[linux-2.6-block.git] / security / smack / smack_access.c

/*
 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
 *
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
 *      the Free Software Foundation, version 2.
 *
 * Author:
 *      Casey Schaufler <casey@schaufler-ca.com>
 *
 */

#include <linux/types.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include "smack.h"

struct smack_known smack_known_huh = {
	.smk_known	= "?",
	.smk_secid	= 2,
};

struct smack_known smack_known_hat = {
	.smk_known	= "^",
	.smk_secid	= 3,
};

struct smack_known smack_known_star = {
	.smk_known	= "*",
	.smk_secid	= 4,
};

struct smack_known smack_known_floor = {
	.smk_known	= "_",
	.smk_secid	= 5,
};

struct smack_known smack_known_invalid = {
	.smk_known	= "",
	.smk_secid	= 6,
};

struct smack_known smack_known_web = {
	.smk_known	= "@",
	.smk_secid	= 7,
};

LIST_HEAD(smack_known_list);

/*
 * The initial value needs to be bigger than any of the
 * known values above.
 */
static u32 smack_next_secid = 10;

/*
 * what events do we log
 * can be overwritten at run-time by /smack/logging
 */
int log_policy = SMACK_AUDIT_DENIED;

/**
 * smk_access_entry - look up matching access rule
 * @subject_label: a pointer to the subject's Smack label
 * @object_label: a pointer to the object's Smack label
 * @rule_list: the list of rules to search
 *
 * This function looks up the subject/object pair in the
 * access rule list and returns the access mode. If no
 * entry is found returns -ENOENT.
 *
 * NOTE:
 *
 * Earlier versions of this function allowed for labels that
 * were not on the label list. This was done to allow for
 * labels to come over the network that had never been seen
 * before on this host. Unless the receiving socket has the
 * star label this will always result in a failure check. The
 * star labeled socket case is now handled in the networking
 * hooks so there is no case where the label is not on the
 * label list. Checking to see if the address of two labels
 * is the same is now a reliable test.
 *
 * Do the object check first because that is more
 * likely to differ.
 *
 * Allowing write access implies allowing locking.
 */
int smk_access_entry(char *subject_label, char *object_label,
			struct list_head *rule_list)
{
	int may = -ENOENT;
	struct smack_rule *srp;

	list_for_each_entry_rcu(srp, rule_list, list) {
		if (srp->smk_object->smk_known == object_label &&
		    srp->smk_subject->smk_known == subject_label) {
			may = srp->smk_access;
			break;
		}
	}

	/*
	 * MAY_WRITE implies MAY_LOCK.
	 */
	if ((may & MAY_WRITE) == MAY_WRITE)
		may |= MAY_LOCK;
	return may;
}

/**
 * smk_access - determine if a subject has a specific access to an object
 * @subject: a pointer to the subject's Smack label entry
 * @object: a pointer to the object's Smack label entry
 * @request: the access requested, in "MAY" format
 * @a : a pointer to the audit data
 *
 * This function looks up the subject/object pair in the
 * access rule list and returns 0 if the access is permitted,
 * non zero otherwise.
 *
 * Smack labels are shared on smack_list
 */
int smk_access(struct smack_known *subject, struct smack_known *object,
	       int request, struct smk_audit_info *a)
{
	int may = MAY_NOT;
	int rc = 0;

	/*
	 * Hardcoded comparisons.
	 *
	 * A star subject can't access any object.
	 */
	if (subject == &smack_known_star) {
		rc = -EACCES;
		goto out_audit;
	}
	/*
	 * An internet object can be accessed by any subject.
	 * Tasks cannot be assigned the internet label.
	 * An internet subject can access any object.
	 */
	if (object == &smack_known_web ||
	    subject == &smack_known_web)
		goto out_audit;
	/*
	 * A star object can be accessed by any subject.
	 */
	if (object == &smack_known_star)
		goto out_audit;
	/*
	 * An object can be accessed in any way by a subject
	 * with the same label.
	 */
	if (subject->smk_known == object->smk_known)
		goto out_audit;
	/*
	 * A hat subject can read any object.
	 * A floor object can be read by any subject.
	 */
	if ((request & MAY_ANYREAD) == request) {
		if (object == &smack_known_floor)
			goto out_audit;
		if (subject == &smack_known_hat)
			goto out_audit;
	}
	/*
	 * Beyond here an explicit relationship is required.
	 * If the requested access is contained in the available
	 * access (e.g. read is included in readwrite) it's
	 * good. A negative response from smk_access_entry()
	 * indicates there is no entry for this pair.
	 */
	rcu_read_lock();
	may = smk_access_entry(subject->smk_known, object->smk_known,
			       &subject->smk_rules);
	rcu_read_unlock();

	if (may <= 0 || (request & may) != request) {
		rc = -EACCES;
		goto out_audit;
	}
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
	/*
	 * Return a positive value if using bringup mode.
	 * This allows the hooks to identify checks that
	 * succeed because of "b" rules.
	 */
	if (may & MAY_BRINGUP)
		rc = MAY_BRINGUP;
#endif

out_audit:
#ifdef CONFIG_AUDIT
	if (a)
		smack_log(subject->smk_known, object->smk_known,
			  request, rc, a);
#endif

	return rc;
}

/**
 * smk_tskacc - determine if a task has a specific access to an object
 * @tsp: a pointer to the subject's task
 * @obj_known: a pointer to the object's label entry
 * @mode: the access requested, in "MAY" format
 * @a : common audit data
 *
 * This function checks the subject task's label/object label pair
 * in the access rule list and returns 0 if the access is permitted,
 * non zero otherwise. It allows that the task may have the capability
 * to override the rules.
 */
int smk_tskacc(struct task_smack *tsp, struct smack_known *obj_known,
	       u32 mode, struct smk_audit_info *a)
{
	struct smack_known *sbj_known = smk_of_task(tsp);
	int may;
	int rc;

	/*
	 * Check the global rule list
	 */
	rc = smk_access(sbj_known, obj_known, mode, NULL);
	if (rc >= 0) {
		/*
		 * If there is an entry in the task's rule list
		 * it can further restrict access.
		 */
		may = smk_access_entry(sbj_known->smk_known,
				       obj_known->smk_known,
				       &tsp->smk_rules);
		if (may < 0)
			goto out_audit;
		if ((mode & may) == mode)
			goto out_audit;
		rc = -EACCES;
	}

	/*
	 * Allow for priviliged to override policy.
	 */
	if (rc != 0 && smack_privileged(CAP_MAC_OVERRIDE))
		rc = 0;

out_audit:
#ifdef CONFIG_AUDIT
	if (a)
		smack_log(sbj_known->smk_known, obj_known->smk_known,
			  mode, rc, a);
#endif
	return rc;
}

/**
 * smk_curacc - determine if current has a specific access to an object
 * @obj_known: a pointer to the object's Smack label entry
 * @mode: the access requested, in "MAY" format
 * @a : common audit data
 *
 * This function checks the current subject label/object label pair
 * in the access rule list and returns 0 if the access is permitted,
 * non zero otherwise. It allows that current may have the capability
 * to override the rules.
 */
int smk_curacc(struct smack_known *obj_known,
	       u32 mode, struct smk_audit_info *a)
{
	struct task_smack *tsp = current_security();

	return smk_tskacc(tsp, obj_known, mode, a);
}

#ifdef CONFIG_AUDIT
/**
 * smack_str_from_perm : helper to transalate an int to a
 * readable string
 * @string : the string to fill
 * @access : the int
 *
 */
static inline void smack_str_from_perm(char *string, int access)
{
	int i = 0;

	if (access & MAY_READ)
		string[i++] = 'r';
	if (access & MAY_WRITE)
		string[i++] = 'w';
	if (access & MAY_EXEC)
		string[i++] = 'x';
	if (access & MAY_APPEND)
		string[i++] = 'a';
	if (access & MAY_TRANSMUTE)
		string[i++] = 't';
	if (access & MAY_LOCK)
		string[i++] = 'l';
	string[i] = '\0';
}
/**
 * smack_log_callback - SMACK specific information
 * will be called by generic audit code
 * @ab : the audit_buffer
 * @a  : audit_data
 *
 */
static void smack_log_callback(struct audit_buffer *ab, void *a)
{
	struct common_audit_data *ad = a;
	struct smack_audit_data *sad = ad->smack_audit_data;
	audit_log_format(ab, "lsm=SMACK fn=%s action=%s",
			 ad->smack_audit_data->function,
			 sad->result ? "denied" : "granted");
	audit_log_format(ab, " subject=");
	audit_log_untrustedstring(ab, sad->subject);
	audit_log_format(ab, " object=");
	audit_log_untrustedstring(ab, sad->object);
	if (sad->request[0] == '\0')
		audit_log_format(ab, " labels_differ");
	else
		audit_log_format(ab, " requested=%s", sad->request);
}

/**
 *  smack_log - Audit the granting or denial of permissions.
 *  @subject_label : smack label of the requester
 *  @object_label  : smack label of the object being accessed
 *  @request: requested permissions
 *  @result: result from smk_access
 *  @a:  auxiliary audit data
 *
 * Audit the granting or denial of permissions in accordance
 * with the policy.
 */
void smack_log(char *subject_label, char *object_label, int request,
	       int result, struct smk_audit_info *ad)
{
	char request_buffer[SMK_NUM_ACCESS_TYPE + 1];
	struct smack_audit_data *sad;
	struct common_audit_data *a = &ad->a;

#ifdef CONFIG_SECURITY_SMACK_BRINGUP
	/*
	 * The result may be positive in bringup mode.
	 */
	if (result > 0)
		result = 0;
#endif
	/* check if we have to log the current event */
	if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
		return;
	if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
		return;

	sad = a->smack_audit_data;

	if (sad->function == NULL)
		sad->function = "unknown";

	/* end preparing the audit data */
	smack_str_from_perm(request_buffer, request);
	sad->subject = subject_label;
	sad->object  = object_label;
	sad->request = request_buffer;
	sad->result  = result;

	common_lsm_audit(a, smack_log_callback, NULL);
}
#else /* #ifdef CONFIG_AUDIT */
void smack_log(char *subject_label, char *object_label, int request,
               int result, struct smk_audit_info *ad)
{
}
#endif

DEFINE_MUTEX(smack_known_lock);

struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];

/**
 * smk_insert_entry - insert a smack label into a hash map,
 *
 * this function must be called under smack_known_lock
 */
void smk_insert_entry(struct smack_known *skp)
{
	unsigned int hash;
	struct hlist_head *head;

	hash = full_name_hash(skp->smk_known, strlen(skp->smk_known));
	head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)];

	hlist_add_head_rcu(&skp->smk_hashed, head);
	list_add_rcu(&skp->list, &smack_known_list);
}

/**
 * smk_find_entry - find a label on the list, return the list entry
 * @string: a text string that might be a Smack label
 *
 * Returns a pointer to the entry in the label list that
 * matches the passed string.
 */
struct smack_known *smk_find_entry(const char *string)
{
	unsigned int hash;
	struct hlist_head *head;
	struct smack_known *skp;

	hash = full_name_hash(string, strlen(string));
	head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)];

	hlist_for_each_entry_rcu(skp, head, smk_hashed)
		if (strcmp(skp->smk_known, string) == 0)
			return skp;

	return NULL;
}

/**
 * smk_parse_smack - parse smack label from a text string
 * @string: a text string that might contain a Smack label
 * @len: the maximum size, or zero if it is NULL terminated.
 *
 * Returns a pointer to the clean label, or NULL
 */
char *smk_parse_smack(const char *string, int len)
{
	char *smack;
	int i;

	if (len <= 0)
		len = strlen(string) + 1;

	/*
	 * Reserve a leading '-' as an indicator that
	 * this isn't a label, but an option to interfaces
	 * including /smack/cipso and /smack/cipso2
	 */
	if (string[0] == '-')
		return NULL;

	for (i = 0; i < len; i++)
		if (string[i] > '~' || string[i] <= ' ' || string[i] == '/' ||
		    string[i] == '"' || string[i] == '\\' || string[i] == '\'')
			break;

	if (i == 0 || i >= SMK_LONGLABEL)
		return NULL;

	smack = kzalloc(i + 1, GFP_KERNEL);
	if (smack != NULL) {
		strncpy(smack, string, i + 1);
		smack[i] = '\0';
	}
	return smack;
}

/**
 * smk_netlbl_mls - convert a catset to netlabel mls categories
 * @catset: the Smack categories
 * @sap: where to put the netlabel categories
 *
 * Allocates and fills attr.mls
 * Returns 0 on success, error code on failure.
 */
int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
			int len)
{
	unsigned char *cp;
	unsigned char m;
	int cat;
	int rc;
	int byte;

	sap->flags |= NETLBL_SECATTR_MLS_CAT;
	sap->attr.mls.lvl = level;
	sap->attr.mls.cat = NULL;

	for (cat = 1, cp = catset, byte = 0; byte < len; cp++, byte++)
		for (m = 0x80; m != 0; m >>= 1, cat++) {
			if ((m & *cp) == 0)
				continue;
			rc = netlbl_catmap_setbit(&sap->attr.mls.cat,
						  cat, GFP_ATOMIC);
			if (rc < 0) {
				netlbl_catmap_free(sap->attr.mls.cat);
				return rc;
			}
		}

	return 0;
}

/**
 * smk_import_entry - import a label, return the list entry
 * @string: a text string that might be a Smack label
 * @len: the maximum size, or zero if it is NULL terminated.
 *
 * Returns a pointer to the entry in the label list that
 * matches the passed string, adding it if necessary.
 */
struct smack_known *smk_import_entry(const char *string, int len)
{
	struct smack_known *skp;
	char *smack;
	int slen;
	int rc;

	smack = smk_parse_smack(string, len);
	if (smack == NULL)
		return NULL;

	mutex_lock(&smack_known_lock);

	skp = smk_find_entry(smack);
	if (skp != NULL)
		goto freeout;

	skp = kzalloc(sizeof(*skp), GFP_KERNEL);
	if (skp == NULL)
		goto freeout;

	skp->smk_known = smack;
	skp->smk_secid = smack_next_secid++;
	skp->smk_netlabel.domain = skp->smk_known;
	skp->smk_netlabel.flags =
		NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
	/*
	 * If direct labeling works use it.
	 * Otherwise use mapped labeling.
	 */
	slen = strlen(smack);
	if (slen < SMK_CIPSOLEN)
		rc = smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
			       &skp->smk_netlabel, slen);
	else
		rc = smk_netlbl_mls(smack_cipso_mapped, (char *)&skp->smk_secid,
			       &skp->smk_netlabel, sizeof(skp->smk_secid));

	if (rc >= 0) {
		INIT_LIST_HEAD(&skp->smk_rules);
		mutex_init(&skp->smk_rules_lock);
		/*
		 * Make sure that the entry is actually
		 * filled before putting it on the list.
		 */
		smk_insert_entry(skp);
		goto unlockout;
	}
	/*
	 * smk_netlbl_mls failed.
	 */
	kfree(skp);
	skp = NULL;
freeout:
	kfree(smack);
unlockout:
	mutex_unlock(&smack_known_lock);

	return skp;
}

/**
 * smack_from_secid - find the Smack label associated with a secid
 * @secid: an integer that might be associated with a Smack label
 *
 * Returns a pointer to the appropriate Smack label entry if there is one,
 * otherwise a pointer to the invalid Smack label.
 */
struct smack_known *smack_from_secid(const u32 secid)
{
	struct smack_known *skp;

	rcu_read_lock();
	list_for_each_entry_rcu(skp, &smack_known_list, list) {
		if (skp->smk_secid == secid) {
			rcu_read_unlock();
			return skp;
		}
	}

	/*
	 * If we got this far someone asked for the translation
	 * of a secid that is not on the list.
	 */
	rcu_read_unlock();
	return &smack_known_invalid;
}
Commit	Line	Data
e114e473 CS	1	/*
	2	* Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
	3	*
	4	* This program is free software; you can redistribute it and/or modify
	5	* it under the terms of the GNU General Public License as published by
	6	* the Free Software Foundation, version 2.
	7	*
	8	* Author:
	9	* Casey Schaufler <casey@schaufler-ca.com>
	10	*
	11	*/
	12
	13	#include <linux/types.h>
5a0e3ad6	14	#include <linux/slab.h>
e114e473 CS	15	#include <linux/fs.h>
	16	#include <linux/sched.h>
	17	#include "smack.h"
	18
e114e473	19	struct smack_known smack_known_huh = {
e114e473 CS	20	.smk_known = "?",
e114e473 CS	21	.smk_secid = 2,
e114e473 CS	22	};
	23
	24	struct smack_known smack_known_hat = {
e114e473 CS	25	.smk_known = "^",
e114e473 CS	26	.smk_secid = 3,
e114e473 CS	27	};
	28
	29	struct smack_known smack_known_star = {
e114e473 CS	30	.smk_known = "*",
e114e473 CS	31	.smk_secid = 4,
e114e473 CS	32	};
	33
	34	struct smack_known smack_known_floor = {
e114e473 CS	35	.smk_known = "_",
e114e473 CS	36	.smk_secid = 5,
e114e473 CS	37	};
	38
	39	struct smack_known smack_known_invalid = {
e114e473 CS	40	.smk_known = "",
e114e473 CS	41	.smk_secid = 6,
e114e473 CS	42	};
e114e473 CS	43
6d3dc07c	44	struct smack_known smack_known_web = {
6d3dc07c CS	45	.smk_known = "@",
6d3dc07c CS	46	.smk_secid = 7,
6d3dc07c CS	47	};
6d3dc07c CS	48
7198e2ee	49	LIST_HEAD(smack_known_list);
e114e473 CS	50
	51	/*
	52	* The initial value needs to be bigger than any of the
	53	* known values above.
	54	*/
	55	static u32 smack_next_secid = 10;
	56
ecfcc53f EB	57	/*
	58	* what events do we log
	59	* can be overwritten at run-time by /smack/logging
	60	*/
	61	int log_policy = SMACK_AUDIT_DENIED;
	62
5c6d1125 JS	63	/**
	64	* smk_access_entry - look up matching access rule
	65	* @subject_label: a pointer to the subject's Smack label
	66	* @object_label: a pointer to the object's Smack label
7898e1f8	67	* @rule_list: the list of rules to search
5c6d1125 JS	68	*
5c6d1125 JS	69	* This function looks up the subject/object pair in the
7898e1f8 CS	70	* access rule list and returns the access mode. If no
7898e1f8 CS	71	* entry is found returns -ENOENT.
5c6d1125 JS	72	*
5c6d1125 JS	73	* NOTE:
5c6d1125	74	*
272cd7a8 CS	75	* Earlier versions of this function allowed for labels that
	76	* were not on the label list. This was done to allow for
	77	* labels to come over the network that had never been seen
	78	* before on this host. Unless the receiving socket has the
	79	* star label this will always result in a failure check. The
	80	* star labeled socket case is now handled in the networking
	81	* hooks so there is no case where the label is not on the
	82	* label list. Checking to see if the address of two labels
	83	* is the same is now a reliable test.
	84	*
	85	* Do the object check first because that is more
	86	* likely to differ.
c0ab6e56 CS	87	*
c0ab6e56 CS	88	* Allowing write access implies allowing locking.
5c6d1125	89	*/
7898e1f8 CS	90	int smk_access_entry(char subject_label, char object_label,
7898e1f8 CS	91	struct list_head *rule_list)
5c6d1125	92	{
7898e1f8	93	int may = -ENOENT;
5c6d1125 JS	94	struct smack_rule *srp;
5c6d1125 JS	95
7898e1f8	96	list_for_each_entry_rcu(srp, rule_list, list) {
21c7eae2	97	if (srp->smk_object->smk_known == object_label &&
2f823ff8	98	srp->smk_subject->smk_known == subject_label) {
272cd7a8 CS	99	may = srp->smk_access;
272cd7a8 CS	100	break;
5c6d1125 JS	101	}
5c6d1125 JS	102	}
5c6d1125	103
c0ab6e56 CS	104	/*
	105	* MAY_WRITE implies MAY_LOCK.
	106	*/
	107	if ((may & MAY_WRITE) == MAY_WRITE)
	108	may \|= MAY_LOCK;
5c6d1125 JS	109	return may;
	110	}
	111
e114e473 CS	112	/**
e114e473 CS	113	* smk_access - determine if a subject has a specific access to an object
21c7eae2 LP	114	* @subject: a pointer to the subject's Smack label entry
21c7eae2 LP	115	* @object: a pointer to the object's Smack label entry
e114e473	116	* @request: the access requested, in "MAY" format
ecfcc53f	117	* @a : a pointer to the audit data
e114e473 CS	118	*
	119	* This function looks up the subject/object pair in the
	120	* access rule list and returns 0 if the access is permitted,
	121	* non zero otherwise.
	122	*
272cd7a8	123	* Smack labels are shared on smack_list
e114e473	124	*/
21c7eae2 LP	125	int smk_access(struct smack_known subject, struct smack_known object,
21c7eae2 LP	126	int request, struct smk_audit_info *a)
e114e473	127	{
7898e1f8	128	int may = MAY_NOT;
ecfcc53f	129	int rc = 0;
e114e473 CS	130
	131	/*
	132	* Hardcoded comparisons.
	133	*
	134	* A star subject can't access any object.
	135	*/
21c7eae2	136	if (subject == &smack_known_star) {
ecfcc53f EB	137	rc = -EACCES;
	138	goto out_audit;
	139	}
6d3dc07c CS	140	/*
	141	* An internet object can be accessed by any subject.
	142	* Tasks cannot be assigned the internet label.
	143	* An internet subject can access any object.
	144	*/
21c7eae2 LP	145	if (object == &smack_known_web \|\|
21c7eae2 LP	146	subject == &smack_known_web)
ecfcc53f	147	goto out_audit;
e114e473 CS	148	/*
	149	* A star object can be accessed by any subject.
	150	*/
21c7eae2	151	if (object == &smack_known_star)
ecfcc53f	152	goto out_audit;
e114e473 CS	153	/*
	154	* An object can be accessed in any way by a subject
	155	* with the same label.
	156	*/
21c7eae2	157	if (subject->smk_known == object->smk_known)
ecfcc53f	158	goto out_audit;
e114e473 CS	159	/*
	160	* A hat subject can read any object.
	161	* A floor object can be read by any subject.
	162	*/
	163	if ((request & MAY_ANYREAD) == request) {
21c7eae2	164	if (object == &smack_known_floor)
ecfcc53f	165	goto out_audit;
21c7eae2	166	if (subject == &smack_known_hat)
ecfcc53f	167	goto out_audit;
e114e473 CS	168	}
	169	/*
	170	* Beyond here an explicit relationship is required.
	171	* If the requested access is contained in the available
	172	* access (e.g. read is included in readwrite) it's
7898e1f8 CS	173	* good. A negative response from smk_access_entry()
7898e1f8 CS	174	* indicates there is no entry for this pair.
e114e473	175	*/
7898e1f8	176	rcu_read_lock();
21c7eae2 LP	177	may = smk_access_entry(subject->smk_known, object->smk_known,
21c7eae2 LP	178	&subject->smk_rules);
7898e1f8 CS	179	rcu_read_unlock();
7898e1f8 CS	180
d166c802 CS	181	if (may <= 0 \|\| (request & may) != request) {
d166c802 CS	182	rc = -EACCES;
ecfcc53f	183	goto out_audit;
d166c802 CS	184	}
	185	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
	186	/*
	187	* Return a positive value if using bringup mode.
	188	* This allows the hooks to identify checks that
	189	* succeed because of "b" rules.
	190	*/
	191	if (may & MAY_BRINGUP)
	192	rc = MAY_BRINGUP;
	193	#endif
e114e473	194
ecfcc53f EB	195	out_audit:
	196	#ifdef CONFIG_AUDIT
	197	if (a)
21c7eae2 LP	198	smack_log(subject->smk_known, object->smk_known,
21c7eae2 LP	199	request, rc, a);
ecfcc53f	200	#endif
d166c802	201
ecfcc53f	202	return rc;
e114e473 CS	203	}
	204
	205	/**
959e6c7f	206	* smk_tskacc - determine if a task has a specific access to an object
21c7eae2 LP	207	* @tsp: a pointer to the subject's task
21c7eae2 LP	208	* @obj_known: a pointer to the object's label entry
251a2a95	209	* @mode: the access requested, in "MAY" format
ecfcc53f	210	* @a : common audit data
e114e473	211	*
959e6c7f	212	* This function checks the subject task's label/object label pair
e114e473	213	* in the access rule list and returns 0 if the access is permitted,
959e6c7f	214	* non zero otherwise. It allows that the task may have the capability
e114e473 CS	215	* to override the rules.
e114e473 CS	216	*/
21c7eae2	217	int smk_tskacc(struct task_smack tsp, struct smack_known obj_known,
959e6c7f	218	u32 mode, struct smk_audit_info *a)
e114e473	219	{
21c7eae2	220	struct smack_known *sbj_known = smk_of_task(tsp);
7898e1f8	221	int may;
e114e473 CS	222	int rc;
e114e473 CS	223
7898e1f8 CS	224	/*
	225	* Check the global rule list
	226	*/
21c7eae2	227	rc = smk_access(sbj_known, obj_known, mode, NULL);
d166c802	228	if (rc >= 0) {
7898e1f8 CS	229	/*
	230	* If there is an entry in the task's rule list
	231	* it can further restrict access.
	232	*/
21c7eae2 LP	233	may = smk_access_entry(sbj_known->smk_known,
	234	obj_known->smk_known,
	235	&tsp->smk_rules);
7898e1f8 CS	236	if (may < 0)
	237	goto out_audit;
	238	if ((mode & may) == mode)
	239	goto out_audit;
	240	rc = -EACCES;
	241	}
e114e473	242
15446235	243	/*
1880eff7	244	* Allow for priviliged to override policy.
15446235	245	*/
1880eff7	246	if (rc != 0 && smack_privileged(CAP_MAC_OVERRIDE))
7898e1f8	247	rc = 0;
e114e473	248
ecfcc53f EB	249	out_audit:
	250	#ifdef CONFIG_AUDIT
	251	if (a)
21c7eae2 LP	252	smack_log(sbj_known->smk_known, obj_known->smk_known,
21c7eae2 LP	253	mode, rc, a);
ecfcc53f	254	#endif
e114e473 CS	255	return rc;
	256	}
	257
959e6c7f LP	258	/**
959e6c7f LP	259	* smk_curacc - determine if current has a specific access to an object
21c7eae2	260	* @obj_known: a pointer to the object's Smack label entry
959e6c7f LP	261	* @mode: the access requested, in "MAY" format
	262	* @a : common audit data
	263	*
	264	* This function checks the current subject label/object label pair
	265	* in the access rule list and returns 0 if the access is permitted,
	266	* non zero otherwise. It allows that current may have the capability
	267	* to override the rules.
	268	*/
21c7eae2 LP	269	int smk_curacc(struct smack_known *obj_known,
21c7eae2 LP	270	u32 mode, struct smk_audit_info *a)
959e6c7f LP	271	{
	272	struct task_smack *tsp = current_security();
	273
21c7eae2	274	return smk_tskacc(tsp, obj_known, mode, a);
959e6c7f LP	275	}
959e6c7f LP	276
ecfcc53f EB	277	#ifdef CONFIG_AUDIT
	278	/**
	279	* smack_str_from_perm : helper to transalate an int to a
	280	* readable string
	281	* @string : the string to fill
	282	* @access : the int
	283	*
	284	*/
	285	static inline void smack_str_from_perm(char *string, int access)
	286	{
	287	int i = 0;
c0ab6e56	288
ecfcc53f EB	289	if (access & MAY_READ)
	290	string[i++] = 'r';
	291	if (access & MAY_WRITE)
	292	string[i++] = 'w';
	293	if (access & MAY_EXEC)
	294	string[i++] = 'x';
	295	if (access & MAY_APPEND)
	296	string[i++] = 'a';
a87d79ad RK	297	if (access & MAY_TRANSMUTE)
a87d79ad RK	298	string[i++] = 't';
c0ab6e56 CS	299	if (access & MAY_LOCK)
c0ab6e56 CS	300	string[i++] = 'l';
ecfcc53f EB	301	string[i] = '\0';
	302	}
	303	/**
	304	* smack_log_callback - SMACK specific information
	305	* will be called by generic audit code
	306	* @ab : the audit_buffer
	307	* @a : audit_data
	308	*
	309	*/
	310	static void smack_log_callback(struct audit_buffer ab, void a)
	311	{
	312	struct common_audit_data *ad = a;
3b3b0e4f	313	struct smack_audit_data *sad = ad->smack_audit_data;
ed5215a2	314	audit_log_format(ab, "lsm=SMACK fn=%s action=%s",
3b3b0e4f	315	ad->smack_audit_data->function,
ecfcc53f EB	316	sad->result ? "denied" : "granted");
	317	audit_log_format(ab, " subject=");
	318	audit_log_untrustedstring(ab, sad->subject);
	319	audit_log_format(ab, " object=");
	320	audit_log_untrustedstring(ab, sad->object);
66867818 LP	321	if (sad->request[0] == '\0')
	322	audit_log_format(ab, " labels_differ");
	323	else
	324	audit_log_format(ab, " requested=%s", sad->request);
ecfcc53f EB	325	}
	326
	327	/**
	328	* smack_log - Audit the granting or denial of permissions.
	329	* @subject_label : smack label of the requester
	330	* @object_label : smack label of the object being accessed
	331	* @request: requested permissions
	332	* @result: result from smk_access
	333	* @a: auxiliary audit data
	334	*
	335	* Audit the granting or denial of permissions in accordance
	336	* with the policy.
	337	*/
	338	void smack_log(char subject_label, char object_label, int request,
	339	int result, struct smk_audit_info *ad)
	340	{
	341	char request_buffer[SMK_NUM_ACCESS_TYPE + 1];
	342	struct smack_audit_data *sad;
	343	struct common_audit_data *a = &ad->a;
	344
d166c802 CS	345	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
	346	/*
	347	* The result may be positive in bringup mode.
	348	*/
	349	if (result > 0)
	350	result = 0;
	351	#endif
ecfcc53f EB	352	/* check if we have to log the current event */
	353	if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
	354	return;
	355	if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
	356	return;
	357
3b3b0e4f EP	358	sad = a->smack_audit_data;
	359
	360	if (sad->function == NULL)
	361	sad->function = "unknown";
ecfcc53f EB	362
ecfcc53f EB	363	/* end preparing the audit data */
ecfcc53f EB	364	smack_str_from_perm(request_buffer, request);
	365	sad->subject = subject_label;
	366	sad->object = object_label;
	367	sad->request = request_buffer;
	368	sad->result = result;
ecfcc53f	369
b61c37f5	370	common_lsm_audit(a, smack_log_callback, NULL);
ecfcc53f EB	371	}
	372	#else /* #ifdef CONFIG_AUDIT */
	373	void smack_log(char subject_label, char object_label, int request,
	374	int result, struct smk_audit_info *ad)
	375	{
	376	}
	377	#endif
	378
f7112e6c	379	DEFINE_MUTEX(smack_known_lock);
e114e473	380
4d7cf4a1 TS	381	struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
	382
	383	/**
	384	* smk_insert_entry - insert a smack label into a hash map,
	385	*
	386	* this function must be called under smack_known_lock
	387	*/
	388	void smk_insert_entry(struct smack_known *skp)
	389	{
	390	unsigned int hash;
	391	struct hlist_head *head;
	392
	393	hash = full_name_hash(skp->smk_known, strlen(skp->smk_known));
	394	head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)];
	395
	396	hlist_add_head_rcu(&skp->smk_hashed, head);
	397	list_add_rcu(&skp->list, &smack_known_list);
	398	}
	399
272cd7a8 CS	400	/**
	401	* smk_find_entry - find a label on the list, return the list entry
	402	* @string: a text string that might be a Smack label
	403	*
	404	* Returns a pointer to the entry in the label list that
	405	* matches the passed string.
	406	*/
	407	struct smack_known smk_find_entry(const char string)
	408	{
4d7cf4a1 TS	409	unsigned int hash;
4d7cf4a1 TS	410	struct hlist_head *head;
272cd7a8 CS	411	struct smack_known *skp;
272cd7a8 CS	412
4d7cf4a1 TS	413	hash = full_name_hash(string, strlen(string));
	414	head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)];
	415
	416	hlist_for_each_entry_rcu(skp, head, smk_hashed)
f7112e6c	417	if (strcmp(skp->smk_known, string) == 0)
272cd7a8	418	return skp;
272cd7a8 CS	419
	420	return NULL;
	421	}
	422
e114e473	423	/**
0e94ae17 JS	424	* smk_parse_smack - parse smack label from a text string
0e94ae17 JS	425	* @string: a text string that might contain a Smack label
e114e473	426	* @len: the maximum size, or zero if it is NULL terminated.
f7112e6c CS	427	*
f7112e6c CS	428	* Returns a pointer to the clean label, or NULL
e114e473	429	*/
f7112e6c	430	char smk_parse_smack(const char string, int len)
e114e473	431	{
f7112e6c	432	char *smack;
e114e473 CS	433	int i;
e114e473 CS	434
f7112e6c CS	435	if (len <= 0)
	436	len = strlen(string) + 1;
	437
	438	/*
	439	* Reserve a leading '-' as an indicator that
	440	* this isn't a label, but an option to interfaces
	441	* including /smack/cipso and /smack/cipso2
	442	*/
	443	if (string[0] == '-')
	444	return NULL;
	445
	446	for (i = 0; i < len; i++)
	447	if (string[i] > '~' \|\| string[i] <= ' ' \|\| string[i] == '/' \|\|
	448	string[i] == '"' \|\| string[i] == '\\' \|\| string[i] == '\'')
	449	break;
	450
	451	if (i == 0 \|\| i >= SMK_LONGLABEL)
	452	return NULL;
	453
	454	smack = kzalloc(i + 1, GFP_KERNEL);
	455	if (smack != NULL) {
	456	strncpy(smack, string, i + 1);
	457	smack[i] = '\0';
e114e473	458	}
f7112e6c CS	459	return smack;
	460	}
	461
	462	/**
	463	* smk_netlbl_mls - convert a catset to netlabel mls categories
	464	* @catset: the Smack categories
	465	* @sap: where to put the netlabel categories
	466	*
	467	* Allocates and fills attr.mls
	468	* Returns 0 on success, error code on failure.
	469	*/
	470	int smk_netlbl_mls(int level, char catset, struct netlbl_lsm_secattr sap,
	471	int len)
	472	{
	473	unsigned char *cp;
	474	unsigned char m;
	475	int cat;
	476	int rc;
	477	int byte;
	478
	479	sap->flags \|= NETLBL_SECATTR_MLS_CAT;
	480	sap->attr.mls.lvl = level;
4b8feff2	481	sap->attr.mls.cat = NULL;
f7112e6c CS	482
	483	for (cat = 1, cp = catset, byte = 0; byte < len; cp++, byte++)
	484	for (m = 0x80; m != 0; m >>= 1, cat++) {
	485	if ((m & *cp) == 0)
	486	continue;
4fbe63d1 PM	487	rc = netlbl_catmap_setbit(&sap->attr.mls.cat,
4fbe63d1 PM	488	cat, GFP_ATOMIC);
f7112e6c	489	if (rc < 0) {
4fbe63d1	490	netlbl_catmap_free(sap->attr.mls.cat);
f7112e6c CS	491	return rc;
	492	}
	493	}
	494
	495	return 0;
0e94ae17 JS	496	}
	497
	498	/**
	499	* smk_import_entry - import a label, return the list entry
	500	* @string: a text string that might be a Smack label
	501	* @len: the maximum size, or zero if it is NULL terminated.
	502	*
	503	* Returns a pointer to the entry in the label list that
	504	* matches the passed string, adding it if necessary.
	505	*/
	506	struct smack_known smk_import_entry(const char string, int len)
	507	{
	508	struct smack_known *skp;
f7112e6c CS	509	char *smack;
	510	int slen;
	511	int rc;
e114e473	512
f7112e6c CS	513	smack = smk_parse_smack(string, len);
f7112e6c CS	514	if (smack == NULL)
e114e473 CS	515	return NULL;
	516
	517	mutex_lock(&smack_known_lock);
	518
272cd7a8	519	skp = smk_find_entry(smack);
f7112e6c CS	520	if (skp != NULL)
f7112e6c CS	521	goto freeout;
e114e473	522
f7112e6c CS	523	skp = kzalloc(sizeof(*skp), GFP_KERNEL);
	524	if (skp == NULL)
	525	goto freeout;
e114e473	526
f7112e6c CS	527	skp->smk_known = smack;
	528	skp->smk_secid = smack_next_secid++;
	529	skp->smk_netlabel.domain = skp->smk_known;
	530	skp->smk_netlabel.flags =
	531	NETLBL_SECATTR_DOMAIN \| NETLBL_SECATTR_MLS_LVL;
	532	/*
	533	* If direct labeling works use it.
	534	* Otherwise use mapped labeling.
	535	*/
	536	slen = strlen(smack);
	537	if (slen < SMK_CIPSOLEN)
	538	rc = smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
	539	&skp->smk_netlabel, slen);
	540	else
	541	rc = smk_netlbl_mls(smack_cipso_mapped, (char *)&skp->smk_secid,
	542	&skp->smk_netlabel, sizeof(skp->smk_secid));
	543
	544	if (rc >= 0) {
	545	INIT_LIST_HEAD(&skp->smk_rules);
	546	mutex_init(&skp->smk_rules_lock);
	547	/*
	548	* Make sure that the entry is actually
	549	* filled before putting it on the list.
	550	*/
4d7cf4a1	551	smk_insert_entry(skp);
f7112e6c CS	552	goto unlockout;
	553	}
	554	/*
	555	* smk_netlbl_mls failed.
	556	*/
	557	kfree(skp);
	558	skp = NULL;
	559	freeout:
	560	kfree(smack);
	561	unlockout:
e114e473 CS	562	mutex_unlock(&smack_known_lock);
	563
	564	return skp;
	565	}
	566
e114e473 CS	567	/**
	568	* smack_from_secid - find the Smack label associated with a secid
	569	* @secid: an integer that might be associated with a Smack label
	570	*
2f823ff8	571	* Returns a pointer to the appropriate Smack label entry if there is one,
e114e473 CS	572	* otherwise a pointer to the invalid Smack label.
e114e473 CS	573	*/
2f823ff8	574	struct smack_known *smack_from_secid(const u32 secid)
e114e473 CS	575	{
	576	struct smack_known *skp;
	577
7198e2ee EB	578	rcu_read_lock();
	579	list_for_each_entry_rcu(skp, &smack_known_list, list) {
	580	if (skp->smk_secid == secid) {
	581	rcu_read_unlock();
2f823ff8	582	return skp;
7198e2ee EB	583	}
7198e2ee EB	584	}
e114e473 CS	585
	586	/*
	587	* If we got this far someone asked for the translation
	588	* of a secid that is not on the list.
	589	*/
7198e2ee	590	rcu_read_unlock();
2f823ff8	591	return &smack_known_invalid;
e114e473	592	}