Commit | Line | Data |
---|---|---|
e114e473 CS |
1 | /* |
2 | * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or modify | |
5 | * it under the terms of the GNU General Public License as published by | |
6 | * the Free Software Foundation, version 2. | |
7 | * | |
8 | * Author: | |
9 | * Casey Schaufler <casey@schaufler-ca.com> | |
10 | * | |
11 | */ | |
12 | ||
13 | #include <linux/types.h> | |
5a0e3ad6 | 14 | #include <linux/slab.h> |
e114e473 CS |
15 | #include <linux/fs.h> |
16 | #include <linux/sched.h> | |
17 | #include "smack.h" | |
18 | ||
e114e473 | 19 | struct smack_known smack_known_huh = { |
e114e473 CS |
20 | .smk_known = "?", |
21 | .smk_secid = 2, | |
e114e473 CS |
22 | }; |
23 | ||
24 | struct smack_known smack_known_hat = { | |
e114e473 CS |
25 | .smk_known = "^", |
26 | .smk_secid = 3, | |
e114e473 CS |
27 | }; |
28 | ||
29 | struct smack_known smack_known_star = { | |
e114e473 CS |
30 | .smk_known = "*", |
31 | .smk_secid = 4, | |
e114e473 CS |
32 | }; |
33 | ||
34 | struct smack_known smack_known_floor = { | |
e114e473 CS |
35 | .smk_known = "_", |
36 | .smk_secid = 5, | |
e114e473 CS |
37 | }; |
38 | ||
6d3dc07c | 39 | struct smack_known smack_known_web = { |
6d3dc07c CS |
40 | .smk_known = "@", |
41 | .smk_secid = 7, | |
6d3dc07c CS |
42 | }; |
43 | ||
7198e2ee | 44 | LIST_HEAD(smack_known_list); |
e114e473 CS |
45 | |
46 | /* | |
47 | * The initial value needs to be bigger than any of the | |
48 | * known values above. | |
49 | */ | |
50 | static u32 smack_next_secid = 10; | |
51 | ||
ecfcc53f EB |
52 | /* |
53 | * what events do we log | |
54 | * can be overwritten at run-time by /smack/logging | |
55 | */ | |
56 | int log_policy = SMACK_AUDIT_DENIED; | |
57 | ||
5c6d1125 JS |
58 | /** |
59 | * smk_access_entry - look up matching access rule | |
60 | * @subject_label: a pointer to the subject's Smack label | |
61 | * @object_label: a pointer to the object's Smack label | |
7898e1f8 | 62 | * @rule_list: the list of rules to search |
5c6d1125 JS |
63 | * |
64 | * This function looks up the subject/object pair in the | |
7898e1f8 CS |
65 | * access rule list and returns the access mode. If no |
66 | * entry is found returns -ENOENT. | |
5c6d1125 JS |
67 | * |
68 | * NOTE: | |
5c6d1125 | 69 | * |
272cd7a8 CS |
70 | * Earlier versions of this function allowed for labels that |
71 | * were not on the label list. This was done to allow for | |
72 | * labels to come over the network that had never been seen | |
73 | * before on this host. Unless the receiving socket has the | |
74 | * star label this will always result in a failure check. The | |
75 | * star labeled socket case is now handled in the networking | |
76 | * hooks so there is no case where the label is not on the | |
77 | * label list. Checking to see if the address of two labels | |
78 | * is the same is now a reliable test. | |
79 | * | |
80 | * Do the object check first because that is more | |
81 | * likely to differ. | |
c0ab6e56 CS |
82 | * |
83 | * Allowing write access implies allowing locking. | |
5c6d1125 | 84 | */ |
7898e1f8 CS |
85 | int smk_access_entry(char *subject_label, char *object_label, |
86 | struct list_head *rule_list) | |
5c6d1125 | 87 | { |
7898e1f8 | 88 | int may = -ENOENT; |
5c6d1125 JS |
89 | struct smack_rule *srp; |
90 | ||
7898e1f8 | 91 | list_for_each_entry_rcu(srp, rule_list, list) { |
21c7eae2 | 92 | if (srp->smk_object->smk_known == object_label && |
2f823ff8 | 93 | srp->smk_subject->smk_known == subject_label) { |
272cd7a8 CS |
94 | may = srp->smk_access; |
95 | break; | |
5c6d1125 JS |
96 | } |
97 | } | |
5c6d1125 | 98 | |
c0ab6e56 CS |
99 | /* |
100 | * MAY_WRITE implies MAY_LOCK. | |
101 | */ | |
102 | if ((may & MAY_WRITE) == MAY_WRITE) | |
103 | may |= MAY_LOCK; | |
5c6d1125 JS |
104 | return may; |
105 | } | |
106 | ||
e114e473 CS |
107 | /** |
108 | * smk_access - determine if a subject has a specific access to an object | |
21c7eae2 LP |
109 | * @subject: a pointer to the subject's Smack label entry |
110 | * @object: a pointer to the object's Smack label entry | |
e114e473 | 111 | * @request: the access requested, in "MAY" format |
ecfcc53f | 112 | * @a : a pointer to the audit data |
e114e473 CS |
113 | * |
114 | * This function looks up the subject/object pair in the | |
115 | * access rule list and returns 0 if the access is permitted, | |
116 | * non zero otherwise. | |
117 | * | |
272cd7a8 | 118 | * Smack labels are shared on smack_list |
e114e473 | 119 | */ |
21c7eae2 LP |
120 | int smk_access(struct smack_known *subject, struct smack_known *object, |
121 | int request, struct smk_audit_info *a) | |
e114e473 | 122 | { |
7898e1f8 | 123 | int may = MAY_NOT; |
ecfcc53f | 124 | int rc = 0; |
e114e473 CS |
125 | |
126 | /* | |
127 | * Hardcoded comparisons. | |
bf4b2fee CS |
128 | */ |
129 | /* | |
e114e473 CS |
130 | * A star subject can't access any object. |
131 | */ | |
21c7eae2 | 132 | if (subject == &smack_known_star) { |
ecfcc53f EB |
133 | rc = -EACCES; |
134 | goto out_audit; | |
135 | } | |
6d3dc07c CS |
136 | /* |
137 | * An internet object can be accessed by any subject. | |
138 | * Tasks cannot be assigned the internet label. | |
139 | * An internet subject can access any object. | |
140 | */ | |
6c892df2 | 141 | if (object == &smack_known_web || subject == &smack_known_web) |
ecfcc53f | 142 | goto out_audit; |
e114e473 CS |
143 | /* |
144 | * A star object can be accessed by any subject. | |
145 | */ | |
21c7eae2 | 146 | if (object == &smack_known_star) |
ecfcc53f | 147 | goto out_audit; |
e114e473 CS |
148 | /* |
149 | * An object can be accessed in any way by a subject | |
150 | * with the same label. | |
151 | */ | |
21c7eae2 | 152 | if (subject->smk_known == object->smk_known) |
ecfcc53f | 153 | goto out_audit; |
e114e473 | 154 | /* |
6c892df2 CS |
155 | * A hat subject can read or lock any object. |
156 | * A floor object can be read or locked by any subject. | |
e114e473 | 157 | */ |
6c892df2 CS |
158 | if ((request & MAY_ANYREAD) == request || |
159 | (request & MAY_LOCK) == request) { | |
21c7eae2 | 160 | if (object == &smack_known_floor) |
ecfcc53f | 161 | goto out_audit; |
21c7eae2 | 162 | if (subject == &smack_known_hat) |
ecfcc53f | 163 | goto out_audit; |
e114e473 CS |
164 | } |
165 | /* | |
166 | * Beyond here an explicit relationship is required. | |
167 | * If the requested access is contained in the available | |
168 | * access (e.g. read is included in readwrite) it's | |
7898e1f8 CS |
169 | * good. A negative response from smk_access_entry() |
170 | * indicates there is no entry for this pair. | |
e114e473 | 171 | */ |
7898e1f8 | 172 | rcu_read_lock(); |
21c7eae2 LP |
173 | may = smk_access_entry(subject->smk_known, object->smk_known, |
174 | &subject->smk_rules); | |
7898e1f8 CS |
175 | rcu_read_unlock(); |
176 | ||
d166c802 CS |
177 | if (may <= 0 || (request & may) != request) { |
178 | rc = -EACCES; | |
ecfcc53f | 179 | goto out_audit; |
d166c802 CS |
180 | } |
181 | #ifdef CONFIG_SECURITY_SMACK_BRINGUP | |
182 | /* | |
183 | * Return a positive value if using bringup mode. | |
184 | * This allows the hooks to identify checks that | |
185 | * succeed because of "b" rules. | |
186 | */ | |
187 | if (may & MAY_BRINGUP) | |
bf4b2fee | 188 | rc = SMACK_BRINGUP_ALLOW; |
d166c802 | 189 | #endif |
e114e473 | 190 | |
ecfcc53f | 191 | out_audit: |
bf4b2fee CS |
192 | |
193 | #ifdef CONFIG_SECURITY_SMACK_BRINGUP | |
194 | if (rc < 0) { | |
195 | if (object == smack_unconfined) | |
196 | rc = SMACK_UNCONFINED_OBJECT; | |
197 | if (subject == smack_unconfined) | |
198 | rc = SMACK_UNCONFINED_SUBJECT; | |
199 | } | |
200 | #endif | |
201 | ||
ecfcc53f EB |
202 | #ifdef CONFIG_AUDIT |
203 | if (a) | |
21c7eae2 LP |
204 | smack_log(subject->smk_known, object->smk_known, |
205 | request, rc, a); | |
ecfcc53f | 206 | #endif |
d166c802 | 207 | |
ecfcc53f | 208 | return rc; |
e114e473 CS |
209 | } |
210 | ||
211 | /** | |
959e6c7f | 212 | * smk_tskacc - determine if a task has a specific access to an object |
21c7eae2 LP |
213 | * @tsp: a pointer to the subject's task |
214 | * @obj_known: a pointer to the object's label entry | |
251a2a95 | 215 | * @mode: the access requested, in "MAY" format |
ecfcc53f | 216 | * @a : common audit data |
e114e473 | 217 | * |
959e6c7f | 218 | * This function checks the subject task's label/object label pair |
e114e473 | 219 | * in the access rule list and returns 0 if the access is permitted, |
959e6c7f | 220 | * non zero otherwise. It allows that the task may have the capability |
e114e473 CS |
221 | * to override the rules. |
222 | */ | |
21c7eae2 | 223 | int smk_tskacc(struct task_smack *tsp, struct smack_known *obj_known, |
959e6c7f | 224 | u32 mode, struct smk_audit_info *a) |
e114e473 | 225 | { |
21c7eae2 | 226 | struct smack_known *sbj_known = smk_of_task(tsp); |
7898e1f8 | 227 | int may; |
e114e473 CS |
228 | int rc; |
229 | ||
7898e1f8 CS |
230 | /* |
231 | * Check the global rule list | |
232 | */ | |
21c7eae2 | 233 | rc = smk_access(sbj_known, obj_known, mode, NULL); |
d166c802 | 234 | if (rc >= 0) { |
7898e1f8 CS |
235 | /* |
236 | * If there is an entry in the task's rule list | |
237 | * it can further restrict access. | |
238 | */ | |
21c7eae2 LP |
239 | may = smk_access_entry(sbj_known->smk_known, |
240 | obj_known->smk_known, | |
241 | &tsp->smk_rules); | |
7898e1f8 CS |
242 | if (may < 0) |
243 | goto out_audit; | |
244 | if ((mode & may) == mode) | |
245 | goto out_audit; | |
246 | rc = -EACCES; | |
247 | } | |
e114e473 | 248 | |
15446235 | 249 | /* |
1880eff7 | 250 | * Allow for priviliged to override policy. |
15446235 | 251 | */ |
1880eff7 | 252 | if (rc != 0 && smack_privileged(CAP_MAC_OVERRIDE)) |
7898e1f8 | 253 | rc = 0; |
e114e473 | 254 | |
ecfcc53f EB |
255 | out_audit: |
256 | #ifdef CONFIG_AUDIT | |
257 | if (a) | |
21c7eae2 LP |
258 | smack_log(sbj_known->smk_known, obj_known->smk_known, |
259 | mode, rc, a); | |
ecfcc53f | 260 | #endif |
e114e473 CS |
261 | return rc; |
262 | } | |
263 | ||
959e6c7f LP |
264 | /** |
265 | * smk_curacc - determine if current has a specific access to an object | |
21c7eae2 | 266 | * @obj_known: a pointer to the object's Smack label entry |
959e6c7f LP |
267 | * @mode: the access requested, in "MAY" format |
268 | * @a : common audit data | |
269 | * | |
270 | * This function checks the current subject label/object label pair | |
271 | * in the access rule list and returns 0 if the access is permitted, | |
272 | * non zero otherwise. It allows that current may have the capability | |
273 | * to override the rules. | |
274 | */ | |
21c7eae2 LP |
275 | int smk_curacc(struct smack_known *obj_known, |
276 | u32 mode, struct smk_audit_info *a) | |
959e6c7f LP |
277 | { |
278 | struct task_smack *tsp = current_security(); | |
279 | ||
21c7eae2 | 280 | return smk_tskacc(tsp, obj_known, mode, a); |
959e6c7f LP |
281 | } |
282 | ||
ecfcc53f EB |
283 | #ifdef CONFIG_AUDIT |
284 | /** | |
285 | * smack_str_from_perm : helper to transalate an int to a | |
286 | * readable string | |
287 | * @string : the string to fill | |
288 | * @access : the int | |
289 | * | |
290 | */ | |
291 | static inline void smack_str_from_perm(char *string, int access) | |
292 | { | |
293 | int i = 0; | |
c0ab6e56 | 294 | |
ecfcc53f EB |
295 | if (access & MAY_READ) |
296 | string[i++] = 'r'; | |
297 | if (access & MAY_WRITE) | |
298 | string[i++] = 'w'; | |
299 | if (access & MAY_EXEC) | |
300 | string[i++] = 'x'; | |
301 | if (access & MAY_APPEND) | |
302 | string[i++] = 'a'; | |
a87d79ad RK |
303 | if (access & MAY_TRANSMUTE) |
304 | string[i++] = 't'; | |
c0ab6e56 CS |
305 | if (access & MAY_LOCK) |
306 | string[i++] = 'l'; | |
ecfcc53f EB |
307 | string[i] = '\0'; |
308 | } | |
309 | /** | |
310 | * smack_log_callback - SMACK specific information | |
311 | * will be called by generic audit code | |
312 | * @ab : the audit_buffer | |
313 | * @a : audit_data | |
314 | * | |
315 | */ | |
316 | static void smack_log_callback(struct audit_buffer *ab, void *a) | |
317 | { | |
318 | struct common_audit_data *ad = a; | |
3b3b0e4f | 319 | struct smack_audit_data *sad = ad->smack_audit_data; |
ed5215a2 | 320 | audit_log_format(ab, "lsm=SMACK fn=%s action=%s", |
3b3b0e4f | 321 | ad->smack_audit_data->function, |
ecfcc53f EB |
322 | sad->result ? "denied" : "granted"); |
323 | audit_log_format(ab, " subject="); | |
324 | audit_log_untrustedstring(ab, sad->subject); | |
325 | audit_log_format(ab, " object="); | |
326 | audit_log_untrustedstring(ab, sad->object); | |
66867818 LP |
327 | if (sad->request[0] == '\0') |
328 | audit_log_format(ab, " labels_differ"); | |
329 | else | |
330 | audit_log_format(ab, " requested=%s", sad->request); | |
ecfcc53f EB |
331 | } |
332 | ||
333 | /** | |
334 | * smack_log - Audit the granting or denial of permissions. | |
335 | * @subject_label : smack label of the requester | |
336 | * @object_label : smack label of the object being accessed | |
337 | * @request: requested permissions | |
338 | * @result: result from smk_access | |
339 | * @a: auxiliary audit data | |
340 | * | |
341 | * Audit the granting or denial of permissions in accordance | |
342 | * with the policy. | |
343 | */ | |
344 | void smack_log(char *subject_label, char *object_label, int request, | |
345 | int result, struct smk_audit_info *ad) | |
346 | { | |
bf4b2fee CS |
347 | #ifdef CONFIG_SECURITY_SMACK_BRINGUP |
348 | char request_buffer[SMK_NUM_ACCESS_TYPE + 5]; | |
349 | #else | |
ecfcc53f | 350 | char request_buffer[SMK_NUM_ACCESS_TYPE + 1]; |
bf4b2fee | 351 | #endif |
ecfcc53f EB |
352 | struct smack_audit_data *sad; |
353 | struct common_audit_data *a = &ad->a; | |
354 | ||
355 | /* check if we have to log the current event */ | |
bf4b2fee | 356 | if (result < 0 && (log_policy & SMACK_AUDIT_DENIED) == 0) |
ecfcc53f EB |
357 | return; |
358 | if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0) | |
359 | return; | |
360 | ||
3b3b0e4f EP |
361 | sad = a->smack_audit_data; |
362 | ||
363 | if (sad->function == NULL) | |
364 | sad->function = "unknown"; | |
ecfcc53f EB |
365 | |
366 | /* end preparing the audit data */ | |
ecfcc53f EB |
367 | smack_str_from_perm(request_buffer, request); |
368 | sad->subject = subject_label; | |
369 | sad->object = object_label; | |
bf4b2fee CS |
370 | #ifdef CONFIG_SECURITY_SMACK_BRINGUP |
371 | /* | |
372 | * The result may be positive in bringup mode. | |
373 | * A positive result is an allow, but not for normal reasons. | |
374 | * Mark it as successful, but don't filter it out even if | |
375 | * the logging policy says to do so. | |
376 | */ | |
377 | if (result == SMACK_UNCONFINED_SUBJECT) | |
378 | strcat(request_buffer, "(US)"); | |
379 | else if (result == SMACK_UNCONFINED_OBJECT) | |
380 | strcat(request_buffer, "(UO)"); | |
381 | ||
382 | if (result > 0) | |
383 | result = 0; | |
384 | #endif | |
ecfcc53f EB |
385 | sad->request = request_buffer; |
386 | sad->result = result; | |
ecfcc53f | 387 | |
b61c37f5 | 388 | common_lsm_audit(a, smack_log_callback, NULL); |
ecfcc53f EB |
389 | } |
390 | #else /* #ifdef CONFIG_AUDIT */ | |
391 | void smack_log(char *subject_label, char *object_label, int request, | |
392 | int result, struct smk_audit_info *ad) | |
393 | { | |
394 | } | |
395 | #endif | |
396 | ||
f7112e6c | 397 | DEFINE_MUTEX(smack_known_lock); |
e114e473 | 398 | |
4d7cf4a1 TS |
399 | struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; |
400 | ||
401 | /** | |
402 | * smk_insert_entry - insert a smack label into a hash map, | |
403 | * | |
404 | * this function must be called under smack_known_lock | |
405 | */ | |
406 | void smk_insert_entry(struct smack_known *skp) | |
407 | { | |
408 | unsigned int hash; | |
409 | struct hlist_head *head; | |
410 | ||
8387ff25 | 411 | hash = full_name_hash(NULL, skp->smk_known, strlen(skp->smk_known)); |
4d7cf4a1 TS |
412 | head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)]; |
413 | ||
414 | hlist_add_head_rcu(&skp->smk_hashed, head); | |
415 | list_add_rcu(&skp->list, &smack_known_list); | |
416 | } | |
417 | ||
272cd7a8 CS |
418 | /** |
419 | * smk_find_entry - find a label on the list, return the list entry | |
420 | * @string: a text string that might be a Smack label | |
421 | * | |
422 | * Returns a pointer to the entry in the label list that | |
e774ad68 | 423 | * matches the passed string or NULL if not found. |
272cd7a8 CS |
424 | */ |
425 | struct smack_known *smk_find_entry(const char *string) | |
426 | { | |
4d7cf4a1 TS |
427 | unsigned int hash; |
428 | struct hlist_head *head; | |
272cd7a8 CS |
429 | struct smack_known *skp; |
430 | ||
8387ff25 | 431 | hash = full_name_hash(NULL, string, strlen(string)); |
4d7cf4a1 TS |
432 | head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)]; |
433 | ||
434 | hlist_for_each_entry_rcu(skp, head, smk_hashed) | |
f7112e6c | 435 | if (strcmp(skp->smk_known, string) == 0) |
272cd7a8 | 436 | return skp; |
272cd7a8 CS |
437 | |
438 | return NULL; | |
439 | } | |
440 | ||
e114e473 | 441 | /** |
0e94ae17 JS |
442 | * smk_parse_smack - parse smack label from a text string |
443 | * @string: a text string that might contain a Smack label | |
e114e473 | 444 | * @len: the maximum size, or zero if it is NULL terminated. |
f7112e6c | 445 | * |
e774ad68 | 446 | * Returns a pointer to the clean label or an error code. |
e114e473 | 447 | */ |
f7112e6c | 448 | char *smk_parse_smack(const char *string, int len) |
e114e473 | 449 | { |
f7112e6c | 450 | char *smack; |
e114e473 CS |
451 | int i; |
452 | ||
f7112e6c CS |
453 | if (len <= 0) |
454 | len = strlen(string) + 1; | |
455 | ||
456 | /* | |
457 | * Reserve a leading '-' as an indicator that | |
458 | * this isn't a label, but an option to interfaces | |
459 | * including /smack/cipso and /smack/cipso2 | |
460 | */ | |
461 | if (string[0] == '-') | |
e774ad68 | 462 | return ERR_PTR(-EINVAL); |
f7112e6c CS |
463 | |
464 | for (i = 0; i < len; i++) | |
465 | if (string[i] > '~' || string[i] <= ' ' || string[i] == '/' || | |
466 | string[i] == '"' || string[i] == '\\' || string[i] == '\'') | |
467 | break; | |
468 | ||
469 | if (i == 0 || i >= SMK_LONGLABEL) | |
e774ad68 | 470 | return ERR_PTR(-EINVAL); |
f7112e6c CS |
471 | |
472 | smack = kzalloc(i + 1, GFP_KERNEL); | |
e774ad68 LP |
473 | if (smack == NULL) |
474 | return ERR_PTR(-ENOMEM); | |
475 | ||
476 | strncpy(smack, string, i); | |
5c1b6624 | 477 | |
f7112e6c CS |
478 | return smack; |
479 | } | |
480 | ||
481 | /** | |
482 | * smk_netlbl_mls - convert a catset to netlabel mls categories | |
483 | * @catset: the Smack categories | |
484 | * @sap: where to put the netlabel categories | |
485 | * | |
486 | * Allocates and fills attr.mls | |
487 | * Returns 0 on success, error code on failure. | |
488 | */ | |
489 | int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap, | |
490 | int len) | |
491 | { | |
492 | unsigned char *cp; | |
493 | unsigned char m; | |
494 | int cat; | |
495 | int rc; | |
496 | int byte; | |
497 | ||
498 | sap->flags |= NETLBL_SECATTR_MLS_CAT; | |
499 | sap->attr.mls.lvl = level; | |
4b8feff2 | 500 | sap->attr.mls.cat = NULL; |
f7112e6c CS |
501 | |
502 | for (cat = 1, cp = catset, byte = 0; byte < len; cp++, byte++) | |
503 | for (m = 0x80; m != 0; m >>= 1, cat++) { | |
504 | if ((m & *cp) == 0) | |
505 | continue; | |
4fbe63d1 | 506 | rc = netlbl_catmap_setbit(&sap->attr.mls.cat, |
af96f0d6 | 507 | cat, GFP_KERNEL); |
f7112e6c | 508 | if (rc < 0) { |
4fbe63d1 | 509 | netlbl_catmap_free(sap->attr.mls.cat); |
f7112e6c CS |
510 | return rc; |
511 | } | |
512 | } | |
513 | ||
514 | return 0; | |
0e94ae17 JS |
515 | } |
516 | ||
517 | /** | |
518 | * smk_import_entry - import a label, return the list entry | |
519 | * @string: a text string that might be a Smack label | |
520 | * @len: the maximum size, or zero if it is NULL terminated. | |
521 | * | |
522 | * Returns a pointer to the entry in the label list that | |
e774ad68 LP |
523 | * matches the passed string, adding it if necessary, |
524 | * or an error code. | |
0e94ae17 JS |
525 | */ |
526 | struct smack_known *smk_import_entry(const char *string, int len) | |
527 | { | |
528 | struct smack_known *skp; | |
f7112e6c CS |
529 | char *smack; |
530 | int slen; | |
531 | int rc; | |
e114e473 | 532 | |
f7112e6c | 533 | smack = smk_parse_smack(string, len); |
e774ad68 LP |
534 | if (IS_ERR(smack)) |
535 | return ERR_CAST(smack); | |
e114e473 CS |
536 | |
537 | mutex_lock(&smack_known_lock); | |
538 | ||
272cd7a8 | 539 | skp = smk_find_entry(smack); |
f7112e6c CS |
540 | if (skp != NULL) |
541 | goto freeout; | |
e114e473 | 542 | |
f7112e6c | 543 | skp = kzalloc(sizeof(*skp), GFP_KERNEL); |
e774ad68 LP |
544 | if (skp == NULL) { |
545 | skp = ERR_PTR(-ENOMEM); | |
f7112e6c | 546 | goto freeout; |
e774ad68 | 547 | } |
e114e473 | 548 | |
f7112e6c CS |
549 | skp->smk_known = smack; |
550 | skp->smk_secid = smack_next_secid++; | |
551 | skp->smk_netlabel.domain = skp->smk_known; | |
552 | skp->smk_netlabel.flags = | |
553 | NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; | |
554 | /* | |
555 | * If direct labeling works use it. | |
556 | * Otherwise use mapped labeling. | |
557 | */ | |
558 | slen = strlen(smack); | |
559 | if (slen < SMK_CIPSOLEN) | |
560 | rc = smk_netlbl_mls(smack_cipso_direct, skp->smk_known, | |
561 | &skp->smk_netlabel, slen); | |
562 | else | |
563 | rc = smk_netlbl_mls(smack_cipso_mapped, (char *)&skp->smk_secid, | |
564 | &skp->smk_netlabel, sizeof(skp->smk_secid)); | |
565 | ||
566 | if (rc >= 0) { | |
567 | INIT_LIST_HEAD(&skp->smk_rules); | |
568 | mutex_init(&skp->smk_rules_lock); | |
569 | /* | |
570 | * Make sure that the entry is actually | |
571 | * filled before putting it on the list. | |
572 | */ | |
4d7cf4a1 | 573 | smk_insert_entry(skp); |
f7112e6c CS |
574 | goto unlockout; |
575 | } | |
576 | /* | |
577 | * smk_netlbl_mls failed. | |
578 | */ | |
579 | kfree(skp); | |
e774ad68 | 580 | skp = ERR_PTR(rc); |
f7112e6c CS |
581 | freeout: |
582 | kfree(smack); | |
583 | unlockout: | |
e114e473 CS |
584 | mutex_unlock(&smack_known_lock); |
585 | ||
586 | return skp; | |
587 | } | |
588 | ||
e114e473 CS |
589 | /** |
590 | * smack_from_secid - find the Smack label associated with a secid | |
591 | * @secid: an integer that might be associated with a Smack label | |
592 | * | |
2f823ff8 | 593 | * Returns a pointer to the appropriate Smack label entry if there is one, |
e114e473 CS |
594 | * otherwise a pointer to the invalid Smack label. |
595 | */ | |
2f823ff8 | 596 | struct smack_known *smack_from_secid(const u32 secid) |
e114e473 CS |
597 | { |
598 | struct smack_known *skp; | |
599 | ||
7198e2ee EB |
600 | rcu_read_lock(); |
601 | list_for_each_entry_rcu(skp, &smack_known_list, list) { | |
602 | if (skp->smk_secid == secid) { | |
603 | rcu_read_unlock(); | |
2f823ff8 | 604 | return skp; |
7198e2ee EB |
605 | } |
606 | } | |
e114e473 CS |
607 | |
608 | /* | |
609 | * If we got this far someone asked for the translation | |
610 | * of a secid that is not on the list. | |
611 | */ | |
7198e2ee | 612 | rcu_read_unlock(); |
152f91d4 | 613 | return &smack_known_huh; |
e114e473 | 614 | } |
c0d77c88 RK |
615 | |
616 | /* | |
617 | * Unless a process is running with one of these labels | |
618 | * even having CAP_MAC_OVERRIDE isn't enough to grant | |
619 | * privilege to violate MAC policy. If no labels are | |
620 | * designated (the empty list case) capabilities apply to | |
621 | * everyone. | |
622 | */ | |
623 | LIST_HEAD(smack_onlycap_list); | |
624 | DEFINE_MUTEX(smack_onlycap_lock); | |
625 | ||
d19dfe58 CS |
626 | /** |
627 | * smack_privileged_cred - are all privilege requirements met by cred | |
628 | * @cap: The requested capability | |
629 | * @cred: the credential to use | |
630 | * | |
c0d77c88 RK |
631 | * Is the task privileged and allowed to be privileged |
632 | * by the onlycap rule. | |
633 | * | |
f28e783f | 634 | * Returns true if the task is allowed to be privileged, false if it's not. |
c0d77c88 | 635 | */ |
d19dfe58 | 636 | bool smack_privileged_cred(int cap, const struct cred *cred) |
c0d77c88 | 637 | { |
d19dfe58 CS |
638 | struct task_smack *tsp = cred->security; |
639 | struct smack_known *skp = tsp->smk_task; | |
38416e53 | 640 | struct smack_known_list_elem *sklep; |
f28e783f | 641 | int rc; |
c0d77c88 | 642 | |
d19dfe58 | 643 | rc = cap_capable(cred, &init_user_ns, cap, SECURITY_CAP_AUDIT); |
f28e783f CS |
644 | if (rc) |
645 | return false; | |
c0d77c88 RK |
646 | |
647 | rcu_read_lock(); | |
648 | if (list_empty(&smack_onlycap_list)) { | |
649 | rcu_read_unlock(); | |
f28e783f | 650 | return true; |
c0d77c88 RK |
651 | } |
652 | ||
38416e53 ZJ |
653 | list_for_each_entry_rcu(sklep, &smack_onlycap_list, list) { |
654 | if (sklep->smk_label == skp) { | |
c0d77c88 | 655 | rcu_read_unlock(); |
f28e783f | 656 | return true; |
c0d77c88 RK |
657 | } |
658 | } | |
659 | rcu_read_unlock(); | |
660 | ||
f28e783f | 661 | return false; |
c0d77c88 | 662 | } |
d19dfe58 CS |
663 | |
664 | /** | |
665 | * smack_privileged - are all privilege requirements met | |
666 | * @cap: The requested capability | |
667 | * | |
668 | * Is the task privileged and allowed to be privileged | |
669 | * by the onlycap rule. | |
670 | * | |
671 | * Returns true if the task is allowed to be privileged, false if it's not. | |
672 | */ | |
673 | bool smack_privileged(int cap) | |
674 | { | |
675 | /* | |
676 | * All kernel tasks are privileged | |
677 | */ | |
678 | if (unlikely(current->flags & PF_KTHREAD)) | |
679 | return true; | |
680 | ||
681 | return smack_privileged_cred(cap, current_cred()); | |
682 | } |