security/smack/smack.h

   1 /*
   2  * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
   3  *
   4  *      This program is free software; you can redistribute it and/or modify
   5  *      it under the terms of the GNU General Public License as published by
   6  *      the Free Software Foundation, version 2.
   7  *
   8  * Author:
   9  *      Casey Schaufler <casey@schaufler-ca.com>
  10  *
  11  */
  12
  13 #ifndef _SECURITY_SMACK_H
  14 #define _SECURITY_SMACK_H
  15
  16 #include <linux/capability.h>
  17 #include <linux/spinlock.h>
  18 #include <linux/security.h>
  19 #include <linux/in.h>
  20 #include <net/netlabel.h>
  21 #include <linux/list.h>
  22 #include <linux/rculist.h>
  23 #include <linux/lsm_audit.h>
  24
  25 /*
  26  * Smack labels were limited to 23 characters for a long time.
  27  */
  28 #define SMK_LABELLEN    24
  29 #define SMK_LONGLABEL   256
  30
  31 /*
  32  * Maximum number of bytes for the levels in a CIPSO IP option.
  33  * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is
  34  * bigger than can be used, and 24 is the next lower multiple
  35  * of 8, and there are too many issues if there isn't space set
  36  * aside for the terminating null byte.
  37  */
  38 #define SMK_CIPSOLEN    24
  39
  40 struct superblock_smack {
  41         char            *smk_root;
  42         char            *smk_floor;
  43         char            *smk_hat;
  44         char            *smk_default;
  45         int             smk_initialized;
  46 };
  47
  48 struct socket_smack {
  49         char            *smk_out;       /* outbound label */
  50         char            *smk_in;        /* inbound label */
  51         char            *smk_packet;    /* TCP peer label */
  52 };
  53
  54 /*
  55  * Inode smack data
  56  */
  57 struct inode_smack {
  58         char            *smk_inode;     /* label of the fso */
  59         char            *smk_task;      /* label of the task */
  60         char            *smk_mmap;      /* label of the mmap domain */
  61         struct mutex    smk_lock;       /* initialization lock */
  62         int             smk_flags;      /* smack inode flags */
  63 };
  64
  65 struct task_smack {
  66         char                    *smk_task;      /* label for access control */
  67         char                    *smk_forked;    /* label when forked */
  68         struct list_head        smk_rules;      /* per task access rules */
  69         struct mutex            smk_rules_lock; /* lock for the rules */
  70 };
  71
  72 #define SMK_INODE_INSTANT       0x01    /* inode is instantiated */
  73 #define SMK_INODE_TRANSMUTE     0x02    /* directory is transmuting */
  74 #define SMK_INODE_CHANGED       0x04    /* smack was transmuted */
  75
  76 /*
  77  * A label access rule.
  78  */
  79 struct smack_rule {
  80         struct list_head        list;
  81         char                    *smk_subject;
  82         char                    *smk_object;
  83         int                     smk_access;
  84 };
  85
  86 /*
  87  * An entry in the table identifying hosts.
  88  */
  89 struct smk_netlbladdr {
  90         struct list_head        list;
  91         struct sockaddr_in      smk_host;       /* network address */
  92         struct in_addr          smk_mask;       /* network mask */
  93         char                    *smk_label;     /* label */
  94 };
  95
  96 /*
  97  * This is the repository for labels seen so that it is
  98  * not necessary to keep allocating tiny chuncks of memory
  99  * and so that they can be shared.
 100  *
 101  * Labels are never modified in place. Anytime a label
 102  * is imported (e.g. xattrset on a file) the list is checked
 103  * for it and it is added if it doesn't exist. The address
 104  * is passed out in either case. Entries are added, but
 105  * never deleted.
 106  *
 107  * Since labels are hanging around anyway it doesn't
 108  * hurt to maintain a secid for those awkward situations
 109  * where kernel components that ought to use LSM independent
 110  * interfaces don't. The secid should go away when all of
 111  * these components have been repaired.
 112  *
 113  * The cipso value associated with the label gets stored here, too.
 114  *
 115  * Keep the access rules for this subject label here so that
 116  * the entire set of rules does not need to be examined every
 117  * time.
 118  */
 119 struct smack_known {
 120         struct list_head                list;
 121         char                            *smk_known;
 122         u32                             smk_secid;
 123         struct netlbl_lsm_secattr       smk_netlabel;   /* on wire labels */
 124         struct list_head                smk_rules;      /* access rules */
 125         struct mutex                    smk_rules_lock; /* lock for rules */
 126 };
 127
 128 /*
 129  * Mount options
 130  */
 131 #define SMK_FSDEFAULT   "smackfsdef="
 132 #define SMK_FSFLOOR     "smackfsfloor="
 133 #define SMK_FSHAT       "smackfshat="
 134 #define SMK_FSROOT      "smackfsroot="
 135
 136 #define SMACK_CIPSO_OPTION      "-CIPSO"
 137
 138 /*
 139  * How communications on this socket are treated.
 140  * Usually it's determined by the underlying netlabel code
 141  * but there are certain cases, including single label hosts
 142  * and potentially single label interfaces for which the
 143  * treatment can not be known in advance.
 144  *
 145  * The possibility of additional labeling schemes being
 146  * introduced in the future exists as well.
 147  */
 148 #define SMACK_UNLABELED_SOCKET  0
 149 #define SMACK_CIPSO_SOCKET      1
 150
 151 /*
 152  * CIPSO defaults.
 153  */
 154 #define SMACK_CIPSO_DOI_DEFAULT         3       /* Historical */
 155 #define SMACK_CIPSO_DOI_INVALID         -1      /* Not a DOI */
 156 #define SMACK_CIPSO_DIRECT_DEFAULT      250     /* Arbitrary */
 157 #define SMACK_CIPSO_MAPPED_DEFAULT      251     /* Also arbitrary */
 158 #define SMACK_CIPSO_MAXCATVAL           63      /* Bigger gets harder */
 159 #define SMACK_CIPSO_MAXLEVEL            255     /* CIPSO 2.2 standard */
 160 #define SMACK_CIPSO_MAXCATNUM           239     /* CIPSO 2.2 standard */
 161
 162 /*
 163  * Flag for transmute access
 164  */
 165 #define MAY_TRANSMUTE   64
 166 /*
 167  * Just to make the common cases easier to deal with
 168  */
 169 #define MAY_ANYREAD     (MAY_READ | MAY_EXEC)
 170 #define MAY_READWRITE   (MAY_READ | MAY_WRITE)
 171 #define MAY_NOT         0
 172
 173 /*
 174  * Number of access types used by Smack (rwxat)
 175  */
 176 #define SMK_NUM_ACCESS_TYPE 5
 177
 178 /* SMACK data */
 179 struct smack_audit_data {
 180         const char *function;
 181         char *subject;
 182         char *object;
 183         char *request;
 184         int result;
 185 };
 186
 187 /*
 188  * Smack audit data; is empty if CONFIG_AUDIT not set
 189  * to save some stack
 190  */
 191 struct smk_audit_info {
 192 #ifdef CONFIG_AUDIT
 193         struct common_audit_data a;
 194         struct smack_audit_data sad;
 195 #endif
 196 };
 197 /*
 198  * These functions are in smack_lsm.c
 199  */
 200 struct inode_smack *new_inode_smack(char *);
 201
 202 /*
 203  * These functions are in smack_access.c
 204  */
 205 int smk_access_entry(char *, char *, struct list_head *);
 206 int smk_access(char *, char *, int, struct smk_audit_info *);
 207 int smk_curacc(char *, u32, struct smk_audit_info *);
 208 char *smack_from_secid(const u32);
 209 char *smk_parse_smack(const char *string, int len);
 210 int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int);
 211 char *smk_import(const char *, int);
 212 struct smack_known *smk_import_entry(const char *, int);
 213 struct smack_known *smk_find_entry(const char *);
 214 u32 smack_to_secid(const char *);
 215
 216 /*
 217  * Shared data.
 218  */
 219 extern int smack_cipso_direct;
 220 extern int smack_cipso_mapped;
 221 extern char *smack_net_ambient;
 222 extern char *smack_onlycap;
 223 extern const char *smack_cipso_option;
 224
 225 extern struct smack_known smack_known_floor;
 226 extern struct smack_known smack_known_hat;
 227 extern struct smack_known smack_known_huh;
 228 extern struct smack_known smack_known_invalid;
 229 extern struct smack_known smack_known_star;
 230 extern struct smack_known smack_known_web;
 231
 232 extern struct mutex     smack_known_lock;
 233 extern struct list_head smack_known_list;
 234 extern struct list_head smk_netlbladdr_list;
 235
 236 extern struct security_operations smack_ops;
 237
 238 /*
 239  * Is the directory transmuting?
 240  */
 241 static inline int smk_inode_transmutable(const struct inode *isp)
 242 {
 243         struct inode_smack *sip = isp->i_security;
 244         return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
 245 }
 246
 247 /*
 248  * Present a pointer to the smack label in an inode blob.
 249  */
 250 static inline char *smk_of_inode(const struct inode *isp)
 251 {
 252         struct inode_smack *sip = isp->i_security;
 253         return sip->smk_inode;
 254 }
 255
 256 /*
 257  * Present a pointer to the smack label in an task blob.
 258  */
 259 static inline char *smk_of_task(const struct task_smack *tsp)
 260 {
 261         return tsp->smk_task;
 262 }
 263
 264 /*
 265  * Present a pointer to the forked smack label in an task blob.
 266  */
 267 static inline char *smk_of_forked(const struct task_smack *tsp)
 268 {
 269         return tsp->smk_forked;
 270 }
 271
 272 /*
 273  * Present a pointer to the smack label in the current task blob.
 274  */
 275 static inline char *smk_of_current(void)
 276 {
 277         return smk_of_task(current_security());
 278 }
 279
 280 /*
 281  * Is the task privileged and allowed to be privileged
 282  * by the onlycap rule.
 283  */
 284 static inline int smack_privileged(int cap)
 285 {
 286         if (!capable(cap))
 287                 return 0;
 288         if (smack_onlycap == NULL || smack_onlycap == smk_of_current())
 289                 return 1;
 290         return 0;
 291 }
 292
 293 /*
 294  * logging functions
 295  */
 296 #define SMACK_AUDIT_DENIED 0x1
 297 #define SMACK_AUDIT_ACCEPT 0x2
 298 extern int log_policy;
 299
 300 void smack_log(char *subject_label, char *object_label,
 301                 int request,
 302                 int result, struct smk_audit_info *auditdata);
 303
 304 #ifdef CONFIG_AUDIT
 305
 306 /*
 307  * some inline functions to set up audit data
 308  * they do nothing if CONFIG_AUDIT is not set
 309  *
 310  */
 311 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
 312                                char type)
 313 {
 314         memset(&a->sad, 0, sizeof(a->sad));
 315         a->a.type = type;
 316         a->a.smack_audit_data = &a->sad;
 317         a->a.smack_audit_data->function = func;
 318 }
 319
 320 static inline void smk_ad_init_net(struct smk_audit_info *a, const char *func,
 321                                    char type, struct lsm_network_audit *net)
 322 {
 323         smk_ad_init(a, func, type);
 324         memset(net, 0, sizeof(*net));
 325         a->a.u.net = net;
 326 }
 327
 328 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
 329                                          struct task_struct *t)
 330 {
 331         a->a.u.tsk = t;
 332 }
 333 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
 334                                                     struct dentry *d)
 335 {
 336         a->a.u.dentry = d;
 337 }
 338 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
 339                                               struct inode *i)
 340 {
 341         a->a.u.inode = i;
 342 }
 343 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
 344                                              struct path p)
 345 {
 346         a->a.u.path = p;
 347 }
 348 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
 349                                             struct sock *sk)
 350 {
 351         a->a.u.net->sk = sk;
 352 }
 353
 354 #else /* no AUDIT */
 355
 356 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
 357                                char type)
 358 {
 359 }
 360 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
 361                                          struct task_struct *t)
 362 {
 363 }
 364 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
 365                                                     struct dentry *d)
 366 {
 367 }
 368 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
 369                                                  struct vfsmount *m)
 370 {
 371 }
 372 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
 373                                               struct inode *i)
 374 {
 375 }
 376 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
 377                                              struct path p)
 378 {
 379 }
 380 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
 381                                             struct sock *sk)
 382 {
 383 }
 384 #endif
 385
 386 #endif  /* _SECURITY_SMACK_H */