search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ARM i.MX: iomux v1 initialization away from initcall
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / security / smack / smackfs.c
blob362d5eda948be93a0671127b85dc55f8e2a04c95
1 /*
2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, version 2.
7 *
8 * Authors:
9 * Casey Schaufler <casey@schaufler-ca.com>
10 * Ahmed S. Darwish <darwish.07@gmail.com>
11 *
12 * Special thanks to the authors of selinuxfs.
13 *
14 * Karl MacMillan <kmacmillan@tresys.com>
15 * James Morris <jmorris@redhat.com>
16 *
17 */
18
19 #include <linux/kernel.h>
20 #include <linux/vmalloc.h>
21 #include <linux/security.h>
22 #include <linux/mutex.h>
23 #include <linux/slab.h>
24 #include <net/net_namespace.h>
25 #include <net/netlabel.h>
26 #include <net/cipso_ipv4.h>
27 #include <linux/seq_file.h>
28 #include <linux/ctype.h>
29 #include <linux/audit.h>
30 #include "smack.h"
31
32 /*
33 * smackfs pseudo filesystem.
34 */
35
36 enum smk_inos {
37 SMK_ROOT_INO = 2,
38 SMK_LOAD = 3, /* load policy */
39 SMK_CIPSO = 4, /* load label -> CIPSO mapping */
40 SMK_DOI = 5, /* CIPSO DOI */
41 SMK_DIRECT = 6, /* CIPSO level indicating direct label */
42 SMK_AMBIENT = 7, /* internet ambient label */
43 SMK_NETLBLADDR = 8, /* single label hosts */
44 SMK_ONLYCAP = 9, /* the only "capable" label */
45 SMK_LOGGING = 10, /* logging */
46 };
47
48 /*
49 * List locks
50 */
51 static DEFINE_MUTEX(smack_list_lock);
52 static DEFINE_MUTEX(smack_cipso_lock);
53 static DEFINE_MUTEX(smack_ambient_lock);
54 static DEFINE_MUTEX(smk_netlbladdr_lock);
55
56 /*
57 * This is the "ambient" label for network traffic.
58 * If it isn't somehow marked, use this.
59 * It can be reset via smackfs/ambient
60 */
61 char *smack_net_ambient = smack_known_floor.smk_known;
62
63 /*
64 * This is the level in a CIPSO header that indicates a
65 * smack label is contained directly in the category set.
66 * It can be reset via smackfs/direct
67 */
68 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
69
70 /*
71 * Unless a process is running with this label even
72 * having CAP_MAC_OVERRIDE isn't enough to grant
73 * privilege to violate MAC policy. If no label is
74 * designated (the NULL case) capabilities apply to
75 * everyone. It is expected that the hat (^) label
76 * will be used if any label is used.
77 */
78 char *smack_onlycap;
79
80 /*
81 * Certain IP addresses may be designated as single label hosts.
82 * Packets are sent there unlabeled, but only from tasks that
83 * can write to the specified label.
84 */
85
86 LIST_HEAD(smk_netlbladdr_list);
87 LIST_HEAD(smack_rule_list);
88
89 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
90
91 const char *smack_cipso_option = SMACK_CIPSO_OPTION;
92
93
94 #define SEQ_READ_FINISHED 1
95
96 /*
97 * Values for parsing cipso rules
98 * SMK_DIGITLEN: Length of a digit field in a rule.
99 * SMK_CIPSOMIN: Minimum possible cipso rule length.
100 * SMK_CIPSOMAX: Maximum possible cipso rule length.
101 */
102 #define SMK_DIGITLEN 4
103 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
104 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
105
106 /*
107 * Values for parsing MAC rules
108 * SMK_ACCESS: Maximum possible combination of access permissions
109 * SMK_ACCESSLEN: Maximum length for a rule access field
110 * SMK_LOADLEN: Smack rule length
111 */
112 #define SMK_OACCESS "rwxa"
113 #define SMK_ACCESS "rwxat"
114 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1)
115 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
116 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
117 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
118
119 /**
120 * smk_netlabel_audit_set - fill a netlbl_audit struct
121 * @nap: structure to fill
122 */
123 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
124 {
125 nap->loginuid = audit_get_loginuid(current);
126 nap->sessionid = audit_get_sessionid(current);
127 nap->secid = smack_to_secid(smk_of_current());
128 }
129
130 /*
131 * Values for parsing single label host rules
132 * "1.2.3.4 X"
133 * "192.168.138.129/32 abcdefghijklmnopqrstuvw"
134 */
135 #define SMK_NETLBLADDRMIN 9
136 #define SMK_NETLBLADDRMAX 42
137
138 /*
139 * Seq_file read operations for /smack/load
140 */
141
142 static void *load_seq_start(struct seq_file *s, loff_t *pos)
143 {
144 if (*pos == SEQ_READ_FINISHED)
145 return NULL;
146 if (list_empty(&smack_rule_list))
147 return NULL;
148 return smack_rule_list.next;
149 }
150
151 static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos)
152 {
153 struct list_head *list = v;
154
155 if (list_is_last(list, &smack_rule_list)) {
156 *pos = SEQ_READ_FINISHED;
157 return NULL;
158 }
159 return list->next;
160 }
161
162 static int load_seq_show(struct seq_file *s, void *v)
163 {
164 struct list_head *list = v;
165 struct smack_rule *srp =
166 list_entry(list, struct smack_rule, list);
167
168 seq_printf(s, "%s %s", (char *)srp->smk_subject,
169 (char *)srp->smk_object);
170
171 seq_putc(s, ' ');
172
173 if (srp->smk_access & MAY_READ)
174 seq_putc(s, 'r');
175 if (srp->smk_access & MAY_WRITE)
176 seq_putc(s, 'w');
177 if (srp->smk_access & MAY_EXEC)
178 seq_putc(s, 'x');
179 if (srp->smk_access & MAY_APPEND)
180 seq_putc(s, 'a');
181 if (srp->smk_access & MAY_TRANSMUTE)
182 seq_putc(s, 't');
183 if (srp->smk_access == 0)
184 seq_putc(s, '-');
185
186 seq_putc(s, '\n');
187
188 return 0;
189 }
190
191 static void load_seq_stop(struct seq_file *s, void *v)
192 {
193 /* No-op */
194 }
195
196 static const struct seq_operations load_seq_ops = {
197 .start = load_seq_start,
198 .next = load_seq_next,
199 .show = load_seq_show,
200 .stop = load_seq_stop,
201 };
202
203 /**
204 * smk_open_load - open() for /smack/load
205 * @inode: inode structure representing file
206 * @file: "load" file pointer
207 *
208 * For reading, use load_seq_* seq_file reading operations.
209 */
210 static int smk_open_load(struct inode *inode, struct file *file)
211 {
212 return seq_open(file, &load_seq_ops);
213 }
214
215 /**
216 * smk_set_access - add a rule to the rule list
217 * @srp: the new rule to add
218 *
219 * Looks through the current subject/object/access list for
220 * the subject/object pair and replaces the access that was
221 * there. If the pair isn't found add it with the specified
222 * access.
223 *
224 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
225 * during the allocation of the new pair to add.
226 */
227 static int smk_set_access(struct smack_rule *srp)
228 {
229 struct smack_rule *sp;
230 int ret = 0;
231 int found;
232 mutex_lock(&smack_list_lock);
233
234 found = 0;
235 list_for_each_entry_rcu(sp, &smack_rule_list, list) {
236 if (sp->smk_subject == srp->smk_subject &&
237 sp->smk_object == srp->smk_object) {
238 found = 1;
239 sp->smk_access = srp->smk_access;
240 break;
241 }
242 }
243 if (found == 0)
244 list_add_rcu(&srp->list, &smack_rule_list);
245
246 mutex_unlock(&smack_list_lock);
247
248 return ret;
249 }
250
251 /**
252 * smk_write_load - write() for /smack/load
253 * @file: file pointer, not actually used
254 * @buf: where to get the data from
255 * @count: bytes sent
256 * @ppos: where to start - must be 0
257 *
258 * Get one smack access rule from above.
259 * The format is exactly:
260 * char subject[SMK_LABELLEN]
261 * char object[SMK_LABELLEN]
262 * char access[SMK_ACCESSLEN]
263 *
264 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes.
265 */
266 static ssize_t smk_write_load(struct file *file, const char __user *buf,
267 size_t count, loff_t *ppos)
268 {
269 struct smack_rule *rule;
270 char *data;
271 int rc = -EINVAL;
272
273 /*
274 * Must have privilege.
275 * No partial writes.
276 * Enough data must be present.
277 */
278 if (!capable(CAP_MAC_ADMIN))
279 return -EPERM;
280
281 if (*ppos != 0)
282 return -EINVAL;
283 /*
284 * Minor hack for backward compatability
285 */
286 if (count < (SMK_OLOADLEN) || count > SMK_LOADLEN)
287 return -EINVAL;
288
289 data = kzalloc(SMK_LOADLEN, GFP_KERNEL);
290 if (data == NULL)
291 return -ENOMEM;
292
293 if (copy_from_user(data, buf, count) != 0) {
294 rc = -EFAULT;
295 goto out;
296 }
297
298 /*
299 * More on the minor hack for backward compatability
300 */
301 if (count == (SMK_OLOADLEN))
302 data[SMK_OLOADLEN] = '-';
303
304 rule = kzalloc(sizeof(*rule), GFP_KERNEL);
305 if (rule == NULL) {
306 rc = -ENOMEM;
307 goto out;
308 }
309
310 rule->smk_subject = smk_import(data, 0);
311 if (rule->smk_subject == NULL)
312 goto out_free_rule;
313
314 rule->smk_object = smk_import(data + SMK_LABELLEN, 0);
315 if (rule->smk_object == NULL)
316 goto out_free_rule;
317
318 rule->smk_access = 0;
319
320 switch (data[SMK_LABELLEN + SMK_LABELLEN]) {
321 case '-':
322 break;
323 case 'r':
324 case 'R':
325 rule->smk_access |= MAY_READ;
326 break;
327 default:
328 goto out_free_rule;
329 }
330
331 switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) {
332 case '-':
333 break;
334 case 'w':
335 case 'W':
336 rule->smk_access |= MAY_WRITE;
337 break;
338 default:
339 goto out_free_rule;
340 }
341
342 switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) {
343 case '-':
344 break;
345 case 'x':
346 case 'X':
347 rule->smk_access |= MAY_EXEC;
348 break;
349 default:
350 goto out_free_rule;
351 }
352
353 switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) {
354 case '-':
355 break;
356 case 'a':
357 case 'A':
358 rule->smk_access |= MAY_APPEND;
359 break;
360 default:
361 goto out_free_rule;
362 }
363
364 switch (data[SMK_LABELLEN + SMK_LABELLEN + 4]) {
365 case '-':
366 break;
367 case 't':
368 case 'T':
369 rule->smk_access |= MAY_TRANSMUTE;
370 break;
371 default:
372 goto out_free_rule;
373 }
374
375 rc = smk_set_access(rule);
376
377 if (!rc)
378 rc = count;
379 goto out;
380
381 out_free_rule:
382 kfree(rule);
383 out:
384 kfree(data);
385 return rc;
386 }
387
388 static const struct file_operations smk_load_ops = {
389 .open = smk_open_load,
390 .read = seq_read,
391 .llseek = seq_lseek,
392 .write = smk_write_load,
393 .release = seq_release,
394 };
395
396 /**
397 * smk_cipso_doi - initialize the CIPSO domain
398 */
399 static void smk_cipso_doi(void)
400 {
401 int rc;
402 struct cipso_v4_doi *doip;
403 struct netlbl_audit nai;
404
405 smk_netlabel_audit_set(&nai);
406
407 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
408 if (rc != 0)
409 printk(KERN_WARNING "%s:%d remove rc = %d\n",
410 __func__, __LINE__, rc);
411
412 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
413 if (doip == NULL)
414 panic("smack: Failed to initialize cipso DOI.\n");
415 doip->map.std = NULL;
416 doip->doi = smk_cipso_doi_value;
417 doip->type = CIPSO_V4_MAP_PASS;
418 doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
419 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
420 doip->tags[rc] = CIPSO_V4_TAG_INVALID;
421
422 rc = netlbl_cfg_cipsov4_add(doip, &nai);
423 if (rc != 0) {
424 printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
425 __func__, __LINE__, rc);
426 kfree(doip);
427 return;
428 }
429 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
430 if (rc != 0) {
431 printk(KERN_WARNING "%s:%d map add rc = %d\n",
432 __func__, __LINE__, rc);
433 kfree(doip);
434 return;
435 }
436 }
437
438 /**
439 * smk_unlbl_ambient - initialize the unlabeled domain
440 * @oldambient: previous domain string
441 */
442 static void smk_unlbl_ambient(char *oldambient)
443 {
444 int rc;
445 struct netlbl_audit nai;
446
447 smk_netlabel_audit_set(&nai);
448
449 if (oldambient != NULL) {
450 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
451 if (rc != 0)
452 printk(KERN_WARNING "%s:%d remove rc = %d\n",
453 __func__, __LINE__, rc);
454 }
455
456 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient, PF_INET,
457 NULL, NULL, &nai);
458 if (rc != 0)
459 printk(KERN_WARNING "%s:%d add rc = %d\n",
460 __func__, __LINE__, rc);
461 }
462
463 /*
464 * Seq_file read operations for /smack/cipso
465 */
466
467 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
468 {
469 if (*pos == SEQ_READ_FINISHED)
470 return NULL;
471 if (list_empty(&smack_known_list))
472 return NULL;
473
474 return smack_known_list.next;
475 }
476
477 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
478 {
479 struct list_head *list = v;
480
481 /*
482 * labels with no associated cipso value wont be printed
483 * in cipso_seq_show
484 */
485 if (list_is_last(list, &smack_known_list)) {
486 *pos = SEQ_READ_FINISHED;
487 return NULL;
488 }
489
490 return list->next;
491 }
492
493 /*
494 * Print cipso labels in format:
495 * label level[/cat[,cat]]
496 */
497 static int cipso_seq_show(struct seq_file *s, void *v)
498 {
499 struct list_head *list = v;
500 struct smack_known *skp =
501 list_entry(list, struct smack_known, list);
502 struct smack_cipso *scp = skp->smk_cipso;
503 char *cbp;
504 char sep = '/';
505 int cat = 1;
506 int i;
507 unsigned char m;
508
509 if (scp == NULL)
510 return 0;
511
512 seq_printf(s, "%s %3d", (char *)&skp->smk_known, scp->smk_level);
513
514 cbp = scp->smk_catset;
515 for (i = 0; i < SMK_LABELLEN; i++)
516 for (m = 0x80; m != 0; m >>= 1) {
517 if (m & cbp[i]) {
518 seq_printf(s, "%c%d", sep, cat);
519 sep = ',';
520 }
521 cat++;
522 }
523
524 seq_putc(s, '\n');
525
526 return 0;
527 }
528
529 static void cipso_seq_stop(struct seq_file *s, void *v)
530 {
531 /* No-op */
532 }
533
534 static const struct seq_operations cipso_seq_ops = {
535 .start = cipso_seq_start,
536 .stop = cipso_seq_stop,
537 .next = cipso_seq_next,
538 .show = cipso_seq_show,
539 };
540
541 /**
542 * smk_open_cipso - open() for /smack/cipso
543 * @inode: inode structure representing file
544 * @file: "cipso" file pointer
545 *
546 * Connect our cipso_seq_* operations with /smack/cipso
547 * file_operations
548 */
549 static int smk_open_cipso(struct inode *inode, struct file *file)
550 {
551 return seq_open(file, &cipso_seq_ops);
552 }
553
554 /**
555 * smk_write_cipso - write() for /smack/cipso
556 * @file: file pointer, not actually used
557 * @buf: where to get the data from
558 * @count: bytes sent
559 * @ppos: where to start
560 *
561 * Accepts only one cipso rule per write call.
562 * Returns number of bytes written or error code, as appropriate
563 */
564 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
565 size_t count, loff_t *ppos)
566 {
567 struct smack_known *skp;
568 struct smack_cipso *scp = NULL;
569 char mapcatset[SMK_LABELLEN];
570 int maplevel;
571 int cat;
572 int catlen;
573 ssize_t rc = -EINVAL;
574 char *data = NULL;
575 char *rule;
576 int ret;
577 int i;
578
579 /*
580 * Must have privilege.
581 * No partial writes.
582 * Enough data must be present.
583 */
584 if (!capable(CAP_MAC_ADMIN))
585 return -EPERM;
586 if (*ppos != 0)
587 return -EINVAL;
588 if (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX)
589 return -EINVAL;
590
591 data = kzalloc(count + 1, GFP_KERNEL);
592 if (data == NULL)
593 return -ENOMEM;
594
595 if (copy_from_user(data, buf, count) != 0) {
596 rc = -EFAULT;
597 goto unlockedout;
598 }
599
600 /* labels cannot begin with a '-' */
601 if (data[0] == '-') {
602 rc = -EINVAL;
603 goto unlockedout;
604 }
605 data[count] = '\0';
606 rule = data;
607 /*
608 * Only allow one writer at a time. Writes should be
609 * quite rare and small in any case.
610 */
611 mutex_lock(&smack_cipso_lock);
612
613 skp = smk_import_entry(rule, 0);
614 if (skp == NULL)
615 goto out;
616
617 rule += SMK_LABELLEN;
618 ret = sscanf(rule, "%d", &maplevel);
619 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
620 goto out;
621
622 rule += SMK_DIGITLEN;
623 ret = sscanf(rule, "%d", &catlen);
624 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
625 goto out;
626
627 if (count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
628 goto out;
629
630 memset(mapcatset, 0, sizeof(mapcatset));
631
632 for (i = 0; i < catlen; i++) {
633 rule += SMK_DIGITLEN;
634 ret = sscanf(rule, "%d", &cat);
635 if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL)
636 goto out;
637
638 smack_catset_bit(cat, mapcatset);
639 }
640
641 if (skp->smk_cipso == NULL) {
642 scp = kzalloc(sizeof(struct smack_cipso), GFP_KERNEL);
643 if (scp == NULL) {
644 rc = -ENOMEM;
645 goto out;
646 }
647 }
648
649 spin_lock_bh(&skp->smk_cipsolock);
650
651 if (scp == NULL)
652 scp = skp->smk_cipso;
653 else
654 skp->smk_cipso = scp;
655
656 scp->smk_level = maplevel;
657 memcpy(scp->smk_catset, mapcatset, sizeof(mapcatset));
658
659 spin_unlock_bh(&skp->smk_cipsolock);
660
661 rc = count;
662 out:
663 mutex_unlock(&smack_cipso_lock);
664 unlockedout:
665 kfree(data);
666 return rc;
667 }
668
669 static const struct file_operations smk_cipso_ops = {
670 .open = smk_open_cipso,
671 .read = seq_read,
672 .llseek = seq_lseek,
673 .write = smk_write_cipso,
674 .release = seq_release,
675 };
676
677 /*
678 * Seq_file read operations for /smack/netlabel
679 */
680
681 static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos)
682 {
683 if (*pos == SEQ_READ_FINISHED)
684 return NULL;
685 if (list_empty(&smk_netlbladdr_list))
686 return NULL;
687 return smk_netlbladdr_list.next;
688 }
689
690 static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos)
691 {
692 struct list_head *list = v;
693
694 if (list_is_last(list, &smk_netlbladdr_list)) {
695 *pos = SEQ_READ_FINISHED;
696 return NULL;
697 }
698
699 return list->next;
700 }
701 #define BEBITS (sizeof(__be32) * 8)
702
703 /*
704 * Print host/label pairs
705 */
706 static int netlbladdr_seq_show(struct seq_file *s, void *v)
707 {
708 struct list_head *list = v;
709 struct smk_netlbladdr *skp =
710 list_entry(list, struct smk_netlbladdr, list);
711 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr;
712 int maskn;
713 u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr);
714
715 for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++);
716
717 seq_printf(s, "%u.%u.%u.%u/%d %s\n",
718 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label);
719
720 return 0;
721 }
722
723 static void netlbladdr_seq_stop(struct seq_file *s, void *v)
724 {
725 /* No-op */
726 }
727
728 static const struct seq_operations netlbladdr_seq_ops = {
729 .start = netlbladdr_seq_start,
730 .stop = netlbladdr_seq_stop,
731 .next = netlbladdr_seq_next,
732 .show = netlbladdr_seq_show,
733 };
734
735 /**
736 * smk_open_netlbladdr - open() for /smack/netlabel
737 * @inode: inode structure representing file
738 * @file: "netlabel" file pointer
739 *
740 * Connect our netlbladdr_seq_* operations with /smack/netlabel
741 * file_operations
742 */
743 static int smk_open_netlbladdr(struct inode *inode, struct file *file)
744 {
745 return seq_open(file, &netlbladdr_seq_ops);
746 }
747
748 /**
749 * smk_netlbladdr_insert
750 * @new : netlabel to insert
751 *
752 * This helper insert netlabel in the smack_netlbladdrs list
753 * sorted by netmask length (longest to smallest)
754 * locked by &smk_netlbladdr_lock in smk_write_netlbladdr
755 *
756 */
757 static void smk_netlbladdr_insert(struct smk_netlbladdr *new)
758 {
759 struct smk_netlbladdr *m, *m_next;
760
761 if (list_empty(&smk_netlbladdr_list)) {
762 list_add_rcu(&new->list, &smk_netlbladdr_list);
763 return;
764 }
765
766 m = list_entry_rcu(smk_netlbladdr_list.next,
767 struct smk_netlbladdr, list);
768
769 /* the comparison '>' is a bit hacky, but works */
770 if (new->smk_mask.s_addr > m->smk_mask.s_addr) {
771 list_add_rcu(&new->list, &smk_netlbladdr_list);
772 return;
773 }
774
775 list_for_each_entry_rcu(m, &smk_netlbladdr_list, list) {
776 if (list_is_last(&m->list, &smk_netlbladdr_list)) {
777 list_add_rcu(&new->list, &m->list);
778 return;
779 }
780 m_next = list_entry_rcu(m->list.next,
781 struct smk_netlbladdr, list);
782 if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) {
783 list_add_rcu(&new->list, &m->list);
784 return;
785 }
786 }
787 }
788
789
790 /**
791 * smk_write_netlbladdr - write() for /smack/netlabel
792 * @file: file pointer, not actually used
793 * @buf: where to get the data from
794 * @count: bytes sent
795 * @ppos: where to start
796 *
797 * Accepts only one netlbladdr per write call.
798 * Returns number of bytes written or error code, as appropriate
799 */
800 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
801 size_t count, loff_t *ppos)
802 {
803 struct smk_netlbladdr *skp;
804 struct sockaddr_in newname;
805 char smack[SMK_LABELLEN];
806 char *sp;
807 char data[SMK_NETLBLADDRMAX + 1];
808 char *host = (char *)&newname.sin_addr.s_addr;
809 int rc;
810 struct netlbl_audit audit_info;
811 struct in_addr mask;
812 unsigned int m;
813 int found;
814 u32 mask_bits = (1<<31);
815 __be32 nsa;
816 u32 temp_mask;
817
818 /*
819 * Must have privilege.
820 * No partial writes.
821 * Enough data must be present.
822 * "<addr/mask, as a.b.c.d/e><space><label>"
823 * "<addr, as a.b.c.d><space><label>"
824 */
825 if (!capable(CAP_MAC_ADMIN))
826 return -EPERM;
827 if (*ppos != 0)
828 return -EINVAL;
829 if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX)
830 return -EINVAL;
831 if (copy_from_user(data, buf, count) != 0)
832 return -EFAULT;
833
834 data[count] = '\0';
835
836 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%d %s",
837 &host[0], &host[1], &host[2], &host[3], &m, smack);
838 if (rc != 6) {
839 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
840 &host[0], &host[1], &host[2], &host[3], smack);
841 if (rc != 5)
842 return -EINVAL;
843 m = BEBITS;
844 }
845 if (m > BEBITS)
846 return -EINVAL;
847
848 /* if smack begins with '-', its an option, don't import it */
849 if (smack[0] != '-') {
850 sp = smk_import(smack, 0);
851 if (sp == NULL)
852 return -EINVAL;
853 } else {
854 /* check known options */
855 if (strcmp(smack, smack_cipso_option) == 0)
856 sp = (char *)smack_cipso_option;
857 else
858 return -EINVAL;
859 }
860
861 for (temp_mask = 0; m > 0; m--) {
862 temp_mask |= mask_bits;
863 mask_bits >>= 1;
864 }
865 mask.s_addr = cpu_to_be32(temp_mask);
866
867 newname.sin_addr.s_addr &= mask.s_addr;
868 /*
869 * Only allow one writer at a time. Writes should be
870 * quite rare and small in any case.
871 */
872 mutex_lock(&smk_netlbladdr_lock);
873
874 nsa = newname.sin_addr.s_addr;
875 /* try to find if the prefix is already in the list */
876 found = 0;
877 list_for_each_entry_rcu(skp, &smk_netlbladdr_list, list) {
878 if (skp->smk_host.sin_addr.s_addr == nsa &&
879 skp->smk_mask.s_addr == mask.s_addr) {
880 found = 1;
881 break;
882 }
883 }
884 smk_netlabel_audit_set(&audit_info);
885
886 if (found == 0) {
887 skp = kzalloc(sizeof(*skp), GFP_KERNEL);
888 if (skp == NULL)
889 rc = -ENOMEM;
890 else {
891 rc = 0;
892 skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr;
893 skp->smk_mask.s_addr = mask.s_addr;
894 skp->smk_label = sp;
895 smk_netlbladdr_insert(skp);
896 }
897 } else {
898 /* we delete the unlabeled entry, only if the previous label
899 * wasnt the special CIPSO option */
900 if (skp->smk_label != smack_cipso_option)
901 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
902 &skp->smk_host.sin_addr, &skp->smk_mask,
903 PF_INET, &audit_info);
904 else
905 rc = 0;
906 skp->smk_label = sp;
907 }
908
909 /*
910 * Now tell netlabel about the single label nature of
911 * this host so that incoming packets get labeled.
912 * but only if we didn't get the special CIPSO option
913 */
914 if (rc == 0 && sp != smack_cipso_option)
915 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
916 &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET,
917 smack_to_secid(skp->smk_label), &audit_info);
918
919 if (rc == 0)
920 rc = count;
921
922 mutex_unlock(&smk_netlbladdr_lock);
923
924 return rc;
925 }
926
927 static const struct file_operations smk_netlbladdr_ops = {
928 .open = smk_open_netlbladdr,
929 .read = seq_read,
930 .llseek = seq_lseek,
931 .write = smk_write_netlbladdr,
932 .release = seq_release,
933 };
934
935 /**
936 * smk_read_doi - read() for /smack/doi
937 * @filp: file pointer, not actually used
938 * @buf: where to put the result
939 * @count: maximum to send along
940 * @ppos: where to start
941 *
942 * Returns number of bytes read or error code, as appropriate
943 */
944 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
945 size_t count, loff_t *ppos)
946 {
947 char temp[80];
948 ssize_t rc;
949
950 if (*ppos != 0)
951 return 0;
952
953 sprintf(temp, "%d", smk_cipso_doi_value);
954 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
955
956 return rc;
957 }
958
959 /**
960 * smk_write_doi - write() for /smack/doi
961 * @file: file pointer, not actually used
962 * @buf: where to get the data from
963 * @count: bytes sent
964 * @ppos: where to start
965 *
966 * Returns number of bytes written or error code, as appropriate
967 */
968 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
969 size_t count, loff_t *ppos)
970 {
971 char temp[80];
972 int i;
973
974 if (!capable(CAP_MAC_ADMIN))
975 return -EPERM;
976
977 if (count >= sizeof(temp) || count == 0)
978 return -EINVAL;
979
980 if (copy_from_user(temp, buf, count) != 0)
981 return -EFAULT;
982
983 temp[count] = '\0';
984
985 if (sscanf(temp, "%d", &i) != 1)
986 return -EINVAL;
987
988 smk_cipso_doi_value = i;
989
990 smk_cipso_doi();
991
992 return count;
993 }
994
995 static const struct file_operations smk_doi_ops = {
996 .read = smk_read_doi,
997 .write = smk_write_doi,
998 .llseek = default_llseek,
999 };
1000
1001 /**
1002 * smk_read_direct - read() for /smack/direct
1003 * @filp: file pointer, not actually used
1004 * @buf: where to put the result
1005 * @count: maximum to send along
1006 * @ppos: where to start
1007 *
1008 * Returns number of bytes read or error code, as appropriate
1009 */
1010 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1011 size_t count, loff_t *ppos)
1012 {
1013 char temp[80];
1014 ssize_t rc;
1015
1016 if (*ppos != 0)
1017 return 0;
1018
1019 sprintf(temp, "%d", smack_cipso_direct);
1020 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1021
1022 return rc;
1023 }
1024
1025 /**
1026 * smk_write_direct - write() for /smack/direct
1027 * @file: file pointer, not actually used
1028 * @buf: where to get the data from
1029 * @count: bytes sent
1030 * @ppos: where to start
1031 *
1032 * Returns number of bytes written or error code, as appropriate
1033 */
1034 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1035 size_t count, loff_t *ppos)
1036 {
1037 char temp[80];
1038 int i;
1039
1040 if (!capable(CAP_MAC_ADMIN))
1041 return -EPERM;
1042
1043 if (count >= sizeof(temp) || count == 0)
1044 return -EINVAL;
1045
1046 if (copy_from_user(temp, buf, count) != 0)
1047 return -EFAULT;
1048
1049 temp[count] = '\0';
1050
1051 if (sscanf(temp, "%d", &i) != 1)
1052 return -EINVAL;
1053
1054 smack_cipso_direct = i;
1055
1056 return count;
1057 }
1058
1059 static const struct file_operations smk_direct_ops = {
1060 .read = smk_read_direct,
1061 .write = smk_write_direct,
1062 .llseek = default_llseek,
1063 };
1064
1065 /**
1066 * smk_read_ambient - read() for /smack/ambient
1067 * @filp: file pointer, not actually used
1068 * @buf: where to put the result
1069 * @cn: maximum to send along
1070 * @ppos: where to start
1071 *
1072 * Returns number of bytes read or error code, as appropriate
1073 */
1074 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1075 size_t cn, loff_t *ppos)
1076 {
1077 ssize_t rc;
1078 int asize;
1079
1080 if (*ppos != 0)
1081 return 0;
1082 /*
1083 * Being careful to avoid a problem in the case where
1084 * smack_net_ambient gets changed in midstream.
1085 */
1086 mutex_lock(&smack_ambient_lock);
1087
1088 asize = strlen(smack_net_ambient) + 1;
1089
1090 if (cn >= asize)
1091 rc = simple_read_from_buffer(buf, cn, ppos,
1092 smack_net_ambient, asize);
1093 else
1094 rc = -EINVAL;
1095
1096 mutex_unlock(&smack_ambient_lock);
1097
1098 return rc;
1099 }
1100
1101 /**
1102 * smk_write_ambient - write() for /smack/ambient
1103 * @file: file pointer, not actually used
1104 * @buf: where to get the data from
1105 * @count: bytes sent
1106 * @ppos: where to start
1107 *
1108 * Returns number of bytes written or error code, as appropriate
1109 */
1110 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1111 size_t count, loff_t *ppos)
1112 {
1113 char in[SMK_LABELLEN];
1114 char *oldambient;
1115 char *smack;
1116
1117 if (!capable(CAP_MAC_ADMIN))
1118 return -EPERM;
1119
1120 if (count >= SMK_LABELLEN)
1121 return -EINVAL;
1122
1123 if (copy_from_user(in, buf, count) != 0)
1124 return -EFAULT;
1125
1126 smack = smk_import(in, count);
1127 if (smack == NULL)
1128 return -EINVAL;
1129
1130 mutex_lock(&smack_ambient_lock);
1131
1132 oldambient = smack_net_ambient;
1133 smack_net_ambient = smack;
1134 smk_unlbl_ambient(oldambient);
1135
1136 mutex_unlock(&smack_ambient_lock);
1137
1138 return count;
1139 }
1140
1141 static const struct file_operations smk_ambient_ops = {
1142 .read = smk_read_ambient,
1143 .write = smk_write_ambient,
1144 .llseek = default_llseek,
1145 };
1146
1147 /**
1148 * smk_read_onlycap - read() for /smack/onlycap
1149 * @filp: file pointer, not actually used
1150 * @buf: where to put the result
1151 * @cn: maximum to send along
1152 * @ppos: where to start
1153 *
1154 * Returns number of bytes read or error code, as appropriate
1155 */
1156 static ssize_t smk_read_onlycap(struct file *filp, char __user *buf,
1157 size_t cn, loff_t *ppos)
1158 {
1159 char *smack = "";
1160 ssize_t rc = -EINVAL;
1161 int asize;
1162
1163 if (*ppos != 0)
1164 return 0;
1165
1166 if (smack_onlycap != NULL)
1167 smack = smack_onlycap;
1168
1169 asize = strlen(smack) + 1;
1170
1171 if (cn >= asize)
1172 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
1173
1174 return rc;
1175 }
1176
1177 /**
1178 * smk_write_onlycap - write() for /smack/onlycap
1179 * @file: file pointer, not actually used
1180 * @buf: where to get the data from
1181 * @count: bytes sent
1182 * @ppos: where to start
1183 *
1184 * Returns number of bytes written or error code, as appropriate
1185 */
1186 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
1187 size_t count, loff_t *ppos)
1188 {
1189 char in[SMK_LABELLEN];
1190 char *sp = smk_of_task(current->cred->security);
1191
1192 if (!capable(CAP_MAC_ADMIN))
1193 return -EPERM;
1194
1195 /*
1196 * This can be done using smk_access() but is done
1197 * explicitly for clarity. The smk_access() implementation
1198 * would use smk_access(smack_onlycap, MAY_WRITE)
1199 */
1200 if (smack_onlycap != NULL && smack_onlycap != sp)
1201 return -EPERM;
1202
1203 if (count >= SMK_LABELLEN)
1204 return -EINVAL;
1205
1206 if (copy_from_user(in, buf, count) != 0)
1207 return -EFAULT;
1208
1209 /*
1210 * Should the null string be passed in unset the onlycap value.
1211 * This seems like something to be careful with as usually
1212 * smk_import only expects to return NULL for errors. It
1213 * is usually the case that a nullstring or "\n" would be
1214 * bad to pass to smk_import but in fact this is useful here.
1215 */
1216 smack_onlycap = smk_import(in, count);
1217
1218 return count;
1219 }
1220
1221 static const struct file_operations smk_onlycap_ops = {
1222 .read = smk_read_onlycap,
1223 .write = smk_write_onlycap,
1224 .llseek = default_llseek,
1225 };
1226
1227 /**
1228 * smk_read_logging - read() for /smack/logging
1229 * @filp: file pointer, not actually used
1230 * @buf: where to put the result
1231 * @cn: maximum to send along
1232 * @ppos: where to start
1233 *
1234 * Returns number of bytes read or error code, as appropriate
1235 */
1236 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
1237 size_t count, loff_t *ppos)
1238 {
1239 char temp[32];
1240 ssize_t rc;
1241
1242 if (*ppos != 0)
1243 return 0;
1244
1245 sprintf(temp, "%d\n", log_policy);
1246 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1247 return rc;
1248 }
1249
1250 /**
1251 * smk_write_logging - write() for /smack/logging
1252 * @file: file pointer, not actually used
1253 * @buf: where to get the data from
1254 * @count: bytes sent
1255 * @ppos: where to start
1256 *
1257 * Returns number of bytes written or error code, as appropriate
1258 */
1259 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
1260 size_t count, loff_t *ppos)
1261 {
1262 char temp[32];
1263 int i;
1264
1265 if (!capable(CAP_MAC_ADMIN))
1266 return -EPERM;
1267
1268 if (count >= sizeof(temp) || count == 0)
1269 return -EINVAL;
1270
1271 if (copy_from_user(temp, buf, count) != 0)
1272 return -EFAULT;
1273
1274 temp[count] = '\0';
1275
1276 if (sscanf(temp, "%d", &i) != 1)
1277 return -EINVAL;
1278 if (i < 0 || i > 3)
1279 return -EINVAL;
1280 log_policy = i;
1281 return count;
1282 }
1283
1284
1285
1286 static const struct file_operations smk_logging_ops = {
1287 .read = smk_read_logging,
1288 .write = smk_write_logging,
1289 .llseek = default_llseek,
1290 };
1291 /**
1292 * smk_fill_super - fill the /smackfs superblock
1293 * @sb: the empty superblock
1294 * @data: unused
1295 * @silent: unused
1296 *
1297 * Fill in the well known entries for /smack
1298 *
1299 * Returns 0 on success, an error code on failure
1300 */
1301 static int smk_fill_super(struct super_block *sb, void *data, int silent)
1302 {
1303 int rc;
1304 struct inode *root_inode;
1305
1306 static struct tree_descr smack_files[] = {
1307 [SMK_LOAD] =
1308 {"load", &smk_load_ops, S_IRUGO|S_IWUSR},
1309 [SMK_CIPSO] =
1310 {"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
1311 [SMK_DOI] =
1312 {"doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
1313 [SMK_DIRECT] =
1314 {"direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
1315 [SMK_AMBIENT] =
1316 {"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
1317 [SMK_NETLBLADDR] =
1318 {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR},
1319 [SMK_ONLYCAP] =
1320 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
1321 [SMK_LOGGING] =
1322 {"logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
1323 /* last one */ {""}
1324 };
1325
1326 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
1327 if (rc != 0) {
1328 printk(KERN_ERR "%s failed %d while creating inodes\n",
1329 __func__, rc);
1330 return rc;
1331 }
1332
1333 root_inode = sb->s_root->d_inode;
1334 root_inode->i_security = new_inode_smack(smack_known_floor.smk_known);
1335
1336 return 0;
1337 }
1338
1339 /**
1340 * smk_mount - get the smackfs superblock
1341 * @fs_type: passed along without comment
1342 * @flags: passed along without comment
1343 * @dev_name: passed along without comment
1344 * @data: passed along without comment
1345 *
1346 * Just passes everything along.
1347 *
1348 * Returns what the lower level code does.
1349 */
1350 static struct dentry *smk_mount(struct file_system_type *fs_type,
1351 int flags, const char *dev_name, void *data)
1352 {
1353 return mount_single(fs_type, flags, data, smk_fill_super);
1354 }
1355
1356 static struct file_system_type smk_fs_type = {
1357 .name = "smackfs",
1358 .mount = smk_mount,
1359 .kill_sb = kill_litter_super,
1360 };
1361
1362 static struct vfsmount *smackfs_mount;
1363
1364 /**
1365 * init_smk_fs - get the smackfs superblock
1366 *
1367 * register the smackfs
1368 *
1369 * Do not register smackfs if Smack wasn't enabled
1370 * on boot. We can not put this method normally under the
1371 * smack_init() code path since the security subsystem get
1372 * initialized before the vfs caches.
1373 *
1374 * Returns true if we were not chosen on boot or if
1375 * we were chosen and filesystem registration succeeded.
1376 */
1377 static int __init init_smk_fs(void)
1378 {
1379 int err;
1380
1381 if (!security_module_enable(&smack_ops))
1382 return 0;
1383
1384 err = register_filesystem(&smk_fs_type);
1385 if (!err) {
1386 smackfs_mount = kern_mount(&smk_fs_type);
1387 if (IS_ERR(smackfs_mount)) {
1388 printk(KERN_ERR "smackfs: could not mount!\n");
1389 err = PTR_ERR(smackfs_mount);
1390 smackfs_mount = NULL;
1391 }
1392 }
1393
1394 smk_cipso_doi();
1395 smk_unlbl_ambient(NULL);
1396
1397 return err;
1398 }
1399
1400 __initcall(init_smk_fs);
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree