projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Staging: rtl8187se: Fix Sparse Warnings
[deliverable/linux.git] / security / smack / smack.h
1 /*
2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, version 2.
7 *
8 * Author:
9 * Casey Schaufler <casey@schaufler-ca.com>
10 *
11 */
12
13 #ifndef _SECURITY_SMACK_H
14 #define _SECURITY_SMACK_H
15
16 #include <linux/capability.h>
17 #include <linux/spinlock.h>
18 #include <linux/security.h>
19 #include <linux/in.h>
20 #include <net/netlabel.h>
21 #include <linux/list.h>
22 #include <linux/rculist.h>
23 #include <linux/lsm_audit.h>
24
25 /*
26 * Smack labels were limited to 23 characters for a long time.
27 */
28 #define SMK_LABELLEN 24
29 #define SMK_LONGLABEL 256
30
31 /*
32 * This is the repository for labels seen so that it is
33 * not necessary to keep allocating tiny chuncks of memory
34 * and so that they can be shared.
35 *
36 * Labels are never modified in place. Anytime a label
37 * is imported (e.g. xattrset on a file) the list is checked
38 * for it and it is added if it doesn't exist. The address
39 * is passed out in either case. Entries are added, but
40 * never deleted.
41 *
42 * Since labels are hanging around anyway it doesn't
43 * hurt to maintain a secid for those awkward situations
44 * where kernel components that ought to use LSM independent
45 * interfaces don't. The secid should go away when all of
46 * these components have been repaired.
47 *
48 * The cipso value associated with the label gets stored here, too.
49 *
50 * Keep the access rules for this subject label here so that
51 * the entire set of rules does not need to be examined every
52 * time.
53 */
54 struct smack_known {
55 struct list_head list;
56 struct hlist_node smk_hashed;
57 char *smk_known;
58 u32 smk_secid;
59 struct netlbl_lsm_secattr smk_netlabel; /* on wire labels */
60 struct list_head smk_rules; /* access rules */
61 struct mutex smk_rules_lock; /* lock for rules */
62 };
63
64 /*
65 * Maximum number of bytes for the levels in a CIPSO IP option.
66 * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is
67 * bigger than can be used, and 24 is the next lower multiple
68 * of 8, and there are too many issues if there isn't space set
69 * aside for the terminating null byte.
70 */
71 #define SMK_CIPSOLEN 24
72
73 struct superblock_smack {
74 char *smk_root;
75 char *smk_floor;
76 char *smk_hat;
77 char *smk_default;
78 int smk_initialized;
79 };
80
81 struct socket_smack {
82 struct smack_known *smk_out; /* outbound label */
83 char *smk_in; /* inbound label */
84 char *smk_packet; /* TCP peer label */
85 };
86
87 /*
88 * Inode smack data
89 */
90 struct inode_smack {
91 char *smk_inode; /* label of the fso */
92 struct smack_known *smk_task; /* label of the task */
93 struct smack_known *smk_mmap; /* label of the mmap domain */
94 struct mutex smk_lock; /* initialization lock */
95 int smk_flags; /* smack inode flags */
96 };
97
98 struct task_smack {
99 struct smack_known *smk_task; /* label for access control */
100 struct smack_known *smk_forked; /* label when forked */
101 struct list_head smk_rules; /* per task access rules */
102 struct mutex smk_rules_lock; /* lock for the rules */
103 };
104
105 #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */
106 #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */
107 #define SMK_INODE_CHANGED 0x04 /* smack was transmuted */
108
109 /*
110 * A label access rule.
111 */
112 struct smack_rule {
113 struct list_head list;
114 struct smack_known *smk_subject;
115 char *smk_object;
116 int smk_access;
117 };
118
119 /*
120 * An entry in the table identifying hosts.
121 */
122 struct smk_netlbladdr {
123 struct list_head list;
124 struct sockaddr_in smk_host; /* network address */
125 struct in_addr smk_mask; /* network mask */
126 char *smk_label; /* label */
127 };
128
129 /*
130 * An entry in the table identifying ports.
131 */
132 struct smk_port_label {
133 struct list_head list;
134 struct sock *smk_sock; /* socket initialized on */
135 unsigned short smk_port; /* the port number */
136 char *smk_in; /* incoming label */
137 struct smack_known *smk_out; /* outgoing label */
138 };
139
140 /*
141 * Mount options
142 */
143 #define SMK_FSDEFAULT "smackfsdef="
144 #define SMK_FSFLOOR "smackfsfloor="
145 #define SMK_FSHAT "smackfshat="
146 #define SMK_FSROOT "smackfsroot="
147 #define SMK_FSTRANS "smackfstransmute="
148
149 #define SMACK_CIPSO_OPTION "-CIPSO"
150
151 /*
152 * How communications on this socket are treated.
153 * Usually it's determined by the underlying netlabel code
154 * but there are certain cases, including single label hosts
155 * and potentially single label interfaces for which the
156 * treatment can not be known in advance.
157 *
158 * The possibility of additional labeling schemes being
159 * introduced in the future exists as well.
160 */
161 #define SMACK_UNLABELED_SOCKET 0
162 #define SMACK_CIPSO_SOCKET 1
163
164 /*
165 * CIPSO defaults.
166 */
167 #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */
168 #define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */
169 #define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */
170 #define SMACK_CIPSO_MAPPED_DEFAULT 251 /* Also arbitrary */
171 #define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */
172 /*
173 * CIPSO 2.2 standard is 239, but Smack wants to use the
174 * categories in a structured way that limits the value to
175 * the bits in 23 bytes, hence the unusual number.
176 */
177 #define SMACK_CIPSO_MAXCATNUM 184 /* 23 * 8 */
178
179 /*
180 * Flag for transmute access
181 */
182 #define MAY_TRANSMUTE 64
183 /*
184 * Just to make the common cases easier to deal with
185 */
186 #define MAY_ANYREAD (MAY_READ | MAY_EXEC)
187 #define MAY_READWRITE (MAY_READ | MAY_WRITE)
188 #define MAY_NOT 0
189
190 /*
191 * Number of access types used by Smack (rwxat)
192 */
193 #define SMK_NUM_ACCESS_TYPE 5
194
195 /* SMACK data */
196 struct smack_audit_data {
197 const char *function;
198 char *subject;
199 char *object;
200 char *request;
201 int result;
202 };
203
204 /*
205 * Smack audit data; is empty if CONFIG_AUDIT not set
206 * to save some stack
207 */
208 struct smk_audit_info {
209 #ifdef CONFIG_AUDIT
210 struct common_audit_data a;
211 struct smack_audit_data sad;
212 #endif
213 };
214 /*
215 * These functions are in smack_lsm.c
216 */
217 struct inode_smack *new_inode_smack(char *);
218
219 /*
220 * These functions are in smack_access.c
221 */
222 int smk_access_entry(char *, char *, struct list_head *);
223 int smk_access(struct smack_known *, char *, int, struct smk_audit_info *);
224 int smk_curacc(char *, u32, struct smk_audit_info *);
225 struct smack_known *smack_from_secid(const u32);
226 char *smk_parse_smack(const char *string, int len);
227 int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int);
228 char *smk_import(const char *, int);
229 struct smack_known *smk_import_entry(const char *, int);
230 void smk_insert_entry(struct smack_known *skp);
231 struct smack_known *smk_find_entry(const char *);
232 u32 smack_to_secid(const char *);
233
234 /*
235 * Shared data.
236 */
237 extern int smack_cipso_direct;
238 extern int smack_cipso_mapped;
239 extern struct smack_known *smack_net_ambient;
240 extern char *smack_onlycap;
241 extern const char *smack_cipso_option;
242
243 extern struct smack_known smack_known_floor;
244 extern struct smack_known smack_known_hat;
245 extern struct smack_known smack_known_huh;
246 extern struct smack_known smack_known_invalid;
247 extern struct smack_known smack_known_star;
248 extern struct smack_known smack_known_web;
249
250 extern struct mutex smack_known_lock;
251 extern struct list_head smack_known_list;
252 extern struct list_head smk_netlbladdr_list;
253
254 extern struct security_operations smack_ops;
255
256 #define SMACK_HASH_SLOTS 16
257 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
258
259 /*
260 * Is the directory transmuting?
261 */
262 static inline int smk_inode_transmutable(const struct inode *isp)
263 {
264 struct inode_smack *sip = isp->i_security;
265 return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
266 }
267
268 /*
269 * Present a pointer to the smack label in an inode blob.
270 */
271 static inline char *smk_of_inode(const struct inode *isp)
272 {
273 struct inode_smack *sip = isp->i_security;
274 return sip->smk_inode;
275 }
276
277 /*
278 * Present a pointer to the smack label entry in an task blob.
279 */
280 static inline struct smack_known *smk_of_task(const struct task_smack *tsp)
281 {
282 return tsp->smk_task;
283 }
284
285 /*
286 * Present a pointer to the forked smack label entry in an task blob.
287 */
288 static inline struct smack_known *smk_of_forked(const struct task_smack *tsp)
289 {
290 return tsp->smk_forked;
291 }
292
293 /*
294 * Present a pointer to the smack label in the current task blob.
295 */
296 static inline struct smack_known *smk_of_current(void)
297 {
298 return smk_of_task(current_security());
299 }
300
301 /*
302 * Is the task privileged and allowed to be privileged
303 * by the onlycap rule.
304 */
305 static inline int smack_privileged(int cap)
306 {
307 struct smack_known *skp = smk_of_current();
308
309 if (!capable(cap))
310 return 0;
311 if (smack_onlycap == NULL || smack_onlycap == skp->smk_known)
312 return 1;
313 return 0;
314 }
315
316 /*
317 * logging functions
318 */
319 #define SMACK_AUDIT_DENIED 0x1
320 #define SMACK_AUDIT_ACCEPT 0x2
321 extern int log_policy;
322
323 void smack_log(char *subject_label, char *object_label,
324 int request,
325 int result, struct smk_audit_info *auditdata);
326
327 #ifdef CONFIG_AUDIT
328
329 /*
330 * some inline functions to set up audit data
331 * they do nothing if CONFIG_AUDIT is not set
332 *
333 */
334 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
335 char type)
336 {
337 memset(&a->sad, 0, sizeof(a->sad));
338 a->a.type = type;
339 a->a.smack_audit_data = &a->sad;
340 a->a.smack_audit_data->function = func;
341 }
342
343 static inline void smk_ad_init_net(struct smk_audit_info *a, const char *func,
344 char type, struct lsm_network_audit *net)
345 {
346 smk_ad_init(a, func, type);
347 memset(net, 0, sizeof(*net));
348 a->a.u.net = net;
349 }
350
351 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
352 struct task_struct *t)
353 {
354 a->a.u.tsk = t;
355 }
356 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
357 struct dentry *d)
358 {
359 a->a.u.dentry = d;
360 }
361 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
362 struct inode *i)
363 {
364 a->a.u.inode = i;
365 }
366 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
367 struct path p)
368 {
369 a->a.u.path = p;
370 }
371 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
372 struct sock *sk)
373 {
374 a->a.u.net->sk = sk;
375 }
376
377 #else /* no AUDIT */
378
379 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
380 char type)
381 {
382 }
383 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
384 struct task_struct *t)
385 {
386 }
387 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
388 struct dentry *d)
389 {
390 }
391 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
392 struct vfsmount *m)
393 {
394 }
395 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
396 struct inode *i)
397 {
398 }
399 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
400 struct path p)
401 {
402 }
403 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
404 struct sock *sk)
405 {
406 }
407 #endif
408
409 #endif /* _SECURITY_SMACK_H */
Linux kernel - Deliverables
This page took 0.041635 seconds and 5 git commands to generate.