~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/smack/smack_lsm.c

Version: ~ [ linux-4.20-rc6 ] ~ [ linux-4.19.8 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.87 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.144 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.166 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.128 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.61 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.31.14 ] ~ [ linux-2.6.30.10 ] ~ [ linux-2.6.29.6 ] ~ [ linux-2.6.28.10 ] ~ [ linux-2.6.27.62 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *  Simplified MAC Kernel (smack) security module
  3  *
  4  *  This file contains the smack hook function implementations.
  5  *
  6  *  Authors:
  7  *      Casey Schaufler <casey@schaufler-ca.com>
  8  *      Jarkko Sakkinen <jarkko.sakkinen@intel.com>
  9  *
 10  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
 11  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
 12  *                Paul Moore <paul@paul-moore.com>
 13  *  Copyright (C) 2010 Nokia Corporation
 14  *  Copyright (C) 2011 Intel Corporation.
 15  *
 16  *      This program is free software; you can redistribute it and/or modify
 17  *      it under the terms of the GNU General Public License version 2,
 18  *      as published by the Free Software Foundation.
 19  */
 20 
 21 #include <linux/xattr.h>
 22 #include <linux/pagemap.h>
 23 #include <linux/mount.h>
 24 #include <linux/stat.h>
 25 #include <linux/kd.h>
 26 #include <asm/ioctls.h>
 27 #include <linux/ip.h>
 28 #include <linux/tcp.h>
 29 #include <linux/udp.h>
 30 #include <linux/dccp.h>
 31 #include <linux/icmpv6.h>
 32 #include <linux/slab.h>
 33 #include <linux/mutex.h>
 34 #include <linux/pipe_fs_i.h>
 35 #include <net/cipso_ipv4.h>
 36 #include <net/ip.h>
 37 #include <net/ipv6.h>
 38 #include <linux/audit.h>
 39 #include <linux/magic.h>
 40 #include <linux/dcache.h>
 41 #include <linux/personality.h>
 42 #include <linux/msg.h>
 43 #include <linux/shm.h>
 44 #include <linux/binfmts.h>
 45 #include <linux/parser.h>
 46 #include "smack.h"
 47 
 48 #define TRANS_TRUE      "TRUE"
 49 #define TRANS_TRUE_SIZE 4
 50 
 51 #define SMK_CONNECTING  0
 52 #define SMK_RECEIVING   1
 53 #define SMK_SENDING     2
 54 
 55 #ifdef SMACK_IPV6_PORT_LABELING
 56 DEFINE_MUTEX(smack_ipv6_lock);
 57 static LIST_HEAD(smk_ipv6_port_list);
 58 #endif
 59 static struct kmem_cache *smack_inode_cache;
 60 int smack_enabled;
 61 
 62 static const match_table_t smk_mount_tokens = {
 63         {Opt_fsdefault, SMK_FSDEFAULT "%s"},
 64         {Opt_fsfloor, SMK_FSFLOOR "%s"},
 65         {Opt_fshat, SMK_FSHAT "%s"},
 66         {Opt_fsroot, SMK_FSROOT "%s"},
 67         {Opt_fstransmute, SMK_FSTRANS "%s"},
 68         {Opt_error, NULL},
 69 };
 70 
 71 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 72 static char *smk_bu_mess[] = {
 73         "Bringup Error",        /* Unused */
 74         "Bringup",              /* SMACK_BRINGUP_ALLOW */
 75         "Unconfined Subject",   /* SMACK_UNCONFINED_SUBJECT */
 76         "Unconfined Object",    /* SMACK_UNCONFINED_OBJECT */
 77 };
 78 
 79 static void smk_bu_mode(int mode, char *s)
 80 {
 81         int i = 0;
 82 
 83         if (mode & MAY_READ)
 84                 s[i++] = 'r';
 85         if (mode & MAY_WRITE)
 86                 s[i++] = 'w';
 87         if (mode & MAY_EXEC)
 88                 s[i++] = 'x';
 89         if (mode & MAY_APPEND)
 90                 s[i++] = 'a';
 91         if (mode & MAY_TRANSMUTE)
 92                 s[i++] = 't';
 93         if (mode & MAY_LOCK)
 94                 s[i++] = 'l';
 95         if (i == 0)
 96                 s[i++] = '-';
 97         s[i] = '\0';
 98 }
 99 #endif
100 
101 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
102 static int smk_bu_note(char *note, struct smack_known *sskp,
103                        struct smack_known *oskp, int mode, int rc)
104 {
105         char acc[SMK_NUM_ACCESS_TYPE + 1];
106 
107         if (rc <= 0)
108                 return rc;
109         if (rc > SMACK_UNCONFINED_OBJECT)
110                 rc = 0;
111 
112         smk_bu_mode(mode, acc);
113         pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
114                 sskp->smk_known, oskp->smk_known, acc, note);
115         return 0;
116 }
117 #else
118 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
119 #endif
120 
121 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
122 static int smk_bu_current(char *note, struct smack_known *oskp,
123                           int mode, int rc)
124 {
125         struct task_smack *tsp = current_security();
126         char acc[SMK_NUM_ACCESS_TYPE + 1];
127 
128         if (rc <= 0)
129                 return rc;
130         if (rc > SMACK_UNCONFINED_OBJECT)
131                 rc = 0;
132 
133         smk_bu_mode(mode, acc);
134         pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
135                 tsp->smk_task->smk_known, oskp->smk_known,
136                 acc, current->comm, note);
137         return 0;
138 }
139 #else
140 #define smk_bu_current(note, oskp, mode, RC) (RC)
141 #endif
142 
143 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
144 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
145 {
146         struct task_smack *tsp = current_security();
147         struct smack_known *smk_task = smk_of_task_struct(otp);
148         char acc[SMK_NUM_ACCESS_TYPE + 1];
149 
150         if (rc <= 0)
151                 return rc;
152         if (rc > SMACK_UNCONFINED_OBJECT)
153                 rc = 0;
154 
155         smk_bu_mode(mode, acc);
156         pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
157                 tsp->smk_task->smk_known, smk_task->smk_known, acc,
158                 current->comm, otp->comm);
159         return 0;
160 }
161 #else
162 #define smk_bu_task(otp, mode, RC) (RC)
163 #endif
164 
165 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
166 static int smk_bu_inode(struct inode *inode, int mode, int rc)
167 {
168         struct task_smack *tsp = current_security();
169         struct inode_smack *isp = inode->i_security;
170         char acc[SMK_NUM_ACCESS_TYPE + 1];
171 
172         if (isp->smk_flags & SMK_INODE_IMPURE)
173                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
174                         inode->i_sb->s_id, inode->i_ino, current->comm);
175 
176         if (rc <= 0)
177                 return rc;
178         if (rc > SMACK_UNCONFINED_OBJECT)
179                 rc = 0;
180         if (rc == SMACK_UNCONFINED_SUBJECT &&
181             (mode & (MAY_WRITE | MAY_APPEND)))
182                 isp->smk_flags |= SMK_INODE_IMPURE;
183 
184         smk_bu_mode(mode, acc);
185 
186         pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
187                 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
188                 inode->i_sb->s_id, inode->i_ino, current->comm);
189         return 0;
190 }
191 #else
192 #define smk_bu_inode(inode, mode, RC) (RC)
193 #endif
194 
195 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
196 static int smk_bu_file(struct file *file, int mode, int rc)
197 {
198         struct task_smack *tsp = current_security();
199         struct smack_known *sskp = tsp->smk_task;
200         struct inode *inode = file_inode(file);
201         struct inode_smack *isp = inode->i_security;
202         char acc[SMK_NUM_ACCESS_TYPE + 1];
203 
204         if (isp->smk_flags & SMK_INODE_IMPURE)
205                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
206                         inode->i_sb->s_id, inode->i_ino, current->comm);
207 
208         if (rc <= 0)
209                 return rc;
210         if (rc > SMACK_UNCONFINED_OBJECT)
211                 rc = 0;
212 
213         smk_bu_mode(mode, acc);
214         pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
215                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
216                 inode->i_sb->s_id, inode->i_ino, file,
217                 current->comm);
218         return 0;
219 }
220 #else
221 #define smk_bu_file(file, mode, RC) (RC)
222 #endif
223 
224 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
225 static int smk_bu_credfile(const struct cred *cred, struct file *file,
226                                 int mode, int rc)
227 {
228         struct task_smack *tsp = cred->security;
229         struct smack_known *sskp = tsp->smk_task;
230         struct inode *inode = file_inode(file);
231         struct inode_smack *isp = inode->i_security;
232         char acc[SMK_NUM_ACCESS_TYPE + 1];
233 
234         if (isp->smk_flags & SMK_INODE_IMPURE)
235                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
236                         inode->i_sb->s_id, inode->i_ino, current->comm);
237 
238         if (rc <= 0)
239                 return rc;
240         if (rc > SMACK_UNCONFINED_OBJECT)
241                 rc = 0;
242 
243         smk_bu_mode(mode, acc);
244         pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
245                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
246                 inode->i_sb->s_id, inode->i_ino, file,
247                 current->comm);
248         return 0;
249 }
250 #else
251 #define smk_bu_credfile(cred, file, mode, RC) (RC)
252 #endif
253 
254 /**
255  * smk_fetch - Fetch the smack label from a file.
256  * @name: type of the label (attribute)
257  * @ip: a pointer to the inode
258  * @dp: a pointer to the dentry
259  *
260  * Returns a pointer to the master list entry for the Smack label,
261  * NULL if there was no label to fetch, or an error code.
262  */
263 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
264                                         struct dentry *dp)
265 {
266         int rc;
267         char *buffer;
268         struct smack_known *skp = NULL;
269 
270         if (!(ip->i_opflags & IOP_XATTR))
271                 return ERR_PTR(-EOPNOTSUPP);
272 
273         buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
274         if (buffer == NULL)
275                 return ERR_PTR(-ENOMEM);
276 
277         rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
278         if (rc < 0)
279                 skp = ERR_PTR(rc);
280         else if (rc == 0)
281                 skp = NULL;
282         else
283                 skp = smk_import_entry(buffer, rc);
284 
285         kfree(buffer);
286 
287         return skp;
288 }
289 
290 /**
291  * new_inode_smack - allocate an inode security blob
292  * @skp: a pointer to the Smack label entry to use in the blob
293  *
294  * Returns the new blob or NULL if there's no memory available
295  */
296 static struct inode_smack *new_inode_smack(struct smack_known *skp)
297 {
298         struct inode_smack *isp;
299 
300         isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
301         if (isp == NULL)
302                 return NULL;
303 
304         isp->smk_inode = skp;
305         isp->smk_flags = 0;
306         mutex_init(&isp->smk_lock);
307 
308         return isp;
309 }
310 
311 /**
312  * new_task_smack - allocate a task security blob
313  * @task: a pointer to the Smack label for the running task
314  * @forked: a pointer to the Smack label for the forked task
315  * @gfp: type of the memory for the allocation
316  *
317  * Returns the new blob or NULL if there's no memory available
318  */
319 static struct task_smack *new_task_smack(struct smack_known *task,
320                                         struct smack_known *forked, gfp_t gfp)
321 {
322         struct task_smack *tsp;
323 
324         tsp = kzalloc(sizeof(struct task_smack), gfp);
325         if (tsp == NULL)
326                 return NULL;
327 
328         tsp->smk_task = task;
329         tsp->smk_forked = forked;
330         INIT_LIST_HEAD(&tsp->smk_rules);
331         INIT_LIST_HEAD(&tsp->smk_relabel);
332         mutex_init(&tsp->smk_rules_lock);
333 
334         return tsp;
335 }
336 
337 /**
338  * smk_copy_rules - copy a rule set
339  * @nhead: new rules header pointer
340  * @ohead: old rules header pointer
341  * @gfp: type of the memory for the allocation
342  *
343  * Returns 0 on success, -ENOMEM on error
344  */
345 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
346                                 gfp_t gfp)
347 {
348         struct smack_rule *nrp;
349         struct smack_rule *orp;
350         int rc = 0;
351 
352         list_for_each_entry_rcu(orp, ohead, list) {
353                 nrp = kzalloc(sizeof(struct smack_rule), gfp);
354                 if (nrp == NULL) {
355                         rc = -ENOMEM;
356                         break;
357                 }
358                 *nrp = *orp;
359                 list_add_rcu(&nrp->list, nhead);
360         }
361         return rc;
362 }
363 
364 /**
365  * smk_copy_relabel - copy smk_relabel labels list
366  * @nhead: new rules header pointer
367  * @ohead: old rules header pointer
368  * @gfp: type of the memory for the allocation
369  *
370  * Returns 0 on success, -ENOMEM on error
371  */
372 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
373                                 gfp_t gfp)
374 {
375         struct smack_known_list_elem *nklep;
376         struct smack_known_list_elem *oklep;
377 
378         list_for_each_entry(oklep, ohead, list) {
379                 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
380                 if (nklep == NULL) {
381                         smk_destroy_label_list(nhead);
382                         return -ENOMEM;
383                 }
384                 nklep->smk_label = oklep->smk_label;
385                 list_add(&nklep->list, nhead);
386         }
387 
388         return 0;
389 }
390 
391 /**
392  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
393  * @mode - input mode in form of PTRACE_MODE_*
394  *
395  * Returns a converted MAY_* mode usable by smack rules
396  */
397 static inline unsigned int smk_ptrace_mode(unsigned int mode)
398 {
399         if (mode & PTRACE_MODE_ATTACH)
400                 return MAY_READWRITE;
401         if (mode & PTRACE_MODE_READ)
402                 return MAY_READ;
403 
404         return 0;
405 }
406 
407 /**
408  * smk_ptrace_rule_check - helper for ptrace access
409  * @tracer: tracer process
410  * @tracee_known: label entry of the process that's about to be traced
411  * @mode: ptrace attachment mode (PTRACE_MODE_*)
412  * @func: name of the function that called us, used for audit
413  *
414  * Returns 0 on access granted, -error on error
415  */
416 static int smk_ptrace_rule_check(struct task_struct *tracer,
417                                  struct smack_known *tracee_known,
418                                  unsigned int mode, const char *func)
419 {
420         int rc;
421         struct smk_audit_info ad, *saip = NULL;
422         struct task_smack *tsp;
423         struct smack_known *tracer_known;
424         const struct cred *tracercred;
425 
426         if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
427                 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
428                 smk_ad_setfield_u_tsk(&ad, tracer);
429                 saip = &ad;
430         }
431 
432         rcu_read_lock();
433         tracercred = __task_cred(tracer);
434         tsp = tracercred->security;
435         tracer_known = smk_of_task(tsp);
436 
437         if ((mode & PTRACE_MODE_ATTACH) &&
438             (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
439              smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
440                 if (tracer_known->smk_known == tracee_known->smk_known)
441                         rc = 0;
442                 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
443                         rc = -EACCES;
444                 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
445                         rc = 0;
446                 else
447                         rc = -EACCES;
448 
449                 if (saip)
450                         smack_log(tracer_known->smk_known,
451                                   tracee_known->smk_known,
452                                   0, rc, saip);
453 
454                 rcu_read_unlock();
455                 return rc;
456         }
457 
458         /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
459         rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
460 
461         rcu_read_unlock();
462         return rc;
463 }
464 
465 /*
466  * LSM hooks.
467  * We he, that is fun!
468  */
469 
470 /**
471  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
472  * @ctp: child task pointer
473  * @mode: ptrace attachment mode (PTRACE_MODE_*)
474  *
475  * Returns 0 if access is OK, an error code otherwise
476  *
477  * Do the capability checks.
478  */
479 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
480 {
481         struct smack_known *skp;
482 
483         skp = smk_of_task_struct(ctp);
484 
485         return smk_ptrace_rule_check(current, skp, mode, __func__);
486 }
487 
488 /**
489  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
490  * @ptp: parent task pointer
491  *
492  * Returns 0 if access is OK, an error code otherwise
493  *
494  * Do the capability checks, and require PTRACE_MODE_ATTACH.
495  */
496 static int smack_ptrace_traceme(struct task_struct *ptp)
497 {
498         int rc;
499         struct smack_known *skp;
500 
501         skp = smk_of_task(current_security());
502 
503         rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
504         return rc;
505 }
506 
507 /**
508  * smack_syslog - Smack approval on syslog
509  * @type: message type
510  *
511  * Returns 0 on success, error code otherwise.
512  */
513 static int smack_syslog(int typefrom_file)
514 {
515         int rc = 0;
516         struct smack_known *skp = smk_of_current();
517 
518         if (smack_privileged(CAP_MAC_OVERRIDE))
519                 return 0;
520 
521         if (smack_syslog_label != NULL && smack_syslog_label != skp)
522                 rc = -EACCES;
523 
524         return rc;
525 }
526 
527 
528 /*
529  * Superblock Hooks.
530  */
531 
532 /**
533  * smack_sb_alloc_security - allocate a superblock blob
534  * @sb: the superblock getting the blob
535  *
536  * Returns 0 on success or -ENOMEM on error.
537  */
538 static int smack_sb_alloc_security(struct super_block *sb)
539 {
540         struct superblock_smack *sbsp;
541 
542         sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
543 
544         if (sbsp == NULL)
545                 return -ENOMEM;
546 
547         sbsp->smk_root = &smack_known_floor;
548         sbsp->smk_default = &smack_known_floor;
549         sbsp->smk_floor = &smack_known_floor;
550         sbsp->smk_hat = &smack_known_hat;
551         /*
552          * SMK_SB_INITIALIZED will be zero from kzalloc.
553          */
554         sb->s_security = sbsp;
555 
556         return 0;
557 }
558 
559 /**
560  * smack_sb_free_security - free a superblock blob
561  * @sb: the superblock getting the blob
562  *
563  */
564 static void smack_sb_free_security(struct super_block *sb)
565 {
566         kfree(sb->s_security);
567         sb->s_security = NULL;
568 }
569 
570 /**
571  * smack_sb_copy_data - copy mount options data for processing
572  * @orig: where to start
573  * @smackopts: mount options string
574  *
575  * Returns 0 on success or -ENOMEM on error.
576  *
577  * Copy the Smack specific mount options out of the mount
578  * options list.
579  */
580 static int smack_sb_copy_data(char *orig, char *smackopts)
581 {
582         char *cp, *commap, *otheropts, *dp;
583 
584         otheropts = (char *)get_zeroed_page(GFP_KERNEL);
585         if (otheropts == NULL)
586                 return -ENOMEM;
587 
588         for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
589                 if (strstr(cp, SMK_FSDEFAULT) == cp)
590                         dp = smackopts;
591                 else if (strstr(cp, SMK_FSFLOOR) == cp)
592                         dp = smackopts;
593                 else if (strstr(cp, SMK_FSHAT) == cp)
594                         dp = smackopts;
595                 else if (strstr(cp, SMK_FSROOT) == cp)
596                         dp = smackopts;
597                 else if (strstr(cp, SMK_FSTRANS) == cp)
598                         dp = smackopts;
599                 else
600                         dp = otheropts;
601 
602                 commap = strchr(cp, ',');
603                 if (commap != NULL)
604                         *commap = '\0';
605 
606                 if (*dp != '\0')
607                         strcat(dp, ",");
608                 strcat(dp, cp);
609         }
610 
611         strcpy(orig, otheropts);
612         free_page((unsigned long)otheropts);
613 
614         return 0;
615 }
616 
617 /**
618  * smack_parse_opts_str - parse Smack specific mount options
619  * @options: mount options string
620  * @opts: where to store converted mount opts
621  *
622  * Returns 0 on success or -ENOMEM on error.
623  *
624  * converts Smack specific mount options to generic security option format
625  */
626 static int smack_parse_opts_str(char *options,
627                 struct security_mnt_opts *opts)
628 {
629         char *p;
630         char *fsdefault = NULL;
631         char *fsfloor = NULL;
632         char *fshat = NULL;
633         char *fsroot = NULL;
634         char *fstransmute = NULL;
635         int rc = -ENOMEM;
636         int num_mnt_opts = 0;
637         int token;
638 
639         opts->num_mnt_opts = 0;
640 
641         if (!options)
642                 return 0;
643 
644         while ((p = strsep(&options, ",")) != NULL) {
645                 substring_t args[MAX_OPT_ARGS];
646 
647                 if (!*p)
648                         continue;
649 
650                 token = match_token(p, smk_mount_tokens, args);
651 
652                 switch (token) {
653                 case Opt_fsdefault:
654                         if (fsdefault)
655                                 goto out_opt_err;
656                         fsdefault = match_strdup(&args[0]);
657                         if (!fsdefault)
658                                 goto out_err;
659                         break;
660                 case Opt_fsfloor:
661                         if (fsfloor)
662                                 goto out_opt_err;
663                         fsfloor = match_strdup(&args[0]);
664                         if (!fsfloor)
665                                 goto out_err;
666                         break;
667                 case Opt_fshat:
668                         if (fshat)
669                                 goto out_opt_err;
670                         fshat = match_strdup(&args[0]);
671                         if (!fshat)
672                                 goto out_err;
673                         break;
674                 case Opt_fsroot:
675                         if (fsroot)
676                                 goto out_opt_err;
677                         fsroot = match_strdup(&args[0]);
678                         if (!fsroot)
679                                 goto out_err;
680                         break;
681                 case Opt_fstransmute:
682                         if (fstransmute)
683                                 goto out_opt_err;
684                         fstransmute = match_strdup(&args[0]);
685                         if (!fstransmute)
686                                 goto out_err;
687                         break;
688                 default:
689                         rc = -EINVAL;
690                         pr_warn("Smack:  unknown mount option\n");
691                         goto out_err;
692                 }
693         }
694 
695         opts->mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), GFP_KERNEL);
696         if (!opts->mnt_opts)
697                 goto out_err;
698 
699         opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int),
700                         GFP_KERNEL);
701         if (!opts->mnt_opts_flags)
702                 goto out_err;
703 
704         if (fsdefault) {
705                 opts->mnt_opts[num_mnt_opts] = fsdefault;
706                 opts->mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT;
707         }
708         if (fsfloor) {
709                 opts->mnt_opts[num_mnt_opts] = fsfloor;
710                 opts->mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT;
711         }
712         if (fshat) {
713                 opts->mnt_opts[num_mnt_opts] = fshat;
714                 opts->mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT;
715         }
716         if (fsroot) {
717                 opts->mnt_opts[num_mnt_opts] = fsroot;
718                 opts->mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT;
719         }
720         if (fstransmute) {
721                 opts->mnt_opts[num_mnt_opts] = fstransmute;
722                 opts->mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT;
723         }
724 
725         opts->num_mnt_opts = num_mnt_opts;
726         return 0;
727 
728 out_opt_err:
729         rc = -EINVAL;
730         pr_warn("Smack: duplicate mount options\n");
731 
732 out_err:
733         kfree(fsdefault);
734         kfree(fsfloor);
735         kfree(fshat);
736         kfree(fsroot);
737         kfree(fstransmute);
738         return rc;
739 }
740 
741 /**
742  * smack_set_mnt_opts - set Smack specific mount options
743  * @sb: the file system superblock
744  * @opts: Smack mount options
745  * @kern_flags: mount option from kernel space or user space
746  * @set_kern_flags: where to store converted mount opts
747  *
748  * Returns 0 on success, an error code on failure
749  *
750  * Allow filesystems with binary mount data to explicitly set Smack mount
751  * labels.
752  */
753 static int smack_set_mnt_opts(struct super_block *sb,
754                 struct security_mnt_opts *opts,
755                 unsigned long kern_flags,
756                 unsigned long *set_kern_flags)
757 {
758         struct dentry *root = sb->s_root;
759         struct inode *inode = d_backing_inode(root);
760         struct superblock_smack *sp = sb->s_security;
761         struct inode_smack *isp;
762         struct smack_known *skp;
763         int i;
764         int num_opts = opts->num_mnt_opts;
765         int transmute = 0;
766 
767         if (sp->smk_flags & SMK_SB_INITIALIZED)
768                 return 0;
769 
770         if (!smack_privileged(CAP_MAC_ADMIN)) {
771                 /*
772                  * Unprivileged mounts don't get to specify Smack values.
773                  */
774                 if (num_opts)
775                         return -EPERM;
776                 /*
777                  * Unprivileged mounts get root and default from the caller.
778                  */
779                 skp = smk_of_current();
780                 sp->smk_root = skp;
781                 sp->smk_default = skp;
782                 /*
783                  * For a handful of fs types with no user-controlled
784                  * backing store it's okay to trust security labels
785                  * in the filesystem. The rest are untrusted.
786                  */
787                 if (sb->s_user_ns != &init_user_ns &&
788                     sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
789                     sb->s_magic != RAMFS_MAGIC) {
790                         transmute = 1;
791                         sp->smk_flags |= SMK_SB_UNTRUSTED;
792                 }
793         }
794 
795         sp->smk_flags |= SMK_SB_INITIALIZED;
796 
797         for (i = 0; i < num_opts; i++) {
798                 switch (opts->mnt_opts_flags[i]) {
799                 case FSDEFAULT_MNT:
800                         skp = smk_import_entry(opts->mnt_opts[i], 0);
801                         if (IS_ERR(skp))
802                                 return PTR_ERR(skp);
803                         sp->smk_default = skp;
804                         break;
805                 case FSFLOOR_MNT:
806                         skp = smk_import_entry(opts->mnt_opts[i], 0);
807                         if (IS_ERR(skp))
808                                 return PTR_ERR(skp);
809                         sp->smk_floor = skp;
810                         break;
811                 case FSHAT_MNT:
812                         skp = smk_import_entry(opts->mnt_opts[i], 0);
813                         if (IS_ERR(skp))
814                                 return PTR_ERR(skp);
815                         sp->smk_hat = skp;
816                         break;
817                 case FSROOT_MNT:
818                         skp = smk_import_entry(opts->mnt_opts[i], 0);
819                         if (IS_ERR(skp))
820                                 return PTR_ERR(skp);
821                         sp->smk_root = skp;
822                         break;
823                 case FSTRANS_MNT:
824                         skp = smk_import_entry(opts->mnt_opts[i], 0);
825                         if (IS_ERR(skp))
826                                 return PTR_ERR(skp);
827                         sp->smk_root = skp;
828                         transmute = 1;
829                         break;
830                 default:
831                         break;
832                 }
833         }
834 
835         /*
836          * Initialize the root inode.
837          */
838         isp = inode->i_security;
839         if (isp == NULL) {
840                 isp = new_inode_smack(sp->smk_root);
841                 if (isp == NULL)
842                         return -ENOMEM;
843                 inode->i_security = isp;
844         } else
845                 isp->smk_inode = sp->smk_root;
846 
847         if (transmute)
848                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
849 
850         return 0;
851 }
852 
853 /**
854  * smack_sb_kern_mount - Smack specific mount processing
855  * @sb: the file system superblock
856  * @flags: the mount flags
857  * @data: the smack mount options
858  *
859  * Returns 0 on success, an error code on failure
860  */
861 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
862 {
863         int rc = 0;
864         char *options = data;
865         struct security_mnt_opts opts;
866 
867         security_init_mnt_opts(&opts);
868 
869         if (!options)
870                 goto out;
871 
872         rc = smack_parse_opts_str(options, &opts);
873         if (rc)
874                 goto out_err;
875 
876 out:
877         rc = smack_set_mnt_opts(sb, &opts, 0, NULL);
878 
879 out_err:
880         security_free_mnt_opts(&opts);
881         return rc;
882 }
883 
884 /**
885  * smack_sb_statfs - Smack check on statfs
886  * @dentry: identifies the file system in question
887  *
888  * Returns 0 if current can read the floor of the filesystem,
889  * and error code otherwise
890  */
891 static int smack_sb_statfs(struct dentry *dentry)
892 {
893         struct superblock_smack *sbp = dentry->d_sb->s_security;
894         int rc;
895         struct smk_audit_info ad;
896 
897         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
898         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
899 
900         rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
901         rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
902         return rc;
903 }
904 
905 /*
906  * BPRM hooks
907  */
908 
909 /**
910  * smack_bprm_set_creds - set creds for exec
911  * @bprm: the exec information
912  *
913  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
914  */
915 static int smack_bprm_set_creds(struct linux_binprm *bprm)
916 {
917         struct inode *inode = file_inode(bprm->file);
918         struct task_smack *bsp = bprm->cred->security;
919         struct inode_smack *isp;
920         struct superblock_smack *sbsp;
921         int rc;
922 
923         if (bprm->called_set_creds)
924                 return 0;
925 
926         isp = inode->i_security;
927         if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
928                 return 0;
929 
930         sbsp = inode->i_sb->s_security;
931         if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
932             isp->smk_task != sbsp->smk_root)
933                 return 0;
934 
935         if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
936                 struct task_struct *tracer;
937                 rc = 0;
938 
939                 rcu_read_lock();
940                 tracer = ptrace_parent(current);
941                 if (likely(tracer != NULL))
942                         rc = smk_ptrace_rule_check(tracer,
943                                                    isp->smk_task,
944                                                    PTRACE_MODE_ATTACH,
945                                                    __func__);
946                 rcu_read_unlock();
947 
948                 if (rc != 0)
949                         return rc;
950         } else if (bprm->unsafe)
951                 return -EPERM;
952 
953         bsp->smk_task = isp->smk_task;
954         bprm->per_clear |= PER_CLEAR_ON_SETID;
955 
956         /* Decide if this is a secure exec. */
957         if (bsp->smk_task != bsp->smk_forked)
958                 bprm->secureexec = 1;
959 
960         return 0;
961 }
962 
963 /*
964  * Inode hooks
965  */
966 
967 /**
968  * smack_inode_alloc_security - allocate an inode blob
969  * @inode: the inode in need of a blob
970  *
971  * Returns 0 if it gets a blob, -ENOMEM otherwise
972  */
973 static int smack_inode_alloc_security(struct inode *inode)
974 {
975         struct smack_known *skp = smk_of_current();
976 
977         inode->i_security = new_inode_smack(skp);
978         if (inode->i_security == NULL)
979                 return -ENOMEM;
980         return 0;
981 }
982 
983 /**
984  * smack_inode_free_rcu - Free inode_smack blob from cache
985  * @head: the rcu_head for getting inode_smack pointer
986  *
987  *  Call back function called from call_rcu() to free
988  *  the i_security blob pointer in inode
989  */
990 static void smack_inode_free_rcu(struct rcu_head *head)
991 {
992         struct inode_smack *issp;
993 
994         issp = container_of(head, struct inode_smack, smk_rcu);
995         kmem_cache_free(smack_inode_cache, issp);
996 }
997 
998 /**
999  * smack_inode_free_security - free an inode blob using call_rcu()
1000  * @inode: the inode with a blob
1001  *
1002  * Clears the blob pointer in inode using RCU
1003  */
1004 static void smack_inode_free_security(struct inode *inode)
1005 {
1006         struct inode_smack *issp = inode->i_security;
1007 
1008         /*
1009          * The inode may still be referenced in a path walk and
1010          * a call to smack_inode_permission() can be made
1011          * after smack_inode_free_security() is called.
1012          * To avoid race condition free the i_security via RCU
1013          * and leave the current inode->i_security pointer intact.
1014          * The inode will be freed after the RCU grace period too.
1015          */
1016         call_rcu(&issp->smk_rcu, smack_inode_free_rcu);
1017 }
1018 
1019 /**
1020  * smack_inode_init_security - copy out the smack from an inode
1021  * @inode: the newly created inode
1022  * @dir: containing directory object
1023  * @qstr: unused
1024  * @name: where to put the attribute name
1025  * @value: where to put the attribute value
1026  * @len: where to put the length of the attribute
1027  *
1028  * Returns 0 if it all works out, -ENOMEM if there's no memory
1029  */
1030 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
1031                                      const struct qstr *qstr, const char **name,
1032                                      void **value, size_t *len)
1033 {
1034         struct inode_smack *issp = inode->i_security;
1035         struct smack_known *skp = smk_of_current();
1036         struct smack_known *isp = smk_of_inode(inode);
1037         struct smack_known *dsp = smk_of_inode(dir);
1038         int may;
1039 
1040         if (name)
1041                 *name = XATTR_SMACK_SUFFIX;
1042 
1043         if (value && len) {
1044                 rcu_read_lock();
1045                 may = smk_access_entry(skp->smk_known, dsp->smk_known,
1046                                        &skp->smk_rules);
1047                 rcu_read_unlock();
1048 
1049                 /*
1050                  * If the access rule allows transmutation and
1051                  * the directory requests transmutation then
1052                  * by all means transmute.
1053                  * Mark the inode as changed.
1054                  */
1055                 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
1056                     smk_inode_transmutable(dir)) {
1057                         isp = dsp;
1058                         issp->smk_flags |= SMK_INODE_CHANGED;
1059                 }
1060 
1061                 *value = kstrdup(isp->smk_known, GFP_NOFS);
1062                 if (*value == NULL)
1063                         return -ENOMEM;
1064 
1065                 *len = strlen(isp->smk_known);
1066         }
1067 
1068         return 0;
1069 }
1070 
1071 /**
1072  * smack_inode_link - Smack check on link
1073  * @old_dentry: the existing object
1074  * @dir: unused
1075  * @new_dentry: the new object
1076  *
1077  * Returns 0 if access is permitted, an error code otherwise
1078  */
1079 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1080                             struct dentry *new_dentry)
1081 {
1082         struct smack_known *isp;
1083         struct smk_audit_info ad;
1084         int rc;
1085 
1086         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1087         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1088 
1089         isp = smk_of_inode(d_backing_inode(old_dentry));
1090         rc = smk_curacc(isp, MAY_WRITE, &ad);
1091         rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1092 
1093         if (rc == 0 && d_is_positive(new_dentry)) {
1094                 isp = smk_of_inode(d_backing_inode(new_dentry));
1095                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1096                 rc = smk_curacc(isp, MAY_WRITE, &ad);
1097                 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1098         }
1099 
1100         return rc;
1101 }
1102 
1103 /**
1104  * smack_inode_unlink - Smack check on inode deletion
1105  * @dir: containing directory object
1106  * @dentry: file to unlink
1107  *
1108  * Returns 0 if current can write the containing directory
1109  * and the object, error code otherwise
1110  */
1111 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1112 {
1113         struct inode *ip = d_backing_inode(dentry);
1114         struct smk_audit_info ad;
1115         int rc;
1116 
1117         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1118         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1119 
1120         /*
1121          * You need write access to the thing you're unlinking
1122          */
1123         rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1124         rc = smk_bu_inode(ip, MAY_WRITE, rc);
1125         if (rc == 0) {
1126                 /*
1127                  * You also need write access to the containing directory
1128                  */
1129                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1130                 smk_ad_setfield_u_fs_inode(&ad, dir);
1131                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1132                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1133         }
1134         return rc;
1135 }
1136 
1137 /**
1138  * smack_inode_rmdir - Smack check on directory deletion
1139  * @dir: containing directory object
1140  * @dentry: directory to unlink
1141  *
1142  * Returns 0 if current can write the containing directory
1143  * and the directory, error code otherwise
1144  */
1145 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1146 {
1147         struct smk_audit_info ad;
1148         int rc;
1149 
1150         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1151         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1152 
1153         /*
1154          * You need write access to the thing you're removing
1155          */
1156         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1157         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1158         if (rc == 0) {
1159                 /*
1160                  * You also need write access to the containing directory
1161                  */
1162                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1163                 smk_ad_setfield_u_fs_inode(&ad, dir);
1164                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1165                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1166         }
1167 
1168         return rc;
1169 }
1170 
1171 /**
1172  * smack_inode_rename - Smack check on rename
1173  * @old_inode: unused
1174  * @old_dentry: the old object
1175  * @new_inode: unused
1176  * @new_dentry: the new object
1177  *
1178  * Read and write access is required on both the old and
1179  * new directories.
1180  *
1181  * Returns 0 if access is permitted, an error code otherwise
1182  */
1183 static int smack_inode_rename(struct inode *old_inode,
1184                               struct dentry *old_dentry,
1185                               struct inode *new_inode,
1186                               struct dentry *new_dentry)
1187 {
1188         int rc;
1189         struct smack_known *isp;
1190         struct smk_audit_info ad;
1191 
1192         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1193         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1194 
1195         isp = smk_of_inode(d_backing_inode(old_dentry));
1196         rc = smk_curacc(isp, MAY_READWRITE, &ad);
1197         rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1198 
1199         if (rc == 0 && d_is_positive(new_dentry)) {
1200                 isp = smk_of_inode(d_backing_inode(new_dentry));
1201                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1202                 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1203                 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1204         }
1205         return rc;
1206 }
1207 
1208 /**
1209  * smack_inode_permission - Smack version of permission()
1210  * @inode: the inode in question
1211  * @mask: the access requested
1212  *
1213  * This is the important Smack hook.
1214  *
1215  * Returns 0 if access is permitted, -EACCES otherwise
1216  */
1217 static int smack_inode_permission(struct inode *inode, int mask)
1218 {
1219         struct superblock_smack *sbsp = inode->i_sb->s_security;
1220         struct smk_audit_info ad;
1221         int no_block = mask & MAY_NOT_BLOCK;
1222         int rc;
1223 
1224         mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1225         /*
1226          * No permission to check. Existence test. Yup, it's there.
1227          */
1228         if (mask == 0)
1229                 return 0;
1230 
1231         if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1232                 if (smk_of_inode(inode) != sbsp->smk_root)
1233                         return -EACCES;
1234         }
1235 
1236         /* May be droppable after audit */
1237         if (no_block)
1238                 return -ECHILD;
1239         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1240         smk_ad_setfield_u_fs_inode(&ad, inode);
1241         rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1242         rc = smk_bu_inode(inode, mask, rc);
1243         return rc;
1244 }
1245 
1246 /**
1247  * smack_inode_setattr - Smack check for setting attributes
1248  * @dentry: the object
1249  * @iattr: for the force flag
1250  *
1251  * Returns 0 if access is permitted, an error code otherwise
1252  */
1253 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1254 {
1255         struct smk_audit_info ad;
1256         int rc;
1257 
1258         /*
1259          * Need to allow for clearing the setuid bit.
1260          */
1261         if (iattr->ia_valid & ATTR_FORCE)
1262                 return 0;
1263         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1264         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1265 
1266         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1267         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1268         return rc;
1269 }
1270 
1271 /**
1272  * smack_inode_getattr - Smack check for getting attributes
1273  * @mnt: vfsmount of the object
1274  * @dentry: the object
1275  *
1276  * Returns 0 if access is permitted, an error code otherwise
1277  */
1278 static int smack_inode_getattr(const struct path *path)
1279 {
1280         struct smk_audit_info ad;
1281         struct inode *inode = d_backing_inode(path->dentry);
1282         int rc;
1283 
1284         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1285         smk_ad_setfield_u_fs_path(&ad, *path);
1286         rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1287         rc = smk_bu_inode(inode, MAY_READ, rc);
1288         return rc;
1289 }
1290 
1291 /**
1292  * smack_inode_setxattr - Smack check for setting xattrs
1293  * @dentry: the object
1294  * @name: name of the attribute
1295  * @value: value of the attribute
1296  * @size: size of the value
1297  * @flags: unused
1298  *
1299  * This protects the Smack attribute explicitly.
1300  *
1301  * Returns 0 if access is permitted, an error code otherwise
1302  */
1303 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1304                                 const void *value, size_t size, int flags)
1305 {
1306         struct smk_audit_info ad;
1307         struct smack_known *skp;
1308         int check_priv = 0;
1309         int check_import = 0;
1310         int check_star = 0;
1311         int rc = 0;
1312 
1313         /*
1314          * Check label validity here so import won't fail in post_setxattr
1315          */
1316         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1317             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1318             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1319                 check_priv = 1;
1320                 check_import = 1;
1321         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1322                    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1323                 check_priv = 1;
1324                 check_import = 1;
1325                 check_star = 1;
1326         } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1327                 check_priv = 1;
1328                 if (size != TRANS_TRUE_SIZE ||
1329                     strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1330                         rc = -EINVAL;
1331         } else
1332                 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1333 
1334         if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1335                 rc = -EPERM;
1336 
1337         if (rc == 0 && check_import) {
1338                 skp = size ? smk_import_entry(value, size) : NULL;
1339                 if (IS_ERR(skp))
1340                         rc = PTR_ERR(skp);
1341                 else if (skp == NULL || (check_star &&
1342                     (skp == &smack_known_star || skp == &smack_known_web)))
1343                         rc = -EINVAL;
1344         }
1345 
1346         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1347         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1348 
1349         if (rc == 0) {
1350                 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1351                 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1352         }
1353 
1354         return rc;
1355 }
1356 
1357 /**
1358  * smack_inode_post_setxattr - Apply the Smack update approved above
1359  * @dentry: object
1360  * @name: attribute name
1361  * @value: attribute value
1362  * @size: attribute size
1363  * @flags: unused
1364  *
1365  * Set the pointer in the inode blob to the entry found
1366  * in the master label list.
1367  */
1368 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1369                                       const void *value, size_t size, int flags)
1370 {
1371         struct smack_known *skp;
1372         struct inode_smack *isp = d_backing_inode(dentry)->i_security;
1373 
1374         if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1375                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1376                 return;
1377         }
1378 
1379         if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1380                 skp = smk_import_entry(value, size);
1381                 if (!IS_ERR(skp))
1382                         isp->smk_inode = skp;
1383         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1384                 skp = smk_import_entry(value, size);
1385                 if (!IS_ERR(skp))
1386                         isp->smk_task = skp;
1387         } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1388                 skp = smk_import_entry(value, size);
1389                 if (!IS_ERR(skp))
1390                         isp->smk_mmap = skp;
1391         }
1392 
1393         return;
1394 }
1395 
1396 /**
1397  * smack_inode_getxattr - Smack check on getxattr
1398  * @dentry: the object
1399  * @name: unused
1400  *
1401  * Returns 0 if access is permitted, an error code otherwise
1402  */
1403 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1404 {
1405         struct smk_audit_info ad;
1406         int rc;
1407 
1408         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1409         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1410 
1411         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1412         rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1413         return rc;
1414 }
1415 
1416 /**
1417  * smack_inode_removexattr - Smack check on removexattr
1418  * @dentry: the object
1419  * @name: name of the attribute
1420  *
1421  * Removing the Smack attribute requires CAP_MAC_ADMIN
1422  *
1423  * Returns 0 if access is permitted, an error code otherwise
1424  */
1425 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1426 {
1427         struct inode_smack *isp;
1428         struct smk_audit_info ad;
1429         int rc = 0;
1430 
1431         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1432             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1433             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1434             strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1435             strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1436             strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1437                 if (!smack_privileged(CAP_MAC_ADMIN))
1438                         rc = -EPERM;
1439         } else
1440                 rc = cap_inode_removexattr(dentry, name);
1441 
1442         if (rc != 0)
1443                 return rc;
1444 
1445         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1446         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1447 
1448         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1449         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1450         if (rc != 0)
1451                 return rc;
1452 
1453         isp = d_backing_inode(dentry)->i_security;
1454         /*
1455          * Don't do anything special for these.
1456          *      XATTR_NAME_SMACKIPIN
1457          *      XATTR_NAME_SMACKIPOUT
1458          */
1459         if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1460                 struct super_block *sbp = dentry->d_sb;
1461                 struct superblock_smack *sbsp = sbp->s_security;
1462 
1463                 isp->smk_inode = sbsp->smk_default;
1464         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1465                 isp->smk_task = NULL;
1466         else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1467                 isp->smk_mmap = NULL;
1468         else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1469                 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1470 
1471         return 0;
1472 }
1473 
1474 /**
1475  * smack_inode_getsecurity - get smack xattrs
1476  * @inode: the object
1477  * @name: attribute name
1478  * @buffer: where to put the result
1479  * @alloc: duplicate memory
1480  *
1481  * Returns the size of the attribute or an error code
1482  */
1483 static int smack_inode_getsecurity(struct inode *inode,
1484                                    const char *name, void **buffer,
1485                                    bool alloc)
1486 {
1487         struct socket_smack *ssp;
1488         struct socket *sock;
1489         struct super_block *sbp;
1490         struct inode *ip = (struct inode *)inode;
1491         struct smack_known *isp;
1492 
1493         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
1494                 isp = smk_of_inode(inode);
1495         else {
1496                 /*
1497                  * The rest of the Smack xattrs are only on sockets.
1498                  */
1499                 sbp = ip->i_sb;
1500                 if (sbp->s_magic != SOCKFS_MAGIC)
1501                         return -EOPNOTSUPP;
1502 
1503                 sock = SOCKET_I(ip);
1504                 if (sock == NULL || sock->sk == NULL)
1505                         return -EOPNOTSUPP;
1506 
1507                 ssp = sock->sk->sk_security;
1508 
1509                 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1510                         isp = ssp->smk_in;
1511                 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1512                         isp = ssp->smk_out;
1513                 else
1514                         return -EOPNOTSUPP;
1515         }
1516 
1517         if (alloc) {
1518                 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1519                 if (*buffer == NULL)
1520                         return -ENOMEM;
1521         }
1522 
1523         return strlen(isp->smk_known);
1524 }
1525 
1526 
1527 /**
1528  * smack_inode_listsecurity - list the Smack attributes
1529  * @inode: the object
1530  * @buffer: where they go
1531  * @buffer_size: size of buffer
1532  */
1533 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1534                                     size_t buffer_size)
1535 {
1536         int len = sizeof(XATTR_NAME_SMACK);
1537 
1538         if (buffer != NULL && len <= buffer_size)
1539                 memcpy(buffer, XATTR_NAME_SMACK, len);
1540 
1541         return len;
1542 }
1543 
1544 /**
1545  * smack_inode_getsecid - Extract inode's security id
1546  * @inode: inode to extract the info from
1547  * @secid: where result will be saved
1548  */
1549 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1550 {
1551         struct smack_known *skp = smk_of_inode(inode);
1552 
1553         *secid = skp->smk_secid;
1554 }
1555 
1556 /*
1557  * File Hooks
1558  */
1559 
1560 /*
1561  * There is no smack_file_permission hook
1562  *
1563  * Should access checks be done on each read or write?
1564  * UNICOS and SELinux say yes.
1565  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1566  *
1567  * I'll say no for now. Smack does not do the frequent
1568  * label changing that SELinux does.
1569  */
1570 
1571 /**
1572  * smack_file_alloc_security - assign a file security blob
1573  * @file: the object
1574  *
1575  * The security blob for a file is a pointer to the master
1576  * label list, so no allocation is done.
1577  *
1578  * f_security is the owner security information. It
1579  * isn't used on file access checks, it's for send_sigio.
1580  *
1581  * Returns 0
1582  */
1583 static int smack_file_alloc_security(struct file *file)
1584 {
1585         struct smack_known *skp = smk_of_current();
1586 
1587         file->f_security = skp;
1588         return 0;
1589 }
1590 
1591 /**
1592  * smack_file_free_security - clear a file security blob
1593  * @file: the object
1594  *
1595  * The security blob for a file is a pointer to the master
1596  * label list, so no memory is freed.
1597  */
1598 static void smack_file_free_security(struct file *file)
1599 {
1600         file->f_security = NULL;
1601 }
1602 
1603 /**
1604  * smack_file_ioctl - Smack check on ioctls
1605  * @file: the object
1606  * @cmd: what to do
1607  * @arg: unused
1608  *
1609  * Relies heavily on the correct use of the ioctl command conventions.
1610  *
1611  * Returns 0 if allowed, error code otherwise
1612  */
1613 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1614                             unsigned long arg)
1615 {
1616         int rc = 0;
1617         struct smk_audit_info ad;
1618         struct inode *inode = file_inode(file);
1619 
1620         if (unlikely(IS_PRIVATE(inode)))
1621                 return 0;
1622 
1623         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1624         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1625 
1626         if (_IOC_DIR(cmd) & _IOC_WRITE) {
1627                 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1628                 rc = smk_bu_file(file, MAY_WRITE, rc);
1629         }
1630 
1631         if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1632                 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1633                 rc = smk_bu_file(file, MAY_READ, rc);
1634         }
1635 
1636         return rc;
1637 }
1638 
1639 /**
1640  * smack_file_lock - Smack check on file locking
1641  * @file: the object
1642  * @cmd: unused
1643  *
1644  * Returns 0 if current has lock access, error code otherwise
1645  */
1646 static int smack_file_lock(struct file *file, unsigned int cmd)
1647 {
1648         struct smk_audit_info ad;
1649         int rc;
1650         struct inode *inode = file_inode(file);
1651 
1652         if (unlikely(IS_PRIVATE(inode)))
1653                 return 0;
1654 
1655         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1656         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1657         rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1658         rc = smk_bu_file(file, MAY_LOCK, rc);
1659         return rc;
1660 }
1661 
1662 /**
1663  * smack_file_fcntl - Smack check on fcntl
1664  * @file: the object
1665  * @cmd: what action to check
1666  * @arg: unused
1667  *
1668  * Generally these operations are harmless.
1669  * File locking operations present an obvious mechanism
1670  * for passing information, so they require write access.
1671  *
1672  * Returns 0 if current has access, error code otherwise
1673  */
1674 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1675                             unsigned long arg)
1676 {
1677         struct smk_audit_info ad;
1678         int rc = 0;
1679         struct inode *inode = file_inode(file);
1680 
1681         if (unlikely(IS_PRIVATE(inode)))
1682                 return 0;
1683 
1684         switch (cmd) {
1685         case F_GETLK:
1686                 break;
1687         case F_SETLK:
1688         case F_SETLKW:
1689                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1690                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1691                 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1692                 rc = smk_bu_file(file, MAY_LOCK, rc);
1693                 break;
1694         case F_SETOWN:
1695         case F_SETSIG:
1696                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1697                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1698                 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1699                 rc = smk_bu_file(file, MAY_WRITE, rc);
1700                 break;
1701         default:
1702                 break;
1703         }
1704 
1705         return rc;
1706 }
1707 
1708 /**
1709  * smack_mmap_file :
1710  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1711  * if mapping anonymous memory.
1712  * @file contains the file structure for file to map (may be NULL).
1713  * @reqprot contains the protection requested by the application.
1714  * @prot contains the protection that will be applied by the kernel.
1715  * @flags contains the operational flags.
1716  * Return 0 if permission is granted.
1717  */
1718 static int smack_mmap_file(struct file *file,
1719                            unsigned long reqprot, unsigned long prot,
1720                            unsigned long flags)
1721 {
1722         struct smack_known *skp;
1723         struct smack_known *mkp;
1724         struct smack_rule *srp;
1725         struct task_smack *tsp;
1726         struct smack_known *okp;
1727         struct inode_smack *isp;
1728         struct superblock_smack *sbsp;
1729         int may;
1730         int mmay;
1731         int tmay;
1732         int rc;
1733 
1734         if (file == NULL)
1735                 return 0;
1736 
1737         if (unlikely(IS_PRIVATE(file_inode(file))))
1738                 return 0;
1739 
1740         isp = file_inode(file)->i_security;
1741         if (isp->smk_mmap == NULL)
1742                 return 0;
1743         sbsp = file_inode(file)->i_sb->s_security;
1744         if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1745             isp->smk_mmap != sbsp->smk_root)
1746                 return -EACCES;
1747         mkp = isp->smk_mmap;
1748 
1749         tsp = current_security();
1750         skp = smk_of_current();
1751         rc = 0;
1752 
1753         rcu_read_lock();
1754         /*
1755          * For each Smack rule associated with the subject
1756          * label verify that the SMACK64MMAP also has access
1757          * to that rule's object label.
1758          */
1759         list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1760                 okp = srp->smk_object;
1761                 /*
1762                  * Matching labels always allows access.
1763                  */
1764                 if (mkp->smk_known == okp->smk_known)
1765                         continue;
1766                 /*
1767                  * If there is a matching local rule take
1768                  * that into account as well.
1769                  */
1770                 may = smk_access_entry(srp->smk_subject->smk_known,
1771                                        okp->smk_known,
1772                                        &tsp->smk_rules);
1773                 if (may == -ENOENT)
1774                         may = srp->smk_access;
1775                 else
1776                         may &= srp->smk_access;
1777                 /*
1778                  * If may is zero the SMACK64MMAP subject can't
1779                  * possibly have less access.
1780                  */
1781                 if (may == 0)
1782                         continue;
1783 
1784                 /*
1785                  * Fetch the global list entry.
1786                  * If there isn't one a SMACK64MMAP subject
1787                  * can't have as much access as current.
1788                  */
1789                 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1790                                         &mkp->smk_rules);
1791                 if (mmay == -ENOENT) {
1792                         rc = -EACCES;
1793                         break;
1794                 }
1795                 /*
1796                  * If there is a local entry it modifies the
1797                  * potential access, too.
1798                  */
1799                 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1800                                         &tsp->smk_rules);
1801                 if (tmay != -ENOENT)
1802                         mmay &= tmay;
1803 
1804                 /*
1805                  * If there is any access available to current that is
1806                  * not available to a SMACK64MMAP subject
1807                  * deny access.
1808                  */
1809                 if ((may | mmay) != mmay) {
1810                         rc = -EACCES;
1811                         break;
1812                 }
1813         }
1814 
1815         rcu_read_unlock();
1816 
1817         return rc;
1818 }
1819 
1820 /**
1821  * smack_file_set_fowner - set the file security blob value
1822  * @file: object in question
1823  *
1824  */
1825 static void smack_file_set_fowner(struct file *file)
1826 {
1827         file->f_security = smk_of_current();
1828 }
1829 
1830 /**
1831  * smack_file_send_sigiotask - Smack on sigio
1832  * @tsk: The target task
1833  * @fown: the object the signal come from
1834  * @signum: unused
1835  *
1836  * Allow a privileged task to get signals even if it shouldn't
1837  *
1838  * Returns 0 if a subject with the object's smack could
1839  * write to the task, an error code otherwise.
1840  */
1841 static int smack_file_send_sigiotask(struct task_struct *tsk,
1842                                      struct fown_struct *fown, int signum)
1843 {
1844         struct smack_known *skp;
1845         struct smack_known *tkp = smk_of_task(tsk->cred->security);
1846         const struct cred *tcred;
1847         struct file *file;
1848         int rc;
1849         struct smk_audit_info ad;
1850 
1851         /*
1852          * struct fown_struct is never outside the context of a struct file
1853          */
1854         file = container_of(fown, struct file, f_owner);
1855 
1856         /* we don't log here as rc can be overriden */
1857         skp = file->f_security;
1858         rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1859         rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1860 
1861         rcu_read_lock();
1862         tcred = __task_cred(tsk);
1863         if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
1864                 rc = 0;
1865         rcu_read_unlock();
1866 
1867         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1868         smk_ad_setfield_u_tsk(&ad, tsk);
1869         smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1870         return rc;
1871 }
1872 
1873 /**
1874  * smack_file_receive - Smack file receive check
1875  * @file: the object
1876  *
1877  * Returns 0 if current has access, error code otherwise
1878  */
1879 static int smack_file_receive(struct file *file)
1880 {
1881         int rc;
1882         int may = 0;
1883         struct smk_audit_info ad;
1884         struct inode *inode = file_inode(file);
1885         struct socket *sock;
1886         struct task_smack *tsp;
1887         struct socket_smack *ssp;
1888 
1889         if (unlikely(IS_PRIVATE(inode)))
1890                 return 0;
1891 
1892         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1893         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1894 
1895         if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1896                 sock = SOCKET_I(inode);
1897                 ssp = sock->sk->sk_security;
1898                 tsp = current_security();
1899                 /*
1900                  * If the receiving process can't write to the
1901                  * passed socket or if the passed socket can't
1902                  * write to the receiving process don't accept
1903                  * the passed socket.
1904                  */
1905                 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1906                 rc = smk_bu_file(file, may, rc);
1907                 if (rc < 0)
1908                         return rc;
1909                 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1910                 rc = smk_bu_file(file, may, rc);
1911                 return rc;
1912         }
1913         /*
1914          * This code relies on bitmasks.
1915          */
1916         if (file->f_mode & FMODE_READ)
1917                 may = MAY_READ;
1918         if (file->f_mode & FMODE_WRITE)
1919                 may |= MAY_WRITE;
1920 
1921         rc = smk_curacc(smk_of_inode(inode), may, &ad);
1922         rc = smk_bu_file(file, may, rc);
1923         return rc;
1924 }
1925 
1926 /**
1927  * smack_file_open - Smack dentry open processing
1928  * @file: the object
1929  * @cred: task credential
1930  *
1931  * Set the security blob in the file structure.
1932  * Allow the open only if the task has read access. There are
1933  * many read operations (e.g. fstat) that you can do with an
1934  * fd even if you have the file open write-only.
1935  *
1936  * Returns 0
1937  */
1938 static int smack_file_open(struct file *file)
1939 {
1940         struct task_smack *tsp = file->f_cred->security;
1941         struct inode *inode = file_inode(file);
1942         struct smk_audit_info ad;
1943         int rc;
1944 
1945         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1946         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1947         rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1948         rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
1949 
1950         return rc;
1951 }
1952 
1953 /*
1954  * Task hooks
1955  */
1956 
1957 /**
1958  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1959  * @new: the new credentials
1960  * @gfp: the atomicity of any memory allocations
1961  *
1962  * Prepare a blank set of credentials for modification.  This must allocate all
1963  * the memory the LSM module might require such that cred_transfer() can
1964  * complete without error.
1965  */
1966 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1967 {
1968         struct task_smack *tsp;
1969 
1970         tsp = new_task_smack(NULL, NULL, gfp);
1971         if (tsp == NULL)
1972                 return -ENOMEM;
1973 
1974         cred->security = tsp;
1975 
1976         return 0;
1977 }
1978 
1979 
1980 /**
1981  * smack_cred_free - "free" task-level security credentials
1982  * @cred: the credentials in question
1983  *
1984  */
1985 static void smack_cred_free(struct cred *cred)
1986 {
1987         struct task_smack *tsp = cred->security;
1988         struct smack_rule *rp;
1989         struct list_head *l;
1990         struct list_head *n;
1991 
1992         if (tsp == NULL)
1993                 return;
1994         cred->security = NULL;
1995 
1996         smk_destroy_label_list(&tsp->smk_relabel);
1997 
1998         list_for_each_safe(l, n, &tsp->smk_rules) {
1999                 rp = list_entry(l, struct smack_rule, list);
2000                 list_del(&rp->list);
2001                 kfree(rp);
2002         }
2003         kfree(tsp);
2004 }
2005 
2006 /**
2007  * smack_cred_prepare - prepare new set of credentials for modification
2008  * @new: the new credentials
2009  * @old: the original credentials
2010  * @gfp: the atomicity of any memory allocations
2011  *
2012  * Prepare a new set of credentials for modification.
2013  */
2014 static int smack_cred_prepare(struct cred *new, const struct cred *old,
2015                               gfp_t gfp)
2016 {
2017         struct task_smack *old_tsp = old->security;
2018         struct task_smack *new_tsp;
2019         int rc;
2020 
2021         new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
2022         if (new_tsp == NULL)
2023                 return -ENOMEM;
2024 
2025         new->security = new_tsp;
2026 
2027         rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2028         if (rc != 0)
2029                 return rc;
2030 
2031         rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2032                                 gfp);
2033         if (rc != 0)
2034                 return rc;
2035 
2036         return 0;
2037 }
2038 
2039 /**
2040  * smack_cred_transfer - Transfer the old credentials to the new credentials
2041  * @new: the new credentials
2042  * @old: the original credentials
2043  *
2044  * Fill in a set of blank credentials from another set of credentials.
2045  */
2046 static void smack_cred_transfer(struct cred *new, const struct cred *old)
2047 {
2048         struct task_smack *old_tsp = old->security;
2049         struct task_smack *new_tsp = new->security;
2050 
2051         new_tsp->smk_task = old_tsp->smk_task;
2052         new_tsp->smk_forked = old_tsp->smk_task;
2053         mutex_init(&new_tsp->smk_rules_lock);
2054         INIT_LIST_HEAD(&new_tsp->smk_rules);
2055 
2056 
2057         /* cbs copy rule list */
2058 }
2059 
2060 /**
2061  * smack_cred_getsecid - get the secid corresponding to a creds structure
2062  * @c: the object creds
2063  * @secid: where to put the result
2064  *
2065  * Sets the secid to contain a u32 version of the smack label.
2066  */
2067 static void smack_cred_getsecid(const struct cred *c, u32 *secid)
2068 {
2069         struct smack_known *skp;
2070 
2071         rcu_read_lock();
2072         skp = smk_of_task(c->security);
2073         *secid = skp->smk_secid;
2074         rcu_read_unlock();
2075 }
2076 
2077 /**
2078  * smack_kernel_act_as - Set the subjective context in a set of credentials
2079  * @new: points to the set of credentials to be modified.
2080  * @secid: specifies the security ID to be set
2081  *
2082  * Set the security data for a kernel service.
2083  */
2084 static int smack_kernel_act_as(struct cred *new, u32 secid)
2085 {
2086         struct task_smack *new_tsp = new->security;
2087 
2088         new_tsp->smk_task = smack_from_secid(secid);
2089         return 0;
2090 }
2091 
2092 /**
2093  * smack_kernel_create_files_as - Set the file creation label in a set of creds
2094  * @new: points to the set of credentials to be modified
2095  * @inode: points to the inode to use as a reference
2096  *
2097  * Set the file creation context in a set of credentials to the same
2098  * as the objective context of the specified inode
2099  */
2100 static int smack_kernel_create_files_as(struct cred *new,
2101                                         struct inode *inode)
2102 {
2103         struct inode_smack *isp = inode->i_security;
2104         struct task_smack *tsp = new->security;
2105 
2106         tsp->smk_forked = isp->smk_inode;
2107         tsp->smk_task = tsp->smk_forked;
2108         return 0;
2109 }
2110 
2111 /**
2112  * smk_curacc_on_task - helper to log task related access
2113  * @p: the task object
2114  * @access: the access requested
2115  * @caller: name of the calling function for audit
2116  *
2117  * Return 0 if access is permitted
2118  */
2119 static int smk_curacc_on_task(struct task_struct *p, int access,
2120                                 const char *caller)
2121 {
2122         struct smk_audit_info ad;
2123         struct smack_known *skp = smk_of_task_struct(p);
2124         int rc;
2125 
2126         smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2127         smk_ad_setfield_u_tsk(&ad, p);
2128         rc = smk_curacc(skp, access, &ad);
2129         rc = smk_bu_task(p, access, rc);
2130         return rc;
2131 }
2132 
2133 /**
2134  * smack_task_setpgid - Smack check on setting pgid
2135  * @p: the task object
2136  * @pgid: unused
2137  *
2138  * Return 0 if write access is permitted
2139  */
2140 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2141 {
2142         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2143 }
2144 
2145 /**
2146  * smack_task_getpgid - Smack access check for getpgid
2147  * @p: the object task
2148  *
2149  * Returns 0 if current can read the object task, error code otherwise
2150  */
2151 static int smack_task_getpgid(struct task_struct *p)
2152 {
2153         return smk_curacc_on_task(p, MAY_READ, __func__);
2154 }
2155 
2156 /**
2157  * smack_task_getsid - Smack access check for getsid
2158  * @p: the object task
2159  *
2160  * Returns 0 if current can read the object task, error code otherwise
2161  */
2162 static int smack_task_getsid(struct task_struct *p)
2163 {
2164         return smk_curacc_on_task(p, MAY_READ, __func__);
2165 }
2166 
2167 /**
2168  * smack_task_getsecid - get the secid of the task
2169  * @p: the object task
2170  * @secid: where to put the result
2171  *
2172  * Sets the secid to contain a u32 version of the smack label.
2173  */
2174 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2175 {
2176         struct smack_known *skp = smk_of_task_struct(p);
2177 
2178         *secid = skp->smk_secid;
2179 }
2180 
2181 /**
2182  * smack_task_setnice - Smack check on setting nice
2183  * @p: the task object
2184  * @nice: unused
2185  *
2186  * Return 0 if write access is permitted
2187  */
2188 static int smack_task_setnice(struct task_struct *p, int nice)
2189 {
2190         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2191 }
2192 
2193 /**
2194  * smack_task_setioprio - Smack check on setting ioprio
2195  * @p: the task object
2196  * @ioprio: unused
2197  *
2198  * Return 0 if write access is permitted
2199  */
2200 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2201 {
2202         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2203 }
2204 
2205 /**
2206  * smack_task_getioprio - Smack check on reading ioprio
2207  * @p: the task object
2208  *
2209  * Return 0 if read access is permitted
2210  */
2211 static int smack_task_getioprio(struct task_struct *p)
2212 {
2213         return smk_curacc_on_task(p, MAY_READ, __func__);
2214 }
2215 
2216 /**
2217  * smack_task_setscheduler - Smack check on setting scheduler
2218  * @p: the task object
2219  * @policy: unused
2220  * @lp: unused
2221  *
2222  * Return 0 if read access is permitted
2223  */
2224 static int smack_task_setscheduler(struct task_struct *p)
2225 {
2226         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2227 }
2228 
2229 /**
2230  * smack_task_getscheduler - Smack check on reading scheduler
2231  * @p: the task object
2232  *
2233  * Return 0 if read access is permitted
2234  */
2235 static int smack_task_getscheduler(struct task_struct *p)
2236 {
2237         return smk_curacc_on_task(p, MAY_READ, __func__);
2238 }
2239 
2240 /**
2241  * smack_task_movememory - Smack check on moving memory
2242  * @p: the task object
2243  *
2244  * Return 0 if write access is permitted
2245  */
2246 static int smack_task_movememory(struct task_struct *p)
2247 {
2248         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2249 }
2250 
2251 /**
2252  * smack_task_kill - Smack check on signal delivery
2253  * @p: the task object
2254  * @info: unused
2255  * @sig: unused
2256  * @cred: identifies the cred to use in lieu of current's
2257  *
2258  * Return 0 if write access is permitted
2259  *
2260  */
2261 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
2262                            int sig, const struct cred *cred)
2263 {
2264         struct smk_audit_info ad;
2265         struct smack_known *skp;
2266         struct smack_known *tkp = smk_of_task_struct(p);
2267         int rc;
2268 
2269         if (!sig)
2270                 return 0; /* null signal; existence test */
2271 
2272         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2273         smk_ad_setfield_u_tsk(&ad, p);
2274         /*
2275          * Sending a signal requires that the sender
2276          * can write the receiver.
2277          */
2278         if (cred == NULL) {
2279                 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2280                 rc = smk_bu_task(p, MAY_DELIVER, rc);
2281                 return rc;
2282         }
2283         /*
2284          * If the cred isn't NULL we're dealing with some USB IO
2285          * specific behavior. This is not clean. For one thing
2286          * we can't take privilege into account.
2287          */
2288         skp = smk_of_task(cred->security);
2289         rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2290         rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2291         return rc;
2292 }
2293 
2294 /**
2295  * smack_task_to_inode - copy task smack into the inode blob
2296  * @p: task to copy from
2297  * @inode: inode to copy to
2298  *
2299  * Sets the smack pointer in the inode security blob
2300  */
2301 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2302 {
2303         struct inode_smack *isp = inode->i_security;
2304         struct smack_known *skp = smk_of_task_struct(p);
2305 
2306         isp->smk_inode = skp;
2307         isp->smk_flags |= SMK_INODE_INSTANT;
2308 }
2309 
2310 /*
2311  * Socket hooks.
2312  */
2313 
2314 /**
2315  * smack_sk_alloc_security - Allocate a socket blob
2316  * @sk: the socket
2317  * @family: unused
2318  * @gfp_flags: memory allocation flags
2319  *
2320  * Assign Smack pointers to current
2321  *
2322  * Returns 0 on success, -ENOMEM is there's no memory
2323  */
2324 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2325 {
2326         struct smack_known *skp = smk_of_current();
2327         struct socket_smack *ssp;
2328 
2329         ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2330         if (ssp == NULL)
2331                 return -ENOMEM;
2332 
2333         /*
2334          * Sockets created by kernel threads receive web label.
2335          */
2336         if (unlikely(current->flags & PF_KTHREAD)) {
2337                 ssp->smk_in = &smack_known_web;
2338                 ssp->smk_out = &smack_known_web;
2339         } else {
2340                 ssp->smk_in = skp;
2341                 ssp->smk_out = skp;
2342         }
2343         ssp->smk_packet = NULL;
2344 
2345         sk->sk_security = ssp;
2346 
2347         return 0;
2348 }
2349 
2350 /**
2351  * smack_sk_free_security - Free a socket blob
2352  * @sk: the socket
2353  *
2354  * Clears the blob pointer
2355  */
2356 static void smack_sk_free_security(struct sock *sk)
2357 {
2358 #ifdef SMACK_IPV6_PORT_LABELING
2359         struct smk_port_label *spp;
2360 
2361         if (sk->sk_family == PF_INET6) {
2362                 rcu_read_lock();
2363                 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2364                         if (spp->smk_sock != sk)
2365                                 continue;
2366                         spp->smk_can_reuse = 1;
2367                         break;
2368                 }
2369                 rcu_read_unlock();
2370         }
2371 #endif
2372         kfree(sk->sk_security);
2373 }
2374 
2375 /**
2376 * smack_ipv4host_label - check host based restrictions
2377 * @sip: the object end
2378 *
2379 * looks for host based access restrictions
2380 *
2381 * This version will only be appropriate for really small sets of single label
2382 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2383 * taken before calling this function.
2384 *
2385 * Returns the label of the far end or NULL if it's not special.
2386 */
2387 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2388 {
2389         struct smk_net4addr *snp;
2390         struct in_addr *siap = &sip->sin_addr;
2391 
2392         if (siap->s_addr == 0)
2393                 return NULL;
2394 
2395         list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2396                 /*
2397                  * we break after finding the first match because
2398                  * the list is sorted from longest to shortest mask
2399                  * so we have found the most specific match
2400                  */
2401                 if (snp->smk_host.s_addr ==
2402                     (siap->s_addr & snp->smk_mask.s_addr))
2403                         return snp->smk_label;
2404 
2405         return NULL;
2406 }
2407 
2408 #if IS_ENABLED(CONFIG_IPV6)
2409 /*
2410  * smk_ipv6_localhost - Check for local ipv6 host address
2411  * @sip: the address
2412  *
2413  * Returns boolean true if this is the localhost address
2414  */
2415 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2416 {
2417         __be16 *be16p = (__be16 *)&sip->sin6_addr;
2418         __be32 *be32p = (__be32 *)&sip->sin6_addr;
2419 
2420         if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2421             ntohs(be16p[7]) == 1)
2422                 return true;
2423         return false;
2424 }
2425 
2426 /**
2427 * smack_ipv6host_label - check host based restrictions
2428 * @sip: the object end
2429 *
2430 * looks for host based access restrictions
2431 *
2432 * This version will only be appropriate for really small sets of single label
2433 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2434 * taken before calling this function.
2435 *
2436 * Returns the label of the far end or NULL if it's not special.
2437 */
2438 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2439 {
2440         struct smk_net6addr *snp;
2441         struct in6_addr *sap = &sip->sin6_addr;
2442         int i;
2443         int found = 0;
2444 
2445         /*
2446          * It's local. Don't look for a host label.
2447          */
2448         if (smk_ipv6_localhost(sip))
2449                 return NULL;
2450 
2451         list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2452                 /*
2453                  * If the label is NULL the entry has
2454                  * been renounced. Ignore it.
2455                  */
2456                 if (snp->smk_label == NULL)
2457                         continue;
2458                 /*
2459                 * we break after finding the first match because
2460                 * the list is sorted from longest to shortest mask
2461                 * so we have found the most specific match
2462                 */
2463                 for (found = 1, i = 0; i < 8; i++) {
2464                         if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2465                             snp->smk_host.s6_addr16[i]) {
2466                                 found = 0;
2467                                 break;
2468                         }
2469                 }
2470                 if (found)
2471                         return snp->smk_label;
2472         }
2473 
2474         return NULL;
2475 }
2476 #endif /* CONFIG_IPV6 */
2477 
2478 /**
2479  * smack_netlabel - Set the secattr on a socket
2480  * @sk: the socket
2481  * @labeled: socket label scheme
2482  *
2483  * Convert the outbound smack value (smk_out) to a
2484  * secattr and attach it to the socket.
2485  *
2486  * Returns 0 on success or an error code
2487  */
2488 static int smack_netlabel(struct sock *sk, int labeled)
2489 {
2490         struct smack_known *skp;
2491         struct socket_smack *ssp = sk->sk_security;
2492         int rc = 0;
2493 
2494         /*
2495          * Usually the netlabel code will handle changing the
2496          * packet labeling based on the label.
2497          * The case of a single label host is different, because
2498          * a single label host should never get a labeled packet
2499          * even though the label is usually associated with a packet
2500          * label.
2501          */
2502         local_bh_disable();
2503         bh_lock_sock_nested(sk);
2504 
2505         if (ssp->smk_out == smack_net_ambient ||
2506             labeled == SMACK_UNLABELED_SOCKET)
2507                 netlbl_sock_delattr(sk);
2508         else {
2509                 skp = ssp->smk_out;
2510                 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2511         }
2512 
2513         bh_unlock_sock(sk);
2514         local_bh_enable();
2515 
2516         return rc;
2517 }
2518 
2519 /**
2520  * smack_netlbel_send - Set the secattr on a socket and perform access checks
2521  * @sk: the socket
2522  * @sap: the destination address
2523  *
2524  * Set the correct secattr for the given socket based on the destination
2525  * address and perform any outbound access checks needed.
2526  *
2527  * Returns 0 on success or an error code.
2528  *
2529  */
2530 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2531 {
2532         struct smack_known *skp;
2533         int rc;
2534         int sk_lbl;
2535         struct smack_known *hkp;
2536         struct socket_smack *ssp = sk->sk_security;
2537         struct smk_audit_info ad;
2538 
2539         rcu_read_lock();
2540         hkp = smack_ipv4host_label(sap);
2541         if (hkp != NULL) {
2542 #ifdef CONFIG_AUDIT
2543                 struct lsm_network_audit net;
2544 
2545                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2546                 ad.a.u.net->family = sap->sin_family;
2547                 ad.a.u.net->dport = sap->sin_port;
2548                 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2549 #endif
2550                 sk_lbl = SMACK_UNLABELED_SOCKET;
2551                 skp = ssp->smk_out;
2552                 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2553                 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2554         } else {
2555                 sk_lbl = SMACK_CIPSO_SOCKET;
2556                 rc = 0;
2557         }
2558         rcu_read_unlock();
2559         if (rc != 0)
2560                 return rc;
2561 
2562         return smack_netlabel(sk, sk_lbl);
2563 }
2564 
2565 #if IS_ENABLED(CONFIG_IPV6)
2566 /**
2567  * smk_ipv6_check - check Smack access
2568  * @subject: subject Smack label
2569  * @object: object Smack label
2570  * @address: address
2571  * @act: the action being taken
2572  *
2573  * Check an IPv6 access
2574  */
2575 static int smk_ipv6_check(struct smack_known *subject,
2576                                 struct smack_known *object,
2577                                 struct sockaddr_in6 *address, int act)
2578 {
2579 #ifdef CONFIG_AUDIT
2580         struct lsm_network_audit net;
2581 #endif
2582         struct smk_audit_info ad;
2583         int rc;
2584 
2585 #ifdef CONFIG_AUDIT
2586         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2587         ad.a.u.net->family = PF_INET6;
2588         ad.a.u.net->dport = ntohs(address->sin6_port);
2589         if (act == SMK_RECEIVING)
2590                 ad.a.u.net->v6info.saddr = address->sin6_addr;
2591         else
2592                 ad.a.u.net->v6info.daddr = address->sin6_addr;
2593 #endif
2594         rc = smk_access(subject, object, MAY_WRITE, &ad);
2595         rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2596         return rc;
2597 }
2598 #endif /* CONFIG_IPV6 */
2599 
2600 #ifdef SMACK_IPV6_PORT_LABELING
2601 /**
2602  * smk_ipv6_port_label - Smack port access table management
2603  * @sock: socket
2604  * @address: address
2605  *
2606  * Create or update the port list entry
2607  */
2608 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2609 {
2610         struct sock *sk = sock->sk;
2611         struct sockaddr_in6 *addr6;
2612         struct socket_smack *ssp = sock->sk->sk_security;
2613         struct smk_port_label *spp;
2614         unsigned short port = 0;
2615 
2616         if (address == NULL) {
2617                 /*
2618                  * This operation is changing the Smack information
2619                  * on the bound socket. Take the changes to the port
2620                  * as well.
2621                  */
2622                 rcu_read_lock();
2623                 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2624                         if (sk != spp->smk_sock)
2625                                 continue;
2626                         spp->smk_in = ssp->smk_in;
2627                         spp->smk_out = ssp->smk_out;
2628                         rcu_read_unlock();
2629                         return;
2630                 }
2631                 /*
2632                  * A NULL address is only used for updating existing
2633                  * bound entries. If there isn't one, it's OK.
2634                  */
2635                 rcu_read_unlock();
2636                 return;
2637         }
2638 
2639         addr6 = (struct sockaddr_in6 *)address;
2640         port = ntohs(addr6->sin6_port);
2641         /*
2642          * This is a special case that is safely ignored.
2643          */
2644         if (port == 0)
2645                 return;
2646 
2647         /*
2648          * Look for an existing port list entry.
2649          * This is an indication that a port is getting reused.
2650          */
2651         rcu_read_lock();
2652         list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2653                 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2654                         continue;
2655                 if (spp->smk_can_reuse != 1) {
2656                         rcu_read_unlock();
2657                         return;
2658                 }
2659                 spp->smk_port = port;
2660                 spp->smk_sock = sk;
2661                 spp->smk_in = ssp->smk_in;
2662                 spp->smk_out = ssp->smk_out;
2663                 spp->smk_can_reuse = 0;
2664                 rcu_read_unlock();
2665                 return;
2666         }
2667         rcu_read_unlock();
2668         /*
2669          * A new port entry is required.
2670          */
2671         spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2672         if (spp == NULL)
2673                 return;
2674 
2675         spp->smk_port = port;
2676         spp->smk_sock = sk;
2677         spp->smk_in = ssp->smk_in;
2678         spp->smk_out = ssp->smk_out;
2679         spp->smk_sock_type = sock->type;
2680         spp->smk_can_reuse = 0;
2681 
2682         mutex_lock(&smack_ipv6_lock);
2683         list_add_rcu(&spp->list, &smk_ipv6_port_list);
2684         mutex_unlock(&smack_ipv6_lock);
2685         return;
2686 }
2687 
2688 /**
2689  * smk_ipv6_port_check - check Smack port access
2690  * @sock: socket
2691  * @address: address
2692  *
2693  * Create or update the port list entry
2694  */
2695 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2696                                 int act)
2697 {
2698         struct smk_port_label *spp;
2699         struct socket_smack *ssp = sk->sk_security;
2700         struct smack_known *skp = NULL;
2701         unsigned short port;
2702         struct smack_known *object;
2703 
2704         if (act == SMK_RECEIVING) {
2705                 skp = smack_ipv6host_label(address);
2706                 object = ssp->smk_in;
2707         } else {
2708                 skp = ssp->smk_out;
2709                 object = smack_ipv6host_label(address);
2710         }
2711 
2712         /*
2713          * The other end is a single label host.
2714          */
2715         if (skp != NULL && object != NULL)
2716                 return smk_ipv6_check(skp, object, address, act);
2717         if (skp == NULL)
2718                 skp = smack_net_ambient;
2719         if (object == NULL)
2720                 object = smack_net_ambient;
2721 
2722         /*
2723          * It's remote, so port lookup does no good.
2724          */
2725         if (!smk_ipv6_localhost(address))
2726                 return smk_ipv6_check(skp, object, address, act);
2727 
2728         /*
2729          * It's local so the send check has to have passed.
2730          */
2731         if (act == SMK_RECEIVING)
2732                 return 0;
2733 
2734         port = ntohs(address->sin6_port);
2735         rcu_read_lock();
2736         list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2737                 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2738                         continue;
2739                 object = spp->smk_in;
2740                 if (act == SMK_CONNECTING)
2741                         ssp->smk_packet = spp->smk_out;
2742                 break;
2743         }
2744         rcu_read_unlock();
2745 
2746         return smk_ipv6_check(skp, object, address, act);
2747 }
2748 #endif /* SMACK_IPV6_PORT_LABELING */
2749 
2750 /**
2751  * smack_inode_setsecurity - set smack xattrs
2752  * @inode: the object
2753  * @name: attribute name
2754  * @value: attribute value
2755  * @size: size of the attribute
2756  * @flags: unused
2757  *
2758  * Sets the named attribute in the appropriate blob
2759  *
2760  * Returns 0 on success, or an error code
2761  */
2762 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2763                                    const void *value, size_t size, int flags)
2764 {
2765         struct smack_known *skp;
2766         struct inode_smack *nsp = inode->i_security;
2767         struct socket_smack *ssp;
2768         struct socket *sock;
2769         int rc = 0;
2770 
2771         if (value == NULL || size > SMK_LONGLABEL || size == 0)
2772                 return -EINVAL;
2773 
2774         skp = smk_import_entry(value, size);
2775         if (IS_ERR(skp))
2776                 return PTR_ERR(skp);
2777 
2778         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2779                 nsp->smk_inode = skp;
2780                 nsp->smk_flags |= SMK_INODE_INSTANT;
2781                 return 0;
2782         }
2783         /*
2784          * The rest of the Smack xattrs are only on sockets.
2785          */
2786         if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2787                 return -EOPNOTSUPP;
2788 
2789         sock = SOCKET_I(inode);
2790         if (sock == NULL || sock->sk == NULL)
2791                 return -EOPNOTSUPP;
2792 
2793         ssp = sock->sk->sk_security;
2794 
2795         if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2796                 ssp->smk_in = skp;
2797         else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2798                 ssp->smk_out = skp;
2799                 if (sock->sk->sk_family == PF_INET) {
2800                         rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2801                         if (rc != 0)
2802                                 printk(KERN_WARNING
2803                                         "Smack: \"%s\" netlbl error %d.\n",
2804                                         __func__, -rc);
2805                 }
2806         } else
2807                 return -EOPNOTSUPP;
2808 
2809 #ifdef SMACK_IPV6_PORT_LABELING
2810         if (sock->sk->sk_family == PF_INET6)
2811                 smk_ipv6_port_label(sock, NULL);
2812 #endif
2813 
2814         return 0;
2815 }
2816 
2817 /**
2818  * smack_socket_post_create - finish socket setup
2819  * @sock: the socket
2820  * @family: protocol family
2821  * @type: unused
2822  * @protocol: unused
2823  * @kern: unused
2824  *
2825  * Sets the netlabel information on the socket
2826  *
2827  * Returns 0 on success, and error code otherwise
2828  */
2829 static int smack_socket_post_create(struct socket *sock, int family,
2830                                     int type, int protocol, int kern)
2831 {
2832         struct socket_smack *ssp;
2833 
2834         if (sock->sk == NULL)
2835                 return 0;
2836 
2837         /*
2838          * Sockets created by kernel threads receive web label.
2839          */
2840         if (unlikely(current->flags & PF_KTHREAD)) {
2841                 ssp = sock->sk->sk_security;
2842                 ssp->smk_in = &smack_known_web;
2843                 ssp->smk_out = &smack_known_web;
2844         }
2845 
2846         if (family != PF_INET)
2847                 return 0;
2848         /*
2849          * Set the outbound netlbl.
2850          */
2851         return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2852 }
2853 
2854 /**
2855  * smack_socket_socketpair - create socket pair
2856  * @socka: one socket
2857  * @sockb: another socket
2858  *
2859  * Cross reference the peer labels for SO_PEERSEC
2860  *
2861  * Returns 0 on success, and error code otherwise
2862  */
2863 static int smack_socket_socketpair(struct socket *socka,
2864                                    struct socket *sockb)
2865 {
2866         struct socket_smack *asp = socka->sk->sk_security;
2867         struct socket_smack *bsp = sockb->sk->sk_security;
2868 
2869         asp->smk_packet = bsp->smk_out;
2870         bsp->smk_packet = asp->smk_out;
2871 
2872         return 0;
2873 }
2874 
2875 #ifdef SMACK_IPV6_PORT_LABELING
2876 /**
2877  * smack_socket_bind - record port binding information.
2878  * @sock: the socket
2879  * @address: the port address
2880  * @addrlen: size of the address
2881  *
2882  * Records the label bound to a port.
2883  *
2884  * Returns 0
2885  */
2886 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2887                                 int addrlen)
2888 {
2889         if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2890                 smk_ipv6_port_label(sock, address);
2891         return 0;
2892 }
2893 #endif /* SMACK_IPV6_PORT_LABELING */
2894 
2895 /**
2896  * smack_socket_connect - connect access check
2897  * @sock: the socket
2898  * @sap: the other end
2899  * @addrlen: size of sap
2900  *
2901  * Verifies that a connection may be possible
2902  *
2903  * Returns 0 on success, and error code otherwise
2904  */
2905 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2906                                 int addrlen)
2907 {
2908         int rc = 0;
2909 #if IS_ENABLED(CONFIG_IPV6)
2910         struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2911 #endif
2912 #ifdef SMACK_IPV6_SECMARK_LABELING
2913         struct smack_known *rsp;
2914         struct socket_smack *ssp;
2915 #endif
2916 
2917         if (sock->sk == NULL)
2918                 return 0;
2919 
2920 #ifdef SMACK_IPV6_SECMARK_LABELING
2921         ssp = sock->sk->sk_security;
2922 #endif
2923 
2924         switch (sock->sk->sk_family) {
2925         case PF_INET:
2926                 if (addrlen < sizeof(struct sockaddr_in))
2927                         return -EINVAL;
2928                 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2929                 break;
2930         case PF_INET6:
2931                 if (addrlen < sizeof(struct sockaddr_in6))
2932                         return -EINVAL;
2933 #ifdef SMACK_IPV6_SECMARK_LABELING
2934                 rsp = smack_ipv6host_label(sip);
2935                 if (rsp != NULL)
2936                         rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2937                                                 SMK_CONNECTING);
2938 #endif
2939 #ifdef SMACK_IPV6_PORT_LABELING
2940                 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2941 #endif
2942                 break;
2943         }
2944         return rc;
2945 }
2946 
2947 /**
2948  * smack_flags_to_may - convert S_ to MAY_ values
2949  * @flags: the S_ value
2950  *
2951  * Returns the equivalent MAY_ value
2952  */
2953 static int smack_flags_to_may(int flags)
2954 {
2955         int may = 0;
2956 
2957         if (flags & S_IRUGO)
2958                 may |= MAY_READ;
2959         if (flags & S_IWUGO)
2960                 may |= MAY_WRITE;
2961         if (flags & S_IXUGO)
2962                 may |= MAY_EXEC;
2963 
2964         return may;
2965 }
2966 
2967 /**
2968  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2969  * @msg: the object
2970  *
2971  * Returns 0
2972  */
2973 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2974 {
2975         struct smack_known *skp = smk_of_current();
2976 
2977         msg->security = skp;
2978         return 0;
2979 }
2980 
2981 /**
2982  * smack_msg_msg_free_security - Clear the security blob for msg_msg
2983  * @msg: the object
2984  *
2985  * Clears the blob pointer
2986  */
2987 static void smack_msg_msg_free_security(struct msg_msg *msg)
2988 {
2989         msg->security = NULL;
2990 }
2991 
2992 /**
2993  * smack_of_ipc - the smack pointer for the ipc
2994  * @isp: the object
2995  *
2996  * Returns a pointer to the smack value
2997  */
2998 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
2999 {
3000         return (struct smack_known *)isp->security;
3001 }
3002 
3003 /**
3004  * smack_ipc_alloc_security - Set the security blob for ipc
3005  * @isp: the object
3006  *
3007  * Returns 0
3008  */
3009 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
3010 {
3011         struct smack_known *skp = smk_of_current();
3012 
3013         isp->security = skp;
3014         return 0;
3015 }
3016 
3017 /**
3018  * smack_ipc_free_security - Clear the security blob for ipc
3019  * @isp: the object
3020  *
3021  * Clears the blob pointer
3022  */
3023 static void smack_ipc_free_security(struct kern_ipc_perm *isp)
3024 {
3025         isp->security = NULL;
3026 }
3027 
3028 /**
3029  * smk_curacc_shm : check if current has access on shm
3030  * @isp : the object
3031  * @access : access requested
3032  *
3033  * Returns 0 if current has the requested access, error code otherwise
3034  */
3035 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
3036 {
3037         struct smack_known *ssp = smack_of_ipc(isp);
3038         struct smk_audit_info ad;
3039         int rc;
3040 
3041 #ifdef CONFIG_AUDIT
3042         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3043         ad.a.u.ipc_id = isp->id;
3044 #endif
3045         rc = smk_curacc(ssp, access, &ad);
3046         rc = smk_bu_current("shm", ssp, access, rc);
3047         return rc;
3048 }
3049 
3050 /**
3051  * smack_shm_associate - Smack access check for shm
3052  * @isp: the object
3053  * @shmflg: access requested
3054  *
3055  * Returns 0 if current has the requested access, error code otherwise
3056  */
3057 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
3058 {
3059         int may;
3060 
3061         may = smack_flags_to_may(shmflg);
3062         return smk_curacc_shm(isp, may);
3063 }
3064 
3065 /**
3066  * smack_shm_shmctl - Smack access check for shm
3067  * @isp: the object
3068  * @cmd: what it wants to do
3069  *
3070  * Returns 0 if current has the requested access, error code otherwise
3071  */
3072 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
3073 {
3074         int may;
3075 
3076         switch (cmd) {
3077         case IPC_STAT:
3078         case SHM_STAT:
3079         case SHM_STAT_ANY:
3080                 may = MAY_READ;
3081                 break;
3082         case IPC_SET:
3083         case SHM_LOCK:
3084         case SHM_UNLOCK:
3085         case IPC_RMID:
3086                 may = MAY_READWRITE;
3087                 break;
3088         case IPC_INFO:
3089         case SHM_INFO:
3090                 /*
3091                  * System level information.
3092                  */
3093                 return 0;
3094         default:
3095                 return -EINVAL;
3096         }
3097         return smk_curacc_shm(isp, may);
3098 }
3099 
3100 /**
3101  * smack_shm_shmat - Smack access for shmat
3102  * @isp: the object
3103  * @shmaddr: unused
3104  * @shmflg: access requested
3105  *
3106  * Returns 0 if current has the requested access, error code otherwise
3107  */
3108 static int smack_shm_shmat(struct kern_ipc_perm *ipc, char __user *shmaddr,
3109                            int shmflg)
3110 {
3111         int may;
3112 
3113         may = smack_flags_to_may(shmflg);
3114         return smk_curacc_shm(ipc, may);
3115 }
3116 
3117 /**
3118  * smk_curacc_sem : check if current has access on sem
3119  * @isp : the object
3120  * @access : access requested
3121  *
3122  * Returns 0 if current has the requested access, error code otherwise
3123  */
3124 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3125 {
3126         struct smack_known *ssp = smack_of_ipc(isp);
3127         struct smk_audit_info ad;
3128         int rc;
3129 
3130 #ifdef CONFIG_AUDIT
3131         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3132         ad.a.u.ipc_id = isp->id;
3133 #endif
3134         rc = smk_curacc(ssp, access, &ad);
3135         rc = smk_bu_current("sem", ssp, access, rc);
3136         return rc;
3137 }
3138 
3139 /**
3140  * smack_sem_associate - Smack access check for sem
3141  * @isp: the object
3142  * @semflg: access requested
3143  *
3144  * Returns 0 if current has the requested access, error code otherwise
3145  */
3146 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3147 {
3148         int may;
3149 
3150         may = smack_flags_to_may(semflg);
3151         return smk_curacc_sem(isp, may);
3152 }
3153 
3154 /**
3155  * smack_sem_shmctl - Smack access check for sem
3156  * @isp: the object
3157  * @cmd: what it wants to do
3158  *
3159  * Returns 0 if current has the requested access, error code otherwise
3160  */
3161 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3162 {
3163         int may;
3164 
3165         switch (cmd) {
3166         case GETPID:
3167         case GETNCNT:
3168         case GETZCNT:
3169         case GETVAL:
3170         case GETALL:
3171         case IPC_STAT:
3172         case SEM_STAT:
3173         case SEM_STAT_ANY:
3174                 may = MAY_READ;
3175                 break;
3176         case SETVAL:
3177         case SETALL:
3178         case IPC_RMID:
3179         case IPC_SET:
3180                 may = MAY_READWRITE;
3181                 break;
3182         case IPC_INFO:
3183         case SEM_INFO:
3184                 /*
3185                  * System level information
3186                  */
3187                 return 0;
3188         default:
3189                 return -EINVAL;
3190         }
3191 
3192         return smk_curacc_sem(isp, may);
3193 }
3194 
3195 /**
3196  * smack_sem_semop - Smack checks of semaphore operations
3197  * @isp: the object
3198  * @sops: unused
3199  * @nsops: unused
3200  * @alter: unused
3201  *
3202  * Treated as read and write in all cases.
3203  *
3204  * Returns 0 if access is allowed, error code otherwise
3205  */
3206 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3207                            unsigned nsops, int alter)
3208 {
3209         return smk_curacc_sem(isp, MAY_READWRITE);
3210 }
3211 
3212 /**
3213  * smk_curacc_msq : helper to check if current has access on msq
3214  * @isp : the msq
3215  * @access : access requested
3216  *
3217  * return 0 if current has access, error otherwise
3218  */
3219 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3220 {
3221         struct smack_known *msp = smack_of_ipc(isp);
3222         struct smk_audit_info ad;
3223         int rc;
3224 
3225 #ifdef CONFIG_AUDIT
3226         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3227         ad.a.u.ipc_id = isp->id;
3228 #endif
3229         rc = smk_curacc(msp, access, &ad);
3230         rc = smk_bu_current("msq", msp, access, rc);
3231         return rc;
3232 }
3233 
3234 /**
3235  * smack_msg_queue_associate - Smack access check for msg_queue
3236  * @isp: the object
3237  * @msqflg: access requested
3238  *
3239  * Returns 0 if current has the requested access, error code otherwise
3240  */
3241 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3242 {
3243         int may;
3244 
3245         may = smack_flags_to_may(msqflg);
3246         return smk_curacc_msq(isp, may);
3247 }
3248 
3249 /**
3250  * smack_msg_queue_msgctl - Smack access check for msg_queue
3251  * @isp: the object
3252  * @cmd: what it wants to do
3253  *
3254  * Returns 0 if current has the requested access, error code otherwise
3255  */
3256 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3257 {
3258         int may;
3259 
3260         switch (cmd) {
3261         case IPC_STAT:
3262         case MSG_STAT:
3263         case MSG_STAT_ANY:
3264                 may = MAY_READ;
3265                 break;
3266         case IPC_SET:
3267         case IPC_RMID:
3268                 may = MAY_READWRITE;
3269                 break;
3270         case IPC_INFO:
3271         case MSG_INFO:
3272                 /*
3273                  * System level information
3274                  */
3275                 return 0;
3276         default:
3277                 return -EINVAL;
3278         }
3279 
3280         return smk_curacc_msq(isp, may);
3281 }
3282 
3283 /**
3284  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3285  * @isp: the object
3286  * @msg: unused
3287  * @msqflg: access requested
3288  *
3289  * Returns 0 if current has the requested access, error code otherwise
3290  */
3291 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3292                                   int msqflg)
3293 {
3294         int may;
3295 
3296         may = smack_flags_to_may(msqflg);
3297         return smk_curacc_msq(isp, may);
3298 }
3299 
3300 /**
3301  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3302  * @isp: the object
3303  * @msg: unused
3304  * @target: unused
3305  * @type: unused
3306  * @mode: unused
3307  *
3308  * Returns 0 if current has read and write access, error code otherwise
3309  */
3310 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
3311                         struct task_struct *target, long type, int mode)
3312 {
3313         return smk_curacc_msq(isp, MAY_READWRITE);
3314 }
3315 
3316 /**
3317  * smack_ipc_permission - Smack access for ipc_permission()
3318  * @ipp: the object permissions
3319  * @flag: access requested
3320  *
3321  * Returns 0 if current has read and write access, error code otherwise
3322  */
3323 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3324 {
3325         struct smack_known *iskp = ipp->security;
3326         int may = smack_flags_to_may(flag);
3327         struct smk_audit_info ad;
3328         int rc;
3329 
3330 #ifdef CONFIG_AUDIT
3331         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3332         ad.a.u.ipc_id = ipp->id;
3333 #endif
3334         rc = smk_curacc(iskp, may, &ad);
3335         rc = smk_bu_current("svipc", iskp, may, rc);
3336         return rc;
3337 }
3338 
3339 /**
3340  * smack_ipc_getsecid - Extract smack security id
3341  * @ipp: the object permissions
3342  * @secid: where result will be saved
3343  */
3344 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3345 {
3346         struct smack_known *iskp = ipp->security;
3347 
3348         *secid = iskp->smk_secid;
3349 }
3350 
3351 /**
3352  * smack_d_instantiate - Make sure the blob is correct on an inode
3353  * @opt_dentry: dentry where inode will be attached
3354  * @inode: the object
3355  *
3356  * Set the inode's security blob if it hasn't been done already.
3357  */
3358 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3359 {
3360         struct super_block *sbp;
3361         struct superblock_smack *sbsp;
3362         struct inode_smack *isp;
3363         struct smack_known *skp;
3364         struct smack_known *ckp = smk_of_current();
3365         struct smack_known *final;
3366         char trattr[TRANS_TRUE_SIZE];
3367         int transflag = 0;
3368         int rc;
3369         struct dentry *dp;
3370 
3371         if (inode == NULL)
3372                 return;
3373 
3374         isp = inode->i_security;
3375 
3376         mutex_lock(&isp->smk_lock);
3377         /*
3378          * If the inode is already instantiated
3379          * take the quick way out
3380          */
3381         if (isp->smk_flags & SMK_INODE_INSTANT)
3382                 goto unlockandout;
3383 
3384         sbp = inode->i_sb;
3385         sbsp = sbp->s_security;
3386         /*
3387          * We're going to use the superblock default label
3388          * if there's no label on the file.
3389          */
3390         final = sbsp->smk_default;
3391 
3392         /*
3393          * If this is the root inode the superblock
3394          * may be in the process of initialization.
3395          * If that is the case use the root value out
3396          * of the superblock.
3397          */
3398         if (opt_dentry->d_parent == opt_dentry) {
3399                 switch (sbp->s_magic) {
3400                 case CGROUP_SUPER_MAGIC:
3401                 case CGROUP2_SUPER_MAGIC:
3402                         /*
3403                          * The cgroup filesystem is never mounted,
3404                          * so there's no opportunity to set the mount
3405                          * options.
3406                          */
3407                         sbsp->smk_root = &smack_known_star;
3408                         sbsp->smk_default = &smack_known_star;
3409                         isp->smk_inode = sbsp->smk_root;
3410                         break;
3411                 case TMPFS_MAGIC:
3412                         /*
3413                          * What about shmem/tmpfs anonymous files with dentry
3414                          * obtained from d_alloc_pseudo()?
3415                          */
3416                         isp->smk_inode = smk_of_current();
3417                         break;
3418                 case PIPEFS_MAGIC:
3419                         isp->smk_inode = smk_of_current();
3420                         break;
3421                 case SOCKFS_MAGIC:
3422                         /*
3423                          * Socket access is controlled by the socket
3424                          * structures associated with the task involved.
3425                          */
3426                         isp->smk_inode = &smack_known_star;
3427                         break;
3428                 default:
3429                         isp->smk_inode = sbsp->smk_root;
3430                         break;
3431                 }
3432                 isp->smk_flags |= SMK_INODE_INSTANT;
3433                 goto unlockandout;
3434         }
3435 
3436         /*
3437          * This is pretty hackish.
3438          * Casey says that we shouldn't have to do
3439          * file system specific code, but it does help
3440          * with keeping it simple.
3441          */
3442         switch (sbp->s_magic) {
3443         case SMACK_MAGIC:
3444         case CGROUP_SUPER_MAGIC:
3445         case CGROUP2_SUPER_MAGIC:
3446                 /*
3447                  * Casey says that it's a little embarrassing
3448                  * that the smack file system doesn't do
3449                  * extended attributes.
3450                  *
3451                  * Cgroupfs is special
3452                  */
3453                 final = &smack_known_star;
3454                 break;
3455         case DEVPTS_SUPER_MAGIC:
3456                 /*
3457                  * devpts seems content with the label of the task.
3458                  * Programs that change smack have to treat the
3459                  * pty with respect.
3460                  */
3461                 final = ckp;
3462                 break;
3463         case PROC_SUPER_MAGIC:
3464                 /*
3465                  * Casey says procfs appears not to care.
3466                  * The superblock default suffices.
3467                  */
3468                 break;
3469         case TMPFS_MAGIC:
3470                 /*
3471                  * Device labels should come from the filesystem,
3472                  * but watch out, because they're volitile,
3473                  * getting recreated on every reboot.
3474                  */
3475                 final = &smack_known_star;
3476                 /*
3477                  * Fall through.
3478                  *
3479                  * If a smack value has been set we want to use it,
3480                  * but since tmpfs isn't giving us the opportunity
3481                  * to set mount options simulate setting the
3482                  * superblock default.
3483                  */
3484         default:
3485                 /*
3486                  * This isn't an understood special case.
3487                  * Get the value from the xattr.
3488                  */
3489 
3490                 /*
3491                  * UNIX domain sockets use lower level socket data.
3492                  */
3493                 if (S_ISSOCK(inode->i_mode)) {
3494                         final = &smack_known_star;
3495                         break;
3496                 }
3497                 /*
3498                  * No xattr support means, alas, no SMACK label.
3499                  * Use the aforeapplied default.
3500                  * It would be curious if the label of the task
3501                  * does not match that assigned.
3502                  */
3503                 if (!(inode->i_opflags & IOP_XATTR))
3504                         break;
3505                 /*
3506                  * Get the dentry for xattr.
3507                  */
3508                 dp = dget(opt_dentry);
3509                 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3510                 if (!IS_ERR_OR_NULL(skp))
3511                         final = skp;
3512 
3513                 /*
3514                  * Transmuting directory
3515                  */
3516                 if (S_ISDIR(inode->i_mode)) {
3517                         /*
3518                          * If this is a new directory and the label was
3519                          * transmuted when the inode was initialized
3520                          * set the transmute attribute on the directory
3521                          * and mark the inode.
3522                          *
3523                          * If there is a transmute attribute on the
3524                          * directory mark the inode.
3525                          */
3526                         if (isp->smk_flags & SMK_INODE_CHANGED) {
3527                                 isp->smk_flags &= ~SMK_INODE_CHANGED;
3528                                 rc = __vfs_setxattr(dp, inode,
3529                                         XATTR_NAME_SMACKTRANSMUTE,
3530                                         TRANS_TRUE, TRANS_TRUE_SIZE,
3531                                         0);
3532                         } else {
3533                                 rc = __vfs_getxattr(dp, inode,
3534                                         XATTR_NAME_SMACKTRANSMUTE, trattr,
3535                                         TRANS_TRUE_SIZE);
3536                                 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3537                                                        TRANS_TRUE_SIZE) != 0)
3538                                         rc = -EINVAL;
3539                         }
3540                         if (rc >= 0)
3541                                 transflag = SMK_INODE_TRANSMUTE;
3542                 }
3543                 /*
3544                  * Don't let the exec or mmap label be "*" or "@".
3545                  */
3546                 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3547                 if (IS_ERR(skp) || skp == &smack_known_star ||
3548                     skp == &smack_known_web)
3549                         skp = NULL;
3550                 isp->smk_task = skp;
3551 
3552                 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3553                 if (IS_ERR(skp) || skp == &smack_known_star ||
3554                     skp == &smack_known_web)
3555                         skp = NULL;
3556                 isp->smk_mmap = skp;
3557 
3558                 dput(dp);
3559                 break;
3560         }
3561 
3562         if (final == NULL)
3563                 isp->smk_inode = ckp;
3564         else
3565                 isp->smk_inode = final;
3566 
3567         isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3568 
3569 unlockandout:
3570         mutex_unlock(&isp->smk_lock);
3571         return;
3572 }
3573 
3574 /**
3575  * smack_getprocattr - Smack process attribute access
3576  * @p: the object task
3577  * @name: the name of the attribute in /proc/.../attr
3578  * @value: where to put the result
3579  *
3580  * Places a copy of the task Smack into value
3581  *
3582  * Returns the length of the smack label or an error code
3583  */
3584 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3585 {
3586         struct smack_known *skp = smk_of_task_struct(p);
3587         char *cp;
3588         int slen;
3589 
3590         if (strcmp(name, "current") != 0)
3591                 return -EINVAL;
3592 
3593         cp = kstrdup(skp->smk_known, GFP_KERNEL);
3594         if (cp == NULL)
3595                 return -ENOMEM;
3596 
3597         slen = strlen(cp);
3598         *value = cp;
3599         return slen;
3600 }
3601 
3602 /**
3603  * smack_setprocattr - Smack process attribute setting
3604  * @name: the name of the attribute in /proc/.../attr
3605  * @value: the value to set
3606  * @size: the size of the value
3607  *
3608  * Sets the Smack value of the task. Only setting self
3609  * is permitted and only with privilege
3610  *
3611  * Returns the length of the smack label or an error code
3612  */
3613 static int smack_setprocattr(const char *name, void *value, size_t size)
3614 {
3615         struct task_smack *tsp = current_security();
3616         struct cred *new;
3617         struct smack_known *skp;
3618         struct smack_known_list_elem *sklep;
3619         int rc;
3620 
3621         if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3622                 return -EPERM;
3623 
3624         if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3625                 return -EINVAL;
3626 
3627         if (strcmp(name, "current") != 0)
3628                 return -EINVAL;
3629 
3630         skp = smk_import_entry(value, size);
3631         if (IS_ERR(skp))
3632                 return PTR_ERR(skp);
3633 
3634         /*
3635          * No process is ever allowed the web ("@") label
3636          * and the star ("*") label.
3637          */
3638         if (skp == &smack_known_web || skp == &smack_known_star)
3639                 return -EINVAL;
3640 
3641         if (!smack_privileged(CAP_MAC_ADMIN)) {
3642                 rc = -EPERM;
3643                 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3644                         if (sklep->smk_label == skp) {
3645                                 rc = 0;
3646                                 break;
3647                         }
3648                 if (rc)
3649                         return rc;
3650         }
3651 
3652         new = prepare_creds();
3653         if (new == NULL)
3654                 return -ENOMEM;
3655 
3656         tsp = new->security;
3657         tsp->smk_task = skp;
3658         /*
3659          * process can change its label only once
3660          */
3661         smk_destroy_label_list(&tsp->smk_relabel);
3662 
3663         commit_creds(new);
3664         return size;
3665 }
3666 
3667 /**
3668  * smack_unix_stream_connect - Smack access on UDS
3669  * @sock: one sock
3670  * @other: the other sock
3671  * @newsk: unused
3672  *
3673  * Return 0 if a subject with the smack of sock could access
3674  * an object with the smack of other, otherwise an error code
3675  */
3676 static int smack_unix_stream_connect(struct sock *sock,
3677                                      struct sock *other, struct sock *newsk)
3678 {
3679         struct smack_known *skp;
3680         struct smack_known *okp;
3681         struct socket_smack *ssp = sock->sk_security;
3682         struct socket_smack *osp = other->sk_security;
3683         struct socket_smack *nsp = newsk->sk_security;
3684         struct smk_audit_info ad;
3685         int rc = 0;
3686 #ifdef CONFIG_AUDIT
3687         struct lsm_network_audit net;
3688 #endif
3689 
3690         if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3691                 skp = ssp->smk_out;
3692                 okp = osp->smk_in;
3693 #ifdef CONFIG_AUDIT
3694                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3695                 smk_ad_setfield_u_net_sk(&ad, other);
3696 #endif
3697                 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3698                 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3699                 if (rc == 0) {
3700                         okp = osp->smk_out;
3701                         skp = ssp->smk_in;
3702                         rc = smk_access(okp, skp, MAY_WRITE, &ad);
3703                         rc = smk_bu_note("UDS connect", okp, skp,
3704                                                 MAY_WRITE, rc);
3705                 }
3706         }
3707 
3708         /*
3709          * Cross reference the peer labels for SO_PEERSEC.
3710          */
3711         if (rc == 0) {
3712                 nsp->smk_packet = ssp->smk_out;
3713                 ssp->smk_packet = osp->smk_out;
3714         }
3715 
3716         return rc;
3717 }
3718 
3719 /**
3720  * smack_unix_may_send - Smack access on UDS
3721  * @sock: one socket
3722  * @other: the other socket
3723  *
3724  * Return 0 if a subject with the smack of sock could access
3725  * an object with the smack of other, otherwise an error code
3726  */
3727 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3728 {
3729         struct socket_smack *ssp = sock->sk->sk_security;
3730         struct socket_smack *osp = other->sk->sk_security;
3731         struct smk_audit_info ad;
3732         int rc;
3733 
3734 #ifdef CONFIG_AUDIT
3735         struct lsm_network_audit net;
3736 
3737         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3738         smk_ad_setfield_u_net_sk(&ad, other->sk);
3739 #endif
3740 
3741         if (smack_privileged(CAP_MAC_OVERRIDE))
3742                 return 0;
3743 
3744         rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3745         rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3746         return rc;
3747 }
3748 
3749 /**
3750  * smack_socket_sendmsg - Smack check based on destination host
3751  * @sock: the socket
3752  * @msg: the message
3753  * @size: the size of the message
3754  *
3755  * Return 0 if the current subject can write to the destination host.
3756  * For IPv4 this is only a question if the destination is a single label host.
3757  * For IPv6 this is a check against the label of the port.
3758  */
3759 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3760                                 int size)
3761 {
3762         struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3763 #if IS_ENABLED(CONFIG_IPV6)
3764         struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3765 #endif
3766 #ifdef SMACK_IPV6_SECMARK_LABELING
3767         struct socket_smack *ssp = sock->sk->sk_security;
3768         struct smack_known *rsp;
3769 #endif
3770         int rc = 0;
3771 
3772         /*
3773          * Perfectly reasonable for this to be NULL
3774          */
3775         if (sip == NULL)
3776                 return 0;
3777 
3778         switch (sock->sk->sk_family) {
3779         case AF_INET:
3780                 rc = smack_netlabel_send(sock->sk, sip);
3781                 break;
3782         case AF_INET6:
3783 #ifdef SMACK_IPV6_SECMARK_LABELING
3784                 rsp = smack_ipv6host_label(sap);
3785                 if (rsp != NULL)
3786                         rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3787                                                 SMK_CONNECTING);
3788 #endif
3789 #ifdef SMACK_IPV6_PORT_LABELING
3790                 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3791 #endif
3792                 break;
3793         }
3794         return rc;
3795 }
3796 
3797 /**
3798  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3799  * @sap: netlabel secattr
3800  * @ssp: socket security information
3801  *
3802  * Returns a pointer to a Smack label entry found on the label list.
3803  */
3804 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3805                                                 struct socket_smack *ssp)
3806 {
3807         struct smack_known *skp;
3808         int found = 0;
3809         int acat;
3810         int kcat;
3811 
3812         if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3813                 /*
3814                  * Looks like a CIPSO packet.
3815                  * If there are flags but no level netlabel isn't
3816                  * behaving the way we expect it to.
3817                  *
3818                  * Look it up in the label table
3819                  * Without guidance regarding the smack value
3820                  * for the packet fall back on the network
3821                  * ambient value.
3822                  */
3823                 rcu_read_lock();
3824                 list_for_each_entry_rcu(skp, &smack_known_list, list) {
3825                         if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3826                                 continue;
3827                         /*
3828                          * Compare the catsets. Use the netlbl APIs.
3829                          */
3830                         if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3831                                 if ((skp->smk_netlabel.flags &
3832                                      NETLBL_SECATTR_MLS_CAT) == 0)
3833                                         found = 1;
3834                                 break;
3835                         }
3836                         for (acat = -1, kcat = -1; acat == kcat; ) {
3837                                 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3838                                                           acat + 1);
3839                                 kcat = netlbl_catmap_walk(
3840                                         skp->smk_netlabel.attr.mls.cat,
3841                                         kcat + 1);
3842                                 if (acat < 0 || kcat < 0)
3843                                         break;
3844                         }
3845                         if (acat == kcat) {
3846                                 found = 1;
3847                                 break;
3848                         }
3849                 }
3850                 rcu_read_unlock();
3851 
3852                 if (found)
3853                         return skp;
3854 
3855                 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3856                         return &smack_known_web;
3857                 return &smack_known_star;
3858         }
3859         if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3860                 /*
3861                  * Looks like a fallback, which gives us a secid.
3862                  */
3863                 return smack_from_secid(sap->attr.secid);
3864         /*
3865          * Without guidance regarding the smack value
3866          * for the packet fall back on the network
3867          * ambient value.
3868          */
3869         return smack_net_ambient;
3870 }
3871 
3872 #if IS_ENABLED(CONFIG_IPV6)
3873 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3874 {
3875         u8 nexthdr;
3876         int offset;
3877         int proto = -EINVAL;
3878         struct ipv6hdr _ipv6h;
3879         struct ipv6hdr *ip6;
3880         __be16 frag_off;
3881         struct tcphdr _tcph, *th;
3882         struct udphdr _udph, *uh;
3883         struct dccp_hdr _dccph, *dh;
3884 
3885         sip->sin6_port = 0;
3886 
3887         offset = skb_network_offset(skb);
3888         ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3889         if (ip6 == NULL)
3890                 return -EINVAL;
3891         sip->sin6_addr = ip6->saddr;
3892 
3893         nexthdr = ip6->nexthdr;
3894         offset += sizeof(_ipv6h);
3895         offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3896         if (offset < 0)
3897                 return -EINVAL;
3898 
3899         proto = nexthdr;
3900         switch (proto) {
3901         case IPPROTO_TCP:
3902                 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3903                 if (th != NULL)
3904                         sip->sin6_port = th->source;
3905                 break;
3906         case IPPROTO_UDP:
3907         case IPPROTO_UDPLITE:
3908                 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3909                 if (uh != NULL)
3910                         sip->sin6_port = uh->source;
3911                 break;
3912         case IPPROTO_DCCP:
3913                 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3914                 if (dh != NULL)
3915                         sip->sin6_port = dh->dccph_sport;
3916                 break;
3917         }
3918         return proto;
3919 }
3920 #endif /* CONFIG_IPV6 */
3921 
3922 /**
3923  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3924  * @sk: socket
3925  * @skb: packet
3926  *
3927  * Returns 0 if the packet should be delivered, an error code otherwise
3928  */
3929 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3930 {
3931         struct netlbl_lsm_secattr secattr;
3932         struct socket_smack *ssp = sk->sk_security;
3933         struct smack_known *skp = NULL;
3934         int rc = 0;
3935         struct smk_audit_info ad;
3936         u16 family = sk->sk_family;
3937 #ifdef CONFIG_AUDIT
3938         struct lsm_network_audit net;
3939 #endif
3940 #if IS_ENABLED(CONFIG_IPV6)
3941         struct sockaddr_in6 sadd;
3942         int proto;
3943 
3944         if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3945                 family = PF_INET;
3946 #endif /* CONFIG_IPV6 */
3947 
3948         switch (family) {
3949         case PF_INET:
3950 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3951                 /*
3952                  * If there is a secmark use it rather than the CIPSO label.
3953                  * If there is no secmark fall back to CIPSO.
3954                  * The secmark is assumed to reflect policy better.
3955                  */
3956                 if (skb && skb->secmark != 0) {
3957                         skp = smack_from_secid(skb->secmark);
3958                         goto access_check;
3959                 }
3960 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3961                 /*
3962                  * Translate what netlabel gave us.
3963                  */
3964                 netlbl_secattr_init(&secattr);
3965 
3966                 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3967                 if (rc == 0)
3968                         skp = smack_from_secattr(&secattr, ssp);
3969                 else
3970                         skp = smack_net_ambient;
3971 
3972                 netlbl_secattr_destroy(&secattr);
3973 
3974 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3975 access_check:
3976 #endif
3977 #ifdef CONFIG_AUDIT
3978                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3979                 ad.a.u.net->family = family;
3980                 ad.a.u.net->netif = skb->skb_iif;
3981                 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3982 #endif
3983                 /*
3984                  * Receiving a packet requires that the other end
3985                  * be able to write here. Read access is not required.
3986                  * This is the simplist possible security model
3987                  * for networking.
3988                  */
3989                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3990                 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3991                                         MAY_WRITE, rc);
3992                 if (rc != 0)
3993                         netlbl_skbuff_err(skb, family, rc, 0);
3994                 break;
3995 #if IS_ENABLED(CONFIG_IPV6)
3996         case PF_INET6:
3997                 proto = smk_skb_to_addr_ipv6(skb, &sadd);
3998                 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3999                     proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
4000                         break;
4001 #ifdef SMACK_IPV6_SECMARK_LABELING
4002                 if (skb && skb->secmark != 0)
4003                         skp = smack_from_secid(skb->secmark);
4004                 else
4005                         skp = smack_ipv6host_label(&sadd);
4006                 if (skp == NULL)
4007                         skp = smack_net_ambient;
4008 #ifdef CONFIG_AUDIT
4009                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4010                 ad.a.u.net->family = family;
4011                 ad.a.u.net->netif = skb->skb_iif;
4012                 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4013 #endif /* CONFIG_AUDIT */
4014                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4015                 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4016                                         MAY_WRITE, rc);
4017 #endif /* SMACK_IPV6_SECMARK_LABELING */
4018 #ifdef SMACK_IPV6_PORT_LABELING
4019                 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
4020 #endif /* SMACK_IPV6_PORT_LABELING */
4021                 if (rc != 0)
4022                         icmpv6_send(skb, ICMPV6_DEST_UNREACH,
4023                                         ICMPV6_ADM_PROHIBITED, 0);
4024                 break;
4025 #endif /* CONFIG_IPV6 */
4026         }
4027 
4028         return rc;
4029 }
4030 
4031 /**
4032  * smack_socket_getpeersec_stream - pull in packet label
4033  * @sock: the socket
4034  * @optval: user's destination
4035  * @optlen: size thereof
4036  * @len: max thereof
4037  *
4038  * returns zero on success, an error code otherwise
4039  */
4040 static int smack_socket_getpeersec_stream(struct socket *sock,
4041                                           char __user *optval,
4042                                           int __user *optlen, unsigned len)
4043 {
4044         struct socket_smack *ssp;
4045         char *rcp = "";
4046         int slen = 1;
4047         int rc = 0;
4048 
4049         ssp = sock->sk->sk_security;
4050         if (ssp->smk_packet != NULL) {
4051                 rcp = ssp->smk_packet->smk_known;
4052                 slen = strlen(rcp) + 1;
4053         }
4054 
4055         if (slen > len)
4056                 rc = -ERANGE;
4057         else if (copy_to_user(optval, rcp, slen) != 0)
4058                 rc = -EFAULT;
4059 
4060         if (put_user(slen, optlen) != 0)
4061                 rc = -EFAULT;
4062 
4063         return rc;
4064 }
4065 
4066 
4067 /**
4068  * smack_socket_getpeersec_dgram - pull in packet label
4069  * @sock: the peer socket
4070  * @skb: packet data
4071  * @secid: pointer to where to put the secid of the packet
4072  *
4073  * Sets the netlabel socket state on sk from parent
4074  */
4075 static int smack_socket_getpeersec_dgram(struct socket *sock,
4076                                          struct sk_buff *skb, u32 *secid)
4077 
4078 {
4079         struct netlbl_lsm_secattr secattr;
4080         struct socket_smack *ssp = NULL;
4081         struct smack_known *skp;
4082         int family = PF_UNSPEC;
4083         u32 s = 0;      /* 0 is the invalid secid */
4084         int rc;
4085 
4086         if (skb != NULL) {
4087                 if (skb->protocol == htons(ETH_P_IP))
4088                         family = PF_INET;
4089 #if IS_ENABLED(CONFIG_IPV6)
4090                 else if (skb->protocol == htons(ETH_P_IPV6))
4091                         family = PF_INET6;
4092 #endif /* CONFIG_IPV6 */
4093         }
4094         if (family == PF_UNSPEC && sock != NULL)
4095                 family = sock->sk->sk_family;
4096 
4097         switch (family) {
4098         case PF_UNIX:
4099                 ssp = sock->sk->sk_security;
4100                 s = ssp->smk_out->smk_secid;
4101                 break;
4102         case PF_INET:
4103 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4104                 s = skb->secmark;
4105                 if (s != 0)
4106                         break;
4107 #endif
4108                 /*
4109                  * Translate what netlabel gave us.
4110                  */
4111                 if (sock != NULL && sock->sk != NULL)
4112                         ssp = sock->sk->sk_security;
4113                 netlbl_secattr_init(&secattr);
4114                 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4115                 if (rc == 0) {
4116                         skp = smack_from_secattr(&secattr, ssp);
4117                         s = skp->smk_secid;
4118                 }
4119                 netlbl_secattr_destroy(&secattr);
4120                 break;
4121         case PF_INET6:
4122 #ifdef SMACK_IPV6_SECMARK_LABELING
4123                 s = skb->secmark;
4124 #endif
4125                 break;
4126         }
4127         *secid = s;
4128         if (s == 0)
4129                 return -EINVAL;
4130         return 0;
4131 }
4132 
4133 /**
4134  * smack_sock_graft - Initialize a newly created socket with an existing sock
4135  * @sk: child sock
4136  * @parent: parent socket
4137  *
4138  * Set the smk_{in,out} state of an existing sock based on the process that
4139  * is creating the new socket.
4140  */
4141 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4142 {
4143         struct socket_smack *ssp;
4144         struct smack_known *skp = smk_of_current();
4145 
4146         if (sk == NULL ||
4147             (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4148                 return;
4149 
4150         ssp = sk->sk_security;
4151         ssp->smk_in = skp;
4152         ssp->smk_out = skp;
4153         /* cssp->smk_packet is already set in smack_inet_csk_clone() */
4154 }
4155 
4156 /**
4157  * smack_inet_conn_request - Smack access check on connect
4158  * @sk: socket involved
4159  * @skb: packet
4160  * @req: unused
4161  *
4162  * Returns 0 if a task with the packet label could write to
4163  * the socket, otherwise an error code
4164  */
4165 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4166                                    struct request_sock *req)
4167 {
4168         u16 family = sk->sk_family;
4169         struct smack_known *skp;
4170         struct socket_smack *ssp = sk->sk_security;
4171         struct netlbl_lsm_secattr secattr;
4172         struct sockaddr_in addr;
4173         struct iphdr *hdr;
4174         struct smack_known *hskp;
4175         int rc;
4176         struct smk_audit_info ad;
4177 #ifdef CONFIG_AUDIT
4178         struct lsm_network_audit net;
4179 #endif
4180 
4181 #if IS_ENABLED(CONFIG_IPV6)
4182         if (family == PF_INET6) {
4183                 /*
4184                  * Handle mapped IPv4 packets arriving
4185                  * via IPv6 sockets. Don't set up netlabel
4186                  * processing on IPv6.
4187                  */
4188                 if (skb->protocol == htons(ETH_P_IP))
4189                         family = PF_INET;
4190                 else
4191                         return 0;
4192         }
4193 #endif /* CONFIG_IPV6 */
4194 
4195 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4196         /*
4197          * If there is a secmark use it rather than the CIPSO label.
4198          * If there is no secmark fall back to CIPSO.
4199          * The secmark is assumed to reflect policy better.
4200          */
4201         if (skb && skb->secmark != 0) {
4202                 skp = smack_from_secid(skb->secmark);
4203                 goto access_check;
4204         }
4205 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4206 
4207         netlbl_secattr_init(&secattr);
4208         rc = netlbl_skbuff_getattr(skb, family, &secattr);
4209         if (rc == 0)
4210                 skp = smack_from_secattr(&secattr, ssp);
4211         else
4212                 skp = &smack_known_huh;
4213         netlbl_secattr_destroy(&secattr);
4214 
4215 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4216 access_check:
4217 #endif
4218 
4219 #ifdef CONFIG_AUDIT
4220         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4221         ad.a.u.net->family = family;
4222         ad.a.u.net->netif = skb->skb_iif;
4223         ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4224 #endif
4225         /*
4226          * Receiving a packet requires that the other end be able to write
4227          * here. Read access is not required.
4228          */
4229         rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4230         rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4231         if (rc != 0)
4232                 return rc;
4233 
4234         /*
4235          * Save the peer's label in the request_sock so we can later setup
4236          * smk_packet in the child socket so that SO_PEERCRED can report it.
4237          */
4238         req->peer_secid = skp->smk_secid;
4239 
4240         /*
4241          * We need to decide if we want to label the incoming connection here
4242          * if we do we only need to label the request_sock and the stack will
4243          * propagate the wire-label to the sock when it is created.
4244          */
4245         hdr = ip_hdr(skb);
4246         addr.sin_addr.s_addr = hdr->saddr;
4247         rcu_read_lock();
4248         hskp = smack_ipv4host_label(&addr);
4249         rcu_read_unlock();
4250 
4251         if (hskp == NULL)
4252                 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4253         else
4254                 netlbl_req_delattr(req);
4255 
4256         return rc;
4257 }
4258 
4259 /**
4260  * smack_inet_csk_clone - Copy the connection information to the new socket
4261  * @sk: the new socket
4262  * @req: the connection's request_sock
4263  *
4264  * Transfer the connection's peer label to the newly created socket.
4265  */
4266 static void smack_inet_csk_clone(struct sock *sk,
4267                                  const struct request_sock *req)
4268 {
4269         struct socket_smack *ssp = sk->sk_security;
4270         struct smack_known *skp;
4271 
4272         if (req->peer_secid != 0) {
4273                 skp = smack_from_secid(req->peer_secid);
4274                 ssp->smk_packet = skp;
4275         } else
4276                 ssp->smk_packet = NULL;
4277 }
4278 
4279 /*
4280  * Key management security hooks
4281  *
4282  * Casey has not tested key support very heavily.
4283  * The permission check is most likely too restrictive.
4284  * If you care about keys please have a look.
4285  */
4286 #ifdef CONFIG_KEYS
4287 
4288 /**
4289  * smack_key_alloc - Set the key security blob
4290  * @key: object
4291  * @cred: the credentials to use
4292  * @flags: unused
4293  *
4294  * No allocation required
4295  *
4296  * Returns 0
4297  */
4298 static int smack_key_alloc(struct key *key, const struct cred *cred,
4299                            unsigned long flags)
4300 {
4301         struct smack_known *skp = smk_of_task(cred->security);
4302 
4303         key->security = skp;
4304         return 0;
4305 }
4306 
4307 /**
4308  * smack_key_free - Clear the key security blob
4309  * @key: the object
4310  *
4311  * Clear the blob pointer
4312  */
4313 static void smack_key_free(struct key *key)
4314 {
4315         key->security = NULL;
4316 }
4317 
4318 /**
4319  * smack_key_permission - Smack access on a key
4320  * @key_ref: gets to the object
4321  * @cred: the credentials to use
4322  * @perm: requested key permissions
4323  *
4324  * Return 0 if the task has read and write to the object,
4325  * an error code otherwise
4326  */
4327 static int smack_key_permission(key_ref_t key_ref,
4328                                 const struct cred *cred, unsigned perm)
4329 {
4330         struct key *keyp;
4331         struct smk_audit_info ad;
4332         struct smack_known *tkp = smk_of_task(cred->security);
4333         int request = 0;
4334         int rc;
4335 
4336         keyp = key_ref_to_ptr(key_ref);
4337         if (keyp == NULL)
4338                 return -EINVAL;
4339         /*
4340          * If the key hasn't been initialized give it access so that
4341          * it may do so.
4342          */
4343         if (keyp->security == NULL)
4344                 return 0;
4345         /*
4346          * This should not occur
4347          */
4348         if (tkp == NULL)
4349                 return -EACCES;
4350 
4351         if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4352                 return 0;
4353 
4354 #ifdef CONFIG_AUDIT
4355         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4356         ad.a.u.key_struct.key = keyp->serial;
4357         ad.a.u.key_struct.key_desc = keyp->description;
4358 #endif
4359         if (perm & KEY_NEED_READ)
4360                 request = MAY_READ;
4361         if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4362                 request = MAY_WRITE;
4363         rc = smk_access(tkp, keyp->security, request, &ad);
4364         rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4365         return rc;
4366 }
4367 
4368 /*
4369  * smack_key_getsecurity - Smack label tagging the key
4370  * @key points to the key to be queried
4371  * @_buffer points to a pointer that should be set to point to the
4372  * resulting string (if no label or an error occurs).
4373  * Return the length of the string (including terminating NUL) or -ve if
4374  * an error.
4375  * May also return 0 (and a NULL buffer pointer) if there is no label.
4376  */
4377 static int smack_key_getsecurity(struct key *key, char **_buffer)
4378 {
4379         struct smack_known *skp = key->security;
4380         size_t length;
4381         char *copy;
4382 
4383         if (key->security == NULL) {
4384                 *_buffer = NULL;
4385                 return 0;
4386         }
4387 
4388         copy = kstrdup(skp->smk_known, GFP_KERNEL);
4389         if (copy == NULL)
4390                 return -ENOMEM;
4391         length = strlen(copy) + 1;
4392 
4393         *_buffer = copy;
4394         return length;
4395 }
4396 
4397 #endif /* CONFIG_KEYS */
4398 
4399 /*
4400  * Smack Audit hooks
4401  *
4402  * Audit requires a unique representation of each Smack specific
4403  * rule. This unique representation is used to distinguish the
4404  * object to be audited from remaining kernel objects and also
4405  * works as a glue between the audit hooks.
4406  *
4407  * Since repository entries are added but never deleted, we'll use
4408  * the smack_known label address related to the given audit rule as
4409  * the needed unique representation. This also better fits the smack
4410  * model where nearly everything is a label.
4411  */
4412 #ifdef CONFIG_AUDIT
4413 
4414 /**
4415  * smack_audit_rule_init - Initialize a smack audit rule
4416  * @field: audit rule fields given from user-space (audit.h)
4417  * @op: required testing operator (=, !=, >, <, ...)
4418  * @rulestr: smack label to be audited
4419  * @vrule: pointer to save our own audit rule representation
4420  *
4421  * Prepare to audit cases where (@field @op @rulestr) is true.
4422  * The label to be audited is created if necessay.
4423  */
4424 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4425 {
4426         struct smack_known *skp;
4427         char **rule = (char **)vrule;
4428         *rule = NULL;
4429 
4430         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4431                 return -EINVAL;
4432 
4433         if (op != Audit_equal && op != Audit_not_equal)
4434                 return -EINVAL;
4435 
4436         skp = smk_import_entry(rulestr, 0);
4437         if (IS_ERR(skp))
4438                 return PTR_ERR(skp);
4439 
4440         *rule = skp->smk_known;
4441 
4442         return 0;
4443 }
4444 
4445 /**
4446  * smack_audit_rule_known - Distinguish Smack audit rules
4447  * @krule: rule of interest, in Audit kernel representation format
4448  *
4449  * This is used to filter Smack rules from remaining Audit ones.
4450  * If it's proved that this rule belongs to us, the
4451  * audit_rule_match hook will be called to do the final judgement.
4452  */
4453 static int smack_audit_rule_known(struct audit_krule *krule)
4454 {
4455         struct audit_field *f;
4456         int i;
4457 
4458         for (i = 0; i < krule->field_count; i++) {
4459                 f = &krule->fields[i];
4460 
4461                 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4462                         return 1;
4463         }
4464 
4465         return 0;
4466 }
4467 
4468 /**
4469  * smack_audit_rule_match - Audit given object ?
4470  * @secid: security id for identifying the object to test
4471  * @field: audit rule flags given from user-space
4472  * @op: required testing operator
4473  * @vrule: smack internal rule presentation
4474  * @actx: audit context associated with the check
4475  *
4476  * The core Audit hook. It's used to take the decision of
4477  * whether to audit or not to audit a given object.
4478  */
4479 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4480                                   struct audit_context *actx)
4481 {
4482         struct smack_known *skp;
4483         char *rule = vrule;
4484 
4485         if (unlikely(!rule)) {
4486                 WARN_ONCE(1, "Smack: missing rule\n");
4487                 return -ENOENT;
4488         }
4489 
4490         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4491                 return 0;
4492 
4493         skp = smack_from_secid(secid);
4494 
4495         /*
4496          * No need to do string comparisons. If a match occurs,
4497          * both pointers will point to the same smack_known
4498          * label.
4499          */
4500         if (op == Audit_equal)
4501                 return (rule == skp->smk_known);
4502         if (op == Audit_not_equal)
4503                 return (rule != skp->smk_known);
4504 
4505         return 0;
4506 }
4507 
4508 /*
4509  * There is no need for a smack_audit_rule_free hook.
4510  * No memory was allocated.
4511  */
4512 
4513 #endif /* CONFIG_AUDIT */
4514 
4515 /**
4516  * smack_ismaclabel - check if xattr @name references a smack MAC label
4517  * @name: Full xattr name to check.
4518  */
4519 static int smack_ismaclabel(const char *name)
4520 {
4521         return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4522 }
4523 
4524 
4525 /**
4526  * smack_secid_to_secctx - return the smack label for a secid
4527  * @secid: incoming integer
4528  * @secdata: destination
4529  * @seclen: how long it is
4530  *
4531  * Exists for networking code.
4532  */
4533 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4534 {
4535         struct smack_known *skp = smack_from_secid(secid);
4536 
4537         if (secdata)
4538                 *secdata = skp->smk_known;
4539         *seclen = strlen(skp->smk_known);
4540         return 0;
4541 }
4542 
4543 /**
4544  * smack_secctx_to_secid - return the secid for a smack label
4545  * @secdata: smack label
4546  * @seclen: how long result is
4547  * @secid: outgoing integer
4548  *
4549  * Exists for audit and networking code.
4550  */
4551 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4552 {
4553         struct smack_known *skp = smk_find_entry(secdata);
4554 
4555         if (skp)
4556                 *secid = skp->smk_secid;
4557         else
4558                 *secid = 0;
4559         return 0;
4560 }
4561 
4562 /*
4563  * There used to be a smack_release_secctx hook
4564  * that did nothing back when hooks were in a vector.
4565  * Now that there's a list such a hook adds cost.
4566  */
4567 
4568 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4569 {
4570         return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4571 }
4572 
4573 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4574 {
4575         return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4576 }
4577 
4578 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4579 {
4580         struct smack_known *skp = smk_of_inode(inode);
4581 
4582         *ctx = skp->smk_known;
4583         *ctxlen = strlen(skp->smk_known);
4584         return 0;
4585 }
4586 
4587 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4588 {
4589 
4590         struct task_smack *tsp;
4591         struct smack_known *skp;
4592         struct inode_smack *isp;
4593         struct cred *new_creds = *new;
4594 
4595         if (new_creds == NULL) {
4596                 new_creds = prepare_creds();
4597                 if (new_creds == NULL)
4598                         return -ENOMEM;
4599         }
4600 
4601         tsp = new_creds->security;
4602 
4603         /*
4604          * Get label from overlay inode and set it in create_sid
4605          */
4606         isp = d_inode(dentry->d_parent)->i_security;
4607         skp = isp->smk_inode;
4608         tsp->smk_task = skp;
4609         *new = new_creds;
4610         return 0;
4611 }
4612 
4613 static int smack_inode_copy_up_xattr(const char *name)
4614 {
4615         /*
4616          * Return 1 if this is the smack access Smack attribute.
4617          */
4618         if (strcmp(name, XATTR_NAME_SMACK) == 0)
4619                 return 1;
4620 
4621         return -EOPNOTSUPP;
4622 }
4623 
4624 static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4625                                         struct qstr *name,
4626                                         const struct cred *old,
4627                                         struct cred *new)
4628 {
4629         struct task_smack *otsp = old->security;
4630         struct task_smack *ntsp = new->security;
4631         struct inode_smack *isp;
4632         int may;
4633 
4634         /*
4635          * Use the process credential unless all of
4636          * the transmuting criteria are met
4637          */
4638         ntsp->smk_task = otsp->smk_task;
4639 
4640         /*
4641          * the attribute of the containing directory
4642          */
4643         isp = d_inode(dentry->d_parent)->i_security;
4644 
4645         if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4646                 rcu_read_lock();
4647                 may = smk_access_entry(otsp->smk_task->smk_known,
4648                                        isp->smk_inode->smk_known,
4649                                        &otsp->smk_task->smk_rules);
4650                 rcu_read_unlock();
4651 
4652                 /*
4653                  * If the directory is transmuting and the rule
4654                  * providing access is transmuting use the containing
4655                  * directory label instead of the process label.
4656                  */
4657                 if (may > 0 && (may & MAY_TRANSMUTE))
4658                         ntsp->smk_task = isp->smk_inode;
4659         }
4660         return 0;
4661 }
4662 
4663 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
4664         LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4665         LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4666         LSM_HOOK_INIT(syslog, smack_syslog),
4667 
4668         LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4669         LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
4670         LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data),
4671         LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount),
4672         LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4673         LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4674         LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str),
4675 
4676         LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
4677 
4678         LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4679         LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
4680         LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4681         LSM_HOOK_INIT(inode_link, smack_inode_link),
4682         LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4683         LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4684         LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4685         LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4686         LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4687         LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4688         LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4689         LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4690         LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4691         LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4692         LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4693         LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4694         LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4695         LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4696 
4697         LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4698         LSM_HOOK_INIT(file_free_security, smack_file_free_security),
4699         LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4700         LSM_HOOK_INIT(file_lock, smack_file_lock),
4701         LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4702         LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4703         LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4704         LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4705         LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4706         LSM_HOOK_INIT(file_receive, smack_file_receive),
4707 
4708         LSM_HOOK_INIT(file_open, smack_file_open),
4709 
4710         LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4711         LSM_HOOK_INIT(cred_free, smack_cred_free),
4712         LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4713         LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4714         LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
4715         LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4716         LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4717         LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4718         LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4719         LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4720         LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4721         LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4722         LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4723         LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4724         LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4725         LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4726         LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4727         LSM_HOOK_INIT(task_kill, smack_task_kill),
4728         LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4729 
4730         LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4731         LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4732 
4733         LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4734         LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
4735 
4736         LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4737         LSM_HOOK_INIT(msg_queue_free_security, smack_ipc_free_security),
4738         LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4739         LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4740         LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4741         LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4742 
4743         LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4744         LSM_HOOK_INIT(shm_free_security, smack_ipc_free_security),
4745         LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4746         LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4747         LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4748 
4749         LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4750         LSM_HOOK_INIT(sem_free_security, smack_ipc_free_security),
4751         LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4752         LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4753         LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4754 
4755         LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4756 
4757         LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4758         LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4759 
4760         LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4761         LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4762 
4763         LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4764         LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
4765 #ifdef SMACK_IPV6_PORT_LABELING
4766         LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4767 #endif
4768         LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4769         LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4770         LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4771         LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4772         LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4773         LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4774         LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4775         LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4776         LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4777         LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4778 
4779  /* key management security hooks */
4780 #ifdef CONFIG_KEYS
4781         LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4782         LSM_HOOK_INIT(key_free, smack_key_free),
4783         LSM_HOOK_INIT(key_permission, smack_key_permission),
4784         LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4785 #endif /* CONFIG_KEYS */
4786 
4787  /* Audit hooks */
4788 #ifdef CONFIG_AUDIT
4789         LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4790         LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4791         LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4792 #endif /* CONFIG_AUDIT */
4793 
4794         LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4795         LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4796         LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4797         LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4798         LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4799         LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4800         LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4801         LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4802         LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
4803 };
4804 
4805 
4806 static __init void init_smack_known_list(void)
4807 {
4808         /*
4809          * Initialize rule list locks
4810          */
4811         mutex_init(&smack_known_huh.smk_rules_lock);
4812         mutex_init(&smack_known_hat.smk_rules_lock);
4813         mutex_init(&smack_known_floor.smk_rules_lock);
4814         mutex_init(&smack_known_star.smk_rules_lock);
4815         mutex_init(&smack_known_web.smk_rules_lock);
4816         /*
4817          * Initialize rule lists
4818          */
4819         INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4820         INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4821         INIT_LIST_HEAD(&smack_known_star.smk_rules);
4822         INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4823         INIT_LIST_HEAD(&smack_known_web.smk_rules);
4824         /*
4825          * Create the known labels list
4826          */
4827         smk_insert_entry(&smack_known_huh);
4828         smk_insert_entry(&smack_known_hat);
4829         smk_insert_entry(&smack_known_star);
4830         smk_insert_entry(&smack_known_floor);
4831         smk_insert_entry(&smack_known_web);
4832 }
4833 
4834 /**
4835  * smack_init - initialize the smack system
4836  *
4837  * Returns 0
4838  */
4839 static __init int smack_init(void)
4840 {
4841         struct cred *cred;
4842         struct task_smack *tsp;
4843 
4844         if (!security_module_enable("smack"))
4845                 return 0;
4846 
4847         smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4848         if (!smack_inode_cache)
4849                 return -ENOMEM;
4850 
4851         tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4852                                 GFP_KERNEL);
4853         if (tsp == NULL) {
4854                 kmem_cache_destroy(smack_inode_cache);
4855                 return -ENOMEM;
4856         }
4857 
4858         smack_enabled = 1;
4859 
4860         pr_info("Smack:  Initializing.\n");
4861 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4862         pr_info("Smack:  Netfilter enabled.\n");
4863 #endif
4864 #ifdef SMACK_IPV6_PORT_LABELING
4865         pr_info("Smack:  IPv6 port labeling enabled.\n");
4866 #endif
4867 #ifdef SMACK_IPV6_SECMARK_LABELING
4868         pr_info("Smack:  IPv6 Netfilter enabled.\n");
4869 #endif
4870 
4871         /*
4872          * Set the security state for the initial task.
4873          */
4874         cred = (struct cred *) current->cred;
4875         cred->security = tsp;
4876 
4877         /* initialize the smack_known_list */
4878         init_smack_known_list();
4879 
4880         /*
4881          * Register with LSM
4882          */
4883         security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
4884 
4885         return 0;
4886 }
4887 
4888 /*
4889  * Smack requires early initialization in order to label
4890  * all processes and objects when they are created.
4891  */
4892 DEFINE_LSM(smack) = {
4893         .name = "smack",
4894         .init = smack_init,
4895 };
4896 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp