2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, version 2.
9 * Casey Schaufler <casey@schaufler-ca.com>
10 * Ahmed S. Darwish <darwish.07@gmail.com>
12 * Special thanks to the authors of selinuxfs.
14 * Karl MacMillan <kmacmillan@tresys.com>
15 * James Morris <jmorris@redhat.com>
19 #include <linux/kernel.h>
20 #include <linux/vmalloc.h>
21 #include <linux/security.h>
22 #include <linux/mutex.h>
23 #include <linux/slab.h>
24 #include <net/net_namespace.h>
25 #include <net/cipso_ipv4.h>
26 #include <linux/seq_file.h>
27 #include <linux/ctype.h>
28 #include <linux/audit.h>
29 #include <linux/magic.h>
33 * smackfs pseudo filesystem.
38 SMK_LOAD = 3, /* load policy */
39 SMK_CIPSO = 4, /* load label -> CIPSO mapping */
40 SMK_DOI = 5, /* CIPSO DOI */
41 SMK_DIRECT = 6, /* CIPSO level indicating direct label */
42 SMK_AMBIENT = 7, /* internet ambient label */
43 SMK_NETLBLADDR = 8, /* single label hosts */
44 SMK_ONLYCAP = 9, /* the only "capable" label */
45 SMK_LOGGING = 10, /* logging */
46 SMK_LOAD_SELF = 11, /* task specific rules */
47 SMK_ACCESSES = 12, /* access policy */
48 SMK_MAPPED = 13, /* CIPSO level indicating mapped label */
49 SMK_LOAD2 = 14, /* load policy with long labels */
50 SMK_LOAD_SELF2 = 15, /* load task specific rules with long labels */
51 SMK_ACCESS2 = 16, /* make an access check with long labels */
52 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */
53 SMK_REVOKE_SUBJ = 18, /* set rules with subject label to '-' */
54 SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */
55 SMK_SYSLOG = 20, /* change syslog label) */
56 SMK_PTRACE = 21, /* set ptrace rule */
57 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
58 SMK_UNCONFINED = 22, /* define an unconfined label */
65 static DEFINE_MUTEX(smack_cipso_lock);
66 static DEFINE_MUTEX(smack_ambient_lock);
67 static DEFINE_MUTEX(smk_netlbladdr_lock);
70 * This is the "ambient" label for network traffic.
71 * If it isn't somehow marked, use this.
72 * It can be reset via smackfs/ambient
74 struct smack_known *smack_net_ambient;
77 * This is the level in a CIPSO header that indicates a
78 * smack label is contained directly in the category set.
79 * It can be reset via smackfs/direct
81 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
84 * This is the level in a CIPSO header that indicates a
85 * secid is contained directly in the category set.
86 * It can be reset via smackfs/mapped
88 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
90 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
92 * Allow one label to be unconfined. This is for
93 * debugging and application bring-up purposes only.
94 * It is bad and wrong, but everyone seems to expect
97 struct smack_known *smack_unconfined;
101 * If this value is set restrict syslog use to the label specified.
102 * It can be reset via smackfs/syslog
104 struct smack_known *smack_syslog_label;
107 * Ptrace current rule
108 * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based)
109 * SMACK_PTRACE_EXACT labels must match, but can be overriden with
111 * SMACK_PTRACE_DRACONIAN lables must match, CAP_SYS_PTRACE has no effect
113 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
116 * Certain IP addresses may be designated as single label hosts.
117 * Packets are sent there unlabeled, but only from tasks that
118 * can write to the specified label.
121 LIST_HEAD(smk_netlbladdr_list);
124 * Rule lists are maintained for each label.
125 * This master list is just for reading /smack/load and /smack/load2.
127 struct smack_master_list {
128 struct list_head list;
129 struct smack_rule *smk_rule;
132 LIST_HEAD(smack_rule_list);
134 struct smack_parsed_rule {
135 struct smack_known *smk_subject;
136 struct smack_known *smk_object;
141 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
143 struct smack_known smack_cipso_option = {
144 .smk_known = SMACK_CIPSO_OPTION,
149 * Values for parsing cipso rules
150 * SMK_DIGITLEN: Length of a digit field in a rule.
151 * SMK_CIPSOMIN: Minimum possible cipso rule length.
152 * SMK_CIPSOMAX: Maximum possible cipso rule length.
154 #define SMK_DIGITLEN 4
155 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
156 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
159 * Values for parsing MAC rules
160 * SMK_ACCESS: Maximum possible combination of access permissions
161 * SMK_ACCESSLEN: Maximum length for a rule access field
162 * SMK_LOADLEN: Smack rule length
164 #define SMK_OACCESS "rwxa"
165 #define SMK_ACCESS "rwxatl"
166 #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1)
167 #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
168 #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
169 #define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
172 * Stricly for CIPSO level manipulation.
173 * Set the category bit number in a smack label sized buffer.
175 static inline void smack_catset_bit(unsigned int cat, char *catsetp)
177 if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
180 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
184 * smk_netlabel_audit_set - fill a netlbl_audit struct
185 * @nap: structure to fill
187 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
189 struct smack_known *skp = smk_of_current();
191 nap->loginuid = audit_get_loginuid(current);
192 nap->sessionid = audit_get_sessionid(current);
193 nap->secid = skp->smk_secid;
197 * Value for parsing single label host rules
200 #define SMK_NETLBLADDRMIN 9
203 * smk_set_access - add a rule to the rule list or replace an old rule
204 * @srp: the rule to add or replace
205 * @rule_list: the list of rules
206 * @rule_lock: the rule list lock
207 * @global: if non-zero, indicates a global rule
209 * Looks through the current subject/object/access list for
210 * the subject/object pair and replaces the access that was
211 * there. If the pair isn't found add it with the specified
214 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
215 * during the allocation of the new pair to add.
217 static int smk_set_access(struct smack_parsed_rule *srp,
218 struct list_head *rule_list,
219 struct mutex *rule_lock, int global)
221 struct smack_rule *sp;
222 struct smack_master_list *smlp;
226 mutex_lock(rule_lock);
229 * Because the object label is less likely to match
230 * than the subject label check it first
232 list_for_each_entry_rcu(sp, rule_list, list) {
233 if (sp->smk_object == srp->smk_object &&
234 sp->smk_subject == srp->smk_subject) {
236 sp->smk_access |= srp->smk_access1;
237 sp->smk_access &= ~srp->smk_access2;
243 sp = kzalloc(sizeof(*sp), GFP_KERNEL);
249 sp->smk_subject = srp->smk_subject;
250 sp->smk_object = srp->smk_object;
251 sp->smk_access = srp->smk_access1 & ~srp->smk_access2;
253 list_add_rcu(&sp->list, rule_list);
255 * If this is a global as opposed to self and a new rule
256 * it needs to get added for reporting.
259 smlp = kzalloc(sizeof(*smlp), GFP_KERNEL);
262 list_add_rcu(&smlp->list, &smack_rule_list);
269 mutex_unlock(rule_lock);
274 * smk_perm_from_str - parse smack accesses from a text string
275 * @string: a text string that contains a Smack accesses code
277 * Returns an integer with respective bits set for specified accesses.
279 static int smk_perm_from_str(const char *string)
284 for (cp = string; ; cp++)
306 perm |= MAY_TRANSMUTE;
322 * smk_fill_rule - Fill Smack rule from strings
323 * @subject: subject label string
324 * @object: object label string
325 * @access1: access string
326 * @access2: string with permissions to be removed
328 * @import: if non-zero, import labels
329 * @len: label length limit
331 * Returns 0 on success, appropriate error code on failure.
333 static int smk_fill_rule(const char *subject, const char *object,
334 const char *access1, const char *access2,
335 struct smack_parsed_rule *rule, int import,
339 struct smack_known *skp;
342 rule->smk_subject = smk_import_entry(subject, len);
343 if (IS_ERR(rule->smk_subject))
344 return PTR_ERR(rule->smk_subject);
346 rule->smk_object = smk_import_entry(object, len);
347 if (IS_ERR(rule->smk_object))
348 return PTR_ERR(rule->smk_object);
350 cp = smk_parse_smack(subject, len);
353 skp = smk_find_entry(cp);
357 rule->smk_subject = skp;
359 cp = smk_parse_smack(object, len);
362 skp = smk_find_entry(cp);
366 rule->smk_object = skp;
369 rule->smk_access1 = smk_perm_from_str(access1);
371 rule->smk_access2 = smk_perm_from_str(access2);
373 rule->smk_access2 = ~rule->smk_access1;
379 * smk_parse_rule - parse Smack rule from load string
380 * @data: string to be parsed whose size is SMK_LOADLEN
382 * @import: if non-zero, import labels
384 * Returns 0 on success, -1 on errors.
386 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
391 rc = smk_fill_rule(data, data + SMK_LABELLEN,
392 data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule,
393 import, SMK_LABELLEN);
398 * smk_parse_long_rule - parse Smack rule from rule string
399 * @data: string to be parsed, null terminated
400 * @rule: Will be filled with Smack parsed rule
401 * @import: if non-zero, import labels
402 * @tokens: numer of substrings expected in data
404 * Returns number of processed bytes on success, -ERRNO on failure.
406 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
407 int import, int tokens)
415 * Parsing the rule in-place, filling all white-spaces with '\0'
417 for (i = 0; i < tokens; ++i) {
418 while (isspace(data[cnt]))
421 if (data[cnt] == '\0')
422 /* Unexpected end of data */
427 while (data[cnt] && !isspace(data[cnt]))
430 while (isspace(data[cnt]))
436 rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
437 return rc == 0 ? cnt : rc;
440 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */
441 #define SMK_LONG_FMT 1 /* Variable long label format */
442 #define SMK_CHANGE_FMT 2 /* Rule modification format */
444 * smk_write_rules_list - write() for any /smack rule file
445 * @file: file pointer, not actually used
446 * @buf: where to get the data from
448 * @ppos: where to start - must be 0
449 * @rule_list: the list of rules to write to
450 * @rule_lock: lock for the rule list
451 * @format: /smack/load or /smack/load2 or /smack/change-rule format.
453 * Get one smack access rule from above.
454 * The format for SMK_LONG_FMT is:
455 * "subject<whitespace>object<whitespace>access[<whitespace>...]"
456 * The format for SMK_FIXED24_FMT is exactly:
457 * "subject object rwxat"
458 * The format for SMK_CHANGE_FMT is:
459 * "subject<whitespace>object<whitespace>
460 * acc_enable<whitespace>acc_disable[<whitespace>...]"
462 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
463 size_t count, loff_t *ppos,
464 struct list_head *rule_list,
465 struct mutex *rule_lock, int format)
467 struct smack_parsed_rule rule;
476 * Enough data must be present.
481 if (format == SMK_FIXED24_FMT) {
483 * Minor hack for backward compatibility
485 if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
488 if (count >= PAGE_SIZE) {
489 count = PAGE_SIZE - 1;
494 data = kmalloc(count + 1, GFP_KERNEL);
498 if (copy_from_user(data, buf, count) != 0) {
504 * In case of parsing only part of user buf,
505 * avoid having partial rule at the data buffer
508 while (count > 0 && (data[count - 1] != '\n'))
517 tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
518 while (cnt < count) {
519 if (format == SMK_FIXED24_FMT) {
520 rc = smk_parse_rule(data, &rule, 1);
525 rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
535 if (rule_list == NULL)
536 rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
537 &rule.smk_subject->smk_rules_lock, 1);
539 rc = smk_set_access(&rule, rule_list, rule_lock, 0);
552 * Core logic for smackfs seq list operations.
555 static void *smk_seq_start(struct seq_file *s, loff_t *pos,
556 struct list_head *head)
558 struct list_head *list;
562 for (list = rcu_dereference(list_next_rcu(head));
564 list = rcu_dereference(list_next_rcu(list))) {
572 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
573 struct list_head *head)
575 struct list_head *list = v;
578 list = rcu_dereference(list_next_rcu(list));
580 return (list == head) ? NULL : list;
583 static void smk_seq_stop(struct seq_file *s, void *v)
588 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
591 * Don't show any rules with label names too long for
592 * interface file (/smack/load or /smack/load2)
593 * because you should expect to be able to write
594 * anything you read back.
596 if (strlen(srp->smk_subject->smk_known) >= max ||
597 strlen(srp->smk_object->smk_known) >= max)
600 if (srp->smk_access == 0)
603 seq_printf(s, "%s %s",
604 srp->smk_subject->smk_known,
605 srp->smk_object->smk_known);
609 if (srp->smk_access & MAY_READ)
611 if (srp->smk_access & MAY_WRITE)
613 if (srp->smk_access & MAY_EXEC)
615 if (srp->smk_access & MAY_APPEND)
617 if (srp->smk_access & MAY_TRANSMUTE)
619 if (srp->smk_access & MAY_LOCK)
621 if (srp->smk_access & MAY_BRINGUP)
628 * Seq_file read operations for /smack/load
631 static void *load2_seq_start(struct seq_file *s, loff_t *pos)
633 return smk_seq_start(s, pos, &smack_rule_list);
636 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
638 return smk_seq_next(s, v, pos, &smack_rule_list);
641 static int load_seq_show(struct seq_file *s, void *v)
643 struct list_head *list = v;
644 struct smack_master_list *smlp =
645 list_entry_rcu(list, struct smack_master_list, list);
647 smk_rule_show(s, smlp->smk_rule, SMK_LABELLEN);
652 static const struct seq_operations load_seq_ops = {
653 .start = load2_seq_start,
654 .next = load2_seq_next,
655 .show = load_seq_show,
656 .stop = smk_seq_stop,
660 * smk_open_load - open() for /smack/load
661 * @inode: inode structure representing file
662 * @file: "load" file pointer
664 * For reading, use load_seq_* seq_file reading operations.
666 static int smk_open_load(struct inode *inode, struct file *file)
668 return seq_open(file, &load_seq_ops);
672 * smk_write_load - write() for /smack/load
673 * @file: file pointer, not actually used
674 * @buf: where to get the data from
676 * @ppos: where to start - must be 0
679 static ssize_t smk_write_load(struct file *file, const char __user *buf,
680 size_t count, loff_t *ppos)
683 * Must have privilege.
685 * Enough data must be present.
687 if (!smack_privileged(CAP_MAC_ADMIN))
690 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
694 static const struct file_operations smk_load_ops = {
695 .open = smk_open_load,
698 .write = smk_write_load,
699 .release = seq_release,
703 * smk_cipso_doi - initialize the CIPSO domain
705 static void smk_cipso_doi(void)
708 struct cipso_v4_doi *doip;
709 struct netlbl_audit nai;
711 smk_netlabel_audit_set(&nai);
713 rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
715 printk(KERN_WARNING "%s:%d remove rc = %d\n",
716 __func__, __LINE__, rc);
718 doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
720 panic("smack: Failed to initialize cipso DOI.\n");
721 doip->map.std = NULL;
722 doip->doi = smk_cipso_doi_value;
723 doip->type = CIPSO_V4_MAP_PASS;
724 doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
725 for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
726 doip->tags[rc] = CIPSO_V4_TAG_INVALID;
728 rc = netlbl_cfg_cipsov4_add(doip, &nai);
730 printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
731 __func__, __LINE__, rc);
735 rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
737 printk(KERN_WARNING "%s:%d map add rc = %d\n",
738 __func__, __LINE__, rc);
745 * smk_unlbl_ambient - initialize the unlabeled domain
746 * @oldambient: previous domain string
748 static void smk_unlbl_ambient(char *oldambient)
751 struct netlbl_audit nai;
753 smk_netlabel_audit_set(&nai);
755 if (oldambient != NULL) {
756 rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
758 printk(KERN_WARNING "%s:%d remove rc = %d\n",
759 __func__, __LINE__, rc);
761 if (smack_net_ambient == NULL)
762 smack_net_ambient = &smack_known_floor;
764 rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
767 printk(KERN_WARNING "%s:%d add rc = %d\n",
768 __func__, __LINE__, rc);
772 * Seq_file read operations for /smack/cipso
775 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
777 return smk_seq_start(s, pos, &smack_known_list);
780 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
782 return smk_seq_next(s, v, pos, &smack_known_list);
786 * Print cipso labels in format:
787 * label level[/cat[,cat]]
789 static int cipso_seq_show(struct seq_file *s, void *v)
791 struct list_head *list = v;
792 struct smack_known *skp =
793 list_entry_rcu(list, struct smack_known, list);
794 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
799 * Don't show a label that could not have been set using
800 * /smack/cipso. This is in support of the notion that
801 * anything read from /smack/cipso ought to be writeable
804 * /smack/cipso2 should be used instead.
806 if (strlen(skp->smk_known) >= SMK_LABELLEN)
809 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
811 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
812 i = netlbl_catmap_walk(cmp, i + 1)) {
813 seq_printf(s, "%c%d", sep, i);
822 static const struct seq_operations cipso_seq_ops = {
823 .start = cipso_seq_start,
824 .next = cipso_seq_next,
825 .show = cipso_seq_show,
826 .stop = smk_seq_stop,
830 * smk_open_cipso - open() for /smack/cipso
831 * @inode: inode structure representing file
832 * @file: "cipso" file pointer
834 * Connect our cipso_seq_* operations with /smack/cipso
837 static int smk_open_cipso(struct inode *inode, struct file *file)
839 return seq_open(file, &cipso_seq_ops);
843 * smk_set_cipso - do the work for write() for cipso and cipso2
844 * @file: file pointer, not actually used
845 * @buf: where to get the data from
847 * @ppos: where to start
848 * @format: /smack/cipso or /smack/cipso2
850 * Accepts only one cipso rule per write call.
851 * Returns number of bytes written or error code, as appropriate
853 static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
854 size_t count, loff_t *ppos, int format)
856 struct smack_known *skp;
857 struct netlbl_lsm_secattr ncats;
858 char mapcatset[SMK_CIPSOLEN];
862 ssize_t rc = -EINVAL;
869 * Must have privilege.
871 * Enough data must be present.
873 if (!smack_privileged(CAP_MAC_ADMIN))
877 if (format == SMK_FIXED24_FMT &&
878 (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
881 data = kzalloc(count + 1, GFP_KERNEL);
885 if (copy_from_user(data, buf, count) != 0) {
893 * Only allow one writer at a time. Writes should be
894 * quite rare and small in any case.
896 mutex_lock(&smack_cipso_lock);
898 skp = smk_import_entry(rule, 0);
904 if (format == SMK_FIXED24_FMT)
905 rule += SMK_LABELLEN;
907 rule += strlen(skp->smk_known) + 1;
909 ret = sscanf(rule, "%d", &maplevel);
910 if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
913 rule += SMK_DIGITLEN;
914 ret = sscanf(rule, "%d", &catlen);
915 if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
918 if (format == SMK_FIXED24_FMT &&
919 count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
922 memset(mapcatset, 0, sizeof(mapcatset));
924 for (i = 0; i < catlen; i++) {
925 rule += SMK_DIGITLEN;
926 ret = sscanf(rule, "%u", &cat);
927 if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
930 smack_catset_bit(cat, mapcatset);
933 rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
935 netlbl_catmap_free(skp->smk_netlabel.attr.mls.cat);
936 skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat;
937 skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
942 mutex_unlock(&smack_cipso_lock);
949 * smk_write_cipso - write() for /smack/cipso
950 * @file: file pointer, not actually used
951 * @buf: where to get the data from
953 * @ppos: where to start
955 * Accepts only one cipso rule per write call.
956 * Returns number of bytes written or error code, as appropriate
958 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
959 size_t count, loff_t *ppos)
961 return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
964 static const struct file_operations smk_cipso_ops = {
965 .open = smk_open_cipso,
968 .write = smk_write_cipso,
969 .release = seq_release,
973 * Seq_file read operations for /smack/cipso2
977 * Print cipso labels in format:
978 * label level[/cat[,cat]]
980 static int cipso2_seq_show(struct seq_file *s, void *v)
982 struct list_head *list = v;
983 struct smack_known *skp =
984 list_entry_rcu(list, struct smack_known, list);
985 struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
989 seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
991 for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
992 i = netlbl_catmap_walk(cmp, i + 1)) {
993 seq_printf(s, "%c%d", sep, i);
1002 static const struct seq_operations cipso2_seq_ops = {
1003 .start = cipso_seq_start,
1004 .next = cipso_seq_next,
1005 .show = cipso2_seq_show,
1006 .stop = smk_seq_stop,
1010 * smk_open_cipso2 - open() for /smack/cipso2
1011 * @inode: inode structure representing file
1012 * @file: "cipso2" file pointer
1014 * Connect our cipso_seq_* operations with /smack/cipso2
1017 static int smk_open_cipso2(struct inode *inode, struct file *file)
1019 return seq_open(file, &cipso2_seq_ops);
1023 * smk_write_cipso2 - write() for /smack/cipso2
1024 * @file: file pointer, not actually used
1025 * @buf: where to get the data from
1026 * @count: bytes sent
1027 * @ppos: where to start
1029 * Accepts only one cipso rule per write call.
1030 * Returns number of bytes written or error code, as appropriate
1032 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
1033 size_t count, loff_t *ppos)
1035 return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
1038 static const struct file_operations smk_cipso2_ops = {
1039 .open = smk_open_cipso2,
1041 .llseek = seq_lseek,
1042 .write = smk_write_cipso2,
1043 .release = seq_release,
1047 * Seq_file read operations for /smack/netlabel
1050 static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos)
1052 return smk_seq_start(s, pos, &smk_netlbladdr_list);
1055 static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1057 return smk_seq_next(s, v, pos, &smk_netlbladdr_list);
1059 #define BEBITS (sizeof(__be32) * 8)
1062 * Print host/label pairs
1064 static int netlbladdr_seq_show(struct seq_file *s, void *v)
1066 struct list_head *list = v;
1067 struct smk_netlbladdr *skp =
1068 list_entry_rcu(list, struct smk_netlbladdr, list);
1069 unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr;
1071 u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr);
1073 for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++);
1075 seq_printf(s, "%u.%u.%u.%u/%d %s\n",
1076 hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label->smk_known);
1081 static const struct seq_operations netlbladdr_seq_ops = {
1082 .start = netlbladdr_seq_start,
1083 .next = netlbladdr_seq_next,
1084 .show = netlbladdr_seq_show,
1085 .stop = smk_seq_stop,
1089 * smk_open_netlbladdr - open() for /smack/netlabel
1090 * @inode: inode structure representing file
1091 * @file: "netlabel" file pointer
1093 * Connect our netlbladdr_seq_* operations with /smack/netlabel
1096 static int smk_open_netlbladdr(struct inode *inode, struct file *file)
1098 return seq_open(file, &netlbladdr_seq_ops);
1102 * smk_netlbladdr_insert
1103 * @new : netlabel to insert
1105 * This helper insert netlabel in the smack_netlbladdrs list
1106 * sorted by netmask length (longest to smallest)
1107 * locked by &smk_netlbladdr_lock in smk_write_netlbladdr
1110 static void smk_netlbladdr_insert(struct smk_netlbladdr *new)
1112 struct smk_netlbladdr *m, *m_next;
1114 if (list_empty(&smk_netlbladdr_list)) {
1115 list_add_rcu(&new->list, &smk_netlbladdr_list);
1119 m = list_entry_rcu(smk_netlbladdr_list.next,
1120 struct smk_netlbladdr, list);
1122 /* the comparison '>' is a bit hacky, but works */
1123 if (new->smk_mask.s_addr > m->smk_mask.s_addr) {
1124 list_add_rcu(&new->list, &smk_netlbladdr_list);
1128 list_for_each_entry_rcu(m, &smk_netlbladdr_list, list) {
1129 if (list_is_last(&m->list, &smk_netlbladdr_list)) {
1130 list_add_rcu(&new->list, &m->list);
1133 m_next = list_entry_rcu(m->list.next,
1134 struct smk_netlbladdr, list);
1135 if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) {
1136 list_add_rcu(&new->list, &m->list);
1144 * smk_write_netlbladdr - write() for /smack/netlabel
1145 * @file: file pointer, not actually used
1146 * @buf: where to get the data from
1147 * @count: bytes sent
1148 * @ppos: where to start
1150 * Accepts only one netlbladdr per write call.
1151 * Returns number of bytes written or error code, as appropriate
1153 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
1154 size_t count, loff_t *ppos)
1156 struct smk_netlbladdr *snp;
1157 struct sockaddr_in newname;
1159 struct smack_known *skp;
1161 char *host = (char *)&newname.sin_addr.s_addr;
1163 struct netlbl_audit audit_info;
1164 struct in_addr mask;
1167 u32 mask_bits = (1<<31);
1172 * Must have privilege.
1173 * No partial writes.
1174 * Enough data must be present.
1175 * "<addr/mask, as a.b.c.d/e><space><label>"
1176 * "<addr, as a.b.c.d><space><label>"
1178 if (!smack_privileged(CAP_MAC_ADMIN))
1182 if (count < SMK_NETLBLADDRMIN)
1185 data = kzalloc(count + 1, GFP_KERNEL);
1189 if (copy_from_user(data, buf, count) != 0) {
1194 smack = kzalloc(count + 1, GFP_KERNEL);
1195 if (smack == NULL) {
1202 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
1203 &host[0], &host[1], &host[2], &host[3], &m, smack);
1205 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1206 &host[0], &host[1], &host[2], &host[3], smack);
1219 * If smack begins with '-', it is an option, don't import it
1221 if (smack[0] != '-') {
1222 skp = smk_import_entry(smack, 0);
1228 /* check known options */
1229 if (strcmp(smack, smack_cipso_option.smk_known) == 0)
1230 skp = &smack_cipso_option;
1237 for (temp_mask = 0; m > 0; m--) {
1238 temp_mask |= mask_bits;
1241 mask.s_addr = cpu_to_be32(temp_mask);
1243 newname.sin_addr.s_addr &= mask.s_addr;
1245 * Only allow one writer at a time. Writes should be
1246 * quite rare and small in any case.
1248 mutex_lock(&smk_netlbladdr_lock);
1250 nsa = newname.sin_addr.s_addr;
1251 /* try to find if the prefix is already in the list */
1253 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) {
1254 if (snp->smk_host.sin_addr.s_addr == nsa &&
1255 snp->smk_mask.s_addr == mask.s_addr) {
1260 smk_netlabel_audit_set(&audit_info);
1263 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1268 snp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr;
1269 snp->smk_mask.s_addr = mask.s_addr;
1270 snp->smk_label = skp;
1271 smk_netlbladdr_insert(snp);
1274 /* we delete the unlabeled entry, only if the previous label
1275 * wasn't the special CIPSO option */
1276 if (snp->smk_label != &smack_cipso_option)
1277 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1278 &snp->smk_host.sin_addr, &snp->smk_mask,
1279 PF_INET, &audit_info);
1282 snp->smk_label = skp;
1286 * Now tell netlabel about the single label nature of
1287 * this host so that incoming packets get labeled.
1288 * but only if we didn't get the special CIPSO option
1290 if (rc == 0 && skp != &smack_cipso_option)
1291 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1292 &snp->smk_host.sin_addr, &snp->smk_mask, PF_INET,
1293 snp->smk_label->smk_secid, &audit_info);
1298 mutex_unlock(&smk_netlbladdr_lock);
1308 static const struct file_operations smk_netlbladdr_ops = {
1309 .open = smk_open_netlbladdr,
1311 .llseek = seq_lseek,
1312 .write = smk_write_netlbladdr,
1313 .release = seq_release,
1317 * smk_read_doi - read() for /smack/doi
1318 * @filp: file pointer, not actually used
1319 * @buf: where to put the result
1320 * @count: maximum to send along
1321 * @ppos: where to start
1323 * Returns number of bytes read or error code, as appropriate
1325 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1326 size_t count, loff_t *ppos)
1334 sprintf(temp, "%d", smk_cipso_doi_value);
1335 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1341 * smk_write_doi - write() for /smack/doi
1342 * @file: file pointer, not actually used
1343 * @buf: where to get the data from
1344 * @count: bytes sent
1345 * @ppos: where to start
1347 * Returns number of bytes written or error code, as appropriate
1349 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1350 size_t count, loff_t *ppos)
1355 if (!smack_privileged(CAP_MAC_ADMIN))
1358 if (count >= sizeof(temp) || count == 0)
1361 if (copy_from_user(temp, buf, count) != 0)
1366 if (sscanf(temp, "%d", &i) != 1)
1369 smk_cipso_doi_value = i;
1376 static const struct file_operations smk_doi_ops = {
1377 .read = smk_read_doi,
1378 .write = smk_write_doi,
1379 .llseek = default_llseek,
1383 * smk_read_direct - read() for /smack/direct
1384 * @filp: file pointer, not actually used
1385 * @buf: where to put the result
1386 * @count: maximum to send along
1387 * @ppos: where to start
1389 * Returns number of bytes read or error code, as appropriate
1391 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1392 size_t count, loff_t *ppos)
1400 sprintf(temp, "%d", smack_cipso_direct);
1401 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1407 * smk_write_direct - write() for /smack/direct
1408 * @file: file pointer, not actually used
1409 * @buf: where to get the data from
1410 * @count: bytes sent
1411 * @ppos: where to start
1413 * Returns number of bytes written or error code, as appropriate
1415 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1416 size_t count, loff_t *ppos)
1418 struct smack_known *skp;
1422 if (!smack_privileged(CAP_MAC_ADMIN))
1425 if (count >= sizeof(temp) || count == 0)
1428 if (copy_from_user(temp, buf, count) != 0)
1433 if (sscanf(temp, "%d", &i) != 1)
1437 * Don't do anything if the value hasn't actually changed.
1438 * If it is changing reset the level on entries that were
1439 * set up to be direct when they were created.
1441 if (smack_cipso_direct != i) {
1442 mutex_lock(&smack_known_lock);
1443 list_for_each_entry_rcu(skp, &smack_known_list, list)
1444 if (skp->smk_netlabel.attr.mls.lvl ==
1446 skp->smk_netlabel.attr.mls.lvl = i;
1447 smack_cipso_direct = i;
1448 mutex_unlock(&smack_known_lock);
1454 static const struct file_operations smk_direct_ops = {
1455 .read = smk_read_direct,
1456 .write = smk_write_direct,
1457 .llseek = default_llseek,
1461 * smk_read_mapped - read() for /smack/mapped
1462 * @filp: file pointer, not actually used
1463 * @buf: where to put the result
1464 * @count: maximum to send along
1465 * @ppos: where to start
1467 * Returns number of bytes read or error code, as appropriate
1469 static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1470 size_t count, loff_t *ppos)
1478 sprintf(temp, "%d", smack_cipso_mapped);
1479 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1485 * smk_write_mapped - write() for /smack/mapped
1486 * @file: file pointer, not actually used
1487 * @buf: where to get the data from
1488 * @count: bytes sent
1489 * @ppos: where to start
1491 * Returns number of bytes written or error code, as appropriate
1493 static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1494 size_t count, loff_t *ppos)
1496 struct smack_known *skp;
1500 if (!smack_privileged(CAP_MAC_ADMIN))
1503 if (count >= sizeof(temp) || count == 0)
1506 if (copy_from_user(temp, buf, count) != 0)
1511 if (sscanf(temp, "%d", &i) != 1)
1515 * Don't do anything if the value hasn't actually changed.
1516 * If it is changing reset the level on entries that were
1517 * set up to be mapped when they were created.
1519 if (smack_cipso_mapped != i) {
1520 mutex_lock(&smack_known_lock);
1521 list_for_each_entry_rcu(skp, &smack_known_list, list)
1522 if (skp->smk_netlabel.attr.mls.lvl ==
1524 skp->smk_netlabel.attr.mls.lvl = i;
1525 smack_cipso_mapped = i;
1526 mutex_unlock(&smack_known_lock);
1532 static const struct file_operations smk_mapped_ops = {
1533 .read = smk_read_mapped,
1534 .write = smk_write_mapped,
1535 .llseek = default_llseek,
1539 * smk_read_ambient - read() for /smack/ambient
1540 * @filp: file pointer, not actually used
1541 * @buf: where to put the result
1542 * @cn: maximum to send along
1543 * @ppos: where to start
1545 * Returns number of bytes read or error code, as appropriate
1547 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1548 size_t cn, loff_t *ppos)
1556 * Being careful to avoid a problem in the case where
1557 * smack_net_ambient gets changed in midstream.
1559 mutex_lock(&smack_ambient_lock);
1561 asize = strlen(smack_net_ambient->smk_known) + 1;
1564 rc = simple_read_from_buffer(buf, cn, ppos,
1565 smack_net_ambient->smk_known,
1570 mutex_unlock(&smack_ambient_lock);
1576 * smk_write_ambient - write() for /smack/ambient
1577 * @file: file pointer, not actually used
1578 * @buf: where to get the data from
1579 * @count: bytes sent
1580 * @ppos: where to start
1582 * Returns number of bytes written or error code, as appropriate
1584 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1585 size_t count, loff_t *ppos)
1587 struct smack_known *skp;
1592 if (!smack_privileged(CAP_MAC_ADMIN))
1595 data = kzalloc(count + 1, GFP_KERNEL);
1599 if (copy_from_user(data, buf, count) != 0) {
1604 skp = smk_import_entry(data, count);
1610 mutex_lock(&smack_ambient_lock);
1612 oldambient = smack_net_ambient->smk_known;
1613 smack_net_ambient = skp;
1614 smk_unlbl_ambient(oldambient);
1616 mutex_unlock(&smack_ambient_lock);
1623 static const struct file_operations smk_ambient_ops = {
1624 .read = smk_read_ambient,
1625 .write = smk_write_ambient,
1626 .llseek = default_llseek,
1630 * Seq_file operations for /smack/onlycap
1632 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
1634 return smk_seq_start(s, pos, &smack_onlycap_list);
1637 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
1639 return smk_seq_next(s, v, pos, &smack_onlycap_list);
1642 static int onlycap_seq_show(struct seq_file *s, void *v)
1644 struct list_head *list = v;
1645 struct smack_onlycap *sop =
1646 list_entry_rcu(list, struct smack_onlycap, list);
1648 seq_puts(s, sop->smk_label->smk_known);
1654 static const struct seq_operations onlycap_seq_ops = {
1655 .start = onlycap_seq_start,
1656 .next = onlycap_seq_next,
1657 .show = onlycap_seq_show,
1658 .stop = smk_seq_stop,
1661 static int smk_open_onlycap(struct inode *inode, struct file *file)
1663 return seq_open(file, &onlycap_seq_ops);
1667 * smk_list_swap_rcu - swap public list with a private one in RCU-safe way
1668 * The caller must hold appropriate mutex to prevent concurrent modifications
1669 * to the public list.
1670 * Private list is assumed to be not accessible to other threads yet.
1672 * @public: public list
1673 * @private: private list
1675 static void smk_list_swap_rcu(struct list_head *public,
1676 struct list_head *private)
1678 struct list_head *first, *last;
1680 if (list_empty(public)) {
1681 list_splice_init_rcu(private, public, synchronize_rcu);
1683 /* Remember public list before replacing it */
1684 first = public->next;
1685 last = public->prev;
1687 /* Publish private list in place of public in RCU-safe way */
1688 private->prev->next = public;
1689 private->next->prev = public;
1690 rcu_assign_pointer(public->next, private->next);
1691 public->prev = private->prev;
1695 /* When all readers are done with the old public list,
1696 * attach it in place of private */
1697 private->next = first;
1698 private->prev = last;
1699 first->prev = private;
1700 last->next = private;
1705 * smk_write_onlycap - write() for smackfs/onlycap
1706 * @file: file pointer, not actually used
1707 * @buf: where to get the data from
1708 * @count: bytes sent
1709 * @ppos: where to start
1711 * Returns number of bytes written or error code, as appropriate
1713 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
1714 size_t count, loff_t *ppos)
1719 struct smack_known *skp;
1720 struct smack_onlycap *sop;
1721 struct smack_onlycap *sop2;
1722 LIST_HEAD(list_tmp);
1725 if (!smack_privileged(CAP_MAC_ADMIN))
1728 data = kzalloc(count + 1, GFP_KERNEL);
1732 if (copy_from_user(data, buf, count) != 0) {
1738 while ((tok = strsep(&data_parse, " ")) != NULL) {
1742 skp = smk_import_entry(tok, 0);
1748 sop = kzalloc(sizeof(*sop), GFP_KERNEL);
1754 sop->smk_label = skp;
1755 list_add_rcu(&sop->list, &list_tmp);
1760 * Clear the smack_onlycap on invalid label errors. This means
1761 * that we can pass a null string to unset the onlycap value.
1763 * Importing will also reject a label beginning with '-',
1764 * so "-usecapabilities" will also work.
1766 * But do so only on invalid label, not on system errors.
1767 * The invalid label must be first to count as clearing attempt.
1769 if (rc == -EINVAL && list_empty(&list_tmp))
1773 mutex_lock(&smack_onlycap_lock);
1774 smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
1775 mutex_unlock(&smack_onlycap_lock);
1778 list_for_each_entry_safe(sop, sop2, &list_tmp, list)
1784 static const struct file_operations smk_onlycap_ops = {
1785 .open = smk_open_onlycap,
1787 .write = smk_write_onlycap,
1788 .llseek = seq_lseek,
1789 .release = seq_release,
1792 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
1794 * smk_read_unconfined - read() for smackfs/unconfined
1795 * @filp: file pointer, not actually used
1796 * @buf: where to put the result
1797 * @cn: maximum to send along
1798 * @ppos: where to start
1800 * Returns number of bytes read or error code, as appropriate
1802 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
1803 size_t cn, loff_t *ppos)
1806 ssize_t rc = -EINVAL;
1812 if (smack_unconfined != NULL)
1813 smack = smack_unconfined->smk_known;
1815 asize = strlen(smack) + 1;
1818 rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
1824 * smk_write_unconfined - write() for smackfs/unconfined
1825 * @file: file pointer, not actually used
1826 * @buf: where to get the data from
1827 * @count: bytes sent
1828 * @ppos: where to start
1830 * Returns number of bytes written or error code, as appropriate
1832 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
1833 size_t count, loff_t *ppos)
1836 struct smack_known *skp;
1839 if (!smack_privileged(CAP_MAC_ADMIN))
1842 data = kzalloc(count + 1, GFP_KERNEL);
1846 if (copy_from_user(data, buf, count) != 0) {
1852 * Clear the smack_unconfined on invalid label errors. This means
1853 * that we can pass a null string to unset the unconfined value.
1855 * Importing will also reject a label beginning with '-',
1856 * so "-confine" will also work.
1858 * But do so only on invalid label, not on system errors.
1860 skp = smk_import_entry(data, count);
1861 if (PTR_ERR(skp) == -EINVAL)
1863 else if (IS_ERR(skp)) {
1868 smack_unconfined = skp;
1875 static const struct file_operations smk_unconfined_ops = {
1876 .read = smk_read_unconfined,
1877 .write = smk_write_unconfined,
1878 .llseek = default_llseek,
1880 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */
1883 * smk_read_logging - read() for /smack/logging
1884 * @filp: file pointer, not actually used
1885 * @buf: where to put the result
1886 * @cn: maximum to send along
1887 * @ppos: where to start
1889 * Returns number of bytes read or error code, as appropriate
1891 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
1892 size_t count, loff_t *ppos)
1900 sprintf(temp, "%d\n", log_policy);
1901 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1906 * smk_write_logging - write() for /smack/logging
1907 * @file: file pointer, not actually used
1908 * @buf: where to get the data from
1909 * @count: bytes sent
1910 * @ppos: where to start
1912 * Returns number of bytes written or error code, as appropriate
1914 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
1915 size_t count, loff_t *ppos)
1920 if (!smack_privileged(CAP_MAC_ADMIN))
1923 if (count >= sizeof(temp) || count == 0)
1926 if (copy_from_user(temp, buf, count) != 0)
1931 if (sscanf(temp, "%d", &i) != 1)
1941 static const struct file_operations smk_logging_ops = {
1942 .read = smk_read_logging,
1943 .write = smk_write_logging,
1944 .llseek = default_llseek,
1948 * Seq_file read operations for /smack/load-self
1951 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
1953 struct task_smack *tsp = current_security();
1955 return smk_seq_start(s, pos, &tsp->smk_rules);
1958 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
1960 struct task_smack *tsp = current_security();
1962 return smk_seq_next(s, v, pos, &tsp->smk_rules);
1965 static int load_self_seq_show(struct seq_file *s, void *v)
1967 struct list_head *list = v;
1968 struct smack_rule *srp =
1969 list_entry_rcu(list, struct smack_rule, list);
1971 smk_rule_show(s, srp, SMK_LABELLEN);
1976 static const struct seq_operations load_self_seq_ops = {
1977 .start = load_self_seq_start,
1978 .next = load_self_seq_next,
1979 .show = load_self_seq_show,
1980 .stop = smk_seq_stop,
1985 * smk_open_load_self - open() for /smack/load-self2
1986 * @inode: inode structure representing file
1987 * @file: "load" file pointer
1989 * For reading, use load_seq_* seq_file reading operations.
1991 static int smk_open_load_self(struct inode *inode, struct file *file)
1993 return seq_open(file, &load_self_seq_ops);
1997 * smk_write_load_self - write() for /smack/load-self
1998 * @file: file pointer, not actually used
1999 * @buf: where to get the data from
2000 * @count: bytes sent
2001 * @ppos: where to start - must be 0
2004 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
2005 size_t count, loff_t *ppos)
2007 struct task_smack *tsp = current_security();
2009 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2010 &tsp->smk_rules_lock, SMK_FIXED24_FMT);
2013 static const struct file_operations smk_load_self_ops = {
2014 .open = smk_open_load_self,
2016 .llseek = seq_lseek,
2017 .write = smk_write_load_self,
2018 .release = seq_release,
2022 * smk_user_access - handle access check transaction
2023 * @file: file pointer
2024 * @buf: data from user space
2025 * @count: bytes sent
2026 * @ppos: where to start - must be 0
2028 static ssize_t smk_user_access(struct file *file, const char __user *buf,
2029 size_t count, loff_t *ppos, int format)
2031 struct smack_parsed_rule rule;
2035 data = simple_transaction_get(file, buf, count);
2037 return PTR_ERR(data);
2039 if (format == SMK_FIXED24_FMT) {
2040 if (count < SMK_LOADLEN)
2042 res = smk_parse_rule(data, &rule, 0);
2045 * simple_transaction_get() returns null-terminated data
2047 res = smk_parse_long_rule(data, &rule, 0, 3);
2051 res = smk_access(rule.smk_subject, rule.smk_object,
2052 rule.smk_access1, NULL);
2053 else if (res != -ENOENT)
2057 * smk_access() can return a value > 0 in the "bringup" case.
2059 data[0] = res >= 0 ? '1' : '0';
2062 simple_transaction_set(file, 2);
2064 if (format == SMK_FIXED24_FMT)
2070 * smk_write_access - handle access check transaction
2071 * @file: file pointer
2072 * @buf: data from user space
2073 * @count: bytes sent
2074 * @ppos: where to start - must be 0
2076 static ssize_t smk_write_access(struct file *file, const char __user *buf,
2077 size_t count, loff_t *ppos)
2079 return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
2082 static const struct file_operations smk_access_ops = {
2083 .write = smk_write_access,
2084 .read = simple_transaction_read,
2085 .release = simple_transaction_release,
2086 .llseek = generic_file_llseek,
2091 * Seq_file read operations for /smack/load2
2094 static int load2_seq_show(struct seq_file *s, void *v)
2096 struct list_head *list = v;
2097 struct smack_master_list *smlp =
2098 list_entry_rcu(list, struct smack_master_list, list);
2100 smk_rule_show(s, smlp->smk_rule, SMK_LONGLABEL);
2105 static const struct seq_operations load2_seq_ops = {
2106 .start = load2_seq_start,
2107 .next = load2_seq_next,
2108 .show = load2_seq_show,
2109 .stop = smk_seq_stop,
2113 * smk_open_load2 - open() for /smack/load2
2114 * @inode: inode structure representing file
2115 * @file: "load2" file pointer
2117 * For reading, use load2_seq_* seq_file reading operations.
2119 static int smk_open_load2(struct inode *inode, struct file *file)
2121 return seq_open(file, &load2_seq_ops);
2125 * smk_write_load2 - write() for /smack/load2
2126 * @file: file pointer, not actually used
2127 * @buf: where to get the data from
2128 * @count: bytes sent
2129 * @ppos: where to start - must be 0
2132 static ssize_t smk_write_load2(struct file *file, const char __user *buf,
2133 size_t count, loff_t *ppos)
2136 * Must have privilege.
2138 if (!smack_privileged(CAP_MAC_ADMIN))
2141 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2145 static const struct file_operations smk_load2_ops = {
2146 .open = smk_open_load2,
2148 .llseek = seq_lseek,
2149 .write = smk_write_load2,
2150 .release = seq_release,
2154 * Seq_file read operations for /smack/load-self2
2157 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
2159 struct task_smack *tsp = current_security();
2161 return smk_seq_start(s, pos, &tsp->smk_rules);
2164 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
2166 struct task_smack *tsp = current_security();
2168 return smk_seq_next(s, v, pos, &tsp->smk_rules);
2171 static int load_self2_seq_show(struct seq_file *s, void *v)
2173 struct list_head *list = v;
2174 struct smack_rule *srp =
2175 list_entry_rcu(list, struct smack_rule, list);
2177 smk_rule_show(s, srp, SMK_LONGLABEL);
2182 static const struct seq_operations load_self2_seq_ops = {
2183 .start = load_self2_seq_start,
2184 .next = load_self2_seq_next,
2185 .show = load_self2_seq_show,
2186 .stop = smk_seq_stop,
2190 * smk_open_load_self2 - open() for /smack/load-self2
2191 * @inode: inode structure representing file
2192 * @file: "load" file pointer
2194 * For reading, use load_seq_* seq_file reading operations.
2196 static int smk_open_load_self2(struct inode *inode, struct file *file)
2198 return seq_open(file, &load_self2_seq_ops);
2202 * smk_write_load_self2 - write() for /smack/load-self2
2203 * @file: file pointer, not actually used
2204 * @buf: where to get the data from
2205 * @count: bytes sent
2206 * @ppos: where to start - must be 0
2209 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
2210 size_t count, loff_t *ppos)
2212 struct task_smack *tsp = current_security();
2214 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2215 &tsp->smk_rules_lock, SMK_LONG_FMT);
2218 static const struct file_operations smk_load_self2_ops = {
2219 .open = smk_open_load_self2,
2221 .llseek = seq_lseek,
2222 .write = smk_write_load_self2,
2223 .release = seq_release,
2227 * smk_write_access2 - handle access check transaction
2228 * @file: file pointer
2229 * @buf: data from user space
2230 * @count: bytes sent
2231 * @ppos: where to start - must be 0
2233 static ssize_t smk_write_access2(struct file *file, const char __user *buf,
2234 size_t count, loff_t *ppos)
2236 return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
2239 static const struct file_operations smk_access2_ops = {
2240 .write = smk_write_access2,
2241 .read = simple_transaction_read,
2242 .release = simple_transaction_release,
2243 .llseek = generic_file_llseek,
2247 * smk_write_revoke_subj - write() for /smack/revoke-subject
2248 * @file: file pointer
2249 * @buf: data from user space
2250 * @count: bytes sent
2251 * @ppos: where to start - must be 0
2253 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
2254 size_t count, loff_t *ppos)
2258 struct smack_known *skp;
2259 struct smack_rule *sp;
2260 struct list_head *rule_list;
2261 struct mutex *rule_lock;
2267 if (!smack_privileged(CAP_MAC_ADMIN))
2270 if (count == 0 || count > SMK_LONGLABEL)
2273 data = kzalloc(count, GFP_KERNEL);
2277 if (copy_from_user(data, buf, count) != 0) {
2282 cp = smk_parse_smack(data, count);
2288 skp = smk_find_entry(cp);
2292 rule_list = &skp->smk_rules;
2293 rule_lock = &skp->smk_rules_lock;
2295 mutex_lock(rule_lock);
2297 list_for_each_entry_rcu(sp, rule_list, list)
2300 mutex_unlock(rule_lock);
2310 static const struct file_operations smk_revoke_subj_ops = {
2311 .write = smk_write_revoke_subj,
2312 .read = simple_transaction_read,
2313 .release = simple_transaction_release,
2314 .llseek = generic_file_llseek,
2318 * smk_init_sysfs - initialize /sys/fs/smackfs
2321 static int smk_init_sysfs(void)
2324 err = sysfs_create_mount_point(fs_kobj, "smackfs");
2331 * smk_write_change_rule - write() for /smack/change-rule
2332 * @file: file pointer
2333 * @buf: data from user space
2334 * @count: bytes sent
2335 * @ppos: where to start - must be 0
2337 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
2338 size_t count, loff_t *ppos)
2341 * Must have privilege.
2343 if (!smack_privileged(CAP_MAC_ADMIN))
2346 return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2350 static const struct file_operations smk_change_rule_ops = {
2351 .write = smk_write_change_rule,
2352 .read = simple_transaction_read,
2353 .release = simple_transaction_release,
2354 .llseek = generic_file_llseek,
2358 * smk_read_syslog - read() for smackfs/syslog
2359 * @filp: file pointer, not actually used
2360 * @buf: where to put the result
2361 * @cn: maximum to send along
2362 * @ppos: where to start
2364 * Returns number of bytes read or error code, as appropriate
2366 static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
2367 size_t cn, loff_t *ppos)
2369 struct smack_known *skp;
2370 ssize_t rc = -EINVAL;
2376 if (smack_syslog_label == NULL)
2377 skp = &smack_known_star;
2379 skp = smack_syslog_label;
2381 asize = strlen(skp->smk_known) + 1;
2384 rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
2391 * smk_write_syslog - write() for smackfs/syslog
2392 * @file: file pointer, not actually used
2393 * @buf: where to get the data from
2394 * @count: bytes sent
2395 * @ppos: where to start
2397 * Returns number of bytes written or error code, as appropriate
2399 static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
2400 size_t count, loff_t *ppos)
2403 struct smack_known *skp;
2406 if (!smack_privileged(CAP_MAC_ADMIN))
2409 data = kzalloc(count + 1, GFP_KERNEL);
2413 if (copy_from_user(data, buf, count) != 0)
2416 skp = smk_import_entry(data, count);
2420 smack_syslog_label = skp;
2427 static const struct file_operations smk_syslog_ops = {
2428 .read = smk_read_syslog,
2429 .write = smk_write_syslog,
2430 .llseek = default_llseek,
2435 * smk_read_ptrace - read() for /smack/ptrace
2436 * @filp: file pointer, not actually used
2437 * @buf: where to put the result
2438 * @count: maximum to send along
2439 * @ppos: where to start
2441 * Returns number of bytes read or error code, as appropriate
2443 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf,
2444 size_t count, loff_t *ppos)
2452 sprintf(temp, "%d\n", smack_ptrace_rule);
2453 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2458 * smk_write_ptrace - write() for /smack/ptrace
2459 * @file: file pointer
2460 * @buf: data from user space
2461 * @count: bytes sent
2462 * @ppos: where to start - must be 0
2464 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf,
2465 size_t count, loff_t *ppos)
2470 if (!smack_privileged(CAP_MAC_ADMIN))
2473 if (*ppos != 0 || count >= sizeof(temp) || count == 0)
2476 if (copy_from_user(temp, buf, count) != 0)
2481 if (sscanf(temp, "%d", &i) != 1)
2483 if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX)
2485 smack_ptrace_rule = i;
2490 static const struct file_operations smk_ptrace_ops = {
2491 .write = smk_write_ptrace,
2492 .read = smk_read_ptrace,
2493 .llseek = default_llseek,
2497 * smk_fill_super - fill the smackfs superblock
2498 * @sb: the empty superblock
2502 * Fill in the well known entries for the smack filesystem
2504 * Returns 0 on success, an error code on failure
2506 static int smk_fill_super(struct super_block *sb, void *data, int silent)
2509 struct inode *root_inode;
2511 static struct tree_descr smack_files[] = {
2513 "load", &smk_load_ops, S_IRUGO|S_IWUSR},
2515 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2517 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2519 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2521 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2522 [SMK_NETLBLADDR] = {
2523 "netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR},
2525 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2527 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2529 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2531 "access", &smk_access_ops, S_IRUGO|S_IWUGO},
2533 "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2535 "load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2536 [SMK_LOAD_SELF2] = {
2537 "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2539 "access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2541 "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2542 [SMK_REVOKE_SUBJ] = {
2543 "revoke-subject", &smk_revoke_subj_ops,
2545 [SMK_CHANGE_RULE] = {
2546 "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
2548 "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
2550 "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
2551 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2552 [SMK_UNCONFINED] = {
2553 "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
2559 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2561 printk(KERN_ERR "%s failed %d while creating inodes\n",
2566 root_inode = d_inode(sb->s_root);
2572 * smk_mount - get the smackfs superblock
2573 * @fs_type: passed along without comment
2574 * @flags: passed along without comment
2575 * @dev_name: passed along without comment
2576 * @data: passed along without comment
2578 * Just passes everything along.
2580 * Returns what the lower level code does.
2582 static struct dentry *smk_mount(struct file_system_type *fs_type,
2583 int flags, const char *dev_name, void *data)
2585 return mount_single(fs_type, flags, data, smk_fill_super);
2588 static struct file_system_type smk_fs_type = {
2591 .kill_sb = kill_litter_super,
2594 static struct vfsmount *smackfs_mount;
2596 static int __init smk_preset_netlabel(struct smack_known *skp)
2598 skp->smk_netlabel.domain = skp->smk_known;
2599 skp->smk_netlabel.flags =
2600 NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
2601 return smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
2602 &skp->smk_netlabel, strlen(skp->smk_known));
2606 * init_smk_fs - get the smackfs superblock
2608 * register the smackfs
2610 * Do not register smackfs if Smack wasn't enabled
2611 * on boot. We can not put this method normally under the
2612 * smack_init() code path since the security subsystem get
2613 * initialized before the vfs caches.
2615 * Returns true if we were not chosen on boot or if
2616 * we were chosen and filesystem registration succeeded.
2618 static int __init init_smk_fs(void)
2623 if (!security_module_enable("smack"))
2626 err = smk_init_sysfs();
2628 printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
2630 err = register_filesystem(&smk_fs_type);
2632 smackfs_mount = kern_mount(&smk_fs_type);
2633 if (IS_ERR(smackfs_mount)) {
2634 printk(KERN_ERR "smackfs: could not mount!\n");
2635 err = PTR_ERR(smackfs_mount);
2636 smackfs_mount = NULL;
2641 smk_unlbl_ambient(NULL);
2643 rc = smk_preset_netlabel(&smack_known_floor);
2644 if (err == 0 && rc < 0)
2646 rc = smk_preset_netlabel(&smack_known_hat);
2647 if (err == 0 && rc < 0)
2649 rc = smk_preset_netlabel(&smack_known_huh);
2650 if (err == 0 && rc < 0)
2652 rc = smk_preset_netlabel(&smack_known_invalid);
2653 if (err == 0 && rc < 0)
2655 rc = smk_preset_netlabel(&smack_known_star);
2656 if (err == 0 && rc < 0)
2658 rc = smk_preset_netlabel(&smack_known_web);
2659 if (err == 0 && rc < 0)
2665 __initcall(init_smk_fs);
projects / linux-drm-fsl-dcu.git / blob