aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2011-09-19 15:41:42 -0400
committerCasey Schaufler <cschaufler@cschaufler-intel.(none)>2011-10-12 17:24:28 -0400
commit531f1d453ed8a8acee4015bd64e7bcc2eab939e4 (patch)
tree0dd06c1ecc894444c42350c76c5712899d2ddb78 /security
parent272cd7a8c67dd40a31ecff76a503bbb84707f757 (diff)
Smack: Repair processing of fcntl
Al Viro pointed out that the processing of fcntl done by Smack appeared poorly designed. He was right. There are three things that required change. Most obviously, the list of commands that really imply writing is limited to those involving file locking and signal handling. The initialization if the file security blob was incomplete, requiring use of a heretofore unused LSM hook. Finally, the audit information coming from a helper masked the identity of the LSM hook. This patch corrects all three of these defects. This is targeted for the smack-next tree pending comments. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_lsm.c67
1 files changed, 42 insertions, 25 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index fb915163f967..2e71c3f445fc 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1091,36 +1091,31 @@ static int smack_file_lock(struct file *file, unsigned int cmd)
1091 * @cmd: what action to check 1091 * @cmd: what action to check
1092 * @arg: unused 1092 * @arg: unused
1093 * 1093 *
1094 * Generally these operations are harmless.
1095 * File locking operations present an obvious mechanism
1096 * for passing information, so they require write access.
1097 *
1094 * Returns 0 if current has access, error code otherwise 1098 * Returns 0 if current has access, error code otherwise
1095 */ 1099 */
1096static int smack_file_fcntl(struct file *file, unsigned int cmd, 1100static int smack_file_fcntl(struct file *file, unsigned int cmd,
1097 unsigned long arg) 1101 unsigned long arg)
1098{ 1102{
1099 struct smk_audit_info ad; 1103 struct smk_audit_info ad;
1100 int rc; 1104 int rc = 0;
1101 1105
1102 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1103 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1104 1106
1105 switch (cmd) { 1107 switch (cmd) {
1106 case F_DUPFD:
1107 case F_GETFD:
1108 case F_GETFL:
1109 case F_GETLK: 1108 case F_GETLK:
1110 case F_GETOWN:
1111 case F_GETSIG:
1112 rc = smk_curacc(file->f_security, MAY_READ, &ad);
1113 break;
1114 case F_SETFD:
1115 case F_SETFL:
1116 case F_SETLK: 1109 case F_SETLK:
1117 case F_SETLKW: 1110 case F_SETLKW:
1118 case F_SETOWN: 1111 case F_SETOWN:
1119 case F_SETSIG: 1112 case F_SETSIG:
1113 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1114 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1120 rc = smk_curacc(file->f_security, MAY_WRITE, &ad); 1115 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1121 break; 1116 break;
1122 default: 1117 default:
1123 rc = smk_curacc(file->f_security, MAY_READWRITE, &ad); 1118 break;
1124 } 1119 }
1125 1120
1126 return rc; 1121 return rc;
@@ -1314,6 +1309,24 @@ static int smack_file_receive(struct file *file)
1314 return smk_curacc(file->f_security, may, &ad); 1309 return smk_curacc(file->f_security, may, &ad);
1315} 1310}
1316 1311
1312/**
1313 * smack_dentry_open - Smack dentry open processing
1314 * @file: the object
1315 * @cred: unused
1316 *
1317 * Set the security blob in the file structure.
1318 *
1319 * Returns 0
1320 */
1321static int smack_dentry_open(struct file *file, const struct cred *cred)
1322{
1323 struct inode_smack *isp = file->f_path.dentry->d_inode->i_security;
1324
1325 file->f_security = isp->smk_inode;
1326
1327 return 0;
1328}
1329
1317/* 1330/*
1318 * Task hooks 1331 * Task hooks
1319 */ 1332 */
@@ -1454,15 +1467,17 @@ static int smack_kernel_create_files_as(struct cred *new,
1454/** 1467/**
1455 * smk_curacc_on_task - helper to log task related access 1468 * smk_curacc_on_task - helper to log task related access
1456 * @p: the task object 1469 * @p: the task object
1457 * @access : the access requested 1470 * @access: the access requested
1471 * @caller: name of the calling function for audit
1458 * 1472 *
1459 * Return 0 if access is permitted 1473 * Return 0 if access is permitted
1460 */ 1474 */
1461static int smk_curacc_on_task(struct task_struct *p, int access) 1475static int smk_curacc_on_task(struct task_struct *p, int access,
1476 const char *caller)
1462{ 1477{
1463 struct smk_audit_info ad; 1478 struct smk_audit_info ad;
1464 1479
1465 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1480 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1466 smk_ad_setfield_u_tsk(&ad, p); 1481 smk_ad_setfield_u_tsk(&ad, p);
1467 return smk_curacc(smk_of_task(task_security(p)), access, &ad); 1482 return smk_curacc(smk_of_task(task_security(p)), access, &ad);
1468} 1483}
@@ -1476,7 +1491,7 @@ static int smk_curacc_on_task(struct task_struct *p, int access)
1476 */ 1491 */
1477static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1492static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1478{ 1493{
1479 return smk_curacc_on_task(p, MAY_WRITE); 1494 return smk_curacc_on_task(p, MAY_WRITE, __func__);
1480} 1495}
1481 1496
1482/** 1497/**
@@ -1487,7 +1502,7 @@ static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1487 */ 1502 */
1488static int smack_task_getpgid(struct task_struct *p) 1503static int smack_task_getpgid(struct task_struct *p)
1489{ 1504{
1490 return smk_curacc_on_task(p, MAY_READ); 1505 return smk_curacc_on_task(p, MAY_READ, __func__);
1491} 1506}
1492 1507
1493/** 1508/**
@@ -1498,7 +1513,7 @@ static int smack_task_getpgid(struct task_struct *p)
1498 */ 1513 */
1499static int smack_task_getsid(struct task_struct *p) 1514static int smack_task_getsid(struct task_struct *p)
1500{ 1515{
1501 return smk_curacc_on_task(p, MAY_READ); 1516 return smk_curacc_on_task(p, MAY_READ, __func__);
1502} 1517}
1503 1518
1504/** 1519/**
@@ -1526,7 +1541,7 @@ static int smack_task_setnice(struct task_struct *p, int nice)
1526 1541
1527 rc = cap_task_setnice(p, nice); 1542 rc = cap_task_setnice(p, nice);
1528 if (rc == 0) 1543 if (rc == 0)
1529 rc = smk_curacc_on_task(p, MAY_WRITE); 1544 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1530 return rc; 1545 return rc;
1531} 1546}
1532 1547
@@ -1543,7 +1558,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio)
1543 1558
1544 rc = cap_task_setioprio(p, ioprio); 1559 rc = cap_task_setioprio(p, ioprio);
1545 if (rc == 0) 1560 if (rc == 0)
1546 rc = smk_curacc_on_task(p, MAY_WRITE); 1561 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1547 return rc; 1562 return rc;
1548} 1563}
1549 1564
@@ -1555,7 +1570,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio)
1555 */ 1570 */
1556static int smack_task_getioprio(struct task_struct *p) 1571static int smack_task_getioprio(struct task_struct *p)
1557{ 1572{
1558 return smk_curacc_on_task(p, MAY_READ); 1573 return smk_curacc_on_task(p, MAY_READ, __func__);
1559} 1574}
1560 1575
1561/** 1576/**
@@ -1572,7 +1587,7 @@ static int smack_task_setscheduler(struct task_struct *p)
1572 1587
1573 rc = cap_task_setscheduler(p); 1588 rc = cap_task_setscheduler(p);
1574 if (rc == 0) 1589 if (rc == 0)
1575 rc = smk_curacc_on_task(p, MAY_WRITE); 1590 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1576 return rc; 1591 return rc;
1577} 1592}
1578 1593
@@ -1584,7 +1599,7 @@ static int smack_task_setscheduler(struct task_struct *p)
1584 */ 1599 */
1585static int smack_task_getscheduler(struct task_struct *p) 1600static int smack_task_getscheduler(struct task_struct *p)
1586{ 1601{
1587 return smk_curacc_on_task(p, MAY_READ); 1602 return smk_curacc_on_task(p, MAY_READ, __func__);
1588} 1603}
1589 1604
1590/** 1605/**
@@ -1595,7 +1610,7 @@ static int smack_task_getscheduler(struct task_struct *p)
1595 */ 1610 */
1596static int smack_task_movememory(struct task_struct *p) 1611static int smack_task_movememory(struct task_struct *p)
1597{ 1612{
1598 return smk_curacc_on_task(p, MAY_WRITE); 1613 return smk_curacc_on_task(p, MAY_WRITE, __func__);
1599} 1614}
1600 1615
1601/** 1616/**
@@ -3468,6 +3483,8 @@ struct security_operations smack_ops = {
3468 .file_send_sigiotask = smack_file_send_sigiotask, 3483 .file_send_sigiotask = smack_file_send_sigiotask,
3469 .file_receive = smack_file_receive, 3484 .file_receive = smack_file_receive,
3470 3485
3486 .dentry_open = smack_dentry_open,
3487
3471 .cred_alloc_blank = smack_cred_alloc_blank, 3488 .cred_alloc_blank = smack_cred_alloc_blank,
3472 .cred_free = smack_cred_free, 3489 .cred_free = smack_cred_free,
3473 .cred_prepare = smack_cred_prepare, 3490 .cred_prepare = smack_cred_prepare,