1 files changed, 72 insertions, 62 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 9637e107f7ea..cc7cb6edba08 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -77,14 +77,19 @@ int log_policy = SMACK_AUDIT_DENIED;
 * entry is found returns -ENOENT.
 *
 * NOTE:
- * Even though Smack labels are usually shared on smack_list
- * labels that come in off the network can't be imported
- * and added to the list for locking reasons.
 *
- * Therefore, it is necessary to check the contents of the labels,
+ * Earlier versions of this function allowed for labels that
- * not just the pointer values. Of course, in most cases the labels
+ * were not on the label list. This was done to allow for
- * will be on the list, so checking the pointers may be a worthwhile
+ * labels to come over the network that had never been seen
- * optimization.
+ * before on this host. Unless the receiving socket has the
+ * star label this will always result in a failure check. The
+ * star labeled socket case is now handled in the networking
+ * hooks so there is no case where the label is not on the
+ * label list. Checking to see if the address of two labels
+ * is the same is now a reliable test.
+ *
+ * Do the object check first because that is more
+ * likely to differ.
 */
 int smk_access_entry(char *subject_label, char *object_label,
                        struct list_head *rule_list)
@@ -93,13 +98,10 @@ int smk_access_entry(char *subject_label, char *object_label,
        struct smack_rule *srp;
        list_for_each_entry_rcu(srp, rule_list, list) {
-                if (srp->smk_subject == subject_label ||
+                if (srp->smk_object == object_label &&
-                    strcmp(srp->smk_subject, subject_label) == 0) {
+                    srp->smk_subject == subject_label) {
-                        if (srp->smk_object == object_label ||
+                        may = srp->smk_access;
-                            strcmp(srp->smk_object, object_label) == 0) {
+                        break;
-                                may = srp->smk_access;
-                                break;
-                        }
                }
        }
@@ -117,18 +119,12 @@ int smk_access_entry(char *subject_label, char *object_label,
 * access rule list and returns 0 if the access is permitted,
 * non zero otherwise.
 *
- * Even though Smack labels are usually shared on smack_list
+ * Smack labels are shared on smack_list
- * labels that come in off the network can't be imported
- * and added to the list for locking reasons.
- *
- * Therefore, it is necessary to check the contents of the labels,
- * not just the pointer values. Of course, in most cases the labels
- * will be on the list, so checking the pointers may be a worthwhile
- * optimization.
 */
 int smk_access(char *subject_label, char *object_label, int request,
               struct smk_audit_info *a)
 {
+        struct smack_known *skp;
        int may = MAY_NOT;
        int rc = 0;
@@ -137,8 +133,7 @@ int smk_access(char *subject_label, char *object_label, int request,
         *
         * A star subject can't access any object.
         */
-        if (subject_label == smack_known_star.smk_known ||
+        if (subject_label == smack_known_star.smk_known) {
-            strcmp(subject_label, smack_known_star.smk_known) == 0) {
                rc = -EACCES;
                goto out_audit;
        }
@@ -148,33 +143,27 @@ int smk_access(char *subject_label, char *object_label, int request,
         * An internet subject can access any object.
         */
        if (object_label == smack_known_web.smk_known ||
-            subject_label == smack_known_web.smk_known ||
+            subject_label == smack_known_web.smk_known)
-            strcmp(object_label, smack_known_web.smk_known) == 0 ||
-            strcmp(subject_label, smack_known_web.smk_known) == 0)
                goto out_audit;
        /*
         * A star object can be accessed by any subject.
         */
-        if (object_label == smack_known_star.smk_known ||
+        if (object_label == smack_known_star.smk_known)
-            strcmp(object_label, smack_known_star.smk_known) == 0)
                goto out_audit;
        /*
         * An object can be accessed in any way by a subject
         * with the same label.
         */
-        if (subject_label == object_label ||
+        if (subject_label == object_label)
-            strcmp(subject_label, object_label) == 0)
                goto out_audit;
        /*
         * A hat subject can read any object.
         * A floor object can be read by any subject.
         */
        if ((request & MAY_ANYREAD) == request) {
-                if (object_label == smack_known_floor.smk_known ||
+                if (object_label == smack_known_floor.smk_known)
-                    strcmp(object_label, smack_known_floor.smk_known) == 0)
                        goto out_audit;
-                if (subject_label == smack_known_hat.smk_known ||
+                if (subject_label == smack_known_hat.smk_known)
-                    strcmp(subject_label, smack_known_hat.smk_known) == 0)
                        goto out_audit;
        }
        /*
@@ -184,8 +173,9 @@ int smk_access(char *subject_label, char *object_label, int request,
         * good. A negative response from smk_access_entry()
         * indicates there is no entry for this pair.
         */
+        skp = smk_find_entry(subject_label);
        rcu_read_lock();
-        may = smk_access_entry(subject_label, object_label, &smack_rule_list);
+        may = smk_access_entry(subject_label, object_label, &skp->smk_rules);
        rcu_read_unlock();
        if (may > 0 && (request & may) == request)
@@ -344,17 +334,32 @@ void smack_log(char *subject_label, char *object_label, int request,
 static DEFINE_MUTEX(smack_known_lock);
 /**
- * smk_import_entry - import a label, return the list entry
+ * smk_find_entry - find a label on the list, return the list entry
 * @string: a text string that might be a Smack label
- * @len: the maximum size, or zero if it is NULL terminated.
 *
 * Returns a pointer to the entry in the label list that
- * matches the passed string, adding it if necessary.
+ * matches the passed string.
 */
-struct smack_known *smk_import_entry(const char *string, int len)
+struct smack_known *smk_find_entry(const char *string)
 {
        struct smack_known *skp;
-        char smack[SMK_LABELLEN];
+        list_for_each_entry_rcu(skp, &smack_known_list, list) {
+                if (strncmp(skp->smk_known, string, SMK_MAXLEN) == 0)
+                        return skp;
+        }
+        return NULL;
+}
+/**
+ * smk_parse_smack - parse smack label from a text string
+ * @string: a text string that might contain a Smack label
+ * @len: the maximum size, or zero if it is NULL terminated.
+ * @smack: parsed smack label, or NULL if parse error
+ */
+void smk_parse_smack(const char *string, int len, char *smack)
+{
        int found;
        int i;
@@ -372,27 +377,38 @@ struct smack_known *smk_import_entry(const char *string, int len)
                } else
                        smack[i] = string[i];
        }
+}
+/**
+ * smk_import_entry - import a label, return the list entry
+ * @string: a text string that might be a Smack label
+ * @len: the maximum size, or zero if it is NULL terminated.
+ *
+ * Returns a pointer to the entry in the label list that
+ * matches the passed string, adding it if necessary.
+ */
+struct smack_known *smk_import_entry(const char *string, int len)
+{
+        struct smack_known *skp;
+        char smack[SMK_LABELLEN];
+        smk_parse_smack(string, len, smack);
        if (smack[0] == '\0')
                return NULL;
        mutex_lock(&smack_known_lock);
-        found = 0;
+        skp = smk_find_entry(smack);
-        list_for_each_entry_rcu(skp, &smack_known_list, list) {
-                if (strncmp(skp->smk_known, smack, SMK_MAXLEN) == 0) {
-                        found = 1;
-                        break;
-                }
-        }
-        if (found == 0) {
+        if (skp == NULL) {
                skp = kzalloc(sizeof(struct smack_known), GFP_KERNEL);
                if (skp != NULL) {
                        strncpy(skp->smk_known, smack, SMK_MAXLEN);
                        skp->smk_secid = smack_next_secid++;
                        skp->smk_cipso = NULL;
+                        INIT_LIST_HEAD(&skp->smk_rules);
                        spin_lock_init(&skp->smk_cipsolock);
+                        mutex_init(&skp->smk_rules_lock);
                        /*
                         * Make sure that the entry is actually
                         * filled before putting it on the list.
@@ -480,19 +496,12 @@ u32 smack_to_secid(const char *smack)
 * smack_from_cipso - find the Smack label associated with a CIPSO option
 * @level: Bell & LaPadula level from the network
 * @cp: Bell & LaPadula categories from the network
- * @result: where to put the Smack value
 *
 * This is a simple lookup in the label table.
 *
- * This is an odd duck as far as smack handling goes in that
+ * Return the matching label from the label list or NULL.
- * it sends back a copy of the smack label rather than a pointer
- * to the master list. This is done because it is possible for
- * a foreign host to send a smack label that is new to this
- * machine and hence not on the list. That would not be an
- * issue except that adding an entry to the master list can't
- * be done at that point.
 */
-void smack_from_cipso(u32 level, char *cp, char *result)
+char *smack_from_cipso(u32 level, char *cp)
 {
        struct smack_known *kp;
        char *final = NULL;
@@ -509,12 +518,13 @@ void smack_from_cipso(u32 level, char *cp, char *result)
                        final = kp->smk_known;
                spin_unlock_bh(&kp->smk_cipsolock);
+                if (final != NULL)
+                        break;
        }
        rcu_read_unlock();
-        if (final == NULL)
-                final = smack_known_huh.smk_known;
+        return final;
-        strncpy(result, final, SMK_MAXLEN);
-        return;
 }
 /**

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 9637e107f7ea..cc7cb6edba08 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c
@@ -77,14 +77,19 @@ int log_policy = SMACK_AUDIT_DENIED;
77	* entry is found returns -ENOENT.	77	* entry is found returns -ENOENT.
78	*	78	*
79	* NOTE:	79	* NOTE:
80	* Even though Smack labels are usually shared on smack_list
81	* labels that come in off the network can't be imported
82	* and added to the list for locking reasons.
83	*	80	*
84	* Therefore, it is necessary to check the contents of the labels,	81	* Earlier versions of this function allowed for labels that
85	* not just the pointer values. Of course, in most cases the labels	82	* were not on the label list. This was done to allow for
86	* will be on the list, so checking the pointers may be a worthwhile	83	* labels to come over the network that had never been seen
87	* optimization.	84	* before on this host. Unless the receiving socket has the
		85	* star label this will always result in a failure check. The
		86	* star labeled socket case is now handled in the networking
		87	* hooks so there is no case where the label is not on the
		88	* label list. Checking to see if the address of two labels
		89	* is the same is now a reliable test.
		90	*
		91	* Do the object check first because that is more
		92	* likely to differ.
88	*/	93	*/
89	int smk_access_entry(char subject_label, char object_label,	94	int smk_access_entry(char subject_label, char object_label,
90	struct list_head *rule_list)	95	struct list_head *rule_list)
@@ -93,13 +98,10 @@ int smk_access_entry(char subject_label, char object_label,
93	struct smack_rule *srp;	98	struct smack_rule *srp;
94		99
95	list_for_each_entry_rcu(srp, rule_list, list) {	100	list_for_each_entry_rcu(srp, rule_list, list) {
96	if (srp->smk_subject == subject_label \|\|	101	if (srp->smk_object == object_label &&
97	strcmp(srp->smk_subject, subject_label) == 0) {	102	srp->smk_subject == subject_label) {
98	if (srp->smk_object == object_label \|\|	103	may = srp->smk_access;
99	strcmp(srp->smk_object, object_label) == 0) {	104	break;
100	may = srp->smk_access;
101	break;
102	}
103	}	105	}
104	}	106	}
105		107
@@ -117,18 +119,12 @@ int smk_access_entry(char subject_label, char object_label,
117	* access rule list and returns 0 if the access is permitted,	119	* access rule list and returns 0 if the access is permitted,
118	* non zero otherwise.	120	* non zero otherwise.
119	*	121	*
120	* Even though Smack labels are usually shared on smack_list	122	* Smack labels are shared on smack_list
121	* labels that come in off the network can't be imported
122	* and added to the list for locking reasons.
123	*
124	* Therefore, it is necessary to check the contents of the labels,
125	* not just the pointer values. Of course, in most cases the labels
126	* will be on the list, so checking the pointers may be a worthwhile
127	* optimization.
128	*/	123	*/
129	int smk_access(char subject_label, char object_label, int request,	124	int smk_access(char subject_label, char object_label, int request,
130	struct smk_audit_info *a)	125	struct smk_audit_info *a)
131	{	126	{
		127	struct smack_known *skp;
132	int may = MAY_NOT;	128	int may = MAY_NOT;
133	int rc = 0;	129	int rc = 0;
134		130
@@ -137,8 +133,7 @@ int smk_access(char subject_label, char object_label, int request,
137	*	133	*
138	* A star subject can't access any object.	134	* A star subject can't access any object.
139	*/	135	*/
140	if (subject_label == smack_known_star.smk_known \|\|	136	if (subject_label == smack_known_star.smk_known) {
141	strcmp(subject_label, smack_known_star.smk_known) == 0) {
142	rc = -EACCES;	137	rc = -EACCES;
143	goto out_audit;	138	goto out_audit;
144	}	139	}
@@ -148,33 +143,27 @@ int smk_access(char subject_label, char object_label, int request,
148	* An internet subject can access any object.	143	* An internet subject can access any object.
149	*/	144	*/
150	if (object_label == smack_known_web.smk_known \|\|	145	if (object_label == smack_known_web.smk_known \|\|
151	subject_label == smack_known_web.smk_known \|\|	146	subject_label == smack_known_web.smk_known)
152	strcmp(object_label, smack_known_web.smk_known) == 0 \|\|
153	strcmp(subject_label, smack_known_web.smk_known) == 0)
154	goto out_audit;	147	goto out_audit;
155	/*	148	/*
156	* A star object can be accessed by any subject.	149	* A star object can be accessed by any subject.
157	*/	150	*/
158	if (object_label == smack_known_star.smk_known \|\|	151	if (object_label == smack_known_star.smk_known)
159	strcmp(object_label, smack_known_star.smk_known) == 0)
160	goto out_audit;	152	goto out_audit;
161	/*	153	/*
162	* An object can be accessed in any way by a subject	154	* An object can be accessed in any way by a subject
163	* with the same label.	155	* with the same label.
164	*/	156	*/
165	if (subject_label == object_label \|\|	157	if (subject_label == object_label)
166	strcmp(subject_label, object_label) == 0)
167	goto out_audit;	158	goto out_audit;
168	/*	159	/*
169	* A hat subject can read any object.	160	* A hat subject can read any object.
170	* A floor object can be read by any subject.	161	* A floor object can be read by any subject.
171	*/	162	*/
172	if ((request & MAY_ANYREAD) == request) {	163	if ((request & MAY_ANYREAD) == request) {
173	if (object_label == smack_known_floor.smk_known \|\|	164	if (object_label == smack_known_floor.smk_known)
174	strcmp(object_label, smack_known_floor.smk_known) == 0)
175	goto out_audit;	165	goto out_audit;
176	if (subject_label == smack_known_hat.smk_known \|\|	166	if (subject_label == smack_known_hat.smk_known)
177	strcmp(subject_label, smack_known_hat.smk_known) == 0)
178	goto out_audit;	167	goto out_audit;
179	}	168	}
180	/*	169	/*
@@ -184,8 +173,9 @@ int smk_access(char subject_label, char object_label, int request,
184	* good. A negative response from smk_access_entry()	173	* good. A negative response from smk_access_entry()
185	* indicates there is no entry for this pair.	174	* indicates there is no entry for this pair.
186	*/	175	*/
		176	skp = smk_find_entry(subject_label);
187	rcu_read_lock();	177	rcu_read_lock();
188	may = smk_access_entry(subject_label, object_label, &smack_rule_list);	178	may = smk_access_entry(subject_label, object_label, &skp->smk_rules);
189	rcu_read_unlock();	179	rcu_read_unlock();
190		180
191	if (may > 0 && (request & may) == request)	181	if (may > 0 && (request & may) == request)
@@ -344,17 +334,32 @@ void smack_log(char subject_label, char object_label, int request,
344	static DEFINE_MUTEX(smack_known_lock);	334	static DEFINE_MUTEX(smack_known_lock);
345		335
346	/**	336	/**
347	* smk_import_entry - import a label, return the list entry	337	* smk_find_entry - find a label on the list, return the list entry
348	* @string: a text string that might be a Smack label	338	* @string: a text string that might be a Smack label
349	* @len: the maximum size, or zero if it is NULL terminated.
350	*	339	*
351	* Returns a pointer to the entry in the label list that	340	* Returns a pointer to the entry in the label list that
352	* matches the passed string, adding it if necessary.	341	* matches the passed string.
353	*/	342	*/
354	struct smack_known smk_import_entry(const char string, int len)	343	struct smack_known smk_find_entry(const char string)
355	{	344	{
356	struct smack_known *skp;	345	struct smack_known *skp;
357	char smack[SMK_LABELLEN];	346
		347	list_for_each_entry_rcu(skp, &smack_known_list, list) {
		348	if (strncmp(skp->smk_known, string, SMK_MAXLEN) == 0)
		349	return skp;
		350	}
		351
		352	return NULL;
		353	}
		354
		355	/**
		356	* smk_parse_smack - parse smack label from a text string
		357	* @string: a text string that might contain a Smack label
		358	* @len: the maximum size, or zero if it is NULL terminated.
		359	* @smack: parsed smack label, or NULL if parse error
		360	*/
		361	void smk_parse_smack(const char string, int len, char smack)
		362	{
358	int found;	363	int found;
359	int i;	364	int i;
360		365
@@ -372,27 +377,38 @@ struct smack_known smk_import_entry(const char string, int len)
372	} else	377	} else
373	smack[i] = string[i];	378	smack[i] = string[i];
374	}	379	}
		380	}
		381
		382	/**
		383	* smk_import_entry - import a label, return the list entry
		384	* @string: a text string that might be a Smack label
		385	* @len: the maximum size, or zero if it is NULL terminated.
		386	*
		387	* Returns a pointer to the entry in the label list that
		388	* matches the passed string, adding it if necessary.
		389	*/
		390	struct smack_known smk_import_entry(const char string, int len)
		391	{
		392	struct smack_known *skp;
		393	char smack[SMK_LABELLEN];
375		394
		395	smk_parse_smack(string, len, smack);
376	if (smack[0] == '\0')	396	if (smack[0] == '\0')
377	return NULL;	397	return NULL;
378		398
379	mutex_lock(&smack_known_lock);	399	mutex_lock(&smack_known_lock);
380		400
381	found = 0;	401	skp = smk_find_entry(smack);
382	list_for_each_entry_rcu(skp, &smack_known_list, list) {
383	if (strncmp(skp->smk_known, smack, SMK_MAXLEN) == 0) {
384	found = 1;
385	break;
386	}
387	}
388		402
389	if (found == 0) {	403	if (skp == NULL) {
390	skp = kzalloc(sizeof(struct smack_known), GFP_KERNEL);	404	skp = kzalloc(sizeof(struct smack_known), GFP_KERNEL);
391	if (skp != NULL) {	405	if (skp != NULL) {
392	strncpy(skp->smk_known, smack, SMK_MAXLEN);	406	strncpy(skp->smk_known, smack, SMK_MAXLEN);
393	skp->smk_secid = smack_next_secid++;	407	skp->smk_secid = smack_next_secid++;
394	skp->smk_cipso = NULL;	408	skp->smk_cipso = NULL;
		409	INIT_LIST_HEAD(&skp->smk_rules);
395	spin_lock_init(&skp->smk_cipsolock);	410	spin_lock_init(&skp->smk_cipsolock);
		411	mutex_init(&skp->smk_rules_lock);
396	/*	412	/*
397	* Make sure that the entry is actually	413	* Make sure that the entry is actually
398	* filled before putting it on the list.	414	* filled before putting it on the list.
@@ -480,19 +496,12 @@ u32 smack_to_secid(const char *smack)
480	* smack_from_cipso - find the Smack label associated with a CIPSO option	496	* smack_from_cipso - find the Smack label associated with a CIPSO option
481	* @level: Bell & LaPadula level from the network	497	* @level: Bell & LaPadula level from the network
482	* @cp: Bell & LaPadula categories from the network	498	* @cp: Bell & LaPadula categories from the network
483	* @result: where to put the Smack value
484	*	499	*
485	* This is a simple lookup in the label table.	500	* This is a simple lookup in the label table.
486	*	501	*
487	* This is an odd duck as far as smack handling goes in that	502	* Return the matching label from the label list or NULL.
488	* it sends back a copy of the smack label rather than a pointer
489	* to the master list. This is done because it is possible for
490	* a foreign host to send a smack label that is new to this
491	* machine and hence not on the list. That would not be an
492	* issue except that adding an entry to the master list can't
493	* be done at that point.
494	*/	503	*/
495	void smack_from_cipso(u32 level, char cp, char result)	504	char smack_from_cipso(u32 level, char cp)
496	{	505	{
497	struct smack_known *kp;	506	struct smack_known *kp;
498	char *final = NULL;	507	char *final = NULL;
@@ -509,12 +518,13 @@ void smack_from_cipso(u32 level, char cp, char result)
509	final = kp->smk_known;	518	final = kp->smk_known;
510		519
511	spin_unlock_bh(&kp->smk_cipsolock);	520	spin_unlock_bh(&kp->smk_cipsolock);
		521
		522	if (final != NULL)
		523	break;
512	}	524	}
513	rcu_read_unlock();	525	rcu_read_unlock();
514	if (final == NULL)	526
515	final = smack_known_huh.smk_known;	527	return final;
516	strncpy(result, final, SMK_MAXLEN);
517	return;
518	}	528	}
519		529
520	/**	530	/**