diff options
| author | David S. Miller <davem@davemloft.net> | 2008-02-23 23:38:20 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-02-23 23:38:20 -0500 |
| commit | 8d3c202be23c5a915f7053ebd4e96f44700c6a62 (patch) | |
| tree | e0f017aff86d3ad0b858fe85f44e11096087ed00 /security | |
| parent | 1b04ab4597725f75f94942da9aa40daa7b9a4bd9 (diff) | |
| parent | 038eb0ea04b245351be34b0ae76b55eee4603989 (diff) | |
Merge branch 'master' of ../linux-2.6/
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 2 | ||||
| -rw-r--r-- | security/selinux/avc.c | 15 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 32 | ||||
| -rw-r--r-- | security/selinux/include/avc.h | 6 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 134 | ||||
| -rw-r--r-- | security/smack/smackfs.c | 61 |
6 files changed, 181 insertions, 69 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 5aba82679a0b..bb0c095f5761 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -552,7 +552,7 @@ int cap_task_kill(struct task_struct *p, struct siginfo *info, | |||
| 552 | * allowed. | 552 | * allowed. |
| 553 | * We must preserve legacy signal behavior in this case. | 553 | * We must preserve legacy signal behavior in this case. |
| 554 | */ | 554 | */ |
| 555 | if (p->euid == 0 && p->uid == current->uid) | 555 | if (p->uid == current->uid) |
| 556 | return 0; | 556 | return 0; |
| 557 | 557 | ||
| 558 | /* sigcont is permitted within same session */ | 558 | /* sigcont is permitted within same session */ |
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index e8529e2f51e5..187964e88af1 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -568,10 +568,11 @@ void avc_audit(u32 ssid, u32 tsid, | |||
| 568 | audit_log_format(ab, " capability=%d", a->u.cap); | 568 | audit_log_format(ab, " capability=%d", a->u.cap); |
| 569 | break; | 569 | break; |
| 570 | case AVC_AUDIT_DATA_FS: | 570 | case AVC_AUDIT_DATA_FS: |
| 571 | if (a->u.fs.dentry) { | 571 | if (a->u.fs.path.dentry) { |
| 572 | struct dentry *dentry = a->u.fs.dentry; | 572 | struct dentry *dentry = a->u.fs.path.dentry; |
| 573 | if (a->u.fs.mnt) { | 573 | if (a->u.fs.path.mnt) { |
| 574 | audit_log_d_path(ab, "path=", dentry, a->u.fs.mnt); | 574 | audit_log_d_path(ab, "path=", |
| 575 | &a->u.fs.path); | ||
| 575 | } else { | 576 | } else { |
| 576 | audit_log_format(ab, " name="); | 577 | audit_log_format(ab, " name="); |
| 577 | audit_log_untrustedstring(ab, dentry->d_name.name); | 578 | audit_log_untrustedstring(ab, dentry->d_name.name); |
| @@ -626,8 +627,12 @@ void avc_audit(u32 ssid, u32 tsid, | |||
| 626 | case AF_UNIX: | 627 | case AF_UNIX: |
| 627 | u = unix_sk(sk); | 628 | u = unix_sk(sk); |
| 628 | if (u->dentry) { | 629 | if (u->dentry) { |
| 630 | struct path path = { | ||
| 631 | .dentry = u->dentry, | ||
| 632 | .mnt = u->mnt | ||
| 633 | }; | ||
| 629 | audit_log_d_path(ab, "path=", | 634 | audit_log_d_path(ab, "path=", |
| 630 | u->dentry, u->mnt); | 635 | &path); |
| 631 | break; | 636 | break; |
| 632 | } | 637 | } |
| 633 | if (!u->addr) | 638 | if (!u->addr) |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 44f16d9041e3..75c2e99bfb81 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1356,8 +1356,8 @@ static inline int dentry_has_perm(struct task_struct *tsk, | |||
| 1356 | struct inode *inode = dentry->d_inode; | 1356 | struct inode *inode = dentry->d_inode; |
| 1357 | struct avc_audit_data ad; | 1357 | struct avc_audit_data ad; |
| 1358 | AVC_AUDIT_DATA_INIT(&ad,FS); | 1358 | AVC_AUDIT_DATA_INIT(&ad,FS); |
| 1359 | ad.u.fs.mnt = mnt; | 1359 | ad.u.fs.path.mnt = mnt; |
| 1360 | ad.u.fs.dentry = dentry; | 1360 | ad.u.fs.path.dentry = dentry; |
| 1361 | return inode_has_perm(tsk, inode, av, &ad); | 1361 | return inode_has_perm(tsk, inode, av, &ad); |
| 1362 | } | 1362 | } |
| 1363 | 1363 | ||
| @@ -1375,15 +1375,12 @@ static int file_has_perm(struct task_struct *tsk, | |||
| 1375 | { | 1375 | { |
| 1376 | struct task_security_struct *tsec = tsk->security; | 1376 | struct task_security_struct *tsec = tsk->security; |
| 1377 | struct file_security_struct *fsec = file->f_security; | 1377 | struct file_security_struct *fsec = file->f_security; |
| 1378 | struct vfsmount *mnt = file->f_path.mnt; | 1378 | struct inode *inode = file->f_path.dentry->d_inode; |
| 1379 | struct dentry *dentry = file->f_path.dentry; | ||
| 1380 | struct inode *inode = dentry->d_inode; | ||
| 1381 | struct avc_audit_data ad; | 1379 | struct avc_audit_data ad; |
| 1382 | int rc; | 1380 | int rc; |
| 1383 | 1381 | ||
| 1384 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1382 | AVC_AUDIT_DATA_INIT(&ad, FS); |
| 1385 | ad.u.fs.mnt = mnt; | 1383 | ad.u.fs.path = file->f_path; |
| 1386 | ad.u.fs.dentry = dentry; | ||
| 1387 | 1384 | ||
| 1388 | if (tsec->sid != fsec->sid) { | 1385 | if (tsec->sid != fsec->sid) { |
| 1389 | rc = avc_has_perm(tsec->sid, fsec->sid, | 1386 | rc = avc_has_perm(tsec->sid, fsec->sid, |
| @@ -1418,7 +1415,7 @@ static int may_create(struct inode *dir, | |||
| 1418 | sbsec = dir->i_sb->s_security; | 1415 | sbsec = dir->i_sb->s_security; |
| 1419 | 1416 | ||
| 1420 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1417 | AVC_AUDIT_DATA_INIT(&ad, FS); |
| 1421 | ad.u.fs.dentry = dentry; | 1418 | ad.u.fs.path.dentry = dentry; |
| 1422 | 1419 | ||
| 1423 | rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, | 1420 | rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, |
| 1424 | DIR__ADD_NAME | DIR__SEARCH, | 1421 | DIR__ADD_NAME | DIR__SEARCH, |
| @@ -1476,7 +1473,7 @@ static int may_link(struct inode *dir, | |||
| 1476 | isec = dentry->d_inode->i_security; | 1473 | isec = dentry->d_inode->i_security; |
| 1477 | 1474 | ||
| 1478 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1475 | AVC_AUDIT_DATA_INIT(&ad, FS); |
| 1479 | ad.u.fs.dentry = dentry; | 1476 | ad.u.fs.path.dentry = dentry; |
| 1480 | 1477 | ||
| 1481 | av = DIR__SEARCH; | 1478 | av = DIR__SEARCH; |
| 1482 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); | 1479 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); |
| @@ -1523,7 +1520,7 @@ static inline int may_rename(struct inode *old_dir, | |||
| 1523 | 1520 | ||
| 1524 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1521 | AVC_AUDIT_DATA_INIT(&ad, FS); |
| 1525 | 1522 | ||
| 1526 | ad.u.fs.dentry = old_dentry; | 1523 | ad.u.fs.path.dentry = old_dentry; |
| 1527 | rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR, | 1524 | rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR, |
| 1528 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); | 1525 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); |
| 1529 | if (rc) | 1526 | if (rc) |
| @@ -1539,7 +1536,7 @@ static inline int may_rename(struct inode *old_dir, | |||
| 1539 | return rc; | 1536 | return rc; |
| 1540 | } | 1537 | } |
| 1541 | 1538 | ||
| 1542 | ad.u.fs.dentry = new_dentry; | 1539 | ad.u.fs.path.dentry = new_dentry; |
| 1543 | av = DIR__ADD_NAME | DIR__SEARCH; | 1540 | av = DIR__ADD_NAME | DIR__SEARCH; |
| 1544 | if (new_dentry->d_inode) | 1541 | if (new_dentry->d_inode) |
| 1545 | av |= DIR__REMOVE_NAME; | 1542 | av |= DIR__REMOVE_NAME; |
| @@ -1918,8 +1915,7 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm) | |||
| 1918 | } | 1915 | } |
| 1919 | 1916 | ||
| 1920 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1917 | AVC_AUDIT_DATA_INIT(&ad, FS); |
| 1921 | ad.u.fs.mnt = bprm->file->f_path.mnt; | 1918 | ad.u.fs.path = bprm->file->f_path; |
| 1922 | ad.u.fs.dentry = bprm->file->f_path.dentry; | ||
| 1923 | 1919 | ||
| 1924 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) | 1920 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
| 1925 | newsid = tsec->sid; | 1921 | newsid = tsec->sid; |
| @@ -2315,7 +2311,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data) | |||
| 2315 | return rc; | 2311 | return rc; |
| 2316 | 2312 | ||
| 2317 | AVC_AUDIT_DATA_INIT(&ad,FS); | 2313 | AVC_AUDIT_DATA_INIT(&ad,FS); |
| 2318 | ad.u.fs.dentry = sb->s_root; | 2314 | ad.u.fs.path.dentry = sb->s_root; |
| 2319 | return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); | 2315 | return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); |
| 2320 | } | 2316 | } |
| 2321 | 2317 | ||
| @@ -2324,7 +2320,7 @@ static int selinux_sb_statfs(struct dentry *dentry) | |||
| 2324 | struct avc_audit_data ad; | 2320 | struct avc_audit_data ad; |
| 2325 | 2321 | ||
| 2326 | AVC_AUDIT_DATA_INIT(&ad,FS); | 2322 | AVC_AUDIT_DATA_INIT(&ad,FS); |
| 2327 | ad.u.fs.dentry = dentry->d_sb->s_root; | 2323 | ad.u.fs.path.dentry = dentry->d_sb->s_root; |
| 2328 | return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad); | 2324 | return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad); |
| 2329 | } | 2325 | } |
| 2330 | 2326 | ||
| @@ -2341,10 +2337,10 @@ static int selinux_mount(char * dev_name, | |||
| 2341 | return rc; | 2337 | return rc; |
| 2342 | 2338 | ||
| 2343 | if (flags & MS_REMOUNT) | 2339 | if (flags & MS_REMOUNT) |
| 2344 | return superblock_has_perm(current, nd->mnt->mnt_sb, | 2340 | return superblock_has_perm(current, nd->path.mnt->mnt_sb, |
| 2345 | FILESYSTEM__REMOUNT, NULL); | 2341 | FILESYSTEM__REMOUNT, NULL); |
| 2346 | else | 2342 | else |
| 2347 | return dentry_has_perm(current, nd->mnt, nd->dentry, | 2343 | return dentry_has_perm(current, nd->path.mnt, nd->path.dentry, |
| 2348 | FILE__MOUNTON); | 2344 | FILE__MOUNTON); |
| 2349 | } | 2345 | } |
| 2350 | 2346 | ||
| @@ -2587,7 +2583,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value | |||
| 2587 | return -EPERM; | 2583 | return -EPERM; |
| 2588 | 2584 | ||
| 2589 | AVC_AUDIT_DATA_INIT(&ad,FS); | 2585 | AVC_AUDIT_DATA_INIT(&ad,FS); |
| 2590 | ad.u.fs.dentry = dentry; | 2586 | ad.u.fs.path.dentry = dentry; |
| 2591 | 2587 | ||
| 2592 | rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, | 2588 | rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, |
| 2593 | FILE__RELABELFROM, &ad); | 2589 | FILE__RELABELFROM, &ad); |
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 80c28fa6621c..8e23d7a873a4 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h | |||
| @@ -13,6 +13,7 @@ | |||
| 13 | #include <linux/spinlock.h> | 13 | #include <linux/spinlock.h> |
| 14 | #include <linux/init.h> | 14 | #include <linux/init.h> |
| 15 | #include <linux/in6.h> | 15 | #include <linux/in6.h> |
| 16 | #include <linux/path.h> | ||
| 16 | #include <asm/system.h> | 17 | #include <asm/system.h> |
| 17 | #include "flask.h" | 18 | #include "flask.h" |
| 18 | #include "av_permissions.h" | 19 | #include "av_permissions.h" |
| @@ -30,8 +31,6 @@ extern int selinux_enforcing; | |||
| 30 | struct avc_entry; | 31 | struct avc_entry; |
| 31 | 32 | ||
| 32 | struct task_struct; | 33 | struct task_struct; |
| 33 | struct vfsmount; | ||
| 34 | struct dentry; | ||
| 35 | struct inode; | 34 | struct inode; |
| 36 | struct sock; | 35 | struct sock; |
| 37 | struct sk_buff; | 36 | struct sk_buff; |
| @@ -46,8 +45,7 @@ struct avc_audit_data { | |||
| 46 | struct task_struct *tsk; | 45 | struct task_struct *tsk; |
| 47 | union { | 46 | union { |
| 48 | struct { | 47 | struct { |
| 49 | struct vfsmount *mnt; | 48 | struct path path; |
| 50 | struct dentry *dentry; | ||
| 51 | struct inode *inode; | 49 | struct inode *inode; |
| 52 | } fs; | 50 | } fs; |
| 53 | struct { | 51 | struct { |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1c11e4245859..770eb067e165 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -325,7 +325,7 @@ static int smack_sb_statfs(struct dentry *dentry) | |||
| 325 | static int smack_sb_mount(char *dev_name, struct nameidata *nd, | 325 | static int smack_sb_mount(char *dev_name, struct nameidata *nd, |
| 326 | char *type, unsigned long flags, void *data) | 326 | char *type, unsigned long flags, void *data) |
| 327 | { | 327 | { |
| 328 | struct superblock_smack *sbp = nd->mnt->mnt_sb->s_security; | 328 | struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security; |
| 329 | 329 | ||
| 330 | return smk_curacc(sbp->smk_floor, MAY_WRITE); | 330 | return smk_curacc(sbp->smk_floor, MAY_WRITE); |
| 331 | } | 331 | } |
| @@ -584,14 +584,20 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | |||
| 584 | static int smack_inode_setxattr(struct dentry *dentry, char *name, | 584 | static int smack_inode_setxattr(struct dentry *dentry, char *name, |
| 585 | void *value, size_t size, int flags) | 585 | void *value, size_t size, int flags) |
| 586 | { | 586 | { |
| 587 | if (!capable(CAP_MAC_ADMIN)) { | 587 | int rc = 0; |
| 588 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || | ||
| 589 | strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || | ||
| 590 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) | ||
| 591 | return -EPERM; | ||
| 592 | } | ||
| 593 | 588 | ||
| 594 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); | 589 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || |
| 590 | strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || | ||
| 591 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { | ||
| 592 | if (!capable(CAP_MAC_ADMIN)) | ||
| 593 | rc = -EPERM; | ||
| 594 | } else | ||
| 595 | rc = cap_inode_setxattr(dentry, name, value, size, flags); | ||
| 596 | |||
| 597 | if (rc == 0) | ||
| 598 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); | ||
| 599 | |||
| 600 | return rc; | ||
| 595 | } | 601 | } |
| 596 | 602 | ||
| 597 | /** | 603 | /** |
| @@ -658,10 +664,20 @@ static int smack_inode_getxattr(struct dentry *dentry, char *name) | |||
| 658 | */ | 664 | */ |
| 659 | static int smack_inode_removexattr(struct dentry *dentry, char *name) | 665 | static int smack_inode_removexattr(struct dentry *dentry, char *name) |
| 660 | { | 666 | { |
| 661 | if (strcmp(name, XATTR_NAME_SMACK) == 0 && !capable(CAP_MAC_ADMIN)) | 667 | int rc = 0; |
| 662 | return -EPERM; | ||
| 663 | 668 | ||
| 664 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); | 669 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || |
| 670 | strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || | ||
| 671 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { | ||
| 672 | if (!capable(CAP_MAC_ADMIN)) | ||
| 673 | rc = -EPERM; | ||
| 674 | } else | ||
| 675 | rc = cap_inode_removexattr(dentry, name); | ||
| 676 | |||
| 677 | if (rc == 0) | ||
| 678 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); | ||
| 679 | |||
| 680 | return rc; | ||
| 665 | } | 681 | } |
| 666 | 682 | ||
| 667 | /** | 683 | /** |
| @@ -701,7 +717,7 @@ static int smack_inode_getsecurity(const struct inode *inode, | |||
| 701 | return -EOPNOTSUPP; | 717 | return -EOPNOTSUPP; |
| 702 | 718 | ||
| 703 | sock = SOCKET_I(ip); | 719 | sock = SOCKET_I(ip); |
| 704 | if (sock == NULL) | 720 | if (sock == NULL || sock->sk == NULL) |
| 705 | return -EOPNOTSUPP; | 721 | return -EOPNOTSUPP; |
| 706 | 722 | ||
| 707 | ssp = sock->sk->sk_security; | 723 | ssp = sock->sk->sk_security; |
| @@ -1016,7 +1032,12 @@ static void smack_task_getsecid(struct task_struct *p, u32 *secid) | |||
| 1016 | */ | 1032 | */ |
| 1017 | static int smack_task_setnice(struct task_struct *p, int nice) | 1033 | static int smack_task_setnice(struct task_struct *p, int nice) |
| 1018 | { | 1034 | { |
| 1019 | return smk_curacc(p->security, MAY_WRITE); | 1035 | int rc; |
| 1036 | |||
| 1037 | rc = cap_task_setnice(p, nice); | ||
| 1038 | if (rc == 0) | ||
| 1039 | rc = smk_curacc(p->security, MAY_WRITE); | ||
| 1040 | return rc; | ||
| 1020 | } | 1041 | } |
| 1021 | 1042 | ||
| 1022 | /** | 1043 | /** |
| @@ -1028,7 +1049,12 @@ static int smack_task_setnice(struct task_struct *p, int nice) | |||
| 1028 | */ | 1049 | */ |
| 1029 | static int smack_task_setioprio(struct task_struct *p, int ioprio) | 1050 | static int smack_task_setioprio(struct task_struct *p, int ioprio) |
| 1030 | { | 1051 | { |
| 1031 | return smk_curacc(p->security, MAY_WRITE); | 1052 | int rc; |
| 1053 | |||
| 1054 | rc = cap_task_setioprio(p, ioprio); | ||
| 1055 | if (rc == 0) | ||
| 1056 | rc = smk_curacc(p->security, MAY_WRITE); | ||
| 1057 | return rc; | ||
| 1032 | } | 1058 | } |
| 1033 | 1059 | ||
| 1034 | /** | 1060 | /** |
| @@ -1053,7 +1079,12 @@ static int smack_task_getioprio(struct task_struct *p) | |||
| 1053 | static int smack_task_setscheduler(struct task_struct *p, int policy, | 1079 | static int smack_task_setscheduler(struct task_struct *p, int policy, |
| 1054 | struct sched_param *lp) | 1080 | struct sched_param *lp) |
| 1055 | { | 1081 | { |
| 1056 | return smk_curacc(p->security, MAY_WRITE); | 1082 | int rc; |
| 1083 | |||
| 1084 | rc = cap_task_setscheduler(p, policy, lp); | ||
| 1085 | if (rc == 0) | ||
| 1086 | rc = smk_curacc(p->security, MAY_WRITE); | ||
| 1087 | return rc; | ||
| 1057 | } | 1088 | } |
| 1058 | 1089 | ||
| 1059 | /** | 1090 | /** |
| @@ -1093,6 +1124,11 @@ static int smack_task_movememory(struct task_struct *p) | |||
| 1093 | static int smack_task_kill(struct task_struct *p, struct siginfo *info, | 1124 | static int smack_task_kill(struct task_struct *p, struct siginfo *info, |
| 1094 | int sig, u32 secid) | 1125 | int sig, u32 secid) |
| 1095 | { | 1126 | { |
| 1127 | int rc; | ||
| 1128 | |||
| 1129 | rc = cap_task_kill(p, info, sig, secid); | ||
| 1130 | if (rc != 0) | ||
| 1131 | return rc; | ||
| 1096 | /* | 1132 | /* |
| 1097 | * Special cases where signals really ought to go through | 1133 | * Special cases where signals really ought to go through |
| 1098 | * in spite of policy. Stephen Smalley suggests it may | 1134 | * in spite of policy. Stephen Smalley suggests it may |
| @@ -1251,9 +1287,8 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) | |||
| 1251 | 1287 | ||
| 1252 | switch (smack_net_nltype) { | 1288 | switch (smack_net_nltype) { |
| 1253 | case NETLBL_NLTYPE_CIPSOV4: | 1289 | case NETLBL_NLTYPE_CIPSOV4: |
| 1254 | nlsp->domain = NULL; | 1290 | nlsp->domain = kstrdup(smack, GFP_ATOMIC); |
| 1255 | nlsp->flags = NETLBL_SECATTR_DOMAIN; | 1291 | nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; |
| 1256 | nlsp->flags |= NETLBL_SECATTR_MLS_LVL; | ||
| 1257 | 1292 | ||
| 1258 | rc = smack_to_cipso(smack, &cipso); | 1293 | rc = smack_to_cipso(smack, &cipso); |
| 1259 | if (rc == 0) { | 1294 | if (rc == 0) { |
| @@ -1280,16 +1315,16 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) | |||
| 1280 | */ | 1315 | */ |
| 1281 | static int smack_netlabel(struct sock *sk) | 1316 | static int smack_netlabel(struct sock *sk) |
| 1282 | { | 1317 | { |
| 1283 | struct socket_smack *ssp = sk->sk_security; | 1318 | struct socket_smack *ssp; |
| 1284 | struct netlbl_lsm_secattr secattr; | 1319 | struct netlbl_lsm_secattr secattr; |
| 1285 | int rc = 0; | 1320 | int rc; |
| 1286 | 1321 | ||
| 1322 | ssp = sk->sk_security; | ||
| 1287 | netlbl_secattr_init(&secattr); | 1323 | netlbl_secattr_init(&secattr); |
| 1288 | smack_to_secattr(ssp->smk_out, &secattr); | 1324 | smack_to_secattr(ssp->smk_out, &secattr); |
| 1289 | if (secattr.flags != NETLBL_SECATTR_NONE) | 1325 | rc = netlbl_sock_setattr(sk, &secattr); |
| 1290 | rc = netlbl_sock_setattr(sk, &secattr); | ||
| 1291 | |||
| 1292 | netlbl_secattr_destroy(&secattr); | 1326 | netlbl_secattr_destroy(&secattr); |
| 1327 | |||
| 1293 | return rc; | 1328 | return rc; |
| 1294 | } | 1329 | } |
| 1295 | 1330 | ||
| @@ -1312,6 +1347,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, | |||
| 1312 | struct inode_smack *nsp = inode->i_security; | 1347 | struct inode_smack *nsp = inode->i_security; |
| 1313 | struct socket_smack *ssp; | 1348 | struct socket_smack *ssp; |
| 1314 | struct socket *sock; | 1349 | struct socket *sock; |
| 1350 | int rc = 0; | ||
| 1315 | 1351 | ||
| 1316 | if (value == NULL || size > SMK_LABELLEN) | 1352 | if (value == NULL || size > SMK_LABELLEN) |
| 1317 | return -EACCES; | 1353 | return -EACCES; |
| @@ -1331,7 +1367,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, | |||
| 1331 | return -EOPNOTSUPP; | 1367 | return -EOPNOTSUPP; |
| 1332 | 1368 | ||
| 1333 | sock = SOCKET_I(inode); | 1369 | sock = SOCKET_I(inode); |
| 1334 | if (sock == NULL) | 1370 | if (sock == NULL || sock->sk == NULL) |
| 1335 | return -EOPNOTSUPP; | 1371 | return -EOPNOTSUPP; |
| 1336 | 1372 | ||
| 1337 | ssp = sock->sk->sk_security; | 1373 | ssp = sock->sk->sk_security; |
| @@ -1340,7 +1376,10 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, | |||
| 1340 | ssp->smk_in = sp; | 1376 | ssp->smk_in = sp; |
| 1341 | else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { | 1377 | else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { |
| 1342 | ssp->smk_out = sp; | 1378 | ssp->smk_out = sp; |
| 1343 | return smack_netlabel(sock->sk); | 1379 | rc = smack_netlabel(sock->sk); |
| 1380 | if (rc != 0) | ||
| 1381 | printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n", | ||
| 1382 | __func__, -rc); | ||
| 1344 | } else | 1383 | } else |
| 1345 | return -EOPNOTSUPP; | 1384 | return -EOPNOTSUPP; |
| 1346 | 1385 | ||
| @@ -1362,7 +1401,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, | |||
| 1362 | static int smack_socket_post_create(struct socket *sock, int family, | 1401 | static int smack_socket_post_create(struct socket *sock, int family, |
| 1363 | int type, int protocol, int kern) | 1402 | int type, int protocol, int kern) |
| 1364 | { | 1403 | { |
| 1365 | if (family != PF_INET) | 1404 | if (family != PF_INET || sock->sk == NULL) |
| 1366 | return 0; | 1405 | return 0; |
| 1367 | /* | 1406 | /* |
| 1368 | * Set the outbound netlbl. | 1407 | * Set the outbound netlbl. |
| @@ -1775,6 +1814,27 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) | |||
| 1775 | return smk_curacc(isp, may); | 1814 | return smk_curacc(isp, may); |
| 1776 | } | 1815 | } |
| 1777 | 1816 | ||
| 1817 | /* module stacking operations */ | ||
| 1818 | |||
| 1819 | /** | ||
| 1820 | * smack_register_security - stack capability module | ||
| 1821 | * @name: module name | ||
| 1822 | * @ops: module operations - ignored | ||
| 1823 | * | ||
| 1824 | * Allow the capability module to register. | ||
| 1825 | */ | ||
| 1826 | static int smack_register_security(const char *name, | ||
| 1827 | struct security_operations *ops) | ||
| 1828 | { | ||
| 1829 | if (strcmp(name, "capability") != 0) | ||
| 1830 | return -EINVAL; | ||
| 1831 | |||
| 1832 | printk(KERN_INFO "%s: Registering secondary module %s\n", | ||
| 1833 | __func__, name); | ||
| 1834 | |||
| 1835 | return 0; | ||
| 1836 | } | ||
| 1837 | |||
| 1778 | /** | 1838 | /** |
| 1779 | * smack_d_instantiate - Make sure the blob is correct on an inode | 1839 | * smack_d_instantiate - Make sure the blob is correct on an inode |
| 1780 | * @opt_dentry: unused | 1840 | * @opt_dentry: unused |
| @@ -2213,6 +2273,9 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) | |||
| 2213 | ssp->smk_packet[0] = '\0'; | 2273 | ssp->smk_packet[0] = '\0'; |
| 2214 | 2274 | ||
| 2215 | rc = smack_netlabel(sk); | 2275 | rc = smack_netlabel(sk); |
| 2276 | if (rc != 0) | ||
| 2277 | printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n", | ||
| 2278 | __func__, -rc); | ||
| 2216 | } | 2279 | } |
| 2217 | 2280 | ||
| 2218 | /** | 2281 | /** |
| @@ -2345,6 +2408,20 @@ static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | |||
| 2345 | } | 2408 | } |
| 2346 | 2409 | ||
| 2347 | /* | 2410 | /* |
| 2411 | * smack_secctx_to_secid - return the secid for a smack label | ||
| 2412 | * @secdata: smack label | ||
| 2413 | * @seclen: how long result is | ||
| 2414 | * @secid: outgoing integer | ||
| 2415 | * | ||
| 2416 | * Exists for audit and networking code. | ||
| 2417 | */ | ||
| 2418 | static int smack_secctx_to_secid(char *secdata, u32 seclen, u32 *secid) | ||
| 2419 | { | ||
| 2420 | *secid = smack_to_secid(secdata); | ||
| 2421 | return 0; | ||
| 2422 | } | ||
| 2423 | |||
| 2424 | /* | ||
| 2348 | * smack_release_secctx - don't do anything. | 2425 | * smack_release_secctx - don't do anything. |
| 2349 | * @key_ref: unused | 2426 | * @key_ref: unused |
| 2350 | * @context: unused | 2427 | * @context: unused |
| @@ -2392,6 +2469,8 @@ static struct security_operations smack_ops = { | |||
| 2392 | .inode_post_setxattr = smack_inode_post_setxattr, | 2469 | .inode_post_setxattr = smack_inode_post_setxattr, |
| 2393 | .inode_getxattr = smack_inode_getxattr, | 2470 | .inode_getxattr = smack_inode_getxattr, |
| 2394 | .inode_removexattr = smack_inode_removexattr, | 2471 | .inode_removexattr = smack_inode_removexattr, |
| 2472 | .inode_need_killpriv = cap_inode_need_killpriv, | ||
| 2473 | .inode_killpriv = cap_inode_killpriv, | ||
| 2395 | .inode_getsecurity = smack_inode_getsecurity, | 2474 | .inode_getsecurity = smack_inode_getsecurity, |
| 2396 | .inode_setsecurity = smack_inode_setsecurity, | 2475 | .inode_setsecurity = smack_inode_setsecurity, |
| 2397 | .inode_listsecurity = smack_inode_listsecurity, | 2476 | .inode_listsecurity = smack_inode_listsecurity, |
| @@ -2451,6 +2530,8 @@ static struct security_operations smack_ops = { | |||
| 2451 | .netlink_send = cap_netlink_send, | 2530 | .netlink_send = cap_netlink_send, |
| 2452 | .netlink_recv = cap_netlink_recv, | 2531 | .netlink_recv = cap_netlink_recv, |
| 2453 | 2532 | ||
| 2533 | .register_security = smack_register_security, | ||
| 2534 | |||
| 2454 | .d_instantiate = smack_d_instantiate, | 2535 | .d_instantiate = smack_d_instantiate, |
| 2455 | 2536 | ||
| 2456 | .getprocattr = smack_getprocattr, | 2537 | .getprocattr = smack_getprocattr, |
| @@ -2474,6 +2555,7 @@ static struct security_operations smack_ops = { | |||
| 2474 | .key_permission = smack_key_permission, | 2555 | .key_permission = smack_key_permission, |
| 2475 | #endif /* CONFIG_KEYS */ | 2556 | #endif /* CONFIG_KEYS */ |
| 2476 | .secid_to_secctx = smack_secid_to_secctx, | 2557 | .secid_to_secctx = smack_secid_to_secctx, |
| 2558 | .secctx_to_secid = smack_secctx_to_secid, | ||
| 2477 | .release_secctx = smack_release_secctx, | 2559 | .release_secctx = smack_release_secctx, |
| 2478 | }; | 2560 | }; |
| 2479 | 2561 | ||
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 15aa37f65b39..358c92c1a153 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
| @@ -24,6 +24,7 @@ | |||
| 24 | #include <net/cipso_ipv4.h> | 24 | #include <net/cipso_ipv4.h> |
| 25 | #include <linux/seq_file.h> | 25 | #include <linux/seq_file.h> |
| 26 | #include <linux/ctype.h> | 26 | #include <linux/ctype.h> |
| 27 | #include <linux/audit.h> | ||
| 27 | #include "smack.h" | 28 | #include "smack.h" |
| 28 | 29 | ||
| 29 | /* | 30 | /* |
| @@ -45,6 +46,7 @@ enum smk_inos { | |||
| 45 | */ | 46 | */ |
| 46 | static DEFINE_MUTEX(smack_list_lock); | 47 | static DEFINE_MUTEX(smack_list_lock); |
| 47 | static DEFINE_MUTEX(smack_cipso_lock); | 48 | static DEFINE_MUTEX(smack_cipso_lock); |
| 49 | static DEFINE_MUTEX(smack_ambient_lock); | ||
| 48 | 50 | ||
| 49 | /* | 51 | /* |
| 50 | * This is the "ambient" label for network traffic. | 52 | * This is the "ambient" label for network traffic. |
| @@ -342,6 +344,9 @@ void smk_cipso_doi(void) | |||
| 342 | struct cipso_v4_doi *doip; | 344 | struct cipso_v4_doi *doip; |
| 343 | struct netlbl_audit audit_info; | 345 | struct netlbl_audit audit_info; |
| 344 | 346 | ||
| 347 | audit_info.loginuid = audit_get_loginuid(current); | ||
| 348 | audit_info.secid = smack_to_secid(current->security); | ||
| 349 | |||
| 345 | rc = netlbl_cfg_map_del(NULL, &audit_info); | 350 | rc = netlbl_cfg_map_del(NULL, &audit_info); |
| 346 | if (rc != 0) | 351 | if (rc != 0) |
| 347 | printk(KERN_WARNING "%s:%d remove rc = %d\n", | 352 | printk(KERN_WARNING "%s:%d remove rc = %d\n", |
| @@ -363,6 +368,30 @@ void smk_cipso_doi(void) | |||
| 363 | __func__, __LINE__, rc); | 368 | __func__, __LINE__, rc); |
| 364 | } | 369 | } |
| 365 | 370 | ||
| 371 | /** | ||
| 372 | * smk_unlbl_ambient - initialize the unlabeled domain | ||
| 373 | */ | ||
| 374 | void smk_unlbl_ambient(char *oldambient) | ||
| 375 | { | ||
| 376 | int rc; | ||
| 377 | struct netlbl_audit audit_info; | ||
| 378 | |||
| 379 | audit_info.loginuid = audit_get_loginuid(current); | ||
| 380 | audit_info.secid = smack_to_secid(current->security); | ||
| 381 | |||
| 382 | if (oldambient != NULL) { | ||
| 383 | rc = netlbl_cfg_map_del(oldambient, &audit_info); | ||
| 384 | if (rc != 0) | ||
| 385 | printk(KERN_WARNING "%s:%d remove rc = %d\n", | ||
| 386 | __func__, __LINE__, rc); | ||
| 387 | } | ||
| 388 | |||
| 389 | rc = netlbl_cfg_unlbl_add_map(smack_net_ambient, &audit_info); | ||
| 390 | if (rc != 0) | ||
| 391 | printk(KERN_WARNING "%s:%d add rc = %d\n", | ||
| 392 | __func__, __LINE__, rc); | ||
| 393 | } | ||
| 394 | |||
| 366 | /* | 395 | /* |
| 367 | * Seq_file read operations for /smack/cipso | 396 | * Seq_file read operations for /smack/cipso |
| 368 | */ | 397 | */ |
| @@ -709,7 +738,6 @@ static ssize_t smk_read_ambient(struct file *filp, char __user *buf, | |||
| 709 | size_t cn, loff_t *ppos) | 738 | size_t cn, loff_t *ppos) |
| 710 | { | 739 | { |
| 711 | ssize_t rc; | 740 | ssize_t rc; |
| 712 | char out[SMK_LABELLEN]; | ||
| 713 | int asize; | 741 | int asize; |
| 714 | 742 | ||
| 715 | if (*ppos != 0) | 743 | if (*ppos != 0) |
| @@ -717,23 +745,18 @@ static ssize_t smk_read_ambient(struct file *filp, char __user *buf, | |||
| 717 | /* | 745 | /* |
| 718 | * Being careful to avoid a problem in the case where | 746 | * Being careful to avoid a problem in the case where |
| 719 | * smack_net_ambient gets changed in midstream. | 747 | * smack_net_ambient gets changed in midstream. |
| 720 | * Since smack_net_ambient is always set with a value | ||
| 721 | * from the label list, including initially, and those | ||
| 722 | * never get freed, the worst case is that the pointer | ||
| 723 | * gets changed just after this strncpy, in which case | ||
| 724 | * the value passed up is incorrect. Locking around | ||
| 725 | * smack_net_ambient wouldn't be any better than this | ||
| 726 | * copy scheme as by the time the caller got to look | ||
| 727 | * at the ambient value it would have cleared the lock | ||
| 728 | * and been changed. | ||
| 729 | */ | 748 | */ |
| 730 | strncpy(out, smack_net_ambient, SMK_LABELLEN); | 749 | mutex_lock(&smack_ambient_lock); |
| 731 | asize = strlen(out) + 1; | ||
| 732 | 750 | ||
| 733 | if (cn < asize) | 751 | asize = strlen(smack_net_ambient) + 1; |
| 734 | return -EINVAL; | 752 | |
| 753 | if (cn >= asize) | ||
| 754 | rc = simple_read_from_buffer(buf, cn, ppos, | ||
| 755 | smack_net_ambient, asize); | ||
| 756 | else | ||
| 757 | rc = -EINVAL; | ||
| 735 | 758 | ||
| 736 | rc = simple_read_from_buffer(buf, cn, ppos, out, asize); | 759 | mutex_unlock(&smack_ambient_lock); |
| 737 | 760 | ||
| 738 | return rc; | 761 | return rc; |
| 739 | } | 762 | } |
| @@ -751,6 +774,7 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf, | |||
| 751 | size_t count, loff_t *ppos) | 774 | size_t count, loff_t *ppos) |
| 752 | { | 775 | { |
| 753 | char in[SMK_LABELLEN]; | 776 | char in[SMK_LABELLEN]; |
| 777 | char *oldambient; | ||
| 754 | char *smack; | 778 | char *smack; |
| 755 | 779 | ||
| 756 | if (!capable(CAP_MAC_ADMIN)) | 780 | if (!capable(CAP_MAC_ADMIN)) |
| @@ -766,7 +790,13 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf, | |||
| 766 | if (smack == NULL) | 790 | if (smack == NULL) |
| 767 | return -EINVAL; | 791 | return -EINVAL; |
| 768 | 792 | ||
| 793 | mutex_lock(&smack_ambient_lock); | ||
| 794 | |||
| 795 | oldambient = smack_net_ambient; | ||
| 769 | smack_net_ambient = smack; | 796 | smack_net_ambient = smack; |
| 797 | smk_unlbl_ambient(oldambient); | ||
| 798 | |||
| 799 | mutex_unlock(&smack_ambient_lock); | ||
| 770 | 800 | ||
| 771 | return count; | 801 | return count; |
| 772 | } | 802 | } |
| @@ -974,6 +1004,7 @@ static int __init init_smk_fs(void) | |||
| 974 | 1004 | ||
| 975 | sema_init(&smack_write_sem, 1); | 1005 | sema_init(&smack_write_sem, 1); |
| 976 | smk_cipso_doi(); | 1006 | smk_cipso_doi(); |
| 1007 | smk_unlbl_ambient(NULL); | ||
| 977 | 1008 | ||
| 978 | return err; | 1009 | return err; |
| 979 | } | 1010 | } |