Commit f48b7399840b453e7282b523f535561fe9638a2d
1 parent
0dc1ba24f7
LSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE
The lsm common audit code has wacky contortions making sure which pieces of information are set based on if it was given a path, dentry, or inode. Split this into path and inode to get rid of some of the code complexity. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Showing 6 changed files with 78 additions and 73 deletions Inline Diff
include/linux/lsm_audit.h
1 | /* | 1 | /* |
2 | * Common LSM logging functions | 2 | * Common LSM logging functions |
3 | * Heavily borrowed from selinux/avc.h | 3 | * Heavily borrowed from selinux/avc.h |
4 | * | 4 | * |
5 | * Author : Etienne BASSET <etienne.basset@ensta.org> | 5 | * Author : Etienne BASSET <etienne.basset@ensta.org> |
6 | * | 6 | * |
7 | * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil> | 7 | * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil> |
8 | * All BUGS to : Etienne BASSET <etienne.basset@ensta.org> | 8 | * All BUGS to : Etienne BASSET <etienne.basset@ensta.org> |
9 | */ | 9 | */ |
10 | #ifndef _LSM_COMMON_LOGGING_ | 10 | #ifndef _LSM_COMMON_LOGGING_ |
11 | #define _LSM_COMMON_LOGGING_ | 11 | #define _LSM_COMMON_LOGGING_ |
12 | 12 | ||
13 | #include <linux/stddef.h> | 13 | #include <linux/stddef.h> |
14 | #include <linux/errno.h> | 14 | #include <linux/errno.h> |
15 | #include <linux/kernel.h> | 15 | #include <linux/kernel.h> |
16 | #include <linux/kdev_t.h> | 16 | #include <linux/kdev_t.h> |
17 | #include <linux/spinlock.h> | 17 | #include <linux/spinlock.h> |
18 | #include <linux/init.h> | 18 | #include <linux/init.h> |
19 | #include <linux/audit.h> | 19 | #include <linux/audit.h> |
20 | #include <linux/in6.h> | 20 | #include <linux/in6.h> |
21 | #include <linux/path.h> | 21 | #include <linux/path.h> |
22 | #include <linux/key.h> | 22 | #include <linux/key.h> |
23 | #include <linux/skbuff.h> | 23 | #include <linux/skbuff.h> |
24 | #include <asm/system.h> | 24 | #include <asm/system.h> |
25 | 25 | ||
26 | 26 | ||
27 | /* Auxiliary data to use in generating the audit record. */ | 27 | /* Auxiliary data to use in generating the audit record. */ |
28 | struct common_audit_data { | 28 | struct common_audit_data { |
29 | char type; | 29 | char type; |
30 | #define LSM_AUDIT_DATA_FS 1 | 30 | #define LSM_AUDIT_DATA_PATH 1 |
31 | #define LSM_AUDIT_DATA_NET 2 | 31 | #define LSM_AUDIT_DATA_NET 2 |
32 | #define LSM_AUDIT_DATA_CAP 3 | 32 | #define LSM_AUDIT_DATA_CAP 3 |
33 | #define LSM_AUDIT_DATA_IPC 4 | 33 | #define LSM_AUDIT_DATA_IPC 4 |
34 | #define LSM_AUDIT_DATA_TASK 5 | 34 | #define LSM_AUDIT_DATA_TASK 5 |
35 | #define LSM_AUDIT_DATA_KEY 6 | 35 | #define LSM_AUDIT_DATA_KEY 6 |
36 | #define LSM_AUDIT_DATA_NONE 7 | 36 | #define LSM_AUDIT_DATA_NONE 7 |
37 | #define LSM_AUDIT_DATA_KMOD 8 | 37 | #define LSM_AUDIT_DATA_KMOD 8 |
38 | #define LSM_AUDIT_DATA_INODE 9 | ||
38 | struct task_struct *tsk; | 39 | struct task_struct *tsk; |
39 | union { | 40 | union { |
40 | struct { | 41 | struct path path; |
41 | struct path path; | 42 | struct inode *inode; |
42 | struct inode *inode; | ||
43 | } fs; | ||
44 | struct { | 43 | struct { |
45 | int netif; | 44 | int netif; |
46 | struct sock *sk; | 45 | struct sock *sk; |
47 | u16 family; | 46 | u16 family; |
48 | __be16 dport; | 47 | __be16 dport; |
49 | __be16 sport; | 48 | __be16 sport; |
50 | union { | 49 | union { |
51 | struct { | 50 | struct { |
52 | __be32 daddr; | 51 | __be32 daddr; |
53 | __be32 saddr; | 52 | __be32 saddr; |
54 | } v4; | 53 | } v4; |
55 | struct { | 54 | struct { |
56 | struct in6_addr daddr; | 55 | struct in6_addr daddr; |
57 | struct in6_addr saddr; | 56 | struct in6_addr saddr; |
58 | } v6; | 57 | } v6; |
59 | } fam; | 58 | } fam; |
60 | } net; | 59 | } net; |
61 | int cap; | 60 | int cap; |
62 | int ipc_id; | 61 | int ipc_id; |
63 | struct task_struct *tsk; | 62 | struct task_struct *tsk; |
64 | #ifdef CONFIG_KEYS | 63 | #ifdef CONFIG_KEYS |
65 | struct { | 64 | struct { |
66 | key_serial_t key; | 65 | key_serial_t key; |
67 | char *key_desc; | 66 | char *key_desc; |
68 | } key_struct; | 67 | } key_struct; |
69 | #endif | 68 | #endif |
70 | char *kmod_name; | 69 | char *kmod_name; |
71 | } u; | 70 | } u; |
72 | /* this union contains LSM specific data */ | 71 | /* this union contains LSM specific data */ |
73 | union { | 72 | union { |
74 | #ifdef CONFIG_SECURITY_SMACK | 73 | #ifdef CONFIG_SECURITY_SMACK |
75 | /* SMACK data */ | 74 | /* SMACK data */ |
76 | struct smack_audit_data { | 75 | struct smack_audit_data { |
77 | const char *function; | 76 | const char *function; |
78 | char *subject; | 77 | char *subject; |
79 | char *object; | 78 | char *object; |
80 | char *request; | 79 | char *request; |
81 | int result; | 80 | int result; |
82 | } smack_audit_data; | 81 | } smack_audit_data; |
83 | #endif | 82 | #endif |
84 | #ifdef CONFIG_SECURITY_SELINUX | 83 | #ifdef CONFIG_SECURITY_SELINUX |
85 | /* SELinux data */ | 84 | /* SELinux data */ |
86 | struct { | 85 | struct { |
87 | u32 ssid; | 86 | u32 ssid; |
88 | u32 tsid; | 87 | u32 tsid; |
89 | u16 tclass; | 88 | u16 tclass; |
90 | u32 requested; | 89 | u32 requested; |
91 | u32 audited; | 90 | u32 audited; |
92 | u32 denied; | 91 | u32 denied; |
93 | /* | 92 | /* |
94 | * auditdeny is a bit tricky and unintuitive. See the | 93 | * auditdeny is a bit tricky and unintuitive. See the |
95 | * comments in avc.c for it's meaning and usage. | 94 | * comments in avc.c for it's meaning and usage. |
96 | */ | 95 | */ |
97 | u32 auditdeny; | 96 | u32 auditdeny; |
98 | struct av_decision *avd; | 97 | struct av_decision *avd; |
99 | int result; | 98 | int result; |
100 | } selinux_audit_data; | 99 | } selinux_audit_data; |
101 | #endif | 100 | #endif |
102 | #ifdef CONFIG_SECURITY_APPARMOR | 101 | #ifdef CONFIG_SECURITY_APPARMOR |
103 | struct { | 102 | struct { |
104 | int error; | 103 | int error; |
105 | int op; | 104 | int op; |
106 | int type; | 105 | int type; |
107 | void *profile; | 106 | void *profile; |
108 | const char *name; | 107 | const char *name; |
109 | const char *info; | 108 | const char *info; |
110 | union { | 109 | union { |
111 | void *target; | 110 | void *target; |
112 | struct { | 111 | struct { |
113 | long pos; | 112 | long pos; |
114 | void *target; | 113 | void *target; |
115 | } iface; | 114 | } iface; |
116 | struct { | 115 | struct { |
117 | int rlim; | 116 | int rlim; |
118 | unsigned long max; | 117 | unsigned long max; |
119 | } rlim; | 118 | } rlim; |
120 | struct { | 119 | struct { |
121 | const char *target; | 120 | const char *target; |
122 | u32 request; | 121 | u32 request; |
123 | u32 denied; | 122 | u32 denied; |
124 | uid_t ouid; | 123 | uid_t ouid; |
125 | } fs; | 124 | } fs; |
126 | }; | 125 | }; |
127 | } apparmor_audit_data; | 126 | } apparmor_audit_data; |
128 | #endif | 127 | #endif |
129 | }; | 128 | }; |
130 | /* these callback will be implemented by a specific LSM */ | 129 | /* these callback will be implemented by a specific LSM */ |
131 | void (*lsm_pre_audit)(struct audit_buffer *, void *); | 130 | void (*lsm_pre_audit)(struct audit_buffer *, void *); |
132 | void (*lsm_post_audit)(struct audit_buffer *, void *); | 131 | void (*lsm_post_audit)(struct audit_buffer *, void *); |
133 | }; | 132 | }; |
134 | 133 | ||
135 | #define v4info fam.v4 | 134 | #define v4info fam.v4 |
136 | #define v6info fam.v6 | 135 | #define v6info fam.v6 |
137 | 136 | ||
138 | int ipv4_skb_to_auditdata(struct sk_buff *skb, | 137 | int ipv4_skb_to_auditdata(struct sk_buff *skb, |
139 | struct common_audit_data *ad, u8 *proto); | 138 | struct common_audit_data *ad, u8 *proto); |
140 | 139 | ||
141 | int ipv6_skb_to_auditdata(struct sk_buff *skb, | 140 | int ipv6_skb_to_auditdata(struct sk_buff *skb, |
142 | struct common_audit_data *ad, u8 *proto); | 141 | struct common_audit_data *ad, u8 *proto); |
143 | 142 | ||
144 | /* Initialize an LSM audit data structure. */ | 143 | /* Initialize an LSM audit data structure. */ |
145 | #define COMMON_AUDIT_DATA_INIT(_d, _t) \ | 144 | #define COMMON_AUDIT_DATA_INIT(_d, _t) \ |
146 | { memset((_d), 0, sizeof(struct common_audit_data)); \ | 145 | { memset((_d), 0, sizeof(struct common_audit_data)); \ |
147 | (_d)->type = LSM_AUDIT_DATA_##_t; } | 146 | (_d)->type = LSM_AUDIT_DATA_##_t; } |
148 | 147 | ||
149 | void common_lsm_audit(struct common_audit_data *a); | 148 | void common_lsm_audit(struct common_audit_data *a); |
150 | 149 | ||
151 | #endif | 150 | #endif |
security/lsm_audit.c
1 | /* | 1 | /* |
2 | * common LSM auditing functions | 2 | * common LSM auditing functions |
3 | * | 3 | * |
4 | * Based on code written for SELinux by : | 4 | * Based on code written for SELinux by : |
5 | * Stephen Smalley, <sds@epoch.ncsc.mil> | 5 | * Stephen Smalley, <sds@epoch.ncsc.mil> |
6 | * James Morris <jmorris@redhat.com> | 6 | * James Morris <jmorris@redhat.com> |
7 | * Author : Etienne Basset, <etienne.basset@ensta.org> | 7 | * Author : Etienne Basset, <etienne.basset@ensta.org> |
8 | * | 8 | * |
9 | * This program is free software; you can redistribute it and/or modify | 9 | * This program is free software; you can redistribute it and/or modify |
10 | * it under the terms of the GNU General Public License version 2, | 10 | * it under the terms of the GNU General Public License version 2, |
11 | * as published by the Free Software Foundation. | 11 | * as published by the Free Software Foundation. |
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include <linux/types.h> | 14 | #include <linux/types.h> |
15 | #include <linux/stddef.h> | 15 | #include <linux/stddef.h> |
16 | #include <linux/kernel.h> | 16 | #include <linux/kernel.h> |
17 | #include <linux/gfp.h> | 17 | #include <linux/gfp.h> |
18 | #include <linux/fs.h> | 18 | #include <linux/fs.h> |
19 | #include <linux/init.h> | 19 | #include <linux/init.h> |
20 | #include <net/sock.h> | 20 | #include <net/sock.h> |
21 | #include <linux/un.h> | 21 | #include <linux/un.h> |
22 | #include <net/af_unix.h> | 22 | #include <net/af_unix.h> |
23 | #include <linux/audit.h> | 23 | #include <linux/audit.h> |
24 | #include <linux/ipv6.h> | 24 | #include <linux/ipv6.h> |
25 | #include <linux/ip.h> | 25 | #include <linux/ip.h> |
26 | #include <net/ip.h> | 26 | #include <net/ip.h> |
27 | #include <net/ipv6.h> | 27 | #include <net/ipv6.h> |
28 | #include <linux/tcp.h> | 28 | #include <linux/tcp.h> |
29 | #include <linux/udp.h> | 29 | #include <linux/udp.h> |
30 | #include <linux/dccp.h> | 30 | #include <linux/dccp.h> |
31 | #include <linux/sctp.h> | 31 | #include <linux/sctp.h> |
32 | #include <linux/lsm_audit.h> | 32 | #include <linux/lsm_audit.h> |
33 | 33 | ||
34 | /** | 34 | /** |
35 | * ipv4_skb_to_auditdata : fill auditdata from skb | 35 | * ipv4_skb_to_auditdata : fill auditdata from skb |
36 | * @skb : the skb | 36 | * @skb : the skb |
37 | * @ad : the audit data to fill | 37 | * @ad : the audit data to fill |
38 | * @proto : the layer 4 protocol | 38 | * @proto : the layer 4 protocol |
39 | * | 39 | * |
40 | * return 0 on success | 40 | * return 0 on success |
41 | */ | 41 | */ |
42 | int ipv4_skb_to_auditdata(struct sk_buff *skb, | 42 | int ipv4_skb_to_auditdata(struct sk_buff *skb, |
43 | struct common_audit_data *ad, u8 *proto) | 43 | struct common_audit_data *ad, u8 *proto) |
44 | { | 44 | { |
45 | int ret = 0; | 45 | int ret = 0; |
46 | struct iphdr *ih; | 46 | struct iphdr *ih; |
47 | 47 | ||
48 | ih = ip_hdr(skb); | 48 | ih = ip_hdr(skb); |
49 | if (ih == NULL) | 49 | if (ih == NULL) |
50 | return -EINVAL; | 50 | return -EINVAL; |
51 | 51 | ||
52 | ad->u.net.v4info.saddr = ih->saddr; | 52 | ad->u.net.v4info.saddr = ih->saddr; |
53 | ad->u.net.v4info.daddr = ih->daddr; | 53 | ad->u.net.v4info.daddr = ih->daddr; |
54 | 54 | ||
55 | if (proto) | 55 | if (proto) |
56 | *proto = ih->protocol; | 56 | *proto = ih->protocol; |
57 | /* non initial fragment */ | 57 | /* non initial fragment */ |
58 | if (ntohs(ih->frag_off) & IP_OFFSET) | 58 | if (ntohs(ih->frag_off) & IP_OFFSET) |
59 | return 0; | 59 | return 0; |
60 | 60 | ||
61 | switch (ih->protocol) { | 61 | switch (ih->protocol) { |
62 | case IPPROTO_TCP: { | 62 | case IPPROTO_TCP: { |
63 | struct tcphdr *th = tcp_hdr(skb); | 63 | struct tcphdr *th = tcp_hdr(skb); |
64 | if (th == NULL) | 64 | if (th == NULL) |
65 | break; | 65 | break; |
66 | 66 | ||
67 | ad->u.net.sport = th->source; | 67 | ad->u.net.sport = th->source; |
68 | ad->u.net.dport = th->dest; | 68 | ad->u.net.dport = th->dest; |
69 | break; | 69 | break; |
70 | } | 70 | } |
71 | case IPPROTO_UDP: { | 71 | case IPPROTO_UDP: { |
72 | struct udphdr *uh = udp_hdr(skb); | 72 | struct udphdr *uh = udp_hdr(skb); |
73 | if (uh == NULL) | 73 | if (uh == NULL) |
74 | break; | 74 | break; |
75 | 75 | ||
76 | ad->u.net.sport = uh->source; | 76 | ad->u.net.sport = uh->source; |
77 | ad->u.net.dport = uh->dest; | 77 | ad->u.net.dport = uh->dest; |
78 | break; | 78 | break; |
79 | } | 79 | } |
80 | case IPPROTO_DCCP: { | 80 | case IPPROTO_DCCP: { |
81 | struct dccp_hdr *dh = dccp_hdr(skb); | 81 | struct dccp_hdr *dh = dccp_hdr(skb); |
82 | if (dh == NULL) | 82 | if (dh == NULL) |
83 | break; | 83 | break; |
84 | 84 | ||
85 | ad->u.net.sport = dh->dccph_sport; | 85 | ad->u.net.sport = dh->dccph_sport; |
86 | ad->u.net.dport = dh->dccph_dport; | 86 | ad->u.net.dport = dh->dccph_dport; |
87 | break; | 87 | break; |
88 | } | 88 | } |
89 | case IPPROTO_SCTP: { | 89 | case IPPROTO_SCTP: { |
90 | struct sctphdr *sh = sctp_hdr(skb); | 90 | struct sctphdr *sh = sctp_hdr(skb); |
91 | if (sh == NULL) | 91 | if (sh == NULL) |
92 | break; | 92 | break; |
93 | ad->u.net.sport = sh->source; | 93 | ad->u.net.sport = sh->source; |
94 | ad->u.net.dport = sh->dest; | 94 | ad->u.net.dport = sh->dest; |
95 | break; | 95 | break; |
96 | } | 96 | } |
97 | default: | 97 | default: |
98 | ret = -EINVAL; | 98 | ret = -EINVAL; |
99 | } | 99 | } |
100 | return ret; | 100 | return ret; |
101 | } | 101 | } |
102 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 102 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
103 | /** | 103 | /** |
104 | * ipv6_skb_to_auditdata : fill auditdata from skb | 104 | * ipv6_skb_to_auditdata : fill auditdata from skb |
105 | * @skb : the skb | 105 | * @skb : the skb |
106 | * @ad : the audit data to fill | 106 | * @ad : the audit data to fill |
107 | * @proto : the layer 4 protocol | 107 | * @proto : the layer 4 protocol |
108 | * | 108 | * |
109 | * return 0 on success | 109 | * return 0 on success |
110 | */ | 110 | */ |
111 | int ipv6_skb_to_auditdata(struct sk_buff *skb, | 111 | int ipv6_skb_to_auditdata(struct sk_buff *skb, |
112 | struct common_audit_data *ad, u8 *proto) | 112 | struct common_audit_data *ad, u8 *proto) |
113 | { | 113 | { |
114 | int offset, ret = 0; | 114 | int offset, ret = 0; |
115 | struct ipv6hdr *ip6; | 115 | struct ipv6hdr *ip6; |
116 | u8 nexthdr; | 116 | u8 nexthdr; |
117 | 117 | ||
118 | ip6 = ipv6_hdr(skb); | 118 | ip6 = ipv6_hdr(skb); |
119 | if (ip6 == NULL) | 119 | if (ip6 == NULL) |
120 | return -EINVAL; | 120 | return -EINVAL; |
121 | ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); | 121 | ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); |
122 | ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); | 122 | ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); |
123 | ret = 0; | 123 | ret = 0; |
124 | /* IPv6 can have several extension header before the Transport header | 124 | /* IPv6 can have several extension header before the Transport header |
125 | * skip them */ | 125 | * skip them */ |
126 | offset = skb_network_offset(skb); | 126 | offset = skb_network_offset(skb); |
127 | offset += sizeof(*ip6); | 127 | offset += sizeof(*ip6); |
128 | nexthdr = ip6->nexthdr; | 128 | nexthdr = ip6->nexthdr; |
129 | offset = ipv6_skip_exthdr(skb, offset, &nexthdr); | 129 | offset = ipv6_skip_exthdr(skb, offset, &nexthdr); |
130 | if (offset < 0) | 130 | if (offset < 0) |
131 | return 0; | 131 | return 0; |
132 | if (proto) | 132 | if (proto) |
133 | *proto = nexthdr; | 133 | *proto = nexthdr; |
134 | switch (nexthdr) { | 134 | switch (nexthdr) { |
135 | case IPPROTO_TCP: { | 135 | case IPPROTO_TCP: { |
136 | struct tcphdr _tcph, *th; | 136 | struct tcphdr _tcph, *th; |
137 | 137 | ||
138 | th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); | 138 | th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); |
139 | if (th == NULL) | 139 | if (th == NULL) |
140 | break; | 140 | break; |
141 | 141 | ||
142 | ad->u.net.sport = th->source; | 142 | ad->u.net.sport = th->source; |
143 | ad->u.net.dport = th->dest; | 143 | ad->u.net.dport = th->dest; |
144 | break; | 144 | break; |
145 | } | 145 | } |
146 | case IPPROTO_UDP: { | 146 | case IPPROTO_UDP: { |
147 | struct udphdr _udph, *uh; | 147 | struct udphdr _udph, *uh; |
148 | 148 | ||
149 | uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); | 149 | uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); |
150 | if (uh == NULL) | 150 | if (uh == NULL) |
151 | break; | 151 | break; |
152 | 152 | ||
153 | ad->u.net.sport = uh->source; | 153 | ad->u.net.sport = uh->source; |
154 | ad->u.net.dport = uh->dest; | 154 | ad->u.net.dport = uh->dest; |
155 | break; | 155 | break; |
156 | } | 156 | } |
157 | case IPPROTO_DCCP: { | 157 | case IPPROTO_DCCP: { |
158 | struct dccp_hdr _dccph, *dh; | 158 | struct dccp_hdr _dccph, *dh; |
159 | 159 | ||
160 | dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); | 160 | dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); |
161 | if (dh == NULL) | 161 | if (dh == NULL) |
162 | break; | 162 | break; |
163 | 163 | ||
164 | ad->u.net.sport = dh->dccph_sport; | 164 | ad->u.net.sport = dh->dccph_sport; |
165 | ad->u.net.dport = dh->dccph_dport; | 165 | ad->u.net.dport = dh->dccph_dport; |
166 | break; | 166 | break; |
167 | } | 167 | } |
168 | case IPPROTO_SCTP: { | 168 | case IPPROTO_SCTP: { |
169 | struct sctphdr _sctph, *sh; | 169 | struct sctphdr _sctph, *sh; |
170 | 170 | ||
171 | sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph); | 171 | sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph); |
172 | if (sh == NULL) | 172 | if (sh == NULL) |
173 | break; | 173 | break; |
174 | ad->u.net.sport = sh->source; | 174 | ad->u.net.sport = sh->source; |
175 | ad->u.net.dport = sh->dest; | 175 | ad->u.net.dport = sh->dest; |
176 | break; | 176 | break; |
177 | } | 177 | } |
178 | default: | 178 | default: |
179 | ret = -EINVAL; | 179 | ret = -EINVAL; |
180 | } | 180 | } |
181 | return ret; | 181 | return ret; |
182 | } | 182 | } |
183 | #endif | 183 | #endif |
184 | 184 | ||
185 | 185 | ||
186 | static inline void print_ipv6_addr(struct audit_buffer *ab, | 186 | static inline void print_ipv6_addr(struct audit_buffer *ab, |
187 | struct in6_addr *addr, __be16 port, | 187 | struct in6_addr *addr, __be16 port, |
188 | char *name1, char *name2) | 188 | char *name1, char *name2) |
189 | { | 189 | { |
190 | if (!ipv6_addr_any(addr)) | 190 | if (!ipv6_addr_any(addr)) |
191 | audit_log_format(ab, " %s=%pI6c", name1, addr); | 191 | audit_log_format(ab, " %s=%pI6c", name1, addr); |
192 | if (port) | 192 | if (port) |
193 | audit_log_format(ab, " %s=%d", name2, ntohs(port)); | 193 | audit_log_format(ab, " %s=%d", name2, ntohs(port)); |
194 | } | 194 | } |
195 | 195 | ||
196 | static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr, | 196 | static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr, |
197 | __be16 port, char *name1, char *name2) | 197 | __be16 port, char *name1, char *name2) |
198 | { | 198 | { |
199 | if (addr) | 199 | if (addr) |
200 | audit_log_format(ab, " %s=%pI4", name1, &addr); | 200 | audit_log_format(ab, " %s=%pI4", name1, &addr); |
201 | if (port) | 201 | if (port) |
202 | audit_log_format(ab, " %s=%d", name2, ntohs(port)); | 202 | audit_log_format(ab, " %s=%d", name2, ntohs(port)); |
203 | } | 203 | } |
204 | 204 | ||
205 | /** | 205 | /** |
206 | * dump_common_audit_data - helper to dump common audit data | 206 | * dump_common_audit_data - helper to dump common audit data |
207 | * @a : common audit data | 207 | * @a : common audit data |
208 | * | 208 | * |
209 | */ | 209 | */ |
210 | static void dump_common_audit_data(struct audit_buffer *ab, | 210 | static void dump_common_audit_data(struct audit_buffer *ab, |
211 | struct common_audit_data *a) | 211 | struct common_audit_data *a) |
212 | { | 212 | { |
213 | struct inode *inode = NULL; | ||
214 | struct task_struct *tsk = current; | 213 | struct task_struct *tsk = current; |
215 | 214 | ||
216 | if (a->tsk) | 215 | if (a->tsk) |
217 | tsk = a->tsk; | 216 | tsk = a->tsk; |
218 | if (tsk && tsk->pid) { | 217 | if (tsk && tsk->pid) { |
219 | audit_log_format(ab, " pid=%d comm=", tsk->pid); | 218 | audit_log_format(ab, " pid=%d comm=", tsk->pid); |
220 | audit_log_untrustedstring(ab, tsk->comm); | 219 | audit_log_untrustedstring(ab, tsk->comm); |
221 | } | 220 | } |
222 | 221 | ||
223 | switch (a->type) { | 222 | switch (a->type) { |
224 | case LSM_AUDIT_DATA_NONE: | 223 | case LSM_AUDIT_DATA_NONE: |
225 | return; | 224 | return; |
226 | case LSM_AUDIT_DATA_IPC: | 225 | case LSM_AUDIT_DATA_IPC: |
227 | audit_log_format(ab, " key=%d ", a->u.ipc_id); | 226 | audit_log_format(ab, " key=%d ", a->u.ipc_id); |
228 | break; | 227 | break; |
229 | case LSM_AUDIT_DATA_CAP: | 228 | case LSM_AUDIT_DATA_CAP: |
230 | audit_log_format(ab, " capability=%d ", a->u.cap); | 229 | audit_log_format(ab, " capability=%d ", a->u.cap); |
231 | break; | 230 | break; |
232 | case LSM_AUDIT_DATA_FS: | 231 | case LSM_AUDIT_DATA_PATH: { |
233 | if (a->u.fs.path.dentry) { | 232 | struct dentry *dentry = a->u.path.dentry; |
234 | struct dentry *dentry = a->u.fs.path.dentry; | 233 | struct inode *inode; |
235 | if (a->u.fs.path.mnt) { | 234 | |
236 | audit_log_d_path(ab, "path=", &a->u.fs.path); | 235 | if (a->u.path.mnt) { |
237 | } else { | 236 | audit_log_d_path(ab, "path=", &a->u.path); |
238 | audit_log_format(ab, " name="); | 237 | } else { |
239 | audit_log_untrustedstring(ab, | 238 | audit_log_format(ab, " name="); |
240 | dentry->d_name.name); | 239 | audit_log_untrustedstring(ab, |
241 | } | 240 | dentry->d_name.name); |
242 | inode = dentry->d_inode; | ||
243 | } else if (a->u.fs.inode) { | ||
244 | struct dentry *dentry; | ||
245 | inode = a->u.fs.inode; | ||
246 | dentry = d_find_alias(inode); | ||
247 | if (dentry) { | ||
248 | audit_log_format(ab, " name="); | ||
249 | audit_log_untrustedstring(ab, | ||
250 | dentry->d_name.name); | ||
251 | dput(dentry); | ||
252 | } | ||
253 | } | 241 | } |
242 | inode = dentry->d_inode; | ||
254 | if (inode) | 243 | if (inode) |
255 | audit_log_format(ab, " dev=%s ino=%lu", | 244 | audit_log_format(ab, " dev=%s ino=%lu", |
256 | inode->i_sb->s_id, | 245 | inode->i_sb->s_id, |
257 | inode->i_ino); | 246 | inode->i_ino); |
258 | break; | 247 | break; |
248 | } | ||
249 | case LSM_AUDIT_DATA_INODE: { | ||
250 | struct dentry *dentry; | ||
251 | struct inode *inode; | ||
252 | |||
253 | inode = a->u.inode; | ||
254 | dentry = d_find_alias(inode); | ||
255 | if (dentry) { | ||
256 | audit_log_format(ab, " name="); | ||
257 | audit_log_untrustedstring(ab, | ||
258 | dentry->d_name.name); | ||
259 | dput(dentry); | ||
260 | } | ||
261 | audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id, | ||
262 | inode->i_ino); | ||
263 | break; | ||
264 | } | ||
259 | case LSM_AUDIT_DATA_TASK: | 265 | case LSM_AUDIT_DATA_TASK: |
260 | tsk = a->u.tsk; | 266 | tsk = a->u.tsk; |
261 | if (tsk && tsk->pid) { | 267 | if (tsk && tsk->pid) { |
262 | audit_log_format(ab, " pid=%d comm=", tsk->pid); | 268 | audit_log_format(ab, " pid=%d comm=", tsk->pid); |
263 | audit_log_untrustedstring(ab, tsk->comm); | 269 | audit_log_untrustedstring(ab, tsk->comm); |
264 | } | 270 | } |
265 | break; | 271 | break; |
266 | case LSM_AUDIT_DATA_NET: | 272 | case LSM_AUDIT_DATA_NET: |
267 | if (a->u.net.sk) { | 273 | if (a->u.net.sk) { |
268 | struct sock *sk = a->u.net.sk; | 274 | struct sock *sk = a->u.net.sk; |
269 | struct unix_sock *u; | 275 | struct unix_sock *u; |
270 | int len = 0; | 276 | int len = 0; |
271 | char *p = NULL; | 277 | char *p = NULL; |
272 | 278 | ||
273 | switch (sk->sk_family) { | 279 | switch (sk->sk_family) { |
274 | case AF_INET: { | 280 | case AF_INET: { |
275 | struct inet_sock *inet = inet_sk(sk); | 281 | struct inet_sock *inet = inet_sk(sk); |
276 | 282 | ||
277 | print_ipv4_addr(ab, inet->inet_rcv_saddr, | 283 | print_ipv4_addr(ab, inet->inet_rcv_saddr, |
278 | inet->inet_sport, | 284 | inet->inet_sport, |
279 | "laddr", "lport"); | 285 | "laddr", "lport"); |
280 | print_ipv4_addr(ab, inet->inet_daddr, | 286 | print_ipv4_addr(ab, inet->inet_daddr, |
281 | inet->inet_dport, | 287 | inet->inet_dport, |
282 | "faddr", "fport"); | 288 | "faddr", "fport"); |
283 | break; | 289 | break; |
284 | } | 290 | } |
285 | case AF_INET6: { | 291 | case AF_INET6: { |
286 | struct inet_sock *inet = inet_sk(sk); | 292 | struct inet_sock *inet = inet_sk(sk); |
287 | struct ipv6_pinfo *inet6 = inet6_sk(sk); | 293 | struct ipv6_pinfo *inet6 = inet6_sk(sk); |
288 | 294 | ||
289 | print_ipv6_addr(ab, &inet6->rcv_saddr, | 295 | print_ipv6_addr(ab, &inet6->rcv_saddr, |
290 | inet->inet_sport, | 296 | inet->inet_sport, |
291 | "laddr", "lport"); | 297 | "laddr", "lport"); |
292 | print_ipv6_addr(ab, &inet6->daddr, | 298 | print_ipv6_addr(ab, &inet6->daddr, |
293 | inet->inet_dport, | 299 | inet->inet_dport, |
294 | "faddr", "fport"); | 300 | "faddr", "fport"); |
295 | break; | 301 | break; |
296 | } | 302 | } |
297 | case AF_UNIX: | 303 | case AF_UNIX: |
298 | u = unix_sk(sk); | 304 | u = unix_sk(sk); |
299 | if (u->dentry) { | 305 | if (u->dentry) { |
300 | struct path path = { | 306 | struct path path = { |
301 | .dentry = u->dentry, | 307 | .dentry = u->dentry, |
302 | .mnt = u->mnt | 308 | .mnt = u->mnt |
303 | }; | 309 | }; |
304 | audit_log_d_path(ab, "path=", &path); | 310 | audit_log_d_path(ab, "path=", &path); |
305 | break; | 311 | break; |
306 | } | 312 | } |
307 | if (!u->addr) | 313 | if (!u->addr) |
308 | break; | 314 | break; |
309 | len = u->addr->len-sizeof(short); | 315 | len = u->addr->len-sizeof(short); |
310 | p = &u->addr->name->sun_path[0]; | 316 | p = &u->addr->name->sun_path[0]; |
311 | audit_log_format(ab, " path="); | 317 | audit_log_format(ab, " path="); |
312 | if (*p) | 318 | if (*p) |
313 | audit_log_untrustedstring(ab, p); | 319 | audit_log_untrustedstring(ab, p); |
314 | else | 320 | else |
315 | audit_log_n_hex(ab, p, len); | 321 | audit_log_n_hex(ab, p, len); |
316 | break; | 322 | break; |
317 | } | 323 | } |
318 | } | 324 | } |
319 | 325 | ||
320 | switch (a->u.net.family) { | 326 | switch (a->u.net.family) { |
321 | case AF_INET: | 327 | case AF_INET: |
322 | print_ipv4_addr(ab, a->u.net.v4info.saddr, | 328 | print_ipv4_addr(ab, a->u.net.v4info.saddr, |
323 | a->u.net.sport, | 329 | a->u.net.sport, |
324 | "saddr", "src"); | 330 | "saddr", "src"); |
325 | print_ipv4_addr(ab, a->u.net.v4info.daddr, | 331 | print_ipv4_addr(ab, a->u.net.v4info.daddr, |
326 | a->u.net.dport, | 332 | a->u.net.dport, |
327 | "daddr", "dest"); | 333 | "daddr", "dest"); |
328 | break; | 334 | break; |
329 | case AF_INET6: | 335 | case AF_INET6: |
330 | print_ipv6_addr(ab, &a->u.net.v6info.saddr, | 336 | print_ipv6_addr(ab, &a->u.net.v6info.saddr, |
331 | a->u.net.sport, | 337 | a->u.net.sport, |
332 | "saddr", "src"); | 338 | "saddr", "src"); |
333 | print_ipv6_addr(ab, &a->u.net.v6info.daddr, | 339 | print_ipv6_addr(ab, &a->u.net.v6info.daddr, |
334 | a->u.net.dport, | 340 | a->u.net.dport, |
335 | "daddr", "dest"); | 341 | "daddr", "dest"); |
336 | break; | 342 | break; |
337 | } | 343 | } |
338 | if (a->u.net.netif > 0) { | 344 | if (a->u.net.netif > 0) { |
339 | struct net_device *dev; | 345 | struct net_device *dev; |
340 | 346 | ||
341 | /* NOTE: we always use init's namespace */ | 347 | /* NOTE: we always use init's namespace */ |
342 | dev = dev_get_by_index(&init_net, a->u.net.netif); | 348 | dev = dev_get_by_index(&init_net, a->u.net.netif); |
343 | if (dev) { | 349 | if (dev) { |
344 | audit_log_format(ab, " netif=%s", dev->name); | 350 | audit_log_format(ab, " netif=%s", dev->name); |
345 | dev_put(dev); | 351 | dev_put(dev); |
346 | } | 352 | } |
347 | } | 353 | } |
348 | break; | 354 | break; |
349 | #ifdef CONFIG_KEYS | 355 | #ifdef CONFIG_KEYS |
350 | case LSM_AUDIT_DATA_KEY: | 356 | case LSM_AUDIT_DATA_KEY: |
351 | audit_log_format(ab, " key_serial=%u", a->u.key_struct.key); | 357 | audit_log_format(ab, " key_serial=%u", a->u.key_struct.key); |
352 | if (a->u.key_struct.key_desc) { | 358 | if (a->u.key_struct.key_desc) { |
353 | audit_log_format(ab, " key_desc="); | 359 | audit_log_format(ab, " key_desc="); |
354 | audit_log_untrustedstring(ab, a->u.key_struct.key_desc); | 360 | audit_log_untrustedstring(ab, a->u.key_struct.key_desc); |
355 | } | 361 | } |
356 | break; | 362 | break; |
357 | #endif | 363 | #endif |
358 | case LSM_AUDIT_DATA_KMOD: | 364 | case LSM_AUDIT_DATA_KMOD: |
359 | audit_log_format(ab, " kmod="); | 365 | audit_log_format(ab, " kmod="); |
360 | audit_log_untrustedstring(ab, a->u.kmod_name); | 366 | audit_log_untrustedstring(ab, a->u.kmod_name); |
361 | break; | 367 | break; |
362 | } /* switch (a->type) */ | 368 | } /* switch (a->type) */ |
363 | } | 369 | } |
364 | 370 | ||
365 | /** | 371 | /** |
366 | * common_lsm_audit - generic LSM auditing function | 372 | * common_lsm_audit - generic LSM auditing function |
367 | * @a: auxiliary audit data | 373 | * @a: auxiliary audit data |
368 | * | 374 | * |
369 | * setup the audit buffer for common security information | 375 | * setup the audit buffer for common security information |
370 | * uses callback to print LSM specific information | 376 | * uses callback to print LSM specific information |
371 | */ | 377 | */ |
372 | void common_lsm_audit(struct common_audit_data *a) | 378 | void common_lsm_audit(struct common_audit_data *a) |
373 | { | 379 | { |
374 | struct audit_buffer *ab; | 380 | struct audit_buffer *ab; |
375 | 381 | ||
376 | if (a == NULL) | 382 | if (a == NULL) |
377 | return; | 383 | return; |
378 | /* we use GFP_ATOMIC so we won't sleep */ | 384 | /* we use GFP_ATOMIC so we won't sleep */ |
379 | ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC); | 385 | ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC); |
380 | 386 | ||
381 | if (ab == NULL) | 387 | if (ab == NULL) |
382 | return; | 388 | return; |
security/selinux/avc.c
1 | /* | 1 | /* |
2 | * Implementation of the kernel access vector cache (AVC). | 2 | * Implementation of the kernel access vector cache (AVC). |
3 | * | 3 | * |
4 | * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> | 4 | * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> |
5 | * James Morris <jmorris@redhat.com> | 5 | * James Morris <jmorris@redhat.com> |
6 | * | 6 | * |
7 | * Update: KaiGai, Kohei <kaigai@ak.jp.nec.com> | 7 | * Update: KaiGai, Kohei <kaigai@ak.jp.nec.com> |
8 | * Replaced the avc_lock spinlock by RCU. | 8 | * Replaced the avc_lock spinlock by RCU. |
9 | * | 9 | * |
10 | * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> | 10 | * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> |
11 | * | 11 | * |
12 | * This program is free software; you can redistribute it and/or modify | 12 | * This program is free software; you can redistribute it and/or modify |
13 | * it under the terms of the GNU General Public License version 2, | 13 | * it under the terms of the GNU General Public License version 2, |
14 | * as published by the Free Software Foundation. | 14 | * as published by the Free Software Foundation. |
15 | */ | 15 | */ |
16 | #include <linux/types.h> | 16 | #include <linux/types.h> |
17 | #include <linux/stddef.h> | 17 | #include <linux/stddef.h> |
18 | #include <linux/kernel.h> | 18 | #include <linux/kernel.h> |
19 | #include <linux/slab.h> | 19 | #include <linux/slab.h> |
20 | #include <linux/fs.h> | 20 | #include <linux/fs.h> |
21 | #include <linux/dcache.h> | 21 | #include <linux/dcache.h> |
22 | #include <linux/init.h> | 22 | #include <linux/init.h> |
23 | #include <linux/skbuff.h> | 23 | #include <linux/skbuff.h> |
24 | #include <linux/percpu.h> | 24 | #include <linux/percpu.h> |
25 | #include <net/sock.h> | 25 | #include <net/sock.h> |
26 | #include <linux/un.h> | 26 | #include <linux/un.h> |
27 | #include <net/af_unix.h> | 27 | #include <net/af_unix.h> |
28 | #include <linux/ip.h> | 28 | #include <linux/ip.h> |
29 | #include <linux/audit.h> | 29 | #include <linux/audit.h> |
30 | #include <linux/ipv6.h> | 30 | #include <linux/ipv6.h> |
31 | #include <net/ipv6.h> | 31 | #include <net/ipv6.h> |
32 | #include "avc.h" | 32 | #include "avc.h" |
33 | #include "avc_ss.h" | 33 | #include "avc_ss.h" |
34 | #include "classmap.h" | 34 | #include "classmap.h" |
35 | 35 | ||
36 | #define AVC_CACHE_SLOTS 512 | 36 | #define AVC_CACHE_SLOTS 512 |
37 | #define AVC_DEF_CACHE_THRESHOLD 512 | 37 | #define AVC_DEF_CACHE_THRESHOLD 512 |
38 | #define AVC_CACHE_RECLAIM 16 | 38 | #define AVC_CACHE_RECLAIM 16 |
39 | 39 | ||
40 | #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS | 40 | #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS |
41 | #define avc_cache_stats_incr(field) \ | 41 | #define avc_cache_stats_incr(field) \ |
42 | do { \ | 42 | do { \ |
43 | per_cpu(avc_cache_stats, get_cpu()).field++; \ | 43 | per_cpu(avc_cache_stats, get_cpu()).field++; \ |
44 | put_cpu(); \ | 44 | put_cpu(); \ |
45 | } while (0) | 45 | } while (0) |
46 | #else | 46 | #else |
47 | #define avc_cache_stats_incr(field) do {} while (0) | 47 | #define avc_cache_stats_incr(field) do {} while (0) |
48 | #endif | 48 | #endif |
49 | 49 | ||
50 | struct avc_entry { | 50 | struct avc_entry { |
51 | u32 ssid; | 51 | u32 ssid; |
52 | u32 tsid; | 52 | u32 tsid; |
53 | u16 tclass; | 53 | u16 tclass; |
54 | struct av_decision avd; | 54 | struct av_decision avd; |
55 | }; | 55 | }; |
56 | 56 | ||
57 | struct avc_node { | 57 | struct avc_node { |
58 | struct avc_entry ae; | 58 | struct avc_entry ae; |
59 | struct hlist_node list; /* anchored in avc_cache->slots[i] */ | 59 | struct hlist_node list; /* anchored in avc_cache->slots[i] */ |
60 | struct rcu_head rhead; | 60 | struct rcu_head rhead; |
61 | }; | 61 | }; |
62 | 62 | ||
63 | struct avc_cache { | 63 | struct avc_cache { |
64 | struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */ | 64 | struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */ |
65 | spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */ | 65 | spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */ |
66 | atomic_t lru_hint; /* LRU hint for reclaim scan */ | 66 | atomic_t lru_hint; /* LRU hint for reclaim scan */ |
67 | atomic_t active_nodes; | 67 | atomic_t active_nodes; |
68 | u32 latest_notif; /* latest revocation notification */ | 68 | u32 latest_notif; /* latest revocation notification */ |
69 | }; | 69 | }; |
70 | 70 | ||
71 | struct avc_callback_node { | 71 | struct avc_callback_node { |
72 | int (*callback) (u32 event, u32 ssid, u32 tsid, | 72 | int (*callback) (u32 event, u32 ssid, u32 tsid, |
73 | u16 tclass, u32 perms, | 73 | u16 tclass, u32 perms, |
74 | u32 *out_retained); | 74 | u32 *out_retained); |
75 | u32 events; | 75 | u32 events; |
76 | u32 ssid; | 76 | u32 ssid; |
77 | u32 tsid; | 77 | u32 tsid; |
78 | u16 tclass; | 78 | u16 tclass; |
79 | u32 perms; | 79 | u32 perms; |
80 | struct avc_callback_node *next; | 80 | struct avc_callback_node *next; |
81 | }; | 81 | }; |
82 | 82 | ||
83 | /* Exported via selinufs */ | 83 | /* Exported via selinufs */ |
84 | unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD; | 84 | unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD; |
85 | 85 | ||
86 | #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS | 86 | #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS |
87 | DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 }; | 87 | DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 }; |
88 | #endif | 88 | #endif |
89 | 89 | ||
90 | static struct avc_cache avc_cache; | 90 | static struct avc_cache avc_cache; |
91 | static struct avc_callback_node *avc_callbacks; | 91 | static struct avc_callback_node *avc_callbacks; |
92 | static struct kmem_cache *avc_node_cachep; | 92 | static struct kmem_cache *avc_node_cachep; |
93 | 93 | ||
94 | static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass) | 94 | static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass) |
95 | { | 95 | { |
96 | return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1); | 96 | return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1); |
97 | } | 97 | } |
98 | 98 | ||
99 | /** | 99 | /** |
100 | * avc_dump_av - Display an access vector in human-readable form. | 100 | * avc_dump_av - Display an access vector in human-readable form. |
101 | * @tclass: target security class | 101 | * @tclass: target security class |
102 | * @av: access vector | 102 | * @av: access vector |
103 | */ | 103 | */ |
104 | static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av) | 104 | static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av) |
105 | { | 105 | { |
106 | const char **perms; | 106 | const char **perms; |
107 | int i, perm; | 107 | int i, perm; |
108 | 108 | ||
109 | if (av == 0) { | 109 | if (av == 0) { |
110 | audit_log_format(ab, " null"); | 110 | audit_log_format(ab, " null"); |
111 | return; | 111 | return; |
112 | } | 112 | } |
113 | 113 | ||
114 | perms = secclass_map[tclass-1].perms; | 114 | perms = secclass_map[tclass-1].perms; |
115 | 115 | ||
116 | audit_log_format(ab, " {"); | 116 | audit_log_format(ab, " {"); |
117 | i = 0; | 117 | i = 0; |
118 | perm = 1; | 118 | perm = 1; |
119 | while (i < (sizeof(av) * 8)) { | 119 | while (i < (sizeof(av) * 8)) { |
120 | if ((perm & av) && perms[i]) { | 120 | if ((perm & av) && perms[i]) { |
121 | audit_log_format(ab, " %s", perms[i]); | 121 | audit_log_format(ab, " %s", perms[i]); |
122 | av &= ~perm; | 122 | av &= ~perm; |
123 | } | 123 | } |
124 | i++; | 124 | i++; |
125 | perm <<= 1; | 125 | perm <<= 1; |
126 | } | 126 | } |
127 | 127 | ||
128 | if (av) | 128 | if (av) |
129 | audit_log_format(ab, " 0x%x", av); | 129 | audit_log_format(ab, " 0x%x", av); |
130 | 130 | ||
131 | audit_log_format(ab, " }"); | 131 | audit_log_format(ab, " }"); |
132 | } | 132 | } |
133 | 133 | ||
134 | /** | 134 | /** |
135 | * avc_dump_query - Display a SID pair and a class in human-readable form. | 135 | * avc_dump_query - Display a SID pair and a class in human-readable form. |
136 | * @ssid: source security identifier | 136 | * @ssid: source security identifier |
137 | * @tsid: target security identifier | 137 | * @tsid: target security identifier |
138 | * @tclass: target security class | 138 | * @tclass: target security class |
139 | */ | 139 | */ |
140 | static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass) | 140 | static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass) |
141 | { | 141 | { |
142 | int rc; | 142 | int rc; |
143 | char *scontext; | 143 | char *scontext; |
144 | u32 scontext_len; | 144 | u32 scontext_len; |
145 | 145 | ||
146 | rc = security_sid_to_context(ssid, &scontext, &scontext_len); | 146 | rc = security_sid_to_context(ssid, &scontext, &scontext_len); |
147 | if (rc) | 147 | if (rc) |
148 | audit_log_format(ab, "ssid=%d", ssid); | 148 | audit_log_format(ab, "ssid=%d", ssid); |
149 | else { | 149 | else { |
150 | audit_log_format(ab, "scontext=%s", scontext); | 150 | audit_log_format(ab, "scontext=%s", scontext); |
151 | kfree(scontext); | 151 | kfree(scontext); |
152 | } | 152 | } |
153 | 153 | ||
154 | rc = security_sid_to_context(tsid, &scontext, &scontext_len); | 154 | rc = security_sid_to_context(tsid, &scontext, &scontext_len); |
155 | if (rc) | 155 | if (rc) |
156 | audit_log_format(ab, " tsid=%d", tsid); | 156 | audit_log_format(ab, " tsid=%d", tsid); |
157 | else { | 157 | else { |
158 | audit_log_format(ab, " tcontext=%s", scontext); | 158 | audit_log_format(ab, " tcontext=%s", scontext); |
159 | kfree(scontext); | 159 | kfree(scontext); |
160 | } | 160 | } |
161 | 161 | ||
162 | BUG_ON(tclass >= ARRAY_SIZE(secclass_map)); | 162 | BUG_ON(tclass >= ARRAY_SIZE(secclass_map)); |
163 | audit_log_format(ab, " tclass=%s", secclass_map[tclass-1].name); | 163 | audit_log_format(ab, " tclass=%s", secclass_map[tclass-1].name); |
164 | } | 164 | } |
165 | 165 | ||
166 | /** | 166 | /** |
167 | * avc_init - Initialize the AVC. | 167 | * avc_init - Initialize the AVC. |
168 | * | 168 | * |
169 | * Initialize the access vector cache. | 169 | * Initialize the access vector cache. |
170 | */ | 170 | */ |
171 | void __init avc_init(void) | 171 | void __init avc_init(void) |
172 | { | 172 | { |
173 | int i; | 173 | int i; |
174 | 174 | ||
175 | for (i = 0; i < AVC_CACHE_SLOTS; i++) { | 175 | for (i = 0; i < AVC_CACHE_SLOTS; i++) { |
176 | INIT_HLIST_HEAD(&avc_cache.slots[i]); | 176 | INIT_HLIST_HEAD(&avc_cache.slots[i]); |
177 | spin_lock_init(&avc_cache.slots_lock[i]); | 177 | spin_lock_init(&avc_cache.slots_lock[i]); |
178 | } | 178 | } |
179 | atomic_set(&avc_cache.active_nodes, 0); | 179 | atomic_set(&avc_cache.active_nodes, 0); |
180 | atomic_set(&avc_cache.lru_hint, 0); | 180 | atomic_set(&avc_cache.lru_hint, 0); |
181 | 181 | ||
182 | avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), | 182 | avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), |
183 | 0, SLAB_PANIC, NULL); | 183 | 0, SLAB_PANIC, NULL); |
184 | 184 | ||
185 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n"); | 185 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n"); |
186 | } | 186 | } |
187 | 187 | ||
188 | int avc_get_hash_stats(char *page) | 188 | int avc_get_hash_stats(char *page) |
189 | { | 189 | { |
190 | int i, chain_len, max_chain_len, slots_used; | 190 | int i, chain_len, max_chain_len, slots_used; |
191 | struct avc_node *node; | 191 | struct avc_node *node; |
192 | struct hlist_head *head; | 192 | struct hlist_head *head; |
193 | 193 | ||
194 | rcu_read_lock(); | 194 | rcu_read_lock(); |
195 | 195 | ||
196 | slots_used = 0; | 196 | slots_used = 0; |
197 | max_chain_len = 0; | 197 | max_chain_len = 0; |
198 | for (i = 0; i < AVC_CACHE_SLOTS; i++) { | 198 | for (i = 0; i < AVC_CACHE_SLOTS; i++) { |
199 | head = &avc_cache.slots[i]; | 199 | head = &avc_cache.slots[i]; |
200 | if (!hlist_empty(head)) { | 200 | if (!hlist_empty(head)) { |
201 | struct hlist_node *next; | 201 | struct hlist_node *next; |
202 | 202 | ||
203 | slots_used++; | 203 | slots_used++; |
204 | chain_len = 0; | 204 | chain_len = 0; |
205 | hlist_for_each_entry_rcu(node, next, head, list) | 205 | hlist_for_each_entry_rcu(node, next, head, list) |
206 | chain_len++; | 206 | chain_len++; |
207 | if (chain_len > max_chain_len) | 207 | if (chain_len > max_chain_len) |
208 | max_chain_len = chain_len; | 208 | max_chain_len = chain_len; |
209 | } | 209 | } |
210 | } | 210 | } |
211 | 211 | ||
212 | rcu_read_unlock(); | 212 | rcu_read_unlock(); |
213 | 213 | ||
214 | return scnprintf(page, PAGE_SIZE, "entries: %d\nbuckets used: %d/%d\n" | 214 | return scnprintf(page, PAGE_SIZE, "entries: %d\nbuckets used: %d/%d\n" |
215 | "longest chain: %d\n", | 215 | "longest chain: %d\n", |
216 | atomic_read(&avc_cache.active_nodes), | 216 | atomic_read(&avc_cache.active_nodes), |
217 | slots_used, AVC_CACHE_SLOTS, max_chain_len); | 217 | slots_used, AVC_CACHE_SLOTS, max_chain_len); |
218 | } | 218 | } |
219 | 219 | ||
220 | static void avc_node_free(struct rcu_head *rhead) | 220 | static void avc_node_free(struct rcu_head *rhead) |
221 | { | 221 | { |
222 | struct avc_node *node = container_of(rhead, struct avc_node, rhead); | 222 | struct avc_node *node = container_of(rhead, struct avc_node, rhead); |
223 | kmem_cache_free(avc_node_cachep, node); | 223 | kmem_cache_free(avc_node_cachep, node); |
224 | avc_cache_stats_incr(frees); | 224 | avc_cache_stats_incr(frees); |
225 | } | 225 | } |
226 | 226 | ||
227 | static void avc_node_delete(struct avc_node *node) | 227 | static void avc_node_delete(struct avc_node *node) |
228 | { | 228 | { |
229 | hlist_del_rcu(&node->list); | 229 | hlist_del_rcu(&node->list); |
230 | call_rcu(&node->rhead, avc_node_free); | 230 | call_rcu(&node->rhead, avc_node_free); |
231 | atomic_dec(&avc_cache.active_nodes); | 231 | atomic_dec(&avc_cache.active_nodes); |
232 | } | 232 | } |
233 | 233 | ||
234 | static void avc_node_kill(struct avc_node *node) | 234 | static void avc_node_kill(struct avc_node *node) |
235 | { | 235 | { |
236 | kmem_cache_free(avc_node_cachep, node); | 236 | kmem_cache_free(avc_node_cachep, node); |
237 | avc_cache_stats_incr(frees); | 237 | avc_cache_stats_incr(frees); |
238 | atomic_dec(&avc_cache.active_nodes); | 238 | atomic_dec(&avc_cache.active_nodes); |
239 | } | 239 | } |
240 | 240 | ||
241 | static void avc_node_replace(struct avc_node *new, struct avc_node *old) | 241 | static void avc_node_replace(struct avc_node *new, struct avc_node *old) |
242 | { | 242 | { |
243 | hlist_replace_rcu(&old->list, &new->list); | 243 | hlist_replace_rcu(&old->list, &new->list); |
244 | call_rcu(&old->rhead, avc_node_free); | 244 | call_rcu(&old->rhead, avc_node_free); |
245 | atomic_dec(&avc_cache.active_nodes); | 245 | atomic_dec(&avc_cache.active_nodes); |
246 | } | 246 | } |
247 | 247 | ||
248 | static inline int avc_reclaim_node(void) | 248 | static inline int avc_reclaim_node(void) |
249 | { | 249 | { |
250 | struct avc_node *node; | 250 | struct avc_node *node; |
251 | int hvalue, try, ecx; | 251 | int hvalue, try, ecx; |
252 | unsigned long flags; | 252 | unsigned long flags; |
253 | struct hlist_head *head; | 253 | struct hlist_head *head; |
254 | struct hlist_node *next; | 254 | struct hlist_node *next; |
255 | spinlock_t *lock; | 255 | spinlock_t *lock; |
256 | 256 | ||
257 | for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) { | 257 | for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) { |
258 | hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1); | 258 | hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1); |
259 | head = &avc_cache.slots[hvalue]; | 259 | head = &avc_cache.slots[hvalue]; |
260 | lock = &avc_cache.slots_lock[hvalue]; | 260 | lock = &avc_cache.slots_lock[hvalue]; |
261 | 261 | ||
262 | if (!spin_trylock_irqsave(lock, flags)) | 262 | if (!spin_trylock_irqsave(lock, flags)) |
263 | continue; | 263 | continue; |
264 | 264 | ||
265 | rcu_read_lock(); | 265 | rcu_read_lock(); |
266 | hlist_for_each_entry(node, next, head, list) { | 266 | hlist_for_each_entry(node, next, head, list) { |
267 | avc_node_delete(node); | 267 | avc_node_delete(node); |
268 | avc_cache_stats_incr(reclaims); | 268 | avc_cache_stats_incr(reclaims); |
269 | ecx++; | 269 | ecx++; |
270 | if (ecx >= AVC_CACHE_RECLAIM) { | 270 | if (ecx >= AVC_CACHE_RECLAIM) { |
271 | rcu_read_unlock(); | 271 | rcu_read_unlock(); |
272 | spin_unlock_irqrestore(lock, flags); | 272 | spin_unlock_irqrestore(lock, flags); |
273 | goto out; | 273 | goto out; |
274 | } | 274 | } |
275 | } | 275 | } |
276 | rcu_read_unlock(); | 276 | rcu_read_unlock(); |
277 | spin_unlock_irqrestore(lock, flags); | 277 | spin_unlock_irqrestore(lock, flags); |
278 | } | 278 | } |
279 | out: | 279 | out: |
280 | return ecx; | 280 | return ecx; |
281 | } | 281 | } |
282 | 282 | ||
283 | static struct avc_node *avc_alloc_node(void) | 283 | static struct avc_node *avc_alloc_node(void) |
284 | { | 284 | { |
285 | struct avc_node *node; | 285 | struct avc_node *node; |
286 | 286 | ||
287 | node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC); | 287 | node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC); |
288 | if (!node) | 288 | if (!node) |
289 | goto out; | 289 | goto out; |
290 | 290 | ||
291 | INIT_HLIST_NODE(&node->list); | 291 | INIT_HLIST_NODE(&node->list); |
292 | avc_cache_stats_incr(allocations); | 292 | avc_cache_stats_incr(allocations); |
293 | 293 | ||
294 | if (atomic_inc_return(&avc_cache.active_nodes) > avc_cache_threshold) | 294 | if (atomic_inc_return(&avc_cache.active_nodes) > avc_cache_threshold) |
295 | avc_reclaim_node(); | 295 | avc_reclaim_node(); |
296 | 296 | ||
297 | out: | 297 | out: |
298 | return node; | 298 | return node; |
299 | } | 299 | } |
300 | 300 | ||
301 | static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd) | 301 | static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd) |
302 | { | 302 | { |
303 | node->ae.ssid = ssid; | 303 | node->ae.ssid = ssid; |
304 | node->ae.tsid = tsid; | 304 | node->ae.tsid = tsid; |
305 | node->ae.tclass = tclass; | 305 | node->ae.tclass = tclass; |
306 | memcpy(&node->ae.avd, avd, sizeof(node->ae.avd)); | 306 | memcpy(&node->ae.avd, avd, sizeof(node->ae.avd)); |
307 | } | 307 | } |
308 | 308 | ||
309 | static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass) | 309 | static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass) |
310 | { | 310 | { |
311 | struct avc_node *node, *ret = NULL; | 311 | struct avc_node *node, *ret = NULL; |
312 | int hvalue; | 312 | int hvalue; |
313 | struct hlist_head *head; | 313 | struct hlist_head *head; |
314 | struct hlist_node *next; | 314 | struct hlist_node *next; |
315 | 315 | ||
316 | hvalue = avc_hash(ssid, tsid, tclass); | 316 | hvalue = avc_hash(ssid, tsid, tclass); |
317 | head = &avc_cache.slots[hvalue]; | 317 | head = &avc_cache.slots[hvalue]; |
318 | hlist_for_each_entry_rcu(node, next, head, list) { | 318 | hlist_for_each_entry_rcu(node, next, head, list) { |
319 | if (ssid == node->ae.ssid && | 319 | if (ssid == node->ae.ssid && |
320 | tclass == node->ae.tclass && | 320 | tclass == node->ae.tclass && |
321 | tsid == node->ae.tsid) { | 321 | tsid == node->ae.tsid) { |
322 | ret = node; | 322 | ret = node; |
323 | break; | 323 | break; |
324 | } | 324 | } |
325 | } | 325 | } |
326 | 326 | ||
327 | return ret; | 327 | return ret; |
328 | } | 328 | } |
329 | 329 | ||
330 | /** | 330 | /** |
331 | * avc_lookup - Look up an AVC entry. | 331 | * avc_lookup - Look up an AVC entry. |
332 | * @ssid: source security identifier | 332 | * @ssid: source security identifier |
333 | * @tsid: target security identifier | 333 | * @tsid: target security identifier |
334 | * @tclass: target security class | 334 | * @tclass: target security class |
335 | * | 335 | * |
336 | * Look up an AVC entry that is valid for the | 336 | * Look up an AVC entry that is valid for the |
337 | * (@ssid, @tsid), interpreting the permissions | 337 | * (@ssid, @tsid), interpreting the permissions |
338 | * based on @tclass. If a valid AVC entry exists, | 338 | * based on @tclass. If a valid AVC entry exists, |
339 | * then this function returns the avc_node. | 339 | * then this function returns the avc_node. |
340 | * Otherwise, this function returns NULL. | 340 | * Otherwise, this function returns NULL. |
341 | */ | 341 | */ |
342 | static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass) | 342 | static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass) |
343 | { | 343 | { |
344 | struct avc_node *node; | 344 | struct avc_node *node; |
345 | 345 | ||
346 | avc_cache_stats_incr(lookups); | 346 | avc_cache_stats_incr(lookups); |
347 | node = avc_search_node(ssid, tsid, tclass); | 347 | node = avc_search_node(ssid, tsid, tclass); |
348 | 348 | ||
349 | if (node) | 349 | if (node) |
350 | avc_cache_stats_incr(hits); | 350 | avc_cache_stats_incr(hits); |
351 | else | 351 | else |
352 | avc_cache_stats_incr(misses); | 352 | avc_cache_stats_incr(misses); |
353 | 353 | ||
354 | return node; | 354 | return node; |
355 | } | 355 | } |
356 | 356 | ||
357 | static int avc_latest_notif_update(int seqno, int is_insert) | 357 | static int avc_latest_notif_update(int seqno, int is_insert) |
358 | { | 358 | { |
359 | int ret = 0; | 359 | int ret = 0; |
360 | static DEFINE_SPINLOCK(notif_lock); | 360 | static DEFINE_SPINLOCK(notif_lock); |
361 | unsigned long flag; | 361 | unsigned long flag; |
362 | 362 | ||
363 | spin_lock_irqsave(¬if_lock, flag); | 363 | spin_lock_irqsave(¬if_lock, flag); |
364 | if (is_insert) { | 364 | if (is_insert) { |
365 | if (seqno < avc_cache.latest_notif) { | 365 | if (seqno < avc_cache.latest_notif) { |
366 | printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n", | 366 | printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n", |
367 | seqno, avc_cache.latest_notif); | 367 | seqno, avc_cache.latest_notif); |
368 | ret = -EAGAIN; | 368 | ret = -EAGAIN; |
369 | } | 369 | } |
370 | } else { | 370 | } else { |
371 | if (seqno > avc_cache.latest_notif) | 371 | if (seqno > avc_cache.latest_notif) |
372 | avc_cache.latest_notif = seqno; | 372 | avc_cache.latest_notif = seqno; |
373 | } | 373 | } |
374 | spin_unlock_irqrestore(¬if_lock, flag); | 374 | spin_unlock_irqrestore(¬if_lock, flag); |
375 | 375 | ||
376 | return ret; | 376 | return ret; |
377 | } | 377 | } |
378 | 378 | ||
379 | /** | 379 | /** |
380 | * avc_insert - Insert an AVC entry. | 380 | * avc_insert - Insert an AVC entry. |
381 | * @ssid: source security identifier | 381 | * @ssid: source security identifier |
382 | * @tsid: target security identifier | 382 | * @tsid: target security identifier |
383 | * @tclass: target security class | 383 | * @tclass: target security class |
384 | * @avd: resulting av decision | 384 | * @avd: resulting av decision |
385 | * | 385 | * |
386 | * Insert an AVC entry for the SID pair | 386 | * Insert an AVC entry for the SID pair |
387 | * (@ssid, @tsid) and class @tclass. | 387 | * (@ssid, @tsid) and class @tclass. |
388 | * The access vectors and the sequence number are | 388 | * The access vectors and the sequence number are |
389 | * normally provided by the security server in | 389 | * normally provided by the security server in |
390 | * response to a security_compute_av() call. If the | 390 | * response to a security_compute_av() call. If the |
391 | * sequence number @avd->seqno is not less than the latest | 391 | * sequence number @avd->seqno is not less than the latest |
392 | * revocation notification, then the function copies | 392 | * revocation notification, then the function copies |
393 | * the access vectors into a cache entry, returns | 393 | * the access vectors into a cache entry, returns |
394 | * avc_node inserted. Otherwise, this function returns NULL. | 394 | * avc_node inserted. Otherwise, this function returns NULL. |
395 | */ | 395 | */ |
396 | static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd) | 396 | static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd) |
397 | { | 397 | { |
398 | struct avc_node *pos, *node = NULL; | 398 | struct avc_node *pos, *node = NULL; |
399 | int hvalue; | 399 | int hvalue; |
400 | unsigned long flag; | 400 | unsigned long flag; |
401 | 401 | ||
402 | if (avc_latest_notif_update(avd->seqno, 1)) | 402 | if (avc_latest_notif_update(avd->seqno, 1)) |
403 | goto out; | 403 | goto out; |
404 | 404 | ||
405 | node = avc_alloc_node(); | 405 | node = avc_alloc_node(); |
406 | if (node) { | 406 | if (node) { |
407 | struct hlist_head *head; | 407 | struct hlist_head *head; |
408 | struct hlist_node *next; | 408 | struct hlist_node *next; |
409 | spinlock_t *lock; | 409 | spinlock_t *lock; |
410 | 410 | ||
411 | hvalue = avc_hash(ssid, tsid, tclass); | 411 | hvalue = avc_hash(ssid, tsid, tclass); |
412 | avc_node_populate(node, ssid, tsid, tclass, avd); | 412 | avc_node_populate(node, ssid, tsid, tclass, avd); |
413 | 413 | ||
414 | head = &avc_cache.slots[hvalue]; | 414 | head = &avc_cache.slots[hvalue]; |
415 | lock = &avc_cache.slots_lock[hvalue]; | 415 | lock = &avc_cache.slots_lock[hvalue]; |
416 | 416 | ||
417 | spin_lock_irqsave(lock, flag); | 417 | spin_lock_irqsave(lock, flag); |
418 | hlist_for_each_entry(pos, next, head, list) { | 418 | hlist_for_each_entry(pos, next, head, list) { |
419 | if (pos->ae.ssid == ssid && | 419 | if (pos->ae.ssid == ssid && |
420 | pos->ae.tsid == tsid && | 420 | pos->ae.tsid == tsid && |
421 | pos->ae.tclass == tclass) { | 421 | pos->ae.tclass == tclass) { |
422 | avc_node_replace(node, pos); | 422 | avc_node_replace(node, pos); |
423 | goto found; | 423 | goto found; |
424 | } | 424 | } |
425 | } | 425 | } |
426 | hlist_add_head_rcu(&node->list, head); | 426 | hlist_add_head_rcu(&node->list, head); |
427 | found: | 427 | found: |
428 | spin_unlock_irqrestore(lock, flag); | 428 | spin_unlock_irqrestore(lock, flag); |
429 | } | 429 | } |
430 | out: | 430 | out: |
431 | return node; | 431 | return node; |
432 | } | 432 | } |
433 | 433 | ||
434 | /** | 434 | /** |
435 | * avc_audit_pre_callback - SELinux specific information | 435 | * avc_audit_pre_callback - SELinux specific information |
436 | * will be called by generic audit code | 436 | * will be called by generic audit code |
437 | * @ab: the audit buffer | 437 | * @ab: the audit buffer |
438 | * @a: audit_data | 438 | * @a: audit_data |
439 | */ | 439 | */ |
440 | static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) | 440 | static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) |
441 | { | 441 | { |
442 | struct common_audit_data *ad = a; | 442 | struct common_audit_data *ad = a; |
443 | audit_log_format(ab, "avc: %s ", | 443 | audit_log_format(ab, "avc: %s ", |
444 | ad->selinux_audit_data.denied ? "denied" : "granted"); | 444 | ad->selinux_audit_data.denied ? "denied" : "granted"); |
445 | avc_dump_av(ab, ad->selinux_audit_data.tclass, | 445 | avc_dump_av(ab, ad->selinux_audit_data.tclass, |
446 | ad->selinux_audit_data.audited); | 446 | ad->selinux_audit_data.audited); |
447 | audit_log_format(ab, " for "); | 447 | audit_log_format(ab, " for "); |
448 | } | 448 | } |
449 | 449 | ||
450 | /** | 450 | /** |
451 | * avc_audit_post_callback - SELinux specific information | 451 | * avc_audit_post_callback - SELinux specific information |
452 | * will be called by generic audit code | 452 | * will be called by generic audit code |
453 | * @ab: the audit buffer | 453 | * @ab: the audit buffer |
454 | * @a: audit_data | 454 | * @a: audit_data |
455 | */ | 455 | */ |
456 | static void avc_audit_post_callback(struct audit_buffer *ab, void *a) | 456 | static void avc_audit_post_callback(struct audit_buffer *ab, void *a) |
457 | { | 457 | { |
458 | struct common_audit_data *ad = a; | 458 | struct common_audit_data *ad = a; |
459 | audit_log_format(ab, " "); | 459 | audit_log_format(ab, " "); |
460 | avc_dump_query(ab, ad->selinux_audit_data.ssid, | 460 | avc_dump_query(ab, ad->selinux_audit_data.ssid, |
461 | ad->selinux_audit_data.tsid, | 461 | ad->selinux_audit_data.tsid, |
462 | ad->selinux_audit_data.tclass); | 462 | ad->selinux_audit_data.tclass); |
463 | } | 463 | } |
464 | 464 | ||
465 | /** | 465 | /** |
466 | * avc_audit - Audit the granting or denial of permissions. | 466 | * avc_audit - Audit the granting or denial of permissions. |
467 | * @ssid: source security identifier | 467 | * @ssid: source security identifier |
468 | * @tsid: target security identifier | 468 | * @tsid: target security identifier |
469 | * @tclass: target security class | 469 | * @tclass: target security class |
470 | * @requested: requested permissions | 470 | * @requested: requested permissions |
471 | * @avd: access vector decisions | 471 | * @avd: access vector decisions |
472 | * @result: result from avc_has_perm_noaudit | 472 | * @result: result from avc_has_perm_noaudit |
473 | * @a: auxiliary audit data | 473 | * @a: auxiliary audit data |
474 | * @flags: VFS walk flags | 474 | * @flags: VFS walk flags |
475 | * | 475 | * |
476 | * Audit the granting or denial of permissions in accordance | 476 | * Audit the granting or denial of permissions in accordance |
477 | * with the policy. This function is typically called by | 477 | * with the policy. This function is typically called by |
478 | * avc_has_perm() after a permission check, but can also be | 478 | * avc_has_perm() after a permission check, but can also be |
479 | * called directly by callers who use avc_has_perm_noaudit() | 479 | * called directly by callers who use avc_has_perm_noaudit() |
480 | * in order to separate the permission check from the auditing. | 480 | * in order to separate the permission check from the auditing. |
481 | * For example, this separation is useful when the permission check must | 481 | * For example, this separation is useful when the permission check must |
482 | * be performed under a lock, to allow the lock to be released | 482 | * be performed under a lock, to allow the lock to be released |
483 | * before calling the auditing code. | 483 | * before calling the auditing code. |
484 | */ | 484 | */ |
485 | int avc_audit(u32 ssid, u32 tsid, | 485 | int avc_audit(u32 ssid, u32 tsid, |
486 | u16 tclass, u32 requested, | 486 | u16 tclass, u32 requested, |
487 | struct av_decision *avd, int result, struct common_audit_data *a, | 487 | struct av_decision *avd, int result, struct common_audit_data *a, |
488 | unsigned flags) | 488 | unsigned flags) |
489 | { | 489 | { |
490 | struct common_audit_data stack_data; | 490 | struct common_audit_data stack_data; |
491 | u32 denied, audited; | 491 | u32 denied, audited; |
492 | denied = requested & ~avd->allowed; | 492 | denied = requested & ~avd->allowed; |
493 | if (denied) { | 493 | if (denied) { |
494 | audited = denied & avd->auditdeny; | 494 | audited = denied & avd->auditdeny; |
495 | /* | 495 | /* |
496 | * a->selinux_audit_data.auditdeny is TRICKY! Setting a bit in | 496 | * a->selinux_audit_data.auditdeny is TRICKY! Setting a bit in |
497 | * this field means that ANY denials should NOT be audited if | 497 | * this field means that ANY denials should NOT be audited if |
498 | * the policy contains an explicit dontaudit rule for that | 498 | * the policy contains an explicit dontaudit rule for that |
499 | * permission. Take notice that this is unrelated to the | 499 | * permission. Take notice that this is unrelated to the |
500 | * actual permissions that were denied. As an example lets | 500 | * actual permissions that were denied. As an example lets |
501 | * assume: | 501 | * assume: |
502 | * | 502 | * |
503 | * denied == READ | 503 | * denied == READ |
504 | * avd.auditdeny & ACCESS == 0 (not set means explicit rule) | 504 | * avd.auditdeny & ACCESS == 0 (not set means explicit rule) |
505 | * selinux_audit_data.auditdeny & ACCESS == 1 | 505 | * selinux_audit_data.auditdeny & ACCESS == 1 |
506 | * | 506 | * |
507 | * We will NOT audit the denial even though the denied | 507 | * We will NOT audit the denial even though the denied |
508 | * permission was READ and the auditdeny checks were for | 508 | * permission was READ and the auditdeny checks were for |
509 | * ACCESS | 509 | * ACCESS |
510 | */ | 510 | */ |
511 | if (a && | 511 | if (a && |
512 | a->selinux_audit_data.auditdeny && | 512 | a->selinux_audit_data.auditdeny && |
513 | !(a->selinux_audit_data.auditdeny & avd->auditdeny)) | 513 | !(a->selinux_audit_data.auditdeny & avd->auditdeny)) |
514 | audited = 0; | 514 | audited = 0; |
515 | } else if (result) | 515 | } else if (result) |
516 | audited = denied = requested; | 516 | audited = denied = requested; |
517 | else | 517 | else |
518 | audited = requested & avd->auditallow; | 518 | audited = requested & avd->auditallow; |
519 | if (!audited) | 519 | if (!audited) |
520 | return 0; | 520 | return 0; |
521 | 521 | ||
522 | if (!a) { | 522 | if (!a) { |
523 | a = &stack_data; | 523 | a = &stack_data; |
524 | COMMON_AUDIT_DATA_INIT(a, NONE); | 524 | COMMON_AUDIT_DATA_INIT(a, NONE); |
525 | } | 525 | } |
526 | 526 | ||
527 | /* | 527 | /* |
528 | * When in a RCU walk do the audit on the RCU retry. This is because | 528 | * When in a RCU walk do the audit on the RCU retry. This is because |
529 | * the collection of the dname in an inode audit message is not RCU | 529 | * the collection of the dname in an inode audit message is not RCU |
530 | * safe. Note this may drop some audits when the situation changes | 530 | * safe. Note this may drop some audits when the situation changes |
531 | * during retry. However this is logically just as if the operation | 531 | * during retry. However this is logically just as if the operation |
532 | * happened a little later. | 532 | * happened a little later. |
533 | */ | 533 | */ |
534 | if ((a->type == LSM_AUDIT_DATA_FS) && | 534 | if ((a->type == LSM_AUDIT_DATA_INODE) && |
535 | (flags & IPERM_FLAG_RCU)) | 535 | (flags & IPERM_FLAG_RCU)) |
536 | return -ECHILD; | 536 | return -ECHILD; |
537 | 537 | ||
538 | a->selinux_audit_data.tclass = tclass; | 538 | a->selinux_audit_data.tclass = tclass; |
539 | a->selinux_audit_data.requested = requested; | 539 | a->selinux_audit_data.requested = requested; |
540 | a->selinux_audit_data.ssid = ssid; | 540 | a->selinux_audit_data.ssid = ssid; |
541 | a->selinux_audit_data.tsid = tsid; | 541 | a->selinux_audit_data.tsid = tsid; |
542 | a->selinux_audit_data.audited = audited; | 542 | a->selinux_audit_data.audited = audited; |
543 | a->selinux_audit_data.denied = denied; | 543 | a->selinux_audit_data.denied = denied; |
544 | a->lsm_pre_audit = avc_audit_pre_callback; | 544 | a->lsm_pre_audit = avc_audit_pre_callback; |
545 | a->lsm_post_audit = avc_audit_post_callback; | 545 | a->lsm_post_audit = avc_audit_post_callback; |
546 | common_lsm_audit(a); | 546 | common_lsm_audit(a); |
547 | return 0; | 547 | return 0; |
548 | } | 548 | } |
549 | 549 | ||
550 | /** | 550 | /** |
551 | * avc_add_callback - Register a callback for security events. | 551 | * avc_add_callback - Register a callback for security events. |
552 | * @callback: callback function | 552 | * @callback: callback function |
553 | * @events: security events | 553 | * @events: security events |
554 | * @ssid: source security identifier or %SECSID_WILD | 554 | * @ssid: source security identifier or %SECSID_WILD |
555 | * @tsid: target security identifier or %SECSID_WILD | 555 | * @tsid: target security identifier or %SECSID_WILD |
556 | * @tclass: target security class | 556 | * @tclass: target security class |
557 | * @perms: permissions | 557 | * @perms: permissions |
558 | * | 558 | * |
559 | * Register a callback function for events in the set @events | 559 | * Register a callback function for events in the set @events |
560 | * related to the SID pair (@ssid, @tsid) | 560 | * related to the SID pair (@ssid, @tsid) |
561 | * and the permissions @perms, interpreting | 561 | * and the permissions @perms, interpreting |
562 | * @perms based on @tclass. Returns %0 on success or | 562 | * @perms based on @tclass. Returns %0 on success or |
563 | * -%ENOMEM if insufficient memory exists to add the callback. | 563 | * -%ENOMEM if insufficient memory exists to add the callback. |
564 | */ | 564 | */ |
565 | int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, | 565 | int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, |
566 | u16 tclass, u32 perms, | 566 | u16 tclass, u32 perms, |
567 | u32 *out_retained), | 567 | u32 *out_retained), |
568 | u32 events, u32 ssid, u32 tsid, | 568 | u32 events, u32 ssid, u32 tsid, |
569 | u16 tclass, u32 perms) | 569 | u16 tclass, u32 perms) |
570 | { | 570 | { |
571 | struct avc_callback_node *c; | 571 | struct avc_callback_node *c; |
572 | int rc = 0; | 572 | int rc = 0; |
573 | 573 | ||
574 | c = kmalloc(sizeof(*c), GFP_ATOMIC); | 574 | c = kmalloc(sizeof(*c), GFP_ATOMIC); |
575 | if (!c) { | 575 | if (!c) { |
576 | rc = -ENOMEM; | 576 | rc = -ENOMEM; |
577 | goto out; | 577 | goto out; |
578 | } | 578 | } |
579 | 579 | ||
580 | c->callback = callback; | 580 | c->callback = callback; |
581 | c->events = events; | 581 | c->events = events; |
582 | c->ssid = ssid; | 582 | c->ssid = ssid; |
583 | c->tsid = tsid; | 583 | c->tsid = tsid; |
584 | c->perms = perms; | 584 | c->perms = perms; |
585 | c->next = avc_callbacks; | 585 | c->next = avc_callbacks; |
586 | avc_callbacks = c; | 586 | avc_callbacks = c; |
587 | out: | 587 | out: |
588 | return rc; | 588 | return rc; |
589 | } | 589 | } |
590 | 590 | ||
591 | static inline int avc_sidcmp(u32 x, u32 y) | 591 | static inline int avc_sidcmp(u32 x, u32 y) |
592 | { | 592 | { |
593 | return (x == y || x == SECSID_WILD || y == SECSID_WILD); | 593 | return (x == y || x == SECSID_WILD || y == SECSID_WILD); |
594 | } | 594 | } |
595 | 595 | ||
596 | /** | 596 | /** |
597 | * avc_update_node Update an AVC entry | 597 | * avc_update_node Update an AVC entry |
598 | * @event : Updating event | 598 | * @event : Updating event |
599 | * @perms : Permission mask bits | 599 | * @perms : Permission mask bits |
600 | * @ssid,@tsid,@tclass : identifier of an AVC entry | 600 | * @ssid,@tsid,@tclass : identifier of an AVC entry |
601 | * @seqno : sequence number when decision was made | 601 | * @seqno : sequence number when decision was made |
602 | * | 602 | * |
603 | * if a valid AVC entry doesn't exist,this function returns -ENOENT. | 603 | * if a valid AVC entry doesn't exist,this function returns -ENOENT. |
604 | * if kmalloc() called internal returns NULL, this function returns -ENOMEM. | 604 | * if kmalloc() called internal returns NULL, this function returns -ENOMEM. |
605 | * otherwise, this function updates the AVC entry. The original AVC-entry object | 605 | * otherwise, this function updates the AVC entry. The original AVC-entry object |
606 | * will release later by RCU. | 606 | * will release later by RCU. |
607 | */ | 607 | */ |
608 | static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass, | 608 | static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass, |
609 | u32 seqno) | 609 | u32 seqno) |
610 | { | 610 | { |
611 | int hvalue, rc = 0; | 611 | int hvalue, rc = 0; |
612 | unsigned long flag; | 612 | unsigned long flag; |
613 | struct avc_node *pos, *node, *orig = NULL; | 613 | struct avc_node *pos, *node, *orig = NULL; |
614 | struct hlist_head *head; | 614 | struct hlist_head *head; |
615 | struct hlist_node *next; | 615 | struct hlist_node *next; |
616 | spinlock_t *lock; | 616 | spinlock_t *lock; |
617 | 617 | ||
618 | node = avc_alloc_node(); | 618 | node = avc_alloc_node(); |
619 | if (!node) { | 619 | if (!node) { |
620 | rc = -ENOMEM; | 620 | rc = -ENOMEM; |
621 | goto out; | 621 | goto out; |
622 | } | 622 | } |
623 | 623 | ||
624 | /* Lock the target slot */ | 624 | /* Lock the target slot */ |
625 | hvalue = avc_hash(ssid, tsid, tclass); | 625 | hvalue = avc_hash(ssid, tsid, tclass); |
626 | 626 | ||
627 | head = &avc_cache.slots[hvalue]; | 627 | head = &avc_cache.slots[hvalue]; |
628 | lock = &avc_cache.slots_lock[hvalue]; | 628 | lock = &avc_cache.slots_lock[hvalue]; |
629 | 629 | ||
630 | spin_lock_irqsave(lock, flag); | 630 | spin_lock_irqsave(lock, flag); |
631 | 631 | ||
632 | hlist_for_each_entry(pos, next, head, list) { | 632 | hlist_for_each_entry(pos, next, head, list) { |
633 | if (ssid == pos->ae.ssid && | 633 | if (ssid == pos->ae.ssid && |
634 | tsid == pos->ae.tsid && | 634 | tsid == pos->ae.tsid && |
635 | tclass == pos->ae.tclass && | 635 | tclass == pos->ae.tclass && |
636 | seqno == pos->ae.avd.seqno){ | 636 | seqno == pos->ae.avd.seqno){ |
637 | orig = pos; | 637 | orig = pos; |
638 | break; | 638 | break; |
639 | } | 639 | } |
640 | } | 640 | } |
641 | 641 | ||
642 | if (!orig) { | 642 | if (!orig) { |
643 | rc = -ENOENT; | 643 | rc = -ENOENT; |
644 | avc_node_kill(node); | 644 | avc_node_kill(node); |
645 | goto out_unlock; | 645 | goto out_unlock; |
646 | } | 646 | } |
647 | 647 | ||
648 | /* | 648 | /* |
649 | * Copy and replace original node. | 649 | * Copy and replace original node. |
650 | */ | 650 | */ |
651 | 651 | ||
652 | avc_node_populate(node, ssid, tsid, tclass, &orig->ae.avd); | 652 | avc_node_populate(node, ssid, tsid, tclass, &orig->ae.avd); |
653 | 653 | ||
654 | switch (event) { | 654 | switch (event) { |
655 | case AVC_CALLBACK_GRANT: | 655 | case AVC_CALLBACK_GRANT: |
656 | node->ae.avd.allowed |= perms; | 656 | node->ae.avd.allowed |= perms; |
657 | break; | 657 | break; |
658 | case AVC_CALLBACK_TRY_REVOKE: | 658 | case AVC_CALLBACK_TRY_REVOKE: |
659 | case AVC_CALLBACK_REVOKE: | 659 | case AVC_CALLBACK_REVOKE: |
660 | node->ae.avd.allowed &= ~perms; | 660 | node->ae.avd.allowed &= ~perms; |
661 | break; | 661 | break; |
662 | case AVC_CALLBACK_AUDITALLOW_ENABLE: | 662 | case AVC_CALLBACK_AUDITALLOW_ENABLE: |
663 | node->ae.avd.auditallow |= perms; | 663 | node->ae.avd.auditallow |= perms; |
664 | break; | 664 | break; |
665 | case AVC_CALLBACK_AUDITALLOW_DISABLE: | 665 | case AVC_CALLBACK_AUDITALLOW_DISABLE: |
666 | node->ae.avd.auditallow &= ~perms; | 666 | node->ae.avd.auditallow &= ~perms; |
667 | break; | 667 | break; |
668 | case AVC_CALLBACK_AUDITDENY_ENABLE: | 668 | case AVC_CALLBACK_AUDITDENY_ENABLE: |
669 | node->ae.avd.auditdeny |= perms; | 669 | node->ae.avd.auditdeny |= perms; |
670 | break; | 670 | break; |
671 | case AVC_CALLBACK_AUDITDENY_DISABLE: | 671 | case AVC_CALLBACK_AUDITDENY_DISABLE: |
672 | node->ae.avd.auditdeny &= ~perms; | 672 | node->ae.avd.auditdeny &= ~perms; |
673 | break; | 673 | break; |
674 | } | 674 | } |
675 | avc_node_replace(node, orig); | 675 | avc_node_replace(node, orig); |
676 | out_unlock: | 676 | out_unlock: |
677 | spin_unlock_irqrestore(lock, flag); | 677 | spin_unlock_irqrestore(lock, flag); |
678 | out: | 678 | out: |
679 | return rc; | 679 | return rc; |
680 | } | 680 | } |
681 | 681 | ||
682 | /** | 682 | /** |
683 | * avc_flush - Flush the cache | 683 | * avc_flush - Flush the cache |
684 | */ | 684 | */ |
685 | static void avc_flush(void) | 685 | static void avc_flush(void) |
686 | { | 686 | { |
687 | struct hlist_head *head; | 687 | struct hlist_head *head; |
688 | struct hlist_node *next; | 688 | struct hlist_node *next; |
689 | struct avc_node *node; | 689 | struct avc_node *node; |
690 | spinlock_t *lock; | 690 | spinlock_t *lock; |
691 | unsigned long flag; | 691 | unsigned long flag; |
692 | int i; | 692 | int i; |
693 | 693 | ||
694 | for (i = 0; i < AVC_CACHE_SLOTS; i++) { | 694 | for (i = 0; i < AVC_CACHE_SLOTS; i++) { |
695 | head = &avc_cache.slots[i]; | 695 | head = &avc_cache.slots[i]; |
696 | lock = &avc_cache.slots_lock[i]; | 696 | lock = &avc_cache.slots_lock[i]; |
697 | 697 | ||
698 | spin_lock_irqsave(lock, flag); | 698 | spin_lock_irqsave(lock, flag); |
699 | /* | 699 | /* |
700 | * With preemptable RCU, the outer spinlock does not | 700 | * With preemptable RCU, the outer spinlock does not |
701 | * prevent RCU grace periods from ending. | 701 | * prevent RCU grace periods from ending. |
702 | */ | 702 | */ |
703 | rcu_read_lock(); | 703 | rcu_read_lock(); |
704 | hlist_for_each_entry(node, next, head, list) | 704 | hlist_for_each_entry(node, next, head, list) |
705 | avc_node_delete(node); | 705 | avc_node_delete(node); |
706 | rcu_read_unlock(); | 706 | rcu_read_unlock(); |
707 | spin_unlock_irqrestore(lock, flag); | 707 | spin_unlock_irqrestore(lock, flag); |
708 | } | 708 | } |
709 | } | 709 | } |
710 | 710 | ||
711 | /** | 711 | /** |
712 | * avc_ss_reset - Flush the cache and revalidate migrated permissions. | 712 | * avc_ss_reset - Flush the cache and revalidate migrated permissions. |
713 | * @seqno: policy sequence number | 713 | * @seqno: policy sequence number |
714 | */ | 714 | */ |
715 | int avc_ss_reset(u32 seqno) | 715 | int avc_ss_reset(u32 seqno) |
716 | { | 716 | { |
717 | struct avc_callback_node *c; | 717 | struct avc_callback_node *c; |
718 | int rc = 0, tmprc; | 718 | int rc = 0, tmprc; |
719 | 719 | ||
720 | avc_flush(); | 720 | avc_flush(); |
721 | 721 | ||
722 | for (c = avc_callbacks; c; c = c->next) { | 722 | for (c = avc_callbacks; c; c = c->next) { |
723 | if (c->events & AVC_CALLBACK_RESET) { | 723 | if (c->events & AVC_CALLBACK_RESET) { |
724 | tmprc = c->callback(AVC_CALLBACK_RESET, | 724 | tmprc = c->callback(AVC_CALLBACK_RESET, |
725 | 0, 0, 0, 0, NULL); | 725 | 0, 0, 0, 0, NULL); |
726 | /* save the first error encountered for the return | 726 | /* save the first error encountered for the return |
727 | value and continue processing the callbacks */ | 727 | value and continue processing the callbacks */ |
728 | if (!rc) | 728 | if (!rc) |
729 | rc = tmprc; | 729 | rc = tmprc; |
730 | } | 730 | } |
731 | } | 731 | } |
732 | 732 | ||
733 | avc_latest_notif_update(seqno, 0); | 733 | avc_latest_notif_update(seqno, 0); |
734 | return rc; | 734 | return rc; |
735 | } | 735 | } |
736 | 736 | ||
737 | /** | 737 | /** |
738 | * avc_has_perm_noaudit - Check permissions but perform no auditing. | 738 | * avc_has_perm_noaudit - Check permissions but perform no auditing. |
739 | * @ssid: source security identifier | 739 | * @ssid: source security identifier |
740 | * @tsid: target security identifier | 740 | * @tsid: target security identifier |
741 | * @tclass: target security class | 741 | * @tclass: target security class |
742 | * @requested: requested permissions, interpreted based on @tclass | 742 | * @requested: requested permissions, interpreted based on @tclass |
743 | * @flags: AVC_STRICT or 0 | 743 | * @flags: AVC_STRICT or 0 |
744 | * @avd: access vector decisions | 744 | * @avd: access vector decisions |
745 | * | 745 | * |
746 | * Check the AVC to determine whether the @requested permissions are granted | 746 | * Check the AVC to determine whether the @requested permissions are granted |
747 | * for the SID pair (@ssid, @tsid), interpreting the permissions | 747 | * for the SID pair (@ssid, @tsid), interpreting the permissions |
748 | * based on @tclass, and call the security server on a cache miss to obtain | 748 | * based on @tclass, and call the security server on a cache miss to obtain |
749 | * a new decision and add it to the cache. Return a copy of the decisions | 749 | * a new decision and add it to the cache. Return a copy of the decisions |
750 | * in @avd. Return %0 if all @requested permissions are granted, | 750 | * in @avd. Return %0 if all @requested permissions are granted, |
751 | * -%EACCES if any permissions are denied, or another -errno upon | 751 | * -%EACCES if any permissions are denied, or another -errno upon |
752 | * other errors. This function is typically called by avc_has_perm(), | 752 | * other errors. This function is typically called by avc_has_perm(), |
753 | * but may also be called directly to separate permission checking from | 753 | * but may also be called directly to separate permission checking from |
754 | * auditing, e.g. in cases where a lock must be held for the check but | 754 | * auditing, e.g. in cases where a lock must be held for the check but |
755 | * should be released for the auditing. | 755 | * should be released for the auditing. |
756 | */ | 756 | */ |
757 | int avc_has_perm_noaudit(u32 ssid, u32 tsid, | 757 | int avc_has_perm_noaudit(u32 ssid, u32 tsid, |
758 | u16 tclass, u32 requested, | 758 | u16 tclass, u32 requested, |
759 | unsigned flags, | 759 | unsigned flags, |
760 | struct av_decision *in_avd) | 760 | struct av_decision *in_avd) |
761 | { | 761 | { |
762 | struct avc_node *node; | 762 | struct avc_node *node; |
763 | struct av_decision avd_entry, *avd; | 763 | struct av_decision avd_entry, *avd; |
764 | int rc = 0; | 764 | int rc = 0; |
765 | u32 denied; | 765 | u32 denied; |
766 | 766 | ||
767 | BUG_ON(!requested); | 767 | BUG_ON(!requested); |
768 | 768 | ||
769 | rcu_read_lock(); | 769 | rcu_read_lock(); |
770 | 770 | ||
771 | node = avc_lookup(ssid, tsid, tclass); | 771 | node = avc_lookup(ssid, tsid, tclass); |
772 | if (!node) { | 772 | if (!node) { |
773 | rcu_read_unlock(); | 773 | rcu_read_unlock(); |
774 | 774 | ||
775 | if (in_avd) | 775 | if (in_avd) |
776 | avd = in_avd; | 776 | avd = in_avd; |
777 | else | 777 | else |
778 | avd = &avd_entry; | 778 | avd = &avd_entry; |
779 | 779 | ||
780 | security_compute_av(ssid, tsid, tclass, avd); | 780 | security_compute_av(ssid, tsid, tclass, avd); |
781 | rcu_read_lock(); | 781 | rcu_read_lock(); |
782 | node = avc_insert(ssid, tsid, tclass, avd); | 782 | node = avc_insert(ssid, tsid, tclass, avd); |
783 | } else { | 783 | } else { |
784 | if (in_avd) | 784 | if (in_avd) |
785 | memcpy(in_avd, &node->ae.avd, sizeof(*in_avd)); | 785 | memcpy(in_avd, &node->ae.avd, sizeof(*in_avd)); |
786 | avd = &node->ae.avd; | 786 | avd = &node->ae.avd; |
787 | } | 787 | } |
788 | 788 | ||
789 | denied = requested & ~(avd->allowed); | 789 | denied = requested & ~(avd->allowed); |
790 | 790 | ||
791 | if (denied) { | 791 | if (denied) { |
792 | if (flags & AVC_STRICT) | 792 | if (flags & AVC_STRICT) |
793 | rc = -EACCES; | 793 | rc = -EACCES; |
794 | else if (!selinux_enforcing || (avd->flags & AVD_FLAGS_PERMISSIVE)) | 794 | else if (!selinux_enforcing || (avd->flags & AVD_FLAGS_PERMISSIVE)) |
795 | avc_update_node(AVC_CALLBACK_GRANT, requested, ssid, | 795 | avc_update_node(AVC_CALLBACK_GRANT, requested, ssid, |
796 | tsid, tclass, avd->seqno); | 796 | tsid, tclass, avd->seqno); |
797 | else | 797 | else |
798 | rc = -EACCES; | 798 | rc = -EACCES; |
799 | } | 799 | } |
800 | 800 | ||
801 | rcu_read_unlock(); | 801 | rcu_read_unlock(); |
802 | return rc; | 802 | return rc; |
803 | } | 803 | } |
804 | 804 | ||
805 | /** | 805 | /** |
806 | * avc_has_perm - Check permissions and perform any appropriate auditing. | 806 | * avc_has_perm - Check permissions and perform any appropriate auditing. |
807 | * @ssid: source security identifier | 807 | * @ssid: source security identifier |
808 | * @tsid: target security identifier | 808 | * @tsid: target security identifier |
809 | * @tclass: target security class | 809 | * @tclass: target security class |
810 | * @requested: requested permissions, interpreted based on @tclass | 810 | * @requested: requested permissions, interpreted based on @tclass |
811 | * @auditdata: auxiliary audit data | 811 | * @auditdata: auxiliary audit data |
812 | * @flags: VFS walk flags | 812 | * @flags: VFS walk flags |
813 | * | 813 | * |
814 | * Check the AVC to determine whether the @requested permissions are granted | 814 | * Check the AVC to determine whether the @requested permissions are granted |
815 | * for the SID pair (@ssid, @tsid), interpreting the permissions | 815 | * for the SID pair (@ssid, @tsid), interpreting the permissions |
816 | * based on @tclass, and call the security server on a cache miss to obtain | 816 | * based on @tclass, and call the security server on a cache miss to obtain |
817 | * a new decision and add it to the cache. Audit the granting or denial of | 817 | * a new decision and add it to the cache. Audit the granting or denial of |
818 | * permissions in accordance with the policy. Return %0 if all @requested | 818 | * permissions in accordance with the policy. Return %0 if all @requested |
819 | * permissions are granted, -%EACCES if any permissions are denied, or | 819 | * permissions are granted, -%EACCES if any permissions are denied, or |
820 | * another -errno upon other errors. | 820 | * another -errno upon other errors. |
821 | */ | 821 | */ |
822 | int avc_has_perm_flags(u32 ssid, u32 tsid, u16 tclass, | 822 | int avc_has_perm_flags(u32 ssid, u32 tsid, u16 tclass, |
823 | u32 requested, struct common_audit_data *auditdata, | 823 | u32 requested, struct common_audit_data *auditdata, |
824 | unsigned flags) | 824 | unsigned flags) |
825 | { | 825 | { |
826 | struct av_decision avd; | 826 | struct av_decision avd; |
827 | int rc, rc2; | 827 | int rc, rc2; |
828 | 828 | ||
829 | rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd); | 829 | rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd); |
830 | 830 | ||
831 | rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata, | 831 | rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata, |
832 | flags); | 832 | flags); |
833 | if (rc2) | 833 | if (rc2) |
834 | return rc2; | 834 | return rc2; |
835 | return rc; | 835 | return rc; |
836 | } | 836 | } |
837 | 837 | ||
838 | u32 avc_policy_seqno(void) | 838 | u32 avc_policy_seqno(void) |
839 | { | 839 | { |
840 | return avc_cache.latest_notif; | 840 | return avc_cache.latest_notif; |
841 | } | 841 | } |
842 | 842 | ||
843 | void avc_disable(void) | 843 | void avc_disable(void) |
844 | { | 844 | { |
845 | /* | 845 | /* |
846 | * If you are looking at this because you have realized that we are | 846 | * If you are looking at this because you have realized that we are |
847 | * not destroying the avc_node_cachep it might be easy to fix, but | 847 | * not destroying the avc_node_cachep it might be easy to fix, but |
848 | * I don't know the memory barrier semantics well enough to know. It's | 848 | * I don't know the memory barrier semantics well enough to know. It's |
849 | * possible that some other task dereferenced security_ops when | 849 | * possible that some other task dereferenced security_ops when |
850 | * it still pointed to selinux operations. If that is the case it's | 850 | * it still pointed to selinux operations. If that is the case it's |
851 | * possible that it is about to use the avc and is about to need the | 851 | * possible that it is about to use the avc and is about to need the |
852 | * avc_node_cachep. I know I could wrap the security.c security_ops call | 852 | * avc_node_cachep. I know I could wrap the security.c security_ops call |
853 | * in an rcu_lock, but seriously, it's not worth it. Instead I just flush | 853 | * in an rcu_lock, but seriously, it's not worth it. Instead I just flush |
854 | * the cache and get that memory back. | 854 | * the cache and get that memory back. |
855 | */ | 855 | */ |
856 | if (avc_node_cachep) { | 856 | if (avc_node_cachep) { |
857 | avc_flush(); | 857 | avc_flush(); |
858 | /* kmem_cache_destroy(avc_node_cachep); */ | 858 | /* kmem_cache_destroy(avc_node_cachep); */ |
859 | } | 859 | } |
860 | } | 860 | } |
861 | 861 |
security/selinux/hooks.c
1 | /* | 1 | /* |
2 | * NSA Security-Enhanced Linux (SELinux) security module | 2 | * NSA Security-Enhanced Linux (SELinux) security module |
3 | * | 3 | * |
4 | * This file contains the SELinux hook function implementations. | 4 | * This file contains the SELinux hook function implementations. |
5 | * | 5 | * |
6 | * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> | 6 | * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> |
7 | * Chris Vance, <cvance@nai.com> | 7 | * Chris Vance, <cvance@nai.com> |
8 | * Wayne Salamon, <wsalamon@nai.com> | 8 | * Wayne Salamon, <wsalamon@nai.com> |
9 | * James Morris <jmorris@redhat.com> | 9 | * James Morris <jmorris@redhat.com> |
10 | * | 10 | * |
11 | * Copyright (C) 2001,2002 Networks Associates Technology, Inc. | 11 | * Copyright (C) 2001,2002 Networks Associates Technology, Inc. |
12 | * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com> | 12 | * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com> |
13 | * Eric Paris <eparis@redhat.com> | 13 | * Eric Paris <eparis@redhat.com> |
14 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | 14 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
15 | * <dgoeddel@trustedcs.com> | 15 | * <dgoeddel@trustedcs.com> |
16 | * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P. | 16 | * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P. |
17 | * Paul Moore <paul.moore@hp.com> | 17 | * Paul Moore <paul.moore@hp.com> |
18 | * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd. | 18 | * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd. |
19 | * Yuichi Nakamura <ynakam@hitachisoft.jp> | 19 | * Yuichi Nakamura <ynakam@hitachisoft.jp> |
20 | * | 20 | * |
21 | * This program is free software; you can redistribute it and/or modify | 21 | * This program is free software; you can redistribute it and/or modify |
22 | * it under the terms of the GNU General Public License version 2, | 22 | * it under the terms of the GNU General Public License version 2, |
23 | * as published by the Free Software Foundation. | 23 | * as published by the Free Software Foundation. |
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include <linux/init.h> | 26 | #include <linux/init.h> |
27 | #include <linux/kd.h> | 27 | #include <linux/kd.h> |
28 | #include <linux/kernel.h> | 28 | #include <linux/kernel.h> |
29 | #include <linux/tracehook.h> | 29 | #include <linux/tracehook.h> |
30 | #include <linux/errno.h> | 30 | #include <linux/errno.h> |
31 | #include <linux/ext2_fs.h> | 31 | #include <linux/ext2_fs.h> |
32 | #include <linux/sched.h> | 32 | #include <linux/sched.h> |
33 | #include <linux/security.h> | 33 | #include <linux/security.h> |
34 | #include <linux/xattr.h> | 34 | #include <linux/xattr.h> |
35 | #include <linux/capability.h> | 35 | #include <linux/capability.h> |
36 | #include <linux/unistd.h> | 36 | #include <linux/unistd.h> |
37 | #include <linux/mm.h> | 37 | #include <linux/mm.h> |
38 | #include <linux/mman.h> | 38 | #include <linux/mman.h> |
39 | #include <linux/slab.h> | 39 | #include <linux/slab.h> |
40 | #include <linux/pagemap.h> | 40 | #include <linux/pagemap.h> |
41 | #include <linux/proc_fs.h> | 41 | #include <linux/proc_fs.h> |
42 | #include <linux/swap.h> | 42 | #include <linux/swap.h> |
43 | #include <linux/spinlock.h> | 43 | #include <linux/spinlock.h> |
44 | #include <linux/syscalls.h> | 44 | #include <linux/syscalls.h> |
45 | #include <linux/dcache.h> | 45 | #include <linux/dcache.h> |
46 | #include <linux/file.h> | 46 | #include <linux/file.h> |
47 | #include <linux/fdtable.h> | 47 | #include <linux/fdtable.h> |
48 | #include <linux/namei.h> | 48 | #include <linux/namei.h> |
49 | #include <linux/mount.h> | 49 | #include <linux/mount.h> |
50 | #include <linux/netfilter_ipv4.h> | 50 | #include <linux/netfilter_ipv4.h> |
51 | #include <linux/netfilter_ipv6.h> | 51 | #include <linux/netfilter_ipv6.h> |
52 | #include <linux/tty.h> | 52 | #include <linux/tty.h> |
53 | #include <net/icmp.h> | 53 | #include <net/icmp.h> |
54 | #include <net/ip.h> /* for local_port_range[] */ | 54 | #include <net/ip.h> /* for local_port_range[] */ |
55 | #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */ | 55 | #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */ |
56 | #include <net/net_namespace.h> | 56 | #include <net/net_namespace.h> |
57 | #include <net/netlabel.h> | 57 | #include <net/netlabel.h> |
58 | #include <linux/uaccess.h> | 58 | #include <linux/uaccess.h> |
59 | #include <asm/ioctls.h> | 59 | #include <asm/ioctls.h> |
60 | #include <asm/atomic.h> | 60 | #include <asm/atomic.h> |
61 | #include <linux/bitops.h> | 61 | #include <linux/bitops.h> |
62 | #include <linux/interrupt.h> | 62 | #include <linux/interrupt.h> |
63 | #include <linux/netdevice.h> /* for network interface checks */ | 63 | #include <linux/netdevice.h> /* for network interface checks */ |
64 | #include <linux/netlink.h> | 64 | #include <linux/netlink.h> |
65 | #include <linux/tcp.h> | 65 | #include <linux/tcp.h> |
66 | #include <linux/udp.h> | 66 | #include <linux/udp.h> |
67 | #include <linux/dccp.h> | 67 | #include <linux/dccp.h> |
68 | #include <linux/quota.h> | 68 | #include <linux/quota.h> |
69 | #include <linux/un.h> /* for Unix socket types */ | 69 | #include <linux/un.h> /* for Unix socket types */ |
70 | #include <net/af_unix.h> /* for Unix socket types */ | 70 | #include <net/af_unix.h> /* for Unix socket types */ |
71 | #include <linux/parser.h> | 71 | #include <linux/parser.h> |
72 | #include <linux/nfs_mount.h> | 72 | #include <linux/nfs_mount.h> |
73 | #include <net/ipv6.h> | 73 | #include <net/ipv6.h> |
74 | #include <linux/hugetlb.h> | 74 | #include <linux/hugetlb.h> |
75 | #include <linux/personality.h> | 75 | #include <linux/personality.h> |
76 | #include <linux/audit.h> | 76 | #include <linux/audit.h> |
77 | #include <linux/string.h> | 77 | #include <linux/string.h> |
78 | #include <linux/selinux.h> | 78 | #include <linux/selinux.h> |
79 | #include <linux/mutex.h> | 79 | #include <linux/mutex.h> |
80 | #include <linux/posix-timers.h> | 80 | #include <linux/posix-timers.h> |
81 | #include <linux/syslog.h> | 81 | #include <linux/syslog.h> |
82 | 82 | ||
83 | #include "avc.h" | 83 | #include "avc.h" |
84 | #include "objsec.h" | 84 | #include "objsec.h" |
85 | #include "netif.h" | 85 | #include "netif.h" |
86 | #include "netnode.h" | 86 | #include "netnode.h" |
87 | #include "netport.h" | 87 | #include "netport.h" |
88 | #include "xfrm.h" | 88 | #include "xfrm.h" |
89 | #include "netlabel.h" | 89 | #include "netlabel.h" |
90 | #include "audit.h" | 90 | #include "audit.h" |
91 | 91 | ||
92 | #define NUM_SEL_MNT_OPTS 5 | 92 | #define NUM_SEL_MNT_OPTS 5 |
93 | 93 | ||
94 | extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); | 94 | extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); |
95 | extern struct security_operations *security_ops; | 95 | extern struct security_operations *security_ops; |
96 | 96 | ||
97 | /* SECMARK reference count */ | 97 | /* SECMARK reference count */ |
98 | atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); | 98 | atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); |
99 | 99 | ||
100 | #ifdef CONFIG_SECURITY_SELINUX_DEVELOP | 100 | #ifdef CONFIG_SECURITY_SELINUX_DEVELOP |
101 | int selinux_enforcing; | 101 | int selinux_enforcing; |
102 | 102 | ||
103 | static int __init enforcing_setup(char *str) | 103 | static int __init enforcing_setup(char *str) |
104 | { | 104 | { |
105 | unsigned long enforcing; | 105 | unsigned long enforcing; |
106 | if (!strict_strtoul(str, 0, &enforcing)) | 106 | if (!strict_strtoul(str, 0, &enforcing)) |
107 | selinux_enforcing = enforcing ? 1 : 0; | 107 | selinux_enforcing = enforcing ? 1 : 0; |
108 | return 1; | 108 | return 1; |
109 | } | 109 | } |
110 | __setup("enforcing=", enforcing_setup); | 110 | __setup("enforcing=", enforcing_setup); |
111 | #endif | 111 | #endif |
112 | 112 | ||
113 | #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM | 113 | #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM |
114 | int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; | 114 | int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; |
115 | 115 | ||
116 | static int __init selinux_enabled_setup(char *str) | 116 | static int __init selinux_enabled_setup(char *str) |
117 | { | 117 | { |
118 | unsigned long enabled; | 118 | unsigned long enabled; |
119 | if (!strict_strtoul(str, 0, &enabled)) | 119 | if (!strict_strtoul(str, 0, &enabled)) |
120 | selinux_enabled = enabled ? 1 : 0; | 120 | selinux_enabled = enabled ? 1 : 0; |
121 | return 1; | 121 | return 1; |
122 | } | 122 | } |
123 | __setup("selinux=", selinux_enabled_setup); | 123 | __setup("selinux=", selinux_enabled_setup); |
124 | #else | 124 | #else |
125 | int selinux_enabled = 1; | 125 | int selinux_enabled = 1; |
126 | #endif | 126 | #endif |
127 | 127 | ||
128 | static struct kmem_cache *sel_inode_cache; | 128 | static struct kmem_cache *sel_inode_cache; |
129 | 129 | ||
130 | /** | 130 | /** |
131 | * selinux_secmark_enabled - Check to see if SECMARK is currently enabled | 131 | * selinux_secmark_enabled - Check to see if SECMARK is currently enabled |
132 | * | 132 | * |
133 | * Description: | 133 | * Description: |
134 | * This function checks the SECMARK reference counter to see if any SECMARK | 134 | * This function checks the SECMARK reference counter to see if any SECMARK |
135 | * targets are currently configured, if the reference counter is greater than | 135 | * targets are currently configured, if the reference counter is greater than |
136 | * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is | 136 | * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is |
137 | * enabled, false (0) if SECMARK is disabled. | 137 | * enabled, false (0) if SECMARK is disabled. |
138 | * | 138 | * |
139 | */ | 139 | */ |
140 | static int selinux_secmark_enabled(void) | 140 | static int selinux_secmark_enabled(void) |
141 | { | 141 | { |
142 | return (atomic_read(&selinux_secmark_refcount) > 0); | 142 | return (atomic_read(&selinux_secmark_refcount) > 0); |
143 | } | 143 | } |
144 | 144 | ||
145 | /* | 145 | /* |
146 | * initialise the security for the init task | 146 | * initialise the security for the init task |
147 | */ | 147 | */ |
148 | static void cred_init_security(void) | 148 | static void cred_init_security(void) |
149 | { | 149 | { |
150 | struct cred *cred = (struct cred *) current->real_cred; | 150 | struct cred *cred = (struct cred *) current->real_cred; |
151 | struct task_security_struct *tsec; | 151 | struct task_security_struct *tsec; |
152 | 152 | ||
153 | tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); | 153 | tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); |
154 | if (!tsec) | 154 | if (!tsec) |
155 | panic("SELinux: Failed to initialize initial task.\n"); | 155 | panic("SELinux: Failed to initialize initial task.\n"); |
156 | 156 | ||
157 | tsec->osid = tsec->sid = SECINITSID_KERNEL; | 157 | tsec->osid = tsec->sid = SECINITSID_KERNEL; |
158 | cred->security = tsec; | 158 | cred->security = tsec; |
159 | } | 159 | } |
160 | 160 | ||
161 | /* | 161 | /* |
162 | * get the security ID of a set of credentials | 162 | * get the security ID of a set of credentials |
163 | */ | 163 | */ |
164 | static inline u32 cred_sid(const struct cred *cred) | 164 | static inline u32 cred_sid(const struct cred *cred) |
165 | { | 165 | { |
166 | const struct task_security_struct *tsec; | 166 | const struct task_security_struct *tsec; |
167 | 167 | ||
168 | tsec = cred->security; | 168 | tsec = cred->security; |
169 | return tsec->sid; | 169 | return tsec->sid; |
170 | } | 170 | } |
171 | 171 | ||
172 | /* | 172 | /* |
173 | * get the objective security ID of a task | 173 | * get the objective security ID of a task |
174 | */ | 174 | */ |
175 | static inline u32 task_sid(const struct task_struct *task) | 175 | static inline u32 task_sid(const struct task_struct *task) |
176 | { | 176 | { |
177 | u32 sid; | 177 | u32 sid; |
178 | 178 | ||
179 | rcu_read_lock(); | 179 | rcu_read_lock(); |
180 | sid = cred_sid(__task_cred(task)); | 180 | sid = cred_sid(__task_cred(task)); |
181 | rcu_read_unlock(); | 181 | rcu_read_unlock(); |
182 | return sid; | 182 | return sid; |
183 | } | 183 | } |
184 | 184 | ||
185 | /* | 185 | /* |
186 | * get the subjective security ID of the current task | 186 | * get the subjective security ID of the current task |
187 | */ | 187 | */ |
188 | static inline u32 current_sid(void) | 188 | static inline u32 current_sid(void) |
189 | { | 189 | { |
190 | const struct task_security_struct *tsec = current_security(); | 190 | const struct task_security_struct *tsec = current_security(); |
191 | 191 | ||
192 | return tsec->sid; | 192 | return tsec->sid; |
193 | } | 193 | } |
194 | 194 | ||
195 | /* Allocate and free functions for each kind of security blob. */ | 195 | /* Allocate and free functions for each kind of security blob. */ |
196 | 196 | ||
197 | static int inode_alloc_security(struct inode *inode) | 197 | static int inode_alloc_security(struct inode *inode) |
198 | { | 198 | { |
199 | struct inode_security_struct *isec; | 199 | struct inode_security_struct *isec; |
200 | u32 sid = current_sid(); | 200 | u32 sid = current_sid(); |
201 | 201 | ||
202 | isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); | 202 | isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); |
203 | if (!isec) | 203 | if (!isec) |
204 | return -ENOMEM; | 204 | return -ENOMEM; |
205 | 205 | ||
206 | mutex_init(&isec->lock); | 206 | mutex_init(&isec->lock); |
207 | INIT_LIST_HEAD(&isec->list); | 207 | INIT_LIST_HEAD(&isec->list); |
208 | isec->inode = inode; | 208 | isec->inode = inode; |
209 | isec->sid = SECINITSID_UNLABELED; | 209 | isec->sid = SECINITSID_UNLABELED; |
210 | isec->sclass = SECCLASS_FILE; | 210 | isec->sclass = SECCLASS_FILE; |
211 | isec->task_sid = sid; | 211 | isec->task_sid = sid; |
212 | inode->i_security = isec; | 212 | inode->i_security = isec; |
213 | 213 | ||
214 | return 0; | 214 | return 0; |
215 | } | 215 | } |
216 | 216 | ||
217 | static void inode_free_security(struct inode *inode) | 217 | static void inode_free_security(struct inode *inode) |
218 | { | 218 | { |
219 | struct inode_security_struct *isec = inode->i_security; | 219 | struct inode_security_struct *isec = inode->i_security; |
220 | struct superblock_security_struct *sbsec = inode->i_sb->s_security; | 220 | struct superblock_security_struct *sbsec = inode->i_sb->s_security; |
221 | 221 | ||
222 | spin_lock(&sbsec->isec_lock); | 222 | spin_lock(&sbsec->isec_lock); |
223 | if (!list_empty(&isec->list)) | 223 | if (!list_empty(&isec->list)) |
224 | list_del_init(&isec->list); | 224 | list_del_init(&isec->list); |
225 | spin_unlock(&sbsec->isec_lock); | 225 | spin_unlock(&sbsec->isec_lock); |
226 | 226 | ||
227 | inode->i_security = NULL; | 227 | inode->i_security = NULL; |
228 | kmem_cache_free(sel_inode_cache, isec); | 228 | kmem_cache_free(sel_inode_cache, isec); |
229 | } | 229 | } |
230 | 230 | ||
231 | static int file_alloc_security(struct file *file) | 231 | static int file_alloc_security(struct file *file) |
232 | { | 232 | { |
233 | struct file_security_struct *fsec; | 233 | struct file_security_struct *fsec; |
234 | u32 sid = current_sid(); | 234 | u32 sid = current_sid(); |
235 | 235 | ||
236 | fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); | 236 | fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); |
237 | if (!fsec) | 237 | if (!fsec) |
238 | return -ENOMEM; | 238 | return -ENOMEM; |
239 | 239 | ||
240 | fsec->sid = sid; | 240 | fsec->sid = sid; |
241 | fsec->fown_sid = sid; | 241 | fsec->fown_sid = sid; |
242 | file->f_security = fsec; | 242 | file->f_security = fsec; |
243 | 243 | ||
244 | return 0; | 244 | return 0; |
245 | } | 245 | } |
246 | 246 | ||
247 | static void file_free_security(struct file *file) | 247 | static void file_free_security(struct file *file) |
248 | { | 248 | { |
249 | struct file_security_struct *fsec = file->f_security; | 249 | struct file_security_struct *fsec = file->f_security; |
250 | file->f_security = NULL; | 250 | file->f_security = NULL; |
251 | kfree(fsec); | 251 | kfree(fsec); |
252 | } | 252 | } |
253 | 253 | ||
254 | static int superblock_alloc_security(struct super_block *sb) | 254 | static int superblock_alloc_security(struct super_block *sb) |
255 | { | 255 | { |
256 | struct superblock_security_struct *sbsec; | 256 | struct superblock_security_struct *sbsec; |
257 | 257 | ||
258 | sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL); | 258 | sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL); |
259 | if (!sbsec) | 259 | if (!sbsec) |
260 | return -ENOMEM; | 260 | return -ENOMEM; |
261 | 261 | ||
262 | mutex_init(&sbsec->lock); | 262 | mutex_init(&sbsec->lock); |
263 | INIT_LIST_HEAD(&sbsec->isec_head); | 263 | INIT_LIST_HEAD(&sbsec->isec_head); |
264 | spin_lock_init(&sbsec->isec_lock); | 264 | spin_lock_init(&sbsec->isec_lock); |
265 | sbsec->sb = sb; | 265 | sbsec->sb = sb; |
266 | sbsec->sid = SECINITSID_UNLABELED; | 266 | sbsec->sid = SECINITSID_UNLABELED; |
267 | sbsec->def_sid = SECINITSID_FILE; | 267 | sbsec->def_sid = SECINITSID_FILE; |
268 | sbsec->mntpoint_sid = SECINITSID_UNLABELED; | 268 | sbsec->mntpoint_sid = SECINITSID_UNLABELED; |
269 | sb->s_security = sbsec; | 269 | sb->s_security = sbsec; |
270 | 270 | ||
271 | return 0; | 271 | return 0; |
272 | } | 272 | } |
273 | 273 | ||
274 | static void superblock_free_security(struct super_block *sb) | 274 | static void superblock_free_security(struct super_block *sb) |
275 | { | 275 | { |
276 | struct superblock_security_struct *sbsec = sb->s_security; | 276 | struct superblock_security_struct *sbsec = sb->s_security; |
277 | sb->s_security = NULL; | 277 | sb->s_security = NULL; |
278 | kfree(sbsec); | 278 | kfree(sbsec); |
279 | } | 279 | } |
280 | 280 | ||
281 | /* The security server must be initialized before | 281 | /* The security server must be initialized before |
282 | any labeling or access decisions can be provided. */ | 282 | any labeling or access decisions can be provided. */ |
283 | extern int ss_initialized; | 283 | extern int ss_initialized; |
284 | 284 | ||
285 | /* The file system's label must be initialized prior to use. */ | 285 | /* The file system's label must be initialized prior to use. */ |
286 | 286 | ||
287 | static const char *labeling_behaviors[6] = { | 287 | static const char *labeling_behaviors[6] = { |
288 | "uses xattr", | 288 | "uses xattr", |
289 | "uses transition SIDs", | 289 | "uses transition SIDs", |
290 | "uses task SIDs", | 290 | "uses task SIDs", |
291 | "uses genfs_contexts", | 291 | "uses genfs_contexts", |
292 | "not configured for labeling", | 292 | "not configured for labeling", |
293 | "uses mountpoint labeling", | 293 | "uses mountpoint labeling", |
294 | }; | 294 | }; |
295 | 295 | ||
296 | static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry); | 296 | static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry); |
297 | 297 | ||
298 | static inline int inode_doinit(struct inode *inode) | 298 | static inline int inode_doinit(struct inode *inode) |
299 | { | 299 | { |
300 | return inode_doinit_with_dentry(inode, NULL); | 300 | return inode_doinit_with_dentry(inode, NULL); |
301 | } | 301 | } |
302 | 302 | ||
303 | enum { | 303 | enum { |
304 | Opt_error = -1, | 304 | Opt_error = -1, |
305 | Opt_context = 1, | 305 | Opt_context = 1, |
306 | Opt_fscontext = 2, | 306 | Opt_fscontext = 2, |
307 | Opt_defcontext = 3, | 307 | Opt_defcontext = 3, |
308 | Opt_rootcontext = 4, | 308 | Opt_rootcontext = 4, |
309 | Opt_labelsupport = 5, | 309 | Opt_labelsupport = 5, |
310 | }; | 310 | }; |
311 | 311 | ||
312 | static const match_table_t tokens = { | 312 | static const match_table_t tokens = { |
313 | {Opt_context, CONTEXT_STR "%s"}, | 313 | {Opt_context, CONTEXT_STR "%s"}, |
314 | {Opt_fscontext, FSCONTEXT_STR "%s"}, | 314 | {Opt_fscontext, FSCONTEXT_STR "%s"}, |
315 | {Opt_defcontext, DEFCONTEXT_STR "%s"}, | 315 | {Opt_defcontext, DEFCONTEXT_STR "%s"}, |
316 | {Opt_rootcontext, ROOTCONTEXT_STR "%s"}, | 316 | {Opt_rootcontext, ROOTCONTEXT_STR "%s"}, |
317 | {Opt_labelsupport, LABELSUPP_STR}, | 317 | {Opt_labelsupport, LABELSUPP_STR}, |
318 | {Opt_error, NULL}, | 318 | {Opt_error, NULL}, |
319 | }; | 319 | }; |
320 | 320 | ||
321 | #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n" | 321 | #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n" |
322 | 322 | ||
323 | static int may_context_mount_sb_relabel(u32 sid, | 323 | static int may_context_mount_sb_relabel(u32 sid, |
324 | struct superblock_security_struct *sbsec, | 324 | struct superblock_security_struct *sbsec, |
325 | const struct cred *cred) | 325 | const struct cred *cred) |
326 | { | 326 | { |
327 | const struct task_security_struct *tsec = cred->security; | 327 | const struct task_security_struct *tsec = cred->security; |
328 | int rc; | 328 | int rc; |
329 | 329 | ||
330 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 330 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, |
331 | FILESYSTEM__RELABELFROM, NULL); | 331 | FILESYSTEM__RELABELFROM, NULL); |
332 | if (rc) | 332 | if (rc) |
333 | return rc; | 333 | return rc; |
334 | 334 | ||
335 | rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, | 335 | rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, |
336 | FILESYSTEM__RELABELTO, NULL); | 336 | FILESYSTEM__RELABELTO, NULL); |
337 | return rc; | 337 | return rc; |
338 | } | 338 | } |
339 | 339 | ||
340 | static int may_context_mount_inode_relabel(u32 sid, | 340 | static int may_context_mount_inode_relabel(u32 sid, |
341 | struct superblock_security_struct *sbsec, | 341 | struct superblock_security_struct *sbsec, |
342 | const struct cred *cred) | 342 | const struct cred *cred) |
343 | { | 343 | { |
344 | const struct task_security_struct *tsec = cred->security; | 344 | const struct task_security_struct *tsec = cred->security; |
345 | int rc; | 345 | int rc; |
346 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 346 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, |
347 | FILESYSTEM__RELABELFROM, NULL); | 347 | FILESYSTEM__RELABELFROM, NULL); |
348 | if (rc) | 348 | if (rc) |
349 | return rc; | 349 | return rc; |
350 | 350 | ||
351 | rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, | 351 | rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, |
352 | FILESYSTEM__ASSOCIATE, NULL); | 352 | FILESYSTEM__ASSOCIATE, NULL); |
353 | return rc; | 353 | return rc; |
354 | } | 354 | } |
355 | 355 | ||
356 | static int sb_finish_set_opts(struct super_block *sb) | 356 | static int sb_finish_set_opts(struct super_block *sb) |
357 | { | 357 | { |
358 | struct superblock_security_struct *sbsec = sb->s_security; | 358 | struct superblock_security_struct *sbsec = sb->s_security; |
359 | struct dentry *root = sb->s_root; | 359 | struct dentry *root = sb->s_root; |
360 | struct inode *root_inode = root->d_inode; | 360 | struct inode *root_inode = root->d_inode; |
361 | int rc = 0; | 361 | int rc = 0; |
362 | 362 | ||
363 | if (sbsec->behavior == SECURITY_FS_USE_XATTR) { | 363 | if (sbsec->behavior == SECURITY_FS_USE_XATTR) { |
364 | /* Make sure that the xattr handler exists and that no | 364 | /* Make sure that the xattr handler exists and that no |
365 | error other than -ENODATA is returned by getxattr on | 365 | error other than -ENODATA is returned by getxattr on |
366 | the root directory. -ENODATA is ok, as this may be | 366 | the root directory. -ENODATA is ok, as this may be |
367 | the first boot of the SELinux kernel before we have | 367 | the first boot of the SELinux kernel before we have |
368 | assigned xattr values to the filesystem. */ | 368 | assigned xattr values to the filesystem. */ |
369 | if (!root_inode->i_op->getxattr) { | 369 | if (!root_inode->i_op->getxattr) { |
370 | printk(KERN_WARNING "SELinux: (dev %s, type %s) has no " | 370 | printk(KERN_WARNING "SELinux: (dev %s, type %s) has no " |
371 | "xattr support\n", sb->s_id, sb->s_type->name); | 371 | "xattr support\n", sb->s_id, sb->s_type->name); |
372 | rc = -EOPNOTSUPP; | 372 | rc = -EOPNOTSUPP; |
373 | goto out; | 373 | goto out; |
374 | } | 374 | } |
375 | rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0); | 375 | rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0); |
376 | if (rc < 0 && rc != -ENODATA) { | 376 | if (rc < 0 && rc != -ENODATA) { |
377 | if (rc == -EOPNOTSUPP) | 377 | if (rc == -EOPNOTSUPP) |
378 | printk(KERN_WARNING "SELinux: (dev %s, type " | 378 | printk(KERN_WARNING "SELinux: (dev %s, type " |
379 | "%s) has no security xattr handler\n", | 379 | "%s) has no security xattr handler\n", |
380 | sb->s_id, sb->s_type->name); | 380 | sb->s_id, sb->s_type->name); |
381 | else | 381 | else |
382 | printk(KERN_WARNING "SELinux: (dev %s, type " | 382 | printk(KERN_WARNING "SELinux: (dev %s, type " |
383 | "%s) getxattr errno %d\n", sb->s_id, | 383 | "%s) getxattr errno %d\n", sb->s_id, |
384 | sb->s_type->name, -rc); | 384 | sb->s_type->name, -rc); |
385 | goto out; | 385 | goto out; |
386 | } | 386 | } |
387 | } | 387 | } |
388 | 388 | ||
389 | sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP); | 389 | sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP); |
390 | 390 | ||
391 | if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) | 391 | if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) |
392 | printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", | 392 | printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", |
393 | sb->s_id, sb->s_type->name); | 393 | sb->s_id, sb->s_type->name); |
394 | else | 394 | else |
395 | printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", | 395 | printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", |
396 | sb->s_id, sb->s_type->name, | 396 | sb->s_id, sb->s_type->name, |
397 | labeling_behaviors[sbsec->behavior-1]); | 397 | labeling_behaviors[sbsec->behavior-1]); |
398 | 398 | ||
399 | if (sbsec->behavior == SECURITY_FS_USE_GENFS || | 399 | if (sbsec->behavior == SECURITY_FS_USE_GENFS || |
400 | sbsec->behavior == SECURITY_FS_USE_MNTPOINT || | 400 | sbsec->behavior == SECURITY_FS_USE_MNTPOINT || |
401 | sbsec->behavior == SECURITY_FS_USE_NONE || | 401 | sbsec->behavior == SECURITY_FS_USE_NONE || |
402 | sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) | 402 | sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) |
403 | sbsec->flags &= ~SE_SBLABELSUPP; | 403 | sbsec->flags &= ~SE_SBLABELSUPP; |
404 | 404 | ||
405 | /* Special handling for sysfs. Is genfs but also has setxattr handler*/ | 405 | /* Special handling for sysfs. Is genfs but also has setxattr handler*/ |
406 | if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) | 406 | if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) |
407 | sbsec->flags |= SE_SBLABELSUPP; | 407 | sbsec->flags |= SE_SBLABELSUPP; |
408 | 408 | ||
409 | /* Initialize the root inode. */ | 409 | /* Initialize the root inode. */ |
410 | rc = inode_doinit_with_dentry(root_inode, root); | 410 | rc = inode_doinit_with_dentry(root_inode, root); |
411 | 411 | ||
412 | /* Initialize any other inodes associated with the superblock, e.g. | 412 | /* Initialize any other inodes associated with the superblock, e.g. |
413 | inodes created prior to initial policy load or inodes created | 413 | inodes created prior to initial policy load or inodes created |
414 | during get_sb by a pseudo filesystem that directly | 414 | during get_sb by a pseudo filesystem that directly |
415 | populates itself. */ | 415 | populates itself. */ |
416 | spin_lock(&sbsec->isec_lock); | 416 | spin_lock(&sbsec->isec_lock); |
417 | next_inode: | 417 | next_inode: |
418 | if (!list_empty(&sbsec->isec_head)) { | 418 | if (!list_empty(&sbsec->isec_head)) { |
419 | struct inode_security_struct *isec = | 419 | struct inode_security_struct *isec = |
420 | list_entry(sbsec->isec_head.next, | 420 | list_entry(sbsec->isec_head.next, |
421 | struct inode_security_struct, list); | 421 | struct inode_security_struct, list); |
422 | struct inode *inode = isec->inode; | 422 | struct inode *inode = isec->inode; |
423 | spin_unlock(&sbsec->isec_lock); | 423 | spin_unlock(&sbsec->isec_lock); |
424 | inode = igrab(inode); | 424 | inode = igrab(inode); |
425 | if (inode) { | 425 | if (inode) { |
426 | if (!IS_PRIVATE(inode)) | 426 | if (!IS_PRIVATE(inode)) |
427 | inode_doinit(inode); | 427 | inode_doinit(inode); |
428 | iput(inode); | 428 | iput(inode); |
429 | } | 429 | } |
430 | spin_lock(&sbsec->isec_lock); | 430 | spin_lock(&sbsec->isec_lock); |
431 | list_del_init(&isec->list); | 431 | list_del_init(&isec->list); |
432 | goto next_inode; | 432 | goto next_inode; |
433 | } | 433 | } |
434 | spin_unlock(&sbsec->isec_lock); | 434 | spin_unlock(&sbsec->isec_lock); |
435 | out: | 435 | out: |
436 | return rc; | 436 | return rc; |
437 | } | 437 | } |
438 | 438 | ||
439 | /* | 439 | /* |
440 | * This function should allow an FS to ask what it's mount security | 440 | * This function should allow an FS to ask what it's mount security |
441 | * options were so it can use those later for submounts, displaying | 441 | * options were so it can use those later for submounts, displaying |
442 | * mount options, or whatever. | 442 | * mount options, or whatever. |
443 | */ | 443 | */ |
444 | static int selinux_get_mnt_opts(const struct super_block *sb, | 444 | static int selinux_get_mnt_opts(const struct super_block *sb, |
445 | struct security_mnt_opts *opts) | 445 | struct security_mnt_opts *opts) |
446 | { | 446 | { |
447 | int rc = 0, i; | 447 | int rc = 0, i; |
448 | struct superblock_security_struct *sbsec = sb->s_security; | 448 | struct superblock_security_struct *sbsec = sb->s_security; |
449 | char *context = NULL; | 449 | char *context = NULL; |
450 | u32 len; | 450 | u32 len; |
451 | char tmp; | 451 | char tmp; |
452 | 452 | ||
453 | security_init_mnt_opts(opts); | 453 | security_init_mnt_opts(opts); |
454 | 454 | ||
455 | if (!(sbsec->flags & SE_SBINITIALIZED)) | 455 | if (!(sbsec->flags & SE_SBINITIALIZED)) |
456 | return -EINVAL; | 456 | return -EINVAL; |
457 | 457 | ||
458 | if (!ss_initialized) | 458 | if (!ss_initialized) |
459 | return -EINVAL; | 459 | return -EINVAL; |
460 | 460 | ||
461 | tmp = sbsec->flags & SE_MNTMASK; | 461 | tmp = sbsec->flags & SE_MNTMASK; |
462 | /* count the number of mount options for this sb */ | 462 | /* count the number of mount options for this sb */ |
463 | for (i = 0; i < 8; i++) { | 463 | for (i = 0; i < 8; i++) { |
464 | if (tmp & 0x01) | 464 | if (tmp & 0x01) |
465 | opts->num_mnt_opts++; | 465 | opts->num_mnt_opts++; |
466 | tmp >>= 1; | 466 | tmp >>= 1; |
467 | } | 467 | } |
468 | /* Check if the Label support flag is set */ | 468 | /* Check if the Label support flag is set */ |
469 | if (sbsec->flags & SE_SBLABELSUPP) | 469 | if (sbsec->flags & SE_SBLABELSUPP) |
470 | opts->num_mnt_opts++; | 470 | opts->num_mnt_opts++; |
471 | 471 | ||
472 | opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC); | 472 | opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC); |
473 | if (!opts->mnt_opts) { | 473 | if (!opts->mnt_opts) { |
474 | rc = -ENOMEM; | 474 | rc = -ENOMEM; |
475 | goto out_free; | 475 | goto out_free; |
476 | } | 476 | } |
477 | 477 | ||
478 | opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC); | 478 | opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC); |
479 | if (!opts->mnt_opts_flags) { | 479 | if (!opts->mnt_opts_flags) { |
480 | rc = -ENOMEM; | 480 | rc = -ENOMEM; |
481 | goto out_free; | 481 | goto out_free; |
482 | } | 482 | } |
483 | 483 | ||
484 | i = 0; | 484 | i = 0; |
485 | if (sbsec->flags & FSCONTEXT_MNT) { | 485 | if (sbsec->flags & FSCONTEXT_MNT) { |
486 | rc = security_sid_to_context(sbsec->sid, &context, &len); | 486 | rc = security_sid_to_context(sbsec->sid, &context, &len); |
487 | if (rc) | 487 | if (rc) |
488 | goto out_free; | 488 | goto out_free; |
489 | opts->mnt_opts[i] = context; | 489 | opts->mnt_opts[i] = context; |
490 | opts->mnt_opts_flags[i++] = FSCONTEXT_MNT; | 490 | opts->mnt_opts_flags[i++] = FSCONTEXT_MNT; |
491 | } | 491 | } |
492 | if (sbsec->flags & CONTEXT_MNT) { | 492 | if (sbsec->flags & CONTEXT_MNT) { |
493 | rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len); | 493 | rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len); |
494 | if (rc) | 494 | if (rc) |
495 | goto out_free; | 495 | goto out_free; |
496 | opts->mnt_opts[i] = context; | 496 | opts->mnt_opts[i] = context; |
497 | opts->mnt_opts_flags[i++] = CONTEXT_MNT; | 497 | opts->mnt_opts_flags[i++] = CONTEXT_MNT; |
498 | } | 498 | } |
499 | if (sbsec->flags & DEFCONTEXT_MNT) { | 499 | if (sbsec->flags & DEFCONTEXT_MNT) { |
500 | rc = security_sid_to_context(sbsec->def_sid, &context, &len); | 500 | rc = security_sid_to_context(sbsec->def_sid, &context, &len); |
501 | if (rc) | 501 | if (rc) |
502 | goto out_free; | 502 | goto out_free; |
503 | opts->mnt_opts[i] = context; | 503 | opts->mnt_opts[i] = context; |
504 | opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT; | 504 | opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT; |
505 | } | 505 | } |
506 | if (sbsec->flags & ROOTCONTEXT_MNT) { | 506 | if (sbsec->flags & ROOTCONTEXT_MNT) { |
507 | struct inode *root = sbsec->sb->s_root->d_inode; | 507 | struct inode *root = sbsec->sb->s_root->d_inode; |
508 | struct inode_security_struct *isec = root->i_security; | 508 | struct inode_security_struct *isec = root->i_security; |
509 | 509 | ||
510 | rc = security_sid_to_context(isec->sid, &context, &len); | 510 | rc = security_sid_to_context(isec->sid, &context, &len); |
511 | if (rc) | 511 | if (rc) |
512 | goto out_free; | 512 | goto out_free; |
513 | opts->mnt_opts[i] = context; | 513 | opts->mnt_opts[i] = context; |
514 | opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT; | 514 | opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT; |
515 | } | 515 | } |
516 | if (sbsec->flags & SE_SBLABELSUPP) { | 516 | if (sbsec->flags & SE_SBLABELSUPP) { |
517 | opts->mnt_opts[i] = NULL; | 517 | opts->mnt_opts[i] = NULL; |
518 | opts->mnt_opts_flags[i++] = SE_SBLABELSUPP; | 518 | opts->mnt_opts_flags[i++] = SE_SBLABELSUPP; |
519 | } | 519 | } |
520 | 520 | ||
521 | BUG_ON(i != opts->num_mnt_opts); | 521 | BUG_ON(i != opts->num_mnt_opts); |
522 | 522 | ||
523 | return 0; | 523 | return 0; |
524 | 524 | ||
525 | out_free: | 525 | out_free: |
526 | security_free_mnt_opts(opts); | 526 | security_free_mnt_opts(opts); |
527 | return rc; | 527 | return rc; |
528 | } | 528 | } |
529 | 529 | ||
530 | static int bad_option(struct superblock_security_struct *sbsec, char flag, | 530 | static int bad_option(struct superblock_security_struct *sbsec, char flag, |
531 | u32 old_sid, u32 new_sid) | 531 | u32 old_sid, u32 new_sid) |
532 | { | 532 | { |
533 | char mnt_flags = sbsec->flags & SE_MNTMASK; | 533 | char mnt_flags = sbsec->flags & SE_MNTMASK; |
534 | 534 | ||
535 | /* check if the old mount command had the same options */ | 535 | /* check if the old mount command had the same options */ |
536 | if (sbsec->flags & SE_SBINITIALIZED) | 536 | if (sbsec->flags & SE_SBINITIALIZED) |
537 | if (!(sbsec->flags & flag) || | 537 | if (!(sbsec->flags & flag) || |
538 | (old_sid != new_sid)) | 538 | (old_sid != new_sid)) |
539 | return 1; | 539 | return 1; |
540 | 540 | ||
541 | /* check if we were passed the same options twice, | 541 | /* check if we were passed the same options twice, |
542 | * aka someone passed context=a,context=b | 542 | * aka someone passed context=a,context=b |
543 | */ | 543 | */ |
544 | if (!(sbsec->flags & SE_SBINITIALIZED)) | 544 | if (!(sbsec->flags & SE_SBINITIALIZED)) |
545 | if (mnt_flags & flag) | 545 | if (mnt_flags & flag) |
546 | return 1; | 546 | return 1; |
547 | return 0; | 547 | return 0; |
548 | } | 548 | } |
549 | 549 | ||
550 | /* | 550 | /* |
551 | * Allow filesystems with binary mount data to explicitly set mount point | 551 | * Allow filesystems with binary mount data to explicitly set mount point |
552 | * labeling information. | 552 | * labeling information. |
553 | */ | 553 | */ |
554 | static int selinux_set_mnt_opts(struct super_block *sb, | 554 | static int selinux_set_mnt_opts(struct super_block *sb, |
555 | struct security_mnt_opts *opts) | 555 | struct security_mnt_opts *opts) |
556 | { | 556 | { |
557 | const struct cred *cred = current_cred(); | 557 | const struct cred *cred = current_cred(); |
558 | int rc = 0, i; | 558 | int rc = 0, i; |
559 | struct superblock_security_struct *sbsec = sb->s_security; | 559 | struct superblock_security_struct *sbsec = sb->s_security; |
560 | const char *name = sb->s_type->name; | 560 | const char *name = sb->s_type->name; |
561 | struct inode *inode = sbsec->sb->s_root->d_inode; | 561 | struct inode *inode = sbsec->sb->s_root->d_inode; |
562 | struct inode_security_struct *root_isec = inode->i_security; | 562 | struct inode_security_struct *root_isec = inode->i_security; |
563 | u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; | 563 | u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; |
564 | u32 defcontext_sid = 0; | 564 | u32 defcontext_sid = 0; |
565 | char **mount_options = opts->mnt_opts; | 565 | char **mount_options = opts->mnt_opts; |
566 | int *flags = opts->mnt_opts_flags; | 566 | int *flags = opts->mnt_opts_flags; |
567 | int num_opts = opts->num_mnt_opts; | 567 | int num_opts = opts->num_mnt_opts; |
568 | 568 | ||
569 | mutex_lock(&sbsec->lock); | 569 | mutex_lock(&sbsec->lock); |
570 | 570 | ||
571 | if (!ss_initialized) { | 571 | if (!ss_initialized) { |
572 | if (!num_opts) { | 572 | if (!num_opts) { |
573 | /* Defer initialization until selinux_complete_init, | 573 | /* Defer initialization until selinux_complete_init, |
574 | after the initial policy is loaded and the security | 574 | after the initial policy is loaded and the security |
575 | server is ready to handle calls. */ | 575 | server is ready to handle calls. */ |
576 | goto out; | 576 | goto out; |
577 | } | 577 | } |
578 | rc = -EINVAL; | 578 | rc = -EINVAL; |
579 | printk(KERN_WARNING "SELinux: Unable to set superblock options " | 579 | printk(KERN_WARNING "SELinux: Unable to set superblock options " |
580 | "before the security server is initialized\n"); | 580 | "before the security server is initialized\n"); |
581 | goto out; | 581 | goto out; |
582 | } | 582 | } |
583 | 583 | ||
584 | /* | 584 | /* |
585 | * Binary mount data FS will come through this function twice. Once | 585 | * Binary mount data FS will come through this function twice. Once |
586 | * from an explicit call and once from the generic calls from the vfs. | 586 | * from an explicit call and once from the generic calls from the vfs. |
587 | * Since the generic VFS calls will not contain any security mount data | 587 | * Since the generic VFS calls will not contain any security mount data |
588 | * we need to skip the double mount verification. | 588 | * we need to skip the double mount verification. |
589 | * | 589 | * |
590 | * This does open a hole in which we will not notice if the first | 590 | * This does open a hole in which we will not notice if the first |
591 | * mount using this sb set explict options and a second mount using | 591 | * mount using this sb set explict options and a second mount using |
592 | * this sb does not set any security options. (The first options | 592 | * this sb does not set any security options. (The first options |
593 | * will be used for both mounts) | 593 | * will be used for both mounts) |
594 | */ | 594 | */ |
595 | if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) | 595 | if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) |
596 | && (num_opts == 0)) | 596 | && (num_opts == 0)) |
597 | goto out; | 597 | goto out; |
598 | 598 | ||
599 | /* | 599 | /* |
600 | * parse the mount options, check if they are valid sids. | 600 | * parse the mount options, check if they are valid sids. |
601 | * also check if someone is trying to mount the same sb more | 601 | * also check if someone is trying to mount the same sb more |
602 | * than once with different security options. | 602 | * than once with different security options. |
603 | */ | 603 | */ |
604 | for (i = 0; i < num_opts; i++) { | 604 | for (i = 0; i < num_opts; i++) { |
605 | u32 sid; | 605 | u32 sid; |
606 | 606 | ||
607 | if (flags[i] == SE_SBLABELSUPP) | 607 | if (flags[i] == SE_SBLABELSUPP) |
608 | continue; | 608 | continue; |
609 | rc = security_context_to_sid(mount_options[i], | 609 | rc = security_context_to_sid(mount_options[i], |
610 | strlen(mount_options[i]), &sid); | 610 | strlen(mount_options[i]), &sid); |
611 | if (rc) { | 611 | if (rc) { |
612 | printk(KERN_WARNING "SELinux: security_context_to_sid" | 612 | printk(KERN_WARNING "SELinux: security_context_to_sid" |
613 | "(%s) failed for (dev %s, type %s) errno=%d\n", | 613 | "(%s) failed for (dev %s, type %s) errno=%d\n", |
614 | mount_options[i], sb->s_id, name, rc); | 614 | mount_options[i], sb->s_id, name, rc); |
615 | goto out; | 615 | goto out; |
616 | } | 616 | } |
617 | switch (flags[i]) { | 617 | switch (flags[i]) { |
618 | case FSCONTEXT_MNT: | 618 | case FSCONTEXT_MNT: |
619 | fscontext_sid = sid; | 619 | fscontext_sid = sid; |
620 | 620 | ||
621 | if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, | 621 | if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, |
622 | fscontext_sid)) | 622 | fscontext_sid)) |
623 | goto out_double_mount; | 623 | goto out_double_mount; |
624 | 624 | ||
625 | sbsec->flags |= FSCONTEXT_MNT; | 625 | sbsec->flags |= FSCONTEXT_MNT; |
626 | break; | 626 | break; |
627 | case CONTEXT_MNT: | 627 | case CONTEXT_MNT: |
628 | context_sid = sid; | 628 | context_sid = sid; |
629 | 629 | ||
630 | if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, | 630 | if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, |
631 | context_sid)) | 631 | context_sid)) |
632 | goto out_double_mount; | 632 | goto out_double_mount; |
633 | 633 | ||
634 | sbsec->flags |= CONTEXT_MNT; | 634 | sbsec->flags |= CONTEXT_MNT; |
635 | break; | 635 | break; |
636 | case ROOTCONTEXT_MNT: | 636 | case ROOTCONTEXT_MNT: |
637 | rootcontext_sid = sid; | 637 | rootcontext_sid = sid; |
638 | 638 | ||
639 | if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, | 639 | if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, |
640 | rootcontext_sid)) | 640 | rootcontext_sid)) |
641 | goto out_double_mount; | 641 | goto out_double_mount; |
642 | 642 | ||
643 | sbsec->flags |= ROOTCONTEXT_MNT; | 643 | sbsec->flags |= ROOTCONTEXT_MNT; |
644 | 644 | ||
645 | break; | 645 | break; |
646 | case DEFCONTEXT_MNT: | 646 | case DEFCONTEXT_MNT: |
647 | defcontext_sid = sid; | 647 | defcontext_sid = sid; |
648 | 648 | ||
649 | if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, | 649 | if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, |
650 | defcontext_sid)) | 650 | defcontext_sid)) |
651 | goto out_double_mount; | 651 | goto out_double_mount; |
652 | 652 | ||
653 | sbsec->flags |= DEFCONTEXT_MNT; | 653 | sbsec->flags |= DEFCONTEXT_MNT; |
654 | 654 | ||
655 | break; | 655 | break; |
656 | default: | 656 | default: |
657 | rc = -EINVAL; | 657 | rc = -EINVAL; |
658 | goto out; | 658 | goto out; |
659 | } | 659 | } |
660 | } | 660 | } |
661 | 661 | ||
662 | if (sbsec->flags & SE_SBINITIALIZED) { | 662 | if (sbsec->flags & SE_SBINITIALIZED) { |
663 | /* previously mounted with options, but not on this attempt? */ | 663 | /* previously mounted with options, but not on this attempt? */ |
664 | if ((sbsec->flags & SE_MNTMASK) && !num_opts) | 664 | if ((sbsec->flags & SE_MNTMASK) && !num_opts) |
665 | goto out_double_mount; | 665 | goto out_double_mount; |
666 | rc = 0; | 666 | rc = 0; |
667 | goto out; | 667 | goto out; |
668 | } | 668 | } |
669 | 669 | ||
670 | if (strcmp(sb->s_type->name, "proc") == 0) | 670 | if (strcmp(sb->s_type->name, "proc") == 0) |
671 | sbsec->flags |= SE_SBPROC; | 671 | sbsec->flags |= SE_SBPROC; |
672 | 672 | ||
673 | /* Determine the labeling behavior to use for this filesystem type. */ | 673 | /* Determine the labeling behavior to use for this filesystem type. */ |
674 | rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid); | 674 | rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid); |
675 | if (rc) { | 675 | if (rc) { |
676 | printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", | 676 | printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", |
677 | __func__, sb->s_type->name, rc); | 677 | __func__, sb->s_type->name, rc); |
678 | goto out; | 678 | goto out; |
679 | } | 679 | } |
680 | 680 | ||
681 | /* sets the context of the superblock for the fs being mounted. */ | 681 | /* sets the context of the superblock for the fs being mounted. */ |
682 | if (fscontext_sid) { | 682 | if (fscontext_sid) { |
683 | rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); | 683 | rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); |
684 | if (rc) | 684 | if (rc) |
685 | goto out; | 685 | goto out; |
686 | 686 | ||
687 | sbsec->sid = fscontext_sid; | 687 | sbsec->sid = fscontext_sid; |
688 | } | 688 | } |
689 | 689 | ||
690 | /* | 690 | /* |
691 | * Switch to using mount point labeling behavior. | 691 | * Switch to using mount point labeling behavior. |
692 | * sets the label used on all file below the mountpoint, and will set | 692 | * sets the label used on all file below the mountpoint, and will set |
693 | * the superblock context if not already set. | 693 | * the superblock context if not already set. |
694 | */ | 694 | */ |
695 | if (context_sid) { | 695 | if (context_sid) { |
696 | if (!fscontext_sid) { | 696 | if (!fscontext_sid) { |
697 | rc = may_context_mount_sb_relabel(context_sid, sbsec, | 697 | rc = may_context_mount_sb_relabel(context_sid, sbsec, |
698 | cred); | 698 | cred); |
699 | if (rc) | 699 | if (rc) |
700 | goto out; | 700 | goto out; |
701 | sbsec->sid = context_sid; | 701 | sbsec->sid = context_sid; |
702 | } else { | 702 | } else { |
703 | rc = may_context_mount_inode_relabel(context_sid, sbsec, | 703 | rc = may_context_mount_inode_relabel(context_sid, sbsec, |
704 | cred); | 704 | cred); |
705 | if (rc) | 705 | if (rc) |
706 | goto out; | 706 | goto out; |
707 | } | 707 | } |
708 | if (!rootcontext_sid) | 708 | if (!rootcontext_sid) |
709 | rootcontext_sid = context_sid; | 709 | rootcontext_sid = context_sid; |
710 | 710 | ||
711 | sbsec->mntpoint_sid = context_sid; | 711 | sbsec->mntpoint_sid = context_sid; |
712 | sbsec->behavior = SECURITY_FS_USE_MNTPOINT; | 712 | sbsec->behavior = SECURITY_FS_USE_MNTPOINT; |
713 | } | 713 | } |
714 | 714 | ||
715 | if (rootcontext_sid) { | 715 | if (rootcontext_sid) { |
716 | rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, | 716 | rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, |
717 | cred); | 717 | cred); |
718 | if (rc) | 718 | if (rc) |
719 | goto out; | 719 | goto out; |
720 | 720 | ||
721 | root_isec->sid = rootcontext_sid; | 721 | root_isec->sid = rootcontext_sid; |
722 | root_isec->initialized = 1; | 722 | root_isec->initialized = 1; |
723 | } | 723 | } |
724 | 724 | ||
725 | if (defcontext_sid) { | 725 | if (defcontext_sid) { |
726 | if (sbsec->behavior != SECURITY_FS_USE_XATTR) { | 726 | if (sbsec->behavior != SECURITY_FS_USE_XATTR) { |
727 | rc = -EINVAL; | 727 | rc = -EINVAL; |
728 | printk(KERN_WARNING "SELinux: defcontext option is " | 728 | printk(KERN_WARNING "SELinux: defcontext option is " |
729 | "invalid for this filesystem type\n"); | 729 | "invalid for this filesystem type\n"); |
730 | goto out; | 730 | goto out; |
731 | } | 731 | } |
732 | 732 | ||
733 | if (defcontext_sid != sbsec->def_sid) { | 733 | if (defcontext_sid != sbsec->def_sid) { |
734 | rc = may_context_mount_inode_relabel(defcontext_sid, | 734 | rc = may_context_mount_inode_relabel(defcontext_sid, |
735 | sbsec, cred); | 735 | sbsec, cred); |
736 | if (rc) | 736 | if (rc) |
737 | goto out; | 737 | goto out; |
738 | } | 738 | } |
739 | 739 | ||
740 | sbsec->def_sid = defcontext_sid; | 740 | sbsec->def_sid = defcontext_sid; |
741 | } | 741 | } |
742 | 742 | ||
743 | rc = sb_finish_set_opts(sb); | 743 | rc = sb_finish_set_opts(sb); |
744 | out: | 744 | out: |
745 | mutex_unlock(&sbsec->lock); | 745 | mutex_unlock(&sbsec->lock); |
746 | return rc; | 746 | return rc; |
747 | out_double_mount: | 747 | out_double_mount: |
748 | rc = -EINVAL; | 748 | rc = -EINVAL; |
749 | printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different " | 749 | printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different " |
750 | "security settings for (dev %s, type %s)\n", sb->s_id, name); | 750 | "security settings for (dev %s, type %s)\n", sb->s_id, name); |
751 | goto out; | 751 | goto out; |
752 | } | 752 | } |
753 | 753 | ||
754 | static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, | 754 | static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, |
755 | struct super_block *newsb) | 755 | struct super_block *newsb) |
756 | { | 756 | { |
757 | const struct superblock_security_struct *oldsbsec = oldsb->s_security; | 757 | const struct superblock_security_struct *oldsbsec = oldsb->s_security; |
758 | struct superblock_security_struct *newsbsec = newsb->s_security; | 758 | struct superblock_security_struct *newsbsec = newsb->s_security; |
759 | 759 | ||
760 | int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT); | 760 | int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT); |
761 | int set_context = (oldsbsec->flags & CONTEXT_MNT); | 761 | int set_context = (oldsbsec->flags & CONTEXT_MNT); |
762 | int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); | 762 | int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); |
763 | 763 | ||
764 | /* | 764 | /* |
765 | * if the parent was able to be mounted it clearly had no special lsm | 765 | * if the parent was able to be mounted it clearly had no special lsm |
766 | * mount options. thus we can safely deal with this superblock later | 766 | * mount options. thus we can safely deal with this superblock later |
767 | */ | 767 | */ |
768 | if (!ss_initialized) | 768 | if (!ss_initialized) |
769 | return; | 769 | return; |
770 | 770 | ||
771 | /* how can we clone if the old one wasn't set up?? */ | 771 | /* how can we clone if the old one wasn't set up?? */ |
772 | BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); | 772 | BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); |
773 | 773 | ||
774 | /* if fs is reusing a sb, just let its options stand... */ | 774 | /* if fs is reusing a sb, just let its options stand... */ |
775 | if (newsbsec->flags & SE_SBINITIALIZED) | 775 | if (newsbsec->flags & SE_SBINITIALIZED) |
776 | return; | 776 | return; |
777 | 777 | ||
778 | mutex_lock(&newsbsec->lock); | 778 | mutex_lock(&newsbsec->lock); |
779 | 779 | ||
780 | newsbsec->flags = oldsbsec->flags; | 780 | newsbsec->flags = oldsbsec->flags; |
781 | 781 | ||
782 | newsbsec->sid = oldsbsec->sid; | 782 | newsbsec->sid = oldsbsec->sid; |
783 | newsbsec->def_sid = oldsbsec->def_sid; | 783 | newsbsec->def_sid = oldsbsec->def_sid; |
784 | newsbsec->behavior = oldsbsec->behavior; | 784 | newsbsec->behavior = oldsbsec->behavior; |
785 | 785 | ||
786 | if (set_context) { | 786 | if (set_context) { |
787 | u32 sid = oldsbsec->mntpoint_sid; | 787 | u32 sid = oldsbsec->mntpoint_sid; |
788 | 788 | ||
789 | if (!set_fscontext) | 789 | if (!set_fscontext) |
790 | newsbsec->sid = sid; | 790 | newsbsec->sid = sid; |
791 | if (!set_rootcontext) { | 791 | if (!set_rootcontext) { |
792 | struct inode *newinode = newsb->s_root->d_inode; | 792 | struct inode *newinode = newsb->s_root->d_inode; |
793 | struct inode_security_struct *newisec = newinode->i_security; | 793 | struct inode_security_struct *newisec = newinode->i_security; |
794 | newisec->sid = sid; | 794 | newisec->sid = sid; |
795 | } | 795 | } |
796 | newsbsec->mntpoint_sid = sid; | 796 | newsbsec->mntpoint_sid = sid; |
797 | } | 797 | } |
798 | if (set_rootcontext) { | 798 | if (set_rootcontext) { |
799 | const struct inode *oldinode = oldsb->s_root->d_inode; | 799 | const struct inode *oldinode = oldsb->s_root->d_inode; |
800 | const struct inode_security_struct *oldisec = oldinode->i_security; | 800 | const struct inode_security_struct *oldisec = oldinode->i_security; |
801 | struct inode *newinode = newsb->s_root->d_inode; | 801 | struct inode *newinode = newsb->s_root->d_inode; |
802 | struct inode_security_struct *newisec = newinode->i_security; | 802 | struct inode_security_struct *newisec = newinode->i_security; |
803 | 803 | ||
804 | newisec->sid = oldisec->sid; | 804 | newisec->sid = oldisec->sid; |
805 | } | 805 | } |
806 | 806 | ||
807 | sb_finish_set_opts(newsb); | 807 | sb_finish_set_opts(newsb); |
808 | mutex_unlock(&newsbsec->lock); | 808 | mutex_unlock(&newsbsec->lock); |
809 | } | 809 | } |
810 | 810 | ||
811 | static int selinux_parse_opts_str(char *options, | 811 | static int selinux_parse_opts_str(char *options, |
812 | struct security_mnt_opts *opts) | 812 | struct security_mnt_opts *opts) |
813 | { | 813 | { |
814 | char *p; | 814 | char *p; |
815 | char *context = NULL, *defcontext = NULL; | 815 | char *context = NULL, *defcontext = NULL; |
816 | char *fscontext = NULL, *rootcontext = NULL; | 816 | char *fscontext = NULL, *rootcontext = NULL; |
817 | int rc, num_mnt_opts = 0; | 817 | int rc, num_mnt_opts = 0; |
818 | 818 | ||
819 | opts->num_mnt_opts = 0; | 819 | opts->num_mnt_opts = 0; |
820 | 820 | ||
821 | /* Standard string-based options. */ | 821 | /* Standard string-based options. */ |
822 | while ((p = strsep(&options, "|")) != NULL) { | 822 | while ((p = strsep(&options, "|")) != NULL) { |
823 | int token; | 823 | int token; |
824 | substring_t args[MAX_OPT_ARGS]; | 824 | substring_t args[MAX_OPT_ARGS]; |
825 | 825 | ||
826 | if (!*p) | 826 | if (!*p) |
827 | continue; | 827 | continue; |
828 | 828 | ||
829 | token = match_token(p, tokens, args); | 829 | token = match_token(p, tokens, args); |
830 | 830 | ||
831 | switch (token) { | 831 | switch (token) { |
832 | case Opt_context: | 832 | case Opt_context: |
833 | if (context || defcontext) { | 833 | if (context || defcontext) { |
834 | rc = -EINVAL; | 834 | rc = -EINVAL; |
835 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); | 835 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); |
836 | goto out_err; | 836 | goto out_err; |
837 | } | 837 | } |
838 | context = match_strdup(&args[0]); | 838 | context = match_strdup(&args[0]); |
839 | if (!context) { | 839 | if (!context) { |
840 | rc = -ENOMEM; | 840 | rc = -ENOMEM; |
841 | goto out_err; | 841 | goto out_err; |
842 | } | 842 | } |
843 | break; | 843 | break; |
844 | 844 | ||
845 | case Opt_fscontext: | 845 | case Opt_fscontext: |
846 | if (fscontext) { | 846 | if (fscontext) { |
847 | rc = -EINVAL; | 847 | rc = -EINVAL; |
848 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); | 848 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); |
849 | goto out_err; | 849 | goto out_err; |
850 | } | 850 | } |
851 | fscontext = match_strdup(&args[0]); | 851 | fscontext = match_strdup(&args[0]); |
852 | if (!fscontext) { | 852 | if (!fscontext) { |
853 | rc = -ENOMEM; | 853 | rc = -ENOMEM; |
854 | goto out_err; | 854 | goto out_err; |
855 | } | 855 | } |
856 | break; | 856 | break; |
857 | 857 | ||
858 | case Opt_rootcontext: | 858 | case Opt_rootcontext: |
859 | if (rootcontext) { | 859 | if (rootcontext) { |
860 | rc = -EINVAL; | 860 | rc = -EINVAL; |
861 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); | 861 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); |
862 | goto out_err; | 862 | goto out_err; |
863 | } | 863 | } |
864 | rootcontext = match_strdup(&args[0]); | 864 | rootcontext = match_strdup(&args[0]); |
865 | if (!rootcontext) { | 865 | if (!rootcontext) { |
866 | rc = -ENOMEM; | 866 | rc = -ENOMEM; |
867 | goto out_err; | 867 | goto out_err; |
868 | } | 868 | } |
869 | break; | 869 | break; |
870 | 870 | ||
871 | case Opt_defcontext: | 871 | case Opt_defcontext: |
872 | if (context || defcontext) { | 872 | if (context || defcontext) { |
873 | rc = -EINVAL; | 873 | rc = -EINVAL; |
874 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); | 874 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); |
875 | goto out_err; | 875 | goto out_err; |
876 | } | 876 | } |
877 | defcontext = match_strdup(&args[0]); | 877 | defcontext = match_strdup(&args[0]); |
878 | if (!defcontext) { | 878 | if (!defcontext) { |
879 | rc = -ENOMEM; | 879 | rc = -ENOMEM; |
880 | goto out_err; | 880 | goto out_err; |
881 | } | 881 | } |
882 | break; | 882 | break; |
883 | case Opt_labelsupport: | 883 | case Opt_labelsupport: |
884 | break; | 884 | break; |
885 | default: | 885 | default: |
886 | rc = -EINVAL; | 886 | rc = -EINVAL; |
887 | printk(KERN_WARNING "SELinux: unknown mount option\n"); | 887 | printk(KERN_WARNING "SELinux: unknown mount option\n"); |
888 | goto out_err; | 888 | goto out_err; |
889 | 889 | ||
890 | } | 890 | } |
891 | } | 891 | } |
892 | 892 | ||
893 | rc = -ENOMEM; | 893 | rc = -ENOMEM; |
894 | opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC); | 894 | opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC); |
895 | if (!opts->mnt_opts) | 895 | if (!opts->mnt_opts) |
896 | goto out_err; | 896 | goto out_err; |
897 | 897 | ||
898 | opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC); | 898 | opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC); |
899 | if (!opts->mnt_opts_flags) { | 899 | if (!opts->mnt_opts_flags) { |
900 | kfree(opts->mnt_opts); | 900 | kfree(opts->mnt_opts); |
901 | goto out_err; | 901 | goto out_err; |
902 | } | 902 | } |
903 | 903 | ||
904 | if (fscontext) { | 904 | if (fscontext) { |
905 | opts->mnt_opts[num_mnt_opts] = fscontext; | 905 | opts->mnt_opts[num_mnt_opts] = fscontext; |
906 | opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT; | 906 | opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT; |
907 | } | 907 | } |
908 | if (context) { | 908 | if (context) { |
909 | opts->mnt_opts[num_mnt_opts] = context; | 909 | opts->mnt_opts[num_mnt_opts] = context; |
910 | opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT; | 910 | opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT; |
911 | } | 911 | } |
912 | if (rootcontext) { | 912 | if (rootcontext) { |
913 | opts->mnt_opts[num_mnt_opts] = rootcontext; | 913 | opts->mnt_opts[num_mnt_opts] = rootcontext; |
914 | opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT; | 914 | opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT; |
915 | } | 915 | } |
916 | if (defcontext) { | 916 | if (defcontext) { |
917 | opts->mnt_opts[num_mnt_opts] = defcontext; | 917 | opts->mnt_opts[num_mnt_opts] = defcontext; |
918 | opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT; | 918 | opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT; |
919 | } | 919 | } |
920 | 920 | ||
921 | opts->num_mnt_opts = num_mnt_opts; | 921 | opts->num_mnt_opts = num_mnt_opts; |
922 | return 0; | 922 | return 0; |
923 | 923 | ||
924 | out_err: | 924 | out_err: |
925 | kfree(context); | 925 | kfree(context); |
926 | kfree(defcontext); | 926 | kfree(defcontext); |
927 | kfree(fscontext); | 927 | kfree(fscontext); |
928 | kfree(rootcontext); | 928 | kfree(rootcontext); |
929 | return rc; | 929 | return rc; |
930 | } | 930 | } |
931 | /* | 931 | /* |
932 | * string mount options parsing and call set the sbsec | 932 | * string mount options parsing and call set the sbsec |
933 | */ | 933 | */ |
934 | static int superblock_doinit(struct super_block *sb, void *data) | 934 | static int superblock_doinit(struct super_block *sb, void *data) |
935 | { | 935 | { |
936 | int rc = 0; | 936 | int rc = 0; |
937 | char *options = data; | 937 | char *options = data; |
938 | struct security_mnt_opts opts; | 938 | struct security_mnt_opts opts; |
939 | 939 | ||
940 | security_init_mnt_opts(&opts); | 940 | security_init_mnt_opts(&opts); |
941 | 941 | ||
942 | if (!data) | 942 | if (!data) |
943 | goto out; | 943 | goto out; |
944 | 944 | ||
945 | BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA); | 945 | BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA); |
946 | 946 | ||
947 | rc = selinux_parse_opts_str(options, &opts); | 947 | rc = selinux_parse_opts_str(options, &opts); |
948 | if (rc) | 948 | if (rc) |
949 | goto out_err; | 949 | goto out_err; |
950 | 950 | ||
951 | out: | 951 | out: |
952 | rc = selinux_set_mnt_opts(sb, &opts); | 952 | rc = selinux_set_mnt_opts(sb, &opts); |
953 | 953 | ||
954 | out_err: | 954 | out_err: |
955 | security_free_mnt_opts(&opts); | 955 | security_free_mnt_opts(&opts); |
956 | return rc; | 956 | return rc; |
957 | } | 957 | } |
958 | 958 | ||
959 | static void selinux_write_opts(struct seq_file *m, | 959 | static void selinux_write_opts(struct seq_file *m, |
960 | struct security_mnt_opts *opts) | 960 | struct security_mnt_opts *opts) |
961 | { | 961 | { |
962 | int i; | 962 | int i; |
963 | char *prefix; | 963 | char *prefix; |
964 | 964 | ||
965 | for (i = 0; i < opts->num_mnt_opts; i++) { | 965 | for (i = 0; i < opts->num_mnt_opts; i++) { |
966 | char *has_comma; | 966 | char *has_comma; |
967 | 967 | ||
968 | if (opts->mnt_opts[i]) | 968 | if (opts->mnt_opts[i]) |
969 | has_comma = strchr(opts->mnt_opts[i], ','); | 969 | has_comma = strchr(opts->mnt_opts[i], ','); |
970 | else | 970 | else |
971 | has_comma = NULL; | 971 | has_comma = NULL; |
972 | 972 | ||
973 | switch (opts->mnt_opts_flags[i]) { | 973 | switch (opts->mnt_opts_flags[i]) { |
974 | case CONTEXT_MNT: | 974 | case CONTEXT_MNT: |
975 | prefix = CONTEXT_STR; | 975 | prefix = CONTEXT_STR; |
976 | break; | 976 | break; |
977 | case FSCONTEXT_MNT: | 977 | case FSCONTEXT_MNT: |
978 | prefix = FSCONTEXT_STR; | 978 | prefix = FSCONTEXT_STR; |
979 | break; | 979 | break; |
980 | case ROOTCONTEXT_MNT: | 980 | case ROOTCONTEXT_MNT: |
981 | prefix = ROOTCONTEXT_STR; | 981 | prefix = ROOTCONTEXT_STR; |
982 | break; | 982 | break; |
983 | case DEFCONTEXT_MNT: | 983 | case DEFCONTEXT_MNT: |
984 | prefix = DEFCONTEXT_STR; | 984 | prefix = DEFCONTEXT_STR; |
985 | break; | 985 | break; |
986 | case SE_SBLABELSUPP: | 986 | case SE_SBLABELSUPP: |
987 | seq_putc(m, ','); | 987 | seq_putc(m, ','); |
988 | seq_puts(m, LABELSUPP_STR); | 988 | seq_puts(m, LABELSUPP_STR); |
989 | continue; | 989 | continue; |
990 | default: | 990 | default: |
991 | BUG(); | 991 | BUG(); |
992 | return; | 992 | return; |
993 | }; | 993 | }; |
994 | /* we need a comma before each option */ | 994 | /* we need a comma before each option */ |
995 | seq_putc(m, ','); | 995 | seq_putc(m, ','); |
996 | seq_puts(m, prefix); | 996 | seq_puts(m, prefix); |
997 | if (has_comma) | 997 | if (has_comma) |
998 | seq_putc(m, '\"'); | 998 | seq_putc(m, '\"'); |
999 | seq_puts(m, opts->mnt_opts[i]); | 999 | seq_puts(m, opts->mnt_opts[i]); |
1000 | if (has_comma) | 1000 | if (has_comma) |
1001 | seq_putc(m, '\"'); | 1001 | seq_putc(m, '\"'); |
1002 | } | 1002 | } |
1003 | } | 1003 | } |
1004 | 1004 | ||
1005 | static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb) | 1005 | static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb) |
1006 | { | 1006 | { |
1007 | struct security_mnt_opts opts; | 1007 | struct security_mnt_opts opts; |
1008 | int rc; | 1008 | int rc; |
1009 | 1009 | ||
1010 | rc = selinux_get_mnt_opts(sb, &opts); | 1010 | rc = selinux_get_mnt_opts(sb, &opts); |
1011 | if (rc) { | 1011 | if (rc) { |
1012 | /* before policy load we may get EINVAL, don't show anything */ | 1012 | /* before policy load we may get EINVAL, don't show anything */ |
1013 | if (rc == -EINVAL) | 1013 | if (rc == -EINVAL) |
1014 | rc = 0; | 1014 | rc = 0; |
1015 | return rc; | 1015 | return rc; |
1016 | } | 1016 | } |
1017 | 1017 | ||
1018 | selinux_write_opts(m, &opts); | 1018 | selinux_write_opts(m, &opts); |
1019 | 1019 | ||
1020 | security_free_mnt_opts(&opts); | 1020 | security_free_mnt_opts(&opts); |
1021 | 1021 | ||
1022 | return rc; | 1022 | return rc; |
1023 | } | 1023 | } |
1024 | 1024 | ||
1025 | static inline u16 inode_mode_to_security_class(umode_t mode) | 1025 | static inline u16 inode_mode_to_security_class(umode_t mode) |
1026 | { | 1026 | { |
1027 | switch (mode & S_IFMT) { | 1027 | switch (mode & S_IFMT) { |
1028 | case S_IFSOCK: | 1028 | case S_IFSOCK: |
1029 | return SECCLASS_SOCK_FILE; | 1029 | return SECCLASS_SOCK_FILE; |
1030 | case S_IFLNK: | 1030 | case S_IFLNK: |
1031 | return SECCLASS_LNK_FILE; | 1031 | return SECCLASS_LNK_FILE; |
1032 | case S_IFREG: | 1032 | case S_IFREG: |
1033 | return SECCLASS_FILE; | 1033 | return SECCLASS_FILE; |
1034 | case S_IFBLK: | 1034 | case S_IFBLK: |
1035 | return SECCLASS_BLK_FILE; | 1035 | return SECCLASS_BLK_FILE; |
1036 | case S_IFDIR: | 1036 | case S_IFDIR: |
1037 | return SECCLASS_DIR; | 1037 | return SECCLASS_DIR; |
1038 | case S_IFCHR: | 1038 | case S_IFCHR: |
1039 | return SECCLASS_CHR_FILE; | 1039 | return SECCLASS_CHR_FILE; |
1040 | case S_IFIFO: | 1040 | case S_IFIFO: |
1041 | return SECCLASS_FIFO_FILE; | 1041 | return SECCLASS_FIFO_FILE; |
1042 | 1042 | ||
1043 | } | 1043 | } |
1044 | 1044 | ||
1045 | return SECCLASS_FILE; | 1045 | return SECCLASS_FILE; |
1046 | } | 1046 | } |
1047 | 1047 | ||
1048 | static inline int default_protocol_stream(int protocol) | 1048 | static inline int default_protocol_stream(int protocol) |
1049 | { | 1049 | { |
1050 | return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP); | 1050 | return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP); |
1051 | } | 1051 | } |
1052 | 1052 | ||
1053 | static inline int default_protocol_dgram(int protocol) | 1053 | static inline int default_protocol_dgram(int protocol) |
1054 | { | 1054 | { |
1055 | return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP); | 1055 | return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP); |
1056 | } | 1056 | } |
1057 | 1057 | ||
1058 | static inline u16 socket_type_to_security_class(int family, int type, int protocol) | 1058 | static inline u16 socket_type_to_security_class(int family, int type, int protocol) |
1059 | { | 1059 | { |
1060 | switch (family) { | 1060 | switch (family) { |
1061 | case PF_UNIX: | 1061 | case PF_UNIX: |
1062 | switch (type) { | 1062 | switch (type) { |
1063 | case SOCK_STREAM: | 1063 | case SOCK_STREAM: |
1064 | case SOCK_SEQPACKET: | 1064 | case SOCK_SEQPACKET: |
1065 | return SECCLASS_UNIX_STREAM_SOCKET; | 1065 | return SECCLASS_UNIX_STREAM_SOCKET; |
1066 | case SOCK_DGRAM: | 1066 | case SOCK_DGRAM: |
1067 | return SECCLASS_UNIX_DGRAM_SOCKET; | 1067 | return SECCLASS_UNIX_DGRAM_SOCKET; |
1068 | } | 1068 | } |
1069 | break; | 1069 | break; |
1070 | case PF_INET: | 1070 | case PF_INET: |
1071 | case PF_INET6: | 1071 | case PF_INET6: |
1072 | switch (type) { | 1072 | switch (type) { |
1073 | case SOCK_STREAM: | 1073 | case SOCK_STREAM: |
1074 | if (default_protocol_stream(protocol)) | 1074 | if (default_protocol_stream(protocol)) |
1075 | return SECCLASS_TCP_SOCKET; | 1075 | return SECCLASS_TCP_SOCKET; |
1076 | else | 1076 | else |
1077 | return SECCLASS_RAWIP_SOCKET; | 1077 | return SECCLASS_RAWIP_SOCKET; |
1078 | case SOCK_DGRAM: | 1078 | case SOCK_DGRAM: |
1079 | if (default_protocol_dgram(protocol)) | 1079 | if (default_protocol_dgram(protocol)) |
1080 | return SECCLASS_UDP_SOCKET; | 1080 | return SECCLASS_UDP_SOCKET; |
1081 | else | 1081 | else |
1082 | return SECCLASS_RAWIP_SOCKET; | 1082 | return SECCLASS_RAWIP_SOCKET; |
1083 | case SOCK_DCCP: | 1083 | case SOCK_DCCP: |
1084 | return SECCLASS_DCCP_SOCKET; | 1084 | return SECCLASS_DCCP_SOCKET; |
1085 | default: | 1085 | default: |
1086 | return SECCLASS_RAWIP_SOCKET; | 1086 | return SECCLASS_RAWIP_SOCKET; |
1087 | } | 1087 | } |
1088 | break; | 1088 | break; |
1089 | case PF_NETLINK: | 1089 | case PF_NETLINK: |
1090 | switch (protocol) { | 1090 | switch (protocol) { |
1091 | case NETLINK_ROUTE: | 1091 | case NETLINK_ROUTE: |
1092 | return SECCLASS_NETLINK_ROUTE_SOCKET; | 1092 | return SECCLASS_NETLINK_ROUTE_SOCKET; |
1093 | case NETLINK_FIREWALL: | 1093 | case NETLINK_FIREWALL: |
1094 | return SECCLASS_NETLINK_FIREWALL_SOCKET; | 1094 | return SECCLASS_NETLINK_FIREWALL_SOCKET; |
1095 | case NETLINK_INET_DIAG: | 1095 | case NETLINK_INET_DIAG: |
1096 | return SECCLASS_NETLINK_TCPDIAG_SOCKET; | 1096 | return SECCLASS_NETLINK_TCPDIAG_SOCKET; |
1097 | case NETLINK_NFLOG: | 1097 | case NETLINK_NFLOG: |
1098 | return SECCLASS_NETLINK_NFLOG_SOCKET; | 1098 | return SECCLASS_NETLINK_NFLOG_SOCKET; |
1099 | case NETLINK_XFRM: | 1099 | case NETLINK_XFRM: |
1100 | return SECCLASS_NETLINK_XFRM_SOCKET; | 1100 | return SECCLASS_NETLINK_XFRM_SOCKET; |
1101 | case NETLINK_SELINUX: | 1101 | case NETLINK_SELINUX: |
1102 | return SECCLASS_NETLINK_SELINUX_SOCKET; | 1102 | return SECCLASS_NETLINK_SELINUX_SOCKET; |
1103 | case NETLINK_AUDIT: | 1103 | case NETLINK_AUDIT: |
1104 | return SECCLASS_NETLINK_AUDIT_SOCKET; | 1104 | return SECCLASS_NETLINK_AUDIT_SOCKET; |
1105 | case NETLINK_IP6_FW: | 1105 | case NETLINK_IP6_FW: |
1106 | return SECCLASS_NETLINK_IP6FW_SOCKET; | 1106 | return SECCLASS_NETLINK_IP6FW_SOCKET; |
1107 | case NETLINK_DNRTMSG: | 1107 | case NETLINK_DNRTMSG: |
1108 | return SECCLASS_NETLINK_DNRT_SOCKET; | 1108 | return SECCLASS_NETLINK_DNRT_SOCKET; |
1109 | case NETLINK_KOBJECT_UEVENT: | 1109 | case NETLINK_KOBJECT_UEVENT: |
1110 | return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET; | 1110 | return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET; |
1111 | default: | 1111 | default: |
1112 | return SECCLASS_NETLINK_SOCKET; | 1112 | return SECCLASS_NETLINK_SOCKET; |
1113 | } | 1113 | } |
1114 | case PF_PACKET: | 1114 | case PF_PACKET: |
1115 | return SECCLASS_PACKET_SOCKET; | 1115 | return SECCLASS_PACKET_SOCKET; |
1116 | case PF_KEY: | 1116 | case PF_KEY: |
1117 | return SECCLASS_KEY_SOCKET; | 1117 | return SECCLASS_KEY_SOCKET; |
1118 | case PF_APPLETALK: | 1118 | case PF_APPLETALK: |
1119 | return SECCLASS_APPLETALK_SOCKET; | 1119 | return SECCLASS_APPLETALK_SOCKET; |
1120 | } | 1120 | } |
1121 | 1121 | ||
1122 | return SECCLASS_SOCKET; | 1122 | return SECCLASS_SOCKET; |
1123 | } | 1123 | } |
1124 | 1124 | ||
1125 | #ifdef CONFIG_PROC_FS | 1125 | #ifdef CONFIG_PROC_FS |
1126 | static int selinux_proc_get_sid(struct dentry *dentry, | 1126 | static int selinux_proc_get_sid(struct dentry *dentry, |
1127 | u16 tclass, | 1127 | u16 tclass, |
1128 | u32 *sid) | 1128 | u32 *sid) |
1129 | { | 1129 | { |
1130 | int rc; | 1130 | int rc; |
1131 | char *buffer, *path; | 1131 | char *buffer, *path; |
1132 | 1132 | ||
1133 | buffer = (char *)__get_free_page(GFP_KERNEL); | 1133 | buffer = (char *)__get_free_page(GFP_KERNEL); |
1134 | if (!buffer) | 1134 | if (!buffer) |
1135 | return -ENOMEM; | 1135 | return -ENOMEM; |
1136 | 1136 | ||
1137 | path = dentry_path_raw(dentry, buffer, PAGE_SIZE); | 1137 | path = dentry_path_raw(dentry, buffer, PAGE_SIZE); |
1138 | if (IS_ERR(path)) | 1138 | if (IS_ERR(path)) |
1139 | rc = PTR_ERR(path); | 1139 | rc = PTR_ERR(path); |
1140 | else { | 1140 | else { |
1141 | /* each process gets a /proc/PID/ entry. Strip off the | 1141 | /* each process gets a /proc/PID/ entry. Strip off the |
1142 | * PID part to get a valid selinux labeling. | 1142 | * PID part to get a valid selinux labeling. |
1143 | * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */ | 1143 | * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */ |
1144 | while (path[1] >= '0' && path[1] <= '9') { | 1144 | while (path[1] >= '0' && path[1] <= '9') { |
1145 | path[1] = '/'; | 1145 | path[1] = '/'; |
1146 | path++; | 1146 | path++; |
1147 | } | 1147 | } |
1148 | rc = security_genfs_sid("proc", path, tclass, sid); | 1148 | rc = security_genfs_sid("proc", path, tclass, sid); |
1149 | } | 1149 | } |
1150 | free_page((unsigned long)buffer); | 1150 | free_page((unsigned long)buffer); |
1151 | return rc; | 1151 | return rc; |
1152 | } | 1152 | } |
1153 | #else | 1153 | #else |
1154 | static int selinux_proc_get_sid(struct dentry *dentry, | 1154 | static int selinux_proc_get_sid(struct dentry *dentry, |
1155 | u16 tclass, | 1155 | u16 tclass, |
1156 | u32 *sid) | 1156 | u32 *sid) |
1157 | { | 1157 | { |
1158 | return -EINVAL; | 1158 | return -EINVAL; |
1159 | } | 1159 | } |
1160 | #endif | 1160 | #endif |
1161 | 1161 | ||
1162 | /* The inode's security attributes must be initialized before first use. */ | 1162 | /* The inode's security attributes must be initialized before first use. */ |
1163 | static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) | 1163 | static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) |
1164 | { | 1164 | { |
1165 | struct superblock_security_struct *sbsec = NULL; | 1165 | struct superblock_security_struct *sbsec = NULL; |
1166 | struct inode_security_struct *isec = inode->i_security; | 1166 | struct inode_security_struct *isec = inode->i_security; |
1167 | u32 sid; | 1167 | u32 sid; |
1168 | struct dentry *dentry; | 1168 | struct dentry *dentry; |
1169 | #define INITCONTEXTLEN 255 | 1169 | #define INITCONTEXTLEN 255 |
1170 | char *context = NULL; | 1170 | char *context = NULL; |
1171 | unsigned len = 0; | 1171 | unsigned len = 0; |
1172 | int rc = 0; | 1172 | int rc = 0; |
1173 | 1173 | ||
1174 | if (isec->initialized) | 1174 | if (isec->initialized) |
1175 | goto out; | 1175 | goto out; |
1176 | 1176 | ||
1177 | mutex_lock(&isec->lock); | 1177 | mutex_lock(&isec->lock); |
1178 | if (isec->initialized) | 1178 | if (isec->initialized) |
1179 | goto out_unlock; | 1179 | goto out_unlock; |
1180 | 1180 | ||
1181 | sbsec = inode->i_sb->s_security; | 1181 | sbsec = inode->i_sb->s_security; |
1182 | if (!(sbsec->flags & SE_SBINITIALIZED)) { | 1182 | if (!(sbsec->flags & SE_SBINITIALIZED)) { |
1183 | /* Defer initialization until selinux_complete_init, | 1183 | /* Defer initialization until selinux_complete_init, |
1184 | after the initial policy is loaded and the security | 1184 | after the initial policy is loaded and the security |
1185 | server is ready to handle calls. */ | 1185 | server is ready to handle calls. */ |
1186 | spin_lock(&sbsec->isec_lock); | 1186 | spin_lock(&sbsec->isec_lock); |
1187 | if (list_empty(&isec->list)) | 1187 | if (list_empty(&isec->list)) |
1188 | list_add(&isec->list, &sbsec->isec_head); | 1188 | list_add(&isec->list, &sbsec->isec_head); |
1189 | spin_unlock(&sbsec->isec_lock); | 1189 | spin_unlock(&sbsec->isec_lock); |
1190 | goto out_unlock; | 1190 | goto out_unlock; |
1191 | } | 1191 | } |
1192 | 1192 | ||
1193 | switch (sbsec->behavior) { | 1193 | switch (sbsec->behavior) { |
1194 | case SECURITY_FS_USE_XATTR: | 1194 | case SECURITY_FS_USE_XATTR: |
1195 | if (!inode->i_op->getxattr) { | 1195 | if (!inode->i_op->getxattr) { |
1196 | isec->sid = sbsec->def_sid; | 1196 | isec->sid = sbsec->def_sid; |
1197 | break; | 1197 | break; |
1198 | } | 1198 | } |
1199 | 1199 | ||
1200 | /* Need a dentry, since the xattr API requires one. | 1200 | /* Need a dentry, since the xattr API requires one. |
1201 | Life would be simpler if we could just pass the inode. */ | 1201 | Life would be simpler if we could just pass the inode. */ |
1202 | if (opt_dentry) { | 1202 | if (opt_dentry) { |
1203 | /* Called from d_instantiate or d_splice_alias. */ | 1203 | /* Called from d_instantiate or d_splice_alias. */ |
1204 | dentry = dget(opt_dentry); | 1204 | dentry = dget(opt_dentry); |
1205 | } else { | 1205 | } else { |
1206 | /* Called from selinux_complete_init, try to find a dentry. */ | 1206 | /* Called from selinux_complete_init, try to find a dentry. */ |
1207 | dentry = d_find_alias(inode); | 1207 | dentry = d_find_alias(inode); |
1208 | } | 1208 | } |
1209 | if (!dentry) { | 1209 | if (!dentry) { |
1210 | /* | 1210 | /* |
1211 | * this is can be hit on boot when a file is accessed | 1211 | * this is can be hit on boot when a file is accessed |
1212 | * before the policy is loaded. When we load policy we | 1212 | * before the policy is loaded. When we load policy we |
1213 | * may find inodes that have no dentry on the | 1213 | * may find inodes that have no dentry on the |
1214 | * sbsec->isec_head list. No reason to complain as these | 1214 | * sbsec->isec_head list. No reason to complain as these |
1215 | * will get fixed up the next time we go through | 1215 | * will get fixed up the next time we go through |
1216 | * inode_doinit with a dentry, before these inodes could | 1216 | * inode_doinit with a dentry, before these inodes could |
1217 | * be used again by userspace. | 1217 | * be used again by userspace. |
1218 | */ | 1218 | */ |
1219 | goto out_unlock; | 1219 | goto out_unlock; |
1220 | } | 1220 | } |
1221 | 1221 | ||
1222 | len = INITCONTEXTLEN; | 1222 | len = INITCONTEXTLEN; |
1223 | context = kmalloc(len+1, GFP_NOFS); | 1223 | context = kmalloc(len+1, GFP_NOFS); |
1224 | if (!context) { | 1224 | if (!context) { |
1225 | rc = -ENOMEM; | 1225 | rc = -ENOMEM; |
1226 | dput(dentry); | 1226 | dput(dentry); |
1227 | goto out_unlock; | 1227 | goto out_unlock; |
1228 | } | 1228 | } |
1229 | context[len] = '\0'; | 1229 | context[len] = '\0'; |
1230 | rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, | 1230 | rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, |
1231 | context, len); | 1231 | context, len); |
1232 | if (rc == -ERANGE) { | 1232 | if (rc == -ERANGE) { |
1233 | kfree(context); | 1233 | kfree(context); |
1234 | 1234 | ||
1235 | /* Need a larger buffer. Query for the right size. */ | 1235 | /* Need a larger buffer. Query for the right size. */ |
1236 | rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, | 1236 | rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, |
1237 | NULL, 0); | 1237 | NULL, 0); |
1238 | if (rc < 0) { | 1238 | if (rc < 0) { |
1239 | dput(dentry); | 1239 | dput(dentry); |
1240 | goto out_unlock; | 1240 | goto out_unlock; |
1241 | } | 1241 | } |
1242 | len = rc; | 1242 | len = rc; |
1243 | context = kmalloc(len+1, GFP_NOFS); | 1243 | context = kmalloc(len+1, GFP_NOFS); |
1244 | if (!context) { | 1244 | if (!context) { |
1245 | rc = -ENOMEM; | 1245 | rc = -ENOMEM; |
1246 | dput(dentry); | 1246 | dput(dentry); |
1247 | goto out_unlock; | 1247 | goto out_unlock; |
1248 | } | 1248 | } |
1249 | context[len] = '\0'; | 1249 | context[len] = '\0'; |
1250 | rc = inode->i_op->getxattr(dentry, | 1250 | rc = inode->i_op->getxattr(dentry, |
1251 | XATTR_NAME_SELINUX, | 1251 | XATTR_NAME_SELINUX, |
1252 | context, len); | 1252 | context, len); |
1253 | } | 1253 | } |
1254 | dput(dentry); | 1254 | dput(dentry); |
1255 | if (rc < 0) { | 1255 | if (rc < 0) { |
1256 | if (rc != -ENODATA) { | 1256 | if (rc != -ENODATA) { |
1257 | printk(KERN_WARNING "SELinux: %s: getxattr returned " | 1257 | printk(KERN_WARNING "SELinux: %s: getxattr returned " |
1258 | "%d for dev=%s ino=%ld\n", __func__, | 1258 | "%d for dev=%s ino=%ld\n", __func__, |
1259 | -rc, inode->i_sb->s_id, inode->i_ino); | 1259 | -rc, inode->i_sb->s_id, inode->i_ino); |
1260 | kfree(context); | 1260 | kfree(context); |
1261 | goto out_unlock; | 1261 | goto out_unlock; |
1262 | } | 1262 | } |
1263 | /* Map ENODATA to the default file SID */ | 1263 | /* Map ENODATA to the default file SID */ |
1264 | sid = sbsec->def_sid; | 1264 | sid = sbsec->def_sid; |
1265 | rc = 0; | 1265 | rc = 0; |
1266 | } else { | 1266 | } else { |
1267 | rc = security_context_to_sid_default(context, rc, &sid, | 1267 | rc = security_context_to_sid_default(context, rc, &sid, |
1268 | sbsec->def_sid, | 1268 | sbsec->def_sid, |
1269 | GFP_NOFS); | 1269 | GFP_NOFS); |
1270 | if (rc) { | 1270 | if (rc) { |
1271 | char *dev = inode->i_sb->s_id; | 1271 | char *dev = inode->i_sb->s_id; |
1272 | unsigned long ino = inode->i_ino; | 1272 | unsigned long ino = inode->i_ino; |
1273 | 1273 | ||
1274 | if (rc == -EINVAL) { | 1274 | if (rc == -EINVAL) { |
1275 | if (printk_ratelimit()) | 1275 | if (printk_ratelimit()) |
1276 | printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid " | 1276 | printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid " |
1277 | "context=%s. This indicates you may need to relabel the inode or the " | 1277 | "context=%s. This indicates you may need to relabel the inode or the " |
1278 | "filesystem in question.\n", ino, dev, context); | 1278 | "filesystem in question.\n", ino, dev, context); |
1279 | } else { | 1279 | } else { |
1280 | printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) " | 1280 | printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) " |
1281 | "returned %d for dev=%s ino=%ld\n", | 1281 | "returned %d for dev=%s ino=%ld\n", |
1282 | __func__, context, -rc, dev, ino); | 1282 | __func__, context, -rc, dev, ino); |
1283 | } | 1283 | } |
1284 | kfree(context); | 1284 | kfree(context); |
1285 | /* Leave with the unlabeled SID */ | 1285 | /* Leave with the unlabeled SID */ |
1286 | rc = 0; | 1286 | rc = 0; |
1287 | break; | 1287 | break; |
1288 | } | 1288 | } |
1289 | } | 1289 | } |
1290 | kfree(context); | 1290 | kfree(context); |
1291 | isec->sid = sid; | 1291 | isec->sid = sid; |
1292 | break; | 1292 | break; |
1293 | case SECURITY_FS_USE_TASK: | 1293 | case SECURITY_FS_USE_TASK: |
1294 | isec->sid = isec->task_sid; | 1294 | isec->sid = isec->task_sid; |
1295 | break; | 1295 | break; |
1296 | case SECURITY_FS_USE_TRANS: | 1296 | case SECURITY_FS_USE_TRANS: |
1297 | /* Default to the fs SID. */ | 1297 | /* Default to the fs SID. */ |
1298 | isec->sid = sbsec->sid; | 1298 | isec->sid = sbsec->sid; |
1299 | 1299 | ||
1300 | /* Try to obtain a transition SID. */ | 1300 | /* Try to obtain a transition SID. */ |
1301 | isec->sclass = inode_mode_to_security_class(inode->i_mode); | 1301 | isec->sclass = inode_mode_to_security_class(inode->i_mode); |
1302 | rc = security_transition_sid(isec->task_sid, sbsec->sid, | 1302 | rc = security_transition_sid(isec->task_sid, sbsec->sid, |
1303 | isec->sclass, NULL, &sid); | 1303 | isec->sclass, NULL, &sid); |
1304 | if (rc) | 1304 | if (rc) |
1305 | goto out_unlock; | 1305 | goto out_unlock; |
1306 | isec->sid = sid; | 1306 | isec->sid = sid; |
1307 | break; | 1307 | break; |
1308 | case SECURITY_FS_USE_MNTPOINT: | 1308 | case SECURITY_FS_USE_MNTPOINT: |
1309 | isec->sid = sbsec->mntpoint_sid; | 1309 | isec->sid = sbsec->mntpoint_sid; |
1310 | break; | 1310 | break; |
1311 | default: | 1311 | default: |
1312 | /* Default to the fs superblock SID. */ | 1312 | /* Default to the fs superblock SID. */ |
1313 | isec->sid = sbsec->sid; | 1313 | isec->sid = sbsec->sid; |
1314 | 1314 | ||
1315 | if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) { | 1315 | if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) { |
1316 | if (opt_dentry) { | 1316 | if (opt_dentry) { |
1317 | isec->sclass = inode_mode_to_security_class(inode->i_mode); | 1317 | isec->sclass = inode_mode_to_security_class(inode->i_mode); |
1318 | rc = selinux_proc_get_sid(opt_dentry, | 1318 | rc = selinux_proc_get_sid(opt_dentry, |
1319 | isec->sclass, | 1319 | isec->sclass, |
1320 | &sid); | 1320 | &sid); |
1321 | if (rc) | 1321 | if (rc) |
1322 | goto out_unlock; | 1322 | goto out_unlock; |
1323 | isec->sid = sid; | 1323 | isec->sid = sid; |
1324 | } | 1324 | } |
1325 | } | 1325 | } |
1326 | break; | 1326 | break; |
1327 | } | 1327 | } |
1328 | 1328 | ||
1329 | isec->initialized = 1; | 1329 | isec->initialized = 1; |
1330 | 1330 | ||
1331 | out_unlock: | 1331 | out_unlock: |
1332 | mutex_unlock(&isec->lock); | 1332 | mutex_unlock(&isec->lock); |
1333 | out: | 1333 | out: |
1334 | if (isec->sclass == SECCLASS_FILE) | 1334 | if (isec->sclass == SECCLASS_FILE) |
1335 | isec->sclass = inode_mode_to_security_class(inode->i_mode); | 1335 | isec->sclass = inode_mode_to_security_class(inode->i_mode); |
1336 | return rc; | 1336 | return rc; |
1337 | } | 1337 | } |
1338 | 1338 | ||
1339 | /* Convert a Linux signal to an access vector. */ | 1339 | /* Convert a Linux signal to an access vector. */ |
1340 | static inline u32 signal_to_av(int sig) | 1340 | static inline u32 signal_to_av(int sig) |
1341 | { | 1341 | { |
1342 | u32 perm = 0; | 1342 | u32 perm = 0; |
1343 | 1343 | ||
1344 | switch (sig) { | 1344 | switch (sig) { |
1345 | case SIGCHLD: | 1345 | case SIGCHLD: |
1346 | /* Commonly granted from child to parent. */ | 1346 | /* Commonly granted from child to parent. */ |
1347 | perm = PROCESS__SIGCHLD; | 1347 | perm = PROCESS__SIGCHLD; |
1348 | break; | 1348 | break; |
1349 | case SIGKILL: | 1349 | case SIGKILL: |
1350 | /* Cannot be caught or ignored */ | 1350 | /* Cannot be caught or ignored */ |
1351 | perm = PROCESS__SIGKILL; | 1351 | perm = PROCESS__SIGKILL; |
1352 | break; | 1352 | break; |
1353 | case SIGSTOP: | 1353 | case SIGSTOP: |
1354 | /* Cannot be caught or ignored */ | 1354 | /* Cannot be caught or ignored */ |
1355 | perm = PROCESS__SIGSTOP; | 1355 | perm = PROCESS__SIGSTOP; |
1356 | break; | 1356 | break; |
1357 | default: | 1357 | default: |
1358 | /* All other signals. */ | 1358 | /* All other signals. */ |
1359 | perm = PROCESS__SIGNAL; | 1359 | perm = PROCESS__SIGNAL; |
1360 | break; | 1360 | break; |
1361 | } | 1361 | } |
1362 | 1362 | ||
1363 | return perm; | 1363 | return perm; |
1364 | } | 1364 | } |
1365 | 1365 | ||
1366 | /* | 1366 | /* |
1367 | * Check permission between a pair of credentials | 1367 | * Check permission between a pair of credentials |
1368 | * fork check, ptrace check, etc. | 1368 | * fork check, ptrace check, etc. |
1369 | */ | 1369 | */ |
1370 | static int cred_has_perm(const struct cred *actor, | 1370 | static int cred_has_perm(const struct cred *actor, |
1371 | const struct cred *target, | 1371 | const struct cred *target, |
1372 | u32 perms) | 1372 | u32 perms) |
1373 | { | 1373 | { |
1374 | u32 asid = cred_sid(actor), tsid = cred_sid(target); | 1374 | u32 asid = cred_sid(actor), tsid = cred_sid(target); |
1375 | 1375 | ||
1376 | return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL); | 1376 | return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL); |
1377 | } | 1377 | } |
1378 | 1378 | ||
1379 | /* | 1379 | /* |
1380 | * Check permission between a pair of tasks, e.g. signal checks, | 1380 | * Check permission between a pair of tasks, e.g. signal checks, |
1381 | * fork check, ptrace check, etc. | 1381 | * fork check, ptrace check, etc. |
1382 | * tsk1 is the actor and tsk2 is the target | 1382 | * tsk1 is the actor and tsk2 is the target |
1383 | * - this uses the default subjective creds of tsk1 | 1383 | * - this uses the default subjective creds of tsk1 |
1384 | */ | 1384 | */ |
1385 | static int task_has_perm(const struct task_struct *tsk1, | 1385 | static int task_has_perm(const struct task_struct *tsk1, |
1386 | const struct task_struct *tsk2, | 1386 | const struct task_struct *tsk2, |
1387 | u32 perms) | 1387 | u32 perms) |
1388 | { | 1388 | { |
1389 | const struct task_security_struct *__tsec1, *__tsec2; | 1389 | const struct task_security_struct *__tsec1, *__tsec2; |
1390 | u32 sid1, sid2; | 1390 | u32 sid1, sid2; |
1391 | 1391 | ||
1392 | rcu_read_lock(); | 1392 | rcu_read_lock(); |
1393 | __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; | 1393 | __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; |
1394 | __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; | 1394 | __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; |
1395 | rcu_read_unlock(); | 1395 | rcu_read_unlock(); |
1396 | return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL); | 1396 | return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL); |
1397 | } | 1397 | } |
1398 | 1398 | ||
1399 | /* | 1399 | /* |
1400 | * Check permission between current and another task, e.g. signal checks, | 1400 | * Check permission between current and another task, e.g. signal checks, |
1401 | * fork check, ptrace check, etc. | 1401 | * fork check, ptrace check, etc. |
1402 | * current is the actor and tsk2 is the target | 1402 | * current is the actor and tsk2 is the target |
1403 | * - this uses current's subjective creds | 1403 | * - this uses current's subjective creds |
1404 | */ | 1404 | */ |
1405 | static int current_has_perm(const struct task_struct *tsk, | 1405 | static int current_has_perm(const struct task_struct *tsk, |
1406 | u32 perms) | 1406 | u32 perms) |
1407 | { | 1407 | { |
1408 | u32 sid, tsid; | 1408 | u32 sid, tsid; |
1409 | 1409 | ||
1410 | sid = current_sid(); | 1410 | sid = current_sid(); |
1411 | tsid = task_sid(tsk); | 1411 | tsid = task_sid(tsk); |
1412 | return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL); | 1412 | return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL); |
1413 | } | 1413 | } |
1414 | 1414 | ||
1415 | #if CAP_LAST_CAP > 63 | 1415 | #if CAP_LAST_CAP > 63 |
1416 | #error Fix SELinux to handle capabilities > 63. | 1416 | #error Fix SELinux to handle capabilities > 63. |
1417 | #endif | 1417 | #endif |
1418 | 1418 | ||
1419 | /* Check whether a task is allowed to use a capability. */ | 1419 | /* Check whether a task is allowed to use a capability. */ |
1420 | static int task_has_capability(struct task_struct *tsk, | 1420 | static int task_has_capability(struct task_struct *tsk, |
1421 | const struct cred *cred, | 1421 | const struct cred *cred, |
1422 | int cap, int audit) | 1422 | int cap, int audit) |
1423 | { | 1423 | { |
1424 | struct common_audit_data ad; | 1424 | struct common_audit_data ad; |
1425 | struct av_decision avd; | 1425 | struct av_decision avd; |
1426 | u16 sclass; | 1426 | u16 sclass; |
1427 | u32 sid = cred_sid(cred); | 1427 | u32 sid = cred_sid(cred); |
1428 | u32 av = CAP_TO_MASK(cap); | 1428 | u32 av = CAP_TO_MASK(cap); |
1429 | int rc; | 1429 | int rc; |
1430 | 1430 | ||
1431 | COMMON_AUDIT_DATA_INIT(&ad, CAP); | 1431 | COMMON_AUDIT_DATA_INIT(&ad, CAP); |
1432 | ad.tsk = tsk; | 1432 | ad.tsk = tsk; |
1433 | ad.u.cap = cap; | 1433 | ad.u.cap = cap; |
1434 | 1434 | ||
1435 | switch (CAP_TO_INDEX(cap)) { | 1435 | switch (CAP_TO_INDEX(cap)) { |
1436 | case 0: | 1436 | case 0: |
1437 | sclass = SECCLASS_CAPABILITY; | 1437 | sclass = SECCLASS_CAPABILITY; |
1438 | break; | 1438 | break; |
1439 | case 1: | 1439 | case 1: |
1440 | sclass = SECCLASS_CAPABILITY2; | 1440 | sclass = SECCLASS_CAPABILITY2; |
1441 | break; | 1441 | break; |
1442 | default: | 1442 | default: |
1443 | printk(KERN_ERR | 1443 | printk(KERN_ERR |
1444 | "SELinux: out of range capability %d\n", cap); | 1444 | "SELinux: out of range capability %d\n", cap); |
1445 | BUG(); | 1445 | BUG(); |
1446 | return -EINVAL; | 1446 | return -EINVAL; |
1447 | } | 1447 | } |
1448 | 1448 | ||
1449 | rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); | 1449 | rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); |
1450 | if (audit == SECURITY_CAP_AUDIT) { | 1450 | if (audit == SECURITY_CAP_AUDIT) { |
1451 | int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0); | 1451 | int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0); |
1452 | if (rc2) | 1452 | if (rc2) |
1453 | return rc2; | 1453 | return rc2; |
1454 | } | 1454 | } |
1455 | return rc; | 1455 | return rc; |
1456 | } | 1456 | } |
1457 | 1457 | ||
1458 | /* Check whether a task is allowed to use a system operation. */ | 1458 | /* Check whether a task is allowed to use a system operation. */ |
1459 | static int task_has_system(struct task_struct *tsk, | 1459 | static int task_has_system(struct task_struct *tsk, |
1460 | u32 perms) | 1460 | u32 perms) |
1461 | { | 1461 | { |
1462 | u32 sid = task_sid(tsk); | 1462 | u32 sid = task_sid(tsk); |
1463 | 1463 | ||
1464 | return avc_has_perm(sid, SECINITSID_KERNEL, | 1464 | return avc_has_perm(sid, SECINITSID_KERNEL, |
1465 | SECCLASS_SYSTEM, perms, NULL); | 1465 | SECCLASS_SYSTEM, perms, NULL); |
1466 | } | 1466 | } |
1467 | 1467 | ||
1468 | /* Check whether a task has a particular permission to an inode. | 1468 | /* Check whether a task has a particular permission to an inode. |
1469 | The 'adp' parameter is optional and allows other audit | 1469 | The 'adp' parameter is optional and allows other audit |
1470 | data to be passed (e.g. the dentry). */ | 1470 | data to be passed (e.g. the dentry). */ |
1471 | static int inode_has_perm(const struct cred *cred, | 1471 | static int inode_has_perm(const struct cred *cred, |
1472 | struct inode *inode, | 1472 | struct inode *inode, |
1473 | u32 perms, | 1473 | u32 perms, |
1474 | struct common_audit_data *adp, | 1474 | struct common_audit_data *adp, |
1475 | unsigned flags) | 1475 | unsigned flags) |
1476 | { | 1476 | { |
1477 | struct inode_security_struct *isec; | 1477 | struct inode_security_struct *isec; |
1478 | struct common_audit_data ad; | 1478 | struct common_audit_data ad; |
1479 | u32 sid; | 1479 | u32 sid; |
1480 | 1480 | ||
1481 | validate_creds(cred); | 1481 | validate_creds(cred); |
1482 | 1482 | ||
1483 | if (unlikely(IS_PRIVATE(inode))) | 1483 | if (unlikely(IS_PRIVATE(inode))) |
1484 | return 0; | 1484 | return 0; |
1485 | 1485 | ||
1486 | sid = cred_sid(cred); | 1486 | sid = cred_sid(cred); |
1487 | isec = inode->i_security; | 1487 | isec = inode->i_security; |
1488 | 1488 | ||
1489 | if (!adp) { | 1489 | if (!adp) { |
1490 | adp = &ad; | 1490 | adp = &ad; |
1491 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 1491 | COMMON_AUDIT_DATA_INIT(&ad, INODE); |
1492 | ad.u.fs.inode = inode; | 1492 | ad.u.inode = inode; |
1493 | } | 1493 | } |
1494 | 1494 | ||
1495 | return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags); | 1495 | return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags); |
1496 | } | 1496 | } |
1497 | 1497 | ||
1498 | /* Same as inode_has_perm, but pass explicit audit data containing | 1498 | /* Same as inode_has_perm, but pass explicit audit data containing |
1499 | the dentry to help the auditing code to more easily generate the | 1499 | the dentry to help the auditing code to more easily generate the |
1500 | pathname if needed. */ | 1500 | pathname if needed. */ |
1501 | static inline int dentry_has_perm(const struct cred *cred, | 1501 | static inline int dentry_has_perm(const struct cred *cred, |
1502 | struct vfsmount *mnt, | 1502 | struct vfsmount *mnt, |
1503 | struct dentry *dentry, | 1503 | struct dentry *dentry, |
1504 | u32 av) | 1504 | u32 av) |
1505 | { | 1505 | { |
1506 | struct inode *inode = dentry->d_inode; | 1506 | struct inode *inode = dentry->d_inode; |
1507 | struct common_audit_data ad; | 1507 | struct common_audit_data ad; |
1508 | 1508 | ||
1509 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 1509 | COMMON_AUDIT_DATA_INIT(&ad, PATH); |
1510 | ad.u.fs.path.mnt = mnt; | 1510 | ad.u.path.mnt = mnt; |
1511 | ad.u.fs.path.dentry = dentry; | 1511 | ad.u.path.dentry = dentry; |
1512 | return inode_has_perm(cred, inode, av, &ad, 0); | 1512 | return inode_has_perm(cred, inode, av, &ad, 0); |
1513 | } | 1513 | } |
1514 | 1514 | ||
1515 | /* Check whether a task can use an open file descriptor to | 1515 | /* Check whether a task can use an open file descriptor to |
1516 | access an inode in a given way. Check access to the | 1516 | access an inode in a given way. Check access to the |
1517 | descriptor itself, and then use dentry_has_perm to | 1517 | descriptor itself, and then use dentry_has_perm to |
1518 | check a particular permission to the file. | 1518 | check a particular permission to the file. |
1519 | Access to the descriptor is implicitly granted if it | 1519 | Access to the descriptor is implicitly granted if it |
1520 | has the same SID as the process. If av is zero, then | 1520 | has the same SID as the process. If av is zero, then |
1521 | access to the file is not checked, e.g. for cases | 1521 | access to the file is not checked, e.g. for cases |
1522 | where only the descriptor is affected like seek. */ | 1522 | where only the descriptor is affected like seek. */ |
1523 | static int file_has_perm(const struct cred *cred, | 1523 | static int file_has_perm(const struct cred *cred, |
1524 | struct file *file, | 1524 | struct file *file, |
1525 | u32 av) | 1525 | u32 av) |
1526 | { | 1526 | { |
1527 | struct file_security_struct *fsec = file->f_security; | 1527 | struct file_security_struct *fsec = file->f_security; |
1528 | struct inode *inode = file->f_path.dentry->d_inode; | 1528 | struct inode *inode = file->f_path.dentry->d_inode; |
1529 | struct common_audit_data ad; | 1529 | struct common_audit_data ad; |
1530 | u32 sid = cred_sid(cred); | 1530 | u32 sid = cred_sid(cred); |
1531 | int rc; | 1531 | int rc; |
1532 | 1532 | ||
1533 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 1533 | COMMON_AUDIT_DATA_INIT(&ad, PATH); |
1534 | ad.u.fs.path = file->f_path; | 1534 | ad.u.path = file->f_path; |
1535 | 1535 | ||
1536 | if (sid != fsec->sid) { | 1536 | if (sid != fsec->sid) { |
1537 | rc = avc_has_perm(sid, fsec->sid, | 1537 | rc = avc_has_perm(sid, fsec->sid, |
1538 | SECCLASS_FD, | 1538 | SECCLASS_FD, |
1539 | FD__USE, | 1539 | FD__USE, |
1540 | &ad); | 1540 | &ad); |
1541 | if (rc) | 1541 | if (rc) |
1542 | goto out; | 1542 | goto out; |
1543 | } | 1543 | } |
1544 | 1544 | ||
1545 | /* av is zero if only checking access to the descriptor. */ | 1545 | /* av is zero if only checking access to the descriptor. */ |
1546 | rc = 0; | 1546 | rc = 0; |
1547 | if (av) | 1547 | if (av) |
1548 | rc = inode_has_perm(cred, inode, av, &ad, 0); | 1548 | rc = inode_has_perm(cred, inode, av, &ad, 0); |
1549 | 1549 | ||
1550 | out: | 1550 | out: |
1551 | return rc; | 1551 | return rc; |
1552 | } | 1552 | } |
1553 | 1553 | ||
1554 | /* Check whether a task can create a file. */ | 1554 | /* Check whether a task can create a file. */ |
1555 | static int may_create(struct inode *dir, | 1555 | static int may_create(struct inode *dir, |
1556 | struct dentry *dentry, | 1556 | struct dentry *dentry, |
1557 | u16 tclass) | 1557 | u16 tclass) |
1558 | { | 1558 | { |
1559 | const struct task_security_struct *tsec = current_security(); | 1559 | const struct task_security_struct *tsec = current_security(); |
1560 | struct inode_security_struct *dsec; | 1560 | struct inode_security_struct *dsec; |
1561 | struct superblock_security_struct *sbsec; | 1561 | struct superblock_security_struct *sbsec; |
1562 | u32 sid, newsid; | 1562 | u32 sid, newsid; |
1563 | struct common_audit_data ad; | 1563 | struct common_audit_data ad; |
1564 | int rc; | 1564 | int rc; |
1565 | 1565 | ||
1566 | dsec = dir->i_security; | 1566 | dsec = dir->i_security; |
1567 | sbsec = dir->i_sb->s_security; | 1567 | sbsec = dir->i_sb->s_security; |
1568 | 1568 | ||
1569 | sid = tsec->sid; | 1569 | sid = tsec->sid; |
1570 | newsid = tsec->create_sid; | 1570 | newsid = tsec->create_sid; |
1571 | 1571 | ||
1572 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 1572 | COMMON_AUDIT_DATA_INIT(&ad, PATH); |
1573 | ad.u.fs.path.dentry = dentry; | 1573 | ad.u.path.dentry = dentry; |
1574 | 1574 | ||
1575 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, | 1575 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, |
1576 | DIR__ADD_NAME | DIR__SEARCH, | 1576 | DIR__ADD_NAME | DIR__SEARCH, |
1577 | &ad); | 1577 | &ad); |
1578 | if (rc) | 1578 | if (rc) |
1579 | return rc; | 1579 | return rc; |
1580 | 1580 | ||
1581 | if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { | 1581 | if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { |
1582 | rc = security_transition_sid(sid, dsec->sid, tclass, NULL, &newsid); | 1582 | rc = security_transition_sid(sid, dsec->sid, tclass, NULL, &newsid); |
1583 | if (rc) | 1583 | if (rc) |
1584 | return rc; | 1584 | return rc; |
1585 | } | 1585 | } |
1586 | 1586 | ||
1587 | rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); | 1587 | rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); |
1588 | if (rc) | 1588 | if (rc) |
1589 | return rc; | 1589 | return rc; |
1590 | 1590 | ||
1591 | return avc_has_perm(newsid, sbsec->sid, | 1591 | return avc_has_perm(newsid, sbsec->sid, |
1592 | SECCLASS_FILESYSTEM, | 1592 | SECCLASS_FILESYSTEM, |
1593 | FILESYSTEM__ASSOCIATE, &ad); | 1593 | FILESYSTEM__ASSOCIATE, &ad); |
1594 | } | 1594 | } |
1595 | 1595 | ||
1596 | /* Check whether a task can create a key. */ | 1596 | /* Check whether a task can create a key. */ |
1597 | static int may_create_key(u32 ksid, | 1597 | static int may_create_key(u32 ksid, |
1598 | struct task_struct *ctx) | 1598 | struct task_struct *ctx) |
1599 | { | 1599 | { |
1600 | u32 sid = task_sid(ctx); | 1600 | u32 sid = task_sid(ctx); |
1601 | 1601 | ||
1602 | return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); | 1602 | return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); |
1603 | } | 1603 | } |
1604 | 1604 | ||
1605 | #define MAY_LINK 0 | 1605 | #define MAY_LINK 0 |
1606 | #define MAY_UNLINK 1 | 1606 | #define MAY_UNLINK 1 |
1607 | #define MAY_RMDIR 2 | 1607 | #define MAY_RMDIR 2 |
1608 | 1608 | ||
1609 | /* Check whether a task can link, unlink, or rmdir a file/directory. */ | 1609 | /* Check whether a task can link, unlink, or rmdir a file/directory. */ |
1610 | static int may_link(struct inode *dir, | 1610 | static int may_link(struct inode *dir, |
1611 | struct dentry *dentry, | 1611 | struct dentry *dentry, |
1612 | int kind) | 1612 | int kind) |
1613 | 1613 | ||
1614 | { | 1614 | { |
1615 | struct inode_security_struct *dsec, *isec; | 1615 | struct inode_security_struct *dsec, *isec; |
1616 | struct common_audit_data ad; | 1616 | struct common_audit_data ad; |
1617 | u32 sid = current_sid(); | 1617 | u32 sid = current_sid(); |
1618 | u32 av; | 1618 | u32 av; |
1619 | int rc; | 1619 | int rc; |
1620 | 1620 | ||
1621 | dsec = dir->i_security; | 1621 | dsec = dir->i_security; |
1622 | isec = dentry->d_inode->i_security; | 1622 | isec = dentry->d_inode->i_security; |
1623 | 1623 | ||
1624 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 1624 | COMMON_AUDIT_DATA_INIT(&ad, PATH); |
1625 | ad.u.fs.path.dentry = dentry; | 1625 | ad.u.path.dentry = dentry; |
1626 | 1626 | ||
1627 | av = DIR__SEARCH; | 1627 | av = DIR__SEARCH; |
1628 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); | 1628 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); |
1629 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); | 1629 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); |
1630 | if (rc) | 1630 | if (rc) |
1631 | return rc; | 1631 | return rc; |
1632 | 1632 | ||
1633 | switch (kind) { | 1633 | switch (kind) { |
1634 | case MAY_LINK: | 1634 | case MAY_LINK: |
1635 | av = FILE__LINK; | 1635 | av = FILE__LINK; |
1636 | break; | 1636 | break; |
1637 | case MAY_UNLINK: | 1637 | case MAY_UNLINK: |
1638 | av = FILE__UNLINK; | 1638 | av = FILE__UNLINK; |
1639 | break; | 1639 | break; |
1640 | case MAY_RMDIR: | 1640 | case MAY_RMDIR: |
1641 | av = DIR__RMDIR; | 1641 | av = DIR__RMDIR; |
1642 | break; | 1642 | break; |
1643 | default: | 1643 | default: |
1644 | printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n", | 1644 | printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n", |
1645 | __func__, kind); | 1645 | __func__, kind); |
1646 | return 0; | 1646 | return 0; |
1647 | } | 1647 | } |
1648 | 1648 | ||
1649 | rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); | 1649 | rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); |
1650 | return rc; | 1650 | return rc; |
1651 | } | 1651 | } |
1652 | 1652 | ||
1653 | static inline int may_rename(struct inode *old_dir, | 1653 | static inline int may_rename(struct inode *old_dir, |
1654 | struct dentry *old_dentry, | 1654 | struct dentry *old_dentry, |
1655 | struct inode *new_dir, | 1655 | struct inode *new_dir, |
1656 | struct dentry *new_dentry) | 1656 | struct dentry *new_dentry) |
1657 | { | 1657 | { |
1658 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; | 1658 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; |
1659 | struct common_audit_data ad; | 1659 | struct common_audit_data ad; |
1660 | u32 sid = current_sid(); | 1660 | u32 sid = current_sid(); |
1661 | u32 av; | 1661 | u32 av; |
1662 | int old_is_dir, new_is_dir; | 1662 | int old_is_dir, new_is_dir; |
1663 | int rc; | 1663 | int rc; |
1664 | 1664 | ||
1665 | old_dsec = old_dir->i_security; | 1665 | old_dsec = old_dir->i_security; |
1666 | old_isec = old_dentry->d_inode->i_security; | 1666 | old_isec = old_dentry->d_inode->i_security; |
1667 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); | 1667 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); |
1668 | new_dsec = new_dir->i_security; | 1668 | new_dsec = new_dir->i_security; |
1669 | 1669 | ||
1670 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 1670 | COMMON_AUDIT_DATA_INIT(&ad, PATH); |
1671 | 1671 | ||
1672 | ad.u.fs.path.dentry = old_dentry; | 1672 | ad.u.path.dentry = old_dentry; |
1673 | rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, | 1673 | rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, |
1674 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); | 1674 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); |
1675 | if (rc) | 1675 | if (rc) |
1676 | return rc; | 1676 | return rc; |
1677 | rc = avc_has_perm(sid, old_isec->sid, | 1677 | rc = avc_has_perm(sid, old_isec->sid, |
1678 | old_isec->sclass, FILE__RENAME, &ad); | 1678 | old_isec->sclass, FILE__RENAME, &ad); |
1679 | if (rc) | 1679 | if (rc) |
1680 | return rc; | 1680 | return rc; |
1681 | if (old_is_dir && new_dir != old_dir) { | 1681 | if (old_is_dir && new_dir != old_dir) { |
1682 | rc = avc_has_perm(sid, old_isec->sid, | 1682 | rc = avc_has_perm(sid, old_isec->sid, |
1683 | old_isec->sclass, DIR__REPARENT, &ad); | 1683 | old_isec->sclass, DIR__REPARENT, &ad); |
1684 | if (rc) | 1684 | if (rc) |
1685 | return rc; | 1685 | return rc; |
1686 | } | 1686 | } |
1687 | 1687 | ||
1688 | ad.u.fs.path.dentry = new_dentry; | 1688 | ad.u.path.dentry = new_dentry; |
1689 | av = DIR__ADD_NAME | DIR__SEARCH; | 1689 | av = DIR__ADD_NAME | DIR__SEARCH; |
1690 | if (new_dentry->d_inode) | 1690 | if (new_dentry->d_inode) |
1691 | av |= DIR__REMOVE_NAME; | 1691 | av |= DIR__REMOVE_NAME; |
1692 | rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); | 1692 | rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); |
1693 | if (rc) | 1693 | if (rc) |
1694 | return rc; | 1694 | return rc; |
1695 | if (new_dentry->d_inode) { | 1695 | if (new_dentry->d_inode) { |
1696 | new_isec = new_dentry->d_inode->i_security; | 1696 | new_isec = new_dentry->d_inode->i_security; |
1697 | new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); | 1697 | new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); |
1698 | rc = avc_has_perm(sid, new_isec->sid, | 1698 | rc = avc_has_perm(sid, new_isec->sid, |
1699 | new_isec->sclass, | 1699 | new_isec->sclass, |
1700 | (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); | 1700 | (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); |
1701 | if (rc) | 1701 | if (rc) |
1702 | return rc; | 1702 | return rc; |
1703 | } | 1703 | } |
1704 | 1704 | ||
1705 | return 0; | 1705 | return 0; |
1706 | } | 1706 | } |
1707 | 1707 | ||
1708 | /* Check whether a task can perform a filesystem operation. */ | 1708 | /* Check whether a task can perform a filesystem operation. */ |
1709 | static int superblock_has_perm(const struct cred *cred, | 1709 | static int superblock_has_perm(const struct cred *cred, |
1710 | struct super_block *sb, | 1710 | struct super_block *sb, |
1711 | u32 perms, | 1711 | u32 perms, |
1712 | struct common_audit_data *ad) | 1712 | struct common_audit_data *ad) |
1713 | { | 1713 | { |
1714 | struct superblock_security_struct *sbsec; | 1714 | struct superblock_security_struct *sbsec; |
1715 | u32 sid = cred_sid(cred); | 1715 | u32 sid = cred_sid(cred); |
1716 | 1716 | ||
1717 | sbsec = sb->s_security; | 1717 | sbsec = sb->s_security; |
1718 | return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); | 1718 | return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); |
1719 | } | 1719 | } |
1720 | 1720 | ||
1721 | /* Convert a Linux mode and permission mask to an access vector. */ | 1721 | /* Convert a Linux mode and permission mask to an access vector. */ |
1722 | static inline u32 file_mask_to_av(int mode, int mask) | 1722 | static inline u32 file_mask_to_av(int mode, int mask) |
1723 | { | 1723 | { |
1724 | u32 av = 0; | 1724 | u32 av = 0; |
1725 | 1725 | ||
1726 | if ((mode & S_IFMT) != S_IFDIR) { | 1726 | if ((mode & S_IFMT) != S_IFDIR) { |
1727 | if (mask & MAY_EXEC) | 1727 | if (mask & MAY_EXEC) |
1728 | av |= FILE__EXECUTE; | 1728 | av |= FILE__EXECUTE; |
1729 | if (mask & MAY_READ) | 1729 | if (mask & MAY_READ) |
1730 | av |= FILE__READ; | 1730 | av |= FILE__READ; |
1731 | 1731 | ||
1732 | if (mask & MAY_APPEND) | 1732 | if (mask & MAY_APPEND) |
1733 | av |= FILE__APPEND; | 1733 | av |= FILE__APPEND; |
1734 | else if (mask & MAY_WRITE) | 1734 | else if (mask & MAY_WRITE) |
1735 | av |= FILE__WRITE; | 1735 | av |= FILE__WRITE; |
1736 | 1736 | ||
1737 | } else { | 1737 | } else { |
1738 | if (mask & MAY_EXEC) | 1738 | if (mask & MAY_EXEC) |
1739 | av |= DIR__SEARCH; | 1739 | av |= DIR__SEARCH; |
1740 | if (mask & MAY_WRITE) | 1740 | if (mask & MAY_WRITE) |
1741 | av |= DIR__WRITE; | 1741 | av |= DIR__WRITE; |
1742 | if (mask & MAY_READ) | 1742 | if (mask & MAY_READ) |
1743 | av |= DIR__READ; | 1743 | av |= DIR__READ; |
1744 | } | 1744 | } |
1745 | 1745 | ||
1746 | return av; | 1746 | return av; |
1747 | } | 1747 | } |
1748 | 1748 | ||
1749 | /* Convert a Linux file to an access vector. */ | 1749 | /* Convert a Linux file to an access vector. */ |
1750 | static inline u32 file_to_av(struct file *file) | 1750 | static inline u32 file_to_av(struct file *file) |
1751 | { | 1751 | { |
1752 | u32 av = 0; | 1752 | u32 av = 0; |
1753 | 1753 | ||
1754 | if (file->f_mode & FMODE_READ) | 1754 | if (file->f_mode & FMODE_READ) |
1755 | av |= FILE__READ; | 1755 | av |= FILE__READ; |
1756 | if (file->f_mode & FMODE_WRITE) { | 1756 | if (file->f_mode & FMODE_WRITE) { |
1757 | if (file->f_flags & O_APPEND) | 1757 | if (file->f_flags & O_APPEND) |
1758 | av |= FILE__APPEND; | 1758 | av |= FILE__APPEND; |
1759 | else | 1759 | else |
1760 | av |= FILE__WRITE; | 1760 | av |= FILE__WRITE; |
1761 | } | 1761 | } |
1762 | if (!av) { | 1762 | if (!av) { |
1763 | /* | 1763 | /* |
1764 | * Special file opened with flags 3 for ioctl-only use. | 1764 | * Special file opened with flags 3 for ioctl-only use. |
1765 | */ | 1765 | */ |
1766 | av = FILE__IOCTL; | 1766 | av = FILE__IOCTL; |
1767 | } | 1767 | } |
1768 | 1768 | ||
1769 | return av; | 1769 | return av; |
1770 | } | 1770 | } |
1771 | 1771 | ||
1772 | /* | 1772 | /* |
1773 | * Convert a file to an access vector and include the correct open | 1773 | * Convert a file to an access vector and include the correct open |
1774 | * open permission. | 1774 | * open permission. |
1775 | */ | 1775 | */ |
1776 | static inline u32 open_file_to_av(struct file *file) | 1776 | static inline u32 open_file_to_av(struct file *file) |
1777 | { | 1777 | { |
1778 | u32 av = file_to_av(file); | 1778 | u32 av = file_to_av(file); |
1779 | 1779 | ||
1780 | if (selinux_policycap_openperm) | 1780 | if (selinux_policycap_openperm) |
1781 | av |= FILE__OPEN; | 1781 | av |= FILE__OPEN; |
1782 | 1782 | ||
1783 | return av; | 1783 | return av; |
1784 | } | 1784 | } |
1785 | 1785 | ||
1786 | /* Hook functions begin here. */ | 1786 | /* Hook functions begin here. */ |
1787 | 1787 | ||
1788 | static int selinux_ptrace_access_check(struct task_struct *child, | 1788 | static int selinux_ptrace_access_check(struct task_struct *child, |
1789 | unsigned int mode) | 1789 | unsigned int mode) |
1790 | { | 1790 | { |
1791 | int rc; | 1791 | int rc; |
1792 | 1792 | ||
1793 | rc = cap_ptrace_access_check(child, mode); | 1793 | rc = cap_ptrace_access_check(child, mode); |
1794 | if (rc) | 1794 | if (rc) |
1795 | return rc; | 1795 | return rc; |
1796 | 1796 | ||
1797 | if (mode == PTRACE_MODE_READ) { | 1797 | if (mode == PTRACE_MODE_READ) { |
1798 | u32 sid = current_sid(); | 1798 | u32 sid = current_sid(); |
1799 | u32 csid = task_sid(child); | 1799 | u32 csid = task_sid(child); |
1800 | return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL); | 1800 | return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL); |
1801 | } | 1801 | } |
1802 | 1802 | ||
1803 | return current_has_perm(child, PROCESS__PTRACE); | 1803 | return current_has_perm(child, PROCESS__PTRACE); |
1804 | } | 1804 | } |
1805 | 1805 | ||
1806 | static int selinux_ptrace_traceme(struct task_struct *parent) | 1806 | static int selinux_ptrace_traceme(struct task_struct *parent) |
1807 | { | 1807 | { |
1808 | int rc; | 1808 | int rc; |
1809 | 1809 | ||
1810 | rc = cap_ptrace_traceme(parent); | 1810 | rc = cap_ptrace_traceme(parent); |
1811 | if (rc) | 1811 | if (rc) |
1812 | return rc; | 1812 | return rc; |
1813 | 1813 | ||
1814 | return task_has_perm(parent, current, PROCESS__PTRACE); | 1814 | return task_has_perm(parent, current, PROCESS__PTRACE); |
1815 | } | 1815 | } |
1816 | 1816 | ||
1817 | static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, | 1817 | static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, |
1818 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 1818 | kernel_cap_t *inheritable, kernel_cap_t *permitted) |
1819 | { | 1819 | { |
1820 | int error; | 1820 | int error; |
1821 | 1821 | ||
1822 | error = current_has_perm(target, PROCESS__GETCAP); | 1822 | error = current_has_perm(target, PROCESS__GETCAP); |
1823 | if (error) | 1823 | if (error) |
1824 | return error; | 1824 | return error; |
1825 | 1825 | ||
1826 | return cap_capget(target, effective, inheritable, permitted); | 1826 | return cap_capget(target, effective, inheritable, permitted); |
1827 | } | 1827 | } |
1828 | 1828 | ||
1829 | static int selinux_capset(struct cred *new, const struct cred *old, | 1829 | static int selinux_capset(struct cred *new, const struct cred *old, |
1830 | const kernel_cap_t *effective, | 1830 | const kernel_cap_t *effective, |
1831 | const kernel_cap_t *inheritable, | 1831 | const kernel_cap_t *inheritable, |
1832 | const kernel_cap_t *permitted) | 1832 | const kernel_cap_t *permitted) |
1833 | { | 1833 | { |
1834 | int error; | 1834 | int error; |
1835 | 1835 | ||
1836 | error = cap_capset(new, old, | 1836 | error = cap_capset(new, old, |
1837 | effective, inheritable, permitted); | 1837 | effective, inheritable, permitted); |
1838 | if (error) | 1838 | if (error) |
1839 | return error; | 1839 | return error; |
1840 | 1840 | ||
1841 | return cred_has_perm(old, new, PROCESS__SETCAP); | 1841 | return cred_has_perm(old, new, PROCESS__SETCAP); |
1842 | } | 1842 | } |
1843 | 1843 | ||
1844 | /* | 1844 | /* |
1845 | * (This comment used to live with the selinux_task_setuid hook, | 1845 | * (This comment used to live with the selinux_task_setuid hook, |
1846 | * which was removed). | 1846 | * which was removed). |
1847 | * | 1847 | * |
1848 | * Since setuid only affects the current process, and since the SELinux | 1848 | * Since setuid only affects the current process, and since the SELinux |
1849 | * controls are not based on the Linux identity attributes, SELinux does not | 1849 | * controls are not based on the Linux identity attributes, SELinux does not |
1850 | * need to control this operation. However, SELinux does control the use of | 1850 | * need to control this operation. However, SELinux does control the use of |
1851 | * the CAP_SETUID and CAP_SETGID capabilities using the capable hook. | 1851 | * the CAP_SETUID and CAP_SETGID capabilities using the capable hook. |
1852 | */ | 1852 | */ |
1853 | 1853 | ||
1854 | static int selinux_capable(struct task_struct *tsk, const struct cred *cred, | 1854 | static int selinux_capable(struct task_struct *tsk, const struct cred *cred, |
1855 | int cap, int audit) | 1855 | int cap, int audit) |
1856 | { | 1856 | { |
1857 | int rc; | 1857 | int rc; |
1858 | 1858 | ||
1859 | rc = cap_capable(tsk, cred, cap, audit); | 1859 | rc = cap_capable(tsk, cred, cap, audit); |
1860 | if (rc) | 1860 | if (rc) |
1861 | return rc; | 1861 | return rc; |
1862 | 1862 | ||
1863 | return task_has_capability(tsk, cred, cap, audit); | 1863 | return task_has_capability(tsk, cred, cap, audit); |
1864 | } | 1864 | } |
1865 | 1865 | ||
1866 | static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) | 1866 | static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) |
1867 | { | 1867 | { |
1868 | const struct cred *cred = current_cred(); | 1868 | const struct cred *cred = current_cred(); |
1869 | int rc = 0; | 1869 | int rc = 0; |
1870 | 1870 | ||
1871 | if (!sb) | 1871 | if (!sb) |
1872 | return 0; | 1872 | return 0; |
1873 | 1873 | ||
1874 | switch (cmds) { | 1874 | switch (cmds) { |
1875 | case Q_SYNC: | 1875 | case Q_SYNC: |
1876 | case Q_QUOTAON: | 1876 | case Q_QUOTAON: |
1877 | case Q_QUOTAOFF: | 1877 | case Q_QUOTAOFF: |
1878 | case Q_SETINFO: | 1878 | case Q_SETINFO: |
1879 | case Q_SETQUOTA: | 1879 | case Q_SETQUOTA: |
1880 | rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL); | 1880 | rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL); |
1881 | break; | 1881 | break; |
1882 | case Q_GETFMT: | 1882 | case Q_GETFMT: |
1883 | case Q_GETINFO: | 1883 | case Q_GETINFO: |
1884 | case Q_GETQUOTA: | 1884 | case Q_GETQUOTA: |
1885 | rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL); | 1885 | rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL); |
1886 | break; | 1886 | break; |
1887 | default: | 1887 | default: |
1888 | rc = 0; /* let the kernel handle invalid cmds */ | 1888 | rc = 0; /* let the kernel handle invalid cmds */ |
1889 | break; | 1889 | break; |
1890 | } | 1890 | } |
1891 | return rc; | 1891 | return rc; |
1892 | } | 1892 | } |
1893 | 1893 | ||
1894 | static int selinux_quota_on(struct dentry *dentry) | 1894 | static int selinux_quota_on(struct dentry *dentry) |
1895 | { | 1895 | { |
1896 | const struct cred *cred = current_cred(); | 1896 | const struct cred *cred = current_cred(); |
1897 | 1897 | ||
1898 | return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON); | 1898 | return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON); |
1899 | } | 1899 | } |
1900 | 1900 | ||
1901 | static int selinux_syslog(int type) | 1901 | static int selinux_syslog(int type) |
1902 | { | 1902 | { |
1903 | int rc; | 1903 | int rc; |
1904 | 1904 | ||
1905 | switch (type) { | 1905 | switch (type) { |
1906 | case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */ | 1906 | case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */ |
1907 | case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */ | 1907 | case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */ |
1908 | rc = task_has_system(current, SYSTEM__SYSLOG_READ); | 1908 | rc = task_has_system(current, SYSTEM__SYSLOG_READ); |
1909 | break; | 1909 | break; |
1910 | case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */ | 1910 | case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */ |
1911 | case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */ | 1911 | case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */ |
1912 | /* Set level of messages printed to console */ | 1912 | /* Set level of messages printed to console */ |
1913 | case SYSLOG_ACTION_CONSOLE_LEVEL: | 1913 | case SYSLOG_ACTION_CONSOLE_LEVEL: |
1914 | rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); | 1914 | rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); |
1915 | break; | 1915 | break; |
1916 | case SYSLOG_ACTION_CLOSE: /* Close log */ | 1916 | case SYSLOG_ACTION_CLOSE: /* Close log */ |
1917 | case SYSLOG_ACTION_OPEN: /* Open log */ | 1917 | case SYSLOG_ACTION_OPEN: /* Open log */ |
1918 | case SYSLOG_ACTION_READ: /* Read from log */ | 1918 | case SYSLOG_ACTION_READ: /* Read from log */ |
1919 | case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */ | 1919 | case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */ |
1920 | case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */ | 1920 | case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */ |
1921 | default: | 1921 | default: |
1922 | rc = task_has_system(current, SYSTEM__SYSLOG_MOD); | 1922 | rc = task_has_system(current, SYSTEM__SYSLOG_MOD); |
1923 | break; | 1923 | break; |
1924 | } | 1924 | } |
1925 | return rc; | 1925 | return rc; |
1926 | } | 1926 | } |
1927 | 1927 | ||
1928 | /* | 1928 | /* |
1929 | * Check that a process has enough memory to allocate a new virtual | 1929 | * Check that a process has enough memory to allocate a new virtual |
1930 | * mapping. 0 means there is enough memory for the allocation to | 1930 | * mapping. 0 means there is enough memory for the allocation to |
1931 | * succeed and -ENOMEM implies there is not. | 1931 | * succeed and -ENOMEM implies there is not. |
1932 | * | 1932 | * |
1933 | * Do not audit the selinux permission check, as this is applied to all | 1933 | * Do not audit the selinux permission check, as this is applied to all |
1934 | * processes that allocate mappings. | 1934 | * processes that allocate mappings. |
1935 | */ | 1935 | */ |
1936 | static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | 1936 | static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) |
1937 | { | 1937 | { |
1938 | int rc, cap_sys_admin = 0; | 1938 | int rc, cap_sys_admin = 0; |
1939 | 1939 | ||
1940 | rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN, | 1940 | rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN, |
1941 | SECURITY_CAP_NOAUDIT); | 1941 | SECURITY_CAP_NOAUDIT); |
1942 | if (rc == 0) | 1942 | if (rc == 0) |
1943 | cap_sys_admin = 1; | 1943 | cap_sys_admin = 1; |
1944 | 1944 | ||
1945 | return __vm_enough_memory(mm, pages, cap_sys_admin); | 1945 | return __vm_enough_memory(mm, pages, cap_sys_admin); |
1946 | } | 1946 | } |
1947 | 1947 | ||
1948 | /* binprm security operations */ | 1948 | /* binprm security operations */ |
1949 | 1949 | ||
1950 | static int selinux_bprm_set_creds(struct linux_binprm *bprm) | 1950 | static int selinux_bprm_set_creds(struct linux_binprm *bprm) |
1951 | { | 1951 | { |
1952 | const struct task_security_struct *old_tsec; | 1952 | const struct task_security_struct *old_tsec; |
1953 | struct task_security_struct *new_tsec; | 1953 | struct task_security_struct *new_tsec; |
1954 | struct inode_security_struct *isec; | 1954 | struct inode_security_struct *isec; |
1955 | struct common_audit_data ad; | 1955 | struct common_audit_data ad; |
1956 | struct inode *inode = bprm->file->f_path.dentry->d_inode; | 1956 | struct inode *inode = bprm->file->f_path.dentry->d_inode; |
1957 | int rc; | 1957 | int rc; |
1958 | 1958 | ||
1959 | rc = cap_bprm_set_creds(bprm); | 1959 | rc = cap_bprm_set_creds(bprm); |
1960 | if (rc) | 1960 | if (rc) |
1961 | return rc; | 1961 | return rc; |
1962 | 1962 | ||
1963 | /* SELinux context only depends on initial program or script and not | 1963 | /* SELinux context only depends on initial program or script and not |
1964 | * the script interpreter */ | 1964 | * the script interpreter */ |
1965 | if (bprm->cred_prepared) | 1965 | if (bprm->cred_prepared) |
1966 | return 0; | 1966 | return 0; |
1967 | 1967 | ||
1968 | old_tsec = current_security(); | 1968 | old_tsec = current_security(); |
1969 | new_tsec = bprm->cred->security; | 1969 | new_tsec = bprm->cred->security; |
1970 | isec = inode->i_security; | 1970 | isec = inode->i_security; |
1971 | 1971 | ||
1972 | /* Default to the current task SID. */ | 1972 | /* Default to the current task SID. */ |
1973 | new_tsec->sid = old_tsec->sid; | 1973 | new_tsec->sid = old_tsec->sid; |
1974 | new_tsec->osid = old_tsec->sid; | 1974 | new_tsec->osid = old_tsec->sid; |
1975 | 1975 | ||
1976 | /* Reset fs, key, and sock SIDs on execve. */ | 1976 | /* Reset fs, key, and sock SIDs on execve. */ |
1977 | new_tsec->create_sid = 0; | 1977 | new_tsec->create_sid = 0; |
1978 | new_tsec->keycreate_sid = 0; | 1978 | new_tsec->keycreate_sid = 0; |
1979 | new_tsec->sockcreate_sid = 0; | 1979 | new_tsec->sockcreate_sid = 0; |
1980 | 1980 | ||
1981 | if (old_tsec->exec_sid) { | 1981 | if (old_tsec->exec_sid) { |
1982 | new_tsec->sid = old_tsec->exec_sid; | 1982 | new_tsec->sid = old_tsec->exec_sid; |
1983 | /* Reset exec SID on execve. */ | 1983 | /* Reset exec SID on execve. */ |
1984 | new_tsec->exec_sid = 0; | 1984 | new_tsec->exec_sid = 0; |
1985 | } else { | 1985 | } else { |
1986 | /* Check for a default transition on this program. */ | 1986 | /* Check for a default transition on this program. */ |
1987 | rc = security_transition_sid(old_tsec->sid, isec->sid, | 1987 | rc = security_transition_sid(old_tsec->sid, isec->sid, |
1988 | SECCLASS_PROCESS, NULL, | 1988 | SECCLASS_PROCESS, NULL, |
1989 | &new_tsec->sid); | 1989 | &new_tsec->sid); |
1990 | if (rc) | 1990 | if (rc) |
1991 | return rc; | 1991 | return rc; |
1992 | } | 1992 | } |
1993 | 1993 | ||
1994 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 1994 | COMMON_AUDIT_DATA_INIT(&ad, PATH); |
1995 | ad.u.fs.path = bprm->file->f_path; | 1995 | ad.u.path = bprm->file->f_path; |
1996 | 1996 | ||
1997 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) | 1997 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
1998 | new_tsec->sid = old_tsec->sid; | 1998 | new_tsec->sid = old_tsec->sid; |
1999 | 1999 | ||
2000 | if (new_tsec->sid == old_tsec->sid) { | 2000 | if (new_tsec->sid == old_tsec->sid) { |
2001 | rc = avc_has_perm(old_tsec->sid, isec->sid, | 2001 | rc = avc_has_perm(old_tsec->sid, isec->sid, |
2002 | SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); | 2002 | SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); |
2003 | if (rc) | 2003 | if (rc) |
2004 | return rc; | 2004 | return rc; |
2005 | } else { | 2005 | } else { |
2006 | /* Check permissions for the transition. */ | 2006 | /* Check permissions for the transition. */ |
2007 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, | 2007 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, |
2008 | SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); | 2008 | SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); |
2009 | if (rc) | 2009 | if (rc) |
2010 | return rc; | 2010 | return rc; |
2011 | 2011 | ||
2012 | rc = avc_has_perm(new_tsec->sid, isec->sid, | 2012 | rc = avc_has_perm(new_tsec->sid, isec->sid, |
2013 | SECCLASS_FILE, FILE__ENTRYPOINT, &ad); | 2013 | SECCLASS_FILE, FILE__ENTRYPOINT, &ad); |
2014 | if (rc) | 2014 | if (rc) |
2015 | return rc; | 2015 | return rc; |
2016 | 2016 | ||
2017 | /* Check for shared state */ | 2017 | /* Check for shared state */ |
2018 | if (bprm->unsafe & LSM_UNSAFE_SHARE) { | 2018 | if (bprm->unsafe & LSM_UNSAFE_SHARE) { |
2019 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, | 2019 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, |
2020 | SECCLASS_PROCESS, PROCESS__SHARE, | 2020 | SECCLASS_PROCESS, PROCESS__SHARE, |
2021 | NULL); | 2021 | NULL); |
2022 | if (rc) | 2022 | if (rc) |
2023 | return -EPERM; | 2023 | return -EPERM; |
2024 | } | 2024 | } |
2025 | 2025 | ||
2026 | /* Make sure that anyone attempting to ptrace over a task that | 2026 | /* Make sure that anyone attempting to ptrace over a task that |
2027 | * changes its SID has the appropriate permit */ | 2027 | * changes its SID has the appropriate permit */ |
2028 | if (bprm->unsafe & | 2028 | if (bprm->unsafe & |
2029 | (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { | 2029 | (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { |
2030 | struct task_struct *tracer; | 2030 | struct task_struct *tracer; |
2031 | struct task_security_struct *sec; | 2031 | struct task_security_struct *sec; |
2032 | u32 ptsid = 0; | 2032 | u32 ptsid = 0; |
2033 | 2033 | ||
2034 | rcu_read_lock(); | 2034 | rcu_read_lock(); |
2035 | tracer = tracehook_tracer_task(current); | 2035 | tracer = tracehook_tracer_task(current); |
2036 | if (likely(tracer != NULL)) { | 2036 | if (likely(tracer != NULL)) { |
2037 | sec = __task_cred(tracer)->security; | 2037 | sec = __task_cred(tracer)->security; |
2038 | ptsid = sec->sid; | 2038 | ptsid = sec->sid; |
2039 | } | 2039 | } |
2040 | rcu_read_unlock(); | 2040 | rcu_read_unlock(); |
2041 | 2041 | ||
2042 | if (ptsid != 0) { | 2042 | if (ptsid != 0) { |
2043 | rc = avc_has_perm(ptsid, new_tsec->sid, | 2043 | rc = avc_has_perm(ptsid, new_tsec->sid, |
2044 | SECCLASS_PROCESS, | 2044 | SECCLASS_PROCESS, |
2045 | PROCESS__PTRACE, NULL); | 2045 | PROCESS__PTRACE, NULL); |
2046 | if (rc) | 2046 | if (rc) |
2047 | return -EPERM; | 2047 | return -EPERM; |
2048 | } | 2048 | } |
2049 | } | 2049 | } |
2050 | 2050 | ||
2051 | /* Clear any possibly unsafe personality bits on exec: */ | 2051 | /* Clear any possibly unsafe personality bits on exec: */ |
2052 | bprm->per_clear |= PER_CLEAR_ON_SETID; | 2052 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
2053 | } | 2053 | } |
2054 | 2054 | ||
2055 | return 0; | 2055 | return 0; |
2056 | } | 2056 | } |
2057 | 2057 | ||
2058 | static int selinux_bprm_secureexec(struct linux_binprm *bprm) | 2058 | static int selinux_bprm_secureexec(struct linux_binprm *bprm) |
2059 | { | 2059 | { |
2060 | const struct task_security_struct *tsec = current_security(); | 2060 | const struct task_security_struct *tsec = current_security(); |
2061 | u32 sid, osid; | 2061 | u32 sid, osid; |
2062 | int atsecure = 0; | 2062 | int atsecure = 0; |
2063 | 2063 | ||
2064 | sid = tsec->sid; | 2064 | sid = tsec->sid; |
2065 | osid = tsec->osid; | 2065 | osid = tsec->osid; |
2066 | 2066 | ||
2067 | if (osid != sid) { | 2067 | if (osid != sid) { |
2068 | /* Enable secure mode for SIDs transitions unless | 2068 | /* Enable secure mode for SIDs transitions unless |
2069 | the noatsecure permission is granted between | 2069 | the noatsecure permission is granted between |
2070 | the two SIDs, i.e. ahp returns 0. */ | 2070 | the two SIDs, i.e. ahp returns 0. */ |
2071 | atsecure = avc_has_perm(osid, sid, | 2071 | atsecure = avc_has_perm(osid, sid, |
2072 | SECCLASS_PROCESS, | 2072 | SECCLASS_PROCESS, |
2073 | PROCESS__NOATSECURE, NULL); | 2073 | PROCESS__NOATSECURE, NULL); |
2074 | } | 2074 | } |
2075 | 2075 | ||
2076 | return (atsecure || cap_bprm_secureexec(bprm)); | 2076 | return (atsecure || cap_bprm_secureexec(bprm)); |
2077 | } | 2077 | } |
2078 | 2078 | ||
2079 | extern struct vfsmount *selinuxfs_mount; | 2079 | extern struct vfsmount *selinuxfs_mount; |
2080 | extern struct dentry *selinux_null; | 2080 | extern struct dentry *selinux_null; |
2081 | 2081 | ||
2082 | /* Derived from fs/exec.c:flush_old_files. */ | 2082 | /* Derived from fs/exec.c:flush_old_files. */ |
2083 | static inline void flush_unauthorized_files(const struct cred *cred, | 2083 | static inline void flush_unauthorized_files(const struct cred *cred, |
2084 | struct files_struct *files) | 2084 | struct files_struct *files) |
2085 | { | 2085 | { |
2086 | struct common_audit_data ad; | 2086 | struct common_audit_data ad; |
2087 | struct file *file, *devnull = NULL; | 2087 | struct file *file, *devnull = NULL; |
2088 | struct tty_struct *tty; | 2088 | struct tty_struct *tty; |
2089 | struct fdtable *fdt; | 2089 | struct fdtable *fdt; |
2090 | long j = -1; | 2090 | long j = -1; |
2091 | int drop_tty = 0; | 2091 | int drop_tty = 0; |
2092 | 2092 | ||
2093 | tty = get_current_tty(); | 2093 | tty = get_current_tty(); |
2094 | if (tty) { | 2094 | if (tty) { |
2095 | spin_lock(&tty_files_lock); | 2095 | spin_lock(&tty_files_lock); |
2096 | if (!list_empty(&tty->tty_files)) { | 2096 | if (!list_empty(&tty->tty_files)) { |
2097 | struct tty_file_private *file_priv; | 2097 | struct tty_file_private *file_priv; |
2098 | struct inode *inode; | 2098 | struct inode *inode; |
2099 | 2099 | ||
2100 | /* Revalidate access to controlling tty. | 2100 | /* Revalidate access to controlling tty. |
2101 | Use inode_has_perm on the tty inode directly rather | 2101 | Use inode_has_perm on the tty inode directly rather |
2102 | than using file_has_perm, as this particular open | 2102 | than using file_has_perm, as this particular open |
2103 | file may belong to another process and we are only | 2103 | file may belong to another process and we are only |
2104 | interested in the inode-based check here. */ | 2104 | interested in the inode-based check here. */ |
2105 | file_priv = list_first_entry(&tty->tty_files, | 2105 | file_priv = list_first_entry(&tty->tty_files, |
2106 | struct tty_file_private, list); | 2106 | struct tty_file_private, list); |
2107 | file = file_priv->file; | 2107 | file = file_priv->file; |
2108 | inode = file->f_path.dentry->d_inode; | 2108 | inode = file->f_path.dentry->d_inode; |
2109 | if (inode_has_perm(cred, inode, | 2109 | if (inode_has_perm(cred, inode, |
2110 | FILE__READ | FILE__WRITE, NULL, 0)) { | 2110 | FILE__READ | FILE__WRITE, NULL, 0)) { |
2111 | drop_tty = 1; | 2111 | drop_tty = 1; |
2112 | } | 2112 | } |
2113 | } | 2113 | } |
2114 | spin_unlock(&tty_files_lock); | 2114 | spin_unlock(&tty_files_lock); |
2115 | tty_kref_put(tty); | 2115 | tty_kref_put(tty); |
2116 | } | 2116 | } |
2117 | /* Reset controlling tty. */ | 2117 | /* Reset controlling tty. */ |
2118 | if (drop_tty) | 2118 | if (drop_tty) |
2119 | no_tty(); | 2119 | no_tty(); |
2120 | 2120 | ||
2121 | /* Revalidate access to inherited open files. */ | 2121 | /* Revalidate access to inherited open files. */ |
2122 | 2122 | ||
2123 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 2123 | COMMON_AUDIT_DATA_INIT(&ad, INODE); |
2124 | 2124 | ||
2125 | spin_lock(&files->file_lock); | 2125 | spin_lock(&files->file_lock); |
2126 | for (;;) { | 2126 | for (;;) { |
2127 | unsigned long set, i; | 2127 | unsigned long set, i; |
2128 | int fd; | 2128 | int fd; |
2129 | 2129 | ||
2130 | j++; | 2130 | j++; |
2131 | i = j * __NFDBITS; | 2131 | i = j * __NFDBITS; |
2132 | fdt = files_fdtable(files); | 2132 | fdt = files_fdtable(files); |
2133 | if (i >= fdt->max_fds) | 2133 | if (i >= fdt->max_fds) |
2134 | break; | 2134 | break; |
2135 | set = fdt->open_fds->fds_bits[j]; | 2135 | set = fdt->open_fds->fds_bits[j]; |
2136 | if (!set) | 2136 | if (!set) |
2137 | continue; | 2137 | continue; |
2138 | spin_unlock(&files->file_lock); | 2138 | spin_unlock(&files->file_lock); |
2139 | for ( ; set ; i++, set >>= 1) { | 2139 | for ( ; set ; i++, set >>= 1) { |
2140 | if (set & 1) { | 2140 | if (set & 1) { |
2141 | file = fget(i); | 2141 | file = fget(i); |
2142 | if (!file) | 2142 | if (!file) |
2143 | continue; | 2143 | continue; |
2144 | if (file_has_perm(cred, | 2144 | if (file_has_perm(cred, |
2145 | file, | 2145 | file, |
2146 | file_to_av(file))) { | 2146 | file_to_av(file))) { |
2147 | sys_close(i); | 2147 | sys_close(i); |
2148 | fd = get_unused_fd(); | 2148 | fd = get_unused_fd(); |
2149 | if (fd != i) { | 2149 | if (fd != i) { |
2150 | if (fd >= 0) | 2150 | if (fd >= 0) |
2151 | put_unused_fd(fd); | 2151 | put_unused_fd(fd); |
2152 | fput(file); | 2152 | fput(file); |
2153 | continue; | 2153 | continue; |
2154 | } | 2154 | } |
2155 | if (devnull) { | 2155 | if (devnull) { |
2156 | get_file(devnull); | 2156 | get_file(devnull); |
2157 | } else { | 2157 | } else { |
2158 | devnull = dentry_open( | 2158 | devnull = dentry_open( |
2159 | dget(selinux_null), | 2159 | dget(selinux_null), |
2160 | mntget(selinuxfs_mount), | 2160 | mntget(selinuxfs_mount), |
2161 | O_RDWR, cred); | 2161 | O_RDWR, cred); |
2162 | if (IS_ERR(devnull)) { | 2162 | if (IS_ERR(devnull)) { |
2163 | devnull = NULL; | 2163 | devnull = NULL; |
2164 | put_unused_fd(fd); | 2164 | put_unused_fd(fd); |
2165 | fput(file); | 2165 | fput(file); |
2166 | continue; | 2166 | continue; |
2167 | } | 2167 | } |
2168 | } | 2168 | } |
2169 | fd_install(fd, devnull); | 2169 | fd_install(fd, devnull); |
2170 | } | 2170 | } |
2171 | fput(file); | 2171 | fput(file); |
2172 | } | 2172 | } |
2173 | } | 2173 | } |
2174 | spin_lock(&files->file_lock); | 2174 | spin_lock(&files->file_lock); |
2175 | 2175 | ||
2176 | } | 2176 | } |
2177 | spin_unlock(&files->file_lock); | 2177 | spin_unlock(&files->file_lock); |
2178 | } | 2178 | } |
2179 | 2179 | ||
2180 | /* | 2180 | /* |
2181 | * Prepare a process for imminent new credential changes due to exec | 2181 | * Prepare a process for imminent new credential changes due to exec |
2182 | */ | 2182 | */ |
2183 | static void selinux_bprm_committing_creds(struct linux_binprm *bprm) | 2183 | static void selinux_bprm_committing_creds(struct linux_binprm *bprm) |
2184 | { | 2184 | { |
2185 | struct task_security_struct *new_tsec; | 2185 | struct task_security_struct *new_tsec; |
2186 | struct rlimit *rlim, *initrlim; | 2186 | struct rlimit *rlim, *initrlim; |
2187 | int rc, i; | 2187 | int rc, i; |
2188 | 2188 | ||
2189 | new_tsec = bprm->cred->security; | 2189 | new_tsec = bprm->cred->security; |
2190 | if (new_tsec->sid == new_tsec->osid) | 2190 | if (new_tsec->sid == new_tsec->osid) |
2191 | return; | 2191 | return; |
2192 | 2192 | ||
2193 | /* Close files for which the new task SID is not authorized. */ | 2193 | /* Close files for which the new task SID is not authorized. */ |
2194 | flush_unauthorized_files(bprm->cred, current->files); | 2194 | flush_unauthorized_files(bprm->cred, current->files); |
2195 | 2195 | ||
2196 | /* Always clear parent death signal on SID transitions. */ | 2196 | /* Always clear parent death signal on SID transitions. */ |
2197 | current->pdeath_signal = 0; | 2197 | current->pdeath_signal = 0; |
2198 | 2198 | ||
2199 | /* Check whether the new SID can inherit resource limits from the old | 2199 | /* Check whether the new SID can inherit resource limits from the old |
2200 | * SID. If not, reset all soft limits to the lower of the current | 2200 | * SID. If not, reset all soft limits to the lower of the current |
2201 | * task's hard limit and the init task's soft limit. | 2201 | * task's hard limit and the init task's soft limit. |
2202 | * | 2202 | * |
2203 | * Note that the setting of hard limits (even to lower them) can be | 2203 | * Note that the setting of hard limits (even to lower them) can be |
2204 | * controlled by the setrlimit check. The inclusion of the init task's | 2204 | * controlled by the setrlimit check. The inclusion of the init task's |
2205 | * soft limit into the computation is to avoid resetting soft limits | 2205 | * soft limit into the computation is to avoid resetting soft limits |
2206 | * higher than the default soft limit for cases where the default is | 2206 | * higher than the default soft limit for cases where the default is |
2207 | * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK. | 2207 | * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK. |
2208 | */ | 2208 | */ |
2209 | rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, | 2209 | rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, |
2210 | PROCESS__RLIMITINH, NULL); | 2210 | PROCESS__RLIMITINH, NULL); |
2211 | if (rc) { | 2211 | if (rc) { |
2212 | /* protect against do_prlimit() */ | 2212 | /* protect against do_prlimit() */ |
2213 | task_lock(current); | 2213 | task_lock(current); |
2214 | for (i = 0; i < RLIM_NLIMITS; i++) { | 2214 | for (i = 0; i < RLIM_NLIMITS; i++) { |
2215 | rlim = current->signal->rlim + i; | 2215 | rlim = current->signal->rlim + i; |
2216 | initrlim = init_task.signal->rlim + i; | 2216 | initrlim = init_task.signal->rlim + i; |
2217 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | 2217 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); |
2218 | } | 2218 | } |
2219 | task_unlock(current); | 2219 | task_unlock(current); |
2220 | update_rlimit_cpu(current, rlimit(RLIMIT_CPU)); | 2220 | update_rlimit_cpu(current, rlimit(RLIMIT_CPU)); |
2221 | } | 2221 | } |
2222 | } | 2222 | } |
2223 | 2223 | ||
2224 | /* | 2224 | /* |
2225 | * Clean up the process immediately after the installation of new credentials | 2225 | * Clean up the process immediately after the installation of new credentials |
2226 | * due to exec | 2226 | * due to exec |
2227 | */ | 2227 | */ |
2228 | static void selinux_bprm_committed_creds(struct linux_binprm *bprm) | 2228 | static void selinux_bprm_committed_creds(struct linux_binprm *bprm) |
2229 | { | 2229 | { |
2230 | const struct task_security_struct *tsec = current_security(); | 2230 | const struct task_security_struct *tsec = current_security(); |
2231 | struct itimerval itimer; | 2231 | struct itimerval itimer; |
2232 | u32 osid, sid; | 2232 | u32 osid, sid; |
2233 | int rc, i; | 2233 | int rc, i; |
2234 | 2234 | ||
2235 | osid = tsec->osid; | 2235 | osid = tsec->osid; |
2236 | sid = tsec->sid; | 2236 | sid = tsec->sid; |
2237 | 2237 | ||
2238 | if (sid == osid) | 2238 | if (sid == osid) |
2239 | return; | 2239 | return; |
2240 | 2240 | ||
2241 | /* Check whether the new SID can inherit signal state from the old SID. | 2241 | /* Check whether the new SID can inherit signal state from the old SID. |
2242 | * If not, clear itimers to avoid subsequent signal generation and | 2242 | * If not, clear itimers to avoid subsequent signal generation and |
2243 | * flush and unblock signals. | 2243 | * flush and unblock signals. |
2244 | * | 2244 | * |
2245 | * This must occur _after_ the task SID has been updated so that any | 2245 | * This must occur _after_ the task SID has been updated so that any |
2246 | * kill done after the flush will be checked against the new SID. | 2246 | * kill done after the flush will be checked against the new SID. |
2247 | */ | 2247 | */ |
2248 | rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); | 2248 | rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); |
2249 | if (rc) { | 2249 | if (rc) { |
2250 | memset(&itimer, 0, sizeof itimer); | 2250 | memset(&itimer, 0, sizeof itimer); |
2251 | for (i = 0; i < 3; i++) | 2251 | for (i = 0; i < 3; i++) |
2252 | do_setitimer(i, &itimer, NULL); | 2252 | do_setitimer(i, &itimer, NULL); |
2253 | spin_lock_irq(¤t->sighand->siglock); | 2253 | spin_lock_irq(¤t->sighand->siglock); |
2254 | if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) { | 2254 | if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) { |
2255 | __flush_signals(current); | 2255 | __flush_signals(current); |
2256 | flush_signal_handlers(current, 1); | 2256 | flush_signal_handlers(current, 1); |
2257 | sigemptyset(¤t->blocked); | 2257 | sigemptyset(¤t->blocked); |
2258 | } | 2258 | } |
2259 | spin_unlock_irq(¤t->sighand->siglock); | 2259 | spin_unlock_irq(¤t->sighand->siglock); |
2260 | } | 2260 | } |
2261 | 2261 | ||
2262 | /* Wake up the parent if it is waiting so that it can recheck | 2262 | /* Wake up the parent if it is waiting so that it can recheck |
2263 | * wait permission to the new task SID. */ | 2263 | * wait permission to the new task SID. */ |
2264 | read_lock(&tasklist_lock); | 2264 | read_lock(&tasklist_lock); |
2265 | __wake_up_parent(current, current->real_parent); | 2265 | __wake_up_parent(current, current->real_parent); |
2266 | read_unlock(&tasklist_lock); | 2266 | read_unlock(&tasklist_lock); |
2267 | } | 2267 | } |
2268 | 2268 | ||
2269 | /* superblock security operations */ | 2269 | /* superblock security operations */ |
2270 | 2270 | ||
2271 | static int selinux_sb_alloc_security(struct super_block *sb) | 2271 | static int selinux_sb_alloc_security(struct super_block *sb) |
2272 | { | 2272 | { |
2273 | return superblock_alloc_security(sb); | 2273 | return superblock_alloc_security(sb); |
2274 | } | 2274 | } |
2275 | 2275 | ||
2276 | static void selinux_sb_free_security(struct super_block *sb) | 2276 | static void selinux_sb_free_security(struct super_block *sb) |
2277 | { | 2277 | { |
2278 | superblock_free_security(sb); | 2278 | superblock_free_security(sb); |
2279 | } | 2279 | } |
2280 | 2280 | ||
2281 | static inline int match_prefix(char *prefix, int plen, char *option, int olen) | 2281 | static inline int match_prefix(char *prefix, int plen, char *option, int olen) |
2282 | { | 2282 | { |
2283 | if (plen > olen) | 2283 | if (plen > olen) |
2284 | return 0; | 2284 | return 0; |
2285 | 2285 | ||
2286 | return !memcmp(prefix, option, plen); | 2286 | return !memcmp(prefix, option, plen); |
2287 | } | 2287 | } |
2288 | 2288 | ||
2289 | static inline int selinux_option(char *option, int len) | 2289 | static inline int selinux_option(char *option, int len) |
2290 | { | 2290 | { |
2291 | return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) || | 2291 | return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) || |
2292 | match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) || | 2292 | match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) || |
2293 | match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) || | 2293 | match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) || |
2294 | match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) || | 2294 | match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) || |
2295 | match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len)); | 2295 | match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len)); |
2296 | } | 2296 | } |
2297 | 2297 | ||
2298 | static inline void take_option(char **to, char *from, int *first, int len) | 2298 | static inline void take_option(char **to, char *from, int *first, int len) |
2299 | { | 2299 | { |
2300 | if (!*first) { | 2300 | if (!*first) { |
2301 | **to = ','; | 2301 | **to = ','; |
2302 | *to += 1; | 2302 | *to += 1; |
2303 | } else | 2303 | } else |
2304 | *first = 0; | 2304 | *first = 0; |
2305 | memcpy(*to, from, len); | 2305 | memcpy(*to, from, len); |
2306 | *to += len; | 2306 | *to += len; |
2307 | } | 2307 | } |
2308 | 2308 | ||
2309 | static inline void take_selinux_option(char **to, char *from, int *first, | 2309 | static inline void take_selinux_option(char **to, char *from, int *first, |
2310 | int len) | 2310 | int len) |
2311 | { | 2311 | { |
2312 | int current_size = 0; | 2312 | int current_size = 0; |
2313 | 2313 | ||
2314 | if (!*first) { | 2314 | if (!*first) { |
2315 | **to = '|'; | 2315 | **to = '|'; |
2316 | *to += 1; | 2316 | *to += 1; |
2317 | } else | 2317 | } else |
2318 | *first = 0; | 2318 | *first = 0; |
2319 | 2319 | ||
2320 | while (current_size < len) { | 2320 | while (current_size < len) { |
2321 | if (*from != '"') { | 2321 | if (*from != '"') { |
2322 | **to = *from; | 2322 | **to = *from; |
2323 | *to += 1; | 2323 | *to += 1; |
2324 | } | 2324 | } |
2325 | from += 1; | 2325 | from += 1; |
2326 | current_size += 1; | 2326 | current_size += 1; |
2327 | } | 2327 | } |
2328 | } | 2328 | } |
2329 | 2329 | ||
2330 | static int selinux_sb_copy_data(char *orig, char *copy) | 2330 | static int selinux_sb_copy_data(char *orig, char *copy) |
2331 | { | 2331 | { |
2332 | int fnosec, fsec, rc = 0; | 2332 | int fnosec, fsec, rc = 0; |
2333 | char *in_save, *in_curr, *in_end; | 2333 | char *in_save, *in_curr, *in_end; |
2334 | char *sec_curr, *nosec_save, *nosec; | 2334 | char *sec_curr, *nosec_save, *nosec; |
2335 | int open_quote = 0; | 2335 | int open_quote = 0; |
2336 | 2336 | ||
2337 | in_curr = orig; | 2337 | in_curr = orig; |
2338 | sec_curr = copy; | 2338 | sec_curr = copy; |
2339 | 2339 | ||
2340 | nosec = (char *)get_zeroed_page(GFP_KERNEL); | 2340 | nosec = (char *)get_zeroed_page(GFP_KERNEL); |
2341 | if (!nosec) { | 2341 | if (!nosec) { |
2342 | rc = -ENOMEM; | 2342 | rc = -ENOMEM; |
2343 | goto out; | 2343 | goto out; |
2344 | } | 2344 | } |
2345 | 2345 | ||
2346 | nosec_save = nosec; | 2346 | nosec_save = nosec; |
2347 | fnosec = fsec = 1; | 2347 | fnosec = fsec = 1; |
2348 | in_save = in_end = orig; | 2348 | in_save = in_end = orig; |
2349 | 2349 | ||
2350 | do { | 2350 | do { |
2351 | if (*in_end == '"') | 2351 | if (*in_end == '"') |
2352 | open_quote = !open_quote; | 2352 | open_quote = !open_quote; |
2353 | if ((*in_end == ',' && open_quote == 0) || | 2353 | if ((*in_end == ',' && open_quote == 0) || |
2354 | *in_end == '\0') { | 2354 | *in_end == '\0') { |
2355 | int len = in_end - in_curr; | 2355 | int len = in_end - in_curr; |
2356 | 2356 | ||
2357 | if (selinux_option(in_curr, len)) | 2357 | if (selinux_option(in_curr, len)) |
2358 | take_selinux_option(&sec_curr, in_curr, &fsec, len); | 2358 | take_selinux_option(&sec_curr, in_curr, &fsec, len); |
2359 | else | 2359 | else |
2360 | take_option(&nosec, in_curr, &fnosec, len); | 2360 | take_option(&nosec, in_curr, &fnosec, len); |
2361 | 2361 | ||
2362 | in_curr = in_end + 1; | 2362 | in_curr = in_end + 1; |
2363 | } | 2363 | } |
2364 | } while (*in_end++); | 2364 | } while (*in_end++); |
2365 | 2365 | ||
2366 | strcpy(in_save, nosec_save); | 2366 | strcpy(in_save, nosec_save); |
2367 | free_page((unsigned long)nosec_save); | 2367 | free_page((unsigned long)nosec_save); |
2368 | out: | 2368 | out: |
2369 | return rc; | 2369 | return rc; |
2370 | } | 2370 | } |
2371 | 2371 | ||
2372 | static int selinux_sb_remount(struct super_block *sb, void *data) | 2372 | static int selinux_sb_remount(struct super_block *sb, void *data) |
2373 | { | 2373 | { |
2374 | int rc, i, *flags; | 2374 | int rc, i, *flags; |
2375 | struct security_mnt_opts opts; | 2375 | struct security_mnt_opts opts; |
2376 | char *secdata, **mount_options; | 2376 | char *secdata, **mount_options; |
2377 | struct superblock_security_struct *sbsec = sb->s_security; | 2377 | struct superblock_security_struct *sbsec = sb->s_security; |
2378 | 2378 | ||
2379 | if (!(sbsec->flags & SE_SBINITIALIZED)) | 2379 | if (!(sbsec->flags & SE_SBINITIALIZED)) |
2380 | return 0; | 2380 | return 0; |
2381 | 2381 | ||
2382 | if (!data) | 2382 | if (!data) |
2383 | return 0; | 2383 | return 0; |
2384 | 2384 | ||
2385 | if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) | 2385 | if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) |
2386 | return 0; | 2386 | return 0; |
2387 | 2387 | ||
2388 | security_init_mnt_opts(&opts); | 2388 | security_init_mnt_opts(&opts); |
2389 | secdata = alloc_secdata(); | 2389 | secdata = alloc_secdata(); |
2390 | if (!secdata) | 2390 | if (!secdata) |
2391 | return -ENOMEM; | 2391 | return -ENOMEM; |
2392 | rc = selinux_sb_copy_data(data, secdata); | 2392 | rc = selinux_sb_copy_data(data, secdata); |
2393 | if (rc) | 2393 | if (rc) |
2394 | goto out_free_secdata; | 2394 | goto out_free_secdata; |
2395 | 2395 | ||
2396 | rc = selinux_parse_opts_str(secdata, &opts); | 2396 | rc = selinux_parse_opts_str(secdata, &opts); |
2397 | if (rc) | 2397 | if (rc) |
2398 | goto out_free_secdata; | 2398 | goto out_free_secdata; |
2399 | 2399 | ||
2400 | mount_options = opts.mnt_opts; | 2400 | mount_options = opts.mnt_opts; |
2401 | flags = opts.mnt_opts_flags; | 2401 | flags = opts.mnt_opts_flags; |
2402 | 2402 | ||
2403 | for (i = 0; i < opts.num_mnt_opts; i++) { | 2403 | for (i = 0; i < opts.num_mnt_opts; i++) { |
2404 | u32 sid; | 2404 | u32 sid; |
2405 | size_t len; | 2405 | size_t len; |
2406 | 2406 | ||
2407 | if (flags[i] == SE_SBLABELSUPP) | 2407 | if (flags[i] == SE_SBLABELSUPP) |
2408 | continue; | 2408 | continue; |
2409 | len = strlen(mount_options[i]); | 2409 | len = strlen(mount_options[i]); |
2410 | rc = security_context_to_sid(mount_options[i], len, &sid); | 2410 | rc = security_context_to_sid(mount_options[i], len, &sid); |
2411 | if (rc) { | 2411 | if (rc) { |
2412 | printk(KERN_WARNING "SELinux: security_context_to_sid" | 2412 | printk(KERN_WARNING "SELinux: security_context_to_sid" |
2413 | "(%s) failed for (dev %s, type %s) errno=%d\n", | 2413 | "(%s) failed for (dev %s, type %s) errno=%d\n", |
2414 | mount_options[i], sb->s_id, sb->s_type->name, rc); | 2414 | mount_options[i], sb->s_id, sb->s_type->name, rc); |
2415 | goto out_free_opts; | 2415 | goto out_free_opts; |
2416 | } | 2416 | } |
2417 | rc = -EINVAL; | 2417 | rc = -EINVAL; |
2418 | switch (flags[i]) { | 2418 | switch (flags[i]) { |
2419 | case FSCONTEXT_MNT: | 2419 | case FSCONTEXT_MNT: |
2420 | if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid)) | 2420 | if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid)) |
2421 | goto out_bad_option; | 2421 | goto out_bad_option; |
2422 | break; | 2422 | break; |
2423 | case CONTEXT_MNT: | 2423 | case CONTEXT_MNT: |
2424 | if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid)) | 2424 | if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid)) |
2425 | goto out_bad_option; | 2425 | goto out_bad_option; |
2426 | break; | 2426 | break; |
2427 | case ROOTCONTEXT_MNT: { | 2427 | case ROOTCONTEXT_MNT: { |
2428 | struct inode_security_struct *root_isec; | 2428 | struct inode_security_struct *root_isec; |
2429 | root_isec = sb->s_root->d_inode->i_security; | 2429 | root_isec = sb->s_root->d_inode->i_security; |
2430 | 2430 | ||
2431 | if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) | 2431 | if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) |
2432 | goto out_bad_option; | 2432 | goto out_bad_option; |
2433 | break; | 2433 | break; |
2434 | } | 2434 | } |
2435 | case DEFCONTEXT_MNT: | 2435 | case DEFCONTEXT_MNT: |
2436 | if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid)) | 2436 | if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid)) |
2437 | goto out_bad_option; | 2437 | goto out_bad_option; |
2438 | break; | 2438 | break; |
2439 | default: | 2439 | default: |
2440 | goto out_free_opts; | 2440 | goto out_free_opts; |
2441 | } | 2441 | } |
2442 | } | 2442 | } |
2443 | 2443 | ||
2444 | rc = 0; | 2444 | rc = 0; |
2445 | out_free_opts: | 2445 | out_free_opts: |
2446 | security_free_mnt_opts(&opts); | 2446 | security_free_mnt_opts(&opts); |
2447 | out_free_secdata: | 2447 | out_free_secdata: |
2448 | free_secdata(secdata); | 2448 | free_secdata(secdata); |
2449 | return rc; | 2449 | return rc; |
2450 | out_bad_option: | 2450 | out_bad_option: |
2451 | printk(KERN_WARNING "SELinux: unable to change security options " | 2451 | printk(KERN_WARNING "SELinux: unable to change security options " |
2452 | "during remount (dev %s, type=%s)\n", sb->s_id, | 2452 | "during remount (dev %s, type=%s)\n", sb->s_id, |
2453 | sb->s_type->name); | 2453 | sb->s_type->name); |
2454 | goto out_free_opts; | 2454 | goto out_free_opts; |
2455 | } | 2455 | } |
2456 | 2456 | ||
2457 | static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) | 2457 | static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) |
2458 | { | 2458 | { |
2459 | const struct cred *cred = current_cred(); | 2459 | const struct cred *cred = current_cred(); |
2460 | struct common_audit_data ad; | 2460 | struct common_audit_data ad; |
2461 | int rc; | 2461 | int rc; |
2462 | 2462 | ||
2463 | rc = superblock_doinit(sb, data); | 2463 | rc = superblock_doinit(sb, data); |
2464 | if (rc) | 2464 | if (rc) |
2465 | return rc; | 2465 | return rc; |
2466 | 2466 | ||
2467 | /* Allow all mounts performed by the kernel */ | 2467 | /* Allow all mounts performed by the kernel */ |
2468 | if (flags & MS_KERNMOUNT) | 2468 | if (flags & MS_KERNMOUNT) |
2469 | return 0; | 2469 | return 0; |
2470 | 2470 | ||
2471 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 2471 | COMMON_AUDIT_DATA_INIT(&ad, PATH); |
2472 | ad.u.fs.path.dentry = sb->s_root; | 2472 | ad.u.path.dentry = sb->s_root; |
2473 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); | 2473 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); |
2474 | } | 2474 | } |
2475 | 2475 | ||
2476 | static int selinux_sb_statfs(struct dentry *dentry) | 2476 | static int selinux_sb_statfs(struct dentry *dentry) |
2477 | { | 2477 | { |
2478 | const struct cred *cred = current_cred(); | 2478 | const struct cred *cred = current_cred(); |
2479 | struct common_audit_data ad; | 2479 | struct common_audit_data ad; |
2480 | 2480 | ||
2481 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 2481 | COMMON_AUDIT_DATA_INIT(&ad, PATH); |
2482 | ad.u.fs.path.dentry = dentry->d_sb->s_root; | 2482 | ad.u.path.dentry = dentry->d_sb->s_root; |
2483 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); | 2483 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); |
2484 | } | 2484 | } |
2485 | 2485 | ||
2486 | static int selinux_mount(char *dev_name, | 2486 | static int selinux_mount(char *dev_name, |
2487 | struct path *path, | 2487 | struct path *path, |
2488 | char *type, | 2488 | char *type, |
2489 | unsigned long flags, | 2489 | unsigned long flags, |
2490 | void *data) | 2490 | void *data) |
2491 | { | 2491 | { |
2492 | const struct cred *cred = current_cred(); | 2492 | const struct cred *cred = current_cred(); |
2493 | 2493 | ||
2494 | if (flags & MS_REMOUNT) | 2494 | if (flags & MS_REMOUNT) |
2495 | return superblock_has_perm(cred, path->mnt->mnt_sb, | 2495 | return superblock_has_perm(cred, path->mnt->mnt_sb, |
2496 | FILESYSTEM__REMOUNT, NULL); | 2496 | FILESYSTEM__REMOUNT, NULL); |
2497 | else | 2497 | else |
2498 | return dentry_has_perm(cred, path->mnt, path->dentry, | 2498 | return dentry_has_perm(cred, path->mnt, path->dentry, |
2499 | FILE__MOUNTON); | 2499 | FILE__MOUNTON); |
2500 | } | 2500 | } |
2501 | 2501 | ||
2502 | static int selinux_umount(struct vfsmount *mnt, int flags) | 2502 | static int selinux_umount(struct vfsmount *mnt, int flags) |
2503 | { | 2503 | { |
2504 | const struct cred *cred = current_cred(); | 2504 | const struct cred *cred = current_cred(); |
2505 | 2505 | ||
2506 | return superblock_has_perm(cred, mnt->mnt_sb, | 2506 | return superblock_has_perm(cred, mnt->mnt_sb, |
2507 | FILESYSTEM__UNMOUNT, NULL); | 2507 | FILESYSTEM__UNMOUNT, NULL); |
2508 | } | 2508 | } |
2509 | 2509 | ||
2510 | /* inode security operations */ | 2510 | /* inode security operations */ |
2511 | 2511 | ||
2512 | static int selinux_inode_alloc_security(struct inode *inode) | 2512 | static int selinux_inode_alloc_security(struct inode *inode) |
2513 | { | 2513 | { |
2514 | return inode_alloc_security(inode); | 2514 | return inode_alloc_security(inode); |
2515 | } | 2515 | } |
2516 | 2516 | ||
2517 | static void selinux_inode_free_security(struct inode *inode) | 2517 | static void selinux_inode_free_security(struct inode *inode) |
2518 | { | 2518 | { |
2519 | inode_free_security(inode); | 2519 | inode_free_security(inode); |
2520 | } | 2520 | } |
2521 | 2521 | ||
2522 | static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | 2522 | static int selinux_inode_init_security(struct inode *inode, struct inode *dir, |
2523 | const struct qstr *qstr, char **name, | 2523 | const struct qstr *qstr, char **name, |
2524 | void **value, size_t *len) | 2524 | void **value, size_t *len) |
2525 | { | 2525 | { |
2526 | const struct task_security_struct *tsec = current_security(); | 2526 | const struct task_security_struct *tsec = current_security(); |
2527 | struct inode_security_struct *dsec; | 2527 | struct inode_security_struct *dsec; |
2528 | struct superblock_security_struct *sbsec; | 2528 | struct superblock_security_struct *sbsec; |
2529 | u32 sid, newsid, clen; | 2529 | u32 sid, newsid, clen; |
2530 | int rc; | 2530 | int rc; |
2531 | char *namep = NULL, *context; | 2531 | char *namep = NULL, *context; |
2532 | 2532 | ||
2533 | dsec = dir->i_security; | 2533 | dsec = dir->i_security; |
2534 | sbsec = dir->i_sb->s_security; | 2534 | sbsec = dir->i_sb->s_security; |
2535 | 2535 | ||
2536 | sid = tsec->sid; | 2536 | sid = tsec->sid; |
2537 | newsid = tsec->create_sid; | 2537 | newsid = tsec->create_sid; |
2538 | 2538 | ||
2539 | if ((sbsec->flags & SE_SBINITIALIZED) && | 2539 | if ((sbsec->flags & SE_SBINITIALIZED) && |
2540 | (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) | 2540 | (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) |
2541 | newsid = sbsec->mntpoint_sid; | 2541 | newsid = sbsec->mntpoint_sid; |
2542 | else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { | 2542 | else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { |
2543 | rc = security_transition_sid(sid, dsec->sid, | 2543 | rc = security_transition_sid(sid, dsec->sid, |
2544 | inode_mode_to_security_class(inode->i_mode), | 2544 | inode_mode_to_security_class(inode->i_mode), |
2545 | qstr, &newsid); | 2545 | qstr, &newsid); |
2546 | if (rc) { | 2546 | if (rc) { |
2547 | printk(KERN_WARNING "%s: " | 2547 | printk(KERN_WARNING "%s: " |
2548 | "security_transition_sid failed, rc=%d (dev=%s " | 2548 | "security_transition_sid failed, rc=%d (dev=%s " |
2549 | "ino=%ld)\n", | 2549 | "ino=%ld)\n", |
2550 | __func__, | 2550 | __func__, |
2551 | -rc, inode->i_sb->s_id, inode->i_ino); | 2551 | -rc, inode->i_sb->s_id, inode->i_ino); |
2552 | return rc; | 2552 | return rc; |
2553 | } | 2553 | } |
2554 | } | 2554 | } |
2555 | 2555 | ||
2556 | /* Possibly defer initialization to selinux_complete_init. */ | 2556 | /* Possibly defer initialization to selinux_complete_init. */ |
2557 | if (sbsec->flags & SE_SBINITIALIZED) { | 2557 | if (sbsec->flags & SE_SBINITIALIZED) { |
2558 | struct inode_security_struct *isec = inode->i_security; | 2558 | struct inode_security_struct *isec = inode->i_security; |
2559 | isec->sclass = inode_mode_to_security_class(inode->i_mode); | 2559 | isec->sclass = inode_mode_to_security_class(inode->i_mode); |
2560 | isec->sid = newsid; | 2560 | isec->sid = newsid; |
2561 | isec->initialized = 1; | 2561 | isec->initialized = 1; |
2562 | } | 2562 | } |
2563 | 2563 | ||
2564 | if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP)) | 2564 | if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP)) |
2565 | return -EOPNOTSUPP; | 2565 | return -EOPNOTSUPP; |
2566 | 2566 | ||
2567 | if (name) { | 2567 | if (name) { |
2568 | namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS); | 2568 | namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS); |
2569 | if (!namep) | 2569 | if (!namep) |
2570 | return -ENOMEM; | 2570 | return -ENOMEM; |
2571 | *name = namep; | 2571 | *name = namep; |
2572 | } | 2572 | } |
2573 | 2573 | ||
2574 | if (value && len) { | 2574 | if (value && len) { |
2575 | rc = security_sid_to_context_force(newsid, &context, &clen); | 2575 | rc = security_sid_to_context_force(newsid, &context, &clen); |
2576 | if (rc) { | 2576 | if (rc) { |
2577 | kfree(namep); | 2577 | kfree(namep); |
2578 | return rc; | 2578 | return rc; |
2579 | } | 2579 | } |
2580 | *value = context; | 2580 | *value = context; |
2581 | *len = clen; | 2581 | *len = clen; |
2582 | } | 2582 | } |
2583 | 2583 | ||
2584 | return 0; | 2584 | return 0; |
2585 | } | 2585 | } |
2586 | 2586 | ||
2587 | static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask) | 2587 | static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask) |
2588 | { | 2588 | { |
2589 | return may_create(dir, dentry, SECCLASS_FILE); | 2589 | return may_create(dir, dentry, SECCLASS_FILE); |
2590 | } | 2590 | } |
2591 | 2591 | ||
2592 | static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) | 2592 | static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) |
2593 | { | 2593 | { |
2594 | return may_link(dir, old_dentry, MAY_LINK); | 2594 | return may_link(dir, old_dentry, MAY_LINK); |
2595 | } | 2595 | } |
2596 | 2596 | ||
2597 | static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry) | 2597 | static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry) |
2598 | { | 2598 | { |
2599 | return may_link(dir, dentry, MAY_UNLINK); | 2599 | return may_link(dir, dentry, MAY_UNLINK); |
2600 | } | 2600 | } |
2601 | 2601 | ||
2602 | static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name) | 2602 | static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name) |
2603 | { | 2603 | { |
2604 | return may_create(dir, dentry, SECCLASS_LNK_FILE); | 2604 | return may_create(dir, dentry, SECCLASS_LNK_FILE); |
2605 | } | 2605 | } |
2606 | 2606 | ||
2607 | static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) | 2607 | static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) |
2608 | { | 2608 | { |
2609 | return may_create(dir, dentry, SECCLASS_DIR); | 2609 | return may_create(dir, dentry, SECCLASS_DIR); |
2610 | } | 2610 | } |
2611 | 2611 | ||
2612 | static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) | 2612 | static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) |
2613 | { | 2613 | { |
2614 | return may_link(dir, dentry, MAY_RMDIR); | 2614 | return may_link(dir, dentry, MAY_RMDIR); |
2615 | } | 2615 | } |
2616 | 2616 | ||
2617 | static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) | 2617 | static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) |
2618 | { | 2618 | { |
2619 | return may_create(dir, dentry, inode_mode_to_security_class(mode)); | 2619 | return may_create(dir, dentry, inode_mode_to_security_class(mode)); |
2620 | } | 2620 | } |
2621 | 2621 | ||
2622 | static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, | 2622 | static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, |
2623 | struct inode *new_inode, struct dentry *new_dentry) | 2623 | struct inode *new_inode, struct dentry *new_dentry) |
2624 | { | 2624 | { |
2625 | return may_rename(old_inode, old_dentry, new_inode, new_dentry); | 2625 | return may_rename(old_inode, old_dentry, new_inode, new_dentry); |
2626 | } | 2626 | } |
2627 | 2627 | ||
2628 | static int selinux_inode_readlink(struct dentry *dentry) | 2628 | static int selinux_inode_readlink(struct dentry *dentry) |
2629 | { | 2629 | { |
2630 | const struct cred *cred = current_cred(); | 2630 | const struct cred *cred = current_cred(); |
2631 | 2631 | ||
2632 | return dentry_has_perm(cred, NULL, dentry, FILE__READ); | 2632 | return dentry_has_perm(cred, NULL, dentry, FILE__READ); |
2633 | } | 2633 | } |
2634 | 2634 | ||
2635 | static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) | 2635 | static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) |
2636 | { | 2636 | { |
2637 | const struct cred *cred = current_cred(); | 2637 | const struct cred *cred = current_cred(); |
2638 | 2638 | ||
2639 | return dentry_has_perm(cred, NULL, dentry, FILE__READ); | 2639 | return dentry_has_perm(cred, NULL, dentry, FILE__READ); |
2640 | } | 2640 | } |
2641 | 2641 | ||
2642 | static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags) | 2642 | static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags) |
2643 | { | 2643 | { |
2644 | const struct cred *cred = current_cred(); | 2644 | const struct cred *cred = current_cred(); |
2645 | struct common_audit_data ad; | 2645 | struct common_audit_data ad; |
2646 | u32 perms; | 2646 | u32 perms; |
2647 | bool from_access; | 2647 | bool from_access; |
2648 | 2648 | ||
2649 | from_access = mask & MAY_ACCESS; | 2649 | from_access = mask & MAY_ACCESS; |
2650 | mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); | 2650 | mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); |
2651 | 2651 | ||
2652 | /* No permission to check. Existence test. */ | 2652 | /* No permission to check. Existence test. */ |
2653 | if (!mask) | 2653 | if (!mask) |
2654 | return 0; | 2654 | return 0; |
2655 | 2655 | ||
2656 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 2656 | COMMON_AUDIT_DATA_INIT(&ad, INODE); |
2657 | ad.u.fs.inode = inode; | 2657 | ad.u.inode = inode; |
2658 | 2658 | ||
2659 | if (from_access) | 2659 | if (from_access) |
2660 | ad.selinux_audit_data.auditdeny |= FILE__AUDIT_ACCESS; | 2660 | ad.selinux_audit_data.auditdeny |= FILE__AUDIT_ACCESS; |
2661 | 2661 | ||
2662 | perms = file_mask_to_av(inode->i_mode, mask); | 2662 | perms = file_mask_to_av(inode->i_mode, mask); |
2663 | 2663 | ||
2664 | return inode_has_perm(cred, inode, perms, &ad, flags); | 2664 | return inode_has_perm(cred, inode, perms, &ad, flags); |
2665 | } | 2665 | } |
2666 | 2666 | ||
2667 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | 2667 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) |
2668 | { | 2668 | { |
2669 | const struct cred *cred = current_cred(); | 2669 | const struct cred *cred = current_cred(); |
2670 | unsigned int ia_valid = iattr->ia_valid; | 2670 | unsigned int ia_valid = iattr->ia_valid; |
2671 | 2671 | ||
2672 | /* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */ | 2672 | /* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */ |
2673 | if (ia_valid & ATTR_FORCE) { | 2673 | if (ia_valid & ATTR_FORCE) { |
2674 | ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE | | 2674 | ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE | |
2675 | ATTR_FORCE); | 2675 | ATTR_FORCE); |
2676 | if (!ia_valid) | 2676 | if (!ia_valid) |
2677 | return 0; | 2677 | return 0; |
2678 | } | 2678 | } |
2679 | 2679 | ||
2680 | if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | | 2680 | if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | |
2681 | ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) | 2681 | ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) |
2682 | return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); | 2682 | return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); |
2683 | 2683 | ||
2684 | return dentry_has_perm(cred, NULL, dentry, FILE__WRITE); | 2684 | return dentry_has_perm(cred, NULL, dentry, FILE__WRITE); |
2685 | } | 2685 | } |
2686 | 2686 | ||
2687 | static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 2687 | static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
2688 | { | 2688 | { |
2689 | const struct cred *cred = current_cred(); | 2689 | const struct cred *cred = current_cred(); |
2690 | 2690 | ||
2691 | return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR); | 2691 | return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR); |
2692 | } | 2692 | } |
2693 | 2693 | ||
2694 | static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) | 2694 | static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) |
2695 | { | 2695 | { |
2696 | const struct cred *cred = current_cred(); | 2696 | const struct cred *cred = current_cred(); |
2697 | 2697 | ||
2698 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | 2698 | if (!strncmp(name, XATTR_SECURITY_PREFIX, |
2699 | sizeof XATTR_SECURITY_PREFIX - 1)) { | 2699 | sizeof XATTR_SECURITY_PREFIX - 1)) { |
2700 | if (!strcmp(name, XATTR_NAME_CAPS)) { | 2700 | if (!strcmp(name, XATTR_NAME_CAPS)) { |
2701 | if (!capable(CAP_SETFCAP)) | 2701 | if (!capable(CAP_SETFCAP)) |
2702 | return -EPERM; | 2702 | return -EPERM; |
2703 | } else if (!capable(CAP_SYS_ADMIN)) { | 2703 | } else if (!capable(CAP_SYS_ADMIN)) { |
2704 | /* A different attribute in the security namespace. | 2704 | /* A different attribute in the security namespace. |
2705 | Restrict to administrator. */ | 2705 | Restrict to administrator. */ |
2706 | return -EPERM; | 2706 | return -EPERM; |
2707 | } | 2707 | } |
2708 | } | 2708 | } |
2709 | 2709 | ||
2710 | /* Not an attribute we recognize, so just check the | 2710 | /* Not an attribute we recognize, so just check the |
2711 | ordinary setattr permission. */ | 2711 | ordinary setattr permission. */ |
2712 | return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); | 2712 | return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); |
2713 | } | 2713 | } |
2714 | 2714 | ||
2715 | static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | 2715 | static int selinux_inode_setxattr(struct dentry *dentry, const char *name, |
2716 | const void *value, size_t size, int flags) | 2716 | const void *value, size_t size, int flags) |
2717 | { | 2717 | { |
2718 | struct inode *inode = dentry->d_inode; | 2718 | struct inode *inode = dentry->d_inode; |
2719 | struct inode_security_struct *isec = inode->i_security; | 2719 | struct inode_security_struct *isec = inode->i_security; |
2720 | struct superblock_security_struct *sbsec; | 2720 | struct superblock_security_struct *sbsec; |
2721 | struct common_audit_data ad; | 2721 | struct common_audit_data ad; |
2722 | u32 newsid, sid = current_sid(); | 2722 | u32 newsid, sid = current_sid(); |
2723 | int rc = 0; | 2723 | int rc = 0; |
2724 | 2724 | ||
2725 | if (strcmp(name, XATTR_NAME_SELINUX)) | 2725 | if (strcmp(name, XATTR_NAME_SELINUX)) |
2726 | return selinux_inode_setotherxattr(dentry, name); | 2726 | return selinux_inode_setotherxattr(dentry, name); |
2727 | 2727 | ||
2728 | sbsec = inode->i_sb->s_security; | 2728 | sbsec = inode->i_sb->s_security; |
2729 | if (!(sbsec->flags & SE_SBLABELSUPP)) | 2729 | if (!(sbsec->flags & SE_SBLABELSUPP)) |
2730 | return -EOPNOTSUPP; | 2730 | return -EOPNOTSUPP; |
2731 | 2731 | ||
2732 | if (!is_owner_or_cap(inode)) | 2732 | if (!is_owner_or_cap(inode)) |
2733 | return -EPERM; | 2733 | return -EPERM; |
2734 | 2734 | ||
2735 | COMMON_AUDIT_DATA_INIT(&ad, FS); | 2735 | COMMON_AUDIT_DATA_INIT(&ad, PATH); |
2736 | ad.u.fs.path.dentry = dentry; | 2736 | ad.u.path.dentry = dentry; |
2737 | 2737 | ||
2738 | rc = avc_has_perm(sid, isec->sid, isec->sclass, | 2738 | rc = avc_has_perm(sid, isec->sid, isec->sclass, |
2739 | FILE__RELABELFROM, &ad); | 2739 | FILE__RELABELFROM, &ad); |
2740 | if (rc) | 2740 | if (rc) |
2741 | return rc; | 2741 | return rc; |
2742 | 2742 | ||
2743 | rc = security_context_to_sid(value, size, &newsid); | 2743 | rc = security_context_to_sid(value, size, &newsid); |
2744 | if (rc == -EINVAL) { | 2744 | if (rc == -EINVAL) { |
2745 | if (!capable(CAP_MAC_ADMIN)) | 2745 | if (!capable(CAP_MAC_ADMIN)) |
2746 | return rc; | 2746 | return rc; |
2747 | rc = security_context_to_sid_force(value, size, &newsid); | 2747 | rc = security_context_to_sid_force(value, size, &newsid); |
2748 | } | 2748 | } |
2749 | if (rc) | 2749 | if (rc) |
2750 | return rc; | 2750 | return rc; |
2751 | 2751 | ||
2752 | rc = avc_has_perm(sid, newsid, isec->sclass, | 2752 | rc = avc_has_perm(sid, newsid, isec->sclass, |
2753 | FILE__RELABELTO, &ad); | 2753 | FILE__RELABELTO, &ad); |
2754 | if (rc) | 2754 | if (rc) |
2755 | return rc; | 2755 | return rc; |
2756 | 2756 | ||
2757 | rc = security_validate_transition(isec->sid, newsid, sid, | 2757 | rc = security_validate_transition(isec->sid, newsid, sid, |
2758 | isec->sclass); | 2758 | isec->sclass); |
2759 | if (rc) | 2759 | if (rc) |
2760 | return rc; | 2760 | return rc; |
2761 | 2761 | ||
2762 | return avc_has_perm(newsid, | 2762 | return avc_has_perm(newsid, |
2763 | sbsec->sid, | 2763 | sbsec->sid, |
2764 | SECCLASS_FILESYSTEM, | 2764 | SECCLASS_FILESYSTEM, |
2765 | FILESYSTEM__ASSOCIATE, | 2765 | FILESYSTEM__ASSOCIATE, |
2766 | &ad); | 2766 | &ad); |
2767 | } | 2767 | } |
2768 | 2768 | ||
2769 | static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, | 2769 | static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, |
2770 | const void *value, size_t size, | 2770 | const void *value, size_t size, |
2771 | int flags) | 2771 | int flags) |
2772 | { | 2772 | { |
2773 | struct inode *inode = dentry->d_inode; | 2773 | struct inode *inode = dentry->d_inode; |
2774 | struct inode_security_struct *isec = inode->i_security; | 2774 | struct inode_security_struct *isec = inode->i_security; |
2775 | u32 newsid; | 2775 | u32 newsid; |
2776 | int rc; | 2776 | int rc; |
2777 | 2777 | ||
2778 | if (strcmp(name, XATTR_NAME_SELINUX)) { | 2778 | if (strcmp(name, XATTR_NAME_SELINUX)) { |
2779 | /* Not an attribute we recognize, so nothing to do. */ | 2779 | /* Not an attribute we recognize, so nothing to do. */ |
2780 | return; | 2780 | return; |
2781 | } | 2781 | } |
2782 | 2782 | ||
2783 | rc = security_context_to_sid_force(value, size, &newsid); | 2783 | rc = security_context_to_sid_force(value, size, &newsid); |
2784 | if (rc) { | 2784 | if (rc) { |
2785 | printk(KERN_ERR "SELinux: unable to map context to SID" | 2785 | printk(KERN_ERR "SELinux: unable to map context to SID" |
2786 | "for (%s, %lu), rc=%d\n", | 2786 | "for (%s, %lu), rc=%d\n", |
2787 | inode->i_sb->s_id, inode->i_ino, -rc); | 2787 | inode->i_sb->s_id, inode->i_ino, -rc); |
2788 | return; | 2788 | return; |
2789 | } | 2789 | } |
2790 | 2790 | ||
2791 | isec->sid = newsid; | 2791 | isec->sid = newsid; |
2792 | return; | 2792 | return; |
2793 | } | 2793 | } |
2794 | 2794 | ||
2795 | static int selinux_inode_getxattr(struct dentry *dentry, const char *name) | 2795 | static int selinux_inode_getxattr(struct dentry *dentry, const char *name) |
2796 | { | 2796 | { |
2797 | const struct cred *cred = current_cred(); | 2797 | const struct cred *cred = current_cred(); |
2798 | 2798 | ||
2799 | return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); | 2799 | return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); |
2800 | } | 2800 | } |
2801 | 2801 | ||
2802 | static int selinux_inode_listxattr(struct dentry *dentry) | 2802 | static int selinux_inode_listxattr(struct dentry *dentry) |
2803 | { | 2803 | { |
2804 | const struct cred *cred = current_cred(); | 2804 | const struct cred *cred = current_cred(); |
2805 | 2805 | ||
2806 | return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); | 2806 | return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); |
2807 | } | 2807 | } |
2808 | 2808 | ||
2809 | static int selinux_inode_removexattr(struct dentry *dentry, const char *name) | 2809 | static int selinux_inode_removexattr(struct dentry *dentry, const char *name) |
2810 | { | 2810 | { |
2811 | if (strcmp(name, XATTR_NAME_SELINUX)) | 2811 | if (strcmp(name, XATTR_NAME_SELINUX)) |
2812 | return selinux_inode_setotherxattr(dentry, name); | 2812 | return selinux_inode_setotherxattr(dentry, name); |
2813 | 2813 | ||
2814 | /* No one is allowed to remove a SELinux security label. | 2814 | /* No one is allowed to remove a SELinux security label. |
2815 | You can change the label, but all data must be labeled. */ | 2815 | You can change the label, but all data must be labeled. */ |
2816 | return -EACCES; | 2816 | return -EACCES; |
2817 | } | 2817 | } |
2818 | 2818 | ||
2819 | /* | 2819 | /* |
2820 | * Copy the inode security context value to the user. | 2820 | * Copy the inode security context value to the user. |
2821 | * | 2821 | * |
2822 | * Permission check is handled by selinux_inode_getxattr hook. | 2822 | * Permission check is handled by selinux_inode_getxattr hook. |
2823 | */ | 2823 | */ |
2824 | static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) | 2824 | static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) |
2825 | { | 2825 | { |
2826 | u32 size; | 2826 | u32 size; |
2827 | int error; | 2827 | int error; |
2828 | char *context = NULL; | 2828 | char *context = NULL; |
2829 | struct inode_security_struct *isec = inode->i_security; | 2829 | struct inode_security_struct *isec = inode->i_security; |
2830 | 2830 | ||
2831 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) | 2831 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) |
2832 | return -EOPNOTSUPP; | 2832 | return -EOPNOTSUPP; |
2833 | 2833 | ||
2834 | /* | 2834 | /* |
2835 | * If the caller has CAP_MAC_ADMIN, then get the raw context | 2835 | * If the caller has CAP_MAC_ADMIN, then get the raw context |
2836 | * value even if it is not defined by current policy; otherwise, | 2836 | * value even if it is not defined by current policy; otherwise, |
2837 | * use the in-core value under current policy. | 2837 | * use the in-core value under current policy. |
2838 | * Use the non-auditing forms of the permission checks since | 2838 | * Use the non-auditing forms of the permission checks since |
2839 | * getxattr may be called by unprivileged processes commonly | 2839 | * getxattr may be called by unprivileged processes commonly |
2840 | * and lack of permission just means that we fall back to the | 2840 | * and lack of permission just means that we fall back to the |
2841 | * in-core context value, not a denial. | 2841 | * in-core context value, not a denial. |
2842 | */ | 2842 | */ |
2843 | error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN, | 2843 | error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN, |
2844 | SECURITY_CAP_NOAUDIT); | 2844 | SECURITY_CAP_NOAUDIT); |
2845 | if (!error) | 2845 | if (!error) |
2846 | error = security_sid_to_context_force(isec->sid, &context, | 2846 | error = security_sid_to_context_force(isec->sid, &context, |
2847 | &size); | 2847 | &size); |
2848 | else | 2848 | else |
2849 | error = security_sid_to_context(isec->sid, &context, &size); | 2849 | error = security_sid_to_context(isec->sid, &context, &size); |
2850 | if (error) | 2850 | if (error) |
2851 | return error; | 2851 | return error; |
2852 | error = size; | 2852 | error = size; |
2853 | if (alloc) { | 2853 | if (alloc) { |
2854 | *buffer = context; | 2854 | *buffer = context; |
2855 | goto out_nofree; | 2855 | goto out_nofree; |
2856 | } | 2856 | } |
2857 | kfree(context); | 2857 | kfree(context); |
2858 | out_nofree: | 2858 | out_nofree: |
2859 | return error; | 2859 | return error; |
2860 | } | 2860 | } |
2861 | 2861 | ||
2862 | static int selinux_inode_setsecurity(struct inode *inode, const char *name, | 2862 | static int selinux_inode_setsecurity(struct inode *inode, const char *name, |
2863 | const void *value, size_t size, int flags) | 2863 | const void *value, size_t size, int flags) |
2864 | { | 2864 | { |
2865 | struct inode_security_struct *isec = inode->i_security; | 2865 | struct inode_security_struct *isec = inode->i_security; |
2866 | u32 newsid; | 2866 | u32 newsid; |
2867 | int rc; | 2867 | int rc; |
2868 | 2868 | ||
2869 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) | 2869 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) |
2870 | return -EOPNOTSUPP; | 2870 | return -EOPNOTSUPP; |
2871 | 2871 | ||
2872 | if (!value || !size) | 2872 | if (!value || !size) |
2873 | return -EACCES; | 2873 | return -EACCES; |
2874 | 2874 | ||
2875 | rc = security_context_to_sid((void *)value, size, &newsid); | 2875 | rc = security_context_to_sid((void *)value, size, &newsid); |
2876 | if (rc) | 2876 | if (rc) |
2877 | return rc; | 2877 | return rc; |
2878 | 2878 | ||
2879 | isec->sid = newsid; | 2879 | isec->sid = newsid; |
2880 | isec->initialized = 1; | 2880 | isec->initialized = 1; |
2881 | return 0; | 2881 | return 0; |
2882 | } | 2882 | } |
2883 | 2883 | ||
2884 | static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) | 2884 | static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) |
2885 | { | 2885 | { |
2886 | const int len = sizeof(XATTR_NAME_SELINUX); | 2886 | const int len = sizeof(XATTR_NAME_SELINUX); |
2887 | if (buffer && len <= buffer_size) | 2887 | if (buffer && len <= buffer_size) |
2888 | memcpy(buffer, XATTR_NAME_SELINUX, len); | 2888 | memcpy(buffer, XATTR_NAME_SELINUX, len); |
2889 | return len; | 2889 | return len; |
2890 | } | 2890 | } |
2891 | 2891 | ||
2892 | static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) | 2892 | static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) |
2893 | { | 2893 | { |
2894 | struct inode_security_struct *isec = inode->i_security; | 2894 | struct inode_security_struct *isec = inode->i_security; |
2895 | *secid = isec->sid; | 2895 | *secid = isec->sid; |
2896 | } | 2896 | } |
2897 | 2897 | ||
2898 | /* file security operations */ | 2898 | /* file security operations */ |
2899 | 2899 | ||
2900 | static int selinux_revalidate_file_permission(struct file *file, int mask) | 2900 | static int selinux_revalidate_file_permission(struct file *file, int mask) |
2901 | { | 2901 | { |
2902 | const struct cred *cred = current_cred(); | 2902 | const struct cred *cred = current_cred(); |
2903 | struct inode *inode = file->f_path.dentry->d_inode; | 2903 | struct inode *inode = file->f_path.dentry->d_inode; |
2904 | 2904 | ||
2905 | /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ | 2905 | /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ |
2906 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) | 2906 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) |
2907 | mask |= MAY_APPEND; | 2907 | mask |= MAY_APPEND; |
2908 | 2908 | ||
2909 | return file_has_perm(cred, file, | 2909 | return file_has_perm(cred, file, |
2910 | file_mask_to_av(inode->i_mode, mask)); | 2910 | file_mask_to_av(inode->i_mode, mask)); |
2911 | } | 2911 | } |
2912 | 2912 | ||
2913 | static int selinux_file_permission(struct file *file, int mask) | 2913 | static int selinux_file_permission(struct file *file, int mask) |
2914 | { | 2914 | { |
2915 | struct inode *inode = file->f_path.dentry->d_inode; | 2915 | struct inode *inode = file->f_path.dentry->d_inode; |
2916 | struct file_security_struct *fsec = file->f_security; | 2916 | struct file_security_struct *fsec = file->f_security; |
2917 | struct inode_security_struct *isec = inode->i_security; | 2917 | struct inode_security_struct *isec = inode->i_security; |
2918 | u32 sid = current_sid(); | 2918 | u32 sid = current_sid(); |
2919 | 2919 | ||
2920 | if (!mask) | 2920 | if (!mask) |
2921 | /* No permission to check. Existence test. */ | 2921 | /* No permission to check. Existence test. */ |
2922 | return 0; | 2922 | return 0; |
2923 | 2923 | ||
2924 | if (sid == fsec->sid && fsec->isid == isec->sid && | 2924 | if (sid == fsec->sid && fsec->isid == isec->sid && |
2925 | fsec->pseqno == avc_policy_seqno()) | 2925 | fsec->pseqno == avc_policy_seqno()) |
2926 | /* No change since dentry_open check. */ | 2926 | /* No change since dentry_open check. */ |
2927 | return 0; | 2927 | return 0; |
2928 | 2928 | ||
2929 | return selinux_revalidate_file_permission(file, mask); | 2929 | return selinux_revalidate_file_permission(file, mask); |
2930 | } | 2930 | } |
2931 | 2931 | ||
2932 | static int selinux_file_alloc_security(struct file *file) | 2932 | static int selinux_file_alloc_security(struct file *file) |
2933 | { | 2933 | { |
2934 | return file_alloc_security(file); | 2934 | return file_alloc_security(file); |
2935 | } | 2935 | } |
2936 | 2936 | ||
2937 | static void selinux_file_free_security(struct file *file) | 2937 | static void selinux_file_free_security(struct file *file) |
2938 | { | 2938 | { |
2939 | file_free_security(file); | 2939 | file_free_security(file); |
2940 | } | 2940 | } |
2941 | 2941 | ||
2942 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, | 2942 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, |
2943 | unsigned long arg) | 2943 | unsigned long arg) |
2944 | { | 2944 | { |
2945 | const struct cred *cred = current_cred(); | 2945 | const struct cred *cred = current_cred(); |
2946 | int error = 0; | 2946 | int error = 0; |
2947 | 2947 | ||
2948 | switch (cmd) { | 2948 | switch (cmd) { |
2949 | case FIONREAD: | 2949 | case FIONREAD: |
2950 | /* fall through */ | 2950 | /* fall through */ |
2951 | case FIBMAP: | 2951 | case FIBMAP: |
2952 | /* fall through */ | 2952 | /* fall through */ |
2953 | case FIGETBSZ: | 2953 | case FIGETBSZ: |
2954 | /* fall through */ | 2954 | /* fall through */ |
2955 | case EXT2_IOC_GETFLAGS: | 2955 | case EXT2_IOC_GETFLAGS: |
2956 | /* fall through */ | 2956 | /* fall through */ |
2957 | case EXT2_IOC_GETVERSION: | 2957 | case EXT2_IOC_GETVERSION: |
2958 | error = file_has_perm(cred, file, FILE__GETATTR); | 2958 | error = file_has_perm(cred, file, FILE__GETATTR); |
2959 | break; | 2959 | break; |
2960 | 2960 | ||
2961 | case EXT2_IOC_SETFLAGS: | 2961 | case EXT2_IOC_SETFLAGS: |
2962 | /* fall through */ | 2962 | /* fall through */ |
2963 | case EXT2_IOC_SETVERSION: | 2963 | case EXT2_IOC_SETVERSION: |
2964 | error = file_has_perm(cred, file, FILE__SETATTR); | 2964 | error = file_has_perm(cred, file, FILE__SETATTR); |
2965 | break; | 2965 | break; |
2966 | 2966 | ||
2967 | /* sys_ioctl() checks */ | 2967 | /* sys_ioctl() checks */ |
2968 | case FIONBIO: | 2968 | case FIONBIO: |
2969 | /* fall through */ | 2969 | /* fall through */ |
2970 | case FIOASYNC: | 2970 | case FIOASYNC: |
2971 | error = file_has_perm(cred, file, 0); | 2971 | error = file_has_perm(cred, file, 0); |
2972 | break; | 2972 | break; |
2973 | 2973 | ||
2974 | case KDSKBENT: | 2974 | case KDSKBENT: |
2975 | case KDSKBSENT: | 2975 | case KDSKBSENT: |
2976 | error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG, | 2976 | error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG, |
2977 | SECURITY_CAP_AUDIT); | 2977 | SECURITY_CAP_AUDIT); |
2978 | break; | 2978 | break; |
2979 | 2979 | ||
2980 | /* default case assumes that the command will go | 2980 | /* default case assumes that the command will go |
2981 | * to the file's ioctl() function. | 2981 | * to the file's ioctl() function. |
2982 | */ | 2982 | */ |
2983 | default: | 2983 | default: |
2984 | error = file_has_perm(cred, file, FILE__IOCTL); | 2984 | error = file_has_perm(cred, file, FILE__IOCTL); |
2985 | } | 2985 | } |
2986 | return error; | 2986 | return error; |
2987 | } | 2987 | } |
2988 | 2988 | ||
2989 | static int default_noexec; | 2989 | static int default_noexec; |
2990 | 2990 | ||
2991 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) | 2991 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) |
2992 | { | 2992 | { |
2993 | const struct cred *cred = current_cred(); | 2993 | const struct cred *cred = current_cred(); |
2994 | int rc = 0; | 2994 | int rc = 0; |
2995 | 2995 | ||
2996 | if (default_noexec && | 2996 | if (default_noexec && |
2997 | (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { | 2997 | (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { |
2998 | /* | 2998 | /* |
2999 | * We are making executable an anonymous mapping or a | 2999 | * We are making executable an anonymous mapping or a |
3000 | * private file mapping that will also be writable. | 3000 | * private file mapping that will also be writable. |
3001 | * This has an additional check. | 3001 | * This has an additional check. |
3002 | */ | 3002 | */ |
3003 | rc = cred_has_perm(cred, cred, PROCESS__EXECMEM); | 3003 | rc = cred_has_perm(cred, cred, PROCESS__EXECMEM); |
3004 | if (rc) | 3004 | if (rc) |
3005 | goto error; | 3005 | goto error; |
3006 | } | 3006 | } |
3007 | 3007 | ||
3008 | if (file) { | 3008 | if (file) { |
3009 | /* read access is always possible with a mapping */ | 3009 | /* read access is always possible with a mapping */ |
3010 | u32 av = FILE__READ; | 3010 | u32 av = FILE__READ; |
3011 | 3011 | ||
3012 | /* write access only matters if the mapping is shared */ | 3012 | /* write access only matters if the mapping is shared */ |
3013 | if (shared && (prot & PROT_WRITE)) | 3013 | if (shared && (prot & PROT_WRITE)) |
3014 | av |= FILE__WRITE; | 3014 | av |= FILE__WRITE; |
3015 | 3015 | ||
3016 | if (prot & PROT_EXEC) | 3016 | if (prot & PROT_EXEC) |
3017 | av |= FILE__EXECUTE; | 3017 | av |= FILE__EXECUTE; |
3018 | 3018 | ||
3019 | return file_has_perm(cred, file, av); | 3019 | return file_has_perm(cred, file, av); |
3020 | } | 3020 | } |
3021 | 3021 | ||
3022 | error: | 3022 | error: |
3023 | return rc; | 3023 | return rc; |
3024 | } | 3024 | } |
3025 | 3025 | ||
3026 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, | 3026 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, |
3027 | unsigned long prot, unsigned long flags, | 3027 | unsigned long prot, unsigned long flags, |
3028 | unsigned long addr, unsigned long addr_only) | 3028 | unsigned long addr, unsigned long addr_only) |
3029 | { | 3029 | { |
3030 | int rc = 0; | 3030 | int rc = 0; |
3031 | u32 sid = current_sid(); | 3031 | u32 sid = current_sid(); |
3032 | 3032 | ||
3033 | /* | 3033 | /* |
3034 | * notice that we are intentionally putting the SELinux check before | 3034 | * notice that we are intentionally putting the SELinux check before |
3035 | * the secondary cap_file_mmap check. This is such a likely attempt | 3035 | * the secondary cap_file_mmap check. This is such a likely attempt |
3036 | * at bad behaviour/exploit that we always want to get the AVC, even | 3036 | * at bad behaviour/exploit that we always want to get the AVC, even |
3037 | * if DAC would have also denied the operation. | 3037 | * if DAC would have also denied the operation. |
3038 | */ | 3038 | */ |
3039 | if (addr < CONFIG_LSM_MMAP_MIN_ADDR) { | 3039 | if (addr < CONFIG_LSM_MMAP_MIN_ADDR) { |
3040 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, | 3040 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, |
3041 | MEMPROTECT__MMAP_ZERO, NULL); | 3041 | MEMPROTECT__MMAP_ZERO, NULL); |
3042 | if (rc) | 3042 | if (rc) |
3043 | return rc; | 3043 | return rc; |
3044 | } | 3044 | } |
3045 | 3045 | ||
3046 | /* do DAC check on address space usage */ | 3046 | /* do DAC check on address space usage */ |
3047 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | 3047 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); |
3048 | if (rc || addr_only) | 3048 | if (rc || addr_only) |
3049 | return rc; | 3049 | return rc; |
3050 | 3050 | ||
3051 | if (selinux_checkreqprot) | 3051 | if (selinux_checkreqprot) |
3052 | prot = reqprot; | 3052 | prot = reqprot; |
3053 | 3053 | ||
3054 | return file_map_prot_check(file, prot, | 3054 | return file_map_prot_check(file, prot, |
3055 | (flags & MAP_TYPE) == MAP_SHARED); | 3055 | (flags & MAP_TYPE) == MAP_SHARED); |
3056 | } | 3056 | } |
3057 | 3057 | ||
3058 | static int selinux_file_mprotect(struct vm_area_struct *vma, | 3058 | static int selinux_file_mprotect(struct vm_area_struct *vma, |
3059 | unsigned long reqprot, | 3059 | unsigned long reqprot, |
3060 | unsigned long prot) | 3060 | unsigned long prot) |
3061 | { | 3061 | { |
3062 | const struct cred *cred = current_cred(); | 3062 | const struct cred *cred = current_cred(); |
3063 | 3063 | ||
3064 | if (selinux_checkreqprot) | 3064 | if (selinux_checkreqprot) |
3065 | prot = reqprot; | 3065 | prot = reqprot; |
3066 | 3066 | ||
3067 | if (default_noexec && | 3067 | if (default_noexec && |
3068 | (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { | 3068 | (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { |
3069 | int rc = 0; | 3069 | int rc = 0; |
3070 | if (vma->vm_start >= vma->vm_mm->start_brk && | 3070 | if (vma->vm_start >= vma->vm_mm->start_brk && |
3071 | vma->vm_end <= vma->vm_mm->brk) { | 3071 | vma->vm_end <= vma->vm_mm->brk) { |
3072 | rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP); | 3072 | rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP); |
3073 | } else if (!vma->vm_file && | 3073 | } else if (!vma->vm_file && |
3074 | vma->vm_start <= vma->vm_mm->start_stack && | 3074 | vma->vm_start <= vma->vm_mm->start_stack && |
3075 | vma->vm_end >= vma->vm_mm->start_stack) { | 3075 | vma->vm_end >= vma->vm_mm->start_stack) { |
3076 | rc = current_has_perm(current, PROCESS__EXECSTACK); | 3076 | rc = current_has_perm(current, PROCESS__EXECSTACK); |
3077 | } else if (vma->vm_file && vma->anon_vma) { | 3077 | } else if (vma->vm_file && vma->anon_vma) { |
3078 | /* | 3078 | /* |
3079 | * We are making executable a file mapping that has | 3079 | * We are making executable a file mapping that has |
3080 | * had some COW done. Since pages might have been | 3080 | * had some COW done. Since pages might have been |
3081 | * written, check ability to execute the possibly | 3081 | * written, check ability to execute the possibly |
3082 | * modified content. This typically should only | 3082 | * modified content. This typically should only |
3083 | * occur for text relocations. | 3083 | * occur for text relocations. |
3084 | */ | 3084 | */ |
3085 | rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD); | 3085 | rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD); |
3086 | } | 3086 | } |
3087 | if (rc) | 3087 | if (rc) |
3088 | return rc; | 3088 | return rc; |
3089 | } | 3089 | } |
3090 | 3090 | ||
3091 | return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); | 3091 | return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); |
3092 | } | 3092 | } |
3093 | 3093 | ||
3094 | static int selinux_file_lock(struct file *file, unsigned int cmd) | 3094 | static int selinux_file_lock(struct file *file, unsigned int cmd) |
3095 | { | 3095 | { |
3096 | const struct cred *cred = current_cred(); | 3096 | const struct cred *cred = current_cred(); |
3097 | 3097 | ||
3098 | return file_has_perm(cred, file, FILE__LOCK); | 3098 | return file_has_perm(cred, file, FILE__LOCK); |
3099 | } | 3099 | } |
3100 | 3100 | ||
3101 | static int selinux_file_fcntl(struct file *file, unsigned int cmd, | 3101 | static int selinux_file_fcntl(struct file *file, unsigned int cmd, |
3102 | unsigned long arg) | 3102 | unsigned long arg) |
3103 | { | 3103 | { |
3104 | const struct cred *cred = current_cred(); | 3104 | const struct cred *cred = current_cred(); |
3105 | int err = 0; | 3105 | int err = 0; |
3106 | 3106 | ||
3107 | switch (cmd) { | 3107 | switch (cmd) { |
3108 | case F_SETFL: | 3108 | case F_SETFL: |
3109 | if (!file->f_path.dentry || !file->f_path.dentry->d_inode) { | 3109 | if (!file->f_path.dentry || !file->f_path.dentry->d_inode) { |
3110 | err = -EINVAL; | 3110 | err = -EINVAL; |
3111 | break; | 3111 | break; |
3112 | } | 3112 | } |
3113 | 3113 | ||
3114 | if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { | 3114 | if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { |
3115 | err = file_has_perm(cred, file, FILE__WRITE); | 3115 | err = file_has_perm(cred, file, FILE__WRITE); |
3116 | break; | 3116 | break; |
3117 | } | 3117 | } |
3118 | /* fall through */ | 3118 | /* fall through */ |
3119 | case F_SETOWN: | 3119 | case F_SETOWN: |
3120 | case F_SETSIG: | 3120 | case F_SETSIG: |
3121 | case F_GETFL: | 3121 | case F_GETFL: |
3122 | case F_GETOWN: | 3122 | case F_GETOWN: |
3123 | case F_GETSIG: | 3123 | case F_GETSIG: |
3124 | /* Just check FD__USE permission */ | 3124 | /* Just check FD__USE permission */ |
3125 | err = file_has_perm(cred, file, 0); | 3125 | err = file_has_perm(cred, file, 0); |
3126 | break; | 3126 | break; |
3127 | case F_GETLK: | 3127 | case F_GETLK: |
3128 | case F_SETLK: | 3128 | case F_SETLK: |
3129 | case F_SETLKW: | 3129 | case F_SETLKW: |
3130 | #if BITS_PER_LONG == 32 | 3130 | #if BITS_PER_LONG == 32 |
3131 | case F_GETLK64: | 3131 | case F_GETLK64: |
3132 | case F_SETLK64: | 3132 | case F_SETLK64: |
3133 | case F_SETLKW64: | 3133 | case F_SETLKW64: |
3134 | #endif | 3134 | #endif |
3135 | if (!file->f_path.dentry || !file->f_path.dentry->d_inode) { | 3135 | if (!file->f_path.dentry || !file->f_path.dentry->d_inode) { |
3136 | err = -EINVAL; | 3136 | err = -EINVAL; |
3137 | break; | 3137 | break; |
3138 | } | 3138 | } |
3139 | err = file_has_perm(cred, file, FILE__LOCK); | 3139 | err = file_has_perm(cred, file, FILE__LOCK); |
3140 | break; | 3140 | break; |
3141 | } | 3141 | } |
3142 | 3142 | ||
3143 | return err; | 3143 | return err; |
3144 | } | 3144 | } |
3145 | 3145 | ||
3146 | static int selinux_file_set_fowner(struct file *file) | 3146 | static int selinux_file_set_fowner(struct file *file) |
3147 | { | 3147 | { |
3148 | struct file_security_struct *fsec; | 3148 | struct file_security_struct *fsec; |
3149 | 3149 | ||
3150 | fsec = file->f_security; | 3150 | fsec = file->f_security; |
3151 | fsec->fown_sid = current_sid(); | 3151 | fsec->fown_sid = current_sid(); |
3152 | 3152 | ||
3153 | return 0; | 3153 | return 0; |
3154 | } | 3154 | } |
3155 | 3155 | ||
3156 | static int selinux_file_send_sigiotask(struct task_struct *tsk, | 3156 | static int selinux_file_send_sigiotask(struct task_struct *tsk, |
3157 | struct fown_struct *fown, int signum) | 3157 | struct fown_struct *fown, int signum) |
3158 | { | 3158 | { |
3159 | struct file *file; | 3159 | struct file *file; |
3160 | u32 sid = task_sid(tsk); | 3160 | u32 sid = task_sid(tsk); |
3161 | u32 perm; | 3161 | u32 perm; |
3162 | struct file_security_struct *fsec; | 3162 | struct file_security_struct *fsec; |
3163 | 3163 | ||
3164 | /* struct fown_struct is never outside the context of a struct file */ | 3164 | /* struct fown_struct is never outside the context of a struct file */ |
3165 | file = container_of(fown, struct file, f_owner); | 3165 | file = container_of(fown, struct file, f_owner); |
3166 | 3166 | ||
3167 | fsec = file->f_security; | 3167 | fsec = file->f_security; |
3168 | 3168 | ||
3169 | if (!signum) | 3169 | if (!signum) |
3170 | perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ | 3170 | perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ |
3171 | else | 3171 | else |
3172 | perm = signal_to_av(signum); | 3172 | perm = signal_to_av(signum); |
3173 | 3173 | ||
3174 | return avc_has_perm(fsec->fown_sid, sid, | 3174 | return avc_has_perm(fsec->fown_sid, sid, |
3175 | SECCLASS_PROCESS, perm, NULL); | 3175 | SECCLASS_PROCESS, perm, NULL); |
3176 | } | 3176 | } |
3177 | 3177 | ||
3178 | static int selinux_file_receive(struct file *file) | 3178 | static int selinux_file_receive(struct file *file) |
3179 | { | 3179 | { |
3180 | const struct cred *cred = current_cred(); | 3180 | const struct cred *cred = current_cred(); |
3181 | 3181 | ||
3182 | return file_has_perm(cred, file, file_to_av(file)); | 3182 | return file_has_perm(cred, file, file_to_av(file)); |
3183 | } | 3183 | } |
3184 | 3184 | ||
3185 | static int selinux_dentry_open(struct file *file, const struct cred *cred) | 3185 | static int selinux_dentry_open(struct file *file, const struct cred *cred) |
3186 | { | 3186 | { |
3187 | struct file_security_struct *fsec; | 3187 | struct file_security_struct *fsec; |
3188 | struct inode *inode; | 3188 | struct inode *inode; |
3189 | struct inode_security_struct *isec; | 3189 | struct inode_security_struct *isec; |
3190 | 3190 | ||
3191 | inode = file->f_path.dentry->d_inode; | 3191 | inode = file->f_path.dentry->d_inode; |
3192 | fsec = file->f_security; | 3192 | fsec = file->f_security; |
3193 | isec = inode->i_security; | 3193 | isec = inode->i_security; |
3194 | /* | 3194 | /* |
3195 | * Save inode label and policy sequence number | 3195 | * Save inode label and policy sequence number |
3196 | * at open-time so that selinux_file_permission | 3196 | * at open-time so that selinux_file_permission |
3197 | * can determine whether revalidation is necessary. | 3197 | * can determine whether revalidation is necessary. |
3198 | * Task label is already saved in the file security | 3198 | * Task label is already saved in the file security |
3199 | * struct as its SID. | 3199 | * struct as its SID. |
3200 | */ | 3200 | */ |
3201 | fsec->isid = isec->sid; | 3201 | fsec->isid = isec->sid; |
3202 | fsec->pseqno = avc_policy_seqno(); | 3202 | fsec->pseqno = avc_policy_seqno(); |
3203 | /* | 3203 | /* |
3204 | * Since the inode label or policy seqno may have changed | 3204 | * Since the inode label or policy seqno may have changed |
3205 | * between the selinux_inode_permission check and the saving | 3205 | * between the selinux_inode_permission check and the saving |
3206 | * of state above, recheck that access is still permitted. | 3206 | * of state above, recheck that access is still permitted. |
3207 | * Otherwise, access might never be revalidated against the | 3207 | * Otherwise, access might never be revalidated against the |
3208 | * new inode label or new policy. | 3208 | * new inode label or new policy. |
3209 | * This check is not redundant - do not remove. | 3209 | * This check is not redundant - do not remove. |
3210 | */ | 3210 | */ |
3211 | return inode_has_perm(cred, inode, open_file_to_av(file), NULL, 0); | 3211 | return inode_has_perm(cred, inode, open_file_to_av(file), NULL, 0); |
3212 | } | 3212 | } |
3213 | 3213 | ||
3214 | /* task security operations */ | 3214 | /* task security operations */ |
3215 | 3215 | ||
3216 | static int selinux_task_create(unsigned long clone_flags) | 3216 | static int selinux_task_create(unsigned long clone_flags) |
3217 | { | 3217 | { |
3218 | return current_has_perm(current, PROCESS__FORK); | 3218 | return current_has_perm(current, PROCESS__FORK); |
3219 | } | 3219 | } |
3220 | 3220 | ||
3221 | /* | 3221 | /* |
3222 | * allocate the SELinux part of blank credentials | 3222 | * allocate the SELinux part of blank credentials |
3223 | */ | 3223 | */ |
3224 | static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) | 3224 | static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) |
3225 | { | 3225 | { |
3226 | struct task_security_struct *tsec; | 3226 | struct task_security_struct *tsec; |
3227 | 3227 | ||
3228 | tsec = kzalloc(sizeof(struct task_security_struct), gfp); | 3228 | tsec = kzalloc(sizeof(struct task_security_struct), gfp); |
3229 | if (!tsec) | 3229 | if (!tsec) |
3230 | return -ENOMEM; | 3230 | return -ENOMEM; |
3231 | 3231 | ||
3232 | cred->security = tsec; | 3232 | cred->security = tsec; |
3233 | return 0; | 3233 | return 0; |
3234 | } | 3234 | } |
3235 | 3235 | ||
3236 | /* | 3236 | /* |
3237 | * detach and free the LSM part of a set of credentials | 3237 | * detach and free the LSM part of a set of credentials |
3238 | */ | 3238 | */ |
3239 | static void selinux_cred_free(struct cred *cred) | 3239 | static void selinux_cred_free(struct cred *cred) |
3240 | { | 3240 | { |
3241 | struct task_security_struct *tsec = cred->security; | 3241 | struct task_security_struct *tsec = cred->security; |
3242 | 3242 | ||
3243 | /* | 3243 | /* |
3244 | * cred->security == NULL if security_cred_alloc_blank() or | 3244 | * cred->security == NULL if security_cred_alloc_blank() or |
3245 | * security_prepare_creds() returned an error. | 3245 | * security_prepare_creds() returned an error. |
3246 | */ | 3246 | */ |
3247 | BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE); | 3247 | BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE); |
3248 | cred->security = (void *) 0x7UL; | 3248 | cred->security = (void *) 0x7UL; |
3249 | kfree(tsec); | 3249 | kfree(tsec); |
3250 | } | 3250 | } |
3251 | 3251 | ||
3252 | /* | 3252 | /* |
3253 | * prepare a new set of credentials for modification | 3253 | * prepare a new set of credentials for modification |
3254 | */ | 3254 | */ |
3255 | static int selinux_cred_prepare(struct cred *new, const struct cred *old, | 3255 | static int selinux_cred_prepare(struct cred *new, const struct cred *old, |
3256 | gfp_t gfp) | 3256 | gfp_t gfp) |
3257 | { | 3257 | { |
3258 | const struct task_security_struct *old_tsec; | 3258 | const struct task_security_struct *old_tsec; |
3259 | struct task_security_struct *tsec; | 3259 | struct task_security_struct *tsec; |
3260 | 3260 | ||
3261 | old_tsec = old->security; | 3261 | old_tsec = old->security; |
3262 | 3262 | ||
3263 | tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); | 3263 | tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); |
3264 | if (!tsec) | 3264 | if (!tsec) |
3265 | return -ENOMEM; | 3265 | return -ENOMEM; |
3266 | 3266 | ||
3267 | new->security = tsec; | 3267 | new->security = tsec; |
3268 | return 0; | 3268 | return 0; |
3269 | } | 3269 | } |
3270 | 3270 | ||
3271 | /* | 3271 | /* |
3272 | * transfer the SELinux data to a blank set of creds | 3272 | * transfer the SELinux data to a blank set of creds |
3273 | */ | 3273 | */ |
3274 | static void selinux_cred_transfer(struct cred *new, const struct cred *old) | 3274 | static void selinux_cred_transfer(struct cred *new, const struct cred *old) |
3275 | { | 3275 | { |
3276 | const struct task_security_struct *old_tsec = old->security; | 3276 | const struct task_security_struct *old_tsec = old->security; |
3277 | struct task_security_struct *tsec = new->security; | 3277 | struct task_security_struct *tsec = new->security; |
3278 | 3278 | ||
3279 | *tsec = *old_tsec; | 3279 | *tsec = *old_tsec; |
3280 | } | 3280 | } |
3281 | 3281 | ||
3282 | /* | 3282 | /* |
3283 | * set the security data for a kernel service | 3283 | * set the security data for a kernel service |
3284 | * - all the creation contexts are set to unlabelled | 3284 | * - all the creation contexts are set to unlabelled |
3285 | */ | 3285 | */ |
3286 | static int selinux_kernel_act_as(struct cred *new, u32 secid) | 3286 | static int selinux_kernel_act_as(struct cred *new, u32 secid) |
3287 | { | 3287 | { |
3288 | struct task_security_struct *tsec = new->security; | 3288 | struct task_security_struct *tsec = new->security; |
3289 | u32 sid = current_sid(); | 3289 | u32 sid = current_sid(); |
3290 | int ret; | 3290 | int ret; |
3291 | 3291 | ||
3292 | ret = avc_has_perm(sid, secid, | 3292 | ret = avc_has_perm(sid, secid, |
3293 | SECCLASS_KERNEL_SERVICE, | 3293 | SECCLASS_KERNEL_SERVICE, |
3294 | KERNEL_SERVICE__USE_AS_OVERRIDE, | 3294 | KERNEL_SERVICE__USE_AS_OVERRIDE, |
3295 | NULL); | 3295 | NULL); |
3296 | if (ret == 0) { | 3296 | if (ret == 0) { |
3297 | tsec->sid = secid; | 3297 | tsec->sid = secid; |
3298 | tsec->create_sid = 0; | 3298 | tsec->create_sid = 0; |
3299 | tsec->keycreate_sid = 0; | 3299 | tsec->keycreate_sid = 0; |
3300 | tsec->sockcreate_sid = 0; | 3300 | tsec->sockcreate_sid = 0; |
3301 | } | 3301 | } |
3302 | return ret; | 3302 | return ret; |
3303 | } | 3303 | } |
3304 | 3304 | ||
3305 | /* | 3305 | /* |
3306 | * set the file creation context in a security record to the same as the | 3306 | * set the file creation context in a security record to the same as the |
3307 | * objective context of the specified inode | 3307 | * objective context of the specified inode |
3308 | */ | 3308 | */ |
3309 | static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) | 3309 | static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) |
3310 | { | 3310 | { |
3311 | struct inode_security_struct *isec = inode->i_security; | 3311 | struct inode_security_struct *isec = inode->i_security; |
3312 | struct task_security_struct *tsec = new->security; | 3312 | struct task_security_struct *tsec = new->security; |
3313 | u32 sid = current_sid(); | 3313 | u32 sid = current_sid(); |
3314 | int ret; | 3314 | int ret; |
3315 | 3315 | ||
3316 | ret = avc_has_perm(sid, isec->sid, | 3316 | ret = avc_has_perm(sid, isec->sid, |
3317 | SECCLASS_KERNEL_SERVICE, | 3317 | SECCLASS_KERNEL_SERVICE, |
3318 | KERNEL_SERVICE__CREATE_FILES_AS, | 3318 | KERNEL_SERVICE__CREATE_FILES_AS, |
3319 | NULL); | 3319 | NULL); |
3320 | 3320 | ||
3321 | if (ret == 0) | 3321 | if (ret == 0) |
3322 | tsec->create_sid = isec->sid; | 3322 | tsec->create_sid = isec->sid; |
3323 | return ret; | 3323 | return ret; |
3324 | } | 3324 | } |
3325 | 3325 | ||
3326 | static int selinux_kernel_module_request(char *kmod_name) | 3326 | static int selinux_kernel_module_request(char *kmod_name) |
3327 | { | 3327 | { |
3328 | u32 sid; | 3328 | u32 sid; |
3329 | struct common_audit_data ad; | 3329 | struct common_audit_data ad; |
3330 | 3330 | ||
3331 | sid = task_sid(current); | 3331 | sid = task_sid(current); |
3332 | 3332 | ||
3333 | COMMON_AUDIT_DATA_INIT(&ad, KMOD); | 3333 | COMMON_AUDIT_DATA_INIT(&ad, KMOD); |
3334 | ad.u.kmod_name = kmod_name; | 3334 | ad.u.kmod_name = kmod_name; |
3335 | 3335 | ||
3336 | return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM, | 3336 | return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM, |
3337 | SYSTEM__MODULE_REQUEST, &ad); | 3337 | SYSTEM__MODULE_REQUEST, &ad); |
3338 | } | 3338 | } |
3339 | 3339 | ||
3340 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) | 3340 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) |
3341 | { | 3341 | { |
3342 | return current_has_perm(p, PROCESS__SETPGID); | 3342 | return current_has_perm(p, PROCESS__SETPGID); |
3343 | } | 3343 | } |
3344 | 3344 | ||
3345 | static int selinux_task_getpgid(struct task_struct *p) | 3345 | static int selinux_task_getpgid(struct task_struct *p) |
3346 | { | 3346 | { |
3347 | return current_has_perm(p, PROCESS__GETPGID); | 3347 | return current_has_perm(p, PROCESS__GETPGID); |
3348 | } | 3348 | } |
3349 | 3349 | ||
3350 | static int selinux_task_getsid(struct task_struct *p) | 3350 | static int selinux_task_getsid(struct task_struct *p) |
3351 | { | 3351 | { |
3352 | return current_has_perm(p, PROCESS__GETSESSION); | 3352 | return current_has_perm(p, PROCESS__GETSESSION); |
3353 | } | 3353 | } |
3354 | 3354 | ||
3355 | static void selinux_task_getsecid(struct task_struct *p, u32 *secid) | 3355 | static void selinux_task_getsecid(struct task_struct *p, u32 *secid) |
3356 | { | 3356 | { |
3357 | *secid = task_sid(p); | 3357 | *secid = task_sid(p); |
3358 | } | 3358 | } |
3359 | 3359 | ||
3360 | static int selinux_task_setnice(struct task_struct *p, int nice) | 3360 | static int selinux_task_setnice(struct task_struct *p, int nice) |
3361 | { | 3361 | { |
3362 | int rc; | 3362 | int rc; |
3363 | 3363 | ||
3364 | rc = cap_task_setnice(p, nice); | 3364 | rc = cap_task_setnice(p, nice); |
3365 | if (rc) | 3365 | if (rc) |
3366 | return rc; | 3366 | return rc; |
3367 | 3367 | ||
3368 | return current_has_perm(p, PROCESS__SETSCHED); | 3368 | return current_has_perm(p, PROCESS__SETSCHED); |
3369 | } | 3369 | } |
3370 | 3370 | ||
3371 | static int selinux_task_setioprio(struct task_struct *p, int ioprio) | 3371 | static int selinux_task_setioprio(struct task_struct *p, int ioprio) |
3372 | { | 3372 | { |
3373 | int rc; | 3373 | int rc; |
3374 | 3374 | ||
3375 | rc = cap_task_setioprio(p, ioprio); | 3375 | rc = cap_task_setioprio(p, ioprio); |
3376 | if (rc) | 3376 | if (rc) |
3377 | return rc; | 3377 | return rc; |
3378 | 3378 | ||
3379 | return current_has_perm(p, PROCESS__SETSCHED); | 3379 | return current_has_perm(p, PROCESS__SETSCHED); |
3380 | } | 3380 | } |
3381 | 3381 | ||
3382 | static int selinux_task_getioprio(struct task_struct *p) | 3382 | static int selinux_task_getioprio(struct task_struct *p) |
3383 | { | 3383 | { |
3384 | return current_has_perm(p, PROCESS__GETSCHED); | 3384 | return current_has_perm(p, PROCESS__GETSCHED); |
3385 | } | 3385 | } |
3386 | 3386 | ||
3387 | static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource, | 3387 | static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource, |
3388 | struct rlimit *new_rlim) | 3388 | struct rlimit *new_rlim) |
3389 | { | 3389 | { |
3390 | struct rlimit *old_rlim = p->signal->rlim + resource; | 3390 | struct rlimit *old_rlim = p->signal->rlim + resource; |
3391 | 3391 | ||
3392 | /* Control the ability to change the hard limit (whether | 3392 | /* Control the ability to change the hard limit (whether |
3393 | lowering or raising it), so that the hard limit can | 3393 | lowering or raising it), so that the hard limit can |
3394 | later be used as a safe reset point for the soft limit | 3394 | later be used as a safe reset point for the soft limit |
3395 | upon context transitions. See selinux_bprm_committing_creds. */ | 3395 | upon context transitions. See selinux_bprm_committing_creds. */ |
3396 | if (old_rlim->rlim_max != new_rlim->rlim_max) | 3396 | if (old_rlim->rlim_max != new_rlim->rlim_max) |
3397 | return current_has_perm(p, PROCESS__SETRLIMIT); | 3397 | return current_has_perm(p, PROCESS__SETRLIMIT); |
3398 | 3398 | ||
3399 | return 0; | 3399 | return 0; |
3400 | } | 3400 | } |
3401 | 3401 | ||
3402 | static int selinux_task_setscheduler(struct task_struct *p) | 3402 | static int selinux_task_setscheduler(struct task_struct *p) |
3403 | { | 3403 | { |
3404 | int rc; | 3404 | int rc; |
3405 | 3405 | ||
3406 | rc = cap_task_setscheduler(p); | 3406 | rc = cap_task_setscheduler(p); |
3407 | if (rc) | 3407 | if (rc) |
3408 | return rc; | 3408 | return rc; |
3409 | 3409 | ||
3410 | return current_has_perm(p, PROCESS__SETSCHED); | 3410 | return current_has_perm(p, PROCESS__SETSCHED); |
3411 | } | 3411 | } |
3412 | 3412 | ||
3413 | static int selinux_task_getscheduler(struct task_struct *p) | 3413 | static int selinux_task_getscheduler(struct task_struct *p) |
3414 | { | 3414 | { |
3415 | return current_has_perm(p, PROCESS__GETSCHED); | 3415 | return current_has_perm(p, PROCESS__GETSCHED); |
3416 | } | 3416 | } |
3417 | 3417 | ||
3418 | static int selinux_task_movememory(struct task_struct *p) | 3418 | static int selinux_task_movememory(struct task_struct *p) |
3419 | { | 3419 | { |
3420 | return current_has_perm(p, PROCESS__SETSCHED); | 3420 | return current_has_perm(p, PROCESS__SETSCHED); |
3421 | } | 3421 | } |
3422 | 3422 | ||
3423 | static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | 3423 | static int selinux_task_kill(struct task_struct *p, struct siginfo *info, |
3424 | int sig, u32 secid) | 3424 | int sig, u32 secid) |
3425 | { | 3425 | { |
3426 | u32 perm; | 3426 | u32 perm; |
3427 | int rc; | 3427 | int rc; |
3428 | 3428 | ||
3429 | if (!sig) | 3429 | if (!sig) |
3430 | perm = PROCESS__SIGNULL; /* null signal; existence test */ | 3430 | perm = PROCESS__SIGNULL; /* null signal; existence test */ |
3431 | else | 3431 | else |
3432 | perm = signal_to_av(sig); | 3432 | perm = signal_to_av(sig); |
3433 | if (secid) | 3433 | if (secid) |
3434 | rc = avc_has_perm(secid, task_sid(p), | 3434 | rc = avc_has_perm(secid, task_sid(p), |
3435 | SECCLASS_PROCESS, perm, NULL); | 3435 | SECCLASS_PROCESS, perm, NULL); |
3436 | else | 3436 | else |
3437 | rc = current_has_perm(p, perm); | 3437 | rc = current_has_perm(p, perm); |
3438 | return rc; | 3438 | return rc; |
3439 | } | 3439 | } |
3440 | 3440 | ||
3441 | static int selinux_task_wait(struct task_struct *p) | 3441 | static int selinux_task_wait(struct task_struct *p) |
3442 | { | 3442 | { |
3443 | return task_has_perm(p, current, PROCESS__SIGCHLD); | 3443 | return task_has_perm(p, current, PROCESS__SIGCHLD); |
3444 | } | 3444 | } |
3445 | 3445 | ||
3446 | static void selinux_task_to_inode(struct task_struct *p, | 3446 | static void selinux_task_to_inode(struct task_struct *p, |
3447 | struct inode *inode) | 3447 | struct inode *inode) |
3448 | { | 3448 | { |
3449 | struct inode_security_struct *isec = inode->i_security; | 3449 | struct inode_security_struct *isec = inode->i_security; |
3450 | u32 sid = task_sid(p); | 3450 | u32 sid = task_sid(p); |
3451 | 3451 | ||
3452 | isec->sid = sid; | 3452 | isec->sid = sid; |
3453 | isec->initialized = 1; | 3453 | isec->initialized = 1; |
3454 | } | 3454 | } |
3455 | 3455 | ||
3456 | /* Returns error only if unable to parse addresses */ | 3456 | /* Returns error only if unable to parse addresses */ |
3457 | static int selinux_parse_skb_ipv4(struct sk_buff *skb, | 3457 | static int selinux_parse_skb_ipv4(struct sk_buff *skb, |
3458 | struct common_audit_data *ad, u8 *proto) | 3458 | struct common_audit_data *ad, u8 *proto) |
3459 | { | 3459 | { |
3460 | int offset, ihlen, ret = -EINVAL; | 3460 | int offset, ihlen, ret = -EINVAL; |
3461 | struct iphdr _iph, *ih; | 3461 | struct iphdr _iph, *ih; |
3462 | 3462 | ||
3463 | offset = skb_network_offset(skb); | 3463 | offset = skb_network_offset(skb); |
3464 | ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph); | 3464 | ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph); |
3465 | if (ih == NULL) | 3465 | if (ih == NULL) |
3466 | goto out; | 3466 | goto out; |
3467 | 3467 | ||
3468 | ihlen = ih->ihl * 4; | 3468 | ihlen = ih->ihl * 4; |
3469 | if (ihlen < sizeof(_iph)) | 3469 | if (ihlen < sizeof(_iph)) |
3470 | goto out; | 3470 | goto out; |
3471 | 3471 | ||
3472 | ad->u.net.v4info.saddr = ih->saddr; | 3472 | ad->u.net.v4info.saddr = ih->saddr; |
3473 | ad->u.net.v4info.daddr = ih->daddr; | 3473 | ad->u.net.v4info.daddr = ih->daddr; |
3474 | ret = 0; | 3474 | ret = 0; |
3475 | 3475 | ||
3476 | if (proto) | 3476 | if (proto) |
3477 | *proto = ih->protocol; | 3477 | *proto = ih->protocol; |
3478 | 3478 | ||
3479 | switch (ih->protocol) { | 3479 | switch (ih->protocol) { |
3480 | case IPPROTO_TCP: { | 3480 | case IPPROTO_TCP: { |
3481 | struct tcphdr _tcph, *th; | 3481 | struct tcphdr _tcph, *th; |
3482 | 3482 | ||
3483 | if (ntohs(ih->frag_off) & IP_OFFSET) | 3483 | if (ntohs(ih->frag_off) & IP_OFFSET) |
3484 | break; | 3484 | break; |
3485 | 3485 | ||
3486 | offset += ihlen; | 3486 | offset += ihlen; |
3487 | th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); | 3487 | th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); |
3488 | if (th == NULL) | 3488 | if (th == NULL) |
3489 | break; | 3489 | break; |
3490 | 3490 | ||
3491 | ad->u.net.sport = th->source; | 3491 | ad->u.net.sport = th->source; |
3492 | ad->u.net.dport = th->dest; | 3492 | ad->u.net.dport = th->dest; |
3493 | break; | 3493 | break; |
3494 | } | 3494 | } |
3495 | 3495 | ||
3496 | case IPPROTO_UDP: { | 3496 | case IPPROTO_UDP: { |
3497 | struct udphdr _udph, *uh; | 3497 | struct udphdr _udph, *uh; |
3498 | 3498 | ||
3499 | if (ntohs(ih->frag_off) & IP_OFFSET) | 3499 | if (ntohs(ih->frag_off) & IP_OFFSET) |
3500 | break; | 3500 | break; |
3501 | 3501 | ||
3502 | offset += ihlen; | 3502 | offset += ihlen; |
3503 | uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); | 3503 | uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); |
3504 | if (uh == NULL) | 3504 | if (uh == NULL) |
3505 | break; | 3505 | break; |
3506 | 3506 | ||
3507 | ad->u.net.sport = uh->source; | 3507 | ad->u.net.sport = uh->source; |
3508 | ad->u.net.dport = uh->dest; | 3508 | ad->u.net.dport = uh->dest; |
3509 | break; | 3509 | break; |
3510 | } | 3510 | } |
3511 | 3511 | ||
3512 | case IPPROTO_DCCP: { | 3512 | case IPPROTO_DCCP: { |
3513 | struct dccp_hdr _dccph, *dh; | 3513 | struct dccp_hdr _dccph, *dh; |
3514 | 3514 | ||
3515 | if (ntohs(ih->frag_off) & IP_OFFSET) | 3515 | if (ntohs(ih->frag_off) & IP_OFFSET) |
3516 | break; | 3516 | break; |
3517 | 3517 | ||
3518 | offset += ihlen; | 3518 | offset += ihlen; |
3519 | dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); | 3519 | dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); |
3520 | if (dh == NULL) | 3520 | if (dh == NULL) |
3521 | break; | 3521 | break; |
3522 | 3522 | ||
3523 | ad->u.net.sport = dh->dccph_sport; | 3523 | ad->u.net.sport = dh->dccph_sport; |
3524 | ad->u.net.dport = dh->dccph_dport; | 3524 | ad->u.net.dport = dh->dccph_dport; |
3525 | break; | 3525 | break; |
3526 | } | 3526 | } |
3527 | 3527 | ||
3528 | default: | 3528 | default: |
3529 | break; | 3529 | break; |
3530 | } | 3530 | } |
3531 | out: | 3531 | out: |
3532 | return ret; | 3532 | return ret; |
3533 | } | 3533 | } |
3534 | 3534 | ||
3535 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 3535 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
3536 | 3536 | ||
3537 | /* Returns error only if unable to parse addresses */ | 3537 | /* Returns error only if unable to parse addresses */ |
3538 | static int selinux_parse_skb_ipv6(struct sk_buff *skb, | 3538 | static int selinux_parse_skb_ipv6(struct sk_buff *skb, |
3539 | struct common_audit_data *ad, u8 *proto) | 3539 | struct common_audit_data *ad, u8 *proto) |
3540 | { | 3540 | { |
3541 | u8 nexthdr; | 3541 | u8 nexthdr; |
3542 | int ret = -EINVAL, offset; | 3542 | int ret = -EINVAL, offset; |
3543 | struct ipv6hdr _ipv6h, *ip6; | 3543 | struct ipv6hdr _ipv6h, *ip6; |
3544 | 3544 | ||
3545 | offset = skb_network_offset(skb); | 3545 | offset = skb_network_offset(skb); |
3546 | ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); | 3546 | ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); |
3547 | if (ip6 == NULL) | 3547 | if (ip6 == NULL) |
3548 | goto out; | 3548 | goto out; |
3549 | 3549 | ||
3550 | ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); | 3550 | ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); |
3551 | ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); | 3551 | ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); |
3552 | ret = 0; | 3552 | ret = 0; |
3553 | 3553 | ||
3554 | nexthdr = ip6->nexthdr; | 3554 | nexthdr = ip6->nexthdr; |
3555 | offset += sizeof(_ipv6h); | 3555 | offset += sizeof(_ipv6h); |
3556 | offset = ipv6_skip_exthdr(skb, offset, &nexthdr); | 3556 | offset = ipv6_skip_exthdr(skb, offset, &nexthdr); |
3557 | if (offset < 0) | 3557 | if (offset < 0) |
3558 | goto out; | 3558 | goto out; |
3559 | 3559 | ||
3560 | if (proto) | 3560 | if (proto) |
3561 | *proto = nexthdr; | 3561 | *proto = nexthdr; |
3562 | 3562 | ||
3563 | switch (nexthdr) { | 3563 | switch (nexthdr) { |
3564 | case IPPROTO_TCP: { | 3564 | case IPPROTO_TCP: { |
3565 | struct tcphdr _tcph, *th; | 3565 | struct tcphdr _tcph, *th; |
3566 | 3566 | ||
3567 | th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); | 3567 | th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); |
3568 | if (th == NULL) | 3568 | if (th == NULL) |
3569 | break; | 3569 | break; |
3570 | 3570 | ||
3571 | ad->u.net.sport = th->source; | 3571 | ad->u.net.sport = th->source; |
3572 | ad->u.net.dport = th->dest; | 3572 | ad->u.net.dport = th->dest; |
3573 | break; | 3573 | break; |
3574 | } | 3574 | } |
3575 | 3575 | ||
3576 | case IPPROTO_UDP: { | 3576 | case IPPROTO_UDP: { |
3577 | struct udphdr _udph, *uh; | 3577 | struct udphdr _udph, *uh; |
3578 | 3578 | ||
3579 | uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); | 3579 | uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); |
3580 | if (uh == NULL) | 3580 | if (uh == NULL) |
3581 | break; | 3581 | break; |
3582 | 3582 | ||
3583 | ad->u.net.sport = uh->source; | 3583 | ad->u.net.sport = uh->source; |
3584 | ad->u.net.dport = uh->dest; | 3584 | ad->u.net.dport = uh->dest; |
3585 | break; | 3585 | break; |
3586 | } | 3586 | } |
3587 | 3587 | ||
3588 | case IPPROTO_DCCP: { | 3588 | case IPPROTO_DCCP: { |
3589 | struct dccp_hdr _dccph, *dh; | 3589 | struct dccp_hdr _dccph, *dh; |
3590 | 3590 | ||
3591 | dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); | 3591 | dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); |
3592 | if (dh == NULL) | 3592 | if (dh == NULL) |
3593 | break; | 3593 | break; |
3594 | 3594 | ||
3595 | ad->u.net.sport = dh->dccph_sport; | 3595 | ad->u.net.sport = dh->dccph_sport; |
3596 | ad->u.net.dport = dh->dccph_dport; | 3596 | ad->u.net.dport = dh->dccph_dport; |
3597 | break; | 3597 | break; |
3598 | } | 3598 | } |
3599 | 3599 | ||
3600 | /* includes fragments */ | 3600 | /* includes fragments */ |
3601 | default: | 3601 | default: |
3602 | break; | 3602 | break; |
3603 | } | 3603 | } |
3604 | out: | 3604 | out: |
3605 | return ret; | 3605 | return ret; |
3606 | } | 3606 | } |
3607 | 3607 | ||
3608 | #endif /* IPV6 */ | 3608 | #endif /* IPV6 */ |
3609 | 3609 | ||
3610 | static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad, | 3610 | static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad, |
3611 | char **_addrp, int src, u8 *proto) | 3611 | char **_addrp, int src, u8 *proto) |
3612 | { | 3612 | { |
3613 | char *addrp; | 3613 | char *addrp; |
3614 | int ret; | 3614 | int ret; |
3615 | 3615 | ||
3616 | switch (ad->u.net.family) { | 3616 | switch (ad->u.net.family) { |
3617 | case PF_INET: | 3617 | case PF_INET: |
3618 | ret = selinux_parse_skb_ipv4(skb, ad, proto); | 3618 | ret = selinux_parse_skb_ipv4(skb, ad, proto); |
3619 | if (ret) | 3619 | if (ret) |
3620 | goto parse_error; | 3620 | goto parse_error; |
3621 | addrp = (char *)(src ? &ad->u.net.v4info.saddr : | 3621 | addrp = (char *)(src ? &ad->u.net.v4info.saddr : |
3622 | &ad->u.net.v4info.daddr); | 3622 | &ad->u.net.v4info.daddr); |
3623 | goto okay; | 3623 | goto okay; |
3624 | 3624 | ||
3625 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 3625 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
3626 | case PF_INET6: | 3626 | case PF_INET6: |
3627 | ret = selinux_parse_skb_ipv6(skb, ad, proto); | 3627 | ret = selinux_parse_skb_ipv6(skb, ad, proto); |
3628 | if (ret) | 3628 | if (ret) |
3629 | goto parse_error; | 3629 | goto parse_error; |
3630 | addrp = (char *)(src ? &ad->u.net.v6info.saddr : | 3630 | addrp = (char *)(src ? &ad->u.net.v6info.saddr : |
3631 | &ad->u.net.v6info.daddr); | 3631 | &ad->u.net.v6info.daddr); |
3632 | goto okay; | 3632 | goto okay; |
3633 | #endif /* IPV6 */ | 3633 | #endif /* IPV6 */ |
3634 | default: | 3634 | default: |
3635 | addrp = NULL; | 3635 | addrp = NULL; |
3636 | goto okay; | 3636 | goto okay; |
3637 | } | 3637 | } |
3638 | 3638 | ||
3639 | parse_error: | 3639 | parse_error: |
3640 | printk(KERN_WARNING | 3640 | printk(KERN_WARNING |
3641 | "SELinux: failure in selinux_parse_skb()," | 3641 | "SELinux: failure in selinux_parse_skb()," |
3642 | " unable to parse packet\n"); | 3642 | " unable to parse packet\n"); |
3643 | return ret; | 3643 | return ret; |
3644 | 3644 | ||
3645 | okay: | 3645 | okay: |
3646 | if (_addrp) | 3646 | if (_addrp) |
3647 | *_addrp = addrp; | 3647 | *_addrp = addrp; |
3648 | return 0; | 3648 | return 0; |
3649 | } | 3649 | } |
3650 | 3650 | ||
3651 | /** | 3651 | /** |
3652 | * selinux_skb_peerlbl_sid - Determine the peer label of a packet | 3652 | * selinux_skb_peerlbl_sid - Determine the peer label of a packet |
3653 | * @skb: the packet | 3653 | * @skb: the packet |
3654 | * @family: protocol family | 3654 | * @family: protocol family |
3655 | * @sid: the packet's peer label SID | 3655 | * @sid: the packet's peer label SID |
3656 | * | 3656 | * |
3657 | * Description: | 3657 | * Description: |
3658 | * Check the various different forms of network peer labeling and determine | 3658 | * Check the various different forms of network peer labeling and determine |
3659 | * the peer label/SID for the packet; most of the magic actually occurs in | 3659 | * the peer label/SID for the packet; most of the magic actually occurs in |
3660 | * the security server function security_net_peersid_cmp(). The function | 3660 | * the security server function security_net_peersid_cmp(). The function |
3661 | * returns zero if the value in @sid is valid (although it may be SECSID_NULL) | 3661 | * returns zero if the value in @sid is valid (although it may be SECSID_NULL) |
3662 | * or -EACCES if @sid is invalid due to inconsistencies with the different | 3662 | * or -EACCES if @sid is invalid due to inconsistencies with the different |
3663 | * peer labels. | 3663 | * peer labels. |
3664 | * | 3664 | * |
3665 | */ | 3665 | */ |
3666 | static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) | 3666 | static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) |
3667 | { | 3667 | { |
3668 | int err; | 3668 | int err; |
3669 | u32 xfrm_sid; | 3669 | u32 xfrm_sid; |
3670 | u32 nlbl_sid; | 3670 | u32 nlbl_sid; |
3671 | u32 nlbl_type; | 3671 | u32 nlbl_type; |
3672 | 3672 | ||
3673 | selinux_skb_xfrm_sid(skb, &xfrm_sid); | 3673 | selinux_skb_xfrm_sid(skb, &xfrm_sid); |
3674 | selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid); | 3674 | selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid); |
3675 | 3675 | ||
3676 | err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid); | 3676 | err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid); |
3677 | if (unlikely(err)) { | 3677 | if (unlikely(err)) { |
3678 | printk(KERN_WARNING | 3678 | printk(KERN_WARNING |
3679 | "SELinux: failure in selinux_skb_peerlbl_sid()," | 3679 | "SELinux: failure in selinux_skb_peerlbl_sid()," |
3680 | " unable to determine packet's peer label\n"); | 3680 | " unable to determine packet's peer label\n"); |
3681 | return -EACCES; | 3681 | return -EACCES; |
3682 | } | 3682 | } |
3683 | 3683 | ||
3684 | return 0; | 3684 | return 0; |
3685 | } | 3685 | } |
3686 | 3686 | ||
3687 | /* socket security operations */ | 3687 | /* socket security operations */ |
3688 | 3688 | ||
3689 | static int socket_sockcreate_sid(const struct task_security_struct *tsec, | 3689 | static int socket_sockcreate_sid(const struct task_security_struct *tsec, |
3690 | u16 secclass, u32 *socksid) | 3690 | u16 secclass, u32 *socksid) |
3691 | { | 3691 | { |
3692 | if (tsec->sockcreate_sid > SECSID_NULL) { | 3692 | if (tsec->sockcreate_sid > SECSID_NULL) { |
3693 | *socksid = tsec->sockcreate_sid; | 3693 | *socksid = tsec->sockcreate_sid; |
3694 | return 0; | 3694 | return 0; |
3695 | } | 3695 | } |
3696 | 3696 | ||
3697 | return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL, | 3697 | return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL, |
3698 | socksid); | 3698 | socksid); |
3699 | } | 3699 | } |
3700 | 3700 | ||
3701 | static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms) | 3701 | static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms) |
3702 | { | 3702 | { |
3703 | struct sk_security_struct *sksec = sk->sk_security; | 3703 | struct sk_security_struct *sksec = sk->sk_security; |
3704 | struct common_audit_data ad; | 3704 | struct common_audit_data ad; |
3705 | u32 tsid = task_sid(task); | 3705 | u32 tsid = task_sid(task); |
3706 | 3706 | ||
3707 | if (sksec->sid == SECINITSID_KERNEL) | 3707 | if (sksec->sid == SECINITSID_KERNEL) |
3708 | return 0; | 3708 | return 0; |
3709 | 3709 | ||
3710 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 3710 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3711 | ad.u.net.sk = sk; | 3711 | ad.u.net.sk = sk; |
3712 | 3712 | ||
3713 | return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad); | 3713 | return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad); |
3714 | } | 3714 | } |
3715 | 3715 | ||
3716 | static int selinux_socket_create(int family, int type, | 3716 | static int selinux_socket_create(int family, int type, |
3717 | int protocol, int kern) | 3717 | int protocol, int kern) |
3718 | { | 3718 | { |
3719 | const struct task_security_struct *tsec = current_security(); | 3719 | const struct task_security_struct *tsec = current_security(); |
3720 | u32 newsid; | 3720 | u32 newsid; |
3721 | u16 secclass; | 3721 | u16 secclass; |
3722 | int rc; | 3722 | int rc; |
3723 | 3723 | ||
3724 | if (kern) | 3724 | if (kern) |
3725 | return 0; | 3725 | return 0; |
3726 | 3726 | ||
3727 | secclass = socket_type_to_security_class(family, type, protocol); | 3727 | secclass = socket_type_to_security_class(family, type, protocol); |
3728 | rc = socket_sockcreate_sid(tsec, secclass, &newsid); | 3728 | rc = socket_sockcreate_sid(tsec, secclass, &newsid); |
3729 | if (rc) | 3729 | if (rc) |
3730 | return rc; | 3730 | return rc; |
3731 | 3731 | ||
3732 | return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); | 3732 | return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); |
3733 | } | 3733 | } |
3734 | 3734 | ||
3735 | static int selinux_socket_post_create(struct socket *sock, int family, | 3735 | static int selinux_socket_post_create(struct socket *sock, int family, |
3736 | int type, int protocol, int kern) | 3736 | int type, int protocol, int kern) |
3737 | { | 3737 | { |
3738 | const struct task_security_struct *tsec = current_security(); | 3738 | const struct task_security_struct *tsec = current_security(); |
3739 | struct inode_security_struct *isec = SOCK_INODE(sock)->i_security; | 3739 | struct inode_security_struct *isec = SOCK_INODE(sock)->i_security; |
3740 | struct sk_security_struct *sksec; | 3740 | struct sk_security_struct *sksec; |
3741 | int err = 0; | 3741 | int err = 0; |
3742 | 3742 | ||
3743 | isec->sclass = socket_type_to_security_class(family, type, protocol); | 3743 | isec->sclass = socket_type_to_security_class(family, type, protocol); |
3744 | 3744 | ||
3745 | if (kern) | 3745 | if (kern) |
3746 | isec->sid = SECINITSID_KERNEL; | 3746 | isec->sid = SECINITSID_KERNEL; |
3747 | else { | 3747 | else { |
3748 | err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid)); | 3748 | err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid)); |
3749 | if (err) | 3749 | if (err) |
3750 | return err; | 3750 | return err; |
3751 | } | 3751 | } |
3752 | 3752 | ||
3753 | isec->initialized = 1; | 3753 | isec->initialized = 1; |
3754 | 3754 | ||
3755 | if (sock->sk) { | 3755 | if (sock->sk) { |
3756 | sksec = sock->sk->sk_security; | 3756 | sksec = sock->sk->sk_security; |
3757 | sksec->sid = isec->sid; | 3757 | sksec->sid = isec->sid; |
3758 | sksec->sclass = isec->sclass; | 3758 | sksec->sclass = isec->sclass; |
3759 | err = selinux_netlbl_socket_post_create(sock->sk, family); | 3759 | err = selinux_netlbl_socket_post_create(sock->sk, family); |
3760 | } | 3760 | } |
3761 | 3761 | ||
3762 | return err; | 3762 | return err; |
3763 | } | 3763 | } |
3764 | 3764 | ||
3765 | /* Range of port numbers used to automatically bind. | 3765 | /* Range of port numbers used to automatically bind. |
3766 | Need to determine whether we should perform a name_bind | 3766 | Need to determine whether we should perform a name_bind |
3767 | permission check between the socket and the port number. */ | 3767 | permission check between the socket and the port number. */ |
3768 | 3768 | ||
3769 | static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) | 3769 | static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) |
3770 | { | 3770 | { |
3771 | struct sock *sk = sock->sk; | 3771 | struct sock *sk = sock->sk; |
3772 | u16 family; | 3772 | u16 family; |
3773 | int err; | 3773 | int err; |
3774 | 3774 | ||
3775 | err = sock_has_perm(current, sk, SOCKET__BIND); | 3775 | err = sock_has_perm(current, sk, SOCKET__BIND); |
3776 | if (err) | 3776 | if (err) |
3777 | goto out; | 3777 | goto out; |
3778 | 3778 | ||
3779 | /* | 3779 | /* |
3780 | * If PF_INET or PF_INET6, check name_bind permission for the port. | 3780 | * If PF_INET or PF_INET6, check name_bind permission for the port. |
3781 | * Multiple address binding for SCTP is not supported yet: we just | 3781 | * Multiple address binding for SCTP is not supported yet: we just |
3782 | * check the first address now. | 3782 | * check the first address now. |
3783 | */ | 3783 | */ |
3784 | family = sk->sk_family; | 3784 | family = sk->sk_family; |
3785 | if (family == PF_INET || family == PF_INET6) { | 3785 | if (family == PF_INET || family == PF_INET6) { |
3786 | char *addrp; | 3786 | char *addrp; |
3787 | struct sk_security_struct *sksec = sk->sk_security; | 3787 | struct sk_security_struct *sksec = sk->sk_security; |
3788 | struct common_audit_data ad; | 3788 | struct common_audit_data ad; |
3789 | struct sockaddr_in *addr4 = NULL; | 3789 | struct sockaddr_in *addr4 = NULL; |
3790 | struct sockaddr_in6 *addr6 = NULL; | 3790 | struct sockaddr_in6 *addr6 = NULL; |
3791 | unsigned short snum; | 3791 | unsigned short snum; |
3792 | u32 sid, node_perm; | 3792 | u32 sid, node_perm; |
3793 | 3793 | ||
3794 | if (family == PF_INET) { | 3794 | if (family == PF_INET) { |
3795 | addr4 = (struct sockaddr_in *)address; | 3795 | addr4 = (struct sockaddr_in *)address; |
3796 | snum = ntohs(addr4->sin_port); | 3796 | snum = ntohs(addr4->sin_port); |
3797 | addrp = (char *)&addr4->sin_addr.s_addr; | 3797 | addrp = (char *)&addr4->sin_addr.s_addr; |
3798 | } else { | 3798 | } else { |
3799 | addr6 = (struct sockaddr_in6 *)address; | 3799 | addr6 = (struct sockaddr_in6 *)address; |
3800 | snum = ntohs(addr6->sin6_port); | 3800 | snum = ntohs(addr6->sin6_port); |
3801 | addrp = (char *)&addr6->sin6_addr.s6_addr; | 3801 | addrp = (char *)&addr6->sin6_addr.s6_addr; |
3802 | } | 3802 | } |
3803 | 3803 | ||
3804 | if (snum) { | 3804 | if (snum) { |
3805 | int low, high; | 3805 | int low, high; |
3806 | 3806 | ||
3807 | inet_get_local_port_range(&low, &high); | 3807 | inet_get_local_port_range(&low, &high); |
3808 | 3808 | ||
3809 | if (snum < max(PROT_SOCK, low) || snum > high) { | 3809 | if (snum < max(PROT_SOCK, low) || snum > high) { |
3810 | err = sel_netport_sid(sk->sk_protocol, | 3810 | err = sel_netport_sid(sk->sk_protocol, |
3811 | snum, &sid); | 3811 | snum, &sid); |
3812 | if (err) | 3812 | if (err) |
3813 | goto out; | 3813 | goto out; |
3814 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 3814 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3815 | ad.u.net.sport = htons(snum); | 3815 | ad.u.net.sport = htons(snum); |
3816 | ad.u.net.family = family; | 3816 | ad.u.net.family = family; |
3817 | err = avc_has_perm(sksec->sid, sid, | 3817 | err = avc_has_perm(sksec->sid, sid, |
3818 | sksec->sclass, | 3818 | sksec->sclass, |
3819 | SOCKET__NAME_BIND, &ad); | 3819 | SOCKET__NAME_BIND, &ad); |
3820 | if (err) | 3820 | if (err) |
3821 | goto out; | 3821 | goto out; |
3822 | } | 3822 | } |
3823 | } | 3823 | } |
3824 | 3824 | ||
3825 | switch (sksec->sclass) { | 3825 | switch (sksec->sclass) { |
3826 | case SECCLASS_TCP_SOCKET: | 3826 | case SECCLASS_TCP_SOCKET: |
3827 | node_perm = TCP_SOCKET__NODE_BIND; | 3827 | node_perm = TCP_SOCKET__NODE_BIND; |
3828 | break; | 3828 | break; |
3829 | 3829 | ||
3830 | case SECCLASS_UDP_SOCKET: | 3830 | case SECCLASS_UDP_SOCKET: |
3831 | node_perm = UDP_SOCKET__NODE_BIND; | 3831 | node_perm = UDP_SOCKET__NODE_BIND; |
3832 | break; | 3832 | break; |
3833 | 3833 | ||
3834 | case SECCLASS_DCCP_SOCKET: | 3834 | case SECCLASS_DCCP_SOCKET: |
3835 | node_perm = DCCP_SOCKET__NODE_BIND; | 3835 | node_perm = DCCP_SOCKET__NODE_BIND; |
3836 | break; | 3836 | break; |
3837 | 3837 | ||
3838 | default: | 3838 | default: |
3839 | node_perm = RAWIP_SOCKET__NODE_BIND; | 3839 | node_perm = RAWIP_SOCKET__NODE_BIND; |
3840 | break; | 3840 | break; |
3841 | } | 3841 | } |
3842 | 3842 | ||
3843 | err = sel_netnode_sid(addrp, family, &sid); | 3843 | err = sel_netnode_sid(addrp, family, &sid); |
3844 | if (err) | 3844 | if (err) |
3845 | goto out; | 3845 | goto out; |
3846 | 3846 | ||
3847 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 3847 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3848 | ad.u.net.sport = htons(snum); | 3848 | ad.u.net.sport = htons(snum); |
3849 | ad.u.net.family = family; | 3849 | ad.u.net.family = family; |
3850 | 3850 | ||
3851 | if (family == PF_INET) | 3851 | if (family == PF_INET) |
3852 | ad.u.net.v4info.saddr = addr4->sin_addr.s_addr; | 3852 | ad.u.net.v4info.saddr = addr4->sin_addr.s_addr; |
3853 | else | 3853 | else |
3854 | ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr); | 3854 | ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr); |
3855 | 3855 | ||
3856 | err = avc_has_perm(sksec->sid, sid, | 3856 | err = avc_has_perm(sksec->sid, sid, |
3857 | sksec->sclass, node_perm, &ad); | 3857 | sksec->sclass, node_perm, &ad); |
3858 | if (err) | 3858 | if (err) |
3859 | goto out; | 3859 | goto out; |
3860 | } | 3860 | } |
3861 | out: | 3861 | out: |
3862 | return err; | 3862 | return err; |
3863 | } | 3863 | } |
3864 | 3864 | ||
3865 | static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) | 3865 | static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) |
3866 | { | 3866 | { |
3867 | struct sock *sk = sock->sk; | 3867 | struct sock *sk = sock->sk; |
3868 | struct sk_security_struct *sksec = sk->sk_security; | 3868 | struct sk_security_struct *sksec = sk->sk_security; |
3869 | int err; | 3869 | int err; |
3870 | 3870 | ||
3871 | err = sock_has_perm(current, sk, SOCKET__CONNECT); | 3871 | err = sock_has_perm(current, sk, SOCKET__CONNECT); |
3872 | if (err) | 3872 | if (err) |
3873 | return err; | 3873 | return err; |
3874 | 3874 | ||
3875 | /* | 3875 | /* |
3876 | * If a TCP or DCCP socket, check name_connect permission for the port. | 3876 | * If a TCP or DCCP socket, check name_connect permission for the port. |
3877 | */ | 3877 | */ |
3878 | if (sksec->sclass == SECCLASS_TCP_SOCKET || | 3878 | if (sksec->sclass == SECCLASS_TCP_SOCKET || |
3879 | sksec->sclass == SECCLASS_DCCP_SOCKET) { | 3879 | sksec->sclass == SECCLASS_DCCP_SOCKET) { |
3880 | struct common_audit_data ad; | 3880 | struct common_audit_data ad; |
3881 | struct sockaddr_in *addr4 = NULL; | 3881 | struct sockaddr_in *addr4 = NULL; |
3882 | struct sockaddr_in6 *addr6 = NULL; | 3882 | struct sockaddr_in6 *addr6 = NULL; |
3883 | unsigned short snum; | 3883 | unsigned short snum; |
3884 | u32 sid, perm; | 3884 | u32 sid, perm; |
3885 | 3885 | ||
3886 | if (sk->sk_family == PF_INET) { | 3886 | if (sk->sk_family == PF_INET) { |
3887 | addr4 = (struct sockaddr_in *)address; | 3887 | addr4 = (struct sockaddr_in *)address; |
3888 | if (addrlen < sizeof(struct sockaddr_in)) | 3888 | if (addrlen < sizeof(struct sockaddr_in)) |
3889 | return -EINVAL; | 3889 | return -EINVAL; |
3890 | snum = ntohs(addr4->sin_port); | 3890 | snum = ntohs(addr4->sin_port); |
3891 | } else { | 3891 | } else { |
3892 | addr6 = (struct sockaddr_in6 *)address; | 3892 | addr6 = (struct sockaddr_in6 *)address; |
3893 | if (addrlen < SIN6_LEN_RFC2133) | 3893 | if (addrlen < SIN6_LEN_RFC2133) |
3894 | return -EINVAL; | 3894 | return -EINVAL; |
3895 | snum = ntohs(addr6->sin6_port); | 3895 | snum = ntohs(addr6->sin6_port); |
3896 | } | 3896 | } |
3897 | 3897 | ||
3898 | err = sel_netport_sid(sk->sk_protocol, snum, &sid); | 3898 | err = sel_netport_sid(sk->sk_protocol, snum, &sid); |
3899 | if (err) | 3899 | if (err) |
3900 | goto out; | 3900 | goto out; |
3901 | 3901 | ||
3902 | perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ? | 3902 | perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ? |
3903 | TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; | 3903 | TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; |
3904 | 3904 | ||
3905 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 3905 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3906 | ad.u.net.dport = htons(snum); | 3906 | ad.u.net.dport = htons(snum); |
3907 | ad.u.net.family = sk->sk_family; | 3907 | ad.u.net.family = sk->sk_family; |
3908 | err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad); | 3908 | err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad); |
3909 | if (err) | 3909 | if (err) |
3910 | goto out; | 3910 | goto out; |
3911 | } | 3911 | } |
3912 | 3912 | ||
3913 | err = selinux_netlbl_socket_connect(sk, address); | 3913 | err = selinux_netlbl_socket_connect(sk, address); |
3914 | 3914 | ||
3915 | out: | 3915 | out: |
3916 | return err; | 3916 | return err; |
3917 | } | 3917 | } |
3918 | 3918 | ||
3919 | static int selinux_socket_listen(struct socket *sock, int backlog) | 3919 | static int selinux_socket_listen(struct socket *sock, int backlog) |
3920 | { | 3920 | { |
3921 | return sock_has_perm(current, sock->sk, SOCKET__LISTEN); | 3921 | return sock_has_perm(current, sock->sk, SOCKET__LISTEN); |
3922 | } | 3922 | } |
3923 | 3923 | ||
3924 | static int selinux_socket_accept(struct socket *sock, struct socket *newsock) | 3924 | static int selinux_socket_accept(struct socket *sock, struct socket *newsock) |
3925 | { | 3925 | { |
3926 | int err; | 3926 | int err; |
3927 | struct inode_security_struct *isec; | 3927 | struct inode_security_struct *isec; |
3928 | struct inode_security_struct *newisec; | 3928 | struct inode_security_struct *newisec; |
3929 | 3929 | ||
3930 | err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT); | 3930 | err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT); |
3931 | if (err) | 3931 | if (err) |
3932 | return err; | 3932 | return err; |
3933 | 3933 | ||
3934 | newisec = SOCK_INODE(newsock)->i_security; | 3934 | newisec = SOCK_INODE(newsock)->i_security; |
3935 | 3935 | ||
3936 | isec = SOCK_INODE(sock)->i_security; | 3936 | isec = SOCK_INODE(sock)->i_security; |
3937 | newisec->sclass = isec->sclass; | 3937 | newisec->sclass = isec->sclass; |
3938 | newisec->sid = isec->sid; | 3938 | newisec->sid = isec->sid; |
3939 | newisec->initialized = 1; | 3939 | newisec->initialized = 1; |
3940 | 3940 | ||
3941 | return 0; | 3941 | return 0; |
3942 | } | 3942 | } |
3943 | 3943 | ||
3944 | static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg, | 3944 | static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg, |
3945 | int size) | 3945 | int size) |
3946 | { | 3946 | { |
3947 | return sock_has_perm(current, sock->sk, SOCKET__WRITE); | 3947 | return sock_has_perm(current, sock->sk, SOCKET__WRITE); |
3948 | } | 3948 | } |
3949 | 3949 | ||
3950 | static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg, | 3950 | static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg, |
3951 | int size, int flags) | 3951 | int size, int flags) |
3952 | { | 3952 | { |
3953 | return sock_has_perm(current, sock->sk, SOCKET__READ); | 3953 | return sock_has_perm(current, sock->sk, SOCKET__READ); |
3954 | } | 3954 | } |
3955 | 3955 | ||
3956 | static int selinux_socket_getsockname(struct socket *sock) | 3956 | static int selinux_socket_getsockname(struct socket *sock) |
3957 | { | 3957 | { |
3958 | return sock_has_perm(current, sock->sk, SOCKET__GETATTR); | 3958 | return sock_has_perm(current, sock->sk, SOCKET__GETATTR); |
3959 | } | 3959 | } |
3960 | 3960 | ||
3961 | static int selinux_socket_getpeername(struct socket *sock) | 3961 | static int selinux_socket_getpeername(struct socket *sock) |
3962 | { | 3962 | { |
3963 | return sock_has_perm(current, sock->sk, SOCKET__GETATTR); | 3963 | return sock_has_perm(current, sock->sk, SOCKET__GETATTR); |
3964 | } | 3964 | } |
3965 | 3965 | ||
3966 | static int selinux_socket_setsockopt(struct socket *sock, int level, int optname) | 3966 | static int selinux_socket_setsockopt(struct socket *sock, int level, int optname) |
3967 | { | 3967 | { |
3968 | int err; | 3968 | int err; |
3969 | 3969 | ||
3970 | err = sock_has_perm(current, sock->sk, SOCKET__SETOPT); | 3970 | err = sock_has_perm(current, sock->sk, SOCKET__SETOPT); |
3971 | if (err) | 3971 | if (err) |
3972 | return err; | 3972 | return err; |
3973 | 3973 | ||
3974 | return selinux_netlbl_socket_setsockopt(sock, level, optname); | 3974 | return selinux_netlbl_socket_setsockopt(sock, level, optname); |
3975 | } | 3975 | } |
3976 | 3976 | ||
3977 | static int selinux_socket_getsockopt(struct socket *sock, int level, | 3977 | static int selinux_socket_getsockopt(struct socket *sock, int level, |
3978 | int optname) | 3978 | int optname) |
3979 | { | 3979 | { |
3980 | return sock_has_perm(current, sock->sk, SOCKET__GETOPT); | 3980 | return sock_has_perm(current, sock->sk, SOCKET__GETOPT); |
3981 | } | 3981 | } |
3982 | 3982 | ||
3983 | static int selinux_socket_shutdown(struct socket *sock, int how) | 3983 | static int selinux_socket_shutdown(struct socket *sock, int how) |
3984 | { | 3984 | { |
3985 | return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN); | 3985 | return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN); |
3986 | } | 3986 | } |
3987 | 3987 | ||
3988 | static int selinux_socket_unix_stream_connect(struct sock *sock, | 3988 | static int selinux_socket_unix_stream_connect(struct sock *sock, |
3989 | struct sock *other, | 3989 | struct sock *other, |
3990 | struct sock *newsk) | 3990 | struct sock *newsk) |
3991 | { | 3991 | { |
3992 | struct sk_security_struct *sksec_sock = sock->sk_security; | 3992 | struct sk_security_struct *sksec_sock = sock->sk_security; |
3993 | struct sk_security_struct *sksec_other = other->sk_security; | 3993 | struct sk_security_struct *sksec_other = other->sk_security; |
3994 | struct sk_security_struct *sksec_new = newsk->sk_security; | 3994 | struct sk_security_struct *sksec_new = newsk->sk_security; |
3995 | struct common_audit_data ad; | 3995 | struct common_audit_data ad; |
3996 | int err; | 3996 | int err; |
3997 | 3997 | ||
3998 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 3998 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3999 | ad.u.net.sk = other; | 3999 | ad.u.net.sk = other; |
4000 | 4000 | ||
4001 | err = avc_has_perm(sksec_sock->sid, sksec_other->sid, | 4001 | err = avc_has_perm(sksec_sock->sid, sksec_other->sid, |
4002 | sksec_other->sclass, | 4002 | sksec_other->sclass, |
4003 | UNIX_STREAM_SOCKET__CONNECTTO, &ad); | 4003 | UNIX_STREAM_SOCKET__CONNECTTO, &ad); |
4004 | if (err) | 4004 | if (err) |
4005 | return err; | 4005 | return err; |
4006 | 4006 | ||
4007 | /* server child socket */ | 4007 | /* server child socket */ |
4008 | sksec_new->peer_sid = sksec_sock->sid; | 4008 | sksec_new->peer_sid = sksec_sock->sid; |
4009 | err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid, | 4009 | err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid, |
4010 | &sksec_new->sid); | 4010 | &sksec_new->sid); |
4011 | if (err) | 4011 | if (err) |
4012 | return err; | 4012 | return err; |
4013 | 4013 | ||
4014 | /* connecting socket */ | 4014 | /* connecting socket */ |
4015 | sksec_sock->peer_sid = sksec_new->sid; | 4015 | sksec_sock->peer_sid = sksec_new->sid; |
4016 | 4016 | ||
4017 | return 0; | 4017 | return 0; |
4018 | } | 4018 | } |
4019 | 4019 | ||
4020 | static int selinux_socket_unix_may_send(struct socket *sock, | 4020 | static int selinux_socket_unix_may_send(struct socket *sock, |
4021 | struct socket *other) | 4021 | struct socket *other) |
4022 | { | 4022 | { |
4023 | struct sk_security_struct *ssec = sock->sk->sk_security; | 4023 | struct sk_security_struct *ssec = sock->sk->sk_security; |
4024 | struct sk_security_struct *osec = other->sk->sk_security; | 4024 | struct sk_security_struct *osec = other->sk->sk_security; |
4025 | struct common_audit_data ad; | 4025 | struct common_audit_data ad; |
4026 | 4026 | ||
4027 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 4027 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4028 | ad.u.net.sk = other->sk; | 4028 | ad.u.net.sk = other->sk; |
4029 | 4029 | ||
4030 | return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, | 4030 | return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, |
4031 | &ad); | 4031 | &ad); |
4032 | } | 4032 | } |
4033 | 4033 | ||
4034 | static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, | 4034 | static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, |
4035 | u32 peer_sid, | 4035 | u32 peer_sid, |
4036 | struct common_audit_data *ad) | 4036 | struct common_audit_data *ad) |
4037 | { | 4037 | { |
4038 | int err; | 4038 | int err; |
4039 | u32 if_sid; | 4039 | u32 if_sid; |
4040 | u32 node_sid; | 4040 | u32 node_sid; |
4041 | 4041 | ||
4042 | err = sel_netif_sid(ifindex, &if_sid); | 4042 | err = sel_netif_sid(ifindex, &if_sid); |
4043 | if (err) | 4043 | if (err) |
4044 | return err; | 4044 | return err; |
4045 | err = avc_has_perm(peer_sid, if_sid, | 4045 | err = avc_has_perm(peer_sid, if_sid, |
4046 | SECCLASS_NETIF, NETIF__INGRESS, ad); | 4046 | SECCLASS_NETIF, NETIF__INGRESS, ad); |
4047 | if (err) | 4047 | if (err) |
4048 | return err; | 4048 | return err; |
4049 | 4049 | ||
4050 | err = sel_netnode_sid(addrp, family, &node_sid); | 4050 | err = sel_netnode_sid(addrp, family, &node_sid); |
4051 | if (err) | 4051 | if (err) |
4052 | return err; | 4052 | return err; |
4053 | return avc_has_perm(peer_sid, node_sid, | 4053 | return avc_has_perm(peer_sid, node_sid, |
4054 | SECCLASS_NODE, NODE__RECVFROM, ad); | 4054 | SECCLASS_NODE, NODE__RECVFROM, ad); |
4055 | } | 4055 | } |
4056 | 4056 | ||
4057 | static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, | 4057 | static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, |
4058 | u16 family) | 4058 | u16 family) |
4059 | { | 4059 | { |
4060 | int err = 0; | 4060 | int err = 0; |
4061 | struct sk_security_struct *sksec = sk->sk_security; | 4061 | struct sk_security_struct *sksec = sk->sk_security; |
4062 | u32 sk_sid = sksec->sid; | 4062 | u32 sk_sid = sksec->sid; |
4063 | struct common_audit_data ad; | 4063 | struct common_audit_data ad; |
4064 | char *addrp; | 4064 | char *addrp; |
4065 | 4065 | ||
4066 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 4066 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4067 | ad.u.net.netif = skb->skb_iif; | 4067 | ad.u.net.netif = skb->skb_iif; |
4068 | ad.u.net.family = family; | 4068 | ad.u.net.family = family; |
4069 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); | 4069 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); |
4070 | if (err) | 4070 | if (err) |
4071 | return err; | 4071 | return err; |
4072 | 4072 | ||
4073 | if (selinux_secmark_enabled()) { | 4073 | if (selinux_secmark_enabled()) { |
4074 | err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, | 4074 | err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, |
4075 | PACKET__RECV, &ad); | 4075 | PACKET__RECV, &ad); |
4076 | if (err) | 4076 | if (err) |
4077 | return err; | 4077 | return err; |
4078 | } | 4078 | } |
4079 | 4079 | ||
4080 | err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad); | 4080 | err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad); |
4081 | if (err) | 4081 | if (err) |
4082 | return err; | 4082 | return err; |
4083 | err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); | 4083 | err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); |
4084 | 4084 | ||
4085 | return err; | 4085 | return err; |
4086 | } | 4086 | } |
4087 | 4087 | ||
4088 | static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | 4088 | static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) |
4089 | { | 4089 | { |
4090 | int err; | 4090 | int err; |
4091 | struct sk_security_struct *sksec = sk->sk_security; | 4091 | struct sk_security_struct *sksec = sk->sk_security; |
4092 | u16 family = sk->sk_family; | 4092 | u16 family = sk->sk_family; |
4093 | u32 sk_sid = sksec->sid; | 4093 | u32 sk_sid = sksec->sid; |
4094 | struct common_audit_data ad; | 4094 | struct common_audit_data ad; |
4095 | char *addrp; | 4095 | char *addrp; |
4096 | u8 secmark_active; | 4096 | u8 secmark_active; |
4097 | u8 peerlbl_active; | 4097 | u8 peerlbl_active; |
4098 | 4098 | ||
4099 | if (family != PF_INET && family != PF_INET6) | 4099 | if (family != PF_INET && family != PF_INET6) |
4100 | return 0; | 4100 | return 0; |
4101 | 4101 | ||
4102 | /* Handle mapped IPv4 packets arriving via IPv6 sockets */ | 4102 | /* Handle mapped IPv4 packets arriving via IPv6 sockets */ |
4103 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) | 4103 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) |
4104 | family = PF_INET; | 4104 | family = PF_INET; |
4105 | 4105 | ||
4106 | /* If any sort of compatibility mode is enabled then handoff processing | 4106 | /* If any sort of compatibility mode is enabled then handoff processing |
4107 | * to the selinux_sock_rcv_skb_compat() function to deal with the | 4107 | * to the selinux_sock_rcv_skb_compat() function to deal with the |
4108 | * special handling. We do this in an attempt to keep this function | 4108 | * special handling. We do this in an attempt to keep this function |
4109 | * as fast and as clean as possible. */ | 4109 | * as fast and as clean as possible. */ |
4110 | if (!selinux_policycap_netpeer) | 4110 | if (!selinux_policycap_netpeer) |
4111 | return selinux_sock_rcv_skb_compat(sk, skb, family); | 4111 | return selinux_sock_rcv_skb_compat(sk, skb, family); |
4112 | 4112 | ||
4113 | secmark_active = selinux_secmark_enabled(); | 4113 | secmark_active = selinux_secmark_enabled(); |
4114 | peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); | 4114 | peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); |
4115 | if (!secmark_active && !peerlbl_active) | 4115 | if (!secmark_active && !peerlbl_active) |
4116 | return 0; | 4116 | return 0; |
4117 | 4117 | ||
4118 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 4118 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4119 | ad.u.net.netif = skb->skb_iif; | 4119 | ad.u.net.netif = skb->skb_iif; |
4120 | ad.u.net.family = family; | 4120 | ad.u.net.family = family; |
4121 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); | 4121 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); |
4122 | if (err) | 4122 | if (err) |
4123 | return err; | 4123 | return err; |
4124 | 4124 | ||
4125 | if (peerlbl_active) { | 4125 | if (peerlbl_active) { |
4126 | u32 peer_sid; | 4126 | u32 peer_sid; |
4127 | 4127 | ||
4128 | err = selinux_skb_peerlbl_sid(skb, family, &peer_sid); | 4128 | err = selinux_skb_peerlbl_sid(skb, family, &peer_sid); |
4129 | if (err) | 4129 | if (err) |
4130 | return err; | 4130 | return err; |
4131 | err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family, | 4131 | err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family, |
4132 | peer_sid, &ad); | 4132 | peer_sid, &ad); |
4133 | if (err) { | 4133 | if (err) { |
4134 | selinux_netlbl_err(skb, err, 0); | 4134 | selinux_netlbl_err(skb, err, 0); |
4135 | return err; | 4135 | return err; |
4136 | } | 4136 | } |
4137 | err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER, | 4137 | err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER, |
4138 | PEER__RECV, &ad); | 4138 | PEER__RECV, &ad); |
4139 | if (err) | 4139 | if (err) |
4140 | selinux_netlbl_err(skb, err, 0); | 4140 | selinux_netlbl_err(skb, err, 0); |
4141 | } | 4141 | } |
4142 | 4142 | ||
4143 | if (secmark_active) { | 4143 | if (secmark_active) { |
4144 | err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, | 4144 | err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, |
4145 | PACKET__RECV, &ad); | 4145 | PACKET__RECV, &ad); |
4146 | if (err) | 4146 | if (err) |
4147 | return err; | 4147 | return err; |
4148 | } | 4148 | } |
4149 | 4149 | ||
4150 | return err; | 4150 | return err; |
4151 | } | 4151 | } |
4152 | 4152 | ||
4153 | static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval, | 4153 | static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval, |
4154 | int __user *optlen, unsigned len) | 4154 | int __user *optlen, unsigned len) |
4155 | { | 4155 | { |
4156 | int err = 0; | 4156 | int err = 0; |
4157 | char *scontext; | 4157 | char *scontext; |
4158 | u32 scontext_len; | 4158 | u32 scontext_len; |
4159 | struct sk_security_struct *sksec = sock->sk->sk_security; | 4159 | struct sk_security_struct *sksec = sock->sk->sk_security; |
4160 | u32 peer_sid = SECSID_NULL; | 4160 | u32 peer_sid = SECSID_NULL; |
4161 | 4161 | ||
4162 | if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || | 4162 | if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || |
4163 | sksec->sclass == SECCLASS_TCP_SOCKET) | 4163 | sksec->sclass == SECCLASS_TCP_SOCKET) |
4164 | peer_sid = sksec->peer_sid; | 4164 | peer_sid = sksec->peer_sid; |
4165 | if (peer_sid == SECSID_NULL) | 4165 | if (peer_sid == SECSID_NULL) |
4166 | return -ENOPROTOOPT; | 4166 | return -ENOPROTOOPT; |
4167 | 4167 | ||
4168 | err = security_sid_to_context(peer_sid, &scontext, &scontext_len); | 4168 | err = security_sid_to_context(peer_sid, &scontext, &scontext_len); |
4169 | if (err) | 4169 | if (err) |
4170 | return err; | 4170 | return err; |
4171 | 4171 | ||
4172 | if (scontext_len > len) { | 4172 | if (scontext_len > len) { |
4173 | err = -ERANGE; | 4173 | err = -ERANGE; |
4174 | goto out_len; | 4174 | goto out_len; |
4175 | } | 4175 | } |
4176 | 4176 | ||
4177 | if (copy_to_user(optval, scontext, scontext_len)) | 4177 | if (copy_to_user(optval, scontext, scontext_len)) |
4178 | err = -EFAULT; | 4178 | err = -EFAULT; |
4179 | 4179 | ||
4180 | out_len: | 4180 | out_len: |
4181 | if (put_user(scontext_len, optlen)) | 4181 | if (put_user(scontext_len, optlen)) |
4182 | err = -EFAULT; | 4182 | err = -EFAULT; |
4183 | kfree(scontext); | 4183 | kfree(scontext); |
4184 | return err; | 4184 | return err; |
4185 | } | 4185 | } |
4186 | 4186 | ||
4187 | static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) | 4187 | static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) |
4188 | { | 4188 | { |
4189 | u32 peer_secid = SECSID_NULL; | 4189 | u32 peer_secid = SECSID_NULL; |
4190 | u16 family; | 4190 | u16 family; |
4191 | 4191 | ||
4192 | if (skb && skb->protocol == htons(ETH_P_IP)) | 4192 | if (skb && skb->protocol == htons(ETH_P_IP)) |
4193 | family = PF_INET; | 4193 | family = PF_INET; |
4194 | else if (skb && skb->protocol == htons(ETH_P_IPV6)) | 4194 | else if (skb && skb->protocol == htons(ETH_P_IPV6)) |
4195 | family = PF_INET6; | 4195 | family = PF_INET6; |
4196 | else if (sock) | 4196 | else if (sock) |
4197 | family = sock->sk->sk_family; | 4197 | family = sock->sk->sk_family; |
4198 | else | 4198 | else |
4199 | goto out; | 4199 | goto out; |
4200 | 4200 | ||
4201 | if (sock && family == PF_UNIX) | 4201 | if (sock && family == PF_UNIX) |
4202 | selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid); | 4202 | selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid); |
4203 | else if (skb) | 4203 | else if (skb) |
4204 | selinux_skb_peerlbl_sid(skb, family, &peer_secid); | 4204 | selinux_skb_peerlbl_sid(skb, family, &peer_secid); |
4205 | 4205 | ||
4206 | out: | 4206 | out: |
4207 | *secid = peer_secid; | 4207 | *secid = peer_secid; |
4208 | if (peer_secid == SECSID_NULL) | 4208 | if (peer_secid == SECSID_NULL) |
4209 | return -EINVAL; | 4209 | return -EINVAL; |
4210 | return 0; | 4210 | return 0; |
4211 | } | 4211 | } |
4212 | 4212 | ||
4213 | static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) | 4213 | static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) |
4214 | { | 4214 | { |
4215 | struct sk_security_struct *sksec; | 4215 | struct sk_security_struct *sksec; |
4216 | 4216 | ||
4217 | sksec = kzalloc(sizeof(*sksec), priority); | 4217 | sksec = kzalloc(sizeof(*sksec), priority); |
4218 | if (!sksec) | 4218 | if (!sksec) |
4219 | return -ENOMEM; | 4219 | return -ENOMEM; |
4220 | 4220 | ||
4221 | sksec->peer_sid = SECINITSID_UNLABELED; | 4221 | sksec->peer_sid = SECINITSID_UNLABELED; |
4222 | sksec->sid = SECINITSID_UNLABELED; | 4222 | sksec->sid = SECINITSID_UNLABELED; |
4223 | selinux_netlbl_sk_security_reset(sksec); | 4223 | selinux_netlbl_sk_security_reset(sksec); |
4224 | sk->sk_security = sksec; | 4224 | sk->sk_security = sksec; |
4225 | 4225 | ||
4226 | return 0; | 4226 | return 0; |
4227 | } | 4227 | } |
4228 | 4228 | ||
4229 | static void selinux_sk_free_security(struct sock *sk) | 4229 | static void selinux_sk_free_security(struct sock *sk) |
4230 | { | 4230 | { |
4231 | struct sk_security_struct *sksec = sk->sk_security; | 4231 | struct sk_security_struct *sksec = sk->sk_security; |
4232 | 4232 | ||
4233 | sk->sk_security = NULL; | 4233 | sk->sk_security = NULL; |
4234 | selinux_netlbl_sk_security_free(sksec); | 4234 | selinux_netlbl_sk_security_free(sksec); |
4235 | kfree(sksec); | 4235 | kfree(sksec); |
4236 | } | 4236 | } |
4237 | 4237 | ||
4238 | static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) | 4238 | static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) |
4239 | { | 4239 | { |
4240 | struct sk_security_struct *sksec = sk->sk_security; | 4240 | struct sk_security_struct *sksec = sk->sk_security; |
4241 | struct sk_security_struct *newsksec = newsk->sk_security; | 4241 | struct sk_security_struct *newsksec = newsk->sk_security; |
4242 | 4242 | ||
4243 | newsksec->sid = sksec->sid; | 4243 | newsksec->sid = sksec->sid; |
4244 | newsksec->peer_sid = sksec->peer_sid; | 4244 | newsksec->peer_sid = sksec->peer_sid; |
4245 | newsksec->sclass = sksec->sclass; | 4245 | newsksec->sclass = sksec->sclass; |
4246 | 4246 | ||
4247 | selinux_netlbl_sk_security_reset(newsksec); | 4247 | selinux_netlbl_sk_security_reset(newsksec); |
4248 | } | 4248 | } |
4249 | 4249 | ||
4250 | static void selinux_sk_getsecid(struct sock *sk, u32 *secid) | 4250 | static void selinux_sk_getsecid(struct sock *sk, u32 *secid) |
4251 | { | 4251 | { |
4252 | if (!sk) | 4252 | if (!sk) |
4253 | *secid = SECINITSID_ANY_SOCKET; | 4253 | *secid = SECINITSID_ANY_SOCKET; |
4254 | else { | 4254 | else { |
4255 | struct sk_security_struct *sksec = sk->sk_security; | 4255 | struct sk_security_struct *sksec = sk->sk_security; |
4256 | 4256 | ||
4257 | *secid = sksec->sid; | 4257 | *secid = sksec->sid; |
4258 | } | 4258 | } |
4259 | } | 4259 | } |
4260 | 4260 | ||
4261 | static void selinux_sock_graft(struct sock *sk, struct socket *parent) | 4261 | static void selinux_sock_graft(struct sock *sk, struct socket *parent) |
4262 | { | 4262 | { |
4263 | struct inode_security_struct *isec = SOCK_INODE(parent)->i_security; | 4263 | struct inode_security_struct *isec = SOCK_INODE(parent)->i_security; |
4264 | struct sk_security_struct *sksec = sk->sk_security; | 4264 | struct sk_security_struct *sksec = sk->sk_security; |
4265 | 4265 | ||
4266 | if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || | 4266 | if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || |
4267 | sk->sk_family == PF_UNIX) | 4267 | sk->sk_family == PF_UNIX) |
4268 | isec->sid = sksec->sid; | 4268 | isec->sid = sksec->sid; |
4269 | sksec->sclass = isec->sclass; | 4269 | sksec->sclass = isec->sclass; |
4270 | } | 4270 | } |
4271 | 4271 | ||
4272 | static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb, | 4272 | static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb, |
4273 | struct request_sock *req) | 4273 | struct request_sock *req) |
4274 | { | 4274 | { |
4275 | struct sk_security_struct *sksec = sk->sk_security; | 4275 | struct sk_security_struct *sksec = sk->sk_security; |
4276 | int err; | 4276 | int err; |
4277 | u16 family = sk->sk_family; | 4277 | u16 family = sk->sk_family; |
4278 | u32 newsid; | 4278 | u32 newsid; |
4279 | u32 peersid; | 4279 | u32 peersid; |
4280 | 4280 | ||
4281 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ | 4281 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ |
4282 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) | 4282 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) |
4283 | family = PF_INET; | 4283 | family = PF_INET; |
4284 | 4284 | ||
4285 | err = selinux_skb_peerlbl_sid(skb, family, &peersid); | 4285 | err = selinux_skb_peerlbl_sid(skb, family, &peersid); |
4286 | if (err) | 4286 | if (err) |
4287 | return err; | 4287 | return err; |
4288 | if (peersid == SECSID_NULL) { | 4288 | if (peersid == SECSID_NULL) { |
4289 | req->secid = sksec->sid; | 4289 | req->secid = sksec->sid; |
4290 | req->peer_secid = SECSID_NULL; | 4290 | req->peer_secid = SECSID_NULL; |
4291 | } else { | 4291 | } else { |
4292 | err = security_sid_mls_copy(sksec->sid, peersid, &newsid); | 4292 | err = security_sid_mls_copy(sksec->sid, peersid, &newsid); |
4293 | if (err) | 4293 | if (err) |
4294 | return err; | 4294 | return err; |
4295 | req->secid = newsid; | 4295 | req->secid = newsid; |
4296 | req->peer_secid = peersid; | 4296 | req->peer_secid = peersid; |
4297 | } | 4297 | } |
4298 | 4298 | ||
4299 | return selinux_netlbl_inet_conn_request(req, family); | 4299 | return selinux_netlbl_inet_conn_request(req, family); |
4300 | } | 4300 | } |
4301 | 4301 | ||
4302 | static void selinux_inet_csk_clone(struct sock *newsk, | 4302 | static void selinux_inet_csk_clone(struct sock *newsk, |
4303 | const struct request_sock *req) | 4303 | const struct request_sock *req) |
4304 | { | 4304 | { |
4305 | struct sk_security_struct *newsksec = newsk->sk_security; | 4305 | struct sk_security_struct *newsksec = newsk->sk_security; |
4306 | 4306 | ||
4307 | newsksec->sid = req->secid; | 4307 | newsksec->sid = req->secid; |
4308 | newsksec->peer_sid = req->peer_secid; | 4308 | newsksec->peer_sid = req->peer_secid; |
4309 | /* NOTE: Ideally, we should also get the isec->sid for the | 4309 | /* NOTE: Ideally, we should also get the isec->sid for the |
4310 | new socket in sync, but we don't have the isec available yet. | 4310 | new socket in sync, but we don't have the isec available yet. |
4311 | So we will wait until sock_graft to do it, by which | 4311 | So we will wait until sock_graft to do it, by which |
4312 | time it will have been created and available. */ | 4312 | time it will have been created and available. */ |
4313 | 4313 | ||
4314 | /* We don't need to take any sort of lock here as we are the only | 4314 | /* We don't need to take any sort of lock here as we are the only |
4315 | * thread with access to newsksec */ | 4315 | * thread with access to newsksec */ |
4316 | selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family); | 4316 | selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family); |
4317 | } | 4317 | } |
4318 | 4318 | ||
4319 | static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) | 4319 | static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) |
4320 | { | 4320 | { |
4321 | u16 family = sk->sk_family; | 4321 | u16 family = sk->sk_family; |
4322 | struct sk_security_struct *sksec = sk->sk_security; | 4322 | struct sk_security_struct *sksec = sk->sk_security; |
4323 | 4323 | ||
4324 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ | 4324 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ |
4325 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) | 4325 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) |
4326 | family = PF_INET; | 4326 | family = PF_INET; |
4327 | 4327 | ||
4328 | selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid); | 4328 | selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid); |
4329 | } | 4329 | } |
4330 | 4330 | ||
4331 | static int selinux_secmark_relabel_packet(u32 sid) | 4331 | static int selinux_secmark_relabel_packet(u32 sid) |
4332 | { | 4332 | { |
4333 | const struct task_security_struct *__tsec; | 4333 | const struct task_security_struct *__tsec; |
4334 | u32 tsid; | 4334 | u32 tsid; |
4335 | 4335 | ||
4336 | __tsec = current_security(); | 4336 | __tsec = current_security(); |
4337 | tsid = __tsec->sid; | 4337 | tsid = __tsec->sid; |
4338 | 4338 | ||
4339 | return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL); | 4339 | return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL); |
4340 | } | 4340 | } |
4341 | 4341 | ||
4342 | static void selinux_secmark_refcount_inc(void) | 4342 | static void selinux_secmark_refcount_inc(void) |
4343 | { | 4343 | { |
4344 | atomic_inc(&selinux_secmark_refcount); | 4344 | atomic_inc(&selinux_secmark_refcount); |
4345 | } | 4345 | } |
4346 | 4346 | ||
4347 | static void selinux_secmark_refcount_dec(void) | 4347 | static void selinux_secmark_refcount_dec(void) |
4348 | { | 4348 | { |
4349 | atomic_dec(&selinux_secmark_refcount); | 4349 | atomic_dec(&selinux_secmark_refcount); |
4350 | } | 4350 | } |
4351 | 4351 | ||
4352 | static void selinux_req_classify_flow(const struct request_sock *req, | 4352 | static void selinux_req_classify_flow(const struct request_sock *req, |
4353 | struct flowi *fl) | 4353 | struct flowi *fl) |
4354 | { | 4354 | { |
4355 | fl->secid = req->secid; | 4355 | fl->secid = req->secid; |
4356 | } | 4356 | } |
4357 | 4357 | ||
4358 | static int selinux_tun_dev_create(void) | 4358 | static int selinux_tun_dev_create(void) |
4359 | { | 4359 | { |
4360 | u32 sid = current_sid(); | 4360 | u32 sid = current_sid(); |
4361 | 4361 | ||
4362 | /* we aren't taking into account the "sockcreate" SID since the socket | 4362 | /* we aren't taking into account the "sockcreate" SID since the socket |
4363 | * that is being created here is not a socket in the traditional sense, | 4363 | * that is being created here is not a socket in the traditional sense, |
4364 | * instead it is a private sock, accessible only to the kernel, and | 4364 | * instead it is a private sock, accessible only to the kernel, and |
4365 | * representing a wide range of network traffic spanning multiple | 4365 | * representing a wide range of network traffic spanning multiple |
4366 | * connections unlike traditional sockets - check the TUN driver to | 4366 | * connections unlike traditional sockets - check the TUN driver to |
4367 | * get a better understanding of why this socket is special */ | 4367 | * get a better understanding of why this socket is special */ |
4368 | 4368 | ||
4369 | return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, | 4369 | return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, |
4370 | NULL); | 4370 | NULL); |
4371 | } | 4371 | } |
4372 | 4372 | ||
4373 | static void selinux_tun_dev_post_create(struct sock *sk) | 4373 | static void selinux_tun_dev_post_create(struct sock *sk) |
4374 | { | 4374 | { |
4375 | struct sk_security_struct *sksec = sk->sk_security; | 4375 | struct sk_security_struct *sksec = sk->sk_security; |
4376 | 4376 | ||
4377 | /* we don't currently perform any NetLabel based labeling here and it | 4377 | /* we don't currently perform any NetLabel based labeling here and it |
4378 | * isn't clear that we would want to do so anyway; while we could apply | 4378 | * isn't clear that we would want to do so anyway; while we could apply |
4379 | * labeling without the support of the TUN user the resulting labeled | 4379 | * labeling without the support of the TUN user the resulting labeled |
4380 | * traffic from the other end of the connection would almost certainly | 4380 | * traffic from the other end of the connection would almost certainly |
4381 | * cause confusion to the TUN user that had no idea network labeling | 4381 | * cause confusion to the TUN user that had no idea network labeling |
4382 | * protocols were being used */ | 4382 | * protocols were being used */ |
4383 | 4383 | ||
4384 | /* see the comments in selinux_tun_dev_create() about why we don't use | 4384 | /* see the comments in selinux_tun_dev_create() about why we don't use |
4385 | * the sockcreate SID here */ | 4385 | * the sockcreate SID here */ |
4386 | 4386 | ||
4387 | sksec->sid = current_sid(); | 4387 | sksec->sid = current_sid(); |
4388 | sksec->sclass = SECCLASS_TUN_SOCKET; | 4388 | sksec->sclass = SECCLASS_TUN_SOCKET; |
4389 | } | 4389 | } |
4390 | 4390 | ||
4391 | static int selinux_tun_dev_attach(struct sock *sk) | 4391 | static int selinux_tun_dev_attach(struct sock *sk) |
4392 | { | 4392 | { |
4393 | struct sk_security_struct *sksec = sk->sk_security; | 4393 | struct sk_security_struct *sksec = sk->sk_security; |
4394 | u32 sid = current_sid(); | 4394 | u32 sid = current_sid(); |
4395 | int err; | 4395 | int err; |
4396 | 4396 | ||
4397 | err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET, | 4397 | err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET, |
4398 | TUN_SOCKET__RELABELFROM, NULL); | 4398 | TUN_SOCKET__RELABELFROM, NULL); |
4399 | if (err) | 4399 | if (err) |
4400 | return err; | 4400 | return err; |
4401 | err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, | 4401 | err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, |
4402 | TUN_SOCKET__RELABELTO, NULL); | 4402 | TUN_SOCKET__RELABELTO, NULL); |
4403 | if (err) | 4403 | if (err) |
4404 | return err; | 4404 | return err; |
4405 | 4405 | ||
4406 | sksec->sid = sid; | 4406 | sksec->sid = sid; |
4407 | 4407 | ||
4408 | return 0; | 4408 | return 0; |
4409 | } | 4409 | } |
4410 | 4410 | ||
4411 | static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) | 4411 | static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) |
4412 | { | 4412 | { |
4413 | int err = 0; | 4413 | int err = 0; |
4414 | u32 perm; | 4414 | u32 perm; |
4415 | struct nlmsghdr *nlh; | 4415 | struct nlmsghdr *nlh; |
4416 | struct sk_security_struct *sksec = sk->sk_security; | 4416 | struct sk_security_struct *sksec = sk->sk_security; |
4417 | 4417 | ||
4418 | if (skb->len < NLMSG_SPACE(0)) { | 4418 | if (skb->len < NLMSG_SPACE(0)) { |
4419 | err = -EINVAL; | 4419 | err = -EINVAL; |
4420 | goto out; | 4420 | goto out; |
4421 | } | 4421 | } |
4422 | nlh = nlmsg_hdr(skb); | 4422 | nlh = nlmsg_hdr(skb); |
4423 | 4423 | ||
4424 | err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); | 4424 | err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); |
4425 | if (err) { | 4425 | if (err) { |
4426 | if (err == -EINVAL) { | 4426 | if (err == -EINVAL) { |
4427 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR, | 4427 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR, |
4428 | "SELinux: unrecognized netlink message" | 4428 | "SELinux: unrecognized netlink message" |
4429 | " type=%hu for sclass=%hu\n", | 4429 | " type=%hu for sclass=%hu\n", |
4430 | nlh->nlmsg_type, sksec->sclass); | 4430 | nlh->nlmsg_type, sksec->sclass); |
4431 | if (!selinux_enforcing || security_get_allow_unknown()) | 4431 | if (!selinux_enforcing || security_get_allow_unknown()) |
4432 | err = 0; | 4432 | err = 0; |
4433 | } | 4433 | } |
4434 | 4434 | ||
4435 | /* Ignore */ | 4435 | /* Ignore */ |
4436 | if (err == -ENOENT) | 4436 | if (err == -ENOENT) |
4437 | err = 0; | 4437 | err = 0; |
4438 | goto out; | 4438 | goto out; |
4439 | } | 4439 | } |
4440 | 4440 | ||
4441 | err = sock_has_perm(current, sk, perm); | 4441 | err = sock_has_perm(current, sk, perm); |
4442 | out: | 4442 | out: |
4443 | return err; | 4443 | return err; |
4444 | } | 4444 | } |
4445 | 4445 | ||
4446 | #ifdef CONFIG_NETFILTER | 4446 | #ifdef CONFIG_NETFILTER |
4447 | 4447 | ||
4448 | static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex, | 4448 | static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex, |
4449 | u16 family) | 4449 | u16 family) |
4450 | { | 4450 | { |
4451 | int err; | 4451 | int err; |
4452 | char *addrp; | 4452 | char *addrp; |
4453 | u32 peer_sid; | 4453 | u32 peer_sid; |
4454 | struct common_audit_data ad; | 4454 | struct common_audit_data ad; |
4455 | u8 secmark_active; | 4455 | u8 secmark_active; |
4456 | u8 netlbl_active; | 4456 | u8 netlbl_active; |
4457 | u8 peerlbl_active; | 4457 | u8 peerlbl_active; |
4458 | 4458 | ||
4459 | if (!selinux_policycap_netpeer) | 4459 | if (!selinux_policycap_netpeer) |
4460 | return NF_ACCEPT; | 4460 | return NF_ACCEPT; |
4461 | 4461 | ||
4462 | secmark_active = selinux_secmark_enabled(); | 4462 | secmark_active = selinux_secmark_enabled(); |
4463 | netlbl_active = netlbl_enabled(); | 4463 | netlbl_active = netlbl_enabled(); |
4464 | peerlbl_active = netlbl_active || selinux_xfrm_enabled(); | 4464 | peerlbl_active = netlbl_active || selinux_xfrm_enabled(); |
4465 | if (!secmark_active && !peerlbl_active) | 4465 | if (!secmark_active && !peerlbl_active) |
4466 | return NF_ACCEPT; | 4466 | return NF_ACCEPT; |
4467 | 4467 | ||
4468 | if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) | 4468 | if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) |
4469 | return NF_DROP; | 4469 | return NF_DROP; |
4470 | 4470 | ||
4471 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 4471 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4472 | ad.u.net.netif = ifindex; | 4472 | ad.u.net.netif = ifindex; |
4473 | ad.u.net.family = family; | 4473 | ad.u.net.family = family; |
4474 | if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0) | 4474 | if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0) |
4475 | return NF_DROP; | 4475 | return NF_DROP; |
4476 | 4476 | ||
4477 | if (peerlbl_active) { | 4477 | if (peerlbl_active) { |
4478 | err = selinux_inet_sys_rcv_skb(ifindex, addrp, family, | 4478 | err = selinux_inet_sys_rcv_skb(ifindex, addrp, family, |
4479 | peer_sid, &ad); | 4479 | peer_sid, &ad); |
4480 | if (err) { | 4480 | if (err) { |
4481 | selinux_netlbl_err(skb, err, 1); | 4481 | selinux_netlbl_err(skb, err, 1); |
4482 | return NF_DROP; | 4482 | return NF_DROP; |
4483 | } | 4483 | } |
4484 | } | 4484 | } |
4485 | 4485 | ||
4486 | if (secmark_active) | 4486 | if (secmark_active) |
4487 | if (avc_has_perm(peer_sid, skb->secmark, | 4487 | if (avc_has_perm(peer_sid, skb->secmark, |
4488 | SECCLASS_PACKET, PACKET__FORWARD_IN, &ad)) | 4488 | SECCLASS_PACKET, PACKET__FORWARD_IN, &ad)) |
4489 | return NF_DROP; | 4489 | return NF_DROP; |
4490 | 4490 | ||
4491 | if (netlbl_active) | 4491 | if (netlbl_active) |
4492 | /* we do this in the FORWARD path and not the POST_ROUTING | 4492 | /* we do this in the FORWARD path and not the POST_ROUTING |
4493 | * path because we want to make sure we apply the necessary | 4493 | * path because we want to make sure we apply the necessary |
4494 | * labeling before IPsec is applied so we can leverage AH | 4494 | * labeling before IPsec is applied so we can leverage AH |
4495 | * protection */ | 4495 | * protection */ |
4496 | if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0) | 4496 | if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0) |
4497 | return NF_DROP; | 4497 | return NF_DROP; |
4498 | 4498 | ||
4499 | return NF_ACCEPT; | 4499 | return NF_ACCEPT; |
4500 | } | 4500 | } |
4501 | 4501 | ||
4502 | static unsigned int selinux_ipv4_forward(unsigned int hooknum, | 4502 | static unsigned int selinux_ipv4_forward(unsigned int hooknum, |
4503 | struct sk_buff *skb, | 4503 | struct sk_buff *skb, |
4504 | const struct net_device *in, | 4504 | const struct net_device *in, |
4505 | const struct net_device *out, | 4505 | const struct net_device *out, |
4506 | int (*okfn)(struct sk_buff *)) | 4506 | int (*okfn)(struct sk_buff *)) |
4507 | { | 4507 | { |
4508 | return selinux_ip_forward(skb, in->ifindex, PF_INET); | 4508 | return selinux_ip_forward(skb, in->ifindex, PF_INET); |
4509 | } | 4509 | } |
4510 | 4510 | ||
4511 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 4511 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
4512 | static unsigned int selinux_ipv6_forward(unsigned int hooknum, | 4512 | static unsigned int selinux_ipv6_forward(unsigned int hooknum, |
4513 | struct sk_buff *skb, | 4513 | struct sk_buff *skb, |
4514 | const struct net_device *in, | 4514 | const struct net_device *in, |
4515 | const struct net_device *out, | 4515 | const struct net_device *out, |
4516 | int (*okfn)(struct sk_buff *)) | 4516 | int (*okfn)(struct sk_buff *)) |
4517 | { | 4517 | { |
4518 | return selinux_ip_forward(skb, in->ifindex, PF_INET6); | 4518 | return selinux_ip_forward(skb, in->ifindex, PF_INET6); |
4519 | } | 4519 | } |
4520 | #endif /* IPV6 */ | 4520 | #endif /* IPV6 */ |
4521 | 4521 | ||
4522 | static unsigned int selinux_ip_output(struct sk_buff *skb, | 4522 | static unsigned int selinux_ip_output(struct sk_buff *skb, |
4523 | u16 family) | 4523 | u16 family) |
4524 | { | 4524 | { |
4525 | u32 sid; | 4525 | u32 sid; |
4526 | 4526 | ||
4527 | if (!netlbl_enabled()) | 4527 | if (!netlbl_enabled()) |
4528 | return NF_ACCEPT; | 4528 | return NF_ACCEPT; |
4529 | 4529 | ||
4530 | /* we do this in the LOCAL_OUT path and not the POST_ROUTING path | 4530 | /* we do this in the LOCAL_OUT path and not the POST_ROUTING path |
4531 | * because we want to make sure we apply the necessary labeling | 4531 | * because we want to make sure we apply the necessary labeling |
4532 | * before IPsec is applied so we can leverage AH protection */ | 4532 | * before IPsec is applied so we can leverage AH protection */ |
4533 | if (skb->sk) { | 4533 | if (skb->sk) { |
4534 | struct sk_security_struct *sksec = skb->sk->sk_security; | 4534 | struct sk_security_struct *sksec = skb->sk->sk_security; |
4535 | sid = sksec->sid; | 4535 | sid = sksec->sid; |
4536 | } else | 4536 | } else |
4537 | sid = SECINITSID_KERNEL; | 4537 | sid = SECINITSID_KERNEL; |
4538 | if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0) | 4538 | if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0) |
4539 | return NF_DROP; | 4539 | return NF_DROP; |
4540 | 4540 | ||
4541 | return NF_ACCEPT; | 4541 | return NF_ACCEPT; |
4542 | } | 4542 | } |
4543 | 4543 | ||
4544 | static unsigned int selinux_ipv4_output(unsigned int hooknum, | 4544 | static unsigned int selinux_ipv4_output(unsigned int hooknum, |
4545 | struct sk_buff *skb, | 4545 | struct sk_buff *skb, |
4546 | const struct net_device *in, | 4546 | const struct net_device *in, |
4547 | const struct net_device *out, | 4547 | const struct net_device *out, |
4548 | int (*okfn)(struct sk_buff *)) | 4548 | int (*okfn)(struct sk_buff *)) |
4549 | { | 4549 | { |
4550 | return selinux_ip_output(skb, PF_INET); | 4550 | return selinux_ip_output(skb, PF_INET); |
4551 | } | 4551 | } |
4552 | 4552 | ||
4553 | static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, | 4553 | static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, |
4554 | int ifindex, | 4554 | int ifindex, |
4555 | u16 family) | 4555 | u16 family) |
4556 | { | 4556 | { |
4557 | struct sock *sk = skb->sk; | 4557 | struct sock *sk = skb->sk; |
4558 | struct sk_security_struct *sksec; | 4558 | struct sk_security_struct *sksec; |
4559 | struct common_audit_data ad; | 4559 | struct common_audit_data ad; |
4560 | char *addrp; | 4560 | char *addrp; |
4561 | u8 proto; | 4561 | u8 proto; |
4562 | 4562 | ||
4563 | if (sk == NULL) | 4563 | if (sk == NULL) |
4564 | return NF_ACCEPT; | 4564 | return NF_ACCEPT; |
4565 | sksec = sk->sk_security; | 4565 | sksec = sk->sk_security; |
4566 | 4566 | ||
4567 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 4567 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4568 | ad.u.net.netif = ifindex; | 4568 | ad.u.net.netif = ifindex; |
4569 | ad.u.net.family = family; | 4569 | ad.u.net.family = family; |
4570 | if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) | 4570 | if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) |
4571 | return NF_DROP; | 4571 | return NF_DROP; |
4572 | 4572 | ||
4573 | if (selinux_secmark_enabled()) | 4573 | if (selinux_secmark_enabled()) |
4574 | if (avc_has_perm(sksec->sid, skb->secmark, | 4574 | if (avc_has_perm(sksec->sid, skb->secmark, |
4575 | SECCLASS_PACKET, PACKET__SEND, &ad)) | 4575 | SECCLASS_PACKET, PACKET__SEND, &ad)) |
4576 | return NF_DROP_ERR(-ECONNREFUSED); | 4576 | return NF_DROP_ERR(-ECONNREFUSED); |
4577 | 4577 | ||
4578 | if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) | 4578 | if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) |
4579 | return NF_DROP_ERR(-ECONNREFUSED); | 4579 | return NF_DROP_ERR(-ECONNREFUSED); |
4580 | 4580 | ||
4581 | return NF_ACCEPT; | 4581 | return NF_ACCEPT; |
4582 | } | 4582 | } |
4583 | 4583 | ||
4584 | static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, | 4584 | static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, |
4585 | u16 family) | 4585 | u16 family) |
4586 | { | 4586 | { |
4587 | u32 secmark_perm; | 4587 | u32 secmark_perm; |
4588 | u32 peer_sid; | 4588 | u32 peer_sid; |
4589 | struct sock *sk; | 4589 | struct sock *sk; |
4590 | struct common_audit_data ad; | 4590 | struct common_audit_data ad; |
4591 | char *addrp; | 4591 | char *addrp; |
4592 | u8 secmark_active; | 4592 | u8 secmark_active; |
4593 | u8 peerlbl_active; | 4593 | u8 peerlbl_active; |
4594 | 4594 | ||
4595 | /* If any sort of compatibility mode is enabled then handoff processing | 4595 | /* If any sort of compatibility mode is enabled then handoff processing |
4596 | * to the selinux_ip_postroute_compat() function to deal with the | 4596 | * to the selinux_ip_postroute_compat() function to deal with the |
4597 | * special handling. We do this in an attempt to keep this function | 4597 | * special handling. We do this in an attempt to keep this function |
4598 | * as fast and as clean as possible. */ | 4598 | * as fast and as clean as possible. */ |
4599 | if (!selinux_policycap_netpeer) | 4599 | if (!selinux_policycap_netpeer) |
4600 | return selinux_ip_postroute_compat(skb, ifindex, family); | 4600 | return selinux_ip_postroute_compat(skb, ifindex, family); |
4601 | #ifdef CONFIG_XFRM | 4601 | #ifdef CONFIG_XFRM |
4602 | /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec | 4602 | /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec |
4603 | * packet transformation so allow the packet to pass without any checks | 4603 | * packet transformation so allow the packet to pass without any checks |
4604 | * since we'll have another chance to perform access control checks | 4604 | * since we'll have another chance to perform access control checks |
4605 | * when the packet is on it's final way out. | 4605 | * when the packet is on it's final way out. |
4606 | * NOTE: there appear to be some IPv6 multicast cases where skb->dst | 4606 | * NOTE: there appear to be some IPv6 multicast cases where skb->dst |
4607 | * is NULL, in this case go ahead and apply access control. */ | 4607 | * is NULL, in this case go ahead and apply access control. */ |
4608 | if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL) | 4608 | if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL) |
4609 | return NF_ACCEPT; | 4609 | return NF_ACCEPT; |
4610 | #endif | 4610 | #endif |
4611 | secmark_active = selinux_secmark_enabled(); | 4611 | secmark_active = selinux_secmark_enabled(); |
4612 | peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); | 4612 | peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); |
4613 | if (!secmark_active && !peerlbl_active) | 4613 | if (!secmark_active && !peerlbl_active) |
4614 | return NF_ACCEPT; | 4614 | return NF_ACCEPT; |
4615 | 4615 | ||
4616 | /* if the packet is being forwarded then get the peer label from the | 4616 | /* if the packet is being forwarded then get the peer label from the |
4617 | * packet itself; otherwise check to see if it is from a local | 4617 | * packet itself; otherwise check to see if it is from a local |
4618 | * application or the kernel, if from an application get the peer label | 4618 | * application or the kernel, if from an application get the peer label |
4619 | * from the sending socket, otherwise use the kernel's sid */ | 4619 | * from the sending socket, otherwise use the kernel's sid */ |
4620 | sk = skb->sk; | 4620 | sk = skb->sk; |
4621 | if (sk == NULL) { | 4621 | if (sk == NULL) { |
4622 | if (skb->skb_iif) { | 4622 | if (skb->skb_iif) { |
4623 | secmark_perm = PACKET__FORWARD_OUT; | 4623 | secmark_perm = PACKET__FORWARD_OUT; |
4624 | if (selinux_skb_peerlbl_sid(skb, family, &peer_sid)) | 4624 | if (selinux_skb_peerlbl_sid(skb, family, &peer_sid)) |
4625 | return NF_DROP; | 4625 | return NF_DROP; |
4626 | } else { | 4626 | } else { |
4627 | secmark_perm = PACKET__SEND; | 4627 | secmark_perm = PACKET__SEND; |
4628 | peer_sid = SECINITSID_KERNEL; | 4628 | peer_sid = SECINITSID_KERNEL; |
4629 | } | 4629 | } |
4630 | } else { | 4630 | } else { |
4631 | struct sk_security_struct *sksec = sk->sk_security; | 4631 | struct sk_security_struct *sksec = sk->sk_security; |
4632 | peer_sid = sksec->sid; | 4632 | peer_sid = sksec->sid; |
4633 | secmark_perm = PACKET__SEND; | 4633 | secmark_perm = PACKET__SEND; |
4634 | } | 4634 | } |
4635 | 4635 | ||
4636 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 4636 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4637 | ad.u.net.netif = ifindex; | 4637 | ad.u.net.netif = ifindex; |
4638 | ad.u.net.family = family; | 4638 | ad.u.net.family = family; |
4639 | if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) | 4639 | if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) |
4640 | return NF_DROP; | 4640 | return NF_DROP; |
4641 | 4641 | ||
4642 | if (secmark_active) | 4642 | if (secmark_active) |
4643 | if (avc_has_perm(peer_sid, skb->secmark, | 4643 | if (avc_has_perm(peer_sid, skb->secmark, |
4644 | SECCLASS_PACKET, secmark_perm, &ad)) | 4644 | SECCLASS_PACKET, secmark_perm, &ad)) |
4645 | return NF_DROP_ERR(-ECONNREFUSED); | 4645 | return NF_DROP_ERR(-ECONNREFUSED); |
4646 | 4646 | ||
4647 | if (peerlbl_active) { | 4647 | if (peerlbl_active) { |
4648 | u32 if_sid; | 4648 | u32 if_sid; |
4649 | u32 node_sid; | 4649 | u32 node_sid; |
4650 | 4650 | ||
4651 | if (sel_netif_sid(ifindex, &if_sid)) | 4651 | if (sel_netif_sid(ifindex, &if_sid)) |
4652 | return NF_DROP; | 4652 | return NF_DROP; |
4653 | if (avc_has_perm(peer_sid, if_sid, | 4653 | if (avc_has_perm(peer_sid, if_sid, |
4654 | SECCLASS_NETIF, NETIF__EGRESS, &ad)) | 4654 | SECCLASS_NETIF, NETIF__EGRESS, &ad)) |
4655 | return NF_DROP_ERR(-ECONNREFUSED); | 4655 | return NF_DROP_ERR(-ECONNREFUSED); |
4656 | 4656 | ||
4657 | if (sel_netnode_sid(addrp, family, &node_sid)) | 4657 | if (sel_netnode_sid(addrp, family, &node_sid)) |
4658 | return NF_DROP; | 4658 | return NF_DROP; |
4659 | if (avc_has_perm(peer_sid, node_sid, | 4659 | if (avc_has_perm(peer_sid, node_sid, |
4660 | SECCLASS_NODE, NODE__SENDTO, &ad)) | 4660 | SECCLASS_NODE, NODE__SENDTO, &ad)) |
4661 | return NF_DROP_ERR(-ECONNREFUSED); | 4661 | return NF_DROP_ERR(-ECONNREFUSED); |
4662 | } | 4662 | } |
4663 | 4663 | ||
4664 | return NF_ACCEPT; | 4664 | return NF_ACCEPT; |
4665 | } | 4665 | } |
4666 | 4666 | ||
4667 | static unsigned int selinux_ipv4_postroute(unsigned int hooknum, | 4667 | static unsigned int selinux_ipv4_postroute(unsigned int hooknum, |
4668 | struct sk_buff *skb, | 4668 | struct sk_buff *skb, |
4669 | const struct net_device *in, | 4669 | const struct net_device *in, |
4670 | const struct net_device *out, | 4670 | const struct net_device *out, |
4671 | int (*okfn)(struct sk_buff *)) | 4671 | int (*okfn)(struct sk_buff *)) |
4672 | { | 4672 | { |
4673 | return selinux_ip_postroute(skb, out->ifindex, PF_INET); | 4673 | return selinux_ip_postroute(skb, out->ifindex, PF_INET); |
4674 | } | 4674 | } |
4675 | 4675 | ||
4676 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 4676 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
4677 | static unsigned int selinux_ipv6_postroute(unsigned int hooknum, | 4677 | static unsigned int selinux_ipv6_postroute(unsigned int hooknum, |
4678 | struct sk_buff *skb, | 4678 | struct sk_buff *skb, |
4679 | const struct net_device *in, | 4679 | const struct net_device *in, |
4680 | const struct net_device *out, | 4680 | const struct net_device *out, |
4681 | int (*okfn)(struct sk_buff *)) | 4681 | int (*okfn)(struct sk_buff *)) |
4682 | { | 4682 | { |
4683 | return selinux_ip_postroute(skb, out->ifindex, PF_INET6); | 4683 | return selinux_ip_postroute(skb, out->ifindex, PF_INET6); |
4684 | } | 4684 | } |
4685 | #endif /* IPV6 */ | 4685 | #endif /* IPV6 */ |
4686 | 4686 | ||
4687 | #endif /* CONFIG_NETFILTER */ | 4687 | #endif /* CONFIG_NETFILTER */ |
4688 | 4688 | ||
4689 | static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) | 4689 | static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) |
4690 | { | 4690 | { |
4691 | int err; | 4691 | int err; |
4692 | 4692 | ||
4693 | err = cap_netlink_send(sk, skb); | 4693 | err = cap_netlink_send(sk, skb); |
4694 | if (err) | 4694 | if (err) |
4695 | return err; | 4695 | return err; |
4696 | 4696 | ||
4697 | return selinux_nlmsg_perm(sk, skb); | 4697 | return selinux_nlmsg_perm(sk, skb); |
4698 | } | 4698 | } |
4699 | 4699 | ||
4700 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) | 4700 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) |
4701 | { | 4701 | { |
4702 | int err; | 4702 | int err; |
4703 | struct common_audit_data ad; | 4703 | struct common_audit_data ad; |
4704 | 4704 | ||
4705 | err = cap_netlink_recv(skb, capability); | 4705 | err = cap_netlink_recv(skb, capability); |
4706 | if (err) | 4706 | if (err) |
4707 | return err; | 4707 | return err; |
4708 | 4708 | ||
4709 | COMMON_AUDIT_DATA_INIT(&ad, CAP); | 4709 | COMMON_AUDIT_DATA_INIT(&ad, CAP); |
4710 | ad.u.cap = capability; | 4710 | ad.u.cap = capability; |
4711 | 4711 | ||
4712 | return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, | 4712 | return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, |
4713 | SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad); | 4713 | SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad); |
4714 | } | 4714 | } |
4715 | 4715 | ||
4716 | static int ipc_alloc_security(struct task_struct *task, | 4716 | static int ipc_alloc_security(struct task_struct *task, |
4717 | struct kern_ipc_perm *perm, | 4717 | struct kern_ipc_perm *perm, |
4718 | u16 sclass) | 4718 | u16 sclass) |
4719 | { | 4719 | { |
4720 | struct ipc_security_struct *isec; | 4720 | struct ipc_security_struct *isec; |
4721 | u32 sid; | 4721 | u32 sid; |
4722 | 4722 | ||
4723 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); | 4723 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); |
4724 | if (!isec) | 4724 | if (!isec) |
4725 | return -ENOMEM; | 4725 | return -ENOMEM; |
4726 | 4726 | ||
4727 | sid = task_sid(task); | 4727 | sid = task_sid(task); |
4728 | isec->sclass = sclass; | 4728 | isec->sclass = sclass; |
4729 | isec->sid = sid; | 4729 | isec->sid = sid; |
4730 | perm->security = isec; | 4730 | perm->security = isec; |
4731 | 4731 | ||
4732 | return 0; | 4732 | return 0; |
4733 | } | 4733 | } |
4734 | 4734 | ||
4735 | static void ipc_free_security(struct kern_ipc_perm *perm) | 4735 | static void ipc_free_security(struct kern_ipc_perm *perm) |
4736 | { | 4736 | { |
4737 | struct ipc_security_struct *isec = perm->security; | 4737 | struct ipc_security_struct *isec = perm->security; |
4738 | perm->security = NULL; | 4738 | perm->security = NULL; |
4739 | kfree(isec); | 4739 | kfree(isec); |
4740 | } | 4740 | } |
4741 | 4741 | ||
4742 | static int msg_msg_alloc_security(struct msg_msg *msg) | 4742 | static int msg_msg_alloc_security(struct msg_msg *msg) |
4743 | { | 4743 | { |
4744 | struct msg_security_struct *msec; | 4744 | struct msg_security_struct *msec; |
4745 | 4745 | ||
4746 | msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL); | 4746 | msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL); |
4747 | if (!msec) | 4747 | if (!msec) |
4748 | return -ENOMEM; | 4748 | return -ENOMEM; |
4749 | 4749 | ||
4750 | msec->sid = SECINITSID_UNLABELED; | 4750 | msec->sid = SECINITSID_UNLABELED; |
4751 | msg->security = msec; | 4751 | msg->security = msec; |
4752 | 4752 | ||
4753 | return 0; | 4753 | return 0; |
4754 | } | 4754 | } |
4755 | 4755 | ||
4756 | static void msg_msg_free_security(struct msg_msg *msg) | 4756 | static void msg_msg_free_security(struct msg_msg *msg) |
4757 | { | 4757 | { |
4758 | struct msg_security_struct *msec = msg->security; | 4758 | struct msg_security_struct *msec = msg->security; |
4759 | 4759 | ||
4760 | msg->security = NULL; | 4760 | msg->security = NULL; |
4761 | kfree(msec); | 4761 | kfree(msec); |
4762 | } | 4762 | } |
4763 | 4763 | ||
4764 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | 4764 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, |
4765 | u32 perms) | 4765 | u32 perms) |
4766 | { | 4766 | { |
4767 | struct ipc_security_struct *isec; | 4767 | struct ipc_security_struct *isec; |
4768 | struct common_audit_data ad; | 4768 | struct common_audit_data ad; |
4769 | u32 sid = current_sid(); | 4769 | u32 sid = current_sid(); |
4770 | 4770 | ||
4771 | isec = ipc_perms->security; | 4771 | isec = ipc_perms->security; |
4772 | 4772 | ||
4773 | COMMON_AUDIT_DATA_INIT(&ad, IPC); | 4773 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4774 | ad.u.ipc_id = ipc_perms->key; | 4774 | ad.u.ipc_id = ipc_perms->key; |
4775 | 4775 | ||
4776 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); | 4776 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
4777 | } | 4777 | } |
4778 | 4778 | ||
4779 | static int selinux_msg_msg_alloc_security(struct msg_msg *msg) | 4779 | static int selinux_msg_msg_alloc_security(struct msg_msg *msg) |
4780 | { | 4780 | { |
4781 | return msg_msg_alloc_security(msg); | 4781 | return msg_msg_alloc_security(msg); |
4782 | } | 4782 | } |
4783 | 4783 | ||
4784 | static void selinux_msg_msg_free_security(struct msg_msg *msg) | 4784 | static void selinux_msg_msg_free_security(struct msg_msg *msg) |
4785 | { | 4785 | { |
4786 | msg_msg_free_security(msg); | 4786 | msg_msg_free_security(msg); |
4787 | } | 4787 | } |
4788 | 4788 | ||
4789 | /* message queue security operations */ | 4789 | /* message queue security operations */ |
4790 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) | 4790 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) |
4791 | { | 4791 | { |
4792 | struct ipc_security_struct *isec; | 4792 | struct ipc_security_struct *isec; |
4793 | struct common_audit_data ad; | 4793 | struct common_audit_data ad; |
4794 | u32 sid = current_sid(); | 4794 | u32 sid = current_sid(); |
4795 | int rc; | 4795 | int rc; |
4796 | 4796 | ||
4797 | rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); | 4797 | rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); |
4798 | if (rc) | 4798 | if (rc) |
4799 | return rc; | 4799 | return rc; |
4800 | 4800 | ||
4801 | isec = msq->q_perm.security; | 4801 | isec = msq->q_perm.security; |
4802 | 4802 | ||
4803 | COMMON_AUDIT_DATA_INIT(&ad, IPC); | 4803 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4804 | ad.u.ipc_id = msq->q_perm.key; | 4804 | ad.u.ipc_id = msq->q_perm.key; |
4805 | 4805 | ||
4806 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, | 4806 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4807 | MSGQ__CREATE, &ad); | 4807 | MSGQ__CREATE, &ad); |
4808 | if (rc) { | 4808 | if (rc) { |
4809 | ipc_free_security(&msq->q_perm); | 4809 | ipc_free_security(&msq->q_perm); |
4810 | return rc; | 4810 | return rc; |
4811 | } | 4811 | } |
4812 | return 0; | 4812 | return 0; |
4813 | } | 4813 | } |
4814 | 4814 | ||
4815 | static void selinux_msg_queue_free_security(struct msg_queue *msq) | 4815 | static void selinux_msg_queue_free_security(struct msg_queue *msq) |
4816 | { | 4816 | { |
4817 | ipc_free_security(&msq->q_perm); | 4817 | ipc_free_security(&msq->q_perm); |
4818 | } | 4818 | } |
4819 | 4819 | ||
4820 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) | 4820 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) |
4821 | { | 4821 | { |
4822 | struct ipc_security_struct *isec; | 4822 | struct ipc_security_struct *isec; |
4823 | struct common_audit_data ad; | 4823 | struct common_audit_data ad; |
4824 | u32 sid = current_sid(); | 4824 | u32 sid = current_sid(); |
4825 | 4825 | ||
4826 | isec = msq->q_perm.security; | 4826 | isec = msq->q_perm.security; |
4827 | 4827 | ||
4828 | COMMON_AUDIT_DATA_INIT(&ad, IPC); | 4828 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4829 | ad.u.ipc_id = msq->q_perm.key; | 4829 | ad.u.ipc_id = msq->q_perm.key; |
4830 | 4830 | ||
4831 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, | 4831 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4832 | MSGQ__ASSOCIATE, &ad); | 4832 | MSGQ__ASSOCIATE, &ad); |
4833 | } | 4833 | } |
4834 | 4834 | ||
4835 | static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) | 4835 | static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) |
4836 | { | 4836 | { |
4837 | int err; | 4837 | int err; |
4838 | int perms; | 4838 | int perms; |
4839 | 4839 | ||
4840 | switch (cmd) { | 4840 | switch (cmd) { |
4841 | case IPC_INFO: | 4841 | case IPC_INFO: |
4842 | case MSG_INFO: | 4842 | case MSG_INFO: |
4843 | /* No specific object, just general system-wide information. */ | 4843 | /* No specific object, just general system-wide information. */ |
4844 | return task_has_system(current, SYSTEM__IPC_INFO); | 4844 | return task_has_system(current, SYSTEM__IPC_INFO); |
4845 | case IPC_STAT: | 4845 | case IPC_STAT: |
4846 | case MSG_STAT: | 4846 | case MSG_STAT: |
4847 | perms = MSGQ__GETATTR | MSGQ__ASSOCIATE; | 4847 | perms = MSGQ__GETATTR | MSGQ__ASSOCIATE; |
4848 | break; | 4848 | break; |
4849 | case IPC_SET: | 4849 | case IPC_SET: |
4850 | perms = MSGQ__SETATTR; | 4850 | perms = MSGQ__SETATTR; |
4851 | break; | 4851 | break; |
4852 | case IPC_RMID: | 4852 | case IPC_RMID: |
4853 | perms = MSGQ__DESTROY; | 4853 | perms = MSGQ__DESTROY; |
4854 | break; | 4854 | break; |
4855 | default: | 4855 | default: |
4856 | return 0; | 4856 | return 0; |
4857 | } | 4857 | } |
4858 | 4858 | ||
4859 | err = ipc_has_perm(&msq->q_perm, perms); | 4859 | err = ipc_has_perm(&msq->q_perm, perms); |
4860 | return err; | 4860 | return err; |
4861 | } | 4861 | } |
4862 | 4862 | ||
4863 | static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) | 4863 | static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) |
4864 | { | 4864 | { |
4865 | struct ipc_security_struct *isec; | 4865 | struct ipc_security_struct *isec; |
4866 | struct msg_security_struct *msec; | 4866 | struct msg_security_struct *msec; |
4867 | struct common_audit_data ad; | 4867 | struct common_audit_data ad; |
4868 | u32 sid = current_sid(); | 4868 | u32 sid = current_sid(); |
4869 | int rc; | 4869 | int rc; |
4870 | 4870 | ||
4871 | isec = msq->q_perm.security; | 4871 | isec = msq->q_perm.security; |
4872 | msec = msg->security; | 4872 | msec = msg->security; |
4873 | 4873 | ||
4874 | /* | 4874 | /* |
4875 | * First time through, need to assign label to the message | 4875 | * First time through, need to assign label to the message |
4876 | */ | 4876 | */ |
4877 | if (msec->sid == SECINITSID_UNLABELED) { | 4877 | if (msec->sid == SECINITSID_UNLABELED) { |
4878 | /* | 4878 | /* |
4879 | * Compute new sid based on current process and | 4879 | * Compute new sid based on current process and |
4880 | * message queue this message will be stored in | 4880 | * message queue this message will be stored in |
4881 | */ | 4881 | */ |
4882 | rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, | 4882 | rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, |
4883 | NULL, &msec->sid); | 4883 | NULL, &msec->sid); |
4884 | if (rc) | 4884 | if (rc) |
4885 | return rc; | 4885 | return rc; |
4886 | } | 4886 | } |
4887 | 4887 | ||
4888 | COMMON_AUDIT_DATA_INIT(&ad, IPC); | 4888 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4889 | ad.u.ipc_id = msq->q_perm.key; | 4889 | ad.u.ipc_id = msq->q_perm.key; |
4890 | 4890 | ||
4891 | /* Can this process write to the queue? */ | 4891 | /* Can this process write to the queue? */ |
4892 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, | 4892 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4893 | MSGQ__WRITE, &ad); | 4893 | MSGQ__WRITE, &ad); |
4894 | if (!rc) | 4894 | if (!rc) |
4895 | /* Can this process send the message */ | 4895 | /* Can this process send the message */ |
4896 | rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, | 4896 | rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, |
4897 | MSG__SEND, &ad); | 4897 | MSG__SEND, &ad); |
4898 | if (!rc) | 4898 | if (!rc) |
4899 | /* Can the message be put in the queue? */ | 4899 | /* Can the message be put in the queue? */ |
4900 | rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, | 4900 | rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, |
4901 | MSGQ__ENQUEUE, &ad); | 4901 | MSGQ__ENQUEUE, &ad); |
4902 | 4902 | ||
4903 | return rc; | 4903 | return rc; |
4904 | } | 4904 | } |
4905 | 4905 | ||
4906 | static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | 4906 | static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, |
4907 | struct task_struct *target, | 4907 | struct task_struct *target, |
4908 | long type, int mode) | 4908 | long type, int mode) |
4909 | { | 4909 | { |
4910 | struct ipc_security_struct *isec; | 4910 | struct ipc_security_struct *isec; |
4911 | struct msg_security_struct *msec; | 4911 | struct msg_security_struct *msec; |
4912 | struct common_audit_data ad; | 4912 | struct common_audit_data ad; |
4913 | u32 sid = task_sid(target); | 4913 | u32 sid = task_sid(target); |
4914 | int rc; | 4914 | int rc; |
4915 | 4915 | ||
4916 | isec = msq->q_perm.security; | 4916 | isec = msq->q_perm.security; |
4917 | msec = msg->security; | 4917 | msec = msg->security; |
4918 | 4918 | ||
4919 | COMMON_AUDIT_DATA_INIT(&ad, IPC); | 4919 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4920 | ad.u.ipc_id = msq->q_perm.key; | 4920 | ad.u.ipc_id = msq->q_perm.key; |
4921 | 4921 | ||
4922 | rc = avc_has_perm(sid, isec->sid, | 4922 | rc = avc_has_perm(sid, isec->sid, |
4923 | SECCLASS_MSGQ, MSGQ__READ, &ad); | 4923 | SECCLASS_MSGQ, MSGQ__READ, &ad); |
4924 | if (!rc) | 4924 | if (!rc) |
4925 | rc = avc_has_perm(sid, msec->sid, | 4925 | rc = avc_has_perm(sid, msec->sid, |
4926 | SECCLASS_MSG, MSG__RECEIVE, &ad); | 4926 | SECCLASS_MSG, MSG__RECEIVE, &ad); |
4927 | return rc; | 4927 | return rc; |
4928 | } | 4928 | } |
4929 | 4929 | ||
4930 | /* Shared Memory security operations */ | 4930 | /* Shared Memory security operations */ |
4931 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) | 4931 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) |
4932 | { | 4932 | { |
4933 | struct ipc_security_struct *isec; | 4933 | struct ipc_security_struct *isec; |
4934 | struct common_audit_data ad; | 4934 | struct common_audit_data ad; |
4935 | u32 sid = current_sid(); | 4935 | u32 sid = current_sid(); |
4936 | int rc; | 4936 | int rc; |
4937 | 4937 | ||
4938 | rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); | 4938 | rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); |
4939 | if (rc) | 4939 | if (rc) |
4940 | return rc; | 4940 | return rc; |
4941 | 4941 | ||
4942 | isec = shp->shm_perm.security; | 4942 | isec = shp->shm_perm.security; |
4943 | 4943 | ||
4944 | COMMON_AUDIT_DATA_INIT(&ad, IPC); | 4944 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4945 | ad.u.ipc_id = shp->shm_perm.key; | 4945 | ad.u.ipc_id = shp->shm_perm.key; |
4946 | 4946 | ||
4947 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, | 4947 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
4948 | SHM__CREATE, &ad); | 4948 | SHM__CREATE, &ad); |
4949 | if (rc) { | 4949 | if (rc) { |
4950 | ipc_free_security(&shp->shm_perm); | 4950 | ipc_free_security(&shp->shm_perm); |
4951 | return rc; | 4951 | return rc; |
4952 | } | 4952 | } |
4953 | return 0; | 4953 | return 0; |
4954 | } | 4954 | } |
4955 | 4955 | ||
4956 | static void selinux_shm_free_security(struct shmid_kernel *shp) | 4956 | static void selinux_shm_free_security(struct shmid_kernel *shp) |
4957 | { | 4957 | { |
4958 | ipc_free_security(&shp->shm_perm); | 4958 | ipc_free_security(&shp->shm_perm); |
4959 | } | 4959 | } |
4960 | 4960 | ||
4961 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) | 4961 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) |
4962 | { | 4962 | { |
4963 | struct ipc_security_struct *isec; | 4963 | struct ipc_security_struct *isec; |
4964 | struct common_audit_data ad; | 4964 | struct common_audit_data ad; |
4965 | u32 sid = current_sid(); | 4965 | u32 sid = current_sid(); |
4966 | 4966 | ||
4967 | isec = shp->shm_perm.security; | 4967 | isec = shp->shm_perm.security; |
4968 | 4968 | ||
4969 | COMMON_AUDIT_DATA_INIT(&ad, IPC); | 4969 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4970 | ad.u.ipc_id = shp->shm_perm.key; | 4970 | ad.u.ipc_id = shp->shm_perm.key; |
4971 | 4971 | ||
4972 | return avc_has_perm(sid, isec->sid, SECCLASS_SHM, | 4972 | return avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
4973 | SHM__ASSOCIATE, &ad); | 4973 | SHM__ASSOCIATE, &ad); |
4974 | } | 4974 | } |
4975 | 4975 | ||
4976 | /* Note, at this point, shp is locked down */ | 4976 | /* Note, at this point, shp is locked down */ |
4977 | static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd) | 4977 | static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd) |
4978 | { | 4978 | { |
4979 | int perms; | 4979 | int perms; |
4980 | int err; | 4980 | int err; |
4981 | 4981 | ||
4982 | switch (cmd) { | 4982 | switch (cmd) { |
4983 | case IPC_INFO: | 4983 | case IPC_INFO: |
4984 | case SHM_INFO: | 4984 | case SHM_INFO: |
4985 | /* No specific object, just general system-wide information. */ | 4985 | /* No specific object, just general system-wide information. */ |
4986 | return task_has_system(current, SYSTEM__IPC_INFO); | 4986 | return task_has_system(current, SYSTEM__IPC_INFO); |
4987 | case IPC_STAT: | 4987 | case IPC_STAT: |
4988 | case SHM_STAT: | 4988 | case SHM_STAT: |
4989 | perms = SHM__GETATTR | SHM__ASSOCIATE; | 4989 | perms = SHM__GETATTR | SHM__ASSOCIATE; |
4990 | break; | 4990 | break; |
4991 | case IPC_SET: | 4991 | case IPC_SET: |
4992 | perms = SHM__SETATTR; | 4992 | perms = SHM__SETATTR; |
4993 | break; | 4993 | break; |
4994 | case SHM_LOCK: | 4994 | case SHM_LOCK: |
4995 | case SHM_UNLOCK: | 4995 | case SHM_UNLOCK: |
4996 | perms = SHM__LOCK; | 4996 | perms = SHM__LOCK; |
4997 | break; | 4997 | break; |
4998 | case IPC_RMID: | 4998 | case IPC_RMID: |
4999 | perms = SHM__DESTROY; | 4999 | perms = SHM__DESTROY; |
5000 | break; | 5000 | break; |
5001 | default: | 5001 | default: |
5002 | return 0; | 5002 | return 0; |
5003 | } | 5003 | } |
5004 | 5004 | ||
5005 | err = ipc_has_perm(&shp->shm_perm, perms); | 5005 | err = ipc_has_perm(&shp->shm_perm, perms); |
5006 | return err; | 5006 | return err; |
5007 | } | 5007 | } |
5008 | 5008 | ||
5009 | static int selinux_shm_shmat(struct shmid_kernel *shp, | 5009 | static int selinux_shm_shmat(struct shmid_kernel *shp, |
5010 | char __user *shmaddr, int shmflg) | 5010 | char __user *shmaddr, int shmflg) |
5011 | { | 5011 | { |
5012 | u32 perms; | 5012 | u32 perms; |
5013 | 5013 | ||
5014 | if (shmflg & SHM_RDONLY) | 5014 | if (shmflg & SHM_RDONLY) |
5015 | perms = SHM__READ; | 5015 | perms = SHM__READ; |
5016 | else | 5016 | else |
5017 | perms = SHM__READ | SHM__WRITE; | 5017 | perms = SHM__READ | SHM__WRITE; |
5018 | 5018 | ||
5019 | return ipc_has_perm(&shp->shm_perm, perms); | 5019 | return ipc_has_perm(&shp->shm_perm, perms); |
5020 | } | 5020 | } |
5021 | 5021 | ||
5022 | /* Semaphore security operations */ | 5022 | /* Semaphore security operations */ |
5023 | static int selinux_sem_alloc_security(struct sem_array *sma) | 5023 | static int selinux_sem_alloc_security(struct sem_array *sma) |
5024 | { | 5024 | { |
5025 | struct ipc_security_struct *isec; | 5025 | struct ipc_security_struct *isec; |
5026 | struct common_audit_data ad; | 5026 | struct common_audit_data ad; |
5027 | u32 sid = current_sid(); | 5027 | u32 sid = current_sid(); |
5028 | int rc; | 5028 | int rc; |
5029 | 5029 | ||
5030 | rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); | 5030 | rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); |
5031 | if (rc) | 5031 | if (rc) |
5032 | return rc; | 5032 | return rc; |
5033 | 5033 | ||
5034 | isec = sma->sem_perm.security; | 5034 | isec = sma->sem_perm.security; |
5035 | 5035 | ||
5036 | COMMON_AUDIT_DATA_INIT(&ad, IPC); | 5036 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
5037 | ad.u.ipc_id = sma->sem_perm.key; | 5037 | ad.u.ipc_id = sma->sem_perm.key; |
5038 | 5038 | ||
5039 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, | 5039 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, |
5040 | SEM__CREATE, &ad); | 5040 | SEM__CREATE, &ad); |
5041 | if (rc) { | 5041 | if (rc) { |
5042 | ipc_free_security(&sma->sem_perm); | 5042 | ipc_free_security(&sma->sem_perm); |
5043 | return rc; | 5043 | return rc; |
5044 | } | 5044 | } |
5045 | return 0; | 5045 | return 0; |
5046 | } | 5046 | } |
5047 | 5047 | ||
5048 | static void selinux_sem_free_security(struct sem_array *sma) | 5048 | static void selinux_sem_free_security(struct sem_array *sma) |
5049 | { | 5049 | { |
5050 | ipc_free_security(&sma->sem_perm); | 5050 | ipc_free_security(&sma->sem_perm); |
5051 | } | 5051 | } |
5052 | 5052 | ||
5053 | static int selinux_sem_associate(struct sem_array *sma, int semflg) | 5053 | static int selinux_sem_associate(struct sem_array *sma, int semflg) |
5054 | { | 5054 | { |
5055 | struct ipc_security_struct *isec; | 5055 | struct ipc_security_struct *isec; |
5056 | struct common_audit_data ad; | 5056 | struct common_audit_data ad; |
5057 | u32 sid = current_sid(); | 5057 | u32 sid = current_sid(); |
5058 | 5058 | ||
5059 | isec = sma->sem_perm.security; | 5059 | isec = sma->sem_perm.security; |
5060 | 5060 | ||
5061 | COMMON_AUDIT_DATA_INIT(&ad, IPC); | 5061 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
5062 | ad.u.ipc_id = sma->sem_perm.key; | 5062 | ad.u.ipc_id = sma->sem_perm.key; |
5063 | 5063 | ||
5064 | return avc_has_perm(sid, isec->sid, SECCLASS_SEM, | 5064 | return avc_has_perm(sid, isec->sid, SECCLASS_SEM, |
5065 | SEM__ASSOCIATE, &ad); | 5065 | SEM__ASSOCIATE, &ad); |
5066 | } | 5066 | } |
5067 | 5067 | ||
5068 | /* Note, at this point, sma is locked down */ | 5068 | /* Note, at this point, sma is locked down */ |
5069 | static int selinux_sem_semctl(struct sem_array *sma, int cmd) | 5069 | static int selinux_sem_semctl(struct sem_array *sma, int cmd) |
5070 | { | 5070 | { |
5071 | int err; | 5071 | int err; |
5072 | u32 perms; | 5072 | u32 perms; |
5073 | 5073 | ||
5074 | switch (cmd) { | 5074 | switch (cmd) { |
5075 | case IPC_INFO: | 5075 | case IPC_INFO: |
5076 | case SEM_INFO: | 5076 | case SEM_INFO: |
5077 | /* No specific object, just general system-wide information. */ | 5077 | /* No specific object, just general system-wide information. */ |
5078 | return task_has_system(current, SYSTEM__IPC_INFO); | 5078 | return task_has_system(current, SYSTEM__IPC_INFO); |
5079 | case GETPID: | 5079 | case GETPID: |
5080 | case GETNCNT: | 5080 | case GETNCNT: |
5081 | case GETZCNT: | 5081 | case GETZCNT: |
5082 | perms = SEM__GETATTR; | 5082 | perms = SEM__GETATTR; |
5083 | break; | 5083 | break; |
5084 | case GETVAL: | 5084 | case GETVAL: |
5085 | case GETALL: | 5085 | case GETALL: |
5086 | perms = SEM__READ; | 5086 | perms = SEM__READ; |
5087 | break; | 5087 | break; |
5088 | case SETVAL: | 5088 | case SETVAL: |
5089 | case SETALL: | 5089 | case SETALL: |
5090 | perms = SEM__WRITE; | 5090 | perms = SEM__WRITE; |
5091 | break; | 5091 | break; |
5092 | case IPC_RMID: | 5092 | case IPC_RMID: |
5093 | perms = SEM__DESTROY; | 5093 | perms = SEM__DESTROY; |
5094 | break; | 5094 | break; |
5095 | case IPC_SET: | 5095 | case IPC_SET: |
5096 | perms = SEM__SETATTR; | 5096 | perms = SEM__SETATTR; |
5097 | break; | 5097 | break; |
5098 | case IPC_STAT: | 5098 | case IPC_STAT: |
5099 | case SEM_STAT: | 5099 | case SEM_STAT: |
5100 | perms = SEM__GETATTR | SEM__ASSOCIATE; | 5100 | perms = SEM__GETATTR | SEM__ASSOCIATE; |
5101 | break; | 5101 | break; |
5102 | default: | 5102 | default: |
5103 | return 0; | 5103 | return 0; |
5104 | } | 5104 | } |
5105 | 5105 | ||
5106 | err = ipc_has_perm(&sma->sem_perm, perms); | 5106 | err = ipc_has_perm(&sma->sem_perm, perms); |
5107 | return err; | 5107 | return err; |
5108 | } | 5108 | } |
5109 | 5109 | ||
5110 | static int selinux_sem_semop(struct sem_array *sma, | 5110 | static int selinux_sem_semop(struct sem_array *sma, |
5111 | struct sembuf *sops, unsigned nsops, int alter) | 5111 | struct sembuf *sops, unsigned nsops, int alter) |
5112 | { | 5112 | { |
5113 | u32 perms; | 5113 | u32 perms; |
5114 | 5114 | ||
5115 | if (alter) | 5115 | if (alter) |
5116 | perms = SEM__READ | SEM__WRITE; | 5116 | perms = SEM__READ | SEM__WRITE; |
5117 | else | 5117 | else |
5118 | perms = SEM__READ; | 5118 | perms = SEM__READ; |
5119 | 5119 | ||
5120 | return ipc_has_perm(&sma->sem_perm, perms); | 5120 | return ipc_has_perm(&sma->sem_perm, perms); |
5121 | } | 5121 | } |
5122 | 5122 | ||
5123 | static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) | 5123 | static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) |
5124 | { | 5124 | { |
5125 | u32 av = 0; | 5125 | u32 av = 0; |
5126 | 5126 | ||
5127 | av = 0; | 5127 | av = 0; |
5128 | if (flag & S_IRUGO) | 5128 | if (flag & S_IRUGO) |
5129 | av |= IPC__UNIX_READ; | 5129 | av |= IPC__UNIX_READ; |
5130 | if (flag & S_IWUGO) | 5130 | if (flag & S_IWUGO) |
5131 | av |= IPC__UNIX_WRITE; | 5131 | av |= IPC__UNIX_WRITE; |
5132 | 5132 | ||
5133 | if (av == 0) | 5133 | if (av == 0) |
5134 | return 0; | 5134 | return 0; |
5135 | 5135 | ||
5136 | return ipc_has_perm(ipcp, av); | 5136 | return ipc_has_perm(ipcp, av); |
5137 | } | 5137 | } |
5138 | 5138 | ||
5139 | static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) | 5139 | static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) |
5140 | { | 5140 | { |
5141 | struct ipc_security_struct *isec = ipcp->security; | 5141 | struct ipc_security_struct *isec = ipcp->security; |
5142 | *secid = isec->sid; | 5142 | *secid = isec->sid; |
5143 | } | 5143 | } |
5144 | 5144 | ||
5145 | static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) | 5145 | static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) |
5146 | { | 5146 | { |
5147 | if (inode) | 5147 | if (inode) |
5148 | inode_doinit_with_dentry(inode, dentry); | 5148 | inode_doinit_with_dentry(inode, dentry); |
5149 | } | 5149 | } |
5150 | 5150 | ||
5151 | static int selinux_getprocattr(struct task_struct *p, | 5151 | static int selinux_getprocattr(struct task_struct *p, |
5152 | char *name, char **value) | 5152 | char *name, char **value) |
5153 | { | 5153 | { |
5154 | const struct task_security_struct *__tsec; | 5154 | const struct task_security_struct *__tsec; |
5155 | u32 sid; | 5155 | u32 sid; |
5156 | int error; | 5156 | int error; |
5157 | unsigned len; | 5157 | unsigned len; |
5158 | 5158 | ||
5159 | if (current != p) { | 5159 | if (current != p) { |
5160 | error = current_has_perm(p, PROCESS__GETATTR); | 5160 | error = current_has_perm(p, PROCESS__GETATTR); |
5161 | if (error) | 5161 | if (error) |
5162 | return error; | 5162 | return error; |
5163 | } | 5163 | } |
5164 | 5164 | ||
5165 | rcu_read_lock(); | 5165 | rcu_read_lock(); |
5166 | __tsec = __task_cred(p)->security; | 5166 | __tsec = __task_cred(p)->security; |
5167 | 5167 | ||
5168 | if (!strcmp(name, "current")) | 5168 | if (!strcmp(name, "current")) |
5169 | sid = __tsec->sid; | 5169 | sid = __tsec->sid; |
5170 | else if (!strcmp(name, "prev")) | 5170 | else if (!strcmp(name, "prev")) |
5171 | sid = __tsec->osid; | 5171 | sid = __tsec->osid; |
5172 | else if (!strcmp(name, "exec")) | 5172 | else if (!strcmp(name, "exec")) |
5173 | sid = __tsec->exec_sid; | 5173 | sid = __tsec->exec_sid; |
5174 | else if (!strcmp(name, "fscreate")) | 5174 | else if (!strcmp(name, "fscreate")) |
5175 | sid = __tsec->create_sid; | 5175 | sid = __tsec->create_sid; |
5176 | else if (!strcmp(name, "keycreate")) | 5176 | else if (!strcmp(name, "keycreate")) |
5177 | sid = __tsec->keycreate_sid; | 5177 | sid = __tsec->keycreate_sid; |
5178 | else if (!strcmp(name, "sockcreate")) | 5178 | else if (!strcmp(name, "sockcreate")) |
5179 | sid = __tsec->sockcreate_sid; | 5179 | sid = __tsec->sockcreate_sid; |
5180 | else | 5180 | else |
5181 | goto invalid; | 5181 | goto invalid; |
5182 | rcu_read_unlock(); | 5182 | rcu_read_unlock(); |
5183 | 5183 | ||
5184 | if (!sid) | 5184 | if (!sid) |
5185 | return 0; | 5185 | return 0; |
5186 | 5186 | ||
5187 | error = security_sid_to_context(sid, value, &len); | 5187 | error = security_sid_to_context(sid, value, &len); |
5188 | if (error) | 5188 | if (error) |
5189 | return error; | 5189 | return error; |
5190 | return len; | 5190 | return len; |
5191 | 5191 | ||
5192 | invalid: | 5192 | invalid: |
5193 | rcu_read_unlock(); | 5193 | rcu_read_unlock(); |
5194 | return -EINVAL; | 5194 | return -EINVAL; |
5195 | } | 5195 | } |
5196 | 5196 | ||
5197 | static int selinux_setprocattr(struct task_struct *p, | 5197 | static int selinux_setprocattr(struct task_struct *p, |
5198 | char *name, void *value, size_t size) | 5198 | char *name, void *value, size_t size) |
5199 | { | 5199 | { |
5200 | struct task_security_struct *tsec; | 5200 | struct task_security_struct *tsec; |
5201 | struct task_struct *tracer; | 5201 | struct task_struct *tracer; |
5202 | struct cred *new; | 5202 | struct cred *new; |
5203 | u32 sid = 0, ptsid; | 5203 | u32 sid = 0, ptsid; |
5204 | int error; | 5204 | int error; |
5205 | char *str = value; | 5205 | char *str = value; |
5206 | 5206 | ||
5207 | if (current != p) { | 5207 | if (current != p) { |
5208 | /* SELinux only allows a process to change its own | 5208 | /* SELinux only allows a process to change its own |
5209 | security attributes. */ | 5209 | security attributes. */ |
5210 | return -EACCES; | 5210 | return -EACCES; |
5211 | } | 5211 | } |
5212 | 5212 | ||
5213 | /* | 5213 | /* |
5214 | * Basic control over ability to set these attributes at all. | 5214 | * Basic control over ability to set these attributes at all. |
5215 | * current == p, but we'll pass them separately in case the | 5215 | * current == p, but we'll pass them separately in case the |
5216 | * above restriction is ever removed. | 5216 | * above restriction is ever removed. |
5217 | */ | 5217 | */ |
5218 | if (!strcmp(name, "exec")) | 5218 | if (!strcmp(name, "exec")) |
5219 | error = current_has_perm(p, PROCESS__SETEXEC); | 5219 | error = current_has_perm(p, PROCESS__SETEXEC); |
5220 | else if (!strcmp(name, "fscreate")) | 5220 | else if (!strcmp(name, "fscreate")) |
5221 | error = current_has_perm(p, PROCESS__SETFSCREATE); | 5221 | error = current_has_perm(p, PROCESS__SETFSCREATE); |
5222 | else if (!strcmp(name, "keycreate")) | 5222 | else if (!strcmp(name, "keycreate")) |
5223 | error = current_has_perm(p, PROCESS__SETKEYCREATE); | 5223 | error = current_has_perm(p, PROCESS__SETKEYCREATE); |
5224 | else if (!strcmp(name, "sockcreate")) | 5224 | else if (!strcmp(name, "sockcreate")) |
5225 | error = current_has_perm(p, PROCESS__SETSOCKCREATE); | 5225 | error = current_has_perm(p, PROCESS__SETSOCKCREATE); |
5226 | else if (!strcmp(name, "current")) | 5226 | else if (!strcmp(name, "current")) |
5227 | error = current_has_perm(p, PROCESS__SETCURRENT); | 5227 | error = current_has_perm(p, PROCESS__SETCURRENT); |
5228 | else | 5228 | else |
5229 | error = -EINVAL; | 5229 | error = -EINVAL; |
5230 | if (error) | 5230 | if (error) |
5231 | return error; | 5231 | return error; |
5232 | 5232 | ||
5233 | /* Obtain a SID for the context, if one was specified. */ | 5233 | /* Obtain a SID for the context, if one was specified. */ |
5234 | if (size && str[1] && str[1] != '\n') { | 5234 | if (size && str[1] && str[1] != '\n') { |
5235 | if (str[size-1] == '\n') { | 5235 | if (str[size-1] == '\n') { |
5236 | str[size-1] = 0; | 5236 | str[size-1] = 0; |
5237 | size--; | 5237 | size--; |
5238 | } | 5238 | } |
5239 | error = security_context_to_sid(value, size, &sid); | 5239 | error = security_context_to_sid(value, size, &sid); |
5240 | if (error == -EINVAL && !strcmp(name, "fscreate")) { | 5240 | if (error == -EINVAL && !strcmp(name, "fscreate")) { |
5241 | if (!capable(CAP_MAC_ADMIN)) | 5241 | if (!capable(CAP_MAC_ADMIN)) |
5242 | return error; | 5242 | return error; |
5243 | error = security_context_to_sid_force(value, size, | 5243 | error = security_context_to_sid_force(value, size, |
5244 | &sid); | 5244 | &sid); |
5245 | } | 5245 | } |
5246 | if (error) | 5246 | if (error) |
5247 | return error; | 5247 | return error; |
5248 | } | 5248 | } |
5249 | 5249 | ||
5250 | new = prepare_creds(); | 5250 | new = prepare_creds(); |
5251 | if (!new) | 5251 | if (!new) |
5252 | return -ENOMEM; | 5252 | return -ENOMEM; |
5253 | 5253 | ||
5254 | /* Permission checking based on the specified context is | 5254 | /* Permission checking based on the specified context is |
5255 | performed during the actual operation (execve, | 5255 | performed during the actual operation (execve, |
5256 | open/mkdir/...), when we know the full context of the | 5256 | open/mkdir/...), when we know the full context of the |
5257 | operation. See selinux_bprm_set_creds for the execve | 5257 | operation. See selinux_bprm_set_creds for the execve |
5258 | checks and may_create for the file creation checks. The | 5258 | checks and may_create for the file creation checks. The |
5259 | operation will then fail if the context is not permitted. */ | 5259 | operation will then fail if the context is not permitted. */ |
5260 | tsec = new->security; | 5260 | tsec = new->security; |
5261 | if (!strcmp(name, "exec")) { | 5261 | if (!strcmp(name, "exec")) { |
5262 | tsec->exec_sid = sid; | 5262 | tsec->exec_sid = sid; |
5263 | } else if (!strcmp(name, "fscreate")) { | 5263 | } else if (!strcmp(name, "fscreate")) { |
5264 | tsec->create_sid = sid; | 5264 | tsec->create_sid = sid; |
5265 | } else if (!strcmp(name, "keycreate")) { | 5265 | } else if (!strcmp(name, "keycreate")) { |
5266 | error = may_create_key(sid, p); | 5266 | error = may_create_key(sid, p); |
5267 | if (error) | 5267 | if (error) |
5268 | goto abort_change; | 5268 | goto abort_change; |
5269 | tsec->keycreate_sid = sid; | 5269 | tsec->keycreate_sid = sid; |
5270 | } else if (!strcmp(name, "sockcreate")) { | 5270 | } else if (!strcmp(name, "sockcreate")) { |
5271 | tsec->sockcreate_sid = sid; | 5271 | tsec->sockcreate_sid = sid; |
5272 | } else if (!strcmp(name, "current")) { | 5272 | } else if (!strcmp(name, "current")) { |
5273 | error = -EINVAL; | 5273 | error = -EINVAL; |
5274 | if (sid == 0) | 5274 | if (sid == 0) |
5275 | goto abort_change; | 5275 | goto abort_change; |
5276 | 5276 | ||
5277 | /* Only allow single threaded processes to change context */ | 5277 | /* Only allow single threaded processes to change context */ |
5278 | error = -EPERM; | 5278 | error = -EPERM; |
5279 | if (!current_is_single_threaded()) { | 5279 | if (!current_is_single_threaded()) { |
5280 | error = security_bounded_transition(tsec->sid, sid); | 5280 | error = security_bounded_transition(tsec->sid, sid); |
5281 | if (error) | 5281 | if (error) |
5282 | goto abort_change; | 5282 | goto abort_change; |
5283 | } | 5283 | } |
5284 | 5284 | ||
5285 | /* Check permissions for the transition. */ | 5285 | /* Check permissions for the transition. */ |
5286 | error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, | 5286 | error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, |
5287 | PROCESS__DYNTRANSITION, NULL); | 5287 | PROCESS__DYNTRANSITION, NULL); |
5288 | if (error) | 5288 | if (error) |
5289 | goto abort_change; | 5289 | goto abort_change; |
5290 | 5290 | ||
5291 | /* Check for ptracing, and update the task SID if ok. | 5291 | /* Check for ptracing, and update the task SID if ok. |
5292 | Otherwise, leave SID unchanged and fail. */ | 5292 | Otherwise, leave SID unchanged and fail. */ |
5293 | ptsid = 0; | 5293 | ptsid = 0; |
5294 | task_lock(p); | 5294 | task_lock(p); |
5295 | tracer = tracehook_tracer_task(p); | 5295 | tracer = tracehook_tracer_task(p); |
5296 | if (tracer) | 5296 | if (tracer) |
5297 | ptsid = task_sid(tracer); | 5297 | ptsid = task_sid(tracer); |
5298 | task_unlock(p); | 5298 | task_unlock(p); |
5299 | 5299 | ||
5300 | if (tracer) { | 5300 | if (tracer) { |
5301 | error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, | 5301 | error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, |
5302 | PROCESS__PTRACE, NULL); | 5302 | PROCESS__PTRACE, NULL); |
5303 | if (error) | 5303 | if (error) |
5304 | goto abort_change; | 5304 | goto abort_change; |
5305 | } | 5305 | } |
5306 | 5306 | ||
5307 | tsec->sid = sid; | 5307 | tsec->sid = sid; |
5308 | } else { | 5308 | } else { |
5309 | error = -EINVAL; | 5309 | error = -EINVAL; |
5310 | goto abort_change; | 5310 | goto abort_change; |
5311 | } | 5311 | } |
5312 | 5312 | ||
5313 | commit_creds(new); | 5313 | commit_creds(new); |
5314 | return size; | 5314 | return size; |
5315 | 5315 | ||
5316 | abort_change: | 5316 | abort_change: |
5317 | abort_creds(new); | 5317 | abort_creds(new); |
5318 | return error; | 5318 | return error; |
5319 | } | 5319 | } |
5320 | 5320 | ||
5321 | static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | 5321 | static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) |
5322 | { | 5322 | { |
5323 | return security_sid_to_context(secid, secdata, seclen); | 5323 | return security_sid_to_context(secid, secdata, seclen); |
5324 | } | 5324 | } |
5325 | 5325 | ||
5326 | static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) | 5326 | static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) |
5327 | { | 5327 | { |
5328 | return security_context_to_sid(secdata, seclen, secid); | 5328 | return security_context_to_sid(secdata, seclen, secid); |
5329 | } | 5329 | } |
5330 | 5330 | ||
5331 | static void selinux_release_secctx(char *secdata, u32 seclen) | 5331 | static void selinux_release_secctx(char *secdata, u32 seclen) |
5332 | { | 5332 | { |
5333 | kfree(secdata); | 5333 | kfree(secdata); |
5334 | } | 5334 | } |
5335 | 5335 | ||
5336 | /* | 5336 | /* |
5337 | * called with inode->i_mutex locked | 5337 | * called with inode->i_mutex locked |
5338 | */ | 5338 | */ |
5339 | static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) | 5339 | static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) |
5340 | { | 5340 | { |
5341 | return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0); | 5341 | return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0); |
5342 | } | 5342 | } |
5343 | 5343 | ||
5344 | /* | 5344 | /* |
5345 | * called with inode->i_mutex locked | 5345 | * called with inode->i_mutex locked |
5346 | */ | 5346 | */ |
5347 | static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) | 5347 | static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) |
5348 | { | 5348 | { |
5349 | return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0); | 5349 | return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0); |
5350 | } | 5350 | } |
5351 | 5351 | ||
5352 | static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) | 5352 | static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) |
5353 | { | 5353 | { |
5354 | int len = 0; | 5354 | int len = 0; |
5355 | len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX, | 5355 | len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX, |
5356 | ctx, true); | 5356 | ctx, true); |
5357 | if (len < 0) | 5357 | if (len < 0) |
5358 | return len; | 5358 | return len; |
5359 | *ctxlen = len; | 5359 | *ctxlen = len; |
5360 | return 0; | 5360 | return 0; |
5361 | } | 5361 | } |
5362 | #ifdef CONFIG_KEYS | 5362 | #ifdef CONFIG_KEYS |
5363 | 5363 | ||
5364 | static int selinux_key_alloc(struct key *k, const struct cred *cred, | 5364 | static int selinux_key_alloc(struct key *k, const struct cred *cred, |
5365 | unsigned long flags) | 5365 | unsigned long flags) |
5366 | { | 5366 | { |
5367 | const struct task_security_struct *tsec; | 5367 | const struct task_security_struct *tsec; |
5368 | struct key_security_struct *ksec; | 5368 | struct key_security_struct *ksec; |
5369 | 5369 | ||
5370 | ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); | 5370 | ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); |
5371 | if (!ksec) | 5371 | if (!ksec) |
5372 | return -ENOMEM; | 5372 | return -ENOMEM; |
5373 | 5373 | ||
5374 | tsec = cred->security; | 5374 | tsec = cred->security; |
5375 | if (tsec->keycreate_sid) | 5375 | if (tsec->keycreate_sid) |
5376 | ksec->sid = tsec->keycreate_sid; | 5376 | ksec->sid = tsec->keycreate_sid; |
5377 | else | 5377 | else |
5378 | ksec->sid = tsec->sid; | 5378 | ksec->sid = tsec->sid; |
5379 | 5379 | ||
5380 | k->security = ksec; | 5380 | k->security = ksec; |
5381 | return 0; | 5381 | return 0; |
5382 | } | 5382 | } |
5383 | 5383 | ||
5384 | static void selinux_key_free(struct key *k) | 5384 | static void selinux_key_free(struct key *k) |
5385 | { | 5385 | { |
5386 | struct key_security_struct *ksec = k->security; | 5386 | struct key_security_struct *ksec = k->security; |
5387 | 5387 | ||
5388 | k->security = NULL; | 5388 | k->security = NULL; |
5389 | kfree(ksec); | 5389 | kfree(ksec); |
5390 | } | 5390 | } |
5391 | 5391 | ||
5392 | static int selinux_key_permission(key_ref_t key_ref, | 5392 | static int selinux_key_permission(key_ref_t key_ref, |
5393 | const struct cred *cred, | 5393 | const struct cred *cred, |
5394 | key_perm_t perm) | 5394 | key_perm_t perm) |
5395 | { | 5395 | { |
5396 | struct key *key; | 5396 | struct key *key; |
5397 | struct key_security_struct *ksec; | 5397 | struct key_security_struct *ksec; |
5398 | u32 sid; | 5398 | u32 sid; |
5399 | 5399 | ||
5400 | /* if no specific permissions are requested, we skip the | 5400 | /* if no specific permissions are requested, we skip the |
5401 | permission check. No serious, additional covert channels | 5401 | permission check. No serious, additional covert channels |
5402 | appear to be created. */ | 5402 | appear to be created. */ |
5403 | if (perm == 0) | 5403 | if (perm == 0) |
5404 | return 0; | 5404 | return 0; |
5405 | 5405 | ||
5406 | sid = cred_sid(cred); | 5406 | sid = cred_sid(cred); |
5407 | 5407 | ||
5408 | key = key_ref_to_ptr(key_ref); | 5408 | key = key_ref_to_ptr(key_ref); |
5409 | ksec = key->security; | 5409 | ksec = key->security; |
5410 | 5410 | ||
5411 | return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); | 5411 | return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); |
5412 | } | 5412 | } |
5413 | 5413 | ||
5414 | static int selinux_key_getsecurity(struct key *key, char **_buffer) | 5414 | static int selinux_key_getsecurity(struct key *key, char **_buffer) |
5415 | { | 5415 | { |
5416 | struct key_security_struct *ksec = key->security; | 5416 | struct key_security_struct *ksec = key->security; |
5417 | char *context = NULL; | 5417 | char *context = NULL; |
5418 | unsigned len; | 5418 | unsigned len; |
5419 | int rc; | 5419 | int rc; |
5420 | 5420 | ||
5421 | rc = security_sid_to_context(ksec->sid, &context, &len); | 5421 | rc = security_sid_to_context(ksec->sid, &context, &len); |
5422 | if (!rc) | 5422 | if (!rc) |
5423 | rc = len; | 5423 | rc = len; |
5424 | *_buffer = context; | 5424 | *_buffer = context; |
5425 | return rc; | 5425 | return rc; |
5426 | } | 5426 | } |
5427 | 5427 | ||
5428 | #endif | 5428 | #endif |
5429 | 5429 | ||
5430 | static struct security_operations selinux_ops = { | 5430 | static struct security_operations selinux_ops = { |
5431 | .name = "selinux", | 5431 | .name = "selinux", |
5432 | 5432 | ||
5433 | .ptrace_access_check = selinux_ptrace_access_check, | 5433 | .ptrace_access_check = selinux_ptrace_access_check, |
5434 | .ptrace_traceme = selinux_ptrace_traceme, | 5434 | .ptrace_traceme = selinux_ptrace_traceme, |
5435 | .capget = selinux_capget, | 5435 | .capget = selinux_capget, |
5436 | .capset = selinux_capset, | 5436 | .capset = selinux_capset, |
5437 | .capable = selinux_capable, | 5437 | .capable = selinux_capable, |
5438 | .quotactl = selinux_quotactl, | 5438 | .quotactl = selinux_quotactl, |
5439 | .quota_on = selinux_quota_on, | 5439 | .quota_on = selinux_quota_on, |
5440 | .syslog = selinux_syslog, | 5440 | .syslog = selinux_syslog, |
5441 | .vm_enough_memory = selinux_vm_enough_memory, | 5441 | .vm_enough_memory = selinux_vm_enough_memory, |
5442 | 5442 | ||
5443 | .netlink_send = selinux_netlink_send, | 5443 | .netlink_send = selinux_netlink_send, |
5444 | .netlink_recv = selinux_netlink_recv, | 5444 | .netlink_recv = selinux_netlink_recv, |
5445 | 5445 | ||
5446 | .bprm_set_creds = selinux_bprm_set_creds, | 5446 | .bprm_set_creds = selinux_bprm_set_creds, |
5447 | .bprm_committing_creds = selinux_bprm_committing_creds, | 5447 | .bprm_committing_creds = selinux_bprm_committing_creds, |
5448 | .bprm_committed_creds = selinux_bprm_committed_creds, | 5448 | .bprm_committed_creds = selinux_bprm_committed_creds, |
5449 | .bprm_secureexec = selinux_bprm_secureexec, | 5449 | .bprm_secureexec = selinux_bprm_secureexec, |
5450 | 5450 | ||
5451 | .sb_alloc_security = selinux_sb_alloc_security, | 5451 | .sb_alloc_security = selinux_sb_alloc_security, |
5452 | .sb_free_security = selinux_sb_free_security, | 5452 | .sb_free_security = selinux_sb_free_security, |
5453 | .sb_copy_data = selinux_sb_copy_data, | 5453 | .sb_copy_data = selinux_sb_copy_data, |
5454 | .sb_remount = selinux_sb_remount, | 5454 | .sb_remount = selinux_sb_remount, |
5455 | .sb_kern_mount = selinux_sb_kern_mount, | 5455 | .sb_kern_mount = selinux_sb_kern_mount, |
5456 | .sb_show_options = selinux_sb_show_options, | 5456 | .sb_show_options = selinux_sb_show_options, |
5457 | .sb_statfs = selinux_sb_statfs, | 5457 | .sb_statfs = selinux_sb_statfs, |
5458 | .sb_mount = selinux_mount, | 5458 | .sb_mount = selinux_mount, |
5459 | .sb_umount = selinux_umount, | 5459 | .sb_umount = selinux_umount, |
5460 | .sb_set_mnt_opts = selinux_set_mnt_opts, | 5460 | .sb_set_mnt_opts = selinux_set_mnt_opts, |
5461 | .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts, | 5461 | .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts, |
5462 | .sb_parse_opts_str = selinux_parse_opts_str, | 5462 | .sb_parse_opts_str = selinux_parse_opts_str, |
5463 | 5463 | ||
5464 | 5464 | ||
5465 | .inode_alloc_security = selinux_inode_alloc_security, | 5465 | .inode_alloc_security = selinux_inode_alloc_security, |
5466 | .inode_free_security = selinux_inode_free_security, | 5466 | .inode_free_security = selinux_inode_free_security, |
5467 | .inode_init_security = selinux_inode_init_security, | 5467 | .inode_init_security = selinux_inode_init_security, |
5468 | .inode_create = selinux_inode_create, | 5468 | .inode_create = selinux_inode_create, |
5469 | .inode_link = selinux_inode_link, | 5469 | .inode_link = selinux_inode_link, |
5470 | .inode_unlink = selinux_inode_unlink, | 5470 | .inode_unlink = selinux_inode_unlink, |
5471 | .inode_symlink = selinux_inode_symlink, | 5471 | .inode_symlink = selinux_inode_symlink, |
5472 | .inode_mkdir = selinux_inode_mkdir, | 5472 | .inode_mkdir = selinux_inode_mkdir, |
5473 | .inode_rmdir = selinux_inode_rmdir, | 5473 | .inode_rmdir = selinux_inode_rmdir, |
5474 | .inode_mknod = selinux_inode_mknod, | 5474 | .inode_mknod = selinux_inode_mknod, |
5475 | .inode_rename = selinux_inode_rename, | 5475 | .inode_rename = selinux_inode_rename, |
5476 | .inode_readlink = selinux_inode_readlink, | 5476 | .inode_readlink = selinux_inode_readlink, |
5477 | .inode_follow_link = selinux_inode_follow_link, | 5477 | .inode_follow_link = selinux_inode_follow_link, |
5478 | .inode_permission = selinux_inode_permission, | 5478 | .inode_permission = selinux_inode_permission, |
5479 | .inode_setattr = selinux_inode_setattr, | 5479 | .inode_setattr = selinux_inode_setattr, |
5480 | .inode_getattr = selinux_inode_getattr, | 5480 | .inode_getattr = selinux_inode_getattr, |
5481 | .inode_setxattr = selinux_inode_setxattr, | 5481 | .inode_setxattr = selinux_inode_setxattr, |
5482 | .inode_post_setxattr = selinux_inode_post_setxattr, | 5482 | .inode_post_setxattr = selinux_inode_post_setxattr, |
5483 | .inode_getxattr = selinux_inode_getxattr, | 5483 | .inode_getxattr = selinux_inode_getxattr, |
5484 | .inode_listxattr = selinux_inode_listxattr, | 5484 | .inode_listxattr = selinux_inode_listxattr, |
5485 | .inode_removexattr = selinux_inode_removexattr, | 5485 | .inode_removexattr = selinux_inode_removexattr, |
5486 | .inode_getsecurity = selinux_inode_getsecurity, | 5486 | .inode_getsecurity = selinux_inode_getsecurity, |
5487 | .inode_setsecurity = selinux_inode_setsecurity, | 5487 | .inode_setsecurity = selinux_inode_setsecurity, |
5488 | .inode_listsecurity = selinux_inode_listsecurity, | 5488 | .inode_listsecurity = selinux_inode_listsecurity, |
5489 | .inode_getsecid = selinux_inode_getsecid, | 5489 | .inode_getsecid = selinux_inode_getsecid, |
5490 | 5490 | ||
5491 | .file_permission = selinux_file_permission, | 5491 | .file_permission = selinux_file_permission, |
5492 | .file_alloc_security = selinux_file_alloc_security, | 5492 | .file_alloc_security = selinux_file_alloc_security, |
5493 | .file_free_security = selinux_file_free_security, | 5493 | .file_free_security = selinux_file_free_security, |
5494 | .file_ioctl = selinux_file_ioctl, | 5494 | .file_ioctl = selinux_file_ioctl, |
5495 | .file_mmap = selinux_file_mmap, | 5495 | .file_mmap = selinux_file_mmap, |
5496 | .file_mprotect = selinux_file_mprotect, | 5496 | .file_mprotect = selinux_file_mprotect, |
5497 | .file_lock = selinux_file_lock, | 5497 | .file_lock = selinux_file_lock, |
5498 | .file_fcntl = selinux_file_fcntl, | 5498 | .file_fcntl = selinux_file_fcntl, |
5499 | .file_set_fowner = selinux_file_set_fowner, | 5499 | .file_set_fowner = selinux_file_set_fowner, |
5500 | .file_send_sigiotask = selinux_file_send_sigiotask, | 5500 | .file_send_sigiotask = selinux_file_send_sigiotask, |
5501 | .file_receive = selinux_file_receive, | 5501 | .file_receive = selinux_file_receive, |
5502 | 5502 | ||
5503 | .dentry_open = selinux_dentry_open, | 5503 | .dentry_open = selinux_dentry_open, |
5504 | 5504 | ||
5505 | .task_create = selinux_task_create, | 5505 | .task_create = selinux_task_create, |
5506 | .cred_alloc_blank = selinux_cred_alloc_blank, | 5506 | .cred_alloc_blank = selinux_cred_alloc_blank, |
5507 | .cred_free = selinux_cred_free, | 5507 | .cred_free = selinux_cred_free, |
5508 | .cred_prepare = selinux_cred_prepare, | 5508 | .cred_prepare = selinux_cred_prepare, |
5509 | .cred_transfer = selinux_cred_transfer, | 5509 | .cred_transfer = selinux_cred_transfer, |
5510 | .kernel_act_as = selinux_kernel_act_as, | 5510 | .kernel_act_as = selinux_kernel_act_as, |
5511 | .kernel_create_files_as = selinux_kernel_create_files_as, | 5511 | .kernel_create_files_as = selinux_kernel_create_files_as, |
5512 | .kernel_module_request = selinux_kernel_module_request, | 5512 | .kernel_module_request = selinux_kernel_module_request, |
5513 | .task_setpgid = selinux_task_setpgid, | 5513 | .task_setpgid = selinux_task_setpgid, |
5514 | .task_getpgid = selinux_task_getpgid, | 5514 | .task_getpgid = selinux_task_getpgid, |
5515 | .task_getsid = selinux_task_getsid, | 5515 | .task_getsid = selinux_task_getsid, |
5516 | .task_getsecid = selinux_task_getsecid, | 5516 | .task_getsecid = selinux_task_getsecid, |
5517 | .task_setnice = selinux_task_setnice, | 5517 | .task_setnice = selinux_task_setnice, |
5518 | .task_setioprio = selinux_task_setioprio, | 5518 | .task_setioprio = selinux_task_setioprio, |
5519 | .task_getioprio = selinux_task_getioprio, | 5519 | .task_getioprio = selinux_task_getioprio, |
5520 | .task_setrlimit = selinux_task_setrlimit, | 5520 | .task_setrlimit = selinux_task_setrlimit, |
5521 | .task_setscheduler = selinux_task_setscheduler, | 5521 | .task_setscheduler = selinux_task_setscheduler, |
5522 | .task_getscheduler = selinux_task_getscheduler, | 5522 | .task_getscheduler = selinux_task_getscheduler, |
5523 | .task_movememory = selinux_task_movememory, | 5523 | .task_movememory = selinux_task_movememory, |
5524 | .task_kill = selinux_task_kill, | 5524 | .task_kill = selinux_task_kill, |
5525 | .task_wait = selinux_task_wait, | 5525 | .task_wait = selinux_task_wait, |
5526 | .task_to_inode = selinux_task_to_inode, | 5526 | .task_to_inode = selinux_task_to_inode, |
5527 | 5527 | ||
5528 | .ipc_permission = selinux_ipc_permission, | 5528 | .ipc_permission = selinux_ipc_permission, |
5529 | .ipc_getsecid = selinux_ipc_getsecid, | 5529 | .ipc_getsecid = selinux_ipc_getsecid, |
5530 | 5530 | ||
5531 | .msg_msg_alloc_security = selinux_msg_msg_alloc_security, | 5531 | .msg_msg_alloc_security = selinux_msg_msg_alloc_security, |
5532 | .msg_msg_free_security = selinux_msg_msg_free_security, | 5532 | .msg_msg_free_security = selinux_msg_msg_free_security, |
5533 | 5533 | ||
5534 | .msg_queue_alloc_security = selinux_msg_queue_alloc_security, | 5534 | .msg_queue_alloc_security = selinux_msg_queue_alloc_security, |
5535 | .msg_queue_free_security = selinux_msg_queue_free_security, | 5535 | .msg_queue_free_security = selinux_msg_queue_free_security, |
5536 | .msg_queue_associate = selinux_msg_queue_associate, | 5536 | .msg_queue_associate = selinux_msg_queue_associate, |
5537 | .msg_queue_msgctl = selinux_msg_queue_msgctl, | 5537 | .msg_queue_msgctl = selinux_msg_queue_msgctl, |
5538 | .msg_queue_msgsnd = selinux_msg_queue_msgsnd, | 5538 | .msg_queue_msgsnd = selinux_msg_queue_msgsnd, |
5539 | .msg_queue_msgrcv = selinux_msg_queue_msgrcv, | 5539 | .msg_queue_msgrcv = selinux_msg_queue_msgrcv, |
5540 | 5540 | ||
5541 | .shm_alloc_security = selinux_shm_alloc_security, | 5541 | .shm_alloc_security = selinux_shm_alloc_security, |
5542 | .shm_free_security = selinux_shm_free_security, | 5542 | .shm_free_security = selinux_shm_free_security, |
5543 | .shm_associate = selinux_shm_associate, | 5543 | .shm_associate = selinux_shm_associate, |
5544 | .shm_shmctl = selinux_shm_shmctl, | 5544 | .shm_shmctl = selinux_shm_shmctl, |
5545 | .shm_shmat = selinux_shm_shmat, | 5545 | .shm_shmat = selinux_shm_shmat, |
5546 | 5546 | ||
5547 | .sem_alloc_security = selinux_sem_alloc_security, | 5547 | .sem_alloc_security = selinux_sem_alloc_security, |
5548 | .sem_free_security = selinux_sem_free_security, | 5548 | .sem_free_security = selinux_sem_free_security, |
5549 | .sem_associate = selinux_sem_associate, | 5549 | .sem_associate = selinux_sem_associate, |
5550 | .sem_semctl = selinux_sem_semctl, | 5550 | .sem_semctl = selinux_sem_semctl, |
5551 | .sem_semop = selinux_sem_semop, | 5551 | .sem_semop = selinux_sem_semop, |
5552 | 5552 | ||
5553 | .d_instantiate = selinux_d_instantiate, | 5553 | .d_instantiate = selinux_d_instantiate, |
5554 | 5554 | ||
5555 | .getprocattr = selinux_getprocattr, | 5555 | .getprocattr = selinux_getprocattr, |
5556 | .setprocattr = selinux_setprocattr, | 5556 | .setprocattr = selinux_setprocattr, |
5557 | 5557 | ||
5558 | .secid_to_secctx = selinux_secid_to_secctx, | 5558 | .secid_to_secctx = selinux_secid_to_secctx, |
5559 | .secctx_to_secid = selinux_secctx_to_secid, | 5559 | .secctx_to_secid = selinux_secctx_to_secid, |
5560 | .release_secctx = selinux_release_secctx, | 5560 | .release_secctx = selinux_release_secctx, |
5561 | .inode_notifysecctx = selinux_inode_notifysecctx, | 5561 | .inode_notifysecctx = selinux_inode_notifysecctx, |
5562 | .inode_setsecctx = selinux_inode_setsecctx, | 5562 | .inode_setsecctx = selinux_inode_setsecctx, |
5563 | .inode_getsecctx = selinux_inode_getsecctx, | 5563 | .inode_getsecctx = selinux_inode_getsecctx, |
5564 | 5564 | ||
5565 | .unix_stream_connect = selinux_socket_unix_stream_connect, | 5565 | .unix_stream_connect = selinux_socket_unix_stream_connect, |
5566 | .unix_may_send = selinux_socket_unix_may_send, | 5566 | .unix_may_send = selinux_socket_unix_may_send, |
5567 | 5567 | ||
5568 | .socket_create = selinux_socket_create, | 5568 | .socket_create = selinux_socket_create, |
5569 | .socket_post_create = selinux_socket_post_create, | 5569 | .socket_post_create = selinux_socket_post_create, |
5570 | .socket_bind = selinux_socket_bind, | 5570 | .socket_bind = selinux_socket_bind, |
5571 | .socket_connect = selinux_socket_connect, | 5571 | .socket_connect = selinux_socket_connect, |
5572 | .socket_listen = selinux_socket_listen, | 5572 | .socket_listen = selinux_socket_listen, |
5573 | .socket_accept = selinux_socket_accept, | 5573 | .socket_accept = selinux_socket_accept, |
5574 | .socket_sendmsg = selinux_socket_sendmsg, | 5574 | .socket_sendmsg = selinux_socket_sendmsg, |
5575 | .socket_recvmsg = selinux_socket_recvmsg, | 5575 | .socket_recvmsg = selinux_socket_recvmsg, |
5576 | .socket_getsockname = selinux_socket_getsockname, | 5576 | .socket_getsockname = selinux_socket_getsockname, |
5577 | .socket_getpeername = selinux_socket_getpeername, | 5577 | .socket_getpeername = selinux_socket_getpeername, |
5578 | .socket_getsockopt = selinux_socket_getsockopt, | 5578 | .socket_getsockopt = selinux_socket_getsockopt, |
5579 | .socket_setsockopt = selinux_socket_setsockopt, | 5579 | .socket_setsockopt = selinux_socket_setsockopt, |
5580 | .socket_shutdown = selinux_socket_shutdown, | 5580 | .socket_shutdown = selinux_socket_shutdown, |
5581 | .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb, | 5581 | .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb, |
5582 | .socket_getpeersec_stream = selinux_socket_getpeersec_stream, | 5582 | .socket_getpeersec_stream = selinux_socket_getpeersec_stream, |
5583 | .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram, | 5583 | .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram, |
5584 | .sk_alloc_security = selinux_sk_alloc_security, | 5584 | .sk_alloc_security = selinux_sk_alloc_security, |
5585 | .sk_free_security = selinux_sk_free_security, | 5585 | .sk_free_security = selinux_sk_free_security, |
5586 | .sk_clone_security = selinux_sk_clone_security, | 5586 | .sk_clone_security = selinux_sk_clone_security, |
5587 | .sk_getsecid = selinux_sk_getsecid, | 5587 | .sk_getsecid = selinux_sk_getsecid, |
5588 | .sock_graft = selinux_sock_graft, | 5588 | .sock_graft = selinux_sock_graft, |
5589 | .inet_conn_request = selinux_inet_conn_request, | 5589 | .inet_conn_request = selinux_inet_conn_request, |
5590 | .inet_csk_clone = selinux_inet_csk_clone, | 5590 | .inet_csk_clone = selinux_inet_csk_clone, |
5591 | .inet_conn_established = selinux_inet_conn_established, | 5591 | .inet_conn_established = selinux_inet_conn_established, |
5592 | .secmark_relabel_packet = selinux_secmark_relabel_packet, | 5592 | .secmark_relabel_packet = selinux_secmark_relabel_packet, |
5593 | .secmark_refcount_inc = selinux_secmark_refcount_inc, | 5593 | .secmark_refcount_inc = selinux_secmark_refcount_inc, |
5594 | .secmark_refcount_dec = selinux_secmark_refcount_dec, | 5594 | .secmark_refcount_dec = selinux_secmark_refcount_dec, |
5595 | .req_classify_flow = selinux_req_classify_flow, | 5595 | .req_classify_flow = selinux_req_classify_flow, |
5596 | .tun_dev_create = selinux_tun_dev_create, | 5596 | .tun_dev_create = selinux_tun_dev_create, |
5597 | .tun_dev_post_create = selinux_tun_dev_post_create, | 5597 | .tun_dev_post_create = selinux_tun_dev_post_create, |
5598 | .tun_dev_attach = selinux_tun_dev_attach, | 5598 | .tun_dev_attach = selinux_tun_dev_attach, |
5599 | 5599 | ||
5600 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 5600 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
5601 | .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, | 5601 | .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, |
5602 | .xfrm_policy_clone_security = selinux_xfrm_policy_clone, | 5602 | .xfrm_policy_clone_security = selinux_xfrm_policy_clone, |
5603 | .xfrm_policy_free_security = selinux_xfrm_policy_free, | 5603 | .xfrm_policy_free_security = selinux_xfrm_policy_free, |
5604 | .xfrm_policy_delete_security = selinux_xfrm_policy_delete, | 5604 | .xfrm_policy_delete_security = selinux_xfrm_policy_delete, |
5605 | .xfrm_state_alloc_security = selinux_xfrm_state_alloc, | 5605 | .xfrm_state_alloc_security = selinux_xfrm_state_alloc, |
5606 | .xfrm_state_free_security = selinux_xfrm_state_free, | 5606 | .xfrm_state_free_security = selinux_xfrm_state_free, |
5607 | .xfrm_state_delete_security = selinux_xfrm_state_delete, | 5607 | .xfrm_state_delete_security = selinux_xfrm_state_delete, |
5608 | .xfrm_policy_lookup = selinux_xfrm_policy_lookup, | 5608 | .xfrm_policy_lookup = selinux_xfrm_policy_lookup, |
5609 | .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match, | 5609 | .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match, |
5610 | .xfrm_decode_session = selinux_xfrm_decode_session, | 5610 | .xfrm_decode_session = selinux_xfrm_decode_session, |
5611 | #endif | 5611 | #endif |
5612 | 5612 | ||
5613 | #ifdef CONFIG_KEYS | 5613 | #ifdef CONFIG_KEYS |
5614 | .key_alloc = selinux_key_alloc, | 5614 | .key_alloc = selinux_key_alloc, |
5615 | .key_free = selinux_key_free, | 5615 | .key_free = selinux_key_free, |
5616 | .key_permission = selinux_key_permission, | 5616 | .key_permission = selinux_key_permission, |
5617 | .key_getsecurity = selinux_key_getsecurity, | 5617 | .key_getsecurity = selinux_key_getsecurity, |
5618 | #endif | 5618 | #endif |
5619 | 5619 | ||
5620 | #ifdef CONFIG_AUDIT | 5620 | #ifdef CONFIG_AUDIT |
5621 | .audit_rule_init = selinux_audit_rule_init, | 5621 | .audit_rule_init = selinux_audit_rule_init, |
5622 | .audit_rule_known = selinux_audit_rule_known, | 5622 | .audit_rule_known = selinux_audit_rule_known, |
5623 | .audit_rule_match = selinux_audit_rule_match, | 5623 | .audit_rule_match = selinux_audit_rule_match, |
5624 | .audit_rule_free = selinux_audit_rule_free, | 5624 | .audit_rule_free = selinux_audit_rule_free, |
5625 | #endif | 5625 | #endif |
5626 | }; | 5626 | }; |
5627 | 5627 | ||
5628 | static __init int selinux_init(void) | 5628 | static __init int selinux_init(void) |
5629 | { | 5629 | { |
5630 | if (!security_module_enable(&selinux_ops)) { | 5630 | if (!security_module_enable(&selinux_ops)) { |
5631 | selinux_enabled = 0; | 5631 | selinux_enabled = 0; |
5632 | return 0; | 5632 | return 0; |
5633 | } | 5633 | } |
5634 | 5634 | ||
5635 | if (!selinux_enabled) { | 5635 | if (!selinux_enabled) { |
5636 | printk(KERN_INFO "SELinux: Disabled at boot.\n"); | 5636 | printk(KERN_INFO "SELinux: Disabled at boot.\n"); |
5637 | return 0; | 5637 | return 0; |
5638 | } | 5638 | } |
5639 | 5639 | ||
5640 | printk(KERN_INFO "SELinux: Initializing.\n"); | 5640 | printk(KERN_INFO "SELinux: Initializing.\n"); |
5641 | 5641 | ||
5642 | /* Set the security state for the initial task. */ | 5642 | /* Set the security state for the initial task. */ |
5643 | cred_init_security(); | 5643 | cred_init_security(); |
5644 | 5644 | ||
5645 | default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); | 5645 | default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); |
5646 | 5646 | ||
5647 | sel_inode_cache = kmem_cache_create("selinux_inode_security", | 5647 | sel_inode_cache = kmem_cache_create("selinux_inode_security", |
5648 | sizeof(struct inode_security_struct), | 5648 | sizeof(struct inode_security_struct), |
5649 | 0, SLAB_PANIC, NULL); | 5649 | 0, SLAB_PANIC, NULL); |
5650 | avc_init(); | 5650 | avc_init(); |
5651 | 5651 | ||
5652 | if (register_security(&selinux_ops)) | 5652 | if (register_security(&selinux_ops)) |
5653 | panic("SELinux: Unable to register with kernel.\n"); | 5653 | panic("SELinux: Unable to register with kernel.\n"); |
5654 | 5654 | ||
5655 | if (selinux_enforcing) | 5655 | if (selinux_enforcing) |
5656 | printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); | 5656 | printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); |
5657 | else | 5657 | else |
5658 | printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); | 5658 | printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); |
5659 | 5659 | ||
5660 | return 0; | 5660 | return 0; |
5661 | } | 5661 | } |
5662 | 5662 | ||
5663 | static void delayed_superblock_init(struct super_block *sb, void *unused) | 5663 | static void delayed_superblock_init(struct super_block *sb, void *unused) |
5664 | { | 5664 | { |
5665 | superblock_doinit(sb, NULL); | 5665 | superblock_doinit(sb, NULL); |
5666 | } | 5666 | } |
5667 | 5667 | ||
5668 | void selinux_complete_init(void) | 5668 | void selinux_complete_init(void) |
5669 | { | 5669 | { |
5670 | printk(KERN_DEBUG "SELinux: Completing initialization.\n"); | 5670 | printk(KERN_DEBUG "SELinux: Completing initialization.\n"); |
5671 | 5671 | ||
5672 | /* Set up any superblocks initialized prior to the policy load. */ | 5672 | /* Set up any superblocks initialized prior to the policy load. */ |
5673 | printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); | 5673 | printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); |
5674 | iterate_supers(delayed_superblock_init, NULL); | 5674 | iterate_supers(delayed_superblock_init, NULL); |
5675 | } | 5675 | } |
5676 | 5676 | ||
5677 | /* SELinux requires early initialization in order to label | 5677 | /* SELinux requires early initialization in order to label |
5678 | all processes and objects when they are created. */ | 5678 | all processes and objects when they are created. */ |
5679 | security_initcall(selinux_init); | 5679 | security_initcall(selinux_init); |
5680 | 5680 | ||
5681 | #if defined(CONFIG_NETFILTER) | 5681 | #if defined(CONFIG_NETFILTER) |
5682 | 5682 | ||
5683 | static struct nf_hook_ops selinux_ipv4_ops[] = { | 5683 | static struct nf_hook_ops selinux_ipv4_ops[] = { |
5684 | { | 5684 | { |
5685 | .hook = selinux_ipv4_postroute, | 5685 | .hook = selinux_ipv4_postroute, |
5686 | .owner = THIS_MODULE, | 5686 | .owner = THIS_MODULE, |
5687 | .pf = PF_INET, | 5687 | .pf = PF_INET, |
5688 | .hooknum = NF_INET_POST_ROUTING, | 5688 | .hooknum = NF_INET_POST_ROUTING, |
5689 | .priority = NF_IP_PRI_SELINUX_LAST, | 5689 | .priority = NF_IP_PRI_SELINUX_LAST, |
5690 | }, | 5690 | }, |
5691 | { | 5691 | { |
5692 | .hook = selinux_ipv4_forward, | 5692 | .hook = selinux_ipv4_forward, |
5693 | .owner = THIS_MODULE, | 5693 | .owner = THIS_MODULE, |
5694 | .pf = PF_INET, | 5694 | .pf = PF_INET, |
5695 | .hooknum = NF_INET_FORWARD, | 5695 | .hooknum = NF_INET_FORWARD, |
5696 | .priority = NF_IP_PRI_SELINUX_FIRST, | 5696 | .priority = NF_IP_PRI_SELINUX_FIRST, |
5697 | }, | 5697 | }, |
5698 | { | 5698 | { |
5699 | .hook = selinux_ipv4_output, | 5699 | .hook = selinux_ipv4_output, |
5700 | .owner = THIS_MODULE, | 5700 | .owner = THIS_MODULE, |
5701 | .pf = PF_INET, | 5701 | .pf = PF_INET, |
5702 | .hooknum = NF_INET_LOCAL_OUT, | 5702 | .hooknum = NF_INET_LOCAL_OUT, |
5703 | .priority = NF_IP_PRI_SELINUX_FIRST, | 5703 | .priority = NF_IP_PRI_SELINUX_FIRST, |
5704 | } | 5704 | } |
5705 | }; | 5705 | }; |
5706 | 5706 | ||
5707 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5707 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
5708 | 5708 | ||
5709 | static struct nf_hook_ops selinux_ipv6_ops[] = { | 5709 | static struct nf_hook_ops selinux_ipv6_ops[] = { |
5710 | { | 5710 | { |
5711 | .hook = selinux_ipv6_postroute, | 5711 | .hook = selinux_ipv6_postroute, |
5712 | .owner = THIS_MODULE, | 5712 | .owner = THIS_MODULE, |
5713 | .pf = PF_INET6, | 5713 | .pf = PF_INET6, |
5714 | .hooknum = NF_INET_POST_ROUTING, | 5714 | .hooknum = NF_INET_POST_ROUTING, |
5715 | .priority = NF_IP6_PRI_SELINUX_LAST, | 5715 | .priority = NF_IP6_PRI_SELINUX_LAST, |
5716 | }, | 5716 | }, |
5717 | { | 5717 | { |
5718 | .hook = selinux_ipv6_forward, | 5718 | .hook = selinux_ipv6_forward, |
5719 | .owner = THIS_MODULE, | 5719 | .owner = THIS_MODULE, |
5720 | .pf = PF_INET6, | 5720 | .pf = PF_INET6, |
5721 | .hooknum = NF_INET_FORWARD, | 5721 | .hooknum = NF_INET_FORWARD, |
5722 | .priority = NF_IP6_PRI_SELINUX_FIRST, | 5722 | .priority = NF_IP6_PRI_SELINUX_FIRST, |
5723 | } | 5723 | } |
5724 | }; | 5724 | }; |
5725 | 5725 | ||
5726 | #endif /* IPV6 */ | 5726 | #endif /* IPV6 */ |
5727 | 5727 | ||
5728 | static int __init selinux_nf_ip_init(void) | 5728 | static int __init selinux_nf_ip_init(void) |
5729 | { | 5729 | { |
5730 | int err = 0; | 5730 | int err = 0; |
5731 | 5731 | ||
5732 | if (!selinux_enabled) | 5732 | if (!selinux_enabled) |
5733 | goto out; | 5733 | goto out; |
5734 | 5734 | ||
5735 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); | 5735 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); |
5736 | 5736 | ||
5737 | err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); | 5737 | err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); |
5738 | if (err) | 5738 | if (err) |
5739 | panic("SELinux: nf_register_hooks for IPv4: error %d\n", err); | 5739 | panic("SELinux: nf_register_hooks for IPv4: error %d\n", err); |
5740 | 5740 | ||
5741 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5741 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
5742 | err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); | 5742 | err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); |
5743 | if (err) | 5743 | if (err) |
5744 | panic("SELinux: nf_register_hooks for IPv6: error %d\n", err); | 5744 | panic("SELinux: nf_register_hooks for IPv6: error %d\n", err); |
5745 | #endif /* IPV6 */ | 5745 | #endif /* IPV6 */ |
5746 | 5746 | ||
5747 | out: | 5747 | out: |
5748 | return err; | 5748 | return err; |
5749 | } | 5749 | } |
5750 | 5750 | ||
5751 | __initcall(selinux_nf_ip_init); | 5751 | __initcall(selinux_nf_ip_init); |
5752 | 5752 | ||
5753 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 5753 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
5754 | static void selinux_nf_ip_exit(void) | 5754 | static void selinux_nf_ip_exit(void) |
5755 | { | 5755 | { |
5756 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); | 5756 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); |
5757 | 5757 | ||
5758 | nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); | 5758 | nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); |
5759 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5759 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
5760 | nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); | 5760 | nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); |
5761 | #endif /* IPV6 */ | 5761 | #endif /* IPV6 */ |
5762 | } | 5762 | } |
5763 | #endif | 5763 | #endif |
5764 | 5764 | ||
5765 | #else /* CONFIG_NETFILTER */ | 5765 | #else /* CONFIG_NETFILTER */ |
5766 | 5766 | ||
5767 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 5767 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
5768 | #define selinux_nf_ip_exit() | 5768 | #define selinux_nf_ip_exit() |
5769 | #endif | 5769 | #endif |
5770 | 5770 | ||
5771 | #endif /* CONFIG_NETFILTER */ | 5771 | #endif /* CONFIG_NETFILTER */ |
5772 | 5772 | ||
5773 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 5773 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
5774 | static int selinux_disabled; | 5774 | static int selinux_disabled; |
5775 | 5775 | ||
5776 | int selinux_disable(void) | 5776 | int selinux_disable(void) |
5777 | { | 5777 | { |
5778 | extern void exit_sel_fs(void); | 5778 | extern void exit_sel_fs(void); |
5779 | 5779 | ||
5780 | if (ss_initialized) { | 5780 | if (ss_initialized) { |
5781 | /* Not permitted after initial policy load. */ | 5781 | /* Not permitted after initial policy load. */ |
5782 | return -EINVAL; | 5782 | return -EINVAL; |
5783 | } | 5783 | } |
5784 | 5784 | ||
5785 | if (selinux_disabled) { | 5785 | if (selinux_disabled) { |
5786 | /* Only do this once. */ | 5786 | /* Only do this once. */ |
5787 | return -EINVAL; | 5787 | return -EINVAL; |
5788 | } | 5788 | } |
5789 | 5789 | ||
5790 | printk(KERN_INFO "SELinux: Disabled at runtime.\n"); | 5790 | printk(KERN_INFO "SELinux: Disabled at runtime.\n"); |
5791 | 5791 | ||
5792 | selinux_disabled = 1; | 5792 | selinux_disabled = 1; |
5793 | selinux_enabled = 0; | 5793 | selinux_enabled = 0; |
5794 | 5794 | ||
5795 | reset_security_ops(); | 5795 | reset_security_ops(); |
5796 | 5796 | ||
5797 | /* Try to destroy the avc node cache */ | 5797 | /* Try to destroy the avc node cache */ |
5798 | avc_disable(); | 5798 | avc_disable(); |
5799 | 5799 | ||
5800 | /* Unregister netfilter hooks. */ | 5800 | /* Unregister netfilter hooks. */ |
5801 | selinux_nf_ip_exit(); | 5801 | selinux_nf_ip_exit(); |
5802 | 5802 | ||
5803 | /* Unregister selinuxfs. */ | 5803 | /* Unregister selinuxfs. */ |
5804 | exit_sel_fs(); | 5804 | exit_sel_fs(); |
5805 | 5805 | ||
5806 | return 0; | 5806 | return 0; |
5807 | } | 5807 | } |
5808 | #endif | 5808 | #endif |
5809 | 5809 |
security/smack/smack.h
1 | /* | 1 | /* |
2 | * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> | 2 | * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> |
3 | * | 3 | * |
4 | * This program is free software; you can redistribute it and/or modify | 4 | * This program is free software; you can redistribute it and/or modify |
5 | * it under the terms of the GNU General Public License as published by | 5 | * it under the terms of the GNU General Public License as published by |
6 | * the Free Software Foundation, version 2. | 6 | * the Free Software Foundation, version 2. |
7 | * | 7 | * |
8 | * Author: | 8 | * Author: |
9 | * Casey Schaufler <casey@schaufler-ca.com> | 9 | * Casey Schaufler <casey@schaufler-ca.com> |
10 | * | 10 | * |
11 | */ | 11 | */ |
12 | 12 | ||
13 | #ifndef _SECURITY_SMACK_H | 13 | #ifndef _SECURITY_SMACK_H |
14 | #define _SECURITY_SMACK_H | 14 | #define _SECURITY_SMACK_H |
15 | 15 | ||
16 | #include <linux/capability.h> | 16 | #include <linux/capability.h> |
17 | #include <linux/spinlock.h> | 17 | #include <linux/spinlock.h> |
18 | #include <linux/security.h> | 18 | #include <linux/security.h> |
19 | #include <linux/in.h> | 19 | #include <linux/in.h> |
20 | #include <net/netlabel.h> | 20 | #include <net/netlabel.h> |
21 | #include <linux/list.h> | 21 | #include <linux/list.h> |
22 | #include <linux/rculist.h> | 22 | #include <linux/rculist.h> |
23 | #include <linux/lsm_audit.h> | 23 | #include <linux/lsm_audit.h> |
24 | 24 | ||
25 | /* | 25 | /* |
26 | * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is | 26 | * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is |
27 | * bigger than can be used, and 24 is the next lower multiple | 27 | * bigger than can be used, and 24 is the next lower multiple |
28 | * of 8, and there are too many issues if there isn't space set | 28 | * of 8, and there are too many issues if there isn't space set |
29 | * aside for the terminating null byte. | 29 | * aside for the terminating null byte. |
30 | */ | 30 | */ |
31 | #define SMK_MAXLEN 23 | 31 | #define SMK_MAXLEN 23 |
32 | #define SMK_LABELLEN (SMK_MAXLEN+1) | 32 | #define SMK_LABELLEN (SMK_MAXLEN+1) |
33 | 33 | ||
34 | struct superblock_smack { | 34 | struct superblock_smack { |
35 | char *smk_root; | 35 | char *smk_root; |
36 | char *smk_floor; | 36 | char *smk_floor; |
37 | char *smk_hat; | 37 | char *smk_hat; |
38 | char *smk_default; | 38 | char *smk_default; |
39 | int smk_initialized; | 39 | int smk_initialized; |
40 | spinlock_t smk_sblock; /* for initialization */ | 40 | spinlock_t smk_sblock; /* for initialization */ |
41 | }; | 41 | }; |
42 | 42 | ||
43 | struct socket_smack { | 43 | struct socket_smack { |
44 | char *smk_out; /* outbound label */ | 44 | char *smk_out; /* outbound label */ |
45 | char *smk_in; /* inbound label */ | 45 | char *smk_in; /* inbound label */ |
46 | char smk_packet[SMK_LABELLEN]; /* TCP peer label */ | 46 | char smk_packet[SMK_LABELLEN]; /* TCP peer label */ |
47 | }; | 47 | }; |
48 | 48 | ||
49 | /* | 49 | /* |
50 | * Inode smack data | 50 | * Inode smack data |
51 | */ | 51 | */ |
52 | struct inode_smack { | 52 | struct inode_smack { |
53 | char *smk_inode; /* label of the fso */ | 53 | char *smk_inode; /* label of the fso */ |
54 | char *smk_task; /* label of the task */ | 54 | char *smk_task; /* label of the task */ |
55 | char *smk_mmap; /* label of the mmap domain */ | 55 | char *smk_mmap; /* label of the mmap domain */ |
56 | struct mutex smk_lock; /* initialization lock */ | 56 | struct mutex smk_lock; /* initialization lock */ |
57 | int smk_flags; /* smack inode flags */ | 57 | int smk_flags; /* smack inode flags */ |
58 | }; | 58 | }; |
59 | 59 | ||
60 | struct task_smack { | 60 | struct task_smack { |
61 | char *smk_task; /* label for access control */ | 61 | char *smk_task; /* label for access control */ |
62 | char *smk_forked; /* label when forked */ | 62 | char *smk_forked; /* label when forked */ |
63 | struct list_head smk_rules; /* per task access rules */ | 63 | struct list_head smk_rules; /* per task access rules */ |
64 | struct mutex smk_rules_lock; /* lock for the rules */ | 64 | struct mutex smk_rules_lock; /* lock for the rules */ |
65 | }; | 65 | }; |
66 | 66 | ||
67 | #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ | 67 | #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ |
68 | #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ | 68 | #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ |
69 | 69 | ||
70 | /* | 70 | /* |
71 | * A label access rule. | 71 | * A label access rule. |
72 | */ | 72 | */ |
73 | struct smack_rule { | 73 | struct smack_rule { |
74 | struct list_head list; | 74 | struct list_head list; |
75 | char *smk_subject; | 75 | char *smk_subject; |
76 | char *smk_object; | 76 | char *smk_object; |
77 | int smk_access; | 77 | int smk_access; |
78 | }; | 78 | }; |
79 | 79 | ||
80 | /* | 80 | /* |
81 | * An entry in the table mapping smack values to | 81 | * An entry in the table mapping smack values to |
82 | * CIPSO level/category-set values. | 82 | * CIPSO level/category-set values. |
83 | */ | 83 | */ |
84 | struct smack_cipso { | 84 | struct smack_cipso { |
85 | int smk_level; | 85 | int smk_level; |
86 | char smk_catset[SMK_LABELLEN]; | 86 | char smk_catset[SMK_LABELLEN]; |
87 | }; | 87 | }; |
88 | 88 | ||
89 | /* | 89 | /* |
90 | * An entry in the table identifying hosts. | 90 | * An entry in the table identifying hosts. |
91 | */ | 91 | */ |
92 | struct smk_netlbladdr { | 92 | struct smk_netlbladdr { |
93 | struct list_head list; | 93 | struct list_head list; |
94 | struct sockaddr_in smk_host; /* network address */ | 94 | struct sockaddr_in smk_host; /* network address */ |
95 | struct in_addr smk_mask; /* network mask */ | 95 | struct in_addr smk_mask; /* network mask */ |
96 | char *smk_label; /* label */ | 96 | char *smk_label; /* label */ |
97 | }; | 97 | }; |
98 | 98 | ||
99 | /* | 99 | /* |
100 | * This is the repository for labels seen so that it is | 100 | * This is the repository for labels seen so that it is |
101 | * not necessary to keep allocating tiny chuncks of memory | 101 | * not necessary to keep allocating tiny chuncks of memory |
102 | * and so that they can be shared. | 102 | * and so that they can be shared. |
103 | * | 103 | * |
104 | * Labels are never modified in place. Anytime a label | 104 | * Labels are never modified in place. Anytime a label |
105 | * is imported (e.g. xattrset on a file) the list is checked | 105 | * is imported (e.g. xattrset on a file) the list is checked |
106 | * for it and it is added if it doesn't exist. The address | 106 | * for it and it is added if it doesn't exist. The address |
107 | * is passed out in either case. Entries are added, but | 107 | * is passed out in either case. Entries are added, but |
108 | * never deleted. | 108 | * never deleted. |
109 | * | 109 | * |
110 | * Since labels are hanging around anyway it doesn't | 110 | * Since labels are hanging around anyway it doesn't |
111 | * hurt to maintain a secid for those awkward situations | 111 | * hurt to maintain a secid for those awkward situations |
112 | * where kernel components that ought to use LSM independent | 112 | * where kernel components that ought to use LSM independent |
113 | * interfaces don't. The secid should go away when all of | 113 | * interfaces don't. The secid should go away when all of |
114 | * these components have been repaired. | 114 | * these components have been repaired. |
115 | * | 115 | * |
116 | * If there is a cipso value associated with the label it | 116 | * If there is a cipso value associated with the label it |
117 | * gets stored here, too. This will most likely be rare as | 117 | * gets stored here, too. This will most likely be rare as |
118 | * the cipso direct mapping in used internally. | 118 | * the cipso direct mapping in used internally. |
119 | */ | 119 | */ |
120 | struct smack_known { | 120 | struct smack_known { |
121 | struct list_head list; | 121 | struct list_head list; |
122 | char smk_known[SMK_LABELLEN]; | 122 | char smk_known[SMK_LABELLEN]; |
123 | u32 smk_secid; | 123 | u32 smk_secid; |
124 | struct smack_cipso *smk_cipso; | 124 | struct smack_cipso *smk_cipso; |
125 | spinlock_t smk_cipsolock; /* for changing cipso map */ | 125 | spinlock_t smk_cipsolock; /* for changing cipso map */ |
126 | }; | 126 | }; |
127 | 127 | ||
128 | /* | 128 | /* |
129 | * Mount options | 129 | * Mount options |
130 | */ | 130 | */ |
131 | #define SMK_FSDEFAULT "smackfsdef=" | 131 | #define SMK_FSDEFAULT "smackfsdef=" |
132 | #define SMK_FSFLOOR "smackfsfloor=" | 132 | #define SMK_FSFLOOR "smackfsfloor=" |
133 | #define SMK_FSHAT "smackfshat=" | 133 | #define SMK_FSHAT "smackfshat=" |
134 | #define SMK_FSROOT "smackfsroot=" | 134 | #define SMK_FSROOT "smackfsroot=" |
135 | 135 | ||
136 | #define SMACK_CIPSO_OPTION "-CIPSO" | 136 | #define SMACK_CIPSO_OPTION "-CIPSO" |
137 | 137 | ||
138 | /* | 138 | /* |
139 | * How communications on this socket are treated. | 139 | * How communications on this socket are treated. |
140 | * Usually it's determined by the underlying netlabel code | 140 | * Usually it's determined by the underlying netlabel code |
141 | * but there are certain cases, including single label hosts | 141 | * but there are certain cases, including single label hosts |
142 | * and potentially single label interfaces for which the | 142 | * and potentially single label interfaces for which the |
143 | * treatment can not be known in advance. | 143 | * treatment can not be known in advance. |
144 | * | 144 | * |
145 | * The possibility of additional labeling schemes being | 145 | * The possibility of additional labeling schemes being |
146 | * introduced in the future exists as well. | 146 | * introduced in the future exists as well. |
147 | */ | 147 | */ |
148 | #define SMACK_UNLABELED_SOCKET 0 | 148 | #define SMACK_UNLABELED_SOCKET 0 |
149 | #define SMACK_CIPSO_SOCKET 1 | 149 | #define SMACK_CIPSO_SOCKET 1 |
150 | 150 | ||
151 | /* | 151 | /* |
152 | * smackfs magic number | 152 | * smackfs magic number |
153 | * smackfs macic number | 153 | * smackfs macic number |
154 | */ | 154 | */ |
155 | #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ | 155 | #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ |
156 | 156 | ||
157 | /* | 157 | /* |
158 | * CIPSO defaults. | 158 | * CIPSO defaults. |
159 | */ | 159 | */ |
160 | #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ | 160 | #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ |
161 | #define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */ | 161 | #define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */ |
162 | #define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */ | 162 | #define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */ |
163 | #define SMACK_CIPSO_MAXCATVAL 63 /* Bigger gets harder */ | 163 | #define SMACK_CIPSO_MAXCATVAL 63 /* Bigger gets harder */ |
164 | #define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */ | 164 | #define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */ |
165 | #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ | 165 | #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ |
166 | 166 | ||
167 | /* | 167 | /* |
168 | * Flag for transmute access | 168 | * Flag for transmute access |
169 | */ | 169 | */ |
170 | #define MAY_TRANSMUTE 64 | 170 | #define MAY_TRANSMUTE 64 |
171 | /* | 171 | /* |
172 | * Just to make the common cases easier to deal with | 172 | * Just to make the common cases easier to deal with |
173 | */ | 173 | */ |
174 | #define MAY_ANYREAD (MAY_READ | MAY_EXEC) | 174 | #define MAY_ANYREAD (MAY_READ | MAY_EXEC) |
175 | #define MAY_READWRITE (MAY_READ | MAY_WRITE) | 175 | #define MAY_READWRITE (MAY_READ | MAY_WRITE) |
176 | #define MAY_NOT 0 | 176 | #define MAY_NOT 0 |
177 | 177 | ||
178 | /* | 178 | /* |
179 | * Number of access types used by Smack (rwxa) | 179 | * Number of access types used by Smack (rwxa) |
180 | */ | 180 | */ |
181 | #define SMK_NUM_ACCESS_TYPE 4 | 181 | #define SMK_NUM_ACCESS_TYPE 4 |
182 | 182 | ||
183 | /* | 183 | /* |
184 | * Smack audit data; is empty if CONFIG_AUDIT not set | 184 | * Smack audit data; is empty if CONFIG_AUDIT not set |
185 | * to save some stack | 185 | * to save some stack |
186 | */ | 186 | */ |
187 | struct smk_audit_info { | 187 | struct smk_audit_info { |
188 | #ifdef CONFIG_AUDIT | 188 | #ifdef CONFIG_AUDIT |
189 | struct common_audit_data a; | 189 | struct common_audit_data a; |
190 | #endif | 190 | #endif |
191 | }; | 191 | }; |
192 | /* | 192 | /* |
193 | * These functions are in smack_lsm.c | 193 | * These functions are in smack_lsm.c |
194 | */ | 194 | */ |
195 | struct inode_smack *new_inode_smack(char *); | 195 | struct inode_smack *new_inode_smack(char *); |
196 | 196 | ||
197 | /* | 197 | /* |
198 | * These functions are in smack_access.c | 198 | * These functions are in smack_access.c |
199 | */ | 199 | */ |
200 | int smk_access_entry(char *, char *, struct list_head *); | 200 | int smk_access_entry(char *, char *, struct list_head *); |
201 | int smk_access(char *, char *, int, struct smk_audit_info *); | 201 | int smk_access(char *, char *, int, struct smk_audit_info *); |
202 | int smk_curacc(char *, u32, struct smk_audit_info *); | 202 | int smk_curacc(char *, u32, struct smk_audit_info *); |
203 | int smack_to_cipso(const char *, struct smack_cipso *); | 203 | int smack_to_cipso(const char *, struct smack_cipso *); |
204 | void smack_from_cipso(u32, char *, char *); | 204 | void smack_from_cipso(u32, char *, char *); |
205 | char *smack_from_secid(const u32); | 205 | char *smack_from_secid(const u32); |
206 | char *smk_import(const char *, int); | 206 | char *smk_import(const char *, int); |
207 | struct smack_known *smk_import_entry(const char *, int); | 207 | struct smack_known *smk_import_entry(const char *, int); |
208 | u32 smack_to_secid(const char *); | 208 | u32 smack_to_secid(const char *); |
209 | 209 | ||
210 | /* | 210 | /* |
211 | * Shared data. | 211 | * Shared data. |
212 | */ | 212 | */ |
213 | extern int smack_cipso_direct; | 213 | extern int smack_cipso_direct; |
214 | extern char *smack_net_ambient; | 214 | extern char *smack_net_ambient; |
215 | extern char *smack_onlycap; | 215 | extern char *smack_onlycap; |
216 | extern const char *smack_cipso_option; | 216 | extern const char *smack_cipso_option; |
217 | 217 | ||
218 | extern struct smack_known smack_known_floor; | 218 | extern struct smack_known smack_known_floor; |
219 | extern struct smack_known smack_known_hat; | 219 | extern struct smack_known smack_known_hat; |
220 | extern struct smack_known smack_known_huh; | 220 | extern struct smack_known smack_known_huh; |
221 | extern struct smack_known smack_known_invalid; | 221 | extern struct smack_known smack_known_invalid; |
222 | extern struct smack_known smack_known_star; | 222 | extern struct smack_known smack_known_star; |
223 | extern struct smack_known smack_known_web; | 223 | extern struct smack_known smack_known_web; |
224 | 224 | ||
225 | extern struct list_head smack_known_list; | 225 | extern struct list_head smack_known_list; |
226 | extern struct list_head smack_rule_list; | 226 | extern struct list_head smack_rule_list; |
227 | extern struct list_head smk_netlbladdr_list; | 227 | extern struct list_head smk_netlbladdr_list; |
228 | 228 | ||
229 | extern struct security_operations smack_ops; | 229 | extern struct security_operations smack_ops; |
230 | 230 | ||
231 | /* | 231 | /* |
232 | * Stricly for CIPSO level manipulation. | 232 | * Stricly for CIPSO level manipulation. |
233 | * Set the category bit number in a smack label sized buffer. | 233 | * Set the category bit number in a smack label sized buffer. |
234 | */ | 234 | */ |
235 | static inline void smack_catset_bit(int cat, char *catsetp) | 235 | static inline void smack_catset_bit(int cat, char *catsetp) |
236 | { | 236 | { |
237 | if (cat > SMK_LABELLEN * 8) | 237 | if (cat > SMK_LABELLEN * 8) |
238 | return; | 238 | return; |
239 | 239 | ||
240 | catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8); | 240 | catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8); |
241 | } | 241 | } |
242 | 242 | ||
243 | /* | 243 | /* |
244 | * Is the directory transmuting? | 244 | * Is the directory transmuting? |
245 | */ | 245 | */ |
246 | static inline int smk_inode_transmutable(const struct inode *isp) | 246 | static inline int smk_inode_transmutable(const struct inode *isp) |
247 | { | 247 | { |
248 | struct inode_smack *sip = isp->i_security; | 248 | struct inode_smack *sip = isp->i_security; |
249 | return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; | 249 | return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; |
250 | } | 250 | } |
251 | 251 | ||
252 | /* | 252 | /* |
253 | * Present a pointer to the smack label in an inode blob. | 253 | * Present a pointer to the smack label in an inode blob. |
254 | */ | 254 | */ |
255 | static inline char *smk_of_inode(const struct inode *isp) | 255 | static inline char *smk_of_inode(const struct inode *isp) |
256 | { | 256 | { |
257 | struct inode_smack *sip = isp->i_security; | 257 | struct inode_smack *sip = isp->i_security; |
258 | return sip->smk_inode; | 258 | return sip->smk_inode; |
259 | } | 259 | } |
260 | 260 | ||
261 | /* | 261 | /* |
262 | * Present a pointer to the smack label in an task blob. | 262 | * Present a pointer to the smack label in an task blob. |
263 | */ | 263 | */ |
264 | static inline char *smk_of_task(const struct task_smack *tsp) | 264 | static inline char *smk_of_task(const struct task_smack *tsp) |
265 | { | 265 | { |
266 | return tsp->smk_task; | 266 | return tsp->smk_task; |
267 | } | 267 | } |
268 | 268 | ||
269 | /* | 269 | /* |
270 | * Present a pointer to the forked smack label in an task blob. | 270 | * Present a pointer to the forked smack label in an task blob. |
271 | */ | 271 | */ |
272 | static inline char *smk_of_forked(const struct task_smack *tsp) | 272 | static inline char *smk_of_forked(const struct task_smack *tsp) |
273 | { | 273 | { |
274 | return tsp->smk_forked; | 274 | return tsp->smk_forked; |
275 | } | 275 | } |
276 | 276 | ||
277 | /* | 277 | /* |
278 | * Present a pointer to the smack label in the current task blob. | 278 | * Present a pointer to the smack label in the current task blob. |
279 | */ | 279 | */ |
280 | static inline char *smk_of_current(void) | 280 | static inline char *smk_of_current(void) |
281 | { | 281 | { |
282 | return smk_of_task(current_security()); | 282 | return smk_of_task(current_security()); |
283 | } | 283 | } |
284 | 284 | ||
285 | /* | 285 | /* |
286 | * logging functions | 286 | * logging functions |
287 | */ | 287 | */ |
288 | #define SMACK_AUDIT_DENIED 0x1 | 288 | #define SMACK_AUDIT_DENIED 0x1 |
289 | #define SMACK_AUDIT_ACCEPT 0x2 | 289 | #define SMACK_AUDIT_ACCEPT 0x2 |
290 | extern int log_policy; | 290 | extern int log_policy; |
291 | 291 | ||
292 | void smack_log(char *subject_label, char *object_label, | 292 | void smack_log(char *subject_label, char *object_label, |
293 | int request, | 293 | int request, |
294 | int result, struct smk_audit_info *auditdata); | 294 | int result, struct smk_audit_info *auditdata); |
295 | 295 | ||
296 | #ifdef CONFIG_AUDIT | 296 | #ifdef CONFIG_AUDIT |
297 | 297 | ||
298 | /* | 298 | /* |
299 | * some inline functions to set up audit data | 299 | * some inline functions to set up audit data |
300 | * they do nothing if CONFIG_AUDIT is not set | 300 | * they do nothing if CONFIG_AUDIT is not set |
301 | * | 301 | * |
302 | */ | 302 | */ |
303 | static inline void smk_ad_init(struct smk_audit_info *a, const char *func, | 303 | static inline void smk_ad_init(struct smk_audit_info *a, const char *func, |
304 | char type) | 304 | char type) |
305 | { | 305 | { |
306 | memset(a, 0, sizeof(*a)); | 306 | memset(a, 0, sizeof(*a)); |
307 | a->a.type = type; | 307 | a->a.type = type; |
308 | a->a.smack_audit_data.function = func; | 308 | a->a.smack_audit_data.function = func; |
309 | } | 309 | } |
310 | 310 | ||
311 | static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, | 311 | static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, |
312 | struct task_struct *t) | 312 | struct task_struct *t) |
313 | { | 313 | { |
314 | a->a.u.tsk = t; | 314 | a->a.u.tsk = t; |
315 | } | 315 | } |
316 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, | 316 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, |
317 | struct dentry *d) | 317 | struct dentry *d) |
318 | { | 318 | { |
319 | a->a.u.fs.path.dentry = d; | 319 | a->a.u.path.dentry = d; |
320 | } | 320 | } |
321 | static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, | 321 | static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, |
322 | struct vfsmount *m) | 322 | struct vfsmount *m) |
323 | { | 323 | { |
324 | a->a.u.fs.path.mnt = m; | 324 | a->a.u.path.mnt = m; |
325 | } | 325 | } |
326 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, | 326 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, |
327 | struct inode *i) | 327 | struct inode *i) |
328 | { | 328 | { |
329 | a->a.u.fs.inode = i; | 329 | a->a.u.inode = i; |
330 | } | 330 | } |
331 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, | 331 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, |
332 | struct path p) | 332 | struct path p) |
333 | { | 333 | { |
334 | a->a.u.fs.path = p; | 334 | a->a.u.path = p; |
335 | } | 335 | } |
336 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, | 336 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, |
337 | struct sock *sk) | 337 | struct sock *sk) |
338 | { | 338 | { |
339 | a->a.u.net.sk = sk; | 339 | a->a.u.net.sk = sk; |
340 | } | 340 | } |
341 | 341 | ||
342 | #else /* no AUDIT */ | 342 | #else /* no AUDIT */ |
343 | 343 | ||
344 | static inline void smk_ad_init(struct smk_audit_info *a, const char *func, | 344 | static inline void smk_ad_init(struct smk_audit_info *a, const char *func, |
345 | char type) | 345 | char type) |
346 | { | 346 | { |
347 | } | 347 | } |
348 | static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, | 348 | static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, |
349 | struct task_struct *t) | 349 | struct task_struct *t) |
350 | { | 350 | { |
351 | } | 351 | } |
352 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, | 352 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, |
353 | struct dentry *d) | 353 | struct dentry *d) |
354 | { | 354 | { |
355 | } | 355 | } |
356 | static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, | 356 | static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, |
357 | struct vfsmount *m) | 357 | struct vfsmount *m) |
358 | { | 358 | { |
359 | } | 359 | } |
360 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, | 360 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, |
361 | struct inode *i) | 361 | struct inode *i) |
362 | { | 362 | { |
363 | } | 363 | } |
364 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, | 364 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, |
365 | struct path p) | 365 | struct path p) |
366 | { | 366 | { |
367 | } | 367 | } |
368 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, | 368 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, |
369 | struct sock *sk) | 369 | struct sock *sk) |
370 | { | 370 | { |
371 | } | 371 | } |
372 | #endif | 372 | #endif |
373 | 373 | ||
374 | #endif /* _SECURITY_SMACK_H */ | 374 | #endif /* _SECURITY_SMACK_H */ |
375 | 375 |
security/smack/smack_lsm.c
1 | /* | 1 | /* |
2 | * Simplified MAC Kernel (smack) security module | 2 | * Simplified MAC Kernel (smack) security module |
3 | * | 3 | * |
4 | * This file contains the smack hook function implementations. | 4 | * This file contains the smack hook function implementations. |
5 | * | 5 | * |
6 | * Authors: | 6 | * Authors: |
7 | * Casey Schaufler <casey@schaufler-ca.com> | 7 | * Casey Schaufler <casey@schaufler-ca.com> |
8 | * Jarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com> | 8 | * Jarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com> |
9 | * | 9 | * |
10 | * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> | 10 | * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> |
11 | * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. | 11 | * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. |
12 | * Paul Moore <paul.moore@hp.com> | 12 | * Paul Moore <paul.moore@hp.com> |
13 | * Copyright (C) 2010 Nokia Corporation | 13 | * Copyright (C) 2010 Nokia Corporation |
14 | * | 14 | * |
15 | * This program is free software; you can redistribute it and/or modify | 15 | * This program is free software; you can redistribute it and/or modify |
16 | * it under the terms of the GNU General Public License version 2, | 16 | * it under the terms of the GNU General Public License version 2, |
17 | * as published by the Free Software Foundation. | 17 | * as published by the Free Software Foundation. |
18 | */ | 18 | */ |
19 | 19 | ||
20 | #include <linux/xattr.h> | 20 | #include <linux/xattr.h> |
21 | #include <linux/pagemap.h> | 21 | #include <linux/pagemap.h> |
22 | #include <linux/mount.h> | 22 | #include <linux/mount.h> |
23 | #include <linux/stat.h> | 23 | #include <linux/stat.h> |
24 | #include <linux/kd.h> | 24 | #include <linux/kd.h> |
25 | #include <asm/ioctls.h> | 25 | #include <asm/ioctls.h> |
26 | #include <linux/ip.h> | 26 | #include <linux/ip.h> |
27 | #include <linux/tcp.h> | 27 | #include <linux/tcp.h> |
28 | #include <linux/udp.h> | 28 | #include <linux/udp.h> |
29 | #include <linux/slab.h> | 29 | #include <linux/slab.h> |
30 | #include <linux/mutex.h> | 30 | #include <linux/mutex.h> |
31 | #include <linux/pipe_fs_i.h> | 31 | #include <linux/pipe_fs_i.h> |
32 | #include <net/netlabel.h> | 32 | #include <net/netlabel.h> |
33 | #include <net/cipso_ipv4.h> | 33 | #include <net/cipso_ipv4.h> |
34 | #include <linux/audit.h> | 34 | #include <linux/audit.h> |
35 | #include <linux/magic.h> | 35 | #include <linux/magic.h> |
36 | #include <linux/dcache.h> | 36 | #include <linux/dcache.h> |
37 | #include "smack.h" | 37 | #include "smack.h" |
38 | 38 | ||
39 | #define task_security(task) (task_cred_xxx((task), security)) | 39 | #define task_security(task) (task_cred_xxx((task), security)) |
40 | 40 | ||
41 | #define TRANS_TRUE "TRUE" | 41 | #define TRANS_TRUE "TRUE" |
42 | #define TRANS_TRUE_SIZE 4 | 42 | #define TRANS_TRUE_SIZE 4 |
43 | 43 | ||
44 | /** | 44 | /** |
45 | * smk_fetch - Fetch the smack label from a file. | 45 | * smk_fetch - Fetch the smack label from a file. |
46 | * @ip: a pointer to the inode | 46 | * @ip: a pointer to the inode |
47 | * @dp: a pointer to the dentry | 47 | * @dp: a pointer to the dentry |
48 | * | 48 | * |
49 | * Returns a pointer to the master list entry for the Smack label | 49 | * Returns a pointer to the master list entry for the Smack label |
50 | * or NULL if there was no label to fetch. | 50 | * or NULL if there was no label to fetch. |
51 | */ | 51 | */ |
52 | static char *smk_fetch(const char *name, struct inode *ip, struct dentry *dp) | 52 | static char *smk_fetch(const char *name, struct inode *ip, struct dentry *dp) |
53 | { | 53 | { |
54 | int rc; | 54 | int rc; |
55 | char in[SMK_LABELLEN]; | 55 | char in[SMK_LABELLEN]; |
56 | 56 | ||
57 | if (ip->i_op->getxattr == NULL) | 57 | if (ip->i_op->getxattr == NULL) |
58 | return NULL; | 58 | return NULL; |
59 | 59 | ||
60 | rc = ip->i_op->getxattr(dp, name, in, SMK_LABELLEN); | 60 | rc = ip->i_op->getxattr(dp, name, in, SMK_LABELLEN); |
61 | if (rc < 0) | 61 | if (rc < 0) |
62 | return NULL; | 62 | return NULL; |
63 | 63 | ||
64 | return smk_import(in, rc); | 64 | return smk_import(in, rc); |
65 | } | 65 | } |
66 | 66 | ||
67 | /** | 67 | /** |
68 | * new_inode_smack - allocate an inode security blob | 68 | * new_inode_smack - allocate an inode security blob |
69 | * @smack: a pointer to the Smack label to use in the blob | 69 | * @smack: a pointer to the Smack label to use in the blob |
70 | * | 70 | * |
71 | * Returns the new blob or NULL if there's no memory available | 71 | * Returns the new blob or NULL if there's no memory available |
72 | */ | 72 | */ |
73 | struct inode_smack *new_inode_smack(char *smack) | 73 | struct inode_smack *new_inode_smack(char *smack) |
74 | { | 74 | { |
75 | struct inode_smack *isp; | 75 | struct inode_smack *isp; |
76 | 76 | ||
77 | isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL); | 77 | isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL); |
78 | if (isp == NULL) | 78 | if (isp == NULL) |
79 | return NULL; | 79 | return NULL; |
80 | 80 | ||
81 | isp->smk_inode = smack; | 81 | isp->smk_inode = smack; |
82 | isp->smk_flags = 0; | 82 | isp->smk_flags = 0; |
83 | mutex_init(&isp->smk_lock); | 83 | mutex_init(&isp->smk_lock); |
84 | 84 | ||
85 | return isp; | 85 | return isp; |
86 | } | 86 | } |
87 | 87 | ||
88 | /** | 88 | /** |
89 | * new_task_smack - allocate a task security blob | 89 | * new_task_smack - allocate a task security blob |
90 | * @smack: a pointer to the Smack label to use in the blob | 90 | * @smack: a pointer to the Smack label to use in the blob |
91 | * | 91 | * |
92 | * Returns the new blob or NULL if there's no memory available | 92 | * Returns the new blob or NULL if there's no memory available |
93 | */ | 93 | */ |
94 | static struct task_smack *new_task_smack(char *task, char *forked, gfp_t gfp) | 94 | static struct task_smack *new_task_smack(char *task, char *forked, gfp_t gfp) |
95 | { | 95 | { |
96 | struct task_smack *tsp; | 96 | struct task_smack *tsp; |
97 | 97 | ||
98 | tsp = kzalloc(sizeof(struct task_smack), gfp); | 98 | tsp = kzalloc(sizeof(struct task_smack), gfp); |
99 | if (tsp == NULL) | 99 | if (tsp == NULL) |
100 | return NULL; | 100 | return NULL; |
101 | 101 | ||
102 | tsp->smk_task = task; | 102 | tsp->smk_task = task; |
103 | tsp->smk_forked = forked; | 103 | tsp->smk_forked = forked; |
104 | INIT_LIST_HEAD(&tsp->smk_rules); | 104 | INIT_LIST_HEAD(&tsp->smk_rules); |
105 | mutex_init(&tsp->smk_rules_lock); | 105 | mutex_init(&tsp->smk_rules_lock); |
106 | 106 | ||
107 | return tsp; | 107 | return tsp; |
108 | } | 108 | } |
109 | 109 | ||
110 | /** | 110 | /** |
111 | * smk_copy_rules - copy a rule set | 111 | * smk_copy_rules - copy a rule set |
112 | * @nhead - new rules header pointer | 112 | * @nhead - new rules header pointer |
113 | * @ohead - old rules header pointer | 113 | * @ohead - old rules header pointer |
114 | * | 114 | * |
115 | * Returns 0 on success, -ENOMEM on error | 115 | * Returns 0 on success, -ENOMEM on error |
116 | */ | 116 | */ |
117 | static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, | 117 | static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, |
118 | gfp_t gfp) | 118 | gfp_t gfp) |
119 | { | 119 | { |
120 | struct smack_rule *nrp; | 120 | struct smack_rule *nrp; |
121 | struct smack_rule *orp; | 121 | struct smack_rule *orp; |
122 | int rc = 0; | 122 | int rc = 0; |
123 | 123 | ||
124 | INIT_LIST_HEAD(nhead); | 124 | INIT_LIST_HEAD(nhead); |
125 | 125 | ||
126 | list_for_each_entry_rcu(orp, ohead, list) { | 126 | list_for_each_entry_rcu(orp, ohead, list) { |
127 | nrp = kzalloc(sizeof(struct smack_rule), gfp); | 127 | nrp = kzalloc(sizeof(struct smack_rule), gfp); |
128 | if (nrp == NULL) { | 128 | if (nrp == NULL) { |
129 | rc = -ENOMEM; | 129 | rc = -ENOMEM; |
130 | break; | 130 | break; |
131 | } | 131 | } |
132 | *nrp = *orp; | 132 | *nrp = *orp; |
133 | list_add_rcu(&nrp->list, nhead); | 133 | list_add_rcu(&nrp->list, nhead); |
134 | } | 134 | } |
135 | return rc; | 135 | return rc; |
136 | } | 136 | } |
137 | 137 | ||
138 | /* | 138 | /* |
139 | * LSM hooks. | 139 | * LSM hooks. |
140 | * We he, that is fun! | 140 | * We he, that is fun! |
141 | */ | 141 | */ |
142 | 142 | ||
143 | /** | 143 | /** |
144 | * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH | 144 | * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH |
145 | * @ctp: child task pointer | 145 | * @ctp: child task pointer |
146 | * @mode: ptrace attachment mode | 146 | * @mode: ptrace attachment mode |
147 | * | 147 | * |
148 | * Returns 0 if access is OK, an error code otherwise | 148 | * Returns 0 if access is OK, an error code otherwise |
149 | * | 149 | * |
150 | * Do the capability checks, and require read and write. | 150 | * Do the capability checks, and require read and write. |
151 | */ | 151 | */ |
152 | static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) | 152 | static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) |
153 | { | 153 | { |
154 | int rc; | 154 | int rc; |
155 | struct smk_audit_info ad; | 155 | struct smk_audit_info ad; |
156 | char *tsp; | 156 | char *tsp; |
157 | 157 | ||
158 | rc = cap_ptrace_access_check(ctp, mode); | 158 | rc = cap_ptrace_access_check(ctp, mode); |
159 | if (rc != 0) | 159 | if (rc != 0) |
160 | return rc; | 160 | return rc; |
161 | 161 | ||
162 | tsp = smk_of_task(task_security(ctp)); | 162 | tsp = smk_of_task(task_security(ctp)); |
163 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | 163 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); |
164 | smk_ad_setfield_u_tsk(&ad, ctp); | 164 | smk_ad_setfield_u_tsk(&ad, ctp); |
165 | 165 | ||
166 | rc = smk_curacc(tsp, MAY_READWRITE, &ad); | 166 | rc = smk_curacc(tsp, MAY_READWRITE, &ad); |
167 | return rc; | 167 | return rc; |
168 | } | 168 | } |
169 | 169 | ||
170 | /** | 170 | /** |
171 | * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME | 171 | * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME |
172 | * @ptp: parent task pointer | 172 | * @ptp: parent task pointer |
173 | * | 173 | * |
174 | * Returns 0 if access is OK, an error code otherwise | 174 | * Returns 0 if access is OK, an error code otherwise |
175 | * | 175 | * |
176 | * Do the capability checks, and require read and write. | 176 | * Do the capability checks, and require read and write. |
177 | */ | 177 | */ |
178 | static int smack_ptrace_traceme(struct task_struct *ptp) | 178 | static int smack_ptrace_traceme(struct task_struct *ptp) |
179 | { | 179 | { |
180 | int rc; | 180 | int rc; |
181 | struct smk_audit_info ad; | 181 | struct smk_audit_info ad; |
182 | char *tsp; | 182 | char *tsp; |
183 | 183 | ||
184 | rc = cap_ptrace_traceme(ptp); | 184 | rc = cap_ptrace_traceme(ptp); |
185 | if (rc != 0) | 185 | if (rc != 0) |
186 | return rc; | 186 | return rc; |
187 | 187 | ||
188 | tsp = smk_of_task(task_security(ptp)); | 188 | tsp = smk_of_task(task_security(ptp)); |
189 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | 189 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); |
190 | smk_ad_setfield_u_tsk(&ad, ptp); | 190 | smk_ad_setfield_u_tsk(&ad, ptp); |
191 | 191 | ||
192 | rc = smk_curacc(tsp, MAY_READWRITE, &ad); | 192 | rc = smk_curacc(tsp, MAY_READWRITE, &ad); |
193 | return rc; | 193 | return rc; |
194 | } | 194 | } |
195 | 195 | ||
196 | /** | 196 | /** |
197 | * smack_syslog - Smack approval on syslog | 197 | * smack_syslog - Smack approval on syslog |
198 | * @type: message type | 198 | * @type: message type |
199 | * | 199 | * |
200 | * Require that the task has the floor label | 200 | * Require that the task has the floor label |
201 | * | 201 | * |
202 | * Returns 0 on success, error code otherwise. | 202 | * Returns 0 on success, error code otherwise. |
203 | */ | 203 | */ |
204 | static int smack_syslog(int typefrom_file) | 204 | static int smack_syslog(int typefrom_file) |
205 | { | 205 | { |
206 | int rc = 0; | 206 | int rc = 0; |
207 | char *sp = smk_of_current(); | 207 | char *sp = smk_of_current(); |
208 | 208 | ||
209 | if (capable(CAP_MAC_OVERRIDE)) | 209 | if (capable(CAP_MAC_OVERRIDE)) |
210 | return 0; | 210 | return 0; |
211 | 211 | ||
212 | if (sp != smack_known_floor.smk_known) | 212 | if (sp != smack_known_floor.smk_known) |
213 | rc = -EACCES; | 213 | rc = -EACCES; |
214 | 214 | ||
215 | return rc; | 215 | return rc; |
216 | } | 216 | } |
217 | 217 | ||
218 | 218 | ||
219 | /* | 219 | /* |
220 | * Superblock Hooks. | 220 | * Superblock Hooks. |
221 | */ | 221 | */ |
222 | 222 | ||
223 | /** | 223 | /** |
224 | * smack_sb_alloc_security - allocate a superblock blob | 224 | * smack_sb_alloc_security - allocate a superblock blob |
225 | * @sb: the superblock getting the blob | 225 | * @sb: the superblock getting the blob |
226 | * | 226 | * |
227 | * Returns 0 on success or -ENOMEM on error. | 227 | * Returns 0 on success or -ENOMEM on error. |
228 | */ | 228 | */ |
229 | static int smack_sb_alloc_security(struct super_block *sb) | 229 | static int smack_sb_alloc_security(struct super_block *sb) |
230 | { | 230 | { |
231 | struct superblock_smack *sbsp; | 231 | struct superblock_smack *sbsp; |
232 | 232 | ||
233 | sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); | 233 | sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); |
234 | 234 | ||
235 | if (sbsp == NULL) | 235 | if (sbsp == NULL) |
236 | return -ENOMEM; | 236 | return -ENOMEM; |
237 | 237 | ||
238 | sbsp->smk_root = smack_known_floor.smk_known; | 238 | sbsp->smk_root = smack_known_floor.smk_known; |
239 | sbsp->smk_default = smack_known_floor.smk_known; | 239 | sbsp->smk_default = smack_known_floor.smk_known; |
240 | sbsp->smk_floor = smack_known_floor.smk_known; | 240 | sbsp->smk_floor = smack_known_floor.smk_known; |
241 | sbsp->smk_hat = smack_known_hat.smk_known; | 241 | sbsp->smk_hat = smack_known_hat.smk_known; |
242 | sbsp->smk_initialized = 0; | 242 | sbsp->smk_initialized = 0; |
243 | spin_lock_init(&sbsp->smk_sblock); | 243 | spin_lock_init(&sbsp->smk_sblock); |
244 | 244 | ||
245 | sb->s_security = sbsp; | 245 | sb->s_security = sbsp; |
246 | 246 | ||
247 | return 0; | 247 | return 0; |
248 | } | 248 | } |
249 | 249 | ||
250 | /** | 250 | /** |
251 | * smack_sb_free_security - free a superblock blob | 251 | * smack_sb_free_security - free a superblock blob |
252 | * @sb: the superblock getting the blob | 252 | * @sb: the superblock getting the blob |
253 | * | 253 | * |
254 | */ | 254 | */ |
255 | static void smack_sb_free_security(struct super_block *sb) | 255 | static void smack_sb_free_security(struct super_block *sb) |
256 | { | 256 | { |
257 | kfree(sb->s_security); | 257 | kfree(sb->s_security); |
258 | sb->s_security = NULL; | 258 | sb->s_security = NULL; |
259 | } | 259 | } |
260 | 260 | ||
261 | /** | 261 | /** |
262 | * smack_sb_copy_data - copy mount options data for processing | 262 | * smack_sb_copy_data - copy mount options data for processing |
263 | * @orig: where to start | 263 | * @orig: where to start |
264 | * @smackopts: mount options string | 264 | * @smackopts: mount options string |
265 | * | 265 | * |
266 | * Returns 0 on success or -ENOMEM on error. | 266 | * Returns 0 on success or -ENOMEM on error. |
267 | * | 267 | * |
268 | * Copy the Smack specific mount options out of the mount | 268 | * Copy the Smack specific mount options out of the mount |
269 | * options list. | 269 | * options list. |
270 | */ | 270 | */ |
271 | static int smack_sb_copy_data(char *orig, char *smackopts) | 271 | static int smack_sb_copy_data(char *orig, char *smackopts) |
272 | { | 272 | { |
273 | char *cp, *commap, *otheropts, *dp; | 273 | char *cp, *commap, *otheropts, *dp; |
274 | 274 | ||
275 | otheropts = (char *)get_zeroed_page(GFP_KERNEL); | 275 | otheropts = (char *)get_zeroed_page(GFP_KERNEL); |
276 | if (otheropts == NULL) | 276 | if (otheropts == NULL) |
277 | return -ENOMEM; | 277 | return -ENOMEM; |
278 | 278 | ||
279 | for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { | 279 | for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { |
280 | if (strstr(cp, SMK_FSDEFAULT) == cp) | 280 | if (strstr(cp, SMK_FSDEFAULT) == cp) |
281 | dp = smackopts; | 281 | dp = smackopts; |
282 | else if (strstr(cp, SMK_FSFLOOR) == cp) | 282 | else if (strstr(cp, SMK_FSFLOOR) == cp) |
283 | dp = smackopts; | 283 | dp = smackopts; |
284 | else if (strstr(cp, SMK_FSHAT) == cp) | 284 | else if (strstr(cp, SMK_FSHAT) == cp) |
285 | dp = smackopts; | 285 | dp = smackopts; |
286 | else if (strstr(cp, SMK_FSROOT) == cp) | 286 | else if (strstr(cp, SMK_FSROOT) == cp) |
287 | dp = smackopts; | 287 | dp = smackopts; |
288 | else | 288 | else |
289 | dp = otheropts; | 289 | dp = otheropts; |
290 | 290 | ||
291 | commap = strchr(cp, ','); | 291 | commap = strchr(cp, ','); |
292 | if (commap != NULL) | 292 | if (commap != NULL) |
293 | *commap = '\0'; | 293 | *commap = '\0'; |
294 | 294 | ||
295 | if (*dp != '\0') | 295 | if (*dp != '\0') |
296 | strcat(dp, ","); | 296 | strcat(dp, ","); |
297 | strcat(dp, cp); | 297 | strcat(dp, cp); |
298 | } | 298 | } |
299 | 299 | ||
300 | strcpy(orig, otheropts); | 300 | strcpy(orig, otheropts); |
301 | free_page((unsigned long)otheropts); | 301 | free_page((unsigned long)otheropts); |
302 | 302 | ||
303 | return 0; | 303 | return 0; |
304 | } | 304 | } |
305 | 305 | ||
306 | /** | 306 | /** |
307 | * smack_sb_kern_mount - Smack specific mount processing | 307 | * smack_sb_kern_mount - Smack specific mount processing |
308 | * @sb: the file system superblock | 308 | * @sb: the file system superblock |
309 | * @flags: the mount flags | 309 | * @flags: the mount flags |
310 | * @data: the smack mount options | 310 | * @data: the smack mount options |
311 | * | 311 | * |
312 | * Returns 0 on success, an error code on failure | 312 | * Returns 0 on success, an error code on failure |
313 | */ | 313 | */ |
314 | static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) | 314 | static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) |
315 | { | 315 | { |
316 | struct dentry *root = sb->s_root; | 316 | struct dentry *root = sb->s_root; |
317 | struct inode *inode = root->d_inode; | 317 | struct inode *inode = root->d_inode; |
318 | struct superblock_smack *sp = sb->s_security; | 318 | struct superblock_smack *sp = sb->s_security; |
319 | struct inode_smack *isp; | 319 | struct inode_smack *isp; |
320 | char *op; | 320 | char *op; |
321 | char *commap; | 321 | char *commap; |
322 | char *nsp; | 322 | char *nsp; |
323 | 323 | ||
324 | spin_lock(&sp->smk_sblock); | 324 | spin_lock(&sp->smk_sblock); |
325 | if (sp->smk_initialized != 0) { | 325 | if (sp->smk_initialized != 0) { |
326 | spin_unlock(&sp->smk_sblock); | 326 | spin_unlock(&sp->smk_sblock); |
327 | return 0; | 327 | return 0; |
328 | } | 328 | } |
329 | sp->smk_initialized = 1; | 329 | sp->smk_initialized = 1; |
330 | spin_unlock(&sp->smk_sblock); | 330 | spin_unlock(&sp->smk_sblock); |
331 | 331 | ||
332 | for (op = data; op != NULL; op = commap) { | 332 | for (op = data; op != NULL; op = commap) { |
333 | commap = strchr(op, ','); | 333 | commap = strchr(op, ','); |
334 | if (commap != NULL) | 334 | if (commap != NULL) |
335 | *commap++ = '\0'; | 335 | *commap++ = '\0'; |
336 | 336 | ||
337 | if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { | 337 | if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { |
338 | op += strlen(SMK_FSHAT); | 338 | op += strlen(SMK_FSHAT); |
339 | nsp = smk_import(op, 0); | 339 | nsp = smk_import(op, 0); |
340 | if (nsp != NULL) | 340 | if (nsp != NULL) |
341 | sp->smk_hat = nsp; | 341 | sp->smk_hat = nsp; |
342 | } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { | 342 | } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { |
343 | op += strlen(SMK_FSFLOOR); | 343 | op += strlen(SMK_FSFLOOR); |
344 | nsp = smk_import(op, 0); | 344 | nsp = smk_import(op, 0); |
345 | if (nsp != NULL) | 345 | if (nsp != NULL) |
346 | sp->smk_floor = nsp; | 346 | sp->smk_floor = nsp; |
347 | } else if (strncmp(op, SMK_FSDEFAULT, | 347 | } else if (strncmp(op, SMK_FSDEFAULT, |
348 | strlen(SMK_FSDEFAULT)) == 0) { | 348 | strlen(SMK_FSDEFAULT)) == 0) { |
349 | op += strlen(SMK_FSDEFAULT); | 349 | op += strlen(SMK_FSDEFAULT); |
350 | nsp = smk_import(op, 0); | 350 | nsp = smk_import(op, 0); |
351 | if (nsp != NULL) | 351 | if (nsp != NULL) |
352 | sp->smk_default = nsp; | 352 | sp->smk_default = nsp; |
353 | } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { | 353 | } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { |
354 | op += strlen(SMK_FSROOT); | 354 | op += strlen(SMK_FSROOT); |
355 | nsp = smk_import(op, 0); | 355 | nsp = smk_import(op, 0); |
356 | if (nsp != NULL) | 356 | if (nsp != NULL) |
357 | sp->smk_root = nsp; | 357 | sp->smk_root = nsp; |
358 | } | 358 | } |
359 | } | 359 | } |
360 | 360 | ||
361 | /* | 361 | /* |
362 | * Initialize the root inode. | 362 | * Initialize the root inode. |
363 | */ | 363 | */ |
364 | isp = inode->i_security; | 364 | isp = inode->i_security; |
365 | if (isp == NULL) | 365 | if (isp == NULL) |
366 | inode->i_security = new_inode_smack(sp->smk_root); | 366 | inode->i_security = new_inode_smack(sp->smk_root); |
367 | else | 367 | else |
368 | isp->smk_inode = sp->smk_root; | 368 | isp->smk_inode = sp->smk_root; |
369 | 369 | ||
370 | return 0; | 370 | return 0; |
371 | } | 371 | } |
372 | 372 | ||
373 | /** | 373 | /** |
374 | * smack_sb_statfs - Smack check on statfs | 374 | * smack_sb_statfs - Smack check on statfs |
375 | * @dentry: identifies the file system in question | 375 | * @dentry: identifies the file system in question |
376 | * | 376 | * |
377 | * Returns 0 if current can read the floor of the filesystem, | 377 | * Returns 0 if current can read the floor of the filesystem, |
378 | * and error code otherwise | 378 | * and error code otherwise |
379 | */ | 379 | */ |
380 | static int smack_sb_statfs(struct dentry *dentry) | 380 | static int smack_sb_statfs(struct dentry *dentry) |
381 | { | 381 | { |
382 | struct superblock_smack *sbp = dentry->d_sb->s_security; | 382 | struct superblock_smack *sbp = dentry->d_sb->s_security; |
383 | int rc; | 383 | int rc; |
384 | struct smk_audit_info ad; | 384 | struct smk_audit_info ad; |
385 | 385 | ||
386 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 386 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
387 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 387 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
388 | 388 | ||
389 | rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); | 389 | rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); |
390 | return rc; | 390 | return rc; |
391 | } | 391 | } |
392 | 392 | ||
393 | /** | 393 | /** |
394 | * smack_sb_mount - Smack check for mounting | 394 | * smack_sb_mount - Smack check for mounting |
395 | * @dev_name: unused | 395 | * @dev_name: unused |
396 | * @path: mount point | 396 | * @path: mount point |
397 | * @type: unused | 397 | * @type: unused |
398 | * @flags: unused | 398 | * @flags: unused |
399 | * @data: unused | 399 | * @data: unused |
400 | * | 400 | * |
401 | * Returns 0 if current can write the floor of the filesystem | 401 | * Returns 0 if current can write the floor of the filesystem |
402 | * being mounted on, an error code otherwise. | 402 | * being mounted on, an error code otherwise. |
403 | */ | 403 | */ |
404 | static int smack_sb_mount(char *dev_name, struct path *path, | 404 | static int smack_sb_mount(char *dev_name, struct path *path, |
405 | char *type, unsigned long flags, void *data) | 405 | char *type, unsigned long flags, void *data) |
406 | { | 406 | { |
407 | struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; | 407 | struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; |
408 | struct smk_audit_info ad; | 408 | struct smk_audit_info ad; |
409 | 409 | ||
410 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 410 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
411 | smk_ad_setfield_u_fs_path(&ad, *path); | 411 | smk_ad_setfield_u_fs_path(&ad, *path); |
412 | 412 | ||
413 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); | 413 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); |
414 | } | 414 | } |
415 | 415 | ||
416 | /** | 416 | /** |
417 | * smack_sb_umount - Smack check for unmounting | 417 | * smack_sb_umount - Smack check for unmounting |
418 | * @mnt: file system to unmount | 418 | * @mnt: file system to unmount |
419 | * @flags: unused | 419 | * @flags: unused |
420 | * | 420 | * |
421 | * Returns 0 if current can write the floor of the filesystem | 421 | * Returns 0 if current can write the floor of the filesystem |
422 | * being unmounted, an error code otherwise. | 422 | * being unmounted, an error code otherwise. |
423 | */ | 423 | */ |
424 | static int smack_sb_umount(struct vfsmount *mnt, int flags) | 424 | static int smack_sb_umount(struct vfsmount *mnt, int flags) |
425 | { | 425 | { |
426 | struct superblock_smack *sbp; | 426 | struct superblock_smack *sbp; |
427 | struct smk_audit_info ad; | 427 | struct smk_audit_info ad; |
428 | 428 | ||
429 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 429 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
430 | smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root); | 430 | smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root); |
431 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); | 431 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); |
432 | 432 | ||
433 | sbp = mnt->mnt_sb->s_security; | 433 | sbp = mnt->mnt_sb->s_security; |
434 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); | 434 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); |
435 | } | 435 | } |
436 | 436 | ||
437 | /* | 437 | /* |
438 | * BPRM hooks | 438 | * BPRM hooks |
439 | */ | 439 | */ |
440 | 440 | ||
441 | static int smack_bprm_set_creds(struct linux_binprm *bprm) | 441 | static int smack_bprm_set_creds(struct linux_binprm *bprm) |
442 | { | 442 | { |
443 | struct task_smack *tsp = bprm->cred->security; | 443 | struct task_smack *tsp = bprm->cred->security; |
444 | struct inode_smack *isp; | 444 | struct inode_smack *isp; |
445 | struct dentry *dp; | 445 | struct dentry *dp; |
446 | int rc; | 446 | int rc; |
447 | 447 | ||
448 | rc = cap_bprm_set_creds(bprm); | 448 | rc = cap_bprm_set_creds(bprm); |
449 | if (rc != 0) | 449 | if (rc != 0) |
450 | return rc; | 450 | return rc; |
451 | 451 | ||
452 | if (bprm->cred_prepared) | 452 | if (bprm->cred_prepared) |
453 | return 0; | 453 | return 0; |
454 | 454 | ||
455 | if (bprm->file == NULL || bprm->file->f_dentry == NULL) | 455 | if (bprm->file == NULL || bprm->file->f_dentry == NULL) |
456 | return 0; | 456 | return 0; |
457 | 457 | ||
458 | dp = bprm->file->f_dentry; | 458 | dp = bprm->file->f_dentry; |
459 | 459 | ||
460 | if (dp->d_inode == NULL) | 460 | if (dp->d_inode == NULL) |
461 | return 0; | 461 | return 0; |
462 | 462 | ||
463 | isp = dp->d_inode->i_security; | 463 | isp = dp->d_inode->i_security; |
464 | 464 | ||
465 | if (isp->smk_task != NULL) | 465 | if (isp->smk_task != NULL) |
466 | tsp->smk_task = isp->smk_task; | 466 | tsp->smk_task = isp->smk_task; |
467 | 467 | ||
468 | return 0; | 468 | return 0; |
469 | } | 469 | } |
470 | 470 | ||
471 | /* | 471 | /* |
472 | * Inode hooks | 472 | * Inode hooks |
473 | */ | 473 | */ |
474 | 474 | ||
475 | /** | 475 | /** |
476 | * smack_inode_alloc_security - allocate an inode blob | 476 | * smack_inode_alloc_security - allocate an inode blob |
477 | * @inode: the inode in need of a blob | 477 | * @inode: the inode in need of a blob |
478 | * | 478 | * |
479 | * Returns 0 if it gets a blob, -ENOMEM otherwise | 479 | * Returns 0 if it gets a blob, -ENOMEM otherwise |
480 | */ | 480 | */ |
481 | static int smack_inode_alloc_security(struct inode *inode) | 481 | static int smack_inode_alloc_security(struct inode *inode) |
482 | { | 482 | { |
483 | inode->i_security = new_inode_smack(smk_of_current()); | 483 | inode->i_security = new_inode_smack(smk_of_current()); |
484 | if (inode->i_security == NULL) | 484 | if (inode->i_security == NULL) |
485 | return -ENOMEM; | 485 | return -ENOMEM; |
486 | return 0; | 486 | return 0; |
487 | } | 487 | } |
488 | 488 | ||
489 | /** | 489 | /** |
490 | * smack_inode_free_security - free an inode blob | 490 | * smack_inode_free_security - free an inode blob |
491 | * @inode: the inode with a blob | 491 | * @inode: the inode with a blob |
492 | * | 492 | * |
493 | * Clears the blob pointer in inode | 493 | * Clears the blob pointer in inode |
494 | */ | 494 | */ |
495 | static void smack_inode_free_security(struct inode *inode) | 495 | static void smack_inode_free_security(struct inode *inode) |
496 | { | 496 | { |
497 | kfree(inode->i_security); | 497 | kfree(inode->i_security); |
498 | inode->i_security = NULL; | 498 | inode->i_security = NULL; |
499 | } | 499 | } |
500 | 500 | ||
501 | /** | 501 | /** |
502 | * smack_inode_init_security - copy out the smack from an inode | 502 | * smack_inode_init_security - copy out the smack from an inode |
503 | * @inode: the inode | 503 | * @inode: the inode |
504 | * @dir: unused | 504 | * @dir: unused |
505 | * @qstr: unused | 505 | * @qstr: unused |
506 | * @name: where to put the attribute name | 506 | * @name: where to put the attribute name |
507 | * @value: where to put the attribute value | 507 | * @value: where to put the attribute value |
508 | * @len: where to put the length of the attribute | 508 | * @len: where to put the length of the attribute |
509 | * | 509 | * |
510 | * Returns 0 if it all works out, -ENOMEM if there's no memory | 510 | * Returns 0 if it all works out, -ENOMEM if there's no memory |
511 | */ | 511 | */ |
512 | static int smack_inode_init_security(struct inode *inode, struct inode *dir, | 512 | static int smack_inode_init_security(struct inode *inode, struct inode *dir, |
513 | const struct qstr *qstr, char **name, | 513 | const struct qstr *qstr, char **name, |
514 | void **value, size_t *len) | 514 | void **value, size_t *len) |
515 | { | 515 | { |
516 | char *isp = smk_of_inode(inode); | 516 | char *isp = smk_of_inode(inode); |
517 | char *dsp = smk_of_inode(dir); | 517 | char *dsp = smk_of_inode(dir); |
518 | int may; | 518 | int may; |
519 | 519 | ||
520 | if (name) { | 520 | if (name) { |
521 | *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL); | 521 | *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL); |
522 | if (*name == NULL) | 522 | if (*name == NULL) |
523 | return -ENOMEM; | 523 | return -ENOMEM; |
524 | } | 524 | } |
525 | 525 | ||
526 | if (value) { | 526 | if (value) { |
527 | rcu_read_lock(); | 527 | rcu_read_lock(); |
528 | may = smk_access_entry(smk_of_current(), dsp, &smack_rule_list); | 528 | may = smk_access_entry(smk_of_current(), dsp, &smack_rule_list); |
529 | rcu_read_unlock(); | 529 | rcu_read_unlock(); |
530 | 530 | ||
531 | /* | 531 | /* |
532 | * If the access rule allows transmutation and | 532 | * If the access rule allows transmutation and |
533 | * the directory requests transmutation then | 533 | * the directory requests transmutation then |
534 | * by all means transmute. | 534 | * by all means transmute. |
535 | */ | 535 | */ |
536 | if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && | 536 | if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && |
537 | smk_inode_transmutable(dir)) | 537 | smk_inode_transmutable(dir)) |
538 | isp = dsp; | 538 | isp = dsp; |
539 | 539 | ||
540 | *value = kstrdup(isp, GFP_KERNEL); | 540 | *value = kstrdup(isp, GFP_KERNEL); |
541 | if (*value == NULL) | 541 | if (*value == NULL) |
542 | return -ENOMEM; | 542 | return -ENOMEM; |
543 | } | 543 | } |
544 | 544 | ||
545 | if (len) | 545 | if (len) |
546 | *len = strlen(isp) + 1; | 546 | *len = strlen(isp) + 1; |
547 | 547 | ||
548 | return 0; | 548 | return 0; |
549 | } | 549 | } |
550 | 550 | ||
551 | /** | 551 | /** |
552 | * smack_inode_link - Smack check on link | 552 | * smack_inode_link - Smack check on link |
553 | * @old_dentry: the existing object | 553 | * @old_dentry: the existing object |
554 | * @dir: unused | 554 | * @dir: unused |
555 | * @new_dentry: the new object | 555 | * @new_dentry: the new object |
556 | * | 556 | * |
557 | * Returns 0 if access is permitted, an error code otherwise | 557 | * Returns 0 if access is permitted, an error code otherwise |
558 | */ | 558 | */ |
559 | static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, | 559 | static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, |
560 | struct dentry *new_dentry) | 560 | struct dentry *new_dentry) |
561 | { | 561 | { |
562 | char *isp; | 562 | char *isp; |
563 | struct smk_audit_info ad; | 563 | struct smk_audit_info ad; |
564 | int rc; | 564 | int rc; |
565 | 565 | ||
566 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 566 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
567 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); | 567 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); |
568 | 568 | ||
569 | isp = smk_of_inode(old_dentry->d_inode); | 569 | isp = smk_of_inode(old_dentry->d_inode); |
570 | rc = smk_curacc(isp, MAY_WRITE, &ad); | 570 | rc = smk_curacc(isp, MAY_WRITE, &ad); |
571 | 571 | ||
572 | if (rc == 0 && new_dentry->d_inode != NULL) { | 572 | if (rc == 0 && new_dentry->d_inode != NULL) { |
573 | isp = smk_of_inode(new_dentry->d_inode); | 573 | isp = smk_of_inode(new_dentry->d_inode); |
574 | smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); | 574 | smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); |
575 | rc = smk_curacc(isp, MAY_WRITE, &ad); | 575 | rc = smk_curacc(isp, MAY_WRITE, &ad); |
576 | } | 576 | } |
577 | 577 | ||
578 | return rc; | 578 | return rc; |
579 | } | 579 | } |
580 | 580 | ||
581 | /** | 581 | /** |
582 | * smack_inode_unlink - Smack check on inode deletion | 582 | * smack_inode_unlink - Smack check on inode deletion |
583 | * @dir: containing directory object | 583 | * @dir: containing directory object |
584 | * @dentry: file to unlink | 584 | * @dentry: file to unlink |
585 | * | 585 | * |
586 | * Returns 0 if current can write the containing directory | 586 | * Returns 0 if current can write the containing directory |
587 | * and the object, error code otherwise | 587 | * and the object, error code otherwise |
588 | */ | 588 | */ |
589 | static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) | 589 | static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) |
590 | { | 590 | { |
591 | struct inode *ip = dentry->d_inode; | 591 | struct inode *ip = dentry->d_inode; |
592 | struct smk_audit_info ad; | 592 | struct smk_audit_info ad; |
593 | int rc; | 593 | int rc; |
594 | 594 | ||
595 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 595 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
596 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 596 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
597 | 597 | ||
598 | /* | 598 | /* |
599 | * You need write access to the thing you're unlinking | 599 | * You need write access to the thing you're unlinking |
600 | */ | 600 | */ |
601 | rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); | 601 | rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); |
602 | if (rc == 0) { | 602 | if (rc == 0) { |
603 | /* | 603 | /* |
604 | * You also need write access to the containing directory | 604 | * You also need write access to the containing directory |
605 | */ | 605 | */ |
606 | smk_ad_setfield_u_fs_path_dentry(&ad, NULL); | 606 | smk_ad_setfield_u_fs_path_dentry(&ad, NULL); |
607 | smk_ad_setfield_u_fs_inode(&ad, dir); | 607 | smk_ad_setfield_u_fs_inode(&ad, dir); |
608 | rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); | 608 | rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); |
609 | } | 609 | } |
610 | return rc; | 610 | return rc; |
611 | } | 611 | } |
612 | 612 | ||
613 | /** | 613 | /** |
614 | * smack_inode_rmdir - Smack check on directory deletion | 614 | * smack_inode_rmdir - Smack check on directory deletion |
615 | * @dir: containing directory object | 615 | * @dir: containing directory object |
616 | * @dentry: directory to unlink | 616 | * @dentry: directory to unlink |
617 | * | 617 | * |
618 | * Returns 0 if current can write the containing directory | 618 | * Returns 0 if current can write the containing directory |
619 | * and the directory, error code otherwise | 619 | * and the directory, error code otherwise |
620 | */ | 620 | */ |
621 | static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) | 621 | static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) |
622 | { | 622 | { |
623 | struct smk_audit_info ad; | 623 | struct smk_audit_info ad; |
624 | int rc; | 624 | int rc; |
625 | 625 | ||
626 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 626 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
627 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 627 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
628 | 628 | ||
629 | /* | 629 | /* |
630 | * You need write access to the thing you're removing | 630 | * You need write access to the thing you're removing |
631 | */ | 631 | */ |
632 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); | 632 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
633 | if (rc == 0) { | 633 | if (rc == 0) { |
634 | /* | 634 | /* |
635 | * You also need write access to the containing directory | 635 | * You also need write access to the containing directory |
636 | */ | 636 | */ |
637 | smk_ad_setfield_u_fs_path_dentry(&ad, NULL); | 637 | smk_ad_setfield_u_fs_path_dentry(&ad, NULL); |
638 | smk_ad_setfield_u_fs_inode(&ad, dir); | 638 | smk_ad_setfield_u_fs_inode(&ad, dir); |
639 | rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); | 639 | rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); |
640 | } | 640 | } |
641 | 641 | ||
642 | return rc; | 642 | return rc; |
643 | } | 643 | } |
644 | 644 | ||
645 | /** | 645 | /** |
646 | * smack_inode_rename - Smack check on rename | 646 | * smack_inode_rename - Smack check on rename |
647 | * @old_inode: the old directory | 647 | * @old_inode: the old directory |
648 | * @old_dentry: unused | 648 | * @old_dentry: unused |
649 | * @new_inode: the new directory | 649 | * @new_inode: the new directory |
650 | * @new_dentry: unused | 650 | * @new_dentry: unused |
651 | * | 651 | * |
652 | * Read and write access is required on both the old and | 652 | * Read and write access is required on both the old and |
653 | * new directories. | 653 | * new directories. |
654 | * | 654 | * |
655 | * Returns 0 if access is permitted, an error code otherwise | 655 | * Returns 0 if access is permitted, an error code otherwise |
656 | */ | 656 | */ |
657 | static int smack_inode_rename(struct inode *old_inode, | 657 | static int smack_inode_rename(struct inode *old_inode, |
658 | struct dentry *old_dentry, | 658 | struct dentry *old_dentry, |
659 | struct inode *new_inode, | 659 | struct inode *new_inode, |
660 | struct dentry *new_dentry) | 660 | struct dentry *new_dentry) |
661 | { | 661 | { |
662 | int rc; | 662 | int rc; |
663 | char *isp; | 663 | char *isp; |
664 | struct smk_audit_info ad; | 664 | struct smk_audit_info ad; |
665 | 665 | ||
666 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 666 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
667 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); | 667 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); |
668 | 668 | ||
669 | isp = smk_of_inode(old_dentry->d_inode); | 669 | isp = smk_of_inode(old_dentry->d_inode); |
670 | rc = smk_curacc(isp, MAY_READWRITE, &ad); | 670 | rc = smk_curacc(isp, MAY_READWRITE, &ad); |
671 | 671 | ||
672 | if (rc == 0 && new_dentry->d_inode != NULL) { | 672 | if (rc == 0 && new_dentry->d_inode != NULL) { |
673 | isp = smk_of_inode(new_dentry->d_inode); | 673 | isp = smk_of_inode(new_dentry->d_inode); |
674 | smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); | 674 | smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); |
675 | rc = smk_curacc(isp, MAY_READWRITE, &ad); | 675 | rc = smk_curacc(isp, MAY_READWRITE, &ad); |
676 | } | 676 | } |
677 | return rc; | 677 | return rc; |
678 | } | 678 | } |
679 | 679 | ||
680 | /** | 680 | /** |
681 | * smack_inode_permission - Smack version of permission() | 681 | * smack_inode_permission - Smack version of permission() |
682 | * @inode: the inode in question | 682 | * @inode: the inode in question |
683 | * @mask: the access requested | 683 | * @mask: the access requested |
684 | * | 684 | * |
685 | * This is the important Smack hook. | 685 | * This is the important Smack hook. |
686 | * | 686 | * |
687 | * Returns 0 if access is permitted, -EACCES otherwise | 687 | * Returns 0 if access is permitted, -EACCES otherwise |
688 | */ | 688 | */ |
689 | static int smack_inode_permission(struct inode *inode, int mask, unsigned flags) | 689 | static int smack_inode_permission(struct inode *inode, int mask, unsigned flags) |
690 | { | 690 | { |
691 | struct smk_audit_info ad; | 691 | struct smk_audit_info ad; |
692 | 692 | ||
693 | mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); | 693 | mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); |
694 | /* | 694 | /* |
695 | * No permission to check. Existence test. Yup, it's there. | 695 | * No permission to check. Existence test. Yup, it's there. |
696 | */ | 696 | */ |
697 | if (mask == 0) | 697 | if (mask == 0) |
698 | return 0; | 698 | return 0; |
699 | 699 | ||
700 | /* May be droppable after audit */ | 700 | /* May be droppable after audit */ |
701 | if (flags & IPERM_FLAG_RCU) | 701 | if (flags & IPERM_FLAG_RCU) |
702 | return -ECHILD; | 702 | return -ECHILD; |
703 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 703 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); |
704 | smk_ad_setfield_u_fs_inode(&ad, inode); | 704 | smk_ad_setfield_u_fs_inode(&ad, inode); |
705 | return smk_curacc(smk_of_inode(inode), mask, &ad); | 705 | return smk_curacc(smk_of_inode(inode), mask, &ad); |
706 | } | 706 | } |
707 | 707 | ||
708 | /** | 708 | /** |
709 | * smack_inode_setattr - Smack check for setting attributes | 709 | * smack_inode_setattr - Smack check for setting attributes |
710 | * @dentry: the object | 710 | * @dentry: the object |
711 | * @iattr: for the force flag | 711 | * @iattr: for the force flag |
712 | * | 712 | * |
713 | * Returns 0 if access is permitted, an error code otherwise | 713 | * Returns 0 if access is permitted, an error code otherwise |
714 | */ | 714 | */ |
715 | static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) | 715 | static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) |
716 | { | 716 | { |
717 | struct smk_audit_info ad; | 717 | struct smk_audit_info ad; |
718 | /* | 718 | /* |
719 | * Need to allow for clearing the setuid bit. | 719 | * Need to allow for clearing the setuid bit. |
720 | */ | 720 | */ |
721 | if (iattr->ia_valid & ATTR_FORCE) | 721 | if (iattr->ia_valid & ATTR_FORCE) |
722 | return 0; | 722 | return 0; |
723 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 723 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
724 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 724 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
725 | 725 | ||
726 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); | 726 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
727 | } | 727 | } |
728 | 728 | ||
729 | /** | 729 | /** |
730 | * smack_inode_getattr - Smack check for getting attributes | 730 | * smack_inode_getattr - Smack check for getting attributes |
731 | * @mnt: unused | 731 | * @mnt: unused |
732 | * @dentry: the object | 732 | * @dentry: the object |
733 | * | 733 | * |
734 | * Returns 0 if access is permitted, an error code otherwise | 734 | * Returns 0 if access is permitted, an error code otherwise |
735 | */ | 735 | */ |
736 | static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 736 | static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
737 | { | 737 | { |
738 | struct smk_audit_info ad; | 738 | struct smk_audit_info ad; |
739 | 739 | ||
740 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 740 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
741 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 741 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
742 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); | 742 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); |
743 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); | 743 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); |
744 | } | 744 | } |
745 | 745 | ||
746 | /** | 746 | /** |
747 | * smack_inode_setxattr - Smack check for setting xattrs | 747 | * smack_inode_setxattr - Smack check for setting xattrs |
748 | * @dentry: the object | 748 | * @dentry: the object |
749 | * @name: name of the attribute | 749 | * @name: name of the attribute |
750 | * @value: unused | 750 | * @value: unused |
751 | * @size: unused | 751 | * @size: unused |
752 | * @flags: unused | 752 | * @flags: unused |
753 | * | 753 | * |
754 | * This protects the Smack attribute explicitly. | 754 | * This protects the Smack attribute explicitly. |
755 | * | 755 | * |
756 | * Returns 0 if access is permitted, an error code otherwise | 756 | * Returns 0 if access is permitted, an error code otherwise |
757 | */ | 757 | */ |
758 | static int smack_inode_setxattr(struct dentry *dentry, const char *name, | 758 | static int smack_inode_setxattr(struct dentry *dentry, const char *name, |
759 | const void *value, size_t size, int flags) | 759 | const void *value, size_t size, int flags) |
760 | { | 760 | { |
761 | struct smk_audit_info ad; | 761 | struct smk_audit_info ad; |
762 | int rc = 0; | 762 | int rc = 0; |
763 | 763 | ||
764 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || | 764 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || |
765 | strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || | 765 | strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || |
766 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || | 766 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || |
767 | strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || | 767 | strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || |
768 | strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { | 768 | strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { |
769 | if (!capable(CAP_MAC_ADMIN)) | 769 | if (!capable(CAP_MAC_ADMIN)) |
770 | rc = -EPERM; | 770 | rc = -EPERM; |
771 | /* | 771 | /* |
772 | * check label validity here so import wont fail on | 772 | * check label validity here so import wont fail on |
773 | * post_setxattr | 773 | * post_setxattr |
774 | */ | 774 | */ |
775 | if (size == 0 || size >= SMK_LABELLEN || | 775 | if (size == 0 || size >= SMK_LABELLEN || |
776 | smk_import(value, size) == NULL) | 776 | smk_import(value, size) == NULL) |
777 | rc = -EINVAL; | 777 | rc = -EINVAL; |
778 | } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { | 778 | } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { |
779 | if (!capable(CAP_MAC_ADMIN)) | 779 | if (!capable(CAP_MAC_ADMIN)) |
780 | rc = -EPERM; | 780 | rc = -EPERM; |
781 | if (size != TRANS_TRUE_SIZE || | 781 | if (size != TRANS_TRUE_SIZE || |
782 | strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) | 782 | strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) |
783 | rc = -EINVAL; | 783 | rc = -EINVAL; |
784 | } else | 784 | } else |
785 | rc = cap_inode_setxattr(dentry, name, value, size, flags); | 785 | rc = cap_inode_setxattr(dentry, name, value, size, flags); |
786 | 786 | ||
787 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 787 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
788 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 788 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
789 | 789 | ||
790 | if (rc == 0) | 790 | if (rc == 0) |
791 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); | 791 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
792 | 792 | ||
793 | return rc; | 793 | return rc; |
794 | } | 794 | } |
795 | 795 | ||
796 | /** | 796 | /** |
797 | * smack_inode_post_setxattr - Apply the Smack update approved above | 797 | * smack_inode_post_setxattr - Apply the Smack update approved above |
798 | * @dentry: object | 798 | * @dentry: object |
799 | * @name: attribute name | 799 | * @name: attribute name |
800 | * @value: attribute value | 800 | * @value: attribute value |
801 | * @size: attribute size | 801 | * @size: attribute size |
802 | * @flags: unused | 802 | * @flags: unused |
803 | * | 803 | * |
804 | * Set the pointer in the inode blob to the entry found | 804 | * Set the pointer in the inode blob to the entry found |
805 | * in the master label list. | 805 | * in the master label list. |
806 | */ | 806 | */ |
807 | static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, | 807 | static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, |
808 | const void *value, size_t size, int flags) | 808 | const void *value, size_t size, int flags) |
809 | { | 809 | { |
810 | char *nsp; | 810 | char *nsp; |
811 | struct inode_smack *isp = dentry->d_inode->i_security; | 811 | struct inode_smack *isp = dentry->d_inode->i_security; |
812 | 812 | ||
813 | if (strcmp(name, XATTR_NAME_SMACK) == 0) { | 813 | if (strcmp(name, XATTR_NAME_SMACK) == 0) { |
814 | nsp = smk_import(value, size); | 814 | nsp = smk_import(value, size); |
815 | if (nsp != NULL) | 815 | if (nsp != NULL) |
816 | isp->smk_inode = nsp; | 816 | isp->smk_inode = nsp; |
817 | else | 817 | else |
818 | isp->smk_inode = smack_known_invalid.smk_known; | 818 | isp->smk_inode = smack_known_invalid.smk_known; |
819 | } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { | 819 | } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { |
820 | nsp = smk_import(value, size); | 820 | nsp = smk_import(value, size); |
821 | if (nsp != NULL) | 821 | if (nsp != NULL) |
822 | isp->smk_task = nsp; | 822 | isp->smk_task = nsp; |
823 | else | 823 | else |
824 | isp->smk_task = smack_known_invalid.smk_known; | 824 | isp->smk_task = smack_known_invalid.smk_known; |
825 | } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { | 825 | } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { |
826 | nsp = smk_import(value, size); | 826 | nsp = smk_import(value, size); |
827 | if (nsp != NULL) | 827 | if (nsp != NULL) |
828 | isp->smk_mmap = nsp; | 828 | isp->smk_mmap = nsp; |
829 | else | 829 | else |
830 | isp->smk_mmap = smack_known_invalid.smk_known; | 830 | isp->smk_mmap = smack_known_invalid.smk_known; |
831 | } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) | 831 | } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) |
832 | isp->smk_flags |= SMK_INODE_TRANSMUTE; | 832 | isp->smk_flags |= SMK_INODE_TRANSMUTE; |
833 | 833 | ||
834 | return; | 834 | return; |
835 | } | 835 | } |
836 | 836 | ||
837 | /* | 837 | /* |
838 | * smack_inode_getxattr - Smack check on getxattr | 838 | * smack_inode_getxattr - Smack check on getxattr |
839 | * @dentry: the object | 839 | * @dentry: the object |
840 | * @name: unused | 840 | * @name: unused |
841 | * | 841 | * |
842 | * Returns 0 if access is permitted, an error code otherwise | 842 | * Returns 0 if access is permitted, an error code otherwise |
843 | */ | 843 | */ |
844 | static int smack_inode_getxattr(struct dentry *dentry, const char *name) | 844 | static int smack_inode_getxattr(struct dentry *dentry, const char *name) |
845 | { | 845 | { |
846 | struct smk_audit_info ad; | 846 | struct smk_audit_info ad; |
847 | 847 | ||
848 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 848 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
849 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 849 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
850 | 850 | ||
851 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); | 851 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); |
852 | } | 852 | } |
853 | 853 | ||
854 | /* | 854 | /* |
855 | * smack_inode_removexattr - Smack check on removexattr | 855 | * smack_inode_removexattr - Smack check on removexattr |
856 | * @dentry: the object | 856 | * @dentry: the object |
857 | * @name: name of the attribute | 857 | * @name: name of the attribute |
858 | * | 858 | * |
859 | * Removing the Smack attribute requires CAP_MAC_ADMIN | 859 | * Removing the Smack attribute requires CAP_MAC_ADMIN |
860 | * | 860 | * |
861 | * Returns 0 if access is permitted, an error code otherwise | 861 | * Returns 0 if access is permitted, an error code otherwise |
862 | */ | 862 | */ |
863 | static int smack_inode_removexattr(struct dentry *dentry, const char *name) | 863 | static int smack_inode_removexattr(struct dentry *dentry, const char *name) |
864 | { | 864 | { |
865 | struct inode_smack *isp; | 865 | struct inode_smack *isp; |
866 | struct smk_audit_info ad; | 866 | struct smk_audit_info ad; |
867 | int rc = 0; | 867 | int rc = 0; |
868 | 868 | ||
869 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || | 869 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || |
870 | strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || | 870 | strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || |
871 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || | 871 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || |
872 | strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || | 872 | strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || |
873 | strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || | 873 | strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || |
874 | strcmp(name, XATTR_NAME_SMACKMMAP)) { | 874 | strcmp(name, XATTR_NAME_SMACKMMAP)) { |
875 | if (!capable(CAP_MAC_ADMIN)) | 875 | if (!capable(CAP_MAC_ADMIN)) |
876 | rc = -EPERM; | 876 | rc = -EPERM; |
877 | } else | 877 | } else |
878 | rc = cap_inode_removexattr(dentry, name); | 878 | rc = cap_inode_removexattr(dentry, name); |
879 | 879 | ||
880 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 880 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
881 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 881 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
882 | if (rc == 0) | 882 | if (rc == 0) |
883 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); | 883 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
884 | 884 | ||
885 | if (rc == 0) { | 885 | if (rc == 0) { |
886 | isp = dentry->d_inode->i_security; | 886 | isp = dentry->d_inode->i_security; |
887 | isp->smk_task = NULL; | 887 | isp->smk_task = NULL; |
888 | isp->smk_mmap = NULL; | 888 | isp->smk_mmap = NULL; |
889 | } | 889 | } |
890 | 890 | ||
891 | return rc; | 891 | return rc; |
892 | } | 892 | } |
893 | 893 | ||
894 | /** | 894 | /** |
895 | * smack_inode_getsecurity - get smack xattrs | 895 | * smack_inode_getsecurity - get smack xattrs |
896 | * @inode: the object | 896 | * @inode: the object |
897 | * @name: attribute name | 897 | * @name: attribute name |
898 | * @buffer: where to put the result | 898 | * @buffer: where to put the result |
899 | * @alloc: unused | 899 | * @alloc: unused |
900 | * | 900 | * |
901 | * Returns the size of the attribute or an error code | 901 | * Returns the size of the attribute or an error code |
902 | */ | 902 | */ |
903 | static int smack_inode_getsecurity(const struct inode *inode, | 903 | static int smack_inode_getsecurity(const struct inode *inode, |
904 | const char *name, void **buffer, | 904 | const char *name, void **buffer, |
905 | bool alloc) | 905 | bool alloc) |
906 | { | 906 | { |
907 | struct socket_smack *ssp; | 907 | struct socket_smack *ssp; |
908 | struct socket *sock; | 908 | struct socket *sock; |
909 | struct super_block *sbp; | 909 | struct super_block *sbp; |
910 | struct inode *ip = (struct inode *)inode; | 910 | struct inode *ip = (struct inode *)inode; |
911 | char *isp; | 911 | char *isp; |
912 | int ilen; | 912 | int ilen; |
913 | int rc = 0; | 913 | int rc = 0; |
914 | 914 | ||
915 | if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { | 915 | if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { |
916 | isp = smk_of_inode(inode); | 916 | isp = smk_of_inode(inode); |
917 | ilen = strlen(isp) + 1; | 917 | ilen = strlen(isp) + 1; |
918 | *buffer = isp; | 918 | *buffer = isp; |
919 | return ilen; | 919 | return ilen; |
920 | } | 920 | } |
921 | 921 | ||
922 | /* | 922 | /* |
923 | * The rest of the Smack xattrs are only on sockets. | 923 | * The rest of the Smack xattrs are only on sockets. |
924 | */ | 924 | */ |
925 | sbp = ip->i_sb; | 925 | sbp = ip->i_sb; |
926 | if (sbp->s_magic != SOCKFS_MAGIC) | 926 | if (sbp->s_magic != SOCKFS_MAGIC) |
927 | return -EOPNOTSUPP; | 927 | return -EOPNOTSUPP; |
928 | 928 | ||
929 | sock = SOCKET_I(ip); | 929 | sock = SOCKET_I(ip); |
930 | if (sock == NULL || sock->sk == NULL) | 930 | if (sock == NULL || sock->sk == NULL) |
931 | return -EOPNOTSUPP; | 931 | return -EOPNOTSUPP; |
932 | 932 | ||
933 | ssp = sock->sk->sk_security; | 933 | ssp = sock->sk->sk_security; |
934 | 934 | ||
935 | if (strcmp(name, XATTR_SMACK_IPIN) == 0) | 935 | if (strcmp(name, XATTR_SMACK_IPIN) == 0) |
936 | isp = ssp->smk_in; | 936 | isp = ssp->smk_in; |
937 | else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) | 937 | else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) |
938 | isp = ssp->smk_out; | 938 | isp = ssp->smk_out; |
939 | else | 939 | else |
940 | return -EOPNOTSUPP; | 940 | return -EOPNOTSUPP; |
941 | 941 | ||
942 | ilen = strlen(isp) + 1; | 942 | ilen = strlen(isp) + 1; |
943 | if (rc == 0) { | 943 | if (rc == 0) { |
944 | *buffer = isp; | 944 | *buffer = isp; |
945 | rc = ilen; | 945 | rc = ilen; |
946 | } | 946 | } |
947 | 947 | ||
948 | return rc; | 948 | return rc; |
949 | } | 949 | } |
950 | 950 | ||
951 | 951 | ||
952 | /** | 952 | /** |
953 | * smack_inode_listsecurity - list the Smack attributes | 953 | * smack_inode_listsecurity - list the Smack attributes |
954 | * @inode: the object | 954 | * @inode: the object |
955 | * @buffer: where they go | 955 | * @buffer: where they go |
956 | * @buffer_size: size of buffer | 956 | * @buffer_size: size of buffer |
957 | * | 957 | * |
958 | * Returns 0 on success, -EINVAL otherwise | 958 | * Returns 0 on success, -EINVAL otherwise |
959 | */ | 959 | */ |
960 | static int smack_inode_listsecurity(struct inode *inode, char *buffer, | 960 | static int smack_inode_listsecurity(struct inode *inode, char *buffer, |
961 | size_t buffer_size) | 961 | size_t buffer_size) |
962 | { | 962 | { |
963 | int len = strlen(XATTR_NAME_SMACK); | 963 | int len = strlen(XATTR_NAME_SMACK); |
964 | 964 | ||
965 | if (buffer != NULL && len <= buffer_size) { | 965 | if (buffer != NULL && len <= buffer_size) { |
966 | memcpy(buffer, XATTR_NAME_SMACK, len); | 966 | memcpy(buffer, XATTR_NAME_SMACK, len); |
967 | return len; | 967 | return len; |
968 | } | 968 | } |
969 | return -EINVAL; | 969 | return -EINVAL; |
970 | } | 970 | } |
971 | 971 | ||
972 | /** | 972 | /** |
973 | * smack_inode_getsecid - Extract inode's security id | 973 | * smack_inode_getsecid - Extract inode's security id |
974 | * @inode: inode to extract the info from | 974 | * @inode: inode to extract the info from |
975 | * @secid: where result will be saved | 975 | * @secid: where result will be saved |
976 | */ | 976 | */ |
977 | static void smack_inode_getsecid(const struct inode *inode, u32 *secid) | 977 | static void smack_inode_getsecid(const struct inode *inode, u32 *secid) |
978 | { | 978 | { |
979 | struct inode_smack *isp = inode->i_security; | 979 | struct inode_smack *isp = inode->i_security; |
980 | 980 | ||
981 | *secid = smack_to_secid(isp->smk_inode); | 981 | *secid = smack_to_secid(isp->smk_inode); |
982 | } | 982 | } |
983 | 983 | ||
984 | /* | 984 | /* |
985 | * File Hooks | 985 | * File Hooks |
986 | */ | 986 | */ |
987 | 987 | ||
988 | /** | 988 | /** |
989 | * smack_file_permission - Smack check on file operations | 989 | * smack_file_permission - Smack check on file operations |
990 | * @file: unused | 990 | * @file: unused |
991 | * @mask: unused | 991 | * @mask: unused |
992 | * | 992 | * |
993 | * Returns 0 | 993 | * Returns 0 |
994 | * | 994 | * |
995 | * Should access checks be done on each read or write? | 995 | * Should access checks be done on each read or write? |
996 | * UNICOS and SELinux say yes. | 996 | * UNICOS and SELinux say yes. |
997 | * Trusted Solaris, Trusted Irix, and just about everyone else says no. | 997 | * Trusted Solaris, Trusted Irix, and just about everyone else says no. |
998 | * | 998 | * |
999 | * I'll say no for now. Smack does not do the frequent | 999 | * I'll say no for now. Smack does not do the frequent |
1000 | * label changing that SELinux does. | 1000 | * label changing that SELinux does. |
1001 | */ | 1001 | */ |
1002 | static int smack_file_permission(struct file *file, int mask) | 1002 | static int smack_file_permission(struct file *file, int mask) |
1003 | { | 1003 | { |
1004 | return 0; | 1004 | return 0; |
1005 | } | 1005 | } |
1006 | 1006 | ||
1007 | /** | 1007 | /** |
1008 | * smack_file_alloc_security - assign a file security blob | 1008 | * smack_file_alloc_security - assign a file security blob |
1009 | * @file: the object | 1009 | * @file: the object |
1010 | * | 1010 | * |
1011 | * The security blob for a file is a pointer to the master | 1011 | * The security blob for a file is a pointer to the master |
1012 | * label list, so no allocation is done. | 1012 | * label list, so no allocation is done. |
1013 | * | 1013 | * |
1014 | * Returns 0 | 1014 | * Returns 0 |
1015 | */ | 1015 | */ |
1016 | static int smack_file_alloc_security(struct file *file) | 1016 | static int smack_file_alloc_security(struct file *file) |
1017 | { | 1017 | { |
1018 | file->f_security = smk_of_current(); | 1018 | file->f_security = smk_of_current(); |
1019 | return 0; | 1019 | return 0; |
1020 | } | 1020 | } |
1021 | 1021 | ||
1022 | /** | 1022 | /** |
1023 | * smack_file_free_security - clear a file security blob | 1023 | * smack_file_free_security - clear a file security blob |
1024 | * @file: the object | 1024 | * @file: the object |
1025 | * | 1025 | * |
1026 | * The security blob for a file is a pointer to the master | 1026 | * The security blob for a file is a pointer to the master |
1027 | * label list, so no memory is freed. | 1027 | * label list, so no memory is freed. |
1028 | */ | 1028 | */ |
1029 | static void smack_file_free_security(struct file *file) | 1029 | static void smack_file_free_security(struct file *file) |
1030 | { | 1030 | { |
1031 | file->f_security = NULL; | 1031 | file->f_security = NULL; |
1032 | } | 1032 | } |
1033 | 1033 | ||
1034 | /** | 1034 | /** |
1035 | * smack_file_ioctl - Smack check on ioctls | 1035 | * smack_file_ioctl - Smack check on ioctls |
1036 | * @file: the object | 1036 | * @file: the object |
1037 | * @cmd: what to do | 1037 | * @cmd: what to do |
1038 | * @arg: unused | 1038 | * @arg: unused |
1039 | * | 1039 | * |
1040 | * Relies heavily on the correct use of the ioctl command conventions. | 1040 | * Relies heavily on the correct use of the ioctl command conventions. |
1041 | * | 1041 | * |
1042 | * Returns 0 if allowed, error code otherwise | 1042 | * Returns 0 if allowed, error code otherwise |
1043 | */ | 1043 | */ |
1044 | static int smack_file_ioctl(struct file *file, unsigned int cmd, | 1044 | static int smack_file_ioctl(struct file *file, unsigned int cmd, |
1045 | unsigned long arg) | 1045 | unsigned long arg) |
1046 | { | 1046 | { |
1047 | int rc = 0; | 1047 | int rc = 0; |
1048 | struct smk_audit_info ad; | 1048 | struct smk_audit_info ad; |
1049 | 1049 | ||
1050 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 1050 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
1051 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | 1051 | smk_ad_setfield_u_fs_path(&ad, file->f_path); |
1052 | 1052 | ||
1053 | if (_IOC_DIR(cmd) & _IOC_WRITE) | 1053 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
1054 | rc = smk_curacc(file->f_security, MAY_WRITE, &ad); | 1054 | rc = smk_curacc(file->f_security, MAY_WRITE, &ad); |
1055 | 1055 | ||
1056 | if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) | 1056 | if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) |
1057 | rc = smk_curacc(file->f_security, MAY_READ, &ad); | 1057 | rc = smk_curacc(file->f_security, MAY_READ, &ad); |
1058 | 1058 | ||
1059 | return rc; | 1059 | return rc; |
1060 | } | 1060 | } |
1061 | 1061 | ||
1062 | /** | 1062 | /** |
1063 | * smack_file_lock - Smack check on file locking | 1063 | * smack_file_lock - Smack check on file locking |
1064 | * @file: the object | 1064 | * @file: the object |
1065 | * @cmd: unused | 1065 | * @cmd: unused |
1066 | * | 1066 | * |
1067 | * Returns 0 if current has write access, error code otherwise | 1067 | * Returns 0 if current has write access, error code otherwise |
1068 | */ | 1068 | */ |
1069 | static int smack_file_lock(struct file *file, unsigned int cmd) | 1069 | static int smack_file_lock(struct file *file, unsigned int cmd) |
1070 | { | 1070 | { |
1071 | struct smk_audit_info ad; | 1071 | struct smk_audit_info ad; |
1072 | 1072 | ||
1073 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 1073 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
1074 | smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry); | 1074 | smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry); |
1075 | return smk_curacc(file->f_security, MAY_WRITE, &ad); | 1075 | return smk_curacc(file->f_security, MAY_WRITE, &ad); |
1076 | } | 1076 | } |
1077 | 1077 | ||
1078 | /** | 1078 | /** |
1079 | * smack_file_fcntl - Smack check on fcntl | 1079 | * smack_file_fcntl - Smack check on fcntl |
1080 | * @file: the object | 1080 | * @file: the object |
1081 | * @cmd: what action to check | 1081 | * @cmd: what action to check |
1082 | * @arg: unused | 1082 | * @arg: unused |
1083 | * | 1083 | * |
1084 | * Returns 0 if current has access, error code otherwise | 1084 | * Returns 0 if current has access, error code otherwise |
1085 | */ | 1085 | */ |
1086 | static int smack_file_fcntl(struct file *file, unsigned int cmd, | 1086 | static int smack_file_fcntl(struct file *file, unsigned int cmd, |
1087 | unsigned long arg) | 1087 | unsigned long arg) |
1088 | { | 1088 | { |
1089 | struct smk_audit_info ad; | 1089 | struct smk_audit_info ad; |
1090 | int rc; | 1090 | int rc; |
1091 | 1091 | ||
1092 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 1092 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
1093 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | 1093 | smk_ad_setfield_u_fs_path(&ad, file->f_path); |
1094 | 1094 | ||
1095 | switch (cmd) { | 1095 | switch (cmd) { |
1096 | case F_DUPFD: | 1096 | case F_DUPFD: |
1097 | case F_GETFD: | 1097 | case F_GETFD: |
1098 | case F_GETFL: | 1098 | case F_GETFL: |
1099 | case F_GETLK: | 1099 | case F_GETLK: |
1100 | case F_GETOWN: | 1100 | case F_GETOWN: |
1101 | case F_GETSIG: | 1101 | case F_GETSIG: |
1102 | rc = smk_curacc(file->f_security, MAY_READ, &ad); | 1102 | rc = smk_curacc(file->f_security, MAY_READ, &ad); |
1103 | break; | 1103 | break; |
1104 | case F_SETFD: | 1104 | case F_SETFD: |
1105 | case F_SETFL: | 1105 | case F_SETFL: |
1106 | case F_SETLK: | 1106 | case F_SETLK: |
1107 | case F_SETLKW: | 1107 | case F_SETLKW: |
1108 | case F_SETOWN: | 1108 | case F_SETOWN: |
1109 | case F_SETSIG: | 1109 | case F_SETSIG: |
1110 | rc = smk_curacc(file->f_security, MAY_WRITE, &ad); | 1110 | rc = smk_curacc(file->f_security, MAY_WRITE, &ad); |
1111 | break; | 1111 | break; |
1112 | default: | 1112 | default: |
1113 | rc = smk_curacc(file->f_security, MAY_READWRITE, &ad); | 1113 | rc = smk_curacc(file->f_security, MAY_READWRITE, &ad); |
1114 | } | 1114 | } |
1115 | 1115 | ||
1116 | return rc; | 1116 | return rc; |
1117 | } | 1117 | } |
1118 | 1118 | ||
1119 | /** | 1119 | /** |
1120 | * smack_file_mmap : | 1120 | * smack_file_mmap : |
1121 | * Check permissions for a mmap operation. The @file may be NULL, e.g. | 1121 | * Check permissions for a mmap operation. The @file may be NULL, e.g. |
1122 | * if mapping anonymous memory. | 1122 | * if mapping anonymous memory. |
1123 | * @file contains the file structure for file to map (may be NULL). | 1123 | * @file contains the file structure for file to map (may be NULL). |
1124 | * @reqprot contains the protection requested by the application. | 1124 | * @reqprot contains the protection requested by the application. |
1125 | * @prot contains the protection that will be applied by the kernel. | 1125 | * @prot contains the protection that will be applied by the kernel. |
1126 | * @flags contains the operational flags. | 1126 | * @flags contains the operational flags. |
1127 | * Return 0 if permission is granted. | 1127 | * Return 0 if permission is granted. |
1128 | */ | 1128 | */ |
1129 | static int smack_file_mmap(struct file *file, | 1129 | static int smack_file_mmap(struct file *file, |
1130 | unsigned long reqprot, unsigned long prot, | 1130 | unsigned long reqprot, unsigned long prot, |
1131 | unsigned long flags, unsigned long addr, | 1131 | unsigned long flags, unsigned long addr, |
1132 | unsigned long addr_only) | 1132 | unsigned long addr_only) |
1133 | { | 1133 | { |
1134 | struct smack_rule *srp; | 1134 | struct smack_rule *srp; |
1135 | struct task_smack *tsp; | 1135 | struct task_smack *tsp; |
1136 | char *sp; | 1136 | char *sp; |
1137 | char *msmack; | 1137 | char *msmack; |
1138 | char *osmack; | 1138 | char *osmack; |
1139 | struct inode_smack *isp; | 1139 | struct inode_smack *isp; |
1140 | struct dentry *dp; | 1140 | struct dentry *dp; |
1141 | int may; | 1141 | int may; |
1142 | int mmay; | 1142 | int mmay; |
1143 | int tmay; | 1143 | int tmay; |
1144 | int rc; | 1144 | int rc; |
1145 | 1145 | ||
1146 | /* do DAC check on address space usage */ | 1146 | /* do DAC check on address space usage */ |
1147 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | 1147 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); |
1148 | if (rc || addr_only) | 1148 | if (rc || addr_only) |
1149 | return rc; | 1149 | return rc; |
1150 | 1150 | ||
1151 | if (file == NULL || file->f_dentry == NULL) | 1151 | if (file == NULL || file->f_dentry == NULL) |
1152 | return 0; | 1152 | return 0; |
1153 | 1153 | ||
1154 | dp = file->f_dentry; | 1154 | dp = file->f_dentry; |
1155 | 1155 | ||
1156 | if (dp->d_inode == NULL) | 1156 | if (dp->d_inode == NULL) |
1157 | return 0; | 1157 | return 0; |
1158 | 1158 | ||
1159 | isp = dp->d_inode->i_security; | 1159 | isp = dp->d_inode->i_security; |
1160 | if (isp->smk_mmap == NULL) | 1160 | if (isp->smk_mmap == NULL) |
1161 | return 0; | 1161 | return 0; |
1162 | msmack = isp->smk_mmap; | 1162 | msmack = isp->smk_mmap; |
1163 | 1163 | ||
1164 | tsp = current_security(); | 1164 | tsp = current_security(); |
1165 | sp = smk_of_current(); | 1165 | sp = smk_of_current(); |
1166 | rc = 0; | 1166 | rc = 0; |
1167 | 1167 | ||
1168 | rcu_read_lock(); | 1168 | rcu_read_lock(); |
1169 | /* | 1169 | /* |
1170 | * For each Smack rule associated with the subject | 1170 | * For each Smack rule associated with the subject |
1171 | * label verify that the SMACK64MMAP also has access | 1171 | * label verify that the SMACK64MMAP also has access |
1172 | * to that rule's object label. | 1172 | * to that rule's object label. |
1173 | * | 1173 | * |
1174 | * Because neither of the labels comes | 1174 | * Because neither of the labels comes |
1175 | * from the networking code it is sufficient | 1175 | * from the networking code it is sufficient |
1176 | * to compare pointers. | 1176 | * to compare pointers. |
1177 | */ | 1177 | */ |
1178 | list_for_each_entry_rcu(srp, &smack_rule_list, list) { | 1178 | list_for_each_entry_rcu(srp, &smack_rule_list, list) { |
1179 | if (srp->smk_subject != sp) | 1179 | if (srp->smk_subject != sp) |
1180 | continue; | 1180 | continue; |
1181 | 1181 | ||
1182 | osmack = srp->smk_object; | 1182 | osmack = srp->smk_object; |
1183 | /* | 1183 | /* |
1184 | * Matching labels always allows access. | 1184 | * Matching labels always allows access. |
1185 | */ | 1185 | */ |
1186 | if (msmack == osmack) | 1186 | if (msmack == osmack) |
1187 | continue; | 1187 | continue; |
1188 | /* | 1188 | /* |
1189 | * If there is a matching local rule take | 1189 | * If there is a matching local rule take |
1190 | * that into account as well. | 1190 | * that into account as well. |
1191 | */ | 1191 | */ |
1192 | may = smk_access_entry(srp->smk_subject, osmack, | 1192 | may = smk_access_entry(srp->smk_subject, osmack, |
1193 | &tsp->smk_rules); | 1193 | &tsp->smk_rules); |
1194 | if (may == -ENOENT) | 1194 | if (may == -ENOENT) |
1195 | may = srp->smk_access; | 1195 | may = srp->smk_access; |
1196 | else | 1196 | else |
1197 | may &= srp->smk_access; | 1197 | may &= srp->smk_access; |
1198 | /* | 1198 | /* |
1199 | * If may is zero the SMACK64MMAP subject can't | 1199 | * If may is zero the SMACK64MMAP subject can't |
1200 | * possibly have less access. | 1200 | * possibly have less access. |
1201 | */ | 1201 | */ |
1202 | if (may == 0) | 1202 | if (may == 0) |
1203 | continue; | 1203 | continue; |
1204 | 1204 | ||
1205 | /* | 1205 | /* |
1206 | * Fetch the global list entry. | 1206 | * Fetch the global list entry. |
1207 | * If there isn't one a SMACK64MMAP subject | 1207 | * If there isn't one a SMACK64MMAP subject |
1208 | * can't have as much access as current. | 1208 | * can't have as much access as current. |
1209 | */ | 1209 | */ |
1210 | mmay = smk_access_entry(msmack, osmack, &smack_rule_list); | 1210 | mmay = smk_access_entry(msmack, osmack, &smack_rule_list); |
1211 | if (mmay == -ENOENT) { | 1211 | if (mmay == -ENOENT) { |
1212 | rc = -EACCES; | 1212 | rc = -EACCES; |
1213 | break; | 1213 | break; |
1214 | } | 1214 | } |
1215 | /* | 1215 | /* |
1216 | * If there is a local entry it modifies the | 1216 | * If there is a local entry it modifies the |
1217 | * potential access, too. | 1217 | * potential access, too. |
1218 | */ | 1218 | */ |
1219 | tmay = smk_access_entry(msmack, osmack, &tsp->smk_rules); | 1219 | tmay = smk_access_entry(msmack, osmack, &tsp->smk_rules); |
1220 | if (tmay != -ENOENT) | 1220 | if (tmay != -ENOENT) |
1221 | mmay &= tmay; | 1221 | mmay &= tmay; |
1222 | 1222 | ||
1223 | /* | 1223 | /* |
1224 | * If there is any access available to current that is | 1224 | * If there is any access available to current that is |
1225 | * not available to a SMACK64MMAP subject | 1225 | * not available to a SMACK64MMAP subject |
1226 | * deny access. | 1226 | * deny access. |
1227 | */ | 1227 | */ |
1228 | if ((may | mmay) != mmay) { | 1228 | if ((may | mmay) != mmay) { |
1229 | rc = -EACCES; | 1229 | rc = -EACCES; |
1230 | break; | 1230 | break; |
1231 | } | 1231 | } |
1232 | } | 1232 | } |
1233 | 1233 | ||
1234 | rcu_read_unlock(); | 1234 | rcu_read_unlock(); |
1235 | 1235 | ||
1236 | return rc; | 1236 | return rc; |
1237 | } | 1237 | } |
1238 | 1238 | ||
1239 | /** | 1239 | /** |
1240 | * smack_file_set_fowner - set the file security blob value | 1240 | * smack_file_set_fowner - set the file security blob value |
1241 | * @file: object in question | 1241 | * @file: object in question |
1242 | * | 1242 | * |
1243 | * Returns 0 | 1243 | * Returns 0 |
1244 | * Further research may be required on this one. | 1244 | * Further research may be required on this one. |
1245 | */ | 1245 | */ |
1246 | static int smack_file_set_fowner(struct file *file) | 1246 | static int smack_file_set_fowner(struct file *file) |
1247 | { | 1247 | { |
1248 | file->f_security = smk_of_current(); | 1248 | file->f_security = smk_of_current(); |
1249 | return 0; | 1249 | return 0; |
1250 | } | 1250 | } |
1251 | 1251 | ||
1252 | /** | 1252 | /** |
1253 | * smack_file_send_sigiotask - Smack on sigio | 1253 | * smack_file_send_sigiotask - Smack on sigio |
1254 | * @tsk: The target task | 1254 | * @tsk: The target task |
1255 | * @fown: the object the signal come from | 1255 | * @fown: the object the signal come from |
1256 | * @signum: unused | 1256 | * @signum: unused |
1257 | * | 1257 | * |
1258 | * Allow a privileged task to get signals even if it shouldn't | 1258 | * Allow a privileged task to get signals even if it shouldn't |
1259 | * | 1259 | * |
1260 | * Returns 0 if a subject with the object's smack could | 1260 | * Returns 0 if a subject with the object's smack could |
1261 | * write to the task, an error code otherwise. | 1261 | * write to the task, an error code otherwise. |
1262 | */ | 1262 | */ |
1263 | static int smack_file_send_sigiotask(struct task_struct *tsk, | 1263 | static int smack_file_send_sigiotask(struct task_struct *tsk, |
1264 | struct fown_struct *fown, int signum) | 1264 | struct fown_struct *fown, int signum) |
1265 | { | 1265 | { |
1266 | struct file *file; | 1266 | struct file *file; |
1267 | int rc; | 1267 | int rc; |
1268 | char *tsp = smk_of_task(tsk->cred->security); | 1268 | char *tsp = smk_of_task(tsk->cred->security); |
1269 | struct smk_audit_info ad; | 1269 | struct smk_audit_info ad; |
1270 | 1270 | ||
1271 | /* | 1271 | /* |
1272 | * struct fown_struct is never outside the context of a struct file | 1272 | * struct fown_struct is never outside the context of a struct file |
1273 | */ | 1273 | */ |
1274 | file = container_of(fown, struct file, f_owner); | 1274 | file = container_of(fown, struct file, f_owner); |
1275 | 1275 | ||
1276 | /* we don't log here as rc can be overriden */ | 1276 | /* we don't log here as rc can be overriden */ |
1277 | rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL); | 1277 | rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL); |
1278 | if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) | 1278 | if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) |
1279 | rc = 0; | 1279 | rc = 0; |
1280 | 1280 | ||
1281 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | 1281 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); |
1282 | smk_ad_setfield_u_tsk(&ad, tsk); | 1282 | smk_ad_setfield_u_tsk(&ad, tsk); |
1283 | smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad); | 1283 | smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad); |
1284 | return rc; | 1284 | return rc; |
1285 | } | 1285 | } |
1286 | 1286 | ||
1287 | /** | 1287 | /** |
1288 | * smack_file_receive - Smack file receive check | 1288 | * smack_file_receive - Smack file receive check |
1289 | * @file: the object | 1289 | * @file: the object |
1290 | * | 1290 | * |
1291 | * Returns 0 if current has access, error code otherwise | 1291 | * Returns 0 if current has access, error code otherwise |
1292 | */ | 1292 | */ |
1293 | static int smack_file_receive(struct file *file) | 1293 | static int smack_file_receive(struct file *file) |
1294 | { | 1294 | { |
1295 | int may = 0; | 1295 | int may = 0; |
1296 | struct smk_audit_info ad; | 1296 | struct smk_audit_info ad; |
1297 | 1297 | ||
1298 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | 1298 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); |
1299 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | 1299 | smk_ad_setfield_u_fs_path(&ad, file->f_path); |
1300 | /* | 1300 | /* |
1301 | * This code relies on bitmasks. | 1301 | * This code relies on bitmasks. |
1302 | */ | 1302 | */ |
1303 | if (file->f_mode & FMODE_READ) | 1303 | if (file->f_mode & FMODE_READ) |
1304 | may = MAY_READ; | 1304 | may = MAY_READ; |
1305 | if (file->f_mode & FMODE_WRITE) | 1305 | if (file->f_mode & FMODE_WRITE) |
1306 | may |= MAY_WRITE; | 1306 | may |= MAY_WRITE; |
1307 | 1307 | ||
1308 | return smk_curacc(file->f_security, may, &ad); | 1308 | return smk_curacc(file->f_security, may, &ad); |
1309 | } | 1309 | } |
1310 | 1310 | ||
1311 | /* | 1311 | /* |
1312 | * Task hooks | 1312 | * Task hooks |
1313 | */ | 1313 | */ |
1314 | 1314 | ||
1315 | /** | 1315 | /** |
1316 | * smack_cred_alloc_blank - "allocate" blank task-level security credentials | 1316 | * smack_cred_alloc_blank - "allocate" blank task-level security credentials |
1317 | * @new: the new credentials | 1317 | * @new: the new credentials |
1318 | * @gfp: the atomicity of any memory allocations | 1318 | * @gfp: the atomicity of any memory allocations |
1319 | * | 1319 | * |
1320 | * Prepare a blank set of credentials for modification. This must allocate all | 1320 | * Prepare a blank set of credentials for modification. This must allocate all |
1321 | * the memory the LSM module might require such that cred_transfer() can | 1321 | * the memory the LSM module might require such that cred_transfer() can |
1322 | * complete without error. | 1322 | * complete without error. |
1323 | */ | 1323 | */ |
1324 | static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) | 1324 | static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) |
1325 | { | 1325 | { |
1326 | struct task_smack *tsp; | 1326 | struct task_smack *tsp; |
1327 | 1327 | ||
1328 | tsp = new_task_smack(NULL, NULL, gfp); | 1328 | tsp = new_task_smack(NULL, NULL, gfp); |
1329 | if (tsp == NULL) | 1329 | if (tsp == NULL) |
1330 | return -ENOMEM; | 1330 | return -ENOMEM; |
1331 | 1331 | ||
1332 | cred->security = tsp; | 1332 | cred->security = tsp; |
1333 | 1333 | ||
1334 | return 0; | 1334 | return 0; |
1335 | } | 1335 | } |
1336 | 1336 | ||
1337 | 1337 | ||
1338 | /** | 1338 | /** |
1339 | * smack_cred_free - "free" task-level security credentials | 1339 | * smack_cred_free - "free" task-level security credentials |
1340 | * @cred: the credentials in question | 1340 | * @cred: the credentials in question |
1341 | * | 1341 | * |
1342 | */ | 1342 | */ |
1343 | static void smack_cred_free(struct cred *cred) | 1343 | static void smack_cred_free(struct cred *cred) |
1344 | { | 1344 | { |
1345 | struct task_smack *tsp = cred->security; | 1345 | struct task_smack *tsp = cred->security; |
1346 | struct smack_rule *rp; | 1346 | struct smack_rule *rp; |
1347 | struct list_head *l; | 1347 | struct list_head *l; |
1348 | struct list_head *n; | 1348 | struct list_head *n; |
1349 | 1349 | ||
1350 | if (tsp == NULL) | 1350 | if (tsp == NULL) |
1351 | return; | 1351 | return; |
1352 | cred->security = NULL; | 1352 | cred->security = NULL; |
1353 | 1353 | ||
1354 | list_for_each_safe(l, n, &tsp->smk_rules) { | 1354 | list_for_each_safe(l, n, &tsp->smk_rules) { |
1355 | rp = list_entry(l, struct smack_rule, list); | 1355 | rp = list_entry(l, struct smack_rule, list); |
1356 | list_del(&rp->list); | 1356 | list_del(&rp->list); |
1357 | kfree(rp); | 1357 | kfree(rp); |
1358 | } | 1358 | } |
1359 | kfree(tsp); | 1359 | kfree(tsp); |
1360 | } | 1360 | } |
1361 | 1361 | ||
1362 | /** | 1362 | /** |
1363 | * smack_cred_prepare - prepare new set of credentials for modification | 1363 | * smack_cred_prepare - prepare new set of credentials for modification |
1364 | * @new: the new credentials | 1364 | * @new: the new credentials |
1365 | * @old: the original credentials | 1365 | * @old: the original credentials |
1366 | * @gfp: the atomicity of any memory allocations | 1366 | * @gfp: the atomicity of any memory allocations |
1367 | * | 1367 | * |
1368 | * Prepare a new set of credentials for modification. | 1368 | * Prepare a new set of credentials for modification. |
1369 | */ | 1369 | */ |
1370 | static int smack_cred_prepare(struct cred *new, const struct cred *old, | 1370 | static int smack_cred_prepare(struct cred *new, const struct cred *old, |
1371 | gfp_t gfp) | 1371 | gfp_t gfp) |
1372 | { | 1372 | { |
1373 | struct task_smack *old_tsp = old->security; | 1373 | struct task_smack *old_tsp = old->security; |
1374 | struct task_smack *new_tsp; | 1374 | struct task_smack *new_tsp; |
1375 | int rc; | 1375 | int rc; |
1376 | 1376 | ||
1377 | new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); | 1377 | new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); |
1378 | if (new_tsp == NULL) | 1378 | if (new_tsp == NULL) |
1379 | return -ENOMEM; | 1379 | return -ENOMEM; |
1380 | 1380 | ||
1381 | rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); | 1381 | rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); |
1382 | if (rc != 0) | 1382 | if (rc != 0) |
1383 | return rc; | 1383 | return rc; |
1384 | 1384 | ||
1385 | new->security = new_tsp; | 1385 | new->security = new_tsp; |
1386 | return 0; | 1386 | return 0; |
1387 | } | 1387 | } |
1388 | 1388 | ||
1389 | /** | 1389 | /** |
1390 | * smack_cred_transfer - Transfer the old credentials to the new credentials | 1390 | * smack_cred_transfer - Transfer the old credentials to the new credentials |
1391 | * @new: the new credentials | 1391 | * @new: the new credentials |
1392 | * @old: the original credentials | 1392 | * @old: the original credentials |
1393 | * | 1393 | * |
1394 | * Fill in a set of blank credentials from another set of credentials. | 1394 | * Fill in a set of blank credentials from another set of credentials. |
1395 | */ | 1395 | */ |
1396 | static void smack_cred_transfer(struct cred *new, const struct cred *old) | 1396 | static void smack_cred_transfer(struct cred *new, const struct cred *old) |
1397 | { | 1397 | { |
1398 | struct task_smack *old_tsp = old->security; | 1398 | struct task_smack *old_tsp = old->security; |
1399 | struct task_smack *new_tsp = new->security; | 1399 | struct task_smack *new_tsp = new->security; |
1400 | 1400 | ||
1401 | new_tsp->smk_task = old_tsp->smk_task; | 1401 | new_tsp->smk_task = old_tsp->smk_task; |
1402 | new_tsp->smk_forked = old_tsp->smk_task; | 1402 | new_tsp->smk_forked = old_tsp->smk_task; |
1403 | mutex_init(&new_tsp->smk_rules_lock); | 1403 | mutex_init(&new_tsp->smk_rules_lock); |
1404 | INIT_LIST_HEAD(&new_tsp->smk_rules); | 1404 | INIT_LIST_HEAD(&new_tsp->smk_rules); |
1405 | 1405 | ||
1406 | 1406 | ||
1407 | /* cbs copy rule list */ | 1407 | /* cbs copy rule list */ |
1408 | } | 1408 | } |
1409 | 1409 | ||
1410 | /** | 1410 | /** |
1411 | * smack_kernel_act_as - Set the subjective context in a set of credentials | 1411 | * smack_kernel_act_as - Set the subjective context in a set of credentials |
1412 | * @new: points to the set of credentials to be modified. | 1412 | * @new: points to the set of credentials to be modified. |
1413 | * @secid: specifies the security ID to be set | 1413 | * @secid: specifies the security ID to be set |
1414 | * | 1414 | * |
1415 | * Set the security data for a kernel service. | 1415 | * Set the security data for a kernel service. |
1416 | */ | 1416 | */ |
1417 | static int smack_kernel_act_as(struct cred *new, u32 secid) | 1417 | static int smack_kernel_act_as(struct cred *new, u32 secid) |
1418 | { | 1418 | { |
1419 | struct task_smack *new_tsp = new->security; | 1419 | struct task_smack *new_tsp = new->security; |
1420 | char *smack = smack_from_secid(secid); | 1420 | char *smack = smack_from_secid(secid); |
1421 | 1421 | ||
1422 | if (smack == NULL) | 1422 | if (smack == NULL) |
1423 | return -EINVAL; | 1423 | return -EINVAL; |
1424 | 1424 | ||
1425 | new_tsp->smk_task = smack; | 1425 | new_tsp->smk_task = smack; |
1426 | return 0; | 1426 | return 0; |
1427 | } | 1427 | } |
1428 | 1428 | ||
1429 | /** | 1429 | /** |
1430 | * smack_kernel_create_files_as - Set the file creation label in a set of creds | 1430 | * smack_kernel_create_files_as - Set the file creation label in a set of creds |
1431 | * @new: points to the set of credentials to be modified | 1431 | * @new: points to the set of credentials to be modified |
1432 | * @inode: points to the inode to use as a reference | 1432 | * @inode: points to the inode to use as a reference |
1433 | * | 1433 | * |
1434 | * Set the file creation context in a set of credentials to the same | 1434 | * Set the file creation context in a set of credentials to the same |
1435 | * as the objective context of the specified inode | 1435 | * as the objective context of the specified inode |
1436 | */ | 1436 | */ |
1437 | static int smack_kernel_create_files_as(struct cred *new, | 1437 | static int smack_kernel_create_files_as(struct cred *new, |
1438 | struct inode *inode) | 1438 | struct inode *inode) |
1439 | { | 1439 | { |
1440 | struct inode_smack *isp = inode->i_security; | 1440 | struct inode_smack *isp = inode->i_security; |
1441 | struct task_smack *tsp = new->security; | 1441 | struct task_smack *tsp = new->security; |
1442 | 1442 | ||
1443 | tsp->smk_forked = isp->smk_inode; | 1443 | tsp->smk_forked = isp->smk_inode; |
1444 | tsp->smk_task = isp->smk_inode; | 1444 | tsp->smk_task = isp->smk_inode; |
1445 | return 0; | 1445 | return 0; |
1446 | } | 1446 | } |
1447 | 1447 | ||
1448 | /** | 1448 | /** |
1449 | * smk_curacc_on_task - helper to log task related access | 1449 | * smk_curacc_on_task - helper to log task related access |
1450 | * @p: the task object | 1450 | * @p: the task object |
1451 | * @access : the access requested | 1451 | * @access : the access requested |
1452 | * | 1452 | * |
1453 | * Return 0 if access is permitted | 1453 | * Return 0 if access is permitted |
1454 | */ | 1454 | */ |
1455 | static int smk_curacc_on_task(struct task_struct *p, int access) | 1455 | static int smk_curacc_on_task(struct task_struct *p, int access) |
1456 | { | 1456 | { |
1457 | struct smk_audit_info ad; | 1457 | struct smk_audit_info ad; |
1458 | 1458 | ||
1459 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | 1459 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); |
1460 | smk_ad_setfield_u_tsk(&ad, p); | 1460 | smk_ad_setfield_u_tsk(&ad, p); |
1461 | return smk_curacc(smk_of_task(task_security(p)), access, &ad); | 1461 | return smk_curacc(smk_of_task(task_security(p)), access, &ad); |
1462 | } | 1462 | } |
1463 | 1463 | ||
1464 | /** | 1464 | /** |
1465 | * smack_task_setpgid - Smack check on setting pgid | 1465 | * smack_task_setpgid - Smack check on setting pgid |
1466 | * @p: the task object | 1466 | * @p: the task object |
1467 | * @pgid: unused | 1467 | * @pgid: unused |
1468 | * | 1468 | * |
1469 | * Return 0 if write access is permitted | 1469 | * Return 0 if write access is permitted |
1470 | */ | 1470 | */ |
1471 | static int smack_task_setpgid(struct task_struct *p, pid_t pgid) | 1471 | static int smack_task_setpgid(struct task_struct *p, pid_t pgid) |
1472 | { | 1472 | { |
1473 | return smk_curacc_on_task(p, MAY_WRITE); | 1473 | return smk_curacc_on_task(p, MAY_WRITE); |
1474 | } | 1474 | } |
1475 | 1475 | ||
1476 | /** | 1476 | /** |
1477 | * smack_task_getpgid - Smack access check for getpgid | 1477 | * smack_task_getpgid - Smack access check for getpgid |
1478 | * @p: the object task | 1478 | * @p: the object task |
1479 | * | 1479 | * |
1480 | * Returns 0 if current can read the object task, error code otherwise | 1480 | * Returns 0 if current can read the object task, error code otherwise |
1481 | */ | 1481 | */ |
1482 | static int smack_task_getpgid(struct task_struct *p) | 1482 | static int smack_task_getpgid(struct task_struct *p) |
1483 | { | 1483 | { |
1484 | return smk_curacc_on_task(p, MAY_READ); | 1484 | return smk_curacc_on_task(p, MAY_READ); |
1485 | } | 1485 | } |
1486 | 1486 | ||
1487 | /** | 1487 | /** |
1488 | * smack_task_getsid - Smack access check for getsid | 1488 | * smack_task_getsid - Smack access check for getsid |
1489 | * @p: the object task | 1489 | * @p: the object task |
1490 | * | 1490 | * |
1491 | * Returns 0 if current can read the object task, error code otherwise | 1491 | * Returns 0 if current can read the object task, error code otherwise |
1492 | */ | 1492 | */ |
1493 | static int smack_task_getsid(struct task_struct *p) | 1493 | static int smack_task_getsid(struct task_struct *p) |
1494 | { | 1494 | { |
1495 | return smk_curacc_on_task(p, MAY_READ); | 1495 | return smk_curacc_on_task(p, MAY_READ); |
1496 | } | 1496 | } |
1497 | 1497 | ||
1498 | /** | 1498 | /** |
1499 | * smack_task_getsecid - get the secid of the task | 1499 | * smack_task_getsecid - get the secid of the task |
1500 | * @p: the object task | 1500 | * @p: the object task |
1501 | * @secid: where to put the result | 1501 | * @secid: where to put the result |
1502 | * | 1502 | * |
1503 | * Sets the secid to contain a u32 version of the smack label. | 1503 | * Sets the secid to contain a u32 version of the smack label. |
1504 | */ | 1504 | */ |
1505 | static void smack_task_getsecid(struct task_struct *p, u32 *secid) | 1505 | static void smack_task_getsecid(struct task_struct *p, u32 *secid) |
1506 | { | 1506 | { |
1507 | *secid = smack_to_secid(smk_of_task(task_security(p))); | 1507 | *secid = smack_to_secid(smk_of_task(task_security(p))); |
1508 | } | 1508 | } |
1509 | 1509 | ||
1510 | /** | 1510 | /** |
1511 | * smack_task_setnice - Smack check on setting nice | 1511 | * smack_task_setnice - Smack check on setting nice |
1512 | * @p: the task object | 1512 | * @p: the task object |
1513 | * @nice: unused | 1513 | * @nice: unused |
1514 | * | 1514 | * |
1515 | * Return 0 if write access is permitted | 1515 | * Return 0 if write access is permitted |
1516 | */ | 1516 | */ |
1517 | static int smack_task_setnice(struct task_struct *p, int nice) | 1517 | static int smack_task_setnice(struct task_struct *p, int nice) |
1518 | { | 1518 | { |
1519 | int rc; | 1519 | int rc; |
1520 | 1520 | ||
1521 | rc = cap_task_setnice(p, nice); | 1521 | rc = cap_task_setnice(p, nice); |
1522 | if (rc == 0) | 1522 | if (rc == 0) |
1523 | rc = smk_curacc_on_task(p, MAY_WRITE); | 1523 | rc = smk_curacc_on_task(p, MAY_WRITE); |
1524 | return rc; | 1524 | return rc; |
1525 | } | 1525 | } |
1526 | 1526 | ||
1527 | /** | 1527 | /** |
1528 | * smack_task_setioprio - Smack check on setting ioprio | 1528 | * smack_task_setioprio - Smack check on setting ioprio |
1529 | * @p: the task object | 1529 | * @p: the task object |
1530 | * @ioprio: unused | 1530 | * @ioprio: unused |
1531 | * | 1531 | * |
1532 | * Return 0 if write access is permitted | 1532 | * Return 0 if write access is permitted |
1533 | */ | 1533 | */ |
1534 | static int smack_task_setioprio(struct task_struct *p, int ioprio) | 1534 | static int smack_task_setioprio(struct task_struct *p, int ioprio) |
1535 | { | 1535 | { |
1536 | int rc; | 1536 | int rc; |
1537 | 1537 | ||
1538 | rc = cap_task_setioprio(p, ioprio); | 1538 | rc = cap_task_setioprio(p, ioprio); |
1539 | if (rc == 0) | 1539 | if (rc == 0) |
1540 | rc = smk_curacc_on_task(p, MAY_WRITE); | 1540 | rc = smk_curacc_on_task(p, MAY_WRITE); |
1541 | return rc; | 1541 | return rc; |
1542 | } | 1542 | } |
1543 | 1543 | ||
1544 | /** | 1544 | /** |
1545 | * smack_task_getioprio - Smack check on reading ioprio | 1545 | * smack_task_getioprio - Smack check on reading ioprio |
1546 | * @p: the task object | 1546 | * @p: the task object |
1547 | * | 1547 | * |
1548 | * Return 0 if read access is permitted | 1548 | * Return 0 if read access is permitted |
1549 | */ | 1549 | */ |
1550 | static int smack_task_getioprio(struct task_struct *p) | 1550 | static int smack_task_getioprio(struct task_struct *p) |
1551 | { | 1551 | { |
1552 | return smk_curacc_on_task(p, MAY_READ); | 1552 | return smk_curacc_on_task(p, MAY_READ); |
1553 | } | 1553 | } |
1554 | 1554 | ||
1555 | /** | 1555 | /** |
1556 | * smack_task_setscheduler - Smack check on setting scheduler | 1556 | * smack_task_setscheduler - Smack check on setting scheduler |
1557 | * @p: the task object | 1557 | * @p: the task object |
1558 | * @policy: unused | 1558 | * @policy: unused |
1559 | * @lp: unused | 1559 | * @lp: unused |
1560 | * | 1560 | * |
1561 | * Return 0 if read access is permitted | 1561 | * Return 0 if read access is permitted |
1562 | */ | 1562 | */ |
1563 | static int smack_task_setscheduler(struct task_struct *p) | 1563 | static int smack_task_setscheduler(struct task_struct *p) |
1564 | { | 1564 | { |
1565 | int rc; | 1565 | int rc; |
1566 | 1566 | ||
1567 | rc = cap_task_setscheduler(p); | 1567 | rc = cap_task_setscheduler(p); |
1568 | if (rc == 0) | 1568 | if (rc == 0) |
1569 | rc = smk_curacc_on_task(p, MAY_WRITE); | 1569 | rc = smk_curacc_on_task(p, MAY_WRITE); |
1570 | return rc; | 1570 | return rc; |
1571 | } | 1571 | } |
1572 | 1572 | ||
1573 | /** | 1573 | /** |
1574 | * smack_task_getscheduler - Smack check on reading scheduler | 1574 | * smack_task_getscheduler - Smack check on reading scheduler |
1575 | * @p: the task object | 1575 | * @p: the task object |
1576 | * | 1576 | * |
1577 | * Return 0 if read access is permitted | 1577 | * Return 0 if read access is permitted |
1578 | */ | 1578 | */ |
1579 | static int smack_task_getscheduler(struct task_struct *p) | 1579 | static int smack_task_getscheduler(struct task_struct *p) |
1580 | { | 1580 | { |
1581 | return smk_curacc_on_task(p, MAY_READ); | 1581 | return smk_curacc_on_task(p, MAY_READ); |
1582 | } | 1582 | } |
1583 | 1583 | ||
1584 | /** | 1584 | /** |
1585 | * smack_task_movememory - Smack check on moving memory | 1585 | * smack_task_movememory - Smack check on moving memory |
1586 | * @p: the task object | 1586 | * @p: the task object |
1587 | * | 1587 | * |
1588 | * Return 0 if write access is permitted | 1588 | * Return 0 if write access is permitted |
1589 | */ | 1589 | */ |
1590 | static int smack_task_movememory(struct task_struct *p) | 1590 | static int smack_task_movememory(struct task_struct *p) |
1591 | { | 1591 | { |
1592 | return smk_curacc_on_task(p, MAY_WRITE); | 1592 | return smk_curacc_on_task(p, MAY_WRITE); |
1593 | } | 1593 | } |
1594 | 1594 | ||
1595 | /** | 1595 | /** |
1596 | * smack_task_kill - Smack check on signal delivery | 1596 | * smack_task_kill - Smack check on signal delivery |
1597 | * @p: the task object | 1597 | * @p: the task object |
1598 | * @info: unused | 1598 | * @info: unused |
1599 | * @sig: unused | 1599 | * @sig: unused |
1600 | * @secid: identifies the smack to use in lieu of current's | 1600 | * @secid: identifies the smack to use in lieu of current's |
1601 | * | 1601 | * |
1602 | * Return 0 if write access is permitted | 1602 | * Return 0 if write access is permitted |
1603 | * | 1603 | * |
1604 | * The secid behavior is an artifact of an SELinux hack | 1604 | * The secid behavior is an artifact of an SELinux hack |
1605 | * in the USB code. Someday it may go away. | 1605 | * in the USB code. Someday it may go away. |
1606 | */ | 1606 | */ |
1607 | static int smack_task_kill(struct task_struct *p, struct siginfo *info, | 1607 | static int smack_task_kill(struct task_struct *p, struct siginfo *info, |
1608 | int sig, u32 secid) | 1608 | int sig, u32 secid) |
1609 | { | 1609 | { |
1610 | struct smk_audit_info ad; | 1610 | struct smk_audit_info ad; |
1611 | 1611 | ||
1612 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | 1612 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); |
1613 | smk_ad_setfield_u_tsk(&ad, p); | 1613 | smk_ad_setfield_u_tsk(&ad, p); |
1614 | /* | 1614 | /* |
1615 | * Sending a signal requires that the sender | 1615 | * Sending a signal requires that the sender |
1616 | * can write the receiver. | 1616 | * can write the receiver. |
1617 | */ | 1617 | */ |
1618 | if (secid == 0) | 1618 | if (secid == 0) |
1619 | return smk_curacc(smk_of_task(task_security(p)), MAY_WRITE, | 1619 | return smk_curacc(smk_of_task(task_security(p)), MAY_WRITE, |
1620 | &ad); | 1620 | &ad); |
1621 | /* | 1621 | /* |
1622 | * If the secid isn't 0 we're dealing with some USB IO | 1622 | * If the secid isn't 0 we're dealing with some USB IO |
1623 | * specific behavior. This is not clean. For one thing | 1623 | * specific behavior. This is not clean. For one thing |
1624 | * we can't take privilege into account. | 1624 | * we can't take privilege into account. |
1625 | */ | 1625 | */ |
1626 | return smk_access(smack_from_secid(secid), | 1626 | return smk_access(smack_from_secid(secid), |
1627 | smk_of_task(task_security(p)), MAY_WRITE, &ad); | 1627 | smk_of_task(task_security(p)), MAY_WRITE, &ad); |
1628 | } | 1628 | } |
1629 | 1629 | ||
1630 | /** | 1630 | /** |
1631 | * smack_task_wait - Smack access check for waiting | 1631 | * smack_task_wait - Smack access check for waiting |
1632 | * @p: task to wait for | 1632 | * @p: task to wait for |
1633 | * | 1633 | * |
1634 | * Returns 0 if current can wait for p, error code otherwise | 1634 | * Returns 0 if current can wait for p, error code otherwise |
1635 | */ | 1635 | */ |
1636 | static int smack_task_wait(struct task_struct *p) | 1636 | static int smack_task_wait(struct task_struct *p) |
1637 | { | 1637 | { |
1638 | struct smk_audit_info ad; | 1638 | struct smk_audit_info ad; |
1639 | char *sp = smk_of_current(); | 1639 | char *sp = smk_of_current(); |
1640 | char *tsp = smk_of_forked(task_security(p)); | 1640 | char *tsp = smk_of_forked(task_security(p)); |
1641 | int rc; | 1641 | int rc; |
1642 | 1642 | ||
1643 | /* we don't log here, we can be overriden */ | 1643 | /* we don't log here, we can be overriden */ |
1644 | rc = smk_access(tsp, sp, MAY_WRITE, NULL); | 1644 | rc = smk_access(tsp, sp, MAY_WRITE, NULL); |
1645 | if (rc == 0) | 1645 | if (rc == 0) |
1646 | goto out_log; | 1646 | goto out_log; |
1647 | 1647 | ||
1648 | /* | 1648 | /* |
1649 | * Allow the operation to succeed if either task | 1649 | * Allow the operation to succeed if either task |
1650 | * has privilege to perform operations that might | 1650 | * has privilege to perform operations that might |
1651 | * account for the smack labels having gotten to | 1651 | * account for the smack labels having gotten to |
1652 | * be different in the first place. | 1652 | * be different in the first place. |
1653 | * | 1653 | * |
1654 | * This breaks the strict subject/object access | 1654 | * This breaks the strict subject/object access |
1655 | * control ideal, taking the object's privilege | 1655 | * control ideal, taking the object's privilege |
1656 | * state into account in the decision as well as | 1656 | * state into account in the decision as well as |
1657 | * the smack value. | 1657 | * the smack value. |
1658 | */ | 1658 | */ |
1659 | if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE)) | 1659 | if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE)) |
1660 | rc = 0; | 1660 | rc = 0; |
1661 | /* we log only if we didn't get overriden */ | 1661 | /* we log only if we didn't get overriden */ |
1662 | out_log: | 1662 | out_log: |
1663 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | 1663 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); |
1664 | smk_ad_setfield_u_tsk(&ad, p); | 1664 | smk_ad_setfield_u_tsk(&ad, p); |
1665 | smack_log(tsp, sp, MAY_WRITE, rc, &ad); | 1665 | smack_log(tsp, sp, MAY_WRITE, rc, &ad); |
1666 | return rc; | 1666 | return rc; |
1667 | } | 1667 | } |
1668 | 1668 | ||
1669 | /** | 1669 | /** |
1670 | * smack_task_to_inode - copy task smack into the inode blob | 1670 | * smack_task_to_inode - copy task smack into the inode blob |
1671 | * @p: task to copy from | 1671 | * @p: task to copy from |
1672 | * @inode: inode to copy to | 1672 | * @inode: inode to copy to |
1673 | * | 1673 | * |
1674 | * Sets the smack pointer in the inode security blob | 1674 | * Sets the smack pointer in the inode security blob |
1675 | */ | 1675 | */ |
1676 | static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | 1676 | static void smack_task_to_inode(struct task_struct *p, struct inode *inode) |
1677 | { | 1677 | { |
1678 | struct inode_smack *isp = inode->i_security; | 1678 | struct inode_smack *isp = inode->i_security; |
1679 | isp->smk_inode = smk_of_task(task_security(p)); | 1679 | isp->smk_inode = smk_of_task(task_security(p)); |
1680 | } | 1680 | } |
1681 | 1681 | ||
1682 | /* | 1682 | /* |
1683 | * Socket hooks. | 1683 | * Socket hooks. |
1684 | */ | 1684 | */ |
1685 | 1685 | ||
1686 | /** | 1686 | /** |
1687 | * smack_sk_alloc_security - Allocate a socket blob | 1687 | * smack_sk_alloc_security - Allocate a socket blob |
1688 | * @sk: the socket | 1688 | * @sk: the socket |
1689 | * @family: unused | 1689 | * @family: unused |
1690 | * @gfp_flags: memory allocation flags | 1690 | * @gfp_flags: memory allocation flags |
1691 | * | 1691 | * |
1692 | * Assign Smack pointers to current | 1692 | * Assign Smack pointers to current |
1693 | * | 1693 | * |
1694 | * Returns 0 on success, -ENOMEM is there's no memory | 1694 | * Returns 0 on success, -ENOMEM is there's no memory |
1695 | */ | 1695 | */ |
1696 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) | 1696 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) |
1697 | { | 1697 | { |
1698 | char *csp = smk_of_current(); | 1698 | char *csp = smk_of_current(); |
1699 | struct socket_smack *ssp; | 1699 | struct socket_smack *ssp; |
1700 | 1700 | ||
1701 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); | 1701 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); |
1702 | if (ssp == NULL) | 1702 | if (ssp == NULL) |
1703 | return -ENOMEM; | 1703 | return -ENOMEM; |
1704 | 1704 | ||
1705 | ssp->smk_in = csp; | 1705 | ssp->smk_in = csp; |
1706 | ssp->smk_out = csp; | 1706 | ssp->smk_out = csp; |
1707 | ssp->smk_packet[0] = '\0'; | 1707 | ssp->smk_packet[0] = '\0'; |
1708 | 1708 | ||
1709 | sk->sk_security = ssp; | 1709 | sk->sk_security = ssp; |
1710 | 1710 | ||
1711 | return 0; | 1711 | return 0; |
1712 | } | 1712 | } |
1713 | 1713 | ||
1714 | /** | 1714 | /** |
1715 | * smack_sk_free_security - Free a socket blob | 1715 | * smack_sk_free_security - Free a socket blob |
1716 | * @sk: the socket | 1716 | * @sk: the socket |
1717 | * | 1717 | * |
1718 | * Clears the blob pointer | 1718 | * Clears the blob pointer |
1719 | */ | 1719 | */ |
1720 | static void smack_sk_free_security(struct sock *sk) | 1720 | static void smack_sk_free_security(struct sock *sk) |
1721 | { | 1721 | { |
1722 | kfree(sk->sk_security); | 1722 | kfree(sk->sk_security); |
1723 | } | 1723 | } |
1724 | 1724 | ||
1725 | /** | 1725 | /** |
1726 | * smack_host_label - check host based restrictions | 1726 | * smack_host_label - check host based restrictions |
1727 | * @sip: the object end | 1727 | * @sip: the object end |
1728 | * | 1728 | * |
1729 | * looks for host based access restrictions | 1729 | * looks for host based access restrictions |
1730 | * | 1730 | * |
1731 | * This version will only be appropriate for really small sets of single label | 1731 | * This version will only be appropriate for really small sets of single label |
1732 | * hosts. The caller is responsible for ensuring that the RCU read lock is | 1732 | * hosts. The caller is responsible for ensuring that the RCU read lock is |
1733 | * taken before calling this function. | 1733 | * taken before calling this function. |
1734 | * | 1734 | * |
1735 | * Returns the label of the far end or NULL if it's not special. | 1735 | * Returns the label of the far end or NULL if it's not special. |
1736 | */ | 1736 | */ |
1737 | static char *smack_host_label(struct sockaddr_in *sip) | 1737 | static char *smack_host_label(struct sockaddr_in *sip) |
1738 | { | 1738 | { |
1739 | struct smk_netlbladdr *snp; | 1739 | struct smk_netlbladdr *snp; |
1740 | struct in_addr *siap = &sip->sin_addr; | 1740 | struct in_addr *siap = &sip->sin_addr; |
1741 | 1741 | ||
1742 | if (siap->s_addr == 0) | 1742 | if (siap->s_addr == 0) |
1743 | return NULL; | 1743 | return NULL; |
1744 | 1744 | ||
1745 | list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) | 1745 | list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) |
1746 | /* | 1746 | /* |
1747 | * we break after finding the first match because | 1747 | * we break after finding the first match because |
1748 | * the list is sorted from longest to shortest mask | 1748 | * the list is sorted from longest to shortest mask |
1749 | * so we have found the most specific match | 1749 | * so we have found the most specific match |
1750 | */ | 1750 | */ |
1751 | if ((&snp->smk_host.sin_addr)->s_addr == | 1751 | if ((&snp->smk_host.sin_addr)->s_addr == |
1752 | (siap->s_addr & (&snp->smk_mask)->s_addr)) { | 1752 | (siap->s_addr & (&snp->smk_mask)->s_addr)) { |
1753 | /* we have found the special CIPSO option */ | 1753 | /* we have found the special CIPSO option */ |
1754 | if (snp->smk_label == smack_cipso_option) | 1754 | if (snp->smk_label == smack_cipso_option) |
1755 | return NULL; | 1755 | return NULL; |
1756 | return snp->smk_label; | 1756 | return snp->smk_label; |
1757 | } | 1757 | } |
1758 | 1758 | ||
1759 | return NULL; | 1759 | return NULL; |
1760 | } | 1760 | } |
1761 | 1761 | ||
1762 | /** | 1762 | /** |
1763 | * smack_set_catset - convert a capset to netlabel mls categories | 1763 | * smack_set_catset - convert a capset to netlabel mls categories |
1764 | * @catset: the Smack categories | 1764 | * @catset: the Smack categories |
1765 | * @sap: where to put the netlabel categories | 1765 | * @sap: where to put the netlabel categories |
1766 | * | 1766 | * |
1767 | * Allocates and fills attr.mls.cat | 1767 | * Allocates and fills attr.mls.cat |
1768 | */ | 1768 | */ |
1769 | static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap) | 1769 | static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap) |
1770 | { | 1770 | { |
1771 | unsigned char *cp; | 1771 | unsigned char *cp; |
1772 | unsigned char m; | 1772 | unsigned char m; |
1773 | int cat; | 1773 | int cat; |
1774 | int rc; | 1774 | int rc; |
1775 | int byte; | 1775 | int byte; |
1776 | 1776 | ||
1777 | if (!catset) | 1777 | if (!catset) |
1778 | return; | 1778 | return; |
1779 | 1779 | ||
1780 | sap->flags |= NETLBL_SECATTR_MLS_CAT; | 1780 | sap->flags |= NETLBL_SECATTR_MLS_CAT; |
1781 | sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC); | 1781 | sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC); |
1782 | sap->attr.mls.cat->startbit = 0; | 1782 | sap->attr.mls.cat->startbit = 0; |
1783 | 1783 | ||
1784 | for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++) | 1784 | for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++) |
1785 | for (m = 0x80; m != 0; m >>= 1, cat++) { | 1785 | for (m = 0x80; m != 0; m >>= 1, cat++) { |
1786 | if ((m & *cp) == 0) | 1786 | if ((m & *cp) == 0) |
1787 | continue; | 1787 | continue; |
1788 | rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat, | 1788 | rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat, |
1789 | cat, GFP_ATOMIC); | 1789 | cat, GFP_ATOMIC); |
1790 | } | 1790 | } |
1791 | } | 1791 | } |
1792 | 1792 | ||
1793 | /** | 1793 | /** |
1794 | * smack_to_secattr - fill a secattr from a smack value | 1794 | * smack_to_secattr - fill a secattr from a smack value |
1795 | * @smack: the smack value | 1795 | * @smack: the smack value |
1796 | * @nlsp: where the result goes | 1796 | * @nlsp: where the result goes |
1797 | * | 1797 | * |
1798 | * Casey says that CIPSO is good enough for now. | 1798 | * Casey says that CIPSO is good enough for now. |
1799 | * It can be used to effect. | 1799 | * It can be used to effect. |
1800 | * It can also be abused to effect when necessary. | 1800 | * It can also be abused to effect when necessary. |
1801 | * Appologies to the TSIG group in general and GW in particular. | 1801 | * Appologies to the TSIG group in general and GW in particular. |
1802 | */ | 1802 | */ |
1803 | static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) | 1803 | static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) |
1804 | { | 1804 | { |
1805 | struct smack_cipso cipso; | 1805 | struct smack_cipso cipso; |
1806 | int rc; | 1806 | int rc; |
1807 | 1807 | ||
1808 | nlsp->domain = smack; | 1808 | nlsp->domain = smack; |
1809 | nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; | 1809 | nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; |
1810 | 1810 | ||
1811 | rc = smack_to_cipso(smack, &cipso); | 1811 | rc = smack_to_cipso(smack, &cipso); |
1812 | if (rc == 0) { | 1812 | if (rc == 0) { |
1813 | nlsp->attr.mls.lvl = cipso.smk_level; | 1813 | nlsp->attr.mls.lvl = cipso.smk_level; |
1814 | smack_set_catset(cipso.smk_catset, nlsp); | 1814 | smack_set_catset(cipso.smk_catset, nlsp); |
1815 | } else { | 1815 | } else { |
1816 | nlsp->attr.mls.lvl = smack_cipso_direct; | 1816 | nlsp->attr.mls.lvl = smack_cipso_direct; |
1817 | smack_set_catset(smack, nlsp); | 1817 | smack_set_catset(smack, nlsp); |
1818 | } | 1818 | } |
1819 | } | 1819 | } |
1820 | 1820 | ||
1821 | /** | 1821 | /** |
1822 | * smack_netlabel - Set the secattr on a socket | 1822 | * smack_netlabel - Set the secattr on a socket |
1823 | * @sk: the socket | 1823 | * @sk: the socket |
1824 | * @labeled: socket label scheme | 1824 | * @labeled: socket label scheme |
1825 | * | 1825 | * |
1826 | * Convert the outbound smack value (smk_out) to a | 1826 | * Convert the outbound smack value (smk_out) to a |
1827 | * secattr and attach it to the socket. | 1827 | * secattr and attach it to the socket. |
1828 | * | 1828 | * |
1829 | * Returns 0 on success or an error code | 1829 | * Returns 0 on success or an error code |
1830 | */ | 1830 | */ |
1831 | static int smack_netlabel(struct sock *sk, int labeled) | 1831 | static int smack_netlabel(struct sock *sk, int labeled) |
1832 | { | 1832 | { |
1833 | struct socket_smack *ssp = sk->sk_security; | 1833 | struct socket_smack *ssp = sk->sk_security; |
1834 | struct netlbl_lsm_secattr secattr; | 1834 | struct netlbl_lsm_secattr secattr; |
1835 | int rc = 0; | 1835 | int rc = 0; |
1836 | 1836 | ||
1837 | /* | 1837 | /* |
1838 | * Usually the netlabel code will handle changing the | 1838 | * Usually the netlabel code will handle changing the |
1839 | * packet labeling based on the label. | 1839 | * packet labeling based on the label. |
1840 | * The case of a single label host is different, because | 1840 | * The case of a single label host is different, because |
1841 | * a single label host should never get a labeled packet | 1841 | * a single label host should never get a labeled packet |
1842 | * even though the label is usually associated with a packet | 1842 | * even though the label is usually associated with a packet |
1843 | * label. | 1843 | * label. |
1844 | */ | 1844 | */ |
1845 | local_bh_disable(); | 1845 | local_bh_disable(); |
1846 | bh_lock_sock_nested(sk); | 1846 | bh_lock_sock_nested(sk); |
1847 | 1847 | ||
1848 | if (ssp->smk_out == smack_net_ambient || | 1848 | if (ssp->smk_out == smack_net_ambient || |
1849 | labeled == SMACK_UNLABELED_SOCKET) | 1849 | labeled == SMACK_UNLABELED_SOCKET) |
1850 | netlbl_sock_delattr(sk); | 1850 | netlbl_sock_delattr(sk); |
1851 | else { | 1851 | else { |
1852 | netlbl_secattr_init(&secattr); | 1852 | netlbl_secattr_init(&secattr); |
1853 | smack_to_secattr(ssp->smk_out, &secattr); | 1853 | smack_to_secattr(ssp->smk_out, &secattr); |
1854 | rc = netlbl_sock_setattr(sk, sk->sk_family, &secattr); | 1854 | rc = netlbl_sock_setattr(sk, sk->sk_family, &secattr); |
1855 | netlbl_secattr_destroy(&secattr); | 1855 | netlbl_secattr_destroy(&secattr); |
1856 | } | 1856 | } |
1857 | 1857 | ||
1858 | bh_unlock_sock(sk); | 1858 | bh_unlock_sock(sk); |
1859 | local_bh_enable(); | 1859 | local_bh_enable(); |
1860 | 1860 | ||
1861 | return rc; | 1861 | return rc; |
1862 | } | 1862 | } |
1863 | 1863 | ||
1864 | /** | 1864 | /** |
1865 | * smack_netlbel_send - Set the secattr on a socket and perform access checks | 1865 | * smack_netlbel_send - Set the secattr on a socket and perform access checks |
1866 | * @sk: the socket | 1866 | * @sk: the socket |
1867 | * @sap: the destination address | 1867 | * @sap: the destination address |
1868 | * | 1868 | * |
1869 | * Set the correct secattr for the given socket based on the destination | 1869 | * Set the correct secattr for the given socket based on the destination |
1870 | * address and perform any outbound access checks needed. | 1870 | * address and perform any outbound access checks needed. |
1871 | * | 1871 | * |
1872 | * Returns 0 on success or an error code. | 1872 | * Returns 0 on success or an error code. |
1873 | * | 1873 | * |
1874 | */ | 1874 | */ |
1875 | static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) | 1875 | static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) |
1876 | { | 1876 | { |
1877 | int rc; | 1877 | int rc; |
1878 | int sk_lbl; | 1878 | int sk_lbl; |
1879 | char *hostsp; | 1879 | char *hostsp; |
1880 | struct socket_smack *ssp = sk->sk_security; | 1880 | struct socket_smack *ssp = sk->sk_security; |
1881 | struct smk_audit_info ad; | 1881 | struct smk_audit_info ad; |
1882 | 1882 | ||
1883 | rcu_read_lock(); | 1883 | rcu_read_lock(); |
1884 | hostsp = smack_host_label(sap); | 1884 | hostsp = smack_host_label(sap); |
1885 | if (hostsp != NULL) { | 1885 | if (hostsp != NULL) { |
1886 | sk_lbl = SMACK_UNLABELED_SOCKET; | 1886 | sk_lbl = SMACK_UNLABELED_SOCKET; |
1887 | #ifdef CONFIG_AUDIT | 1887 | #ifdef CONFIG_AUDIT |
1888 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); | 1888 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); |
1889 | ad.a.u.net.family = sap->sin_family; | 1889 | ad.a.u.net.family = sap->sin_family; |
1890 | ad.a.u.net.dport = sap->sin_port; | 1890 | ad.a.u.net.dport = sap->sin_port; |
1891 | ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr; | 1891 | ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr; |
1892 | #endif | 1892 | #endif |
1893 | rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad); | 1893 | rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad); |
1894 | } else { | 1894 | } else { |
1895 | sk_lbl = SMACK_CIPSO_SOCKET; | 1895 | sk_lbl = SMACK_CIPSO_SOCKET; |
1896 | rc = 0; | 1896 | rc = 0; |
1897 | } | 1897 | } |
1898 | rcu_read_unlock(); | 1898 | rcu_read_unlock(); |
1899 | if (rc != 0) | 1899 | if (rc != 0) |
1900 | return rc; | 1900 | return rc; |
1901 | 1901 | ||
1902 | return smack_netlabel(sk, sk_lbl); | 1902 | return smack_netlabel(sk, sk_lbl); |
1903 | } | 1903 | } |
1904 | 1904 | ||
1905 | /** | 1905 | /** |
1906 | * smack_inode_setsecurity - set smack xattrs | 1906 | * smack_inode_setsecurity - set smack xattrs |
1907 | * @inode: the object | 1907 | * @inode: the object |
1908 | * @name: attribute name | 1908 | * @name: attribute name |
1909 | * @value: attribute value | 1909 | * @value: attribute value |
1910 | * @size: size of the attribute | 1910 | * @size: size of the attribute |
1911 | * @flags: unused | 1911 | * @flags: unused |
1912 | * | 1912 | * |
1913 | * Sets the named attribute in the appropriate blob | 1913 | * Sets the named attribute in the appropriate blob |
1914 | * | 1914 | * |
1915 | * Returns 0 on success, or an error code | 1915 | * Returns 0 on success, or an error code |
1916 | */ | 1916 | */ |
1917 | static int smack_inode_setsecurity(struct inode *inode, const char *name, | 1917 | static int smack_inode_setsecurity(struct inode *inode, const char *name, |
1918 | const void *value, size_t size, int flags) | 1918 | const void *value, size_t size, int flags) |
1919 | { | 1919 | { |
1920 | char *sp; | 1920 | char *sp; |
1921 | struct inode_smack *nsp = inode->i_security; | 1921 | struct inode_smack *nsp = inode->i_security; |
1922 | struct socket_smack *ssp; | 1922 | struct socket_smack *ssp; |
1923 | struct socket *sock; | 1923 | struct socket *sock; |
1924 | int rc = 0; | 1924 | int rc = 0; |
1925 | 1925 | ||
1926 | if (value == NULL || size > SMK_LABELLEN || size == 0) | 1926 | if (value == NULL || size > SMK_LABELLEN || size == 0) |
1927 | return -EACCES; | 1927 | return -EACCES; |
1928 | 1928 | ||
1929 | sp = smk_import(value, size); | 1929 | sp = smk_import(value, size); |
1930 | if (sp == NULL) | 1930 | if (sp == NULL) |
1931 | return -EINVAL; | 1931 | return -EINVAL; |
1932 | 1932 | ||
1933 | if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { | 1933 | if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { |
1934 | nsp->smk_inode = sp; | 1934 | nsp->smk_inode = sp; |
1935 | nsp->smk_flags |= SMK_INODE_INSTANT; | 1935 | nsp->smk_flags |= SMK_INODE_INSTANT; |
1936 | return 0; | 1936 | return 0; |
1937 | } | 1937 | } |
1938 | /* | 1938 | /* |
1939 | * The rest of the Smack xattrs are only on sockets. | 1939 | * The rest of the Smack xattrs are only on sockets. |
1940 | */ | 1940 | */ |
1941 | if (inode->i_sb->s_magic != SOCKFS_MAGIC) | 1941 | if (inode->i_sb->s_magic != SOCKFS_MAGIC) |
1942 | return -EOPNOTSUPP; | 1942 | return -EOPNOTSUPP; |
1943 | 1943 | ||
1944 | sock = SOCKET_I(inode); | 1944 | sock = SOCKET_I(inode); |
1945 | if (sock == NULL || sock->sk == NULL) | 1945 | if (sock == NULL || sock->sk == NULL) |
1946 | return -EOPNOTSUPP; | 1946 | return -EOPNOTSUPP; |
1947 | 1947 | ||
1948 | ssp = sock->sk->sk_security; | 1948 | ssp = sock->sk->sk_security; |
1949 | 1949 | ||
1950 | if (strcmp(name, XATTR_SMACK_IPIN) == 0) | 1950 | if (strcmp(name, XATTR_SMACK_IPIN) == 0) |
1951 | ssp->smk_in = sp; | 1951 | ssp->smk_in = sp; |
1952 | else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { | 1952 | else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { |
1953 | ssp->smk_out = sp; | 1953 | ssp->smk_out = sp; |
1954 | if (sock->sk->sk_family != PF_UNIX) { | 1954 | if (sock->sk->sk_family != PF_UNIX) { |
1955 | rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); | 1955 | rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); |
1956 | if (rc != 0) | 1956 | if (rc != 0) |
1957 | printk(KERN_WARNING | 1957 | printk(KERN_WARNING |
1958 | "Smack: \"%s\" netlbl error %d.\n", | 1958 | "Smack: \"%s\" netlbl error %d.\n", |
1959 | __func__, -rc); | 1959 | __func__, -rc); |
1960 | } | 1960 | } |
1961 | } else | 1961 | } else |
1962 | return -EOPNOTSUPP; | 1962 | return -EOPNOTSUPP; |
1963 | 1963 | ||
1964 | return 0; | 1964 | return 0; |
1965 | } | 1965 | } |
1966 | 1966 | ||
1967 | /** | 1967 | /** |
1968 | * smack_socket_post_create - finish socket setup | 1968 | * smack_socket_post_create - finish socket setup |
1969 | * @sock: the socket | 1969 | * @sock: the socket |
1970 | * @family: protocol family | 1970 | * @family: protocol family |
1971 | * @type: unused | 1971 | * @type: unused |
1972 | * @protocol: unused | 1972 | * @protocol: unused |
1973 | * @kern: unused | 1973 | * @kern: unused |
1974 | * | 1974 | * |
1975 | * Sets the netlabel information on the socket | 1975 | * Sets the netlabel information on the socket |
1976 | * | 1976 | * |
1977 | * Returns 0 on success, and error code otherwise | 1977 | * Returns 0 on success, and error code otherwise |
1978 | */ | 1978 | */ |
1979 | static int smack_socket_post_create(struct socket *sock, int family, | 1979 | static int smack_socket_post_create(struct socket *sock, int family, |
1980 | int type, int protocol, int kern) | 1980 | int type, int protocol, int kern) |
1981 | { | 1981 | { |
1982 | if (family != PF_INET || sock->sk == NULL) | 1982 | if (family != PF_INET || sock->sk == NULL) |
1983 | return 0; | 1983 | return 0; |
1984 | /* | 1984 | /* |
1985 | * Set the outbound netlbl. | 1985 | * Set the outbound netlbl. |
1986 | */ | 1986 | */ |
1987 | return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); | 1987 | return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); |
1988 | } | 1988 | } |
1989 | 1989 | ||
1990 | /** | 1990 | /** |
1991 | * smack_socket_connect - connect access check | 1991 | * smack_socket_connect - connect access check |
1992 | * @sock: the socket | 1992 | * @sock: the socket |
1993 | * @sap: the other end | 1993 | * @sap: the other end |
1994 | * @addrlen: size of sap | 1994 | * @addrlen: size of sap |
1995 | * | 1995 | * |
1996 | * Verifies that a connection may be possible | 1996 | * Verifies that a connection may be possible |
1997 | * | 1997 | * |
1998 | * Returns 0 on success, and error code otherwise | 1998 | * Returns 0 on success, and error code otherwise |
1999 | */ | 1999 | */ |
2000 | static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, | 2000 | static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, |
2001 | int addrlen) | 2001 | int addrlen) |
2002 | { | 2002 | { |
2003 | if (sock->sk == NULL || sock->sk->sk_family != PF_INET) | 2003 | if (sock->sk == NULL || sock->sk->sk_family != PF_INET) |
2004 | return 0; | 2004 | return 0; |
2005 | if (addrlen < sizeof(struct sockaddr_in)) | 2005 | if (addrlen < sizeof(struct sockaddr_in)) |
2006 | return -EINVAL; | 2006 | return -EINVAL; |
2007 | 2007 | ||
2008 | return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); | 2008 | return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); |
2009 | } | 2009 | } |
2010 | 2010 | ||
2011 | /** | 2011 | /** |
2012 | * smack_flags_to_may - convert S_ to MAY_ values | 2012 | * smack_flags_to_may - convert S_ to MAY_ values |
2013 | * @flags: the S_ value | 2013 | * @flags: the S_ value |
2014 | * | 2014 | * |
2015 | * Returns the equivalent MAY_ value | 2015 | * Returns the equivalent MAY_ value |
2016 | */ | 2016 | */ |
2017 | static int smack_flags_to_may(int flags) | 2017 | static int smack_flags_to_may(int flags) |
2018 | { | 2018 | { |
2019 | int may = 0; | 2019 | int may = 0; |
2020 | 2020 | ||
2021 | if (flags & S_IRUGO) | 2021 | if (flags & S_IRUGO) |
2022 | may |= MAY_READ; | 2022 | may |= MAY_READ; |
2023 | if (flags & S_IWUGO) | 2023 | if (flags & S_IWUGO) |
2024 | may |= MAY_WRITE; | 2024 | may |= MAY_WRITE; |
2025 | if (flags & S_IXUGO) | 2025 | if (flags & S_IXUGO) |
2026 | may |= MAY_EXEC; | 2026 | may |= MAY_EXEC; |
2027 | 2027 | ||
2028 | return may; | 2028 | return may; |
2029 | } | 2029 | } |
2030 | 2030 | ||
2031 | /** | 2031 | /** |
2032 | * smack_msg_msg_alloc_security - Set the security blob for msg_msg | 2032 | * smack_msg_msg_alloc_security - Set the security blob for msg_msg |
2033 | * @msg: the object | 2033 | * @msg: the object |
2034 | * | 2034 | * |
2035 | * Returns 0 | 2035 | * Returns 0 |
2036 | */ | 2036 | */ |
2037 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) | 2037 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) |
2038 | { | 2038 | { |
2039 | msg->security = smk_of_current(); | 2039 | msg->security = smk_of_current(); |
2040 | return 0; | 2040 | return 0; |
2041 | } | 2041 | } |
2042 | 2042 | ||
2043 | /** | 2043 | /** |
2044 | * smack_msg_msg_free_security - Clear the security blob for msg_msg | 2044 | * smack_msg_msg_free_security - Clear the security blob for msg_msg |
2045 | * @msg: the object | 2045 | * @msg: the object |
2046 | * | 2046 | * |
2047 | * Clears the blob pointer | 2047 | * Clears the blob pointer |
2048 | */ | 2048 | */ |
2049 | static void smack_msg_msg_free_security(struct msg_msg *msg) | 2049 | static void smack_msg_msg_free_security(struct msg_msg *msg) |
2050 | { | 2050 | { |
2051 | msg->security = NULL; | 2051 | msg->security = NULL; |
2052 | } | 2052 | } |
2053 | 2053 | ||
2054 | /** | 2054 | /** |
2055 | * smack_of_shm - the smack pointer for the shm | 2055 | * smack_of_shm - the smack pointer for the shm |
2056 | * @shp: the object | 2056 | * @shp: the object |
2057 | * | 2057 | * |
2058 | * Returns a pointer to the smack value | 2058 | * Returns a pointer to the smack value |
2059 | */ | 2059 | */ |
2060 | static char *smack_of_shm(struct shmid_kernel *shp) | 2060 | static char *smack_of_shm(struct shmid_kernel *shp) |
2061 | { | 2061 | { |
2062 | return (char *)shp->shm_perm.security; | 2062 | return (char *)shp->shm_perm.security; |
2063 | } | 2063 | } |
2064 | 2064 | ||
2065 | /** | 2065 | /** |
2066 | * smack_shm_alloc_security - Set the security blob for shm | 2066 | * smack_shm_alloc_security - Set the security blob for shm |
2067 | * @shp: the object | 2067 | * @shp: the object |
2068 | * | 2068 | * |
2069 | * Returns 0 | 2069 | * Returns 0 |
2070 | */ | 2070 | */ |
2071 | static int smack_shm_alloc_security(struct shmid_kernel *shp) | 2071 | static int smack_shm_alloc_security(struct shmid_kernel *shp) |
2072 | { | 2072 | { |
2073 | struct kern_ipc_perm *isp = &shp->shm_perm; | 2073 | struct kern_ipc_perm *isp = &shp->shm_perm; |
2074 | 2074 | ||
2075 | isp->security = smk_of_current(); | 2075 | isp->security = smk_of_current(); |
2076 | return 0; | 2076 | return 0; |
2077 | } | 2077 | } |
2078 | 2078 | ||
2079 | /** | 2079 | /** |
2080 | * smack_shm_free_security - Clear the security blob for shm | 2080 | * smack_shm_free_security - Clear the security blob for shm |
2081 | * @shp: the object | 2081 | * @shp: the object |
2082 | * | 2082 | * |
2083 | * Clears the blob pointer | 2083 | * Clears the blob pointer |
2084 | */ | 2084 | */ |
2085 | static void smack_shm_free_security(struct shmid_kernel *shp) | 2085 | static void smack_shm_free_security(struct shmid_kernel *shp) |
2086 | { | 2086 | { |
2087 | struct kern_ipc_perm *isp = &shp->shm_perm; | 2087 | struct kern_ipc_perm *isp = &shp->shm_perm; |
2088 | 2088 | ||
2089 | isp->security = NULL; | 2089 | isp->security = NULL; |
2090 | } | 2090 | } |
2091 | 2091 | ||
2092 | /** | 2092 | /** |
2093 | * smk_curacc_shm : check if current has access on shm | 2093 | * smk_curacc_shm : check if current has access on shm |
2094 | * @shp : the object | 2094 | * @shp : the object |
2095 | * @access : access requested | 2095 | * @access : access requested |
2096 | * | 2096 | * |
2097 | * Returns 0 if current has the requested access, error code otherwise | 2097 | * Returns 0 if current has the requested access, error code otherwise |
2098 | */ | 2098 | */ |
2099 | static int smk_curacc_shm(struct shmid_kernel *shp, int access) | 2099 | static int smk_curacc_shm(struct shmid_kernel *shp, int access) |
2100 | { | 2100 | { |
2101 | char *ssp = smack_of_shm(shp); | 2101 | char *ssp = smack_of_shm(shp); |
2102 | struct smk_audit_info ad; | 2102 | struct smk_audit_info ad; |
2103 | 2103 | ||
2104 | #ifdef CONFIG_AUDIT | 2104 | #ifdef CONFIG_AUDIT |
2105 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); | 2105 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); |
2106 | ad.a.u.ipc_id = shp->shm_perm.id; | 2106 | ad.a.u.ipc_id = shp->shm_perm.id; |
2107 | #endif | 2107 | #endif |
2108 | return smk_curacc(ssp, access, &ad); | 2108 | return smk_curacc(ssp, access, &ad); |
2109 | } | 2109 | } |
2110 | 2110 | ||
2111 | /** | 2111 | /** |
2112 | * smack_shm_associate - Smack access check for shm | 2112 | * smack_shm_associate - Smack access check for shm |
2113 | * @shp: the object | 2113 | * @shp: the object |
2114 | * @shmflg: access requested | 2114 | * @shmflg: access requested |
2115 | * | 2115 | * |
2116 | * Returns 0 if current has the requested access, error code otherwise | 2116 | * Returns 0 if current has the requested access, error code otherwise |
2117 | */ | 2117 | */ |
2118 | static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) | 2118 | static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) |
2119 | { | 2119 | { |
2120 | int may; | 2120 | int may; |
2121 | 2121 | ||
2122 | may = smack_flags_to_may(shmflg); | 2122 | may = smack_flags_to_may(shmflg); |
2123 | return smk_curacc_shm(shp, may); | 2123 | return smk_curacc_shm(shp, may); |
2124 | } | 2124 | } |
2125 | 2125 | ||
2126 | /** | 2126 | /** |
2127 | * smack_shm_shmctl - Smack access check for shm | 2127 | * smack_shm_shmctl - Smack access check for shm |
2128 | * @shp: the object | 2128 | * @shp: the object |
2129 | * @cmd: what it wants to do | 2129 | * @cmd: what it wants to do |
2130 | * | 2130 | * |
2131 | * Returns 0 if current has the requested access, error code otherwise | 2131 | * Returns 0 if current has the requested access, error code otherwise |
2132 | */ | 2132 | */ |
2133 | static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) | 2133 | static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) |
2134 | { | 2134 | { |
2135 | int may; | 2135 | int may; |
2136 | 2136 | ||
2137 | switch (cmd) { | 2137 | switch (cmd) { |
2138 | case IPC_STAT: | 2138 | case IPC_STAT: |
2139 | case SHM_STAT: | 2139 | case SHM_STAT: |
2140 | may = MAY_READ; | 2140 | may = MAY_READ; |
2141 | break; | 2141 | break; |
2142 | case IPC_SET: | 2142 | case IPC_SET: |
2143 | case SHM_LOCK: | 2143 | case SHM_LOCK: |
2144 | case SHM_UNLOCK: | 2144 | case SHM_UNLOCK: |
2145 | case IPC_RMID: | 2145 | case IPC_RMID: |
2146 | may = MAY_READWRITE; | 2146 | may = MAY_READWRITE; |
2147 | break; | 2147 | break; |
2148 | case IPC_INFO: | 2148 | case IPC_INFO: |
2149 | case SHM_INFO: | 2149 | case SHM_INFO: |
2150 | /* | 2150 | /* |
2151 | * System level information. | 2151 | * System level information. |
2152 | */ | 2152 | */ |
2153 | return 0; | 2153 | return 0; |
2154 | default: | 2154 | default: |
2155 | return -EINVAL; | 2155 | return -EINVAL; |
2156 | } | 2156 | } |
2157 | return smk_curacc_shm(shp, may); | 2157 | return smk_curacc_shm(shp, may); |
2158 | } | 2158 | } |
2159 | 2159 | ||
2160 | /** | 2160 | /** |
2161 | * smack_shm_shmat - Smack access for shmat | 2161 | * smack_shm_shmat - Smack access for shmat |
2162 | * @shp: the object | 2162 | * @shp: the object |
2163 | * @shmaddr: unused | 2163 | * @shmaddr: unused |
2164 | * @shmflg: access requested | 2164 | * @shmflg: access requested |
2165 | * | 2165 | * |
2166 | * Returns 0 if current has the requested access, error code otherwise | 2166 | * Returns 0 if current has the requested access, error code otherwise |
2167 | */ | 2167 | */ |
2168 | static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, | 2168 | static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, |
2169 | int shmflg) | 2169 | int shmflg) |
2170 | { | 2170 | { |
2171 | int may; | 2171 | int may; |
2172 | 2172 | ||
2173 | may = smack_flags_to_may(shmflg); | 2173 | may = smack_flags_to_may(shmflg); |
2174 | return smk_curacc_shm(shp, may); | 2174 | return smk_curacc_shm(shp, may); |
2175 | } | 2175 | } |
2176 | 2176 | ||
2177 | /** | 2177 | /** |
2178 | * smack_of_sem - the smack pointer for the sem | 2178 | * smack_of_sem - the smack pointer for the sem |
2179 | * @sma: the object | 2179 | * @sma: the object |
2180 | * | 2180 | * |
2181 | * Returns a pointer to the smack value | 2181 | * Returns a pointer to the smack value |
2182 | */ | 2182 | */ |
2183 | static char *smack_of_sem(struct sem_array *sma) | 2183 | static char *smack_of_sem(struct sem_array *sma) |
2184 | { | 2184 | { |
2185 | return (char *)sma->sem_perm.security; | 2185 | return (char *)sma->sem_perm.security; |
2186 | } | 2186 | } |
2187 | 2187 | ||
2188 | /** | 2188 | /** |
2189 | * smack_sem_alloc_security - Set the security blob for sem | 2189 | * smack_sem_alloc_security - Set the security blob for sem |
2190 | * @sma: the object | 2190 | * @sma: the object |
2191 | * | 2191 | * |
2192 | * Returns 0 | 2192 | * Returns 0 |
2193 | */ | 2193 | */ |
2194 | static int smack_sem_alloc_security(struct sem_array *sma) | 2194 | static int smack_sem_alloc_security(struct sem_array *sma) |
2195 | { | 2195 | { |
2196 | struct kern_ipc_perm *isp = &sma->sem_perm; | 2196 | struct kern_ipc_perm *isp = &sma->sem_perm; |
2197 | 2197 | ||
2198 | isp->security = smk_of_current(); | 2198 | isp->security = smk_of_current(); |
2199 | return 0; | 2199 | return 0; |
2200 | } | 2200 | } |
2201 | 2201 | ||
2202 | /** | 2202 | /** |
2203 | * smack_sem_free_security - Clear the security blob for sem | 2203 | * smack_sem_free_security - Clear the security blob for sem |
2204 | * @sma: the object | 2204 | * @sma: the object |
2205 | * | 2205 | * |
2206 | * Clears the blob pointer | 2206 | * Clears the blob pointer |
2207 | */ | 2207 | */ |
2208 | static void smack_sem_free_security(struct sem_array *sma) | 2208 | static void smack_sem_free_security(struct sem_array *sma) |
2209 | { | 2209 | { |
2210 | struct kern_ipc_perm *isp = &sma->sem_perm; | 2210 | struct kern_ipc_perm *isp = &sma->sem_perm; |
2211 | 2211 | ||
2212 | isp->security = NULL; | 2212 | isp->security = NULL; |
2213 | } | 2213 | } |
2214 | 2214 | ||
2215 | /** | 2215 | /** |
2216 | * smk_curacc_sem : check if current has access on sem | 2216 | * smk_curacc_sem : check if current has access on sem |
2217 | * @sma : the object | 2217 | * @sma : the object |
2218 | * @access : access requested | 2218 | * @access : access requested |
2219 | * | 2219 | * |
2220 | * Returns 0 if current has the requested access, error code otherwise | 2220 | * Returns 0 if current has the requested access, error code otherwise |
2221 | */ | 2221 | */ |
2222 | static int smk_curacc_sem(struct sem_array *sma, int access) | 2222 | static int smk_curacc_sem(struct sem_array *sma, int access) |
2223 | { | 2223 | { |
2224 | char *ssp = smack_of_sem(sma); | 2224 | char *ssp = smack_of_sem(sma); |
2225 | struct smk_audit_info ad; | 2225 | struct smk_audit_info ad; |
2226 | 2226 | ||
2227 | #ifdef CONFIG_AUDIT | 2227 | #ifdef CONFIG_AUDIT |
2228 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); | 2228 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); |
2229 | ad.a.u.ipc_id = sma->sem_perm.id; | 2229 | ad.a.u.ipc_id = sma->sem_perm.id; |
2230 | #endif | 2230 | #endif |
2231 | return smk_curacc(ssp, access, &ad); | 2231 | return smk_curacc(ssp, access, &ad); |
2232 | } | 2232 | } |
2233 | 2233 | ||
2234 | /** | 2234 | /** |
2235 | * smack_sem_associate - Smack access check for sem | 2235 | * smack_sem_associate - Smack access check for sem |
2236 | * @sma: the object | 2236 | * @sma: the object |
2237 | * @semflg: access requested | 2237 | * @semflg: access requested |
2238 | * | 2238 | * |
2239 | * Returns 0 if current has the requested access, error code otherwise | 2239 | * Returns 0 if current has the requested access, error code otherwise |
2240 | */ | 2240 | */ |
2241 | static int smack_sem_associate(struct sem_array *sma, int semflg) | 2241 | static int smack_sem_associate(struct sem_array *sma, int semflg) |
2242 | { | 2242 | { |
2243 | int may; | 2243 | int may; |
2244 | 2244 | ||
2245 | may = smack_flags_to_may(semflg); | 2245 | may = smack_flags_to_may(semflg); |
2246 | return smk_curacc_sem(sma, may); | 2246 | return smk_curacc_sem(sma, may); |
2247 | } | 2247 | } |
2248 | 2248 | ||
2249 | /** | 2249 | /** |
2250 | * smack_sem_shmctl - Smack access check for sem | 2250 | * smack_sem_shmctl - Smack access check for sem |
2251 | * @sma: the object | 2251 | * @sma: the object |
2252 | * @cmd: what it wants to do | 2252 | * @cmd: what it wants to do |
2253 | * | 2253 | * |
2254 | * Returns 0 if current has the requested access, error code otherwise | 2254 | * Returns 0 if current has the requested access, error code otherwise |
2255 | */ | 2255 | */ |
2256 | static int smack_sem_semctl(struct sem_array *sma, int cmd) | 2256 | static int smack_sem_semctl(struct sem_array *sma, int cmd) |
2257 | { | 2257 | { |
2258 | int may; | 2258 | int may; |
2259 | 2259 | ||
2260 | switch (cmd) { | 2260 | switch (cmd) { |
2261 | case GETPID: | 2261 | case GETPID: |
2262 | case GETNCNT: | 2262 | case GETNCNT: |
2263 | case GETZCNT: | 2263 | case GETZCNT: |
2264 | case GETVAL: | 2264 | case GETVAL: |
2265 | case GETALL: | 2265 | case GETALL: |
2266 | case IPC_STAT: | 2266 | case IPC_STAT: |
2267 | case SEM_STAT: | 2267 | case SEM_STAT: |
2268 | may = MAY_READ; | 2268 | may = MAY_READ; |
2269 | break; | 2269 | break; |
2270 | case SETVAL: | 2270 | case SETVAL: |
2271 | case SETALL: | 2271 | case SETALL: |
2272 | case IPC_RMID: | 2272 | case IPC_RMID: |
2273 | case IPC_SET: | 2273 | case IPC_SET: |
2274 | may = MAY_READWRITE; | 2274 | may = MAY_READWRITE; |
2275 | break; | 2275 | break; |
2276 | case IPC_INFO: | 2276 | case IPC_INFO: |
2277 | case SEM_INFO: | 2277 | case SEM_INFO: |
2278 | /* | 2278 | /* |
2279 | * System level information | 2279 | * System level information |
2280 | */ | 2280 | */ |
2281 | return 0; | 2281 | return 0; |
2282 | default: | 2282 | default: |
2283 | return -EINVAL; | 2283 | return -EINVAL; |
2284 | } | 2284 | } |
2285 | 2285 | ||
2286 | return smk_curacc_sem(sma, may); | 2286 | return smk_curacc_sem(sma, may); |
2287 | } | 2287 | } |
2288 | 2288 | ||
2289 | /** | 2289 | /** |
2290 | * smack_sem_semop - Smack checks of semaphore operations | 2290 | * smack_sem_semop - Smack checks of semaphore operations |
2291 | * @sma: the object | 2291 | * @sma: the object |
2292 | * @sops: unused | 2292 | * @sops: unused |
2293 | * @nsops: unused | 2293 | * @nsops: unused |
2294 | * @alter: unused | 2294 | * @alter: unused |
2295 | * | 2295 | * |
2296 | * Treated as read and write in all cases. | 2296 | * Treated as read and write in all cases. |
2297 | * | 2297 | * |
2298 | * Returns 0 if access is allowed, error code otherwise | 2298 | * Returns 0 if access is allowed, error code otherwise |
2299 | */ | 2299 | */ |
2300 | static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, | 2300 | static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, |
2301 | unsigned nsops, int alter) | 2301 | unsigned nsops, int alter) |
2302 | { | 2302 | { |
2303 | return smk_curacc_sem(sma, MAY_READWRITE); | 2303 | return smk_curacc_sem(sma, MAY_READWRITE); |
2304 | } | 2304 | } |
2305 | 2305 | ||
2306 | /** | 2306 | /** |
2307 | * smack_msg_alloc_security - Set the security blob for msg | 2307 | * smack_msg_alloc_security - Set the security blob for msg |
2308 | * @msq: the object | 2308 | * @msq: the object |
2309 | * | 2309 | * |
2310 | * Returns 0 | 2310 | * Returns 0 |
2311 | */ | 2311 | */ |
2312 | static int smack_msg_queue_alloc_security(struct msg_queue *msq) | 2312 | static int smack_msg_queue_alloc_security(struct msg_queue *msq) |
2313 | { | 2313 | { |
2314 | struct kern_ipc_perm *kisp = &msq->q_perm; | 2314 | struct kern_ipc_perm *kisp = &msq->q_perm; |
2315 | 2315 | ||
2316 | kisp->security = smk_of_current(); | 2316 | kisp->security = smk_of_current(); |
2317 | return 0; | 2317 | return 0; |
2318 | } | 2318 | } |
2319 | 2319 | ||
2320 | /** | 2320 | /** |
2321 | * smack_msg_free_security - Clear the security blob for msg | 2321 | * smack_msg_free_security - Clear the security blob for msg |
2322 | * @msq: the object | 2322 | * @msq: the object |
2323 | * | 2323 | * |
2324 | * Clears the blob pointer | 2324 | * Clears the blob pointer |
2325 | */ | 2325 | */ |
2326 | static void smack_msg_queue_free_security(struct msg_queue *msq) | 2326 | static void smack_msg_queue_free_security(struct msg_queue *msq) |
2327 | { | 2327 | { |
2328 | struct kern_ipc_perm *kisp = &msq->q_perm; | 2328 | struct kern_ipc_perm *kisp = &msq->q_perm; |
2329 | 2329 | ||
2330 | kisp->security = NULL; | 2330 | kisp->security = NULL; |
2331 | } | 2331 | } |
2332 | 2332 | ||
2333 | /** | 2333 | /** |
2334 | * smack_of_msq - the smack pointer for the msq | 2334 | * smack_of_msq - the smack pointer for the msq |
2335 | * @msq: the object | 2335 | * @msq: the object |
2336 | * | 2336 | * |
2337 | * Returns a pointer to the smack value | 2337 | * Returns a pointer to the smack value |
2338 | */ | 2338 | */ |
2339 | static char *smack_of_msq(struct msg_queue *msq) | 2339 | static char *smack_of_msq(struct msg_queue *msq) |
2340 | { | 2340 | { |
2341 | return (char *)msq->q_perm.security; | 2341 | return (char *)msq->q_perm.security; |
2342 | } | 2342 | } |
2343 | 2343 | ||
2344 | /** | 2344 | /** |
2345 | * smk_curacc_msq : helper to check if current has access on msq | 2345 | * smk_curacc_msq : helper to check if current has access on msq |
2346 | * @msq : the msq | 2346 | * @msq : the msq |
2347 | * @access : access requested | 2347 | * @access : access requested |
2348 | * | 2348 | * |
2349 | * return 0 if current has access, error otherwise | 2349 | * return 0 if current has access, error otherwise |
2350 | */ | 2350 | */ |
2351 | static int smk_curacc_msq(struct msg_queue *msq, int access) | 2351 | static int smk_curacc_msq(struct msg_queue *msq, int access) |
2352 | { | 2352 | { |
2353 | char *msp = smack_of_msq(msq); | 2353 | char *msp = smack_of_msq(msq); |
2354 | struct smk_audit_info ad; | 2354 | struct smk_audit_info ad; |
2355 | 2355 | ||
2356 | #ifdef CONFIG_AUDIT | 2356 | #ifdef CONFIG_AUDIT |
2357 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); | 2357 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); |
2358 | ad.a.u.ipc_id = msq->q_perm.id; | 2358 | ad.a.u.ipc_id = msq->q_perm.id; |
2359 | #endif | 2359 | #endif |
2360 | return smk_curacc(msp, access, &ad); | 2360 | return smk_curacc(msp, access, &ad); |
2361 | } | 2361 | } |
2362 | 2362 | ||
2363 | /** | 2363 | /** |
2364 | * smack_msg_queue_associate - Smack access check for msg_queue | 2364 | * smack_msg_queue_associate - Smack access check for msg_queue |
2365 | * @msq: the object | 2365 | * @msq: the object |
2366 | * @msqflg: access requested | 2366 | * @msqflg: access requested |
2367 | * | 2367 | * |
2368 | * Returns 0 if current has the requested access, error code otherwise | 2368 | * Returns 0 if current has the requested access, error code otherwise |
2369 | */ | 2369 | */ |
2370 | static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) | 2370 | static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) |
2371 | { | 2371 | { |
2372 | int may; | 2372 | int may; |
2373 | 2373 | ||
2374 | may = smack_flags_to_may(msqflg); | 2374 | may = smack_flags_to_may(msqflg); |
2375 | return smk_curacc_msq(msq, may); | 2375 | return smk_curacc_msq(msq, may); |
2376 | } | 2376 | } |
2377 | 2377 | ||
2378 | /** | 2378 | /** |
2379 | * smack_msg_queue_msgctl - Smack access check for msg_queue | 2379 | * smack_msg_queue_msgctl - Smack access check for msg_queue |
2380 | * @msq: the object | 2380 | * @msq: the object |
2381 | * @cmd: what it wants to do | 2381 | * @cmd: what it wants to do |
2382 | * | 2382 | * |
2383 | * Returns 0 if current has the requested access, error code otherwise | 2383 | * Returns 0 if current has the requested access, error code otherwise |
2384 | */ | 2384 | */ |
2385 | static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) | 2385 | static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) |
2386 | { | 2386 | { |
2387 | int may; | 2387 | int may; |
2388 | 2388 | ||
2389 | switch (cmd) { | 2389 | switch (cmd) { |
2390 | case IPC_STAT: | 2390 | case IPC_STAT: |
2391 | case MSG_STAT: | 2391 | case MSG_STAT: |
2392 | may = MAY_READ; | 2392 | may = MAY_READ; |
2393 | break; | 2393 | break; |
2394 | case IPC_SET: | 2394 | case IPC_SET: |
2395 | case IPC_RMID: | 2395 | case IPC_RMID: |
2396 | may = MAY_READWRITE; | 2396 | may = MAY_READWRITE; |
2397 | break; | 2397 | break; |
2398 | case IPC_INFO: | 2398 | case IPC_INFO: |
2399 | case MSG_INFO: | 2399 | case MSG_INFO: |
2400 | /* | 2400 | /* |
2401 | * System level information | 2401 | * System level information |
2402 | */ | 2402 | */ |
2403 | return 0; | 2403 | return 0; |
2404 | default: | 2404 | default: |
2405 | return -EINVAL; | 2405 | return -EINVAL; |
2406 | } | 2406 | } |
2407 | 2407 | ||
2408 | return smk_curacc_msq(msq, may); | 2408 | return smk_curacc_msq(msq, may); |
2409 | } | 2409 | } |
2410 | 2410 | ||
2411 | /** | 2411 | /** |
2412 | * smack_msg_queue_msgsnd - Smack access check for msg_queue | 2412 | * smack_msg_queue_msgsnd - Smack access check for msg_queue |
2413 | * @msq: the object | 2413 | * @msq: the object |
2414 | * @msg: unused | 2414 | * @msg: unused |
2415 | * @msqflg: access requested | 2415 | * @msqflg: access requested |
2416 | * | 2416 | * |
2417 | * Returns 0 if current has the requested access, error code otherwise | 2417 | * Returns 0 if current has the requested access, error code otherwise |
2418 | */ | 2418 | */ |
2419 | static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | 2419 | static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, |
2420 | int msqflg) | 2420 | int msqflg) |
2421 | { | 2421 | { |
2422 | int may; | 2422 | int may; |
2423 | 2423 | ||
2424 | may = smack_flags_to_may(msqflg); | 2424 | may = smack_flags_to_may(msqflg); |
2425 | return smk_curacc_msq(msq, may); | 2425 | return smk_curacc_msq(msq, may); |
2426 | } | 2426 | } |
2427 | 2427 | ||
2428 | /** | 2428 | /** |
2429 | * smack_msg_queue_msgsnd - Smack access check for msg_queue | 2429 | * smack_msg_queue_msgsnd - Smack access check for msg_queue |
2430 | * @msq: the object | 2430 | * @msq: the object |
2431 | * @msg: unused | 2431 | * @msg: unused |
2432 | * @target: unused | 2432 | * @target: unused |
2433 | * @type: unused | 2433 | * @type: unused |
2434 | * @mode: unused | 2434 | * @mode: unused |
2435 | * | 2435 | * |
2436 | * Returns 0 if current has read and write access, error code otherwise | 2436 | * Returns 0 if current has read and write access, error code otherwise |
2437 | */ | 2437 | */ |
2438 | static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | 2438 | static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, |
2439 | struct task_struct *target, long type, int mode) | 2439 | struct task_struct *target, long type, int mode) |
2440 | { | 2440 | { |
2441 | return smk_curacc_msq(msq, MAY_READWRITE); | 2441 | return smk_curacc_msq(msq, MAY_READWRITE); |
2442 | } | 2442 | } |
2443 | 2443 | ||
2444 | /** | 2444 | /** |
2445 | * smack_ipc_permission - Smack access for ipc_permission() | 2445 | * smack_ipc_permission - Smack access for ipc_permission() |
2446 | * @ipp: the object permissions | 2446 | * @ipp: the object permissions |
2447 | * @flag: access requested | 2447 | * @flag: access requested |
2448 | * | 2448 | * |
2449 | * Returns 0 if current has read and write access, error code otherwise | 2449 | * Returns 0 if current has read and write access, error code otherwise |
2450 | */ | 2450 | */ |
2451 | static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) | 2451 | static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) |
2452 | { | 2452 | { |
2453 | char *isp = ipp->security; | 2453 | char *isp = ipp->security; |
2454 | int may = smack_flags_to_may(flag); | 2454 | int may = smack_flags_to_may(flag); |
2455 | struct smk_audit_info ad; | 2455 | struct smk_audit_info ad; |
2456 | 2456 | ||
2457 | #ifdef CONFIG_AUDIT | 2457 | #ifdef CONFIG_AUDIT |
2458 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); | 2458 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); |
2459 | ad.a.u.ipc_id = ipp->id; | 2459 | ad.a.u.ipc_id = ipp->id; |
2460 | #endif | 2460 | #endif |
2461 | return smk_curacc(isp, may, &ad); | 2461 | return smk_curacc(isp, may, &ad); |
2462 | } | 2462 | } |
2463 | 2463 | ||
2464 | /** | 2464 | /** |
2465 | * smack_ipc_getsecid - Extract smack security id | 2465 | * smack_ipc_getsecid - Extract smack security id |
2466 | * @ipp: the object permissions | 2466 | * @ipp: the object permissions |
2467 | * @secid: where result will be saved | 2467 | * @secid: where result will be saved |
2468 | */ | 2468 | */ |
2469 | static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) | 2469 | static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) |
2470 | { | 2470 | { |
2471 | char *smack = ipp->security; | 2471 | char *smack = ipp->security; |
2472 | 2472 | ||
2473 | *secid = smack_to_secid(smack); | 2473 | *secid = smack_to_secid(smack); |
2474 | } | 2474 | } |
2475 | 2475 | ||
2476 | /** | 2476 | /** |
2477 | * smack_d_instantiate - Make sure the blob is correct on an inode | 2477 | * smack_d_instantiate - Make sure the blob is correct on an inode |
2478 | * @opt_dentry: dentry where inode will be attached | 2478 | * @opt_dentry: dentry where inode will be attached |
2479 | * @inode: the object | 2479 | * @inode: the object |
2480 | * | 2480 | * |
2481 | * Set the inode's security blob if it hasn't been done already. | 2481 | * Set the inode's security blob if it hasn't been done already. |
2482 | */ | 2482 | */ |
2483 | static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) | 2483 | static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) |
2484 | { | 2484 | { |
2485 | struct super_block *sbp; | 2485 | struct super_block *sbp; |
2486 | struct superblock_smack *sbsp; | 2486 | struct superblock_smack *sbsp; |
2487 | struct inode_smack *isp; | 2487 | struct inode_smack *isp; |
2488 | char *csp = smk_of_current(); | 2488 | char *csp = smk_of_current(); |
2489 | char *fetched; | 2489 | char *fetched; |
2490 | char *final; | 2490 | char *final; |
2491 | char trattr[TRANS_TRUE_SIZE]; | 2491 | char trattr[TRANS_TRUE_SIZE]; |
2492 | int transflag = 0; | 2492 | int transflag = 0; |
2493 | struct dentry *dp; | 2493 | struct dentry *dp; |
2494 | 2494 | ||
2495 | if (inode == NULL) | 2495 | if (inode == NULL) |
2496 | return; | 2496 | return; |
2497 | 2497 | ||
2498 | isp = inode->i_security; | 2498 | isp = inode->i_security; |
2499 | 2499 | ||
2500 | mutex_lock(&isp->smk_lock); | 2500 | mutex_lock(&isp->smk_lock); |
2501 | /* | 2501 | /* |
2502 | * If the inode is already instantiated | 2502 | * If the inode is already instantiated |
2503 | * take the quick way out | 2503 | * take the quick way out |
2504 | */ | 2504 | */ |
2505 | if (isp->smk_flags & SMK_INODE_INSTANT) | 2505 | if (isp->smk_flags & SMK_INODE_INSTANT) |
2506 | goto unlockandout; | 2506 | goto unlockandout; |
2507 | 2507 | ||
2508 | sbp = inode->i_sb; | 2508 | sbp = inode->i_sb; |
2509 | sbsp = sbp->s_security; | 2509 | sbsp = sbp->s_security; |
2510 | /* | 2510 | /* |
2511 | * We're going to use the superblock default label | 2511 | * We're going to use the superblock default label |
2512 | * if there's no label on the file. | 2512 | * if there's no label on the file. |
2513 | */ | 2513 | */ |
2514 | final = sbsp->smk_default; | 2514 | final = sbsp->smk_default; |
2515 | 2515 | ||
2516 | /* | 2516 | /* |
2517 | * If this is the root inode the superblock | 2517 | * If this is the root inode the superblock |
2518 | * may be in the process of initialization. | 2518 | * may be in the process of initialization. |
2519 | * If that is the case use the root value out | 2519 | * If that is the case use the root value out |
2520 | * of the superblock. | 2520 | * of the superblock. |
2521 | */ | 2521 | */ |
2522 | if (opt_dentry->d_parent == opt_dentry) { | 2522 | if (opt_dentry->d_parent == opt_dentry) { |
2523 | isp->smk_inode = sbsp->smk_root; | 2523 | isp->smk_inode = sbsp->smk_root; |
2524 | isp->smk_flags |= SMK_INODE_INSTANT; | 2524 | isp->smk_flags |= SMK_INODE_INSTANT; |
2525 | goto unlockandout; | 2525 | goto unlockandout; |
2526 | } | 2526 | } |
2527 | 2527 | ||
2528 | /* | 2528 | /* |
2529 | * This is pretty hackish. | 2529 | * This is pretty hackish. |
2530 | * Casey says that we shouldn't have to do | 2530 | * Casey says that we shouldn't have to do |
2531 | * file system specific code, but it does help | 2531 | * file system specific code, but it does help |
2532 | * with keeping it simple. | 2532 | * with keeping it simple. |
2533 | */ | 2533 | */ |
2534 | switch (sbp->s_magic) { | 2534 | switch (sbp->s_magic) { |
2535 | case SMACK_MAGIC: | 2535 | case SMACK_MAGIC: |
2536 | /* | 2536 | /* |
2537 | * Casey says that it's a little embarassing | 2537 | * Casey says that it's a little embarassing |
2538 | * that the smack file system doesn't do | 2538 | * that the smack file system doesn't do |
2539 | * extended attributes. | 2539 | * extended attributes. |
2540 | */ | 2540 | */ |
2541 | final = smack_known_star.smk_known; | 2541 | final = smack_known_star.smk_known; |
2542 | break; | 2542 | break; |
2543 | case PIPEFS_MAGIC: | 2543 | case PIPEFS_MAGIC: |
2544 | /* | 2544 | /* |
2545 | * Casey says pipes are easy (?) | 2545 | * Casey says pipes are easy (?) |
2546 | */ | 2546 | */ |
2547 | final = smack_known_star.smk_known; | 2547 | final = smack_known_star.smk_known; |
2548 | break; | 2548 | break; |
2549 | case DEVPTS_SUPER_MAGIC: | 2549 | case DEVPTS_SUPER_MAGIC: |
2550 | /* | 2550 | /* |
2551 | * devpts seems content with the label of the task. | 2551 | * devpts seems content with the label of the task. |
2552 | * Programs that change smack have to treat the | 2552 | * Programs that change smack have to treat the |
2553 | * pty with respect. | 2553 | * pty with respect. |
2554 | */ | 2554 | */ |
2555 | final = csp; | 2555 | final = csp; |
2556 | break; | 2556 | break; |
2557 | case SOCKFS_MAGIC: | 2557 | case SOCKFS_MAGIC: |
2558 | /* | 2558 | /* |
2559 | * Socket access is controlled by the socket | 2559 | * Socket access is controlled by the socket |
2560 | * structures associated with the task involved. | 2560 | * structures associated with the task involved. |
2561 | */ | 2561 | */ |
2562 | final = smack_known_star.smk_known; | 2562 | final = smack_known_star.smk_known; |
2563 | break; | 2563 | break; |
2564 | case PROC_SUPER_MAGIC: | 2564 | case PROC_SUPER_MAGIC: |
2565 | /* | 2565 | /* |
2566 | * Casey says procfs appears not to care. | 2566 | * Casey says procfs appears not to care. |
2567 | * The superblock default suffices. | 2567 | * The superblock default suffices. |
2568 | */ | 2568 | */ |
2569 | break; | 2569 | break; |
2570 | case TMPFS_MAGIC: | 2570 | case TMPFS_MAGIC: |
2571 | /* | 2571 | /* |
2572 | * Device labels should come from the filesystem, | 2572 | * Device labels should come from the filesystem, |
2573 | * but watch out, because they're volitile, | 2573 | * but watch out, because they're volitile, |
2574 | * getting recreated on every reboot. | 2574 | * getting recreated on every reboot. |
2575 | */ | 2575 | */ |
2576 | final = smack_known_star.smk_known; | 2576 | final = smack_known_star.smk_known; |
2577 | /* | 2577 | /* |
2578 | * No break. | 2578 | * No break. |
2579 | * | 2579 | * |
2580 | * If a smack value has been set we want to use it, | 2580 | * If a smack value has been set we want to use it, |
2581 | * but since tmpfs isn't giving us the opportunity | 2581 | * but since tmpfs isn't giving us the opportunity |
2582 | * to set mount options simulate setting the | 2582 | * to set mount options simulate setting the |
2583 | * superblock default. | 2583 | * superblock default. |
2584 | */ | 2584 | */ |
2585 | default: | 2585 | default: |
2586 | /* | 2586 | /* |
2587 | * This isn't an understood special case. | 2587 | * This isn't an understood special case. |
2588 | * Get the value from the xattr. | 2588 | * Get the value from the xattr. |
2589 | */ | 2589 | */ |
2590 | 2590 | ||
2591 | /* | 2591 | /* |
2592 | * UNIX domain sockets use lower level socket data. | 2592 | * UNIX domain sockets use lower level socket data. |
2593 | */ | 2593 | */ |
2594 | if (S_ISSOCK(inode->i_mode)) { | 2594 | if (S_ISSOCK(inode->i_mode)) { |
2595 | final = smack_known_star.smk_known; | 2595 | final = smack_known_star.smk_known; |
2596 | break; | 2596 | break; |
2597 | } | 2597 | } |
2598 | /* | 2598 | /* |
2599 | * No xattr support means, alas, no SMACK label. | 2599 | * No xattr support means, alas, no SMACK label. |
2600 | * Use the aforeapplied default. | 2600 | * Use the aforeapplied default. |
2601 | * It would be curious if the label of the task | 2601 | * It would be curious if the label of the task |
2602 | * does not match that assigned. | 2602 | * does not match that assigned. |
2603 | */ | 2603 | */ |
2604 | if (inode->i_op->getxattr == NULL) | 2604 | if (inode->i_op->getxattr == NULL) |
2605 | break; | 2605 | break; |
2606 | /* | 2606 | /* |
2607 | * Get the dentry for xattr. | 2607 | * Get the dentry for xattr. |
2608 | */ | 2608 | */ |
2609 | dp = dget(opt_dentry); | 2609 | dp = dget(opt_dentry); |
2610 | fetched = smk_fetch(XATTR_NAME_SMACK, inode, dp); | 2610 | fetched = smk_fetch(XATTR_NAME_SMACK, inode, dp); |
2611 | if (fetched != NULL) { | 2611 | if (fetched != NULL) { |
2612 | final = fetched; | 2612 | final = fetched; |
2613 | if (S_ISDIR(inode->i_mode)) { | 2613 | if (S_ISDIR(inode->i_mode)) { |
2614 | trattr[0] = '\0'; | 2614 | trattr[0] = '\0'; |
2615 | inode->i_op->getxattr(dp, | 2615 | inode->i_op->getxattr(dp, |
2616 | XATTR_NAME_SMACKTRANSMUTE, | 2616 | XATTR_NAME_SMACKTRANSMUTE, |
2617 | trattr, TRANS_TRUE_SIZE); | 2617 | trattr, TRANS_TRUE_SIZE); |
2618 | if (strncmp(trattr, TRANS_TRUE, | 2618 | if (strncmp(trattr, TRANS_TRUE, |
2619 | TRANS_TRUE_SIZE) == 0) | 2619 | TRANS_TRUE_SIZE) == 0) |
2620 | transflag = SMK_INODE_TRANSMUTE; | 2620 | transflag = SMK_INODE_TRANSMUTE; |
2621 | } | 2621 | } |
2622 | } | 2622 | } |
2623 | isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); | 2623 | isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); |
2624 | isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); | 2624 | isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); |
2625 | 2625 | ||
2626 | dput(dp); | 2626 | dput(dp); |
2627 | break; | 2627 | break; |
2628 | } | 2628 | } |
2629 | 2629 | ||
2630 | if (final == NULL) | 2630 | if (final == NULL) |
2631 | isp->smk_inode = csp; | 2631 | isp->smk_inode = csp; |
2632 | else | 2632 | else |
2633 | isp->smk_inode = final; | 2633 | isp->smk_inode = final; |
2634 | 2634 | ||
2635 | isp->smk_flags |= (SMK_INODE_INSTANT | transflag); | 2635 | isp->smk_flags |= (SMK_INODE_INSTANT | transflag); |
2636 | 2636 | ||
2637 | unlockandout: | 2637 | unlockandout: |
2638 | mutex_unlock(&isp->smk_lock); | 2638 | mutex_unlock(&isp->smk_lock); |
2639 | return; | 2639 | return; |
2640 | } | 2640 | } |
2641 | 2641 | ||
2642 | /** | 2642 | /** |
2643 | * smack_getprocattr - Smack process attribute access | 2643 | * smack_getprocattr - Smack process attribute access |
2644 | * @p: the object task | 2644 | * @p: the object task |
2645 | * @name: the name of the attribute in /proc/.../attr | 2645 | * @name: the name of the attribute in /proc/.../attr |
2646 | * @value: where to put the result | 2646 | * @value: where to put the result |
2647 | * | 2647 | * |
2648 | * Places a copy of the task Smack into value | 2648 | * Places a copy of the task Smack into value |
2649 | * | 2649 | * |
2650 | * Returns the length of the smack label or an error code | 2650 | * Returns the length of the smack label or an error code |
2651 | */ | 2651 | */ |
2652 | static int smack_getprocattr(struct task_struct *p, char *name, char **value) | 2652 | static int smack_getprocattr(struct task_struct *p, char *name, char **value) |
2653 | { | 2653 | { |
2654 | char *cp; | 2654 | char *cp; |
2655 | int slen; | 2655 | int slen; |
2656 | 2656 | ||
2657 | if (strcmp(name, "current") != 0) | 2657 | if (strcmp(name, "current") != 0) |
2658 | return -EINVAL; | 2658 | return -EINVAL; |
2659 | 2659 | ||
2660 | cp = kstrdup(smk_of_task(task_security(p)), GFP_KERNEL); | 2660 | cp = kstrdup(smk_of_task(task_security(p)), GFP_KERNEL); |
2661 | if (cp == NULL) | 2661 | if (cp == NULL) |
2662 | return -ENOMEM; | 2662 | return -ENOMEM; |
2663 | 2663 | ||
2664 | slen = strlen(cp); | 2664 | slen = strlen(cp); |
2665 | *value = cp; | 2665 | *value = cp; |
2666 | return slen; | 2666 | return slen; |
2667 | } | 2667 | } |
2668 | 2668 | ||
2669 | /** | 2669 | /** |
2670 | * smack_setprocattr - Smack process attribute setting | 2670 | * smack_setprocattr - Smack process attribute setting |
2671 | * @p: the object task | 2671 | * @p: the object task |
2672 | * @name: the name of the attribute in /proc/.../attr | 2672 | * @name: the name of the attribute in /proc/.../attr |
2673 | * @value: the value to set | 2673 | * @value: the value to set |
2674 | * @size: the size of the value | 2674 | * @size: the size of the value |
2675 | * | 2675 | * |
2676 | * Sets the Smack value of the task. Only setting self | 2676 | * Sets the Smack value of the task. Only setting self |
2677 | * is permitted and only with privilege | 2677 | * is permitted and only with privilege |
2678 | * | 2678 | * |
2679 | * Returns the length of the smack label or an error code | 2679 | * Returns the length of the smack label or an error code |
2680 | */ | 2680 | */ |
2681 | static int smack_setprocattr(struct task_struct *p, char *name, | 2681 | static int smack_setprocattr(struct task_struct *p, char *name, |
2682 | void *value, size_t size) | 2682 | void *value, size_t size) |
2683 | { | 2683 | { |
2684 | int rc; | 2684 | int rc; |
2685 | struct task_smack *tsp; | 2685 | struct task_smack *tsp; |
2686 | struct task_smack *oldtsp; | 2686 | struct task_smack *oldtsp; |
2687 | struct cred *new; | 2687 | struct cred *new; |
2688 | char *newsmack; | 2688 | char *newsmack; |
2689 | 2689 | ||
2690 | /* | 2690 | /* |
2691 | * Changing another process' Smack value is too dangerous | 2691 | * Changing another process' Smack value is too dangerous |
2692 | * and supports no sane use case. | 2692 | * and supports no sane use case. |
2693 | */ | 2693 | */ |
2694 | if (p != current) | 2694 | if (p != current) |
2695 | return -EPERM; | 2695 | return -EPERM; |
2696 | 2696 | ||
2697 | if (!capable(CAP_MAC_ADMIN)) | 2697 | if (!capable(CAP_MAC_ADMIN)) |
2698 | return -EPERM; | 2698 | return -EPERM; |
2699 | 2699 | ||
2700 | if (value == NULL || size == 0 || size >= SMK_LABELLEN) | 2700 | if (value == NULL || size == 0 || size >= SMK_LABELLEN) |
2701 | return -EINVAL; | 2701 | return -EINVAL; |
2702 | 2702 | ||
2703 | if (strcmp(name, "current") != 0) | 2703 | if (strcmp(name, "current") != 0) |
2704 | return -EINVAL; | 2704 | return -EINVAL; |
2705 | 2705 | ||
2706 | newsmack = smk_import(value, size); | 2706 | newsmack = smk_import(value, size); |
2707 | if (newsmack == NULL) | 2707 | if (newsmack == NULL) |
2708 | return -EINVAL; | 2708 | return -EINVAL; |
2709 | 2709 | ||
2710 | /* | 2710 | /* |
2711 | * No process is ever allowed the web ("@") label. | 2711 | * No process is ever allowed the web ("@") label. |
2712 | */ | 2712 | */ |
2713 | if (newsmack == smack_known_web.smk_known) | 2713 | if (newsmack == smack_known_web.smk_known) |
2714 | return -EPERM; | 2714 | return -EPERM; |
2715 | 2715 | ||
2716 | oldtsp = p->cred->security; | 2716 | oldtsp = p->cred->security; |
2717 | new = prepare_creds(); | 2717 | new = prepare_creds(); |
2718 | if (new == NULL) | 2718 | if (new == NULL) |
2719 | return -ENOMEM; | 2719 | return -ENOMEM; |
2720 | 2720 | ||
2721 | tsp = new_task_smack(newsmack, oldtsp->smk_forked, GFP_KERNEL); | 2721 | tsp = new_task_smack(newsmack, oldtsp->smk_forked, GFP_KERNEL); |
2722 | if (tsp == NULL) { | 2722 | if (tsp == NULL) { |
2723 | kfree(new); | 2723 | kfree(new); |
2724 | return -ENOMEM; | 2724 | return -ENOMEM; |
2725 | } | 2725 | } |
2726 | rc = smk_copy_rules(&tsp->smk_rules, &oldtsp->smk_rules, GFP_KERNEL); | 2726 | rc = smk_copy_rules(&tsp->smk_rules, &oldtsp->smk_rules, GFP_KERNEL); |
2727 | if (rc != 0) | 2727 | if (rc != 0) |
2728 | return rc; | 2728 | return rc; |
2729 | 2729 | ||
2730 | new->security = tsp; | 2730 | new->security = tsp; |
2731 | commit_creds(new); | 2731 | commit_creds(new); |
2732 | return size; | 2732 | return size; |
2733 | } | 2733 | } |
2734 | 2734 | ||
2735 | /** | 2735 | /** |
2736 | * smack_unix_stream_connect - Smack access on UDS | 2736 | * smack_unix_stream_connect - Smack access on UDS |
2737 | * @sock: one sock | 2737 | * @sock: one sock |
2738 | * @other: the other sock | 2738 | * @other: the other sock |
2739 | * @newsk: unused | 2739 | * @newsk: unused |
2740 | * | 2740 | * |
2741 | * Return 0 if a subject with the smack of sock could access | 2741 | * Return 0 if a subject with the smack of sock could access |
2742 | * an object with the smack of other, otherwise an error code | 2742 | * an object with the smack of other, otherwise an error code |
2743 | */ | 2743 | */ |
2744 | static int smack_unix_stream_connect(struct sock *sock, | 2744 | static int smack_unix_stream_connect(struct sock *sock, |
2745 | struct sock *other, struct sock *newsk) | 2745 | struct sock *other, struct sock *newsk) |
2746 | { | 2746 | { |
2747 | struct socket_smack *ssp = sock->sk_security; | 2747 | struct socket_smack *ssp = sock->sk_security; |
2748 | struct socket_smack *osp = other->sk_security; | 2748 | struct socket_smack *osp = other->sk_security; |
2749 | struct smk_audit_info ad; | 2749 | struct smk_audit_info ad; |
2750 | int rc = 0; | 2750 | int rc = 0; |
2751 | 2751 | ||
2752 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); | 2752 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); |
2753 | smk_ad_setfield_u_net_sk(&ad, other); | 2753 | smk_ad_setfield_u_net_sk(&ad, other); |
2754 | 2754 | ||
2755 | if (!capable(CAP_MAC_OVERRIDE)) | 2755 | if (!capable(CAP_MAC_OVERRIDE)) |
2756 | rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); | 2756 | rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); |
2757 | 2757 | ||
2758 | return rc; | 2758 | return rc; |
2759 | } | 2759 | } |
2760 | 2760 | ||
2761 | /** | 2761 | /** |
2762 | * smack_unix_may_send - Smack access on UDS | 2762 | * smack_unix_may_send - Smack access on UDS |
2763 | * @sock: one socket | 2763 | * @sock: one socket |
2764 | * @other: the other socket | 2764 | * @other: the other socket |
2765 | * | 2765 | * |
2766 | * Return 0 if a subject with the smack of sock could access | 2766 | * Return 0 if a subject with the smack of sock could access |
2767 | * an object with the smack of other, otherwise an error code | 2767 | * an object with the smack of other, otherwise an error code |
2768 | */ | 2768 | */ |
2769 | static int smack_unix_may_send(struct socket *sock, struct socket *other) | 2769 | static int smack_unix_may_send(struct socket *sock, struct socket *other) |
2770 | { | 2770 | { |
2771 | struct socket_smack *ssp = sock->sk->sk_security; | 2771 | struct socket_smack *ssp = sock->sk->sk_security; |
2772 | struct socket_smack *osp = other->sk->sk_security; | 2772 | struct socket_smack *osp = other->sk->sk_security; |
2773 | struct smk_audit_info ad; | 2773 | struct smk_audit_info ad; |
2774 | int rc = 0; | 2774 | int rc = 0; |
2775 | 2775 | ||
2776 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); | 2776 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); |
2777 | smk_ad_setfield_u_net_sk(&ad, other->sk); | 2777 | smk_ad_setfield_u_net_sk(&ad, other->sk); |
2778 | 2778 | ||
2779 | if (!capable(CAP_MAC_OVERRIDE)) | 2779 | if (!capable(CAP_MAC_OVERRIDE)) |
2780 | rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); | 2780 | rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); |
2781 | 2781 | ||
2782 | return rc; | 2782 | return rc; |
2783 | } | 2783 | } |
2784 | 2784 | ||
2785 | /** | 2785 | /** |
2786 | * smack_socket_sendmsg - Smack check based on destination host | 2786 | * smack_socket_sendmsg - Smack check based on destination host |
2787 | * @sock: the socket | 2787 | * @sock: the socket |
2788 | * @msg: the message | 2788 | * @msg: the message |
2789 | * @size: the size of the message | 2789 | * @size: the size of the message |
2790 | * | 2790 | * |
2791 | * Return 0 if the current subject can write to the destination | 2791 | * Return 0 if the current subject can write to the destination |
2792 | * host. This is only a question if the destination is a single | 2792 | * host. This is only a question if the destination is a single |
2793 | * label host. | 2793 | * label host. |
2794 | */ | 2794 | */ |
2795 | static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, | 2795 | static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, |
2796 | int size) | 2796 | int size) |
2797 | { | 2797 | { |
2798 | struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; | 2798 | struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; |
2799 | 2799 | ||
2800 | /* | 2800 | /* |
2801 | * Perfectly reasonable for this to be NULL | 2801 | * Perfectly reasonable for this to be NULL |
2802 | */ | 2802 | */ |
2803 | if (sip == NULL || sip->sin_family != AF_INET) | 2803 | if (sip == NULL || sip->sin_family != AF_INET) |
2804 | return 0; | 2804 | return 0; |
2805 | 2805 | ||
2806 | return smack_netlabel_send(sock->sk, sip); | 2806 | return smack_netlabel_send(sock->sk, sip); |
2807 | } | 2807 | } |
2808 | 2808 | ||
2809 | 2809 | ||
2810 | /** | 2810 | /** |
2811 | * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack | 2811 | * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack |
2812 | * @sap: netlabel secattr | 2812 | * @sap: netlabel secattr |
2813 | * @sip: where to put the result | 2813 | * @sip: where to put the result |
2814 | * | 2814 | * |
2815 | * Copies a smack label into sip | 2815 | * Copies a smack label into sip |
2816 | */ | 2816 | */ |
2817 | static void smack_from_secattr(struct netlbl_lsm_secattr *sap, char *sip) | 2817 | static void smack_from_secattr(struct netlbl_lsm_secattr *sap, char *sip) |
2818 | { | 2818 | { |
2819 | char smack[SMK_LABELLEN]; | 2819 | char smack[SMK_LABELLEN]; |
2820 | char *sp; | 2820 | char *sp; |
2821 | int pcat; | 2821 | int pcat; |
2822 | 2822 | ||
2823 | if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { | 2823 | if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { |
2824 | /* | 2824 | /* |
2825 | * Looks like a CIPSO packet. | 2825 | * Looks like a CIPSO packet. |
2826 | * If there are flags but no level netlabel isn't | 2826 | * If there are flags but no level netlabel isn't |
2827 | * behaving the way we expect it to. | 2827 | * behaving the way we expect it to. |
2828 | * | 2828 | * |
2829 | * Get the categories, if any | 2829 | * Get the categories, if any |
2830 | * Without guidance regarding the smack value | 2830 | * Without guidance regarding the smack value |
2831 | * for the packet fall back on the network | 2831 | * for the packet fall back on the network |
2832 | * ambient value. | 2832 | * ambient value. |
2833 | */ | 2833 | */ |
2834 | memset(smack, '\0', SMK_LABELLEN); | 2834 | memset(smack, '\0', SMK_LABELLEN); |
2835 | if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0) | 2835 | if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0) |
2836 | for (pcat = -1;;) { | 2836 | for (pcat = -1;;) { |
2837 | pcat = netlbl_secattr_catmap_walk( | 2837 | pcat = netlbl_secattr_catmap_walk( |
2838 | sap->attr.mls.cat, pcat + 1); | 2838 | sap->attr.mls.cat, pcat + 1); |
2839 | if (pcat < 0) | 2839 | if (pcat < 0) |
2840 | break; | 2840 | break; |
2841 | smack_catset_bit(pcat, smack); | 2841 | smack_catset_bit(pcat, smack); |
2842 | } | 2842 | } |
2843 | /* | 2843 | /* |
2844 | * If it is CIPSO using smack direct mapping | 2844 | * If it is CIPSO using smack direct mapping |
2845 | * we are already done. WeeHee. | 2845 | * we are already done. WeeHee. |
2846 | */ | 2846 | */ |
2847 | if (sap->attr.mls.lvl == smack_cipso_direct) { | 2847 | if (sap->attr.mls.lvl == smack_cipso_direct) { |
2848 | memcpy(sip, smack, SMK_MAXLEN); | 2848 | memcpy(sip, smack, SMK_MAXLEN); |
2849 | return; | 2849 | return; |
2850 | } | 2850 | } |
2851 | /* | 2851 | /* |
2852 | * Look it up in the supplied table if it is not | 2852 | * Look it up in the supplied table if it is not |
2853 | * a direct mapping. | 2853 | * a direct mapping. |
2854 | */ | 2854 | */ |
2855 | smack_from_cipso(sap->attr.mls.lvl, smack, sip); | 2855 | smack_from_cipso(sap->attr.mls.lvl, smack, sip); |
2856 | return; | 2856 | return; |
2857 | } | 2857 | } |
2858 | if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { | 2858 | if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { |
2859 | /* | 2859 | /* |
2860 | * Looks like a fallback, which gives us a secid. | 2860 | * Looks like a fallback, which gives us a secid. |
2861 | */ | 2861 | */ |
2862 | sp = smack_from_secid(sap->attr.secid); | 2862 | sp = smack_from_secid(sap->attr.secid); |
2863 | /* | 2863 | /* |
2864 | * This has got to be a bug because it is | 2864 | * This has got to be a bug because it is |
2865 | * impossible to specify a fallback without | 2865 | * impossible to specify a fallback without |
2866 | * specifying the label, which will ensure | 2866 | * specifying the label, which will ensure |
2867 | * it has a secid, and the only way to get a | 2867 | * it has a secid, and the only way to get a |
2868 | * secid is from a fallback. | 2868 | * secid is from a fallback. |
2869 | */ | 2869 | */ |
2870 | BUG_ON(sp == NULL); | 2870 | BUG_ON(sp == NULL); |
2871 | strncpy(sip, sp, SMK_MAXLEN); | 2871 | strncpy(sip, sp, SMK_MAXLEN); |
2872 | return; | 2872 | return; |
2873 | } | 2873 | } |
2874 | /* | 2874 | /* |
2875 | * Without guidance regarding the smack value | 2875 | * Without guidance regarding the smack value |
2876 | * for the packet fall back on the network | 2876 | * for the packet fall back on the network |
2877 | * ambient value. | 2877 | * ambient value. |
2878 | */ | 2878 | */ |
2879 | strncpy(sip, smack_net_ambient, SMK_MAXLEN); | 2879 | strncpy(sip, smack_net_ambient, SMK_MAXLEN); |
2880 | return; | 2880 | return; |
2881 | } | 2881 | } |
2882 | 2882 | ||
2883 | /** | 2883 | /** |
2884 | * smack_socket_sock_rcv_skb - Smack packet delivery access check | 2884 | * smack_socket_sock_rcv_skb - Smack packet delivery access check |
2885 | * @sk: socket | 2885 | * @sk: socket |
2886 | * @skb: packet | 2886 | * @skb: packet |
2887 | * | 2887 | * |
2888 | * Returns 0 if the packet should be delivered, an error code otherwise | 2888 | * Returns 0 if the packet should be delivered, an error code otherwise |
2889 | */ | 2889 | */ |
2890 | static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | 2890 | static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) |
2891 | { | 2891 | { |
2892 | struct netlbl_lsm_secattr secattr; | 2892 | struct netlbl_lsm_secattr secattr; |
2893 | struct socket_smack *ssp = sk->sk_security; | 2893 | struct socket_smack *ssp = sk->sk_security; |
2894 | char smack[SMK_LABELLEN]; | 2894 | char smack[SMK_LABELLEN]; |
2895 | char *csp; | 2895 | char *csp; |
2896 | int rc; | 2896 | int rc; |
2897 | struct smk_audit_info ad; | 2897 | struct smk_audit_info ad; |
2898 | if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) | 2898 | if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) |
2899 | return 0; | 2899 | return 0; |
2900 | 2900 | ||
2901 | /* | 2901 | /* |
2902 | * Translate what netlabel gave us. | 2902 | * Translate what netlabel gave us. |
2903 | */ | 2903 | */ |
2904 | netlbl_secattr_init(&secattr); | 2904 | netlbl_secattr_init(&secattr); |
2905 | 2905 | ||
2906 | rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); | 2906 | rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); |
2907 | if (rc == 0) { | 2907 | if (rc == 0) { |
2908 | smack_from_secattr(&secattr, smack); | 2908 | smack_from_secattr(&secattr, smack); |
2909 | csp = smack; | 2909 | csp = smack; |
2910 | } else | 2910 | } else |
2911 | csp = smack_net_ambient; | 2911 | csp = smack_net_ambient; |
2912 | 2912 | ||
2913 | netlbl_secattr_destroy(&secattr); | 2913 | netlbl_secattr_destroy(&secattr); |
2914 | 2914 | ||
2915 | #ifdef CONFIG_AUDIT | 2915 | #ifdef CONFIG_AUDIT |
2916 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); | 2916 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); |
2917 | ad.a.u.net.family = sk->sk_family; | 2917 | ad.a.u.net.family = sk->sk_family; |
2918 | ad.a.u.net.netif = skb->skb_iif; | 2918 | ad.a.u.net.netif = skb->skb_iif; |
2919 | ipv4_skb_to_auditdata(skb, &ad.a, NULL); | 2919 | ipv4_skb_to_auditdata(skb, &ad.a, NULL); |
2920 | #endif | 2920 | #endif |
2921 | /* | 2921 | /* |
2922 | * Receiving a packet requires that the other end | 2922 | * Receiving a packet requires that the other end |
2923 | * be able to write here. Read access is not required. | 2923 | * be able to write here. Read access is not required. |
2924 | * This is the simplist possible security model | 2924 | * This is the simplist possible security model |
2925 | * for networking. | 2925 | * for networking. |
2926 | */ | 2926 | */ |
2927 | rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad); | 2927 | rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad); |
2928 | if (rc != 0) | 2928 | if (rc != 0) |
2929 | netlbl_skbuff_err(skb, rc, 0); | 2929 | netlbl_skbuff_err(skb, rc, 0); |
2930 | return rc; | 2930 | return rc; |
2931 | } | 2931 | } |
2932 | 2932 | ||
2933 | /** | 2933 | /** |
2934 | * smack_socket_getpeersec_stream - pull in packet label | 2934 | * smack_socket_getpeersec_stream - pull in packet label |
2935 | * @sock: the socket | 2935 | * @sock: the socket |
2936 | * @optval: user's destination | 2936 | * @optval: user's destination |
2937 | * @optlen: size thereof | 2937 | * @optlen: size thereof |
2938 | * @len: max thereof | 2938 | * @len: max thereof |
2939 | * | 2939 | * |
2940 | * returns zero on success, an error code otherwise | 2940 | * returns zero on success, an error code otherwise |
2941 | */ | 2941 | */ |
2942 | static int smack_socket_getpeersec_stream(struct socket *sock, | 2942 | static int smack_socket_getpeersec_stream(struct socket *sock, |
2943 | char __user *optval, | 2943 | char __user *optval, |
2944 | int __user *optlen, unsigned len) | 2944 | int __user *optlen, unsigned len) |
2945 | { | 2945 | { |
2946 | struct socket_smack *ssp; | 2946 | struct socket_smack *ssp; |
2947 | int slen; | 2947 | int slen; |
2948 | int rc = 0; | 2948 | int rc = 0; |
2949 | 2949 | ||
2950 | ssp = sock->sk->sk_security; | 2950 | ssp = sock->sk->sk_security; |
2951 | slen = strlen(ssp->smk_packet) + 1; | 2951 | slen = strlen(ssp->smk_packet) + 1; |
2952 | 2952 | ||
2953 | if (slen > len) | 2953 | if (slen > len) |
2954 | rc = -ERANGE; | 2954 | rc = -ERANGE; |
2955 | else if (copy_to_user(optval, ssp->smk_packet, slen) != 0) | 2955 | else if (copy_to_user(optval, ssp->smk_packet, slen) != 0) |
2956 | rc = -EFAULT; | 2956 | rc = -EFAULT; |
2957 | 2957 | ||
2958 | if (put_user(slen, optlen) != 0) | 2958 | if (put_user(slen, optlen) != 0) |
2959 | rc = -EFAULT; | 2959 | rc = -EFAULT; |
2960 | 2960 | ||
2961 | return rc; | 2961 | return rc; |
2962 | } | 2962 | } |
2963 | 2963 | ||
2964 | 2964 | ||
2965 | /** | 2965 | /** |
2966 | * smack_socket_getpeersec_dgram - pull in packet label | 2966 | * smack_socket_getpeersec_dgram - pull in packet label |
2967 | * @sock: the peer socket | 2967 | * @sock: the peer socket |
2968 | * @skb: packet data | 2968 | * @skb: packet data |
2969 | * @secid: pointer to where to put the secid of the packet | 2969 | * @secid: pointer to where to put the secid of the packet |
2970 | * | 2970 | * |
2971 | * Sets the netlabel socket state on sk from parent | 2971 | * Sets the netlabel socket state on sk from parent |
2972 | */ | 2972 | */ |
2973 | static int smack_socket_getpeersec_dgram(struct socket *sock, | 2973 | static int smack_socket_getpeersec_dgram(struct socket *sock, |
2974 | struct sk_buff *skb, u32 *secid) | 2974 | struct sk_buff *skb, u32 *secid) |
2975 | 2975 | ||
2976 | { | 2976 | { |
2977 | struct netlbl_lsm_secattr secattr; | 2977 | struct netlbl_lsm_secattr secattr; |
2978 | struct socket_smack *sp; | 2978 | struct socket_smack *sp; |
2979 | char smack[SMK_LABELLEN]; | 2979 | char smack[SMK_LABELLEN]; |
2980 | int family = PF_UNSPEC; | 2980 | int family = PF_UNSPEC; |
2981 | u32 s = 0; /* 0 is the invalid secid */ | 2981 | u32 s = 0; /* 0 is the invalid secid */ |
2982 | int rc; | 2982 | int rc; |
2983 | 2983 | ||
2984 | if (skb != NULL) { | 2984 | if (skb != NULL) { |
2985 | if (skb->protocol == htons(ETH_P_IP)) | 2985 | if (skb->protocol == htons(ETH_P_IP)) |
2986 | family = PF_INET; | 2986 | family = PF_INET; |
2987 | else if (skb->protocol == htons(ETH_P_IPV6)) | 2987 | else if (skb->protocol == htons(ETH_P_IPV6)) |
2988 | family = PF_INET6; | 2988 | family = PF_INET6; |
2989 | } | 2989 | } |
2990 | if (family == PF_UNSPEC && sock != NULL) | 2990 | if (family == PF_UNSPEC && sock != NULL) |
2991 | family = sock->sk->sk_family; | 2991 | family = sock->sk->sk_family; |
2992 | 2992 | ||
2993 | if (family == PF_UNIX) { | 2993 | if (family == PF_UNIX) { |
2994 | sp = sock->sk->sk_security; | 2994 | sp = sock->sk->sk_security; |
2995 | s = smack_to_secid(sp->smk_out); | 2995 | s = smack_to_secid(sp->smk_out); |
2996 | } else if (family == PF_INET || family == PF_INET6) { | 2996 | } else if (family == PF_INET || family == PF_INET6) { |
2997 | /* | 2997 | /* |
2998 | * Translate what netlabel gave us. | 2998 | * Translate what netlabel gave us. |
2999 | */ | 2999 | */ |
3000 | netlbl_secattr_init(&secattr); | 3000 | netlbl_secattr_init(&secattr); |
3001 | rc = netlbl_skbuff_getattr(skb, family, &secattr); | 3001 | rc = netlbl_skbuff_getattr(skb, family, &secattr); |
3002 | if (rc == 0) { | 3002 | if (rc == 0) { |
3003 | smack_from_secattr(&secattr, smack); | 3003 | smack_from_secattr(&secattr, smack); |
3004 | s = smack_to_secid(smack); | 3004 | s = smack_to_secid(smack); |
3005 | } | 3005 | } |
3006 | netlbl_secattr_destroy(&secattr); | 3006 | netlbl_secattr_destroy(&secattr); |
3007 | } | 3007 | } |
3008 | *secid = s; | 3008 | *secid = s; |
3009 | if (s == 0) | 3009 | if (s == 0) |
3010 | return -EINVAL; | 3010 | return -EINVAL; |
3011 | return 0; | 3011 | return 0; |
3012 | } | 3012 | } |
3013 | 3013 | ||
3014 | /** | 3014 | /** |
3015 | * smack_sock_graft - Initialize a newly created socket with an existing sock | 3015 | * smack_sock_graft - Initialize a newly created socket with an existing sock |
3016 | * @sk: child sock | 3016 | * @sk: child sock |
3017 | * @parent: parent socket | 3017 | * @parent: parent socket |
3018 | * | 3018 | * |
3019 | * Set the smk_{in,out} state of an existing sock based on the process that | 3019 | * Set the smk_{in,out} state of an existing sock based on the process that |
3020 | * is creating the new socket. | 3020 | * is creating the new socket. |
3021 | */ | 3021 | */ |
3022 | static void smack_sock_graft(struct sock *sk, struct socket *parent) | 3022 | static void smack_sock_graft(struct sock *sk, struct socket *parent) |
3023 | { | 3023 | { |
3024 | struct socket_smack *ssp; | 3024 | struct socket_smack *ssp; |
3025 | 3025 | ||
3026 | if (sk == NULL || | 3026 | if (sk == NULL || |
3027 | (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) | 3027 | (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) |
3028 | return; | 3028 | return; |
3029 | 3029 | ||
3030 | ssp = sk->sk_security; | 3030 | ssp = sk->sk_security; |
3031 | ssp->smk_in = ssp->smk_out = smk_of_current(); | 3031 | ssp->smk_in = ssp->smk_out = smk_of_current(); |
3032 | /* cssp->smk_packet is already set in smack_inet_csk_clone() */ | 3032 | /* cssp->smk_packet is already set in smack_inet_csk_clone() */ |
3033 | } | 3033 | } |
3034 | 3034 | ||
3035 | /** | 3035 | /** |
3036 | * smack_inet_conn_request - Smack access check on connect | 3036 | * smack_inet_conn_request - Smack access check on connect |
3037 | * @sk: socket involved | 3037 | * @sk: socket involved |
3038 | * @skb: packet | 3038 | * @skb: packet |
3039 | * @req: unused | 3039 | * @req: unused |
3040 | * | 3040 | * |
3041 | * Returns 0 if a task with the packet label could write to | 3041 | * Returns 0 if a task with the packet label could write to |
3042 | * the socket, otherwise an error code | 3042 | * the socket, otherwise an error code |
3043 | */ | 3043 | */ |
3044 | static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, | 3044 | static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, |
3045 | struct request_sock *req) | 3045 | struct request_sock *req) |
3046 | { | 3046 | { |
3047 | u16 family = sk->sk_family; | 3047 | u16 family = sk->sk_family; |
3048 | struct socket_smack *ssp = sk->sk_security; | 3048 | struct socket_smack *ssp = sk->sk_security; |
3049 | struct netlbl_lsm_secattr secattr; | 3049 | struct netlbl_lsm_secattr secattr; |
3050 | struct sockaddr_in addr; | 3050 | struct sockaddr_in addr; |
3051 | struct iphdr *hdr; | 3051 | struct iphdr *hdr; |
3052 | char smack[SMK_LABELLEN]; | 3052 | char smack[SMK_LABELLEN]; |
3053 | int rc; | 3053 | int rc; |
3054 | struct smk_audit_info ad; | 3054 | struct smk_audit_info ad; |
3055 | 3055 | ||
3056 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ | 3056 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ |
3057 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) | 3057 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) |
3058 | family = PF_INET; | 3058 | family = PF_INET; |
3059 | 3059 | ||
3060 | netlbl_secattr_init(&secattr); | 3060 | netlbl_secattr_init(&secattr); |
3061 | rc = netlbl_skbuff_getattr(skb, family, &secattr); | 3061 | rc = netlbl_skbuff_getattr(skb, family, &secattr); |
3062 | if (rc == 0) | 3062 | if (rc == 0) |
3063 | smack_from_secattr(&secattr, smack); | 3063 | smack_from_secattr(&secattr, smack); |
3064 | else | 3064 | else |
3065 | strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); | 3065 | strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); |
3066 | netlbl_secattr_destroy(&secattr); | 3066 | netlbl_secattr_destroy(&secattr); |
3067 | 3067 | ||
3068 | #ifdef CONFIG_AUDIT | 3068 | #ifdef CONFIG_AUDIT |
3069 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); | 3069 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); |
3070 | ad.a.u.net.family = family; | 3070 | ad.a.u.net.family = family; |
3071 | ad.a.u.net.netif = skb->skb_iif; | 3071 | ad.a.u.net.netif = skb->skb_iif; |
3072 | ipv4_skb_to_auditdata(skb, &ad.a, NULL); | 3072 | ipv4_skb_to_auditdata(skb, &ad.a, NULL); |
3073 | #endif | 3073 | #endif |
3074 | /* | 3074 | /* |
3075 | * Receiving a packet requires that the other end be able to write | 3075 | * Receiving a packet requires that the other end be able to write |
3076 | * here. Read access is not required. | 3076 | * here. Read access is not required. |
3077 | */ | 3077 | */ |
3078 | rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad); | 3078 | rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad); |
3079 | if (rc != 0) | 3079 | if (rc != 0) |
3080 | return rc; | 3080 | return rc; |
3081 | 3081 | ||
3082 | /* | 3082 | /* |
3083 | * Save the peer's label in the request_sock so we can later setup | 3083 | * Save the peer's label in the request_sock so we can later setup |
3084 | * smk_packet in the child socket so that SO_PEERCRED can report it. | 3084 | * smk_packet in the child socket so that SO_PEERCRED can report it. |
3085 | */ | 3085 | */ |
3086 | req->peer_secid = smack_to_secid(smack); | 3086 | req->peer_secid = smack_to_secid(smack); |
3087 | 3087 | ||
3088 | /* | 3088 | /* |
3089 | * We need to decide if we want to label the incoming connection here | 3089 | * We need to decide if we want to label the incoming connection here |
3090 | * if we do we only need to label the request_sock and the stack will | 3090 | * if we do we only need to label the request_sock and the stack will |
3091 | * propogate the wire-label to the sock when it is created. | 3091 | * propogate the wire-label to the sock when it is created. |
3092 | */ | 3092 | */ |
3093 | hdr = ip_hdr(skb); | 3093 | hdr = ip_hdr(skb); |
3094 | addr.sin_addr.s_addr = hdr->saddr; | 3094 | addr.sin_addr.s_addr = hdr->saddr; |
3095 | rcu_read_lock(); | 3095 | rcu_read_lock(); |
3096 | if (smack_host_label(&addr) == NULL) { | 3096 | if (smack_host_label(&addr) == NULL) { |
3097 | rcu_read_unlock(); | 3097 | rcu_read_unlock(); |
3098 | netlbl_secattr_init(&secattr); | 3098 | netlbl_secattr_init(&secattr); |
3099 | smack_to_secattr(smack, &secattr); | 3099 | smack_to_secattr(smack, &secattr); |
3100 | rc = netlbl_req_setattr(req, &secattr); | 3100 | rc = netlbl_req_setattr(req, &secattr); |
3101 | netlbl_secattr_destroy(&secattr); | 3101 | netlbl_secattr_destroy(&secattr); |
3102 | } else { | 3102 | } else { |
3103 | rcu_read_unlock(); | 3103 | rcu_read_unlock(); |
3104 | netlbl_req_delattr(req); | 3104 | netlbl_req_delattr(req); |
3105 | } | 3105 | } |
3106 | 3106 | ||
3107 | return rc; | 3107 | return rc; |
3108 | } | 3108 | } |
3109 | 3109 | ||
3110 | /** | 3110 | /** |
3111 | * smack_inet_csk_clone - Copy the connection information to the new socket | 3111 | * smack_inet_csk_clone - Copy the connection information to the new socket |
3112 | * @sk: the new socket | 3112 | * @sk: the new socket |
3113 | * @req: the connection's request_sock | 3113 | * @req: the connection's request_sock |
3114 | * | 3114 | * |
3115 | * Transfer the connection's peer label to the newly created socket. | 3115 | * Transfer the connection's peer label to the newly created socket. |
3116 | */ | 3116 | */ |
3117 | static void smack_inet_csk_clone(struct sock *sk, | 3117 | static void smack_inet_csk_clone(struct sock *sk, |
3118 | const struct request_sock *req) | 3118 | const struct request_sock *req) |
3119 | { | 3119 | { |
3120 | struct socket_smack *ssp = sk->sk_security; | 3120 | struct socket_smack *ssp = sk->sk_security; |
3121 | char *smack; | 3121 | char *smack; |
3122 | 3122 | ||
3123 | if (req->peer_secid != 0) { | 3123 | if (req->peer_secid != 0) { |
3124 | smack = smack_from_secid(req->peer_secid); | 3124 | smack = smack_from_secid(req->peer_secid); |
3125 | strncpy(ssp->smk_packet, smack, SMK_MAXLEN); | 3125 | strncpy(ssp->smk_packet, smack, SMK_MAXLEN); |
3126 | } else | 3126 | } else |
3127 | ssp->smk_packet[0] = '\0'; | 3127 | ssp->smk_packet[0] = '\0'; |
3128 | } | 3128 | } |
3129 | 3129 | ||
3130 | /* | 3130 | /* |
3131 | * Key management security hooks | 3131 | * Key management security hooks |
3132 | * | 3132 | * |
3133 | * Casey has not tested key support very heavily. | 3133 | * Casey has not tested key support very heavily. |
3134 | * The permission check is most likely too restrictive. | 3134 | * The permission check is most likely too restrictive. |
3135 | * If you care about keys please have a look. | 3135 | * If you care about keys please have a look. |
3136 | */ | 3136 | */ |
3137 | #ifdef CONFIG_KEYS | 3137 | #ifdef CONFIG_KEYS |
3138 | 3138 | ||
3139 | /** | 3139 | /** |
3140 | * smack_key_alloc - Set the key security blob | 3140 | * smack_key_alloc - Set the key security blob |
3141 | * @key: object | 3141 | * @key: object |
3142 | * @cred: the credentials to use | 3142 | * @cred: the credentials to use |
3143 | * @flags: unused | 3143 | * @flags: unused |
3144 | * | 3144 | * |
3145 | * No allocation required | 3145 | * No allocation required |
3146 | * | 3146 | * |
3147 | * Returns 0 | 3147 | * Returns 0 |
3148 | */ | 3148 | */ |
3149 | static int smack_key_alloc(struct key *key, const struct cred *cred, | 3149 | static int smack_key_alloc(struct key *key, const struct cred *cred, |
3150 | unsigned long flags) | 3150 | unsigned long flags) |
3151 | { | 3151 | { |
3152 | key->security = smk_of_task(cred->security); | 3152 | key->security = smk_of_task(cred->security); |
3153 | return 0; | 3153 | return 0; |
3154 | } | 3154 | } |
3155 | 3155 | ||
3156 | /** | 3156 | /** |
3157 | * smack_key_free - Clear the key security blob | 3157 | * smack_key_free - Clear the key security blob |
3158 | * @key: the object | 3158 | * @key: the object |
3159 | * | 3159 | * |
3160 | * Clear the blob pointer | 3160 | * Clear the blob pointer |
3161 | */ | 3161 | */ |
3162 | static void smack_key_free(struct key *key) | 3162 | static void smack_key_free(struct key *key) |
3163 | { | 3163 | { |
3164 | key->security = NULL; | 3164 | key->security = NULL; |
3165 | } | 3165 | } |
3166 | 3166 | ||
3167 | /* | 3167 | /* |
3168 | * smack_key_permission - Smack access on a key | 3168 | * smack_key_permission - Smack access on a key |
3169 | * @key_ref: gets to the object | 3169 | * @key_ref: gets to the object |
3170 | * @cred: the credentials to use | 3170 | * @cred: the credentials to use |
3171 | * @perm: unused | 3171 | * @perm: unused |
3172 | * | 3172 | * |
3173 | * Return 0 if the task has read and write to the object, | 3173 | * Return 0 if the task has read and write to the object, |
3174 | * an error code otherwise | 3174 | * an error code otherwise |
3175 | */ | 3175 | */ |
3176 | static int smack_key_permission(key_ref_t key_ref, | 3176 | static int smack_key_permission(key_ref_t key_ref, |
3177 | const struct cred *cred, key_perm_t perm) | 3177 | const struct cred *cred, key_perm_t perm) |
3178 | { | 3178 | { |
3179 | struct key *keyp; | 3179 | struct key *keyp; |
3180 | struct smk_audit_info ad; | 3180 | struct smk_audit_info ad; |
3181 | char *tsp = smk_of_task(cred->security); | 3181 | char *tsp = smk_of_task(cred->security); |
3182 | 3182 | ||
3183 | keyp = key_ref_to_ptr(key_ref); | 3183 | keyp = key_ref_to_ptr(key_ref); |
3184 | if (keyp == NULL) | 3184 | if (keyp == NULL) |
3185 | return -EINVAL; | 3185 | return -EINVAL; |
3186 | /* | 3186 | /* |
3187 | * If the key hasn't been initialized give it access so that | 3187 | * If the key hasn't been initialized give it access so that |
3188 | * it may do so. | 3188 | * it may do so. |
3189 | */ | 3189 | */ |
3190 | if (keyp->security == NULL) | 3190 | if (keyp->security == NULL) |
3191 | return 0; | 3191 | return 0; |
3192 | /* | 3192 | /* |
3193 | * This should not occur | 3193 | * This should not occur |
3194 | */ | 3194 | */ |
3195 | if (tsp == NULL) | 3195 | if (tsp == NULL) |
3196 | return -EACCES; | 3196 | return -EACCES; |
3197 | #ifdef CONFIG_AUDIT | 3197 | #ifdef CONFIG_AUDIT |
3198 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); | 3198 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); |
3199 | ad.a.u.key_struct.key = keyp->serial; | 3199 | ad.a.u.key_struct.key = keyp->serial; |
3200 | ad.a.u.key_struct.key_desc = keyp->description; | 3200 | ad.a.u.key_struct.key_desc = keyp->description; |
3201 | #endif | 3201 | #endif |
3202 | return smk_access(tsp, keyp->security, | 3202 | return smk_access(tsp, keyp->security, |
3203 | MAY_READWRITE, &ad); | 3203 | MAY_READWRITE, &ad); |
3204 | } | 3204 | } |
3205 | #endif /* CONFIG_KEYS */ | 3205 | #endif /* CONFIG_KEYS */ |
3206 | 3206 | ||
3207 | /* | 3207 | /* |
3208 | * Smack Audit hooks | 3208 | * Smack Audit hooks |
3209 | * | 3209 | * |
3210 | * Audit requires a unique representation of each Smack specific | 3210 | * Audit requires a unique representation of each Smack specific |
3211 | * rule. This unique representation is used to distinguish the | 3211 | * rule. This unique representation is used to distinguish the |
3212 | * object to be audited from remaining kernel objects and also | 3212 | * object to be audited from remaining kernel objects and also |
3213 | * works as a glue between the audit hooks. | 3213 | * works as a glue between the audit hooks. |
3214 | * | 3214 | * |
3215 | * Since repository entries are added but never deleted, we'll use | 3215 | * Since repository entries are added but never deleted, we'll use |
3216 | * the smack_known label address related to the given audit rule as | 3216 | * the smack_known label address related to the given audit rule as |
3217 | * the needed unique representation. This also better fits the smack | 3217 | * the needed unique representation. This also better fits the smack |
3218 | * model where nearly everything is a label. | 3218 | * model where nearly everything is a label. |
3219 | */ | 3219 | */ |
3220 | #ifdef CONFIG_AUDIT | 3220 | #ifdef CONFIG_AUDIT |
3221 | 3221 | ||
3222 | /** | 3222 | /** |
3223 | * smack_audit_rule_init - Initialize a smack audit rule | 3223 | * smack_audit_rule_init - Initialize a smack audit rule |
3224 | * @field: audit rule fields given from user-space (audit.h) | 3224 | * @field: audit rule fields given from user-space (audit.h) |
3225 | * @op: required testing operator (=, !=, >, <, ...) | 3225 | * @op: required testing operator (=, !=, >, <, ...) |
3226 | * @rulestr: smack label to be audited | 3226 | * @rulestr: smack label to be audited |
3227 | * @vrule: pointer to save our own audit rule representation | 3227 | * @vrule: pointer to save our own audit rule representation |
3228 | * | 3228 | * |
3229 | * Prepare to audit cases where (@field @op @rulestr) is true. | 3229 | * Prepare to audit cases where (@field @op @rulestr) is true. |
3230 | * The label to be audited is created if necessay. | 3230 | * The label to be audited is created if necessay. |
3231 | */ | 3231 | */ |
3232 | static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) | 3232 | static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) |
3233 | { | 3233 | { |
3234 | char **rule = (char **)vrule; | 3234 | char **rule = (char **)vrule; |
3235 | *rule = NULL; | 3235 | *rule = NULL; |
3236 | 3236 | ||
3237 | if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) | 3237 | if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) |
3238 | return -EINVAL; | 3238 | return -EINVAL; |
3239 | 3239 | ||
3240 | if (op != Audit_equal && op != Audit_not_equal) | 3240 | if (op != Audit_equal && op != Audit_not_equal) |
3241 | return -EINVAL; | 3241 | return -EINVAL; |
3242 | 3242 | ||
3243 | *rule = smk_import(rulestr, 0); | 3243 | *rule = smk_import(rulestr, 0); |
3244 | 3244 | ||
3245 | return 0; | 3245 | return 0; |
3246 | } | 3246 | } |
3247 | 3247 | ||
3248 | /** | 3248 | /** |
3249 | * smack_audit_rule_known - Distinguish Smack audit rules | 3249 | * smack_audit_rule_known - Distinguish Smack audit rules |
3250 | * @krule: rule of interest, in Audit kernel representation format | 3250 | * @krule: rule of interest, in Audit kernel representation format |
3251 | * | 3251 | * |
3252 | * This is used to filter Smack rules from remaining Audit ones. | 3252 | * This is used to filter Smack rules from remaining Audit ones. |
3253 | * If it's proved that this rule belongs to us, the | 3253 | * If it's proved that this rule belongs to us, the |
3254 | * audit_rule_match hook will be called to do the final judgement. | 3254 | * audit_rule_match hook will be called to do the final judgement. |
3255 | */ | 3255 | */ |
3256 | static int smack_audit_rule_known(struct audit_krule *krule) | 3256 | static int smack_audit_rule_known(struct audit_krule *krule) |
3257 | { | 3257 | { |
3258 | struct audit_field *f; | 3258 | struct audit_field *f; |
3259 | int i; | 3259 | int i; |
3260 | 3260 | ||
3261 | for (i = 0; i < krule->field_count; i++) { | 3261 | for (i = 0; i < krule->field_count; i++) { |
3262 | f = &krule->fields[i]; | 3262 | f = &krule->fields[i]; |
3263 | 3263 | ||
3264 | if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) | 3264 | if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) |
3265 | return 1; | 3265 | return 1; |
3266 | } | 3266 | } |
3267 | 3267 | ||
3268 | return 0; | 3268 | return 0; |
3269 | } | 3269 | } |
3270 | 3270 | ||
3271 | /** | 3271 | /** |
3272 | * smack_audit_rule_match - Audit given object ? | 3272 | * smack_audit_rule_match - Audit given object ? |
3273 | * @secid: security id for identifying the object to test | 3273 | * @secid: security id for identifying the object to test |
3274 | * @field: audit rule flags given from user-space | 3274 | * @field: audit rule flags given from user-space |
3275 | * @op: required testing operator | 3275 | * @op: required testing operator |
3276 | * @vrule: smack internal rule presentation | 3276 | * @vrule: smack internal rule presentation |
3277 | * @actx: audit context associated with the check | 3277 | * @actx: audit context associated with the check |
3278 | * | 3278 | * |
3279 | * The core Audit hook. It's used to take the decision of | 3279 | * The core Audit hook. It's used to take the decision of |
3280 | * whether to audit or not to audit a given object. | 3280 | * whether to audit or not to audit a given object. |
3281 | */ | 3281 | */ |
3282 | static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, | 3282 | static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, |
3283 | struct audit_context *actx) | 3283 | struct audit_context *actx) |
3284 | { | 3284 | { |
3285 | char *smack; | 3285 | char *smack; |
3286 | char *rule = vrule; | 3286 | char *rule = vrule; |
3287 | 3287 | ||
3288 | if (!rule) { | 3288 | if (!rule) { |
3289 | audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR, | 3289 | audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR, |
3290 | "Smack: missing rule\n"); | 3290 | "Smack: missing rule\n"); |
3291 | return -ENOENT; | 3291 | return -ENOENT; |
3292 | } | 3292 | } |
3293 | 3293 | ||
3294 | if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) | 3294 | if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) |
3295 | return 0; | 3295 | return 0; |
3296 | 3296 | ||
3297 | smack = smack_from_secid(secid); | 3297 | smack = smack_from_secid(secid); |
3298 | 3298 | ||
3299 | /* | 3299 | /* |
3300 | * No need to do string comparisons. If a match occurs, | 3300 | * No need to do string comparisons. If a match occurs, |
3301 | * both pointers will point to the same smack_known | 3301 | * both pointers will point to the same smack_known |
3302 | * label. | 3302 | * label. |
3303 | */ | 3303 | */ |
3304 | if (op == Audit_equal) | 3304 | if (op == Audit_equal) |
3305 | return (rule == smack); | 3305 | return (rule == smack); |
3306 | if (op == Audit_not_equal) | 3306 | if (op == Audit_not_equal) |
3307 | return (rule != smack); | 3307 | return (rule != smack); |
3308 | 3308 | ||
3309 | return 0; | 3309 | return 0; |
3310 | } | 3310 | } |
3311 | 3311 | ||
3312 | /** | 3312 | /** |
3313 | * smack_audit_rule_free - free smack rule representation | 3313 | * smack_audit_rule_free - free smack rule representation |
3314 | * @vrule: rule to be freed. | 3314 | * @vrule: rule to be freed. |
3315 | * | 3315 | * |
3316 | * No memory was allocated. | 3316 | * No memory was allocated. |
3317 | */ | 3317 | */ |
3318 | static void smack_audit_rule_free(void *vrule) | 3318 | static void smack_audit_rule_free(void *vrule) |
3319 | { | 3319 | { |
3320 | /* No-op */ | 3320 | /* No-op */ |
3321 | } | 3321 | } |
3322 | 3322 | ||
3323 | #endif /* CONFIG_AUDIT */ | 3323 | #endif /* CONFIG_AUDIT */ |
3324 | 3324 | ||
3325 | /** | 3325 | /** |
3326 | * smack_secid_to_secctx - return the smack label for a secid | 3326 | * smack_secid_to_secctx - return the smack label for a secid |
3327 | * @secid: incoming integer | 3327 | * @secid: incoming integer |
3328 | * @secdata: destination | 3328 | * @secdata: destination |
3329 | * @seclen: how long it is | 3329 | * @seclen: how long it is |
3330 | * | 3330 | * |
3331 | * Exists for networking code. | 3331 | * Exists for networking code. |
3332 | */ | 3332 | */ |
3333 | static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | 3333 | static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) |
3334 | { | 3334 | { |
3335 | char *sp = smack_from_secid(secid); | 3335 | char *sp = smack_from_secid(secid); |
3336 | 3336 | ||
3337 | if (secdata) | 3337 | if (secdata) |
3338 | *secdata = sp; | 3338 | *secdata = sp; |
3339 | *seclen = strlen(sp); | 3339 | *seclen = strlen(sp); |
3340 | return 0; | 3340 | return 0; |
3341 | } | 3341 | } |
3342 | 3342 | ||
3343 | /** | 3343 | /** |
3344 | * smack_secctx_to_secid - return the secid for a smack label | 3344 | * smack_secctx_to_secid - return the secid for a smack label |
3345 | * @secdata: smack label | 3345 | * @secdata: smack label |
3346 | * @seclen: how long result is | 3346 | * @seclen: how long result is |
3347 | * @secid: outgoing integer | 3347 | * @secid: outgoing integer |
3348 | * | 3348 | * |
3349 | * Exists for audit and networking code. | 3349 | * Exists for audit and networking code. |
3350 | */ | 3350 | */ |
3351 | static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) | 3351 | static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) |
3352 | { | 3352 | { |
3353 | *secid = smack_to_secid(secdata); | 3353 | *secid = smack_to_secid(secdata); |
3354 | return 0; | 3354 | return 0; |
3355 | } | 3355 | } |
3356 | 3356 | ||
3357 | /** | 3357 | /** |
3358 | * smack_release_secctx - don't do anything. | 3358 | * smack_release_secctx - don't do anything. |
3359 | * @secdata: unused | 3359 | * @secdata: unused |
3360 | * @seclen: unused | 3360 | * @seclen: unused |
3361 | * | 3361 | * |
3362 | * Exists to make sure nothing gets done, and properly | 3362 | * Exists to make sure nothing gets done, and properly |
3363 | */ | 3363 | */ |
3364 | static void smack_release_secctx(char *secdata, u32 seclen) | 3364 | static void smack_release_secctx(char *secdata, u32 seclen) |
3365 | { | 3365 | { |
3366 | } | 3366 | } |
3367 | 3367 | ||
3368 | static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) | 3368 | static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) |
3369 | { | 3369 | { |
3370 | return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); | 3370 | return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); |
3371 | } | 3371 | } |
3372 | 3372 | ||
3373 | static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) | 3373 | static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) |
3374 | { | 3374 | { |
3375 | return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); | 3375 | return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); |
3376 | } | 3376 | } |
3377 | 3377 | ||
3378 | static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) | 3378 | static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) |
3379 | { | 3379 | { |
3380 | int len = 0; | 3380 | int len = 0; |
3381 | len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); | 3381 | len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); |
3382 | 3382 | ||
3383 | if (len < 0) | 3383 | if (len < 0) |
3384 | return len; | 3384 | return len; |
3385 | *ctxlen = len; | 3385 | *ctxlen = len; |
3386 | return 0; | 3386 | return 0; |
3387 | } | 3387 | } |
3388 | 3388 | ||
3389 | struct security_operations smack_ops = { | 3389 | struct security_operations smack_ops = { |
3390 | .name = "smack", | 3390 | .name = "smack", |
3391 | 3391 | ||
3392 | .ptrace_access_check = smack_ptrace_access_check, | 3392 | .ptrace_access_check = smack_ptrace_access_check, |
3393 | .ptrace_traceme = smack_ptrace_traceme, | 3393 | .ptrace_traceme = smack_ptrace_traceme, |
3394 | .syslog = smack_syslog, | 3394 | .syslog = smack_syslog, |
3395 | 3395 | ||
3396 | .sb_alloc_security = smack_sb_alloc_security, | 3396 | .sb_alloc_security = smack_sb_alloc_security, |
3397 | .sb_free_security = smack_sb_free_security, | 3397 | .sb_free_security = smack_sb_free_security, |
3398 | .sb_copy_data = smack_sb_copy_data, | 3398 | .sb_copy_data = smack_sb_copy_data, |
3399 | .sb_kern_mount = smack_sb_kern_mount, | 3399 | .sb_kern_mount = smack_sb_kern_mount, |
3400 | .sb_statfs = smack_sb_statfs, | 3400 | .sb_statfs = smack_sb_statfs, |
3401 | .sb_mount = smack_sb_mount, | 3401 | .sb_mount = smack_sb_mount, |
3402 | .sb_umount = smack_sb_umount, | 3402 | .sb_umount = smack_sb_umount, |
3403 | 3403 | ||
3404 | .bprm_set_creds = smack_bprm_set_creds, | 3404 | .bprm_set_creds = smack_bprm_set_creds, |
3405 | 3405 | ||
3406 | .inode_alloc_security = smack_inode_alloc_security, | 3406 | .inode_alloc_security = smack_inode_alloc_security, |
3407 | .inode_free_security = smack_inode_free_security, | 3407 | .inode_free_security = smack_inode_free_security, |
3408 | .inode_init_security = smack_inode_init_security, | 3408 | .inode_init_security = smack_inode_init_security, |
3409 | .inode_link = smack_inode_link, | 3409 | .inode_link = smack_inode_link, |
3410 | .inode_unlink = smack_inode_unlink, | 3410 | .inode_unlink = smack_inode_unlink, |
3411 | .inode_rmdir = smack_inode_rmdir, | 3411 | .inode_rmdir = smack_inode_rmdir, |
3412 | .inode_rename = smack_inode_rename, | 3412 | .inode_rename = smack_inode_rename, |
3413 | .inode_permission = smack_inode_permission, | 3413 | .inode_permission = smack_inode_permission, |
3414 | .inode_setattr = smack_inode_setattr, | 3414 | .inode_setattr = smack_inode_setattr, |
3415 | .inode_getattr = smack_inode_getattr, | 3415 | .inode_getattr = smack_inode_getattr, |
3416 | .inode_setxattr = smack_inode_setxattr, | 3416 | .inode_setxattr = smack_inode_setxattr, |
3417 | .inode_post_setxattr = smack_inode_post_setxattr, | 3417 | .inode_post_setxattr = smack_inode_post_setxattr, |
3418 | .inode_getxattr = smack_inode_getxattr, | 3418 | .inode_getxattr = smack_inode_getxattr, |
3419 | .inode_removexattr = smack_inode_removexattr, | 3419 | .inode_removexattr = smack_inode_removexattr, |
3420 | .inode_getsecurity = smack_inode_getsecurity, | 3420 | .inode_getsecurity = smack_inode_getsecurity, |
3421 | .inode_setsecurity = smack_inode_setsecurity, | 3421 | .inode_setsecurity = smack_inode_setsecurity, |
3422 | .inode_listsecurity = smack_inode_listsecurity, | 3422 | .inode_listsecurity = smack_inode_listsecurity, |
3423 | .inode_getsecid = smack_inode_getsecid, | 3423 | .inode_getsecid = smack_inode_getsecid, |
3424 | 3424 | ||
3425 | .file_permission = smack_file_permission, | 3425 | .file_permission = smack_file_permission, |
3426 | .file_alloc_security = smack_file_alloc_security, | 3426 | .file_alloc_security = smack_file_alloc_security, |
3427 | .file_free_security = smack_file_free_security, | 3427 | .file_free_security = smack_file_free_security, |
3428 | .file_ioctl = smack_file_ioctl, | 3428 | .file_ioctl = smack_file_ioctl, |
3429 | .file_lock = smack_file_lock, | 3429 | .file_lock = smack_file_lock, |
3430 | .file_fcntl = smack_file_fcntl, | 3430 | .file_fcntl = smack_file_fcntl, |
3431 | .file_mmap = smack_file_mmap, | 3431 | .file_mmap = smack_file_mmap, |
3432 | .file_set_fowner = smack_file_set_fowner, | 3432 | .file_set_fowner = smack_file_set_fowner, |
3433 | .file_send_sigiotask = smack_file_send_sigiotask, | 3433 | .file_send_sigiotask = smack_file_send_sigiotask, |
3434 | .file_receive = smack_file_receive, | 3434 | .file_receive = smack_file_receive, |
3435 | 3435 | ||
3436 | .cred_alloc_blank = smack_cred_alloc_blank, | 3436 | .cred_alloc_blank = smack_cred_alloc_blank, |
3437 | .cred_free = smack_cred_free, | 3437 | .cred_free = smack_cred_free, |
3438 | .cred_prepare = smack_cred_prepare, | 3438 | .cred_prepare = smack_cred_prepare, |
3439 | .cred_transfer = smack_cred_transfer, | 3439 | .cred_transfer = smack_cred_transfer, |
3440 | .kernel_act_as = smack_kernel_act_as, | 3440 | .kernel_act_as = smack_kernel_act_as, |
3441 | .kernel_create_files_as = smack_kernel_create_files_as, | 3441 | .kernel_create_files_as = smack_kernel_create_files_as, |
3442 | .task_setpgid = smack_task_setpgid, | 3442 | .task_setpgid = smack_task_setpgid, |
3443 | .task_getpgid = smack_task_getpgid, | 3443 | .task_getpgid = smack_task_getpgid, |
3444 | .task_getsid = smack_task_getsid, | 3444 | .task_getsid = smack_task_getsid, |
3445 | .task_getsecid = smack_task_getsecid, | 3445 | .task_getsecid = smack_task_getsecid, |
3446 | .task_setnice = smack_task_setnice, | 3446 | .task_setnice = smack_task_setnice, |
3447 | .task_setioprio = smack_task_setioprio, | 3447 | .task_setioprio = smack_task_setioprio, |
3448 | .task_getioprio = smack_task_getioprio, | 3448 | .task_getioprio = smack_task_getioprio, |
3449 | .task_setscheduler = smack_task_setscheduler, | 3449 | .task_setscheduler = smack_task_setscheduler, |
3450 | .task_getscheduler = smack_task_getscheduler, | 3450 | .task_getscheduler = smack_task_getscheduler, |
3451 | .task_movememory = smack_task_movememory, | 3451 | .task_movememory = smack_task_movememory, |
3452 | .task_kill = smack_task_kill, | 3452 | .task_kill = smack_task_kill, |
3453 | .task_wait = smack_task_wait, | 3453 | .task_wait = smack_task_wait, |
3454 | .task_to_inode = smack_task_to_inode, | 3454 | .task_to_inode = smack_task_to_inode, |
3455 | 3455 | ||
3456 | .ipc_permission = smack_ipc_permission, | 3456 | .ipc_permission = smack_ipc_permission, |
3457 | .ipc_getsecid = smack_ipc_getsecid, | 3457 | .ipc_getsecid = smack_ipc_getsecid, |
3458 | 3458 | ||
3459 | .msg_msg_alloc_security = smack_msg_msg_alloc_security, | 3459 | .msg_msg_alloc_security = smack_msg_msg_alloc_security, |
3460 | .msg_msg_free_security = smack_msg_msg_free_security, | 3460 | .msg_msg_free_security = smack_msg_msg_free_security, |
3461 | 3461 | ||
3462 | .msg_queue_alloc_security = smack_msg_queue_alloc_security, | 3462 | .msg_queue_alloc_security = smack_msg_queue_alloc_security, |
3463 | .msg_queue_free_security = smack_msg_queue_free_security, | 3463 | .msg_queue_free_security = smack_msg_queue_free_security, |
3464 | .msg_queue_associate = smack_msg_queue_associate, | 3464 | .msg_queue_associate = smack_msg_queue_associate, |
3465 | .msg_queue_msgctl = smack_msg_queue_msgctl, | 3465 | .msg_queue_msgctl = smack_msg_queue_msgctl, |
3466 | .msg_queue_msgsnd = smack_msg_queue_msgsnd, | 3466 | .msg_queue_msgsnd = smack_msg_queue_msgsnd, |
3467 | .msg_queue_msgrcv = smack_msg_queue_msgrcv, | 3467 | .msg_queue_msgrcv = smack_msg_queue_msgrcv, |
3468 | 3468 | ||
3469 | .shm_alloc_security = smack_shm_alloc_security, | 3469 | .shm_alloc_security = smack_shm_alloc_security, |
3470 | .shm_free_security = smack_shm_free_security, | 3470 | .shm_free_security = smack_shm_free_security, |
3471 | .shm_associate = smack_shm_associate, | 3471 | .shm_associate = smack_shm_associate, |
3472 | .shm_shmctl = smack_shm_shmctl, | 3472 | .shm_shmctl = smack_shm_shmctl, |
3473 | .shm_shmat = smack_shm_shmat, | 3473 | .shm_shmat = smack_shm_shmat, |
3474 | 3474 | ||
3475 | .sem_alloc_security = smack_sem_alloc_security, | 3475 | .sem_alloc_security = smack_sem_alloc_security, |
3476 | .sem_free_security = smack_sem_free_security, | 3476 | .sem_free_security = smack_sem_free_security, |
3477 | .sem_associate = smack_sem_associate, | 3477 | .sem_associate = smack_sem_associate, |
3478 | .sem_semctl = smack_sem_semctl, | 3478 | .sem_semctl = smack_sem_semctl, |
3479 | .sem_semop = smack_sem_semop, | 3479 | .sem_semop = smack_sem_semop, |
3480 | 3480 | ||
3481 | .d_instantiate = smack_d_instantiate, | 3481 | .d_instantiate = smack_d_instantiate, |
3482 | 3482 | ||
3483 | .getprocattr = smack_getprocattr, | 3483 | .getprocattr = smack_getprocattr, |
3484 | .setprocattr = smack_setprocattr, | 3484 | .setprocattr = smack_setprocattr, |
3485 | 3485 | ||
3486 | .unix_stream_connect = smack_unix_stream_connect, | 3486 | .unix_stream_connect = smack_unix_stream_connect, |
3487 | .unix_may_send = smack_unix_may_send, | 3487 | .unix_may_send = smack_unix_may_send, |
3488 | 3488 | ||
3489 | .socket_post_create = smack_socket_post_create, | 3489 | .socket_post_create = smack_socket_post_create, |
3490 | .socket_connect = smack_socket_connect, | 3490 | .socket_connect = smack_socket_connect, |
3491 | .socket_sendmsg = smack_socket_sendmsg, | 3491 | .socket_sendmsg = smack_socket_sendmsg, |
3492 | .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, | 3492 | .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, |
3493 | .socket_getpeersec_stream = smack_socket_getpeersec_stream, | 3493 | .socket_getpeersec_stream = smack_socket_getpeersec_stream, |
3494 | .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, | 3494 | .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, |
3495 | .sk_alloc_security = smack_sk_alloc_security, | 3495 | .sk_alloc_security = smack_sk_alloc_security, |
3496 | .sk_free_security = smack_sk_free_security, | 3496 | .sk_free_security = smack_sk_free_security, |
3497 | .sock_graft = smack_sock_graft, | 3497 | .sock_graft = smack_sock_graft, |
3498 | .inet_conn_request = smack_inet_conn_request, | 3498 | .inet_conn_request = smack_inet_conn_request, |
3499 | .inet_csk_clone = smack_inet_csk_clone, | 3499 | .inet_csk_clone = smack_inet_csk_clone, |
3500 | 3500 | ||
3501 | /* key management security hooks */ | 3501 | /* key management security hooks */ |
3502 | #ifdef CONFIG_KEYS | 3502 | #ifdef CONFIG_KEYS |
3503 | .key_alloc = smack_key_alloc, | 3503 | .key_alloc = smack_key_alloc, |
3504 | .key_free = smack_key_free, | 3504 | .key_free = smack_key_free, |
3505 | .key_permission = smack_key_permission, | 3505 | .key_permission = smack_key_permission, |
3506 | #endif /* CONFIG_KEYS */ | 3506 | #endif /* CONFIG_KEYS */ |
3507 | 3507 | ||
3508 | /* Audit hooks */ | 3508 | /* Audit hooks */ |
3509 | #ifdef CONFIG_AUDIT | 3509 | #ifdef CONFIG_AUDIT |
3510 | .audit_rule_init = smack_audit_rule_init, | 3510 | .audit_rule_init = smack_audit_rule_init, |
3511 | .audit_rule_known = smack_audit_rule_known, | 3511 | .audit_rule_known = smack_audit_rule_known, |
3512 | .audit_rule_match = smack_audit_rule_match, | 3512 | .audit_rule_match = smack_audit_rule_match, |
3513 | .audit_rule_free = smack_audit_rule_free, | 3513 | .audit_rule_free = smack_audit_rule_free, |
3514 | #endif /* CONFIG_AUDIT */ | 3514 | #endif /* CONFIG_AUDIT */ |
3515 | 3515 | ||
3516 | .secid_to_secctx = smack_secid_to_secctx, | 3516 | .secid_to_secctx = smack_secid_to_secctx, |
3517 | .secctx_to_secid = smack_secctx_to_secid, | 3517 | .secctx_to_secid = smack_secctx_to_secid, |
3518 | .release_secctx = smack_release_secctx, | 3518 | .release_secctx = smack_release_secctx, |
3519 | .inode_notifysecctx = smack_inode_notifysecctx, | 3519 | .inode_notifysecctx = smack_inode_notifysecctx, |
3520 | .inode_setsecctx = smack_inode_setsecctx, | 3520 | .inode_setsecctx = smack_inode_setsecctx, |
3521 | .inode_getsecctx = smack_inode_getsecctx, | 3521 | .inode_getsecctx = smack_inode_getsecctx, |
3522 | }; | 3522 | }; |
3523 | 3523 | ||
3524 | 3524 | ||
3525 | static __init void init_smack_know_list(void) | 3525 | static __init void init_smack_know_list(void) |
3526 | { | 3526 | { |
3527 | list_add(&smack_known_huh.list, &smack_known_list); | 3527 | list_add(&smack_known_huh.list, &smack_known_list); |
3528 | list_add(&smack_known_hat.list, &smack_known_list); | 3528 | list_add(&smack_known_hat.list, &smack_known_list); |
3529 | list_add(&smack_known_star.list, &smack_known_list); | 3529 | list_add(&smack_known_star.list, &smack_known_list); |
3530 | list_add(&smack_known_floor.list, &smack_known_list); | 3530 | list_add(&smack_known_floor.list, &smack_known_list); |
3531 | list_add(&smack_known_invalid.list, &smack_known_list); | 3531 | list_add(&smack_known_invalid.list, &smack_known_list); |
3532 | list_add(&smack_known_web.list, &smack_known_list); | 3532 | list_add(&smack_known_web.list, &smack_known_list); |
3533 | } | 3533 | } |
3534 | 3534 | ||
3535 | /** | 3535 | /** |
3536 | * smack_init - initialize the smack system | 3536 | * smack_init - initialize the smack system |
3537 | * | 3537 | * |
3538 | * Returns 0 | 3538 | * Returns 0 |
3539 | */ | 3539 | */ |
3540 | static __init int smack_init(void) | 3540 | static __init int smack_init(void) |
3541 | { | 3541 | { |
3542 | struct cred *cred; | 3542 | struct cred *cred; |
3543 | struct task_smack *tsp; | 3543 | struct task_smack *tsp; |
3544 | 3544 | ||
3545 | if (!security_module_enable(&smack_ops)) | 3545 | if (!security_module_enable(&smack_ops)) |
3546 | return 0; | 3546 | return 0; |
3547 | 3547 | ||
3548 | tsp = new_task_smack(smack_known_floor.smk_known, | 3548 | tsp = new_task_smack(smack_known_floor.smk_known, |
3549 | smack_known_floor.smk_known, GFP_KERNEL); | 3549 | smack_known_floor.smk_known, GFP_KERNEL); |
3550 | if (tsp == NULL) | 3550 | if (tsp == NULL) |
3551 | return -ENOMEM; | 3551 | return -ENOMEM; |
3552 | 3552 | ||
3553 | printk(KERN_INFO "Smack: Initializing.\n"); | 3553 | printk(KERN_INFO "Smack: Initializing.\n"); |
3554 | 3554 | ||
3555 | /* | 3555 | /* |
3556 | * Set the security state for the initial task. | 3556 | * Set the security state for the initial task. |
3557 | */ | 3557 | */ |
3558 | cred = (struct cred *) current->cred; | 3558 | cred = (struct cred *) current->cred; |
3559 | cred->security = tsp; | 3559 | cred->security = tsp; |
3560 | 3560 | ||
3561 | /* initialize the smack_know_list */ | 3561 | /* initialize the smack_know_list */ |
3562 | init_smack_know_list(); | 3562 | init_smack_know_list(); |
3563 | /* | 3563 | /* |
3564 | * Initialize locks | 3564 | * Initialize locks |
3565 | */ | 3565 | */ |
3566 | spin_lock_init(&smack_known_huh.smk_cipsolock); | 3566 | spin_lock_init(&smack_known_huh.smk_cipsolock); |
3567 | spin_lock_init(&smack_known_hat.smk_cipsolock); | 3567 | spin_lock_init(&smack_known_hat.smk_cipsolock); |
3568 | spin_lock_init(&smack_known_star.smk_cipsolock); | 3568 | spin_lock_init(&smack_known_star.smk_cipsolock); |
3569 | spin_lock_init(&smack_known_floor.smk_cipsolock); | 3569 | spin_lock_init(&smack_known_floor.smk_cipsolock); |
3570 | spin_lock_init(&smack_known_invalid.smk_cipsolock); | 3570 | spin_lock_init(&smack_known_invalid.smk_cipsolock); |
3571 | 3571 | ||
3572 | /* | 3572 | /* |
3573 | * Register with LSM | 3573 | * Register with LSM |
3574 | */ | 3574 | */ |
3575 | if (register_security(&smack_ops)) | 3575 | if (register_security(&smack_ops)) |
3576 | panic("smack: Unable to register with kernel.\n"); | 3576 | panic("smack: Unable to register with kernel.\n"); |
3577 | 3577 | ||
3578 | return 0; | 3578 | return 0; |
3579 | } | 3579 | } |
3580 | 3580 | ||
3581 | /* | 3581 | /* |
3582 | * Smack requires early initialization in order to label | 3582 | * Smack requires early initialization in order to label |
3583 | * all processes and objects when they are created. | 3583 | * all processes and objects when they are created. |
3584 | */ | 3584 | */ |
3585 | security_initcall(smack_init); | 3585 | security_initcall(smack_init); |
3586 | 3586 |