aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-03-16 12:15:43 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2011-03-16 12:15:43 -0400
commit0f6e0e8448a16d8d22119ce91d8dd24b44865b51 (patch)
tree7c295c02db035fc6a0b867465911a2bc9dc6b1ef /security
parent0d2ecee2bdb2a19d04bc5cefac0f86e790f1aad4 (diff)
parenta002951c97ff8da49938c982a4c236bf2fafdc9f (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (33 commits) AppArmor: kill unused macros in lsm.c AppArmor: cleanup generated files correctly KEYS: Add an iovec version of KEYCTL_INSTANTIATE KEYS: Add a new keyctl op to reject a key with a specified error code KEYS: Add a key type op to permit the key description to be vetted KEYS: Add an RCU payload dereference macro AppArmor: Cleanup make file to remove cruft and make it easier to read SELinux: implement the new sb_remount LSM hook LSM: Pass -o remount options to the LSM SELinux: Compute SID for the newly created socket SELinux: Socket retains creator role and MLS attribute SELinux: Auto-generate security_is_socket_class TOMOYO: Fix memory leak upon file open. Revert "selinux: simplify ioctl checking" selinux: drop unused packet flow permissions selinux: Fix packet forwarding checks on postrouting selinux: Fix wrong checks for selinux_policycap_netpeer selinux: Fix check for xfrm selinux context algorithm ima: remove unnecessary call to ima_must_measure IMA: remove IMA imbalance checking ...
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/Makefile38
-rw-r--r--security/apparmor/lsm.c2
-rw-r--r--security/capability.c15
-rw-r--r--security/integrity/ima/ima.h3
-rw-r--r--security/integrity/ima/ima_api.c13
-rw-r--r--security/integrity/ima/ima_iint.c5
-rw-r--r--security/integrity/ima/ima_main.c136
-rw-r--r--security/keys/compat.c50
-rw-r--r--security/keys/encrypted.c3
-rw-r--r--security/keys/internal.h8
-rw-r--r--security/keys/key.c27
-rw-r--r--security/keys/keyctl.c143
-rw-r--r--security/keys/keyring.c4
-rw-r--r--security/keys/request_key.c2
-rw-r--r--security/keys/trusted.c3
-rw-r--r--security/keys/user_defined.c3
-rw-r--r--security/security.c19
-rw-r--r--security/selinux/hooks.c350
-rw-r--r--security/selinux/include/classmap.h7
-rw-r--r--security/selinux/include/security.h8
-rw-r--r--security/selinux/ss/avtab.h23
-rw-r--r--security/selinux/ss/ebitmap.h1
-rw-r--r--security/selinux/ss/mls.c5
-rw-r--r--security/selinux/ss/mls.h3
-rw-r--r--security/selinux/ss/policydb.c130
-rw-r--r--security/selinux/ss/policydb.h14
-rw-r--r--security/selinux/ss/services.c73
-rw-r--r--security/selinux/xfrm.c2
-rw-r--r--security/smack/smack.h17
-rw-r--r--security/smack/smack_access.c52
-rw-r--r--security/smack/smack_lsm.c287
-rw-r--r--security/smack/smackfs.c370
-rw-r--r--security/tomoyo/file.c5
33 files changed, 1243 insertions, 578 deletions
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index f204869399ea..2dafe50a2e25 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -6,19 +6,47 @@ apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
6 path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ 6 path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
7 resource.o sid.o file.o 7 resource.o sid.o file.o
8 8
9clean-files: capability_names.h af_names.h 9clean-files := capability_names.h rlim_names.h
10 10
11
12# Build a lower case string table of capability names
13# Transforms lines from
14# #define CAP_DAC_OVERRIDE 1
15# to
16# [1] = "dac_override",
11quiet_cmd_make-caps = GEN $@ 17quiet_cmd_make-caps = GEN $@
12cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ 18cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ;\
19 sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \
20 -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\
21 echo "};" >> $@
22
13 23
24# Build a lower case string table of rlimit names.
25# Transforms lines from
26# #define RLIMIT_STACK 3 /* max stack size */
27# to
28# [RLIMIT_STACK] = "stack",
29#
30# and build a second integer table (with the second sed cmd), that maps
31# RLIMIT defines to the order defined in asm-generic/resource.h Thi is
32# required by policy load to map policy ordering of RLIMITs to internal
33# ordering for architectures that redefine an RLIMIT.
34# Transforms lines from
35# #define RLIMIT_STACK 3 /* max stack size */
36# to
37# RLIMIT_STACK,
14quiet_cmd_make-rlim = GEN $@ 38quiet_cmd_make-rlim = GEN $@
15cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@ 39cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ;\
40 sed $< >> $@ -r -n \
41 -e 's/^\# ?define[ \t]+(RLIMIT_([A-Z0-9_]+)).*/[\1] = "\L\2",/p';\
42 echo "};" >> $@ ;\
43 echo "static const int rlim_map[] = {" >> $@ ;\
44 sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\
45 echo "};" >> $@
16 46
17$(obj)/capability.o : $(obj)/capability_names.h 47$(obj)/capability.o : $(obj)/capability_names.h
18$(obj)/resource.o : $(obj)/rlim_names.h 48$(obj)/resource.o : $(obj)/rlim_names.h
19$(obj)/capability_names.h : $(srctree)/include/linux/capability.h 49$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
20 $(call cmd,make-caps) 50 $(call cmd,make-caps)
21$(obj)/af_names.h : $(srctree)/include/linux/socket.h
22 $(call cmd,make-af)
23$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h 51$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
24 $(call cmd,make-rlim) 52 $(call cmd,make-rlim)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index b7106f192b75..d21a427a35ae 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -693,11 +693,9 @@ static struct kernel_param_ops param_ops_aalockpolicy = {
693 693
694static int param_set_audit(const char *val, struct kernel_param *kp); 694static int param_set_audit(const char *val, struct kernel_param *kp);
695static int param_get_audit(char *buffer, struct kernel_param *kp); 695static int param_get_audit(char *buffer, struct kernel_param *kp);
696#define param_check_audit(name, p) __param_check(name, p, int)
697 696
698static int param_set_mode(const char *val, struct kernel_param *kp); 697static int param_set_mode(const char *val, struct kernel_param *kp);
699static int param_get_mode(char *buffer, struct kernel_param *kp); 698static int param_get_mode(char *buffer, struct kernel_param *kp);
700#define param_check_mode(name, p) __param_check(name, p, int)
701 699
702/* Flag values, also controllable via /sys/module/apparmor/parameters 700/* Flag values, also controllable via /sys/module/apparmor/parameters
703 * We define special types as we want to do additional mediation. 701 * We define special types as we want to do additional mediation.
diff --git a/security/capability.c b/security/capability.c
index 2a5df2b7da83..ab3d807accc3 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -12,11 +12,6 @@
12 12
13#include <linux/security.h> 13#include <linux/security.h>
14 14
15static int cap_sysctl(ctl_table *table, int op)
16{
17 return 0;
18}
19
20static int cap_syslog(int type) 15static int cap_syslog(int type)
21{ 16{
22 return 0; 17 return 0;
@@ -59,6 +54,11 @@ static int cap_sb_copy_data(char *orig, char *copy)
59 return 0; 54 return 0;
60} 55}
61 56
57static int cap_sb_remount(struct super_block *sb, void *data)
58{
59 return 0;
60}
61
62static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data) 62static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
63{ 63{
64 return 0; 64 return 0;
@@ -118,7 +118,8 @@ static void cap_inode_free_security(struct inode *inode)
118} 118}
119 119
120static int cap_inode_init_security(struct inode *inode, struct inode *dir, 120static int cap_inode_init_security(struct inode *inode, struct inode *dir,
121 char **name, void **value, size_t *len) 121 const struct qstr *qstr, char **name,
122 void **value, size_t *len)
122{ 123{
123 return -EOPNOTSUPP; 124 return -EOPNOTSUPP;
124} 125}
@@ -880,7 +881,6 @@ void __init security_fixup_ops(struct security_operations *ops)
880 set_to_cap_if_null(ops, capable); 881 set_to_cap_if_null(ops, capable);
881 set_to_cap_if_null(ops, quotactl); 882 set_to_cap_if_null(ops, quotactl);
882 set_to_cap_if_null(ops, quota_on); 883 set_to_cap_if_null(ops, quota_on);
883 set_to_cap_if_null(ops, sysctl);
884 set_to_cap_if_null(ops, syslog); 884 set_to_cap_if_null(ops, syslog);
885 set_to_cap_if_null(ops, settime); 885 set_to_cap_if_null(ops, settime);
886 set_to_cap_if_null(ops, vm_enough_memory); 886 set_to_cap_if_null(ops, vm_enough_memory);
@@ -892,6 +892,7 @@ void __init security_fixup_ops(struct security_operations *ops)
892 set_to_cap_if_null(ops, sb_alloc_security); 892 set_to_cap_if_null(ops, sb_alloc_security);
893 set_to_cap_if_null(ops, sb_free_security); 893 set_to_cap_if_null(ops, sb_free_security);
894 set_to_cap_if_null(ops, sb_copy_data); 894 set_to_cap_if_null(ops, sb_copy_data);
895 set_to_cap_if_null(ops, sb_remount);
895 set_to_cap_if_null(ops, sb_kern_mount); 896 set_to_cap_if_null(ops, sb_kern_mount);
896 set_to_cap_if_null(ops, sb_show_options); 897 set_to_cap_if_null(ops, sb_show_options);
897 set_to_cap_if_null(ops, sb_statfs); 898 set_to_cap_if_null(ops, sb_statfs);
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index ac79032bdf23..08408bd71462 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -110,8 +110,7 @@ struct ima_iint_cache {
110}; 110};
111 111
112/* LIM API function definitions */ 112/* LIM API function definitions */
113int ima_must_measure(struct ima_iint_cache *iint, struct inode *inode, 113int ima_must_measure(struct inode *inode, int mask, int function);
114 int mask, int function);
115int ima_collect_measurement(struct ima_iint_cache *iint, struct file *file); 114int ima_collect_measurement(struct ima_iint_cache *iint, struct file *file);
116void ima_store_measurement(struct ima_iint_cache *iint, struct file *file, 115void ima_store_measurement(struct ima_iint_cache *iint, struct file *file,
117 const unsigned char *filename); 116 const unsigned char *filename);
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index d3963de6003d..da36d2c085a4 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -105,20 +105,13 @@ err_out:
105 * mask: contains the permission mask 105 * mask: contains the permission mask
106 * fsmagic: hex value 106 * fsmagic: hex value
107 * 107 *
108 * Must be called with iint->mutex held. 108 * Return 0 to measure. For matching a DONT_MEASURE policy, no policy,
109 * 109 * or other error, return an error code.
110 * Return 0 to measure. Return 1 if already measured.
111 * For matching a DONT_MEASURE policy, no policy, or other
112 * error, return an error code.
113*/ 110*/
114int ima_must_measure(struct ima_iint_cache *iint, struct inode *inode, 111int ima_must_measure(struct inode *inode, int mask, int function)
115 int mask, int function)
116{ 112{
117 int must_measure; 113 int must_measure;
118 114
119 if (iint && iint->flags & IMA_MEASURED)
120 return 1;
121
122 must_measure = ima_match_policy(inode, function, mask); 115 must_measure = ima_match_policy(inode, function, mask);
123 return must_measure ? 0 : -EACCES; 116 return must_measure ? 0 : -EACCES;
124} 117}
diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c
index c442e47b6785..4ae73040ab7b 100644
--- a/security/integrity/ima/ima_iint.c
+++ b/security/integrity/ima/ima_iint.c
@@ -137,11 +137,6 @@ void ima_inode_free(struct inode *inode)
137{ 137{
138 struct ima_iint_cache *iint; 138 struct ima_iint_cache *iint;
139 139
140 if (inode->i_readcount)
141 printk(KERN_INFO "%s: readcount: %u\n", __func__, inode->i_readcount);
142
143 inode->i_readcount = 0;
144
145 if (!IS_IMA(inode)) 140 if (!IS_IMA(inode))
146 return; 141 return;
147 142
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 203de979d305..39d66dc2b8e9 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -36,67 +36,17 @@ static int __init hash_setup(char *str)
36} 36}
37__setup("ima_hash=", hash_setup); 37__setup("ima_hash=", hash_setup);
38 38
39struct ima_imbalance {
40 struct hlist_node node;
41 unsigned long fsmagic;
42};
43
44/*
45 * ima_limit_imbalance - emit one imbalance message per filesystem type
46 *
47 * Maintain list of filesystem types that do not measure files properly.
48 * Return false if unknown, true if known.
49 */
50static bool ima_limit_imbalance(struct file *file)
51{
52 static DEFINE_SPINLOCK(ima_imbalance_lock);
53 static HLIST_HEAD(ima_imbalance_list);
54
55 struct super_block *sb = file->f_dentry->d_sb;
56 struct ima_imbalance *entry;
57 struct hlist_node *node;
58 bool found = false;
59
60 rcu_read_lock();
61 hlist_for_each_entry_rcu(entry, node, &ima_imbalance_list, node) {
62 if (entry->fsmagic == sb->s_magic) {
63 found = true;
64 break;
65 }
66 }
67 rcu_read_unlock();
68 if (found)
69 goto out;
70
71 entry = kmalloc(sizeof(*entry), GFP_NOFS);
72 if (!entry)
73 goto out;
74 entry->fsmagic = sb->s_magic;
75 spin_lock(&ima_imbalance_lock);
76 /*
77 * we could have raced and something else might have added this fs
78 * to the list, but we don't really care
79 */
80 hlist_add_head_rcu(&entry->node, &ima_imbalance_list);
81 spin_unlock(&ima_imbalance_lock);
82 printk(KERN_INFO "IMA: unmeasured files on fsmagic: %lX\n",
83 entry->fsmagic);
84out:
85 return found;
86}
87
88/* 39/*
89 * ima_counts_get - increment file counts 40 * ima_rdwr_violation_check
90 * 41 *
91 * Maintain read/write counters for all files, but only 42 * Only invalidate the PCR for measured files:
92 * invalidate the PCR for measured files:
93 * - Opening a file for write when already open for read, 43 * - Opening a file for write when already open for read,
94 * results in a time of measure, time of use (ToMToU) error. 44 * results in a time of measure, time of use (ToMToU) error.
95 * - Opening a file for read when already open for write, 45 * - Opening a file for read when already open for write,
96 * could result in a file measurement error. 46 * could result in a file measurement error.
97 * 47 *
98 */ 48 */
99void ima_counts_get(struct file *file) 49static void ima_rdwr_violation_check(struct file *file)
100{ 50{
101 struct dentry *dentry = file->f_path.dentry; 51 struct dentry *dentry = file->f_path.dentry;
102 struct inode *inode = dentry->d_inode; 52 struct inode *inode = dentry->d_inode;
@@ -104,32 +54,25 @@ void ima_counts_get(struct file *file)
104 int rc; 54 int rc;
105 bool send_tomtou = false, send_writers = false; 55 bool send_tomtou = false, send_writers = false;
106 56
107 if (!S_ISREG(inode->i_mode)) 57 if (!S_ISREG(inode->i_mode) || !ima_initialized)
108 return; 58 return;
109 59
110 spin_lock(&inode->i_lock); 60 mutex_lock(&inode->i_mutex); /* file metadata: permissions, xattr */
111
112 if (!ima_initialized)
113 goto out;
114 61
115 if (mode & FMODE_WRITE) { 62 if (mode & FMODE_WRITE) {
116 if (inode->i_readcount && IS_IMA(inode)) 63 if (atomic_read(&inode->i_readcount) && IS_IMA(inode))
117 send_tomtou = true; 64 send_tomtou = true;
118 goto out; 65 goto out;
119 } 66 }
120 67
121 rc = ima_must_measure(NULL, inode, MAY_READ, FILE_CHECK); 68 rc = ima_must_measure(inode, MAY_READ, FILE_CHECK);
122 if (rc < 0) 69 if (rc < 0)
123 goto out; 70 goto out;
124 71
125 if (atomic_read(&inode->i_writecount) > 0) 72 if (atomic_read(&inode->i_writecount) > 0)
126 send_writers = true; 73 send_writers = true;
127out: 74out:
128 /* remember the vfs deals with i_writecount */ 75 mutex_unlock(&inode->i_mutex);
129 if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
130 inode->i_readcount++;
131
132 spin_unlock(&inode->i_lock);
133 76
134 if (send_tomtou) 77 if (send_tomtou)
135 ima_add_violation(inode, dentry->d_name.name, "invalid_pcr", 78 ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",
@@ -139,71 +82,25 @@ out:
139 "open_writers"); 82 "open_writers");
140} 83}
141 84
142/*
143 * Decrement ima counts
144 */
145static void ima_dec_counts(struct inode *inode, struct file *file)
146{
147 mode_t mode = file->f_mode;
148
149 assert_spin_locked(&inode->i_lock);
150
151 if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
152 if (unlikely(inode->i_readcount == 0)) {
153 if (!ima_limit_imbalance(file)) {
154 printk(KERN_INFO "%s: open/free imbalance (r:%u)\n",
155 __func__, inode->i_readcount);
156 dump_stack();
157 }
158 return;
159 }
160 inode->i_readcount--;
161 }
162}
163
164static void ima_check_last_writer(struct ima_iint_cache *iint, 85static void ima_check_last_writer(struct ima_iint_cache *iint,
165 struct inode *inode, 86 struct inode *inode,
166 struct file *file) 87 struct file *file)
167{ 88{
168 mode_t mode = file->f_mode; 89 mode_t mode = file->f_mode;
169 90
170 BUG_ON(!mutex_is_locked(&iint->mutex)); 91 mutex_lock(&iint->mutex);
171 assert_spin_locked(&inode->i_lock);
172
173 if (mode & FMODE_WRITE && 92 if (mode & FMODE_WRITE &&
174 atomic_read(&inode->i_writecount) == 1 && 93 atomic_read(&inode->i_writecount) == 1 &&
175 iint->version != inode->i_version) 94 iint->version != inode->i_version)
176 iint->flags &= ~IMA_MEASURED; 95 iint->flags &= ~IMA_MEASURED;
177}
178
179static void ima_file_free_iint(struct ima_iint_cache *iint, struct inode *inode,
180 struct file *file)
181{
182 mutex_lock(&iint->mutex);
183 spin_lock(&inode->i_lock);
184
185 ima_dec_counts(inode, file);
186 ima_check_last_writer(iint, inode, file);
187
188 spin_unlock(&inode->i_lock);
189 mutex_unlock(&iint->mutex); 96 mutex_unlock(&iint->mutex);
190} 97}
191 98
192static void ima_file_free_noiint(struct inode *inode, struct file *file)
193{
194 spin_lock(&inode->i_lock);
195
196 ima_dec_counts(inode, file);
197
198 spin_unlock(&inode->i_lock);
199}
200
201/** 99/**
202 * ima_file_free - called on __fput() 100 * ima_file_free - called on __fput()
203 * @file: pointer to file structure being freed 101 * @file: pointer to file structure being freed
204 * 102 *
205 * Flag files that changed, based on i_version; 103 * Flag files that changed, based on i_version
206 * and decrement the i_readcount.
207 */ 104 */
208void ima_file_free(struct file *file) 105void ima_file_free(struct file *file)
209{ 106{
@@ -214,12 +111,10 @@ void ima_file_free(struct file *file)
214 return; 111 return;
215 112
216 iint = ima_iint_find(inode); 113 iint = ima_iint_find(inode);
114 if (!iint)
115 return;
217 116
218 if (iint) 117 ima_check_last_writer(iint, inode, file);
219 ima_file_free_iint(iint, inode, file);
220 else
221 ima_file_free_noiint(inode, file);
222
223} 118}
224 119
225static int process_measurement(struct file *file, const unsigned char *filename, 120static int process_measurement(struct file *file, const unsigned char *filename,
@@ -232,7 +127,7 @@ static int process_measurement(struct file *file, const unsigned char *filename,
232 if (!ima_initialized || !S_ISREG(inode->i_mode)) 127 if (!ima_initialized || !S_ISREG(inode->i_mode))
233 return 0; 128 return 0;
234 129
235 rc = ima_must_measure(NULL, inode, mask, function); 130 rc = ima_must_measure(inode, mask, function);
236 if (rc != 0) 131 if (rc != 0)
237 return rc; 132 return rc;
238retry: 133retry:
@@ -246,7 +141,7 @@ retry:
246 141
247 mutex_lock(&iint->mutex); 142 mutex_lock(&iint->mutex);
248 143
249 rc = ima_must_measure(iint, inode, mask, function); 144 rc = iint->flags & IMA_MEASURED ? 1 : 0;
250 if (rc != 0) 145 if (rc != 0)
251 goto out; 146 goto out;
252 147
@@ -317,6 +212,7 @@ int ima_file_check(struct file *file, int mask)
317{ 212{
318 int rc; 213 int rc;
319 214
215 ima_rdwr_violation_check(file);
320 rc = process_measurement(file, file->f_dentry->d_name.name, 216 rc = process_measurement(file, file->f_dentry->d_name.name,
321 mask & (MAY_READ | MAY_WRITE | MAY_EXEC), 217 mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
322 FILE_CHECK); 218 FILE_CHECK);
diff --git a/security/keys/compat.c b/security/keys/compat.c
index 07a5f35e3970..338b510e9027 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -12,9 +12,52 @@
12#include <linux/syscalls.h> 12#include <linux/syscalls.h>
13#include <linux/keyctl.h> 13#include <linux/keyctl.h>
14#include <linux/compat.h> 14#include <linux/compat.h>
15#include <linux/slab.h>
15#include "internal.h" 16#include "internal.h"
16 17
17/* 18/*
19 * Instantiate a key with the specified compatibility multipart payload and
20 * link the key into the destination keyring if one is given.
21 *
22 * The caller must have the appropriate instantiation permit set for this to
23 * work (see keyctl_assume_authority). No other permissions are required.
24 *
25 * If successful, 0 will be returned.
26 */
27long compat_keyctl_instantiate_key_iov(
28 key_serial_t id,
29 const struct compat_iovec __user *_payload_iov,
30 unsigned ioc,
31 key_serial_t ringid)
32{
33 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
34 long ret;
35
36 if (_payload_iov == 0 || ioc == 0)
37 goto no_payload;
38
39 ret = compat_rw_copy_check_uvector(WRITE, _payload_iov, ioc,
40 ARRAY_SIZE(iovstack),
41 iovstack, &iov);
42 if (ret < 0)
43 return ret;
44 if (ret == 0)
45 goto no_payload_free;
46
47 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
48
49 if (iov != iovstack)
50 kfree(iov);
51 return ret;
52
53no_payload_free:
54 if (iov != iovstack)
55 kfree(iov);
56no_payload:
57 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);
58}
59
60/*
18 * The key control system call, 32-bit compatibility version for 64-bit archs 61 * The key control system call, 32-bit compatibility version for 64-bit archs
19 * 62 *
20 * This should only be called if the 64-bit arch uses weird pointers in 32-bit 63 * This should only be called if the 64-bit arch uses weird pointers in 32-bit
@@ -85,6 +128,13 @@ asmlinkage long compat_sys_keyctl(u32 option,
85 case KEYCTL_SESSION_TO_PARENT: 128 case KEYCTL_SESSION_TO_PARENT:
86 return keyctl_session_to_parent(); 129 return keyctl_session_to_parent();
87 130
131 case KEYCTL_REJECT:
132 return keyctl_reject_key(arg2, arg3, arg4, arg5);
133
134 case KEYCTL_INSTANTIATE_IOV:
135 return compat_keyctl_instantiate_key_iov(
136 arg2, compat_ptr(arg3), arg4, arg5);
137
88 default: 138 default:
89 return -EOPNOTSUPP; 139 return -EOPNOTSUPP;
90 } 140 }
diff --git a/security/keys/encrypted.c b/security/keys/encrypted.c
index 9e7e4ce3fae8..69907a58a683 100644
--- a/security/keys/encrypted.c
+++ b/security/keys/encrypted.c
@@ -765,8 +765,7 @@ static long encrypted_read(const struct key *key, char __user *buffer,
765 size_t asciiblob_len; 765 size_t asciiblob_len;
766 int ret; 766 int ret;
767 767
768 epayload = rcu_dereference_protected(key->payload.data, 768 epayload = rcu_dereference_key(key);
769 rwsem_is_locked(&((struct key *)key)->sem));
770 769
771 /* returns the hex encoded iv, encrypted-data, and hmac as ascii */ 770 /* returns the hex encoded iv, encrypted-data, and hmac as ascii */
772 asciiblob_len = epayload->datablob_len + ivsize + 1 771 asciiblob_len = epayload->datablob_len + ivsize + 1
diff --git a/security/keys/internal.h b/security/keys/internal.h
index a52aa7c88b41..07a025f81902 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -214,6 +214,14 @@ extern long keyctl_assume_authority(key_serial_t);
214extern long keyctl_get_security(key_serial_t keyid, char __user *buffer, 214extern long keyctl_get_security(key_serial_t keyid, char __user *buffer,
215 size_t buflen); 215 size_t buflen);
216extern long keyctl_session_to_parent(void); 216extern long keyctl_session_to_parent(void);
217extern long keyctl_reject_key(key_serial_t, unsigned, unsigned, key_serial_t);
218extern long keyctl_instantiate_key_iov(key_serial_t,
219 const struct iovec __user *,
220 unsigned, key_serial_t);
221
222extern long keyctl_instantiate_key_common(key_serial_t,
223 const struct iovec __user *,
224 unsigned, size_t, key_serial_t);
217 225
218/* 226/*
219 * Debugging key validation 227 * Debugging key validation
diff --git a/security/keys/key.c b/security/keys/key.c
index 1c2d43dc5107..f7f9d93f08d9 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -249,6 +249,14 @@ struct key *key_alloc(struct key_type *type, const char *desc,
249 if (!desc || !*desc) 249 if (!desc || !*desc)
250 goto error; 250 goto error;
251 251
252 if (type->vet_description) {
253 ret = type->vet_description(desc);
254 if (ret < 0) {
255 key = ERR_PTR(ret);
256 goto error;
257 }
258 }
259
252 desclen = strlen(desc) + 1; 260 desclen = strlen(desc) + 1;
253 quotalen = desclen + type->def_datalen; 261 quotalen = desclen + type->def_datalen;
254 262
@@ -503,26 +511,29 @@ int key_instantiate_and_link(struct key *key,
503EXPORT_SYMBOL(key_instantiate_and_link); 511EXPORT_SYMBOL(key_instantiate_and_link);
504 512
505/** 513/**
506 * key_negate_and_link - Negatively instantiate a key and link it into the keyring. 514 * key_reject_and_link - Negatively instantiate a key and link it into the keyring.
507 * @key: The key to instantiate. 515 * @key: The key to instantiate.
508 * @timeout: The timeout on the negative key. 516 * @timeout: The timeout on the negative key.
517 * @error: The error to return when the key is hit.
509 * @keyring: Keyring to create a link in on success (or NULL). 518 * @keyring: Keyring to create a link in on success (or NULL).
510 * @authkey: The authorisation token permitting instantiation. 519 * @authkey: The authorisation token permitting instantiation.
511 * 520 *
512 * Negatively instantiate a key that's in the uninstantiated state and, if 521 * Negatively instantiate a key that's in the uninstantiated state and, if
513 * successful, set its timeout and link it in to the destination keyring if one 522 * successful, set its timeout and stored error and link it in to the
514 * is supplied. The key and any links to the key will be automatically garbage 523 * destination keyring if one is supplied. The key and any links to the key
515 * collected after the timeout expires. 524 * will be automatically garbage collected after the timeout expires.
516 * 525 *
517 * Negative keys are used to rate limit repeated request_key() calls by causing 526 * Negative keys are used to rate limit repeated request_key() calls by causing
518 * them to return -ENOKEY until the negative key expires. 527 * them to return the stored error code (typically ENOKEY) until the negative
528 * key expires.
519 * 529 *
520 * If successful, 0 is returned, the authorisation token is revoked and anyone 530 * If successful, 0 is returned, the authorisation token is revoked and anyone
521 * waiting for the key is woken up. If the key was already instantiated, 531 * waiting for the key is woken up. If the key was already instantiated,
522 * -EBUSY will be returned. 532 * -EBUSY will be returned.
523 */ 533 */
524int key_negate_and_link(struct key *key, 534int key_reject_and_link(struct key *key,
525 unsigned timeout, 535 unsigned timeout,
536 unsigned error,
526 struct key *keyring, 537 struct key *keyring,
527 struct key *authkey) 538 struct key *authkey)
528{ 539{
@@ -548,6 +559,7 @@ int key_negate_and_link(struct key *key,
548 atomic_inc(&key->user->nikeys); 559 atomic_inc(&key->user->nikeys);
549 set_bit(KEY_FLAG_NEGATIVE, &key->flags); 560 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
550 set_bit(KEY_FLAG_INSTANTIATED, &key->flags); 561 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
562 key->type_data.reject_error = -error;
551 now = current_kernel_time(); 563 now = current_kernel_time();
552 key->expiry = now.tv_sec + timeout; 564 key->expiry = now.tv_sec + timeout;
553 key_schedule_gc(key->expiry + key_gc_delay); 565 key_schedule_gc(key->expiry + key_gc_delay);
@@ -577,8 +589,7 @@ int key_negate_and_link(struct key *key,
577 589
578 return ret == 0 ? link_ret : ret; 590 return ret == 0 ? link_ret : ret;
579} 591}
580 592EXPORT_SYMBOL(key_reject_and_link);
581EXPORT_SYMBOL(key_negate_and_link);
582 593
583/* 594/*
584 * Garbage collect keys in process context so that we don't have to disable 595 * Garbage collect keys in process context so that we don't have to disable
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 31a0fd8189f1..427fddcaeb19 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -913,6 +913,21 @@ static int keyctl_change_reqkey_auth(struct key *key)
913} 913}
914 914
915/* 915/*
916 * Copy the iovec data from userspace
917 */
918static long copy_from_user_iovec(void *buffer, const struct iovec *iov,
919 unsigned ioc)
920{
921 for (; ioc > 0; ioc--) {
922 if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0)
923 return -EFAULT;
924 buffer += iov->iov_len;
925 iov++;
926 }
927 return 0;
928}
929
930/*
916 * Instantiate a key with the specified payload and link the key into the 931 * Instantiate a key with the specified payload and link the key into the
917 * destination keyring if one is given. 932 * destination keyring if one is given.
918 * 933 *
@@ -921,10 +936,11 @@ static int keyctl_change_reqkey_auth(struct key *key)
921 * 936 *
922 * If successful, 0 will be returned. 937 * If successful, 0 will be returned.
923 */ 938 */
924long keyctl_instantiate_key(key_serial_t id, 939long keyctl_instantiate_key_common(key_serial_t id,
925 const void __user *_payload, 940 const struct iovec *payload_iov,
926 size_t plen, 941 unsigned ioc,
927 key_serial_t ringid) 942 size_t plen,
943 key_serial_t ringid)
928{ 944{
929 const struct cred *cred = current_cred(); 945 const struct cred *cred = current_cred();
930 struct request_key_auth *rka; 946 struct request_key_auth *rka;
@@ -953,7 +969,7 @@ long keyctl_instantiate_key(key_serial_t id,
953 /* pull the payload in if one was supplied */ 969 /* pull the payload in if one was supplied */
954 payload = NULL; 970 payload = NULL;
955 971
956 if (_payload) { 972 if (payload_iov) {
957 ret = -ENOMEM; 973 ret = -ENOMEM;
958 payload = kmalloc(plen, GFP_KERNEL); 974 payload = kmalloc(plen, GFP_KERNEL);
959 if (!payload) { 975 if (!payload) {
@@ -965,8 +981,8 @@ long keyctl_instantiate_key(key_serial_t id,
965 goto error; 981 goto error;
966 } 982 }
967 983
968 ret = -EFAULT; 984 ret = copy_from_user_iovec(payload, payload_iov, ioc);
969 if (copy_from_user(payload, _payload, plen) != 0) 985 if (ret < 0)
970 goto error2; 986 goto error2;
971 } 987 }
972 988
@@ -997,6 +1013,72 @@ error:
997} 1013}
998 1014
999/* 1015/*
1016 * Instantiate a key with the specified payload and link the key into the
1017 * destination keyring if one is given.
1018 *
1019 * The caller must have the appropriate instantiation permit set for this to
1020 * work (see keyctl_assume_authority). No other permissions are required.
1021 *
1022 * If successful, 0 will be returned.
1023 */
1024long keyctl_instantiate_key(key_serial_t id,
1025 const void __user *_payload,
1026 size_t plen,
1027 key_serial_t ringid)
1028{
1029 if (_payload && plen) {
1030 struct iovec iov[1] = {
1031 [0].iov_base = (void __user *)_payload,
1032 [0].iov_len = plen
1033 };
1034
1035 return keyctl_instantiate_key_common(id, iov, 1, plen, ringid);
1036 }
1037
1038 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);
1039}
1040
1041/*
1042 * Instantiate a key with the specified multipart payload and link the key into
1043 * the destination keyring if one is given.
1044 *
1045 * The caller must have the appropriate instantiation permit set for this to
1046 * work (see keyctl_assume_authority). No other permissions are required.
1047 *
1048 * If successful, 0 will be returned.
1049 */
1050long keyctl_instantiate_key_iov(key_serial_t id,
1051 const struct iovec __user *_payload_iov,
1052 unsigned ioc,
1053 key_serial_t ringid)
1054{
1055 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
1056 long ret;
1057
1058 if (_payload_iov == 0 || ioc == 0)
1059 goto no_payload;
1060
1061 ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc,
1062 ARRAY_SIZE(iovstack), iovstack, &iov);
1063 if (ret < 0)
1064 return ret;
1065 if (ret == 0)
1066 goto no_payload_free;
1067
1068 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
1069
1070 if (iov != iovstack)
1071 kfree(iov);
1072 return ret;
1073
1074no_payload_free:
1075 if (iov != iovstack)
1076 kfree(iov);
1077no_payload:
1078 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);
1079}
1080
1081/*
1000 * Negatively instantiate the key with the given timeout (in seconds) and link 1082 * Negatively instantiate the key with the given timeout (in seconds) and link
1001 * the key into the destination keyring if one is given. 1083 * the key into the destination keyring if one is given.
1002 * 1084 *
@@ -1013,12 +1095,42 @@ error:
1013 */ 1095 */
1014long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1096long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
1015{ 1097{
1098 return keyctl_reject_key(id, timeout, ENOKEY, ringid);
1099}
1100
1101/*
1102 * Negatively instantiate the key with the given timeout (in seconds) and error
1103 * code and link the key into the destination keyring if one is given.
1104 *
1105 * The caller must have the appropriate instantiation permit set for this to
1106 * work (see keyctl_assume_authority). No other permissions are required.
1107 *
1108 * The key and any links to the key will be automatically garbage collected
1109 * after the timeout expires.
1110 *
1111 * Negative keys are used to rate limit repeated request_key() calls by causing
1112 * them to return the specified error code until the negative key expires.
1113 *
1114 * If successful, 0 will be returned.
1115 */
1116long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error,
1117 key_serial_t ringid)
1118{
1016 const struct cred *cred = current_cred(); 1119 const struct cred *cred = current_cred();
1017 struct request_key_auth *rka; 1120 struct request_key_auth *rka;
1018 struct key *instkey, *dest_keyring; 1121 struct key *instkey, *dest_keyring;
1019 long ret; 1122 long ret;
1020 1123
1021 kenter("%d,%u,%d", id, timeout, ringid); 1124 kenter("%d,%u,%u,%d", id, timeout, error, ringid);
1125
1126 /* must be a valid error code and mustn't be a kernel special */
1127 if (error <= 0 ||
1128 error >= MAX_ERRNO ||
1129 error == ERESTARTSYS ||
1130 error == ERESTARTNOINTR ||
1131 error == ERESTARTNOHAND ||
1132 error == ERESTART_RESTARTBLOCK)
1133 return -EINVAL;
1022 1134
1023 /* the appropriate instantiation authorisation key must have been 1135 /* the appropriate instantiation authorisation key must have been
1024 * assumed before calling this */ 1136 * assumed before calling this */
@@ -1038,7 +1150,7 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
1038 goto error; 1150 goto error;
1039 1151
1040 /* instantiate the key and link it into a keyring */ 1152 /* instantiate the key and link it into a keyring */
1041 ret = key_negate_and_link(rka->target_key, timeout, 1153 ret = key_reject_and_link(rka->target_key, timeout, error,
1042 dest_keyring, instkey); 1154 dest_keyring, instkey);
1043 1155
1044 key_put(dest_keyring); 1156 key_put(dest_keyring);
@@ -1492,6 +1604,19 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1492 case KEYCTL_SESSION_TO_PARENT: 1604 case KEYCTL_SESSION_TO_PARENT:
1493 return keyctl_session_to_parent(); 1605 return keyctl_session_to_parent();
1494 1606
1607 case KEYCTL_REJECT:
1608 return keyctl_reject_key((key_serial_t) arg2,
1609 (unsigned) arg3,
1610 (unsigned) arg4,
1611 (key_serial_t) arg5);
1612
1613 case KEYCTL_INSTANTIATE_IOV:
1614 return keyctl_instantiate_key_iov(
1615 (key_serial_t) arg2,
1616 (const struct iovec __user *) arg3,
1617 (unsigned) arg4,
1618 (key_serial_t) arg5);
1619
1495 default: 1620 default:
1496 return -EOPNOTSUPP; 1621 return -EOPNOTSUPP;
1497 } 1622 }
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 5620f084dede..cdd2f3f88c88 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -352,7 +352,7 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref,
352 goto error_2; 352 goto error_2;
353 if (key->expiry && now.tv_sec >= key->expiry) 353 if (key->expiry && now.tv_sec >= key->expiry)
354 goto error_2; 354 goto error_2;
355 key_ref = ERR_PTR(-ENOKEY); 355 key_ref = ERR_PTR(key->type_data.reject_error);
356 if (kflags & (1 << KEY_FLAG_NEGATIVE)) 356 if (kflags & (1 << KEY_FLAG_NEGATIVE))
357 goto error_2; 357 goto error_2;
358 goto found; 358 goto found;
@@ -401,7 +401,7 @@ descend:
401 401
402 /* we set a different error code if we pass a negative key */ 402 /* we set a different error code if we pass a negative key */
403 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 403 if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
404 err = -ENOKEY; 404 err = key->type_data.reject_error;
405 continue; 405 continue;
406 } 406 }
407 407
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index a3dc0d460def..df3c0417ee40 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -585,7 +585,7 @@ int wait_for_key_construction(struct key *key, bool intr)
585 if (ret < 0) 585 if (ret < 0)
586 return ret; 586 return ret;
587 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) 587 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
588 return -ENOKEY; 588 return key->type_data.reject_error;
589 return key_validate(key); 589 return key_validate(key);
590} 590}
591EXPORT_SYMBOL(wait_for_key_construction); 591EXPORT_SYMBOL(wait_for_key_construction);
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 83fc92e297cd..c99b9368368c 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -1076,8 +1076,7 @@ static long trusted_read(const struct key *key, char __user *buffer,
1076 char *bufp; 1076 char *bufp;
1077 int i; 1077 int i;
1078 1078
1079 p = rcu_dereference_protected(key->payload.data, 1079 p = rcu_dereference_key(key);
1080 rwsem_is_locked(&((struct key *)key)->sem));
1081 if (!p) 1080 if (!p)
1082 return -EINVAL; 1081 return -EINVAL;
1083 if (!buffer || buflen <= 0) 1082 if (!buffer || buflen <= 0)
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 02807fb16340..c6ca8662a468 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -184,8 +184,7 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen)
184 struct user_key_payload *upayload; 184 struct user_key_payload *upayload;
185 long ret; 185 long ret;
186 186
187 upayload = rcu_dereference_protected( 187 upayload = rcu_dereference_key(key);
188 key->payload.data, rwsem_is_locked(&((struct key *)key)->sem));
189 ret = upayload->datalen; 188 ret = upayload->datalen;
190 189
191 /* we can return the data as is */ 190 /* we can return the data as is */
diff --git a/security/security.c b/security/security.c
index bb33ecadcf95..bab9b23c3ff4 100644
--- a/security/security.c
+++ b/security/security.c
@@ -181,11 +181,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap)
181 return ret; 181 return ret;
182} 182}
183 183
184int security_sysctl(struct ctl_table *table, int op)
185{
186 return security_ops->sysctl(table, op);
187}
188
189int security_quotactl(int cmds, int type, int id, struct super_block *sb) 184int security_quotactl(int cmds, int type, int id, struct super_block *sb)
190{ 185{
191 return security_ops->quotactl(cmds, type, id, sb); 186 return security_ops->quotactl(cmds, type, id, sb);
@@ -271,6 +266,11 @@ int security_sb_copy_data(char *orig, char *copy)
271} 266}
272EXPORT_SYMBOL(security_sb_copy_data); 267EXPORT_SYMBOL(security_sb_copy_data);
273 268
269int security_sb_remount(struct super_block *sb, void *data)
270{
271 return security_ops->sb_remount(sb, data);
272}
273
274int security_sb_kern_mount(struct super_block *sb, int flags, void *data) 274int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
275{ 275{
276 return security_ops->sb_kern_mount(sb, flags, data); 276 return security_ops->sb_kern_mount(sb, flags, data);
@@ -335,11 +335,13 @@ void security_inode_free(struct inode *inode)
335} 335}
336 336
337int security_inode_init_security(struct inode *inode, struct inode *dir, 337int security_inode_init_security(struct inode *inode, struct inode *dir,
338 char **name, void **value, size_t *len) 338 const struct qstr *qstr, char **name,
339 void **value, size_t *len)
339{ 340{
340 if (unlikely(IS_PRIVATE(inode))) 341 if (unlikely(IS_PRIVATE(inode)))
341 return -EOPNOTSUPP; 342 return -EOPNOTSUPP;
342 return security_ops->inode_init_security(inode, dir, name, value, len); 343 return security_ops->inode_init_security(inode, dir, qstr, name, value,
344 len);
343} 345}
344EXPORT_SYMBOL(security_inode_init_security); 346EXPORT_SYMBOL(security_inode_init_security);
345 347
@@ -359,6 +361,7 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
359 return 0; 361 return 0;
360 return security_ops->path_mkdir(dir, dentry, mode); 362 return security_ops->path_mkdir(dir, dentry, mode);
361} 363}
364EXPORT_SYMBOL(security_path_mkdir);
362 365
363int security_path_rmdir(struct path *dir, struct dentry *dentry) 366int security_path_rmdir(struct path *dir, struct dentry *dentry)
364{ 367{
@@ -373,6 +376,7 @@ int security_path_unlink(struct path *dir, struct dentry *dentry)
373 return 0; 376 return 0;
374 return security_ops->path_unlink(dir, dentry); 377 return security_ops->path_unlink(dir, dentry);
375} 378}
379EXPORT_SYMBOL(security_path_unlink);
376 380
377int security_path_symlink(struct path *dir, struct dentry *dentry, 381int security_path_symlink(struct path *dir, struct dentry *dentry,
378 const char *old_name) 382 const char *old_name)
@@ -399,6 +403,7 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
399 return security_ops->path_rename(old_dir, old_dentry, new_dir, 403 return security_ops->path_rename(old_dir, old_dentry, new_dir,
400 new_dentry); 404 new_dentry);
401} 405}
406EXPORT_SYMBOL(security_path_rename);
402 407
403int security_path_truncate(struct path *path) 408int security_path_truncate(struct path *path)
404{ 409{
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c8d699270687..d52a92507412 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -24,9 +24,11 @@
24 */ 24 */
25 25
26#include <linux/init.h> 26#include <linux/init.h>
27#include <linux/kd.h>
27#include <linux/kernel.h> 28#include <linux/kernel.h>
28#include <linux/tracehook.h> 29#include <linux/tracehook.h>
29#include <linux/errno.h> 30#include <linux/errno.h>
31#include <linux/ext2_fs.h>
30#include <linux/sched.h> 32#include <linux/sched.h>
31#include <linux/security.h> 33#include <linux/security.h>
32#include <linux/xattr.h> 34#include <linux/xattr.h>
@@ -36,14 +38,15 @@
36#include <linux/mman.h> 38#include <linux/mman.h>
37#include <linux/slab.h> 39#include <linux/slab.h>
38#include <linux/pagemap.h> 40#include <linux/pagemap.h>
41#include <linux/proc_fs.h>
39#include <linux/swap.h> 42#include <linux/swap.h>
40#include <linux/spinlock.h> 43#include <linux/spinlock.h>
41#include <linux/syscalls.h> 44#include <linux/syscalls.h>
45#include <linux/dcache.h>
42#include <linux/file.h> 46#include <linux/file.h>
43#include <linux/fdtable.h> 47#include <linux/fdtable.h>
44#include <linux/namei.h> 48#include <linux/namei.h>
45#include <linux/mount.h> 49#include <linux/mount.h>
46#include <linux/proc_fs.h>
47#include <linux/netfilter_ipv4.h> 50#include <linux/netfilter_ipv4.h>
48#include <linux/netfilter_ipv6.h> 51#include <linux/netfilter_ipv6.h>
49#include <linux/tty.h> 52#include <linux/tty.h>
@@ -70,7 +73,6 @@
70#include <net/ipv6.h> 73#include <net/ipv6.h>
71#include <linux/hugetlb.h> 74#include <linux/hugetlb.h>
72#include <linux/personality.h> 75#include <linux/personality.h>
73#include <linux/sysctl.h>
74#include <linux/audit.h> 76#include <linux/audit.h>
75#include <linux/string.h> 77#include <linux/string.h>
76#include <linux/selinux.h> 78#include <linux/selinux.h>
@@ -1120,39 +1122,35 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
1120} 1122}
1121 1123
1122#ifdef CONFIG_PROC_FS 1124#ifdef CONFIG_PROC_FS
1123static int selinux_proc_get_sid(struct proc_dir_entry *de, 1125static int selinux_proc_get_sid(struct dentry *dentry,
1124 u16 tclass, 1126 u16 tclass,
1125 u32 *sid) 1127 u32 *sid)
1126{ 1128{
1127 int buflen, rc; 1129 int rc;
1128 char *buffer, *path, *end; 1130 char *buffer, *path;
1129 1131
1130 buffer = (char *)__get_free_page(GFP_KERNEL); 1132 buffer = (char *)__get_free_page(GFP_KERNEL);
1131 if (!buffer) 1133 if (!buffer)
1132 return -ENOMEM; 1134 return -ENOMEM;
1133 1135
1134 buflen = PAGE_SIZE; 1136 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1135 end = buffer+buflen; 1137 if (IS_ERR(path))
1136 *--end = '\0'; 1138 rc = PTR_ERR(path);
1137 buflen--; 1139 else {
1138 path = end-1; 1140 /* each process gets a /proc/PID/ entry. Strip off the
1139 *path = '/'; 1141 * PID part to get a valid selinux labeling.
1140 while (de && de != de->parent) { 1142 * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */
1141 buflen -= de->namelen + 1; 1143 while (path[1] >= '0' && path[1] <= '9') {
1142 if (buflen < 0) 1144 path[1] = '/';
1143 break; 1145 path++;
1144 end -= de->namelen; 1146 }
1145 memcpy(end, de->name, de->namelen); 1147 rc = security_genfs_sid("proc", path, tclass, sid);
1146 *--end = '/';
1147 path = end;
1148 de = de->parent;
1149 } 1148 }
1150 rc = security_genfs_sid("proc", path, tclass, sid);
1151 free_page((unsigned long)buffer); 1149 free_page((unsigned long)buffer);
1152 return rc; 1150 return rc;
1153} 1151}
1154#else 1152#else
1155static int selinux_proc_get_sid(struct proc_dir_entry *de, 1153static int selinux_proc_get_sid(struct dentry *dentry,
1156 u16 tclass, 1154 u16 tclass,
1157 u32 *sid) 1155 u32 *sid)
1158{ 1156{
@@ -1300,10 +1298,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
1300 1298
1301 /* Try to obtain a transition SID. */ 1299 /* Try to obtain a transition SID. */
1302 isec->sclass = inode_mode_to_security_class(inode->i_mode); 1300 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1303 rc = security_transition_sid(isec->task_sid, 1301 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1304 sbsec->sid, 1302 isec->sclass, NULL, &sid);
1305 isec->sclass,
1306 &sid);
1307 if (rc) 1303 if (rc)
1308 goto out_unlock; 1304 goto out_unlock;
1309 isec->sid = sid; 1305 isec->sid = sid;
@@ -1316,10 +1312,9 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
1316 isec->sid = sbsec->sid; 1312 isec->sid = sbsec->sid;
1317 1313
1318 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) { 1314 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1319 struct proc_inode *proci = PROC_I(inode); 1315 if (opt_dentry) {
1320 if (proci->pde) {
1321 isec->sclass = inode_mode_to_security_class(inode->i_mode); 1316 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1322 rc = selinux_proc_get_sid(proci->pde, 1317 rc = selinux_proc_get_sid(opt_dentry,
1323 isec->sclass, 1318 isec->sclass,
1324 &sid); 1319 &sid);
1325 if (rc) 1320 if (rc)
@@ -1578,7 +1573,7 @@ static int may_create(struct inode *dir,
1578 return rc; 1573 return rc;
1579 1574
1580 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { 1575 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
1581 rc = security_transition_sid(sid, dsec->sid, tclass, &newsid); 1576 rc = security_transition_sid(sid, dsec->sid, tclass, NULL, &newsid);
1582 if (rc) 1577 if (rc)
1583 return rc; 1578 return rc;
1584 } 1579 }
@@ -1862,82 +1857,6 @@ static int selinux_capable(struct task_struct *tsk, const struct cred *cred,
1862 return task_has_capability(tsk, cred, cap, audit); 1857 return task_has_capability(tsk, cred, cap, audit);
1863} 1858}
1864 1859
1865static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
1866{
1867 int buflen, rc;
1868 char *buffer, *path, *end;
1869
1870 rc = -ENOMEM;
1871 buffer = (char *)__get_free_page(GFP_KERNEL);
1872 if (!buffer)
1873 goto out;
1874
1875 buflen = PAGE_SIZE;
1876 end = buffer+buflen;
1877 *--end = '\0';
1878 buflen--;
1879 path = end-1;
1880 *path = '/';
1881 while (table) {
1882 const char *name = table->procname;
1883 size_t namelen = strlen(name);
1884 buflen -= namelen + 1;
1885 if (buflen < 0)
1886 goto out_free;
1887 end -= namelen;
1888 memcpy(end, name, namelen);
1889 *--end = '/';
1890 path = end;
1891 table = table->parent;
1892 }
1893 buflen -= 4;
1894 if (buflen < 0)
1895 goto out_free;
1896 end -= 4;
1897 memcpy(end, "/sys", 4);
1898 path = end;
1899 rc = security_genfs_sid("proc", path, tclass, sid);
1900out_free:
1901 free_page((unsigned long)buffer);
1902out:
1903 return rc;
1904}
1905
1906static int selinux_sysctl(ctl_table *table, int op)
1907{
1908 int error = 0;
1909 u32 av;
1910 u32 tsid, sid;
1911 int rc;
1912
1913 sid = current_sid();
1914
1915 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1916 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1917 if (rc) {
1918 /* Default to the well-defined sysctl SID. */
1919 tsid = SECINITSID_SYSCTL;
1920 }
1921
1922 /* The op values are "defined" in sysctl.c, thereby creating
1923 * a bad coupling between this module and sysctl.c */
1924 if (op == 001) {
1925 error = avc_has_perm(sid, tsid,
1926 SECCLASS_DIR, DIR__SEARCH, NULL);
1927 } else {
1928 av = 0;
1929 if (op & 004)
1930 av |= FILE__READ;
1931 if (op & 002)
1932 av |= FILE__WRITE;
1933 if (av)
1934 error = avc_has_perm(sid, tsid,
1935 SECCLASS_FILE, av, NULL);
1936 }
1937
1938 return error;
1939}
1940
1941static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) 1860static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1942{ 1861{
1943 const struct cred *cred = current_cred(); 1862 const struct cred *cred = current_cred();
@@ -2060,7 +1979,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2060 } else { 1979 } else {
2061 /* Check for a default transition on this program. */ 1980 /* Check for a default transition on this program. */
2062 rc = security_transition_sid(old_tsec->sid, isec->sid, 1981 rc = security_transition_sid(old_tsec->sid, isec->sid,
2063 SECCLASS_PROCESS, &new_tsec->sid); 1982 SECCLASS_PROCESS, NULL,
1983 &new_tsec->sid);
2064 if (rc) 1984 if (rc)
2065 return rc; 1985 return rc;
2066 } 1986 }
@@ -2443,6 +2363,91 @@ out:
2443 return rc; 2363 return rc;
2444} 2364}
2445 2365
2366static int selinux_sb_remount(struct super_block *sb, void *data)
2367{
2368 int rc, i, *flags;
2369 struct security_mnt_opts opts;
2370 char *secdata, **mount_options;
2371 struct superblock_security_struct *sbsec = sb->s_security;
2372
2373 if (!(sbsec->flags & SE_SBINITIALIZED))
2374 return 0;
2375
2376 if (!data)
2377 return 0;
2378
2379 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2380 return 0;
2381
2382 security_init_mnt_opts(&opts);
2383 secdata = alloc_secdata();
2384 if (!secdata)
2385 return -ENOMEM;
2386 rc = selinux_sb_copy_data(data, secdata);
2387 if (rc)
2388 goto out_free_secdata;
2389
2390 rc = selinux_parse_opts_str(secdata, &opts);
2391 if (rc)
2392 goto out_free_secdata;
2393
2394 mount_options = opts.mnt_opts;
2395 flags = opts.mnt_opts_flags;
2396
2397 for (i = 0; i < opts.num_mnt_opts; i++) {
2398 u32 sid;
2399 size_t len;
2400
2401 if (flags[i] == SE_SBLABELSUPP)
2402 continue;
2403 len = strlen(mount_options[i]);
2404 rc = security_context_to_sid(mount_options[i], len, &sid);
2405 if (rc) {
2406 printk(KERN_WARNING "SELinux: security_context_to_sid"
2407 "(%s) failed for (dev %s, type %s) errno=%d\n",
2408 mount_options[i], sb->s_id, sb->s_type->name, rc);
2409 goto out_free_opts;
2410 }
2411 rc = -EINVAL;
2412 switch (flags[i]) {
2413 case FSCONTEXT_MNT:
2414 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2415 goto out_bad_option;
2416 break;
2417 case CONTEXT_MNT:
2418 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2419 goto out_bad_option;
2420 break;
2421 case ROOTCONTEXT_MNT: {
2422 struct inode_security_struct *root_isec;
2423 root_isec = sb->s_root->d_inode->i_security;
2424
2425 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2426 goto out_bad_option;
2427 break;
2428 }
2429 case DEFCONTEXT_MNT:
2430 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2431 goto out_bad_option;
2432 break;
2433 default:
2434 goto out_free_opts;
2435 }
2436 }
2437
2438 rc = 0;
2439out_free_opts:
2440 security_free_mnt_opts(&opts);
2441out_free_secdata:
2442 free_secdata(secdata);
2443 return rc;
2444out_bad_option:
2445 printk(KERN_WARNING "SELinux: unable to change security options "
2446 "during remount (dev %s, type=%s)\n", sb->s_id,
2447 sb->s_type->name);
2448 goto out_free_opts;
2449}
2450
2446static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) 2451static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2447{ 2452{
2448 const struct cred *cred = current_cred(); 2453 const struct cred *cred = current_cred();
@@ -2509,8 +2514,8 @@ static void selinux_inode_free_security(struct inode *inode)
2509} 2514}
2510 2515
2511static int selinux_inode_init_security(struct inode *inode, struct inode *dir, 2516static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2512 char **name, void **value, 2517 const struct qstr *qstr, char **name,
2513 size_t *len) 2518 void **value, size_t *len)
2514{ 2519{
2515 const struct task_security_struct *tsec = current_security(); 2520 const struct task_security_struct *tsec = current_security();
2516 struct inode_security_struct *dsec; 2521 struct inode_security_struct *dsec;
@@ -2531,7 +2536,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2531 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { 2536 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
2532 rc = security_transition_sid(sid, dsec->sid, 2537 rc = security_transition_sid(sid, dsec->sid,
2533 inode_mode_to_security_class(inode->i_mode), 2538 inode_mode_to_security_class(inode->i_mode),
2534 &newsid); 2539 qstr, &newsid);
2535 if (rc) { 2540 if (rc) {
2536 printk(KERN_WARNING "%s: " 2541 printk(KERN_WARNING "%s: "
2537 "security_transition_sid failed, rc=%d (dev=%s " 2542 "security_transition_sid failed, rc=%d (dev=%s "
@@ -2932,16 +2937,47 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2932 unsigned long arg) 2937 unsigned long arg)
2933{ 2938{
2934 const struct cred *cred = current_cred(); 2939 const struct cred *cred = current_cred();
2935 u32 av = 0; 2940 int error = 0;
2936 2941
2937 if (_IOC_DIR(cmd) & _IOC_WRITE) 2942 switch (cmd) {
2938 av |= FILE__WRITE; 2943 case FIONREAD:
2939 if (_IOC_DIR(cmd) & _IOC_READ) 2944 /* fall through */
2940 av |= FILE__READ; 2945 case FIBMAP:
2941 if (!av) 2946 /* fall through */
2942 av = FILE__IOCTL; 2947 case FIGETBSZ:
2948 /* fall through */
2949 case EXT2_IOC_GETFLAGS:
2950 /* fall through */
2951 case EXT2_IOC_GETVERSION:
2952 error = file_has_perm(cred, file, FILE__GETATTR);
2953 break;
2954
2955 case EXT2_IOC_SETFLAGS:
2956 /* fall through */
2957 case EXT2_IOC_SETVERSION:
2958 error = file_has_perm(cred, file, FILE__SETATTR);
2959 break;
2960
2961 /* sys_ioctl() checks */
2962 case FIONBIO:
2963 /* fall through */
2964 case FIOASYNC:
2965 error = file_has_perm(cred, file, 0);
2966 break;
2943 2967
2944 return file_has_perm(cred, file, av); 2968 case KDSKBENT:
2969 case KDSKBSENT:
2970 error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG,
2971 SECURITY_CAP_AUDIT);
2972 break;
2973
2974 /* default case assumes that the command will go
2975 * to the file's ioctl() function.
2976 */
2977 default:
2978 error = file_has_perm(cred, file, FILE__IOCTL);
2979 }
2980 return error;
2945} 2981}
2946 2982
2947static int default_noexec; 2983static int default_noexec;
@@ -3644,9 +3680,16 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3644 3680
3645/* socket security operations */ 3681/* socket security operations */
3646 3682
3647static u32 socket_sockcreate_sid(const struct task_security_struct *tsec) 3683static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3684 u16 secclass, u32 *socksid)
3648{ 3685{
3649 return tsec->sockcreate_sid ? : tsec->sid; 3686 if (tsec->sockcreate_sid > SECSID_NULL) {
3687 *socksid = tsec->sockcreate_sid;
3688 return 0;
3689 }
3690
3691 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3692 socksid);
3650} 3693}
3651 3694
3652static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms) 3695static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
@@ -3670,12 +3713,16 @@ static int selinux_socket_create(int family, int type,
3670 const struct task_security_struct *tsec = current_security(); 3713 const struct task_security_struct *tsec = current_security();
3671 u32 newsid; 3714 u32 newsid;
3672 u16 secclass; 3715 u16 secclass;
3716 int rc;
3673 3717
3674 if (kern) 3718 if (kern)
3675 return 0; 3719 return 0;
3676 3720
3677 newsid = socket_sockcreate_sid(tsec);
3678 secclass = socket_type_to_security_class(family, type, protocol); 3721 secclass = socket_type_to_security_class(family, type, protocol);
3722 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3723 if (rc)
3724 return rc;
3725
3679 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); 3726 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3680} 3727}
3681 3728
@@ -3687,12 +3734,16 @@ static int selinux_socket_post_create(struct socket *sock, int family,
3687 struct sk_security_struct *sksec; 3734 struct sk_security_struct *sksec;
3688 int err = 0; 3735 int err = 0;
3689 3736
3737 isec->sclass = socket_type_to_security_class(family, type, protocol);
3738
3690 if (kern) 3739 if (kern)
3691 isec->sid = SECINITSID_KERNEL; 3740 isec->sid = SECINITSID_KERNEL;
3692 else 3741 else {
3693 isec->sid = socket_sockcreate_sid(tsec); 3742 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
3743 if (err)
3744 return err;
3745 }
3694 3746
3695 isec->sclass = socket_type_to_security_class(family, type, protocol);
3696 isec->initialized = 1; 3747 isec->initialized = 1;
3697 3748
3698 if (sock->sk) { 3749 if (sock->sk) {
@@ -4002,7 +4053,6 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4002{ 4053{
4003 int err = 0; 4054 int err = 0;
4004 struct sk_security_struct *sksec = sk->sk_security; 4055 struct sk_security_struct *sksec = sk->sk_security;
4005 u32 peer_sid;
4006 u32 sk_sid = sksec->sid; 4056 u32 sk_sid = sksec->sid;
4007 struct common_audit_data ad; 4057 struct common_audit_data ad;
4008 char *addrp; 4058 char *addrp;
@@ -4021,20 +4071,10 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4021 return err; 4071 return err;
4022 } 4072 }
4023 4073
4024 if (selinux_policycap_netpeer) { 4074 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4025 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid); 4075 if (err)
4026 if (err) 4076 return err;
4027 return err; 4077 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4028 err = avc_has_perm(sk_sid, peer_sid,
4029 SECCLASS_PEER, PEER__RECV, &ad);
4030 if (err)
4031 selinux_netlbl_err(skb, err, 0);
4032 } else {
4033 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4034 if (err)
4035 return err;
4036 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4037 }
4038 4078
4039 return err; 4079 return err;
4040} 4080}
@@ -4529,9 +4569,8 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4529 SECCLASS_PACKET, PACKET__SEND, &ad)) 4569 SECCLASS_PACKET, PACKET__SEND, &ad))
4530 return NF_DROP_ERR(-ECONNREFUSED); 4570 return NF_DROP_ERR(-ECONNREFUSED);
4531 4571
4532 if (selinux_policycap_netpeer) 4572 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4533 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) 4573 return NF_DROP_ERR(-ECONNREFUSED);
4534 return NF_DROP_ERR(-ECONNREFUSED);
4535 4574
4536 return NF_ACCEPT; 4575 return NF_ACCEPT;
4537} 4576}
@@ -4574,27 +4613,14 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4574 * from the sending socket, otherwise use the kernel's sid */ 4613 * from the sending socket, otherwise use the kernel's sid */
4575 sk = skb->sk; 4614 sk = skb->sk;
4576 if (sk == NULL) { 4615 if (sk == NULL) {
4577 switch (family) { 4616 if (skb->skb_iif) {
4578 case PF_INET: 4617 secmark_perm = PACKET__FORWARD_OUT;
4579 if (IPCB(skb)->flags & IPSKB_FORWARDED)
4580 secmark_perm = PACKET__FORWARD_OUT;
4581 else
4582 secmark_perm = PACKET__SEND;
4583 break;
4584 case PF_INET6:
4585 if (IP6CB(skb)->flags & IP6SKB_FORWARDED)
4586 secmark_perm = PACKET__FORWARD_OUT;
4587 else
4588 secmark_perm = PACKET__SEND;
4589 break;
4590 default:
4591 return NF_DROP_ERR(-ECONNREFUSED);
4592 }
4593 if (secmark_perm == PACKET__FORWARD_OUT) {
4594 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid)) 4618 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4595 return NF_DROP; 4619 return NF_DROP;
4596 } else 4620 } else {
4621 secmark_perm = PACKET__SEND;
4597 peer_sid = SECINITSID_KERNEL; 4622 peer_sid = SECINITSID_KERNEL;
4623 }
4598 } else { 4624 } else {
4599 struct sk_security_struct *sksec = sk->sk_security; 4625 struct sk_security_struct *sksec = sk->sk_security;
4600 peer_sid = sksec->sid; 4626 peer_sid = sksec->sid;
@@ -4848,7 +4874,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4848 * message queue this message will be stored in 4874 * message queue this message will be stored in
4849 */ 4875 */
4850 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, 4876 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4851 &msec->sid); 4877 NULL, &msec->sid);
4852 if (rc) 4878 if (rc)
4853 return rc; 4879 return rc;
4854 } 4880 }
@@ -5402,7 +5428,6 @@ static struct security_operations selinux_ops = {
5402 .ptrace_traceme = selinux_ptrace_traceme, 5428 .ptrace_traceme = selinux_ptrace_traceme,
5403 .capget = selinux_capget, 5429 .capget = selinux_capget,
5404 .capset = selinux_capset, 5430 .capset = selinux_capset,
5405 .sysctl = selinux_sysctl,
5406 .capable = selinux_capable, 5431 .capable = selinux_capable,
5407 .quotactl = selinux_quotactl, 5432 .quotactl = selinux_quotactl,
5408 .quota_on = selinux_quota_on, 5433 .quota_on = selinux_quota_on,
@@ -5420,6 +5445,7 @@ static struct security_operations selinux_ops = {
5420 .sb_alloc_security = selinux_sb_alloc_security, 5445 .sb_alloc_security = selinux_sb_alloc_security,
5421 .sb_free_security = selinux_sb_free_security, 5446 .sb_free_security = selinux_sb_free_security,
5422 .sb_copy_data = selinux_sb_copy_data, 5447 .sb_copy_data = selinux_sb_copy_data,
5448 .sb_remount = selinux_sb_remount,
5423 .sb_kern_mount = selinux_sb_kern_mount, 5449 .sb_kern_mount = selinux_sb_kern_mount,
5424 .sb_show_options = selinux_sb_show_options, 5450 .sb_show_options = selinux_sb_show_options,
5425 .sb_statfs = selinux_sb_statfs, 5451 .sb_statfs = selinux_sb_statfs,
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 7ed3663332ec..b8c53723e09b 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -12,6 +12,10 @@
12#define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \ 12#define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \
13 "write", "associate", "unix_read", "unix_write" 13 "write", "associate", "unix_read", "unix_write"
14 14
15/*
16 * Note: The name for any socket class should be suffixed by "socket",
17 * and doesn't contain more than one substr of "socket".
18 */
15struct security_class_mapping secclass_map[] = { 19struct security_class_mapping secclass_map[] = {
16 { "security", 20 { "security",
17 { "compute_av", "compute_create", "compute_member", 21 { "compute_av", "compute_create", "compute_member",
@@ -132,8 +136,7 @@ struct security_class_mapping secclass_map[] = {
132 { "appletalk_socket", 136 { "appletalk_socket",
133 { COMMON_SOCK_PERMS, NULL } }, 137 { COMMON_SOCK_PERMS, NULL } },
134 { "packet", 138 { "packet",
135 { "send", "recv", "relabelto", "flow_in", "flow_out", 139 { "send", "recv", "relabelto", "forward_in", "forward_out", NULL } },
136 "forward_in", "forward_out", NULL } },
137 { "key", 140 { "key",
138 { "view", "read", "write", "search", "link", "setattr", "create", 141 { "view", "read", "write", "search", "link", "setattr", "create",
139 NULL } }, 142 NULL } },
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 671273eb1115..348eb00cb668 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -8,6 +8,7 @@
8#ifndef _SELINUX_SECURITY_H_ 8#ifndef _SELINUX_SECURITY_H_
9#define _SELINUX_SECURITY_H_ 9#define _SELINUX_SECURITY_H_
10 10
11#include <linux/dcache.h>
11#include <linux/magic.h> 12#include <linux/magic.h>
12#include <linux/types.h> 13#include <linux/types.h>
13#include "flask.h" 14#include "flask.h"
@@ -28,13 +29,14 @@
28#define POLICYDB_VERSION_POLCAP 22 29#define POLICYDB_VERSION_POLCAP 22
29#define POLICYDB_VERSION_PERMISSIVE 23 30#define POLICYDB_VERSION_PERMISSIVE 23
30#define POLICYDB_VERSION_BOUNDARY 24 31#define POLICYDB_VERSION_BOUNDARY 24
32#define POLICYDB_VERSION_FILENAME_TRANS 25
31 33
32/* Range of policy versions we understand*/ 34/* Range of policy versions we understand*/
33#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE 35#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
34#ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX 36#ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX
35#define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE 37#define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE
36#else 38#else
37#define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY 39#define POLICYDB_VERSION_MAX POLICYDB_VERSION_FILENAME_TRANS
38#endif 40#endif
39 41
40/* Mask for just the mount related flags */ 42/* Mask for just the mount related flags */
@@ -106,8 +108,8 @@ void security_compute_av(u32 ssid, u32 tsid,
106void security_compute_av_user(u32 ssid, u32 tsid, 108void security_compute_av_user(u32 ssid, u32 tsid,
107 u16 tclass, struct av_decision *avd); 109 u16 tclass, struct av_decision *avd);
108 110
109int security_transition_sid(u32 ssid, u32 tsid, 111int security_transition_sid(u32 ssid, u32 tsid, u16 tclass,
110 u16 tclass, u32 *out_sid); 112 const struct qstr *qstr, u32 *out_sid);
111 113
112int security_transition_sid_user(u32 ssid, u32 tsid, 114int security_transition_sid_user(u32 ssid, u32 tsid,
113 u16 tclass, u32 *out_sid); 115 u16 tclass, u32 *out_sid);
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index dff0c75345c1..63ce2f9e441d 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -14,7 +14,7 @@
14 * 14 *
15 * Copyright (C) 2003 Tresys Technology, LLC 15 * Copyright (C) 2003 Tresys Technology, LLC
16 * This program is free software; you can redistribute it and/or modify 16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by 17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation, version 2. 18 * the Free Software Foundation, version 2.
19 * 19 *
20 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp> 20 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
@@ -27,16 +27,16 @@ struct avtab_key {
27 u16 source_type; /* source type */ 27 u16 source_type; /* source type */
28 u16 target_type; /* target type */ 28 u16 target_type; /* target type */
29 u16 target_class; /* target object class */ 29 u16 target_class; /* target object class */
30#define AVTAB_ALLOWED 1 30#define AVTAB_ALLOWED 0x0001
31#define AVTAB_AUDITALLOW 2 31#define AVTAB_AUDITALLOW 0x0002
32#define AVTAB_AUDITDENY 4 32#define AVTAB_AUDITDENY 0x0004
33#define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY) 33#define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
34#define AVTAB_TRANSITION 16 34#define AVTAB_TRANSITION 0x0010
35#define AVTAB_MEMBER 32 35#define AVTAB_MEMBER 0x0020
36#define AVTAB_CHANGE 64 36#define AVTAB_CHANGE 0x0040
37#define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE) 37#define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
38#define AVTAB_ENABLED_OLD 0x80000000 /* reserved for used in cond_avtab */ 38#define AVTAB_ENABLED_OLD 0x80000000 /* reserved for used in cond_avtab */
39#define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */ 39#define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */
40 u16 specified; /* what field is specified */ 40 u16 specified; /* what field is specified */
41}; 41};
42 42
@@ -86,7 +86,6 @@ void avtab_cache_destroy(void);
86 86
87#define MAX_AVTAB_HASH_BITS 11 87#define MAX_AVTAB_HASH_BITS 11
88#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) 88#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
89#define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1)
90 89
91#endif /* _SS_AVTAB_H_ */ 90#endif /* _SS_AVTAB_H_ */
92 91
diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h
index 1f4e93c2ae86..922f8afa89dd 100644
--- a/security/selinux/ss/ebitmap.h
+++ b/security/selinux/ss/ebitmap.h
@@ -36,7 +36,6 @@ struct ebitmap {
36}; 36};
37 37
38#define ebitmap_length(e) ((e)->highbit) 38#define ebitmap_length(e) ((e)->highbit)
39#define ebitmap_startbit(e) ((e)->node ? (e)->node->startbit : 0)
40 39
41static inline unsigned int ebitmap_start_positive(struct ebitmap *e, 40static inline unsigned int ebitmap_start_positive(struct ebitmap *e,
42 struct ebitmap_node **n) 41 struct ebitmap_node **n)
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 1ef8e4e89880..e96174216bc9 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -512,7 +512,8 @@ int mls_compute_sid(struct context *scontext,
512 struct context *tcontext, 512 struct context *tcontext,
513 u16 tclass, 513 u16 tclass,
514 u32 specified, 514 u32 specified,
515 struct context *newcontext) 515 struct context *newcontext,
516 bool sock)
516{ 517{
517 struct range_trans rtr; 518 struct range_trans rtr;
518 struct mls_range *r; 519 struct mls_range *r;
@@ -531,7 +532,7 @@ int mls_compute_sid(struct context *scontext,
531 return mls_range_set(newcontext, r); 532 return mls_range_set(newcontext, r);
532 /* Fallthrough */ 533 /* Fallthrough */
533 case AVTAB_CHANGE: 534 case AVTAB_CHANGE:
534 if (tclass == policydb.process_class) 535 if ((tclass == policydb.process_class) || (sock == true))
535 /* Use the process MLS attributes. */ 536 /* Use the process MLS attributes. */
536 return mls_context_cpy(newcontext, scontext); 537 return mls_context_cpy(newcontext, scontext);
537 else 538 else
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index cd9152632e54..037bf9d82d41 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h
@@ -49,7 +49,8 @@ int mls_compute_sid(struct context *scontext,
49 struct context *tcontext, 49 struct context *tcontext,
50 u16 tclass, 50 u16 tclass,
51 u32 specified, 51 u32 specified,
52 struct context *newcontext); 52 struct context *newcontext,
53 bool sock);
53 54
54int mls_setup_user_range(struct context *fromcon, struct user_datum *user, 55int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
55 struct context *usercon); 56 struct context *usercon);
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 57363562f0f8..e7b850ad57ee 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -123,6 +123,11 @@ static struct policydb_compat_info policydb_compat[] = {
123 .sym_num = SYM_NUM, 123 .sym_num = SYM_NUM,
124 .ocon_num = OCON_NUM, 124 .ocon_num = OCON_NUM,
125 }, 125 },
126 {
127 .version = POLICYDB_VERSION_FILENAME_TRANS,
128 .sym_num = SYM_NUM,
129 .ocon_num = OCON_NUM,
130 },
126}; 131};
127 132
128static struct policydb_compat_info *policydb_lookup_compat(int version) 133static struct policydb_compat_info *policydb_lookup_compat(int version)
@@ -704,6 +709,7 @@ void policydb_destroy(struct policydb *p)
704 int i; 709 int i;
705 struct role_allow *ra, *lra = NULL; 710 struct role_allow *ra, *lra = NULL;
706 struct role_trans *tr, *ltr = NULL; 711 struct role_trans *tr, *ltr = NULL;
712 struct filename_trans *ft, *nft;
707 713
708 for (i = 0; i < SYM_NUM; i++) { 714 for (i = 0; i < SYM_NUM; i++) {
709 cond_resched(); 715 cond_resched();
@@ -781,6 +787,15 @@ void policydb_destroy(struct policydb *p)
781 } 787 }
782 flex_array_free(p->type_attr_map_array); 788 flex_array_free(p->type_attr_map_array);
783 } 789 }
790
791 ft = p->filename_trans;
792 while (ft) {
793 nft = ft->next;
794 kfree(ft->name);
795 kfree(ft);
796 ft = nft;
797 }
798
784 ebitmap_destroy(&p->policycaps); 799 ebitmap_destroy(&p->policycaps);
785 ebitmap_destroy(&p->permissive_map); 800 ebitmap_destroy(&p->permissive_map);
786 801
@@ -1788,6 +1803,76 @@ out:
1788 return rc; 1803 return rc;
1789} 1804}
1790 1805
1806static int filename_trans_read(struct policydb *p, void *fp)
1807{
1808 struct filename_trans *ft, *last;
1809 u32 nel, len;
1810 char *name;
1811 __le32 buf[4];
1812 int rc, i;
1813
1814 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
1815 return 0;
1816
1817 rc = next_entry(buf, fp, sizeof(u32));
1818 if (rc)
1819 goto out;
1820 nel = le32_to_cpu(buf[0]);
1821
1822 printk(KERN_ERR "%s: nel=%d\n", __func__, nel);
1823
1824 last = p->filename_trans;
1825 while (last && last->next)
1826 last = last->next;
1827
1828 for (i = 0; i < nel; i++) {
1829 rc = -ENOMEM;
1830 ft = kzalloc(sizeof(*ft), GFP_KERNEL);
1831 if (!ft)
1832 goto out;
1833
1834 /* add it to the tail of the list */
1835 if (!last)
1836 p->filename_trans = ft;
1837 else
1838 last->next = ft;
1839 last = ft;
1840
1841 /* length of the path component string */
1842 rc = next_entry(buf, fp, sizeof(u32));
1843 if (rc)
1844 goto out;
1845 len = le32_to_cpu(buf[0]);
1846
1847 rc = -ENOMEM;
1848 name = kmalloc(len + 1, GFP_KERNEL);
1849 if (!name)
1850 goto out;
1851
1852 ft->name = name;
1853
1854 /* path component string */
1855 rc = next_entry(name, fp, len);
1856 if (rc)
1857 goto out;
1858 name[len] = 0;
1859
1860 printk(KERN_ERR "%s: ft=%p ft->name=%p ft->name=%s\n", __func__, ft, ft->name, ft->name);
1861
1862 rc = next_entry(buf, fp, sizeof(u32) * 4);
1863 if (rc)
1864 goto out;
1865
1866 ft->stype = le32_to_cpu(buf[0]);
1867 ft->ttype = le32_to_cpu(buf[1]);
1868 ft->tclass = le32_to_cpu(buf[2]);
1869 ft->otype = le32_to_cpu(buf[3]);
1870 }
1871 rc = 0;
1872out:
1873 return rc;
1874}
1875
1791static int genfs_read(struct policydb *p, void *fp) 1876static int genfs_read(struct policydb *p, void *fp)
1792{ 1877{
1793 int i, j, rc; 1878 int i, j, rc;
@@ -2251,6 +2336,10 @@ int policydb_read(struct policydb *p, void *fp)
2251 lra = ra; 2336 lra = ra;
2252 } 2337 }
2253 2338
2339 rc = filename_trans_read(p, fp);
2340 if (rc)
2341 goto bad;
2342
2254 rc = policydb_index(p); 2343 rc = policydb_index(p);
2255 if (rc) 2344 if (rc)
2256 goto bad; 2345 goto bad;
@@ -3025,6 +3114,43 @@ static int range_write(struct policydb *p, void *fp)
3025 return 0; 3114 return 0;
3026} 3115}
3027 3116
3117static int filename_trans_write(struct policydb *p, void *fp)
3118{
3119 struct filename_trans *ft;
3120 u32 len, nel = 0;
3121 __le32 buf[4];
3122 int rc;
3123
3124 for (ft = p->filename_trans; ft; ft = ft->next)
3125 nel++;
3126
3127 buf[0] = cpu_to_le32(nel);
3128 rc = put_entry(buf, sizeof(u32), 1, fp);
3129 if (rc)
3130 return rc;
3131
3132 for (ft = p->filename_trans; ft; ft = ft->next) {
3133 len = strlen(ft->name);
3134 buf[0] = cpu_to_le32(len);
3135 rc = put_entry(buf, sizeof(u32), 1, fp);
3136 if (rc)
3137 return rc;
3138
3139 rc = put_entry(ft->name, sizeof(char), len, fp);
3140 if (rc)
3141 return rc;
3142
3143 buf[0] = ft->stype;
3144 buf[1] = ft->ttype;
3145 buf[2] = ft->tclass;
3146 buf[3] = ft->otype;
3147
3148 rc = put_entry(buf, sizeof(u32), 4, fp);
3149 if (rc)
3150 return rc;
3151 }
3152 return 0;
3153}
3028/* 3154/*
3029 * Write the configuration data in a policy database 3155 * Write the configuration data in a policy database
3030 * structure to a policy database binary representation 3156 * structure to a policy database binary representation
@@ -3135,6 +3261,10 @@ int policydb_write(struct policydb *p, void *fp)
3135 if (rc) 3261 if (rc)
3136 return rc; 3262 return rc;
3137 3263
3264 rc = filename_trans_write(p, fp);
3265 if (rc)
3266 return rc;
3267
3138 rc = ocontext_write(p, info, fp); 3268 rc = ocontext_write(p, info, fp);
3139 if (rc) 3269 if (rc)
3140 return rc; 3270 return rc;
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 4e3ab9d0b315..732ea4a68682 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -77,6 +77,15 @@ struct role_trans {
77 struct role_trans *next; 77 struct role_trans *next;
78}; 78};
79 79
80struct filename_trans {
81 struct filename_trans *next;
82 u32 stype; /* current process */
83 u32 ttype; /* parent dir context */
84 u16 tclass; /* class of new object */
85 const char *name; /* last path component */
86 u32 otype; /* expected of new object */
87};
88
80struct role_allow { 89struct role_allow {
81 u32 role; /* current role */ 90 u32 role; /* current role */
82 u32 new_role; /* new role */ 91 u32 new_role; /* new role */
@@ -217,6 +226,9 @@ struct policydb {
217 /* role transitions */ 226 /* role transitions */
218 struct role_trans *role_tr; 227 struct role_trans *role_tr;
219 228
229 /* file transitions with the last path component */
230 struct filename_trans *filename_trans;
231
220 /* bools indexed by (value - 1) */ 232 /* bools indexed by (value - 1) */
221 struct cond_bool_datum **bool_val_to_struct; 233 struct cond_bool_datum **bool_val_to_struct;
222 /* type enforcement conditional access vectors and transitions */ 234 /* type enforcement conditional access vectors and transitions */
@@ -302,7 +314,7 @@ static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes)
302 return 0; 314 return 0;
303} 315}
304 316
305static inline int put_entry(void *buf, size_t bytes, int num, struct policy_file *fp) 317static inline int put_entry(const void *buf, size_t bytes, int num, struct policy_file *fp)
306{ 318{
307 size_t len = bytes * num; 319 size_t len = bytes * num;
308 320
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index a03cfaf0ee07..3e7544d2a07b 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -201,6 +201,21 @@ static u16 unmap_class(u16 tclass)
201 return tclass; 201 return tclass;
202} 202}
203 203
204/*
205 * Get kernel value for class from its policy value
206 */
207static u16 map_class(u16 pol_value)
208{
209 u16 i;
210
211 for (i = 1; i < current_mapping_size; i++) {
212 if (current_mapping[i].value == pol_value)
213 return i;
214 }
215
216 return pol_value;
217}
218
204static void map_decision(u16 tclass, struct av_decision *avd, 219static void map_decision(u16 tclass, struct av_decision *avd,
205 int allow_unknown) 220 int allow_unknown)
206{ 221{
@@ -1343,10 +1358,27 @@ out:
1343 return -EACCES; 1358 return -EACCES;
1344} 1359}
1345 1360
1361static void filename_compute_type(struct policydb *p, struct context *newcontext,
1362 u32 scon, u32 tcon, u16 tclass,
1363 const struct qstr *qstr)
1364{
1365 struct filename_trans *ft;
1366 for (ft = p->filename_trans; ft; ft = ft->next) {
1367 if (ft->stype == scon &&
1368 ft->ttype == tcon &&
1369 ft->tclass == tclass &&
1370 !strcmp(ft->name, qstr->name)) {
1371 newcontext->type = ft->otype;
1372 return;
1373 }
1374 }
1375}
1376
1346static int security_compute_sid(u32 ssid, 1377static int security_compute_sid(u32 ssid,
1347 u32 tsid, 1378 u32 tsid,
1348 u16 orig_tclass, 1379 u16 orig_tclass,
1349 u32 specified, 1380 u32 specified,
1381 const struct qstr *qstr,
1350 u32 *out_sid, 1382 u32 *out_sid,
1351 bool kern) 1383 bool kern)
1352{ 1384{
@@ -1357,6 +1389,7 @@ static int security_compute_sid(u32 ssid,
1357 struct avtab_node *node; 1389 struct avtab_node *node;
1358 u16 tclass; 1390 u16 tclass;
1359 int rc = 0; 1391 int rc = 0;
1392 bool sock;
1360 1393
1361 if (!ss_initialized) { 1394 if (!ss_initialized) {
1362 switch (orig_tclass) { 1395 switch (orig_tclass) {
@@ -1374,10 +1407,13 @@ static int security_compute_sid(u32 ssid,
1374 1407
1375 read_lock(&policy_rwlock); 1408 read_lock(&policy_rwlock);
1376 1409
1377 if (kern) 1410 if (kern) {
1378 tclass = unmap_class(orig_tclass); 1411 tclass = unmap_class(orig_tclass);
1379 else 1412 sock = security_is_socket_class(orig_tclass);
1413 } else {
1380 tclass = orig_tclass; 1414 tclass = orig_tclass;
1415 sock = security_is_socket_class(map_class(tclass));
1416 }
1381 1417
1382 scontext = sidtab_search(&sidtab, ssid); 1418 scontext = sidtab_search(&sidtab, ssid);
1383 if (!scontext) { 1419 if (!scontext) {
@@ -1408,7 +1444,7 @@ static int security_compute_sid(u32 ssid,
1408 } 1444 }
1409 1445
1410 /* Set the role and type to default values. */ 1446 /* Set the role and type to default values. */
1411 if (tclass == policydb.process_class) { 1447 if ((tclass == policydb.process_class) || (sock == true)) {
1412 /* Use the current role and type of process. */ 1448 /* Use the current role and type of process. */
1413 newcontext.role = scontext->role; 1449 newcontext.role = scontext->role;
1414 newcontext.type = scontext->type; 1450 newcontext.type = scontext->type;
@@ -1442,6 +1478,11 @@ static int security_compute_sid(u32 ssid,
1442 newcontext.type = avdatum->data; 1478 newcontext.type = avdatum->data;
1443 } 1479 }
1444 1480
1481 /* if we have a qstr this is a file trans check so check those rules */
1482 if (qstr)
1483 filename_compute_type(&policydb, &newcontext, scontext->type,
1484 tcontext->type, tclass, qstr);
1485
1445 /* Check for class-specific changes. */ 1486 /* Check for class-specific changes. */
1446 if (tclass == policydb.process_class) { 1487 if (tclass == policydb.process_class) {
1447 if (specified & AVTAB_TRANSITION) { 1488 if (specified & AVTAB_TRANSITION) {
@@ -1460,7 +1501,8 @@ static int security_compute_sid(u32 ssid,
1460 1501
1461 /* Set the MLS attributes. 1502 /* Set the MLS attributes.
1462 This is done last because it may allocate memory. */ 1503 This is done last because it may allocate memory. */
1463 rc = mls_compute_sid(scontext, tcontext, tclass, specified, &newcontext); 1504 rc = mls_compute_sid(scontext, tcontext, tclass, specified,
1505 &newcontext, sock);
1464 if (rc) 1506 if (rc)
1465 goto out_unlock; 1507 goto out_unlock;
1466 1508
@@ -1495,22 +1537,17 @@ out:
1495 * if insufficient memory is available, or %0 if the new SID was 1537 * if insufficient memory is available, or %0 if the new SID was
1496 * computed successfully. 1538 * computed successfully.
1497 */ 1539 */
1498int security_transition_sid(u32 ssid, 1540int security_transition_sid(u32 ssid, u32 tsid, u16 tclass,
1499 u32 tsid, 1541 const struct qstr *qstr, u32 *out_sid)
1500 u16 tclass,
1501 u32 *out_sid)
1502{ 1542{
1503 return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, 1543 return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION,
1504 out_sid, true); 1544 qstr, out_sid, true);
1505} 1545}
1506 1546
1507int security_transition_sid_user(u32 ssid, 1547int security_transition_sid_user(u32 ssid, u32 tsid, u16 tclass, u32 *out_sid)
1508 u32 tsid,
1509 u16 tclass,
1510 u32 *out_sid)
1511{ 1548{
1512 return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, 1549 return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION,
1513 out_sid, false); 1550 NULL, out_sid, false);
1514} 1551}
1515 1552
1516/** 1553/**
@@ -1531,8 +1568,8 @@ int security_member_sid(u32 ssid,
1531 u16 tclass, 1568 u16 tclass,
1532 u32 *out_sid) 1569 u32 *out_sid)
1533{ 1570{
1534 return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid, 1571 return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, NULL,
1535 false); 1572 out_sid, false);
1536} 1573}
1537 1574
1538/** 1575/**
@@ -1553,8 +1590,8 @@ int security_change_sid(u32 ssid,
1553 u16 tclass, 1590 u16 tclass,
1554 u32 *out_sid) 1591 u32 *out_sid)
1555{ 1592{
1556 return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid, 1593 return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, NULL,
1557 false); 1594 out_sid, false);
1558} 1595}
1559 1596
1560/* Clone the SID into the new SID table. */ 1597/* Clone the SID into the new SID table. */
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index fff78d3b51a2..728c57e3d65d 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -208,7 +208,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
208 if (!uctx) 208 if (!uctx)
209 goto not_from_user; 209 goto not_from_user;
210 210
211 if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX) 211 if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
212 return -EINVAL; 212 return -EINVAL;
213 213
214 str_len = uctx->ctx_len; 214 str_len = uctx->ctx_len;
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 129c4eb8ffb1..b449cfdad21c 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -52,13 +52,16 @@ struct socket_smack {
52struct inode_smack { 52struct inode_smack {
53 char *smk_inode; /* label of the fso */ 53 char *smk_inode; /* label of the fso */
54 char *smk_task; /* label of the task */ 54 char *smk_task; /* label of the task */
55 char *smk_mmap; /* label of the mmap domain */
55 struct mutex smk_lock; /* initialization lock */ 56 struct mutex smk_lock; /* initialization lock */
56 int smk_flags; /* smack inode flags */ 57 int smk_flags; /* smack inode flags */
57}; 58};
58 59
59struct task_smack { 60struct task_smack {
60 char *smk_task; /* label used for access control */ 61 char *smk_task; /* label for access control */
61 char *smk_forked; /* label when forked */ 62 char *smk_forked; /* label when forked */
63 struct list_head smk_rules; /* per task access rules */
64 struct mutex smk_rules_lock; /* lock for the rules */
62}; 65};
63 66
64#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ 67#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */
@@ -152,12 +155,6 @@ struct smack_known {
152#define SMACK_MAGIC 0x43415d53 /* "SMAC" */ 155#define SMACK_MAGIC 0x43415d53 /* "SMAC" */
153 156
154/* 157/*
155 * A limit on the number of entries in the lists
156 * makes some of the list administration easier.
157 */
158#define SMACK_LIST_MAX 10000
159
160/*
161 * CIPSO defaults. 158 * CIPSO defaults.
162 */ 159 */
163#define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ 160#define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */
@@ -174,9 +171,7 @@ struct smack_known {
174/* 171/*
175 * Just to make the common cases easier to deal with 172 * Just to make the common cases easier to deal with
176 */ 173 */
177#define MAY_ANY (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
178#define MAY_ANYREAD (MAY_READ | MAY_EXEC) 174#define MAY_ANYREAD (MAY_READ | MAY_EXEC)
179#define MAY_ANYWRITE (MAY_WRITE | MAY_APPEND)
180#define MAY_READWRITE (MAY_READ | MAY_WRITE) 175#define MAY_READWRITE (MAY_READ | MAY_WRITE)
181#define MAY_NOT 0 176#define MAY_NOT 0
182 177
@@ -202,7 +197,7 @@ struct inode_smack *new_inode_smack(char *);
202/* 197/*
203 * These functions are in smack_access.c 198 * These functions are in smack_access.c
204 */ 199 */
205int smk_access_entry(char *, char *); 200int smk_access_entry(char *, char *, struct list_head *);
206int smk_access(char *, char *, int, struct smk_audit_info *); 201int smk_access(char *, char *, int, struct smk_audit_info *);
207int smk_curacc(char *, u32, struct smk_audit_info *); 202int smk_curacc(char *, u32, struct smk_audit_info *);
208int smack_to_cipso(const char *, struct smack_cipso *); 203int smack_to_cipso(const char *, struct smack_cipso *);
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 7ba8478f599e..86453db4333d 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -70,10 +70,11 @@ int log_policy = SMACK_AUDIT_DENIED;
70 * smk_access_entry - look up matching access rule 70 * smk_access_entry - look up matching access rule
71 * @subject_label: a pointer to the subject's Smack label 71 * @subject_label: a pointer to the subject's Smack label
72 * @object_label: a pointer to the object's Smack label 72 * @object_label: a pointer to the object's Smack label
73 * @rule_list: the list of rules to search
73 * 74 *
74 * This function looks up the subject/object pair in the 75 * This function looks up the subject/object pair in the
75 * access rule list and returns pointer to the matching rule if found, 76 * access rule list and returns the access mode. If no
76 * NULL otherwise. 77 * entry is found returns -ENOENT.
77 * 78 *
78 * NOTE: 79 * NOTE:
79 * Even though Smack labels are usually shared on smack_list 80 * Even though Smack labels are usually shared on smack_list
@@ -85,13 +86,13 @@ int log_policy = SMACK_AUDIT_DENIED;
85 * will be on the list, so checking the pointers may be a worthwhile 86 * will be on the list, so checking the pointers may be a worthwhile
86 * optimization. 87 * optimization.
87 */ 88 */
88int smk_access_entry(char *subject_label, char *object_label) 89int smk_access_entry(char *subject_label, char *object_label,
90 struct list_head *rule_list)
89{ 91{
90 u32 may = MAY_NOT; 92 int may = -ENOENT;
91 struct smack_rule *srp; 93 struct smack_rule *srp;
92 94
93 rcu_read_lock(); 95 list_for_each_entry_rcu(srp, rule_list, list) {
94 list_for_each_entry_rcu(srp, &smack_rule_list, list) {
95 if (srp->smk_subject == subject_label || 96 if (srp->smk_subject == subject_label ||
96 strcmp(srp->smk_subject, subject_label) == 0) { 97 strcmp(srp->smk_subject, subject_label) == 0) {
97 if (srp->smk_object == object_label || 98 if (srp->smk_object == object_label ||
@@ -101,7 +102,6 @@ int smk_access_entry(char *subject_label, char *object_label)
101 } 102 }
102 } 103 }
103 } 104 }
104 rcu_read_unlock();
105 105
106 return may; 106 return may;
107} 107}
@@ -129,7 +129,7 @@ int smk_access_entry(char *subject_label, char *object_label)
129int smk_access(char *subject_label, char *object_label, int request, 129int smk_access(char *subject_label, char *object_label, int request,
130 struct smk_audit_info *a) 130 struct smk_audit_info *a)
131{ 131{
132 u32 may = MAY_NOT; 132 int may = MAY_NOT;
133 int rc = 0; 133 int rc = 0;
134 134
135 /* 135 /*
@@ -181,13 +181,14 @@ int smk_access(char *subject_label, char *object_label, int request,
181 * Beyond here an explicit relationship is required. 181 * Beyond here an explicit relationship is required.
182 * If the requested access is contained in the available 182 * If the requested access is contained in the available
183 * access (e.g. read is included in readwrite) it's 183 * access (e.g. read is included in readwrite) it's
184 * good. 184 * good. A negative response from smk_access_entry()
185 */ 185 * indicates there is no entry for this pair.
186 may = smk_access_entry(subject_label, object_label);
187 /*
188 * This is a bit map operation.
189 */ 186 */
190 if ((request & may) == request) 187 rcu_read_lock();
188 may = smk_access_entry(subject_label, object_label, &smack_rule_list);
189 rcu_read_unlock();
190
191 if (may > 0 && (request & may) == request)
191 goto out_audit; 192 goto out_audit;
192 193
193 rc = -EACCES; 194 rc = -EACCES;
@@ -212,12 +213,27 @@ out_audit:
212 */ 213 */
213int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a) 214int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
214{ 215{
216 struct task_smack *tsp = current_security();
217 char *sp = smk_of_task(tsp);
218 int may;
215 int rc; 219 int rc;
216 char *sp = smk_of_current();
217 220
221 /*
222 * Check the global rule list
223 */
218 rc = smk_access(sp, obj_label, mode, NULL); 224 rc = smk_access(sp, obj_label, mode, NULL);
219 if (rc == 0) 225 if (rc == 0) {
220 goto out_audit; 226 /*
227 * If there is an entry in the task's rule list
228 * it can further restrict access.
229 */
230 may = smk_access_entry(sp, obj_label, &tsp->smk_rules);
231 if (may < 0)
232 goto out_audit;
233 if ((mode & may) == mode)
234 goto out_audit;
235 rc = -EACCES;
236 }
221 237
222 /* 238 /*
223 * Return if a specific label has been designated as the 239 * Return if a specific label has been designated as the
@@ -228,7 +244,7 @@ int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
228 goto out_audit; 244 goto out_audit;
229 245
230 if (capable(CAP_MAC_OVERRIDE)) 246 if (capable(CAP_MAC_OVERRIDE))
231 return 0; 247 rc = 0;
232 248
233out_audit: 249out_audit:
234#ifdef CONFIG_AUDIT 250#ifdef CONFIG_AUDIT
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 533bf3255d7f..23c7a6d0c80c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -33,6 +33,7 @@
33#include <net/cipso_ipv4.h> 33#include <net/cipso_ipv4.h>
34#include <linux/audit.h> 34#include <linux/audit.h>
35#include <linux/magic.h> 35#include <linux/magic.h>
36#include <linux/dcache.h>
36#include "smack.h" 37#include "smack.h"
37 38
38#define task_security(task) (task_cred_xxx((task), security)) 39#define task_security(task) (task_cred_xxx((task), security))
@@ -84,6 +85,56 @@ struct inode_smack *new_inode_smack(char *smack)
84 return isp; 85 return isp;
85} 86}
86 87
88/**
89 * new_task_smack - allocate a task security blob
90 * @smack: a pointer to the Smack label to use in the blob
91 *
92 * Returns the new blob or NULL if there's no memory available
93 */
94static struct task_smack *new_task_smack(char *task, char *forked, gfp_t gfp)
95{
96 struct task_smack *tsp;
97
98 tsp = kzalloc(sizeof(struct task_smack), gfp);
99 if (tsp == NULL)
100 return NULL;
101
102 tsp->smk_task = task;
103 tsp->smk_forked = forked;
104 INIT_LIST_HEAD(&tsp->smk_rules);
105 mutex_init(&tsp->smk_rules_lock);
106
107 return tsp;
108}
109
110/**
111 * smk_copy_rules - copy a rule set
112 * @nhead - new rules header pointer
113 * @ohead - old rules header pointer
114 *
115 * Returns 0 on success, -ENOMEM on error
116 */
117static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
118 gfp_t gfp)
119{
120 struct smack_rule *nrp;
121 struct smack_rule *orp;
122 int rc = 0;
123
124 INIT_LIST_HEAD(nhead);
125
126 list_for_each_entry_rcu(orp, ohead, list) {
127 nrp = kzalloc(sizeof(struct smack_rule), gfp);
128 if (nrp == NULL) {
129 rc = -ENOMEM;
130 break;
131 }
132 *nrp = *orp;
133 list_add_rcu(&nrp->list, nhead);
134 }
135 return rc;
136}
137
87/* 138/*
88 * LSM hooks. 139 * LSM hooks.
89 * We he, that is fun! 140 * We he, that is fun!
@@ -102,23 +153,17 @@ static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
102{ 153{
103 int rc; 154 int rc;
104 struct smk_audit_info ad; 155 struct smk_audit_info ad;
105 char *sp, *tsp; 156 char *tsp;
106 157
107 rc = cap_ptrace_access_check(ctp, mode); 158 rc = cap_ptrace_access_check(ctp, mode);
108 if (rc != 0) 159 if (rc != 0)
109 return rc; 160 return rc;
110 161
111 sp = smk_of_current();
112 tsp = smk_of_task(task_security(ctp)); 162 tsp = smk_of_task(task_security(ctp));
113 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 163 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
114 smk_ad_setfield_u_tsk(&ad, ctp); 164 smk_ad_setfield_u_tsk(&ad, ctp);
115 165
116 /* we won't log here, because rc can be overriden */ 166 rc = smk_curacc(tsp, MAY_READWRITE, &ad);
117 rc = smk_access(sp, tsp, MAY_READWRITE, NULL);
118 if (rc != 0 && capable(CAP_MAC_OVERRIDE))
119 rc = 0;
120
121 smack_log(sp, tsp, MAY_READWRITE, rc, &ad);
122 return rc; 167 return rc;
123} 168}
124 169
@@ -134,23 +179,17 @@ static int smack_ptrace_traceme(struct task_struct *ptp)
134{ 179{
135 int rc; 180 int rc;
136 struct smk_audit_info ad; 181 struct smk_audit_info ad;
137 char *sp, *tsp; 182 char *tsp;
138 183
139 rc = cap_ptrace_traceme(ptp); 184 rc = cap_ptrace_traceme(ptp);
140 if (rc != 0) 185 if (rc != 0)
141 return rc; 186 return rc;
142 187
188 tsp = smk_of_task(task_security(ptp));
143 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 189 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
144 smk_ad_setfield_u_tsk(&ad, ptp); 190 smk_ad_setfield_u_tsk(&ad, ptp);
145 191
146 sp = smk_of_current(); 192 rc = smk_curacc(tsp, MAY_READWRITE, &ad);
147 tsp = smk_of_task(task_security(ptp));
148 /* we won't log here, because rc can be overriden */
149 rc = smk_access(tsp, sp, MAY_READWRITE, NULL);
150 if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE))
151 rc = 0;
152
153 smack_log(tsp, sp, MAY_READWRITE, rc, &ad);
154 return rc; 193 return rc;
155} 194}
156 195
@@ -463,6 +502,7 @@ static void smack_inode_free_security(struct inode *inode)
463 * smack_inode_init_security - copy out the smack from an inode 502 * smack_inode_init_security - copy out the smack from an inode
464 * @inode: the inode 503 * @inode: the inode
465 * @dir: unused 504 * @dir: unused
505 * @qstr: unused
466 * @name: where to put the attribute name 506 * @name: where to put the attribute name
467 * @value: where to put the attribute value 507 * @value: where to put the attribute value
468 * @len: where to put the length of the attribute 508 * @len: where to put the length of the attribute
@@ -470,11 +510,12 @@ static void smack_inode_free_security(struct inode *inode)
470 * Returns 0 if it all works out, -ENOMEM if there's no memory 510 * Returns 0 if it all works out, -ENOMEM if there's no memory
471 */ 511 */
472static int smack_inode_init_security(struct inode *inode, struct inode *dir, 512static int smack_inode_init_security(struct inode *inode, struct inode *dir,
473 char **name, void **value, size_t *len) 513 const struct qstr *qstr, char **name,
514 void **value, size_t *len)
474{ 515{
475 char *isp = smk_of_inode(inode); 516 char *isp = smk_of_inode(inode);
476 char *dsp = smk_of_inode(dir); 517 char *dsp = smk_of_inode(dir);
477 u32 may; 518 int may;
478 519
479 if (name) { 520 if (name) {
480 *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL); 521 *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL);
@@ -483,14 +524,17 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
483 } 524 }
484 525
485 if (value) { 526 if (value) {
486 may = smk_access_entry(smk_of_current(), dsp); 527 rcu_read_lock();
528 may = smk_access_entry(smk_of_current(), dsp, &smack_rule_list);
529 rcu_read_unlock();
487 530
488 /* 531 /*
489 * If the access rule allows transmutation and 532 * If the access rule allows transmutation and
490 * the directory requests transmutation then 533 * the directory requests transmutation then
491 * by all means transmute. 534 * by all means transmute.
492 */ 535 */
493 if (((may & MAY_TRANSMUTE) != 0) && smk_inode_transmutable(dir)) 536 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
537 smk_inode_transmutable(dir))
494 isp = dsp; 538 isp = dsp;
495 539
496 *value = kstrdup(isp, GFP_KERNEL); 540 *value = kstrdup(isp, GFP_KERNEL);
@@ -716,7 +760,8 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
716 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 760 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
717 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 761 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
718 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 762 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
719 strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 763 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
764 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
720 if (!capable(CAP_MAC_ADMIN)) 765 if (!capable(CAP_MAC_ADMIN))
721 rc = -EPERM; 766 rc = -EPERM;
722 /* 767 /*
@@ -773,6 +818,12 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
773 isp->smk_task = nsp; 818 isp->smk_task = nsp;
774 else 819 else
775 isp->smk_task = smack_known_invalid.smk_known; 820 isp->smk_task = smack_known_invalid.smk_known;
821 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
822 nsp = smk_import(value, size);
823 if (nsp != NULL)
824 isp->smk_mmap = nsp;
825 else
826 isp->smk_mmap = smack_known_invalid.smk_known;
776 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 827 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
777 isp->smk_flags |= SMK_INODE_TRANSMUTE; 828 isp->smk_flags |= SMK_INODE_TRANSMUTE;
778 829
@@ -815,7 +866,8 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
815 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 866 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
816 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 867 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
817 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 868 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
818 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 869 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
870 strcmp(name, XATTR_NAME_SMACKMMAP)) {
819 if (!capable(CAP_MAC_ADMIN)) 871 if (!capable(CAP_MAC_ADMIN))
820 rc = -EPERM; 872 rc = -EPERM;
821 } else 873 } else
@@ -829,6 +881,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
829 if (rc == 0) { 881 if (rc == 0) {
830 isp = dentry->d_inode->i_security; 882 isp = dentry->d_inode->i_security;
831 isp->smk_task = NULL; 883 isp->smk_task = NULL;
884 isp->smk_mmap = NULL;
832 } 885 }
833 886
834 return rc; 887 return rc;
@@ -1060,6 +1113,126 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
1060} 1113}
1061 1114
1062/** 1115/**
1116 * smack_file_mmap :
1117 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1118 * if mapping anonymous memory.
1119 * @file contains the file structure for file to map (may be NULL).
1120 * @reqprot contains the protection requested by the application.
1121 * @prot contains the protection that will be applied by the kernel.
1122 * @flags contains the operational flags.
1123 * Return 0 if permission is granted.
1124 */
1125static int smack_file_mmap(struct file *file,
1126 unsigned long reqprot, unsigned long prot,
1127 unsigned long flags, unsigned long addr,
1128 unsigned long addr_only)
1129{
1130 struct smack_rule *srp;
1131 struct task_smack *tsp;
1132 char *sp;
1133 char *msmack;
1134 char *osmack;
1135 struct inode_smack *isp;
1136 struct dentry *dp;
1137 int may;
1138 int mmay;
1139 int tmay;
1140 int rc;
1141
1142 /* do DAC check on address space usage */
1143 rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
1144 if (rc || addr_only)
1145 return rc;
1146
1147 if (file == NULL || file->f_dentry == NULL)
1148 return 0;
1149
1150 dp = file->f_dentry;
1151
1152 if (dp->d_inode == NULL)
1153 return 0;
1154
1155 isp = dp->d_inode->i_security;
1156 if (isp->smk_mmap == NULL)
1157 return 0;
1158 msmack = isp->smk_mmap;
1159
1160 tsp = current_security();
1161 sp = smk_of_current();
1162 rc = 0;
1163
1164 rcu_read_lock();
1165 /*
1166 * For each Smack rule associated with the subject
1167 * label verify that the SMACK64MMAP also has access
1168 * to that rule's object label.
1169 *
1170 * Because neither of the labels comes
1171 * from the networking code it is sufficient
1172 * to compare pointers.
1173 */
1174 list_for_each_entry_rcu(srp, &smack_rule_list, list) {
1175 if (srp->smk_subject != sp)
1176 continue;
1177
1178 osmack = srp->smk_object;
1179 /*
1180 * Matching labels always allows access.
1181 */
1182 if (msmack == osmack)
1183 continue;
1184 /*
1185 * If there is a matching local rule take
1186 * that into account as well.
1187 */
1188 may = smk_access_entry(srp->smk_subject, osmack,
1189 &tsp->smk_rules);
1190 if (may == -ENOENT)
1191 may = srp->smk_access;
1192 else
1193 may &= srp->smk_access;
1194 /*
1195 * If may is zero the SMACK64MMAP subject can't
1196 * possibly have less access.
1197 */
1198 if (may == 0)
1199 continue;
1200
1201 /*
1202 * Fetch the global list entry.
1203 * If there isn't one a SMACK64MMAP subject
1204 * can't have as much access as current.
1205 */
1206 mmay = smk_access_entry(msmack, osmack, &smack_rule_list);
1207 if (mmay == -ENOENT) {
1208 rc = -EACCES;
1209 break;
1210 }
1211 /*
1212 * If there is a local entry it modifies the
1213 * potential access, too.
1214 */
1215 tmay = smk_access_entry(msmack, osmack, &tsp->smk_rules);
1216 if (tmay != -ENOENT)
1217 mmay &= tmay;
1218
1219 /*
1220 * If there is any access available to current that is
1221 * not available to a SMACK64MMAP subject
1222 * deny access.
1223 */
1224 if ((may | mmay) != mmay) {
1225 rc = -EACCES;
1226 break;
1227 }
1228 }
1229
1230 rcu_read_unlock();
1231
1232 return rc;
1233}
1234
1235/**
1063 * smack_file_set_fowner - set the file security blob value 1236 * smack_file_set_fowner - set the file security blob value
1064 * @file: object in question 1237 * @file: object in question
1065 * 1238 *
@@ -1095,6 +1268,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
1095 * struct fown_struct is never outside the context of a struct file 1268 * struct fown_struct is never outside the context of a struct file
1096 */ 1269 */
1097 file = container_of(fown, struct file, f_owner); 1270 file = container_of(fown, struct file, f_owner);
1271
1098 /* we don't log here as rc can be overriden */ 1272 /* we don't log here as rc can be overriden */
1099 rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL); 1273 rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);
1100 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1274 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
@@ -1145,9 +1319,14 @@ static int smack_file_receive(struct file *file)
1145 */ 1319 */
1146static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1320static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1147{ 1321{
1148 cred->security = kzalloc(sizeof(struct task_smack), gfp); 1322 struct task_smack *tsp;
1149 if (cred->security == NULL) 1323
1324 tsp = new_task_smack(NULL, NULL, gfp);
1325 if (tsp == NULL)
1150 return -ENOMEM; 1326 return -ENOMEM;
1327
1328 cred->security = tsp;
1329
1151 return 0; 1330 return 0;
1152} 1331}
1153 1332
@@ -1156,13 +1335,24 @@ static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1156 * smack_cred_free - "free" task-level security credentials 1335 * smack_cred_free - "free" task-level security credentials
1157 * @cred: the credentials in question 1336 * @cred: the credentials in question
1158 * 1337 *
1159 * Smack isn't using copies of blobs. Everyone
1160 * points to an immutable list. The blobs never go away.
1161 * There is no leak here.
1162 */ 1338 */
1163static void smack_cred_free(struct cred *cred) 1339static void smack_cred_free(struct cred *cred)
1164{ 1340{
1165 kfree(cred->security); 1341 struct task_smack *tsp = cred->security;
1342 struct smack_rule *rp;
1343 struct list_head *l;
1344 struct list_head *n;
1345
1346 if (tsp == NULL)
1347 return;
1348 cred->security = NULL;
1349
1350 list_for_each_safe(l, n, &tsp->smk_rules) {
1351 rp = list_entry(l, struct smack_rule, list);
1352 list_del(&rp->list);
1353 kfree(rp);
1354 }
1355 kfree(tsp);
1166} 1356}
1167 1357
1168/** 1358/**
@@ -1178,13 +1368,16 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old,
1178{ 1368{
1179 struct task_smack *old_tsp = old->security; 1369 struct task_smack *old_tsp = old->security;
1180 struct task_smack *new_tsp; 1370 struct task_smack *new_tsp;
1371 int rc;
1181 1372
1182 new_tsp = kzalloc(sizeof(struct task_smack), gfp); 1373 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1183 if (new_tsp == NULL) 1374 if (new_tsp == NULL)
1184 return -ENOMEM; 1375 return -ENOMEM;
1185 1376
1186 new_tsp->smk_task = old_tsp->smk_task; 1377 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1187 new_tsp->smk_forked = old_tsp->smk_task; 1378 if (rc != 0)
1379 return rc;
1380
1188 new->security = new_tsp; 1381 new->security = new_tsp;
1189 return 0; 1382 return 0;
1190} 1383}
@@ -1203,6 +1396,11 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old)
1203 1396
1204 new_tsp->smk_task = old_tsp->smk_task; 1397 new_tsp->smk_task = old_tsp->smk_task;
1205 new_tsp->smk_forked = old_tsp->smk_task; 1398 new_tsp->smk_forked = old_tsp->smk_task;
1399 mutex_init(&new_tsp->smk_rules_lock);
1400 INIT_LIST_HEAD(&new_tsp->smk_rules);
1401
1402
1403 /* cbs copy rule list */
1206} 1404}
1207 1405
1208/** 1406/**
@@ -2419,6 +2617,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2419 } 2617 }
2420 } 2618 }
2421 isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 2619 isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
2620 isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
2422 2621
2423 dput(dp); 2622 dput(dp);
2424 break; 2623 break;
@@ -2478,6 +2677,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value)
2478static int smack_setprocattr(struct task_struct *p, char *name, 2677static int smack_setprocattr(struct task_struct *p, char *name,
2479 void *value, size_t size) 2678 void *value, size_t size)
2480{ 2679{
2680 int rc;
2481 struct task_smack *tsp; 2681 struct task_smack *tsp;
2482 struct task_smack *oldtsp; 2682 struct task_smack *oldtsp;
2483 struct cred *new; 2683 struct cred *new;
@@ -2513,13 +2713,16 @@ static int smack_setprocattr(struct task_struct *p, char *name,
2513 new = prepare_creds(); 2713 new = prepare_creds();
2514 if (new == NULL) 2714 if (new == NULL)
2515 return -ENOMEM; 2715 return -ENOMEM;
2516 tsp = kzalloc(sizeof(struct task_smack), GFP_KERNEL); 2716
2717 tsp = new_task_smack(newsmack, oldtsp->smk_forked, GFP_KERNEL);
2517 if (tsp == NULL) { 2718 if (tsp == NULL) {
2518 kfree(new); 2719 kfree(new);
2519 return -ENOMEM; 2720 return -ENOMEM;
2520 } 2721 }
2521 tsp->smk_task = newsmack; 2722 rc = smk_copy_rules(&tsp->smk_rules, &oldtsp->smk_rules, GFP_KERNEL);
2522 tsp->smk_forked = oldtsp->smk_forked; 2723 if (rc != 0)
2724 return rc;
2725
2523 new->security = tsp; 2726 new->security = tsp;
2524 commit_creds(new); 2727 commit_creds(new);
2525 return size; 2728 return size;
@@ -3221,6 +3424,7 @@ struct security_operations smack_ops = {
3221 .file_ioctl = smack_file_ioctl, 3424 .file_ioctl = smack_file_ioctl,
3222 .file_lock = smack_file_lock, 3425 .file_lock = smack_file_lock,
3223 .file_fcntl = smack_file_fcntl, 3426 .file_fcntl = smack_file_fcntl,
3427 .file_mmap = smack_file_mmap,
3224 .file_set_fowner = smack_file_set_fowner, 3428 .file_set_fowner = smack_file_set_fowner,
3225 .file_send_sigiotask = smack_file_send_sigiotask, 3429 .file_send_sigiotask = smack_file_send_sigiotask,
3226 .file_receive = smack_file_receive, 3430 .file_receive = smack_file_receive,
@@ -3334,23 +3538,20 @@ static __init int smack_init(void)
3334 struct cred *cred; 3538 struct cred *cred;
3335 struct task_smack *tsp; 3539 struct task_smack *tsp;
3336 3540
3337 tsp = kzalloc(sizeof(struct task_smack), GFP_KERNEL); 3541 if (!security_module_enable(&smack_ops))
3542 return 0;
3543
3544 tsp = new_task_smack(smack_known_floor.smk_known,
3545 smack_known_floor.smk_known, GFP_KERNEL);
3338 if (tsp == NULL) 3546 if (tsp == NULL)
3339 return -ENOMEM; 3547 return -ENOMEM;
3340 3548
3341 if (!security_module_enable(&smack_ops)) {
3342 kfree(tsp);
3343 return 0;
3344 }
3345
3346 printk(KERN_INFO "Smack: Initializing.\n"); 3549 printk(KERN_INFO "Smack: Initializing.\n");
3347 3550
3348 /* 3551 /*
3349 * Set the security state for the initial task. 3552 * Set the security state for the initial task.
3350 */ 3553 */
3351 cred = (struct cred *) current->cred; 3554 cred = (struct cred *) current->cred;
3352 tsp->smk_forked = smack_known_floor.smk_known;
3353 tsp->smk_task = smack_known_floor.smk_known;
3354 cred->security = tsp; 3555 cred->security = tsp;
3355 3556
3356 /* initialize the smack_know_list */ 3557 /* initialize the smack_know_list */
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 362d5eda948b..90d1bbaaa6f3 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -43,6 +43,7 @@ enum smk_inos {
43 SMK_NETLBLADDR = 8, /* single label hosts */ 43 SMK_NETLBLADDR = 8, /* single label hosts */
44 SMK_ONLYCAP = 9, /* the only "capable" label */ 44 SMK_ONLYCAP = 9, /* the only "capable" label */
45 SMK_LOGGING = 10, /* logging */ 45 SMK_LOGGING = 10, /* logging */
46 SMK_LOAD_SELF = 11, /* task specific rules */
46}; 47};
47 48
48/* 49/*
@@ -135,104 +136,30 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap)
135#define SMK_NETLBLADDRMIN 9 136#define SMK_NETLBLADDRMIN 9
136#define SMK_NETLBLADDRMAX 42 137#define SMK_NETLBLADDRMAX 42
137 138
138/*
139 * Seq_file read operations for /smack/load
140 */
141
142static void *load_seq_start(struct seq_file *s, loff_t *pos)
143{
144 if (*pos == SEQ_READ_FINISHED)
145 return NULL;
146 if (list_empty(&smack_rule_list))
147 return NULL;
148 return smack_rule_list.next;
149}
150
151static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos)
152{
153 struct list_head *list = v;
154
155 if (list_is_last(list, &smack_rule_list)) {
156 *pos = SEQ_READ_FINISHED;
157 return NULL;
158 }
159 return list->next;
160}
161
162static int load_seq_show(struct seq_file *s, void *v)
163{
164 struct list_head *list = v;
165 struct smack_rule *srp =
166 list_entry(list, struct smack_rule, list);
167
168 seq_printf(s, "%s %s", (char *)srp->smk_subject,
169 (char *)srp->smk_object);
170
171 seq_putc(s, ' ');
172
173 if (srp->smk_access & MAY_READ)
174 seq_putc(s, 'r');
175 if (srp->smk_access & MAY_WRITE)
176 seq_putc(s, 'w');
177 if (srp->smk_access & MAY_EXEC)
178 seq_putc(s, 'x');
179 if (srp->smk_access & MAY_APPEND)
180 seq_putc(s, 'a');
181 if (srp->smk_access & MAY_TRANSMUTE)
182 seq_putc(s, 't');
183 if (srp->smk_access == 0)
184 seq_putc(s, '-');
185
186 seq_putc(s, '\n');
187
188 return 0;
189}
190
191static void load_seq_stop(struct seq_file *s, void *v)
192{
193 /* No-op */
194}
195
196static const struct seq_operations load_seq_ops = {
197 .start = load_seq_start,
198 .next = load_seq_next,
199 .show = load_seq_show,
200 .stop = load_seq_stop,
201};
202
203/**
204 * smk_open_load - open() for /smack/load
205 * @inode: inode structure representing file
206 * @file: "load" file pointer
207 *
208 * For reading, use load_seq_* seq_file reading operations.
209 */
210static int smk_open_load(struct inode *inode, struct file *file)
211{
212 return seq_open(file, &load_seq_ops);
213}
214
215/** 139/**
216 * smk_set_access - add a rule to the rule list 140 * smk_set_access - add a rule to the rule list
217 * @srp: the new rule to add 141 * @srp: the new rule to add
142 * @rule_list: the list of rules
143 * @rule_lock: the rule list lock
218 * 144 *
219 * Looks through the current subject/object/access list for 145 * Looks through the current subject/object/access list for
220 * the subject/object pair and replaces the access that was 146 * the subject/object pair and replaces the access that was
221 * there. If the pair isn't found add it with the specified 147 * there. If the pair isn't found add it with the specified
222 * access. 148 * access.
223 * 149 *
150 * Returns 1 if a rule was found to exist already, 0 if it is new
224 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 151 * Returns 0 if nothing goes wrong or -ENOMEM if it fails
225 * during the allocation of the new pair to add. 152 * during the allocation of the new pair to add.
226 */ 153 */
227static int smk_set_access(struct smack_rule *srp) 154static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list,
155 struct mutex *rule_lock)
228{ 156{
229 struct smack_rule *sp; 157 struct smack_rule *sp;
230 int ret = 0; 158 int found = 0;
231 int found;
232 mutex_lock(&smack_list_lock);
233 159
234 found = 0; 160 mutex_lock(rule_lock);
235 list_for_each_entry_rcu(sp, &smack_rule_list, list) { 161
162 list_for_each_entry_rcu(sp, rule_list, list) {
236 if (sp->smk_subject == srp->smk_subject && 163 if (sp->smk_subject == srp->smk_subject &&
237 sp->smk_object == srp->smk_object) { 164 sp->smk_object == srp->smk_object) {
238 found = 1; 165 found = 1;
@@ -241,19 +168,21 @@ static int smk_set_access(struct smack_rule *srp)
241 } 168 }
242 } 169 }
243 if (found == 0) 170 if (found == 0)
244 list_add_rcu(&srp->list, &smack_rule_list); 171 list_add_rcu(&srp->list, rule_list);
245 172
246 mutex_unlock(&smack_list_lock); 173 mutex_unlock(rule_lock);
247 174
248 return ret; 175 return found;
249} 176}
250 177
251/** 178/**
252 * smk_write_load - write() for /smack/load 179 * smk_write_load_list - write() for any /smack/load
253 * @file: file pointer, not actually used 180 * @file: file pointer, not actually used
254 * @buf: where to get the data from 181 * @buf: where to get the data from
255 * @count: bytes sent 182 * @count: bytes sent
256 * @ppos: where to start - must be 0 183 * @ppos: where to start - must be 0
184 * @rule_list: the list of rules to write to
185 * @rule_lock: lock for the rule list
257 * 186 *
258 * Get one smack access rule from above. 187 * Get one smack access rule from above.
259 * The format is exactly: 188 * The format is exactly:
@@ -263,21 +192,19 @@ static int smk_set_access(struct smack_rule *srp)
263 * 192 *
264 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes. 193 * writes must be SMK_LABELLEN+SMK_LABELLEN+SMK_ACCESSLEN bytes.
265 */ 194 */
266static ssize_t smk_write_load(struct file *file, const char __user *buf, 195static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
267 size_t count, loff_t *ppos) 196 size_t count, loff_t *ppos,
197 struct list_head *rule_list,
198 struct mutex *rule_lock)
268{ 199{
269 struct smack_rule *rule; 200 struct smack_rule *rule;
270 char *data; 201 char *data;
271 int rc = -EINVAL; 202 int rc = -EINVAL;
272 203
273 /* 204 /*
274 * Must have privilege.
275 * No partial writes. 205 * No partial writes.
276 * Enough data must be present. 206 * Enough data must be present.
277 */ 207 */
278 if (!capable(CAP_MAC_ADMIN))
279 return -EPERM;
280
281 if (*ppos != 0) 208 if (*ppos != 0)
282 return -EINVAL; 209 return -EINVAL;
283 /* 210 /*
@@ -372,11 +299,13 @@ static ssize_t smk_write_load(struct file *file, const char __user *buf,
372 goto out_free_rule; 299 goto out_free_rule;
373 } 300 }
374 301
375 rc = smk_set_access(rule); 302 rc = count;
376 303 /*
377 if (!rc) 304 * smk_set_access returns true if there was already a rule
378 rc = count; 305 * for the subject/object pair, and false if it was new.
379 goto out; 306 */
307 if (!smk_set_access(rule, rule_list, rule_lock))
308 goto out;
380 309
381out_free_rule: 310out_free_rule:
382 kfree(rule); 311 kfree(rule);
@@ -385,6 +314,108 @@ out:
385 return rc; 314 return rc;
386} 315}
387 316
317
318/*
319 * Seq_file read operations for /smack/load
320 */
321
322static void *load_seq_start(struct seq_file *s, loff_t *pos)
323{
324 if (*pos == SEQ_READ_FINISHED)
325 return NULL;
326 if (list_empty(&smack_rule_list))
327 return NULL;
328 return smack_rule_list.next;
329}
330
331static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos)
332{
333 struct list_head *list = v;
334
335 if (list_is_last(list, &smack_rule_list)) {
336 *pos = SEQ_READ_FINISHED;
337 return NULL;
338 }
339 return list->next;
340}
341
342static int load_seq_show(struct seq_file *s, void *v)
343{
344 struct list_head *list = v;
345 struct smack_rule *srp =
346 list_entry(list, struct smack_rule, list);
347
348 seq_printf(s, "%s %s", (char *)srp->smk_subject,
349 (char *)srp->smk_object);
350
351 seq_putc(s, ' ');
352
353 if (srp->smk_access & MAY_READ)
354 seq_putc(s, 'r');
355 if (srp->smk_access & MAY_WRITE)
356 seq_putc(s, 'w');
357 if (srp->smk_access & MAY_EXEC)
358 seq_putc(s, 'x');
359 if (srp->smk_access & MAY_APPEND)
360 seq_putc(s, 'a');
361 if (srp->smk_access & MAY_TRANSMUTE)
362 seq_putc(s, 't');
363 if (srp->smk_access == 0)
364 seq_putc(s, '-');
365
366 seq_putc(s, '\n');
367
368 return 0;
369}
370
371static void load_seq_stop(struct seq_file *s, void *v)
372{
373 /* No-op */
374}
375
376static const struct seq_operations load_seq_ops = {
377 .start = load_seq_start,
378 .next = load_seq_next,
379 .show = load_seq_show,
380 .stop = load_seq_stop,
381};
382
383/**
384 * smk_open_load - open() for /smack/load
385 * @inode: inode structure representing file
386 * @file: "load" file pointer
387 *
388 * For reading, use load_seq_* seq_file reading operations.
389 */
390static int smk_open_load(struct inode *inode, struct file *file)
391{
392 return seq_open(file, &load_seq_ops);
393}
394
395/**
396 * smk_write_load - write() for /smack/load
397 * @file: file pointer, not actually used
398 * @buf: where to get the data from
399 * @count: bytes sent
400 * @ppos: where to start - must be 0
401 *
402 */
403static ssize_t smk_write_load(struct file *file, const char __user *buf,
404 size_t count, loff_t *ppos)
405{
406
407 /*
408 * Must have privilege.
409 * No partial writes.
410 * Enough data must be present.
411 */
412 if (!capable(CAP_MAC_ADMIN))
413 return -EPERM;
414
415 return smk_write_load_list(file, buf, count, ppos, &smack_rule_list,
416 &smack_list_lock);
417}
418
388static const struct file_operations smk_load_ops = { 419static const struct file_operations smk_load_ops = {
389 .open = smk_open_load, 420 .open = smk_open_load,
390 .read = seq_read, 421 .read = seq_read,
@@ -1288,6 +1319,112 @@ static const struct file_operations smk_logging_ops = {
1288 .write = smk_write_logging, 1319 .write = smk_write_logging,
1289 .llseek = default_llseek, 1320 .llseek = default_llseek,
1290}; 1321};
1322
1323/*
1324 * Seq_file read operations for /smack/load-self
1325 */
1326
1327static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
1328{
1329 struct task_smack *tsp = current_security();
1330
1331 if (*pos == SEQ_READ_FINISHED)
1332 return NULL;
1333 if (list_empty(&tsp->smk_rules))
1334 return NULL;
1335 return tsp->smk_rules.next;
1336}
1337
1338static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
1339{
1340 struct task_smack *tsp = current_security();
1341 struct list_head *list = v;
1342
1343 if (list_is_last(list, &tsp->smk_rules)) {
1344 *pos = SEQ_READ_FINISHED;
1345 return NULL;
1346 }
1347 return list->next;
1348}
1349
1350static int load_self_seq_show(struct seq_file *s, void *v)
1351{
1352 struct list_head *list = v;
1353 struct smack_rule *srp =
1354 list_entry(list, struct smack_rule, list);
1355
1356 seq_printf(s, "%s %s", (char *)srp->smk_subject,
1357 (char *)srp->smk_object);
1358
1359 seq_putc(s, ' ');
1360
1361 if (srp->smk_access & MAY_READ)
1362 seq_putc(s, 'r');
1363 if (srp->smk_access & MAY_WRITE)
1364 seq_putc(s, 'w');
1365 if (srp->smk_access & MAY_EXEC)
1366 seq_putc(s, 'x');
1367 if (srp->smk_access & MAY_APPEND)
1368 seq_putc(s, 'a');
1369 if (srp->smk_access & MAY_TRANSMUTE)
1370 seq_putc(s, 't');
1371 if (srp->smk_access == 0)
1372 seq_putc(s, '-');
1373
1374 seq_putc(s, '\n');
1375
1376 return 0;
1377}
1378
1379static void load_self_seq_stop(struct seq_file *s, void *v)
1380{
1381 /* No-op */
1382}
1383
1384static const struct seq_operations load_self_seq_ops = {
1385 .start = load_self_seq_start,
1386 .next = load_self_seq_next,
1387 .show = load_self_seq_show,
1388 .stop = load_self_seq_stop,
1389};
1390
1391
1392/**
1393 * smk_open_load_self - open() for /smack/load-self
1394 * @inode: inode structure representing file
1395 * @file: "load" file pointer
1396 *
1397 * For reading, use load_seq_* seq_file reading operations.
1398 */
1399static int smk_open_load_self(struct inode *inode, struct file *file)
1400{
1401 return seq_open(file, &load_self_seq_ops);
1402}
1403
1404/**
1405 * smk_write_load_self - write() for /smack/load-self
1406 * @file: file pointer, not actually used
1407 * @buf: where to get the data from
1408 * @count: bytes sent
1409 * @ppos: where to start - must be 0
1410 *
1411 */
1412static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
1413 size_t count, loff_t *ppos)
1414{
1415 struct task_smack *tsp = current_security();
1416
1417 return smk_write_load_list(file, buf, count, ppos, &tsp->smk_rules,
1418 &tsp->smk_rules_lock);
1419}
1420
1421static const struct file_operations smk_load_self_ops = {
1422 .open = smk_open_load_self,
1423 .read = seq_read,
1424 .llseek = seq_lseek,
1425 .write = smk_write_load_self,
1426 .release = seq_release,
1427};
1291/** 1428/**
1292 * smk_fill_super - fill the /smackfs superblock 1429 * smk_fill_super - fill the /smackfs superblock
1293 * @sb: the empty superblock 1430 * @sb: the empty superblock
@@ -1304,23 +1441,26 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
1304 struct inode *root_inode; 1441 struct inode *root_inode;
1305 1442
1306 static struct tree_descr smack_files[] = { 1443 static struct tree_descr smack_files[] = {
1307 [SMK_LOAD] = 1444 [SMK_LOAD] = {
1308 {"load", &smk_load_ops, S_IRUGO|S_IWUSR}, 1445 "load", &smk_load_ops, S_IRUGO|S_IWUSR},
1309 [SMK_CIPSO] = 1446 [SMK_CIPSO] = {
1310 {"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, 1447 "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
1311 [SMK_DOI] = 1448 [SMK_DOI] = {
1312 {"doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, 1449 "doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
1313 [SMK_DIRECT] = 1450 [SMK_DIRECT] = {
1314 {"direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, 1451 "direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
1315 [SMK_AMBIENT] = 1452 [SMK_AMBIENT] = {
1316 {"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, 1453 "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
1317 [SMK_NETLBLADDR] = 1454 [SMK_NETLBLADDR] = {
1318 {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, 1455 "netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR},
1319 [SMK_ONLYCAP] = 1456 [SMK_ONLYCAP] = {
1320 {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, 1457 "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
1321 [SMK_LOGGING] = 1458 [SMK_LOGGING] = {
1322 {"logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, 1459 "logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
1323 /* last one */ {""} 1460 [SMK_LOAD_SELF] = {
1461 "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
1462 /* last one */
1463 {""}
1324 }; 1464 };
1325 1465
1326 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); 1466 rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 9d32f182301e..cb09f1fce910 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -927,7 +927,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
927 struct path *path, const int flag) 927 struct path *path, const int flag)
928{ 928{
929 const u8 acc_mode = ACC_MODE(flag); 929 const u8 acc_mode = ACC_MODE(flag);
930 int error = -ENOMEM; 930 int error = 0;
931 struct tomoyo_path_info buf; 931 struct tomoyo_path_info buf;
932 struct tomoyo_request_info r; 932 struct tomoyo_request_info r;
933 int idx; 933 int idx;
@@ -938,9 +938,6 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
938 buf.name = NULL; 938 buf.name = NULL;
939 r.mode = TOMOYO_CONFIG_DISABLED; 939 r.mode = TOMOYO_CONFIG_DISABLED;
940 idx = tomoyo_read_lock(); 940 idx = tomoyo_read_lock();
941 if (!tomoyo_get_realpath(&buf, path))
942 goto out;
943 error = 0;
944 /* 941 /*
945 * If the filename is specified by "deny_rewrite" keyword, 942 * If the filename is specified by "deny_rewrite" keyword,
946 * we need to check "allow_rewrite" permission when the filename is not 943 * we need to check "allow_rewrite" permission when the filename is not
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-25 05:02:24 -0500