Merge branch 'master' into next

diff --git a/Documentation/Smack.txt b/Documentation/Smack.txt
index 629c92e99783ecb7934ee00cf42c4a9f8556004f..34614b4c708eba850acad3ac15f7e59add026f3e 100644 (file)
--- a/Documentation/Smack.txt
+++ b/Documentation/Smack.txt
@@ -184,8 +184,9 @@ length. Single character labels using special characters, that being anything
 other than a letter or digit, are reserved for use by the Smack development
 team. Smack labels are unstructured, case sensitive, and the only operation
 ever performed on them is comparison for equality. Smack labels cannot
-contain unprintable characters or the "/" (slash) character. Smack labels
-cannot begin with a '-', which is reserved for special options.
+contain unprintable characters, the "/" (slash), the "\" (backslash), the "'"
+(quote) and '"' (double-quote) characters.
+Smack labels cannot begin with a '-', which is reserved for special options.
 
 There are some predefined labels:
 
@@ -523,3 +524,18 @@ Smack supports some mount options:
 
 These mount options apply to all file system types.
 
+Smack auditing
+
+If you want Smack auditing of security events, you need to set CONFIG_AUDIT
+in your kernel configuration.
+By default, all denied events will be audited. You can change this behavior by
+writing a single character to the /smack/logging file :
+0 : no logging
+1 : log denied (default)
+2 : log accepted
+3 : log denied & accepted
+
+Events are logged as 'key=value' pairs, for each event you at least will get
+the subjet, the object, the rights requested, the action, the kernel function
+that triggered the event, plus other pairs depending on the type of event
+audited.

diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index f11ca7979fa67b5bbf08339cf473d110ecf92f7d..322a00bb99d97f703130de7f349f2dbc9b6fa24e 100644 (file)
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -32,6 +32,7 @@ show up in /proc/sys/kernel:
 - kstack_depth_to_print       [ X86 only ]
 - l2cr                        [ PPC only ]
 - modprobe                    ==> Documentation/debugging-modules.txt
+- modules_disabled
 - msgmax
 - msgmnb
 - msgmni
@@ -184,6 +185,16 @@ kernel stack.
 
 ==============================================================
 
+modules_disabled:
+
+A toggle value indicating if modules are allowed to be loaded
+in an otherwise modular kernel.  This toggle defaults to off
+(0), but can be set true (1).  Once true, modules can be
+neither loaded nor unloaded, and the toggle cannot be set back
+to false.
+
+==============================================================
+
 osrelease, ostype & version:
 
 # cat osrelease

diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
new file mode 100644 (file)
index 0000000..e461b2c
--- /dev/null
+++ b/include/linux/lsm_audit.h
@@ -0,0 +1,111 @@
+/*
+ * Common LSM logging functions
+ * Heavily borrowed from selinux/avc.h
+ *
+ * Author : Etienne BASSET  <etienne.basset@ensta.org>
+ *
+ * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * All BUGS to : Etienne BASSET  <etienne.basset@ensta.org>
+ */
+#ifndef _LSM_COMMON_LOGGING_
+#define _LSM_COMMON_LOGGING_
+
+#include <linux/stddef.h>
+#include <linux/errno.h>
+#include <linux/kernel.h>
+#include <linux/kdev_t.h>
+#include <linux/spinlock.h>
+#include <linux/init.h>
+#include <linux/audit.h>
+#include <linux/in6.h>
+#include <linux/path.h>
+#include <linux/key.h>
+#include <linux/skbuff.h>
+#include <asm/system.h>
+
+
+/* Auxiliary data to use in generating the audit record. */
+struct common_audit_data {
+       char    type;
+#define LSM_AUDIT_DATA_FS      1
+#define LSM_AUDIT_DATA_NET     2
+#define LSM_AUDIT_DATA_CAP     3
+#define LSM_AUDIT_DATA_IPC     4
+#define LSM_AUDIT_DATA_TASK    5
+#define LSM_AUDIT_DATA_KEY     6
+       struct task_struct *tsk;
+       union   {
+               struct {
+                       struct path path;
+                       struct inode *inode;
+               } fs;
+               struct {
+                       int netif;
+                       struct sock *sk;
+                       u16 family;
+                       __be16 dport;
+                       __be16 sport;
+                       union {
+                               struct {
+                                       __be32 daddr;
+                                       __be32 saddr;
+                               } v4;
+                               struct {
+                                       struct in6_addr daddr;
+                                       struct in6_addr saddr;
+                               } v6;
+                       } fam;
+               } net;
+               int cap;
+               int ipc_id;
+               struct task_struct *tsk;
+#ifdef CONFIG_KEYS
+               struct {
+                       key_serial_t key;
+                       char *key_desc;
+               } key_struct;
+#endif
+       } u;
+       const char *function;
+       /* this union contains LSM specific data */
+       union {
+               /* SMACK data */
+               struct smack_audit_data {
+                       char *subject;
+                       char *object;
+                       char *request;
+                       int result;
+               } smack_audit_data;
+               /* SELinux data */
+               struct {
+                       u32 ssid;
+                       u32 tsid;
+                       u16 tclass;
+                       u32 requested;
+                       u32 audited;
+                       struct av_decision *avd;
+                       int result;
+               } selinux_audit_data;
+       } lsm_priv;
+       /* these callback will be implemented by a specific LSM */
+       void (*lsm_pre_audit)(struct audit_buffer *, void *);
+       void (*lsm_post_audit)(struct audit_buffer *, void *);
+};
+
+#define v4info fam.v4
+#define v6info fam.v6
+
+int ipv4_skb_to_auditdata(struct sk_buff *skb,
+               struct common_audit_data *ad, u8 *proto);
+
+int ipv6_skb_to_auditdata(struct sk_buff *skb,
+               struct common_audit_data *ad, u8 *proto);
+
+/* Initialize an LSM audit data structure. */
+#define COMMON_AUDIT_DATA_INIT(_d, _t) \
+       { memset((_d), 0, sizeof(struct common_audit_data)); \
+        (_d)->type = LSM_AUDIT_DATA_##_t; (_d)->function = __func__; }
+
+void common_lsm_audit(struct common_audit_data *a);
+
+#endif

diff --git a/include/linux/sched.h b/include/linux/sched.h
index b4c38bc8049cbbea17e0ca4f929f35df9cddbe1f..3fa82b353c985f23f61a29e7454c23753cb4b837 100644 (file)
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1885,6 +1885,7 @@ extern void sched_dead(struct task_struct *p);
 
 extern void proc_caches_init(void);
 extern void flush_signals(struct task_struct *);
+extern void __flush_signals(struct task_struct *);
 extern void ignore_signals(struct task_struct *);
 extern void flush_signal_handlers(struct task_struct *, int force_default);
 extern int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info);

diff --git a/kernel/exit.c b/kernel/exit.c
index abf9cf3b95c609f12ccb0c6992cc3a8221bdcf8b..036e8d740169876e3b531025849fb60e2e119cc2 100644 (file)
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1476,6 +1476,7 @@ static int wait_consider_task(struct task_struct *parent, int ptrace,
                 */
                if (*notask_error)
                        *notask_error = ret;
+               return 0;
        }
 
        if (likely(!ptrace) && unlikely(p->ptrace)) {

diff --git a/kernel/module.c b/kernel/module.c
index e797812a4d95f164bb377447a62de3089c0ba182..cb3887e770e21b2ca9244bef84ae19b1e9f2d3e5 100644 (file)
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -72,6 +72,9 @@ DEFINE_MUTEX(module_mutex);
 EXPORT_SYMBOL_GPL(module_mutex);
 static LIST_HEAD(modules);
 
+/* Block module loading/unloading? */
+int modules_disabled = 0;
+
 /* Waiting for a module to finish initializing? */
 static DECLARE_WAIT_QUEUE_HEAD(module_wq);
 
@@ -777,7 +780,7 @@ SYSCALL_DEFINE2(delete_module, const char __user *, name_user,
        char name[MODULE_NAME_LEN];
        int ret, forced = 0;
 
-       if (!capable(CAP_SYS_MODULE))
+       if (!capable(CAP_SYS_MODULE) || modules_disabled)
                return -EPERM;
 
        if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
@@ -2336,7 +2339,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
        int ret = 0;
 
        /* Must have permission */
-       if (!capable(CAP_SYS_MODULE))
+       if (!capable(CAP_SYS_MODULE) || modules_disabled)
                return -EPERM;
 
        /* Only one module load at a time, please */

diff --git a/kernel/signal.c b/kernel/signal.c
index d8034737db4cb86f8adca044560a3765ac65dba5..d2dd9cf5dcc68c78ce8264862115b32ea99fbe3a 100644 (file)
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -249,14 +249,19 @@ void flush_sigqueue(struct sigpending *queue)
 /*
  * Flush all pending signals for a task.
  */
+void __flush_signals(struct task_struct *t)
+{
+       clear_tsk_thread_flag(t, TIF_SIGPENDING);
+       flush_sigqueue(&t->pending);
+       flush_sigqueue(&t->signal->shared_pending);
+}
+
 void flush_signals(struct task_struct *t)
 {
        unsigned long flags;
 
        spin_lock_irqsave(&t->sighand->siglock, flags);
-       clear_tsk_thread_flag(t, TIF_SIGPENDING);
-       flush_sigqueue(&t->pending);
-       flush_sigqueue(&t->signal->shared_pending);
+       __flush_signals(t);
        spin_unlock_irqrestore(&t->sighand->siglock, flags);
 }
 

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index ea78fa101ad6a4325209f6bd9b3c350298d1e4e2..98ecf35d5bf2e47670d13d1b777b0fc95c0eb2e5 100644 (file)
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -115,6 +115,7 @@ static int ngroups_max = NGROUPS_MAX;
 
 #ifdef CONFIG_MODULES
 extern char modprobe_path[];
+extern int modules_disabled;
 #endif
 #ifdef CONFIG_CHR_DEV_SG
 extern int sg_big_buff;
@@ -535,6 +536,17 @@ static struct ctl_table kern_table[] = {
                .proc_handler   = &proc_dostring,
                .strategy       = &sysctl_string,
        },
+       {
+               .ctl_name       = CTL_UNNUMBERED,
+               .procname       = "modules_disabled",
+               .data           = &modules_disabled,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               /* only handle a transition from default "0" to "1" */
+               .proc_handler   = &proc_dointvec_minmax,
+               .extra1         = &one,
+               .extra2         = &one,
+       },
 #endif
 #if defined(CONFIG_HOTPLUG) && defined(CONFIG_NET)
        {

diff --git a/security/Makefile b/security/Makefile
index fa77021d9778ac1f32d7ec10e5322a0e6825e5c9..c67557cdaa857f9046d30cacb7f3ecc42196f9bb 100644 (file)
--- a/security/Makefile
+++ b/security/Makefile
@@ -16,6 +16,9 @@ obj-$(CONFIG_SECURITYFS)              += inode.o
 # Must precede capability.o in order to stack properly.
 obj-$(CONFIG_SECURITY_SELINUX)         += selinux/built-in.o
 obj-$(CONFIG_SECURITY_SMACK)           += smack/built-in.o
+ifeq ($(CONFIG_AUDIT),y)
+obj-$(CONFIG_SECURITY_SMACK)           += lsm_audit.o
+endif
 obj-$(CONFIG_SECURITY_TOMOYO)          += tomoyo/built-in.o
 obj-$(CONFIG_SECURITY_ROOTPLUG)                += root_plug.o
 obj-$(CONFIG_CGROUP_DEVICE)            += device_cgroup.o

diff --git a/security/commoncap.c b/security/commoncap.c
index beac0258c2a8f3a0cbad52ec9adf12e019264626..48b7e0228fa38455ee6c2bf0cb37876e96c99afb 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -28,6 +28,28 @@
 #include <linux/prctl.h>
 #include <linux/securebits.h>
 
+/*
+ * If a non-root user executes a setuid-root binary in
+ * !secure(SECURE_NOROOT) mode, then we raise capabilities.
+ * However if fE is also set, then the intent is for only
+ * the file capabilities to be applied, and the setuid-root
+ * bit is left on either to change the uid (plausible) or
+ * to get full privilege on a kernel without file capabilities
+ * support.  So in that case we do not raise capabilities.
+ *
+ * Warn if that happens, once per boot.
+ */
+static void warn_setuid_and_fcaps_mixed(char *fname)
+{
+       static int warned;
+       if (!warned) {
+               printk(KERN_INFO "warning: `%s' has both setuid-root and"
+                       " effective capabilities. Therefore not raising all"
+                       " capabilities.\n", fname);
+               warned = 1;
+       }
+}
+
 int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
 {
        NETLINK_CB(skb).eff_cap = current_cap();
@@ -463,6 +485,15 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
                return ret;
 
        if (!issecure(SECURE_NOROOT)) {
+               /*
+                * If the legacy file capability is set, then don't set privs
+                * for a setuid root binary run by a non-root user.  Do set it
+                * for a root user just to cause least surprise to an admin.
+                */
+               if (effective && new->uid != 0 && new->euid == 0) {
+                       warn_setuid_and_fcaps_mixed(bprm->filename);
+                       goto skip;
+               }
                /*
                 * To support inheritance of root-permissions and suid-root
                 * executables under compatibility mode, we override the
@@ -478,6 +509,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
                if (new->euid == 0)
                        effective = true;
        }
+skip:
 
        /* Don't let someone trace a set[ug]id/setpcap binary with the revised
         * credentials unless they have the appropriate permit

diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c
index 1e082bb987beef1ca3322fd7409f57472bac60cc..b628eea477a6854024aef69c63c86aa3b5cad3b4 100644 (file)
--- a/security/integrity/ima/ima_audit.c
+++ b/security/integrity/ima/ima_audit.c
@@ -22,18 +22,9 @@ static int ima_audit;
 static int __init ima_audit_setup(char *str)
 {
        unsigned long audit;
-       int rc, result = 0;
-       char *op = "ima_audit";
-       char *cause;
 
-       rc = strict_strtoul(str, 0, &audit);
-       if (rc || audit > 1)
-               result = 1;
-       else
-               ima_audit = audit;
-       cause = ima_audit ? "enabled" : "not_enabled";
-       integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL,
-                           op, cause, result, 0);
+       if (!strict_strtoul(str, 0, &audit))
+               ima_audit = audit ? 1 : 0;
        return 1;
 }
 __setup("ima_audit=", ima_audit_setup);
@@ -54,19 +45,10 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
                         audit_get_loginuid(current),
                         audit_get_sessionid(current));
        audit_log_task_context(ab);
-       switch (audit_msgno) {
-       case AUDIT_INTEGRITY_DATA:
-       case AUDIT_INTEGRITY_METADATA:
-       case AUDIT_INTEGRITY_PCR:
-       case AUDIT_INTEGRITY_STATUS:
-               audit_log_format(ab, " op=%s cause=%s", op, cause);
-               break;
-       case AUDIT_INTEGRITY_HASH:
-               audit_log_format(ab, " op=%s hash=%s", op, cause);
-               break;
-       default:
-               audit_log_format(ab, " op=%s", op);
-       }
+       audit_log_format(ab, " op=");
+       audit_log_string(ab, op);
+       audit_log_format(ab, " cause=");
+       audit_log_string(ab, cause);
        audit_log_format(ab, " comm=");
        audit_log_untrustedstring(ab, current->comm);
        if (fname) {

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index f4e7266f5aeec4f68de76ef040155153ae95ae1a..122f17fc7fc1f967074c16aca77b401cb3bf982e 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -29,20 +29,8 @@ int ima_initialized;
 char *ima_hash = "sha1";
 static int __init hash_setup(char *str)
 {
-       const char *op = "hash_setup";
-       const char *hash = "sha1";
-       int result = 0;
-       int audit_info = 0;
-
-       if (strncmp(str, "md5", 3) == 0) {
-               hash = "md5";
-               ima_hash = str;
-       } else if (strncmp(str, "sha1", 4) != 0) {
-               hash = "invalid_hash_type";
-               result = 1;
-       }
-       integrity_audit_msg(AUDIT_INTEGRITY_HASH, NULL, NULL, op, hash,
-                           result, audit_info);
+       if (strncmp(str, "md5", 3) == 0)
+               ima_hash = "md5";
        return 1;
 }
 __setup("ima_hash=", hash_setup);

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index b5291ad5ef563b4a5707f0dc6b926fd2aafdf997..b168c1d595cea6715705805d29d7b04f807a1150 100644 (file)
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -96,7 +96,7 @@ static bool ima_match_rules(struct ima_measure_rule_entry *rule,
        if ((rule->flags & IMA_UID) && rule->uid != tsk->cred->uid)
                return false;
        for (i = 0; i < MAX_LSM_RULES; i++) {
-               int rc;
+               int rc = 0;
                u32 osid, sid;
 
                if (!rule->lsm[i].rule)
@@ -109,7 +109,7 @@ static bool ima_match_rules(struct ima_measure_rule_entry *rule,
                        security_inode_getsecid(inode, &osid);
                        rc = security_filter_rule_match(osid,
                                                        rule->lsm[i].type,
-                                                       AUDIT_EQUAL,
+                                                       Audit_equal,
                                                        rule->lsm[i].rule,
                                                        NULL);
                        break;
@@ -119,7 +119,7 @@ static bool ima_match_rules(struct ima_measure_rule_entry *rule,
                        security_task_getsecid(tsk, &sid);
                        rc = security_filter_rule_match(sid,
                                                        rule->lsm[i].type,
-                                                       AUDIT_EQUAL,
+                                                       Audit_equal,
                                                        rule->lsm[i].rule,
                                                        NULL);
                default:
@@ -227,7 +227,7 @@ static int ima_lsm_rule_init(struct ima_measure_rule_entry *entry,
 
        entry->lsm[lsm_rule].type = audit_type;
        result = security_filter_rule_init(entry->lsm[lsm_rule].type,
-                                          AUDIT_EQUAL, args,
+                                          Audit_equal, args,
                                           &entry->lsm[lsm_rule].rule);
        return result;
 }

diff --git a/security/lsm_audit.c b/security/lsm_audit.c
new file mode 100644 (file)
index 0000000..94b8684
--- /dev/null
+++ b/security/lsm_audit.c
@@ -0,0 +1,386 @@
+/*
+ * common LSM auditing functions
+ *
+ * Based on code written for SELinux by :
+ *                     Stephen Smalley, <sds@epoch.ncsc.mil>
+ *                     James Morris <jmorris@redhat.com>
+ * Author : Etienne Basset, <etienne.basset@ensta.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ */
+
+#include <linux/types.h>
+#include <linux/stddef.h>
+#include <linux/kernel.h>
+#include <linux/fs.h>
+#include <linux/init.h>
+#include <net/sock.h>
+#include <linux/un.h>
+#include <net/af_unix.h>
+#include <linux/audit.h>
+#include <linux/ipv6.h>
+#include <linux/ip.h>
+#include <net/ip.h>
+#include <net/ipv6.h>
+#include <linux/tcp.h>
+#include <linux/udp.h>
+#include <linux/dccp.h>
+#include <linux/sctp.h>
+#include <linux/lsm_audit.h>
+
+/**
+ * ipv4_skb_to_auditdata : fill auditdata from skb
+ * @skb : the skb
+ * @ad : the audit data to fill
+ * @proto : the layer 4 protocol
+ *
+ * return  0 on success
+ */
+int ipv4_skb_to_auditdata(struct sk_buff *skb,
+               struct common_audit_data *ad, u8 *proto)
+{
+       int ret = 0;
+       struct iphdr *ih;
+
+       ih = ip_hdr(skb);
+       if (ih == NULL)
+               return -EINVAL;
+
+       ad->u.net.v4info.saddr = ih->saddr;
+       ad->u.net.v4info.daddr = ih->daddr;
+
+       if (proto)
+               *proto = ih->protocol;
+       /* non initial fragment */
+       if (ntohs(ih->frag_off) & IP_OFFSET)
+               return 0;
+
+       switch (ih->protocol) {
+       case IPPROTO_TCP: {
+               struct tcphdr *th = tcp_hdr(skb);
+               if (th == NULL)
+                       break;
+
+               ad->u.net.sport = th->source;
+               ad->u.net.dport = th->dest;
+               break;
+       }
+       case IPPROTO_UDP: {
+               struct udphdr *uh = udp_hdr(skb);
+               if (uh == NULL)
+                       break;
+
+               ad->u.net.sport = uh->source;
+               ad->u.net.dport = uh->dest;
+               break;
+       }
+       case IPPROTO_DCCP: {
+               struct dccp_hdr *dh = dccp_hdr(skb);
+               if (dh == NULL)
+                       break;
+
+               ad->u.net.sport = dh->dccph_sport;
+               ad->u.net.dport = dh->dccph_dport;
+               break;
+       }
+       case IPPROTO_SCTP: {
+               struct sctphdr *sh = sctp_hdr(skb);
+               if (sh == NULL)
+                       break;
+               ad->u.net.sport = sh->source;
+               ad->u.net.dport = sh->dest;
+               break;
+       }
+       default:
+               ret = -EINVAL;
+       }
+       return ret;
+}
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+/**
+ * ipv6_skb_to_auditdata : fill auditdata from skb
+ * @skb : the skb
+ * @ad : the audit data to fill
+ * @proto : the layer 4 protocol
+ *
+ * return  0 on success
+ */
+int ipv6_skb_to_auditdata(struct sk_buff *skb,
+               struct common_audit_data *ad, u8 *proto)
+{
+       int offset, ret = 0;
+       struct ipv6hdr *ip6;
+       u8 nexthdr;
+
+       ip6 = ipv6_hdr(skb);
+       if (ip6 == NULL)
+               return -EINVAL;
+       ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
+       ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
+       ret = 0;
+       /* IPv6 can have several extension header before the Transport header
+        * skip them */
+       offset = skb_network_offset(skb);
+       offset += sizeof(*ip6);
+       nexthdr = ip6->nexthdr;
+       offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
+       if (offset < 0)
+               return 0;
+       if (proto)
+               *proto = nexthdr;
+       switch (nexthdr) {
+       case IPPROTO_TCP: {
+               struct tcphdr _tcph, *th;
+
+               th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
+               if (th == NULL)
+                       break;
+
+               ad->u.net.sport = th->source;
+               ad->u.net.dport = th->dest;
+               break;
+       }
+       case IPPROTO_UDP: {
+               struct udphdr _udph, *uh;
+
+               uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
+               if (uh == NULL)
+                       break;
+
+               ad->u.net.sport = uh->source;
+               ad->u.net.dport = uh->dest;
+               break;
+       }
+       case IPPROTO_DCCP: {
+               struct dccp_hdr _dccph, *dh;
+
+               dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
+               if (dh == NULL)
+                       break;
+
+               ad->u.net.sport = dh->dccph_sport;
+               ad->u.net.dport = dh->dccph_dport;
+               break;
+       }
+       case IPPROTO_SCTP: {
+               struct sctphdr _sctph, *sh;
+
+               sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
+               if (sh == NULL)
+                       break;
+               ad->u.net.sport = sh->source;
+               ad->u.net.dport = sh->dest;
+               break;
+       }
+       default:
+               ret = -EINVAL;
+       }
+       return ret;
+}
+#endif
+
+
+static inline void print_ipv6_addr(struct audit_buffer *ab,
+                                  struct in6_addr *addr, __be16 port,
+                                  char *name1, char *name2)
+{
+       if (!ipv6_addr_any(addr))
+               audit_log_format(ab, " %s=%pI6", name1, addr);
+       if (port)
+               audit_log_format(ab, " %s=%d", name2, ntohs(port));
+}
+
+static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
+                                  __be16 port, char *name1, char *name2)
+{
+       if (addr)
+               audit_log_format(ab, " %s=%pI4", name1, &addr);
+       if (port)
+               audit_log_format(ab, " %s=%d", name2, ntohs(port));
+}
+
+/**
+ * dump_common_audit_data - helper to dump common audit data
+ * @a : common audit data
+ *
+ */
+static void dump_common_audit_data(struct audit_buffer *ab,
+                                  struct common_audit_data *a)
+{
+       struct inode *inode = NULL;
+       struct task_struct *tsk = current;
+
+       if (a->tsk)
+               tsk = a->tsk;
+       if (tsk && tsk->pid) {
+               audit_log_format(ab, " pid=%d comm=", tsk->pid);
+               audit_log_untrustedstring(ab, tsk->comm);
+       }
+
+       switch (a->type) {
+       case LSM_AUDIT_DATA_IPC:
+               audit_log_format(ab, " key=%d ", a->u.ipc_id);
+               break;
+       case LSM_AUDIT_DATA_CAP:
+               audit_log_format(ab, " capability=%d ", a->u.cap);
+               break;
+       case LSM_AUDIT_DATA_FS:
+               if (a->u.fs.path.dentry) {
+                       struct dentry *dentry = a->u.fs.path.dentry;
+                       if (a->u.fs.path.mnt) {
+                               audit_log_d_path(ab, "path=", &a->u.fs.path);
+                       } else {
+                               audit_log_format(ab, " name=");
+                               audit_log_untrustedstring(ab,
+                                                dentry->d_name.name);
+                       }
+                       inode = dentry->d_inode;
+               } else if (a->u.fs.inode) {
+                       struct dentry *dentry;
+                       inode = a->u.fs.inode;
+                       dentry = d_find_alias(inode);
+                       if (dentry) {
+                               audit_log_format(ab, " name=");
+                               audit_log_untrustedstring(ab,
+                                                dentry->d_name.name);
+                               dput(dentry);
+                       }
+               }
+               if (inode)
+                       audit_log_format(ab, " dev=%s ino=%lu",
+                                       inode->i_sb->s_id,
+                                       inode->i_ino);
+               break;
+       case LSM_AUDIT_DATA_TASK:
+               tsk = a->u.tsk;
+               if (tsk && tsk->pid) {
+                       audit_log_format(ab, " pid=%d comm=", tsk->pid);
+                       audit_log_untrustedstring(ab, tsk->comm);
+               }
+               break;
+       case LSM_AUDIT_DATA_NET:
+               if (a->u.net.sk) {
+                       struct sock *sk = a->u.net.sk;
+                       struct unix_sock *u;
+                       int len = 0;
+                       char *p = NULL;
+
+                       switch (sk->sk_family) {
+                       case AF_INET: {
+                               struct inet_sock *inet = inet_sk(sk);
+
+                               print_ipv4_addr(ab, inet->rcv_saddr,
+                                               inet->sport,
+                                               "laddr", "lport");
+                               print_ipv4_addr(ab, inet->daddr,
+                                               inet->dport,
+                                               "faddr", "fport");
+                               break;
+                       }
+                       case AF_INET6: {
+                               struct inet_sock *inet = inet_sk(sk);
+                               struct ipv6_pinfo *inet6 = inet6_sk(sk);
+
+                               print_ipv6_addr(ab, &inet6->rcv_saddr,
+                                               inet->sport,
+                                               "laddr", "lport");
+                               print_ipv6_addr(ab, &inet6->daddr,
+                                               inet->dport,
+                                               "faddr", "fport");
+                               break;
+                       }
+                       case AF_UNIX:
+                               u = unix_sk(sk);
+                               if (u->dentry) {
+                                       struct path path = {
+                                               .dentry = u->dentry,
+                                               .mnt = u->mnt
+                                       };
+                                       audit_log_d_path(ab, "path=", &path);
+                                       break;
+                               }
+                               if (!u->addr)
+                                       break;
+                               len = u->addr->len-sizeof(short);
+                               p = &u->addr->name->sun_path[0];
+                               audit_log_format(ab, " path=");
+                               if (*p)
+                                       audit_log_untrustedstring(ab, p);
+                               else
+                                       audit_log_n_hex(ab, p, len);
+                               break;
+                       }
+               }
+
+               switch (a->u.net.family) {
+               case AF_INET:
+                       print_ipv4_addr(ab, a->u.net.v4info.saddr,
+                                       a->u.net.sport,
+                                       "saddr", "src");
+                       print_ipv4_addr(ab, a->u.net.v4info.daddr,
+                                       a->u.net.dport,
+                                       "daddr", "dest");
+                       break;
+               case AF_INET6:
+                       print_ipv6_addr(ab, &a->u.net.v6info.saddr,
+                                       a->u.net.sport,
+                                       "saddr", "src");
+                       print_ipv6_addr(ab, &a->u.net.v6info.daddr,
+                                       a->u.net.dport,
+                                       "daddr", "dest");
+                       break;
+               }
+               if (a->u.net.netif > 0) {
+                       struct net_device *dev;
+
+                       /* NOTE: we always use init's namespace */
+                       dev = dev_get_by_index(&init_net, a->u.net.netif);
+                       if (dev) {
+                               audit_log_format(ab, " netif=%s", dev->name);
+                               dev_put(dev);
+                       }
+               }
+               break;
+#ifdef CONFIG_KEYS
+       case LSM_AUDIT_DATA_KEY:
+               audit_log_format(ab, " key_serial=%u", a->u.key_struct.key);
+               if (a->u.key_struct.key_desc) {
+                       audit_log_format(ab, " key_desc=");
+                       audit_log_untrustedstring(ab, a->u.key_struct.key_desc);
+               }
+               break;
+#endif
+       } /* switch (a->type) */
+}
+
+/**
+ * common_lsm_audit - generic LSM auditing function
+ * @a:  auxiliary audit data
+ *
+ * setup the audit buffer for common security information
+ * uses callback to print LSM specific information
+ */
+void common_lsm_audit(struct common_audit_data *a)
+{
+       struct audit_buffer *ab;
+
+       if (a == NULL)
+               return;
+       /* we use GFP_ATOMIC so we won't sleep */
+       ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC);
+
+       if (ab == NULL)
+               return;
+
+       if (a->lsm_pre_audit)
+               a->lsm_pre_audit(ab, a);
+
+       dump_common_audit_data(ab, a);
+
+       if (a->lsm_post_audit)
+               a->lsm_post_audit(ab, a);
+
+       audit_log_end(ab);
+}

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 7f9b5fac87793a19faf3d310a4e04f8a158bb476..b2ab608598325bcea26430f6ebd1eac30a67ad61 100644 (file)
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -927,7 +927,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
        if (denied) {
                if (flags & AVC_STRICT)
                        rc = -EACCES;
-               else if (!selinux_enforcing || security_permissive_sid(ssid))
+               else if (!selinux_enforcing || (avd->flags & AVD_FLAGS_PERMISSIVE))
                        avc_update_node(AVC_CALLBACK_GRANT, requested, ssid,
                                        tsid, tclass, avd->seqno);
                else

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 2fcad7c33eafd43a5e67beef49aea5f7cd020a89..195906bce2663f09e4fb65c4e39edb2cd20d0d33 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1980,10 +1980,6 @@ static int selinux_sysctl(ctl_table *table, int op)
        u32 tsid, sid;
        int rc;
 
-       rc = secondary_ops->sysctl(table, op);
-       if (rc)
-               return rc;
-
        sid = current_sid();
 
        rc = selinux_sysctl_get_sid(table, (op == 0001) ?
@@ -2375,10 +2371,8 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
 {
        const struct task_security_struct *tsec = current_security();
        struct itimerval itimer;
-       struct sighand_struct *psig;
        u32 osid, sid;
        int rc, i;
-       unsigned long flags;
 
        osid = tsec->osid;
        sid = tsec->sid;
@@ -2398,22 +2392,20 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
                memset(&itimer, 0, sizeof itimer);
                for (i = 0; i < 3; i++)
                        do_setitimer(i, &itimer, NULL);
-               flush_signals(current);
                spin_lock_irq(&current->sighand->siglock);
-               flush_signal_handlers(current, 1);
-               sigemptyset(&current->blocked);
-               recalc_sigpending();
+               if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
+                       __flush_signals(current);
+                       flush_signal_handlers(current, 1);
+                       sigemptyset(&current->blocked);
+               }
                spin_unlock_irq(&current->sighand->siglock);
        }
 
        /* Wake up the parent if it is waiting so that it can recheck
         * wait permission to the new task SID. */
-       read_lock_irq(&tasklist_lock);
-       psig = current->parent->sighand;
-       spin_lock_irqsave(&psig->siglock, flags);
-       wake_up_interruptible(&current->parent->signal->wait_chldexit);
-       spin_unlock_irqrestore(&psig->siglock, flags);
-       read_unlock_irq(&tasklist_lock);
+       read_lock(&tasklist_lock);
+       wake_up_interruptible(&current->real_parent->signal->wait_chldexit);
+       read_unlock(&tasklist_lock);
 }
 
 /* superblock security operations */

diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 5c3434f7626fdd5cbe81ff0120ad3f092713fd95..a7be3f01fb08143c303d555006b42f327fb1e729 100644 (file)
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -91,9 +91,11 @@ struct av_decision {
        u32 auditallow;
        u32 auditdeny;
        u32 seqno;
+       u32 flags;
 };
 
-int security_permissive_sid(u32 sid);
+/* definitions of av_decision.flags */
+#define AVD_FLAGS_PERMISSIVE   0x0001
 
 int security_compute_av(u32 ssid, u32 tsid,
        u16 tclass, u32 requested,

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 2d5136ec3d5451c945f89e59b2f9ea4433bfa6a4..8d4007fbe0e96c4476bdacfce3416b3bd4f574ee 100644 (file)
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -527,10 +527,10 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
                goto out2;
 
        length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
-                         "%x %x %x %x %u",
+                         "%x %x %x %x %u %x",
                          avd.allowed, 0xffffffff,
                          avd.auditallow, avd.auditdeny,
-                         avd.seqno);
+                         avd.seqno, avd.flags);
 out2:
        kfree(tcon);
 out:

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index deeec6c013aef6dee9d664e3fe46b0a892d9f27e..500e6f78e1159e1d568355ce74a113b4b49859c1 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -410,6 +410,7 @@ static int context_struct_compute_av(struct context *scontext,
        avd->auditallow = 0;
        avd->auditdeny = 0xffffffff;
        avd->seqno = latest_granting;
+       avd->flags = 0;
 
        /*
         * Check for all the invalid cases.
@@ -528,31 +529,6 @@ inval_class:
        return 0;
 }
 
-/*
- * Given a sid find if the type has the permissive flag set
- */
-int security_permissive_sid(u32 sid)
-{
-       struct context *context;
-       u32 type;
-       int rc;
-
-       read_lock(&policy_rwlock);
-
-       context = sidtab_search(&sidtab, sid);
-       BUG_ON(!context);
-
-       type = context->type;
-       /*
-        * we are intentionally using type here, not type-1, the 0th bit may
-        * someday indicate that we are globally setting permissive in policy.
-        */
-       rc = ebitmap_get_bit(&policydb.permissive_map, type);
-
-       read_unlock(&policy_rwlock);
-       return rc;
-}
-
 static int security_validtrans_handle_fail(struct context *ocontext,
                                           struct context *ncontext,
                                           struct context *tcontext,
@@ -767,6 +743,10 @@ int security_compute_av(u32 ssid,
 
        rc = context_struct_compute_av(scontext, tcontext, tclass,
                                       requested, avd);
+
+       /* permissive domain? */
+       if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))
+           avd->flags |= AVD_FLAGS_PERMISSIVE;
 out:
        read_unlock(&policy_rwlock);
        return rc;

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 42ef313f98560451b2b45d563d1f5e26e23ca795..243bec175be050f930189a25d4a4bb6d5dc85ef3 100644 (file)
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -20,6 +20,7 @@
 #include <net/netlabel.h>
 #include <linux/list.h>
 #include <linux/rculist.h>
+#include <linux/lsm_audit.h>
 
 /*
  * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is
@@ -178,6 +179,20 @@ struct smack_known {
 #define MAY_READWRITE  (MAY_READ | MAY_WRITE)
 #define MAY_NOT                0
 
+/*
+ * Number of access types used by Smack (rwxa)
+ */
+#define SMK_NUM_ACCESS_TYPE 4
+
+/*
+ * Smack audit data; is empty if CONFIG_AUDIT not set
+ * to save some stack
+ */
+struct smk_audit_info {
+#ifdef CONFIG_AUDIT
+       struct common_audit_data a;
+#endif
+};
 /*
  * These functions are in smack_lsm.c
  */
@@ -186,8 +201,8 @@ struct inode_smack *new_inode_smack(char *);
 /*
  * These functions are in smack_access.c
  */
-int smk_access(char *, char *, int);
-int smk_curacc(char *, u32);
+int smk_access(char *, char *, int, struct smk_audit_info *);
+int smk_curacc(char *, u32, struct smk_audit_info *);
 int smack_to_cipso(const char *, struct smack_cipso *);
 void smack_from_cipso(u32, char *, char *);
 char *smack_from_secid(const u32);
@@ -237,4 +252,93 @@ static inline char *smk_of_inode(const struct inode *isp)
        return sip->smk_inode;
 }
 
+/*
+ * logging functions
+ */
+#define SMACK_AUDIT_DENIED 0x1
+#define SMACK_AUDIT_ACCEPT 0x2
+extern int log_policy;
+
+void smack_log(char *subject_label, char *object_label,
+               int request,
+               int result, struct smk_audit_info *auditdata);
+
+#ifdef CONFIG_AUDIT
+
+/*
+ * some inline functions to set up audit data
+ * they do nothing if CONFIG_AUDIT is not set
+ *
+ */
+static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
+                              char type)
+{
+       memset(a, 0, sizeof(*a));
+       a->a.type = type;
+       a->a.function = func;
+}
+
+static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
+                                        struct task_struct *t)
+{
+       a->a.u.tsk = t;
+}
+static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
+                                                   struct dentry *d)
+{
+       a->a.u.fs.path.dentry = d;
+}
+static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
+                                                struct vfsmount *m)
+{
+       a->a.u.fs.path.mnt = m;
+}
+static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
+                                             struct inode *i)
+{
+       a->a.u.fs.inode = i;
+}
+static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
+                                            struct path p)
+{
+       a->a.u.fs.path = p;
+}
+static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
+                                           struct sock *sk)
+{
+       a->a.u.net.sk = sk;
+}
+
+#else /* no AUDIT */
+
+static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
+                              char type)
+{
+}
+static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
+                                        struct task_struct *t)
+{
+}
+static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
+                                                   struct dentry *d)
+{
+}
+static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
+                                                struct vfsmount *m)
+{
+}
+static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
+                                             struct inode *i)
+{
+}
+static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
+                                            struct path p)
+{
+}
+static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
+                                           struct sock *sk)
+{
+}
+#endif
+
 #endif  /* _SECURITY_SMACK_H */

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index ac0a2707f6d41583e9e325819ab2265483320853..513dc1aa16dd1ff5594745b463dd67118648705a 100644 (file)
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -59,11 +59,18 @@ LIST_HEAD(smack_known_list);
  */
 static u32 smack_next_secid = 10;
 
+/*
+ * what events do we log
+ * can be overwritten at run-time by /smack/logging
+ */
+int log_policy = SMACK_AUDIT_DENIED;
+
 /**
  * smk_access - determine if a subject has a specific access to an object
  * @subject_label: a pointer to the subject's Smack label
  * @object_label: a pointer to the object's Smack label
  * @request: the access requested, in "MAY" format
+ * @a : a pointer to the audit data
  *
  * This function looks up the subject/object pair in the
  * access rule list and returns 0 if the access is permitted,
@@ -78,10 +85,12 @@ static u32 smack_next_secid = 10;
  * will be on the list, so checking the pointers may be a worthwhile
  * optimization.
  */
-int smk_access(char *subject_label, char *object_label, int request)
+int smk_access(char *subject_label, char *object_label, int request,
+              struct smk_audit_info *a)
 {
        u32 may = MAY_NOT;
        struct smack_rule *srp;
+       int rc = 0;
 
        /*
         * Hardcoded comparisons.
@@ -89,8 +98,10 @@ int smk_access(char *subject_label, char *object_label, int request)
         * A star subject can't access any object.
         */
        if (subject_label == smack_known_star.smk_known ||
-           strcmp(subject_label, smack_known_star.smk_known) == 0)
-               return -EACCES;
+           strcmp(subject_label, smack_known_star.smk_known) == 0) {
+               rc = -EACCES;
+               goto out_audit;
+       }
        /*
         * An internet object can be accessed by any subject.
         * Tasks cannot be assigned the internet label.
@@ -100,20 +111,20 @@ int smk_access(char *subject_label, char *object_label, int request)
            subject_label == smack_known_web.smk_known ||
            strcmp(object_label, smack_known_web.smk_known) == 0 ||
            strcmp(subject_label, smack_known_web.smk_known) == 0)
-               return 0;
+               goto out_audit;
        /*
         * A star object can be accessed by any subject.
         */
        if (object_label == smack_known_star.smk_known ||
            strcmp(object_label, smack_known_star.smk_known) == 0)
-               return 0;
+               goto out_audit;
        /*
         * An object can be accessed in any way by a subject
         * with the same label.
         */
        if (subject_label == object_label ||
            strcmp(subject_label, object_label) == 0)
-               return 0;
+               goto out_audit;
        /*
         * A hat subject can read any object.
         * A floor object can be read by any subject.
@@ -121,10 +132,10 @@ int smk_access(char *subject_label, char *object_label, int request)
        if ((request & MAY_ANYREAD) == request) {
                if (object_label == smack_known_floor.smk_known ||
                    strcmp(object_label, smack_known_floor.smk_known) == 0)
-                       return 0;
+                       goto out_audit;
                if (subject_label == smack_known_hat.smk_known ||
                    strcmp(subject_label, smack_known_hat.smk_known) == 0)
-                       return 0;
+                       goto out_audit;
        }
        /*
         * Beyond here an explicit relationship is required.
@@ -148,28 +159,36 @@ int smk_access(char *subject_label, char *object_label, int request)
         * This is a bit map operation.
         */
        if ((request & may) == request)
-               return 0;
-
-       return -EACCES;
+               goto out_audit;
+
+       rc = -EACCES;
+out_audit:
+#ifdef CONFIG_AUDIT
+       if (a)
+               smack_log(subject_label, object_label, request, rc, a);
+#endif
+       return rc;
 }
 
 /**
  * smk_curacc - determine if current has a specific access to an object
  * @obj_label: a pointer to the object's Smack label
  * @mode: the access requested, in "MAY" format
+ * @a : common audit data
  *
  * This function checks the current subject label/object label pair
  * in the access rule list and returns 0 if the access is permitted,
  * non zero otherwise. It allows that current may have the capability
  * to override the rules.
  */
-int smk_curacc(char *obj_label, u32 mode)
+int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
 {
        int rc;
+       char *sp = current_security();
 
-       rc = smk_access(current_security(), obj_label, mode);
+       rc = smk_access(sp, obj_label, mode, NULL);
        if (rc == 0)
-               return 0;
+               goto out_audit;
 
        /*
         * Return if a specific label has been designated as the
@@ -177,14 +196,105 @@ int smk_curacc(char *obj_label, u32 mode)
         * have that label.
         */
        if (smack_onlycap != NULL && smack_onlycap != current->cred->security)
-               return rc;
+               goto out_audit;
 
        if (capable(CAP_MAC_OVERRIDE))
                return 0;
 
+out_audit:
+#ifdef CONFIG_AUDIT
+       if (a)
+               smack_log(sp, obj_label, mode, rc, a);
+#endif
        return rc;
 }
 
+#ifdef CONFIG_AUDIT
+/**
+ * smack_str_from_perm : helper to transalate an int to a
+ * readable string
+ * @string : the string to fill
+ * @access : the int
+ *
+ */
+static inline void smack_str_from_perm(char *string, int access)
+{
+       int i = 0;
+       if (access & MAY_READ)
+               string[i++] = 'r';
+       if (access & MAY_WRITE)
+               string[i++] = 'w';
+       if (access & MAY_EXEC)
+               string[i++] = 'x';
+       if (access & MAY_APPEND)
+               string[i++] = 'a';
+       string[i] = '\0';
+}
+/**
+ * smack_log_callback - SMACK specific information
+ * will be called by generic audit code
+ * @ab : the audit_buffer
+ * @a  : audit_data
+ *
+ */
+static void smack_log_callback(struct audit_buffer *ab, void *a)
+{
+       struct common_audit_data *ad = a;
+       struct smack_audit_data *sad = &ad->lsm_priv.smack_audit_data;
+       audit_log_format(ab, "lsm=SMACK fn=%s action=%s", ad->function,
+                        sad->result ? "denied" : "granted");
+       audit_log_format(ab, " subject=");
+       audit_log_untrustedstring(ab, sad->subject);
+       audit_log_format(ab, " object=");
+       audit_log_untrustedstring(ab, sad->object);
+       audit_log_format(ab, " requested=%s", sad->request);
+}
+
+/**
+ *  smack_log - Audit the granting or denial of permissions.
+ *  @subject_label : smack label of the requester
+ *  @object_label  : smack label of the object being accessed
+ *  @request: requested permissions
+ *  @result: result from smk_access
+ *  @a:  auxiliary audit data
+ *
+ * Audit the granting or denial of permissions in accordance
+ * with the policy.
+ */
+void smack_log(char *subject_label, char *object_label, int request,
+              int result, struct smk_audit_info *ad)
+{
+       char request_buffer[SMK_NUM_ACCESS_TYPE + 1];
+       struct smack_audit_data *sad;
+       struct common_audit_data *a = &ad->a;
+
+       /* check if we have to log the current event */
+       if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
+               return;
+       if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
+               return;
+
+       if (a->function == NULL)
+               a->function = "unknown";
+
+       /* end preparing the audit data */
+       sad = &a->lsm_priv.smack_audit_data;
+       smack_str_from_perm(request_buffer, request);
+       sad->subject = subject_label;
+       sad->object  = object_label;
+       sad->request = request_buffer;
+       sad->result  = result;
+       a->lsm_pre_audit = smack_log_callback;
+
+       common_lsm_audit(a);
+}
+#else /* #ifdef CONFIG_AUDIT */
+void smack_log(char *subject_label, char *object_label, int request,
+               int result, struct smk_audit_info *ad)
+{
+}
+#endif
+
 static DEFINE_MUTEX(smack_known_lock);
 
 /**
@@ -209,7 +319,8 @@ struct smack_known *smk_import_entry(const char *string, int len)
                if (found)
                        smack[i] = '\0';
                else if (i >= len || string[i] > '~' || string[i] <= ' ' ||
-                        string[i] == '/') {
+                        string[i] == '/' || string[i] == '"' ||
+                        string[i] == '\\' || string[i] == '\'') {
                        smack[i] = '\0';
                        found = 1;
                } else

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 98b3195347ab46d84749920de3b6b45df134de5f..0d030b4513c8cf73a0858d981de244da0ad6c578 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -30,7 +30,6 @@
 #include <net/netlabel.h>
 #include <net/cipso_ipv4.h>
 #include <linux/audit.h>
-
 #include "smack.h"
 
 #define task_security(task)    (task_cred_xxx((task), security))
@@ -103,14 +102,24 @@ struct inode_smack *new_inode_smack(char *smack)
 static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode)
 {
        int rc;
+       struct smk_audit_info ad;
+       char *sp, *tsp;
 
        rc = cap_ptrace_may_access(ctp, mode);
        if (rc != 0)
                return rc;
 
-       rc = smk_access(current_security(), task_security(ctp), MAY_READWRITE);
+       sp = current_security();
+       tsp = task_security(ctp);
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
+       smk_ad_setfield_u_tsk(&ad, ctp);
+
+       /* we won't log here, because rc can be overriden */
+       rc = smk_access(sp, tsp, MAY_READWRITE, NULL);
        if (rc != 0 && capable(CAP_MAC_OVERRIDE))
-               return 0;
+               rc = 0;
+
+       smack_log(sp, tsp, MAY_READWRITE, rc, &ad);
        return rc;
 }
 
@@ -125,14 +134,24 @@ static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode)
 static int smack_ptrace_traceme(struct task_struct *ptp)
 {
        int rc;
+       struct smk_audit_info ad;
+       char *sp, *tsp;
 
        rc = cap_ptrace_traceme(ptp);
        if (rc != 0)
                return rc;
 
-       rc = smk_access(task_security(ptp), current_security(), MAY_READWRITE);
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
+       smk_ad_setfield_u_tsk(&ad, ptp);
+
+       sp = current_security();
+       tsp = task_security(ptp);
+       /* we won't log here, because rc can be overriden */
+       rc = smk_access(tsp, sp, MAY_READWRITE, NULL);
        if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE))
-               return 0;
+               rc = 0;
+
+       smack_log(tsp, sp, MAY_READWRITE, rc, &ad);
        return rc;
 }
 
@@ -327,8 +346,14 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 static int smack_sb_statfs(struct dentry *dentry)
 {
        struct superblock_smack *sbp = dentry->d_sb->s_security;
+       int rc;
+       struct smk_audit_info ad;
 
-       return smk_curacc(sbp->smk_floor, MAY_READ);
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
+
+       rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
+       return rc;
 }
 
 /**
@@ -346,8 +371,12 @@ static int smack_sb_mount(char *dev_name, struct path *path,
                          char *type, unsigned long flags, void *data)
 {
        struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
+       struct smk_audit_info ad;
+
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path(&ad, *path);
 
-       return smk_curacc(sbp->smk_floor, MAY_WRITE);
+       return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
 }
 
 /**
@@ -361,10 +390,14 @@ static int smack_sb_mount(char *dev_name, struct path *path,
 static int smack_sb_umount(struct vfsmount *mnt, int flags)
 {
        struct superblock_smack *sbp;
+       struct smk_audit_info ad;
 
-       sbp = mnt->mnt_sb->s_security;
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_mountpoint);
+       smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
 
-       return smk_curacc(sbp->smk_floor, MAY_WRITE);
+       sbp = mnt->mnt_sb->s_security;
+       return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
 }
 
 /*
@@ -441,15 +474,20 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
                            struct dentry *new_dentry)
 {
-       int rc;
        char *isp;
+       struct smk_audit_info ad;
+       int rc;
+
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
 
        isp = smk_of_inode(old_dentry->d_inode);
-       rc = smk_curacc(isp, MAY_WRITE);
+       rc = smk_curacc(isp, MAY_WRITE, &ad);
 
        if (rc == 0 && new_dentry->d_inode != NULL) {
                isp = smk_of_inode(new_dentry->d_inode);
-               rc = smk_curacc(isp, MAY_WRITE);
+               smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
+               rc = smk_curacc(isp, MAY_WRITE, &ad);
        }
 
        return rc;
@@ -466,18 +504,24 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
 {
        struct inode *ip = dentry->d_inode;
+       struct smk_audit_info ad;
        int rc;
 
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
+
        /*
         * You need write access to the thing you're unlinking
         */
-       rc = smk_curacc(smk_of_inode(ip), MAY_WRITE);
-       if (rc == 0)
+       rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
+       if (rc == 0) {
                /*
                 * You also need write access to the containing directory
                 */
-               rc = smk_curacc(smk_of_inode(dir), MAY_WRITE);
-
+               smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
+               smk_ad_setfield_u_fs_inode(&ad, dir);
+               rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
+       }
        return rc;
 }
 
@@ -491,17 +535,24 @@ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
  */
 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
 {
+       struct smk_audit_info ad;
        int rc;
 
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
+
        /*
         * You need write access to the thing you're removing
         */
-       rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
-       if (rc == 0)
+       rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
+       if (rc == 0) {
                /*
                 * You also need write access to the containing directory
                 */
-               rc = smk_curacc(smk_of_inode(dir), MAY_WRITE);
+               smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
+               smk_ad_setfield_u_fs_inode(&ad, dir);
+               rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
+       }
 
        return rc;
 }
@@ -525,15 +576,19 @@ static int smack_inode_rename(struct inode *old_inode,
 {
        int rc;
        char *isp;
+       struct smk_audit_info ad;
+
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
 
        isp = smk_of_inode(old_dentry->d_inode);
-       rc = smk_curacc(isp, MAY_READWRITE);
+       rc = smk_curacc(isp, MAY_READWRITE, &ad);
 
        if (rc == 0 && new_dentry->d_inode != NULL) {
                isp = smk_of_inode(new_dentry->d_inode);
-               rc = smk_curacc(isp, MAY_READWRITE);
+               smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
+               rc = smk_curacc(isp, MAY_READWRITE, &ad);
        }
-
        return rc;
 }
 
@@ -548,13 +603,15 @@ static int smack_inode_rename(struct inode *old_inode,
  */
 static int smack_inode_permission(struct inode *inode, int mask)
 {
+       struct smk_audit_info ad;
        /*
         * No permission to check. Existence test. Yup, it's there.
         */
        if (mask == 0)
                return 0;
-
-       return smk_curacc(smk_of_inode(inode), mask);
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_inode(&ad, inode);
+       return smk_curacc(smk_of_inode(inode), mask, &ad);
 }
 
 /**
@@ -566,13 +623,16 @@ static int smack_inode_permission(struct inode *inode, int mask)
  */
 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
 {
+       struct smk_audit_info ad;
        /*
         * Need to allow for clearing the setuid bit.
         */
        if (iattr->ia_valid & ATTR_FORCE)
                return 0;
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 
-       return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
+       return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 }
 
 /**
@@ -584,7 +644,12 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
  */
 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
 {
-       return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
+       struct smk_audit_info ad;
+
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
+       smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
+       return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
 }
 
 /**
@@ -602,6 +667,7 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
                                const void *value, size_t size, int flags)
 {
+       struct smk_audit_info ad;
        int rc = 0;
 
        if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
@@ -619,8 +685,11 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
        } else
                rc = cap_inode_setxattr(dentry, name, value, size, flags);
 
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
+
        if (rc == 0)
-               rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
+               rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 
        return rc;
 }
@@ -672,7 +741,12 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
  */
 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
 {
-       return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
+       struct smk_audit_info ad;
+
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
+
+       return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
 }
 
 /*
@@ -686,6 +760,7 @@ static int smack_inode_getxattr(struct dentry *dentry, const char *name)
  */
 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
 {
+       struct smk_audit_info ad;
        int rc = 0;
 
        if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
@@ -696,8 +771,10 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
        } else
                rc = cap_inode_removexattr(dentry, name);
 
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
        if (rc == 0)
-               rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
+               rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 
        return rc;
 }
@@ -856,12 +933,16 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
                            unsigned long arg)
 {
        int rc = 0;
+       struct smk_audit_info ad;
+
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path(&ad, file->f_path);
 
        if (_IOC_DIR(cmd) & _IOC_WRITE)
-               rc = smk_curacc(file->f_security, MAY_WRITE);
+               rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
 
        if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
-               rc = smk_curacc(file->f_security, MAY_READ);
+               rc = smk_curacc(file->f_security, MAY_READ, &ad);
 
        return rc;
 }
@@ -875,7 +956,11 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
  */
 static int smack_file_lock(struct file *file, unsigned int cmd)
 {
-       return smk_curacc(file->f_security, MAY_WRITE);
+       struct smk_audit_info ad;
+
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry);
+       return smk_curacc(file->f_security, MAY_WRITE, &ad);
 }
 
 /**
@@ -889,8 +974,12 @@ static int smack_file_lock(struct file *file, unsigned int cmd)
 static int smack_file_fcntl(struct file *file, unsigned int cmd,
                            unsigned long arg)
 {
+       struct smk_audit_info ad;
        int rc;
 
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
+       smk_ad_setfield_u_fs_path(&ad, file->f_path);
+
        switch (cmd) {
        case F_DUPFD:
        case F_GETFD:
@@ -898,7 +987,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
        case F_GETLK:
        case F_GETOWN:
        case F_GETSIG:
-               rc = smk_curacc(file->f_security, MAY_READ);
+               rc = smk_curacc(file->f_security, MAY_READ, &ad);
                break;
        case F_SETFD:
        case F_SETFL:
@@ -906,10 +995,10 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
        case F_SETLKW:
        case F_SETOWN:
        case F_SETSIG:
-               rc = smk_curacc(file->f_security, MAY_WRITE);
+               rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
                break;
        default:
-               rc = smk_curacc(file->f_security, MAY_READWRITE);
+               rc = smk_curacc(file->f_security, MAY_READWRITE, &ad);
        }
 
        return rc;
@@ -944,14 +1033,21 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
 {
        struct file *file;
        int rc;
+       char *tsp = tsk->cred->security;
+       struct smk_audit_info ad;
 
        /*
         * struct fown_struct is never outside the context of a struct file
         */
        file = container_of(fown, struct file, f_owner);
-       rc = smk_access(file->f_security, tsk->cred->security, MAY_WRITE);
+       /* we don't log here as rc can be overriden */
+       rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);
        if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
-               return 0;
+               rc = 0;
+
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
+       smk_ad_setfield_u_tsk(&ad, tsk);
+       smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad);
        return rc;
 }
 
@@ -964,7 +1060,10 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
 static int smack_file_receive(struct file *file)
 {
        int may = 0;
+       struct smk_audit_info ad;
 
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
+       smk_ad_setfield_u_fs_path(&ad, file->f_path);
        /*
         * This code relies on bitmasks.
         */
@@ -973,7 +1072,7 @@ static int smack_file_receive(struct file *file)
        if (file->f_mode & FMODE_WRITE)
                may |= MAY_WRITE;
 
-       return smk_curacc(file->f_security, may);
+       return smk_curacc(file->f_security, may, &ad);
 }
 
 /*
@@ -1052,6 +1151,22 @@ static int smack_kernel_create_files_as(struct cred *new,
        return 0;
 }
 
+/**
+ * smk_curacc_on_task - helper to log task related access
+ * @p: the task object
+ * @access : the access requested
+ *
+ * Return 0 if access is permitted
+ */
+static int smk_curacc_on_task(struct task_struct *p, int access)
+{
+       struct smk_audit_info ad;
+
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
+       smk_ad_setfield_u_tsk(&ad, p);
+       return smk_curacc(task_security(p), access, &ad);
+}
+
 /**
  * smack_task_setpgid - Smack check on setting pgid
  * @p: the task object
@@ -1061,7 +1176,7 @@ static int smack_kernel_create_files_as(struct cred *new,
  */
 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
 {
-       return smk_curacc(task_security(p), MAY_WRITE);
+       return smk_curacc_on_task(p, MAY_WRITE);
 }
 
 /**
@@ -1072,7 +1187,7 @@ static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
  */
 static int smack_task_getpgid(struct task_struct *p)
 {
-       return smk_curacc(task_security(p), MAY_READ);
+       return smk_curacc_on_task(p, MAY_READ);
 }
 
 /**
@@ -1083,7 +1198,7 @@ static int smack_task_getpgid(struct task_struct *p)
  */
 static int smack_task_getsid(struct task_struct *p)
 {
-       return smk_curacc(task_security(p), MAY_READ);
+       return smk_curacc_on_task(p, MAY_READ);
 }
 
 /**
@@ -1111,7 +1226,7 @@ static int smack_task_setnice(struct task_struct *p, int nice)
 
        rc = cap_task_setnice(p, nice);
        if (rc == 0)
-               rc = smk_curacc(task_security(p), MAY_WRITE);
+               rc = smk_curacc_on_task(p, MAY_WRITE);
        return rc;
 }
 
@@ -1128,7 +1243,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio)
 
        rc = cap_task_setioprio(p, ioprio);
        if (rc == 0)
-               rc = smk_curacc(task_security(p), MAY_WRITE);
+               rc = smk_curacc_on_task(p, MAY_WRITE);
        return rc;
 }
 
@@ -1140,7 +1255,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio)
  */
 static int smack_task_getioprio(struct task_struct *p)
 {
-       return smk_curacc(task_security(p), MAY_READ);
+       return smk_curacc_on_task(p, MAY_READ);
 }
 
 /**
@@ -1158,7 +1273,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy,
 
        rc = cap_task_setscheduler(p, policy, lp);
        if (rc == 0)
-               rc = smk_curacc(task_security(p), MAY_WRITE);
+               rc = smk_curacc_on_task(p, MAY_WRITE);
        return rc;
 }
 
@@ -1170,7 +1285,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy,
  */
 static int smack_task_getscheduler(struct task_struct *p)
 {
-       return smk_curacc(task_security(p), MAY_READ);
+       return smk_curacc_on_task(p, MAY_READ);
 }
 
 /**
@@ -1181,7 +1296,7 @@ static int smack_task_getscheduler(struct task_struct *p)
  */
 static int smack_task_movememory(struct task_struct *p)
 {
-       return smk_curacc(task_security(p), MAY_WRITE);
+       return smk_curacc_on_task(p, MAY_WRITE);
 }
 
 /**
@@ -1199,18 +1314,23 @@ static int smack_task_movememory(struct task_struct *p)
 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
                           int sig, u32 secid)
 {
+       struct smk_audit_info ad;
+
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
+       smk_ad_setfield_u_tsk(&ad, p);
        /*
         * Sending a signal requires that the sender
         * can write the receiver.
         */
        if (secid == 0)
-               return smk_curacc(task_security(p), MAY_WRITE);
+               return smk_curacc(task_security(p), MAY_WRITE, &ad);
        /*
         * If the secid isn't 0 we're dealing with some USB IO
         * specific behavior. This is not clean. For one thing
         * we can't take privilege into account.
         */
-       return smk_access(smack_from_secid(secid), task_security(p), MAY_WRITE);
+       return smk_access(smack_from_secid(secid), task_security(p),
+                         MAY_WRITE, &ad);
 }
 
 /**
@@ -1221,11 +1341,15 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
  */
 static int smack_task_wait(struct task_struct *p)
 {
+       struct smk_audit_info ad;
+       char *sp = current_security();
+       char *tsp = task_security(p);
        int rc;
 
-       rc = smk_access(current_security(), task_security(p), MAY_WRITE);
+       /* we don't log here, we can be overriden */
+       rc = smk_access(sp, tsp, MAY_WRITE, NULL);
        if (rc == 0)
-               return 0;
+               goto out_log;
 
        /*
         * Allow the operation to succeed if either task
@@ -1239,8 +1363,12 @@ static int smack_task_wait(struct task_struct *p)
         * the smack value.
         */
        if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE))
-               return 0;
-
+               rc = 0;
+       /* we log only if we didn't get overriden */
+ out_log:
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
+       smk_ad_setfield_u_tsk(&ad, p);
+       smack_log(sp, tsp, MAY_WRITE, rc, &ad);
        return rc;
 }
 
@@ -1456,12 +1584,19 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
        int sk_lbl;
        char *hostsp;
        struct socket_smack *ssp = sk->sk_security;
+       struct smk_audit_info ad;
 
        rcu_read_lock();
        hostsp = smack_host_label(sap);
        if (hostsp != NULL) {
                sk_lbl = SMACK_UNLABELED_SOCKET;
-               rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE);
+#ifdef CONFIG_AUDIT
+               smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
+               ad.a.u.net.family = sap->sin_family;
+               ad.a.u.net.dport = sap->sin_port;
+               ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr;
+#endif
+               rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
        } else {
                sk_lbl = SMACK_CIPSO_SOCKET;
                rc = 0;
@@ -1656,6 +1791,25 @@ static void smack_shm_free_security(struct shmid_kernel *shp)
        isp->security = NULL;
 }
 
+/**
+ * smk_curacc_shm : check if current has access on shm
+ * @shp : the object
+ * @access : access requested
+ *
+ * Returns 0 if current has the requested access, error code otherwise
+ */
+static int smk_curacc_shm(struct shmid_kernel *shp, int access)
+{
+       char *ssp = smack_of_shm(shp);
+       struct smk_audit_info ad;
+
+#ifdef CONFIG_AUDIT
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
+       ad.a.u.ipc_id = shp->shm_perm.id;
+#endif
+       return smk_curacc(ssp, access, &ad);
+}
+
 /**
  * smack_shm_associate - Smack access check for shm
  * @shp: the object
@@ -1665,11 +1819,10 @@ static void smack_shm_free_security(struct shmid_kernel *shp)
  */
 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
 {
-       char *ssp = smack_of_shm(shp);
        int may;
 
        may = smack_flags_to_may(shmflg);
-       return smk_curacc(ssp, may);
+       return smk_curacc_shm(shp, may);
 }
 
 /**
@@ -1681,7 +1834,6 @@ static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
  */
 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
 {
-       char *ssp;
        int may;
 
        switch (cmd) {
@@ -1704,9 +1856,7 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
        default:
                return -EINVAL;
        }
-
-       ssp = smack_of_shm(shp);
-       return smk_curacc(ssp, may);
+       return smk_curacc_shm(shp, may);
 }
 
 /**
@@ -1720,11 +1870,10 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
                           int shmflg)
 {
-       char *ssp = smack_of_shm(shp);
        int may;
 
        may = smack_flags_to_may(shmflg);
-       return smk_curacc(ssp, may);
+       return smk_curacc_shm(shp, may);
 }
 
 /**
@@ -1765,6 +1914,25 @@ static void smack_sem_free_security(struct sem_array *sma)
        isp->security = NULL;
 }
 
+/**
+ * smk_curacc_sem : check if current has access on sem
+ * @sma : the object
+ * @access : access requested
+ *
+ * Returns 0 if current has the requested access, error code otherwise
+ */
+static int smk_curacc_sem(struct sem_array *sma, int access)
+{
+       char *ssp = smack_of_sem(sma);
+       struct smk_audit_info ad;
+
+#ifdef CONFIG_AUDIT
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
+       ad.a.u.ipc_id = sma->sem_perm.id;
+#endif
+       return smk_curacc(ssp, access, &ad);
+}
+
 /**
  * smack_sem_associate - Smack access check for sem
  * @sma: the object
@@ -1774,11 +1942,10 @@ static void smack_sem_free_security(struct sem_array *sma)
  */
 static int smack_sem_associate(struct sem_array *sma, int semflg)
 {
-       char *ssp = smack_of_sem(sma);
        int may;
 
        may = smack_flags_to_may(semflg);
-       return smk_curacc(ssp, may);
+       return smk_curacc_sem(sma, may);
 }
 
 /**
@@ -1790,7 +1957,6 @@ static int smack_sem_associate(struct sem_array *sma, int semflg)
  */
 static int smack_sem_semctl(struct sem_array *sma, int cmd)
 {
-       char *ssp;
        int may;
 
        switch (cmd) {
@@ -1819,8 +1985,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd)
                return -EINVAL;
        }
 
-       ssp = smack_of_sem(sma);
-       return smk_curacc(ssp, may);
+       return smk_curacc_sem(sma, may);
 }
 
 /**
@@ -1837,9 +2002,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd)
 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
                           unsigned nsops, int alter)
 {
-       char *ssp = smack_of_sem(sma);
-
-       return smk_curacc(ssp, MAY_READWRITE);
+       return smk_curacc_sem(sma, MAY_READWRITE);
 }
 
 /**
@@ -1880,6 +2043,25 @@ static char *smack_of_msq(struct msg_queue *msq)
        return (char *)msq->q_perm.security;
 }
 
+/**
+ * smk_curacc_msq : helper to check if current has access on msq
+ * @msq : the msq
+ * @access : access requested
+ *
+ * return 0 if current has access, error otherwise
+ */
+static int smk_curacc_msq(struct msg_queue *msq, int access)
+{
+       char *msp = smack_of_msq(msq);
+       struct smk_audit_info ad;
+
+#ifdef CONFIG_AUDIT
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
+       ad.a.u.ipc_id = msq->q_perm.id;
+#endif
+       return smk_curacc(msp, access, &ad);
+}
+
 /**
  * smack_msg_queue_associate - Smack access check for msg_queue
  * @msq: the object
@@ -1889,11 +2071,10 @@ static char *smack_of_msq(struct msg_queue *msq)
  */
 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
 {
-       char *msp = smack_of_msq(msq);
        int may;
 
        may = smack_flags_to_may(msqflg);
-       return smk_curacc(msp, may);
+       return smk_curacc_msq(msq, may);
 }
 
 /**
@@ -1905,7 +2086,6 @@ static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
  */
 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
 {
-       char *msp;
        int may;
 
        switch (cmd) {
@@ -1927,8 +2107,7 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
                return -EINVAL;
        }
 
-       msp = smack_of_msq(msq);
-       return smk_curacc(msp, may);
+       return smk_curacc_msq(msq, may);
 }
 
 /**
@@ -1942,11 +2121,10 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
                                  int msqflg)
 {
-       char *msp = smack_of_msq(msq);
-       int rc;
+       int may;
 
-       rc = smack_flags_to_may(msqflg);
-       return smk_curacc(msp, rc);
+       may = smack_flags_to_may(msqflg);
+       return smk_curacc_msq(msq, may);
 }
 
 /**
@@ -1962,9 +2140,7 @@ static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
                        struct task_struct *target, long type, int mode)
 {
-       char *msp = smack_of_msq(msq);
-
-       return smk_curacc(msp, MAY_READWRITE);
+       return smk_curacc_msq(msq, MAY_READWRITE);
 }
 
 /**
@@ -1977,10 +2153,14 @@ static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
 {
        char *isp = ipp->security;
-       int may;
+       int may = smack_flags_to_may(flag);
+       struct smk_audit_info ad;
 
-       may = smack_flags_to_may(flag);
-       return smk_curacc(isp, may);
+#ifdef CONFIG_AUDIT
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
+       ad.a.u.ipc_id = ipp->id;
+#endif
+       return smk_curacc(isp, may, &ad);
 }
 
 /**
@@ -2239,8 +2419,12 @@ static int smack_unix_stream_connect(struct socket *sock,
 {
        struct inode *sp = SOCK_INODE(sock);
        struct inode *op = SOCK_INODE(other);
+       struct smk_audit_info ad;
 
-       return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_READWRITE);
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
+       smk_ad_setfield_u_net_sk(&ad, other->sk);
+       return smk_access(smk_of_inode(sp), smk_of_inode(op),
+                                MAY_READWRITE, &ad);
 }
 
 /**
@@ -2255,8 +2439,11 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other)
 {
        struct inode *sp = SOCK_INODE(sock);
        struct inode *op = SOCK_INODE(other);
+       struct smk_audit_info ad;
 
-       return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE);
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
+       smk_ad_setfield_u_net_sk(&ad, other->sk);
+       return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE, &ad);
 }
 
 /**
@@ -2371,7 +2558,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
        char smack[SMK_LABELLEN];
        char *csp;
        int rc;
-
+       struct smk_audit_info ad;
        if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
                return 0;
 
@@ -2389,13 +2576,19 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 
        netlbl_secattr_destroy(&secattr);
 
+#ifdef CONFIG_AUDIT
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
+       ad.a.u.net.family = sk->sk_family;
+       ad.a.u.net.netif = skb->iif;
+       ipv4_skb_to_auditdata(skb, &ad.a, NULL);
+#endif
        /*
         * Receiving a packet requires that the other end
         * be able to write here. Read access is not required.
         * This is the simplist possible security model
         * for networking.
         */
-       rc = smk_access(csp, ssp->smk_in, MAY_WRITE);
+       rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad);
        if (rc != 0)
                netlbl_skbuff_err(skb, rc, 0);
        return rc;
@@ -2524,6 +2717,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
        struct iphdr *hdr;
        char smack[SMK_LABELLEN];
        int rc;
+       struct smk_audit_info ad;
 
        /* handle mapped IPv4 packets arriving via IPv6 sockets */
        if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
@@ -2537,11 +2731,17 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
                strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN);
        netlbl_secattr_destroy(&secattr);
 
+#ifdef CONFIG_AUDIT
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
+       ad.a.u.net.family = family;
+       ad.a.u.net.netif = skb->iif;
+       ipv4_skb_to_auditdata(skb, &ad.a, NULL);
+#endif
        /*
         * Receiving a packet requires that the other end be able to write
         * here. Read access is not required.
         */
-       rc = smk_access(smack, ssp->smk_in, MAY_WRITE);
+       rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad);
        if (rc != 0)
                return rc;
 
@@ -2643,6 +2843,7 @@ static int smack_key_permission(key_ref_t key_ref,
                                const struct cred *cred, key_perm_t perm)
 {
        struct key *keyp;
+       struct smk_audit_info ad;
 
        keyp = key_ref_to_ptr(key_ref);
        if (keyp == NULL)
@@ -2658,8 +2859,13 @@ static int smack_key_permission(key_ref_t key_ref,
         */
        if (cred->security == NULL)
                return -EACCES;
-
-       return smk_access(cred->security, keyp->security, MAY_READWRITE);
+#ifdef CONFIG_AUDIT
+       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
+       ad.a.u.key_struct.key = keyp->serial;
+       ad.a.u.key_struct.key_desc = keyp->description;
+#endif
+       return smk_access(cred->security, keyp->security,
+                                MAY_READWRITE, &ad);
 }
 #endif /* CONFIG_KEYS */
 

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index e03a7e19c73b3a0b49d7533db45ecb719d250f30..904af3483286f7bfeb676debb03eadba01f75e4f 100644 (file)
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -41,6 +41,7 @@ enum smk_inos {
        SMK_AMBIENT     = 7,    /* internet ambient label */
        SMK_NETLBLADDR  = 8,    /* single label hosts */
        SMK_ONLYCAP     = 9,    /* the only "capable" label */
+       SMK_LOGGING     = 10,   /* logging */
 };
 
 /*
@@ -1191,6 +1192,69 @@ static const struct file_operations smk_onlycap_ops = {
        .write          = smk_write_onlycap,
 };
 
+/**
+ * smk_read_logging - read() for /smack/logging
+ * @filp: file pointer, not actually used
+ * @buf: where to put the result
+ * @cn: maximum to send along
+ * @ppos: where to start
+ *
+ * Returns number of bytes read or error code, as appropriate
+ */
+static ssize_t smk_read_logging(struct file *filp, char __user *buf,
+                               size_t count, loff_t *ppos)
+{
+       char temp[32];
+       ssize_t rc;
+
+       if (*ppos != 0)
+               return 0;
+
+       sprintf(temp, "%d\n", log_policy);
+       rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
+       return rc;
+}
+
+/**
+ * smk_write_logging - write() for /smack/logging
+ * @file: file pointer, not actually used
+ * @buf: where to get the data from
+ * @count: bytes sent
+ * @ppos: where to start
+ *
+ * Returns number of bytes written or error code, as appropriate
+ */
+static ssize_t smk_write_logging(struct file *file, const char __user *buf,
+                               size_t count, loff_t *ppos)
+{
+       char temp[32];
+       int i;
+
+       if (!capable(CAP_MAC_ADMIN))
+               return -EPERM;
+
+       if (count >= sizeof(temp) || count == 0)
+               return -EINVAL;
+
+       if (copy_from_user(temp, buf, count) != 0)
+               return -EFAULT;
+
+       temp[count] = '\0';
+
+       if (sscanf(temp, "%d", &i) != 1)
+               return -EINVAL;
+       if (i < 0 || i > 3)
+               return -EINVAL;
+       log_policy = i;
+       return count;
+}
+
+
+
+static const struct file_operations smk_logging_ops = {
+       .read           = smk_read_logging,
+       .write          = smk_write_logging,
+};
 /**
  * smk_fill_super - fill the /smackfs superblock
  * @sb: the empty superblock
@@ -1221,6 +1285,8 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
                        {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR},
                [SMK_ONLYCAP]   =
                        {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
+               [SMK_LOGGING]   =
+                       {"logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
                /* last one */ {""}
        };