~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/smack/smack_lsm.c

Version: ~ [ linux-5.8-rc4 ] ~ [ linux-5.7.7 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.50 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.131 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.187 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.229 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.229 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *  Simplified MAC Kernel (smack) security module
  3  *
  4  *  This file contains the smack hook function implementations.
  5  *
  6  *  Authors:
  7  *      Casey Schaufler <casey@schaufler-ca.com>
  8  *      Jarkko Sakkinen <jarkko.sakkinen@intel.com>
  9  *
 10  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
 11  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
 12  *                Paul Moore <paul@paul-moore.com>
 13  *  Copyright (C) 2010 Nokia Corporation
 14  *  Copyright (C) 2011 Intel Corporation.
 15  *
 16  *      This program is free software; you can redistribute it and/or modify
 17  *      it under the terms of the GNU General Public License version 2,
 18  *      as published by the Free Software Foundation.
 19  */
 20 
 21 #include <linux/xattr.h>
 22 #include <linux/pagemap.h>
 23 #include <linux/mount.h>
 24 #include <linux/stat.h>
 25 #include <linux/kd.h>
 26 #include <asm/ioctls.h>
 27 #include <linux/ip.h>
 28 #include <linux/tcp.h>
 29 #include <linux/udp.h>
 30 #include <linux/dccp.h>
 31 #include <linux/slab.h>
 32 #include <linux/mutex.h>
 33 #include <linux/pipe_fs_i.h>
 34 #include <net/cipso_ipv4.h>
 35 #include <net/ip.h>
 36 #include <net/ipv6.h>
 37 #include <linux/audit.h>
 38 #include <linux/magic.h>
 39 #include <linux/dcache.h>
 40 #include <linux/personality.h>
 41 #include <linux/msg.h>
 42 #include <linux/shm.h>
 43 #include <linux/binfmts.h>
 44 #include "smack.h"
 45 
 46 #define TRANS_TRUE      "TRUE"
 47 #define TRANS_TRUE_SIZE 4
 48 
 49 #define SMK_CONNECTING  0
 50 #define SMK_RECEIVING   1
 51 #define SMK_SENDING     2
 52 
 53 LIST_HEAD(smk_ipv6_port_list);
 54 static struct kmem_cache *smack_inode_cache;
 55 
 56 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 57 static void smk_bu_mode(int mode, char *s)
 58 {
 59         int i = 0;
 60 
 61         if (mode & MAY_READ)
 62                 s[i++] = 'r';
 63         if (mode & MAY_WRITE)
 64                 s[i++] = 'w';
 65         if (mode & MAY_EXEC)
 66                 s[i++] = 'x';
 67         if (mode & MAY_APPEND)
 68                 s[i++] = 'a';
 69         if (mode & MAY_TRANSMUTE)
 70                 s[i++] = 't';
 71         if (mode & MAY_LOCK)
 72                 s[i++] = 'l';
 73         if (i == 0)
 74                 s[i++] = '-';
 75         s[i] = '\0';
 76 }
 77 #endif
 78 
 79 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 80 static int smk_bu_note(char *note, struct smack_known *sskp,
 81                        struct smack_known *oskp, int mode, int rc)
 82 {
 83         char acc[SMK_NUM_ACCESS_TYPE + 1];
 84 
 85         if (rc <= 0)
 86                 return rc;
 87 
 88         smk_bu_mode(mode, acc);
 89         pr_info("Smack Bringup: (%s %s %s) %s\n",
 90                 sskp->smk_known, oskp->smk_known, acc, note);
 91         return 0;
 92 }
 93 #else
 94 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
 95 #endif
 96 
 97 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 98 static int smk_bu_current(char *note, struct smack_known *oskp,
 99                           int mode, int rc)
100 {
101         struct task_smack *tsp = current_security();
102         char acc[SMK_NUM_ACCESS_TYPE + 1];
103 
104         if (rc <= 0)
105                 return rc;
106 
107         smk_bu_mode(mode, acc);
108         pr_info("Smack Bringup: (%s %s %s) %s %s\n",
109                 tsp->smk_task->smk_known, oskp->smk_known,
110                 acc, current->comm, note);
111         return 0;
112 }
113 #else
114 #define smk_bu_current(note, oskp, mode, RC) (RC)
115 #endif
116 
117 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
118 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
119 {
120         struct task_smack *tsp = current_security();
121         struct smack_known *smk_task = smk_of_task_struct(otp);
122         char acc[SMK_NUM_ACCESS_TYPE + 1];
123 
124         if (rc <= 0)
125                 return rc;
126 
127         smk_bu_mode(mode, acc);
128         pr_info("Smack Bringup: (%s %s %s) %s to %s\n",
129                 tsp->smk_task->smk_known, smk_task->smk_known, acc,
130                 current->comm, otp->comm);
131         return 0;
132 }
133 #else
134 #define smk_bu_task(otp, mode, RC) (RC)
135 #endif
136 
137 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
138 static int smk_bu_inode(struct inode *inode, int mode, int rc)
139 {
140         struct task_smack *tsp = current_security();
141         char acc[SMK_NUM_ACCESS_TYPE + 1];
142 
143         if (rc <= 0)
144                 return rc;
145 
146         smk_bu_mode(mode, acc);
147         pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n",
148                 tsp->smk_task->smk_known, smk_of_inode(inode)->smk_known, acc,
149                 inode->i_sb->s_id, inode->i_ino, current->comm);
150         return 0;
151 }
152 #else
153 #define smk_bu_inode(inode, mode, RC) (RC)
154 #endif
155 
156 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
157 static int smk_bu_file(struct file *file, int mode, int rc)
158 {
159         struct task_smack *tsp = current_security();
160         struct smack_known *sskp = tsp->smk_task;
161         struct inode *inode = file->f_inode;
162         char acc[SMK_NUM_ACCESS_TYPE + 1];
163 
164         if (rc <= 0)
165                 return rc;
166 
167         smk_bu_mode(mode, acc);
168         pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
169                 sskp->smk_known, (char *)file->f_security, acc,
170                 inode->i_sb->s_id, inode->i_ino, file,
171                 current->comm);
172         return 0;
173 }
174 #else
175 #define smk_bu_file(file, mode, RC) (RC)
176 #endif
177 
178 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
179 static int smk_bu_credfile(const struct cred *cred, struct file *file,
180                                 int mode, int rc)
181 {
182         struct task_smack *tsp = cred->security;
183         struct smack_known *sskp = tsp->smk_task;
184         struct inode *inode = file->f_inode;
185         char acc[SMK_NUM_ACCESS_TYPE + 1];
186 
187         if (rc <= 0)
188                 return rc;
189 
190         smk_bu_mode(mode, acc);
191         pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
192                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
193                 inode->i_sb->s_id, inode->i_ino, file,
194                 current->comm);
195         return 0;
196 }
197 #else
198 #define smk_bu_credfile(cred, file, mode, RC) (RC)
199 #endif
200 
201 /**
202  * smk_fetch - Fetch the smack label from a file.
203  * @ip: a pointer to the inode
204  * @dp: a pointer to the dentry
205  *
206  * Returns a pointer to the master list entry for the Smack label
207  * or NULL if there was no label to fetch.
208  */
209 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
210                                         struct dentry *dp)
211 {
212         int rc;
213         char *buffer;
214         struct smack_known *skp = NULL;
215 
216         if (ip->i_op->getxattr == NULL)
217                 return NULL;
218 
219         buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
220         if (buffer == NULL)
221                 return NULL;
222 
223         rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
224         if (rc > 0)
225                 skp = smk_import_entry(buffer, rc);
226 
227         kfree(buffer);
228 
229         return skp;
230 }
231 
232 /**
233  * new_inode_smack - allocate an inode security blob
234  * @skp: a pointer to the Smack label entry to use in the blob
235  *
236  * Returns the new blob or NULL if there's no memory available
237  */
238 struct inode_smack *new_inode_smack(struct smack_known *skp)
239 {
240         struct inode_smack *isp;
241 
242         isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
243         if (isp == NULL)
244                 return NULL;
245 
246         isp->smk_inode = skp;
247         isp->smk_flags = 0;
248         mutex_init(&isp->smk_lock);
249 
250         return isp;
251 }
252 
253 /**
254  * new_task_smack - allocate a task security blob
255  * @smack: a pointer to the Smack label to use in the blob
256  *
257  * Returns the new blob or NULL if there's no memory available
258  */
259 static struct task_smack *new_task_smack(struct smack_known *task,
260                                         struct smack_known *forked, gfp_t gfp)
261 {
262         struct task_smack *tsp;
263 
264         tsp = kzalloc(sizeof(struct task_smack), gfp);
265         if (tsp == NULL)
266                 return NULL;
267 
268         tsp->smk_task = task;
269         tsp->smk_forked = forked;
270         INIT_LIST_HEAD(&tsp->smk_rules);
271         mutex_init(&tsp->smk_rules_lock);
272 
273         return tsp;
274 }
275 
276 /**
277  * smk_copy_rules - copy a rule set
278  * @nhead - new rules header pointer
279  * @ohead - old rules header pointer
280  *
281  * Returns 0 on success, -ENOMEM on error
282  */
283 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
284                                 gfp_t gfp)
285 {
286         struct smack_rule *nrp;
287         struct smack_rule *orp;
288         int rc = 0;
289 
290         INIT_LIST_HEAD(nhead);
291 
292         list_for_each_entry_rcu(orp, ohead, list) {
293                 nrp = kzalloc(sizeof(struct smack_rule), gfp);
294                 if (nrp == NULL) {
295                         rc = -ENOMEM;
296                         break;
297                 }
298                 *nrp = *orp;
299                 list_add_rcu(&nrp->list, nhead);
300         }
301         return rc;
302 }
303 
304 /**
305  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
306  * @mode - input mode in form of PTRACE_MODE_*
307  *
308  * Returns a converted MAY_* mode usable by smack rules
309  */
310 static inline unsigned int smk_ptrace_mode(unsigned int mode)
311 {
312         switch (mode) {
313         case PTRACE_MODE_READ:
314                 return MAY_READ;
315         case PTRACE_MODE_ATTACH:
316                 return MAY_READWRITE;
317         }
318 
319         return 0;
320 }
321 
322 /**
323  * smk_ptrace_rule_check - helper for ptrace access
324  * @tracer: tracer process
325  * @tracee_known: label entry of the process that's about to be traced
326  * @mode: ptrace attachment mode (PTRACE_MODE_*)
327  * @func: name of the function that called us, used for audit
328  *
329  * Returns 0 on access granted, -error on error
330  */
331 static int smk_ptrace_rule_check(struct task_struct *tracer,
332                                  struct smack_known *tracee_known,
333                                  unsigned int mode, const char *func)
334 {
335         int rc;
336         struct smk_audit_info ad, *saip = NULL;
337         struct task_smack *tsp;
338         struct smack_known *tracer_known;
339 
340         if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
341                 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
342                 smk_ad_setfield_u_tsk(&ad, tracer);
343                 saip = &ad;
344         }
345 
346         rcu_read_lock();
347         tsp = __task_cred(tracer)->security;
348         tracer_known = smk_of_task(tsp);
349 
350         if ((mode & PTRACE_MODE_ATTACH) &&
351             (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
352              smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
353                 if (tracer_known->smk_known == tracee_known->smk_known)
354                         rc = 0;
355                 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
356                         rc = -EACCES;
357                 else if (capable(CAP_SYS_PTRACE))
358                         rc = 0;
359                 else
360                         rc = -EACCES;
361 
362                 if (saip)
363                         smack_log(tracer_known->smk_known,
364                                   tracee_known->smk_known,
365                                   0, rc, saip);
366 
367                 rcu_read_unlock();
368                 return rc;
369         }
370 
371         /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
372         rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
373 
374         rcu_read_unlock();
375         return rc;
376 }
377 
378 /*
379  * LSM hooks.
380  * We he, that is fun!
381  */
382 
383 /**
384  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
385  * @ctp: child task pointer
386  * @mode: ptrace attachment mode (PTRACE_MODE_*)
387  *
388  * Returns 0 if access is OK, an error code otherwise
389  *
390  * Do the capability checks.
391  */
392 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
393 {
394         int rc;
395         struct smack_known *skp;
396 
397         rc = cap_ptrace_access_check(ctp, mode);
398         if (rc != 0)
399                 return rc;
400 
401         skp = smk_of_task_struct(ctp);
402 
403         rc = smk_ptrace_rule_check(current, skp, mode, __func__);
404         return rc;
405 }
406 
407 /**
408  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
409  * @ptp: parent task pointer
410  *
411  * Returns 0 if access is OK, an error code otherwise
412  *
413  * Do the capability checks, and require PTRACE_MODE_ATTACH.
414  */
415 static int smack_ptrace_traceme(struct task_struct *ptp)
416 {
417         int rc;
418         struct smack_known *skp;
419 
420         rc = cap_ptrace_traceme(ptp);
421         if (rc != 0)
422                 return rc;
423 
424         skp = smk_of_task(current_security());
425 
426         rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
427         return rc;
428 }
429 
430 /**
431  * smack_syslog - Smack approval on syslog
432  * @type: message type
433  *
434  * Returns 0 on success, error code otherwise.
435  */
436 static int smack_syslog(int typefrom_file)
437 {
438         int rc = 0;
439         struct smack_known *skp = smk_of_current();
440 
441         if (smack_privileged(CAP_MAC_OVERRIDE))
442                 return 0;
443 
444         if (smack_syslog_label != NULL && smack_syslog_label != skp)
445                 rc = -EACCES;
446 
447         return rc;
448 }
449 
450 
451 /*
452  * Superblock Hooks.
453  */
454 
455 /**
456  * smack_sb_alloc_security - allocate a superblock blob
457  * @sb: the superblock getting the blob
458  *
459  * Returns 0 on success or -ENOMEM on error.
460  */
461 static int smack_sb_alloc_security(struct super_block *sb)
462 {
463         struct superblock_smack *sbsp;
464 
465         sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
466 
467         if (sbsp == NULL)
468                 return -ENOMEM;
469 
470         sbsp->smk_root = &smack_known_floor;
471         sbsp->smk_default = &smack_known_floor;
472         sbsp->smk_floor = &smack_known_floor;
473         sbsp->smk_hat = &smack_known_hat;
474         /*
475          * smk_initialized will be zero from kzalloc.
476          */
477         sb->s_security = sbsp;
478 
479         return 0;
480 }
481 
482 /**
483  * smack_sb_free_security - free a superblock blob
484  * @sb: the superblock getting the blob
485  *
486  */
487 static void smack_sb_free_security(struct super_block *sb)
488 {
489         kfree(sb->s_security);
490         sb->s_security = NULL;
491 }
492 
493 /**
494  * smack_sb_copy_data - copy mount options data for processing
495  * @orig: where to start
496  * @smackopts: mount options string
497  *
498  * Returns 0 on success or -ENOMEM on error.
499  *
500  * Copy the Smack specific mount options out of the mount
501  * options list.
502  */
503 static int smack_sb_copy_data(char *orig, char *smackopts)
504 {
505         char *cp, *commap, *otheropts, *dp;
506 
507         otheropts = (char *)get_zeroed_page(GFP_KERNEL);
508         if (otheropts == NULL)
509                 return -ENOMEM;
510 
511         for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
512                 if (strstr(cp, SMK_FSDEFAULT) == cp)
513                         dp = smackopts;
514                 else if (strstr(cp, SMK_FSFLOOR) == cp)
515                         dp = smackopts;
516                 else if (strstr(cp, SMK_FSHAT) == cp)
517                         dp = smackopts;
518                 else if (strstr(cp, SMK_FSROOT) == cp)
519                         dp = smackopts;
520                 else if (strstr(cp, SMK_FSTRANS) == cp)
521                         dp = smackopts;
522                 else
523                         dp = otheropts;
524 
525                 commap = strchr(cp, ',');
526                 if (commap != NULL)
527                         *commap = '\0';
528 
529                 if (*dp != '\0')
530                         strcat(dp, ",");
531                 strcat(dp, cp);
532         }
533 
534         strcpy(orig, otheropts);
535         free_page((unsigned long)otheropts);
536 
537         return 0;
538 }
539 
540 /**
541  * smack_sb_kern_mount - Smack specific mount processing
542  * @sb: the file system superblock
543  * @flags: the mount flags
544  * @data: the smack mount options
545  *
546  * Returns 0 on success, an error code on failure
547  */
548 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
549 {
550         struct dentry *root = sb->s_root;
551         struct inode *inode = root->d_inode;
552         struct superblock_smack *sp = sb->s_security;
553         struct inode_smack *isp;
554         struct smack_known *skp;
555         char *op;
556         char *commap;
557         int transmute = 0;
558         int specified = 0;
559 
560         if (sp->smk_initialized)
561                 return 0;
562 
563         sp->smk_initialized = 1;
564 
565         for (op = data; op != NULL; op = commap) {
566                 commap = strchr(op, ',');
567                 if (commap != NULL)
568                         *commap++ = '\0';
569 
570                 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
571                         op += strlen(SMK_FSHAT);
572                         skp = smk_import_entry(op, 0);
573                         if (skp != NULL) {
574                                 sp->smk_hat = skp;
575                                 specified = 1;
576                         }
577                 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
578                         op += strlen(SMK_FSFLOOR);
579                         skp = smk_import_entry(op, 0);
580                         if (skp != NULL) {
581                                 sp->smk_floor = skp;
582                                 specified = 1;
583                         }
584                 } else if (strncmp(op, SMK_FSDEFAULT,
585                                    strlen(SMK_FSDEFAULT)) == 0) {
586                         op += strlen(SMK_FSDEFAULT);
587                         skp = smk_import_entry(op, 0);
588                         if (skp != NULL) {
589                                 sp->smk_default = skp;
590                                 specified = 1;
591                         }
592                 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
593                         op += strlen(SMK_FSROOT);
594                         skp = smk_import_entry(op, 0);
595                         if (skp != NULL) {
596                                 sp->smk_root = skp;
597                                 specified = 1;
598                         }
599                 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
600                         op += strlen(SMK_FSTRANS);
601                         skp = smk_import_entry(op, 0);
602                         if (skp != NULL) {
603                                 sp->smk_root = skp;
604                                 transmute = 1;
605                                 specified = 1;
606                         }
607                 }
608         }
609 
610         if (!smack_privileged(CAP_MAC_ADMIN)) {
611                 /*
612                  * Unprivileged mounts don't get to specify Smack values.
613                  */
614                 if (specified)
615                         return -EPERM;
616                 /*
617                  * Unprivileged mounts get root and default from the caller.
618                  */
619                 skp = smk_of_current();
620                 sp->smk_root = skp;
621                 sp->smk_default = skp;
622         }
623         /*
624          * Initialize the root inode.
625          */
626         isp = inode->i_security;
627         if (isp == NULL) {
628                 isp = new_inode_smack(sp->smk_root);
629                 if (isp == NULL)
630                         return -ENOMEM;
631                 inode->i_security = isp;
632         } else
633                 isp->smk_inode = sp->smk_root;
634 
635         if (transmute)
636                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
637 
638         return 0;
639 }
640 
641 /**
642  * smack_sb_statfs - Smack check on statfs
643  * @dentry: identifies the file system in question
644  *
645  * Returns 0 if current can read the floor of the filesystem,
646  * and error code otherwise
647  */
648 static int smack_sb_statfs(struct dentry *dentry)
649 {
650         struct superblock_smack *sbp = dentry->d_sb->s_security;
651         int rc;
652         struct smk_audit_info ad;
653 
654         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
655         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
656 
657         rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
658         rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
659         return rc;
660 }
661 
662 /*
663  * BPRM hooks
664  */
665 
666 /**
667  * smack_bprm_set_creds - set creds for exec
668  * @bprm: the exec information
669  *
670  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
671  */
672 static int smack_bprm_set_creds(struct linux_binprm *bprm)
673 {
674         struct inode *inode = file_inode(bprm->file);
675         struct task_smack *bsp = bprm->cred->security;
676         struct inode_smack *isp;
677         int rc;
678 
679         rc = cap_bprm_set_creds(bprm);
680         if (rc != 0)
681                 return rc;
682 
683         if (bprm->cred_prepared)
684                 return 0;
685 
686         isp = inode->i_security;
687         if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
688                 return 0;
689 
690         if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
691                 struct task_struct *tracer;
692                 rc = 0;
693 
694                 rcu_read_lock();
695                 tracer = ptrace_parent(current);
696                 if (likely(tracer != NULL))
697                         rc = smk_ptrace_rule_check(tracer,
698                                                    isp->smk_task,
699                                                    PTRACE_MODE_ATTACH,
700                                                    __func__);
701                 rcu_read_unlock();
702 
703                 if (rc != 0)
704                         return rc;
705         } else if (bprm->unsafe)
706                 return -EPERM;
707 
708         bsp->smk_task = isp->smk_task;
709         bprm->per_clear |= PER_CLEAR_ON_SETID;
710 
711         return 0;
712 }
713 
714 /**
715  * smack_bprm_committing_creds - Prepare to install the new credentials
716  * from bprm.
717  *
718  * @bprm: binprm for exec
719  */
720 static void smack_bprm_committing_creds(struct linux_binprm *bprm)
721 {
722         struct task_smack *bsp = bprm->cred->security;
723 
724         if (bsp->smk_task != bsp->smk_forked)
725                 current->pdeath_signal = 0;
726 }
727 
728 /**
729  * smack_bprm_secureexec - Return the decision to use secureexec.
730  * @bprm: binprm for exec
731  *
732  * Returns 0 on success.
733  */
734 static int smack_bprm_secureexec(struct linux_binprm *bprm)
735 {
736         struct task_smack *tsp = current_security();
737         int ret = cap_bprm_secureexec(bprm);
738 
739         if (!ret && (tsp->smk_task != tsp->smk_forked))
740                 ret = 1;
741 
742         return ret;
743 }
744 
745 /*
746  * Inode hooks
747  */
748 
749 /**
750  * smack_inode_alloc_security - allocate an inode blob
751  * @inode: the inode in need of a blob
752  *
753  * Returns 0 if it gets a blob, -ENOMEM otherwise
754  */
755 static int smack_inode_alloc_security(struct inode *inode)
756 {
757         struct smack_known *skp = smk_of_current();
758 
759         inode->i_security = new_inode_smack(skp);
760         if (inode->i_security == NULL)
761                 return -ENOMEM;
762         return 0;
763 }
764 
765 /**
766  * smack_inode_free_security - free an inode blob
767  * @inode: the inode with a blob
768  *
769  * Clears the blob pointer in inode
770  */
771 static void smack_inode_free_security(struct inode *inode)
772 {
773         kmem_cache_free(smack_inode_cache, inode->i_security);
774         inode->i_security = NULL;
775 }
776 
777 /**
778  * smack_inode_init_security - copy out the smack from an inode
779  * @inode: the newly created inode
780  * @dir: containing directory object
781  * @qstr: unused
782  * @name: where to put the attribute name
783  * @value: where to put the attribute value
784  * @len: where to put the length of the attribute
785  *
786  * Returns 0 if it all works out, -ENOMEM if there's no memory
787  */
788 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
789                                      const struct qstr *qstr, const char **name,
790                                      void **value, size_t *len)
791 {
792         struct inode_smack *issp = inode->i_security;
793         struct smack_known *skp = smk_of_current();
794         struct smack_known *isp = smk_of_inode(inode);
795         struct smack_known *dsp = smk_of_inode(dir);
796         int may;
797 
798         if (name)
799                 *name = XATTR_SMACK_SUFFIX;
800 
801         if (value) {
802                 rcu_read_lock();
803                 may = smk_access_entry(skp->smk_known, dsp->smk_known,
804                                        &skp->smk_rules);
805                 rcu_read_unlock();
806 
807                 /*
808                  * If the access rule allows transmutation and
809                  * the directory requests transmutation then
810                  * by all means transmute.
811                  * Mark the inode as changed.
812                  */
813                 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
814                     smk_inode_transmutable(dir)) {
815                         isp = dsp;
816                         issp->smk_flags |= SMK_INODE_CHANGED;
817                 }
818 
819                 *value = kstrdup(isp->smk_known, GFP_NOFS);
820                 if (*value == NULL)
821                         return -ENOMEM;
822         }
823 
824         if (len)
825                 *len = strlen(isp->smk_known);
826 
827         return 0;
828 }
829 
830 /**
831  * smack_inode_link - Smack check on link
832  * @old_dentry: the existing object
833  * @dir: unused
834  * @new_dentry: the new object
835  *
836  * Returns 0 if access is permitted, an error code otherwise
837  */
838 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
839                             struct dentry *new_dentry)
840 {
841         struct smack_known *isp;
842         struct smk_audit_info ad;
843         int rc;
844 
845         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
846         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
847 
848         isp = smk_of_inode(old_dentry->d_inode);
849         rc = smk_curacc(isp, MAY_WRITE, &ad);
850         rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc);
851 
852         if (rc == 0 && new_dentry->d_inode != NULL) {
853                 isp = smk_of_inode(new_dentry->d_inode);
854                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
855                 rc = smk_curacc(isp, MAY_WRITE, &ad);
856                 rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc);
857         }
858 
859         return rc;
860 }
861 
862 /**
863  * smack_inode_unlink - Smack check on inode deletion
864  * @dir: containing directory object
865  * @dentry: file to unlink
866  *
867  * Returns 0 if current can write the containing directory
868  * and the object, error code otherwise
869  */
870 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
871 {
872         struct inode *ip = dentry->d_inode;
873         struct smk_audit_info ad;
874         int rc;
875 
876         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
877         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
878 
879         /*
880          * You need write access to the thing you're unlinking
881          */
882         rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
883         rc = smk_bu_inode(ip, MAY_WRITE, rc);
884         if (rc == 0) {
885                 /*
886                  * You also need write access to the containing directory
887                  */
888                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
889                 smk_ad_setfield_u_fs_inode(&ad, dir);
890                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
891                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
892         }
893         return rc;
894 }
895 
896 /**
897  * smack_inode_rmdir - Smack check on directory deletion
898  * @dir: containing directory object
899  * @dentry: directory to unlink
900  *
901  * Returns 0 if current can write the containing directory
902  * and the directory, error code otherwise
903  */
904 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
905 {
906         struct smk_audit_info ad;
907         int rc;
908 
909         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
910         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
911 
912         /*
913          * You need write access to the thing you're removing
914          */
915         rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
916         rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
917         if (rc == 0) {
918                 /*
919                  * You also need write access to the containing directory
920                  */
921                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
922                 smk_ad_setfield_u_fs_inode(&ad, dir);
923                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
924                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
925         }
926 
927         return rc;
928 }
929 
930 /**
931  * smack_inode_rename - Smack check on rename
932  * @old_inode: unused
933  * @old_dentry: the old object
934  * @new_inode: unused
935  * @new_dentry: the new object
936  *
937  * Read and write access is required on both the old and
938  * new directories.
939  *
940  * Returns 0 if access is permitted, an error code otherwise
941  */
942 static int smack_inode_rename(struct inode *old_inode,
943                               struct dentry *old_dentry,
944                               struct inode *new_inode,
945                               struct dentry *new_dentry)
946 {
947         int rc;
948         struct smack_known *isp;
949         struct smk_audit_info ad;
950 
951         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
952         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
953 
954         isp = smk_of_inode(old_dentry->d_inode);
955         rc = smk_curacc(isp, MAY_READWRITE, &ad);
956         rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc);
957 
958         if (rc == 0 && new_dentry->d_inode != NULL) {
959                 isp = smk_of_inode(new_dentry->d_inode);
960                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
961                 rc = smk_curacc(isp, MAY_READWRITE, &ad);
962                 rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc);
963         }
964         return rc;
965 }
966 
967 /**
968  * smack_inode_permission - Smack version of permission()
969  * @inode: the inode in question
970  * @mask: the access requested
971  *
972  * This is the important Smack hook.
973  *
974  * Returns 0 if access is permitted, -EACCES otherwise
975  */
976 static int smack_inode_permission(struct inode *inode, int mask)
977 {
978         struct smk_audit_info ad;
979         int no_block = mask & MAY_NOT_BLOCK;
980         int rc;
981 
982         mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
983         /*
984          * No permission to check. Existence test. Yup, it's there.
985          */
986         if (mask == 0)
987                 return 0;
988 
989         /* May be droppable after audit */
990         if (no_block)
991                 return -ECHILD;
992         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
993         smk_ad_setfield_u_fs_inode(&ad, inode);
994         rc = smk_curacc(smk_of_inode(inode), mask, &ad);
995         rc = smk_bu_inode(inode, mask, rc);
996         return rc;
997 }
998 
999 /**
1000  * smack_inode_setattr - Smack check for setting attributes
1001  * @dentry: the object
1002  * @iattr: for the force flag
1003  *
1004  * Returns 0 if access is permitted, an error code otherwise
1005  */
1006 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1007 {
1008         struct smk_audit_info ad;
1009         int rc;
1010 
1011         /*
1012          * Need to allow for clearing the setuid bit.
1013          */
1014         if (iattr->ia_valid & ATTR_FORCE)
1015                 return 0;
1016         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1017         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1018 
1019         rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1020         rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1021         return rc;
1022 }
1023 
1024 /**
1025  * smack_inode_getattr - Smack check for getting attributes
1026  * @mnt: vfsmount of the object
1027  * @dentry: the object
1028  *
1029  * Returns 0 if access is permitted, an error code otherwise
1030  */
1031 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
1032 {
1033         struct smk_audit_info ad;
1034         struct path path;
1035         int rc;
1036 
1037         path.dentry = dentry;
1038         path.mnt = mnt;
1039 
1040         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1041         smk_ad_setfield_u_fs_path(&ad, path);
1042         rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1043         rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1044         return rc;
1045 }
1046 
1047 /**
1048  * smack_inode_setxattr - Smack check for setting xattrs
1049  * @dentry: the object
1050  * @name: name of the attribute
1051  * @value: value of the attribute
1052  * @size: size of the value
1053  * @flags: unused
1054  *
1055  * This protects the Smack attribute explicitly.
1056  *
1057  * Returns 0 if access is permitted, an error code otherwise
1058  */
1059 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1060                                 const void *value, size_t size, int flags)
1061 {
1062         struct smk_audit_info ad;
1063         struct smack_known *skp;
1064         int check_priv = 0;
1065         int check_import = 0;
1066         int check_star = 0;
1067         int rc = 0;
1068 
1069         /*
1070          * Check label validity here so import won't fail in post_setxattr
1071          */
1072         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1073             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1074             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1075                 check_priv = 1;
1076                 check_import = 1;
1077         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1078                    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1079                 check_priv = 1;
1080                 check_import = 1;
1081                 check_star = 1;
1082         } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1083                 check_priv = 1;
1084                 if (size != TRANS_TRUE_SIZE ||
1085                     strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1086                         rc = -EINVAL;
1087         } else
1088                 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1089 
1090         if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1091                 rc = -EPERM;
1092 
1093         if (rc == 0 && check_import) {
1094                 skp = size ? smk_import_entry(value, size) : NULL;
1095                 if (skp == NULL || (check_star &&
1096                     (skp == &smack_known_star || skp == &smack_known_web)))
1097                         rc = -EINVAL;
1098         }
1099 
1100         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1101         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1102 
1103         if (rc == 0) {
1104                 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1105                 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1106         }
1107 
1108         return rc;
1109 }
1110 
1111 /**
1112  * smack_inode_post_setxattr - Apply the Smack update approved above
1113  * @dentry: object
1114  * @name: attribute name
1115  * @value: attribute value
1116  * @size: attribute size
1117  * @flags: unused
1118  *
1119  * Set the pointer in the inode blob to the entry found
1120  * in the master label list.
1121  */
1122 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1123                                       const void *value, size_t size, int flags)
1124 {
1125         struct smack_known *skp;
1126         struct inode_smack *isp = dentry->d_inode->i_security;
1127 
1128         if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1129                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1130                 return;
1131         }
1132 
1133         if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1134                 skp = smk_import_entry(value, size);
1135                 if (skp != NULL)
1136                         isp->smk_inode = skp;
1137                 else
1138                         isp->smk_inode = &smack_known_invalid;
1139         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1140                 skp = smk_import_entry(value, size);
1141                 if (skp != NULL)
1142                         isp->smk_task = skp;
1143                 else
1144                         isp->smk_task = &smack_known_invalid;
1145         } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1146                 skp = smk_import_entry(value, size);
1147                 if (skp != NULL)
1148                         isp->smk_mmap = skp;
1149                 else
1150                         isp->smk_mmap = &smack_known_invalid;
1151         }
1152 
1153         return;
1154 }
1155 
1156 /**
1157  * smack_inode_getxattr - Smack check on getxattr
1158  * @dentry: the object
1159  * @name: unused
1160  *
1161  * Returns 0 if access is permitted, an error code otherwise
1162  */
1163 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1164 {
1165         struct smk_audit_info ad;
1166         int rc;
1167 
1168         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1169         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1170 
1171         rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1172         rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1173         return rc;
1174 }
1175 
1176 /**
1177  * smack_inode_removexattr - Smack check on removexattr
1178  * @dentry: the object
1179  * @name: name of the attribute
1180  *
1181  * Removing the Smack attribute requires CAP_MAC_ADMIN
1182  *
1183  * Returns 0 if access is permitted, an error code otherwise
1184  */
1185 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1186 {
1187         struct inode_smack *isp;
1188         struct smk_audit_info ad;
1189         int rc = 0;
1190 
1191         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1192             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1193             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1194             strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1195             strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1196             strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1197                 if (!smack_privileged(CAP_MAC_ADMIN))
1198                         rc = -EPERM;
1199         } else
1200                 rc = cap_inode_removexattr(dentry, name);
1201 
1202         if (rc != 0)
1203                 return rc;
1204 
1205         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1206         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1207 
1208         rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1209         rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1210         if (rc != 0)
1211                 return rc;
1212 
1213         isp = dentry->d_inode->i_security;
1214         /*
1215          * Don't do anything special for these.
1216          *      XATTR_NAME_SMACKIPIN
1217          *      XATTR_NAME_SMACKIPOUT
1218          *      XATTR_NAME_SMACKEXEC
1219          */
1220         if (strcmp(name, XATTR_NAME_SMACK) == 0)
1221                 isp->smk_task = NULL;
1222         else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1223                 isp->smk_mmap = NULL;
1224         else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1225                 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1226 
1227         return 0;
1228 }
1229 
1230 /**
1231  * smack_inode_getsecurity - get smack xattrs
1232  * @inode: the object
1233  * @name: attribute name
1234  * @buffer: where to put the result
1235  * @alloc: unused
1236  *
1237  * Returns the size of the attribute or an error code
1238  */
1239 static int smack_inode_getsecurity(const struct inode *inode,
1240                                    const char *name, void **buffer,
1241                                    bool alloc)
1242 {
1243         struct socket_smack *ssp;
1244         struct socket *sock;
1245         struct super_block *sbp;
1246         struct inode *ip = (struct inode *)inode;
1247         struct smack_known *isp;
1248         int ilen;
1249         int rc = 0;
1250 
1251         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1252                 isp = smk_of_inode(inode);
1253                 ilen = strlen(isp->smk_known);
1254                 *buffer = isp->smk_known;
1255                 return ilen;
1256         }
1257 
1258         /*
1259          * The rest of the Smack xattrs are only on sockets.
1260          */
1261         sbp = ip->i_sb;
1262         if (sbp->s_magic != SOCKFS_MAGIC)
1263                 return -EOPNOTSUPP;
1264 
1265         sock = SOCKET_I(ip);
1266         if (sock == NULL || sock->sk == NULL)
1267                 return -EOPNOTSUPP;
1268 
1269         ssp = sock->sk->sk_security;
1270 
1271         if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1272                 isp = ssp->smk_in;
1273         else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1274                 isp = ssp->smk_out;
1275         else
1276                 return -EOPNOTSUPP;
1277 
1278         ilen = strlen(isp->smk_known);
1279         if (rc == 0) {
1280                 *buffer = isp->smk_known;
1281                 rc = ilen;
1282         }
1283 
1284         return rc;
1285 }
1286 
1287 
1288 /**
1289  * smack_inode_listsecurity - list the Smack attributes
1290  * @inode: the object
1291  * @buffer: where they go
1292  * @buffer_size: size of buffer
1293  *
1294  * Returns 0 on success, -EINVAL otherwise
1295  */
1296 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1297                                     size_t buffer_size)
1298 {
1299         int len = sizeof(XATTR_NAME_SMACK);
1300 
1301         if (buffer != NULL && len <= buffer_size)
1302                 memcpy(buffer, XATTR_NAME_SMACK, len);
1303 
1304         return len;
1305 }
1306 
1307 /**
1308  * smack_inode_getsecid - Extract inode's security id
1309  * @inode: inode to extract the info from
1310  * @secid: where result will be saved
1311  */
1312 static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1313 {
1314         struct inode_smack *isp = inode->i_security;
1315 
1316         *secid = isp->smk_inode->smk_secid;
1317 }
1318 
1319 /*
1320  * File Hooks
1321  */
1322 
1323 /**
1324  * smack_file_permission - Smack check on file operations
1325  * @file: unused
1326  * @mask: unused
1327  *
1328  * Returns 0
1329  *
1330  * Should access checks be done on each read or write?
1331  * UNICOS and SELinux say yes.
1332  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1333  *
1334  * I'll say no for now. Smack does not do the frequent
1335  * label changing that SELinux does.
1336  */
1337 static int smack_file_permission(struct file *file, int mask)
1338 {
1339         return 0;
1340 }
1341 
1342 /**
1343  * smack_file_alloc_security - assign a file security blob
1344  * @file: the object
1345  *
1346  * The security blob for a file is a pointer to the master
1347  * label list, so no allocation is done.
1348  *
1349  * Returns 0
1350  */
1351 static int smack_file_alloc_security(struct file *file)
1352 {
1353         struct smack_known *skp = smk_of_current();
1354 
1355         file->f_security = skp;
1356         return 0;
1357 }
1358 
1359 /**
1360  * smack_file_free_security - clear a file security blob
1361  * @file: the object
1362  *
1363  * The security blob for a file is a pointer to the master
1364  * label list, so no memory is freed.
1365  */
1366 static void smack_file_free_security(struct file *file)
1367 {
1368         file->f_security = NULL;
1369 }
1370 
1371 /**
1372  * smack_file_ioctl - Smack check on ioctls
1373  * @file: the object
1374  * @cmd: what to do
1375  * @arg: unused
1376  *
1377  * Relies heavily on the correct use of the ioctl command conventions.
1378  *
1379  * Returns 0 if allowed, error code otherwise
1380  */
1381 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1382                             unsigned long arg)
1383 {
1384         int rc = 0;
1385         struct smk_audit_info ad;
1386 
1387         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1388         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1389 
1390         if (_IOC_DIR(cmd) & _IOC_WRITE) {
1391                 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1392                 rc = smk_bu_file(file, MAY_WRITE, rc);
1393         }
1394 
1395         if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1396                 rc = smk_curacc(file->f_security, MAY_READ, &ad);
1397                 rc = smk_bu_file(file, MAY_READ, rc);
1398         }
1399 
1400         return rc;
1401 }
1402 
1403 /**
1404  * smack_file_lock - Smack check on file locking
1405  * @file: the object
1406  * @cmd: unused
1407  *
1408  * Returns 0 if current has lock access, error code otherwise
1409  */
1410 static int smack_file_lock(struct file *file, unsigned int cmd)
1411 {
1412         struct smk_audit_info ad;
1413         int rc;
1414 
1415         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1416         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1417         rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1418         rc = smk_bu_file(file, MAY_LOCK, rc);
1419         return rc;
1420 }
1421 
1422 /**
1423  * smack_file_fcntl - Smack check on fcntl
1424  * @file: the object
1425  * @cmd: what action to check
1426  * @arg: unused
1427  *
1428  * Generally these operations are harmless.
1429  * File locking operations present an obvious mechanism
1430  * for passing information, so they require write access.
1431  *
1432  * Returns 0 if current has access, error code otherwise
1433  */
1434 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1435                             unsigned long arg)
1436 {
1437         struct smk_audit_info ad;
1438         int rc = 0;
1439 
1440 
1441         switch (cmd) {
1442         case F_GETLK:
1443                 break;
1444         case F_SETLK:
1445         case F_SETLKW:
1446                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1447                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1448                 rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1449                 rc = smk_bu_file(file, MAY_LOCK, rc);
1450                 break;
1451         case F_SETOWN:
1452         case F_SETSIG:
1453                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1454                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1455                 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1456                 rc = smk_bu_file(file, MAY_WRITE, rc);
1457                 break;
1458         default:
1459                 break;
1460         }
1461 
1462         return rc;
1463 }
1464 
1465 /**
1466  * smack_mmap_file :
1467  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1468  * if mapping anonymous memory.
1469  * @file contains the file structure for file to map (may be NULL).
1470  * @reqprot contains the protection requested by the application.
1471  * @prot contains the protection that will be applied by the kernel.
1472  * @flags contains the operational flags.
1473  * Return 0 if permission is granted.
1474  */
1475 static int smack_mmap_file(struct file *file,
1476                            unsigned long reqprot, unsigned long prot,
1477                            unsigned long flags)
1478 {
1479         struct smack_known *skp;
1480         struct smack_known *mkp;
1481         struct smack_rule *srp;
1482         struct task_smack *tsp;
1483         struct smack_known *okp;
1484         struct inode_smack *isp;
1485         int may;
1486         int mmay;
1487         int tmay;
1488         int rc;
1489 
1490         if (file == NULL)
1491                 return 0;
1492 
1493         isp = file_inode(file)->i_security;
1494         if (isp->smk_mmap == NULL)
1495                 return 0;
1496         mkp = isp->smk_mmap;
1497 
1498         tsp = current_security();
1499         skp = smk_of_current();
1500         rc = 0;
1501 
1502         rcu_read_lock();
1503         /*
1504          * For each Smack rule associated with the subject
1505          * label verify that the SMACK64MMAP also has access
1506          * to that rule's object label.
1507          */
1508         list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1509                 okp = srp->smk_object;
1510                 /*
1511                  * Matching labels always allows access.
1512                  */
1513                 if (mkp->smk_known == okp->smk_known)
1514                         continue;
1515                 /*
1516                  * If there is a matching local rule take
1517                  * that into account as well.
1518                  */
1519                 may = smk_access_entry(srp->smk_subject->smk_known,
1520                                        okp->smk_known,
1521                                        &tsp->smk_rules);
1522                 if (may == -ENOENT)
1523                         may = srp->smk_access;
1524                 else
1525                         may &= srp->smk_access;
1526                 /*
1527                  * If may is zero the SMACK64MMAP subject can't
1528                  * possibly have less access.
1529                  */
1530                 if (may == 0)
1531                         continue;
1532 
1533                 /*
1534                  * Fetch the global list entry.
1535                  * If there isn't one a SMACK64MMAP subject
1536                  * can't have as much access as current.
1537                  */
1538                 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1539                                         &mkp->smk_rules);
1540                 if (mmay == -ENOENT) {
1541                         rc = -EACCES;
1542                         break;
1543                 }
1544                 /*
1545                  * If there is a local entry it modifies the
1546                  * potential access, too.
1547                  */
1548                 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1549                                         &tsp->smk_rules);
1550                 if (tmay != -ENOENT)
1551                         mmay &= tmay;
1552 
1553                 /*
1554                  * If there is any access available to current that is
1555                  * not available to a SMACK64MMAP subject
1556                  * deny access.
1557                  */
1558                 if ((may | mmay) != mmay) {
1559                         rc = -EACCES;
1560                         break;
1561                 }
1562         }
1563 
1564         rcu_read_unlock();
1565 
1566         return rc;
1567 }
1568 
1569 /**
1570  * smack_file_set_fowner - set the file security blob value
1571  * @file: object in question
1572  *
1573  * Returns 0
1574  * Further research may be required on this one.
1575  */
1576 static void smack_file_set_fowner(struct file *file)
1577 {
1578         struct smack_known *skp = smk_of_current();
1579 
1580         file->f_security = skp;
1581 }
1582 
1583 /**
1584  * smack_file_send_sigiotask - Smack on sigio
1585  * @tsk: The target task
1586  * @fown: the object the signal come from
1587  * @signum: unused
1588  *
1589  * Allow a privileged task to get signals even if it shouldn't
1590  *
1591  * Returns 0 if a subject with the object's smack could
1592  * write to the task, an error code otherwise.
1593  */
1594 static int smack_file_send_sigiotask(struct task_struct *tsk,
1595                                      struct fown_struct *fown, int signum)
1596 {
1597         struct smack_known *skp;
1598         struct smack_known *tkp = smk_of_task(tsk->cred->security);
1599         struct file *file;
1600         int rc;
1601         struct smk_audit_info ad;
1602 
1603         /*
1604          * struct fown_struct is never outside the context of a struct file
1605          */
1606         file = container_of(fown, struct file, f_owner);
1607 
1608         /* we don't log here as rc can be overriden */
1609         skp = file->f_security;
1610         rc = smk_access(skp, tkp, MAY_WRITE, NULL);
1611         rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc);
1612         if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1613                 rc = 0;
1614 
1615         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1616         smk_ad_setfield_u_tsk(&ad, tsk);
1617         smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad);
1618         return rc;
1619 }
1620 
1621 /**
1622  * smack_file_receive - Smack file receive check
1623  * @file: the object
1624  *
1625  * Returns 0 if current has access, error code otherwise
1626  */
1627 static int smack_file_receive(struct file *file)
1628 {
1629         int rc;
1630         int may = 0;
1631         struct smk_audit_info ad;
1632 
1633         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1634         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1635         /*
1636          * This code relies on bitmasks.
1637          */
1638         if (file->f_mode & FMODE_READ)
1639                 may = MAY_READ;
1640         if (file->f_mode & FMODE_WRITE)
1641                 may |= MAY_WRITE;
1642 
1643         rc = smk_curacc(file->f_security, may, &ad);
1644         rc = smk_bu_file(file, may, rc);
1645         return rc;
1646 }
1647 
1648 /**
1649  * smack_file_open - Smack dentry open processing
1650  * @file: the object
1651  * @cred: task credential
1652  *
1653  * Set the security blob in the file structure.
1654  * Allow the open only if the task has read access. There are
1655  * many read operations (e.g. fstat) that you can do with an
1656  * fd even if you have the file open write-only.
1657  *
1658  * Returns 0
1659  */
1660 static int smack_file_open(struct file *file, const struct cred *cred)
1661 {
1662         struct task_smack *tsp = cred->security;
1663         struct inode_smack *isp = file_inode(file)->i_security;
1664         struct smk_audit_info ad;
1665         int rc;
1666 
1667         if (smack_privileged(CAP_MAC_OVERRIDE)) {
1668                 file->f_security = isp->smk_inode;
1669                 return 0;
1670         }
1671 
1672         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1673         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1674         rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad);
1675         rc = smk_bu_credfile(cred, file, MAY_READ, rc);
1676         if (rc == 0)
1677                 file->f_security = isp->smk_inode;
1678 
1679         return rc;
1680 }
1681 
1682 /*
1683  * Task hooks
1684  */
1685 
1686 /**
1687  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1688  * @new: the new credentials
1689  * @gfp: the atomicity of any memory allocations
1690  *
1691  * Prepare a blank set of credentials for modification.  This must allocate all
1692  * the memory the LSM module might require such that cred_transfer() can
1693  * complete without error.
1694  */
1695 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1696 {
1697         struct task_smack *tsp;
1698 
1699         tsp = new_task_smack(NULL, NULL, gfp);
1700         if (tsp == NULL)
1701                 return -ENOMEM;
1702 
1703         cred->security = tsp;
1704 
1705         return 0;
1706 }
1707 
1708 
1709 /**
1710  * smack_cred_free - "free" task-level security credentials
1711  * @cred: the credentials in question
1712  *
1713  */
1714 static void smack_cred_free(struct cred *cred)
1715 {
1716         struct task_smack *tsp = cred->security;
1717         struct smack_rule *rp;
1718         struct list_head *l;
1719         struct list_head *n;
1720 
1721         if (tsp == NULL)
1722                 return;
1723         cred->security = NULL;
1724 
1725         list_for_each_safe(l, n, &tsp->smk_rules) {
1726                 rp = list_entry(l, struct smack_rule, list);
1727                 list_del(&rp->list);
1728                 kfree(rp);
1729         }
1730         kfree(tsp);
1731 }
1732 
1733 /**
1734  * smack_cred_prepare - prepare new set of credentials for modification
1735  * @new: the new credentials
1736  * @old: the original credentials
1737  * @gfp: the atomicity of any memory allocations
1738  *
1739  * Prepare a new set of credentials for modification.
1740  */
1741 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1742                               gfp_t gfp)
1743 {
1744         struct task_smack *old_tsp = old->security;
1745         struct task_smack *new_tsp;
1746         int rc;
1747 
1748         new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1749         if (new_tsp == NULL)
1750                 return -ENOMEM;
1751 
1752         rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1753         if (rc != 0)
1754                 return rc;
1755 
1756         new->security = new_tsp;
1757         return 0;
1758 }
1759 
1760 /**
1761  * smack_cred_transfer - Transfer the old credentials to the new credentials
1762  * @new: the new credentials
1763  * @old: the original credentials
1764  *
1765  * Fill in a set of blank credentials from another set of credentials.
1766  */
1767 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1768 {
1769         struct task_smack *old_tsp = old->security;
1770         struct task_smack *new_tsp = new->security;
1771 
1772         new_tsp->smk_task = old_tsp->smk_task;
1773         new_tsp->smk_forked = old_tsp->smk_task;
1774         mutex_init(&new_tsp->smk_rules_lock);
1775         INIT_LIST_HEAD(&new_tsp->smk_rules);
1776 
1777 
1778         /* cbs copy rule list */
1779 }
1780 
1781 /**
1782  * smack_kernel_act_as - Set the subjective context in a set of credentials
1783  * @new: points to the set of credentials to be modified.
1784  * @secid: specifies the security ID to be set
1785  *
1786  * Set the security data for a kernel service.
1787  */
1788 static int smack_kernel_act_as(struct cred *new, u32 secid)
1789 {
1790         struct task_smack *new_tsp = new->security;
1791         struct smack_known *skp = smack_from_secid(secid);
1792 
1793         if (skp == NULL)
1794                 return -EINVAL;
1795 
1796         new_tsp->smk_task = skp;
1797         return 0;
1798 }
1799 
1800 /**
1801  * smack_kernel_create_files_as - Set the file creation label in a set of creds
1802  * @new: points to the set of credentials to be modified
1803  * @inode: points to the inode to use as a reference
1804  *
1805  * Set the file creation context in a set of credentials to the same
1806  * as the objective context of the specified inode
1807  */
1808 static int smack_kernel_create_files_as(struct cred *new,
1809                                         struct inode *inode)
1810 {
1811         struct inode_smack *isp = inode->i_security;
1812         struct task_smack *tsp = new->security;
1813 
1814         tsp->smk_forked = isp->smk_inode;
1815         tsp->smk_task = tsp->smk_forked;
1816         return 0;
1817 }
1818 
1819 /**
1820  * smk_curacc_on_task - helper to log task related access
1821  * @p: the task object
1822  * @access: the access requested
1823  * @caller: name of the calling function for audit
1824  *
1825  * Return 0 if access is permitted
1826  */
1827 static int smk_curacc_on_task(struct task_struct *p, int access,
1828                                 const char *caller)
1829 {
1830         struct smk_audit_info ad;
1831         struct smack_known *skp = smk_of_task_struct(p);
1832         int rc;
1833 
1834         smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1835         smk_ad_setfield_u_tsk(&ad, p);
1836         rc = smk_curacc(skp, access, &ad);
1837         rc = smk_bu_task(p, access, rc);
1838         return rc;
1839 }
1840 
1841 /**
1842  * smack_task_setpgid - Smack check on setting pgid
1843  * @p: the task object
1844  * @pgid: unused
1845  *
1846  * Return 0 if write access is permitted
1847  */
1848 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1849 {
1850         return smk_curacc_on_task(p, MAY_WRITE, __func__);
1851 }
1852 
1853 /**
1854  * smack_task_getpgid - Smack access check for getpgid
1855  * @p: the object task
1856  *
1857  * Returns 0 if current can read the object task, error code otherwise
1858  */
1859 static int smack_task_getpgid(struct task_struct *p)
1860 {
1861         return smk_curacc_on_task(p, MAY_READ, __func__);
1862 }
1863 
1864 /**
1865  * smack_task_getsid - Smack access check for getsid
1866  * @p: the object task
1867  *
1868  * Returns 0 if current can read the object task, error code otherwise
1869  */
1870 static int smack_task_getsid(struct task_struct *p)
1871 {
1872         return smk_curacc_on_task(p, MAY_READ, __func__);
1873 }
1874 
1875 /**
1876  * smack_task_getsecid - get the secid of the task
1877  * @p: the object task
1878  * @secid: where to put the result
1879  *
1880  * Sets the secid to contain a u32 version of the smack label.
1881  */
1882 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1883 {
1884         struct smack_known *skp = smk_of_task_struct(p);
1885 
1886         *secid = skp->smk_secid;
1887 }
1888 
1889 /**
1890  * smack_task_setnice - Smack check on setting nice
1891  * @p: the task object
1892  * @nice: unused
1893  *
1894  * Return 0 if write access is permitted
1895  */
1896 static int smack_task_setnice(struct task_struct *p, int nice)
1897 {
1898         int rc;
1899 
1900         rc = cap_task_setnice(p, nice);
1901         if (rc == 0)
1902                 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1903         return rc;
1904 }
1905 
1906 /**
1907  * smack_task_setioprio - Smack check on setting ioprio
1908  * @p: the task object
1909  * @ioprio: unused
1910  *
1911  * Return 0 if write access is permitted
1912  */
1913 static int smack_task_setioprio(struct task_struct *p, int ioprio)
1914 {
1915         int rc;
1916 
1917         rc = cap_task_setioprio(p, ioprio);
1918         if (rc == 0)
1919                 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1920         return rc;
1921 }
1922 
1923 /**
1924  * smack_task_getioprio - Smack check on reading ioprio
1925  * @p: the task object
1926  *
1927  * Return 0 if read access is permitted
1928  */
1929 static int smack_task_getioprio(struct task_struct *p)
1930 {
1931         return smk_curacc_on_task(p, MAY_READ, __func__);
1932 }
1933 
1934 /**
1935  * smack_task_setscheduler - Smack check on setting scheduler
1936  * @p: the task object
1937  * @policy: unused
1938  * @lp: unused
1939  *
1940  * Return 0 if read access is permitted
1941  */
1942 static int smack_task_setscheduler(struct task_struct *p)
1943 {
1944         int rc;
1945 
1946         rc = cap_task_setscheduler(p);
1947         if (rc == 0)
1948                 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1949         return rc;
1950 }
1951 
1952 /**
1953  * smack_task_getscheduler - Smack check on reading scheduler
1954  * @p: the task object
1955  *
1956  * Return 0 if read access is permitted
1957  */
1958 static int smack_task_getscheduler(struct task_struct *p)
1959 {
1960         return smk_curacc_on_task(p, MAY_READ, __func__);
1961 }
1962 
1963 /**
1964  * smack_task_movememory - Smack check on moving memory
1965  * @p: the task object
1966  *
1967  * Return 0 if write access is permitted
1968  */
1969 static int smack_task_movememory(struct task_struct *p)
1970 {
1971         return smk_curacc_on_task(p, MAY_WRITE, __func__);
1972 }
1973 
1974 /**
1975  * smack_task_kill - Smack check on signal delivery
1976  * @p: the task object
1977  * @info: unused
1978  * @sig: unused
1979  * @secid: identifies the smack to use in lieu of current's
1980  *
1981  * Return 0 if write access is permitted
1982  *
1983  * The secid behavior is an artifact of an SELinux hack
1984  * in the USB code. Someday it may go away.
1985  */
1986 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1987                            int sig, u32 secid)
1988 {
1989         struct smk_audit_info ad;
1990         struct smack_known *skp;
1991         struct smack_known *tkp = smk_of_task_struct(p);
1992         int rc;
1993 
1994         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1995         smk_ad_setfield_u_tsk(&ad, p);
1996         /*
1997          * Sending a signal requires that the sender
1998          * can write the receiver.
1999          */
2000         if (secid == 0) {
2001                 rc = smk_curacc(tkp, MAY_WRITE, &ad);
2002                 rc = smk_bu_task(p, MAY_WRITE, rc);
2003                 return rc;
2004         }
2005         /*
2006          * If the secid isn't 0 we're dealing with some USB IO
2007          * specific behavior. This is not clean. For one thing
2008          * we can't take privilege into account.
2009          */
2010         skp = smack_from_secid(secid);
2011         rc = smk_access(skp, tkp, MAY_WRITE, &ad);
2012         rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc);
2013         return rc;
2014 }
2015 
2016 /**
2017  * smack_task_wait - Smack access check for waiting
2018  * @p: task to wait for
2019  *
2020  * Returns 0
2021  */
2022 static int smack_task_wait(struct task_struct *p)
2023 {
2024         /*
2025          * Allow the operation to succeed.
2026          * Zombies are bad.
2027          * In userless environments (e.g. phones) programs
2028          * get marked with SMACK64EXEC and even if the parent
2029          * and child shouldn't be talking the parent still
2030          * may expect to know when the child exits.
2031          */
2032         return 0;
2033 }
2034 
2035 /**
2036  * smack_task_to_inode - copy task smack into the inode blob
2037  * @p: task to copy from
2038  * @inode: inode to copy to
2039  *
2040  * Sets the smack pointer in the inode security blob
2041  */
2042 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2043 {
2044         struct inode_smack *isp = inode->i_security;
2045         struct smack_known *skp = smk_of_task_struct(p);
2046 
2047         isp->smk_inode = skp;
2048 }
2049 
2050 /*
2051  * Socket hooks.
2052  */
2053 
2054 /**
2055  * smack_sk_alloc_security - Allocate a socket blob
2056  * @sk: the socket
2057  * @family: unused
2058  * @gfp_flags: memory allocation flags
2059  *
2060  * Assign Smack pointers to current
2061  *
2062  * Returns 0 on success, -ENOMEM is there's no memory
2063  */
2064 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2065 {
2066         struct smack_known *skp = smk_of_current();
2067         struct socket_smack *ssp;
2068 
2069         ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2070         if (ssp == NULL)
2071                 return -ENOMEM;
2072 
2073         ssp->smk_in = skp;
2074         ssp->smk_out = skp;
2075         ssp->smk_packet = NULL;
2076 
2077         sk->sk_security = ssp;
2078 
2079         return 0;
2080 }
2081 
2082 /**
2083  * smack_sk_free_security - Free a socket blob
2084  * @sk: the socket
2085  *
2086  * Clears the blob pointer
2087  */
2088 static void smack_sk_free_security(struct sock *sk)
2089 {
2090         kfree(sk->sk_security);
2091 }
2092 
2093 /**
2094 * smack_host_label - check host based restrictions
2095 * @sip: the object end
2096 *
2097 * looks for host based access restrictions
2098 *
2099 * This version will only be appropriate for really small sets of single label
2100 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2101 * taken before calling this function.
2102 *
2103 * Returns the label of the far end or NULL if it's not special.
2104 */
2105 static struct smack_known *smack_host_label(struct sockaddr_in *sip)
2106 {
2107         struct smk_netlbladdr *snp;
2108         struct in_addr *siap = &sip->sin_addr;
2109 
2110         if (siap->s_addr == 0)
2111                 return NULL;
2112 
2113         list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
2114                 /*
2115                 * we break after finding the first match because
2116                 * the list is sorted from longest to shortest mask
2117                 * so we have found the most specific match
2118                 */
2119                 if ((&snp->smk_host.sin_addr)->s_addr ==
2120                     (siap->s_addr & (&snp->smk_mask)->s_addr)) {
2121                         /* we have found the special CIPSO option */
2122                         if (snp->smk_label == &smack_cipso_option)
2123                                 return NULL;
2124                         return snp->smk_label;
2125                 }
2126 
2127         return NULL;
2128 }
2129 
2130 /**
2131  * smack_netlabel - Set the secattr on a socket
2132  * @sk: the socket
2133  * @labeled: socket label scheme
2134  *
2135  * Convert the outbound smack value (smk_out) to a
2136  * secattr and attach it to the socket.
2137  *
2138  * Returns 0 on success or an error code
2139  */
2140 static int smack_netlabel(struct sock *sk, int labeled)
2141 {
2142         struct smack_known *skp;
2143         struct socket_smack *ssp = sk->sk_security;
2144         int rc = 0;
2145 
2146         /*
2147          * Usually the netlabel code will handle changing the
2148          * packet labeling based on the label.
2149          * The case of a single label host is different, because
2150          * a single label host should never get a labeled packet
2151          * even though the label is usually associated with a packet
2152          * label.
2153          */
2154         local_bh_disable();
2155         bh_lock_sock_nested(sk);
2156 
2157         if (ssp->smk_out == smack_net_ambient ||
2158             labeled == SMACK_UNLABELED_SOCKET)
2159                 netlbl_sock_delattr(sk);
2160         else {
2161                 skp = ssp->smk_out;
2162                 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2163         }
2164 
2165         bh_unlock_sock(sk);
2166         local_bh_enable();
2167 
2168         return rc;
2169 }
2170 
2171 /**
2172  * smack_netlbel_send - Set the secattr on a socket and perform access checks
2173  * @sk: the socket
2174  * @sap: the destination address
2175  *
2176  * Set the correct secattr for the given socket based on the destination
2177  * address and perform any outbound access checks needed.
2178  *
2179  * Returns 0 on success or an error code.
2180  *
2181  */
2182 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2183 {
2184         struct smack_known *skp;
2185         int rc;
2186         int sk_lbl;
2187         struct smack_known *hkp;
2188         struct socket_smack *ssp = sk->sk_security;
2189         struct smk_audit_info ad;
2190 
2191         rcu_read_lock();
2192         hkp = smack_host_label(sap);
2193         if (hkp != NULL) {
2194 #ifdef CONFIG_AUDIT
2195                 struct lsm_network_audit net;
2196 
2197                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2198                 ad.a.u.net->family = sap->sin_family;
2199                 ad.a.u.net->dport = sap->sin_port;
2200                 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2201 #endif
2202                 sk_lbl = SMACK_UNLABELED_SOCKET;
2203                 skp = ssp->smk_out;
2204                 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2205                 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2206         } else {
2207                 sk_lbl = SMACK_CIPSO_SOCKET;
2208                 rc = 0;
2209         }
2210         rcu_read_unlock();
2211         if (rc != 0)
2212                 return rc;
2213 
2214         return smack_netlabel(sk, sk_lbl);
2215 }
2216 
2217 /**
2218  * smk_ipv6_port_label - Smack port access table management
2219  * @sock: socket
2220  * @address: address
2221  *
2222  * Create or update the port list entry
2223  */
2224 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2225 {
2226         struct sock *sk = sock->sk;
2227         struct sockaddr_in6 *addr6;
2228         struct socket_smack *ssp = sock->sk->sk_security;
2229         struct smk_port_label *spp;
2230         unsigned short port = 0;
2231 
2232         if (address == NULL) {
2233                 /*
2234                  * This operation is changing the Smack information
2235                  * on the bound socket. Take the changes to the port
2236                  * as well.
2237                  */
2238                 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2239                         if (sk != spp->smk_sock)
2240                                 continue;
2241                         spp->smk_in = ssp->smk_in;
2242                         spp->smk_out = ssp->smk_out;
2243                         return;
2244                 }
2245                 /*
2246                  * A NULL address is only used for updating existing
2247                  * bound entries. If there isn't one, it's OK.
2248                  */
2249                 return;
2250         }
2251 
2252         addr6 = (struct sockaddr_in6 *)address;
2253         port = ntohs(addr6->sin6_port);
2254         /*
2255          * This is a special case that is safely ignored.
2256          */
2257         if (port == 0)
2258                 return;
2259 
2260         /*
2261          * Look for an existing port list entry.
2262          * This is an indication that a port is getting reused.
2263          */
2264         list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2265                 if (spp->smk_port != port)
2266                         continue;
2267                 spp->smk_port = port;
2268                 spp->smk_sock = sk;
2269                 spp->smk_in = ssp->smk_in;
2270                 spp->smk_out = ssp->smk_out;
2271                 return;
2272         }
2273 
2274         /*
2275          * A new port entry is required.
2276          */
2277         spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2278         if (spp == NULL)
2279                 return;
2280 
2281         spp->smk_port = port;
2282         spp->smk_sock = sk;
2283         spp->smk_in = ssp->smk_in;
2284         spp->smk_out = ssp->smk_out;
2285 
2286         list_add(&spp->list, &smk_ipv6_port_list);
2287         return;
2288 }
2289 
2290 /**
2291  * smk_ipv6_port_check - check Smack port access
2292  * @sock: socket
2293  * @address: address
2294  *
2295  * Create or update the port list entry
2296  */
2297 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2298                                 int act)
2299 {
2300         __be16 *bep;
2301         __be32 *be32p;
2302         struct smk_port_label *spp;
2303         struct socket_smack *ssp = sk->sk_security;
2304         struct smack_known *skp;
2305         unsigned short port = 0;
2306         struct smack_known *object;
2307         struct smk_audit_info ad;
2308         int rc;
2309 #ifdef CONFIG_AUDIT
2310         struct lsm_network_audit net;
2311 #endif
2312 
2313         if (act == SMK_RECEIVING) {
2314                 skp = smack_net_ambient;
2315                 object = ssp->smk_in;
2316         } else {
2317                 skp = ssp->smk_out;
2318                 object = smack_net_ambient;
2319         }
2320 
2321         /*
2322          * Get the IP address and port from the address.
2323          */
2324         port = ntohs(address->sin6_port);
2325         bep = (__be16 *)(&address->sin6_addr);
2326         be32p = (__be32 *)(&address->sin6_addr);
2327 
2328         /*
2329          * It's remote, so port lookup does no good.
2330          */
2331         if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1)
2332                 goto auditout;
2333 
2334         /*
2335          * It's local so the send check has to have passed.
2336          */
2337         if (act == SMK_RECEIVING) {
2338                 skp = &smack_known_web;
2339                 goto auditout;
2340         }
2341 
2342         list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2343                 if (spp->smk_port != port)
2344                         continue;
2345                 object = spp->smk_in;
2346                 if (act == SMK_CONNECTING)
2347                         ssp->smk_packet = spp->smk_out;
2348                 break;
2349         }
2350 
2351 auditout:
2352 
2353 #ifdef CONFIG_AUDIT
2354         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2355         ad.a.u.net->family = sk->sk_family;
2356         ad.a.u.net->dport = port;
2357         if (act == SMK_RECEIVING)
2358                 ad.a.u.net->v6info.saddr = address->sin6_addr;
2359         else
2360                 ad.a.u.net->v6info.daddr = address->sin6_addr;
2361 #endif
2362         rc = smk_access(skp, object, MAY_WRITE, &ad);
2363         rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
2364         return rc;
2365 }
2366 
2367 /**
2368  * smack_inode_setsecurity - set smack xattrs
2369  * @inode: the object
2370  * @name: attribute name
2371  * @value: attribute value
2372  * @size: size of the attribute
2373  * @flags: unused
2374  *
2375  * Sets the named attribute in the appropriate blob
2376  *
2377  * Returns 0 on success, or an error code
2378  */
2379 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2380                                    const void *value, size_t size, int flags)
2381 {
2382         struct smack_known *skp;
2383         struct inode_smack *nsp = inode->i_security;
2384         struct socket_smack *ssp;
2385         struct socket *sock;
2386         int rc = 0;
2387 
2388         if (value == NULL || size > SMK_LONGLABEL || size == 0)
2389                 return -EINVAL;
2390 
2391         skp = smk_import_entry(value, size);
2392         if (skp == NULL)
2393                 return -EINVAL;
2394 
2395         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2396                 nsp->smk_inode = skp;
2397                 nsp->smk_flags |= SMK_INODE_INSTANT;
2398                 return 0;
2399         }
2400         /*
2401          * The rest of the Smack xattrs are only on sockets.
2402          */
2403         if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2404                 return -EOPNOTSUPP;
2405 
2406         sock = SOCKET_I(inode);
2407         if (sock == NULL || sock->sk == NULL)
2408                 return -EOPNOTSUPP;
2409 
2410         ssp = sock->sk->sk_security;
2411 
2412         if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2413                 ssp->smk_in = skp;
2414         else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2415                 ssp->smk_out = skp;
2416                 if (sock->sk->sk_family == PF_INET) {
2417                         rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2418                         if (rc != 0)
2419                                 printk(KERN_WARNING
2420                                         "Smack: \"%s\" netlbl error %d.\n",
2421                                         __func__, -rc);
2422                 }
2423         } else
2424                 return -EOPNOTSUPP;
2425 
2426         if (sock->sk->sk_family == PF_INET6)
2427                 smk_ipv6_port_label(sock, NULL);
2428 
2429         return 0;
2430 }
2431 
2432 /**
2433  * smack_socket_post_create - finish socket setup
2434  * @sock: the socket
2435  * @family: protocol family
2436  * @type: unused
2437  * @protocol: unused
2438  * @kern: unused
2439  *
2440  * Sets the netlabel information on the socket
2441  *
2442  * Returns 0 on success, and error code otherwise
2443  */
2444 static int smack_socket_post_create(struct socket *sock, int family,
2445                                     int type, int protocol, int kern)
2446 {
2447         if (family != PF_INET || sock->sk == NULL)
2448                 return 0;
2449         /*
2450          * Set the outbound netlbl.
2451          */
2452         return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2453 }
2454 
2455 /**
2456  * smack_socket_bind - record port binding information.
2457  * @sock: the socket
2458  * @address: the port address
2459  * @addrlen: size of the address
2460  *
2461  * Records the label bound to a port.
2462  *
2463  * Returns 0
2464  */
2465 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2466                                 int addrlen)
2467 {
2468         if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2469                 smk_ipv6_port_label(sock, address);
2470 
2471         return 0;
2472 }
2473 
2474 /**
2475  * smack_socket_connect - connect access check
2476  * @sock: the socket
2477  * @sap: the other end
2478  * @addrlen: size of sap
2479  *
2480  * Verifies that a connection may be possible
2481  *
2482  * Returns 0 on success, and error code otherwise
2483  */
2484 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2485                                 int addrlen)
2486 {
2487         int rc = 0;
2488 
2489         if (sock->sk == NULL)
2490                 return 0;
2491 
2492         switch (sock->sk->sk_family) {
2493         case PF_INET:
2494                 if (addrlen < sizeof(struct sockaddr_in))
2495                         return -EINVAL;
2496                 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2497                 break;
2498         case PF_INET6:
2499                 if (addrlen < sizeof(struct sockaddr_in6))
2500                         return -EINVAL;
2501                 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
2502                                                 SMK_CONNECTING);
2503                 break;
2504         }
2505         return rc;
2506 }
2507 
2508 /**
2509  * smack_flags_to_may - convert S_ to MAY_ values
2510  * @flags: the S_ value
2511  *
2512  * Returns the equivalent MAY_ value
2513  */
2514 static int smack_flags_to_may(int flags)
2515 {
2516         int may = 0;
2517 
2518         if (flags & S_IRUGO)
2519                 may |= MAY_READ;
2520         if (flags & S_IWUGO)
2521                 may |= MAY_WRITE;
2522         if (flags & S_IXUGO)
2523                 may |= MAY_EXEC;
2524 
2525         return may;
2526 }
2527 
2528 /**
2529  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2530  * @msg: the object
2531  *
2532  * Returns 0
2533  */
2534 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2535 {
2536         struct smack_known *skp = smk_of_current();
2537 
2538         msg->security = skp;
2539         return 0;
2540 }
2541 
2542 /**
2543  * smack_msg_msg_free_security - Clear the security blob for msg_msg
2544  * @msg: the object
2545  *
2546  * Clears the blob pointer
2547  */
2548 static void smack_msg_msg_free_security(struct msg_msg *msg)
2549 {
2550         msg->security = NULL;
2551 }
2552 
2553 /**
2554  * smack_of_shm - the smack pointer for the shm
2555  * @shp: the object
2556  *
2557  * Returns a pointer to the smack value
2558  */
2559 static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
2560 {
2561         return (struct smack_known *)shp->shm_perm.security;
2562 }
2563 
2564 /**
2565  * smack_shm_alloc_security - Set the security blob for shm
2566  * @shp: the object
2567  *
2568  * Returns 0
2569  */
2570 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2571 {
2572         struct kern_ipc_perm *isp = &shp->shm_perm;
2573         struct smack_known *skp = smk_of_current();
2574 
2575         isp->security = skp;
2576         return 0;
2577 }
2578 
2579 /**
2580  * smack_shm_free_security - Clear the security blob for shm
2581  * @shp: the object
2582  *
2583  * Clears the blob pointer
2584  */
2585 static void smack_shm_free_security(struct shmid_kernel *shp)
2586 {
2587         struct kern_ipc_perm *isp = &shp->shm_perm;
2588 
2589         isp->security = NULL;
2590 }
2591 
2592 /**
2593  * smk_curacc_shm : check if current has access on shm
2594  * @shp : the object
2595  * @access : access requested
2596  *
2597  * Returns 0 if current has the requested access, error code otherwise
2598  */
2599 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2600 {
2601         struct smack_known *ssp = smack_of_shm(shp);
2602         struct smk_audit_info ad;
2603         int rc;
2604 
2605 #ifdef CONFIG_AUDIT
2606         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2607         ad.a.u.ipc_id = shp->shm_perm.id;
2608 #endif
2609         rc = smk_curacc(ssp, access, &ad);
2610         rc = smk_bu_current("shm", ssp, access, rc);
2611         return rc;
2612 }
2613 
2614 /**
2615  * smack_shm_associate - Smack access check for shm
2616  * @shp: the object
2617  * @shmflg: access requested
2618  *
2619  * Returns 0 if current has the requested access, error code otherwise
2620  */
2621 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2622 {
2623         int may;
2624 
2625         may = smack_flags_to_may(shmflg);
2626         return smk_curacc_shm(shp, may);
2627 }
2628 
2629 /**
2630  * smack_shm_shmctl - Smack access check for shm
2631  * @shp: the object
2632  * @cmd: what it wants to do
2633  *
2634  * Returns 0 if current has the requested access, error code otherwise
2635  */
2636 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2637 {
2638         int may;
2639 
2640         switch (cmd) {
2641         case IPC_STAT:
2642         case SHM_STAT:
2643                 may = MAY_READ;
2644                 break;
2645         case IPC_SET:
2646         case SHM_LOCK:
2647         case SHM_UNLOCK:
2648         case IPC_RMID:
2649                 may = MAY_READWRITE;
2650                 break;
2651         case IPC_INFO:
2652         case SHM_INFO:
2653                 /*
2654                  * System level information.
2655                  */
2656                 return 0;
2657         default:
2658                 return -EINVAL;
2659         }
2660         return smk_curacc_shm(shp, may);
2661 }
2662 
2663 /**
2664  * smack_shm_shmat - Smack access for shmat
2665  * @shp: the object
2666  * @shmaddr: unused
2667  * @shmflg: access requested
2668  *
2669  * Returns 0 if current has the requested access, error code otherwise
2670  */
2671 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2672                            int shmflg)
2673 {
2674         int may;
2675 
2676         may = smack_flags_to_may(shmflg);
2677         return smk_curacc_shm(shp, may);
2678 }
2679 
2680 /**
2681  * smack_of_sem - the smack pointer for the sem
2682  * @sma: the object
2683  *
2684  * Returns a pointer to the smack value
2685  */
2686 static struct smack_known *smack_of_sem(struct sem_array *sma)
2687 {
2688         return (struct smack_known *)sma->sem_perm.security;
2689 }
2690 
2691 /**
2692  * smack_sem_alloc_security - Set the security blob for sem
2693  * @sma: the object
2694  *
2695  * Returns 0
2696  */
2697 static int smack_sem_alloc_security(struct sem_array *sma)
2698 {
2699         struct kern_ipc_perm *isp = &sma->sem_perm;
2700         struct smack_known *skp = smk_of_current();
2701 
2702         isp->security = skp;
2703         return 0;
2704 }
2705 
2706 /**
2707  * smack_sem_free_security - Clear the security blob for sem
2708  * @sma: the object
2709  *
2710  * Clears the blob pointer
2711  */
2712 static void smack_sem_free_security(struct sem_array *sma)
2713 {
2714         struct kern_ipc_perm *isp = &sma->sem_perm;
2715 
2716         isp->security = NULL;
2717 }
2718 
2719 /**
2720  * smk_curacc_sem : check if current has access on sem
2721  * @sma : the object
2722  * @access : access requested
2723  *
2724  * Returns 0 if current has the requested access, error code otherwise
2725  */
2726 static int smk_curacc_sem(struct sem_array *sma, int access)
2727 {
2728         struct smack_known *ssp = smack_of_sem(sma);
2729         struct smk_audit_info ad;
2730         int rc;
2731 
2732 #ifdef CONFIG_AUDIT
2733         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2734         ad.a.u.ipc_id = sma->sem_perm.id;
2735 #endif
2736         rc = smk_curacc(ssp, access, &ad);
2737         rc = smk_bu_current("sem", ssp, access, rc);
2738         return rc;
2739 }
2740 
2741 /**
2742  * smack_sem_associate - Smack access check for sem
2743  * @sma: the object
2744  * @semflg: access requested
2745  *
2746  * Returns 0 if current has the requested access, error code otherwise
2747  */
2748 static int smack_sem_associate(struct sem_array *sma, int semflg)
2749 {
2750         int may;
2751 
2752         may = smack_flags_to_may(semflg);
2753         return smk_curacc_sem(sma, may);
2754 }
2755 
2756 /**
2757  * smack_sem_shmctl - Smack access check for sem
2758  * @sma: the object
2759  * @cmd: what it wants to do
2760  *
2761  * Returns 0 if current has the requested access, error code otherwise
2762  */
2763 static int smack_sem_semctl(struct sem_array *sma, int cmd)
2764 {
2765         int may;
2766 
2767         switch (cmd) {
2768         case GETPID:
2769         case GETNCNT:
2770         case GETZCNT:
2771         case GETVAL:
2772         case GETALL:
2773         case IPC_STAT:
2774         case SEM_STAT:
2775                 may = MAY_READ;
2776                 break;
2777         case SETVAL:
2778         case SETALL:
2779         case IPC_RMID:
2780         case IPC_SET:
2781                 may = MAY_READWRITE;
2782                 break;
2783         case IPC_INFO:
2784         case SEM_INFO:
2785                 /*
2786                  * System level information
2787                  */
2788                 return 0;
2789         default:
2790                 return -EINVAL;
2791         }
2792 
2793         return smk_curacc_sem(sma, may);
2794 }
2795 
2796 /**
2797  * smack_sem_semop - Smack checks of semaphore operations
2798  * @sma: the object
2799  * @sops: unused
2800  * @nsops: unused
2801  * @alter: unused
2802  *
2803  * Treated as read and write in all cases.
2804  *
2805  * Returns 0 if access is allowed, error code otherwise
2806  */
2807 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2808                            unsigned nsops, int alter)
2809 {
2810         return smk_curacc_sem(sma, MAY_READWRITE);
2811 }
2812 
2813 /**
2814  * smack_msg_alloc_security - Set the security blob for msg
2815  * @msq: the object
2816  *
2817  * Returns 0
2818  */
2819 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2820 {
2821         struct kern_ipc_perm *kisp = &msq->q_perm;
2822         struct smack_known *skp = smk_of_current();
2823 
2824         kisp->security = skp;
2825         return 0;
2826 }
2827 
2828 /**
2829  * smack_msg_free_security - Clear the security blob for msg
2830  * @msq: the object
2831  *
2832  * Clears the blob pointer
2833  */
2834 static void smack_msg_queue_free_security(struct msg_queue *msq)
2835 {
2836         struct kern_ipc_perm *kisp = &msq->q_perm;
2837 
2838         kisp->security = NULL;
2839 }
2840 
2841 /**
2842  * smack_of_msq - the smack pointer for the msq
2843  * @msq: the object
2844  *
2845  * Returns a pointer to the smack label entry
2846  */
2847 static struct smack_known *smack_of_msq(struct msg_queue *msq)
2848 {
2849         return (struct smack_known *)msq->q_perm.security;
2850 }
2851 
2852 /**
2853  * smk_curacc_msq : helper to check if current has access on msq
2854  * @msq : the msq
2855  * @access : access requested
2856  *
2857  * return 0 if current has access, error otherwise
2858  */
2859 static int smk_curacc_msq(struct msg_queue *msq, int access)
2860 {
2861         struct smack_known *msp = smack_of_msq(msq);
2862         struct smk_audit_info ad;
2863         int rc;
2864 
2865 #ifdef CONFIG_AUDIT
2866         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2867         ad.a.u.ipc_id = msq->q_perm.id;
2868 #endif
2869         rc = smk_curacc(msp, access, &ad);
2870         rc = smk_bu_current("msq", msp, access, rc);
2871         return rc;
2872 }
2873 
2874 /**
2875  * smack_msg_queue_associate - Smack access check for msg_queue
2876  * @msq: the object
2877  * @msqflg: access requested
2878  *
2879  * Returns 0 if current has the requested access, error code otherwise
2880  */
2881 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2882 {
2883         int may;
2884 
2885         may = smack_flags_to_may(msqflg);
2886         return smk_curacc_msq(msq, may);
2887 }
2888 
2889 /**
2890  * smack_msg_queue_msgctl - Smack access check for msg_queue
2891  * @msq: the object
2892  * @cmd: what it wants to do
2893  *
2894  * Returns 0 if current has the requested access, error code otherwise
2895  */
2896 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2897 {
2898         int may;
2899 
2900         switch (cmd) {
2901         case IPC_STAT:
2902         case MSG_STAT:
2903                 may = MAY_READ;
2904                 break;
2905         case IPC_SET:
2906         case IPC_RMID:
2907                 may = MAY_READWRITE;
2908                 break;
2909         case IPC_INFO:
2910         case MSG_INFO:
2911                 /*
2912                  * System level information
2913                  */
2914                 return 0;
2915         default:
2916                 return -EINVAL;
2917         }
2918 
2919         return smk_curacc_msq(msq, may);
2920 }
2921 
2922 /**
2923  * smack_msg_queue_msgsnd - Smack access check for msg_queue
2924  * @msq: the object
2925  * @msg: unused
2926  * @msqflg: access requested
2927  *
2928  * Returns 0 if current has the requested access, error code otherwise
2929  */
2930 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2931                                   int msqflg)
2932 {
2933         int may;
2934 
2935         may = smack_flags_to_may(msqflg);
2936         return smk_curacc_msq(msq, may);
2937 }
2938 
2939 /**
2940  * smack_msg_queue_msgsnd - Smack access check for msg_queue
2941  * @msq: the object
2942  * @msg: unused
2943  * @target: unused
2944  * @type: unused
2945  * @mode: unused
2946  *
2947  * Returns 0 if current has read and write access, error code otherwise
2948  */
2949 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2950                         struct task_struct *target, long type, int mode)
2951 {
2952         return smk_curacc_msq(msq, MAY_READWRITE);
2953 }
2954 
2955 /**
2956  * smack_ipc_permission - Smack access for ipc_permission()
2957  * @ipp: the object permissions
2958  * @flag: access requested
2959  *
2960  * Returns 0 if current has read and write access, error code otherwise
2961  */
2962 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2963 {
2964         struct smack_known *iskp = ipp->security;
2965         int may = smack_flags_to_may(flag);
2966         struct smk_audit_info ad;
2967         int rc;
2968 
2969 #ifdef CONFIG_AUDIT
2970         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2971         ad.a.u.ipc_id = ipp->id;
2972 #endif
2973         rc = smk_curacc(iskp, may, &ad);
2974         rc = smk_bu_current("svipc", iskp, may, rc);
2975         return rc;
2976 }
2977 
2978 /**
2979  * smack_ipc_getsecid - Extract smack security id
2980  * @ipp: the object permissions
2981  * @secid: where result will be saved
2982  */
2983 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2984 {
2985         struct smack_known *iskp = ipp->security;
2986 
2987         *secid = iskp->smk_secid;
2988 }
2989 
2990 /**
2991  * smack_d_instantiate - Make sure the blob is correct on an inode
2992  * @opt_dentry: dentry where inode will be attached
2993  * @inode: the object
2994  *
2995  * Set the inode's security blob if it hasn't been done already.
2996  */
2997 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2998 {
2999         struct super_block *sbp;
3000         struct superblock_smack *sbsp;
3001         struct inode_smack *isp;
3002         struct smack_known *skp;
3003         struct smack_known *ckp = smk_of_current();
3004         struct smack_known *final;
3005         char trattr[TRANS_TRUE_SIZE];
3006         int transflag = 0;
3007         int rc;
3008         struct dentry *dp;
3009 
3010         if (inode == NULL)
3011                 return;
3012 
3013         isp = inode->i_security;
3014 
3015         mutex_lock(&isp->smk_lock);
3016         /*
3017          * If the inode is already instantiated
3018          * take the quick way out
3019          */
3020         if (isp->smk_flags & SMK_INODE_INSTANT)
3021                 goto unlockandout;
3022 
3023         sbp = inode->i_sb;
3024         sbsp = sbp->s_security;
3025         /*
3026          * We're going to use the superblock default label
3027          * if there's no label on the file.
3028          */
3029         final = sbsp->smk_default;
3030 
3031         /*
3032          * If this is the root inode the superblock
3033          * may be in the process of initialization.
3034          * If that is the case use the root value out
3035          * of the superblock.
3036          */
3037         if (opt_dentry->d_parent == opt_dentry) {
3038                 if (sbp->s_magic == CGROUP_SUPER_MAGIC) {
3039                         /*
3040                          * The cgroup filesystem is never mounted,
3041                          * so there's no opportunity to set the mount
3042                          * options.
3043                          */
3044                         sbsp->smk_root = &smack_known_star;
3045                         sbsp->smk_default = &smack_known_star;
3046                 }
3047                 isp->smk_inode = sbsp->smk_root;
3048                 isp->smk_flags |= SMK_INODE_INSTANT;
3049                 goto unlockandout;
3050         }
3051 
3052         /*
3053          * This is pretty hackish.
3054          * Casey says that we shouldn't have to do
3055          * file system specific code, but it does help
3056          * with keeping it simple.
3057          */
3058         switch (sbp->s_magic) {
3059         case SMACK_MAGIC:
3060         case PIPEFS_MAGIC:
3061         case SOCKFS_MAGIC:
3062         case CGROUP_SUPER_MAGIC:
3063                 /*
3064                  * Casey says that it's a little embarrassing
3065                  * that the smack file system doesn't do
3066                  * extended attributes.
3067                  *
3068                  * Casey says pipes are easy (?)
3069                  *
3070                  * Socket access is controlled by the socket
3071                  * structures associated with the task involved.
3072                  *
3073                  * Cgroupfs is special
3074                  */
3075                 final = &smack_known_star;
3076                 break;
3077         case DEVPTS_SUPER_MAGIC:
3078                 /*
3079                  * devpts seems content with the label of the task.
3080                  * Programs that change smack have to treat the
3081                  * pty with respect.
3082                  */
3083                 final = ckp;
3084                 break;
3085         case PROC_SUPER_MAGIC:
3086                 /*
3087                  * Casey says procfs appears not to care.
3088                  * The superblock default suffices.
3089                  */
3090                 break;
3091         case TMPFS_MAGIC:
3092                 /*
3093                  * Device labels should come from the filesystem,
3094                  * but watch out, because they're volitile,
3095                  * getting recreated on every reboot.
3096                  */
3097                 final = &smack_known_star;
3098                 /*
3099                  * No break.
3100                  *
3101                  * If a smack value has been set we want to use it,
3102                  * but since tmpfs isn't giving us the opportunity
3103                  * to set mount options simulate setting the
3104                  * superblock default.
3105                  */
3106         default:
3107                 /*
3108                  * This isn't an understood special case.
3109                  * Get the value from the xattr.
3110                  */
3111 
3112                 /*
3113                  * UNIX domain sockets use lower level socket data.
3114                  */
3115                 if (S_ISSOCK(inode->i_mode)) {
3116                         final = &smack_known_star;
3117                         break;
3118                 }
3119                 /*
3120                  * No xattr support means, alas, no SMACK label.
3121                  * Use the aforeapplied default.
3122                  * It would be curious if the label of the task
3123                  * does not match that assigned.
3124                  */
3125                 if (inode->i_op->getxattr == NULL)
3126                         break;
3127                 /*
3128                  * Get the dentry for xattr.
3129                  */
3130                 dp = dget(opt_dentry);
3131                 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3132                 if (skp != NULL)
3133                         final = skp;
3134 
3135                 /*
3136                  * Transmuting directory
3137                  */
3138                 if (S_ISDIR(inode->i_mode)) {
3139                         /*
3140                          * If this is a new directory and the label was
3141                          * transmuted when the inode was initialized
3142                          * set the transmute attribute on the directory
3143                          * and mark the inode.
3144                          *
3145                          * If there is a transmute attribute on the
3146                          * directory mark the inode.
3147                          */
3148                         if (isp->smk_flags & SMK_INODE_CHANGED) {
3149                                 isp->smk_flags &= ~SMK_INODE_CHANGED;
3150                                 rc = inode->i_op->setxattr(dp,
3151                                         XATTR_NAME_SMACKTRANSMUTE,
3152                                         TRANS_TRUE, TRANS_TRUE_SIZE,
3153                                         0);
3154                         } else {
3155                                 rc = inode->i_op->getxattr(dp,
3156                                         XATTR_NAME_SMACKTRANSMUTE, trattr,
3157                                         TRANS_TRUE_SIZE);
3158                                 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3159                                                        TRANS_TRUE_SIZE) != 0)
3160                                         rc = -EINVAL;
3161                         }
3162                         if (rc >= 0)
3163                                 transflag = SMK_INODE_TRANSMUTE;
3164                 }
3165                 /*
3166                  * Don't let the exec or mmap label be "*" or "@".
3167                  */
3168                 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3169                 if (skp == &smack_known_star || skp == &smack_known_web)
3170                         skp = NULL;
3171                 isp->smk_task = skp;
3172                 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3173                 if (skp == &smack_known_star || skp == &smack_known_web)
3174                         skp = NULL;
3175                 isp->smk_mmap = skp;
3176 
3177                 dput(dp);
3178                 break;
3179         }
3180 
3181         if (final == NULL)
3182                 isp->smk_inode = ckp;
3183         else
3184                 isp->smk_inode = final;
3185 
3186         isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3187 
3188 unlockandout:
3189         mutex_unlock(&isp->smk_lock);
3190         return;
3191 }
3192 
3193 /**
3194  * smack_getprocattr - Smack process attribute access
3195  * @p: the object task
3196  * @name: the name of the attribute in /proc/.../attr
3197  * @value: where to put the result
3198  *
3199  * Places a copy of the task Smack into value
3200  *
3201  * Returns the length of the smack label or an error code
3202  */
3203 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3204 {
3205         struct smack_known *skp = smk_of_task_struct(p);
3206         char *cp;
3207         int slen;
3208 
3209         if (strcmp(name, "current") != 0)
3210                 return -EINVAL;
3211 
3212         cp = kstrdup(skp->smk_known, GFP_KERNEL);
3213         if (cp == NULL)
3214                 return -ENOMEM;
3215 
3216         slen = strlen(cp);
3217         *value = cp;
3218         return slen;
3219 }
3220 
3221 /**
3222  * smack_setprocattr - Smack process attribute setting
3223  * @p: the object task
3224  * @name: the name of the attribute in /proc/.../attr
3225  * @value: the value to set
3226  * @size: the size of the value
3227  *
3228  * Sets the Smack value of the task. Only setting self
3229  * is permitted and only with privilege
3230  *
3231  * Returns the length of the smack label or an error code
3232  */
3233 static int smack_setprocattr(struct task_struct *p, char *name,
3234                              void *value, size_t size)
3235 {
3236         struct task_smack *tsp;
3237         struct cred *new;
3238         struct smack_known *skp;
3239 
3240         /*
3241          * Changing another process' Smack value is too dangerous
3242          * and supports no sane use case.
3243          */
3244         if (p != current)
3245                 return -EPERM;
3246 
3247         if (!smack_privileged(CAP_MAC_ADMIN))
3248                 return -EPERM;
3249 
3250         if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3251                 return -EINVAL;
3252 
3253         if (strcmp(name, "current") != 0)
3254                 return -EINVAL;
3255 
3256         skp = smk_import_entry(value, size);
3257         if (skp == NULL)
3258                 return -EINVAL;
3259 
3260         /*
3261          * No process is ever allowed the web ("@") label.
3262          */
3263         if (skp == &smack_known_web)
3264                 return -EPERM;
3265 
3266         new = prepare_creds();
3267         if (new == NULL)
3268                 return -ENOMEM;
3269 
3270         tsp = new->security;
3271         tsp->smk_task = skp;
3272 
3273         commit_creds(new);
3274         return size;
3275 }
3276 
3277 /**
3278  * smack_unix_stream_connect - Smack access on UDS
3279  * @sock: one sock
3280  * @other: the other sock
3281  * @newsk: unused
3282  *
3283  * Return 0 if a subject with the smack of sock could access
3284  * an object with the smack of other, otherwise an error code
3285  */
3286 static int smack_unix_stream_connect(struct sock *sock,
3287                                      struct sock *other, struct sock *newsk)
3288 {
3289         struct smack_known *skp;
3290         struct smack_known *okp;
3291         struct socket_smack *ssp = sock->sk_security;
3292         struct socket_smack *osp = other->sk_security;
3293         struct socket_smack *nsp = newsk->sk_security;
3294         struct smk_audit_info ad;
3295         int rc = 0;
3296 #ifdef CONFIG_AUDIT
3297         struct lsm_network_audit net;
3298 #endif
3299 
3300         if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3301                 skp = ssp->smk_out;
3302                 okp = osp->smk_out;
3303 #ifdef CONFIG_AUDIT
3304                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3305                 smk_ad_setfield_u_net_sk(&ad, other);
3306 #endif
3307                 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3308                 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3309                 if (rc == 0) {
3310                         rc = smk_access(okp, skp, MAY_WRITE, NULL);
3311                         rc = smk_bu_note("UDS connect", okp, skp,
3312                                                 MAY_WRITE, rc);
3313                 }
3314         }
3315 
3316         /*
3317          * Cross reference the peer labels for SO_PEERSEC.
3318          */
3319         if (rc == 0) {
3320                 nsp->smk_packet = ssp->smk_out;
3321                 ssp->smk_packet = osp->smk_out;
3322         }
3323 
3324         return rc;
3325 }
3326 
3327 /**
3328  * smack_unix_may_send - Smack access on UDS
3329  * @sock: one socket
3330  * @other: the other socket
3331  *
3332  * Return 0 if a subject with the smack of sock could access
3333  * an object with the smack of other, otherwise an error code
3334  */
3335 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3336 {
3337         struct socket_smack *ssp = sock->sk->sk_security;
3338         struct socket_smack *osp = other->sk->sk_security;
3339         struct smk_audit_info ad;
3340         int rc;
3341 
3342 #ifdef CONFIG_AUDIT
3343         struct lsm_network_audit net;
3344 
3345         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3346         smk_ad_setfield_u_net_sk(&ad, other->sk);
3347 #endif
3348 
3349         if (smack_privileged(CAP_MAC_OVERRIDE))
3350                 return 0;
3351 
3352         rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3353         rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3354         return rc;
3355 }
3356 
3357 /**
3358  * smack_socket_sendmsg - Smack check based on destination host
3359  * @sock: the socket
3360  * @msg: the message
3361  * @size: the size of the message
3362  *
3363  * Return 0 if the current subject can write to the destination host.
3364  * For IPv4 this is only a question if the destination is a single label host.
3365  * For IPv6 this is a check against the label of the port.
3366  */
3367 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3368                                 int size)
3369 {
3370         struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3371         struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3372         int rc = 0;
3373 
3374         /*
3375          * Perfectly reasonable for this to be NULL
3376          */
3377         if (sip == NULL)
3378                 return 0;
3379 
3380         switch (sip->sin_family) {
3381         case AF_INET:
3382                 rc = smack_netlabel_send(sock->sk, sip);
3383                 break;
3384         case AF_INET6:
3385                 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3386                 break;
3387         }
3388         return rc;
3389 }
3390 
3391 /**
3392  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3393  * @sap: netlabel secattr
3394  * @ssp: socket security information
3395  *
3396  * Returns a pointer to a Smack label entry found on the label list.
3397  */
3398 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3399                                                 struct socket_smack *ssp)
3400 {
3401         struct smack_known *skp;
3402         int found = 0;
3403         int acat;
3404         int kcat;
3405 
3406         if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3407                 /*
3408                  * Looks like a CIPSO packet.
3409                  * If there are flags but no level netlabel isn't
3410                  * behaving the way we expect it to.
3411                  *
3412                  * Look it up in the label table
3413                  * Without guidance regarding the smack value
3414                  * for the packet fall back on the network
3415                  * ambient value.
3416                  */
3417                 rcu_read_lock();
3418                 list_for_each_entry(skp, &smack_known_list, list) {
3419                         if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3420                                 continue;
3421                         /*
3422                          * Compare the catsets. Use the netlbl APIs.
3423                          */
3424                         if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3425                                 if ((skp->smk_netlabel.flags &
3426                                      NETLBL_SECATTR_MLS_CAT) == 0)
3427                                         found = 1;
3428                                 break;
3429                         }
3430                         for (acat = -1, kcat = -1; acat == kcat; ) {
3431                                 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3432                                                           acat + 1);
3433                                 kcat = netlbl_catmap_walk(
3434                                         skp->smk_netlabel.attr.mls.cat,
3435                                         kcat + 1);
3436                                 if (acat < 0 || kcat < 0)
3437                                         break;
3438                         }
3439                         if (acat == kcat) {
3440                                 found = 1;
3441                                 break;
3442                         }
3443                 }
3444                 rcu_read_unlock();
3445 
3446                 if (found)
3447                         return skp;
3448 
3449                 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3450                         return &smack_known_web;
3451                 return &smack_known_star;
3452         }
3453         if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
3454                 /*
3455                  * Looks like a fallback, which gives us a secid.
3456                  */
3457                 skp = smack_from_secid(sap->attr.secid);
3458                 /*
3459                  * This has got to be a bug because it is
3460                  * impossible to specify a fallback without
3461                  * specifying the label, which will ensure
3462                  * it has a secid, and the only way to get a
3463                  * secid is from a fallback.
3464                  */
3465                 BUG_ON(skp == NULL);
3466                 return skp;
3467         }
3468         /*
3469          * Without guidance regarding the smack value
3470          * for the packet fall back on the network
3471          * ambient value.
3472          */
3473         return smack_net_ambient;
3474 }
3475 
3476 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3477 {
3478         u8 nexthdr;
3479         int offset;
3480         int proto = -EINVAL;
3481         struct ipv6hdr _ipv6h;
3482         struct ipv6hdr *ip6;
3483         __be16 frag_off;
3484         struct tcphdr _tcph, *th;
3485         struct udphdr _udph, *uh;
3486         struct dccp_hdr _dccph, *dh;
3487 
3488         sip->sin6_port = 0;
3489 
3490         offset = skb_network_offset(skb);
3491         ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3492         if (ip6 == NULL)
3493                 return -EINVAL;
3494         sip->sin6_addr = ip6->saddr;
3495 
3496         nexthdr = ip6->nexthdr;
3497         offset += sizeof(_ipv6h);
3498         offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3499         if (offset < 0)
3500                 return -EINVAL;
3501 
3502         proto = nexthdr;
3503         switch (proto) {
3504         case IPPROTO_TCP:
3505                 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3506                 if (th != NULL)
3507                         sip->sin6_port = th->source;
3508                 break;
3509         case IPPROTO_UDP:
3510                 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3511                 if (uh != NULL)
3512                         sip->sin6_port = uh->source;
3513                 break;
3514         case IPPROTO_DCCP:
3515                 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3516                 if (dh != NULL)
3517                         sip->sin6_port = dh->dccph_sport;
3518                 break;
3519         }
3520         return proto;
3521 }
3522 
3523 /**
3524  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3525  * @sk: socket
3526  * @skb: packet
3527  *
3528  * Returns 0 if the packet should be delivered, an error code otherwise
3529  */
3530 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3531 {
3532         struct netlbl_lsm_secattr secattr;
3533         struct socket_smack *ssp = sk->sk_security;
3534         struct smack_known *skp;
3535         struct sockaddr_in6 sadd;
3536         int rc = 0;
3537         struct smk_audit_info ad;
3538 #ifdef CONFIG_AUDIT
3539         struct lsm_network_audit net;
3540 #endif
3541         switch (sk->sk_family) {
3542         case PF_INET:
3543                 /*
3544                  * Translate what netlabel gave us.
3545                  */
3546                 netlbl_secattr_init(&secattr);
3547 
3548                 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3549                 if (rc == 0)
3550                         skp = smack_from_secattr(&secattr, ssp);
3551                 else
3552                         skp = smack_net_ambient;
3553 
3554                 netlbl_secattr_destroy(&secattr);
3555 
3556 #ifdef CONFIG_AUDIT
3557                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3558                 ad.a.u.net->family = sk->sk_family;
3559                 ad.a.u.net->netif = skb->skb_iif;
3560                 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3561 #endif
3562                 /*
3563                  * Receiving a packet requires that the other end
3564                  * be able to write here. Read access is not required.
3565                  * This is the simplist possible security model
3566                  * for networking.
3567                  */
3568                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3569                 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3570                                         MAY_WRITE, rc);
3571                 if (rc != 0)
3572                         netlbl_skbuff_err(skb, rc, 0);
3573                 break;
3574         case PF_INET6:
3575                 rc = smk_skb_to_addr_ipv6(skb, &sadd);
3576                 if (rc == IPPROTO_UDP || rc == IPPROTO_TCP)
3577                         rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3578                 else
3579                         rc = 0;
3580                 break;
3581         }
3582         return rc;
3583 }
3584 
3585 /**
3586  * smack_socket_getpeersec_stream - pull in packet label
3587  * @sock: the socket
3588  * @optval: user's destination
3589  * @optlen: size thereof
3590  * @len: max thereof
3591  *
3592  * returns zero on success, an error code otherwise
3593  */
3594 static int smack_socket_getpeersec_stream(struct socket *sock,
3595                                           char __user *optval,
3596                                           int __user *optlen, unsigned len)
3597 {
3598         struct socket_smack *ssp;
3599         char *rcp = "";
3600         int slen = 1;
3601         int rc = 0;
3602 
3603         ssp = sock->sk->sk_security;
3604         if (ssp->smk_packet != NULL) {
3605                 rcp = ssp->smk_packet->smk_known;
3606                 slen = strlen(rcp) + 1;
3607         }
3608 
3609         if (slen > len)
3610                 rc = -ERANGE;
3611         else if (copy_to_user(optval, rcp, slen) != 0)
3612                 rc = -EFAULT;
3613 
3614         if (put_user(slen, optlen) != 0)
3615                 rc = -EFAULT;
3616 
3617         return rc;
3618 }
3619 
3620 
3621 /**
3622  * smack_socket_getpeersec_dgram - pull in packet label
3623  * @sock: the peer socket
3624  * @skb: packet data
3625  * @secid: pointer to where to put the secid of the packet
3626  *
3627  * Sets the netlabel socket state on sk from parent
3628  */
3629 static int smack_socket_getpeersec_dgram(struct socket *sock,
3630                                          struct sk_buff *skb, u32 *secid)
3631 
3632 {
3633         struct netlbl_lsm_secattr secattr;
3634         struct socket_smack *ssp = NULL;
3635         struct smack_known *skp;
3636         int family = PF_UNSPEC;
3637         u32 s = 0;      /* 0 is the invalid secid */
3638         int rc;
3639 
3640         if (skb != NULL) {
3641                 if (skb->protocol == htons(ETH_P_IP))
3642                         family = PF_INET;
3643                 else if (skb->protocol == htons(ETH_P_IPV6))
3644                         family = PF_INET6;
3645         }
3646         if (family == PF_UNSPEC && sock != NULL)
3647                 family = sock->sk->sk_family;
3648 
3649         if (family == PF_UNIX) {
3650                 ssp = sock->sk->sk_security;
3651                 s = ssp->smk_out->smk_secid;
3652         } else if (family == PF_INET || family == PF_INET6) {
3653                 /*
3654                  * Translate what netlabel gave us.
3655                  */
3656                 if (sock != NULL && sock->sk != NULL)
3657                         ssp = sock->sk->sk_security;
3658                 netlbl_secattr_init(&secattr);
3659                 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3660                 if (rc == 0) {
3661                         skp = smack_from_secattr(&secattr, ssp);
3662                         s = skp->smk_secid;
3663                 }
3664                 netlbl_secattr_destroy(&secattr);
3665         }
3666         *secid = s;
3667         if (s == 0)
3668                 return -EINVAL;
3669         return 0;
3670 }
3671 
3672 /**
3673  * smack_sock_graft - Initialize a newly created socket with an existing sock
3674  * @sk: child sock
3675  * @parent: parent socket
3676  *
3677  * Set the smk_{in,out} state of an existing sock based on the process that
3678  * is creating the new socket.
3679  */
3680 static void smack_sock_graft(struct sock *sk, struct socket *parent)
3681 {
3682         struct socket_smack *ssp;
3683         struct smack_known *skp = smk_of_current();
3684 
3685         if (sk == NULL ||
3686             (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3687                 return;
3688 
3689         ssp = sk->sk_security;
3690         ssp->smk_in = skp;
3691         ssp->smk_out = skp;
3692         /* cssp->smk_packet is already set in smack_inet_csk_clone() */
3693 }
3694 
3695 /**
3696  * smack_inet_conn_request - Smack access check on connect
3697  * @sk: socket involved
3698  * @skb: packet
3699  * @req: unused
3700  *
3701  * Returns 0 if a task with the packet label could write to
3702  * the socket, otherwise an error code
3703  */
3704 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3705                                    struct request_sock *req)
3706 {
3707         u16 family = sk->sk_family;
3708         struct smack_known *skp;
3709         struct socket_smack *ssp = sk->sk_security;
3710         struct netlbl_lsm_secattr secattr;
3711         struct sockaddr_in addr;
3712         struct iphdr *hdr;
3713         struct smack_known *hskp;
3714         int rc;
3715         struct smk_audit_info ad;
3716 #ifdef CONFIG_AUDIT
3717         struct lsm_network_audit net;
3718 #endif
3719 
3720         if (family == PF_INET6) {
3721                 /*
3722                  * Handle mapped IPv4 packets arriving
3723                  * via IPv6 sockets. Don't set up netlabel
3724                  * processing on IPv6.
3725                  */
3726                 if (skb->protocol == htons(ETH_P_IP))
3727                         family = PF_INET;
3728                 else
3729                         return 0;
3730         }
3731 
3732         netlbl_secattr_init(&secattr);
3733         rc = netlbl_skbuff_getattr(skb, family, &secattr);
3734         if (rc == 0)
3735                 skp = smack_from_secattr(&secattr, ssp);
3736         else
3737                 skp = &smack_known_huh;
3738         netlbl_secattr_destroy(&secattr);
3739 
3740 #ifdef CONFIG_AUDIT
3741         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3742         ad.a.u.net->family = family;
3743         ad.a.u.net->netif = skb->skb_iif;
3744         ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3745 #endif
3746         /*
3747          * Receiving a packet requires that the other end be able to write
3748          * here. Read access is not required.
3749          */
3750         rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3751         rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
3752         if (rc != 0)
3753                 return rc;
3754 
3755         /*
3756          * Save the peer's label in the request_sock so we can later setup
3757          * smk_packet in the child socket so that SO_PEERCRED can report it.
3758          */
3759         req->peer_secid = skp->smk_secid;
3760 
3761         /*
3762          * We need to decide if we want to label the incoming connection here
3763          * if we do we only need to label the request_sock and the stack will
3764          * propagate the wire-label to the sock when it is created.
3765          */
3766         hdr = ip_hdr(skb);
3767         addr.sin_addr.s_addr = hdr->saddr;
3768         rcu_read_lock();
3769         hskp = smack_host_label(&addr);
3770         rcu_read_unlock();
3771 
3772         if (hskp == NULL)
3773                 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
3774         else
3775                 netlbl_req_delattr(req);
3776 
3777         return rc;
3778 }
3779 
3780 /**
3781  * smack_inet_csk_clone - Copy the connection information to the new socket
3782  * @sk: the new socket
3783  * @req: the connection's request_sock
3784  *
3785  * Transfer the connection's peer label to the newly created socket.
3786  */
3787 static void smack_inet_csk_clone(struct sock *sk,
3788                                  const struct request_sock *req)
3789 {
3790         struct socket_smack *ssp = sk->sk_security;
3791         struct smack_known *skp;
3792 
3793         if (req->peer_secid != 0) {
3794                 skp = smack_from_secid(req->peer_secid);
3795                 ssp->smk_packet = skp;
3796         } else
3797                 ssp->smk_packet = NULL;
3798 }
3799 
3800 /*
3801  * Key management security hooks
3802  *
3803  * Casey has not tested key support very heavily.
3804  * The permission check is most likely too restrictive.
3805  * If you care about keys please have a look.
3806  */
3807 #ifdef CONFIG_KEYS
3808 
3809 /**
3810  * smack_key_alloc - Set the key security blob
3811  * @key: object
3812  * @cred: the credentials to use
3813  * @flags: unused
3814  *
3815  * No allocation required
3816  *
3817  * Returns 0
3818  */
3819 static int smack_key_alloc(struct key *key, const struct cred *cred,
3820                            unsigned long flags)
3821 {
3822         struct smack_known *skp = smk_of_task(cred->security);
3823 
3824         key->security = skp;
3825         return 0;
3826 }
3827 
3828 /**
3829  * smack_key_free - Clear the key security blob
3830  * @key: the object
3831  *
3832  * Clear the blob pointer
3833  */
3834 static void smack_key_free(struct key *key)
3835 {
3836         key->security = NULL;
3837 }
3838 
3839 /*
3840  * smack_key_permission - Smack access on a key
3841  * @key_ref: gets to the object
3842  * @cred: the credentials to use
3843  * @perm: unused
3844  *
3845  * Return 0 if the task has read and write to the object,
3846  * an error code otherwise
3847  */
3848 static int smack_key_permission(key_ref_t key_ref,
3849                                 const struct cred *cred, unsigned perm)
3850 {
3851         struct key *keyp;
3852         struct smk_audit_info ad;
3853         struct smack_known *tkp = smk_of_task(cred->security);
3854         int request = 0;
3855         int rc;
3856 
3857         keyp = key_ref_to_ptr(key_ref);
3858         if (keyp == NULL)
3859                 return -EINVAL;
3860         /*
3861          * If the key hasn't been initialized give it access so that
3862          * it may do so.
3863          */
3864         if (keyp->security == NULL)
3865                 return 0;
3866         /*
3867          * This should not occur
3868          */
3869         if (tkp == NULL)
3870                 return -EACCES;
3871 #ifdef CONFIG_AUDIT
3872         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3873         ad.a.u.key_struct.key = keyp->serial;
3874         ad.a.u.key_struct.key_desc = keyp->description;
3875 #endif
3876         if (perm & KEY_NEED_READ)
3877                 request = MAY_READ;
3878         if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
3879                 request = MAY_WRITE;
3880         rc = smk_access(tkp, keyp->security, request, &ad);
3881         rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
3882         return rc;
3883 }
3884 #endif /* CONFIG_KEYS */
3885 
3886 /*
3887  * Smack Audit hooks
3888  *
3889  * Audit requires a unique representation of each Smack specific
3890  * rule. This unique representation is used to distinguish the
3891  * object to be audited from remaining kernel objects and also
3892  * works as a glue between the audit hooks.
3893  *
3894  * Since repository entries are added but never deleted, we'll use
3895  * the smack_known label address related to the given audit rule as
3896  * the needed unique representation. This also better fits the smack
3897  * model where nearly everything is a label.
3898  */
3899 #ifdef CONFIG_AUDIT
3900 
3901 /**
3902  * smack_audit_rule_init - Initialize a smack audit rule
3903  * @field: audit rule fields given from user-space (audit.h)
3904  * @op: required testing operator (=, !=, >, <, ...)
3905  * @rulestr: smack label to be audited
3906  * @vrule: pointer to save our own audit rule representation
3907  *
3908  * Prepare to audit cases where (@field @op @rulestr) is true.
3909  * The label to be audited is created if necessay.
3910  */
3911 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3912 {
3913         struct smack_known *skp;
3914         char **rule = (char **)vrule;
3915         *rule = NULL;
3916 
3917         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3918                 return -EINVAL;
3919 
3920         if (op != Audit_equal && op != Audit_not_equal)
3921                 return -EINVAL;
3922 
3923         skp = smk_import_entry(rulestr, 0);
3924         if (skp)
3925                 *rule = skp->smk_known;
3926 
3927         return 0;
3928 }
3929 
3930 /**
3931  * smack_audit_rule_known - Distinguish Smack audit rules
3932  * @krule: rule of interest, in Audit kernel representation format
3933  *
3934  * This is used to filter Smack rules from remaining Audit ones.
3935  * If it's proved that this rule belongs to us, the
3936  * audit_rule_match hook will be called to do the final judgement.
3937  */
3938 static int smack_audit_rule_known(struct audit_krule *krule)
3939 {
3940         struct audit_field *f;
3941         int i;
3942 
3943         for (i = 0; i < krule->field_count; i++) {
3944                 f = &krule->fields[i];
3945 
3946                 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3947                         return 1;
3948         }
3949 
3950         return 0;
3951 }
3952 
3953 /**
3954  * smack_audit_rule_match - Audit given object ?
3955  * @secid: security id for identifying the object to test
3956  * @field: audit rule flags given from user-space
3957  * @op: required testing operator
3958  * @vrule: smack internal rule presentation
3959  * @actx: audit context associated with the check
3960  *
3961  * The core Audit hook. It's used to take the decision of
3962  * whether to audit or not to audit a given object.
3963  */
3964 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3965                                   struct audit_context *actx)
3966 {
3967         struct smack_known *skp;
3968         char *rule = vrule;
3969 
3970         if (unlikely(!rule)) {
3971                 WARN_ONCE(1, "Smack: missing rule\n");
3972                 return -ENOENT;
3973         }
3974 
3975         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3976                 return 0;
3977 
3978         skp = smack_from_secid(secid);
3979 
3980         /*
3981          * No need to do string comparisons. If a match occurs,
3982          * both pointers will point to the same smack_known
3983          * label.
3984          */
3985         if (op == Audit_equal)
3986                 return (rule == skp->smk_known);
3987         if (op == Audit_not_equal)
3988                 return (rule != skp->smk_known);
3989 
3990         return 0;
3991 }
3992 
3993 /**
3994  * smack_audit_rule_free - free smack rule representation
3995  * @vrule: rule to be freed.
3996  *
3997  * No memory was allocated.
3998  */
3999 static void smack_audit_rule_free(void *vrule)
4000 {
4001         /* No-op */
4002 }
4003 
4004 #endif /* CONFIG_AUDIT */
4005 
4006 /**
4007  * smack_ismaclabel - check if xattr @name references a smack MAC label
4008  * @name: Full xattr name to check.
4009  */
4010 static int smack_ismaclabel(const char *name)
4011 {
4012         return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4013 }
4014 
4015 
4016 /**
4017  * smack_secid_to_secctx - return the smack label for a secid
4018  * @secid: incoming integer
4019  * @secdata: destination
4020  * @seclen: how long it is
4021  *
4022  * Exists for networking code.
4023  */
4024 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4025 {
4026         struct smack_known *skp = smack_from_secid(secid);
4027 
4028         if (secdata)
4029                 *secdata = skp->smk_known;
4030         *seclen = strlen(skp->smk_known);
4031         return 0;
4032 }
4033 
4034 /**
4035  * smack_secctx_to_secid - return the secid for a smack label
4036  * @secdata: smack label
4037  * @seclen: how long result is
4038  * @secid: outgoing integer
4039  *
4040  * Exists for audit and networking code.
4041  */
4042 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4043 {
4044         struct smack_known *skp = smk_find_entry(secdata);
4045 
4046         if (skp)
4047                 *secid = skp->smk_secid;
4048         else
4049                 *secid = 0;
4050         return 0;
4051 }
4052 
4053 /**
4054  * smack_release_secctx - don't do anything.
4055  * @secdata: unused
4056  * @seclen: unused
4057  *
4058  * Exists to make sure nothing gets done, and properly
4059  */
4060 static void smack_release_secctx(char *secdata, u32 seclen)
4061 {
4062 }
4063 
4064 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4065 {
4066         return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4067 }
4068 
4069 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4070 {
4071         return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4072 }
4073 
4074 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4075 {
4076         int len = 0;
4077         len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4078 
4079         if (len < 0)
4080                 return len;
4081         *ctxlen = len;
4082         return 0;
4083 }
4084 
4085 struct security_operations smack_ops = {
4086         .name =                         "smack",
4087 
4088         .ptrace_access_check =          smack_ptrace_access_check,
4089         .ptrace_traceme =               smack_ptrace_traceme,
4090         .syslog =                       smack_syslog,
4091 
4092         .sb_alloc_security =            smack_sb_alloc_security,
4093         .sb_free_security =             smack_sb_free_security,
4094         .sb_copy_data =                 smack_sb_copy_data,
4095         .sb_kern_mount =                smack_sb_kern_mount,
4096         .sb_statfs =                    smack_sb_statfs,
4097 
4098         .bprm_set_creds =               smack_bprm_set_creds,
4099         .bprm_committing_creds =        smack_bprm_committing_creds,
4100         .bprm_secureexec =              smack_bprm_secureexec,
4101 
4102         .inode_alloc_security =         smack_inode_alloc_security,
4103         .inode_free_security =          smack_inode_free_security,
4104         .inode_init_security =          smack_inode_init_security,
4105         .inode_link =                   smack_inode_link,
4106         .inode_unlink =                 smack_inode_unlink,
4107         .inode_rmdir =                  smack_inode_rmdir,
4108         .inode_rename =                 smack_inode_rename,
4109         .inode_permission =             smack_inode_permission,
4110         .inode_setattr =                smack_inode_setattr,
4111         .inode_getattr =                smack_inode_getattr,
4112         .inode_setxattr =               smack_inode_setxattr,
4113         .inode_post_setxattr =          smack_inode_post_setxattr,
4114         .inode_getxattr =               smack_inode_getxattr,
4115         .inode_removexattr =            smack_inode_removexattr,
4116         .inode_getsecurity =            smack_inode_getsecurity,
4117         .inode_setsecurity =            smack_inode_setsecurity,
4118         .inode_listsecurity =           smack_inode_listsecurity,
4119         .inode_getsecid =               smack_inode_getsecid,
4120 
4121         .file_permission =              smack_file_permission,
4122         .file_alloc_security =          smack_file_alloc_security,
4123         .file_free_security =           smack_file_free_security,
4124         .file_ioctl =                   smack_file_ioctl,
4125         .file_lock =                    smack_file_lock,
4126         .file_fcntl =                   smack_file_fcntl,
4127         .mmap_file =                    smack_mmap_file,
4128         .mmap_addr =                    cap_mmap_addr,
4129         .file_set_fowner =              smack_file_set_fowner,
4130         .file_send_sigiotask =          smack_file_send_sigiotask,
4131         .file_receive =                 smack_file_receive,
4132 
4133         .file_open =                    smack_file_open,
4134 
4135         .cred_alloc_blank =             smack_cred_alloc_blank,
4136         .cred_free =                    smack_cred_free,
4137         .cred_prepare =                 smack_cred_prepare,
4138         .cred_transfer =                smack_cred_transfer,
4139         .kernel_act_as =                smack_kernel_act_as,
4140         .kernel_create_files_as =       smack_kernel_create_files_as,
4141         .task_setpgid =                 smack_task_setpgid,
4142         .task_getpgid =                 smack_task_getpgid,
4143         .task_getsid =                  smack_task_getsid,
4144         .task_getsecid =                smack_task_getsecid,
4145         .task_setnice =                 smack_task_setnice,
4146         .task_setioprio =               smack_task_setioprio,
4147         .task_getioprio =               smack_task_getioprio,
4148         .task_setscheduler =            smack_task_setscheduler,
4149         .task_getscheduler =            smack_task_getscheduler,
4150         .task_movememory =              smack_task_movememory,
4151         .task_kill =                    smack_task_kill,
4152         .task_wait =                    smack_task_wait,
4153         .task_to_inode =                smack_task_to_inode,
4154 
4155         .ipc_permission =               smack_ipc_permission,
4156         .ipc_getsecid =                 smack_ipc_getsecid,
4157 
4158         .msg_msg_alloc_security =       smack_msg_msg_alloc_security,
4159         .msg_msg_free_security =        smack_msg_msg_free_security,
4160 
4161         .msg_queue_alloc_security =     smack_msg_queue_alloc_security,
4162         .msg_queue_free_security =      smack_msg_queue_free_security,
4163         .msg_queue_associate =          smack_msg_queue_associate,
4164         .msg_queue_msgctl =             smack_msg_queue_msgctl,
4165         .msg_queue_msgsnd =             smack_msg_queue_msgsnd,
4166         .msg_queue_msgrcv =             smack_msg_queue_msgrcv,
4167 
4168         .shm_alloc_security =           smack_shm_alloc_security,
4169         .shm_free_security =            smack_shm_free_security,
4170         .shm_associate =                smack_shm_associate,
4171         .shm_shmctl =                   smack_shm_shmctl,
4172         .shm_shmat =                    smack_shm_shmat,
4173 
4174         .sem_alloc_security =           smack_sem_alloc_security,
4175         .sem_free_security =            smack_sem_free_security,
4176         .sem_associate =                smack_sem_associate,
4177         .sem_semctl =                   smack_sem_semctl,
4178         .sem_semop =                    smack_sem_semop,
4179 
4180         .d_instantiate =                smack_d_instantiate,
4181 
4182         .getprocattr =                  smack_getprocattr,
4183         .setprocattr =                  smack_setprocattr,
4184 
4185         .unix_stream_connect =          smack_unix_stream_connect,
4186         .unix_may_send =                smack_unix_may_send,
4187 
4188         .socket_post_create =           smack_socket_post_create,
4189         .socket_bind =                  smack_socket_bind,
4190         .socket_connect =               smack_socket_connect,
4191         .socket_sendmsg =               smack_socket_sendmsg,
4192         .socket_sock_rcv_skb =          smack_socket_sock_rcv_skb,
4193         .socket_getpeersec_stream =     smack_socket_getpeersec_stream,
4194         .socket_getpeersec_dgram =      smack_socket_getpeersec_dgram,
4195         .sk_alloc_security =            smack_sk_alloc_security,
4196         .sk_free_security =             smack_sk_free_security,
4197         .sock_graft =                   smack_sock_graft,
4198         .inet_conn_request =            smack_inet_conn_request,
4199         .inet_csk_clone =               smack_inet_csk_clone,
4200 
4201  /* key management security hooks */
4202 #ifdef CONFIG_KEYS
4203         .key_alloc =                    smack_key_alloc,
4204         .key_free =                     smack_key_free,
4205         .key_permission =               smack_key_permission,
4206 #endif /* CONFIG_KEYS */
4207 
4208  /* Audit hooks */
4209 #ifdef CONFIG_AUDIT
4210         .audit_rule_init =              smack_audit_rule_init,
4211         .audit_rule_known =             smack_audit_rule_known,
4212         .audit_rule_match =             smack_audit_rule_match,
4213         .audit_rule_free =              smack_audit_rule_free,
4214 #endif /* CONFIG_AUDIT */
4215 
4216         .ismaclabel =                   smack_ismaclabel,
4217         .secid_to_secctx =              smack_secid_to_secctx,
4218         .secctx_to_secid =              smack_secctx_to_secid,
4219         .release_secctx =               smack_release_secctx,
4220         .inode_notifysecctx =           smack_inode_notifysecctx,
4221         .inode_setsecctx =              smack_inode_setsecctx,
4222         .inode_getsecctx =              smack_inode_getsecctx,
4223 };
4224 
4225 
4226 static __init void init_smack_known_list(void)
4227 {
4228         /*
4229          * Initialize rule list locks
4230          */
4231         mutex_init(&smack_known_huh.smk_rules_lock);
4232         mutex_init(&smack_known_hat.smk_rules_lock);
4233         mutex_init(&smack_known_floor.smk_rules_lock);
4234         mutex_init(&smack_known_star.smk_rules_lock);
4235         mutex_init(&smack_known_invalid.smk_rules_lock);
4236         mutex_init(&smack_known_web.smk_rules_lock);
4237         /*
4238          * Initialize rule lists
4239          */
4240         INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4241         INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4242         INIT_LIST_HEAD(&smack_known_star.smk_rules);
4243         INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4244         INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
4245         INIT_LIST_HEAD(&smack_known_web.smk_rules);
4246         /*
4247          * Create the known labels list
4248          */
4249         smk_insert_entry(&smack_known_huh);
4250         smk_insert_entry(&smack_known_hat);
4251         smk_insert_entry(&smack_known_star);
4252         smk_insert_entry(&smack_known_floor);
4253         smk_insert_entry(&smack_known_invalid);
4254         smk_insert_entry(&smack_known_web);
4255 }
4256 
4257 /**
4258  * smack_init - initialize the smack system
4259  *
4260  * Returns 0
4261  */
4262 static __init int smack_init(void)
4263 {
4264         struct cred *cred;
4265         struct task_smack *tsp;
4266 
4267         if (!security_module_enable(&smack_ops))
4268                 return 0;
4269 
4270         smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4271         if (!smack_inode_cache)
4272                 return -ENOMEM;
4273 
4274         tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4275                                 GFP_KERNEL);
4276         if (tsp == NULL) {
4277                 kmem_cache_destroy(smack_inode_cache);
4278                 return -ENOMEM;
4279         }
4280 
4281         printk(KERN_INFO "Smack:  Initializing.\n");
4282 
4283         /*
4284          * Set the security state for the initial task.
4285          */
4286         cred = (struct cred *) current->cred;
4287         cred->security = tsp;
4288 
4289         /* initialize the smack_known_list */
4290         init_smack_known_list();
4291 
4292         /*
4293          * Register with LSM
4294          */
4295         if (register_security(&smack_ops))
4296                 panic("smack: Unable to register with kernel.\n");
4297 
4298         return 0;
4299 }
4300 
4301 /*
4302  * Smack requires early initialization in order to label
4303  * all processes and objects when they are created.
4304  */
4305 security_initcall(smack_init);
4306 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp