~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/smack/smack_lsm.c

Version: ~ [ linux-5.13-rc5 ] ~ [ linux-5.12.9 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.42 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.124 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.193 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.235 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.271 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.271 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *  Simplified MAC Kernel (smack) security module
  3  *
  4  *  This file contains the smack hook function implementations.
  5  *
  6  *  Authors:
  7  *      Casey Schaufler <casey@schaufler-ca.com>
  8  *      Jarkko Sakkinen <jarkko.sakkinen@intel.com>
  9  *
 10  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
 11  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
 12  *                Paul Moore <paul@paul-moore.com>
 13  *  Copyright (C) 2010 Nokia Corporation
 14  *  Copyright (C) 2011 Intel Corporation.
 15  *
 16  *      This program is free software; you can redistribute it and/or modify
 17  *      it under the terms of the GNU General Public License version 2,
 18  *      as published by the Free Software Foundation.
 19  */
 20 
 21 #include <linux/xattr.h>
 22 #include <linux/pagemap.h>
 23 #include <linux/mount.h>
 24 #include <linux/stat.h>
 25 #include <linux/kd.h>
 26 #include <asm/ioctls.h>
 27 #include <linux/ip.h>
 28 #include <linux/tcp.h>
 29 #include <linux/udp.h>
 30 #include <linux/dccp.h>
 31 #include <linux/slab.h>
 32 #include <linux/mutex.h>
 33 #include <linux/pipe_fs_i.h>
 34 #include <net/cipso_ipv4.h>
 35 #include <net/ip.h>
 36 #include <net/ipv6.h>
 37 #include <linux/audit.h>
 38 #include <linux/magic.h>
 39 #include <linux/dcache.h>
 40 #include <linux/personality.h>
 41 #include <linux/msg.h>
 42 #include <linux/shm.h>
 43 #include <linux/binfmts.h>
 44 #include "smack.h"
 45 
 46 #define TRANS_TRUE      "TRUE"
 47 #define TRANS_TRUE_SIZE 4
 48 
 49 #define SMK_CONNECTING  0
 50 #define SMK_RECEIVING   1
 51 #define SMK_SENDING     2
 52 
 53 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
 54 LIST_HEAD(smk_ipv6_port_list);
 55 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
 56 static struct kmem_cache *smack_inode_cache;
 57 int smack_enabled;
 58 
 59 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 60 static char *smk_bu_mess[] = {
 61         "Bringup Error",        /* Unused */
 62         "Bringup",              /* SMACK_BRINGUP_ALLOW */
 63         "Unconfined Subject",   /* SMACK_UNCONFINED_SUBJECT */
 64         "Unconfined Object",    /* SMACK_UNCONFINED_OBJECT */
 65 };
 66 
 67 static void smk_bu_mode(int mode, char *s)
 68 {
 69         int i = 0;
 70 
 71         if (mode & MAY_READ)
 72                 s[i++] = 'r';
 73         if (mode & MAY_WRITE)
 74                 s[i++] = 'w';
 75         if (mode & MAY_EXEC)
 76                 s[i++] = 'x';
 77         if (mode & MAY_APPEND)
 78                 s[i++] = 'a';
 79         if (mode & MAY_TRANSMUTE)
 80                 s[i++] = 't';
 81         if (mode & MAY_LOCK)
 82                 s[i++] = 'l';
 83         if (i == 0)
 84                 s[i++] = '-';
 85         s[i] = '\0';
 86 }
 87 #endif
 88 
 89 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 90 static int smk_bu_note(char *note, struct smack_known *sskp,
 91                        struct smack_known *oskp, int mode, int rc)
 92 {
 93         char acc[SMK_NUM_ACCESS_TYPE + 1];
 94 
 95         if (rc <= 0)
 96                 return rc;
 97         if (rc > SMACK_UNCONFINED_OBJECT)
 98                 rc = 0;
 99 
100         smk_bu_mode(mode, acc);
101         pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
102                 sskp->smk_known, oskp->smk_known, acc, note);
103         return 0;
104 }
105 #else
106 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
107 #endif
108 
109 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
110 static int smk_bu_current(char *note, struct smack_known *oskp,
111                           int mode, int rc)
112 {
113         struct task_smack *tsp = current_security();
114         char acc[SMK_NUM_ACCESS_TYPE + 1];
115 
116         if (rc <= 0)
117                 return rc;
118         if (rc > SMACK_UNCONFINED_OBJECT)
119                 rc = 0;
120 
121         smk_bu_mode(mode, acc);
122         pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
123                 tsp->smk_task->smk_known, oskp->smk_known,
124                 acc, current->comm, note);
125         return 0;
126 }
127 #else
128 #define smk_bu_current(note, oskp, mode, RC) (RC)
129 #endif
130 
131 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
132 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
133 {
134         struct task_smack *tsp = current_security();
135         struct smack_known *smk_task = smk_of_task_struct(otp);
136         char acc[SMK_NUM_ACCESS_TYPE + 1];
137 
138         if (rc <= 0)
139                 return rc;
140         if (rc > SMACK_UNCONFINED_OBJECT)
141                 rc = 0;
142 
143         smk_bu_mode(mode, acc);
144         pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
145                 tsp->smk_task->smk_known, smk_task->smk_known, acc,
146                 current->comm, otp->comm);
147         return 0;
148 }
149 #else
150 #define smk_bu_task(otp, mode, RC) (RC)
151 #endif
152 
153 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
154 static int smk_bu_inode(struct inode *inode, int mode, int rc)
155 {
156         struct task_smack *tsp = current_security();
157         struct inode_smack *isp = inode->i_security;
158         char acc[SMK_NUM_ACCESS_TYPE + 1];
159 
160         if (isp->smk_flags & SMK_INODE_IMPURE)
161                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
162                         inode->i_sb->s_id, inode->i_ino, current->comm);
163 
164         if (rc <= 0)
165                 return rc;
166         if (rc > SMACK_UNCONFINED_OBJECT)
167                 rc = 0;
168         if (rc == SMACK_UNCONFINED_SUBJECT &&
169             (mode & (MAY_WRITE | MAY_APPEND)))
170                 isp->smk_flags |= SMK_INODE_IMPURE;
171 
172         smk_bu_mode(mode, acc);
173 
174         pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
175                 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
176                 inode->i_sb->s_id, inode->i_ino, current->comm);
177         return 0;
178 }
179 #else
180 #define smk_bu_inode(inode, mode, RC) (RC)
181 #endif
182 
183 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
184 static int smk_bu_file(struct file *file, int mode, int rc)
185 {
186         struct task_smack *tsp = current_security();
187         struct smack_known *sskp = tsp->smk_task;
188         struct inode *inode = file_inode(file);
189         struct inode_smack *isp = inode->i_security;
190         char acc[SMK_NUM_ACCESS_TYPE + 1];
191 
192         if (isp->smk_flags & SMK_INODE_IMPURE)
193                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
194                         inode->i_sb->s_id, inode->i_ino, current->comm);
195 
196         if (rc <= 0)
197                 return rc;
198         if (rc > SMACK_UNCONFINED_OBJECT)
199                 rc = 0;
200 
201         smk_bu_mode(mode, acc);
202         pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
203                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
204                 inode->i_sb->s_id, inode->i_ino, file,
205                 current->comm);
206         return 0;
207 }
208 #else
209 #define smk_bu_file(file, mode, RC) (RC)
210 #endif
211 
212 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
213 static int smk_bu_credfile(const struct cred *cred, struct file *file,
214                                 int mode, int rc)
215 {
216         struct task_smack *tsp = cred->security;
217         struct smack_known *sskp = tsp->smk_task;
218         struct inode *inode = file->f_inode;
219         struct inode_smack *isp = inode->i_security;
220         char acc[SMK_NUM_ACCESS_TYPE + 1];
221 
222         if (isp->smk_flags & SMK_INODE_IMPURE)
223                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
224                         inode->i_sb->s_id, inode->i_ino, current->comm);
225 
226         if (rc <= 0)
227                 return rc;
228         if (rc > SMACK_UNCONFINED_OBJECT)
229                 rc = 0;
230 
231         smk_bu_mode(mode, acc);
232         pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
233                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
234                 inode->i_sb->s_id, inode->i_ino, file,
235                 current->comm);
236         return 0;
237 }
238 #else
239 #define smk_bu_credfile(cred, file, mode, RC) (RC)
240 #endif
241 
242 /**
243  * smk_fetch - Fetch the smack label from a file.
244  * @name: type of the label (attribute)
245  * @ip: a pointer to the inode
246  * @dp: a pointer to the dentry
247  *
248  * Returns a pointer to the master list entry for the Smack label,
249  * NULL if there was no label to fetch, or an error code.
250  */
251 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
252                                         struct dentry *dp)
253 {
254         int rc;
255         char *buffer;
256         struct smack_known *skp = NULL;
257 
258         if (ip->i_op->getxattr == NULL)
259                 return ERR_PTR(-EOPNOTSUPP);
260 
261         buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
262         if (buffer == NULL)
263                 return ERR_PTR(-ENOMEM);
264 
265         rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
266         if (rc < 0)
267                 skp = ERR_PTR(rc);
268         else if (rc == 0)
269                 skp = NULL;
270         else
271                 skp = smk_import_entry(buffer, rc);
272 
273         kfree(buffer);
274 
275         return skp;
276 }
277 
278 /**
279  * new_inode_smack - allocate an inode security blob
280  * @skp: a pointer to the Smack label entry to use in the blob
281  *
282  * Returns the new blob or NULL if there's no memory available
283  */
284 struct inode_smack *new_inode_smack(struct smack_known *skp)
285 {
286         struct inode_smack *isp;
287 
288         isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
289         if (isp == NULL)
290                 return NULL;
291 
292         isp->smk_inode = skp;
293         isp->smk_flags = 0;
294         mutex_init(&isp->smk_lock);
295 
296         return isp;
297 }
298 
299 /**
300  * new_task_smack - allocate a task security blob
301  * @task: a pointer to the Smack label for the running task
302  * @forked: a pointer to the Smack label for the forked task
303  * @gfp: type of the memory for the allocation
304  *
305  * Returns the new blob or NULL if there's no memory available
306  */
307 static struct task_smack *new_task_smack(struct smack_known *task,
308                                         struct smack_known *forked, gfp_t gfp)
309 {
310         struct task_smack *tsp;
311 
312         tsp = kzalloc(sizeof(struct task_smack), gfp);
313         if (tsp == NULL)
314                 return NULL;
315 
316         tsp->smk_task = task;
317         tsp->smk_forked = forked;
318         INIT_LIST_HEAD(&tsp->smk_rules);
319         mutex_init(&tsp->smk_rules_lock);
320 
321         return tsp;
322 }
323 
324 /**
325  * smk_copy_rules - copy a rule set
326  * @nhead: new rules header pointer
327  * @ohead: old rules header pointer
328  * @gfp: type of the memory for the allocation
329  *
330  * Returns 0 on success, -ENOMEM on error
331  */
332 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
333                                 gfp_t gfp)
334 {
335         struct smack_rule *nrp;
336         struct smack_rule *orp;
337         int rc = 0;
338 
339         INIT_LIST_HEAD(nhead);
340 
341         list_for_each_entry_rcu(orp, ohead, list) {
342                 nrp = kzalloc(sizeof(struct smack_rule), gfp);
343                 if (nrp == NULL) {
344                         rc = -ENOMEM;
345                         break;
346                 }
347                 *nrp = *orp;
348                 list_add_rcu(&nrp->list, nhead);
349         }
350         return rc;
351 }
352 
353 /**
354  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
355  * @mode - input mode in form of PTRACE_MODE_*
356  *
357  * Returns a converted MAY_* mode usable by smack rules
358  */
359 static inline unsigned int smk_ptrace_mode(unsigned int mode)
360 {
361         switch (mode) {
362         case PTRACE_MODE_READ:
363                 return MAY_READ;
364         case PTRACE_MODE_ATTACH:
365                 return MAY_READWRITE;
366         }
367 
368         return 0;
369 }
370 
371 /**
372  * smk_ptrace_rule_check - helper for ptrace access
373  * @tracer: tracer process
374  * @tracee_known: label entry of the process that's about to be traced
375  * @mode: ptrace attachment mode (PTRACE_MODE_*)
376  * @func: name of the function that called us, used for audit
377  *
378  * Returns 0 on access granted, -error on error
379  */
380 static int smk_ptrace_rule_check(struct task_struct *tracer,
381                                  struct smack_known *tracee_known,
382                                  unsigned int mode, const char *func)
383 {
384         int rc;
385         struct smk_audit_info ad, *saip = NULL;
386         struct task_smack *tsp;
387         struct smack_known *tracer_known;
388 
389         if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
390                 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
391                 smk_ad_setfield_u_tsk(&ad, tracer);
392                 saip = &ad;
393         }
394 
395         rcu_read_lock();
396         tsp = __task_cred(tracer)->security;
397         tracer_known = smk_of_task(tsp);
398 
399         if ((mode & PTRACE_MODE_ATTACH) &&
400             (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
401              smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
402                 if (tracer_known->smk_known == tracee_known->smk_known)
403                         rc = 0;
404                 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
405                         rc = -EACCES;
406                 else if (capable(CAP_SYS_PTRACE))
407                         rc = 0;
408                 else
409                         rc = -EACCES;
410 
411                 if (saip)
412                         smack_log(tracer_known->smk_known,
413                                   tracee_known->smk_known,
414                                   0, rc, saip);
415 
416                 rcu_read_unlock();
417                 return rc;
418         }
419 
420         /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
421         rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
422 
423         rcu_read_unlock();
424         return rc;
425 }
426 
427 /*
428  * LSM hooks.
429  * We he, that is fun!
430  */
431 
432 /**
433  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
434  * @ctp: child task pointer
435  * @mode: ptrace attachment mode (PTRACE_MODE_*)
436  *
437  * Returns 0 if access is OK, an error code otherwise
438  *
439  * Do the capability checks.
440  */
441 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
442 {
443         struct smack_known *skp;
444 
445         skp = smk_of_task_struct(ctp);
446 
447         return smk_ptrace_rule_check(current, skp, mode, __func__);
448 }
449 
450 /**
451  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
452  * @ptp: parent task pointer
453  *
454  * Returns 0 if access is OK, an error code otherwise
455  *
456  * Do the capability checks, and require PTRACE_MODE_ATTACH.
457  */
458 static int smack_ptrace_traceme(struct task_struct *ptp)
459 {
460         int rc;
461         struct smack_known *skp;
462 
463         skp = smk_of_task(current_security());
464 
465         rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
466         return rc;
467 }
468 
469 /**
470  * smack_syslog - Smack approval on syslog
471  * @type: message type
472  *
473  * Returns 0 on success, error code otherwise.
474  */
475 static int smack_syslog(int typefrom_file)
476 {
477         int rc = 0;
478         struct smack_known *skp = smk_of_current();
479 
480         if (smack_privileged(CAP_MAC_OVERRIDE))
481                 return 0;
482 
483         if (smack_syslog_label != NULL && smack_syslog_label != skp)
484                 rc = -EACCES;
485 
486         return rc;
487 }
488 
489 
490 /*
491  * Superblock Hooks.
492  */
493 
494 /**
495  * smack_sb_alloc_security - allocate a superblock blob
496  * @sb: the superblock getting the blob
497  *
498  * Returns 0 on success or -ENOMEM on error.
499  */
500 static int smack_sb_alloc_security(struct super_block *sb)
501 {
502         struct superblock_smack *sbsp;
503 
504         sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
505 
506         if (sbsp == NULL)
507                 return -ENOMEM;
508 
509         sbsp->smk_root = &smack_known_floor;
510         sbsp->smk_default = &smack_known_floor;
511         sbsp->smk_floor = &smack_known_floor;
512         sbsp->smk_hat = &smack_known_hat;
513         /*
514          * smk_initialized will be zero from kzalloc.
515          */
516         sb->s_security = sbsp;
517 
518         return 0;
519 }
520 
521 /**
522  * smack_sb_free_security - free a superblock blob
523  * @sb: the superblock getting the blob
524  *
525  */
526 static void smack_sb_free_security(struct super_block *sb)
527 {
528         kfree(sb->s_security);
529         sb->s_security = NULL;
530 }
531 
532 /**
533  * smack_sb_copy_data - copy mount options data for processing
534  * @orig: where to start
535  * @smackopts: mount options string
536  *
537  * Returns 0 on success or -ENOMEM on error.
538  *
539  * Copy the Smack specific mount options out of the mount
540  * options list.
541  */
542 static int smack_sb_copy_data(char *orig, char *smackopts)
543 {
544         char *cp, *commap, *otheropts, *dp;
545 
546         otheropts = (char *)get_zeroed_page(GFP_KERNEL);
547         if (otheropts == NULL)
548                 return -ENOMEM;
549 
550         for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
551                 if (strstr(cp, SMK_FSDEFAULT) == cp)
552                         dp = smackopts;
553                 else if (strstr(cp, SMK_FSFLOOR) == cp)
554                         dp = smackopts;
555                 else if (strstr(cp, SMK_FSHAT) == cp)
556                         dp = smackopts;
557                 else if (strstr(cp, SMK_FSROOT) == cp)
558                         dp = smackopts;
559                 else if (strstr(cp, SMK_FSTRANS) == cp)
560                         dp = smackopts;
561                 else
562                         dp = otheropts;
563 
564                 commap = strchr(cp, ',');
565                 if (commap != NULL)
566                         *commap = '\0';
567 
568                 if (*dp != '\0')
569                         strcat(dp, ",");
570                 strcat(dp, cp);
571         }
572 
573         strcpy(orig, otheropts);
574         free_page((unsigned long)otheropts);
575 
576         return 0;
577 }
578 
579 /**
580  * smack_sb_kern_mount - Smack specific mount processing
581  * @sb: the file system superblock
582  * @flags: the mount flags
583  * @data: the smack mount options
584  *
585  * Returns 0 on success, an error code on failure
586  */
587 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
588 {
589         struct dentry *root = sb->s_root;
590         struct inode *inode = d_backing_inode(root);
591         struct superblock_smack *sp = sb->s_security;
592         struct inode_smack *isp;
593         struct smack_known *skp;
594         char *op;
595         char *commap;
596         int transmute = 0;
597         int specified = 0;
598 
599         if (sp->smk_initialized)
600                 return 0;
601 
602         sp->smk_initialized = 1;
603 
604         for (op = data; op != NULL; op = commap) {
605                 commap = strchr(op, ',');
606                 if (commap != NULL)
607                         *commap++ = '\0';
608 
609                 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
610                         op += strlen(SMK_FSHAT);
611                         skp = smk_import_entry(op, 0);
612                         if (IS_ERR(skp))
613                                 return PTR_ERR(skp);
614                         sp->smk_hat = skp;
615                         specified = 1;
616 
617                 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
618                         op += strlen(SMK_FSFLOOR);
619                         skp = smk_import_entry(op, 0);
620                         if (IS_ERR(skp))
621                                 return PTR_ERR(skp);
622                         sp->smk_floor = skp;
623                         specified = 1;
624 
625                 } else if (strncmp(op, SMK_FSDEFAULT,
626                                    strlen(SMK_FSDEFAULT)) == 0) {
627                         op += strlen(SMK_FSDEFAULT);
628                         skp = smk_import_entry(op, 0);
629                         if (IS_ERR(skp))
630                                 return PTR_ERR(skp);
631                         sp->smk_default = skp;
632                         specified = 1;
633 
634                 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
635                         op += strlen(SMK_FSROOT);
636                         skp = smk_import_entry(op, 0);
637                         if (IS_ERR(skp))
638                                 return PTR_ERR(skp);
639                         sp->smk_root = skp;
640                         specified = 1;
641 
642                 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
643                         op += strlen(SMK_FSTRANS);
644                         skp = smk_import_entry(op, 0);
645                         if (IS_ERR(skp))
646                                 return PTR_ERR(skp);
647                         sp->smk_root = skp;
648                         transmute = 1;
649                         specified = 1;
650                 }
651         }
652 
653         if (!smack_privileged(CAP_MAC_ADMIN)) {
654                 /*
655                  * Unprivileged mounts don't get to specify Smack values.
656                  */
657                 if (specified)
658                         return -EPERM;
659                 /*
660                  * Unprivileged mounts get root and default from the caller.
661                  */
662                 skp = smk_of_current();
663                 sp->smk_root = skp;
664                 sp->smk_default = skp;
665         }
666         /*
667          * Initialize the root inode.
668          */
669         isp = inode->i_security;
670         if (isp == NULL) {
671                 isp = new_inode_smack(sp->smk_root);
672                 if (isp == NULL)
673                         return -ENOMEM;
674                 inode->i_security = isp;
675         } else
676                 isp->smk_inode = sp->smk_root;
677 
678         if (transmute)
679                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
680 
681         return 0;
682 }
683 
684 /**
685  * smack_sb_statfs - Smack check on statfs
686  * @dentry: identifies the file system in question
687  *
688  * Returns 0 if current can read the floor of the filesystem,
689  * and error code otherwise
690  */
691 static int smack_sb_statfs(struct dentry *dentry)
692 {
693         struct superblock_smack *sbp = dentry->d_sb->s_security;
694         int rc;
695         struct smk_audit_info ad;
696 
697         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
698         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
699 
700         rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
701         rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
702         return rc;
703 }
704 
705 /*
706  * BPRM hooks
707  */
708 
709 /**
710  * smack_bprm_set_creds - set creds for exec
711  * @bprm: the exec information
712  *
713  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
714  */
715 static int smack_bprm_set_creds(struct linux_binprm *bprm)
716 {
717         struct inode *inode = file_inode(bprm->file);
718         struct task_smack *bsp = bprm->cred->security;
719         struct inode_smack *isp;
720         int rc;
721 
722         if (bprm->cred_prepared)
723                 return 0;
724 
725         isp = inode->i_security;
726         if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
727                 return 0;
728 
729         if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
730                 struct task_struct *tracer;
731                 rc = 0;
732 
733                 rcu_read_lock();
734                 tracer = ptrace_parent(current);
735                 if (likely(tracer != NULL))
736                         rc = smk_ptrace_rule_check(tracer,
737                                                    isp->smk_task,
738                                                    PTRACE_MODE_ATTACH,
739                                                    __func__);
740                 rcu_read_unlock();
741 
742                 if (rc != 0)
743                         return rc;
744         } else if (bprm->unsafe)
745                 return -EPERM;
746 
747         bsp->smk_task = isp->smk_task;
748         bprm->per_clear |= PER_CLEAR_ON_SETID;
749 
750         return 0;
751 }
752 
753 /**
754  * smack_bprm_committing_creds - Prepare to install the new credentials
755  * from bprm.
756  *
757  * @bprm: binprm for exec
758  */
759 static void smack_bprm_committing_creds(struct linux_binprm *bprm)
760 {
761         struct task_smack *bsp = bprm->cred->security;
762 
763         if (bsp->smk_task != bsp->smk_forked)
764                 current->pdeath_signal = 0;
765 }
766 
767 /**
768  * smack_bprm_secureexec - Return the decision to use secureexec.
769  * @bprm: binprm for exec
770  *
771  * Returns 0 on success.
772  */
773 static int smack_bprm_secureexec(struct linux_binprm *bprm)
774 {
775         struct task_smack *tsp = current_security();
776 
777         if (tsp->smk_task != tsp->smk_forked)
778                 return 1;
779 
780         return 0;
781 }
782 
783 /*
784  * Inode hooks
785  */
786 
787 /**
788  * smack_inode_alloc_security - allocate an inode blob
789  * @inode: the inode in need of a blob
790  *
791  * Returns 0 if it gets a blob, -ENOMEM otherwise
792  */
793 static int smack_inode_alloc_security(struct inode *inode)
794 {
795         struct smack_known *skp = smk_of_current();
796 
797         inode->i_security = new_inode_smack(skp);
798         if (inode->i_security == NULL)
799                 return -ENOMEM;
800         return 0;
801 }
802 
803 /**
804  * smack_inode_free_security - free an inode blob
805  * @inode: the inode with a blob
806  *
807  * Clears the blob pointer in inode
808  */
809 static void smack_inode_free_security(struct inode *inode)
810 {
811         kmem_cache_free(smack_inode_cache, inode->i_security);
812         inode->i_security = NULL;
813 }
814 
815 /**
816  * smack_inode_init_security - copy out the smack from an inode
817  * @inode: the newly created inode
818  * @dir: containing directory object
819  * @qstr: unused
820  * @name: where to put the attribute name
821  * @value: where to put the attribute value
822  * @len: where to put the length of the attribute
823  *
824  * Returns 0 if it all works out, -ENOMEM if there's no memory
825  */
826 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
827                                      const struct qstr *qstr, const char **name,
828                                      void **value, size_t *len)
829 {
830         struct inode_smack *issp = inode->i_security;
831         struct smack_known *skp = smk_of_current();
832         struct smack_known *isp = smk_of_inode(inode);
833         struct smack_known *dsp = smk_of_inode(dir);
834         int may;
835 
836         if (name)
837                 *name = XATTR_SMACK_SUFFIX;
838 
839         if (value && len) {
840                 rcu_read_lock();
841                 may = smk_access_entry(skp->smk_known, dsp->smk_known,
842                                        &skp->smk_rules);
843                 rcu_read_unlock();
844 
845                 /*
846                  * If the access rule allows transmutation and
847                  * the directory requests transmutation then
848                  * by all means transmute.
849                  * Mark the inode as changed.
850                  */
851                 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
852                     smk_inode_transmutable(dir)) {
853                         isp = dsp;
854                         issp->smk_flags |= SMK_INODE_CHANGED;
855                 }
856 
857                 *value = kstrdup(isp->smk_known, GFP_NOFS);
858                 if (*value == NULL)
859                         return -ENOMEM;
860 
861                 *len = strlen(isp->smk_known);
862         }
863 
864         return 0;
865 }
866 
867 /**
868  * smack_inode_link - Smack check on link
869  * @old_dentry: the existing object
870  * @dir: unused
871  * @new_dentry: the new object
872  *
873  * Returns 0 if access is permitted, an error code otherwise
874  */
875 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
876                             struct dentry *new_dentry)
877 {
878         struct smack_known *isp;
879         struct smk_audit_info ad;
880         int rc;
881 
882         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
883         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
884 
885         isp = smk_of_inode(d_backing_inode(old_dentry));
886         rc = smk_curacc(isp, MAY_WRITE, &ad);
887         rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
888 
889         if (rc == 0 && d_is_positive(new_dentry)) {
890                 isp = smk_of_inode(d_backing_inode(new_dentry));
891                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
892                 rc = smk_curacc(isp, MAY_WRITE, &ad);
893                 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
894         }
895 
896         return rc;
897 }
898 
899 /**
900  * smack_inode_unlink - Smack check on inode deletion
901  * @dir: containing directory object
902  * @dentry: file to unlink
903  *
904  * Returns 0 if current can write the containing directory
905  * and the object, error code otherwise
906  */
907 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
908 {
909         struct inode *ip = d_backing_inode(dentry);
910         struct smk_audit_info ad;
911         int rc;
912 
913         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
914         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
915 
916         /*
917          * You need write access to the thing you're unlinking
918          */
919         rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
920         rc = smk_bu_inode(ip, MAY_WRITE, rc);
921         if (rc == 0) {
922                 /*
923                  * You also need write access to the containing directory
924                  */
925                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
926                 smk_ad_setfield_u_fs_inode(&ad, dir);
927                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
928                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
929         }
930         return rc;
931 }
932 
933 /**
934  * smack_inode_rmdir - Smack check on directory deletion
935  * @dir: containing directory object
936  * @dentry: directory to unlink
937  *
938  * Returns 0 if current can write the containing directory
939  * and the directory, error code otherwise
940  */
941 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
942 {
943         struct smk_audit_info ad;
944         int rc;
945 
946         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
947         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
948 
949         /*
950          * You need write access to the thing you're removing
951          */
952         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
953         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
954         if (rc == 0) {
955                 /*
956                  * You also need write access to the containing directory
957                  */
958                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
959                 smk_ad_setfield_u_fs_inode(&ad, dir);
960                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
961                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
962         }
963 
964         return rc;
965 }
966 
967 /**
968  * smack_inode_rename - Smack check on rename
969  * @old_inode: unused
970  * @old_dentry: the old object
971  * @new_inode: unused
972  * @new_dentry: the new object
973  *
974  * Read and write access is required on both the old and
975  * new directories.
976  *
977  * Returns 0 if access is permitted, an error code otherwise
978  */
979 static int smack_inode_rename(struct inode *old_inode,
980                               struct dentry *old_dentry,
981                               struct inode *new_inode,
982                               struct dentry *new_dentry)
983 {
984         int rc;
985         struct smack_known *isp;
986         struct smk_audit_info ad;
987 
988         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
989         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
990 
991         isp = smk_of_inode(d_backing_inode(old_dentry));
992         rc = smk_curacc(isp, MAY_READWRITE, &ad);
993         rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
994 
995         if (rc == 0 && d_is_positive(new_dentry)) {
996                 isp = smk_of_inode(d_backing_inode(new_dentry));
997                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
998                 rc = smk_curacc(isp, MAY_READWRITE, &ad);
999                 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1000         }
1001         return rc;
1002 }
1003 
1004 /**
1005  * smack_inode_permission - Smack version of permission()
1006  * @inode: the inode in question
1007  * @mask: the access requested
1008  *
1009  * This is the important Smack hook.
1010  *
1011  * Returns 0 if access is permitted, -EACCES otherwise
1012  */
1013 static int smack_inode_permission(struct inode *inode, int mask)
1014 {
1015         struct smk_audit_info ad;
1016         int no_block = mask & MAY_NOT_BLOCK;
1017         int rc;
1018 
1019         mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1020         /*
1021          * No permission to check. Existence test. Yup, it's there.
1022          */
1023         if (mask == 0)
1024                 return 0;
1025 
1026         /* May be droppable after audit */
1027         if (no_block)
1028                 return -ECHILD;
1029         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1030         smk_ad_setfield_u_fs_inode(&ad, inode);
1031         rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1032         rc = smk_bu_inode(inode, mask, rc);
1033         return rc;
1034 }
1035 
1036 /**
1037  * smack_inode_setattr - Smack check for setting attributes
1038  * @dentry: the object
1039  * @iattr: for the force flag
1040  *
1041  * Returns 0 if access is permitted, an error code otherwise
1042  */
1043 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1044 {
1045         struct smk_audit_info ad;
1046         int rc;
1047 
1048         /*
1049          * Need to allow for clearing the setuid bit.
1050          */
1051         if (iattr->ia_valid & ATTR_FORCE)
1052                 return 0;
1053         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1054         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1055 
1056         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1057         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1058         return rc;
1059 }
1060 
1061 /**
1062  * smack_inode_getattr - Smack check for getting attributes
1063  * @mnt: vfsmount of the object
1064  * @dentry: the object
1065  *
1066  * Returns 0 if access is permitted, an error code otherwise
1067  */
1068 static int smack_inode_getattr(const struct path *path)
1069 {
1070         struct smk_audit_info ad;
1071         struct inode *inode = d_backing_inode(path->dentry);
1072         int rc;
1073 
1074         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1075         smk_ad_setfield_u_fs_path(&ad, *path);
1076         rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1077         rc = smk_bu_inode(inode, MAY_READ, rc);
1078         return rc;
1079 }
1080 
1081 /**
1082  * smack_inode_setxattr - Smack check for setting xattrs
1083  * @dentry: the object
1084  * @name: name of the attribute
1085  * @value: value of the attribute
1086  * @size: size of the value
1087  * @flags: unused
1088  *
1089  * This protects the Smack attribute explicitly.
1090  *
1091  * Returns 0 if access is permitted, an error code otherwise
1092  */
1093 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1094                                 const void *value, size_t size, int flags)
1095 {
1096         struct smk_audit_info ad;
1097         struct smack_known *skp;
1098         int check_priv = 0;
1099         int check_import = 0;
1100         int check_star = 0;
1101         int rc = 0;
1102 
1103         /*
1104          * Check label validity here so import won't fail in post_setxattr
1105          */
1106         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1107             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1108             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1109                 check_priv = 1;
1110                 check_import = 1;
1111         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1112                    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1113                 check_priv = 1;
1114                 check_import = 1;
1115                 check_star = 1;
1116         } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1117                 check_priv = 1;
1118                 if (size != TRANS_TRUE_SIZE ||
1119                     strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1120                         rc = -EINVAL;
1121         } else
1122                 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1123 
1124         if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1125                 rc = -EPERM;
1126 
1127         if (rc == 0 && check_import) {
1128                 skp = size ? smk_import_entry(value, size) : NULL;
1129                 if (IS_ERR(skp))
1130                         rc = PTR_ERR(skp);
1131                 else if (skp == NULL || (check_star &&
1132                     (skp == &smack_known_star || skp == &smack_known_web)))
1133                         rc = -EINVAL;
1134         }
1135 
1136         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1137         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1138 
1139         if (rc == 0) {
1140                 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1141                 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1142         }
1143 
1144         return rc;
1145 }
1146 
1147 /**
1148  * smack_inode_post_setxattr - Apply the Smack update approved above
1149  * @dentry: object
1150  * @name: attribute name
1151  * @value: attribute value
1152  * @size: attribute size
1153  * @flags: unused
1154  *
1155  * Set the pointer in the inode blob to the entry found
1156  * in the master label list.
1157  */
1158 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1159                                       const void *value, size_t size, int flags)
1160 {
1161         struct smack_known *skp;
1162         struct inode_smack *isp = d_backing_inode(dentry)->i_security;
1163 
1164         if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1165                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1166                 return;
1167         }
1168 
1169         if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1170                 skp = smk_import_entry(value, size);
1171                 if (!IS_ERR(skp))
1172                         isp->smk_inode = skp;
1173                 else
1174                         isp->smk_inode = &smack_known_invalid;
1175         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1176                 skp = smk_import_entry(value, size);
1177                 if (!IS_ERR(skp))
1178                         isp->smk_task = skp;
1179                 else
1180                         isp->smk_task = &smack_known_invalid;
1181         } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1182                 skp = smk_import_entry(value, size);
1183                 if (!IS_ERR(skp))
1184                         isp->smk_mmap = skp;
1185                 else
1186                         isp->smk_mmap = &smack_known_invalid;
1187         }
1188 
1189         return;
1190 }
1191 
1192 /**
1193  * smack_inode_getxattr - Smack check on getxattr
1194  * @dentry: the object
1195  * @name: unused
1196  *
1197  * Returns 0 if access is permitted, an error code otherwise
1198  */
1199 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1200 {
1201         struct smk_audit_info ad;
1202         int rc;
1203 
1204         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1205         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1206 
1207         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1208         rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1209         return rc;
1210 }
1211 
1212 /**
1213  * smack_inode_removexattr - Smack check on removexattr
1214  * @dentry: the object
1215  * @name: name of the attribute
1216  *
1217  * Removing the Smack attribute requires CAP_MAC_ADMIN
1218  *
1219  * Returns 0 if access is permitted, an error code otherwise
1220  */
1221 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1222 {
1223         struct inode_smack *isp;
1224         struct smk_audit_info ad;
1225         int rc = 0;
1226 
1227         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1228             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1229             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1230             strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1231             strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1232             strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1233                 if (!smack_privileged(CAP_MAC_ADMIN))
1234                         rc = -EPERM;
1235         } else
1236                 rc = cap_inode_removexattr(dentry, name);
1237 
1238         if (rc != 0)
1239                 return rc;
1240 
1241         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1242         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1243 
1244         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1245         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1246         if (rc != 0)
1247                 return rc;
1248 
1249         isp = d_backing_inode(dentry)->i_security;
1250         /*
1251          * Don't do anything special for these.
1252          *      XATTR_NAME_SMACKIPIN
1253          *      XATTR_NAME_SMACKIPOUT
1254          *      XATTR_NAME_SMACKEXEC
1255          */
1256         if (strcmp(name, XATTR_NAME_SMACK) == 0)
1257                 isp->smk_task = NULL;
1258         else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1259                 isp->smk_mmap = NULL;
1260         else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1261                 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1262 
1263         return 0;
1264 }
1265 
1266 /**
1267  * smack_inode_getsecurity - get smack xattrs
1268  * @inode: the object
1269  * @name: attribute name
1270  * @buffer: where to put the result
1271  * @alloc: unused
1272  *
1273  * Returns the size of the attribute or an error code
1274  */
1275 static int smack_inode_getsecurity(const struct inode *inode,
1276                                    const char *name, void **buffer,
1277                                    bool alloc)
1278 {
1279         struct socket_smack *ssp;
1280         struct socket *sock;
1281         struct super_block *sbp;
1282         struct inode *ip = (struct inode *)inode;
1283         struct smack_known *isp;
1284         int ilen;
1285         int rc = 0;
1286 
1287         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1288                 isp = smk_of_inode(inode);
1289                 ilen = strlen(isp->smk_known);
1290                 *buffer = isp->smk_known;
1291                 return ilen;
1292         }
1293 
1294         /*
1295          * The rest of the Smack xattrs are only on sockets.
1296          */
1297         sbp = ip->i_sb;
1298         if (sbp->s_magic != SOCKFS_MAGIC)
1299                 return -EOPNOTSUPP;
1300 
1301         sock = SOCKET_I(ip);
1302         if (sock == NULL || sock->sk == NULL)
1303                 return -EOPNOTSUPP;
1304 
1305         ssp = sock->sk->sk_security;
1306 
1307         if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1308                 isp = ssp->smk_in;
1309         else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1310                 isp = ssp->smk_out;
1311         else
1312                 return -EOPNOTSUPP;
1313 
1314         ilen = strlen(isp->smk_known);
1315         if (rc == 0) {
1316                 *buffer = isp->smk_known;
1317                 rc = ilen;
1318         }
1319 
1320         return rc;
1321 }
1322 
1323 
1324 /**
1325  * smack_inode_listsecurity - list the Smack attributes
1326  * @inode: the object
1327  * @buffer: where they go
1328  * @buffer_size: size of buffer
1329  *
1330  * Returns 0 on success, -EINVAL otherwise
1331  */
1332 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1333                                     size_t buffer_size)
1334 {
1335         int len = sizeof(XATTR_NAME_SMACK);
1336 
1337         if (buffer != NULL && len <= buffer_size)
1338                 memcpy(buffer, XATTR_NAME_SMACK, len);
1339 
1340         return len;
1341 }
1342 
1343 /**
1344  * smack_inode_getsecid - Extract inode's security id
1345  * @inode: inode to extract the info from
1346  * @secid: where result will be saved
1347  */
1348 static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1349 {
1350         struct inode_smack *isp = inode->i_security;
1351 
1352         *secid = isp->smk_inode->smk_secid;
1353 }
1354 
1355 /*
1356  * File Hooks
1357  */
1358 
1359 /**
1360  * smack_file_permission - Smack check on file operations
1361  * @file: unused
1362  * @mask: unused
1363  *
1364  * Returns 0
1365  *
1366  * Should access checks be done on each read or write?
1367  * UNICOS and SELinux say yes.
1368  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1369  *
1370  * I'll say no for now. Smack does not do the frequent
1371  * label changing that SELinux does.
1372  */
1373 static int smack_file_permission(struct file *file, int mask)
1374 {
1375         return 0;
1376 }
1377 
1378 /**
1379  * smack_file_alloc_security - assign a file security blob
1380  * @file: the object
1381  *
1382  * The security blob for a file is a pointer to the master
1383  * label list, so no allocation is done.
1384  *
1385  * f_security is the owner security information. It
1386  * isn't used on file access checks, it's for send_sigio.
1387  *
1388  * Returns 0
1389  */
1390 static int smack_file_alloc_security(struct file *file)
1391 {
1392         struct smack_known *skp = smk_of_current();
1393 
1394         file->f_security = skp;
1395         return 0;
1396 }
1397 
1398 /**
1399  * smack_file_free_security - clear a file security blob
1400  * @file: the object
1401  *
1402  * The security blob for a file is a pointer to the master
1403  * label list, so no memory is freed.
1404  */
1405 static void smack_file_free_security(struct file *file)
1406 {
1407         file->f_security = NULL;
1408 }
1409 
1410 /**
1411  * smack_file_ioctl - Smack check on ioctls
1412  * @file: the object
1413  * @cmd: what to do
1414  * @arg: unused
1415  *
1416  * Relies heavily on the correct use of the ioctl command conventions.
1417  *
1418  * Returns 0 if allowed, error code otherwise
1419  */
1420 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1421                             unsigned long arg)
1422 {
1423         int rc = 0;
1424         struct smk_audit_info ad;
1425         struct inode *inode = file_inode(file);
1426 
1427         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1428         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1429 
1430         if (_IOC_DIR(cmd) & _IOC_WRITE) {
1431                 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1432                 rc = smk_bu_file(file, MAY_WRITE, rc);
1433         }
1434 
1435         if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1436                 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1437                 rc = smk_bu_file(file, MAY_READ, rc);
1438         }
1439 
1440         return rc;
1441 }
1442 
1443 /**
1444  * smack_file_lock - Smack check on file locking
1445  * @file: the object
1446  * @cmd: unused
1447  *
1448  * Returns 0 if current has lock access, error code otherwise
1449  */
1450 static int smack_file_lock(struct file *file, unsigned int cmd)
1451 {
1452         struct smk_audit_info ad;
1453         int rc;
1454         struct inode *inode = file_inode(file);
1455 
1456         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1457         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1458         rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1459         rc = smk_bu_file(file, MAY_LOCK, rc);
1460         return rc;
1461 }
1462 
1463 /**
1464  * smack_file_fcntl - Smack check on fcntl
1465  * @file: the object
1466  * @cmd: what action to check
1467  * @arg: unused
1468  *
1469  * Generally these operations are harmless.
1470  * File locking operations present an obvious mechanism
1471  * for passing information, so they require write access.
1472  *
1473  * Returns 0 if current has access, error code otherwise
1474  */
1475 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1476                             unsigned long arg)
1477 {
1478         struct smk_audit_info ad;
1479         int rc = 0;
1480         struct inode *inode = file_inode(file);
1481 
1482         switch (cmd) {
1483         case F_GETLK:
1484                 break;
1485         case F_SETLK:
1486         case F_SETLKW:
1487                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1488                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1489                 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1490                 rc = smk_bu_file(file, MAY_LOCK, rc);
1491                 break;
1492         case F_SETOWN:
1493         case F_SETSIG:
1494                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1495                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1496                 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1497                 rc = smk_bu_file(file, MAY_WRITE, rc);
1498                 break;
1499         default:
1500                 break;
1501         }
1502 
1503         return rc;
1504 }
1505 
1506 /**
1507  * smack_mmap_file :
1508  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1509  * if mapping anonymous memory.
1510  * @file contains the file structure for file to map (may be NULL).
1511  * @reqprot contains the protection requested by the application.
1512  * @prot contains the protection that will be applied by the kernel.
1513  * @flags contains the operational flags.
1514  * Return 0 if permission is granted.
1515  */
1516 static int smack_mmap_file(struct file *file,
1517                            unsigned long reqprot, unsigned long prot,
1518                            unsigned long flags)
1519 {
1520         struct smack_known *skp;
1521         struct smack_known *mkp;
1522         struct smack_rule *srp;
1523         struct task_smack *tsp;
1524         struct smack_known *okp;
1525         struct inode_smack *isp;
1526         int may;
1527         int mmay;
1528         int tmay;
1529         int rc;
1530 
1531         if (file == NULL)
1532                 return 0;
1533 
1534         isp = file_inode(file)->i_security;
1535         if (isp->smk_mmap == NULL)
1536                 return 0;
1537         mkp = isp->smk_mmap;
1538 
1539         tsp = current_security();
1540         skp = smk_of_current();
1541         rc = 0;
1542 
1543         rcu_read_lock();
1544         /*
1545          * For each Smack rule associated with the subject
1546          * label verify that the SMACK64MMAP also has access
1547          * to that rule's object label.
1548          */
1549         list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1550                 okp = srp->smk_object;
1551                 /*
1552                  * Matching labels always allows access.
1553                  */
1554                 if (mkp->smk_known == okp->smk_known)
1555                         continue;
1556                 /*
1557                  * If there is a matching local rule take
1558                  * that into account as well.
1559                  */
1560                 may = smk_access_entry(srp->smk_subject->smk_known,
1561                                        okp->smk_known,
1562                                        &tsp->smk_rules);
1563                 if (may == -ENOENT)
1564                         may = srp->smk_access;
1565                 else
1566                         may &= srp->smk_access;
1567                 /*
1568                  * If may is zero the SMACK64MMAP subject can't
1569                  * possibly have less access.
1570                  */
1571                 if (may == 0)
1572                         continue;
1573 
1574                 /*
1575                  * Fetch the global list entry.
1576                  * If there isn't one a SMACK64MMAP subject
1577                  * can't have as much access as current.
1578                  */
1579                 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1580                                         &mkp->smk_rules);
1581                 if (mmay == -ENOENT) {
1582                         rc = -EACCES;
1583                         break;
1584                 }
1585                 /*
1586                  * If there is a local entry it modifies the
1587                  * potential access, too.
1588                  */
1589                 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1590                                         &tsp->smk_rules);
1591                 if (tmay != -ENOENT)
1592                         mmay &= tmay;
1593 
1594                 /*
1595                  * If there is any access available to current that is
1596                  * not available to a SMACK64MMAP subject
1597                  * deny access.
1598                  */
1599                 if ((may | mmay) != mmay) {
1600                         rc = -EACCES;
1601                         break;
1602                 }
1603         }
1604 
1605         rcu_read_unlock();
1606 
1607         return rc;
1608 }
1609 
1610 /**
1611  * smack_file_set_fowner - set the file security blob value
1612  * @file: object in question
1613  *
1614  */
1615 static void smack_file_set_fowner(struct file *file)
1616 {
1617         file->f_security = smk_of_current();
1618 }
1619 
1620 /**
1621  * smack_file_send_sigiotask - Smack on sigio
1622  * @tsk: The target task
1623  * @fown: the object the signal come from
1624  * @signum: unused
1625  *
1626  * Allow a privileged task to get signals even if it shouldn't
1627  *
1628  * Returns 0 if a subject with the object's smack could
1629  * write to the task, an error code otherwise.
1630  */
1631 static int smack_file_send_sigiotask(struct task_struct *tsk,
1632                                      struct fown_struct *fown, int signum)
1633 {
1634         struct smack_known *skp;
1635         struct smack_known *tkp = smk_of_task(tsk->cred->security);
1636         struct file *file;
1637         int rc;
1638         struct smk_audit_info ad;
1639 
1640         /*
1641          * struct fown_struct is never outside the context of a struct file
1642          */
1643         file = container_of(fown, struct file, f_owner);
1644 
1645         /* we don't log here as rc can be overriden */
1646         skp = file->f_security;
1647         rc = smk_access(skp, tkp, MAY_WRITE, NULL);
1648         rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc);
1649         if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1650                 rc = 0;
1651 
1652         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1653         smk_ad_setfield_u_tsk(&ad, tsk);
1654         smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad);
1655         return rc;
1656 }
1657 
1658 /**
1659  * smack_file_receive - Smack file receive check
1660  * @file: the object
1661  *
1662  * Returns 0 if current has access, error code otherwise
1663  */
1664 static int smack_file_receive(struct file *file)
1665 {
1666         int rc;
1667         int may = 0;
1668         struct smk_audit_info ad;
1669         struct inode *inode = file_inode(file);
1670 
1671         if (unlikely(IS_PRIVATE(inode)))
1672                 return 0;
1673 
1674         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1675         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1676         /*
1677          * This code relies on bitmasks.
1678          */
1679         if (file->f_mode & FMODE_READ)
1680                 may = MAY_READ;
1681         if (file->f_mode & FMODE_WRITE)
1682                 may |= MAY_WRITE;
1683 
1684         rc = smk_curacc(smk_of_inode(inode), may, &ad);
1685         rc = smk_bu_file(file, may, rc);
1686         return rc;
1687 }
1688 
1689 /**
1690  * smack_file_open - Smack dentry open processing
1691  * @file: the object
1692  * @cred: task credential
1693  *
1694  * Set the security blob in the file structure.
1695  * Allow the open only if the task has read access. There are
1696  * many read operations (e.g. fstat) that you can do with an
1697  * fd even if you have the file open write-only.
1698  *
1699  * Returns 0
1700  */
1701 static int smack_file_open(struct file *file, const struct cred *cred)
1702 {
1703         struct task_smack *tsp = cred->security;
1704         struct inode *inode = file_inode(file);
1705         struct smk_audit_info ad;
1706         int rc;
1707 
1708         if (smack_privileged(CAP_MAC_OVERRIDE))
1709                 return 0;
1710 
1711         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1712         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1713         rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad);
1714         rc = smk_bu_credfile(cred, file, MAY_READ, rc);
1715 
1716         return rc;
1717 }
1718 
1719 /*
1720  * Task hooks
1721  */
1722 
1723 /**
1724  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1725  * @new: the new credentials
1726  * @gfp: the atomicity of any memory allocations
1727  *
1728  * Prepare a blank set of credentials for modification.  This must allocate all
1729  * the memory the LSM module might require such that cred_transfer() can
1730  * complete without error.
1731  */
1732 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1733 {
1734         struct task_smack *tsp;
1735 
1736         tsp = new_task_smack(NULL, NULL, gfp);
1737         if (tsp == NULL)
1738                 return -ENOMEM;
1739 
1740         cred->security = tsp;
1741 
1742         return 0;
1743 }
1744 
1745 
1746 /**
1747  * smack_cred_free - "free" task-level security credentials
1748  * @cred: the credentials in question
1749  *
1750  */
1751 static void smack_cred_free(struct cred *cred)
1752 {
1753         struct task_smack *tsp = cred->security;
1754         struct smack_rule *rp;
1755         struct list_head *l;
1756         struct list_head *n;
1757 
1758         if (tsp == NULL)
1759                 return;
1760         cred->security = NULL;
1761 
1762         list_for_each_safe(l, n, &tsp->smk_rules) {
1763                 rp = list_entry(l, struct smack_rule, list);
1764                 list_del(&rp->list);
1765                 kfree(rp);
1766         }
1767         kfree(tsp);
1768 }
1769 
1770 /**
1771  * smack_cred_prepare - prepare new set of credentials for modification
1772  * @new: the new credentials
1773  * @old: the original credentials
1774  * @gfp: the atomicity of any memory allocations
1775  *
1776  * Prepare a new set of credentials for modification.
1777  */
1778 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1779                               gfp_t gfp)
1780 {
1781         struct task_smack *old_tsp = old->security;
1782         struct task_smack *new_tsp;
1783         int rc;
1784 
1785         new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1786         if (new_tsp == NULL)
1787                 return -ENOMEM;
1788 
1789         rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1790         if (rc != 0)
1791                 return rc;
1792 
1793         new->security = new_tsp;
1794         return 0;
1795 }
1796 
1797 /**
1798  * smack_cred_transfer - Transfer the old credentials to the new credentials
1799  * @new: the new credentials
1800  * @old: the original credentials
1801  *
1802  * Fill in a set of blank credentials from another set of credentials.
1803  */
1804 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1805 {
1806         struct task_smack *old_tsp = old->security;
1807         struct task_smack *new_tsp = new->security;
1808 
1809         new_tsp->smk_task = old_tsp->smk_task;
1810         new_tsp->smk_forked = old_tsp->smk_task;
1811         mutex_init(&new_tsp->smk_rules_lock);
1812         INIT_LIST_HEAD(&new_tsp->smk_rules);
1813 
1814 
1815         /* cbs copy rule list */
1816 }
1817 
1818 /**
1819  * smack_kernel_act_as - Set the subjective context in a set of credentials
1820  * @new: points to the set of credentials to be modified.
1821  * @secid: specifies the security ID to be set
1822  *
1823  * Set the security data for a kernel service.
1824  */
1825 static int smack_kernel_act_as(struct cred *new, u32 secid)
1826 {
1827         struct task_smack *new_tsp = new->security;
1828         struct smack_known *skp = smack_from_secid(secid);
1829 
1830         if (skp == NULL)
1831                 return -EINVAL;
1832 
1833         new_tsp->smk_task = skp;
1834         return 0;
1835 }
1836 
1837 /**
1838  * smack_kernel_create_files_as - Set the file creation label in a set of creds
1839  * @new: points to the set of credentials to be modified
1840  * @inode: points to the inode to use as a reference
1841  *
1842  * Set the file creation context in a set of credentials to the same
1843  * as the objective context of the specified inode
1844  */
1845 static int smack_kernel_create_files_as(struct cred *new,
1846                                         struct inode *inode)
1847 {
1848         struct inode_smack *isp = inode->i_security;
1849         struct task_smack *tsp = new->security;
1850 
1851         tsp->smk_forked = isp->smk_inode;
1852         tsp->smk_task = tsp->smk_forked;
1853         return 0;
1854 }
1855 
1856 /**
1857  * smk_curacc_on_task - helper to log task related access
1858  * @p: the task object
1859  * @access: the access requested
1860  * @caller: name of the calling function for audit
1861  *
1862  * Return 0 if access is permitted
1863  */
1864 static int smk_curacc_on_task(struct task_struct *p, int access,
1865                                 const char *caller)
1866 {
1867         struct smk_audit_info ad;
1868         struct smack_known *skp = smk_of_task_struct(p);
1869         int rc;
1870 
1871         smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1872         smk_ad_setfield_u_tsk(&ad, p);
1873         rc = smk_curacc(skp, access, &ad);
1874         rc = smk_bu_task(p, access, rc);
1875         return rc;
1876 }
1877 
1878 /**
1879  * smack_task_setpgid - Smack check on setting pgid
1880  * @p: the task object
1881  * @pgid: unused
1882  *
1883  * Return 0 if write access is permitted
1884  */
1885 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1886 {
1887         return smk_curacc_on_task(p, MAY_WRITE, __func__);
1888 }
1889 
1890 /**
1891  * smack_task_getpgid - Smack access check for getpgid
1892  * @p: the object task
1893  *
1894  * Returns 0 if current can read the object task, error code otherwise
1895  */
1896 static int smack_task_getpgid(struct task_struct *p)
1897 {
1898         return smk_curacc_on_task(p, MAY_READ, __func__);
1899 }
1900 
1901 /**
1902  * smack_task_getsid - Smack access check for getsid
1903  * @p: the object task
1904  *
1905  * Returns 0 if current can read the object task, error code otherwise
1906  */
1907 static int smack_task_getsid(struct task_struct *p)
1908 {
1909         return smk_curacc_on_task(p, MAY_READ, __func__);
1910 }
1911 
1912 /**
1913  * smack_task_getsecid - get the secid of the task
1914  * @p: the object task
1915  * @secid: where to put the result
1916  *
1917  * Sets the secid to contain a u32 version of the smack label.
1918  */
1919 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1920 {
1921         struct smack_known *skp = smk_of_task_struct(p);
1922 
1923         *secid = skp->smk_secid;
1924 }
1925 
1926 /**
1927  * smack_task_setnice - Smack check on setting nice
1928  * @p: the task object
1929  * @nice: unused
1930  *
1931  * Return 0 if write access is permitted
1932  */
1933 static int smack_task_setnice(struct task_struct *p, int nice)
1934 {
1935         return smk_curacc_on_task(p, MAY_WRITE, __func__);
1936 }
1937 
1938 /**
1939  * smack_task_setioprio - Smack check on setting ioprio
1940  * @p: the task object
1941  * @ioprio: unused
1942  *
1943  * Return 0 if write access is permitted
1944  */
1945 static int smack_task_setioprio(struct task_struct *p, int ioprio)
1946 {
1947         return smk_curacc_on_task(p, MAY_WRITE, __func__);
1948 }
1949 
1950 /**
1951  * smack_task_getioprio - Smack check on reading ioprio
1952  * @p: the task object
1953  *
1954  * Return 0 if read access is permitted
1955  */
1956 static int smack_task_getioprio(struct task_struct *p)
1957 {
1958         return smk_curacc_on_task(p, MAY_READ, __func__);
1959 }
1960 
1961 /**
1962  * smack_task_setscheduler - Smack check on setting scheduler
1963  * @p: the task object
1964  * @policy: unused
1965  * @lp: unused
1966  *
1967  * Return 0 if read access is permitted
1968  */
1969 static int smack_task_setscheduler(struct task_struct *p)
1970 {
1971         return smk_curacc_on_task(p, MAY_WRITE, __func__);
1972 }
1973 
1974 /**
1975  * smack_task_getscheduler - Smack check on reading scheduler
1976  * @p: the task object
1977  *
1978  * Return 0 if read access is permitted
1979  */
1980 static int smack_task_getscheduler(struct task_struct *p)
1981 {
1982         return smk_curacc_on_task(p, MAY_READ, __func__);
1983 }
1984 
1985 /**
1986  * smack_task_movememory - Smack check on moving memory
1987  * @p: the task object
1988  *
1989  * Return 0 if write access is permitted
1990  */
1991 static int smack_task_movememory(struct task_struct *p)
1992 {
1993         return smk_curacc_on_task(p, MAY_WRITE, __func__);
1994 }
1995 
1996 /**
1997  * smack_task_kill - Smack check on signal delivery
1998  * @p: the task object
1999  * @info: unused
2000  * @sig: unused
2001  * @secid: identifies the smack to use in lieu of current's
2002  *
2003  * Return 0 if write access is permitted
2004  *
2005  * The secid behavior is an artifact of an SELinux hack
2006  * in the USB code. Someday it may go away.
2007  */
2008 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
2009                            int sig, u32 secid)
2010 {
2011         struct smk_audit_info ad;
2012         struct smack_known *skp;
2013         struct smack_known *tkp = smk_of_task_struct(p);
2014         int rc;
2015 
2016         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2017         smk_ad_setfield_u_tsk(&ad, p);
2018         /*
2019          * Sending a signal requires that the sender
2020          * can write the receiver.
2021          */
2022         if (secid == 0) {
2023                 rc = smk_curacc(tkp, MAY_WRITE, &ad);
2024                 rc = smk_bu_task(p, MAY_WRITE, rc);
2025                 return rc;
2026         }
2027         /*
2028          * If the secid isn't 0 we're dealing with some USB IO
2029          * specific behavior. This is not clean. For one thing
2030          * we can't take privilege into account.
2031          */
2032         skp = smack_from_secid(secid);
2033         rc = smk_access(skp, tkp, MAY_WRITE, &ad);
2034         rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc);
2035         return rc;
2036 }
2037 
2038 /**
2039  * smack_task_wait - Smack access check for waiting
2040  * @p: task to wait for
2041  *
2042  * Returns 0
2043  */
2044 static int smack_task_wait(struct task_struct *p)
2045 {
2046         /*
2047          * Allow the operation to succeed.
2048          * Zombies are bad.
2049          * In userless environments (e.g. phones) programs
2050          * get marked with SMACK64EXEC and even if the parent
2051          * and child shouldn't be talking the parent still
2052          * may expect to know when the child exits.
2053          */
2054         return 0;
2055 }
2056 
2057 /**
2058  * smack_task_to_inode - copy task smack into the inode blob
2059  * @p: task to copy from
2060  * @inode: inode to copy to
2061  *
2062  * Sets the smack pointer in the inode security blob
2063  */
2064 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2065 {
2066         struct inode_smack *isp = inode->i_security;
2067         struct smack_known *skp = smk_of_task_struct(p);
2068 
2069         isp->smk_inode = skp;
2070 }
2071 
2072 /*
2073  * Socket hooks.
2074  */
2075 
2076 /**
2077  * smack_sk_alloc_security - Allocate a socket blob
2078  * @sk: the socket
2079  * @family: unused
2080  * @gfp_flags: memory allocation flags
2081  *
2082  * Assign Smack pointers to current
2083  *
2084  * Returns 0 on success, -ENOMEM is there's no memory
2085  */
2086 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2087 {
2088         struct smack_known *skp = smk_of_current();
2089         struct socket_smack *ssp;
2090 
2091         ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2092         if (ssp == NULL)
2093                 return -ENOMEM;
2094 
2095         ssp->smk_in = skp;
2096         ssp->smk_out = skp;
2097         ssp->smk_packet = NULL;
2098 
2099         sk->sk_security = ssp;
2100 
2101         return 0;
2102 }
2103 
2104 /**
2105  * smack_sk_free_security - Free a socket blob
2106  * @sk: the socket
2107  *
2108  * Clears the blob pointer
2109  */
2110 static void smack_sk_free_security(struct sock *sk)
2111 {
2112         kfree(sk->sk_security);
2113 }
2114 
2115 /**
2116 * smack_host_label - check host based restrictions
2117 * @sip: the object end
2118 *
2119 * looks for host based access restrictions
2120 *
2121 * This version will only be appropriate for really small sets of single label
2122 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2123 * taken before calling this function.
2124 *
2125 * Returns the label of the far end or NULL if it's not special.
2126 */
2127 static struct smack_known *smack_host_label(struct sockaddr_in *sip)
2128 {
2129         struct smk_netlbladdr *snp;
2130         struct in_addr *siap = &sip->sin_addr;
2131 
2132         if (siap->s_addr == 0)
2133                 return NULL;
2134 
2135         list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
2136                 /*
2137                 * we break after finding the first match because
2138                 * the list is sorted from longest to shortest mask
2139                 * so we have found the most specific match
2140                 */
2141                 if ((&snp->smk_host.sin_addr)->s_addr ==
2142                     (siap->s_addr & (&snp->smk_mask)->s_addr)) {
2143                         /* we have found the special CIPSO option */
2144                         if (snp->smk_label == &smack_cipso_option)
2145                                 return NULL;
2146                         return snp->smk_label;
2147                 }
2148 
2149         return NULL;
2150 }
2151 
2152 /**
2153  * smack_netlabel - Set the secattr on a socket
2154  * @sk: the socket
2155  * @labeled: socket label scheme
2156  *
2157  * Convert the outbound smack value (smk_out) to a
2158  * secattr and attach it to the socket.
2159  *
2160  * Returns 0 on success or an error code
2161  */
2162 static int smack_netlabel(struct sock *sk, int labeled)
2163 {
2164         struct smack_known *skp;
2165         struct socket_smack *ssp = sk->sk_security;
2166         int rc = 0;
2167 
2168         /*
2169          * Usually the netlabel code will handle changing the
2170          * packet labeling based on the label.
2171          * The case of a single label host is different, because
2172          * a single label host should never get a labeled packet
2173          * even though the label is usually associated with a packet
2174          * label.
2175          */
2176         local_bh_disable();
2177         bh_lock_sock_nested(sk);
2178 
2179         if (ssp->smk_out == smack_net_ambient ||
2180             labeled == SMACK_UNLABELED_SOCKET)
2181                 netlbl_sock_delattr(sk);
2182         else {
2183                 skp = ssp->smk_out;
2184                 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2185         }
2186 
2187         bh_unlock_sock(sk);
2188         local_bh_enable();
2189 
2190         return rc;
2191 }
2192 
2193 /**
2194  * smack_netlbel_send - Set the secattr on a socket and perform access checks
2195  * @sk: the socket
2196  * @sap: the destination address
2197  *
2198  * Set the correct secattr for the given socket based on the destination
2199  * address and perform any outbound access checks needed.
2200  *
2201  * Returns 0 on success or an error code.
2202  *
2203  */
2204 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2205 {
2206         struct smack_known *skp;
2207         int rc;
2208         int sk_lbl;
2209         struct smack_known *hkp;
2210         struct socket_smack *ssp = sk->sk_security;
2211         struct smk_audit_info ad;
2212 
2213         rcu_read_lock();
2214         hkp = smack_host_label(sap);
2215         if (hkp != NULL) {
2216 #ifdef CONFIG_AUDIT
2217                 struct lsm_network_audit net;
2218 
2219                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2220                 ad.a.u.net->family = sap->sin_family;
2221                 ad.a.u.net->dport = sap->sin_port;
2222                 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2223 #endif
2224                 sk_lbl = SMACK_UNLABELED_SOCKET;
2225                 skp = ssp->smk_out;
2226                 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2227                 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2228         } else {
2229                 sk_lbl = SMACK_CIPSO_SOCKET;
2230                 rc = 0;
2231         }
2232         rcu_read_unlock();
2233         if (rc != 0)
2234                 return rc;
2235 
2236         return smack_netlabel(sk, sk_lbl);
2237 }
2238 
2239 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
2240 /**
2241  * smk_ipv6_port_label - Smack port access table management
2242  * @sock: socket
2243  * @address: address
2244  *
2245  * Create or update the port list entry
2246  */
2247 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2248 {
2249         struct sock *sk = sock->sk;
2250         struct sockaddr_in6 *addr6;
2251         struct socket_smack *ssp = sock->sk->sk_security;
2252         struct smk_port_label *spp;
2253         unsigned short port = 0;
2254 
2255         if (address == NULL) {
2256                 /*
2257                  * This operation is changing the Smack information
2258                  * on the bound socket. Take the changes to the port
2259                  * as well.
2260                  */
2261                 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2262                         if (sk != spp->smk_sock)
2263                                 continue;
2264                         spp->smk_in = ssp->smk_in;
2265                         spp->smk_out = ssp->smk_out;
2266                         return;
2267                 }
2268                 /*
2269                  * A NULL address is only used for updating existing
2270                  * bound entries. If there isn't one, it's OK.
2271                  */
2272                 return;
2273         }
2274 
2275         addr6 = (struct sockaddr_in6 *)address;
2276         port = ntohs(addr6->sin6_port);
2277         /*
2278          * This is a special case that is safely ignored.
2279          */
2280         if (port == 0)
2281                 return;
2282 
2283         /*
2284          * Look for an existing port list entry.
2285          * This is an indication that a port is getting reused.
2286          */
2287         list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2288                 if (spp->smk_port != port)
2289                         continue;
2290                 spp->smk_port = port;
2291                 spp->smk_sock = sk;
2292                 spp->smk_in = ssp->smk_in;
2293                 spp->smk_out = ssp->smk_out;
2294                 return;
2295         }
2296 
2297         /*
2298          * A new port entry is required.
2299          */
2300         spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2301         if (spp == NULL)
2302                 return;
2303 
2304         spp->smk_port = port;
2305         spp->smk_sock = sk;
2306         spp->smk_in = ssp->smk_in;
2307         spp->smk_out = ssp->smk_out;
2308 
2309         list_add(&spp->list, &smk_ipv6_port_list);
2310         return;
2311 }
2312 
2313 /**
2314  * smk_ipv6_port_check - check Smack port access
2315  * @sock: socket
2316  * @address: address
2317  *
2318  * Create or update the port list entry
2319  */
2320 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2321                                 int act)
2322 {
2323         __be16 *bep;
2324         __be32 *be32p;
2325         struct smk_port_label *spp;
2326         struct socket_smack *ssp = sk->sk_security;
2327         struct smack_known *skp;
2328         unsigned short port = 0;
2329         struct smack_known *object;
2330         struct smk_audit_info ad;
2331         int rc;
2332 #ifdef CONFIG_AUDIT
2333         struct lsm_network_audit net;
2334 #endif
2335 
2336         if (act == SMK_RECEIVING) {
2337                 skp = smack_net_ambient;
2338                 object = ssp->smk_in;
2339         } else {
2340                 skp = ssp->smk_out;
2341                 object = smack_net_ambient;
2342         }
2343 
2344         /*
2345          * Get the IP address and port from the address.
2346          */
2347         port = ntohs(address->sin6_port);
2348         bep = (__be16 *)(&address->sin6_addr);
2349         be32p = (__be32 *)(&address->sin6_addr);
2350 
2351         /*
2352          * It's remote, so port lookup does no good.
2353          */
2354         if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1)
2355                 goto auditout;
2356 
2357         /*
2358          * It's local so the send check has to have passed.
2359          */
2360         if (act == SMK_RECEIVING) {
2361                 skp = &smack_known_web;
2362                 goto auditout;
2363         }
2364 
2365         list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2366                 if (spp->smk_port != port)
2367                         continue;
2368                 object = spp->smk_in;
2369                 if (act == SMK_CONNECTING)
2370                         ssp->smk_packet = spp->smk_out;
2371                 break;
2372         }
2373 
2374 auditout:
2375 
2376 #ifdef CONFIG_AUDIT
2377         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2378         ad.a.u.net->family = sk->sk_family;
2379         ad.a.u.net->dport = port;
2380         if (act == SMK_RECEIVING)
2381                 ad.a.u.net->v6info.saddr = address->sin6_addr;
2382         else
2383                 ad.a.u.net->v6info.daddr = address->sin6_addr;
2384 #endif
2385         rc = smk_access(skp, object, MAY_WRITE, &ad);
2386         rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
2387         return rc;
2388 }
2389 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
2390 
2391 /**
2392  * smack_inode_setsecurity - set smack xattrs
2393  * @inode: the object
2394  * @name: attribute name
2395  * @value: attribute value
2396  * @size: size of the attribute
2397  * @flags: unused
2398  *
2399  * Sets the named attribute in the appropriate blob
2400  *
2401  * Returns 0 on success, or an error code
2402  */
2403 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2404                                    const void *value, size_t size, int flags)
2405 {
2406         struct smack_known *skp;
2407         struct inode_smack *nsp = inode->i_security;
2408         struct socket_smack *ssp;
2409         struct socket *sock;
2410         int rc = 0;
2411 
2412         if (value == NULL || size > SMK_LONGLABEL || size == 0)
2413                 return -EINVAL;
2414 
2415         skp = smk_import_entry(value, size);
2416         if (IS_ERR(skp))
2417                 return PTR_ERR(skp);
2418 
2419         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2420                 nsp->smk_inode = skp;
2421                 nsp->smk_flags |= SMK_INODE_INSTANT;
2422                 return 0;
2423         }
2424         /*
2425          * The rest of the Smack xattrs are only on sockets.
2426          */
2427         if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2428                 return -EOPNOTSUPP;
2429 
2430         sock = SOCKET_I(inode);
2431         if (sock == NULL || sock->sk == NULL)
2432                 return -EOPNOTSUPP;
2433 
2434         ssp = sock->sk->sk_security;
2435 
2436         if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2437                 ssp->smk_in = skp;
2438         else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2439                 ssp->smk_out = skp;
2440                 if (sock->sk->sk_family == PF_INET) {
2441                         rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2442                         if (rc != 0)
2443                                 printk(KERN_WARNING
2444                                         "Smack: \"%s\" netlbl error %d.\n",
2445                                         __func__, -rc);
2446                 }
2447         } else
2448                 return -EOPNOTSUPP;
2449 
2450 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
2451         if (sock->sk->sk_family == PF_INET6)
2452                 smk_ipv6_port_label(sock, NULL);
2453 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
2454 
2455         return 0;
2456 }
2457 
2458 /**
2459  * smack_socket_post_create - finish socket setup
2460  * @sock: the socket
2461  * @family: protocol family
2462  * @type: unused
2463  * @protocol: unused
2464  * @kern: unused
2465  *
2466  * Sets the netlabel information on the socket
2467  *
2468  * Returns 0 on success, and error code otherwise
2469  */
2470 static int smack_socket_post_create(struct socket *sock, int family,
2471                                     int type, int protocol, int kern)
2472 {
2473         struct socket_smack *ssp;
2474 
2475         if (sock->sk == NULL)
2476                 return 0;
2477 
2478         /*
2479          * Sockets created by kernel threads receive web label.
2480          */
2481         if (unlikely(current->flags & PF_KTHREAD)) {
2482                 ssp = sock->sk->sk_security;
2483                 ssp->smk_in = &smack_known_web;
2484                 ssp->smk_out = &smack_known_web;
2485         }
2486 
2487         if (family != PF_INET)
2488                 return 0;
2489         /*
2490          * Set the outbound netlbl.
2491          */
2492         return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2493 }
2494 
2495 #ifndef CONFIG_SECURITY_SMACK_NETFILTER
2496 /**
2497  * smack_socket_bind - record port binding information.
2498  * @sock: the socket
2499  * @address: the port address
2500  * @addrlen: size of the address
2501  *
2502  * Records the label bound to a port.
2503  *
2504  * Returns 0
2505  */
2506 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2507                                 int addrlen)
2508 {
2509 #if IS_ENABLED(CONFIG_IPV6)
2510         if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2511                 smk_ipv6_port_label(sock, address);
2512 #endif
2513 
2514         return 0;
2515 }
2516 #endif /* !CONFIG_SECURITY_SMACK_NETFILTER */
2517 
2518 /**
2519  * smack_socket_connect - connect access check
2520  * @sock: the socket
2521  * @sap: the other end
2522  * @addrlen: size of sap
2523  *
2524  * Verifies that a connection may be possible
2525  *
2526  * Returns 0 on success, and error code otherwise
2527  */
2528 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2529                                 int addrlen)
2530 {
2531         int rc = 0;
2532 
2533         if (sock->sk == NULL)
2534                 return 0;
2535 
2536         switch (sock->sk->sk_family) {
2537         case PF_INET:
2538                 if (addrlen < sizeof(struct sockaddr_in))
2539                         return -EINVAL;
2540                 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2541                 break;
2542         case PF_INET6:
2543                 if (addrlen < sizeof(struct sockaddr_in6))
2544                         return -EINVAL;
2545 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
2546                 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
2547                                                 SMK_CONNECTING);
2548 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
2549                 break;
2550         }
2551         return rc;
2552 }
2553 
2554 /**
2555  * smack_flags_to_may - convert S_ to MAY_ values
2556  * @flags: the S_ value
2557  *
2558  * Returns the equivalent MAY_ value
2559  */
2560 static int smack_flags_to_may(int flags)
2561 {
2562         int may = 0;
2563 
2564         if (flags & S_IRUGO)
2565                 may |= MAY_READ;
2566         if (flags & S_IWUGO)
2567                 may |= MAY_WRITE;
2568         if (flags & S_IXUGO)
2569                 may |= MAY_EXEC;
2570 
2571         return may;
2572 }
2573 
2574 /**
2575  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2576  * @msg: the object
2577  *
2578  * Returns 0
2579  */
2580 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2581 {
2582         struct smack_known *skp = smk_of_current();
2583 
2584         msg->security = skp;
2585         return 0;
2586 }
2587 
2588 /**
2589  * smack_msg_msg_free_security - Clear the security blob for msg_msg
2590  * @msg: the object
2591  *
2592  * Clears the blob pointer
2593  */
2594 static void smack_msg_msg_free_security(struct msg_msg *msg)
2595 {
2596         msg->security = NULL;
2597 }
2598 
2599 /**
2600  * smack_of_shm - the smack pointer for the shm
2601  * @shp: the object
2602  *
2603  * Returns a pointer to the smack value
2604  */
2605 static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
2606 {
2607         return (struct smack_known *)shp->shm_perm.security;
2608 }
2609 
2610 /**
2611  * smack_shm_alloc_security - Set the security blob for shm
2612  * @shp: the object
2613  *
2614  * Returns 0
2615  */
2616 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2617 {
2618         struct kern_ipc_perm *isp = &shp->shm_perm;
2619         struct smack_known *skp = smk_of_current();
2620 
2621         isp->security = skp;
2622         return 0;
2623 }
2624 
2625 /**
2626  * smack_shm_free_security - Clear the security blob for shm
2627  * @shp: the object
2628  *
2629  * Clears the blob pointer
2630  */
2631 static void smack_shm_free_security(struct shmid_kernel *shp)
2632 {
2633         struct kern_ipc_perm *isp = &shp->shm_perm;
2634 
2635         isp->security = NULL;
2636 }
2637 
2638 /**
2639  * smk_curacc_shm : check if current has access on shm
2640  * @shp : the object
2641  * @access : access requested
2642  *
2643  * Returns 0 if current has the requested access, error code otherwise
2644  */
2645 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2646 {
2647         struct smack_known *ssp = smack_of_shm(shp);
2648         struct smk_audit_info ad;
2649         int rc;
2650 
2651 #ifdef CONFIG_AUDIT
2652         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2653         ad.a.u.ipc_id = shp->shm_perm.id;
2654 #endif
2655         rc = smk_curacc(ssp, access, &ad);
2656         rc = smk_bu_current("shm", ssp, access, rc);
2657         return rc;
2658 }
2659 
2660 /**
2661  * smack_shm_associate - Smack access check for shm
2662  * @shp: the object
2663  * @shmflg: access requested
2664  *
2665  * Returns 0 if current has the requested access, error code otherwise
2666  */
2667 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2668 {
2669         int may;
2670 
2671         may = smack_flags_to_may(shmflg);
2672         return smk_curacc_shm(shp, may);
2673 }
2674 
2675 /**
2676  * smack_shm_shmctl - Smack access check for shm
2677  * @shp: the object
2678  * @cmd: what it wants to do
2679  *
2680  * Returns 0 if current has the requested access, error code otherwise
2681  */
2682 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2683 {
2684         int may;
2685 
2686         switch (cmd) {
2687         case IPC_STAT:
2688         case SHM_STAT:
2689                 may = MAY_READ;
2690                 break;
2691         case IPC_SET:
2692         case SHM_LOCK:
2693         case SHM_UNLOCK:
2694         case IPC_RMID:
2695                 may = MAY_READWRITE;
2696                 break;
2697         case IPC_INFO:
2698         case SHM_INFO:
2699                 /*
2700                  * System level information.
2701                  */
2702                 return 0;
2703         default:
2704                 return -EINVAL;
2705         }
2706         return smk_curacc_shm(shp, may);
2707 }
2708 
2709 /**
2710  * smack_shm_shmat - Smack access for shmat
2711  * @shp: the object
2712  * @shmaddr: unused
2713  * @shmflg: access requested
2714  *
2715  * Returns 0 if current has the requested access, error code otherwise
2716  */
2717 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2718                            int shmflg)
2719 {
2720         int may;
2721 
2722         may = smack_flags_to_may(shmflg);
2723         return smk_curacc_shm(shp, may);
2724 }
2725 
2726 /**
2727  * smack_of_sem - the smack pointer for the sem
2728  * @sma: the object
2729  *
2730  * Returns a pointer to the smack value
2731  */
2732 static struct smack_known *smack_of_sem(struct sem_array *sma)
2733 {
2734         return (struct smack_known *)sma->sem_perm.security;
2735 }
2736 
2737 /**
2738  * smack_sem_alloc_security - Set the security blob for sem
2739  * @sma: the object
2740  *
2741  * Returns 0
2742  */
2743 static int smack_sem_alloc_security(struct sem_array *sma)
2744 {
2745         struct kern_ipc_perm *isp = &sma->sem_perm;
2746         struct smack_known *skp = smk_of_current();
2747 
2748         isp->security = skp;
2749         return 0;
2750 }
2751 
2752 /**
2753  * smack_sem_free_security - Clear the security blob for sem
2754  * @sma: the object
2755  *
2756  * Clears the blob pointer
2757  */
2758 static void smack_sem_free_security(struct sem_array *sma)
2759 {
2760         struct kern_ipc_perm *isp = &sma->sem_perm;
2761 
2762         isp->security = NULL;
2763 }
2764 
2765 /**
2766  * smk_curacc_sem : check if current has access on sem
2767  * @sma : the object
2768  * @access : access requested
2769  *
2770  * Returns 0 if current has the requested access, error code otherwise
2771  */
2772 static int smk_curacc_sem(struct sem_array *sma, int access)
2773 {
2774         struct smack_known *ssp = smack_of_sem(sma);
2775         struct smk_audit_info ad;
2776         int rc;
2777 
2778 #ifdef CONFIG_AUDIT
2779         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2780         ad.a.u.ipc_id = sma->sem_perm.id;
2781 #endif
2782         rc = smk_curacc(ssp, access, &ad);
2783         rc = smk_bu_current("sem", ssp, access, rc);
2784         return rc;
2785 }
2786 
2787 /**
2788  * smack_sem_associate - Smack access check for sem
2789  * @sma: the object
2790  * @semflg: access requested
2791  *
2792  * Returns 0 if current has the requested access, error code otherwise
2793  */
2794 static int smack_sem_associate(struct sem_array *sma, int semflg)
2795 {
2796         int may;
2797 
2798         may = smack_flags_to_may(semflg);
2799         return smk_curacc_sem(sma, may);
2800 }
2801 
2802 /**
2803  * smack_sem_shmctl - Smack access check for sem
2804  * @sma: the object
2805  * @cmd: what it wants to do
2806  *
2807  * Returns 0 if current has the requested access, error code otherwise
2808  */
2809 static int smack_sem_semctl(struct sem_array *sma, int cmd)
2810 {
2811         int may;
2812 
2813         switch (cmd) {
2814         case GETPID:
2815         case GETNCNT:
2816         case GETZCNT:
2817         case GETVAL:
2818         case GETALL:
2819         case IPC_STAT:
2820         case SEM_STAT:
2821                 may = MAY_READ;
2822                 break;
2823         case SETVAL:
2824         case SETALL:
2825         case IPC_RMID:
2826         case IPC_SET:
2827                 may = MAY_READWRITE;
2828                 break;
2829         case IPC_INFO:
2830         case SEM_INFO:
2831                 /*
2832                  * System level information
2833                  */
2834                 return 0;
2835         default:
2836                 return -EINVAL;
2837         }
2838 
2839         return smk_curacc_sem(sma, may);
2840 }
2841 
2842 /**
2843  * smack_sem_semop - Smack checks of semaphore operations
2844  * @sma: the object
2845  * @sops: unused
2846  * @nsops: unused
2847  * @alter: unused
2848  *
2849  * Treated as read and write in all cases.
2850  *
2851  * Returns 0 if access is allowed, error code otherwise
2852  */
2853 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2854                            unsigned nsops, int alter)
2855 {
2856         return smk_curacc_sem(sma, MAY_READWRITE);
2857 }
2858 
2859 /**
2860  * smack_msg_alloc_security - Set the security blob for msg
2861  * @msq: the object
2862  *
2863  * Returns 0
2864  */
2865 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2866 {
2867         struct kern_ipc_perm *kisp = &msq->q_perm;
2868         struct smack_known *skp = smk_of_current();
2869 
2870         kisp->security = skp;
2871         return 0;
2872 }
2873 
2874 /**
2875  * smack_msg_free_security - Clear the security blob for msg
2876  * @msq: the object
2877  *
2878  * Clears the blob pointer
2879  */
2880 static void smack_msg_queue_free_security(struct msg_queue *msq)
2881 {
2882         struct kern_ipc_perm *kisp = &msq->q_perm;
2883 
2884         kisp->security = NULL;
2885 }
2886 
2887 /**
2888  * smack_of_msq - the smack pointer for the msq
2889  * @msq: the object
2890  *
2891  * Returns a pointer to the smack label entry
2892  */
2893 static struct smack_known *smack_of_msq(struct msg_queue *msq)
2894 {
2895         return (struct smack_known *)msq->q_perm.security;
2896 }
2897 
2898 /**
2899  * smk_curacc_msq : helper to check if current has access on msq
2900  * @msq : the msq
2901  * @access : access requested
2902  *
2903  * return 0 if current has access, error otherwise
2904  */
2905 static int smk_curacc_msq(struct msg_queue *msq, int access)
2906 {
2907         struct smack_known *msp = smack_of_msq(msq);
2908         struct smk_audit_info ad;
2909         int rc;
2910 
2911 #ifdef CONFIG_AUDIT
2912         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2913         ad.a.u.ipc_id = msq->q_perm.id;
2914 #endif
2915         rc = smk_curacc(msp, access, &ad);
2916         rc = smk_bu_current("msq", msp, access, rc);
2917         return rc;
2918 }
2919 
2920 /**
2921  * smack_msg_queue_associate - Smack access check for msg_queue
2922  * @msq: the object
2923  * @msqflg: access requested
2924  *
2925  * Returns 0 if current has the requested access, error code otherwise
2926  */
2927 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2928 {
2929         int may;
2930 
2931         may = smack_flags_to_may(msqflg);
2932         return smk_curacc_msq(msq, may);
2933 }
2934 
2935 /**
2936  * smack_msg_queue_msgctl - Smack access check for msg_queue
2937  * @msq: the object
2938  * @cmd: what it wants to do
2939  *
2940  * Returns 0 if current has the requested access, error code otherwise
2941  */
2942 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2943 {
2944         int may;
2945 
2946         switch (cmd) {
2947         case IPC_STAT:
2948         case MSG_STAT:
2949                 may = MAY_READ;
2950                 break;
2951         case IPC_SET:
2952         case IPC_RMID:
2953                 may = MAY_READWRITE;
2954                 break;
2955         case IPC_INFO:
2956         case MSG_INFO:
2957                 /*
2958                  * System level information
2959                  */
2960                 return 0;
2961         default:
2962                 return -EINVAL;
2963         }
2964 
2965         return smk_curacc_msq(msq, may);
2966 }
2967 
2968 /**
2969  * smack_msg_queue_msgsnd - Smack access check for msg_queue
2970  * @msq: the object
2971  * @msg: unused
2972  * @msqflg: access requested
2973  *
2974  * Returns 0 if current has the requested access, error code otherwise
2975  */
2976 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2977                                   int msqflg)
2978 {
2979         int may;
2980 
2981         may = smack_flags_to_may(msqflg);
2982         return smk_curacc_msq(msq, may);
2983 }
2984 
2985 /**
2986  * smack_msg_queue_msgsnd - Smack access check for msg_queue
2987  * @msq: the object
2988  * @msg: unused
2989  * @target: unused
2990  * @type: unused
2991  * @mode: unused
2992  *
2993  * Returns 0 if current has read and write access, error code otherwise
2994  */
2995 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2996                         struct task_struct *target, long type, int mode)
2997 {
2998         return smk_curacc_msq(msq, MAY_READWRITE);
2999 }
3000 
3001 /**
3002  * smack_ipc_permission - Smack access for ipc_permission()
3003  * @ipp: the object permissions
3004  * @flag: access requested
3005  *
3006  * Returns 0 if current has read and write access, error code otherwise
3007  */
3008 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3009 {
3010         struct smack_known *iskp = ipp->security;
3011         int may = smack_flags_to_may(flag);
3012         struct smk_audit_info ad;
3013         int rc;
3014 
3015 #ifdef CONFIG_AUDIT
3016         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3017         ad.a.u.ipc_id = ipp->id;
3018 #endif
3019         rc = smk_curacc(iskp, may, &ad);
3020         rc = smk_bu_current("svipc", iskp, may, rc);
3021         return rc;
3022 }
3023 
3024 /**
3025  * smack_ipc_getsecid - Extract smack security id
3026  * @ipp: the object permissions
3027  * @secid: where result will be saved
3028  */
3029 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3030 {
3031         struct smack_known *iskp = ipp->security;
3032 
3033         *secid = iskp->smk_secid;
3034 }
3035 
3036 /**
3037  * smack_d_instantiate - Make sure the blob is correct on an inode
3038  * @opt_dentry: dentry where inode will be attached
3039  * @inode: the object
3040  *
3041  * Set the inode's security blob if it hasn't been done already.
3042  */
3043 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3044 {
3045         struct super_block *sbp;
3046         struct superblock_smack *sbsp;
3047         struct inode_smack *isp;
3048         struct smack_known *skp;
3049         struct smack_known *ckp = smk_of_current();
3050         struct smack_known *final;
3051         char trattr[TRANS_TRUE_SIZE];
3052         int transflag = 0;
3053         int rc;
3054         struct dentry *dp;
3055 
3056         if (inode == NULL)
3057                 return;
3058 
3059         isp = inode->i_security;
3060 
3061         mutex_lock(&isp->smk_lock);
3062         /*
3063          * If the inode is already instantiated
3064          * take the quick way out
3065          */
3066         if (isp->smk_flags & SMK_INODE_INSTANT)
3067                 goto unlockandout;
3068 
3069         sbp = inode->i_sb;
3070         sbsp = sbp->s_security;
3071         /*
3072          * We're going to use the superblock default label
3073          * if there's no label on the file.
3074          */
3075         final = sbsp->smk_default;
3076 
3077         /*
3078          * If this is the root inode the superblock
3079          * may be in the process of initialization.
3080          * If that is the case use the root value out
3081          * of the superblock.
3082          */
3083         if (opt_dentry->d_parent == opt_dentry) {
3084                 switch (sbp->s_magic) {
3085                 case CGROUP_SUPER_MAGIC:
3086                         /*
3087                          * The cgroup filesystem is never mounted,
3088                          * so there's no opportunity to set the mount
3089                          * options.
3090                          */
3091                         sbsp->smk_root = &smack_known_star;
3092                         sbsp->smk_default = &smack_known_star;
3093                         isp->smk_inode = sbsp->smk_root;
3094                         break;
3095                 case TMPFS_MAGIC:
3096                         /*
3097                          * What about shmem/tmpfs anonymous files with dentry
3098                          * obtained from d_alloc_pseudo()?
3099                          */
3100                         isp->smk_inode = smk_of_current();
3101                         break;
3102                 default:
3103                         isp->smk_inode = sbsp->smk_root;
3104                         break;
3105                 }
3106                 isp->smk_flags |= SMK_INODE_INSTANT;
3107                 goto unlockandout;
3108         }
3109 
3110         /*
3111          * This is pretty hackish.
3112          * Casey says that we shouldn't have to do
3113          * file system specific code, but it does help
3114          * with keeping it simple.
3115          */
3116         switch (sbp->s_magic) {
3117         case SMACK_MAGIC:
3118         case PIPEFS_MAGIC:
3119         case SOCKFS_MAGIC:
3120         case CGROUP_SUPER_MAGIC:
3121                 /*
3122                  * Casey says that it's a little embarrassing
3123                  * that the smack file system doesn't do
3124                  * extended attributes.
3125                  *
3126                  * Casey says pipes are easy (?)
3127                  *
3128                  * Socket access is controlled by the socket
3129                  * structures associated with the task involved.
3130                  *
3131                  * Cgroupfs is special
3132                  */
3133                 final = &smack_known_star;
3134                 break;
3135         case DEVPTS_SUPER_MAGIC:
3136                 /*
3137                  * devpts seems content with the label of the task.
3138                  * Programs that change smack have to treat the
3139                  * pty with respect.
3140                  */
3141                 final = ckp;
3142                 break;
3143         case PROC_SUPER_MAGIC:
3144                 /*
3145                  * Casey says procfs appears not to care.
3146                  * The superblock default suffices.
3147                  */
3148                 break;
3149         case TMPFS_MAGIC:
3150                 /*
3151                  * Device labels should come from the filesystem,
3152                  * but watch out, because they're volitile,
3153                  * getting recreated on every reboot.
3154                  */
3155                 final = &smack_known_star;
3156                 /*
3157                  * No break.
3158                  *
3159                  * If a smack value has been set we want to use it,
3160                  * but since tmpfs isn't giving us the opportunity
3161                  * to set mount options simulate setting the
3162                  * superblock default.
3163                  */
3164         default:
3165                 /*
3166                  * This isn't an understood special case.
3167                  * Get the value from the xattr.
3168                  */
3169 
3170                 /*
3171                  * UNIX domain sockets use lower level socket data.
3172                  */
3173                 if (S_ISSOCK(inode->i_mode)) {
3174                         final = &smack_known_star;
3175                         break;
3176                 }
3177                 /*
3178                  * No xattr support means, alas, no SMACK label.
3179                  * Use the aforeapplied default.
3180                  * It would be curious if the label of the task
3181                  * does not match that assigned.
3182                  */
3183                 if (inode->i_op->getxattr == NULL)
3184                         break;
3185                 /*
3186                  * Get the dentry for xattr.
3187                  */
3188                 dp = dget(opt_dentry);
3189                 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3190                 if (!IS_ERR_OR_NULL(skp))
3191                         final = skp;
3192 
3193                 /*
3194                  * Transmuting directory
3195                  */
3196                 if (S_ISDIR(inode->i_mode)) {
3197                         /*
3198                          * If this is a new directory and the label was
3199                          * transmuted when the inode was initialized
3200                          * set the transmute attribute on the directory
3201                          * and mark the inode.
3202                          *
3203                          * If there is a transmute attribute on the
3204                          * directory mark the inode.
3205                          */
3206                         if (isp->smk_flags & SMK_INODE_CHANGED) {
3207                                 isp->smk_flags &= ~SMK_INODE_CHANGED;
3208                                 rc = inode->i_op->setxattr(dp,
3209                                         XATTR_NAME_SMACKTRANSMUTE,
3210                                         TRANS_TRUE, TRANS_TRUE_SIZE,
3211                                         0);
3212                         } else {
3213                                 rc = inode->i_op->getxattr(dp,
3214                                         XATTR_NAME_SMACKTRANSMUTE, trattr,
3215                                         TRANS_TRUE_SIZE);
3216                                 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3217                                                        TRANS_TRUE_SIZE) != 0)
3218                                         rc = -EINVAL;
3219                         }
3220                         if (rc >= 0)
3221                                 transflag = SMK_INODE_TRANSMUTE;
3222                 }
3223                 /*
3224                  * Don't let the exec or mmap label be "*" or "@".
3225                  */
3226                 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3227                 if (IS_ERR(skp) || skp == &smack_known_star ||
3228                     skp == &smack_known_web)
3229                         skp = NULL;
3230                 isp->smk_task = skp;
3231 
3232                 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3233                 if (IS_ERR(skp) || skp == &smack_known_star ||
3234                     skp == &smack_known_web)
3235                         skp = NULL;
3236                 isp->smk_mmap = skp;
3237 
3238                 dput(dp);
3239                 break;
3240         }
3241 
3242         if (final == NULL)
3243                 isp->smk_inode = ckp;
3244         else
3245                 isp->smk_inode = final;
3246 
3247         isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3248 
3249 unlockandout:
3250         mutex_unlock(&isp->smk_lock);
3251         return;
3252 }
3253 
3254 /**
3255  * smack_getprocattr - Smack process attribute access
3256  * @p: the object task
3257  * @name: the name of the attribute in /proc/.../attr
3258  * @value: where to put the result
3259  *
3260  * Places a copy of the task Smack into value
3261  *
3262  * Returns the length of the smack label or an error code
3263  */
3264 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3265 {
3266         struct smack_known *skp = smk_of_task_struct(p);
3267         char *cp;
3268         int slen;
3269 
3270         if (strcmp(name, "current") != 0)
3271                 return -EINVAL;
3272 
3273         cp = kstrdup(skp->smk_known, GFP_KERNEL);
3274         if (cp == NULL)
3275                 return -ENOMEM;
3276 
3277         slen = strlen(cp);
3278         *value = cp;
3279         return slen;
3280 }
3281 
3282 /**
3283  * smack_setprocattr - Smack process attribute setting
3284  * @p: the object task
3285  * @name: the name of the attribute in /proc/.../attr
3286  * @value: the value to set
3287  * @size: the size of the value
3288  *
3289  * Sets the Smack value of the task. Only setting self
3290  * is permitted and only with privilege
3291  *
3292  * Returns the length of the smack label or an error code
3293  */
3294 static int smack_setprocattr(struct task_struct *p, char *name,
3295                              void *value, size_t size)
3296 {
3297         struct task_smack *tsp;
3298         struct cred *new;
3299         struct smack_known *skp;
3300 
3301         /*
3302          * Changing another process' Smack value is too dangerous
3303          * and supports no sane use case.
3304          */
3305         if (p != current)
3306                 return -EPERM;
3307 
3308         if (!smack_privileged(CAP_MAC_ADMIN))
3309                 return -EPERM;
3310 
3311         if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3312                 return -EINVAL;
3313 
3314         if (strcmp(name, "current") != 0)
3315                 return -EINVAL;
3316 
3317         skp = smk_import_entry(value, size);
3318         if (IS_ERR(skp))
3319                 return PTR_ERR(skp);
3320 
3321         /*
3322          * No process is ever allowed the web ("@") label.
3323          */
3324         if (skp == &smack_known_web)
3325                 return -EPERM;
3326 
3327         new = prepare_creds();
3328         if (new == NULL)
3329                 return -ENOMEM;
3330 
3331         tsp = new->security;
3332         tsp->smk_task = skp;
3333 
3334         commit_creds(new);
3335         return size;
3336 }
3337 
3338 /**
3339  * smack_unix_stream_connect - Smack access on UDS
3340  * @sock: one sock
3341  * @other: the other sock
3342  * @newsk: unused
3343  *
3344  * Return 0 if a subject with the smack of sock could access
3345  * an object with the smack of other, otherwise an error code
3346  */
3347 static int smack_unix_stream_connect(struct sock *sock,
3348                                      struct sock *other, struct sock *newsk)
3349 {
3350         struct smack_known *skp;
3351         struct smack_known *okp;
3352         struct socket_smack *ssp = sock->sk_security;
3353         struct socket_smack *osp = other->sk_security;
3354         struct socket_smack *nsp = newsk->sk_security;
3355         struct smk_audit_info ad;
3356         int rc = 0;
3357 #ifdef CONFIG_AUDIT
3358         struct lsm_network_audit net;
3359 #endif
3360 
3361         if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3362                 skp = ssp->smk_out;
3363                 okp = osp->smk_in;
3364 #ifdef CONFIG_AUDIT
3365                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3366                 smk_ad_setfield_u_net_sk(&ad, other);
3367 #endif
3368                 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3369                 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3370                 if (rc == 0) {
3371                         okp = osp->smk_out;
3372                         skp = ssp->smk_in;
3373                         rc = smk_access(okp, skp, MAY_WRITE, &ad);
3374                         rc = smk_bu_note("UDS connect", okp, skp,
3375                                                 MAY_WRITE, rc);
3376                 }
3377         }
3378 
3379         /*
3380          * Cross reference the peer labels for SO_PEERSEC.
3381          */
3382         if (rc == 0) {
3383                 nsp->smk_packet = ssp->smk_out;
3384                 ssp->smk_packet = osp->smk_out;
3385         }
3386 
3387         return rc;
3388 }
3389 
3390 /**
3391  * smack_unix_may_send - Smack access on UDS
3392  * @sock: one socket
3393  * @other: the other socket
3394  *
3395  * Return 0 if a subject with the smack of sock could access
3396  * an object with the smack of other, otherwise an error code
3397  */
3398 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3399 {
3400         struct socket_smack *ssp = sock->sk->sk_security;
3401         struct socket_smack *osp = other->sk->sk_security;
3402         struct smk_audit_info ad;
3403         int rc;
3404 
3405 #ifdef CONFIG_AUDIT
3406         struct lsm_network_audit net;
3407 
3408         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3409         smk_ad_setfield_u_net_sk(&ad, other->sk);
3410 #endif
3411 
3412         if (smack_privileged(CAP_MAC_OVERRIDE))
3413                 return 0;
3414 
3415         rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3416         rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3417         return rc;
3418 }
3419 
3420 /**
3421  * smack_socket_sendmsg - Smack check based on destination host
3422  * @sock: the socket
3423  * @msg: the message
3424  * @size: the size of the message
3425  *
3426  * Return 0 if the current subject can write to the destination host.
3427  * For IPv4 this is only a question if the destination is a single label host.
3428  * For IPv6 this is a check against the label of the port.
3429  */
3430 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3431                                 int size)
3432 {
3433         struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3434 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
3435         struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3436 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
3437         int rc = 0;
3438 
3439         /*
3440          * Perfectly reasonable for this to be NULL
3441          */
3442         if (sip == NULL)
3443                 return 0;
3444 
3445         switch (sip->sin_family) {
3446         case AF_INET:
3447                 rc = smack_netlabel_send(sock->sk, sip);
3448                 break;
3449         case AF_INET6:
3450 #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
3451                 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3452 #endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
3453                 break;
3454         }
3455         return rc;
3456 }
3457 
3458 /**
3459  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3460  * @sap: netlabel secattr
3461  * @ssp: socket security information
3462  *
3463  * Returns a pointer to a Smack label entry found on the label list.
3464  */
3465 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3466                                                 struct socket_smack *ssp)
3467 {
3468         struct smack_known *skp;
3469         int found = 0;
3470         int acat;
3471         int kcat;
3472 
3473         if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3474                 /*
3475                  * Looks like a CIPSO packet.
3476                  * If there are flags but no level netlabel isn't
3477                  * behaving the way we expect it to.
3478                  *
3479                  * Look it up in the label table
3480                  * Without guidance regarding the smack value
3481                  * for the packet fall back on the network
3482                  * ambient value.
3483                  */
3484                 rcu_read_lock();
3485                 list_for_each_entry(skp, &smack_known_list, list) {
3486                         if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3487                                 continue;
3488                         /*
3489                          * Compare the catsets. Use the netlbl APIs.
3490                          */
3491                         if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3492                                 if ((skp->smk_netlabel.flags &
3493                                      NETLBL_SECATTR_MLS_CAT) == 0)
3494                                         found = 1;
3495                                 break;
3496                         }
3497                         for (acat = -1, kcat = -1; acat == kcat; ) {
3498                                 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3499                                                           acat + 1);
3500                                 kcat = netlbl_catmap_walk(
3501                                         skp->smk_netlabel.attr.mls.cat,
3502                                         kcat + 1);
3503                                 if (acat < 0 || kcat < 0)
3504                                         break;
3505                         }
3506                         if (acat == kcat) {
3507                                 found = 1;
3508                                 break;
3509                         }
3510                 }
3511                 rcu_read_unlock();
3512 
3513                 if (found)
3514                         return skp;
3515 
3516                 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3517                         return &smack_known_web;
3518                 return &smack_known_star;
3519         }
3520         if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
3521                 /*
3522                  * Looks like a fallback, which gives us a secid.
3523                  */
3524                 skp = smack_from_secid(sap->attr.secid);
3525                 /*
3526                  * This has got to be a bug because it is
3527                  * impossible to specify a fallback without
3528                  * specifying the label, which will ensure
3529                  * it has a secid, and the only way to get a
3530                  * secid is from a fallback.
3531                  */
3532                 BUG_ON(skp == NULL);
3533                 return skp;
3534         }
3535         /*
3536          * Without guidance regarding the smack value
3537          * for the packet fall back on the network
3538          * ambient value.
3539          */
3540         return smack_net_ambient;
3541 }
3542 
3543 #if IS_ENABLED(CONFIG_IPV6)
3544 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3545 {
3546         u8 nexthdr;
3547         int offset;
3548         int proto = -EINVAL;
3549         struct ipv6hdr _ipv6h;
3550         struct ipv6hdr *ip6;
3551         __be16 frag_off;
3552         struct tcphdr _tcph, *th;
3553         struct udphdr _udph, *uh;
3554         struct dccp_hdr _dccph, *dh;
3555 
3556         sip->sin6_port = 0;
3557 
3558         offset = skb_network_offset(skb);
3559         ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3560         if (ip6 == NULL)
3561                 return -EINVAL;
3562         sip->sin6_addr = ip6->saddr;
3563 
3564         nexthdr = ip6->nexthdr;
3565         offset += sizeof(_ipv6h);
3566         offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3567         if (offset < 0)
3568                 return -EINVAL;
3569 
3570         proto = nexthdr;
3571         switch (proto) {
3572         case IPPROTO_TCP:
3573                 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3574                 if (th != NULL)
3575                         sip->sin6_port = th->source;
3576                 break;
3577         case IPPROTO_UDP:
3578                 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3579                 if (uh != NULL)
3580                         sip->sin6_port = uh->source;
3581                 break;
3582         case IPPROTO_DCCP:
3583                 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3584                 if (dh != NULL)
3585                         sip->sin6_port = dh->dccph_sport;
3586                 break;
3587         }
3588         return proto;
3589 }
3590 #endif /* CONFIG_IPV6 */
3591 
3592 /**
3593  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3594  * @sk: socket
3595  * @skb: packet
3596  *
3597  * Returns 0 if the packet should be delivered, an error code otherwise
3598  */
3599 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3600 {
3601         struct netlbl_lsm_secattr secattr;
3602         struct socket_smack *ssp = sk->sk_security;
3603         struct smack_known *skp = NULL;
3604         int rc = 0;
3605         struct smk_audit_info ad;
3606 #ifdef CONFIG_AUDIT
3607         struct lsm_network_audit net;
3608 #endif
3609 #if IS_ENABLED(CONFIG_IPV6)
3610         struct sockaddr_in6 sadd;
3611         int proto;
3612 #endif /* CONFIG_IPV6 */
3613 
3614         switch (sk->sk_family) {
3615         case PF_INET:
3616 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3617                 /*
3618                  * If there is a secmark use it rather than the CIPSO label.
3619                  * If there is no secmark fall back to CIPSO.
3620                  * The secmark is assumed to reflect policy better.
3621                  */
3622                 if (skb && skb->secmark != 0) {
3623                         skp = smack_from_secid(skb->secmark);
3624                         goto access_check;
3625                 }
3626 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3627                 /*
3628                  * Translate what netlabel gave us.
3629                  */
3630                 netlbl_secattr_init(&secattr);
3631 
3632                 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3633                 if (rc == 0)
3634                         skp = smack_from_secattr(&secattr, ssp);
3635                 else
3636                         skp = smack_net_ambient;
3637 
3638                 netlbl_secattr_destroy(&secattr);
3639 
3640 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3641 access_check:
3642 #endif
3643 #ifdef CONFIG_AUDIT
3644                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3645                 ad.a.u.net->family = sk->sk_family;
3646                 ad.a.u.net->netif = skb->skb_iif;
3647                 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3648 #endif
3649                 /*
3650                  * Receiving a packet requires that the other end
3651                  * be able to write here. Read access is not required.
3652                  * This is the simplist possible security model
3653                  * for networking.
3654                  */
3655                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3656                 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3657                                         MAY_WRITE, rc);
3658                 if (rc != 0)
3659                         netlbl_skbuff_err(skb, rc, 0);
3660                 break;
3661 #if IS_ENABLED(CONFIG_IPV6)
3662         case PF_INET6:
3663                 proto = smk_skb_to_addr_ipv6(skb, &sadd);
3664                 if (proto != IPPROTO_UDP && proto != IPPROTO_TCP)
3665                         break;
3666 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3667                 if (skb && skb->secmark != 0)
3668                         skp = smack_from_secid(skb->secmark);
3669                 else
3670                         skp = smack_net_ambient;
3671 #ifdef CONFIG_AUDIT
3672                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3673                 ad.a.u.net->family = sk->sk_family;
3674                 ad.a.u.net->netif = skb->skb_iif;
3675                 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3676 #endif /* CONFIG_AUDIT */
3677                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3678                 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3679                                         MAY_WRITE, rc);
3680 #else /* CONFIG_SECURITY_SMACK_NETFILTER */
3681                 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3682 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3683                 break;
3684 #endif /* CONFIG_IPV6 */
3685         }
3686 
3687         return rc;
3688 }
3689 
3690 /**
3691  * smack_socket_getpeersec_stream - pull in packet label
3692  * @sock: the socket
3693  * @optval: user's destination
3694  * @optlen: size thereof
3695  * @len: max thereof
3696  *
3697  * returns zero on success, an error code otherwise
3698  */
3699 static int smack_socket_getpeersec_stream(struct socket *sock,
3700                                           char __user *optval,
3701                                           int __user *optlen, unsigned len)
3702 {
3703         struct socket_smack *ssp;
3704         char *rcp = "";
3705         int slen = 1;
3706         int rc = 0;
3707 
3708         ssp = sock->sk->sk_security;
3709         if (ssp->smk_packet != NULL) {
3710                 rcp = ssp->smk_packet->smk_known;
3711                 slen = strlen(rcp) + 1;
3712         }
3713 
3714         if (slen > len)
3715                 rc = -ERANGE;
3716         else if (copy_to_user(optval, rcp, slen) != 0)
3717                 rc = -EFAULT;
3718 
3719         if (put_user(slen, optlen) != 0)
3720                 rc = -EFAULT;
3721 
3722         return rc;
3723 }
3724 
3725 
3726 /**
3727  * smack_socket_getpeersec_dgram - pull in packet label
3728  * @sock: the peer socket
3729  * @skb: packet data
3730  * @secid: pointer to where to put the secid of the packet
3731  *
3732  * Sets the netlabel socket state on sk from parent
3733  */
3734 static int smack_socket_getpeersec_dgram(struct socket *sock,
3735                                          struct sk_buff *skb, u32 *secid)
3736 
3737 {
3738         struct netlbl_lsm_secattr secattr;
3739         struct socket_smack *ssp = NULL;
3740         struct smack_known *skp;
3741         int family = PF_UNSPEC;
3742         u32 s = 0;      /* 0 is the invalid secid */
3743         int rc;
3744 
3745         if (skb != NULL) {
3746                 if (skb->protocol == htons(ETH_P_IP))
3747                         family = PF_INET;
3748 #if IS_ENABLED(CONFIG_IPV6)
3749                 else if (skb->protocol == htons(ETH_P_IPV6))
3750                         family = PF_INET6;
3751 #endif /* CONFIG_IPV6 */
3752         }
3753         if (family == PF_UNSPEC && sock != NULL)
3754                 family = sock->sk->sk_family;
3755 
3756         switch (family) {
3757         case PF_UNIX:
3758                 ssp = sock->sk->sk_security;
3759                 s = ssp->smk_out->smk_secid;
3760                 break;
3761         case PF_INET:
3762 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3763                 s = skb->secmark;
3764                 if (s != 0)
3765                         break;
3766 #endif
3767                 /*
3768                  * Translate what netlabel gave us.
3769                  */
3770                 if (sock != NULL && sock->sk != NULL)
3771                         ssp = sock->sk->sk_security;
3772                 netlbl_secattr_init(&secattr);
3773                 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3774                 if (rc == 0) {
3775                         skp = smack_from_secattr(&secattr, ssp);
3776                         s = skp->smk_secid;
3777                 }
3778                 netlbl_secattr_destroy(&secattr);
3779                 break;
3780 #if IS_ENABLED(CONFIG_IPV6)
3781         case PF_INET6:
3782 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3783                 s = skb->secmark;
3784 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3785                 break;
3786 #endif /* CONFIG_IPV6 */
3787         }
3788         *secid = s;
3789         if (s == 0)
3790                 return -EINVAL;
3791         return 0;
3792 }
3793 
3794 /**
3795  * smack_sock_graft - Initialize a newly created socket with an existing sock
3796  * @sk: child sock
3797  * @parent: parent socket
3798  *
3799  * Set the smk_{in,out} state of an existing sock based on the process that
3800  * is creating the new socket.
3801  */
3802 static void smack_sock_graft(struct sock *sk, struct socket *parent)
3803 {
3804         struct socket_smack *ssp;
3805         struct smack_known *skp = smk_of_current();
3806 
3807         if (sk == NULL ||
3808             (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3809                 return;
3810 
3811         ssp = sk->sk_security;
3812         ssp->smk_in = skp;
3813         ssp->smk_out = skp;
3814         /* cssp->smk_packet is already set in smack_inet_csk_clone() */
3815 }
3816 
3817 /**
3818  * smack_inet_conn_request - Smack access check on connect
3819  * @sk: socket involved
3820  * @skb: packet
3821  * @req: unused
3822  *
3823  * Returns 0 if a task with the packet label could write to
3824  * the socket, otherwise an error code
3825  */
3826 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3827                                    struct request_sock *req)
3828 {
3829         u16 family = sk->sk_family;
3830         struct smack_known *skp;
3831         struct socket_smack *ssp = sk->sk_security;
3832         struct netlbl_lsm_secattr secattr;
3833         struct sockaddr_in addr;
3834         struct iphdr *hdr;
3835         struct smack_known *hskp;
3836         int rc;
3837         struct smk_audit_info ad;
3838 #ifdef CONFIG_AUDIT
3839         struct lsm_network_audit net;
3840 #endif
3841 
3842 #if IS_ENABLED(CONFIG_IPV6)
3843         if (family == PF_INET6) {
3844                 /*
3845                  * Handle mapped IPv4 packets arriving
3846                  * via IPv6 sockets. Don't set up netlabel
3847                  * processing on IPv6.
3848                  */
3849                 if (skb->protocol == htons(ETH_P_IP))
3850                         family = PF_INET;
3851                 else
3852                         return 0;
3853         }
3854 #endif /* CONFIG_IPV6 */
3855 
3856 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3857         /*
3858          * If there is a secmark use it rather than the CIPSO label.
3859          * If there is no secmark fall back to CIPSO.
3860          * The secmark is assumed to reflect policy better.
3861          */
3862         if (skb && skb->secmark != 0) {
3863                 skp = smack_from_secid(skb->secmark);
3864                 goto access_check;
3865         }
3866 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3867 
3868         netlbl_secattr_init(&secattr);
3869         rc = netlbl_skbuff_getattr(skb, family, &secattr);
3870         if (rc == 0)
3871                 skp = smack_from_secattr(&secattr, ssp);
3872         else
3873                 skp = &smack_known_huh;
3874         netlbl_secattr_destroy(&secattr);
3875 
3876 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3877 access_check:
3878 #endif
3879 
3880 #ifdef CONFIG_AUDIT
3881         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3882         ad.a.u.net->family = family;
3883         ad.a.u.net->netif = skb->skb_iif;
3884         ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3885 #endif
3886         /*
3887          * Receiving a packet requires that the other end be able to write
3888          * here. Read access is not required.
3889          */
3890         rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3891         rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
3892         if (rc != 0)
3893                 return rc;
3894 
3895         /*
3896          * Save the peer's label in the request_sock so we can later setup
3897          * smk_packet in the child socket so that SO_PEERCRED can report it.
3898          */
3899         req->peer_secid = skp->smk_secid;
3900 
3901         /*
3902          * We need to decide if we want to label the incoming connection here
3903          * if we do we only need to label the request_sock and the stack will
3904          * propagate the wire-label to the sock when it is created.
3905          */
3906         hdr = ip_hdr(skb);
3907         addr.sin_addr.s_addr = hdr->saddr;
3908         rcu_read_lock();
3909         hskp = smack_host_label(&addr);
3910         rcu_read_unlock();
3911 
3912         if (hskp == NULL)
3913                 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
3914         else
3915                 netlbl_req_delattr(req);
3916 
3917         return rc;
3918 }
3919 
3920 /**
3921  * smack_inet_csk_clone - Copy the connection information to the new socket
3922  * @sk: the new socket
3923  * @req: the connection's request_sock
3924  *
3925  * Transfer the connection's peer label to the newly created socket.
3926  */
3927 static void smack_inet_csk_clone(struct sock *sk,
3928                                  const struct request_sock *req)
3929 {
3930         struct socket_smack *ssp = sk->sk_security;
3931         struct smack_known *skp;
3932 
3933         if (req->peer_secid != 0) {
3934                 skp = smack_from_secid(req->peer_secid);
3935                 ssp->smk_packet = skp;
3936         } else
3937                 ssp->smk_packet = NULL;
3938 }
3939 
3940 /*
3941  * Key management security hooks
3942  *
3943  * Casey has not tested key support very heavily.
3944  * The permission check is most likely too restrictive.
3945  * If you care about keys please have a look.
3946  */
3947 #ifdef CONFIG_KEYS
3948 
3949 /**
3950  * smack_key_alloc - Set the key security blob
3951  * @key: object
3952  * @cred: the credentials to use
3953  * @flags: unused
3954  *
3955  * No allocation required
3956  *
3957  * Returns 0
3958  */
3959 static int smack_key_alloc(struct key *key, const struct cred *cred,
3960                            unsigned long flags)
3961 {
3962         struct smack_known *skp = smk_of_task(cred->security);
3963 
3964         key->security = skp;
3965         return 0;
3966 }
3967 
3968 /**
3969  * smack_key_free - Clear the key security blob
3970  * @key: the object
3971  *
3972  * Clear the blob pointer
3973  */
3974 static void smack_key_free(struct key *key)
3975 {
3976         key->security = NULL;
3977 }
3978 
3979 /**
3980  * smack_key_permission - Smack access on a key
3981  * @key_ref: gets to the object
3982  * @cred: the credentials to use
3983  * @perm: requested key permissions
3984  *
3985  * Return 0 if the task has read and write to the object,
3986  * an error code otherwise
3987  */
3988 static int smack_key_permission(key_ref_t key_ref,
3989                                 const struct cred *cred, unsigned perm)
3990 {
3991         struct key *keyp;
3992         struct smk_audit_info ad;
3993         struct smack_known *tkp = smk_of_task(cred->security);
3994         int request = 0;
3995         int rc;
3996 
3997         keyp = key_ref_to_ptr(key_ref);
3998         if (keyp == NULL)
3999                 return -EINVAL;
4000         /*
4001          * If the key hasn't been initialized give it access so that
4002          * it may do so.
4003          */
4004         if (keyp->security == NULL)
4005                 return 0;
4006         /*
4007          * This should not occur
4008          */
4009         if (tkp == NULL)
4010                 return -EACCES;
4011 #ifdef CONFIG_AUDIT
4012         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4013         ad.a.u.key_struct.key = keyp->serial;
4014         ad.a.u.key_struct.key_desc = keyp->description;
4015 #endif
4016         if (perm & KEY_NEED_READ)
4017                 request = MAY_READ;
4018         if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4019                 request = MAY_WRITE;
4020         rc = smk_access(tkp, keyp->security, request, &ad);
4021         rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4022         return rc;
4023 }
4024 
4025 /*
4026  * smack_key_getsecurity - Smack label tagging the key
4027  * @key points to the key to be queried
4028  * @_buffer points to a pointer that should be set to point to the
4029  * resulting string (if no label or an error occurs).
4030  * Return the length of the string (including terminating NUL) or -ve if
4031  * an error.
4032  * May also return 0 (and a NULL buffer pointer) if there is no label.
4033  */
4034 static int smack_key_getsecurity(struct key *key, char **_buffer)
4035 {
4036         struct smack_known *skp = key->security;
4037         size_t length;
4038         char *copy;
4039 
4040         if (key->security == NULL) {
4041                 *_buffer = NULL;
4042                 return 0;
4043         }
4044 
4045         copy = kstrdup(skp->smk_known, GFP_KERNEL);
4046         if (copy == NULL)
4047                 return -ENOMEM;
4048         length = strlen(copy) + 1;
4049 
4050         *_buffer = copy;
4051         return length;
4052 }
4053 
4054 #endif /* CONFIG_KEYS */
4055 
4056 /*
4057  * Smack Audit hooks
4058  *
4059  * Audit requires a unique representation of each Smack specific
4060  * rule. This unique representation is used to distinguish the
4061  * object to be audited from remaining kernel objects and also
4062  * works as a glue between the audit hooks.
4063  *
4064  * Since repository entries are added but never deleted, we'll use
4065  * the smack_known label address related to the given audit rule as
4066  * the needed unique representation. This also better fits the smack
4067  * model where nearly everything is a label.
4068  */
4069 #ifdef CONFIG_AUDIT
4070 
4071 /**
4072  * smack_audit_rule_init - Initialize a smack audit rule
4073  * @field: audit rule fields given from user-space (audit.h)
4074  * @op: required testing operator (=, !=, >, <, ...)
4075  * @rulestr: smack label to be audited
4076  * @vrule: pointer to save our own audit rule representation
4077  *
4078  * Prepare to audit cases where (@field @op @rulestr) is true.
4079  * The label to be audited is created if necessay.
4080  */
4081 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4082 {
4083         struct smack_known *skp;
4084         char **rule = (char **)vrule;
4085         *rule = NULL;
4086 
4087         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4088                 return -EINVAL;
4089 
4090         if (op != Audit_equal && op != Audit_not_equal)
4091                 return -EINVAL;
4092 
4093         skp = smk_import_entry(rulestr, 0);
4094         if (IS_ERR(skp))
4095                 return PTR_ERR(skp);
4096 
4097         *rule = skp->smk_known;
4098 
4099         return 0;
4100 }
4101 
4102 /**
4103  * smack_audit_rule_known - Distinguish Smack audit rules
4104  * @krule: rule of interest, in Audit kernel representation format
4105  *
4106  * This is used to filter Smack rules from remaining Audit ones.
4107  * If it's proved that this rule belongs to us, the
4108  * audit_rule_match hook will be called to do the final judgement.
4109  */
4110 static int smack_audit_rule_known(struct audit_krule *krule)
4111 {
4112         struct audit_field *f;
4113         int i;
4114 
4115         for (i = 0; i < krule->field_count; i++) {
4116                 f = &krule->fields[i];
4117 
4118                 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4119                         return 1;
4120         }
4121 
4122         return 0;
4123 }
4124 
4125 /**
4126  * smack_audit_rule_match - Audit given object ?
4127  * @secid: security id for identifying the object to test
4128  * @field: audit rule flags given from user-space
4129  * @op: required testing operator
4130  * @vrule: smack internal rule presentation
4131  * @actx: audit context associated with the check
4132  *
4133  * The core Audit hook. It's used to take the decision of
4134  * whether to audit or not to audit a given object.
4135  */
4136 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4137                                   struct audit_context *actx)
4138 {
4139         struct smack_known *skp;
4140         char *rule = vrule;
4141 
4142         if (unlikely(!rule)) {
4143                 WARN_ONCE(1, "Smack: missing rule\n");
4144                 return -ENOENT;
4145         }
4146 
4147         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4148                 return 0;
4149 
4150         skp = smack_from_secid(secid);
4151 
4152         /*
4153          * No need to do string comparisons. If a match occurs,
4154          * both pointers will point to the same smack_known
4155          * label.
4156          */
4157         if (op == Audit_equal)
4158                 return (rule == skp->smk_known);
4159         if (op == Audit_not_equal)
4160                 return (rule != skp->smk_known);
4161 
4162         return 0;
4163 }
4164 
4165 /**
4166  * smack_audit_rule_free - free smack rule representation
4167  * @vrule: rule to be freed.
4168  *
4169  * No memory was allocated.
4170  */
4171 static void smack_audit_rule_free(void *vrule)
4172 {
4173         /* No-op */
4174 }
4175 
4176 #endif /* CONFIG_AUDIT */
4177 
4178 /**
4179  * smack_ismaclabel - check if xattr @name references a smack MAC label
4180  * @name: Full xattr name to check.
4181  */
4182 static int smack_ismaclabel(const char *name)
4183 {
4184         return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4185 }
4186 
4187 
4188 /**
4189  * smack_secid_to_secctx - return the smack label for a secid
4190  * @secid: incoming integer
4191  * @secdata: destination
4192  * @seclen: how long it is
4193  *
4194  * Exists for networking code.
4195  */
4196 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4197 {
4198         struct smack_known *skp = smack_from_secid(secid);
4199 
4200         if (secdata)
4201                 *secdata = skp->smk_known;
4202         *seclen = strlen(skp->smk_known);
4203         return 0;
4204 }
4205 
4206 /**
4207  * smack_secctx_to_secid - return the secid for a smack label
4208  * @secdata: smack label
4209  * @seclen: how long result is
4210  * @secid: outgoing integer
4211  *
4212  * Exists for audit and networking code.
4213  */
4214 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4215 {
4216         struct smack_known *skp = smk_find_entry(secdata);
4217 
4218         if (skp)
4219                 *secid = skp->smk_secid;
4220         else
4221                 *secid = 0;
4222         return 0;
4223 }
4224 
4225 /**
4226  * smack_release_secctx - don't do anything.
4227  * @secdata: unused
4228  * @seclen: unused
4229  *
4230  * Exists to make sure nothing gets done, and properly
4231  */
4232 static void smack_release_secctx(char *secdata, u32 seclen)
4233 {
4234 }
4235 
4236 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4237 {
4238         return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4239 }
4240 
4241 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4242 {
4243         return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4244 }
4245 
4246 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4247 {
4248         int len = 0;
4249         len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4250 
4251         if (len < 0)
4252                 return len;
4253         *ctxlen = len;
4254         return 0;
4255 }
4256 
4257 struct security_hook_list smack_hooks[] = {
4258         LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4259         LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4260         LSM_HOOK_INIT(syslog, smack_syslog),
4261 
4262         LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4263         LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
4264         LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data),
4265         LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount),
4266         LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4267 
4268         LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
4269         LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds),
4270         LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec),
4271 
4272         LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4273         LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
4274         LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4275         LSM_HOOK_INIT(inode_link, smack_inode_link),
4276         LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4277         LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4278         LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4279         LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4280         LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4281         LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4282         LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4283         LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4284         LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4285         LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4286         LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4287         LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4288         LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4289         LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4290 
4291         LSM_HOOK_INIT(file_permission, smack_file_permission),
4292         LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4293         LSM_HOOK_INIT(file_free_security, smack_file_free_security),
4294         LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4295         LSM_HOOK_INIT(file_lock, smack_file_lock),
4296         LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4297         LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4298         LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4299         LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4300         LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4301         LSM_HOOK_INIT(file_receive, smack_file_receive),
4302 
4303         LSM_HOOK_INIT(file_open, smack_file_open),
4304 
4305         LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4306         LSM_HOOK_INIT(cred_free, smack_cred_free),
4307         LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4308         LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4309         LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4310         LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4311         LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4312         LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4313         LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4314         LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4315         LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4316         LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4317         LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4318         LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4319         LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4320         LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4321         LSM_HOOK_INIT(task_kill, smack_task_kill),
4322         LSM_HOOK_INIT(task_wait, smack_task_wait),
4323         LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4324 
4325         LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4326         LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4327 
4328         LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4329         LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
4330 
4331         LSM_HOOK_INIT(msg_queue_alloc_security, smack_msg_queue_alloc_security),
4332         LSM_HOOK_INIT(msg_queue_free_security, smack_msg_queue_free_security),
4333         LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4334         LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4335         LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4336         LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4337 
4338         LSM_HOOK_INIT(shm_alloc_security, smack_shm_alloc_security),
4339         LSM_HOOK_INIT(shm_free_security, smack_shm_free_security),
4340         LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4341         LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4342         LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4343 
4344         LSM_HOOK_INIT(sem_alloc_security, smack_sem_alloc_security),
4345         LSM_HOOK_INIT(sem_free_security, smack_sem_free_security),
4346         LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4347         LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4348         LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4349 
4350         LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4351 
4352         LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4353         LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4354 
4355         LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4356         LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4357 
4358         LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4359 #ifndef CONFIG_SECURITY_SMACK_NETFILTER
4360         LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4361 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4362         LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4363         LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4364         LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4365         LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4366         LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4367         LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4368         LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4369         LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4370         LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4371         LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4372 
4373  /* key management security hooks */
4374 #ifdef CONFIG_KEYS
4375         LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4376         LSM_HOOK_INIT(key_free, smack_key_free),
4377         LSM_HOOK_INIT(key_permission, smack_key_permission),
4378         LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4379 #endif /* CONFIG_KEYS */
4380 
4381  /* Audit hooks */
4382 #ifdef CONFIG_AUDIT
4383         LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4384         LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4385         LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4386         LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free),
4387 #endif /* CONFIG_AUDIT */
4388 
4389         LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4390         LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4391         LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4392         LSM_HOOK_INIT(release_secctx, smack_release_secctx),
4393         LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4394         LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4395         LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4396 };
4397 
4398 
4399 static __init void init_smack_known_list(void)
4400 {
4401         /*
4402          * Initialize rule list locks
4403          */
4404         mutex_init(&smack_known_huh.smk_rules_lock);
4405         mutex_init(&smack_known_hat.smk_rules_lock);
4406         mutex_init(&smack_known_floor.smk_rules_lock);
4407         mutex_init(&smack_known_star.smk_rules_lock);
4408         mutex_init(&smack_known_invalid.smk_rules_lock);
4409         mutex_init(&smack_known_web.smk_rules_lock);
4410         /*
4411          * Initialize rule lists
4412          */
4413         INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4414         INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4415         INIT_LIST_HEAD(&smack_known_star.smk_rules);
4416         INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4417         INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
4418         INIT_LIST_HEAD(&smack_known_web.smk_rules);
4419         /*
4420          * Create the known labels list
4421          */
4422         smk_insert_entry(&smack_known_huh);
4423         smk_insert_entry(&smack_known_hat);
4424         smk_insert_entry(&smack_known_star);
4425         smk_insert_entry(&smack_known_floor);
4426         smk_insert_entry(&smack_known_invalid);
4427         smk_insert_entry(&smack_known_web);
4428 }
4429 
4430 /**
4431  * smack_init - initialize the smack system
4432  *
4433  * Returns 0
4434  */
4435 static __init int smack_init(void)
4436 {
4437         struct cred *cred;
4438         struct task_smack *tsp;
4439 
4440         if (!security_module_enable("smack"))
4441                 return 0;
4442 
4443         smack_enabled = 1;
4444 
4445         smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4446         if (!smack_inode_cache)
4447                 return -ENOMEM;
4448 
4449         tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4450                                 GFP_KERNEL);
4451         if (tsp == NULL) {
4452                 kmem_cache_destroy(smack_inode_cache);
4453                 return -ENOMEM;
4454         }
4455 
4456         printk(KERN_INFO "Smack:  Initializing.\n");
4457 
4458         /*
4459          * Set the security state for the initial task.
4460          */
4461         cred = (struct cred *) current->cred;
4462         cred->security = tsp;
4463 
4464         /* initialize the smack_known_list */
4465         init_smack_known_list();
4466 
4467         /*
4468          * Register with LSM
4469          */
4470         security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks));
4471 
4472         return 0;
4473 }
4474 
4475 /*
4476  * Smack requires early initialization in order to label
4477  * all processes and objects when they are created.
4478  */
4479 security_initcall(smack_init);
4480 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp