xref: /openbmc/linux/security/smack/smack_lsm.c (revision 045f77ba)
1 /*
2  *  Simplified MAC Kernel (smack) security module
3  *
4  *  This file contains the smack hook function implementations.
5  *
6  *  Authors:
7  *	Casey Schaufler <casey@schaufler-ca.com>
8  *	Jarkko Sakkinen <jarkko.sakkinen@intel.com>
9  *
10  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
11  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
12  *                Paul Moore <paul@paul-moore.com>
13  *  Copyright (C) 2010 Nokia Corporation
14  *  Copyright (C) 2011 Intel Corporation.
15  *
16  *	This program is free software; you can redistribute it and/or modify
17  *	it under the terms of the GNU General Public License version 2,
18  *      as published by the Free Software Foundation.
19  */
20 
21 #include <linux/xattr.h>
22 #include <linux/pagemap.h>
23 #include <linux/mount.h>
24 #include <linux/stat.h>
25 #include <linux/kd.h>
26 #include <asm/ioctls.h>
27 #include <linux/ip.h>
28 #include <linux/tcp.h>
29 #include <linux/udp.h>
30 #include <linux/dccp.h>
31 #include <linux/icmpv6.h>
32 #include <linux/slab.h>
33 #include <linux/mutex.h>
34 #include <linux/pipe_fs_i.h>
35 #include <net/cipso_ipv4.h>
36 #include <net/ip.h>
37 #include <net/ipv6.h>
38 #include <linux/audit.h>
39 #include <linux/magic.h>
40 #include <linux/dcache.h>
41 #include <linux/personality.h>
42 #include <linux/msg.h>
43 #include <linux/shm.h>
44 #include <linux/binfmts.h>
45 #include <linux/parser.h>
46 #include "smack.h"
47 
48 #define TRANS_TRUE	"TRUE"
49 #define TRANS_TRUE_SIZE	4
50 
51 #define SMK_CONNECTING	0
52 #define SMK_RECEIVING	1
53 #define SMK_SENDING	2
54 
55 #ifdef SMACK_IPV6_PORT_LABELING
56 DEFINE_MUTEX(smack_ipv6_lock);
57 static LIST_HEAD(smk_ipv6_port_list);
58 #endif
59 static struct kmem_cache *smack_inode_cache;
60 int smack_enabled;
61 
62 static const match_table_t smk_mount_tokens = {
63 	{Opt_fsdefault, SMK_FSDEFAULT "%s"},
64 	{Opt_fsfloor, SMK_FSFLOOR "%s"},
65 	{Opt_fshat, SMK_FSHAT "%s"},
66 	{Opt_fsroot, SMK_FSROOT "%s"},
67 	{Opt_fstransmute, SMK_FSTRANS "%s"},
68 	{Opt_error, NULL},
69 };
70 
71 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
72 static char *smk_bu_mess[] = {
73 	"Bringup Error",	/* Unused */
74 	"Bringup",		/* SMACK_BRINGUP_ALLOW */
75 	"Unconfined Subject",	/* SMACK_UNCONFINED_SUBJECT */
76 	"Unconfined Object",	/* SMACK_UNCONFINED_OBJECT */
77 };
78 
79 static void smk_bu_mode(int mode, char *s)
80 {
81 	int i = 0;
82 
83 	if (mode & MAY_READ)
84 		s[i++] = 'r';
85 	if (mode & MAY_WRITE)
86 		s[i++] = 'w';
87 	if (mode & MAY_EXEC)
88 		s[i++] = 'x';
89 	if (mode & MAY_APPEND)
90 		s[i++] = 'a';
91 	if (mode & MAY_TRANSMUTE)
92 		s[i++] = 't';
93 	if (mode & MAY_LOCK)
94 		s[i++] = 'l';
95 	if (i == 0)
96 		s[i++] = '-';
97 	s[i] = '\0';
98 }
99 #endif
100 
101 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
102 static int smk_bu_note(char *note, struct smack_known *sskp,
103 		       struct smack_known *oskp, int mode, int rc)
104 {
105 	char acc[SMK_NUM_ACCESS_TYPE + 1];
106 
107 	if (rc <= 0)
108 		return rc;
109 	if (rc > SMACK_UNCONFINED_OBJECT)
110 		rc = 0;
111 
112 	smk_bu_mode(mode, acc);
113 	pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
114 		sskp->smk_known, oskp->smk_known, acc, note);
115 	return 0;
116 }
117 #else
118 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
119 #endif
120 
121 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
122 static int smk_bu_current(char *note, struct smack_known *oskp,
123 			  int mode, int rc)
124 {
125 	struct task_smack *tsp = current_security();
126 	char acc[SMK_NUM_ACCESS_TYPE + 1];
127 
128 	if (rc <= 0)
129 		return rc;
130 	if (rc > SMACK_UNCONFINED_OBJECT)
131 		rc = 0;
132 
133 	smk_bu_mode(mode, acc);
134 	pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
135 		tsp->smk_task->smk_known, oskp->smk_known,
136 		acc, current->comm, note);
137 	return 0;
138 }
139 #else
140 #define smk_bu_current(note, oskp, mode, RC) (RC)
141 #endif
142 
143 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
144 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
145 {
146 	struct task_smack *tsp = current_security();
147 	struct smack_known *smk_task = smk_of_task_struct(otp);
148 	char acc[SMK_NUM_ACCESS_TYPE + 1];
149 
150 	if (rc <= 0)
151 		return rc;
152 	if (rc > SMACK_UNCONFINED_OBJECT)
153 		rc = 0;
154 
155 	smk_bu_mode(mode, acc);
156 	pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
157 		tsp->smk_task->smk_known, smk_task->smk_known, acc,
158 		current->comm, otp->comm);
159 	return 0;
160 }
161 #else
162 #define smk_bu_task(otp, mode, RC) (RC)
163 #endif
164 
165 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
166 static int smk_bu_inode(struct inode *inode, int mode, int rc)
167 {
168 	struct task_smack *tsp = current_security();
169 	struct inode_smack *isp = inode->i_security;
170 	char acc[SMK_NUM_ACCESS_TYPE + 1];
171 
172 	if (isp->smk_flags & SMK_INODE_IMPURE)
173 		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
174 			inode->i_sb->s_id, inode->i_ino, current->comm);
175 
176 	if (rc <= 0)
177 		return rc;
178 	if (rc > SMACK_UNCONFINED_OBJECT)
179 		rc = 0;
180 	if (rc == SMACK_UNCONFINED_SUBJECT &&
181 	    (mode & (MAY_WRITE | MAY_APPEND)))
182 		isp->smk_flags |= SMK_INODE_IMPURE;
183 
184 	smk_bu_mode(mode, acc);
185 
186 	pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
187 		tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
188 		inode->i_sb->s_id, inode->i_ino, current->comm);
189 	return 0;
190 }
191 #else
192 #define smk_bu_inode(inode, mode, RC) (RC)
193 #endif
194 
195 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
196 static int smk_bu_file(struct file *file, int mode, int rc)
197 {
198 	struct task_smack *tsp = current_security();
199 	struct smack_known *sskp = tsp->smk_task;
200 	struct inode *inode = file_inode(file);
201 	struct inode_smack *isp = inode->i_security;
202 	char acc[SMK_NUM_ACCESS_TYPE + 1];
203 
204 	if (isp->smk_flags & SMK_INODE_IMPURE)
205 		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
206 			inode->i_sb->s_id, inode->i_ino, current->comm);
207 
208 	if (rc <= 0)
209 		return rc;
210 	if (rc > SMACK_UNCONFINED_OBJECT)
211 		rc = 0;
212 
213 	smk_bu_mode(mode, acc);
214 	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
215 		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
216 		inode->i_sb->s_id, inode->i_ino, file,
217 		current->comm);
218 	return 0;
219 }
220 #else
221 #define smk_bu_file(file, mode, RC) (RC)
222 #endif
223 
224 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
225 static int smk_bu_credfile(const struct cred *cred, struct file *file,
226 				int mode, int rc)
227 {
228 	struct task_smack *tsp = cred->security;
229 	struct smack_known *sskp = tsp->smk_task;
230 	struct inode *inode = file_inode(file);
231 	struct inode_smack *isp = inode->i_security;
232 	char acc[SMK_NUM_ACCESS_TYPE + 1];
233 
234 	if (isp->smk_flags & SMK_INODE_IMPURE)
235 		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
236 			inode->i_sb->s_id, inode->i_ino, current->comm);
237 
238 	if (rc <= 0)
239 		return rc;
240 	if (rc > SMACK_UNCONFINED_OBJECT)
241 		rc = 0;
242 
243 	smk_bu_mode(mode, acc);
244 	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
245 		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
246 		inode->i_sb->s_id, inode->i_ino, file,
247 		current->comm);
248 	return 0;
249 }
250 #else
251 #define smk_bu_credfile(cred, file, mode, RC) (RC)
252 #endif
253 
254 /**
255  * smk_fetch - Fetch the smack label from a file.
256  * @name: type of the label (attribute)
257  * @ip: a pointer to the inode
258  * @dp: a pointer to the dentry
259  *
260  * Returns a pointer to the master list entry for the Smack label,
261  * NULL if there was no label to fetch, or an error code.
262  */
263 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
264 					struct dentry *dp)
265 {
266 	int rc;
267 	char *buffer;
268 	struct smack_known *skp = NULL;
269 
270 	if (!(ip->i_opflags & IOP_XATTR))
271 		return ERR_PTR(-EOPNOTSUPP);
272 
273 	buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
274 	if (buffer == NULL)
275 		return ERR_PTR(-ENOMEM);
276 
277 	rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
278 	if (rc < 0)
279 		skp = ERR_PTR(rc);
280 	else if (rc == 0)
281 		skp = NULL;
282 	else
283 		skp = smk_import_entry(buffer, rc);
284 
285 	kfree(buffer);
286 
287 	return skp;
288 }
289 
290 /**
291  * new_inode_smack - allocate an inode security blob
292  * @skp: a pointer to the Smack label entry to use in the blob
293  *
294  * Returns the new blob or NULL if there's no memory available
295  */
296 static struct inode_smack *new_inode_smack(struct smack_known *skp)
297 {
298 	struct inode_smack *isp;
299 
300 	isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
301 	if (isp == NULL)
302 		return NULL;
303 
304 	isp->smk_inode = skp;
305 	isp->smk_flags = 0;
306 	mutex_init(&isp->smk_lock);
307 
308 	return isp;
309 }
310 
311 /**
312  * new_task_smack - allocate a task security blob
313  * @task: a pointer to the Smack label for the running task
314  * @forked: a pointer to the Smack label for the forked task
315  * @gfp: type of the memory for the allocation
316  *
317  * Returns the new blob or NULL if there's no memory available
318  */
319 static struct task_smack *new_task_smack(struct smack_known *task,
320 					struct smack_known *forked, gfp_t gfp)
321 {
322 	struct task_smack *tsp;
323 
324 	tsp = kzalloc(sizeof(struct task_smack), gfp);
325 	if (tsp == NULL)
326 		return NULL;
327 
328 	tsp->smk_task = task;
329 	tsp->smk_forked = forked;
330 	INIT_LIST_HEAD(&tsp->smk_rules);
331 	INIT_LIST_HEAD(&tsp->smk_relabel);
332 	mutex_init(&tsp->smk_rules_lock);
333 
334 	return tsp;
335 }
336 
337 /**
338  * smk_copy_rules - copy a rule set
339  * @nhead: new rules header pointer
340  * @ohead: old rules header pointer
341  * @gfp: type of the memory for the allocation
342  *
343  * Returns 0 on success, -ENOMEM on error
344  */
345 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
346 				gfp_t gfp)
347 {
348 	struct smack_rule *nrp;
349 	struct smack_rule *orp;
350 	int rc = 0;
351 
352 	list_for_each_entry_rcu(orp, ohead, list) {
353 		nrp = kzalloc(sizeof(struct smack_rule), gfp);
354 		if (nrp == NULL) {
355 			rc = -ENOMEM;
356 			break;
357 		}
358 		*nrp = *orp;
359 		list_add_rcu(&nrp->list, nhead);
360 	}
361 	return rc;
362 }
363 
364 /**
365  * smk_copy_relabel - copy smk_relabel labels list
366  * @nhead: new rules header pointer
367  * @ohead: old rules header pointer
368  * @gfp: type of the memory for the allocation
369  *
370  * Returns 0 on success, -ENOMEM on error
371  */
372 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
373 				gfp_t gfp)
374 {
375 	struct smack_known_list_elem *nklep;
376 	struct smack_known_list_elem *oklep;
377 
378 	list_for_each_entry(oklep, ohead, list) {
379 		nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
380 		if (nklep == NULL) {
381 			smk_destroy_label_list(nhead);
382 			return -ENOMEM;
383 		}
384 		nklep->smk_label = oklep->smk_label;
385 		list_add(&nklep->list, nhead);
386 	}
387 
388 	return 0;
389 }
390 
391 /**
392  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
393  * @mode - input mode in form of PTRACE_MODE_*
394  *
395  * Returns a converted MAY_* mode usable by smack rules
396  */
397 static inline unsigned int smk_ptrace_mode(unsigned int mode)
398 {
399 	if (mode & PTRACE_MODE_ATTACH)
400 		return MAY_READWRITE;
401 	if (mode & PTRACE_MODE_READ)
402 		return MAY_READ;
403 
404 	return 0;
405 }
406 
407 /**
408  * smk_ptrace_rule_check - helper for ptrace access
409  * @tracer: tracer process
410  * @tracee_known: label entry of the process that's about to be traced
411  * @mode: ptrace attachment mode (PTRACE_MODE_*)
412  * @func: name of the function that called us, used for audit
413  *
414  * Returns 0 on access granted, -error on error
415  */
416 static int smk_ptrace_rule_check(struct task_struct *tracer,
417 				 struct smack_known *tracee_known,
418 				 unsigned int mode, const char *func)
419 {
420 	int rc;
421 	struct smk_audit_info ad, *saip = NULL;
422 	struct task_smack *tsp;
423 	struct smack_known *tracer_known;
424 
425 	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
426 		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
427 		smk_ad_setfield_u_tsk(&ad, tracer);
428 		saip = &ad;
429 	}
430 
431 	rcu_read_lock();
432 	tsp = __task_cred(tracer)->security;
433 	tracer_known = smk_of_task(tsp);
434 
435 	if ((mode & PTRACE_MODE_ATTACH) &&
436 	    (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
437 	     smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
438 		if (tracer_known->smk_known == tracee_known->smk_known)
439 			rc = 0;
440 		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
441 			rc = -EACCES;
442 		else if (capable(CAP_SYS_PTRACE))
443 			rc = 0;
444 		else
445 			rc = -EACCES;
446 
447 		if (saip)
448 			smack_log(tracer_known->smk_known,
449 				  tracee_known->smk_known,
450 				  0, rc, saip);
451 
452 		rcu_read_unlock();
453 		return rc;
454 	}
455 
456 	/* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
457 	rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
458 
459 	rcu_read_unlock();
460 	return rc;
461 }
462 
463 /*
464  * LSM hooks.
465  * We he, that is fun!
466  */
467 
468 /**
469  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
470  * @ctp: child task pointer
471  * @mode: ptrace attachment mode (PTRACE_MODE_*)
472  *
473  * Returns 0 if access is OK, an error code otherwise
474  *
475  * Do the capability checks.
476  */
477 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
478 {
479 	struct smack_known *skp;
480 
481 	skp = smk_of_task_struct(ctp);
482 
483 	return smk_ptrace_rule_check(current, skp, mode, __func__);
484 }
485 
486 /**
487  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
488  * @ptp: parent task pointer
489  *
490  * Returns 0 if access is OK, an error code otherwise
491  *
492  * Do the capability checks, and require PTRACE_MODE_ATTACH.
493  */
494 static int smack_ptrace_traceme(struct task_struct *ptp)
495 {
496 	int rc;
497 	struct smack_known *skp;
498 
499 	skp = smk_of_task(current_security());
500 
501 	rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
502 	return rc;
503 }
504 
505 /**
506  * smack_syslog - Smack approval on syslog
507  * @type: message type
508  *
509  * Returns 0 on success, error code otherwise.
510  */
511 static int smack_syslog(int typefrom_file)
512 {
513 	int rc = 0;
514 	struct smack_known *skp = smk_of_current();
515 
516 	if (smack_privileged(CAP_MAC_OVERRIDE))
517 		return 0;
518 
519 	if (smack_syslog_label != NULL && smack_syslog_label != skp)
520 		rc = -EACCES;
521 
522 	return rc;
523 }
524 
525 
526 /*
527  * Superblock Hooks.
528  */
529 
530 /**
531  * smack_sb_alloc_security - allocate a superblock blob
532  * @sb: the superblock getting the blob
533  *
534  * Returns 0 on success or -ENOMEM on error.
535  */
536 static int smack_sb_alloc_security(struct super_block *sb)
537 {
538 	struct superblock_smack *sbsp;
539 
540 	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
541 
542 	if (sbsp == NULL)
543 		return -ENOMEM;
544 
545 	sbsp->smk_root = &smack_known_floor;
546 	sbsp->smk_default = &smack_known_floor;
547 	sbsp->smk_floor = &smack_known_floor;
548 	sbsp->smk_hat = &smack_known_hat;
549 	/*
550 	 * SMK_SB_INITIALIZED will be zero from kzalloc.
551 	 */
552 	sb->s_security = sbsp;
553 
554 	return 0;
555 }
556 
557 /**
558  * smack_sb_free_security - free a superblock blob
559  * @sb: the superblock getting the blob
560  *
561  */
562 static void smack_sb_free_security(struct super_block *sb)
563 {
564 	kfree(sb->s_security);
565 	sb->s_security = NULL;
566 }
567 
568 /**
569  * smack_sb_copy_data - copy mount options data for processing
570  * @orig: where to start
571  * @smackopts: mount options string
572  *
573  * Returns 0 on success or -ENOMEM on error.
574  *
575  * Copy the Smack specific mount options out of the mount
576  * options list.
577  */
578 static int smack_sb_copy_data(char *orig, char *smackopts)
579 {
580 	char *cp, *commap, *otheropts, *dp;
581 
582 	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
583 	if (otheropts == NULL)
584 		return -ENOMEM;
585 
586 	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
587 		if (strstr(cp, SMK_FSDEFAULT) == cp)
588 			dp = smackopts;
589 		else if (strstr(cp, SMK_FSFLOOR) == cp)
590 			dp = smackopts;
591 		else if (strstr(cp, SMK_FSHAT) == cp)
592 			dp = smackopts;
593 		else if (strstr(cp, SMK_FSROOT) == cp)
594 			dp = smackopts;
595 		else if (strstr(cp, SMK_FSTRANS) == cp)
596 			dp = smackopts;
597 		else
598 			dp = otheropts;
599 
600 		commap = strchr(cp, ',');
601 		if (commap != NULL)
602 			*commap = '\0';
603 
604 		if (*dp != '\0')
605 			strcat(dp, ",");
606 		strcat(dp, cp);
607 	}
608 
609 	strcpy(orig, otheropts);
610 	free_page((unsigned long)otheropts);
611 
612 	return 0;
613 }
614 
615 /**
616  * smack_parse_opts_str - parse Smack specific mount options
617  * @options: mount options string
618  * @opts: where to store converted mount opts
619  *
620  * Returns 0 on success or -ENOMEM on error.
621  *
622  * converts Smack specific mount options to generic security option format
623  */
624 static int smack_parse_opts_str(char *options,
625 		struct security_mnt_opts *opts)
626 {
627 	char *p;
628 	char *fsdefault = NULL;
629 	char *fsfloor = NULL;
630 	char *fshat = NULL;
631 	char *fsroot = NULL;
632 	char *fstransmute = NULL;
633 	int rc = -ENOMEM;
634 	int num_mnt_opts = 0;
635 	int token;
636 
637 	opts->num_mnt_opts = 0;
638 
639 	if (!options)
640 		return 0;
641 
642 	while ((p = strsep(&options, ",")) != NULL) {
643 		substring_t args[MAX_OPT_ARGS];
644 
645 		if (!*p)
646 			continue;
647 
648 		token = match_token(p, smk_mount_tokens, args);
649 
650 		switch (token) {
651 		case Opt_fsdefault:
652 			if (fsdefault)
653 				goto out_opt_err;
654 			fsdefault = match_strdup(&args[0]);
655 			if (!fsdefault)
656 				goto out_err;
657 			break;
658 		case Opt_fsfloor:
659 			if (fsfloor)
660 				goto out_opt_err;
661 			fsfloor = match_strdup(&args[0]);
662 			if (!fsfloor)
663 				goto out_err;
664 			break;
665 		case Opt_fshat:
666 			if (fshat)
667 				goto out_opt_err;
668 			fshat = match_strdup(&args[0]);
669 			if (!fshat)
670 				goto out_err;
671 			break;
672 		case Opt_fsroot:
673 			if (fsroot)
674 				goto out_opt_err;
675 			fsroot = match_strdup(&args[0]);
676 			if (!fsroot)
677 				goto out_err;
678 			break;
679 		case Opt_fstransmute:
680 			if (fstransmute)
681 				goto out_opt_err;
682 			fstransmute = match_strdup(&args[0]);
683 			if (!fstransmute)
684 				goto out_err;
685 			break;
686 		default:
687 			rc = -EINVAL;
688 			pr_warn("Smack:  unknown mount option\n");
689 			goto out_err;
690 		}
691 	}
692 
693 	opts->mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), GFP_KERNEL);
694 	if (!opts->mnt_opts)
695 		goto out_err;
696 
697 	opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int),
698 			GFP_KERNEL);
699 	if (!opts->mnt_opts_flags)
700 		goto out_err;
701 
702 	if (fsdefault) {
703 		opts->mnt_opts[num_mnt_opts] = fsdefault;
704 		opts->mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT;
705 	}
706 	if (fsfloor) {
707 		opts->mnt_opts[num_mnt_opts] = fsfloor;
708 		opts->mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT;
709 	}
710 	if (fshat) {
711 		opts->mnt_opts[num_mnt_opts] = fshat;
712 		opts->mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT;
713 	}
714 	if (fsroot) {
715 		opts->mnt_opts[num_mnt_opts] = fsroot;
716 		opts->mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT;
717 	}
718 	if (fstransmute) {
719 		opts->mnt_opts[num_mnt_opts] = fstransmute;
720 		opts->mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT;
721 	}
722 
723 	opts->num_mnt_opts = num_mnt_opts;
724 	return 0;
725 
726 out_opt_err:
727 	rc = -EINVAL;
728 	pr_warn("Smack: duplicate mount options\n");
729 
730 out_err:
731 	kfree(fsdefault);
732 	kfree(fsfloor);
733 	kfree(fshat);
734 	kfree(fsroot);
735 	kfree(fstransmute);
736 	return rc;
737 }
738 
739 /**
740  * smack_set_mnt_opts - set Smack specific mount options
741  * @sb: the file system superblock
742  * @opts: Smack mount options
743  * @kern_flags: mount option from kernel space or user space
744  * @set_kern_flags: where to store converted mount opts
745  *
746  * Returns 0 on success, an error code on failure
747  *
748  * Allow filesystems with binary mount data to explicitly set Smack mount
749  * labels.
750  */
751 static int smack_set_mnt_opts(struct super_block *sb,
752 		struct security_mnt_opts *opts,
753 		unsigned long kern_flags,
754 		unsigned long *set_kern_flags)
755 {
756 	struct dentry *root = sb->s_root;
757 	struct inode *inode = d_backing_inode(root);
758 	struct superblock_smack *sp = sb->s_security;
759 	struct inode_smack *isp;
760 	struct smack_known *skp;
761 	int i;
762 	int num_opts = opts->num_mnt_opts;
763 	int transmute = 0;
764 
765 	if (sp->smk_flags & SMK_SB_INITIALIZED)
766 		return 0;
767 
768 	if (!smack_privileged(CAP_MAC_ADMIN)) {
769 		/*
770 		 * Unprivileged mounts don't get to specify Smack values.
771 		 */
772 		if (num_opts)
773 			return -EPERM;
774 		/*
775 		 * Unprivileged mounts get root and default from the caller.
776 		 */
777 		skp = smk_of_current();
778 		sp->smk_root = skp;
779 		sp->smk_default = skp;
780 		/*
781 		 * For a handful of fs types with no user-controlled
782 		 * backing store it's okay to trust security labels
783 		 * in the filesystem. The rest are untrusted.
784 		 */
785 		if (sb->s_user_ns != &init_user_ns &&
786 		    sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
787 		    sb->s_magic != RAMFS_MAGIC) {
788 			transmute = 1;
789 			sp->smk_flags |= SMK_SB_UNTRUSTED;
790 		}
791 	}
792 
793 	sp->smk_flags |= SMK_SB_INITIALIZED;
794 
795 	for (i = 0; i < num_opts; i++) {
796 		switch (opts->mnt_opts_flags[i]) {
797 		case FSDEFAULT_MNT:
798 			skp = smk_import_entry(opts->mnt_opts[i], 0);
799 			if (IS_ERR(skp))
800 				return PTR_ERR(skp);
801 			sp->smk_default = skp;
802 			break;
803 		case FSFLOOR_MNT:
804 			skp = smk_import_entry(opts->mnt_opts[i], 0);
805 			if (IS_ERR(skp))
806 				return PTR_ERR(skp);
807 			sp->smk_floor = skp;
808 			break;
809 		case FSHAT_MNT:
810 			skp = smk_import_entry(opts->mnt_opts[i], 0);
811 			if (IS_ERR(skp))
812 				return PTR_ERR(skp);
813 			sp->smk_hat = skp;
814 			break;
815 		case FSROOT_MNT:
816 			skp = smk_import_entry(opts->mnt_opts[i], 0);
817 			if (IS_ERR(skp))
818 				return PTR_ERR(skp);
819 			sp->smk_root = skp;
820 			break;
821 		case FSTRANS_MNT:
822 			skp = smk_import_entry(opts->mnt_opts[i], 0);
823 			if (IS_ERR(skp))
824 				return PTR_ERR(skp);
825 			sp->smk_root = skp;
826 			transmute = 1;
827 			break;
828 		default:
829 			break;
830 		}
831 	}
832 
833 	/*
834 	 * Initialize the root inode.
835 	 */
836 	isp = inode->i_security;
837 	if (isp == NULL) {
838 		isp = new_inode_smack(sp->smk_root);
839 		if (isp == NULL)
840 			return -ENOMEM;
841 		inode->i_security = isp;
842 	} else
843 		isp->smk_inode = sp->smk_root;
844 
845 	if (transmute)
846 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
847 
848 	return 0;
849 }
850 
851 /**
852  * smack_sb_kern_mount - Smack specific mount processing
853  * @sb: the file system superblock
854  * @flags: the mount flags
855  * @data: the smack mount options
856  *
857  * Returns 0 on success, an error code on failure
858  */
859 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
860 {
861 	int rc = 0;
862 	char *options = data;
863 	struct security_mnt_opts opts;
864 
865 	security_init_mnt_opts(&opts);
866 
867 	if (!options)
868 		goto out;
869 
870 	rc = smack_parse_opts_str(options, &opts);
871 	if (rc)
872 		goto out_err;
873 
874 out:
875 	rc = smack_set_mnt_opts(sb, &opts, 0, NULL);
876 
877 out_err:
878 	security_free_mnt_opts(&opts);
879 	return rc;
880 }
881 
882 /**
883  * smack_sb_statfs - Smack check on statfs
884  * @dentry: identifies the file system in question
885  *
886  * Returns 0 if current can read the floor of the filesystem,
887  * and error code otherwise
888  */
889 static int smack_sb_statfs(struct dentry *dentry)
890 {
891 	struct superblock_smack *sbp = dentry->d_sb->s_security;
892 	int rc;
893 	struct smk_audit_info ad;
894 
895 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
896 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
897 
898 	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
899 	rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
900 	return rc;
901 }
902 
903 /*
904  * BPRM hooks
905  */
906 
907 /**
908  * smack_bprm_set_creds - set creds for exec
909  * @bprm: the exec information
910  *
911  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
912  */
913 static int smack_bprm_set_creds(struct linux_binprm *bprm)
914 {
915 	struct inode *inode = file_inode(bprm->file);
916 	struct task_smack *bsp = bprm->cred->security;
917 	struct inode_smack *isp;
918 	struct superblock_smack *sbsp;
919 	int rc;
920 
921 	if (bprm->called_set_creds)
922 		return 0;
923 
924 	isp = inode->i_security;
925 	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
926 		return 0;
927 
928 	sbsp = inode->i_sb->s_security;
929 	if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
930 	    isp->smk_task != sbsp->smk_root)
931 		return 0;
932 
933 	if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
934 		struct task_struct *tracer;
935 		rc = 0;
936 
937 		rcu_read_lock();
938 		tracer = ptrace_parent(current);
939 		if (likely(tracer != NULL))
940 			rc = smk_ptrace_rule_check(tracer,
941 						   isp->smk_task,
942 						   PTRACE_MODE_ATTACH,
943 						   __func__);
944 		rcu_read_unlock();
945 
946 		if (rc != 0)
947 			return rc;
948 	} else if (bprm->unsafe)
949 		return -EPERM;
950 
951 	bsp->smk_task = isp->smk_task;
952 	bprm->per_clear |= PER_CLEAR_ON_SETID;
953 
954 	/* Decide if this is a secure exec. */
955 	if (bsp->smk_task != bsp->smk_forked)
956 		bprm->secureexec = 1;
957 
958 	return 0;
959 }
960 
961 /*
962  * Inode hooks
963  */
964 
965 /**
966  * smack_inode_alloc_security - allocate an inode blob
967  * @inode: the inode in need of a blob
968  *
969  * Returns 0 if it gets a blob, -ENOMEM otherwise
970  */
971 static int smack_inode_alloc_security(struct inode *inode)
972 {
973 	struct smack_known *skp = smk_of_current();
974 
975 	inode->i_security = new_inode_smack(skp);
976 	if (inode->i_security == NULL)
977 		return -ENOMEM;
978 	return 0;
979 }
980 
981 /**
982  * smack_inode_free_rcu - Free inode_smack blob from cache
983  * @head: the rcu_head for getting inode_smack pointer
984  *
985  *  Call back function called from call_rcu() to free
986  *  the i_security blob pointer in inode
987  */
988 static void smack_inode_free_rcu(struct rcu_head *head)
989 {
990 	struct inode_smack *issp;
991 
992 	issp = container_of(head, struct inode_smack, smk_rcu);
993 	kmem_cache_free(smack_inode_cache, issp);
994 }
995 
996 /**
997  * smack_inode_free_security - free an inode blob using call_rcu()
998  * @inode: the inode with a blob
999  *
1000  * Clears the blob pointer in inode using RCU
1001  */
1002 static void smack_inode_free_security(struct inode *inode)
1003 {
1004 	struct inode_smack *issp = inode->i_security;
1005 
1006 	/*
1007 	 * The inode may still be referenced in a path walk and
1008 	 * a call to smack_inode_permission() can be made
1009 	 * after smack_inode_free_security() is called.
1010 	 * To avoid race condition free the i_security via RCU
1011 	 * and leave the current inode->i_security pointer intact.
1012 	 * The inode will be freed after the RCU grace period too.
1013 	 */
1014 	call_rcu(&issp->smk_rcu, smack_inode_free_rcu);
1015 }
1016 
1017 /**
1018  * smack_inode_init_security - copy out the smack from an inode
1019  * @inode: the newly created inode
1020  * @dir: containing directory object
1021  * @qstr: unused
1022  * @name: where to put the attribute name
1023  * @value: where to put the attribute value
1024  * @len: where to put the length of the attribute
1025  *
1026  * Returns 0 if it all works out, -ENOMEM if there's no memory
1027  */
1028 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
1029 				     const struct qstr *qstr, const char **name,
1030 				     void **value, size_t *len)
1031 {
1032 	struct inode_smack *issp = inode->i_security;
1033 	struct smack_known *skp = smk_of_current();
1034 	struct smack_known *isp = smk_of_inode(inode);
1035 	struct smack_known *dsp = smk_of_inode(dir);
1036 	int may;
1037 
1038 	if (name)
1039 		*name = XATTR_SMACK_SUFFIX;
1040 
1041 	if (value && len) {
1042 		rcu_read_lock();
1043 		may = smk_access_entry(skp->smk_known, dsp->smk_known,
1044 				       &skp->smk_rules);
1045 		rcu_read_unlock();
1046 
1047 		/*
1048 		 * If the access rule allows transmutation and
1049 		 * the directory requests transmutation then
1050 		 * by all means transmute.
1051 		 * Mark the inode as changed.
1052 		 */
1053 		if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
1054 		    smk_inode_transmutable(dir)) {
1055 			isp = dsp;
1056 			issp->smk_flags |= SMK_INODE_CHANGED;
1057 		}
1058 
1059 		*value = kstrdup(isp->smk_known, GFP_NOFS);
1060 		if (*value == NULL)
1061 			return -ENOMEM;
1062 
1063 		*len = strlen(isp->smk_known);
1064 	}
1065 
1066 	return 0;
1067 }
1068 
1069 /**
1070  * smack_inode_link - Smack check on link
1071  * @old_dentry: the existing object
1072  * @dir: unused
1073  * @new_dentry: the new object
1074  *
1075  * Returns 0 if access is permitted, an error code otherwise
1076  */
1077 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1078 			    struct dentry *new_dentry)
1079 {
1080 	struct smack_known *isp;
1081 	struct smk_audit_info ad;
1082 	int rc;
1083 
1084 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1085 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1086 
1087 	isp = smk_of_inode(d_backing_inode(old_dentry));
1088 	rc = smk_curacc(isp, MAY_WRITE, &ad);
1089 	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1090 
1091 	if (rc == 0 && d_is_positive(new_dentry)) {
1092 		isp = smk_of_inode(d_backing_inode(new_dentry));
1093 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1094 		rc = smk_curacc(isp, MAY_WRITE, &ad);
1095 		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1096 	}
1097 
1098 	return rc;
1099 }
1100 
1101 /**
1102  * smack_inode_unlink - Smack check on inode deletion
1103  * @dir: containing directory object
1104  * @dentry: file to unlink
1105  *
1106  * Returns 0 if current can write the containing directory
1107  * and the object, error code otherwise
1108  */
1109 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1110 {
1111 	struct inode *ip = d_backing_inode(dentry);
1112 	struct smk_audit_info ad;
1113 	int rc;
1114 
1115 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1116 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1117 
1118 	/*
1119 	 * You need write access to the thing you're unlinking
1120 	 */
1121 	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1122 	rc = smk_bu_inode(ip, MAY_WRITE, rc);
1123 	if (rc == 0) {
1124 		/*
1125 		 * You also need write access to the containing directory
1126 		 */
1127 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1128 		smk_ad_setfield_u_fs_inode(&ad, dir);
1129 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1130 		rc = smk_bu_inode(dir, MAY_WRITE, rc);
1131 	}
1132 	return rc;
1133 }
1134 
1135 /**
1136  * smack_inode_rmdir - Smack check on directory deletion
1137  * @dir: containing directory object
1138  * @dentry: directory to unlink
1139  *
1140  * Returns 0 if current can write the containing directory
1141  * and the directory, error code otherwise
1142  */
1143 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1144 {
1145 	struct smk_audit_info ad;
1146 	int rc;
1147 
1148 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1149 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1150 
1151 	/*
1152 	 * You need write access to the thing you're removing
1153 	 */
1154 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1155 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1156 	if (rc == 0) {
1157 		/*
1158 		 * You also need write access to the containing directory
1159 		 */
1160 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1161 		smk_ad_setfield_u_fs_inode(&ad, dir);
1162 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1163 		rc = smk_bu_inode(dir, MAY_WRITE, rc);
1164 	}
1165 
1166 	return rc;
1167 }
1168 
1169 /**
1170  * smack_inode_rename - Smack check on rename
1171  * @old_inode: unused
1172  * @old_dentry: the old object
1173  * @new_inode: unused
1174  * @new_dentry: the new object
1175  *
1176  * Read and write access is required on both the old and
1177  * new directories.
1178  *
1179  * Returns 0 if access is permitted, an error code otherwise
1180  */
1181 static int smack_inode_rename(struct inode *old_inode,
1182 			      struct dentry *old_dentry,
1183 			      struct inode *new_inode,
1184 			      struct dentry *new_dentry)
1185 {
1186 	int rc;
1187 	struct smack_known *isp;
1188 	struct smk_audit_info ad;
1189 
1190 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1191 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1192 
1193 	isp = smk_of_inode(d_backing_inode(old_dentry));
1194 	rc = smk_curacc(isp, MAY_READWRITE, &ad);
1195 	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1196 
1197 	if (rc == 0 && d_is_positive(new_dentry)) {
1198 		isp = smk_of_inode(d_backing_inode(new_dentry));
1199 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1200 		rc = smk_curacc(isp, MAY_READWRITE, &ad);
1201 		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1202 	}
1203 	return rc;
1204 }
1205 
1206 /**
1207  * smack_inode_permission - Smack version of permission()
1208  * @inode: the inode in question
1209  * @mask: the access requested
1210  *
1211  * This is the important Smack hook.
1212  *
1213  * Returns 0 if access is permitted, -EACCES otherwise
1214  */
1215 static int smack_inode_permission(struct inode *inode, int mask)
1216 {
1217 	struct superblock_smack *sbsp = inode->i_sb->s_security;
1218 	struct smk_audit_info ad;
1219 	int no_block = mask & MAY_NOT_BLOCK;
1220 	int rc;
1221 
1222 	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1223 	/*
1224 	 * No permission to check. Existence test. Yup, it's there.
1225 	 */
1226 	if (mask == 0)
1227 		return 0;
1228 
1229 	if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1230 		if (smk_of_inode(inode) != sbsp->smk_root)
1231 			return -EACCES;
1232 	}
1233 
1234 	/* May be droppable after audit */
1235 	if (no_block)
1236 		return -ECHILD;
1237 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1238 	smk_ad_setfield_u_fs_inode(&ad, inode);
1239 	rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1240 	rc = smk_bu_inode(inode, mask, rc);
1241 	return rc;
1242 }
1243 
1244 /**
1245  * smack_inode_setattr - Smack check for setting attributes
1246  * @dentry: the object
1247  * @iattr: for the force flag
1248  *
1249  * Returns 0 if access is permitted, an error code otherwise
1250  */
1251 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1252 {
1253 	struct smk_audit_info ad;
1254 	int rc;
1255 
1256 	/*
1257 	 * Need to allow for clearing the setuid bit.
1258 	 */
1259 	if (iattr->ia_valid & ATTR_FORCE)
1260 		return 0;
1261 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1262 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1263 
1264 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1265 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1266 	return rc;
1267 }
1268 
1269 /**
1270  * smack_inode_getattr - Smack check for getting attributes
1271  * @mnt: vfsmount of the object
1272  * @dentry: the object
1273  *
1274  * Returns 0 if access is permitted, an error code otherwise
1275  */
1276 static int smack_inode_getattr(const struct path *path)
1277 {
1278 	struct smk_audit_info ad;
1279 	struct inode *inode = d_backing_inode(path->dentry);
1280 	int rc;
1281 
1282 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1283 	smk_ad_setfield_u_fs_path(&ad, *path);
1284 	rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1285 	rc = smk_bu_inode(inode, MAY_READ, rc);
1286 	return rc;
1287 }
1288 
1289 /**
1290  * smack_inode_setxattr - Smack check for setting xattrs
1291  * @dentry: the object
1292  * @name: name of the attribute
1293  * @value: value of the attribute
1294  * @size: size of the value
1295  * @flags: unused
1296  *
1297  * This protects the Smack attribute explicitly.
1298  *
1299  * Returns 0 if access is permitted, an error code otherwise
1300  */
1301 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1302 				const void *value, size_t size, int flags)
1303 {
1304 	struct smk_audit_info ad;
1305 	struct smack_known *skp;
1306 	int check_priv = 0;
1307 	int check_import = 0;
1308 	int check_star = 0;
1309 	int rc = 0;
1310 
1311 	/*
1312 	 * Check label validity here so import won't fail in post_setxattr
1313 	 */
1314 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1315 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1316 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1317 		check_priv = 1;
1318 		check_import = 1;
1319 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1320 		   strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1321 		check_priv = 1;
1322 		check_import = 1;
1323 		check_star = 1;
1324 	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1325 		check_priv = 1;
1326 		if (size != TRANS_TRUE_SIZE ||
1327 		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1328 			rc = -EINVAL;
1329 	} else
1330 		rc = cap_inode_setxattr(dentry, name, value, size, flags);
1331 
1332 	if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1333 		rc = -EPERM;
1334 
1335 	if (rc == 0 && check_import) {
1336 		skp = size ? smk_import_entry(value, size) : NULL;
1337 		if (IS_ERR(skp))
1338 			rc = PTR_ERR(skp);
1339 		else if (skp == NULL || (check_star &&
1340 		    (skp == &smack_known_star || skp == &smack_known_web)))
1341 			rc = -EINVAL;
1342 	}
1343 
1344 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1345 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1346 
1347 	if (rc == 0) {
1348 		rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1349 		rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1350 	}
1351 
1352 	return rc;
1353 }
1354 
1355 /**
1356  * smack_inode_post_setxattr - Apply the Smack update approved above
1357  * @dentry: object
1358  * @name: attribute name
1359  * @value: attribute value
1360  * @size: attribute size
1361  * @flags: unused
1362  *
1363  * Set the pointer in the inode blob to the entry found
1364  * in the master label list.
1365  */
1366 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1367 				      const void *value, size_t size, int flags)
1368 {
1369 	struct smack_known *skp;
1370 	struct inode_smack *isp = d_backing_inode(dentry)->i_security;
1371 
1372 	if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1373 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
1374 		return;
1375 	}
1376 
1377 	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1378 		skp = smk_import_entry(value, size);
1379 		if (!IS_ERR(skp))
1380 			isp->smk_inode = skp;
1381 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1382 		skp = smk_import_entry(value, size);
1383 		if (!IS_ERR(skp))
1384 			isp->smk_task = skp;
1385 	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1386 		skp = smk_import_entry(value, size);
1387 		if (!IS_ERR(skp))
1388 			isp->smk_mmap = skp;
1389 	}
1390 
1391 	return;
1392 }
1393 
1394 /**
1395  * smack_inode_getxattr - Smack check on getxattr
1396  * @dentry: the object
1397  * @name: unused
1398  *
1399  * Returns 0 if access is permitted, an error code otherwise
1400  */
1401 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1402 {
1403 	struct smk_audit_info ad;
1404 	int rc;
1405 
1406 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1407 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1408 
1409 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1410 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1411 	return rc;
1412 }
1413 
1414 /**
1415  * smack_inode_removexattr - Smack check on removexattr
1416  * @dentry: the object
1417  * @name: name of the attribute
1418  *
1419  * Removing the Smack attribute requires CAP_MAC_ADMIN
1420  *
1421  * Returns 0 if access is permitted, an error code otherwise
1422  */
1423 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1424 {
1425 	struct inode_smack *isp;
1426 	struct smk_audit_info ad;
1427 	int rc = 0;
1428 
1429 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1430 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1431 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1432 	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1433 	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1434 	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1435 		if (!smack_privileged(CAP_MAC_ADMIN))
1436 			rc = -EPERM;
1437 	} else
1438 		rc = cap_inode_removexattr(dentry, name);
1439 
1440 	if (rc != 0)
1441 		return rc;
1442 
1443 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1444 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1445 
1446 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1447 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1448 	if (rc != 0)
1449 		return rc;
1450 
1451 	isp = d_backing_inode(dentry)->i_security;
1452 	/*
1453 	 * Don't do anything special for these.
1454 	 *	XATTR_NAME_SMACKIPIN
1455 	 *	XATTR_NAME_SMACKIPOUT
1456 	 */
1457 	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1458 		struct super_block *sbp = dentry->d_sb;
1459 		struct superblock_smack *sbsp = sbp->s_security;
1460 
1461 		isp->smk_inode = sbsp->smk_default;
1462 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1463 		isp->smk_task = NULL;
1464 	else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1465 		isp->smk_mmap = NULL;
1466 	else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1467 		isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1468 
1469 	return 0;
1470 }
1471 
1472 /**
1473  * smack_inode_getsecurity - get smack xattrs
1474  * @inode: the object
1475  * @name: attribute name
1476  * @buffer: where to put the result
1477  * @alloc: duplicate memory
1478  *
1479  * Returns the size of the attribute or an error code
1480  */
1481 static int smack_inode_getsecurity(struct inode *inode,
1482 				   const char *name, void **buffer,
1483 				   bool alloc)
1484 {
1485 	struct socket_smack *ssp;
1486 	struct socket *sock;
1487 	struct super_block *sbp;
1488 	struct inode *ip = (struct inode *)inode;
1489 	struct smack_known *isp;
1490 
1491 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
1492 		isp = smk_of_inode(inode);
1493 	else {
1494 		/*
1495 		 * The rest of the Smack xattrs are only on sockets.
1496 		 */
1497 		sbp = ip->i_sb;
1498 		if (sbp->s_magic != SOCKFS_MAGIC)
1499 			return -EOPNOTSUPP;
1500 
1501 		sock = SOCKET_I(ip);
1502 		if (sock == NULL || sock->sk == NULL)
1503 			return -EOPNOTSUPP;
1504 
1505 		ssp = sock->sk->sk_security;
1506 
1507 		if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1508 			isp = ssp->smk_in;
1509 		else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1510 			isp = ssp->smk_out;
1511 		else
1512 			return -EOPNOTSUPP;
1513 	}
1514 
1515 	if (alloc) {
1516 		*buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1517 		if (*buffer == NULL)
1518 			return -ENOMEM;
1519 	}
1520 
1521 	return strlen(isp->smk_known);
1522 }
1523 
1524 
1525 /**
1526  * smack_inode_listsecurity - list the Smack attributes
1527  * @inode: the object
1528  * @buffer: where they go
1529  * @buffer_size: size of buffer
1530  */
1531 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1532 				    size_t buffer_size)
1533 {
1534 	int len = sizeof(XATTR_NAME_SMACK);
1535 
1536 	if (buffer != NULL && len <= buffer_size)
1537 		memcpy(buffer, XATTR_NAME_SMACK, len);
1538 
1539 	return len;
1540 }
1541 
1542 /**
1543  * smack_inode_getsecid - Extract inode's security id
1544  * @inode: inode to extract the info from
1545  * @secid: where result will be saved
1546  */
1547 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1548 {
1549 	struct smack_known *skp = smk_of_inode(inode);
1550 
1551 	*secid = skp->smk_secid;
1552 }
1553 
1554 /*
1555  * File Hooks
1556  */
1557 
1558 /*
1559  * There is no smack_file_permission hook
1560  *
1561  * Should access checks be done on each read or write?
1562  * UNICOS and SELinux say yes.
1563  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1564  *
1565  * I'll say no for now. Smack does not do the frequent
1566  * label changing that SELinux does.
1567  */
1568 
1569 /**
1570  * smack_file_alloc_security - assign a file security blob
1571  * @file: the object
1572  *
1573  * The security blob for a file is a pointer to the master
1574  * label list, so no allocation is done.
1575  *
1576  * f_security is the owner security information. It
1577  * isn't used on file access checks, it's for send_sigio.
1578  *
1579  * Returns 0
1580  */
1581 static int smack_file_alloc_security(struct file *file)
1582 {
1583 	struct smack_known *skp = smk_of_current();
1584 
1585 	file->f_security = skp;
1586 	return 0;
1587 }
1588 
1589 /**
1590  * smack_file_free_security - clear a file security blob
1591  * @file: the object
1592  *
1593  * The security blob for a file is a pointer to the master
1594  * label list, so no memory is freed.
1595  */
1596 static void smack_file_free_security(struct file *file)
1597 {
1598 	file->f_security = NULL;
1599 }
1600 
1601 /**
1602  * smack_file_ioctl - Smack check on ioctls
1603  * @file: the object
1604  * @cmd: what to do
1605  * @arg: unused
1606  *
1607  * Relies heavily on the correct use of the ioctl command conventions.
1608  *
1609  * Returns 0 if allowed, error code otherwise
1610  */
1611 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1612 			    unsigned long arg)
1613 {
1614 	int rc = 0;
1615 	struct smk_audit_info ad;
1616 	struct inode *inode = file_inode(file);
1617 
1618 	if (unlikely(IS_PRIVATE(inode)))
1619 		return 0;
1620 
1621 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1622 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1623 
1624 	if (_IOC_DIR(cmd) & _IOC_WRITE) {
1625 		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1626 		rc = smk_bu_file(file, MAY_WRITE, rc);
1627 	}
1628 
1629 	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1630 		rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1631 		rc = smk_bu_file(file, MAY_READ, rc);
1632 	}
1633 
1634 	return rc;
1635 }
1636 
1637 /**
1638  * smack_file_lock - Smack check on file locking
1639  * @file: the object
1640  * @cmd: unused
1641  *
1642  * Returns 0 if current has lock access, error code otherwise
1643  */
1644 static int smack_file_lock(struct file *file, unsigned int cmd)
1645 {
1646 	struct smk_audit_info ad;
1647 	int rc;
1648 	struct inode *inode = file_inode(file);
1649 
1650 	if (unlikely(IS_PRIVATE(inode)))
1651 		return 0;
1652 
1653 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1654 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1655 	rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1656 	rc = smk_bu_file(file, MAY_LOCK, rc);
1657 	return rc;
1658 }
1659 
1660 /**
1661  * smack_file_fcntl - Smack check on fcntl
1662  * @file: the object
1663  * @cmd: what action to check
1664  * @arg: unused
1665  *
1666  * Generally these operations are harmless.
1667  * File locking operations present an obvious mechanism
1668  * for passing information, so they require write access.
1669  *
1670  * Returns 0 if current has access, error code otherwise
1671  */
1672 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1673 			    unsigned long arg)
1674 {
1675 	struct smk_audit_info ad;
1676 	int rc = 0;
1677 	struct inode *inode = file_inode(file);
1678 
1679 	if (unlikely(IS_PRIVATE(inode)))
1680 		return 0;
1681 
1682 	switch (cmd) {
1683 	case F_GETLK:
1684 		break;
1685 	case F_SETLK:
1686 	case F_SETLKW:
1687 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1688 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1689 		rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1690 		rc = smk_bu_file(file, MAY_LOCK, rc);
1691 		break;
1692 	case F_SETOWN:
1693 	case F_SETSIG:
1694 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1695 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1696 		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1697 		rc = smk_bu_file(file, MAY_WRITE, rc);
1698 		break;
1699 	default:
1700 		break;
1701 	}
1702 
1703 	return rc;
1704 }
1705 
1706 /**
1707  * smack_mmap_file :
1708  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1709  * if mapping anonymous memory.
1710  * @file contains the file structure for file to map (may be NULL).
1711  * @reqprot contains the protection requested by the application.
1712  * @prot contains the protection that will be applied by the kernel.
1713  * @flags contains the operational flags.
1714  * Return 0 if permission is granted.
1715  */
1716 static int smack_mmap_file(struct file *file,
1717 			   unsigned long reqprot, unsigned long prot,
1718 			   unsigned long flags)
1719 {
1720 	struct smack_known *skp;
1721 	struct smack_known *mkp;
1722 	struct smack_rule *srp;
1723 	struct task_smack *tsp;
1724 	struct smack_known *okp;
1725 	struct inode_smack *isp;
1726 	struct superblock_smack *sbsp;
1727 	int may;
1728 	int mmay;
1729 	int tmay;
1730 	int rc;
1731 
1732 	if (file == NULL)
1733 		return 0;
1734 
1735 	if (unlikely(IS_PRIVATE(file_inode(file))))
1736 		return 0;
1737 
1738 	isp = file_inode(file)->i_security;
1739 	if (isp->smk_mmap == NULL)
1740 		return 0;
1741 	sbsp = file_inode(file)->i_sb->s_security;
1742 	if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1743 	    isp->smk_mmap != sbsp->smk_root)
1744 		return -EACCES;
1745 	mkp = isp->smk_mmap;
1746 
1747 	tsp = current_security();
1748 	skp = smk_of_current();
1749 	rc = 0;
1750 
1751 	rcu_read_lock();
1752 	/*
1753 	 * For each Smack rule associated with the subject
1754 	 * label verify that the SMACK64MMAP also has access
1755 	 * to that rule's object label.
1756 	 */
1757 	list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1758 		okp = srp->smk_object;
1759 		/*
1760 		 * Matching labels always allows access.
1761 		 */
1762 		if (mkp->smk_known == okp->smk_known)
1763 			continue;
1764 		/*
1765 		 * If there is a matching local rule take
1766 		 * that into account as well.
1767 		 */
1768 		may = smk_access_entry(srp->smk_subject->smk_known,
1769 				       okp->smk_known,
1770 				       &tsp->smk_rules);
1771 		if (may == -ENOENT)
1772 			may = srp->smk_access;
1773 		else
1774 			may &= srp->smk_access;
1775 		/*
1776 		 * If may is zero the SMACK64MMAP subject can't
1777 		 * possibly have less access.
1778 		 */
1779 		if (may == 0)
1780 			continue;
1781 
1782 		/*
1783 		 * Fetch the global list entry.
1784 		 * If there isn't one a SMACK64MMAP subject
1785 		 * can't have as much access as current.
1786 		 */
1787 		mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1788 					&mkp->smk_rules);
1789 		if (mmay == -ENOENT) {
1790 			rc = -EACCES;
1791 			break;
1792 		}
1793 		/*
1794 		 * If there is a local entry it modifies the
1795 		 * potential access, too.
1796 		 */
1797 		tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1798 					&tsp->smk_rules);
1799 		if (tmay != -ENOENT)
1800 			mmay &= tmay;
1801 
1802 		/*
1803 		 * If there is any access available to current that is
1804 		 * not available to a SMACK64MMAP subject
1805 		 * deny access.
1806 		 */
1807 		if ((may | mmay) != mmay) {
1808 			rc = -EACCES;
1809 			break;
1810 		}
1811 	}
1812 
1813 	rcu_read_unlock();
1814 
1815 	return rc;
1816 }
1817 
1818 /**
1819  * smack_file_set_fowner - set the file security blob value
1820  * @file: object in question
1821  *
1822  */
1823 static void smack_file_set_fowner(struct file *file)
1824 {
1825 	file->f_security = smk_of_current();
1826 }
1827 
1828 /**
1829  * smack_file_send_sigiotask - Smack on sigio
1830  * @tsk: The target task
1831  * @fown: the object the signal come from
1832  * @signum: unused
1833  *
1834  * Allow a privileged task to get signals even if it shouldn't
1835  *
1836  * Returns 0 if a subject with the object's smack could
1837  * write to the task, an error code otherwise.
1838  */
1839 static int smack_file_send_sigiotask(struct task_struct *tsk,
1840 				     struct fown_struct *fown, int signum)
1841 {
1842 	struct smack_known *skp;
1843 	struct smack_known *tkp = smk_of_task(tsk->cred->security);
1844 	struct file *file;
1845 	int rc;
1846 	struct smk_audit_info ad;
1847 
1848 	/*
1849 	 * struct fown_struct is never outside the context of a struct file
1850 	 */
1851 	file = container_of(fown, struct file, f_owner);
1852 
1853 	/* we don't log here as rc can be overriden */
1854 	skp = file->f_security;
1855 	rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1856 	rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1857 	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1858 		rc = 0;
1859 
1860 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1861 	smk_ad_setfield_u_tsk(&ad, tsk);
1862 	smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1863 	return rc;
1864 }
1865 
1866 /**
1867  * smack_file_receive - Smack file receive check
1868  * @file: the object
1869  *
1870  * Returns 0 if current has access, error code otherwise
1871  */
1872 static int smack_file_receive(struct file *file)
1873 {
1874 	int rc;
1875 	int may = 0;
1876 	struct smk_audit_info ad;
1877 	struct inode *inode = file_inode(file);
1878 	struct socket *sock;
1879 	struct task_smack *tsp;
1880 	struct socket_smack *ssp;
1881 
1882 	if (unlikely(IS_PRIVATE(inode)))
1883 		return 0;
1884 
1885 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1886 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1887 
1888 	if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1889 		sock = SOCKET_I(inode);
1890 		ssp = sock->sk->sk_security;
1891 		tsp = current_security();
1892 		/*
1893 		 * If the receiving process can't write to the
1894 		 * passed socket or if the passed socket can't
1895 		 * write to the receiving process don't accept
1896 		 * the passed socket.
1897 		 */
1898 		rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1899 		rc = smk_bu_file(file, may, rc);
1900 		if (rc < 0)
1901 			return rc;
1902 		rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1903 		rc = smk_bu_file(file, may, rc);
1904 		return rc;
1905 	}
1906 	/*
1907 	 * This code relies on bitmasks.
1908 	 */
1909 	if (file->f_mode & FMODE_READ)
1910 		may = MAY_READ;
1911 	if (file->f_mode & FMODE_WRITE)
1912 		may |= MAY_WRITE;
1913 
1914 	rc = smk_curacc(smk_of_inode(inode), may, &ad);
1915 	rc = smk_bu_file(file, may, rc);
1916 	return rc;
1917 }
1918 
1919 /**
1920  * smack_file_open - Smack dentry open processing
1921  * @file: the object
1922  * @cred: task credential
1923  *
1924  * Set the security blob in the file structure.
1925  * Allow the open only if the task has read access. There are
1926  * many read operations (e.g. fstat) that you can do with an
1927  * fd even if you have the file open write-only.
1928  *
1929  * Returns 0
1930  */
1931 static int smack_file_open(struct file *file)
1932 {
1933 	struct task_smack *tsp = file->f_cred->security;
1934 	struct inode *inode = file_inode(file);
1935 	struct smk_audit_info ad;
1936 	int rc;
1937 
1938 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1939 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1940 	rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1941 	rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
1942 
1943 	return rc;
1944 }
1945 
1946 /*
1947  * Task hooks
1948  */
1949 
1950 /**
1951  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1952  * @new: the new credentials
1953  * @gfp: the atomicity of any memory allocations
1954  *
1955  * Prepare a blank set of credentials for modification.  This must allocate all
1956  * the memory the LSM module might require such that cred_transfer() can
1957  * complete without error.
1958  */
1959 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1960 {
1961 	struct task_smack *tsp;
1962 
1963 	tsp = new_task_smack(NULL, NULL, gfp);
1964 	if (tsp == NULL)
1965 		return -ENOMEM;
1966 
1967 	cred->security = tsp;
1968 
1969 	return 0;
1970 }
1971 
1972 
1973 /**
1974  * smack_cred_free - "free" task-level security credentials
1975  * @cred: the credentials in question
1976  *
1977  */
1978 static void smack_cred_free(struct cred *cred)
1979 {
1980 	struct task_smack *tsp = cred->security;
1981 	struct smack_rule *rp;
1982 	struct list_head *l;
1983 	struct list_head *n;
1984 
1985 	if (tsp == NULL)
1986 		return;
1987 	cred->security = NULL;
1988 
1989 	smk_destroy_label_list(&tsp->smk_relabel);
1990 
1991 	list_for_each_safe(l, n, &tsp->smk_rules) {
1992 		rp = list_entry(l, struct smack_rule, list);
1993 		list_del(&rp->list);
1994 		kfree(rp);
1995 	}
1996 	kfree(tsp);
1997 }
1998 
1999 /**
2000  * smack_cred_prepare - prepare new set of credentials for modification
2001  * @new: the new credentials
2002  * @old: the original credentials
2003  * @gfp: the atomicity of any memory allocations
2004  *
2005  * Prepare a new set of credentials for modification.
2006  */
2007 static int smack_cred_prepare(struct cred *new, const struct cred *old,
2008 			      gfp_t gfp)
2009 {
2010 	struct task_smack *old_tsp = old->security;
2011 	struct task_smack *new_tsp;
2012 	int rc;
2013 
2014 	new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
2015 	if (new_tsp == NULL)
2016 		return -ENOMEM;
2017 
2018 	new->security = new_tsp;
2019 
2020 	rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2021 	if (rc != 0)
2022 		return rc;
2023 
2024 	rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2025 				gfp);
2026 	if (rc != 0)
2027 		return rc;
2028 
2029 	return 0;
2030 }
2031 
2032 /**
2033  * smack_cred_transfer - Transfer the old credentials to the new credentials
2034  * @new: the new credentials
2035  * @old: the original credentials
2036  *
2037  * Fill in a set of blank credentials from another set of credentials.
2038  */
2039 static void smack_cred_transfer(struct cred *new, const struct cred *old)
2040 {
2041 	struct task_smack *old_tsp = old->security;
2042 	struct task_smack *new_tsp = new->security;
2043 
2044 	new_tsp->smk_task = old_tsp->smk_task;
2045 	new_tsp->smk_forked = old_tsp->smk_task;
2046 	mutex_init(&new_tsp->smk_rules_lock);
2047 	INIT_LIST_HEAD(&new_tsp->smk_rules);
2048 
2049 
2050 	/* cbs copy rule list */
2051 }
2052 
2053 /**
2054  * smack_cred_getsecid - get the secid corresponding to a creds structure
2055  * @c: the object creds
2056  * @secid: where to put the result
2057  *
2058  * Sets the secid to contain a u32 version of the smack label.
2059  */
2060 static void smack_cred_getsecid(const struct cred *c, u32 *secid)
2061 {
2062 	struct smack_known *skp;
2063 
2064 	rcu_read_lock();
2065 	skp = smk_of_task(c->security);
2066 	*secid = skp->smk_secid;
2067 	rcu_read_unlock();
2068 }
2069 
2070 /**
2071  * smack_kernel_act_as - Set the subjective context in a set of credentials
2072  * @new: points to the set of credentials to be modified.
2073  * @secid: specifies the security ID to be set
2074  *
2075  * Set the security data for a kernel service.
2076  */
2077 static int smack_kernel_act_as(struct cred *new, u32 secid)
2078 {
2079 	struct task_smack *new_tsp = new->security;
2080 
2081 	new_tsp->smk_task = smack_from_secid(secid);
2082 	return 0;
2083 }
2084 
2085 /**
2086  * smack_kernel_create_files_as - Set the file creation label in a set of creds
2087  * @new: points to the set of credentials to be modified
2088  * @inode: points to the inode to use as a reference
2089  *
2090  * Set the file creation context in a set of credentials to the same
2091  * as the objective context of the specified inode
2092  */
2093 static int smack_kernel_create_files_as(struct cred *new,
2094 					struct inode *inode)
2095 {
2096 	struct inode_smack *isp = inode->i_security;
2097 	struct task_smack *tsp = new->security;
2098 
2099 	tsp->smk_forked = isp->smk_inode;
2100 	tsp->smk_task = tsp->smk_forked;
2101 	return 0;
2102 }
2103 
2104 /**
2105  * smk_curacc_on_task - helper to log task related access
2106  * @p: the task object
2107  * @access: the access requested
2108  * @caller: name of the calling function for audit
2109  *
2110  * Return 0 if access is permitted
2111  */
2112 static int smk_curacc_on_task(struct task_struct *p, int access,
2113 				const char *caller)
2114 {
2115 	struct smk_audit_info ad;
2116 	struct smack_known *skp = smk_of_task_struct(p);
2117 	int rc;
2118 
2119 	smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2120 	smk_ad_setfield_u_tsk(&ad, p);
2121 	rc = smk_curacc(skp, access, &ad);
2122 	rc = smk_bu_task(p, access, rc);
2123 	return rc;
2124 }
2125 
2126 /**
2127  * smack_task_setpgid - Smack check on setting pgid
2128  * @p: the task object
2129  * @pgid: unused
2130  *
2131  * Return 0 if write access is permitted
2132  */
2133 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2134 {
2135 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2136 }
2137 
2138 /**
2139  * smack_task_getpgid - Smack access check for getpgid
2140  * @p: the object task
2141  *
2142  * Returns 0 if current can read the object task, error code otherwise
2143  */
2144 static int smack_task_getpgid(struct task_struct *p)
2145 {
2146 	return smk_curacc_on_task(p, MAY_READ, __func__);
2147 }
2148 
2149 /**
2150  * smack_task_getsid - Smack access check for getsid
2151  * @p: the object task
2152  *
2153  * Returns 0 if current can read the object task, error code otherwise
2154  */
2155 static int smack_task_getsid(struct task_struct *p)
2156 {
2157 	return smk_curacc_on_task(p, MAY_READ, __func__);
2158 }
2159 
2160 /**
2161  * smack_task_getsecid - get the secid of the task
2162  * @p: the object task
2163  * @secid: where to put the result
2164  *
2165  * Sets the secid to contain a u32 version of the smack label.
2166  */
2167 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2168 {
2169 	struct smack_known *skp = smk_of_task_struct(p);
2170 
2171 	*secid = skp->smk_secid;
2172 }
2173 
2174 /**
2175  * smack_task_setnice - Smack check on setting nice
2176  * @p: the task object
2177  * @nice: unused
2178  *
2179  * Return 0 if write access is permitted
2180  */
2181 static int smack_task_setnice(struct task_struct *p, int nice)
2182 {
2183 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2184 }
2185 
2186 /**
2187  * smack_task_setioprio - Smack check on setting ioprio
2188  * @p: the task object
2189  * @ioprio: unused
2190  *
2191  * Return 0 if write access is permitted
2192  */
2193 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2194 {
2195 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2196 }
2197 
2198 /**
2199  * smack_task_getioprio - Smack check on reading ioprio
2200  * @p: the task object
2201  *
2202  * Return 0 if read access is permitted
2203  */
2204 static int smack_task_getioprio(struct task_struct *p)
2205 {
2206 	return smk_curacc_on_task(p, MAY_READ, __func__);
2207 }
2208 
2209 /**
2210  * smack_task_setscheduler - Smack check on setting scheduler
2211  * @p: the task object
2212  * @policy: unused
2213  * @lp: unused
2214  *
2215  * Return 0 if read access is permitted
2216  */
2217 static int smack_task_setscheduler(struct task_struct *p)
2218 {
2219 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2220 }
2221 
2222 /**
2223  * smack_task_getscheduler - Smack check on reading scheduler
2224  * @p: the task object
2225  *
2226  * Return 0 if read access is permitted
2227  */
2228 static int smack_task_getscheduler(struct task_struct *p)
2229 {
2230 	return smk_curacc_on_task(p, MAY_READ, __func__);
2231 }
2232 
2233 /**
2234  * smack_task_movememory - Smack check on moving memory
2235  * @p: the task object
2236  *
2237  * Return 0 if write access is permitted
2238  */
2239 static int smack_task_movememory(struct task_struct *p)
2240 {
2241 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2242 }
2243 
2244 /**
2245  * smack_task_kill - Smack check on signal delivery
2246  * @p: the task object
2247  * @info: unused
2248  * @sig: unused
2249  * @cred: identifies the cred to use in lieu of current's
2250  *
2251  * Return 0 if write access is permitted
2252  *
2253  */
2254 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
2255 			   int sig, const struct cred *cred)
2256 {
2257 	struct smk_audit_info ad;
2258 	struct smack_known *skp;
2259 	struct smack_known *tkp = smk_of_task_struct(p);
2260 	int rc;
2261 
2262 	if (!sig)
2263 		return 0; /* null signal; existence test */
2264 
2265 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2266 	smk_ad_setfield_u_tsk(&ad, p);
2267 	/*
2268 	 * Sending a signal requires that the sender
2269 	 * can write the receiver.
2270 	 */
2271 	if (cred == NULL) {
2272 		rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2273 		rc = smk_bu_task(p, MAY_DELIVER, rc);
2274 		return rc;
2275 	}
2276 	/*
2277 	 * If the cred isn't NULL we're dealing with some USB IO
2278 	 * specific behavior. This is not clean. For one thing
2279 	 * we can't take privilege into account.
2280 	 */
2281 	skp = smk_of_task(cred->security);
2282 	rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2283 	rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2284 	return rc;
2285 }
2286 
2287 /**
2288  * smack_task_to_inode - copy task smack into the inode blob
2289  * @p: task to copy from
2290  * @inode: inode to copy to
2291  *
2292  * Sets the smack pointer in the inode security blob
2293  */
2294 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2295 {
2296 	struct inode_smack *isp = inode->i_security;
2297 	struct smack_known *skp = smk_of_task_struct(p);
2298 
2299 	isp->smk_inode = skp;
2300 	isp->smk_flags |= SMK_INODE_INSTANT;
2301 }
2302 
2303 /*
2304  * Socket hooks.
2305  */
2306 
2307 /**
2308  * smack_sk_alloc_security - Allocate a socket blob
2309  * @sk: the socket
2310  * @family: unused
2311  * @gfp_flags: memory allocation flags
2312  *
2313  * Assign Smack pointers to current
2314  *
2315  * Returns 0 on success, -ENOMEM is there's no memory
2316  */
2317 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2318 {
2319 	struct smack_known *skp = smk_of_current();
2320 	struct socket_smack *ssp;
2321 
2322 	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2323 	if (ssp == NULL)
2324 		return -ENOMEM;
2325 
2326 	/*
2327 	 * Sockets created by kernel threads receive web label.
2328 	 */
2329 	if (unlikely(current->flags & PF_KTHREAD)) {
2330 		ssp->smk_in = &smack_known_web;
2331 		ssp->smk_out = &smack_known_web;
2332 	} else {
2333 		ssp->smk_in = skp;
2334 		ssp->smk_out = skp;
2335 	}
2336 	ssp->smk_packet = NULL;
2337 
2338 	sk->sk_security = ssp;
2339 
2340 	return 0;
2341 }
2342 
2343 /**
2344  * smack_sk_free_security - Free a socket blob
2345  * @sk: the socket
2346  *
2347  * Clears the blob pointer
2348  */
2349 static void smack_sk_free_security(struct sock *sk)
2350 {
2351 #ifdef SMACK_IPV6_PORT_LABELING
2352 	struct smk_port_label *spp;
2353 
2354 	if (sk->sk_family == PF_INET6) {
2355 		rcu_read_lock();
2356 		list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2357 			if (spp->smk_sock != sk)
2358 				continue;
2359 			spp->smk_can_reuse = 1;
2360 			break;
2361 		}
2362 		rcu_read_unlock();
2363 	}
2364 #endif
2365 	kfree(sk->sk_security);
2366 }
2367 
2368 /**
2369 * smack_ipv4host_label - check host based restrictions
2370 * @sip: the object end
2371 *
2372 * looks for host based access restrictions
2373 *
2374 * This version will only be appropriate for really small sets of single label
2375 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2376 * taken before calling this function.
2377 *
2378 * Returns the label of the far end or NULL if it's not special.
2379 */
2380 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2381 {
2382 	struct smk_net4addr *snp;
2383 	struct in_addr *siap = &sip->sin_addr;
2384 
2385 	if (siap->s_addr == 0)
2386 		return NULL;
2387 
2388 	list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2389 		/*
2390 		 * we break after finding the first match because
2391 		 * the list is sorted from longest to shortest mask
2392 		 * so we have found the most specific match
2393 		 */
2394 		if (snp->smk_host.s_addr ==
2395 		    (siap->s_addr & snp->smk_mask.s_addr))
2396 			return snp->smk_label;
2397 
2398 	return NULL;
2399 }
2400 
2401 #if IS_ENABLED(CONFIG_IPV6)
2402 /*
2403  * smk_ipv6_localhost - Check for local ipv6 host address
2404  * @sip: the address
2405  *
2406  * Returns boolean true if this is the localhost address
2407  */
2408 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2409 {
2410 	__be16 *be16p = (__be16 *)&sip->sin6_addr;
2411 	__be32 *be32p = (__be32 *)&sip->sin6_addr;
2412 
2413 	if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2414 	    ntohs(be16p[7]) == 1)
2415 		return true;
2416 	return false;
2417 }
2418 
2419 /**
2420 * smack_ipv6host_label - check host based restrictions
2421 * @sip: the object end
2422 *
2423 * looks for host based access restrictions
2424 *
2425 * This version will only be appropriate for really small sets of single label
2426 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2427 * taken before calling this function.
2428 *
2429 * Returns the label of the far end or NULL if it's not special.
2430 */
2431 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2432 {
2433 	struct smk_net6addr *snp;
2434 	struct in6_addr *sap = &sip->sin6_addr;
2435 	int i;
2436 	int found = 0;
2437 
2438 	/*
2439 	 * It's local. Don't look for a host label.
2440 	 */
2441 	if (smk_ipv6_localhost(sip))
2442 		return NULL;
2443 
2444 	list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2445 		/*
2446 		 * If the label is NULL the entry has
2447 		 * been renounced. Ignore it.
2448 		 */
2449 		if (snp->smk_label == NULL)
2450 			continue;
2451 		/*
2452 		* we break after finding the first match because
2453 		* the list is sorted from longest to shortest mask
2454 		* so we have found the most specific match
2455 		*/
2456 		for (found = 1, i = 0; i < 8; i++) {
2457 			if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2458 			    snp->smk_host.s6_addr16[i]) {
2459 				found = 0;
2460 				break;
2461 			}
2462 		}
2463 		if (found)
2464 			return snp->smk_label;
2465 	}
2466 
2467 	return NULL;
2468 }
2469 #endif /* CONFIG_IPV6 */
2470 
2471 /**
2472  * smack_netlabel - Set the secattr on a socket
2473  * @sk: the socket
2474  * @labeled: socket label scheme
2475  *
2476  * Convert the outbound smack value (smk_out) to a
2477  * secattr and attach it to the socket.
2478  *
2479  * Returns 0 on success or an error code
2480  */
2481 static int smack_netlabel(struct sock *sk, int labeled)
2482 {
2483 	struct smack_known *skp;
2484 	struct socket_smack *ssp = sk->sk_security;
2485 	int rc = 0;
2486 
2487 	/*
2488 	 * Usually the netlabel code will handle changing the
2489 	 * packet labeling based on the label.
2490 	 * The case of a single label host is different, because
2491 	 * a single label host should never get a labeled packet
2492 	 * even though the label is usually associated with a packet
2493 	 * label.
2494 	 */
2495 	local_bh_disable();
2496 	bh_lock_sock_nested(sk);
2497 
2498 	if (ssp->smk_out == smack_net_ambient ||
2499 	    labeled == SMACK_UNLABELED_SOCKET)
2500 		netlbl_sock_delattr(sk);
2501 	else {
2502 		skp = ssp->smk_out;
2503 		rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2504 	}
2505 
2506 	bh_unlock_sock(sk);
2507 	local_bh_enable();
2508 
2509 	return rc;
2510 }
2511 
2512 /**
2513  * smack_netlbel_send - Set the secattr on a socket and perform access checks
2514  * @sk: the socket
2515  * @sap: the destination address
2516  *
2517  * Set the correct secattr for the given socket based on the destination
2518  * address and perform any outbound access checks needed.
2519  *
2520  * Returns 0 on success or an error code.
2521  *
2522  */
2523 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2524 {
2525 	struct smack_known *skp;
2526 	int rc;
2527 	int sk_lbl;
2528 	struct smack_known *hkp;
2529 	struct socket_smack *ssp = sk->sk_security;
2530 	struct smk_audit_info ad;
2531 
2532 	rcu_read_lock();
2533 	hkp = smack_ipv4host_label(sap);
2534 	if (hkp != NULL) {
2535 #ifdef CONFIG_AUDIT
2536 		struct lsm_network_audit net;
2537 
2538 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2539 		ad.a.u.net->family = sap->sin_family;
2540 		ad.a.u.net->dport = sap->sin_port;
2541 		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2542 #endif
2543 		sk_lbl = SMACK_UNLABELED_SOCKET;
2544 		skp = ssp->smk_out;
2545 		rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2546 		rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2547 	} else {
2548 		sk_lbl = SMACK_CIPSO_SOCKET;
2549 		rc = 0;
2550 	}
2551 	rcu_read_unlock();
2552 	if (rc != 0)
2553 		return rc;
2554 
2555 	return smack_netlabel(sk, sk_lbl);
2556 }
2557 
2558 #if IS_ENABLED(CONFIG_IPV6)
2559 /**
2560  * smk_ipv6_check - check Smack access
2561  * @subject: subject Smack label
2562  * @object: object Smack label
2563  * @address: address
2564  * @act: the action being taken
2565  *
2566  * Check an IPv6 access
2567  */
2568 static int smk_ipv6_check(struct smack_known *subject,
2569 				struct smack_known *object,
2570 				struct sockaddr_in6 *address, int act)
2571 {
2572 #ifdef CONFIG_AUDIT
2573 	struct lsm_network_audit net;
2574 #endif
2575 	struct smk_audit_info ad;
2576 	int rc;
2577 
2578 #ifdef CONFIG_AUDIT
2579 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2580 	ad.a.u.net->family = PF_INET6;
2581 	ad.a.u.net->dport = ntohs(address->sin6_port);
2582 	if (act == SMK_RECEIVING)
2583 		ad.a.u.net->v6info.saddr = address->sin6_addr;
2584 	else
2585 		ad.a.u.net->v6info.daddr = address->sin6_addr;
2586 #endif
2587 	rc = smk_access(subject, object, MAY_WRITE, &ad);
2588 	rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2589 	return rc;
2590 }
2591 #endif /* CONFIG_IPV6 */
2592 
2593 #ifdef SMACK_IPV6_PORT_LABELING
2594 /**
2595  * smk_ipv6_port_label - Smack port access table management
2596  * @sock: socket
2597  * @address: address
2598  *
2599  * Create or update the port list entry
2600  */
2601 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2602 {
2603 	struct sock *sk = sock->sk;
2604 	struct sockaddr_in6 *addr6;
2605 	struct socket_smack *ssp = sock->sk->sk_security;
2606 	struct smk_port_label *spp;
2607 	unsigned short port = 0;
2608 
2609 	if (address == NULL) {
2610 		/*
2611 		 * This operation is changing the Smack information
2612 		 * on the bound socket. Take the changes to the port
2613 		 * as well.
2614 		 */
2615 		rcu_read_lock();
2616 		list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2617 			if (sk != spp->smk_sock)
2618 				continue;
2619 			spp->smk_in = ssp->smk_in;
2620 			spp->smk_out = ssp->smk_out;
2621 			rcu_read_unlock();
2622 			return;
2623 		}
2624 		/*
2625 		 * A NULL address is only used for updating existing
2626 		 * bound entries. If there isn't one, it's OK.
2627 		 */
2628 		rcu_read_unlock();
2629 		return;
2630 	}
2631 
2632 	addr6 = (struct sockaddr_in6 *)address;
2633 	port = ntohs(addr6->sin6_port);
2634 	/*
2635 	 * This is a special case that is safely ignored.
2636 	 */
2637 	if (port == 0)
2638 		return;
2639 
2640 	/*
2641 	 * Look for an existing port list entry.
2642 	 * This is an indication that a port is getting reused.
2643 	 */
2644 	rcu_read_lock();
2645 	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2646 		if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2647 			continue;
2648 		if (spp->smk_can_reuse != 1) {
2649 			rcu_read_unlock();
2650 			return;
2651 		}
2652 		spp->smk_port = port;
2653 		spp->smk_sock = sk;
2654 		spp->smk_in = ssp->smk_in;
2655 		spp->smk_out = ssp->smk_out;
2656 		spp->smk_can_reuse = 0;
2657 		rcu_read_unlock();
2658 		return;
2659 	}
2660 	rcu_read_unlock();
2661 	/*
2662 	 * A new port entry is required.
2663 	 */
2664 	spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2665 	if (spp == NULL)
2666 		return;
2667 
2668 	spp->smk_port = port;
2669 	spp->smk_sock = sk;
2670 	spp->smk_in = ssp->smk_in;
2671 	spp->smk_out = ssp->smk_out;
2672 	spp->smk_sock_type = sock->type;
2673 	spp->smk_can_reuse = 0;
2674 
2675 	mutex_lock(&smack_ipv6_lock);
2676 	list_add_rcu(&spp->list, &smk_ipv6_port_list);
2677 	mutex_unlock(&smack_ipv6_lock);
2678 	return;
2679 }
2680 
2681 /**
2682  * smk_ipv6_port_check - check Smack port access
2683  * @sock: socket
2684  * @address: address
2685  *
2686  * Create or update the port list entry
2687  */
2688 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2689 				int act)
2690 {
2691 	struct smk_port_label *spp;
2692 	struct socket_smack *ssp = sk->sk_security;
2693 	struct smack_known *skp = NULL;
2694 	unsigned short port;
2695 	struct smack_known *object;
2696 
2697 	if (act == SMK_RECEIVING) {
2698 		skp = smack_ipv6host_label(address);
2699 		object = ssp->smk_in;
2700 	} else {
2701 		skp = ssp->smk_out;
2702 		object = smack_ipv6host_label(address);
2703 	}
2704 
2705 	/*
2706 	 * The other end is a single label host.
2707 	 */
2708 	if (skp != NULL && object != NULL)
2709 		return smk_ipv6_check(skp, object, address, act);
2710 	if (skp == NULL)
2711 		skp = smack_net_ambient;
2712 	if (object == NULL)
2713 		object = smack_net_ambient;
2714 
2715 	/*
2716 	 * It's remote, so port lookup does no good.
2717 	 */
2718 	if (!smk_ipv6_localhost(address))
2719 		return smk_ipv6_check(skp, object, address, act);
2720 
2721 	/*
2722 	 * It's local so the send check has to have passed.
2723 	 */
2724 	if (act == SMK_RECEIVING)
2725 		return 0;
2726 
2727 	port = ntohs(address->sin6_port);
2728 	rcu_read_lock();
2729 	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2730 		if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2731 			continue;
2732 		object = spp->smk_in;
2733 		if (act == SMK_CONNECTING)
2734 			ssp->smk_packet = spp->smk_out;
2735 		break;
2736 	}
2737 	rcu_read_unlock();
2738 
2739 	return smk_ipv6_check(skp, object, address, act);
2740 }
2741 #endif /* SMACK_IPV6_PORT_LABELING */
2742 
2743 /**
2744  * smack_inode_setsecurity - set smack xattrs
2745  * @inode: the object
2746  * @name: attribute name
2747  * @value: attribute value
2748  * @size: size of the attribute
2749  * @flags: unused
2750  *
2751  * Sets the named attribute in the appropriate blob
2752  *
2753  * Returns 0 on success, or an error code
2754  */
2755 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2756 				   const void *value, size_t size, int flags)
2757 {
2758 	struct smack_known *skp;
2759 	struct inode_smack *nsp = inode->i_security;
2760 	struct socket_smack *ssp;
2761 	struct socket *sock;
2762 	int rc = 0;
2763 
2764 	if (value == NULL || size > SMK_LONGLABEL || size == 0)
2765 		return -EINVAL;
2766 
2767 	skp = smk_import_entry(value, size);
2768 	if (IS_ERR(skp))
2769 		return PTR_ERR(skp);
2770 
2771 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2772 		nsp->smk_inode = skp;
2773 		nsp->smk_flags |= SMK_INODE_INSTANT;
2774 		return 0;
2775 	}
2776 	/*
2777 	 * The rest of the Smack xattrs are only on sockets.
2778 	 */
2779 	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2780 		return -EOPNOTSUPP;
2781 
2782 	sock = SOCKET_I(inode);
2783 	if (sock == NULL || sock->sk == NULL)
2784 		return -EOPNOTSUPP;
2785 
2786 	ssp = sock->sk->sk_security;
2787 
2788 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2789 		ssp->smk_in = skp;
2790 	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2791 		ssp->smk_out = skp;
2792 		if (sock->sk->sk_family == PF_INET) {
2793 			rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2794 			if (rc != 0)
2795 				printk(KERN_WARNING
2796 					"Smack: \"%s\" netlbl error %d.\n",
2797 					__func__, -rc);
2798 		}
2799 	} else
2800 		return -EOPNOTSUPP;
2801 
2802 #ifdef SMACK_IPV6_PORT_LABELING
2803 	if (sock->sk->sk_family == PF_INET6)
2804 		smk_ipv6_port_label(sock, NULL);
2805 #endif
2806 
2807 	return 0;
2808 }
2809 
2810 /**
2811  * smack_socket_post_create - finish socket setup
2812  * @sock: the socket
2813  * @family: protocol family
2814  * @type: unused
2815  * @protocol: unused
2816  * @kern: unused
2817  *
2818  * Sets the netlabel information on the socket
2819  *
2820  * Returns 0 on success, and error code otherwise
2821  */
2822 static int smack_socket_post_create(struct socket *sock, int family,
2823 				    int type, int protocol, int kern)
2824 {
2825 	struct socket_smack *ssp;
2826 
2827 	if (sock->sk == NULL)
2828 		return 0;
2829 
2830 	/*
2831 	 * Sockets created by kernel threads receive web label.
2832 	 */
2833 	if (unlikely(current->flags & PF_KTHREAD)) {
2834 		ssp = sock->sk->sk_security;
2835 		ssp->smk_in = &smack_known_web;
2836 		ssp->smk_out = &smack_known_web;
2837 	}
2838 
2839 	if (family != PF_INET)
2840 		return 0;
2841 	/*
2842 	 * Set the outbound netlbl.
2843 	 */
2844 	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2845 }
2846 
2847 /**
2848  * smack_socket_socketpair - create socket pair
2849  * @socka: one socket
2850  * @sockb: another socket
2851  *
2852  * Cross reference the peer labels for SO_PEERSEC
2853  *
2854  * Returns 0 on success, and error code otherwise
2855  */
2856 static int smack_socket_socketpair(struct socket *socka,
2857 		                   struct socket *sockb)
2858 {
2859 	struct socket_smack *asp = socka->sk->sk_security;
2860 	struct socket_smack *bsp = sockb->sk->sk_security;
2861 
2862 	asp->smk_packet = bsp->smk_out;
2863 	bsp->smk_packet = asp->smk_out;
2864 
2865 	return 0;
2866 }
2867 
2868 #ifdef SMACK_IPV6_PORT_LABELING
2869 /**
2870  * smack_socket_bind - record port binding information.
2871  * @sock: the socket
2872  * @address: the port address
2873  * @addrlen: size of the address
2874  *
2875  * Records the label bound to a port.
2876  *
2877  * Returns 0
2878  */
2879 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2880 				int addrlen)
2881 {
2882 	if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2883 		smk_ipv6_port_label(sock, address);
2884 	return 0;
2885 }
2886 #endif /* SMACK_IPV6_PORT_LABELING */
2887 
2888 /**
2889  * smack_socket_connect - connect access check
2890  * @sock: the socket
2891  * @sap: the other end
2892  * @addrlen: size of sap
2893  *
2894  * Verifies that a connection may be possible
2895  *
2896  * Returns 0 on success, and error code otherwise
2897  */
2898 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2899 				int addrlen)
2900 {
2901 	int rc = 0;
2902 #if IS_ENABLED(CONFIG_IPV6)
2903 	struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2904 #endif
2905 #ifdef SMACK_IPV6_SECMARK_LABELING
2906 	struct smack_known *rsp;
2907 	struct socket_smack *ssp;
2908 #endif
2909 
2910 	if (sock->sk == NULL)
2911 		return 0;
2912 
2913 #ifdef SMACK_IPV6_SECMARK_LABELING
2914 	ssp = sock->sk->sk_security;
2915 #endif
2916 
2917 	switch (sock->sk->sk_family) {
2918 	case PF_INET:
2919 		if (addrlen < sizeof(struct sockaddr_in))
2920 			return -EINVAL;
2921 		rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2922 		break;
2923 	case PF_INET6:
2924 		if (addrlen < sizeof(struct sockaddr_in6))
2925 			return -EINVAL;
2926 #ifdef SMACK_IPV6_SECMARK_LABELING
2927 		rsp = smack_ipv6host_label(sip);
2928 		if (rsp != NULL)
2929 			rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2930 						SMK_CONNECTING);
2931 #endif
2932 #ifdef SMACK_IPV6_PORT_LABELING
2933 		rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2934 #endif
2935 		break;
2936 	}
2937 	return rc;
2938 }
2939 
2940 /**
2941  * smack_flags_to_may - convert S_ to MAY_ values
2942  * @flags: the S_ value
2943  *
2944  * Returns the equivalent MAY_ value
2945  */
2946 static int smack_flags_to_may(int flags)
2947 {
2948 	int may = 0;
2949 
2950 	if (flags & S_IRUGO)
2951 		may |= MAY_READ;
2952 	if (flags & S_IWUGO)
2953 		may |= MAY_WRITE;
2954 	if (flags & S_IXUGO)
2955 		may |= MAY_EXEC;
2956 
2957 	return may;
2958 }
2959 
2960 /**
2961  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2962  * @msg: the object
2963  *
2964  * Returns 0
2965  */
2966 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2967 {
2968 	struct smack_known *skp = smk_of_current();
2969 
2970 	msg->security = skp;
2971 	return 0;
2972 }
2973 
2974 /**
2975  * smack_msg_msg_free_security - Clear the security blob for msg_msg
2976  * @msg: the object
2977  *
2978  * Clears the blob pointer
2979  */
2980 static void smack_msg_msg_free_security(struct msg_msg *msg)
2981 {
2982 	msg->security = NULL;
2983 }
2984 
2985 /**
2986  * smack_of_ipc - the smack pointer for the ipc
2987  * @isp: the object
2988  *
2989  * Returns a pointer to the smack value
2990  */
2991 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
2992 {
2993 	return (struct smack_known *)isp->security;
2994 }
2995 
2996 /**
2997  * smack_ipc_alloc_security - Set the security blob for ipc
2998  * @isp: the object
2999  *
3000  * Returns 0
3001  */
3002 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
3003 {
3004 	struct smack_known *skp = smk_of_current();
3005 
3006 	isp->security = skp;
3007 	return 0;
3008 }
3009 
3010 /**
3011  * smack_ipc_free_security - Clear the security blob for ipc
3012  * @isp: the object
3013  *
3014  * Clears the blob pointer
3015  */
3016 static void smack_ipc_free_security(struct kern_ipc_perm *isp)
3017 {
3018 	isp->security = NULL;
3019 }
3020 
3021 /**
3022  * smk_curacc_shm : check if current has access on shm
3023  * @isp : the object
3024  * @access : access requested
3025  *
3026  * Returns 0 if current has the requested access, error code otherwise
3027  */
3028 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
3029 {
3030 	struct smack_known *ssp = smack_of_ipc(isp);
3031 	struct smk_audit_info ad;
3032 	int rc;
3033 
3034 #ifdef CONFIG_AUDIT
3035 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3036 	ad.a.u.ipc_id = isp->id;
3037 #endif
3038 	rc = smk_curacc(ssp, access, &ad);
3039 	rc = smk_bu_current("shm", ssp, access, rc);
3040 	return rc;
3041 }
3042 
3043 /**
3044  * smack_shm_associate - Smack access check for shm
3045  * @isp: the object
3046  * @shmflg: access requested
3047  *
3048  * Returns 0 if current has the requested access, error code otherwise
3049  */
3050 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
3051 {
3052 	int may;
3053 
3054 	may = smack_flags_to_may(shmflg);
3055 	return smk_curacc_shm(isp, may);
3056 }
3057 
3058 /**
3059  * smack_shm_shmctl - Smack access check for shm
3060  * @isp: the object
3061  * @cmd: what it wants to do
3062  *
3063  * Returns 0 if current has the requested access, error code otherwise
3064  */
3065 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
3066 {
3067 	int may;
3068 
3069 	switch (cmd) {
3070 	case IPC_STAT:
3071 	case SHM_STAT:
3072 	case SHM_STAT_ANY:
3073 		may = MAY_READ;
3074 		break;
3075 	case IPC_SET:
3076 	case SHM_LOCK:
3077 	case SHM_UNLOCK:
3078 	case IPC_RMID:
3079 		may = MAY_READWRITE;
3080 		break;
3081 	case IPC_INFO:
3082 	case SHM_INFO:
3083 		/*
3084 		 * System level information.
3085 		 */
3086 		return 0;
3087 	default:
3088 		return -EINVAL;
3089 	}
3090 	return smk_curacc_shm(isp, may);
3091 }
3092 
3093 /**
3094  * smack_shm_shmat - Smack access for shmat
3095  * @isp: the object
3096  * @shmaddr: unused
3097  * @shmflg: access requested
3098  *
3099  * Returns 0 if current has the requested access, error code otherwise
3100  */
3101 static int smack_shm_shmat(struct kern_ipc_perm *ipc, char __user *shmaddr,
3102 			   int shmflg)
3103 {
3104 	int may;
3105 
3106 	may = smack_flags_to_may(shmflg);
3107 	return smk_curacc_shm(ipc, may);
3108 }
3109 
3110 /**
3111  * smk_curacc_sem : check if current has access on sem
3112  * @isp : the object
3113  * @access : access requested
3114  *
3115  * Returns 0 if current has the requested access, error code otherwise
3116  */
3117 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3118 {
3119 	struct smack_known *ssp = smack_of_ipc(isp);
3120 	struct smk_audit_info ad;
3121 	int rc;
3122 
3123 #ifdef CONFIG_AUDIT
3124 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3125 	ad.a.u.ipc_id = isp->id;
3126 #endif
3127 	rc = smk_curacc(ssp, access, &ad);
3128 	rc = smk_bu_current("sem", ssp, access, rc);
3129 	return rc;
3130 }
3131 
3132 /**
3133  * smack_sem_associate - Smack access check for sem
3134  * @isp: the object
3135  * @semflg: access requested
3136  *
3137  * Returns 0 if current has the requested access, error code otherwise
3138  */
3139 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3140 {
3141 	int may;
3142 
3143 	may = smack_flags_to_may(semflg);
3144 	return smk_curacc_sem(isp, may);
3145 }
3146 
3147 /**
3148  * smack_sem_shmctl - Smack access check for sem
3149  * @isp: the object
3150  * @cmd: what it wants to do
3151  *
3152  * Returns 0 if current has the requested access, error code otherwise
3153  */
3154 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3155 {
3156 	int may;
3157 
3158 	switch (cmd) {
3159 	case GETPID:
3160 	case GETNCNT:
3161 	case GETZCNT:
3162 	case GETVAL:
3163 	case GETALL:
3164 	case IPC_STAT:
3165 	case SEM_STAT:
3166 	case SEM_STAT_ANY:
3167 		may = MAY_READ;
3168 		break;
3169 	case SETVAL:
3170 	case SETALL:
3171 	case IPC_RMID:
3172 	case IPC_SET:
3173 		may = MAY_READWRITE;
3174 		break;
3175 	case IPC_INFO:
3176 	case SEM_INFO:
3177 		/*
3178 		 * System level information
3179 		 */
3180 		return 0;
3181 	default:
3182 		return -EINVAL;
3183 	}
3184 
3185 	return smk_curacc_sem(isp, may);
3186 }
3187 
3188 /**
3189  * smack_sem_semop - Smack checks of semaphore operations
3190  * @isp: the object
3191  * @sops: unused
3192  * @nsops: unused
3193  * @alter: unused
3194  *
3195  * Treated as read and write in all cases.
3196  *
3197  * Returns 0 if access is allowed, error code otherwise
3198  */
3199 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3200 			   unsigned nsops, int alter)
3201 {
3202 	return smk_curacc_sem(isp, MAY_READWRITE);
3203 }
3204 
3205 /**
3206  * smk_curacc_msq : helper to check if current has access on msq
3207  * @isp : the msq
3208  * @access : access requested
3209  *
3210  * return 0 if current has access, error otherwise
3211  */
3212 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3213 {
3214 	struct smack_known *msp = smack_of_ipc(isp);
3215 	struct smk_audit_info ad;
3216 	int rc;
3217 
3218 #ifdef CONFIG_AUDIT
3219 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3220 	ad.a.u.ipc_id = isp->id;
3221 #endif
3222 	rc = smk_curacc(msp, access, &ad);
3223 	rc = smk_bu_current("msq", msp, access, rc);
3224 	return rc;
3225 }
3226 
3227 /**
3228  * smack_msg_queue_associate - Smack access check for msg_queue
3229  * @isp: the object
3230  * @msqflg: access requested
3231  *
3232  * Returns 0 if current has the requested access, error code otherwise
3233  */
3234 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3235 {
3236 	int may;
3237 
3238 	may = smack_flags_to_may(msqflg);
3239 	return smk_curacc_msq(isp, may);
3240 }
3241 
3242 /**
3243  * smack_msg_queue_msgctl - Smack access check for msg_queue
3244  * @isp: the object
3245  * @cmd: what it wants to do
3246  *
3247  * Returns 0 if current has the requested access, error code otherwise
3248  */
3249 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3250 {
3251 	int may;
3252 
3253 	switch (cmd) {
3254 	case IPC_STAT:
3255 	case MSG_STAT:
3256 	case MSG_STAT_ANY:
3257 		may = MAY_READ;
3258 		break;
3259 	case IPC_SET:
3260 	case IPC_RMID:
3261 		may = MAY_READWRITE;
3262 		break;
3263 	case IPC_INFO:
3264 	case MSG_INFO:
3265 		/*
3266 		 * System level information
3267 		 */
3268 		return 0;
3269 	default:
3270 		return -EINVAL;
3271 	}
3272 
3273 	return smk_curacc_msq(isp, may);
3274 }
3275 
3276 /**
3277  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3278  * @isp: the object
3279  * @msg: unused
3280  * @msqflg: access requested
3281  *
3282  * Returns 0 if current has the requested access, error code otherwise
3283  */
3284 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3285 				  int msqflg)
3286 {
3287 	int may;
3288 
3289 	may = smack_flags_to_may(msqflg);
3290 	return smk_curacc_msq(isp, may);
3291 }
3292 
3293 /**
3294  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3295  * @isp: the object
3296  * @msg: unused
3297  * @target: unused
3298  * @type: unused
3299  * @mode: unused
3300  *
3301  * Returns 0 if current has read and write access, error code otherwise
3302  */
3303 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
3304 			struct task_struct *target, long type, int mode)
3305 {
3306 	return smk_curacc_msq(isp, MAY_READWRITE);
3307 }
3308 
3309 /**
3310  * smack_ipc_permission - Smack access for ipc_permission()
3311  * @ipp: the object permissions
3312  * @flag: access requested
3313  *
3314  * Returns 0 if current has read and write access, error code otherwise
3315  */
3316 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3317 {
3318 	struct smack_known *iskp = ipp->security;
3319 	int may = smack_flags_to_may(flag);
3320 	struct smk_audit_info ad;
3321 	int rc;
3322 
3323 #ifdef CONFIG_AUDIT
3324 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3325 	ad.a.u.ipc_id = ipp->id;
3326 #endif
3327 	rc = smk_curacc(iskp, may, &ad);
3328 	rc = smk_bu_current("svipc", iskp, may, rc);
3329 	return rc;
3330 }
3331 
3332 /**
3333  * smack_ipc_getsecid - Extract smack security id
3334  * @ipp: the object permissions
3335  * @secid: where result will be saved
3336  */
3337 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3338 {
3339 	struct smack_known *iskp = ipp->security;
3340 
3341 	*secid = iskp->smk_secid;
3342 }
3343 
3344 /**
3345  * smack_d_instantiate - Make sure the blob is correct on an inode
3346  * @opt_dentry: dentry where inode will be attached
3347  * @inode: the object
3348  *
3349  * Set the inode's security blob if it hasn't been done already.
3350  */
3351 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3352 {
3353 	struct super_block *sbp;
3354 	struct superblock_smack *sbsp;
3355 	struct inode_smack *isp;
3356 	struct smack_known *skp;
3357 	struct smack_known *ckp = smk_of_current();
3358 	struct smack_known *final;
3359 	char trattr[TRANS_TRUE_SIZE];
3360 	int transflag = 0;
3361 	int rc;
3362 	struct dentry *dp;
3363 
3364 	if (inode == NULL)
3365 		return;
3366 
3367 	isp = inode->i_security;
3368 
3369 	mutex_lock(&isp->smk_lock);
3370 	/*
3371 	 * If the inode is already instantiated
3372 	 * take the quick way out
3373 	 */
3374 	if (isp->smk_flags & SMK_INODE_INSTANT)
3375 		goto unlockandout;
3376 
3377 	sbp = inode->i_sb;
3378 	sbsp = sbp->s_security;
3379 	/*
3380 	 * We're going to use the superblock default label
3381 	 * if there's no label on the file.
3382 	 */
3383 	final = sbsp->smk_default;
3384 
3385 	/*
3386 	 * If this is the root inode the superblock
3387 	 * may be in the process of initialization.
3388 	 * If that is the case use the root value out
3389 	 * of the superblock.
3390 	 */
3391 	if (opt_dentry->d_parent == opt_dentry) {
3392 		switch (sbp->s_magic) {
3393 		case CGROUP_SUPER_MAGIC:
3394 		case CGROUP2_SUPER_MAGIC:
3395 			/*
3396 			 * The cgroup filesystem is never mounted,
3397 			 * so there's no opportunity to set the mount
3398 			 * options.
3399 			 */
3400 			sbsp->smk_root = &smack_known_star;
3401 			sbsp->smk_default = &smack_known_star;
3402 			isp->smk_inode = sbsp->smk_root;
3403 			break;
3404 		case TMPFS_MAGIC:
3405 			/*
3406 			 * What about shmem/tmpfs anonymous files with dentry
3407 			 * obtained from d_alloc_pseudo()?
3408 			 */
3409 			isp->smk_inode = smk_of_current();
3410 			break;
3411 		case PIPEFS_MAGIC:
3412 			isp->smk_inode = smk_of_current();
3413 			break;
3414 		case SOCKFS_MAGIC:
3415 			/*
3416 			 * Socket access is controlled by the socket
3417 			 * structures associated with the task involved.
3418 			 */
3419 			isp->smk_inode = &smack_known_star;
3420 			break;
3421 		default:
3422 			isp->smk_inode = sbsp->smk_root;
3423 			break;
3424 		}
3425 		isp->smk_flags |= SMK_INODE_INSTANT;
3426 		goto unlockandout;
3427 	}
3428 
3429 	/*
3430 	 * This is pretty hackish.
3431 	 * Casey says that we shouldn't have to do
3432 	 * file system specific code, but it does help
3433 	 * with keeping it simple.
3434 	 */
3435 	switch (sbp->s_magic) {
3436 	case SMACK_MAGIC:
3437 	case CGROUP_SUPER_MAGIC:
3438 	case CGROUP2_SUPER_MAGIC:
3439 		/*
3440 		 * Casey says that it's a little embarrassing
3441 		 * that the smack file system doesn't do
3442 		 * extended attributes.
3443 		 *
3444 		 * Cgroupfs is special
3445 		 */
3446 		final = &smack_known_star;
3447 		break;
3448 	case DEVPTS_SUPER_MAGIC:
3449 		/*
3450 		 * devpts seems content with the label of the task.
3451 		 * Programs that change smack have to treat the
3452 		 * pty with respect.
3453 		 */
3454 		final = ckp;
3455 		break;
3456 	case PROC_SUPER_MAGIC:
3457 		/*
3458 		 * Casey says procfs appears not to care.
3459 		 * The superblock default suffices.
3460 		 */
3461 		break;
3462 	case TMPFS_MAGIC:
3463 		/*
3464 		 * Device labels should come from the filesystem,
3465 		 * but watch out, because they're volitile,
3466 		 * getting recreated on every reboot.
3467 		 */
3468 		final = &smack_known_star;
3469 		/*
3470 		 * No break.
3471 		 *
3472 		 * If a smack value has been set we want to use it,
3473 		 * but since tmpfs isn't giving us the opportunity
3474 		 * to set mount options simulate setting the
3475 		 * superblock default.
3476 		 */
3477 	default:
3478 		/*
3479 		 * This isn't an understood special case.
3480 		 * Get the value from the xattr.
3481 		 */
3482 
3483 		/*
3484 		 * UNIX domain sockets use lower level socket data.
3485 		 */
3486 		if (S_ISSOCK(inode->i_mode)) {
3487 			final = &smack_known_star;
3488 			break;
3489 		}
3490 		/*
3491 		 * No xattr support means, alas, no SMACK label.
3492 		 * Use the aforeapplied default.
3493 		 * It would be curious if the label of the task
3494 		 * does not match that assigned.
3495 		 */
3496 		if (!(inode->i_opflags & IOP_XATTR))
3497 		        break;
3498 		/*
3499 		 * Get the dentry for xattr.
3500 		 */
3501 		dp = dget(opt_dentry);
3502 		skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3503 		if (!IS_ERR_OR_NULL(skp))
3504 			final = skp;
3505 
3506 		/*
3507 		 * Transmuting directory
3508 		 */
3509 		if (S_ISDIR(inode->i_mode)) {
3510 			/*
3511 			 * If this is a new directory and the label was
3512 			 * transmuted when the inode was initialized
3513 			 * set the transmute attribute on the directory
3514 			 * and mark the inode.
3515 			 *
3516 			 * If there is a transmute attribute on the
3517 			 * directory mark the inode.
3518 			 */
3519 			if (isp->smk_flags & SMK_INODE_CHANGED) {
3520 				isp->smk_flags &= ~SMK_INODE_CHANGED;
3521 				rc = __vfs_setxattr(dp, inode,
3522 					XATTR_NAME_SMACKTRANSMUTE,
3523 					TRANS_TRUE, TRANS_TRUE_SIZE,
3524 					0);
3525 			} else {
3526 				rc = __vfs_getxattr(dp, inode,
3527 					XATTR_NAME_SMACKTRANSMUTE, trattr,
3528 					TRANS_TRUE_SIZE);
3529 				if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3530 						       TRANS_TRUE_SIZE) != 0)
3531 					rc = -EINVAL;
3532 			}
3533 			if (rc >= 0)
3534 				transflag = SMK_INODE_TRANSMUTE;
3535 		}
3536 		/*
3537 		 * Don't let the exec or mmap label be "*" or "@".
3538 		 */
3539 		skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3540 		if (IS_ERR(skp) || skp == &smack_known_star ||
3541 		    skp == &smack_known_web)
3542 			skp = NULL;
3543 		isp->smk_task = skp;
3544 
3545 		skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3546 		if (IS_ERR(skp) || skp == &smack_known_star ||
3547 		    skp == &smack_known_web)
3548 			skp = NULL;
3549 		isp->smk_mmap = skp;
3550 
3551 		dput(dp);
3552 		break;
3553 	}
3554 
3555 	if (final == NULL)
3556 		isp->smk_inode = ckp;
3557 	else
3558 		isp->smk_inode = final;
3559 
3560 	isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3561 
3562 unlockandout:
3563 	mutex_unlock(&isp->smk_lock);
3564 	return;
3565 }
3566 
3567 /**
3568  * smack_getprocattr - Smack process attribute access
3569  * @p: the object task
3570  * @name: the name of the attribute in /proc/.../attr
3571  * @value: where to put the result
3572  *
3573  * Places a copy of the task Smack into value
3574  *
3575  * Returns the length of the smack label or an error code
3576  */
3577 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3578 {
3579 	struct smack_known *skp = smk_of_task_struct(p);
3580 	char *cp;
3581 	int slen;
3582 
3583 	if (strcmp(name, "current") != 0)
3584 		return -EINVAL;
3585 
3586 	cp = kstrdup(skp->smk_known, GFP_KERNEL);
3587 	if (cp == NULL)
3588 		return -ENOMEM;
3589 
3590 	slen = strlen(cp);
3591 	*value = cp;
3592 	return slen;
3593 }
3594 
3595 /**
3596  * smack_setprocattr - Smack process attribute setting
3597  * @name: the name of the attribute in /proc/.../attr
3598  * @value: the value to set
3599  * @size: the size of the value
3600  *
3601  * Sets the Smack value of the task. Only setting self
3602  * is permitted and only with privilege
3603  *
3604  * Returns the length of the smack label or an error code
3605  */
3606 static int smack_setprocattr(const char *name, void *value, size_t size)
3607 {
3608 	struct task_smack *tsp = current_security();
3609 	struct cred *new;
3610 	struct smack_known *skp;
3611 	struct smack_known_list_elem *sklep;
3612 	int rc;
3613 
3614 	if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3615 		return -EPERM;
3616 
3617 	if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3618 		return -EINVAL;
3619 
3620 	if (strcmp(name, "current") != 0)
3621 		return -EINVAL;
3622 
3623 	skp = smk_import_entry(value, size);
3624 	if (IS_ERR(skp))
3625 		return PTR_ERR(skp);
3626 
3627 	/*
3628 	 * No process is ever allowed the web ("@") label
3629 	 * and the star ("*") label.
3630 	 */
3631 	if (skp == &smack_known_web || skp == &smack_known_star)
3632 		return -EINVAL;
3633 
3634 	if (!smack_privileged(CAP_MAC_ADMIN)) {
3635 		rc = -EPERM;
3636 		list_for_each_entry(sklep, &tsp->smk_relabel, list)
3637 			if (sklep->smk_label == skp) {
3638 				rc = 0;
3639 				break;
3640 			}
3641 		if (rc)
3642 			return rc;
3643 	}
3644 
3645 	new = prepare_creds();
3646 	if (new == NULL)
3647 		return -ENOMEM;
3648 
3649 	tsp = new->security;
3650 	tsp->smk_task = skp;
3651 	/*
3652 	 * process can change its label only once
3653 	 */
3654 	smk_destroy_label_list(&tsp->smk_relabel);
3655 
3656 	commit_creds(new);
3657 	return size;
3658 }
3659 
3660 /**
3661  * smack_unix_stream_connect - Smack access on UDS
3662  * @sock: one sock
3663  * @other: the other sock
3664  * @newsk: unused
3665  *
3666  * Return 0 if a subject with the smack of sock could access
3667  * an object with the smack of other, otherwise an error code
3668  */
3669 static int smack_unix_stream_connect(struct sock *sock,
3670 				     struct sock *other, struct sock *newsk)
3671 {
3672 	struct smack_known *skp;
3673 	struct smack_known *okp;
3674 	struct socket_smack *ssp = sock->sk_security;
3675 	struct socket_smack *osp = other->sk_security;
3676 	struct socket_smack *nsp = newsk->sk_security;
3677 	struct smk_audit_info ad;
3678 	int rc = 0;
3679 #ifdef CONFIG_AUDIT
3680 	struct lsm_network_audit net;
3681 #endif
3682 
3683 	if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3684 		skp = ssp->smk_out;
3685 		okp = osp->smk_in;
3686 #ifdef CONFIG_AUDIT
3687 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3688 		smk_ad_setfield_u_net_sk(&ad, other);
3689 #endif
3690 		rc = smk_access(skp, okp, MAY_WRITE, &ad);
3691 		rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3692 		if (rc == 0) {
3693 			okp = osp->smk_out;
3694 			skp = ssp->smk_in;
3695 			rc = smk_access(okp, skp, MAY_WRITE, &ad);
3696 			rc = smk_bu_note("UDS connect", okp, skp,
3697 						MAY_WRITE, rc);
3698 		}
3699 	}
3700 
3701 	/*
3702 	 * Cross reference the peer labels for SO_PEERSEC.
3703 	 */
3704 	if (rc == 0) {
3705 		nsp->smk_packet = ssp->smk_out;
3706 		ssp->smk_packet = osp->smk_out;
3707 	}
3708 
3709 	return rc;
3710 }
3711 
3712 /**
3713  * smack_unix_may_send - Smack access on UDS
3714  * @sock: one socket
3715  * @other: the other socket
3716  *
3717  * Return 0 if a subject with the smack of sock could access
3718  * an object with the smack of other, otherwise an error code
3719  */
3720 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3721 {
3722 	struct socket_smack *ssp = sock->sk->sk_security;
3723 	struct socket_smack *osp = other->sk->sk_security;
3724 	struct smk_audit_info ad;
3725 	int rc;
3726 
3727 #ifdef CONFIG_AUDIT
3728 	struct lsm_network_audit net;
3729 
3730 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3731 	smk_ad_setfield_u_net_sk(&ad, other->sk);
3732 #endif
3733 
3734 	if (smack_privileged(CAP_MAC_OVERRIDE))
3735 		return 0;
3736 
3737 	rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3738 	rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3739 	return rc;
3740 }
3741 
3742 /**
3743  * smack_socket_sendmsg - Smack check based on destination host
3744  * @sock: the socket
3745  * @msg: the message
3746  * @size: the size of the message
3747  *
3748  * Return 0 if the current subject can write to the destination host.
3749  * For IPv4 this is only a question if the destination is a single label host.
3750  * For IPv6 this is a check against the label of the port.
3751  */
3752 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3753 				int size)
3754 {
3755 	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3756 #if IS_ENABLED(CONFIG_IPV6)
3757 	struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3758 #endif
3759 #ifdef SMACK_IPV6_SECMARK_LABELING
3760 	struct socket_smack *ssp = sock->sk->sk_security;
3761 	struct smack_known *rsp;
3762 #endif
3763 	int rc = 0;
3764 
3765 	/*
3766 	 * Perfectly reasonable for this to be NULL
3767 	 */
3768 	if (sip == NULL)
3769 		return 0;
3770 
3771 	switch (sock->sk->sk_family) {
3772 	case AF_INET:
3773 		rc = smack_netlabel_send(sock->sk, sip);
3774 		break;
3775 	case AF_INET6:
3776 #ifdef SMACK_IPV6_SECMARK_LABELING
3777 		rsp = smack_ipv6host_label(sap);
3778 		if (rsp != NULL)
3779 			rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3780 						SMK_CONNECTING);
3781 #endif
3782 #ifdef SMACK_IPV6_PORT_LABELING
3783 		rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3784 #endif
3785 		break;
3786 	}
3787 	return rc;
3788 }
3789 
3790 /**
3791  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3792  * @sap: netlabel secattr
3793  * @ssp: socket security information
3794  *
3795  * Returns a pointer to a Smack label entry found on the label list.
3796  */
3797 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3798 						struct socket_smack *ssp)
3799 {
3800 	struct smack_known *skp;
3801 	int found = 0;
3802 	int acat;
3803 	int kcat;
3804 
3805 	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3806 		/*
3807 		 * Looks like a CIPSO packet.
3808 		 * If there are flags but no level netlabel isn't
3809 		 * behaving the way we expect it to.
3810 		 *
3811 		 * Look it up in the label table
3812 		 * Without guidance regarding the smack value
3813 		 * for the packet fall back on the network
3814 		 * ambient value.
3815 		 */
3816 		rcu_read_lock();
3817 		list_for_each_entry_rcu(skp, &smack_known_list, list) {
3818 			if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3819 				continue;
3820 			/*
3821 			 * Compare the catsets. Use the netlbl APIs.
3822 			 */
3823 			if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3824 				if ((skp->smk_netlabel.flags &
3825 				     NETLBL_SECATTR_MLS_CAT) == 0)
3826 					found = 1;
3827 				break;
3828 			}
3829 			for (acat = -1, kcat = -1; acat == kcat; ) {
3830 				acat = netlbl_catmap_walk(sap->attr.mls.cat,
3831 							  acat + 1);
3832 				kcat = netlbl_catmap_walk(
3833 					skp->smk_netlabel.attr.mls.cat,
3834 					kcat + 1);
3835 				if (acat < 0 || kcat < 0)
3836 					break;
3837 			}
3838 			if (acat == kcat) {
3839 				found = 1;
3840 				break;
3841 			}
3842 		}
3843 		rcu_read_unlock();
3844 
3845 		if (found)
3846 			return skp;
3847 
3848 		if (ssp != NULL && ssp->smk_in == &smack_known_star)
3849 			return &smack_known_web;
3850 		return &smack_known_star;
3851 	}
3852 	if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3853 		/*
3854 		 * Looks like a fallback, which gives us a secid.
3855 		 */
3856 		return smack_from_secid(sap->attr.secid);
3857 	/*
3858 	 * Without guidance regarding the smack value
3859 	 * for the packet fall back on the network
3860 	 * ambient value.
3861 	 */
3862 	return smack_net_ambient;
3863 }
3864 
3865 #if IS_ENABLED(CONFIG_IPV6)
3866 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3867 {
3868 	u8 nexthdr;
3869 	int offset;
3870 	int proto = -EINVAL;
3871 	struct ipv6hdr _ipv6h;
3872 	struct ipv6hdr *ip6;
3873 	__be16 frag_off;
3874 	struct tcphdr _tcph, *th;
3875 	struct udphdr _udph, *uh;
3876 	struct dccp_hdr _dccph, *dh;
3877 
3878 	sip->sin6_port = 0;
3879 
3880 	offset = skb_network_offset(skb);
3881 	ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3882 	if (ip6 == NULL)
3883 		return -EINVAL;
3884 	sip->sin6_addr = ip6->saddr;
3885 
3886 	nexthdr = ip6->nexthdr;
3887 	offset += sizeof(_ipv6h);
3888 	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3889 	if (offset < 0)
3890 		return -EINVAL;
3891 
3892 	proto = nexthdr;
3893 	switch (proto) {
3894 	case IPPROTO_TCP:
3895 		th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3896 		if (th != NULL)
3897 			sip->sin6_port = th->source;
3898 		break;
3899 	case IPPROTO_UDP:
3900 	case IPPROTO_UDPLITE:
3901 		uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3902 		if (uh != NULL)
3903 			sip->sin6_port = uh->source;
3904 		break;
3905 	case IPPROTO_DCCP:
3906 		dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3907 		if (dh != NULL)
3908 			sip->sin6_port = dh->dccph_sport;
3909 		break;
3910 	}
3911 	return proto;
3912 }
3913 #endif /* CONFIG_IPV6 */
3914 
3915 /**
3916  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3917  * @sk: socket
3918  * @skb: packet
3919  *
3920  * Returns 0 if the packet should be delivered, an error code otherwise
3921  */
3922 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3923 {
3924 	struct netlbl_lsm_secattr secattr;
3925 	struct socket_smack *ssp = sk->sk_security;
3926 	struct smack_known *skp = NULL;
3927 	int rc = 0;
3928 	struct smk_audit_info ad;
3929 	u16 family = sk->sk_family;
3930 #ifdef CONFIG_AUDIT
3931 	struct lsm_network_audit net;
3932 #endif
3933 #if IS_ENABLED(CONFIG_IPV6)
3934 	struct sockaddr_in6 sadd;
3935 	int proto;
3936 
3937 	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3938 		family = PF_INET;
3939 #endif /* CONFIG_IPV6 */
3940 
3941 	switch (family) {
3942 	case PF_INET:
3943 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3944 		/*
3945 		 * If there is a secmark use it rather than the CIPSO label.
3946 		 * If there is no secmark fall back to CIPSO.
3947 		 * The secmark is assumed to reflect policy better.
3948 		 */
3949 		if (skb && skb->secmark != 0) {
3950 			skp = smack_from_secid(skb->secmark);
3951 			goto access_check;
3952 		}
3953 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3954 		/*
3955 		 * Translate what netlabel gave us.
3956 		 */
3957 		netlbl_secattr_init(&secattr);
3958 
3959 		rc = netlbl_skbuff_getattr(skb, family, &secattr);
3960 		if (rc == 0)
3961 			skp = smack_from_secattr(&secattr, ssp);
3962 		else
3963 			skp = smack_net_ambient;
3964 
3965 		netlbl_secattr_destroy(&secattr);
3966 
3967 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3968 access_check:
3969 #endif
3970 #ifdef CONFIG_AUDIT
3971 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3972 		ad.a.u.net->family = family;
3973 		ad.a.u.net->netif = skb->skb_iif;
3974 		ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3975 #endif
3976 		/*
3977 		 * Receiving a packet requires that the other end
3978 		 * be able to write here. Read access is not required.
3979 		 * This is the simplist possible security model
3980 		 * for networking.
3981 		 */
3982 		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3983 		rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3984 					MAY_WRITE, rc);
3985 		if (rc != 0)
3986 			netlbl_skbuff_err(skb, family, rc, 0);
3987 		break;
3988 #if IS_ENABLED(CONFIG_IPV6)
3989 	case PF_INET6:
3990 		proto = smk_skb_to_addr_ipv6(skb, &sadd);
3991 		if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3992 		    proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
3993 			break;
3994 #ifdef SMACK_IPV6_SECMARK_LABELING
3995 		if (skb && skb->secmark != 0)
3996 			skp = smack_from_secid(skb->secmark);
3997 		else
3998 			skp = smack_ipv6host_label(&sadd);
3999 		if (skp == NULL)
4000 			skp = smack_net_ambient;
4001 #ifdef CONFIG_AUDIT
4002 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4003 		ad.a.u.net->family = family;
4004 		ad.a.u.net->netif = skb->skb_iif;
4005 		ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4006 #endif /* CONFIG_AUDIT */
4007 		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4008 		rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4009 					MAY_WRITE, rc);
4010 #endif /* SMACK_IPV6_SECMARK_LABELING */
4011 #ifdef SMACK_IPV6_PORT_LABELING
4012 		rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
4013 #endif /* SMACK_IPV6_PORT_LABELING */
4014 		if (rc != 0)
4015 			icmpv6_send(skb, ICMPV6_DEST_UNREACH,
4016 					ICMPV6_ADM_PROHIBITED, 0);
4017 		break;
4018 #endif /* CONFIG_IPV6 */
4019 	}
4020 
4021 	return rc;
4022 }
4023 
4024 /**
4025  * smack_socket_getpeersec_stream - pull in packet label
4026  * @sock: the socket
4027  * @optval: user's destination
4028  * @optlen: size thereof
4029  * @len: max thereof
4030  *
4031  * returns zero on success, an error code otherwise
4032  */
4033 static int smack_socket_getpeersec_stream(struct socket *sock,
4034 					  char __user *optval,
4035 					  int __user *optlen, unsigned len)
4036 {
4037 	struct socket_smack *ssp;
4038 	char *rcp = "";
4039 	int slen = 1;
4040 	int rc = 0;
4041 
4042 	ssp = sock->sk->sk_security;
4043 	if (ssp->smk_packet != NULL) {
4044 		rcp = ssp->smk_packet->smk_known;
4045 		slen = strlen(rcp) + 1;
4046 	}
4047 
4048 	if (slen > len)
4049 		rc = -ERANGE;
4050 	else if (copy_to_user(optval, rcp, slen) != 0)
4051 		rc = -EFAULT;
4052 
4053 	if (put_user(slen, optlen) != 0)
4054 		rc = -EFAULT;
4055 
4056 	return rc;
4057 }
4058 
4059 
4060 /**
4061  * smack_socket_getpeersec_dgram - pull in packet label
4062  * @sock: the peer socket
4063  * @skb: packet data
4064  * @secid: pointer to where to put the secid of the packet
4065  *
4066  * Sets the netlabel socket state on sk from parent
4067  */
4068 static int smack_socket_getpeersec_dgram(struct socket *sock,
4069 					 struct sk_buff *skb, u32 *secid)
4070 
4071 {
4072 	struct netlbl_lsm_secattr secattr;
4073 	struct socket_smack *ssp = NULL;
4074 	struct smack_known *skp;
4075 	int family = PF_UNSPEC;
4076 	u32 s = 0;	/* 0 is the invalid secid */
4077 	int rc;
4078 
4079 	if (skb != NULL) {
4080 		if (skb->protocol == htons(ETH_P_IP))
4081 			family = PF_INET;
4082 #if IS_ENABLED(CONFIG_IPV6)
4083 		else if (skb->protocol == htons(ETH_P_IPV6))
4084 			family = PF_INET6;
4085 #endif /* CONFIG_IPV6 */
4086 	}
4087 	if (family == PF_UNSPEC && sock != NULL)
4088 		family = sock->sk->sk_family;
4089 
4090 	switch (family) {
4091 	case PF_UNIX:
4092 		ssp = sock->sk->sk_security;
4093 		s = ssp->smk_out->smk_secid;
4094 		break;
4095 	case PF_INET:
4096 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4097 		s = skb->secmark;
4098 		if (s != 0)
4099 			break;
4100 #endif
4101 		/*
4102 		 * Translate what netlabel gave us.
4103 		 */
4104 		if (sock != NULL && sock->sk != NULL)
4105 			ssp = sock->sk->sk_security;
4106 		netlbl_secattr_init(&secattr);
4107 		rc = netlbl_skbuff_getattr(skb, family, &secattr);
4108 		if (rc == 0) {
4109 			skp = smack_from_secattr(&secattr, ssp);
4110 			s = skp->smk_secid;
4111 		}
4112 		netlbl_secattr_destroy(&secattr);
4113 		break;
4114 	case PF_INET6:
4115 #ifdef SMACK_IPV6_SECMARK_LABELING
4116 		s = skb->secmark;
4117 #endif
4118 		break;
4119 	}
4120 	*secid = s;
4121 	if (s == 0)
4122 		return -EINVAL;
4123 	return 0;
4124 }
4125 
4126 /**
4127  * smack_sock_graft - Initialize a newly created socket with an existing sock
4128  * @sk: child sock
4129  * @parent: parent socket
4130  *
4131  * Set the smk_{in,out} state of an existing sock based on the process that
4132  * is creating the new socket.
4133  */
4134 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4135 {
4136 	struct socket_smack *ssp;
4137 	struct smack_known *skp = smk_of_current();
4138 
4139 	if (sk == NULL ||
4140 	    (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4141 		return;
4142 
4143 	ssp = sk->sk_security;
4144 	ssp->smk_in = skp;
4145 	ssp->smk_out = skp;
4146 	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
4147 }
4148 
4149 /**
4150  * smack_inet_conn_request - Smack access check on connect
4151  * @sk: socket involved
4152  * @skb: packet
4153  * @req: unused
4154  *
4155  * Returns 0 if a task with the packet label could write to
4156  * the socket, otherwise an error code
4157  */
4158 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4159 				   struct request_sock *req)
4160 {
4161 	u16 family = sk->sk_family;
4162 	struct smack_known *skp;
4163 	struct socket_smack *ssp = sk->sk_security;
4164 	struct netlbl_lsm_secattr secattr;
4165 	struct sockaddr_in addr;
4166 	struct iphdr *hdr;
4167 	struct smack_known *hskp;
4168 	int rc;
4169 	struct smk_audit_info ad;
4170 #ifdef CONFIG_AUDIT
4171 	struct lsm_network_audit net;
4172 #endif
4173 
4174 #if IS_ENABLED(CONFIG_IPV6)
4175 	if (family == PF_INET6) {
4176 		/*
4177 		 * Handle mapped IPv4 packets arriving
4178 		 * via IPv6 sockets. Don't set up netlabel
4179 		 * processing on IPv6.
4180 		 */
4181 		if (skb->protocol == htons(ETH_P_IP))
4182 			family = PF_INET;
4183 		else
4184 			return 0;
4185 	}
4186 #endif /* CONFIG_IPV6 */
4187 
4188 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4189 	/*
4190 	 * If there is a secmark use it rather than the CIPSO label.
4191 	 * If there is no secmark fall back to CIPSO.
4192 	 * The secmark is assumed to reflect policy better.
4193 	 */
4194 	if (skb && skb->secmark != 0) {
4195 		skp = smack_from_secid(skb->secmark);
4196 		goto access_check;
4197 	}
4198 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4199 
4200 	netlbl_secattr_init(&secattr);
4201 	rc = netlbl_skbuff_getattr(skb, family, &secattr);
4202 	if (rc == 0)
4203 		skp = smack_from_secattr(&secattr, ssp);
4204 	else
4205 		skp = &smack_known_huh;
4206 	netlbl_secattr_destroy(&secattr);
4207 
4208 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4209 access_check:
4210 #endif
4211 
4212 #ifdef CONFIG_AUDIT
4213 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4214 	ad.a.u.net->family = family;
4215 	ad.a.u.net->netif = skb->skb_iif;
4216 	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4217 #endif
4218 	/*
4219 	 * Receiving a packet requires that the other end be able to write
4220 	 * here. Read access is not required.
4221 	 */
4222 	rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4223 	rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4224 	if (rc != 0)
4225 		return rc;
4226 
4227 	/*
4228 	 * Save the peer's label in the request_sock so we can later setup
4229 	 * smk_packet in the child socket so that SO_PEERCRED can report it.
4230 	 */
4231 	req->peer_secid = skp->smk_secid;
4232 
4233 	/*
4234 	 * We need to decide if we want to label the incoming connection here
4235 	 * if we do we only need to label the request_sock and the stack will
4236 	 * propagate the wire-label to the sock when it is created.
4237 	 */
4238 	hdr = ip_hdr(skb);
4239 	addr.sin_addr.s_addr = hdr->saddr;
4240 	rcu_read_lock();
4241 	hskp = smack_ipv4host_label(&addr);
4242 	rcu_read_unlock();
4243 
4244 	if (hskp == NULL)
4245 		rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4246 	else
4247 		netlbl_req_delattr(req);
4248 
4249 	return rc;
4250 }
4251 
4252 /**
4253  * smack_inet_csk_clone - Copy the connection information to the new socket
4254  * @sk: the new socket
4255  * @req: the connection's request_sock
4256  *
4257  * Transfer the connection's peer label to the newly created socket.
4258  */
4259 static void smack_inet_csk_clone(struct sock *sk,
4260 				 const struct request_sock *req)
4261 {
4262 	struct socket_smack *ssp = sk->sk_security;
4263 	struct smack_known *skp;
4264 
4265 	if (req->peer_secid != 0) {
4266 		skp = smack_from_secid(req->peer_secid);
4267 		ssp->smk_packet = skp;
4268 	} else
4269 		ssp->smk_packet = NULL;
4270 }
4271 
4272 /*
4273  * Key management security hooks
4274  *
4275  * Casey has not tested key support very heavily.
4276  * The permission check is most likely too restrictive.
4277  * If you care about keys please have a look.
4278  */
4279 #ifdef CONFIG_KEYS
4280 
4281 /**
4282  * smack_key_alloc - Set the key security blob
4283  * @key: object
4284  * @cred: the credentials to use
4285  * @flags: unused
4286  *
4287  * No allocation required
4288  *
4289  * Returns 0
4290  */
4291 static int smack_key_alloc(struct key *key, const struct cred *cred,
4292 			   unsigned long flags)
4293 {
4294 	struct smack_known *skp = smk_of_task(cred->security);
4295 
4296 	key->security = skp;
4297 	return 0;
4298 }
4299 
4300 /**
4301  * smack_key_free - Clear the key security blob
4302  * @key: the object
4303  *
4304  * Clear the blob pointer
4305  */
4306 static void smack_key_free(struct key *key)
4307 {
4308 	key->security = NULL;
4309 }
4310 
4311 /**
4312  * smack_key_permission - Smack access on a key
4313  * @key_ref: gets to the object
4314  * @cred: the credentials to use
4315  * @perm: requested key permissions
4316  *
4317  * Return 0 if the task has read and write to the object,
4318  * an error code otherwise
4319  */
4320 static int smack_key_permission(key_ref_t key_ref,
4321 				const struct cred *cred, unsigned perm)
4322 {
4323 	struct key *keyp;
4324 	struct smk_audit_info ad;
4325 	struct smack_known *tkp = smk_of_task(cred->security);
4326 	int request = 0;
4327 	int rc;
4328 
4329 	keyp = key_ref_to_ptr(key_ref);
4330 	if (keyp == NULL)
4331 		return -EINVAL;
4332 	/*
4333 	 * If the key hasn't been initialized give it access so that
4334 	 * it may do so.
4335 	 */
4336 	if (keyp->security == NULL)
4337 		return 0;
4338 	/*
4339 	 * This should not occur
4340 	 */
4341 	if (tkp == NULL)
4342 		return -EACCES;
4343 
4344 	if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4345 		return 0;
4346 
4347 #ifdef CONFIG_AUDIT
4348 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4349 	ad.a.u.key_struct.key = keyp->serial;
4350 	ad.a.u.key_struct.key_desc = keyp->description;
4351 #endif
4352 	if (perm & KEY_NEED_READ)
4353 		request = MAY_READ;
4354 	if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4355 		request = MAY_WRITE;
4356 	rc = smk_access(tkp, keyp->security, request, &ad);
4357 	rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4358 	return rc;
4359 }
4360 
4361 /*
4362  * smack_key_getsecurity - Smack label tagging the key
4363  * @key points to the key to be queried
4364  * @_buffer points to a pointer that should be set to point to the
4365  * resulting string (if no label or an error occurs).
4366  * Return the length of the string (including terminating NUL) or -ve if
4367  * an error.
4368  * May also return 0 (and a NULL buffer pointer) if there is no label.
4369  */
4370 static int smack_key_getsecurity(struct key *key, char **_buffer)
4371 {
4372 	struct smack_known *skp = key->security;
4373 	size_t length;
4374 	char *copy;
4375 
4376 	if (key->security == NULL) {
4377 		*_buffer = NULL;
4378 		return 0;
4379 	}
4380 
4381 	copy = kstrdup(skp->smk_known, GFP_KERNEL);
4382 	if (copy == NULL)
4383 		return -ENOMEM;
4384 	length = strlen(copy) + 1;
4385 
4386 	*_buffer = copy;
4387 	return length;
4388 }
4389 
4390 #endif /* CONFIG_KEYS */
4391 
4392 /*
4393  * Smack Audit hooks
4394  *
4395  * Audit requires a unique representation of each Smack specific
4396  * rule. This unique representation is used to distinguish the
4397  * object to be audited from remaining kernel objects and also
4398  * works as a glue between the audit hooks.
4399  *
4400  * Since repository entries are added but never deleted, we'll use
4401  * the smack_known label address related to the given audit rule as
4402  * the needed unique representation. This also better fits the smack
4403  * model where nearly everything is a label.
4404  */
4405 #ifdef CONFIG_AUDIT
4406 
4407 /**
4408  * smack_audit_rule_init - Initialize a smack audit rule
4409  * @field: audit rule fields given from user-space (audit.h)
4410  * @op: required testing operator (=, !=, >, <, ...)
4411  * @rulestr: smack label to be audited
4412  * @vrule: pointer to save our own audit rule representation
4413  *
4414  * Prepare to audit cases where (@field @op @rulestr) is true.
4415  * The label to be audited is created if necessay.
4416  */
4417 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4418 {
4419 	struct smack_known *skp;
4420 	char **rule = (char **)vrule;
4421 	*rule = NULL;
4422 
4423 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4424 		return -EINVAL;
4425 
4426 	if (op != Audit_equal && op != Audit_not_equal)
4427 		return -EINVAL;
4428 
4429 	skp = smk_import_entry(rulestr, 0);
4430 	if (IS_ERR(skp))
4431 		return PTR_ERR(skp);
4432 
4433 	*rule = skp->smk_known;
4434 
4435 	return 0;
4436 }
4437 
4438 /**
4439  * smack_audit_rule_known - Distinguish Smack audit rules
4440  * @krule: rule of interest, in Audit kernel representation format
4441  *
4442  * This is used to filter Smack rules from remaining Audit ones.
4443  * If it's proved that this rule belongs to us, the
4444  * audit_rule_match hook will be called to do the final judgement.
4445  */
4446 static int smack_audit_rule_known(struct audit_krule *krule)
4447 {
4448 	struct audit_field *f;
4449 	int i;
4450 
4451 	for (i = 0; i < krule->field_count; i++) {
4452 		f = &krule->fields[i];
4453 
4454 		if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4455 			return 1;
4456 	}
4457 
4458 	return 0;
4459 }
4460 
4461 /**
4462  * smack_audit_rule_match - Audit given object ?
4463  * @secid: security id for identifying the object to test
4464  * @field: audit rule flags given from user-space
4465  * @op: required testing operator
4466  * @vrule: smack internal rule presentation
4467  * @actx: audit context associated with the check
4468  *
4469  * The core Audit hook. It's used to take the decision of
4470  * whether to audit or not to audit a given object.
4471  */
4472 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4473 				  struct audit_context *actx)
4474 {
4475 	struct smack_known *skp;
4476 	char *rule = vrule;
4477 
4478 	if (unlikely(!rule)) {
4479 		WARN_ONCE(1, "Smack: missing rule\n");
4480 		return -ENOENT;
4481 	}
4482 
4483 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4484 		return 0;
4485 
4486 	skp = smack_from_secid(secid);
4487 
4488 	/*
4489 	 * No need to do string comparisons. If a match occurs,
4490 	 * both pointers will point to the same smack_known
4491 	 * label.
4492 	 */
4493 	if (op == Audit_equal)
4494 		return (rule == skp->smk_known);
4495 	if (op == Audit_not_equal)
4496 		return (rule != skp->smk_known);
4497 
4498 	return 0;
4499 }
4500 
4501 /*
4502  * There is no need for a smack_audit_rule_free hook.
4503  * No memory was allocated.
4504  */
4505 
4506 #endif /* CONFIG_AUDIT */
4507 
4508 /**
4509  * smack_ismaclabel - check if xattr @name references a smack MAC label
4510  * @name: Full xattr name to check.
4511  */
4512 static int smack_ismaclabel(const char *name)
4513 {
4514 	return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4515 }
4516 
4517 
4518 /**
4519  * smack_secid_to_secctx - return the smack label for a secid
4520  * @secid: incoming integer
4521  * @secdata: destination
4522  * @seclen: how long it is
4523  *
4524  * Exists for networking code.
4525  */
4526 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4527 {
4528 	struct smack_known *skp = smack_from_secid(secid);
4529 
4530 	if (secdata)
4531 		*secdata = skp->smk_known;
4532 	*seclen = strlen(skp->smk_known);
4533 	return 0;
4534 }
4535 
4536 /**
4537  * smack_secctx_to_secid - return the secid for a smack label
4538  * @secdata: smack label
4539  * @seclen: how long result is
4540  * @secid: outgoing integer
4541  *
4542  * Exists for audit and networking code.
4543  */
4544 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4545 {
4546 	struct smack_known *skp = smk_find_entry(secdata);
4547 
4548 	if (skp)
4549 		*secid = skp->smk_secid;
4550 	else
4551 		*secid = 0;
4552 	return 0;
4553 }
4554 
4555 /*
4556  * There used to be a smack_release_secctx hook
4557  * that did nothing back when hooks were in a vector.
4558  * Now that there's a list such a hook adds cost.
4559  */
4560 
4561 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4562 {
4563 	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4564 }
4565 
4566 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4567 {
4568 	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4569 }
4570 
4571 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4572 {
4573 	struct smack_known *skp = smk_of_inode(inode);
4574 
4575 	*ctx = skp->smk_known;
4576 	*ctxlen = strlen(skp->smk_known);
4577 	return 0;
4578 }
4579 
4580 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4581 {
4582 
4583 	struct task_smack *tsp;
4584 	struct smack_known *skp;
4585 	struct inode_smack *isp;
4586 	struct cred *new_creds = *new;
4587 
4588 	if (new_creds == NULL) {
4589 		new_creds = prepare_creds();
4590 		if (new_creds == NULL)
4591 			return -ENOMEM;
4592 	}
4593 
4594 	tsp = new_creds->security;
4595 
4596 	/*
4597 	 * Get label from overlay inode and set it in create_sid
4598 	 */
4599 	isp = d_inode(dentry->d_parent)->i_security;
4600 	skp = isp->smk_inode;
4601 	tsp->smk_task = skp;
4602 	*new = new_creds;
4603 	return 0;
4604 }
4605 
4606 static int smack_inode_copy_up_xattr(const char *name)
4607 {
4608 	/*
4609 	 * Return 1 if this is the smack access Smack attribute.
4610 	 */
4611 	if (strcmp(name, XATTR_NAME_SMACK) == 0)
4612 		return 1;
4613 
4614 	return -EOPNOTSUPP;
4615 }
4616 
4617 static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4618 					struct qstr *name,
4619 					const struct cred *old,
4620 					struct cred *new)
4621 {
4622 	struct task_smack *otsp = old->security;
4623 	struct task_smack *ntsp = new->security;
4624 	struct inode_smack *isp;
4625 	int may;
4626 
4627 	/*
4628 	 * Use the process credential unless all of
4629 	 * the transmuting criteria are met
4630 	 */
4631 	ntsp->smk_task = otsp->smk_task;
4632 
4633 	/*
4634 	 * the attribute of the containing directory
4635 	 */
4636 	isp = d_inode(dentry->d_parent)->i_security;
4637 
4638 	if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4639 		rcu_read_lock();
4640 		may = smk_access_entry(otsp->smk_task->smk_known,
4641 				       isp->smk_inode->smk_known,
4642 				       &otsp->smk_task->smk_rules);
4643 		rcu_read_unlock();
4644 
4645 		/*
4646 		 * If the directory is transmuting and the rule
4647 		 * providing access is transmuting use the containing
4648 		 * directory label instead of the process label.
4649 		 */
4650 		if (may > 0 && (may & MAY_TRANSMUTE))
4651 			ntsp->smk_task = isp->smk_inode;
4652 	}
4653 	return 0;
4654 }
4655 
4656 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
4657 	LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4658 	LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4659 	LSM_HOOK_INIT(syslog, smack_syslog),
4660 
4661 	LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4662 	LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
4663 	LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data),
4664 	LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount),
4665 	LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4666 	LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4667 	LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str),
4668 
4669 	LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
4670 
4671 	LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4672 	LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
4673 	LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4674 	LSM_HOOK_INIT(inode_link, smack_inode_link),
4675 	LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4676 	LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4677 	LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4678 	LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4679 	LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4680 	LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4681 	LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4682 	LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4683 	LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4684 	LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4685 	LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4686 	LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4687 	LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4688 	LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4689 
4690 	LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4691 	LSM_HOOK_INIT(file_free_security, smack_file_free_security),
4692 	LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4693 	LSM_HOOK_INIT(file_lock, smack_file_lock),
4694 	LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4695 	LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4696 	LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4697 	LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4698 	LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4699 	LSM_HOOK_INIT(file_receive, smack_file_receive),
4700 
4701 	LSM_HOOK_INIT(file_open, smack_file_open),
4702 
4703 	LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4704 	LSM_HOOK_INIT(cred_free, smack_cred_free),
4705 	LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4706 	LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4707 	LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
4708 	LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4709 	LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4710 	LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4711 	LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4712 	LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4713 	LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4714 	LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4715 	LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4716 	LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4717 	LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4718 	LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4719 	LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4720 	LSM_HOOK_INIT(task_kill, smack_task_kill),
4721 	LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4722 
4723 	LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4724 	LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4725 
4726 	LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4727 	LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
4728 
4729 	LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4730 	LSM_HOOK_INIT(msg_queue_free_security, smack_ipc_free_security),
4731 	LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4732 	LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4733 	LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4734 	LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4735 
4736 	LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4737 	LSM_HOOK_INIT(shm_free_security, smack_ipc_free_security),
4738 	LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4739 	LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4740 	LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4741 
4742 	LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4743 	LSM_HOOK_INIT(sem_free_security, smack_ipc_free_security),
4744 	LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4745 	LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4746 	LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4747 
4748 	LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4749 
4750 	LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4751 	LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4752 
4753 	LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4754 	LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4755 
4756 	LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4757 	LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
4758 #ifdef SMACK_IPV6_PORT_LABELING
4759 	LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4760 #endif
4761 	LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4762 	LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4763 	LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4764 	LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4765 	LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4766 	LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4767 	LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4768 	LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4769 	LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4770 	LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4771 
4772  /* key management security hooks */
4773 #ifdef CONFIG_KEYS
4774 	LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4775 	LSM_HOOK_INIT(key_free, smack_key_free),
4776 	LSM_HOOK_INIT(key_permission, smack_key_permission),
4777 	LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4778 #endif /* CONFIG_KEYS */
4779 
4780  /* Audit hooks */
4781 #ifdef CONFIG_AUDIT
4782 	LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4783 	LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4784 	LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4785 #endif /* CONFIG_AUDIT */
4786 
4787 	LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4788 	LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4789 	LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4790 	LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4791 	LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4792 	LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4793 	LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4794 	LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4795 	LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
4796 };
4797 
4798 
4799 static __init void init_smack_known_list(void)
4800 {
4801 	/*
4802 	 * Initialize rule list locks
4803 	 */
4804 	mutex_init(&smack_known_huh.smk_rules_lock);
4805 	mutex_init(&smack_known_hat.smk_rules_lock);
4806 	mutex_init(&smack_known_floor.smk_rules_lock);
4807 	mutex_init(&smack_known_star.smk_rules_lock);
4808 	mutex_init(&smack_known_web.smk_rules_lock);
4809 	/*
4810 	 * Initialize rule lists
4811 	 */
4812 	INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4813 	INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4814 	INIT_LIST_HEAD(&smack_known_star.smk_rules);
4815 	INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4816 	INIT_LIST_HEAD(&smack_known_web.smk_rules);
4817 	/*
4818 	 * Create the known labels list
4819 	 */
4820 	smk_insert_entry(&smack_known_huh);
4821 	smk_insert_entry(&smack_known_hat);
4822 	smk_insert_entry(&smack_known_star);
4823 	smk_insert_entry(&smack_known_floor);
4824 	smk_insert_entry(&smack_known_web);
4825 }
4826 
4827 /**
4828  * smack_init - initialize the smack system
4829  *
4830  * Returns 0
4831  */
4832 static __init int smack_init(void)
4833 {
4834 	struct cred *cred;
4835 	struct task_smack *tsp;
4836 
4837 	if (!security_module_enable("smack"))
4838 		return 0;
4839 
4840 	smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4841 	if (!smack_inode_cache)
4842 		return -ENOMEM;
4843 
4844 	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4845 				GFP_KERNEL);
4846 	if (tsp == NULL) {
4847 		kmem_cache_destroy(smack_inode_cache);
4848 		return -ENOMEM;
4849 	}
4850 
4851 	smack_enabled = 1;
4852 
4853 	pr_info("Smack:  Initializing.\n");
4854 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4855 	pr_info("Smack:  Netfilter enabled.\n");
4856 #endif
4857 #ifdef SMACK_IPV6_PORT_LABELING
4858 	pr_info("Smack:  IPv6 port labeling enabled.\n");
4859 #endif
4860 #ifdef SMACK_IPV6_SECMARK_LABELING
4861 	pr_info("Smack:  IPv6 Netfilter enabled.\n");
4862 #endif
4863 
4864 	/*
4865 	 * Set the security state for the initial task.
4866 	 */
4867 	cred = (struct cred *) current->cred;
4868 	cred->security = tsp;
4869 
4870 	/* initialize the smack_known_list */
4871 	init_smack_known_list();
4872 
4873 	/*
4874 	 * Register with LSM
4875 	 */
4876 	security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
4877 
4878 	return 0;
4879 }
4880 
4881 /*
4882  * Smack requires early initialization in order to label
4883  * all processes and objects when they are created.
4884  */
4885 security_initcall(smack_init);
4886