#include <linux/pipe_fs_i.h>
#include <net/netlabel.h>
#include <net/cipso_ipv4.h>
+#include <linux/audit.h>
#include "smack.h"
*
* Do the capability checks, and require read and write.
*/
-static int smack_ptrace(struct task_struct *ptp, struct task_struct *ctp)
+static int smack_ptrace(struct task_struct *ptp, struct task_struct *ctp,
+ unsigned int mode)
{
int rc;
- rc = cap_ptrace(ptp, ctp);
+ rc = cap_ptrace(ptp, ctp, mode);
if (rc != 0)
return rc;
* Returns 0 if current can write the floor of the filesystem
* being mounted on, an error code otherwise.
*/
-static int smack_sb_mount(char *dev_name, struct nameidata *nd,
+static int smack_sb_mount(char *dev_name, struct path *path,
char *type, unsigned long flags, void *data)
{
- struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security;
+ struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
return smk_curacc(sbp->smk_floor, MAY_WRITE);
}
*
* Returns 0 if access is permitted, an error code otherwise
*/
-static int smack_inode_setxattr(struct dentry *dentry, char *name,
- void *value, size_t size, int flags)
+static int smack_inode_setxattr(struct dentry *dentry, const char *name,
+ const void *value, size_t size, int flags)
{
int rc = 0;
* Set the pointer in the inode blob to the entry found
* in the master label list.
*/
-static void smack_inode_post_setxattr(struct dentry *dentry, char *name,
- void *value, size_t size, int flags)
+static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
+ const void *value, size_t size, int flags)
{
struct inode_smack *isp;
char *nsp;
*
* Returns 0 if access is permitted, an error code otherwise
*/
-static int smack_inode_getxattr(struct dentry *dentry, char *name)
+static int smack_inode_getxattr(struct dentry *dentry, const char *name)
{
return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
}
*
* Returns 0 if access is permitted, an error code otherwise
*/
-static int smack_inode_removexattr(struct dentry *dentry, char *name)
+static int smack_inode_removexattr(struct dentry *dentry, const char *name)
{
int rc = 0;
return -EINVAL;
}
+/**
+ * smack_inode_getsecid - Extract inode's security id
+ * @inode: inode to extract the info from
+ * @secid: where result will be saved
+ */
+static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
+{
+ struct inode_smack *isp = inode->i_security;
+
+ *secid = smack_to_secid(isp->smk_inode);
+}
+
/*
* File Hooks
*/
static int smack_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid)
{
- /*
- * Special cases where signals really ought to go through
- * in spite of policy. Stephen Smalley suggests it may
- * make sense to change the caller so that it doesn't
- * bother with the LSM hook in these cases.
- */
- if (info != SEND_SIG_NOINFO &&
- (is_si_special(info) || SI_FROMKERNEL(info)))
- return 0;
/*
* Sending a signal requires that the sender
* can write the receiver.
int rc;
int byte;
- if (catset == 0)
+ if (!catset)
return;
sap->flags |= NETLBL_SECATTR_MLS_CAT;
return smk_curacc(isp, may);
}
-/* module stacking operations */
-
/**
- * smack_register_security - stack capability module
- * @name: module name
- * @ops: module operations - ignored
- *
- * Allow the capability module to register.
+ * smack_ipc_getsecid - Extract smack security id
+ * @ipcp: the object permissions
+ * @secid: where result will be saved
*/
-static int smack_register_security(const char *name,
- struct security_operations *ops)
+static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
{
- if (strcmp(name, "capability") != 0)
- return -EINVAL;
+ char *smack = ipp->security;
- printk(KERN_INFO "%s: Registering secondary module %s\n",
- __func__, name);
-
- return 0;
+ *secid = smack_to_secid(smack);
}
/**
*/
final = sbsp->smk_default;
+ /*
+ * If this is the root inode the superblock
+ * may be in the process of initialization.
+ * If that is the case use the root value out
+ * of the superblock.
+ */
+ if (opt_dentry->d_parent == opt_dentry) {
+ isp->smk_inode = sbsp->smk_root;
+ isp->smk_flags |= SMK_INODE_INSTANT;
+ goto unlockandout;
+ }
+
/*
* This is pretty hackish.
* Casey says that we shouldn't have to do
}
#endif /* CONFIG_KEYS */
+/*
+ * Smack Audit hooks
+ *
+ * Audit requires a unique representation of each Smack specific
+ * rule. This unique representation is used to distinguish the
+ * object to be audited from remaining kernel objects and also
+ * works as a glue between the audit hooks.
+ *
+ * Since repository entries are added but never deleted, we'll use
+ * the smack_known label address related to the given audit rule as
+ * the needed unique representation. This also better fits the smack
+ * model where nearly everything is a label.
+ */
+#ifdef CONFIG_AUDIT
+
+/**
+ * smack_audit_rule_init - Initialize a smack audit rule
+ * @field: audit rule fields given from user-space (audit.h)
+ * @op: required testing operator (=, !=, >, <, ...)
+ * @rulestr: smack label to be audited
+ * @vrule: pointer to save our own audit rule representation
+ *
+ * Prepare to audit cases where (@field @op @rulestr) is true.
+ * The label to be audited is created if necessay.
+ */
+static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
+{
+ char **rule = (char **)vrule;
+ *rule = NULL;
+
+ if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
+ return -EINVAL;
+
+ if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
+ return -EINVAL;
+
+ *rule = smk_import(rulestr, 0);
+
+ return 0;
+}
+
+/**
+ * smack_audit_rule_known - Distinguish Smack audit rules
+ * @krule: rule of interest, in Audit kernel representation format
+ *
+ * This is used to filter Smack rules from remaining Audit ones.
+ * If it's proved that this rule belongs to us, the
+ * audit_rule_match hook will be called to do the final judgement.
+ */
+static int smack_audit_rule_known(struct audit_krule *krule)
+{
+ struct audit_field *f;
+ int i;
+
+ for (i = 0; i < krule->field_count; i++) {
+ f = &krule->fields[i];
+
+ if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
+ return 1;
+ }
+
+ return 0;
+}
+
+/**
+ * smack_audit_rule_match - Audit given object ?
+ * @secid: security id for identifying the object to test
+ * @field: audit rule flags given from user-space
+ * @op: required testing operator
+ * @vrule: smack internal rule presentation
+ * @actx: audit context associated with the check
+ *
+ * The core Audit hook. It's used to take the decision of
+ * whether to audit or not to audit a given object.
+ */
+static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
+ struct audit_context *actx)
+{
+ char *smack;
+ char *rule = vrule;
+
+ if (!rule) {
+ audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR,
+ "Smack: missing rule\n");
+ return -ENOENT;
+ }
+
+ if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
+ return 0;
+
+ smack = smack_from_secid(secid);
+
+ /*
+ * No need to do string comparisons. If a match occurs,
+ * both pointers will point to the same smack_known
+ * label.
+ */
+ if (op == AUDIT_EQUAL)
+ return (rule == smack);
+ if (op == AUDIT_NOT_EQUAL)
+ return (rule != smack);
+
+ return 0;
+}
+
+/**
+ * smack_audit_rule_free - free smack rule representation
+ * @vrule: rule to be freed.
+ *
+ * No memory was allocated.
+ */
+static void smack_audit_rule_free(void *vrule)
+{
+ /* No-op */
+}
+
+#endif /* CONFIG_AUDIT */
+
/*
* smack_secid_to_secctx - return the smack label for a secid
* @secid: incoming integer
*
* Exists for audit and networking code.
*/
-static int smack_secctx_to_secid(char *secdata, u32 seclen, u32 *secid)
+static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
{
*secid = smack_to_secid(secdata);
return 0;
.inode_getsecurity = smack_inode_getsecurity,
.inode_setsecurity = smack_inode_setsecurity,
.inode_listsecurity = smack_inode_listsecurity,
+ .inode_getsecid = smack_inode_getsecid,
.file_permission = smack_file_permission,
.file_alloc_security = smack_file_alloc_security,
.task_wait = smack_task_wait,
.task_reparent_to_init = cap_task_reparent_to_init,
.task_to_inode = smack_task_to_inode,
+ .task_prctl = cap_task_prctl,
.ipc_permission = smack_ipc_permission,
+ .ipc_getsecid = smack_ipc_getsecid,
.msg_msg_alloc_security = smack_msg_msg_alloc_security,
.msg_msg_free_security = smack_msg_msg_free_security,
.netlink_send = cap_netlink_send,
.netlink_recv = cap_netlink_recv,
- .register_security = smack_register_security,
-
.d_instantiate = smack_d_instantiate,
.getprocattr = smack_getprocattr,
.sk_free_security = smack_sk_free_security,
.sock_graft = smack_sock_graft,
.inet_conn_request = smack_inet_conn_request,
+
/* key management security hooks */
#ifdef CONFIG_KEYS
.key_alloc = smack_key_alloc,
.key_free = smack_key_free,
.key_permission = smack_key_permission,
#endif /* CONFIG_KEYS */
+
+ /* Audit hooks */
+#ifdef CONFIG_AUDIT
+ .audit_rule_init = smack_audit_rule_init,
+ .audit_rule_known = smack_audit_rule_known,
+ .audit_rule_match = smack_audit_rule_match,
+ .audit_rule_free = smack_audit_rule_free,
+#endif /* CONFIG_AUDIT */
+
.secid_to_secctx = smack_secid_to_secctx,
.secctx_to_secid = smack_secctx_to_secid,
.release_secctx = smack_release_secctx,
projects / linux-2.6 / blobdiff