aboutsummaryrefslogtreecommitdiffstats
path: root/security/smack
diff options
context:
space:
mode:
authorEtienne Basset <etienne.basset@numericable.fr>2009-04-08 14:40:06 -0400
committerJames Morris <jmorris@namei.org>2009-04-13 19:00:23 -0400
commitecfcc53fef3c357574bb6143dce6631e6d56295c (patch)
treed7bee04b64c5ad2ba0ed273bff2c8c7c98b3eee5 /security/smack
parent6e837fb152410e571a81aaadbd9884f0bc46a55e (diff)
smack: implement logging V3
the following patch, add logging of Smack security decisions. This is of course very useful to understand what your current smack policy does. As suggested by Casey, it also now forbids labels with ', " or \ It introduces a '/smack/logging' switch : 0: no logging 1: log denied (default) 2: log accepted 3: log denied&accepted Signed-off-by: Etienne Basset <etienne.basset@numericable.fr> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack.h108
-rw-r--r--security/smack/smack_access.c143
-rw-r--r--security/smack/smack_lsm.c390
-rw-r--r--security/smack/smackfs.c66
4 files changed, 597 insertions, 110 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 42ef313f9856..243bec175be0 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -20,6 +20,7 @@
20#include <net/netlabel.h> 20#include <net/netlabel.h>
21#include <linux/list.h> 21#include <linux/list.h>
22#include <linux/rculist.h> 22#include <linux/rculist.h>
23#include <linux/lsm_audit.h>
23 24
24/* 25/*
25 * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is 26 * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is
@@ -179,6 +180,20 @@ struct smack_known {
179#define MAY_NOT 0 180#define MAY_NOT 0
180 181
181/* 182/*
183 * Number of access types used by Smack (rwxa)
184 */
185#define SMK_NUM_ACCESS_TYPE 4
186
187/*
188 * Smack audit data; is empty if CONFIG_AUDIT not set
189 * to save some stack
190 */
191struct smk_audit_info {
192#ifdef CONFIG_AUDIT
193 struct common_audit_data a;
194#endif
195};
196/*
182 * These functions are in smack_lsm.c 197 * These functions are in smack_lsm.c
183 */ 198 */
184struct inode_smack *new_inode_smack(char *); 199struct inode_smack *new_inode_smack(char *);
@@ -186,8 +201,8 @@ struct inode_smack *new_inode_smack(char *);
186/* 201/*
187 * These functions are in smack_access.c 202 * These functions are in smack_access.c
188 */ 203 */
189int smk_access(char *, char *, int); 204int smk_access(char *, char *, int, struct smk_audit_info *);
190int smk_curacc(char *, u32); 205int smk_curacc(char *, u32, struct smk_audit_info *);
191int smack_to_cipso(const char *, struct smack_cipso *); 206int smack_to_cipso(const char *, struct smack_cipso *);
192void smack_from_cipso(u32, char *, char *); 207void smack_from_cipso(u32, char *, char *);
193char *smack_from_secid(const u32); 208char *smack_from_secid(const u32);
@@ -237,4 +252,93 @@ static inline char *smk_of_inode(const struct inode *isp)
237 return sip->smk_inode; 252 return sip->smk_inode;
238} 253}
239 254
255/*
256 * logging functions
257 */
258#define SMACK_AUDIT_DENIED 0x1
259#define SMACK_AUDIT_ACCEPT 0x2
260extern int log_policy;
261
262void smack_log(char *subject_label, char *object_label,
263 int request,
264 int result, struct smk_audit_info *auditdata);
265
266#ifdef CONFIG_AUDIT
267
268/*
269 * some inline functions to set up audit data
270 * they do nothing if CONFIG_AUDIT is not set
271 *
272 */
273static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
274 char type)
275{
276 memset(a, 0, sizeof(*a));
277 a->a.type = type;
278 a->a.function = func;
279}
280
281static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
282 struct task_struct *t)
283{
284 a->a.u.tsk = t;
285}
286static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
287 struct dentry *d)
288{
289 a->a.u.fs.path.dentry = d;
290}
291static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
292 struct vfsmount *m)
293{
294 a->a.u.fs.path.mnt = m;
295}
296static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
297 struct inode *i)
298{
299 a->a.u.fs.inode = i;
300}
301static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
302 struct path p)
303{
304 a->a.u.fs.path = p;
305}
306static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
307 struct sock *sk)
308{
309 a->a.u.net.sk = sk;
310}
311
312#else /* no AUDIT */
313
314static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
315 char type)
316{
317}
318static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
319 struct task_struct *t)
320{
321}
322static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
323 struct dentry *d)
324{
325}
326static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
327 struct vfsmount *m)
328{
329}
330static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
331 struct inode *i)
332{
333}
334static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
335 struct path p)
336{
337}
338static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
339 struct sock *sk)
340{
341}
342#endif
343
240#endif /* _SECURITY_SMACK_H */ 344#endif /* _SECURITY_SMACK_H */
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index ac0a2707f6d4..513dc1aa16dd 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -59,11 +59,18 @@ LIST_HEAD(smack_known_list);
59 */ 59 */
60static u32 smack_next_secid = 10; 60static u32 smack_next_secid = 10;
61 61
62/*
63 * what events do we log
64 * can be overwritten at run-time by /smack/logging
65 */
66int log_policy = SMACK_AUDIT_DENIED;
67
62/** 68/**
63 * smk_access - determine if a subject has a specific access to an object 69 * smk_access - determine if a subject has a specific access to an object
64 * @subject_label: a pointer to the subject's Smack label 70 * @subject_label: a pointer to the subject's Smack label
65 * @object_label: a pointer to the object's Smack label 71 * @object_label: a pointer to the object's Smack label
66 * @request: the access requested, in "MAY" format 72 * @request: the access requested, in "MAY" format
73 * @a : a pointer to the audit data
67 * 74 *
68 * This function looks up the subject/object pair in the 75 * This function looks up the subject/object pair in the
69 * access rule list and returns 0 if the access is permitted, 76 * access rule list and returns 0 if the access is permitted,
@@ -78,10 +85,12 @@ static u32 smack_next_secid = 10;
78 * will be on the list, so checking the pointers may be a worthwhile 85 * will be on the list, so checking the pointers may be a worthwhile
79 * optimization. 86 * optimization.
80 */ 87 */
81int smk_access(char *subject_label, char *object_label, int request) 88int smk_access(char *subject_label, char *object_label, int request,
89 struct smk_audit_info *a)
82{ 90{
83 u32 may = MAY_NOT; 91 u32 may = MAY_NOT;
84 struct smack_rule *srp; 92 struct smack_rule *srp;
93 int rc = 0;
85 94
86 /* 95 /*
87 * Hardcoded comparisons. 96 * Hardcoded comparisons.
@@ -89,8 +98,10 @@ int smk_access(char *subject_label, char *object_label, int request)
89 * A star subject can't access any object. 98 * A star subject can't access any object.
90 */ 99 */
91 if (subject_label == smack_known_star.smk_known || 100 if (subject_label == smack_known_star.smk_known ||
92 strcmp(subject_label, smack_known_star.smk_known) == 0) 101 strcmp(subject_label, smack_known_star.smk_known) == 0) {
93 return -EACCES; 102 rc = -EACCES;
103 goto out_audit;
104 }
94 /* 105 /*
95 * An internet object can be accessed by any subject. 106 * An internet object can be accessed by any subject.
96 * Tasks cannot be assigned the internet label. 107 * Tasks cannot be assigned the internet label.
@@ -100,20 +111,20 @@ int smk_access(char *subject_label, char *object_label, int request)
100 subject_label == smack_known_web.smk_known || 111 subject_label == smack_known_web.smk_known ||
101 strcmp(object_label, smack_known_web.smk_known) == 0 || 112 strcmp(object_label, smack_known_web.smk_known) == 0 ||
102 strcmp(subject_label, smack_known_web.smk_known) == 0) 113 strcmp(subject_label, smack_known_web.smk_known) == 0)
103 return 0; 114 goto out_audit;
104 /* 115 /*
105 * A star object can be accessed by any subject. 116 * A star object can be accessed by any subject.
106 */ 117 */
107 if (object_label == smack_known_star.smk_known || 118 if (object_label == smack_known_star.smk_known ||
108 strcmp(object_label, smack_known_star.smk_known) == 0) 119 strcmp(object_label, smack_known_star.smk_known) == 0)
109 return 0; 120 goto out_audit;
110 /* 121 /*
111 * An object can be accessed in any way by a subject 122 * An object can be accessed in any way by a subject
112 * with the same label. 123 * with the same label.
113 */ 124 */
114 if (subject_label == object_label || 125 if (subject_label == object_label ||
115 strcmp(subject_label, object_label) == 0) 126 strcmp(subject_label, object_label) == 0)
116 return 0; 127 goto out_audit;
117 /* 128 /*
118 * A hat subject can read any object. 129 * A hat subject can read any object.
119 * A floor object can be read by any subject. 130 * A floor object can be read by any subject.
@@ -121,10 +132,10 @@ int smk_access(char *subject_label, char *object_label, int request)
121 if ((request & MAY_ANYREAD) == request) { 132 if ((request & MAY_ANYREAD) == request) {
122 if (object_label == smack_known_floor.smk_known || 133 if (object_label == smack_known_floor.smk_known ||
123 strcmp(object_label, smack_known_floor.smk_known) == 0) 134 strcmp(object_label, smack_known_floor.smk_known) == 0)
124 return 0; 135 goto out_audit;
125 if (subject_label == smack_known_hat.smk_known || 136 if (subject_label == smack_known_hat.smk_known ||
126 strcmp(subject_label, smack_known_hat.smk_known) == 0) 137 strcmp(subject_label, smack_known_hat.smk_known) == 0)
127 return 0; 138 goto out_audit;
128 } 139 }
129 /* 140 /*
130 * Beyond here an explicit relationship is required. 141 * Beyond here an explicit relationship is required.
@@ -148,28 +159,36 @@ int smk_access(char *subject_label, char *object_label, int request)
148 * This is a bit map operation. 159 * This is a bit map operation.
149 */ 160 */
150 if ((request & may) == request) 161 if ((request & may) == request)
151 return 0; 162 goto out_audit;
152 163
153 return -EACCES; 164 rc = -EACCES;
165out_audit:
166#ifdef CONFIG_AUDIT
167 if (a)
168 smack_log(subject_label, object_label, request, rc, a);
169#endif
170 return rc;
154} 171}
155 172
156/** 173/**
157 * smk_curacc - determine if current has a specific access to an object 174 * smk_curacc - determine if current has a specific access to an object
158 * @obj_label: a pointer to the object's Smack label 175 * @obj_label: a pointer to the object's Smack label
159 * @mode: the access requested, in "MAY" format 176 * @mode: the access requested, in "MAY" format
177 * @a : common audit data
160 * 178 *
161 * This function checks the current subject label/object label pair 179 * This function checks the current subject label/object label pair
162 * in the access rule list and returns 0 if the access is permitted, 180 * in the access rule list and returns 0 if the access is permitted,
163 * non zero otherwise. It allows that current may have the capability 181 * non zero otherwise. It allows that current may have the capability
164 * to override the rules. 182 * to override the rules.
165 */ 183 */
166int smk_curacc(char *obj_label, u32 mode) 184int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
167{ 185{
168 int rc; 186 int rc;
187 char *sp = current_security();
169 188
170 rc = smk_access(current_security(), obj_label, mode); 189 rc = smk_access(sp, obj_label, mode, NULL);
171 if (rc == 0) 190 if (rc == 0)
172 return 0; 191 goto out_audit;
173 192
174 /* 193 /*
175 * Return if a specific label has been designated as the 194 * Return if a specific label has been designated as the
@@ -177,14 +196,105 @@ int smk_curacc(char *obj_label, u32 mode)
177 * have that label. 196 * have that label.
178 */ 197 */
179 if (smack_onlycap != NULL && smack_onlycap != current->cred->security) 198 if (smack_onlycap != NULL && smack_onlycap != current->cred->security)
180 return rc; 199 goto out_audit;
181 200
182 if (capable(CAP_MAC_OVERRIDE)) 201 if (capable(CAP_MAC_OVERRIDE))
183 return 0; 202 return 0;
184 203
204out_audit:
205#ifdef CONFIG_AUDIT
206 if (a)
207 smack_log(sp, obj_label, mode, rc, a);
208#endif
185 return rc; 209 return rc;
186} 210}
187 211
212#ifdef CONFIG_AUDIT
213/**
214 * smack_str_from_perm : helper to transalate an int to a
215 * readable string
216 * @string : the string to fill
217 * @access : the int
218 *
219 */
220static inline void smack_str_from_perm(char *string, int access)
221{
222 int i = 0;
223 if (access & MAY_READ)
224 string[i++] = 'r';
225 if (access & MAY_WRITE)
226 string[i++] = 'w';
227 if (access & MAY_EXEC)
228 string[i++] = 'x';
229 if (access & MAY_APPEND)
230 string[i++] = 'a';
231 string[i] = '\0';
232}
233/**
234 * smack_log_callback - SMACK specific information
235 * will be called by generic audit code
236 * @ab : the audit_buffer
237 * @a : audit_data
238 *
239 */
240static void smack_log_callback(struct audit_buffer *ab, void *a)
241{
242 struct common_audit_data *ad = a;
243 struct smack_audit_data *sad = &ad->lsm_priv.smack_audit_data;
244 audit_log_format(ab, "lsm=SMACK fn=%s action=%s", ad->function,
245 sad->result ? "denied" : "granted");
246 audit_log_format(ab, " subject=");
247 audit_log_untrustedstring(ab, sad->subject);
248 audit_log_format(ab, " object=");
249 audit_log_untrustedstring(ab, sad->object);
250 audit_log_format(ab, " requested=%s", sad->request);
251}
252
253/**
254 * smack_log - Audit the granting or denial of permissions.
255 * @subject_label : smack label of the requester
256 * @object_label : smack label of the object being accessed
257 * @request: requested permissions
258 * @result: result from smk_access
259 * @a: auxiliary audit data
260 *
261 * Audit the granting or denial of permissions in accordance
262 * with the policy.
263 */
264void smack_log(char *subject_label, char *object_label, int request,
265 int result, struct smk_audit_info *ad)
266{
267 char request_buffer[SMK_NUM_ACCESS_TYPE + 1];
268 struct smack_audit_data *sad;
269 struct common_audit_data *a = &ad->a;
270
271 /* check if we have to log the current event */
272 if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
273 return;
274 if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
275 return;
276
277 if (a->function == NULL)
278 a->function = "unknown";
279
280 /* end preparing the audit data */
281 sad = &a->lsm_priv.smack_audit_data;
282 smack_str_from_perm(request_buffer, request);
283 sad->subject = subject_label;
284 sad->object = object_label;
285 sad->request = request_buffer;
286 sad->result = result;
287 a->lsm_pre_audit = smack_log_callback;
288
289 common_lsm_audit(a);
290}
291#else /* #ifdef CONFIG_AUDIT */
292void smack_log(char *subject_label, char *object_label, int request,
293 int result, struct smk_audit_info *ad)
294{
295}
296#endif
297
188static DEFINE_MUTEX(smack_known_lock); 298static DEFINE_MUTEX(smack_known_lock);
189 299
190/** 300/**
@@ -209,7 +319,8 @@ struct smack_known *smk_import_entry(const char *string, int len)
209 if (found) 319 if (found)
210 smack[i] = '\0'; 320 smack[i] = '\0';
211 else if (i >= len || string[i] > '~' || string[i] <= ' ' || 321 else if (i >= len || string[i] > '~' || string[i] <= ' ' ||
212 string[i] == '/') { 322 string[i] == '/' || string[i] == '"' ||
323 string[i] == '\\' || string[i] == '\'') {
213 smack[i] = '\0'; 324 smack[i] = '\0';
214 found = 1; 325 found = 1;
215 } else 326 } else
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 921514902eca..f557767911c9 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -30,7 +30,6 @@
30#include <net/netlabel.h> 30#include <net/netlabel.h>
31#include <net/cipso_ipv4.h> 31#include <net/cipso_ipv4.h>
32#include <linux/audit.h> 32#include <linux/audit.h>
33
34#include "smack.h" 33#include "smack.h"
35 34
36#define task_security(task) (task_cred_xxx((task), security)) 35#define task_security(task) (task_cred_xxx((task), security))
@@ -103,14 +102,24 @@ struct inode_smack *new_inode_smack(char *smack)
103static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) 102static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode)
104{ 103{
105 int rc; 104 int rc;
105 struct smk_audit_info ad;
106 char *sp, *tsp;
106 107
107 rc = cap_ptrace_may_access(ctp, mode); 108 rc = cap_ptrace_may_access(ctp, mode);
108 if (rc != 0) 109 if (rc != 0)
109 return rc; 110 return rc;
110 111
111 rc = smk_access(current_security(), task_security(ctp), MAY_READWRITE); 112 sp = current_security();
113 tsp = task_security(ctp);
114 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
115 smk_ad_setfield_u_tsk(&ad, ctp);
116
117 /* we won't log here, because rc can be overriden */
118 rc = smk_access(sp, tsp, MAY_READWRITE, NULL);
112 if (rc != 0 && capable(CAP_MAC_OVERRIDE)) 119 if (rc != 0 && capable(CAP_MAC_OVERRIDE))
113 return 0; 120 rc = 0;
121
122 smack_log(sp, tsp, MAY_READWRITE, rc, &ad);
114 return rc; 123 return rc;
115} 124}
116 125
@@ -125,14 +134,24 @@ static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode)
125static int smack_ptrace_traceme(struct task_struct *ptp) 134static int smack_ptrace_traceme(struct task_struct *ptp)
126{ 135{
127 int rc; 136 int rc;
137 struct smk_audit_info ad;
138 char *sp, *tsp;
128 139
129 rc = cap_ptrace_traceme(ptp); 140 rc = cap_ptrace_traceme(ptp);
130 if (rc != 0) 141 if (rc != 0)
131 return rc; 142 return rc;
132 143
133 rc = smk_access(task_security(ptp), current_security(), MAY_READWRITE); 144 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
145 smk_ad_setfield_u_tsk(&ad, ptp);
146
147 sp = current_security();
148 tsp = task_security(ptp);
149 /* we won't log here, because rc can be overriden */
150 rc = smk_access(tsp, sp, MAY_READWRITE, NULL);
134 if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) 151 if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE))
135 return 0; 152 rc = 0;
153
154 smack_log(tsp, sp, MAY_READWRITE, rc, &ad);
136 return rc; 155 return rc;
137} 156}
138 157
@@ -327,8 +346,14 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
327static int smack_sb_statfs(struct dentry *dentry) 346static int smack_sb_statfs(struct dentry *dentry)
328{ 347{
329 struct superblock_smack *sbp = dentry->d_sb->s_security; 348 struct superblock_smack *sbp = dentry->d_sb->s_security;
349 int rc;
350 struct smk_audit_info ad;
330 351
331 return smk_curacc(sbp->smk_floor, MAY_READ); 352 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
353 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
354
355 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
356 return rc;
332} 357}
333 358
334/** 359/**
@@ -346,8 +371,12 @@ static int smack_sb_mount(char *dev_name, struct path *path,
346 char *type, unsigned long flags, void *data) 371 char *type, unsigned long flags, void *data)
347{ 372{
348 struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; 373 struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
374 struct smk_audit_info ad;
375
376 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
377 smk_ad_setfield_u_fs_path(&ad, *path);
349 378
350 return smk_curacc(sbp->smk_floor, MAY_WRITE); 379 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
351} 380}
352 381
353/** 382/**
@@ -361,10 +390,14 @@ static int smack_sb_mount(char *dev_name, struct path *path,
361static int smack_sb_umount(struct vfsmount *mnt, int flags) 390static int smack_sb_umount(struct vfsmount *mnt, int flags)
362{ 391{
363 struct superblock_smack *sbp; 392 struct superblock_smack *sbp;
393 struct smk_audit_info ad;
364 394
365 sbp = mnt->mnt_sb->s_security; 395 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
396 smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_mountpoint);
397 smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
366 398
367 return smk_curacc(sbp->smk_floor, MAY_WRITE); 399 sbp = mnt->mnt_sb->s_security;
400 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
368} 401}
369 402
370/* 403/*
@@ -441,15 +474,20 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
441static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 474static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
442 struct dentry *new_dentry) 475 struct dentry *new_dentry)
443{ 476{
444 int rc;
445 char *isp; 477 char *isp;
478 struct smk_audit_info ad;
479 int rc;
480
481 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
482 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
446 483
447 isp = smk_of_inode(old_dentry->d_inode); 484 isp = smk_of_inode(old_dentry->d_inode);
448 rc = smk_curacc(isp, MAY_WRITE); 485 rc = smk_curacc(isp, MAY_WRITE, &ad);
449 486
450 if (rc == 0 && new_dentry->d_inode != NULL) { 487 if (rc == 0 && new_dentry->d_inode != NULL) {
451 isp = smk_of_inode(new_dentry->d_inode); 488 isp = smk_of_inode(new_dentry->d_inode);
452 rc = smk_curacc(isp, MAY_WRITE); 489 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
490 rc = smk_curacc(isp, MAY_WRITE, &ad);
453 } 491 }
454 492
455 return rc; 493 return rc;
@@ -466,18 +504,24 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
466static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 504static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
467{ 505{
468 struct inode *ip = dentry->d_inode; 506 struct inode *ip = dentry->d_inode;
507 struct smk_audit_info ad;
469 int rc; 508 int rc;
470 509
510 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
511 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
512
471 /* 513 /*
472 * You need write access to the thing you're unlinking 514 * You need write access to the thing you're unlinking
473 */ 515 */
474 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE); 516 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
475 if (rc == 0) 517 if (rc == 0) {
476 /* 518 /*
477 * You also need write access to the containing directory 519 * You also need write access to the containing directory
478 */ 520 */
479 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE); 521 smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
480 522 smk_ad_setfield_u_fs_inode(&ad, dir);
523 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
524 }
481 return rc; 525 return rc;
482} 526}
483 527
@@ -491,17 +535,24 @@ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
491 */ 535 */
492static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 536static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
493{ 537{
538 struct smk_audit_info ad;
494 int rc; 539 int rc;
495 540
541 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
542 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
543
496 /* 544 /*
497 * You need write access to the thing you're removing 545 * You need write access to the thing you're removing
498 */ 546 */
499 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 547 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
500 if (rc == 0) 548 if (rc == 0) {
501 /* 549 /*
502 * You also need write access to the containing directory 550 * You also need write access to the containing directory
503 */ 551 */
504 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE); 552 smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
553 smk_ad_setfield_u_fs_inode(&ad, dir);
554 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
555 }
505 556
506 return rc; 557 return rc;
507} 558}
@@ -525,15 +576,19 @@ static int smack_inode_rename(struct inode *old_inode,
525{ 576{
526 int rc; 577 int rc;
527 char *isp; 578 char *isp;
579 struct smk_audit_info ad;
580
581 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
582 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
528 583
529 isp = smk_of_inode(old_dentry->d_inode); 584 isp = smk_of_inode(old_dentry->d_inode);
530 rc = smk_curacc(isp, MAY_READWRITE); 585 rc = smk_curacc(isp, MAY_READWRITE, &ad);
531 586
532 if (rc == 0 && new_dentry->d_inode != NULL) { 587 if (rc == 0 && new_dentry->d_inode != NULL) {
533 isp = smk_of_inode(new_dentry->d_inode); 588 isp = smk_of_inode(new_dentry->d_inode);
534 rc = smk_curacc(isp, MAY_READWRITE); 589 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
590 rc = smk_curacc(isp, MAY_READWRITE, &ad);
535 } 591 }
536
537 return rc; 592 return rc;
538} 593}
539 594
@@ -548,13 +603,15 @@ static int smack_inode_rename(struct inode *old_inode,
548 */ 603 */
549static int smack_inode_permission(struct inode *inode, int mask) 604static int smack_inode_permission(struct inode *inode, int mask)
550{ 605{
606 struct smk_audit_info ad;
551 /* 607 /*
552 * No permission to check. Existence test. Yup, it's there. 608 * No permission to check. Existence test. Yup, it's there.
553 */ 609 */
554 if (mask == 0) 610 if (mask == 0)
555 return 0; 611 return 0;
556 612 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
557 return smk_curacc(smk_of_inode(inode), mask); 613 smk_ad_setfield_u_fs_inode(&ad, inode);
614 return smk_curacc(smk_of_inode(inode), mask, &ad);
558} 615}
559 616
560/** 617/**
@@ -566,13 +623,16 @@ static int smack_inode_permission(struct inode *inode, int mask)
566 */ 623 */
567static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 624static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
568{ 625{
626 struct smk_audit_info ad;
569 /* 627 /*
570 * Need to allow for clearing the setuid bit. 628 * Need to allow for clearing the setuid bit.
571 */ 629 */
572 if (iattr->ia_valid & ATTR_FORCE) 630 if (iattr->ia_valid & ATTR_FORCE)
573 return 0; 631 return 0;
632 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
633 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
574 634
575 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 635 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
576} 636}
577 637
578/** 638/**
@@ -584,7 +644,12 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
584 */ 644 */
585static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 645static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
586{ 646{
587 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); 647 struct smk_audit_info ad;
648
649 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
650 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
651 smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
652 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
588} 653}
589 654
590/** 655/**
@@ -602,6 +667,7 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
602static int smack_inode_setxattr(struct dentry *dentry, const char *name, 667static int smack_inode_setxattr(struct dentry *dentry, const char *name,
603 const void *value, size_t size, int flags) 668 const void *value, size_t size, int flags)
604{ 669{
670 struct smk_audit_info ad;
605 int rc = 0; 671 int rc = 0;
606 672
607 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 673 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
@@ -615,8 +681,11 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
615 } else 681 } else
616 rc = cap_inode_setxattr(dentry, name, value, size, flags); 682 rc = cap_inode_setxattr(dentry, name, value, size, flags);
617 683
684 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
685 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
686
618 if (rc == 0) 687 if (rc == 0)
619 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 688 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
620 689
621 return rc; 690 return rc;
622} 691}
@@ -671,7 +740,12 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
671 */ 740 */
672static int smack_inode_getxattr(struct dentry *dentry, const char *name) 741static int smack_inode_getxattr(struct dentry *dentry, const char *name)
673{ 742{
674 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); 743 struct smk_audit_info ad;
744
745 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
746 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
747
748 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
675} 749}
676 750
677/* 751/*
@@ -685,6 +759,7 @@ static int smack_inode_getxattr(struct dentry *dentry, const char *name)
685 */ 759 */
686static int smack_inode_removexattr(struct dentry *dentry, const char *name) 760static int smack_inode_removexattr(struct dentry *dentry, const char *name)
687{ 761{
762 struct smk_audit_info ad;
688 int rc = 0; 763 int rc = 0;
689 764
690 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 765 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
@@ -695,8 +770,10 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
695 } else 770 } else
696 rc = cap_inode_removexattr(dentry, name); 771 rc = cap_inode_removexattr(dentry, name);
697 772
773 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
774 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
698 if (rc == 0) 775 if (rc == 0)
699 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); 776 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
700 777
701 return rc; 778 return rc;
702} 779}
@@ -855,12 +932,16 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
855 unsigned long arg) 932 unsigned long arg)
856{ 933{
857 int rc = 0; 934 int rc = 0;
935 struct smk_audit_info ad;
936
937 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
938 smk_ad_setfield_u_fs_path(&ad, file->f_path);
858 939
859 if (_IOC_DIR(cmd) & _IOC_WRITE) 940 if (_IOC_DIR(cmd) & _IOC_WRITE)
860 rc = smk_curacc(file->f_security, MAY_WRITE); 941 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
861 942
862 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) 943 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
863 rc = smk_curacc(file->f_security, MAY_READ); 944 rc = smk_curacc(file->f_security, MAY_READ, &ad);
864 945
865 return rc; 946 return rc;
866} 947}
@@ -874,7 +955,11 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
874 */ 955 */
875static int smack_file_lock(struct file *file, unsigned int cmd) 956static int smack_file_lock(struct file *file, unsigned int cmd)
876{ 957{
877 return smk_curacc(file->f_security, MAY_WRITE); 958 struct smk_audit_info ad;
959
960 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
961 smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry);
962 return smk_curacc(file->f_security, MAY_WRITE, &ad);
878} 963}
879 964
880/** 965/**
@@ -888,8 +973,12 @@ static int smack_file_lock(struct file *file, unsigned int cmd)
888static int smack_file_fcntl(struct file *file, unsigned int cmd, 973static int smack_file_fcntl(struct file *file, unsigned int cmd,
889 unsigned long arg) 974 unsigned long arg)
890{ 975{
976 struct smk_audit_info ad;
891 int rc; 977 int rc;
892 978
979 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
980 smk_ad_setfield_u_fs_path(&ad, file->f_path);
981
893 switch (cmd) { 982 switch (cmd) {
894 case F_DUPFD: 983 case F_DUPFD:
895 case F_GETFD: 984 case F_GETFD:
@@ -897,7 +986,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
897 case F_GETLK: 986 case F_GETLK:
898 case F_GETOWN: 987 case F_GETOWN:
899 case F_GETSIG: 988 case F_GETSIG:
900 rc = smk_curacc(file->f_security, MAY_READ); 989 rc = smk_curacc(file->f_security, MAY_READ, &ad);
901 break; 990 break;
902 case F_SETFD: 991 case F_SETFD:
903 case F_SETFL: 992 case F_SETFL:
@@ -905,10 +994,10 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
905 case F_SETLKW: 994 case F_SETLKW:
906 case F_SETOWN: 995 case F_SETOWN:
907 case F_SETSIG: 996 case F_SETSIG:
908 rc = smk_curacc(file->f_security, MAY_WRITE); 997 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
909 break; 998 break;
910 default: 999 default:
911 rc = smk_curacc(file->f_security, MAY_READWRITE); 1000 rc = smk_curacc(file->f_security, MAY_READWRITE, &ad);
912 } 1001 }
913 1002
914 return rc; 1003 return rc;
@@ -943,14 +1032,21 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
943{ 1032{
944 struct file *file; 1033 struct file *file;
945 int rc; 1034 int rc;
1035 char *tsp = tsk->cred->security;
1036 struct smk_audit_info ad;
946 1037
947 /* 1038 /*
948 * struct fown_struct is never outside the context of a struct file 1039 * struct fown_struct is never outside the context of a struct file
949 */ 1040 */
950 file = container_of(fown, struct file, f_owner); 1041 file = container_of(fown, struct file, f_owner);
951 rc = smk_access(file->f_security, tsk->cred->security, MAY_WRITE); 1042 /* we don't log here as rc can be overriden */
1043 rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);
952 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1044 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
953 return 0; 1045 rc = 0;
1046
1047 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1048 smk_ad_setfield_u_tsk(&ad, tsk);
1049 smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad);
954 return rc; 1050 return rc;
955} 1051}
956 1052
@@ -963,7 +1059,10 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
963static int smack_file_receive(struct file *file) 1059static int smack_file_receive(struct file *file)
964{ 1060{
965 int may = 0; 1061 int may = 0;
1062 struct smk_audit_info ad;
966 1063
1064 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1065 smk_ad_setfield_u_fs_path(&ad, file->f_path);
967 /* 1066 /*
968 * This code relies on bitmasks. 1067 * This code relies on bitmasks.
969 */ 1068 */
@@ -972,7 +1071,7 @@ static int smack_file_receive(struct file *file)
972 if (file->f_mode & FMODE_WRITE) 1071 if (file->f_mode & FMODE_WRITE)
973 may |= MAY_WRITE; 1072 may |= MAY_WRITE;
974 1073
975 return smk_curacc(file->f_security, may); 1074 return smk_curacc(file->f_security, may, &ad);
976} 1075}
977 1076
978/* 1077/*
@@ -1052,6 +1151,22 @@ static int smack_kernel_create_files_as(struct cred *new,
1052} 1151}
1053 1152
1054/** 1153/**
1154 * smk_curacc_on_task - helper to log task related access
1155 * @p: the task object
1156 * @access : the access requested
1157 *
1158 * Return 0 if access is permitted
1159 */
1160static int smk_curacc_on_task(struct task_struct *p, int access)
1161{
1162 struct smk_audit_info ad;
1163
1164 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1165 smk_ad_setfield_u_tsk(&ad, p);
1166 return smk_curacc(task_security(p), access, &ad);
1167}
1168
1169/**
1055 * smack_task_setpgid - Smack check on setting pgid 1170 * smack_task_setpgid - Smack check on setting pgid
1056 * @p: the task object 1171 * @p: the task object
1057 * @pgid: unused 1172 * @pgid: unused
@@ -1060,7 +1175,7 @@ static int smack_kernel_create_files_as(struct cred *new,
1060 */ 1175 */
1061static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1176static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1062{ 1177{
1063 return smk_curacc(task_security(p), MAY_WRITE); 1178 return smk_curacc_on_task(p, MAY_WRITE);
1064} 1179}
1065 1180
1066/** 1181/**
@@ -1071,7 +1186,7 @@ static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1071 */ 1186 */
1072static int smack_task_getpgid(struct task_struct *p) 1187static int smack_task_getpgid(struct task_struct *p)
1073{ 1188{
1074 return smk_curacc(task_security(p), MAY_READ); 1189 return smk_curacc_on_task(p, MAY_READ);
1075} 1190}
1076 1191
1077/** 1192/**
@@ -1082,7 +1197,7 @@ static int smack_task_getpgid(struct task_struct *p)
1082 */ 1197 */
1083static int smack_task_getsid(struct task_struct *p) 1198static int smack_task_getsid(struct task_struct *p)
1084{ 1199{
1085 return smk_curacc(task_security(p), MAY_READ); 1200 return smk_curacc_on_task(p, MAY_READ);
1086} 1201}
1087 1202
1088/** 1203/**
@@ -1110,7 +1225,7 @@ static int smack_task_setnice(struct task_struct *p, int nice)
1110 1225
1111 rc = cap_task_setnice(p, nice); 1226 rc = cap_task_setnice(p, nice);
1112 if (rc == 0) 1227 if (rc == 0)
1113 rc = smk_curacc(task_security(p), MAY_WRITE); 1228 rc = smk_curacc_on_task(p, MAY_WRITE);
1114 return rc; 1229 return rc;
1115} 1230}
1116 1231
@@ -1127,7 +1242,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio)
1127 1242
1128 rc = cap_task_setioprio(p, ioprio); 1243 rc = cap_task_setioprio(p, ioprio);
1129 if (rc == 0) 1244 if (rc == 0)
1130 rc = smk_curacc(task_security(p), MAY_WRITE); 1245 rc = smk_curacc_on_task(p, MAY_WRITE);
1131 return rc; 1246 return rc;
1132} 1247}
1133 1248
@@ -1139,7 +1254,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio)
1139 */ 1254 */
1140static int smack_task_getioprio(struct task_struct *p) 1255static int smack_task_getioprio(struct task_struct *p)
1141{ 1256{
1142 return smk_curacc(task_security(p), MAY_READ); 1257 return smk_curacc_on_task(p, MAY_READ);
1143} 1258}
1144 1259
1145/** 1260/**
@@ -1157,7 +1272,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy,
1157 1272
1158 rc = cap_task_setscheduler(p, policy, lp); 1273 rc = cap_task_setscheduler(p, policy, lp);
1159 if (rc == 0) 1274 if (rc == 0)
1160 rc = smk_curacc(task_security(p), MAY_WRITE); 1275 rc = smk_curacc_on_task(p, MAY_WRITE);
1161 return rc; 1276 return rc;
1162} 1277}
1163 1278
@@ -1169,7 +1284,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy,
1169 */ 1284 */
1170static int smack_task_getscheduler(struct task_struct *p) 1285static int smack_task_getscheduler(struct task_struct *p)
1171{ 1286{
1172 return smk_curacc(task_security(p), MAY_READ); 1287 return smk_curacc_on_task(p, MAY_READ);
1173} 1288}
1174 1289
1175/** 1290/**
@@ -1180,7 +1295,7 @@ static int smack_task_getscheduler(struct task_struct *p)
1180 */ 1295 */
1181static int smack_task_movememory(struct task_struct *p) 1296static int smack_task_movememory(struct task_struct *p)
1182{ 1297{
1183 return smk_curacc(task_security(p), MAY_WRITE); 1298 return smk_curacc_on_task(p, MAY_WRITE);
1184} 1299}
1185 1300
1186/** 1301/**
@@ -1198,18 +1313,23 @@ static int smack_task_movememory(struct task_struct *p)
1198static int smack_task_kill(struct task_struct *p, struct siginfo *info, 1313static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1199 int sig, u32 secid) 1314 int sig, u32 secid)
1200{ 1315{
1316 struct smk_audit_info ad;
1317
1318 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1319 smk_ad_setfield_u_tsk(&ad, p);
1201 /* 1320 /*
1202 * Sending a signal requires that the sender 1321 * Sending a signal requires that the sender
1203 * can write the receiver. 1322 * can write the receiver.
1204 */ 1323 */
1205 if (secid == 0) 1324 if (secid == 0)
1206 return smk_curacc(task_security(p), MAY_WRITE); 1325 return smk_curacc(task_security(p), MAY_WRITE, &ad);
1207 /* 1326 /*
1208 * If the secid isn't 0 we're dealing with some USB IO 1327 * If the secid isn't 0 we're dealing with some USB IO
1209 * specific behavior. This is not clean. For one thing 1328 * specific behavior. This is not clean. For one thing
1210 * we can't take privilege into account. 1329 * we can't take privilege into account.
1211 */ 1330 */
1212 return smk_access(smack_from_secid(secid), task_security(p), MAY_WRITE); 1331 return smk_access(smack_from_secid(secid), task_security(p),
1332 MAY_WRITE, &ad);
1213} 1333}
1214 1334
1215/** 1335/**
@@ -1220,11 +1340,15 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1220 */ 1340 */
1221static int smack_task_wait(struct task_struct *p) 1341static int smack_task_wait(struct task_struct *p)
1222{ 1342{
1343 struct smk_audit_info ad;
1344 char *sp = current_security();
1345 char *tsp = task_security(p);
1223 int rc; 1346 int rc;
1224 1347
1225 rc = smk_access(current_security(), task_security(p), MAY_WRITE); 1348 /* we don't log here, we can be overriden */
1349 rc = smk_access(sp, tsp, MAY_WRITE, NULL);
1226 if (rc == 0) 1350 if (rc == 0)
1227 return 0; 1351 goto out_log;
1228 1352
1229 /* 1353 /*
1230 * Allow the operation to succeed if either task 1354 * Allow the operation to succeed if either task
@@ -1238,8 +1362,12 @@ static int smack_task_wait(struct task_struct *p)
1238 * the smack value. 1362 * the smack value.
1239 */ 1363 */
1240 if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE)) 1364 if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE))
1241 return 0; 1365 rc = 0;
1242 1366 /* we log only if we didn't get overriden */
1367 out_log:
1368 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1369 smk_ad_setfield_u_tsk(&ad, p);
1370 smack_log(sp, tsp, MAY_WRITE, rc, &ad);
1243 return rc; 1371 return rc;
1244} 1372}
1245 1373
@@ -1455,12 +1583,19 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
1455 int sk_lbl; 1583 int sk_lbl;
1456 char *hostsp; 1584 char *hostsp;
1457 struct socket_smack *ssp = sk->sk_security; 1585 struct socket_smack *ssp = sk->sk_security;
1586 struct smk_audit_info ad;
1458 1587
1459 rcu_read_lock(); 1588 rcu_read_lock();
1460 hostsp = smack_host_label(sap); 1589 hostsp = smack_host_label(sap);
1461 if (hostsp != NULL) { 1590 if (hostsp != NULL) {
1462 sk_lbl = SMACK_UNLABELED_SOCKET; 1591 sk_lbl = SMACK_UNLABELED_SOCKET;
1463 rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE); 1592#ifdef CONFIG_AUDIT
1593 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
1594 ad.a.u.net.family = sap->sin_family;
1595 ad.a.u.net.dport = sap->sin_port;
1596 ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr;
1597#endif
1598 rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
1464 } else { 1599 } else {
1465 sk_lbl = SMACK_CIPSO_SOCKET; 1600 sk_lbl = SMACK_CIPSO_SOCKET;
1466 rc = 0; 1601 rc = 0;
@@ -1656,6 +1791,25 @@ static void smack_shm_free_security(struct shmid_kernel *shp)
1656} 1791}
1657 1792
1658/** 1793/**
1794 * smk_curacc_shm : check if current has access on shm
1795 * @shp : the object
1796 * @access : access requested
1797 *
1798 * Returns 0 if current has the requested access, error code otherwise
1799 */
1800static int smk_curacc_shm(struct shmid_kernel *shp, int access)
1801{
1802 char *ssp = smack_of_shm(shp);
1803 struct smk_audit_info ad;
1804
1805#ifdef CONFIG_AUDIT
1806 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
1807 ad.a.u.ipc_id = shp->shm_perm.id;
1808#endif
1809 return smk_curacc(ssp, access, &ad);
1810}
1811
1812/**
1659 * smack_shm_associate - Smack access check for shm 1813 * smack_shm_associate - Smack access check for shm
1660 * @shp: the object 1814 * @shp: the object
1661 * @shmflg: access requested 1815 * @shmflg: access requested
@@ -1664,11 +1818,10 @@ static void smack_shm_free_security(struct shmid_kernel *shp)
1664 */ 1818 */
1665static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 1819static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
1666{ 1820{
1667 char *ssp = smack_of_shm(shp);
1668 int may; 1821 int may;
1669 1822
1670 may = smack_flags_to_may(shmflg); 1823 may = smack_flags_to_may(shmflg);
1671 return smk_curacc(ssp, may); 1824 return smk_curacc_shm(shp, may);
1672} 1825}
1673 1826
1674/** 1827/**
@@ -1680,7 +1833,6 @@ static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
1680 */ 1833 */
1681static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 1834static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
1682{ 1835{
1683 char *ssp;
1684 int may; 1836 int may;
1685 1837
1686 switch (cmd) { 1838 switch (cmd) {
@@ -1703,9 +1855,7 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
1703 default: 1855 default:
1704 return -EINVAL; 1856 return -EINVAL;
1705 } 1857 }
1706 1858 return smk_curacc_shm(shp, may);
1707 ssp = smack_of_shm(shp);
1708 return smk_curacc(ssp, may);
1709} 1859}
1710 1860
1711/** 1861/**
@@ -1719,11 +1869,10 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
1719static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 1869static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
1720 int shmflg) 1870 int shmflg)
1721{ 1871{
1722 char *ssp = smack_of_shm(shp);
1723 int may; 1872 int may;
1724 1873
1725 may = smack_flags_to_may(shmflg); 1874 may = smack_flags_to_may(shmflg);
1726 return smk_curacc(ssp, may); 1875 return smk_curacc_shm(shp, may);
1727} 1876}
1728 1877
1729/** 1878/**
@@ -1765,6 +1914,25 @@ static void smack_sem_free_security(struct sem_array *sma)
1765} 1914}
1766 1915
1767/** 1916/**
1917 * smk_curacc_sem : check if current has access on sem
1918 * @sma : the object
1919 * @access : access requested
1920 *
1921 * Returns 0 if current has the requested access, error code otherwise
1922 */
1923static int smk_curacc_sem(struct sem_array *sma, int access)
1924{
1925 char *ssp = smack_of_sem(sma);
1926 struct smk_audit_info ad;
1927
1928#ifdef CONFIG_AUDIT
1929 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
1930 ad.a.u.ipc_id = sma->sem_perm.id;
1931#endif
1932 return smk_curacc(ssp, access, &ad);
1933}
1934
1935/**
1768 * smack_sem_associate - Smack access check for sem 1936 * smack_sem_associate - Smack access check for sem
1769 * @sma: the object 1937 * @sma: the object
1770 * @semflg: access requested 1938 * @semflg: access requested
@@ -1773,11 +1941,10 @@ static void smack_sem_free_security(struct sem_array *sma)
1773 */ 1941 */
1774static int smack_sem_associate(struct sem_array *sma, int semflg) 1942static int smack_sem_associate(struct sem_array *sma, int semflg)
1775{ 1943{
1776 char *ssp = smack_of_sem(sma);
1777 int may; 1944 int may;
1778 1945
1779 may = smack_flags_to_may(semflg); 1946 may = smack_flags_to_may(semflg);
1780 return smk_curacc(ssp, may); 1947 return smk_curacc_sem(sma, may);
1781} 1948}
1782 1949
1783/** 1950/**
@@ -1789,7 +1956,6 @@ static int smack_sem_associate(struct sem_array *sma, int semflg)
1789 */ 1956 */
1790static int smack_sem_semctl(struct sem_array *sma, int cmd) 1957static int smack_sem_semctl(struct sem_array *sma, int cmd)
1791{ 1958{
1792 char *ssp;
1793 int may; 1959 int may;
1794 1960
1795 switch (cmd) { 1961 switch (cmd) {
@@ -1818,8 +1984,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd)
1818 return -EINVAL; 1984 return -EINVAL;
1819 } 1985 }
1820 1986
1821 ssp = smack_of_sem(sma); 1987 return smk_curacc_sem(sma, may);
1822 return smk_curacc(ssp, may);
1823} 1988}
1824 1989
1825/** 1990/**
@@ -1836,9 +2001,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd)
1836static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, 2001static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
1837 unsigned nsops, int alter) 2002 unsigned nsops, int alter)
1838{ 2003{
1839 char *ssp = smack_of_sem(sma); 2004 return smk_curacc_sem(sma, MAY_READWRITE);
1840
1841 return smk_curacc(ssp, MAY_READWRITE);
1842} 2005}
1843 2006
1844/** 2007/**
@@ -1880,6 +2043,25 @@ static char *smack_of_msq(struct msg_queue *msq)
1880} 2043}
1881 2044
1882/** 2045/**
2046 * smk_curacc_msq : helper to check if current has access on msq
2047 * @msq : the msq
2048 * @access : access requested
2049 *
2050 * return 0 if current has access, error otherwise
2051 */
2052static int smk_curacc_msq(struct msg_queue *msq, int access)
2053{
2054 char *msp = smack_of_msq(msq);
2055 struct smk_audit_info ad;
2056
2057#ifdef CONFIG_AUDIT
2058 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2059 ad.a.u.ipc_id = msq->q_perm.id;
2060#endif
2061 return smk_curacc(msp, access, &ad);
2062}
2063
2064/**
1883 * smack_msg_queue_associate - Smack access check for msg_queue 2065 * smack_msg_queue_associate - Smack access check for msg_queue
1884 * @msq: the object 2066 * @msq: the object
1885 * @msqflg: access requested 2067 * @msqflg: access requested
@@ -1888,11 +2070,10 @@ static char *smack_of_msq(struct msg_queue *msq)
1888 */ 2070 */
1889static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) 2071static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
1890{ 2072{
1891 char *msp = smack_of_msq(msq);
1892 int may; 2073 int may;
1893 2074
1894 may = smack_flags_to_may(msqflg); 2075 may = smack_flags_to_may(msqflg);
1895 return smk_curacc(msp, may); 2076 return smk_curacc_msq(msq, may);
1896} 2077}
1897 2078
1898/** 2079/**
@@ -1904,7 +2085,6 @@ static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
1904 */ 2085 */
1905static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 2086static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
1906{ 2087{
1907 char *msp;
1908 int may; 2088 int may;
1909 2089
1910 switch (cmd) { 2090 switch (cmd) {
@@ -1926,8 +2106,7 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
1926 return -EINVAL; 2106 return -EINVAL;
1927 } 2107 }
1928 2108
1929 msp = smack_of_msq(msq); 2109 return smk_curacc_msq(msq, may);
1930 return smk_curacc(msp, may);
1931} 2110}
1932 2111
1933/** 2112/**
@@ -1941,11 +2120,10 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
1941static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 2120static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
1942 int msqflg) 2121 int msqflg)
1943{ 2122{
1944 char *msp = smack_of_msq(msq); 2123 int may;
1945 int rc;
1946 2124
1947 rc = smack_flags_to_may(msqflg); 2125 may = smack_flags_to_may(msqflg);
1948 return smk_curacc(msp, rc); 2126 return smk_curacc_msq(msq, may);
1949} 2127}
1950 2128
1951/** 2129/**
@@ -1961,9 +2139,7 @@ static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
1961static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 2139static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
1962 struct task_struct *target, long type, int mode) 2140 struct task_struct *target, long type, int mode)
1963{ 2141{
1964 char *msp = smack_of_msq(msq); 2142 return smk_curacc_msq(msq, MAY_READWRITE);
1965
1966 return smk_curacc(msp, MAY_READWRITE);
1967} 2143}
1968 2144
1969/** 2145/**
@@ -1976,10 +2152,14 @@ static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
1976static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 2152static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
1977{ 2153{
1978 char *isp = ipp->security; 2154 char *isp = ipp->security;
1979 int may; 2155 int may = smack_flags_to_may(flag);
2156 struct smk_audit_info ad;
1980 2157
1981 may = smack_flags_to_may(flag); 2158#ifdef CONFIG_AUDIT
1982 return smk_curacc(isp, may); 2159 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2160 ad.a.u.ipc_id = ipp->id;
2161#endif
2162 return smk_curacc(isp, may, &ad);
1983} 2163}
1984 2164
1985/** 2165/**
@@ -2238,8 +2418,12 @@ static int smack_unix_stream_connect(struct socket *sock,
2238{ 2418{
2239 struct inode *sp = SOCK_INODE(sock); 2419 struct inode *sp = SOCK_INODE(sock);
2240 struct inode *op = SOCK_INODE(other); 2420 struct inode *op = SOCK_INODE(other);
2421 struct smk_audit_info ad;
2241 2422
2242 return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_READWRITE); 2423 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2424 smk_ad_setfield_u_net_sk(&ad, other->sk);
2425 return smk_access(smk_of_inode(sp), smk_of_inode(op),
2426 MAY_READWRITE, &ad);
2243} 2427}
2244 2428
2245/** 2429/**
@@ -2254,8 +2438,11 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other)
2254{ 2438{
2255 struct inode *sp = SOCK_INODE(sock); 2439 struct inode *sp = SOCK_INODE(sock);
2256 struct inode *op = SOCK_INODE(other); 2440 struct inode *op = SOCK_INODE(other);
2441 struct smk_audit_info ad;
2257 2442
2258 return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE); 2443 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2444 smk_ad_setfield_u_net_sk(&ad, other->sk);
2445 return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE, &ad);
2259} 2446}
2260 2447
2261/** 2448/**
@@ -2370,7 +2557,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2370 char smack[SMK_LABELLEN]; 2557 char smack[SMK_LABELLEN];
2371 char *csp; 2558 char *csp;
2372 int rc; 2559 int rc;
2373 2560 struct smk_audit_info ad;
2374 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2561 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2375 return 0; 2562 return 0;
2376 2563
@@ -2388,13 +2575,19 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2388 2575
2389 netlbl_secattr_destroy(&secattr); 2576 netlbl_secattr_destroy(&secattr);
2390 2577
2578#ifdef CONFIG_AUDIT
2579 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2580 ad.a.u.net.family = sk->sk_family;
2581 ad.a.u.net.netif = skb->iif;
2582 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
2583#endif
2391 /* 2584 /*
2392 * Receiving a packet requires that the other end 2585 * Receiving a packet requires that the other end
2393 * be able to write here. Read access is not required. 2586 * be able to write here. Read access is not required.
2394 * This is the simplist possible security model 2587 * This is the simplist possible security model
2395 * for networking. 2588 * for networking.
2396 */ 2589 */
2397 rc = smk_access(csp, ssp->smk_in, MAY_WRITE); 2590 rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad);
2398 if (rc != 0) 2591 if (rc != 0)
2399 netlbl_skbuff_err(skb, rc, 0); 2592 netlbl_skbuff_err(skb, rc, 0);
2400 return rc; 2593 return rc;
@@ -2523,6 +2716,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
2523 struct iphdr *hdr; 2716 struct iphdr *hdr;
2524 char smack[SMK_LABELLEN]; 2717 char smack[SMK_LABELLEN];
2525 int rc; 2718 int rc;
2719 struct smk_audit_info ad;
2526 2720
2527 /* handle mapped IPv4 packets arriving via IPv6 sockets */ 2721 /* handle mapped IPv4 packets arriving via IPv6 sockets */
2528 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 2722 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
@@ -2536,11 +2730,17 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
2536 strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); 2730 strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN);
2537 netlbl_secattr_destroy(&secattr); 2731 netlbl_secattr_destroy(&secattr);
2538 2732
2733#ifdef CONFIG_AUDIT
2734 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2735 ad.a.u.net.family = family;
2736 ad.a.u.net.netif = skb->iif;
2737 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
2738#endif
2539 /* 2739 /*
2540 * Receiving a packet requires that the other end be able to write 2740 * Receiving a packet requires that the other end be able to write
2541 * here. Read access is not required. 2741 * here. Read access is not required.
2542 */ 2742 */
2543 rc = smk_access(smack, ssp->smk_in, MAY_WRITE); 2743 rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad);
2544 if (rc != 0) 2744 if (rc != 0)
2545 return rc; 2745 return rc;
2546 2746
@@ -2642,6 +2842,7 @@ static int smack_key_permission(key_ref_t key_ref,
2642 const struct cred *cred, key_perm_t perm) 2842 const struct cred *cred, key_perm_t perm)
2643{ 2843{
2644 struct key *keyp; 2844 struct key *keyp;
2845 struct smk_audit_info ad;
2645 2846
2646 keyp = key_ref_to_ptr(key_ref); 2847 keyp = key_ref_to_ptr(key_ref);
2647 if (keyp == NULL) 2848 if (keyp == NULL)
@@ -2657,8 +2858,13 @@ static int smack_key_permission(key_ref_t key_ref,
2657 */ 2858 */
2658 if (cred->security == NULL) 2859 if (cred->security == NULL)
2659 return -EACCES; 2860 return -EACCES;
2660 2861#ifdef CONFIG_AUDIT
2661 return smk_access(cred->security, keyp->security, MAY_READWRITE); 2862 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
2863 ad.a.u.key_struct.key = keyp->serial;
2864 ad.a.u.key_struct.key_desc = keyp->description;
2865#endif
2866 return smk_access(cred->security, keyp->security,
2867 MAY_READWRITE, &ad);
2662} 2868}
2663#endif /* CONFIG_KEYS */ 2869#endif /* CONFIG_KEYS */
2664 2870
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index e03a7e19c73b..904af3483286 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -41,6 +41,7 @@ enum smk_inos {
41 SMK_AMBIENT = 7, /* internet ambient label */ 41 SMK_AMBIENT = 7, /* internet ambient label */
42 SMK_NETLBLADDR = 8, /* single label hosts */ 42 SMK_NETLBLADDR = 8, /* single label hosts */
43 SMK_ONLYCAP = 9, /* the only "capable" label */ 43 SMK_ONLYCAP = 9, /* the only "capable" label */
44 SMK_LOGGING = 10, /* logging */
44}; 45};
45 46
46/* 47/*
@@ -1192,6 +1193,69 @@ static const struct file_operations smk_onlycap_ops = {
1192}; 1193};
1193 1194
1194/** 1195/**
1196 * smk_read_logging - read() for /smack/logging
1197 * @filp: file pointer, not actually used
1198 * @buf: where to put the result
1199 * @cn: maximum to send along
1200 * @ppos: where to start
1201 *
1202 * Returns number of bytes read or error code, as appropriate
1203 */
1204static ssize_t smk_read_logging(struct file *filp, char __user *buf,
1205 size_t count, loff_t *ppos)
1206{
1207 char temp[32];
1208 ssize_t rc;
1209
1210 if (*ppos != 0)
1211 return 0;
1212
1213 sprintf(temp, "%d\n", log_policy);
1214 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1215 return rc;
1216}
1217
1218/**
1219 * smk_write_logging - write() for /smack/logging
1220 * @file: file pointer, not actually used
1221 * @buf: where to get the data from
1222 * @count: bytes sent
1223 * @ppos: where to start
1224 *
1225 * Returns number of bytes written or error code, as appropriate
1226 */
1227static ssize_t smk_write_logging(struct file *file, const char __user *buf,
1228 size_t count, loff_t *ppos)
1229{
1230 char temp[32];
1231 int i;
1232
1233 if (!capable(CAP_MAC_ADMIN))
1234 return -EPERM;
1235
1236 if (count >= sizeof(temp) || count == 0)
1237 return -EINVAL;
1238
1239 if (copy_from_user(temp, buf, count) != 0)
1240 return -EFAULT;
1241
1242 temp[count] = '\0';
1243
1244 if (sscanf(temp, "%d", &i) != 1)
1245 return -EINVAL;
1246 if (i < 0 || i > 3)
1247 return -EINVAL;
1248 log_policy = i;
1249 return count;
1250}
1251
1252
1253
1254static const struct file_operations smk_logging_ops = {
1255 .read = smk_read_logging,
1256 .write = smk_write_logging,
1257};
1258/**
1195 * smk_fill_super - fill the /smackfs superblock 1259 * smk_fill_super - fill the /smackfs superblock
1196 * @sb: the empty superblock 1260 * @sb: the empty superblock
1197 * @data: unused 1261 * @data: unused
@@ -1221,6 +1285,8 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
1221 {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, 1285 {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR},
1222 [SMK_ONLYCAP] = 1286 [SMK_ONLYCAP] =
1223 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 1287 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
1288 [SMK_LOGGING] =
1289 {"logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
1224 /* last one */ {""} 1290 /* last one */ {""}
1225 }; 1291 };
1226 1292