Smack: Integrate Smack with Audit

Setup the new Audit hooks for Smack. SELinux Audit rule fields are recycled to avoid `auditd' userspace modifications. Currently only equality testing is supported on labels acting as a subject (AUDIT_SUBJ_USER) or as an object (AUDIT_OBJ_USER). Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com>
author: Ahmed S. Darwish <darwish.07@gmail.com> 2008-04-29 18:34:10 -0400
committer: James Morris <jmorris@namei.org> 2008-04-29 18:34:10 -0400
commit: d20bdda6d45a4035e48ca7ae467a0d955c1ffc60 (patch)
tree: 634f8bcc6ad7382a79be1081575ee12e7006c375 /security
parent: 780db6c104de48104501f5943361f2371564b85d (diff)
1 files changed, 155 insertions, 0 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 92baee53a7dc..fe0ae1bf1650 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -26,6 +26,7 @@
 #include <linux/pipe_fs_i.h>
 #include <net/netlabel.h>
 #include <net/cipso_ipv4.h>
+#include <linux/audit.h>
 #include "smack.h"
@@ -752,6 +753,18 @@ static int smack_inode_listsecurity(struct inode *inode, char *buffer,
        return -EINVAL;
 }
+/**
+ * smack_inode_getsecid - Extract inode's security id
+ * @inode: inode to extract the info from
+ * @secid: where result will be saved
+ */
+static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
+{
+        struct inode_smack *isp = inode->i_security;
+        *secid = smack_to_secid(isp->smk_inode);
+}
 /*
 * File Hooks
 */
@@ -1805,6 +1818,18 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
        return smk_curacc(isp, may);
 }
+/**
+ * smack_ipc_getsecid - Extract smack security id
+ * @ipcp: the object permissions
+ * @secid: where result will be saved
+ */
+static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
+{
+        char *smack = ipp->security;
+        *secid = smack_to_secid(smack);
+}
 /* module stacking operations */
 /**
@@ -2382,6 +2407,124 @@ static int smack_key_permission(key_ref_t key_ref,
 #endif /* CONFIG_KEYS */
 /*
+ * Smack Audit hooks
+ *
+ * Audit requires a unique representation of each Smack specific
+ * rule. This unique representation is used to distinguish the
+ * object to be audited from remaining kernel objects and also
+ * works as a glue between the audit hooks.
+ *
+ * Since repository entries are added but never deleted, we'll use
+ * the smack_known label address related to the given audit rule as
+ * the needed unique representation. This also better fits the smack
+ * model where nearly everything is a label.
+ */
+#ifdef CONFIG_AUDIT
+/**
+ * smack_audit_rule_init - Initialize a smack audit rule
+ * @field: audit rule fields given from user-space (audit.h)
+ * @op: required testing operator (=, !=, >, <, ...)
+ * @rulestr: smack label to be audited
+ * @vrule: pointer to save our own audit rule representation
+ *
+ * Prepare to audit cases where (@field @op @rulestr) is true.
+ * The label to be audited is created if necessay.
+ */
+static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
+{
+        char **rule = (char **)vrule;
+        *rule = NULL;
+        if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
+                return -EINVAL;
+        if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
+                return -EINVAL;
+        *rule = smk_import(rulestr, 0);
+        return 0;
+}
+/**
+ * smack_audit_rule_known - Distinguish Smack audit rules
+ * @krule: rule of interest, in Audit kernel representation format
+ *
+ * This is used to filter Smack rules from remaining Audit ones.
+ * If it's proved that this rule belongs to us, the
+ * audit_rule_match hook will be called to do the final judgement.
+ */
+static int smack_audit_rule_known(struct audit_krule *krule)
+{
+        struct audit_field *f;
+        int i;
+        for (i = 0; i < krule->field_count; i++) {
+                f = &krule->fields[i];
+                if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
+                        return 1;
+        }
+        return 0;
+}
+/**
+ * smack_audit_rule_match - Audit given object ?
+ * @secid: security id for identifying the object to test
+ * @field: audit rule flags given from user-space
+ * @op: required testing operator
+ * @vrule: smack internal rule presentation
+ * @actx: audit context associated with the check
+ *
+ * The core Audit hook. It's used to take the decision of
+ * whether to audit or not to audit a given object.
+ */
+static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
+                                  struct audit_context *actx)
+{
+        char *smack;
+        char *rule = vrule;
+        if (!rule) {
+                audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR,
+                          "Smack: missing rule\n");
+                return -ENOENT;
+        }
+        if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
+                return 0;
+        smack = smack_from_secid(secid);
+        /*
+         * No need to do string comparisons. If a match occurs,
+         * both pointers will point to the same smack_known
+         * label.
+         */
+        if (op == AUDIT_EQUAL)
+                return (rule == smack);
+        if (op == AUDIT_NOT_EQUAL)
+                return (rule != smack);
+        return 0;
+}
+/**
+ * smack_audit_rule_free - free smack rule representation
+ * @vrule: rule to be freed.
+ *
+ * No memory was allocated.
+ */
+static void smack_audit_rule_free(void *vrule)
+{
+        /* No-op */
+}
+#endif /* CONFIG_AUDIT */
+/*
 * smack_secid_to_secctx - return the smack label for a secid
 * @secid: incoming integer
 * @secdata: destination
@@ -2467,6 +2610,7 @@ struct security_operations smack_ops = {
        .inode_getsecurity =            smack_inode_getsecurity,
        .inode_setsecurity =            smack_inode_setsecurity,
        .inode_listsecurity =           smack_inode_listsecurity,
+        .inode_getsecid =               smack_inode_getsecid,
        .file_permission =              smack_file_permission,
        .file_alloc_security =          smack_file_alloc_security,
@@ -2498,6 +2642,7 @@ struct security_operations smack_ops = {
        .task_prctl =                   cap_task_prctl,
        .ipc_permission =               smack_ipc_permission,
+        .ipc_getsecid =                 smack_ipc_getsecid,
        .msg_msg_alloc_security =       smack_msg_msg_alloc_security,
        .msg_msg_free_security =        smack_msg_msg_free_security,
@@ -2542,12 +2687,22 @@ struct security_operations smack_ops = {
        .sk_free_security =             smack_sk_free_security,
        .sock_graft =                   smack_sock_graft,
        .inet_conn_request =            smack_inet_conn_request,
 /* key management security hooks */
 #ifdef CONFIG_KEYS
        .key_alloc =                    smack_key_alloc,
        .key_free =                     smack_key_free,
        .key_permission =               smack_key_permission,
 #endif /* CONFIG_KEYS */
+ /* Audit hooks */
+#ifdef CONFIG_AUDIT
+        .audit_rule_init =              smack_audit_rule_init,
+        .audit_rule_known =             smack_audit_rule_known,
+        .audit_rule_match =             smack_audit_rule_match,
+        .audit_rule_free =              smack_audit_rule_free,
+#endif /* CONFIG_AUDIT */
        .secid_to_secctx =              smack_secid_to_secctx,
        .secctx_to_secid =              smack_secctx_to_secid,
        .release_secctx =               smack_release_secctx,
author	Ahmed S. Darwish <darwish.07@gmail.com>	2008-04-29 18:34:10 -0400
committer	James Morris <jmorris@namei.org>	2008-04-29 18:34:10 -0400
commit	d20bdda6d45a4035e48ca7ae467a0d955c1ffc60 (patch)
tree	634f8bcc6ad7382a79be1081575ee12e7006c375 /security
parent	780db6c104de48104501f5943361f2371564b85d (diff)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 92baee53a7dc..fe0ae1bf1650 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -26,6 +26,7 @@
26	#include <linux/pipe_fs_i.h>	26	#include <linux/pipe_fs_i.h>
27	#include <net/netlabel.h>	27	#include <net/netlabel.h>
28	#include <net/cipso_ipv4.h>	28	#include <net/cipso_ipv4.h>
		29	#include <linux/audit.h>
29		30
30	#include "smack.h"	31	#include "smack.h"
31		32
@@ -752,6 +753,18 @@ static int smack_inode_listsecurity(struct inode inode, char buffer,
752	return -EINVAL;	753	return -EINVAL;
753	}	754	}
754		755
		756	/**
		757	* smack_inode_getsecid - Extract inode's security id
		758	* @inode: inode to extract the info from
		759	* @secid: where result will be saved
		760	*/
		761	static void smack_inode_getsecid(const struct inode inode, u32 secid)
		762	{
		763	struct inode_smack *isp = inode->i_security;
		764
		765	*secid = smack_to_secid(isp->smk_inode);
		766	}
		767
755	/*	768	/*
756	* File Hooks	769	* File Hooks
757	*/	770	*/
@@ -1805,6 +1818,18 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
1805	return smk_curacc(isp, may);	1818	return smk_curacc(isp, may);
1806	}	1819	}
1807		1820
		1821	/**
		1822	* smack_ipc_getsecid - Extract smack security id
		1823	* @ipcp: the object permissions
		1824	* @secid: where result will be saved
		1825	*/
		1826	static void smack_ipc_getsecid(struct kern_ipc_perm ipp, u32 secid)
		1827	{
		1828	char *smack = ipp->security;
		1829
		1830	*secid = smack_to_secid(smack);
		1831	}
		1832
1808	/* module stacking operations */	1833	/* module stacking operations */
1809		1834
1810	/**	1835	/**
@@ -2382,6 +2407,124 @@ static int smack_key_permission(key_ref_t key_ref,
2382	#endif /* CONFIG_KEYS */	2407	#endif /* CONFIG_KEYS */
2383		2408
2384	/*	2409	/*
		2410	* Smack Audit hooks
		2411	*
		2412	* Audit requires a unique representation of each Smack specific
		2413	* rule. This unique representation is used to distinguish the
		2414	* object to be audited from remaining kernel objects and also
		2415	* works as a glue between the audit hooks.
		2416	*
		2417	* Since repository entries are added but never deleted, we'll use
		2418	* the smack_known label address related to the given audit rule as
		2419	* the needed unique representation. This also better fits the smack
		2420	* model where nearly everything is a label.
		2421	*/
		2422	#ifdef CONFIG_AUDIT
		2423
		2424	/**
		2425	* smack_audit_rule_init - Initialize a smack audit rule
		2426	* @field: audit rule fields given from user-space (audit.h)
		2427	* @op: required testing operator (=, !=, >, <, ...)
		2428	* @rulestr: smack label to be audited
		2429	* @vrule: pointer to save our own audit rule representation
		2430	*
		2431	* Prepare to audit cases where (@field @op @rulestr) is true.
		2432	* The label to be audited is created if necessay.
		2433	*/
		2434	static int smack_audit_rule_init(u32 field, u32 op, char rulestr, void *vrule)
		2435	{
		2436	char rule = (char )vrule;
		2437	*rule = NULL;
		2438
		2439	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
		2440	return -EINVAL;
		2441
		2442	if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
		2443	return -EINVAL;
		2444
		2445	*rule = smk_import(rulestr, 0);
		2446
		2447	return 0;
		2448	}
		2449
		2450	/**
		2451	* smack_audit_rule_known - Distinguish Smack audit rules
		2452	* @krule: rule of interest, in Audit kernel representation format
		2453	*
		2454	* This is used to filter Smack rules from remaining Audit ones.
		2455	* If it's proved that this rule belongs to us, the
		2456	* audit_rule_match hook will be called to do the final judgement.
		2457	*/
		2458	static int smack_audit_rule_known(struct audit_krule *krule)
		2459	{
		2460	struct audit_field *f;
		2461	int i;
		2462
		2463	for (i = 0; i < krule->field_count; i++) {
		2464	f = &krule->fields[i];
		2465
		2466	if (f->type == AUDIT_SUBJ_USER \|\| f->type == AUDIT_OBJ_USER)
		2467	return 1;
		2468	}
		2469
		2470	return 0;
		2471	}
		2472
		2473	/**
		2474	* smack_audit_rule_match - Audit given object ?
		2475	* @secid: security id for identifying the object to test
		2476	* @field: audit rule flags given from user-space
		2477	* @op: required testing operator
		2478	* @vrule: smack internal rule presentation
		2479	* @actx: audit context associated with the check
		2480	*
		2481	* The core Audit hook. It's used to take the decision of
		2482	* whether to audit or not to audit a given object.
		2483	*/
		2484	static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
		2485	struct audit_context *actx)
		2486	{
		2487	char *smack;
		2488	char *rule = vrule;
		2489
		2490	if (!rule) {
		2491	audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR,
		2492	"Smack: missing rule\n");
		2493	return -ENOENT;
		2494	}
		2495
		2496	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
		2497	return 0;
		2498
		2499	smack = smack_from_secid(secid);
		2500
		2501	/*
		2502	* No need to do string comparisons. If a match occurs,
		2503	* both pointers will point to the same smack_known
		2504	* label.
		2505	*/
		2506	if (op == AUDIT_EQUAL)
		2507	return (rule == smack);
		2508	if (op == AUDIT_NOT_EQUAL)
		2509	return (rule != smack);
		2510
		2511	return 0;
		2512	}
		2513
		2514	/**
		2515	* smack_audit_rule_free - free smack rule representation
		2516	* @vrule: rule to be freed.
		2517	*
		2518	* No memory was allocated.
		2519	*/
		2520	static void smack_audit_rule_free(void *vrule)
		2521	{
		2522	/* No-op */
		2523	}
		2524
		2525	#endif /* CONFIG_AUDIT */
		2526
		2527	/*
2385	* smack_secid_to_secctx - return the smack label for a secid	2528	* smack_secid_to_secctx - return the smack label for a secid
2386	* @secid: incoming integer	2529	* @secid: incoming integer
2387	* @secdata: destination	2530	* @secdata: destination
@@ -2467,6 +2610,7 @@ struct security_operations smack_ops = {
2467	.inode_getsecurity = smack_inode_getsecurity,	2610	.inode_getsecurity = smack_inode_getsecurity,
2468	.inode_setsecurity = smack_inode_setsecurity,	2611	.inode_setsecurity = smack_inode_setsecurity,
2469	.inode_listsecurity = smack_inode_listsecurity,	2612	.inode_listsecurity = smack_inode_listsecurity,
		2613	.inode_getsecid = smack_inode_getsecid,
2470		2614
2471	.file_permission = smack_file_permission,	2615	.file_permission = smack_file_permission,
2472	.file_alloc_security = smack_file_alloc_security,	2616	.file_alloc_security = smack_file_alloc_security,
@@ -2498,6 +2642,7 @@ struct security_operations smack_ops = {
2498	.task_prctl = cap_task_prctl,	2642	.task_prctl = cap_task_prctl,
2499		2643
2500	.ipc_permission = smack_ipc_permission,	2644	.ipc_permission = smack_ipc_permission,
		2645	.ipc_getsecid = smack_ipc_getsecid,
2501		2646
2502	.msg_msg_alloc_security = smack_msg_msg_alloc_security,	2647	.msg_msg_alloc_security = smack_msg_msg_alloc_security,
2503	.msg_msg_free_security = smack_msg_msg_free_security,	2648	.msg_msg_free_security = smack_msg_msg_free_security,
@@ -2542,12 +2687,22 @@ struct security_operations smack_ops = {
2542	.sk_free_security = smack_sk_free_security,	2687	.sk_free_security = smack_sk_free_security,
2543	.sock_graft = smack_sock_graft,	2688	.sock_graft = smack_sock_graft,
2544	.inet_conn_request = smack_inet_conn_request,	2689	.inet_conn_request = smack_inet_conn_request,
		2690
2545	/* key management security hooks */	2691	/* key management security hooks */
2546	#ifdef CONFIG_KEYS	2692	#ifdef CONFIG_KEYS
2547	.key_alloc = smack_key_alloc,	2693	.key_alloc = smack_key_alloc,
2548	.key_free = smack_key_free,	2694	.key_free = smack_key_free,
2549	.key_permission = smack_key_permission,	2695	.key_permission = smack_key_permission,
2550	#endif /* CONFIG_KEYS */	2696	#endif /* CONFIG_KEYS */
		2697
		2698	/* Audit hooks */
		2699	#ifdef CONFIG_AUDIT
		2700	.audit_rule_init = smack_audit_rule_init,
		2701	.audit_rule_known = smack_audit_rule_known,
		2702	.audit_rule_match = smack_audit_rule_match,
		2703	.audit_rule_free = smack_audit_rule_free,
		2704	#endif /* CONFIG_AUDIT */
		2705
2551	.secid_to_secctx = smack_secid_to_secctx,	2706	.secid_to_secctx = smack_secid_to_secctx,
2552	.secctx_to_secid = smack_secctx_to_secid,	2707	.secctx_to_secid = smack_secctx_to_secid,
2553	.release_secctx = smack_release_secctx,	2708	.release_secctx = smack_release_secctx,