~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/smack/smack_lsm.c

Version: ~ [ linux-4.18 ] ~ [ linux-4.17.14 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.62 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.119 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.147 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.118 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.57 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.27.62 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~ [ linux-next-20180810 ] ~ [ linux-next-20180813 ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *  Simplified MAC Kernel (smack) security module
  3  *
  4  *  This file contains the smack hook function implementations.
  5  *
  6  *  Authors:
  7  *      Casey Schaufler <casey@schaufler-ca.com>
  8  *      Jarkko Sakkinen <jarkko.sakkinen@intel.com>
  9  *
 10  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
 11  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
 12  *                Paul Moore <paul@paul-moore.com>
 13  *  Copyright (C) 2010 Nokia Corporation
 14  *  Copyright (C) 2011 Intel Corporation.
 15  *
 16  *      This program is free software; you can redistribute it and/or modify
 17  *      it under the terms of the GNU General Public License version 2,
 18  *      as published by the Free Software Foundation.
 19  */
 20 
 21 #include <linux/xattr.h>
 22 #include <linux/pagemap.h>
 23 #include <linux/mount.h>
 24 #include <linux/stat.h>
 25 #include <linux/kd.h>
 26 #include <asm/ioctls.h>
 27 #include <linux/ip.h>
 28 #include <linux/tcp.h>
 29 #include <linux/udp.h>
 30 #include <linux/dccp.h>
 31 #include <linux/slab.h>
 32 #include <linux/mutex.h>
 33 #include <linux/pipe_fs_i.h>
 34 #include <net/cipso_ipv4.h>
 35 #include <net/ip.h>
 36 #include <net/ipv6.h>
 37 #include <linux/audit.h>
 38 #include <linux/magic.h>
 39 #include <linux/dcache.h>
 40 #include <linux/personality.h>
 41 #include <linux/msg.h>
 42 #include <linux/shm.h>
 43 #include <linux/binfmts.h>
 44 #include <linux/parser.h>
 45 #include "smack.h"
 46 
 47 #define TRANS_TRUE      "TRUE"
 48 #define TRANS_TRUE_SIZE 4
 49 
 50 #define SMK_CONNECTING  0
 51 #define SMK_RECEIVING   1
 52 #define SMK_SENDING     2
 53 
 54 #ifdef SMACK_IPV6_PORT_LABELING
 55 DEFINE_MUTEX(smack_ipv6_lock);
 56 static LIST_HEAD(smk_ipv6_port_list);
 57 #endif
 58 static struct kmem_cache *smack_inode_cache;
 59 int smack_enabled;
 60 
 61 static const match_table_t smk_mount_tokens = {
 62         {Opt_fsdefault, SMK_FSDEFAULT "%s"},
 63         {Opt_fsfloor, SMK_FSFLOOR "%s"},
 64         {Opt_fshat, SMK_FSHAT "%s"},
 65         {Opt_fsroot, SMK_FSROOT "%s"},
 66         {Opt_fstransmute, SMK_FSTRANS "%s"},
 67         {Opt_error, NULL},
 68 };
 69 
 70 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 71 static char *smk_bu_mess[] = {
 72         "Bringup Error",        /* Unused */
 73         "Bringup",              /* SMACK_BRINGUP_ALLOW */
 74         "Unconfined Subject",   /* SMACK_UNCONFINED_SUBJECT */
 75         "Unconfined Object",    /* SMACK_UNCONFINED_OBJECT */
 76 };
 77 
 78 static void smk_bu_mode(int mode, char *s)
 79 {
 80         int i = 0;
 81 
 82         if (mode & MAY_READ)
 83                 s[i++] = 'r';
 84         if (mode & MAY_WRITE)
 85                 s[i++] = 'w';
 86         if (mode & MAY_EXEC)
 87                 s[i++] = 'x';
 88         if (mode & MAY_APPEND)
 89                 s[i++] = 'a';
 90         if (mode & MAY_TRANSMUTE)
 91                 s[i++] = 't';
 92         if (mode & MAY_LOCK)
 93                 s[i++] = 'l';
 94         if (i == 0)
 95                 s[i++] = '-';
 96         s[i] = '\0';
 97 }
 98 #endif
 99 
100 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
101 static int smk_bu_note(char *note, struct smack_known *sskp,
102                        struct smack_known *oskp, int mode, int rc)
103 {
104         char acc[SMK_NUM_ACCESS_TYPE + 1];
105 
106         if (rc <= 0)
107                 return rc;
108         if (rc > SMACK_UNCONFINED_OBJECT)
109                 rc = 0;
110 
111         smk_bu_mode(mode, acc);
112         pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
113                 sskp->smk_known, oskp->smk_known, acc, note);
114         return 0;
115 }
116 #else
117 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
118 #endif
119 
120 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
121 static int smk_bu_current(char *note, struct smack_known *oskp,
122                           int mode, int rc)
123 {
124         struct task_smack *tsp = current_security();
125         char acc[SMK_NUM_ACCESS_TYPE + 1];
126 
127         if (rc <= 0)
128                 return rc;
129         if (rc > SMACK_UNCONFINED_OBJECT)
130                 rc = 0;
131 
132         smk_bu_mode(mode, acc);
133         pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
134                 tsp->smk_task->smk_known, oskp->smk_known,
135                 acc, current->comm, note);
136         return 0;
137 }
138 #else
139 #define smk_bu_current(note, oskp, mode, RC) (RC)
140 #endif
141 
142 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
143 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
144 {
145         struct task_smack *tsp = current_security();
146         struct smack_known *smk_task = smk_of_task_struct(otp);
147         char acc[SMK_NUM_ACCESS_TYPE + 1];
148 
149         if (rc <= 0)
150                 return rc;
151         if (rc > SMACK_UNCONFINED_OBJECT)
152                 rc = 0;
153 
154         smk_bu_mode(mode, acc);
155         pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
156                 tsp->smk_task->smk_known, smk_task->smk_known, acc,
157                 current->comm, otp->comm);
158         return 0;
159 }
160 #else
161 #define smk_bu_task(otp, mode, RC) (RC)
162 #endif
163 
164 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
165 static int smk_bu_inode(struct inode *inode, int mode, int rc)
166 {
167         struct task_smack *tsp = current_security();
168         struct inode_smack *isp = inode->i_security;
169         char acc[SMK_NUM_ACCESS_TYPE + 1];
170 
171         if (isp->smk_flags & SMK_INODE_IMPURE)
172                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
173                         inode->i_sb->s_id, inode->i_ino, current->comm);
174 
175         if (rc <= 0)
176                 return rc;
177         if (rc > SMACK_UNCONFINED_OBJECT)
178                 rc = 0;
179         if (rc == SMACK_UNCONFINED_SUBJECT &&
180             (mode & (MAY_WRITE | MAY_APPEND)))
181                 isp->smk_flags |= SMK_INODE_IMPURE;
182 
183         smk_bu_mode(mode, acc);
184 
185         pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
186                 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
187                 inode->i_sb->s_id, inode->i_ino, current->comm);
188         return 0;
189 }
190 #else
191 #define smk_bu_inode(inode, mode, RC) (RC)
192 #endif
193 
194 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
195 static int smk_bu_file(struct file *file, int mode, int rc)
196 {
197         struct task_smack *tsp = current_security();
198         struct smack_known *sskp = tsp->smk_task;
199         struct inode *inode = file_inode(file);
200         struct inode_smack *isp = inode->i_security;
201         char acc[SMK_NUM_ACCESS_TYPE + 1];
202 
203         if (isp->smk_flags & SMK_INODE_IMPURE)
204                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
205                         inode->i_sb->s_id, inode->i_ino, current->comm);
206 
207         if (rc <= 0)
208                 return rc;
209         if (rc > SMACK_UNCONFINED_OBJECT)
210                 rc = 0;
211 
212         smk_bu_mode(mode, acc);
213         pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
214                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
215                 inode->i_sb->s_id, inode->i_ino, file,
216                 current->comm);
217         return 0;
218 }
219 #else
220 #define smk_bu_file(file, mode, RC) (RC)
221 #endif
222 
223 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
224 static int smk_bu_credfile(const struct cred *cred, struct file *file,
225                                 int mode, int rc)
226 {
227         struct task_smack *tsp = cred->security;
228         struct smack_known *sskp = tsp->smk_task;
229         struct inode *inode = file_inode(file);
230         struct inode_smack *isp = inode->i_security;
231         char acc[SMK_NUM_ACCESS_TYPE + 1];
232 
233         if (isp->smk_flags & SMK_INODE_IMPURE)
234                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
235                         inode->i_sb->s_id, inode->i_ino, current->comm);
236 
237         if (rc <= 0)
238                 return rc;
239         if (rc > SMACK_UNCONFINED_OBJECT)
240                 rc = 0;
241 
242         smk_bu_mode(mode, acc);
243         pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
244                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
245                 inode->i_sb->s_id, inode->i_ino, file,
246                 current->comm);
247         return 0;
248 }
249 #else
250 #define smk_bu_credfile(cred, file, mode, RC) (RC)
251 #endif
252 
253 /**
254  * smk_fetch - Fetch the smack label from a file.
255  * @name: type of the label (attribute)
256  * @ip: a pointer to the inode
257  * @dp: a pointer to the dentry
258  *
259  * Returns a pointer to the master list entry for the Smack label,
260  * NULL if there was no label to fetch, or an error code.
261  */
262 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
263                                         struct dentry *dp)
264 {
265         int rc;
266         char *buffer;
267         struct smack_known *skp = NULL;
268 
269         if (!(ip->i_opflags & IOP_XATTR))
270                 return ERR_PTR(-EOPNOTSUPP);
271 
272         buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
273         if (buffer == NULL)
274                 return ERR_PTR(-ENOMEM);
275 
276         rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
277         if (rc < 0)
278                 skp = ERR_PTR(rc);
279         else if (rc == 0)
280                 skp = NULL;
281         else
282                 skp = smk_import_entry(buffer, rc);
283 
284         kfree(buffer);
285 
286         return skp;
287 }
288 
289 /**
290  * new_inode_smack - allocate an inode security blob
291  * @skp: a pointer to the Smack label entry to use in the blob
292  *
293  * Returns the new blob or NULL if there's no memory available
294  */
295 static struct inode_smack *new_inode_smack(struct smack_known *skp)
296 {
297         struct inode_smack *isp;
298 
299         isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
300         if (isp == NULL)
301                 return NULL;
302 
303         isp->smk_inode = skp;
304         isp->smk_flags = 0;
305         mutex_init(&isp->smk_lock);
306 
307         return isp;
308 }
309 
310 /**
311  * new_task_smack - allocate a task security blob
312  * @task: a pointer to the Smack label for the running task
313  * @forked: a pointer to the Smack label for the forked task
314  * @gfp: type of the memory for the allocation
315  *
316  * Returns the new blob or NULL if there's no memory available
317  */
318 static struct task_smack *new_task_smack(struct smack_known *task,
319                                         struct smack_known *forked, gfp_t gfp)
320 {
321         struct task_smack *tsp;
322 
323         tsp = kzalloc(sizeof(struct task_smack), gfp);
324         if (tsp == NULL)
325                 return NULL;
326 
327         tsp->smk_task = task;
328         tsp->smk_forked = forked;
329         INIT_LIST_HEAD(&tsp->smk_rules);
330         INIT_LIST_HEAD(&tsp->smk_relabel);
331         mutex_init(&tsp->smk_rules_lock);
332 
333         return tsp;
334 }
335 
336 /**
337  * smk_copy_rules - copy a rule set
338  * @nhead: new rules header pointer
339  * @ohead: old rules header pointer
340  * @gfp: type of the memory for the allocation
341  *
342  * Returns 0 on success, -ENOMEM on error
343  */
344 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
345                                 gfp_t gfp)
346 {
347         struct smack_rule *nrp;
348         struct smack_rule *orp;
349         int rc = 0;
350 
351         list_for_each_entry_rcu(orp, ohead, list) {
352                 nrp = kzalloc(sizeof(struct smack_rule), gfp);
353                 if (nrp == NULL) {
354                         rc = -ENOMEM;
355                         break;
356                 }
357                 *nrp = *orp;
358                 list_add_rcu(&nrp->list, nhead);
359         }
360         return rc;
361 }
362 
363 /**
364  * smk_copy_relabel - copy smk_relabel labels list
365  * @nhead: new rules header pointer
366  * @ohead: old rules header pointer
367  * @gfp: type of the memory for the allocation
368  *
369  * Returns 0 on success, -ENOMEM on error
370  */
371 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
372                                 gfp_t gfp)
373 {
374         struct smack_known_list_elem *nklep;
375         struct smack_known_list_elem *oklep;
376 
377         list_for_each_entry(oklep, ohead, list) {
378                 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
379                 if (nklep == NULL) {
380                         smk_destroy_label_list(nhead);
381                         return -ENOMEM;
382                 }
383                 nklep->smk_label = oklep->smk_label;
384                 list_add(&nklep->list, nhead);
385         }
386 
387         return 0;
388 }
389 
390 /**
391  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
392  * @mode - input mode in form of PTRACE_MODE_*
393  *
394  * Returns a converted MAY_* mode usable by smack rules
395  */
396 static inline unsigned int smk_ptrace_mode(unsigned int mode)
397 {
398         if (mode & PTRACE_MODE_ATTACH)
399                 return MAY_READWRITE;
400         if (mode & PTRACE_MODE_READ)
401                 return MAY_READ;
402 
403         return 0;
404 }
405 
406 /**
407  * smk_ptrace_rule_check - helper for ptrace access
408  * @tracer: tracer process
409  * @tracee_known: label entry of the process that's about to be traced
410  * @mode: ptrace attachment mode (PTRACE_MODE_*)
411  * @func: name of the function that called us, used for audit
412  *
413  * Returns 0 on access granted, -error on error
414  */
415 static int smk_ptrace_rule_check(struct task_struct *tracer,
416                                  struct smack_known *tracee_known,
417                                  unsigned int mode, const char *func)
418 {
419         int rc;
420         struct smk_audit_info ad, *saip = NULL;
421         struct task_smack *tsp;
422         struct smack_known *tracer_known;
423 
424         if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
425                 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
426                 smk_ad_setfield_u_tsk(&ad, tracer);
427                 saip = &ad;
428         }
429 
430         rcu_read_lock();
431         tsp = __task_cred(tracer)->security;
432         tracer_known = smk_of_task(tsp);
433 
434         if ((mode & PTRACE_MODE_ATTACH) &&
435             (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
436              smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
437                 if (tracer_known->smk_known == tracee_known->smk_known)
438                         rc = 0;
439                 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
440                         rc = -EACCES;
441                 else if (capable(CAP_SYS_PTRACE))
442                         rc = 0;
443                 else
444                         rc = -EACCES;
445 
446                 if (saip)
447                         smack_log(tracer_known->smk_known,
448                                   tracee_known->smk_known,
449                                   0, rc, saip);
450 
451                 rcu_read_unlock();
452                 return rc;
453         }
454 
455         /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
456         rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
457 
458         rcu_read_unlock();
459         return rc;
460 }
461 
462 /*
463  * LSM hooks.
464  * We he, that is fun!
465  */
466 
467 /**
468  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
469  * @ctp: child task pointer
470  * @mode: ptrace attachment mode (PTRACE_MODE_*)
471  *
472  * Returns 0 if access is OK, an error code otherwise
473  *
474  * Do the capability checks.
475  */
476 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
477 {
478         struct smack_known *skp;
479 
480         skp = smk_of_task_struct(ctp);
481 
482         return smk_ptrace_rule_check(current, skp, mode, __func__);
483 }
484 
485 /**
486  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
487  * @ptp: parent task pointer
488  *
489  * Returns 0 if access is OK, an error code otherwise
490  *
491  * Do the capability checks, and require PTRACE_MODE_ATTACH.
492  */
493 static int smack_ptrace_traceme(struct task_struct *ptp)
494 {
495         int rc;
496         struct smack_known *skp;
497 
498         skp = smk_of_task(current_security());
499 
500         rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
501         return rc;
502 }
503 
504 /**
505  * smack_syslog - Smack approval on syslog
506  * @type: message type
507  *
508  * Returns 0 on success, error code otherwise.
509  */
510 static int smack_syslog(int typefrom_file)
511 {
512         int rc = 0;
513         struct smack_known *skp = smk_of_current();
514 
515         if (smack_privileged(CAP_MAC_OVERRIDE))
516                 return 0;
517 
518         if (smack_syslog_label != NULL && smack_syslog_label != skp)
519                 rc = -EACCES;
520 
521         return rc;
522 }
523 
524 
525 /*
526  * Superblock Hooks.
527  */
528 
529 /**
530  * smack_sb_alloc_security - allocate a superblock blob
531  * @sb: the superblock getting the blob
532  *
533  * Returns 0 on success or -ENOMEM on error.
534  */
535 static int smack_sb_alloc_security(struct super_block *sb)
536 {
537         struct superblock_smack *sbsp;
538 
539         sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
540 
541         if (sbsp == NULL)
542                 return -ENOMEM;
543 
544         sbsp->smk_root = &smack_known_floor;
545         sbsp->smk_default = &smack_known_floor;
546         sbsp->smk_floor = &smack_known_floor;
547         sbsp->smk_hat = &smack_known_hat;
548         /*
549          * SMK_SB_INITIALIZED will be zero from kzalloc.
550          */
551         sb->s_security = sbsp;
552 
553         return 0;
554 }
555 
556 /**
557  * smack_sb_free_security - free a superblock blob
558  * @sb: the superblock getting the blob
559  *
560  */
561 static void smack_sb_free_security(struct super_block *sb)
562 {
563         kfree(sb->s_security);
564         sb->s_security = NULL;
565 }
566 
567 /**
568  * smack_sb_copy_data - copy mount options data for processing
569  * @orig: where to start
570  * @smackopts: mount options string
571  *
572  * Returns 0 on success or -ENOMEM on error.
573  *
574  * Copy the Smack specific mount options out of the mount
575  * options list.
576  */
577 static int smack_sb_copy_data(char *orig, char *smackopts)
578 {
579         char *cp, *commap, *otheropts, *dp;
580 
581         otheropts = (char *)get_zeroed_page(GFP_KERNEL);
582         if (otheropts == NULL)
583                 return -ENOMEM;
584 
585         for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
586                 if (strstr(cp, SMK_FSDEFAULT) == cp)
587                         dp = smackopts;
588                 else if (strstr(cp, SMK_FSFLOOR) == cp)
589                         dp = smackopts;
590                 else if (strstr(cp, SMK_FSHAT) == cp)
591                         dp = smackopts;
592                 else if (strstr(cp, SMK_FSROOT) == cp)
593                         dp = smackopts;
594                 else if (strstr(cp, SMK_FSTRANS) == cp)
595                         dp = smackopts;
596                 else
597                         dp = otheropts;
598 
599                 commap = strchr(cp, ',');
600                 if (commap != NULL)
601                         *commap = '\0';
602 
603                 if (*dp != '\0')
604                         strcat(dp, ",");
605                 strcat(dp, cp);
606         }
607 
608         strcpy(orig, otheropts);
609         free_page((unsigned long)otheropts);
610 
611         return 0;
612 }
613 
614 /**
615  * smack_parse_opts_str - parse Smack specific mount options
616  * @options: mount options string
617  * @opts: where to store converted mount opts
618  *
619  * Returns 0 on success or -ENOMEM on error.
620  *
621  * converts Smack specific mount options to generic security option format
622  */
623 static int smack_parse_opts_str(char *options,
624                 struct security_mnt_opts *opts)
625 {
626         char *p;
627         char *fsdefault = NULL;
628         char *fsfloor = NULL;
629         char *fshat = NULL;
630         char *fsroot = NULL;
631         char *fstransmute = NULL;
632         int rc = -ENOMEM;
633         int num_mnt_opts = 0;
634         int token;
635 
636         opts->num_mnt_opts = 0;
637 
638         if (!options)
639                 return 0;
640 
641         while ((p = strsep(&options, ",")) != NULL) {
642                 substring_t args[MAX_OPT_ARGS];
643 
644                 if (!*p)
645                         continue;
646 
647                 token = match_token(p, smk_mount_tokens, args);
648 
649                 switch (token) {
650                 case Opt_fsdefault:
651                         if (fsdefault)
652                                 goto out_opt_err;
653                         fsdefault = match_strdup(&args[0]);
654                         if (!fsdefault)
655                                 goto out_err;
656                         break;
657                 case Opt_fsfloor:
658                         if (fsfloor)
659                                 goto out_opt_err;
660                         fsfloor = match_strdup(&args[0]);
661                         if (!fsfloor)
662                                 goto out_err;
663                         break;
664                 case Opt_fshat:
665                         if (fshat)
666                                 goto out_opt_err;
667                         fshat = match_strdup(&args[0]);
668                         if (!fshat)
669                                 goto out_err;
670                         break;
671                 case Opt_fsroot:
672                         if (fsroot)
673                                 goto out_opt_err;
674                         fsroot = match_strdup(&args[0]);
675                         if (!fsroot)
676                                 goto out_err;
677                         break;
678                 case Opt_fstransmute:
679                         if (fstransmute)
680                                 goto out_opt_err;
681                         fstransmute = match_strdup(&args[0]);
682                         if (!fstransmute)
683                                 goto out_err;
684                         break;
685                 default:
686                         rc = -EINVAL;
687                         pr_warn("Smack:  unknown mount option\n");
688                         goto out_err;
689                 }
690         }
691 
692         opts->mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), GFP_KERNEL);
693         if (!opts->mnt_opts)
694                 goto out_err;
695 
696         opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int),
697                         GFP_KERNEL);
698         if (!opts->mnt_opts_flags)
699                 goto out_err;
700 
701         if (fsdefault) {
702                 opts->mnt_opts[num_mnt_opts] = fsdefault;
703                 opts->mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT;
704         }
705         if (fsfloor) {
706                 opts->mnt_opts[num_mnt_opts] = fsfloor;
707                 opts->mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT;
708         }
709         if (fshat) {
710                 opts->mnt_opts[num_mnt_opts] = fshat;
711                 opts->mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT;
712         }
713         if (fsroot) {
714                 opts->mnt_opts[num_mnt_opts] = fsroot;
715                 opts->mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT;
716         }
717         if (fstransmute) {
718                 opts->mnt_opts[num_mnt_opts] = fstransmute;
719                 opts->mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT;
720         }
721 
722         opts->num_mnt_opts = num_mnt_opts;
723         return 0;
724 
725 out_opt_err:
726         rc = -EINVAL;
727         pr_warn("Smack: duplicate mount options\n");
728 
729 out_err:
730         kfree(fsdefault);
731         kfree(fsfloor);
732         kfree(fshat);
733         kfree(fsroot);
734         kfree(fstransmute);
735         return rc;
736 }
737 
738 /**
739  * smack_set_mnt_opts - set Smack specific mount options
740  * @sb: the file system superblock
741  * @opts: Smack mount options
742  * @kern_flags: mount option from kernel space or user space
743  * @set_kern_flags: where to store converted mount opts
744  *
745  * Returns 0 on success, an error code on failure
746  *
747  * Allow filesystems with binary mount data to explicitly set Smack mount
748  * labels.
749  */
750 static int smack_set_mnt_opts(struct super_block *sb,
751                 struct security_mnt_opts *opts,
752                 unsigned long kern_flags,
753                 unsigned long *set_kern_flags)
754 {
755         struct dentry *root = sb->s_root;
756         struct inode *inode = d_backing_inode(root);
757         struct superblock_smack *sp = sb->s_security;
758         struct inode_smack *isp;
759         struct smack_known *skp;
760         int i;
761         int num_opts = opts->num_mnt_opts;
762         int transmute = 0;
763 
764         if (sp->smk_flags & SMK_SB_INITIALIZED)
765                 return 0;
766 
767         if (!smack_privileged(CAP_MAC_ADMIN)) {
768                 /*
769                  * Unprivileged mounts don't get to specify Smack values.
770                  */
771                 if (num_opts)
772                         return -EPERM;
773                 /*
774                  * Unprivileged mounts get root and default from the caller.
775                  */
776                 skp = smk_of_current();
777                 sp->smk_root = skp;
778                 sp->smk_default = skp;
779                 /*
780                  * For a handful of fs types with no user-controlled
781                  * backing store it's okay to trust security labels
782                  * in the filesystem. The rest are untrusted.
783                  */
784                 if (sb->s_user_ns != &init_user_ns &&
785                     sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
786                     sb->s_magic != RAMFS_MAGIC) {
787                         transmute = 1;
788                         sp->smk_flags |= SMK_SB_UNTRUSTED;
789                 }
790         }
791 
792         sp->smk_flags |= SMK_SB_INITIALIZED;
793 
794         for (i = 0; i < num_opts; i++) {
795                 switch (opts->mnt_opts_flags[i]) {
796                 case FSDEFAULT_MNT:
797                         skp = smk_import_entry(opts->mnt_opts[i], 0);
798                         if (IS_ERR(skp))
799                                 return PTR_ERR(skp);
800                         sp->smk_default = skp;
801                         break;
802                 case FSFLOOR_MNT:
803                         skp = smk_import_entry(opts->mnt_opts[i], 0);
804                         if (IS_ERR(skp))
805                                 return PTR_ERR(skp);
806                         sp->smk_floor = skp;
807                         break;
808                 case FSHAT_MNT:
809                         skp = smk_import_entry(opts->mnt_opts[i], 0);
810                         if (IS_ERR(skp))
811                                 return PTR_ERR(skp);
812                         sp->smk_hat = skp;
813                         break;
814                 case FSROOT_MNT:
815                         skp = smk_import_entry(opts->mnt_opts[i], 0);
816                         if (IS_ERR(skp))
817                                 return PTR_ERR(skp);
818                         sp->smk_root = skp;
819                         break;
820                 case FSTRANS_MNT:
821                         skp = smk_import_entry(opts->mnt_opts[i], 0);
822                         if (IS_ERR(skp))
823                                 return PTR_ERR(skp);
824                         sp->smk_root = skp;
825                         transmute = 1;
826                         break;
827                 default:
828                         break;
829                 }
830         }
831 
832         /*
833          * Initialize the root inode.
834          */
835         isp = inode->i_security;
836         if (isp == NULL) {
837                 isp = new_inode_smack(sp->smk_root);
838                 if (isp == NULL)
839                         return -ENOMEM;
840                 inode->i_security = isp;
841         } else
842                 isp->smk_inode = sp->smk_root;
843 
844         if (transmute)
845                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
846 
847         return 0;
848 }
849 
850 /**
851  * smack_sb_kern_mount - Smack specific mount processing
852  * @sb: the file system superblock
853  * @flags: the mount flags
854  * @data: the smack mount options
855  *
856  * Returns 0 on success, an error code on failure
857  */
858 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
859 {
860         int rc = 0;
861         char *options = data;
862         struct security_mnt_opts opts;
863 
864         security_init_mnt_opts(&opts);
865 
866         if (!options)
867                 goto out;
868 
869         rc = smack_parse_opts_str(options, &opts);
870         if (rc)
871                 goto out_err;
872 
873 out:
874         rc = smack_set_mnt_opts(sb, &opts, 0, NULL);
875 
876 out_err:
877         security_free_mnt_opts(&opts);
878         return rc;
879 }
880 
881 /**
882  * smack_sb_statfs - Smack check on statfs
883  * @dentry: identifies the file system in question
884  *
885  * Returns 0 if current can read the floor of the filesystem,
886  * and error code otherwise
887  */
888 static int smack_sb_statfs(struct dentry *dentry)
889 {
890         struct superblock_smack *sbp = dentry->d_sb->s_security;
891         int rc;
892         struct smk_audit_info ad;
893 
894         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
895         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
896 
897         rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
898         rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
899         return rc;
900 }
901 
902 /*
903  * BPRM hooks
904  */
905 
906 /**
907  * smack_bprm_set_creds - set creds for exec
908  * @bprm: the exec information
909  *
910  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
911  */
912 static int smack_bprm_set_creds(struct linux_binprm *bprm)
913 {
914         struct inode *inode = file_inode(bprm->file);
915         struct task_smack *bsp = bprm->cred->security;
916         struct inode_smack *isp;
917         struct superblock_smack *sbsp;
918         int rc;
919 
920         if (bprm->called_set_creds)
921                 return 0;
922 
923         isp = inode->i_security;
924         if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
925                 return 0;
926 
927         sbsp = inode->i_sb->s_security;
928         if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
929             isp->smk_task != sbsp->smk_root)
930                 return 0;
931 
932         if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
933                 struct task_struct *tracer;
934                 rc = 0;
935 
936                 rcu_read_lock();
937                 tracer = ptrace_parent(current);
938                 if (likely(tracer != NULL))
939                         rc = smk_ptrace_rule_check(tracer,
940                                                    isp->smk_task,
941                                                    PTRACE_MODE_ATTACH,
942                                                    __func__);
943                 rcu_read_unlock();
944 
945                 if (rc != 0)
946                         return rc;
947         } else if (bprm->unsafe)
948                 return -EPERM;
949 
950         bsp->smk_task = isp->smk_task;
951         bprm->per_clear |= PER_CLEAR_ON_SETID;
952 
953         /* Decide if this is a secure exec. */
954         if (bsp->smk_task != bsp->smk_forked)
955                 bprm->secureexec = 1;
956 
957         return 0;
958 }
959 
960 /*
961  * Inode hooks
962  */
963 
964 /**
965  * smack_inode_alloc_security - allocate an inode blob
966  * @inode: the inode in need of a blob
967  *
968  * Returns 0 if it gets a blob, -ENOMEM otherwise
969  */
970 static int smack_inode_alloc_security(struct inode *inode)
971 {
972         struct smack_known *skp = smk_of_current();
973 
974         inode->i_security = new_inode_smack(skp);
975         if (inode->i_security == NULL)
976                 return -ENOMEM;
977         return 0;
978 }
979 
980 /**
981  * smack_inode_free_rcu - Free inode_smack blob from cache
982  * @head: the rcu_head for getting inode_smack pointer
983  *
984  *  Call back function called from call_rcu() to free
985  *  the i_security blob pointer in inode
986  */
987 static void smack_inode_free_rcu(struct rcu_head *head)
988 {
989         struct inode_smack *issp;
990 
991         issp = container_of(head, struct inode_smack, smk_rcu);
992         kmem_cache_free(smack_inode_cache, issp);
993 }
994 
995 /**
996  * smack_inode_free_security - free an inode blob using call_rcu()
997  * @inode: the inode with a blob
998  *
999  * Clears the blob pointer in inode using RCU
1000  */
1001 static void smack_inode_free_security(struct inode *inode)
1002 {
1003         struct inode_smack *issp = inode->i_security;
1004 
1005         /*
1006          * The inode may still be referenced in a path walk and
1007          * a call to smack_inode_permission() can be made
1008          * after smack_inode_free_security() is called.
1009          * To avoid race condition free the i_security via RCU
1010          * and leave the current inode->i_security pointer intact.
1011          * The inode will be freed after the RCU grace period too.
1012          */
1013         call_rcu(&issp->smk_rcu, smack_inode_free_rcu);
1014 }
1015 
1016 /**
1017  * smack_inode_init_security - copy out the smack from an inode
1018  * @inode: the newly created inode
1019  * @dir: containing directory object
1020  * @qstr: unused
1021  * @name: where to put the attribute name
1022  * @value: where to put the attribute value
1023  * @len: where to put the length of the attribute
1024  *
1025  * Returns 0 if it all works out, -ENOMEM if there's no memory
1026  */
1027 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
1028                                      const struct qstr *qstr, const char **name,
1029                                      void **value, size_t *len)
1030 {
1031         struct inode_smack *issp = inode->i_security;
1032         struct smack_known *skp = smk_of_current();
1033         struct smack_known *isp = smk_of_inode(inode);
1034         struct smack_known *dsp = smk_of_inode(dir);
1035         int may;
1036 
1037         if (name)
1038                 *name = XATTR_SMACK_SUFFIX;
1039 
1040         if (value && len) {
1041                 rcu_read_lock();
1042                 may = smk_access_entry(skp->smk_known, dsp->smk_known,
1043                                        &skp->smk_rules);
1044                 rcu_read_unlock();
1045 
1046                 /*
1047                  * If the access rule allows transmutation and
1048                  * the directory requests transmutation then
1049                  * by all means transmute.
1050                  * Mark the inode as changed.
1051                  */
1052                 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
1053                     smk_inode_transmutable(dir)) {
1054                         isp = dsp;
1055                         issp->smk_flags |= SMK_INODE_CHANGED;
1056                 }
1057 
1058                 *value = kstrdup(isp->smk_known, GFP_NOFS);
1059                 if (*value == NULL)
1060                         return -ENOMEM;
1061 
1062                 *len = strlen(isp->smk_known);
1063         }
1064 
1065         return 0;
1066 }
1067 
1068 /**
1069  * smack_inode_link - Smack check on link
1070  * @old_dentry: the existing object
1071  * @dir: unused
1072  * @new_dentry: the new object
1073  *
1074  * Returns 0 if access is permitted, an error code otherwise
1075  */
1076 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1077                             struct dentry *new_dentry)
1078 {
1079         struct smack_known *isp;
1080         struct smk_audit_info ad;
1081         int rc;
1082 
1083         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1084         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1085 
1086         isp = smk_of_inode(d_backing_inode(old_dentry));
1087         rc = smk_curacc(isp, MAY_WRITE, &ad);
1088         rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1089 
1090         if (rc == 0 && d_is_positive(new_dentry)) {
1091                 isp = smk_of_inode(d_backing_inode(new_dentry));
1092                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1093                 rc = smk_curacc(isp, MAY_WRITE, &ad);
1094                 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1095         }
1096 
1097         return rc;
1098 }
1099 
1100 /**
1101  * smack_inode_unlink - Smack check on inode deletion
1102  * @dir: containing directory object
1103  * @dentry: file to unlink
1104  *
1105  * Returns 0 if current can write the containing directory
1106  * and the object, error code otherwise
1107  */
1108 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1109 {
1110         struct inode *ip = d_backing_inode(dentry);
1111         struct smk_audit_info ad;
1112         int rc;
1113 
1114         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1115         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1116 
1117         /*
1118          * You need write access to the thing you're unlinking
1119          */
1120         rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1121         rc = smk_bu_inode(ip, MAY_WRITE, rc);
1122         if (rc == 0) {
1123                 /*
1124                  * You also need write access to the containing directory
1125                  */
1126                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1127                 smk_ad_setfield_u_fs_inode(&ad, dir);
1128                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1129                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1130         }
1131         return rc;
1132 }
1133 
1134 /**
1135  * smack_inode_rmdir - Smack check on directory deletion
1136  * @dir: containing directory object
1137  * @dentry: directory to unlink
1138  *
1139  * Returns 0 if current can write the containing directory
1140  * and the directory, error code otherwise
1141  */
1142 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1143 {
1144         struct smk_audit_info ad;
1145         int rc;
1146 
1147         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1148         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1149 
1150         /*
1151          * You need write access to the thing you're removing
1152          */
1153         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1154         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1155         if (rc == 0) {
1156                 /*
1157                  * You also need write access to the containing directory
1158                  */
1159                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1160                 smk_ad_setfield_u_fs_inode(&ad, dir);
1161                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1162                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1163         }
1164 
1165         return rc;
1166 }
1167 
1168 /**
1169  * smack_inode_rename - Smack check on rename
1170  * @old_inode: unused
1171  * @old_dentry: the old object
1172  * @new_inode: unused
1173  * @new_dentry: the new object
1174  *
1175  * Read and write access is required on both the old and
1176  * new directories.
1177  *
1178  * Returns 0 if access is permitted, an error code otherwise
1179  */
1180 static int smack_inode_rename(struct inode *old_inode,
1181                               struct dentry *old_dentry,
1182                               struct inode *new_inode,
1183                               struct dentry *new_dentry)
1184 {
1185         int rc;
1186         struct smack_known *isp;
1187         struct smk_audit_info ad;
1188 
1189         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1190         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1191 
1192         isp = smk_of_inode(d_backing_inode(old_dentry));
1193         rc = smk_curacc(isp, MAY_READWRITE, &ad);
1194         rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1195 
1196         if (rc == 0 && d_is_positive(new_dentry)) {
1197                 isp = smk_of_inode(d_backing_inode(new_dentry));
1198                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1199                 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1200                 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1201         }
1202         return rc;
1203 }
1204 
1205 /**
1206  * smack_inode_permission - Smack version of permission()
1207  * @inode: the inode in question
1208  * @mask: the access requested
1209  *
1210  * This is the important Smack hook.
1211  *
1212  * Returns 0 if access is permitted, -EACCES otherwise
1213  */
1214 static int smack_inode_permission(struct inode *inode, int mask)
1215 {
1216         struct superblock_smack *sbsp = inode->i_sb->s_security;
1217         struct smk_audit_info ad;
1218         int no_block = mask & MAY_NOT_BLOCK;
1219         int rc;
1220 
1221         mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1222         /*
1223          * No permission to check. Existence test. Yup, it's there.
1224          */
1225         if (mask == 0)
1226                 return 0;
1227 
1228         if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1229                 if (smk_of_inode(inode) != sbsp->smk_root)
1230                         return -EACCES;
1231         }
1232 
1233         /* May be droppable after audit */
1234         if (no_block)
1235                 return -ECHILD;
1236         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1237         smk_ad_setfield_u_fs_inode(&ad, inode);
1238         rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1239         rc = smk_bu_inode(inode, mask, rc);
1240         return rc;
1241 }
1242 
1243 /**
1244  * smack_inode_setattr - Smack check for setting attributes
1245  * @dentry: the object
1246  * @iattr: for the force flag
1247  *
1248  * Returns 0 if access is permitted, an error code otherwise
1249  */
1250 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1251 {
1252         struct smk_audit_info ad;
1253         int rc;
1254 
1255         /*
1256          * Need to allow for clearing the setuid bit.
1257          */
1258         if (iattr->ia_valid & ATTR_FORCE)
1259                 return 0;
1260         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1261         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1262 
1263         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1264         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1265         return rc;
1266 }
1267 
1268 /**
1269  * smack_inode_getattr - Smack check for getting attributes
1270  * @mnt: vfsmount of the object
1271  * @dentry: the object
1272  *
1273  * Returns 0 if access is permitted, an error code otherwise
1274  */
1275 static int smack_inode_getattr(const struct path *path)
1276 {
1277         struct smk_audit_info ad;
1278         struct inode *inode = d_backing_inode(path->dentry);
1279         int rc;
1280 
1281         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1282         smk_ad_setfield_u_fs_path(&ad, *path);
1283         rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1284         rc = smk_bu_inode(inode, MAY_READ, rc);
1285         return rc;
1286 }
1287 
1288 /**
1289  * smack_inode_setxattr - Smack check for setting xattrs
1290  * @dentry: the object
1291  * @name: name of the attribute
1292  * @value: value of the attribute
1293  * @size: size of the value
1294  * @flags: unused
1295  *
1296  * This protects the Smack attribute explicitly.
1297  *
1298  * Returns 0 if access is permitted, an error code otherwise
1299  */
1300 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1301                                 const void *value, size_t size, int flags)
1302 {
1303         struct smk_audit_info ad;
1304         struct smack_known *skp;
1305         int check_priv = 0;
1306         int check_import = 0;
1307         int check_star = 0;
1308         int rc = 0;
1309 
1310         /*
1311          * Check label validity here so import won't fail in post_setxattr
1312          */
1313         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1314             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1315             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1316                 check_priv = 1;
1317                 check_import = 1;
1318         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1319                    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1320                 check_priv = 1;
1321                 check_import = 1;
1322                 check_star = 1;
1323         } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1324                 check_priv = 1;
1325                 if (size != TRANS_TRUE_SIZE ||
1326                     strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1327                         rc = -EINVAL;
1328         } else
1329                 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1330 
1331         if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1332                 rc = -EPERM;
1333 
1334         if (rc == 0 && check_import) {
1335                 skp = size ? smk_import_entry(value, size) : NULL;
1336                 if (IS_ERR(skp))
1337                         rc = PTR_ERR(skp);
1338                 else if (skp == NULL || (check_star &&
1339                     (skp == &smack_known_star || skp == &smack_known_web)))
1340                         rc = -EINVAL;
1341         }
1342 
1343         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1344         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1345 
1346         if (rc == 0) {
1347                 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1348                 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1349         }
1350 
1351         return rc;
1352 }
1353 
1354 /**
1355  * smack_inode_post_setxattr - Apply the Smack update approved above
1356  * @dentry: object
1357  * @name: attribute name
1358  * @value: attribute value
1359  * @size: attribute size
1360  * @flags: unused
1361  *
1362  * Set the pointer in the inode blob to the entry found
1363  * in the master label list.
1364  */
1365 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1366                                       const void *value, size_t size, int flags)
1367 {
1368         struct smack_known *skp;
1369         struct inode_smack *isp = d_backing_inode(dentry)->i_security;
1370 
1371         if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1372                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1373                 return;
1374         }
1375 
1376         if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1377                 skp = smk_import_entry(value, size);
1378                 if (!IS_ERR(skp))
1379                         isp->smk_inode = skp;
1380         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1381                 skp = smk_import_entry(value, size);
1382                 if (!IS_ERR(skp))
1383                         isp->smk_task = skp;
1384         } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1385                 skp = smk_import_entry(value, size);
1386                 if (!IS_ERR(skp))
1387                         isp->smk_mmap = skp;
1388         }
1389 
1390         return;
1391 }
1392 
1393 /**
1394  * smack_inode_getxattr - Smack check on getxattr
1395  * @dentry: the object
1396  * @name: unused
1397  *
1398  * Returns 0 if access is permitted, an error code otherwise
1399  */
1400 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1401 {
1402         struct smk_audit_info ad;
1403         int rc;
1404 
1405         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1406         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1407 
1408         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1409         rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1410         return rc;
1411 }
1412 
1413 /**
1414  * smack_inode_removexattr - Smack check on removexattr
1415  * @dentry: the object
1416  * @name: name of the attribute
1417  *
1418  * Removing the Smack attribute requires CAP_MAC_ADMIN
1419  *
1420  * Returns 0 if access is permitted, an error code otherwise
1421  */
1422 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1423 {
1424         struct inode_smack *isp;
1425         struct smk_audit_info ad;
1426         int rc = 0;
1427 
1428         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1429             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1430             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1431             strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1432             strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1433             strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1434                 if (!smack_privileged(CAP_MAC_ADMIN))
1435                         rc = -EPERM;
1436         } else
1437                 rc = cap_inode_removexattr(dentry, name);
1438 
1439         if (rc != 0)
1440                 return rc;
1441 
1442         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1443         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1444 
1445         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1446         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1447         if (rc != 0)
1448                 return rc;
1449 
1450         isp = d_backing_inode(dentry)->i_security;
1451         /*
1452          * Don't do anything special for these.
1453          *      XATTR_NAME_SMACKIPIN
1454          *      XATTR_NAME_SMACKIPOUT
1455          */
1456         if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1457                 struct super_block *sbp = dentry->d_sb;
1458                 struct superblock_smack *sbsp = sbp->s_security;
1459 
1460                 isp->smk_inode = sbsp->smk_default;
1461         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1462                 isp->smk_task = NULL;
1463         else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1464                 isp->smk_mmap = NULL;
1465         else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1466                 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1467 
1468         return 0;
1469 }
1470 
1471 /**
1472  * smack_inode_getsecurity - get smack xattrs
1473  * @inode: the object
1474  * @name: attribute name
1475  * @buffer: where to put the result
1476  * @alloc: duplicate memory
1477  *
1478  * Returns the size of the attribute or an error code
1479  */
1480 static int smack_inode_getsecurity(struct inode *inode,
1481                                    const char *name, void **buffer,
1482                                    bool alloc)
1483 {
1484         struct socket_smack *ssp;
1485         struct socket *sock;
1486         struct super_block *sbp;
1487         struct inode *ip = (struct inode *)inode;
1488         struct smack_known *isp;
1489 
1490         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
1491                 isp = smk_of_inode(inode);
1492         else {
1493                 /*
1494                  * The rest of the Smack xattrs are only on sockets.
1495                  */
1496                 sbp = ip->i_sb;
1497                 if (sbp->s_magic != SOCKFS_MAGIC)
1498                         return -EOPNOTSUPP;
1499 
1500                 sock = SOCKET_I(ip);
1501                 if (sock == NULL || sock->sk == NULL)
1502                         return -EOPNOTSUPP;
1503 
1504                 ssp = sock->sk->sk_security;
1505 
1506                 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1507                         isp = ssp->smk_in;
1508                 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1509                         isp = ssp->smk_out;
1510                 else
1511                         return -EOPNOTSUPP;
1512         }
1513 
1514         if (alloc) {
1515                 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1516                 if (*buffer == NULL)
1517                         return -ENOMEM;
1518         }
1519 
1520         return strlen(isp->smk_known);
1521 }
1522 
1523 
1524 /**
1525  * smack_inode_listsecurity - list the Smack attributes
1526  * @inode: the object
1527  * @buffer: where they go
1528  * @buffer_size: size of buffer
1529  */
1530 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1531                                     size_t buffer_size)
1532 {
1533         int len = sizeof(XATTR_NAME_SMACK);
1534 
1535         if (buffer != NULL && len <= buffer_size)
1536                 memcpy(buffer, XATTR_NAME_SMACK, len);
1537 
1538         return len;
1539 }
1540 
1541 /**
1542  * smack_inode_getsecid - Extract inode's security id
1543  * @inode: inode to extract the info from
1544  * @secid: where result will be saved
1545  */
1546 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1547 {
1548         struct smack_known *skp = smk_of_inode(inode);
1549 
1550         *secid = skp->smk_secid;
1551 }
1552 
1553 /*
1554  * File Hooks
1555  */
1556 
1557 /*
1558  * There is no smack_file_permission hook
1559  *
1560  * Should access checks be done on each read or write?
1561  * UNICOS and SELinux say yes.
1562  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1563  *
1564  * I'll say no for now. Smack does not do the frequent
1565  * label changing that SELinux does.
1566  */
1567 
1568 /**
1569  * smack_file_alloc_security - assign a file security blob
1570  * @file: the object
1571  *
1572  * The security blob for a file is a pointer to the master
1573  * label list, so no allocation is done.
1574  *
1575  * f_security is the owner security information. It
1576  * isn't used on file access checks, it's for send_sigio.
1577  *
1578  * Returns 0
1579  */
1580 static int smack_file_alloc_security(struct file *file)
1581 {
1582         struct smack_known *skp = smk_of_current();
1583 
1584         file->f_security = skp;
1585         return 0;
1586 }
1587 
1588 /**
1589  * smack_file_free_security - clear a file security blob
1590  * @file: the object
1591  *
1592  * The security blob for a file is a pointer to the master
1593  * label list, so no memory is freed.
1594  */
1595 static void smack_file_free_security(struct file *file)
1596 {
1597         file->f_security = NULL;
1598 }
1599 
1600 /**
1601  * smack_file_ioctl - Smack check on ioctls
1602  * @file: the object
1603  * @cmd: what to do
1604  * @arg: unused
1605  *
1606  * Relies heavily on the correct use of the ioctl command conventions.
1607  *
1608  * Returns 0 if allowed, error code otherwise
1609  */
1610 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1611                             unsigned long arg)
1612 {
1613         int rc = 0;
1614         struct smk_audit_info ad;
1615         struct inode *inode = file_inode(file);
1616 
1617         if (unlikely(IS_PRIVATE(inode)))
1618                 return 0;
1619 
1620         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1621         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1622 
1623         if (_IOC_DIR(cmd) & _IOC_WRITE) {
1624                 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1625                 rc = smk_bu_file(file, MAY_WRITE, rc);
1626         }
1627 
1628         if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1629                 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1630                 rc = smk_bu_file(file, MAY_READ, rc);
1631         }
1632 
1633         return rc;
1634 }
1635 
1636 /**
1637  * smack_file_lock - Smack check on file locking
1638  * @file: the object
1639  * @cmd: unused
1640  *
1641  * Returns 0 if current has lock access, error code otherwise
1642  */
1643 static int smack_file_lock(struct file *file, unsigned int cmd)
1644 {
1645         struct smk_audit_info ad;
1646         int rc;
1647         struct inode *inode = file_inode(file);
1648 
1649         if (unlikely(IS_PRIVATE(inode)))
1650                 return 0;
1651 
1652         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1653         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1654         rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1655         rc = smk_bu_file(file, MAY_LOCK, rc);
1656         return rc;
1657 }
1658 
1659 /**
1660  * smack_file_fcntl - Smack check on fcntl
1661  * @file: the object
1662  * @cmd: what action to check
1663  * @arg: unused
1664  *
1665  * Generally these operations are harmless.
1666  * File locking operations present an obvious mechanism
1667  * for passing information, so they require write access.
1668  *
1669  * Returns 0 if current has access, error code otherwise
1670  */
1671 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1672                             unsigned long arg)
1673 {
1674         struct smk_audit_info ad;
1675         int rc = 0;
1676         struct inode *inode = file_inode(file);
1677 
1678         if (unlikely(IS_PRIVATE(inode)))
1679                 return 0;
1680 
1681         switch (cmd) {
1682         case F_GETLK:
1683                 break;
1684         case F_SETLK:
1685         case F_SETLKW:
1686                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1687                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1688                 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1689                 rc = smk_bu_file(file, MAY_LOCK, rc);
1690                 break;
1691         case F_SETOWN:
1692         case F_SETSIG:
1693                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1694                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1695                 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1696                 rc = smk_bu_file(file, MAY_WRITE, rc);
1697                 break;
1698         default:
1699                 break;
1700         }
1701 
1702         return rc;
1703 }
1704 
1705 /**
1706  * smack_mmap_file :
1707  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1708  * if mapping anonymous memory.
1709  * @file contains the file structure for file to map (may be NULL).
1710  * @reqprot contains the protection requested by the application.
1711  * @prot contains the protection that will be applied by the kernel.
1712  * @flags contains the operational flags.
1713  * Return 0 if permission is granted.
1714  */
1715 static int smack_mmap_file(struct file *file,
1716                            unsigned long reqprot, unsigned long prot,
1717                            unsigned long flags)
1718 {
1719         struct smack_known *skp;
1720         struct smack_known *mkp;
1721         struct smack_rule *srp;
1722         struct task_smack *tsp;
1723         struct smack_known *okp;
1724         struct inode_smack *isp;
1725         struct superblock_smack *sbsp;
1726         int may;
1727         int mmay;
1728         int tmay;
1729         int rc;
1730 
1731         if (file == NULL)
1732                 return 0;
1733 
1734         if (unlikely(IS_PRIVATE(file_inode(file))))
1735                 return 0;
1736 
1737         isp = file_inode(file)->i_security;
1738         if (isp->smk_mmap == NULL)
1739                 return 0;
1740         sbsp = file_inode(file)->i_sb->s_security;
1741         if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1742             isp->smk_mmap != sbsp->smk_root)
1743                 return -EACCES;
1744         mkp = isp->smk_mmap;
1745 
1746         tsp = current_security();
1747         skp = smk_of_current();
1748         rc = 0;
1749 
1750         rcu_read_lock();
1751         /*
1752          * For each Smack rule associated with the subject
1753          * label verify that the SMACK64MMAP also has access
1754          * to that rule's object label.
1755          */
1756         list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1757                 okp = srp->smk_object;
1758                 /*
1759                  * Matching labels always allows access.
1760                  */
1761                 if (mkp->smk_known == okp->smk_known)
1762                         continue;
1763                 /*
1764                  * If there is a matching local rule take
1765                  * that into account as well.
1766                  */
1767                 may = smk_access_entry(srp->smk_subject->smk_known,
1768                                        okp->smk_known,
1769                                        &tsp->smk_rules);
1770                 if (may == -ENOENT)
1771                         may = srp->smk_access;
1772                 else
1773                         may &= srp->smk_access;
1774                 /*
1775                  * If may is zero the SMACK64MMAP subject can't
1776                  * possibly have less access.
1777                  */
1778                 if (may == 0)
1779                         continue;
1780 
1781                 /*
1782                  * Fetch the global list entry.
1783                  * If there isn't one a SMACK64MMAP subject
1784                  * can't have as much access as current.
1785                  */
1786                 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1787                                         &mkp->smk_rules);
1788                 if (mmay == -ENOENT) {
1789                         rc = -EACCES;
1790                         break;
1791                 }
1792                 /*
1793                  * If there is a local entry it modifies the
1794                  * potential access, too.
1795                  */
1796                 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1797                                         &tsp->smk_rules);
1798                 if (tmay != -ENOENT)
1799                         mmay &= tmay;
1800 
1801                 /*
1802                  * If there is any access available to current that is
1803                  * not available to a SMACK64MMAP subject
1804                  * deny access.
1805                  */
1806                 if ((may | mmay) != mmay) {
1807                         rc = -EACCES;
1808                         break;
1809                 }
1810         }
1811 
1812         rcu_read_unlock();
1813 
1814         return rc;
1815 }
1816 
1817 /**
1818  * smack_file_set_fowner - set the file security blob value
1819  * @file: object in question
1820  *
1821  */
1822 static void smack_file_set_fowner(struct file *file)
1823 {
1824         file->f_security = smk_of_current();
1825 }
1826 
1827 /**
1828  * smack_file_send_sigiotask - Smack on sigio
1829  * @tsk: The target task
1830  * @fown: the object the signal come from
1831  * @signum: unused
1832  *
1833  * Allow a privileged task to get signals even if it shouldn't
1834  *
1835  * Returns 0 if a subject with the object's smack could
1836  * write to the task, an error code otherwise.
1837  */
1838 static int smack_file_send_sigiotask(struct task_struct *tsk,
1839                                      struct fown_struct *fown, int signum)
1840 {
1841         struct smack_known *skp;
1842         struct smack_known *tkp = smk_of_task(tsk->cred->security);
1843         struct file *file;
1844         int rc;
1845         struct smk_audit_info ad;
1846 
1847         /*
1848          * struct fown_struct is never outside the context of a struct file
1849          */
1850         file = container_of(fown, struct file, f_owner);
1851 
1852         /* we don't log here as rc can be overriden */
1853         skp = file->f_security;
1854         rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1855         rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1856         if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1857                 rc = 0;
1858 
1859         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1860         smk_ad_setfield_u_tsk(&ad, tsk);
1861         smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1862         return rc;
1863 }
1864 
1865 /**
1866  * smack_file_receive - Smack file receive check
1867  * @file: the object
1868  *
1869  * Returns 0 if current has access, error code otherwise
1870  */
1871 static int smack_file_receive(struct file *file)
1872 {
1873         int rc;
1874         int may = 0;
1875         struct smk_audit_info ad;
1876         struct inode *inode = file_inode(file);
1877         struct socket *sock;
1878         struct task_smack *tsp;
1879         struct socket_smack *ssp;
1880 
1881         if (unlikely(IS_PRIVATE(inode)))
1882                 return 0;
1883 
1884         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1885         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1886 
1887         if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1888                 sock = SOCKET_I(inode);
1889                 ssp = sock->sk->sk_security;
1890                 tsp = current_security();
1891                 /*
1892                  * If the receiving process can't write to the
1893                  * passed socket or if the passed socket can't
1894                  * write to the receiving process don't accept
1895                  * the passed socket.
1896                  */
1897                 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1898                 rc = smk_bu_file(file, may, rc);
1899                 if (rc < 0)
1900                         return rc;
1901                 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1902                 rc = smk_bu_file(file, may, rc);
1903                 return rc;
1904         }
1905         /*
1906          * This code relies on bitmasks.
1907          */
1908         if (file->f_mode & FMODE_READ)
1909                 may = MAY_READ;
1910         if (file->f_mode & FMODE_WRITE)
1911                 may |= MAY_WRITE;
1912 
1913         rc = smk_curacc(smk_of_inode(inode), may, &ad);
1914         rc = smk_bu_file(file, may, rc);
1915         return rc;
1916 }
1917 
1918 /**
1919  * smack_file_open - Smack dentry open processing
1920  * @file: the object
1921  * @cred: task credential
1922  *
1923  * Set the security blob in the file structure.
1924  * Allow the open only if the task has read access. There are
1925  * many read operations (e.g. fstat) that you can do with an
1926  * fd even if you have the file open write-only.
1927  *
1928  * Returns 0
1929  */
1930 static int smack_file_open(struct file *file, const struct cred *cred)
1931 {
1932         struct task_smack *tsp = cred->security;
1933         struct inode *inode = file_inode(file);
1934         struct smk_audit_info ad;
1935         int rc;
1936 
1937         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1938         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1939         rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1940         rc = smk_bu_credfile(cred, file, MAY_READ, rc);
1941 
1942         return rc;
1943 }
1944 
1945 /*
1946  * Task hooks
1947  */
1948 
1949 /**
1950  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1951  * @new: the new credentials
1952  * @gfp: the atomicity of any memory allocations
1953  *
1954  * Prepare a blank set of credentials for modification.  This must allocate all
1955  * the memory the LSM module might require such that cred_transfer() can
1956  * complete without error.
1957  */
1958 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1959 {
1960         struct task_smack *tsp;
1961 
1962         tsp = new_task_smack(NULL, NULL, gfp);
1963         if (tsp == NULL)
1964                 return -ENOMEM;
1965 
1966         cred->security = tsp;
1967 
1968         return 0;
1969 }
1970 
1971 
1972 /**
1973  * smack_cred_free - "free" task-level security credentials
1974  * @cred: the credentials in question
1975  *
1976  */
1977 static void smack_cred_free(struct cred *cred)
1978 {
1979         struct task_smack *tsp = cred->security;
1980         struct smack_rule *rp;
1981         struct list_head *l;
1982         struct list_head *n;
1983 
1984         if (tsp == NULL)
1985                 return;
1986         cred->security = NULL;
1987 
1988         smk_destroy_label_list(&tsp->smk_relabel);
1989 
1990         list_for_each_safe(l, n, &tsp->smk_rules) {
1991                 rp = list_entry(l, struct smack_rule, list);
1992                 list_del(&rp->list);
1993                 kfree(rp);
1994         }
1995         kfree(tsp);
1996 }
1997 
1998 /**
1999  * smack_cred_prepare - prepare new set of credentials for modification
2000  * @new: the new credentials
2001  * @old: the original credentials
2002  * @gfp: the atomicity of any memory allocations
2003  *
2004  * Prepare a new set of credentials for modification.
2005  */
2006 static int smack_cred_prepare(struct cred *new, const struct cred *old,
2007                               gfp_t gfp)
2008 {
2009         struct task_smack *old_tsp = old->security;
2010         struct task_smack *new_tsp;
2011         int rc;
2012 
2013         new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
2014         if (new_tsp == NULL)
2015                 return -ENOMEM;
2016 
2017         new->security = new_tsp;
2018 
2019         rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2020         if (rc != 0)
2021                 return rc;
2022 
2023         rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2024                                 gfp);
2025         if (rc != 0)
2026                 return rc;
2027 
2028         return 0;
2029 }
2030 
2031 /**
2032  * smack_cred_transfer - Transfer the old credentials to the new credentials
2033  * @new: the new credentials
2034  * @old: the original credentials
2035  *
2036  * Fill in a set of blank credentials from another set of credentials.
2037  */
2038 static void smack_cred_transfer(struct cred *new, const struct cred *old)
2039 {
2040         struct task_smack *old_tsp = old->security;
2041         struct task_smack *new_tsp = new->security;
2042 
2043         new_tsp->smk_task = old_tsp->smk_task;
2044         new_tsp->smk_forked = old_tsp->smk_task;
2045         mutex_init(&new_tsp->smk_rules_lock);
2046         INIT_LIST_HEAD(&new_tsp->smk_rules);
2047 
2048 
2049         /* cbs copy rule list */
2050 }
2051 
2052 /**
2053  * smack_cred_getsecid - get the secid corresponding to a creds structure
2054  * @c: the object creds
2055  * @secid: where to put the result
2056  *
2057  * Sets the secid to contain a u32 version of the smack label.
2058  */
2059 static void smack_cred_getsecid(const struct cred *c, u32 *secid)
2060 {
2061         struct smack_known *skp;
2062 
2063         rcu_read_lock();
2064         skp = smk_of_task(c->security);
2065         *secid = skp->smk_secid;
2066         rcu_read_unlock();
2067 }
2068 
2069 /**
2070  * smack_kernel_act_as - Set the subjective context in a set of credentials
2071  * @new: points to the set of credentials to be modified.
2072  * @secid: specifies the security ID to be set
2073  *
2074  * Set the security data for a kernel service.
2075  */
2076 static int smack_kernel_act_as(struct cred *new, u32 secid)
2077 {
2078         struct task_smack *new_tsp = new->security;
2079 
2080         new_tsp->smk_task = smack_from_secid(secid);
2081         return 0;
2082 }
2083 
2084 /**
2085  * smack_kernel_create_files_as - Set the file creation label in a set of creds
2086  * @new: points to the set of credentials to be modified
2087  * @inode: points to the inode to use as a reference
2088  *
2089  * Set the file creation context in a set of credentials to the same
2090  * as the objective context of the specified inode
2091  */
2092 static int smack_kernel_create_files_as(struct cred *new,
2093                                         struct inode *inode)
2094 {
2095         struct inode_smack *isp = inode->i_security;
2096         struct task_smack *tsp = new->security;
2097 
2098         tsp->smk_forked = isp->smk_inode;
2099         tsp->smk_task = tsp->smk_forked;
2100         return 0;
2101 }
2102 
2103 /**
2104  * smk_curacc_on_task - helper to log task related access
2105  * @p: the task object
2106  * @access: the access requested
2107  * @caller: name of the calling function for audit
2108  *
2109  * Return 0 if access is permitted
2110  */
2111 static int smk_curacc_on_task(struct task_struct *p, int access,
2112                                 const char *caller)
2113 {
2114         struct smk_audit_info ad;
2115         struct smack_known *skp = smk_of_task_struct(p);
2116         int rc;
2117 
2118         smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2119         smk_ad_setfield_u_tsk(&ad, p);
2120         rc = smk_curacc(skp, access, &ad);
2121         rc = smk_bu_task(p, access, rc);
2122         return rc;
2123 }
2124 
2125 /**
2126  * smack_task_setpgid - Smack check on setting pgid
2127  * @p: the task object
2128  * @pgid: unused
2129  *
2130  * Return 0 if write access is permitted
2131  */
2132 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2133 {
2134         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2135 }
2136 
2137 /**
2138  * smack_task_getpgid - Smack access check for getpgid
2139  * @p: the object task
2140  *
2141  * Returns 0 if current can read the object task, error code otherwise
2142  */
2143 static int smack_task_getpgid(struct task_struct *p)
2144 {
2145         return smk_curacc_on_task(p, MAY_READ, __func__);
2146 }
2147 
2148 /**
2149  * smack_task_getsid - Smack access check for getsid
2150  * @p: the object task
2151  *
2152  * Returns 0 if current can read the object task, error code otherwise
2153  */
2154 static int smack_task_getsid(struct task_struct *p)
2155 {
2156         return smk_curacc_on_task(p, MAY_READ, __func__);
2157 }
2158 
2159 /**
2160  * smack_task_getsecid - get the secid of the task
2161  * @p: the object task
2162  * @secid: where to put the result
2163  *
2164  * Sets the secid to contain a u32 version of the smack label.
2165  */
2166 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2167 {
2168         struct smack_known *skp = smk_of_task_struct(p);
2169 
2170         *secid = skp->smk_secid;
2171 }
2172 
2173 /**
2174  * smack_task_setnice - Smack check on setting nice
2175  * @p: the task object
2176  * @nice: unused
2177  *
2178  * Return 0 if write access is permitted
2179  */
2180 static int smack_task_setnice(struct task_struct *p, int nice)
2181 {
2182         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2183 }
2184 
2185 /**
2186  * smack_task_setioprio - Smack check on setting ioprio
2187  * @p: the task object
2188  * @ioprio: unused
2189  *
2190  * Return 0 if write access is permitted
2191  */
2192 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2193 {
2194         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2195 }
2196 
2197 /**
2198  * smack_task_getioprio - Smack check on reading ioprio
2199  * @p: the task object
2200  *
2201  * Return 0 if read access is permitted
2202  */
2203 static int smack_task_getioprio(struct task_struct *p)
2204 {
2205         return smk_curacc_on_task(p, MAY_READ, __func__);
2206 }
2207 
2208 /**
2209  * smack_task_setscheduler - Smack check on setting scheduler
2210  * @p: the task object
2211  * @policy: unused
2212  * @lp: unused
2213  *
2214  * Return 0 if read access is permitted
2215  */
2216 static int smack_task_setscheduler(struct task_struct *p)
2217 {
2218         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2219 }
2220 
2221 /**
2222  * smack_task_getscheduler - Smack check on reading scheduler
2223  * @p: the task object
2224  *
2225  * Return 0 if read access is permitted
2226  */
2227 static int smack_task_getscheduler(struct task_struct *p)
2228 {
2229         return smk_curacc_on_task(p, MAY_READ, __func__);
2230 }
2231 
2232 /**
2233  * smack_task_movememory - Smack check on moving memory
2234  * @p: the task object
2235  *
2236  * Return 0 if write access is permitted
2237  */
2238 static int smack_task_movememory(struct task_struct *p)
2239 {
2240         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2241 }
2242 
2243 /**
2244  * smack_task_kill - Smack check on signal delivery
2245  * @p: the task object
2246  * @info: unused
2247  * @sig: unused
2248  * @cred: identifies the cred to use in lieu of current's
2249  *
2250  * Return 0 if write access is permitted
2251  *
2252  */
2253 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
2254                            int sig, const struct cred *cred)
2255 {
2256         struct smk_audit_info ad;
2257         struct smack_known *skp;
2258         struct smack_known *tkp = smk_of_task_struct(p);
2259         int rc;
2260 
2261         if (!sig)
2262                 return 0; /* null signal; existence test */
2263 
2264         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2265         smk_ad_setfield_u_tsk(&ad, p);
2266         /*
2267          * Sending a signal requires that the sender
2268          * can write the receiver.
2269          */
2270         if (cred == NULL) {
2271                 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2272                 rc = smk_bu_task(p, MAY_DELIVER, rc);
2273                 return rc;
2274         }
2275         /*
2276          * If the cred isn't NULL we're dealing with some USB IO
2277          * specific behavior. This is not clean. For one thing
2278          * we can't take privilege into account.
2279          */
2280         skp = smk_of_task(cred->security);
2281         rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2282         rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2283         return rc;
2284 }
2285 
2286 /**
2287  * smack_task_to_inode - copy task smack into the inode blob
2288  * @p: task to copy from
2289  * @inode: inode to copy to
2290  *
2291  * Sets the smack pointer in the inode security blob
2292  */
2293 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2294 {
2295         struct inode_smack *isp = inode->i_security;
2296         struct smack_known *skp = smk_of_task_struct(p);
2297 
2298         isp->smk_inode = skp;
2299         isp->smk_flags |= SMK_INODE_INSTANT;
2300 }
2301 
2302 /*
2303  * Socket hooks.
2304  */
2305 
2306 /**
2307  * smack_sk_alloc_security - Allocate a socket blob
2308  * @sk: the socket
2309  * @family: unused
2310  * @gfp_flags: memory allocation flags
2311  *
2312  * Assign Smack pointers to current
2313  *
2314  * Returns 0 on success, -ENOMEM is there's no memory
2315  */
2316 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2317 {
2318         struct smack_known *skp = smk_of_current();
2319         struct socket_smack *ssp;
2320 
2321         ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2322         if (ssp == NULL)
2323                 return -ENOMEM;
2324 
2325         /*
2326          * Sockets created by kernel threads receive web label.
2327          */
2328         if (unlikely(current->flags & PF_KTHREAD)) {
2329                 ssp->smk_in = &smack_known_web;
2330                 ssp->smk_out = &smack_known_web;
2331         } else {
2332                 ssp->smk_in = skp;
2333                 ssp->smk_out = skp;
2334         }
2335         ssp->smk_packet = NULL;
2336 
2337         sk->sk_security = ssp;
2338 
2339         return 0;
2340 }
2341 
2342 /**
2343  * smack_sk_free_security - Free a socket blob
2344  * @sk: the socket
2345  *
2346  * Clears the blob pointer
2347  */
2348 static void smack_sk_free_security(struct sock *sk)
2349 {
2350 #ifdef SMACK_IPV6_PORT_LABELING
2351         struct smk_port_label *spp;
2352 
2353         if (sk->sk_family == PF_INET6) {
2354                 rcu_read_lock();
2355                 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2356                         if (spp->smk_sock != sk)
2357                                 continue;
2358                         spp->smk_can_reuse = 1;
2359                         break;
2360                 }
2361                 rcu_read_unlock();
2362         }
2363 #endif
2364         kfree(sk->sk_security);
2365 }
2366 
2367 /**
2368 * smack_ipv4host_label - check host based restrictions
2369 * @sip: the object end
2370 *
2371 * looks for host based access restrictions
2372 *
2373 * This version will only be appropriate for really small sets of single label
2374 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2375 * taken before calling this function.
2376 *
2377 * Returns the label of the far end or NULL if it's not special.
2378 */
2379 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2380 {
2381         struct smk_net4addr *snp;
2382         struct in_addr *siap = &sip->sin_addr;
2383 
2384         if (siap->s_addr == 0)
2385                 return NULL;
2386 
2387         list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2388                 /*
2389                  * we break after finding the first match because
2390                  * the list is sorted from longest to shortest mask
2391                  * so we have found the most specific match
2392                  */
2393                 if (snp->smk_host.s_addr ==
2394                     (siap->s_addr & snp->smk_mask.s_addr))
2395                         return snp->smk_label;
2396 
2397         return NULL;
2398 }
2399 
2400 #if IS_ENABLED(CONFIG_IPV6)
2401 /*
2402  * smk_ipv6_localhost - Check for local ipv6 host address
2403  * @sip: the address
2404  *
2405  * Returns boolean true if this is the localhost address
2406  */
2407 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2408 {
2409         __be16 *be16p = (__be16 *)&sip->sin6_addr;
2410         __be32 *be32p = (__be32 *)&sip->sin6_addr;
2411 
2412         if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2413             ntohs(be16p[7]) == 1)
2414                 return true;
2415         return false;
2416 }
2417 
2418 /**
2419 * smack_ipv6host_label - check host based restrictions
2420 * @sip: the object end
2421 *
2422 * looks for host based access restrictions
2423 *
2424 * This version will only be appropriate for really small sets of single label
2425 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2426 * taken before calling this function.
2427 *
2428 * Returns the label of the far end or NULL if it's not special.
2429 */
2430 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2431 {
2432         struct smk_net6addr *snp;
2433         struct in6_addr *sap = &sip->sin6_addr;
2434         int i;
2435         int found = 0;
2436 
2437         /*
2438          * It's local. Don't look for a host label.
2439          */
2440         if (smk_ipv6_localhost(sip))
2441                 return NULL;
2442 
2443         list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2444                 /*
2445                  * If the label is NULL the entry has
2446                  * been renounced. Ignore it.
2447                  */
2448                 if (snp->smk_label == NULL)
2449                         continue;
2450                 /*
2451                 * we break after finding the first match because
2452                 * the list is sorted from longest to shortest mask
2453                 * so we have found the most specific match
2454                 */
2455                 for (found = 1, i = 0; i < 8; i++) {
2456                         if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2457                             snp->smk_host.s6_addr16[i]) {
2458                                 found = 0;
2459                                 break;
2460                         }
2461                 }
2462                 if (found)
2463                         return snp->smk_label;
2464         }
2465 
2466         return NULL;
2467 }
2468 #endif /* CONFIG_IPV6 */
2469 
2470 /**
2471  * smack_netlabel - Set the secattr on a socket
2472  * @sk: the socket
2473  * @labeled: socket label scheme
2474  *
2475  * Convert the outbound smack value (smk_out) to a
2476  * secattr and attach it to the socket.
2477  *
2478  * Returns 0 on success or an error code
2479  */
2480 static int smack_netlabel(struct sock *sk, int labeled)
2481 {
2482         struct smack_known *skp;
2483         struct socket_smack *ssp = sk->sk_security;
2484         int rc = 0;
2485 
2486         /*
2487          * Usually the netlabel code will handle changing the
2488          * packet labeling based on the label.
2489          * The case of a single label host is different, because
2490          * a single label host should never get a labeled packet
2491          * even though the label is usually associated with a packet
2492          * label.
2493          */
2494         local_bh_disable();
2495         bh_lock_sock_nested(sk);
2496 
2497         if (ssp->smk_out == smack_net_ambient ||
2498             labeled == SMACK_UNLABELED_SOCKET)
2499                 netlbl_sock_delattr(sk);
2500         else {
2501                 skp = ssp->smk_out;
2502                 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2503         }
2504 
2505         bh_unlock_sock(sk);
2506         local_bh_enable();
2507 
2508         return rc;
2509 }
2510 
2511 /**
2512  * smack_netlbel_send - Set the secattr on a socket and perform access checks
2513  * @sk: the socket
2514  * @sap: the destination address
2515  *
2516  * Set the correct secattr for the given socket based on the destination
2517  * address and perform any outbound access checks needed.
2518  *
2519  * Returns 0 on success or an error code.
2520  *
2521  */
2522 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2523 {
2524         struct smack_known *skp;
2525         int rc;
2526         int sk_lbl;
2527         struct smack_known *hkp;
2528         struct socket_smack *ssp = sk->sk_security;
2529         struct smk_audit_info ad;
2530 
2531         rcu_read_lock();
2532         hkp = smack_ipv4host_label(sap);
2533         if (hkp != NULL) {
2534 #ifdef CONFIG_AUDIT
2535                 struct lsm_network_audit net;
2536 
2537                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2538                 ad.a.u.net->family = sap->sin_family;
2539                 ad.a.u.net->dport = sap->sin_port;
2540                 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2541 #endif
2542                 sk_lbl = SMACK_UNLABELED_SOCKET;
2543                 skp = ssp->smk_out;
2544                 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2545                 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2546         } else {
2547                 sk_lbl = SMACK_CIPSO_SOCKET;
2548                 rc = 0;
2549         }
2550         rcu_read_unlock();
2551         if (rc != 0)
2552                 return rc;
2553 
2554         return smack_netlabel(sk, sk_lbl);
2555 }
2556 
2557 #if IS_ENABLED(CONFIG_IPV6)
2558 /**
2559  * smk_ipv6_check - check Smack access
2560  * @subject: subject Smack label
2561  * @object: object Smack label
2562  * @address: address
2563  * @act: the action being taken
2564  *
2565  * Check an IPv6 access
2566  */
2567 static int smk_ipv6_check(struct smack_known *subject,
2568                                 struct smack_known *object,
2569                                 struct sockaddr_in6 *address, int act)
2570 {
2571 #ifdef CONFIG_AUDIT
2572         struct lsm_network_audit net;
2573 #endif
2574         struct smk_audit_info ad;
2575         int rc;
2576 
2577 #ifdef CONFIG_AUDIT
2578         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2579         ad.a.u.net->family = PF_INET6;
2580         ad.a.u.net->dport = ntohs(address->sin6_port);
2581         if (act == SMK_RECEIVING)
2582                 ad.a.u.net->v6info.saddr = address->sin6_addr;
2583         else
2584                 ad.a.u.net->v6info.daddr = address->sin6_addr;
2585 #endif
2586         rc = smk_access(subject, object, MAY_WRITE, &ad);
2587         rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2588         return rc;
2589 }
2590 #endif /* CONFIG_IPV6 */
2591 
2592 #ifdef SMACK_IPV6_PORT_LABELING
2593 /**
2594  * smk_ipv6_port_label - Smack port access table management
2595  * @sock: socket
2596  * @address: address
2597  *
2598  * Create or update the port list entry
2599  */
2600 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2601 {
2602         struct sock *sk = sock->sk;
2603         struct sockaddr_in6 *addr6;
2604         struct socket_smack *ssp = sock->sk->sk_security;
2605         struct smk_port_label *spp;
2606         unsigned short port = 0;
2607 
2608         if (address == NULL) {
2609                 /*
2610                  * This operation is changing the Smack information
2611                  * on the bound socket. Take the changes to the port
2612                  * as well.
2613                  */
2614                 rcu_read_lock();
2615                 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2616                         if (sk != spp->smk_sock)
2617                                 continue;
2618                         spp->smk_in = ssp->smk_in;
2619                         spp->smk_out = ssp->smk_out;
2620                         rcu_read_unlock();
2621                         return;
2622                 }
2623                 /*
2624                  * A NULL address is only used for updating existing
2625                  * bound entries. If there isn't one, it's OK.
2626                  */
2627                 rcu_read_unlock();
2628                 return;
2629         }
2630 
2631         addr6 = (struct sockaddr_in6 *)address;
2632         port = ntohs(addr6->sin6_port);
2633         /*
2634          * This is a special case that is safely ignored.
2635          */
2636         if (port == 0)
2637                 return;
2638 
2639         /*
2640          * Look for an existing port list entry.
2641          * This is an indication that a port is getting reused.
2642          */
2643         rcu_read_lock();
2644         list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2645                 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2646                         continue;
2647                 if (spp->smk_can_reuse != 1) {
2648                         rcu_read_unlock();
2649                         return;
2650                 }
2651                 spp->smk_port = port;
2652                 spp->smk_sock = sk;
2653                 spp->smk_in = ssp->smk_in;
2654                 spp->smk_out = ssp->smk_out;
2655                 spp->smk_can_reuse = 0;
2656                 rcu_read_unlock();
2657                 return;
2658         }
2659         rcu_read_unlock();
2660         /*
2661          * A new port entry is required.
2662          */
2663         spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2664         if (spp == NULL)
2665                 return;
2666 
2667         spp->smk_port = port;
2668         spp->smk_sock = sk;
2669         spp->smk_in = ssp->smk_in;
2670         spp->smk_out = ssp->smk_out;
2671         spp->smk_sock_type = sock->type;
2672         spp->smk_can_reuse = 0;
2673 
2674         mutex_lock(&smack_ipv6_lock);
2675         list_add_rcu(&spp->list, &smk_ipv6_port_list);
2676         mutex_unlock(&smack_ipv6_lock);
2677         return;
2678 }
2679 
2680 /**
2681  * smk_ipv6_port_check - check Smack port access
2682  * @sock: socket
2683  * @address: address
2684  *
2685  * Create or update the port list entry
2686  */
2687 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2688                                 int act)
2689 {
2690         struct smk_port_label *spp;
2691         struct socket_smack *ssp = sk->sk_security;
2692         struct smack_known *skp = NULL;
2693         unsigned short port;
2694         struct smack_known *object;
2695 
2696         if (act == SMK_RECEIVING) {
2697                 skp = smack_ipv6host_label(address);
2698                 object = ssp->smk_in;
2699         } else {
2700                 skp = ssp->smk_out;
2701                 object = smack_ipv6host_label(address);
2702         }
2703 
2704         /*
2705          * The other end is a single label host.
2706          */
2707         if (skp != NULL && object != NULL)
2708                 return smk_ipv6_check(skp, object, address, act);
2709         if (skp == NULL)
2710                 skp = smack_net_ambient;
2711         if (object == NULL)
2712                 object = smack_net_ambient;
2713 
2714         /*
2715          * It's remote, so port lookup does no good.
2716          */
2717         if (!smk_ipv6_localhost(address))
2718                 return smk_ipv6_check(skp, object, address, act);
2719 
2720         /*
2721          * It's local so the send check has to have passed.
2722          */
2723         if (act == SMK_RECEIVING)
2724                 return 0;
2725 
2726         port = ntohs(address->sin6_port);
2727         rcu_read_lock();
2728         list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2729                 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2730                         continue;
2731                 object = spp->smk_in;
2732                 if (act == SMK_CONNECTING)
2733                         ssp->smk_packet = spp->smk_out;
2734                 break;
2735         }
2736         rcu_read_unlock();
2737 
2738         return smk_ipv6_check(skp, object, address, act);
2739 }
2740 #endif /* SMACK_IPV6_PORT_LABELING */
2741 
2742 /**
2743  * smack_inode_setsecurity - set smack xattrs
2744  * @inode: the object
2745  * @name: attribute name
2746  * @value: attribute value
2747  * @size: size of the attribute
2748  * @flags: unused
2749  *
2750  * Sets the named attribute in the appropriate blob
2751  *
2752  * Returns 0 on success, or an error code
2753  */
2754 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2755                                    const void *value, size_t size, int flags)
2756 {
2757         struct smack_known *skp;
2758         struct inode_smack *nsp = inode->i_security;
2759         struct socket_smack *ssp;
2760         struct socket *sock;
2761         int rc = 0;
2762 
2763         if (value == NULL || size > SMK_LONGLABEL || size == 0)
2764                 return -EINVAL;
2765 
2766         skp = smk_import_entry(value, size);
2767         if (IS_ERR(skp))
2768                 return PTR_ERR(skp);
2769 
2770         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2771                 nsp->smk_inode = skp;
2772                 nsp->smk_flags |= SMK_INODE_INSTANT;
2773                 return 0;
2774         }
2775         /*
2776          * The rest of the Smack xattrs are only on sockets.
2777          */
2778         if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2779                 return -EOPNOTSUPP;
2780 
2781         sock = SOCKET_I(inode);
2782         if (sock == NULL || sock->sk == NULL)
2783                 return -EOPNOTSUPP;
2784 
2785         ssp = sock->sk->sk_security;
2786 
2787         if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2788                 ssp->smk_in = skp;
2789         else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2790                 ssp->smk_out = skp;
2791                 if (sock->sk->sk_family == PF_INET) {
2792                         rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2793                         if (rc != 0)
2794                                 printk(KERN_WARNING
2795                                         "Smack: \"%s\" netlbl error %d.\n",
2796                                         __func__, -rc);
2797                 }
2798         } else
2799                 return -EOPNOTSUPP;
2800 
2801 #ifdef SMACK_IPV6_PORT_LABELING
2802         if (sock->sk->sk_family == PF_INET6)
2803                 smk_ipv6_port_label(sock, NULL);
2804 #endif
2805 
2806         return 0;
2807 }
2808 
2809 /**
2810  * smack_socket_post_create - finish socket setup
2811  * @sock: the socket
2812  * @family: protocol family
2813  * @type: unused
2814  * @protocol: unused
2815  * @kern: unused
2816  *
2817  * Sets the netlabel information on the socket
2818  *
2819  * Returns 0 on success, and error code otherwise
2820  */
2821 static int smack_socket_post_create(struct socket *sock, int family,
2822                                     int type, int protocol, int kern)
2823 {
2824         struct socket_smack *ssp;
2825 
2826         if (sock->sk == NULL)
2827                 return 0;
2828 
2829         /*
2830          * Sockets created by kernel threads receive web label.
2831          */
2832         if (unlikely(current->flags & PF_KTHREAD)) {
2833                 ssp = sock->sk->sk_security;
2834                 ssp->smk_in = &smack_known_web;
2835                 ssp->smk_out = &smack_known_web;
2836         }
2837 
2838         if (family != PF_INET)
2839                 return 0;
2840         /*
2841          * Set the outbound netlbl.
2842          */
2843         return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2844 }
2845 
2846 /**
2847  * smack_socket_socketpair - create socket pair
2848  * @socka: one socket
2849  * @sockb: another socket
2850  *
2851  * Cross reference the peer labels for SO_PEERSEC
2852  *
2853  * Returns 0 on success, and error code otherwise
2854  */
2855 static int smack_socket_socketpair(struct socket *socka,
2856                                    struct socket *sockb)
2857 {
2858         struct socket_smack *asp = socka->sk->sk_security;
2859         struct socket_smack *bsp = sockb->sk->sk_security;
2860 
2861         asp->smk_packet = bsp->smk_out;
2862         bsp->smk_packet = asp->smk_out;
2863 
2864         return 0;
2865 }
2866 
2867 #ifdef SMACK_IPV6_PORT_LABELING
2868 /**
2869  * smack_socket_bind - record port binding information.
2870  * @sock: the socket
2871  * @address: the port address
2872  * @addrlen: size of the address
2873  *
2874  * Records the label bound to a port.
2875  *
2876  * Returns 0
2877  */
2878 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2879                                 int addrlen)
2880 {
2881         if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2882                 smk_ipv6_port_label(sock, address);
2883         return 0;
2884 }
2885 #endif /* SMACK_IPV6_PORT_LABELING */
2886 
2887 /**
2888  * smack_socket_connect - connect access check
2889  * @sock: the socket
2890  * @sap: the other end
2891  * @addrlen: size of sap
2892  *
2893  * Verifies that a connection may be possible
2894  *
2895  * Returns 0 on success, and error code otherwise
2896  */
2897 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2898                                 int addrlen)
2899 {
2900         int rc = 0;
2901 #if IS_ENABLED(CONFIG_IPV6)
2902         struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2903 #endif
2904 #ifdef SMACK_IPV6_SECMARK_LABELING
2905         struct smack_known *rsp;
2906         struct socket_smack *ssp;
2907 #endif
2908 
2909         if (sock->sk == NULL)
2910                 return 0;
2911 
2912 #ifdef SMACK_IPV6_SECMARK_LABELING
2913         ssp = sock->sk->sk_security;
2914 #endif
2915 
2916         switch (sock->sk->sk_family) {
2917         case PF_INET:
2918                 if (addrlen < sizeof(struct sockaddr_in))
2919                         return -EINVAL;
2920                 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2921                 break;
2922         case PF_INET6:
2923                 if (addrlen < sizeof(struct sockaddr_in6))
2924                         return -EINVAL;
2925 #ifdef SMACK_IPV6_SECMARK_LABELING
2926                 rsp = smack_ipv6host_label(sip);
2927                 if (rsp != NULL)
2928                         rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2929                                                 SMK_CONNECTING);
2930 #endif
2931 #ifdef SMACK_IPV6_PORT_LABELING
2932                 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2933 #endif
2934                 break;
2935         }
2936         return rc;
2937 }
2938 
2939 /**
2940  * smack_flags_to_may - convert S_ to MAY_ values
2941  * @flags: the S_ value
2942  *
2943  * Returns the equivalent MAY_ value
2944  */
2945 static int smack_flags_to_may(int flags)
2946 {
2947         int may = 0;
2948 
2949         if (flags & S_IRUGO)
2950                 may |= MAY_READ;
2951         if (flags & S_IWUGO)
2952                 may |= MAY_WRITE;
2953         if (flags & S_IXUGO)
2954                 may |= MAY_EXEC;
2955 
2956         return may;
2957 }
2958 
2959 /**
2960  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2961  * @msg: the object
2962  *
2963  * Returns 0
2964  */
2965 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2966 {
2967         struct smack_known *skp = smk_of_current();
2968 
2969         msg->security = skp;
2970         return 0;
2971 }
2972 
2973 /**
2974  * smack_msg_msg_free_security - Clear the security blob for msg_msg
2975  * @msg: the object
2976  *
2977  * Clears the blob pointer
2978  */
2979 static void smack_msg_msg_free_security(struct msg_msg *msg)
2980 {
2981         msg->security = NULL;
2982 }
2983 
2984 /**
2985  * smack_of_ipc - the smack pointer for the ipc
2986  * @isp: the object
2987  *
2988  * Returns a pointer to the smack value
2989  */
2990 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
2991 {
2992         return (struct smack_known *)isp->security;
2993 }
2994 
2995 /**
2996  * smack_ipc_alloc_security - Set the security blob for ipc
2997  * @isp: the object
2998  *
2999  * Returns 0
3000  */
3001 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
3002 {
3003         struct smack_known *skp = smk_of_current();
3004 
3005         isp->security = skp;
3006         return 0;
3007 }
3008 
3009 /**
3010  * smack_ipc_free_security - Clear the security blob for ipc
3011  * @isp: the object
3012  *
3013  * Clears the blob pointer
3014  */
3015 static void smack_ipc_free_security(struct kern_ipc_perm *isp)
3016 {
3017         isp->security = NULL;
3018 }
3019 
3020 /**
3021  * smk_curacc_shm : check if current has access on shm
3022  * @isp : the object
3023  * @access : access requested
3024  *
3025  * Returns 0 if current has the requested access, error code otherwise
3026  */
3027 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
3028 {
3029         struct smack_known *ssp = smack_of_ipc(isp);
3030         struct smk_audit_info ad;
3031         int rc;
3032 
3033 #ifdef CONFIG_AUDIT
3034         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3035         ad.a.u.ipc_id = isp->id;
3036 #endif
3037         rc = smk_curacc(ssp, access, &ad);
3038         rc = smk_bu_current("shm", ssp, access, rc);
3039         return rc;
3040 }
3041 
3042 /**
3043  * smack_shm_associate - Smack access check for shm
3044  * @isp: the object
3045  * @shmflg: access requested
3046  *
3047  * Returns 0 if current has the requested access, error code otherwise
3048  */
3049 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
3050 {
3051         int may;
3052 
3053         may = smack_flags_to_may(shmflg);
3054         return smk_curacc_shm(isp, may);
3055 }
3056 
3057 /**
3058  * smack_shm_shmctl - Smack access check for shm
3059  * @isp: the object
3060  * @cmd: what it wants to do
3061  *
3062  * Returns 0 if current has the requested access, error code otherwise
3063  */
3064 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
3065 {
3066         int may;
3067 
3068         switch (cmd) {
3069         case IPC_STAT:
3070         case SHM_STAT:
3071         case SHM_STAT_ANY:
3072                 may = MAY_READ;
3073                 break;
3074         case IPC_SET:
3075         case SHM_LOCK:
3076         case SHM_UNLOCK:
3077         case IPC_RMID:
3078                 may = MAY_READWRITE;
3079                 break;
3080         case IPC_INFO:
3081         case SHM_INFO:
3082                 /*
3083                  * System level information.
3084                  */
3085                 return 0;
3086         default:
3087                 return -EINVAL;
3088         }
3089         return smk_curacc_shm(isp, may);
3090 }
3091 
3092 /**
3093  * smack_shm_shmat - Smack access for shmat
3094  * @isp: the object
3095  * @shmaddr: unused
3096  * @shmflg: access requested
3097  *
3098  * Returns 0 if current has the requested access, error code otherwise
3099  */
3100 static int smack_shm_shmat(struct kern_ipc_perm *ipc, char __user *shmaddr,
3101                            int shmflg)
3102 {
3103         int may;
3104 
3105         may = smack_flags_to_may(shmflg);
3106         return smk_curacc_shm(ipc, may);
3107 }
3108 
3109 /**
3110  * smk_curacc_sem : check if current has access on sem
3111  * @isp : the object
3112  * @access : access requested
3113  *
3114  * Returns 0 if current has the requested access, error code otherwise
3115  */
3116 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3117 {
3118         struct smack_known *ssp = smack_of_ipc(isp);
3119         struct smk_audit_info ad;
3120         int rc;
3121 
3122 #ifdef CONFIG_AUDIT
3123         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3124         ad.a.u.ipc_id = isp->id;
3125 #endif
3126         rc = smk_curacc(ssp, access, &ad);
3127         rc = smk_bu_current("sem", ssp, access, rc);
3128         return rc;
3129 }
3130 
3131 /**
3132  * smack_sem_associate - Smack access check for sem
3133  * @isp: the object
3134  * @semflg: access requested
3135  *
3136  * Returns 0 if current has the requested access, error code otherwise
3137  */
3138 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3139 {
3140         int may;
3141 
3142         may = smack_flags_to_may(semflg);
3143         return smk_curacc_sem(isp, may);
3144 }
3145 
3146 /**
3147  * smack_sem_shmctl - Smack access check for sem
3148  * @isp: the object
3149  * @cmd: what it wants to do
3150  *
3151  * Returns 0 if current has the requested access, error code otherwise
3152  */
3153 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3154 {
3155         int may;
3156 
3157         switch (cmd) {
3158         case GETPID:
3159         case GETNCNT:
3160         case GETZCNT:
3161         case GETVAL:
3162         case GETALL:
3163         case IPC_STAT:
3164         case SEM_STAT:
3165         case SEM_STAT_ANY:
3166                 may = MAY_READ;
3167                 break;
3168         case SETVAL:
3169         case SETALL:
3170         case IPC_RMID:
3171         case IPC_SET:
3172                 may = MAY_READWRITE;
3173                 break;
3174         case IPC_INFO:
3175         case SEM_INFO:
3176                 /*
3177                  * System level information
3178                  */
3179                 return 0;
3180         default:
3181                 return -EINVAL;
3182         }
3183 
3184         return smk_curacc_sem(isp, may);
3185 }
3186 
3187 /**
3188  * smack_sem_semop - Smack checks of semaphore operations
3189  * @isp: the object
3190  * @sops: unused
3191  * @nsops: unused
3192  * @alter: unused
3193  *
3194  * Treated as read and write in all cases.
3195  *
3196  * Returns 0 if access is allowed, error code otherwise
3197  */
3198 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3199                            unsigned nsops, int alter)
3200 {
3201         return smk_curacc_sem(isp, MAY_READWRITE);
3202 }
3203 
3204 /**
3205  * smk_curacc_msq : helper to check if current has access on msq
3206  * @isp : the msq
3207  * @access : access requested
3208  *
3209  * return 0 if current has access, error otherwise
3210  */
3211 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3212 {
3213         struct smack_known *msp = smack_of_ipc(isp);
3214         struct smk_audit_info ad;
3215         int rc;
3216 
3217 #ifdef CONFIG_AUDIT
3218         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3219         ad.a.u.ipc_id = isp->id;
3220 #endif
3221         rc = smk_curacc(msp, access, &ad);
3222         rc = smk_bu_current("msq", msp, access, rc);
3223         return rc;
3224 }
3225 
3226 /**
3227  * smack_msg_queue_associate - Smack access check for msg_queue
3228  * @isp: the object
3229  * @msqflg: access requested
3230  *
3231  * Returns 0 if current has the requested access, error code otherwise
3232  */
3233 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3234 {
3235         int may;
3236 
3237         may = smack_flags_to_may(msqflg);
3238         return smk_curacc_msq(isp, may);
3239 }
3240 
3241 /**
3242  * smack_msg_queue_msgctl - Smack access check for msg_queue
3243  * @isp: the object
3244  * @cmd: what it wants to do
3245  *
3246  * Returns 0 if current has the requested access, error code otherwise
3247  */
3248 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3249 {
3250         int may;
3251 
3252         switch (cmd) {
3253         case IPC_STAT:
3254         case MSG_STAT:
3255         case MSG_STAT_ANY:
3256                 may = MAY_READ;
3257                 break;
3258         case IPC_SET:
3259         case IPC_RMID:
3260                 may = MAY_READWRITE;
3261                 break;
3262         case IPC_INFO:
3263         case MSG_INFO:
3264                 /*
3265                  * System level information
3266                  */
3267                 return 0;
3268         default:
3269                 return -EINVAL;
3270         }
3271 
3272         return smk_curacc_msq(isp, may);
3273 }
3274 
3275 /**
3276  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3277  * @isp: the object
3278  * @msg: unused
3279  * @msqflg: access requested
3280  *
3281  * Returns 0 if current has the requested access, error code otherwise
3282  */
3283 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3284                                   int msqflg)
3285 {
3286         int may;
3287 
3288         may = smack_flags_to_may(msqflg);
3289         return smk_curacc_msq(isp, may);
3290 }
3291 
3292 /**
3293  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3294  * @isp: the object
3295  * @msg: unused
3296  * @target: unused
3297  * @type: unused
3298  * @mode: unused
3299  *
3300  * Returns 0 if current has read and write access, error code otherwise
3301  */
3302 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
3303                         struct task_struct *target, long type, int mode)
3304 {
3305         return smk_curacc_msq(isp, MAY_READWRITE);
3306 }
3307 
3308 /**
3309  * smack_ipc_permission - Smack access for ipc_permission()
3310  * @ipp: the object permissions
3311  * @flag: access requested
3312  *
3313  * Returns 0 if current has read and write access, error code otherwise
3314  */
3315 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3316 {
3317         struct smack_known *iskp = ipp->security;
3318         int may = smack_flags_to_may(flag);
3319         struct smk_audit_info ad;
3320         int rc;
3321 
3322 #ifdef CONFIG_AUDIT
3323         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3324         ad.a.u.ipc_id = ipp->id;
3325 #endif
3326         rc = smk_curacc(iskp, may, &ad);
3327         rc = smk_bu_current("svipc", iskp, may, rc);
3328         return rc;
3329 }
3330 
3331 /**
3332  * smack_ipc_getsecid - Extract smack security id
3333  * @ipp: the object permissions
3334  * @secid: where result will be saved
3335  */
3336 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3337 {
3338         struct smack_known *iskp = ipp->security;
3339 
3340         *secid = iskp->smk_secid;
3341 }
3342 
3343 /**
3344  * smack_d_instantiate - Make sure the blob is correct on an inode
3345  * @opt_dentry: dentry where inode will be attached
3346  * @inode: the object
3347  *
3348  * Set the inode's security blob if it hasn't been done already.
3349  */
3350 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3351 {
3352         struct super_block *sbp;
3353         struct superblock_smack *sbsp;
3354         struct inode_smack *isp;
3355         struct smack_known *skp;
3356         struct smack_known *ckp = smk_of_current();
3357         struct smack_known *final;
3358         char trattr[TRANS_TRUE_SIZE];
3359         int transflag = 0;
3360         int rc;
3361         struct dentry *dp;
3362 
3363         if (inode == NULL)
3364                 return;
3365 
3366         isp = inode->i_security;
3367 
3368         mutex_lock(&isp->smk_lock);
3369         /*
3370          * If the inode is already instantiated
3371          * take the quick way out
3372          */
3373         if (isp->smk_flags & SMK_INODE_INSTANT)
3374                 goto unlockandout;
3375 
3376         sbp = inode->i_sb;
3377         sbsp = sbp->s_security;
3378         /*
3379          * We're going to use the superblock default label
3380          * if there's no label on the file.
3381          */
3382         final = sbsp->smk_default;
3383 
3384         /*
3385          * If this is the root inode the superblock
3386          * may be in the process of initialization.
3387          * If that is the case use the root value out
3388          * of the superblock.
3389          */
3390         if (opt_dentry->d_parent == opt_dentry) {
3391                 switch (sbp->s_magic) {
3392                 case CGROUP_SUPER_MAGIC:
3393                 case CGROUP2_SUPER_MAGIC:
3394                         /*
3395                          * The cgroup filesystem is never mounted,
3396                          * so there's no opportunity to set the mount
3397                          * options.
3398                          */
3399                         sbsp->smk_root = &smack_known_star;
3400                         sbsp->smk_default = &smack_known_star;
3401                         isp->smk_inode = sbsp->smk_root;
3402                         break;
3403                 case TMPFS_MAGIC:
3404                         /*
3405                          * What about shmem/tmpfs anonymous files with dentry
3406                          * obtained from d_alloc_pseudo()?
3407                          */
3408                         isp->smk_inode = smk_of_current();
3409                         break;
3410                 case PIPEFS_MAGIC:
3411                         isp->smk_inode = smk_of_current();
3412                         break;
3413                 case SOCKFS_MAGIC:
3414                         /*
3415                          * Socket access is controlled by the socket
3416                          * structures associated with the task involved.
3417                          */
3418                         isp->smk_inode = &smack_known_star;
3419                         break;
3420                 default:
3421                         isp->smk_inode = sbsp->smk_root;
3422                         break;
3423                 }
3424                 isp->smk_flags |= SMK_INODE_INSTANT;
3425                 goto unlockandout;
3426         }
3427 
3428         /*
3429          * This is pretty hackish.
3430          * Casey says that we shouldn't have to do
3431          * file system specific code, but it does help
3432          * with keeping it simple.
3433          */
3434         switch (sbp->s_magic) {
3435         case SMACK_MAGIC:
3436         case CGROUP_SUPER_MAGIC:
3437         case CGROUP2_SUPER_MAGIC:
3438                 /*
3439                  * Casey says that it's a little embarrassing
3440                  * that the smack file system doesn't do
3441                  * extended attributes.
3442                  *
3443                  * Cgroupfs is special
3444                  */
3445                 final = &smack_known_star;
3446                 break;
3447         case DEVPTS_SUPER_MAGIC:
3448                 /*
3449                  * devpts seems content with the label of the task.
3450                  * Programs that change smack have to treat the
3451                  * pty with respect.
3452                  */
3453                 final = ckp;
3454                 break;
3455         case PROC_SUPER_MAGIC:
3456                 /*
3457                  * Casey says procfs appears not to care.
3458                  * The superblock default suffices.
3459                  */
3460                 break;
3461         case TMPFS_MAGIC:
3462                 /*
3463                  * Device labels should come from the filesystem,
3464                  * but watch out, because they're volitile,
3465                  * getting recreated on every reboot.
3466                  */
3467                 final = &smack_known_star;
3468                 /*
3469                  * No break.
3470                  *
3471                  * If a smack value has been set we want to use it,
3472                  * but since tmpfs isn't giving us the opportunity
3473                  * to set mount options simulate setting the
3474                  * superblock default.
3475                  */
3476         default:
3477                 /*
3478                  * This isn't an understood special case.
3479                  * Get the value from the xattr.
3480                  */
3481 
3482                 /*
3483                  * UNIX domain sockets use lower level socket data.
3484                  */
3485                 if (S_ISSOCK(inode->i_mode)) {
3486                         final = &smack_known_star;
3487                         break;
3488                 }
3489                 /*
3490                  * No xattr support means, alas, no SMACK label.
3491                  * Use the aforeapplied default.
3492                  * It would be curious if the label of the task
3493                  * does not match that assigned.
3494                  */
3495                 if (!(inode->i_opflags & IOP_XATTR))
3496                         break;
3497                 /*
3498                  * Get the dentry for xattr.
3499                  */
3500                 dp = dget(opt_dentry);
3501                 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3502                 if (!IS_ERR_OR_NULL(skp))
3503                         final = skp;
3504 
3505                 /*
3506                  * Transmuting directory
3507                  */
3508                 if (S_ISDIR(inode->i_mode)) {
3509                         /*
3510                          * If this is a new directory and the label was
3511                          * transmuted when the inode was initialized
3512                          * set the transmute attribute on the directory
3513                          * and mark the inode.
3514                          *
3515                          * If there is a transmute attribute on the
3516                          * directory mark the inode.
3517                          */
3518                         if (isp->smk_flags & SMK_INODE_CHANGED) {
3519                                 isp->smk_flags &= ~SMK_INODE_CHANGED;
3520                                 rc = __vfs_setxattr(dp, inode,
3521                                         XATTR_NAME_SMACKTRANSMUTE,
3522                                         TRANS_TRUE, TRANS_TRUE_SIZE,
3523                                         0);
3524                         } else {
3525                                 rc = __vfs_getxattr(dp, inode,
3526                                         XATTR_NAME_SMACKTRANSMUTE, trattr,
3527                                         TRANS_TRUE_SIZE);
3528                                 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3529                                                        TRANS_TRUE_SIZE) != 0)
3530                                         rc = -EINVAL;
3531                         }
3532                         if (rc >= 0)
3533                                 transflag = SMK_INODE_TRANSMUTE;
3534                 }
3535                 /*
3536                  * Don't let the exec or mmap label be "*" or "@".
3537                  */
3538                 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3539                 if (IS_ERR(skp) || skp == &smack_known_star ||
3540                     skp == &smack_known_web)
3541                         skp = NULL;
3542                 isp->smk_task = skp;
3543 
3544                 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3545                 if (IS_ERR(skp) || skp == &smack_known_star ||
3546                     skp == &smack_known_web)
3547                         skp = NULL;
3548                 isp->smk_mmap = skp;
3549 
3550                 dput(dp);
3551                 break;
3552         }
3553 
3554         if (final == NULL)
3555                 isp->smk_inode = ckp;
3556         else
3557                 isp->smk_inode = final;
3558 
3559         isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3560 
3561 unlockandout:
3562         mutex_unlock(&isp->smk_lock);
3563         return;
3564 }
3565 
3566 /**
3567  * smack_getprocattr - Smack process attribute access
3568  * @p: the object task
3569  * @name: the name of the attribute in /proc/.../attr
3570  * @value: where to put the result
3571  *
3572  * Places a copy of the task Smack into value
3573  *
3574  * Returns the length of the smack label or an error code
3575  */
3576 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3577 {
3578         struct smack_known *skp = smk_of_task_struct(p);
3579         char *cp;
3580         int slen;
3581 
3582         if (strcmp(name, "current") != 0)
3583                 return -EINVAL;
3584 
3585         cp = kstrdup(skp->smk_known, GFP_KERNEL);
3586         if (cp == NULL)
3587                 return -ENOMEM;
3588 
3589         slen = strlen(cp);
3590         *value = cp;
3591         return slen;
3592 }
3593 
3594 /**
3595  * smack_setprocattr - Smack process attribute setting
3596  * @name: the name of the attribute in /proc/.../attr
3597  * @value: the value to set
3598  * @size: the size of the value
3599  *
3600  * Sets the Smack value of the task. Only setting self
3601  * is permitted and only with privilege
3602  *
3603  * Returns the length of the smack label or an error code
3604  */
3605 static int smack_setprocattr(const char *name, void *value, size_t size)
3606 {
3607         struct task_smack *tsp = current_security();
3608         struct cred *new;
3609         struct smack_known *skp;
3610         struct smack_known_list_elem *sklep;
3611         int rc;
3612 
3613         if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3614                 return -EPERM;
3615 
3616         if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3617                 return -EINVAL;
3618 
3619         if (strcmp(name, "current") != 0)
3620                 return -EINVAL;
3621 
3622         skp = smk_import_entry(value, size);
3623         if (IS_ERR(skp))
3624                 return PTR_ERR(skp);
3625 
3626         /*
3627          * No process is ever allowed the web ("@") label
3628          * and the star ("*") label.
3629          */
3630         if (skp == &smack_known_web || skp == &smack_known_star)
3631                 return -EINVAL;
3632 
3633         if (!smack_privileged(CAP_MAC_ADMIN)) {
3634                 rc = -EPERM;
3635                 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3636                         if (sklep->smk_label == skp) {
3637                                 rc = 0;
3638                                 break;
3639                         }
3640                 if (rc)
3641                         return rc;
3642         }
3643 
3644         new = prepare_creds();
3645         if (new == NULL)
3646                 return -ENOMEM;
3647 
3648         tsp = new->security;
3649         tsp->smk_task = skp;
3650         /*
3651          * process can change its label only once
3652          */
3653         smk_destroy_label_list(&tsp->smk_relabel);
3654 
3655         commit_creds(new);
3656         return size;
3657 }
3658 
3659 /**
3660  * smack_unix_stream_connect - Smack access on UDS
3661  * @sock: one sock
3662  * @other: the other sock
3663  * @newsk: unused
3664  *
3665  * Return 0 if a subject with the smack of sock could access
3666  * an object with the smack of other, otherwise an error code
3667  */
3668 static int smack_unix_stream_connect(struct sock *sock,
3669                                      struct sock *other, struct sock *newsk)
3670 {
3671         struct smack_known *skp;
3672         struct smack_known *okp;
3673         struct socket_smack *ssp = sock->sk_security;
3674         struct socket_smack *osp = other->sk_security;
3675         struct socket_smack *nsp = newsk->sk_security;
3676         struct smk_audit_info ad;
3677         int rc = 0;
3678 #ifdef CONFIG_AUDIT
3679         struct lsm_network_audit net;
3680 #endif
3681 
3682         if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3683                 skp = ssp->smk_out;
3684                 okp = osp->smk_in;
3685 #ifdef CONFIG_AUDIT
3686                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3687                 smk_ad_setfield_u_net_sk(&ad, other);
3688 #endif
3689                 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3690                 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3691                 if (rc == 0) {
3692                         okp = osp->smk_out;
3693                         skp = ssp->smk_in;
3694                         rc = smk_access(okp, skp, MAY_WRITE, &ad);
3695                         rc = smk_bu_note("UDS connect", okp, skp,
3696                                                 MAY_WRITE, rc);
3697                 }
3698         }
3699 
3700         /*
3701          * Cross reference the peer labels for SO_PEERSEC.
3702          */
3703         if (rc == 0) {
3704                 nsp->smk_packet = ssp->smk_out;
3705                 ssp->smk_packet = osp->smk_out;
3706         }
3707 
3708         return rc;
3709 }
3710 
3711 /**
3712  * smack_unix_may_send - Smack access on UDS
3713  * @sock: one socket
3714  * @other: the other socket
3715  *
3716  * Return 0 if a subject with the smack of sock could access
3717  * an object with the smack of other, otherwise an error code
3718  */
3719 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3720 {
3721         struct socket_smack *ssp = sock->sk->sk_security;
3722         struct socket_smack *osp = other->sk->sk_security;
3723         struct smk_audit_info ad;
3724         int rc;
3725 
3726 #ifdef CONFIG_AUDIT
3727         struct lsm_network_audit net;
3728 
3729         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3730         smk_ad_setfield_u_net_sk(&ad, other->sk);
3731 #endif
3732 
3733         if (smack_privileged(CAP_MAC_OVERRIDE))
3734                 return 0;
3735 
3736         rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3737         rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3738         return rc;
3739 }
3740 
3741 /**
3742  * smack_socket_sendmsg - Smack check based on destination host
3743  * @sock: the socket
3744  * @msg: the message
3745  * @size: the size of the message
3746  *
3747  * Return 0 if the current subject can write to the destination host.
3748  * For IPv4 this is only a question if the destination is a single label host.
3749  * For IPv6 this is a check against the label of the port.
3750  */
3751 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3752                                 int size)
3753 {
3754         struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3755 #if IS_ENABLED(CONFIG_IPV6)
3756         struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3757 #endif
3758 #ifdef SMACK_IPV6_SECMARK_LABELING
3759         struct socket_smack *ssp = sock->sk->sk_security;
3760         struct smack_known *rsp;
3761 #endif
3762         int rc = 0;
3763 
3764         /*
3765          * Perfectly reasonable for this to be NULL
3766          */
3767         if (sip == NULL)
3768                 return 0;
3769 
3770         switch (sock->sk->sk_family) {
3771         case AF_INET:
3772                 rc = smack_netlabel_send(sock->sk, sip);
3773                 break;
3774         case AF_INET6:
3775 #ifdef SMACK_IPV6_SECMARK_LABELING
3776                 rsp = smack_ipv6host_label(sap);
3777                 if (rsp != NULL)
3778                         rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3779                                                 SMK_CONNECTING);
3780 #endif
3781 #ifdef SMACK_IPV6_PORT_LABELING
3782                 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3783 #endif
3784                 break;
3785         }
3786         return rc;
3787 }
3788 
3789 /**
3790  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3791  * @sap: netlabel secattr
3792  * @ssp: socket security information
3793  *
3794  * Returns a pointer to a Smack label entry found on the label list.
3795  */
3796 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3797                                                 struct socket_smack *ssp)
3798 {
3799         struct smack_known *skp;
3800         int found = 0;
3801         int acat;
3802         int kcat;
3803 
3804         if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3805                 /*
3806                  * Looks like a CIPSO packet.
3807                  * If there are flags but no level netlabel isn't
3808                  * behaving the way we expect it to.
3809                  *
3810                  * Look it up in the label table
3811                  * Without guidance regarding the smack value
3812                  * for the packet fall back on the network
3813                  * ambient value.
3814                  */
3815                 rcu_read_lock();
3816                 list_for_each_entry_rcu(skp, &smack_known_list, list) {
3817                         if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3818                                 continue;
3819                         /*
3820                          * Compare the catsets. Use the netlbl APIs.
3821                          */
3822                         if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3823                                 if ((skp->smk_netlabel.flags &
3824                                      NETLBL_SECATTR_MLS_CAT) == 0)
3825                                         found = 1;
3826                                 break;
3827                         }
3828                         for (acat = -1, kcat = -1; acat == kcat; ) {
3829                                 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3830                                                           acat + 1);
3831                                 kcat = netlbl_catmap_walk(
3832                                         skp->smk_netlabel.attr.mls.cat,
3833                                         kcat + 1);
3834                                 if (acat < 0 || kcat < 0)
3835                                         break;
3836                         }
3837                         if (acat == kcat) {
3838                                 found = 1;
3839                                 break;
3840                         }
3841                 }
3842                 rcu_read_unlock();
3843 
3844                 if (found)
3845                         return skp;
3846 
3847                 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3848                         return &smack_known_web;
3849                 return &smack_known_star;
3850         }
3851         if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3852                 /*
3853                  * Looks like a fallback, which gives us a secid.
3854                  */
3855                 return smack_from_secid(sap->attr.secid);
3856         /*
3857          * Without guidance regarding the smack value
3858          * for the packet fall back on the network
3859          * ambient value.
3860          */
3861         return smack_net_ambient;
3862 }
3863 
3864 #if IS_ENABLED(CONFIG_IPV6)
3865 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3866 {
3867         u8 nexthdr;
3868         int offset;
3869         int proto = -EINVAL;
3870         struct ipv6hdr _ipv6h;
3871         struct ipv6hdr *ip6;
3872         __be16 frag_off;
3873         struct tcphdr _tcph, *th;
3874         struct udphdr _udph, *uh;
3875         struct dccp_hdr _dccph, *dh;
3876 
3877         sip->sin6_port = 0;
3878 
3879         offset = skb_network_offset(skb);
3880         ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3881         if (ip6 == NULL)
3882                 return -EINVAL;
3883         sip->sin6_addr = ip6->saddr;
3884 
3885         nexthdr = ip6->nexthdr;
3886         offset += sizeof(_ipv6h);
3887         offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3888         if (offset < 0)
3889                 return -EINVAL;
3890 
3891         proto = nexthdr;
3892         switch (proto) {
3893         case IPPROTO_TCP:
3894                 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3895                 if (th != NULL)
3896                         sip->sin6_port = th->source;
3897                 break;
3898         case IPPROTO_UDP:
3899                 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3900                 if (uh != NULL)
3901                         sip->sin6_port = uh->source;
3902                 break;
3903         case IPPROTO_DCCP:
3904                 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3905                 if (dh != NULL)
3906                         sip->sin6_port = dh->dccph_sport;
3907                 break;
3908         }
3909         return proto;
3910 }
3911 #endif /* CONFIG_IPV6 */
3912 
3913 /**
3914  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3915  * @sk: socket
3916  * @skb: packet
3917  *
3918  * Returns 0 if the packet should be delivered, an error code otherwise
3919  */
3920 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3921 {
3922         struct netlbl_lsm_secattr secattr;
3923         struct socket_smack *ssp = sk->sk_security;
3924         struct smack_known *skp = NULL;
3925         int rc = 0;
3926         struct smk_audit_info ad;
3927 #ifdef CONFIG_AUDIT
3928         struct lsm_network_audit net;
3929 #endif
3930 #if IS_ENABLED(CONFIG_IPV6)
3931         struct sockaddr_in6 sadd;
3932         int proto;
3933 #endif /* CONFIG_IPV6 */
3934 
3935         switch (sk->sk_family) {
3936         case PF_INET:
3937 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3938                 /*
3939                  * If there is a secmark use it rather than the CIPSO label.
3940                  * If there is no secmark fall back to CIPSO.
3941                  * The secmark is assumed to reflect policy better.
3942                  */
3943                 if (skb && skb->secmark != 0) {
3944                         skp = smack_from_secid(skb->secmark);
3945                         goto access_check;
3946                 }
3947 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3948                 /*
3949                  * Translate what netlabel gave us.
3950                  */
3951                 netlbl_secattr_init(&secattr);
3952 
3953                 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3954                 if (rc == 0)
3955                         skp = smack_from_secattr(&secattr, ssp);
3956                 else
3957                         skp = smack_net_ambient;
3958 
3959                 netlbl_secattr_destroy(&secattr);
3960 
3961 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3962 access_check:
3963 #endif
3964 #ifdef CONFIG_AUDIT
3965                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3966                 ad.a.u.net->family = sk->sk_family;
3967                 ad.a.u.net->netif = skb->skb_iif;
3968                 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3969 #endif
3970                 /*
3971                  * Receiving a packet requires that the other end
3972                  * be able to write here. Read access is not required.
3973                  * This is the simplist possible security model
3974                  * for networking.
3975                  */
3976                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3977                 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3978                                         MAY_WRITE, rc);
3979                 if (rc != 0)
3980                         netlbl_skbuff_err(skb, sk->sk_family, rc, 0);
3981                 break;
3982 #if IS_ENABLED(CONFIG_IPV6)
3983         case PF_INET6:
3984                 proto = smk_skb_to_addr_ipv6(skb, &sadd);
3985                 if (proto != IPPROTO_UDP && proto != IPPROTO_TCP)
3986                         break;
3987 #ifdef SMACK_IPV6_SECMARK_LABELING
3988                 if (skb && skb->secmark != 0)
3989                         skp = smack_from_secid(skb->secmark);
3990                 else
3991                         skp = smack_ipv6host_label(&sadd);
3992                 if (skp == NULL)
3993                         skp = smack_net_ambient;
3994 #ifdef CONFIG_AUDIT
3995                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3996                 ad.a.u.net->family = sk->sk_family;
3997                 ad.a.u.net->netif = skb->skb_iif;
3998                 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3999 #endif /* CONFIG_AUDIT */
4000                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4001                 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4002                                         MAY_WRITE, rc);
4003 #endif /* SMACK_IPV6_SECMARK_LABELING */
4004 #ifdef SMACK_IPV6_PORT_LABELING
4005                 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
4006 #endif /* SMACK_IPV6_PORT_LABELING */
4007                 break;
4008 #endif /* CONFIG_IPV6 */
4009         }
4010 
4011         return rc;
4012 }
4013 
4014 /**
4015  * smack_socket_getpeersec_stream - pull in packet label
4016  * @sock: the socket
4017  * @optval: user's destination
4018  * @optlen: size thereof
4019  * @len: max thereof
4020  *
4021  * returns zero on success, an error code otherwise
4022  */
4023 static int smack_socket_getpeersec_stream(struct socket *sock,
4024                                           char __user *optval,
4025                                           int __user *optlen, unsigned len)
4026 {
4027         struct socket_smack *ssp;
4028         char *rcp = "";
4029         int slen = 1;
4030         int rc = 0;
4031 
4032         ssp = sock->sk->sk_security;
4033         if (ssp->smk_packet != NULL) {
4034                 rcp = ssp->smk_packet->smk_known;
4035                 slen = strlen(rcp) + 1;
4036         }
4037 
4038         if (slen > len)
4039                 rc = -ERANGE;
4040         else if (copy_to_user(optval, rcp, slen) != 0)
4041                 rc = -EFAULT;
4042 
4043         if (put_user(slen, optlen) != 0)
4044                 rc = -EFAULT;
4045 
4046         return rc;
4047 }
4048 
4049 
4050 /**
4051  * smack_socket_getpeersec_dgram - pull in packet label
4052  * @sock: the peer socket
4053  * @skb: packet data
4054  * @secid: pointer to where to put the secid of the packet
4055  *
4056  * Sets the netlabel socket state on sk from parent
4057  */
4058 static int smack_socket_getpeersec_dgram(struct socket *sock,
4059                                          struct sk_buff *skb, u32 *secid)
4060 
4061 {
4062         struct netlbl_lsm_secattr secattr;
4063         struct socket_smack *ssp = NULL;
4064         struct smack_known *skp;
4065         int family = PF_UNSPEC;
4066         u32 s = 0;      /* 0 is the invalid secid */
4067         int rc;
4068 
4069         if (skb != NULL) {
4070                 if (skb->protocol == htons(ETH_P_IP))
4071                         family = PF_INET;
4072 #if IS_ENABLED(CONFIG_IPV6)
4073                 else if (skb->protocol == htons(ETH_P_IPV6))
4074                         family = PF_INET6;
4075 #endif /* CONFIG_IPV6 */
4076         }
4077         if (family == PF_UNSPEC && sock != NULL)
4078                 family = sock->sk->sk_family;
4079 
4080         switch (family) {
4081         case PF_UNIX:
4082                 ssp = sock->sk->sk_security;
4083                 s = ssp->smk_out->smk_secid;
4084                 break;
4085         case PF_INET:
4086 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4087                 s = skb->secmark;
4088                 if (s != 0)
4089                         break;
4090 #endif
4091                 /*
4092                  * Translate what netlabel gave us.
4093                  */
4094                 if (sock != NULL && sock->sk != NULL)
4095                         ssp = sock->sk->sk_security;
4096                 netlbl_secattr_init(&secattr);
4097                 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4098                 if (rc == 0) {
4099                         skp = smack_from_secattr(&secattr, ssp);
4100                         s = skp->smk_secid;
4101                 }
4102                 netlbl_secattr_destroy(&secattr);
4103                 break;
4104         case PF_INET6:
4105 #ifdef SMACK_IPV6_SECMARK_LABELING
4106                 s = skb->secmark;
4107 #endif
4108                 break;
4109         }
4110         *secid = s;
4111         if (s == 0)
4112                 return -EINVAL;
4113         return 0;
4114 }
4115 
4116 /**
4117  * smack_sock_graft - Initialize a newly created socket with an existing sock
4118  * @sk: child sock
4119  * @parent: parent socket
4120  *
4121  * Set the smk_{in,out} state of an existing sock based on the process that
4122  * is creating the new socket.
4123  */
4124 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4125 {
4126         struct socket_smack *ssp;
4127         struct smack_known *skp = smk_of_current();
4128 
4129         if (sk == NULL ||
4130             (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4131                 return;
4132 
4133         ssp = sk->sk_security;
4134         ssp->smk_in = skp;
4135         ssp->smk_out = skp;
4136         /* cssp->smk_packet is already set in smack_inet_csk_clone() */
4137 }
4138 
4139 /**
4140  * smack_inet_conn_request - Smack access check on connect
4141  * @sk: socket involved
4142  * @skb: packet
4143  * @req: unused
4144  *
4145  * Returns 0 if a task with the packet label could write to
4146  * the socket, otherwise an error code
4147  */
4148 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4149                                    struct request_sock *req)
4150 {
4151         u16 family = sk->sk_family;
4152         struct smack_known *skp;
4153         struct socket_smack *ssp = sk->sk_security;
4154         struct netlbl_lsm_secattr secattr;
4155         struct sockaddr_in addr;
4156         struct iphdr *hdr;
4157         struct smack_known *hskp;
4158         int rc;
4159         struct smk_audit_info ad;
4160 #ifdef CONFIG_AUDIT
4161         struct lsm_network_audit net;
4162 #endif
4163 
4164 #if IS_ENABLED(CONFIG_IPV6)
4165         if (family == PF_INET6) {
4166                 /*
4167                  * Handle mapped IPv4 packets arriving
4168                  * via IPv6 sockets. Don't set up netlabel
4169                  * processing on IPv6.
4170                  */
4171                 if (skb->protocol == htons(ETH_P_IP))
4172                         family = PF_INET;
4173                 else
4174                         return 0;
4175         }
4176 #endif /* CONFIG_IPV6 */
4177 
4178 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4179         /*
4180          * If there is a secmark use it rather than the CIPSO label.
4181          * If there is no secmark fall back to CIPSO.
4182          * The secmark is assumed to reflect policy better.
4183          */
4184         if (skb && skb->secmark != 0) {
4185                 skp = smack_from_secid(skb->secmark);
4186                 goto access_check;
4187         }
4188 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4189 
4190         netlbl_secattr_init(&secattr);
4191         rc = netlbl_skbuff_getattr(skb, family, &secattr);
4192         if (rc == 0)
4193                 skp = smack_from_secattr(&secattr, ssp);
4194         else
4195                 skp = &smack_known_huh;
4196         netlbl_secattr_destroy(&secattr);
4197 
4198 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4199 access_check:
4200 #endif
4201 
4202 #ifdef CONFIG_AUDIT
4203         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4204         ad.a.u.net->family = family;
4205         ad.a.u.net->netif = skb->skb_iif;
4206         ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4207 #endif
4208         /*
4209          * Receiving a packet requires that the other end be able to write
4210          * here. Read access is not required.
4211          */
4212         rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4213         rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4214         if (rc != 0)
4215                 return rc;
4216 
4217         /*
4218          * Save the peer's label in the request_sock so we can later setup
4219          * smk_packet in the child socket so that SO_PEERCRED can report it.
4220          */
4221         req->peer_secid = skp->smk_secid;
4222 
4223         /*
4224          * We need to decide if we want to label the incoming connection here
4225          * if we do we only need to label the request_sock and the stack will
4226          * propagate the wire-label to the sock when it is created.
4227          */
4228         hdr = ip_hdr(skb);
4229         addr.sin_addr.s_addr = hdr->saddr;
4230         rcu_read_lock();
4231         hskp = smack_ipv4host_label(&addr);
4232         rcu_read_unlock();
4233 
4234         if (hskp == NULL)
4235                 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4236         else
4237                 netlbl_req_delattr(req);
4238 
4239         return rc;
4240 }
4241 
4242 /**
4243  * smack_inet_csk_clone - Copy the connection information to the new socket
4244  * @sk: the new socket
4245  * @req: the connection's request_sock
4246  *
4247  * Transfer the connection's peer label to the newly created socket.
4248  */
4249 static void smack_inet_csk_clone(struct sock *sk,
4250                                  const struct request_sock *req)
4251 {
4252         struct socket_smack *ssp = sk->sk_security;
4253         struct smack_known *skp;
4254 
4255         if (req->peer_secid != 0) {
4256                 skp = smack_from_secid(req->peer_secid);
4257                 ssp->smk_packet = skp;
4258         } else
4259                 ssp->smk_packet = NULL;
4260 }
4261 
4262 /*
4263  * Key management security hooks
4264  *
4265  * Casey has not tested key support very heavily.
4266  * The permission check is most likely too restrictive.
4267  * If you care about keys please have a look.
4268  */
4269 #ifdef CONFIG_KEYS
4270 
4271 /**
4272  * smack_key_alloc - Set the key security blob
4273  * @key: object
4274  * @cred: the credentials to use
4275  * @flags: unused
4276  *
4277  * No allocation required
4278  *
4279  * Returns 0
4280  */
4281 static int smack_key_alloc(struct key *key, const struct cred *cred,
4282                            unsigned long flags)
4283 {
4284         struct smack_known *skp = smk_of_task(cred->security);
4285 
4286         key->security = skp;
4287         return 0;
4288 }
4289 
4290 /**
4291  * smack_key_free - Clear the key security blob
4292  * @key: the object
4293  *
4294  * Clear the blob pointer
4295  */
4296 static void smack_key_free(struct key *key)
4297 {
4298         key->security = NULL;
4299 }
4300 
4301 /**
4302  * smack_key_permission - Smack access on a key
4303  * @key_ref: gets to the object
4304  * @cred: the credentials to use
4305  * @perm: requested key permissions
4306  *
4307  * Return 0 if the task has read and write to the object,
4308  * an error code otherwise
4309  */
4310 static int smack_key_permission(key_ref_t key_ref,
4311                                 const struct cred *cred, unsigned perm)
4312 {
4313         struct key *keyp;
4314         struct smk_audit_info ad;
4315         struct smack_known *tkp = smk_of_task(cred->security);
4316         int request = 0;
4317         int rc;
4318 
4319         keyp = key_ref_to_ptr(key_ref);
4320         if (keyp == NULL)
4321                 return -EINVAL;
4322         /*
4323          * If the key hasn't been initialized give it access so that
4324          * it may do so.
4325          */
4326         if (keyp->security == NULL)
4327                 return 0;
4328         /*
4329          * This should not occur
4330          */
4331         if (tkp == NULL)
4332                 return -EACCES;
4333 
4334         if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4335                 return 0;
4336 
4337 #ifdef CONFIG_AUDIT
4338         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4339         ad.a.u.key_struct.key = keyp->serial;
4340         ad.a.u.key_struct.key_desc = keyp->description;
4341 #endif
4342         if (perm & KEY_NEED_READ)
4343                 request = MAY_READ;
4344         if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4345                 request = MAY_WRITE;
4346         rc = smk_access(tkp, keyp->security, request, &ad);
4347         rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4348         return rc;
4349 }
4350 
4351 /*
4352  * smack_key_getsecurity - Smack label tagging the key
4353  * @key points to the key to be queried
4354  * @_buffer points to a pointer that should be set to point to the
4355  * resulting string (if no label or an error occurs).
4356  * Return the length of the string (including terminating NUL) or -ve if
4357  * an error.
4358  * May also return 0 (and a NULL buffer pointer) if there is no label.
4359  */
4360 static int smack_key_getsecurity(struct key *key, char **_buffer)
4361 {
4362         struct smack_known *skp = key->security;
4363         size_t length;
4364         char *copy;
4365 
4366         if (key->security == NULL) {
4367                 *_buffer = NULL;
4368                 return 0;
4369         }
4370 
4371         copy = kstrdup(skp->smk_known, GFP_KERNEL);
4372         if (copy == NULL)
4373                 return -ENOMEM;
4374         length = strlen(copy) + 1;
4375 
4376         *_buffer = copy;
4377         return length;
4378 }
4379 
4380 #endif /* CONFIG_KEYS */
4381 
4382 /*
4383  * Smack Audit hooks
4384  *
4385  * Audit requires a unique representation of each Smack specific
4386  * rule. This unique representation is used to distinguish the
4387  * object to be audited from remaining kernel objects and also
4388  * works as a glue between the audit hooks.
4389  *
4390  * Since repository entries are added but never deleted, we'll use
4391  * the smack_known label address related to the given audit rule as
4392  * the needed unique representation. This also better fits the smack
4393  * model where nearly everything is a label.
4394  */
4395 #ifdef CONFIG_AUDIT
4396 
4397 /**
4398  * smack_audit_rule_init - Initialize a smack audit rule
4399  * @field: audit rule fields given from user-space (audit.h)
4400  * @op: required testing operator (=, !=, >, <, ...)
4401  * @rulestr: smack label to be audited
4402  * @vrule: pointer to save our own audit rule representation
4403  *
4404  * Prepare to audit cases where (@field @op @rulestr) is true.
4405  * The label to be audited is created if necessay.
4406  */
4407 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4408 {
4409         struct smack_known *skp;
4410         char **rule = (char **)vrule;
4411         *rule = NULL;
4412 
4413         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4414                 return -EINVAL;
4415 
4416         if (op != Audit_equal && op != Audit_not_equal)
4417                 return -EINVAL;
4418 
4419         skp = smk_import_entry(rulestr, 0);
4420         if (IS_ERR(skp))
4421                 return PTR_ERR(skp);
4422 
4423         *rule = skp->smk_known;
4424 
4425         return 0;
4426 }
4427 
4428 /**
4429  * smack_audit_rule_known - Distinguish Smack audit rules
4430  * @krule: rule of interest, in Audit kernel representation format
4431  *
4432  * This is used to filter Smack rules from remaining Audit ones.
4433  * If it's proved that this rule belongs to us, the
4434  * audit_rule_match hook will be called to do the final judgement.
4435  */
4436 static int smack_audit_rule_known(struct audit_krule *krule)
4437 {
4438         struct audit_field *f;
4439         int i;
4440 
4441         for (i = 0; i < krule->field_count; i++) {
4442                 f = &krule->fields[i];
4443 
4444                 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4445                         return 1;
4446         }
4447 
4448         return 0;
4449 }
4450 
4451 /**
4452  * smack_audit_rule_match - Audit given object ?
4453  * @secid: security id for identifying the object to test
4454  * @field: audit rule flags given from user-space
4455  * @op: required testing operator
4456  * @vrule: smack internal rule presentation
4457  * @actx: audit context associated with the check
4458  *
4459  * The core Audit hook. It's used to take the decision of
4460  * whether to audit or not to audit a given object.
4461  */
4462 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4463                                   struct audit_context *actx)
4464 {
4465         struct smack_known *skp;
4466         char *rule = vrule;
4467 
4468         if (unlikely(!rule)) {
4469                 WARN_ONCE(1, "Smack: missing rule\n");
4470                 return -ENOENT;
4471         }
4472 
4473         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4474                 return 0;
4475 
4476         skp = smack_from_secid(secid);
4477 
4478         /*
4479          * No need to do string comparisons. If a match occurs,
4480          * both pointers will point to the same smack_known
4481          * label.
4482          */
4483         if (op == Audit_equal)
4484                 return (rule == skp->smk_known);
4485         if (op == Audit_not_equal)
4486                 return (rule != skp->smk_known);
4487 
4488         return 0;
4489 }
4490 
4491 /*
4492  * There is no need for a smack_audit_rule_free hook.
4493  * No memory was allocated.
4494  */
4495 
4496 #endif /* CONFIG_AUDIT */
4497 
4498 /**
4499  * smack_ismaclabel - check if xattr @name references a smack MAC label
4500  * @name: Full xattr name to check.
4501  */
4502 static int smack_ismaclabel(const char *name)
4503 {
4504         return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4505 }
4506 
4507 
4508 /**
4509  * smack_secid_to_secctx - return the smack label for a secid
4510  * @secid: incoming integer
4511  * @secdata: destination
4512  * @seclen: how long it is
4513  *
4514  * Exists for networking code.
4515  */
4516 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4517 {
4518         struct smack_known *skp = smack_from_secid(secid);
4519 
4520         if (secdata)
4521                 *secdata = skp->smk_known;
4522         *seclen = strlen(skp->smk_known);
4523         return 0;
4524 }
4525 
4526 /**
4527  * smack_secctx_to_secid - return the secid for a smack label
4528  * @secdata: smack label
4529  * @seclen: how long result is
4530  * @secid: outgoing integer
4531  *
4532  * Exists for audit and networking code.
4533  */
4534 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4535 {
4536         struct smack_known *skp = smk_find_entry(secdata);
4537 
4538         if (skp)
4539                 *secid = skp->smk_secid;
4540         else
4541                 *secid = 0;
4542         return 0;
4543 }
4544 
4545 /*
4546  * There used to be a smack_release_secctx hook
4547  * that did nothing back when hooks were in a vector.
4548  * Now that there's a list such a hook adds cost.
4549  */
4550 
4551 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4552 {
4553         return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4554 }
4555 
4556 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4557 {
4558         return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4559 }
4560 
4561 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4562 {
4563         struct smack_known *skp = smk_of_inode(inode);
4564 
4565         *ctx = skp->smk_known;
4566         *ctxlen = strlen(skp->smk_known);
4567         return 0;
4568 }
4569 
4570 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4571 {
4572 
4573         struct task_smack *tsp;
4574         struct smack_known *skp;
4575         struct inode_smack *isp;
4576         struct cred *new_creds = *new;
4577 
4578         if (new_creds == NULL) {
4579                 new_creds = prepare_creds();
4580                 if (new_creds == NULL)
4581                         return -ENOMEM;
4582         }
4583 
4584         tsp = new_creds->security;
4585 
4586         /*
4587          * Get label from overlay inode and set it in create_sid
4588          */
4589         isp = d_inode(dentry->d_parent)->i_security;
4590         skp = isp->smk_inode;
4591         tsp->smk_task = skp;
4592         *new = new_creds;
4593         return 0;
4594 }
4595 
4596 static int smack_inode_copy_up_xattr(const char *name)
4597 {
4598         /*
4599          * Return 1 if this is the smack access Smack attribute.
4600          */
4601         if (strcmp(name, XATTR_NAME_SMACK) == 0)
4602                 return 1;
4603 
4604         return -EOPNOTSUPP;
4605 }
4606 
4607 static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4608                                         struct qstr *name,
4609                                         const struct cred *old,
4610                                         struct cred *new)
4611 {
4612         struct task_smack *otsp = old->security;
4613         struct task_smack *ntsp = new->security;
4614         struct inode_smack *isp;
4615         int may;
4616 
4617         /*
4618          * Use the process credential unless all of
4619          * the transmuting criteria are met
4620          */
4621         ntsp->smk_task = otsp->smk_task;
4622 
4623         /*
4624          * the attribute of the containing directory
4625          */
4626         isp = d_inode(dentry->d_parent)->i_security;
4627 
4628         if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4629                 rcu_read_lock();
4630                 may = smk_access_entry(otsp->smk_task->smk_known,
4631                                        isp->smk_inode->smk_known,
4632                                        &otsp->smk_task->smk_rules);
4633                 rcu_read_unlock();
4634 
4635                 /*
4636                  * If the directory is transmuting and the rule
4637                  * providing access is transmuting use the containing
4638                  * directory label instead of the process label.
4639                  */
4640                 if (may > 0 && (may & MAY_TRANSMUTE))
4641                         ntsp->smk_task = isp->smk_inode;
4642         }
4643         return 0;
4644 }
4645 
4646 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
4647         LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4648         LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4649         LSM_HOOK_INIT(syslog, smack_syslog),
4650 
4651         LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4652         LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
4653         LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data),
4654         LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount),
4655         LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4656         LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4657         LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str),
4658 
4659         LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
4660 
4661         LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4662         LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
4663         LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4664         LSM_HOOK_INIT(inode_link, smack_inode_link),
4665         LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4666         LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4667         LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4668         LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4669         LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4670         LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4671         LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4672         LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4673         LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4674         LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4675         LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4676         LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4677         LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4678         LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4679 
4680         LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4681         LSM_HOOK_INIT(file_free_security, smack_file_free_security),
4682         LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4683         LSM_HOOK_INIT(file_lock, smack_file_lock),
4684         LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4685         LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4686         LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4687         LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4688         LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4689         LSM_HOOK_INIT(file_receive, smack_file_receive),
4690 
4691         LSM_HOOK_INIT(file_open, smack_file_open),
4692 
4693         LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4694         LSM_HOOK_INIT(cred_free, smack_cred_free),
4695         LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4696         LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4697         LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
4698         LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4699         LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4700         LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4701         LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4702         LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4703         LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4704         LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4705         LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4706         LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4707         LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4708         LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4709         LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4710         LSM_HOOK_INIT(task_kill, smack_task_kill),
4711         LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4712 
4713         LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4714         LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4715 
4716         LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4717         LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
4718 
4719         LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4720         LSM_HOOK_INIT(msg_queue_free_security, smack_ipc_free_security),
4721         LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4722         LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4723         LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4724         LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4725 
4726         LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4727         LSM_HOOK_INIT(shm_free_security, smack_ipc_free_security),
4728         LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4729         LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4730         LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4731 
4732         LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4733         LSM_HOOK_INIT(sem_free_security, smack_ipc_free_security),
4734         LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4735         LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4736         LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4737 
4738         LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4739 
4740         LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4741         LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4742 
4743         LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4744         LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4745 
4746         LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4747         LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
4748 #ifdef SMACK_IPV6_PORT_LABELING
4749         LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4750 #endif
4751         LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4752         LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4753         LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4754         LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4755         LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4756         LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4757         LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4758         LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4759         LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4760         LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4761 
4762  /* key management security hooks */
4763 #ifdef CONFIG_KEYS
4764         LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4765         LSM_HOOK_INIT(key_free, smack_key_free),
4766         LSM_HOOK_INIT(key_permission, smack_key_permission),
4767         LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4768 #endif /* CONFIG_KEYS */
4769 
4770  /* Audit hooks */
4771 #ifdef CONFIG_AUDIT
4772         LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4773         LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4774         LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4775 #endif /* CONFIG_AUDIT */
4776 
4777         LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4778         LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4779         LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4780         LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4781         LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4782         LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4783         LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4784         LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4785         LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
4786 };
4787 
4788 
4789 static __init void init_smack_known_list(void)
4790 {
4791         /*
4792          * Initialize rule list locks
4793          */
4794         mutex_init(&smack_known_huh.smk_rules_lock);
4795         mutex_init(&smack_known_hat.smk_rules_lock);
4796         mutex_init(&smack_known_floor.smk_rules_lock);
4797         mutex_init(&smack_known_star.smk_rules_lock);
4798         mutex_init(&smack_known_web.smk_rules_lock);
4799         /*
4800          * Initialize rule lists
4801          */
4802         INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4803         INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4804         INIT_LIST_HEAD(&smack_known_star.smk_rules);
4805         INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4806         INIT_LIST_HEAD(&smack_known_web.smk_rules);
4807         /*
4808          * Create the known labels list
4809          */
4810         smk_insert_entry(&smack_known_huh);
4811         smk_insert_entry(&smack_known_hat);
4812         smk_insert_entry(&smack_known_star);
4813         smk_insert_entry(&smack_known_floor);
4814         smk_insert_entry(&smack_known_web);
4815 }
4816 
4817 /**
4818  * smack_init - initialize the smack system
4819  *
4820  * Returns 0
4821  */
4822 static __init int smack_init(void)
4823 {
4824         struct cred *cred;
4825         struct task_smack *tsp;
4826 
4827         if (!security_module_enable("smack"))
4828                 return 0;
4829 
4830         smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4831         if (!smack_inode_cache)
4832                 return -ENOMEM;
4833 
4834         tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4835                                 GFP_KERNEL);
4836         if (tsp == NULL) {
4837                 kmem_cache_destroy(smack_inode_cache);
4838                 return -ENOMEM;
4839         }
4840 
4841         smack_enabled = 1;
4842 
4843         pr_info("Smack:  Initializing.\n");
4844 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4845         pr_info("Smack:  Netfilter enabled.\n");
4846 #endif
4847 #ifdef SMACK_IPV6_PORT_LABELING
4848         pr_info("Smack:  IPv6 port labeling enabled.\n");
4849 #endif
4850 #ifdef SMACK_IPV6_SECMARK_LABELING
4851         pr_info("Smack:  IPv6 Netfilter enabled.\n");
4852 #endif
4853 
4854         /*
4855          * Set the security state for the initial task.
4856          */
4857         cred = (struct cred *) current->cred;
4858         cred->security = tsp;
4859 
4860         /* initialize the smack_known_list */
4861         init_smack_known_list();
4862 
4863         /*
4864          * Register with LSM
4865          */
4866         security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
4867 
4868         return 0;
4869 }
4870 
4871 /*
4872  * Smack requires early initialization in order to label
4873  * all processes and objects when they are created.
4874  */
4875 security_initcall(smack_init);
4876 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp