diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2008-02-15 18:24:25 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-19 10:51:00 -0500 |
| commit | 4bc87e62775052aac0be7574d5f84ff06f61c6b4 (patch) | |
| tree | 23063e82de8f7b7506d795919d7d4c13725e74a0 /security/smack/smackfs.c | |
| parent | 9a4c8546f3e7c893888bccc2b3416d6214f2664a (diff) | |
Smack: unlabeled outgoing ambient packets
Smack uses CIPSO labeling, but allows for unlabeled packets by
specifying an "ambient" label that is applied to incoming unlabeled
packets.
Because the other end of the connection may dislike IP options, and ssh
is one know application that behaves thus, it is prudent to respond in
kind.
This patch changes the network labeling behavior such that an outgoing
packet that would be given a CIPSO label that matches the ambient label
is left unlabeled. An "unlbl" domain is added and the netlabel
defaulting mechanism invoked rather than assuming that everything is
CIPSO. Locking has been added around changes to the ambient label as
the mechanisms used to do so are more involved.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/smack/smackfs.c')
| -rw-r--r-- | security/smack/smackfs.c | 61 |
1 files changed, 46 insertions, 15 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 15aa37f65b39..358c92c1a153 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
| @@ -24,6 +24,7 @@ | |||
| 24 | #include <net/cipso_ipv4.h> | 24 | #include <net/cipso_ipv4.h> |
| 25 | #include <linux/seq_file.h> | 25 | #include <linux/seq_file.h> |
| 26 | #include <linux/ctype.h> | 26 | #include <linux/ctype.h> |
| 27 | #include <linux/audit.h> | ||
| 27 | #include "smack.h" | 28 | #include "smack.h" |
| 28 | 29 | ||
| 29 | /* | 30 | /* |
| @@ -45,6 +46,7 @@ enum smk_inos { | |||
| 45 | */ | 46 | */ |
| 46 | static DEFINE_MUTEX(smack_list_lock); | 47 | static DEFINE_MUTEX(smack_list_lock); |
| 47 | static DEFINE_MUTEX(smack_cipso_lock); | 48 | static DEFINE_MUTEX(smack_cipso_lock); |
| 49 | static DEFINE_MUTEX(smack_ambient_lock); | ||
| 48 | 50 | ||
| 49 | /* | 51 | /* |
| 50 | * This is the "ambient" label for network traffic. | 52 | * This is the "ambient" label for network traffic. |
| @@ -342,6 +344,9 @@ void smk_cipso_doi(void) | |||
| 342 | struct cipso_v4_doi *doip; | 344 | struct cipso_v4_doi *doip; |
| 343 | struct netlbl_audit audit_info; | 345 | struct netlbl_audit audit_info; |
| 344 | 346 | ||
| 347 | audit_info.loginuid = audit_get_loginuid(current); | ||
| 348 | audit_info.secid = smack_to_secid(current->security); | ||
| 349 | |||
| 345 | rc = netlbl_cfg_map_del(NULL, &audit_info); | 350 | rc = netlbl_cfg_map_del(NULL, &audit_info); |
| 346 | if (rc != 0) | 351 | if (rc != 0) |
| 347 | printk(KERN_WARNING "%s:%d remove rc = %d\n", | 352 | printk(KERN_WARNING "%s:%d remove rc = %d\n", |
| @@ -363,6 +368,30 @@ void smk_cipso_doi(void) | |||
| 363 | __func__, __LINE__, rc); | 368 | __func__, __LINE__, rc); |
| 364 | } | 369 | } |
| 365 | 370 | ||
| 371 | /** | ||
| 372 | * smk_unlbl_ambient - initialize the unlabeled domain | ||
| 373 | */ | ||
| 374 | void smk_unlbl_ambient(char *oldambient) | ||
| 375 | { | ||
| 376 | int rc; | ||
| 377 | struct netlbl_audit audit_info; | ||
| 378 | |||
| 379 | audit_info.loginuid = audit_get_loginuid(current); | ||
| 380 | audit_info.secid = smack_to_secid(current->security); | ||
| 381 | |||
| 382 | if (oldambient != NULL) { | ||
| 383 | rc = netlbl_cfg_map_del(oldambient, &audit_info); | ||
| 384 | if (rc != 0) | ||
| 385 | printk(KERN_WARNING "%s:%d remove rc = %d\n", | ||
| 386 | __func__, __LINE__, rc); | ||
| 387 | } | ||
| 388 | |||
| 389 | rc = netlbl_cfg_unlbl_add_map(smack_net_ambient, &audit_info); | ||
| 390 | if (rc != 0) | ||
| 391 | printk(KERN_WARNING "%s:%d add rc = %d\n", | ||
| 392 | __func__, __LINE__, rc); | ||
| 393 | } | ||
| 394 | |||
| 366 | /* | 395 | /* |
| 367 | * Seq_file read operations for /smack/cipso | 396 | * Seq_file read operations for /smack/cipso |
| 368 | */ | 397 | */ |
| @@ -709,7 +738,6 @@ static ssize_t smk_read_ambient(struct file *filp, char __user *buf, | |||
| 709 | size_t cn, loff_t *ppos) | 738 | size_t cn, loff_t *ppos) |
| 710 | { | 739 | { |
| 711 | ssize_t rc; | 740 | ssize_t rc; |
| 712 | char out[SMK_LABELLEN]; | ||
| 713 | int asize; | 741 | int asize; |
| 714 | 742 | ||
| 715 | if (*ppos != 0) | 743 | if (*ppos != 0) |
| @@ -717,23 +745,18 @@ static ssize_t smk_read_ambient(struct file *filp, char __user *buf, | |||
| 717 | /* | 745 | /* |
| 718 | * Being careful to avoid a problem in the case where | 746 | * Being careful to avoid a problem in the case where |
| 719 | * smack_net_ambient gets changed in midstream. | 747 | * smack_net_ambient gets changed in midstream. |
| 720 | * Since smack_net_ambient is always set with a value | ||
| 721 | * from the label list, including initially, and those | ||
| 722 | * never get freed, the worst case is that the pointer | ||
| 723 | * gets changed just after this strncpy, in which case | ||
| 724 | * the value passed up is incorrect. Locking around | ||
| 725 | * smack_net_ambient wouldn't be any better than this | ||
| 726 | * copy scheme as by the time the caller got to look | ||
| 727 | * at the ambient value it would have cleared the lock | ||
| 728 | * and been changed. | ||
| 729 | */ | 748 | */ |
| 730 | strncpy(out, smack_net_ambient, SMK_LABELLEN); | 749 | mutex_lock(&smack_ambient_lock); |
| 731 | asize = strlen(out) + 1; | ||
| 732 | 750 | ||
| 733 | if (cn < asize) | 751 | asize = strlen(smack_net_ambient) + 1; |
| 734 | return -EINVAL; | 752 | |
| 753 | if (cn >= asize) | ||
| 754 | rc = simple_read_from_buffer(buf, cn, ppos, | ||
| 755 | smack_net_ambient, asize); | ||
| 756 | else | ||
| 757 | rc = -EINVAL; | ||
| 735 | 758 | ||
| 736 | rc = simple_read_from_buffer(buf, cn, ppos, out, asize); | 759 | mutex_unlock(&smack_ambient_lock); |
| 737 | 760 | ||
| 738 | return rc; | 761 | return rc; |
| 739 | } | 762 | } |
| @@ -751,6 +774,7 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf, | |||
| 751 | size_t count, loff_t *ppos) | 774 | size_t count, loff_t *ppos) |
| 752 | { | 775 | { |
| 753 | char in[SMK_LABELLEN]; | 776 | char in[SMK_LABELLEN]; |
| 777 | char *oldambient; | ||
| 754 | char *smack; | 778 | char *smack; |
| 755 | 779 | ||
| 756 | if (!capable(CAP_MAC_ADMIN)) | 780 | if (!capable(CAP_MAC_ADMIN)) |
| @@ -766,7 +790,13 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf, | |||
| 766 | if (smack == NULL) | 790 | if (smack == NULL) |
| 767 | return -EINVAL; | 791 | return -EINVAL; |
| 768 | 792 | ||
| 793 | mutex_lock(&smack_ambient_lock); | ||
| 794 | |||
| 795 | oldambient = smack_net_ambient; | ||
| 769 | smack_net_ambient = smack; | 796 | smack_net_ambient = smack; |
| 797 | smk_unlbl_ambient(oldambient); | ||
| 798 | |||
| 799 | mutex_unlock(&smack_ambient_lock); | ||
| 770 | 800 | ||
| 771 | return count; | 801 | return count; |
| 772 | } | 802 | } |
| @@ -974,6 +1004,7 @@ static int __init init_smk_fs(void) | |||
| 974 | 1004 | ||
| 975 | sema_init(&smack_write_sem, 1); | 1005 | sema_init(&smack_write_sem, 1); |
| 976 | smk_cipso_doi(); | 1006 | smk_cipso_doi(); |
| 1007 | smk_unlbl_ambient(NULL); | ||
| 977 | 1008 | ||
| 978 | return err; | 1009 | return err; |
| 979 | } | 1010 | } |