Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "The main change in this kernel is Casey's generalized LSM stacking work, which removes the hard-coding of Capabilities and Yama stacking, allowing multiple arbitrary "small" LSMs to be stacked with a default monolithic module (e.g. SELinux, Smack, AppArmor). See https://lwn.net/Articles/636056/ This will allow smaller, simpler LSMs to be incorporated into the mainline kernel and arbitrarily stacked by users. Also, this is a useful cleanup of the LSM code in its own right" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits) tpm, tpm_crb: fix le64_to_cpu conversions in crb_acpi_add() vTPM: set virtual device before passing to ibmvtpm_reset_crq tpm_ibmvtpm: remove unneccessary message level. ima: update builtin policies ima: extend "mask" policy matching support ima: add support for new "euid" policy condition ima: fix ima_show_template_data_ascii() Smack: freeing an error pointer in smk_write_revoke_subj() selinux: fix setting of security labels on NFS selinux: Remove unused permission definitions selinux: enable genfscon labeling for sysfs and pstore files selinux: enable per-file labeling for debugfs files. selinux: update netlink socket classes signals: don't abuse __flush_signals() in selinux_bprm_committed_creds() selinux: Print 'sclass' as string when unrecognized netlink message occurs Smack: allow multiple labels in onlycap Smack: fix seq operations in smackfs ima: pass iint to ima_add_violation() ima: wrap event related data to the new ima_event_data structure integrity: add validity checks for 'path' parameter ...
This commit is contained in:
commit
e22619a29f
|
@ -20,17 +20,19 @@ Description:
|
|||
action: measure | dont_measure | appraise | dont_appraise | audit
|
||||
condition:= base | lsm [option]
|
||||
base: [[func=] [mask=] [fsmagic=] [fsuuid=] [uid=]
|
||||
[fowner]]
|
||||
[euid=] [fowner=]]
|
||||
lsm: [[subj_user=] [subj_role=] [subj_type=]
|
||||
[obj_user=] [obj_role=] [obj_type=]]
|
||||
option: [[appraise_type=]] [permit_directio]
|
||||
|
||||
base: func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK]
|
||||
[FIRMWARE_CHECK]
|
||||
mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
|
||||
mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND]
|
||||
[[^]MAY_EXEC]
|
||||
fsmagic:= hex value
|
||||
fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
|
||||
uid:= decimal value
|
||||
euid:= decimal value
|
||||
fowner:=decimal value
|
||||
lsm: are LSM specific
|
||||
option: appraise_type:= [imasig]
|
||||
|
@ -49,11 +51,25 @@ Description:
|
|||
dont_measure fsmagic=0x01021994
|
||||
dont_appraise fsmagic=0x01021994
|
||||
# RAMFS_MAGIC
|
||||
dont_measure fsmagic=0x858458f6
|
||||
dont_appraise fsmagic=0x858458f6
|
||||
# DEVPTS_SUPER_MAGIC
|
||||
dont_measure fsmagic=0x1cd1
|
||||
dont_appraise fsmagic=0x1cd1
|
||||
# BINFMTFS_MAGIC
|
||||
dont_measure fsmagic=0x42494e4d
|
||||
dont_appraise fsmagic=0x42494e4d
|
||||
# SECURITYFS_MAGIC
|
||||
dont_measure fsmagic=0x73636673
|
||||
dont_appraise fsmagic=0x73636673
|
||||
# SELINUX_MAGIC
|
||||
dont_measure fsmagic=0xf97cff8c
|
||||
dont_appraise fsmagic=0xf97cff8c
|
||||
# CGROUP_SUPER_MAGIC
|
||||
dont_measure fsmagic=0x27e0eb
|
||||
dont_appraise fsmagic=0x27e0eb
|
||||
# NSFS_MAGIC
|
||||
dont_measure fsmagic=0x6e736673
|
||||
dont_appraise fsmagic=0x6e736673
|
||||
|
||||
measure func=BPRM_CHECK
|
||||
measure func=FILE_MMAP mask=MAY_EXEC
|
||||
|
@ -70,10 +86,6 @@ Description:
|
|||
Examples of LSM specific definitions:
|
||||
|
||||
SELinux:
|
||||
# SELINUX_MAGIC
|
||||
dont_measure fsmagic=0xf97cff8c
|
||||
dont_appraise fsmagic=0xf97cff8c
|
||||
|
||||
dont_measure obj_type=var_log_t
|
||||
dont_appraise obj_type=var_log_t
|
||||
dont_measure obj_type=auditd_log_t
|
||||
|
|
|
@ -1413,7 +1413,15 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
|
|||
The list of supported hash algorithms is defined
|
||||
in crypto/hash_info.h.
|
||||
|
||||
ima_tcb [IMA]
|
||||
ima_policy= [IMA]
|
||||
The builtin measurement policy to load during IMA
|
||||
setup. Specyfing "tcb" as the value, measures all
|
||||
programs exec'd, files mmap'd for exec, and all files
|
||||
opened with the read mode bit set by either the
|
||||
effective uid (euid=0) or uid=0.
|
||||
Format: "tcb"
|
||||
|
||||
ima_tcb [IMA] Deprecated. Use ima_policy= instead.
|
||||
Load a policy which meets the needs of the Trusted
|
||||
Computing Base. This means IMA will measure all
|
||||
programs exec'd, files mmap'd for exec, and all files
|
||||
|
@ -1421,7 +1429,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
|
|||
|
||||
ima_template= [IMA]
|
||||
Select one of defined IMA measurements template formats.
|
||||
Formats: { "ima" | "ima-ng" }
|
||||
Formats: { "ima" | "ima-ng" | "ima-sig" }
|
||||
Default: "ima-ng"
|
||||
|
||||
ima_template_fmt=
|
||||
|
|
|
@ -206,11 +206,11 @@ netlabel
|
|||
label. The format accepted on write is:
|
||||
"%d.%d.%d.%d label" or "%d.%d.%d.%d/%d label".
|
||||
onlycap
|
||||
This contains the label processes must have for CAP_MAC_ADMIN
|
||||
This contains labels processes must have for CAP_MAC_ADMIN
|
||||
and CAP_MAC_OVERRIDE to be effective. If this file is empty
|
||||
these capabilities are effective at for processes with any
|
||||
label. The value is set by writing the desired label to the
|
||||
file or cleared by writing "-" to the file.
|
||||
label. The values are set by writing the desired labels, separated
|
||||
by spaces, to the file or cleared by writing "-" to the file.
|
||||
ptrace
|
||||
This is used to define the current ptrace policy
|
||||
0 - default: this is the policy that relies on Smack access rules.
|
||||
|
|
|
@ -11,6 +11,9 @@
|
|||
|
||||
extern struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id);
|
||||
|
||||
extern int __asymmetric_key_hex_to_key_id(const char *id,
|
||||
struct asymmetric_key_id *match_id,
|
||||
size_t hexlen);
|
||||
static inline
|
||||
const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
|
||||
{
|
||||
|
|
|
@ -104,6 +104,15 @@ static bool asymmetric_match_key_ids(
|
|||
return false;
|
||||
}
|
||||
|
||||
/* helper function can be called directly with pre-allocated memory */
|
||||
inline int __asymmetric_key_hex_to_key_id(const char *id,
|
||||
struct asymmetric_key_id *match_id,
|
||||
size_t hexlen)
|
||||
{
|
||||
match_id->len = hexlen;
|
||||
return hex2bin(match_id->data, id, hexlen);
|
||||
}
|
||||
|
||||
/**
|
||||
* asymmetric_key_hex_to_key_id - Convert a hex string into a key ID.
|
||||
* @id: The ID as a hex string.
|
||||
|
@ -111,21 +120,20 @@ static bool asymmetric_match_key_ids(
|
|||
struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id)
|
||||
{
|
||||
struct asymmetric_key_id *match_id;
|
||||
size_t hexlen;
|
||||
size_t asciihexlen;
|
||||
int ret;
|
||||
|
||||
if (!*id)
|
||||
return ERR_PTR(-EINVAL);
|
||||
hexlen = strlen(id);
|
||||
if (hexlen & 1)
|
||||
asciihexlen = strlen(id);
|
||||
if (asciihexlen & 1)
|
||||
return ERR_PTR(-EINVAL);
|
||||
|
||||
match_id = kmalloc(sizeof(struct asymmetric_key_id) + hexlen / 2,
|
||||
match_id = kmalloc(sizeof(struct asymmetric_key_id) + asciihexlen / 2,
|
||||
GFP_KERNEL);
|
||||
if (!match_id)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
match_id->len = hexlen / 2;
|
||||
ret = hex2bin(match_id->data, id, hexlen / 2);
|
||||
ret = __asymmetric_key_hex_to_key_id(id, match_id, asciihexlen / 2);
|
||||
if (ret < 0) {
|
||||
kfree(match_id);
|
||||
return ERR_PTR(-EINVAL);
|
||||
|
|
|
@ -28,17 +28,30 @@ static bool use_builtin_keys;
|
|||
static struct asymmetric_key_id *ca_keyid;
|
||||
|
||||
#ifndef MODULE
|
||||
static struct {
|
||||
struct asymmetric_key_id id;
|
||||
unsigned char data[10];
|
||||
} cakey;
|
||||
|
||||
static int __init ca_keys_setup(char *str)
|
||||
{
|
||||
if (!str) /* default system keyring */
|
||||
return 1;
|
||||
|
||||
if (strncmp(str, "id:", 3) == 0) {
|
||||
struct asymmetric_key_id *p;
|
||||
p = asymmetric_key_hex_to_key_id(str + 3);
|
||||
if (p == ERR_PTR(-EINVAL))
|
||||
pr_err("Unparsable hex string in ca_keys\n");
|
||||
else if (!IS_ERR(p))
|
||||
struct asymmetric_key_id *p = &cakey.id;
|
||||
size_t hexlen = (strlen(str) - 3) / 2;
|
||||
int ret;
|
||||
|
||||
if (hexlen == 0 || hexlen > sizeof(cakey.data)) {
|
||||
pr_err("Missing or invalid ca_keys id\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
ret = __asymmetric_key_hex_to_key_id(str + 3, p, hexlen);
|
||||
if (ret < 0)
|
||||
pr_err("Unparsable ca_keys id hex string\n");
|
||||
else
|
||||
ca_keyid = p; /* owner key 'id:xxxxxx' */
|
||||
} else if (strcmp(str, "builtin") == 0) {
|
||||
use_builtin_keys = true;
|
||||
|
|
|
@ -267,7 +267,7 @@ static int crb_acpi_add(struct acpi_device *device)
|
|||
|
||||
memcpy_fromio(&pa, &priv->cca->cmd_pa, 8);
|
||||
pa = le64_to_cpu(pa);
|
||||
priv->cmd = devm_ioremap_nocache(dev, le64_to_cpu(pa),
|
||||
priv->cmd = devm_ioremap_nocache(dev, pa,
|
||||
ioread32(&priv->cca->cmd_size));
|
||||
if (!priv->cmd) {
|
||||
dev_err(dev, "ioremap of the command buffer failed\n");
|
||||
|
@ -276,7 +276,7 @@ static int crb_acpi_add(struct acpi_device *device)
|
|||
|
||||
memcpy_fromio(&pa, &priv->cca->rsp_pa, 8);
|
||||
pa = le64_to_cpu(pa);
|
||||
priv->rsp = devm_ioremap_nocache(dev, le64_to_cpu(pa),
|
||||
priv->rsp = devm_ioremap_nocache(dev, pa,
|
||||
ioread32(&priv->cca->rsp_size));
|
||||
if (!priv->rsp) {
|
||||
dev_err(dev, "ioremap of the response buffer failed\n");
|
||||
|
|
|
@ -578,6 +578,9 @@ static int tpm_ibmvtpm_probe(struct vio_dev *vio_dev,
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
ibmvtpm->dev = dev;
|
||||
ibmvtpm->vdev = vio_dev;
|
||||
|
||||
crq_q = &ibmvtpm->crq_queue;
|
||||
crq_q->crq_addr = (struct ibmvtpm_crq *)get_zeroed_page(GFP_KERNEL);
|
||||
if (!crq_q->crq_addr) {
|
||||
|
@ -622,8 +625,6 @@ static int tpm_ibmvtpm_probe(struct vio_dev *vio_dev,
|
|||
|
||||
crq_q->index = 0;
|
||||
|
||||
ibmvtpm->dev = dev;
|
||||
ibmvtpm->vdev = vio_dev;
|
||||
TPM_VPRIV(chip) = (void *)ibmvtpm;
|
||||
|
||||
spin_lock_init(&ibmvtpm->rtce_lock);
|
||||
|
|
|
@ -49,7 +49,7 @@ int read_log(struct tpm_bios_log *log)
|
|||
|
||||
basep = of_get_property(np, "linux,sml-base", NULL);
|
||||
if (basep == NULL) {
|
||||
pr_err(KERN_ERR "%s: ERROR - SML not found\n", __func__);
|
||||
pr_err("%s: ERROR - SML not found\n", __func__);
|
||||
goto cleanup_eio;
|
||||
}
|
||||
|
||||
|
|
10
fs/xattr.c
10
fs/xattr.c
|
@ -298,18 +298,18 @@ vfs_removexattr(struct dentry *dentry, const char *name)
|
|||
|
||||
mutex_lock(&inode->i_mutex);
|
||||
error = security_inode_removexattr(dentry, name);
|
||||
if (error) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return error;
|
||||
}
|
||||
if (error)
|
||||
goto out;
|
||||
|
||||
error = inode->i_op->removexattr(dentry, name);
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
|
||||
if (!error) {
|
||||
fsnotify_xattr(dentry);
|
||||
evm_inode_post_removexattr(dentry, name);
|
||||
}
|
||||
|
||||
out:
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return error;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(vfs_removexattr);
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -2421,7 +2421,6 @@ extern void sched_dead(struct task_struct *p);
|
|||
|
||||
extern void proc_caches_init(void);
|
||||
extern void flush_signals(struct task_struct *);
|
||||
extern void __flush_signals(struct task_struct *);
|
||||
extern void ignore_signals(struct task_struct *);
|
||||
extern void flush_signal_handlers(struct task_struct *, int force_default);
|
||||
extern int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info);
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -414,21 +414,16 @@ void flush_sigqueue(struct sigpending *queue)
|
|||
}
|
||||
|
||||
/*
|
||||
* Flush all pending signals for a task.
|
||||
* Flush all pending signals for this kthread.
|
||||
*/
|
||||
void __flush_signals(struct task_struct *t)
|
||||
{
|
||||
clear_tsk_thread_flag(t, TIF_SIGPENDING);
|
||||
flush_sigqueue(&t->pending);
|
||||
flush_sigqueue(&t->signal->shared_pending);
|
||||
}
|
||||
|
||||
void flush_signals(struct task_struct *t)
|
||||
{
|
||||
unsigned long flags;
|
||||
|
||||
spin_lock_irqsave(&t->sighand->siglock, flags);
|
||||
__flush_signals(t);
|
||||
clear_tsk_thread_flag(t, TIF_SIGPENDING);
|
||||
flush_sigqueue(&t->pending);
|
||||
flush_sigqueue(&t->signal->shared_pending);
|
||||
spin_unlock_irqrestore(&t->sighand->siglock, flags);
|
||||
}
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ obj-y += commoncap.o
|
|||
obj-$(CONFIG_MMU) += min_addr.o
|
||||
|
||||
# Object file lists
|
||||
obj-$(CONFIG_SECURITY) += security.o capability.o
|
||||
obj-$(CONFIG_SECURITY) += security.o
|
||||
obj-$(CONFIG_SECURITYFS) += inode.o
|
||||
obj-$(CONFIG_SECURITY_SELINUX) += selinux/
|
||||
obj-$(CONFIG_SECURITY_SMACK) += smack/
|
||||
|
|
|
@ -347,9 +347,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
|
|||
file_inode(bprm->file)->i_mode
|
||||
};
|
||||
const char *name = NULL, *target = NULL, *info = NULL;
|
||||
int error = cap_bprm_set_creds(bprm);
|
||||
if (error)
|
||||
return error;
|
||||
int error = 0;
|
||||
|
||||
if (bprm->cred_prepared)
|
||||
return 0;
|
||||
|
@ -531,15 +529,13 @@ cleanup:
|
|||
*/
|
||||
int apparmor_bprm_secureexec(struct linux_binprm *bprm)
|
||||
{
|
||||
int ret = cap_bprm_secureexec(bprm);
|
||||
|
||||
/* the decision to use secure exec is computed in set_creds
|
||||
* and stored in bprm->unsafe.
|
||||
*/
|
||||
if (!ret && (bprm->unsafe & AA_SECURE_X_NEEDED))
|
||||
ret = 1;
|
||||
if (bprm->unsafe & AA_SECURE_X_NEEDED)
|
||||
return 1;
|
||||
|
||||
return ret;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
* License.
|
||||
*/
|
||||
|
||||
#include <linux/security.h>
|
||||
#include <linux/lsm_hooks.h>
|
||||
#include <linux/moduleparam.h>
|
||||
#include <linux/mm.h>
|
||||
#include <linux/mman.h>
|
||||
|
@ -96,19 +96,11 @@ static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
|
|||
static int apparmor_ptrace_access_check(struct task_struct *child,
|
||||
unsigned int mode)
|
||||
{
|
||||
int error = cap_ptrace_access_check(child, mode);
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
return aa_ptrace(current, child, mode);
|
||||
}
|
||||
|
||||
static int apparmor_ptrace_traceme(struct task_struct *parent)
|
||||
{
|
||||
int error = cap_ptrace_traceme(parent);
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
return aa_ptrace(parent, current, PTRACE_MODE_ATTACH);
|
||||
}
|
||||
|
||||
|
@ -123,10 +115,10 @@ static int apparmor_capget(struct task_struct *target, kernel_cap_t *effective,
|
|||
cred = __task_cred(target);
|
||||
profile = aa_cred_profile(cred);
|
||||
|
||||
*effective = cred->cap_effective;
|
||||
*inheritable = cred->cap_inheritable;
|
||||
*permitted = cred->cap_permitted;
|
||||
|
||||
/*
|
||||
* cap_capget is stacked ahead of this and will
|
||||
* initialize effective and permitted.
|
||||
*/
|
||||
if (!unconfined(profile) && !COMPLAIN_MODE(profile)) {
|
||||
*effective = cap_intersect(*effective, profile->caps.allow);
|
||||
*permitted = cap_intersect(*permitted, profile->caps.allow);
|
||||
|
@ -140,13 +132,11 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
|
|||
int cap, int audit)
|
||||
{
|
||||
struct aa_profile *profile;
|
||||
/* cap_capable returns 0 on success, else -EPERM */
|
||||
int error = cap_capable(cred, ns, cap, audit);
|
||||
if (!error) {
|
||||
profile = aa_cred_profile(cred);
|
||||
if (!unconfined(profile))
|
||||
error = aa_capable(profile, cap, audit);
|
||||
}
|
||||
int error = 0;
|
||||
|
||||
profile = aa_cred_profile(cred);
|
||||
if (!unconfined(profile))
|
||||
error = aa_capable(profile, cap, audit);
|
||||
return error;
|
||||
}
|
||||
|
||||
|
@ -615,49 +605,46 @@ static int apparmor_task_setrlimit(struct task_struct *task,
|
|||
return error;
|
||||
}
|
||||
|
||||
static struct security_operations apparmor_ops = {
|
||||
.name = "apparmor",
|
||||
static struct security_hook_list apparmor_hooks[] = {
|
||||
LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),
|
||||
LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),
|
||||
LSM_HOOK_INIT(capget, apparmor_capget),
|
||||
LSM_HOOK_INIT(capable, apparmor_capable),
|
||||
|
||||
.ptrace_access_check = apparmor_ptrace_access_check,
|
||||
.ptrace_traceme = apparmor_ptrace_traceme,
|
||||
.capget = apparmor_capget,
|
||||
.capable = apparmor_capable,
|
||||
LSM_HOOK_INIT(path_link, apparmor_path_link),
|
||||
LSM_HOOK_INIT(path_unlink, apparmor_path_unlink),
|
||||
LSM_HOOK_INIT(path_symlink, apparmor_path_symlink),
|
||||
LSM_HOOK_INIT(path_mkdir, apparmor_path_mkdir),
|
||||
LSM_HOOK_INIT(path_rmdir, apparmor_path_rmdir),
|
||||
LSM_HOOK_INIT(path_mknod, apparmor_path_mknod),
|
||||
LSM_HOOK_INIT(path_rename, apparmor_path_rename),
|
||||
LSM_HOOK_INIT(path_chmod, apparmor_path_chmod),
|
||||
LSM_HOOK_INIT(path_chown, apparmor_path_chown),
|
||||
LSM_HOOK_INIT(path_truncate, apparmor_path_truncate),
|
||||
LSM_HOOK_INIT(inode_getattr, apparmor_inode_getattr),
|
||||
|
||||
.path_link = apparmor_path_link,
|
||||
.path_unlink = apparmor_path_unlink,
|
||||
.path_symlink = apparmor_path_symlink,
|
||||
.path_mkdir = apparmor_path_mkdir,
|
||||
.path_rmdir = apparmor_path_rmdir,
|
||||
.path_mknod = apparmor_path_mknod,
|
||||
.path_rename = apparmor_path_rename,
|
||||
.path_chmod = apparmor_path_chmod,
|
||||
.path_chown = apparmor_path_chown,
|
||||
.path_truncate = apparmor_path_truncate,
|
||||
.inode_getattr = apparmor_inode_getattr,
|
||||
LSM_HOOK_INIT(file_open, apparmor_file_open),
|
||||
LSM_HOOK_INIT(file_permission, apparmor_file_permission),
|
||||
LSM_HOOK_INIT(file_alloc_security, apparmor_file_alloc_security),
|
||||
LSM_HOOK_INIT(file_free_security, apparmor_file_free_security),
|
||||
LSM_HOOK_INIT(mmap_file, apparmor_mmap_file),
|
||||
LSM_HOOK_INIT(file_mprotect, apparmor_file_mprotect),
|
||||
LSM_HOOK_INIT(file_lock, apparmor_file_lock),
|
||||
|
||||
.file_open = apparmor_file_open,
|
||||
.file_permission = apparmor_file_permission,
|
||||
.file_alloc_security = apparmor_file_alloc_security,
|
||||
.file_free_security = apparmor_file_free_security,
|
||||
.mmap_file = apparmor_mmap_file,
|
||||
.mmap_addr = cap_mmap_addr,
|
||||
.file_mprotect = apparmor_file_mprotect,
|
||||
.file_lock = apparmor_file_lock,
|
||||
LSM_HOOK_INIT(getprocattr, apparmor_getprocattr),
|
||||
LSM_HOOK_INIT(setprocattr, apparmor_setprocattr),
|
||||
|
||||
.getprocattr = apparmor_getprocattr,
|
||||
.setprocattr = apparmor_setprocattr,
|
||||
LSM_HOOK_INIT(cred_alloc_blank, apparmor_cred_alloc_blank),
|
||||
LSM_HOOK_INIT(cred_free, apparmor_cred_free),
|
||||
LSM_HOOK_INIT(cred_prepare, apparmor_cred_prepare),
|
||||
LSM_HOOK_INIT(cred_transfer, apparmor_cred_transfer),
|
||||
|
||||
.cred_alloc_blank = apparmor_cred_alloc_blank,
|
||||
.cred_free = apparmor_cred_free,
|
||||
.cred_prepare = apparmor_cred_prepare,
|
||||
.cred_transfer = apparmor_cred_transfer,
|
||||
LSM_HOOK_INIT(bprm_set_creds, apparmor_bprm_set_creds),
|
||||
LSM_HOOK_INIT(bprm_committing_creds, apparmor_bprm_committing_creds),
|
||||
LSM_HOOK_INIT(bprm_committed_creds, apparmor_bprm_committed_creds),
|
||||
LSM_HOOK_INIT(bprm_secureexec, apparmor_bprm_secureexec),
|
||||
|
||||
.bprm_set_creds = apparmor_bprm_set_creds,
|
||||
.bprm_committing_creds = apparmor_bprm_committing_creds,
|
||||
.bprm_committed_creds = apparmor_bprm_committed_creds,
|
||||
.bprm_secureexec = apparmor_bprm_secureexec,
|
||||
|
||||
.task_setrlimit = apparmor_task_setrlimit,
|
||||
LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit),
|
||||
};
|
||||
|
||||
/*
|
||||
|
@ -898,7 +885,7 @@ static int __init apparmor_init(void)
|
|||
{
|
||||
int error;
|
||||
|
||||
if (!apparmor_enabled || !security_module_enable(&apparmor_ops)) {
|
||||
if (!apparmor_enabled || !security_module_enable("apparmor")) {
|
||||
aa_info_message("AppArmor disabled by boot time parameter");
|
||||
apparmor_enabled = 0;
|
||||
return 0;
|
||||
|
@ -913,17 +900,10 @@ static int __init apparmor_init(void)
|
|||
error = set_init_cxt();
|
||||
if (error) {
|
||||
AA_ERROR("Failed to set context on init task\n");
|
||||
goto register_security_out;
|
||||
}
|
||||
|
||||
error = register_security(&apparmor_ops);
|
||||
if (error) {
|
||||
struct cred *cred = (struct cred *)current->real_cred;
|
||||
aa_free_task_context(cred_cxt(cred));
|
||||
cred_cxt(cred) = NULL;
|
||||
AA_ERROR("Unable to register AppArmor\n");
|
||||
goto register_security_out;
|
||||
aa_free_root_ns();
|
||||
goto alloc_out;
|
||||
}
|
||||
security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks));
|
||||
|
||||
/* Report that AppArmor successfully initialized */
|
||||
apparmor_initialized = 1;
|
||||
|
@ -936,9 +916,6 @@ static int __init apparmor_init(void)
|
|||
|
||||
return error;
|
||||
|
||||
register_security_out:
|
||||
aa_free_root_ns();
|
||||
|
||||
alloc_out:
|
||||
aa_destroy_aafs();
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -12,7 +12,7 @@
|
|||
#include <linux/module.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/security.h>
|
||||
#include <linux/lsm_hooks.h>
|
||||
#include <linux/file.h>
|
||||
#include <linux/mm.h>
|
||||
#include <linux/mman.h>
|
||||
|
@ -53,11 +53,6 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
|
|||
}
|
||||
}
|
||||
|
||||
int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* cap_capable - Determine whether a task has a particular effective capability
|
||||
* @cred: The credentials to use
|
||||
|
@ -941,7 +936,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
|
|||
* @pages: The size of the mapping
|
||||
*
|
||||
* Determine whether the allocation of a new virtual mapping by the current
|
||||
* task is permitted, returning 0 if permission is granted, -ve if not.
|
||||
* task is permitted, returning 1 if permission is granted, 0 if not.
|
||||
*/
|
||||
int cap_vm_enough_memory(struct mm_struct *mm, long pages)
|
||||
{
|
||||
|
@ -950,7 +945,7 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
|
|||
if (cap_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
|
||||
SECURITY_CAP_NOAUDIT) == 0)
|
||||
cap_sys_admin = 1;
|
||||
return __vm_enough_memory(mm, pages, cap_sys_admin);
|
||||
return cap_sys_admin;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -981,3 +976,33 @@ int cap_mmap_file(struct file *file, unsigned long reqprot,
|
|||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SECURITY
|
||||
|
||||
struct security_hook_list capability_hooks[] = {
|
||||
LSM_HOOK_INIT(capable, cap_capable),
|
||||
LSM_HOOK_INIT(settime, cap_settime),
|
||||
LSM_HOOK_INIT(ptrace_access_check, cap_ptrace_access_check),
|
||||
LSM_HOOK_INIT(ptrace_traceme, cap_ptrace_traceme),
|
||||
LSM_HOOK_INIT(capget, cap_capget),
|
||||
LSM_HOOK_INIT(capset, cap_capset),
|
||||
LSM_HOOK_INIT(bprm_set_creds, cap_bprm_set_creds),
|
||||
LSM_HOOK_INIT(bprm_secureexec, cap_bprm_secureexec),
|
||||
LSM_HOOK_INIT(inode_need_killpriv, cap_inode_need_killpriv),
|
||||
LSM_HOOK_INIT(inode_killpriv, cap_inode_killpriv),
|
||||
LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
|
||||
LSM_HOOK_INIT(mmap_file, cap_mmap_file),
|
||||
LSM_HOOK_INIT(task_fix_setuid, cap_task_fix_setuid),
|
||||
LSM_HOOK_INIT(task_prctl, cap_task_prctl),
|
||||
LSM_HOOK_INIT(task_setscheduler, cap_task_setscheduler),
|
||||
LSM_HOOK_INIT(task_setioprio, cap_task_setioprio),
|
||||
LSM_HOOK_INIT(task_setnice, cap_task_setnice),
|
||||
LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory),
|
||||
};
|
||||
|
||||
void __init capability_add_hooks(void)
|
||||
{
|
||||
security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
|
||||
}
|
||||
|
||||
#endif /* CONFIG_SECURITY */
|
||||
|
|
|
@ -85,7 +85,7 @@ int __init integrity_init_keyring(const unsigned int id)
|
|||
return err;
|
||||
}
|
||||
|
||||
int __init integrity_load_x509(const unsigned int id, char *path)
|
||||
int __init integrity_load_x509(const unsigned int id, const char *path)
|
||||
{
|
||||
key_ref_t key;
|
||||
char *data;
|
||||
|
|
|
@ -296,6 +296,17 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name,
|
|||
iint = integrity_iint_find(d_backing_inode(dentry));
|
||||
if (iint && (iint->flags & IMA_NEW_FILE))
|
||||
return 0;
|
||||
|
||||
/* exception for pseudo filesystems */
|
||||
if (dentry->d_inode->i_sb->s_magic == TMPFS_MAGIC
|
||||
|| dentry->d_inode->i_sb->s_magic == SYSFS_MAGIC)
|
||||
return 0;
|
||||
|
||||
integrity_audit_msg(AUDIT_INTEGRITY_METADATA,
|
||||
dentry->d_inode, dentry->d_name.name,
|
||||
"update_metadata",
|
||||
integrity_status_msg[evm_status],
|
||||
-EPERM, 0);
|
||||
}
|
||||
out:
|
||||
if (evm_status != INTEGRITY_PASS)
|
||||
|
@ -376,17 +387,16 @@ void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name,
|
|||
* @xattr_name: pointer to the affected extended attribute name
|
||||
*
|
||||
* Update the HMAC stored in 'security.evm' to reflect removal of the xattr.
|
||||
*
|
||||
* No need to take the i_mutex lock here, as this function is called from
|
||||
* vfs_removexattr() which takes the i_mutex.
|
||||
*/
|
||||
void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name)
|
||||
{
|
||||
struct inode *inode = d_backing_inode(dentry);
|
||||
|
||||
if (!evm_initialized || !evm_protected_xattr(xattr_name))
|
||||
return;
|
||||
|
||||
mutex_lock(&inode->i_mutex);
|
||||
evm_update_evmxattr(dentry, xattr_name, NULL, 0);
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -213,6 +213,9 @@ int __init integrity_read_file(const char *path, char **data)
|
|||
char *buf;
|
||||
int rc = -EINVAL;
|
||||
|
||||
if (!path || !*path)
|
||||
return -EINVAL;
|
||||
|
||||
file = filp_open(path, O_RDONLY, 0);
|
||||
if (IS_ERR(file)) {
|
||||
rc = PTR_ERR(file);
|
||||
|
|
|
@ -52,6 +52,16 @@ extern int ima_used_chip;
|
|||
extern int ima_hash_algo;
|
||||
extern int ima_appraise;
|
||||
|
||||
/* IMA event related data */
|
||||
struct ima_event_data {
|
||||
struct integrity_iint_cache *iint;
|
||||
struct file *file;
|
||||
const unsigned char *filename;
|
||||
struct evm_ima_xattr_data *xattr_value;
|
||||
int xattr_len;
|
||||
const char *violation;
|
||||
};
|
||||
|
||||
/* IMA template field data definition */
|
||||
struct ima_field_data {
|
||||
u8 *data;
|
||||
|
@ -61,12 +71,10 @@ struct ima_field_data {
|
|||
/* IMA template field definition */
|
||||
struct ima_template_field {
|
||||
const char field_id[IMA_TEMPLATE_FIELD_ID_MAX_LEN];
|
||||
int (*field_init) (struct integrity_iint_cache *iint, struct file *file,
|
||||
const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value,
|
||||
int xattr_len, struct ima_field_data *field_data);
|
||||
void (*field_show) (struct seq_file *m, enum ima_show_type show,
|
||||
struct ima_field_data *field_data);
|
||||
int (*field_init)(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data);
|
||||
void (*field_show)(struct seq_file *m, enum ima_show_type show,
|
||||
struct ima_field_data *field_data);
|
||||
};
|
||||
|
||||
/* IMA template descriptor definition */
|
||||
|
@ -103,10 +111,11 @@ int ima_calc_field_array_hash(struct ima_field_data *field_data,
|
|||
struct ima_digest_data *hash);
|
||||
int __init ima_calc_boot_aggregate(struct ima_digest_data *hash);
|
||||
void ima_add_violation(struct file *file, const unsigned char *filename,
|
||||
struct integrity_iint_cache *iint,
|
||||
const char *op, const char *cause);
|
||||
int ima_init_crypto(void);
|
||||
void ima_putc(struct seq_file *m, void *data, int datalen);
|
||||
void ima_print_digest(struct seq_file *m, u8 *digest, int size);
|
||||
void ima_print_digest(struct seq_file *m, u8 *digest, u32 size);
|
||||
struct ima_template_desc *ima_template_desc_current(void);
|
||||
int ima_init_template(void);
|
||||
|
||||
|
@ -140,10 +149,8 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
|
|||
int xattr_len);
|
||||
void ima_audit_measurement(struct integrity_iint_cache *iint,
|
||||
const unsigned char *filename);
|
||||
int ima_alloc_init_template(struct integrity_iint_cache *iint,
|
||||
struct file *file, const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value,
|
||||
int xattr_len, struct ima_template_entry **entry);
|
||||
int ima_alloc_init_template(struct ima_event_data *event_data,
|
||||
struct ima_template_entry **entry);
|
||||
int ima_store_template(struct ima_template_entry *entry, int violation,
|
||||
struct inode *inode, const unsigned char *filename);
|
||||
void ima_free_template_entry(struct ima_template_entry *entry);
|
||||
|
|
|
@ -37,10 +37,8 @@ void ima_free_template_entry(struct ima_template_entry *entry)
|
|||
/*
|
||||
* ima_alloc_init_template - create and initialize a new template entry
|
||||
*/
|
||||
int ima_alloc_init_template(struct integrity_iint_cache *iint,
|
||||
struct file *file, const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value,
|
||||
int xattr_len, struct ima_template_entry **entry)
|
||||
int ima_alloc_init_template(struct ima_event_data *event_data,
|
||||
struct ima_template_entry **entry)
|
||||
{
|
||||
struct ima_template_desc *template_desc = ima_template_desc_current();
|
||||
int i, result = 0;
|
||||
|
@ -55,8 +53,7 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint,
|
|||
struct ima_template_field *field = template_desc->fields[i];
|
||||
u32 len;
|
||||
|
||||
result = field->field_init(iint, file, filename,
|
||||
xattr_value, xattr_len,
|
||||
result = field->field_init(event_data,
|
||||
&((*entry)->template_data[i]));
|
||||
if (result != 0)
|
||||
goto out;
|
||||
|
@ -129,18 +126,20 @@ int ima_store_template(struct ima_template_entry *entry,
|
|||
* value is invalidated.
|
||||
*/
|
||||
void ima_add_violation(struct file *file, const unsigned char *filename,
|
||||
struct integrity_iint_cache *iint,
|
||||
const char *op, const char *cause)
|
||||
{
|
||||
struct ima_template_entry *entry;
|
||||
struct inode *inode = file_inode(file);
|
||||
struct ima_event_data event_data = {iint, file, filename, NULL, 0,
|
||||
cause};
|
||||
int violation = 1;
|
||||
int result;
|
||||
|
||||
/* can overflow, only indicator */
|
||||
atomic_long_inc(&ima_htable.violations);
|
||||
|
||||
result = ima_alloc_init_template(NULL, file, filename,
|
||||
NULL, 0, &entry);
|
||||
result = ima_alloc_init_template(&event_data, &entry);
|
||||
if (result < 0) {
|
||||
result = -ENOMEM;
|
||||
goto err_out;
|
||||
|
@ -267,13 +266,14 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
|
|||
int result = -ENOMEM;
|
||||
struct inode *inode = file_inode(file);
|
||||
struct ima_template_entry *entry;
|
||||
struct ima_event_data event_data = {iint, file, filename, xattr_value,
|
||||
xattr_len, NULL};
|
||||
int violation = 0;
|
||||
|
||||
if (iint->flags & IMA_MEASURED)
|
||||
return;
|
||||
|
||||
result = ima_alloc_init_template(iint, file, filename,
|
||||
xattr_value, xattr_len, &entry);
|
||||
result = ima_alloc_init_template(&event_data, &entry);
|
||||
if (result < 0) {
|
||||
integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
|
||||
op, audit_cause, result, 0);
|
||||
|
|
|
@ -378,10 +378,14 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
|
|||
result = ima_protect_xattr(dentry, xattr_name, xattr_value,
|
||||
xattr_value_len);
|
||||
if (result == 1) {
|
||||
bool digsig;
|
||||
|
||||
if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))
|
||||
return -EINVAL;
|
||||
ima_reset_appraise_flags(d_backing_inode(dentry),
|
||||
(xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);
|
||||
digsig = (xvalue->type == EVM_IMA_XATTR_DIGSIG);
|
||||
if (!digsig && (ima_appraise & IMA_APPRAISE_ENFORCE))
|
||||
return -EPERM;
|
||||
ima_reset_appraise_flags(d_backing_inode(dentry), digsig);
|
||||
result = 0;
|
||||
}
|
||||
return result;
|
||||
|
|
|
@ -190,9 +190,9 @@ static const struct file_operations ima_measurements_ops = {
|
|||
.release = seq_release,
|
||||
};
|
||||
|
||||
void ima_print_digest(struct seq_file *m, u8 *digest, int size)
|
||||
void ima_print_digest(struct seq_file *m, u8 *digest, u32 size)
|
||||
{
|
||||
int i;
|
||||
u32 i;
|
||||
|
||||
for (i = 0; i < size; i++)
|
||||
seq_printf(m, "%02x", *(digest + i));
|
||||
|
|
|
@ -24,12 +24,6 @@
|
|||
#include <crypto/hash_info.h>
|
||||
#include "ima.h"
|
||||
|
||||
#ifdef CONFIG_IMA_X509_PATH
|
||||
#define IMA_X509_PATH CONFIG_IMA_X509_PATH
|
||||
#else
|
||||
#define IMA_X509_PATH "/etc/keys/x509_ima.der"
|
||||
#endif
|
||||
|
||||
/* name for boot aggregate entry */
|
||||
static const char *boot_aggregate_name = "boot_aggregate";
|
||||
int ima_used_chip;
|
||||
|
@ -55,6 +49,8 @@ static int __init ima_add_boot_aggregate(void)
|
|||
const char *audit_cause = "ENOMEM";
|
||||
struct ima_template_entry *entry;
|
||||
struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
|
||||
struct ima_event_data event_data = {iint, NULL, boot_aggregate_name,
|
||||
NULL, 0, NULL};
|
||||
int result = -ENOMEM;
|
||||
int violation = 0;
|
||||
struct {
|
||||
|
@ -76,8 +72,7 @@ static int __init ima_add_boot_aggregate(void)
|
|||
}
|
||||
}
|
||||
|
||||
result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,
|
||||
NULL, 0, &entry);
|
||||
result = ima_alloc_init_template(&event_data, &entry);
|
||||
if (result < 0) {
|
||||
audit_cause = "alloc_entry";
|
||||
goto err_out;
|
||||
|
@ -103,7 +98,7 @@ void __init ima_load_x509(void)
|
|||
int unset_flags = ima_policy_flag & IMA_APPRAISE;
|
||||
|
||||
ima_policy_flag &= ~unset_flags;
|
||||
integrity_load_x509(INTEGRITY_KEYRING_IMA, IMA_X509_PATH);
|
||||
integrity_load_x509(INTEGRITY_KEYRING_IMA, CONFIG_IMA_X509_PATH);
|
||||
ima_policy_flag |= unset_flags;
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -106,9 +106,10 @@ static void ima_rdwr_violation_check(struct file *file,
|
|||
*pathname = ima_d_path(&file->f_path, pathbuf);
|
||||
|
||||
if (send_tomtou)
|
||||
ima_add_violation(file, *pathname, "invalid_pcr", "ToMToU");
|
||||
ima_add_violation(file, *pathname, iint,
|
||||
"invalid_pcr", "ToMToU");
|
||||
if (send_writers)
|
||||
ima_add_violation(file, *pathname,
|
||||
ima_add_violation(file, *pathname, iint,
|
||||
"invalid_pcr", "open_writers");
|
||||
}
|
||||
|
||||
|
|
|
@ -27,6 +27,8 @@
|
|||
#define IMA_UID 0x0008
|
||||
#define IMA_FOWNER 0x0010
|
||||
#define IMA_FSUUID 0x0020
|
||||
#define IMA_INMASK 0x0040
|
||||
#define IMA_EUID 0x0080
|
||||
|
||||
#define UNKNOWN 0
|
||||
#define MEASURE 0x0001 /* same as IMA_MEASURE */
|
||||
|
@ -42,6 +44,8 @@ enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE,
|
|||
LSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE
|
||||
};
|
||||
|
||||
enum policy_types { ORIGINAL_TCB = 1, DEFAULT_TCB };
|
||||
|
||||
struct ima_rule_entry {
|
||||
struct list_head list;
|
||||
int action;
|
||||
|
@ -70,7 +74,7 @@ struct ima_rule_entry {
|
|||
* normal users can easily run the machine out of memory simply building
|
||||
* and running executables.
|
||||
*/
|
||||
static struct ima_rule_entry default_rules[] = {
|
||||
static struct ima_rule_entry dont_measure_rules[] = {
|
||||
{.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
|
||||
{.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
|
||||
{.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
|
||||
|
@ -79,12 +83,31 @@ static struct ima_rule_entry default_rules[] = {
|
|||
{.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
|
||||
{.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
|
||||
{.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
|
||||
{.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
|
||||
.flags = IMA_FSMAGIC},
|
||||
{.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}
|
||||
};
|
||||
|
||||
static struct ima_rule_entry original_measurement_rules[] = {
|
||||
{.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
|
||||
.flags = IMA_FUNC | IMA_MASK},
|
||||
{.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
|
||||
.flags = IMA_FUNC | IMA_MASK},
|
||||
{.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, .uid = GLOBAL_ROOT_UID,
|
||||
.flags = IMA_FUNC | IMA_MASK | IMA_UID},
|
||||
{.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
|
||||
.uid = GLOBAL_ROOT_UID, .flags = IMA_FUNC | IMA_MASK | IMA_UID},
|
||||
{.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
|
||||
{.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
|
||||
};
|
||||
|
||||
static struct ima_rule_entry default_measurement_rules[] = {
|
||||
{.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
|
||||
.flags = IMA_FUNC | IMA_MASK},
|
||||
{.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
|
||||
.flags = IMA_FUNC | IMA_MASK},
|
||||
{.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
|
||||
.uid = GLOBAL_ROOT_UID, .flags = IMA_FUNC | IMA_INMASK | IMA_EUID},
|
||||
{.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
|
||||
.uid = GLOBAL_ROOT_UID, .flags = IMA_FUNC | IMA_INMASK | IMA_UID},
|
||||
{.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
|
||||
{.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
|
||||
};
|
||||
|
@ -99,6 +122,7 @@ static struct ima_rule_entry default_appraise_rules[] = {
|
|||
{.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
|
||||
{.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
|
||||
{.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
|
||||
{.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
|
||||
{.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
|
||||
#ifndef CONFIG_IMA_APPRAISE_SIGNED_INIT
|
||||
{.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .flags = IMA_FOWNER},
|
||||
|
@ -115,14 +139,29 @@ static struct list_head *ima_rules;
|
|||
|
||||
static DEFINE_MUTEX(ima_rules_mutex);
|
||||
|
||||
static bool ima_use_tcb __initdata;
|
||||
static int ima_policy __initdata;
|
||||
static int __init default_measure_policy_setup(char *str)
|
||||
{
|
||||
ima_use_tcb = 1;
|
||||
if (ima_policy)
|
||||
return 1;
|
||||
|
||||
ima_policy = ORIGINAL_TCB;
|
||||
return 1;
|
||||
}
|
||||
__setup("ima_tcb", default_measure_policy_setup);
|
||||
|
||||
static int __init policy_setup(char *str)
|
||||
{
|
||||
if (ima_policy)
|
||||
return 1;
|
||||
|
||||
if (strcmp(str, "tcb") == 0)
|
||||
ima_policy = DEFAULT_TCB;
|
||||
|
||||
return 1;
|
||||
}
|
||||
__setup("ima_policy=", policy_setup);
|
||||
|
||||
static bool ima_use_appraise_tcb __initdata;
|
||||
static int __init default_appraise_policy_setup(char *str)
|
||||
{
|
||||
|
@ -182,6 +221,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
|
|||
if ((rule->flags & IMA_MASK) &&
|
||||
(rule->mask != mask && func != POST_SETATTR))
|
||||
return false;
|
||||
if ((rule->flags & IMA_INMASK) &&
|
||||
(!(rule->mask & mask) && func != POST_SETATTR))
|
||||
return false;
|
||||
if ((rule->flags & IMA_FSMAGIC)
|
||||
&& rule->fsmagic != inode->i_sb->s_magic)
|
||||
return false;
|
||||
|
@ -190,6 +232,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
|
|||
return false;
|
||||
if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
|
||||
return false;
|
||||
if (rule->flags & IMA_EUID) {
|
||||
if (has_capability_noaudit(current, CAP_SETUID)) {
|
||||
if (!uid_eq(rule->uid, cred->euid)
|
||||
&& !uid_eq(rule->uid, cred->suid)
|
||||
&& !uid_eq(rule->uid, cred->uid))
|
||||
return false;
|
||||
} else if (!uid_eq(rule->uid, cred->euid))
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((rule->flags & IMA_FOWNER) && !uid_eq(rule->fowner, inode->i_uid))
|
||||
return false;
|
||||
for (i = 0; i < MAX_LSM_RULES; i++) {
|
||||
|
@ -333,21 +385,31 @@ void __init ima_init_policy(void)
|
|||
{
|
||||
int i, measure_entries, appraise_entries;
|
||||
|
||||
/* if !ima_use_tcb set entries = 0 so we load NO default rules */
|
||||
measure_entries = ima_use_tcb ? ARRAY_SIZE(default_rules) : 0;
|
||||
/* if !ima_policy set entries = 0 so we load NO default rules */
|
||||
measure_entries = ima_policy ? ARRAY_SIZE(dont_measure_rules) : 0;
|
||||
appraise_entries = ima_use_appraise_tcb ?
|
||||
ARRAY_SIZE(default_appraise_rules) : 0;
|
||||
|
||||
for (i = 0; i < measure_entries + appraise_entries; i++) {
|
||||
if (i < measure_entries)
|
||||
list_add_tail(&default_rules[i].list,
|
||||
&ima_default_rules);
|
||||
else {
|
||||
int j = i - measure_entries;
|
||||
for (i = 0; i < measure_entries; i++)
|
||||
list_add_tail(&dont_measure_rules[i].list, &ima_default_rules);
|
||||
|
||||
list_add_tail(&default_appraise_rules[j].list,
|
||||
switch (ima_policy) {
|
||||
case ORIGINAL_TCB:
|
||||
for (i = 0; i < ARRAY_SIZE(original_measurement_rules); i++)
|
||||
list_add_tail(&original_measurement_rules[i].list,
|
||||
&ima_default_rules);
|
||||
}
|
||||
break;
|
||||
case DEFAULT_TCB:
|
||||
for (i = 0; i < ARRAY_SIZE(default_measurement_rules); i++)
|
||||
list_add_tail(&default_measurement_rules[i].list,
|
||||
&ima_default_rules);
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
for (i = 0; i < appraise_entries; i++) {
|
||||
list_add_tail(&default_appraise_rules[i].list,
|
||||
&ima_default_rules);
|
||||
}
|
||||
|
||||
ima_rules = &ima_default_rules;
|
||||
|
@ -373,7 +435,8 @@ enum {
|
|||
Opt_audit,
|
||||
Opt_obj_user, Opt_obj_role, Opt_obj_type,
|
||||
Opt_subj_user, Opt_subj_role, Opt_subj_type,
|
||||
Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner,
|
||||
Opt_func, Opt_mask, Opt_fsmagic,
|
||||
Opt_uid, Opt_euid, Opt_fowner,
|
||||
Opt_appraise_type, Opt_fsuuid, Opt_permit_directio
|
||||
};
|
||||
|
||||
|
@ -394,6 +457,7 @@ static match_table_t policy_tokens = {
|
|||
{Opt_fsmagic, "fsmagic=%s"},
|
||||
{Opt_fsuuid, "fsuuid=%s"},
|
||||
{Opt_uid, "uid=%s"},
|
||||
{Opt_euid, "euid=%s"},
|
||||
{Opt_fowner, "fowner=%s"},
|
||||
{Opt_appraise_type, "appraise_type=%s"},
|
||||
{Opt_permit_directio, "permit_directio"},
|
||||
|
@ -435,6 +499,7 @@ static void ima_log_string(struct audit_buffer *ab, char *key, char *value)
|
|||
static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
|
||||
{
|
||||
struct audit_buffer *ab;
|
||||
char *from;
|
||||
char *p;
|
||||
int result = 0;
|
||||
|
||||
|
@ -525,18 +590,23 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
|
|||
if (entry->mask)
|
||||
result = -EINVAL;
|
||||
|
||||
if ((strcmp(args[0].from, "MAY_EXEC")) == 0)
|
||||
from = args[0].from;
|
||||
if (*from == '^')
|
||||
from++;
|
||||
|
||||
if ((strcmp(from, "MAY_EXEC")) == 0)
|
||||
entry->mask = MAY_EXEC;
|
||||
else if (strcmp(args[0].from, "MAY_WRITE") == 0)
|
||||
else if (strcmp(from, "MAY_WRITE") == 0)
|
||||
entry->mask = MAY_WRITE;
|
||||
else if (strcmp(args[0].from, "MAY_READ") == 0)
|
||||
else if (strcmp(from, "MAY_READ") == 0)
|
||||
entry->mask = MAY_READ;
|
||||
else if (strcmp(args[0].from, "MAY_APPEND") == 0)
|
||||
else if (strcmp(from, "MAY_APPEND") == 0)
|
||||
entry->mask = MAY_APPEND;
|
||||
else
|
||||
result = -EINVAL;
|
||||
if (!result)
|
||||
entry->flags |= IMA_MASK;
|
||||
entry->flags |= (*args[0].from == '^')
|
||||
? IMA_INMASK : IMA_MASK;
|
||||
break;
|
||||
case Opt_fsmagic:
|
||||
ima_log_string(ab, "fsmagic", args[0].from);
|
||||
|
@ -566,6 +636,9 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
|
|||
break;
|
||||
case Opt_uid:
|
||||
ima_log_string(ab, "uid", args[0].from);
|
||||
case Opt_euid:
|
||||
if (token == Opt_euid)
|
||||
ima_log_string(ab, "euid", args[0].from);
|
||||
|
||||
if (uid_valid(entry->uid)) {
|
||||
result = -EINVAL;
|
||||
|
@ -574,11 +647,14 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
|
|||
|
||||
result = kstrtoul(args[0].from, 10, &lnum);
|
||||
if (!result) {
|
||||
entry->uid = make_kuid(current_user_ns(), (uid_t)lnum);
|
||||
if (!uid_valid(entry->uid) || (((uid_t)lnum) != lnum))
|
||||
entry->uid = make_kuid(current_user_ns(),
|
||||
(uid_t) lnum);
|
||||
if (!uid_valid(entry->uid) ||
|
||||
(uid_t)lnum != lnum)
|
||||
result = -EINVAL;
|
||||
else
|
||||
entry->flags |= IMA_UID;
|
||||
entry->flags |= (token == Opt_uid)
|
||||
? IMA_UID : IMA_EUID;
|
||||
}
|
||||
break;
|
||||
case Opt_fowner:
|
||||
|
|
|
@ -70,7 +70,8 @@ static void ima_show_template_data_ascii(struct seq_file *m,
|
|||
enum data_formats datafmt,
|
||||
struct ima_field_data *field_data)
|
||||
{
|
||||
u8 *buf_ptr = field_data->data, buflen = field_data->len;
|
||||
u8 *buf_ptr = field_data->data;
|
||||
u32 buflen = field_data->len;
|
||||
|
||||
switch (datafmt) {
|
||||
case DATA_FMT_DIGEST_WITH_ALGO:
|
||||
|
@ -195,9 +196,7 @@ static int ima_eventdigest_init_common(u8 *digest, u32 digestsize, u8 hash_algo,
|
|||
/*
|
||||
* This function writes the digest of an event (with size limit).
|
||||
*/
|
||||
int ima_eventdigest_init(struct integrity_iint_cache *iint, struct file *file,
|
||||
const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value, int xattr_len,
|
||||
int ima_eventdigest_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data)
|
||||
{
|
||||
struct {
|
||||
|
@ -211,25 +210,25 @@ int ima_eventdigest_init(struct integrity_iint_cache *iint, struct file *file,
|
|||
|
||||
memset(&hash, 0, sizeof(hash));
|
||||
|
||||
if (!iint) /* recording a violation. */
|
||||
if (event_data->violation) /* recording a violation. */
|
||||
goto out;
|
||||
|
||||
if (ima_template_hash_algo_allowed(iint->ima_hash->algo)) {
|
||||
cur_digest = iint->ima_hash->digest;
|
||||
cur_digestsize = iint->ima_hash->length;
|
||||
if (ima_template_hash_algo_allowed(event_data->iint->ima_hash->algo)) {
|
||||
cur_digest = event_data->iint->ima_hash->digest;
|
||||
cur_digestsize = event_data->iint->ima_hash->length;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!file) /* missing info to re-calculate the digest */
|
||||
if (!event_data->file) /* missing info to re-calculate the digest */
|
||||
return -EINVAL;
|
||||
|
||||
inode = file_inode(file);
|
||||
inode = file_inode(event_data->file);
|
||||
hash.hdr.algo = ima_template_hash_algo_allowed(ima_hash_algo) ?
|
||||
ima_hash_algo : HASH_ALGO_SHA1;
|
||||
result = ima_calc_file_hash(file, &hash.hdr);
|
||||
result = ima_calc_file_hash(event_data->file, &hash.hdr);
|
||||
if (result) {
|
||||
integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode,
|
||||
filename, "collect_data",
|
||||
event_data->filename, "collect_data",
|
||||
"failed", result, 0);
|
||||
return result;
|
||||
}
|
||||
|
@ -243,48 +242,43 @@ out:
|
|||
/*
|
||||
* This function writes the digest of an event (without size limit).
|
||||
*/
|
||||
int ima_eventdigest_ng_init(struct integrity_iint_cache *iint,
|
||||
struct file *file, const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value,
|
||||
int xattr_len, struct ima_field_data *field_data)
|
||||
int ima_eventdigest_ng_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data)
|
||||
{
|
||||
u8 *cur_digest = NULL, hash_algo = HASH_ALGO_SHA1;
|
||||
u32 cur_digestsize = 0;
|
||||
|
||||
/* If iint is NULL, we are recording a violation. */
|
||||
if (!iint)
|
||||
if (event_data->violation) /* recording a violation. */
|
||||
goto out;
|
||||
|
||||
cur_digest = iint->ima_hash->digest;
|
||||
cur_digestsize = iint->ima_hash->length;
|
||||
cur_digest = event_data->iint->ima_hash->digest;
|
||||
cur_digestsize = event_data->iint->ima_hash->length;
|
||||
|
||||
hash_algo = iint->ima_hash->algo;
|
||||
hash_algo = event_data->iint->ima_hash->algo;
|
||||
out:
|
||||
return ima_eventdigest_init_common(cur_digest, cur_digestsize,
|
||||
hash_algo, field_data);
|
||||
}
|
||||
|
||||
static int ima_eventname_init_common(struct integrity_iint_cache *iint,
|
||||
struct file *file,
|
||||
const unsigned char *filename,
|
||||
static int ima_eventname_init_common(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data,
|
||||
bool size_limit)
|
||||
{
|
||||
const char *cur_filename = NULL;
|
||||
u32 cur_filename_len = 0;
|
||||
|
||||
BUG_ON(filename == NULL && file == NULL);
|
||||
BUG_ON(event_data->filename == NULL && event_data->file == NULL);
|
||||
|
||||
if (filename) {
|
||||
cur_filename = filename;
|
||||
cur_filename_len = strlen(filename);
|
||||
if (event_data->filename) {
|
||||
cur_filename = event_data->filename;
|
||||
cur_filename_len = strlen(event_data->filename);
|
||||
|
||||
if (!size_limit || cur_filename_len <= IMA_EVENT_NAME_LEN_MAX)
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (file) {
|
||||
cur_filename = file->f_path.dentry->d_name.name;
|
||||
if (event_data->file) {
|
||||
cur_filename = event_data->file->f_path.dentry->d_name.name;
|
||||
cur_filename_len = strlen(cur_filename);
|
||||
} else
|
||||
/*
|
||||
|
@ -300,36 +294,30 @@ out:
|
|||
/*
|
||||
* This function writes the name of an event (with size limit).
|
||||
*/
|
||||
int ima_eventname_init(struct integrity_iint_cache *iint, struct file *file,
|
||||
const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value, int xattr_len,
|
||||
int ima_eventname_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data)
|
||||
{
|
||||
return ima_eventname_init_common(iint, file, filename,
|
||||
field_data, true);
|
||||
return ima_eventname_init_common(event_data, field_data, true);
|
||||
}
|
||||
|
||||
/*
|
||||
* This function writes the name of an event (without size limit).
|
||||
*/
|
||||
int ima_eventname_ng_init(struct integrity_iint_cache *iint, struct file *file,
|
||||
const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value, int xattr_len,
|
||||
int ima_eventname_ng_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data)
|
||||
{
|
||||
return ima_eventname_init_common(iint, file, filename,
|
||||
field_data, false);
|
||||
return ima_eventname_init_common(event_data, field_data, false);
|
||||
}
|
||||
|
||||
/*
|
||||
* ima_eventsig_init - include the file signature as part of the template data
|
||||
*/
|
||||
int ima_eventsig_init(struct integrity_iint_cache *iint, struct file *file,
|
||||
const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value, int xattr_len,
|
||||
int ima_eventsig_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data)
|
||||
{
|
||||
enum data_formats fmt = DATA_FMT_HEX;
|
||||
struct evm_ima_xattr_data *xattr_value = event_data->xattr_value;
|
||||
int xattr_len = event_data->xattr_len;
|
||||
int rc = 0;
|
||||
|
||||
if ((!xattr_value) || (xattr_value->type != EVM_IMA_XATTR_DIGSIG))
|
||||
|
|
|
@ -26,24 +26,14 @@ void ima_show_template_string(struct seq_file *m, enum ima_show_type show,
|
|||
struct ima_field_data *field_data);
|
||||
void ima_show_template_sig(struct seq_file *m, enum ima_show_type show,
|
||||
struct ima_field_data *field_data);
|
||||
int ima_eventdigest_init(struct integrity_iint_cache *iint, struct file *file,
|
||||
const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value, int xattr_len,
|
||||
int ima_eventdigest_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data);
|
||||
int ima_eventname_init(struct integrity_iint_cache *iint, struct file *file,
|
||||
const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value, int xattr_len,
|
||||
int ima_eventname_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data);
|
||||
int ima_eventdigest_ng_init(struct integrity_iint_cache *iint,
|
||||
struct file *file, const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value,
|
||||
int xattr_len, struct ima_field_data *field_data);
|
||||
int ima_eventname_ng_init(struct integrity_iint_cache *iint, struct file *file,
|
||||
const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value, int xattr_len,
|
||||
int ima_eventdigest_ng_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data);
|
||||
int ima_eventname_ng_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data);
|
||||
int ima_eventsig_init(struct integrity_iint_cache *iint, struct file *file,
|
||||
const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value, int xattr_len,
|
||||
int ima_eventsig_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data);
|
||||
#endif /* __LINUX_IMA_TEMPLATE_LIB_H */
|
||||
|
|
|
@ -135,7 +135,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
|
|||
const char *digest, int digestlen);
|
||||
|
||||
int __init integrity_init_keyring(const unsigned int id);
|
||||
int __init integrity_load_x509(const unsigned int id, char *path);
|
||||
int __init integrity_load_x509(const unsigned int id, const char *path);
|
||||
#else
|
||||
|
||||
static inline int integrity_digsig_verify(const unsigned int id,
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -29,7 +29,7 @@
|
|||
#include <linux/tracehook.h>
|
||||
#include <linux/errno.h>
|
||||
#include <linux/sched.h>
|
||||
#include <linux/security.h>
|
||||
#include <linux/lsm_hooks.h>
|
||||
#include <linux/xattr.h>
|
||||
#include <linux/capability.h>
|
||||
#include <linux/unistd.h>
|
||||
|
@ -403,6 +403,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
|
|||
return sbsec->behavior == SECURITY_FS_USE_XATTR ||
|
||||
sbsec->behavior == SECURITY_FS_USE_TRANS ||
|
||||
sbsec->behavior == SECURITY_FS_USE_TASK ||
|
||||
sbsec->behavior == SECURITY_FS_USE_NATIVE ||
|
||||
/* Special handling. Genfs but also in-core setxattr handler */
|
||||
!strcmp(sb->s_type->name, "sysfs") ||
|
||||
!strcmp(sb->s_type->name, "pstore") ||
|
||||
|
@ -724,7 +725,12 @@ static int selinux_set_mnt_opts(struct super_block *sb,
|
|||
}
|
||||
|
||||
if (strcmp(sb->s_type->name, "proc") == 0)
|
||||
sbsec->flags |= SE_SBPROC;
|
||||
sbsec->flags |= SE_SBPROC | SE_SBGENFS;
|
||||
|
||||
if (!strcmp(sb->s_type->name, "debugfs") ||
|
||||
!strcmp(sb->s_type->name, "sysfs") ||
|
||||
!strcmp(sb->s_type->name, "pstore"))
|
||||
sbsec->flags |= SE_SBGENFS;
|
||||
|
||||
if (!sbsec->behavior) {
|
||||
/*
|
||||
|
@ -1188,8 +1194,6 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
|
|||
switch (protocol) {
|
||||
case NETLINK_ROUTE:
|
||||
return SECCLASS_NETLINK_ROUTE_SOCKET;
|
||||
case NETLINK_FIREWALL:
|
||||
return SECCLASS_NETLINK_FIREWALL_SOCKET;
|
||||
case NETLINK_SOCK_DIAG:
|
||||
return SECCLASS_NETLINK_TCPDIAG_SOCKET;
|
||||
case NETLINK_NFLOG:
|
||||
|
@ -1198,14 +1202,28 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
|
|||
return SECCLASS_NETLINK_XFRM_SOCKET;
|
||||
case NETLINK_SELINUX:
|
||||
return SECCLASS_NETLINK_SELINUX_SOCKET;
|
||||
case NETLINK_ISCSI:
|
||||
return SECCLASS_NETLINK_ISCSI_SOCKET;
|
||||
case NETLINK_AUDIT:
|
||||
return SECCLASS_NETLINK_AUDIT_SOCKET;
|
||||
case NETLINK_IP6_FW:
|
||||
return SECCLASS_NETLINK_IP6FW_SOCKET;
|
||||
case NETLINK_FIB_LOOKUP:
|
||||
return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
|
||||
case NETLINK_CONNECTOR:
|
||||
return SECCLASS_NETLINK_CONNECTOR_SOCKET;
|
||||
case NETLINK_NETFILTER:
|
||||
return SECCLASS_NETLINK_NETFILTER_SOCKET;
|
||||
case NETLINK_DNRTMSG:
|
||||
return SECCLASS_NETLINK_DNRT_SOCKET;
|
||||
case NETLINK_KOBJECT_UEVENT:
|
||||
return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
|
||||
case NETLINK_GENERIC:
|
||||
return SECCLASS_NETLINK_GENERIC_SOCKET;
|
||||
case NETLINK_SCSITRANSPORT:
|
||||
return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
|
||||
case NETLINK_RDMA:
|
||||
return SECCLASS_NETLINK_RDMA_SOCKET;
|
||||
case NETLINK_CRYPTO:
|
||||
return SECCLASS_NETLINK_CRYPTO_SOCKET;
|
||||
default:
|
||||
return SECCLASS_NETLINK_SOCKET;
|
||||
}
|
||||
|
@ -1220,12 +1238,13 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
|
|||
return SECCLASS_SOCKET;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_PROC_FS
|
||||
static int selinux_proc_get_sid(struct dentry *dentry,
|
||||
u16 tclass,
|
||||
u32 *sid)
|
||||
static int selinux_genfs_get_sid(struct dentry *dentry,
|
||||
u16 tclass,
|
||||
u16 flags,
|
||||
u32 *sid)
|
||||
{
|
||||
int rc;
|
||||
struct super_block *sb = dentry->d_inode->i_sb;
|
||||
char *buffer, *path;
|
||||
|
||||
buffer = (char *)__get_free_page(GFP_KERNEL);
|
||||
|
@ -1236,26 +1255,20 @@ static int selinux_proc_get_sid(struct dentry *dentry,
|
|||
if (IS_ERR(path))
|
||||
rc = PTR_ERR(path);
|
||||
else {
|
||||
/* each process gets a /proc/PID/ entry. Strip off the
|
||||
* PID part to get a valid selinux labeling.
|
||||
* e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */
|
||||
while (path[1] >= '0' && path[1] <= '9') {
|
||||
path[1] = '/';
|
||||
path++;
|
||||
if (flags & SE_SBPROC) {
|
||||
/* each process gets a /proc/PID/ entry. Strip off the
|
||||
* PID part to get a valid selinux labeling.
|
||||
* e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */
|
||||
while (path[1] >= '0' && path[1] <= '9') {
|
||||
path[1] = '/';
|
||||
path++;
|
||||
}
|
||||
}
|
||||
rc = security_genfs_sid("proc", path, tclass, sid);
|
||||
rc = security_genfs_sid(sb->s_type->name, path, tclass, sid);
|
||||
}
|
||||
free_page((unsigned long)buffer);
|
||||
return rc;
|
||||
}
|
||||
#else
|
||||
static int selinux_proc_get_sid(struct dentry *dentry,
|
||||
u16 tclass,
|
||||
u32 *sid)
|
||||
{
|
||||
return -EINVAL;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* The inode's security attributes must be initialized before first use. */
|
||||
static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
|
||||
|
@ -1412,7 +1425,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
|||
/* Default to the fs superblock SID. */
|
||||
isec->sid = sbsec->sid;
|
||||
|
||||
if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
|
||||
if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
|
||||
/* We must have a dentry to determine the label on
|
||||
* procfs inodes */
|
||||
if (opt_dentry)
|
||||
|
@ -1435,7 +1448,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
|||
if (!dentry)
|
||||
goto out_unlock;
|
||||
isec->sclass = inode_mode_to_security_class(inode->i_mode);
|
||||
rc = selinux_proc_get_sid(dentry, isec->sclass, &sid);
|
||||
rc = selinux_genfs_get_sid(dentry, isec->sclass,
|
||||
sbsec->flags, &sid);
|
||||
dput(dentry);
|
||||
if (rc)
|
||||
goto out_unlock;
|
||||
|
@ -1990,12 +2004,6 @@ static int selinux_binder_transfer_file(struct task_struct *from,
|
|||
static int selinux_ptrace_access_check(struct task_struct *child,
|
||||
unsigned int mode)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_ptrace_access_check(child, mode);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
if (mode & PTRACE_MODE_READ) {
|
||||
u32 sid = current_sid();
|
||||
u32 csid = task_sid(child);
|
||||
|
@ -2007,25 +2015,13 @@ static int selinux_ptrace_access_check(struct task_struct *child,
|
|||
|
||||
static int selinux_ptrace_traceme(struct task_struct *parent)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_ptrace_traceme(parent);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
return task_has_perm(parent, current, PROCESS__PTRACE);
|
||||
}
|
||||
|
||||
static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
|
||||
kernel_cap_t *inheritable, kernel_cap_t *permitted)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = current_has_perm(target, PROCESS__GETCAP);
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
return cap_capget(target, effective, inheritable, permitted);
|
||||
return current_has_perm(target, PROCESS__GETCAP);
|
||||
}
|
||||
|
||||
static int selinux_capset(struct cred *new, const struct cred *old,
|
||||
|
@ -2033,13 +2029,6 @@ static int selinux_capset(struct cred *new, const struct cred *old,
|
|||
const kernel_cap_t *inheritable,
|
||||
const kernel_cap_t *permitted)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = cap_capset(new, old,
|
||||
effective, inheritable, permitted);
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
return cred_has_perm(old, new, PROCESS__SETCAP);
|
||||
}
|
||||
|
||||
|
@ -2056,12 +2045,6 @@ static int selinux_capset(struct cred *new, const struct cred *old,
|
|||
static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
|
||||
int cap, int audit)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_capable(cred, ns, cap, audit);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
return cred_has_capability(cred, cap, audit);
|
||||
}
|
||||
|
||||
|
@ -2139,12 +2122,12 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
|
|||
{
|
||||
int rc, cap_sys_admin = 0;
|
||||
|
||||
rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
|
||||
SECURITY_CAP_NOAUDIT);
|
||||
rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
|
||||
SECURITY_CAP_NOAUDIT);
|
||||
if (rc == 0)
|
||||
cap_sys_admin = 1;
|
||||
|
||||
return __vm_enough_memory(mm, pages, cap_sys_admin);
|
||||
return cap_sys_admin;
|
||||
}
|
||||
|
||||
/* binprm security operations */
|
||||
|
@ -2193,10 +2176,6 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
|
|||
struct inode *inode = file_inode(bprm->file);
|
||||
int rc;
|
||||
|
||||
rc = cap_bprm_set_creds(bprm);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
/* SELinux context only depends on initial program or script and not
|
||||
* the script interpreter */
|
||||
if (bprm->cred_prepared)
|
||||
|
@ -2320,7 +2299,7 @@ static int selinux_bprm_secureexec(struct linux_binprm *bprm)
|
|||
PROCESS__NOATSECURE, NULL);
|
||||
}
|
||||
|
||||
return (atsecure || cap_bprm_secureexec(bprm));
|
||||
return !!atsecure;
|
||||
}
|
||||
|
||||
static int match_file(const void *p, struct file *file, unsigned fd)
|
||||
|
@ -2451,10 +2430,12 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
|
|||
for (i = 0; i < 3; i++)
|
||||
do_setitimer(i, &itimer, NULL);
|
||||
spin_lock_irq(¤t->sighand->siglock);
|
||||
if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
|
||||
__flush_signals(current);
|
||||
if (!fatal_signal_pending(current)) {
|
||||
flush_sigqueue(¤t->pending);
|
||||
flush_sigqueue(¤t->signal->shared_pending);
|
||||
flush_signal_handlers(current, 1);
|
||||
sigemptyset(¤t->blocked);
|
||||
recalc_sigpending();
|
||||
}
|
||||
spin_unlock_irq(¤t->sighand->siglock);
|
||||
}
|
||||
|
@ -3144,8 +3125,11 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
|
|||
* and lack of permission just means that we fall back to the
|
||||
* in-core context value, not a denial.
|
||||
*/
|
||||
error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
|
||||
SECURITY_CAP_NOAUDIT);
|
||||
error = cap_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
|
||||
SECURITY_CAP_NOAUDIT);
|
||||
if (!error)
|
||||
error = cred_has_capability(current_cred(), CAP_MAC_ADMIN,
|
||||
SECURITY_CAP_NOAUDIT);
|
||||
if (!error)
|
||||
error = security_sid_to_context_force(isec->sid, &context,
|
||||
&size);
|
||||
|
@ -3330,12 +3314,7 @@ error:
|
|||
|
||||
static int selinux_mmap_addr(unsigned long addr)
|
||||
{
|
||||
int rc;
|
||||
|
||||
/* do DAC check on address space usage */
|
||||
rc = cap_mmap_addr(addr);
|
||||
if (rc)
|
||||
return rc;
|
||||
int rc = 0;
|
||||
|
||||
if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
|
||||
u32 sid = current_sid();
|
||||
|
@ -3651,23 +3630,11 @@ static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
|
|||
|
||||
static int selinux_task_setnice(struct task_struct *p, int nice)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_task_setnice(p, nice);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
return current_has_perm(p, PROCESS__SETSCHED);
|
||||
}
|
||||
|
||||
static int selinux_task_setioprio(struct task_struct *p, int ioprio)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_task_setioprio(p, ioprio);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
return current_has_perm(p, PROCESS__SETSCHED);
|
||||
}
|
||||
|
||||
|
@ -3693,12 +3660,6 @@ static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
|
|||
|
||||
static int selinux_task_setscheduler(struct task_struct *p)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_task_setscheduler(p);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
return current_has_perm(p, PROCESS__SETSCHED);
|
||||
}
|
||||
|
||||
|
@ -4780,8 +4741,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
|
|||
if (err == -EINVAL) {
|
||||
printk(KERN_WARNING
|
||||
"SELinux: unrecognized netlink message:"
|
||||
" protocol=%hu nlmsg_type=%hu sclass=%hu\n",
|
||||
sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
|
||||
" protocol=%hu nlmsg_type=%hu sclass=%s\n",
|
||||
sk->sk_protocol, nlh->nlmsg_type,
|
||||
secclass_map[sksec->sclass - 1].name);
|
||||
if (!selinux_enforcing || security_get_allow_unknown())
|
||||
err = 0;
|
||||
}
|
||||
|
@ -5109,12 +5071,6 @@ static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,
|
|||
|
||||
static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
|
||||
{
|
||||
int err;
|
||||
|
||||
err = cap_netlink_send(sk, skb);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
return selinux_nlmsg_perm(sk, skb);
|
||||
}
|
||||
|
||||
|
@ -5852,218 +5808,220 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
|
|||
|
||||
#endif
|
||||
|
||||
static struct security_operations selinux_ops = {
|
||||
.name = "selinux",
|
||||
static struct security_hook_list selinux_hooks[] = {
|
||||
LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
|
||||
LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
|
||||
LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
|
||||
LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
|
||||
|
||||
.binder_set_context_mgr = selinux_binder_set_context_mgr,
|
||||
.binder_transaction = selinux_binder_transaction,
|
||||
.binder_transfer_binder = selinux_binder_transfer_binder,
|
||||
.binder_transfer_file = selinux_binder_transfer_file,
|
||||
LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
|
||||
LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
|
||||
LSM_HOOK_INIT(capget, selinux_capget),
|
||||
LSM_HOOK_INIT(capset, selinux_capset),
|
||||
LSM_HOOK_INIT(capable, selinux_capable),
|
||||
LSM_HOOK_INIT(quotactl, selinux_quotactl),
|
||||
LSM_HOOK_INIT(quota_on, selinux_quota_on),
|
||||
LSM_HOOK_INIT(syslog, selinux_syslog),
|
||||
LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
|
||||
|
||||
.ptrace_access_check = selinux_ptrace_access_check,
|
||||
.ptrace_traceme = selinux_ptrace_traceme,
|
||||
.capget = selinux_capget,
|
||||
.capset = selinux_capset,
|
||||
.capable = selinux_capable,
|
||||
.quotactl = selinux_quotactl,
|
||||
.quota_on = selinux_quota_on,
|
||||
.syslog = selinux_syslog,
|
||||
.vm_enough_memory = selinux_vm_enough_memory,
|
||||
LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
|
||||
|
||||
.netlink_send = selinux_netlink_send,
|
||||
LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
|
||||
LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
|
||||
LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
|
||||
LSM_HOOK_INIT(bprm_secureexec, selinux_bprm_secureexec),
|
||||
|
||||
.bprm_set_creds = selinux_bprm_set_creds,
|
||||
.bprm_committing_creds = selinux_bprm_committing_creds,
|
||||
.bprm_committed_creds = selinux_bprm_committed_creds,
|
||||
.bprm_secureexec = selinux_bprm_secureexec,
|
||||
LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
|
||||
LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
|
||||
LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data),
|
||||
LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
|
||||
LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
|
||||
LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
|
||||
LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
|
||||
LSM_HOOK_INIT(sb_mount, selinux_mount),
|
||||
LSM_HOOK_INIT(sb_umount, selinux_umount),
|
||||
LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
|
||||
LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
|
||||
LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str),
|
||||
|
||||
.sb_alloc_security = selinux_sb_alloc_security,
|
||||
.sb_free_security = selinux_sb_free_security,
|
||||
.sb_copy_data = selinux_sb_copy_data,
|
||||
.sb_remount = selinux_sb_remount,
|
||||
.sb_kern_mount = selinux_sb_kern_mount,
|
||||
.sb_show_options = selinux_sb_show_options,
|
||||
.sb_statfs = selinux_sb_statfs,
|
||||
.sb_mount = selinux_mount,
|
||||
.sb_umount = selinux_umount,
|
||||
.sb_set_mnt_opts = selinux_set_mnt_opts,
|
||||
.sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
|
||||
.sb_parse_opts_str = selinux_parse_opts_str,
|
||||
LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
|
||||
|
||||
.dentry_init_security = selinux_dentry_init_security,
|
||||
LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
|
||||
LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
|
||||
LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
|
||||
LSM_HOOK_INIT(inode_create, selinux_inode_create),
|
||||
LSM_HOOK_INIT(inode_link, selinux_inode_link),
|
||||
LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
|
||||
LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
|
||||
LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
|
||||
LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
|
||||
LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
|
||||
LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
|
||||
LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
|
||||
LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
|
||||
LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
|
||||
LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
|
||||
LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
|
||||
LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
|
||||
LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
|
||||
LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
|
||||
LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
|
||||
LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
|
||||
LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
|
||||
LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
|
||||
LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
|
||||
LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
|
||||
|
||||
.inode_alloc_security = selinux_inode_alloc_security,
|
||||
.inode_free_security = selinux_inode_free_security,
|
||||
.inode_init_security = selinux_inode_init_security,
|
||||
.inode_create = selinux_inode_create,
|
||||
.inode_link = selinux_inode_link,
|
||||
.inode_unlink = selinux_inode_unlink,
|
||||
.inode_symlink = selinux_inode_symlink,
|
||||
.inode_mkdir = selinux_inode_mkdir,
|
||||
.inode_rmdir = selinux_inode_rmdir,
|
||||
.inode_mknod = selinux_inode_mknod,
|
||||
.inode_rename = selinux_inode_rename,
|
||||
.inode_readlink = selinux_inode_readlink,
|
||||
.inode_follow_link = selinux_inode_follow_link,
|
||||
.inode_permission = selinux_inode_permission,
|
||||
.inode_setattr = selinux_inode_setattr,
|
||||
.inode_getattr = selinux_inode_getattr,
|
||||
.inode_setxattr = selinux_inode_setxattr,
|
||||
.inode_post_setxattr = selinux_inode_post_setxattr,
|
||||
.inode_getxattr = selinux_inode_getxattr,
|
||||
.inode_listxattr = selinux_inode_listxattr,
|
||||
.inode_removexattr = selinux_inode_removexattr,
|
||||
.inode_getsecurity = selinux_inode_getsecurity,
|
||||
.inode_setsecurity = selinux_inode_setsecurity,
|
||||
.inode_listsecurity = selinux_inode_listsecurity,
|
||||
.inode_getsecid = selinux_inode_getsecid,
|
||||
LSM_HOOK_INIT(file_permission, selinux_file_permission),
|
||||
LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
|
||||
LSM_HOOK_INIT(file_free_security, selinux_file_free_security),
|
||||
LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
|
||||
LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
|
||||
LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
|
||||
LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
|
||||
LSM_HOOK_INIT(file_lock, selinux_file_lock),
|
||||
LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
|
||||
LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
|
||||
LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
|
||||
LSM_HOOK_INIT(file_receive, selinux_file_receive),
|
||||
|
||||
.file_permission = selinux_file_permission,
|
||||
.file_alloc_security = selinux_file_alloc_security,
|
||||
.file_free_security = selinux_file_free_security,
|
||||
.file_ioctl = selinux_file_ioctl,
|
||||
.mmap_file = selinux_mmap_file,
|
||||
.mmap_addr = selinux_mmap_addr,
|
||||
.file_mprotect = selinux_file_mprotect,
|
||||
.file_lock = selinux_file_lock,
|
||||
.file_fcntl = selinux_file_fcntl,
|
||||
.file_set_fowner = selinux_file_set_fowner,
|
||||
.file_send_sigiotask = selinux_file_send_sigiotask,
|
||||
.file_receive = selinux_file_receive,
|
||||
LSM_HOOK_INIT(file_open, selinux_file_open),
|
||||
|
||||
.file_open = selinux_file_open,
|
||||
LSM_HOOK_INIT(task_create, selinux_task_create),
|
||||
LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank),
|
||||
LSM_HOOK_INIT(cred_free, selinux_cred_free),
|
||||
LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
|
||||
LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
|
||||
LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
|
||||
LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
|
||||
LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
|
||||
LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
|
||||
LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
|
||||
LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
|
||||
LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid),
|
||||
LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
|
||||
LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
|
||||
LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
|
||||
LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
|
||||
LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
|
||||
LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
|
||||
LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
|
||||
LSM_HOOK_INIT(task_kill, selinux_task_kill),
|
||||
LSM_HOOK_INIT(task_wait, selinux_task_wait),
|
||||
LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
|
||||
|
||||
.task_create = selinux_task_create,
|
||||
.cred_alloc_blank = selinux_cred_alloc_blank,
|
||||
.cred_free = selinux_cred_free,
|
||||
.cred_prepare = selinux_cred_prepare,
|
||||
.cred_transfer = selinux_cred_transfer,
|
||||
.kernel_act_as = selinux_kernel_act_as,
|
||||
.kernel_create_files_as = selinux_kernel_create_files_as,
|
||||
.kernel_module_request = selinux_kernel_module_request,
|
||||
.task_setpgid = selinux_task_setpgid,
|
||||
.task_getpgid = selinux_task_getpgid,
|
||||
.task_getsid = selinux_task_getsid,
|
||||
.task_getsecid = selinux_task_getsecid,
|
||||
.task_setnice = selinux_task_setnice,
|
||||
.task_setioprio = selinux_task_setioprio,
|
||||
.task_getioprio = selinux_task_getioprio,
|
||||
.task_setrlimit = selinux_task_setrlimit,
|
||||
.task_setscheduler = selinux_task_setscheduler,
|
||||
.task_getscheduler = selinux_task_getscheduler,
|
||||
.task_movememory = selinux_task_movememory,
|
||||
.task_kill = selinux_task_kill,
|
||||
.task_wait = selinux_task_wait,
|
||||
.task_to_inode = selinux_task_to_inode,
|
||||
LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
|
||||
LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
|
||||
|
||||
.ipc_permission = selinux_ipc_permission,
|
||||
.ipc_getsecid = selinux_ipc_getsecid,
|
||||
LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
|
||||
LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security),
|
||||
|
||||
.msg_msg_alloc_security = selinux_msg_msg_alloc_security,
|
||||
.msg_msg_free_security = selinux_msg_msg_free_security,
|
||||
LSM_HOOK_INIT(msg_queue_alloc_security,
|
||||
selinux_msg_queue_alloc_security),
|
||||
LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security),
|
||||
LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
|
||||
LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
|
||||
LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
|
||||
LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
|
||||
|
||||
.msg_queue_alloc_security = selinux_msg_queue_alloc_security,
|
||||
.msg_queue_free_security = selinux_msg_queue_free_security,
|
||||
.msg_queue_associate = selinux_msg_queue_associate,
|
||||
.msg_queue_msgctl = selinux_msg_queue_msgctl,
|
||||
.msg_queue_msgsnd = selinux_msg_queue_msgsnd,
|
||||
.msg_queue_msgrcv = selinux_msg_queue_msgrcv,
|
||||
LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
|
||||
LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security),
|
||||
LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
|
||||
LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
|
||||
LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
|
||||
|
||||
.shm_alloc_security = selinux_shm_alloc_security,
|
||||
.shm_free_security = selinux_shm_free_security,
|
||||
.shm_associate = selinux_shm_associate,
|
||||
.shm_shmctl = selinux_shm_shmctl,
|
||||
.shm_shmat = selinux_shm_shmat,
|
||||
LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
|
||||
LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security),
|
||||
LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
|
||||
LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
|
||||
LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
|
||||
|
||||
.sem_alloc_security = selinux_sem_alloc_security,
|
||||
.sem_free_security = selinux_sem_free_security,
|
||||
.sem_associate = selinux_sem_associate,
|
||||
.sem_semctl = selinux_sem_semctl,
|
||||
.sem_semop = selinux_sem_semop,
|
||||
LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
|
||||
|
||||
.d_instantiate = selinux_d_instantiate,
|
||||
LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
|
||||
LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
|
||||
|
||||
.getprocattr = selinux_getprocattr,
|
||||
.setprocattr = selinux_setprocattr,
|
||||
LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
|
||||
LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
|
||||
LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
|
||||
LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
|
||||
LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
|
||||
LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
|
||||
LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
|
||||
|
||||
.ismaclabel = selinux_ismaclabel,
|
||||
.secid_to_secctx = selinux_secid_to_secctx,
|
||||
.secctx_to_secid = selinux_secctx_to_secid,
|
||||
.release_secctx = selinux_release_secctx,
|
||||
.inode_notifysecctx = selinux_inode_notifysecctx,
|
||||
.inode_setsecctx = selinux_inode_setsecctx,
|
||||
.inode_getsecctx = selinux_inode_getsecctx,
|
||||
LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
|
||||
LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
|
||||
|
||||
.unix_stream_connect = selinux_socket_unix_stream_connect,
|
||||
.unix_may_send = selinux_socket_unix_may_send,
|
||||
|
||||
.socket_create = selinux_socket_create,
|
||||
.socket_post_create = selinux_socket_post_create,
|
||||
.socket_bind = selinux_socket_bind,
|
||||
.socket_connect = selinux_socket_connect,
|
||||
.socket_listen = selinux_socket_listen,
|
||||
.socket_accept = selinux_socket_accept,
|
||||
.socket_sendmsg = selinux_socket_sendmsg,
|
||||
.socket_recvmsg = selinux_socket_recvmsg,
|
||||
.socket_getsockname = selinux_socket_getsockname,
|
||||
.socket_getpeername = selinux_socket_getpeername,
|
||||
.socket_getsockopt = selinux_socket_getsockopt,
|
||||
.socket_setsockopt = selinux_socket_setsockopt,
|
||||
.socket_shutdown = selinux_socket_shutdown,
|
||||
.socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
|
||||
.socket_getpeersec_stream = selinux_socket_getpeersec_stream,
|
||||
.socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
|
||||
.sk_alloc_security = selinux_sk_alloc_security,
|
||||
.sk_free_security = selinux_sk_free_security,
|
||||
.sk_clone_security = selinux_sk_clone_security,
|
||||
.sk_getsecid = selinux_sk_getsecid,
|
||||
.sock_graft = selinux_sock_graft,
|
||||
.inet_conn_request = selinux_inet_conn_request,
|
||||
.inet_csk_clone = selinux_inet_csk_clone,
|
||||
.inet_conn_established = selinux_inet_conn_established,
|
||||
.secmark_relabel_packet = selinux_secmark_relabel_packet,
|
||||
.secmark_refcount_inc = selinux_secmark_refcount_inc,
|
||||
.secmark_refcount_dec = selinux_secmark_refcount_dec,
|
||||
.req_classify_flow = selinux_req_classify_flow,
|
||||
.tun_dev_alloc_security = selinux_tun_dev_alloc_security,
|
||||
.tun_dev_free_security = selinux_tun_dev_free_security,
|
||||
.tun_dev_create = selinux_tun_dev_create,
|
||||
.tun_dev_attach_queue = selinux_tun_dev_attach_queue,
|
||||
.tun_dev_attach = selinux_tun_dev_attach,
|
||||
.tun_dev_open = selinux_tun_dev_open,
|
||||
LSM_HOOK_INIT(socket_create, selinux_socket_create),
|
||||
LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
|
||||
LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
|
||||
LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
|
||||
LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
|
||||
LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
|
||||
LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
|
||||
LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
|
||||
LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
|
||||
LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
|
||||
LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
|
||||
LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
|
||||
LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
|
||||
LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
|
||||
LSM_HOOK_INIT(socket_getpeersec_stream,
|
||||
selinux_socket_getpeersec_stream),
|
||||
LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
|
||||
LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
|
||||
LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
|
||||
LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
|
||||
LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
|
||||
LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
|
||||
LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
|
||||
LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
|
||||
LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
|
||||
LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
|
||||
LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
|
||||
LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
|
||||
LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
|
||||
LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
|
||||
LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
|
||||
LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
|
||||
LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
|
||||
LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
|
||||
LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
|
||||
|
||||
#ifdef CONFIG_SECURITY_NETWORK_XFRM
|
||||
.xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
|
||||
.xfrm_policy_clone_security = selinux_xfrm_policy_clone,
|
||||
.xfrm_policy_free_security = selinux_xfrm_policy_free,
|
||||
.xfrm_policy_delete_security = selinux_xfrm_policy_delete,
|
||||
.xfrm_state_alloc = selinux_xfrm_state_alloc,
|
||||
.xfrm_state_alloc_acquire = selinux_xfrm_state_alloc_acquire,
|
||||
.xfrm_state_free_security = selinux_xfrm_state_free,
|
||||
.xfrm_state_delete_security = selinux_xfrm_state_delete,
|
||||
.xfrm_policy_lookup = selinux_xfrm_policy_lookup,
|
||||
.xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
|
||||
.xfrm_decode_session = selinux_xfrm_decode_session,
|
||||
LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
|
||||
LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
|
||||
LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
|
||||
LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
|
||||
LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
|
||||
LSM_HOOK_INIT(xfrm_state_alloc_acquire,
|
||||
selinux_xfrm_state_alloc_acquire),
|
||||
LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
|
||||
LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
|
||||
LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
|
||||
LSM_HOOK_INIT(xfrm_state_pol_flow_match,
|
||||
selinux_xfrm_state_pol_flow_match),
|
||||
LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_KEYS
|
||||
.key_alloc = selinux_key_alloc,
|
||||
.key_free = selinux_key_free,
|
||||
.key_permission = selinux_key_permission,
|
||||
.key_getsecurity = selinux_key_getsecurity,
|
||||
LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
|
||||
LSM_HOOK_INIT(key_free, selinux_key_free),
|
||||
LSM_HOOK_INIT(key_permission, selinux_key_permission),
|
||||
LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_AUDIT
|
||||
.audit_rule_init = selinux_audit_rule_init,
|
||||
.audit_rule_known = selinux_audit_rule_known,
|
||||
.audit_rule_match = selinux_audit_rule_match,
|
||||
.audit_rule_free = selinux_audit_rule_free,
|
||||
LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
|
||||
LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
|
||||
LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
|
||||
LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
|
||||
#endif
|
||||
};
|
||||
|
||||
static __init int selinux_init(void)
|
||||
{
|
||||
if (!security_module_enable(&selinux_ops)) {
|
||||
if (!security_module_enable("selinux")) {
|
||||
selinux_enabled = 0;
|
||||
return 0;
|
||||
}
|
||||
|
@ -6085,8 +6043,7 @@ static __init int selinux_init(void)
|
|||
0, SLAB_PANIC, NULL);
|
||||
avc_init();
|
||||
|
||||
if (register_security(&selinux_ops))
|
||||
panic("SELinux: Unable to register with kernel.\n");
|
||||
security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
|
||||
|
||||
if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
|
||||
panic("SELinux: Unable to register AVC netcache callback\n");
|
||||
|
@ -6214,7 +6171,7 @@ int selinux_disable(void)
|
|||
selinux_disabled = 1;
|
||||
selinux_enabled = 0;
|
||||
|
||||
reset_security_ops();
|
||||
security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
|
||||
|
||||
/* Try to destroy the avc node cache */
|
||||
avc_disable();
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
"getattr", "setattr", "lock", "relabelfrom", "relabelto", "append"
|
||||
|
||||
#define COMMON_FILE_PERMS COMMON_FILE_SOCK_PERMS, "unlink", "link", \
|
||||
"rename", "execute", "swapon", "quotaon", "mounton", "audit_access", \
|
||||
"rename", "execute", "quotaon", "mounton", "audit_access", \
|
||||
"open", "execmod"
|
||||
|
||||
#define COMMON_SOCK_PERMS COMMON_FILE_SOCK_PERMS, "bind", "connect", \
|
||||
"listen", "accept", "getopt", "setopt", "shutdown", "recvfrom", \
|
||||
"sendto", "recv_msg", "send_msg", "name_bind"
|
||||
"sendto", "name_bind"
|
||||
|
||||
#define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \
|
||||
"write", "associate", "unix_read", "unix_write"
|
||||
|
@ -44,7 +44,7 @@ struct security_class_mapping secclass_map[] = {
|
|||
"audit_control", "setfcap", NULL } },
|
||||
{ "filesystem",
|
||||
{ "mount", "remount", "unmount", "getattr",
|
||||
"relabelfrom", "relabelto", "transition", "associate", "quotamod",
|
||||
"relabelfrom", "relabelto", "associate", "quotamod",
|
||||
"quotaget", NULL } },
|
||||
{ "file",
|
||||
{ COMMON_FILE_PERMS,
|
||||
|
@ -67,7 +67,7 @@ struct security_class_mapping secclass_map[] = {
|
|||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "tcp_socket",
|
||||
{ COMMON_SOCK_PERMS,
|
||||
"connectto", "newconn", "acceptfrom", "node_bind", "name_connect",
|
||||
"node_bind", "name_connect",
|
||||
NULL } },
|
||||
{ "udp_socket",
|
||||
{ COMMON_SOCK_PERMS,
|
||||
|
@ -76,13 +76,9 @@ struct security_class_mapping secclass_map[] = {
|
|||
{ COMMON_SOCK_PERMS,
|
||||
"node_bind", NULL } },
|
||||
{ "node",
|
||||
{ "tcp_recv", "tcp_send", "udp_recv", "udp_send",
|
||||
"rawip_recv", "rawip_send", "enforce_dest",
|
||||
"dccp_recv", "dccp_send", "recvfrom", "sendto", NULL } },
|
||||
{ "recvfrom", "sendto", NULL } },
|
||||
{ "netif",
|
||||
{ "tcp_recv", "tcp_send", "udp_recv", "udp_send",
|
||||
"rawip_recv", "rawip_send", "dccp_recv", "dccp_send",
|
||||
"ingress", "egress", NULL } },
|
||||
{ "ingress", "egress", NULL } },
|
||||
{ "netlink_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "packet_socket",
|
||||
|
@ -90,11 +86,9 @@ struct security_class_mapping secclass_map[] = {
|
|||
{ "key_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "unix_stream_socket",
|
||||
{ COMMON_SOCK_PERMS, "connectto", "newconn", "acceptfrom", NULL
|
||||
} },
|
||||
{ COMMON_SOCK_PERMS, "connectto", NULL } },
|
||||
{ "unix_dgram_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL
|
||||
} },
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "sem",
|
||||
{ COMMON_IPC_PERMS, NULL } },
|
||||
{ "msg", { "send", "receive", NULL } },
|
||||
|
@ -107,9 +101,6 @@ struct security_class_mapping secclass_map[] = {
|
|||
{ "netlink_route_socket",
|
||||
{ COMMON_SOCK_PERMS,
|
||||
"nlmsg_read", "nlmsg_write", NULL } },
|
||||
{ "netlink_firewall_socket",
|
||||
{ COMMON_SOCK_PERMS,
|
||||
"nlmsg_read", "nlmsg_write", NULL } },
|
||||
{ "netlink_tcpdiag_socket",
|
||||
{ COMMON_SOCK_PERMS,
|
||||
"nlmsg_read", "nlmsg_write", NULL } },
|
||||
|
@ -120,19 +111,32 @@ struct security_class_mapping secclass_map[] = {
|
|||
"nlmsg_read", "nlmsg_write", NULL } },
|
||||
{ "netlink_selinux_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "netlink_iscsi_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "netlink_audit_socket",
|
||||
{ COMMON_SOCK_PERMS,
|
||||
"nlmsg_read", "nlmsg_write", "nlmsg_relay", "nlmsg_readpriv",
|
||||
"nlmsg_tty_audit", NULL } },
|
||||
{ "netlink_ip6fw_socket",
|
||||
{ COMMON_SOCK_PERMS,
|
||||
"nlmsg_read", "nlmsg_write", NULL } },
|
||||
{ "netlink_fib_lookup_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "netlink_connector_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "netlink_netfilter_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "netlink_dnrt_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "association",
|
||||
{ "sendto", "recvfrom", "setcontext", "polmatch", NULL } },
|
||||
{ "netlink_kobject_uevent_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "netlink_generic_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "netlink_scsitransport_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "netlink_rdma_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "netlink_crypto_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "appletalk_socket",
|
||||
{ COMMON_SOCK_PERMS, NULL } },
|
||||
{ "packet",
|
||||
|
|
|
@ -56,6 +56,7 @@
|
|||
/* Non-mount related flags */
|
||||
#define SE_SBINITIALIZED 0x0100
|
||||
#define SE_SBPROC 0x0200
|
||||
#define SE_SBGENFS 0x0400
|
||||
|
||||
#define CONTEXT_STR "context="
|
||||
#define FSCONTEXT_STR "fscontext="
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
#include <linux/capability.h>
|
||||
#include <linux/spinlock.h>
|
||||
#include <linux/security.h>
|
||||
#include <linux/lsm_hooks.h>
|
||||
#include <linux/in.h>
|
||||
#include <net/netlabel.h>
|
||||
#include <linux/list.h>
|
||||
|
@ -138,6 +138,11 @@ struct smk_port_label {
|
|||
struct smack_known *smk_out; /* outgoing label */
|
||||
};
|
||||
|
||||
struct smack_onlycap {
|
||||
struct list_head list;
|
||||
struct smack_known *smk_label;
|
||||
};
|
||||
|
||||
/*
|
||||
* Mount options
|
||||
*/
|
||||
|
@ -249,6 +254,7 @@ int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int);
|
|||
struct smack_known *smk_import_entry(const char *, int);
|
||||
void smk_insert_entry(struct smack_known *skp);
|
||||
struct smack_known *smk_find_entry(const char *);
|
||||
int smack_privileged(int cap);
|
||||
|
||||
/*
|
||||
* Shared data.
|
||||
|
@ -257,7 +263,6 @@ extern int smack_enabled;
|
|||
extern int smack_cipso_direct;
|
||||
extern int smack_cipso_mapped;
|
||||
extern struct smack_known *smack_net_ambient;
|
||||
extern struct smack_known *smack_onlycap;
|
||||
extern struct smack_known *smack_syslog_label;
|
||||
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
|
||||
extern struct smack_known *smack_unconfined;
|
||||
|
@ -276,7 +281,8 @@ extern struct mutex smack_known_lock;
|
|||
extern struct list_head smack_known_list;
|
||||
extern struct list_head smk_netlbladdr_list;
|
||||
|
||||
extern struct security_operations smack_ops;
|
||||
extern struct mutex smack_onlycap_lock;
|
||||
extern struct list_head smack_onlycap_list;
|
||||
|
||||
#define SMACK_HASH_SLOTS 16
|
||||
extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
|
||||
|
@ -333,21 +339,6 @@ static inline struct smack_known *smk_of_current(void)
|
|||
return smk_of_task(current_security());
|
||||
}
|
||||
|
||||
/*
|
||||
* Is the task privileged and allowed to be privileged
|
||||
* by the onlycap rule.
|
||||
*/
|
||||
static inline int smack_privileged(int cap)
|
||||
{
|
||||
struct smack_known *skp = smk_of_current();
|
||||
|
||||
if (!capable(cap))
|
||||
return 0;
|
||||
if (smack_onlycap == NULL || smack_onlycap == skp)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* logging functions
|
||||
*/
|
||||
|
|
|
@ -425,7 +425,7 @@ void smk_insert_entry(struct smack_known *skp)
|
|||
* @string: a text string that might be a Smack label
|
||||
*
|
||||
* Returns a pointer to the entry in the label list that
|
||||
* matches the passed string.
|
||||
* matches the passed string or NULL if not found.
|
||||
*/
|
||||
struct smack_known *smk_find_entry(const char *string)
|
||||
{
|
||||
|
@ -448,7 +448,7 @@ struct smack_known *smk_find_entry(const char *string)
|
|||
* @string: a text string that might contain a Smack label
|
||||
* @len: the maximum size, or zero if it is NULL terminated.
|
||||
*
|
||||
* Returns a pointer to the clean label, or NULL
|
||||
* Returns a pointer to the clean label or an error code.
|
||||
*/
|
||||
char *smk_parse_smack(const char *string, int len)
|
||||
{
|
||||
|
@ -464,7 +464,7 @@ char *smk_parse_smack(const char *string, int len)
|
|||
* including /smack/cipso and /smack/cipso2
|
||||
*/
|
||||
if (string[0] == '-')
|
||||
return NULL;
|
||||
return ERR_PTR(-EINVAL);
|
||||
|
||||
for (i = 0; i < len; i++)
|
||||
if (string[i] > '~' || string[i] <= ' ' || string[i] == '/' ||
|
||||
|
@ -472,11 +472,13 @@ char *smk_parse_smack(const char *string, int len)
|
|||
break;
|
||||
|
||||
if (i == 0 || i >= SMK_LONGLABEL)
|
||||
return NULL;
|
||||
return ERR_PTR(-EINVAL);
|
||||
|
||||
smack = kzalloc(i + 1, GFP_KERNEL);
|
||||
if (smack != NULL)
|
||||
strncpy(smack, string, i);
|
||||
if (smack == NULL)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
||||
strncpy(smack, string, i);
|
||||
|
||||
return smack;
|
||||
}
|
||||
|
@ -523,7 +525,8 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
|
|||
* @len: the maximum size, or zero if it is NULL terminated.
|
||||
*
|
||||
* Returns a pointer to the entry in the label list that
|
||||
* matches the passed string, adding it if necessary.
|
||||
* matches the passed string, adding it if necessary,
|
||||
* or an error code.
|
||||
*/
|
||||
struct smack_known *smk_import_entry(const char *string, int len)
|
||||
{
|
||||
|
@ -533,8 +536,8 @@ struct smack_known *smk_import_entry(const char *string, int len)
|
|||
int rc;
|
||||
|
||||
smack = smk_parse_smack(string, len);
|
||||
if (smack == NULL)
|
||||
return NULL;
|
||||
if (IS_ERR(smack))
|
||||
return ERR_CAST(smack);
|
||||
|
||||
mutex_lock(&smack_known_lock);
|
||||
|
||||
|
@ -543,8 +546,10 @@ struct smack_known *smk_import_entry(const char *string, int len)
|
|||
goto freeout;
|
||||
|
||||
skp = kzalloc(sizeof(*skp), GFP_KERNEL);
|
||||
if (skp == NULL)
|
||||
if (skp == NULL) {
|
||||
skp = ERR_PTR(-ENOMEM);
|
||||
goto freeout;
|
||||
}
|
||||
|
||||
skp->smk_known = smack;
|
||||
skp->smk_secid = smack_next_secid++;
|
||||
|
@ -577,7 +582,7 @@ struct smack_known *smk_import_entry(const char *string, int len)
|
|||
* smk_netlbl_mls failed.
|
||||
*/
|
||||
kfree(skp);
|
||||
skp = NULL;
|
||||
skp = ERR_PTR(rc);
|
||||
freeout:
|
||||
kfree(smack);
|
||||
unlockout:
|
||||
|
@ -612,3 +617,44 @@ struct smack_known *smack_from_secid(const u32 secid)
|
|||
rcu_read_unlock();
|
||||
return &smack_known_invalid;
|
||||
}
|
||||
|
||||
/*
|
||||
* Unless a process is running with one of these labels
|
||||
* even having CAP_MAC_OVERRIDE isn't enough to grant
|
||||
* privilege to violate MAC policy. If no labels are
|
||||
* designated (the empty list case) capabilities apply to
|
||||
* everyone.
|
||||
*/
|
||||
LIST_HEAD(smack_onlycap_list);
|
||||
DEFINE_MUTEX(smack_onlycap_lock);
|
||||
|
||||
/*
|
||||
* Is the task privileged and allowed to be privileged
|
||||
* by the onlycap rule.
|
||||
*
|
||||
* Returns 1 if the task is allowed to be privileged, 0 if it's not.
|
||||
*/
|
||||
int smack_privileged(int cap)
|
||||
{
|
||||
struct smack_known *skp = smk_of_current();
|
||||
struct smack_onlycap *sop;
|
||||
|
||||
if (!capable(cap))
|
||||
return 0;
|
||||
|
||||
rcu_read_lock();
|
||||
if (list_empty(&smack_onlycap_list)) {
|
||||
rcu_read_unlock();
|
||||
return 1;
|
||||
}
|
||||
|
||||
list_for_each_entry_rcu(sop, &smack_onlycap_list, list) {
|
||||
if (sop->smk_label == skp) {
|
||||
rcu_read_unlock();
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
rcu_read_unlock();
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -245,8 +245,8 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file,
|
|||
* @ip: a pointer to the inode
|
||||
* @dp: a pointer to the dentry
|
||||
*
|
||||
* Returns a pointer to the master list entry for the Smack label
|
||||
* or NULL if there was no label to fetch.
|
||||
* Returns a pointer to the master list entry for the Smack label,
|
||||
* NULL if there was no label to fetch, or an error code.
|
||||
*/
|
||||
static struct smack_known *smk_fetch(const char *name, struct inode *ip,
|
||||
struct dentry *dp)
|
||||
|
@ -256,14 +256,18 @@ static struct smack_known *smk_fetch(const char *name, struct inode *ip,
|
|||
struct smack_known *skp = NULL;
|
||||
|
||||
if (ip->i_op->getxattr == NULL)
|
||||
return NULL;
|
||||
return ERR_PTR(-EOPNOTSUPP);
|
||||
|
||||
buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
|
||||
if (buffer == NULL)
|
||||
return NULL;
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
||||
rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
|
||||
if (rc > 0)
|
||||
if (rc < 0)
|
||||
skp = ERR_PTR(rc);
|
||||
else if (rc == 0)
|
||||
skp = NULL;
|
||||
else
|
||||
skp = smk_import_entry(buffer, rc);
|
||||
|
||||
kfree(buffer);
|
||||
|
@ -436,17 +440,11 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
|
|||
*/
|
||||
static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
|
||||
{
|
||||
int rc;
|
||||
struct smack_known *skp;
|
||||
|
||||
rc = cap_ptrace_access_check(ctp, mode);
|
||||
if (rc != 0)
|
||||
return rc;
|
||||
|
||||
skp = smk_of_task_struct(ctp);
|
||||
|
||||
rc = smk_ptrace_rule_check(current, skp, mode, __func__);
|
||||
return rc;
|
||||
return smk_ptrace_rule_check(current, skp, mode, __func__);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -462,10 +460,6 @@ static int smack_ptrace_traceme(struct task_struct *ptp)
|
|||
int rc;
|
||||
struct smack_known *skp;
|
||||
|
||||
rc = cap_ptrace_traceme(ptp);
|
||||
if (rc != 0)
|
||||
return rc;
|
||||
|
||||
skp = smk_of_task(current_security());
|
||||
|
||||
rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
|
||||
|
@ -615,40 +609,44 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
|
|||
if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
|
||||
op += strlen(SMK_FSHAT);
|
||||
skp = smk_import_entry(op, 0);
|
||||
if (skp != NULL) {
|
||||
sp->smk_hat = skp;
|
||||
specified = 1;
|
||||
}
|
||||
if (IS_ERR(skp))
|
||||
return PTR_ERR(skp);
|
||||
sp->smk_hat = skp;
|
||||
specified = 1;
|
||||
|
||||
} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
|
||||
op += strlen(SMK_FSFLOOR);
|
||||
skp = smk_import_entry(op, 0);
|
||||
if (skp != NULL) {
|
||||
sp->smk_floor = skp;
|
||||
specified = 1;
|
||||
}
|
||||
if (IS_ERR(skp))
|
||||
return PTR_ERR(skp);
|
||||
sp->smk_floor = skp;
|
||||
specified = 1;
|
||||
|
||||
} else if (strncmp(op, SMK_FSDEFAULT,
|
||||
strlen(SMK_FSDEFAULT)) == 0) {
|
||||
op += strlen(SMK_FSDEFAULT);
|
||||
skp = smk_import_entry(op, 0);
|
||||
if (skp != NULL) {
|
||||
sp->smk_default = skp;
|
||||
specified = 1;
|
||||
}
|
||||
if (IS_ERR(skp))
|
||||
return PTR_ERR(skp);
|
||||
sp->smk_default = skp;
|
||||
specified = 1;
|
||||
|
||||
} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
|
||||
op += strlen(SMK_FSROOT);
|
||||
skp = smk_import_entry(op, 0);
|
||||
if (skp != NULL) {
|
||||
sp->smk_root = skp;
|
||||
specified = 1;
|
||||
}
|
||||
if (IS_ERR(skp))
|
||||
return PTR_ERR(skp);
|
||||
sp->smk_root = skp;
|
||||
specified = 1;
|
||||
|
||||
} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
|
||||
op += strlen(SMK_FSTRANS);
|
||||
skp = smk_import_entry(op, 0);
|
||||
if (skp != NULL) {
|
||||
sp->smk_root = skp;
|
||||
transmute = 1;
|
||||
specified = 1;
|
||||
}
|
||||
if (IS_ERR(skp))
|
||||
return PTR_ERR(skp);
|
||||
sp->smk_root = skp;
|
||||
transmute = 1;
|
||||
specified = 1;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -721,10 +719,6 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm)
|
|||
struct inode_smack *isp;
|
||||
int rc;
|
||||
|
||||
rc = cap_bprm_set_creds(bprm);
|
||||
if (rc != 0)
|
||||
return rc;
|
||||
|
||||
if (bprm->cred_prepared)
|
||||
return 0;
|
||||
|
||||
|
@ -779,12 +773,11 @@ static void smack_bprm_committing_creds(struct linux_binprm *bprm)
|
|||
static int smack_bprm_secureexec(struct linux_binprm *bprm)
|
||||
{
|
||||
struct task_smack *tsp = current_security();
|
||||
int ret = cap_bprm_secureexec(bprm);
|
||||
|
||||
if (!ret && (tsp->smk_task != tsp->smk_forked))
|
||||
ret = 1;
|
||||
if (tsp->smk_task != tsp->smk_forked)
|
||||
return 1;
|
||||
|
||||
return ret;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1133,7 +1126,9 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
|
|||
|
||||
if (rc == 0 && check_import) {
|
||||
skp = size ? smk_import_entry(value, size) : NULL;
|
||||
if (skp == NULL || (check_star &&
|
||||
if (IS_ERR(skp))
|
||||
rc = PTR_ERR(skp);
|
||||
else if (skp == NULL || (check_star &&
|
||||
(skp == &smack_known_star || skp == &smack_known_web)))
|
||||
rc = -EINVAL;
|
||||
}
|
||||
|
@ -1173,19 +1168,19 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
|
|||
|
||||
if (strcmp(name, XATTR_NAME_SMACK) == 0) {
|
||||
skp = smk_import_entry(value, size);
|
||||
if (skp != NULL)
|
||||
if (!IS_ERR(skp))
|
||||
isp->smk_inode = skp;
|
||||
else
|
||||
isp->smk_inode = &smack_known_invalid;
|
||||
} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
|
||||
skp = smk_import_entry(value, size);
|
||||
if (skp != NULL)
|
||||
if (!IS_ERR(skp))
|
||||
isp->smk_task = skp;
|
||||
else
|
||||
isp->smk_task = &smack_known_invalid;
|
||||
} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
|
||||
skp = smk_import_entry(value, size);
|
||||
if (skp != NULL)
|
||||
if (!IS_ERR(skp))
|
||||
isp->smk_mmap = skp;
|
||||
else
|
||||
isp->smk_mmap = &smack_known_invalid;
|
||||
|
@ -1673,6 +1668,9 @@ static int smack_file_receive(struct file *file)
|
|||
struct smk_audit_info ad;
|
||||
struct inode *inode = file_inode(file);
|
||||
|
||||
if (unlikely(IS_PRIVATE(inode)))
|
||||
return 0;
|
||||
|
||||
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
|
||||
smk_ad_setfield_u_fs_path(&ad, file->f_path);
|
||||
/*
|
||||
|
@ -1934,12 +1932,7 @@ static void smack_task_getsecid(struct task_struct *p, u32 *secid)
|
|||
*/
|
||||
static int smack_task_setnice(struct task_struct *p, int nice)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_task_setnice(p, nice);
|
||||
if (rc == 0)
|
||||
rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
|
||||
return rc;
|
||||
return smk_curacc_on_task(p, MAY_WRITE, __func__);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1951,12 +1944,7 @@ static int smack_task_setnice(struct task_struct *p, int nice)
|
|||
*/
|
||||
static int smack_task_setioprio(struct task_struct *p, int ioprio)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_task_setioprio(p, ioprio);
|
||||
if (rc == 0)
|
||||
rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
|
||||
return rc;
|
||||
return smk_curacc_on_task(p, MAY_WRITE, __func__);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1980,12 +1968,7 @@ static int smack_task_getioprio(struct task_struct *p)
|
|||
*/
|
||||
static int smack_task_setscheduler(struct task_struct *p)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_task_setscheduler(p);
|
||||
if (rc == 0)
|
||||
rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
|
||||
return rc;
|
||||
return smk_curacc_on_task(p, MAY_WRITE, __func__);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -2430,8 +2413,8 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
|
|||
return -EINVAL;
|
||||
|
||||
skp = smk_import_entry(value, size);
|
||||
if (skp == NULL)
|
||||
return -EINVAL;
|
||||
if (IS_ERR(skp))
|
||||
return PTR_ERR(skp);
|
||||
|
||||
if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
|
||||
nsp->smk_inode = skp;
|
||||
|
@ -3204,7 +3187,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
|
|||
*/
|
||||
dp = dget(opt_dentry);
|
||||
skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
|
||||
if (skp != NULL)
|
||||
if (!IS_ERR_OR_NULL(skp))
|
||||
final = skp;
|
||||
|
||||
/*
|
||||
|
@ -3241,11 +3224,14 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
|
|||
* Don't let the exec or mmap label be "*" or "@".
|
||||
*/
|
||||
skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
|
||||
if (skp == &smack_known_star || skp == &smack_known_web)
|
||||
if (IS_ERR(skp) || skp == &smack_known_star ||
|
||||
skp == &smack_known_web)
|
||||
skp = NULL;
|
||||
isp->smk_task = skp;
|
||||
|
||||
skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
|
||||
if (skp == &smack_known_star || skp == &smack_known_web)
|
||||
if (IS_ERR(skp) || skp == &smack_known_star ||
|
||||
skp == &smack_known_web)
|
||||
skp = NULL;
|
||||
isp->smk_mmap = skp;
|
||||
|
||||
|
@ -3329,8 +3315,8 @@ static int smack_setprocattr(struct task_struct *p, char *name,
|
|||
return -EINVAL;
|
||||
|
||||
skp = smk_import_entry(value, size);
|
||||
if (skp == NULL)
|
||||
return -EINVAL;
|
||||
if (IS_ERR(skp))
|
||||
return PTR_ERR(skp);
|
||||
|
||||
/*
|
||||
* No process is ever allowed the web ("@") label.
|
||||
|
@ -4105,8 +4091,10 @@ static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
|
|||
return -EINVAL;
|
||||
|
||||
skp = smk_import_entry(rulestr, 0);
|
||||
if (skp)
|
||||
*rule = skp->smk_known;
|
||||
if (IS_ERR(skp))
|
||||
return PTR_ERR(skp);
|
||||
|
||||
*rule = skp->smk_known;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -4266,147 +4254,145 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
|
|||
return 0;
|
||||
}
|
||||
|
||||
struct security_operations smack_ops = {
|
||||
.name = "smack",
|
||||
struct security_hook_list smack_hooks[] = {
|
||||
LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
|
||||
LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
|
||||
LSM_HOOK_INIT(syslog, smack_syslog),
|
||||
|
||||
.ptrace_access_check = smack_ptrace_access_check,
|
||||
.ptrace_traceme = smack_ptrace_traceme,
|
||||
.syslog = smack_syslog,
|
||||
LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
|
||||
LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
|
||||
LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data),
|
||||
LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount),
|
||||
LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
|
||||
|
||||
.sb_alloc_security = smack_sb_alloc_security,
|
||||
.sb_free_security = smack_sb_free_security,
|
||||
.sb_copy_data = smack_sb_copy_data,
|
||||
.sb_kern_mount = smack_sb_kern_mount,
|
||||
.sb_statfs = smack_sb_statfs,
|
||||
LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
|
||||
LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds),
|
||||
LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec),
|
||||
|
||||
.bprm_set_creds = smack_bprm_set_creds,
|
||||
.bprm_committing_creds = smack_bprm_committing_creds,
|
||||
.bprm_secureexec = smack_bprm_secureexec,
|
||||
LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
|
||||
LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
|
||||
LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
|
||||
LSM_HOOK_INIT(inode_link, smack_inode_link),
|
||||
LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
|
||||
LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
|
||||
LSM_HOOK_INIT(inode_rename, smack_inode_rename),
|
||||
LSM_HOOK_INIT(inode_permission, smack_inode_permission),
|
||||
LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
|
||||
LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
|
||||
LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
|
||||
LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
|
||||
LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
|
||||
LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
|
||||
LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
|
||||
LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
|
||||
LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
|
||||
LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
|
||||
|
||||
.inode_alloc_security = smack_inode_alloc_security,
|
||||
.inode_free_security = smack_inode_free_security,
|
||||
.inode_init_security = smack_inode_init_security,
|
||||
.inode_link = smack_inode_link,
|
||||
.inode_unlink = smack_inode_unlink,
|
||||
.inode_rmdir = smack_inode_rmdir,
|
||||
.inode_rename = smack_inode_rename,
|
||||
.inode_permission = smack_inode_permission,
|
||||
.inode_setattr = smack_inode_setattr,
|
||||
.inode_getattr = smack_inode_getattr,
|
||||
.inode_setxattr = smack_inode_setxattr,
|
||||
.inode_post_setxattr = smack_inode_post_setxattr,
|
||||
.inode_getxattr = smack_inode_getxattr,
|
||||
.inode_removexattr = smack_inode_removexattr,
|
||||
.inode_getsecurity = smack_inode_getsecurity,
|
||||
.inode_setsecurity = smack_inode_setsecurity,
|
||||
.inode_listsecurity = smack_inode_listsecurity,
|
||||
.inode_getsecid = smack_inode_getsecid,
|
||||
LSM_HOOK_INIT(file_permission, smack_file_permission),
|
||||
LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
|
||||
LSM_HOOK_INIT(file_free_security, smack_file_free_security),
|
||||
LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
|
||||
LSM_HOOK_INIT(file_lock, smack_file_lock),
|
||||
LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
|
||||
LSM_HOOK_INIT(mmap_file, smack_mmap_file),
|
||||
LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
|
||||
LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
|
||||
LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
|
||||
LSM_HOOK_INIT(file_receive, smack_file_receive),
|
||||
|
||||
.file_permission = smack_file_permission,
|
||||
.file_alloc_security = smack_file_alloc_security,
|
||||
.file_free_security = smack_file_free_security,
|
||||
.file_ioctl = smack_file_ioctl,
|
||||
.file_lock = smack_file_lock,
|
||||
.file_fcntl = smack_file_fcntl,
|
||||
.mmap_file = smack_mmap_file,
|
||||
.mmap_addr = cap_mmap_addr,
|
||||
.file_set_fowner = smack_file_set_fowner,
|
||||
.file_send_sigiotask = smack_file_send_sigiotask,
|
||||
.file_receive = smack_file_receive,
|
||||
LSM_HOOK_INIT(file_open, smack_file_open),
|
||||
|
||||
.file_open = smack_file_open,
|
||||
LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
|
||||
LSM_HOOK_INIT(cred_free, smack_cred_free),
|
||||
LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
|
||||
LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
|
||||
LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
|
||||
LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
|
||||
LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
|
||||
LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
|
||||
LSM_HOOK_INIT(task_getsid, smack_task_getsid),
|
||||
LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
|
||||
LSM_HOOK_INIT(task_setnice, smack_task_setnice),
|
||||
LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
|
||||
LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
|
||||
LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
|
||||
LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
|
||||
LSM_HOOK_INIT(task_movememory, smack_task_movememory),
|
||||
LSM_HOOK_INIT(task_kill, smack_task_kill),
|
||||
LSM_HOOK_INIT(task_wait, smack_task_wait),
|
||||
LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
|
||||
|
||||
.cred_alloc_blank = smack_cred_alloc_blank,
|
||||
.cred_free = smack_cred_free,
|
||||
.cred_prepare = smack_cred_prepare,
|
||||
.cred_transfer = smack_cred_transfer,
|
||||
.kernel_act_as = smack_kernel_act_as,
|
||||
.kernel_create_files_as = smack_kernel_create_files_as,
|
||||
.task_setpgid = smack_task_setpgid,
|
||||
.task_getpgid = smack_task_getpgid,
|
||||
.task_getsid = smack_task_getsid,
|
||||
.task_getsecid = smack_task_getsecid,
|
||||
.task_setnice = smack_task_setnice,
|
||||
.task_setioprio = smack_task_setioprio,
|
||||
.task_getioprio = smack_task_getioprio,
|
||||
.task_setscheduler = smack_task_setscheduler,
|
||||
.task_getscheduler = smack_task_getscheduler,
|
||||
.task_movememory = smack_task_movememory,
|
||||
.task_kill = smack_task_kill,
|
||||
.task_wait = smack_task_wait,
|
||||
.task_to_inode = smack_task_to_inode,
|
||||
LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
|
||||
LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
|
||||
|
||||
.ipc_permission = smack_ipc_permission,
|
||||
.ipc_getsecid = smack_ipc_getsecid,
|
||||
LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
|
||||
LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
|
||||
|
||||
.msg_msg_alloc_security = smack_msg_msg_alloc_security,
|
||||
.msg_msg_free_security = smack_msg_msg_free_security,
|
||||
LSM_HOOK_INIT(msg_queue_alloc_security, smack_msg_queue_alloc_security),
|
||||
LSM_HOOK_INIT(msg_queue_free_security, smack_msg_queue_free_security),
|
||||
LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
|
||||
LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
|
||||
LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
|
||||
LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
|
||||
|
||||
.msg_queue_alloc_security = smack_msg_queue_alloc_security,
|
||||
.msg_queue_free_security = smack_msg_queue_free_security,
|
||||
.msg_queue_associate = smack_msg_queue_associate,
|
||||
.msg_queue_msgctl = smack_msg_queue_msgctl,
|
||||
.msg_queue_msgsnd = smack_msg_queue_msgsnd,
|
||||
.msg_queue_msgrcv = smack_msg_queue_msgrcv,
|
||||
LSM_HOOK_INIT(shm_alloc_security, smack_shm_alloc_security),
|
||||
LSM_HOOK_INIT(shm_free_security, smack_shm_free_security),
|
||||
LSM_HOOK_INIT(shm_associate, smack_shm_associate),
|
||||
LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
|
||||
LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
|
||||
|
||||
.shm_alloc_security = smack_shm_alloc_security,
|
||||
.shm_free_security = smack_shm_free_security,
|
||||
.shm_associate = smack_shm_associate,
|
||||
.shm_shmctl = smack_shm_shmctl,
|
||||
.shm_shmat = smack_shm_shmat,
|
||||
LSM_HOOK_INIT(sem_alloc_security, smack_sem_alloc_security),
|
||||
LSM_HOOK_INIT(sem_free_security, smack_sem_free_security),
|
||||
LSM_HOOK_INIT(sem_associate, smack_sem_associate),
|
||||
LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
|
||||
LSM_HOOK_INIT(sem_semop, smack_sem_semop),
|
||||
|
||||
.sem_alloc_security = smack_sem_alloc_security,
|
||||
.sem_free_security = smack_sem_free_security,
|
||||
.sem_associate = smack_sem_associate,
|
||||
.sem_semctl = smack_sem_semctl,
|
||||
.sem_semop = smack_sem_semop,
|
||||
LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
|
||||
|
||||
.d_instantiate = smack_d_instantiate,
|
||||
LSM_HOOK_INIT(getprocattr, smack_getprocattr),
|
||||
LSM_HOOK_INIT(setprocattr, smack_setprocattr),
|
||||
|
||||
.getprocattr = smack_getprocattr,
|
||||
.setprocattr = smack_setprocattr,
|
||||
LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
|
||||
LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
|
||||
|
||||
.unix_stream_connect = smack_unix_stream_connect,
|
||||
.unix_may_send = smack_unix_may_send,
|
||||
|
||||
.socket_post_create = smack_socket_post_create,
|
||||
LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
|
||||
#ifndef CONFIG_SECURITY_SMACK_NETFILTER
|
||||
.socket_bind = smack_socket_bind,
|
||||
LSM_HOOK_INIT(socket_bind, smack_socket_bind),
|
||||
#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
|
||||
.socket_connect = smack_socket_connect,
|
||||
.socket_sendmsg = smack_socket_sendmsg,
|
||||
.socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
|
||||
.socket_getpeersec_stream = smack_socket_getpeersec_stream,
|
||||
.socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
|
||||
.sk_alloc_security = smack_sk_alloc_security,
|
||||
.sk_free_security = smack_sk_free_security,
|
||||
.sock_graft = smack_sock_graft,
|
||||
.inet_conn_request = smack_inet_conn_request,
|
||||
.inet_csk_clone = smack_inet_csk_clone,
|
||||
LSM_HOOK_INIT(socket_connect, smack_socket_connect),
|
||||
LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
|
||||
LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
|
||||
LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
|
||||
LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
|
||||
LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
|
||||
LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
|
||||
LSM_HOOK_INIT(sock_graft, smack_sock_graft),
|
||||
LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
|
||||
LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
|
||||
|
||||
/* key management security hooks */
|
||||
#ifdef CONFIG_KEYS
|
||||
.key_alloc = smack_key_alloc,
|
||||
.key_free = smack_key_free,
|
||||
.key_permission = smack_key_permission,
|
||||
.key_getsecurity = smack_key_getsecurity,
|
||||
LSM_HOOK_INIT(key_alloc, smack_key_alloc),
|
||||
LSM_HOOK_INIT(key_free, smack_key_free),
|
||||
LSM_HOOK_INIT(key_permission, smack_key_permission),
|
||||
LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
|
||||
#endif /* CONFIG_KEYS */
|
||||
|
||||
/* Audit hooks */
|
||||
#ifdef CONFIG_AUDIT
|
||||
.audit_rule_init = smack_audit_rule_init,
|
||||
.audit_rule_known = smack_audit_rule_known,
|
||||
.audit_rule_match = smack_audit_rule_match,
|
||||
.audit_rule_free = smack_audit_rule_free,
|
||||
LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
|
||||
LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
|
||||
LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
|
||||
LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free),
|
||||
#endif /* CONFIG_AUDIT */
|
||||
|
||||
.ismaclabel = smack_ismaclabel,
|
||||
.secid_to_secctx = smack_secid_to_secctx,
|
||||
.secctx_to_secid = smack_secctx_to_secid,
|
||||
.release_secctx = smack_release_secctx,
|
||||
.inode_notifysecctx = smack_inode_notifysecctx,
|
||||
.inode_setsecctx = smack_inode_setsecctx,
|
||||
.inode_getsecctx = smack_inode_getsecctx,
|
||||
LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
|
||||
LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
|
||||
LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
|
||||
LSM_HOOK_INIT(release_secctx, smack_release_secctx),
|
||||
LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
|
||||
LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
|
||||
LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
|
||||
};
|
||||
|
||||
|
||||
|
@ -4451,7 +4437,7 @@ static __init int smack_init(void)
|
|||
struct cred *cred;
|
||||
struct task_smack *tsp;
|
||||
|
||||
if (!security_module_enable(&smack_ops))
|
||||
if (!security_module_enable("smack"))
|
||||
return 0;
|
||||
|
||||
smack_enabled = 1;
|
||||
|
@ -4481,8 +4467,7 @@ static __init int smack_init(void)
|
|||
/*
|
||||
* Register with LSM
|
||||
*/
|
||||
if (register_security(&smack_ops))
|
||||
panic("smack: Unable to register with kernel.\n");
|
||||
security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -87,16 +87,6 @@ int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
|
|||
*/
|
||||
int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
|
||||
|
||||
/*
|
||||
* Unless a process is running with this label even
|
||||
* having CAP_MAC_OVERRIDE isn't enough to grant
|
||||
* privilege to violate MAC policy. If no label is
|
||||
* designated (the NULL case) capabilities apply to
|
||||
* everyone. It is expected that the hat (^) label
|
||||
* will be used if any label is used.
|
||||
*/
|
||||
struct smack_known *smack_onlycap;
|
||||
|
||||
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
|
||||
/*
|
||||
* Allow one label to be unconfined. This is for
|
||||
|
@ -338,8 +328,7 @@ static int smk_perm_from_str(const char *string)
|
|||
* @import: if non-zero, import labels
|
||||
* @len: label length limit
|
||||
*
|
||||
* Returns 0 on success, -EINVAL on failure and -ENOENT when either subject
|
||||
* or object is missing.
|
||||
* Returns 0 on success, appropriate error code on failure.
|
||||
*/
|
||||
static int smk_fill_rule(const char *subject, const char *object,
|
||||
const char *access1, const char *access2,
|
||||
|
@ -351,16 +340,16 @@ static int smk_fill_rule(const char *subject, const char *object,
|
|||
|
||||
if (import) {
|
||||
rule->smk_subject = smk_import_entry(subject, len);
|
||||
if (rule->smk_subject == NULL)
|
||||
return -EINVAL;
|
||||
if (IS_ERR(rule->smk_subject))
|
||||
return PTR_ERR(rule->smk_subject);
|
||||
|
||||
rule->smk_object = smk_import_entry(object, len);
|
||||
if (rule->smk_object == NULL)
|
||||
return -EINVAL;
|
||||
if (IS_ERR(rule->smk_object))
|
||||
return PTR_ERR(rule->smk_object);
|
||||
} else {
|
||||
cp = smk_parse_smack(subject, len);
|
||||
if (cp == NULL)
|
||||
return -EINVAL;
|
||||
if (IS_ERR(cp))
|
||||
return PTR_ERR(cp);
|
||||
skp = smk_find_entry(cp);
|
||||
kfree(cp);
|
||||
if (skp == NULL)
|
||||
|
@ -368,8 +357,8 @@ static int smk_fill_rule(const char *subject, const char *object,
|
|||
rule->smk_subject = skp;
|
||||
|
||||
cp = smk_parse_smack(object, len);
|
||||
if (cp == NULL)
|
||||
return -EINVAL;
|
||||
if (IS_ERR(cp))
|
||||
return PTR_ERR(cp);
|
||||
skp = smk_find_entry(cp);
|
||||
kfree(cp);
|
||||
if (skp == NULL)
|
||||
|
@ -412,7 +401,7 @@ static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
|
|||
* @import: if non-zero, import labels
|
||||
* @tokens: numer of substrings expected in data
|
||||
*
|
||||
* Returns number of processed bytes on success, -1 on failure.
|
||||
* Returns number of processed bytes on success, -ERRNO on failure.
|
||||
*/
|
||||
static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
|
||||
int import, int tokens)
|
||||
|
@ -431,7 +420,7 @@ static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
|
|||
|
||||
if (data[cnt] == '\0')
|
||||
/* Unexpected end of data */
|
||||
return -1;
|
||||
return -EINVAL;
|
||||
|
||||
tok[i] = data + cnt;
|
||||
|
||||
|
@ -529,14 +518,14 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
|
|||
while (cnt < count) {
|
||||
if (format == SMK_FIXED24_FMT) {
|
||||
rc = smk_parse_rule(data, &rule, 1);
|
||||
if (rc != 0) {
|
||||
rc = -EINVAL;
|
||||
if (rc < 0)
|
||||
goto out;
|
||||
}
|
||||
cnt = count;
|
||||
} else {
|
||||
rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
|
||||
if (rc <= 0) {
|
||||
if (rc < 0)
|
||||
goto out;
|
||||
if (rc == 0) {
|
||||
rc = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -567,23 +556,17 @@ static void *smk_seq_start(struct seq_file *s, loff_t *pos,
|
|||
struct list_head *head)
|
||||
{
|
||||
struct list_head *list;
|
||||
int i = *pos;
|
||||
|
||||
/*
|
||||
* This is 0 the first time through.
|
||||
*/
|
||||
if (s->index == 0)
|
||||
s->private = head;
|
||||
rcu_read_lock();
|
||||
for (list = rcu_dereference(list_next_rcu(head));
|
||||
list != head;
|
||||
list = rcu_dereference(list_next_rcu(list))) {
|
||||
if (i-- == 0)
|
||||
return list;
|
||||
}
|
||||
|
||||
if (s->private == NULL)
|
||||
return NULL;
|
||||
|
||||
list = s->private;
|
||||
if (list_empty(list))
|
||||
return NULL;
|
||||
|
||||
if (s->index == 0)
|
||||
return list->next;
|
||||
return list;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
|
||||
|
@ -591,17 +574,15 @@ static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
|
|||
{
|
||||
struct list_head *list = v;
|
||||
|
||||
if (list_is_last(list, head)) {
|
||||
s->private = NULL;
|
||||
return NULL;
|
||||
}
|
||||
s->private = list->next;
|
||||
return list->next;
|
||||
++*pos;
|
||||
list = rcu_dereference(list_next_rcu(list));
|
||||
|
||||
return (list == head) ? NULL : list;
|
||||
}
|
||||
|
||||
static void smk_seq_stop(struct seq_file *s, void *v)
|
||||
{
|
||||
/* No-op */
|
||||
rcu_read_unlock();
|
||||
}
|
||||
|
||||
static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
|
||||
|
@ -661,7 +642,7 @@ static int load_seq_show(struct seq_file *s, void *v)
|
|||
{
|
||||
struct list_head *list = v;
|
||||
struct smack_master_list *smlp =
|
||||
list_entry(list, struct smack_master_list, list);
|
||||
list_entry_rcu(list, struct smack_master_list, list);
|
||||
|
||||
smk_rule_show(s, smlp->smk_rule, SMK_LABELLEN);
|
||||
|
||||
|
@ -809,7 +790,7 @@ static int cipso_seq_show(struct seq_file *s, void *v)
|
|||
{
|
||||
struct list_head *list = v;
|
||||
struct smack_known *skp =
|
||||
list_entry(list, struct smack_known, list);
|
||||
list_entry_rcu(list, struct smack_known, list);
|
||||
struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
|
||||
char sep = '/';
|
||||
int i;
|
||||
|
@ -915,8 +896,10 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
|
|||
mutex_lock(&smack_cipso_lock);
|
||||
|
||||
skp = smk_import_entry(rule, 0);
|
||||
if (skp == NULL)
|
||||
if (IS_ERR(skp)) {
|
||||
rc = PTR_ERR(skp);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (format == SMK_FIXED24_FMT)
|
||||
rule += SMK_LABELLEN;
|
||||
|
@ -998,7 +981,7 @@ static int cipso2_seq_show(struct seq_file *s, void *v)
|
|||
{
|
||||
struct list_head *list = v;
|
||||
struct smack_known *skp =
|
||||
list_entry(list, struct smack_known, list);
|
||||
list_entry_rcu(list, struct smack_known, list);
|
||||
struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
|
||||
char sep = '/';
|
||||
int i;
|
||||
|
@ -1082,7 +1065,7 @@ static int netlbladdr_seq_show(struct seq_file *s, void *v)
|
|||
{
|
||||
struct list_head *list = v;
|
||||
struct smk_netlbladdr *skp =
|
||||
list_entry(list, struct smk_netlbladdr, list);
|
||||
list_entry_rcu(list, struct smk_netlbladdr, list);
|
||||
unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr;
|
||||
int maskn;
|
||||
u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr);
|
||||
|
@ -1237,8 +1220,8 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
|
|||
*/
|
||||
if (smack[0] != '-') {
|
||||
skp = smk_import_entry(smack, 0);
|
||||
if (skp == NULL) {
|
||||
rc = -EINVAL;
|
||||
if (IS_ERR(skp)) {
|
||||
rc = PTR_ERR(skp);
|
||||
goto free_out;
|
||||
}
|
||||
} else {
|
||||
|
@ -1619,8 +1602,8 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
|
|||
}
|
||||
|
||||
skp = smk_import_entry(data, count);
|
||||
if (skp == NULL) {
|
||||
rc = -EINVAL;
|
||||
if (IS_ERR(skp)) {
|
||||
rc = PTR_ERR(skp);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -1643,34 +1626,79 @@ static const struct file_operations smk_ambient_ops = {
|
|||
.llseek = default_llseek,
|
||||
};
|
||||
|
||||
/**
|
||||
* smk_read_onlycap - read() for smackfs/onlycap
|
||||
* @filp: file pointer, not actually used
|
||||
* @buf: where to put the result
|
||||
* @cn: maximum to send along
|
||||
* @ppos: where to start
|
||||
*
|
||||
* Returns number of bytes read or error code, as appropriate
|
||||
/*
|
||||
* Seq_file operations for /smack/onlycap
|
||||
*/
|
||||
static ssize_t smk_read_onlycap(struct file *filp, char __user *buf,
|
||||
size_t cn, loff_t *ppos)
|
||||
static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
|
||||
{
|
||||
char *smack = "";
|
||||
ssize_t rc = -EINVAL;
|
||||
int asize;
|
||||
return smk_seq_start(s, pos, &smack_onlycap_list);
|
||||
}
|
||||
|
||||
if (*ppos != 0)
|
||||
return 0;
|
||||
static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
|
||||
{
|
||||
return smk_seq_next(s, v, pos, &smack_onlycap_list);
|
||||
}
|
||||
|
||||
if (smack_onlycap != NULL)
|
||||
smack = smack_onlycap->smk_known;
|
||||
static int onlycap_seq_show(struct seq_file *s, void *v)
|
||||
{
|
||||
struct list_head *list = v;
|
||||
struct smack_onlycap *sop =
|
||||
list_entry_rcu(list, struct smack_onlycap, list);
|
||||
|
||||
asize = strlen(smack) + 1;
|
||||
seq_puts(s, sop->smk_label->smk_known);
|
||||
seq_putc(s, ' ');
|
||||
|
||||
if (cn >= asize)
|
||||
rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return rc;
|
||||
static const struct seq_operations onlycap_seq_ops = {
|
||||
.start = onlycap_seq_start,
|
||||
.next = onlycap_seq_next,
|
||||
.show = onlycap_seq_show,
|
||||
.stop = smk_seq_stop,
|
||||
};
|
||||
|
||||
static int smk_open_onlycap(struct inode *inode, struct file *file)
|
||||
{
|
||||
return seq_open(file, &onlycap_seq_ops);
|
||||
}
|
||||
|
||||
/**
|
||||
* smk_list_swap_rcu - swap public list with a private one in RCU-safe way
|
||||
* The caller must hold appropriate mutex to prevent concurrent modifications
|
||||
* to the public list.
|
||||
* Private list is assumed to be not accessible to other threads yet.
|
||||
*
|
||||
* @public: public list
|
||||
* @private: private list
|
||||
*/
|
||||
static void smk_list_swap_rcu(struct list_head *public,
|
||||
struct list_head *private)
|
||||
{
|
||||
struct list_head *first, *last;
|
||||
|
||||
if (list_empty(public)) {
|
||||
list_splice_init_rcu(private, public, synchronize_rcu);
|
||||
} else {
|
||||
/* Remember public list before replacing it */
|
||||
first = public->next;
|
||||
last = public->prev;
|
||||
|
||||
/* Publish private list in place of public in RCU-safe way */
|
||||
private->prev->next = public;
|
||||
private->next->prev = public;
|
||||
rcu_assign_pointer(public->next, private->next);
|
||||
public->prev = private->prev;
|
||||
|
||||
synchronize_rcu();
|
||||
|
||||
/* When all readers are done with the old public list,
|
||||
* attach it in place of private */
|
||||
private->next = first;
|
||||
private->prev = last;
|
||||
first->prev = private;
|
||||
last->next = private;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1686,47 +1714,79 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
|
|||
size_t count, loff_t *ppos)
|
||||
{
|
||||
char *data;
|
||||
struct smack_known *skp = smk_of_task(current->cred->security);
|
||||
char *data_parse;
|
||||
char *tok;
|
||||
struct smack_known *skp;
|
||||
struct smack_onlycap *sop;
|
||||
struct smack_onlycap *sop2;
|
||||
LIST_HEAD(list_tmp);
|
||||
int rc = count;
|
||||
|
||||
if (!smack_privileged(CAP_MAC_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
* This can be done using smk_access() but is done
|
||||
* explicitly for clarity. The smk_access() implementation
|
||||
* would use smk_access(smack_onlycap, MAY_WRITE)
|
||||
*/
|
||||
if (smack_onlycap != NULL && smack_onlycap != skp)
|
||||
return -EPERM;
|
||||
|
||||
data = kzalloc(count + 1, GFP_KERNEL);
|
||||
if (data == NULL)
|
||||
return -ENOMEM;
|
||||
|
||||
/*
|
||||
* Should the null string be passed in unset the onlycap value.
|
||||
* This seems like something to be careful with as usually
|
||||
* smk_import only expects to return NULL for errors. It
|
||||
* is usually the case that a nullstring or "\n" would be
|
||||
* bad to pass to smk_import but in fact this is useful here.
|
||||
*
|
||||
* smk_import will also reject a label beginning with '-',
|
||||
* so "-usecapabilities" will also work.
|
||||
*/
|
||||
if (copy_from_user(data, buf, count) != 0)
|
||||
rc = -EFAULT;
|
||||
else
|
||||
smack_onlycap = smk_import_entry(data, count);
|
||||
if (copy_from_user(data, buf, count) != 0) {
|
||||
kfree(data);
|
||||
return -EFAULT;
|
||||
}
|
||||
|
||||
data_parse = data;
|
||||
while ((tok = strsep(&data_parse, " ")) != NULL) {
|
||||
if (!*tok)
|
||||
continue;
|
||||
|
||||
skp = smk_import_entry(tok, 0);
|
||||
if (IS_ERR(skp)) {
|
||||
rc = PTR_ERR(skp);
|
||||
break;
|
||||
}
|
||||
|
||||
sop = kzalloc(sizeof(*sop), GFP_KERNEL);
|
||||
if (sop == NULL) {
|
||||
rc = -ENOMEM;
|
||||
break;
|
||||
}
|
||||
|
||||
sop->smk_label = skp;
|
||||
list_add_rcu(&sop->list, &list_tmp);
|
||||
}
|
||||
kfree(data);
|
||||
|
||||
/*
|
||||
* Clear the smack_onlycap on invalid label errors. This means
|
||||
* that we can pass a null string to unset the onlycap value.
|
||||
*
|
||||
* Importing will also reject a label beginning with '-',
|
||||
* so "-usecapabilities" will also work.
|
||||
*
|
||||
* But do so only on invalid label, not on system errors.
|
||||
* The invalid label must be first to count as clearing attempt.
|
||||
*/
|
||||
if (rc == -EINVAL && list_empty(&list_tmp))
|
||||
rc = count;
|
||||
|
||||
if (rc >= 0) {
|
||||
mutex_lock(&smack_onlycap_lock);
|
||||
smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
|
||||
mutex_unlock(&smack_onlycap_lock);
|
||||
}
|
||||
|
||||
list_for_each_entry_safe(sop, sop2, &list_tmp, list)
|
||||
kfree(sop);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
static const struct file_operations smk_onlycap_ops = {
|
||||
.read = smk_read_onlycap,
|
||||
.open = smk_open_onlycap,
|
||||
.read = seq_read,
|
||||
.write = smk_write_onlycap,
|
||||
.llseek = default_llseek,
|
||||
.llseek = seq_lseek,
|
||||
.release = seq_release,
|
||||
};
|
||||
|
||||
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
|
||||
|
@ -1773,6 +1833,7 @@ static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
|
|||
size_t count, loff_t *ppos)
|
||||
{
|
||||
char *data;
|
||||
struct smack_known *skp;
|
||||
int rc = count;
|
||||
|
||||
if (!smack_privileged(CAP_MAC_ADMIN))
|
||||
|
@ -1782,21 +1843,31 @@ static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
|
|||
if (data == NULL)
|
||||
return -ENOMEM;
|
||||
|
||||
/*
|
||||
* Should the null string be passed in unset the unconfined value.
|
||||
* This seems like something to be careful with as usually
|
||||
* smk_import only expects to return NULL for errors. It
|
||||
* is usually the case that a nullstring or "\n" would be
|
||||
* bad to pass to smk_import but in fact this is useful here.
|
||||
*
|
||||
* smk_import will also reject a label beginning with '-',
|
||||
* so "-confine" will also work.
|
||||
*/
|
||||
if (copy_from_user(data, buf, count) != 0)
|
||||
if (copy_from_user(data, buf, count) != 0) {
|
||||
rc = -EFAULT;
|
||||
else
|
||||
smack_unconfined = smk_import_entry(data, count);
|
||||
goto freeout;
|
||||
}
|
||||
|
||||
/*
|
||||
* Clear the smack_unconfined on invalid label errors. This means
|
||||
* that we can pass a null string to unset the unconfined value.
|
||||
*
|
||||
* Importing will also reject a label beginning with '-',
|
||||
* so "-confine" will also work.
|
||||
*
|
||||
* But do so only on invalid label, not on system errors.
|
||||
*/
|
||||
skp = smk_import_entry(data, count);
|
||||
if (PTR_ERR(skp) == -EINVAL)
|
||||
skp = NULL;
|
||||
else if (IS_ERR(skp)) {
|
||||
rc = PTR_ERR(skp);
|
||||
goto freeout;
|
||||
}
|
||||
|
||||
smack_unconfined = skp;
|
||||
|
||||
freeout:
|
||||
kfree(data);
|
||||
return rc;
|
||||
}
|
||||
|
@ -1895,7 +1966,7 @@ static int load_self_seq_show(struct seq_file *s, void *v)
|
|||
{
|
||||
struct list_head *list = v;
|
||||
struct smack_rule *srp =
|
||||
list_entry(list, struct smack_rule, list);
|
||||
list_entry_rcu(list, struct smack_rule, list);
|
||||
|
||||
smk_rule_show(s, srp, SMK_LABELLEN);
|
||||
|
||||
|
@ -1980,7 +2051,7 @@ static ssize_t smk_user_access(struct file *file, const char __user *buf,
|
|||
res = smk_access(rule.smk_subject, rule.smk_object,
|
||||
rule.smk_access1, NULL);
|
||||
else if (res != -ENOENT)
|
||||
return -EINVAL;
|
||||
return res;
|
||||
|
||||
/*
|
||||
* smk_access() can return a value > 0 in the "bringup" case.
|
||||
|
@ -2024,7 +2095,7 @@ static int load2_seq_show(struct seq_file *s, void *v)
|
|||
{
|
||||
struct list_head *list = v;
|
||||
struct smack_master_list *smlp =
|
||||
list_entry(list, struct smack_master_list, list);
|
||||
list_entry_rcu(list, struct smack_master_list, list);
|
||||
|
||||
smk_rule_show(s, smlp->smk_rule, SMK_LONGLABEL);
|
||||
|
||||
|
@ -2101,7 +2172,7 @@ static int load_self2_seq_show(struct seq_file *s, void *v)
|
|||
{
|
||||
struct list_head *list = v;
|
||||
struct smack_rule *srp =
|
||||
list_entry(list, struct smack_rule, list);
|
||||
list_entry_rcu(list, struct smack_rule, list);
|
||||
|
||||
smk_rule_show(s, srp, SMK_LONGLABEL);
|
||||
|
||||
|
@ -2182,8 +2253,8 @@ static const struct file_operations smk_access2_ops = {
|
|||
static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
|
||||
size_t count, loff_t *ppos)
|
||||
{
|
||||
char *data = NULL;
|
||||
const char *cp = NULL;
|
||||
char *data;
|
||||
const char *cp;
|
||||
struct smack_known *skp;
|
||||
struct smack_rule *sp;
|
||||
struct list_head *rule_list;
|
||||
|
@ -2205,18 +2276,18 @@ static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
|
|||
|
||||
if (copy_from_user(data, buf, count) != 0) {
|
||||
rc = -EFAULT;
|
||||
goto free_out;
|
||||
goto out_data;
|
||||
}
|
||||
|
||||
cp = smk_parse_smack(data, count);
|
||||
if (cp == NULL) {
|
||||
rc = -EINVAL;
|
||||
goto free_out;
|
||||
if (IS_ERR(cp)) {
|
||||
rc = PTR_ERR(cp);
|
||||
goto out_data;
|
||||
}
|
||||
|
||||
skp = smk_find_entry(cp);
|
||||
if (skp == NULL)
|
||||
goto free_out;
|
||||
goto out_cp;
|
||||
|
||||
rule_list = &skp->smk_rules;
|
||||
rule_lock = &skp->smk_rules_lock;
|
||||
|
@ -2228,9 +2299,11 @@ static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
|
|||
|
||||
mutex_unlock(rule_lock);
|
||||
|
||||
free_out:
|
||||
kfree(data);
|
||||
out_cp:
|
||||
kfree(cp);
|
||||
out_data:
|
||||
kfree(data);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
@ -2341,10 +2414,10 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
|
|||
rc = -EFAULT;
|
||||
else {
|
||||
skp = smk_import_entry(data, count);
|
||||
if (skp == NULL)
|
||||
rc = -EINVAL;
|
||||
if (IS_ERR(skp))
|
||||
rc = PTR_ERR(skp);
|
||||
else
|
||||
smack_syslog_label = smk_import_entry(data, count);
|
||||
smack_syslog_label = skp;
|
||||
}
|
||||
|
||||
kfree(data);
|
||||
|
@ -2547,7 +2620,7 @@ static int __init init_smk_fs(void)
|
|||
int err;
|
||||
int rc;
|
||||
|
||||
if (!security_module_enable(&smack_ops))
|
||||
if (!security_module_enable("smack"))
|
||||
return 0;
|
||||
|
||||
err = smk_init_sysfs();
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
* Copyright (C) 2005-2011 NTT DATA CORPORATION
|
||||
*/
|
||||
|
||||
#include <linux/security.h>
|
||||
#include <linux/lsm_hooks.h>
|
||||
#include "common.h"
|
||||
|
||||
/**
|
||||
|
@ -72,12 +72,6 @@ static void tomoyo_cred_free(struct cred *cred)
|
|||
*/
|
||||
static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_bprm_set_creds(bprm);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
/*
|
||||
* Do only if this function is called for the first time of an execve
|
||||
* operation.
|
||||
|
@ -502,36 +496,35 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
|
|||
* tomoyo_security_ops is a "struct security_operations" which is used for
|
||||
* registering TOMOYO.
|
||||
*/
|
||||
static struct security_operations tomoyo_security_ops = {
|
||||
.name = "tomoyo",
|
||||
.cred_alloc_blank = tomoyo_cred_alloc_blank,
|
||||
.cred_prepare = tomoyo_cred_prepare,
|
||||
.cred_transfer = tomoyo_cred_transfer,
|
||||
.cred_free = tomoyo_cred_free,
|
||||
.bprm_set_creds = tomoyo_bprm_set_creds,
|
||||
.bprm_check_security = tomoyo_bprm_check_security,
|
||||
.file_fcntl = tomoyo_file_fcntl,
|
||||
.file_open = tomoyo_file_open,
|
||||
.path_truncate = tomoyo_path_truncate,
|
||||
.path_unlink = tomoyo_path_unlink,
|
||||
.path_mkdir = tomoyo_path_mkdir,
|
||||
.path_rmdir = tomoyo_path_rmdir,
|
||||
.path_symlink = tomoyo_path_symlink,
|
||||
.path_mknod = tomoyo_path_mknod,
|
||||
.path_link = tomoyo_path_link,
|
||||
.path_rename = tomoyo_path_rename,
|
||||
.inode_getattr = tomoyo_inode_getattr,
|
||||
.file_ioctl = tomoyo_file_ioctl,
|
||||
.path_chmod = tomoyo_path_chmod,
|
||||
.path_chown = tomoyo_path_chown,
|
||||
.path_chroot = tomoyo_path_chroot,
|
||||
.sb_mount = tomoyo_sb_mount,
|
||||
.sb_umount = tomoyo_sb_umount,
|
||||
.sb_pivotroot = tomoyo_sb_pivotroot,
|
||||
.socket_bind = tomoyo_socket_bind,
|
||||
.socket_connect = tomoyo_socket_connect,
|
||||
.socket_listen = tomoyo_socket_listen,
|
||||
.socket_sendmsg = tomoyo_socket_sendmsg,
|
||||
static struct security_hook_list tomoyo_hooks[] = {
|
||||
LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank),
|
||||
LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
|
||||
LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer),
|
||||
LSM_HOOK_INIT(cred_free, tomoyo_cred_free),
|
||||
LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds),
|
||||
LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security),
|
||||
LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl),
|
||||
LSM_HOOK_INIT(file_open, tomoyo_file_open),
|
||||
LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate),
|
||||
LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink),
|
||||
LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir),
|
||||
LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir),
|
||||
LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink),
|
||||
LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod),
|
||||
LSM_HOOK_INIT(path_link, tomoyo_path_link),
|
||||
LSM_HOOK_INIT(path_rename, tomoyo_path_rename),
|
||||
LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr),
|
||||
LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl),
|
||||
LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod),
|
||||
LSM_HOOK_INIT(path_chown, tomoyo_path_chown),
|
||||
LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot),
|
||||
LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount),
|
||||
LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount),
|
||||
LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot),
|
||||
LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind),
|
||||
LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect),
|
||||
LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen),
|
||||
LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg),
|
||||
};
|
||||
|
||||
/* Lock for GC. */
|
||||
|
@ -546,11 +539,10 @@ static int __init tomoyo_init(void)
|
|||
{
|
||||
struct cred *cred = (struct cred *) current_cred();
|
||||
|
||||
if (!security_module_enable(&tomoyo_security_ops))
|
||||
if (!security_module_enable("tomoyo"))
|
||||
return 0;
|
||||
/* register ourselves with the security framework */
|
||||
if (register_security(&tomoyo_security_ops))
|
||||
panic("Failure registering TOMOYO Linux");
|
||||
security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks));
|
||||
printk(KERN_INFO "TOMOYO Linux initialized\n");
|
||||
cred->security = &tomoyo_kernel_domain;
|
||||
tomoyo_mm_init();
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
*
|
||||
*/
|
||||
|
||||
#include <linux/security.h>
|
||||
#include <linux/lsm_hooks.h>
|
||||
#include <linux/sysctl.h>
|
||||
#include <linux/ptrace.h>
|
||||
#include <linux/prctl.h>
|
||||
|
@ -154,13 +154,9 @@ void yama_task_free(struct task_struct *task)
|
|||
int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3,
|
||||
unsigned long arg4, unsigned long arg5)
|
||||
{
|
||||
int rc;
|
||||
int rc = -ENOSYS;
|
||||
struct task_struct *myself = current;
|
||||
|
||||
rc = cap_task_prctl(option, arg2, arg3, arg4, arg5);
|
||||
if (rc != -ENOSYS)
|
||||
return rc;
|
||||
|
||||
switch (option) {
|
||||
case PR_SET_PTRACER:
|
||||
/* Since a thread can call prctl(), find the group leader
|
||||
|
@ -279,17 +275,10 @@ static int ptracer_exception_found(struct task_struct *tracer,
|
|||
*
|
||||
* Returns 0 if following the ptrace is allowed, -ve on error.
|
||||
*/
|
||||
int yama_ptrace_access_check(struct task_struct *child,
|
||||
static int yama_ptrace_access_check(struct task_struct *child,
|
||||
unsigned int mode)
|
||||
{
|
||||
int rc;
|
||||
|
||||
/* If standard caps disallows it, so does Yama. We should
|
||||
* only tighten restrictions further.
|
||||
*/
|
||||
rc = cap_ptrace_access_check(child, mode);
|
||||
if (rc)
|
||||
return rc;
|
||||
int rc = 0;
|
||||
|
||||
/* require ptrace target be a child of ptracer on attach */
|
||||
if (mode == PTRACE_MODE_ATTACH) {
|
||||
|
@ -335,14 +324,7 @@ int yama_ptrace_access_check(struct task_struct *child,
|
|||
*/
|
||||
int yama_ptrace_traceme(struct task_struct *parent)
|
||||
{
|
||||
int rc;
|
||||
|
||||
/* If standard caps disallows it, so does Yama. We should
|
||||
* only tighten restrictions further.
|
||||
*/
|
||||
rc = cap_ptrace_traceme(parent);
|
||||
if (rc)
|
||||
return rc;
|
||||
int rc = 0;
|
||||
|
||||
/* Only disallow PTRACE_TRACEME on more aggressive settings. */
|
||||
switch (ptrace_scope) {
|
||||
|
@ -364,16 +346,17 @@ int yama_ptrace_traceme(struct task_struct *parent)
|
|||
return rc;
|
||||
}
|
||||
|
||||
#ifndef CONFIG_SECURITY_YAMA_STACKED
|
||||
static struct security_operations yama_ops = {
|
||||
.name = "yama",
|
||||
|
||||
.ptrace_access_check = yama_ptrace_access_check,
|
||||
.ptrace_traceme = yama_ptrace_traceme,
|
||||
.task_prctl = yama_task_prctl,
|
||||
.task_free = yama_task_free,
|
||||
static struct security_hook_list yama_hooks[] = {
|
||||
LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check),
|
||||
LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme),
|
||||
LSM_HOOK_INIT(task_prctl, yama_task_prctl),
|
||||
LSM_HOOK_INIT(task_free, yama_task_free),
|
||||
};
|
||||
#endif
|
||||
|
||||
void __init yama_add_hooks(void)
|
||||
{
|
||||
security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks));
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SYSCTL
|
||||
static int yama_dointvec_minmax(struct ctl_table *table, int write,
|
||||
|
@ -418,16 +401,13 @@ static struct ctl_table yama_sysctl_table[] = {
|
|||
static __init int yama_init(void)
|
||||
{
|
||||
#ifndef CONFIG_SECURITY_YAMA_STACKED
|
||||
if (!security_module_enable(&yama_ops))
|
||||
/*
|
||||
* If yama is being stacked this is already taken care of.
|
||||
*/
|
||||
if (!security_module_enable("yama"))
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
printk(KERN_INFO "Yama: becoming mindful.\n");
|
||||
|
||||
#ifndef CONFIG_SECURITY_YAMA_STACKED
|
||||
if (register_security(&yama_ops))
|
||||
panic("Yama: kernel registration failed.\n");
|
||||
#endif
|
||||
pr_info("Yama: becoming mindful.\n");
|
||||
|
||||
#ifdef CONFIG_SYSCTL
|
||||
if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table))
|
||||
|
|
Loading…
Reference in New Issue