 * @inode: the object
1889 * @name: attribute name
1890 * @value: attribute value
1891 * @size: size of the attribute
1894 * Sets the named attribute in the appropriate blob
1896 * Returns 0 on success, or an error code
1898 static int smack_inode_setsecurity(struct inode
*inode
, const char *name
,
1899 const void *value
, size_t size
, int flags
)
1902 struct inode_smack
*nsp
= inode
->i_security
;
1903 struct socket_smack
*ssp
;
1904 struct socket
*sock
;
1907 if (value
== NULL
|| size
> SMK_LONGLABEL
|| size
== 0)
1910 sp
= smk_import(value
, size
);
1914 if (strcmp(name
, XATTR_SMACK_SUFFIX
) == 0) {
1915 nsp
->smk_inode
= sp
;
1916 nsp
->smk_flags
|= SMK_INODE_INSTANT
;
1920 * The rest of the Smack xattrs are only on sockets.
1922 if (inode
->i_sb
->s_magic
!= SOCKFS_MAGIC
)
1925 sock
= SOCKET_I(inode
);
1926 if (sock
== NULL
|| sock
->sk
== NULL
)
1929 ssp
= sock
->sk
->sk_security
;
1931 if (strcmp(name
, XATTR_SMACK_IPIN
) == 0)
1933 else if (strcmp(name
, XATTR_SMACK_IPOUT
) == 0) {
1935 if (sock
->sk
->sk_family
!= PF_UNIX
) {
1936 rc
= smack_netlabel(sock
->sk
, SMACK_CIPSO_SOCKET
);
1939 "Smack: \"%s\" netlbl error %d.\n",
1949 * smack_socket_post_create - finish socket setup
1951 * @family: protocol family
1956 * Sets the netlabel information on the socket
1958 * Returns 0 on success, and error code otherwise
1960 static int smack_socket_post_create(struct socket
*sock
, int family
,
1961 int type
, int protocol
, int kern
)
1963 if (family
!= PF_INET
|| sock
->sk
== NULL
)
1966 * Set the outbound netlbl.
1968 return smack_netlabel(sock
->sk
, SMACK_CIPSO_SOCKET
);
1972 * smack_socket_connect - connect access check
1974 * @sap: the other end
1975 * @addrlen: size of sap
1977 * Verifies that a connection may be possible
1979 * Returns 0 on success, and error code otherwise
1981 static int smack_socket_connect(struct socket
*sock
, struct sockaddr
*sap
,
1984 if (sock
->sk
== NULL
|| sock
->sk
->sk_family
!= PF_INET
)
1986 if (addrlen
< sizeof(struct sockaddr_in
))
1989 return smack_netlabel_send(sock
->sk
, (struct sockaddr_in
*)sap
);
1993 * smack_flags_to_may - convert S_ to MAY_ values
1994 * @flags: the S_ value
1996 * Returns the equivalent MAY_ value
1998 static int smack_flags_to_may(int flags
)
2002 if (flags
& S_IRUGO
)
2004 if (flags
& S_IWUGO
)
2006 if (flags
& S_IXUGO
)
2013 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2018 static int smack_msg_msg_alloc_security(struct msg_msg
*msg
)
2020 msg
->security
= smk_of_current();
2025 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2028 * Clears the blob pointer
2030 static void smack_msg_msg_free_security(struct msg_msg
*msg
)
2032 msg
->security
= NULL
;
2036 * smack_of_shm - the smack pointer for the shm
2039 * Returns a pointer to the smack value
2041 static char *smack_of_shm(struct shmid_kernel
*shp
)
2043 return (char *)shp
->shm_perm
.security
;
2047 * smack_shm_alloc_security - Set the security blob for shm
2052 static int smack_shm_alloc_security(struct shmid_kernel
*shp
)
2054 struct kern_ipc_perm
*isp
= &shp
->shm_perm
;
2056 isp
->security
= smk_of_current();
2061 * smack_shm_free_security - Clear the security blob for shm
2064 * Clears the blob pointer
2066 static void smack_shm_free_security(struct shmid_kernel
*shp
)
2068 struct kern_ipc_perm
*isp
= &shp
->shm_perm
;
2070 isp
->security
= NULL
;
2074 * smk_curacc_shm : check if current has access on shm
2076 * @access : access requested
2078 * Returns 0 if current has the requested access, error code otherwise
2080 static int smk_curacc_shm(struct shmid_kernel
*shp
, int access
)
2082 char *ssp
= smack_of_shm(shp
);
2083 struct smk_audit_info ad
;
2086 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_IPC
);
2087 ad
.a
.u
.ipc_id
= shp
->shm_perm
.id
;
2089 return smk_curacc(ssp
, access
, &ad
);
2093 * smack_shm_associate - Smack access check for shm
2095 * @shmflg: access requested
2097 * Returns 0 if current has the requested access, error code otherwise
2099 static int smack_shm_associate(struct shmid_kernel
*shp
, int shmflg
)
2103 may
= smack_flags_to_may(shmflg
);
2104 return smk_curacc_shm(shp
, may
);
2108 * smack_shm_shmctl - Smack access check for shm
2110 * @cmd: what it wants to do
2112 * Returns 0 if current has the requested access, error code otherwise
2114 static int smack_shm_shmctl(struct shmid_kernel
*shp
, int cmd
)
2127 may
= MAY_READWRITE
;
2132 * System level information.
2138 return smk_curacc_shm(shp
, may
);
2142 * smack_shm_shmat - Smack access for shmat
2145 * @shmflg: access requested
2147 * Returns 0 if current has the requested access, error code otherwise
2149 static int smack_shm_shmat(struct shmid_kernel
*shp
, char __user
*shmaddr
,
2154 may
= smack_flags_to_may(shmflg
);
2155 return smk_curacc_shm(shp
, may
);
2159 * smack_of_sem - the smack pointer for the sem
2162 * Returns a pointer to the smack value
2164 static char *smack_of_sem(struct sem_array
*sma
)
2166 return (char *)sma
->sem_perm
.security
;
2170 * smack_sem_alloc_security - Set the security blob for sem
2175 static int smack_sem_alloc_security(struct sem_array
*sma
)
2177 struct kern_ipc_perm
*isp
= &sma
->sem_perm
;
2179 isp
->security
= smk_of_current();
2184 * smack_sem_free_security - Clear the security blob for sem
2187 * Clears the blob pointer
2189 static void smack_sem_free_security(struct sem_array
*sma
)
2191 struct kern_ipc_perm
*isp
= &sma
->sem_perm
;
2193 isp
->security
= NULL
;
2197 * smk_curacc_sem : check if current has access on sem
2199 * @access : access requested
2201 * Returns 0 if current has the requested access, error code otherwise
2203 static int smk_curacc_sem(struct sem_array
*sma
, int access
)
2205 char *ssp
= smack_of_sem(sma
);
2206 struct smk_audit_info ad
;
2209 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_IPC
);
2210 ad
.a
.u
.ipc_id
= sma
->sem_perm
.id
;
2212 return smk_curacc(ssp
, access
, &ad
);
2216 * smack_sem_associate - Smack access check for sem
2218 * @semflg: access requested
2220 * Returns 0 if current has the requested access, error code otherwise
2222 static int smack_sem_associate(struct sem_array
*sma
, int semflg
)
2226 may
= smack_flags_to_may(semflg
);
2227 return smk_curacc_sem(sma
, may
);
2231 * smack_sem_shmctl - Smack access check for sem
2233 * @cmd: what it wants to do
2235 * Returns 0 if current has the requested access, error code otherwise
2237 static int smack_sem_semctl(struct sem_array
*sma
, int cmd
)
2255 may
= MAY_READWRITE
;
2260 * System level information
2267 return smk_curacc_sem(sma
, may
);
2271 * smack_sem_semop - Smack checks of semaphore operations
2277 * Treated as read and write in all cases.
2279 * Returns 0 if access is allowed, error code otherwise
2281 static int smack_sem_semop(struct sem_array
*sma
, struct sembuf
*sops
,
2282 unsigned nsops
, int alter
)
2284 return smk_curacc_sem(sma
, MAY_READWRITE
);
2288 * smack_msg_alloc_security - Set the security blob for msg
2293 static int smack_msg_queue_alloc_security(struct msg_queue
*msq
)
2295 struct kern_ipc_perm
*kisp
= &msq
->q_perm
;
2297 kisp
->security
= smk_of_current();
2302 * smack_msg_free_security - Clear the security blob for msg
2305 * Clears the blob pointer
2307 static void smack_msg_queue_free_security(struct msg_queue
*msq
)
2309 struct kern_ipc_perm
*kisp
= &msq
->q_perm
;
2311 kisp
->security
= NULL
;
2315 * smack_of_msq - the smack pointer for the msq
2318 * Returns a pointer to the smack value
2320 static char *smack_of_msq(struct msg_queue
*msq
)
2322 return (char *)msq
->q_perm
.security
;
2326 * smk_curacc_msq : helper to check if current has access on msq
2328 * @access : access requested
2330 * return 0 if current has access, error otherwise
2332 static int smk_curacc_msq(struct msg_queue
*msq
, int access
)
2334 char *msp
= smack_of_msq(msq
);
2335 struct smk_audit_info ad
;
2338 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_IPC
);
2339 ad
.a
.u
.ipc_id
= msq
->q_perm
.id
;
2341 return smk_curacc(msp
, access
, &ad
);
2345 * smack_msg_queue_associate - Smack access check for msg_queue
2347 * @msqflg: access requested
2349 * Returns 0 if current has the requested access, error code otherwise
2351 static int smack_msg_queue_associate(struct msg_queue
*msq
, int msqflg
)
2355 may
= smack_flags_to_may(msqflg
);
2356 return smk_curacc_msq(msq
, may
);
2360 * smack_msg_queue_msgctl - Smack access check for msg_queue
2362 * @cmd: what it wants to do
2364 * Returns 0 if current has the requested access, error code otherwise
2366 static int smack_msg_queue_msgctl(struct msg_queue
*msq
, int cmd
)
2377 may
= MAY_READWRITE
;
2382 * System level information
2389 return smk_curacc_msq(msq
, may
);
2393 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2396 * @msqflg: access requested
2398 * Returns 0 if current has the requested access, error code otherwise
2400 static int smack_msg_queue_msgsnd(struct msg_queue
*msq
, struct msg_msg
*msg
,
2405 may
= smack_flags_to_may(msqflg
);
2406 return smk_curacc_msq(msq
, may
);
2410 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2417 * Returns 0 if current has read and write access, error code otherwise
2419 static int smack_msg_queue_msgrcv(struct msg_queue
*msq
, struct msg_msg
*msg
,
2420 struct task_struct
*target
, long type
, int mode
)
2422 return smk_curacc_msq(msq
, MAY_READWRITE
);
2426 * smack_ipc_permission - Smack access for ipc_permission()
2427 * @ipp: the object permissions
2428 * @flag: access requested
2430 * Returns 0 if current has read and write access, error code otherwise
2432 static int smack_ipc_permission(struct kern_ipc_perm
*ipp
, short flag
)
2434 char *isp
= ipp
->security
;
2435 int may
= smack_flags_to_may(flag
);
2436 struct smk_audit_info ad
;
2439 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_IPC
);
2440 ad
.a
.u
.ipc_id
= ipp
->id
;
2442 return smk_curacc(isp
, may
, &ad
);
2446 * smack_ipc_getsecid - Extract smack security id
2447 * @ipp: the object permissions
2448 * @secid: where result will be saved
2450 static void smack_ipc_getsecid(struct kern_ipc_perm
*ipp
, u32
*secid
)
2452 char *smack
= ipp
->security
;
2454 *secid
= smack_to_secid(smack
);
2458 * smack_d_instantiate - Make sure the blob is correct on an inode
2459 * @opt_dentry: dentry where inode will be attached
2460 * @inode: the object
2462 * Set the inode's security blob if it hasn't been done already.
2464 static void smack_d_instantiate(struct dentry
*opt_dentry
, struct inode
*inode
)
2466 struct super_block
*sbp
;
2467 struct superblock_smack
*sbsp
;
2468 struct inode_smack
*isp
;
2469 char *csp
= smk_of_current();
2472 char trattr
[TRANS_TRUE_SIZE
];
2480 isp
= inode
->i_security
;
2482 mutex_lock(&isp
->smk_lock
);
2484 * If the inode is already instantiated
2485 * take the quick way out
2487 if (isp
->smk_flags
& SMK_INODE_INSTANT
)
2491 sbsp
= sbp
->s_security
;
2493 * We're going to use the superblock default label
2494 * if there's no label on the file.
2496 final
= sbsp
->smk_default
;
2499 * If this is the root inode the superblock
2500 * may be in the process of initialization.
2501 * If that is the case use the root value out
2502 * of the superblock.
2504 if (opt_dentry
->d_parent
== opt_dentry
) {
2505 isp
->smk_inode
= sbsp
->smk_root
;
2506 isp
->smk_flags
|= SMK_INODE_INSTANT
;
2511 * This is pretty hackish.
2512 * Casey says that we shouldn't have to do
2513 * file system specific code, but it does help
2514 * with keeping it simple.
2516 switch (sbp
->s_magic
) {
2519 * Casey says that it's a little embarrassing
2520 * that the smack file system doesn't do
2521 * extended attributes.
2523 final
= smack_known_star
.smk_known
;
2527 * Casey says pipes are easy (?)
2529 final
= smack_known_star
.smk_known
;
2531 case DEVPTS_SUPER_MAGIC
:
2533 * devpts seems content with the label of the task.
2534 * Programs that change smack have to treat the
2541 * Socket access is controlled by the socket
2542 * structures associated with the task involved.
2544 final
= smack_known_star
.smk_known
;
2546 case PROC_SUPER_MAGIC
:
2548 * Casey says procfs appears not to care.
2549 * The superblock default suffices.
2554 * Device labels should come from the filesystem,
2555 * but watch out, because they're volitile,
2556 * getting recreated on every reboot.
2558 final
= smack_known_star
.smk_known
;
2562 * If a smack value has been set we want to use it,
2563 * but since tmpfs isn't giving us the opportunity
2564 * to set mount options simulate setting the
2565 * superblock default.
2569 * This isn't an understood special case.
2570 * Get the value from the xattr.
2574 * UNIX domain sockets use lower level socket data.
2576 if (S_ISSOCK(inode
->i_mode
)) {
2577 final
= smack_known_star
.smk_known
;
2581 * No xattr support means, alas, no SMACK label.
2582 * Use the aforeapplied default.
2583 * It would be curious if the label of the task
2584 * does not match that assigned.
2586 if (inode
->i_op
->getxattr
== NULL
)
2589 * Get the dentry for xattr.
2591 dp
= dget(opt_dentry
);
2592 fetched
= smk_fetch(XATTR_NAME_SMACK
, inode
, dp
);
2593 if (fetched
!= NULL
)
2597 * Transmuting directory
2599 if (S_ISDIR(inode
->i_mode
)) {
2601 * If this is a new directory and the label was
2602 * transmuted when the inode was initialized
2603 * set the transmute attribute on the directory
2604 * and mark the inode.
2606 * If there is a transmute attribute on the
2607 * directory mark the inode.
2609 if (isp
->smk_flags
& SMK_INODE_CHANGED
) {
2610 isp
->smk_flags
&= ~SMK_INODE_CHANGED
;
2611 rc
= inode
->i_op
->setxattr(dp
,
2612 XATTR_NAME_SMACKTRANSMUTE
,
2613 TRANS_TRUE
, TRANS_TRUE_SIZE
,
2616 rc
= inode
->i_op
->getxattr(dp
,
2617 XATTR_NAME_SMACKTRANSMUTE
, trattr
,
2619 if (rc
>= 0 && strncmp(trattr
, TRANS_TRUE
,
2620 TRANS_TRUE_SIZE
) != 0)
2624 transflag
= SMK_INODE_TRANSMUTE
;
2626 isp
->smk_task
= smk_fetch(XATTR_NAME_SMACKEXEC
, inode
, dp
);
2627 isp
->smk_mmap
= smk_fetch(XATTR_NAME_SMACKMMAP
, inode
, dp
);
2634 isp
->smk_inode
= csp
;
2636 isp
->smk_inode
= final
;
2638 isp
->smk_flags
|= (SMK_INODE_INSTANT
| transflag
);
2641 mutex_unlock(&isp
->smk_lock
);
2646 * smack_getprocattr - Smack process attribute access
2647 * @p: the object task
2648 * @name: the name of the attribute in /proc/.../attr
2649 * @value: where to put the result
2651 * Places a copy of the task Smack into value
2653 * Returns the length of the smack label or an error code
2655 static int smack_getprocattr(struct task_struct
*p
, char *name
, char **value
)
2660 if (strcmp(name
, "current") != 0)
2663 cp
= kstrdup(smk_of_task(task_security(p
)), GFP_KERNEL
);
2673 * smack_setprocattr - Smack process attribute setting
2674 * @p: the object task
2675 * @name: the name of the attribute in /proc/.../attr
2676 * @value: the value to set
2677 * @size: the size of the value
2679 * Sets the Smack value of the task. Only setting self
2680 * is permitted and only with privilege
2682 * Returns the length of the smack label or an error code
2684 static int smack_setprocattr(struct task_struct
*p
, char *name
,
2685 void *value
, size_t size
)
2687 struct task_smack
*tsp
;
2692 * Changing another process' Smack value is too dangerous
2693 * and supports no sane use case.
2698 if (!smack_privileged(CAP_MAC_ADMIN
))
2701 if (value
== NULL
|| size
== 0 || size
>= SMK_LONGLABEL
)
2704 if (strcmp(name
, "current") != 0)
2707 newsmack
= smk_import(value
, size
);
2708 if (newsmack
== NULL
)
2712 * No process is ever allowed the web ("@") label.
2714 if (newsmack
== smack_known_web
.smk_known
)
2717 new = prepare_creds();
2721 tsp
= new->security
;
2722 tsp
->smk_task
= newsmack
;
2729 * smack_unix_stream_connect - Smack access on UDS
2731 * @other: the other sock
2734 * Return 0 if a subject with the smack of sock could access
2735 * an object with the smack of other, otherwise an error code
2737 static int smack_unix_stream_connect(struct sock
*sock
,
2738 struct sock
*other
, struct sock
*newsk
)
2740 struct socket_smack
*ssp
= sock
->sk_security
;
2741 struct socket_smack
*osp
= other
->sk_security
;
2742 struct socket_smack
*nsp
= newsk
->sk_security
;
2743 struct smk_audit_info ad
;
2747 struct lsm_network_audit net
;
2749 smk_ad_init_net(&ad
, __func__
, LSM_AUDIT_DATA_NET
, &net
);
2750 smk_ad_setfield_u_net_sk(&ad
, other
);
2753 if (!smack_privileged(CAP_MAC_OVERRIDE
))
2754 rc
= smk_access(ssp
->smk_out
, osp
->smk_in
, MAY_WRITE
, &ad
);
2757 * Cross reference the peer labels for SO_PEERSEC.
2760 nsp
->smk_packet
= ssp
->smk_out
;
2761 ssp
->smk_packet
= osp
->smk_out
;
2768 * smack_unix_may_send - Smack access on UDS
2770 * @other: the other socket
2772 * Return 0 if a subject with the smack of sock could access
2773 * an object with the smack of other, otherwise an error code
2775 static int smack_unix_may_send(struct socket
*sock
, struct socket
*other
)
2777 struct socket_smack
*ssp
= sock
->sk
->sk_security
;
2778 struct socket_smack
*osp
= other
->sk
->sk_security
;
2779 struct smk_audit_info ad
;
2783 struct lsm_network_audit net
;
2785 smk_ad_init_net(&ad
, __func__
, LSM_AUDIT_DATA_NET
, &net
);
2786 smk_ad_setfield_u_net_sk(&ad
, other
->sk
);
2789 if (!smack_privileged(CAP_MAC_OVERRIDE
))
2790 rc
= smk_access(ssp
->smk_out
, osp
->smk_in
, MAY_WRITE
, &ad
);
2796 * smack_socket_sendmsg - Smack check based on destination host
2799 * @size: the size of the message
2801 * Return 0 if the current subject can write to the destination
2802 * host. This is only a question if the destination is a single
2805 static int smack_socket_sendmsg(struct socket
*sock
, struct msghdr
*msg
,
2808 struct sockaddr_in
*sip
= (struct sockaddr_in
*) msg
->msg_name
;
2811 * Perfectly reasonable for this to be NULL
2813 if (sip
== NULL
|| sip
->sin_family
!= AF_INET
)
2816 return smack_netlabel_send(sock
->sk
, sip
);
2820 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
2821 * @sap: netlabel secattr
2822 * @ssp: socket security information
2824 * Returns a pointer to a Smack label found on the label list.
2826 static char *smack_from_secattr(struct netlbl_lsm_secattr
*sap
,
2827 struct socket_smack
*ssp
)
2829 struct smack_known
*kp
;
2833 if ((sap
->flags
& NETLBL_SECATTR_MLS_LVL
) != 0) {
2835 * Looks like a CIPSO packet.
2836 * If there are flags but no level netlabel isn't
2837 * behaving the way we expect it to.
2839 * Look it up in the label table
2840 * Without guidance regarding the smack value
2841 * for the packet fall back on the network
2845 list_for_each_entry(kp
, &smack_known_list
, list
) {
2846 if (sap
->attr
.mls
.lvl
!= kp
->smk_netlabel
.attr
.mls
.lvl
)
2848 if (memcmp(sap
->attr
.mls
.cat
,
2849 kp
->smk_netlabel
.attr
.mls
.cat
,
2858 return kp
->smk_known
;
2860 if (ssp
!= NULL
&& ssp
->smk_in
== smack_known_star
.smk_known
)
2861 return smack_known_web
.smk_known
;
2862 return smack_known_star
.smk_known
;
2864 if ((sap
->flags
& NETLBL_SECATTR_SECID
) != 0) {
2866 * Looks like a fallback, which gives us a secid.
2868 sp
= smack_from_secid(sap
->attr
.secid
);
2870 * This has got to be a bug because it is
2871 * impossible to specify a fallback without
2872 * specifying the label, which will ensure
2873 * it has a secid, and the only way to get a
2874 * secid is from a fallback.
2880 * Without guidance regarding the smack value
2881 * for the packet fall back on the network
2884 return smack_net_ambient
;
2888 * smack_socket_sock_rcv_skb - Smack packet delivery access check
2892 * Returns 0 if the packet should be delivered, an error code otherwise
2894 static int smack_socket_sock_rcv_skb(struct sock
*sk
, struct sk_buff
*skb
)
2896 struct netlbl_lsm_secattr secattr
;
2897 struct socket_smack
*ssp
= sk
->sk_security
;
2900 struct smk_audit_info ad
;
2902 struct lsm_network_audit net
;
2904 if (sk
->sk_family
!= PF_INET
&& sk
->sk_family
!= PF_INET6
)
2908 * Translate what netlabel gave us.
2910 netlbl_secattr_init(&secattr
);
2912 rc
= netlbl_skbuff_getattr(skb
, sk
->sk_family
, &secattr
);
2914 csp
= smack_from_secattr(&secattr
, ssp
);
2916 csp
= smack_net_ambient
;
2918 netlbl_secattr_destroy(&secattr
);
2921 smk_ad_init_net(&ad
, __func__
, LSM_AUDIT_DATA_NET
, &net
);
2922 ad
.a
.u
.net
->family
= sk
->sk_family
;
2923 ad
.a
.u
.net
->netif
= skb
->skb_iif
;
2924 ipv4_skb_to_auditdata(skb
, &ad
.a
, NULL
);
2927 * Receiving a packet requires that the other end
2928 * be able to write here. Read access is not required.
2929 * This is the simplist possible security model
2932 rc
= smk_access(csp
, ssp
->smk_in
, MAY_WRITE
, &ad
);
2934 netlbl_skbuff_err(skb
, rc
, 0);
2939 * smack_socket_getpeersec_stream - pull in packet label
2941 * @optval: user's destination
2942 * @optlen: size thereof
2945 * returns zero on success, an error code otherwise
2947 static int smack_socket_getpeersec_stream(struct socket
*sock
,
2948 char __user
*optval
,
2949 int __user
*optlen
, unsigned len
)
2951 struct socket_smack
*ssp
;
2956 ssp
= sock
->sk
->sk_security
;
2957 if (ssp
->smk_packet
!= NULL
) {
2958 rcp
= ssp
->smk_packet
;
2959 slen
= strlen(rcp
) + 1;
2964 else if (copy_to_user(optval
, rcp
, slen
) != 0)
2967 if (put_user(slen
, optlen
) != 0)
2975 * smack_socket_getpeersec_dgram - pull in packet label
2976 * @sock: the peer socket
2978 * @secid: pointer to where to put the secid of the packet
2980 * Sets the netlabel socket state on sk from parent
2982 static int smack_socket_getpeersec_dgram(struct socket
*sock
,
2983 struct sk_buff
*skb
, u32
*secid
)
2986 struct netlbl_lsm_secattr secattr
;
2987 struct socket_smack
*ssp
= NULL
;
2989 int family
= PF_UNSPEC
;
2990 u32 s
= 0; /* 0 is the invalid secid */
2994 if (skb
->protocol
== htons(ETH_P_IP
))
2996 else if (skb
->protocol
== htons(ETH_P_IPV6
))
2999 if (family
== PF_UNSPEC
&& sock
!= NULL
)
3000 family
= sock
->sk
->sk_family
;
3002 if (family
== PF_UNIX
) {
3003 ssp
= sock
->sk
->sk_security
;
3004 s
= smack_to_secid(ssp
->smk_out
);
3005 } else if (family
== PF_INET
|| family
== PF_INET6
) {
3007 * Translate what netlabel gave us.
3009 if (sock
!= NULL
&& sock
->sk
!= NULL
)
3010 ssp
= sock
->sk
->sk_security
;
3011 netlbl_secattr_init(&secattr
);
3012 rc
= netlbl_skbuff_getattr(skb
, family
, &secattr
);
3014 sp
= smack_from_secattr(&secattr
, ssp
);
3015 s
= smack_to_secid(sp
);
3017 netlbl_secattr_destroy(&secattr
);
3026 * smack_sock_graft - Initialize a newly created socket with an existing sock
3028 * @parent: parent socket
3030 * Set the smk_{in,out} state of an existing sock based on the process that
3031 * is creating the new socket.
3033 static void smack_sock_graft(struct sock
*sk
, struct socket
*parent
)
3035 struct socket_smack
*ssp
;
3038 (sk
->sk_family
!= PF_INET
&& sk
->sk_family
!= PF_INET6
))
3041 ssp
= sk
->sk_security
;
3042 ssp
->smk_in
= ssp
->smk_out
= smk_of_current();
3043 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
3047 * smack_inet_conn_request - Smack access check on connect
3048 * @sk: socket involved
3052 * Returns 0 if a task with the packet label could write to
3053 * the socket, otherwise an error code
3055 static int smack_inet_conn_request(struct sock
*sk
, struct sk_buff
*skb
,
3056 struct request_sock
*req
)
3058 u16 family
= sk
->sk_family
;
3059 struct smack_known
*skp
;
3060 struct socket_smack
*ssp
= sk
->sk_security
;
3061 struct netlbl_lsm_secattr secattr
;
3062 struct sockaddr_in addr
;
3067 struct smk_audit_info ad
;
3069 struct lsm_network_audit net
;
3072 /* handle mapped IPv4 packets arriving via IPv6 sockets */
3073 if (family
== PF_INET6
&& skb
->protocol
== htons(ETH_P_IP
))
3076 netlbl_secattr_init(&secattr
);
3077 rc
= netlbl_skbuff_getattr(skb
, family
, &secattr
);
3079 sp
= smack_from_secattr(&secattr
, ssp
);
3081 sp
= smack_known_huh
.smk_known
;
3082 netlbl_secattr_destroy(&secattr
);
3085 smk_ad_init_net(&ad
, __func__
, LSM_AUDIT_DATA_NET
, &net
);
3086 ad
.a
.u
.net
->family
= family
;
3087 ad
.a
.u
.net
->netif
= skb
->skb_iif
;
3088 ipv4_skb_to_auditdata(skb
, &ad
.a
, NULL
);
3091 * Receiving a packet requires that the other end be able to write
3092 * here. Read access is not required.
3094 rc
= smk_access(sp
, ssp
->smk_in
, MAY_WRITE
, &ad
);
3099 * Save the peer's label in the request_sock so we can later setup
3100 * smk_packet in the child socket so that SO_PEERCRED can report it.
3102 req
->peer_secid
= smack_to_secid(sp
);
3105 * We need to decide if we want to label the incoming connection here
3106 * if we do we only need to label the request_sock and the stack will
3107 * propagate the wire-label to the sock when it is created.
3110 addr
.sin_addr
.s_addr
= hdr
->saddr
;
3112 hsp
= smack_host_label(&addr
);
3116 skp
= smk_find_entry(sp
);
3117 rc
= netlbl_req_setattr(req
, &skp
->smk_netlabel
);
3119 netlbl_req_delattr(req
);
3125 * smack_inet_csk_clone - Copy the connection information to the new socket
3126 * @sk: the new socket
3127 * @req: the connection's request_sock
3129 * Transfer the connection's peer label to the newly created socket.
3131 static void smack_inet_csk_clone(struct sock
*sk
,
3132 const struct request_sock
*req
)
3134 struct socket_smack
*ssp
= sk
->sk_security
;
3136 if (req
->peer_secid
!= 0)
3137 ssp
->smk_packet
= smack_from_secid(req
->peer_secid
);
3139 ssp
->smk_packet
= NULL
;
3143 * Key management security hooks
3145 * Casey has not tested key support very heavily.
3146 * The permission check is most likely too restrictive.
3147 * If you care about keys please have a look.
3152 * smack_key_alloc - Set the key security blob
3154 * @cred: the credentials to use
3157 * No allocation required
3161 static int smack_key_alloc(struct key
*key
, const struct cred
*cred
,
3162 unsigned long flags
)
3164 key
->security
= smk_of_task(cred
->security
);
3169 * smack_key_free - Clear the key security blob
3172 * Clear the blob pointer
3174 static void smack_key_free(struct key
*key
)
3176 key
->security
= NULL
;
3180 * smack_key_permission - Smack access on a key
3181 * @key_ref: gets to the object
3182 * @cred: the credentials to use
3185 * Return 0 if the task has read and write to the object,
3186 * an error code otherwise
3188 static int smack_key_permission(key_ref_t key_ref
,
3189 const struct cred
*cred
, key_perm_t perm
)
3192 struct smk_audit_info ad
;
3193 char *tsp
= smk_of_task(cred
->security
);
3195 keyp
= key_ref_to_ptr(key_ref
);
3199 * If the key hasn't been initialized give it access so that
3202 if (keyp
->security
== NULL
)
3205 * This should not occur
3210 smk_ad_init(&ad
, __func__
, LSM_AUDIT_DATA_KEY
);
3211 ad
.a
.u
.key_struct
.key
= keyp
->serial
;
3212 ad
.a
.u
.key_struct
.key_desc
= keyp
->description
;
3214 return smk_access(tsp
, keyp
->security
,
3215 MAY_READWRITE
, &ad
);
3217 #endif /* CONFIG_KEYS */
3222 * Audit requires a unique representation of each Smack specific
3223 * rule. This unique representation is used to distinguish the
3224 * object to be audited from remaining kernel objects and also
3225 * works as a glue between the audit hooks.
3227 * Since repository entries are added but never deleted, we'll use
3228 * the smack_known label address related to the given audit rule as
3229 * the needed unique representation. This also better fits the smack
3230 * model where nearly everything is a label.
3235 * smack_audit_rule_init - Initialize a smack audit rule
3236 * @field: audit rule fields given from user-space (audit.h)
3237 * @op: required testing operator (=, !=, >, <, ...)
3238 * @rulestr: smack label to be audited
3239 * @vrule: pointer to save our own audit rule representation
3241 * Prepare to audit cases where (@field @op @rulestr) is true.
3242 * The label to be audited is created if necessay.
3244 static int smack_audit_rule_init(u32 field
, u32 op
, char *rulestr
, void **vrule
)
3246 char **rule
= (char **)vrule
;
3249 if (field
!= AUDIT_SUBJ_USER
&& field
!= AUDIT_OBJ_USER
)
3252 if (op
!= Audit_equal
&& op
!= Audit_not_equal
)
3255 *rule
= smk_import(rulestr
, 0);
3261 * smack_audit_rule_known - Distinguish Smack audit rules
3262 * @krule: rule of interest, in Audit kernel representation format
3264 * This is used to filter Smack rules from remaining Audit ones.
3265 * If it's proved that this rule belongs to us, the
3266 * audit_rule_match hook will be called to do the final judgement.
3268 static int smack_audit_rule_known(struct audit_krule
*krule
)
3270 struct audit_field
*f
;
3273 for (i
= 0; i
< krule
->field_count
; i
++) {
3274 f
= &krule
->fields
[i
];
3276 if (f
->type
== AUDIT_SUBJ_USER
|| f
->type
== AUDIT_OBJ_USER
)
3284 * smack_audit_rule_match - Audit given object ?
3285 * @secid: security id for identifying the object to test
3286 * @field: audit rule flags given from user-space
3287 * @op: required testing operator
3288 * @vrule: smack internal rule presentation
3289 * @actx: audit context associated with the check
3291 * The core Audit hook. It's used to take the decision of
3292 * whether to audit or not to audit a given object.
3294 static int smack_audit_rule_match(u32 secid
, u32 field
, u32 op
, void *vrule
,
3295 struct audit_context
*actx
)
3301 audit_log(actx
, GFP_ATOMIC
, AUDIT_SELINUX_ERR
,
3302 "Smack: missing rule\n");
3306 if (field
!= AUDIT_SUBJ_USER
&& field
!= AUDIT_OBJ_USER
)
3309 smack
= smack_from_secid(secid
);
3312 * No need to do string comparisons. If a match occurs,
3313 * both pointers will point to the same smack_known
3316 if (op
== Audit_equal
)
3317 return (rule
== smack
);
3318 if (op
== Audit_not_equal
)
3319 return (rule
!= smack
);
3325 * smack_audit_rule_free - free smack rule representation
3326 * @vrule: rule to be freed.
3328 * No memory was allocated.
3330 static void smack_audit_rule_free(void *vrule
)
3335 #endif /* CONFIG_AUDIT */
3338 * smack_secid_to_secctx - return the smack label for a secid
3339 * @secid: incoming integer
3340 * @secdata: destination
3341 * @seclen: how long it is
3343 * Exists for networking code.
3345 static int smack_secid_to_secctx(u32 secid
, char **secdata
, u32
*seclen
)
3347 char *sp
= smack_from_secid(secid
);
3351 *seclen
= strlen(sp
);
3356 * smack_secctx_to_secid - return the secid for a smack label
3357 * @secdata: smack label
3358 * @seclen: how long result is
3359 * @secid: outgoing integer
3361 * Exists for audit and networking code.
3363 static int smack_secctx_to_secid(const char *secdata
, u32 seclen
, u32
*secid
)
3365 *secid
= smack_to_secid(secdata
);
3370 * smack_release_secctx - don't do anything.
3374 * Exists to make sure nothing gets done, and properly
3376 static void smack_release_secctx(char *secdata
, u32 seclen
)
3380 static int smack_inode_notifysecctx(struct inode
*inode
, void *ctx
, u32 ctxlen
)
3382 return smack_inode_setsecurity(inode
, XATTR_SMACK_SUFFIX
, ctx
, ctxlen
, 0);
3385 static int smack_inode_setsecctx(struct dentry
*dentry
, void *ctx
, u32 ctxlen
)
3387 return __vfs_setxattr_noperm(dentry
, XATTR_NAME_SMACK
, ctx
, ctxlen
, 0);
3390 static int smack_inode_getsecctx(struct inode
*inode
, void **ctx
, u32
*ctxlen
)
3393 len
= smack_inode_getsecurity(inode
, XATTR_SMACK_SUFFIX
, ctx
, true);
3401 struct security_operations smack_ops
= {
3404 .ptrace_access_check
= smack_ptrace_access_check
,
3405 .ptrace_traceme
= smack_ptrace_traceme
,
3406 .syslog
= smack_syslog
,
3408 .sb_alloc_security
= smack_sb_alloc_security
,
3409 .sb_free_security
= smack_sb_free_security
,
3410 .sb_copy_data
= smack_sb_copy_data
,
3411 .sb_kern_mount
= smack_sb_kern_mount
,
3412 .sb_statfs
= smack_sb_statfs
,
3413 .sb_mount
= smack_sb_mount
,
3414 .sb_umount
= smack_sb_umount
,
3416 .bprm_set_creds
= smack_bprm_set_creds
,
3417 .bprm_committing_creds
= smack_bprm_committing_creds
,
3418 .bprm_secureexec
= smack_bprm_secureexec
,
3420 .inode_alloc_security
= smack_inode_alloc_security
,
3421 .inode_free_security
= smack_inode_free_security
,
3422 .inode_init_security
= smack_inode_init_security
,
3423 .inode_link
= smack_inode_link
,
3424 .inode_unlink
= smack_inode_unlink
,
3425 .inode_rmdir
= smack_inode_rmdir
,
3426 .inode_rename
= smack_inode_rename
,
3427 .inode_permission
= smack_inode_permission
,
3428 .inode_setattr
= smack_inode_setattr
,
3429 .inode_getattr
= smack_inode_getattr
,
3430 .inode_setxattr
= smack_inode_setxattr
,
3431 .inode_post_setxattr
= smack_inode_post_setxattr
,
3432 .inode_getxattr
= smack_inode_getxattr
,
3433 .inode_removexattr
= smack_inode_removexattr
,
3434 .inode_getsecurity
= smack_inode_getsecurity
,
3435 .inode_setsecurity
= smack_inode_setsecurity
,
3436 .inode_listsecurity
= smack_inode_listsecurity
,
3437 .inode_getsecid
= smack_inode_getsecid
,
3439 .file_permission
= smack_file_permission
,
3440 .file_alloc_security
= smack_file_alloc_security
,
3441 .file_free_security
= smack_file_free_security
,
3442 .file_ioctl
= smack_file_ioctl
,
3443 .file_lock
= smack_file_lock
,
3444 .file_fcntl
= smack_file_fcntl
,
3445 .mmap_file
= smack_mmap_file
,
3446 .mmap_addr
= cap_mmap_addr
,
3447 .file_set_fowner
= smack_file_set_fowner
,
3448 .file_send_sigiotask
= smack_file_send_sigiotask
,
3449 .file_receive
= smack_file_receive
,
3451 .file_open
= smack_file_open
,
3453 .cred_alloc_blank
= smack_cred_alloc_blank
,
3454 .cred_free
= smack_cred_free
,
3455 .cred_prepare
= smack_cred_prepare
,
3456 .cred_transfer
= smack_cred_transfer
,
3457 .kernel_act_as
= smack_kernel_act_as
,
3458 .kernel_create_files_as
= smack_kernel_create_files_as
,
3459 .task_setpgid
= smack_task_setpgid
,
3460 .task_getpgid
= smack_task_getpgid
,
3461 .task_getsid
= smack_task_getsid
,
3462 .task_getsecid
= smack_task_getsecid
,
3463 .task_setnice
= smack_task_setnice
,
3464 .task_setioprio
= smack_task_setioprio
,
3465 .task_getioprio
= smack_task_getioprio
,
3466 .task_setscheduler
= smack_task_setscheduler
,
3467 .task_getscheduler
= smack_task_getscheduler
,
3468 .task_movememory
= smack_task_movememory
,
3469 .task_kill
= smack_task_kill
,
3470 .task_wait
= smack_task_wait
,
3471 .task_to_inode
= smack_task_to_inode
,
3473 .ipc_permission
= smack_ipc_permission
,
3474 .ipc_getsecid
= smack_ipc_getsecid
,
3476 .msg_msg_alloc_security
= smack_msg_msg_alloc_security
,
3477 .msg_msg_free_security
= smack_msg_msg_free_security
,
3479 .msg_queue_alloc_security
= smack_msg_queue_alloc_security
,
3480 .msg_queue_free_security
= smack_msg_queue_free_security
,
3481 .msg_queue_associate
= smack_msg_queue_associate
,
3482 .msg_queue_msgctl
= smack_msg_queue_msgctl
,
3483 .msg_queue_msgsnd
= smack_msg_queue_msgsnd
,
3484 .msg_queue_msgrcv
= smack_msg_queue_msgrcv
,
3486 .shm_alloc_security
= smack_shm_alloc_security
,
3487 .shm_free_security
= smack_shm_free_security
,
3488 .shm_associate
= smack_shm_associate
,
3489 .shm_shmctl
= smack_shm_shmctl
,
3490 .shm_shmat
= smack_shm_shmat
,
3492 .sem_alloc_security
= smack_sem_alloc_security
,
3493 .sem_free_security
= smack_sem_free_security
,
3494 .sem_associate
= smack_sem_associate
,
3495 .sem_semctl
= smack_sem_semctl
,
3496 .sem_semop
= smack_sem_semop
,
3498 .d_instantiate
= smack_d_instantiate
,
3500 .getprocattr
= smack_getprocattr
,
3501 .setprocattr
= smack_setprocattr
,
3503 .unix_stream_connect
= smack_unix_stream_connect
,
3504 .unix_may_send
= smack_unix_may_send
,
3506 .socket_post_create
= smack_socket_post_create
,
3507 .socket_connect
= smack_socket_connect
,
3508 .socket_sendmsg
= smack_socket_sendmsg
,
3509 .socket_sock_rcv_skb
= smack_socket_sock_rcv_skb
,
3510 .socket_getpeersec_stream
= smack_socket_getpeersec_stream
,
3511 .socket_getpeersec_dgram
= smack_socket_getpeersec_dgram
,
3512 .sk_alloc_security
= smack_sk_alloc_security
,
3513 .sk_free_security
= smack_sk_free_security
,
3514 .sock_graft
= smack_sock_graft
,
3515 .inet_conn_request
= smack_inet_conn_request
,
3516 .inet_csk_clone
= smack_inet_csk_clone
,
3518 /* key management security hooks */
3520 .key_alloc
= smack_key_alloc
,
3521 .key_free
= smack_key_free
,
3522 .key_permission
= smack_key_permission
,
3523 #endif /* CONFIG_KEYS */
3527 .audit_rule_init
= smack_audit_rule_init
,
3528 .audit_rule_known
= smack_audit_rule_known
,
3529 .audit_rule_match
= smack_audit_rule_match
,
3530 .audit_rule_free
= smack_audit_rule_free
,
3531 #endif /* CONFIG_AUDIT */
3533 .secid_to_secctx
= smack_secid_to_secctx
,
3534 .secctx_to_secid
= smack_secctx_to_secid
,
3535 .release_secctx
= smack_release_secctx
,
3536 .inode_notifysecctx
= smack_inode_notifysecctx
,
3537 .inode_setsecctx
= smack_inode_setsecctx
,
3538 .inode_getsecctx
= smack_inode_getsecctx
,
3542 static __init
void init_smack_known_list(void)
3545 * Initialize rule list locks
3547 mutex_init(&smack_known_huh
.smk_rules_lock
);
3548 mutex_init(&smack_known_hat
.smk_rules_lock
);
3549 mutex_init(&smack_known_floor
.smk_rules_lock
);
3550 mutex_init(&smack_known_star
.smk_rules_lock
);
3551 mutex_init(&smack_known_invalid
.smk_rules_lock
);
3552 mutex_init(&smack_known_web
.smk_rules_lock
);
3554 * Initialize rule lists
3556 INIT_LIST_HEAD(&smack_known_huh
.smk_rules
);
3557 INIT_LIST_HEAD(&smack_known_hat
.smk_rules
);
3558 INIT_LIST_HEAD(&smack_known_star
.smk_rules
);
3559 INIT_LIST_HEAD(&smack_known_floor
.smk_rules
);
3560 INIT_LIST_HEAD(&smack_known_invalid
.smk_rules
);
3561 INIT_LIST_HEAD(&smack_known_web
.smk_rules
);
3563 * Create the known labels list
3565 list_add(&smack_known_huh
.list
, &smack_known_list
);
3566 list_add(&smack_known_hat
.list
, &smack_known_list
);
3567 list_add(&smack_known_star
.list
, &smack_known_list
);
3568 list_add(&smack_known_floor
.list
, &smack_known_list
);
3569 list_add(&smack_known_invalid
.list
, &smack_known_list
);
3570 list_add(&smack_known_web
.list
, &smack_known_list
);
3574 * smack_init - initialize the smack system
3578 static __init
int smack_init(void)
3581 struct task_smack
*tsp
;
3583 if (!security_module_enable(&smack_ops
))
3586 tsp
= new_task_smack(smack_known_floor
.smk_known
,
3587 smack_known_floor
.smk_known
, GFP_KERNEL
);
3591 printk(KERN_INFO
"Smack: Initializing.\n");
3594 * Set the security state for the initial task.
3596 cred
= (struct cred
*) current
->cred
;
3597 cred
->security
= tsp
;
3599 /* initialize the smack_known_list */
3600 init_smack_known_list();
3605 if (register_security(&smack_ops
))
3606 panic("smack: Unable to register with kernel.\n");
3612 * Smack requires early initialization in order to label
3613 * all processes and objects when they are created.
3615 security_initcall(smack_init
);