diff options
Diffstat (limited to 'security/smack')
| -rw-r--r-- | security/smack/smack_lsm.c | 80 | ||||
| -rw-r--r-- | security/smack/smackfs.c | 114 |
2 files changed, 72 insertions, 122 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ac7436f1bc2b..11f79013ae1f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -398,12 +398,10 @@ static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, */ static inline unsigned int smk_ptrace_mode(unsigned int mode) { - switch (mode) { - case PTRACE_MODE_READ: - return MAY_READ; - case PTRACE_MODE_ATTACH: + if (mode & PTRACE_MODE_ATTACH) return MAY_READWRITE; - } + if (mode & PTRACE_MODE_READ) + return MAY_READ; return 0; } @@ -1444,9 +1442,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) * Don't do anything special for these. * XATTR_NAME_SMACKIPIN * XATTR_NAME_SMACKIPOUT - * XATTR_NAME_SMACKEXEC */ - if (strcmp(name, XATTR_NAME_SMACK) == 0) + if (strcmp(name, XATTR_NAME_SMACK) == 0) { + struct super_block *sbp = d_backing_inode(dentry)->i_sb; + struct superblock_smack *sbsp = sbp->s_security; + + isp->smk_inode = sbsp->smk_default; + } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) isp->smk_task = NULL; else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) isp->smk_mmap = NULL; @@ -1519,8 +1521,6 @@ static int smack_inode_getsecurity(struct inode *inode, * @inode: the object * @buffer: where they go * @buffer_size: size of buffer - * - * Returns 0 on success, -EINVAL otherwise */ static int smack_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) @@ -1549,12 +1549,8 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid) * File Hooks */ -/** - * smack_file_permission - Smack check on file operations - * @file: unused - * @mask: unused - * - * Returns 0 +/* + * There is no smack_file_permission hook * * Should access checks be done on each read or write? * UNICOS and SELinux say yes. @@ -1563,10 +1559,6 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid) * I'll say no for now. Smack does not do the frequent * label changing that SELinux does. */ -static int smack_file_permission(struct file *file, int mask) -{ - return 0; -} /** * smack_file_alloc_security - assign a file security blob @@ -1860,12 +1852,34 @@ static int smack_file_receive(struct file *file) int may = 0; struct smk_audit_info ad; struct inode *inode = file_inode(file); + struct socket *sock; + struct task_smack *tsp; + struct socket_smack *ssp; if (unlikely(IS_PRIVATE(inode))) return 0; smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, file->f_path); + + if (S_ISSOCK(inode->i_mode)) { + sock = SOCKET_I(inode); + ssp = sock->sk->sk_security; + tsp = current_security(); + /* + * If the receiving process can't write to the + * passed socket or if the passed socket can't + * write to the receiving process don't accept + * the passed socket. + */ + rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); + rc = smk_bu_file(file, may, rc); + if (rc < 0) + return rc; + rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); + rc = smk_bu_file(file, may, rc); + return rc; + } /* * This code relies on bitmasks. */ @@ -3758,7 +3772,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, if (sip == NULL) return 0; - switch (sip->sin_family) { + switch (sock->sk->sk_family) { case AF_INET: rc = smack_netlabel_send(sock->sk, sip); break; @@ -4485,16 +4499,10 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, return 0; } -/** - * smack_audit_rule_free - free smack rule representation - * @vrule: rule to be freed. - * +/* + * There is no need for a smack_audit_rule_free hook. * No memory was allocated. */ -static void smack_audit_rule_free(void *vrule) -{ - /* No-op */ -} #endif /* CONFIG_AUDIT */ @@ -4545,16 +4553,11 @@ static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) return 0; } -/** - * smack_release_secctx - don't do anything. - * @secdata: unused - * @seclen: unused - * - * Exists to make sure nothing gets done, and properly +/* + * There used to be a smack_release_secctx hook + * that did nothing back when hooks were in a vector. + * Now that there's a list such a hook adds cost. */ -static void smack_release_secctx(char *secdata, u32 seclen) -{ -} static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) { @@ -4613,7 +4616,6 @@ static struct security_hook_list smack_hooks[] = { LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), - LSM_HOOK_INIT(file_permission, smack_file_permission), LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), LSM_HOOK_INIT(file_free_security, smack_file_free_security), LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), @@ -4708,13 +4710,11 @@ static struct security_hook_list smack_hooks[] = { LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), - LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free), #endif /* CONFIG_AUDIT */ LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), - LSM_HOOK_INIT(release_secctx, smack_release_secctx), LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 94bd9e41c9ec..e249a66db533 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -497,14 +497,9 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf, } } - data = kmalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); /* * In case of parsing only part of user buf, @@ -884,16 +879,10 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX)) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto unlockedout; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); - data[count] = '\0'; rule = data; /* * Only allow one writer at a time. Writes should be @@ -946,7 +935,6 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, out: mutex_unlock(&smack_cipso_lock); -unlockedout: kfree(data); return rc; } @@ -1187,14 +1175,9 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, if (count < SMK_NETLBLADDRMIN) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto free_data_out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); smack = kzalloc(count + 1, GFP_KERNEL); if (smack == NULL) { @@ -1202,8 +1185,6 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, goto free_data_out; } - data[count] = '\0'; - rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s", &host[0], &host[1], &host[2], &host[3], &masks, smack); if (rc != 6) { @@ -1454,14 +1435,9 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf, if (count < SMK_NETLBLADDRMIN) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto free_data_out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); smack = kzalloc(count + 1, GFP_KERNEL); if (smack == NULL) { @@ -1469,8 +1445,6 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf, goto free_data_out; } - data[count] = '\0'; - i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s", &scanned[0], &scanned[1], &scanned[2], &scanned[3], &scanned[4], &scanned[5], &scanned[6], &scanned[7], @@ -1865,14 +1839,9 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); skp = smk_import_entry(data, count); if (IS_ERR(skp)) { @@ -2041,14 +2010,9 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - kfree(data); - return -EFAULT; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); rc = smk_parse_label_list(data, &list_tmp); kfree(data); @@ -2133,14 +2097,9 @@ static ssize_t smk_write_unconfined(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto freeout; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); /* * Clear the smack_unconfined on invalid label errors. This means @@ -2696,19 +2655,15 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); - if (copy_from_user(data, buf, count) != 0) - rc = -EFAULT; - else { - skp = smk_import_entry(data, count); - if (IS_ERR(skp)) - rc = PTR_ERR(skp); - else - smack_syslog_label = skp; - } + skp = smk_import_entry(data, count); + if (IS_ERR(skp)) + rc = PTR_ERR(skp); + else + smack_syslog_label = skp; kfree(data); return rc; @@ -2798,14 +2753,9 @@ static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf, if (*ppos != 0) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - kfree(data); - return -EFAULT; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); rc = smk_parse_label_list(data, &list_tmp); kfree(data); |