1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> |
4 | * |
5 | * Author: |
6 | * Casey Schaufler <casey@schaufler-ca.com> |
7 | */ |
8 | |
9 | #include <linux/types.h> |
10 | #include <linux/slab.h> |
11 | #include <linux/fs.h> |
12 | #include <linux/sched.h> |
13 | #include "smack.h" |
14 | |
15 | struct smack_known smack_known_huh = { |
16 | .smk_known = "?" , |
17 | .smk_secid = 2, |
18 | }; |
19 | |
20 | struct smack_known smack_known_hat = { |
21 | .smk_known = "^" , |
22 | .smk_secid = 3, |
23 | }; |
24 | |
25 | struct smack_known smack_known_star = { |
26 | .smk_known = "*" , |
27 | .smk_secid = 4, |
28 | }; |
29 | |
30 | struct smack_known smack_known_floor = { |
31 | .smk_known = "_" , |
32 | .smk_secid = 5, |
33 | }; |
34 | |
35 | struct smack_known smack_known_web = { |
36 | .smk_known = "@" , |
37 | .smk_secid = 7, |
38 | }; |
39 | |
40 | LIST_HEAD(smack_known_list); |
41 | |
42 | /* |
43 | * The initial value needs to be bigger than any of the |
44 | * known values above. |
45 | */ |
46 | static u32 smack_next_secid = 10; |
47 | |
48 | /* |
49 | * what events do we log |
50 | * can be overwritten at run-time by /smack/logging |
51 | */ |
52 | int log_policy = SMACK_AUDIT_DENIED; |
53 | |
54 | /** |
55 | * smk_access_entry - look up matching access rule |
56 | * @subject_label: a pointer to the subject's Smack label |
57 | * @object_label: a pointer to the object's Smack label |
58 | * @rule_list: the list of rules to search |
59 | * |
60 | * This function looks up the subject/object pair in the |
61 | * access rule list and returns the access mode. If no |
62 | * entry is found returns -ENOENT. |
63 | * |
64 | * NOTE: |
65 | * |
66 | * Earlier versions of this function allowed for labels that |
67 | * were not on the label list. This was done to allow for |
68 | * labels to come over the network that had never been seen |
69 | * before on this host. Unless the receiving socket has the |
70 | * star label this will always result in a failure check. The |
71 | * star labeled socket case is now handled in the networking |
72 | * hooks so there is no case where the label is not on the |
73 | * label list. Checking to see if the address of two labels |
74 | * is the same is now a reliable test. |
75 | * |
76 | * Do the object check first because that is more |
77 | * likely to differ. |
78 | * |
79 | * Allowing write access implies allowing locking. |
80 | */ |
81 | int smk_access_entry(char *subject_label, char *object_label, |
82 | struct list_head *rule_list) |
83 | { |
84 | struct smack_rule *srp; |
85 | |
86 | list_for_each_entry_rcu(srp, rule_list, list) { |
87 | if (srp->smk_object->smk_known == object_label && |
88 | srp->smk_subject->smk_known == subject_label) { |
89 | int may = srp->smk_access; |
90 | /* |
91 | * MAY_WRITE implies MAY_LOCK. |
92 | */ |
93 | if ((may & MAY_WRITE) == MAY_WRITE) |
94 | may |= MAY_LOCK; |
95 | return may; |
96 | } |
97 | } |
98 | |
99 | return -ENOENT; |
100 | } |
101 | |
102 | /** |
103 | * smk_access - determine if a subject has a specific access to an object |
104 | * @subject: a pointer to the subject's Smack label entry |
105 | * @object: a pointer to the object's Smack label entry |
106 | * @request: the access requested, in "MAY" format |
107 | * @a : a pointer to the audit data |
108 | * |
109 | * This function looks up the subject/object pair in the |
110 | * access rule list and returns 0 if the access is permitted, |
111 | * non zero otherwise. |
112 | * |
113 | * Smack labels are shared on smack_list |
114 | */ |
115 | int smk_access(struct smack_known *subject, struct smack_known *object, |
116 | int request, struct smk_audit_info *a) |
117 | { |
118 | int may = MAY_NOT; |
119 | int rc = 0; |
120 | |
121 | /* |
122 | * Hardcoded comparisons. |
123 | */ |
124 | /* |
125 | * A star subject can't access any object. |
126 | */ |
127 | if (subject == &smack_known_star) { |
128 | rc = -EACCES; |
129 | goto out_audit; |
130 | } |
131 | /* |
132 | * An internet object can be accessed by any subject. |
133 | * Tasks cannot be assigned the internet label. |
134 | * An internet subject can access any object. |
135 | */ |
136 | if (object == &smack_known_web || subject == &smack_known_web) |
137 | goto out_audit; |
138 | /* |
139 | * A star object can be accessed by any subject. |
140 | */ |
141 | if (object == &smack_known_star) |
142 | goto out_audit; |
143 | /* |
144 | * An object can be accessed in any way by a subject |
145 | * with the same label. |
146 | */ |
147 | if (subject->smk_known == object->smk_known) |
148 | goto out_audit; |
149 | /* |
150 | * A hat subject can read or lock any object. |
151 | * A floor object can be read or locked by any subject. |
152 | */ |
153 | if ((request & MAY_ANYREAD) == request || |
154 | (request & MAY_LOCK) == request) { |
155 | if (object == &smack_known_floor) |
156 | goto out_audit; |
157 | if (subject == &smack_known_hat) |
158 | goto out_audit; |
159 | } |
160 | /* |
161 | * Beyond here an explicit relationship is required. |
162 | * If the requested access is contained in the available |
163 | * access (e.g. read is included in readwrite) it's |
164 | * good. A negative response from smk_access_entry() |
165 | * indicates there is no entry for this pair. |
166 | */ |
167 | rcu_read_lock(); |
168 | may = smk_access_entry(subject_label: subject->smk_known, object_label: object->smk_known, |
169 | rule_list: &subject->smk_rules); |
170 | rcu_read_unlock(); |
171 | |
172 | if (may <= 0 || (request & may) != request) { |
173 | rc = -EACCES; |
174 | goto out_audit; |
175 | } |
176 | #ifdef CONFIG_SECURITY_SMACK_BRINGUP |
177 | /* |
178 | * Return a positive value if using bringup mode. |
179 | * This allows the hooks to identify checks that |
180 | * succeed because of "b" rules. |
181 | */ |
182 | if (may & MAY_BRINGUP) |
183 | rc = SMACK_BRINGUP_ALLOW; |
184 | #endif |
185 | |
186 | out_audit: |
187 | |
188 | #ifdef CONFIG_SECURITY_SMACK_BRINGUP |
189 | if (rc < 0) { |
190 | if (object == smack_unconfined) |
191 | rc = SMACK_UNCONFINED_OBJECT; |
192 | if (subject == smack_unconfined) |
193 | rc = SMACK_UNCONFINED_SUBJECT; |
194 | } |
195 | #endif |
196 | |
197 | #ifdef CONFIG_AUDIT |
198 | if (a) |
199 | smack_log(subject_label: subject->smk_known, object_label: object->smk_known, |
200 | request, result: rc, auditdata: a); |
201 | #endif |
202 | |
203 | return rc; |
204 | } |
205 | |
206 | /** |
207 | * smk_tskacc - determine if a task has a specific access to an object |
208 | * @tsp: a pointer to the subject's task |
209 | * @obj_known: a pointer to the object's label entry |
210 | * @mode: the access requested, in "MAY" format |
211 | * @a : common audit data |
212 | * |
213 | * This function checks the subject task's label/object label pair |
214 | * in the access rule list and returns 0 if the access is permitted, |
215 | * non zero otherwise. It allows that the task may have the capability |
216 | * to override the rules. |
217 | */ |
218 | int smk_tskacc(struct task_smack *tsp, struct smack_known *obj_known, |
219 | u32 mode, struct smk_audit_info *a) |
220 | { |
221 | struct smack_known *sbj_known = smk_of_task(tsp); |
222 | int may; |
223 | int rc; |
224 | |
225 | /* |
226 | * Check the global rule list |
227 | */ |
228 | rc = smk_access(subject: sbj_known, object: obj_known, request: mode, NULL); |
229 | if (rc >= 0) { |
230 | /* |
231 | * If there is an entry in the task's rule list |
232 | * it can further restrict access. |
233 | */ |
234 | may = smk_access_entry(subject_label: sbj_known->smk_known, |
235 | object_label: obj_known->smk_known, |
236 | rule_list: &tsp->smk_rules); |
237 | if (may < 0) |
238 | goto out_audit; |
239 | if ((mode & may) == mode) |
240 | goto out_audit; |
241 | rc = -EACCES; |
242 | } |
243 | |
244 | /* |
245 | * Allow for priviliged to override policy. |
246 | */ |
247 | if (rc != 0 && smack_privileged(CAP_MAC_OVERRIDE)) |
248 | rc = 0; |
249 | |
250 | out_audit: |
251 | #ifdef CONFIG_AUDIT |
252 | if (a) |
253 | smack_log(subject_label: sbj_known->smk_known, object_label: obj_known->smk_known, |
254 | request: mode, result: rc, auditdata: a); |
255 | #endif |
256 | return rc; |
257 | } |
258 | |
259 | /** |
260 | * smk_curacc - determine if current has a specific access to an object |
261 | * @obj_known: a pointer to the object's Smack label entry |
262 | * @mode: the access requested, in "MAY" format |
263 | * @a : common audit data |
264 | * |
265 | * This function checks the current subject label/object label pair |
266 | * in the access rule list and returns 0 if the access is permitted, |
267 | * non zero otherwise. It allows that current may have the capability |
268 | * to override the rules. |
269 | */ |
270 | int smk_curacc(struct smack_known *obj_known, |
271 | u32 mode, struct smk_audit_info *a) |
272 | { |
273 | struct task_smack *tsp = smack_cred(current_cred()); |
274 | |
275 | return smk_tskacc(tsp, obj_known, mode, a); |
276 | } |
277 | |
278 | #ifdef CONFIG_AUDIT |
279 | /** |
280 | * smack_str_from_perm : helper to transalate an int to a |
281 | * readable string |
282 | * @string : the string to fill |
283 | * @access : the int |
284 | * |
285 | */ |
286 | static inline void smack_str_from_perm(char *string, int access) |
287 | { |
288 | int i = 0; |
289 | |
290 | if (access & MAY_READ) |
291 | string[i++] = 'r'; |
292 | if (access & MAY_WRITE) |
293 | string[i++] = 'w'; |
294 | if (access & MAY_EXEC) |
295 | string[i++] = 'x'; |
296 | if (access & MAY_APPEND) |
297 | string[i++] = 'a'; |
298 | if (access & MAY_TRANSMUTE) |
299 | string[i++] = 't'; |
300 | if (access & MAY_LOCK) |
301 | string[i++] = 'l'; |
302 | string[i] = '\0'; |
303 | } |
304 | /** |
305 | * smack_log_callback - SMACK specific information |
306 | * will be called by generic audit code |
307 | * @ab : the audit_buffer |
308 | * @a : audit_data |
309 | * |
310 | */ |
311 | static void smack_log_callback(struct audit_buffer *ab, void *a) |
312 | { |
313 | struct common_audit_data *ad = a; |
314 | struct smack_audit_data *sad = ad->smack_audit_data; |
315 | audit_log_format(ab, fmt: "lsm=SMACK fn=%s action=%s" , |
316 | ad->smack_audit_data->function, |
317 | sad->result ? "denied" : "granted" ); |
318 | audit_log_format(ab, fmt: " subject=" ); |
319 | audit_log_untrustedstring(ab, string: sad->subject); |
320 | audit_log_format(ab, fmt: " object=" ); |
321 | audit_log_untrustedstring(ab, string: sad->object); |
322 | if (sad->request[0] == '\0') |
323 | audit_log_format(ab, fmt: " labels_differ" ); |
324 | else |
325 | audit_log_format(ab, fmt: " requested=%s" , sad->request); |
326 | } |
327 | |
328 | /** |
329 | * smack_log - Audit the granting or denial of permissions. |
330 | * @subject_label : smack label of the requester |
331 | * @object_label : smack label of the object being accessed |
332 | * @request: requested permissions |
333 | * @result: result from smk_access |
334 | * @ad: auxiliary audit data |
335 | * |
336 | * Audit the granting or denial of permissions in accordance |
337 | * with the policy. |
338 | */ |
339 | void smack_log(char *subject_label, char *object_label, int request, |
340 | int result, struct smk_audit_info *ad) |
341 | { |
342 | #ifdef CONFIG_SECURITY_SMACK_BRINGUP |
343 | char request_buffer[SMK_NUM_ACCESS_TYPE + 5]; |
344 | #else |
345 | char request_buffer[SMK_NUM_ACCESS_TYPE + 1]; |
346 | #endif |
347 | struct smack_audit_data *sad; |
348 | struct common_audit_data *a = &ad->a; |
349 | |
350 | /* check if we have to log the current event */ |
351 | if (result < 0 && (log_policy & SMACK_AUDIT_DENIED) == 0) |
352 | return; |
353 | if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0) |
354 | return; |
355 | |
356 | sad = a->smack_audit_data; |
357 | |
358 | if (sad->function == NULL) |
359 | sad->function = "unknown" ; |
360 | |
361 | /* end preparing the audit data */ |
362 | smack_str_from_perm(string: request_buffer, access: request); |
363 | sad->subject = subject_label; |
364 | sad->object = object_label; |
365 | #ifdef CONFIG_SECURITY_SMACK_BRINGUP |
366 | /* |
367 | * The result may be positive in bringup mode. |
368 | * A positive result is an allow, but not for normal reasons. |
369 | * Mark it as successful, but don't filter it out even if |
370 | * the logging policy says to do so. |
371 | */ |
372 | if (result == SMACK_UNCONFINED_SUBJECT) |
373 | strcat(p: request_buffer, q: "(US)" ); |
374 | else if (result == SMACK_UNCONFINED_OBJECT) |
375 | strcat(p: request_buffer, q: "(UO)" ); |
376 | |
377 | if (result > 0) |
378 | result = 0; |
379 | #endif |
380 | sad->request = request_buffer; |
381 | sad->result = result; |
382 | |
383 | common_lsm_audit(a, pre_audit: smack_log_callback, NULL); |
384 | } |
385 | #else /* #ifdef CONFIG_AUDIT */ |
386 | void smack_log(char *subject_label, char *object_label, int request, |
387 | int result, struct smk_audit_info *ad) |
388 | { |
389 | } |
390 | #endif |
391 | |
392 | DEFINE_MUTEX(smack_known_lock); |
393 | |
394 | struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; |
395 | |
396 | /** |
397 | * smk_insert_entry - insert a smack label into a hash map, |
398 | * @skp: smack label |
399 | * |
400 | * this function must be called under smack_known_lock |
401 | */ |
402 | void smk_insert_entry(struct smack_known *skp) |
403 | { |
404 | unsigned int hash; |
405 | struct hlist_head *head; |
406 | |
407 | hash = full_name_hash(NULL, skp->smk_known, strlen(skp->smk_known)); |
408 | head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)]; |
409 | |
410 | hlist_add_head_rcu(n: &skp->smk_hashed, h: head); |
411 | list_add_rcu(new: &skp->list, head: &smack_known_list); |
412 | } |
413 | |
414 | /** |
415 | * smk_find_entry - find a label on the list, return the list entry |
416 | * @string: a text string that might be a Smack label |
417 | * |
418 | * Returns a pointer to the entry in the label list that |
419 | * matches the passed string or NULL if not found. |
420 | */ |
421 | struct smack_known *smk_find_entry(const char *string) |
422 | { |
423 | unsigned int hash; |
424 | struct hlist_head *head; |
425 | struct smack_known *skp; |
426 | |
427 | hash = full_name_hash(NULL, string, strlen(string)); |
428 | head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)]; |
429 | |
430 | hlist_for_each_entry_rcu(skp, head, smk_hashed) |
431 | if (strcmp(skp->smk_known, string) == 0) |
432 | return skp; |
433 | |
434 | return NULL; |
435 | } |
436 | |
437 | /** |
438 | * smk_parse_smack - parse smack label from a text string |
439 | * @string: a text string that might contain a Smack label |
440 | * @len: the maximum size, or zero if it is NULL terminated. |
441 | * |
442 | * Returns a pointer to the clean label or an error code. |
443 | */ |
444 | char *smk_parse_smack(const char *string, int len) |
445 | { |
446 | char *smack; |
447 | int i; |
448 | |
449 | if (len <= 0) |
450 | len = strlen(string) + 1; |
451 | |
452 | /* |
453 | * Reserve a leading '-' as an indicator that |
454 | * this isn't a label, but an option to interfaces |
455 | * including /smack/cipso and /smack/cipso2 |
456 | */ |
457 | if (string[0] == '-') |
458 | return ERR_PTR(error: -EINVAL); |
459 | |
460 | for (i = 0; i < len; i++) |
461 | if (string[i] > '~' || string[i] <= ' ' || string[i] == '/' || |
462 | string[i] == '"' || string[i] == '\\' || string[i] == '\'') |
463 | break; |
464 | |
465 | if (i == 0 || i >= SMK_LONGLABEL) |
466 | return ERR_PTR(error: -EINVAL); |
467 | |
468 | smack = kstrndup(s: string, len: i, GFP_NOFS); |
469 | if (!smack) |
470 | return ERR_PTR(error: -ENOMEM); |
471 | return smack; |
472 | } |
473 | |
474 | /** |
475 | * smk_netlbl_mls - convert a catset to netlabel mls categories |
476 | * @level: MLS sensitivity level |
477 | * @catset: the Smack categories |
478 | * @sap: where to put the netlabel categories |
479 | * @len: number of bytes for the levels in a CIPSO IP option |
480 | * |
481 | * Allocates and fills attr.mls |
482 | * Returns 0 on success, error code on failure. |
483 | */ |
484 | int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap, |
485 | int len) |
486 | { |
487 | unsigned char *cp; |
488 | unsigned char m; |
489 | int cat; |
490 | int rc; |
491 | int byte; |
492 | |
493 | sap->flags |= NETLBL_SECATTR_MLS_CAT; |
494 | sap->attr.mls.lvl = level; |
495 | sap->attr.mls.cat = NULL; |
496 | |
497 | for (cat = 1, cp = catset, byte = 0; byte < len; cp++, byte++) |
498 | for (m = 0x80; m != 0; m >>= 1, cat++) { |
499 | if ((m & *cp) == 0) |
500 | continue; |
501 | rc = netlbl_catmap_setbit(catmap: &sap->attr.mls.cat, |
502 | bit: cat, GFP_NOFS); |
503 | if (rc < 0) { |
504 | netlbl_catmap_free(catmap: sap->attr.mls.cat); |
505 | return rc; |
506 | } |
507 | } |
508 | |
509 | return 0; |
510 | } |
511 | |
512 | /** |
513 | * smack_populate_secattr - fill in the smack_known netlabel information |
514 | * @skp: pointer to the structure to fill |
515 | * |
516 | * Populate the netlabel secattr structure for a Smack label. |
517 | * |
518 | * Returns 0 unless creating the category mapping fails |
519 | */ |
520 | int smack_populate_secattr(struct smack_known *skp) |
521 | { |
522 | int slen; |
523 | |
524 | skp->smk_netlabel.attr.secid = skp->smk_secid; |
525 | skp->smk_netlabel.domain = skp->smk_known; |
526 | skp->smk_netlabel.cache = netlbl_secattr_cache_alloc(GFP_ATOMIC); |
527 | if (skp->smk_netlabel.cache != NULL) { |
528 | skp->smk_netlabel.flags |= NETLBL_SECATTR_CACHE; |
529 | skp->smk_netlabel.cache->free = NULL; |
530 | skp->smk_netlabel.cache->data = skp; |
531 | } |
532 | skp->smk_netlabel.flags |= NETLBL_SECATTR_SECID | |
533 | NETLBL_SECATTR_MLS_LVL | |
534 | NETLBL_SECATTR_DOMAIN; |
535 | /* |
536 | * If direct labeling works use it. |
537 | * Otherwise use mapped labeling. |
538 | */ |
539 | slen = strlen(skp->smk_known); |
540 | if (slen < SMK_CIPSOLEN) |
541 | return smk_netlbl_mls(level: smack_cipso_direct, catset: skp->smk_known, |
542 | sap: &skp->smk_netlabel, len: slen); |
543 | |
544 | return smk_netlbl_mls(level: smack_cipso_mapped, catset: (char *)&skp->smk_secid, |
545 | sap: &skp->smk_netlabel, len: sizeof(skp->smk_secid)); |
546 | } |
547 | |
548 | /** |
549 | * smk_import_entry - import a label, return the list entry |
550 | * @string: a text string that might be a Smack label |
551 | * @len: the maximum size, or zero if it is NULL terminated. |
552 | * |
553 | * Returns a pointer to the entry in the label list that |
554 | * matches the passed string, adding it if necessary, |
555 | * or an error code. |
556 | */ |
557 | struct smack_known *smk_import_entry(const char *string, int len) |
558 | { |
559 | struct smack_known *skp; |
560 | char *smack; |
561 | int rc; |
562 | |
563 | smack = smk_parse_smack(string, len); |
564 | if (IS_ERR(ptr: smack)) |
565 | return ERR_CAST(ptr: smack); |
566 | |
567 | mutex_lock(&smack_known_lock); |
568 | |
569 | skp = smk_find_entry(string: smack); |
570 | if (skp != NULL) |
571 | goto freeout; |
572 | |
573 | skp = kzalloc(size: sizeof(*skp), GFP_NOFS); |
574 | if (skp == NULL) { |
575 | skp = ERR_PTR(error: -ENOMEM); |
576 | goto freeout; |
577 | } |
578 | |
579 | skp->smk_known = smack; |
580 | skp->smk_secid = smack_next_secid++; |
581 | |
582 | rc = smack_populate_secattr(skp); |
583 | if (rc >= 0) { |
584 | INIT_LIST_HEAD(list: &skp->smk_rules); |
585 | mutex_init(&skp->smk_rules_lock); |
586 | /* |
587 | * Make sure that the entry is actually |
588 | * filled before putting it on the list. |
589 | */ |
590 | smk_insert_entry(skp); |
591 | goto unlockout; |
592 | } |
593 | kfree(objp: skp); |
594 | skp = ERR_PTR(error: rc); |
595 | freeout: |
596 | kfree(objp: smack); |
597 | unlockout: |
598 | mutex_unlock(lock: &smack_known_lock); |
599 | |
600 | return skp; |
601 | } |
602 | |
603 | /** |
604 | * smack_from_secid - find the Smack label associated with a secid |
605 | * @secid: an integer that might be associated with a Smack label |
606 | * |
607 | * Returns a pointer to the appropriate Smack label entry if there is one, |
608 | * otherwise a pointer to the invalid Smack label. |
609 | */ |
610 | struct smack_known *smack_from_secid(const u32 secid) |
611 | { |
612 | struct smack_known *skp; |
613 | |
614 | rcu_read_lock(); |
615 | list_for_each_entry_rcu(skp, &smack_known_list, list) { |
616 | if (skp->smk_secid == secid) { |
617 | rcu_read_unlock(); |
618 | return skp; |
619 | } |
620 | } |
621 | |
622 | /* |
623 | * If we got this far someone asked for the translation |
624 | * of a secid that is not on the list. |
625 | */ |
626 | rcu_read_unlock(); |
627 | return &smack_known_huh; |
628 | } |
629 | |
630 | /* |
631 | * Unless a process is running with one of these labels |
632 | * even having CAP_MAC_OVERRIDE isn't enough to grant |
633 | * privilege to violate MAC policy. If no labels are |
634 | * designated (the empty list case) capabilities apply to |
635 | * everyone. |
636 | */ |
637 | LIST_HEAD(smack_onlycap_list); |
638 | DEFINE_MUTEX(smack_onlycap_lock); |
639 | |
640 | /** |
641 | * smack_privileged_cred - are all privilege requirements met by cred |
642 | * @cap: The requested capability |
643 | * @cred: the credential to use |
644 | * |
645 | * Is the task privileged and allowed to be privileged |
646 | * by the onlycap rule. |
647 | * |
648 | * Returns true if the task is allowed to be privileged, false if it's not. |
649 | */ |
650 | bool smack_privileged_cred(int cap, const struct cred *cred) |
651 | { |
652 | struct task_smack *tsp = smack_cred(cred); |
653 | struct smack_known *skp = tsp->smk_task; |
654 | struct smack_known_list_elem *sklep; |
655 | int rc; |
656 | |
657 | rc = cap_capable(cred, ns: &init_user_ns, cap, CAP_OPT_NONE); |
658 | if (rc) |
659 | return false; |
660 | |
661 | rcu_read_lock(); |
662 | if (list_empty(head: &smack_onlycap_list)) { |
663 | rcu_read_unlock(); |
664 | return true; |
665 | } |
666 | |
667 | list_for_each_entry_rcu(sklep, &smack_onlycap_list, list) { |
668 | if (sklep->smk_label == skp) { |
669 | rcu_read_unlock(); |
670 | return true; |
671 | } |
672 | } |
673 | rcu_read_unlock(); |
674 | |
675 | return false; |
676 | } |
677 | |
678 | /** |
679 | * smack_privileged - are all privilege requirements met |
680 | * @cap: The requested capability |
681 | * |
682 | * Is the task privileged and allowed to be privileged |
683 | * by the onlycap rule. |
684 | * |
685 | * Returns true if the task is allowed to be privileged, false if it's not. |
686 | */ |
687 | bool smack_privileged(int cap) |
688 | { |
689 | /* |
690 | * All kernel tasks are privileged |
691 | */ |
692 | if (unlikely(current->flags & PF_KTHREAD)) |
693 | return true; |
694 | |
695 | return smack_privileged_cred(cap, current_cred()); |
696 | } |
697 | |