summaryrefslogtreecommitdiffstats
path: root/security/smack
diff options
context:
space:
mode:
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack_lsm.c134
-rw-r--r--security/smack/smackfs.c61
2 files changed, 154 insertions, 41 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1c11e424585..770eb067e16 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -325,7 +325,7 @@ static int smack_sb_statfs(struct dentry *dentry)
static int smack_sb_mount(char *dev_name, struct nameidata *nd,
char *type, unsigned long flags, void *data)
{
- struct superblock_smack *sbp = nd->mnt->mnt_sb->s_security;
+ struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security;
return smk_curacc(sbp->smk_floor, MAY_WRITE);
}
@@ -584,14 +584,20 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
static int smack_inode_setxattr(struct dentry *dentry, char *name,
void *value, size_t size, int flags)
{
- if (!capable(CAP_MAC_ADMIN)) {
- if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
- strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
- strcmp(name, XATTR_NAME_SMACKIPOUT) == 0)
- return -EPERM;
- }
+ int rc = 0;
- return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
+ if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
+ strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
+ strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
+ if (!capable(CAP_MAC_ADMIN))
+ rc = -EPERM;
+ } else
+ rc = cap_inode_setxattr(dentry, name, value, size, flags);
+
+ if (rc == 0)
+ rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
+
+ return rc;
}
/**
@@ -658,10 +664,20 @@ static int smack_inode_getxattr(struct dentry *dentry, char *name)
*/
static int smack_inode_removexattr(struct dentry *dentry, char *name)
{
- if (strcmp(name, XATTR_NAME_SMACK) == 0 && !capable(CAP_MAC_ADMIN))
- return -EPERM;
+ int rc = 0;
- return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
+ if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
+ strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
+ strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
+ if (!capable(CAP_MAC_ADMIN))
+ rc = -EPERM;
+ } else
+ rc = cap_inode_removexattr(dentry, name);
+
+ if (rc == 0)
+ rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
+
+ return rc;
}
/**
@@ -701,7 +717,7 @@ static int smack_inode_getsecurity(const struct inode *inode,
return -EOPNOTSUPP;
sock = SOCKET_I(ip);
- if (sock == NULL)
+ if (sock == NULL || sock->sk == NULL)
return -EOPNOTSUPP;
ssp = sock->sk->sk_security;
@@ -1016,7 +1032,12 @@ static void smack_task_getsecid(struct task_struct *p, u32 *secid)
*/
static int smack_task_setnice(struct task_struct *p, int nice)
{
- return smk_curacc(p->security, MAY_WRITE);
+ int rc;
+
+ rc = cap_task_setnice(p, nice);
+ if (rc == 0)
+ rc = smk_curacc(p->security, MAY_WRITE);
+ return rc;
}
/**
@@ -1028,7 +1049,12 @@ static int smack_task_setnice(struct task_struct *p, int nice)
*/
static int smack_task_setioprio(struct task_struct *p, int ioprio)
{
- return smk_curacc(p->security, MAY_WRITE);
+ int rc;
+
+ rc = cap_task_setioprio(p, ioprio);
+ if (rc == 0)
+ rc = smk_curacc(p->security, MAY_WRITE);
+ return rc;
}
/**
@@ -1053,7 +1079,12 @@ static int smack_task_getioprio(struct task_struct *p)
static int smack_task_setscheduler(struct task_struct *p, int policy,
struct sched_param *lp)
{
- return smk_curacc(p->security, MAY_WRITE);
+ int rc;
+
+ rc = cap_task_setscheduler(p, policy, lp);
+ if (rc == 0)
+ rc = smk_curacc(p->security, MAY_WRITE);
+ return rc;
}
/**
@@ -1093,6 +1124,11 @@ static int smack_task_movememory(struct task_struct *p)
static int smack_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid)
{
+ int rc;
+
+ rc = cap_task_kill(p, info, sig, secid);
+ if (rc != 0)
+ return rc;
/*
* Special cases where signals really ought to go through
* in spite of policy. Stephen Smalley suggests it may
@@ -1251,9 +1287,8 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
switch (smack_net_nltype) {
case NETLBL_NLTYPE_CIPSOV4:
- nlsp->domain = NULL;
- nlsp->flags = NETLBL_SECATTR_DOMAIN;
- nlsp->flags |= NETLBL_SECATTR_MLS_LVL;
+ nlsp->domain = kstrdup(smack, GFP_ATOMIC);
+ nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
rc = smack_to_cipso(smack, &cipso);
if (rc == 0) {
@@ -1280,16 +1315,16 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
*/
static int smack_netlabel(struct sock *sk)
{
- struct socket_smack *ssp = sk->sk_security;
+ struct socket_smack *ssp;
struct netlbl_lsm_secattr secattr;
- int rc = 0;
+ int rc;
+ ssp = sk->sk_security;
netlbl_secattr_init(&secattr);
smack_to_secattr(ssp->smk_out, &secattr);
- if (secattr.flags != NETLBL_SECATTR_NONE)
- rc = netlbl_sock_setattr(sk, &secattr);
-
+ rc = netlbl_sock_setattr(sk, &secattr);
netlbl_secattr_destroy(&secattr);
+
return rc;
}
@@ -1312,6 +1347,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
struct inode_smack *nsp = inode->i_security;
struct socket_smack *ssp;
struct socket *sock;
+ int rc = 0;
if (value == NULL || size > SMK_LABELLEN)
return -EACCES;
@@ -1331,7 +1367,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
return -EOPNOTSUPP;
sock = SOCKET_I(inode);
- if (sock == NULL)
+ if (sock == NULL || sock->sk == NULL)
return -EOPNOTSUPP;
ssp = sock->sk->sk_security;
@@ -1340,7 +1376,10 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
ssp->smk_in = sp;
else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
ssp->smk_out = sp;
- return smack_netlabel(sock->sk);
+ rc = smack_netlabel(sock->sk);
+ if (rc != 0)
+ printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n",
+ __func__, -rc);
} else
return -EOPNOTSUPP;
@@ -1362,7 +1401,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
static int smack_socket_post_create(struct socket *sock, int family,
int type, int protocol, int kern)
{
- if (family != PF_INET)
+ if (family != PF_INET || sock->sk == NULL)
return 0;
/*
* Set the outbound netlbl.
@@ -1775,6 +1814,27 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
return smk_curacc(isp, may);
}
+/* module stacking operations */
+
+/**
+ * smack_register_security - stack capability module
+ * @name: module name
+ * @ops: module operations - ignored
+ *
+ * Allow the capability module to register.
+ */
+static int smack_register_security(const char *name,
+ struct security_operations *ops)
+{
+ if (strcmp(name, "capability") != 0)
+ return -EINVAL;
+
+ printk(KERN_INFO "%s: Registering secondary module %s\n",
+ __func__, name);
+
+ return 0;
+}
+
/**
* smack_d_instantiate - Make sure the blob is correct on an inode
* @opt_dentry: unused
@@ -2213,6 +2273,9 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent)
ssp->smk_packet[0] = '\0';
rc = smack_netlabel(sk);
+ if (rc != 0)
+ printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n",
+ __func__, -rc);
}
/**
@@ -2345,6 +2408,20 @@ static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
}
/*
+ * smack_secctx_to_secid - return the secid for a smack label
+ * @secdata: smack label
+ * @seclen: how long result is
+ * @secid: outgoing integer
+ *
+ * Exists for audit and networking code.
+ */
+static int smack_secctx_to_secid(char *secdata, u32 seclen, u32 *secid)
+{
+ *secid = smack_to_secid(secdata);
+ return 0;
+}
+
+/*
* smack_release_secctx - don't do anything.
* @key_ref: unused
* @context: unused
@@ -2392,6 +2469,8 @@ static struct security_operations smack_ops = {
.inode_post_setxattr = smack_inode_post_setxattr,
.inode_getxattr = smack_inode_getxattr,
.inode_removexattr = smack_inode_removexattr,
+ .inode_need_killpriv = cap_inode_need_killpriv,
+ .inode_killpriv = cap_inode_killpriv,
.inode_getsecurity = smack_inode_getsecurity,
.inode_setsecurity = smack_inode_setsecurity,
.inode_listsecurity = smack_inode_listsecurity,
@@ -2451,6 +2530,8 @@ static struct security_operations smack_ops = {
.netlink_send = cap_netlink_send,
.netlink_recv = cap_netlink_recv,
+ .register_security = smack_register_security,
+
.d_instantiate = smack_d_instantiate,
.getprocattr = smack_getprocattr,
@@ -2474,6 +2555,7 @@ static struct security_operations smack_ops = {
.key_permission = smack_key_permission,
#endif /* CONFIG_KEYS */
.secid_to_secctx = smack_secid_to_secctx,
+ .secctx_to_secid = smack_secctx_to_secid,
.release_secctx = smack_release_secctx,
};
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 15aa37f65b3..358c92c1a15 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -24,6 +24,7 @@
#include <net/cipso_ipv4.h>
#include <linux/seq_file.h>
#include <linux/ctype.h>
+#include <linux/audit.h>
#include "smack.h"
/*
@@ -45,6 +46,7 @@ enum smk_inos {
*/
static DEFINE_MUTEX(smack_list_lock);
static DEFINE_MUTEX(smack_cipso_lock);
+static DEFINE_MUTEX(smack_ambient_lock);
/*
* This is the "ambient" label for network traffic.
@@ -342,6 +344,9 @@ void smk_cipso_doi(void)
struct cipso_v4_doi *doip;
struct netlbl_audit audit_info;
+ audit_info.loginuid = audit_get_loginuid(current);
+ audit_info.secid = smack_to_secid(current->security);
+
rc = netlbl_cfg_map_del(NULL, &audit_info);
if (rc != 0)
printk(KERN_WARNING "%s:%d remove rc = %d\n",
@@ -363,6 +368,30 @@ void smk_cipso_doi(void)
__func__, __LINE__, rc);
}
+/**
+ * smk_unlbl_ambient - initialize the unlabeled domain
+ */
+void smk_unlbl_ambient(char *oldambient)
+{
+ int rc;
+ struct netlbl_audit audit_info;
+
+ audit_info.loginuid = audit_get_loginuid(current);
+ audit_info.secid = smack_to_secid(current->security);
+
+ if (oldambient != NULL) {
+ rc = netlbl_cfg_map_del(oldambient, &audit_info);
+ if (rc != 0)
+ printk(KERN_WARNING "%s:%d remove rc = %d\n",
+ __func__, __LINE__, rc);
+ }
+
+ rc = netlbl_cfg_unlbl_add_map(smack_net_ambient, &audit_info);
+ if (rc != 0)
+ printk(KERN_WARNING "%s:%d add rc = %d\n",
+ __func__, __LINE__, rc);
+}
+
/*
* Seq_file read operations for /smack/cipso
*/
@@ -709,7 +738,6 @@ static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
size_t cn, loff_t *ppos)
{
ssize_t rc;
- char out[SMK_LABELLEN];
int asize;
if (*ppos != 0)
@@ -717,23 +745,18 @@ static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
/*
* Being careful to avoid a problem in the case where
* smack_net_ambient gets changed in midstream.
- * Since smack_net_ambient is always set with a value
- * from the label list, including initially, and those
- * never get freed, the worst case is that the pointer
- * gets changed just after this strncpy, in which case
- * the value passed up is incorrect. Locking around
- * smack_net_ambient wouldn't be any better than this
- * copy scheme as by the time the caller got to look
- * at the ambient value it would have cleared the lock
- * and been changed.
*/
- strncpy(out, smack_net_ambient, SMK_LABELLEN);
- asize = strlen(out) + 1;
+ mutex_lock(&smack_ambient_lock);
- if (cn < asize)
- return -EINVAL;
+ asize = strlen(smack_net_ambient) + 1;
+
+ if (cn >= asize)
+ rc = simple_read_from_buffer(buf, cn, ppos,
+ smack_net_ambient, asize);
+ else
+ rc = -EINVAL;
- rc = simple_read_from_buffer(buf, cn, ppos, out, asize);
+ mutex_unlock(&smack_ambient_lock);
return rc;
}
@@ -751,6 +774,7 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
char in[SMK_LABELLEN];
+ char *oldambient;
char *smack;
if (!capable(CAP_MAC_ADMIN))
@@ -766,7 +790,13 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
if (smack == NULL)
return -EINVAL;
+ mutex_lock(&smack_ambient_lock);
+
+ oldambient = smack_net_ambient;
smack_net_ambient = smack;
+ smk_unlbl_ambient(oldambient);
+
+ mutex_unlock(&smack_ambient_lock);
return count;
}
@@ -974,6 +1004,7 @@ static int __init init_smk_fs(void)
sema_init(&smack_write_sem, 1);
smk_cipso_doi();
+ smk_unlbl_ambient(NULL);
return err;
}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-12-27 09:34:36 +0000