Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris: "Highlights for this window: - improved AVC hashing for SELinux by John Brooks and Stephen Smalley - addition of an unconfined label to Smack - Smack documentation update - TPM driver updates" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (28 commits) lsm: copy comm before calling audit_log to avoid race in string printing tomoyo: Do not generate empty policy files tomoyo: Use if_changed when generating builtin-policy.h tomoyo: Use bin2c to generate builtin-policy.h selinux: increase avtab max buckets selinux: Use a better hash function for avtab selinux: convert avtab hash table to flex_array selinux: reconcile security_netlbl_secattr_to_sid() and mls_import_netlbl_cat() selinux: remove unnecessary pointer reassignment Smack: Updates for Smack documentation tpm/st33zp24/spi: Add missing device table for spi phy. tpm/st33zp24: Add proper wait for ordinal duration in case of irq mode smack: Fix gcc warning from unused smack_syslog_lock mutex in smackfs.c Smack: Allow an unconfined label in bringup mode Smack: getting the Smack security context of keys Smack: Assign smack_known_web as default smk_in label for kernel thread's socket tpm/tpm_infineon: Use struct dev_pm_ops for power management MAINTAINERS: Add Jason as designated reviewer for TPM tpm: Update KConfig text to include TPM2.0 FIFO chips tpm/st33zp24/dts/st33zp24-spi: Add dts documentation for st33zp24 spi phy ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2015-04-15 14:08:27 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2015-04-15 14:08:27 -0400
commit: d488d3a4ce08e96dad5cb3b6117517d57ccec98f (patch)
tree: 169b09c589e38f6d5f2ea0a9e25c6a9fb3ebf783 /security/smack
parent: cb906953d2c3fd450655d9fa833f03690ad50c23 (diff)
parent: 5deeb5cece3f9b30c8129786726b9d02c412c8ca (diff)
4 files changed, 228 insertions, 19 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 67ccb7b2b89b..49eada6266ec 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -105,6 +105,7 @@ struct task_smack {
 #define SMK_INODE_INSTANT       0x01    /* inode is instantiated */
 #define SMK_INODE_TRANSMUTE     0x02    /* directory is transmuting */
 #define SMK_INODE_CHANGED       0x04    /* smack was transmuted */
+#define SMK_INODE_IMPURE        0x08    /* involved in an impure transaction */
 /*
 * A label access rule.
@@ -193,6 +194,10 @@ struct smk_port_label {
 #define MAY_LOCK        0x00002000      /* Locks should be writes, but ... */
 #define MAY_BRINGUP     0x00004000      /* Report use of this rule */
+#define SMACK_BRINGUP_ALLOW             1       /* Allow bringup mode */
+#define SMACK_UNCONFINED_SUBJECT        2       /* Allow unconfined label */
+#define SMACK_UNCONFINED_OBJECT         3       /* Allow unconfined label */
 /*
 * Just to make the common cases easier to deal with
 */
@@ -254,6 +259,9 @@ extern int smack_cipso_mapped;
 extern struct smack_known *smack_net_ambient;
 extern struct smack_known *smack_onlycap;
 extern struct smack_known *smack_syslog_label;
+#ifdef CONFIG_SECURITY_SMACK_BRINGUP
+extern struct smack_known *smack_unconfined;
+#endif
 extern struct smack_known smack_cipso_option;
 extern int smack_ptrace_rule;
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 1158430f5bb9..0f410fc56e33 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -130,7 +130,8 @@ int smk_access(struct smack_known *subject, struct smack_known *object,
        /*
         * Hardcoded comparisons.
-         *
+         */
+        /*
         * A star subject can't access any object.
         */
        if (subject == &smack_known_star) {
@@ -189,10 +190,20 @@ int smk_access(struct smack_known *subject, struct smack_known *object,
         * succeed because of "b" rules.
         */
        if (may & MAY_BRINGUP)
-                rc = MAY_BRINGUP;
+                rc = SMACK_BRINGUP_ALLOW;
 #endif
 out_audit:
+#ifdef CONFIG_SECURITY_SMACK_BRINGUP
+        if (rc < 0) {
+                if (object == smack_unconfined)
+                        rc = SMACK_UNCONFINED_OBJECT;
+                if (subject == smack_unconfined)
+                        rc = SMACK_UNCONFINED_SUBJECT;
+        }
+#endif
 #ifdef CONFIG_AUDIT
        if (a)
                smack_log(subject->smk_known, object->smk_known,
@@ -338,19 +349,16 @@ static void smack_log_callback(struct audit_buffer *ab, void *a)
 void smack_log(char *subject_label, char *object_label, int request,
               int result, struct smk_audit_info *ad)
 {
+#ifdef CONFIG_SECURITY_SMACK_BRINGUP
+        char request_buffer[SMK_NUM_ACCESS_TYPE + 5];
+#else
        char request_buffer[SMK_NUM_ACCESS_TYPE + 1];
+#endif
        struct smack_audit_data *sad;
        struct common_audit_data *a = &ad->a;
-#ifdef CONFIG_SECURITY_SMACK_BRINGUP
-        /*
-         * The result may be positive in bringup mode.
-         */
-        if (result > 0)
-                result = 0;
-#endif
        /* check if we have to log the current event */
-        if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
+        if (result < 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
                return;
        if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
                return;
@@ -364,6 +372,21 @@ void smack_log(char *subject_label, char *object_label, int request,
        smack_str_from_perm(request_buffer, request);
        sad->subject = subject_label;
        sad->object  = object_label;
+#ifdef CONFIG_SECURITY_SMACK_BRINGUP
+        /*
+         * The result may be positive in bringup mode.
+         * A positive result is an allow, but not for normal reasons.
+         * Mark it as successful, but don't filter it out even if
+         * the logging policy says to do so.
+         */
+        if (result == SMACK_UNCONFINED_SUBJECT)
+                strcat(request_buffer, "(US)");
+        else if (result == SMACK_UNCONFINED_OBJECT)
+                strcat(request_buffer, "(UO)");
+        if (result > 0)
+                result = 0;
+#endif
        sad->request = request_buffer;
        sad->result  = result;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1511965549b8..69fdc384af30 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -57,6 +57,13 @@ static struct kmem_cache *smack_inode_cache;
 int smack_enabled;
 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
+static char *smk_bu_mess[] = {
+        "Bringup Error",        /* Unused */
+        "Bringup",              /* SMACK_BRINGUP_ALLOW */
+        "Unconfined Subject",   /* SMACK_UNCONFINED_SUBJECT */
+        "Unconfined Object",    /* SMACK_UNCONFINED_OBJECT */
+};
 static void smk_bu_mode(int mode, char *s)
 {
        int i = 0;
@@ -87,9 +94,11 @@ static int smk_bu_note(char *note, struct smack_known *sskp,
        if (rc <= 0)
                return rc;
+        if (rc > SMACK_UNCONFINED_OBJECT)
+                rc = 0;
        smk_bu_mode(mode, acc);
-        pr_info("Smack Bringup: (%s %s %s) %s\n",
+        pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
                sskp->smk_known, oskp->smk_known, acc, note);
        return 0;
 }
@@ -106,9 +115,11 @@ static int smk_bu_current(char *note, struct smack_known *oskp,
        if (rc <= 0)
                return rc;
+        if (rc > SMACK_UNCONFINED_OBJECT)
+                rc = 0;
        smk_bu_mode(mode, acc);
-        pr_info("Smack Bringup: (%s %s %s) %s %s\n",
+        pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
                tsp->smk_task->smk_known, oskp->smk_known,
                acc, current->comm, note);
        return 0;
@@ -126,9 +137,11 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc)
        if (rc <= 0)
                return rc;
+        if (rc > SMACK_UNCONFINED_OBJECT)
+                rc = 0;
        smk_bu_mode(mode, acc);
-        pr_info("Smack Bringup: (%s %s %s) %s to %s\n",
+        pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
                tsp->smk_task->smk_known, smk_task->smk_known, acc,
                current->comm, otp->comm);
        return 0;
@@ -141,14 +154,25 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc)
 static int smk_bu_inode(struct inode *inode, int mode, int rc)
 {
        struct task_smack *tsp = current_security();
+        struct inode_smack *isp = inode->i_security;
        char acc[SMK_NUM_ACCESS_TYPE + 1];
+        if (isp->smk_flags & SMK_INODE_IMPURE)
+                pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
+                        inode->i_sb->s_id, inode->i_ino, current->comm);
        if (rc <= 0)
                return rc;
+        if (rc > SMACK_UNCONFINED_OBJECT)
+                rc = 0;
+        if (rc == SMACK_UNCONFINED_SUBJECT &&
+            (mode & (MAY_WRITE | MAY_APPEND)))
+                isp->smk_flags |= SMK_INODE_IMPURE;
        smk_bu_mode(mode, acc);
-        pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n",
-                tsp->smk_task->smk_known, smk_of_inode(inode)->smk_known, acc,
+        pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
+                tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
                inode->i_sb->s_id, inode->i_ino, current->comm);
        return 0;
 }
@@ -162,13 +186,20 @@ static int smk_bu_file(struct file *file, int mode, int rc)
        struct task_smack *tsp = current_security();
        struct smack_known *sskp = tsp->smk_task;
        struct inode *inode = file_inode(file);
+        struct inode_smack *isp = inode->i_security;
        char acc[SMK_NUM_ACCESS_TYPE + 1];
+        if (isp->smk_flags & SMK_INODE_IMPURE)
+                pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
+                        inode->i_sb->s_id, inode->i_ino, current->comm);
        if (rc <= 0)
                return rc;
+        if (rc > SMACK_UNCONFINED_OBJECT)
+                rc = 0;
        smk_bu_mode(mode, acc);
-        pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
+        pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
                sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
                inode->i_sb->s_id, inode->i_ino, file,
                current->comm);
@@ -185,13 +216,20 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file,
        struct task_smack *tsp = cred->security;
        struct smack_known *sskp = tsp->smk_task;
        struct inode *inode = file->f_inode;
+        struct inode_smack *isp = inode->i_security;
        char acc[SMK_NUM_ACCESS_TYPE + 1];
+        if (isp->smk_flags & SMK_INODE_IMPURE)
+                pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
+                        inode->i_sb->s_id, inode->i_ino, current->comm);
        if (rc <= 0)
                return rc;
+        if (rc > SMACK_UNCONFINED_OBJECT)
+                rc = 0;
        smk_bu_mode(mode, acc);
-        pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
+        pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
                sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
                inode->i_sb->s_id, inode->i_ino, file,
                current->comm);
@@ -2449,7 +2487,21 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
 static int smack_socket_post_create(struct socket *sock, int family,
                                    int type, int protocol, int kern)
 {
-        if (family != PF_INET || sock->sk == NULL)
+        struct socket_smack *ssp;
+        if (sock->sk == NULL)
+                return 0;
+        /*
+         * Sockets created by kernel threads receive web label.
+         */
+        if (unlikely(current->flags & PF_KTHREAD)) {
+                ssp = sock->sk->sk_security;
+                ssp->smk_in = &smack_known_web;
+                ssp->smk_out = &smack_known_web;
+        }
+        if (family != PF_INET)
                return 0;
        /*
         * Set the outbound netlbl.
@@ -3983,6 +4035,36 @@ static int smack_key_permission(key_ref_t key_ref,
        rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
        return rc;
 }
+/*
+ * smack_key_getsecurity - Smack label tagging the key
+ * @key points to the key to be queried
+ * @_buffer points to a pointer that should be set to point to the
+ * resulting string (if no label or an error occurs).
+ * Return the length of the string (including terminating NUL) or -ve if
+ * an error.
+ * May also return 0 (and a NULL buffer pointer) if there is no label.
+ */
+static int smack_key_getsecurity(struct key *key, char **_buffer)
+{
+        struct smack_known *skp = key->security;
+        size_t length;
+        char *copy;
+        if (key->security == NULL) {
+                *_buffer = NULL;
+                return 0;
+        }
+        copy = kstrdup(skp->smk_known, GFP_KERNEL);
+        if (copy == NULL)
+                return -ENOMEM;
+        length = strlen(copy) + 1;
+        *_buffer = copy;
+        return length;
+}
 #endif /* CONFIG_KEYS */
 /*
@@ -4307,6 +4389,7 @@ struct security_operations smack_ops = {
        .key_alloc =                    smack_key_alloc,
        .key_free =                     smack_key_free,
        .key_permission =               smack_key_permission,
+        .key_getsecurity =              smack_key_getsecurity,
 #endif /* CONFIG_KEYS */
 /* Audit hooks */
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index bce4e8f1b267..06f719ed63c9 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -54,6 +54,9 @@ enum smk_inos {
        SMK_CHANGE_RULE = 19,   /* change or add rules (long labels) */
        SMK_SYSLOG      = 20,   /* change syslog label) */
        SMK_PTRACE      = 21,   /* set ptrace rule */
+#ifdef CONFIG_SECURITY_SMACK_BRINGUP
+        SMK_UNCONFINED  = 22,   /* define an unconfined label */
+#endif
 };
 /*
@@ -61,7 +64,6 @@ enum smk_inos {
 */
 static DEFINE_MUTEX(smack_cipso_lock);
 static DEFINE_MUTEX(smack_ambient_lock);
-static DEFINE_MUTEX(smack_syslog_lock);
 static DEFINE_MUTEX(smk_netlbladdr_lock);
 /*
@@ -95,6 +97,16 @@ int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
 */
 struct smack_known *smack_onlycap;
+#ifdef CONFIG_SECURITY_SMACK_BRINGUP
+/*
+ * Allow one label to be unconfined. This is for
+ * debugging and application bring-up purposes only.
+ * It is bad and wrong, but everyone seems to expect
+ * to have it.
+ */
+struct smack_known *smack_unconfined;
+#endif
 /*
 * If this value is set restrict syslog use to the label specified.
 * It can be reset via smackfs/syslog
@@ -1717,6 +1729,85 @@ static const struct file_operations smk_onlycap_ops = {
        .llseek         = default_llseek,
 };
+#ifdef CONFIG_SECURITY_SMACK_BRINGUP
+/**
+ * smk_read_unconfined - read() for smackfs/unconfined
+ * @filp: file pointer, not actually used
+ * @buf: where to put the result
+ * @cn: maximum to send along
+ * @ppos: where to start
+ *
+ * Returns number of bytes read or error code, as appropriate
+ */
+static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
+                                        size_t cn, loff_t *ppos)
+{
+        char *smack = "";
+        ssize_t rc = -EINVAL;
+        int asize;
+        if (*ppos != 0)
+                return 0;
+        if (smack_unconfined != NULL)
+                smack = smack_unconfined->smk_known;
+        asize = strlen(smack) + 1;
+        if (cn >= asize)
+                rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
+        return rc;
+}
+/**
+ * smk_write_unconfined - write() for smackfs/unconfined
+ * @file: file pointer, not actually used
+ * @buf: where to get the data from
+ * @count: bytes sent
+ * @ppos: where to start
+ *
+ * Returns number of bytes written or error code, as appropriate
+ */
+static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
+                                        size_t count, loff_t *ppos)
+{
+        char *data;
+        int rc = count;
+        if (!smack_privileged(CAP_MAC_ADMIN))
+                return -EPERM;
+        data = kzalloc(count + 1, GFP_KERNEL);
+        if (data == NULL)
+                return -ENOMEM;
+        /*
+         * Should the null string be passed in unset the unconfined value.
+         * This seems like something to be careful with as usually
+         * smk_import only expects to return NULL for errors. It
+         * is usually the case that a nullstring or "\n" would be
+         * bad to pass to smk_import but in fact this is useful here.
+         *
+         * smk_import will also reject a label beginning with '-',
+         * so "-confine" will also work.
+         */
+        if (copy_from_user(data, buf, count) != 0)
+                rc = -EFAULT;
+        else
+                smack_unconfined = smk_import_entry(data, count);
+        kfree(data);
+        return rc;
+}
+static const struct file_operations smk_unconfined_ops = {
+        .read           = smk_read_unconfined,
+        .write          = smk_write_unconfined,
+        .llseek         = default_llseek,
+};
+#endif /* CONFIG_SECURITY_SMACK_BRINGUP */
 /**
 * smk_read_logging - read() for /smack/logging
 * @filp: file pointer, not actually used
@@ -2384,6 +2475,10 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
                        "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
                [SMK_PTRACE] = {
                        "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
+#ifdef CONFIG_SECURITY_SMACK_BRINGUP
+                [SMK_UNCONFINED] = {
+                        "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
+#endif
                /* last one */
                        {""}
        };
author	Linus Torvalds <torvalds@linux-foundation.org>	2015-04-15 14:08:27 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2015-04-15 14:08:27 -0400
commit	d488d3a4ce08e96dad5cb3b6117517d57ccec98f (patch)
tree	169b09c589e38f6d5f2ea0a9e25c6a9fb3ebf783 /security/smack
parent	cb906953d2c3fd450655d9fa833f03690ad50c23 (diff)
parent	5deeb5cece3f9b30c8129786726b9d02c412c8ca (diff)

diff --git a/security/smack/smack.h b/security/smack/smack.h index 67ccb7b2b89b..49eada6266ec 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h
@@ -105,6 +105,7 @@ struct task_smack {
105	#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */	105	#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */
106	#define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */	106	#define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */
107	#define SMK_INODE_CHANGED 0x04 /* smack was transmuted */	107	#define SMK_INODE_CHANGED 0x04 /* smack was transmuted */
		108	#define SMK_INODE_IMPURE 0x08 /* involved in an impure transaction */
108		109
109	/*	110	/*
110	* A label access rule.	111	* A label access rule.
@@ -193,6 +194,10 @@ struct smk_port_label {
193	#define MAY_LOCK 0x00002000 /* Locks should be writes, but ... */	194	#define MAY_LOCK 0x00002000 /* Locks should be writes, but ... */
194	#define MAY_BRINGUP 0x00004000 /* Report use of this rule */	195	#define MAY_BRINGUP 0x00004000 /* Report use of this rule */
195		196
		197	#define SMACK_BRINGUP_ALLOW 1 /* Allow bringup mode */
		198	#define SMACK_UNCONFINED_SUBJECT 2 /* Allow unconfined label */
		199	#define SMACK_UNCONFINED_OBJECT 3 /* Allow unconfined label */
		200
196	/*	201	/*
197	* Just to make the common cases easier to deal with	202	* Just to make the common cases easier to deal with
198	*/	203	*/
@@ -254,6 +259,9 @@ extern int smack_cipso_mapped;
254	extern struct smack_known *smack_net_ambient;	259	extern struct smack_known *smack_net_ambient;
255	extern struct smack_known *smack_onlycap;	260	extern struct smack_known *smack_onlycap;
256	extern struct smack_known *smack_syslog_label;	261	extern struct smack_known *smack_syslog_label;
		262	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
		263	extern struct smack_known *smack_unconfined;
		264	#endif
257	extern struct smack_known smack_cipso_option;	265	extern struct smack_known smack_cipso_option;
258	extern int smack_ptrace_rule;	266	extern int smack_ptrace_rule;
259		267


diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 1158430f5bb9..0f410fc56e33 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c
@@ -130,7 +130,8 @@ int smk_access(struct smack_known subject, struct smack_known object,
130		130
131	/*	131	/*
132	* Hardcoded comparisons.	132	* Hardcoded comparisons.
133	*	133	*/
		134	/*
134	* A star subject can't access any object.	135	* A star subject can't access any object.
135	*/	136	*/
136	if (subject == &smack_known_star) {	137	if (subject == &smack_known_star) {
@@ -189,10 +190,20 @@ int smk_access(struct smack_known subject, struct smack_known object,
189	* succeed because of "b" rules.	190	* succeed because of "b" rules.
190	*/	191	*/
191	if (may & MAY_BRINGUP)	192	if (may & MAY_BRINGUP)
192	rc = MAY_BRINGUP;	193	rc = SMACK_BRINGUP_ALLOW;
193	#endif	194	#endif
194		195
195	out_audit:	196	out_audit:
		197
		198	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
		199	if (rc < 0) {
		200	if (object == smack_unconfined)
		201	rc = SMACK_UNCONFINED_OBJECT;
		202	if (subject == smack_unconfined)
		203	rc = SMACK_UNCONFINED_SUBJECT;
		204	}
		205	#endif
		206
196	#ifdef CONFIG_AUDIT	207	#ifdef CONFIG_AUDIT
197	if (a)	208	if (a)
198	smack_log(subject->smk_known, object->smk_known,	209	smack_log(subject->smk_known, object->smk_known,
@@ -338,19 +349,16 @@ static void smack_log_callback(struct audit_buffer ab, void a)
338	void smack_log(char subject_label, char object_label, int request,	349	void smack_log(char subject_label, char object_label, int request,
339	int result, struct smk_audit_info *ad)	350	int result, struct smk_audit_info *ad)
340	{	351	{
		352	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
		353	char request_buffer[SMK_NUM_ACCESS_TYPE + 5];
		354	#else
341	char request_buffer[SMK_NUM_ACCESS_TYPE + 1];	355	char request_buffer[SMK_NUM_ACCESS_TYPE + 1];
		356	#endif
342	struct smack_audit_data *sad;	357	struct smack_audit_data *sad;
343	struct common_audit_data *a = &ad->a;	358	struct common_audit_data *a = &ad->a;
344		359
345	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
346	/*
347	* The result may be positive in bringup mode.
348	*/
349	if (result > 0)
350	result = 0;
351	#endif
352	/* check if we have to log the current event */	360	/* check if we have to log the current event */
353	if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)	361	if (result < 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
354	return;	362	return;
355	if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)	363	if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
356	return;	364	return;
@@ -364,6 +372,21 @@ void smack_log(char subject_label, char object_label, int request,
364	smack_str_from_perm(request_buffer, request);	372	smack_str_from_perm(request_buffer, request);
365	sad->subject = subject_label;	373	sad->subject = subject_label;
366	sad->object = object_label;	374	sad->object = object_label;
		375	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
		376	/*
		377	* The result may be positive in bringup mode.
		378	* A positive result is an allow, but not for normal reasons.
		379	* Mark it as successful, but don't filter it out even if
		380	* the logging policy says to do so.
		381	*/
		382	if (result == SMACK_UNCONFINED_SUBJECT)
		383	strcat(request_buffer, "(US)");
		384	else if (result == SMACK_UNCONFINED_OBJECT)
		385	strcat(request_buffer, "(UO)");
		386
		387	if (result > 0)
		388	result = 0;
		389	#endif
367	sad->request = request_buffer;	390	sad->request = request_buffer;
368	sad->result = result;	391	sad->result = result;
369		392


diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1511965549b8..69fdc384af30 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -57,6 +57,13 @@ static struct kmem_cache *smack_inode_cache;
57	int smack_enabled;	57	int smack_enabled;
58		58
59	#ifdef CONFIG_SECURITY_SMACK_BRINGUP	59	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
		60	static char *smk_bu_mess[] = {
		61	"Bringup Error", /* Unused */
		62	"Bringup", /* SMACK_BRINGUP_ALLOW */
		63	"Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
		64	"Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
		65	};
		66
60	static void smk_bu_mode(int mode, char *s)	67	static void smk_bu_mode(int mode, char *s)
61	{	68	{
62	int i = 0;	69	int i = 0;
@@ -87,9 +94,11 @@ static int smk_bu_note(char note, struct smack_known sskp,
87		94
88	if (rc <= 0)	95	if (rc <= 0)
89	return rc;	96	return rc;
		97	if (rc > SMACK_UNCONFINED_OBJECT)
		98	rc = 0;
90		99
91	smk_bu_mode(mode, acc);	100	smk_bu_mode(mode, acc);
92	pr_info("Smack Bringup: (%s %s %s) %s\n",	101	pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
93	sskp->smk_known, oskp->smk_known, acc, note);	102	sskp->smk_known, oskp->smk_known, acc, note);
94	return 0;	103	return 0;
95	}	104	}
@@ -106,9 +115,11 @@ static int smk_bu_current(char note, struct smack_known oskp,
106		115
107	if (rc <= 0)	116	if (rc <= 0)
108	return rc;	117	return rc;
		118	if (rc > SMACK_UNCONFINED_OBJECT)
		119	rc = 0;
109		120
110	smk_bu_mode(mode, acc);	121	smk_bu_mode(mode, acc);
111	pr_info("Smack Bringup: (%s %s %s) %s %s\n",	122	pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
112	tsp->smk_task->smk_known, oskp->smk_known,	123	tsp->smk_task->smk_known, oskp->smk_known,
113	acc, current->comm, note);	124	acc, current->comm, note);
114	return 0;	125	return 0;
@@ -126,9 +137,11 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc)
126		137
127	if (rc <= 0)	138	if (rc <= 0)
128	return rc;	139	return rc;
		140	if (rc > SMACK_UNCONFINED_OBJECT)
		141	rc = 0;
129		142
130	smk_bu_mode(mode, acc);	143	smk_bu_mode(mode, acc);
131	pr_info("Smack Bringup: (%s %s %s) %s to %s\n",	144	pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
132	tsp->smk_task->smk_known, smk_task->smk_known, acc,	145	tsp->smk_task->smk_known, smk_task->smk_known, acc,
133	current->comm, otp->comm);	146	current->comm, otp->comm);
134	return 0;	147	return 0;
@@ -141,14 +154,25 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc)
141	static int smk_bu_inode(struct inode *inode, int mode, int rc)	154	static int smk_bu_inode(struct inode *inode, int mode, int rc)
142	{	155	{
143	struct task_smack *tsp = current_security();	156	struct task_smack *tsp = current_security();
		157	struct inode_smack *isp = inode->i_security;
144	char acc[SMK_NUM_ACCESS_TYPE + 1];	158	char acc[SMK_NUM_ACCESS_TYPE + 1];
145		159
		160	if (isp->smk_flags & SMK_INODE_IMPURE)
		161	pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
		162	inode->i_sb->s_id, inode->i_ino, current->comm);
		163
146	if (rc <= 0)	164	if (rc <= 0)
147	return rc;	165	return rc;
		166	if (rc > SMACK_UNCONFINED_OBJECT)
		167	rc = 0;
		168	if (rc == SMACK_UNCONFINED_SUBJECT &&
		169	(mode & (MAY_WRITE \| MAY_APPEND)))
		170	isp->smk_flags \|= SMK_INODE_IMPURE;
148		171
149	smk_bu_mode(mode, acc);	172	smk_bu_mode(mode, acc);
150	pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n",	173
151	tsp->smk_task->smk_known, smk_of_inode(inode)->smk_known, acc,	174	pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
		175	tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
152	inode->i_sb->s_id, inode->i_ino, current->comm);	176	inode->i_sb->s_id, inode->i_ino, current->comm);
153	return 0;	177	return 0;
154	}	178	}
@@ -162,13 +186,20 @@ static int smk_bu_file(struct file *file, int mode, int rc)
162	struct task_smack *tsp = current_security();	186	struct task_smack *tsp = current_security();
163	struct smack_known *sskp = tsp->smk_task;	187	struct smack_known *sskp = tsp->smk_task;
164	struct inode *inode = file_inode(file);	188	struct inode *inode = file_inode(file);
		189	struct inode_smack *isp = inode->i_security;
165	char acc[SMK_NUM_ACCESS_TYPE + 1];	190	char acc[SMK_NUM_ACCESS_TYPE + 1];
166		191
		192	if (isp->smk_flags & SMK_INODE_IMPURE)
		193	pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
		194	inode->i_sb->s_id, inode->i_ino, current->comm);
		195
167	if (rc <= 0)	196	if (rc <= 0)
168	return rc;	197	return rc;
		198	if (rc > SMACK_UNCONFINED_OBJECT)
		199	rc = 0;
169		200
170	smk_bu_mode(mode, acc);	201	smk_bu_mode(mode, acc);
171	pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",	202	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
172	sskp->smk_known, smk_of_inode(inode)->smk_known, acc,	203	sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
173	inode->i_sb->s_id, inode->i_ino, file,	204	inode->i_sb->s_id, inode->i_ino, file,
174	current->comm);	205	current->comm);
@@ -185,13 +216,20 @@ static int smk_bu_credfile(const struct cred cred, struct file file,
185	struct task_smack *tsp = cred->security;	216	struct task_smack *tsp = cred->security;
186	struct smack_known *sskp = tsp->smk_task;	217	struct smack_known *sskp = tsp->smk_task;
187	struct inode *inode = file->f_inode;	218	struct inode *inode = file->f_inode;
		219	struct inode_smack *isp = inode->i_security;
188	char acc[SMK_NUM_ACCESS_TYPE + 1];	220	char acc[SMK_NUM_ACCESS_TYPE + 1];
189		221
		222	if (isp->smk_flags & SMK_INODE_IMPURE)
		223	pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
		224	inode->i_sb->s_id, inode->i_ino, current->comm);
		225
190	if (rc <= 0)	226	if (rc <= 0)
191	return rc;	227	return rc;
		228	if (rc > SMACK_UNCONFINED_OBJECT)
		229	rc = 0;
192		230
193	smk_bu_mode(mode, acc);	231	smk_bu_mode(mode, acc);
194	pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",	232	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
195	sskp->smk_known, smk_of_inode(inode)->smk_known, acc,	233	sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
196	inode->i_sb->s_id, inode->i_ino, file,	234	inode->i_sb->s_id, inode->i_ino, file,
197	current->comm);	235	current->comm);
@@ -2449,7 +2487,21 @@ static int smack_inode_setsecurity(struct inode inode, const char name,
2449	static int smack_socket_post_create(struct socket *sock, int family,	2487	static int smack_socket_post_create(struct socket *sock, int family,
2450	int type, int protocol, int kern)	2488	int type, int protocol, int kern)
2451	{	2489	{
2452	if (family != PF_INET \|\| sock->sk == NULL)	2490	struct socket_smack *ssp;
		2491
		2492	if (sock->sk == NULL)
		2493	return 0;
		2494
		2495	/*
		2496	* Sockets created by kernel threads receive web label.
		2497	*/
		2498	if (unlikely(current->flags & PF_KTHREAD)) {
		2499	ssp = sock->sk->sk_security;
		2500	ssp->smk_in = &smack_known_web;
		2501	ssp->smk_out = &smack_known_web;
		2502	}
		2503
		2504	if (family != PF_INET)
2453	return 0;	2505	return 0;
2454	/*	2506	/*
2455	* Set the outbound netlbl.	2507	* Set the outbound netlbl.
@@ -3983,6 +4035,36 @@ static int smack_key_permission(key_ref_t key_ref,
3983	rc = smk_bu_note("key access", tkp, keyp->security, request, rc);	4035	rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
3984	return rc;	4036	return rc;
3985	}	4037	}
		4038
		4039	/*
		4040	* smack_key_getsecurity - Smack label tagging the key
		4041	* @key points to the key to be queried
		4042	* @_buffer points to a pointer that should be set to point to the
		4043	* resulting string (if no label or an error occurs).
		4044	* Return the length of the string (including terminating NUL) or -ve if
		4045	* an error.
		4046	* May also return 0 (and a NULL buffer pointer) if there is no label.
		4047	*/
		4048	static int smack_key_getsecurity(struct key key, char *_buffer)
		4049	{
		4050	struct smack_known *skp = key->security;
		4051	size_t length;
		4052	char *copy;
		4053
		4054	if (key->security == NULL) {
		4055	*_buffer = NULL;
		4056	return 0;
		4057	}
		4058
		4059	copy = kstrdup(skp->smk_known, GFP_KERNEL);
		4060	if (copy == NULL)
		4061	return -ENOMEM;
		4062	length = strlen(copy) + 1;
		4063
		4064	*_buffer = copy;
		4065	return length;
		4066	}
		4067
3986	#endif /* CONFIG_KEYS */	4068	#endif /* CONFIG_KEYS */
3987		4069
3988	/*	4070	/*
@@ -4307,6 +4389,7 @@ struct security_operations smack_ops = {
4307	.key_alloc = smack_key_alloc,	4389	.key_alloc = smack_key_alloc,
4308	.key_free = smack_key_free,	4390	.key_free = smack_key_free,
4309	.key_permission = smack_key_permission,	4391	.key_permission = smack_key_permission,
		4392	.key_getsecurity = smack_key_getsecurity,
4310	#endif /* CONFIG_KEYS */	4393	#endif /* CONFIG_KEYS */
4311		4394
4312	/* Audit hooks */	4395	/* Audit hooks */


diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index bce4e8f1b267..06f719ed63c9 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c
@@ -54,6 +54,9 @@ enum smk_inos {
54	SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */	54	SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */
55	SMK_SYSLOG = 20, /* change syslog label) */	55	SMK_SYSLOG = 20, /* change syslog label) */
56	SMK_PTRACE = 21, /* set ptrace rule */	56	SMK_PTRACE = 21, /* set ptrace rule */
		57	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
		58	SMK_UNCONFINED = 22, /* define an unconfined label */
		59	#endif
57	};	60	};
58		61
59	/*	62	/*
@@ -61,7 +64,6 @@ enum smk_inos {
61	*/	64	*/
62	static DEFINE_MUTEX(smack_cipso_lock);	65	static DEFINE_MUTEX(smack_cipso_lock);
63	static DEFINE_MUTEX(smack_ambient_lock);	66	static DEFINE_MUTEX(smack_ambient_lock);
64	static DEFINE_MUTEX(smack_syslog_lock);
65	static DEFINE_MUTEX(smk_netlbladdr_lock);	67	static DEFINE_MUTEX(smk_netlbladdr_lock);
66		68
67	/*	69	/*
@@ -95,6 +97,16 @@ int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
95	*/	97	*/
96	struct smack_known *smack_onlycap;	98	struct smack_known *smack_onlycap;
97		99
		100	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
		101	/*
		102	* Allow one label to be unconfined. This is for
		103	* debugging and application bring-up purposes only.
		104	* It is bad and wrong, but everyone seems to expect
		105	* to have it.
		106	*/
		107	struct smack_known *smack_unconfined;
		108	#endif
		109
98	/*	110	/*
99	* If this value is set restrict syslog use to the label specified.	111	* If this value is set restrict syslog use to the label specified.
100	* It can be reset via smackfs/syslog	112	* It can be reset via smackfs/syslog
@@ -1717,6 +1729,85 @@ static const struct file_operations smk_onlycap_ops = {
1717	.llseek = default_llseek,	1729	.llseek = default_llseek,
1718	};	1730	};
1719		1731
		1732	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
		1733	/**
		1734	* smk_read_unconfined - read() for smackfs/unconfined
		1735	* @filp: file pointer, not actually used
		1736	* @buf: where to put the result
		1737	* @cn: maximum to send along
		1738	* @ppos: where to start
		1739	*
		1740	* Returns number of bytes read or error code, as appropriate
		1741	*/
		1742	static ssize_t smk_read_unconfined(struct file filp, char __user buf,
		1743	size_t cn, loff_t *ppos)
		1744	{
		1745	char *smack = "";
		1746	ssize_t rc = -EINVAL;
		1747	int asize;
		1748
		1749	if (*ppos != 0)
		1750	return 0;
		1751
		1752	if (smack_unconfined != NULL)
		1753	smack = smack_unconfined->smk_known;
		1754
		1755	asize = strlen(smack) + 1;
		1756
		1757	if (cn >= asize)
		1758	rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
		1759
		1760	return rc;
		1761	}
		1762
		1763	/**
		1764	* smk_write_unconfined - write() for smackfs/unconfined
		1765	* @file: file pointer, not actually used
		1766	* @buf: where to get the data from
		1767	* @count: bytes sent
		1768	* @ppos: where to start
		1769	*
		1770	* Returns number of bytes written or error code, as appropriate
		1771	*/
		1772	static ssize_t smk_write_unconfined(struct file file, const char __user buf,
		1773	size_t count, loff_t *ppos)
		1774	{
		1775	char *data;
		1776	int rc = count;
		1777
		1778	if (!smack_privileged(CAP_MAC_ADMIN))
		1779	return -EPERM;
		1780
		1781	data = kzalloc(count + 1, GFP_KERNEL);
		1782	if (data == NULL)
		1783	return -ENOMEM;
		1784
		1785	/*
		1786	* Should the null string be passed in unset the unconfined value.
		1787	* This seems like something to be careful with as usually
		1788	* smk_import only expects to return NULL for errors. It
		1789	* is usually the case that a nullstring or "\n" would be
		1790	* bad to pass to smk_import but in fact this is useful here.
		1791	*
		1792	* smk_import will also reject a label beginning with '-',
		1793	* so "-confine" will also work.
		1794	*/
		1795	if (copy_from_user(data, buf, count) != 0)
		1796	rc = -EFAULT;
		1797	else
		1798	smack_unconfined = smk_import_entry(data, count);
		1799
		1800	kfree(data);
		1801	return rc;
		1802	}
		1803
		1804	static const struct file_operations smk_unconfined_ops = {
		1805	.read = smk_read_unconfined,
		1806	.write = smk_write_unconfined,
		1807	.llseek = default_llseek,
		1808	};
		1809	#endif /* CONFIG_SECURITY_SMACK_BRINGUP */
		1810
1720	/**	1811	/**
1721	* smk_read_logging - read() for /smack/logging	1812	* smk_read_logging - read() for /smack/logging
1722	* @filp: file pointer, not actually used	1813	* @filp: file pointer, not actually used
@@ -2384,6 +2475,10 @@ static int smk_fill_super(struct super_block sb, void data, int silent)
2384	"syslog", &smk_syslog_ops, S_IRUGO\|S_IWUSR},	2475	"syslog", &smk_syslog_ops, S_IRUGO\|S_IWUSR},
2385	[SMK_PTRACE] = {	2476	[SMK_PTRACE] = {
2386	"ptrace", &smk_ptrace_ops, S_IRUGO\|S_IWUSR},	2477	"ptrace", &smk_ptrace_ops, S_IRUGO\|S_IWUSR},
		2478	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
		2479	[SMK_UNCONFINED] = {
		2480	"unconfined", &smk_unconfined_ops, S_IRUGO\|S_IWUSR},
		2481	#endif
2387	/* last one */	2482	/* last one */
2388	{""}	2483	{""}
2389	};	2484	};