xref: /openbmc/linux/security/smack/smack_lsm.c (revision c819e2cf)
1 /*
2  *  Simplified MAC Kernel (smack) security module
3  *
4  *  This file contains the smack hook function implementations.
5  *
6  *  Authors:
7  *	Casey Schaufler <casey@schaufler-ca.com>
8  *	Jarkko Sakkinen <jarkko.sakkinen@intel.com>
9  *
10  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
11  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
12  *                Paul Moore <paul@paul-moore.com>
13  *  Copyright (C) 2010 Nokia Corporation
14  *  Copyright (C) 2011 Intel Corporation.
15  *
16  *	This program is free software; you can redistribute it and/or modify
17  *	it under the terms of the GNU General Public License version 2,
18  *      as published by the Free Software Foundation.
19  */
20 
21 #include <linux/xattr.h>
22 #include <linux/pagemap.h>
23 #include <linux/mount.h>
24 #include <linux/stat.h>
25 #include <linux/kd.h>
26 #include <asm/ioctls.h>
27 #include <linux/ip.h>
28 #include <linux/tcp.h>
29 #include <linux/udp.h>
30 #include <linux/dccp.h>
31 #include <linux/slab.h>
32 #include <linux/mutex.h>
33 #include <linux/pipe_fs_i.h>
34 #include <net/cipso_ipv4.h>
35 #include <net/ip.h>
36 #include <net/ipv6.h>
37 #include <linux/audit.h>
38 #include <linux/magic.h>
39 #include <linux/dcache.h>
40 #include <linux/personality.h>
41 #include <linux/msg.h>
42 #include <linux/shm.h>
43 #include <linux/binfmts.h>
44 #include "smack.h"
45 
46 #define task_security(task)	(task_cred_xxx((task), security))
47 
48 #define TRANS_TRUE	"TRUE"
49 #define TRANS_TRUE_SIZE	4
50 
51 #define SMK_CONNECTING	0
52 #define SMK_RECEIVING	1
53 #define SMK_SENDING	2
54 
55 LIST_HEAD(smk_ipv6_port_list);
56 static struct kmem_cache *smack_inode_cache;
57 
58 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
59 static void smk_bu_mode(int mode, char *s)
60 {
61 	int i = 0;
62 
63 	if (mode & MAY_READ)
64 		s[i++] = 'r';
65 	if (mode & MAY_WRITE)
66 		s[i++] = 'w';
67 	if (mode & MAY_EXEC)
68 		s[i++] = 'x';
69 	if (mode & MAY_APPEND)
70 		s[i++] = 'a';
71 	if (mode & MAY_TRANSMUTE)
72 		s[i++] = 't';
73 	if (mode & MAY_LOCK)
74 		s[i++] = 'l';
75 	if (i == 0)
76 		s[i++] = '-';
77 	s[i] = '\0';
78 }
79 #endif
80 
81 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
82 static int smk_bu_note(char *note, struct smack_known *sskp,
83 		       struct smack_known *oskp, int mode, int rc)
84 {
85 	char acc[SMK_NUM_ACCESS_TYPE + 1];
86 
87 	if (rc <= 0)
88 		return rc;
89 
90 	smk_bu_mode(mode, acc);
91 	pr_info("Smack Bringup: (%s %s %s) %s\n",
92 		sskp->smk_known, oskp->smk_known, acc, note);
93 	return 0;
94 }
95 #else
96 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
97 #endif
98 
99 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
100 static int smk_bu_current(char *note, struct smack_known *oskp,
101 			  int mode, int rc)
102 {
103 	struct task_smack *tsp = current_security();
104 	char acc[SMK_NUM_ACCESS_TYPE + 1];
105 
106 	if (rc <= 0)
107 		return rc;
108 
109 	smk_bu_mode(mode, acc);
110 	pr_info("Smack Bringup: (%s %s %s) %s %s\n",
111 		tsp->smk_task->smk_known, oskp->smk_known,
112 		acc, current->comm, note);
113 	return 0;
114 }
115 #else
116 #define smk_bu_current(note, oskp, mode, RC) (RC)
117 #endif
118 
119 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
120 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
121 {
122 	struct task_smack *tsp = current_security();
123 	struct task_smack *otsp = task_security(otp);
124 	char acc[SMK_NUM_ACCESS_TYPE + 1];
125 
126 	if (rc <= 0)
127 		return rc;
128 
129 	smk_bu_mode(mode, acc);
130 	pr_info("Smack Bringup: (%s %s %s) %s to %s\n",
131 		tsp->smk_task->smk_known, otsp->smk_task->smk_known, acc,
132 		current->comm, otp->comm);
133 	return 0;
134 }
135 #else
136 #define smk_bu_task(otp, mode, RC) (RC)
137 #endif
138 
139 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
140 static int smk_bu_inode(struct inode *inode, int mode, int rc)
141 {
142 	struct task_smack *tsp = current_security();
143 	char acc[SMK_NUM_ACCESS_TYPE + 1];
144 
145 	if (rc <= 0)
146 		return rc;
147 
148 	smk_bu_mode(mode, acc);
149 	pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n",
150 		tsp->smk_task->smk_known, smk_of_inode(inode)->smk_known, acc,
151 		inode->i_sb->s_id, inode->i_ino, current->comm);
152 	return 0;
153 }
154 #else
155 #define smk_bu_inode(inode, mode, RC) (RC)
156 #endif
157 
158 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
159 static int smk_bu_file(struct file *file, int mode, int rc)
160 {
161 	struct task_smack *tsp = current_security();
162 	struct smack_known *sskp = tsp->smk_task;
163 	struct inode *inode = file->f_inode;
164 	char acc[SMK_NUM_ACCESS_TYPE + 1];
165 
166 	if (rc <= 0)
167 		return rc;
168 
169 	smk_bu_mode(mode, acc);
170 	pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
171 		sskp->smk_known, (char *)file->f_security, acc,
172 		inode->i_sb->s_id, inode->i_ino, file,
173 		current->comm);
174 	return 0;
175 }
176 #else
177 #define smk_bu_file(file, mode, RC) (RC)
178 #endif
179 
180 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
181 static int smk_bu_credfile(const struct cred *cred, struct file *file,
182 				int mode, int rc)
183 {
184 	struct task_smack *tsp = cred->security;
185 	struct smack_known *sskp = tsp->smk_task;
186 	struct inode *inode = file->f_inode;
187 	char acc[SMK_NUM_ACCESS_TYPE + 1];
188 
189 	if (rc <= 0)
190 		return rc;
191 
192 	smk_bu_mode(mode, acc);
193 	pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
194 		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
195 		inode->i_sb->s_id, inode->i_ino, file,
196 		current->comm);
197 	return 0;
198 }
199 #else
200 #define smk_bu_credfile(cred, file, mode, RC) (RC)
201 #endif
202 
203 /**
204  * smk_fetch - Fetch the smack label from a file.
205  * @ip: a pointer to the inode
206  * @dp: a pointer to the dentry
207  *
208  * Returns a pointer to the master list entry for the Smack label
209  * or NULL if there was no label to fetch.
210  */
211 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
212 					struct dentry *dp)
213 {
214 	int rc;
215 	char *buffer;
216 	struct smack_known *skp = NULL;
217 
218 	if (ip->i_op->getxattr == NULL)
219 		return NULL;
220 
221 	buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
222 	if (buffer == NULL)
223 		return NULL;
224 
225 	rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
226 	if (rc > 0)
227 		skp = smk_import_entry(buffer, rc);
228 
229 	kfree(buffer);
230 
231 	return skp;
232 }
233 
234 /**
235  * new_inode_smack - allocate an inode security blob
236  * @skp: a pointer to the Smack label entry to use in the blob
237  *
238  * Returns the new blob or NULL if there's no memory available
239  */
240 struct inode_smack *new_inode_smack(struct smack_known *skp)
241 {
242 	struct inode_smack *isp;
243 
244 	isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
245 	if (isp == NULL)
246 		return NULL;
247 
248 	isp->smk_inode = skp;
249 	isp->smk_flags = 0;
250 	mutex_init(&isp->smk_lock);
251 
252 	return isp;
253 }
254 
255 /**
256  * new_task_smack - allocate a task security blob
257  * @smack: a pointer to the Smack label to use in the blob
258  *
259  * Returns the new blob or NULL if there's no memory available
260  */
261 static struct task_smack *new_task_smack(struct smack_known *task,
262 					struct smack_known *forked, gfp_t gfp)
263 {
264 	struct task_smack *tsp;
265 
266 	tsp = kzalloc(sizeof(struct task_smack), gfp);
267 	if (tsp == NULL)
268 		return NULL;
269 
270 	tsp->smk_task = task;
271 	tsp->smk_forked = forked;
272 	INIT_LIST_HEAD(&tsp->smk_rules);
273 	mutex_init(&tsp->smk_rules_lock);
274 
275 	return tsp;
276 }
277 
278 /**
279  * smk_copy_rules - copy a rule set
280  * @nhead - new rules header pointer
281  * @ohead - old rules header pointer
282  *
283  * Returns 0 on success, -ENOMEM on error
284  */
285 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
286 				gfp_t gfp)
287 {
288 	struct smack_rule *nrp;
289 	struct smack_rule *orp;
290 	int rc = 0;
291 
292 	INIT_LIST_HEAD(nhead);
293 
294 	list_for_each_entry_rcu(orp, ohead, list) {
295 		nrp = kzalloc(sizeof(struct smack_rule), gfp);
296 		if (nrp == NULL) {
297 			rc = -ENOMEM;
298 			break;
299 		}
300 		*nrp = *orp;
301 		list_add_rcu(&nrp->list, nhead);
302 	}
303 	return rc;
304 }
305 
306 /**
307  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
308  * @mode - input mode in form of PTRACE_MODE_*
309  *
310  * Returns a converted MAY_* mode usable by smack rules
311  */
312 static inline unsigned int smk_ptrace_mode(unsigned int mode)
313 {
314 	switch (mode) {
315 	case PTRACE_MODE_READ:
316 		return MAY_READ;
317 	case PTRACE_MODE_ATTACH:
318 		return MAY_READWRITE;
319 	}
320 
321 	return 0;
322 }
323 
324 /**
325  * smk_ptrace_rule_check - helper for ptrace access
326  * @tracer: tracer process
327  * @tracee_known: label entry of the process that's about to be traced
328  * @mode: ptrace attachment mode (PTRACE_MODE_*)
329  * @func: name of the function that called us, used for audit
330  *
331  * Returns 0 on access granted, -error on error
332  */
333 static int smk_ptrace_rule_check(struct task_struct *tracer,
334 				 struct smack_known *tracee_known,
335 				 unsigned int mode, const char *func)
336 {
337 	int rc;
338 	struct smk_audit_info ad, *saip = NULL;
339 	struct task_smack *tsp;
340 	struct smack_known *tracer_known;
341 
342 	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
343 		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
344 		smk_ad_setfield_u_tsk(&ad, tracer);
345 		saip = &ad;
346 	}
347 
348 	tsp = task_security(tracer);
349 	tracer_known = smk_of_task(tsp);
350 
351 	if ((mode & PTRACE_MODE_ATTACH) &&
352 	    (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
353 	     smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
354 		if (tracer_known->smk_known == tracee_known->smk_known)
355 			rc = 0;
356 		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
357 			rc = -EACCES;
358 		else if (capable(CAP_SYS_PTRACE))
359 			rc = 0;
360 		else
361 			rc = -EACCES;
362 
363 		if (saip)
364 			smack_log(tracer_known->smk_known,
365 				  tracee_known->smk_known,
366 				  0, rc, saip);
367 
368 		return rc;
369 	}
370 
371 	/* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
372 	rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
373 	return rc;
374 }
375 
376 /*
377  * LSM hooks.
378  * We he, that is fun!
379  */
380 
381 /**
382  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
383  * @ctp: child task pointer
384  * @mode: ptrace attachment mode (PTRACE_MODE_*)
385  *
386  * Returns 0 if access is OK, an error code otherwise
387  *
388  * Do the capability checks.
389  */
390 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
391 {
392 	int rc;
393 	struct smack_known *skp;
394 
395 	rc = cap_ptrace_access_check(ctp, mode);
396 	if (rc != 0)
397 		return rc;
398 
399 	skp = smk_of_task(task_security(ctp));
400 
401 	rc = smk_ptrace_rule_check(current, skp, mode, __func__);
402 	return rc;
403 }
404 
405 /**
406  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
407  * @ptp: parent task pointer
408  *
409  * Returns 0 if access is OK, an error code otherwise
410  *
411  * Do the capability checks, and require PTRACE_MODE_ATTACH.
412  */
413 static int smack_ptrace_traceme(struct task_struct *ptp)
414 {
415 	int rc;
416 	struct smack_known *skp;
417 
418 	rc = cap_ptrace_traceme(ptp);
419 	if (rc != 0)
420 		return rc;
421 
422 	skp = smk_of_task(current_security());
423 
424 	rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
425 	return rc;
426 }
427 
428 /**
429  * smack_syslog - Smack approval on syslog
430  * @type: message type
431  *
432  * Returns 0 on success, error code otherwise.
433  */
434 static int smack_syslog(int typefrom_file)
435 {
436 	int rc = 0;
437 	struct smack_known *skp = smk_of_current();
438 
439 	if (smack_privileged(CAP_MAC_OVERRIDE))
440 		return 0;
441 
442 	if (smack_syslog_label != NULL && smack_syslog_label != skp)
443 		rc = -EACCES;
444 
445 	return rc;
446 }
447 
448 
449 /*
450  * Superblock Hooks.
451  */
452 
453 /**
454  * smack_sb_alloc_security - allocate a superblock blob
455  * @sb: the superblock getting the blob
456  *
457  * Returns 0 on success or -ENOMEM on error.
458  */
459 static int smack_sb_alloc_security(struct super_block *sb)
460 {
461 	struct superblock_smack *sbsp;
462 
463 	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
464 
465 	if (sbsp == NULL)
466 		return -ENOMEM;
467 
468 	sbsp->smk_root = &smack_known_floor;
469 	sbsp->smk_default = &smack_known_floor;
470 	sbsp->smk_floor = &smack_known_floor;
471 	sbsp->smk_hat = &smack_known_hat;
472 	/*
473 	 * smk_initialized will be zero from kzalloc.
474 	 */
475 	sb->s_security = sbsp;
476 
477 	return 0;
478 }
479 
480 /**
481  * smack_sb_free_security - free a superblock blob
482  * @sb: the superblock getting the blob
483  *
484  */
485 static void smack_sb_free_security(struct super_block *sb)
486 {
487 	kfree(sb->s_security);
488 	sb->s_security = NULL;
489 }
490 
491 /**
492  * smack_sb_copy_data - copy mount options data for processing
493  * @orig: where to start
494  * @smackopts: mount options string
495  *
496  * Returns 0 on success or -ENOMEM on error.
497  *
498  * Copy the Smack specific mount options out of the mount
499  * options list.
500  */
501 static int smack_sb_copy_data(char *orig, char *smackopts)
502 {
503 	char *cp, *commap, *otheropts, *dp;
504 
505 	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
506 	if (otheropts == NULL)
507 		return -ENOMEM;
508 
509 	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
510 		if (strstr(cp, SMK_FSDEFAULT) == cp)
511 			dp = smackopts;
512 		else if (strstr(cp, SMK_FSFLOOR) == cp)
513 			dp = smackopts;
514 		else if (strstr(cp, SMK_FSHAT) == cp)
515 			dp = smackopts;
516 		else if (strstr(cp, SMK_FSROOT) == cp)
517 			dp = smackopts;
518 		else if (strstr(cp, SMK_FSTRANS) == cp)
519 			dp = smackopts;
520 		else
521 			dp = otheropts;
522 
523 		commap = strchr(cp, ',');
524 		if (commap != NULL)
525 			*commap = '\0';
526 
527 		if (*dp != '\0')
528 			strcat(dp, ",");
529 		strcat(dp, cp);
530 	}
531 
532 	strcpy(orig, otheropts);
533 	free_page((unsigned long)otheropts);
534 
535 	return 0;
536 }
537 
538 /**
539  * smack_sb_kern_mount - Smack specific mount processing
540  * @sb: the file system superblock
541  * @flags: the mount flags
542  * @data: the smack mount options
543  *
544  * Returns 0 on success, an error code on failure
545  */
546 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
547 {
548 	struct dentry *root = sb->s_root;
549 	struct inode *inode = root->d_inode;
550 	struct superblock_smack *sp = sb->s_security;
551 	struct inode_smack *isp;
552 	struct smack_known *skp;
553 	char *op;
554 	char *commap;
555 	int transmute = 0;
556 	int specified = 0;
557 
558 	if (sp->smk_initialized)
559 		return 0;
560 
561 	sp->smk_initialized = 1;
562 
563 	for (op = data; op != NULL; op = commap) {
564 		commap = strchr(op, ',');
565 		if (commap != NULL)
566 			*commap++ = '\0';
567 
568 		if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
569 			op += strlen(SMK_FSHAT);
570 			skp = smk_import_entry(op, 0);
571 			if (skp != NULL) {
572 				sp->smk_hat = skp;
573 				specified = 1;
574 			}
575 		} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
576 			op += strlen(SMK_FSFLOOR);
577 			skp = smk_import_entry(op, 0);
578 			if (skp != NULL) {
579 				sp->smk_floor = skp;
580 				specified = 1;
581 			}
582 		} else if (strncmp(op, SMK_FSDEFAULT,
583 				   strlen(SMK_FSDEFAULT)) == 0) {
584 			op += strlen(SMK_FSDEFAULT);
585 			skp = smk_import_entry(op, 0);
586 			if (skp != NULL) {
587 				sp->smk_default = skp;
588 				specified = 1;
589 			}
590 		} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
591 			op += strlen(SMK_FSROOT);
592 			skp = smk_import_entry(op, 0);
593 			if (skp != NULL) {
594 				sp->smk_root = skp;
595 				specified = 1;
596 			}
597 		} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
598 			op += strlen(SMK_FSTRANS);
599 			skp = smk_import_entry(op, 0);
600 			if (skp != NULL) {
601 				sp->smk_root = skp;
602 				transmute = 1;
603 				specified = 1;
604 			}
605 		}
606 	}
607 
608 	if (!smack_privileged(CAP_MAC_ADMIN)) {
609 		/*
610 		 * Unprivileged mounts don't get to specify Smack values.
611 		 */
612 		if (specified)
613 			return -EPERM;
614 		/*
615 		 * Unprivileged mounts get root and default from the caller.
616 		 */
617 		skp = smk_of_current();
618 		sp->smk_root = skp;
619 		sp->smk_default = skp;
620 	}
621 	/*
622 	 * Initialize the root inode.
623 	 */
624 	isp = inode->i_security;
625 	if (isp == NULL) {
626 		isp = new_inode_smack(sp->smk_root);
627 		if (isp == NULL)
628 			return -ENOMEM;
629 		inode->i_security = isp;
630 	} else
631 		isp->smk_inode = sp->smk_root;
632 
633 	if (transmute)
634 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
635 
636 	return 0;
637 }
638 
639 /**
640  * smack_sb_statfs - Smack check on statfs
641  * @dentry: identifies the file system in question
642  *
643  * Returns 0 if current can read the floor of the filesystem,
644  * and error code otherwise
645  */
646 static int smack_sb_statfs(struct dentry *dentry)
647 {
648 	struct superblock_smack *sbp = dentry->d_sb->s_security;
649 	int rc;
650 	struct smk_audit_info ad;
651 
652 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
653 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
654 
655 	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
656 	rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
657 	return rc;
658 }
659 
660 /*
661  * BPRM hooks
662  */
663 
664 /**
665  * smack_bprm_set_creds - set creds for exec
666  * @bprm: the exec information
667  *
668  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
669  */
670 static int smack_bprm_set_creds(struct linux_binprm *bprm)
671 {
672 	struct inode *inode = file_inode(bprm->file);
673 	struct task_smack *bsp = bprm->cred->security;
674 	struct inode_smack *isp;
675 	int rc;
676 
677 	rc = cap_bprm_set_creds(bprm);
678 	if (rc != 0)
679 		return rc;
680 
681 	if (bprm->cred_prepared)
682 		return 0;
683 
684 	isp = inode->i_security;
685 	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
686 		return 0;
687 
688 	if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
689 		struct task_struct *tracer;
690 		rc = 0;
691 
692 		rcu_read_lock();
693 		tracer = ptrace_parent(current);
694 		if (likely(tracer != NULL))
695 			rc = smk_ptrace_rule_check(tracer,
696 						   isp->smk_task,
697 						   PTRACE_MODE_ATTACH,
698 						   __func__);
699 		rcu_read_unlock();
700 
701 		if (rc != 0)
702 			return rc;
703 	} else if (bprm->unsafe)
704 		return -EPERM;
705 
706 	bsp->smk_task = isp->smk_task;
707 	bprm->per_clear |= PER_CLEAR_ON_SETID;
708 
709 	return 0;
710 }
711 
712 /**
713  * smack_bprm_committing_creds - Prepare to install the new credentials
714  * from bprm.
715  *
716  * @bprm: binprm for exec
717  */
718 static void smack_bprm_committing_creds(struct linux_binprm *bprm)
719 {
720 	struct task_smack *bsp = bprm->cred->security;
721 
722 	if (bsp->smk_task != bsp->smk_forked)
723 		current->pdeath_signal = 0;
724 }
725 
726 /**
727  * smack_bprm_secureexec - Return the decision to use secureexec.
728  * @bprm: binprm for exec
729  *
730  * Returns 0 on success.
731  */
732 static int smack_bprm_secureexec(struct linux_binprm *bprm)
733 {
734 	struct task_smack *tsp = current_security();
735 	int ret = cap_bprm_secureexec(bprm);
736 
737 	if (!ret && (tsp->smk_task != tsp->smk_forked))
738 		ret = 1;
739 
740 	return ret;
741 }
742 
743 /*
744  * Inode hooks
745  */
746 
747 /**
748  * smack_inode_alloc_security - allocate an inode blob
749  * @inode: the inode in need of a blob
750  *
751  * Returns 0 if it gets a blob, -ENOMEM otherwise
752  */
753 static int smack_inode_alloc_security(struct inode *inode)
754 {
755 	struct smack_known *skp = smk_of_current();
756 
757 	inode->i_security = new_inode_smack(skp);
758 	if (inode->i_security == NULL)
759 		return -ENOMEM;
760 	return 0;
761 }
762 
763 /**
764  * smack_inode_free_security - free an inode blob
765  * @inode: the inode with a blob
766  *
767  * Clears the blob pointer in inode
768  */
769 static void smack_inode_free_security(struct inode *inode)
770 {
771 	kmem_cache_free(smack_inode_cache, inode->i_security);
772 	inode->i_security = NULL;
773 }
774 
775 /**
776  * smack_inode_init_security - copy out the smack from an inode
777  * @inode: the newly created inode
778  * @dir: containing directory object
779  * @qstr: unused
780  * @name: where to put the attribute name
781  * @value: where to put the attribute value
782  * @len: where to put the length of the attribute
783  *
784  * Returns 0 if it all works out, -ENOMEM if there's no memory
785  */
786 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
787 				     const struct qstr *qstr, const char **name,
788 				     void **value, size_t *len)
789 {
790 	struct inode_smack *issp = inode->i_security;
791 	struct smack_known *skp = smk_of_current();
792 	struct smack_known *isp = smk_of_inode(inode);
793 	struct smack_known *dsp = smk_of_inode(dir);
794 	int may;
795 
796 	if (name)
797 		*name = XATTR_SMACK_SUFFIX;
798 
799 	if (value) {
800 		rcu_read_lock();
801 		may = smk_access_entry(skp->smk_known, dsp->smk_known,
802 				       &skp->smk_rules);
803 		rcu_read_unlock();
804 
805 		/*
806 		 * If the access rule allows transmutation and
807 		 * the directory requests transmutation then
808 		 * by all means transmute.
809 		 * Mark the inode as changed.
810 		 */
811 		if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
812 		    smk_inode_transmutable(dir)) {
813 			isp = dsp;
814 			issp->smk_flags |= SMK_INODE_CHANGED;
815 		}
816 
817 		*value = kstrdup(isp->smk_known, GFP_NOFS);
818 		if (*value == NULL)
819 			return -ENOMEM;
820 	}
821 
822 	if (len)
823 		*len = strlen(isp->smk_known);
824 
825 	return 0;
826 }
827 
828 /**
829  * smack_inode_link - Smack check on link
830  * @old_dentry: the existing object
831  * @dir: unused
832  * @new_dentry: the new object
833  *
834  * Returns 0 if access is permitted, an error code otherwise
835  */
836 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
837 			    struct dentry *new_dentry)
838 {
839 	struct smack_known *isp;
840 	struct smk_audit_info ad;
841 	int rc;
842 
843 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
844 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
845 
846 	isp = smk_of_inode(old_dentry->d_inode);
847 	rc = smk_curacc(isp, MAY_WRITE, &ad);
848 	rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc);
849 
850 	if (rc == 0 && new_dentry->d_inode != NULL) {
851 		isp = smk_of_inode(new_dentry->d_inode);
852 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
853 		rc = smk_curacc(isp, MAY_WRITE, &ad);
854 		rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc);
855 	}
856 
857 	return rc;
858 }
859 
860 /**
861  * smack_inode_unlink - Smack check on inode deletion
862  * @dir: containing directory object
863  * @dentry: file to unlink
864  *
865  * Returns 0 if current can write the containing directory
866  * and the object, error code otherwise
867  */
868 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
869 {
870 	struct inode *ip = dentry->d_inode;
871 	struct smk_audit_info ad;
872 	int rc;
873 
874 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
875 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
876 
877 	/*
878 	 * You need write access to the thing you're unlinking
879 	 */
880 	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
881 	rc = smk_bu_inode(ip, MAY_WRITE, rc);
882 	if (rc == 0) {
883 		/*
884 		 * You also need write access to the containing directory
885 		 */
886 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
887 		smk_ad_setfield_u_fs_inode(&ad, dir);
888 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
889 		rc = smk_bu_inode(dir, MAY_WRITE, rc);
890 	}
891 	return rc;
892 }
893 
894 /**
895  * smack_inode_rmdir - Smack check on directory deletion
896  * @dir: containing directory object
897  * @dentry: directory to unlink
898  *
899  * Returns 0 if current can write the containing directory
900  * and the directory, error code otherwise
901  */
902 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
903 {
904 	struct smk_audit_info ad;
905 	int rc;
906 
907 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
908 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
909 
910 	/*
911 	 * You need write access to the thing you're removing
912 	 */
913 	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
914 	rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
915 	if (rc == 0) {
916 		/*
917 		 * You also need write access to the containing directory
918 		 */
919 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
920 		smk_ad_setfield_u_fs_inode(&ad, dir);
921 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
922 		rc = smk_bu_inode(dir, MAY_WRITE, rc);
923 	}
924 
925 	return rc;
926 }
927 
928 /**
929  * smack_inode_rename - Smack check on rename
930  * @old_inode: unused
931  * @old_dentry: the old object
932  * @new_inode: unused
933  * @new_dentry: the new object
934  *
935  * Read and write access is required on both the old and
936  * new directories.
937  *
938  * Returns 0 if access is permitted, an error code otherwise
939  */
940 static int smack_inode_rename(struct inode *old_inode,
941 			      struct dentry *old_dentry,
942 			      struct inode *new_inode,
943 			      struct dentry *new_dentry)
944 {
945 	int rc;
946 	struct smack_known *isp;
947 	struct smk_audit_info ad;
948 
949 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
950 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
951 
952 	isp = smk_of_inode(old_dentry->d_inode);
953 	rc = smk_curacc(isp, MAY_READWRITE, &ad);
954 	rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc);
955 
956 	if (rc == 0 && new_dentry->d_inode != NULL) {
957 		isp = smk_of_inode(new_dentry->d_inode);
958 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
959 		rc = smk_curacc(isp, MAY_READWRITE, &ad);
960 		rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc);
961 	}
962 	return rc;
963 }
964 
965 /**
966  * smack_inode_permission - Smack version of permission()
967  * @inode: the inode in question
968  * @mask: the access requested
969  *
970  * This is the important Smack hook.
971  *
972  * Returns 0 if access is permitted, -EACCES otherwise
973  */
974 static int smack_inode_permission(struct inode *inode, int mask)
975 {
976 	struct smk_audit_info ad;
977 	int no_block = mask & MAY_NOT_BLOCK;
978 	int rc;
979 
980 	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
981 	/*
982 	 * No permission to check. Existence test. Yup, it's there.
983 	 */
984 	if (mask == 0)
985 		return 0;
986 
987 	/* May be droppable after audit */
988 	if (no_block)
989 		return -ECHILD;
990 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
991 	smk_ad_setfield_u_fs_inode(&ad, inode);
992 	rc = smk_curacc(smk_of_inode(inode), mask, &ad);
993 	rc = smk_bu_inode(inode, mask, rc);
994 	return rc;
995 }
996 
997 /**
998  * smack_inode_setattr - Smack check for setting attributes
999  * @dentry: the object
1000  * @iattr: for the force flag
1001  *
1002  * Returns 0 if access is permitted, an error code otherwise
1003  */
1004 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1005 {
1006 	struct smk_audit_info ad;
1007 	int rc;
1008 
1009 	/*
1010 	 * Need to allow for clearing the setuid bit.
1011 	 */
1012 	if (iattr->ia_valid & ATTR_FORCE)
1013 		return 0;
1014 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1015 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1016 
1017 	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1018 	rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1019 	return rc;
1020 }
1021 
1022 /**
1023  * smack_inode_getattr - Smack check for getting attributes
1024  * @mnt: vfsmount of the object
1025  * @dentry: the object
1026  *
1027  * Returns 0 if access is permitted, an error code otherwise
1028  */
1029 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
1030 {
1031 	struct smk_audit_info ad;
1032 	struct path path;
1033 	int rc;
1034 
1035 	path.dentry = dentry;
1036 	path.mnt = mnt;
1037 
1038 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1039 	smk_ad_setfield_u_fs_path(&ad, path);
1040 	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1041 	rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1042 	return rc;
1043 }
1044 
1045 /**
1046  * smack_inode_setxattr - Smack check for setting xattrs
1047  * @dentry: the object
1048  * @name: name of the attribute
1049  * @value: value of the attribute
1050  * @size: size of the value
1051  * @flags: unused
1052  *
1053  * This protects the Smack attribute explicitly.
1054  *
1055  * Returns 0 if access is permitted, an error code otherwise
1056  */
1057 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1058 				const void *value, size_t size, int flags)
1059 {
1060 	struct smk_audit_info ad;
1061 	struct smack_known *skp;
1062 	int check_priv = 0;
1063 	int check_import = 0;
1064 	int check_star = 0;
1065 	int rc = 0;
1066 
1067 	/*
1068 	 * Check label validity here so import won't fail in post_setxattr
1069 	 */
1070 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1071 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1072 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1073 		check_priv = 1;
1074 		check_import = 1;
1075 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1076 		   strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1077 		check_priv = 1;
1078 		check_import = 1;
1079 		check_star = 1;
1080 	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1081 		check_priv = 1;
1082 		if (size != TRANS_TRUE_SIZE ||
1083 		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1084 			rc = -EINVAL;
1085 	} else
1086 		rc = cap_inode_setxattr(dentry, name, value, size, flags);
1087 
1088 	if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1089 		rc = -EPERM;
1090 
1091 	if (rc == 0 && check_import) {
1092 		skp = size ? smk_import_entry(value, size) : NULL;
1093 		if (skp == NULL || (check_star &&
1094 		    (skp == &smack_known_star || skp == &smack_known_web)))
1095 			rc = -EINVAL;
1096 	}
1097 
1098 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1099 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1100 
1101 	if (rc == 0) {
1102 		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1103 		rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1104 	}
1105 
1106 	return rc;
1107 }
1108 
1109 /**
1110  * smack_inode_post_setxattr - Apply the Smack update approved above
1111  * @dentry: object
1112  * @name: attribute name
1113  * @value: attribute value
1114  * @size: attribute size
1115  * @flags: unused
1116  *
1117  * Set the pointer in the inode blob to the entry found
1118  * in the master label list.
1119  */
1120 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1121 				      const void *value, size_t size, int flags)
1122 {
1123 	struct smack_known *skp;
1124 	struct inode_smack *isp = dentry->d_inode->i_security;
1125 
1126 	if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1127 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
1128 		return;
1129 	}
1130 
1131 	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1132 		skp = smk_import_entry(value, size);
1133 		if (skp != NULL)
1134 			isp->smk_inode = skp;
1135 		else
1136 			isp->smk_inode = &smack_known_invalid;
1137 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1138 		skp = smk_import_entry(value, size);
1139 		if (skp != NULL)
1140 			isp->smk_task = skp;
1141 		else
1142 			isp->smk_task = &smack_known_invalid;
1143 	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1144 		skp = smk_import_entry(value, size);
1145 		if (skp != NULL)
1146 			isp->smk_mmap = skp;
1147 		else
1148 			isp->smk_mmap = &smack_known_invalid;
1149 	}
1150 
1151 	return;
1152 }
1153 
1154 /**
1155  * smack_inode_getxattr - Smack check on getxattr
1156  * @dentry: the object
1157  * @name: unused
1158  *
1159  * Returns 0 if access is permitted, an error code otherwise
1160  */
1161 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1162 {
1163 	struct smk_audit_info ad;
1164 	int rc;
1165 
1166 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1167 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1168 
1169 	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1170 	rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1171 	return rc;
1172 }
1173 
1174 /**
1175  * smack_inode_removexattr - Smack check on removexattr
1176  * @dentry: the object
1177  * @name: name of the attribute
1178  *
1179  * Removing the Smack attribute requires CAP_MAC_ADMIN
1180  *
1181  * Returns 0 if access is permitted, an error code otherwise
1182  */
1183 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1184 {
1185 	struct inode_smack *isp;
1186 	struct smk_audit_info ad;
1187 	int rc = 0;
1188 
1189 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1190 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1191 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1192 	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1193 	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1194 	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1195 		if (!smack_privileged(CAP_MAC_ADMIN))
1196 			rc = -EPERM;
1197 	} else
1198 		rc = cap_inode_removexattr(dentry, name);
1199 
1200 	if (rc != 0)
1201 		return rc;
1202 
1203 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1204 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1205 
1206 	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1207 	rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1208 	if (rc != 0)
1209 		return rc;
1210 
1211 	isp = dentry->d_inode->i_security;
1212 	/*
1213 	 * Don't do anything special for these.
1214 	 *	XATTR_NAME_SMACKIPIN
1215 	 *	XATTR_NAME_SMACKIPOUT
1216 	 *	XATTR_NAME_SMACKEXEC
1217 	 */
1218 	if (strcmp(name, XATTR_NAME_SMACK) == 0)
1219 		isp->smk_task = NULL;
1220 	else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1221 		isp->smk_mmap = NULL;
1222 	else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1223 		isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1224 
1225 	return 0;
1226 }
1227 
1228 /**
1229  * smack_inode_getsecurity - get smack xattrs
1230  * @inode: the object
1231  * @name: attribute name
1232  * @buffer: where to put the result
1233  * @alloc: unused
1234  *
1235  * Returns the size of the attribute or an error code
1236  */
1237 static int smack_inode_getsecurity(const struct inode *inode,
1238 				   const char *name, void **buffer,
1239 				   bool alloc)
1240 {
1241 	struct socket_smack *ssp;
1242 	struct socket *sock;
1243 	struct super_block *sbp;
1244 	struct inode *ip = (struct inode *)inode;
1245 	struct smack_known *isp;
1246 	int ilen;
1247 	int rc = 0;
1248 
1249 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1250 		isp = smk_of_inode(inode);
1251 		ilen = strlen(isp->smk_known);
1252 		*buffer = isp->smk_known;
1253 		return ilen;
1254 	}
1255 
1256 	/*
1257 	 * The rest of the Smack xattrs are only on sockets.
1258 	 */
1259 	sbp = ip->i_sb;
1260 	if (sbp->s_magic != SOCKFS_MAGIC)
1261 		return -EOPNOTSUPP;
1262 
1263 	sock = SOCKET_I(ip);
1264 	if (sock == NULL || sock->sk == NULL)
1265 		return -EOPNOTSUPP;
1266 
1267 	ssp = sock->sk->sk_security;
1268 
1269 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1270 		isp = ssp->smk_in;
1271 	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1272 		isp = ssp->smk_out;
1273 	else
1274 		return -EOPNOTSUPP;
1275 
1276 	ilen = strlen(isp->smk_known);
1277 	if (rc == 0) {
1278 		*buffer = isp->smk_known;
1279 		rc = ilen;
1280 	}
1281 
1282 	return rc;
1283 }
1284 
1285 
1286 /**
1287  * smack_inode_listsecurity - list the Smack attributes
1288  * @inode: the object
1289  * @buffer: where they go
1290  * @buffer_size: size of buffer
1291  *
1292  * Returns 0 on success, -EINVAL otherwise
1293  */
1294 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1295 				    size_t buffer_size)
1296 {
1297 	int len = sizeof(XATTR_NAME_SMACK);
1298 
1299 	if (buffer != NULL && len <= buffer_size)
1300 		memcpy(buffer, XATTR_NAME_SMACK, len);
1301 
1302 	return len;
1303 }
1304 
1305 /**
1306  * smack_inode_getsecid - Extract inode's security id
1307  * @inode: inode to extract the info from
1308  * @secid: where result will be saved
1309  */
1310 static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1311 {
1312 	struct inode_smack *isp = inode->i_security;
1313 
1314 	*secid = isp->smk_inode->smk_secid;
1315 }
1316 
1317 /*
1318  * File Hooks
1319  */
1320 
1321 /**
1322  * smack_file_permission - Smack check on file operations
1323  * @file: unused
1324  * @mask: unused
1325  *
1326  * Returns 0
1327  *
1328  * Should access checks be done on each read or write?
1329  * UNICOS and SELinux say yes.
1330  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1331  *
1332  * I'll say no for now. Smack does not do the frequent
1333  * label changing that SELinux does.
1334  */
1335 static int smack_file_permission(struct file *file, int mask)
1336 {
1337 	return 0;
1338 }
1339 
1340 /**
1341  * smack_file_alloc_security - assign a file security blob
1342  * @file: the object
1343  *
1344  * The security blob for a file is a pointer to the master
1345  * label list, so no allocation is done.
1346  *
1347  * Returns 0
1348  */
1349 static int smack_file_alloc_security(struct file *file)
1350 {
1351 	struct smack_known *skp = smk_of_current();
1352 
1353 	file->f_security = skp;
1354 	return 0;
1355 }
1356 
1357 /**
1358  * smack_file_free_security - clear a file security blob
1359  * @file: the object
1360  *
1361  * The security blob for a file is a pointer to the master
1362  * label list, so no memory is freed.
1363  */
1364 static void smack_file_free_security(struct file *file)
1365 {
1366 	file->f_security = NULL;
1367 }
1368 
1369 /**
1370  * smack_file_ioctl - Smack check on ioctls
1371  * @file: the object
1372  * @cmd: what to do
1373  * @arg: unused
1374  *
1375  * Relies heavily on the correct use of the ioctl command conventions.
1376  *
1377  * Returns 0 if allowed, error code otherwise
1378  */
1379 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1380 			    unsigned long arg)
1381 {
1382 	int rc = 0;
1383 	struct smk_audit_info ad;
1384 
1385 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1386 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1387 
1388 	if (_IOC_DIR(cmd) & _IOC_WRITE) {
1389 		rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1390 		rc = smk_bu_file(file, MAY_WRITE, rc);
1391 	}
1392 
1393 	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1394 		rc = smk_curacc(file->f_security, MAY_READ, &ad);
1395 		rc = smk_bu_file(file, MAY_READ, rc);
1396 	}
1397 
1398 	return rc;
1399 }
1400 
1401 /**
1402  * smack_file_lock - Smack check on file locking
1403  * @file: the object
1404  * @cmd: unused
1405  *
1406  * Returns 0 if current has lock access, error code otherwise
1407  */
1408 static int smack_file_lock(struct file *file, unsigned int cmd)
1409 {
1410 	struct smk_audit_info ad;
1411 	int rc;
1412 
1413 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1414 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1415 	rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1416 	rc = smk_bu_file(file, MAY_LOCK, rc);
1417 	return rc;
1418 }
1419 
1420 /**
1421  * smack_file_fcntl - Smack check on fcntl
1422  * @file: the object
1423  * @cmd: what action to check
1424  * @arg: unused
1425  *
1426  * Generally these operations are harmless.
1427  * File locking operations present an obvious mechanism
1428  * for passing information, so they require write access.
1429  *
1430  * Returns 0 if current has access, error code otherwise
1431  */
1432 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1433 			    unsigned long arg)
1434 {
1435 	struct smk_audit_info ad;
1436 	int rc = 0;
1437 
1438 
1439 	switch (cmd) {
1440 	case F_GETLK:
1441 		break;
1442 	case F_SETLK:
1443 	case F_SETLKW:
1444 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1445 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1446 		rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1447 		rc = smk_bu_file(file, MAY_LOCK, rc);
1448 		break;
1449 	case F_SETOWN:
1450 	case F_SETSIG:
1451 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1452 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1453 		rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1454 		rc = smk_bu_file(file, MAY_WRITE, rc);
1455 		break;
1456 	default:
1457 		break;
1458 	}
1459 
1460 	return rc;
1461 }
1462 
1463 /**
1464  * smack_mmap_file :
1465  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1466  * if mapping anonymous memory.
1467  * @file contains the file structure for file to map (may be NULL).
1468  * @reqprot contains the protection requested by the application.
1469  * @prot contains the protection that will be applied by the kernel.
1470  * @flags contains the operational flags.
1471  * Return 0 if permission is granted.
1472  */
1473 static int smack_mmap_file(struct file *file,
1474 			   unsigned long reqprot, unsigned long prot,
1475 			   unsigned long flags)
1476 {
1477 	struct smack_known *skp;
1478 	struct smack_known *mkp;
1479 	struct smack_rule *srp;
1480 	struct task_smack *tsp;
1481 	struct smack_known *okp;
1482 	struct inode_smack *isp;
1483 	int may;
1484 	int mmay;
1485 	int tmay;
1486 	int rc;
1487 
1488 	if (file == NULL)
1489 		return 0;
1490 
1491 	isp = file_inode(file)->i_security;
1492 	if (isp->smk_mmap == NULL)
1493 		return 0;
1494 	mkp = isp->smk_mmap;
1495 
1496 	tsp = current_security();
1497 	skp = smk_of_current();
1498 	rc = 0;
1499 
1500 	rcu_read_lock();
1501 	/*
1502 	 * For each Smack rule associated with the subject
1503 	 * label verify that the SMACK64MMAP also has access
1504 	 * to that rule's object label.
1505 	 */
1506 	list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1507 		okp = srp->smk_object;
1508 		/*
1509 		 * Matching labels always allows access.
1510 		 */
1511 		if (mkp->smk_known == okp->smk_known)
1512 			continue;
1513 		/*
1514 		 * If there is a matching local rule take
1515 		 * that into account as well.
1516 		 */
1517 		may = smk_access_entry(srp->smk_subject->smk_known,
1518 				       okp->smk_known,
1519 				       &tsp->smk_rules);
1520 		if (may == -ENOENT)
1521 			may = srp->smk_access;
1522 		else
1523 			may &= srp->smk_access;
1524 		/*
1525 		 * If may is zero the SMACK64MMAP subject can't
1526 		 * possibly have less access.
1527 		 */
1528 		if (may == 0)
1529 			continue;
1530 
1531 		/*
1532 		 * Fetch the global list entry.
1533 		 * If there isn't one a SMACK64MMAP subject
1534 		 * can't have as much access as current.
1535 		 */
1536 		mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1537 					&mkp->smk_rules);
1538 		if (mmay == -ENOENT) {
1539 			rc = -EACCES;
1540 			break;
1541 		}
1542 		/*
1543 		 * If there is a local entry it modifies the
1544 		 * potential access, too.
1545 		 */
1546 		tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1547 					&tsp->smk_rules);
1548 		if (tmay != -ENOENT)
1549 			mmay &= tmay;
1550 
1551 		/*
1552 		 * If there is any access available to current that is
1553 		 * not available to a SMACK64MMAP subject
1554 		 * deny access.
1555 		 */
1556 		if ((may | mmay) != mmay) {
1557 			rc = -EACCES;
1558 			break;
1559 		}
1560 	}
1561 
1562 	rcu_read_unlock();
1563 
1564 	return rc;
1565 }
1566 
1567 /**
1568  * smack_file_set_fowner - set the file security blob value
1569  * @file: object in question
1570  *
1571  * Returns 0
1572  * Further research may be required on this one.
1573  */
1574 static void smack_file_set_fowner(struct file *file)
1575 {
1576 	struct smack_known *skp = smk_of_current();
1577 
1578 	file->f_security = skp;
1579 }
1580 
1581 /**
1582  * smack_file_send_sigiotask - Smack on sigio
1583  * @tsk: The target task
1584  * @fown: the object the signal come from
1585  * @signum: unused
1586  *
1587  * Allow a privileged task to get signals even if it shouldn't
1588  *
1589  * Returns 0 if a subject with the object's smack could
1590  * write to the task, an error code otherwise.
1591  */
1592 static int smack_file_send_sigiotask(struct task_struct *tsk,
1593 				     struct fown_struct *fown, int signum)
1594 {
1595 	struct smack_known *skp;
1596 	struct smack_known *tkp = smk_of_task(tsk->cred->security);
1597 	struct file *file;
1598 	int rc;
1599 	struct smk_audit_info ad;
1600 
1601 	/*
1602 	 * struct fown_struct is never outside the context of a struct file
1603 	 */
1604 	file = container_of(fown, struct file, f_owner);
1605 
1606 	/* we don't log here as rc can be overriden */
1607 	skp = file->f_security;
1608 	rc = smk_access(skp, tkp, MAY_WRITE, NULL);
1609 	rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc);
1610 	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1611 		rc = 0;
1612 
1613 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1614 	smk_ad_setfield_u_tsk(&ad, tsk);
1615 	smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad);
1616 	return rc;
1617 }
1618 
1619 /**
1620  * smack_file_receive - Smack file receive check
1621  * @file: the object
1622  *
1623  * Returns 0 if current has access, error code otherwise
1624  */
1625 static int smack_file_receive(struct file *file)
1626 {
1627 	int rc;
1628 	int may = 0;
1629 	struct smk_audit_info ad;
1630 
1631 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1632 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1633 	/*
1634 	 * This code relies on bitmasks.
1635 	 */
1636 	if (file->f_mode & FMODE_READ)
1637 		may = MAY_READ;
1638 	if (file->f_mode & FMODE_WRITE)
1639 		may |= MAY_WRITE;
1640 
1641 	rc = smk_curacc(file->f_security, may, &ad);
1642 	rc = smk_bu_file(file, may, rc);
1643 	return rc;
1644 }
1645 
1646 /**
1647  * smack_file_open - Smack dentry open processing
1648  * @file: the object
1649  * @cred: task credential
1650  *
1651  * Set the security blob in the file structure.
1652  * Allow the open only if the task has read access. There are
1653  * many read operations (e.g. fstat) that you can do with an
1654  * fd even if you have the file open write-only.
1655  *
1656  * Returns 0
1657  */
1658 static int smack_file_open(struct file *file, const struct cred *cred)
1659 {
1660 	struct task_smack *tsp = cred->security;
1661 	struct inode_smack *isp = file_inode(file)->i_security;
1662 	struct smk_audit_info ad;
1663 	int rc;
1664 
1665 	if (smack_privileged(CAP_MAC_OVERRIDE)) {
1666 		file->f_security = isp->smk_inode;
1667 		return 0;
1668 	}
1669 
1670 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1671 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1672 	rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad);
1673 	rc = smk_bu_credfile(cred, file, MAY_READ, rc);
1674 	if (rc == 0)
1675 		file->f_security = isp->smk_inode;
1676 
1677 	return rc;
1678 }
1679 
1680 /*
1681  * Task hooks
1682  */
1683 
1684 /**
1685  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1686  * @new: the new credentials
1687  * @gfp: the atomicity of any memory allocations
1688  *
1689  * Prepare a blank set of credentials for modification.  This must allocate all
1690  * the memory the LSM module might require such that cred_transfer() can
1691  * complete without error.
1692  */
1693 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1694 {
1695 	struct task_smack *tsp;
1696 
1697 	tsp = new_task_smack(NULL, NULL, gfp);
1698 	if (tsp == NULL)
1699 		return -ENOMEM;
1700 
1701 	cred->security = tsp;
1702 
1703 	return 0;
1704 }
1705 
1706 
1707 /**
1708  * smack_cred_free - "free" task-level security credentials
1709  * @cred: the credentials in question
1710  *
1711  */
1712 static void smack_cred_free(struct cred *cred)
1713 {
1714 	struct task_smack *tsp = cred->security;
1715 	struct smack_rule *rp;
1716 	struct list_head *l;
1717 	struct list_head *n;
1718 
1719 	if (tsp == NULL)
1720 		return;
1721 	cred->security = NULL;
1722 
1723 	list_for_each_safe(l, n, &tsp->smk_rules) {
1724 		rp = list_entry(l, struct smack_rule, list);
1725 		list_del(&rp->list);
1726 		kfree(rp);
1727 	}
1728 	kfree(tsp);
1729 }
1730 
1731 /**
1732  * smack_cred_prepare - prepare new set of credentials for modification
1733  * @new: the new credentials
1734  * @old: the original credentials
1735  * @gfp: the atomicity of any memory allocations
1736  *
1737  * Prepare a new set of credentials for modification.
1738  */
1739 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1740 			      gfp_t gfp)
1741 {
1742 	struct task_smack *old_tsp = old->security;
1743 	struct task_smack *new_tsp;
1744 	int rc;
1745 
1746 	new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1747 	if (new_tsp == NULL)
1748 		return -ENOMEM;
1749 
1750 	rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1751 	if (rc != 0)
1752 		return rc;
1753 
1754 	new->security = new_tsp;
1755 	return 0;
1756 }
1757 
1758 /**
1759  * smack_cred_transfer - Transfer the old credentials to the new credentials
1760  * @new: the new credentials
1761  * @old: the original credentials
1762  *
1763  * Fill in a set of blank credentials from another set of credentials.
1764  */
1765 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1766 {
1767 	struct task_smack *old_tsp = old->security;
1768 	struct task_smack *new_tsp = new->security;
1769 
1770 	new_tsp->smk_task = old_tsp->smk_task;
1771 	new_tsp->smk_forked = old_tsp->smk_task;
1772 	mutex_init(&new_tsp->smk_rules_lock);
1773 	INIT_LIST_HEAD(&new_tsp->smk_rules);
1774 
1775 
1776 	/* cbs copy rule list */
1777 }
1778 
1779 /**
1780  * smack_kernel_act_as - Set the subjective context in a set of credentials
1781  * @new: points to the set of credentials to be modified.
1782  * @secid: specifies the security ID to be set
1783  *
1784  * Set the security data for a kernel service.
1785  */
1786 static int smack_kernel_act_as(struct cred *new, u32 secid)
1787 {
1788 	struct task_smack *new_tsp = new->security;
1789 	struct smack_known *skp = smack_from_secid(secid);
1790 
1791 	if (skp == NULL)
1792 		return -EINVAL;
1793 
1794 	new_tsp->smk_task = skp;
1795 	return 0;
1796 }
1797 
1798 /**
1799  * smack_kernel_create_files_as - Set the file creation label in a set of creds
1800  * @new: points to the set of credentials to be modified
1801  * @inode: points to the inode to use as a reference
1802  *
1803  * Set the file creation context in a set of credentials to the same
1804  * as the objective context of the specified inode
1805  */
1806 static int smack_kernel_create_files_as(struct cred *new,
1807 					struct inode *inode)
1808 {
1809 	struct inode_smack *isp = inode->i_security;
1810 	struct task_smack *tsp = new->security;
1811 
1812 	tsp->smk_forked = isp->smk_inode;
1813 	tsp->smk_task = tsp->smk_forked;
1814 	return 0;
1815 }
1816 
1817 /**
1818  * smk_curacc_on_task - helper to log task related access
1819  * @p: the task object
1820  * @access: the access requested
1821  * @caller: name of the calling function for audit
1822  *
1823  * Return 0 if access is permitted
1824  */
1825 static int smk_curacc_on_task(struct task_struct *p, int access,
1826 				const char *caller)
1827 {
1828 	struct smk_audit_info ad;
1829 	struct smack_known *skp = smk_of_task(task_security(p));
1830 	int rc;
1831 
1832 	smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1833 	smk_ad_setfield_u_tsk(&ad, p);
1834 	rc = smk_curacc(skp, access, &ad);
1835 	rc = smk_bu_task(p, access, rc);
1836 	return rc;
1837 }
1838 
1839 /**
1840  * smack_task_setpgid - Smack check on setting pgid
1841  * @p: the task object
1842  * @pgid: unused
1843  *
1844  * Return 0 if write access is permitted
1845  */
1846 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1847 {
1848 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1849 }
1850 
1851 /**
1852  * smack_task_getpgid - Smack access check for getpgid
1853  * @p: the object task
1854  *
1855  * Returns 0 if current can read the object task, error code otherwise
1856  */
1857 static int smack_task_getpgid(struct task_struct *p)
1858 {
1859 	return smk_curacc_on_task(p, MAY_READ, __func__);
1860 }
1861 
1862 /**
1863  * smack_task_getsid - Smack access check for getsid
1864  * @p: the object task
1865  *
1866  * Returns 0 if current can read the object task, error code otherwise
1867  */
1868 static int smack_task_getsid(struct task_struct *p)
1869 {
1870 	return smk_curacc_on_task(p, MAY_READ, __func__);
1871 }
1872 
1873 /**
1874  * smack_task_getsecid - get the secid of the task
1875  * @p: the object task
1876  * @secid: where to put the result
1877  *
1878  * Sets the secid to contain a u32 version of the smack label.
1879  */
1880 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1881 {
1882 	struct smack_known *skp = smk_of_task(task_security(p));
1883 
1884 	*secid = skp->smk_secid;
1885 }
1886 
1887 /**
1888  * smack_task_setnice - Smack check on setting nice
1889  * @p: the task object
1890  * @nice: unused
1891  *
1892  * Return 0 if write access is permitted
1893  */
1894 static int smack_task_setnice(struct task_struct *p, int nice)
1895 {
1896 	int rc;
1897 
1898 	rc = cap_task_setnice(p, nice);
1899 	if (rc == 0)
1900 		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1901 	return rc;
1902 }
1903 
1904 /**
1905  * smack_task_setioprio - Smack check on setting ioprio
1906  * @p: the task object
1907  * @ioprio: unused
1908  *
1909  * Return 0 if write access is permitted
1910  */
1911 static int smack_task_setioprio(struct task_struct *p, int ioprio)
1912 {
1913 	int rc;
1914 
1915 	rc = cap_task_setioprio(p, ioprio);
1916 	if (rc == 0)
1917 		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1918 	return rc;
1919 }
1920 
1921 /**
1922  * smack_task_getioprio - Smack check on reading ioprio
1923  * @p: the task object
1924  *
1925  * Return 0 if read access is permitted
1926  */
1927 static int smack_task_getioprio(struct task_struct *p)
1928 {
1929 	return smk_curacc_on_task(p, MAY_READ, __func__);
1930 }
1931 
1932 /**
1933  * smack_task_setscheduler - Smack check on setting scheduler
1934  * @p: the task object
1935  * @policy: unused
1936  * @lp: unused
1937  *
1938  * Return 0 if read access is permitted
1939  */
1940 static int smack_task_setscheduler(struct task_struct *p)
1941 {
1942 	int rc;
1943 
1944 	rc = cap_task_setscheduler(p);
1945 	if (rc == 0)
1946 		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1947 	return rc;
1948 }
1949 
1950 /**
1951  * smack_task_getscheduler - Smack check on reading scheduler
1952  * @p: the task object
1953  *
1954  * Return 0 if read access is permitted
1955  */
1956 static int smack_task_getscheduler(struct task_struct *p)
1957 {
1958 	return smk_curacc_on_task(p, MAY_READ, __func__);
1959 }
1960 
1961 /**
1962  * smack_task_movememory - Smack check on moving memory
1963  * @p: the task object
1964  *
1965  * Return 0 if write access is permitted
1966  */
1967 static int smack_task_movememory(struct task_struct *p)
1968 {
1969 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1970 }
1971 
1972 /**
1973  * smack_task_kill - Smack check on signal delivery
1974  * @p: the task object
1975  * @info: unused
1976  * @sig: unused
1977  * @secid: identifies the smack to use in lieu of current's
1978  *
1979  * Return 0 if write access is permitted
1980  *
1981  * The secid behavior is an artifact of an SELinux hack
1982  * in the USB code. Someday it may go away.
1983  */
1984 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1985 			   int sig, u32 secid)
1986 {
1987 	struct smk_audit_info ad;
1988 	struct smack_known *skp;
1989 	struct smack_known *tkp = smk_of_task(task_security(p));
1990 	int rc;
1991 
1992 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1993 	smk_ad_setfield_u_tsk(&ad, p);
1994 	/*
1995 	 * Sending a signal requires that the sender
1996 	 * can write the receiver.
1997 	 */
1998 	if (secid == 0) {
1999 		rc = smk_curacc(tkp, MAY_WRITE, &ad);
2000 		rc = smk_bu_task(p, MAY_WRITE, rc);
2001 		return rc;
2002 	}
2003 	/*
2004 	 * If the secid isn't 0 we're dealing with some USB IO
2005 	 * specific behavior. This is not clean. For one thing
2006 	 * we can't take privilege into account.
2007 	 */
2008 	skp = smack_from_secid(secid);
2009 	rc = smk_access(skp, tkp, MAY_WRITE, &ad);
2010 	rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc);
2011 	return rc;
2012 }
2013 
2014 /**
2015  * smack_task_wait - Smack access check for waiting
2016  * @p: task to wait for
2017  *
2018  * Returns 0
2019  */
2020 static int smack_task_wait(struct task_struct *p)
2021 {
2022 	/*
2023 	 * Allow the operation to succeed.
2024 	 * Zombies are bad.
2025 	 * In userless environments (e.g. phones) programs
2026 	 * get marked with SMACK64EXEC and even if the parent
2027 	 * and child shouldn't be talking the parent still
2028 	 * may expect to know when the child exits.
2029 	 */
2030 	return 0;
2031 }
2032 
2033 /**
2034  * smack_task_to_inode - copy task smack into the inode blob
2035  * @p: task to copy from
2036  * @inode: inode to copy to
2037  *
2038  * Sets the smack pointer in the inode security blob
2039  */
2040 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2041 {
2042 	struct inode_smack *isp = inode->i_security;
2043 	struct smack_known *skp = smk_of_task(task_security(p));
2044 
2045 	isp->smk_inode = skp;
2046 }
2047 
2048 /*
2049  * Socket hooks.
2050  */
2051 
2052 /**
2053  * smack_sk_alloc_security - Allocate a socket blob
2054  * @sk: the socket
2055  * @family: unused
2056  * @gfp_flags: memory allocation flags
2057  *
2058  * Assign Smack pointers to current
2059  *
2060  * Returns 0 on success, -ENOMEM is there's no memory
2061  */
2062 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2063 {
2064 	struct smack_known *skp = smk_of_current();
2065 	struct socket_smack *ssp;
2066 
2067 	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2068 	if (ssp == NULL)
2069 		return -ENOMEM;
2070 
2071 	ssp->smk_in = skp;
2072 	ssp->smk_out = skp;
2073 	ssp->smk_packet = NULL;
2074 
2075 	sk->sk_security = ssp;
2076 
2077 	return 0;
2078 }
2079 
2080 /**
2081  * smack_sk_free_security - Free a socket blob
2082  * @sk: the socket
2083  *
2084  * Clears the blob pointer
2085  */
2086 static void smack_sk_free_security(struct sock *sk)
2087 {
2088 	kfree(sk->sk_security);
2089 }
2090 
2091 /**
2092 * smack_host_label - check host based restrictions
2093 * @sip: the object end
2094 *
2095 * looks for host based access restrictions
2096 *
2097 * This version will only be appropriate for really small sets of single label
2098 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2099 * taken before calling this function.
2100 *
2101 * Returns the label of the far end or NULL if it's not special.
2102 */
2103 static struct smack_known *smack_host_label(struct sockaddr_in *sip)
2104 {
2105 	struct smk_netlbladdr *snp;
2106 	struct in_addr *siap = &sip->sin_addr;
2107 
2108 	if (siap->s_addr == 0)
2109 		return NULL;
2110 
2111 	list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
2112 		/*
2113 		* we break after finding the first match because
2114 		* the list is sorted from longest to shortest mask
2115 		* so we have found the most specific match
2116 		*/
2117 		if ((&snp->smk_host.sin_addr)->s_addr ==
2118 		    (siap->s_addr & (&snp->smk_mask)->s_addr)) {
2119 			/* we have found the special CIPSO option */
2120 			if (snp->smk_label == &smack_cipso_option)
2121 				return NULL;
2122 			return snp->smk_label;
2123 		}
2124 
2125 	return NULL;
2126 }
2127 
2128 /**
2129  * smack_netlabel - Set the secattr on a socket
2130  * @sk: the socket
2131  * @labeled: socket label scheme
2132  *
2133  * Convert the outbound smack value (smk_out) to a
2134  * secattr and attach it to the socket.
2135  *
2136  * Returns 0 on success or an error code
2137  */
2138 static int smack_netlabel(struct sock *sk, int labeled)
2139 {
2140 	struct smack_known *skp;
2141 	struct socket_smack *ssp = sk->sk_security;
2142 	int rc = 0;
2143 
2144 	/*
2145 	 * Usually the netlabel code will handle changing the
2146 	 * packet labeling based on the label.
2147 	 * The case of a single label host is different, because
2148 	 * a single label host should never get a labeled packet
2149 	 * even though the label is usually associated with a packet
2150 	 * label.
2151 	 */
2152 	local_bh_disable();
2153 	bh_lock_sock_nested(sk);
2154 
2155 	if (ssp->smk_out == smack_net_ambient ||
2156 	    labeled == SMACK_UNLABELED_SOCKET)
2157 		netlbl_sock_delattr(sk);
2158 	else {
2159 		skp = ssp->smk_out;
2160 		rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2161 	}
2162 
2163 	bh_unlock_sock(sk);
2164 	local_bh_enable();
2165 
2166 	return rc;
2167 }
2168 
2169 /**
2170  * smack_netlbel_send - Set the secattr on a socket and perform access checks
2171  * @sk: the socket
2172  * @sap: the destination address
2173  *
2174  * Set the correct secattr for the given socket based on the destination
2175  * address and perform any outbound access checks needed.
2176  *
2177  * Returns 0 on success or an error code.
2178  *
2179  */
2180 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2181 {
2182 	struct smack_known *skp;
2183 	int rc;
2184 	int sk_lbl;
2185 	struct smack_known *hkp;
2186 	struct socket_smack *ssp = sk->sk_security;
2187 	struct smk_audit_info ad;
2188 
2189 	rcu_read_lock();
2190 	hkp = smack_host_label(sap);
2191 	if (hkp != NULL) {
2192 #ifdef CONFIG_AUDIT
2193 		struct lsm_network_audit net;
2194 
2195 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2196 		ad.a.u.net->family = sap->sin_family;
2197 		ad.a.u.net->dport = sap->sin_port;
2198 		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2199 #endif
2200 		sk_lbl = SMACK_UNLABELED_SOCKET;
2201 		skp = ssp->smk_out;
2202 		rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2203 		rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2204 	} else {
2205 		sk_lbl = SMACK_CIPSO_SOCKET;
2206 		rc = 0;
2207 	}
2208 	rcu_read_unlock();
2209 	if (rc != 0)
2210 		return rc;
2211 
2212 	return smack_netlabel(sk, sk_lbl);
2213 }
2214 
2215 /**
2216  * smk_ipv6_port_label - Smack port access table management
2217  * @sock: socket
2218  * @address: address
2219  *
2220  * Create or update the port list entry
2221  */
2222 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2223 {
2224 	struct sock *sk = sock->sk;
2225 	struct sockaddr_in6 *addr6;
2226 	struct socket_smack *ssp = sock->sk->sk_security;
2227 	struct smk_port_label *spp;
2228 	unsigned short port = 0;
2229 
2230 	if (address == NULL) {
2231 		/*
2232 		 * This operation is changing the Smack information
2233 		 * on the bound socket. Take the changes to the port
2234 		 * as well.
2235 		 */
2236 		list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2237 			if (sk != spp->smk_sock)
2238 				continue;
2239 			spp->smk_in = ssp->smk_in;
2240 			spp->smk_out = ssp->smk_out;
2241 			return;
2242 		}
2243 		/*
2244 		 * A NULL address is only used for updating existing
2245 		 * bound entries. If there isn't one, it's OK.
2246 		 */
2247 		return;
2248 	}
2249 
2250 	addr6 = (struct sockaddr_in6 *)address;
2251 	port = ntohs(addr6->sin6_port);
2252 	/*
2253 	 * This is a special case that is safely ignored.
2254 	 */
2255 	if (port == 0)
2256 		return;
2257 
2258 	/*
2259 	 * Look for an existing port list entry.
2260 	 * This is an indication that a port is getting reused.
2261 	 */
2262 	list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2263 		if (spp->smk_port != port)
2264 			continue;
2265 		spp->smk_port = port;
2266 		spp->smk_sock = sk;
2267 		spp->smk_in = ssp->smk_in;
2268 		spp->smk_out = ssp->smk_out;
2269 		return;
2270 	}
2271 
2272 	/*
2273 	 * A new port entry is required.
2274 	 */
2275 	spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2276 	if (spp == NULL)
2277 		return;
2278 
2279 	spp->smk_port = port;
2280 	spp->smk_sock = sk;
2281 	spp->smk_in = ssp->smk_in;
2282 	spp->smk_out = ssp->smk_out;
2283 
2284 	list_add(&spp->list, &smk_ipv6_port_list);
2285 	return;
2286 }
2287 
2288 /**
2289  * smk_ipv6_port_check - check Smack port access
2290  * @sock: socket
2291  * @address: address
2292  *
2293  * Create or update the port list entry
2294  */
2295 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2296 				int act)
2297 {
2298 	__be16 *bep;
2299 	__be32 *be32p;
2300 	struct smk_port_label *spp;
2301 	struct socket_smack *ssp = sk->sk_security;
2302 	struct smack_known *skp;
2303 	unsigned short port = 0;
2304 	struct smack_known *object;
2305 	struct smk_audit_info ad;
2306 	int rc;
2307 #ifdef CONFIG_AUDIT
2308 	struct lsm_network_audit net;
2309 #endif
2310 
2311 	if (act == SMK_RECEIVING) {
2312 		skp = smack_net_ambient;
2313 		object = ssp->smk_in;
2314 	} else {
2315 		skp = ssp->smk_out;
2316 		object = smack_net_ambient;
2317 	}
2318 
2319 	/*
2320 	 * Get the IP address and port from the address.
2321 	 */
2322 	port = ntohs(address->sin6_port);
2323 	bep = (__be16 *)(&address->sin6_addr);
2324 	be32p = (__be32 *)(&address->sin6_addr);
2325 
2326 	/*
2327 	 * It's remote, so port lookup does no good.
2328 	 */
2329 	if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1)
2330 		goto auditout;
2331 
2332 	/*
2333 	 * It's local so the send check has to have passed.
2334 	 */
2335 	if (act == SMK_RECEIVING) {
2336 		skp = &smack_known_web;
2337 		goto auditout;
2338 	}
2339 
2340 	list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2341 		if (spp->smk_port != port)
2342 			continue;
2343 		object = spp->smk_in;
2344 		if (act == SMK_CONNECTING)
2345 			ssp->smk_packet = spp->smk_out;
2346 		break;
2347 	}
2348 
2349 auditout:
2350 
2351 #ifdef CONFIG_AUDIT
2352 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2353 	ad.a.u.net->family = sk->sk_family;
2354 	ad.a.u.net->dport = port;
2355 	if (act == SMK_RECEIVING)
2356 		ad.a.u.net->v6info.saddr = address->sin6_addr;
2357 	else
2358 		ad.a.u.net->v6info.daddr = address->sin6_addr;
2359 #endif
2360 	rc = smk_access(skp, object, MAY_WRITE, &ad);
2361 	rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
2362 	return rc;
2363 }
2364 
2365 /**
2366  * smack_inode_setsecurity - set smack xattrs
2367  * @inode: the object
2368  * @name: attribute name
2369  * @value: attribute value
2370  * @size: size of the attribute
2371  * @flags: unused
2372  *
2373  * Sets the named attribute in the appropriate blob
2374  *
2375  * Returns 0 on success, or an error code
2376  */
2377 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2378 				   const void *value, size_t size, int flags)
2379 {
2380 	struct smack_known *skp;
2381 	struct inode_smack *nsp = inode->i_security;
2382 	struct socket_smack *ssp;
2383 	struct socket *sock;
2384 	int rc = 0;
2385 
2386 	if (value == NULL || size > SMK_LONGLABEL || size == 0)
2387 		return -EINVAL;
2388 
2389 	skp = smk_import_entry(value, size);
2390 	if (skp == NULL)
2391 		return -EINVAL;
2392 
2393 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2394 		nsp->smk_inode = skp;
2395 		nsp->smk_flags |= SMK_INODE_INSTANT;
2396 		return 0;
2397 	}
2398 	/*
2399 	 * The rest of the Smack xattrs are only on sockets.
2400 	 */
2401 	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2402 		return -EOPNOTSUPP;
2403 
2404 	sock = SOCKET_I(inode);
2405 	if (sock == NULL || sock->sk == NULL)
2406 		return -EOPNOTSUPP;
2407 
2408 	ssp = sock->sk->sk_security;
2409 
2410 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2411 		ssp->smk_in = skp;
2412 	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2413 		ssp->smk_out = skp;
2414 		if (sock->sk->sk_family == PF_INET) {
2415 			rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2416 			if (rc != 0)
2417 				printk(KERN_WARNING
2418 					"Smack: \"%s\" netlbl error %d.\n",
2419 					__func__, -rc);
2420 		}
2421 	} else
2422 		return -EOPNOTSUPP;
2423 
2424 	if (sock->sk->sk_family == PF_INET6)
2425 		smk_ipv6_port_label(sock, NULL);
2426 
2427 	return 0;
2428 }
2429 
2430 /**
2431  * smack_socket_post_create - finish socket setup
2432  * @sock: the socket
2433  * @family: protocol family
2434  * @type: unused
2435  * @protocol: unused
2436  * @kern: unused
2437  *
2438  * Sets the netlabel information on the socket
2439  *
2440  * Returns 0 on success, and error code otherwise
2441  */
2442 static int smack_socket_post_create(struct socket *sock, int family,
2443 				    int type, int protocol, int kern)
2444 {
2445 	if (family != PF_INET || sock->sk == NULL)
2446 		return 0;
2447 	/*
2448 	 * Set the outbound netlbl.
2449 	 */
2450 	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2451 }
2452 
2453 /**
2454  * smack_socket_bind - record port binding information.
2455  * @sock: the socket
2456  * @address: the port address
2457  * @addrlen: size of the address
2458  *
2459  * Records the label bound to a port.
2460  *
2461  * Returns 0
2462  */
2463 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2464 				int addrlen)
2465 {
2466 	if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2467 		smk_ipv6_port_label(sock, address);
2468 
2469 	return 0;
2470 }
2471 
2472 /**
2473  * smack_socket_connect - connect access check
2474  * @sock: the socket
2475  * @sap: the other end
2476  * @addrlen: size of sap
2477  *
2478  * Verifies that a connection may be possible
2479  *
2480  * Returns 0 on success, and error code otherwise
2481  */
2482 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2483 				int addrlen)
2484 {
2485 	int rc = 0;
2486 
2487 	if (sock->sk == NULL)
2488 		return 0;
2489 
2490 	switch (sock->sk->sk_family) {
2491 	case PF_INET:
2492 		if (addrlen < sizeof(struct sockaddr_in))
2493 			return -EINVAL;
2494 		rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2495 		break;
2496 	case PF_INET6:
2497 		if (addrlen < sizeof(struct sockaddr_in6))
2498 			return -EINVAL;
2499 		rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
2500 						SMK_CONNECTING);
2501 		break;
2502 	}
2503 	return rc;
2504 }
2505 
2506 /**
2507  * smack_flags_to_may - convert S_ to MAY_ values
2508  * @flags: the S_ value
2509  *
2510  * Returns the equivalent MAY_ value
2511  */
2512 static int smack_flags_to_may(int flags)
2513 {
2514 	int may = 0;
2515 
2516 	if (flags & S_IRUGO)
2517 		may |= MAY_READ;
2518 	if (flags & S_IWUGO)
2519 		may |= MAY_WRITE;
2520 	if (flags & S_IXUGO)
2521 		may |= MAY_EXEC;
2522 
2523 	return may;
2524 }
2525 
2526 /**
2527  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2528  * @msg: the object
2529  *
2530  * Returns 0
2531  */
2532 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2533 {
2534 	struct smack_known *skp = smk_of_current();
2535 
2536 	msg->security = skp;
2537 	return 0;
2538 }
2539 
2540 /**
2541  * smack_msg_msg_free_security - Clear the security blob for msg_msg
2542  * @msg: the object
2543  *
2544  * Clears the blob pointer
2545  */
2546 static void smack_msg_msg_free_security(struct msg_msg *msg)
2547 {
2548 	msg->security = NULL;
2549 }
2550 
2551 /**
2552  * smack_of_shm - the smack pointer for the shm
2553  * @shp: the object
2554  *
2555  * Returns a pointer to the smack value
2556  */
2557 static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
2558 {
2559 	return (struct smack_known *)shp->shm_perm.security;
2560 }
2561 
2562 /**
2563  * smack_shm_alloc_security - Set the security blob for shm
2564  * @shp: the object
2565  *
2566  * Returns 0
2567  */
2568 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2569 {
2570 	struct kern_ipc_perm *isp = &shp->shm_perm;
2571 	struct smack_known *skp = smk_of_current();
2572 
2573 	isp->security = skp;
2574 	return 0;
2575 }
2576 
2577 /**
2578  * smack_shm_free_security - Clear the security blob for shm
2579  * @shp: the object
2580  *
2581  * Clears the blob pointer
2582  */
2583 static void smack_shm_free_security(struct shmid_kernel *shp)
2584 {
2585 	struct kern_ipc_perm *isp = &shp->shm_perm;
2586 
2587 	isp->security = NULL;
2588 }
2589 
2590 /**
2591  * smk_curacc_shm : check if current has access on shm
2592  * @shp : the object
2593  * @access : access requested
2594  *
2595  * Returns 0 if current has the requested access, error code otherwise
2596  */
2597 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2598 {
2599 	struct smack_known *ssp = smack_of_shm(shp);
2600 	struct smk_audit_info ad;
2601 	int rc;
2602 
2603 #ifdef CONFIG_AUDIT
2604 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2605 	ad.a.u.ipc_id = shp->shm_perm.id;
2606 #endif
2607 	rc = smk_curacc(ssp, access, &ad);
2608 	rc = smk_bu_current("shm", ssp, access, rc);
2609 	return rc;
2610 }
2611 
2612 /**
2613  * smack_shm_associate - Smack access check for shm
2614  * @shp: the object
2615  * @shmflg: access requested
2616  *
2617  * Returns 0 if current has the requested access, error code otherwise
2618  */
2619 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2620 {
2621 	int may;
2622 
2623 	may = smack_flags_to_may(shmflg);
2624 	return smk_curacc_shm(shp, may);
2625 }
2626 
2627 /**
2628  * smack_shm_shmctl - Smack access check for shm
2629  * @shp: the object
2630  * @cmd: what it wants to do
2631  *
2632  * Returns 0 if current has the requested access, error code otherwise
2633  */
2634 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2635 {
2636 	int may;
2637 
2638 	switch (cmd) {
2639 	case IPC_STAT:
2640 	case SHM_STAT:
2641 		may = MAY_READ;
2642 		break;
2643 	case IPC_SET:
2644 	case SHM_LOCK:
2645 	case SHM_UNLOCK:
2646 	case IPC_RMID:
2647 		may = MAY_READWRITE;
2648 		break;
2649 	case IPC_INFO:
2650 	case SHM_INFO:
2651 		/*
2652 		 * System level information.
2653 		 */
2654 		return 0;
2655 	default:
2656 		return -EINVAL;
2657 	}
2658 	return smk_curacc_shm(shp, may);
2659 }
2660 
2661 /**
2662  * smack_shm_shmat - Smack access for shmat
2663  * @shp: the object
2664  * @shmaddr: unused
2665  * @shmflg: access requested
2666  *
2667  * Returns 0 if current has the requested access, error code otherwise
2668  */
2669 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2670 			   int shmflg)
2671 {
2672 	int may;
2673 
2674 	may = smack_flags_to_may(shmflg);
2675 	return smk_curacc_shm(shp, may);
2676 }
2677 
2678 /**
2679  * smack_of_sem - the smack pointer for the sem
2680  * @sma: the object
2681  *
2682  * Returns a pointer to the smack value
2683  */
2684 static struct smack_known *smack_of_sem(struct sem_array *sma)
2685 {
2686 	return (struct smack_known *)sma->sem_perm.security;
2687 }
2688 
2689 /**
2690  * smack_sem_alloc_security - Set the security blob for sem
2691  * @sma: the object
2692  *
2693  * Returns 0
2694  */
2695 static int smack_sem_alloc_security(struct sem_array *sma)
2696 {
2697 	struct kern_ipc_perm *isp = &sma->sem_perm;
2698 	struct smack_known *skp = smk_of_current();
2699 
2700 	isp->security = skp;
2701 	return 0;
2702 }
2703 
2704 /**
2705  * smack_sem_free_security - Clear the security blob for sem
2706  * @sma: the object
2707  *
2708  * Clears the blob pointer
2709  */
2710 static void smack_sem_free_security(struct sem_array *sma)
2711 {
2712 	struct kern_ipc_perm *isp = &sma->sem_perm;
2713 
2714 	isp->security = NULL;
2715 }
2716 
2717 /**
2718  * smk_curacc_sem : check if current has access on sem
2719  * @sma : the object
2720  * @access : access requested
2721  *
2722  * Returns 0 if current has the requested access, error code otherwise
2723  */
2724 static int smk_curacc_sem(struct sem_array *sma, int access)
2725 {
2726 	struct smack_known *ssp = smack_of_sem(sma);
2727 	struct smk_audit_info ad;
2728 	int rc;
2729 
2730 #ifdef CONFIG_AUDIT
2731 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2732 	ad.a.u.ipc_id = sma->sem_perm.id;
2733 #endif
2734 	rc = smk_curacc(ssp, access, &ad);
2735 	rc = smk_bu_current("sem", ssp, access, rc);
2736 	return rc;
2737 }
2738 
2739 /**
2740  * smack_sem_associate - Smack access check for sem
2741  * @sma: the object
2742  * @semflg: access requested
2743  *
2744  * Returns 0 if current has the requested access, error code otherwise
2745  */
2746 static int smack_sem_associate(struct sem_array *sma, int semflg)
2747 {
2748 	int may;
2749 
2750 	may = smack_flags_to_may(semflg);
2751 	return smk_curacc_sem(sma, may);
2752 }
2753 
2754 /**
2755  * smack_sem_shmctl - Smack access check for sem
2756  * @sma: the object
2757  * @cmd: what it wants to do
2758  *
2759  * Returns 0 if current has the requested access, error code otherwise
2760  */
2761 static int smack_sem_semctl(struct sem_array *sma, int cmd)
2762 {
2763 	int may;
2764 
2765 	switch (cmd) {
2766 	case GETPID:
2767 	case GETNCNT:
2768 	case GETZCNT:
2769 	case GETVAL:
2770 	case GETALL:
2771 	case IPC_STAT:
2772 	case SEM_STAT:
2773 		may = MAY_READ;
2774 		break;
2775 	case SETVAL:
2776 	case SETALL:
2777 	case IPC_RMID:
2778 	case IPC_SET:
2779 		may = MAY_READWRITE;
2780 		break;
2781 	case IPC_INFO:
2782 	case SEM_INFO:
2783 		/*
2784 		 * System level information
2785 		 */
2786 		return 0;
2787 	default:
2788 		return -EINVAL;
2789 	}
2790 
2791 	return smk_curacc_sem(sma, may);
2792 }
2793 
2794 /**
2795  * smack_sem_semop - Smack checks of semaphore operations
2796  * @sma: the object
2797  * @sops: unused
2798  * @nsops: unused
2799  * @alter: unused
2800  *
2801  * Treated as read and write in all cases.
2802  *
2803  * Returns 0 if access is allowed, error code otherwise
2804  */
2805 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2806 			   unsigned nsops, int alter)
2807 {
2808 	return smk_curacc_sem(sma, MAY_READWRITE);
2809 }
2810 
2811 /**
2812  * smack_msg_alloc_security - Set the security blob for msg
2813  * @msq: the object
2814  *
2815  * Returns 0
2816  */
2817 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2818 {
2819 	struct kern_ipc_perm *kisp = &msq->q_perm;
2820 	struct smack_known *skp = smk_of_current();
2821 
2822 	kisp->security = skp;
2823 	return 0;
2824 }
2825 
2826 /**
2827  * smack_msg_free_security - Clear the security blob for msg
2828  * @msq: the object
2829  *
2830  * Clears the blob pointer
2831  */
2832 static void smack_msg_queue_free_security(struct msg_queue *msq)
2833 {
2834 	struct kern_ipc_perm *kisp = &msq->q_perm;
2835 
2836 	kisp->security = NULL;
2837 }
2838 
2839 /**
2840  * smack_of_msq - the smack pointer for the msq
2841  * @msq: the object
2842  *
2843  * Returns a pointer to the smack label entry
2844  */
2845 static struct smack_known *smack_of_msq(struct msg_queue *msq)
2846 {
2847 	return (struct smack_known *)msq->q_perm.security;
2848 }
2849 
2850 /**
2851  * smk_curacc_msq : helper to check if current has access on msq
2852  * @msq : the msq
2853  * @access : access requested
2854  *
2855  * return 0 if current has access, error otherwise
2856  */
2857 static int smk_curacc_msq(struct msg_queue *msq, int access)
2858 {
2859 	struct smack_known *msp = smack_of_msq(msq);
2860 	struct smk_audit_info ad;
2861 	int rc;
2862 
2863 #ifdef CONFIG_AUDIT
2864 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2865 	ad.a.u.ipc_id = msq->q_perm.id;
2866 #endif
2867 	rc = smk_curacc(msp, access, &ad);
2868 	rc = smk_bu_current("msq", msp, access, rc);
2869 	return rc;
2870 }
2871 
2872 /**
2873  * smack_msg_queue_associate - Smack access check for msg_queue
2874  * @msq: the object
2875  * @msqflg: access requested
2876  *
2877  * Returns 0 if current has the requested access, error code otherwise
2878  */
2879 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2880 {
2881 	int may;
2882 
2883 	may = smack_flags_to_may(msqflg);
2884 	return smk_curacc_msq(msq, may);
2885 }
2886 
2887 /**
2888  * smack_msg_queue_msgctl - Smack access check for msg_queue
2889  * @msq: the object
2890  * @cmd: what it wants to do
2891  *
2892  * Returns 0 if current has the requested access, error code otherwise
2893  */
2894 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2895 {
2896 	int may;
2897 
2898 	switch (cmd) {
2899 	case IPC_STAT:
2900 	case MSG_STAT:
2901 		may = MAY_READ;
2902 		break;
2903 	case IPC_SET:
2904 	case IPC_RMID:
2905 		may = MAY_READWRITE;
2906 		break;
2907 	case IPC_INFO:
2908 	case MSG_INFO:
2909 		/*
2910 		 * System level information
2911 		 */
2912 		return 0;
2913 	default:
2914 		return -EINVAL;
2915 	}
2916 
2917 	return smk_curacc_msq(msq, may);
2918 }
2919 
2920 /**
2921  * smack_msg_queue_msgsnd - Smack access check for msg_queue
2922  * @msq: the object
2923  * @msg: unused
2924  * @msqflg: access requested
2925  *
2926  * Returns 0 if current has the requested access, error code otherwise
2927  */
2928 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2929 				  int msqflg)
2930 {
2931 	int may;
2932 
2933 	may = smack_flags_to_may(msqflg);
2934 	return smk_curacc_msq(msq, may);
2935 }
2936 
2937 /**
2938  * smack_msg_queue_msgsnd - Smack access check for msg_queue
2939  * @msq: the object
2940  * @msg: unused
2941  * @target: unused
2942  * @type: unused
2943  * @mode: unused
2944  *
2945  * Returns 0 if current has read and write access, error code otherwise
2946  */
2947 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2948 			struct task_struct *target, long type, int mode)
2949 {
2950 	return smk_curacc_msq(msq, MAY_READWRITE);
2951 }
2952 
2953 /**
2954  * smack_ipc_permission - Smack access for ipc_permission()
2955  * @ipp: the object permissions
2956  * @flag: access requested
2957  *
2958  * Returns 0 if current has read and write access, error code otherwise
2959  */
2960 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2961 {
2962 	struct smack_known *iskp = ipp->security;
2963 	int may = smack_flags_to_may(flag);
2964 	struct smk_audit_info ad;
2965 	int rc;
2966 
2967 #ifdef CONFIG_AUDIT
2968 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2969 	ad.a.u.ipc_id = ipp->id;
2970 #endif
2971 	rc = smk_curacc(iskp, may, &ad);
2972 	rc = smk_bu_current("svipc", iskp, may, rc);
2973 	return rc;
2974 }
2975 
2976 /**
2977  * smack_ipc_getsecid - Extract smack security id
2978  * @ipp: the object permissions
2979  * @secid: where result will be saved
2980  */
2981 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2982 {
2983 	struct smack_known *iskp = ipp->security;
2984 
2985 	*secid = iskp->smk_secid;
2986 }
2987 
2988 /**
2989  * smack_d_instantiate - Make sure the blob is correct on an inode
2990  * @opt_dentry: dentry where inode will be attached
2991  * @inode: the object
2992  *
2993  * Set the inode's security blob if it hasn't been done already.
2994  */
2995 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2996 {
2997 	struct super_block *sbp;
2998 	struct superblock_smack *sbsp;
2999 	struct inode_smack *isp;
3000 	struct smack_known *skp;
3001 	struct smack_known *ckp = smk_of_current();
3002 	struct smack_known *final;
3003 	char trattr[TRANS_TRUE_SIZE];
3004 	int transflag = 0;
3005 	int rc;
3006 	struct dentry *dp;
3007 
3008 	if (inode == NULL)
3009 		return;
3010 
3011 	isp = inode->i_security;
3012 
3013 	mutex_lock(&isp->smk_lock);
3014 	/*
3015 	 * If the inode is already instantiated
3016 	 * take the quick way out
3017 	 */
3018 	if (isp->smk_flags & SMK_INODE_INSTANT)
3019 		goto unlockandout;
3020 
3021 	sbp = inode->i_sb;
3022 	sbsp = sbp->s_security;
3023 	/*
3024 	 * We're going to use the superblock default label
3025 	 * if there's no label on the file.
3026 	 */
3027 	final = sbsp->smk_default;
3028 
3029 	/*
3030 	 * If this is the root inode the superblock
3031 	 * may be in the process of initialization.
3032 	 * If that is the case use the root value out
3033 	 * of the superblock.
3034 	 */
3035 	if (opt_dentry->d_parent == opt_dentry) {
3036 		if (sbp->s_magic == CGROUP_SUPER_MAGIC) {
3037 			/*
3038 			 * The cgroup filesystem is never mounted,
3039 			 * so there's no opportunity to set the mount
3040 			 * options.
3041 			 */
3042 			sbsp->smk_root = &smack_known_star;
3043 			sbsp->smk_default = &smack_known_star;
3044 		}
3045 		isp->smk_inode = sbsp->smk_root;
3046 		isp->smk_flags |= SMK_INODE_INSTANT;
3047 		goto unlockandout;
3048 	}
3049 
3050 	/*
3051 	 * This is pretty hackish.
3052 	 * Casey says that we shouldn't have to do
3053 	 * file system specific code, but it does help
3054 	 * with keeping it simple.
3055 	 */
3056 	switch (sbp->s_magic) {
3057 	case SMACK_MAGIC:
3058 	case PIPEFS_MAGIC:
3059 	case SOCKFS_MAGIC:
3060 	case CGROUP_SUPER_MAGIC:
3061 		/*
3062 		 * Casey says that it's a little embarrassing
3063 		 * that the smack file system doesn't do
3064 		 * extended attributes.
3065 		 *
3066 		 * Casey says pipes are easy (?)
3067 		 *
3068 		 * Socket access is controlled by the socket
3069 		 * structures associated with the task involved.
3070 		 *
3071 		 * Cgroupfs is special
3072 		 */
3073 		final = &smack_known_star;
3074 		break;
3075 	case DEVPTS_SUPER_MAGIC:
3076 		/*
3077 		 * devpts seems content with the label of the task.
3078 		 * Programs that change smack have to treat the
3079 		 * pty with respect.
3080 		 */
3081 		final = ckp;
3082 		break;
3083 	case PROC_SUPER_MAGIC:
3084 		/*
3085 		 * Casey says procfs appears not to care.
3086 		 * The superblock default suffices.
3087 		 */
3088 		break;
3089 	case TMPFS_MAGIC:
3090 		/*
3091 		 * Device labels should come from the filesystem,
3092 		 * but watch out, because they're volitile,
3093 		 * getting recreated on every reboot.
3094 		 */
3095 		final = &smack_known_star;
3096 		/*
3097 		 * No break.
3098 		 *
3099 		 * If a smack value has been set we want to use it,
3100 		 * but since tmpfs isn't giving us the opportunity
3101 		 * to set mount options simulate setting the
3102 		 * superblock default.
3103 		 */
3104 	default:
3105 		/*
3106 		 * This isn't an understood special case.
3107 		 * Get the value from the xattr.
3108 		 */
3109 
3110 		/*
3111 		 * UNIX domain sockets use lower level socket data.
3112 		 */
3113 		if (S_ISSOCK(inode->i_mode)) {
3114 			final = &smack_known_star;
3115 			break;
3116 		}
3117 		/*
3118 		 * No xattr support means, alas, no SMACK label.
3119 		 * Use the aforeapplied default.
3120 		 * It would be curious if the label of the task
3121 		 * does not match that assigned.
3122 		 */
3123 		if (inode->i_op->getxattr == NULL)
3124 			break;
3125 		/*
3126 		 * Get the dentry for xattr.
3127 		 */
3128 		dp = dget(opt_dentry);
3129 		skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3130 		if (skp != NULL)
3131 			final = skp;
3132 
3133 		/*
3134 		 * Transmuting directory
3135 		 */
3136 		if (S_ISDIR(inode->i_mode)) {
3137 			/*
3138 			 * If this is a new directory and the label was
3139 			 * transmuted when the inode was initialized
3140 			 * set the transmute attribute on the directory
3141 			 * and mark the inode.
3142 			 *
3143 			 * If there is a transmute attribute on the
3144 			 * directory mark the inode.
3145 			 */
3146 			if (isp->smk_flags & SMK_INODE_CHANGED) {
3147 				isp->smk_flags &= ~SMK_INODE_CHANGED;
3148 				rc = inode->i_op->setxattr(dp,
3149 					XATTR_NAME_SMACKTRANSMUTE,
3150 					TRANS_TRUE, TRANS_TRUE_SIZE,
3151 					0);
3152 			} else {
3153 				rc = inode->i_op->getxattr(dp,
3154 					XATTR_NAME_SMACKTRANSMUTE, trattr,
3155 					TRANS_TRUE_SIZE);
3156 				if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3157 						       TRANS_TRUE_SIZE) != 0)
3158 					rc = -EINVAL;
3159 			}
3160 			if (rc >= 0)
3161 				transflag = SMK_INODE_TRANSMUTE;
3162 		}
3163 		/*
3164 		 * Don't let the exec or mmap label be "*" or "@".
3165 		 */
3166 		skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3167 		if (skp == &smack_known_star || skp == &smack_known_web)
3168 			skp = NULL;
3169 		isp->smk_task = skp;
3170 		skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3171 		if (skp == &smack_known_star || skp == &smack_known_web)
3172 			skp = NULL;
3173 		isp->smk_mmap = skp;
3174 
3175 		dput(dp);
3176 		break;
3177 	}
3178 
3179 	if (final == NULL)
3180 		isp->smk_inode = ckp;
3181 	else
3182 		isp->smk_inode = final;
3183 
3184 	isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3185 
3186 unlockandout:
3187 	mutex_unlock(&isp->smk_lock);
3188 	return;
3189 }
3190 
3191 /**
3192  * smack_getprocattr - Smack process attribute access
3193  * @p: the object task
3194  * @name: the name of the attribute in /proc/.../attr
3195  * @value: where to put the result
3196  *
3197  * Places a copy of the task Smack into value
3198  *
3199  * Returns the length of the smack label or an error code
3200  */
3201 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3202 {
3203 	struct smack_known *skp = smk_of_task(task_security(p));
3204 	char *cp;
3205 	int slen;
3206 
3207 	if (strcmp(name, "current") != 0)
3208 		return -EINVAL;
3209 
3210 	cp = kstrdup(skp->smk_known, GFP_KERNEL);
3211 	if (cp == NULL)
3212 		return -ENOMEM;
3213 
3214 	slen = strlen(cp);
3215 	*value = cp;
3216 	return slen;
3217 }
3218 
3219 /**
3220  * smack_setprocattr - Smack process attribute setting
3221  * @p: the object task
3222  * @name: the name of the attribute in /proc/.../attr
3223  * @value: the value to set
3224  * @size: the size of the value
3225  *
3226  * Sets the Smack value of the task. Only setting self
3227  * is permitted and only with privilege
3228  *
3229  * Returns the length of the smack label or an error code
3230  */
3231 static int smack_setprocattr(struct task_struct *p, char *name,
3232 			     void *value, size_t size)
3233 {
3234 	struct task_smack *tsp;
3235 	struct cred *new;
3236 	struct smack_known *skp;
3237 
3238 	/*
3239 	 * Changing another process' Smack value is too dangerous
3240 	 * and supports no sane use case.
3241 	 */
3242 	if (p != current)
3243 		return -EPERM;
3244 
3245 	if (!smack_privileged(CAP_MAC_ADMIN))
3246 		return -EPERM;
3247 
3248 	if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3249 		return -EINVAL;
3250 
3251 	if (strcmp(name, "current") != 0)
3252 		return -EINVAL;
3253 
3254 	skp = smk_import_entry(value, size);
3255 	if (skp == NULL)
3256 		return -EINVAL;
3257 
3258 	/*
3259 	 * No process is ever allowed the web ("@") label.
3260 	 */
3261 	if (skp == &smack_known_web)
3262 		return -EPERM;
3263 
3264 	new = prepare_creds();
3265 	if (new == NULL)
3266 		return -ENOMEM;
3267 
3268 	tsp = new->security;
3269 	tsp->smk_task = skp;
3270 
3271 	commit_creds(new);
3272 	return size;
3273 }
3274 
3275 /**
3276  * smack_unix_stream_connect - Smack access on UDS
3277  * @sock: one sock
3278  * @other: the other sock
3279  * @newsk: unused
3280  *
3281  * Return 0 if a subject with the smack of sock could access
3282  * an object with the smack of other, otherwise an error code
3283  */
3284 static int smack_unix_stream_connect(struct sock *sock,
3285 				     struct sock *other, struct sock *newsk)
3286 {
3287 	struct smack_known *skp;
3288 	struct smack_known *okp;
3289 	struct socket_smack *ssp = sock->sk_security;
3290 	struct socket_smack *osp = other->sk_security;
3291 	struct socket_smack *nsp = newsk->sk_security;
3292 	struct smk_audit_info ad;
3293 	int rc = 0;
3294 #ifdef CONFIG_AUDIT
3295 	struct lsm_network_audit net;
3296 #endif
3297 
3298 	if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3299 		skp = ssp->smk_out;
3300 		okp = osp->smk_out;
3301 #ifdef CONFIG_AUDIT
3302 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3303 		smk_ad_setfield_u_net_sk(&ad, other);
3304 #endif
3305 		rc = smk_access(skp, okp, MAY_WRITE, &ad);
3306 		rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3307 		if (rc == 0) {
3308 			rc = smk_access(okp, skp, MAY_WRITE, NULL);
3309 			rc = smk_bu_note("UDS connect", okp, skp,
3310 						MAY_WRITE, rc);
3311 		}
3312 	}
3313 
3314 	/*
3315 	 * Cross reference the peer labels for SO_PEERSEC.
3316 	 */
3317 	if (rc == 0) {
3318 		nsp->smk_packet = ssp->smk_out;
3319 		ssp->smk_packet = osp->smk_out;
3320 	}
3321 
3322 	return rc;
3323 }
3324 
3325 /**
3326  * smack_unix_may_send - Smack access on UDS
3327  * @sock: one socket
3328  * @other: the other socket
3329  *
3330  * Return 0 if a subject with the smack of sock could access
3331  * an object with the smack of other, otherwise an error code
3332  */
3333 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3334 {
3335 	struct socket_smack *ssp = sock->sk->sk_security;
3336 	struct socket_smack *osp = other->sk->sk_security;
3337 	struct smk_audit_info ad;
3338 	int rc;
3339 
3340 #ifdef CONFIG_AUDIT
3341 	struct lsm_network_audit net;
3342 
3343 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3344 	smk_ad_setfield_u_net_sk(&ad, other->sk);
3345 #endif
3346 
3347 	if (smack_privileged(CAP_MAC_OVERRIDE))
3348 		return 0;
3349 
3350 	rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3351 	rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3352 	return rc;
3353 }
3354 
3355 /**
3356  * smack_socket_sendmsg - Smack check based on destination host
3357  * @sock: the socket
3358  * @msg: the message
3359  * @size: the size of the message
3360  *
3361  * Return 0 if the current subject can write to the destination host.
3362  * For IPv4 this is only a question if the destination is a single label host.
3363  * For IPv6 this is a check against the label of the port.
3364  */
3365 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3366 				int size)
3367 {
3368 	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3369 	struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3370 	int rc = 0;
3371 
3372 	/*
3373 	 * Perfectly reasonable for this to be NULL
3374 	 */
3375 	if (sip == NULL)
3376 		return 0;
3377 
3378 	switch (sip->sin_family) {
3379 	case AF_INET:
3380 		rc = smack_netlabel_send(sock->sk, sip);
3381 		break;
3382 	case AF_INET6:
3383 		rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3384 		break;
3385 	}
3386 	return rc;
3387 }
3388 
3389 /**
3390  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3391  * @sap: netlabel secattr
3392  * @ssp: socket security information
3393  *
3394  * Returns a pointer to a Smack label entry found on the label list.
3395  */
3396 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3397 						struct socket_smack *ssp)
3398 {
3399 	struct smack_known *skp;
3400 	int found = 0;
3401 	int acat;
3402 	int kcat;
3403 
3404 	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3405 		/*
3406 		 * Looks like a CIPSO packet.
3407 		 * If there are flags but no level netlabel isn't
3408 		 * behaving the way we expect it to.
3409 		 *
3410 		 * Look it up in the label table
3411 		 * Without guidance regarding the smack value
3412 		 * for the packet fall back on the network
3413 		 * ambient value.
3414 		 */
3415 		rcu_read_lock();
3416 		list_for_each_entry(skp, &smack_known_list, list) {
3417 			if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3418 				continue;
3419 			/*
3420 			 * Compare the catsets. Use the netlbl APIs.
3421 			 */
3422 			if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3423 				if ((skp->smk_netlabel.flags &
3424 				     NETLBL_SECATTR_MLS_CAT) == 0)
3425 					found = 1;
3426 				break;
3427 			}
3428 			for (acat = -1, kcat = -1; acat == kcat; ) {
3429 				acat = netlbl_catmap_walk(sap->attr.mls.cat,
3430 							  acat + 1);
3431 				kcat = netlbl_catmap_walk(
3432 					skp->smk_netlabel.attr.mls.cat,
3433 					kcat + 1);
3434 				if (acat < 0 || kcat < 0)
3435 					break;
3436 			}
3437 			if (acat == kcat) {
3438 				found = 1;
3439 				break;
3440 			}
3441 		}
3442 		rcu_read_unlock();
3443 
3444 		if (found)
3445 			return skp;
3446 
3447 		if (ssp != NULL && ssp->smk_in == &smack_known_star)
3448 			return &smack_known_web;
3449 		return &smack_known_star;
3450 	}
3451 	if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
3452 		/*
3453 		 * Looks like a fallback, which gives us a secid.
3454 		 */
3455 		skp = smack_from_secid(sap->attr.secid);
3456 		/*
3457 		 * This has got to be a bug because it is
3458 		 * impossible to specify a fallback without
3459 		 * specifying the label, which will ensure
3460 		 * it has a secid, and the only way to get a
3461 		 * secid is from a fallback.
3462 		 */
3463 		BUG_ON(skp == NULL);
3464 		return skp;
3465 	}
3466 	/*
3467 	 * Without guidance regarding the smack value
3468 	 * for the packet fall back on the network
3469 	 * ambient value.
3470 	 */
3471 	return smack_net_ambient;
3472 }
3473 
3474 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3475 {
3476 	u8 nexthdr;
3477 	int offset;
3478 	int proto = -EINVAL;
3479 	struct ipv6hdr _ipv6h;
3480 	struct ipv6hdr *ip6;
3481 	__be16 frag_off;
3482 	struct tcphdr _tcph, *th;
3483 	struct udphdr _udph, *uh;
3484 	struct dccp_hdr _dccph, *dh;
3485 
3486 	sip->sin6_port = 0;
3487 
3488 	offset = skb_network_offset(skb);
3489 	ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3490 	if (ip6 == NULL)
3491 		return -EINVAL;
3492 	sip->sin6_addr = ip6->saddr;
3493 
3494 	nexthdr = ip6->nexthdr;
3495 	offset += sizeof(_ipv6h);
3496 	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3497 	if (offset < 0)
3498 		return -EINVAL;
3499 
3500 	proto = nexthdr;
3501 	switch (proto) {
3502 	case IPPROTO_TCP:
3503 		th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3504 		if (th != NULL)
3505 			sip->sin6_port = th->source;
3506 		break;
3507 	case IPPROTO_UDP:
3508 		uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3509 		if (uh != NULL)
3510 			sip->sin6_port = uh->source;
3511 		break;
3512 	case IPPROTO_DCCP:
3513 		dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3514 		if (dh != NULL)
3515 			sip->sin6_port = dh->dccph_sport;
3516 		break;
3517 	}
3518 	return proto;
3519 }
3520 
3521 /**
3522  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3523  * @sk: socket
3524  * @skb: packet
3525  *
3526  * Returns 0 if the packet should be delivered, an error code otherwise
3527  */
3528 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3529 {
3530 	struct netlbl_lsm_secattr secattr;
3531 	struct socket_smack *ssp = sk->sk_security;
3532 	struct smack_known *skp;
3533 	struct sockaddr_in6 sadd;
3534 	int rc = 0;
3535 	struct smk_audit_info ad;
3536 #ifdef CONFIG_AUDIT
3537 	struct lsm_network_audit net;
3538 #endif
3539 	switch (sk->sk_family) {
3540 	case PF_INET:
3541 		/*
3542 		 * Translate what netlabel gave us.
3543 		 */
3544 		netlbl_secattr_init(&secattr);
3545 
3546 		rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3547 		if (rc == 0)
3548 			skp = smack_from_secattr(&secattr, ssp);
3549 		else
3550 			skp = smack_net_ambient;
3551 
3552 		netlbl_secattr_destroy(&secattr);
3553 
3554 #ifdef CONFIG_AUDIT
3555 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3556 		ad.a.u.net->family = sk->sk_family;
3557 		ad.a.u.net->netif = skb->skb_iif;
3558 		ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3559 #endif
3560 		/*
3561 		 * Receiving a packet requires that the other end
3562 		 * be able to write here. Read access is not required.
3563 		 * This is the simplist possible security model
3564 		 * for networking.
3565 		 */
3566 		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3567 		rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3568 					MAY_WRITE, rc);
3569 		if (rc != 0)
3570 			netlbl_skbuff_err(skb, rc, 0);
3571 		break;
3572 	case PF_INET6:
3573 		rc = smk_skb_to_addr_ipv6(skb, &sadd);
3574 		if (rc == IPPROTO_UDP || rc == IPPROTO_TCP)
3575 			rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3576 		else
3577 			rc = 0;
3578 		break;
3579 	}
3580 	return rc;
3581 }
3582 
3583 /**
3584  * smack_socket_getpeersec_stream - pull in packet label
3585  * @sock: the socket
3586  * @optval: user's destination
3587  * @optlen: size thereof
3588  * @len: max thereof
3589  *
3590  * returns zero on success, an error code otherwise
3591  */
3592 static int smack_socket_getpeersec_stream(struct socket *sock,
3593 					  char __user *optval,
3594 					  int __user *optlen, unsigned len)
3595 {
3596 	struct socket_smack *ssp;
3597 	char *rcp = "";
3598 	int slen = 1;
3599 	int rc = 0;
3600 
3601 	ssp = sock->sk->sk_security;
3602 	if (ssp->smk_packet != NULL) {
3603 		rcp = ssp->smk_packet->smk_known;
3604 		slen = strlen(rcp) + 1;
3605 	}
3606 
3607 	if (slen > len)
3608 		rc = -ERANGE;
3609 	else if (copy_to_user(optval, rcp, slen) != 0)
3610 		rc = -EFAULT;
3611 
3612 	if (put_user(slen, optlen) != 0)
3613 		rc = -EFAULT;
3614 
3615 	return rc;
3616 }
3617 
3618 
3619 /**
3620  * smack_socket_getpeersec_dgram - pull in packet label
3621  * @sock: the peer socket
3622  * @skb: packet data
3623  * @secid: pointer to where to put the secid of the packet
3624  *
3625  * Sets the netlabel socket state on sk from parent
3626  */
3627 static int smack_socket_getpeersec_dgram(struct socket *sock,
3628 					 struct sk_buff *skb, u32 *secid)
3629 
3630 {
3631 	struct netlbl_lsm_secattr secattr;
3632 	struct socket_smack *ssp = NULL;
3633 	struct smack_known *skp;
3634 	int family = PF_UNSPEC;
3635 	u32 s = 0;	/* 0 is the invalid secid */
3636 	int rc;
3637 
3638 	if (skb != NULL) {
3639 		if (skb->protocol == htons(ETH_P_IP))
3640 			family = PF_INET;
3641 		else if (skb->protocol == htons(ETH_P_IPV6))
3642 			family = PF_INET6;
3643 	}
3644 	if (family == PF_UNSPEC && sock != NULL)
3645 		family = sock->sk->sk_family;
3646 
3647 	if (family == PF_UNIX) {
3648 		ssp = sock->sk->sk_security;
3649 		s = ssp->smk_out->smk_secid;
3650 	} else if (family == PF_INET || family == PF_INET6) {
3651 		/*
3652 		 * Translate what netlabel gave us.
3653 		 */
3654 		if (sock != NULL && sock->sk != NULL)
3655 			ssp = sock->sk->sk_security;
3656 		netlbl_secattr_init(&secattr);
3657 		rc = netlbl_skbuff_getattr(skb, family, &secattr);
3658 		if (rc == 0) {
3659 			skp = smack_from_secattr(&secattr, ssp);
3660 			s = skp->smk_secid;
3661 		}
3662 		netlbl_secattr_destroy(&secattr);
3663 	}
3664 	*secid = s;
3665 	if (s == 0)
3666 		return -EINVAL;
3667 	return 0;
3668 }
3669 
3670 /**
3671  * smack_sock_graft - Initialize a newly created socket with an existing sock
3672  * @sk: child sock
3673  * @parent: parent socket
3674  *
3675  * Set the smk_{in,out} state of an existing sock based on the process that
3676  * is creating the new socket.
3677  */
3678 static void smack_sock_graft(struct sock *sk, struct socket *parent)
3679 {
3680 	struct socket_smack *ssp;
3681 	struct smack_known *skp = smk_of_current();
3682 
3683 	if (sk == NULL ||
3684 	    (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3685 		return;
3686 
3687 	ssp = sk->sk_security;
3688 	ssp->smk_in = skp;
3689 	ssp->smk_out = skp;
3690 	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
3691 }
3692 
3693 /**
3694  * smack_inet_conn_request - Smack access check on connect
3695  * @sk: socket involved
3696  * @skb: packet
3697  * @req: unused
3698  *
3699  * Returns 0 if a task with the packet label could write to
3700  * the socket, otherwise an error code
3701  */
3702 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3703 				   struct request_sock *req)
3704 {
3705 	u16 family = sk->sk_family;
3706 	struct smack_known *skp;
3707 	struct socket_smack *ssp = sk->sk_security;
3708 	struct netlbl_lsm_secattr secattr;
3709 	struct sockaddr_in addr;
3710 	struct iphdr *hdr;
3711 	struct smack_known *hskp;
3712 	int rc;
3713 	struct smk_audit_info ad;
3714 #ifdef CONFIG_AUDIT
3715 	struct lsm_network_audit net;
3716 #endif
3717 
3718 	if (family == PF_INET6) {
3719 		/*
3720 		 * Handle mapped IPv4 packets arriving
3721 		 * via IPv6 sockets. Don't set up netlabel
3722 		 * processing on IPv6.
3723 		 */
3724 		if (skb->protocol == htons(ETH_P_IP))
3725 			family = PF_INET;
3726 		else
3727 			return 0;
3728 	}
3729 
3730 	netlbl_secattr_init(&secattr);
3731 	rc = netlbl_skbuff_getattr(skb, family, &secattr);
3732 	if (rc == 0)
3733 		skp = smack_from_secattr(&secattr, ssp);
3734 	else
3735 		skp = &smack_known_huh;
3736 	netlbl_secattr_destroy(&secattr);
3737 
3738 #ifdef CONFIG_AUDIT
3739 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3740 	ad.a.u.net->family = family;
3741 	ad.a.u.net->netif = skb->skb_iif;
3742 	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3743 #endif
3744 	/*
3745 	 * Receiving a packet requires that the other end be able to write
3746 	 * here. Read access is not required.
3747 	 */
3748 	rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3749 	rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
3750 	if (rc != 0)
3751 		return rc;
3752 
3753 	/*
3754 	 * Save the peer's label in the request_sock so we can later setup
3755 	 * smk_packet in the child socket so that SO_PEERCRED can report it.
3756 	 */
3757 	req->peer_secid = skp->smk_secid;
3758 
3759 	/*
3760 	 * We need to decide if we want to label the incoming connection here
3761 	 * if we do we only need to label the request_sock and the stack will
3762 	 * propagate the wire-label to the sock when it is created.
3763 	 */
3764 	hdr = ip_hdr(skb);
3765 	addr.sin_addr.s_addr = hdr->saddr;
3766 	rcu_read_lock();
3767 	hskp = smack_host_label(&addr);
3768 	rcu_read_unlock();
3769 
3770 	if (hskp == NULL)
3771 		rc = netlbl_req_setattr(req, &skp->smk_netlabel);
3772 	else
3773 		netlbl_req_delattr(req);
3774 
3775 	return rc;
3776 }
3777 
3778 /**
3779  * smack_inet_csk_clone - Copy the connection information to the new socket
3780  * @sk: the new socket
3781  * @req: the connection's request_sock
3782  *
3783  * Transfer the connection's peer label to the newly created socket.
3784  */
3785 static void smack_inet_csk_clone(struct sock *sk,
3786 				 const struct request_sock *req)
3787 {
3788 	struct socket_smack *ssp = sk->sk_security;
3789 	struct smack_known *skp;
3790 
3791 	if (req->peer_secid != 0) {
3792 		skp = smack_from_secid(req->peer_secid);
3793 		ssp->smk_packet = skp;
3794 	} else
3795 		ssp->smk_packet = NULL;
3796 }
3797 
3798 /*
3799  * Key management security hooks
3800  *
3801  * Casey has not tested key support very heavily.
3802  * The permission check is most likely too restrictive.
3803  * If you care about keys please have a look.
3804  */
3805 #ifdef CONFIG_KEYS
3806 
3807 /**
3808  * smack_key_alloc - Set the key security blob
3809  * @key: object
3810  * @cred: the credentials to use
3811  * @flags: unused
3812  *
3813  * No allocation required
3814  *
3815  * Returns 0
3816  */
3817 static int smack_key_alloc(struct key *key, const struct cred *cred,
3818 			   unsigned long flags)
3819 {
3820 	struct smack_known *skp = smk_of_task(cred->security);
3821 
3822 	key->security = skp;
3823 	return 0;
3824 }
3825 
3826 /**
3827  * smack_key_free - Clear the key security blob
3828  * @key: the object
3829  *
3830  * Clear the blob pointer
3831  */
3832 static void smack_key_free(struct key *key)
3833 {
3834 	key->security = NULL;
3835 }
3836 
3837 /*
3838  * smack_key_permission - Smack access on a key
3839  * @key_ref: gets to the object
3840  * @cred: the credentials to use
3841  * @perm: unused
3842  *
3843  * Return 0 if the task has read and write to the object,
3844  * an error code otherwise
3845  */
3846 static int smack_key_permission(key_ref_t key_ref,
3847 				const struct cred *cred, unsigned perm)
3848 {
3849 	struct key *keyp;
3850 	struct smk_audit_info ad;
3851 	struct smack_known *tkp = smk_of_task(cred->security);
3852 	int request = 0;
3853 	int rc;
3854 
3855 	keyp = key_ref_to_ptr(key_ref);
3856 	if (keyp == NULL)
3857 		return -EINVAL;
3858 	/*
3859 	 * If the key hasn't been initialized give it access so that
3860 	 * it may do so.
3861 	 */
3862 	if (keyp->security == NULL)
3863 		return 0;
3864 	/*
3865 	 * This should not occur
3866 	 */
3867 	if (tkp == NULL)
3868 		return -EACCES;
3869 #ifdef CONFIG_AUDIT
3870 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3871 	ad.a.u.key_struct.key = keyp->serial;
3872 	ad.a.u.key_struct.key_desc = keyp->description;
3873 #endif
3874 	if (perm & KEY_NEED_READ)
3875 		request = MAY_READ;
3876 	if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
3877 		request = MAY_WRITE;
3878 	rc = smk_access(tkp, keyp->security, request, &ad);
3879 	rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
3880 	return rc;
3881 }
3882 #endif /* CONFIG_KEYS */
3883 
3884 /*
3885  * Smack Audit hooks
3886  *
3887  * Audit requires a unique representation of each Smack specific
3888  * rule. This unique representation is used to distinguish the
3889  * object to be audited from remaining kernel objects and also
3890  * works as a glue between the audit hooks.
3891  *
3892  * Since repository entries are added but never deleted, we'll use
3893  * the smack_known label address related to the given audit rule as
3894  * the needed unique representation. This also better fits the smack
3895  * model where nearly everything is a label.
3896  */
3897 #ifdef CONFIG_AUDIT
3898 
3899 /**
3900  * smack_audit_rule_init - Initialize a smack audit rule
3901  * @field: audit rule fields given from user-space (audit.h)
3902  * @op: required testing operator (=, !=, >, <, ...)
3903  * @rulestr: smack label to be audited
3904  * @vrule: pointer to save our own audit rule representation
3905  *
3906  * Prepare to audit cases where (@field @op @rulestr) is true.
3907  * The label to be audited is created if necessay.
3908  */
3909 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3910 {
3911 	struct smack_known *skp;
3912 	char **rule = (char **)vrule;
3913 	*rule = NULL;
3914 
3915 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3916 		return -EINVAL;
3917 
3918 	if (op != Audit_equal && op != Audit_not_equal)
3919 		return -EINVAL;
3920 
3921 	skp = smk_import_entry(rulestr, 0);
3922 	if (skp)
3923 		*rule = skp->smk_known;
3924 
3925 	return 0;
3926 }
3927 
3928 /**
3929  * smack_audit_rule_known - Distinguish Smack audit rules
3930  * @krule: rule of interest, in Audit kernel representation format
3931  *
3932  * This is used to filter Smack rules from remaining Audit ones.
3933  * If it's proved that this rule belongs to us, the
3934  * audit_rule_match hook will be called to do the final judgement.
3935  */
3936 static int smack_audit_rule_known(struct audit_krule *krule)
3937 {
3938 	struct audit_field *f;
3939 	int i;
3940 
3941 	for (i = 0; i < krule->field_count; i++) {
3942 		f = &krule->fields[i];
3943 
3944 		if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3945 			return 1;
3946 	}
3947 
3948 	return 0;
3949 }
3950 
3951 /**
3952  * smack_audit_rule_match - Audit given object ?
3953  * @secid: security id for identifying the object to test
3954  * @field: audit rule flags given from user-space
3955  * @op: required testing operator
3956  * @vrule: smack internal rule presentation
3957  * @actx: audit context associated with the check
3958  *
3959  * The core Audit hook. It's used to take the decision of
3960  * whether to audit or not to audit a given object.
3961  */
3962 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3963 				  struct audit_context *actx)
3964 {
3965 	struct smack_known *skp;
3966 	char *rule = vrule;
3967 
3968 	if (unlikely(!rule)) {
3969 		WARN_ONCE(1, "Smack: missing rule\n");
3970 		return -ENOENT;
3971 	}
3972 
3973 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3974 		return 0;
3975 
3976 	skp = smack_from_secid(secid);
3977 
3978 	/*
3979 	 * No need to do string comparisons. If a match occurs,
3980 	 * both pointers will point to the same smack_known
3981 	 * label.
3982 	 */
3983 	if (op == Audit_equal)
3984 		return (rule == skp->smk_known);
3985 	if (op == Audit_not_equal)
3986 		return (rule != skp->smk_known);
3987 
3988 	return 0;
3989 }
3990 
3991 /**
3992  * smack_audit_rule_free - free smack rule representation
3993  * @vrule: rule to be freed.
3994  *
3995  * No memory was allocated.
3996  */
3997 static void smack_audit_rule_free(void *vrule)
3998 {
3999 	/* No-op */
4000 }
4001 
4002 #endif /* CONFIG_AUDIT */
4003 
4004 /**
4005  * smack_ismaclabel - check if xattr @name references a smack MAC label
4006  * @name: Full xattr name to check.
4007  */
4008 static int smack_ismaclabel(const char *name)
4009 {
4010 	return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4011 }
4012 
4013 
4014 /**
4015  * smack_secid_to_secctx - return the smack label for a secid
4016  * @secid: incoming integer
4017  * @secdata: destination
4018  * @seclen: how long it is
4019  *
4020  * Exists for networking code.
4021  */
4022 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4023 {
4024 	struct smack_known *skp = smack_from_secid(secid);
4025 
4026 	if (secdata)
4027 		*secdata = skp->smk_known;
4028 	*seclen = strlen(skp->smk_known);
4029 	return 0;
4030 }
4031 
4032 /**
4033  * smack_secctx_to_secid - return the secid for a smack label
4034  * @secdata: smack label
4035  * @seclen: how long result is
4036  * @secid: outgoing integer
4037  *
4038  * Exists for audit and networking code.
4039  */
4040 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4041 {
4042 	struct smack_known *skp = smk_find_entry(secdata);
4043 
4044 	if (skp)
4045 		*secid = skp->smk_secid;
4046 	else
4047 		*secid = 0;
4048 	return 0;
4049 }
4050 
4051 /**
4052  * smack_release_secctx - don't do anything.
4053  * @secdata: unused
4054  * @seclen: unused
4055  *
4056  * Exists to make sure nothing gets done, and properly
4057  */
4058 static void smack_release_secctx(char *secdata, u32 seclen)
4059 {
4060 }
4061 
4062 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4063 {
4064 	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4065 }
4066 
4067 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4068 {
4069 	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4070 }
4071 
4072 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4073 {
4074 	int len = 0;
4075 	len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4076 
4077 	if (len < 0)
4078 		return len;
4079 	*ctxlen = len;
4080 	return 0;
4081 }
4082 
4083 struct security_operations smack_ops = {
4084 	.name =				"smack",
4085 
4086 	.ptrace_access_check =		smack_ptrace_access_check,
4087 	.ptrace_traceme =		smack_ptrace_traceme,
4088 	.syslog = 			smack_syslog,
4089 
4090 	.sb_alloc_security = 		smack_sb_alloc_security,
4091 	.sb_free_security = 		smack_sb_free_security,
4092 	.sb_copy_data = 		smack_sb_copy_data,
4093 	.sb_kern_mount = 		smack_sb_kern_mount,
4094 	.sb_statfs = 			smack_sb_statfs,
4095 
4096 	.bprm_set_creds =		smack_bprm_set_creds,
4097 	.bprm_committing_creds =	smack_bprm_committing_creds,
4098 	.bprm_secureexec =		smack_bprm_secureexec,
4099 
4100 	.inode_alloc_security = 	smack_inode_alloc_security,
4101 	.inode_free_security = 		smack_inode_free_security,
4102 	.inode_init_security = 		smack_inode_init_security,
4103 	.inode_link = 			smack_inode_link,
4104 	.inode_unlink = 		smack_inode_unlink,
4105 	.inode_rmdir = 			smack_inode_rmdir,
4106 	.inode_rename = 		smack_inode_rename,
4107 	.inode_permission = 		smack_inode_permission,
4108 	.inode_setattr = 		smack_inode_setattr,
4109 	.inode_getattr = 		smack_inode_getattr,
4110 	.inode_setxattr = 		smack_inode_setxattr,
4111 	.inode_post_setxattr = 		smack_inode_post_setxattr,
4112 	.inode_getxattr = 		smack_inode_getxattr,
4113 	.inode_removexattr = 		smack_inode_removexattr,
4114 	.inode_getsecurity = 		smack_inode_getsecurity,
4115 	.inode_setsecurity = 		smack_inode_setsecurity,
4116 	.inode_listsecurity = 		smack_inode_listsecurity,
4117 	.inode_getsecid =		smack_inode_getsecid,
4118 
4119 	.file_permission = 		smack_file_permission,
4120 	.file_alloc_security = 		smack_file_alloc_security,
4121 	.file_free_security = 		smack_file_free_security,
4122 	.file_ioctl = 			smack_file_ioctl,
4123 	.file_lock = 			smack_file_lock,
4124 	.file_fcntl = 			smack_file_fcntl,
4125 	.mmap_file =			smack_mmap_file,
4126 	.mmap_addr =			cap_mmap_addr,
4127 	.file_set_fowner = 		smack_file_set_fowner,
4128 	.file_send_sigiotask = 		smack_file_send_sigiotask,
4129 	.file_receive = 		smack_file_receive,
4130 
4131 	.file_open =			smack_file_open,
4132 
4133 	.cred_alloc_blank =		smack_cred_alloc_blank,
4134 	.cred_free =			smack_cred_free,
4135 	.cred_prepare =			smack_cred_prepare,
4136 	.cred_transfer =		smack_cred_transfer,
4137 	.kernel_act_as =		smack_kernel_act_as,
4138 	.kernel_create_files_as =	smack_kernel_create_files_as,
4139 	.task_setpgid = 		smack_task_setpgid,
4140 	.task_getpgid = 		smack_task_getpgid,
4141 	.task_getsid = 			smack_task_getsid,
4142 	.task_getsecid = 		smack_task_getsecid,
4143 	.task_setnice = 		smack_task_setnice,
4144 	.task_setioprio = 		smack_task_setioprio,
4145 	.task_getioprio = 		smack_task_getioprio,
4146 	.task_setscheduler = 		smack_task_setscheduler,
4147 	.task_getscheduler = 		smack_task_getscheduler,
4148 	.task_movememory = 		smack_task_movememory,
4149 	.task_kill = 			smack_task_kill,
4150 	.task_wait = 			smack_task_wait,
4151 	.task_to_inode = 		smack_task_to_inode,
4152 
4153 	.ipc_permission = 		smack_ipc_permission,
4154 	.ipc_getsecid =			smack_ipc_getsecid,
4155 
4156 	.msg_msg_alloc_security = 	smack_msg_msg_alloc_security,
4157 	.msg_msg_free_security = 	smack_msg_msg_free_security,
4158 
4159 	.msg_queue_alloc_security = 	smack_msg_queue_alloc_security,
4160 	.msg_queue_free_security = 	smack_msg_queue_free_security,
4161 	.msg_queue_associate = 		smack_msg_queue_associate,
4162 	.msg_queue_msgctl = 		smack_msg_queue_msgctl,
4163 	.msg_queue_msgsnd = 		smack_msg_queue_msgsnd,
4164 	.msg_queue_msgrcv = 		smack_msg_queue_msgrcv,
4165 
4166 	.shm_alloc_security = 		smack_shm_alloc_security,
4167 	.shm_free_security = 		smack_shm_free_security,
4168 	.shm_associate = 		smack_shm_associate,
4169 	.shm_shmctl = 			smack_shm_shmctl,
4170 	.shm_shmat = 			smack_shm_shmat,
4171 
4172 	.sem_alloc_security = 		smack_sem_alloc_security,
4173 	.sem_free_security = 		smack_sem_free_security,
4174 	.sem_associate = 		smack_sem_associate,
4175 	.sem_semctl = 			smack_sem_semctl,
4176 	.sem_semop = 			smack_sem_semop,
4177 
4178 	.d_instantiate = 		smack_d_instantiate,
4179 
4180 	.getprocattr = 			smack_getprocattr,
4181 	.setprocattr = 			smack_setprocattr,
4182 
4183 	.unix_stream_connect = 		smack_unix_stream_connect,
4184 	.unix_may_send = 		smack_unix_may_send,
4185 
4186 	.socket_post_create = 		smack_socket_post_create,
4187 	.socket_bind =			smack_socket_bind,
4188 	.socket_connect =		smack_socket_connect,
4189 	.socket_sendmsg =		smack_socket_sendmsg,
4190 	.socket_sock_rcv_skb = 		smack_socket_sock_rcv_skb,
4191 	.socket_getpeersec_stream =	smack_socket_getpeersec_stream,
4192 	.socket_getpeersec_dgram =	smack_socket_getpeersec_dgram,
4193 	.sk_alloc_security = 		smack_sk_alloc_security,
4194 	.sk_free_security = 		smack_sk_free_security,
4195 	.sock_graft = 			smack_sock_graft,
4196 	.inet_conn_request = 		smack_inet_conn_request,
4197 	.inet_csk_clone =		smack_inet_csk_clone,
4198 
4199  /* key management security hooks */
4200 #ifdef CONFIG_KEYS
4201 	.key_alloc = 			smack_key_alloc,
4202 	.key_free = 			smack_key_free,
4203 	.key_permission = 		smack_key_permission,
4204 #endif /* CONFIG_KEYS */
4205 
4206  /* Audit hooks */
4207 #ifdef CONFIG_AUDIT
4208 	.audit_rule_init =		smack_audit_rule_init,
4209 	.audit_rule_known =		smack_audit_rule_known,
4210 	.audit_rule_match =		smack_audit_rule_match,
4211 	.audit_rule_free =		smack_audit_rule_free,
4212 #endif /* CONFIG_AUDIT */
4213 
4214 	.ismaclabel =			smack_ismaclabel,
4215 	.secid_to_secctx = 		smack_secid_to_secctx,
4216 	.secctx_to_secid = 		smack_secctx_to_secid,
4217 	.release_secctx = 		smack_release_secctx,
4218 	.inode_notifysecctx =		smack_inode_notifysecctx,
4219 	.inode_setsecctx =		smack_inode_setsecctx,
4220 	.inode_getsecctx =		smack_inode_getsecctx,
4221 };
4222 
4223 
4224 static __init void init_smack_known_list(void)
4225 {
4226 	/*
4227 	 * Initialize rule list locks
4228 	 */
4229 	mutex_init(&smack_known_huh.smk_rules_lock);
4230 	mutex_init(&smack_known_hat.smk_rules_lock);
4231 	mutex_init(&smack_known_floor.smk_rules_lock);
4232 	mutex_init(&smack_known_star.smk_rules_lock);
4233 	mutex_init(&smack_known_invalid.smk_rules_lock);
4234 	mutex_init(&smack_known_web.smk_rules_lock);
4235 	/*
4236 	 * Initialize rule lists
4237 	 */
4238 	INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4239 	INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4240 	INIT_LIST_HEAD(&smack_known_star.smk_rules);
4241 	INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4242 	INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
4243 	INIT_LIST_HEAD(&smack_known_web.smk_rules);
4244 	/*
4245 	 * Create the known labels list
4246 	 */
4247 	smk_insert_entry(&smack_known_huh);
4248 	smk_insert_entry(&smack_known_hat);
4249 	smk_insert_entry(&smack_known_star);
4250 	smk_insert_entry(&smack_known_floor);
4251 	smk_insert_entry(&smack_known_invalid);
4252 	smk_insert_entry(&smack_known_web);
4253 }
4254 
4255 /**
4256  * smack_init - initialize the smack system
4257  *
4258  * Returns 0
4259  */
4260 static __init int smack_init(void)
4261 {
4262 	struct cred *cred;
4263 	struct task_smack *tsp;
4264 
4265 	if (!security_module_enable(&smack_ops))
4266 		return 0;
4267 
4268 	smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4269 	if (!smack_inode_cache)
4270 		return -ENOMEM;
4271 
4272 	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4273 				GFP_KERNEL);
4274 	if (tsp == NULL) {
4275 		kmem_cache_destroy(smack_inode_cache);
4276 		return -ENOMEM;
4277 	}
4278 
4279 	printk(KERN_INFO "Smack:  Initializing.\n");
4280 
4281 	/*
4282 	 * Set the security state for the initial task.
4283 	 */
4284 	cred = (struct cred *) current->cred;
4285 	cred->security = tsp;
4286 
4287 	/* initialize the smack_known_list */
4288 	init_smack_known_list();
4289 
4290 	/*
4291 	 * Register with LSM
4292 	 */
4293 	if (register_security(&smack_ops))
4294 		panic("smack: Unable to register with kernel.\n");
4295 
4296 	return 0;
4297 }
4298 
4299 /*
4300  * Smack requires early initialization in order to label
4301  * all processes and objects when they are created.
4302  */
4303 security_initcall(smack_init);
4304