1 files changed, 46 insertions, 15 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 15aa37f65b39..358c92c1a153 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -24,6 +24,7 @@
 #include <net/cipso_ipv4.h>
 #include <linux/seq_file.h>
 #include <linux/ctype.h>
+#include <linux/audit.h>
 #include "smack.h"
 /*
@@ -45,6 +46,7 @@ enum smk_inos {
 */
 static DEFINE_MUTEX(smack_list_lock);
 static DEFINE_MUTEX(smack_cipso_lock);
+static DEFINE_MUTEX(smack_ambient_lock);
 /*
 * This is the "ambient" label for network traffic.
@@ -342,6 +344,9 @@ void smk_cipso_doi(void)
        struct cipso_v4_doi *doip;
        struct netlbl_audit audit_info;
+        audit_info.loginuid = audit_get_loginuid(current);
+        audit_info.secid = smack_to_secid(current->security);
        rc = netlbl_cfg_map_del(NULL, &audit_info);
        if (rc != 0)
                printk(KERN_WARNING "%s:%d remove rc = %d\n",
@@ -363,6 +368,30 @@ void smk_cipso_doi(void)
                       __func__, __LINE__, rc);
 }
+/**
+ * smk_unlbl_ambient - initialize the unlabeled domain
+ */
+void smk_unlbl_ambient(char *oldambient)
+{
+        int rc;
+        struct netlbl_audit audit_info;
+        audit_info.loginuid = audit_get_loginuid(current);
+        audit_info.secid = smack_to_secid(current->security);
+        if (oldambient != NULL) {
+                rc = netlbl_cfg_map_del(oldambient, &audit_info);
+                if (rc != 0)
+                        printk(KERN_WARNING "%s:%d remove rc = %d\n",
+                               __func__, __LINE__, rc);
+        }
+        rc = netlbl_cfg_unlbl_add_map(smack_net_ambient, &audit_info);
+        if (rc != 0)
+                printk(KERN_WARNING "%s:%d add rc = %d\n",
+                       __func__, __LINE__, rc);
+}
 /*
 * Seq_file read operations for /smack/cipso
 */
@@ -709,7 +738,6 @@ static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
                                size_t cn, loff_t *ppos)
 {
        ssize_t rc;
-        char out[SMK_LABELLEN];
        int asize;
        if (*ppos != 0)
@@ -717,23 +745,18 @@ static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
        /*
         * Being careful to avoid a problem in the case where
         * smack_net_ambient gets changed in midstream.
-         * Since smack_net_ambient is always set with a value
-         * from the label list, including initially, and those
-         * never get freed, the worst case is that the pointer
-         * gets changed just after this strncpy, in which case
-         * the value passed up is incorrect. Locking around
-         * smack_net_ambient wouldn't be any better than this
-         * copy scheme as by the time the caller got to look
-         * at the ambient value it would have cleared the lock
-         * and been changed.
         */
-        strncpy(out, smack_net_ambient, SMK_LABELLEN);
+        mutex_lock(&smack_ambient_lock);
-        asize = strlen(out) + 1;
-        if (cn < asize)
+        asize = strlen(smack_net_ambient) + 1;
-                return -EINVAL;
+        if (cn >= asize)
+                rc = simple_read_from_buffer(buf, cn, ppos,
+                                             smack_net_ambient, asize);
+        else
+                rc = -EINVAL;
-        rc = simple_read_from_buffer(buf, cn, ppos, out, asize);
+        mutex_unlock(&smack_ambient_lock);
        return rc;
 }
@@ -751,6 +774,7 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
                                 size_t count, loff_t *ppos)
 {
        char in[SMK_LABELLEN];
+        char *oldambient;
        char *smack;
        if (!capable(CAP_MAC_ADMIN))
@@ -766,7 +790,13 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
        if (smack == NULL)
                return -EINVAL;
+        mutex_lock(&smack_ambient_lock);
+        oldambient = smack_net_ambient;
        smack_net_ambient = smack;
+        smk_unlbl_ambient(oldambient);
+        mutex_unlock(&smack_ambient_lock);
        return count;
 }
@@ -974,6 +1004,7 @@ static int __init init_smk_fs(void)
        sema_init(&smack_write_sem, 1);
        smk_cipso_doi();
+        smk_unlbl_ambient(NULL);
        return err;
 }

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 15aa37f65b39..358c92c1a153 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c
@@ -24,6 +24,7 @@
24	#include <net/cipso_ipv4.h>	24	#include <net/cipso_ipv4.h>
25	#include <linux/seq_file.h>	25	#include <linux/seq_file.h>
26	#include <linux/ctype.h>	26	#include <linux/ctype.h>
		27	#include <linux/audit.h>
27	#include "smack.h"	28	#include "smack.h"
28		29
29	/*	30	/*
@@ -45,6 +46,7 @@ enum smk_inos {
45	*/	46	*/
46	static DEFINE_MUTEX(smack_list_lock);	47	static DEFINE_MUTEX(smack_list_lock);
47	static DEFINE_MUTEX(smack_cipso_lock);	48	static DEFINE_MUTEX(smack_cipso_lock);
		49	static DEFINE_MUTEX(smack_ambient_lock);
48		50
49	/*	51	/*
50	* This is the "ambient" label for network traffic.	52	* This is the "ambient" label for network traffic.
@@ -342,6 +344,9 @@ void smk_cipso_doi(void)
342	struct cipso_v4_doi *doip;	344	struct cipso_v4_doi *doip;
343	struct netlbl_audit audit_info;	345	struct netlbl_audit audit_info;
344		346
		347	audit_info.loginuid = audit_get_loginuid(current);
		348	audit_info.secid = smack_to_secid(current->security);
		349
345	rc = netlbl_cfg_map_del(NULL, &audit_info);	350	rc = netlbl_cfg_map_del(NULL, &audit_info);
346	if (rc != 0)	351	if (rc != 0)
347	printk(KERN_WARNING "%s:%d remove rc = %d\n",	352	printk(KERN_WARNING "%s:%d remove rc = %d\n",
@@ -363,6 +368,30 @@ void smk_cipso_doi(void)
363	__func__, __LINE__, rc);	368	__func__, __LINE__, rc);
364	}	369	}
365		370
		371	/**
		372	* smk_unlbl_ambient - initialize the unlabeled domain
		373	*/
		374	void smk_unlbl_ambient(char *oldambient)
		375	{
		376	int rc;
		377	struct netlbl_audit audit_info;
		378
		379	audit_info.loginuid = audit_get_loginuid(current);
		380	audit_info.secid = smack_to_secid(current->security);
		381
		382	if (oldambient != NULL) {
		383	rc = netlbl_cfg_map_del(oldambient, &audit_info);
		384	if (rc != 0)
		385	printk(KERN_WARNING "%s:%d remove rc = %d\n",
		386	__func__, __LINE__, rc);
		387	}
		388
		389	rc = netlbl_cfg_unlbl_add_map(smack_net_ambient, &audit_info);
		390	if (rc != 0)
		391	printk(KERN_WARNING "%s:%d add rc = %d\n",
		392	__func__, __LINE__, rc);
		393	}
		394
366	/*	395	/*
367	* Seq_file read operations for /smack/cipso	396	* Seq_file read operations for /smack/cipso
368	*/	397	*/
@@ -709,7 +738,6 @@ static ssize_t smk_read_ambient(struct file filp, char __user buf,
709	size_t cn, loff_t *ppos)	738	size_t cn, loff_t *ppos)
710	{	739	{
711	ssize_t rc;	740	ssize_t rc;
712	char out[SMK_LABELLEN];
713	int asize;	741	int asize;
714		742
715	if (*ppos != 0)	743	if (*ppos != 0)
@@ -717,23 +745,18 @@ static ssize_t smk_read_ambient(struct file filp, char __user buf,
717	/*	745	/*
718	* Being careful to avoid a problem in the case where	746	* Being careful to avoid a problem in the case where
719	* smack_net_ambient gets changed in midstream.	747	* smack_net_ambient gets changed in midstream.
720	* Since smack_net_ambient is always set with a value
721	* from the label list, including initially, and those
722	* never get freed, the worst case is that the pointer
723	* gets changed just after this strncpy, in which case
724	* the value passed up is incorrect. Locking around
725	* smack_net_ambient wouldn't be any better than this
726	* copy scheme as by the time the caller got to look
727	* at the ambient value it would have cleared the lock
728	* and been changed.
729	*/	748	*/
730	strncpy(out, smack_net_ambient, SMK_LABELLEN);	749	mutex_lock(&smack_ambient_lock);
731	asize = strlen(out) + 1;
732		750
733	if (cn < asize)	751	asize = strlen(smack_net_ambient) + 1;
734	return -EINVAL;	752
		753	if (cn >= asize)
		754	rc = simple_read_from_buffer(buf, cn, ppos,
		755	smack_net_ambient, asize);
		756	else
		757	rc = -EINVAL;
735		758
736	rc = simple_read_from_buffer(buf, cn, ppos, out, asize);	759	mutex_unlock(&smack_ambient_lock);
737		760
738	return rc;	761	return rc;
739	}	762	}
@@ -751,6 +774,7 @@ static ssize_t smk_write_ambient(struct file file, const char __user buf,
751	size_t count, loff_t *ppos)	774	size_t count, loff_t *ppos)
752	{	775	{
753	char in[SMK_LABELLEN];	776	char in[SMK_LABELLEN];
		777	char *oldambient;
754	char *smack;	778	char *smack;
755		779
756	if (!capable(CAP_MAC_ADMIN))	780	if (!capable(CAP_MAC_ADMIN))
@@ -766,7 +790,13 @@ static ssize_t smk_write_ambient(struct file file, const char __user buf,
766	if (smack == NULL)	790	if (smack == NULL)
767	return -EINVAL;	791	return -EINVAL;
768		792
		793	mutex_lock(&smack_ambient_lock);
		794
		795	oldambient = smack_net_ambient;
769	smack_net_ambient = smack;	796	smack_net_ambient = smack;
		797	smk_unlbl_ambient(oldambient);
		798
		799	mutex_unlock(&smack_ambient_lock);
770		800
771	return count;	801	return count;
772	}	802	}
@@ -974,6 +1004,7 @@ static int __init init_smk_fs(void)
974		1004
975	sema_init(&smack_write_sem, 1);	1005	sema_init(&smack_write_sem, 1);
976	smk_cipso_doi();	1006	smk_cipso_doi();
		1007	smk_unlbl_ambient(NULL);
977		1008
978	return err;	1009	return err;
979	}	1010	}