2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, version 2.
9 * Casey Schaufler <casey@schaufler-ca.com>
10 * Ahmed S. Darwish <darwish.07@gmail.com>
12 * Special thanks to the authors of selinuxfs.
14 * Karl MacMillan <kmacmillan@tresys.com>
15 * James Morris <jmorris@redhat.com>
19 #include <linux/kernel.h>
20 #include <linux/vmalloc.h>
21 #include <linux/security.h>
22 #include <linux/mutex.h>
23 #include <linux/slab.h>
24 #include <net/net_namespace.h>
25 #include <net/cipso_ipv4.h>
26 #include <linux/seq_file.h>
27 #include <linux/ctype.h>
28 #include <linux/audit.h>
29 #include <linux/magic.h>
32 #define BEBITS (sizeof(__be32) * 8)
34 * smackfs pseudo filesystem.
39 SMK_LOAD = 3, /* load policy */
40 SMK_CIPSO = 4, /* load label -> CIPSO mapping */
41 SMK_DOI = 5, /* CIPSO DOI */
42 SMK_DIRECT = 6, /* CIPSO level indicating direct label */
43 SMK_AMBIENT = 7, /* internet ambient label */
44 SMK_NET4ADDR = 8, /* single label hosts */
45 SMK_ONLYCAP = 9, /* the only "capable" label */
46 SMK_LOGGING = 10, /* logging */
47 SMK_LOAD_SELF = 11, /* task specific rules */
48 SMK_ACCESSES = 12, /* access policy */
49 SMK_MAPPED = 13, /* CIPSO level indicating mapped label */
50 SMK_LOAD2 = 14, /* load policy with long labels */
51 SMK_LOAD_SELF2 = 15, /* load task specific rules with long labels */
52 SMK_ACCESS2 = 16, /* make an access check with long labels */
53 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */
54 SMK_REVOKE_SUBJ = 18, /* set rules with subject label to '-' */
55 SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */
56 SMK_SYSLOG = 20, /* change syslog label) */
57 SMK_PTRACE = 21, /* set ptrace rule */
58 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
59 SMK_UNCONFINED = 22, /* define an unconfined label */
61 #if IS_ENABLED(CONFIG_IPV6)
62 SMK_NET6ADDR = 23, /* single label IPv6 hosts */
63 #endif /* CONFIG_IPV6 */
69 static DEFINE_MUTEX(smack_cipso_lock);
70 static DEFINE_MUTEX(smack_ambient_lock);
71 static DEFINE_MUTEX(smk_net4addr_lock);
72 #if IS_ENABLED(CONFIG_IPV6)
73 static DEFINE_MUTEX(smk_net6addr_lock);
74 #endif /* CONFIG_IPV6 */
77 * This is the "ambient" label for network traffic.
78 * If it isn't somehow marked, use this.
79 * It can be reset via smackfs/ambient
81 struct smack_known *smack_net_ambient;
84 * This is the level in a CIPSO header that indicates a
85 * smack label is contained directly in the category set.
86 * It can be reset via smackfs/direct
88 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
91 * This is the level in a CIPSO header that indicates a
92 * secid is contained directly in the category set.
93 * It can be reset via smackfs/mapped
95 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
97 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
99 * Allow one label to be unconfined. This is for
100 * debugging and application bring-up purposes only.
101 * It is bad and wrong, but everyone seems to expect
104 struct smack_known *smack_unconfined;
108 * If this value is set restrict syslog use to the label specified.
109 * It can be reset via smackfs/syslog
111 struct smack_known *smack_syslog_label;
114 * Ptrace current rule
115 * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based)
116 * SMACK_PTRACE_EXACT labels must match, but can be overriden with
118 * SMACK_PTRACE_DRACONIAN lables must match, CAP_SYS_PTRACE has no effect
120 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
123 * Certain IP addresses may be designated as single label hosts.
124 * Packets are sent there unlabeled, but only from tasks that
125 * can write to the specified label.
128 LIST_HEAD(smk_net4addr_list);
129 #if IS_ENABLED(CONFIG_IPV6)
130 LIST_HEAD(smk_net6addr_list);
131 #endif /* CONFIG_IPV6 */
134 * Rule lists are maintained for each label.
135 * This master list is just for reading /smack/load and /smack/load2.
137 struct smack_master_list {
138 struct list_head list;
139 struct smack_rule *smk_rule;
142 static LIST_HEAD(smack_rule_list);
144 struct smack_parsed_rule {
145 struct smack_known *smk_subject;
146 struct smack_known *smk_object;
151 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
154 * Values for parsing cipso rules
155 * SMK_DIGITLEN: Length of a digit field in a rule.
156 * SMK_CIPSOMIN: Minimum possible cipso rule length.
157 * SMK_CIPSOMAX: Maximum possible cipso rule length.
159 #define SMK_DIGITLEN 4
160 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
161 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
164 * Values for parsing MAC rules
165 * SMK_ACCESS: Maximum possible combination of access permissions
166 * SMK_ACCESSLEN: Maximum length for a rule access field
167 * SMK_LOADLEN: Smack rule length
169 #define SMK_OACCESS "rwxa"
170 #define SMK_ACCESS "rwxatl"
171 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1)
172 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
173 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
174 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
177 * Stricly for CIPSO level manipulation.
178 * Set the category bit number in a smack label sized buffer.
180 static inline void smack_catset_bit(unsigned int cat, char *catsetp)
182 if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
185 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
189 * smk_netlabel_audit_set - fill a netlbl_audit struct
190 * @nap: structure to fill
192 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
194 struct smack_known *skp = smk_of_current();
196 nap->loginuid = audit_get_loginuid(current);
197 nap->sessionid = audit_get_sessionid(current);
198 nap->secid = skp->smk_secid;
202 * Value for parsing single label host rules
205 #define SMK_NETLBLADDRMIN 9
208 * smk_set_access - add a rule to the rule list or replace an old rule
209 * @srp: the rule to add or replace
210 * @rule_list: the list of rules
211 * @rule_lock: the rule list lock
212 * @global: if non-zero, indicates a global rule
214 * Looks through the current subject/object/access list for
215 * the subject/object pair and replaces the access that was
216 * there. If the pair isn't found add it with the specified
219 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
220 * during the allocation of the new pair to add.
222 static int smk_set_access(struct smack_parsed_rule *srp,
223 struct list_head *rule_list,
224 struct mutex *rule_lock, int global)
226 struct smack_rule *sp;
227 struct smack_master_list *smlp;
231 mutex_lock(rule_lock);
234 * Because the object label is less likely to match
235 * than the subject label check it first
237 list_for_each_entry_rcu(sp, rule_list, list) {
238 if (sp->smk_object == srp->smk_object &&
239 sp->smk_subject == srp->smk_subject) {
241 sp->smk_access |= srp->smk_access1;
242 sp->smk_access &= ~srp->smk_access2;
248 sp = kzalloc(sizeof(*sp), GFP_KERNEL);
254 sp->smk_subject = srp->smk_subject;
255 sp->smk_object = srp->smk_object;
256 sp->smk_access = srp->smk_access1 & ~srp->smk_access2;
258 list_add_rcu(&sp->list, rule_list);
260 * If this is a global as opposed to self and a new rule
261 * it needs to get added for reporting.
264 smlp = kzalloc(sizeof(*smlp), GFP_KERNEL);
267 list_add_rcu(&smlp->list, &smack_rule_list);
274 mutex_unlock(rule_lock);
279 * smk_perm_from_str - parse smack accesses from a text string
280 * @string: a text string that contains a Smack accesses code
282 * Returns an integer with respective bits set for specified accesses.
284 static int smk_perm_from_str(const char *string)
289 for (cp = string; ; cp++)
311 perm |= MAY_TRANSMUTE;
327 * smk_fill_rule - Fill Smack rule from strings
328 * @subject: subject label string
329 * @object: object label string
330 * @access1: access string
331 * @access2: string with permissions to be removed
333 * @import: if non-zero, import labels
334 * @len: label length limit
336 * Returns 0 on success, appropriate error code on failure.
338 static int smk_fill_rule(const char *subject, const char *object,
339 const char *access1, const char *access2,
340 struct smack_parsed_rule *rule, int import,
344 struct smack_known *skp;
347 rule->smk_subject = smk_import_entry(subject, len);
348 if (IS_ERR(rule->smk_subject))
349 return PTR_ERR(rule->smk_subject);
351 rule->smk_object = smk_import_entry(object, len);
352 if (IS_ERR(rule->smk_object))
353 return PTR_ERR(rule->smk_object);
355 cp = smk_parse_smack(subject, len);
358 skp = smk_find_entry(cp);
362 rule->smk_subject = skp;
364 cp = smk_parse_smack(object, len);
367 skp = smk_find_entry(cp);
371 rule->smk_object = skp;
374 rule->smk_access1 = smk_perm_from_str(access1);
376 rule->smk_access2 = smk_perm_from_str(access2);
378 rule->smk_access2 = ~rule->smk_access1;
384 * smk_parse_rule - parse Smack rule from load string
385 * @data: string to be parsed whose size is SMK_LOADLEN
387 * @import: if non-zero, import labels
389 * Returns 0 on success, -1 on errors.
391 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
396 rc = smk_fill_rule(data, data + SMK_LABELLEN,
397 data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule,
398 import, SMK_LABELLEN);
403 * smk_parse_long_rule - parse Smack rule from rule string
404 * @data: string to be parsed, null terminated
405 * @rule: Will be filled with Smack parsed rule
406 * @import: if non-zero, import labels
407 * @tokens: numer of substrings expected in data
409 * Returns number of processed bytes on success, -ERRNO on failure.
411 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
412 int import, int tokens)
420 * Parsing the rule in-place, filling all white-spaces with '\0'
422 for (i = 0; i < tokens; ++i) {
423 while (isspace(data[cnt]))
426 if (data[cnt] == '\0')
427 /* Unexpected end of data */
432 while (data[cnt] && !isspace(data[cnt]))
435 while (isspace(data[cnt]))
441 rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
442 return rc == 0 ? cnt : rc;
445 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */
446 #define SMK_LONG_FMT 1 /* Variable long label format */
447 #define SMK_CHANGE_FMT 2 /* Rule modification format */
449 * smk_write_rules_list - write() for any /smack rule file
450 * @file: file pointer, not actually used
451 * @buf: where to get the data from
453 * @ppos: where to start - must be 0
454 * @rule_list: the list of rules to write to
455 * @rule_lock: lock for the rule list
456 * @format: /smack/load or /smack/load2 or /smack/change-rule format.
458 * Get one smack access rule from above.
459 * The format for SMK_LONG_FMT is:
460 * "subject<whitespace>object<whitespace>access[<whitespace>...]"
461 * The format for SMK_FIXED24_FMT is exactly:
462 * "subject object rwxat"
463 * The format for SMK_CHANGE_FMT is:
464 * "subject<whitespace>object<whitespace>
465 * acc_enable<whitespace>acc_disable[<whitespace>...]"
467 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
468 size_t count, loff_t *ppos,
469 struct list_head *rule_list,
470 struct mutex *rule_lock, int format)
472 struct smack_parsed_rule rule;
481 * Enough data must be present.
486 if (format == SMK_FIXED24_FMT) {
488 * Minor hack for backward compatibility
490 if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
493 if (count >= PAGE_SIZE) {
494 count = PAGE_SIZE - 1;
499 data = kmalloc(count + 1, GFP_KERNEL);
503 if (copy_from_user(data, buf, count) != 0) {
509 * In case of parsing only part of user buf,
510 * avoid having partial rule at the data buffer
513 while (count > 0 && (data[count - 1] != '\n'))
522 tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
523 while (cnt < count) {
524 if (format == SMK_FIXED24_FMT) {
525 rc = smk_parse_rule(data, &rule, 1);
530 rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
540 if (rule_list == NULL)
541 rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
542 &rule.smk_subject->smk_rules_lock, 1);
544 rc = smk_set_access(&rule, rule_list, rule_lock, 0);
557 * Core logic for smackfs seq list operations.
560 static void *smk_seq_start(struct seq_file *s, loff_t *pos,
561 struct list_head *head)
563 struct list_head *list;
567 for (list = rcu_dereference(list_next_rcu(head));
569 list = rcu_dereference(list_next_rcu(list))) {
577 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
578 struct list_head *head)
580 struct list_head *list = v;
583 list = rcu_dereference(list_next_rcu(list));
585 return (list == head) ? NULL : list;
588 static void smk_seq_stop(struct seq_file *s, void *v)
593 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
596 * Don't show any rules with label names too long for
597 * interface file (/smack/load or /smack/load2)
598 * because you should expect to be able to write
599 * anything you read back.
601 if (strlen(srp->smk_subject->smk_known) >= max ||
602 strlen(srp->smk_object->smk_known) >= max)
605 if (srp->smk_access == 0)
608 seq_printf(s, "%s %s",
609 srp->smk_subject->smk_known,
610 srp->smk_object->smk_known);
614 if (srp->smk_access & MAY_READ)
616 if (srp->smk_access & MAY_WRITE)
618 if (srp->smk_access & MAY_EXEC)
620 if (srp->smk_access & MAY_APPEND)
622 if (srp->smk_access & MAY_TRANSMUTE)
624 if (srp->smk_access & MAY_LOCK)
626 if (srp->smk_access & MAY_BRINGUP)
633 * Seq_file read operations for /smack/load
636 static void *load2_seq_start(struct seq_file *s, loff_t *pos)
638 return smk_seq_start(s, pos, &smack_rule_list);
641 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
643 return smk_seq_next(s, v, pos, &smack_rule_list);
646 static int load_seq_show(struct seq_file *s, void *v)
648 struct list_head *list = v;
649 struct smack_master_list *smlp =
650 list_entry_rcu(list, struct smack_master_list, list);
652 smk_rule_show(s, smlp->smk_rule, SMK_LABELLEN);
657 static const struct seq_operations load_seq_ops = {
658 .start = load2_seq_start,
659 .next = load2_seq_next,
660 .show = load_seq_show,
661 .stop = smk_seq_stop,
665 * smk_open_load - open() for /smack/load
666 * @inode: inode structure representing file
667 * @file: "load" file pointer
669 * For reading, use load_seq_* seq_file reading operations.
671 static int smk_open_load(struct inode *inode, struct file *file)
673 return seq_open(file, &load_seq_ops);
677 * smk_write_load - write() for /smack/load
678 * @file: file pointer, not actually used
679 * @buf: where to get the data from
681 * @ppos: where to start - must be 0
684 static ssize_t smk_write_load(struct file *file, const char __user *buf,
685 size_t count, loff_t *ppos)
688 * Must have privilege.
690 * Enough data must be present.
692 if (!smack_privileged(CAP_MAC_ADMIN))
695 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
699 static const struct file_operations smk_load_ops = {
700 .open = smk_open_load,
703 .write = smk_write_load,
704 .release = seq_release,
708 * smk_cipso_doi - initialize the CIPSO domain
710 static void smk_cipso_doi(void)
713 struct cipso_v4_doi *doip;
714 struct netlbl_audit nai;
716 smk_netlabel_audit_set(&nai);
718 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
720 printk(KERN_WARNING "%s:%d remove rc = %d\n",
721 __func__, __LINE__, rc);
723 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
725 panic("smack: Failed to initialize cipso DOI.\n");
726 doip->map.std = NULL;
727 doip->doi = smk_cipso_doi_value;
728 doip->type = CIPSO_V4_MAP_PASS;
729 doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
730 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
731 doip->tags[rc] = CIPSO_V4_TAG_INVALID;
733 rc = netlbl_cfg_cipsov4_add(doip, &nai);
735 printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
736 __func__, __LINE__, rc);
740 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
742 printk(KERN_WARNING "%s:%d map add rc = %d\n",
743 __func__, __LINE__, rc);
750 * smk_unlbl_ambient - initialize the unlabeled domain
751 * @oldambient: previous domain string
753 static void smk_unlbl_ambient(char *oldambient)
756 struct netlbl_audit nai;
758 smk_netlabel_audit_set(&nai);
760 if (oldambient != NULL) {
761 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
763 printk(KERN_WARNING "%s:%d remove rc = %d\n",
764 __func__, __LINE__, rc);
766 if (smack_net_ambient == NULL)
767 smack_net_ambient = &smack_known_floor;
769 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
772 printk(KERN_WARNING "%s:%d add rc = %d\n",
773 __func__, __LINE__, rc);
777 * Seq_file read operations for /smack/cipso
780 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
782 return smk_seq_start(s, pos, &smack_known_list);
785 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
787 return smk_seq_next(s, v, pos, &smack_known_list);
791 * Print cipso labels in format:
792 * label level[/cat[,cat]]
794 static int cipso_seq_show(struct seq_file *s, void *v)
796 struct list_head *list = v;
797 struct smack_known *skp =
798 list_entry_rcu(list, struct smack_known, list);
799 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
804 * Don't show a label that could not have been set using
805 * /smack/cipso. This is in support of the notion that
806 * anything read from /smack/cipso ought to be writeable
809 * /smack/cipso2 should be used instead.
811 if (strlen(skp->smk_known) >= SMK_LABELLEN)
814 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
816 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
817 i = netlbl_catmap_walk(cmp, i + 1)) {
818 seq_printf(s, "%c%d", sep, i);
827 static const struct seq_operations cipso_seq_ops = {
828 .start = cipso_seq_start,
829 .next = cipso_seq_next,
830 .show = cipso_seq_show,
831 .stop = smk_seq_stop,
835 * smk_open_cipso - open() for /smack/cipso
836 * @inode: inode structure representing file
837 * @file: "cipso" file pointer
839 * Connect our cipso_seq_* operations with /smack/cipso
842 static int smk_open_cipso(struct inode *inode, struct file *file)
844 return seq_open(file, &cipso_seq_ops);
848 * smk_set_cipso - do the work for write() for cipso and cipso2
849 * @file: file pointer, not actually used
850 * @buf: where to get the data from
852 * @ppos: where to start
853 * @format: /smack/cipso or /smack/cipso2
855 * Accepts only one cipso rule per write call.
856 * Returns number of bytes written or error code, as appropriate
858 static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
859 size_t count, loff_t *ppos, int format)
861 struct smack_known *skp;
862 struct netlbl_lsm_secattr ncats;
863 char mapcatset[SMK_CIPSOLEN];
867 ssize_t rc = -EINVAL;
874 * Must have privilege.
876 * Enough data must be present.
878 if (!smack_privileged(CAP_MAC_ADMIN))
882 if (format == SMK_FIXED24_FMT &&
883 (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
886 data = kzalloc(count + 1, GFP_KERNEL);
890 if (copy_from_user(data, buf, count) != 0) {
898 * Only allow one writer at a time. Writes should be
899 * quite rare and small in any case.
901 mutex_lock(&smack_cipso_lock);
903 skp = smk_import_entry(rule, 0);
909 if (format == SMK_FIXED24_FMT)
910 rule += SMK_LABELLEN;
912 rule += strlen(skp->smk_known) + 1;
914 ret = sscanf(rule, "%d", &maplevel);
915 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
918 rule += SMK_DIGITLEN;
919 ret = sscanf(rule, "%d", &catlen);
920 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
923 if (format == SMK_FIXED24_FMT &&
924 count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
927 memset(mapcatset, 0, sizeof(mapcatset));
929 for (i = 0; i < catlen; i++) {
930 rule += SMK_DIGITLEN;
931 ret = sscanf(rule, "%u", &cat);
932 if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
935 smack_catset_bit(cat, mapcatset);
938 rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
940 netlbl_catmap_free(skp->smk_netlabel.attr.mls.cat);
941 skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat;
942 skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
947 mutex_unlock(&smack_cipso_lock);
954 * smk_write_cipso - write() for /smack/cipso
955 * @file: file pointer, not actually used
956 * @buf: where to get the data from
958 * @ppos: where to start
960 * Accepts only one cipso rule per write call.
961 * Returns number of bytes written or error code, as appropriate
963 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
964 size_t count, loff_t *ppos)
966 return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
969 static const struct file_operations smk_cipso_ops = {
970 .open = smk_open_cipso,
973 .write = smk_write_cipso,
974 .release = seq_release,
978 * Seq_file read operations for /smack/cipso2
982 * Print cipso labels in format:
983 * label level[/cat[,cat]]
985 static int cipso2_seq_show(struct seq_file *s, void *v)
987 struct list_head *list = v;
988 struct smack_known *skp =
989 list_entry_rcu(list, struct smack_known, list);
990 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
994 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
996 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
997 i = netlbl_catmap_walk(cmp, i + 1)) {
998 seq_printf(s, "%c%d", sep, i);
1007 static const struct seq_operations cipso2_seq_ops = {
1008 .start = cipso_seq_start,
1009 .next = cipso_seq_next,
1010 .show = cipso2_seq_show,
1011 .stop = smk_seq_stop,
1015 * smk_open_cipso2 - open() for /smack/cipso2
1016 * @inode: inode structure representing file
1017 * @file: "cipso2" file pointer
1019 * Connect our cipso_seq_* operations with /smack/cipso2
1022 static int smk_open_cipso2(struct inode *inode, struct file *file)
1024 return seq_open(file, &cipso2_seq_ops);
1028 * smk_write_cipso2 - write() for /smack/cipso2
1029 * @file: file pointer, not actually used
1030 * @buf: where to get the data from
1031 * @count: bytes sent
1032 * @ppos: where to start
1034 * Accepts only one cipso rule per write call.
1035 * Returns number of bytes written or error code, as appropriate
1037 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
1038 size_t count, loff_t *ppos)
1040 return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
1043 static const struct file_operations smk_cipso2_ops = {
1044 .open = smk_open_cipso2,
1046 .llseek = seq_lseek,
1047 .write = smk_write_cipso2,
1048 .release = seq_release,
1052 * Seq_file read operations for /smack/netlabel
1055 static void *net4addr_seq_start(struct seq_file *s, loff_t *pos)
1057 return smk_seq_start(s, pos, &smk_net4addr_list);
1060 static void *net4addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1062 return smk_seq_next(s, v, pos, &smk_net4addr_list);
1066 * Print host/label pairs
1068 static int net4addr_seq_show(struct seq_file *s, void *v)
1070 struct list_head *list = v;
1071 struct smk_net4addr *skp =
1072 list_entry_rcu(list, struct smk_net4addr, list);
1073 char *kp = SMACK_CIPSO_OPTION;
1075 if (skp->smk_label != NULL)
1076 kp = skp->smk_label->smk_known;
1077 seq_printf(s, "%pI4/%d %s\n", &skp->smk_host.s_addr,
1078 skp->smk_masks, kp);
1083 static const struct seq_operations net4addr_seq_ops = {
1084 .start = net4addr_seq_start,
1085 .next = net4addr_seq_next,
1086 .show = net4addr_seq_show,
1087 .stop = smk_seq_stop,
1091 * smk_open_net4addr - open() for /smack/netlabel
1092 * @inode: inode structure representing file
1093 * @file: "netlabel" file pointer
1095 * Connect our net4addr_seq_* operations with /smack/netlabel
1098 static int smk_open_net4addr(struct inode *inode, struct file *file)
1100 return seq_open(file, &net4addr_seq_ops);
1104 * smk_net4addr_insert
1105 * @new : netlabel to insert
1107 * This helper insert netlabel in the smack_net4addrs list
1108 * sorted by netmask length (longest to smallest)
1109 * locked by &smk_net4addr_lock in smk_write_net4addr
1112 static void smk_net4addr_insert(struct smk_net4addr *new)
1114 struct smk_net4addr *m;
1115 struct smk_net4addr *m_next;
1117 if (list_empty(&smk_net4addr_list)) {
1118 list_add_rcu(&new->list, &smk_net4addr_list);
1122 m = list_entry_rcu(smk_net4addr_list.next,
1123 struct smk_net4addr, list);
1125 /* the comparison '>' is a bit hacky, but works */
1126 if (new->smk_masks > m->smk_masks) {
1127 list_add_rcu(&new->list, &smk_net4addr_list);
1131 list_for_each_entry_rcu(m, &smk_net4addr_list, list) {
1132 if (list_is_last(&m->list, &smk_net4addr_list)) {
1133 list_add_rcu(&new->list, &m->list);
1136 m_next = list_entry_rcu(m->list.next,
1137 struct smk_net4addr, list);
1138 if (new->smk_masks > m_next->smk_masks) {
1139 list_add_rcu(&new->list, &m->list);
1147 * smk_write_net4addr - write() for /smack/netlabel
1148 * @file: file pointer, not actually used
1149 * @buf: where to get the data from
1150 * @count: bytes sent
1151 * @ppos: where to start
1153 * Accepts only one net4addr per write call.
1154 * Returns number of bytes written or error code, as appropriate
1156 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
1157 size_t count, loff_t *ppos)
1159 struct smk_net4addr *snp;
1160 struct sockaddr_in newname;
1162 struct smack_known *skp = NULL;
1164 char *host = (char *)&newname.sin_addr.s_addr;
1166 struct netlbl_audit audit_info;
1167 struct in_addr mask;
1171 u32 mask_bits = (1<<31);
1176 * Must have privilege.
1177 * No partial writes.
1178 * Enough data must be present.
1179 * "<addr/mask, as a.b.c.d/e><space><label>"
1180 * "<addr, as a.b.c.d><space><label>"
1182 if (!smack_privileged(CAP_MAC_ADMIN))
1186 if (count < SMK_NETLBLADDRMIN)
1189 data = kzalloc(count + 1, GFP_KERNEL);
1193 if (copy_from_user(data, buf, count) != 0) {
1198 smack = kzalloc(count + 1, GFP_KERNEL);
1199 if (smack == NULL) {
1206 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
1207 &host[0], &host[1], &host[2], &host[3], &masks, smack);
1209 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1210 &host[0], &host[1], &host[2], &host[3], smack);
1218 if (masks > BEBITS) {
1224 * If smack begins with '-', it is an option, don't import it
1226 if (smack[0] != '-') {
1227 skp = smk_import_entry(smack, 0);
1234 * Only the -CIPSO option is supported for IPv4
1236 if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) {
1242 for (m = masks, temp_mask = 0; m > 0; m--) {
1243 temp_mask |= mask_bits;
1246 mask.s_addr = cpu_to_be32(temp_mask);
1248 newname.sin_addr.s_addr &= mask.s_addr;
1250 * Only allow one writer at a time. Writes should be
1251 * quite rare and small in any case.
1253 mutex_lock(&smk_net4addr_lock);
1255 nsa = newname.sin_addr.s_addr;
1256 /* try to find if the prefix is already in the list */
1258 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) {
1259 if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) {
1264 smk_netlabel_audit_set(&audit_info);
1267 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1272 snp->smk_host.s_addr = newname.sin_addr.s_addr;
1273 snp->smk_mask.s_addr = mask.s_addr;
1274 snp->smk_label = skp;
1275 snp->smk_masks = masks;
1276 smk_net4addr_insert(snp);
1280 * Delete the unlabeled entry, only if the previous label
1281 * wasn't the special CIPSO option
1283 if (snp->smk_label != NULL)
1284 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1285 &snp->smk_host, &snp->smk_mask,
1286 PF_INET, &audit_info);
1289 snp->smk_label = skp;
1293 * Now tell netlabel about the single label nature of
1294 * this host so that incoming packets get labeled.
1295 * but only if we didn't get the special CIPSO option
1297 if (rc == 0 && skp != NULL)
1298 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1299 &snp->smk_host, &snp->smk_mask, PF_INET,
1300 snp->smk_label->smk_secid, &audit_info);
1305 mutex_unlock(&smk_net4addr_lock);
1315 static const struct file_operations smk_net4addr_ops = {
1316 .open = smk_open_net4addr,
1318 .llseek = seq_lseek,
1319 .write = smk_write_net4addr,
1320 .release = seq_release,
1323 #if IS_ENABLED(CONFIG_IPV6)
1325 * Seq_file read operations for /smack/netlabel6
1328 static void *net6addr_seq_start(struct seq_file *s, loff_t *pos)
1330 return smk_seq_start(s, pos, &smk_net6addr_list);
1333 static void *net6addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1335 return smk_seq_next(s, v, pos, &smk_net6addr_list);
1339 * Print host/label pairs
1341 static int net6addr_seq_show(struct seq_file *s, void *v)
1343 struct list_head *list = v;
1344 struct smk_net6addr *skp =
1345 list_entry(list, struct smk_net6addr, list);
1347 if (skp->smk_label != NULL)
1348 seq_printf(s, "%pI6/%d %s\n", &skp->smk_host, skp->smk_masks,
1349 skp->smk_label->smk_known);
1354 static const struct seq_operations net6addr_seq_ops = {
1355 .start = net6addr_seq_start,
1356 .next = net6addr_seq_next,
1357 .show = net6addr_seq_show,
1358 .stop = smk_seq_stop,
1362 * smk_open_net6addr - open() for /smack/netlabel
1363 * @inode: inode structure representing file
1364 * @file: "netlabel" file pointer
1366 * Connect our net6addr_seq_* operations with /smack/netlabel
1369 static int smk_open_net6addr(struct inode *inode, struct file *file)
1371 return seq_open(file, &net6addr_seq_ops);
1375 * smk_net6addr_insert
1376 * @new : entry to insert
1378 * This inserts an entry in the smack_net6addrs list
1379 * sorted by netmask length (longest to smallest)
1380 * locked by &smk_net6addr_lock in smk_write_net6addr
1383 static void smk_net6addr_insert(struct smk_net6addr *new)
1385 struct smk_net6addr *m_next;
1386 struct smk_net6addr *m;
1388 if (list_empty(&smk_net6addr_list)) {
1389 list_add_rcu(&new->list, &smk_net6addr_list);
1393 m = list_entry_rcu(smk_net6addr_list.next,
1394 struct smk_net6addr, list);
1396 if (new->smk_masks > m->smk_masks) {
1397 list_add_rcu(&new->list, &smk_net6addr_list);
1401 list_for_each_entry_rcu(m, &smk_net6addr_list, list) {
1402 if (list_is_last(&m->list, &smk_net6addr_list)) {
1403 list_add_rcu(&new->list, &m->list);
1406 m_next = list_entry_rcu(m->list.next,
1407 struct smk_net6addr, list);
1408 if (new->smk_masks > m_next->smk_masks) {
1409 list_add_rcu(&new->list, &m->list);
1417 * smk_write_net6addr - write() for /smack/netlabel
1418 * @file: file pointer, not actually used
1419 * @buf: where to get the data from
1420 * @count: bytes sent
1421 * @ppos: where to start
1423 * Accepts only one net6addr per write call.
1424 * Returns number of bytes written or error code, as appropriate
1426 static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
1427 size_t count, loff_t *ppos)
1429 struct smk_net6addr *snp;
1430 struct in6_addr newname;
1431 struct in6_addr fullmask;
1432 struct smack_known *skp = NULL;
1438 unsigned int scanned[8];
1440 unsigned int mask = 128;
1443 * Must have privilege.
1444 * No partial writes.
1445 * Enough data must be present.
1446 * "<addr/mask, as a:b:c:d:e:f:g:h/e><space><label>"
1447 * "<addr, as a:b:c:d:e:f:g:h><space><label>"
1449 if (!smack_privileged(CAP_MAC_ADMIN))
1453 if (count < SMK_NETLBLADDRMIN)
1456 data = kzalloc(count + 1, GFP_KERNEL);
1460 if (copy_from_user(data, buf, count) != 0) {
1465 smack = kzalloc(count + 1, GFP_KERNEL);
1466 if (smack == NULL) {
1473 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
1474 &scanned[0], &scanned[1], &scanned[2], &scanned[3],
1475 &scanned[4], &scanned[5], &scanned[6], &scanned[7],
1478 i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
1479 &scanned[0], &scanned[1], &scanned[2],
1480 &scanned[3], &scanned[4], &scanned[5],
1481 &scanned[6], &scanned[7], smack);
1491 for (i = 0; i < 8; i++) {
1492 if (scanned[i] > 0xffff) {
1496 newname.s6_addr16[i] = htons(scanned[i]);
1500 * If smack begins with '-', it is an option, don't import it
1502 if (smack[0] != '-') {
1503 skp = smk_import_entry(smack, 0);
1510 * Only -DELETE is supported for IPv6
1512 if (strcmp(smack, SMACK_DELETE_OPTION) != 0) {
1518 for (i = 0, m = mask; i < 8; i++) {
1520 fullmask.s6_addr16[i] = 0xffff;
1523 fullmask.s6_addr16[i] = (1 << m) - 1;
1526 fullmask.s6_addr16[i] = 0;
1527 newname.s6_addr16[i] &= fullmask.s6_addr16[i];
1531 * Only allow one writer at a time. Writes should be
1532 * quite rare and small in any case.
1534 mutex_lock(&smk_net6addr_lock);
1536 * Try to find the prefix in the list
1538 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
1539 if (mask != snp->smk_masks)
1541 for (found = 1, i = 0; i < 8; i++) {
1542 if (newname.s6_addr16[i] !=
1543 snp->smk_host.s6_addr16[i]) {
1552 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1556 snp->smk_host = newname;
1557 snp->smk_mask = fullmask;
1558 snp->smk_masks = mask;
1559 snp->smk_label = skp;
1560 smk_net6addr_insert(snp);
1563 snp->smk_label = skp;
1569 mutex_unlock(&smk_net6addr_lock);
1579 static const struct file_operations smk_net6addr_ops = {
1580 .open = smk_open_net6addr,
1582 .llseek = seq_lseek,
1583 .write = smk_write_net6addr,
1584 .release = seq_release,
1586 #endif /* CONFIG_IPV6 */
1589 * smk_read_doi - read() for /smack/doi
1590 * @filp: file pointer, not actually used
1591 * @buf: where to put the result
1592 * @count: maximum to send along
1593 * @ppos: where to start
1595 * Returns number of bytes read or error code, as appropriate
1597 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1598 size_t count, loff_t *ppos)
1606 sprintf(temp, "%d", smk_cipso_doi_value);
1607 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1613 * smk_write_doi - write() for /smack/doi
1614 * @file: file pointer, not actually used
1615 * @buf: where to get the data from
1616 * @count: bytes sent
1617 * @ppos: where to start
1619 * Returns number of bytes written or error code, as appropriate
1621 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1622 size_t count, loff_t *ppos)
1627 if (!smack_privileged(CAP_MAC_ADMIN))
1630 if (count >= sizeof(temp) || count == 0)
1633 if (copy_from_user(temp, buf, count) != 0)
1638 if (sscanf(temp, "%d", &i) != 1)
1641 smk_cipso_doi_value = i;
1648 static const struct file_operations smk_doi_ops = {
1649 .read = smk_read_doi,
1650 .write = smk_write_doi,
1651 .llseek = default_llseek,
1655 * smk_read_direct - read() for /smack/direct
1656 * @filp: file pointer, not actually used
1657 * @buf: where to put the result
1658 * @count: maximum to send along
1659 * @ppos: where to start
1661 * Returns number of bytes read or error code, as appropriate
1663 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1664 size_t count, loff_t *ppos)
1672 sprintf(temp, "%d", smack_cipso_direct);
1673 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1679 * smk_write_direct - write() for /smack/direct
1680 * @file: file pointer, not actually used
1681 * @buf: where to get the data from
1682 * @count: bytes sent
1683 * @ppos: where to start
1685 * Returns number of bytes written or error code, as appropriate
1687 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1688 size_t count, loff_t *ppos)
1690 struct smack_known *skp;
1694 if (!smack_privileged(CAP_MAC_ADMIN))
1697 if (count >= sizeof(temp) || count == 0)
1700 if (copy_from_user(temp, buf, count) != 0)
1705 if (sscanf(temp, "%d", &i) != 1)
1709 * Don't do anything if the value hasn't actually changed.
1710 * If it is changing reset the level on entries that were
1711 * set up to be direct when they were created.
1713 if (smack_cipso_direct != i) {
1714 mutex_lock(&smack_known_lock);
1715 list_for_each_entry_rcu(skp, &smack_known_list, list)
1716 if (skp->smk_netlabel.attr.mls.lvl ==
1718 skp->smk_netlabel.attr.mls.lvl = i;
1719 smack_cipso_direct = i;
1720 mutex_unlock(&smack_known_lock);
1726 static const struct file_operations smk_direct_ops = {
1727 .read = smk_read_direct,
1728 .write = smk_write_direct,
1729 .llseek = default_llseek,
1733 * smk_read_mapped - read() for /smack/mapped
1734 * @filp: file pointer, not actually used
1735 * @buf: where to put the result
1736 * @count: maximum to send along
1737 * @ppos: where to start
1739 * Returns number of bytes read or error code, as appropriate
1741 static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1742 size_t count, loff_t *ppos)
1750 sprintf(temp, "%d", smack_cipso_mapped);
1751 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1757 * smk_write_mapped - write() for /smack/mapped
1758 * @file: file pointer, not actually used
1759 * @buf: where to get the data from
1760 * @count: bytes sent
1761 * @ppos: where to start
1763 * Returns number of bytes written or error code, as appropriate
1765 static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1766 size_t count, loff_t *ppos)
1768 struct smack_known *skp;
1772 if (!smack_privileged(CAP_MAC_ADMIN))
1775 if (count >= sizeof(temp) || count == 0)
1778 if (copy_from_user(temp, buf, count) != 0)
1783 if (sscanf(temp, "%d", &i) != 1)
1787 * Don't do anything if the value hasn't actually changed.
1788 * If it is changing reset the level on entries that were
1789 * set up to be mapped when they were created.
1791 if (smack_cipso_mapped != i) {
1792 mutex_lock(&smack_known_lock);
1793 list_for_each_entry_rcu(skp, &smack_known_list, list)
1794 if (skp->smk_netlabel.attr.mls.lvl ==
1796 skp->smk_netlabel.attr.mls.lvl = i;
1797 smack_cipso_mapped = i;
1798 mutex_unlock(&smack_known_lock);
1804 static const struct file_operations smk_mapped_ops = {
1805 .read = smk_read_mapped,
1806 .write = smk_write_mapped,
1807 .llseek = default_llseek,
1811 * smk_read_ambient - read() for /smack/ambient
1812 * @filp: file pointer, not actually used
1813 * @buf: where to put the result
1814 * @cn: maximum to send along
1815 * @ppos: where to start
1817 * Returns number of bytes read or error code, as appropriate
1819 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1820 size_t cn, loff_t *ppos)
1828 * Being careful to avoid a problem in the case where
1829 * smack_net_ambient gets changed in midstream.
1831 mutex_lock(&smack_ambient_lock);
1833 asize = strlen(smack_net_ambient->smk_known) + 1;
1836 rc = simple_read_from_buffer(buf, cn, ppos,
1837 smack_net_ambient->smk_known,
1842 mutex_unlock(&smack_ambient_lock);
1848 * smk_write_ambient - write() for /smack/ambient
1849 * @file: file pointer, not actually used
1850 * @buf: where to get the data from
1851 * @count: bytes sent
1852 * @ppos: where to start
1854 * Returns number of bytes written or error code, as appropriate
1856 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1857 size_t count, loff_t *ppos)
1859 struct smack_known *skp;
1864 if (!smack_privileged(CAP_MAC_ADMIN))
1867 data = kzalloc(count + 1, GFP_KERNEL);
1871 if (copy_from_user(data, buf, count) != 0) {
1876 skp = smk_import_entry(data, count);
1882 mutex_lock(&smack_ambient_lock);
1884 oldambient = smack_net_ambient->smk_known;
1885 smack_net_ambient = skp;
1886 smk_unlbl_ambient(oldambient);
1888 mutex_unlock(&smack_ambient_lock);
1895 static const struct file_operations smk_ambient_ops = {
1896 .read = smk_read_ambient,
1897 .write = smk_write_ambient,
1898 .llseek = default_llseek,
1902 * Seq_file operations for /smack/onlycap
1904 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
1906 return smk_seq_start(s, pos, &smack_onlycap_list);
1909 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
1911 return smk_seq_next(s, v, pos, &smack_onlycap_list);
1914 static int onlycap_seq_show(struct seq_file *s, void *v)
1916 struct list_head *list = v;
1917 struct smack_onlycap *sop =
1918 list_entry_rcu(list, struct smack_onlycap, list);
1920 seq_puts(s, sop->smk_label->smk_known);
1926 static const struct seq_operations onlycap_seq_ops = {
1927 .start = onlycap_seq_start,
1928 .next = onlycap_seq_next,
1929 .show = onlycap_seq_show,
1930 .stop = smk_seq_stop,
1933 static int smk_open_onlycap(struct inode *inode, struct file *file)
1935 return seq_open(file, &onlycap_seq_ops);
1939 * smk_list_swap_rcu - swap public list with a private one in RCU-safe way
1940 * The caller must hold appropriate mutex to prevent concurrent modifications
1941 * to the public list.
1942 * Private list is assumed to be not accessible to other threads yet.
1944 * @public: public list
1945 * @private: private list
1947 static void smk_list_swap_rcu(struct list_head *public,
1948 struct list_head *private)
1950 struct list_head *first, *last;
1952 if (list_empty(public)) {
1953 list_splice_init_rcu(private, public, synchronize_rcu);
1955 /* Remember public list before replacing it */
1956 first = public->next;
1957 last = public->prev;
1959 /* Publish private list in place of public in RCU-safe way */
1960 private->prev->next = public;
1961 private->next->prev = public;
1962 rcu_assign_pointer(public->next, private->next);
1963 public->prev = private->prev;
1967 /* When all readers are done with the old public list,
1968 * attach it in place of private */
1969 private->next = first;
1970 private->prev = last;
1971 first->prev = private;
1972 last->next = private;
1977 * smk_write_onlycap - write() for smackfs/onlycap
1978 * @file: file pointer, not actually used
1979 * @buf: where to get the data from
1980 * @count: bytes sent
1981 * @ppos: where to start
1983 * Returns number of bytes written or error code, as appropriate
1985 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
1986 size_t count, loff_t *ppos)
1991 struct smack_known *skp;
1992 struct smack_onlycap *sop;
1993 struct smack_onlycap *sop2;
1994 LIST_HEAD(list_tmp);
1997 if (!smack_privileged(CAP_MAC_ADMIN))
2000 data = kzalloc(count + 1, GFP_KERNEL);
2004 if (copy_from_user(data, buf, count) != 0) {
2010 while ((tok = strsep(&data_parse, " ")) != NULL) {
2014 skp = smk_import_entry(tok, 0);
2020 sop = kzalloc(sizeof(*sop), GFP_KERNEL);
2026 sop->smk_label = skp;
2027 list_add_rcu(&sop->list, &list_tmp);
2032 * Clear the smack_onlycap on invalid label errors. This means
2033 * that we can pass a null string to unset the onlycap value.
2035 * Importing will also reject a label beginning with '-',
2036 * so "-usecapabilities" will also work.
2038 * But do so only on invalid label, not on system errors.
2039 * The invalid label must be first to count as clearing attempt.
2041 if (rc == -EINVAL && list_empty(&list_tmp))
2045 mutex_lock(&smack_onlycap_lock);
2046 smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
2047 mutex_unlock(&smack_onlycap_lock);
2050 list_for_each_entry_safe(sop, sop2, &list_tmp, list)
2056 static const struct file_operations smk_onlycap_ops = {
2057 .open = smk_open_onlycap,
2059 .write = smk_write_onlycap,
2060 .llseek = seq_lseek,
2061 .release = seq_release,
2064 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2066 * smk_read_unconfined - read() for smackfs/unconfined
2067 * @filp: file pointer, not actually used
2068 * @buf: where to put the result
2069 * @cn: maximum to send along
2070 * @ppos: where to start
2072 * Returns number of bytes read or error code, as appropriate
2074 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
2075 size_t cn, loff_t *ppos)
2078 ssize_t rc = -EINVAL;
2084 if (smack_unconfined != NULL)
2085 smack = smack_unconfined->smk_known;
2087 asize = strlen(smack) + 1;
2090 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
2096 * smk_write_unconfined - write() for smackfs/unconfined
2097 * @file: file pointer, not actually used
2098 * @buf: where to get the data from
2099 * @count: bytes sent
2100 * @ppos: where to start
2102 * Returns number of bytes written or error code, as appropriate
2104 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
2105 size_t count, loff_t *ppos)
2108 struct smack_known *skp;
2111 if (!smack_privileged(CAP_MAC_ADMIN))
2114 data = kzalloc(count + 1, GFP_KERNEL);
2118 if (copy_from_user(data, buf, count) != 0) {
2124 * Clear the smack_unconfined on invalid label errors. This means
2125 * that we can pass a null string to unset the unconfined value.
2127 * Importing will also reject a label beginning with '-',
2128 * so "-confine" will also work.
2130 * But do so only on invalid label, not on system errors.
2132 skp = smk_import_entry(data, count);
2133 if (PTR_ERR(skp) == -EINVAL)
2135 else if (IS_ERR(skp)) {
2140 smack_unconfined = skp;
2147 static const struct file_operations smk_unconfined_ops = {
2148 .read = smk_read_unconfined,
2149 .write = smk_write_unconfined,
2150 .llseek = default_llseek,
2152 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */
2155 * smk_read_logging - read() for /smack/logging
2156 * @filp: file pointer, not actually used
2157 * @buf: where to put the result
2158 * @cn: maximum to send along
2159 * @ppos: where to start
2161 * Returns number of bytes read or error code, as appropriate
2163 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
2164 size_t count, loff_t *ppos)
2172 sprintf(temp, "%d\n", log_policy);
2173 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2178 * smk_write_logging - write() for /smack/logging
2179 * @file: file pointer, not actually used
2180 * @buf: where to get the data from
2181 * @count: bytes sent
2182 * @ppos: where to start
2184 * Returns number of bytes written or error code, as appropriate
2186 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
2187 size_t count, loff_t *ppos)
2192 if (!smack_privileged(CAP_MAC_ADMIN))
2195 if (count >= sizeof(temp) || count == 0)
2198 if (copy_from_user(temp, buf, count) != 0)
2203 if (sscanf(temp, "%d", &i) != 1)
2213 static const struct file_operations smk_logging_ops = {
2214 .read = smk_read_logging,
2215 .write = smk_write_logging,
2216 .llseek = default_llseek,
2220 * Seq_file read operations for /smack/load-self
2223 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
2225 struct task_smack *tsp = current_security();
2227 return smk_seq_start(s, pos, &tsp->smk_rules);
2230 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2232 struct task_smack *tsp = current_security();
2234 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2237 static int load_self_seq_show(struct seq_file *s, void *v)
2239 struct list_head *list = v;
2240 struct smack_rule *srp =
2241 list_entry_rcu(list, struct smack_rule, list);
2243 smk_rule_show(s, srp, SMK_LABELLEN);
2248 static const struct seq_operations load_self_seq_ops = {
2249 .start = load_self_seq_start,
2250 .next = load_self_seq_next,
2251 .show = load_self_seq_show,
2252 .stop = smk_seq_stop,
2257 * smk_open_load_self - open() for /smack/load-self2
2258 * @inode: inode structure representing file
2259 * @file: "load" file pointer
2261 * For reading, use load_seq_* seq_file reading operations.
2263 static int smk_open_load_self(struct inode *inode, struct file *file)
2265 return seq_open(file, &load_self_seq_ops);
2269 * smk_write_load_self - write() for /smack/load-self
2270 * @file: file pointer, not actually used
2271 * @buf: where to get the data from
2272 * @count: bytes sent
2273 * @ppos: where to start - must be 0
2276 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
2277 size_t count, loff_t *ppos)
2279 struct task_smack *tsp = current_security();
2281 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2282 &tsp->smk_rules_lock, SMK_FIXED24_FMT);
2285 static const struct file_operations smk_load_self_ops = {
2286 .open = smk_open_load_self,
2288 .llseek = seq_lseek,
2289 .write = smk_write_load_self,
2290 .release = seq_release,
2294 * smk_user_access - handle access check transaction
2295 * @file: file pointer
2296 * @buf: data from user space
2297 * @count: bytes sent
2298 * @ppos: where to start - must be 0
2300 static ssize_t smk_user_access(struct file *file, const char __user *buf,
2301 size_t count, loff_t *ppos, int format)
2303 struct smack_parsed_rule rule;
2307 data = simple_transaction_get(file, buf, count);
2309 return PTR_ERR(data);
2311 if (format == SMK_FIXED24_FMT) {
2312 if (count < SMK_LOADLEN)
2314 res = smk_parse_rule(data, &rule, 0);
2317 * simple_transaction_get() returns null-terminated data
2319 res = smk_parse_long_rule(data, &rule, 0, 3);
2323 res = smk_access(rule.smk_subject, rule.smk_object,
2324 rule.smk_access1, NULL);
2325 else if (res != -ENOENT)
2329 * smk_access() can return a value > 0 in the "bringup" case.
2331 data[0] = res >= 0 ? '1' : '0';
2334 simple_transaction_set(file, 2);
2336 if (format == SMK_FIXED24_FMT)
2342 * smk_write_access - handle access check transaction
2343 * @file: file pointer
2344 * @buf: data from user space
2345 * @count: bytes sent
2346 * @ppos: where to start - must be 0
2348 static ssize_t smk_write_access(struct file *file, const char __user *buf,
2349 size_t count, loff_t *ppos)
2351 return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
2354 static const struct file_operations smk_access_ops = {
2355 .write = smk_write_access,
2356 .read = simple_transaction_read,
2357 .release = simple_transaction_release,
2358 .llseek = generic_file_llseek,
2363 * Seq_file read operations for /smack/load2
2366 static int load2_seq_show(struct seq_file *s, void *v)
2368 struct list_head *list = v;
2369 struct smack_master_list *smlp =
2370 list_entry_rcu(list, struct smack_master_list, list);
2372 smk_rule_show(s, smlp->smk_rule, SMK_LONGLABEL);
2377 static const struct seq_operations load2_seq_ops = {
2378 .start = load2_seq_start,
2379 .next = load2_seq_next,
2380 .show = load2_seq_show,
2381 .stop = smk_seq_stop,
2385 * smk_open_load2 - open() for /smack/load2
2386 * @inode: inode structure representing file
2387 * @file: "load2" file pointer
2389 * For reading, use load2_seq_* seq_file reading operations.
2391 static int smk_open_load2(struct inode *inode, struct file *file)
2393 return seq_open(file, &load2_seq_ops);
2397 * smk_write_load2 - write() for /smack/load2
2398 * @file: file pointer, not actually used
2399 * @buf: where to get the data from
2400 * @count: bytes sent
2401 * @ppos: where to start - must be 0
2404 static ssize_t smk_write_load2(struct file *file, const char __user *buf,
2405 size_t count, loff_t *ppos)
2408 * Must have privilege.
2410 if (!smack_privileged(CAP_MAC_ADMIN))
2413 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2417 static const struct file_operations smk_load2_ops = {
2418 .open = smk_open_load2,
2420 .llseek = seq_lseek,
2421 .write = smk_write_load2,
2422 .release = seq_release,
2426 * Seq_file read operations for /smack/load-self2
2429 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
2431 struct task_smack *tsp = current_security();
2433 return smk_seq_start(s, pos, &tsp->smk_rules);
2436 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
2438 struct task_smack *tsp = current_security();
2440 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2443 static int load_self2_seq_show(struct seq_file *s, void *v)
2445 struct list_head *list = v;
2446 struct smack_rule *srp =
2447 list_entry_rcu(list, struct smack_rule, list);
2449 smk_rule_show(s, srp, SMK_LONGLABEL);
2454 static const struct seq_operations load_self2_seq_ops = {
2455 .start = load_self2_seq_start,
2456 .next = load_self2_seq_next,
2457 .show = load_self2_seq_show,
2458 .stop = smk_seq_stop,
2462 * smk_open_load_self2 - open() for /smack/load-self2
2463 * @inode: inode structure representing file
2464 * @file: "load" file pointer
2466 * For reading, use load_seq_* seq_file reading operations.
2468 static int smk_open_load_self2(struct inode *inode, struct file *file)
2470 return seq_open(file, &load_self2_seq_ops);
2474 * smk_write_load_self2 - write() for /smack/load-self2
2475 * @file: file pointer, not actually used
2476 * @buf: where to get the data from
2477 * @count: bytes sent
2478 * @ppos: where to start - must be 0
2481 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
2482 size_t count, loff_t *ppos)
2484 struct task_smack *tsp = current_security();
2486 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2487 &tsp->smk_rules_lock, SMK_LONG_FMT);
2490 static const struct file_operations smk_load_self2_ops = {
2491 .open = smk_open_load_self2,
2493 .llseek = seq_lseek,
2494 .write = smk_write_load_self2,
2495 .release = seq_release,
2499 * smk_write_access2 - handle access check transaction
2500 * @file: file pointer
2501 * @buf: data from user space
2502 * @count: bytes sent
2503 * @ppos: where to start - must be 0
2505 static ssize_t smk_write_access2(struct file *file, const char __user *buf,
2506 size_t count, loff_t *ppos)
2508 return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
2511 static const struct file_operations smk_access2_ops = {
2512 .write = smk_write_access2,
2513 .read = simple_transaction_read,
2514 .release = simple_transaction_release,
2515 .llseek = generic_file_llseek,
2519 * smk_write_revoke_subj - write() for /smack/revoke-subject
2520 * @file: file pointer
2521 * @buf: data from user space
2522 * @count: bytes sent
2523 * @ppos: where to start - must be 0
2525 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
2526 size_t count, loff_t *ppos)
2530 struct smack_known *skp;
2531 struct smack_rule *sp;
2532 struct list_head *rule_list;
2533 struct mutex *rule_lock;
2539 if (!smack_privileged(CAP_MAC_ADMIN))
2542 if (count == 0 || count > SMK_LONGLABEL)
2545 data = kzalloc(count, GFP_KERNEL);
2549 if (copy_from_user(data, buf, count) != 0) {
2554 cp = smk_parse_smack(data, count);
2560 skp = smk_find_entry(cp);
2564 rule_list = &skp->smk_rules;
2565 rule_lock = &skp->smk_rules_lock;
2567 mutex_lock(rule_lock);
2569 list_for_each_entry_rcu(sp, rule_list, list)
2572 mutex_unlock(rule_lock);
2582 static const struct file_operations smk_revoke_subj_ops = {
2583 .write = smk_write_revoke_subj,
2584 .read = simple_transaction_read,
2585 .release = simple_transaction_release,
2586 .llseek = generic_file_llseek,
2590 * smk_init_sysfs - initialize /sys/fs/smackfs
2593 static int smk_init_sysfs(void)
2595 return sysfs_create_mount_point(fs_kobj, "smackfs");
2599 * smk_write_change_rule - write() for /smack/change-rule
2600 * @file: file pointer
2601 * @buf: data from user space
2602 * @count: bytes sent
2603 * @ppos: where to start - must be 0
2605 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
2606 size_t count, loff_t *ppos)
2609 * Must have privilege.
2611 if (!smack_privileged(CAP_MAC_ADMIN))
2614 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2618 static const struct file_operations smk_change_rule_ops = {
2619 .write = smk_write_change_rule,
2620 .read = simple_transaction_read,
2621 .release = simple_transaction_release,
2622 .llseek = generic_file_llseek,
2626 * smk_read_syslog - read() for smackfs/syslog
2627 * @filp: file pointer, not actually used
2628 * @buf: where to put the result
2629 * @cn: maximum to send along
2630 * @ppos: where to start
2632 * Returns number of bytes read or error code, as appropriate
2634 static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
2635 size_t cn, loff_t *ppos)
2637 struct smack_known *skp;
2638 ssize_t rc = -EINVAL;
2644 if (smack_syslog_label == NULL)
2645 skp = &smack_known_star;
2647 skp = smack_syslog_label;
2649 asize = strlen(skp->smk_known) + 1;
2652 rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
2659 * smk_write_syslog - write() for smackfs/syslog
2660 * @file: file pointer, not actually used
2661 * @buf: where to get the data from
2662 * @count: bytes sent
2663 * @ppos: where to start
2665 * Returns number of bytes written or error code, as appropriate
2667 static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
2668 size_t count, loff_t *ppos)
2671 struct smack_known *skp;
2674 if (!smack_privileged(CAP_MAC_ADMIN))
2677 data = kzalloc(count + 1, GFP_KERNEL);
2681 if (copy_from_user(data, buf, count) != 0)
2684 skp = smk_import_entry(data, count);
2688 smack_syslog_label = skp;
2695 static const struct file_operations smk_syslog_ops = {
2696 .read = smk_read_syslog,
2697 .write = smk_write_syslog,
2698 .llseek = default_llseek,
2703 * smk_read_ptrace - read() for /smack/ptrace
2704 * @filp: file pointer, not actually used
2705 * @buf: where to put the result
2706 * @count: maximum to send along
2707 * @ppos: where to start
2709 * Returns number of bytes read or error code, as appropriate
2711 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf,
2712 size_t count, loff_t *ppos)
2720 sprintf(temp, "%d\n", smack_ptrace_rule);
2721 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2726 * smk_write_ptrace - write() for /smack/ptrace
2727 * @file: file pointer
2728 * @buf: data from user space
2729 * @count: bytes sent
2730 * @ppos: where to start - must be 0
2732 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf,
2733 size_t count, loff_t *ppos)
2738 if (!smack_privileged(CAP_MAC_ADMIN))
2741 if (*ppos != 0 || count >= sizeof(temp) || count == 0)
2744 if (copy_from_user(temp, buf, count) != 0)
2749 if (sscanf(temp, "%d", &i) != 1)
2751 if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX)
2753 smack_ptrace_rule = i;
2758 static const struct file_operations smk_ptrace_ops = {
2759 .write = smk_write_ptrace,
2760 .read = smk_read_ptrace,
2761 .llseek = default_llseek,
2765 * smk_fill_super - fill the smackfs superblock
2766 * @sb: the empty superblock
2770 * Fill in the well known entries for the smack filesystem
2772 * Returns 0 on success, an error code on failure
2774 static int smk_fill_super(struct super_block *sb, void *data, int silent)
2777 struct inode *root_inode;
2779 static struct tree_descr smack_files[] = {
2781 "load", &smk_load_ops, S_IRUGO|S_IWUSR},
2783 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2785 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2787 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2789 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2791 "netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR},
2793 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2795 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2797 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2799 "access", &smk_access_ops, S_IRUGO|S_IWUGO},
2801 "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2803 "load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2804 [SMK_LOAD_SELF2] = {
2805 "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2807 "access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2809 "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2810 [SMK_REVOKE_SUBJ] = {
2811 "revoke-subject", &smk_revoke_subj_ops,
2813 [SMK_CHANGE_RULE] = {
2814 "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
2816 "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
2818 "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
2819 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2820 [SMK_UNCONFINED] = {
2821 "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
2823 #if IS_ENABLED(CONFIG_IPV6)
2825 "ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR},
2826 #endif /* CONFIG_IPV6 */
2831 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2833 printk(KERN_ERR "%s failed %d while creating inodes\n",
2838 root_inode = d_inode(sb->s_root);
2844 * smk_mount - get the smackfs superblock
2845 * @fs_type: passed along without comment
2846 * @flags: passed along without comment
2847 * @dev_name: passed along without comment
2848 * @data: passed along without comment
2850 * Just passes everything along.
2852 * Returns what the lower level code does.
2854 static struct dentry *smk_mount(struct file_system_type *fs_type,
2855 int flags, const char *dev_name, void *data)
2857 return mount_single(fs_type, flags, data, smk_fill_super);
2860 static struct file_system_type smk_fs_type = {
2863 .kill_sb = kill_litter_super,
2866 static struct vfsmount *smackfs_mount;
2868 static int __init smk_preset_netlabel(struct smack_known *skp)
2870 skp->smk_netlabel.domain = skp->smk_known;
2871 skp->smk_netlabel.flags =
2872 NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
2873 return smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
2874 &skp->smk_netlabel, strlen(skp->smk_known));
2878 * init_smk_fs - get the smackfs superblock
2880 * register the smackfs
2882 * Do not register smackfs if Smack wasn't enabled
2883 * on boot. We can not put this method normally under the
2884 * smack_init() code path since the security subsystem get
2885 * initialized before the vfs caches.
2887 * Returns true if we were not chosen on boot or if
2888 * we were chosen and filesystem registration succeeded.
2890 static int __init init_smk_fs(void)
2895 if (!security_module_enable("smack"))
2898 err = smk_init_sysfs();
2900 printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
2902 err = register_filesystem(&smk_fs_type);
2904 smackfs_mount = kern_mount(&smk_fs_type);
2905 if (IS_ERR(smackfs_mount)) {
2906 printk(KERN_ERR "smackfs: could not mount!\n");
2907 err = PTR_ERR(smackfs_mount);
2908 smackfs_mount = NULL;
2913 smk_unlbl_ambient(NULL);
2915 rc = smk_preset_netlabel(&smack_known_floor);
2916 if (err == 0 && rc < 0)
2918 rc = smk_preset_netlabel(&smack_known_hat);
2919 if (err == 0 && rc < 0)
2921 rc = smk_preset_netlabel(&smack_known_huh);
2922 if (err == 0 && rc < 0)
2924 rc = smk_preset_netlabel(&smack_known_invalid);
2925 if (err == 0 && rc < 0)
2927 rc = smk_preset_netlabel(&smack_known_star);
2928 if (err == 0 && rc < 0)
2930 rc = smk_preset_netlabel(&smack_known_web);
2931 if (err == 0 && rc < 0)
2937 __initcall(init_smk_fs);
projects / karo-tx-linux.git / blob