linux/security/smack/smackfs.c
<<
>>
Prefs
   1/*
   2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
   3 *
   4 *      This program is free software; you can redistribute it and/or modify
   5 *      it under the terms of the GNU General Public License as published by
   6 *      the Free Software Foundation, version 2.
   7 *
   8 * Authors:
   9 *      Casey Schaufler <casey@schaufler-ca.com>
  10 *      Ahmed S. Darwish <darwish.07@gmail.com>
  11 *
  12 * Special thanks to the authors of selinuxfs.
  13 *
  14 *      Karl MacMillan <kmacmillan@tresys.com>
  15 *      James Morris <jmorris@redhat.com>
  16 *
  17 */
  18
  19#include <linux/kernel.h>
  20#include <linux/vmalloc.h>
  21#include <linux/security.h>
  22#include <linux/mutex.h>
  23#include <linux/slab.h>
  24#include <net/net_namespace.h>
  25#include <net/cipso_ipv4.h>
  26#include <linux/seq_file.h>
  27#include <linux/ctype.h>
  28#include <linux/audit.h>
  29#include "smack.h"
  30
  31/*
  32 * smackfs pseudo filesystem.
  33 */
  34
  35enum smk_inos {
  36        SMK_ROOT_INO    = 2,
  37        SMK_LOAD        = 3,    /* load policy */
  38        SMK_CIPSO       = 4,    /* load label -> CIPSO mapping */
  39        SMK_DOI         = 5,    /* CIPSO DOI */
  40        SMK_DIRECT      = 6,    /* CIPSO level indicating direct label */
  41        SMK_AMBIENT     = 7,    /* internet ambient label */
  42        SMK_NETLBLADDR  = 8,    /* single label hosts */
  43        SMK_ONLYCAP     = 9,    /* the only "capable" label */
  44        SMK_LOGGING     = 10,   /* logging */
  45        SMK_LOAD_SELF   = 11,   /* task specific rules */
  46        SMK_ACCESSES    = 12,   /* access policy */
  47        SMK_MAPPED      = 13,   /* CIPSO level indicating mapped label */
  48        SMK_LOAD2       = 14,   /* load policy with long labels */
  49        SMK_LOAD_SELF2  = 15,   /* load task specific rules with long labels */
  50        SMK_ACCESS2     = 16,   /* make an access check with long labels */
  51        SMK_CIPSO2      = 17,   /* load long label -> CIPSO mapping */
  52};
  53
  54/*
  55 * List locks
  56 */
  57static DEFINE_MUTEX(smack_list_lock);
  58static DEFINE_MUTEX(smack_cipso_lock);
  59static DEFINE_MUTEX(smack_ambient_lock);
  60static DEFINE_MUTEX(smk_netlbladdr_lock);
  61
  62/*
  63 * This is the "ambient" label for network traffic.
  64 * If it isn't somehow marked, use this.
  65 * It can be reset via smackfs/ambient
  66 */
  67char *smack_net_ambient;
  68
  69/*
  70 * This is the level in a CIPSO header that indicates a
  71 * smack label is contained directly in the category set.
  72 * It can be reset via smackfs/direct
  73 */
  74int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
  75
  76/*
  77 * This is the level in a CIPSO header that indicates a
  78 * secid is contained directly in the category set.
  79 * It can be reset via smackfs/mapped
  80 */
  81int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
  82
  83/*
  84 * Unless a process is running with this label even
  85 * having CAP_MAC_OVERRIDE isn't enough to grant
  86 * privilege to violate MAC policy. If no label is
  87 * designated (the NULL case) capabilities apply to
  88 * everyone. It is expected that the hat (^) label
  89 * will be used if any label is used.
  90 */
  91char *smack_onlycap;
  92
  93/*
  94 * Certain IP addresses may be designated as single label hosts.
  95 * Packets are sent there unlabeled, but only from tasks that
  96 * can write to the specified label.
  97 */
  98
  99LIST_HEAD(smk_netlbladdr_list);
 100
 101/*
 102 * Rule lists are maintained for each label.
 103 * This master list is just for reading /smack/load and /smack/load2.
 104 */
 105struct smack_master_list {
 106        struct list_head        list;
 107        struct smack_rule       *smk_rule;
 108};
 109
 110LIST_HEAD(smack_rule_list);
 111
 112static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
 113
 114const char *smack_cipso_option = SMACK_CIPSO_OPTION;
 115
 116/*
 117 * Values for parsing cipso rules
 118 * SMK_DIGITLEN: Length of a digit field in a rule.
 119 * SMK_CIPSOMIN: Minimum possible cipso rule length.
 120 * SMK_CIPSOMAX: Maximum possible cipso rule length.
 121 */
 122#define SMK_DIGITLEN 4
 123#define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
 124#define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
 125
 126/*
 127 * Values for parsing MAC rules
 128 * SMK_ACCESS: Maximum possible combination of access permissions
 129 * SMK_ACCESSLEN: Maximum length for a rule access field
 130 * SMK_LOADLEN: Smack rule length
 131 */
 132#define SMK_OACCESS     "rwxa"
 133#define SMK_ACCESS      "rwxat"
 134#define SMK_OACCESSLEN  (sizeof(SMK_OACCESS) - 1)
 135#define SMK_ACCESSLEN   (sizeof(SMK_ACCESS) - 1)
 136#define SMK_OLOADLEN    (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
 137#define SMK_LOADLEN     (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
 138
 139/*
 140 * Stricly for CIPSO level manipulation.
 141 * Set the category bit number in a smack label sized buffer.
 142 */
 143static inline void smack_catset_bit(unsigned int cat, char *catsetp)
 144{
 145        if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
 146                return;
 147
 148        catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
 149}
 150
 151/**
 152 * smk_netlabel_audit_set - fill a netlbl_audit struct
 153 * @nap: structure to fill
 154 */
 155static void smk_netlabel_audit_set(struct netlbl_audit *nap)
 156{
 157        nap->loginuid = audit_get_loginuid(current);
 158        nap->sessionid = audit_get_sessionid(current);
 159        nap->secid = smack_to_secid(smk_of_current());
 160}
 161
 162/*
 163 * Value for parsing single label host rules
 164 * "1.2.3.4 X"
 165 */
 166#define SMK_NETLBLADDRMIN       9
 167
 168/**
 169 * smk_set_access - add a rule to the rule list
 170 * @srp: the new rule to add
 171 * @rule_list: the list of rules
 172 * @rule_lock: the rule list lock
 173 *
 174 * Looks through the current subject/object/access list for
 175 * the subject/object pair and replaces the access that was
 176 * there. If the pair isn't found add it with the specified
 177 * access.
 178 *
 179 * Returns 1 if a rule was found to exist already, 0 if it is new
 180 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
 181 * during the allocation of the new pair to add.
 182 */
 183static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list,
 184                                struct mutex *rule_lock)
 185{
 186        struct smack_rule *sp;
 187        int found = 0;
 188
 189        mutex_lock(rule_lock);
 190
 191        /*
 192         * Because the object label is less likely to match
 193         * than the subject label check it first
 194         */
 195        list_for_each_entry_rcu(sp, rule_list, list) {
 196                if (sp->smk_object == srp->smk_object &&
 197                    sp->smk_subject == srp->smk_subject) {
 198                        found = 1;
 199                        sp->smk_access = srp->smk_access;
 200                        break;
 201                }
 202        }
 203        if (found == 0)
 204                list_add_rcu(&srp->list, rule_list);
 205
 206        mutex_unlock(rule_lock);
 207
 208        return found;
 209}
 210
 211/**
 212 * smk_fill_rule - Fill Smack rule from strings
 213 * @subject: subject label string
 214 * @object: object label string
 215 * @access: access string
 216 * @rule: Smack rule
 217 * @import: if non-zero, import labels
 218 * @len: label length limit
 219 *
 220 * Returns 0 on success, -1 on failure
 221 */
 222static int smk_fill_rule(const char *subject, const char *object,
 223                                const char *access, struct smack_rule *rule,
 224                                int import, int len)
 225{
 226        const char *cp;
 227        struct smack_known *skp;
 228
 229        if (import) {
 230                rule->smk_subject = smk_import(subject, len);
 231                if (rule->smk_subject == NULL)
 232                        return -1;
 233
 234                rule->smk_object = smk_import(object, len);
 235                if (rule->smk_object == NULL)
 236                        return -1;
 237        } else {
 238                cp = smk_parse_smack(subject, len);
 239                if (cp == NULL)
 240                        return -1;
 241                skp = smk_find_entry(cp);
 242                kfree(cp);
 243                if (skp == NULL)
 244                        return -1;
 245                rule->smk_subject = skp->smk_known;
 246
 247                cp = smk_parse_smack(object, len);
 248                if (cp == NULL)
 249                        return -1;
 250                skp = smk_find_entry(cp);
 251                kfree(cp);
 252                if (skp == NULL)
 253                        return -1;
 254                rule->smk_object = skp->smk_known;
 255        }
 256
 257        rule->smk_access = 0;
 258
 259        for (cp = access; *cp != '\0'; cp++) {
 260                switch (*cp) {
 261                case '-':
 262                        break;
 263                case 'r':
 264                case 'R':
 265                        rule->smk_access |= MAY_READ;
 266                        break;
 267                case 'w':
 268                case 'W':
 269                        rule->smk_access |= MAY_WRITE;
 270                        break;
 271                case 'x':
 272                case 'X':
 273                        rule->smk_access |= MAY_EXEC;
 274                        break;
 275                case 'a':
 276                case 'A':
 277                        rule->smk_access |= MAY_APPEND;
 278                        break;
 279                case 't':
 280                case 'T':
 281                        rule->smk_access |= MAY_TRANSMUTE;
 282                        break;
 283                default:
 284                        return 0;
 285                }
 286        }
 287
 288        return 0;
 289}
 290
 291/**
 292 * smk_parse_rule - parse Smack rule from load string
 293 * @data: string to be parsed whose size is SMK_LOADLEN
 294 * @rule: Smack rule
 295 * @import: if non-zero, import labels
 296 *
 297 * Returns 0 on success, -1 on errors.
 298 */
 299static int smk_parse_rule(const char *data, struct smack_rule *rule, int import)
 300{
 301        int rc;
 302
 303        rc = smk_fill_rule(data, data + SMK_LABELLEN,
 304                           data + SMK_LABELLEN + SMK_LABELLEN, rule, import,
 305                           SMK_LABELLEN);
 306        return rc;
 307}
 308
 309/**
 310 * smk_parse_long_rule - parse Smack rule from rule string
 311 * @data: string to be parsed, null terminated
 312 * @rule: Smack rule
 313 * @import: if non-zero, import labels
 314 *
 315 * Returns 0 on success, -1 on failure
 316 */
 317static int smk_parse_long_rule(const char *data, struct smack_rule *rule,
 318                                int import)
 319{
 320        char *subject;
 321        char *object;
 322        char *access;
 323        int datalen;
 324        int rc = -1;
 325
 326        /* This is inefficient */
 327        datalen = strlen(data);
 328
 329        /* Our first element can be 64 + \0 with no spaces */
 330        subject = kzalloc(datalen + 1, GFP_KERNEL);
 331        if (subject == NULL)
 332                return -1;
 333        object = kzalloc(datalen, GFP_KERNEL);
 334        if (object == NULL)
 335                goto free_out_s;
 336        access = kzalloc(datalen, GFP_KERNEL);
 337        if (access == NULL)
 338                goto free_out_o;
 339
 340        if (sscanf(data, "%s %s %s", subject, object, access) == 3)
 341                rc = smk_fill_rule(subject, object, access, rule, import, 0);
 342
 343        kfree(access);
 344free_out_o:
 345        kfree(object);
 346free_out_s:
 347        kfree(subject);
 348        return rc;
 349}
 350
 351#define SMK_FIXED24_FMT 0       /* Fixed 24byte label format */
 352#define SMK_LONG_FMT    1       /* Variable long label format */
 353/**
 354 * smk_write_rules_list - write() for any /smack rule file
 355 * @file: file pointer, not actually used
 356 * @buf: where to get the data from
 357 * @count: bytes sent
 358 * @ppos: where to start - must be 0
 359 * @rule_list: the list of rules to write to
 360 * @rule_lock: lock for the rule list
 361 * @format: /smack/load or /smack/load2 format.
 362 *
 363 * Get one smack access rule from above.
 364 * The format for SMK_LONG_FMT is:
 365 *      "subject<whitespace>object<whitespace>access[<whitespace>...]"
 366 * The format for SMK_FIXED24_FMT is exactly:
 367 *      "subject                 object                  rwxat"
 368 */
 369static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
 370                                        size_t count, loff_t *ppos,
 371                                        struct list_head *rule_list,
 372                                        struct mutex *rule_lock, int format)
 373{
 374        struct smack_master_list *smlp;
 375        struct smack_known *skp;
 376        struct smack_rule *rule;
 377        char *data;
 378        int datalen;
 379        int rc = -EINVAL;
 380        int load = 0;
 381
 382        /*
 383         * No partial writes.
 384         * Enough data must be present.
 385         */
 386        if (*ppos != 0)
 387                return -EINVAL;
 388
 389        if (format == SMK_FIXED24_FMT) {
 390                /*
 391                 * Minor hack for backward compatibility
 392                 */
 393                if (count != SMK_OLOADLEN && count != SMK_LOADLEN)
 394                        return -EINVAL;
 395                datalen = SMK_LOADLEN;
 396        } else
 397                datalen = count + 1;
 398
 399        data = kzalloc(datalen, GFP_KERNEL);
 400        if (data == NULL)
 401                return -ENOMEM;
 402
 403        if (copy_from_user(data, buf, count) != 0) {
 404                rc = -EFAULT;
 405                goto out;
 406        }
 407
 408        rule = kzalloc(sizeof(*rule), GFP_KERNEL);
 409        if (rule == NULL) {
 410                rc = -ENOMEM;
 411                goto out;
 412        }
 413
 414        if (format == SMK_LONG_FMT) {
 415                /*
 416                 * Be sure the data string is terminated.
 417                 */
 418                data[count] = '\0';
 419                if (smk_parse_long_rule(data, rule, 1))
 420                        goto out_free_rule;
 421        } else {
 422                /*
 423                 * More on the minor hack for backward compatibility
 424                 */
 425                if (count == (SMK_OLOADLEN))
 426                        data[SMK_OLOADLEN] = '-';
 427                if (smk_parse_rule(data, rule, 1))
 428                        goto out_free_rule;
 429        }
 430
 431
 432        if (rule_list == NULL) {
 433                load = 1;
 434                skp = smk_find_entry(rule->smk_subject);
 435                rule_list = &skp->smk_rules;
 436                rule_lock = &skp->smk_rules_lock;
 437        }
 438
 439        rc = count;
 440        /*
 441         * If this is a global as opposed to self and a new rule
 442         * it needs to get added for reporting.
 443         * smk_set_access returns true if there was already a rule
 444         * for the subject/object pair, and false if it was new.
 445         */
 446        if (!smk_set_access(rule, rule_list, rule_lock)) {
 447                if (load) {
 448                        smlp = kzalloc(sizeof(*smlp), GFP_KERNEL);
 449                        if (smlp != NULL) {
 450                                smlp->smk_rule = rule;
 451                                list_add_rcu(&smlp->list, &smack_rule_list);
 452                        } else
 453                                rc = -ENOMEM;
 454                }
 455                goto out;
 456        }
 457
 458out_free_rule:
 459        kfree(rule);
 460out:
 461        kfree(data);
 462        return rc;
 463}
 464
 465/*
 466 * Core logic for smackfs seq list operations.
 467 */
 468
 469static void *smk_seq_start(struct seq_file *s, loff_t *pos,
 470                                struct list_head *head)
 471{
 472        struct list_head *list;
 473
 474        /*
 475         * This is 0 the first time through.
 476         */
 477        if (s->index == 0)
 478                s->private = head;
 479
 480        if (s->private == NULL)
 481                return NULL;
 482
 483        list = s->private;
 484        if (list_empty(list))
 485                return NULL;
 486
 487        if (s->index == 0)
 488                return list->next;
 489        return list;
 490}
 491
 492static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
 493                                struct list_head *head)
 494{
 495        struct list_head *list = v;
 496
 497        if (list_is_last(list, head)) {
 498                s->private = NULL;
 499                return NULL;
 500        }
 501        s->private = list->next;
 502        return list->next;
 503}
 504
 505static void smk_seq_stop(struct seq_file *s, void *v)
 506{
 507        /* No-op */
 508}
 509
 510static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
 511{
 512        /*
 513         * Don't show any rules with label names too long for
 514         * interface file (/smack/load or /smack/load2)
 515         * because you should expect to be able to write
 516         * anything you read back.
 517         */
 518        if (strlen(srp->smk_subject) >= max || strlen(srp->smk_object) >= max)
 519                return;
 520
 521        if (srp->smk_access == 0)
 522                return;
 523
 524        seq_printf(s, "%s %s", srp->smk_subject, srp->smk_object);
 525
 526        seq_putc(s, ' ');
 527
 528        if (srp->smk_access & MAY_READ)
 529                seq_putc(s, 'r');
 530        if (srp->smk_access & MAY_WRITE)
 531                seq_putc(s, 'w');
 532        if (srp->smk_access & MAY_EXEC)
 533                seq_putc(s, 'x');
 534        if (srp->smk_access & MAY_APPEND)
 535                seq_putc(s, 'a');
 536        if (srp->smk_access & MAY_TRANSMUTE)
 537                seq_putc(s, 't');
 538
 539        seq_putc(s, '\n');
 540}
 541
 542/*
 543 * Seq_file read operations for /smack/load
 544 */
 545
 546static void *load2_seq_start(struct seq_file *s, loff_t *pos)
 547{
 548        return smk_seq_start(s, pos, &smack_rule_list);
 549}
 550
 551static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
 552{
 553        return smk_seq_next(s, v, pos, &smack_rule_list);
 554}
 555
 556static int load_seq_show(struct seq_file *s, void *v)
 557{
 558        struct list_head *list = v;
 559        struct smack_master_list *smlp =
 560                 list_entry(list, struct smack_master_list, list);
 561
 562        smk_rule_show(s, smlp->smk_rule, SMK_LABELLEN);
 563
 564        return 0;
 565}
 566
 567static const struct seq_operations load_seq_ops = {
 568        .start = load2_seq_start,
 569        .next  = load2_seq_next,
 570        .show  = load_seq_show,
 571        .stop  = smk_seq_stop,
 572};
 573
 574/**
 575 * smk_open_load - open() for /smack/load
 576 * @inode: inode structure representing file
 577 * @file: "load" file pointer
 578 *
 579 * For reading, use load_seq_* seq_file reading operations.
 580 */
 581static int smk_open_load(struct inode *inode, struct file *file)
 582{
 583        return seq_open(file, &load_seq_ops);
 584}
 585
 586/**
 587 * smk_write_load - write() for /smack/load
 588 * @file: file pointer, not actually used
 589 * @buf: where to get the data from
 590 * @count: bytes sent
 591 * @ppos: where to start - must be 0
 592 *
 593 */
 594static ssize_t smk_write_load(struct file *file, const char __user *buf,
 595                              size_t count, loff_t *ppos)
 596{
 597        /*
 598         * Must have privilege.
 599         * No partial writes.
 600         * Enough data must be present.
 601         */
 602        if (!smack_privileged(CAP_MAC_ADMIN))
 603                return -EPERM;
 604
 605        return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
 606                                    SMK_FIXED24_FMT);
 607}
 608
 609static const struct file_operations smk_load_ops = {
 610        .open           = smk_open_load,
 611        .read           = seq_read,
 612        .llseek         = seq_lseek,
 613        .write          = smk_write_load,
 614        .release        = seq_release,
 615};
 616
 617/**
 618 * smk_cipso_doi - initialize the CIPSO domain
 619 */
 620static void smk_cipso_doi(void)
 621{
 622        int rc;
 623        struct cipso_v4_doi *doip;
 624        struct netlbl_audit nai;
 625
 626        smk_netlabel_audit_set(&nai);
 627
 628        rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
 629        if (rc != 0)
 630                printk(KERN_WARNING "%s:%d remove rc = %d\n",
 631                       __func__, __LINE__, rc);
 632
 633        doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
 634        if (doip == NULL)
 635                panic("smack:  Failed to initialize cipso DOI.\n");
 636        doip->map.std = NULL;
 637        doip->doi = smk_cipso_doi_value;
 638        doip->type = CIPSO_V4_MAP_PASS;
 639        doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
 640        for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
 641                doip->tags[rc] = CIPSO_V4_TAG_INVALID;
 642
 643        rc = netlbl_cfg_cipsov4_add(doip, &nai);
 644        if (rc != 0) {
 645                printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
 646                       __func__, __LINE__, rc);
 647                kfree(doip);
 648                return;
 649        }
 650        rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
 651        if (rc != 0) {
 652                printk(KERN_WARNING "%s:%d map add rc = %d\n",
 653                       __func__, __LINE__, rc);
 654                kfree(doip);
 655                return;
 656        }
 657}
 658
 659/**
 660 * smk_unlbl_ambient - initialize the unlabeled domain
 661 * @oldambient: previous domain string
 662 */
 663static void smk_unlbl_ambient(char *oldambient)
 664{
 665        int rc;
 666        struct netlbl_audit nai;
 667
 668        smk_netlabel_audit_set(&nai);
 669
 670        if (oldambient != NULL) {
 671                rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
 672                if (rc != 0)
 673                        printk(KERN_WARNING "%s:%d remove rc = %d\n",
 674                               __func__, __LINE__, rc);
 675        }
 676        if (smack_net_ambient == NULL)
 677                smack_net_ambient = smack_known_floor.smk_known;
 678
 679        rc = netlbl_cfg_unlbl_map_add(smack_net_ambient, PF_INET,
 680                                      NULL, NULL, &nai);
 681        if (rc != 0)
 682                printk(KERN_WARNING "%s:%d add rc = %d\n",
 683                       __func__, __LINE__, rc);
 684}
 685
 686/*
 687 * Seq_file read operations for /smack/cipso
 688 */
 689
 690static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
 691{
 692        return smk_seq_start(s, pos, &smack_known_list);
 693}
 694
 695static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
 696{
 697        return smk_seq_next(s, v, pos, &smack_known_list);
 698}
 699
 700/*
 701 * Print cipso labels in format:
 702 * label level[/cat[,cat]]
 703 */
 704static int cipso_seq_show(struct seq_file *s, void *v)
 705{
 706        struct list_head  *list = v;
 707        struct smack_known *skp =
 708                 list_entry(list, struct smack_known, list);
 709        struct netlbl_lsm_secattr_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
 710        char sep = '/';
 711        int i;
 712
 713        /*
 714         * Don't show a label that could not have been set using
 715         * /smack/cipso. This is in support of the notion that
 716         * anything read from /smack/cipso ought to be writeable
 717         * to /smack/cipso.
 718         *
 719         * /smack/cipso2 should be used instead.
 720         */
 721        if (strlen(skp->smk_known) >= SMK_LABELLEN)
 722                return 0;
 723
 724        seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
 725
 726        for (i = netlbl_secattr_catmap_walk(cmp, 0); i >= 0;
 727             i = netlbl_secattr_catmap_walk(cmp, i + 1)) {
 728                seq_printf(s, "%c%d", sep, i);
 729                sep = ',';
 730        }
 731
 732        seq_putc(s, '\n');
 733
 734        return 0;
 735}
 736
 737static const struct seq_operations cipso_seq_ops = {
 738        .start = cipso_seq_start,
 739        .next  = cipso_seq_next,
 740        .show  = cipso_seq_show,
 741        .stop  = smk_seq_stop,
 742};
 743
 744/**
 745 * smk_open_cipso - open() for /smack/cipso
 746 * @inode: inode structure representing file
 747 * @file: "cipso" file pointer
 748 *
 749 * Connect our cipso_seq_* operations with /smack/cipso
 750 * file_operations
 751 */
 752static int smk_open_cipso(struct inode *inode, struct file *file)
 753{
 754        return seq_open(file, &cipso_seq_ops);
 755}
 756
 757/**
 758 * smk_set_cipso - do the work for write() for cipso and cipso2
 759 * @file: file pointer, not actually used
 760 * @buf: where to get the data from
 761 * @count: bytes sent
 762 * @ppos: where to start
 763 * @format: /smack/cipso or /smack/cipso2
 764 *
 765 * Accepts only one cipso rule per write call.
 766 * Returns number of bytes written or error code, as appropriate
 767 */
 768static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
 769                                size_t count, loff_t *ppos, int format)
 770{
 771        struct smack_known *skp;
 772        struct netlbl_lsm_secattr ncats;
 773        char mapcatset[SMK_CIPSOLEN];
 774        int maplevel;
 775        unsigned int cat;
 776        int catlen;
 777        ssize_t rc = -EINVAL;
 778        char *data = NULL;
 779        char *rule;
 780        int ret;
 781        int i;
 782
 783        /*
 784         * Must have privilege.
 785         * No partial writes.
 786         * Enough data must be present.
 787         */
 788        if (!smack_privileged(CAP_MAC_ADMIN))
 789                return -EPERM;
 790        if (*ppos != 0)
 791                return -EINVAL;
 792        if (format == SMK_FIXED24_FMT &&
 793            (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
 794                return -EINVAL;
 795
 796        data = kzalloc(count + 1, GFP_KERNEL);
 797        if (data == NULL)
 798                return -ENOMEM;
 799
 800        if (copy_from_user(data, buf, count) != 0) {
 801                rc = -EFAULT;
 802                goto unlockedout;
 803        }
 804
 805        data[count] = '\0';
 806        rule = data;
 807        /*
 808         * Only allow one writer at a time. Writes should be
 809         * quite rare and small in any case.
 810         */
 811        mutex_lock(&smack_cipso_lock);
 812
 813        skp = smk_import_entry(rule, 0);
 814        if (skp == NULL)
 815                goto out;
 816
 817        if (format == SMK_FIXED24_FMT)
 818                rule += SMK_LABELLEN;
 819        else
 820                rule += strlen(skp->smk_known);
 821
 822        ret = sscanf(rule, "%d", &maplevel);
 823        if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
 824                goto out;
 825
 826        rule += SMK_DIGITLEN;
 827        ret = sscanf(rule, "%d", &catlen);
 828        if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
 829                goto out;
 830
 831        if (format == SMK_FIXED24_FMT &&
 832            count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
 833                goto out;
 834
 835        memset(mapcatset, 0, sizeof(mapcatset));
 836
 837        for (i = 0; i < catlen; i++) {
 838                rule += SMK_DIGITLEN;
 839                ret = sscanf(rule, "%u", &cat);
 840                if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL)
 841                        goto out;
 842
 843                smack_catset_bit(cat, mapcatset);
 844        }
 845
 846        rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
 847        if (rc >= 0) {
 848                netlbl_secattr_catmap_free(skp->smk_netlabel.attr.mls.cat);
 849                skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat;
 850                skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
 851                rc = count;
 852        }
 853
 854out:
 855        mutex_unlock(&smack_cipso_lock);
 856unlockedout:
 857        kfree(data);
 858        return rc;
 859}
 860
 861/**
 862 * smk_write_cipso - write() for /smack/cipso
 863 * @file: file pointer, not actually used
 864 * @buf: where to get the data from
 865 * @count: bytes sent
 866 * @ppos: where to start
 867 *
 868 * Accepts only one cipso rule per write call.
 869 * Returns number of bytes written or error code, as appropriate
 870 */
 871static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
 872                               size_t count, loff_t *ppos)
 873{
 874        return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
 875}
 876
 877static const struct file_operations smk_cipso_ops = {
 878        .open           = smk_open_cipso,
 879        .read           = seq_read,
 880        .llseek         = seq_lseek,
 881        .write          = smk_write_cipso,
 882        .release        = seq_release,
 883};
 884
 885/*
 886 * Seq_file read operations for /smack/cipso2
 887 */
 888
 889/*
 890 * Print cipso labels in format:
 891 * label level[/cat[,cat]]
 892 */
 893static int cipso2_seq_show(struct seq_file *s, void *v)
 894{
 895        struct list_head  *list = v;
 896        struct smack_known *skp =
 897                 list_entry(list, struct smack_known, list);
 898        struct netlbl_lsm_secattr_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
 899        char sep = '/';
 900        int i;
 901
 902        seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
 903
 904        for (i = netlbl_secattr_catmap_walk(cmp, 0); i >= 0;
 905             i = netlbl_secattr_catmap_walk(cmp, i + 1)) {
 906                seq_printf(s, "%c%d", sep, i);
 907                sep = ',';
 908        }
 909
 910        seq_putc(s, '\n');
 911
 912        return 0;
 913}
 914
 915static const struct seq_operations cipso2_seq_ops = {
 916        .start = cipso_seq_start,
 917        .next  = cipso_seq_next,
 918        .show  = cipso2_seq_show,
 919        .stop  = smk_seq_stop,
 920};
 921
 922/**
 923 * smk_open_cipso2 - open() for /smack/cipso2
 924 * @inode: inode structure representing file
 925 * @file: "cipso2" file pointer
 926 *
 927 * Connect our cipso_seq_* operations with /smack/cipso2
 928 * file_operations
 929 */
 930static int smk_open_cipso2(struct inode *inode, struct file *file)
 931{
 932        return seq_open(file, &cipso2_seq_ops);
 933}
 934
 935/**
 936 * smk_write_cipso2 - write() for /smack/cipso2
 937 * @file: file pointer, not actually used
 938 * @buf: where to get the data from
 939 * @count: bytes sent
 940 * @ppos: where to start
 941 *
 942 * Accepts only one cipso rule per write call.
 943 * Returns number of bytes written or error code, as appropriate
 944 */
 945static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
 946                              size_t count, loff_t *ppos)
 947{
 948        return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
 949}
 950
 951static const struct file_operations smk_cipso2_ops = {
 952        .open           = smk_open_cipso2,
 953        .read           = seq_read,
 954        .llseek         = seq_lseek,
 955        .write          = smk_write_cipso2,
 956        .release        = seq_release,
 957};
 958
 959/*
 960 * Seq_file read operations for /smack/netlabel
 961 */
 962
 963static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos)
 964{
 965        return smk_seq_start(s, pos, &smk_netlbladdr_list);
 966}
 967
 968static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos)
 969{
 970        return smk_seq_next(s, v, pos, &smk_netlbladdr_list);
 971}
 972#define BEBITS  (sizeof(__be32) * 8)
 973
 974/*
 975 * Print host/label pairs
 976 */
 977static int netlbladdr_seq_show(struct seq_file *s, void *v)
 978{
 979        struct list_head *list = v;
 980        struct smk_netlbladdr *skp =
 981                         list_entry(list, struct smk_netlbladdr, list);
 982        unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr;
 983        int maskn;
 984        u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr);
 985
 986        for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++);
 987
 988        seq_printf(s, "%u.%u.%u.%u/%d %s\n",
 989                hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label);
 990
 991        return 0;
 992}
 993
 994static const struct seq_operations netlbladdr_seq_ops = {
 995        .start = netlbladdr_seq_start,
 996        .next  = netlbladdr_seq_next,
 997        .show  = netlbladdr_seq_show,
 998        .stop  = smk_seq_stop,
 999};
1000
1001/**
1002 * smk_open_netlbladdr - open() for /smack/netlabel
1003 * @inode: inode structure representing file
1004 * @file: "netlabel" file pointer
1005 *
1006 * Connect our netlbladdr_seq_* operations with /smack/netlabel
1007 * file_operations
1008 */
1009static int smk_open_netlbladdr(struct inode *inode, struct file *file)
1010{
1011        return seq_open(file, &netlbladdr_seq_ops);
1012}
1013
1014/**
1015 * smk_netlbladdr_insert
1016 * @new : netlabel to insert
1017 *
1018 * This helper insert netlabel in the smack_netlbladdrs list
1019 * sorted by netmask length (longest to smallest)
1020 * locked by &smk_netlbladdr_lock in smk_write_netlbladdr
1021 *
1022 */
1023static void smk_netlbladdr_insert(struct smk_netlbladdr *new)
1024{
1025        struct smk_netlbladdr *m, *m_next;
1026
1027        if (list_empty(&smk_netlbladdr_list)) {
1028                list_add_rcu(&new->list, &smk_netlbladdr_list);
1029                return;
1030        }
1031
1032        m = list_entry_rcu(smk_netlbladdr_list.next,
1033                           struct smk_netlbladdr, list);
1034
1035        /* the comparison '>' is a bit hacky, but works */
1036        if (new->smk_mask.s_addr > m->smk_mask.s_addr) {
1037                list_add_rcu(&new->list, &smk_netlbladdr_list);
1038                return;
1039        }
1040
1041        list_for_each_entry_rcu(m, &smk_netlbladdr_list, list) {
1042                if (list_is_last(&m->list, &smk_netlbladdr_list)) {
1043                        list_add_rcu(&new->list, &m->list);
1044                        return;
1045                }
1046                m_next = list_entry_rcu(m->list.next,
1047                                        struct smk_netlbladdr, list);
1048                if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) {
1049                        list_add_rcu(&new->list, &m->list);
1050                        return;
1051                }
1052        }
1053}
1054
1055
1056/**
1057 * smk_write_netlbladdr - write() for /smack/netlabel
1058 * @file: file pointer, not actually used
1059 * @buf: where to get the data from
1060 * @count: bytes sent
1061 * @ppos: where to start
1062 *
1063 * Accepts only one netlbladdr per write call.
1064 * Returns number of bytes written or error code, as appropriate
1065 */
1066static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
1067                                size_t count, loff_t *ppos)
1068{
1069        struct smk_netlbladdr *skp;
1070        struct sockaddr_in newname;
1071        char *smack;
1072        char *sp;
1073        char *data;
1074        char *host = (char *)&newname.sin_addr.s_addr;
1075        int rc;
1076        struct netlbl_audit audit_info;
1077        struct in_addr mask;
1078        unsigned int m;
1079        int found;
1080        u32 mask_bits = (1<<31);
1081        __be32 nsa;
1082        u32 temp_mask;
1083
1084        /*
1085         * Must have privilege.
1086         * No partial writes.
1087         * Enough data must be present.
1088         * "<addr/mask, as a.b.c.d/e><space><label>"
1089         * "<addr, as a.b.c.d><space><label>"
1090         */
1091        if (!smack_privileged(CAP_MAC_ADMIN))
1092                return -EPERM;
1093        if (*ppos != 0)
1094                return -EINVAL;
1095        if (count < SMK_NETLBLADDRMIN)
1096                return -EINVAL;
1097
1098        data = kzalloc(count + 1, GFP_KERNEL);
1099        if (data == NULL)
1100                return -ENOMEM;
1101
1102        if (copy_from_user(data, buf, count) != 0) {
1103                rc = -EFAULT;
1104                goto free_data_out;
1105        }
1106
1107        smack = kzalloc(count + 1, GFP_KERNEL);
1108        if (smack == NULL) {
1109                rc = -ENOMEM;
1110                goto free_data_out;
1111        }
1112
1113        data[count] = '\0';
1114
1115        rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%d %s",
1116                &host[0], &host[1], &host[2], &host[3], &m, smack);
1117        if (rc != 6) {
1118                rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1119                        &host[0], &host[1], &host[2], &host[3], smack);
1120                if (rc != 5) {
1121                        rc = -EINVAL;
1122                        goto free_out;
1123                }
1124                m = BEBITS;
1125        }
1126        if (m > BEBITS) {
1127                rc = -EINVAL;
1128                goto free_out;
1129        }
1130
1131        /*
1132         * If smack begins with '-', it is an option, don't import it
1133         */
1134        if (smack[0] != '-') {
1135                sp = smk_import(smack, 0);
1136                if (sp == NULL) {
1137                        rc = -EINVAL;
1138                        goto free_out;
1139                }
1140        } else {
1141                /* check known options */
1142                if (strcmp(smack, smack_cipso_option) == 0)
1143                        sp = (char *)smack_cipso_option;
1144                else {
1145                        rc = -EINVAL;
1146                        goto free_out;
1147                }
1148        }
1149
1150        for (temp_mask = 0; m > 0; m--) {
1151                temp_mask |= mask_bits;
1152                mask_bits >>= 1;
1153        }
1154        mask.s_addr = cpu_to_be32(temp_mask);
1155
1156        newname.sin_addr.s_addr &= mask.s_addr;
1157        /*
1158         * Only allow one writer at a time. Writes should be
1159         * quite rare and small in any case.
1160         */
1161        mutex_lock(&smk_netlbladdr_lock);
1162
1163        nsa = newname.sin_addr.s_addr;
1164        /* try to find if the prefix is already in the list */
1165        found = 0;
1166        list_for_each_entry_rcu(skp, &smk_netlbladdr_list, list) {
1167                if (skp->smk_host.sin_addr.s_addr == nsa &&
1168                    skp->smk_mask.s_addr == mask.s_addr) {
1169                        found = 1;
1170                        break;
1171                }
1172        }
1173        smk_netlabel_audit_set(&audit_info);
1174
1175        if (found == 0) {
1176                skp = kzalloc(sizeof(*skp), GFP_KERNEL);
1177                if (skp == NULL)
1178                        rc = -ENOMEM;
1179                else {
1180                        rc = 0;
1181                        skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr;
1182                        skp->smk_mask.s_addr = mask.s_addr;
1183                        skp->smk_label = sp;
1184                        smk_netlbladdr_insert(skp);
1185                }
1186        } else {
1187                /* we delete the unlabeled entry, only if the previous label
1188                 * wasn't the special CIPSO option */
1189                if (skp->smk_label != smack_cipso_option)
1190                        rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1191                                        &skp->smk_host.sin_addr, &skp->smk_mask,
1192                                        PF_INET, &audit_info);
1193                else
1194                        rc = 0;
1195                skp->smk_label = sp;
1196        }
1197
1198        /*
1199         * Now tell netlabel about the single label nature of
1200         * this host so that incoming packets get labeled.
1201         * but only if we didn't get the special CIPSO option
1202         */
1203        if (rc == 0 && sp != smack_cipso_option)
1204                rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1205                        &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET,
1206                        smack_to_secid(skp->smk_label), &audit_info);
1207
1208        if (rc == 0)
1209                rc = count;
1210
1211        mutex_unlock(&smk_netlbladdr_lock);
1212
1213free_out:
1214        kfree(smack);
1215free_data_out:
1216        kfree(data);
1217
1218        return rc;
1219}
1220
1221static const struct file_operations smk_netlbladdr_ops = {
1222        .open           = smk_open_netlbladdr,
1223        .read           = seq_read,
1224        .llseek         = seq_lseek,
1225        .write          = smk_write_netlbladdr,
1226        .release        = seq_release,
1227};
1228
1229/**
1230 * smk_read_doi - read() for /smack/doi
1231 * @filp: file pointer, not actually used
1232 * @buf: where to put the result
1233 * @count: maximum to send along
1234 * @ppos: where to start
1235 *
1236 * Returns number of bytes read or error code, as appropriate
1237 */
1238static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1239                            size_t count, loff_t *ppos)
1240{
1241        char temp[80];
1242        ssize_t rc;
1243
1244        if (*ppos != 0)
1245                return 0;
1246
1247        sprintf(temp, "%d", smk_cipso_doi_value);
1248        rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1249
1250        return rc;
1251}
1252
1253/**
1254 * smk_write_doi - write() for /smack/doi
1255 * @file: file pointer, not actually used
1256 * @buf: where to get the data from
1257 * @count: bytes sent
1258 * @ppos: where to start
1259 *
1260 * Returns number of bytes written or error code, as appropriate
1261 */
1262static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1263                             size_t count, loff_t *ppos)
1264{
1265        char temp[80];
1266        int i;
1267
1268        if (!smack_privileged(CAP_MAC_ADMIN))
1269                return -EPERM;
1270
1271        if (count >= sizeof(temp) || count == 0)
1272                return -EINVAL;
1273
1274        if (copy_from_user(temp, buf, count) != 0)
1275                return -EFAULT;
1276
1277        temp[count] = '\0';
1278
1279        if (sscanf(temp, "%d", &i) != 1)
1280                return -EINVAL;
1281
1282        smk_cipso_doi_value = i;
1283
1284        smk_cipso_doi();
1285
1286        return count;
1287}
1288
1289static const struct file_operations smk_doi_ops = {
1290        .read           = smk_read_doi,
1291        .write          = smk_write_doi,
1292        .llseek         = default_llseek,
1293};
1294
1295/**
1296 * smk_read_direct - read() for /smack/direct
1297 * @filp: file pointer, not actually used
1298 * @buf: where to put the result
1299 * @count: maximum to send along
1300 * @ppos: where to start
1301 *
1302 * Returns number of bytes read or error code, as appropriate
1303 */
1304static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1305                               size_t count, loff_t *ppos)
1306{
1307        char temp[80];
1308        ssize_t rc;
1309
1310        if (*ppos != 0)
1311                return 0;
1312
1313        sprintf(temp, "%d", smack_cipso_direct);
1314        rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1315
1316        return rc;
1317}
1318
1319/**
1320 * smk_write_direct - write() for /smack/direct
1321 * @file: file pointer, not actually used
1322 * @buf: where to get the data from
1323 * @count: bytes sent
1324 * @ppos: where to start
1325 *
1326 * Returns number of bytes written or error code, as appropriate
1327 */
1328static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1329                                size_t count, loff_t *ppos)
1330{
1331        struct smack_known *skp;
1332        char temp[80];
1333        int i;
1334
1335        if (!smack_privileged(CAP_MAC_ADMIN))
1336                return -EPERM;
1337
1338        if (count >= sizeof(temp) || count == 0)
1339                return -EINVAL;
1340
1341        if (copy_from_user(temp, buf, count) != 0)
1342                return -EFAULT;
1343
1344        temp[count] = '\0';
1345
1346        if (sscanf(temp, "%d", &i) != 1)
1347                return -EINVAL;
1348
1349        /*
1350         * Don't do anything if the value hasn't actually changed.
1351         * If it is changing reset the level on entries that were
1352         * set up to be direct when they were created.
1353         */
1354        if (smack_cipso_direct != i) {
1355                mutex_lock(&smack_known_lock);
1356                list_for_each_entry_rcu(skp, &smack_known_list, list)
1357                        if (skp->smk_netlabel.attr.mls.lvl ==
1358                            smack_cipso_direct)
1359                                skp->smk_netlabel.attr.mls.lvl = i;
1360                smack_cipso_direct = i;
1361                mutex_unlock(&smack_known_lock);
1362        }
1363
1364        return count;
1365}
1366
1367static const struct file_operations smk_direct_ops = {
1368        .read           = smk_read_direct,
1369        .write          = smk_write_direct,
1370        .llseek         = default_llseek,
1371};
1372
1373/**
1374 * smk_read_mapped - read() for /smack/mapped
1375 * @filp: file pointer, not actually used
1376 * @buf: where to put the result
1377 * @count: maximum to send along
1378 * @ppos: where to start
1379 *
1380 * Returns number of bytes read or error code, as appropriate
1381 */
1382static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1383                               size_t count, loff_t *ppos)
1384{
1385        char temp[80];
1386        ssize_t rc;
1387
1388        if (*ppos != 0)
1389                return 0;
1390
1391        sprintf(temp, "%d", smack_cipso_mapped);
1392        rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1393
1394        return rc;
1395}
1396
1397/**
1398 * smk_write_mapped - write() for /smack/mapped
1399 * @file: file pointer, not actually used
1400 * @buf: where to get the data from
1401 * @count: bytes sent
1402 * @ppos: where to start
1403 *
1404 * Returns number of bytes written or error code, as appropriate
1405 */
1406static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1407                                size_t count, loff_t *ppos)
1408{
1409        struct smack_known *skp;
1410        char temp[80];
1411        int i;
1412
1413        if (!smack_privileged(CAP_MAC_ADMIN))
1414                return -EPERM;
1415
1416        if (count >= sizeof(temp) || count == 0)
1417                return -EINVAL;
1418
1419        if (copy_from_user(temp, buf, count) != 0)
1420                return -EFAULT;
1421
1422        temp[count] = '\0';
1423
1424        if (sscanf(temp, "%d", &i) != 1)
1425                return -EINVAL;
1426
1427        /*
1428         * Don't do anything if the value hasn't actually changed.
1429         * If it is changing reset the level on entries that were
1430         * set up to be mapped when they were created.
1431         */
1432        if (smack_cipso_mapped != i) {
1433                mutex_lock(&smack_known_lock);
1434                list_for_each_entry_rcu(skp, &smack_known_list, list)
1435                        if (skp->smk_netlabel.attr.mls.lvl ==
1436                            smack_cipso_mapped)
1437                                skp->smk_netlabel.attr.mls.lvl = i;
1438                smack_cipso_mapped = i;
1439                mutex_unlock(&smack_known_lock);
1440        }
1441
1442        return count;
1443}
1444
1445static const struct file_operations smk_mapped_ops = {
1446        .read           = smk_read_mapped,
1447        .write          = smk_write_mapped,
1448        .llseek         = default_llseek,
1449};
1450
1451/**
1452 * smk_read_ambient - read() for /smack/ambient
1453 * @filp: file pointer, not actually used
1454 * @buf: where to put the result
1455 * @cn: maximum to send along
1456 * @ppos: where to start
1457 *
1458 * Returns number of bytes read or error code, as appropriate
1459 */
1460static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1461                                size_t cn, loff_t *ppos)
1462{
1463        ssize_t rc;
1464        int asize;
1465
1466        if (*ppos != 0)
1467                return 0;
1468        /*
1469         * Being careful to avoid a problem in the case where
1470         * smack_net_ambient gets changed in midstream.
1471         */
1472        mutex_lock(&smack_ambient_lock);
1473
1474        asize = strlen(smack_net_ambient) + 1;
1475
1476        if (cn >= asize)
1477                rc = simple_read_from_buffer(buf, cn, ppos,
1478                                             smack_net_ambient, asize);
1479        else
1480                rc = -EINVAL;
1481
1482        mutex_unlock(&smack_ambient_lock);
1483
1484        return rc;
1485}
1486
1487/**
1488 * smk_write_ambient - write() for /smack/ambient
1489 * @file: file pointer, not actually used
1490 * @buf: where to get the data from
1491 * @count: bytes sent
1492 * @ppos: where to start
1493 *
1494 * Returns number of bytes written or error code, as appropriate
1495 */
1496static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1497                                 size_t count, loff_t *ppos)
1498{
1499        char *oldambient;
1500        char *smack = NULL;
1501        char *data;
1502        int rc = count;
1503
1504        if (!smack_privileged(CAP_MAC_ADMIN))
1505                return -EPERM;
1506
1507        data = kzalloc(count + 1, GFP_KERNEL);
1508        if (data == NULL)
1509                return -ENOMEM;
1510
1511        if (copy_from_user(data, buf, count) != 0) {
1512                rc = -EFAULT;
1513                goto out;
1514        }
1515
1516        smack = smk_import(data, count);
1517        if (smack == NULL) {
1518                rc = -EINVAL;
1519                goto out;
1520        }
1521
1522        mutex_lock(&smack_ambient_lock);
1523
1524        oldambient = smack_net_ambient;
1525        smack_net_ambient = smack;
1526        smk_unlbl_ambient(oldambient);
1527
1528        mutex_unlock(&smack_ambient_lock);
1529
1530out:
1531        kfree(data);
1532        return rc;
1533}
1534
1535static const struct file_operations smk_ambient_ops = {
1536        .read           = smk_read_ambient,
1537        .write          = smk_write_ambient,
1538        .llseek         = default_llseek,
1539};
1540
1541/**
1542 * smk_read_onlycap - read() for /smack/onlycap
1543 * @filp: file pointer, not actually used
1544 * @buf: where to put the result
1545 * @cn: maximum to send along
1546 * @ppos: where to start
1547 *
1548 * Returns number of bytes read or error code, as appropriate
1549 */
1550static ssize_t smk_read_onlycap(struct file *filp, char __user *buf,
1551                                size_t cn, loff_t *ppos)
1552{
1553        char *smack = "";
1554        ssize_t rc = -EINVAL;
1555        int asize;
1556
1557        if (*ppos != 0)
1558                return 0;
1559
1560        if (smack_onlycap != NULL)
1561                smack = smack_onlycap;
1562
1563        asize = strlen(smack) + 1;
1564
1565        if (cn >= asize)
1566                rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
1567
1568        return rc;
1569}
1570
1571/**
1572 * smk_write_onlycap - write() for /smack/onlycap
1573 * @file: file pointer, not actually used
1574 * @buf: where to get the data from
1575 * @count: bytes sent
1576 * @ppos: where to start
1577 *
1578 * Returns number of bytes written or error code, as appropriate
1579 */
1580static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
1581                                 size_t count, loff_t *ppos)
1582{
1583        char *data;
1584        char *sp = smk_of_task(current->cred->security);
1585        int rc = count;
1586
1587        if (!smack_privileged(CAP_MAC_ADMIN))
1588                return -EPERM;
1589
1590        /*
1591         * This can be done using smk_access() but is done
1592         * explicitly for clarity. The smk_access() implementation
1593         * would use smk_access(smack_onlycap, MAY_WRITE)
1594         */
1595        if (smack_onlycap != NULL && smack_onlycap != sp)
1596                return -EPERM;
1597
1598        data = kzalloc(count, GFP_KERNEL);
1599        if (data == NULL)
1600                return -ENOMEM;
1601
1602        /*
1603         * Should the null string be passed in unset the onlycap value.
1604         * This seems like something to be careful with as usually
1605         * smk_import only expects to return NULL for errors. It
1606         * is usually the case that a nullstring or "\n" would be
1607         * bad to pass to smk_import but in fact this is useful here.
1608         *
1609         * smk_import will also reject a label beginning with '-',
1610         * so "-usecapabilities" will also work.
1611         */
1612        if (copy_from_user(data, buf, count) != 0)
1613                rc = -EFAULT;
1614        else
1615                smack_onlycap = smk_import(data, count);
1616
1617        kfree(data);
1618        return rc;
1619}
1620
1621static const struct file_operations smk_onlycap_ops = {
1622        .read           = smk_read_onlycap,
1623        .write          = smk_write_onlycap,
1624        .llseek         = default_llseek,
1625};
1626
1627/**
1628 * smk_read_logging - read() for /smack/logging
1629 * @filp: file pointer, not actually used
1630 * @buf: where to put the result
1631 * @cn: maximum to send along
1632 * @ppos: where to start
1633 *
1634 * Returns number of bytes read or error code, as appropriate
1635 */
1636static ssize_t smk_read_logging(struct file *filp, char __user *buf,
1637                                size_t count, loff_t *ppos)
1638{
1639        char temp[32];
1640        ssize_t rc;
1641
1642        if (*ppos != 0)
1643                return 0;
1644
1645        sprintf(temp, "%d\n", log_policy);
1646        rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1647        return rc;
1648}
1649
1650/**
1651 * smk_write_logging - write() for /smack/logging
1652 * @file: file pointer, not actually used
1653 * @buf: where to get the data from
1654 * @count: bytes sent
1655 * @ppos: where to start
1656 *
1657 * Returns number of bytes written or error code, as appropriate
1658 */
1659static ssize_t smk_write_logging(struct file *file, const char __user *buf,
1660                                size_t count, loff_t *ppos)
1661{
1662        char temp[32];
1663        int i;
1664
1665        if (!smack_privileged(CAP_MAC_ADMIN))
1666                return -EPERM;
1667
1668        if (count >= sizeof(temp) || count == 0)
1669                return -EINVAL;
1670
1671        if (copy_from_user(temp, buf, count) != 0)
1672                return -EFAULT;
1673
1674        temp[count] = '\0';
1675
1676        if (sscanf(temp, "%d", &i) != 1)
1677                return -EINVAL;
1678        if (i < 0 || i > 3)
1679                return -EINVAL;
1680        log_policy = i;
1681        return count;
1682}
1683
1684
1685
1686static const struct file_operations smk_logging_ops = {
1687        .read           = smk_read_logging,
1688        .write          = smk_write_logging,
1689        .llseek         = default_llseek,
1690};
1691
1692/*
1693 * Seq_file read operations for /smack/load-self
1694 */
1695
1696static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
1697{
1698        struct task_smack *tsp = current_security();
1699
1700        return smk_seq_start(s, pos, &tsp->smk_rules);
1701}
1702
1703static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
1704{
1705        struct task_smack *tsp = current_security();
1706
1707        return smk_seq_next(s, v, pos, &tsp->smk_rules);
1708}
1709
1710static int load_self_seq_show(struct seq_file *s, void *v)
1711{
1712        struct list_head *list = v;
1713        struct smack_rule *srp =
1714                 list_entry(list, struct smack_rule, list);
1715
1716        smk_rule_show(s, srp, SMK_LABELLEN);
1717
1718        return 0;
1719}
1720
1721static const struct seq_operations load_self_seq_ops = {
1722        .start = load_self_seq_start,
1723        .next  = load_self_seq_next,
1724        .show  = load_self_seq_show,
1725        .stop  = smk_seq_stop,
1726};
1727
1728
1729/**
1730 * smk_open_load_self - open() for /smack/load-self2
1731 * @inode: inode structure representing file
1732 * @file: "load" file pointer
1733 *
1734 * For reading, use load_seq_* seq_file reading operations.
1735 */
1736static int smk_open_load_self(struct inode *inode, struct file *file)
1737{
1738        return seq_open(file, &load_self_seq_ops);
1739}
1740
1741/**
1742 * smk_write_load_self - write() for /smack/load-self
1743 * @file: file pointer, not actually used
1744 * @buf: where to get the data from
1745 * @count: bytes sent
1746 * @ppos: where to start - must be 0
1747 *
1748 */
1749static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
1750                              size_t count, loff_t *ppos)
1751{
1752        struct task_smack *tsp = current_security();
1753
1754        return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
1755                                    &tsp->smk_rules_lock, SMK_FIXED24_FMT);
1756}
1757
1758static const struct file_operations smk_load_self_ops = {
1759        .open           = smk_open_load_self,
1760        .read           = seq_read,
1761        .llseek         = seq_lseek,
1762        .write          = smk_write_load_self,
1763        .release        = seq_release,
1764};
1765
1766/**
1767 * smk_user_access - handle access check transaction
1768 * @file: file pointer
1769 * @buf: data from user space
1770 * @count: bytes sent
1771 * @ppos: where to start - must be 0
1772 */
1773static ssize_t smk_user_access(struct file *file, const char __user *buf,
1774                                size_t count, loff_t *ppos, int format)
1775{
1776        struct smack_rule rule;
1777        char *data;
1778        char *cod;
1779        int res;
1780
1781        data = simple_transaction_get(file, buf, count);
1782        if (IS_ERR(data))
1783                return PTR_ERR(data);
1784
1785        if (format == SMK_FIXED24_FMT) {
1786                if (count < SMK_LOADLEN)
1787                        return -EINVAL;
1788                res = smk_parse_rule(data, &rule, 0);
1789        } else {
1790                /*
1791                 * Copy the data to make sure the string is terminated.
1792                 */
1793                cod = kzalloc(count + 1, GFP_KERNEL);
1794                if (cod == NULL)
1795                        return -ENOMEM;
1796                memcpy(cod, data, count);
1797                cod[count] = '\0';
1798                res = smk_parse_long_rule(cod, &rule, 0);
1799                kfree(cod);
1800        }
1801
1802        if (res)
1803                return -EINVAL;
1804
1805        res = smk_access(rule.smk_subject, rule.smk_object, rule.smk_access,
1806                          NULL);
1807        data[0] = res == 0 ? '1' : '0';
1808        data[1] = '\0';
1809
1810        simple_transaction_set(file, 2);
1811
1812        if (format == SMK_FIXED24_FMT)
1813                return SMK_LOADLEN;
1814        return count;
1815}
1816
1817/**
1818 * smk_write_access - handle access check transaction
1819 * @file: file pointer
1820 * @buf: data from user space
1821 * @count: bytes sent
1822 * @ppos: where to start - must be 0
1823 */
1824static ssize_t smk_write_access(struct file *file, const char __user *buf,
1825                                size_t count, loff_t *ppos)
1826{
1827        return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
1828}
1829
1830static const struct file_operations smk_access_ops = {
1831        .write          = smk_write_access,
1832        .read           = simple_transaction_read,
1833        .release        = simple_transaction_release,
1834        .llseek         = generic_file_llseek,
1835};
1836
1837
1838/*
1839 * Seq_file read operations for /smack/load2
1840 */
1841
1842static int load2_seq_show(struct seq_file *s, void *v)
1843{
1844        struct list_head *list = v;
1845        struct smack_master_list *smlp =
1846                 list_entry(list, struct smack_master_list, list);
1847
1848        smk_rule_show(s, smlp->smk_rule, SMK_LONGLABEL);
1849
1850        return 0;
1851}
1852
1853static const struct seq_operations load2_seq_ops = {
1854        .start = load2_seq_start,
1855        .next  = load2_seq_next,
1856        .show  = load2_seq_show,
1857        .stop  = smk_seq_stop,
1858};
1859
1860/**
1861 * smk_open_load2 - open() for /smack/load2
1862 * @inode: inode structure representing file
1863 * @file: "load2" file pointer
1864 *
1865 * For reading, use load2_seq_* seq_file reading operations.
1866 */
1867static int smk_open_load2(struct inode *inode, struct file *file)
1868{
1869        return seq_open(file, &load2_seq_ops);
1870}
1871
1872/**
1873 * smk_write_load2 - write() for /smack/load2
1874 * @file: file pointer, not actually used
1875 * @buf: where to get the data from
1876 * @count: bytes sent
1877 * @ppos: where to start - must be 0
1878 *
1879 */
1880static ssize_t smk_write_load2(struct file *file, const char __user *buf,
1881                                size_t count, loff_t *ppos)
1882{
1883        /*
1884         * Must have privilege.
1885         */
1886        if (!smack_privileged(CAP_MAC_ADMIN))
1887                return -EPERM;
1888
1889        return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
1890                                    SMK_LONG_FMT);
1891}
1892
1893static const struct file_operations smk_load2_ops = {
1894        .open           = smk_open_load2,
1895        .read           = seq_read,
1896        .llseek         = seq_lseek,
1897        .write          = smk_write_load2,
1898        .release        = seq_release,
1899};
1900
1901/*
1902 * Seq_file read operations for /smack/load-self2
1903 */
1904
1905static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
1906{
1907        struct task_smack *tsp = current_security();
1908
1909        return smk_seq_start(s, pos, &tsp->smk_rules);
1910}
1911
1912static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
1913{
1914        struct task_smack *tsp = current_security();
1915
1916        return smk_seq_next(s, v, pos, &tsp->smk_rules);
1917}
1918
1919static int load_self2_seq_show(struct seq_file *s, void *v)
1920{
1921        struct list_head *list = v;
1922        struct smack_rule *srp =
1923                 list_entry(list, struct smack_rule, list);
1924
1925        smk_rule_show(s, srp, SMK_LONGLABEL);
1926
1927        return 0;
1928}
1929
1930static const struct seq_operations load_self2_seq_ops = {
1931        .start = load_self2_seq_start,
1932        .next  = load_self2_seq_next,
1933        .show  = load_self2_seq_show,
1934        .stop  = smk_seq_stop,
1935};
1936
1937/**
1938 * smk_open_load_self2 - open() for /smack/load-self2
1939 * @inode: inode structure representing file
1940 * @file: "load" file pointer
1941 *
1942 * For reading, use load_seq_* seq_file reading operations.
1943 */
1944static int smk_open_load_self2(struct inode *inode, struct file *file)
1945{
1946        return seq_open(file, &load_self2_seq_ops);
1947}
1948
1949/**
1950 * smk_write_load_self2 - write() for /smack/load-self2
1951 * @file: file pointer, not actually used
1952 * @buf: where to get the data from
1953 * @count: bytes sent
1954 * @ppos: where to start - must be 0
1955 *
1956 */
1957static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
1958                              size_t count, loff_t *ppos)
1959{
1960        struct task_smack *tsp = current_security();
1961
1962        return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
1963                                    &tsp->smk_rules_lock, SMK_LONG_FMT);
1964}
1965
1966static const struct file_operations smk_load_self2_ops = {
1967        .open           = smk_open_load_self2,
1968        .read           = seq_read,
1969        .llseek         = seq_lseek,
1970        .write          = smk_write_load_self2,
1971        .release        = seq_release,
1972};
1973
1974/**
1975 * smk_write_access2 - handle access check transaction
1976 * @file: file pointer
1977 * @buf: data from user space
1978 * @count: bytes sent
1979 * @ppos: where to start - must be 0
1980 */
1981static ssize_t smk_write_access2(struct file *file, const char __user *buf,
1982                                        size_t count, loff_t *ppos)
1983{
1984        return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
1985}
1986
1987static const struct file_operations smk_access2_ops = {
1988        .write          = smk_write_access2,
1989        .read           = simple_transaction_read,
1990        .release        = simple_transaction_release,
1991        .llseek         = generic_file_llseek,
1992};
1993
1994/**
1995 * smk_fill_super - fill the /smackfs superblock
1996 * @sb: the empty superblock
1997 * @data: unused
1998 * @silent: unused
1999 *
2000 * Fill in the well known entries for /smack
2001 *
2002 * Returns 0 on success, an error code on failure
2003 */
2004static int smk_fill_super(struct super_block *sb, void *data, int silent)
2005{
2006        int rc;
2007        struct inode *root_inode;
2008
2009        static struct tree_descr smack_files[] = {
2010                [SMK_LOAD] = {
2011                        "load", &smk_load_ops, S_IRUGO|S_IWUSR},
2012                [SMK_CIPSO] = {
2013                        "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2014                [SMK_DOI] = {
2015                        "doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2016                [SMK_DIRECT] = {
2017                        "direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2018                [SMK_AMBIENT] = {
2019                        "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2020                [SMK_NETLBLADDR] = {
2021                        "netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR},
2022                [SMK_ONLYCAP] = {
2023                        "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2024                [SMK_LOGGING] = {
2025                        "logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2026                [SMK_LOAD_SELF] = {
2027                        "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2028                [SMK_ACCESSES] = {
2029                        "access", &smk_access_ops, S_IRUGO|S_IWUGO},
2030                [SMK_MAPPED] = {
2031                        "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2032                [SMK_LOAD2] = {
2033                        "load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2034                [SMK_LOAD_SELF2] = {
2035                        "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2036                [SMK_ACCESS2] = {
2037                        "access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2038                [SMK_CIPSO2] = {
2039                        "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2040                /* last one */
2041                        {""}
2042        };
2043
2044        rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2045        if (rc != 0) {
2046                printk(KERN_ERR "%s failed %d while creating inodes\n",
2047                        __func__, rc);
2048                return rc;
2049        }
2050
2051        root_inode = sb->s_root->d_inode;
2052
2053        return 0;
2054}
2055
2056/**
2057 * smk_mount - get the smackfs superblock
2058 * @fs_type: passed along without comment
2059 * @flags: passed along without comment
2060 * @dev_name: passed along without comment
2061 * @data: passed along without comment
2062 *
2063 * Just passes everything along.
2064 *
2065 * Returns what the lower level code does.
2066 */
2067static struct dentry *smk_mount(struct file_system_type *fs_type,
2068                      int flags, const char *dev_name, void *data)
2069{
2070        return mount_single(fs_type, flags, data, smk_fill_super);
2071}
2072
2073static struct file_system_type smk_fs_type = {
2074        .name           = "smackfs",
2075        .mount          = smk_mount,
2076        .kill_sb        = kill_litter_super,
2077};
2078
2079static struct vfsmount *smackfs_mount;
2080
2081static int __init smk_preset_netlabel(struct smack_known *skp)
2082{
2083        skp->smk_netlabel.domain = skp->smk_known;
2084        skp->smk_netlabel.flags =
2085                NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
2086        return smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
2087                                &skp->smk_netlabel, strlen(skp->smk_known));
2088}
2089
2090/**
2091 * init_smk_fs - get the smackfs superblock
2092 *
2093 * register the smackfs
2094 *
2095 * Do not register smackfs if Smack wasn't enabled
2096 * on boot. We can not put this method normally under the
2097 * smack_init() code path since the security subsystem get
2098 * initialized before the vfs caches.
2099 *
2100 * Returns true if we were not chosen on boot or if
2101 * we were chosen and filesystem registration succeeded.
2102 */
2103static int __init init_smk_fs(void)
2104{
2105        int err;
2106        int rc;
2107
2108        if (!security_module_enable(&smack_ops))
2109                return 0;
2110
2111        err = register_filesystem(&smk_fs_type);
2112        if (!err) {
2113                smackfs_mount = kern_mount(&smk_fs_type);
2114                if (IS_ERR(smackfs_mount)) {
2115                        printk(KERN_ERR "smackfs:  could not mount!\n");
2116                        err = PTR_ERR(smackfs_mount);
2117                        smackfs_mount = NULL;
2118                }
2119        }
2120
2121        smk_cipso_doi();
2122        smk_unlbl_ambient(NULL);
2123
2124        rc = smk_preset_netlabel(&smack_known_floor);
2125        if (err == 0 && rc < 0)
2126                err = rc;
2127        rc = smk_preset_netlabel(&smack_known_hat);
2128        if (err == 0 && rc < 0)
2129                err = rc;
2130        rc = smk_preset_netlabel(&smack_known_huh);
2131        if (err == 0 && rc < 0)
2132                err = rc;
2133        rc = smk_preset_netlabel(&smack_known_invalid);
2134        if (err == 0 && rc < 0)
2135                err = rc;
2136        rc = smk_preset_netlabel(&smack_known_star);
2137        if (err == 0 && rc < 0)
2138                err = rc;
2139        rc = smk_preset_netlabel(&smack_known_web);
2140        if (err == 0 && rc < 0)
2141                err = rc;
2142
2143        return err;
2144}
2145
2146__initcall(init_smk_fs);
2147
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.