xref: /openbmc/linux/security/smack/smack_lsm.c (revision d2999e1b)
1 /*
2  *  Simplified MAC Kernel (smack) security module
3  *
4  *  This file contains the smack hook function implementations.
5  *
6  *  Authors:
7  *	Casey Schaufler <casey@schaufler-ca.com>
8  *	Jarkko Sakkinen <jarkko.sakkinen@intel.com>
9  *
10  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
11  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
12  *                Paul Moore <paul@paul-moore.com>
13  *  Copyright (C) 2010 Nokia Corporation
14  *  Copyright (C) 2011 Intel Corporation.
15  *
16  *	This program is free software; you can redistribute it and/or modify
17  *	it under the terms of the GNU General Public License version 2,
18  *      as published by the Free Software Foundation.
19  */
20 
21 #include <linux/xattr.h>
22 #include <linux/pagemap.h>
23 #include <linux/mount.h>
24 #include <linux/stat.h>
25 #include <linux/kd.h>
26 #include <asm/ioctls.h>
27 #include <linux/ip.h>
28 #include <linux/tcp.h>
29 #include <linux/udp.h>
30 #include <linux/dccp.h>
31 #include <linux/slab.h>
32 #include <linux/mutex.h>
33 #include <linux/pipe_fs_i.h>
34 #include <net/cipso_ipv4.h>
35 #include <net/ip.h>
36 #include <net/ipv6.h>
37 #include <linux/audit.h>
38 #include <linux/magic.h>
39 #include <linux/dcache.h>
40 #include <linux/personality.h>
41 #include <linux/msg.h>
42 #include <linux/shm.h>
43 #include <linux/binfmts.h>
44 #include "smack.h"
45 
46 #define task_security(task)	(task_cred_xxx((task), security))
47 
48 #define TRANS_TRUE	"TRUE"
49 #define TRANS_TRUE_SIZE	4
50 
51 #define SMK_CONNECTING	0
52 #define SMK_RECEIVING	1
53 #define SMK_SENDING	2
54 
55 LIST_HEAD(smk_ipv6_port_list);
56 
57 /**
58  * smk_fetch - Fetch the smack label from a file.
59  * @ip: a pointer to the inode
60  * @dp: a pointer to the dentry
61  *
62  * Returns a pointer to the master list entry for the Smack label
63  * or NULL if there was no label to fetch.
64  */
65 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
66 					struct dentry *dp)
67 {
68 	int rc;
69 	char *buffer;
70 	struct smack_known *skp = NULL;
71 
72 	if (ip->i_op->getxattr == NULL)
73 		return NULL;
74 
75 	buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
76 	if (buffer == NULL)
77 		return NULL;
78 
79 	rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
80 	if (rc > 0)
81 		skp = smk_import_entry(buffer, rc);
82 
83 	kfree(buffer);
84 
85 	return skp;
86 }
87 
88 /**
89  * new_inode_smack - allocate an inode security blob
90  * @smack: a pointer to the Smack label to use in the blob
91  *
92  * Returns the new blob or NULL if there's no memory available
93  */
94 struct inode_smack *new_inode_smack(char *smack)
95 {
96 	struct inode_smack *isp;
97 
98 	isp = kzalloc(sizeof(struct inode_smack), GFP_NOFS);
99 	if (isp == NULL)
100 		return NULL;
101 
102 	isp->smk_inode = smack;
103 	isp->smk_flags = 0;
104 	mutex_init(&isp->smk_lock);
105 
106 	return isp;
107 }
108 
109 /**
110  * new_task_smack - allocate a task security blob
111  * @smack: a pointer to the Smack label to use in the blob
112  *
113  * Returns the new blob or NULL if there's no memory available
114  */
115 static struct task_smack *new_task_smack(struct smack_known *task,
116 					struct smack_known *forked, gfp_t gfp)
117 {
118 	struct task_smack *tsp;
119 
120 	tsp = kzalloc(sizeof(struct task_smack), gfp);
121 	if (tsp == NULL)
122 		return NULL;
123 
124 	tsp->smk_task = task;
125 	tsp->smk_forked = forked;
126 	INIT_LIST_HEAD(&tsp->smk_rules);
127 	mutex_init(&tsp->smk_rules_lock);
128 
129 	return tsp;
130 }
131 
132 /**
133  * smk_copy_rules - copy a rule set
134  * @nhead - new rules header pointer
135  * @ohead - old rules header pointer
136  *
137  * Returns 0 on success, -ENOMEM on error
138  */
139 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
140 				gfp_t gfp)
141 {
142 	struct smack_rule *nrp;
143 	struct smack_rule *orp;
144 	int rc = 0;
145 
146 	INIT_LIST_HEAD(nhead);
147 
148 	list_for_each_entry_rcu(orp, ohead, list) {
149 		nrp = kzalloc(sizeof(struct smack_rule), gfp);
150 		if (nrp == NULL) {
151 			rc = -ENOMEM;
152 			break;
153 		}
154 		*nrp = *orp;
155 		list_add_rcu(&nrp->list, nhead);
156 	}
157 	return rc;
158 }
159 
160 /**
161  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
162  * @mode - input mode in form of PTRACE_MODE_*
163  *
164  * Returns a converted MAY_* mode usable by smack rules
165  */
166 static inline unsigned int smk_ptrace_mode(unsigned int mode)
167 {
168 	switch (mode) {
169 	case PTRACE_MODE_READ:
170 		return MAY_READ;
171 	case PTRACE_MODE_ATTACH:
172 		return MAY_READWRITE;
173 	}
174 
175 	return 0;
176 }
177 
178 /**
179  * smk_ptrace_rule_check - helper for ptrace access
180  * @tracer: tracer process
181  * @tracee_label: label of the process that's about to be traced,
182  *                the pointer must originate from smack structures
183  * @mode: ptrace attachment mode (PTRACE_MODE_*)
184  * @func: name of the function that called us, used for audit
185  *
186  * Returns 0 on access granted, -error on error
187  */
188 static int smk_ptrace_rule_check(struct task_struct *tracer, char *tracee_label,
189 				 unsigned int mode, const char *func)
190 {
191 	int rc;
192 	struct smk_audit_info ad, *saip = NULL;
193 	struct task_smack *tsp;
194 	struct smack_known *skp;
195 
196 	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
197 		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
198 		smk_ad_setfield_u_tsk(&ad, tracer);
199 		saip = &ad;
200 	}
201 
202 	tsp = task_security(tracer);
203 	skp = smk_of_task(tsp);
204 
205 	if ((mode & PTRACE_MODE_ATTACH) &&
206 	    (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
207 	     smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
208 		if (skp->smk_known == tracee_label)
209 			rc = 0;
210 		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
211 			rc = -EACCES;
212 		else if (capable(CAP_SYS_PTRACE))
213 			rc = 0;
214 		else
215 			rc = -EACCES;
216 
217 		if (saip)
218 			smack_log(skp->smk_known, tracee_label, 0, rc, saip);
219 
220 		return rc;
221 	}
222 
223 	/* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
224 	rc = smk_tskacc(tsp, tracee_label, smk_ptrace_mode(mode), saip);
225 	return rc;
226 }
227 
228 /*
229  * LSM hooks.
230  * We he, that is fun!
231  */
232 
233 /**
234  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
235  * @ctp: child task pointer
236  * @mode: ptrace attachment mode (PTRACE_MODE_*)
237  *
238  * Returns 0 if access is OK, an error code otherwise
239  *
240  * Do the capability checks.
241  */
242 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
243 {
244 	int rc;
245 	struct smack_known *skp;
246 
247 	rc = cap_ptrace_access_check(ctp, mode);
248 	if (rc != 0)
249 		return rc;
250 
251 	skp = smk_of_task(task_security(ctp));
252 
253 	rc = smk_ptrace_rule_check(current, skp->smk_known, mode, __func__);
254 	return rc;
255 }
256 
257 /**
258  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
259  * @ptp: parent task pointer
260  *
261  * Returns 0 if access is OK, an error code otherwise
262  *
263  * Do the capability checks, and require PTRACE_MODE_ATTACH.
264  */
265 static int smack_ptrace_traceme(struct task_struct *ptp)
266 {
267 	int rc;
268 	struct smack_known *skp;
269 
270 	rc = cap_ptrace_traceme(ptp);
271 	if (rc != 0)
272 		return rc;
273 
274 	skp = smk_of_task(current_security());
275 
276 	rc = smk_ptrace_rule_check(ptp, skp->smk_known,
277 				   PTRACE_MODE_ATTACH, __func__);
278 	return rc;
279 }
280 
281 /**
282  * smack_syslog - Smack approval on syslog
283  * @type: message type
284  *
285  * Returns 0 on success, error code otherwise.
286  */
287 static int smack_syslog(int typefrom_file)
288 {
289 	int rc = 0;
290 	struct smack_known *skp = smk_of_current();
291 
292 	if (smack_privileged(CAP_MAC_OVERRIDE))
293 		return 0;
294 
295 	if (smack_syslog_label != NULL && smack_syslog_label != skp)
296 		rc = -EACCES;
297 
298 	return rc;
299 }
300 
301 
302 /*
303  * Superblock Hooks.
304  */
305 
306 /**
307  * smack_sb_alloc_security - allocate a superblock blob
308  * @sb: the superblock getting the blob
309  *
310  * Returns 0 on success or -ENOMEM on error.
311  */
312 static int smack_sb_alloc_security(struct super_block *sb)
313 {
314 	struct superblock_smack *sbsp;
315 
316 	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
317 
318 	if (sbsp == NULL)
319 		return -ENOMEM;
320 
321 	sbsp->smk_root = smack_known_floor.smk_known;
322 	sbsp->smk_default = smack_known_floor.smk_known;
323 	sbsp->smk_floor = smack_known_floor.smk_known;
324 	sbsp->smk_hat = smack_known_hat.smk_known;
325 	/*
326 	 * smk_initialized will be zero from kzalloc.
327 	 */
328 	sb->s_security = sbsp;
329 
330 	return 0;
331 }
332 
333 /**
334  * smack_sb_free_security - free a superblock blob
335  * @sb: the superblock getting the blob
336  *
337  */
338 static void smack_sb_free_security(struct super_block *sb)
339 {
340 	kfree(sb->s_security);
341 	sb->s_security = NULL;
342 }
343 
344 /**
345  * smack_sb_copy_data - copy mount options data for processing
346  * @orig: where to start
347  * @smackopts: mount options string
348  *
349  * Returns 0 on success or -ENOMEM on error.
350  *
351  * Copy the Smack specific mount options out of the mount
352  * options list.
353  */
354 static int smack_sb_copy_data(char *orig, char *smackopts)
355 {
356 	char *cp, *commap, *otheropts, *dp;
357 
358 	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
359 	if (otheropts == NULL)
360 		return -ENOMEM;
361 
362 	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
363 		if (strstr(cp, SMK_FSDEFAULT) == cp)
364 			dp = smackopts;
365 		else if (strstr(cp, SMK_FSFLOOR) == cp)
366 			dp = smackopts;
367 		else if (strstr(cp, SMK_FSHAT) == cp)
368 			dp = smackopts;
369 		else if (strstr(cp, SMK_FSROOT) == cp)
370 			dp = smackopts;
371 		else if (strstr(cp, SMK_FSTRANS) == cp)
372 			dp = smackopts;
373 		else
374 			dp = otheropts;
375 
376 		commap = strchr(cp, ',');
377 		if (commap != NULL)
378 			*commap = '\0';
379 
380 		if (*dp != '\0')
381 			strcat(dp, ",");
382 		strcat(dp, cp);
383 	}
384 
385 	strcpy(orig, otheropts);
386 	free_page((unsigned long)otheropts);
387 
388 	return 0;
389 }
390 
391 /**
392  * smack_sb_kern_mount - Smack specific mount processing
393  * @sb: the file system superblock
394  * @flags: the mount flags
395  * @data: the smack mount options
396  *
397  * Returns 0 on success, an error code on failure
398  */
399 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
400 {
401 	struct dentry *root = sb->s_root;
402 	struct inode *inode = root->d_inode;
403 	struct superblock_smack *sp = sb->s_security;
404 	struct inode_smack *isp;
405 	struct smack_known *skp;
406 	char *op;
407 	char *commap;
408 	char *nsp;
409 	int transmute = 0;
410 	int specified = 0;
411 
412 	if (sp->smk_initialized)
413 		return 0;
414 
415 	sp->smk_initialized = 1;
416 
417 	for (op = data; op != NULL; op = commap) {
418 		commap = strchr(op, ',');
419 		if (commap != NULL)
420 			*commap++ = '\0';
421 
422 		if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
423 			op += strlen(SMK_FSHAT);
424 			nsp = smk_import(op, 0);
425 			if (nsp != NULL) {
426 				sp->smk_hat = nsp;
427 				specified = 1;
428 			}
429 		} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
430 			op += strlen(SMK_FSFLOOR);
431 			nsp = smk_import(op, 0);
432 			if (nsp != NULL) {
433 				sp->smk_floor = nsp;
434 				specified = 1;
435 			}
436 		} else if (strncmp(op, SMK_FSDEFAULT,
437 				   strlen(SMK_FSDEFAULT)) == 0) {
438 			op += strlen(SMK_FSDEFAULT);
439 			nsp = smk_import(op, 0);
440 			if (nsp != NULL) {
441 				sp->smk_default = nsp;
442 				specified = 1;
443 			}
444 		} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
445 			op += strlen(SMK_FSROOT);
446 			nsp = smk_import(op, 0);
447 			if (nsp != NULL) {
448 				sp->smk_root = nsp;
449 				specified = 1;
450 			}
451 		} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
452 			op += strlen(SMK_FSTRANS);
453 			nsp = smk_import(op, 0);
454 			if (nsp != NULL) {
455 				sp->smk_root = nsp;
456 				transmute = 1;
457 				specified = 1;
458 			}
459 		}
460 	}
461 
462 	if (!smack_privileged(CAP_MAC_ADMIN)) {
463 		/*
464 		 * Unprivileged mounts don't get to specify Smack values.
465 		 */
466 		if (specified)
467 			return -EPERM;
468 		/*
469 		 * Unprivileged mounts get root and default from the caller.
470 		 */
471 		skp = smk_of_current();
472 		sp->smk_root = skp->smk_known;
473 		sp->smk_default = skp->smk_known;
474 	}
475 	/*
476 	 * Initialize the root inode.
477 	 */
478 	isp = inode->i_security;
479 	if (isp == NULL) {
480 		isp = new_inode_smack(sp->smk_root);
481 		if (isp == NULL)
482 			return -ENOMEM;
483 		inode->i_security = isp;
484 	} else
485 		isp->smk_inode = sp->smk_root;
486 
487 	if (transmute)
488 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
489 
490 	return 0;
491 }
492 
493 /**
494  * smack_sb_statfs - Smack check on statfs
495  * @dentry: identifies the file system in question
496  *
497  * Returns 0 if current can read the floor of the filesystem,
498  * and error code otherwise
499  */
500 static int smack_sb_statfs(struct dentry *dentry)
501 {
502 	struct superblock_smack *sbp = dentry->d_sb->s_security;
503 	int rc;
504 	struct smk_audit_info ad;
505 
506 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
507 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
508 
509 	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
510 	return rc;
511 }
512 
513 /*
514  * BPRM hooks
515  */
516 
517 /**
518  * smack_bprm_set_creds - set creds for exec
519  * @bprm: the exec information
520  *
521  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
522  */
523 static int smack_bprm_set_creds(struct linux_binprm *bprm)
524 {
525 	struct inode *inode = file_inode(bprm->file);
526 	struct task_smack *bsp = bprm->cred->security;
527 	struct inode_smack *isp;
528 	int rc;
529 
530 	rc = cap_bprm_set_creds(bprm);
531 	if (rc != 0)
532 		return rc;
533 
534 	if (bprm->cred_prepared)
535 		return 0;
536 
537 	isp = inode->i_security;
538 	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
539 		return 0;
540 
541 	if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
542 		struct task_struct *tracer;
543 		rc = 0;
544 
545 		rcu_read_lock();
546 		tracer = ptrace_parent(current);
547 		if (likely(tracer != NULL))
548 			rc = smk_ptrace_rule_check(tracer,
549 						   isp->smk_task->smk_known,
550 						   PTRACE_MODE_ATTACH,
551 						   __func__);
552 		rcu_read_unlock();
553 
554 		if (rc != 0)
555 			return rc;
556 	} else if (bprm->unsafe)
557 		return -EPERM;
558 
559 	bsp->smk_task = isp->smk_task;
560 	bprm->per_clear |= PER_CLEAR_ON_SETID;
561 
562 	return 0;
563 }
564 
565 /**
566  * smack_bprm_committing_creds - Prepare to install the new credentials
567  * from bprm.
568  *
569  * @bprm: binprm for exec
570  */
571 static void smack_bprm_committing_creds(struct linux_binprm *bprm)
572 {
573 	struct task_smack *bsp = bprm->cred->security;
574 
575 	if (bsp->smk_task != bsp->smk_forked)
576 		current->pdeath_signal = 0;
577 }
578 
579 /**
580  * smack_bprm_secureexec - Return the decision to use secureexec.
581  * @bprm: binprm for exec
582  *
583  * Returns 0 on success.
584  */
585 static int smack_bprm_secureexec(struct linux_binprm *bprm)
586 {
587 	struct task_smack *tsp = current_security();
588 	int ret = cap_bprm_secureexec(bprm);
589 
590 	if (!ret && (tsp->smk_task != tsp->smk_forked))
591 		ret = 1;
592 
593 	return ret;
594 }
595 
596 /*
597  * Inode hooks
598  */
599 
600 /**
601  * smack_inode_alloc_security - allocate an inode blob
602  * @inode: the inode in need of a blob
603  *
604  * Returns 0 if it gets a blob, -ENOMEM otherwise
605  */
606 static int smack_inode_alloc_security(struct inode *inode)
607 {
608 	struct smack_known *skp = smk_of_current();
609 
610 	inode->i_security = new_inode_smack(skp->smk_known);
611 	if (inode->i_security == NULL)
612 		return -ENOMEM;
613 	return 0;
614 }
615 
616 /**
617  * smack_inode_free_security - free an inode blob
618  * @inode: the inode with a blob
619  *
620  * Clears the blob pointer in inode
621  */
622 static void smack_inode_free_security(struct inode *inode)
623 {
624 	kfree(inode->i_security);
625 	inode->i_security = NULL;
626 }
627 
628 /**
629  * smack_inode_init_security - copy out the smack from an inode
630  * @inode: the inode
631  * @dir: unused
632  * @qstr: unused
633  * @name: where to put the attribute name
634  * @value: where to put the attribute value
635  * @len: where to put the length of the attribute
636  *
637  * Returns 0 if it all works out, -ENOMEM if there's no memory
638  */
639 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
640 				     const struct qstr *qstr, const char **name,
641 				     void **value, size_t *len)
642 {
643 	struct inode_smack *issp = inode->i_security;
644 	struct smack_known *skp = smk_of_current();
645 	char *isp = smk_of_inode(inode);
646 	char *dsp = smk_of_inode(dir);
647 	int may;
648 
649 	if (name)
650 		*name = XATTR_SMACK_SUFFIX;
651 
652 	if (value) {
653 		rcu_read_lock();
654 		may = smk_access_entry(skp->smk_known, dsp, &skp->smk_rules);
655 		rcu_read_unlock();
656 
657 		/*
658 		 * If the access rule allows transmutation and
659 		 * the directory requests transmutation then
660 		 * by all means transmute.
661 		 * Mark the inode as changed.
662 		 */
663 		if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
664 		    smk_inode_transmutable(dir)) {
665 			isp = dsp;
666 			issp->smk_flags |= SMK_INODE_CHANGED;
667 		}
668 
669 		*value = kstrdup(isp, GFP_NOFS);
670 		if (*value == NULL)
671 			return -ENOMEM;
672 	}
673 
674 	if (len)
675 		*len = strlen(isp) + 1;
676 
677 	return 0;
678 }
679 
680 /**
681  * smack_inode_link - Smack check on link
682  * @old_dentry: the existing object
683  * @dir: unused
684  * @new_dentry: the new object
685  *
686  * Returns 0 if access is permitted, an error code otherwise
687  */
688 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
689 			    struct dentry *new_dentry)
690 {
691 	char *isp;
692 	struct smk_audit_info ad;
693 	int rc;
694 
695 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
696 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
697 
698 	isp = smk_of_inode(old_dentry->d_inode);
699 	rc = smk_curacc(isp, MAY_WRITE, &ad);
700 
701 	if (rc == 0 && new_dentry->d_inode != NULL) {
702 		isp = smk_of_inode(new_dentry->d_inode);
703 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
704 		rc = smk_curacc(isp, MAY_WRITE, &ad);
705 	}
706 
707 	return rc;
708 }
709 
710 /**
711  * smack_inode_unlink - Smack check on inode deletion
712  * @dir: containing directory object
713  * @dentry: file to unlink
714  *
715  * Returns 0 if current can write the containing directory
716  * and the object, error code otherwise
717  */
718 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
719 {
720 	struct inode *ip = dentry->d_inode;
721 	struct smk_audit_info ad;
722 	int rc;
723 
724 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
725 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
726 
727 	/*
728 	 * You need write access to the thing you're unlinking
729 	 */
730 	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
731 	if (rc == 0) {
732 		/*
733 		 * You also need write access to the containing directory
734 		 */
735 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
736 		smk_ad_setfield_u_fs_inode(&ad, dir);
737 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
738 	}
739 	return rc;
740 }
741 
742 /**
743  * smack_inode_rmdir - Smack check on directory deletion
744  * @dir: containing directory object
745  * @dentry: directory to unlink
746  *
747  * Returns 0 if current can write the containing directory
748  * and the directory, error code otherwise
749  */
750 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
751 {
752 	struct smk_audit_info ad;
753 	int rc;
754 
755 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
756 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
757 
758 	/*
759 	 * You need write access to the thing you're removing
760 	 */
761 	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
762 	if (rc == 0) {
763 		/*
764 		 * You also need write access to the containing directory
765 		 */
766 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
767 		smk_ad_setfield_u_fs_inode(&ad, dir);
768 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
769 	}
770 
771 	return rc;
772 }
773 
774 /**
775  * smack_inode_rename - Smack check on rename
776  * @old_inode: the old directory
777  * @old_dentry: unused
778  * @new_inode: the new directory
779  * @new_dentry: unused
780  *
781  * Read and write access is required on both the old and
782  * new directories.
783  *
784  * Returns 0 if access is permitted, an error code otherwise
785  */
786 static int smack_inode_rename(struct inode *old_inode,
787 			      struct dentry *old_dentry,
788 			      struct inode *new_inode,
789 			      struct dentry *new_dentry)
790 {
791 	int rc;
792 	char *isp;
793 	struct smk_audit_info ad;
794 
795 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
796 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
797 
798 	isp = smk_of_inode(old_dentry->d_inode);
799 	rc = smk_curacc(isp, MAY_READWRITE, &ad);
800 
801 	if (rc == 0 && new_dentry->d_inode != NULL) {
802 		isp = smk_of_inode(new_dentry->d_inode);
803 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
804 		rc = smk_curacc(isp, MAY_READWRITE, &ad);
805 	}
806 	return rc;
807 }
808 
809 /**
810  * smack_inode_permission - Smack version of permission()
811  * @inode: the inode in question
812  * @mask: the access requested
813  *
814  * This is the important Smack hook.
815  *
816  * Returns 0 if access is permitted, -EACCES otherwise
817  */
818 static int smack_inode_permission(struct inode *inode, int mask)
819 {
820 	struct smk_audit_info ad;
821 	int no_block = mask & MAY_NOT_BLOCK;
822 
823 	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
824 	/*
825 	 * No permission to check. Existence test. Yup, it's there.
826 	 */
827 	if (mask == 0)
828 		return 0;
829 
830 	/* May be droppable after audit */
831 	if (no_block)
832 		return -ECHILD;
833 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
834 	smk_ad_setfield_u_fs_inode(&ad, inode);
835 	return smk_curacc(smk_of_inode(inode), mask, &ad);
836 }
837 
838 /**
839  * smack_inode_setattr - Smack check for setting attributes
840  * @dentry: the object
841  * @iattr: for the force flag
842  *
843  * Returns 0 if access is permitted, an error code otherwise
844  */
845 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
846 {
847 	struct smk_audit_info ad;
848 	/*
849 	 * Need to allow for clearing the setuid bit.
850 	 */
851 	if (iattr->ia_valid & ATTR_FORCE)
852 		return 0;
853 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
854 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
855 
856 	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
857 }
858 
859 /**
860  * smack_inode_getattr - Smack check for getting attributes
861  * @mnt: unused
862  * @dentry: the object
863  *
864  * Returns 0 if access is permitted, an error code otherwise
865  */
866 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
867 {
868 	struct smk_audit_info ad;
869 	struct path path;
870 
871 	path.dentry = dentry;
872 	path.mnt = mnt;
873 
874 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
875 	smk_ad_setfield_u_fs_path(&ad, path);
876 	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
877 }
878 
879 /**
880  * smack_inode_setxattr - Smack check for setting xattrs
881  * @dentry: the object
882  * @name: name of the attribute
883  * @value: unused
884  * @size: unused
885  * @flags: unused
886  *
887  * This protects the Smack attribute explicitly.
888  *
889  * Returns 0 if access is permitted, an error code otherwise
890  */
891 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
892 				const void *value, size_t size, int flags)
893 {
894 	struct smk_audit_info ad;
895 	struct smack_known *skp;
896 	int check_priv = 0;
897 	int check_import = 0;
898 	int check_star = 0;
899 	int rc = 0;
900 
901 	/*
902 	 * Check label validity here so import won't fail in post_setxattr
903 	 */
904 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
905 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
906 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
907 		check_priv = 1;
908 		check_import = 1;
909 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
910 		   strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
911 		check_priv = 1;
912 		check_import = 1;
913 		check_star = 1;
914 	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
915 		check_priv = 1;
916 		if (size != TRANS_TRUE_SIZE ||
917 		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
918 			rc = -EINVAL;
919 	} else
920 		rc = cap_inode_setxattr(dentry, name, value, size, flags);
921 
922 	if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
923 		rc = -EPERM;
924 
925 	if (rc == 0 && check_import) {
926 		skp = smk_import_entry(value, size);
927 		if (skp == NULL || (check_star &&
928 		    (skp == &smack_known_star || skp == &smack_known_web)))
929 			rc = -EINVAL;
930 	}
931 
932 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
933 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
934 
935 	if (rc == 0)
936 		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
937 
938 	return rc;
939 }
940 
941 /**
942  * smack_inode_post_setxattr - Apply the Smack update approved above
943  * @dentry: object
944  * @name: attribute name
945  * @value: attribute value
946  * @size: attribute size
947  * @flags: unused
948  *
949  * Set the pointer in the inode blob to the entry found
950  * in the master label list.
951  */
952 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
953 				      const void *value, size_t size, int flags)
954 {
955 	struct smack_known *skp;
956 	struct inode_smack *isp = dentry->d_inode->i_security;
957 
958 	if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
959 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
960 		return;
961 	}
962 
963 	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
964 		skp = smk_import_entry(value, size);
965 		if (skp != NULL)
966 			isp->smk_inode = skp->smk_known;
967 		else
968 			isp->smk_inode = smack_known_invalid.smk_known;
969 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
970 		skp = smk_import_entry(value, size);
971 		if (skp != NULL)
972 			isp->smk_task = skp;
973 		else
974 			isp->smk_task = &smack_known_invalid;
975 	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
976 		skp = smk_import_entry(value, size);
977 		if (skp != NULL)
978 			isp->smk_mmap = skp;
979 		else
980 			isp->smk_mmap = &smack_known_invalid;
981 	}
982 
983 	return;
984 }
985 
986 /**
987  * smack_inode_getxattr - Smack check on getxattr
988  * @dentry: the object
989  * @name: unused
990  *
991  * Returns 0 if access is permitted, an error code otherwise
992  */
993 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
994 {
995 	struct smk_audit_info ad;
996 
997 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
998 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
999 
1000 	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1001 }
1002 
1003 /**
1004  * smack_inode_removexattr - Smack check on removexattr
1005  * @dentry: the object
1006  * @name: name of the attribute
1007  *
1008  * Removing the Smack attribute requires CAP_MAC_ADMIN
1009  *
1010  * Returns 0 if access is permitted, an error code otherwise
1011  */
1012 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1013 {
1014 	struct inode_smack *isp;
1015 	struct smk_audit_info ad;
1016 	int rc = 0;
1017 
1018 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1019 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1020 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1021 	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1022 	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1023 	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1024 		if (!smack_privileged(CAP_MAC_ADMIN))
1025 			rc = -EPERM;
1026 	} else
1027 		rc = cap_inode_removexattr(dentry, name);
1028 
1029 	if (rc != 0)
1030 		return rc;
1031 
1032 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1033 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1034 
1035 	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1036 	if (rc != 0)
1037 		return rc;
1038 
1039 	isp = dentry->d_inode->i_security;
1040 	/*
1041 	 * Don't do anything special for these.
1042 	 *	XATTR_NAME_SMACKIPIN
1043 	 *	XATTR_NAME_SMACKIPOUT
1044 	 *	XATTR_NAME_SMACKEXEC
1045 	 */
1046 	if (strcmp(name, XATTR_NAME_SMACK) == 0)
1047 		isp->smk_task = NULL;
1048 	else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1049 		isp->smk_mmap = NULL;
1050 	else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1051 		isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1052 
1053 	return 0;
1054 }
1055 
1056 /**
1057  * smack_inode_getsecurity - get smack xattrs
1058  * @inode: the object
1059  * @name: attribute name
1060  * @buffer: where to put the result
1061  * @alloc: unused
1062  *
1063  * Returns the size of the attribute or an error code
1064  */
1065 static int smack_inode_getsecurity(const struct inode *inode,
1066 				   const char *name, void **buffer,
1067 				   bool alloc)
1068 {
1069 	struct socket_smack *ssp;
1070 	struct socket *sock;
1071 	struct super_block *sbp;
1072 	struct inode *ip = (struct inode *)inode;
1073 	char *isp;
1074 	int ilen;
1075 	int rc = 0;
1076 
1077 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1078 		isp = smk_of_inode(inode);
1079 		ilen = strlen(isp) + 1;
1080 		*buffer = isp;
1081 		return ilen;
1082 	}
1083 
1084 	/*
1085 	 * The rest of the Smack xattrs are only on sockets.
1086 	 */
1087 	sbp = ip->i_sb;
1088 	if (sbp->s_magic != SOCKFS_MAGIC)
1089 		return -EOPNOTSUPP;
1090 
1091 	sock = SOCKET_I(ip);
1092 	if (sock == NULL || sock->sk == NULL)
1093 		return -EOPNOTSUPP;
1094 
1095 	ssp = sock->sk->sk_security;
1096 
1097 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1098 		isp = ssp->smk_in->smk_known;
1099 	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1100 		isp = ssp->smk_out->smk_known;
1101 	else
1102 		return -EOPNOTSUPP;
1103 
1104 	ilen = strlen(isp) + 1;
1105 	if (rc == 0) {
1106 		*buffer = isp;
1107 		rc = ilen;
1108 	}
1109 
1110 	return rc;
1111 }
1112 
1113 
1114 /**
1115  * smack_inode_listsecurity - list the Smack attributes
1116  * @inode: the object
1117  * @buffer: where they go
1118  * @buffer_size: size of buffer
1119  *
1120  * Returns 0 on success, -EINVAL otherwise
1121  */
1122 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1123 				    size_t buffer_size)
1124 {
1125 	int len = strlen(XATTR_NAME_SMACK);
1126 
1127 	if (buffer != NULL && len <= buffer_size) {
1128 		memcpy(buffer, XATTR_NAME_SMACK, len);
1129 		return len;
1130 	}
1131 	return -EINVAL;
1132 }
1133 
1134 /**
1135  * smack_inode_getsecid - Extract inode's security id
1136  * @inode: inode to extract the info from
1137  * @secid: where result will be saved
1138  */
1139 static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1140 {
1141 	struct inode_smack *isp = inode->i_security;
1142 
1143 	*secid = smack_to_secid(isp->smk_inode);
1144 }
1145 
1146 /*
1147  * File Hooks
1148  */
1149 
1150 /**
1151  * smack_file_permission - Smack check on file operations
1152  * @file: unused
1153  * @mask: unused
1154  *
1155  * Returns 0
1156  *
1157  * Should access checks be done on each read or write?
1158  * UNICOS and SELinux say yes.
1159  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1160  *
1161  * I'll say no for now. Smack does not do the frequent
1162  * label changing that SELinux does.
1163  */
1164 static int smack_file_permission(struct file *file, int mask)
1165 {
1166 	return 0;
1167 }
1168 
1169 /**
1170  * smack_file_alloc_security - assign a file security blob
1171  * @file: the object
1172  *
1173  * The security blob for a file is a pointer to the master
1174  * label list, so no allocation is done.
1175  *
1176  * Returns 0
1177  */
1178 static int smack_file_alloc_security(struct file *file)
1179 {
1180 	struct smack_known *skp = smk_of_current();
1181 
1182 	file->f_security = skp->smk_known;
1183 	return 0;
1184 }
1185 
1186 /**
1187  * smack_file_free_security - clear a file security blob
1188  * @file: the object
1189  *
1190  * The security blob for a file is a pointer to the master
1191  * label list, so no memory is freed.
1192  */
1193 static void smack_file_free_security(struct file *file)
1194 {
1195 	file->f_security = NULL;
1196 }
1197 
1198 /**
1199  * smack_file_ioctl - Smack check on ioctls
1200  * @file: the object
1201  * @cmd: what to do
1202  * @arg: unused
1203  *
1204  * Relies heavily on the correct use of the ioctl command conventions.
1205  *
1206  * Returns 0 if allowed, error code otherwise
1207  */
1208 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1209 			    unsigned long arg)
1210 {
1211 	int rc = 0;
1212 	struct smk_audit_info ad;
1213 
1214 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1215 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1216 
1217 	if (_IOC_DIR(cmd) & _IOC_WRITE)
1218 		rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1219 
1220 	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
1221 		rc = smk_curacc(file->f_security, MAY_READ, &ad);
1222 
1223 	return rc;
1224 }
1225 
1226 /**
1227  * smack_file_lock - Smack check on file locking
1228  * @file: the object
1229  * @cmd: unused
1230  *
1231  * Returns 0 if current has lock access, error code otherwise
1232  */
1233 static int smack_file_lock(struct file *file, unsigned int cmd)
1234 {
1235 	struct smk_audit_info ad;
1236 
1237 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1238 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1239 	return smk_curacc(file->f_security, MAY_LOCK, &ad);
1240 }
1241 
1242 /**
1243  * smack_file_fcntl - Smack check on fcntl
1244  * @file: the object
1245  * @cmd: what action to check
1246  * @arg: unused
1247  *
1248  * Generally these operations are harmless.
1249  * File locking operations present an obvious mechanism
1250  * for passing information, so they require write access.
1251  *
1252  * Returns 0 if current has access, error code otherwise
1253  */
1254 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1255 			    unsigned long arg)
1256 {
1257 	struct smk_audit_info ad;
1258 	int rc = 0;
1259 
1260 
1261 	switch (cmd) {
1262 	case F_GETLK:
1263 		break;
1264 	case F_SETLK:
1265 	case F_SETLKW:
1266 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1267 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1268 		rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1269 		break;
1270 	case F_SETOWN:
1271 	case F_SETSIG:
1272 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1273 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1274 		rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1275 		break;
1276 	default:
1277 		break;
1278 	}
1279 
1280 	return rc;
1281 }
1282 
1283 /**
1284  * smack_mmap_file :
1285  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1286  * if mapping anonymous memory.
1287  * @file contains the file structure for file to map (may be NULL).
1288  * @reqprot contains the protection requested by the application.
1289  * @prot contains the protection that will be applied by the kernel.
1290  * @flags contains the operational flags.
1291  * Return 0 if permission is granted.
1292  */
1293 static int smack_mmap_file(struct file *file,
1294 			   unsigned long reqprot, unsigned long prot,
1295 			   unsigned long flags)
1296 {
1297 	struct smack_known *skp;
1298 	struct smack_known *mkp;
1299 	struct smack_rule *srp;
1300 	struct task_smack *tsp;
1301 	char *osmack;
1302 	struct inode_smack *isp;
1303 	int may;
1304 	int mmay;
1305 	int tmay;
1306 	int rc;
1307 
1308 	if (file == NULL)
1309 		return 0;
1310 
1311 	isp = file_inode(file)->i_security;
1312 	if (isp->smk_mmap == NULL)
1313 		return 0;
1314 	mkp = isp->smk_mmap;
1315 
1316 	tsp = current_security();
1317 	skp = smk_of_current();
1318 	rc = 0;
1319 
1320 	rcu_read_lock();
1321 	/*
1322 	 * For each Smack rule associated with the subject
1323 	 * label verify that the SMACK64MMAP also has access
1324 	 * to that rule's object label.
1325 	 */
1326 	list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1327 		osmack = srp->smk_object;
1328 		/*
1329 		 * Matching labels always allows access.
1330 		 */
1331 		if (mkp->smk_known == osmack)
1332 			continue;
1333 		/*
1334 		 * If there is a matching local rule take
1335 		 * that into account as well.
1336 		 */
1337 		may = smk_access_entry(srp->smk_subject->smk_known, osmack,
1338 					&tsp->smk_rules);
1339 		if (may == -ENOENT)
1340 			may = srp->smk_access;
1341 		else
1342 			may &= srp->smk_access;
1343 		/*
1344 		 * If may is zero the SMACK64MMAP subject can't
1345 		 * possibly have less access.
1346 		 */
1347 		if (may == 0)
1348 			continue;
1349 
1350 		/*
1351 		 * Fetch the global list entry.
1352 		 * If there isn't one a SMACK64MMAP subject
1353 		 * can't have as much access as current.
1354 		 */
1355 		mmay = smk_access_entry(mkp->smk_known, osmack,
1356 						&mkp->smk_rules);
1357 		if (mmay == -ENOENT) {
1358 			rc = -EACCES;
1359 			break;
1360 		}
1361 		/*
1362 		 * If there is a local entry it modifies the
1363 		 * potential access, too.
1364 		 */
1365 		tmay = smk_access_entry(mkp->smk_known, osmack,
1366 						&tsp->smk_rules);
1367 		if (tmay != -ENOENT)
1368 			mmay &= tmay;
1369 
1370 		/*
1371 		 * If there is any access available to current that is
1372 		 * not available to a SMACK64MMAP subject
1373 		 * deny access.
1374 		 */
1375 		if ((may | mmay) != mmay) {
1376 			rc = -EACCES;
1377 			break;
1378 		}
1379 	}
1380 
1381 	rcu_read_unlock();
1382 
1383 	return rc;
1384 }
1385 
1386 /**
1387  * smack_file_set_fowner - set the file security blob value
1388  * @file: object in question
1389  *
1390  * Returns 0
1391  * Further research may be required on this one.
1392  */
1393 static int smack_file_set_fowner(struct file *file)
1394 {
1395 	struct smack_known *skp = smk_of_current();
1396 
1397 	file->f_security = skp->smk_known;
1398 	return 0;
1399 }
1400 
1401 /**
1402  * smack_file_send_sigiotask - Smack on sigio
1403  * @tsk: The target task
1404  * @fown: the object the signal come from
1405  * @signum: unused
1406  *
1407  * Allow a privileged task to get signals even if it shouldn't
1408  *
1409  * Returns 0 if a subject with the object's smack could
1410  * write to the task, an error code otherwise.
1411  */
1412 static int smack_file_send_sigiotask(struct task_struct *tsk,
1413 				     struct fown_struct *fown, int signum)
1414 {
1415 	struct smack_known *skp;
1416 	struct smack_known *tkp = smk_of_task(tsk->cred->security);
1417 	struct file *file;
1418 	int rc;
1419 	struct smk_audit_info ad;
1420 
1421 	/*
1422 	 * struct fown_struct is never outside the context of a struct file
1423 	 */
1424 	file = container_of(fown, struct file, f_owner);
1425 
1426 	/* we don't log here as rc can be overriden */
1427 	skp = smk_find_entry(file->f_security);
1428 	rc = smk_access(skp, tkp->smk_known, MAY_WRITE, NULL);
1429 	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1430 		rc = 0;
1431 
1432 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1433 	smk_ad_setfield_u_tsk(&ad, tsk);
1434 	smack_log(file->f_security, tkp->smk_known, MAY_WRITE, rc, &ad);
1435 	return rc;
1436 }
1437 
1438 /**
1439  * smack_file_receive - Smack file receive check
1440  * @file: the object
1441  *
1442  * Returns 0 if current has access, error code otherwise
1443  */
1444 static int smack_file_receive(struct file *file)
1445 {
1446 	int may = 0;
1447 	struct smk_audit_info ad;
1448 
1449 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1450 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1451 	/*
1452 	 * This code relies on bitmasks.
1453 	 */
1454 	if (file->f_mode & FMODE_READ)
1455 		may = MAY_READ;
1456 	if (file->f_mode & FMODE_WRITE)
1457 		may |= MAY_WRITE;
1458 
1459 	return smk_curacc(file->f_security, may, &ad);
1460 }
1461 
1462 /**
1463  * smack_file_open - Smack dentry open processing
1464  * @file: the object
1465  * @cred: task credential
1466  *
1467  * Set the security blob in the file structure.
1468  * Allow the open only if the task has read access. There are
1469  * many read operations (e.g. fstat) that you can do with an
1470  * fd even if you have the file open write-only.
1471  *
1472  * Returns 0
1473  */
1474 static int smack_file_open(struct file *file, const struct cred *cred)
1475 {
1476 	struct task_smack *tsp = cred->security;
1477 	struct inode_smack *isp = file_inode(file)->i_security;
1478 	struct smk_audit_info ad;
1479 	int rc;
1480 
1481 	if (smack_privileged(CAP_MAC_OVERRIDE))
1482 		return 0;
1483 
1484 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1485 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1486 	rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad);
1487 	if (rc == 0)
1488 		file->f_security = isp->smk_inode;
1489 
1490 	return rc;
1491 }
1492 
1493 /*
1494  * Task hooks
1495  */
1496 
1497 /**
1498  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1499  * @new: the new credentials
1500  * @gfp: the atomicity of any memory allocations
1501  *
1502  * Prepare a blank set of credentials for modification.  This must allocate all
1503  * the memory the LSM module might require such that cred_transfer() can
1504  * complete without error.
1505  */
1506 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1507 {
1508 	struct task_smack *tsp;
1509 
1510 	tsp = new_task_smack(NULL, NULL, gfp);
1511 	if (tsp == NULL)
1512 		return -ENOMEM;
1513 
1514 	cred->security = tsp;
1515 
1516 	return 0;
1517 }
1518 
1519 
1520 /**
1521  * smack_cred_free - "free" task-level security credentials
1522  * @cred: the credentials in question
1523  *
1524  */
1525 static void smack_cred_free(struct cred *cred)
1526 {
1527 	struct task_smack *tsp = cred->security;
1528 	struct smack_rule *rp;
1529 	struct list_head *l;
1530 	struct list_head *n;
1531 
1532 	if (tsp == NULL)
1533 		return;
1534 	cred->security = NULL;
1535 
1536 	list_for_each_safe(l, n, &tsp->smk_rules) {
1537 		rp = list_entry(l, struct smack_rule, list);
1538 		list_del(&rp->list);
1539 		kfree(rp);
1540 	}
1541 	kfree(tsp);
1542 }
1543 
1544 /**
1545  * smack_cred_prepare - prepare new set of credentials for modification
1546  * @new: the new credentials
1547  * @old: the original credentials
1548  * @gfp: the atomicity of any memory allocations
1549  *
1550  * Prepare a new set of credentials for modification.
1551  */
1552 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1553 			      gfp_t gfp)
1554 {
1555 	struct task_smack *old_tsp = old->security;
1556 	struct task_smack *new_tsp;
1557 	int rc;
1558 
1559 	new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1560 	if (new_tsp == NULL)
1561 		return -ENOMEM;
1562 
1563 	rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1564 	if (rc != 0)
1565 		return rc;
1566 
1567 	new->security = new_tsp;
1568 	return 0;
1569 }
1570 
1571 /**
1572  * smack_cred_transfer - Transfer the old credentials to the new credentials
1573  * @new: the new credentials
1574  * @old: the original credentials
1575  *
1576  * Fill in a set of blank credentials from another set of credentials.
1577  */
1578 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1579 {
1580 	struct task_smack *old_tsp = old->security;
1581 	struct task_smack *new_tsp = new->security;
1582 
1583 	new_tsp->smk_task = old_tsp->smk_task;
1584 	new_tsp->smk_forked = old_tsp->smk_task;
1585 	mutex_init(&new_tsp->smk_rules_lock);
1586 	INIT_LIST_HEAD(&new_tsp->smk_rules);
1587 
1588 
1589 	/* cbs copy rule list */
1590 }
1591 
1592 /**
1593  * smack_kernel_act_as - Set the subjective context in a set of credentials
1594  * @new: points to the set of credentials to be modified.
1595  * @secid: specifies the security ID to be set
1596  *
1597  * Set the security data for a kernel service.
1598  */
1599 static int smack_kernel_act_as(struct cred *new, u32 secid)
1600 {
1601 	struct task_smack *new_tsp = new->security;
1602 	struct smack_known *skp = smack_from_secid(secid);
1603 
1604 	if (skp == NULL)
1605 		return -EINVAL;
1606 
1607 	new_tsp->smk_task = skp;
1608 	return 0;
1609 }
1610 
1611 /**
1612  * smack_kernel_create_files_as - Set the file creation label in a set of creds
1613  * @new: points to the set of credentials to be modified
1614  * @inode: points to the inode to use as a reference
1615  *
1616  * Set the file creation context in a set of credentials to the same
1617  * as the objective context of the specified inode
1618  */
1619 static int smack_kernel_create_files_as(struct cred *new,
1620 					struct inode *inode)
1621 {
1622 	struct inode_smack *isp = inode->i_security;
1623 	struct task_smack *tsp = new->security;
1624 
1625 	tsp->smk_forked = smk_find_entry(isp->smk_inode);
1626 	tsp->smk_task = tsp->smk_forked;
1627 	return 0;
1628 }
1629 
1630 /**
1631  * smk_curacc_on_task - helper to log task related access
1632  * @p: the task object
1633  * @access: the access requested
1634  * @caller: name of the calling function for audit
1635  *
1636  * Return 0 if access is permitted
1637  */
1638 static int smk_curacc_on_task(struct task_struct *p, int access,
1639 				const char *caller)
1640 {
1641 	struct smk_audit_info ad;
1642 	struct smack_known *skp = smk_of_task(task_security(p));
1643 
1644 	smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1645 	smk_ad_setfield_u_tsk(&ad, p);
1646 	return smk_curacc(skp->smk_known, access, &ad);
1647 }
1648 
1649 /**
1650  * smack_task_setpgid - Smack check on setting pgid
1651  * @p: the task object
1652  * @pgid: unused
1653  *
1654  * Return 0 if write access is permitted
1655  */
1656 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1657 {
1658 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1659 }
1660 
1661 /**
1662  * smack_task_getpgid - Smack access check for getpgid
1663  * @p: the object task
1664  *
1665  * Returns 0 if current can read the object task, error code otherwise
1666  */
1667 static int smack_task_getpgid(struct task_struct *p)
1668 {
1669 	return smk_curacc_on_task(p, MAY_READ, __func__);
1670 }
1671 
1672 /**
1673  * smack_task_getsid - Smack access check for getsid
1674  * @p: the object task
1675  *
1676  * Returns 0 if current can read the object task, error code otherwise
1677  */
1678 static int smack_task_getsid(struct task_struct *p)
1679 {
1680 	return smk_curacc_on_task(p, MAY_READ, __func__);
1681 }
1682 
1683 /**
1684  * smack_task_getsecid - get the secid of the task
1685  * @p: the object task
1686  * @secid: where to put the result
1687  *
1688  * Sets the secid to contain a u32 version of the smack label.
1689  */
1690 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1691 {
1692 	struct smack_known *skp = smk_of_task(task_security(p));
1693 
1694 	*secid = skp->smk_secid;
1695 }
1696 
1697 /**
1698  * smack_task_setnice - Smack check on setting nice
1699  * @p: the task object
1700  * @nice: unused
1701  *
1702  * Return 0 if write access is permitted
1703  */
1704 static int smack_task_setnice(struct task_struct *p, int nice)
1705 {
1706 	int rc;
1707 
1708 	rc = cap_task_setnice(p, nice);
1709 	if (rc == 0)
1710 		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1711 	return rc;
1712 }
1713 
1714 /**
1715  * smack_task_setioprio - Smack check on setting ioprio
1716  * @p: the task object
1717  * @ioprio: unused
1718  *
1719  * Return 0 if write access is permitted
1720  */
1721 static int smack_task_setioprio(struct task_struct *p, int ioprio)
1722 {
1723 	int rc;
1724 
1725 	rc = cap_task_setioprio(p, ioprio);
1726 	if (rc == 0)
1727 		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1728 	return rc;
1729 }
1730 
1731 /**
1732  * smack_task_getioprio - Smack check on reading ioprio
1733  * @p: the task object
1734  *
1735  * Return 0 if read access is permitted
1736  */
1737 static int smack_task_getioprio(struct task_struct *p)
1738 {
1739 	return smk_curacc_on_task(p, MAY_READ, __func__);
1740 }
1741 
1742 /**
1743  * smack_task_setscheduler - Smack check on setting scheduler
1744  * @p: the task object
1745  * @policy: unused
1746  * @lp: unused
1747  *
1748  * Return 0 if read access is permitted
1749  */
1750 static int smack_task_setscheduler(struct task_struct *p)
1751 {
1752 	int rc;
1753 
1754 	rc = cap_task_setscheduler(p);
1755 	if (rc == 0)
1756 		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1757 	return rc;
1758 }
1759 
1760 /**
1761  * smack_task_getscheduler - Smack check on reading scheduler
1762  * @p: the task object
1763  *
1764  * Return 0 if read access is permitted
1765  */
1766 static int smack_task_getscheduler(struct task_struct *p)
1767 {
1768 	return smk_curacc_on_task(p, MAY_READ, __func__);
1769 }
1770 
1771 /**
1772  * smack_task_movememory - Smack check on moving memory
1773  * @p: the task object
1774  *
1775  * Return 0 if write access is permitted
1776  */
1777 static int smack_task_movememory(struct task_struct *p)
1778 {
1779 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1780 }
1781 
1782 /**
1783  * smack_task_kill - Smack check on signal delivery
1784  * @p: the task object
1785  * @info: unused
1786  * @sig: unused
1787  * @secid: identifies the smack to use in lieu of current's
1788  *
1789  * Return 0 if write access is permitted
1790  *
1791  * The secid behavior is an artifact of an SELinux hack
1792  * in the USB code. Someday it may go away.
1793  */
1794 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1795 			   int sig, u32 secid)
1796 {
1797 	struct smk_audit_info ad;
1798 	struct smack_known *skp;
1799 	struct smack_known *tkp = smk_of_task(task_security(p));
1800 
1801 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1802 	smk_ad_setfield_u_tsk(&ad, p);
1803 	/*
1804 	 * Sending a signal requires that the sender
1805 	 * can write the receiver.
1806 	 */
1807 	if (secid == 0)
1808 		return smk_curacc(tkp->smk_known, MAY_WRITE, &ad);
1809 	/*
1810 	 * If the secid isn't 0 we're dealing with some USB IO
1811 	 * specific behavior. This is not clean. For one thing
1812 	 * we can't take privilege into account.
1813 	 */
1814 	skp = smack_from_secid(secid);
1815 	return smk_access(skp, tkp->smk_known, MAY_WRITE, &ad);
1816 }
1817 
1818 /**
1819  * smack_task_wait - Smack access check for waiting
1820  * @p: task to wait for
1821  *
1822  * Returns 0
1823  */
1824 static int smack_task_wait(struct task_struct *p)
1825 {
1826 	/*
1827 	 * Allow the operation to succeed.
1828 	 * Zombies are bad.
1829 	 * In userless environments (e.g. phones) programs
1830 	 * get marked with SMACK64EXEC and even if the parent
1831 	 * and child shouldn't be talking the parent still
1832 	 * may expect to know when the child exits.
1833 	 */
1834 	return 0;
1835 }
1836 
1837 /**
1838  * smack_task_to_inode - copy task smack into the inode blob
1839  * @p: task to copy from
1840  * @inode: inode to copy to
1841  *
1842  * Sets the smack pointer in the inode security blob
1843  */
1844 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1845 {
1846 	struct inode_smack *isp = inode->i_security;
1847 	struct smack_known *skp = smk_of_task(task_security(p));
1848 
1849 	isp->smk_inode = skp->smk_known;
1850 }
1851 
1852 /*
1853  * Socket hooks.
1854  */
1855 
1856 /**
1857  * smack_sk_alloc_security - Allocate a socket blob
1858  * @sk: the socket
1859  * @family: unused
1860  * @gfp_flags: memory allocation flags
1861  *
1862  * Assign Smack pointers to current
1863  *
1864  * Returns 0 on success, -ENOMEM is there's no memory
1865  */
1866 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1867 {
1868 	struct smack_known *skp = smk_of_current();
1869 	struct socket_smack *ssp;
1870 
1871 	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
1872 	if (ssp == NULL)
1873 		return -ENOMEM;
1874 
1875 	ssp->smk_in = skp;
1876 	ssp->smk_out = skp;
1877 	ssp->smk_packet = NULL;
1878 
1879 	sk->sk_security = ssp;
1880 
1881 	return 0;
1882 }
1883 
1884 /**
1885  * smack_sk_free_security - Free a socket blob
1886  * @sk: the socket
1887  *
1888  * Clears the blob pointer
1889  */
1890 static void smack_sk_free_security(struct sock *sk)
1891 {
1892 	kfree(sk->sk_security);
1893 }
1894 
1895 /**
1896 * smack_host_label - check host based restrictions
1897 * @sip: the object end
1898 *
1899 * looks for host based access restrictions
1900 *
1901 * This version will only be appropriate for really small sets of single label
1902 * hosts.  The caller is responsible for ensuring that the RCU read lock is
1903 * taken before calling this function.
1904 *
1905 * Returns the label of the far end or NULL if it's not special.
1906 */
1907 static char *smack_host_label(struct sockaddr_in *sip)
1908 {
1909 	struct smk_netlbladdr *snp;
1910 	struct in_addr *siap = &sip->sin_addr;
1911 
1912 	if (siap->s_addr == 0)
1913 		return NULL;
1914 
1915 	list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
1916 		/*
1917 		* we break after finding the first match because
1918 		* the list is sorted from longest to shortest mask
1919 		* so we have found the most specific match
1920 		*/
1921 		if ((&snp->smk_host.sin_addr)->s_addr ==
1922 		    (siap->s_addr & (&snp->smk_mask)->s_addr)) {
1923 			/* we have found the special CIPSO option */
1924 			if (snp->smk_label == smack_cipso_option)
1925 				return NULL;
1926 			return snp->smk_label;
1927 		}
1928 
1929 	return NULL;
1930 }
1931 
1932 /**
1933  * smack_netlabel - Set the secattr on a socket
1934  * @sk: the socket
1935  * @labeled: socket label scheme
1936  *
1937  * Convert the outbound smack value (smk_out) to a
1938  * secattr and attach it to the socket.
1939  *
1940  * Returns 0 on success or an error code
1941  */
1942 static int smack_netlabel(struct sock *sk, int labeled)
1943 {
1944 	struct smack_known *skp;
1945 	struct socket_smack *ssp = sk->sk_security;
1946 	int rc = 0;
1947 
1948 	/*
1949 	 * Usually the netlabel code will handle changing the
1950 	 * packet labeling based on the label.
1951 	 * The case of a single label host is different, because
1952 	 * a single label host should never get a labeled packet
1953 	 * even though the label is usually associated with a packet
1954 	 * label.
1955 	 */
1956 	local_bh_disable();
1957 	bh_lock_sock_nested(sk);
1958 
1959 	if (ssp->smk_out == smack_net_ambient ||
1960 	    labeled == SMACK_UNLABELED_SOCKET)
1961 		netlbl_sock_delattr(sk);
1962 	else {
1963 		skp = ssp->smk_out;
1964 		rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
1965 	}
1966 
1967 	bh_unlock_sock(sk);
1968 	local_bh_enable();
1969 
1970 	return rc;
1971 }
1972 
1973 /**
1974  * smack_netlbel_send - Set the secattr on a socket and perform access checks
1975  * @sk: the socket
1976  * @sap: the destination address
1977  *
1978  * Set the correct secattr for the given socket based on the destination
1979  * address and perform any outbound access checks needed.
1980  *
1981  * Returns 0 on success or an error code.
1982  *
1983  */
1984 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
1985 {
1986 	struct smack_known *skp;
1987 	int rc;
1988 	int sk_lbl;
1989 	char *hostsp;
1990 	struct socket_smack *ssp = sk->sk_security;
1991 	struct smk_audit_info ad;
1992 
1993 	rcu_read_lock();
1994 	hostsp = smack_host_label(sap);
1995 	if (hostsp != NULL) {
1996 #ifdef CONFIG_AUDIT
1997 		struct lsm_network_audit net;
1998 
1999 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2000 		ad.a.u.net->family = sap->sin_family;
2001 		ad.a.u.net->dport = sap->sin_port;
2002 		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2003 #endif
2004 		sk_lbl = SMACK_UNLABELED_SOCKET;
2005 		skp = ssp->smk_out;
2006 		rc = smk_access(skp, hostsp, MAY_WRITE, &ad);
2007 	} else {
2008 		sk_lbl = SMACK_CIPSO_SOCKET;
2009 		rc = 0;
2010 	}
2011 	rcu_read_unlock();
2012 	if (rc != 0)
2013 		return rc;
2014 
2015 	return smack_netlabel(sk, sk_lbl);
2016 }
2017 
2018 /**
2019  * smk_ipv6_port_label - Smack port access table management
2020  * @sock: socket
2021  * @address: address
2022  *
2023  * Create or update the port list entry
2024  */
2025 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2026 {
2027 	struct sock *sk = sock->sk;
2028 	struct sockaddr_in6 *addr6;
2029 	struct socket_smack *ssp = sock->sk->sk_security;
2030 	struct smk_port_label *spp;
2031 	unsigned short port = 0;
2032 
2033 	if (address == NULL) {
2034 		/*
2035 		 * This operation is changing the Smack information
2036 		 * on the bound socket. Take the changes to the port
2037 		 * as well.
2038 		 */
2039 		list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2040 			if (sk != spp->smk_sock)
2041 				continue;
2042 			spp->smk_in = ssp->smk_in;
2043 			spp->smk_out = ssp->smk_out;
2044 			return;
2045 		}
2046 		/*
2047 		 * A NULL address is only used for updating existing
2048 		 * bound entries. If there isn't one, it's OK.
2049 		 */
2050 		return;
2051 	}
2052 
2053 	addr6 = (struct sockaddr_in6 *)address;
2054 	port = ntohs(addr6->sin6_port);
2055 	/*
2056 	 * This is a special case that is safely ignored.
2057 	 */
2058 	if (port == 0)
2059 		return;
2060 
2061 	/*
2062 	 * Look for an existing port list entry.
2063 	 * This is an indication that a port is getting reused.
2064 	 */
2065 	list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2066 		if (spp->smk_port != port)
2067 			continue;
2068 		spp->smk_port = port;
2069 		spp->smk_sock = sk;
2070 		spp->smk_in = ssp->smk_in;
2071 		spp->smk_out = ssp->smk_out;
2072 		return;
2073 	}
2074 
2075 	/*
2076 	 * A new port entry is required.
2077 	 */
2078 	spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2079 	if (spp == NULL)
2080 		return;
2081 
2082 	spp->smk_port = port;
2083 	spp->smk_sock = sk;
2084 	spp->smk_in = ssp->smk_in;
2085 	spp->smk_out = ssp->smk_out;
2086 
2087 	list_add(&spp->list, &smk_ipv6_port_list);
2088 	return;
2089 }
2090 
2091 /**
2092  * smk_ipv6_port_check - check Smack port access
2093  * @sock: socket
2094  * @address: address
2095  *
2096  * Create or update the port list entry
2097  */
2098 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2099 				int act)
2100 {
2101 	__be16 *bep;
2102 	__be32 *be32p;
2103 	struct smk_port_label *spp;
2104 	struct socket_smack *ssp = sk->sk_security;
2105 	struct smack_known *skp;
2106 	unsigned short port = 0;
2107 	char *object;
2108 	struct smk_audit_info ad;
2109 #ifdef CONFIG_AUDIT
2110 	struct lsm_network_audit net;
2111 #endif
2112 
2113 	if (act == SMK_RECEIVING) {
2114 		skp = smack_net_ambient;
2115 		object = ssp->smk_in->smk_known;
2116 	} else {
2117 		skp = ssp->smk_out;
2118 		object = smack_net_ambient->smk_known;
2119 	}
2120 
2121 	/*
2122 	 * Get the IP address and port from the address.
2123 	 */
2124 	port = ntohs(address->sin6_port);
2125 	bep = (__be16 *)(&address->sin6_addr);
2126 	be32p = (__be32 *)(&address->sin6_addr);
2127 
2128 	/*
2129 	 * It's remote, so port lookup does no good.
2130 	 */
2131 	if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1)
2132 		goto auditout;
2133 
2134 	/*
2135 	 * It's local so the send check has to have passed.
2136 	 */
2137 	if (act == SMK_RECEIVING) {
2138 		skp = &smack_known_web;
2139 		goto auditout;
2140 	}
2141 
2142 	list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2143 		if (spp->smk_port != port)
2144 			continue;
2145 		object = spp->smk_in->smk_known;
2146 		if (act == SMK_CONNECTING)
2147 			ssp->smk_packet = spp->smk_out;
2148 		break;
2149 	}
2150 
2151 auditout:
2152 
2153 #ifdef CONFIG_AUDIT
2154 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2155 	ad.a.u.net->family = sk->sk_family;
2156 	ad.a.u.net->dport = port;
2157 	if (act == SMK_RECEIVING)
2158 		ad.a.u.net->v6info.saddr = address->sin6_addr;
2159 	else
2160 		ad.a.u.net->v6info.daddr = address->sin6_addr;
2161 #endif
2162 	return smk_access(skp, object, MAY_WRITE, &ad);
2163 }
2164 
2165 /**
2166  * smack_inode_setsecurity - set smack xattrs
2167  * @inode: the object
2168  * @name: attribute name
2169  * @value: attribute value
2170  * @size: size of the attribute
2171  * @flags: unused
2172  *
2173  * Sets the named attribute in the appropriate blob
2174  *
2175  * Returns 0 on success, or an error code
2176  */
2177 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2178 				   const void *value, size_t size, int flags)
2179 {
2180 	struct smack_known *skp;
2181 	struct inode_smack *nsp = inode->i_security;
2182 	struct socket_smack *ssp;
2183 	struct socket *sock;
2184 	int rc = 0;
2185 
2186 	if (value == NULL || size > SMK_LONGLABEL || size == 0)
2187 		return -EINVAL;
2188 
2189 	skp = smk_import_entry(value, size);
2190 	if (skp == NULL)
2191 		return -EINVAL;
2192 
2193 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2194 		nsp->smk_inode = skp->smk_known;
2195 		nsp->smk_flags |= SMK_INODE_INSTANT;
2196 		return 0;
2197 	}
2198 	/*
2199 	 * The rest of the Smack xattrs are only on sockets.
2200 	 */
2201 	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2202 		return -EOPNOTSUPP;
2203 
2204 	sock = SOCKET_I(inode);
2205 	if (sock == NULL || sock->sk == NULL)
2206 		return -EOPNOTSUPP;
2207 
2208 	ssp = sock->sk->sk_security;
2209 
2210 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2211 		ssp->smk_in = skp;
2212 	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2213 		ssp->smk_out = skp;
2214 		if (sock->sk->sk_family == PF_INET) {
2215 			rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2216 			if (rc != 0)
2217 				printk(KERN_WARNING
2218 					"Smack: \"%s\" netlbl error %d.\n",
2219 					__func__, -rc);
2220 		}
2221 	} else
2222 		return -EOPNOTSUPP;
2223 
2224 	if (sock->sk->sk_family == PF_INET6)
2225 		smk_ipv6_port_label(sock, NULL);
2226 
2227 	return 0;
2228 }
2229 
2230 /**
2231  * smack_socket_post_create - finish socket setup
2232  * @sock: the socket
2233  * @family: protocol family
2234  * @type: unused
2235  * @protocol: unused
2236  * @kern: unused
2237  *
2238  * Sets the netlabel information on the socket
2239  *
2240  * Returns 0 on success, and error code otherwise
2241  */
2242 static int smack_socket_post_create(struct socket *sock, int family,
2243 				    int type, int protocol, int kern)
2244 {
2245 	if (family != PF_INET || sock->sk == NULL)
2246 		return 0;
2247 	/*
2248 	 * Set the outbound netlbl.
2249 	 */
2250 	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2251 }
2252 
2253 /**
2254  * smack_socket_bind - record port binding information.
2255  * @sock: the socket
2256  * @address: the port address
2257  * @addrlen: size of the address
2258  *
2259  * Records the label bound to a port.
2260  *
2261  * Returns 0
2262  */
2263 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2264 				int addrlen)
2265 {
2266 	if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2267 		smk_ipv6_port_label(sock, address);
2268 
2269 	return 0;
2270 }
2271 
2272 /**
2273  * smack_socket_connect - connect access check
2274  * @sock: the socket
2275  * @sap: the other end
2276  * @addrlen: size of sap
2277  *
2278  * Verifies that a connection may be possible
2279  *
2280  * Returns 0 on success, and error code otherwise
2281  */
2282 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2283 				int addrlen)
2284 {
2285 	int rc = 0;
2286 
2287 	if (sock->sk == NULL)
2288 		return 0;
2289 
2290 	switch (sock->sk->sk_family) {
2291 	case PF_INET:
2292 		if (addrlen < sizeof(struct sockaddr_in))
2293 			return -EINVAL;
2294 		rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2295 		break;
2296 	case PF_INET6:
2297 		if (addrlen < sizeof(struct sockaddr_in6))
2298 			return -EINVAL;
2299 		rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
2300 						SMK_CONNECTING);
2301 		break;
2302 	}
2303 	return rc;
2304 }
2305 
2306 /**
2307  * smack_flags_to_may - convert S_ to MAY_ values
2308  * @flags: the S_ value
2309  *
2310  * Returns the equivalent MAY_ value
2311  */
2312 static int smack_flags_to_may(int flags)
2313 {
2314 	int may = 0;
2315 
2316 	if (flags & S_IRUGO)
2317 		may |= MAY_READ;
2318 	if (flags & S_IWUGO)
2319 		may |= MAY_WRITE;
2320 	if (flags & S_IXUGO)
2321 		may |= MAY_EXEC;
2322 
2323 	return may;
2324 }
2325 
2326 /**
2327  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2328  * @msg: the object
2329  *
2330  * Returns 0
2331  */
2332 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2333 {
2334 	struct smack_known *skp = smk_of_current();
2335 
2336 	msg->security = skp->smk_known;
2337 	return 0;
2338 }
2339 
2340 /**
2341  * smack_msg_msg_free_security - Clear the security blob for msg_msg
2342  * @msg: the object
2343  *
2344  * Clears the blob pointer
2345  */
2346 static void smack_msg_msg_free_security(struct msg_msg *msg)
2347 {
2348 	msg->security = NULL;
2349 }
2350 
2351 /**
2352  * smack_of_shm - the smack pointer for the shm
2353  * @shp: the object
2354  *
2355  * Returns a pointer to the smack value
2356  */
2357 static char *smack_of_shm(struct shmid_kernel *shp)
2358 {
2359 	return (char *)shp->shm_perm.security;
2360 }
2361 
2362 /**
2363  * smack_shm_alloc_security - Set the security blob for shm
2364  * @shp: the object
2365  *
2366  * Returns 0
2367  */
2368 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2369 {
2370 	struct kern_ipc_perm *isp = &shp->shm_perm;
2371 	struct smack_known *skp = smk_of_current();
2372 
2373 	isp->security = skp->smk_known;
2374 	return 0;
2375 }
2376 
2377 /**
2378  * smack_shm_free_security - Clear the security blob for shm
2379  * @shp: the object
2380  *
2381  * Clears the blob pointer
2382  */
2383 static void smack_shm_free_security(struct shmid_kernel *shp)
2384 {
2385 	struct kern_ipc_perm *isp = &shp->shm_perm;
2386 
2387 	isp->security = NULL;
2388 }
2389 
2390 /**
2391  * smk_curacc_shm : check if current has access on shm
2392  * @shp : the object
2393  * @access : access requested
2394  *
2395  * Returns 0 if current has the requested access, error code otherwise
2396  */
2397 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2398 {
2399 	char *ssp = smack_of_shm(shp);
2400 	struct smk_audit_info ad;
2401 
2402 #ifdef CONFIG_AUDIT
2403 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2404 	ad.a.u.ipc_id = shp->shm_perm.id;
2405 #endif
2406 	return smk_curacc(ssp, access, &ad);
2407 }
2408 
2409 /**
2410  * smack_shm_associate - Smack access check for shm
2411  * @shp: the object
2412  * @shmflg: access requested
2413  *
2414  * Returns 0 if current has the requested access, error code otherwise
2415  */
2416 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2417 {
2418 	int may;
2419 
2420 	may = smack_flags_to_may(shmflg);
2421 	return smk_curacc_shm(shp, may);
2422 }
2423 
2424 /**
2425  * smack_shm_shmctl - Smack access check for shm
2426  * @shp: the object
2427  * @cmd: what it wants to do
2428  *
2429  * Returns 0 if current has the requested access, error code otherwise
2430  */
2431 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2432 {
2433 	int may;
2434 
2435 	switch (cmd) {
2436 	case IPC_STAT:
2437 	case SHM_STAT:
2438 		may = MAY_READ;
2439 		break;
2440 	case IPC_SET:
2441 	case SHM_LOCK:
2442 	case SHM_UNLOCK:
2443 	case IPC_RMID:
2444 		may = MAY_READWRITE;
2445 		break;
2446 	case IPC_INFO:
2447 	case SHM_INFO:
2448 		/*
2449 		 * System level information.
2450 		 */
2451 		return 0;
2452 	default:
2453 		return -EINVAL;
2454 	}
2455 	return smk_curacc_shm(shp, may);
2456 }
2457 
2458 /**
2459  * smack_shm_shmat - Smack access for shmat
2460  * @shp: the object
2461  * @shmaddr: unused
2462  * @shmflg: access requested
2463  *
2464  * Returns 0 if current has the requested access, error code otherwise
2465  */
2466 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2467 			   int shmflg)
2468 {
2469 	int may;
2470 
2471 	may = smack_flags_to_may(shmflg);
2472 	return smk_curacc_shm(shp, may);
2473 }
2474 
2475 /**
2476  * smack_of_sem - the smack pointer for the sem
2477  * @sma: the object
2478  *
2479  * Returns a pointer to the smack value
2480  */
2481 static char *smack_of_sem(struct sem_array *sma)
2482 {
2483 	return (char *)sma->sem_perm.security;
2484 }
2485 
2486 /**
2487  * smack_sem_alloc_security - Set the security blob for sem
2488  * @sma: the object
2489  *
2490  * Returns 0
2491  */
2492 static int smack_sem_alloc_security(struct sem_array *sma)
2493 {
2494 	struct kern_ipc_perm *isp = &sma->sem_perm;
2495 	struct smack_known *skp = smk_of_current();
2496 
2497 	isp->security = skp->smk_known;
2498 	return 0;
2499 }
2500 
2501 /**
2502  * smack_sem_free_security - Clear the security blob for sem
2503  * @sma: the object
2504  *
2505  * Clears the blob pointer
2506  */
2507 static void smack_sem_free_security(struct sem_array *sma)
2508 {
2509 	struct kern_ipc_perm *isp = &sma->sem_perm;
2510 
2511 	isp->security = NULL;
2512 }
2513 
2514 /**
2515  * smk_curacc_sem : check if current has access on sem
2516  * @sma : the object
2517  * @access : access requested
2518  *
2519  * Returns 0 if current has the requested access, error code otherwise
2520  */
2521 static int smk_curacc_sem(struct sem_array *sma, int access)
2522 {
2523 	char *ssp = smack_of_sem(sma);
2524 	struct smk_audit_info ad;
2525 
2526 #ifdef CONFIG_AUDIT
2527 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2528 	ad.a.u.ipc_id = sma->sem_perm.id;
2529 #endif
2530 	return smk_curacc(ssp, access, &ad);
2531 }
2532 
2533 /**
2534  * smack_sem_associate - Smack access check for sem
2535  * @sma: the object
2536  * @semflg: access requested
2537  *
2538  * Returns 0 if current has the requested access, error code otherwise
2539  */
2540 static int smack_sem_associate(struct sem_array *sma, int semflg)
2541 {
2542 	int may;
2543 
2544 	may = smack_flags_to_may(semflg);
2545 	return smk_curacc_sem(sma, may);
2546 }
2547 
2548 /**
2549  * smack_sem_shmctl - Smack access check for sem
2550  * @sma: the object
2551  * @cmd: what it wants to do
2552  *
2553  * Returns 0 if current has the requested access, error code otherwise
2554  */
2555 static int smack_sem_semctl(struct sem_array *sma, int cmd)
2556 {
2557 	int may;
2558 
2559 	switch (cmd) {
2560 	case GETPID:
2561 	case GETNCNT:
2562 	case GETZCNT:
2563 	case GETVAL:
2564 	case GETALL:
2565 	case IPC_STAT:
2566 	case SEM_STAT:
2567 		may = MAY_READ;
2568 		break;
2569 	case SETVAL:
2570 	case SETALL:
2571 	case IPC_RMID:
2572 	case IPC_SET:
2573 		may = MAY_READWRITE;
2574 		break;
2575 	case IPC_INFO:
2576 	case SEM_INFO:
2577 		/*
2578 		 * System level information
2579 		 */
2580 		return 0;
2581 	default:
2582 		return -EINVAL;
2583 	}
2584 
2585 	return smk_curacc_sem(sma, may);
2586 }
2587 
2588 /**
2589  * smack_sem_semop - Smack checks of semaphore operations
2590  * @sma: the object
2591  * @sops: unused
2592  * @nsops: unused
2593  * @alter: unused
2594  *
2595  * Treated as read and write in all cases.
2596  *
2597  * Returns 0 if access is allowed, error code otherwise
2598  */
2599 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2600 			   unsigned nsops, int alter)
2601 {
2602 	return smk_curacc_sem(sma, MAY_READWRITE);
2603 }
2604 
2605 /**
2606  * smack_msg_alloc_security - Set the security blob for msg
2607  * @msq: the object
2608  *
2609  * Returns 0
2610  */
2611 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2612 {
2613 	struct kern_ipc_perm *kisp = &msq->q_perm;
2614 	struct smack_known *skp = smk_of_current();
2615 
2616 	kisp->security = skp->smk_known;
2617 	return 0;
2618 }
2619 
2620 /**
2621  * smack_msg_free_security - Clear the security blob for msg
2622  * @msq: the object
2623  *
2624  * Clears the blob pointer
2625  */
2626 static void smack_msg_queue_free_security(struct msg_queue *msq)
2627 {
2628 	struct kern_ipc_perm *kisp = &msq->q_perm;
2629 
2630 	kisp->security = NULL;
2631 }
2632 
2633 /**
2634  * smack_of_msq - the smack pointer for the msq
2635  * @msq: the object
2636  *
2637  * Returns a pointer to the smack value
2638  */
2639 static char *smack_of_msq(struct msg_queue *msq)
2640 {
2641 	return (char *)msq->q_perm.security;
2642 }
2643 
2644 /**
2645  * smk_curacc_msq : helper to check if current has access on msq
2646  * @msq : the msq
2647  * @access : access requested
2648  *
2649  * return 0 if current has access, error otherwise
2650  */
2651 static int smk_curacc_msq(struct msg_queue *msq, int access)
2652 {
2653 	char *msp = smack_of_msq(msq);
2654 	struct smk_audit_info ad;
2655 
2656 #ifdef CONFIG_AUDIT
2657 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2658 	ad.a.u.ipc_id = msq->q_perm.id;
2659 #endif
2660 	return smk_curacc(msp, access, &ad);
2661 }
2662 
2663 /**
2664  * smack_msg_queue_associate - Smack access check for msg_queue
2665  * @msq: the object
2666  * @msqflg: access requested
2667  *
2668  * Returns 0 if current has the requested access, error code otherwise
2669  */
2670 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2671 {
2672 	int may;
2673 
2674 	may = smack_flags_to_may(msqflg);
2675 	return smk_curacc_msq(msq, may);
2676 }
2677 
2678 /**
2679  * smack_msg_queue_msgctl - Smack access check for msg_queue
2680  * @msq: the object
2681  * @cmd: what it wants to do
2682  *
2683  * Returns 0 if current has the requested access, error code otherwise
2684  */
2685 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2686 {
2687 	int may;
2688 
2689 	switch (cmd) {
2690 	case IPC_STAT:
2691 	case MSG_STAT:
2692 		may = MAY_READ;
2693 		break;
2694 	case IPC_SET:
2695 	case IPC_RMID:
2696 		may = MAY_READWRITE;
2697 		break;
2698 	case IPC_INFO:
2699 	case MSG_INFO:
2700 		/*
2701 		 * System level information
2702 		 */
2703 		return 0;
2704 	default:
2705 		return -EINVAL;
2706 	}
2707 
2708 	return smk_curacc_msq(msq, may);
2709 }
2710 
2711 /**
2712  * smack_msg_queue_msgsnd - Smack access check for msg_queue
2713  * @msq: the object
2714  * @msg: unused
2715  * @msqflg: access requested
2716  *
2717  * Returns 0 if current has the requested access, error code otherwise
2718  */
2719 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2720 				  int msqflg)
2721 {
2722 	int may;
2723 
2724 	may = smack_flags_to_may(msqflg);
2725 	return smk_curacc_msq(msq, may);
2726 }
2727 
2728 /**
2729  * smack_msg_queue_msgsnd - Smack access check for msg_queue
2730  * @msq: the object
2731  * @msg: unused
2732  * @target: unused
2733  * @type: unused
2734  * @mode: unused
2735  *
2736  * Returns 0 if current has read and write access, error code otherwise
2737  */
2738 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2739 			struct task_struct *target, long type, int mode)
2740 {
2741 	return smk_curacc_msq(msq, MAY_READWRITE);
2742 }
2743 
2744 /**
2745  * smack_ipc_permission - Smack access for ipc_permission()
2746  * @ipp: the object permissions
2747  * @flag: access requested
2748  *
2749  * Returns 0 if current has read and write access, error code otherwise
2750  */
2751 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2752 {
2753 	char *isp = ipp->security;
2754 	int may = smack_flags_to_may(flag);
2755 	struct smk_audit_info ad;
2756 
2757 #ifdef CONFIG_AUDIT
2758 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2759 	ad.a.u.ipc_id = ipp->id;
2760 #endif
2761 	return smk_curacc(isp, may, &ad);
2762 }
2763 
2764 /**
2765  * smack_ipc_getsecid - Extract smack security id
2766  * @ipp: the object permissions
2767  * @secid: where result will be saved
2768  */
2769 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2770 {
2771 	char *smack = ipp->security;
2772 
2773 	*secid = smack_to_secid(smack);
2774 }
2775 
2776 /**
2777  * smack_d_instantiate - Make sure the blob is correct on an inode
2778  * @opt_dentry: dentry where inode will be attached
2779  * @inode: the object
2780  *
2781  * Set the inode's security blob if it hasn't been done already.
2782  */
2783 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2784 {
2785 	struct super_block *sbp;
2786 	struct superblock_smack *sbsp;
2787 	struct inode_smack *isp;
2788 	struct smack_known *skp;
2789 	struct smack_known *ckp = smk_of_current();
2790 	char *final;
2791 	char trattr[TRANS_TRUE_SIZE];
2792 	int transflag = 0;
2793 	int rc;
2794 	struct dentry *dp;
2795 
2796 	if (inode == NULL)
2797 		return;
2798 
2799 	isp = inode->i_security;
2800 
2801 	mutex_lock(&isp->smk_lock);
2802 	/*
2803 	 * If the inode is already instantiated
2804 	 * take the quick way out
2805 	 */
2806 	if (isp->smk_flags & SMK_INODE_INSTANT)
2807 		goto unlockandout;
2808 
2809 	sbp = inode->i_sb;
2810 	sbsp = sbp->s_security;
2811 	/*
2812 	 * We're going to use the superblock default label
2813 	 * if there's no label on the file.
2814 	 */
2815 	final = sbsp->smk_default;
2816 
2817 	/*
2818 	 * If this is the root inode the superblock
2819 	 * may be in the process of initialization.
2820 	 * If that is the case use the root value out
2821 	 * of the superblock.
2822 	 */
2823 	if (opt_dentry->d_parent == opt_dentry) {
2824 		if (sbp->s_magic == CGROUP_SUPER_MAGIC) {
2825 			/*
2826 			 * The cgroup filesystem is never mounted,
2827 			 * so there's no opportunity to set the mount
2828 			 * options.
2829 			 */
2830 			sbsp->smk_root = smack_known_star.smk_known;
2831 			sbsp->smk_default = smack_known_star.smk_known;
2832 		}
2833 		isp->smk_inode = sbsp->smk_root;
2834 		isp->smk_flags |= SMK_INODE_INSTANT;
2835 		goto unlockandout;
2836 	}
2837 
2838 	/*
2839 	 * This is pretty hackish.
2840 	 * Casey says that we shouldn't have to do
2841 	 * file system specific code, but it does help
2842 	 * with keeping it simple.
2843 	 */
2844 	switch (sbp->s_magic) {
2845 	case SMACK_MAGIC:
2846 	case PIPEFS_MAGIC:
2847 	case SOCKFS_MAGIC:
2848 	case CGROUP_SUPER_MAGIC:
2849 		/*
2850 		 * Casey says that it's a little embarrassing
2851 		 * that the smack file system doesn't do
2852 		 * extended attributes.
2853 		 *
2854 		 * Casey says pipes are easy (?)
2855 		 *
2856 		 * Socket access is controlled by the socket
2857 		 * structures associated with the task involved.
2858 		 *
2859 		 * Cgroupfs is special
2860 		 */
2861 		final = smack_known_star.smk_known;
2862 		break;
2863 	case DEVPTS_SUPER_MAGIC:
2864 		/*
2865 		 * devpts seems content with the label of the task.
2866 		 * Programs that change smack have to treat the
2867 		 * pty with respect.
2868 		 */
2869 		final = ckp->smk_known;
2870 		break;
2871 	case PROC_SUPER_MAGIC:
2872 		/*
2873 		 * Casey says procfs appears not to care.
2874 		 * The superblock default suffices.
2875 		 */
2876 		break;
2877 	case TMPFS_MAGIC:
2878 		/*
2879 		 * Device labels should come from the filesystem,
2880 		 * but watch out, because they're volitile,
2881 		 * getting recreated on every reboot.
2882 		 */
2883 		final = smack_known_star.smk_known;
2884 		/*
2885 		 * No break.
2886 		 *
2887 		 * If a smack value has been set we want to use it,
2888 		 * but since tmpfs isn't giving us the opportunity
2889 		 * to set mount options simulate setting the
2890 		 * superblock default.
2891 		 */
2892 	default:
2893 		/*
2894 		 * This isn't an understood special case.
2895 		 * Get the value from the xattr.
2896 		 */
2897 
2898 		/*
2899 		 * UNIX domain sockets use lower level socket data.
2900 		 */
2901 		if (S_ISSOCK(inode->i_mode)) {
2902 			final = smack_known_star.smk_known;
2903 			break;
2904 		}
2905 		/*
2906 		 * No xattr support means, alas, no SMACK label.
2907 		 * Use the aforeapplied default.
2908 		 * It would be curious if the label of the task
2909 		 * does not match that assigned.
2910 		 */
2911 		if (inode->i_op->getxattr == NULL)
2912 			break;
2913 		/*
2914 		 * Get the dentry for xattr.
2915 		 */
2916 		dp = dget(opt_dentry);
2917 		skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
2918 		if (skp != NULL)
2919 			final = skp->smk_known;
2920 
2921 		/*
2922 		 * Transmuting directory
2923 		 */
2924 		if (S_ISDIR(inode->i_mode)) {
2925 			/*
2926 			 * If this is a new directory and the label was
2927 			 * transmuted when the inode was initialized
2928 			 * set the transmute attribute on the directory
2929 			 * and mark the inode.
2930 			 *
2931 			 * If there is a transmute attribute on the
2932 			 * directory mark the inode.
2933 			 */
2934 			if (isp->smk_flags & SMK_INODE_CHANGED) {
2935 				isp->smk_flags &= ~SMK_INODE_CHANGED;
2936 				rc = inode->i_op->setxattr(dp,
2937 					XATTR_NAME_SMACKTRANSMUTE,
2938 					TRANS_TRUE, TRANS_TRUE_SIZE,
2939 					0);
2940 			} else {
2941 				rc = inode->i_op->getxattr(dp,
2942 					XATTR_NAME_SMACKTRANSMUTE, trattr,
2943 					TRANS_TRUE_SIZE);
2944 				if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
2945 						       TRANS_TRUE_SIZE) != 0)
2946 					rc = -EINVAL;
2947 			}
2948 			if (rc >= 0)
2949 				transflag = SMK_INODE_TRANSMUTE;
2950 		}
2951 		/*
2952 		 * Don't let the exec or mmap label be "*" or "@".
2953 		 */
2954 		skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
2955 		if (skp == &smack_known_star || skp == &smack_known_web)
2956 			skp = NULL;
2957 		isp->smk_task = skp;
2958 		skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
2959 		if (skp == &smack_known_star || skp == &smack_known_web)
2960 			skp = NULL;
2961 		isp->smk_mmap = skp;
2962 
2963 		dput(dp);
2964 		break;
2965 	}
2966 
2967 	if (final == NULL)
2968 		isp->smk_inode = ckp->smk_known;
2969 	else
2970 		isp->smk_inode = final;
2971 
2972 	isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
2973 
2974 unlockandout:
2975 	mutex_unlock(&isp->smk_lock);
2976 	return;
2977 }
2978 
2979 /**
2980  * smack_getprocattr - Smack process attribute access
2981  * @p: the object task
2982  * @name: the name of the attribute in /proc/.../attr
2983  * @value: where to put the result
2984  *
2985  * Places a copy of the task Smack into value
2986  *
2987  * Returns the length of the smack label or an error code
2988  */
2989 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
2990 {
2991 	struct smack_known *skp = smk_of_task(task_security(p));
2992 	char *cp;
2993 	int slen;
2994 
2995 	if (strcmp(name, "current") != 0)
2996 		return -EINVAL;
2997 
2998 	cp = kstrdup(skp->smk_known, GFP_KERNEL);
2999 	if (cp == NULL)
3000 		return -ENOMEM;
3001 
3002 	slen = strlen(cp);
3003 	*value = cp;
3004 	return slen;
3005 }
3006 
3007 /**
3008  * smack_setprocattr - Smack process attribute setting
3009  * @p: the object task
3010  * @name: the name of the attribute in /proc/.../attr
3011  * @value: the value to set
3012  * @size: the size of the value
3013  *
3014  * Sets the Smack value of the task. Only setting self
3015  * is permitted and only with privilege
3016  *
3017  * Returns the length of the smack label or an error code
3018  */
3019 static int smack_setprocattr(struct task_struct *p, char *name,
3020 			     void *value, size_t size)
3021 {
3022 	struct task_smack *tsp;
3023 	struct cred *new;
3024 	struct smack_known *skp;
3025 
3026 	/*
3027 	 * Changing another process' Smack value is too dangerous
3028 	 * and supports no sane use case.
3029 	 */
3030 	if (p != current)
3031 		return -EPERM;
3032 
3033 	if (!smack_privileged(CAP_MAC_ADMIN))
3034 		return -EPERM;
3035 
3036 	if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3037 		return -EINVAL;
3038 
3039 	if (strcmp(name, "current") != 0)
3040 		return -EINVAL;
3041 
3042 	skp = smk_import_entry(value, size);
3043 	if (skp == NULL)
3044 		return -EINVAL;
3045 
3046 	/*
3047 	 * No process is ever allowed the web ("@") label.
3048 	 */
3049 	if (skp == &smack_known_web)
3050 		return -EPERM;
3051 
3052 	new = prepare_creds();
3053 	if (new == NULL)
3054 		return -ENOMEM;
3055 
3056 	tsp = new->security;
3057 	tsp->smk_task = skp;
3058 
3059 	commit_creds(new);
3060 	return size;
3061 }
3062 
3063 /**
3064  * smack_unix_stream_connect - Smack access on UDS
3065  * @sock: one sock
3066  * @other: the other sock
3067  * @newsk: unused
3068  *
3069  * Return 0 if a subject with the smack of sock could access
3070  * an object with the smack of other, otherwise an error code
3071  */
3072 static int smack_unix_stream_connect(struct sock *sock,
3073 				     struct sock *other, struct sock *newsk)
3074 {
3075 	struct smack_known *skp;
3076 	struct smack_known *okp;
3077 	struct socket_smack *ssp = sock->sk_security;
3078 	struct socket_smack *osp = other->sk_security;
3079 	struct socket_smack *nsp = newsk->sk_security;
3080 	struct smk_audit_info ad;
3081 	int rc = 0;
3082 #ifdef CONFIG_AUDIT
3083 	struct lsm_network_audit net;
3084 #endif
3085 
3086 	if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3087 		skp = ssp->smk_out;
3088 		okp = osp->smk_out;
3089 #ifdef CONFIG_AUDIT
3090 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3091 		smk_ad_setfield_u_net_sk(&ad, other);
3092 #endif
3093 		rc = smk_access(skp, okp->smk_known, MAY_WRITE, &ad);
3094 		if (rc == 0)
3095 			rc = smk_access(okp, okp->smk_known, MAY_WRITE, NULL);
3096 	}
3097 
3098 	/*
3099 	 * Cross reference the peer labels for SO_PEERSEC.
3100 	 */
3101 	if (rc == 0) {
3102 		nsp->smk_packet = ssp->smk_out;
3103 		ssp->smk_packet = osp->smk_out;
3104 	}
3105 
3106 	return rc;
3107 }
3108 
3109 /**
3110  * smack_unix_may_send - Smack access on UDS
3111  * @sock: one socket
3112  * @other: the other socket
3113  *
3114  * Return 0 if a subject with the smack of sock could access
3115  * an object with the smack of other, otherwise an error code
3116  */
3117 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3118 {
3119 	struct socket_smack *ssp = sock->sk->sk_security;
3120 	struct socket_smack *osp = other->sk->sk_security;
3121 	struct smack_known *skp;
3122 	struct smk_audit_info ad;
3123 
3124 #ifdef CONFIG_AUDIT
3125 	struct lsm_network_audit net;
3126 
3127 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3128 	smk_ad_setfield_u_net_sk(&ad, other->sk);
3129 #endif
3130 
3131 	if (smack_privileged(CAP_MAC_OVERRIDE))
3132 		return 0;
3133 
3134 	skp = ssp->smk_out;
3135 	return smk_access(skp, osp->smk_in->smk_known, MAY_WRITE, &ad);
3136 }
3137 
3138 /**
3139  * smack_socket_sendmsg - Smack check based on destination host
3140  * @sock: the socket
3141  * @msg: the message
3142  * @size: the size of the message
3143  *
3144  * Return 0 if the current subject can write to the destination host.
3145  * For IPv4 this is only a question if the destination is a single label host.
3146  * For IPv6 this is a check against the label of the port.
3147  */
3148 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3149 				int size)
3150 {
3151 	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3152 	struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3153 	int rc = 0;
3154 
3155 	/*
3156 	 * Perfectly reasonable for this to be NULL
3157 	 */
3158 	if (sip == NULL)
3159 		return 0;
3160 
3161 	switch (sip->sin_family) {
3162 	case AF_INET:
3163 		rc = smack_netlabel_send(sock->sk, sip);
3164 		break;
3165 	case AF_INET6:
3166 		rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3167 		break;
3168 	}
3169 	return rc;
3170 }
3171 
3172 /**
3173  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3174  * @sap: netlabel secattr
3175  * @ssp: socket security information
3176  *
3177  * Returns a pointer to a Smack label entry found on the label list.
3178  */
3179 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3180 						struct socket_smack *ssp)
3181 {
3182 	struct smack_known *skp;
3183 	int found = 0;
3184 	int acat;
3185 	int kcat;
3186 
3187 	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3188 		/*
3189 		 * Looks like a CIPSO packet.
3190 		 * If there are flags but no level netlabel isn't
3191 		 * behaving the way we expect it to.
3192 		 *
3193 		 * Look it up in the label table
3194 		 * Without guidance regarding the smack value
3195 		 * for the packet fall back on the network
3196 		 * ambient value.
3197 		 */
3198 		rcu_read_lock();
3199 		list_for_each_entry(skp, &smack_known_list, list) {
3200 			if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3201 				continue;
3202 			/*
3203 			 * Compare the catsets. Use the netlbl APIs.
3204 			 */
3205 			if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3206 				if ((skp->smk_netlabel.flags &
3207 				     NETLBL_SECATTR_MLS_CAT) == 0)
3208 					found = 1;
3209 				break;
3210 			}
3211 			for (acat = -1, kcat = -1; acat == kcat; ) {
3212 				acat = netlbl_secattr_catmap_walk(
3213 					sap->attr.mls.cat, acat + 1);
3214 				kcat = netlbl_secattr_catmap_walk(
3215 					skp->smk_netlabel.attr.mls.cat,
3216 					kcat + 1);
3217 				if (acat < 0 || kcat < 0)
3218 					break;
3219 			}
3220 			if (acat == kcat) {
3221 				found = 1;
3222 				break;
3223 			}
3224 		}
3225 		rcu_read_unlock();
3226 
3227 		if (found)
3228 			return skp;
3229 
3230 		if (ssp != NULL && ssp->smk_in == &smack_known_star)
3231 			return &smack_known_web;
3232 		return &smack_known_star;
3233 	}
3234 	if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
3235 		/*
3236 		 * Looks like a fallback, which gives us a secid.
3237 		 */
3238 		skp = smack_from_secid(sap->attr.secid);
3239 		/*
3240 		 * This has got to be a bug because it is
3241 		 * impossible to specify a fallback without
3242 		 * specifying the label, which will ensure
3243 		 * it has a secid, and the only way to get a
3244 		 * secid is from a fallback.
3245 		 */
3246 		BUG_ON(skp == NULL);
3247 		return skp;
3248 	}
3249 	/*
3250 	 * Without guidance regarding the smack value
3251 	 * for the packet fall back on the network
3252 	 * ambient value.
3253 	 */
3254 	return smack_net_ambient;
3255 }
3256 
3257 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3258 {
3259 	u8 nexthdr;
3260 	int offset;
3261 	int proto = -EINVAL;
3262 	struct ipv6hdr _ipv6h;
3263 	struct ipv6hdr *ip6;
3264 	__be16 frag_off;
3265 	struct tcphdr _tcph, *th;
3266 	struct udphdr _udph, *uh;
3267 	struct dccp_hdr _dccph, *dh;
3268 
3269 	sip->sin6_port = 0;
3270 
3271 	offset = skb_network_offset(skb);
3272 	ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3273 	if (ip6 == NULL)
3274 		return -EINVAL;
3275 	sip->sin6_addr = ip6->saddr;
3276 
3277 	nexthdr = ip6->nexthdr;
3278 	offset += sizeof(_ipv6h);
3279 	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3280 	if (offset < 0)
3281 		return -EINVAL;
3282 
3283 	proto = nexthdr;
3284 	switch (proto) {
3285 	case IPPROTO_TCP:
3286 		th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3287 		if (th != NULL)
3288 			sip->sin6_port = th->source;
3289 		break;
3290 	case IPPROTO_UDP:
3291 		uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3292 		if (uh != NULL)
3293 			sip->sin6_port = uh->source;
3294 		break;
3295 	case IPPROTO_DCCP:
3296 		dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3297 		if (dh != NULL)
3298 			sip->sin6_port = dh->dccph_sport;
3299 		break;
3300 	}
3301 	return proto;
3302 }
3303 
3304 /**
3305  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3306  * @sk: socket
3307  * @skb: packet
3308  *
3309  * Returns 0 if the packet should be delivered, an error code otherwise
3310  */
3311 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3312 {
3313 	struct netlbl_lsm_secattr secattr;
3314 	struct socket_smack *ssp = sk->sk_security;
3315 	struct smack_known *skp;
3316 	struct sockaddr_in6 sadd;
3317 	int rc = 0;
3318 	struct smk_audit_info ad;
3319 #ifdef CONFIG_AUDIT
3320 	struct lsm_network_audit net;
3321 #endif
3322 	switch (sk->sk_family) {
3323 	case PF_INET:
3324 		/*
3325 		 * Translate what netlabel gave us.
3326 		 */
3327 		netlbl_secattr_init(&secattr);
3328 
3329 		rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3330 		if (rc == 0)
3331 			skp = smack_from_secattr(&secattr, ssp);
3332 		else
3333 			skp = smack_net_ambient;
3334 
3335 		netlbl_secattr_destroy(&secattr);
3336 
3337 #ifdef CONFIG_AUDIT
3338 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3339 		ad.a.u.net->family = sk->sk_family;
3340 		ad.a.u.net->netif = skb->skb_iif;
3341 		ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3342 #endif
3343 		/*
3344 		 * Receiving a packet requires that the other end
3345 		 * be able to write here. Read access is not required.
3346 		 * This is the simplist possible security model
3347 		 * for networking.
3348 		 */
3349 		rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad);
3350 		if (rc != 0)
3351 			netlbl_skbuff_err(skb, rc, 0);
3352 		break;
3353 	case PF_INET6:
3354 		rc = smk_skb_to_addr_ipv6(skb, &sadd);
3355 		if (rc == IPPROTO_UDP || rc == IPPROTO_TCP)
3356 			rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3357 		else
3358 			rc = 0;
3359 		break;
3360 	}
3361 	return rc;
3362 }
3363 
3364 /**
3365  * smack_socket_getpeersec_stream - pull in packet label
3366  * @sock: the socket
3367  * @optval: user's destination
3368  * @optlen: size thereof
3369  * @len: max thereof
3370  *
3371  * returns zero on success, an error code otherwise
3372  */
3373 static int smack_socket_getpeersec_stream(struct socket *sock,
3374 					  char __user *optval,
3375 					  int __user *optlen, unsigned len)
3376 {
3377 	struct socket_smack *ssp;
3378 	char *rcp = "";
3379 	int slen = 1;
3380 	int rc = 0;
3381 
3382 	ssp = sock->sk->sk_security;
3383 	if (ssp->smk_packet != NULL) {
3384 		rcp = ssp->smk_packet->smk_known;
3385 		slen = strlen(rcp) + 1;
3386 	}
3387 
3388 	if (slen > len)
3389 		rc = -ERANGE;
3390 	else if (copy_to_user(optval, rcp, slen) != 0)
3391 		rc = -EFAULT;
3392 
3393 	if (put_user(slen, optlen) != 0)
3394 		rc = -EFAULT;
3395 
3396 	return rc;
3397 }
3398 
3399 
3400 /**
3401  * smack_socket_getpeersec_dgram - pull in packet label
3402  * @sock: the peer socket
3403  * @skb: packet data
3404  * @secid: pointer to where to put the secid of the packet
3405  *
3406  * Sets the netlabel socket state on sk from parent
3407  */
3408 static int smack_socket_getpeersec_dgram(struct socket *sock,
3409 					 struct sk_buff *skb, u32 *secid)
3410 
3411 {
3412 	struct netlbl_lsm_secattr secattr;
3413 	struct socket_smack *ssp = NULL;
3414 	struct smack_known *skp;
3415 	int family = PF_UNSPEC;
3416 	u32 s = 0;	/* 0 is the invalid secid */
3417 	int rc;
3418 
3419 	if (skb != NULL) {
3420 		if (skb->protocol == htons(ETH_P_IP))
3421 			family = PF_INET;
3422 		else if (skb->protocol == htons(ETH_P_IPV6))
3423 			family = PF_INET6;
3424 	}
3425 	if (family == PF_UNSPEC && sock != NULL)
3426 		family = sock->sk->sk_family;
3427 
3428 	if (family == PF_UNIX) {
3429 		ssp = sock->sk->sk_security;
3430 		s = ssp->smk_out->smk_secid;
3431 	} else if (family == PF_INET || family == PF_INET6) {
3432 		/*
3433 		 * Translate what netlabel gave us.
3434 		 */
3435 		if (sock != NULL && sock->sk != NULL)
3436 			ssp = sock->sk->sk_security;
3437 		netlbl_secattr_init(&secattr);
3438 		rc = netlbl_skbuff_getattr(skb, family, &secattr);
3439 		if (rc == 0) {
3440 			skp = smack_from_secattr(&secattr, ssp);
3441 			s = skp->smk_secid;
3442 		}
3443 		netlbl_secattr_destroy(&secattr);
3444 	}
3445 	*secid = s;
3446 	if (s == 0)
3447 		return -EINVAL;
3448 	return 0;
3449 }
3450 
3451 /**
3452  * smack_sock_graft - Initialize a newly created socket with an existing sock
3453  * @sk: child sock
3454  * @parent: parent socket
3455  *
3456  * Set the smk_{in,out} state of an existing sock based on the process that
3457  * is creating the new socket.
3458  */
3459 static void smack_sock_graft(struct sock *sk, struct socket *parent)
3460 {
3461 	struct socket_smack *ssp;
3462 	struct smack_known *skp = smk_of_current();
3463 
3464 	if (sk == NULL ||
3465 	    (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3466 		return;
3467 
3468 	ssp = sk->sk_security;
3469 	ssp->smk_in = skp;
3470 	ssp->smk_out = skp;
3471 	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
3472 }
3473 
3474 /**
3475  * smack_inet_conn_request - Smack access check on connect
3476  * @sk: socket involved
3477  * @skb: packet
3478  * @req: unused
3479  *
3480  * Returns 0 if a task with the packet label could write to
3481  * the socket, otherwise an error code
3482  */
3483 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3484 				   struct request_sock *req)
3485 {
3486 	u16 family = sk->sk_family;
3487 	struct smack_known *skp;
3488 	struct socket_smack *ssp = sk->sk_security;
3489 	struct netlbl_lsm_secattr secattr;
3490 	struct sockaddr_in addr;
3491 	struct iphdr *hdr;
3492 	char *hsp;
3493 	int rc;
3494 	struct smk_audit_info ad;
3495 #ifdef CONFIG_AUDIT
3496 	struct lsm_network_audit net;
3497 #endif
3498 
3499 	if (family == PF_INET6) {
3500 		/*
3501 		 * Handle mapped IPv4 packets arriving
3502 		 * via IPv6 sockets. Don't set up netlabel
3503 		 * processing on IPv6.
3504 		 */
3505 		if (skb->protocol == htons(ETH_P_IP))
3506 			family = PF_INET;
3507 		else
3508 			return 0;
3509 	}
3510 
3511 	netlbl_secattr_init(&secattr);
3512 	rc = netlbl_skbuff_getattr(skb, family, &secattr);
3513 	if (rc == 0)
3514 		skp = smack_from_secattr(&secattr, ssp);
3515 	else
3516 		skp = &smack_known_huh;
3517 	netlbl_secattr_destroy(&secattr);
3518 
3519 #ifdef CONFIG_AUDIT
3520 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3521 	ad.a.u.net->family = family;
3522 	ad.a.u.net->netif = skb->skb_iif;
3523 	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3524 #endif
3525 	/*
3526 	 * Receiving a packet requires that the other end be able to write
3527 	 * here. Read access is not required.
3528 	 */
3529 	rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad);
3530 	if (rc != 0)
3531 		return rc;
3532 
3533 	/*
3534 	 * Save the peer's label in the request_sock so we can later setup
3535 	 * smk_packet in the child socket so that SO_PEERCRED can report it.
3536 	 */
3537 	req->peer_secid = skp->smk_secid;
3538 
3539 	/*
3540 	 * We need to decide if we want to label the incoming connection here
3541 	 * if we do we only need to label the request_sock and the stack will
3542 	 * propagate the wire-label to the sock when it is created.
3543 	 */
3544 	hdr = ip_hdr(skb);
3545 	addr.sin_addr.s_addr = hdr->saddr;
3546 	rcu_read_lock();
3547 	hsp = smack_host_label(&addr);
3548 	rcu_read_unlock();
3549 
3550 	if (hsp == NULL)
3551 		rc = netlbl_req_setattr(req, &skp->smk_netlabel);
3552 	else
3553 		netlbl_req_delattr(req);
3554 
3555 	return rc;
3556 }
3557 
3558 /**
3559  * smack_inet_csk_clone - Copy the connection information to the new socket
3560  * @sk: the new socket
3561  * @req: the connection's request_sock
3562  *
3563  * Transfer the connection's peer label to the newly created socket.
3564  */
3565 static void smack_inet_csk_clone(struct sock *sk,
3566 				 const struct request_sock *req)
3567 {
3568 	struct socket_smack *ssp = sk->sk_security;
3569 	struct smack_known *skp;
3570 
3571 	if (req->peer_secid != 0) {
3572 		skp = smack_from_secid(req->peer_secid);
3573 		ssp->smk_packet = skp;
3574 	} else
3575 		ssp->smk_packet = NULL;
3576 }
3577 
3578 /*
3579  * Key management security hooks
3580  *
3581  * Casey has not tested key support very heavily.
3582  * The permission check is most likely too restrictive.
3583  * If you care about keys please have a look.
3584  */
3585 #ifdef CONFIG_KEYS
3586 
3587 /**
3588  * smack_key_alloc - Set the key security blob
3589  * @key: object
3590  * @cred: the credentials to use
3591  * @flags: unused
3592  *
3593  * No allocation required
3594  *
3595  * Returns 0
3596  */
3597 static int smack_key_alloc(struct key *key, const struct cred *cred,
3598 			   unsigned long flags)
3599 {
3600 	struct smack_known *skp = smk_of_task(cred->security);
3601 
3602 	key->security = skp->smk_known;
3603 	return 0;
3604 }
3605 
3606 /**
3607  * smack_key_free - Clear the key security blob
3608  * @key: the object
3609  *
3610  * Clear the blob pointer
3611  */
3612 static void smack_key_free(struct key *key)
3613 {
3614 	key->security = NULL;
3615 }
3616 
3617 /*
3618  * smack_key_permission - Smack access on a key
3619  * @key_ref: gets to the object
3620  * @cred: the credentials to use
3621  * @perm: unused
3622  *
3623  * Return 0 if the task has read and write to the object,
3624  * an error code otherwise
3625  */
3626 static int smack_key_permission(key_ref_t key_ref,
3627 				const struct cred *cred, unsigned perm)
3628 {
3629 	struct key *keyp;
3630 	struct smk_audit_info ad;
3631 	struct smack_known *tkp = smk_of_task(cred->security);
3632 	int request = 0;
3633 
3634 	keyp = key_ref_to_ptr(key_ref);
3635 	if (keyp == NULL)
3636 		return -EINVAL;
3637 	/*
3638 	 * If the key hasn't been initialized give it access so that
3639 	 * it may do so.
3640 	 */
3641 	if (keyp->security == NULL)
3642 		return 0;
3643 	/*
3644 	 * This should not occur
3645 	 */
3646 	if (tkp == NULL)
3647 		return -EACCES;
3648 #ifdef CONFIG_AUDIT
3649 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3650 	ad.a.u.key_struct.key = keyp->serial;
3651 	ad.a.u.key_struct.key_desc = keyp->description;
3652 #endif
3653 	if (perm & KEY_NEED_READ)
3654 		request = MAY_READ;
3655 	if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
3656 		request = MAY_WRITE;
3657 	return smk_access(tkp, keyp->security, request, &ad);
3658 }
3659 #endif /* CONFIG_KEYS */
3660 
3661 /*
3662  * Smack Audit hooks
3663  *
3664  * Audit requires a unique representation of each Smack specific
3665  * rule. This unique representation is used to distinguish the
3666  * object to be audited from remaining kernel objects and also
3667  * works as a glue between the audit hooks.
3668  *
3669  * Since repository entries are added but never deleted, we'll use
3670  * the smack_known label address related to the given audit rule as
3671  * the needed unique representation. This also better fits the smack
3672  * model where nearly everything is a label.
3673  */
3674 #ifdef CONFIG_AUDIT
3675 
3676 /**
3677  * smack_audit_rule_init - Initialize a smack audit rule
3678  * @field: audit rule fields given from user-space (audit.h)
3679  * @op: required testing operator (=, !=, >, <, ...)
3680  * @rulestr: smack label to be audited
3681  * @vrule: pointer to save our own audit rule representation
3682  *
3683  * Prepare to audit cases where (@field @op @rulestr) is true.
3684  * The label to be audited is created if necessay.
3685  */
3686 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3687 {
3688 	char **rule = (char **)vrule;
3689 	*rule = NULL;
3690 
3691 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3692 		return -EINVAL;
3693 
3694 	if (op != Audit_equal && op != Audit_not_equal)
3695 		return -EINVAL;
3696 
3697 	*rule = smk_import(rulestr, 0);
3698 
3699 	return 0;
3700 }
3701 
3702 /**
3703  * smack_audit_rule_known - Distinguish Smack audit rules
3704  * @krule: rule of interest, in Audit kernel representation format
3705  *
3706  * This is used to filter Smack rules from remaining Audit ones.
3707  * If it's proved that this rule belongs to us, the
3708  * audit_rule_match hook will be called to do the final judgement.
3709  */
3710 static int smack_audit_rule_known(struct audit_krule *krule)
3711 {
3712 	struct audit_field *f;
3713 	int i;
3714 
3715 	for (i = 0; i < krule->field_count; i++) {
3716 		f = &krule->fields[i];
3717 
3718 		if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3719 			return 1;
3720 	}
3721 
3722 	return 0;
3723 }
3724 
3725 /**
3726  * smack_audit_rule_match - Audit given object ?
3727  * @secid: security id for identifying the object to test
3728  * @field: audit rule flags given from user-space
3729  * @op: required testing operator
3730  * @vrule: smack internal rule presentation
3731  * @actx: audit context associated with the check
3732  *
3733  * The core Audit hook. It's used to take the decision of
3734  * whether to audit or not to audit a given object.
3735  */
3736 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3737 				  struct audit_context *actx)
3738 {
3739 	struct smack_known *skp;
3740 	char *rule = vrule;
3741 
3742 	if (unlikely(!rule)) {
3743 		WARN_ONCE(1, "Smack: missing rule\n");
3744 		return -ENOENT;
3745 	}
3746 
3747 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3748 		return 0;
3749 
3750 	skp = smack_from_secid(secid);
3751 
3752 	/*
3753 	 * No need to do string comparisons. If a match occurs,
3754 	 * both pointers will point to the same smack_known
3755 	 * label.
3756 	 */
3757 	if (op == Audit_equal)
3758 		return (rule == skp->smk_known);
3759 	if (op == Audit_not_equal)
3760 		return (rule != skp->smk_known);
3761 
3762 	return 0;
3763 }
3764 
3765 /**
3766  * smack_audit_rule_free - free smack rule representation
3767  * @vrule: rule to be freed.
3768  *
3769  * No memory was allocated.
3770  */
3771 static void smack_audit_rule_free(void *vrule)
3772 {
3773 	/* No-op */
3774 }
3775 
3776 #endif /* CONFIG_AUDIT */
3777 
3778 /**
3779  * smack_ismaclabel - check if xattr @name references a smack MAC label
3780  * @name: Full xattr name to check.
3781  */
3782 static int smack_ismaclabel(const char *name)
3783 {
3784 	return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
3785 }
3786 
3787 
3788 /**
3789  * smack_secid_to_secctx - return the smack label for a secid
3790  * @secid: incoming integer
3791  * @secdata: destination
3792  * @seclen: how long it is
3793  *
3794  * Exists for networking code.
3795  */
3796 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
3797 {
3798 	struct smack_known *skp = smack_from_secid(secid);
3799 
3800 	if (secdata)
3801 		*secdata = skp->smk_known;
3802 	*seclen = strlen(skp->smk_known);
3803 	return 0;
3804 }
3805 
3806 /**
3807  * smack_secctx_to_secid - return the secid for a smack label
3808  * @secdata: smack label
3809  * @seclen: how long result is
3810  * @secid: outgoing integer
3811  *
3812  * Exists for audit and networking code.
3813  */
3814 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
3815 {
3816 	*secid = smack_to_secid(secdata);
3817 	return 0;
3818 }
3819 
3820 /**
3821  * smack_release_secctx - don't do anything.
3822  * @secdata: unused
3823  * @seclen: unused
3824  *
3825  * Exists to make sure nothing gets done, and properly
3826  */
3827 static void smack_release_secctx(char *secdata, u32 seclen)
3828 {
3829 }
3830 
3831 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
3832 {
3833 	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
3834 }
3835 
3836 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
3837 {
3838 	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
3839 }
3840 
3841 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
3842 {
3843 	int len = 0;
3844 	len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
3845 
3846 	if (len < 0)
3847 		return len;
3848 	*ctxlen = len;
3849 	return 0;
3850 }
3851 
3852 struct security_operations smack_ops = {
3853 	.name =				"smack",
3854 
3855 	.ptrace_access_check =		smack_ptrace_access_check,
3856 	.ptrace_traceme =		smack_ptrace_traceme,
3857 	.syslog = 			smack_syslog,
3858 
3859 	.sb_alloc_security = 		smack_sb_alloc_security,
3860 	.sb_free_security = 		smack_sb_free_security,
3861 	.sb_copy_data = 		smack_sb_copy_data,
3862 	.sb_kern_mount = 		smack_sb_kern_mount,
3863 	.sb_statfs = 			smack_sb_statfs,
3864 
3865 	.bprm_set_creds =		smack_bprm_set_creds,
3866 	.bprm_committing_creds =	smack_bprm_committing_creds,
3867 	.bprm_secureexec =		smack_bprm_secureexec,
3868 
3869 	.inode_alloc_security = 	smack_inode_alloc_security,
3870 	.inode_free_security = 		smack_inode_free_security,
3871 	.inode_init_security = 		smack_inode_init_security,
3872 	.inode_link = 			smack_inode_link,
3873 	.inode_unlink = 		smack_inode_unlink,
3874 	.inode_rmdir = 			smack_inode_rmdir,
3875 	.inode_rename = 		smack_inode_rename,
3876 	.inode_permission = 		smack_inode_permission,
3877 	.inode_setattr = 		smack_inode_setattr,
3878 	.inode_getattr = 		smack_inode_getattr,
3879 	.inode_setxattr = 		smack_inode_setxattr,
3880 	.inode_post_setxattr = 		smack_inode_post_setxattr,
3881 	.inode_getxattr = 		smack_inode_getxattr,
3882 	.inode_removexattr = 		smack_inode_removexattr,
3883 	.inode_getsecurity = 		smack_inode_getsecurity,
3884 	.inode_setsecurity = 		smack_inode_setsecurity,
3885 	.inode_listsecurity = 		smack_inode_listsecurity,
3886 	.inode_getsecid =		smack_inode_getsecid,
3887 
3888 	.file_permission = 		smack_file_permission,
3889 	.file_alloc_security = 		smack_file_alloc_security,
3890 	.file_free_security = 		smack_file_free_security,
3891 	.file_ioctl = 			smack_file_ioctl,
3892 	.file_lock = 			smack_file_lock,
3893 	.file_fcntl = 			smack_file_fcntl,
3894 	.mmap_file =			smack_mmap_file,
3895 	.mmap_addr =			cap_mmap_addr,
3896 	.file_set_fowner = 		smack_file_set_fowner,
3897 	.file_send_sigiotask = 		smack_file_send_sigiotask,
3898 	.file_receive = 		smack_file_receive,
3899 
3900 	.file_open =			smack_file_open,
3901 
3902 	.cred_alloc_blank =		smack_cred_alloc_blank,
3903 	.cred_free =			smack_cred_free,
3904 	.cred_prepare =			smack_cred_prepare,
3905 	.cred_transfer =		smack_cred_transfer,
3906 	.kernel_act_as =		smack_kernel_act_as,
3907 	.kernel_create_files_as =	smack_kernel_create_files_as,
3908 	.task_setpgid = 		smack_task_setpgid,
3909 	.task_getpgid = 		smack_task_getpgid,
3910 	.task_getsid = 			smack_task_getsid,
3911 	.task_getsecid = 		smack_task_getsecid,
3912 	.task_setnice = 		smack_task_setnice,
3913 	.task_setioprio = 		smack_task_setioprio,
3914 	.task_getioprio = 		smack_task_getioprio,
3915 	.task_setscheduler = 		smack_task_setscheduler,
3916 	.task_getscheduler = 		smack_task_getscheduler,
3917 	.task_movememory = 		smack_task_movememory,
3918 	.task_kill = 			smack_task_kill,
3919 	.task_wait = 			smack_task_wait,
3920 	.task_to_inode = 		smack_task_to_inode,
3921 
3922 	.ipc_permission = 		smack_ipc_permission,
3923 	.ipc_getsecid =			smack_ipc_getsecid,
3924 
3925 	.msg_msg_alloc_security = 	smack_msg_msg_alloc_security,
3926 	.msg_msg_free_security = 	smack_msg_msg_free_security,
3927 
3928 	.msg_queue_alloc_security = 	smack_msg_queue_alloc_security,
3929 	.msg_queue_free_security = 	smack_msg_queue_free_security,
3930 	.msg_queue_associate = 		smack_msg_queue_associate,
3931 	.msg_queue_msgctl = 		smack_msg_queue_msgctl,
3932 	.msg_queue_msgsnd = 		smack_msg_queue_msgsnd,
3933 	.msg_queue_msgrcv = 		smack_msg_queue_msgrcv,
3934 
3935 	.shm_alloc_security = 		smack_shm_alloc_security,
3936 	.shm_free_security = 		smack_shm_free_security,
3937 	.shm_associate = 		smack_shm_associate,
3938 	.shm_shmctl = 			smack_shm_shmctl,
3939 	.shm_shmat = 			smack_shm_shmat,
3940 
3941 	.sem_alloc_security = 		smack_sem_alloc_security,
3942 	.sem_free_security = 		smack_sem_free_security,
3943 	.sem_associate = 		smack_sem_associate,
3944 	.sem_semctl = 			smack_sem_semctl,
3945 	.sem_semop = 			smack_sem_semop,
3946 
3947 	.d_instantiate = 		smack_d_instantiate,
3948 
3949 	.getprocattr = 			smack_getprocattr,
3950 	.setprocattr = 			smack_setprocattr,
3951 
3952 	.unix_stream_connect = 		smack_unix_stream_connect,
3953 	.unix_may_send = 		smack_unix_may_send,
3954 
3955 	.socket_post_create = 		smack_socket_post_create,
3956 	.socket_bind =			smack_socket_bind,
3957 	.socket_connect =		smack_socket_connect,
3958 	.socket_sendmsg =		smack_socket_sendmsg,
3959 	.socket_sock_rcv_skb = 		smack_socket_sock_rcv_skb,
3960 	.socket_getpeersec_stream =	smack_socket_getpeersec_stream,
3961 	.socket_getpeersec_dgram =	smack_socket_getpeersec_dgram,
3962 	.sk_alloc_security = 		smack_sk_alloc_security,
3963 	.sk_free_security = 		smack_sk_free_security,
3964 	.sock_graft = 			smack_sock_graft,
3965 	.inet_conn_request = 		smack_inet_conn_request,
3966 	.inet_csk_clone =		smack_inet_csk_clone,
3967 
3968  /* key management security hooks */
3969 #ifdef CONFIG_KEYS
3970 	.key_alloc = 			smack_key_alloc,
3971 	.key_free = 			smack_key_free,
3972 	.key_permission = 		smack_key_permission,
3973 #endif /* CONFIG_KEYS */
3974 
3975  /* Audit hooks */
3976 #ifdef CONFIG_AUDIT
3977 	.audit_rule_init =		smack_audit_rule_init,
3978 	.audit_rule_known =		smack_audit_rule_known,
3979 	.audit_rule_match =		smack_audit_rule_match,
3980 	.audit_rule_free =		smack_audit_rule_free,
3981 #endif /* CONFIG_AUDIT */
3982 
3983 	.ismaclabel =			smack_ismaclabel,
3984 	.secid_to_secctx = 		smack_secid_to_secctx,
3985 	.secctx_to_secid = 		smack_secctx_to_secid,
3986 	.release_secctx = 		smack_release_secctx,
3987 	.inode_notifysecctx =		smack_inode_notifysecctx,
3988 	.inode_setsecctx =		smack_inode_setsecctx,
3989 	.inode_getsecctx =		smack_inode_getsecctx,
3990 };
3991 
3992 
3993 static __init void init_smack_known_list(void)
3994 {
3995 	/*
3996 	 * Initialize rule list locks
3997 	 */
3998 	mutex_init(&smack_known_huh.smk_rules_lock);
3999 	mutex_init(&smack_known_hat.smk_rules_lock);
4000 	mutex_init(&smack_known_floor.smk_rules_lock);
4001 	mutex_init(&smack_known_star.smk_rules_lock);
4002 	mutex_init(&smack_known_invalid.smk_rules_lock);
4003 	mutex_init(&smack_known_web.smk_rules_lock);
4004 	/*
4005 	 * Initialize rule lists
4006 	 */
4007 	INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4008 	INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4009 	INIT_LIST_HEAD(&smack_known_star.smk_rules);
4010 	INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4011 	INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
4012 	INIT_LIST_HEAD(&smack_known_web.smk_rules);
4013 	/*
4014 	 * Create the known labels list
4015 	 */
4016 	smk_insert_entry(&smack_known_huh);
4017 	smk_insert_entry(&smack_known_hat);
4018 	smk_insert_entry(&smack_known_star);
4019 	smk_insert_entry(&smack_known_floor);
4020 	smk_insert_entry(&smack_known_invalid);
4021 	smk_insert_entry(&smack_known_web);
4022 }
4023 
4024 /**
4025  * smack_init - initialize the smack system
4026  *
4027  * Returns 0
4028  */
4029 static __init int smack_init(void)
4030 {
4031 	struct cred *cred;
4032 	struct task_smack *tsp;
4033 
4034 	if (!security_module_enable(&smack_ops))
4035 		return 0;
4036 
4037 	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4038 				GFP_KERNEL);
4039 	if (tsp == NULL)
4040 		return -ENOMEM;
4041 
4042 	printk(KERN_INFO "Smack:  Initializing.\n");
4043 
4044 	/*
4045 	 * Set the security state for the initial task.
4046 	 */
4047 	cred = (struct cred *) current->cred;
4048 	cred->security = tsp;
4049 
4050 	/* initialize the smack_known_list */
4051 	init_smack_known_list();
4052 
4053 	/*
4054 	 * Register with LSM
4055 	 */
4056 	if (register_security(&smack_ops))
4057 		panic("smack: Unable to register with kernel.\n");
4058 
4059 	return 0;
4060 }
4061 
4062 /*
4063  * Smack requires early initialization in order to label
4064  * all processes and objects when they are created.
4065  */
4066 security_initcall(smack_init);
4067