xref: /openbmc/linux/security/smack/smack_lsm.c (revision 9d5dbfe0)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *  Simplified MAC Kernel (smack) security module
4  *
5  *  This file contains the smack hook function implementations.
6  *
7  *  Authors:
8  *	Casey Schaufler <casey@schaufler-ca.com>
9  *	Jarkko Sakkinen <jarkko.sakkinen@intel.com>
10  *
11  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
12  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
13  *                Paul Moore <paul@paul-moore.com>
14  *  Copyright (C) 2010 Nokia Corporation
15  *  Copyright (C) 2011 Intel Corporation.
16  */
17 
18 #include <linux/xattr.h>
19 #include <linux/pagemap.h>
20 #include <linux/mount.h>
21 #include <linux/stat.h>
22 #include <linux/kd.h>
23 #include <asm/ioctls.h>
24 #include <linux/ip.h>
25 #include <linux/tcp.h>
26 #include <linux/udp.h>
27 #include <linux/dccp.h>
28 #include <linux/icmpv6.h>
29 #include <linux/slab.h>
30 #include <linux/mutex.h>
31 #include <net/cipso_ipv4.h>
32 #include <net/ip.h>
33 #include <net/ipv6.h>
34 #include <linux/audit.h>
35 #include <linux/magic.h>
36 #include <linux/dcache.h>
37 #include <linux/personality.h>
38 #include <linux/msg.h>
39 #include <linux/shm.h>
40 #include <linux/binfmts.h>
41 #include <linux/parser.h>
42 #include <linux/fs_context.h>
43 #include <linux/fs_parser.h>
44 #include <linux/watch_queue.h>
45 #include <linux/io_uring.h>
46 #include "smack.h"
47 
48 #define TRANS_TRUE	"TRUE"
49 #define TRANS_TRUE_SIZE	4
50 
51 #define SMK_CONNECTING	0
52 #define SMK_RECEIVING	1
53 #define SMK_SENDING	2
54 
55 #ifdef SMACK_IPV6_PORT_LABELING
56 static DEFINE_MUTEX(smack_ipv6_lock);
57 static LIST_HEAD(smk_ipv6_port_list);
58 #endif
59 struct kmem_cache *smack_rule_cache;
60 int smack_enabled __initdata;
61 
62 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
63 static struct {
64 	const char *name;
65 	int len;
66 	int opt;
67 } smk_mount_opts[] = {
68 	{"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
69 	A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
70 };
71 #undef A
72 
73 static int match_opt_prefix(char *s, int l, char **arg)
74 {
75 	int i;
76 
77 	for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
78 		size_t len = smk_mount_opts[i].len;
79 		if (len > l || memcmp(s, smk_mount_opts[i].name, len))
80 			continue;
81 		if (len == l || s[len] != '=')
82 			continue;
83 		*arg = s + len + 1;
84 		return smk_mount_opts[i].opt;
85 	}
86 	return Opt_error;
87 }
88 
89 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
90 static char *smk_bu_mess[] = {
91 	"Bringup Error",	/* Unused */
92 	"Bringup",		/* SMACK_BRINGUP_ALLOW */
93 	"Unconfined Subject",	/* SMACK_UNCONFINED_SUBJECT */
94 	"Unconfined Object",	/* SMACK_UNCONFINED_OBJECT */
95 };
96 
97 static void smk_bu_mode(int mode, char *s)
98 {
99 	int i = 0;
100 
101 	if (mode & MAY_READ)
102 		s[i++] = 'r';
103 	if (mode & MAY_WRITE)
104 		s[i++] = 'w';
105 	if (mode & MAY_EXEC)
106 		s[i++] = 'x';
107 	if (mode & MAY_APPEND)
108 		s[i++] = 'a';
109 	if (mode & MAY_TRANSMUTE)
110 		s[i++] = 't';
111 	if (mode & MAY_LOCK)
112 		s[i++] = 'l';
113 	if (i == 0)
114 		s[i++] = '-';
115 	s[i] = '\0';
116 }
117 #endif
118 
119 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
120 static int smk_bu_note(char *note, struct smack_known *sskp,
121 		       struct smack_known *oskp, int mode, int rc)
122 {
123 	char acc[SMK_NUM_ACCESS_TYPE + 1];
124 
125 	if (rc <= 0)
126 		return rc;
127 	if (rc > SMACK_UNCONFINED_OBJECT)
128 		rc = 0;
129 
130 	smk_bu_mode(mode, acc);
131 	pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
132 		sskp->smk_known, oskp->smk_known, acc, note);
133 	return 0;
134 }
135 #else
136 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
137 #endif
138 
139 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
140 static int smk_bu_current(char *note, struct smack_known *oskp,
141 			  int mode, int rc)
142 {
143 	struct task_smack *tsp = smack_cred(current_cred());
144 	char acc[SMK_NUM_ACCESS_TYPE + 1];
145 
146 	if (rc <= 0)
147 		return rc;
148 	if (rc > SMACK_UNCONFINED_OBJECT)
149 		rc = 0;
150 
151 	smk_bu_mode(mode, acc);
152 	pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
153 		tsp->smk_task->smk_known, oskp->smk_known,
154 		acc, current->comm, note);
155 	return 0;
156 }
157 #else
158 #define smk_bu_current(note, oskp, mode, RC) (RC)
159 #endif
160 
161 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
162 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
163 {
164 	struct task_smack *tsp = smack_cred(current_cred());
165 	struct smack_known *smk_task = smk_of_task_struct_obj(otp);
166 	char acc[SMK_NUM_ACCESS_TYPE + 1];
167 
168 	if (rc <= 0)
169 		return rc;
170 	if (rc > SMACK_UNCONFINED_OBJECT)
171 		rc = 0;
172 
173 	smk_bu_mode(mode, acc);
174 	pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
175 		tsp->smk_task->smk_known, smk_task->smk_known, acc,
176 		current->comm, otp->comm);
177 	return 0;
178 }
179 #else
180 #define smk_bu_task(otp, mode, RC) (RC)
181 #endif
182 
183 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
184 static int smk_bu_inode(struct inode *inode, int mode, int rc)
185 {
186 	struct task_smack *tsp = smack_cred(current_cred());
187 	struct inode_smack *isp = smack_inode(inode);
188 	char acc[SMK_NUM_ACCESS_TYPE + 1];
189 
190 	if (isp->smk_flags & SMK_INODE_IMPURE)
191 		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
192 			inode->i_sb->s_id, inode->i_ino, current->comm);
193 
194 	if (rc <= 0)
195 		return rc;
196 	if (rc > SMACK_UNCONFINED_OBJECT)
197 		rc = 0;
198 	if (rc == SMACK_UNCONFINED_SUBJECT &&
199 	    (mode & (MAY_WRITE | MAY_APPEND)))
200 		isp->smk_flags |= SMK_INODE_IMPURE;
201 
202 	smk_bu_mode(mode, acc);
203 
204 	pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
205 		tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
206 		inode->i_sb->s_id, inode->i_ino, current->comm);
207 	return 0;
208 }
209 #else
210 #define smk_bu_inode(inode, mode, RC) (RC)
211 #endif
212 
213 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
214 static int smk_bu_file(struct file *file, int mode, int rc)
215 {
216 	struct task_smack *tsp = smack_cred(current_cred());
217 	struct smack_known *sskp = tsp->smk_task;
218 	struct inode *inode = file_inode(file);
219 	struct inode_smack *isp = smack_inode(inode);
220 	char acc[SMK_NUM_ACCESS_TYPE + 1];
221 
222 	if (isp->smk_flags & SMK_INODE_IMPURE)
223 		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
224 			inode->i_sb->s_id, inode->i_ino, current->comm);
225 
226 	if (rc <= 0)
227 		return rc;
228 	if (rc > SMACK_UNCONFINED_OBJECT)
229 		rc = 0;
230 
231 	smk_bu_mode(mode, acc);
232 	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
233 		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
234 		inode->i_sb->s_id, inode->i_ino, file,
235 		current->comm);
236 	return 0;
237 }
238 #else
239 #define smk_bu_file(file, mode, RC) (RC)
240 #endif
241 
242 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
243 static int smk_bu_credfile(const struct cred *cred, struct file *file,
244 				int mode, int rc)
245 {
246 	struct task_smack *tsp = smack_cred(cred);
247 	struct smack_known *sskp = tsp->smk_task;
248 	struct inode *inode = file_inode(file);
249 	struct inode_smack *isp = smack_inode(inode);
250 	char acc[SMK_NUM_ACCESS_TYPE + 1];
251 
252 	if (isp->smk_flags & SMK_INODE_IMPURE)
253 		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
254 			inode->i_sb->s_id, inode->i_ino, current->comm);
255 
256 	if (rc <= 0)
257 		return rc;
258 	if (rc > SMACK_UNCONFINED_OBJECT)
259 		rc = 0;
260 
261 	smk_bu_mode(mode, acc);
262 	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
263 		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
264 		inode->i_sb->s_id, inode->i_ino, file,
265 		current->comm);
266 	return 0;
267 }
268 #else
269 #define smk_bu_credfile(cred, file, mode, RC) (RC)
270 #endif
271 
272 /**
273  * smk_fetch - Fetch the smack label from a file.
274  * @name: type of the label (attribute)
275  * @ip: a pointer to the inode
276  * @dp: a pointer to the dentry
277  *
278  * Returns a pointer to the master list entry for the Smack label,
279  * NULL if there was no label to fetch, or an error code.
280  */
281 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
282 					struct dentry *dp)
283 {
284 	int rc;
285 	char *buffer;
286 	struct smack_known *skp = NULL;
287 
288 	if (!(ip->i_opflags & IOP_XATTR))
289 		return ERR_PTR(-EOPNOTSUPP);
290 
291 	buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
292 	if (buffer == NULL)
293 		return ERR_PTR(-ENOMEM);
294 
295 	rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
296 	if (rc < 0)
297 		skp = ERR_PTR(rc);
298 	else if (rc == 0)
299 		skp = NULL;
300 	else
301 		skp = smk_import_entry(buffer, rc);
302 
303 	kfree(buffer);
304 
305 	return skp;
306 }
307 
308 /**
309  * init_inode_smack - initialize an inode security blob
310  * @inode: inode to extract the info from
311  * @skp: a pointer to the Smack label entry to use in the blob
312  *
313  */
314 static void init_inode_smack(struct inode *inode, struct smack_known *skp)
315 {
316 	struct inode_smack *isp = smack_inode(inode);
317 
318 	isp->smk_inode = skp;
319 	isp->smk_flags = 0;
320 }
321 
322 /**
323  * init_task_smack - initialize a task security blob
324  * @tsp: blob to initialize
325  * @task: a pointer to the Smack label for the running task
326  * @forked: a pointer to the Smack label for the forked task
327  *
328  */
329 static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
330 					struct smack_known *forked)
331 {
332 	tsp->smk_task = task;
333 	tsp->smk_forked = forked;
334 	INIT_LIST_HEAD(&tsp->smk_rules);
335 	INIT_LIST_HEAD(&tsp->smk_relabel);
336 	mutex_init(&tsp->smk_rules_lock);
337 }
338 
339 /**
340  * smk_copy_rules - copy a rule set
341  * @nhead: new rules header pointer
342  * @ohead: old rules header pointer
343  * @gfp: type of the memory for the allocation
344  *
345  * Returns 0 on success, -ENOMEM on error
346  */
347 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
348 				gfp_t gfp)
349 {
350 	struct smack_rule *nrp;
351 	struct smack_rule *orp;
352 	int rc = 0;
353 
354 	list_for_each_entry_rcu(orp, ohead, list) {
355 		nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
356 		if (nrp == NULL) {
357 			rc = -ENOMEM;
358 			break;
359 		}
360 		*nrp = *orp;
361 		list_add_rcu(&nrp->list, nhead);
362 	}
363 	return rc;
364 }
365 
366 /**
367  * smk_copy_relabel - copy smk_relabel labels list
368  * @nhead: new rules header pointer
369  * @ohead: old rules header pointer
370  * @gfp: type of the memory for the allocation
371  *
372  * Returns 0 on success, -ENOMEM on error
373  */
374 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
375 				gfp_t gfp)
376 {
377 	struct smack_known_list_elem *nklep;
378 	struct smack_known_list_elem *oklep;
379 
380 	list_for_each_entry(oklep, ohead, list) {
381 		nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
382 		if (nklep == NULL) {
383 			smk_destroy_label_list(nhead);
384 			return -ENOMEM;
385 		}
386 		nklep->smk_label = oklep->smk_label;
387 		list_add(&nklep->list, nhead);
388 	}
389 
390 	return 0;
391 }
392 
393 /**
394  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
395  * @mode: input mode in form of PTRACE_MODE_*
396  *
397  * Returns a converted MAY_* mode usable by smack rules
398  */
399 static inline unsigned int smk_ptrace_mode(unsigned int mode)
400 {
401 	if (mode & PTRACE_MODE_ATTACH)
402 		return MAY_READWRITE;
403 	if (mode & PTRACE_MODE_READ)
404 		return MAY_READ;
405 
406 	return 0;
407 }
408 
409 /**
410  * smk_ptrace_rule_check - helper for ptrace access
411  * @tracer: tracer process
412  * @tracee_known: label entry of the process that's about to be traced
413  * @mode: ptrace attachment mode (PTRACE_MODE_*)
414  * @func: name of the function that called us, used for audit
415  *
416  * Returns 0 on access granted, -error on error
417  */
418 static int smk_ptrace_rule_check(struct task_struct *tracer,
419 				 struct smack_known *tracee_known,
420 				 unsigned int mode, const char *func)
421 {
422 	int rc;
423 	struct smk_audit_info ad, *saip = NULL;
424 	struct task_smack *tsp;
425 	struct smack_known *tracer_known;
426 	const struct cred *tracercred;
427 
428 	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
429 		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
430 		smk_ad_setfield_u_tsk(&ad, tracer);
431 		saip = &ad;
432 	}
433 
434 	rcu_read_lock();
435 	tracercred = __task_cred(tracer);
436 	tsp = smack_cred(tracercred);
437 	tracer_known = smk_of_task(tsp);
438 
439 	if ((mode & PTRACE_MODE_ATTACH) &&
440 	    (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
441 	     smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
442 		if (tracer_known->smk_known == tracee_known->smk_known)
443 			rc = 0;
444 		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
445 			rc = -EACCES;
446 		else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
447 			rc = 0;
448 		else
449 			rc = -EACCES;
450 
451 		if (saip)
452 			smack_log(tracer_known->smk_known,
453 				  tracee_known->smk_known,
454 				  0, rc, saip);
455 
456 		rcu_read_unlock();
457 		return rc;
458 	}
459 
460 	/* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
461 	rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
462 
463 	rcu_read_unlock();
464 	return rc;
465 }
466 
467 /*
468  * LSM hooks.
469  * We he, that is fun!
470  */
471 
472 /**
473  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
474  * @ctp: child task pointer
475  * @mode: ptrace attachment mode (PTRACE_MODE_*)
476  *
477  * Returns 0 if access is OK, an error code otherwise
478  *
479  * Do the capability checks.
480  */
481 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
482 {
483 	struct smack_known *skp;
484 
485 	skp = smk_of_task_struct_obj(ctp);
486 
487 	return smk_ptrace_rule_check(current, skp, mode, __func__);
488 }
489 
490 /**
491  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
492  * @ptp: parent task pointer
493  *
494  * Returns 0 if access is OK, an error code otherwise
495  *
496  * Do the capability checks, and require PTRACE_MODE_ATTACH.
497  */
498 static int smack_ptrace_traceme(struct task_struct *ptp)
499 {
500 	struct smack_known *skp;
501 
502 	skp = smk_of_task(smack_cred(current_cred()));
503 
504 	return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
505 }
506 
507 /**
508  * smack_syslog - Smack approval on syslog
509  * @typefrom_file: unused
510  *
511  * Returns 0 on success, error code otherwise.
512  */
513 static int smack_syslog(int typefrom_file)
514 {
515 	int rc = 0;
516 	struct smack_known *skp = smk_of_current();
517 
518 	if (smack_privileged(CAP_MAC_OVERRIDE))
519 		return 0;
520 
521 	if (smack_syslog_label != NULL && smack_syslog_label != skp)
522 		rc = -EACCES;
523 
524 	return rc;
525 }
526 
527 /*
528  * Superblock Hooks.
529  */
530 
531 /**
532  * smack_sb_alloc_security - allocate a superblock blob
533  * @sb: the superblock getting the blob
534  *
535  * Returns 0 on success or -ENOMEM on error.
536  */
537 static int smack_sb_alloc_security(struct super_block *sb)
538 {
539 	struct superblock_smack *sbsp = smack_superblock(sb);
540 
541 	sbsp->smk_root = &smack_known_floor;
542 	sbsp->smk_default = &smack_known_floor;
543 	sbsp->smk_floor = &smack_known_floor;
544 	sbsp->smk_hat = &smack_known_hat;
545 	/*
546 	 * SMK_SB_INITIALIZED will be zero from kzalloc.
547 	 */
548 
549 	return 0;
550 }
551 
552 struct smack_mnt_opts {
553 	const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
554 };
555 
556 static void smack_free_mnt_opts(void *mnt_opts)
557 {
558 	struct smack_mnt_opts *opts = mnt_opts;
559 	kfree(opts->fsdefault);
560 	kfree(opts->fsfloor);
561 	kfree(opts->fshat);
562 	kfree(opts->fsroot);
563 	kfree(opts->fstransmute);
564 	kfree(opts);
565 }
566 
567 static int smack_add_opt(int token, const char *s, void **mnt_opts)
568 {
569 	struct smack_mnt_opts *opts = *mnt_opts;
570 
571 	if (!opts) {
572 		opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
573 		if (!opts)
574 			return -ENOMEM;
575 		*mnt_opts = opts;
576 	}
577 	if (!s)
578 		return -ENOMEM;
579 
580 	switch (token) {
581 	case Opt_fsdefault:
582 		if (opts->fsdefault)
583 			goto out_opt_err;
584 		opts->fsdefault = s;
585 		break;
586 	case Opt_fsfloor:
587 		if (opts->fsfloor)
588 			goto out_opt_err;
589 		opts->fsfloor = s;
590 		break;
591 	case Opt_fshat:
592 		if (opts->fshat)
593 			goto out_opt_err;
594 		opts->fshat = s;
595 		break;
596 	case Opt_fsroot:
597 		if (opts->fsroot)
598 			goto out_opt_err;
599 		opts->fsroot = s;
600 		break;
601 	case Opt_fstransmute:
602 		if (opts->fstransmute)
603 			goto out_opt_err;
604 		opts->fstransmute = s;
605 		break;
606 	}
607 	return 0;
608 
609 out_opt_err:
610 	pr_warn("Smack: duplicate mount options\n");
611 	return -EINVAL;
612 }
613 
614 /**
615  * smack_fs_context_dup - Duplicate the security data on fs_context duplication
616  * @fc: The new filesystem context.
617  * @src_fc: The source filesystem context being duplicated.
618  *
619  * Returns 0 on success or -ENOMEM on error.
620  */
621 static int smack_fs_context_dup(struct fs_context *fc,
622 				struct fs_context *src_fc)
623 {
624 	struct smack_mnt_opts *dst, *src = src_fc->security;
625 
626 	if (!src)
627 		return 0;
628 
629 	fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
630 	if (!fc->security)
631 		return -ENOMEM;
632 	dst = fc->security;
633 
634 	if (src->fsdefault) {
635 		dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
636 		if (!dst->fsdefault)
637 			return -ENOMEM;
638 	}
639 	if (src->fsfloor) {
640 		dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
641 		if (!dst->fsfloor)
642 			return -ENOMEM;
643 	}
644 	if (src->fshat) {
645 		dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
646 		if (!dst->fshat)
647 			return -ENOMEM;
648 	}
649 	if (src->fsroot) {
650 		dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
651 		if (!dst->fsroot)
652 			return -ENOMEM;
653 	}
654 	if (src->fstransmute) {
655 		dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
656 		if (!dst->fstransmute)
657 			return -ENOMEM;
658 	}
659 	return 0;
660 }
661 
662 static const struct fs_parameter_spec smack_fs_parameters[] = {
663 	fsparam_string("smackfsdef",		Opt_fsdefault),
664 	fsparam_string("smackfsdefault",	Opt_fsdefault),
665 	fsparam_string("smackfsfloor",		Opt_fsfloor),
666 	fsparam_string("smackfshat",		Opt_fshat),
667 	fsparam_string("smackfsroot",		Opt_fsroot),
668 	fsparam_string("smackfstransmute",	Opt_fstransmute),
669 	{}
670 };
671 
672 /**
673  * smack_fs_context_parse_param - Parse a single mount parameter
674  * @fc: The new filesystem context being constructed.
675  * @param: The parameter.
676  *
677  * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
678  * error.
679  */
680 static int smack_fs_context_parse_param(struct fs_context *fc,
681 					struct fs_parameter *param)
682 {
683 	struct fs_parse_result result;
684 	int opt, rc;
685 
686 	opt = fs_parse(fc, smack_fs_parameters, param, &result);
687 	if (opt < 0)
688 		return opt;
689 
690 	rc = smack_add_opt(opt, param->string, &fc->security);
691 	if (!rc)
692 		param->string = NULL;
693 	return rc;
694 }
695 
696 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
697 {
698 	char *from = options, *to = options;
699 	bool first = true;
700 
701 	while (1) {
702 		char *next = strchr(from, ',');
703 		int token, len, rc;
704 		char *arg = NULL;
705 
706 		if (next)
707 			len = next - from;
708 		else
709 			len = strlen(from);
710 
711 		token = match_opt_prefix(from, len, &arg);
712 		if (token != Opt_error) {
713 			arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
714 			rc = smack_add_opt(token, arg, mnt_opts);
715 			if (unlikely(rc)) {
716 				kfree(arg);
717 				if (*mnt_opts)
718 					smack_free_mnt_opts(*mnt_opts);
719 				*mnt_opts = NULL;
720 				return rc;
721 			}
722 		} else {
723 			if (!first) {	// copy with preceding comma
724 				from--;
725 				len++;
726 			}
727 			if (to != from)
728 				memmove(to, from, len);
729 			to += len;
730 			first = false;
731 		}
732 		if (!from[len])
733 			break;
734 		from += len + 1;
735 	}
736 	*to = '\0';
737 	return 0;
738 }
739 
740 /**
741  * smack_set_mnt_opts - set Smack specific mount options
742  * @sb: the file system superblock
743  * @mnt_opts: Smack mount options
744  * @kern_flags: mount option from kernel space or user space
745  * @set_kern_flags: where to store converted mount opts
746  *
747  * Returns 0 on success, an error code on failure
748  *
749  * Allow filesystems with binary mount data to explicitly set Smack mount
750  * labels.
751  */
752 static int smack_set_mnt_opts(struct super_block *sb,
753 		void *mnt_opts,
754 		unsigned long kern_flags,
755 		unsigned long *set_kern_flags)
756 {
757 	struct dentry *root = sb->s_root;
758 	struct inode *inode = d_backing_inode(root);
759 	struct superblock_smack *sp = smack_superblock(sb);
760 	struct inode_smack *isp;
761 	struct smack_known *skp;
762 	struct smack_mnt_opts *opts = mnt_opts;
763 	bool transmute = false;
764 
765 	if (sp->smk_flags & SMK_SB_INITIALIZED)
766 		return 0;
767 
768 	if (!smack_privileged(CAP_MAC_ADMIN)) {
769 		/*
770 		 * Unprivileged mounts don't get to specify Smack values.
771 		 */
772 		if (opts)
773 			return -EPERM;
774 		/*
775 		 * Unprivileged mounts get root and default from the caller.
776 		 */
777 		skp = smk_of_current();
778 		sp->smk_root = skp;
779 		sp->smk_default = skp;
780 		/*
781 		 * For a handful of fs types with no user-controlled
782 		 * backing store it's okay to trust security labels
783 		 * in the filesystem. The rest are untrusted.
784 		 */
785 		if (sb->s_user_ns != &init_user_ns &&
786 		    sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
787 		    sb->s_magic != RAMFS_MAGIC) {
788 			transmute = true;
789 			sp->smk_flags |= SMK_SB_UNTRUSTED;
790 		}
791 	}
792 
793 	sp->smk_flags |= SMK_SB_INITIALIZED;
794 
795 	if (opts) {
796 		if (opts->fsdefault) {
797 			skp = smk_import_entry(opts->fsdefault, 0);
798 			if (IS_ERR(skp))
799 				return PTR_ERR(skp);
800 			sp->smk_default = skp;
801 		}
802 		if (opts->fsfloor) {
803 			skp = smk_import_entry(opts->fsfloor, 0);
804 			if (IS_ERR(skp))
805 				return PTR_ERR(skp);
806 			sp->smk_floor = skp;
807 		}
808 		if (opts->fshat) {
809 			skp = smk_import_entry(opts->fshat, 0);
810 			if (IS_ERR(skp))
811 				return PTR_ERR(skp);
812 			sp->smk_hat = skp;
813 		}
814 		if (opts->fsroot) {
815 			skp = smk_import_entry(opts->fsroot, 0);
816 			if (IS_ERR(skp))
817 				return PTR_ERR(skp);
818 			sp->smk_root = skp;
819 		}
820 		if (opts->fstransmute) {
821 			skp = smk_import_entry(opts->fstransmute, 0);
822 			if (IS_ERR(skp))
823 				return PTR_ERR(skp);
824 			sp->smk_root = skp;
825 			transmute = true;
826 		}
827 	}
828 
829 	/*
830 	 * Initialize the root inode.
831 	 */
832 	init_inode_smack(inode, sp->smk_root);
833 
834 	if (transmute) {
835 		isp = smack_inode(inode);
836 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
837 	}
838 
839 	return 0;
840 }
841 
842 /**
843  * smack_sb_statfs - Smack check on statfs
844  * @dentry: identifies the file system in question
845  *
846  * Returns 0 if current can read the floor of the filesystem,
847  * and error code otherwise
848  */
849 static int smack_sb_statfs(struct dentry *dentry)
850 {
851 	struct superblock_smack *sbp = smack_superblock(dentry->d_sb);
852 	int rc;
853 	struct smk_audit_info ad;
854 
855 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
856 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
857 
858 	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
859 	rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
860 	return rc;
861 }
862 
863 /*
864  * BPRM hooks
865  */
866 
867 /**
868  * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec
869  * @bprm: the exec information
870  *
871  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
872  */
873 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)
874 {
875 	struct inode *inode = file_inode(bprm->file);
876 	struct task_smack *bsp = smack_cred(bprm->cred);
877 	struct inode_smack *isp;
878 	struct superblock_smack *sbsp;
879 	int rc;
880 
881 	isp = smack_inode(inode);
882 	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
883 		return 0;
884 
885 	sbsp = smack_superblock(inode->i_sb);
886 	if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
887 	    isp->smk_task != sbsp->smk_root)
888 		return 0;
889 
890 	if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
891 		struct task_struct *tracer;
892 		rc = 0;
893 
894 		rcu_read_lock();
895 		tracer = ptrace_parent(current);
896 		if (likely(tracer != NULL))
897 			rc = smk_ptrace_rule_check(tracer,
898 						   isp->smk_task,
899 						   PTRACE_MODE_ATTACH,
900 						   __func__);
901 		rcu_read_unlock();
902 
903 		if (rc != 0)
904 			return rc;
905 	}
906 	if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
907 		return -EPERM;
908 
909 	bsp->smk_task = isp->smk_task;
910 	bprm->per_clear |= PER_CLEAR_ON_SETID;
911 
912 	/* Decide if this is a secure exec. */
913 	if (bsp->smk_task != bsp->smk_forked)
914 		bprm->secureexec = 1;
915 
916 	return 0;
917 }
918 
919 /*
920  * Inode hooks
921  */
922 
923 /**
924  * smack_inode_alloc_security - allocate an inode blob
925  * @inode: the inode in need of a blob
926  *
927  * Returns 0
928  */
929 static int smack_inode_alloc_security(struct inode *inode)
930 {
931 	struct smack_known *skp = smk_of_current();
932 
933 	init_inode_smack(inode, skp);
934 	return 0;
935 }
936 
937 /**
938  * smack_inode_init_security - copy out the smack from an inode
939  * @inode: the newly created inode
940  * @dir: containing directory object
941  * @qstr: unused
942  * @name: where to put the attribute name
943  * @value: where to put the attribute value
944  * @len: where to put the length of the attribute
945  *
946  * Returns 0 if it all works out, -ENOMEM if there's no memory
947  */
948 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
949 				     const struct qstr *qstr, const char **name,
950 				     void **value, size_t *len)
951 {
952 	struct inode_smack *issp = smack_inode(inode);
953 	struct smack_known *skp = smk_of_current();
954 	struct smack_known *isp = smk_of_inode(inode);
955 	struct smack_known *dsp = smk_of_inode(dir);
956 	int may;
957 
958 	if (name)
959 		*name = XATTR_SMACK_SUFFIX;
960 
961 	if (value && len) {
962 		rcu_read_lock();
963 		may = smk_access_entry(skp->smk_known, dsp->smk_known,
964 				       &skp->smk_rules);
965 		rcu_read_unlock();
966 
967 		/*
968 		 * If the access rule allows transmutation and
969 		 * the directory requests transmutation then
970 		 * by all means transmute.
971 		 * Mark the inode as changed.
972 		 */
973 		if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
974 		    smk_inode_transmutable(dir)) {
975 			isp = dsp;
976 			issp->smk_flags |= SMK_INODE_CHANGED;
977 		}
978 
979 		*value = kstrdup(isp->smk_known, GFP_NOFS);
980 		if (*value == NULL)
981 			return -ENOMEM;
982 
983 		*len = strlen(isp->smk_known);
984 	}
985 
986 	return 0;
987 }
988 
989 /**
990  * smack_inode_link - Smack check on link
991  * @old_dentry: the existing object
992  * @dir: unused
993  * @new_dentry: the new object
994  *
995  * Returns 0 if access is permitted, an error code otherwise
996  */
997 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
998 			    struct dentry *new_dentry)
999 {
1000 	struct smack_known *isp;
1001 	struct smk_audit_info ad;
1002 	int rc;
1003 
1004 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1005 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1006 
1007 	isp = smk_of_inode(d_backing_inode(old_dentry));
1008 	rc = smk_curacc(isp, MAY_WRITE, &ad);
1009 	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1010 
1011 	if (rc == 0 && d_is_positive(new_dentry)) {
1012 		isp = smk_of_inode(d_backing_inode(new_dentry));
1013 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1014 		rc = smk_curacc(isp, MAY_WRITE, &ad);
1015 		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1016 	}
1017 
1018 	return rc;
1019 }
1020 
1021 /**
1022  * smack_inode_unlink - Smack check on inode deletion
1023  * @dir: containing directory object
1024  * @dentry: file to unlink
1025  *
1026  * Returns 0 if current can write the containing directory
1027  * and the object, error code otherwise
1028  */
1029 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1030 {
1031 	struct inode *ip = d_backing_inode(dentry);
1032 	struct smk_audit_info ad;
1033 	int rc;
1034 
1035 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1036 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1037 
1038 	/*
1039 	 * You need write access to the thing you're unlinking
1040 	 */
1041 	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1042 	rc = smk_bu_inode(ip, MAY_WRITE, rc);
1043 	if (rc == 0) {
1044 		/*
1045 		 * You also need write access to the containing directory
1046 		 */
1047 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1048 		smk_ad_setfield_u_fs_inode(&ad, dir);
1049 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1050 		rc = smk_bu_inode(dir, MAY_WRITE, rc);
1051 	}
1052 	return rc;
1053 }
1054 
1055 /**
1056  * smack_inode_rmdir - Smack check on directory deletion
1057  * @dir: containing directory object
1058  * @dentry: directory to unlink
1059  *
1060  * Returns 0 if current can write the containing directory
1061  * and the directory, error code otherwise
1062  */
1063 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1064 {
1065 	struct smk_audit_info ad;
1066 	int rc;
1067 
1068 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1069 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1070 
1071 	/*
1072 	 * You need write access to the thing you're removing
1073 	 */
1074 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1075 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1076 	if (rc == 0) {
1077 		/*
1078 		 * You also need write access to the containing directory
1079 		 */
1080 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1081 		smk_ad_setfield_u_fs_inode(&ad, dir);
1082 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1083 		rc = smk_bu_inode(dir, MAY_WRITE, rc);
1084 	}
1085 
1086 	return rc;
1087 }
1088 
1089 /**
1090  * smack_inode_rename - Smack check on rename
1091  * @old_inode: unused
1092  * @old_dentry: the old object
1093  * @new_inode: unused
1094  * @new_dentry: the new object
1095  *
1096  * Read and write access is required on both the old and
1097  * new directories.
1098  *
1099  * Returns 0 if access is permitted, an error code otherwise
1100  */
1101 static int smack_inode_rename(struct inode *old_inode,
1102 			      struct dentry *old_dentry,
1103 			      struct inode *new_inode,
1104 			      struct dentry *new_dentry)
1105 {
1106 	int rc;
1107 	struct smack_known *isp;
1108 	struct smk_audit_info ad;
1109 
1110 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1111 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1112 
1113 	isp = smk_of_inode(d_backing_inode(old_dentry));
1114 	rc = smk_curacc(isp, MAY_READWRITE, &ad);
1115 	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1116 
1117 	if (rc == 0 && d_is_positive(new_dentry)) {
1118 		isp = smk_of_inode(d_backing_inode(new_dentry));
1119 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1120 		rc = smk_curacc(isp, MAY_READWRITE, &ad);
1121 		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1122 	}
1123 	return rc;
1124 }
1125 
1126 /**
1127  * smack_inode_permission - Smack version of permission()
1128  * @inode: the inode in question
1129  * @mask: the access requested
1130  *
1131  * This is the important Smack hook.
1132  *
1133  * Returns 0 if access is permitted, an error code otherwise
1134  */
1135 static int smack_inode_permission(struct inode *inode, int mask)
1136 {
1137 	struct superblock_smack *sbsp = smack_superblock(inode->i_sb);
1138 	struct smk_audit_info ad;
1139 	int no_block = mask & MAY_NOT_BLOCK;
1140 	int rc;
1141 
1142 	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1143 	/*
1144 	 * No permission to check. Existence test. Yup, it's there.
1145 	 */
1146 	if (mask == 0)
1147 		return 0;
1148 
1149 	if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1150 		if (smk_of_inode(inode) != sbsp->smk_root)
1151 			return -EACCES;
1152 	}
1153 
1154 	/* May be droppable after audit */
1155 	if (no_block)
1156 		return -ECHILD;
1157 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1158 	smk_ad_setfield_u_fs_inode(&ad, inode);
1159 	rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1160 	rc = smk_bu_inode(inode, mask, rc);
1161 	return rc;
1162 }
1163 
1164 /**
1165  * smack_inode_setattr - Smack check for setting attributes
1166  * @dentry: the object
1167  * @iattr: for the force flag
1168  *
1169  * Returns 0 if access is permitted, an error code otherwise
1170  */
1171 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1172 {
1173 	struct smk_audit_info ad;
1174 	int rc;
1175 
1176 	/*
1177 	 * Need to allow for clearing the setuid bit.
1178 	 */
1179 	if (iattr->ia_valid & ATTR_FORCE)
1180 		return 0;
1181 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1182 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1183 
1184 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1185 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1186 	return rc;
1187 }
1188 
1189 /**
1190  * smack_inode_getattr - Smack check for getting attributes
1191  * @path: path to extract the info from
1192  *
1193  * Returns 0 if access is permitted, an error code otherwise
1194  */
1195 static int smack_inode_getattr(const struct path *path)
1196 {
1197 	struct smk_audit_info ad;
1198 	struct inode *inode = d_backing_inode(path->dentry);
1199 	int rc;
1200 
1201 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1202 	smk_ad_setfield_u_fs_path(&ad, *path);
1203 	rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1204 	rc = smk_bu_inode(inode, MAY_READ, rc);
1205 	return rc;
1206 }
1207 
1208 /**
1209  * smack_inode_setxattr - Smack check for setting xattrs
1210  * @mnt_userns: active user namespace
1211  * @dentry: the object
1212  * @name: name of the attribute
1213  * @value: value of the attribute
1214  * @size: size of the value
1215  * @flags: unused
1216  *
1217  * This protects the Smack attribute explicitly.
1218  *
1219  * Returns 0 if access is permitted, an error code otherwise
1220  */
1221 static int smack_inode_setxattr(struct user_namespace *mnt_userns,
1222 				struct dentry *dentry, const char *name,
1223 				const void *value, size_t size, int flags)
1224 {
1225 	struct smk_audit_info ad;
1226 	struct smack_known *skp;
1227 	int check_priv = 0;
1228 	int check_import = 0;
1229 	int check_star = 0;
1230 	int rc = 0;
1231 
1232 	/*
1233 	 * Check label validity here so import won't fail in post_setxattr
1234 	 */
1235 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1236 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1237 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1238 		check_priv = 1;
1239 		check_import = 1;
1240 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1241 		   strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1242 		check_priv = 1;
1243 		check_import = 1;
1244 		check_star = 1;
1245 	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1246 		check_priv = 1;
1247 		if (size != TRANS_TRUE_SIZE ||
1248 		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1249 			rc = -EINVAL;
1250 	} else
1251 		rc = cap_inode_setxattr(dentry, name, value, size, flags);
1252 
1253 	if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1254 		rc = -EPERM;
1255 
1256 	if (rc == 0 && check_import) {
1257 		skp = size ? smk_import_entry(value, size) : NULL;
1258 		if (IS_ERR(skp))
1259 			rc = PTR_ERR(skp);
1260 		else if (skp == NULL || (check_star &&
1261 		    (skp == &smack_known_star || skp == &smack_known_web)))
1262 			rc = -EINVAL;
1263 	}
1264 
1265 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1266 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1267 
1268 	if (rc == 0) {
1269 		rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1270 		rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1271 	}
1272 
1273 	return rc;
1274 }
1275 
1276 /**
1277  * smack_inode_post_setxattr - Apply the Smack update approved above
1278  * @dentry: object
1279  * @name: attribute name
1280  * @value: attribute value
1281  * @size: attribute size
1282  * @flags: unused
1283  *
1284  * Set the pointer in the inode blob to the entry found
1285  * in the master label list.
1286  */
1287 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1288 				      const void *value, size_t size, int flags)
1289 {
1290 	struct smack_known *skp;
1291 	struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
1292 
1293 	if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1294 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
1295 		return;
1296 	}
1297 
1298 	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1299 		skp = smk_import_entry(value, size);
1300 		if (!IS_ERR(skp))
1301 			isp->smk_inode = skp;
1302 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1303 		skp = smk_import_entry(value, size);
1304 		if (!IS_ERR(skp))
1305 			isp->smk_task = skp;
1306 	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1307 		skp = smk_import_entry(value, size);
1308 		if (!IS_ERR(skp))
1309 			isp->smk_mmap = skp;
1310 	}
1311 
1312 	return;
1313 }
1314 
1315 /**
1316  * smack_inode_getxattr - Smack check on getxattr
1317  * @dentry: the object
1318  * @name: unused
1319  *
1320  * Returns 0 if access is permitted, an error code otherwise
1321  */
1322 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1323 {
1324 	struct smk_audit_info ad;
1325 	int rc;
1326 
1327 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1328 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1329 
1330 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1331 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1332 	return rc;
1333 }
1334 
1335 /**
1336  * smack_inode_removexattr - Smack check on removexattr
1337  * @mnt_userns: active user namespace
1338  * @dentry: the object
1339  * @name: name of the attribute
1340  *
1341  * Removing the Smack attribute requires CAP_MAC_ADMIN
1342  *
1343  * Returns 0 if access is permitted, an error code otherwise
1344  */
1345 static int smack_inode_removexattr(struct user_namespace *mnt_userns,
1346 				   struct dentry *dentry, const char *name)
1347 {
1348 	struct inode_smack *isp;
1349 	struct smk_audit_info ad;
1350 	int rc = 0;
1351 
1352 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1353 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1354 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1355 	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1356 	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1357 	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1358 		if (!smack_privileged(CAP_MAC_ADMIN))
1359 			rc = -EPERM;
1360 	} else
1361 		rc = cap_inode_removexattr(mnt_userns, dentry, name);
1362 
1363 	if (rc != 0)
1364 		return rc;
1365 
1366 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1367 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1368 
1369 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1370 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1371 	if (rc != 0)
1372 		return rc;
1373 
1374 	isp = smack_inode(d_backing_inode(dentry));
1375 	/*
1376 	 * Don't do anything special for these.
1377 	 *	XATTR_NAME_SMACKIPIN
1378 	 *	XATTR_NAME_SMACKIPOUT
1379 	 */
1380 	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1381 		struct super_block *sbp = dentry->d_sb;
1382 		struct superblock_smack *sbsp = smack_superblock(sbp);
1383 
1384 		isp->smk_inode = sbsp->smk_default;
1385 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1386 		isp->smk_task = NULL;
1387 	else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1388 		isp->smk_mmap = NULL;
1389 	else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1390 		isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1391 
1392 	return 0;
1393 }
1394 
1395 /**
1396  * smack_inode_set_acl - Smack check for setting posix acls
1397  * @mnt_userns: the userns attached to the mnt this request came from
1398  * @dentry: the object
1399  * @acl_name: name of the posix acl
1400  * @kacl: the posix acls
1401  *
1402  * Returns 0 if access is permitted, an error code otherwise
1403  */
1404 static int smack_inode_set_acl(struct user_namespace *mnt_userns,
1405 			       struct dentry *dentry, const char *acl_name,
1406 			       struct posix_acl *kacl)
1407 {
1408 	struct smk_audit_info ad;
1409 	int rc;
1410 
1411 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1412 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1413 
1414 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1415 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1416 	return rc;
1417 }
1418 
1419 /**
1420  * smack_inode_get_acl - Smack check for getting posix acls
1421  * @mnt_userns: the userns attached to the mnt this request came from
1422  * @dentry: the object
1423  * @acl_name: name of the posix acl
1424  *
1425  * Returns 0 if access is permitted, an error code otherwise
1426  */
1427 static int smack_inode_get_acl(struct user_namespace *mnt_userns,
1428 			       struct dentry *dentry, const char *acl_name)
1429 {
1430 	struct smk_audit_info ad;
1431 	int rc;
1432 
1433 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1434 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1435 
1436 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1437 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1438 	return rc;
1439 }
1440 
1441 /**
1442  * smack_inode_remove_acl - Smack check for getting posix acls
1443  * @mnt_userns: the userns attached to the mnt this request came from
1444  * @dentry: the object
1445  * @acl_name: name of the posix acl
1446  *
1447  * Returns 0 if access is permitted, an error code otherwise
1448  */
1449 static int smack_inode_remove_acl(struct user_namespace *mnt_userns,
1450 				  struct dentry *dentry, const char *acl_name)
1451 {
1452 	struct smk_audit_info ad;
1453 	int rc;
1454 
1455 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1456 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1457 
1458 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1459 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1460 	return rc;
1461 }
1462 
1463 /**
1464  * smack_inode_getsecurity - get smack xattrs
1465  * @mnt_userns: active user namespace
1466  * @inode: the object
1467  * @name: attribute name
1468  * @buffer: where to put the result
1469  * @alloc: duplicate memory
1470  *
1471  * Returns the size of the attribute or an error code
1472  */
1473 static int smack_inode_getsecurity(struct user_namespace *mnt_userns,
1474 				   struct inode *inode, const char *name,
1475 				   void **buffer, bool alloc)
1476 {
1477 	struct socket_smack *ssp;
1478 	struct socket *sock;
1479 	struct super_block *sbp;
1480 	struct inode *ip = (struct inode *)inode;
1481 	struct smack_known *isp;
1482 
1483 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
1484 		isp = smk_of_inode(inode);
1485 	else {
1486 		/*
1487 		 * The rest of the Smack xattrs are only on sockets.
1488 		 */
1489 		sbp = ip->i_sb;
1490 		if (sbp->s_magic != SOCKFS_MAGIC)
1491 			return -EOPNOTSUPP;
1492 
1493 		sock = SOCKET_I(ip);
1494 		if (sock == NULL || sock->sk == NULL)
1495 			return -EOPNOTSUPP;
1496 
1497 		ssp = sock->sk->sk_security;
1498 
1499 		if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1500 			isp = ssp->smk_in;
1501 		else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1502 			isp = ssp->smk_out;
1503 		else
1504 			return -EOPNOTSUPP;
1505 	}
1506 
1507 	if (alloc) {
1508 		*buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1509 		if (*buffer == NULL)
1510 			return -ENOMEM;
1511 	}
1512 
1513 	return strlen(isp->smk_known);
1514 }
1515 
1516 
1517 /**
1518  * smack_inode_listsecurity - list the Smack attributes
1519  * @inode: the object
1520  * @buffer: where they go
1521  * @buffer_size: size of buffer
1522  */
1523 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1524 				    size_t buffer_size)
1525 {
1526 	int len = sizeof(XATTR_NAME_SMACK);
1527 
1528 	if (buffer != NULL && len <= buffer_size)
1529 		memcpy(buffer, XATTR_NAME_SMACK, len);
1530 
1531 	return len;
1532 }
1533 
1534 /**
1535  * smack_inode_getsecid - Extract inode's security id
1536  * @inode: inode to extract the info from
1537  * @secid: where result will be saved
1538  */
1539 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1540 {
1541 	struct smack_known *skp = smk_of_inode(inode);
1542 
1543 	*secid = skp->smk_secid;
1544 }
1545 
1546 /*
1547  * File Hooks
1548  */
1549 
1550 /*
1551  * There is no smack_file_permission hook
1552  *
1553  * Should access checks be done on each read or write?
1554  * UNICOS and SELinux say yes.
1555  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1556  *
1557  * I'll say no for now. Smack does not do the frequent
1558  * label changing that SELinux does.
1559  */
1560 
1561 /**
1562  * smack_file_alloc_security - assign a file security blob
1563  * @file: the object
1564  *
1565  * The security blob for a file is a pointer to the master
1566  * label list, so no allocation is done.
1567  *
1568  * f_security is the owner security information. It
1569  * isn't used on file access checks, it's for send_sigio.
1570  *
1571  * Returns 0
1572  */
1573 static int smack_file_alloc_security(struct file *file)
1574 {
1575 	struct smack_known **blob = smack_file(file);
1576 
1577 	*blob = smk_of_current();
1578 	return 0;
1579 }
1580 
1581 /**
1582  * smack_file_ioctl - Smack check on ioctls
1583  * @file: the object
1584  * @cmd: what to do
1585  * @arg: unused
1586  *
1587  * Relies heavily on the correct use of the ioctl command conventions.
1588  *
1589  * Returns 0 if allowed, error code otherwise
1590  */
1591 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1592 			    unsigned long arg)
1593 {
1594 	int rc = 0;
1595 	struct smk_audit_info ad;
1596 	struct inode *inode = file_inode(file);
1597 
1598 	if (unlikely(IS_PRIVATE(inode)))
1599 		return 0;
1600 
1601 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1602 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1603 
1604 	if (_IOC_DIR(cmd) & _IOC_WRITE) {
1605 		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1606 		rc = smk_bu_file(file, MAY_WRITE, rc);
1607 	}
1608 
1609 	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1610 		rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1611 		rc = smk_bu_file(file, MAY_READ, rc);
1612 	}
1613 
1614 	return rc;
1615 }
1616 
1617 /**
1618  * smack_file_lock - Smack check on file locking
1619  * @file: the object
1620  * @cmd: unused
1621  *
1622  * Returns 0 if current has lock access, error code otherwise
1623  */
1624 static int smack_file_lock(struct file *file, unsigned int cmd)
1625 {
1626 	struct smk_audit_info ad;
1627 	int rc;
1628 	struct inode *inode = file_inode(file);
1629 
1630 	if (unlikely(IS_PRIVATE(inode)))
1631 		return 0;
1632 
1633 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1634 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1635 	rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1636 	rc = smk_bu_file(file, MAY_LOCK, rc);
1637 	return rc;
1638 }
1639 
1640 /**
1641  * smack_file_fcntl - Smack check on fcntl
1642  * @file: the object
1643  * @cmd: what action to check
1644  * @arg: unused
1645  *
1646  * Generally these operations are harmless.
1647  * File locking operations present an obvious mechanism
1648  * for passing information, so they require write access.
1649  *
1650  * Returns 0 if current has access, error code otherwise
1651  */
1652 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1653 			    unsigned long arg)
1654 {
1655 	struct smk_audit_info ad;
1656 	int rc = 0;
1657 	struct inode *inode = file_inode(file);
1658 
1659 	if (unlikely(IS_PRIVATE(inode)))
1660 		return 0;
1661 
1662 	switch (cmd) {
1663 	case F_GETLK:
1664 		break;
1665 	case F_SETLK:
1666 	case F_SETLKW:
1667 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1668 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1669 		rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1670 		rc = smk_bu_file(file, MAY_LOCK, rc);
1671 		break;
1672 	case F_SETOWN:
1673 	case F_SETSIG:
1674 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1675 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1676 		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1677 		rc = smk_bu_file(file, MAY_WRITE, rc);
1678 		break;
1679 	default:
1680 		break;
1681 	}
1682 
1683 	return rc;
1684 }
1685 
1686 /**
1687  * smack_mmap_file - Check permissions for a mmap operation.
1688  * @file: contains the file structure for file to map (may be NULL).
1689  * @reqprot: contains the protection requested by the application.
1690  * @prot: contains the protection that will be applied by the kernel.
1691  * @flags: contains the operational flags.
1692  *
1693  * The @file may be NULL, e.g. if mapping anonymous memory.
1694  *
1695  * Return 0 if permission is granted.
1696  */
1697 static int smack_mmap_file(struct file *file,
1698 			   unsigned long reqprot, unsigned long prot,
1699 			   unsigned long flags)
1700 {
1701 	struct smack_known *skp;
1702 	struct smack_known *mkp;
1703 	struct smack_rule *srp;
1704 	struct task_smack *tsp;
1705 	struct smack_known *okp;
1706 	struct inode_smack *isp;
1707 	struct superblock_smack *sbsp;
1708 	int may;
1709 	int mmay;
1710 	int tmay;
1711 	int rc;
1712 
1713 	if (file == NULL)
1714 		return 0;
1715 
1716 	if (unlikely(IS_PRIVATE(file_inode(file))))
1717 		return 0;
1718 
1719 	isp = smack_inode(file_inode(file));
1720 	if (isp->smk_mmap == NULL)
1721 		return 0;
1722 	sbsp = smack_superblock(file_inode(file)->i_sb);
1723 	if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1724 	    isp->smk_mmap != sbsp->smk_root)
1725 		return -EACCES;
1726 	mkp = isp->smk_mmap;
1727 
1728 	tsp = smack_cred(current_cred());
1729 	skp = smk_of_current();
1730 	rc = 0;
1731 
1732 	rcu_read_lock();
1733 	/*
1734 	 * For each Smack rule associated with the subject
1735 	 * label verify that the SMACK64MMAP also has access
1736 	 * to that rule's object label.
1737 	 */
1738 	list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1739 		okp = srp->smk_object;
1740 		/*
1741 		 * Matching labels always allows access.
1742 		 */
1743 		if (mkp->smk_known == okp->smk_known)
1744 			continue;
1745 		/*
1746 		 * If there is a matching local rule take
1747 		 * that into account as well.
1748 		 */
1749 		may = smk_access_entry(srp->smk_subject->smk_known,
1750 				       okp->smk_known,
1751 				       &tsp->smk_rules);
1752 		if (may == -ENOENT)
1753 			may = srp->smk_access;
1754 		else
1755 			may &= srp->smk_access;
1756 		/*
1757 		 * If may is zero the SMACK64MMAP subject can't
1758 		 * possibly have less access.
1759 		 */
1760 		if (may == 0)
1761 			continue;
1762 
1763 		/*
1764 		 * Fetch the global list entry.
1765 		 * If there isn't one a SMACK64MMAP subject
1766 		 * can't have as much access as current.
1767 		 */
1768 		mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1769 					&mkp->smk_rules);
1770 		if (mmay == -ENOENT) {
1771 			rc = -EACCES;
1772 			break;
1773 		}
1774 		/*
1775 		 * If there is a local entry it modifies the
1776 		 * potential access, too.
1777 		 */
1778 		tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1779 					&tsp->smk_rules);
1780 		if (tmay != -ENOENT)
1781 			mmay &= tmay;
1782 
1783 		/*
1784 		 * If there is any access available to current that is
1785 		 * not available to a SMACK64MMAP subject
1786 		 * deny access.
1787 		 */
1788 		if ((may | mmay) != mmay) {
1789 			rc = -EACCES;
1790 			break;
1791 		}
1792 	}
1793 
1794 	rcu_read_unlock();
1795 
1796 	return rc;
1797 }
1798 
1799 /**
1800  * smack_file_set_fowner - set the file security blob value
1801  * @file: object in question
1802  *
1803  */
1804 static void smack_file_set_fowner(struct file *file)
1805 {
1806 	struct smack_known **blob = smack_file(file);
1807 
1808 	*blob = smk_of_current();
1809 }
1810 
1811 /**
1812  * smack_file_send_sigiotask - Smack on sigio
1813  * @tsk: The target task
1814  * @fown: the object the signal come from
1815  * @signum: unused
1816  *
1817  * Allow a privileged task to get signals even if it shouldn't
1818  *
1819  * Returns 0 if a subject with the object's smack could
1820  * write to the task, an error code otherwise.
1821  */
1822 static int smack_file_send_sigiotask(struct task_struct *tsk,
1823 				     struct fown_struct *fown, int signum)
1824 {
1825 	struct smack_known **blob;
1826 	struct smack_known *skp;
1827 	struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
1828 	const struct cred *tcred;
1829 	struct file *file;
1830 	int rc;
1831 	struct smk_audit_info ad;
1832 
1833 	/*
1834 	 * struct fown_struct is never outside the context of a struct file
1835 	 */
1836 	file = container_of(fown, struct file, f_owner);
1837 
1838 	/* we don't log here as rc can be overriden */
1839 	blob = smack_file(file);
1840 	skp = *blob;
1841 	rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1842 	rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1843 
1844 	rcu_read_lock();
1845 	tcred = __task_cred(tsk);
1846 	if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
1847 		rc = 0;
1848 	rcu_read_unlock();
1849 
1850 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1851 	smk_ad_setfield_u_tsk(&ad, tsk);
1852 	smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1853 	return rc;
1854 }
1855 
1856 /**
1857  * smack_file_receive - Smack file receive check
1858  * @file: the object
1859  *
1860  * Returns 0 if current has access, error code otherwise
1861  */
1862 static int smack_file_receive(struct file *file)
1863 {
1864 	int rc;
1865 	int may = 0;
1866 	struct smk_audit_info ad;
1867 	struct inode *inode = file_inode(file);
1868 	struct socket *sock;
1869 	struct task_smack *tsp;
1870 	struct socket_smack *ssp;
1871 
1872 	if (unlikely(IS_PRIVATE(inode)))
1873 		return 0;
1874 
1875 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1876 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1877 
1878 	if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1879 		sock = SOCKET_I(inode);
1880 		ssp = sock->sk->sk_security;
1881 		tsp = smack_cred(current_cred());
1882 		/*
1883 		 * If the receiving process can't write to the
1884 		 * passed socket or if the passed socket can't
1885 		 * write to the receiving process don't accept
1886 		 * the passed socket.
1887 		 */
1888 		rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1889 		rc = smk_bu_file(file, may, rc);
1890 		if (rc < 0)
1891 			return rc;
1892 		rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1893 		rc = smk_bu_file(file, may, rc);
1894 		return rc;
1895 	}
1896 	/*
1897 	 * This code relies on bitmasks.
1898 	 */
1899 	if (file->f_mode & FMODE_READ)
1900 		may = MAY_READ;
1901 	if (file->f_mode & FMODE_WRITE)
1902 		may |= MAY_WRITE;
1903 
1904 	rc = smk_curacc(smk_of_inode(inode), may, &ad);
1905 	rc = smk_bu_file(file, may, rc);
1906 	return rc;
1907 }
1908 
1909 /**
1910  * smack_file_open - Smack dentry open processing
1911  * @file: the object
1912  *
1913  * Set the security blob in the file structure.
1914  * Allow the open only if the task has read access. There are
1915  * many read operations (e.g. fstat) that you can do with an
1916  * fd even if you have the file open write-only.
1917  *
1918  * Returns 0 if current has access, error code otherwise
1919  */
1920 static int smack_file_open(struct file *file)
1921 {
1922 	struct task_smack *tsp = smack_cred(file->f_cred);
1923 	struct inode *inode = file_inode(file);
1924 	struct smk_audit_info ad;
1925 	int rc;
1926 
1927 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1928 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1929 	rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1930 	rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
1931 
1932 	return rc;
1933 }
1934 
1935 /*
1936  * Task hooks
1937  */
1938 
1939 /**
1940  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1941  * @cred: the new credentials
1942  * @gfp: the atomicity of any memory allocations
1943  *
1944  * Prepare a blank set of credentials for modification.  This must allocate all
1945  * the memory the LSM module might require such that cred_transfer() can
1946  * complete without error.
1947  */
1948 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1949 {
1950 	init_task_smack(smack_cred(cred), NULL, NULL);
1951 	return 0;
1952 }
1953 
1954 
1955 /**
1956  * smack_cred_free - "free" task-level security credentials
1957  * @cred: the credentials in question
1958  *
1959  */
1960 static void smack_cred_free(struct cred *cred)
1961 {
1962 	struct task_smack *tsp = smack_cred(cred);
1963 	struct smack_rule *rp;
1964 	struct list_head *l;
1965 	struct list_head *n;
1966 
1967 	smk_destroy_label_list(&tsp->smk_relabel);
1968 
1969 	list_for_each_safe(l, n, &tsp->smk_rules) {
1970 		rp = list_entry(l, struct smack_rule, list);
1971 		list_del(&rp->list);
1972 		kmem_cache_free(smack_rule_cache, rp);
1973 	}
1974 }
1975 
1976 /**
1977  * smack_cred_prepare - prepare new set of credentials for modification
1978  * @new: the new credentials
1979  * @old: the original credentials
1980  * @gfp: the atomicity of any memory allocations
1981  *
1982  * Prepare a new set of credentials for modification.
1983  */
1984 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1985 			      gfp_t gfp)
1986 {
1987 	struct task_smack *old_tsp = smack_cred(old);
1988 	struct task_smack *new_tsp = smack_cred(new);
1989 	int rc;
1990 
1991 	init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
1992 
1993 	rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1994 	if (rc != 0)
1995 		return rc;
1996 
1997 	rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
1998 				gfp);
1999 	return rc;
2000 }
2001 
2002 /**
2003  * smack_cred_transfer - Transfer the old credentials to the new credentials
2004  * @new: the new credentials
2005  * @old: the original credentials
2006  *
2007  * Fill in a set of blank credentials from another set of credentials.
2008  */
2009 static void smack_cred_transfer(struct cred *new, const struct cred *old)
2010 {
2011 	struct task_smack *old_tsp = smack_cred(old);
2012 	struct task_smack *new_tsp = smack_cred(new);
2013 
2014 	new_tsp->smk_task = old_tsp->smk_task;
2015 	new_tsp->smk_forked = old_tsp->smk_task;
2016 	mutex_init(&new_tsp->smk_rules_lock);
2017 	INIT_LIST_HEAD(&new_tsp->smk_rules);
2018 
2019 	/* cbs copy rule list */
2020 }
2021 
2022 /**
2023  * smack_cred_getsecid - get the secid corresponding to a creds structure
2024  * @cred: the object creds
2025  * @secid: where to put the result
2026  *
2027  * Sets the secid to contain a u32 version of the smack label.
2028  */
2029 static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
2030 {
2031 	struct smack_known *skp;
2032 
2033 	rcu_read_lock();
2034 	skp = smk_of_task(smack_cred(cred));
2035 	*secid = skp->smk_secid;
2036 	rcu_read_unlock();
2037 }
2038 
2039 /**
2040  * smack_kernel_act_as - Set the subjective context in a set of credentials
2041  * @new: points to the set of credentials to be modified.
2042  * @secid: specifies the security ID to be set
2043  *
2044  * Set the security data for a kernel service.
2045  */
2046 static int smack_kernel_act_as(struct cred *new, u32 secid)
2047 {
2048 	struct task_smack *new_tsp = smack_cred(new);
2049 
2050 	new_tsp->smk_task = smack_from_secid(secid);
2051 	return 0;
2052 }
2053 
2054 /**
2055  * smack_kernel_create_files_as - Set the file creation label in a set of creds
2056  * @new: points to the set of credentials to be modified
2057  * @inode: points to the inode to use as a reference
2058  *
2059  * Set the file creation context in a set of credentials to the same
2060  * as the objective context of the specified inode
2061  */
2062 static int smack_kernel_create_files_as(struct cred *new,
2063 					struct inode *inode)
2064 {
2065 	struct inode_smack *isp = smack_inode(inode);
2066 	struct task_smack *tsp = smack_cred(new);
2067 
2068 	tsp->smk_forked = isp->smk_inode;
2069 	tsp->smk_task = tsp->smk_forked;
2070 	return 0;
2071 }
2072 
2073 /**
2074  * smk_curacc_on_task - helper to log task related access
2075  * @p: the task object
2076  * @access: the access requested
2077  * @caller: name of the calling function for audit
2078  *
2079  * Return 0 if access is permitted
2080  */
2081 static int smk_curacc_on_task(struct task_struct *p, int access,
2082 				const char *caller)
2083 {
2084 	struct smk_audit_info ad;
2085 	struct smack_known *skp = smk_of_task_struct_obj(p);
2086 	int rc;
2087 
2088 	smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2089 	smk_ad_setfield_u_tsk(&ad, p);
2090 	rc = smk_curacc(skp, access, &ad);
2091 	rc = smk_bu_task(p, access, rc);
2092 	return rc;
2093 }
2094 
2095 /**
2096  * smack_task_setpgid - Smack check on setting pgid
2097  * @p: the task object
2098  * @pgid: unused
2099  *
2100  * Return 0 if write access is permitted
2101  */
2102 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2103 {
2104 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2105 }
2106 
2107 /**
2108  * smack_task_getpgid - Smack access check for getpgid
2109  * @p: the object task
2110  *
2111  * Returns 0 if current can read the object task, error code otherwise
2112  */
2113 static int smack_task_getpgid(struct task_struct *p)
2114 {
2115 	return smk_curacc_on_task(p, MAY_READ, __func__);
2116 }
2117 
2118 /**
2119  * smack_task_getsid - Smack access check for getsid
2120  * @p: the object task
2121  *
2122  * Returns 0 if current can read the object task, error code otherwise
2123  */
2124 static int smack_task_getsid(struct task_struct *p)
2125 {
2126 	return smk_curacc_on_task(p, MAY_READ, __func__);
2127 }
2128 
2129 /**
2130  * smack_current_getsecid_subj - get the subjective secid of the current task
2131  * @secid: where to put the result
2132  *
2133  * Sets the secid to contain a u32 version of the task's subjective smack label.
2134  */
2135 static void smack_current_getsecid_subj(u32 *secid)
2136 {
2137 	struct smack_known *skp = smk_of_current();
2138 
2139 	*secid = skp->smk_secid;
2140 }
2141 
2142 /**
2143  * smack_task_getsecid_obj - get the objective secid of the task
2144  * @p: the task
2145  * @secid: where to put the result
2146  *
2147  * Sets the secid to contain a u32 version of the task's objective smack label.
2148  */
2149 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid)
2150 {
2151 	struct smack_known *skp = smk_of_task_struct_obj(p);
2152 
2153 	*secid = skp->smk_secid;
2154 }
2155 
2156 /**
2157  * smack_task_setnice - Smack check on setting nice
2158  * @p: the task object
2159  * @nice: unused
2160  *
2161  * Return 0 if write access is permitted
2162  */
2163 static int smack_task_setnice(struct task_struct *p, int nice)
2164 {
2165 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2166 }
2167 
2168 /**
2169  * smack_task_setioprio - Smack check on setting ioprio
2170  * @p: the task object
2171  * @ioprio: unused
2172  *
2173  * Return 0 if write access is permitted
2174  */
2175 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2176 {
2177 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2178 }
2179 
2180 /**
2181  * smack_task_getioprio - Smack check on reading ioprio
2182  * @p: the task object
2183  *
2184  * Return 0 if read access is permitted
2185  */
2186 static int smack_task_getioprio(struct task_struct *p)
2187 {
2188 	return smk_curacc_on_task(p, MAY_READ, __func__);
2189 }
2190 
2191 /**
2192  * smack_task_setscheduler - Smack check on setting scheduler
2193  * @p: the task object
2194  *
2195  * Return 0 if read access is permitted
2196  */
2197 static int smack_task_setscheduler(struct task_struct *p)
2198 {
2199 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2200 }
2201 
2202 /**
2203  * smack_task_getscheduler - Smack check on reading scheduler
2204  * @p: the task object
2205  *
2206  * Return 0 if read access is permitted
2207  */
2208 static int smack_task_getscheduler(struct task_struct *p)
2209 {
2210 	return smk_curacc_on_task(p, MAY_READ, __func__);
2211 }
2212 
2213 /**
2214  * smack_task_movememory - Smack check on moving memory
2215  * @p: the task object
2216  *
2217  * Return 0 if write access is permitted
2218  */
2219 static int smack_task_movememory(struct task_struct *p)
2220 {
2221 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2222 }
2223 
2224 /**
2225  * smack_task_kill - Smack check on signal delivery
2226  * @p: the task object
2227  * @info: unused
2228  * @sig: unused
2229  * @cred: identifies the cred to use in lieu of current's
2230  *
2231  * Return 0 if write access is permitted
2232  *
2233  */
2234 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
2235 			   int sig, const struct cred *cred)
2236 {
2237 	struct smk_audit_info ad;
2238 	struct smack_known *skp;
2239 	struct smack_known *tkp = smk_of_task_struct_obj(p);
2240 	int rc;
2241 
2242 	if (!sig)
2243 		return 0; /* null signal; existence test */
2244 
2245 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2246 	smk_ad_setfield_u_tsk(&ad, p);
2247 	/*
2248 	 * Sending a signal requires that the sender
2249 	 * can write the receiver.
2250 	 */
2251 	if (cred == NULL) {
2252 		rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2253 		rc = smk_bu_task(p, MAY_DELIVER, rc);
2254 		return rc;
2255 	}
2256 	/*
2257 	 * If the cred isn't NULL we're dealing with some USB IO
2258 	 * specific behavior. This is not clean. For one thing
2259 	 * we can't take privilege into account.
2260 	 */
2261 	skp = smk_of_task(smack_cred(cred));
2262 	rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2263 	rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2264 	return rc;
2265 }
2266 
2267 /**
2268  * smack_task_to_inode - copy task smack into the inode blob
2269  * @p: task to copy from
2270  * @inode: inode to copy to
2271  *
2272  * Sets the smack pointer in the inode security blob
2273  */
2274 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2275 {
2276 	struct inode_smack *isp = smack_inode(inode);
2277 	struct smack_known *skp = smk_of_task_struct_obj(p);
2278 
2279 	isp->smk_inode = skp;
2280 	isp->smk_flags |= SMK_INODE_INSTANT;
2281 }
2282 
2283 /*
2284  * Socket hooks.
2285  */
2286 
2287 /**
2288  * smack_sk_alloc_security - Allocate a socket blob
2289  * @sk: the socket
2290  * @family: unused
2291  * @gfp_flags: memory allocation flags
2292  *
2293  * Assign Smack pointers to current
2294  *
2295  * Returns 0 on success, -ENOMEM is there's no memory
2296  */
2297 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2298 {
2299 	struct smack_known *skp = smk_of_current();
2300 	struct socket_smack *ssp;
2301 
2302 	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2303 	if (ssp == NULL)
2304 		return -ENOMEM;
2305 
2306 	/*
2307 	 * Sockets created by kernel threads receive web label.
2308 	 */
2309 	if (unlikely(current->flags & PF_KTHREAD)) {
2310 		ssp->smk_in = &smack_known_web;
2311 		ssp->smk_out = &smack_known_web;
2312 	} else {
2313 		ssp->smk_in = skp;
2314 		ssp->smk_out = skp;
2315 	}
2316 	ssp->smk_packet = NULL;
2317 
2318 	sk->sk_security = ssp;
2319 
2320 	return 0;
2321 }
2322 
2323 /**
2324  * smack_sk_free_security - Free a socket blob
2325  * @sk: the socket
2326  *
2327  * Clears the blob pointer
2328  */
2329 static void smack_sk_free_security(struct sock *sk)
2330 {
2331 #ifdef SMACK_IPV6_PORT_LABELING
2332 	struct smk_port_label *spp;
2333 
2334 	if (sk->sk_family == PF_INET6) {
2335 		rcu_read_lock();
2336 		list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2337 			if (spp->smk_sock != sk)
2338 				continue;
2339 			spp->smk_can_reuse = 1;
2340 			break;
2341 		}
2342 		rcu_read_unlock();
2343 	}
2344 #endif
2345 	kfree(sk->sk_security);
2346 }
2347 
2348 /**
2349  * smack_sk_clone_security - Copy security context
2350  * @sk: the old socket
2351  * @newsk: the new socket
2352  *
2353  * Copy the security context of the old socket pointer to the cloned
2354  */
2355 static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk)
2356 {
2357 	struct socket_smack *ssp_old = sk->sk_security;
2358 	struct socket_smack *ssp_new = newsk->sk_security;
2359 
2360 	*ssp_new = *ssp_old;
2361 }
2362 
2363 /**
2364 * smack_ipv4host_label - check host based restrictions
2365 * @sip: the object end
2366 *
2367 * looks for host based access restrictions
2368 *
2369 * This version will only be appropriate for really small sets of single label
2370 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2371 * taken before calling this function.
2372 *
2373 * Returns the label of the far end or NULL if it's not special.
2374 */
2375 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2376 {
2377 	struct smk_net4addr *snp;
2378 	struct in_addr *siap = &sip->sin_addr;
2379 
2380 	if (siap->s_addr == 0)
2381 		return NULL;
2382 
2383 	list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2384 		/*
2385 		 * we break after finding the first match because
2386 		 * the list is sorted from longest to shortest mask
2387 		 * so we have found the most specific match
2388 		 */
2389 		if (snp->smk_host.s_addr ==
2390 		    (siap->s_addr & snp->smk_mask.s_addr))
2391 			return snp->smk_label;
2392 
2393 	return NULL;
2394 }
2395 
2396 /*
2397  * smk_ipv6_localhost - Check for local ipv6 host address
2398  * @sip: the address
2399  *
2400  * Returns boolean true if this is the localhost address
2401  */
2402 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2403 {
2404 	__be16 *be16p = (__be16 *)&sip->sin6_addr;
2405 	__be32 *be32p = (__be32 *)&sip->sin6_addr;
2406 
2407 	if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2408 	    ntohs(be16p[7]) == 1)
2409 		return true;
2410 	return false;
2411 }
2412 
2413 /**
2414 * smack_ipv6host_label - check host based restrictions
2415 * @sip: the object end
2416 *
2417 * looks for host based access restrictions
2418 *
2419 * This version will only be appropriate for really small sets of single label
2420 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2421 * taken before calling this function.
2422 *
2423 * Returns the label of the far end or NULL if it's not special.
2424 */
2425 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2426 {
2427 	struct smk_net6addr *snp;
2428 	struct in6_addr *sap = &sip->sin6_addr;
2429 	int i;
2430 	int found = 0;
2431 
2432 	/*
2433 	 * It's local. Don't look for a host label.
2434 	 */
2435 	if (smk_ipv6_localhost(sip))
2436 		return NULL;
2437 
2438 	list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2439 		/*
2440 		 * If the label is NULL the entry has
2441 		 * been renounced. Ignore it.
2442 		 */
2443 		if (snp->smk_label == NULL)
2444 			continue;
2445 		/*
2446 		* we break after finding the first match because
2447 		* the list is sorted from longest to shortest mask
2448 		* so we have found the most specific match
2449 		*/
2450 		for (found = 1, i = 0; i < 8; i++) {
2451 			if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2452 			    snp->smk_host.s6_addr16[i]) {
2453 				found = 0;
2454 				break;
2455 			}
2456 		}
2457 		if (found)
2458 			return snp->smk_label;
2459 	}
2460 
2461 	return NULL;
2462 }
2463 
2464 /**
2465  * smack_netlbl_add - Set the secattr on a socket
2466  * @sk: the socket
2467  *
2468  * Attach the outbound smack value (smk_out) to the socket.
2469  *
2470  * Returns 0 on success or an error code
2471  */
2472 static int smack_netlbl_add(struct sock *sk)
2473 {
2474 	struct socket_smack *ssp = sk->sk_security;
2475 	struct smack_known *skp = ssp->smk_out;
2476 	int rc;
2477 
2478 	local_bh_disable();
2479 	bh_lock_sock_nested(sk);
2480 
2481 	rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2482 	switch (rc) {
2483 	case 0:
2484 		ssp->smk_state = SMK_NETLBL_LABELED;
2485 		break;
2486 	case -EDESTADDRREQ:
2487 		ssp->smk_state = SMK_NETLBL_REQSKB;
2488 		rc = 0;
2489 		break;
2490 	}
2491 
2492 	bh_unlock_sock(sk);
2493 	local_bh_enable();
2494 
2495 	return rc;
2496 }
2497 
2498 /**
2499  * smack_netlbl_delete - Remove the secattr from a socket
2500  * @sk: the socket
2501  *
2502  * Remove the outbound smack value from a socket
2503  */
2504 static void smack_netlbl_delete(struct sock *sk)
2505 {
2506 	struct socket_smack *ssp = sk->sk_security;
2507 
2508 	/*
2509 	 * Take the label off the socket if one is set.
2510 	 */
2511 	if (ssp->smk_state != SMK_NETLBL_LABELED)
2512 		return;
2513 
2514 	local_bh_disable();
2515 	bh_lock_sock_nested(sk);
2516 	netlbl_sock_delattr(sk);
2517 	bh_unlock_sock(sk);
2518 	local_bh_enable();
2519 	ssp->smk_state = SMK_NETLBL_UNLABELED;
2520 }
2521 
2522 /**
2523  * smk_ipv4_check - Perform IPv4 host access checks
2524  * @sk: the socket
2525  * @sap: the destination address
2526  *
2527  * Set the correct secattr for the given socket based on the destination
2528  * address and perform any outbound access checks needed.
2529  *
2530  * Returns 0 on success or an error code.
2531  *
2532  */
2533 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
2534 {
2535 	struct smack_known *skp;
2536 	int rc = 0;
2537 	struct smack_known *hkp;
2538 	struct socket_smack *ssp = sk->sk_security;
2539 	struct smk_audit_info ad;
2540 
2541 	rcu_read_lock();
2542 	hkp = smack_ipv4host_label(sap);
2543 	if (hkp != NULL) {
2544 #ifdef CONFIG_AUDIT
2545 		struct lsm_network_audit net;
2546 
2547 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2548 		ad.a.u.net->family = sap->sin_family;
2549 		ad.a.u.net->dport = sap->sin_port;
2550 		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2551 #endif
2552 		skp = ssp->smk_out;
2553 		rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2554 		rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2555 		/*
2556 		 * Clear the socket netlabel if it's set.
2557 		 */
2558 		if (!rc)
2559 			smack_netlbl_delete(sk);
2560 	}
2561 	rcu_read_unlock();
2562 
2563 	return rc;
2564 }
2565 
2566 /**
2567  * smk_ipv6_check - check Smack access
2568  * @subject: subject Smack label
2569  * @object: object Smack label
2570  * @address: address
2571  * @act: the action being taken
2572  *
2573  * Check an IPv6 access
2574  */
2575 static int smk_ipv6_check(struct smack_known *subject,
2576 				struct smack_known *object,
2577 				struct sockaddr_in6 *address, int act)
2578 {
2579 #ifdef CONFIG_AUDIT
2580 	struct lsm_network_audit net;
2581 #endif
2582 	struct smk_audit_info ad;
2583 	int rc;
2584 
2585 #ifdef CONFIG_AUDIT
2586 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2587 	ad.a.u.net->family = PF_INET6;
2588 	ad.a.u.net->dport = address->sin6_port;
2589 	if (act == SMK_RECEIVING)
2590 		ad.a.u.net->v6info.saddr = address->sin6_addr;
2591 	else
2592 		ad.a.u.net->v6info.daddr = address->sin6_addr;
2593 #endif
2594 	rc = smk_access(subject, object, MAY_WRITE, &ad);
2595 	rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2596 	return rc;
2597 }
2598 
2599 #ifdef SMACK_IPV6_PORT_LABELING
2600 /**
2601  * smk_ipv6_port_label - Smack port access table management
2602  * @sock: socket
2603  * @address: address
2604  *
2605  * Create or update the port list entry
2606  */
2607 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2608 {
2609 	struct sock *sk = sock->sk;
2610 	struct sockaddr_in6 *addr6;
2611 	struct socket_smack *ssp = sock->sk->sk_security;
2612 	struct smk_port_label *spp;
2613 	unsigned short port = 0;
2614 
2615 	if (address == NULL) {
2616 		/*
2617 		 * This operation is changing the Smack information
2618 		 * on the bound socket. Take the changes to the port
2619 		 * as well.
2620 		 */
2621 		rcu_read_lock();
2622 		list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2623 			if (sk != spp->smk_sock)
2624 				continue;
2625 			spp->smk_in = ssp->smk_in;
2626 			spp->smk_out = ssp->smk_out;
2627 			rcu_read_unlock();
2628 			return;
2629 		}
2630 		/*
2631 		 * A NULL address is only used for updating existing
2632 		 * bound entries. If there isn't one, it's OK.
2633 		 */
2634 		rcu_read_unlock();
2635 		return;
2636 	}
2637 
2638 	addr6 = (struct sockaddr_in6 *)address;
2639 	port = ntohs(addr6->sin6_port);
2640 	/*
2641 	 * This is a special case that is safely ignored.
2642 	 */
2643 	if (port == 0)
2644 		return;
2645 
2646 	/*
2647 	 * Look for an existing port list entry.
2648 	 * This is an indication that a port is getting reused.
2649 	 */
2650 	rcu_read_lock();
2651 	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2652 		if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2653 			continue;
2654 		if (spp->smk_can_reuse != 1) {
2655 			rcu_read_unlock();
2656 			return;
2657 		}
2658 		spp->smk_port = port;
2659 		spp->smk_sock = sk;
2660 		spp->smk_in = ssp->smk_in;
2661 		spp->smk_out = ssp->smk_out;
2662 		spp->smk_can_reuse = 0;
2663 		rcu_read_unlock();
2664 		return;
2665 	}
2666 	rcu_read_unlock();
2667 	/*
2668 	 * A new port entry is required.
2669 	 */
2670 	spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2671 	if (spp == NULL)
2672 		return;
2673 
2674 	spp->smk_port = port;
2675 	spp->smk_sock = sk;
2676 	spp->smk_in = ssp->smk_in;
2677 	spp->smk_out = ssp->smk_out;
2678 	spp->smk_sock_type = sock->type;
2679 	spp->smk_can_reuse = 0;
2680 
2681 	mutex_lock(&smack_ipv6_lock);
2682 	list_add_rcu(&spp->list, &smk_ipv6_port_list);
2683 	mutex_unlock(&smack_ipv6_lock);
2684 	return;
2685 }
2686 
2687 /**
2688  * smk_ipv6_port_check - check Smack port access
2689  * @sk: socket
2690  * @address: address
2691  * @act: the action being taken
2692  *
2693  * Create or update the port list entry
2694  */
2695 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2696 				int act)
2697 {
2698 	struct smk_port_label *spp;
2699 	struct socket_smack *ssp = sk->sk_security;
2700 	struct smack_known *skp = NULL;
2701 	unsigned short port;
2702 	struct smack_known *object;
2703 
2704 	if (act == SMK_RECEIVING) {
2705 		skp = smack_ipv6host_label(address);
2706 		object = ssp->smk_in;
2707 	} else {
2708 		skp = ssp->smk_out;
2709 		object = smack_ipv6host_label(address);
2710 	}
2711 
2712 	/*
2713 	 * The other end is a single label host.
2714 	 */
2715 	if (skp != NULL && object != NULL)
2716 		return smk_ipv6_check(skp, object, address, act);
2717 	if (skp == NULL)
2718 		skp = smack_net_ambient;
2719 	if (object == NULL)
2720 		object = smack_net_ambient;
2721 
2722 	/*
2723 	 * It's remote, so port lookup does no good.
2724 	 */
2725 	if (!smk_ipv6_localhost(address))
2726 		return smk_ipv6_check(skp, object, address, act);
2727 
2728 	/*
2729 	 * It's local so the send check has to have passed.
2730 	 */
2731 	if (act == SMK_RECEIVING)
2732 		return 0;
2733 
2734 	port = ntohs(address->sin6_port);
2735 	rcu_read_lock();
2736 	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2737 		if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2738 			continue;
2739 		object = spp->smk_in;
2740 		if (act == SMK_CONNECTING)
2741 			ssp->smk_packet = spp->smk_out;
2742 		break;
2743 	}
2744 	rcu_read_unlock();
2745 
2746 	return smk_ipv6_check(skp, object, address, act);
2747 }
2748 #endif
2749 
2750 /**
2751  * smack_inode_setsecurity - set smack xattrs
2752  * @inode: the object
2753  * @name: attribute name
2754  * @value: attribute value
2755  * @size: size of the attribute
2756  * @flags: unused
2757  *
2758  * Sets the named attribute in the appropriate blob
2759  *
2760  * Returns 0 on success, or an error code
2761  */
2762 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2763 				   const void *value, size_t size, int flags)
2764 {
2765 	struct smack_known *skp;
2766 	struct inode_smack *nsp = smack_inode(inode);
2767 	struct socket_smack *ssp;
2768 	struct socket *sock;
2769 	int rc = 0;
2770 
2771 	if (value == NULL || size > SMK_LONGLABEL || size == 0)
2772 		return -EINVAL;
2773 
2774 	skp = smk_import_entry(value, size);
2775 	if (IS_ERR(skp))
2776 		return PTR_ERR(skp);
2777 
2778 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2779 		nsp->smk_inode = skp;
2780 		nsp->smk_flags |= SMK_INODE_INSTANT;
2781 		return 0;
2782 	}
2783 	/*
2784 	 * The rest of the Smack xattrs are only on sockets.
2785 	 */
2786 	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2787 		return -EOPNOTSUPP;
2788 
2789 	sock = SOCKET_I(inode);
2790 	if (sock == NULL || sock->sk == NULL)
2791 		return -EOPNOTSUPP;
2792 
2793 	ssp = sock->sk->sk_security;
2794 
2795 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2796 		ssp->smk_in = skp;
2797 	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2798 		ssp->smk_out = skp;
2799 		if (sock->sk->sk_family == PF_INET) {
2800 			rc = smack_netlbl_add(sock->sk);
2801 			if (rc != 0)
2802 				printk(KERN_WARNING
2803 					"Smack: \"%s\" netlbl error %d.\n",
2804 					__func__, -rc);
2805 		}
2806 	} else
2807 		return -EOPNOTSUPP;
2808 
2809 #ifdef SMACK_IPV6_PORT_LABELING
2810 	if (sock->sk->sk_family == PF_INET6)
2811 		smk_ipv6_port_label(sock, NULL);
2812 #endif
2813 
2814 	return 0;
2815 }
2816 
2817 /**
2818  * smack_socket_post_create - finish socket setup
2819  * @sock: the socket
2820  * @family: protocol family
2821  * @type: unused
2822  * @protocol: unused
2823  * @kern: unused
2824  *
2825  * Sets the netlabel information on the socket
2826  *
2827  * Returns 0 on success, and error code otherwise
2828  */
2829 static int smack_socket_post_create(struct socket *sock, int family,
2830 				    int type, int protocol, int kern)
2831 {
2832 	struct socket_smack *ssp;
2833 
2834 	if (sock->sk == NULL)
2835 		return 0;
2836 
2837 	/*
2838 	 * Sockets created by kernel threads receive web label.
2839 	 */
2840 	if (unlikely(current->flags & PF_KTHREAD)) {
2841 		ssp = sock->sk->sk_security;
2842 		ssp->smk_in = &smack_known_web;
2843 		ssp->smk_out = &smack_known_web;
2844 	}
2845 
2846 	if (family != PF_INET)
2847 		return 0;
2848 	/*
2849 	 * Set the outbound netlbl.
2850 	 */
2851 	return smack_netlbl_add(sock->sk);
2852 }
2853 
2854 /**
2855  * smack_socket_socketpair - create socket pair
2856  * @socka: one socket
2857  * @sockb: another socket
2858  *
2859  * Cross reference the peer labels for SO_PEERSEC
2860  *
2861  * Returns 0
2862  */
2863 static int smack_socket_socketpair(struct socket *socka,
2864 		                   struct socket *sockb)
2865 {
2866 	struct socket_smack *asp = socka->sk->sk_security;
2867 	struct socket_smack *bsp = sockb->sk->sk_security;
2868 
2869 	asp->smk_packet = bsp->smk_out;
2870 	bsp->smk_packet = asp->smk_out;
2871 
2872 	return 0;
2873 }
2874 
2875 #ifdef SMACK_IPV6_PORT_LABELING
2876 /**
2877  * smack_socket_bind - record port binding information.
2878  * @sock: the socket
2879  * @address: the port address
2880  * @addrlen: size of the address
2881  *
2882  * Records the label bound to a port.
2883  *
2884  * Returns 0 on success, and error code otherwise
2885  */
2886 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2887 				int addrlen)
2888 {
2889 	if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
2890 		if (addrlen < SIN6_LEN_RFC2133 ||
2891 		    address->sa_family != AF_INET6)
2892 			return -EINVAL;
2893 		smk_ipv6_port_label(sock, address);
2894 	}
2895 	return 0;
2896 }
2897 #endif /* SMACK_IPV6_PORT_LABELING */
2898 
2899 /**
2900  * smack_socket_connect - connect access check
2901  * @sock: the socket
2902  * @sap: the other end
2903  * @addrlen: size of sap
2904  *
2905  * Verifies that a connection may be possible
2906  *
2907  * Returns 0 on success, and error code otherwise
2908  */
2909 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2910 				int addrlen)
2911 {
2912 	int rc = 0;
2913 
2914 	if (sock->sk == NULL)
2915 		return 0;
2916 	if (sock->sk->sk_family != PF_INET &&
2917 	    (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
2918 		return 0;
2919 	if (addrlen < offsetofend(struct sockaddr, sa_family))
2920 		return 0;
2921 	if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
2922 		struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2923 		struct smack_known *rsp = NULL;
2924 
2925 		if (addrlen < SIN6_LEN_RFC2133)
2926 			return 0;
2927 		if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
2928 			rsp = smack_ipv6host_label(sip);
2929 		if (rsp != NULL) {
2930 			struct socket_smack *ssp = sock->sk->sk_security;
2931 
2932 			rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2933 					    SMK_CONNECTING);
2934 		}
2935 #ifdef SMACK_IPV6_PORT_LABELING
2936 		rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2937 #endif
2938 
2939 		return rc;
2940 	}
2941 	if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
2942 		return 0;
2943 	rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap);
2944 	return rc;
2945 }
2946 
2947 /**
2948  * smack_flags_to_may - convert S_ to MAY_ values
2949  * @flags: the S_ value
2950  *
2951  * Returns the equivalent MAY_ value
2952  */
2953 static int smack_flags_to_may(int flags)
2954 {
2955 	int may = 0;
2956 
2957 	if (flags & S_IRUGO)
2958 		may |= MAY_READ;
2959 	if (flags & S_IWUGO)
2960 		may |= MAY_WRITE;
2961 	if (flags & S_IXUGO)
2962 		may |= MAY_EXEC;
2963 
2964 	return may;
2965 }
2966 
2967 /**
2968  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2969  * @msg: the object
2970  *
2971  * Returns 0
2972  */
2973 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2974 {
2975 	struct smack_known **blob = smack_msg_msg(msg);
2976 
2977 	*blob = smk_of_current();
2978 	return 0;
2979 }
2980 
2981 /**
2982  * smack_of_ipc - the smack pointer for the ipc
2983  * @isp: the object
2984  *
2985  * Returns a pointer to the smack value
2986  */
2987 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
2988 {
2989 	struct smack_known **blob = smack_ipc(isp);
2990 
2991 	return *blob;
2992 }
2993 
2994 /**
2995  * smack_ipc_alloc_security - Set the security blob for ipc
2996  * @isp: the object
2997  *
2998  * Returns 0
2999  */
3000 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
3001 {
3002 	struct smack_known **blob = smack_ipc(isp);
3003 
3004 	*blob = smk_of_current();
3005 	return 0;
3006 }
3007 
3008 /**
3009  * smk_curacc_shm : check if current has access on shm
3010  * @isp : the object
3011  * @access : access requested
3012  *
3013  * Returns 0 if current has the requested access, error code otherwise
3014  */
3015 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
3016 {
3017 	struct smack_known *ssp = smack_of_ipc(isp);
3018 	struct smk_audit_info ad;
3019 	int rc;
3020 
3021 #ifdef CONFIG_AUDIT
3022 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3023 	ad.a.u.ipc_id = isp->id;
3024 #endif
3025 	rc = smk_curacc(ssp, access, &ad);
3026 	rc = smk_bu_current("shm", ssp, access, rc);
3027 	return rc;
3028 }
3029 
3030 /**
3031  * smack_shm_associate - Smack access check for shm
3032  * @isp: the object
3033  * @shmflg: access requested
3034  *
3035  * Returns 0 if current has the requested access, error code otherwise
3036  */
3037 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
3038 {
3039 	int may;
3040 
3041 	may = smack_flags_to_may(shmflg);
3042 	return smk_curacc_shm(isp, may);
3043 }
3044 
3045 /**
3046  * smack_shm_shmctl - Smack access check for shm
3047  * @isp: the object
3048  * @cmd: what it wants to do
3049  *
3050  * Returns 0 if current has the requested access, error code otherwise
3051  */
3052 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
3053 {
3054 	int may;
3055 
3056 	switch (cmd) {
3057 	case IPC_STAT:
3058 	case SHM_STAT:
3059 	case SHM_STAT_ANY:
3060 		may = MAY_READ;
3061 		break;
3062 	case IPC_SET:
3063 	case SHM_LOCK:
3064 	case SHM_UNLOCK:
3065 	case IPC_RMID:
3066 		may = MAY_READWRITE;
3067 		break;
3068 	case IPC_INFO:
3069 	case SHM_INFO:
3070 		/*
3071 		 * System level information.
3072 		 */
3073 		return 0;
3074 	default:
3075 		return -EINVAL;
3076 	}
3077 	return smk_curacc_shm(isp, may);
3078 }
3079 
3080 /**
3081  * smack_shm_shmat - Smack access for shmat
3082  * @isp: the object
3083  * @shmaddr: unused
3084  * @shmflg: access requested
3085  *
3086  * Returns 0 if current has the requested access, error code otherwise
3087  */
3088 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
3089 			   int shmflg)
3090 {
3091 	int may;
3092 
3093 	may = smack_flags_to_may(shmflg);
3094 	return smk_curacc_shm(isp, may);
3095 }
3096 
3097 /**
3098  * smk_curacc_sem : check if current has access on sem
3099  * @isp : the object
3100  * @access : access requested
3101  *
3102  * Returns 0 if current has the requested access, error code otherwise
3103  */
3104 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3105 {
3106 	struct smack_known *ssp = smack_of_ipc(isp);
3107 	struct smk_audit_info ad;
3108 	int rc;
3109 
3110 #ifdef CONFIG_AUDIT
3111 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3112 	ad.a.u.ipc_id = isp->id;
3113 #endif
3114 	rc = smk_curacc(ssp, access, &ad);
3115 	rc = smk_bu_current("sem", ssp, access, rc);
3116 	return rc;
3117 }
3118 
3119 /**
3120  * smack_sem_associate - Smack access check for sem
3121  * @isp: the object
3122  * @semflg: access requested
3123  *
3124  * Returns 0 if current has the requested access, error code otherwise
3125  */
3126 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3127 {
3128 	int may;
3129 
3130 	may = smack_flags_to_may(semflg);
3131 	return smk_curacc_sem(isp, may);
3132 }
3133 
3134 /**
3135  * smack_sem_semctl - Smack access check for sem
3136  * @isp: the object
3137  * @cmd: what it wants to do
3138  *
3139  * Returns 0 if current has the requested access, error code otherwise
3140  */
3141 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3142 {
3143 	int may;
3144 
3145 	switch (cmd) {
3146 	case GETPID:
3147 	case GETNCNT:
3148 	case GETZCNT:
3149 	case GETVAL:
3150 	case GETALL:
3151 	case IPC_STAT:
3152 	case SEM_STAT:
3153 	case SEM_STAT_ANY:
3154 		may = MAY_READ;
3155 		break;
3156 	case SETVAL:
3157 	case SETALL:
3158 	case IPC_RMID:
3159 	case IPC_SET:
3160 		may = MAY_READWRITE;
3161 		break;
3162 	case IPC_INFO:
3163 	case SEM_INFO:
3164 		/*
3165 		 * System level information
3166 		 */
3167 		return 0;
3168 	default:
3169 		return -EINVAL;
3170 	}
3171 
3172 	return smk_curacc_sem(isp, may);
3173 }
3174 
3175 /**
3176  * smack_sem_semop - Smack checks of semaphore operations
3177  * @isp: the object
3178  * @sops: unused
3179  * @nsops: unused
3180  * @alter: unused
3181  *
3182  * Treated as read and write in all cases.
3183  *
3184  * Returns 0 if access is allowed, error code otherwise
3185  */
3186 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3187 			   unsigned nsops, int alter)
3188 {
3189 	return smk_curacc_sem(isp, MAY_READWRITE);
3190 }
3191 
3192 /**
3193  * smk_curacc_msq : helper to check if current has access on msq
3194  * @isp : the msq
3195  * @access : access requested
3196  *
3197  * return 0 if current has access, error otherwise
3198  */
3199 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3200 {
3201 	struct smack_known *msp = smack_of_ipc(isp);
3202 	struct smk_audit_info ad;
3203 	int rc;
3204 
3205 #ifdef CONFIG_AUDIT
3206 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3207 	ad.a.u.ipc_id = isp->id;
3208 #endif
3209 	rc = smk_curacc(msp, access, &ad);
3210 	rc = smk_bu_current("msq", msp, access, rc);
3211 	return rc;
3212 }
3213 
3214 /**
3215  * smack_msg_queue_associate - Smack access check for msg_queue
3216  * @isp: the object
3217  * @msqflg: access requested
3218  *
3219  * Returns 0 if current has the requested access, error code otherwise
3220  */
3221 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3222 {
3223 	int may;
3224 
3225 	may = smack_flags_to_may(msqflg);
3226 	return smk_curacc_msq(isp, may);
3227 }
3228 
3229 /**
3230  * smack_msg_queue_msgctl - Smack access check for msg_queue
3231  * @isp: the object
3232  * @cmd: what it wants to do
3233  *
3234  * Returns 0 if current has the requested access, error code otherwise
3235  */
3236 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3237 {
3238 	int may;
3239 
3240 	switch (cmd) {
3241 	case IPC_STAT:
3242 	case MSG_STAT:
3243 	case MSG_STAT_ANY:
3244 		may = MAY_READ;
3245 		break;
3246 	case IPC_SET:
3247 	case IPC_RMID:
3248 		may = MAY_READWRITE;
3249 		break;
3250 	case IPC_INFO:
3251 	case MSG_INFO:
3252 		/*
3253 		 * System level information
3254 		 */
3255 		return 0;
3256 	default:
3257 		return -EINVAL;
3258 	}
3259 
3260 	return smk_curacc_msq(isp, may);
3261 }
3262 
3263 /**
3264  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3265  * @isp: the object
3266  * @msg: unused
3267  * @msqflg: access requested
3268  *
3269  * Returns 0 if current has the requested access, error code otherwise
3270  */
3271 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3272 				  int msqflg)
3273 {
3274 	int may;
3275 
3276 	may = smack_flags_to_may(msqflg);
3277 	return smk_curacc_msq(isp, may);
3278 }
3279 
3280 /**
3281  * smack_msg_queue_msgrcv - Smack access check for msg_queue
3282  * @isp: the object
3283  * @msg: unused
3284  * @target: unused
3285  * @type: unused
3286  * @mode: unused
3287  *
3288  * Returns 0 if current has read and write access, error code otherwise
3289  */
3290 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp,
3291 				  struct msg_msg *msg,
3292 				  struct task_struct *target, long type,
3293 				  int mode)
3294 {
3295 	return smk_curacc_msq(isp, MAY_READWRITE);
3296 }
3297 
3298 /**
3299  * smack_ipc_permission - Smack access for ipc_permission()
3300  * @ipp: the object permissions
3301  * @flag: access requested
3302  *
3303  * Returns 0 if current has read and write access, error code otherwise
3304  */
3305 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3306 {
3307 	struct smack_known **blob = smack_ipc(ipp);
3308 	struct smack_known *iskp = *blob;
3309 	int may = smack_flags_to_may(flag);
3310 	struct smk_audit_info ad;
3311 	int rc;
3312 
3313 #ifdef CONFIG_AUDIT
3314 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3315 	ad.a.u.ipc_id = ipp->id;
3316 #endif
3317 	rc = smk_curacc(iskp, may, &ad);
3318 	rc = smk_bu_current("svipc", iskp, may, rc);
3319 	return rc;
3320 }
3321 
3322 /**
3323  * smack_ipc_getsecid - Extract smack security id
3324  * @ipp: the object permissions
3325  * @secid: where result will be saved
3326  */
3327 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3328 {
3329 	struct smack_known **blob = smack_ipc(ipp);
3330 	struct smack_known *iskp = *blob;
3331 
3332 	*secid = iskp->smk_secid;
3333 }
3334 
3335 /**
3336  * smack_d_instantiate - Make sure the blob is correct on an inode
3337  * @opt_dentry: dentry where inode will be attached
3338  * @inode: the object
3339  *
3340  * Set the inode's security blob if it hasn't been done already.
3341  */
3342 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3343 {
3344 	struct super_block *sbp;
3345 	struct superblock_smack *sbsp;
3346 	struct inode_smack *isp;
3347 	struct smack_known *skp;
3348 	struct smack_known *ckp = smk_of_current();
3349 	struct smack_known *final;
3350 	char trattr[TRANS_TRUE_SIZE];
3351 	int transflag = 0;
3352 	int rc;
3353 	struct dentry *dp;
3354 
3355 	if (inode == NULL)
3356 		return;
3357 
3358 	isp = smack_inode(inode);
3359 
3360 	/*
3361 	 * If the inode is already instantiated
3362 	 * take the quick way out
3363 	 */
3364 	if (isp->smk_flags & SMK_INODE_INSTANT)
3365 		return;
3366 
3367 	sbp = inode->i_sb;
3368 	sbsp = smack_superblock(sbp);
3369 	/*
3370 	 * We're going to use the superblock default label
3371 	 * if there's no label on the file.
3372 	 */
3373 	final = sbsp->smk_default;
3374 
3375 	/*
3376 	 * If this is the root inode the superblock
3377 	 * may be in the process of initialization.
3378 	 * If that is the case use the root value out
3379 	 * of the superblock.
3380 	 */
3381 	if (opt_dentry->d_parent == opt_dentry) {
3382 		switch (sbp->s_magic) {
3383 		case CGROUP_SUPER_MAGIC:
3384 		case CGROUP2_SUPER_MAGIC:
3385 			/*
3386 			 * The cgroup filesystem is never mounted,
3387 			 * so there's no opportunity to set the mount
3388 			 * options.
3389 			 */
3390 			sbsp->smk_root = &smack_known_star;
3391 			sbsp->smk_default = &smack_known_star;
3392 			isp->smk_inode = sbsp->smk_root;
3393 			break;
3394 		case TMPFS_MAGIC:
3395 			/*
3396 			 * What about shmem/tmpfs anonymous files with dentry
3397 			 * obtained from d_alloc_pseudo()?
3398 			 */
3399 			isp->smk_inode = smk_of_current();
3400 			break;
3401 		case PIPEFS_MAGIC:
3402 			isp->smk_inode = smk_of_current();
3403 			break;
3404 		case SOCKFS_MAGIC:
3405 			/*
3406 			 * Socket access is controlled by the socket
3407 			 * structures associated with the task involved.
3408 			 */
3409 			isp->smk_inode = &smack_known_star;
3410 			break;
3411 		default:
3412 			isp->smk_inode = sbsp->smk_root;
3413 			break;
3414 		}
3415 		isp->smk_flags |= SMK_INODE_INSTANT;
3416 		return;
3417 	}
3418 
3419 	/*
3420 	 * This is pretty hackish.
3421 	 * Casey says that we shouldn't have to do
3422 	 * file system specific code, but it does help
3423 	 * with keeping it simple.
3424 	 */
3425 	switch (sbp->s_magic) {
3426 	case SMACK_MAGIC:
3427 	case CGROUP_SUPER_MAGIC:
3428 	case CGROUP2_SUPER_MAGIC:
3429 		/*
3430 		 * Casey says that it's a little embarrassing
3431 		 * that the smack file system doesn't do
3432 		 * extended attributes.
3433 		 *
3434 		 * Cgroupfs is special
3435 		 */
3436 		final = &smack_known_star;
3437 		break;
3438 	case DEVPTS_SUPER_MAGIC:
3439 		/*
3440 		 * devpts seems content with the label of the task.
3441 		 * Programs that change smack have to treat the
3442 		 * pty with respect.
3443 		 */
3444 		final = ckp;
3445 		break;
3446 	case PROC_SUPER_MAGIC:
3447 		/*
3448 		 * Casey says procfs appears not to care.
3449 		 * The superblock default suffices.
3450 		 */
3451 		break;
3452 	case TMPFS_MAGIC:
3453 		/*
3454 		 * Device labels should come from the filesystem,
3455 		 * but watch out, because they're volitile,
3456 		 * getting recreated on every reboot.
3457 		 */
3458 		final = &smack_known_star;
3459 		/*
3460 		 * If a smack value has been set we want to use it,
3461 		 * but since tmpfs isn't giving us the opportunity
3462 		 * to set mount options simulate setting the
3463 		 * superblock default.
3464 		 */
3465 		fallthrough;
3466 	default:
3467 		/*
3468 		 * This isn't an understood special case.
3469 		 * Get the value from the xattr.
3470 		 */
3471 
3472 		/*
3473 		 * UNIX domain sockets use lower level socket data.
3474 		 */
3475 		if (S_ISSOCK(inode->i_mode)) {
3476 			final = &smack_known_star;
3477 			break;
3478 		}
3479 		/*
3480 		 * No xattr support means, alas, no SMACK label.
3481 		 * Use the aforeapplied default.
3482 		 * It would be curious if the label of the task
3483 		 * does not match that assigned.
3484 		 */
3485 		if (!(inode->i_opflags & IOP_XATTR))
3486 		        break;
3487 		/*
3488 		 * Get the dentry for xattr.
3489 		 */
3490 		dp = dget(opt_dentry);
3491 		skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3492 		if (!IS_ERR_OR_NULL(skp))
3493 			final = skp;
3494 
3495 		/*
3496 		 * Transmuting directory
3497 		 */
3498 		if (S_ISDIR(inode->i_mode)) {
3499 			/*
3500 			 * If this is a new directory and the label was
3501 			 * transmuted when the inode was initialized
3502 			 * set the transmute attribute on the directory
3503 			 * and mark the inode.
3504 			 *
3505 			 * If there is a transmute attribute on the
3506 			 * directory mark the inode.
3507 			 */
3508 			if (isp->smk_flags & SMK_INODE_CHANGED) {
3509 				isp->smk_flags &= ~SMK_INODE_CHANGED;
3510 				rc = __vfs_setxattr(&init_user_ns, dp, inode,
3511 					XATTR_NAME_SMACKTRANSMUTE,
3512 					TRANS_TRUE, TRANS_TRUE_SIZE,
3513 					0);
3514 			} else {
3515 				rc = __vfs_getxattr(dp, inode,
3516 					XATTR_NAME_SMACKTRANSMUTE, trattr,
3517 					TRANS_TRUE_SIZE);
3518 				if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3519 						       TRANS_TRUE_SIZE) != 0)
3520 					rc = -EINVAL;
3521 			}
3522 			if (rc >= 0)
3523 				transflag = SMK_INODE_TRANSMUTE;
3524 		}
3525 		/*
3526 		 * Don't let the exec or mmap label be "*" or "@".
3527 		 */
3528 		skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3529 		if (IS_ERR(skp) || skp == &smack_known_star ||
3530 		    skp == &smack_known_web)
3531 			skp = NULL;
3532 		isp->smk_task = skp;
3533 
3534 		skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3535 		if (IS_ERR(skp) || skp == &smack_known_star ||
3536 		    skp == &smack_known_web)
3537 			skp = NULL;
3538 		isp->smk_mmap = skp;
3539 
3540 		dput(dp);
3541 		break;
3542 	}
3543 
3544 	if (final == NULL)
3545 		isp->smk_inode = ckp;
3546 	else
3547 		isp->smk_inode = final;
3548 
3549 	isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3550 
3551 	return;
3552 }
3553 
3554 /**
3555  * smack_getprocattr - Smack process attribute access
3556  * @p: the object task
3557  * @name: the name of the attribute in /proc/.../attr
3558  * @value: where to put the result
3559  *
3560  * Places a copy of the task Smack into value
3561  *
3562  * Returns the length of the smack label or an error code
3563  */
3564 static int smack_getprocattr(struct task_struct *p, const char *name, char **value)
3565 {
3566 	struct smack_known *skp = smk_of_task_struct_obj(p);
3567 	char *cp;
3568 	int slen;
3569 
3570 	if (strcmp(name, "current") != 0)
3571 		return -EINVAL;
3572 
3573 	cp = kstrdup(skp->smk_known, GFP_KERNEL);
3574 	if (cp == NULL)
3575 		return -ENOMEM;
3576 
3577 	slen = strlen(cp);
3578 	*value = cp;
3579 	return slen;
3580 }
3581 
3582 /**
3583  * smack_setprocattr - Smack process attribute setting
3584  * @name: the name of the attribute in /proc/.../attr
3585  * @value: the value to set
3586  * @size: the size of the value
3587  *
3588  * Sets the Smack value of the task. Only setting self
3589  * is permitted and only with privilege
3590  *
3591  * Returns the length of the smack label or an error code
3592  */
3593 static int smack_setprocattr(const char *name, void *value, size_t size)
3594 {
3595 	struct task_smack *tsp = smack_cred(current_cred());
3596 	struct cred *new;
3597 	struct smack_known *skp;
3598 	struct smack_known_list_elem *sklep;
3599 	int rc;
3600 
3601 	if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3602 		return -EPERM;
3603 
3604 	if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3605 		return -EINVAL;
3606 
3607 	if (strcmp(name, "current") != 0)
3608 		return -EINVAL;
3609 
3610 	skp = smk_import_entry(value, size);
3611 	if (IS_ERR(skp))
3612 		return PTR_ERR(skp);
3613 
3614 	/*
3615 	 * No process is ever allowed the web ("@") label
3616 	 * and the star ("*") label.
3617 	 */
3618 	if (skp == &smack_known_web || skp == &smack_known_star)
3619 		return -EINVAL;
3620 
3621 	if (!smack_privileged(CAP_MAC_ADMIN)) {
3622 		rc = -EPERM;
3623 		list_for_each_entry(sklep, &tsp->smk_relabel, list)
3624 			if (sklep->smk_label == skp) {
3625 				rc = 0;
3626 				break;
3627 			}
3628 		if (rc)
3629 			return rc;
3630 	}
3631 
3632 	new = prepare_creds();
3633 	if (new == NULL)
3634 		return -ENOMEM;
3635 
3636 	tsp = smack_cred(new);
3637 	tsp->smk_task = skp;
3638 	/*
3639 	 * process can change its label only once
3640 	 */
3641 	smk_destroy_label_list(&tsp->smk_relabel);
3642 
3643 	commit_creds(new);
3644 	return size;
3645 }
3646 
3647 /**
3648  * smack_unix_stream_connect - Smack access on UDS
3649  * @sock: one sock
3650  * @other: the other sock
3651  * @newsk: unused
3652  *
3653  * Return 0 if a subject with the smack of sock could access
3654  * an object with the smack of other, otherwise an error code
3655  */
3656 static int smack_unix_stream_connect(struct sock *sock,
3657 				     struct sock *other, struct sock *newsk)
3658 {
3659 	struct smack_known *skp;
3660 	struct smack_known *okp;
3661 	struct socket_smack *ssp = sock->sk_security;
3662 	struct socket_smack *osp = other->sk_security;
3663 	struct socket_smack *nsp = newsk->sk_security;
3664 	struct smk_audit_info ad;
3665 	int rc = 0;
3666 #ifdef CONFIG_AUDIT
3667 	struct lsm_network_audit net;
3668 #endif
3669 
3670 	if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3671 		skp = ssp->smk_out;
3672 		okp = osp->smk_in;
3673 #ifdef CONFIG_AUDIT
3674 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3675 		smk_ad_setfield_u_net_sk(&ad, other);
3676 #endif
3677 		rc = smk_access(skp, okp, MAY_WRITE, &ad);
3678 		rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3679 		if (rc == 0) {
3680 			okp = osp->smk_out;
3681 			skp = ssp->smk_in;
3682 			rc = smk_access(okp, skp, MAY_WRITE, &ad);
3683 			rc = smk_bu_note("UDS connect", okp, skp,
3684 						MAY_WRITE, rc);
3685 		}
3686 	}
3687 
3688 	/*
3689 	 * Cross reference the peer labels for SO_PEERSEC.
3690 	 */
3691 	if (rc == 0) {
3692 		nsp->smk_packet = ssp->smk_out;
3693 		ssp->smk_packet = osp->smk_out;
3694 	}
3695 
3696 	return rc;
3697 }
3698 
3699 /**
3700  * smack_unix_may_send - Smack access on UDS
3701  * @sock: one socket
3702  * @other: the other socket
3703  *
3704  * Return 0 if a subject with the smack of sock could access
3705  * an object with the smack of other, otherwise an error code
3706  */
3707 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3708 {
3709 	struct socket_smack *ssp = sock->sk->sk_security;
3710 	struct socket_smack *osp = other->sk->sk_security;
3711 	struct smk_audit_info ad;
3712 	int rc;
3713 
3714 #ifdef CONFIG_AUDIT
3715 	struct lsm_network_audit net;
3716 
3717 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3718 	smk_ad_setfield_u_net_sk(&ad, other->sk);
3719 #endif
3720 
3721 	if (smack_privileged(CAP_MAC_OVERRIDE))
3722 		return 0;
3723 
3724 	rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3725 	rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3726 	return rc;
3727 }
3728 
3729 /**
3730  * smack_socket_sendmsg - Smack check based on destination host
3731  * @sock: the socket
3732  * @msg: the message
3733  * @size: the size of the message
3734  *
3735  * Return 0 if the current subject can write to the destination host.
3736  * For IPv4 this is only a question if the destination is a single label host.
3737  * For IPv6 this is a check against the label of the port.
3738  */
3739 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3740 				int size)
3741 {
3742 	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3743 #if IS_ENABLED(CONFIG_IPV6)
3744 	struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3745 #endif
3746 #ifdef SMACK_IPV6_SECMARK_LABELING
3747 	struct socket_smack *ssp = sock->sk->sk_security;
3748 	struct smack_known *rsp;
3749 #endif
3750 	int rc = 0;
3751 
3752 	/*
3753 	 * Perfectly reasonable for this to be NULL
3754 	 */
3755 	if (sip == NULL)
3756 		return 0;
3757 
3758 	switch (sock->sk->sk_family) {
3759 	case AF_INET:
3760 		if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3761 		    sip->sin_family != AF_INET)
3762 			return -EINVAL;
3763 		rc = smk_ipv4_check(sock->sk, sip);
3764 		break;
3765 #if IS_ENABLED(CONFIG_IPV6)
3766 	case AF_INET6:
3767 		if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3768 		    sap->sin6_family != AF_INET6)
3769 			return -EINVAL;
3770 #ifdef SMACK_IPV6_SECMARK_LABELING
3771 		rsp = smack_ipv6host_label(sap);
3772 		if (rsp != NULL)
3773 			rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3774 						SMK_CONNECTING);
3775 #endif
3776 #ifdef SMACK_IPV6_PORT_LABELING
3777 		rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3778 #endif
3779 #endif /* IS_ENABLED(CONFIG_IPV6) */
3780 		break;
3781 	}
3782 	return rc;
3783 }
3784 
3785 /**
3786  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3787  * @sap: netlabel secattr
3788  * @ssp: socket security information
3789  *
3790  * Returns a pointer to a Smack label entry found on the label list.
3791  */
3792 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3793 						struct socket_smack *ssp)
3794 {
3795 	struct smack_known *skp;
3796 	int found = 0;
3797 	int acat;
3798 	int kcat;
3799 
3800 	/*
3801 	 * Netlabel found it in the cache.
3802 	 */
3803 	if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
3804 		return (struct smack_known *)sap->cache->data;
3805 
3806 	if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3807 		/*
3808 		 * Looks like a fallback, which gives us a secid.
3809 		 */
3810 		return smack_from_secid(sap->attr.secid);
3811 
3812 	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3813 		/*
3814 		 * Looks like a CIPSO packet.
3815 		 * If there are flags but no level netlabel isn't
3816 		 * behaving the way we expect it to.
3817 		 *
3818 		 * Look it up in the label table
3819 		 * Without guidance regarding the smack value
3820 		 * for the packet fall back on the network
3821 		 * ambient value.
3822 		 */
3823 		rcu_read_lock();
3824 		list_for_each_entry_rcu(skp, &smack_known_list, list) {
3825 			if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3826 				continue;
3827 			/*
3828 			 * Compare the catsets. Use the netlbl APIs.
3829 			 */
3830 			if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3831 				if ((skp->smk_netlabel.flags &
3832 				     NETLBL_SECATTR_MLS_CAT) == 0)
3833 					found = 1;
3834 				break;
3835 			}
3836 			for (acat = -1, kcat = -1; acat == kcat; ) {
3837 				acat = netlbl_catmap_walk(sap->attr.mls.cat,
3838 							  acat + 1);
3839 				kcat = netlbl_catmap_walk(
3840 					skp->smk_netlabel.attr.mls.cat,
3841 					kcat + 1);
3842 				if (acat < 0 || kcat < 0)
3843 					break;
3844 			}
3845 			if (acat == kcat) {
3846 				found = 1;
3847 				break;
3848 			}
3849 		}
3850 		rcu_read_unlock();
3851 
3852 		if (found)
3853 			return skp;
3854 
3855 		if (ssp != NULL && ssp->smk_in == &smack_known_star)
3856 			return &smack_known_web;
3857 		return &smack_known_star;
3858 	}
3859 	/*
3860 	 * Without guidance regarding the smack value
3861 	 * for the packet fall back on the network
3862 	 * ambient value.
3863 	 */
3864 	return smack_net_ambient;
3865 }
3866 
3867 #if IS_ENABLED(CONFIG_IPV6)
3868 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3869 {
3870 	u8 nexthdr;
3871 	int offset;
3872 	int proto = -EINVAL;
3873 	struct ipv6hdr _ipv6h;
3874 	struct ipv6hdr *ip6;
3875 	__be16 frag_off;
3876 	struct tcphdr _tcph, *th;
3877 	struct udphdr _udph, *uh;
3878 	struct dccp_hdr _dccph, *dh;
3879 
3880 	sip->sin6_port = 0;
3881 
3882 	offset = skb_network_offset(skb);
3883 	ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3884 	if (ip6 == NULL)
3885 		return -EINVAL;
3886 	sip->sin6_addr = ip6->saddr;
3887 
3888 	nexthdr = ip6->nexthdr;
3889 	offset += sizeof(_ipv6h);
3890 	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3891 	if (offset < 0)
3892 		return -EINVAL;
3893 
3894 	proto = nexthdr;
3895 	switch (proto) {
3896 	case IPPROTO_TCP:
3897 		th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3898 		if (th != NULL)
3899 			sip->sin6_port = th->source;
3900 		break;
3901 	case IPPROTO_UDP:
3902 	case IPPROTO_UDPLITE:
3903 		uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3904 		if (uh != NULL)
3905 			sip->sin6_port = uh->source;
3906 		break;
3907 	case IPPROTO_DCCP:
3908 		dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3909 		if (dh != NULL)
3910 			sip->sin6_port = dh->dccph_sport;
3911 		break;
3912 	}
3913 	return proto;
3914 }
3915 #endif /* CONFIG_IPV6 */
3916 
3917 /**
3918  * smack_from_skb - Smack data from the secmark in an skb
3919  * @skb: packet
3920  *
3921  * Returns smack_known of the secmark or NULL if that won't work.
3922  */
3923 #ifdef CONFIG_NETWORK_SECMARK
3924 static struct smack_known *smack_from_skb(struct sk_buff *skb)
3925 {
3926 	if (skb == NULL || skb->secmark == 0)
3927 		return NULL;
3928 
3929 	return smack_from_secid(skb->secmark);
3930 }
3931 #else
3932 static inline struct smack_known *smack_from_skb(struct sk_buff *skb)
3933 {
3934 	return NULL;
3935 }
3936 #endif
3937 
3938 /**
3939  * smack_from_netlbl - Smack data from the IP options in an skb
3940  * @sk: socket data came in on
3941  * @family: address family
3942  * @skb: packet
3943  *
3944  * Find the Smack label in the IP options. If it hasn't been
3945  * added to the netlabel cache, add it here.
3946  *
3947  * Returns smack_known of the IP options or NULL if that won't work.
3948  */
3949 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
3950 					     struct sk_buff *skb)
3951 {
3952 	struct netlbl_lsm_secattr secattr;
3953 	struct socket_smack *ssp = NULL;
3954 	struct smack_known *skp = NULL;
3955 
3956 	netlbl_secattr_init(&secattr);
3957 
3958 	if (sk)
3959 		ssp = sk->sk_security;
3960 
3961 	if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
3962 		skp = smack_from_secattr(&secattr, ssp);
3963 		if (secattr.flags & NETLBL_SECATTR_CACHEABLE)
3964 			netlbl_cache_add(skb, family, &skp->smk_netlabel);
3965 	}
3966 
3967 	netlbl_secattr_destroy(&secattr);
3968 
3969 	return skp;
3970 }
3971 
3972 /**
3973  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3974  * @sk: socket
3975  * @skb: packet
3976  *
3977  * Returns 0 if the packet should be delivered, an error code otherwise
3978  */
3979 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3980 {
3981 	struct socket_smack *ssp = sk->sk_security;
3982 	struct smack_known *skp = NULL;
3983 	int rc = 0;
3984 	struct smk_audit_info ad;
3985 	u16 family = sk->sk_family;
3986 #ifdef CONFIG_AUDIT
3987 	struct lsm_network_audit net;
3988 #endif
3989 #if IS_ENABLED(CONFIG_IPV6)
3990 	struct sockaddr_in6 sadd;
3991 	int proto;
3992 
3993 	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3994 		family = PF_INET;
3995 #endif /* CONFIG_IPV6 */
3996 
3997 	switch (family) {
3998 	case PF_INET:
3999 		/*
4000 		 * If there is a secmark use it rather than the CIPSO label.
4001 		 * If there is no secmark fall back to CIPSO.
4002 		 * The secmark is assumed to reflect policy better.
4003 		 */
4004 		skp = smack_from_skb(skb);
4005 		if (skp == NULL) {
4006 			skp = smack_from_netlbl(sk, family, skb);
4007 			if (skp == NULL)
4008 				skp = smack_net_ambient;
4009 		}
4010 
4011 #ifdef CONFIG_AUDIT
4012 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4013 		ad.a.u.net->family = family;
4014 		ad.a.u.net->netif = skb->skb_iif;
4015 		ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4016 #endif
4017 		/*
4018 		 * Receiving a packet requires that the other end
4019 		 * be able to write here. Read access is not required.
4020 		 * This is the simplist possible security model
4021 		 * for networking.
4022 		 */
4023 		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4024 		rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
4025 					MAY_WRITE, rc);
4026 		if (rc != 0)
4027 			netlbl_skbuff_err(skb, family, rc, 0);
4028 		break;
4029 #if IS_ENABLED(CONFIG_IPV6)
4030 	case PF_INET6:
4031 		proto = smk_skb_to_addr_ipv6(skb, &sadd);
4032 		if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
4033 		    proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
4034 			break;
4035 #ifdef SMACK_IPV6_SECMARK_LABELING
4036 		skp = smack_from_skb(skb);
4037 		if (skp == NULL) {
4038 			if (smk_ipv6_localhost(&sadd))
4039 				break;
4040 			skp = smack_ipv6host_label(&sadd);
4041 			if (skp == NULL)
4042 				skp = smack_net_ambient;
4043 		}
4044 #ifdef CONFIG_AUDIT
4045 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4046 		ad.a.u.net->family = family;
4047 		ad.a.u.net->netif = skb->skb_iif;
4048 		ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4049 #endif /* CONFIG_AUDIT */
4050 		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4051 		rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4052 					MAY_WRITE, rc);
4053 #endif /* SMACK_IPV6_SECMARK_LABELING */
4054 #ifdef SMACK_IPV6_PORT_LABELING
4055 		rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
4056 #endif /* SMACK_IPV6_PORT_LABELING */
4057 		if (rc != 0)
4058 			icmpv6_send(skb, ICMPV6_DEST_UNREACH,
4059 					ICMPV6_ADM_PROHIBITED, 0);
4060 		break;
4061 #endif /* CONFIG_IPV6 */
4062 	}
4063 
4064 	return rc;
4065 }
4066 
4067 /**
4068  * smack_socket_getpeersec_stream - pull in packet label
4069  * @sock: the socket
4070  * @optval: user's destination
4071  * @optlen: size thereof
4072  * @len: max thereof
4073  *
4074  * returns zero on success, an error code otherwise
4075  */
4076 static int smack_socket_getpeersec_stream(struct socket *sock,
4077 					  sockptr_t optval, sockptr_t optlen,
4078 					  unsigned int len)
4079 {
4080 	struct socket_smack *ssp;
4081 	char *rcp = "";
4082 	u32 slen = 1;
4083 	int rc = 0;
4084 
4085 	ssp = sock->sk->sk_security;
4086 	if (ssp->smk_packet != NULL) {
4087 		rcp = ssp->smk_packet->smk_known;
4088 		slen = strlen(rcp) + 1;
4089 	}
4090 	if (slen > len) {
4091 		rc = -ERANGE;
4092 		goto out_len;
4093 	}
4094 
4095 	if (copy_to_sockptr(optval, rcp, slen))
4096 		rc = -EFAULT;
4097 out_len:
4098 	if (copy_to_sockptr(optlen, &slen, sizeof(slen)))
4099 		rc = -EFAULT;
4100 	return rc;
4101 }
4102 
4103 
4104 /**
4105  * smack_socket_getpeersec_dgram - pull in packet label
4106  * @sock: the peer socket
4107  * @skb: packet data
4108  * @secid: pointer to where to put the secid of the packet
4109  *
4110  * Sets the netlabel socket state on sk from parent
4111  */
4112 static int smack_socket_getpeersec_dgram(struct socket *sock,
4113 					 struct sk_buff *skb, u32 *secid)
4114 
4115 {
4116 	struct socket_smack *ssp = NULL;
4117 	struct smack_known *skp;
4118 	struct sock *sk = NULL;
4119 	int family = PF_UNSPEC;
4120 	u32 s = 0;	/* 0 is the invalid secid */
4121 
4122 	if (skb != NULL) {
4123 		if (skb->protocol == htons(ETH_P_IP))
4124 			family = PF_INET;
4125 #if IS_ENABLED(CONFIG_IPV6)
4126 		else if (skb->protocol == htons(ETH_P_IPV6))
4127 			family = PF_INET6;
4128 #endif /* CONFIG_IPV6 */
4129 	}
4130 	if (family == PF_UNSPEC && sock != NULL)
4131 		family = sock->sk->sk_family;
4132 
4133 	switch (family) {
4134 	case PF_UNIX:
4135 		ssp = sock->sk->sk_security;
4136 		s = ssp->smk_out->smk_secid;
4137 		break;
4138 	case PF_INET:
4139 		skp = smack_from_skb(skb);
4140 		if (skp) {
4141 			s = skp->smk_secid;
4142 			break;
4143 		}
4144 		/*
4145 		 * Translate what netlabel gave us.
4146 		 */
4147 		if (sock != NULL)
4148 			sk = sock->sk;
4149 		skp = smack_from_netlbl(sk, family, skb);
4150 		if (skp != NULL)
4151 			s = skp->smk_secid;
4152 		break;
4153 	case PF_INET6:
4154 #ifdef SMACK_IPV6_SECMARK_LABELING
4155 		skp = smack_from_skb(skb);
4156 		if (skp)
4157 			s = skp->smk_secid;
4158 #endif
4159 		break;
4160 	}
4161 	*secid = s;
4162 	if (s == 0)
4163 		return -EINVAL;
4164 	return 0;
4165 }
4166 
4167 /**
4168  * smack_sock_graft - Initialize a newly created socket with an existing sock
4169  * @sk: child sock
4170  * @parent: parent socket
4171  *
4172  * Set the smk_{in,out} state of an existing sock based on the process that
4173  * is creating the new socket.
4174  */
4175 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4176 {
4177 	struct socket_smack *ssp;
4178 	struct smack_known *skp = smk_of_current();
4179 
4180 	if (sk == NULL ||
4181 	    (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4182 		return;
4183 
4184 	ssp = sk->sk_security;
4185 	ssp->smk_in = skp;
4186 	ssp->smk_out = skp;
4187 	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
4188 }
4189 
4190 /**
4191  * smack_inet_conn_request - Smack access check on connect
4192  * @sk: socket involved
4193  * @skb: packet
4194  * @req: unused
4195  *
4196  * Returns 0 if a task with the packet label could write to
4197  * the socket, otherwise an error code
4198  */
4199 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
4200 				   struct request_sock *req)
4201 {
4202 	u16 family = sk->sk_family;
4203 	struct smack_known *skp;
4204 	struct socket_smack *ssp = sk->sk_security;
4205 	struct sockaddr_in addr;
4206 	struct iphdr *hdr;
4207 	struct smack_known *hskp;
4208 	int rc;
4209 	struct smk_audit_info ad;
4210 #ifdef CONFIG_AUDIT
4211 	struct lsm_network_audit net;
4212 #endif
4213 
4214 #if IS_ENABLED(CONFIG_IPV6)
4215 	if (family == PF_INET6) {
4216 		/*
4217 		 * Handle mapped IPv4 packets arriving
4218 		 * via IPv6 sockets. Don't set up netlabel
4219 		 * processing on IPv6.
4220 		 */
4221 		if (skb->protocol == htons(ETH_P_IP))
4222 			family = PF_INET;
4223 		else
4224 			return 0;
4225 	}
4226 #endif /* CONFIG_IPV6 */
4227 
4228 	/*
4229 	 * If there is a secmark use it rather than the CIPSO label.
4230 	 * If there is no secmark fall back to CIPSO.
4231 	 * The secmark is assumed to reflect policy better.
4232 	 */
4233 	skp = smack_from_skb(skb);
4234 	if (skp == NULL) {
4235 		skp = smack_from_netlbl(sk, family, skb);
4236 		if (skp == NULL)
4237 			skp = &smack_known_huh;
4238 	}
4239 
4240 #ifdef CONFIG_AUDIT
4241 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4242 	ad.a.u.net->family = family;
4243 	ad.a.u.net->netif = skb->skb_iif;
4244 	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4245 #endif
4246 	/*
4247 	 * Receiving a packet requires that the other end be able to write
4248 	 * here. Read access is not required.
4249 	 */
4250 	rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4251 	rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4252 	if (rc != 0)
4253 		return rc;
4254 
4255 	/*
4256 	 * Save the peer's label in the request_sock so we can later setup
4257 	 * smk_packet in the child socket so that SO_PEERCRED can report it.
4258 	 */
4259 	req->peer_secid = skp->smk_secid;
4260 
4261 	/*
4262 	 * We need to decide if we want to label the incoming connection here
4263 	 * if we do we only need to label the request_sock and the stack will
4264 	 * propagate the wire-label to the sock when it is created.
4265 	 */
4266 	hdr = ip_hdr(skb);
4267 	addr.sin_addr.s_addr = hdr->saddr;
4268 	rcu_read_lock();
4269 	hskp = smack_ipv4host_label(&addr);
4270 	rcu_read_unlock();
4271 
4272 	if (hskp == NULL)
4273 		rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4274 	else
4275 		netlbl_req_delattr(req);
4276 
4277 	return rc;
4278 }
4279 
4280 /**
4281  * smack_inet_csk_clone - Copy the connection information to the new socket
4282  * @sk: the new socket
4283  * @req: the connection's request_sock
4284  *
4285  * Transfer the connection's peer label to the newly created socket.
4286  */
4287 static void smack_inet_csk_clone(struct sock *sk,
4288 				 const struct request_sock *req)
4289 {
4290 	struct socket_smack *ssp = sk->sk_security;
4291 	struct smack_known *skp;
4292 
4293 	if (req->peer_secid != 0) {
4294 		skp = smack_from_secid(req->peer_secid);
4295 		ssp->smk_packet = skp;
4296 	} else
4297 		ssp->smk_packet = NULL;
4298 }
4299 
4300 /*
4301  * Key management security hooks
4302  *
4303  * Casey has not tested key support very heavily.
4304  * The permission check is most likely too restrictive.
4305  * If you care about keys please have a look.
4306  */
4307 #ifdef CONFIG_KEYS
4308 
4309 /**
4310  * smack_key_alloc - Set the key security blob
4311  * @key: object
4312  * @cred: the credentials to use
4313  * @flags: unused
4314  *
4315  * No allocation required
4316  *
4317  * Returns 0
4318  */
4319 static int smack_key_alloc(struct key *key, const struct cred *cred,
4320 			   unsigned long flags)
4321 {
4322 	struct smack_known *skp = smk_of_task(smack_cred(cred));
4323 
4324 	key->security = skp;
4325 	return 0;
4326 }
4327 
4328 /**
4329  * smack_key_free - Clear the key security blob
4330  * @key: the object
4331  *
4332  * Clear the blob pointer
4333  */
4334 static void smack_key_free(struct key *key)
4335 {
4336 	key->security = NULL;
4337 }
4338 
4339 /**
4340  * smack_key_permission - Smack access on a key
4341  * @key_ref: gets to the object
4342  * @cred: the credentials to use
4343  * @need_perm: requested key permission
4344  *
4345  * Return 0 if the task has read and write to the object,
4346  * an error code otherwise
4347  */
4348 static int smack_key_permission(key_ref_t key_ref,
4349 				const struct cred *cred,
4350 				enum key_need_perm need_perm)
4351 {
4352 	struct key *keyp;
4353 	struct smk_audit_info ad;
4354 	struct smack_known *tkp = smk_of_task(smack_cred(cred));
4355 	int request = 0;
4356 	int rc;
4357 
4358 	/*
4359 	 * Validate requested permissions
4360 	 */
4361 	switch (need_perm) {
4362 	case KEY_NEED_READ:
4363 	case KEY_NEED_SEARCH:
4364 	case KEY_NEED_VIEW:
4365 		request |= MAY_READ;
4366 		break;
4367 	case KEY_NEED_WRITE:
4368 	case KEY_NEED_LINK:
4369 	case KEY_NEED_SETATTR:
4370 		request |= MAY_WRITE;
4371 		break;
4372 	case KEY_NEED_UNSPECIFIED:
4373 	case KEY_NEED_UNLINK:
4374 	case KEY_SYSADMIN_OVERRIDE:
4375 	case KEY_AUTHTOKEN_OVERRIDE:
4376 	case KEY_DEFER_PERM_CHECK:
4377 		return 0;
4378 	default:
4379 		return -EINVAL;
4380 	}
4381 
4382 	keyp = key_ref_to_ptr(key_ref);
4383 	if (keyp == NULL)
4384 		return -EINVAL;
4385 	/*
4386 	 * If the key hasn't been initialized give it access so that
4387 	 * it may do so.
4388 	 */
4389 	if (keyp->security == NULL)
4390 		return 0;
4391 	/*
4392 	 * This should not occur
4393 	 */
4394 	if (tkp == NULL)
4395 		return -EACCES;
4396 
4397 	if (smack_privileged(CAP_MAC_OVERRIDE))
4398 		return 0;
4399 
4400 #ifdef CONFIG_AUDIT
4401 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4402 	ad.a.u.key_struct.key = keyp->serial;
4403 	ad.a.u.key_struct.key_desc = keyp->description;
4404 #endif
4405 	rc = smk_access(tkp, keyp->security, request, &ad);
4406 	rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4407 	return rc;
4408 }
4409 
4410 /*
4411  * smack_key_getsecurity - Smack label tagging the key
4412  * @key points to the key to be queried
4413  * @_buffer points to a pointer that should be set to point to the
4414  * resulting string (if no label or an error occurs).
4415  * Return the length of the string (including terminating NUL) or -ve if
4416  * an error.
4417  * May also return 0 (and a NULL buffer pointer) if there is no label.
4418  */
4419 static int smack_key_getsecurity(struct key *key, char **_buffer)
4420 {
4421 	struct smack_known *skp = key->security;
4422 	size_t length;
4423 	char *copy;
4424 
4425 	if (key->security == NULL) {
4426 		*_buffer = NULL;
4427 		return 0;
4428 	}
4429 
4430 	copy = kstrdup(skp->smk_known, GFP_KERNEL);
4431 	if (copy == NULL)
4432 		return -ENOMEM;
4433 	length = strlen(copy) + 1;
4434 
4435 	*_buffer = copy;
4436 	return length;
4437 }
4438 
4439 
4440 #ifdef CONFIG_KEY_NOTIFICATIONS
4441 /**
4442  * smack_watch_key - Smack access to watch a key for notifications.
4443  * @key: The key to be watched
4444  *
4445  * Return 0 if the @watch->cred has permission to read from the key object and
4446  * an error otherwise.
4447  */
4448 static int smack_watch_key(struct key *key)
4449 {
4450 	struct smk_audit_info ad;
4451 	struct smack_known *tkp = smk_of_current();
4452 	int rc;
4453 
4454 	if (key == NULL)
4455 		return -EINVAL;
4456 	/*
4457 	 * If the key hasn't been initialized give it access so that
4458 	 * it may do so.
4459 	 */
4460 	if (key->security == NULL)
4461 		return 0;
4462 	/*
4463 	 * This should not occur
4464 	 */
4465 	if (tkp == NULL)
4466 		return -EACCES;
4467 
4468 	if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4469 		return 0;
4470 
4471 #ifdef CONFIG_AUDIT
4472 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4473 	ad.a.u.key_struct.key = key->serial;
4474 	ad.a.u.key_struct.key_desc = key->description;
4475 #endif
4476 	rc = smk_access(tkp, key->security, MAY_READ, &ad);
4477 	rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc);
4478 	return rc;
4479 }
4480 #endif /* CONFIG_KEY_NOTIFICATIONS */
4481 #endif /* CONFIG_KEYS */
4482 
4483 #ifdef CONFIG_WATCH_QUEUE
4484 /**
4485  * smack_post_notification - Smack access to post a notification to a queue
4486  * @w_cred: The credentials of the watcher.
4487  * @cred: The credentials of the event source (may be NULL).
4488  * @n: The notification message to be posted.
4489  */
4490 static int smack_post_notification(const struct cred *w_cred,
4491 				   const struct cred *cred,
4492 				   struct watch_notification *n)
4493 {
4494 	struct smk_audit_info ad;
4495 	struct smack_known *subj, *obj;
4496 	int rc;
4497 
4498 	/* Always let maintenance notifications through. */
4499 	if (n->type == WATCH_TYPE_META)
4500 		return 0;
4501 
4502 	if (!cred)
4503 		return 0;
4504 	subj = smk_of_task(smack_cred(cred));
4505 	obj = smk_of_task(smack_cred(w_cred));
4506 
4507 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION);
4508 	rc = smk_access(subj, obj, MAY_WRITE, &ad);
4509 	rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc);
4510 	return rc;
4511 }
4512 #endif /* CONFIG_WATCH_QUEUE */
4513 
4514 /*
4515  * Smack Audit hooks
4516  *
4517  * Audit requires a unique representation of each Smack specific
4518  * rule. This unique representation is used to distinguish the
4519  * object to be audited from remaining kernel objects and also
4520  * works as a glue between the audit hooks.
4521  *
4522  * Since repository entries are added but never deleted, we'll use
4523  * the smack_known label address related to the given audit rule as
4524  * the needed unique representation. This also better fits the smack
4525  * model where nearly everything is a label.
4526  */
4527 #ifdef CONFIG_AUDIT
4528 
4529 /**
4530  * smack_audit_rule_init - Initialize a smack audit rule
4531  * @field: audit rule fields given from user-space (audit.h)
4532  * @op: required testing operator (=, !=, >, <, ...)
4533  * @rulestr: smack label to be audited
4534  * @vrule: pointer to save our own audit rule representation
4535  *
4536  * Prepare to audit cases where (@field @op @rulestr) is true.
4537  * The label to be audited is created if necessay.
4538  */
4539 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4540 {
4541 	struct smack_known *skp;
4542 	char **rule = (char **)vrule;
4543 	*rule = NULL;
4544 
4545 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4546 		return -EINVAL;
4547 
4548 	if (op != Audit_equal && op != Audit_not_equal)
4549 		return -EINVAL;
4550 
4551 	skp = smk_import_entry(rulestr, 0);
4552 	if (IS_ERR(skp))
4553 		return PTR_ERR(skp);
4554 
4555 	*rule = skp->smk_known;
4556 
4557 	return 0;
4558 }
4559 
4560 /**
4561  * smack_audit_rule_known - Distinguish Smack audit rules
4562  * @krule: rule of interest, in Audit kernel representation format
4563  *
4564  * This is used to filter Smack rules from remaining Audit ones.
4565  * If it's proved that this rule belongs to us, the
4566  * audit_rule_match hook will be called to do the final judgement.
4567  */
4568 static int smack_audit_rule_known(struct audit_krule *krule)
4569 {
4570 	struct audit_field *f;
4571 	int i;
4572 
4573 	for (i = 0; i < krule->field_count; i++) {
4574 		f = &krule->fields[i];
4575 
4576 		if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4577 			return 1;
4578 	}
4579 
4580 	return 0;
4581 }
4582 
4583 /**
4584  * smack_audit_rule_match - Audit given object ?
4585  * @secid: security id for identifying the object to test
4586  * @field: audit rule flags given from user-space
4587  * @op: required testing operator
4588  * @vrule: smack internal rule presentation
4589  *
4590  * The core Audit hook. It's used to take the decision of
4591  * whether to audit or not to audit a given object.
4592  */
4593 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
4594 {
4595 	struct smack_known *skp;
4596 	char *rule = vrule;
4597 
4598 	if (unlikely(!rule)) {
4599 		WARN_ONCE(1, "Smack: missing rule\n");
4600 		return -ENOENT;
4601 	}
4602 
4603 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4604 		return 0;
4605 
4606 	skp = smack_from_secid(secid);
4607 
4608 	/*
4609 	 * No need to do string comparisons. If a match occurs,
4610 	 * both pointers will point to the same smack_known
4611 	 * label.
4612 	 */
4613 	if (op == Audit_equal)
4614 		return (rule == skp->smk_known);
4615 	if (op == Audit_not_equal)
4616 		return (rule != skp->smk_known);
4617 
4618 	return 0;
4619 }
4620 
4621 /*
4622  * There is no need for a smack_audit_rule_free hook.
4623  * No memory was allocated.
4624  */
4625 
4626 #endif /* CONFIG_AUDIT */
4627 
4628 /**
4629  * smack_ismaclabel - check if xattr @name references a smack MAC label
4630  * @name: Full xattr name to check.
4631  */
4632 static int smack_ismaclabel(const char *name)
4633 {
4634 	return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4635 }
4636 
4637 
4638 /**
4639  * smack_secid_to_secctx - return the smack label for a secid
4640  * @secid: incoming integer
4641  * @secdata: destination
4642  * @seclen: how long it is
4643  *
4644  * Exists for networking code.
4645  */
4646 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4647 {
4648 	struct smack_known *skp = smack_from_secid(secid);
4649 
4650 	if (secdata)
4651 		*secdata = skp->smk_known;
4652 	*seclen = strlen(skp->smk_known);
4653 	return 0;
4654 }
4655 
4656 /**
4657  * smack_secctx_to_secid - return the secid for a smack label
4658  * @secdata: smack label
4659  * @seclen: how long result is
4660  * @secid: outgoing integer
4661  *
4662  * Exists for audit and networking code.
4663  */
4664 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4665 {
4666 	struct smack_known *skp = smk_find_entry(secdata);
4667 
4668 	if (skp)
4669 		*secid = skp->smk_secid;
4670 	else
4671 		*secid = 0;
4672 	return 0;
4673 }
4674 
4675 /*
4676  * There used to be a smack_release_secctx hook
4677  * that did nothing back when hooks were in a vector.
4678  * Now that there's a list such a hook adds cost.
4679  */
4680 
4681 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4682 {
4683 	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx,
4684 				       ctxlen, 0);
4685 }
4686 
4687 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4688 {
4689 	return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK,
4690 				     ctx, ctxlen, 0);
4691 }
4692 
4693 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4694 {
4695 	struct smack_known *skp = smk_of_inode(inode);
4696 
4697 	*ctx = skp->smk_known;
4698 	*ctxlen = strlen(skp->smk_known);
4699 	return 0;
4700 }
4701 
4702 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4703 {
4704 
4705 	struct task_smack *tsp;
4706 	struct smack_known *skp;
4707 	struct inode_smack *isp;
4708 	struct cred *new_creds = *new;
4709 
4710 	if (new_creds == NULL) {
4711 		new_creds = prepare_creds();
4712 		if (new_creds == NULL)
4713 			return -ENOMEM;
4714 	}
4715 
4716 	tsp = smack_cred(new_creds);
4717 
4718 	/*
4719 	 * Get label from overlay inode and set it in create_sid
4720 	 */
4721 	isp = smack_inode(d_inode(dentry));
4722 	skp = isp->smk_inode;
4723 	tsp->smk_task = skp;
4724 	*new = new_creds;
4725 	return 0;
4726 }
4727 
4728 static int smack_inode_copy_up_xattr(const char *name)
4729 {
4730 	/*
4731 	 * Return 1 if this is the smack access Smack attribute.
4732 	 */
4733 	if (strcmp(name, XATTR_NAME_SMACK) == 0)
4734 		return 1;
4735 
4736 	return -EOPNOTSUPP;
4737 }
4738 
4739 static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4740 					struct qstr *name,
4741 					const struct cred *old,
4742 					struct cred *new)
4743 {
4744 	struct task_smack *otsp = smack_cred(old);
4745 	struct task_smack *ntsp = smack_cred(new);
4746 	struct inode_smack *isp;
4747 	int may;
4748 
4749 	/*
4750 	 * Use the process credential unless all of
4751 	 * the transmuting criteria are met
4752 	 */
4753 	ntsp->smk_task = otsp->smk_task;
4754 
4755 	/*
4756 	 * the attribute of the containing directory
4757 	 */
4758 	isp = smack_inode(d_inode(dentry->d_parent));
4759 
4760 	if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4761 		rcu_read_lock();
4762 		may = smk_access_entry(otsp->smk_task->smk_known,
4763 				       isp->smk_inode->smk_known,
4764 				       &otsp->smk_task->smk_rules);
4765 		rcu_read_unlock();
4766 
4767 		/*
4768 		 * If the directory is transmuting and the rule
4769 		 * providing access is transmuting use the containing
4770 		 * directory label instead of the process label.
4771 		 */
4772 		if (may > 0 && (may & MAY_TRANSMUTE))
4773 			ntsp->smk_task = isp->smk_inode;
4774 	}
4775 	return 0;
4776 }
4777 
4778 #ifdef CONFIG_IO_URING
4779 /**
4780  * smack_uring_override_creds - Is io_uring cred override allowed?
4781  * @new: the target creds
4782  *
4783  * Check to see if the current task is allowed to override it's credentials
4784  * to service an io_uring operation.
4785  */
4786 static int smack_uring_override_creds(const struct cred *new)
4787 {
4788 	struct task_smack *tsp = smack_cred(current_cred());
4789 	struct task_smack *nsp = smack_cred(new);
4790 
4791 	/*
4792 	 * Allow the degenerate case where the new Smack value is
4793 	 * the same as the current Smack value.
4794 	 */
4795 	if (tsp->smk_task == nsp->smk_task)
4796 		return 0;
4797 
4798 	if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4799 		return 0;
4800 
4801 	return -EPERM;
4802 }
4803 
4804 /**
4805  * smack_uring_sqpoll - check if a io_uring polling thread can be created
4806  *
4807  * Check to see if the current task is allowed to create a new io_uring
4808  * kernel polling thread.
4809  */
4810 static int smack_uring_sqpoll(void)
4811 {
4812 	if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred()))
4813 		return 0;
4814 
4815 	return -EPERM;
4816 }
4817 
4818 /**
4819  * smack_uring_cmd - check on file operations for io_uring
4820  * @ioucmd: the command in question
4821  *
4822  * Make a best guess about whether a io_uring "command" should
4823  * be allowed. Use the same logic used for determining if the
4824  * file could be opened for read in the absence of better criteria.
4825  */
4826 static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
4827 {
4828 	struct file *file = ioucmd->file;
4829 	struct smk_audit_info ad;
4830 	struct task_smack *tsp;
4831 	struct inode *inode;
4832 	int rc;
4833 
4834 	if (!file)
4835 		return -EINVAL;
4836 
4837 	tsp = smack_cred(file->f_cred);
4838 	inode = file_inode(file);
4839 
4840 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
4841 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
4842 	rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
4843 	rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
4844 
4845 	return rc;
4846 }
4847 
4848 #endif /* CONFIG_IO_URING */
4849 
4850 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
4851 	.lbs_cred = sizeof(struct task_smack),
4852 	.lbs_file = sizeof(struct smack_known *),
4853 	.lbs_inode = sizeof(struct inode_smack),
4854 	.lbs_ipc = sizeof(struct smack_known *),
4855 	.lbs_msg_msg = sizeof(struct smack_known *),
4856 	.lbs_superblock = sizeof(struct superblock_smack),
4857 };
4858 
4859 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
4860 	LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4861 	LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4862 	LSM_HOOK_INIT(syslog, smack_syslog),
4863 
4864 	LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
4865 	LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4866 
4867 	LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4868 	LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
4869 	LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
4870 	LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4871 	LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4872 
4873 	LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),
4874 
4875 	LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4876 	LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4877 	LSM_HOOK_INIT(inode_link, smack_inode_link),
4878 	LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4879 	LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4880 	LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4881 	LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4882 	LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4883 	LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4884 	LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4885 	LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4886 	LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4887 	LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4888 	LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl),
4889 	LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl),
4890 	LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl),
4891 	LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4892 	LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4893 	LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4894 	LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4895 
4896 	LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4897 	LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4898 	LSM_HOOK_INIT(file_lock, smack_file_lock),
4899 	LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4900 	LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4901 	LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4902 	LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4903 	LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4904 	LSM_HOOK_INIT(file_receive, smack_file_receive),
4905 
4906 	LSM_HOOK_INIT(file_open, smack_file_open),
4907 
4908 	LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4909 	LSM_HOOK_INIT(cred_free, smack_cred_free),
4910 	LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4911 	LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4912 	LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
4913 	LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4914 	LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4915 	LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4916 	LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4917 	LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4918 	LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj),
4919 	LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj),
4920 	LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4921 	LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4922 	LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4923 	LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4924 	LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4925 	LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4926 	LSM_HOOK_INIT(task_kill, smack_task_kill),
4927 	LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4928 
4929 	LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4930 	LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4931 
4932 	LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4933 
4934 	LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4935 	LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4936 	LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4937 	LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4938 	LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4939 
4940 	LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4941 	LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4942 	LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4943 	LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4944 
4945 	LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4946 	LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4947 	LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4948 	LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4949 
4950 	LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4951 
4952 	LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4953 	LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4954 
4955 	LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4956 	LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4957 
4958 	LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4959 	LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
4960 #ifdef SMACK_IPV6_PORT_LABELING
4961 	LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4962 #endif
4963 	LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4964 	LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4965 	LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4966 	LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4967 	LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4968 	LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4969 	LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4970 	LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security),
4971 	LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4972 	LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4973 	LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4974 
4975  /* key management security hooks */
4976 #ifdef CONFIG_KEYS
4977 	LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4978 	LSM_HOOK_INIT(key_free, smack_key_free),
4979 	LSM_HOOK_INIT(key_permission, smack_key_permission),
4980 	LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4981 #ifdef CONFIG_KEY_NOTIFICATIONS
4982 	LSM_HOOK_INIT(watch_key, smack_watch_key),
4983 #endif
4984 #endif /* CONFIG_KEYS */
4985 
4986 #ifdef CONFIG_WATCH_QUEUE
4987 	LSM_HOOK_INIT(post_notification, smack_post_notification),
4988 #endif
4989 
4990  /* Audit hooks */
4991 #ifdef CONFIG_AUDIT
4992 	LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4993 	LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4994 	LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4995 #endif /* CONFIG_AUDIT */
4996 
4997 	LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4998 	LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4999 	LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
5000 	LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
5001 	LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
5002 	LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
5003 	LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
5004 	LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
5005 	LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
5006 #ifdef CONFIG_IO_URING
5007 	LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds),
5008 	LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll),
5009 	LSM_HOOK_INIT(uring_cmd, smack_uring_cmd),
5010 #endif
5011 };
5012 
5013 
5014 static __init void init_smack_known_list(void)
5015 {
5016 	/*
5017 	 * Initialize rule list locks
5018 	 */
5019 	mutex_init(&smack_known_huh.smk_rules_lock);
5020 	mutex_init(&smack_known_hat.smk_rules_lock);
5021 	mutex_init(&smack_known_floor.smk_rules_lock);
5022 	mutex_init(&smack_known_star.smk_rules_lock);
5023 	mutex_init(&smack_known_web.smk_rules_lock);
5024 	/*
5025 	 * Initialize rule lists
5026 	 */
5027 	INIT_LIST_HEAD(&smack_known_huh.smk_rules);
5028 	INIT_LIST_HEAD(&smack_known_hat.smk_rules);
5029 	INIT_LIST_HEAD(&smack_known_star.smk_rules);
5030 	INIT_LIST_HEAD(&smack_known_floor.smk_rules);
5031 	INIT_LIST_HEAD(&smack_known_web.smk_rules);
5032 	/*
5033 	 * Create the known labels list
5034 	 */
5035 	smk_insert_entry(&smack_known_huh);
5036 	smk_insert_entry(&smack_known_hat);
5037 	smk_insert_entry(&smack_known_star);
5038 	smk_insert_entry(&smack_known_floor);
5039 	smk_insert_entry(&smack_known_web);
5040 }
5041 
5042 /**
5043  * smack_init - initialize the smack system
5044  *
5045  * Returns 0 on success, -ENOMEM is there's no memory
5046  */
5047 static __init int smack_init(void)
5048 {
5049 	struct cred *cred = (struct cred *) current->cred;
5050 	struct task_smack *tsp;
5051 
5052 	smack_rule_cache = KMEM_CACHE(smack_rule, 0);
5053 	if (!smack_rule_cache)
5054 		return -ENOMEM;
5055 
5056 	/*
5057 	 * Set the security state for the initial task.
5058 	 */
5059 	tsp = smack_cred(cred);
5060 	init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
5061 
5062 	/*
5063 	 * Register with LSM
5064 	 */
5065 	security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
5066 	smack_enabled = 1;
5067 
5068 	pr_info("Smack:  Initializing.\n");
5069 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
5070 	pr_info("Smack:  Netfilter enabled.\n");
5071 #endif
5072 #ifdef SMACK_IPV6_PORT_LABELING
5073 	pr_info("Smack:  IPv6 port labeling enabled.\n");
5074 #endif
5075 #ifdef SMACK_IPV6_SECMARK_LABELING
5076 	pr_info("Smack:  IPv6 Netfilter enabled.\n");
5077 #endif
5078 
5079 	/* initialize the smack_known_list */
5080 	init_smack_known_list();
5081 
5082 	return 0;
5083 }
5084 
5085 /*
5086  * Smack requires early initialization in order to label
5087  * all processes and objects when they are created.
5088  */
5089 DEFINE_LSM(smack) = {
5090 	.name = "smack",
5091 	.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
5092 	.blobs = &smack_blob_sizes,
5093 	.init = smack_init,
5094 };
5095