aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2014-08-27 17:51:27 -0400
committerCasey Schaufler <casey@schaufler-ca.com>2014-08-28 16:11:56 -0400
commitd166c8024d620d654b12834fac354fb4203c6c22 (patch)
treed804064cb7fce9448071691ae5a6260dc35674db /security
parentd83d2c26461d661384676a4eed935d925b0fcc34 (diff)
Smack: Bring-up access mode
People keep asking me for permissive mode, and I keep saying "no". Permissive mode is wrong for more reasons than I can enumerate, but the compelling one is that it's once on, never off. Nonetheless, there is an argument to be made for running a process with lots of permissions, logging which are required, and then locking the process down. There wasn't a way to do that with Smack, but this provides it. The notion is that you start out by giving the process an appropriate Smack label, such as "ATBirds". You create rules with a wide range of access and the "b" mode. On Tizen it might be: ATBirds System rwxalb ATBirds User rwxalb ATBirds _ rwxalb User ATBirds wb System ATBirds wb Accesses that fail will generate audit records. Accesses that succeed because of rules marked with a "b" generate log messages identifying the rule, the program and as much object information as is convenient. When the system is properly configured and the programs brought in line with the labeling scheme the "b" mode can be removed from the rules. When the system is ready for production the facility can be configured out. This provides the developer the convenience of permissive mode without creating a system that looks like it is enforcing a policy while it is not. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
-rw-r--r--security/smack/Kconfig16
-rw-r--r--security/smack/smack.h5
-rw-r--r--security/smack/smack_access.c24
-rw-r--r--security/smack/smack_lsm.c265
-rw-r--r--security/smack/smackfs.c11
5 files changed, 294 insertions, 27 deletions
diff --git a/security/smack/Kconfig b/security/smack/Kconfig
index e69de9c642b7..b065f9789418 100644
--- a/security/smack/Kconfig
+++ b/security/smack/Kconfig
@@ -12,3 +12,19 @@ config SECURITY_SMACK
12 of other mandatory security schemes. 12 of other mandatory security schemes.
13 If you are unsure how to answer this question, answer N. 13 If you are unsure how to answer this question, answer N.
14 14
15config SECURITY_SMACK_BRINGUP
16 bool "Reporting on access granted by Smack rules"
17 depends on SECURITY_SMACK
18 default n
19 help
20 Enable the bring-up ("b") access mode in Smack rules.
21 When access is granted by a rule with the "b" mode a
22 message about the access requested is generated. The
23 intention is that a process can be granted a wide set
24 of access initially with the bringup mode set on the
25 rules. The developer can use the information to
26 identify which rules are necessary and what accesses
27 may be inappropriate. The developer can reduce the
28 access rule set once the behavior is well understood.
29 This is a superior mechanism to the oft abused
30 "permissive" mode of other systems.
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 020307ef0972..2d13d5fb17ed 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -191,6 +191,7 @@ struct smk_port_label {
191 */ 191 */
192#define MAY_TRANSMUTE 0x00001000 /* Controls directory labeling */ 192#define MAY_TRANSMUTE 0x00001000 /* Controls directory labeling */
193#define MAY_LOCK 0x00002000 /* Locks should be writes, but ... */ 193#define MAY_LOCK 0x00002000 /* Locks should be writes, but ... */
194#define MAY_BRINGUP 0x00004000 /* Report use of this rule */
194 195
195/* 196/*
196 * Just to make the common cases easier to deal with 197 * Just to make the common cases easier to deal with
@@ -200,9 +201,9 @@ struct smk_port_label {
200#define MAY_NOT 0 201#define MAY_NOT 0
201 202
202/* 203/*
203 * Number of access types used by Smack (rwxatl) 204 * Number of access types used by Smack (rwxatlb)
204 */ 205 */
205#define SMK_NUM_ACCESS_TYPE 6 206#define SMK_NUM_ACCESS_TYPE 7
206 207
207/* SMACK data */ 208/* SMACK data */
208struct smack_audit_data { 209struct smack_audit_data {
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index f97d0842e621..9f02cb0ac85e 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -178,16 +178,27 @@ int smk_access(struct smack_known *subject_known, char *object_label,
178 &subject_known->smk_rules); 178 &subject_known->smk_rules);
179 rcu_read_unlock(); 179 rcu_read_unlock();
180 180
181 if (may > 0 && (request & may) == request) 181 if (may <= 0 || (request & may) != request) {
182 rc = -EACCES;
182 goto out_audit; 183 goto out_audit;
184 }
185#ifdef CONFIG_SECURITY_SMACK_BRINGUP
186 /*
187 * Return a positive value if using bringup mode.
188 * This allows the hooks to identify checks that
189 * succeed because of "b" rules.
190 */
191 if (may & MAY_BRINGUP)
192 rc = MAY_BRINGUP;
193#endif
183 194
184 rc = -EACCES;
185out_audit: 195out_audit:
186#ifdef CONFIG_AUDIT 196#ifdef CONFIG_AUDIT
187 if (a) 197 if (a)
188 smack_log(subject_known->smk_known, object_label, request, 198 smack_log(subject_known->smk_known, object_label, request,
189 rc, a); 199 rc, a);
190#endif 200#endif
201
191 return rc; 202 return rc;
192} 203}
193 204
@@ -214,7 +225,7 @@ int smk_tskacc(struct task_smack *subject, char *obj_label,
214 * Check the global rule list 225 * Check the global rule list
215 */ 226 */
216 rc = smk_access(skp, obj_label, mode, NULL); 227 rc = smk_access(skp, obj_label, mode, NULL);
217 if (rc == 0) { 228 if (rc >= 0) {
218 /* 229 /*
219 * If there is an entry in the task's rule list 230 * If there is an entry in the task's rule list
220 * it can further restrict access. 231 * it can further restrict access.
@@ -328,6 +339,13 @@ void smack_log(char *subject_label, char *object_label, int request,
328 struct smack_audit_data *sad; 339 struct smack_audit_data *sad;
329 struct common_audit_data *a = &ad->a; 340 struct common_audit_data *a = &ad->a;
330 341
342#ifdef CONFIG_SECURITY_SMACK_BRINGUP
343 /*
344 * The result may be positive in bringup mode.
345 */
346 if (result > 0)
347 result = 0;
348#endif
331 /* check if we have to log the current event */ 349 /* check if we have to log the current event */
332 if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0) 350 if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
333 return; 351 return;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7091b46adab2..154548ea7d87 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -54,6 +54,149 @@
54 54
55LIST_HEAD(smk_ipv6_port_list); 55LIST_HEAD(smk_ipv6_port_list);
56 56
57#ifdef CONFIG_SECURITY_SMACK_BRINGUP
58static void smk_bu_mode(int mode, char *s)
59{
60 int i = 0;
61
62 if (mode & MAY_READ)
63 s[i++] = 'r';
64 if (mode & MAY_WRITE)
65 s[i++] = 'w';
66 if (mode & MAY_EXEC)
67 s[i++] = 'x';
68 if (mode & MAY_APPEND)
69 s[i++] = 'a';
70 if (mode & MAY_TRANSMUTE)
71 s[i++] = 't';
72 if (mode & MAY_LOCK)
73 s[i++] = 'l';
74 if (i == 0)
75 s[i++] = '-';
76 s[i] = '\0';
77}
78#endif
79
80#ifdef CONFIG_SECURITY_SMACK_BRINGUP
81static int smk_bu_note(char *note, struct smack_known *sskp, char *osp,
82 int mode, int rc)
83{
84 char acc[SMK_NUM_ACCESS_TYPE + 1];
85
86 if (rc <= 0)
87 return rc;
88
89 smk_bu_mode(mode, acc);
90 pr_info("Smack Bringup: (%s %s %s) %s\n",
91 sskp->smk_known, osp, acc, note);
92 return 0;
93}
94#else
95#define smk_bu_note(note, sskp, osp, mode, RC) (RC)
96#endif
97
98#ifdef CONFIG_SECURITY_SMACK_BRINGUP
99static int smk_bu_current(char *note, char *osp, int mode, int rc)
100{
101 struct task_smack *tsp = current_security();
102 char acc[SMK_NUM_ACCESS_TYPE + 1];
103
104 if (rc <= 0)
105 return rc;
106
107 smk_bu_mode(mode, acc);
108 pr_info("Smack Bringup: (%s %s %s) %s %s\n",
109 tsp->smk_task->smk_known, osp, acc, current->comm, note);
110 return 0;
111}
112#else
113#define smk_bu_current(note, osp, mode, RC) (RC)
114#endif
115
116#ifdef CONFIG_SECURITY_SMACK_BRINGUP
117static int smk_bu_task(struct task_struct *otp, int mode, int rc)
118{
119 struct task_smack *tsp = current_security();
120 struct task_smack *otsp = task_security(otp);
121 char acc[SMK_NUM_ACCESS_TYPE + 1];
122
123 if (rc <= 0)
124 return rc;
125
126 smk_bu_mode(mode, acc);
127 pr_info("Smack Bringup: (%s %s %s) %s to %s\n",
128 tsp->smk_task->smk_known, otsp->smk_task->smk_known, acc,
129 current->comm, otp->comm);
130 return 0;
131}
132#else
133#define smk_bu_task(otp, mode, RC) (RC)
134#endif
135
136#ifdef CONFIG_SECURITY_SMACK_BRINGUP
137static int smk_bu_inode(struct inode *inode, int mode, int rc)
138{
139 struct task_smack *tsp = current_security();
140 char acc[SMK_NUM_ACCESS_TYPE + 1];
141
142 if (rc <= 0)
143 return rc;
144
145 smk_bu_mode(mode, acc);
146 pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n",
147 tsp->smk_task->smk_known, smk_of_inode(inode), acc,
148 inode->i_sb->s_id, inode->i_ino, current->comm);
149 return 0;
150}
151#else
152#define smk_bu_inode(inode, mode, RC) (RC)
153#endif
154
155#ifdef CONFIG_SECURITY_SMACK_BRINGUP
156static int smk_bu_file(struct file *file, int mode, int rc)
157{
158 struct task_smack *tsp = current_security();
159 struct smack_known *sskp = tsp->smk_task;
160 struct inode *inode = file->f_inode;
161 char acc[SMK_NUM_ACCESS_TYPE + 1];
162
163 if (rc <= 0)
164 return rc;
165
166 smk_bu_mode(mode, acc);
167 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %s) %s\n",
168 sskp->smk_known, (char *)file->f_security, acc,
169 inode->i_sb->s_id, inode->i_ino, file->f_dentry->d_name.name,
170 current->comm);
171 return 0;
172}
173#else
174#define smk_bu_file(file, mode, RC) (RC)
175#endif
176
177#ifdef CONFIG_SECURITY_SMACK_BRINGUP
178static int smk_bu_credfile(const struct cred *cred, struct file *file,
179 int mode, int rc)
180{
181 struct task_smack *tsp = cred->security;
182 struct smack_known *sskp = tsp->smk_task;
183 struct inode *inode = file->f_inode;
184 char acc[SMK_NUM_ACCESS_TYPE + 1];
185
186 if (rc <= 0)
187 return rc;
188
189 smk_bu_mode(mode, acc);
190 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %s) %s\n",
191 sskp->smk_known, smk_of_inode(inode), acc,
192 inode->i_sb->s_id, inode->i_ino, file->f_dentry->d_name.name,
193 current->comm);
194 return 0;
195}
196#else
197#define smk_bu_credfile(cred, file, mode, RC) (RC)
198#endif
199
57/** 200/**
58 * smk_fetch - Fetch the smack label from a file. 201 * smk_fetch - Fetch the smack label from a file.
59 * @ip: a pointer to the inode 202 * @ip: a pointer to the inode
@@ -507,6 +650,7 @@ static int smack_sb_statfs(struct dentry *dentry)
507 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 650 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
508 651
509 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 652 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
653 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
510 return rc; 654 return rc;
511} 655}
512 656
@@ -697,11 +841,13 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
697 841
698 isp = smk_of_inode(old_dentry->d_inode); 842 isp = smk_of_inode(old_dentry->d_inode);
699 rc = smk_curacc(isp, MAY_WRITE, &ad); 843 rc = smk_curacc(isp, MAY_WRITE, &ad);
844 rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc);
700 845
701 if (rc == 0 && new_dentry->d_inode != NULL) { 846 if (rc == 0 && new_dentry->d_inode != NULL) {
702 isp = smk_of_inode(new_dentry->d_inode); 847 isp = smk_of_inode(new_dentry->d_inode);
703 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 848 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
704 rc = smk_curacc(isp, MAY_WRITE, &ad); 849 rc = smk_curacc(isp, MAY_WRITE, &ad);
850 rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc);
705 } 851 }
706 852
707 return rc; 853 return rc;
@@ -728,6 +874,7 @@ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
728 * You need write access to the thing you're unlinking 874 * You need write access to the thing you're unlinking
729 */ 875 */
730 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 876 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
877 rc = smk_bu_inode(ip, MAY_WRITE, rc);
731 if (rc == 0) { 878 if (rc == 0) {
732 /* 879 /*
733 * You also need write access to the containing directory 880 * You also need write access to the containing directory
@@ -735,6 +882,7 @@ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
735 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 882 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
736 smk_ad_setfield_u_fs_inode(&ad, dir); 883 smk_ad_setfield_u_fs_inode(&ad, dir);
737 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 884 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
885 rc = smk_bu_inode(dir, MAY_WRITE, rc);
738 } 886 }
739 return rc; 887 return rc;
740} 888}
@@ -759,6 +907,7 @@ static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
759 * You need write access to the thing you're removing 907 * You need write access to the thing you're removing
760 */ 908 */
761 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 909 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
910 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
762 if (rc == 0) { 911 if (rc == 0) {
763 /* 912 /*
764 * You also need write access to the containing directory 913 * You also need write access to the containing directory
@@ -766,6 +915,7 @@ static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
766 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 915 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
767 smk_ad_setfield_u_fs_inode(&ad, dir); 916 smk_ad_setfield_u_fs_inode(&ad, dir);
768 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 917 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
918 rc = smk_bu_inode(dir, MAY_WRITE, rc);
769 } 919 }
770 920
771 return rc; 921 return rc;
@@ -797,11 +947,13 @@ static int smack_inode_rename(struct inode *old_inode,
797 947
798 isp = smk_of_inode(old_dentry->d_inode); 948 isp = smk_of_inode(old_dentry->d_inode);
799 rc = smk_curacc(isp, MAY_READWRITE, &ad); 949 rc = smk_curacc(isp, MAY_READWRITE, &ad);
950 rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc);
800 951
801 if (rc == 0 && new_dentry->d_inode != NULL) { 952 if (rc == 0 && new_dentry->d_inode != NULL) {
802 isp = smk_of_inode(new_dentry->d_inode); 953 isp = smk_of_inode(new_dentry->d_inode);
803 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 954 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
804 rc = smk_curacc(isp, MAY_READWRITE, &ad); 955 rc = smk_curacc(isp, MAY_READWRITE, &ad);
956 rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc);
805 } 957 }
806 return rc; 958 return rc;
807} 959}
@@ -819,6 +971,7 @@ static int smack_inode_permission(struct inode *inode, int mask)
819{ 971{
820 struct smk_audit_info ad; 972 struct smk_audit_info ad;
821 int no_block = mask & MAY_NOT_BLOCK; 973 int no_block = mask & MAY_NOT_BLOCK;
974 int rc;
822 975
823 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 976 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
824 /* 977 /*
@@ -832,7 +985,9 @@ static int smack_inode_permission(struct inode *inode, int mask)
832 return -ECHILD; 985 return -ECHILD;
833 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 986 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
834 smk_ad_setfield_u_fs_inode(&ad, inode); 987 smk_ad_setfield_u_fs_inode(&ad, inode);
835 return smk_curacc(smk_of_inode(inode), mask, &ad); 988 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
989 rc = smk_bu_inode(inode, mask, rc);
990 return rc;
836} 991}
837 992
838/** 993/**
@@ -845,6 +1000,8 @@ static int smack_inode_permission(struct inode *inode, int mask)
845static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1000static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
846{ 1001{
847 struct smk_audit_info ad; 1002 struct smk_audit_info ad;
1003 int rc;
1004
848 /* 1005 /*
849 * Need to allow for clearing the setuid bit. 1006 * Need to allow for clearing the setuid bit.
850 */ 1007 */
@@ -853,7 +1010,9 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
853 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1010 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
854 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1011 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
855 1012
856 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 1013 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1014 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1015 return rc;
857} 1016}
858 1017
859/** 1018/**
@@ -867,13 +1026,16 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
867{ 1026{
868 struct smk_audit_info ad; 1027 struct smk_audit_info ad;
869 struct path path; 1028 struct path path;
1029 int rc;
870 1030
871 path.dentry = dentry; 1031 path.dentry = dentry;
872 path.mnt = mnt; 1032 path.mnt = mnt;
873 1033
874 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1034 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
875 smk_ad_setfield_u_fs_path(&ad, path); 1035 smk_ad_setfield_u_fs_path(&ad, path);
876 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); 1036 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1037 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1038 return rc;
877} 1039}
878 1040
879/** 1041/**
@@ -932,8 +1094,10 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
932 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1094 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
933 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1095 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
934 1096
935 if (rc == 0) 1097 if (rc == 0) {
936 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 1098 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1099 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1100 }
937 1101
938 return rc; 1102 return rc;
939} 1103}
@@ -993,11 +1157,14 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
993static int smack_inode_getxattr(struct dentry *dentry, const char *name) 1157static int smack_inode_getxattr(struct dentry *dentry, const char *name)
994{ 1158{
995 struct smk_audit_info ad; 1159 struct smk_audit_info ad;
1160 int rc;
996 1161
997 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); 1162 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
998 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1163 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
999 1164
1000 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); 1165 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1166 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1167 return rc;
1001} 1168}
1002 1169
1003/** 1170/**
@@ -1033,6 +1200,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1033 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 1200 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1034 1201
1035 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 1202 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1203 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1036 if (rc != 0) 1204 if (rc != 0)
1037 return rc; 1205 return rc;
1038 1206
@@ -1213,11 +1381,15 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
1213 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1381 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1214 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1382 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1215 1383
1216 if (_IOC_DIR(cmd) & _IOC_WRITE) 1384 if (_IOC_DIR(cmd) & _IOC_WRITE) {
1217 rc = smk_curacc(file->f_security, MAY_WRITE, &ad); 1385 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1386 rc = smk_bu_file(file, MAY_WRITE, rc);
1387 }
1218 1388
1219 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) 1389 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1220 rc = smk_curacc(file->f_security, MAY_READ, &ad); 1390 rc = smk_curacc(file->f_security, MAY_READ, &ad);
1391 rc = smk_bu_file(file, MAY_READ, rc);
1392 }
1221 1393
1222 return rc; 1394 return rc;
1223} 1395}
@@ -1232,10 +1404,13 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
1232static int smack_file_lock(struct file *file, unsigned int cmd) 1404static int smack_file_lock(struct file *file, unsigned int cmd)
1233{ 1405{
1234 struct smk_audit_info ad; 1406 struct smk_audit_info ad;
1407 int rc;
1235 1408
1236 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1409 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1237 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1410 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1238 return smk_curacc(file->f_security, MAY_LOCK, &ad); 1411 rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1412 rc = smk_bu_file(file, MAY_LOCK, rc);
1413 return rc;
1239} 1414}
1240 1415
1241/** 1416/**
@@ -1265,12 +1440,14 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
1265 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1440 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1266 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1441 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1267 rc = smk_curacc(file->f_security, MAY_LOCK, &ad); 1442 rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1443 rc = smk_bu_file(file, MAY_LOCK, rc);
1268 break; 1444 break;
1269 case F_SETOWN: 1445 case F_SETOWN:
1270 case F_SETSIG: 1446 case F_SETSIG:
1271 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1447 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1272 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1448 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1273 rc = smk_curacc(file->f_security, MAY_WRITE, &ad); 1449 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1450 rc = smk_bu_file(file, MAY_WRITE, rc);
1274 break; 1451 break;
1275 default: 1452 default:
1276 break; 1453 break;
@@ -1425,6 +1602,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
1425 /* we don't log here as rc can be overriden */ 1602 /* we don't log here as rc can be overriden */
1426 skp = smk_find_entry(file->f_security); 1603 skp = smk_find_entry(file->f_security);
1427 rc = smk_access(skp, tkp->smk_known, MAY_WRITE, NULL); 1604 rc = smk_access(skp, tkp->smk_known, MAY_WRITE, NULL);
1605 rc = smk_bu_note("sigiotask", skp, tkp->smk_known, MAY_WRITE, rc);
1428 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1606 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1429 rc = 0; 1607 rc = 0;
1430 1608
@@ -1442,6 +1620,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
1442 */ 1620 */
1443static int smack_file_receive(struct file *file) 1621static int smack_file_receive(struct file *file)
1444{ 1622{
1623 int rc;
1445 int may = 0; 1624 int may = 0;
1446 struct smk_audit_info ad; 1625 struct smk_audit_info ad;
1447 1626
@@ -1455,7 +1634,9 @@ static int smack_file_receive(struct file *file)
1455 if (file->f_mode & FMODE_WRITE) 1634 if (file->f_mode & FMODE_WRITE)
1456 may |= MAY_WRITE; 1635 may |= MAY_WRITE;
1457 1636
1458 return smk_curacc(file->f_security, may, &ad); 1637 rc = smk_curacc(file->f_security, may, &ad);
1638 rc = smk_bu_file(file, may, rc);
1639 return rc;
1459} 1640}
1460 1641
1461/** 1642/**
@@ -1485,6 +1666,7 @@ static int smack_file_open(struct file *file, const struct cred *cred)
1485 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1666 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1486 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1667 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1487 rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad); 1668 rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad);
1669 rc = smk_bu_credfile(cred, file, MAY_READ, rc);
1488 if (rc == 0) 1670 if (rc == 0)
1489 file->f_security = isp->smk_inode; 1671 file->f_security = isp->smk_inode;
1490 1672
@@ -1641,10 +1823,13 @@ static int smk_curacc_on_task(struct task_struct *p, int access,
1641{ 1823{
1642 struct smk_audit_info ad; 1824 struct smk_audit_info ad;
1643 struct smack_known *skp = smk_of_task(task_security(p)); 1825 struct smack_known *skp = smk_of_task(task_security(p));
1826 int rc;
1644 1827
1645 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 1828 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1646 smk_ad_setfield_u_tsk(&ad, p); 1829 smk_ad_setfield_u_tsk(&ad, p);
1647 return smk_curacc(skp->smk_known, access, &ad); 1830 rc = smk_curacc(skp->smk_known, access, &ad);
1831 rc = smk_bu_task(p, access, rc);
1832 return rc;
1648} 1833}
1649 1834
1650/** 1835/**
@@ -1798,6 +1983,7 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1798 struct smk_audit_info ad; 1983 struct smk_audit_info ad;
1799 struct smack_known *skp; 1984 struct smack_known *skp;
1800 struct smack_known *tkp = smk_of_task(task_security(p)); 1985 struct smack_known *tkp = smk_of_task(task_security(p));
1986 int rc;
1801 1987
1802 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1988 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1803 smk_ad_setfield_u_tsk(&ad, p); 1989 smk_ad_setfield_u_tsk(&ad, p);
@@ -1805,15 +1991,20 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1805 * Sending a signal requires that the sender 1991 * Sending a signal requires that the sender
1806 * can write the receiver. 1992 * can write the receiver.
1807 */ 1993 */
1808 if (secid == 0) 1994 if (secid == 0) {
1809 return smk_curacc(tkp->smk_known, MAY_WRITE, &ad); 1995 rc = smk_curacc(tkp->smk_known, MAY_WRITE, &ad);
1996 rc = smk_bu_task(p, MAY_WRITE, rc);
1997 return rc;
1998 }
1810 /* 1999 /*
1811 * If the secid isn't 0 we're dealing with some USB IO 2000 * If the secid isn't 0 we're dealing with some USB IO
1812 * specific behavior. This is not clean. For one thing 2001 * specific behavior. This is not clean. For one thing
1813 * we can't take privilege into account. 2002 * we can't take privilege into account.
1814 */ 2003 */
1815 skp = smack_from_secid(secid); 2004 skp = smack_from_secid(secid);
1816 return smk_access(skp, tkp->smk_known, MAY_WRITE, &ad); 2005 rc = smk_access(skp, tkp->smk_known, MAY_WRITE, &ad);
2006 rc = smk_bu_note("USB signal", skp, tkp->smk_known, MAY_WRITE, rc);
2007 return rc;
1817} 2008}
1818 2009
1819/** 2010/**
@@ -2005,6 +2196,7 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2005 sk_lbl = SMACK_UNLABELED_SOCKET; 2196 sk_lbl = SMACK_UNLABELED_SOCKET;
2006 skp = ssp->smk_out; 2197 skp = ssp->smk_out;
2007 rc = smk_access(skp, hostsp, MAY_WRITE, &ad); 2198 rc = smk_access(skp, hostsp, MAY_WRITE, &ad);
2199 rc = smk_bu_note("IPv4 host check", skp, hostsp, MAY_WRITE, rc);
2008 } else { 2200 } else {
2009 sk_lbl = SMACK_CIPSO_SOCKET; 2201 sk_lbl = SMACK_CIPSO_SOCKET;
2010 rc = 0; 2202 rc = 0;
@@ -2107,6 +2299,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2107 unsigned short port = 0; 2299 unsigned short port = 0;
2108 char *object; 2300 char *object;
2109 struct smk_audit_info ad; 2301 struct smk_audit_info ad;
2302 int rc;
2110#ifdef CONFIG_AUDIT 2303#ifdef CONFIG_AUDIT
2111 struct lsm_network_audit net; 2304 struct lsm_network_audit net;
2112#endif 2305#endif
@@ -2160,7 +2353,9 @@ auditout:
2160 else 2353 else
2161 ad.a.u.net->v6info.daddr = address->sin6_addr; 2354 ad.a.u.net->v6info.daddr = address->sin6_addr;
2162#endif 2355#endif
2163 return smk_access(skp, object, MAY_WRITE, &ad); 2356 rc = smk_access(skp, object, MAY_WRITE, &ad);
2357 rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
2358 return rc;
2164} 2359}
2165 2360
2166/** 2361/**
@@ -2399,12 +2594,15 @@ static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2399{ 2594{
2400 char *ssp = smack_of_shm(shp); 2595 char *ssp = smack_of_shm(shp);
2401 struct smk_audit_info ad; 2596 struct smk_audit_info ad;
2597 int rc;
2402 2598
2403#ifdef CONFIG_AUDIT 2599#ifdef CONFIG_AUDIT
2404 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2600 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2405 ad.a.u.ipc_id = shp->shm_perm.id; 2601 ad.a.u.ipc_id = shp->shm_perm.id;
2406#endif 2602#endif
2407 return smk_curacc(ssp, access, &ad); 2603 rc = smk_curacc(ssp, access, &ad);
2604 rc = smk_bu_current("shm", ssp, access, rc);
2605 return rc;
2408} 2606}
2409 2607
2410/** 2608/**
@@ -2523,12 +2721,15 @@ static int smk_curacc_sem(struct sem_array *sma, int access)
2523{ 2721{
2524 char *ssp = smack_of_sem(sma); 2722 char *ssp = smack_of_sem(sma);
2525 struct smk_audit_info ad; 2723 struct smk_audit_info ad;
2724 int rc;
2526 2725
2527#ifdef CONFIG_AUDIT 2726#ifdef CONFIG_AUDIT
2528 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2727 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2529 ad.a.u.ipc_id = sma->sem_perm.id; 2728 ad.a.u.ipc_id = sma->sem_perm.id;
2530#endif 2729#endif
2531 return smk_curacc(ssp, access, &ad); 2730 rc = smk_curacc(ssp, access, &ad);
2731 rc = smk_bu_current("sem", ssp, access, rc);
2732 return rc;
2532} 2733}
2533 2734
2534/** 2735/**
@@ -2653,12 +2854,15 @@ static int smk_curacc_msq(struct msg_queue *msq, int access)
2653{ 2854{
2654 char *msp = smack_of_msq(msq); 2855 char *msp = smack_of_msq(msq);
2655 struct smk_audit_info ad; 2856 struct smk_audit_info ad;
2857 int rc;
2656 2858
2657#ifdef CONFIG_AUDIT 2859#ifdef CONFIG_AUDIT
2658 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2860 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2659 ad.a.u.ipc_id = msq->q_perm.id; 2861 ad.a.u.ipc_id = msq->q_perm.id;
2660#endif 2862#endif
2661 return smk_curacc(msp, access, &ad); 2863 rc = smk_curacc(msp, access, &ad);
2864 rc = smk_bu_current("msq", msp, access, rc);
2865 return rc;
2662} 2866}
2663 2867
2664/** 2868/**
@@ -2754,12 +2958,15 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2754 char *isp = ipp->security; 2958 char *isp = ipp->security;
2755 int may = smack_flags_to_may(flag); 2959 int may = smack_flags_to_may(flag);
2756 struct smk_audit_info ad; 2960 struct smk_audit_info ad;
2961 int rc;
2757 2962
2758#ifdef CONFIG_AUDIT 2963#ifdef CONFIG_AUDIT
2759 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2964 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2760 ad.a.u.ipc_id = ipp->id; 2965 ad.a.u.ipc_id = ipp->id;
2761#endif 2966#endif
2762 return smk_curacc(isp, may, &ad); 2967 rc = smk_curacc(isp, may, &ad);
2968 rc = smk_bu_current("svipc", isp, may, rc);
2969 return rc;
2763} 2970}
2764 2971
2765/** 2972/**
@@ -3092,8 +3299,13 @@ static int smack_unix_stream_connect(struct sock *sock,
3092 smk_ad_setfield_u_net_sk(&ad, other); 3299 smk_ad_setfield_u_net_sk(&ad, other);
3093#endif 3300#endif
3094 rc = smk_access(skp, okp->smk_known, MAY_WRITE, &ad); 3301 rc = smk_access(skp, okp->smk_known, MAY_WRITE, &ad);
3095 if (rc == 0) 3302 rc = smk_bu_note("UDS connect", skp, okp->smk_known,
3303 MAY_WRITE, rc);
3304 if (rc == 0) {
3096 rc = smk_access(okp, okp->smk_known, MAY_WRITE, NULL); 3305 rc = smk_access(okp, okp->smk_known, MAY_WRITE, NULL);
3306 rc = smk_bu_note("UDS connect", okp, okp->smk_known,
3307 MAY_WRITE, rc);
3308 }
3097 } 3309 }
3098 3310
3099 /* 3311 /*
@@ -3121,6 +3333,7 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other)
3121 struct socket_smack *osp = other->sk->sk_security; 3333 struct socket_smack *osp = other->sk->sk_security;
3122 struct smack_known *skp; 3334 struct smack_known *skp;
3123 struct smk_audit_info ad; 3335 struct smk_audit_info ad;
3336 int rc;
3124 3337
3125#ifdef CONFIG_AUDIT 3338#ifdef CONFIG_AUDIT
3126 struct lsm_network_audit net; 3339 struct lsm_network_audit net;
@@ -3133,7 +3346,10 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other)
3133 return 0; 3346 return 0;
3134 3347
3135 skp = ssp->smk_out; 3348 skp = ssp->smk_out;
3136 return smk_access(skp, osp->smk_in->smk_known, MAY_WRITE, &ad); 3349 rc = smk_access(skp, osp->smk_in->smk_known, MAY_WRITE, &ad);
3350 rc = smk_bu_note("UDS send", skp, osp->smk_in->smk_known,
3351 MAY_WRITE, rc);
3352 return rc;
3137} 3353}
3138 3354
3139/** 3355/**
@@ -3348,6 +3564,8 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3348 * for networking. 3564 * for networking.
3349 */ 3565 */
3350 rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad); 3566 rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad);
3567 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in->smk_known,
3568 MAY_WRITE, rc);
3351 if (rc != 0) 3569 if (rc != 0)
3352 netlbl_skbuff_err(skb, rc, 0); 3570 netlbl_skbuff_err(skb, rc, 0);
3353 break; 3571 break;
@@ -3528,6 +3746,8 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3528 * here. Read access is not required. 3746 * here. Read access is not required.
3529 */ 3747 */
3530 rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad); 3748 rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad);
3749 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in->smk_known,
3750 MAY_WRITE, rc);
3531 if (rc != 0) 3751 if (rc != 0)
3532 return rc; 3752 return rc;
3533 3753
@@ -3631,6 +3851,7 @@ static int smack_key_permission(key_ref_t key_ref,
3631 struct smk_audit_info ad; 3851 struct smk_audit_info ad;
3632 struct smack_known *tkp = smk_of_task(cred->security); 3852 struct smack_known *tkp = smk_of_task(cred->security);
3633 int request = 0; 3853 int request = 0;
3854 int rc;
3634 3855
3635 keyp = key_ref_to_ptr(key_ref); 3856 keyp = key_ref_to_ptr(key_ref);
3636 if (keyp == NULL) 3857 if (keyp == NULL)
@@ -3655,7 +3876,9 @@ static int smack_key_permission(key_ref_t key_ref,
3655 request = MAY_READ; 3876 request = MAY_READ;
3656 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR)) 3877 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
3657 request = MAY_WRITE; 3878 request = MAY_WRITE;
3658 return smk_access(tkp, keyp->security, request, &ad); 3879 rc = smk_access(tkp, keyp->security, request, &ad);
3880 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
3881 return rc;
3659} 3882}
3660#endif /* CONFIG_KEYS */ 3883#endif /* CONFIG_KEYS */
3661 3884
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 56a1439786a9..49a2248b525c 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -304,6 +304,10 @@ static int smk_perm_from_str(const char *string)
304 case 'L': 304 case 'L':
305 perm |= MAY_LOCK; 305 perm |= MAY_LOCK;
306 break; 306 break;
307 case 'b':
308 case 'B':
309 perm |= MAY_BRINGUP;
310 break;
307 default: 311 default:
308 return perm; 312 return perm;
309 } 313 }
@@ -616,6 +620,8 @@ static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
616 seq_putc(s, 't'); 620 seq_putc(s, 't');
617 if (srp->smk_access & MAY_LOCK) 621 if (srp->smk_access & MAY_LOCK)
618 seq_putc(s, 'l'); 622 seq_putc(s, 'l');
623 if (srp->smk_access & MAY_BRINGUP)
624 seq_putc(s, 'b');
619 625
620 seq_putc(s, '\n'); 626 seq_putc(s, '\n');
621} 627}
@@ -1880,7 +1886,10 @@ static ssize_t smk_user_access(struct file *file, const char __user *buf,
1880 else if (res != -ENOENT) 1886 else if (res != -ENOENT)
1881 return -EINVAL; 1887 return -EINVAL;
1882 1888
1883 data[0] = res == 0 ? '1' : '0'; 1889 /*
1890 * smk_access() can return a value > 0 in the "bringup" case.
1891 */
1892 data[0] = res >= 0 ? '1' : '0';
1884 data[1] = '\0'; 1893 data[1] = '\0';
1885 1894
1886 simple_transaction_set(file, 2); 1895 simple_transaction_set(file, 2);
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-22 12:25:07 -0400