2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, version 2.
9 * Casey Schaufler <casey@schaufler-ca.com>
10 * Ahmed S. Darwish <darwish.07@gmail.com>
12 * Special thanks to the authors of selinuxfs.
14 * Karl MacMillan <kmacmillan@tresys.com>
15 * James Morris <jmorris@redhat.com>
19 #include <linux/kernel.h>
20 #include <linux/vmalloc.h>
21 #include <linux/security.h>
22 #include <linux/mutex.h>
23 #include <linux/slab.h>
24 #include <net/net_namespace.h>
25 #include <net/netlabel.h>
26 #include <net/cipso_ipv4.h>
27 #include <linux/seq_file.h>
28 #include <linux/ctype.h>
29 #include <linux/audit.h>
33 * smackfs pseudo filesystem.
38 SMK_LOAD = 3, /* load policy */
39 SMK_CIPSO = 4, /* load label -> CIPSO mapping */
40 SMK_DOI = 5, /* CIPSO DOI */
41 SMK_DIRECT = 6, /* CIPSO level indicating direct label */
42 SMK_AMBIENT = 7, /* internet ambient label */
43 SMK_NETLBLADDR = 8, /* single label hosts */
44 SMK_ONLYCAP = 9, /* the only "capable" label */
45 SMK_LOGGING = 10, /* logging */
46 SMK_LOAD_SELF = 11, /* task specific rules */
47 SMK_ACCESSES = 12, /* access policy */
53 static DEFINE_MUTEX(smack_list_lock);
54 static DEFINE_MUTEX(smack_cipso_lock);
55 static DEFINE_MUTEX(smack_ambient_lock);
56 static DEFINE_MUTEX(smk_netlbladdr_lock);
59 * This is the "ambient" label for network traffic.
60 * If it isn't somehow marked, use this.
61 * It can be reset via smackfs/ambient
63 char *smack_net_ambient = smack_known_floor.smk_known;
66 * This is the level in a CIPSO header that indicates a
67 * smack label is contained directly in the category set.
68 * It can be reset via smackfs/direct
70 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
73 * Unless a process is running with this label even
74 * having CAP_MAC_OVERRIDE isn't enough to grant
75 * privilege to violate MAC policy. If no label is
76 * designated (the NULL case) capabilities apply to
77 * everyone. It is expected that the hat (^) label
78 * will be used if any label is used.
83 * Certain IP addresses may be designated as single label hosts.
84 * Packets are sent there unlabeled, but only from tasks that
85 * can write to the specified label.
88 LIST_HEAD(smk_netlbladdr_list);
91 * Rule lists are maintained for each label.
92 * This master list is just for reading /smack/load.
94 struct smack_master_list {
95 struct list_head list;
96 struct smack_rule *smk_rule;
99 LIST_HEAD(smack_rule_list);
101 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
103 const char *smack_cipso_option = SMACK_CIPSO_OPTION;
106 #define SEQ_READ_FINISHED ((loff_t)-1)
109 * Values for parsing cipso rules
110 * SMK_DIGITLEN: Length of a digit field in a rule.
111 * SMK_CIPSOMIN: Minimum possible cipso rule length.
112 * SMK_CIPSOMAX: Maximum possible cipso rule length.
114 #define SMK_DIGITLEN 4
115 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
116 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
119 * Values for parsing MAC rules
120 * SMK_ACCESS: Maximum possible combination of access permissions
121 * SMK_ACCESSLEN: Maximum length for a rule access field
122 * SMK_LOADLEN: Smack rule length
124 #define SMK_OACCESS "rwxa"
125 #define SMK_ACCESS "rwxat"
126 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1)
127 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
128 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
129 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
132 * smk_netlabel_audit_set - fill a netlbl_audit struct
133 * @nap: structure to fill
135 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
137 nap->loginuid = audit_get_loginuid(current);
138 nap->sessionid = audit_get_sessionid(current);
139 nap->secid = smack_to_secid(smk_of_current());
143 * Values for parsing single label host rules
145 * "192.168.138.129/32 abcdefghijklmnopqrstuvw"
147 #define SMK_NETLBLADDRMIN 9
148 #define SMK_NETLBLADDRMAX 42
151 * smk_set_access - add a rule to the rule list
152 * @srp: the new rule to add
153 * @rule_list: the list of rules
154 * @rule_lock: the rule list lock
156 * Looks through the current subject/object/access list for
157 * the subject/object pair and replaces the access that was
158 * there. If the pair isn't found add it with the specified
161 * Returns 1 if a rule was found to exist already, 0 if it is new
162 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
163 * during the allocation of the new pair to add.
165 static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list,
166 struct mutex *rule_lock)
168 struct smack_rule *sp;
171 mutex_lock(rule_lock);
174 * Because the object label is less likely to match
175 * than the subject label check it first
177 list_for_each_entry_rcu(sp, rule_list, list) {
178 if (sp->smk_object == srp->smk_object &&
179 sp->smk_subject == srp->smk_subject) {
181 sp->smk_access = srp->smk_access;
186 list_add_rcu(&srp->list, rule_list);
188 mutex_unlock(rule_lock);
194 * smk_parse_rule - parse subject, object and access type
195 * @data: string to be parsed whose size is SMK_LOADLEN
196 * @rule: parsed entities are stored in here
198 static int smk_parse_rule(const char *data, struct smack_rule *rule)
200 rule->smk_subject = smk_import(data, 0);
201 if (rule->smk_subject == NULL)
204 rule->smk_object = smk_import(data + SMK_LABELLEN, 0);
205 if (rule->smk_object == NULL)
208 rule->smk_access = 0;
210 switch (data[SMK_LABELLEN + SMK_LABELLEN]) {
215 rule->smk_access |= MAY_READ;
221 switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) {
226 rule->smk_access |= MAY_WRITE;
232 switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) {
237 rule->smk_access |= MAY_EXEC;
243 switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) {
248 rule->smk_access |= MAY_APPEND;
254 switch (data[SMK_LABELLEN + SMK_LABELLEN + 4]) {
259 rule->smk_access |= MAY_TRANSMUTE;
269 * smk_write_load_list - write() for any /smack/load
270 * @file: file pointer, not actually used
271 * @buf: where to get the data from
273 * @ppos: where to start - must be 0
274 * @rule_list: the list of rules to write to
275 * @rule_lock: lock for the rule list
277 * Get one smack access rule from above.
278 * The format is exactly:
279 * char subject[SMK_LABELLEN]
280 * char object[SMK_LABELLEN]
281 * char access[SMK_ACCESSLEN]
283 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes.
285 static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
286 size_t count, loff_t *ppos,
287 struct list_head *rule_list,
288 struct mutex *rule_lock)
290 struct smack_master_list *smlp;
291 struct smack_known *skp;
292 struct smack_rule *rule;
299 * Enough data must be present.
304 * Minor hack for backward compatibility
306 if (count < (SMK_OLOADLEN) || count > SMK_LOADLEN)
309 data = kzalloc(SMK_LOADLEN, GFP_KERNEL);
313 if (copy_from_user(data, buf, count) != 0) {
319 * More on the minor hack for backward compatibility
321 if (count == (SMK_OLOADLEN))
322 data[SMK_OLOADLEN] = '-';
324 rule = kzalloc(sizeof(*rule), GFP_KERNEL);
330 if (smk_parse_rule(data, rule))
333 if (rule_list == NULL) {
335 skp = smk_find_entry(rule->smk_subject);
336 rule_list = &skp->smk_rules;
337 rule_lock = &skp->smk_rules_lock;
342 * smk_set_access returns true if there was already a rule
343 * for the subject/object pair, and false if it was new.
345 if (!smk_set_access(rule, rule_list, rule_lock)) {
346 smlp = kzalloc(sizeof(*smlp), GFP_KERNEL);
348 smlp->smk_rule = rule;
349 list_add_rcu(&smlp->list, &smack_rule_list);
364 * Seq_file read operations for /smack/load
367 static void *load_seq_start(struct seq_file *s, loff_t *pos)
369 struct list_head *list;
372 * This is 0 the first time through.
375 s->private = &smack_rule_list;
377 if (s->private == NULL)
381 if (list_empty(list))
389 static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos)
391 struct list_head *list = v;
393 if (list_is_last(list, &smack_rule_list)) {
397 s->private = list->next;
401 static int load_seq_show(struct seq_file *s, void *v)
403 struct list_head *list = v;
404 struct smack_master_list *smlp =
405 list_entry(list, struct smack_master_list, list);
406 struct smack_rule *srp = smlp->smk_rule;
408 seq_printf(s, "%s %s", (char *)srp->smk_subject,
409 (char *)srp->smk_object);
413 if (srp->smk_access & MAY_READ)
415 if (srp->smk_access & MAY_WRITE)
417 if (srp->smk_access & MAY_EXEC)
419 if (srp->smk_access & MAY_APPEND)
421 if (srp->smk_access & MAY_TRANSMUTE)
423 if (srp->smk_access == 0)
431 static void load_seq_stop(struct seq_file *s, void *v)
436 static const struct seq_operations load_seq_ops = {
437 .start = load_seq_start,
438 .next = load_seq_next,
439 .show = load_seq_show,
440 .stop = load_seq_stop,
444 * smk_open_load - open() for /smack/load
445 * @inode: inode structure representing file
446 * @file: "load" file pointer
448 * For reading, use load_seq_* seq_file reading operations.
450 static int smk_open_load(struct inode *inode, struct file *file)
452 return seq_open(file, &load_seq_ops);
456 * smk_write_load - write() for /smack/load
457 * @file: file pointer, not actually used
458 * @buf: where to get the data from
460 * @ppos: where to start - must be 0
463 static ssize_t smk_write_load(struct file *file, const char __user *buf,
464 size_t count, loff_t *ppos)
468 * Must have privilege.
470 * Enough data must be present.
472 if (!capable(CAP_MAC_ADMIN))
475 return smk_write_load_list(file, buf, count, ppos, NULL, NULL);
478 static const struct file_operations smk_load_ops = {
479 .open = smk_open_load,
482 .write = smk_write_load,
483 .release = seq_release,
487 * smk_cipso_doi - initialize the CIPSO domain
489 static void smk_cipso_doi(void)
492 struct cipso_v4_doi *doip;
493 struct netlbl_audit nai;
495 smk_netlabel_audit_set(&nai);
497 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
499 printk(KERN_WARNING "%s:%d remove rc = %d\n",
500 __func__, __LINE__, rc);
502 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
504 panic("smack: Failed to initialize cipso DOI.\n");
505 doip->map.std = NULL;
506 doip->doi = smk_cipso_doi_value;
507 doip->type = CIPSO_V4_MAP_PASS;
508 doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
509 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
510 doip->tags[rc] = CIPSO_V4_TAG_INVALID;
512 rc = netlbl_cfg_cipsov4_add(doip, &nai);
514 printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
515 __func__, __LINE__, rc);
519 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
521 printk(KERN_WARNING "%s:%d map add rc = %d\n",
522 __func__, __LINE__, rc);
529 * smk_unlbl_ambient - initialize the unlabeled domain
530 * @oldambient: previous domain string
532 static void smk_unlbl_ambient(char *oldambient)
535 struct netlbl_audit nai;
537 smk_netlabel_audit_set(&nai);
539 if (oldambient != NULL) {
540 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
542 printk(KERN_WARNING "%s:%d remove rc = %d\n",
543 __func__, __LINE__, rc);
546 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient, PF_INET,
549 printk(KERN_WARNING "%s:%d add rc = %d\n",
550 __func__, __LINE__, rc);
554 * Seq_file read operations for /smack/cipso
557 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
559 if (*pos == SEQ_READ_FINISHED)
561 if (list_empty(&smack_known_list))
564 return smack_known_list.next;
567 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
569 struct list_head *list = v;
572 * labels with no associated cipso value wont be printed
575 if (list_is_last(list, &smack_known_list)) {
576 *pos = SEQ_READ_FINISHED;
584 * Print cipso labels in format:
585 * label level[/cat[,cat]]
587 static int cipso_seq_show(struct seq_file *s, void *v)
589 struct list_head *list = v;
590 struct smack_known *skp =
591 list_entry(list, struct smack_known, list);
592 struct smack_cipso *scp = skp->smk_cipso;
602 seq_printf(s, "%s %3d", (char *)&skp->smk_known, scp->smk_level);
604 cbp = scp->smk_catset;
605 for (i = 0; i < SMK_LABELLEN; i++)
606 for (m = 0x80; m != 0; m >>= 1) {
608 seq_printf(s, "%c%d", sep, cat);
619 static void cipso_seq_stop(struct seq_file *s, void *v)
624 static const struct seq_operations cipso_seq_ops = {
625 .start = cipso_seq_start,
626 .stop = cipso_seq_stop,
627 .next = cipso_seq_next,
628 .show = cipso_seq_show,
632 * smk_open_cipso - open() for /smack/cipso
633 * @inode: inode structure representing file
634 * @file: "cipso" file pointer
636 * Connect our cipso_seq_* operations with /smack/cipso
639 static int smk_open_cipso(struct inode *inode, struct file *file)
641 return seq_open(file, &cipso_seq_ops);
645 * smk_write_cipso - write() for /smack/cipso
646 * @file: file pointer, not actually used
647 * @buf: where to get the data from
649 * @ppos: where to start
651 * Accepts only one cipso rule per write call.
652 * Returns number of bytes written or error code, as appropriate
654 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
655 size_t count, loff_t *ppos)
657 struct smack_known *skp;
658 struct smack_cipso *scp = NULL;
659 char mapcatset[SMK_LABELLEN];
663 ssize_t rc = -EINVAL;
670 * Must have privilege.
672 * Enough data must be present.
674 if (!capable(CAP_MAC_ADMIN))
678 if (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX)
681 data = kzalloc(count + 1, GFP_KERNEL);
685 if (copy_from_user(data, buf, count) != 0) {
690 /* labels cannot begin with a '-' */
691 if (data[0] == '-') {
698 * Only allow one writer at a time. Writes should be
699 * quite rare and small in any case.
701 mutex_lock(&smack_cipso_lock);
703 skp = smk_import_entry(rule, 0);
707 rule += SMK_LABELLEN;
708 ret = sscanf(rule, "%d", &maplevel);
709 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
712 rule += SMK_DIGITLEN;
713 ret = sscanf(rule, "%d", &catlen);
714 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
717 if (count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
720 memset(mapcatset, 0, sizeof(mapcatset));
722 for (i = 0; i < catlen; i++) {
723 rule += SMK_DIGITLEN;
724 ret = sscanf(rule, "%d", &cat);
725 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL)
728 smack_catset_bit(cat, mapcatset);
731 if (skp->smk_cipso == NULL) {
732 scp = kzalloc(sizeof(struct smack_cipso), GFP_KERNEL);
739 spin_lock_bh(&skp->smk_cipsolock);
742 scp = skp->smk_cipso;
744 skp->smk_cipso = scp;
746 scp->smk_level = maplevel;
747 memcpy(scp->smk_catset, mapcatset, sizeof(mapcatset));
749 spin_unlock_bh(&skp->smk_cipsolock);
753 mutex_unlock(&smack_cipso_lock);
759 static const struct file_operations smk_cipso_ops = {
760 .open = smk_open_cipso,
763 .write = smk_write_cipso,
764 .release = seq_release,
768 * Seq_file read operations for /smack/netlabel
771 static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos)
773 if (*pos == SEQ_READ_FINISHED)
775 if (list_empty(&smk_netlbladdr_list))
777 return smk_netlbladdr_list.next;
780 static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos)
782 struct list_head *list = v;
784 if (list_is_last(list, &smk_netlbladdr_list)) {
785 *pos = SEQ_READ_FINISHED;
791 #define BEBITS (sizeof(__be32) * 8)
794 * Print host/label pairs
796 static int netlbladdr_seq_show(struct seq_file *s, void *v)
798 struct list_head *list = v;
799 struct smk_netlbladdr *skp =
800 list_entry(list, struct smk_netlbladdr, list);
801 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr;
803 u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr);
805 for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++);
807 seq_printf(s, "%u.%u.%u.%u/%d %s\n",
808 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label);
813 static void netlbladdr_seq_stop(struct seq_file *s, void *v)
818 static const struct seq_operations netlbladdr_seq_ops = {
819 .start = netlbladdr_seq_start,
820 .stop = netlbladdr_seq_stop,
821 .next = netlbladdr_seq_next,
822 .show = netlbladdr_seq_show,
826 * smk_open_netlbladdr - open() for /smack/netlabel
827 * @inode: inode structure representing file
828 * @file: "netlabel" file pointer
830 * Connect our netlbladdr_seq_* operations with /smack/netlabel
833 static int smk_open_netlbladdr(struct inode *inode, struct file *file)
835 return seq_open(file, &netlbladdr_seq_ops);
839 * smk_netlbladdr_insert
840 * @new : netlabel to insert
842 * This helper insert netlabel in the smack_netlbladdrs list
843 * sorted by netmask length (longest to smallest)
844 * locked by &smk_netlbladdr_lock in smk_write_netlbladdr
847 static void smk_netlbladdr_insert(struct smk_netlbladdr *new)
849 struct smk_netlbladdr *m, *m_next;
851 if (list_empty(&smk_netlbladdr_list)) {
852 list_add_rcu(&new->list, &smk_netlbladdr_list);
856 m = list_entry_rcu(smk_netlbladdr_list.next,
857 struct smk_netlbladdr, list);
859 /* the comparison '>' is a bit hacky, but works */
860 if (new->smk_mask.s_addr > m->smk_mask.s_addr) {
861 list_add_rcu(&new->list, &smk_netlbladdr_list);
865 list_for_each_entry_rcu(m, &smk_netlbladdr_list, list) {
866 if (list_is_last(&m->list, &smk_netlbladdr_list)) {
867 list_add_rcu(&new->list, &m->list);
870 m_next = list_entry_rcu(m->list.next,
871 struct smk_netlbladdr, list);
872 if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) {
873 list_add_rcu(&new->list, &m->list);
881 * smk_write_netlbladdr - write() for /smack/netlabel
882 * @file: file pointer, not actually used
883 * @buf: where to get the data from
885 * @ppos: where to start
887 * Accepts only one netlbladdr per write call.
888 * Returns number of bytes written or error code, as appropriate
890 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
891 size_t count, loff_t *ppos)
893 struct smk_netlbladdr *skp;
894 struct sockaddr_in newname;
895 char smack[SMK_LABELLEN];
897 char data[SMK_NETLBLADDRMAX + 1];
898 char *host = (char *)&newname.sin_addr.s_addr;
900 struct netlbl_audit audit_info;
904 u32 mask_bits = (1<<31);
909 * Must have privilege.
911 * Enough data must be present.
912 * "<addr/mask, as a.b.c.d/e><space><label>"
913 * "<addr, as a.b.c.d><space><label>"
915 if (!capable(CAP_MAC_ADMIN))
919 if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX)
921 if (copy_from_user(data, buf, count) != 0)
926 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%d %s",
927 &host[0], &host[1], &host[2], &host[3], &m, smack);
929 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
930 &host[0], &host[1], &host[2], &host[3], smack);
938 /* if smack begins with '-', its an option, don't import it */
939 if (smack[0] != '-') {
940 sp = smk_import(smack, 0);
944 /* check known options */
945 if (strcmp(smack, smack_cipso_option) == 0)
946 sp = (char *)smack_cipso_option;
951 for (temp_mask = 0; m > 0; m--) {
952 temp_mask |= mask_bits;
955 mask.s_addr = cpu_to_be32(temp_mask);
957 newname.sin_addr.s_addr &= mask.s_addr;
959 * Only allow one writer at a time. Writes should be
960 * quite rare and small in any case.
962 mutex_lock(&smk_netlbladdr_lock);
964 nsa = newname.sin_addr.s_addr;
965 /* try to find if the prefix is already in the list */
967 list_for_each_entry_rcu(skp, &smk_netlbladdr_list, list) {
968 if (skp->smk_host.sin_addr.s_addr == nsa &&
969 skp->smk_mask.s_addr == mask.s_addr) {
974 smk_netlabel_audit_set(&audit_info);
977 skp = kzalloc(sizeof(*skp), GFP_KERNEL);
982 skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr;
983 skp->smk_mask.s_addr = mask.s_addr;
985 smk_netlbladdr_insert(skp);
988 /* we delete the unlabeled entry, only if the previous label
989 * wasn't the special CIPSO option */
990 if (skp->smk_label != smack_cipso_option)
991 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
992 &skp->smk_host.sin_addr, &skp->smk_mask,
993 PF_INET, &audit_info);
1000 * Now tell netlabel about the single label nature of
1001 * this host so that incoming packets get labeled.
1002 * but only if we didn't get the special CIPSO option
1004 if (rc == 0 && sp != smack_cipso_option)
1005 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1006 &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET,
1007 smack_to_secid(skp->smk_label), &audit_info);
1012 mutex_unlock(&smk_netlbladdr_lock);
1017 static const struct file_operations smk_netlbladdr_ops = {
1018 .open = smk_open_netlbladdr,
1020 .llseek = seq_lseek,
1021 .write = smk_write_netlbladdr,
1022 .release = seq_release,
1026 * smk_read_doi - read() for /smack/doi
1027 * @filp: file pointer, not actually used
1028 * @buf: where to put the result
1029 * @count: maximum to send along
1030 * @ppos: where to start
1032 * Returns number of bytes read or error code, as appropriate
1034 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1035 size_t count, loff_t *ppos)
1043 sprintf(temp, "%d", smk_cipso_doi_value);
1044 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1050 * smk_write_doi - write() for /smack/doi
1051 * @file: file pointer, not actually used
1052 * @buf: where to get the data from
1053 * @count: bytes sent
1054 * @ppos: where to start
1056 * Returns number of bytes written or error code, as appropriate
1058 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1059 size_t count, loff_t *ppos)
1064 if (!capable(CAP_MAC_ADMIN))
1067 if (count >= sizeof(temp) || count == 0)
1070 if (copy_from_user(temp, buf, count) != 0)
1075 if (sscanf(temp, "%d", &i) != 1)
1078 smk_cipso_doi_value = i;
1085 static const struct file_operations smk_doi_ops = {
1086 .read = smk_read_doi,
1087 .write = smk_write_doi,
1088 .llseek = default_llseek,
1092 * smk_read_direct - read() for /smack/direct
1093 * @filp: file pointer, not actually used
1094 * @buf: where to put the result
1095 * @count: maximum to send along
1096 * @ppos: where to start
1098 * Returns number of bytes read or error code, as appropriate
1100 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1101 size_t count, loff_t *ppos)
1109 sprintf(temp, "%d", smack_cipso_direct);
1110 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1116 * smk_write_direct - write() for /smack/direct
1117 * @file: file pointer, not actually used
1118 * @buf: where to get the data from
1119 * @count: bytes sent
1120 * @ppos: where to start
1122 * Returns number of bytes written or error code, as appropriate
1124 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1125 size_t count, loff_t *ppos)
1130 if (!capable(CAP_MAC_ADMIN))
1133 if (count >= sizeof(temp) || count == 0)
1136 if (copy_from_user(temp, buf, count) != 0)
1141 if (sscanf(temp, "%d", &i) != 1)
1144 smack_cipso_direct = i;
1149 static const struct file_operations smk_direct_ops = {
1150 .read = smk_read_direct,
1151 .write = smk_write_direct,
1152 .llseek = default_llseek,
1156 * smk_read_ambient - read() for /smack/ambient
1157 * @filp: file pointer, not actually used
1158 * @buf: where to put the result
1159 * @cn: maximum to send along
1160 * @ppos: where to start
1162 * Returns number of bytes read or error code, as appropriate
1164 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1165 size_t cn, loff_t *ppos)
1173 * Being careful to avoid a problem in the case where
1174 * smack_net_ambient gets changed in midstream.
1176 mutex_lock(&smack_ambient_lock);
1178 asize = strlen(smack_net_ambient) + 1;
1181 rc = simple_read_from_buffer(buf, cn, ppos,
1182 smack_net_ambient, asize);
1186 mutex_unlock(&smack_ambient_lock);
1192 * smk_write_ambient - write() for /smack/ambient
1193 * @file: file pointer, not actually used
1194 * @buf: where to get the data from
1195 * @count: bytes sent
1196 * @ppos: where to start
1198 * Returns number of bytes written or error code, as appropriate
1200 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1201 size_t count, loff_t *ppos)
1203 char in[SMK_LABELLEN];
1207 if (!capable(CAP_MAC_ADMIN))
1210 if (count >= SMK_LABELLEN)
1213 if (copy_from_user(in, buf, count) != 0)
1216 smack = smk_import(in, count);
1220 mutex_lock(&smack_ambient_lock);
1222 oldambient = smack_net_ambient;
1223 smack_net_ambient = smack;
1224 smk_unlbl_ambient(oldambient);
1226 mutex_unlock(&smack_ambient_lock);
1231 static const struct file_operations smk_ambient_ops = {
1232 .read = smk_read_ambient,
1233 .write = smk_write_ambient,
1234 .llseek = default_llseek,
1238 * smk_read_onlycap - read() for /smack/onlycap
1239 * @filp: file pointer, not actually used
1240 * @buf: where to put the result
1241 * @cn: maximum to send along
1242 * @ppos: where to start
1244 * Returns number of bytes read or error code, as appropriate
1246 static ssize_t smk_read_onlycap(struct file *filp, char __user *buf,
1247 size_t cn, loff_t *ppos)
1250 ssize_t rc = -EINVAL;
1256 if (smack_onlycap != NULL)
1257 smack = smack_onlycap;
1259 asize = strlen(smack) + 1;
1262 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
1268 * smk_write_onlycap - write() for /smack/onlycap
1269 * @file: file pointer, not actually used
1270 * @buf: where to get the data from
1271 * @count: bytes sent
1272 * @ppos: where to start
1274 * Returns number of bytes written or error code, as appropriate
1276 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
1277 size_t count, loff_t *ppos)
1279 char in[SMK_LABELLEN];
1280 char *sp = smk_of_task(current->cred->security);
1282 if (!capable(CAP_MAC_ADMIN))
1286 * This can be done using smk_access() but is done
1287 * explicitly for clarity. The smk_access() implementation
1288 * would use smk_access(smack_onlycap, MAY_WRITE)
1290 if (smack_onlycap != NULL && smack_onlycap != sp)
1293 if (count >= SMK_LABELLEN)
1296 if (copy_from_user(in, buf, count) != 0)
1300 * Should the null string be passed in unset the onlycap value.
1301 * This seems like something to be careful with as usually
1302 * smk_import only expects to return NULL for errors. It
1303 * is usually the case that a nullstring or "\n" would be
1304 * bad to pass to smk_import but in fact this is useful here.
1306 smack_onlycap = smk_import(in, count);
1311 static const struct file_operations smk_onlycap_ops = {
1312 .read = smk_read_onlycap,
1313 .write = smk_write_onlycap,
1314 .llseek = default_llseek,
1318 * smk_read_logging - read() for /smack/logging
1319 * @filp: file pointer, not actually used
1320 * @buf: where to put the result
1321 * @cn: maximum to send along
1322 * @ppos: where to start
1324 * Returns number of bytes read or error code, as appropriate
1326 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
1327 size_t count, loff_t *ppos)
1335 sprintf(temp, "%d\n", log_policy);
1336 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1341 * smk_write_logging - write() for /smack/logging
1342 * @file: file pointer, not actually used
1343 * @buf: where to get the data from
1344 * @count: bytes sent
1345 * @ppos: where to start
1347 * Returns number of bytes written or error code, as appropriate
1349 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
1350 size_t count, loff_t *ppos)
1355 if (!capable(CAP_MAC_ADMIN))
1358 if (count >= sizeof(temp) || count == 0)
1361 if (copy_from_user(temp, buf, count) != 0)
1366 if (sscanf(temp, "%d", &i) != 1)
1376 static const struct file_operations smk_logging_ops = {
1377 .read = smk_read_logging,
1378 .write = smk_write_logging,
1379 .llseek = default_llseek,
1383 * Seq_file read operations for /smack/load-self
1386 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
1388 struct task_smack *tsp = current_security();
1390 if (*pos == SEQ_READ_FINISHED)
1392 if (list_empty(&tsp->smk_rules))
1394 return tsp->smk_rules.next;
1397 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
1399 struct task_smack *tsp = current_security();
1400 struct list_head *list = v;
1402 if (list_is_last(list, &tsp->smk_rules)) {
1403 *pos = SEQ_READ_FINISHED;
1409 static int load_self_seq_show(struct seq_file *s, void *v)
1411 struct list_head *list = v;
1412 struct smack_rule *srp =
1413 list_entry(list, struct smack_rule, list);
1415 seq_printf(s, "%s %s", (char *)srp->smk_subject,
1416 (char *)srp->smk_object);
1420 if (srp->smk_access & MAY_READ)
1422 if (srp->smk_access & MAY_WRITE)
1424 if (srp->smk_access & MAY_EXEC)
1426 if (srp->smk_access & MAY_APPEND)
1428 if (srp->smk_access & MAY_TRANSMUTE)
1430 if (srp->smk_access == 0)
1438 static void load_self_seq_stop(struct seq_file *s, void *v)
1443 static const struct seq_operations load_self_seq_ops = {
1444 .start = load_self_seq_start,
1445 .next = load_self_seq_next,
1446 .show = load_self_seq_show,
1447 .stop = load_self_seq_stop,
1452 * smk_open_load_self - open() for /smack/load-self
1453 * @inode: inode structure representing file
1454 * @file: "load" file pointer
1456 * For reading, use load_seq_* seq_file reading operations.
1458 static int smk_open_load_self(struct inode *inode, struct file *file)
1460 return seq_open(file, &load_self_seq_ops);
1464 * smk_write_load_self - write() for /smack/load-self
1465 * @file: file pointer, not actually used
1466 * @buf: where to get the data from
1467 * @count: bytes sent
1468 * @ppos: where to start - must be 0
1471 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
1472 size_t count, loff_t *ppos)
1474 struct task_smack *tsp = current_security();
1476 return smk_write_load_list(file, buf, count, ppos, &tsp->smk_rules,
1477 &tsp->smk_rules_lock);
1480 static const struct file_operations smk_load_self_ops = {
1481 .open = smk_open_load_self,
1483 .llseek = seq_lseek,
1484 .write = smk_write_load_self,
1485 .release = seq_release,
1489 * smk_write_access - handle access check transaction
1490 * @file: file pointer
1491 * @buf: data from user space
1492 * @count: bytes sent
1493 * @ppos: where to start - must be 0
1495 static ssize_t smk_write_access(struct file *file, const char __user *buf,
1496 size_t count, loff_t *ppos)
1498 struct smack_rule rule;
1502 if (!capable(CAP_MAC_ADMIN))
1505 data = simple_transaction_get(file, buf, count);
1507 return PTR_ERR(data);
1509 if (count < SMK_LOADLEN || smk_parse_rule(data, &rule))
1512 res = smk_access(rule.smk_subject, rule.smk_object, rule.smk_access,
1514 data[0] = res == 0 ? '1' : '0';
1517 simple_transaction_set(file, 2);
1521 static const struct file_operations smk_access_ops = {
1522 .write = smk_write_access,
1523 .read = simple_transaction_read,
1524 .release = simple_transaction_release,
1525 .llseek = generic_file_llseek,
1529 * smk_fill_super - fill the /smackfs superblock
1530 * @sb: the empty superblock
1534 * Fill in the well known entries for /smack
1536 * Returns 0 on success, an error code on failure
1538 static int smk_fill_super(struct super_block *sb, void *data, int silent)
1541 struct inode *root_inode;
1543 static struct tree_descr smack_files[] = {
1545 "load", &smk_load_ops, S_IRUGO|S_IWUSR},
1547 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
1549 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
1551 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
1553 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
1554 [SMK_NETLBLADDR] = {
1555 "netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR},
1557 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
1559 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
1561 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
1563 "access", &smk_access_ops, S_IRUGO|S_IWUSR},
1568 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
1570 printk(KERN_ERR "%s failed %d while creating inodes\n",
1575 root_inode = sb->s_root->d_inode;
1576 root_inode->i_security = new_inode_smack(smack_known_floor.smk_known);
1582 * smk_mount - get the smackfs superblock
1583 * @fs_type: passed along without comment
1584 * @flags: passed along without comment
1585 * @dev_name: passed along without comment
1586 * @data: passed along without comment
1588 * Just passes everything along.
1590 * Returns what the lower level code does.
1592 static struct dentry *smk_mount(struct file_system_type *fs_type,
1593 int flags, const char *dev_name, void *data)
1595 return mount_single(fs_type, flags, data, smk_fill_super);
1598 static struct file_system_type smk_fs_type = {
1601 .kill_sb = kill_litter_super,
1604 static struct vfsmount *smackfs_mount;
1607 * init_smk_fs - get the smackfs superblock
1609 * register the smackfs
1611 * Do not register smackfs if Smack wasn't enabled
1612 * on boot. We can not put this method normally under the
1613 * smack_init() code path since the security subsystem get
1614 * initialized before the vfs caches.
1616 * Returns true if we were not chosen on boot or if
1617 * we were chosen and filesystem registration succeeded.
1619 static int __init init_smk_fs(void)
1623 if (!security_module_enable(&smack_ops))
1626 err = register_filesystem(&smk_fs_type);
1628 smackfs_mount = kern_mount(&smk_fs_type);
1629 if (IS_ERR(smackfs_mount)) {
1630 printk(KERN_ERR "smackfs: could not mount!\n");
1631 err = PTR_ERR(smackfs_mount);
1632 smackfs_mount = NULL;
1637 smk_unlbl_ambient(NULL);
1639 mutex_init(&smack_known_floor.smk_rules_lock);
1640 mutex_init(&smack_known_hat.smk_rules_lock);
1641 mutex_init(&smack_known_huh.smk_rules_lock);
1642 mutex_init(&smack_known_invalid.smk_rules_lock);
1643 mutex_init(&smack_known_star.smk_rules_lock);
1644 mutex_init(&smack_known_web.smk_rules_lock);
1646 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
1647 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
1648 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
1649 INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
1650 INIT_LIST_HEAD(&smack_known_star.smk_rules);
1651 INIT_LIST_HEAD(&smack_known_web.smk_rules);
1656 __initcall(init_smk_fs);
projects / cascardo / linux.git / blob