tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*
2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, version 2.
7 *
8 * Author:
9 * Casey Schaufler <casey@schaufler-ca.com>
10 *
11 */
12
13#ifndef _SECURITY_SMACK_H
14#define _SECURITY_SMACK_H
15
16#include <linux/capability.h>
17#include <linux/spinlock.h>
18#include <linux/security.h>
19#include <linux/in.h>
20#include <net/netlabel.h>
21#include <linux/list.h>
22#include <linux/rculist.h>
23#include <linux/lsm_audit.h>
24
25/*
26 * Smack labels were limited to 23 characters for a long time.
27 */
28#define SMK_LABELLEN 24
29#define SMK_LONGLABEL 256
30
31/*
32 * Maximum number of bytes for the levels in a CIPSO IP option.
33 * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is
34 * bigger than can be used, and 24 is the next lower multiple
35 * of 8, and there are too many issues if there isn't space set
36 * aside for the terminating null byte.
37 */
38#define SMK_CIPSOLEN 24
39
40struct superblock_smack {
41 char *smk_root;
42 char *smk_floor;
43 char *smk_hat;
44 char *smk_default;
45 int smk_initialized;
46};
47
48struct socket_smack {
49 char *smk_out; /* outbound label */
50 char *smk_in; /* inbound label */
51 char *smk_packet; /* TCP peer label */
52};
53
54/*
55 * Inode smack data
56 */
57struct inode_smack {
58 char *smk_inode; /* label of the fso */
59 char *smk_task; /* label of the task */
60 char *smk_mmap; /* label of the mmap domain */
61 struct mutex smk_lock; /* initialization lock */
62 int smk_flags; /* smack inode flags */
63};
64
65struct task_smack {
66 char *smk_task; /* label for access control */
67 char *smk_forked; /* label when forked */
68 struct list_head smk_rules; /* per task access rules */
69 struct mutex smk_rules_lock; /* lock for the rules */
70};
71
72#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */
73#define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */
74#define SMK_INODE_CHANGED 0x04 /* smack was transmuted */
75
76/*
77 * A label access rule.
78 */
79struct smack_rule {
80 struct list_head list;
81 char *smk_subject;
82 char *smk_object;
83 int smk_access;
84};
85
86/*
87 * An entry in the table identifying hosts.
88 */
89struct smk_netlbladdr {
90 struct list_head list;
91 struct sockaddr_in smk_host; /* network address */
92 struct in_addr smk_mask; /* network mask */
93 char *smk_label; /* label */
94};
95
96/*
97 * This is the repository for labels seen so that it is
98 * not necessary to keep allocating tiny chuncks of memory
99 * and so that they can be shared.
100 *
101 * Labels are never modified in place. Anytime a label
102 * is imported (e.g. xattrset on a file) the list is checked
103 * for it and it is added if it doesn't exist. The address
104 * is passed out in either case. Entries are added, but
105 * never deleted.
106 *
107 * Since labels are hanging around anyway it doesn't
108 * hurt to maintain a secid for those awkward situations
109 * where kernel components that ought to use LSM independent
110 * interfaces don't. The secid should go away when all of
111 * these components have been repaired.
112 *
113 * The cipso value associated with the label gets stored here, too.
114 *
115 * Keep the access rules for this subject label here so that
116 * the entire set of rules does not need to be examined every
117 * time.
118 */
119struct smack_known {
120 struct list_head list;
121 char *smk_known;
122 u32 smk_secid;
123 struct netlbl_lsm_secattr smk_netlabel; /* on wire labels */
124 struct list_head smk_rules; /* access rules */
125 struct mutex smk_rules_lock; /* lock for rules */
126};
127
128/*
129 * Mount options
130 */
131#define SMK_FSDEFAULT "smackfsdef="
132#define SMK_FSFLOOR "smackfsfloor="
133#define SMK_FSHAT "smackfshat="
134#define SMK_FSROOT "smackfsroot="
135
136#define SMACK_CIPSO_OPTION "-CIPSO"
137
138/*
139 * How communications on this socket are treated.
140 * Usually it's determined by the underlying netlabel code
141 * but there are certain cases, including single label hosts
142 * and potentially single label interfaces for which the
143 * treatment can not be known in advance.
144 *
145 * The possibility of additional labeling schemes being
146 * introduced in the future exists as well.
147 */
148#define SMACK_UNLABELED_SOCKET 0
149#define SMACK_CIPSO_SOCKET 1
150
151/*
152 * smackfs magic number
153 */
154#define SMACK_MAGIC 0x43415d53 /* "SMAC" */
155
156/*
157 * CIPSO defaults.
158 */
159#define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */
160#define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */
161#define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */
162#define SMACK_CIPSO_MAPPED_DEFAULT 251 /* Also arbitrary */
163#define SMACK_CIPSO_MAXCATVAL 63 /* Bigger gets harder */
164#define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */
165#define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */
166
167/*
168 * Flag for transmute access
169 */
170#define MAY_TRANSMUTE 64
171/*
172 * Just to make the common cases easier to deal with
173 */
174#define MAY_ANYREAD (MAY_READ | MAY_EXEC)
175#define MAY_READWRITE (MAY_READ | MAY_WRITE)
176#define MAY_NOT 0
177
178/*
179 * Number of access types used by Smack (rwxat)
180 */
181#define SMK_NUM_ACCESS_TYPE 5
182
183/* SMACK data */
184struct smack_audit_data {
185 const char *function;
186 char *subject;
187 char *object;
188 char *request;
189 int result;
190};
191
192/*
193 * Smack audit data; is empty if CONFIG_AUDIT not set
194 * to save some stack
195 */
196struct smk_audit_info {
197#ifdef CONFIG_AUDIT
198 struct common_audit_data a;
199 struct smack_audit_data sad;
200#endif
201};
202/*
203 * These functions are in smack_lsm.c
204 */
205struct inode_smack *new_inode_smack(char *);
206
207/*
208 * These functions are in smack_access.c
209 */
210int smk_access_entry(char *, char *, struct list_head *);
211int smk_access(char *, char *, int, struct smk_audit_info *);
212int smk_curacc(char *, u32, struct smk_audit_info *);
213char *smack_from_secid(const u32);
214char *smk_parse_smack(const char *string, int len);
215int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int);
216char *smk_import(const char *, int);
217struct smack_known *smk_import_entry(const char *, int);
218struct smack_known *smk_find_entry(const char *);
219u32 smack_to_secid(const char *);
220
221/*
222 * Shared data.
223 */
224extern int smack_cipso_direct;
225extern int smack_cipso_mapped;
226extern char *smack_net_ambient;
227extern char *smack_onlycap;
228extern const char *smack_cipso_option;
229
230extern struct smack_known smack_known_floor;
231extern struct smack_known smack_known_hat;
232extern struct smack_known smack_known_huh;
233extern struct smack_known smack_known_invalid;
234extern struct smack_known smack_known_star;
235extern struct smack_known smack_known_web;
236
237extern struct mutex smack_known_lock;
238extern struct list_head smack_known_list;
239extern struct list_head smk_netlbladdr_list;
240
241extern struct security_operations smack_ops;
242
243/*
244 * Is the directory transmuting?
245 */
246static inline int smk_inode_transmutable(const struct inode *isp)
247{
248 struct inode_smack *sip = isp->i_security;
249 return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
250}
251
252/*
253 * Present a pointer to the smack label in an inode blob.
254 */
255static inline char *smk_of_inode(const struct inode *isp)
256{
257 struct inode_smack *sip = isp->i_security;
258 return sip->smk_inode;
259}
260
261/*
262 * Present a pointer to the smack label in an task blob.
263 */
264static inline char *smk_of_task(const struct task_smack *tsp)
265{
266 return tsp->smk_task;
267}
268
269/*
270 * Present a pointer to the forked smack label in an task blob.
271 */
272static inline char *smk_of_forked(const struct task_smack *tsp)
273{
274 return tsp->smk_forked;
275}
276
277/*
278 * Present a pointer to the smack label in the current task blob.
279 */
280static inline char *smk_of_current(void)
281{
282 return smk_of_task(current_security());
283}
284
285/*
286 * Is the task privileged and allowed to be privileged
287 * by the onlycap rule.
288 */
289static inline int smack_privileged(int cap)
290{
291 if (!capable(cap))
292 return 0;
293 if (smack_onlycap == NULL || smack_onlycap == smk_of_current())
294 return 1;
295 return 0;
296}
297
298/*
299 * logging functions
300 */
301#define SMACK_AUDIT_DENIED 0x1
302#define SMACK_AUDIT_ACCEPT 0x2
303extern int log_policy;
304
305void smack_log(char *subject_label, char *object_label,
306 int request,
307 int result, struct smk_audit_info *auditdata);
308
309#ifdef CONFIG_AUDIT
310
311/*
312 * some inline functions to set up audit data
313 * they do nothing if CONFIG_AUDIT is not set
314 *
315 */
316static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
317 char type)
318{
319 memset(&a->sad, 0, sizeof(a->sad));
320 a->a.type = type;
321 a->a.smack_audit_data = &a->sad;
322 a->a.smack_audit_data->function = func;
323}
324
325static inline void smk_ad_init_net(struct smk_audit_info *a, const char *func,
326 char type, struct lsm_network_audit *net)
327{
328 smk_ad_init(a, func, type);
329 memset(net, 0, sizeof(*net));
330 a->a.u.net = net;
331}
332
333static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
334 struct task_struct *t)
335{
336 a->a.u.tsk = t;
337}
338static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
339 struct dentry *d)
340{
341 a->a.u.dentry = d;
342}
343static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
344 struct inode *i)
345{
346 a->a.u.inode = i;
347}
348static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
349 struct path p)
350{
351 a->a.u.path = p;
352}
353static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
354 struct sock *sk)
355{
356 a->a.u.net->sk = sk;
357}
358
359#else /* no AUDIT */
360
361static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
362 char type)
363{
364}
365static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
366 struct task_struct *t)
367{
368}
369static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
370 struct dentry *d)
371{
372}
373static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
374 struct vfsmount *m)
375{
376}
377static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
378 struct inode *i)
379{
380}
381static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
382 struct path p)
383{
384}
385static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
386 struct sock *sk)
387{
388}
389#endif
390
391#endif /* _SECURITY_SMACK_H */