diff options
-rw-r--r-- | Documentation/Smack.txt | 20 | ||||
-rw-r--r-- | security/Makefile | 3 | ||||
-rw-r--r-- | security/smack/smack.h | 108 | ||||
-rw-r--r-- | security/smack/smack_access.c | 143 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 390 | ||||
-rw-r--r-- | security/smack/smackfs.c | 66 |
6 files changed, 618 insertions, 112 deletions
diff --git a/Documentation/Smack.txt b/Documentation/Smack.txt index 629c92e99783..34614b4c708e 100644 --- a/Documentation/Smack.txt +++ b/Documentation/Smack.txt | |||
@@ -184,8 +184,9 @@ length. Single character labels using special characters, that being anything | |||
184 | other than a letter or digit, are reserved for use by the Smack development | 184 | other than a letter or digit, are reserved for use by the Smack development |
185 | team. Smack labels are unstructured, case sensitive, and the only operation | 185 | team. Smack labels are unstructured, case sensitive, and the only operation |
186 | ever performed on them is comparison for equality. Smack labels cannot | 186 | ever performed on them is comparison for equality. Smack labels cannot |
187 | contain unprintable characters or the "/" (slash) character. Smack labels | 187 | contain unprintable characters, the "/" (slash), the "\" (backslash), the "'" |
188 | cannot begin with a '-', which is reserved for special options. | 188 | (quote) and '"' (double-quote) characters. |
189 | Smack labels cannot begin with a '-', which is reserved for special options. | ||
189 | 190 | ||
190 | There are some predefined labels: | 191 | There are some predefined labels: |
191 | 192 | ||
@@ -523,3 +524,18 @@ Smack supports some mount options: | |||
523 | 524 | ||
524 | These mount options apply to all file system types. | 525 | These mount options apply to all file system types. |
525 | 526 | ||
527 | Smack auditing | ||
528 | |||
529 | If you want Smack auditing of security events, you need to set CONFIG_AUDIT | ||
530 | in your kernel configuration. | ||
531 | By default, all denied events will be audited. You can change this behavior by | ||
532 | writing a single character to the /smack/logging file : | ||
533 | 0 : no logging | ||
534 | 1 : log denied (default) | ||
535 | 2 : log accepted | ||
536 | 3 : log denied & accepted | ||
537 | |||
538 | Events are logged as 'key=value' pairs, for each event you at least will get | ||
539 | the subjet, the object, the rights requested, the action, the kernel function | ||
540 | that triggered the event, plus other pairs depending on the type of event | ||
541 | audited. | ||
diff --git a/security/Makefile b/security/Makefile index fa77021d9778..c67557cdaa85 100644 --- a/security/Makefile +++ b/security/Makefile | |||
@@ -16,6 +16,9 @@ obj-$(CONFIG_SECURITYFS) += inode.o | |||
16 | # Must precede capability.o in order to stack properly. | 16 | # Must precede capability.o in order to stack properly. |
17 | obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o | 17 | obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o |
18 | obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o | 18 | obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o |
19 | ifeq ($(CONFIG_AUDIT),y) | ||
20 | obj-$(CONFIG_SECURITY_SMACK) += lsm_audit.o | ||
21 | endif | ||
19 | obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o | 22 | obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o |
20 | obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o | 23 | obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o |
21 | obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o | 24 | obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o |
diff --git a/security/smack/smack.h b/security/smack/smack.h index 42ef313f9856..243bec175be0 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
@@ -20,6 +20,7 @@ | |||
20 | #include <net/netlabel.h> | 20 | #include <net/netlabel.h> |
21 | #include <linux/list.h> | 21 | #include <linux/list.h> |
22 | #include <linux/rculist.h> | 22 | #include <linux/rculist.h> |
23 | #include <linux/lsm_audit.h> | ||
23 | 24 | ||
24 | /* | 25 | /* |
25 | * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is | 26 | * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is |
@@ -179,6 +180,20 @@ struct smack_known { | |||
179 | #define MAY_NOT 0 | 180 | #define MAY_NOT 0 |
180 | 181 | ||
181 | /* | 182 | /* |
183 | * Number of access types used by Smack (rwxa) | ||
184 | */ | ||
185 | #define SMK_NUM_ACCESS_TYPE 4 | ||
186 | |||
187 | /* | ||
188 | * Smack audit data; is empty if CONFIG_AUDIT not set | ||
189 | * to save some stack | ||
190 | */ | ||
191 | struct smk_audit_info { | ||
192 | #ifdef CONFIG_AUDIT | ||
193 | struct common_audit_data a; | ||
194 | #endif | ||
195 | }; | ||
196 | /* | ||
182 | * These functions are in smack_lsm.c | 197 | * These functions are in smack_lsm.c |
183 | */ | 198 | */ |
184 | struct inode_smack *new_inode_smack(char *); | 199 | struct inode_smack *new_inode_smack(char *); |
@@ -186,8 +201,8 @@ struct inode_smack *new_inode_smack(char *); | |||
186 | /* | 201 | /* |
187 | * These functions are in smack_access.c | 202 | * These functions are in smack_access.c |
188 | */ | 203 | */ |
189 | int smk_access(char *, char *, int); | 204 | int smk_access(char *, char *, int, struct smk_audit_info *); |
190 | int smk_curacc(char *, u32); | 205 | int smk_curacc(char *, u32, struct smk_audit_info *); |
191 | int smack_to_cipso(const char *, struct smack_cipso *); | 206 | int smack_to_cipso(const char *, struct smack_cipso *); |
192 | void smack_from_cipso(u32, char *, char *); | 207 | void smack_from_cipso(u32, char *, char *); |
193 | char *smack_from_secid(const u32); | 208 | char *smack_from_secid(const u32); |
@@ -237,4 +252,93 @@ static inline char *smk_of_inode(const struct inode *isp) | |||
237 | return sip->smk_inode; | 252 | return sip->smk_inode; |
238 | } | 253 | } |
239 | 254 | ||
255 | /* | ||
256 | * logging functions | ||
257 | */ | ||
258 | #define SMACK_AUDIT_DENIED 0x1 | ||
259 | #define SMACK_AUDIT_ACCEPT 0x2 | ||
260 | extern int log_policy; | ||
261 | |||
262 | void smack_log(char *subject_label, char *object_label, | ||
263 | int request, | ||
264 | int result, struct smk_audit_info *auditdata); | ||
265 | |||
266 | #ifdef CONFIG_AUDIT | ||
267 | |||
268 | /* | ||
269 | * some inline functions to set up audit data | ||
270 | * they do nothing if CONFIG_AUDIT is not set | ||
271 | * | ||
272 | */ | ||
273 | static inline void smk_ad_init(struct smk_audit_info *a, const char *func, | ||
274 | char type) | ||
275 | { | ||
276 | memset(a, 0, sizeof(*a)); | ||
277 | a->a.type = type; | ||
278 | a->a.function = func; | ||
279 | } | ||
280 | |||
281 | static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, | ||
282 | struct task_struct *t) | ||
283 | { | ||
284 | a->a.u.tsk = t; | ||
285 | } | ||
286 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, | ||
287 | struct dentry *d) | ||
288 | { | ||
289 | a->a.u.fs.path.dentry = d; | ||
290 | } | ||
291 | static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, | ||
292 | struct vfsmount *m) | ||
293 | { | ||
294 | a->a.u.fs.path.mnt = m; | ||
295 | } | ||
296 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, | ||
297 | struct inode *i) | ||
298 | { | ||
299 | a->a.u.fs.inode = i; | ||
300 | } | ||
301 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, | ||
302 | struct path p) | ||
303 | { | ||
304 | a->a.u.fs.path = p; | ||
305 | } | ||
306 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, | ||
307 | struct sock *sk) | ||
308 | { | ||
309 | a->a.u.net.sk = sk; | ||
310 | } | ||
311 | |||
312 | #else /* no AUDIT */ | ||
313 | |||
314 | static inline void smk_ad_init(struct smk_audit_info *a, const char *func, | ||
315 | char type) | ||
316 | { | ||
317 | } | ||
318 | static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, | ||
319 | struct task_struct *t) | ||
320 | { | ||
321 | } | ||
322 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, | ||
323 | struct dentry *d) | ||
324 | { | ||
325 | } | ||
326 | static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, | ||
327 | struct vfsmount *m) | ||
328 | { | ||
329 | } | ||
330 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, | ||
331 | struct inode *i) | ||
332 | { | ||
333 | } | ||
334 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, | ||
335 | struct path p) | ||
336 | { | ||
337 | } | ||
338 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, | ||
339 | struct sock *sk) | ||
340 | { | ||
341 | } | ||
342 | #endif | ||
343 | |||
240 | #endif /* _SECURITY_SMACK_H */ | 344 | #endif /* _SECURITY_SMACK_H */ |
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index ac0a2707f6d4..513dc1aa16dd 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
@@ -59,11 +59,18 @@ LIST_HEAD(smack_known_list); | |||
59 | */ | 59 | */ |
60 | static u32 smack_next_secid = 10; | 60 | static u32 smack_next_secid = 10; |
61 | 61 | ||
62 | /* | ||
63 | * what events do we log | ||
64 | * can be overwritten at run-time by /smack/logging | ||
65 | */ | ||
66 | int log_policy = SMACK_AUDIT_DENIED; | ||
67 | |||
62 | /** | 68 | /** |
63 | * smk_access - determine if a subject has a specific access to an object | 69 | * smk_access - determine if a subject has a specific access to an object |
64 | * @subject_label: a pointer to the subject's Smack label | 70 | * @subject_label: a pointer to the subject's Smack label |
65 | * @object_label: a pointer to the object's Smack label | 71 | * @object_label: a pointer to the object's Smack label |
66 | * @request: the access requested, in "MAY" format | 72 | * @request: the access requested, in "MAY" format |
73 | * @a : a pointer to the audit data | ||
67 | * | 74 | * |
68 | * This function looks up the subject/object pair in the | 75 | * This function looks up the subject/object pair in the |
69 | * access rule list and returns 0 if the access is permitted, | 76 | * access rule list and returns 0 if the access is permitted, |
@@ -78,10 +85,12 @@ static u32 smack_next_secid = 10; | |||
78 | * will be on the list, so checking the pointers may be a worthwhile | 85 | * will be on the list, so checking the pointers may be a worthwhile |
79 | * optimization. | 86 | * optimization. |
80 | */ | 87 | */ |
81 | int smk_access(char *subject_label, char *object_label, int request) | 88 | int smk_access(char *subject_label, char *object_label, int request, |
89 | struct smk_audit_info *a) | ||
82 | { | 90 | { |
83 | u32 may = MAY_NOT; | 91 | u32 may = MAY_NOT; |
84 | struct smack_rule *srp; | 92 | struct smack_rule *srp; |
93 | int rc = 0; | ||
85 | 94 | ||
86 | /* | 95 | /* |
87 | * Hardcoded comparisons. | 96 | * Hardcoded comparisons. |
@@ -89,8 +98,10 @@ int smk_access(char *subject_label, char *object_label, int request) | |||
89 | * A star subject can't access any object. | 98 | * A star subject can't access any object. |
90 | */ | 99 | */ |
91 | if (subject_label == smack_known_star.smk_known || | 100 | if (subject_label == smack_known_star.smk_known || |
92 | strcmp(subject_label, smack_known_star.smk_known) == 0) | 101 | strcmp(subject_label, smack_known_star.smk_known) == 0) { |
93 | return -EACCES; | 102 | rc = -EACCES; |
103 | goto out_audit; | ||
104 | } | ||
94 | /* | 105 | /* |
95 | * An internet object can be accessed by any subject. | 106 | * An internet object can be accessed by any subject. |
96 | * Tasks cannot be assigned the internet label. | 107 | * Tasks cannot be assigned the internet label. |
@@ -100,20 +111,20 @@ int smk_access(char *subject_label, char *object_label, int request) | |||
100 | subject_label == smack_known_web.smk_known || | 111 | subject_label == smack_known_web.smk_known || |
101 | strcmp(object_label, smack_known_web.smk_known) == 0 || | 112 | strcmp(object_label, smack_known_web.smk_known) == 0 || |
102 | strcmp(subject_label, smack_known_web.smk_known) == 0) | 113 | strcmp(subject_label, smack_known_web.smk_known) == 0) |
103 | return 0; | 114 | goto out_audit; |
104 | /* | 115 | /* |
105 | * A star object can be accessed by any subject. | 116 | * A star object can be accessed by any subject. |
106 | */ | 117 | */ |
107 | if (object_label == smack_known_star.smk_known || | 118 | if (object_label == smack_known_star.smk_known || |
108 | strcmp(object_label, smack_known_star.smk_known) == 0) | 119 | strcmp(object_label, smack_known_star.smk_known) == 0) |
109 | return 0; | 120 | goto out_audit; |
110 | /* | 121 | /* |
111 | * An object can be accessed in any way by a subject | 122 | * An object can be accessed in any way by a subject |
112 | * with the same label. | 123 | * with the same label. |
113 | */ | 124 | */ |
114 | if (subject_label == object_label || | 125 | if (subject_label == object_label || |
115 | strcmp(subject_label, object_label) == 0) | 126 | strcmp(subject_label, object_label) == 0) |
116 | return 0; | 127 | goto out_audit; |
117 | /* | 128 | /* |
118 | * A hat subject can read any object. | 129 | * A hat subject can read any object. |
119 | * A floor object can be read by any subject. | 130 | * A floor object can be read by any subject. |
@@ -121,10 +132,10 @@ int smk_access(char *subject_label, char *object_label, int request) | |||
121 | if ((request & MAY_ANYREAD) == request) { | 132 | if ((request & MAY_ANYREAD) == request) { |
122 | if (object_label == smack_known_floor.smk_known || | 133 | if (object_label == smack_known_floor.smk_known || |
123 | strcmp(object_label, smack_known_floor.smk_known) == 0) | 134 | strcmp(object_label, smack_known_floor.smk_known) == 0) |
124 | return 0; | 135 | goto out_audit; |
125 | if (subject_label == smack_known_hat.smk_known || | 136 | if (subject_label == smack_known_hat.smk_known || |
126 | strcmp(subject_label, smack_known_hat.smk_known) == 0) | 137 | strcmp(subject_label, smack_known_hat.smk_known) == 0) |
127 | return 0; | 138 | goto out_audit; |
128 | } | 139 | } |
129 | /* | 140 | /* |
130 | * Beyond here an explicit relationship is required. | 141 | * Beyond here an explicit relationship is required. |
@@ -148,28 +159,36 @@ int smk_access(char *subject_label, char *object_label, int request) | |||
148 | * This is a bit map operation. | 159 | * This is a bit map operation. |
149 | */ | 160 | */ |
150 | if ((request & may) == request) | 161 | if ((request & may) == request) |
151 | return 0; | 162 | goto out_audit; |
152 | 163 | ||
153 | return -EACCES; | 164 | rc = -EACCES; |
165 | out_audit: | ||
166 | #ifdef CONFIG_AUDIT | ||
167 | if (a) | ||
168 | smack_log(subject_label, object_label, request, rc, a); | ||
169 | #endif | ||
170 | return rc; | ||
154 | } | 171 | } |
155 | 172 | ||
156 | /** | 173 | /** |
157 | * smk_curacc - determine if current has a specific access to an object | 174 | * smk_curacc - determine if current has a specific access to an object |
158 | * @obj_label: a pointer to the object's Smack label | 175 | * @obj_label: a pointer to the object's Smack label |
159 | * @mode: the access requested, in "MAY" format | 176 | * @mode: the access requested, in "MAY" format |
177 | * @a : common audit data | ||
160 | * | 178 | * |
161 | * This function checks the current subject label/object label pair | 179 | * This function checks the current subject label/object label pair |
162 | * in the access rule list and returns 0 if the access is permitted, | 180 | * in the access rule list and returns 0 if the access is permitted, |
163 | * non zero otherwise. It allows that current may have the capability | 181 | * non zero otherwise. It allows that current may have the capability |
164 | * to override the rules. | 182 | * to override the rules. |
165 | */ | 183 | */ |
166 | int smk_curacc(char *obj_label, u32 mode) | 184 | int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a) |
167 | { | 185 | { |
168 | int rc; | 186 | int rc; |
187 | char *sp = current_security(); | ||
169 | 188 | ||
170 | rc = smk_access(current_security(), obj_label, mode); | 189 | rc = smk_access(sp, obj_label, mode, NULL); |
171 | if (rc == 0) | 190 | if (rc == 0) |
172 | return 0; | 191 | goto out_audit; |
173 | 192 | ||
174 | /* | 193 | /* |
175 | * Return if a specific label has been designated as the | 194 | * Return if a specific label has been designated as the |
@@ -177,14 +196,105 @@ int smk_curacc(char *obj_label, u32 mode) | |||
177 | * have that label. | 196 | * have that label. |
178 | */ | 197 | */ |
179 | if (smack_onlycap != NULL && smack_onlycap != current->cred->security) | 198 | if (smack_onlycap != NULL && smack_onlycap != current->cred->security) |
180 | return rc; | 199 | goto out_audit; |
181 | 200 | ||
182 | if (capable(CAP_MAC_OVERRIDE)) | 201 | if (capable(CAP_MAC_OVERRIDE)) |
183 | return 0; | 202 | return 0; |
184 | 203 | ||
204 | out_audit: | ||
205 | #ifdef CONFIG_AUDIT | ||
206 | if (a) | ||
207 | smack_log(sp, obj_label, mode, rc, a); | ||
208 | #endif | ||
185 | return rc; | 209 | return rc; |
186 | } | 210 | } |
187 | 211 | ||
212 | #ifdef CONFIG_AUDIT | ||
213 | /** | ||
214 | * smack_str_from_perm : helper to transalate an int to a | ||
215 | * readable string | ||
216 | * @string : the string to fill | ||
217 | * @access : the int | ||
218 | * | ||
219 | */ | ||
220 | static inline void smack_str_from_perm(char *string, int access) | ||
221 | { | ||
222 | int i = 0; | ||
223 | if (access & MAY_READ) | ||
224 | string[i++] = 'r'; | ||
225 | if (access & MAY_WRITE) | ||
226 | string[i++] = 'w'; | ||
227 | if (access & MAY_EXEC) | ||
228 | string[i++] = 'x'; | ||
229 | if (access & MAY_APPEND) | ||
230 | string[i++] = 'a'; | ||
231 | string[i] = '\0'; | ||
232 | } | ||
233 | /** | ||
234 | * smack_log_callback - SMACK specific information | ||
235 | * will be called by generic audit code | ||
236 | * @ab : the audit_buffer | ||
237 | * @a : audit_data | ||
238 | * | ||
239 | */ | ||
240 | static void smack_log_callback(struct audit_buffer *ab, void *a) | ||
241 | { | ||
242 | struct common_audit_data *ad = a; | ||
243 | struct smack_audit_data *sad = &ad->lsm_priv.smack_audit_data; | ||
244 | audit_log_format(ab, "lsm=SMACK fn=%s action=%s", ad->function, | ||
245 | sad->result ? "denied" : "granted"); | ||
246 | audit_log_format(ab, " subject="); | ||
247 | audit_log_untrustedstring(ab, sad->subject); | ||
248 | audit_log_format(ab, " object="); | ||
249 | audit_log_untrustedstring(ab, sad->object); | ||
250 | audit_log_format(ab, " requested=%s", sad->request); | ||
251 | } | ||
252 | |||
253 | /** | ||
254 | * smack_log - Audit the granting or denial of permissions. | ||
255 | * @subject_label : smack label of the requester | ||
256 | * @object_label : smack label of the object being accessed | ||
257 | * @request: requested permissions | ||
258 | * @result: result from smk_access | ||
259 | * @a: auxiliary audit data | ||
260 | * | ||
261 | * Audit the granting or denial of permissions in accordance | ||
262 | * with the policy. | ||
263 | */ | ||
264 | void smack_log(char *subject_label, char *object_label, int request, | ||
265 | int result, struct smk_audit_info *ad) | ||
266 | { | ||
267 | char request_buffer[SMK_NUM_ACCESS_TYPE + 1]; | ||
268 | struct smack_audit_data *sad; | ||
269 | struct common_audit_data *a = &ad->a; | ||
270 | |||
271 | /* check if we have to log the current event */ | ||
272 | if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0) | ||
273 | return; | ||
274 | if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0) | ||
275 | return; | ||
276 | |||
277 | if (a->function == NULL) | ||
278 | a->function = "unknown"; | ||
279 | |||
280 | /* end preparing the audit data */ | ||
281 | sad = &a->lsm_priv.smack_audit_data; | ||
282 | smack_str_from_perm(request_buffer, request); | ||
283 | sad->subject = subject_label; | ||
284 | sad->object = object_label; | ||
285 | sad->request = request_buffer; | ||
286 | sad->result = result; | ||
287 | a->lsm_pre_audit = smack_log_callback; | ||
288 | |||
289 | common_lsm_audit(a); | ||
290 | } | ||
291 | #else /* #ifdef CONFIG_AUDIT */ | ||
292 | void smack_log(char *subject_label, char *object_label, int request, | ||
293 | int result, struct smk_audit_info *ad) | ||
294 | { | ||
295 | } | ||
296 | #endif | ||
297 | |||
188 | static DEFINE_MUTEX(smack_known_lock); | 298 | static DEFINE_MUTEX(smack_known_lock); |
189 | 299 | ||
190 | /** | 300 | /** |
@@ -209,7 +319,8 @@ struct smack_known *smk_import_entry(const char *string, int len) | |||
209 | if (found) | 319 | if (found) |
210 | smack[i] = '\0'; | 320 | smack[i] = '\0'; |
211 | else if (i >= len || string[i] > '~' || string[i] <= ' ' || | 321 | else if (i >= len || string[i] > '~' || string[i] <= ' ' || |
212 | string[i] == '/') { | 322 | string[i] == '/' || string[i] == '"' || |
323 | string[i] == '\\' || string[i] == '\'') { | ||
213 | smack[i] = '\0'; | 324 | smack[i] = '\0'; |
214 | found = 1; | 325 | found = 1; |
215 | } else | 326 | } else |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 921514902eca..f557767911c9 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -30,7 +30,6 @@ | |||
30 | #include <net/netlabel.h> | 30 | #include <net/netlabel.h> |
31 | #include <net/cipso_ipv4.h> | 31 | #include <net/cipso_ipv4.h> |
32 | #include <linux/audit.h> | 32 | #include <linux/audit.h> |
33 | |||
34 | #include "smack.h" | 33 | #include "smack.h" |
35 | 34 | ||
36 | #define task_security(task) (task_cred_xxx((task), security)) | 35 | #define task_security(task) (task_cred_xxx((task), security)) |
@@ -103,14 +102,24 @@ struct inode_smack *new_inode_smack(char *smack) | |||
103 | static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) | 102 | static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) |
104 | { | 103 | { |
105 | int rc; | 104 | int rc; |
105 | struct smk_audit_info ad; | ||
106 | char *sp, *tsp; | ||
106 | 107 | ||
107 | rc = cap_ptrace_may_access(ctp, mode); | 108 | rc = cap_ptrace_may_access(ctp, mode); |
108 | if (rc != 0) | 109 | if (rc != 0) |
109 | return rc; | 110 | return rc; |
110 | 111 | ||
111 | rc = smk_access(current_security(), task_security(ctp), MAY_READWRITE); | 112 | sp = current_security(); |
113 | tsp = task_security(ctp); | ||
114 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | ||
115 | smk_ad_setfield_u_tsk(&ad, ctp); | ||
116 | |||
117 | /* we won't log here, because rc can be overriden */ | ||
118 | rc = smk_access(sp, tsp, MAY_READWRITE, NULL); | ||
112 | if (rc != 0 && capable(CAP_MAC_OVERRIDE)) | 119 | if (rc != 0 && capable(CAP_MAC_OVERRIDE)) |
113 | return 0; | 120 | rc = 0; |
121 | |||
122 | smack_log(sp, tsp, MAY_READWRITE, rc, &ad); | ||
114 | return rc; | 123 | return rc; |
115 | } | 124 | } |
116 | 125 | ||
@@ -125,14 +134,24 @@ static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) | |||
125 | static int smack_ptrace_traceme(struct task_struct *ptp) | 134 | static int smack_ptrace_traceme(struct task_struct *ptp) |
126 | { | 135 | { |
127 | int rc; | 136 | int rc; |
137 | struct smk_audit_info ad; | ||
138 | char *sp, *tsp; | ||
128 | 139 | ||
129 | rc = cap_ptrace_traceme(ptp); | 140 | rc = cap_ptrace_traceme(ptp); |
130 | if (rc != 0) | 141 | if (rc != 0) |
131 | return rc; | 142 | return rc; |
132 | 143 | ||
133 | rc = smk_access(task_security(ptp), current_security(), MAY_READWRITE); | 144 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); |
145 | smk_ad_setfield_u_tsk(&ad, ptp); | ||
146 | |||
147 | sp = current_security(); | ||
148 | tsp = task_security(ptp); | ||
149 | /* we won't log here, because rc can be overriden */ | ||
150 | rc = smk_access(tsp, sp, MAY_READWRITE, NULL); | ||
134 | if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) | 151 | if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) |
135 | return 0; | 152 | rc = 0; |
153 | |||
154 | smack_log(tsp, sp, MAY_READWRITE, rc, &ad); | ||
136 | return rc; | 155 | return rc; |
137 | } | 156 | } |
138 | 157 | ||
@@ -327,8 +346,14 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) | |||
327 | static int smack_sb_statfs(struct dentry *dentry) | 346 | static int smack_sb_statfs(struct dentry *dentry) |
328 | { | 347 | { |
329 | struct superblock_smack *sbp = dentry->d_sb->s_security; | 348 | struct superblock_smack *sbp = dentry->d_sb->s_security; |
349 | int rc; | ||
350 | struct smk_audit_info ad; | ||
330 | 351 | ||
331 | return smk_curacc(sbp->smk_floor, MAY_READ); | 352 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); |
353 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | ||
354 | |||
355 | rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); | ||
356 | return rc; | ||
332 | } | 357 | } |
333 | 358 | ||
334 | /** | 359 | /** |
@@ -346,8 +371,12 @@ static int smack_sb_mount(char *dev_name, struct path *path, | |||
346 | char *type, unsigned long flags, void *data) | 371 | char *type, unsigned long flags, void *data) |
347 | { | 372 | { |
348 | struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; | 373 | struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; |
374 | struct smk_audit_info ad; | ||
375 | |||
376 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
377 | smk_ad_setfield_u_fs_path(&ad, *path); | ||
349 | 378 | ||
350 | return smk_curacc(sbp->smk_floor, MAY_WRITE); | 379 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); |
351 | } | 380 | } |
352 | 381 | ||
353 | /** | 382 | /** |
@@ -361,10 +390,14 @@ static int smack_sb_mount(char *dev_name, struct path *path, | |||
361 | static int smack_sb_umount(struct vfsmount *mnt, int flags) | 390 | static int smack_sb_umount(struct vfsmount *mnt, int flags) |
362 | { | 391 | { |
363 | struct superblock_smack *sbp; | 392 | struct superblock_smack *sbp; |
393 | struct smk_audit_info ad; | ||
364 | 394 | ||
365 | sbp = mnt->mnt_sb->s_security; | 395 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); |
396 | smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_mountpoint); | ||
397 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); | ||
366 | 398 | ||
367 | return smk_curacc(sbp->smk_floor, MAY_WRITE); | 399 | sbp = mnt->mnt_sb->s_security; |
400 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); | ||
368 | } | 401 | } |
369 | 402 | ||
370 | /* | 403 | /* |
@@ -441,15 +474,20 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, | |||
441 | static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, | 474 | static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, |
442 | struct dentry *new_dentry) | 475 | struct dentry *new_dentry) |
443 | { | 476 | { |
444 | int rc; | ||
445 | char *isp; | 477 | char *isp; |
478 | struct smk_audit_info ad; | ||
479 | int rc; | ||
480 | |||
481 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
482 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); | ||
446 | 483 | ||
447 | isp = smk_of_inode(old_dentry->d_inode); | 484 | isp = smk_of_inode(old_dentry->d_inode); |
448 | rc = smk_curacc(isp, MAY_WRITE); | 485 | rc = smk_curacc(isp, MAY_WRITE, &ad); |
449 | 486 | ||
450 | if (rc == 0 && new_dentry->d_inode != NULL) { | 487 | if (rc == 0 && new_dentry->d_inode != NULL) { |
451 | isp = smk_of_inode(new_dentry->d_inode); | 488 | isp = smk_of_inode(new_dentry->d_inode); |
452 | rc = smk_curacc(isp, MAY_WRITE); | 489 | smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); |
490 | rc = smk_curacc(isp, MAY_WRITE, &ad); | ||
453 | } | 491 | } |
454 | 492 | ||
455 | return rc; | 493 | return rc; |
@@ -466,18 +504,24 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, | |||
466 | static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) | 504 | static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) |
467 | { | 505 | { |
468 | struct inode *ip = dentry->d_inode; | 506 | struct inode *ip = dentry->d_inode; |
507 | struct smk_audit_info ad; | ||
469 | int rc; | 508 | int rc; |
470 | 509 | ||
510 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
511 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | ||
512 | |||
471 | /* | 513 | /* |
472 | * You need write access to the thing you're unlinking | 514 | * You need write access to the thing you're unlinking |
473 | */ | 515 | */ |
474 | rc = smk_curacc(smk_of_inode(ip), MAY_WRITE); | 516 | rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); |
475 | if (rc == 0) | 517 | if (rc == 0) { |
476 | /* | 518 | /* |
477 | * You also need write access to the containing directory | 519 | * You also need write access to the containing directory |
478 | */ | 520 | */ |
479 | rc = smk_curacc(smk_of_inode(dir), MAY_WRITE); | 521 | smk_ad_setfield_u_fs_path_dentry(&ad, NULL); |
480 | 522 | smk_ad_setfield_u_fs_inode(&ad, dir); | |
523 | rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); | ||
524 | } | ||
481 | return rc; | 525 | return rc; |
482 | } | 526 | } |
483 | 527 | ||
@@ -491,17 +535,24 @@ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) | |||
491 | */ | 535 | */ |
492 | static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) | 536 | static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) |
493 | { | 537 | { |
538 | struct smk_audit_info ad; | ||
494 | int rc; | 539 | int rc; |
495 | 540 | ||
541 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
542 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | ||
543 | |||
496 | /* | 544 | /* |
497 | * You need write access to the thing you're removing | 545 | * You need write access to the thing you're removing |
498 | */ | 546 | */ |
499 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); | 547 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
500 | if (rc == 0) | 548 | if (rc == 0) { |
501 | /* | 549 | /* |
502 | * You also need write access to the containing directory | 550 | * You also need write access to the containing directory |
503 | */ | 551 | */ |
504 | rc = smk_curacc(smk_of_inode(dir), MAY_WRITE); | 552 | smk_ad_setfield_u_fs_path_dentry(&ad, NULL); |
553 | smk_ad_setfield_u_fs_inode(&ad, dir); | ||
554 | rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); | ||
555 | } | ||
505 | 556 | ||
506 | return rc; | 557 | return rc; |
507 | } | 558 | } |
@@ -525,15 +576,19 @@ static int smack_inode_rename(struct inode *old_inode, | |||
525 | { | 576 | { |
526 | int rc; | 577 | int rc; |
527 | char *isp; | 578 | char *isp; |
579 | struct smk_audit_info ad; | ||
580 | |||
581 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
582 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); | ||
528 | 583 | ||
529 | isp = smk_of_inode(old_dentry->d_inode); | 584 | isp = smk_of_inode(old_dentry->d_inode); |
530 | rc = smk_curacc(isp, MAY_READWRITE); | 585 | rc = smk_curacc(isp, MAY_READWRITE, &ad); |
531 | 586 | ||
532 | if (rc == 0 && new_dentry->d_inode != NULL) { | 587 | if (rc == 0 && new_dentry->d_inode != NULL) { |
533 | isp = smk_of_inode(new_dentry->d_inode); | 588 | isp = smk_of_inode(new_dentry->d_inode); |
534 | rc = smk_curacc(isp, MAY_READWRITE); | 589 | smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); |
590 | rc = smk_curacc(isp, MAY_READWRITE, &ad); | ||
535 | } | 591 | } |
536 | |||
537 | return rc; | 592 | return rc; |
538 | } | 593 | } |
539 | 594 | ||
@@ -548,13 +603,15 @@ static int smack_inode_rename(struct inode *old_inode, | |||
548 | */ | 603 | */ |
549 | static int smack_inode_permission(struct inode *inode, int mask) | 604 | static int smack_inode_permission(struct inode *inode, int mask) |
550 | { | 605 | { |
606 | struct smk_audit_info ad; | ||
551 | /* | 607 | /* |
552 | * No permission to check. Existence test. Yup, it's there. | 608 | * No permission to check. Existence test. Yup, it's there. |
553 | */ | 609 | */ |
554 | if (mask == 0) | 610 | if (mask == 0) |
555 | return 0; | 611 | return 0; |
556 | 612 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | |
557 | return smk_curacc(smk_of_inode(inode), mask); | 613 | smk_ad_setfield_u_fs_inode(&ad, inode); |
614 | return smk_curacc(smk_of_inode(inode), mask, &ad); | ||
558 | } | 615 | } |
559 | 616 | ||
560 | /** | 617 | /** |
@@ -566,13 +623,16 @@ static int smack_inode_permission(struct inode *inode, int mask) | |||
566 | */ | 623 | */ |
567 | static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) | 624 | static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) |
568 | { | 625 | { |
626 | struct smk_audit_info ad; | ||
569 | /* | 627 | /* |
570 | * Need to allow for clearing the setuid bit. | 628 | * Need to allow for clearing the setuid bit. |
571 | */ | 629 | */ |
572 | if (iattr->ia_valid & ATTR_FORCE) | 630 | if (iattr->ia_valid & ATTR_FORCE) |
573 | return 0; | 631 | return 0; |
632 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
633 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | ||
574 | 634 | ||
575 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); | 635 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
576 | } | 636 | } |
577 | 637 | ||
578 | /** | 638 | /** |
@@ -584,7 +644,12 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |||
584 | */ | 644 | */ |
585 | static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 645 | static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
586 | { | 646 | { |
587 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); | 647 | struct smk_audit_info ad; |
648 | |||
649 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
650 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | ||
651 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); | ||
652 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); | ||
588 | } | 653 | } |
589 | 654 | ||
590 | /** | 655 | /** |
@@ -602,6 +667,7 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | |||
602 | static int smack_inode_setxattr(struct dentry *dentry, const char *name, | 667 | static int smack_inode_setxattr(struct dentry *dentry, const char *name, |
603 | const void *value, size_t size, int flags) | 668 | const void *value, size_t size, int flags) |
604 | { | 669 | { |
670 | struct smk_audit_info ad; | ||
605 | int rc = 0; | 671 | int rc = 0; |
606 | 672 | ||
607 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || | 673 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || |
@@ -615,8 +681,11 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, | |||
615 | } else | 681 | } else |
616 | rc = cap_inode_setxattr(dentry, name, value, size, flags); | 682 | rc = cap_inode_setxattr(dentry, name, value, size, flags); |
617 | 683 | ||
684 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
685 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | ||
686 | |||
618 | if (rc == 0) | 687 | if (rc == 0) |
619 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); | 688 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
620 | 689 | ||
621 | return rc; | 690 | return rc; |
622 | } | 691 | } |
@@ -671,7 +740,12 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
671 | */ | 740 | */ |
672 | static int smack_inode_getxattr(struct dentry *dentry, const char *name) | 741 | static int smack_inode_getxattr(struct dentry *dentry, const char *name) |
673 | { | 742 | { |
674 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); | 743 | struct smk_audit_info ad; |
744 | |||
745 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
746 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | ||
747 | |||
748 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); | ||
675 | } | 749 | } |
676 | 750 | ||
677 | /* | 751 | /* |
@@ -685,6 +759,7 @@ static int smack_inode_getxattr(struct dentry *dentry, const char *name) | |||
685 | */ | 759 | */ |
686 | static int smack_inode_removexattr(struct dentry *dentry, const char *name) | 760 | static int smack_inode_removexattr(struct dentry *dentry, const char *name) |
687 | { | 761 | { |
762 | struct smk_audit_info ad; | ||
688 | int rc = 0; | 763 | int rc = 0; |
689 | 764 | ||
690 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || | 765 | if (strcmp(name, XATTR_NAME_SMACK) == 0 || |
@@ -695,8 +770,10 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) | |||
695 | } else | 770 | } else |
696 | rc = cap_inode_removexattr(dentry, name); | 771 | rc = cap_inode_removexattr(dentry, name); |
697 | 772 | ||
773 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
774 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | ||
698 | if (rc == 0) | 775 | if (rc == 0) |
699 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); | 776 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
700 | 777 | ||
701 | return rc; | 778 | return rc; |
702 | } | 779 | } |
@@ -855,12 +932,16 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd, | |||
855 | unsigned long arg) | 932 | unsigned long arg) |
856 | { | 933 | { |
857 | int rc = 0; | 934 | int rc = 0; |
935 | struct smk_audit_info ad; | ||
936 | |||
937 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
938 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | ||
858 | 939 | ||
859 | if (_IOC_DIR(cmd) & _IOC_WRITE) | 940 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
860 | rc = smk_curacc(file->f_security, MAY_WRITE); | 941 | rc = smk_curacc(file->f_security, MAY_WRITE, &ad); |
861 | 942 | ||
862 | if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) | 943 | if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) |
863 | rc = smk_curacc(file->f_security, MAY_READ); | 944 | rc = smk_curacc(file->f_security, MAY_READ, &ad); |
864 | 945 | ||
865 | return rc; | 946 | return rc; |
866 | } | 947 | } |
@@ -874,7 +955,11 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd, | |||
874 | */ | 955 | */ |
875 | static int smack_file_lock(struct file *file, unsigned int cmd) | 956 | static int smack_file_lock(struct file *file, unsigned int cmd) |
876 | { | 957 | { |
877 | return smk_curacc(file->f_security, MAY_WRITE); | 958 | struct smk_audit_info ad; |
959 | |||
960 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
961 | smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry); | ||
962 | return smk_curacc(file->f_security, MAY_WRITE, &ad); | ||
878 | } | 963 | } |
879 | 964 | ||
880 | /** | 965 | /** |
@@ -888,8 +973,12 @@ static int smack_file_lock(struct file *file, unsigned int cmd) | |||
888 | static int smack_file_fcntl(struct file *file, unsigned int cmd, | 973 | static int smack_file_fcntl(struct file *file, unsigned int cmd, |
889 | unsigned long arg) | 974 | unsigned long arg) |
890 | { | 975 | { |
976 | struct smk_audit_info ad; | ||
891 | int rc; | 977 | int rc; |
892 | 978 | ||
979 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | ||
980 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | ||
981 | |||
893 | switch (cmd) { | 982 | switch (cmd) { |
894 | case F_DUPFD: | 983 | case F_DUPFD: |
895 | case F_GETFD: | 984 | case F_GETFD: |
@@ -897,7 +986,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
897 | case F_GETLK: | 986 | case F_GETLK: |
898 | case F_GETOWN: | 987 | case F_GETOWN: |
899 | case F_GETSIG: | 988 | case F_GETSIG: |
900 | rc = smk_curacc(file->f_security, MAY_READ); | 989 | rc = smk_curacc(file->f_security, MAY_READ, &ad); |
901 | break; | 990 | break; |
902 | case F_SETFD: | 991 | case F_SETFD: |
903 | case F_SETFL: | 992 | case F_SETFL: |
@@ -905,10 +994,10 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
905 | case F_SETLKW: | 994 | case F_SETLKW: |
906 | case F_SETOWN: | 995 | case F_SETOWN: |
907 | case F_SETSIG: | 996 | case F_SETSIG: |
908 | rc = smk_curacc(file->f_security, MAY_WRITE); | 997 | rc = smk_curacc(file->f_security, MAY_WRITE, &ad); |
909 | break; | 998 | break; |
910 | default: | 999 | default: |
911 | rc = smk_curacc(file->f_security, MAY_READWRITE); | 1000 | rc = smk_curacc(file->f_security, MAY_READWRITE, &ad); |
912 | } | 1001 | } |
913 | 1002 | ||
914 | return rc; | 1003 | return rc; |
@@ -943,14 +1032,21 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, | |||
943 | { | 1032 | { |
944 | struct file *file; | 1033 | struct file *file; |
945 | int rc; | 1034 | int rc; |
1035 | char *tsp = tsk->cred->security; | ||
1036 | struct smk_audit_info ad; | ||
946 | 1037 | ||
947 | /* | 1038 | /* |
948 | * struct fown_struct is never outside the context of a struct file | 1039 | * struct fown_struct is never outside the context of a struct file |
949 | */ | 1040 | */ |
950 | file = container_of(fown, struct file, f_owner); | 1041 | file = container_of(fown, struct file, f_owner); |
951 | rc = smk_access(file->f_security, tsk->cred->security, MAY_WRITE); | 1042 | /* we don't log here as rc can be overriden */ |
1043 | rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL); | ||
952 | if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) | 1044 | if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) |
953 | return 0; | 1045 | rc = 0; |
1046 | |||
1047 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | ||
1048 | smk_ad_setfield_u_tsk(&ad, tsk); | ||
1049 | smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad); | ||
954 | return rc; | 1050 | return rc; |
955 | } | 1051 | } |
956 | 1052 | ||
@@ -963,7 +1059,10 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, | |||
963 | static int smack_file_receive(struct file *file) | 1059 | static int smack_file_receive(struct file *file) |
964 | { | 1060 | { |
965 | int may = 0; | 1061 | int may = 0; |
1062 | struct smk_audit_info ad; | ||
966 | 1063 | ||
1064 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | ||
1065 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | ||
967 | /* | 1066 | /* |
968 | * This code relies on bitmasks. | 1067 | * This code relies on bitmasks. |
969 | */ | 1068 | */ |
@@ -972,7 +1071,7 @@ static int smack_file_receive(struct file *file) | |||
972 | if (file->f_mode & FMODE_WRITE) | 1071 | if (file->f_mode & FMODE_WRITE) |
973 | may |= MAY_WRITE; | 1072 | may |= MAY_WRITE; |
974 | 1073 | ||
975 | return smk_curacc(file->f_security, may); | 1074 | return smk_curacc(file->f_security, may, &ad); |
976 | } | 1075 | } |
977 | 1076 | ||
978 | /* | 1077 | /* |
@@ -1052,6 +1151,22 @@ static int smack_kernel_create_files_as(struct cred *new, | |||
1052 | } | 1151 | } |
1053 | 1152 | ||
1054 | /** | 1153 | /** |
1154 | * smk_curacc_on_task - helper to log task related access | ||
1155 | * @p: the task object | ||
1156 | * @access : the access requested | ||
1157 | * | ||
1158 | * Return 0 if access is permitted | ||
1159 | */ | ||
1160 | static int smk_curacc_on_task(struct task_struct *p, int access) | ||
1161 | { | ||
1162 | struct smk_audit_info ad; | ||
1163 | |||
1164 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | ||
1165 | smk_ad_setfield_u_tsk(&ad, p); | ||
1166 | return smk_curacc(task_security(p), access, &ad); | ||
1167 | } | ||
1168 | |||
1169 | /** | ||
1055 | * smack_task_setpgid - Smack check on setting pgid | 1170 | * smack_task_setpgid - Smack check on setting pgid |
1056 | * @p: the task object | 1171 | * @p: the task object |
1057 | * @pgid: unused | 1172 | * @pgid: unused |
@@ -1060,7 +1175,7 @@ static int smack_kernel_create_files_as(struct cred *new, | |||
1060 | */ | 1175 | */ |
1061 | static int smack_task_setpgid(struct task_struct *p, pid_t pgid) | 1176 | static int smack_task_setpgid(struct task_struct *p, pid_t pgid) |
1062 | { | 1177 | { |
1063 | return smk_curacc(task_security(p), MAY_WRITE); | 1178 | return smk_curacc_on_task(p, MAY_WRITE); |
1064 | } | 1179 | } |
1065 | 1180 | ||
1066 | /** | 1181 | /** |
@@ -1071,7 +1186,7 @@ static int smack_task_setpgid(struct task_struct *p, pid_t pgid) | |||
1071 | */ | 1186 | */ |
1072 | static int smack_task_getpgid(struct task_struct *p) | 1187 | static int smack_task_getpgid(struct task_struct *p) |
1073 | { | 1188 | { |
1074 | return smk_curacc(task_security(p), MAY_READ); | 1189 | return smk_curacc_on_task(p, MAY_READ); |
1075 | } | 1190 | } |
1076 | 1191 | ||
1077 | /** | 1192 | /** |
@@ -1082,7 +1197,7 @@ static int smack_task_getpgid(struct task_struct *p) | |||
1082 | */ | 1197 | */ |
1083 | static int smack_task_getsid(struct task_struct *p) | 1198 | static int smack_task_getsid(struct task_struct *p) |
1084 | { | 1199 | { |
1085 | return smk_curacc(task_security(p), MAY_READ); | 1200 | return smk_curacc_on_task(p, MAY_READ); |
1086 | } | 1201 | } |
1087 | 1202 | ||
1088 | /** | 1203 | /** |
@@ -1110,7 +1225,7 @@ static int smack_task_setnice(struct task_struct *p, int nice) | |||
1110 | 1225 | ||
1111 | rc = cap_task_setnice(p, nice); | 1226 | rc = cap_task_setnice(p, nice); |
1112 | if (rc == 0) | 1227 | if (rc == 0) |
1113 | rc = smk_curacc(task_security(p), MAY_WRITE); | 1228 | rc = smk_curacc_on_task(p, MAY_WRITE); |
1114 | return rc; | 1229 | return rc; |
1115 | } | 1230 | } |
1116 | 1231 | ||
@@ -1127,7 +1242,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio) | |||
1127 | 1242 | ||
1128 | rc = cap_task_setioprio(p, ioprio); | 1243 | rc = cap_task_setioprio(p, ioprio); |
1129 | if (rc == 0) | 1244 | if (rc == 0) |
1130 | rc = smk_curacc(task_security(p), MAY_WRITE); | 1245 | rc = smk_curacc_on_task(p, MAY_WRITE); |
1131 | return rc; | 1246 | return rc; |
1132 | } | 1247 | } |
1133 | 1248 | ||
@@ -1139,7 +1254,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio) | |||
1139 | */ | 1254 | */ |
1140 | static int smack_task_getioprio(struct task_struct *p) | 1255 | static int smack_task_getioprio(struct task_struct *p) |
1141 | { | 1256 | { |
1142 | return smk_curacc(task_security(p), MAY_READ); | 1257 | return smk_curacc_on_task(p, MAY_READ); |
1143 | } | 1258 | } |
1144 | 1259 | ||
1145 | /** | 1260 | /** |
@@ -1157,7 +1272,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy, | |||
1157 | 1272 | ||
1158 | rc = cap_task_setscheduler(p, policy, lp); | 1273 | rc = cap_task_setscheduler(p, policy, lp); |
1159 | if (rc == 0) | 1274 | if (rc == 0) |
1160 | rc = smk_curacc(task_security(p), MAY_WRITE); | 1275 | rc = smk_curacc_on_task(p, MAY_WRITE); |
1161 | return rc; | 1276 | return rc; |
1162 | } | 1277 | } |
1163 | 1278 | ||
@@ -1169,7 +1284,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy, | |||
1169 | */ | 1284 | */ |
1170 | static int smack_task_getscheduler(struct task_struct *p) | 1285 | static int smack_task_getscheduler(struct task_struct *p) |
1171 | { | 1286 | { |
1172 | return smk_curacc(task_security(p), MAY_READ); | 1287 | return smk_curacc_on_task(p, MAY_READ); |
1173 | } | 1288 | } |
1174 | 1289 | ||
1175 | /** | 1290 | /** |
@@ -1180,7 +1295,7 @@ static int smack_task_getscheduler(struct task_struct *p) | |||
1180 | */ | 1295 | */ |
1181 | static int smack_task_movememory(struct task_struct *p) | 1296 | static int smack_task_movememory(struct task_struct *p) |
1182 | { | 1297 | { |
1183 | return smk_curacc(task_security(p), MAY_WRITE); | 1298 | return smk_curacc_on_task(p, MAY_WRITE); |
1184 | } | 1299 | } |
1185 | 1300 | ||
1186 | /** | 1301 | /** |
@@ -1198,18 +1313,23 @@ static int smack_task_movememory(struct task_struct *p) | |||
1198 | static int smack_task_kill(struct task_struct *p, struct siginfo *info, | 1313 | static int smack_task_kill(struct task_struct *p, struct siginfo *info, |
1199 | int sig, u32 secid) | 1314 | int sig, u32 secid) |
1200 | { | 1315 | { |
1316 | struct smk_audit_info ad; | ||
1317 | |||
1318 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | ||
1319 | smk_ad_setfield_u_tsk(&ad, p); | ||
1201 | /* | 1320 | /* |
1202 | * Sending a signal requires that the sender | 1321 | * Sending a signal requires that the sender |
1203 | * can write the receiver. | 1322 | * can write the receiver. |
1204 | */ | 1323 | */ |
1205 | if (secid == 0) | 1324 | if (secid == 0) |
1206 | return smk_curacc(task_security(p), MAY_WRITE); | 1325 | return smk_curacc(task_security(p), MAY_WRITE, &ad); |
1207 | /* | 1326 | /* |
1208 | * If the secid isn't 0 we're dealing with some USB IO | 1327 | * If the secid isn't 0 we're dealing with some USB IO |
1209 | * specific behavior. This is not clean. For one thing | 1328 | * specific behavior. This is not clean. For one thing |
1210 | * we can't take privilege into account. | 1329 | * we can't take privilege into account. |
1211 | */ | 1330 | */ |
1212 | return smk_access(smack_from_secid(secid), task_security(p), MAY_WRITE); | 1331 | return smk_access(smack_from_secid(secid), task_security(p), |
1332 | MAY_WRITE, &ad); | ||
1213 | } | 1333 | } |
1214 | 1334 | ||
1215 | /** | 1335 | /** |
@@ -1220,11 +1340,15 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, | |||
1220 | */ | 1340 | */ |
1221 | static int smack_task_wait(struct task_struct *p) | 1341 | static int smack_task_wait(struct task_struct *p) |
1222 | { | 1342 | { |
1343 | struct smk_audit_info ad; | ||
1344 | char *sp = current_security(); | ||
1345 | char *tsp = task_security(p); | ||
1223 | int rc; | 1346 | int rc; |
1224 | 1347 | ||
1225 | rc = smk_access(current_security(), task_security(p), MAY_WRITE); | 1348 | /* we don't log here, we can be overriden */ |
1349 | rc = smk_access(sp, tsp, MAY_WRITE, NULL); | ||
1226 | if (rc == 0) | 1350 | if (rc == 0) |
1227 | return 0; | 1351 | goto out_log; |
1228 | 1352 | ||
1229 | /* | 1353 | /* |
1230 | * Allow the operation to succeed if either task | 1354 | * Allow the operation to succeed if either task |
@@ -1238,8 +1362,12 @@ static int smack_task_wait(struct task_struct *p) | |||
1238 | * the smack value. | 1362 | * the smack value. |
1239 | */ | 1363 | */ |
1240 | if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE)) | 1364 | if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE)) |
1241 | return 0; | 1365 | rc = 0; |
1242 | 1366 | /* we log only if we didn't get overriden */ | |
1367 | out_log: | ||
1368 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | ||
1369 | smk_ad_setfield_u_tsk(&ad, p); | ||
1370 | smack_log(sp, tsp, MAY_WRITE, rc, &ad); | ||
1243 | return rc; | 1371 | return rc; |
1244 | } | 1372 | } |
1245 | 1373 | ||
@@ -1455,12 +1583,19 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) | |||
1455 | int sk_lbl; | 1583 | int sk_lbl; |
1456 | char *hostsp; | 1584 | char *hostsp; |
1457 | struct socket_smack *ssp = sk->sk_security; | 1585 | struct socket_smack *ssp = sk->sk_security; |
1586 | struct smk_audit_info ad; | ||
1458 | 1587 | ||
1459 | rcu_read_lock(); | 1588 | rcu_read_lock(); |
1460 | hostsp = smack_host_label(sap); | 1589 | hostsp = smack_host_label(sap); |
1461 | if (hostsp != NULL) { | 1590 | if (hostsp != NULL) { |
1462 | sk_lbl = SMACK_UNLABELED_SOCKET; | 1591 | sk_lbl = SMACK_UNLABELED_SOCKET; |
1463 | rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE); | 1592 | #ifdef CONFIG_AUDIT |
1593 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); | ||
1594 | ad.a.u.net.family = sap->sin_family; | ||
1595 | ad.a.u.net.dport = sap->sin_port; | ||
1596 | ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr; | ||
1597 | #endif | ||
1598 | rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad); | ||
1464 | } else { | 1599 | } else { |
1465 | sk_lbl = SMACK_CIPSO_SOCKET; | 1600 | sk_lbl = SMACK_CIPSO_SOCKET; |
1466 | rc = 0; | 1601 | rc = 0; |
@@ -1656,6 +1791,25 @@ static void smack_shm_free_security(struct shmid_kernel *shp) | |||
1656 | } | 1791 | } |
1657 | 1792 | ||
1658 | /** | 1793 | /** |
1794 | * smk_curacc_shm : check if current has access on shm | ||
1795 | * @shp : the object | ||
1796 | * @access : access requested | ||
1797 | * | ||
1798 | * Returns 0 if current has the requested access, error code otherwise | ||
1799 | */ | ||
1800 | static int smk_curacc_shm(struct shmid_kernel *shp, int access) | ||
1801 | { | ||
1802 | char *ssp = smack_of_shm(shp); | ||
1803 | struct smk_audit_info ad; | ||
1804 | |||
1805 | #ifdef CONFIG_AUDIT | ||
1806 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); | ||
1807 | ad.a.u.ipc_id = shp->shm_perm.id; | ||
1808 | #endif | ||
1809 | return smk_curacc(ssp, access, &ad); | ||
1810 | } | ||
1811 | |||
1812 | /** | ||
1659 | * smack_shm_associate - Smack access check for shm | 1813 | * smack_shm_associate - Smack access check for shm |
1660 | * @shp: the object | 1814 | * @shp: the object |
1661 | * @shmflg: access requested | 1815 | * @shmflg: access requested |
@@ -1664,11 +1818,10 @@ static void smack_shm_free_security(struct shmid_kernel *shp) | |||
1664 | */ | 1818 | */ |
1665 | static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) | 1819 | static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) |
1666 | { | 1820 | { |
1667 | char *ssp = smack_of_shm(shp); | ||
1668 | int may; | 1821 | int may; |
1669 | 1822 | ||
1670 | may = smack_flags_to_may(shmflg); | 1823 | may = smack_flags_to_may(shmflg); |
1671 | return smk_curacc(ssp, may); | 1824 | return smk_curacc_shm(shp, may); |
1672 | } | 1825 | } |
1673 | 1826 | ||
1674 | /** | 1827 | /** |
@@ -1680,7 +1833,6 @@ static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) | |||
1680 | */ | 1833 | */ |
1681 | static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) | 1834 | static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) |
1682 | { | 1835 | { |
1683 | char *ssp; | ||
1684 | int may; | 1836 | int may; |
1685 | 1837 | ||
1686 | switch (cmd) { | 1838 | switch (cmd) { |
@@ -1703,9 +1855,7 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) | |||
1703 | default: | 1855 | default: |
1704 | return -EINVAL; | 1856 | return -EINVAL; |
1705 | } | 1857 | } |
1706 | 1858 | return smk_curacc_shm(shp, may); | |
1707 | ssp = smack_of_shm(shp); | ||
1708 | return smk_curacc(ssp, may); | ||
1709 | } | 1859 | } |
1710 | 1860 | ||
1711 | /** | 1861 | /** |
@@ -1719,11 +1869,10 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) | |||
1719 | static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, | 1869 | static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, |
1720 | int shmflg) | 1870 | int shmflg) |
1721 | { | 1871 | { |
1722 | char *ssp = smack_of_shm(shp); | ||
1723 | int may; | 1872 | int may; |
1724 | 1873 | ||
1725 | may = smack_flags_to_may(shmflg); | 1874 | may = smack_flags_to_may(shmflg); |
1726 | return smk_curacc(ssp, may); | 1875 | return smk_curacc_shm(shp, may); |
1727 | } | 1876 | } |
1728 | 1877 | ||
1729 | /** | 1878 | /** |
@@ -1765,6 +1914,25 @@ static void smack_sem_free_security(struct sem_array *sma) | |||
1765 | } | 1914 | } |
1766 | 1915 | ||
1767 | /** | 1916 | /** |
1917 | * smk_curacc_sem : check if current has access on sem | ||
1918 | * @sma : the object | ||
1919 | * @access : access requested | ||
1920 | * | ||
1921 | * Returns 0 if current has the requested access, error code otherwise | ||
1922 | */ | ||
1923 | static int smk_curacc_sem(struct sem_array *sma, int access) | ||
1924 | { | ||
1925 | char *ssp = smack_of_sem(sma); | ||
1926 | struct smk_audit_info ad; | ||
1927 | |||
1928 | #ifdef CONFIG_AUDIT | ||
1929 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); | ||
1930 | ad.a.u.ipc_id = sma->sem_perm.id; | ||
1931 | #endif | ||
1932 | return smk_curacc(ssp, access, &ad); | ||
1933 | } | ||
1934 | |||
1935 | /** | ||
1768 | * smack_sem_associate - Smack access check for sem | 1936 | * smack_sem_associate - Smack access check for sem |
1769 | * @sma: the object | 1937 | * @sma: the object |
1770 | * @semflg: access requested | 1938 | * @semflg: access requested |
@@ -1773,11 +1941,10 @@ static void smack_sem_free_security(struct sem_array *sma) | |||
1773 | */ | 1941 | */ |
1774 | static int smack_sem_associate(struct sem_array *sma, int semflg) | 1942 | static int smack_sem_associate(struct sem_array *sma, int semflg) |
1775 | { | 1943 | { |
1776 | char *ssp = smack_of_sem(sma); | ||
1777 | int may; | 1944 | int may; |
1778 | 1945 | ||
1779 | may = smack_flags_to_may(semflg); | 1946 | may = smack_flags_to_may(semflg); |
1780 | return smk_curacc(ssp, may); | 1947 | return smk_curacc_sem(sma, may); |
1781 | } | 1948 | } |
1782 | 1949 | ||
1783 | /** | 1950 | /** |
@@ -1789,7 +1956,6 @@ static int smack_sem_associate(struct sem_array *sma, int semflg) | |||
1789 | */ | 1956 | */ |
1790 | static int smack_sem_semctl(struct sem_array *sma, int cmd) | 1957 | static int smack_sem_semctl(struct sem_array *sma, int cmd) |
1791 | { | 1958 | { |
1792 | char *ssp; | ||
1793 | int may; | 1959 | int may; |
1794 | 1960 | ||
1795 | switch (cmd) { | 1961 | switch (cmd) { |
@@ -1818,8 +1984,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd) | |||
1818 | return -EINVAL; | 1984 | return -EINVAL; |
1819 | } | 1985 | } |
1820 | 1986 | ||
1821 | ssp = smack_of_sem(sma); | 1987 | return smk_curacc_sem(sma, may); |
1822 | return smk_curacc(ssp, may); | ||
1823 | } | 1988 | } |
1824 | 1989 | ||
1825 | /** | 1990 | /** |
@@ -1836,9 +2001,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd) | |||
1836 | static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, | 2001 | static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, |
1837 | unsigned nsops, int alter) | 2002 | unsigned nsops, int alter) |
1838 | { | 2003 | { |
1839 | char *ssp = smack_of_sem(sma); | 2004 | return smk_curacc_sem(sma, MAY_READWRITE); |
1840 | |||
1841 | return smk_curacc(ssp, MAY_READWRITE); | ||
1842 | } | 2005 | } |
1843 | 2006 | ||
1844 | /** | 2007 | /** |
@@ -1880,6 +2043,25 @@ static char *smack_of_msq(struct msg_queue *msq) | |||
1880 | } | 2043 | } |
1881 | 2044 | ||
1882 | /** | 2045 | /** |
2046 | * smk_curacc_msq : helper to check if current has access on msq | ||
2047 | * @msq : the msq | ||
2048 | * @access : access requested | ||
2049 | * | ||
2050 | * return 0 if current has access, error otherwise | ||
2051 | */ | ||
2052 | static int smk_curacc_msq(struct msg_queue *msq, int access) | ||
2053 | { | ||
2054 | char *msp = smack_of_msq(msq); | ||
2055 | struct smk_audit_info ad; | ||
2056 | |||
2057 | #ifdef CONFIG_AUDIT | ||
2058 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); | ||
2059 | ad.a.u.ipc_id = msq->q_perm.id; | ||
2060 | #endif | ||
2061 | return smk_curacc(msp, access, &ad); | ||
2062 | } | ||
2063 | |||
2064 | /** | ||
1883 | * smack_msg_queue_associate - Smack access check for msg_queue | 2065 | * smack_msg_queue_associate - Smack access check for msg_queue |
1884 | * @msq: the object | 2066 | * @msq: the object |
1885 | * @msqflg: access requested | 2067 | * @msqflg: access requested |
@@ -1888,11 +2070,10 @@ static char *smack_of_msq(struct msg_queue *msq) | |||
1888 | */ | 2070 | */ |
1889 | static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) | 2071 | static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) |
1890 | { | 2072 | { |
1891 | char *msp = smack_of_msq(msq); | ||
1892 | int may; | 2073 | int may; |
1893 | 2074 | ||
1894 | may = smack_flags_to_may(msqflg); | 2075 | may = smack_flags_to_may(msqflg); |
1895 | return smk_curacc(msp, may); | 2076 | return smk_curacc_msq(msq, may); |
1896 | } | 2077 | } |
1897 | 2078 | ||
1898 | /** | 2079 | /** |
@@ -1904,7 +2085,6 @@ static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) | |||
1904 | */ | 2085 | */ |
1905 | static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) | 2086 | static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) |
1906 | { | 2087 | { |
1907 | char *msp; | ||
1908 | int may; | 2088 | int may; |
1909 | 2089 | ||
1910 | switch (cmd) { | 2090 | switch (cmd) { |
@@ -1926,8 +2106,7 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) | |||
1926 | return -EINVAL; | 2106 | return -EINVAL; |
1927 | } | 2107 | } |
1928 | 2108 | ||
1929 | msp = smack_of_msq(msq); | 2109 | return smk_curacc_msq(msq, may); |
1930 | return smk_curacc(msp, may); | ||
1931 | } | 2110 | } |
1932 | 2111 | ||
1933 | /** | 2112 | /** |
@@ -1941,11 +2120,10 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) | |||
1941 | static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | 2120 | static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, |
1942 | int msqflg) | 2121 | int msqflg) |
1943 | { | 2122 | { |
1944 | char *msp = smack_of_msq(msq); | 2123 | int may; |
1945 | int rc; | ||
1946 | 2124 | ||
1947 | rc = smack_flags_to_may(msqflg); | 2125 | may = smack_flags_to_may(msqflg); |
1948 | return smk_curacc(msp, rc); | 2126 | return smk_curacc_msq(msq, may); |
1949 | } | 2127 | } |
1950 | 2128 | ||
1951 | /** | 2129 | /** |
@@ -1961,9 +2139,7 @@ static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
1961 | static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | 2139 | static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, |
1962 | struct task_struct *target, long type, int mode) | 2140 | struct task_struct *target, long type, int mode) |
1963 | { | 2141 | { |
1964 | char *msp = smack_of_msq(msq); | 2142 | return smk_curacc_msq(msq, MAY_READWRITE); |
1965 | |||
1966 | return smk_curacc(msp, MAY_READWRITE); | ||
1967 | } | 2143 | } |
1968 | 2144 | ||
1969 | /** | 2145 | /** |
@@ -1976,10 +2152,14 @@ static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
1976 | static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) | 2152 | static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) |
1977 | { | 2153 | { |
1978 | char *isp = ipp->security; | 2154 | char *isp = ipp->security; |
1979 | int may; | 2155 | int may = smack_flags_to_may(flag); |
2156 | struct smk_audit_info ad; | ||
1980 | 2157 | ||
1981 | may = smack_flags_to_may(flag); | 2158 | #ifdef CONFIG_AUDIT |
1982 | return smk_curacc(isp, may); | 2159 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); |
2160 | ad.a.u.ipc_id = ipp->id; | ||
2161 | #endif | ||
2162 | return smk_curacc(isp, may, &ad); | ||
1983 | } | 2163 | } |
1984 | 2164 | ||
1985 | /** | 2165 | /** |
@@ -2238,8 +2418,12 @@ static int smack_unix_stream_connect(struct socket *sock, | |||
2238 | { | 2418 | { |
2239 | struct inode *sp = SOCK_INODE(sock); | 2419 | struct inode *sp = SOCK_INODE(sock); |
2240 | struct inode *op = SOCK_INODE(other); | 2420 | struct inode *op = SOCK_INODE(other); |
2421 | struct smk_audit_info ad; | ||
2241 | 2422 | ||
2242 | return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_READWRITE); | 2423 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); |
2424 | smk_ad_setfield_u_net_sk(&ad, other->sk); | ||
2425 | return smk_access(smk_of_inode(sp), smk_of_inode(op), | ||
2426 | MAY_READWRITE, &ad); | ||
2243 | } | 2427 | } |
2244 | 2428 | ||
2245 | /** | 2429 | /** |
@@ -2254,8 +2438,11 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other) | |||
2254 | { | 2438 | { |
2255 | struct inode *sp = SOCK_INODE(sock); | 2439 | struct inode *sp = SOCK_INODE(sock); |
2256 | struct inode *op = SOCK_INODE(other); | 2440 | struct inode *op = SOCK_INODE(other); |
2441 | struct smk_audit_info ad; | ||
2257 | 2442 | ||
2258 | return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE); | 2443 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); |
2444 | smk_ad_setfield_u_net_sk(&ad, other->sk); | ||
2445 | return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE, &ad); | ||
2259 | } | 2446 | } |
2260 | 2447 | ||
2261 | /** | 2448 | /** |
@@ -2370,7 +2557,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
2370 | char smack[SMK_LABELLEN]; | 2557 | char smack[SMK_LABELLEN]; |
2371 | char *csp; | 2558 | char *csp; |
2372 | int rc; | 2559 | int rc; |
2373 | 2560 | struct smk_audit_info ad; | |
2374 | if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) | 2561 | if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) |
2375 | return 0; | 2562 | return 0; |
2376 | 2563 | ||
@@ -2388,13 +2575,19 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
2388 | 2575 | ||
2389 | netlbl_secattr_destroy(&secattr); | 2576 | netlbl_secattr_destroy(&secattr); |
2390 | 2577 | ||
2578 | #ifdef CONFIG_AUDIT | ||
2579 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); | ||
2580 | ad.a.u.net.family = sk->sk_family; | ||
2581 | ad.a.u.net.netif = skb->iif; | ||
2582 | ipv4_skb_to_auditdata(skb, &ad.a, NULL); | ||
2583 | #endif | ||
2391 | /* | 2584 | /* |
2392 | * Receiving a packet requires that the other end | 2585 | * Receiving a packet requires that the other end |
2393 | * be able to write here. Read access is not required. | 2586 | * be able to write here. Read access is not required. |
2394 | * This is the simplist possible security model | 2587 | * This is the simplist possible security model |
2395 | * for networking. | 2588 | * for networking. |
2396 | */ | 2589 | */ |
2397 | rc = smk_access(csp, ssp->smk_in, MAY_WRITE); | 2590 | rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad); |
2398 | if (rc != 0) | 2591 | if (rc != 0) |
2399 | netlbl_skbuff_err(skb, rc, 0); | 2592 | netlbl_skbuff_err(skb, rc, 0); |
2400 | return rc; | 2593 | return rc; |
@@ -2523,6 +2716,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, | |||
2523 | struct iphdr *hdr; | 2716 | struct iphdr *hdr; |
2524 | char smack[SMK_LABELLEN]; | 2717 | char smack[SMK_LABELLEN]; |
2525 | int rc; | 2718 | int rc; |
2719 | struct smk_audit_info ad; | ||
2526 | 2720 | ||
2527 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ | 2721 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ |
2528 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) | 2722 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) |
@@ -2536,11 +2730,17 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, | |||
2536 | strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); | 2730 | strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); |
2537 | netlbl_secattr_destroy(&secattr); | 2731 | netlbl_secattr_destroy(&secattr); |
2538 | 2732 | ||
2733 | #ifdef CONFIG_AUDIT | ||
2734 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); | ||
2735 | ad.a.u.net.family = family; | ||
2736 | ad.a.u.net.netif = skb->iif; | ||
2737 | ipv4_skb_to_auditdata(skb, &ad.a, NULL); | ||
2738 | #endif | ||
2539 | /* | 2739 | /* |
2540 | * Receiving a packet requires that the other end be able to write | 2740 | * Receiving a packet requires that the other end be able to write |
2541 | * here. Read access is not required. | 2741 | * here. Read access is not required. |
2542 | */ | 2742 | */ |
2543 | rc = smk_access(smack, ssp->smk_in, MAY_WRITE); | 2743 | rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad); |
2544 | if (rc != 0) | 2744 | if (rc != 0) |
2545 | return rc; | 2745 | return rc; |
2546 | 2746 | ||
@@ -2642,6 +2842,7 @@ static int smack_key_permission(key_ref_t key_ref, | |||
2642 | const struct cred *cred, key_perm_t perm) | 2842 | const struct cred *cred, key_perm_t perm) |
2643 | { | 2843 | { |
2644 | struct key *keyp; | 2844 | struct key *keyp; |
2845 | struct smk_audit_info ad; | ||
2645 | 2846 | ||
2646 | keyp = key_ref_to_ptr(key_ref); | 2847 | keyp = key_ref_to_ptr(key_ref); |
2647 | if (keyp == NULL) | 2848 | if (keyp == NULL) |
@@ -2657,8 +2858,13 @@ static int smack_key_permission(key_ref_t key_ref, | |||
2657 | */ | 2858 | */ |
2658 | if (cred->security == NULL) | 2859 | if (cred->security == NULL) |
2659 | return -EACCES; | 2860 | return -EACCES; |
2660 | 2861 | #ifdef CONFIG_AUDIT | |
2661 | return smk_access(cred->security, keyp->security, MAY_READWRITE); | 2862 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); |
2863 | ad.a.u.key_struct.key = keyp->serial; | ||
2864 | ad.a.u.key_struct.key_desc = keyp->description; | ||
2865 | #endif | ||
2866 | return smk_access(cred->security, keyp->security, | ||
2867 | MAY_READWRITE, &ad); | ||
2662 | } | 2868 | } |
2663 | #endif /* CONFIG_KEYS */ | 2869 | #endif /* CONFIG_KEYS */ |
2664 | 2870 | ||
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index e03a7e19c73b..904af3483286 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
@@ -41,6 +41,7 @@ enum smk_inos { | |||
41 | SMK_AMBIENT = 7, /* internet ambient label */ | 41 | SMK_AMBIENT = 7, /* internet ambient label */ |
42 | SMK_NETLBLADDR = 8, /* single label hosts */ | 42 | SMK_NETLBLADDR = 8, /* single label hosts */ |
43 | SMK_ONLYCAP = 9, /* the only "capable" label */ | 43 | SMK_ONLYCAP = 9, /* the only "capable" label */ |
44 | SMK_LOGGING = 10, /* logging */ | ||
44 | }; | 45 | }; |
45 | 46 | ||
46 | /* | 47 | /* |
@@ -1192,6 +1193,69 @@ static const struct file_operations smk_onlycap_ops = { | |||
1192 | }; | 1193 | }; |
1193 | 1194 | ||
1194 | /** | 1195 | /** |
1196 | * smk_read_logging - read() for /smack/logging | ||
1197 | * @filp: file pointer, not actually used | ||
1198 | * @buf: where to put the result | ||
1199 | * @cn: maximum to send along | ||
1200 | * @ppos: where to start | ||
1201 | * | ||
1202 | * Returns number of bytes read or error code, as appropriate | ||
1203 | */ | ||
1204 | static ssize_t smk_read_logging(struct file *filp, char __user *buf, | ||
1205 | size_t count, loff_t *ppos) | ||
1206 | { | ||
1207 | char temp[32]; | ||
1208 | ssize_t rc; | ||
1209 | |||
1210 | if (*ppos != 0) | ||
1211 | return 0; | ||
1212 | |||
1213 | sprintf(temp, "%d\n", log_policy); | ||
1214 | rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); | ||
1215 | return rc; | ||
1216 | } | ||
1217 | |||
1218 | /** | ||
1219 | * smk_write_logging - write() for /smack/logging | ||
1220 | * @file: file pointer, not actually used | ||
1221 | * @buf: where to get the data from | ||
1222 | * @count: bytes sent | ||
1223 | * @ppos: where to start | ||
1224 | * | ||
1225 | * Returns number of bytes written or error code, as appropriate | ||
1226 | */ | ||
1227 | static ssize_t smk_write_logging(struct file *file, const char __user *buf, | ||
1228 | size_t count, loff_t *ppos) | ||
1229 | { | ||
1230 | char temp[32]; | ||
1231 | int i; | ||
1232 | |||
1233 | if (!capable(CAP_MAC_ADMIN)) | ||
1234 | return -EPERM; | ||
1235 | |||
1236 | if (count >= sizeof(temp) || count == 0) | ||
1237 | return -EINVAL; | ||
1238 | |||
1239 | if (copy_from_user(temp, buf, count) != 0) | ||
1240 | return -EFAULT; | ||
1241 | |||
1242 | temp[count] = '\0'; | ||
1243 | |||
1244 | if (sscanf(temp, "%d", &i) != 1) | ||
1245 | return -EINVAL; | ||
1246 | if (i < 0 || i > 3) | ||
1247 | return -EINVAL; | ||
1248 | log_policy = i; | ||
1249 | return count; | ||
1250 | } | ||
1251 | |||
1252 | |||
1253 | |||
1254 | static const struct file_operations smk_logging_ops = { | ||
1255 | .read = smk_read_logging, | ||
1256 | .write = smk_write_logging, | ||
1257 | }; | ||
1258 | /** | ||
1195 | * smk_fill_super - fill the /smackfs superblock | 1259 | * smk_fill_super - fill the /smackfs superblock |
1196 | * @sb: the empty superblock | 1260 | * @sb: the empty superblock |
1197 | * @data: unused | 1261 | * @data: unused |
@@ -1221,6 +1285,8 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) | |||
1221 | {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, | 1285 | {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, |
1222 | [SMK_ONLYCAP] = | 1286 | [SMK_ONLYCAP] = |
1223 | {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, | 1287 | {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, |
1288 | [SMK_LOGGING] = | ||
1289 | {"logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, | ||
1224 | /* last one */ {""} | 1290 | /* last one */ {""} |
1225 | }; | 1291 | }; |
1226 | 1292 | ||