1/* 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, version 2. 7 * 8 * Authors: 9 * Casey Schaufler <casey@schaufler-ca.com> 10 * Ahmed S. Darwish <darwish.07@gmail.com> 11 * 12 * Special thanks to the authors of selinuxfs. 13 * 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * James Morris <jmorris@redhat.com> 16 * 17 */ 18 19#include <linux/kernel.h> 20#include <linux/vmalloc.h> 21#include <linux/security.h> 22#include <linux/mutex.h> 23#include <linux/slab.h> 24#include <net/net_namespace.h> 25#include <net/netlabel.h> 26#include <net/cipso_ipv4.h> 27#include <linux/seq_file.h> 28#include <linux/ctype.h> 29#include <linux/audit.h> 30#include "smack.h" 31 32/* 33 * smackfs pseudo filesystem. 34 */ 35 36enum smk_inos { 37 SMK_ROOT_INO = 2, 38 SMK_LOAD = 3, /* load policy */ 39 SMK_CIPSO = 4, /* load label -> CIPSO mapping */ 40 SMK_DOI = 5, /* CIPSO DOI */ 41 SMK_DIRECT = 6, /* CIPSO level indicating direct label */ 42 SMK_AMBIENT = 7, /* internet ambient label */ 43 SMK_NETLBLADDR = 8, /* single label hosts */ 44 SMK_ONLYCAP = 9, /* the only "capable" label */ 45 SMK_LOGGING = 10, /* logging */ 46}; 47 48/* 49 * List locks 50 */ 51static DEFINE_MUTEX(smack_list_lock); 52static DEFINE_MUTEX(smack_cipso_lock); 53static DEFINE_MUTEX(smack_ambient_lock); 54static DEFINE_MUTEX(smk_netlbladdr_lock); 55 56/* 57 * This is the "ambient" label for network traffic. 58 * If it isn't somehow marked, use this. 59 * It can be reset via smackfs/ambient 60 */ 61char *smack_net_ambient = smack_known_floor.smk_known; 62 63/* 64 * This is the level in a CIPSO header that indicates a 65 * smack label is contained directly in the category set. 66 * It can be reset via smackfs/direct 67 */ 68int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT; 69 70/* 71 * Unless a process is running with this label even 72 * having CAP_MAC_OVERRIDE isn't enough to grant 73 * privilege to violate MAC policy. If no label is 74 * designated (the NULL case) capabilities apply to 75 * everyone. It is expected that the hat (^) label 76 * will be used if any label is used. 77 */ 78char *smack_onlycap; 79 80/* 81 * Certain IP addresses may be designated as single label hosts. 82 * Packets are sent there unlabeled, but only from tasks that 83 * can write to the specified label. 84 */ 85 86LIST_HEAD(smk_netlbladdr_list); 87LIST_HEAD(smack_rule_list); 88 89static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 90 91const char *smack_cipso_option = SMACK_CIPSO_OPTION; 92 93 94#define SEQ_READ_FINISHED 1 95 96/* 97 * Values for parsing cipso rules 98 * SMK_DIGITLEN: Length of a digit field in a rule. 99 * SMK_CIPSOMIN: Minimum possible cipso rule length. 100 * SMK_CIPSOMAX: Maximum possible cipso rule length. 101 */ 102#define SMK_DIGITLEN 4 103#define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN) 104#define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN) 105 106/* 107 * Values for parsing MAC rules 108 * SMK_ACCESS: Maximum possible combination of access permissions 109 * SMK_ACCESSLEN: Maximum length for a rule access field 110 * SMK_LOADLEN: Smack rule length 111 */ 112#define SMK_ACCESS "rwxa" 113#define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 114#define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) 115 116/** 117 * smk_netlabel_audit_set - fill a netlbl_audit struct 118 * @nap: structure to fill 119 */ 120static void smk_netlabel_audit_set(struct netlbl_audit *nap) 121{ 122 nap->loginuid = audit_get_loginuid(current); 123 nap->sessionid = audit_get_sessionid(current); 124 nap->secid = smack_to_secid(current_security()); 125} 126 127/* 128 * Values for parsing single label host rules 129 * "1.2.3.4 X" 130 * "192.168.138.129/32 abcdefghijklmnopqrstuvw" 131 */ 132#define SMK_NETLBLADDRMIN 9 133#define SMK_NETLBLADDRMAX 42 134 135/* 136 * Seq_file read operations for /smack/load 137 */ 138 139static void *load_seq_start(struct seq_file *s, loff_t *pos) 140{ 141 if (*pos == SEQ_READ_FINISHED) 142 return NULL; 143 if (list_empty(&smack_rule_list)) 144 return NULL; 145 return smack_rule_list.next; 146} 147 148static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) 149{ 150 struct list_head *list = v; 151 152 if (list_is_last(list, &smack_rule_list)) { 153 *pos = SEQ_READ_FINISHED; 154 return NULL; 155 } 156 return list->next; 157} 158 159static int load_seq_show(struct seq_file *s, void *v) 160{ 161 struct list_head *list = v; 162 struct smack_rule *srp = 163 list_entry(list, struct smack_rule, list); 164 165 seq_printf(s, "%s %s", (char *)srp->smk_subject, 166 (char *)srp->smk_object); 167 168 seq_putc(s, ' '); 169 170 if (srp->smk_access & MAY_READ) 171 seq_putc(s, 'r'); 172 if (srp->smk_access & MAY_WRITE) 173 seq_putc(s, 'w'); 174 if (srp->smk_access & MAY_EXEC) 175 seq_putc(s, 'x'); 176 if (srp->smk_access & MAY_APPEND) 177 seq_putc(s, 'a'); 178 if (srp->smk_access == 0) 179 seq_putc(s, '-'); 180 181 seq_putc(s, '\n'); 182 183 return 0; 184} 185 186static void load_seq_stop(struct seq_file *s, void *v) 187{ 188 /* No-op */ 189} 190 191static const struct seq_operations load_seq_ops = { 192 .start = load_seq_start, 193 .next = load_seq_next, 194 .show = load_seq_show, 195 .stop = load_seq_stop, 196}; 197 198/** 199 * smk_open_load - open() for /smack/load 200 * @inode: inode structure representing file 201 * @file: "load" file pointer 202 * 203 * For reading, use load_seq_* seq_file reading operations. 204 */ 205static int smk_open_load(struct inode *inode, struct file *file) 206{ 207 return seq_open(file, &load_seq_ops); 208} 209 210/** 211 * smk_set_access - add a rule to the rule list 212 * @srp: the new rule to add 213 * 214 * Looks through the current subject/object/access list for 215 * the subject/object pair and replaces the access that was 216 * there. If the pair isn't found add it with the specified 217 * access. 218 * 219 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 220 * during the allocation of the new pair to add. 221 */ 222static int smk_set_access(struct smack_rule *srp) 223{ 224 struct smack_rule *sp; 225 int ret = 0; 226 int found; 227 mutex_lock(&smack_list_lock); 228 229 found = 0; 230 list_for_each_entry_rcu(sp, &smack_rule_list, list) { 231 if (sp->smk_subject == srp->smk_subject && 232 sp->smk_object == srp->smk_object) { 233 found = 1; 234 sp->smk_access = srp->smk_access; 235 break; 236 } 237 } 238 if (found == 0) 239 list_add_rcu(&srp->list, &smack_rule_list); 240 241 mutex_unlock(&smack_list_lock); 242 243 return ret; 244} 245 246/** 247 * smk_write_load - write() for /smack/load 248 * @file: file pointer, not actually used 249 * @buf: where to get the data from 250 * @count: bytes sent 251 * @ppos: where to start - must be 0 252 * 253 * Get one smack access rule from above. 254 * The format is exactly: 255 * char subject[SMK_LABELLEN] 256 * char object[SMK_LABELLEN] 257 * char access[SMK_ACCESSLEN] 258 * 259 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. 260 */ 261static ssize_t smk_write_load(struct file *file, const char __user *buf, 262 size_t count, loff_t *ppos) 263{ 264 struct smack_rule *rule; 265 char *data; 266 int rc = -EINVAL; 267 268 /* 269 * Must have privilege. 270 * No partial writes. 271 * Enough data must be present. 272 */ 273 if (!capable(CAP_MAC_ADMIN)) 274 return -EPERM; 275 276 if (*ppos != 0 || count != SMK_LOADLEN) 277 return -EINVAL; 278 279 data = kzalloc(count, GFP_KERNEL); 280 if (data == NULL) 281 return -ENOMEM; 282 283 if (copy_from_user(data, buf, count) != 0) { 284 rc = -EFAULT; 285 goto out; 286 } 287 288 rule = kzalloc(sizeof(*rule), GFP_KERNEL); 289 if (rule == NULL) { 290 rc = -ENOMEM; 291 goto out; 292 } 293 294 rule->smk_subject = smk_import(data, 0); 295 if (rule->smk_subject == NULL) 296 goto out_free_rule; 297 298 rule->smk_object = smk_import(data + SMK_LABELLEN, 0); 299 if (rule->smk_object == NULL) 300 goto out_free_rule; 301 302 rule->smk_access = 0; 303 304 switch (data[SMK_LABELLEN + SMK_LABELLEN]) { 305 case '-': 306 break; 307 case 'r': 308 case 'R': 309 rule->smk_access |= MAY_READ; 310 break; 311 default: 312 goto out_free_rule; 313 } 314 315 switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) { 316 case '-': 317 break; 318 case 'w': 319 case 'W': 320 rule->smk_access |= MAY_WRITE; 321 break; 322 default: 323 goto out_free_rule; 324 } 325 326 switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) { 327 case '-': 328 break; 329 case 'x': 330 case 'X': 331 rule->smk_access |= MAY_EXEC; 332 break; 333 default: 334 goto out_free_rule; 335 } 336 337 switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) { 338 case '-': 339 break; 340 case 'a': 341 case 'A': 342 rule->smk_access |= MAY_APPEND; 343 break; 344 default: 345 goto out_free_rule; 346 } 347 348 rc = smk_set_access(rule); 349 350 if (!rc) 351 rc = count; 352 goto out; 353 354out_free_rule: 355 kfree(rule); 356out: 357 kfree(data); 358 return rc; 359} 360 361static const struct file_operations smk_load_ops = { 362 .open = smk_open_load, 363 .read = seq_read, 364 .llseek = seq_lseek, 365 .write = smk_write_load, 366 .release = seq_release, 367}; 368 369/** 370 * smk_cipso_doi - initialize the CIPSO domain 371 */ 372static void smk_cipso_doi(void) 373{ 374 int rc; 375 struct cipso_v4_doi *doip; 376 struct netlbl_audit nai; 377 378 smk_netlabel_audit_set(&nai); 379 380 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); 381 if (rc != 0) 382 printk(KERN_WARNING "%s:%d remove rc = %d\n", 383 __func__, __LINE__, rc); 384 385 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); 386 if (doip == NULL) 387 panic("smack: Failed to initialize cipso DOI.\n"); 388 doip->map.std = NULL; 389 doip->doi = smk_cipso_doi_value; 390 doip->type = CIPSO_V4_MAP_PASS; 391 doip->tags[0] = CIPSO_V4_TAG_RBITMAP; 392 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++) 393 doip->tags[rc] = CIPSO_V4_TAG_INVALID; 394 395 rc = netlbl_cfg_cipsov4_add(doip, &nai); 396 if (rc != 0) { 397 printk(KERN_WARNING "%s:%d cipso add rc = %d\n", 398 __func__, __LINE__, rc); 399 kfree(doip); 400 return; 401 } 402 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); 403 if (rc != 0) { 404 printk(KERN_WARNING "%s:%d map add rc = %d\n", 405 __func__, __LINE__, rc); 406 kfree(doip); 407 return; 408 } 409} 410 411/** 412 * smk_unlbl_ambient - initialize the unlabeled domain 413 * @oldambient: previous domain string 414 */ 415static void smk_unlbl_ambient(char *oldambient) 416{ 417 int rc; 418 struct netlbl_audit nai; 419 420 smk_netlabel_audit_set(&nai); 421 422 if (oldambient != NULL) { 423 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); 424 if (rc != 0) 425 printk(KERN_WARNING "%s:%d remove rc = %d\n", 426 __func__, __LINE__, rc); 427 } 428 429 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient, PF_INET, 430 NULL, NULL, &nai); 431 if (rc != 0) 432 printk(KERN_WARNING "%s:%d add rc = %d\n", 433 __func__, __LINE__, rc); 434} 435 436/* 437 * Seq_file read operations for /smack/cipso 438 */ 439 440static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 441{ 442 if (*pos == SEQ_READ_FINISHED) 443 return NULL; 444 if (list_empty(&smack_known_list)) 445 return NULL; 446 447 return smack_known_list.next; 448} 449 450static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 451{ 452 struct list_head *list = v; 453 454 /* 455 * labels with no associated cipso value wont be printed 456 * in cipso_seq_show 457 */ 458 if (list_is_last(list, &smack_known_list)) { 459 *pos = SEQ_READ_FINISHED; 460 return NULL; 461 } 462 463 return list->next; 464} 465 466/* 467 * Print cipso labels in format: 468 * label level[/cat[,cat]] 469 */ 470static int cipso_seq_show(struct seq_file *s, void *v) 471{ 472 struct list_head *list = v; 473 struct smack_known *skp = 474 list_entry(list, struct smack_known, list); 475 struct smack_cipso *scp = skp->smk_cipso; 476 char *cbp; 477 char sep = '/'; 478 int cat = 1; 479 int i; 480 unsigned char m; 481 482 if (scp == NULL) 483 return 0; 484 485 seq_printf(s, "%s %3d", (char *)&skp->smk_known, scp->smk_level); 486 487 cbp = scp->smk_catset; 488 for (i = 0; i < SMK_LABELLEN; i++) 489 for (m = 0x80; m != 0; m >>= 1) { 490 if (m & cbp[i]) { 491 seq_printf(s, "%c%d", sep, cat); 492 sep = ','; 493 } 494 cat++; 495 } 496 497 seq_putc(s, '\n'); 498 499 return 0; 500} 501 502static void cipso_seq_stop(struct seq_file *s, void *v) 503{ 504 /* No-op */ 505} 506 507static const struct seq_operations cipso_seq_ops = { 508 .start = cipso_seq_start, 509 .stop = cipso_seq_stop, 510 .next = cipso_seq_next, 511 .show = cipso_seq_show, 512}; 513 514/** 515 * smk_open_cipso - open() for /smack/cipso 516 * @inode: inode structure representing file 517 * @file: "cipso" file pointer 518 * 519 * Connect our cipso_seq_* operations with /smack/cipso 520 * file_operations 521 */ 522static int smk_open_cipso(struct inode *inode, struct file *file) 523{ 524 return seq_open(file, &cipso_seq_ops); 525} 526 527/** 528 * smk_write_cipso - write() for /smack/cipso 529 * @file: file pointer, not actually used 530 * @buf: where to get the data from 531 * @count: bytes sent 532 * @ppos: where to start 533 * 534 * Accepts only one cipso rule per write call. 535 * Returns number of bytes written or error code, as appropriate 536 */ 537static ssize_t smk_write_cipso(struct file *file, const char __user *buf, 538 size_t count, loff_t *ppos) 539{ 540 struct smack_known *skp; 541 struct smack_cipso *scp = NULL; 542 char mapcatset[SMK_LABELLEN]; 543 int maplevel; 544 int cat; 545 int catlen; 546 ssize_t rc = -EINVAL; 547 char *data = NULL; 548 char *rule; 549 int ret; 550 int i; 551 552 /* 553 * Must have privilege. 554 * No partial writes. 555 * Enough data must be present. 556 */ 557 if (!capable(CAP_MAC_ADMIN)) 558 return -EPERM; 559 if (*ppos != 0) 560 return -EINVAL; 561 if (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX) 562 return -EINVAL; 563 564 data = kzalloc(count + 1, GFP_KERNEL); 565 if (data == NULL) 566 return -ENOMEM; 567 568 if (copy_from_user(data, buf, count) != 0) { 569 rc = -EFAULT; 570 goto unlockedout; 571 } 572 573 /* labels cannot begin with a '-' */ 574 if (data[0] == '-') { 575 rc = -EINVAL; 576 goto unlockedout; 577 } 578 data[count] = '\0'; 579 rule = data; 580 /* 581 * Only allow one writer at a time. Writes should be 582 * quite rare and small in any case. 583 */ 584 mutex_lock(&smack_cipso_lock); 585 586 skp = smk_import_entry(rule, 0); 587 if (skp == NULL) 588 goto out; 589 590 rule += SMK_LABELLEN; 591 ret = sscanf(rule, "%d", &maplevel); 592 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) 593 goto out; 594 595 rule += SMK_DIGITLEN; 596 ret = sscanf(rule, "%d", &catlen); 597 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) 598 goto out; 599 600 if (count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN)) 601 goto out; 602 603 memset(mapcatset, 0, sizeof(mapcatset)); 604 605 for (i = 0; i < catlen; i++) { 606 rule += SMK_DIGITLEN; 607 ret = sscanf(rule, "%d", &cat); 608 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL) 609 goto out; 610 611 smack_catset_bit(cat, mapcatset); 612 } 613 614 if (skp->smk_cipso == NULL) { 615 scp = kzalloc(sizeof(struct smack_cipso), GFP_KERNEL); 616 if (scp == NULL) { 617 rc = -ENOMEM; 618 goto out; 619 } 620 } 621 622 spin_lock_bh(&skp->smk_cipsolock); 623 624 if (scp == NULL) 625 scp = skp->smk_cipso; 626 else 627 skp->smk_cipso = scp; 628 629 scp->smk_level = maplevel; 630 memcpy(scp->smk_catset, mapcatset, sizeof(mapcatset)); 631 632 spin_unlock_bh(&skp->smk_cipsolock); 633 634 rc = count; 635out: 636 mutex_unlock(&smack_cipso_lock); 637unlockedout: 638 kfree(data); 639 return rc; 640} 641 642static const struct file_operations smk_cipso_ops = { 643 .open = smk_open_cipso, 644 .read = seq_read, 645 .llseek = seq_lseek, 646 .write = smk_write_cipso, 647 .release = seq_release, 648}; 649 650/* 651 * Seq_file read operations for /smack/netlabel 652 */ 653 654static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos) 655{ 656 if (*pos == SEQ_READ_FINISHED) 657 return NULL; 658 if (list_empty(&smk_netlbladdr_list)) 659 return NULL; 660 return smk_netlbladdr_list.next; 661} 662 663static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos) 664{ 665 struct list_head *list = v; 666 667 if (list_is_last(list, &smk_netlbladdr_list)) { 668 *pos = SEQ_READ_FINISHED; 669 return NULL; 670 } 671 672 return list->next; 673} 674#define BEBITS (sizeof(__be32) * 8) 675 676/* 677 * Print host/label pairs 678 */ 679static int netlbladdr_seq_show(struct seq_file *s, void *v) 680{ 681 struct list_head *list = v; 682 struct smk_netlbladdr *skp = 683 list_entry(list, struct smk_netlbladdr, list); 684 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr; 685 int maskn; 686 u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr); 687 688 for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++); 689 690 seq_printf(s, "%u.%u.%u.%u/%d %s\n", 691 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label); 692 693 return 0; 694} 695 696static void netlbladdr_seq_stop(struct seq_file *s, void *v) 697{ 698 /* No-op */ 699} 700 701static const struct seq_operations netlbladdr_seq_ops = { 702 .start = netlbladdr_seq_start, 703 .stop = netlbladdr_seq_stop, 704 .next = netlbladdr_seq_next, 705 .show = netlbladdr_seq_show, 706}; 707 708/** 709 * smk_open_netlbladdr - open() for /smack/netlabel 710 * @inode: inode structure representing file 711 * @file: "netlabel" file pointer 712 * 713 * Connect our netlbladdr_seq_* operations with /smack/netlabel 714 * file_operations 715 */ 716static int smk_open_netlbladdr(struct inode *inode, struct file *file) 717{ 718 return seq_open(file, &netlbladdr_seq_ops); 719} 720 721/** 722 * smk_netlbladdr_insert 723 * @new : netlabel to insert 724 * 725 * This helper insert netlabel in the smack_netlbladdrs list 726 * sorted by netmask length (longest to smallest) 727 * locked by &smk_netlbladdr_lock in smk_write_netlbladdr 728 * 729 */ 730static void smk_netlbladdr_insert(struct smk_netlbladdr *new) 731{ 732 struct smk_netlbladdr *m, *m_next; 733 734 if (list_empty(&smk_netlbladdr_list)) { 735 list_add_rcu(&new->list, &smk_netlbladdr_list); 736 return; 737 } 738 739 m = list_entry_rcu(smk_netlbladdr_list.next, 740 struct smk_netlbladdr, list); 741 742 /* the comparison '>' is a bit hacky, but works */ 743 if (new->smk_mask.s_addr > m->smk_mask.s_addr) { 744 list_add_rcu(&new->list, &smk_netlbladdr_list); 745 return; 746 } 747 748 list_for_each_entry_rcu(m, &smk_netlbladdr_list, list) { 749 if (list_is_last(&m->list, &smk_netlbladdr_list)) { 750 list_add_rcu(&new->list, &m->list); 751 return; 752 } 753 m_next = list_entry_rcu(m->list.next, 754 struct smk_netlbladdr, list); 755 if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) { 756 list_add_rcu(&new->list, &m->list); 757 return; 758 } 759 } 760} 761 762 763/** 764 * smk_write_netlbladdr - write() for /smack/netlabel 765 * @file: file pointer, not actually used 766 * @buf: where to get the data from 767 * @count: bytes sent 768 * @ppos: where to start 769 * 770 * Accepts only one netlbladdr per write call. 771 * Returns number of bytes written or error code, as appropriate 772 */ 773static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf, 774 size_t count, loff_t *ppos) 775{ 776 struct smk_netlbladdr *skp; 777 struct sockaddr_in newname; 778 char smack[SMK_LABELLEN]; 779 char *sp; 780 char data[SMK_NETLBLADDRMAX + 1]; 781 char *host = (char *)&newname.sin_addr.s_addr; 782 int rc; 783 struct netlbl_audit audit_info; 784 struct in_addr mask; 785 unsigned int m; 786 int found; 787 u32 mask_bits = (1<<31); 788 __be32 nsa; 789 u32 temp_mask; 790 791 /* 792 * Must have privilege. 793 * No partial writes. 794 * Enough data must be present. 795 * "<addr/mask, as a.b.c.d/e><space><label>" 796 * "<addr, as a.b.c.d><space><label>" 797 */ 798 if (!capable(CAP_MAC_ADMIN)) 799 return -EPERM; 800 if (*ppos != 0) 801 return -EINVAL; 802 if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX) 803 return -EINVAL; 804 if (copy_from_user(data, buf, count) != 0) 805 return -EFAULT; 806 807 data[count] = '\0'; 808 809 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%d %s", 810 &host[0], &host[1], &host[2], &host[3], &m, smack); 811 if (rc != 6) { 812 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s", 813 &host[0], &host[1], &host[2], &host[3], smack); 814 if (rc != 5) 815 return -EINVAL; 816 m = BEBITS; 817 } 818 if (m > BEBITS) 819 return -EINVAL; 820 821 /* if smack begins with '-', its an option, don't import it */ 822 if (smack[0] != '-') { 823 sp = smk_import(smack, 0); 824 if (sp == NULL) 825 return -EINVAL; 826 } else { 827 /* check known options */ 828 if (strcmp(smack, smack_cipso_option) == 0) 829 sp = (char *)smack_cipso_option; 830 else 831 return -EINVAL; 832 } 833 834 for (temp_mask = 0; m > 0; m--) { 835 temp_mask |= mask_bits; 836 mask_bits >>= 1; 837 } 838 mask.s_addr = cpu_to_be32(temp_mask); 839 840 newname.sin_addr.s_addr &= mask.s_addr; 841 /* 842 * Only allow one writer at a time. Writes should be 843 * quite rare and small in any case. 844 */ 845 mutex_lock(&smk_netlbladdr_lock); 846 847 nsa = newname.sin_addr.s_addr; 848 /* try to find if the prefix is already in the list */ 849 found = 0; 850 list_for_each_entry_rcu(skp, &smk_netlbladdr_list, list) { 851 if (skp->smk_host.sin_addr.s_addr == nsa && 852 skp->smk_mask.s_addr == mask.s_addr) { 853 found = 1; 854 break; 855 } 856 } 857 smk_netlabel_audit_set(&audit_info); 858 859 if (found == 0) { 860 skp = kzalloc(sizeof(*skp), GFP_KERNEL); 861 if (skp == NULL) 862 rc = -ENOMEM; 863 else { 864 rc = 0; 865 skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr; 866 skp->smk_mask.s_addr = mask.s_addr; 867 skp->smk_label = sp; 868 smk_netlbladdr_insert(skp); 869 } 870 } else { 871 /* we delete the unlabeled entry, only if the previous label 872 * wasnt the special CIPSO option */ 873 if (skp->smk_label != smack_cipso_option) 874 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL, 875 &skp->smk_host.sin_addr, &skp->smk_mask, 876 PF_INET, &audit_info); 877 else 878 rc = 0; 879 skp->smk_label = sp; 880 } 881 882 /* 883 * Now tell netlabel about the single label nature of 884 * this host so that incoming packets get labeled. 885 * but only if we didn't get the special CIPSO option 886 */ 887 if (rc == 0 && sp != smack_cipso_option) 888 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, 889 &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET, 890 smack_to_secid(skp->smk_label), &audit_info); 891 892 if (rc == 0) 893 rc = count; 894 895 mutex_unlock(&smk_netlbladdr_lock); 896 897 return rc; 898} 899 900static const struct file_operations smk_netlbladdr_ops = { 901 .open = smk_open_netlbladdr, 902 .read = seq_read, 903 .llseek = seq_lseek, 904 .write = smk_write_netlbladdr, 905 .release = seq_release, 906}; 907 908/** 909 * smk_read_doi - read() for /smack/doi 910 * @filp: file pointer, not actually used 911 * @buf: where to put the result 912 * @count: maximum to send along 913 * @ppos: where to start 914 * 915 * Returns number of bytes read or error code, as appropriate 916 */ 917static ssize_t smk_read_doi(struct file *filp, char __user *buf, 918 size_t count, loff_t *ppos) 919{ 920 char temp[80]; 921 ssize_t rc; 922 923 if (*ppos != 0) 924 return 0; 925 926 sprintf(temp, "%d", smk_cipso_doi_value); 927 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 928 929 return rc; 930} 931 932/** 933 * smk_write_doi - write() for /smack/doi 934 * @file: file pointer, not actually used 935 * @buf: where to get the data from 936 * @count: bytes sent 937 * @ppos: where to start 938 * 939 * Returns number of bytes written or error code, as appropriate 940 */ 941static ssize_t smk_write_doi(struct file *file, const char __user *buf, 942 size_t count, loff_t *ppos) 943{ 944 char temp[80]; 945 int i; 946 947 if (!capable(CAP_MAC_ADMIN)) 948 return -EPERM; 949 950 if (count >= sizeof(temp) || count == 0) 951 return -EINVAL; 952 953 if (copy_from_user(temp, buf, count) != 0) 954 return -EFAULT; 955 956 temp[count] = '\0'; 957 958 if (sscanf(temp, "%d", &i) != 1) 959 return -EINVAL; 960 961 smk_cipso_doi_value = i; 962 963 smk_cipso_doi(); 964 965 return count; 966} 967 968static const struct file_operations smk_doi_ops = { 969 .read = smk_read_doi, 970 .write = smk_write_doi, 971}; 972 973/** 974 * smk_read_direct - read() for /smack/direct 975 * @filp: file pointer, not actually used 976 * @buf: where to put the result 977 * @count: maximum to send along 978 * @ppos: where to start 979 * 980 * Returns number of bytes read or error code, as appropriate 981 */ 982static ssize_t smk_read_direct(struct file *filp, char __user *buf, 983 size_t count, loff_t *ppos) 984{ 985 char temp[80]; 986 ssize_t rc; 987 988 if (*ppos != 0) 989 return 0; 990 991 sprintf(temp, "%d", smack_cipso_direct); 992 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 993 994 return rc; 995} 996 997/** 998 * smk_write_direct - write() for /smack/direct 999 * @file: file pointer, not actually used 1000 * @buf: where to get the data from 1001 * @count: bytes sent 1002 * @ppos: where to start 1003 * 1004 * Returns number of bytes written or error code, as appropriate 1005 */ 1006static ssize_t smk_write_direct(struct file *file, const char __user *buf, 1007 size_t count, loff_t *ppos) 1008{ 1009 char temp[80]; 1010 int i; 1011 1012 if (!capable(CAP_MAC_ADMIN)) 1013 return -EPERM; 1014 1015 if (count >= sizeof(temp) || count == 0) 1016 return -EINVAL; 1017 1018 if (copy_from_user(temp, buf, count) != 0) 1019 return -EFAULT; 1020 1021 temp[count] = '\0'; 1022 1023 if (sscanf(temp, "%d", &i) != 1) 1024 return -EINVAL; 1025 1026 smack_cipso_direct = i; 1027 1028 return count; 1029} 1030 1031static const struct file_operations smk_direct_ops = { 1032 .read = smk_read_direct, 1033 .write = smk_write_direct, 1034}; 1035 1036/** 1037 * smk_read_ambient - read() for /smack/ambient 1038 * @filp: file pointer, not actually used 1039 * @buf: where to put the result 1040 * @cn: maximum to send along 1041 * @ppos: where to start 1042 * 1043 * Returns number of bytes read or error code, as appropriate 1044 */ 1045static ssize_t smk_read_ambient(struct file *filp, char __user *buf, 1046 size_t cn, loff_t *ppos) 1047{ 1048 ssize_t rc; 1049 int asize; 1050 1051 if (*ppos != 0) 1052 return 0; 1053 /* 1054 * Being careful to avoid a problem in the case where 1055 * smack_net_ambient gets changed in midstream. 1056 */ 1057 mutex_lock(&smack_ambient_lock); 1058 1059 asize = strlen(smack_net_ambient) + 1; 1060 1061 if (cn >= asize) 1062 rc = simple_read_from_buffer(buf, cn, ppos, 1063 smack_net_ambient, asize); 1064 else 1065 rc = -EINVAL; 1066 1067 mutex_unlock(&smack_ambient_lock); 1068 1069 return rc; 1070} 1071 1072/** 1073 * smk_write_ambient - write() for /smack/ambient 1074 * @file: file pointer, not actually used 1075 * @buf: where to get the data from 1076 * @count: bytes sent 1077 * @ppos: where to start 1078 * 1079 * Returns number of bytes written or error code, as appropriate 1080 */ 1081static ssize_t smk_write_ambient(struct file *file, const char __user *buf, 1082 size_t count, loff_t *ppos) 1083{ 1084 char in[SMK_LABELLEN]; 1085 char *oldambient; 1086 char *smack; 1087 1088 if (!capable(CAP_MAC_ADMIN)) 1089 return -EPERM; 1090 1091 if (count >= SMK_LABELLEN) 1092 return -EINVAL; 1093 1094 if (copy_from_user(in, buf, count) != 0) 1095 return -EFAULT; 1096 1097 smack = smk_import(in, count); 1098 if (smack == NULL) 1099 return -EINVAL; 1100 1101 mutex_lock(&smack_ambient_lock); 1102 1103 oldambient = smack_net_ambient; 1104 smack_net_ambient = smack; 1105 smk_unlbl_ambient(oldambient); 1106 1107 mutex_unlock(&smack_ambient_lock); 1108 1109 return count; 1110} 1111 1112static const struct file_operations smk_ambient_ops = { 1113 .read = smk_read_ambient, 1114 .write = smk_write_ambient, 1115}; 1116 1117/** 1118 * smk_read_onlycap - read() for /smack/onlycap 1119 * @filp: file pointer, not actually used 1120 * @buf: where to put the result 1121 * @cn: maximum to send along 1122 * @ppos: where to start 1123 * 1124 * Returns number of bytes read or error code, as appropriate 1125 */ 1126static ssize_t smk_read_onlycap(struct file *filp, char __user *buf, 1127 size_t cn, loff_t *ppos) 1128{ 1129 char *smack = ""; 1130 ssize_t rc = -EINVAL; 1131 int asize; 1132 1133 if (*ppos != 0) 1134 return 0; 1135 1136 if (smack_onlycap != NULL) 1137 smack = smack_onlycap; 1138 1139 asize = strlen(smack) + 1; 1140 1141 if (cn >= asize) 1142 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); 1143 1144 return rc; 1145} 1146 1147/** 1148 * smk_write_onlycap - write() for /smack/onlycap 1149 * @file: file pointer, not actually used 1150 * @buf: where to get the data from 1151 * @count: bytes sent 1152 * @ppos: where to start 1153 * 1154 * Returns number of bytes written or error code, as appropriate 1155 */ 1156static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, 1157 size_t count, loff_t *ppos) 1158{ 1159 char in[SMK_LABELLEN]; 1160 char *sp = current->cred->security; 1161 1162 if (!capable(CAP_MAC_ADMIN)) 1163 return -EPERM; 1164 1165 /* 1166 * This can be done using smk_access() but is done 1167 * explicitly for clarity. The smk_access() implementation 1168 * would use smk_access(smack_onlycap, MAY_WRITE) 1169 */ 1170 if (smack_onlycap != NULL && smack_onlycap != sp) 1171 return -EPERM; 1172 1173 if (count >= SMK_LABELLEN) 1174 return -EINVAL; 1175 1176 if (copy_from_user(in, buf, count) != 0) 1177 return -EFAULT; 1178 1179 /* 1180 * Should the null string be passed in unset the onlycap value. 1181 * This seems like something to be careful with as usually 1182 * smk_import only expects to return NULL for errors. It 1183 * is usually the case that a nullstring or "\n" would be 1184 * bad to pass to smk_import but in fact this is useful here. 1185 */ 1186 smack_onlycap = smk_import(in, count); 1187 1188 return count; 1189} 1190 1191static const struct file_operations smk_onlycap_ops = { 1192 .read = smk_read_onlycap, 1193 .write = smk_write_onlycap, 1194}; 1195 1196/** 1197 * smk_read_logging - read() for /smack/logging 1198 * @filp: file pointer, not actually used 1199 * @buf: where to put the result 1200 * @cn: maximum to send along 1201 * @ppos: where to start 1202 * 1203 * Returns number of bytes read or error code, as appropriate 1204 */ 1205static ssize_t smk_read_logging(struct file *filp, char __user *buf, 1206 size_t count, loff_t *ppos) 1207{ 1208 char temp[32]; 1209 ssize_t rc; 1210 1211 if (*ppos != 0) 1212 return 0; 1213 1214 sprintf(temp, "%d\n", log_policy); 1215 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 1216 return rc; 1217} 1218 1219/** 1220 * smk_write_logging - write() for /smack/logging 1221 * @file: file pointer, not actually used 1222 * @buf: where to get the data from 1223 * @count: bytes sent 1224 * @ppos: where to start 1225 * 1226 * Returns number of bytes written or error code, as appropriate 1227 */ 1228static ssize_t smk_write_logging(struct file *file, const char __user *buf, 1229 size_t count, loff_t *ppos) 1230{ 1231 char temp[32]; 1232 int i; 1233 1234 if (!capable(CAP_MAC_ADMIN)) 1235 return -EPERM; 1236 1237 if (count >= sizeof(temp) || count == 0) 1238 return -EINVAL; 1239 1240 if (copy_from_user(temp, buf, count) != 0) 1241 return -EFAULT; 1242 1243 temp[count] = '\0'; 1244 1245 if (sscanf(temp, "%d", &i) != 1) 1246 return -EINVAL; 1247 if (i < 0 || i > 3) 1248 return -EINVAL; 1249 log_policy = i; 1250 return count; 1251} 1252 1253 1254 1255static const struct file_operations smk_logging_ops = { 1256 .read = smk_read_logging, 1257 .write = smk_write_logging, 1258}; 1259/** 1260 * smk_fill_super - fill the /smackfs superblock 1261 * @sb: the empty superblock 1262 * @data: unused 1263 * @silent: unused 1264 * 1265 * Fill in the well known entries for /smack 1266 * 1267 * Returns 0 on success, an error code on failure 1268 */ 1269static int smk_fill_super(struct super_block *sb, void *data, int silent) 1270{ 1271 int rc; 1272 struct inode *root_inode; 1273 1274 static struct tree_descr smack_files[] = { 1275 [SMK_LOAD] = 1276 {"load", &smk_load_ops, S_IRUGO|S_IWUSR}, 1277 [SMK_CIPSO] = 1278 {"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 1279 [SMK_DOI] = 1280 {"doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 1281 [SMK_DIRECT] = 1282 {"direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 1283 [SMK_AMBIENT] = 1284 {"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 1285 [SMK_NETLBLADDR] = 1286 {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, 1287 [SMK_ONLYCAP] = 1288 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 1289 [SMK_LOGGING] = 1290 {"logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, 1291 /* last one */ {""} 1292 }; 1293 1294 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 1295 if (rc != 0) { 1296 printk(KERN_ERR "%s failed %d while creating inodes\n", 1297 __func__, rc); 1298 return rc; 1299 } 1300 1301 root_inode = sb->s_root->d_inode; 1302 root_inode->i_security = new_inode_smack(smack_known_floor.smk_known); 1303 1304 return 0; 1305} 1306 1307/** 1308 * smk_get_sb - get the smackfs superblock 1309 * @fs_type: passed along without comment 1310 * @flags: passed along without comment 1311 * @dev_name: passed along without comment 1312 * @data: passed along without comment 1313 * @mnt: passed along without comment 1314 * 1315 * Just passes everything along. 1316 * 1317 * Returns what the lower level code does. 1318 */ 1319static int smk_get_sb(struct file_system_type *fs_type, 1320 int flags, const char *dev_name, void *data, 1321 struct vfsmount *mnt) 1322{ 1323 return get_sb_single(fs_type, flags, data, smk_fill_super, mnt); 1324} 1325 1326static struct file_system_type smk_fs_type = { 1327 .name = "smackfs", 1328 .get_sb = smk_get_sb, 1329 .kill_sb = kill_litter_super, 1330}; 1331 1332static struct vfsmount *smackfs_mount; 1333 1334/** 1335 * init_smk_fs - get the smackfs superblock 1336 * 1337 * register the smackfs 1338 * 1339 * Do not register smackfs if Smack wasn't enabled 1340 * on boot. We can not put this method normally under the 1341 * smack_init() code path since the security subsystem get 1342 * initialized before the vfs caches. 1343 * 1344 * Returns true if we were not chosen on boot or if 1345 * we were chosen and filesystem registration succeeded. 1346 */ 1347static int __init init_smk_fs(void) 1348{ 1349 int err; 1350 1351 if (!security_module_enable(&smack_ops)) 1352 return 0; 1353 1354 err = register_filesystem(&smk_fs_type); 1355 if (!err) { 1356 smackfs_mount = kern_mount(&smk_fs_type); 1357 if (IS_ERR(smackfs_mount)) { 1358 printk(KERN_ERR "smackfs: could not mount!\n"); 1359 err = PTR_ERR(smackfs_mount); 1360 smackfs_mount = NULL; 1361 } 1362 } 1363 1364 smk_cipso_doi(); 1365 smk_unlbl_ambient(NULL); 1366 1367 return err; 1368} 1369 1370__initcall(init_smk_fs); 1371