~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/smack/smack_lsm.c

Version: ~ [ linux-5.3 ] ~ [ linux-5.2.15 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.73 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.144 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.193 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.193 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.73 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *  Simplified MAC Kernel (smack) security module
  3  *
  4  *  This file contains the smack hook function implementations.
  5  *
  6  *  Authors:
  7  *      Casey Schaufler <casey@schaufler-ca.com>
  8  *      Jarkko Sakkinen <jarkko.sakkinen@intel.com>
  9  *
 10  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
 11  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
 12  *                Paul Moore <paul@paul-moore.com>
 13  *  Copyright (C) 2010 Nokia Corporation
 14  *  Copyright (C) 2011 Intel Corporation.
 15  *
 16  *      This program is free software; you can redistribute it and/or modify
 17  *      it under the terms of the GNU General Public License version 2,
 18  *      as published by the Free Software Foundation.
 19  */
 20 
 21 #include <linux/xattr.h>
 22 #include <linux/pagemap.h>
 23 #include <linux/mount.h>
 24 #include <linux/stat.h>
 25 #include <linux/kd.h>
 26 #include <asm/ioctls.h>
 27 #include <linux/ip.h>
 28 #include <linux/tcp.h>
 29 #include <linux/udp.h>
 30 #include <linux/dccp.h>
 31 #include <linux/slab.h>
 32 #include <linux/mutex.h>
 33 #include <linux/pipe_fs_i.h>
 34 #include <net/cipso_ipv4.h>
 35 #include <net/ip.h>
 36 #include <net/ipv6.h>
 37 #include <linux/audit.h>
 38 #include <linux/magic.h>
 39 #include <linux/dcache.h>
 40 #include <linux/personality.h>
 41 #include <linux/msg.h>
 42 #include <linux/shm.h>
 43 #include <linux/binfmts.h>
 44 #include <linux/parser.h>
 45 #include "smack.h"
 46 
 47 #define TRANS_TRUE      "TRUE"
 48 #define TRANS_TRUE_SIZE 4
 49 
 50 #define SMK_CONNECTING  0
 51 #define SMK_RECEIVING   1
 52 #define SMK_SENDING     2
 53 
 54 #ifdef SMACK_IPV6_PORT_LABELING
 55 static LIST_HEAD(smk_ipv6_port_list);
 56 #endif
 57 static struct kmem_cache *smack_inode_cache;
 58 int smack_enabled;
 59 
 60 static const match_table_t smk_mount_tokens = {
 61         {Opt_fsdefault, SMK_FSDEFAULT "%s"},
 62         {Opt_fsfloor, SMK_FSFLOOR "%s"},
 63         {Opt_fshat, SMK_FSHAT "%s"},
 64         {Opt_fsroot, SMK_FSROOT "%s"},
 65         {Opt_fstransmute, SMK_FSTRANS "%s"},
 66         {Opt_error, NULL},
 67 };
 68 
 69 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 70 static char *smk_bu_mess[] = {
 71         "Bringup Error",        /* Unused */
 72         "Bringup",              /* SMACK_BRINGUP_ALLOW */
 73         "Unconfined Subject",   /* SMACK_UNCONFINED_SUBJECT */
 74         "Unconfined Object",    /* SMACK_UNCONFINED_OBJECT */
 75 };
 76 
 77 static void smk_bu_mode(int mode, char *s)
 78 {
 79         int i = 0;
 80 
 81         if (mode & MAY_READ)
 82                 s[i++] = 'r';
 83         if (mode & MAY_WRITE)
 84                 s[i++] = 'w';
 85         if (mode & MAY_EXEC)
 86                 s[i++] = 'x';
 87         if (mode & MAY_APPEND)
 88                 s[i++] = 'a';
 89         if (mode & MAY_TRANSMUTE)
 90                 s[i++] = 't';
 91         if (mode & MAY_LOCK)
 92                 s[i++] = 'l';
 93         if (i == 0)
 94                 s[i++] = '-';
 95         s[i] = '\0';
 96 }
 97 #endif
 98 
 99 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
100 static int smk_bu_note(char *note, struct smack_known *sskp,
101                        struct smack_known *oskp, int mode, int rc)
102 {
103         char acc[SMK_NUM_ACCESS_TYPE + 1];
104 
105         if (rc <= 0)
106                 return rc;
107         if (rc > SMACK_UNCONFINED_OBJECT)
108                 rc = 0;
109 
110         smk_bu_mode(mode, acc);
111         pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
112                 sskp->smk_known, oskp->smk_known, acc, note);
113         return 0;
114 }
115 #else
116 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
117 #endif
118 
119 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
120 static int smk_bu_current(char *note, struct smack_known *oskp,
121                           int mode, int rc)
122 {
123         struct task_smack *tsp = current_security();
124         char acc[SMK_NUM_ACCESS_TYPE + 1];
125 
126         if (rc <= 0)
127                 return rc;
128         if (rc > SMACK_UNCONFINED_OBJECT)
129                 rc = 0;
130 
131         smk_bu_mode(mode, acc);
132         pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
133                 tsp->smk_task->smk_known, oskp->smk_known,
134                 acc, current->comm, note);
135         return 0;
136 }
137 #else
138 #define smk_bu_current(note, oskp, mode, RC) (RC)
139 #endif
140 
141 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
142 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
143 {
144         struct task_smack *tsp = current_security();
145         struct smack_known *smk_task = smk_of_task_struct(otp);
146         char acc[SMK_NUM_ACCESS_TYPE + 1];
147 
148         if (rc <= 0)
149                 return rc;
150         if (rc > SMACK_UNCONFINED_OBJECT)
151                 rc = 0;
152 
153         smk_bu_mode(mode, acc);
154         pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
155                 tsp->smk_task->smk_known, smk_task->smk_known, acc,
156                 current->comm, otp->comm);
157         return 0;
158 }
159 #else
160 #define smk_bu_task(otp, mode, RC) (RC)
161 #endif
162 
163 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
164 static int smk_bu_inode(struct inode *inode, int mode, int rc)
165 {
166         struct task_smack *tsp = current_security();
167         struct inode_smack *isp = inode->i_security;
168         char acc[SMK_NUM_ACCESS_TYPE + 1];
169 
170         if (isp->smk_flags & SMK_INODE_IMPURE)
171                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
172                         inode->i_sb->s_id, inode->i_ino, current->comm);
173 
174         if (rc <= 0)
175                 return rc;
176         if (rc > SMACK_UNCONFINED_OBJECT)
177                 rc = 0;
178         if (rc == SMACK_UNCONFINED_SUBJECT &&
179             (mode & (MAY_WRITE | MAY_APPEND)))
180                 isp->smk_flags |= SMK_INODE_IMPURE;
181 
182         smk_bu_mode(mode, acc);
183 
184         pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
185                 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
186                 inode->i_sb->s_id, inode->i_ino, current->comm);
187         return 0;
188 }
189 #else
190 #define smk_bu_inode(inode, mode, RC) (RC)
191 #endif
192 
193 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
194 static int smk_bu_file(struct file *file, int mode, int rc)
195 {
196         struct task_smack *tsp = current_security();
197         struct smack_known *sskp = tsp->smk_task;
198         struct inode *inode = file_inode(file);
199         struct inode_smack *isp = inode->i_security;
200         char acc[SMK_NUM_ACCESS_TYPE + 1];
201 
202         if (isp->smk_flags & SMK_INODE_IMPURE)
203                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
204                         inode->i_sb->s_id, inode->i_ino, current->comm);
205 
206         if (rc <= 0)
207                 return rc;
208         if (rc > SMACK_UNCONFINED_OBJECT)
209                 rc = 0;
210 
211         smk_bu_mode(mode, acc);
212         pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
213                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
214                 inode->i_sb->s_id, inode->i_ino, file,
215                 current->comm);
216         return 0;
217 }
218 #else
219 #define smk_bu_file(file, mode, RC) (RC)
220 #endif
221 
222 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
223 static int smk_bu_credfile(const struct cred *cred, struct file *file,
224                                 int mode, int rc)
225 {
226         struct task_smack *tsp = cred->security;
227         struct smack_known *sskp = tsp->smk_task;
228         struct inode *inode = file_inode(file);
229         struct inode_smack *isp = inode->i_security;
230         char acc[SMK_NUM_ACCESS_TYPE + 1];
231 
232         if (isp->smk_flags & SMK_INODE_IMPURE)
233                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
234                         inode->i_sb->s_id, inode->i_ino, current->comm);
235 
236         if (rc <= 0)
237                 return rc;
238         if (rc > SMACK_UNCONFINED_OBJECT)
239                 rc = 0;
240 
241         smk_bu_mode(mode, acc);
242         pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
243                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
244                 inode->i_sb->s_id, inode->i_ino, file,
245                 current->comm);
246         return 0;
247 }
248 #else
249 #define smk_bu_credfile(cred, file, mode, RC) (RC)
250 #endif
251 
252 /**
253  * smk_fetch - Fetch the smack label from a file.
254  * @name: type of the label (attribute)
255  * @ip: a pointer to the inode
256  * @dp: a pointer to the dentry
257  *
258  * Returns a pointer to the master list entry for the Smack label,
259  * NULL if there was no label to fetch, or an error code.
260  */
261 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
262                                         struct dentry *dp)
263 {
264         int rc;
265         char *buffer;
266         struct smack_known *skp = NULL;
267 
268         if (!(ip->i_opflags & IOP_XATTR))
269                 return ERR_PTR(-EOPNOTSUPP);
270 
271         buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
272         if (buffer == NULL)
273                 return ERR_PTR(-ENOMEM);
274 
275         rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
276         if (rc < 0)
277                 skp = ERR_PTR(rc);
278         else if (rc == 0)
279                 skp = NULL;
280         else
281                 skp = smk_import_entry(buffer, rc);
282 
283         kfree(buffer);
284 
285         return skp;
286 }
287 
288 /**
289  * new_inode_smack - allocate an inode security blob
290  * @skp: a pointer to the Smack label entry to use in the blob
291  *
292  * Returns the new blob or NULL if there's no memory available
293  */
294 static struct inode_smack *new_inode_smack(struct smack_known *skp)
295 {
296         struct inode_smack *isp;
297 
298         isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
299         if (isp == NULL)
300                 return NULL;
301 
302         isp->smk_inode = skp;
303         isp->smk_flags = 0;
304         mutex_init(&isp->smk_lock);
305 
306         return isp;
307 }
308 
309 /**
310  * new_task_smack - allocate a task security blob
311  * @task: a pointer to the Smack label for the running task
312  * @forked: a pointer to the Smack label for the forked task
313  * @gfp: type of the memory for the allocation
314  *
315  * Returns the new blob or NULL if there's no memory available
316  */
317 static struct task_smack *new_task_smack(struct smack_known *task,
318                                         struct smack_known *forked, gfp_t gfp)
319 {
320         struct task_smack *tsp;
321 
322         tsp = kzalloc(sizeof(struct task_smack), gfp);
323         if (tsp == NULL)
324                 return NULL;
325 
326         tsp->smk_task = task;
327         tsp->smk_forked = forked;
328         INIT_LIST_HEAD(&tsp->smk_rules);
329         INIT_LIST_HEAD(&tsp->smk_relabel);
330         mutex_init(&tsp->smk_rules_lock);
331 
332         return tsp;
333 }
334 
335 /**
336  * smk_copy_rules - copy a rule set
337  * @nhead: new rules header pointer
338  * @ohead: old rules header pointer
339  * @gfp: type of the memory for the allocation
340  *
341  * Returns 0 on success, -ENOMEM on error
342  */
343 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
344                                 gfp_t gfp)
345 {
346         struct smack_rule *nrp;
347         struct smack_rule *orp;
348         int rc = 0;
349 
350         INIT_LIST_HEAD(nhead);
351 
352         list_for_each_entry_rcu(orp, ohead, list) {
353                 nrp = kzalloc(sizeof(struct smack_rule), gfp);
354                 if (nrp == NULL) {
355                         rc = -ENOMEM;
356                         break;
357                 }
358                 *nrp = *orp;
359                 list_add_rcu(&nrp->list, nhead);
360         }
361         return rc;
362 }
363 
364 /**
365  * smk_copy_relabel - copy smk_relabel labels list
366  * @nhead: new rules header pointer
367  * @ohead: old rules header pointer
368  * @gfp: type of the memory for the allocation
369  *
370  * Returns 0 on success, -ENOMEM on error
371  */
372 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
373                                 gfp_t gfp)
374 {
375         struct smack_known_list_elem *nklep;
376         struct smack_known_list_elem *oklep;
377 
378         INIT_LIST_HEAD(nhead);
379 
380         list_for_each_entry(oklep, ohead, list) {
381                 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
382                 if (nklep == NULL) {
383                         smk_destroy_label_list(nhead);
384                         return -ENOMEM;
385                 }
386                 nklep->smk_label = oklep->smk_label;
387                 list_add(&nklep->list, nhead);
388         }
389 
390         return 0;
391 }
392 
393 /**
394  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
395  * @mode - input mode in form of PTRACE_MODE_*
396  *
397  * Returns a converted MAY_* mode usable by smack rules
398  */
399 static inline unsigned int smk_ptrace_mode(unsigned int mode)
400 {
401         if (mode & PTRACE_MODE_ATTACH)
402                 return MAY_READWRITE;
403         if (mode & PTRACE_MODE_READ)
404                 return MAY_READ;
405 
406         return 0;
407 }
408 
409 /**
410  * smk_ptrace_rule_check - helper for ptrace access
411  * @tracer: tracer process
412  * @tracee_known: label entry of the process that's about to be traced
413  * @mode: ptrace attachment mode (PTRACE_MODE_*)
414  * @func: name of the function that called us, used for audit
415  *
416  * Returns 0 on access granted, -error on error
417  */
418 static int smk_ptrace_rule_check(struct task_struct *tracer,
419                                  struct smack_known *tracee_known,
420                                  unsigned int mode, const char *func)
421 {
422         int rc;
423         struct smk_audit_info ad, *saip = NULL;
424         struct task_smack *tsp;
425         struct smack_known *tracer_known;
426 
427         if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
428                 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
429                 smk_ad_setfield_u_tsk(&ad, tracer);
430                 saip = &ad;
431         }
432 
433         rcu_read_lock();
434         tsp = __task_cred(tracer)->security;
435         tracer_known = smk_of_task(tsp);
436 
437         if ((mode & PTRACE_MODE_ATTACH) &&
438             (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
439              smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
440                 if (tracer_known->smk_known == tracee_known->smk_known)
441                         rc = 0;
442                 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
443                         rc = -EACCES;
444                 else if (capable(CAP_SYS_PTRACE))
445                         rc = 0;
446                 else
447                         rc = -EACCES;
448 
449                 if (saip)
450                         smack_log(tracer_known->smk_known,
451                                   tracee_known->smk_known,
452                                   0, rc, saip);
453 
454                 rcu_read_unlock();
455                 return rc;
456         }
457 
458         /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
459         rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
460 
461         rcu_read_unlock();
462         return rc;
463 }
464 
465 /*
466  * LSM hooks.
467  * We he, that is fun!
468  */
469 
470 /**
471  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
472  * @ctp: child task pointer
473  * @mode: ptrace attachment mode (PTRACE_MODE_*)
474  *
475  * Returns 0 if access is OK, an error code otherwise
476  *
477  * Do the capability checks.
478  */
479 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
480 {
481         struct smack_known *skp;
482 
483         skp = smk_of_task_struct(ctp);
484 
485         return smk_ptrace_rule_check(current, skp, mode, __func__);
486 }
487 
488 /**
489  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
490  * @ptp: parent task pointer
491  *
492  * Returns 0 if access is OK, an error code otherwise
493  *
494  * Do the capability checks, and require PTRACE_MODE_ATTACH.
495  */
496 static int smack_ptrace_traceme(struct task_struct *ptp)
497 {
498         int rc;
499         struct smack_known *skp;
500 
501         skp = smk_of_task(current_security());
502 
503         rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
504         return rc;
505 }
506 
507 /**
508  * smack_syslog - Smack approval on syslog
509  * @type: message type
510  *
511  * Returns 0 on success, error code otherwise.
512  */
513 static int smack_syslog(int typefrom_file)
514 {
515         int rc = 0;
516         struct smack_known *skp = smk_of_current();
517 
518         if (smack_privileged(CAP_MAC_OVERRIDE))
519                 return 0;
520 
521         if (smack_syslog_label != NULL && smack_syslog_label != skp)
522                 rc = -EACCES;
523 
524         return rc;
525 }
526 
527 
528 /*
529  * Superblock Hooks.
530  */
531 
532 /**
533  * smack_sb_alloc_security - allocate a superblock blob
534  * @sb: the superblock getting the blob
535  *
536  * Returns 0 on success or -ENOMEM on error.
537  */
538 static int smack_sb_alloc_security(struct super_block *sb)
539 {
540         struct superblock_smack *sbsp;
541 
542         sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
543 
544         if (sbsp == NULL)
545                 return -ENOMEM;
546 
547         sbsp->smk_root = &smack_known_floor;
548         sbsp->smk_default = &smack_known_floor;
549         sbsp->smk_floor = &smack_known_floor;
550         sbsp->smk_hat = &smack_known_hat;
551         /*
552          * SMK_SB_INITIALIZED will be zero from kzalloc.
553          */
554         sb->s_security = sbsp;
555 
556         return 0;
557 }
558 
559 /**
560  * smack_sb_free_security - free a superblock blob
561  * @sb: the superblock getting the blob
562  *
563  */
564 static void smack_sb_free_security(struct super_block *sb)
565 {
566         kfree(sb->s_security);
567         sb->s_security = NULL;
568 }
569 
570 /**
571  * smack_sb_copy_data - copy mount options data for processing
572  * @orig: where to start
573  * @smackopts: mount options string
574  *
575  * Returns 0 on success or -ENOMEM on error.
576  *
577  * Copy the Smack specific mount options out of the mount
578  * options list.
579  */
580 static int smack_sb_copy_data(char *orig, char *smackopts)
581 {
582         char *cp, *commap, *otheropts, *dp;
583 
584         otheropts = (char *)get_zeroed_page(GFP_KERNEL);
585         if (otheropts == NULL)
586                 return -ENOMEM;
587 
588         for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
589                 if (strstr(cp, SMK_FSDEFAULT) == cp)
590                         dp = smackopts;
591                 else if (strstr(cp, SMK_FSFLOOR) == cp)
592                         dp = smackopts;
593                 else if (strstr(cp, SMK_FSHAT) == cp)
594                         dp = smackopts;
595                 else if (strstr(cp, SMK_FSROOT) == cp)
596                         dp = smackopts;
597                 else if (strstr(cp, SMK_FSTRANS) == cp)
598                         dp = smackopts;
599                 else
600                         dp = otheropts;
601 
602                 commap = strchr(cp, ',');
603                 if (commap != NULL)
604                         *commap = '\0';
605 
606                 if (*dp != '\0')
607                         strcat(dp, ",");
608                 strcat(dp, cp);
609         }
610 
611         strcpy(orig, otheropts);
612         free_page((unsigned long)otheropts);
613 
614         return 0;
615 }
616 
617 /**
618  * smack_parse_opts_str - parse Smack specific mount options
619  * @options: mount options string
620  * @opts: where to store converted mount opts
621  *
622  * Returns 0 on success or -ENOMEM on error.
623  *
624  * converts Smack specific mount options to generic security option format
625  */
626 static int smack_parse_opts_str(char *options,
627                 struct security_mnt_opts *opts)
628 {
629         char *p;
630         char *fsdefault = NULL;
631         char *fsfloor = NULL;
632         char *fshat = NULL;
633         char *fsroot = NULL;
634         char *fstransmute = NULL;
635         int rc = -ENOMEM;
636         int num_mnt_opts = 0;
637         int token;
638 
639         opts->num_mnt_opts = 0;
640 
641         if (!options)
642                 return 0;
643 
644         while ((p = strsep(&options, ",")) != NULL) {
645                 substring_t args[MAX_OPT_ARGS];
646 
647                 if (!*p)
648                         continue;
649 
650                 token = match_token(p, smk_mount_tokens, args);
651 
652                 switch (token) {
653                 case Opt_fsdefault:
654                         if (fsdefault)
655                                 goto out_opt_err;
656                         fsdefault = match_strdup(&args[0]);
657                         if (!fsdefault)
658                                 goto out_err;
659                         break;
660                 case Opt_fsfloor:
661                         if (fsfloor)
662                                 goto out_opt_err;
663                         fsfloor = match_strdup(&args[0]);
664                         if (!fsfloor)
665                                 goto out_err;
666                         break;
667                 case Opt_fshat:
668                         if (fshat)
669                                 goto out_opt_err;
670                         fshat = match_strdup(&args[0]);
671                         if (!fshat)
672                                 goto out_err;
673                         break;
674                 case Opt_fsroot:
675                         if (fsroot)
676                                 goto out_opt_err;
677                         fsroot = match_strdup(&args[0]);
678                         if (!fsroot)
679                                 goto out_err;
680                         break;
681                 case Opt_fstransmute:
682                         if (fstransmute)
683                                 goto out_opt_err;
684                         fstransmute = match_strdup(&args[0]);
685                         if (!fstransmute)
686                                 goto out_err;
687                         break;
688                 default:
689                         rc = -EINVAL;
690                         pr_warn("Smack:  unknown mount option\n");
691                         goto out_err;
692                 }
693         }
694 
695         opts->mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), GFP_KERNEL);
696         if (!opts->mnt_opts)
697                 goto out_err;
698 
699         opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int),
700                         GFP_KERNEL);
701         if (!opts->mnt_opts_flags) {
702                 kfree(opts->mnt_opts);
703                 goto out_err;
704         }
705 
706         if (fsdefault) {
707                 opts->mnt_opts[num_mnt_opts] = fsdefault;
708                 opts->mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT;
709         }
710         if (fsfloor) {
711                 opts->mnt_opts[num_mnt_opts] = fsfloor;
712                 opts->mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT;
713         }
714         if (fshat) {
715                 opts->mnt_opts[num_mnt_opts] = fshat;
716                 opts->mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT;
717         }
718         if (fsroot) {
719                 opts->mnt_opts[num_mnt_opts] = fsroot;
720                 opts->mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT;
721         }
722         if (fstransmute) {
723                 opts->mnt_opts[num_mnt_opts] = fstransmute;
724                 opts->mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT;
725         }
726 
727         opts->num_mnt_opts = num_mnt_opts;
728         return 0;
729 
730 out_opt_err:
731         rc = -EINVAL;
732         pr_warn("Smack: duplicate mount options\n");
733 
734 out_err:
735         kfree(fsdefault);
736         kfree(fsfloor);
737         kfree(fshat);
738         kfree(fsroot);
739         kfree(fstransmute);
740         return rc;
741 }
742 
743 /**
744  * smack_set_mnt_opts - set Smack specific mount options
745  * @sb: the file system superblock
746  * @opts: Smack mount options
747  * @kern_flags: mount option from kernel space or user space
748  * @set_kern_flags: where to store converted mount opts
749  *
750  * Returns 0 on success, an error code on failure
751  *
752  * Allow filesystems with binary mount data to explicitly set Smack mount
753  * labels.
754  */
755 static int smack_set_mnt_opts(struct super_block *sb,
756                 struct security_mnt_opts *opts,
757                 unsigned long kern_flags,
758                 unsigned long *set_kern_flags)
759 {
760         struct dentry *root = sb->s_root;
761         struct inode *inode = d_backing_inode(root);
762         struct superblock_smack *sp = sb->s_security;
763         struct inode_smack *isp;
764         struct smack_known *skp;
765         int i;
766         int num_opts = opts->num_mnt_opts;
767         int transmute = 0;
768 
769         if (sp->smk_flags & SMK_SB_INITIALIZED)
770                 return 0;
771 
772         if (!smack_privileged(CAP_MAC_ADMIN)) {
773                 /*
774                  * Unprivileged mounts don't get to specify Smack values.
775                  */
776                 if (num_opts)
777                         return -EPERM;
778                 /*
779                  * Unprivileged mounts get root and default from the caller.
780                  */
781                 skp = smk_of_current();
782                 sp->smk_root = skp;
783                 sp->smk_default = skp;
784                 /*
785                  * For a handful of fs types with no user-controlled
786                  * backing store it's okay to trust security labels
787                  * in the filesystem. The rest are untrusted.
788                  */
789                 if (sb->s_user_ns != &init_user_ns &&
790                     sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
791                     sb->s_magic != RAMFS_MAGIC) {
792                         transmute = 1;
793                         sp->smk_flags |= SMK_SB_UNTRUSTED;
794                 }
795         }
796 
797         sp->smk_flags |= SMK_SB_INITIALIZED;
798 
799         for (i = 0; i < num_opts; i++) {
800                 switch (opts->mnt_opts_flags[i]) {
801                 case FSDEFAULT_MNT:
802                         skp = smk_import_entry(opts->mnt_opts[i], 0);
803                         if (IS_ERR(skp))
804                                 return PTR_ERR(skp);
805                         sp->smk_default = skp;
806                         break;
807                 case FSFLOOR_MNT:
808                         skp = smk_import_entry(opts->mnt_opts[i], 0);
809                         if (IS_ERR(skp))
810                                 return PTR_ERR(skp);
811                         sp->smk_floor = skp;
812                         break;
813                 case FSHAT_MNT:
814                         skp = smk_import_entry(opts->mnt_opts[i], 0);
815                         if (IS_ERR(skp))
816                                 return PTR_ERR(skp);
817                         sp->smk_hat = skp;
818                         break;
819                 case FSROOT_MNT:
820                         skp = smk_import_entry(opts->mnt_opts[i], 0);
821                         if (IS_ERR(skp))
822                                 return PTR_ERR(skp);
823                         sp->smk_root = skp;
824                         break;
825                 case FSTRANS_MNT:
826                         skp = smk_import_entry(opts->mnt_opts[i], 0);
827                         if (IS_ERR(skp))
828                                 return PTR_ERR(skp);
829                         sp->smk_root = skp;
830                         transmute = 1;
831                         break;
832                 default:
833                         break;
834                 }
835         }
836 
837         /*
838          * Initialize the root inode.
839          */
840         isp = inode->i_security;
841         if (isp == NULL) {
842                 isp = new_inode_smack(sp->smk_root);
843                 if (isp == NULL)
844                         return -ENOMEM;
845                 inode->i_security = isp;
846         } else
847                 isp->smk_inode = sp->smk_root;
848 
849         if (transmute)
850                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
851 
852         return 0;
853 }
854 
855 /**
856  * smack_sb_kern_mount - Smack specific mount processing
857  * @sb: the file system superblock
858  * @flags: the mount flags
859  * @data: the smack mount options
860  *
861  * Returns 0 on success, an error code on failure
862  */
863 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
864 {
865         int rc = 0;
866         char *options = data;
867         struct security_mnt_opts opts;
868 
869         security_init_mnt_opts(&opts);
870 
871         if (!options)
872                 goto out;
873 
874         rc = smack_parse_opts_str(options, &opts);
875         if (rc)
876                 goto out_err;
877 
878 out:
879         rc = smack_set_mnt_opts(sb, &opts, 0, NULL);
880 
881 out_err:
882         security_free_mnt_opts(&opts);
883         return rc;
884 }
885 
886 /**
887  * smack_sb_statfs - Smack check on statfs
888  * @dentry: identifies the file system in question
889  *
890  * Returns 0 if current can read the floor of the filesystem,
891  * and error code otherwise
892  */
893 static int smack_sb_statfs(struct dentry *dentry)
894 {
895         struct superblock_smack *sbp = dentry->d_sb->s_security;
896         int rc;
897         struct smk_audit_info ad;
898 
899         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
900         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
901 
902         rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
903         rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
904         return rc;
905 }
906 
907 /*
908  * BPRM hooks
909  */
910 
911 /**
912  * smack_bprm_set_creds - set creds for exec
913  * @bprm: the exec information
914  *
915  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
916  */
917 static int smack_bprm_set_creds(struct linux_binprm *bprm)
918 {
919         struct inode *inode = file_inode(bprm->file);
920         struct task_smack *bsp = bprm->cred->security;
921         struct inode_smack *isp;
922         struct superblock_smack *sbsp;
923         int rc;
924 
925         if (bprm->cred_prepared)
926                 return 0;
927 
928         isp = inode->i_security;
929         if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
930                 return 0;
931 
932         sbsp = inode->i_sb->s_security;
933         if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
934             isp->smk_task != sbsp->smk_root)
935                 return 0;
936 
937         if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
938                 struct task_struct *tracer;
939                 rc = 0;
940 
941                 rcu_read_lock();
942                 tracer = ptrace_parent(current);
943                 if (likely(tracer != NULL))
944                         rc = smk_ptrace_rule_check(tracer,
945                                                    isp->smk_task,
946                                                    PTRACE_MODE_ATTACH,
947                                                    __func__);
948                 rcu_read_unlock();
949 
950                 if (rc != 0)
951                         return rc;
952         } else if (bprm->unsafe)
953                 return -EPERM;
954 
955         bsp->smk_task = isp->smk_task;
956         bprm->per_clear |= PER_CLEAR_ON_SETID;
957 
958         return 0;
959 }
960 
961 /**
962  * smack_bprm_committing_creds - Prepare to install the new credentials
963  * from bprm.
964  *
965  * @bprm: binprm for exec
966  */
967 static void smack_bprm_committing_creds(struct linux_binprm *bprm)
968 {
969         struct task_smack *bsp = bprm->cred->security;
970 
971         if (bsp->smk_task != bsp->smk_forked)
972                 current->pdeath_signal = 0;
973 }
974 
975 /**
976  * smack_bprm_secureexec - Return the decision to use secureexec.
977  * @bprm: binprm for exec
978  *
979  * Returns 0 on success.
980  */
981 static int smack_bprm_secureexec(struct linux_binprm *bprm)
982 {
983         struct task_smack *tsp = current_security();
984 
985         if (tsp->smk_task != tsp->smk_forked)
986                 return 1;
987 
988         return 0;
989 }
990 
991 /*
992  * Inode hooks
993  */
994 
995 /**
996  * smack_inode_alloc_security - allocate an inode blob
997  * @inode: the inode in need of a blob
998  *
999  * Returns 0 if it gets a blob, -ENOMEM otherwise
1000  */
1001 static int smack_inode_alloc_security(struct inode *inode)
1002 {
1003         struct smack_known *skp = smk_of_current();
1004 
1005         inode->i_security = new_inode_smack(skp);
1006         if (inode->i_security == NULL)
1007                 return -ENOMEM;
1008         return 0;
1009 }
1010 
1011 /**
1012  * smack_inode_free_security - free an inode blob
1013  * @inode: the inode with a blob
1014  *
1015  * Clears the blob pointer in inode
1016  */
1017 static void smack_inode_free_security(struct inode *inode)
1018 {
1019         kmem_cache_free(smack_inode_cache, inode->i_security);
1020         inode->i_security = NULL;
1021 }
1022 
1023 /**
1024  * smack_inode_init_security - copy out the smack from an inode
1025  * @inode: the newly created inode
1026  * @dir: containing directory object
1027  * @qstr: unused
1028  * @name: where to put the attribute name
1029  * @value: where to put the attribute value
1030  * @len: where to put the length of the attribute
1031  *
1032  * Returns 0 if it all works out, -ENOMEM if there's no memory
1033  */
1034 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
1035                                      const struct qstr *qstr, const char **name,
1036                                      void **value, size_t *len)
1037 {
1038         struct inode_smack *issp = inode->i_security;
1039         struct smack_known *skp = smk_of_current();
1040         struct smack_known *isp = smk_of_inode(inode);
1041         struct smack_known *dsp = smk_of_inode(dir);
1042         int may;
1043 
1044         if (name)
1045                 *name = XATTR_SMACK_SUFFIX;
1046 
1047         if (value && len) {
1048                 rcu_read_lock();
1049                 may = smk_access_entry(skp->smk_known, dsp->smk_known,
1050                                        &skp->smk_rules);
1051                 rcu_read_unlock();
1052 
1053                 /*
1054                  * If the access rule allows transmutation and
1055                  * the directory requests transmutation then
1056                  * by all means transmute.
1057                  * Mark the inode as changed.
1058                  */
1059                 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
1060                     smk_inode_transmutable(dir)) {
1061                         isp = dsp;
1062                         issp->smk_flags |= SMK_INODE_CHANGED;
1063                 }
1064 
1065                 *value = kstrdup(isp->smk_known, GFP_NOFS);
1066                 if (*value == NULL)
1067                         return -ENOMEM;
1068 
1069                 *len = strlen(isp->smk_known);
1070         }
1071 
1072         return 0;
1073 }
1074 
1075 /**
1076  * smack_inode_link - Smack check on link
1077  * @old_dentry: the existing object
1078  * @dir: unused
1079  * @new_dentry: the new object
1080  *
1081  * Returns 0 if access is permitted, an error code otherwise
1082  */
1083 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1084                             struct dentry *new_dentry)
1085 {
1086         struct smack_known *isp;
1087         struct smk_audit_info ad;
1088         int rc;
1089 
1090         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1091         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1092 
1093         isp = smk_of_inode(d_backing_inode(old_dentry));
1094         rc = smk_curacc(isp, MAY_WRITE, &ad);
1095         rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1096 
1097         if (rc == 0 && d_is_positive(new_dentry)) {
1098                 isp = smk_of_inode(d_backing_inode(new_dentry));
1099                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1100                 rc = smk_curacc(isp, MAY_WRITE, &ad);
1101                 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1102         }
1103 
1104         return rc;
1105 }
1106 
1107 /**
1108  * smack_inode_unlink - Smack check on inode deletion
1109  * @dir: containing directory object
1110  * @dentry: file to unlink
1111  *
1112  * Returns 0 if current can write the containing directory
1113  * and the object, error code otherwise
1114  */
1115 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1116 {
1117         struct inode *ip = d_backing_inode(dentry);
1118         struct smk_audit_info ad;
1119         int rc;
1120 
1121         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1122         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1123 
1124         /*
1125          * You need write access to the thing you're unlinking
1126          */
1127         rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1128         rc = smk_bu_inode(ip, MAY_WRITE, rc);
1129         if (rc == 0) {
1130                 /*
1131                  * You also need write access to the containing directory
1132                  */
1133                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1134                 smk_ad_setfield_u_fs_inode(&ad, dir);
1135                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1136                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1137         }
1138         return rc;
1139 }
1140 
1141 /**
1142  * smack_inode_rmdir - Smack check on directory deletion
1143  * @dir: containing directory object
1144  * @dentry: directory to unlink
1145  *
1146  * Returns 0 if current can write the containing directory
1147  * and the directory, error code otherwise
1148  */
1149 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1150 {
1151         struct smk_audit_info ad;
1152         int rc;
1153 
1154         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1155         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1156 
1157         /*
1158          * You need write access to the thing you're removing
1159          */
1160         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1161         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1162         if (rc == 0) {
1163                 /*
1164                  * You also need write access to the containing directory
1165                  */
1166                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1167                 smk_ad_setfield_u_fs_inode(&ad, dir);
1168                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1169                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1170         }
1171 
1172         return rc;
1173 }
1174 
1175 /**
1176  * smack_inode_rename - Smack check on rename
1177  * @old_inode: unused
1178  * @old_dentry: the old object
1179  * @new_inode: unused
1180  * @new_dentry: the new object
1181  *
1182  * Read and write access is required on both the old and
1183  * new directories.
1184  *
1185  * Returns 0 if access is permitted, an error code otherwise
1186  */
1187 static int smack_inode_rename(struct inode *old_inode,
1188                               struct dentry *old_dentry,
1189                               struct inode *new_inode,
1190                               struct dentry *new_dentry)
1191 {
1192         int rc;
1193         struct smack_known *isp;
1194         struct smk_audit_info ad;
1195 
1196         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1197         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1198 
1199         isp = smk_of_inode(d_backing_inode(old_dentry));
1200         rc = smk_curacc(isp, MAY_READWRITE, &ad);
1201         rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1202 
1203         if (rc == 0 && d_is_positive(new_dentry)) {
1204                 isp = smk_of_inode(d_backing_inode(new_dentry));
1205                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1206                 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1207                 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1208         }
1209         return rc;
1210 }
1211 
1212 /**
1213  * smack_inode_permission - Smack version of permission()
1214  * @inode: the inode in question
1215  * @mask: the access requested
1216  *
1217  * This is the important Smack hook.
1218  *
1219  * Returns 0 if access is permitted, -EACCES otherwise
1220  */
1221 static int smack_inode_permission(struct inode *inode, int mask)
1222 {
1223         struct superblock_smack *sbsp = inode->i_sb->s_security;
1224         struct smk_audit_info ad;
1225         int no_block = mask & MAY_NOT_BLOCK;
1226         int rc;
1227 
1228         mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1229         /*
1230          * No permission to check. Existence test. Yup, it's there.
1231          */
1232         if (mask == 0)
1233                 return 0;
1234 
1235         if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1236                 if (smk_of_inode(inode) != sbsp->smk_root)
1237                         return -EACCES;
1238         }
1239 
1240         /* May be droppable after audit */
1241         if (no_block)
1242                 return -ECHILD;
1243         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1244         smk_ad_setfield_u_fs_inode(&ad, inode);
1245         rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1246         rc = smk_bu_inode(inode, mask, rc);
1247         return rc;
1248 }
1249 
1250 /**
1251  * smack_inode_setattr - Smack check for setting attributes
1252  * @dentry: the object
1253  * @iattr: for the force flag
1254  *
1255  * Returns 0 if access is permitted, an error code otherwise
1256  */
1257 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1258 {
1259         struct smk_audit_info ad;
1260         int rc;
1261 
1262         /*
1263          * Need to allow for clearing the setuid bit.
1264          */
1265         if (iattr->ia_valid & ATTR_FORCE)
1266                 return 0;
1267         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1268         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1269 
1270         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1271         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1272         return rc;
1273 }
1274 
1275 /**
1276  * smack_inode_getattr - Smack check for getting attributes
1277  * @mnt: vfsmount of the object
1278  * @dentry: the object
1279  *
1280  * Returns 0 if access is permitted, an error code otherwise
1281  */
1282 static int smack_inode_getattr(const struct path *path)
1283 {
1284         struct smk_audit_info ad;
1285         struct inode *inode = d_backing_inode(path->dentry);
1286         int rc;
1287 
1288         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1289         smk_ad_setfield_u_fs_path(&ad, *path);
1290         rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1291         rc = smk_bu_inode(inode, MAY_READ, rc);
1292         return rc;
1293 }
1294 
1295 /**
1296  * smack_inode_setxattr - Smack check for setting xattrs
1297  * @dentry: the object
1298  * @name: name of the attribute
1299  * @value: value of the attribute
1300  * @size: size of the value
1301  * @flags: unused
1302  *
1303  * This protects the Smack attribute explicitly.
1304  *
1305  * Returns 0 if access is permitted, an error code otherwise
1306  */
1307 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1308                                 const void *value, size_t size, int flags)
1309 {
1310         struct smk_audit_info ad;
1311         struct smack_known *skp;
1312         int check_priv = 0;
1313         int check_import = 0;
1314         int check_star = 0;
1315         int rc = 0;
1316 
1317         /*
1318          * Check label validity here so import won't fail in post_setxattr
1319          */
1320         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1321             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1322             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1323                 check_priv = 1;
1324                 check_import = 1;
1325         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1326                    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1327                 check_priv = 1;
1328                 check_import = 1;
1329                 check_star = 1;
1330         } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1331                 check_priv = 1;
1332                 if (size != TRANS_TRUE_SIZE ||
1333                     strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1334                         rc = -EINVAL;
1335         } else
1336                 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1337 
1338         if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1339                 rc = -EPERM;
1340 
1341         if (rc == 0 && check_import) {
1342                 skp = size ? smk_import_entry(value, size) : NULL;
1343                 if (IS_ERR(skp))
1344                         rc = PTR_ERR(skp);
1345                 else if (skp == NULL || (check_star &&
1346                     (skp == &smack_known_star || skp == &smack_known_web)))
1347                         rc = -EINVAL;
1348         }
1349 
1350         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1351         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1352 
1353         if (rc == 0) {
1354                 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1355                 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1356         }
1357 
1358         return rc;
1359 }
1360 
1361 /**
1362  * smack_inode_post_setxattr - Apply the Smack update approved above
1363  * @dentry: object
1364  * @name: attribute name
1365  * @value: attribute value
1366  * @size: attribute size
1367  * @flags: unused
1368  *
1369  * Set the pointer in the inode blob to the entry found
1370  * in the master label list.
1371  */
1372 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1373                                       const void *value, size_t size, int flags)
1374 {
1375         struct smack_known *skp;
1376         struct inode_smack *isp = d_backing_inode(dentry)->i_security;
1377 
1378         if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1379                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1380                 return;
1381         }
1382 
1383         if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1384                 skp = smk_import_entry(value, size);
1385                 if (!IS_ERR(skp))
1386                         isp->smk_inode = skp;
1387         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1388                 skp = smk_import_entry(value, size);
1389                 if (!IS_ERR(skp))
1390                         isp->smk_task = skp;
1391         } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1392                 skp = smk_import_entry(value, size);
1393                 if (!IS_ERR(skp))
1394                         isp->smk_mmap = skp;
1395         }
1396 
1397         return;
1398 }
1399 
1400 /**
1401  * smack_inode_getxattr - Smack check on getxattr
1402  * @dentry: the object
1403  * @name: unused
1404  *
1405  * Returns 0 if access is permitted, an error code otherwise
1406  */
1407 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1408 {
1409         struct smk_audit_info ad;
1410         int rc;
1411 
1412         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1413         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1414 
1415         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1416         rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1417         return rc;
1418 }
1419 
1420 /**
1421  * smack_inode_removexattr - Smack check on removexattr
1422  * @dentry: the object
1423  * @name: name of the attribute
1424  *
1425  * Removing the Smack attribute requires CAP_MAC_ADMIN
1426  *
1427  * Returns 0 if access is permitted, an error code otherwise
1428  */
1429 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1430 {
1431         struct inode_smack *isp;
1432         struct smk_audit_info ad;
1433         int rc = 0;
1434 
1435         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1436             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1437             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1438             strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1439             strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1440             strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1441                 if (!smack_privileged(CAP_MAC_ADMIN))
1442                         rc = -EPERM;
1443         } else
1444                 rc = cap_inode_removexattr(dentry, name);
1445 
1446         if (rc != 0)
1447                 return rc;
1448 
1449         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1450         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1451 
1452         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1453         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1454         if (rc != 0)
1455                 return rc;
1456 
1457         isp = d_backing_inode(dentry)->i_security;
1458         /*
1459          * Don't do anything special for these.
1460          *      XATTR_NAME_SMACKIPIN
1461          *      XATTR_NAME_SMACKIPOUT
1462          */
1463         if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1464                 struct super_block *sbp = dentry->d_sb;
1465                 struct superblock_smack *sbsp = sbp->s_security;
1466 
1467                 isp->smk_inode = sbsp->smk_default;
1468         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1469                 isp->smk_task = NULL;
1470         else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1471                 isp->smk_mmap = NULL;
1472         else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1473                 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1474 
1475         return 0;
1476 }
1477 
1478 /**
1479  * smack_inode_getsecurity - get smack xattrs
1480  * @inode: the object
1481  * @name: attribute name
1482  * @buffer: where to put the result
1483  * @alloc: unused
1484  *
1485  * Returns the size of the attribute or an error code
1486  */
1487 static int smack_inode_getsecurity(struct inode *inode,
1488                                    const char *name, void **buffer,
1489                                    bool alloc)
1490 {
1491         struct socket_smack *ssp;
1492         struct socket *sock;
1493         struct super_block *sbp;
1494         struct inode *ip = (struct inode *)inode;
1495         struct smack_known *isp;
1496         int ilen;
1497         int rc = 0;
1498 
1499         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1500                 isp = smk_of_inode(inode);
1501                 ilen = strlen(isp->smk_known);
1502                 *buffer = isp->smk_known;
1503                 return ilen;
1504         }
1505 
1506         /*
1507          * The rest of the Smack xattrs are only on sockets.
1508          */
1509         sbp = ip->i_sb;
1510         if (sbp->s_magic != SOCKFS_MAGIC)
1511                 return -EOPNOTSUPP;
1512 
1513         sock = SOCKET_I(ip);
1514         if (sock == NULL || sock->sk == NULL)
1515                 return -EOPNOTSUPP;
1516 
1517         ssp = sock->sk->sk_security;
1518 
1519         if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1520                 isp = ssp->smk_in;
1521         else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1522                 isp = ssp->smk_out;
1523         else
1524                 return -EOPNOTSUPP;
1525 
1526         ilen = strlen(isp->smk_known);
1527         if (rc == 0) {
1528                 *buffer = isp->smk_known;
1529                 rc = ilen;
1530         }
1531 
1532         return rc;
1533 }
1534 
1535 
1536 /**
1537  * smack_inode_listsecurity - list the Smack attributes
1538  * @inode: the object
1539  * @buffer: where they go
1540  * @buffer_size: size of buffer
1541  */
1542 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1543                                     size_t buffer_size)
1544 {
1545         int len = sizeof(XATTR_NAME_SMACK);
1546 
1547         if (buffer != NULL && len <= buffer_size)
1548                 memcpy(buffer, XATTR_NAME_SMACK, len);
1549 
1550         return len;
1551 }
1552 
1553 /**
1554  * smack_inode_getsecid - Extract inode's security id
1555  * @inode: inode to extract the info from
1556  * @secid: where result will be saved
1557  */
1558 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1559 {
1560         struct inode_smack *isp = inode->i_security;
1561 
1562         *secid = isp->smk_inode->smk_secid;
1563 }
1564 
1565 /*
1566  * File Hooks
1567  */
1568 
1569 /*
1570  * There is no smack_file_permission hook
1571  *
1572  * Should access checks be done on each read or write?
1573  * UNICOS and SELinux say yes.
1574  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1575  *
1576  * I'll say no for now. Smack does not do the frequent
1577  * label changing that SELinux does.
1578  */
1579 
1580 /**
1581  * smack_file_alloc_security - assign a file security blob
1582  * @file: the object
1583  *
1584  * The security blob for a file is a pointer to the master
1585  * label list, so no allocation is done.
1586  *
1587  * f_security is the owner security information. It
1588  * isn't used on file access checks, it's for send_sigio.
1589  *
1590  * Returns 0
1591  */
1592 static int smack_file_alloc_security(struct file *file)
1593 {
1594         struct smack_known *skp = smk_of_current();
1595 
1596         file->f_security = skp;
1597         return 0;
1598 }
1599 
1600 /**
1601  * smack_file_free_security - clear a file security blob
1602  * @file: the object
1603  *
1604  * The security blob for a file is a pointer to the master
1605  * label list, so no memory is freed.
1606  */
1607 static void smack_file_free_security(struct file *file)
1608 {
1609         file->f_security = NULL;
1610 }
1611 
1612 /**
1613  * smack_file_ioctl - Smack check on ioctls
1614  * @file: the object
1615  * @cmd: what to do
1616  * @arg: unused
1617  *
1618  * Relies heavily on the correct use of the ioctl command conventions.
1619  *
1620  * Returns 0 if allowed, error code otherwise
1621  */
1622 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1623                             unsigned long arg)
1624 {
1625         int rc = 0;
1626         struct smk_audit_info ad;
1627         struct inode *inode = file_inode(file);
1628 
1629         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1630         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1631 
1632         if (_IOC_DIR(cmd) & _IOC_WRITE) {
1633                 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1634                 rc = smk_bu_file(file, MAY_WRITE, rc);
1635         }
1636 
1637         if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1638                 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1639                 rc = smk_bu_file(file, MAY_READ, rc);
1640         }
1641 
1642         return rc;
1643 }
1644 
1645 /**
1646  * smack_file_lock - Smack check on file locking
1647  * @file: the object
1648  * @cmd: unused
1649  *
1650  * Returns 0 if current has lock access, error code otherwise
1651  */
1652 static int smack_file_lock(struct file *file, unsigned int cmd)
1653 {
1654         struct smk_audit_info ad;
1655         int rc;
1656         struct inode *inode = file_inode(file);
1657 
1658         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1659         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1660         rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1661         rc = smk_bu_file(file, MAY_LOCK, rc);
1662         return rc;
1663 }
1664 
1665 /**
1666  * smack_file_fcntl - Smack check on fcntl
1667  * @file: the object
1668  * @cmd: what action to check
1669  * @arg: unused
1670  *
1671  * Generally these operations are harmless.
1672  * File locking operations present an obvious mechanism
1673  * for passing information, so they require write access.
1674  *
1675  * Returns 0 if current has access, error code otherwise
1676  */
1677 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1678                             unsigned long arg)
1679 {
1680         struct smk_audit_info ad;
1681         int rc = 0;
1682         struct inode *inode = file_inode(file);
1683 
1684         switch (cmd) {
1685         case F_GETLK:
1686                 break;
1687         case F_SETLK:
1688         case F_SETLKW:
1689                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1690                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1691                 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1692                 rc = smk_bu_file(file, MAY_LOCK, rc);
1693                 break;
1694         case F_SETOWN:
1695         case F_SETSIG:
1696                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1697                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1698                 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1699                 rc = smk_bu_file(file, MAY_WRITE, rc);
1700                 break;
1701         default:
1702                 break;
1703         }
1704 
1705         return rc;
1706 }
1707 
1708 /**
1709  * smack_mmap_file :
1710  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1711  * if mapping anonymous memory.
1712  * @file contains the file structure for file to map (may be NULL).
1713  * @reqprot contains the protection requested by the application.
1714  * @prot contains the protection that will be applied by the kernel.
1715  * @flags contains the operational flags.
1716  * Return 0 if permission is granted.
1717  */
1718 static int smack_mmap_file(struct file *file,
1719                            unsigned long reqprot, unsigned long prot,
1720                            unsigned long flags)
1721 {
1722         struct smack_known *skp;
1723         struct smack_known *mkp;
1724         struct smack_rule *srp;
1725         struct task_smack *tsp;
1726         struct smack_known *okp;
1727         struct inode_smack *isp;
1728         struct superblock_smack *sbsp;
1729         int may;
1730         int mmay;
1731         int tmay;
1732         int rc;
1733 
1734         if (file == NULL)
1735                 return 0;
1736 
1737         isp = file_inode(file)->i_security;
1738         if (isp->smk_mmap == NULL)
1739                 return 0;
1740         sbsp = file_inode(file)->i_sb->s_security;
1741         if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1742             isp->smk_mmap != sbsp->smk_root)
1743                 return -EACCES;
1744         mkp = isp->smk_mmap;
1745 
1746         tsp = current_security();
1747         skp = smk_of_current();
1748         rc = 0;
1749 
1750         rcu_read_lock();
1751         /*
1752          * For each Smack rule associated with the subject
1753          * label verify that the SMACK64MMAP also has access
1754          * to that rule's object label.
1755          */
1756         list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1757                 okp = srp->smk_object;
1758                 /*
1759                  * Matching labels always allows access.
1760                  */
1761                 if (mkp->smk_known == okp->smk_known)
1762                         continue;
1763                 /*
1764                  * If there is a matching local rule take
1765                  * that into account as well.
1766                  */
1767                 may = smk_access_entry(srp->smk_subject->smk_known,
1768                                        okp->smk_known,
1769                                        &tsp->smk_rules);
1770                 if (may == -ENOENT)
1771                         may = srp->smk_access;
1772                 else
1773                         may &= srp->smk_access;
1774                 /*
1775                  * If may is zero the SMACK64MMAP subject can't
1776                  * possibly have less access.
1777                  */
1778                 if (may == 0)
1779                         continue;
1780 
1781                 /*
1782                  * Fetch the global list entry.
1783                  * If there isn't one a SMACK64MMAP subject
1784                  * can't have as much access as current.
1785                  */
1786                 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1787                                         &mkp->smk_rules);
1788                 if (mmay == -ENOENT) {
1789                         rc = -EACCES;
1790                         break;
1791                 }
1792                 /*
1793                  * If there is a local entry it modifies the
1794                  * potential access, too.
1795                  */
1796                 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1797                                         &tsp->smk_rules);
1798                 if (tmay != -ENOENT)
1799                         mmay &= tmay;
1800 
1801                 /*
1802                  * If there is any access available to current that is
1803                  * not available to a SMACK64MMAP subject
1804                  * deny access.
1805                  */
1806                 if ((may | mmay) != mmay) {
1807                         rc = -EACCES;
1808                         break;
1809                 }
1810         }
1811 
1812         rcu_read_unlock();
1813 
1814         return rc;
1815 }
1816 
1817 /**
1818  * smack_file_set_fowner - set the file security blob value
1819  * @file: object in question
1820  *
1821  */
1822 static void smack_file_set_fowner(struct file *file)
1823 {
1824         file->f_security = smk_of_current();
1825 }
1826 
1827 /**
1828  * smack_file_send_sigiotask - Smack on sigio
1829  * @tsk: The target task
1830  * @fown: the object the signal come from
1831  * @signum: unused
1832  *
1833  * Allow a privileged task to get signals even if it shouldn't
1834  *
1835  * Returns 0 if a subject with the object's smack could
1836  * write to the task, an error code otherwise.
1837  */
1838 static int smack_file_send_sigiotask(struct task_struct *tsk,
1839                                      struct fown_struct *fown, int signum)
1840 {
1841         struct smack_known *skp;
1842         struct smack_known *tkp = smk_of_task(tsk->cred->security);
1843         struct file *file;
1844         int rc;
1845         struct smk_audit_info ad;
1846 
1847         /*
1848          * struct fown_struct is never outside the context of a struct file
1849          */
1850         file = container_of(fown, struct file, f_owner);
1851 
1852         /* we don't log here as rc can be overriden */
1853         skp = file->f_security;
1854         rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1855         rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1856         if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1857                 rc = 0;
1858 
1859         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1860         smk_ad_setfield_u_tsk(&ad, tsk);
1861         smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1862         return rc;
1863 }
1864 
1865 /**
1866  * smack_file_receive - Smack file receive check
1867  * @file: the object
1868  *
1869  * Returns 0 if current has access, error code otherwise
1870  */
1871 static int smack_file_receive(struct file *file)
1872 {
1873         int rc;
1874         int may = 0;
1875         struct smk_audit_info ad;
1876         struct inode *inode = file_inode(file);
1877         struct socket *sock;
1878         struct task_smack *tsp;
1879         struct socket_smack *ssp;
1880 
1881         if (unlikely(IS_PRIVATE(inode)))
1882                 return 0;
1883 
1884         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1885         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1886 
1887         if (S_ISSOCK(inode->i_mode)) {
1888                 sock = SOCKET_I(inode);
1889                 ssp = sock->sk->sk_security;
1890                 tsp = current_security();
1891                 /*
1892                  * If the receiving process can't write to the
1893                  * passed socket or if the passed socket can't
1894                  * write to the receiving process don't accept
1895                  * the passed socket.
1896                  */
1897                 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1898                 rc = smk_bu_file(file, may, rc);
1899                 if (rc < 0)
1900                         return rc;
1901                 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1902                 rc = smk_bu_file(file, may, rc);
1903                 return rc;
1904         }
1905         /*
1906          * This code relies on bitmasks.
1907          */
1908         if (file->f_mode & FMODE_READ)
1909                 may = MAY_READ;
1910         if (file->f_mode & FMODE_WRITE)
1911                 may |= MAY_WRITE;
1912 
1913         rc = smk_curacc(smk_of_inode(inode), may, &ad);
1914         rc = smk_bu_file(file, may, rc);
1915         return rc;
1916 }
1917 
1918 /**
1919  * smack_file_open - Smack dentry open processing
1920  * @file: the object
1921  * @cred: task credential
1922  *
1923  * Set the security blob in the file structure.
1924  * Allow the open only if the task has read access. There are
1925  * many read operations (e.g. fstat) that you can do with an
1926  * fd even if you have the file open write-only.
1927  *
1928  * Returns 0
1929  */
1930 static int smack_file_open(struct file *file, const struct cred *cred)
1931 {
1932         struct task_smack *tsp = cred->security;
1933         struct inode *inode = file_inode(file);
1934         struct smk_audit_info ad;
1935         int rc;
1936 
1937         if (smack_privileged(CAP_MAC_OVERRIDE))
1938                 return 0;
1939 
1940         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1941         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1942         rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad);
1943         rc = smk_bu_credfile(cred, file, MAY_READ, rc);
1944 
1945         return rc;
1946 }
1947 
1948 /*
1949  * Task hooks
1950  */
1951 
1952 /**
1953  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1954  * @new: the new credentials
1955  * @gfp: the atomicity of any memory allocations
1956  *
1957  * Prepare a blank set of credentials for modification.  This must allocate all
1958  * the memory the LSM module might require such that cred_transfer() can
1959  * complete without error.
1960  */
1961 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1962 {
1963         struct task_smack *tsp;
1964 
1965         tsp = new_task_smack(NULL, NULL, gfp);
1966         if (tsp == NULL)
1967                 return -ENOMEM;
1968 
1969         cred->security = tsp;
1970 
1971         return 0;
1972 }
1973 
1974 
1975 /**
1976  * smack_cred_free - "free" task-level security credentials
1977  * @cred: the credentials in question
1978  *
1979  */
1980 static void smack_cred_free(struct cred *cred)
1981 {
1982         struct task_smack *tsp = cred->security;
1983         struct smack_rule *rp;
1984         struct list_head *l;
1985         struct list_head *n;
1986 
1987         if (tsp == NULL)
1988                 return;
1989         cred->security = NULL;
1990 
1991         smk_destroy_label_list(&tsp->smk_relabel);
1992 
1993         list_for_each_safe(l, n, &tsp->smk_rules) {
1994                 rp = list_entry(l, struct smack_rule, list);
1995                 list_del(&rp->list);
1996                 kfree(rp);
1997         }
1998         kfree(tsp);
1999 }
2000 
2001 /**
2002  * smack_cred_prepare - prepare new set of credentials for modification
2003  * @new: the new credentials
2004  * @old: the original credentials
2005  * @gfp: the atomicity of any memory allocations
2006  *
2007  * Prepare a new set of credentials for modification.
2008  */
2009 static int smack_cred_prepare(struct cred *new, const struct cred *old,
2010                               gfp_t gfp)
2011 {
2012         struct task_smack *old_tsp = old->security;
2013         struct task_smack *new_tsp;
2014         int rc;
2015 
2016         new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
2017         if (new_tsp == NULL)
2018                 return -ENOMEM;
2019 
2020         new->security = new_tsp;
2021 
2022         rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2023         if (rc != 0)
2024                 return rc;
2025 
2026         rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2027                                 gfp);
2028         if (rc != 0)
2029                 return rc;
2030 
2031         return 0;
2032 }
2033 
2034 /**
2035  * smack_cred_transfer - Transfer the old credentials to the new credentials
2036  * @new: the new credentials
2037  * @old: the original credentials
2038  *
2039  * Fill in a set of blank credentials from another set of credentials.
2040  */
2041 static void smack_cred_transfer(struct cred *new, const struct cred *old)
2042 {
2043         struct task_smack *old_tsp = old->security;
2044         struct task_smack *new_tsp = new->security;
2045 
2046         new_tsp->smk_task = old_tsp->smk_task;
2047         new_tsp->smk_forked = old_tsp->smk_task;
2048         mutex_init(&new_tsp->smk_rules_lock);
2049         INIT_LIST_HEAD(&new_tsp->smk_rules);
2050 
2051 
2052         /* cbs copy rule list */
2053 }
2054 
2055 /**
2056  * smack_kernel_act_as - Set the subjective context in a set of credentials
2057  * @new: points to the set of credentials to be modified.
2058  * @secid: specifies the security ID to be set
2059  *
2060  * Set the security data for a kernel service.
2061  */
2062 static int smack_kernel_act_as(struct cred *new, u32 secid)
2063 {
2064         struct task_smack *new_tsp = new->security;
2065 
2066         new_tsp->smk_task = smack_from_secid(secid);
2067         return 0;
2068 }
2069 
2070 /**
2071  * smack_kernel_create_files_as - Set the file creation label in a set of creds
2072  * @new: points to the set of credentials to be modified
2073  * @inode: points to the inode to use as a reference
2074  *
2075  * Set the file creation context in a set of credentials to the same
2076  * as the objective context of the specified inode
2077  */
2078 static int smack_kernel_create_files_as(struct cred *new,
2079                                         struct inode *inode)
2080 {
2081         struct inode_smack *isp = inode->i_security;
2082         struct task_smack *tsp = new->security;
2083 
2084         tsp->smk_forked = isp->smk_inode;
2085         tsp->smk_task = tsp->smk_forked;
2086         return 0;
2087 }
2088 
2089 /**
2090  * smk_curacc_on_task - helper to log task related access
2091  * @p: the task object
2092  * @access: the access requested
2093  * @caller: name of the calling function for audit
2094  *
2095  * Return 0 if access is permitted
2096  */
2097 static int smk_curacc_on_task(struct task_struct *p, int access,
2098                                 const char *caller)
2099 {
2100         struct smk_audit_info ad;
2101         struct smack_known *skp = smk_of_task_struct(p);
2102         int rc;
2103 
2104         smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2105         smk_ad_setfield_u_tsk(&ad, p);
2106         rc = smk_curacc(skp, access, &ad);
2107         rc = smk_bu_task(p, access, rc);
2108         return rc;
2109 }
2110 
2111 /**
2112  * smack_task_setpgid - Smack check on setting pgid
2113  * @p: the task object
2114  * @pgid: unused
2115  *
2116  * Return 0 if write access is permitted
2117  */
2118 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2119 {
2120         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2121 }
2122 
2123 /**
2124  * smack_task_getpgid - Smack access check for getpgid
2125  * @p: the object task
2126  *
2127  * Returns 0 if current can read the object task, error code otherwise
2128  */
2129 static int smack_task_getpgid(struct task_struct *p)
2130 {
2131         return smk_curacc_on_task(p, MAY_READ, __func__);
2132 }
2133 
2134 /**
2135  * smack_task_getsid - Smack access check for getsid
2136  * @p: the object task
2137  *
2138  * Returns 0 if current can read the object task, error code otherwise
2139  */
2140 static int smack_task_getsid(struct task_struct *p)
2141 {
2142         return smk_curacc_on_task(p, MAY_READ, __func__);
2143 }
2144 
2145 /**
2146  * smack_task_getsecid - get the secid of the task
2147  * @p: the object task
2148  * @secid: where to put the result
2149  *
2150  * Sets the secid to contain a u32 version of the smack label.
2151  */
2152 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2153 {
2154         struct smack_known *skp = smk_of_task_struct(p);
2155 
2156         *secid = skp->smk_secid;
2157 }
2158 
2159 /**
2160  * smack_task_setnice - Smack check on setting nice
2161  * @p: the task object
2162  * @nice: unused
2163  *
2164  * Return 0 if write access is permitted
2165  */
2166 static int smack_task_setnice(struct task_struct *p, int nice)
2167 {
2168         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2169 }
2170 
2171 /**
2172  * smack_task_setioprio - Smack check on setting ioprio
2173  * @p: the task object
2174  * @ioprio: unused
2175  *
2176  * Return 0 if write access is permitted
2177  */
2178 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2179 {
2180         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2181 }
2182 
2183 /**
2184  * smack_task_getioprio - Smack check on reading ioprio
2185  * @p: the task object
2186  *
2187  * Return 0 if read access is permitted
2188  */
2189 static int smack_task_getioprio(struct task_struct *p)
2190 {
2191         return smk_curacc_on_task(p, MAY_READ, __func__);
2192 }
2193 
2194 /**
2195  * smack_task_setscheduler - Smack check on setting scheduler
2196  * @p: the task object
2197  * @policy: unused
2198  * @lp: unused
2199  *
2200  * Return 0 if read access is permitted
2201  */
2202 static int smack_task_setscheduler(struct task_struct *p)
2203 {
2204         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2205 }
2206 
2207 /**
2208  * smack_task_getscheduler - Smack check on reading scheduler
2209  * @p: the task object
2210  *
2211  * Return 0 if read access is permitted
2212  */
2213 static int smack_task_getscheduler(struct task_struct *p)
2214 {
2215         return smk_curacc_on_task(p, MAY_READ, __func__);
2216 }
2217 
2218 /**
2219  * smack_task_movememory - Smack check on moving memory
2220  * @p: the task object
2221  *
2222  * Return 0 if write access is permitted
2223  */
2224 static int smack_task_movememory(struct task_struct *p)
2225 {
2226         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2227 }
2228 
2229 /**
2230  * smack_task_kill - Smack check on signal delivery
2231  * @p: the task object
2232  * @info: unused
2233  * @sig: unused
2234  * @secid: identifies the smack to use in lieu of current's
2235  *
2236  * Return 0 if write access is permitted
2237  *
2238  * The secid behavior is an artifact of an SELinux hack
2239  * in the USB code. Someday it may go away.
2240  */
2241 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
2242                            int sig, u32 secid)
2243 {
2244         struct smk_audit_info ad;
2245         struct smack_known *skp;
2246         struct smack_known *tkp = smk_of_task_struct(p);
2247         int rc;
2248 
2249         if (!sig)
2250                 return 0; /* null signal; existence test */
2251 
2252         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2253         smk_ad_setfield_u_tsk(&ad, p);
2254         /*
2255          * Sending a signal requires that the sender
2256          * can write the receiver.
2257          */
2258         if (secid == 0) {
2259                 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2260                 rc = smk_bu_task(p, MAY_DELIVER, rc);
2261                 return rc;
2262         }
2263         /*
2264          * If the secid isn't 0 we're dealing with some USB IO
2265          * specific behavior. This is not clean. For one thing
2266          * we can't take privilege into account.
2267          */
2268         skp = smack_from_secid(secid);
2269         rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2270         rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2271         return rc;
2272 }
2273 
2274 /**
2275  * smack_task_wait - Smack access check for waiting
2276  * @p: task to wait for
2277  *
2278  * Returns 0
2279  */
2280 static int smack_task_wait(struct task_struct *p)
2281 {
2282         /*
2283          * Allow the operation to succeed.
2284          * Zombies are bad.
2285          * In userless environments (e.g. phones) programs
2286          * get marked with SMACK64EXEC and even if the parent
2287          * and child shouldn't be talking the parent still
2288          * may expect to know when the child exits.
2289          */
2290         return 0;
2291 }
2292 
2293 /**
2294  * smack_task_to_inode - copy task smack into the inode blob
2295  * @p: task to copy from
2296  * @inode: inode to copy to
2297  *
2298  * Sets the smack pointer in the inode security blob
2299  */
2300 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2301 {
2302         struct inode_smack *isp = inode->i_security;
2303         struct smack_known *skp = smk_of_task_struct(p);
2304 
2305         isp->smk_inode = skp;
2306 }
2307 
2308 /*
2309  * Socket hooks.
2310  */
2311 
2312 /**
2313  * smack_sk_alloc_security - Allocate a socket blob
2314  * @sk: the socket
2315  * @family: unused
2316  * @gfp_flags: memory allocation flags
2317  *
2318  * Assign Smack pointers to current
2319  *
2320  * Returns 0 on success, -ENOMEM is there's no memory
2321  */
2322 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2323 {
2324         struct smack_known *skp = smk_of_current();
2325         struct socket_smack *ssp;
2326 
2327         ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2328         if (ssp == NULL)
2329                 return -ENOMEM;
2330 
2331         /*
2332          * Sockets created by kernel threads receive web label.
2333          */
2334         if (unlikely(current->flags & PF_KTHREAD)) {
2335                 ssp->smk_in = &smack_known_web;
2336                 ssp->smk_out = &smack_known_web;
2337         } else {
2338                 ssp->smk_in = skp;
2339                 ssp->smk_out = skp;
2340         }
2341         ssp->smk_packet = NULL;
2342 
2343         sk->sk_security = ssp;
2344 
2345         return 0;
2346 }
2347 
2348 /**
2349  * smack_sk_free_security - Free a socket blob
2350  * @sk: the socket
2351  *
2352  * Clears the blob pointer
2353  */
2354 static void smack_sk_free_security(struct sock *sk)
2355 {
2356         kfree(sk->sk_security);
2357 }
2358 
2359 /**
2360 * smack_ipv4host_label - check host based restrictions
2361 * @sip: the object end
2362 *
2363 * looks for host based access restrictions
2364 *
2365 * This version will only be appropriate for really small sets of single label
2366 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2367 * taken before calling this function.
2368 *
2369 * Returns the label of the far end or NULL if it's not special.
2370 */
2371 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2372 {
2373         struct smk_net4addr *snp;
2374         struct in_addr *siap = &sip->sin_addr;
2375 
2376         if (siap->s_addr == 0)
2377                 return NULL;
2378 
2379         list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2380                 /*
2381                  * we break after finding the first match because
2382                  * the list is sorted from longest to shortest mask
2383                  * so we have found the most specific match
2384                  */
2385                 if (snp->smk_host.s_addr ==
2386                     (siap->s_addr & snp->smk_mask.s_addr))
2387                         return snp->smk_label;
2388 
2389         return NULL;
2390 }
2391 
2392 #if IS_ENABLED(CONFIG_IPV6)
2393 /*
2394  * smk_ipv6_localhost - Check for local ipv6 host address
2395  * @sip: the address
2396  *
2397  * Returns boolean true if this is the localhost address
2398  */
2399 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2400 {
2401         __be16 *be16p = (__be16 *)&sip->sin6_addr;
2402         __be32 *be32p = (__be32 *)&sip->sin6_addr;
2403 
2404         if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2405             ntohs(be16p[7]) == 1)
2406                 return true;
2407         return false;
2408 }
2409 
2410 /**
2411 * smack_ipv6host_label - check host based restrictions
2412 * @sip: the object end
2413 *
2414 * looks for host based access restrictions
2415 *
2416 * This version will only be appropriate for really small sets of single label
2417 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2418 * taken before calling this function.
2419 *
2420 * Returns the label of the far end or NULL if it's not special.
2421 */
2422 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2423 {
2424         struct smk_net6addr *snp;
2425         struct in6_addr *sap = &sip->sin6_addr;
2426         int i;
2427         int found = 0;
2428 
2429         /*
2430          * It's local. Don't look for a host label.
2431          */
2432         if (smk_ipv6_localhost(sip))
2433                 return NULL;
2434 
2435         list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2436                 /*
2437                  * If the label is NULL the entry has
2438                  * been renounced. Ignore it.
2439                  */
2440                 if (snp->smk_label == NULL)
2441                         continue;
2442                 /*
2443                 * we break after finding the first match because
2444                 * the list is sorted from longest to shortest mask
2445                 * so we have found the most specific match
2446                 */
2447                 for (found = 1, i = 0; i < 8; i++) {
2448                         if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2449                             snp->smk_host.s6_addr16[i]) {
2450                                 found = 0;
2451                                 break;
2452                         }
2453                 }
2454                 if (found)
2455                         return snp->smk_label;
2456         }
2457 
2458         return NULL;
2459 }
2460 #endif /* CONFIG_IPV6 */
2461 
2462 /**
2463  * smack_netlabel - Set the secattr on a socket
2464  * @sk: the socket
2465  * @labeled: socket label scheme
2466  *
2467  * Convert the outbound smack value (smk_out) to a
2468  * secattr and attach it to the socket.
2469  *
2470  * Returns 0 on success or an error code
2471  */
2472 static int smack_netlabel(struct sock *sk, int labeled)
2473 {
2474         struct smack_known *skp;
2475         struct socket_smack *ssp = sk->sk_security;
2476         int rc = 0;
2477 
2478         /*
2479          * Usually the netlabel code will handle changing the
2480          * packet labeling based on the label.
2481          * The case of a single label host is different, because
2482          * a single label host should never get a labeled packet
2483          * even though the label is usually associated with a packet
2484          * label.
2485          */
2486         local_bh_disable();
2487         bh_lock_sock_nested(sk);
2488 
2489         if (ssp->smk_out == smack_net_ambient ||
2490             labeled == SMACK_UNLABELED_SOCKET)
2491                 netlbl_sock_delattr(sk);
2492         else {
2493                 skp = ssp->smk_out;
2494                 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2495         }
2496 
2497         bh_unlock_sock(sk);
2498         local_bh_enable();
2499 
2500         return rc;
2501 }
2502 
2503 /**
2504  * smack_netlbel_send - Set the secattr on a socket and perform access checks
2505  * @sk: the socket
2506  * @sap: the destination address
2507  *
2508  * Set the correct secattr for the given socket based on the destination
2509  * address and perform any outbound access checks needed.
2510  *
2511  * Returns 0 on success or an error code.
2512  *
2513  */
2514 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2515 {
2516         struct smack_known *skp;
2517         int rc;
2518         int sk_lbl;
2519         struct smack_known *hkp;
2520         struct socket_smack *ssp = sk->sk_security;
2521         struct smk_audit_info ad;
2522 
2523         rcu_read_lock();
2524         hkp = smack_ipv4host_label(sap);
2525         if (hkp != NULL) {
2526 #ifdef CONFIG_AUDIT
2527                 struct lsm_network_audit net;
2528 
2529                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2530                 ad.a.u.net->family = sap->sin_family;
2531                 ad.a.u.net->dport = sap->sin_port;
2532                 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2533 #endif
2534                 sk_lbl = SMACK_UNLABELED_SOCKET;
2535                 skp = ssp->smk_out;
2536                 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2537                 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2538         } else {
2539                 sk_lbl = SMACK_CIPSO_SOCKET;
2540                 rc = 0;
2541         }
2542         rcu_read_unlock();
2543         if (rc != 0)
2544                 return rc;
2545 
2546         return smack_netlabel(sk, sk_lbl);
2547 }
2548 
2549 #if IS_ENABLED(CONFIG_IPV6)
2550 /**
2551  * smk_ipv6_check - check Smack access
2552  * @subject: subject Smack label
2553  * @object: object Smack label
2554  * @address: address
2555  * @act: the action being taken
2556  *
2557  * Check an IPv6 access
2558  */
2559 static int smk_ipv6_check(struct smack_known *subject,
2560                                 struct smack_known *object,
2561                                 struct sockaddr_in6 *address, int act)
2562 {
2563 #ifdef CONFIG_AUDIT
2564         struct lsm_network_audit net;
2565 #endif
2566         struct smk_audit_info ad;
2567         int rc;
2568 
2569 #ifdef CONFIG_AUDIT
2570         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2571         ad.a.u.net->family = PF_INET6;
2572         ad.a.u.net->dport = ntohs(address->sin6_port);
2573         if (act == SMK_RECEIVING)
2574                 ad.a.u.net->v6info.saddr = address->sin6_addr;
2575         else
2576                 ad.a.u.net->v6info.daddr = address->sin6_addr;
2577 #endif
2578         rc = smk_access(subject, object, MAY_WRITE, &ad);
2579         rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2580         return rc;
2581 }
2582 #endif /* CONFIG_IPV6 */
2583 
2584 #ifdef SMACK_IPV6_PORT_LABELING
2585 /**
2586  * smk_ipv6_port_label - Smack port access table management
2587  * @sock: socket
2588  * @address: address
2589  *
2590  * Create or update the port list entry
2591  */
2592 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2593 {
2594         struct sock *sk = sock->sk;
2595         struct sockaddr_in6 *addr6;
2596         struct socket_smack *ssp = sock->sk->sk_security;
2597         struct smk_port_label *spp;
2598         unsigned short port = 0;
2599 
2600         if (address == NULL) {
2601                 /*
2602                  * This operation is changing the Smack information
2603                  * on the bound socket. Take the changes to the port
2604                  * as well.
2605                  */
2606                 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2607                         if (sk != spp->smk_sock)
2608                                 continue;
2609                         spp->smk_in = ssp->smk_in;
2610                         spp->smk_out = ssp->smk_out;
2611                         return;
2612                 }
2613                 /*
2614                  * A NULL address is only used for updating existing
2615                  * bound entries. If there isn't one, it's OK.
2616                  */
2617                 return;
2618         }
2619 
2620         addr6 = (struct sockaddr_in6 *)address;
2621         port = ntohs(addr6->sin6_port);
2622         /*
2623          * This is a special case that is safely ignored.
2624          */
2625         if (port == 0)
2626                 return;
2627 
2628         /*
2629          * Look for an existing port list entry.
2630          * This is an indication that a port is getting reused.
2631          */
2632         list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2633                 if (spp->smk_port != port)
2634                         continue;
2635                 spp->smk_port = port;
2636                 spp->smk_sock = sk;
2637                 spp->smk_in = ssp->smk_in;
2638                 spp->smk_out = ssp->smk_out;
2639                 return;
2640         }
2641 
2642         /*
2643          * A new port entry is required.
2644          */
2645         spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2646         if (spp == NULL)
2647                 return;
2648 
2649         spp->smk_port = port;
2650         spp->smk_sock = sk;
2651         spp->smk_in = ssp->smk_in;
2652         spp->smk_out = ssp->smk_out;
2653 
2654         list_add(&spp->list, &smk_ipv6_port_list);
2655         return;
2656 }
2657 
2658 /**
2659  * smk_ipv6_port_check - check Smack port access
2660  * @sock: socket
2661  * @address: address
2662  *
2663  * Create or update the port list entry
2664  */
2665 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2666                                 int act)
2667 {
2668         struct smk_port_label *spp;
2669         struct socket_smack *ssp = sk->sk_security;
2670         struct smack_known *skp = NULL;
2671         unsigned short port;
2672         struct smack_known *object;
2673 
2674         if (act == SMK_RECEIVING) {
2675                 skp = smack_ipv6host_label(address);
2676                 object = ssp->smk_in;
2677         } else {
2678                 skp = ssp->smk_out;
2679                 object = smack_ipv6host_label(address);
2680         }
2681 
2682         /*
2683          * The other end is a single label host.
2684          */
2685         if (skp != NULL && object != NULL)
2686                 return smk_ipv6_check(skp, object, address, act);
2687         if (skp == NULL)
2688                 skp = smack_net_ambient;
2689         if (object == NULL)
2690                 object = smack_net_ambient;
2691 
2692         /*
2693          * It's remote, so port lookup does no good.
2694          */
2695         if (!smk_ipv6_localhost(address))
2696                 return smk_ipv6_check(skp, object, address, act);
2697 
2698         /*
2699          * It's local so the send check has to have passed.
2700          */
2701         if (act == SMK_RECEIVING)
2702                 return 0;
2703 
2704         port = ntohs(address->sin6_port);
2705         list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2706                 if (spp->smk_port != port)
2707                         continue;
2708                 object = spp->smk_in;
2709                 if (act == SMK_CONNECTING)
2710                         ssp->smk_packet = spp->smk_out;
2711                 break;
2712         }
2713 
2714         return smk_ipv6_check(skp, object, address, act);
2715 }
2716 #endif /* SMACK_IPV6_PORT_LABELING */
2717 
2718 /**
2719  * smack_inode_setsecurity - set smack xattrs
2720  * @inode: the object
2721  * @name: attribute name
2722  * @value: attribute value
2723  * @size: size of the attribute
2724  * @flags: unused
2725  *
2726  * Sets the named attribute in the appropriate blob
2727  *
2728  * Returns 0 on success, or an error code
2729  */
2730 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2731                                    const void *value, size_t size, int flags)
2732 {
2733         struct smack_known *skp;
2734         struct inode_smack *nsp = inode->i_security;
2735         struct socket_smack *ssp;
2736         struct socket *sock;
2737         int rc = 0;
2738 
2739         if (value == NULL || size > SMK_LONGLABEL || size == 0)
2740                 return -EINVAL;
2741 
2742         skp = smk_import_entry(value, size);
2743         if (IS_ERR(skp))
2744                 return PTR_ERR(skp);
2745 
2746         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2747                 nsp->smk_inode = skp;
2748                 nsp->smk_flags |= SMK_INODE_INSTANT;
2749                 return 0;
2750         }
2751         /*
2752          * The rest of the Smack xattrs are only on sockets.
2753          */
2754         if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2755                 return -EOPNOTSUPP;
2756 
2757         sock = SOCKET_I(inode);
2758         if (sock == NULL || sock->sk == NULL)
2759                 return -EOPNOTSUPP;
2760 
2761         ssp = sock->sk->sk_security;
2762 
2763         if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2764                 ssp->smk_in = skp;
2765         else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2766                 ssp->smk_out = skp;
2767                 if (sock->sk->sk_family == PF_INET) {
2768                         rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2769                         if (rc != 0)
2770                                 printk(KERN_WARNING
2771                                         "Smack: \"%s\" netlbl error %d.\n",
2772                                         __func__, -rc);
2773                 }
2774         } else
2775                 return -EOPNOTSUPP;
2776 
2777 #ifdef SMACK_IPV6_PORT_LABELING
2778         if (sock->sk->sk_family == PF_INET6)
2779                 smk_ipv6_port_label(sock, NULL);
2780 #endif
2781 
2782         return 0;
2783 }
2784 
2785 /**
2786  * smack_socket_post_create - finish socket setup
2787  * @sock: the socket
2788  * @family: protocol family
2789  * @type: unused
2790  * @protocol: unused
2791  * @kern: unused
2792  *
2793  * Sets the netlabel information on the socket
2794  *
2795  * Returns 0 on success, and error code otherwise
2796  */
2797 static int smack_socket_post_create(struct socket *sock, int family,
2798                                     int type, int protocol, int kern)
2799 {
2800         struct socket_smack *ssp;
2801 
2802         if (sock->sk == NULL)
2803                 return 0;
2804 
2805         /*
2806          * Sockets created by kernel threads receive web label.
2807          */
2808         if (unlikely(current->flags & PF_KTHREAD)) {
2809                 ssp = sock->sk->sk_security;
2810                 ssp->smk_in = &smack_known_web;
2811                 ssp->smk_out = &smack_known_web;
2812         }
2813 
2814         if (family != PF_INET)
2815                 return 0;
2816         /*
2817          * Set the outbound netlbl.
2818          */
2819         return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2820 }
2821 
2822 #ifdef SMACK_IPV6_PORT_LABELING
2823 /**
2824  * smack_socket_bind - record port binding information.
2825  * @sock: the socket
2826  * @address: the port address
2827  * @addrlen: size of the address
2828  *
2829  * Records the label bound to a port.
2830  *
2831  * Returns 0
2832  */
2833 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2834                                 int addrlen)
2835 {
2836         if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2837                 smk_ipv6_port_label(sock, address);
2838         return 0;
2839 }
2840 #endif /* SMACK_IPV6_PORT_LABELING */
2841 
2842 /**
2843  * smack_socket_connect - connect access check
2844  * @sock: the socket
2845  * @sap: the other end
2846  * @addrlen: size of sap
2847  *
2848  * Verifies that a connection may be possible
2849  *
2850  * Returns 0 on success, and error code otherwise
2851  */
2852 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2853                                 int addrlen)
2854 {
2855         int rc = 0;
2856 #if IS_ENABLED(CONFIG_IPV6)
2857         struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2858 #endif
2859 #ifdef SMACK_IPV6_SECMARK_LABELING
2860         struct smack_known *rsp;
2861         struct socket_smack *ssp = sock->sk->sk_security;
2862 #endif
2863 
2864         if (sock->sk == NULL)
2865                 return 0;
2866 
2867         switch (sock->sk->sk_family) {
2868         case PF_INET:
2869                 if (addrlen < sizeof(struct sockaddr_in))
2870                         return -EINVAL;
2871                 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2872                 break;
2873         case PF_INET6:
2874                 if (addrlen < sizeof(struct sockaddr_in6))
2875                         return -EINVAL;
2876 #ifdef SMACK_IPV6_SECMARK_LABELING
2877                 rsp = smack_ipv6host_label(sip);
2878                 if (rsp != NULL)
2879                         rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2880                                                 SMK_CONNECTING);
2881 #endif
2882 #ifdef SMACK_IPV6_PORT_LABELING
2883                 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2884 #endif
2885                 break;
2886         }
2887         return rc;
2888 }
2889 
2890 /**
2891  * smack_flags_to_may - convert S_ to MAY_ values
2892  * @flags: the S_ value
2893  *
2894  * Returns the equivalent MAY_ value
2895  */
2896 static int smack_flags_to_may(int flags)
2897 {
2898         int may = 0;
2899 
2900         if (flags & S_IRUGO)
2901                 may |= MAY_READ;
2902         if (flags & S_IWUGO)
2903                 may |= MAY_WRITE;
2904         if (flags & S_IXUGO)
2905                 may |= MAY_EXEC;
2906 
2907         return may;
2908 }
2909 
2910 /**
2911  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2912  * @msg: the object
2913  *
2914  * Returns 0
2915  */
2916 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2917 {
2918         struct smack_known *skp = smk_of_current();
2919 
2920         msg->security = skp;
2921         return 0;
2922 }
2923 
2924 /**
2925  * smack_msg_msg_free_security - Clear the security blob for msg_msg
2926  * @msg: the object
2927  *
2928  * Clears the blob pointer
2929  */
2930 static void smack_msg_msg_free_security(struct msg_msg *msg)
2931 {
2932         msg->security = NULL;
2933 }
2934 
2935 /**
2936  * smack_of_shm - the smack pointer for the shm
2937  * @shp: the object
2938  *
2939  * Returns a pointer to the smack value
2940  */
2941 static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
2942 {
2943         return (struct smack_known *)shp->shm_perm.security;
2944 }
2945 
2946 /**
2947  * smack_shm_alloc_security - Set the security blob for shm
2948  * @shp: the object
2949  *
2950  * Returns 0
2951  */
2952 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2953 {
2954         struct kern_ipc_perm *isp = &shp->shm_perm;
2955         struct smack_known *skp = smk_of_current();
2956 
2957         isp->security = skp;
2958         return 0;
2959 }
2960 
2961 /**
2962  * smack_shm_free_security - Clear the security blob for shm
2963  * @shp: the object
2964  *
2965  * Clears the blob pointer
2966  */
2967 static void smack_shm_free_security(struct shmid_kernel *shp)
2968 {
2969         struct kern_ipc_perm *isp = &shp->shm_perm;
2970 
2971         isp->security = NULL;
2972 }
2973 
2974 /**
2975  * smk_curacc_shm : check if current has access on shm
2976  * @shp : the object
2977  * @access : access requested
2978  *
2979  * Returns 0 if current has the requested access, error code otherwise
2980  */
2981 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2982 {
2983         struct smack_known *ssp = smack_of_shm(shp);
2984         struct smk_audit_info ad;
2985         int rc;
2986 
2987 #ifdef CONFIG_AUDIT
2988         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2989         ad.a.u.ipc_id = shp->shm_perm.id;
2990 #endif
2991         rc = smk_curacc(ssp, access, &ad);
2992         rc = smk_bu_current("shm", ssp, access, rc);
2993         return rc;
2994 }
2995 
2996 /**
2997  * smack_shm_associate - Smack access check for shm
2998  * @shp: the object
2999  * @shmflg: access requested
3000  *
3001  * Returns 0 if current has the requested access, error code otherwise
3002  */
3003 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
3004 {
3005         int may;
3006 
3007         may = smack_flags_to_may(shmflg);
3008         return smk_curacc_shm(shp, may);
3009 }
3010 
3011 /**
3012  * smack_shm_shmctl - Smack access check for shm
3013  * @shp: the object
3014  * @cmd: what it wants to do
3015  *
3016  * Returns 0 if current has the requested access, error code otherwise
3017  */
3018 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
3019 {
3020         int may;
3021 
3022         switch (cmd) {
3023         case IPC_STAT:
3024         case SHM_STAT:
3025                 may = MAY_READ;
3026                 break;
3027         case IPC_SET:
3028         case SHM_LOCK:
3029         case SHM_UNLOCK:
3030         case IPC_RMID:
3031                 may = MAY_READWRITE;
3032                 break;
3033         case IPC_INFO:
3034         case SHM_INFO:
3035                 /*
3036                  * System level information.
3037                  */
3038                 return 0;
3039         default:
3040                 return -EINVAL;
3041         }
3042         return smk_curacc_shm(shp, may);
3043 }
3044 
3045 /**
3046  * smack_shm_shmat - Smack access for shmat
3047  * @shp: the object
3048  * @shmaddr: unused
3049  * @shmflg: access requested
3050  *
3051  * Returns 0 if current has the requested access, error code otherwise
3052  */
3053 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
3054                            int shmflg)
3055 {
3056         int may;
3057 
3058         may = smack_flags_to_may(shmflg);
3059         return smk_curacc_shm(shp, may);
3060 }
3061 
3062 /**
3063  * smack_of_sem - the smack pointer for the sem
3064  * @sma: the object
3065  *
3066  * Returns a pointer to the smack value
3067  */
3068 static struct smack_known *smack_of_sem(struct sem_array *sma)
3069 {
3070         return (struct smack_known *)sma->sem_perm.security;
3071 }
3072 
3073 /**
3074  * smack_sem_alloc_security - Set the security blob for sem
3075  * @sma: the object
3076  *
3077  * Returns 0
3078  */
3079 static int smack_sem_alloc_security(struct sem_array *sma)
3080 {
3081         struct kern_ipc_perm *isp = &sma->sem_perm;
3082         struct smack_known *skp = smk_of_current();
3083 
3084         isp->security = skp;
3085         return 0;
3086 }
3087 
3088 /**
3089  * smack_sem_free_security - Clear the security blob for sem
3090  * @sma: the object
3091  *
3092  * Clears the blob pointer
3093  */
3094 static void smack_sem_free_security(struct sem_array *sma)
3095 {
3096         struct kern_ipc_perm *isp = &sma->sem_perm;
3097 
3098         isp->security = NULL;
3099 }
3100 
3101 /**
3102  * smk_curacc_sem : check if current has access on sem
3103  * @sma : the object
3104  * @access : access requested
3105  *
3106  * Returns 0 if current has the requested access, error code otherwise
3107  */
3108 static int smk_curacc_sem(struct sem_array *sma, int access)
3109 {
3110         struct smack_known *ssp = smack_of_sem(sma);
3111         struct smk_audit_info ad;
3112         int rc;
3113 
3114 #ifdef CONFIG_AUDIT
3115         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3116         ad.a.u.ipc_id = sma->sem_perm.id;
3117 #endif
3118         rc = smk_curacc(ssp, access, &ad);
3119         rc = smk_bu_current("sem", ssp, access, rc);
3120         return rc;
3121 }
3122 
3123 /**
3124  * smack_sem_associate - Smack access check for sem
3125  * @sma: the object
3126  * @semflg: access requested
3127  *
3128  * Returns 0 if current has the requested access, error code otherwise
3129  */
3130 static int smack_sem_associate(struct sem_array *sma, int semflg)
3131 {
3132         int may;
3133 
3134         may = smack_flags_to_may(semflg);
3135         return smk_curacc_sem(sma, may);
3136 }
3137 
3138 /**
3139  * smack_sem_shmctl - Smack access check for sem
3140  * @sma: the object
3141  * @cmd: what it wants to do
3142  *
3143  * Returns 0 if current has the requested access, error code otherwise
3144  */
3145 static int smack_sem_semctl(struct sem_array *sma, int cmd)
3146 {
3147         int may;
3148 
3149         switch (cmd) {
3150         case GETPID:
3151         case GETNCNT:
3152         case GETZCNT:
3153         case GETVAL:
3154         case GETALL:
3155         case IPC_STAT:
3156         case SEM_STAT:
3157                 may = MAY_READ;
3158                 break;
3159         case SETVAL:
3160         case SETALL:
3161         case IPC_RMID:
3162         case IPC_SET:
3163                 may = MAY_READWRITE;
3164                 break;
3165         case IPC_INFO:
3166         case SEM_INFO:
3167                 /*
3168                  * System level information
3169                  */
3170                 return 0;
3171         default:
3172                 return -EINVAL;
3173         }
3174 
3175         return smk_curacc_sem(sma, may);
3176 }
3177 
3178 /**
3179  * smack_sem_semop - Smack checks of semaphore operations
3180  * @sma: the object
3181  * @sops: unused
3182  * @nsops: unused
3183  * @alter: unused
3184  *
3185  * Treated as read and write in all cases.
3186  *
3187  * Returns 0 if access is allowed, error code otherwise
3188  */
3189 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
3190                            unsigned nsops, int alter)
3191 {
3192         return smk_curacc_sem(sma, MAY_READWRITE);
3193 }
3194 
3195 /**
3196  * smack_msg_alloc_security - Set the security blob for msg
3197  * @msq: the object
3198  *
3199  * Returns 0
3200  */
3201 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
3202 {
3203         struct kern_ipc_perm *kisp = &msq->q_perm;
3204         struct smack_known *skp = smk_of_current();
3205 
3206         kisp->security = skp;
3207         return 0;
3208 }
3209 
3210 /**
3211  * smack_msg_free_security - Clear the security blob for msg
3212  * @msq: the object
3213  *
3214  * Clears the blob pointer
3215  */
3216 static void smack_msg_queue_free_security(struct msg_queue *msq)
3217 {
3218         struct kern_ipc_perm *kisp = &msq->q_perm;
3219 
3220         kisp->security = NULL;
3221 }
3222 
3223 /**
3224  * smack_of_msq - the smack pointer for the msq
3225  * @msq: the object
3226  *
3227  * Returns a pointer to the smack label entry
3228  */
3229 static struct smack_known *smack_of_msq(struct msg_queue *msq)
3230 {
3231         return (struct smack_known *)msq->q_perm.security;
3232 }
3233 
3234 /**
3235  * smk_curacc_msq : helper to check if current has access on msq
3236  * @msq : the msq
3237  * @access : access requested
3238  *
3239  * return 0 if current has access, error otherwise
3240  */
3241 static int smk_curacc_msq(struct msg_queue *msq, int access)
3242 {
3243         struct smack_known *msp = smack_of_msq(msq);
3244         struct smk_audit_info ad;
3245         int rc;
3246 
3247 #ifdef CONFIG_AUDIT
3248         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3249         ad.a.u.ipc_id = msq->q_perm.id;
3250 #endif
3251         rc = smk_curacc(msp, access, &ad);
3252         rc = smk_bu_current("msq", msp, access, rc);
3253         return rc;
3254 }
3255 
3256 /**
3257  * smack_msg_queue_associate - Smack access check for msg_queue
3258  * @msq: the object
3259  * @msqflg: access requested
3260  *
3261  * Returns 0 if current has the requested access, error code otherwise
3262  */
3263 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
3264 {
3265         int may;
3266 
3267         may = smack_flags_to_may(msqflg);
3268         return smk_curacc_msq(msq, may);
3269 }
3270 
3271 /**
3272  * smack_msg_queue_msgctl - Smack access check for msg_queue
3273  * @msq: the object
3274  * @cmd: what it wants to do
3275  *
3276  * Returns 0 if current has the requested access, error code otherwise
3277  */
3278 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
3279 {
3280         int may;
3281 
3282         switch (cmd) {
3283         case IPC_STAT:
3284         case MSG_STAT:
3285                 may = MAY_READ;
3286                 break;
3287         case IPC_SET:
3288         case IPC_RMID:
3289                 may = MAY_READWRITE;
3290                 break;
3291         case IPC_INFO:
3292         case MSG_INFO:
3293                 /*
3294                  * System level information
3295                  */
3296                 return 0;
3297         default:
3298                 return -EINVAL;
3299         }
3300 
3301         return smk_curacc_msq(msq, may);
3302 }
3303 
3304 /**
3305  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3306  * @msq: the object
3307  * @msg: unused
3308  * @msqflg: access requested
3309  *
3310  * Returns 0 if current has the requested access, error code otherwise
3311  */
3312 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
3313                                   int msqflg)
3314 {
3315         int may;
3316 
3317         may = smack_flags_to_may(msqflg);
3318         return smk_curacc_msq(msq, may);
3319 }
3320 
3321 /**
3322  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3323  * @msq: the object
3324  * @msg: unused
3325  * @target: unused
3326  * @type: unused
3327  * @mode: unused
3328  *
3329  * Returns 0 if current has read and write access, error code otherwise
3330  */
3331 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
3332                         struct task_struct *target, long type, int mode)
3333 {
3334         return smk_curacc_msq(msq, MAY_READWRITE);
3335 }
3336 
3337 /**
3338  * smack_ipc_permission - Smack access for ipc_permission()
3339  * @ipp: the object permissions
3340  * @flag: access requested
3341  *
3342  * Returns 0 if current has read and write access, error code otherwise
3343  */
3344 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3345 {
3346         struct smack_known *iskp = ipp->security;
3347         int may = smack_flags_to_may(flag);
3348         struct smk_audit_info ad;
3349         int rc;
3350 
3351 #ifdef CONFIG_AUDIT
3352         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3353         ad.a.u.ipc_id = ipp->id;
3354 #endif
3355         rc = smk_curacc(iskp, may, &ad);
3356         rc = smk_bu_current("svipc", iskp, may, rc);
3357         return rc;
3358 }
3359 
3360 /**
3361  * smack_ipc_getsecid - Extract smack security id
3362  * @ipp: the object permissions
3363  * @secid: where result will be saved
3364  */
3365 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3366 {
3367         struct smack_known *iskp = ipp->security;
3368 
3369         *secid = iskp->smk_secid;
3370 }
3371 
3372 /**
3373  * smack_d_instantiate - Make sure the blob is correct on an inode
3374  * @opt_dentry: dentry where inode will be attached
3375  * @inode: the object
3376  *
3377  * Set the inode's security blob if it hasn't been done already.
3378  */
3379 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3380 {
3381         struct super_block *sbp;
3382         struct superblock_smack *sbsp;
3383         struct inode_smack *isp;
3384         struct smack_known *skp;
3385         struct smack_known *ckp = smk_of_current();
3386         struct smack_known *final;
3387         char trattr[TRANS_TRUE_SIZE];
3388         int transflag = 0;
3389         int rc;
3390         struct dentry *dp;
3391 
3392         if (inode == NULL)
3393                 return;
3394 
3395         isp = inode->i_security;
3396 
3397         mutex_lock(&isp->smk_lock);
3398         /*
3399          * If the inode is already instantiated
3400          * take the quick way out
3401          */
3402         if (isp->smk_flags & SMK_INODE_INSTANT)
3403                 goto unlockandout;
3404 
3405         sbp = inode->i_sb;
3406         sbsp = sbp->s_security;
3407         /*
3408          * We're going to use the superblock default label
3409          * if there's no label on the file.
3410          */
3411         final = sbsp->smk_default;
3412 
3413         /*
3414          * If this is the root inode the superblock
3415          * may be in the process of initialization.
3416          * If that is the case use the root value out
3417          * of the superblock.
3418          */
3419         if (opt_dentry->d_parent == opt_dentry) {
3420                 switch (sbp->s_magic) {
3421                 case CGROUP_SUPER_MAGIC:
3422                         /*
3423                          * The cgroup filesystem is never mounted,
3424                          * so there's no opportunity to set the mount
3425                          * options.
3426                          */
3427                         sbsp->smk_root = &smack_known_star;
3428                         sbsp->smk_default = &smack_known_star;
3429                         isp->smk_inode = sbsp->smk_root;
3430                         break;
3431                 case TMPFS_MAGIC:
3432                         /*
3433                          * What about shmem/tmpfs anonymous files with dentry
3434                          * obtained from d_alloc_pseudo()?
3435                          */
3436                         isp->smk_inode = smk_of_current();
3437                         break;
3438                 case PIPEFS_MAGIC:
3439                         isp->smk_inode = smk_of_current();
3440                         break;
3441                 default:
3442                         isp->smk_inode = sbsp->smk_root;
3443                         break;
3444                 }
3445                 isp->smk_flags |= SMK_INODE_INSTANT;
3446                 goto unlockandout;
3447         }
3448 
3449         /*
3450          * This is pretty hackish.
3451          * Casey says that we shouldn't have to do
3452          * file system specific code, but it does help
3453          * with keeping it simple.
3454          */
3455         switch (sbp->s_magic) {
3456         case SMACK_MAGIC:
3457         case PIPEFS_MAGIC:
3458         case SOCKFS_MAGIC:
3459         case CGROUP_SUPER_MAGIC:
3460                 /*
3461                  * Casey says that it's a little embarrassing
3462                  * that the smack file system doesn't do
3463                  * extended attributes.
3464                  *
3465                  * Casey says pipes are easy (?)
3466                  *
3467                  * Socket access is controlled by the socket
3468                  * structures associated with the task involved.
3469                  *
3470                  * Cgroupfs is special
3471                  */
3472                 final = &smack_known_star;
3473                 break;
3474         case DEVPTS_SUPER_MAGIC:
3475                 /*
3476                  * devpts seems content with the label of the task.
3477                  * Programs that change smack have to treat the
3478                  * pty with respect.
3479                  */
3480                 final = ckp;
3481                 break;
3482         case PROC_SUPER_MAGIC:
3483                 /*
3484                  * Casey says procfs appears not to care.
3485                  * The superblock default suffices.
3486                  */
3487                 break;
3488         case TMPFS_MAGIC:
3489                 /*
3490                  * Device labels should come from the filesystem,
3491                  * but watch out, because they're volitile,
3492                  * getting recreated on every reboot.
3493                  */
3494                 final = &smack_known_star;
3495                 /*
3496                  * No break.
3497                  *
3498                  * If a smack value has been set we want to use it,
3499                  * but since tmpfs isn't giving us the opportunity
3500                  * to set mount options simulate setting the
3501                  * superblock default.
3502                  */
3503         default:
3504                 /*
3505                  * This isn't an understood special case.
3506                  * Get the value from the xattr.
3507                  */
3508 
3509                 /*
3510                  * UNIX domain sockets use lower level socket data.
3511                  */
3512                 if (S_ISSOCK(inode->i_mode)) {
3513                         final = &smack_known_star;
3514                         break;
3515                 }
3516                 /*
3517                  * No xattr support means, alas, no SMACK label.
3518                  * Use the aforeapplied default.
3519                  * It would be curious if the label of the task
3520                  * does not match that assigned.
3521                  */
3522                 if (!(inode->i_opflags & IOP_XATTR))
3523                         break;
3524                 /*
3525                  * Get the dentry for xattr.
3526                  */
3527                 dp = dget(opt_dentry);
3528                 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3529                 if (!IS_ERR_OR_NULL(skp))
3530                         final = skp;
3531 
3532                 /*
3533                  * Transmuting directory
3534                  */
3535                 if (S_ISDIR(inode->i_mode)) {
3536                         /*
3537                          * If this is a new directory and the label was
3538                          * transmuted when the inode was initialized
3539                          * set the transmute attribute on the directory
3540                          * and mark the inode.
3541                          *
3542                          * If there is a transmute attribute on the
3543                          * directory mark the inode.
3544                          */
3545                         if (isp->smk_flags & SMK_INODE_CHANGED) {
3546                                 isp->smk_flags &= ~SMK_INODE_CHANGED;
3547                                 rc = __vfs_setxattr(dp, inode,
3548                                         XATTR_NAME_SMACKTRANSMUTE,
3549                                         TRANS_TRUE, TRANS_TRUE_SIZE,
3550                                         0);
3551                         } else {
3552                                 rc = __vfs_getxattr(dp, inode,
3553                                         XATTR_NAME_SMACKTRANSMUTE, trattr,
3554                                         TRANS_TRUE_SIZE);
3555                                 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3556                                                        TRANS_TRUE_SIZE) != 0)
3557                                         rc = -EINVAL;
3558                         }
3559                         if (rc >= 0)
3560                                 transflag = SMK_INODE_TRANSMUTE;
3561                 }
3562                 /*
3563                  * Don't let the exec or mmap label be "*" or "@".
3564                  */
3565                 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3566                 if (IS_ERR(skp) || skp == &smack_known_star ||
3567                     skp == &smack_known_web)
3568                         skp = NULL;
3569                 isp->smk_task = skp;
3570 
3571                 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3572                 if (IS_ERR(skp) || skp == &smack_known_star ||
3573                     skp == &smack_known_web)
3574                         skp = NULL;
3575                 isp->smk_mmap = skp;
3576 
3577                 dput(dp);
3578                 break;
3579         }
3580 
3581         if (final == NULL)
3582                 isp->smk_inode = ckp;
3583         else
3584                 isp->smk_inode = final;
3585 
3586         isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3587 
3588 unlockandout:
3589         mutex_unlock(&isp->smk_lock);
3590         return;
3591 }
3592 
3593 /**
3594  * smack_getprocattr - Smack process attribute access
3595  * @p: the object task
3596  * @name: the name of the attribute in /proc/.../attr
3597  * @value: where to put the result
3598  *
3599  * Places a copy of the task Smack into value
3600  *
3601  * Returns the length of the smack label or an error code
3602  */
3603 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3604 {
3605         struct smack_known *skp = smk_of_task_struct(p);
3606         char *cp;
3607         int slen;
3608 
3609         if (strcmp(name, "current") != 0)
3610                 return -EINVAL;
3611 
3612         cp = kstrdup(skp->smk_known, GFP_KERNEL);
3613         if (cp == NULL)
3614                 return -ENOMEM;
3615 
3616         slen = strlen(cp);
3617         *value = cp;
3618         return slen;
3619 }
3620 
3621 /**
3622  * smack_setprocattr - Smack process attribute setting
3623  * @p: the object task
3624  * @name: the name of the attribute in /proc/.../attr
3625  * @value: the value to set
3626  * @size: the size of the value
3627  *
3628  * Sets the Smack value of the task. Only setting self
3629  * is permitted and only with privilege
3630  *
3631  * Returns the length of the smack label or an error code
3632  */
3633 static int smack_setprocattr(struct task_struct *p, char *name,
3634                              void *value, size_t size)
3635 {
3636         struct task_smack *tsp = current_security();
3637         struct cred *new;
3638         struct smack_known *skp;
3639         struct smack_known_list_elem *sklep;
3640         int rc;
3641 
3642         /*
3643          * Changing another process' Smack value is too dangerous
3644          * and supports no sane use case.
3645          */
3646         if (p != current)
3647                 return -EPERM;
3648 
3649         if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3650                 return -EPERM;
3651 
3652         if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3653                 return -EINVAL;
3654 
3655         if (strcmp(name, "current") != 0)
3656                 return -EINVAL;
3657 
3658         skp = smk_import_entry(value, size);
3659         if (IS_ERR(skp))
3660                 return PTR_ERR(skp);
3661 
3662         /*
3663          * No process is ever allowed the web ("@") label
3664          * and the star ("*") label.
3665          */
3666         if (skp == &smack_known_web || skp == &smack_known_star)
3667                 return -EINVAL;
3668 
3669         if (!smack_privileged(CAP_MAC_ADMIN)) {
3670                 rc = -EPERM;
3671                 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3672                         if (sklep->smk_label == skp) {
3673                                 rc = 0;
3674                                 break;
3675                         }
3676                 if (rc)
3677                         return rc;
3678         }
3679 
3680         new = prepare_creds();
3681         if (new == NULL)
3682                 return -ENOMEM;
3683 
3684         tsp = new->security;
3685         tsp->smk_task = skp;
3686         /*
3687          * process can change its label only once
3688          */
3689         smk_destroy_label_list(&tsp->smk_relabel);
3690 
3691         commit_creds(new);
3692         return size;
3693 }
3694 
3695 /**
3696  * smack_unix_stream_connect - Smack access on UDS
3697  * @sock: one sock
3698  * @other: the other sock
3699  * @newsk: unused
3700  *
3701  * Return 0 if a subject with the smack of sock could access
3702  * an object with the smack of other, otherwise an error code
3703  */
3704 static int smack_unix_stream_connect(struct sock *sock,
3705                                      struct sock *other, struct sock *newsk)
3706 {
3707         struct smack_known *skp;
3708         struct smack_known *okp;
3709         struct socket_smack *ssp = sock->sk_security;
3710         struct socket_smack *osp = other->sk_security;
3711         struct socket_smack *nsp = newsk->sk_security;
3712         struct smk_audit_info ad;
3713         int rc = 0;
3714 #ifdef CONFIG_AUDIT
3715         struct lsm_network_audit net;
3716 #endif
3717 
3718         if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3719                 skp = ssp->smk_out;
3720                 okp = osp->smk_in;
3721 #ifdef CONFIG_AUDIT
3722                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3723                 smk_ad_setfield_u_net_sk(&ad, other);
3724 #endif
3725                 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3726                 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3727                 if (rc == 0) {
3728                         okp = osp->smk_out;
3729                         skp = ssp->smk_in;
3730                         rc = smk_access(okp, skp, MAY_WRITE, &ad);
3731                         rc = smk_bu_note("UDS connect", okp, skp,
3732                                                 MAY_WRITE, rc);
3733                 }
3734         }
3735 
3736         /*
3737          * Cross reference the peer labels for SO_PEERSEC.
3738          */
3739         if (rc == 0) {
3740                 nsp->smk_packet = ssp->smk_out;
3741                 ssp->smk_packet = osp->smk_out;
3742         }
3743 
3744         return rc;
3745 }
3746 
3747 /**
3748  * smack_unix_may_send - Smack access on UDS
3749  * @sock: one socket
3750  * @other: the other socket
3751  *
3752  * Return 0 if a subject with the smack of sock could access
3753  * an object with the smack of other, otherwise an error code
3754  */
3755 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3756 {
3757         struct socket_smack *ssp = sock->sk->sk_security;
3758         struct socket_smack *osp = other->sk->sk_security;
3759         struct smk_audit_info ad;
3760         int rc;
3761 
3762 #ifdef CONFIG_AUDIT
3763         struct lsm_network_audit net;
3764 
3765         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3766         smk_ad_setfield_u_net_sk(&ad, other->sk);
3767 #endif
3768 
3769         if (smack_privileged(CAP_MAC_OVERRIDE))
3770                 return 0;
3771 
3772         rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3773         rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3774         return rc;
3775 }
3776 
3777 /**
3778  * smack_socket_sendmsg - Smack check based on destination host
3779  * @sock: the socket
3780  * @msg: the message
3781  * @size: the size of the message
3782  *
3783  * Return 0 if the current subject can write to the destination host.
3784  * For IPv4 this is only a question if the destination is a single label host.
3785  * For IPv6 this is a check against the label of the port.
3786  */
3787 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3788                                 int size)
3789 {
3790         struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3791 #if IS_ENABLED(CONFIG_IPV6)
3792         struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3793 #endif
3794 #ifdef SMACK_IPV6_SECMARK_LABELING
3795         struct socket_smack *ssp = sock->sk->sk_security;
3796         struct smack_known *rsp;
3797 #endif
3798         int rc = 0;
3799 
3800         /*
3801          * Perfectly reasonable for this to be NULL
3802          */
3803         if (sip == NULL)
3804                 return 0;
3805 
3806         switch (sock->sk->sk_family) {
3807         case AF_INET:
3808                 rc = smack_netlabel_send(sock->sk, sip);
3809                 break;
3810         case AF_INET6:
3811 #ifdef SMACK_IPV6_SECMARK_LABELING
3812                 rsp = smack_ipv6host_label(sap);
3813                 if (rsp != NULL)
3814                         rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3815                                                 SMK_CONNECTING);
3816 #endif
3817 #ifdef SMACK_IPV6_PORT_LABELING
3818                 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3819 #endif
3820                 break;
3821         }
3822         return rc;
3823 }
3824 
3825 /**
3826  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3827  * @sap: netlabel secattr
3828  * @ssp: socket security information
3829  *
3830  * Returns a pointer to a Smack label entry found on the label list.
3831  */
3832 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3833                                                 struct socket_smack *ssp)
3834 {
3835         struct smack_known *skp;
3836         int found = 0;
3837         int acat;
3838         int kcat;
3839 
3840         if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3841                 /*
3842                  * Looks like a CIPSO packet.
3843                  * If there are flags but no level netlabel isn't
3844                  * behaving the way we expect it to.
3845                  *
3846                  * Look it up in the label table
3847                  * Without guidance regarding the smack value
3848                  * for the packet fall back on the network
3849                  * ambient value.
3850                  */
3851                 rcu_read_lock();
3852                 list_for_each_entry(skp, &smack_known_list, list) {
3853                         if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3854                                 continue;
3855                         /*
3856                          * Compare the catsets. Use the netlbl APIs.
3857                          */
3858                         if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3859                                 if ((skp->smk_netlabel.flags &
3860                                      NETLBL_SECATTR_MLS_CAT) == 0)
3861                                         found = 1;
3862                                 break;
3863                         }
3864                         for (acat = -1, kcat = -1; acat == kcat; ) {
3865                                 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3866                                                           acat + 1);
3867                                 kcat = netlbl_catmap_walk(
3868                                         skp->smk_netlabel.attr.mls.cat,
3869                                         kcat + 1);
3870                                 if (acat < 0 || kcat < 0)
3871                                         break;
3872                         }
3873                         if (acat == kcat) {
3874                                 found = 1;
3875                                 break;
3876                         }
3877                 }
3878                 rcu_read_unlock();
3879 
3880                 if (found)
3881                         return skp;
3882 
3883                 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3884                         return &smack_known_web;
3885                 return &smack_known_star;
3886         }
3887         if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3888                 /*
3889                  * Looks like a fallback, which gives us a secid.
3890                  */
3891                 return smack_from_secid(sap->attr.secid);
3892         /*
3893          * Without guidance regarding the smack value
3894          * for the packet fall back on the network
3895          * ambient value.
3896          */
3897         return smack_net_ambient;
3898 }
3899 
3900 #if IS_ENABLED(CONFIG_IPV6)
3901 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3902 {
3903         u8 nexthdr;
3904         int offset;
3905         int proto = -EINVAL;
3906         struct ipv6hdr _ipv6h;
3907         struct ipv6hdr *ip6;
3908         __be16 frag_off;
3909         struct tcphdr _tcph, *th;
3910         struct udphdr _udph, *uh;
3911         struct dccp_hdr _dccph, *dh;
3912 
3913         sip->sin6_port = 0;
3914 
3915         offset = skb_network_offset(skb);
3916         ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3917         if (ip6 == NULL)
3918                 return -EINVAL;
3919         sip->sin6_addr = ip6->saddr;
3920 
3921         nexthdr = ip6->nexthdr;
3922         offset += sizeof(_ipv6h);
3923         offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3924         if (offset < 0)
3925                 return -EINVAL;
3926 
3927         proto = nexthdr;
3928         switch (proto) {
3929         case IPPROTO_TCP:
3930                 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3931                 if (th != NULL)
3932                         sip->sin6_port = th->source;
3933                 break;
3934         case IPPROTO_UDP:
3935                 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3936                 if (uh != NULL)
3937                         sip->sin6_port = uh->source;
3938                 break;
3939         case IPPROTO_DCCP:
3940                 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3941                 if (dh != NULL)
3942                         sip->sin6_port = dh->dccph_sport;
3943                 break;
3944         }
3945         return proto;
3946 }
3947 #endif /* CONFIG_IPV6 */
3948 
3949 /**
3950  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3951  * @sk: socket
3952  * @skb: packet
3953  *
3954  * Returns 0 if the packet should be delivered, an error code otherwise
3955  */
3956 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3957 {
3958         struct netlbl_lsm_secattr secattr;
3959         struct socket_smack *ssp = sk->sk_security;
3960         struct smack_known *skp = NULL;
3961         int rc = 0;
3962         struct smk_audit_info ad;
3963 #ifdef CONFIG_AUDIT
3964         struct lsm_network_audit net;
3965 #endif
3966 #if IS_ENABLED(CONFIG_IPV6)
3967         struct sockaddr_in6 sadd;
3968         int proto;
3969 #endif /* CONFIG_IPV6 */
3970 
3971         switch (sk->sk_family) {
3972         case PF_INET:
3973 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3974                 /*
3975                  * If there is a secmark use it rather than the CIPSO label.
3976                  * If there is no secmark fall back to CIPSO.
3977                  * The secmark is assumed to reflect policy better.
3978                  */
3979                 if (skb && skb->secmark != 0) {
3980                         skp = smack_from_secid(skb->secmark);
3981                         goto access_check;
3982                 }
3983 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3984                 /*
3985                  * Translate what netlabel gave us.
3986                  */
3987                 netlbl_secattr_init(&secattr);
3988 
3989                 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3990                 if (rc == 0)
3991                         skp = smack_from_secattr(&secattr, ssp);
3992                 else
3993                         skp = smack_net_ambient;
3994 
3995                 netlbl_secattr_destroy(&secattr);
3996 
3997 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3998 access_check:
3999 #endif
4000 #ifdef CONFIG_AUDIT
4001                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4002                 ad.a.u.net->family = sk->sk_family;
4003                 ad.a.u.net->netif = skb->skb_iif;
4004                 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4005 #endif
4006                 /*
4007                  * Receiving a packet requires that the other end
4008                  * be able to write here. Read access is not required.
4009                  * This is the simplist possible security model
4010                  * for networking.
4011                  */
4012                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4013                 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
4014                                         MAY_WRITE, rc);
4015                 if (rc != 0)
4016                         netlbl_skbuff_err(skb, sk->sk_family, rc, 0);
4017                 break;
4018 #if IS_ENABLED(CONFIG_IPV6)
4019         case PF_INET6:
4020                 proto = smk_skb_to_addr_ipv6(skb, &sadd);
4021                 if (proto != IPPROTO_UDP && proto != IPPROTO_TCP)
4022                         break;
4023 #ifdef SMACK_IPV6_SECMARK_LABELING
4024                 if (skb && skb->secmark != 0)
4025                         skp = smack_from_secid(skb->secmark);
4026                 else
4027                         skp = smack_ipv6host_label(&sadd);
4028                 if (skp == NULL)
4029                         skp = smack_net_ambient;
4030 #ifdef CONFIG_AUDIT
4031                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4032                 ad.a.u.net->family = sk->sk_family;
4033                 ad.a.u.net->netif = skb->skb_iif;
4034                 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4035 #endif /* CONFIG_AUDIT */
4036                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4037                 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4038                                         MAY_WRITE, rc);
4039 #endif /* SMACK_IPV6_SECMARK_LABELING */
4040 #ifdef SMACK_IPV6_PORT_LABELING
4041                 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
4042 #endif /* SMACK_IPV6_PORT_LABELING */
4043                 break;
4044 #endif /* CONFIG_IPV6 */
4045         }
4046 
4047         return rc;
4048 }
4049 
4050 /**
4051  * smack_socket_getpeersec_stream - pull in packet label
4052  * @sock: the socket
4053  * @optval: user's destination
4054  * @optlen: size thereof
4055  * @len: max thereof
4056  *
4057  * returns zero on success, an error code otherwise
4058  */
4059 static int smack_socket_getpeersec_stream(struct socket *sock,
4060                                           char __user *optval,
4061                                           int __user *optlen, unsigned len)
4062 {
4063         struct socket_smack *ssp;
4064         char *rcp = "";
4065         int slen = 1;
4066         int rc = 0;
4067 
4068         ssp = sock->sk->sk_security;
4069         if (ssp->smk_packet != NULL) {
4070                 rcp = ssp->smk_packet->smk_known;
4071                 slen = strlen(rcp) + 1;
4072         }
4073 
4074         if (slen > len)
4075                 rc = -ERANGE;
4076         else if (copy_to_user(optval, rcp, slen) != 0)
4077                 rc = -EFAULT;
4078 
4079         if (put_user(slen, optlen) != 0)
4080                 rc = -EFAULT;
4081 
4082         return rc;
4083 }
4084 
4085 
4086 /**
4087  * smack_socket_getpeersec_dgram - pull in packet label
4088  * @sock: the peer socket
4089  * @skb: packet data
4090  * @secid: pointer to where to put the secid of the packet
4091  *
4092  * Sets the netlabel socket state on sk from parent
4093  */
4094 static int smack_socket_getpeersec_dgram(struct socket *sock,
4095                                          struct sk_buff *skb, u32 *secid)
4096 
4097 {
4098         struct netlbl_lsm_secattr secattr;
4099         struct socket_smack *ssp = NULL;
4100         struct smack_known *skp;
4101         int family = PF_UNSPEC;
4102         u32 s = 0;      /* 0 is the invalid secid */
4103         int rc;
4104 
4105         if (skb != NULL) {
4106                 if (skb->protocol == htons(ETH_P_IP))
4107                         family = PF_INET;
4108 #if IS_ENABLED(CONFIG_IPV6)
4109                 else if (skb->protocol == htons(ETH_P_IPV6))
4110                         family = PF_INET6;
4111 #endif /* CONFIG_IPV6 */
4112         }
4113         if (family == PF_UNSPEC && sock != NULL)
4114                 family = sock->sk->sk_family;
4115 
4116         switch (family) {
4117         case PF_UNIX:
4118                 ssp = sock->sk->sk_security;
4119                 s = ssp->smk_out->smk_secid;
4120                 break;
4121         case PF_INET:
4122 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4123                 s = skb->secmark;
4124                 if (s != 0)
4125                         break;
4126 #endif
4127                 /*
4128                  * Translate what netlabel gave us.
4129                  */
4130                 if (sock != NULL && sock->sk != NULL)
4131                         ssp = sock->sk->sk_security;
4132                 netlbl_secattr_init(&secattr);
4133                 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4134                 if (rc == 0) {
4135                         skp = smack_from_secattr(&secattr, ssp);
4136                         s = skp->smk_secid;
4137                 }
4138                 netlbl_secattr_destroy(&secattr);
4139                 break;
4140         case PF_INET6:
4141 #ifdef SMACK_IPV6_SECMARK_LABELING
4142                 s = skb->secmark;
4143 #endif
4144                 break;
4145         }
4146         *secid = s;
4147         if (s == 0)
4148                 return -EINVAL;
4149         return 0;
4150 }
4151 
4152 /**
4153  * smack_sock_graft - Initialize a newly created socket with an existing sock
4154  * @sk: child sock
4155  * @parent: parent socket
4156  *
4157  * Set the smk_{in,out} state of an existing sock based on the process that
4158  * is creating the new socket.
4159  */
4160 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4161 {
4162         struct socket_smack *ssp;
4163         struct smack_known *skp = smk_of_current();
4164 
4165         if (sk == NULL ||
4166             (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4167                 return;
4168 
4169         ssp = sk->sk_security;
4170         ssp->smk_in = skp;
4171         ssp->smk_out = skp;
4172         /* cssp->smk_packet is already set in smack_inet_csk_clone() */
4173 }
4174 
4175 /**
4176  * smack_inet_conn_request - Smack access check on connect
4177  * @sk: socket involved
4178  * @skb: packet
4179  * @req: unused
4180  *
4181  * Returns 0 if a task with the packet label could write to
4182  * the socket, otherwise an error code
4183  */
4184 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4185                                    struct request_sock *req)
4186 {
4187         u16 family = sk->sk_family;
4188         struct smack_known *skp;
4189         struct socket_smack *ssp = sk->sk_security;
4190         struct netlbl_lsm_secattr secattr;
4191         struct sockaddr_in addr;
4192         struct iphdr *hdr;
4193         struct smack_known *hskp;
4194         int rc;
4195         struct smk_audit_info ad;
4196 #ifdef CONFIG_AUDIT
4197         struct lsm_network_audit net;
4198 #endif
4199 
4200 #if IS_ENABLED(CONFIG_IPV6)
4201         if (family == PF_INET6) {
4202                 /*
4203                  * Handle mapped IPv4 packets arriving
4204                  * via IPv6 sockets. Don't set up netlabel
4205                  * processing on IPv6.
4206                  */
4207                 if (skb->protocol == htons(ETH_P_IP))
4208                         family = PF_INET;
4209                 else
4210                         return 0;
4211         }
4212 #endif /* CONFIG_IPV6 */
4213 
4214 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4215         /*
4216          * If there is a secmark use it rather than the CIPSO label.
4217          * If there is no secmark fall back to CIPSO.
4218          * The secmark is assumed to reflect policy better.
4219          */
4220         if (skb && skb->secmark != 0) {
4221                 skp = smack_from_secid(skb->secmark);
4222                 goto access_check;
4223         }
4224 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4225 
4226         netlbl_secattr_init(&secattr);
4227         rc = netlbl_skbuff_getattr(skb, family, &secattr);
4228         if (rc == 0)
4229                 skp = smack_from_secattr(&secattr, ssp);
4230         else
4231                 skp = &smack_known_huh;
4232         netlbl_secattr_destroy(&secattr);
4233 
4234 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4235 access_check:
4236 #endif
4237 
4238 #ifdef CONFIG_AUDIT
4239         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4240         ad.a.u.net->family = family;
4241         ad.a.u.net->netif = skb->skb_iif;
4242         ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4243 #endif
4244         /*
4245          * Receiving a packet requires that the other end be able to write
4246          * here. Read access is not required.
4247          */
4248         rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4249         rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4250         if (rc != 0)
4251                 return rc;
4252 
4253         /*
4254          * Save the peer's label in the request_sock so we can later setup
4255          * smk_packet in the child socket so that SO_PEERCRED can report it.
4256          */
4257         req->peer_secid = skp->smk_secid;
4258 
4259         /*
4260          * We need to decide if we want to label the incoming connection here
4261          * if we do we only need to label the request_sock and the stack will
4262          * propagate the wire-label to the sock when it is created.
4263          */
4264         hdr = ip_hdr(skb);
4265         addr.sin_addr.s_addr = hdr->saddr;
4266         rcu_read_lock();
4267         hskp = smack_ipv4host_label(&addr);
4268         rcu_read_unlock();
4269 
4270         if (hskp == NULL)
4271                 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4272         else
4273                 netlbl_req_delattr(req);
4274 
4275         return rc;
4276 }
4277 
4278 /**
4279  * smack_inet_csk_clone - Copy the connection information to the new socket
4280  * @sk: the new socket
4281  * @req: the connection's request_sock
4282  *
4283  * Transfer the connection's peer label to the newly created socket.
4284  */
4285 static void smack_inet_csk_clone(struct sock *sk,
4286                                  const struct request_sock *req)
4287 {
4288         struct socket_smack *ssp = sk->sk_security;
4289         struct smack_known *skp;
4290 
4291         if (req->peer_secid != 0) {
4292                 skp = smack_from_secid(req->peer_secid);
4293                 ssp->smk_packet = skp;
4294         } else
4295                 ssp->smk_packet = NULL;
4296 }
4297 
4298 /*
4299  * Key management security hooks
4300  *
4301  * Casey has not tested key support very heavily.
4302  * The permission check is most likely too restrictive.
4303  * If you care about keys please have a look.
4304  */
4305 #ifdef CONFIG_KEYS
4306 
4307 /**
4308  * smack_key_alloc - Set the key security blob
4309  * @key: object
4310  * @cred: the credentials to use
4311  * @flags: unused
4312  *
4313  * No allocation required
4314  *
4315  * Returns 0
4316  */
4317 static int smack_key_alloc(struct key *key, const struct cred *cred,
4318                            unsigned long flags)
4319 {
4320         struct smack_known *skp = smk_of_task(cred->security);
4321 
4322         key->security = skp;
4323         return 0;
4324 }
4325 
4326 /**
4327  * smack_key_free - Clear the key security blob
4328  * @key: the object
4329  *
4330  * Clear the blob pointer
4331  */
4332 static void smack_key_free(struct key *key)
4333 {
4334         key->security = NULL;
4335 }
4336 
4337 /**
4338  * smack_key_permission - Smack access on a key
4339  * @key_ref: gets to the object
4340  * @cred: the credentials to use
4341  * @perm: requested key permissions
4342  *
4343  * Return 0 if the task has read and write to the object,
4344  * an error code otherwise
4345  */
4346 static int smack_key_permission(key_ref_t key_ref,
4347                                 const struct cred *cred, unsigned perm)
4348 {
4349         struct key *keyp;
4350         struct smk_audit_info ad;
4351         struct smack_known *tkp = smk_of_task(cred->security);
4352         int request = 0;
4353         int rc;
4354 
4355         keyp = key_ref_to_ptr(key_ref);
4356         if (keyp == NULL)
4357                 return -EINVAL;
4358         /*
4359          * If the key hasn't been initialized give it access so that
4360          * it may do so.
4361          */
4362         if (keyp->security == NULL)
4363                 return 0;
4364         /*
4365          * This should not occur
4366          */
4367         if (tkp == NULL)
4368                 return -EACCES;
4369 #ifdef CONFIG_AUDIT
4370         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4371         ad.a.u.key_struct.key = keyp->serial;
4372         ad.a.u.key_struct.key_desc = keyp->description;
4373 #endif
4374         if (perm & KEY_NEED_READ)
4375                 request = MAY_READ;
4376         if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4377                 request = MAY_WRITE;
4378         rc = smk_access(tkp, keyp->security, request, &ad);
4379         rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4380         return rc;
4381 }
4382 
4383 /*
4384  * smack_key_getsecurity - Smack label tagging the key
4385  * @key points to the key to be queried
4386  * @_buffer points to a pointer that should be set to point to the
4387  * resulting string (if no label or an error occurs).
4388  * Return the length of the string (including terminating NUL) or -ve if
4389  * an error.
4390  * May also return 0 (and a NULL buffer pointer) if there is no label.
4391  */
4392 static int smack_key_getsecurity(struct key *key, char **_buffer)
4393 {
4394         struct smack_known *skp = key->security;
4395         size_t length;
4396         char *copy;
4397 
4398         if (key->security == NULL) {
4399                 *_buffer = NULL;
4400                 return 0;
4401         }
4402 
4403         copy = kstrdup(skp->smk_known, GFP_KERNEL);
4404         if (copy == NULL)
4405                 return -ENOMEM;
4406         length = strlen(copy) + 1;
4407 
4408         *_buffer = copy;
4409         return length;
4410 }
4411 
4412 #endif /* CONFIG_KEYS */
4413 
4414 /*
4415  * Smack Audit hooks
4416  *
4417  * Audit requires a unique representation of each Smack specific
4418  * rule. This unique representation is used to distinguish the
4419  * object to be audited from remaining kernel objects and also
4420  * works as a glue between the audit hooks.
4421  *
4422  * Since repository entries are added but never deleted, we'll use
4423  * the smack_known label address related to the given audit rule as
4424  * the needed unique representation. This also better fits the smack
4425  * model where nearly everything is a label.
4426  */
4427 #ifdef CONFIG_AUDIT
4428 
4429 /**
4430  * smack_audit_rule_init - Initialize a smack audit rule
4431  * @field: audit rule fields given from user-space (audit.h)
4432  * @op: required testing operator (=, !=, >, <, ...)
4433  * @rulestr: smack label to be audited
4434  * @vrule: pointer to save our own audit rule representation
4435  *
4436  * Prepare to audit cases where (@field @op @rulestr) is true.
4437  * The label to be audited is created if necessay.
4438  */
4439 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4440 {
4441         struct smack_known *skp;
4442         char **rule = (char **)vrule;
4443         *rule = NULL;
4444 
4445         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4446                 return -EINVAL;
4447 
4448         if (op != Audit_equal && op != Audit_not_equal)
4449                 return -EINVAL;
4450 
4451         skp = smk_import_entry(rulestr, 0);
4452         if (IS_ERR(skp))
4453                 return PTR_ERR(skp);
4454 
4455         *rule = skp->smk_known;
4456 
4457         return 0;
4458 }
4459 
4460 /**
4461  * smack_audit_rule_known - Distinguish Smack audit rules
4462  * @krule: rule of interest, in Audit kernel representation format
4463  *
4464  * This is used to filter Smack rules from remaining Audit ones.
4465  * If it's proved that this rule belongs to us, the
4466  * audit_rule_match hook will be called to do the final judgement.
4467  */
4468 static int smack_audit_rule_known(struct audit_krule *krule)
4469 {
4470         struct audit_field *f;
4471         int i;
4472 
4473         for (i = 0; i < krule->field_count; i++) {
4474                 f = &krule->fields[i];
4475 
4476                 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4477                         return 1;
4478         }
4479 
4480         return 0;
4481 }
4482 
4483 /**
4484  * smack_audit_rule_match - Audit given object ?
4485  * @secid: security id for identifying the object to test
4486  * @field: audit rule flags given from user-space
4487  * @op: required testing operator
4488  * @vrule: smack internal rule presentation
4489  * @actx: audit context associated with the check
4490  *
4491  * The core Audit hook. It's used to take the decision of
4492  * whether to audit or not to audit a given object.
4493  */
4494 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4495                                   struct audit_context *actx)
4496 {
4497         struct smack_known *skp;
4498         char *rule = vrule;
4499 
4500         if (unlikely(!rule)) {
4501                 WARN_ONCE(1, "Smack: missing rule\n");
4502                 return -ENOENT;
4503         }
4504 
4505         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4506                 return 0;
4507 
4508         skp = smack_from_secid(secid);
4509 
4510         /*
4511          * No need to do string comparisons. If a match occurs,
4512          * both pointers will point to the same smack_known
4513          * label.
4514          */
4515         if (op == Audit_equal)
4516                 return (rule == skp->smk_known);
4517         if (op == Audit_not_equal)
4518                 return (rule != skp->smk_known);
4519 
4520         return 0;
4521 }
4522 
4523 /*
4524  * There is no need for a smack_audit_rule_free hook.
4525  * No memory was allocated.
4526  */
4527 
4528 #endif /* CONFIG_AUDIT */
4529 
4530 /**
4531  * smack_ismaclabel - check if xattr @name references a smack MAC label
4532  * @name: Full xattr name to check.
4533  */
4534 static int smack_ismaclabel(const char *name)
4535 {
4536         return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4537 }
4538 
4539 
4540 /**
4541  * smack_secid_to_secctx - return the smack label for a secid
4542  * @secid: incoming integer
4543  * @secdata: destination
4544  * @seclen: how long it is
4545  *
4546  * Exists for networking code.
4547  */
4548 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4549 {
4550         struct smack_known *skp = smack_from_secid(secid);
4551 
4552         if (secdata)
4553                 *secdata = skp->smk_known;
4554         *seclen = strlen(skp->smk_known);
4555         return 0;
4556 }
4557 
4558 /**
4559  * smack_secctx_to_secid - return the secid for a smack label
4560  * @secdata: smack label
4561  * @seclen: how long result is
4562  * @secid: outgoing integer
4563  *
4564  * Exists for audit and networking code.
4565  */
4566 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4567 {
4568         struct smack_known *skp = smk_find_entry(secdata);
4569 
4570         if (skp)
4571                 *secid = skp->smk_secid;
4572         else
4573                 *secid = 0;
4574         return 0;
4575 }
4576 
4577 /*
4578  * There used to be a smack_release_secctx hook
4579  * that did nothing back when hooks were in a vector.
4580  * Now that there's a list such a hook adds cost.
4581  */
4582 
4583 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4584 {
4585         return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4586 }
4587 
4588 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4589 {
4590         return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4591 }
4592 
4593 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4594 {
4595         int len = 0;
4596         len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4597 
4598         if (len < 0)
4599                 return len;
4600         *ctxlen = len;
4601         return 0;
4602 }
4603 
4604 static struct security_hook_list smack_hooks[] = {
4605         LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4606         LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4607         LSM_HOOK_INIT(syslog, smack_syslog),
4608 
4609         LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4610         LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
4611         LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data),
4612         LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount),
4613         LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4614         LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4615         LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str),
4616 
4617         LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
4618         LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds),
4619         LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec),
4620 
4621         LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4622         LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
4623         LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4624         LSM_HOOK_INIT(inode_link, smack_inode_link),
4625         LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4626         LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4627         LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4628         LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4629         LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4630         LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4631         LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4632         LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4633         LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4634         LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4635         LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4636         LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4637         LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4638         LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4639 
4640         LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4641         LSM_HOOK_INIT(file_free_security, smack_file_free_security),
4642         LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4643         LSM_HOOK_INIT(file_lock, smack_file_lock),
4644         LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4645         LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4646         LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4647         LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4648         LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4649         LSM_HOOK_INIT(file_receive, smack_file_receive),
4650 
4651         LSM_HOOK_INIT(file_open, smack_file_open),
4652 
4653         LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4654         LSM_HOOK_INIT(cred_free, smack_cred_free),
4655         LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4656         LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4657         LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4658         LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4659         LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4660         LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4661         LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4662         LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4663         LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4664         LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4665         LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4666         LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4667         LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4668         LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4669         LSM_HOOK_INIT(task_kill, smack_task_kill),
4670         LSM_HOOK_INIT(task_wait, smack_task_wait),
4671         LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4672 
4673         LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4674         LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4675 
4676         LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4677         LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
4678 
4679         LSM_HOOK_INIT(msg_queue_alloc_security, smack_msg_queue_alloc_security),
4680         LSM_HOOK_INIT(msg_queue_free_security, smack_msg_queue_free_security),
4681         LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4682         LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4683         LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4684         LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4685 
4686         LSM_HOOK_INIT(shm_alloc_security, smack_shm_alloc_security),
4687         LSM_HOOK_INIT(shm_free_security, smack_shm_free_security),
4688         LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4689         LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4690         LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4691 
4692         LSM_HOOK_INIT(sem_alloc_security, smack_sem_alloc_security),
4693         LSM_HOOK_INIT(sem_free_security, smack_sem_free_security),
4694         LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4695         LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4696         LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4697 
4698         LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4699 
4700         LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4701         LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4702 
4703         LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4704         LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4705 
4706         LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4707 #ifdef SMACK_IPV6_PORT_LABELING
4708         LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4709 #endif
4710         LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4711         LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4712         LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4713         LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4714         LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4715         LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4716         LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4717         LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4718         LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4719         LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4720 
4721  /* key management security hooks */
4722 #ifdef CONFIG_KEYS
4723         LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4724         LSM_HOOK_INIT(key_free, smack_key_free),
4725         LSM_HOOK_INIT(key_permission, smack_key_permission),
4726         LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4727 #endif /* CONFIG_KEYS */
4728 
4729  /* Audit hooks */
4730 #ifdef CONFIG_AUDIT
4731         LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4732         LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4733         LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4734 #endif /* CONFIG_AUDIT */
4735 
4736         LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4737         LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4738         LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4739         LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4740         LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4741         LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4742 };
4743 
4744 
4745 static __init void init_smack_known_list(void)
4746 {
4747         /*
4748          * Initialize rule list locks
4749          */
4750         mutex_init(&smack_known_huh.smk_rules_lock);
4751         mutex_init(&smack_known_hat.smk_rules_lock);
4752         mutex_init(&smack_known_floor.smk_rules_lock);
4753         mutex_init(&smack_known_star.smk_rules_lock);
4754         mutex_init(&smack_known_web.smk_rules_lock);
4755         /*
4756          * Initialize rule lists
4757          */
4758         INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4759         INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4760         INIT_LIST_HEAD(&smack_known_star.smk_rules);
4761         INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4762         INIT_LIST_HEAD(&smack_known_web.smk_rules);
4763         /*
4764          * Create the known labels list
4765          */
4766         smk_insert_entry(&smack_known_huh);
4767         smk_insert_entry(&smack_known_hat);
4768         smk_insert_entry(&smack_known_star);
4769         smk_insert_entry(&smack_known_floor);
4770         smk_insert_entry(&smack_known_web);
4771 }
4772 
4773 /**
4774  * smack_init - initialize the smack system
4775  *
4776  * Returns 0
4777  */
4778 static __init int smack_init(void)
4779 {
4780         struct cred *cred;
4781         struct task_smack *tsp;
4782 
4783         if (!security_module_enable("smack"))
4784                 return 0;
4785 
4786         smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4787         if (!smack_inode_cache)
4788                 return -ENOMEM;
4789 
4790         tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4791                                 GFP_KERNEL);
4792         if (tsp == NULL) {
4793                 kmem_cache_destroy(smack_inode_cache);
4794                 return -ENOMEM;
4795         }
4796 
4797         smack_enabled = 1;
4798 
4799         pr_info("Smack:  Initializing.\n");
4800 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4801         pr_info("Smack:  Netfilter enabled.\n");
4802 #endif
4803 #ifdef SMACK_IPV6_PORT_LABELING
4804         pr_info("Smack:  IPv6 port labeling enabled.\n");
4805 #endif
4806 #ifdef SMACK_IPV6_SECMARK_LABELING
4807         pr_info("Smack:  IPv6 Netfilter enabled.\n");
4808 #endif
4809 
4810         /*
4811          * Set the security state for the initial task.
4812          */
4813         cred = (struct cred *) current->cred;
4814         cred->security = tsp;
4815 
4816         /* initialize the smack_known_list */
4817         init_smack_known_list();
4818 
4819         /*
4820          * Register with LSM
4821          */
4822         security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks));
4823 
4824         return 0;
4825 }
4826 
4827 /*
4828  * Smack requires early initialization in order to label
4829  * all processes and objects when they are created.
4830  */
4831 security_initcall(smack_init);
4832 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp