diff options
author | Jarkko Sakkinen <jarkko.sakkinen@intel.com> | 2011-09-08 03:12:01 -0400 |
---|---|---|
committer | Casey Schaufler <cschaufler@cschaufler-intel.(none)> | 2011-10-12 17:21:32 -0400 |
commit | 828716c28fe4aa232ea280ea8ed6fb103eefb6ac (patch) | |
tree | f75377cf3e770a9a67feb64fb8bef867735a975b | |
parent | 545a7260343bbaf11c7f1a4b8c3d9660bb9266e5 (diff) |
Smack: check permissions from user space (v2)
Adds a new file into SmackFS called 'access'. Wanted
Smack permission is written into /smack/access.
After that result can be read from the opened file.
If access applies result contains 1 and otherwise
0. File access is protected from race conditions
by using simple_transaction_get()/set() API.
Fixes from the previous version:
- Removed smack.h changes, refactoring left-over
from previous version.
- Removed #include <linux/smack.h>, refactoring
left-over from previous version.
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
Signed-off-by: Casey Schaufler <cschaufler@cschaufler-intel.(none)>
-rw-r--r-- | security/smack/smackfs.c | 180 |
1 files changed, 117 insertions, 63 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index f93460156dce..f4c28eeba1b1 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
@@ -44,6 +44,7 @@ enum smk_inos { | |||
44 | SMK_ONLYCAP = 9, /* the only "capable" label */ | 44 | SMK_ONLYCAP = 9, /* the only "capable" label */ |
45 | SMK_LOGGING = 10, /* logging */ | 45 | SMK_LOGGING = 10, /* logging */ |
46 | SMK_LOAD_SELF = 11, /* task specific rules */ | 46 | SMK_LOAD_SELF = 11, /* task specific rules */ |
47 | SMK_ACCESSES = 12, /* access policy */ | ||
47 | }; | 48 | }; |
48 | 49 | ||
49 | /* | 50 | /* |
@@ -176,71 +177,19 @@ static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list, | |||
176 | } | 177 | } |
177 | 178 | ||
178 | /** | 179 | /** |
179 | * smk_write_load_list - write() for any /smack/load | 180 | * smk_parse_rule - parse subject, object and access type |
180 | * @file: file pointer, not actually used | 181 | * @data: string to be parsed whose size is SMK_LOADLEN |
181 | * @buf: where to get the data from | 182 | * @rule: parsed entities are stored in here |
182 | * @count: bytes sent | ||
183 | * @ppos: where to start - must be 0 | ||
184 | * @rule_list: the list of rules to write to | ||
185 | * @rule_lock: lock for the rule list | ||
186 | * | ||
187 | * Get one smack access rule from above. | ||
188 | * The format is exactly: | ||
189 | * char subject[SMK_LABELLEN] | ||
190 | * char object[SMK_LABELLEN] | ||
191 | * char access[SMK_ACCESSLEN] | ||
192 | * | ||
193 | * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. | ||
194 | */ | 183 | */ |
195 | static ssize_t smk_write_load_list(struct file *file, const char __user *buf, | 184 | static int smk_parse_rule(const char *data, struct smack_rule *rule) |
196 | size_t count, loff_t *ppos, | ||
197 | struct list_head *rule_list, | ||
198 | struct mutex *rule_lock) | ||
199 | { | 185 | { |
200 | struct smack_rule *rule; | ||
201 | char *data; | ||
202 | int rc = -EINVAL; | ||
203 | |||
204 | /* | ||
205 | * No partial writes. | ||
206 | * Enough data must be present. | ||
207 | */ | ||
208 | if (*ppos != 0) | ||
209 | return -EINVAL; | ||
210 | /* | ||
211 | * Minor hack for backward compatibility | ||
212 | */ | ||
213 | if (count < (SMK_OLOADLEN) || count > SMK_LOADLEN) | ||
214 | return -EINVAL; | ||
215 | |||
216 | data = kzalloc(SMK_LOADLEN, GFP_KERNEL); | ||
217 | if (data == NULL) | ||
218 | return -ENOMEM; | ||
219 | |||
220 | if (copy_from_user(data, buf, count) != 0) { | ||
221 | rc = -EFAULT; | ||
222 | goto out; | ||
223 | } | ||
224 | |||
225 | /* | ||
226 | * More on the minor hack for backward compatibility | ||
227 | */ | ||
228 | if (count == (SMK_OLOADLEN)) | ||
229 | data[SMK_OLOADLEN] = '-'; | ||
230 | |||
231 | rule = kzalloc(sizeof(*rule), GFP_KERNEL); | ||
232 | if (rule == NULL) { | ||
233 | rc = -ENOMEM; | ||
234 | goto out; | ||
235 | } | ||
236 | |||
237 | rule->smk_subject = smk_import(data, 0); | 186 | rule->smk_subject = smk_import(data, 0); |
238 | if (rule->smk_subject == NULL) | 187 | if (rule->smk_subject == NULL) |
239 | goto out_free_rule; | 188 | return -1; |
240 | 189 | ||
241 | rule->smk_object = smk_import(data + SMK_LABELLEN, 0); | 190 | rule->smk_object = smk_import(data + SMK_LABELLEN, 0); |
242 | if (rule->smk_object == NULL) | 191 | if (rule->smk_object == NULL) |
243 | goto out_free_rule; | 192 | return -1; |
244 | 193 | ||
245 | rule->smk_access = 0; | 194 | rule->smk_access = 0; |
246 | 195 | ||
@@ -252,7 +201,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf, | |||
252 | rule->smk_access |= MAY_READ; | 201 | rule->smk_access |= MAY_READ; |
253 | break; | 202 | break; |
254 | default: | 203 | default: |
255 | goto out_free_rule; | 204 | return -1; |
256 | } | 205 | } |
257 | 206 | ||
258 | switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) { | 207 | switch (data[SMK_LABELLEN + SMK_LABELLEN + 1]) { |
@@ -263,7 +212,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf, | |||
263 | rule->smk_access |= MAY_WRITE; | 212 | rule->smk_access |= MAY_WRITE; |
264 | break; | 213 | break; |
265 | default: | 214 | default: |
266 | goto out_free_rule; | 215 | return -1; |
267 | } | 216 | } |
268 | 217 | ||
269 | switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) { | 218 | switch (data[SMK_LABELLEN + SMK_LABELLEN + 2]) { |
@@ -274,7 +223,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf, | |||
274 | rule->smk_access |= MAY_EXEC; | 223 | rule->smk_access |= MAY_EXEC; |
275 | break; | 224 | break; |
276 | default: | 225 | default: |
277 | goto out_free_rule; | 226 | return -1; |
278 | } | 227 | } |
279 | 228 | ||
280 | switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) { | 229 | switch (data[SMK_LABELLEN + SMK_LABELLEN + 3]) { |
@@ -285,7 +234,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf, | |||
285 | rule->smk_access |= MAY_APPEND; | 234 | rule->smk_access |= MAY_APPEND; |
286 | break; | 235 | break; |
287 | default: | 236 | default: |
288 | goto out_free_rule; | 237 | return -1; |
289 | } | 238 | } |
290 | 239 | ||
291 | switch (data[SMK_LABELLEN + SMK_LABELLEN + 4]) { | 240 | switch (data[SMK_LABELLEN + SMK_LABELLEN + 4]) { |
@@ -296,9 +245,74 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf, | |||
296 | rule->smk_access |= MAY_TRANSMUTE; | 245 | rule->smk_access |= MAY_TRANSMUTE; |
297 | break; | 246 | break; |
298 | default: | 247 | default: |
299 | goto out_free_rule; | 248 | return -1; |
300 | } | 249 | } |
301 | 250 | ||
251 | return 0; | ||
252 | } | ||
253 | |||
254 | /** | ||
255 | * smk_write_load_list - write() for any /smack/load | ||
256 | * @file: file pointer, not actually used | ||
257 | * @buf: where to get the data from | ||
258 | * @count: bytes sent | ||
259 | * @ppos: where to start - must be 0 | ||
260 | * @rule_list: the list of rules to write to | ||
261 | * @rule_lock: lock for the rule list | ||
262 | * | ||
263 | * Get one smack access rule from above. | ||
264 | * The format is exactly: | ||
265 | * char subject[SMK_LABELLEN] | ||
266 | * char object[SMK_LABELLEN] | ||
267 | * char access[SMK_ACCESSLEN] | ||
268 | * | ||
269 | * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. | ||
270 | */ | ||
271 | static ssize_t smk_write_load_list(struct file *file, const char __user *buf, | ||
272 | size_t count, loff_t *ppos, | ||
273 | struct list_head *rule_list, | ||
274 | struct mutex *rule_lock) | ||
275 | { | ||
276 | struct smack_rule *rule; | ||
277 | char *data; | ||
278 | int rc = -EINVAL; | ||
279 | |||
280 | /* | ||
281 | * No partial writes. | ||
282 | * Enough data must be present. | ||
283 | */ | ||
284 | if (*ppos != 0) | ||
285 | return -EINVAL; | ||
286 | /* | ||
287 | * Minor hack for backward compatibility | ||
288 | */ | ||
289 | if (count < (SMK_OLOADLEN) || count > SMK_LOADLEN) | ||
290 | return -EINVAL; | ||
291 | |||
292 | data = kzalloc(SMK_LOADLEN, GFP_KERNEL); | ||
293 | if (data == NULL) | ||
294 | return -ENOMEM; | ||
295 | |||
296 | if (copy_from_user(data, buf, count) != 0) { | ||
297 | rc = -EFAULT; | ||
298 | goto out; | ||
299 | } | ||
300 | |||
301 | /* | ||
302 | * More on the minor hack for backward compatibility | ||
303 | */ | ||
304 | if (count == (SMK_OLOADLEN)) | ||
305 | data[SMK_OLOADLEN] = '-'; | ||
306 | |||
307 | rule = kzalloc(sizeof(*rule), GFP_KERNEL); | ||
308 | if (rule == NULL) { | ||
309 | rc = -ENOMEM; | ||
310 | goto out; | ||
311 | } | ||
312 | |||
313 | if (smk_parse_rule(data, rule)) | ||
314 | goto out_free_rule; | ||
315 | |||
302 | rc = count; | 316 | rc = count; |
303 | /* | 317 | /* |
304 | * smk_set_access returns true if there was already a rule | 318 | * smk_set_access returns true if there was already a rule |
@@ -1425,6 +1439,44 @@ static const struct file_operations smk_load_self_ops = { | |||
1425 | .write = smk_write_load_self, | 1439 | .write = smk_write_load_self, |
1426 | .release = seq_release, | 1440 | .release = seq_release, |
1427 | }; | 1441 | }; |
1442 | |||
1443 | /** | ||
1444 | * smk_write_access - handle access check transaction | ||
1445 | * @file: file pointer | ||
1446 | * @buf: data from user space | ||
1447 | * @count: bytes sent | ||
1448 | * @ppos: where to start - must be 0 | ||
1449 | */ | ||
1450 | static ssize_t smk_write_access(struct file *file, const char __user *buf, | ||
1451 | size_t count, loff_t *ppos) | ||
1452 | { | ||
1453 | struct smack_rule rule; | ||
1454 | char *data; | ||
1455 | |||
1456 | if (!capable(CAP_MAC_ADMIN)) | ||
1457 | return -EPERM; | ||
1458 | |||
1459 | data = simple_transaction_get(file, buf, count); | ||
1460 | if (IS_ERR(data)) | ||
1461 | return PTR_ERR(data); | ||
1462 | |||
1463 | if (count < SMK_LOADLEN || smk_parse_rule(data, &rule)) | ||
1464 | return -EINVAL; | ||
1465 | |||
1466 | data[0] = smk_access(rule.smk_subject, rule.smk_object, | ||
1467 | rule.smk_access, NULL) == 0; | ||
1468 | |||
1469 | simple_transaction_set(file, 1); | ||
1470 | return SMK_LOADLEN; | ||
1471 | } | ||
1472 | |||
1473 | static const struct file_operations smk_access_ops = { | ||
1474 | .write = smk_write_access, | ||
1475 | .read = simple_transaction_read, | ||
1476 | .release = simple_transaction_release, | ||
1477 | .llseek = generic_file_llseek, | ||
1478 | }; | ||
1479 | |||
1428 | /** | 1480 | /** |
1429 | * smk_fill_super - fill the /smackfs superblock | 1481 | * smk_fill_super - fill the /smackfs superblock |
1430 | * @sb: the empty superblock | 1482 | * @sb: the empty superblock |
@@ -1459,6 +1511,8 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) | |||
1459 | "logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, | 1511 | "logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, |
1460 | [SMK_LOAD_SELF] = { | 1512 | [SMK_LOAD_SELF] = { |
1461 | "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO}, | 1513 | "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO}, |
1514 | [SMK_ACCESSES] = { | ||
1515 | "access", &smk_access_ops, S_IRUGO|S_IWUSR}, | ||
1462 | /* last one */ | 1516 | /* last one */ |
1463 | {""} | 1517 | {""} |
1464 | }; | 1518 | }; |