xref: /openbmc/linux/security/smack/smackfs.c (revision 61cb9ac6)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
4  *
5  * Authors:
6  * 	Casey Schaufler <casey@schaufler-ca.com>
7  * 	Ahmed S. Darwish <darwish.07@gmail.com>
8  *
9  * Special thanks to the authors of selinuxfs.
10  *
11  *	Karl MacMillan <kmacmillan@tresys.com>
12  *	James Morris <jmorris@redhat.com>
13  */
14 
15 #include <linux/kernel.h>
16 #include <linux/vmalloc.h>
17 #include <linux/security.h>
18 #include <linux/mutex.h>
19 #include <linux/slab.h>
20 #include <net/net_namespace.h>
21 #include <net/cipso_ipv4.h>
22 #include <linux/seq_file.h>
23 #include <linux/ctype.h>
24 #include <linux/audit.h>
25 #include <linux/magic.h>
26 #include <linux/fs_context.h>
27 #include "smack.h"
28 
29 #define BEBITS	(sizeof(__be32) * 8)
30 /*
31  * smackfs pseudo filesystem.
32  */
33 
34 enum smk_inos {
35 	SMK_ROOT_INO	= 2,
36 	SMK_LOAD	= 3,	/* load policy */
37 	SMK_CIPSO	= 4,	/* load label -> CIPSO mapping */
38 	SMK_DOI		= 5,	/* CIPSO DOI */
39 	SMK_DIRECT	= 6,	/* CIPSO level indicating direct label */
40 	SMK_AMBIENT	= 7,	/* internet ambient label */
41 	SMK_NET4ADDR	= 8,	/* single label hosts */
42 	SMK_ONLYCAP	= 9,	/* the only "capable" label */
43 	SMK_LOGGING	= 10,	/* logging */
44 	SMK_LOAD_SELF	= 11,	/* task specific rules */
45 	SMK_ACCESSES	= 12,	/* access policy */
46 	SMK_MAPPED	= 13,	/* CIPSO level indicating mapped label */
47 	SMK_LOAD2	= 14,	/* load policy with long labels */
48 	SMK_LOAD_SELF2	= 15,	/* load task specific rules with long labels */
49 	SMK_ACCESS2	= 16,	/* make an access check with long labels */
50 	SMK_CIPSO2	= 17,	/* load long label -> CIPSO mapping */
51 	SMK_REVOKE_SUBJ	= 18,	/* set rules with subject label to '-' */
52 	SMK_CHANGE_RULE	= 19,	/* change or add rules (long labels) */
53 	SMK_SYSLOG	= 20,	/* change syslog label) */
54 	SMK_PTRACE	= 21,	/* set ptrace rule */
55 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
56 	SMK_UNCONFINED	= 22,	/* define an unconfined label */
57 #endif
58 #if IS_ENABLED(CONFIG_IPV6)
59 	SMK_NET6ADDR	= 23,	/* single label IPv6 hosts */
60 #endif /* CONFIG_IPV6 */
61 	SMK_RELABEL_SELF = 24, /* relabel possible without CAP_MAC_ADMIN */
62 };
63 
64 /*
65  * List locks
66  */
67 static DEFINE_MUTEX(smack_cipso_lock);
68 static DEFINE_MUTEX(smack_ambient_lock);
69 static DEFINE_MUTEX(smk_net4addr_lock);
70 #if IS_ENABLED(CONFIG_IPV6)
71 static DEFINE_MUTEX(smk_net6addr_lock);
72 #endif /* CONFIG_IPV6 */
73 
74 /*
75  * This is the "ambient" label for network traffic.
76  * If it isn't somehow marked, use this.
77  * It can be reset via smackfs/ambient
78  */
79 struct smack_known *smack_net_ambient;
80 
81 /*
82  * This is the level in a CIPSO header that indicates a
83  * smack label is contained directly in the category set.
84  * It can be reset via smackfs/direct
85  */
86 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
87 
88 /*
89  * This is the level in a CIPSO header that indicates a
90  * secid is contained directly in the category set.
91  * It can be reset via smackfs/mapped
92  */
93 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
94 
95 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
96 /*
97  * Allow one label to be unconfined. This is for
98  * debugging and application bring-up purposes only.
99  * It is bad and wrong, but everyone seems to expect
100  * to have it.
101  */
102 struct smack_known *smack_unconfined;
103 #endif
104 
105 /*
106  * If this value is set restrict syslog use to the label specified.
107  * It can be reset via smackfs/syslog
108  */
109 struct smack_known *smack_syslog_label;
110 
111 /*
112  * Ptrace current rule
113  * SMACK_PTRACE_DEFAULT    regular smack ptrace rules (/proc based)
114  * SMACK_PTRACE_EXACT      labels must match, but can be overriden with
115  *			   CAP_SYS_PTRACE
116  * SMACK_PTRACE_DRACONIAN  lables must match, CAP_SYS_PTRACE has no effect
117  */
118 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
119 
120 /*
121  * Certain IP addresses may be designated as single label hosts.
122  * Packets are sent there unlabeled, but only from tasks that
123  * can write to the specified label.
124  */
125 
126 LIST_HEAD(smk_net4addr_list);
127 #if IS_ENABLED(CONFIG_IPV6)
128 LIST_HEAD(smk_net6addr_list);
129 #endif /* CONFIG_IPV6 */
130 
131 /*
132  * Rule lists are maintained for each label.
133  */
134 struct smack_parsed_rule {
135 	struct smack_known	*smk_subject;
136 	struct smack_known	*smk_object;
137 	int			smk_access1;
138 	int			smk_access2;
139 };
140 
141 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
142 
143 /*
144  * Values for parsing cipso rules
145  * SMK_DIGITLEN: Length of a digit field in a rule.
146  * SMK_CIPSOMIN: Minimum possible cipso rule length.
147  * SMK_CIPSOMAX: Maximum possible cipso rule length.
148  */
149 #define SMK_DIGITLEN 4
150 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
151 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
152 
153 /*
154  * Values for parsing MAC rules
155  * SMK_ACCESS: Maximum possible combination of access permissions
156  * SMK_ACCESSLEN: Maximum length for a rule access field
157  * SMK_LOADLEN: Smack rule length
158  */
159 #define SMK_OACCESS	"rwxa"
160 #define SMK_ACCESS	"rwxatl"
161 #define SMK_OACCESSLEN	(sizeof(SMK_OACCESS) - 1)
162 #define SMK_ACCESSLEN	(sizeof(SMK_ACCESS) - 1)
163 #define SMK_OLOADLEN	(SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
164 #define SMK_LOADLEN	(SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
165 
166 /*
167  * Stricly for CIPSO level manipulation.
168  * Set the category bit number in a smack label sized buffer.
169  */
170 static inline void smack_catset_bit(unsigned int cat, char *catsetp)
171 {
172 	if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
173 		return;
174 
175 	catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
176 }
177 
178 /**
179  * smk_netlabel_audit_set - fill a netlbl_audit struct
180  * @nap: structure to fill
181  */
182 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
183 {
184 	struct smack_known *skp = smk_of_current();
185 
186 	nap->loginuid = audit_get_loginuid(current);
187 	nap->sessionid = audit_get_sessionid(current);
188 	nap->secid = skp->smk_secid;
189 }
190 
191 /*
192  * Value for parsing single label host rules
193  * "1.2.3.4 X"
194  */
195 #define SMK_NETLBLADDRMIN	9
196 
197 /**
198  * smk_set_access - add a rule to the rule list or replace an old rule
199  * @srp: the rule to add or replace
200  * @rule_list: the list of rules
201  * @rule_lock: the rule list lock
202  *
203  * Looks through the current subject/object/access list for
204  * the subject/object pair and replaces the access that was
205  * there. If the pair isn't found add it with the specified
206  * access.
207  *
208  * Returns 0 if nothing goes wrong or -ENOMEM if it fails
209  * during the allocation of the new pair to add.
210  */
211 static int smk_set_access(struct smack_parsed_rule *srp,
212 				struct list_head *rule_list,
213 				struct mutex *rule_lock)
214 {
215 	struct smack_rule *sp;
216 	int found = 0;
217 	int rc = 0;
218 
219 	mutex_lock(rule_lock);
220 
221 	/*
222 	 * Because the object label is less likely to match
223 	 * than the subject label check it first
224 	 */
225 	list_for_each_entry_rcu(sp, rule_list, list) {
226 		if (sp->smk_object == srp->smk_object &&
227 		    sp->smk_subject == srp->smk_subject) {
228 			found = 1;
229 			sp->smk_access |= srp->smk_access1;
230 			sp->smk_access &= ~srp->smk_access2;
231 			break;
232 		}
233 	}
234 
235 	if (found == 0) {
236 		sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
237 		if (sp == NULL) {
238 			rc = -ENOMEM;
239 			goto out;
240 		}
241 
242 		sp->smk_subject = srp->smk_subject;
243 		sp->smk_object = srp->smk_object;
244 		sp->smk_access = srp->smk_access1 & ~srp->smk_access2;
245 
246 		list_add_rcu(&sp->list, rule_list);
247 	}
248 
249 out:
250 	mutex_unlock(rule_lock);
251 	return rc;
252 }
253 
254 /**
255  * smk_perm_from_str - parse smack accesses from a text string
256  * @string: a text string that contains a Smack accesses code
257  *
258  * Returns an integer with respective bits set for specified accesses.
259  */
260 static int smk_perm_from_str(const char *string)
261 {
262 	int perm = 0;
263 	const char *cp;
264 
265 	for (cp = string; ; cp++)
266 		switch (*cp) {
267 		case '-':
268 			break;
269 		case 'r':
270 		case 'R':
271 			perm |= MAY_READ;
272 			break;
273 		case 'w':
274 		case 'W':
275 			perm |= MAY_WRITE;
276 			break;
277 		case 'x':
278 		case 'X':
279 			perm |= MAY_EXEC;
280 			break;
281 		case 'a':
282 		case 'A':
283 			perm |= MAY_APPEND;
284 			break;
285 		case 't':
286 		case 'T':
287 			perm |= MAY_TRANSMUTE;
288 			break;
289 		case 'l':
290 		case 'L':
291 			perm |= MAY_LOCK;
292 			break;
293 		case 'b':
294 		case 'B':
295 			perm |= MAY_BRINGUP;
296 			break;
297 		default:
298 			return perm;
299 		}
300 }
301 
302 /**
303  * smk_fill_rule - Fill Smack rule from strings
304  * @subject: subject label string
305  * @object: object label string
306  * @access1: access string
307  * @access2: string with permissions to be removed
308  * @rule: Smack rule
309  * @import: if non-zero, import labels
310  * @len: label length limit
311  *
312  * Returns 0 on success, appropriate error code on failure.
313  */
314 static int smk_fill_rule(const char *subject, const char *object,
315 				const char *access1, const char *access2,
316 				struct smack_parsed_rule *rule, int import,
317 				int len)
318 {
319 	const char *cp;
320 	struct smack_known *skp;
321 
322 	if (import) {
323 		rule->smk_subject = smk_import_entry(subject, len);
324 		if (IS_ERR(rule->smk_subject))
325 			return PTR_ERR(rule->smk_subject);
326 
327 		rule->smk_object = smk_import_entry(object, len);
328 		if (IS_ERR(rule->smk_object))
329 			return PTR_ERR(rule->smk_object);
330 	} else {
331 		cp = smk_parse_smack(subject, len);
332 		if (IS_ERR(cp))
333 			return PTR_ERR(cp);
334 		skp = smk_find_entry(cp);
335 		kfree(cp);
336 		if (skp == NULL)
337 			return -ENOENT;
338 		rule->smk_subject = skp;
339 
340 		cp = smk_parse_smack(object, len);
341 		if (IS_ERR(cp))
342 			return PTR_ERR(cp);
343 		skp = smk_find_entry(cp);
344 		kfree(cp);
345 		if (skp == NULL)
346 			return -ENOENT;
347 		rule->smk_object = skp;
348 	}
349 
350 	rule->smk_access1 = smk_perm_from_str(access1);
351 	if (access2)
352 		rule->smk_access2 = smk_perm_from_str(access2);
353 	else
354 		rule->smk_access2 = ~rule->smk_access1;
355 
356 	return 0;
357 }
358 
359 /**
360  * smk_parse_rule - parse Smack rule from load string
361  * @data: string to be parsed whose size is SMK_LOADLEN
362  * @rule: Smack rule
363  * @import: if non-zero, import labels
364  *
365  * Returns 0 on success, -1 on errors.
366  */
367 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
368 				int import)
369 {
370 	int rc;
371 
372 	rc = smk_fill_rule(data, data + SMK_LABELLEN,
373 			   data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule,
374 			   import, SMK_LABELLEN);
375 	return rc;
376 }
377 
378 /**
379  * smk_parse_long_rule - parse Smack rule from rule string
380  * @data: string to be parsed, null terminated
381  * @rule: Will be filled with Smack parsed rule
382  * @import: if non-zero, import labels
383  * @tokens: number of substrings expected in data
384  *
385  * Returns number of processed bytes on success, -ERRNO on failure.
386  */
387 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
388 				int import, int tokens)
389 {
390 	ssize_t cnt = 0;
391 	char *tok[4];
392 	int rc;
393 	int i;
394 
395 	/*
396 	 * Parsing the rule in-place, filling all white-spaces with '\0'
397 	 */
398 	for (i = 0; i < tokens; ++i) {
399 		while (isspace(data[cnt]))
400 			data[cnt++] = '\0';
401 
402 		if (data[cnt] == '\0')
403 			/* Unexpected end of data */
404 			return -EINVAL;
405 
406 		tok[i] = data + cnt;
407 
408 		while (data[cnt] && !isspace(data[cnt]))
409 			++cnt;
410 	}
411 	while (isspace(data[cnt]))
412 		data[cnt++] = '\0';
413 
414 	while (i < 4)
415 		tok[i++] = NULL;
416 
417 	rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
418 	return rc == 0 ? cnt : rc;
419 }
420 
421 #define SMK_FIXED24_FMT	0	/* Fixed 24byte label format */
422 #define SMK_LONG_FMT	1	/* Variable long label format */
423 #define SMK_CHANGE_FMT	2	/* Rule modification format */
424 /**
425  * smk_write_rules_list - write() for any /smack rule file
426  * @file: file pointer, not actually used
427  * @buf: where to get the data from
428  * @count: bytes sent
429  * @ppos: where to start - must be 0
430  * @rule_list: the list of rules to write to
431  * @rule_lock: lock for the rule list
432  * @format: /smack/load or /smack/load2 or /smack/change-rule format.
433  *
434  * Get one smack access rule from above.
435  * The format for SMK_LONG_FMT is:
436  *	"subject<whitespace>object<whitespace>access[<whitespace>...]"
437  * The format for SMK_FIXED24_FMT is exactly:
438  *	"subject                 object                  rwxat"
439  * The format for SMK_CHANGE_FMT is:
440  *	"subject<whitespace>object<whitespace>
441  *	 acc_enable<whitespace>acc_disable[<whitespace>...]"
442  */
443 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
444 					size_t count, loff_t *ppos,
445 					struct list_head *rule_list,
446 					struct mutex *rule_lock, int format)
447 {
448 	struct smack_parsed_rule rule;
449 	char *data;
450 	int rc;
451 	int trunc = 0;
452 	int tokens;
453 	ssize_t cnt = 0;
454 
455 	/*
456 	 * No partial writes.
457 	 * Enough data must be present.
458 	 */
459 	if (*ppos != 0)
460 		return -EINVAL;
461 
462 	if (format == SMK_FIXED24_FMT) {
463 		/*
464 		 * Minor hack for backward compatibility
465 		 */
466 		if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
467 			return -EINVAL;
468 	} else {
469 		if (count >= PAGE_SIZE) {
470 			count = PAGE_SIZE - 1;
471 			trunc = 1;
472 		}
473 	}
474 
475 	data = memdup_user_nul(buf, count);
476 	if (IS_ERR(data))
477 		return PTR_ERR(data);
478 
479 	/*
480 	 * In case of parsing only part of user buf,
481 	 * avoid having partial rule at the data buffer
482 	 */
483 	if (trunc) {
484 		while (count > 0 && (data[count - 1] != '\n'))
485 			--count;
486 		if (count == 0) {
487 			rc = -EINVAL;
488 			goto out;
489 		}
490 	}
491 
492 	data[count] = '\0';
493 	tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
494 	while (cnt < count) {
495 		if (format == SMK_FIXED24_FMT) {
496 			rc = smk_parse_rule(data, &rule, 1);
497 			if (rc < 0)
498 				goto out;
499 			cnt = count;
500 		} else {
501 			rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
502 			if (rc < 0)
503 				goto out;
504 			if (rc == 0) {
505 				rc = -EINVAL;
506 				goto out;
507 			}
508 			cnt += rc;
509 		}
510 
511 		if (rule_list == NULL)
512 			rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
513 				&rule.smk_subject->smk_rules_lock);
514 		else
515 			rc = smk_set_access(&rule, rule_list, rule_lock);
516 
517 		if (rc)
518 			goto out;
519 	}
520 
521 	rc = cnt;
522 out:
523 	kfree(data);
524 	return rc;
525 }
526 
527 /*
528  * Core logic for smackfs seq list operations.
529  */
530 
531 static void *smk_seq_start(struct seq_file *s, loff_t *pos,
532 				struct list_head *head)
533 {
534 	struct list_head *list;
535 	int i = *pos;
536 
537 	rcu_read_lock();
538 	for (list = rcu_dereference(list_next_rcu(head));
539 		list != head;
540 		list = rcu_dereference(list_next_rcu(list))) {
541 		if (i-- == 0)
542 			return list;
543 	}
544 
545 	return NULL;
546 }
547 
548 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
549 				struct list_head *head)
550 {
551 	struct list_head *list = v;
552 
553 	++*pos;
554 	list = rcu_dereference(list_next_rcu(list));
555 
556 	return (list == head) ? NULL : list;
557 }
558 
559 static void smk_seq_stop(struct seq_file *s, void *v)
560 {
561 	rcu_read_unlock();
562 }
563 
564 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
565 {
566 	/*
567 	 * Don't show any rules with label names too long for
568 	 * interface file (/smack/load or /smack/load2)
569 	 * because you should expect to be able to write
570 	 * anything you read back.
571 	 */
572 	if (strlen(srp->smk_subject->smk_known) >= max ||
573 	    strlen(srp->smk_object->smk_known) >= max)
574 		return;
575 
576 	if (srp->smk_access == 0)
577 		return;
578 
579 	seq_printf(s, "%s %s",
580 		   srp->smk_subject->smk_known,
581 		   srp->smk_object->smk_known);
582 
583 	seq_putc(s, ' ');
584 
585 	if (srp->smk_access & MAY_READ)
586 		seq_putc(s, 'r');
587 	if (srp->smk_access & MAY_WRITE)
588 		seq_putc(s, 'w');
589 	if (srp->smk_access & MAY_EXEC)
590 		seq_putc(s, 'x');
591 	if (srp->smk_access & MAY_APPEND)
592 		seq_putc(s, 'a');
593 	if (srp->smk_access & MAY_TRANSMUTE)
594 		seq_putc(s, 't');
595 	if (srp->smk_access & MAY_LOCK)
596 		seq_putc(s, 'l');
597 	if (srp->smk_access & MAY_BRINGUP)
598 		seq_putc(s, 'b');
599 
600 	seq_putc(s, '\n');
601 }
602 
603 /*
604  * Seq_file read operations for /smack/load
605  */
606 
607 static void *load2_seq_start(struct seq_file *s, loff_t *pos)
608 {
609 	return smk_seq_start(s, pos, &smack_known_list);
610 }
611 
612 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
613 {
614 	return smk_seq_next(s, v, pos, &smack_known_list);
615 }
616 
617 static int load_seq_show(struct seq_file *s, void *v)
618 {
619 	struct list_head *list = v;
620 	struct smack_rule *srp;
621 	struct smack_known *skp =
622 		list_entry_rcu(list, struct smack_known, list);
623 
624 	list_for_each_entry_rcu(srp, &skp->smk_rules, list)
625 		smk_rule_show(s, srp, SMK_LABELLEN);
626 
627 	return 0;
628 }
629 
630 static const struct seq_operations load_seq_ops = {
631 	.start = load2_seq_start,
632 	.next  = load2_seq_next,
633 	.show  = load_seq_show,
634 	.stop  = smk_seq_stop,
635 };
636 
637 /**
638  * smk_open_load - open() for /smack/load
639  * @inode: inode structure representing file
640  * @file: "load" file pointer
641  *
642  * For reading, use load_seq_* seq_file reading operations.
643  */
644 static int smk_open_load(struct inode *inode, struct file *file)
645 {
646 	return seq_open(file, &load_seq_ops);
647 }
648 
649 /**
650  * smk_write_load - write() for /smack/load
651  * @file: file pointer, not actually used
652  * @buf: where to get the data from
653  * @count: bytes sent
654  * @ppos: where to start - must be 0
655  *
656  */
657 static ssize_t smk_write_load(struct file *file, const char __user *buf,
658 			      size_t count, loff_t *ppos)
659 {
660 	/*
661 	 * Must have privilege.
662 	 * No partial writes.
663 	 * Enough data must be present.
664 	 */
665 	if (!smack_privileged(CAP_MAC_ADMIN))
666 		return -EPERM;
667 
668 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
669 				    SMK_FIXED24_FMT);
670 }
671 
672 static const struct file_operations smk_load_ops = {
673 	.open           = smk_open_load,
674 	.read		= seq_read,
675 	.llseek         = seq_lseek,
676 	.write		= smk_write_load,
677 	.release        = seq_release,
678 };
679 
680 /**
681  * smk_cipso_doi - initialize the CIPSO domain
682  */
683 static void smk_cipso_doi(void)
684 {
685 	int rc;
686 	struct cipso_v4_doi *doip;
687 	struct netlbl_audit nai;
688 
689 	smk_netlabel_audit_set(&nai);
690 
691 	rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
692 	if (rc != 0)
693 		printk(KERN_WARNING "%s:%d remove rc = %d\n",
694 		       __func__, __LINE__, rc);
695 
696 	doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
697 	if (doip == NULL)
698 		panic("smack:  Failed to initialize cipso DOI.\n");
699 	doip->map.std = NULL;
700 	doip->doi = smk_cipso_doi_value;
701 	doip->type = CIPSO_V4_MAP_PASS;
702 	doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
703 	for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
704 		doip->tags[rc] = CIPSO_V4_TAG_INVALID;
705 
706 	rc = netlbl_cfg_cipsov4_add(doip, &nai);
707 	if (rc != 0) {
708 		printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
709 		       __func__, __LINE__, rc);
710 		kfree(doip);
711 		return;
712 	}
713 	rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
714 	if (rc != 0) {
715 		printk(KERN_WARNING "%s:%d map add rc = %d\n",
716 		       __func__, __LINE__, rc);
717 		kfree(doip);
718 		return;
719 	}
720 }
721 
722 /**
723  * smk_unlbl_ambient - initialize the unlabeled domain
724  * @oldambient: previous domain string
725  */
726 static void smk_unlbl_ambient(char *oldambient)
727 {
728 	int rc;
729 	struct netlbl_audit nai;
730 
731 	smk_netlabel_audit_set(&nai);
732 
733 	if (oldambient != NULL) {
734 		rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
735 		if (rc != 0)
736 			printk(KERN_WARNING "%s:%d remove rc = %d\n",
737 			       __func__, __LINE__, rc);
738 	}
739 	if (smack_net_ambient == NULL)
740 		smack_net_ambient = &smack_known_floor;
741 
742 	rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
743 				      NULL, NULL, &nai);
744 	if (rc != 0)
745 		printk(KERN_WARNING "%s:%d add rc = %d\n",
746 		       __func__, __LINE__, rc);
747 }
748 
749 /*
750  * Seq_file read operations for /smack/cipso
751  */
752 
753 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
754 {
755 	return smk_seq_start(s, pos, &smack_known_list);
756 }
757 
758 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
759 {
760 	return smk_seq_next(s, v, pos, &smack_known_list);
761 }
762 
763 /*
764  * Print cipso labels in format:
765  * label level[/cat[,cat]]
766  */
767 static int cipso_seq_show(struct seq_file *s, void *v)
768 {
769 	struct list_head  *list = v;
770 	struct smack_known *skp =
771 		list_entry_rcu(list, struct smack_known, list);
772 	struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
773 	char sep = '/';
774 	int i;
775 
776 	/*
777 	 * Don't show a label that could not have been set using
778 	 * /smack/cipso. This is in support of the notion that
779 	 * anything read from /smack/cipso ought to be writeable
780 	 * to /smack/cipso.
781 	 *
782 	 * /smack/cipso2 should be used instead.
783 	 */
784 	if (strlen(skp->smk_known) >= SMK_LABELLEN)
785 		return 0;
786 
787 	seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
788 
789 	for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
790 	     i = netlbl_catmap_walk(cmp, i + 1)) {
791 		seq_printf(s, "%c%d", sep, i);
792 		sep = ',';
793 	}
794 
795 	seq_putc(s, '\n');
796 
797 	return 0;
798 }
799 
800 static const struct seq_operations cipso_seq_ops = {
801 	.start = cipso_seq_start,
802 	.next  = cipso_seq_next,
803 	.show  = cipso_seq_show,
804 	.stop  = smk_seq_stop,
805 };
806 
807 /**
808  * smk_open_cipso - open() for /smack/cipso
809  * @inode: inode structure representing file
810  * @file: "cipso" file pointer
811  *
812  * Connect our cipso_seq_* operations with /smack/cipso
813  * file_operations
814  */
815 static int smk_open_cipso(struct inode *inode, struct file *file)
816 {
817 	return seq_open(file, &cipso_seq_ops);
818 }
819 
820 /**
821  * smk_set_cipso - do the work for write() for cipso and cipso2
822  * @file: file pointer, not actually used
823  * @buf: where to get the data from
824  * @count: bytes sent
825  * @ppos: where to start
826  * @format: /smack/cipso or /smack/cipso2
827  *
828  * Accepts only one cipso rule per write call.
829  * Returns number of bytes written or error code, as appropriate
830  */
831 static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
832 				size_t count, loff_t *ppos, int format)
833 {
834 	struct smack_known *skp;
835 	struct netlbl_lsm_secattr ncats;
836 	char mapcatset[SMK_CIPSOLEN];
837 	int maplevel;
838 	unsigned int cat;
839 	int catlen;
840 	ssize_t rc = -EINVAL;
841 	char *data = NULL;
842 	char *rule;
843 	int ret;
844 	int i;
845 
846 	/*
847 	 * Must have privilege.
848 	 * No partial writes.
849 	 * Enough data must be present.
850 	 */
851 	if (!smack_privileged(CAP_MAC_ADMIN))
852 		return -EPERM;
853 	if (*ppos != 0)
854 		return -EINVAL;
855 	if (format == SMK_FIXED24_FMT &&
856 	    (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
857 		return -EINVAL;
858 	if (count > PAGE_SIZE)
859 		return -EINVAL;
860 
861 	data = memdup_user_nul(buf, count);
862 	if (IS_ERR(data))
863 		return PTR_ERR(data);
864 
865 	rule = data;
866 	/*
867 	 * Only allow one writer at a time. Writes should be
868 	 * quite rare and small in any case.
869 	 */
870 	mutex_lock(&smack_cipso_lock);
871 
872 	skp = smk_import_entry(rule, 0);
873 	if (IS_ERR(skp)) {
874 		rc = PTR_ERR(skp);
875 		goto out;
876 	}
877 
878 	if (format == SMK_FIXED24_FMT)
879 		rule += SMK_LABELLEN;
880 	else
881 		rule += strlen(skp->smk_known) + 1;
882 
883 	if (rule > data + count) {
884 		rc = -EOVERFLOW;
885 		goto out;
886 	}
887 
888 	ret = sscanf(rule, "%d", &maplevel);
889 	if (ret != 1 || maplevel < 0 || maplevel > SMACK_CIPSO_MAXLEVEL)
890 		goto out;
891 
892 	rule += SMK_DIGITLEN;
893 	if (rule > data + count) {
894 		rc = -EOVERFLOW;
895 		goto out;
896 	}
897 
898 	ret = sscanf(rule, "%d", &catlen);
899 	if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
900 		goto out;
901 
902 	if (format == SMK_FIXED24_FMT &&
903 	    count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
904 		goto out;
905 
906 	memset(mapcatset, 0, sizeof(mapcatset));
907 
908 	for (i = 0; i < catlen; i++) {
909 		rule += SMK_DIGITLEN;
910 		if (rule > data + count) {
911 			rc = -EOVERFLOW;
912 			goto out;
913 		}
914 		ret = sscanf(rule, "%u", &cat);
915 		if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
916 			goto out;
917 
918 		smack_catset_bit(cat, mapcatset);
919 	}
920 
921 	rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
922 	if (rc >= 0) {
923 		netlbl_catmap_free(skp->smk_netlabel.attr.mls.cat);
924 		skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat;
925 		skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
926 		rc = count;
927 		/*
928 		 * This mapping may have been cached, so clear the cache.
929 		 */
930 		netlbl_cache_invalidate();
931 	}
932 
933 out:
934 	mutex_unlock(&smack_cipso_lock);
935 	kfree(data);
936 	return rc;
937 }
938 
939 /**
940  * smk_write_cipso - write() for /smack/cipso
941  * @file: file pointer, not actually used
942  * @buf: where to get the data from
943  * @count: bytes sent
944  * @ppos: where to start
945  *
946  * Accepts only one cipso rule per write call.
947  * Returns number of bytes written or error code, as appropriate
948  */
949 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
950 			       size_t count, loff_t *ppos)
951 {
952 	return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
953 }
954 
955 static const struct file_operations smk_cipso_ops = {
956 	.open           = smk_open_cipso,
957 	.read		= seq_read,
958 	.llseek         = seq_lseek,
959 	.write		= smk_write_cipso,
960 	.release        = seq_release,
961 };
962 
963 /*
964  * Seq_file read operations for /smack/cipso2
965  */
966 
967 /*
968  * Print cipso labels in format:
969  * label level[/cat[,cat]]
970  */
971 static int cipso2_seq_show(struct seq_file *s, void *v)
972 {
973 	struct list_head  *list = v;
974 	struct smack_known *skp =
975 		list_entry_rcu(list, struct smack_known, list);
976 	struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
977 	char sep = '/';
978 	int i;
979 
980 	seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
981 
982 	for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
983 	     i = netlbl_catmap_walk(cmp, i + 1)) {
984 		seq_printf(s, "%c%d", sep, i);
985 		sep = ',';
986 	}
987 
988 	seq_putc(s, '\n');
989 
990 	return 0;
991 }
992 
993 static const struct seq_operations cipso2_seq_ops = {
994 	.start = cipso_seq_start,
995 	.next  = cipso_seq_next,
996 	.show  = cipso2_seq_show,
997 	.stop  = smk_seq_stop,
998 };
999 
1000 /**
1001  * smk_open_cipso2 - open() for /smack/cipso2
1002  * @inode: inode structure representing file
1003  * @file: "cipso2" file pointer
1004  *
1005  * Connect our cipso_seq_* operations with /smack/cipso2
1006  * file_operations
1007  */
1008 static int smk_open_cipso2(struct inode *inode, struct file *file)
1009 {
1010 	return seq_open(file, &cipso2_seq_ops);
1011 }
1012 
1013 /**
1014  * smk_write_cipso2 - write() for /smack/cipso2
1015  * @file: file pointer, not actually used
1016  * @buf: where to get the data from
1017  * @count: bytes sent
1018  * @ppos: where to start
1019  *
1020  * Accepts only one cipso rule per write call.
1021  * Returns number of bytes written or error code, as appropriate
1022  */
1023 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
1024 			      size_t count, loff_t *ppos)
1025 {
1026 	return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
1027 }
1028 
1029 static const struct file_operations smk_cipso2_ops = {
1030 	.open           = smk_open_cipso2,
1031 	.read		= seq_read,
1032 	.llseek         = seq_lseek,
1033 	.write		= smk_write_cipso2,
1034 	.release        = seq_release,
1035 };
1036 
1037 /*
1038  * Seq_file read operations for /smack/netlabel
1039  */
1040 
1041 static void *net4addr_seq_start(struct seq_file *s, loff_t *pos)
1042 {
1043 	return smk_seq_start(s, pos, &smk_net4addr_list);
1044 }
1045 
1046 static void *net4addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1047 {
1048 	return smk_seq_next(s, v, pos, &smk_net4addr_list);
1049 }
1050 
1051 /*
1052  * Print host/label pairs
1053  */
1054 static int net4addr_seq_show(struct seq_file *s, void *v)
1055 {
1056 	struct list_head *list = v;
1057 	struct smk_net4addr *skp =
1058 			list_entry_rcu(list, struct smk_net4addr, list);
1059 	char *kp = SMACK_CIPSO_OPTION;
1060 
1061 	if (skp->smk_label != NULL)
1062 		kp = skp->smk_label->smk_known;
1063 	seq_printf(s, "%pI4/%d %s\n", &skp->smk_host.s_addr,
1064 			skp->smk_masks, kp);
1065 
1066 	return 0;
1067 }
1068 
1069 static const struct seq_operations net4addr_seq_ops = {
1070 	.start = net4addr_seq_start,
1071 	.next  = net4addr_seq_next,
1072 	.show  = net4addr_seq_show,
1073 	.stop  = smk_seq_stop,
1074 };
1075 
1076 /**
1077  * smk_open_net4addr - open() for /smack/netlabel
1078  * @inode: inode structure representing file
1079  * @file: "netlabel" file pointer
1080  *
1081  * Connect our net4addr_seq_* operations with /smack/netlabel
1082  * file_operations
1083  */
1084 static int smk_open_net4addr(struct inode *inode, struct file *file)
1085 {
1086 	return seq_open(file, &net4addr_seq_ops);
1087 }
1088 
1089 /**
1090  * smk_net4addr_insert
1091  * @new : netlabel to insert
1092  *
1093  * This helper insert netlabel in the smack_net4addrs list
1094  * sorted by netmask length (longest to smallest)
1095  * locked by &smk_net4addr_lock in smk_write_net4addr
1096  *
1097  */
1098 static void smk_net4addr_insert(struct smk_net4addr *new)
1099 {
1100 	struct smk_net4addr *m;
1101 	struct smk_net4addr *m_next;
1102 
1103 	if (list_empty(&smk_net4addr_list)) {
1104 		list_add_rcu(&new->list, &smk_net4addr_list);
1105 		return;
1106 	}
1107 
1108 	m = list_entry_rcu(smk_net4addr_list.next,
1109 			   struct smk_net4addr, list);
1110 
1111 	/* the comparison '>' is a bit hacky, but works */
1112 	if (new->smk_masks > m->smk_masks) {
1113 		list_add_rcu(&new->list, &smk_net4addr_list);
1114 		return;
1115 	}
1116 
1117 	list_for_each_entry_rcu(m, &smk_net4addr_list, list) {
1118 		if (list_is_last(&m->list, &smk_net4addr_list)) {
1119 			list_add_rcu(&new->list, &m->list);
1120 			return;
1121 		}
1122 		m_next = list_entry_rcu(m->list.next,
1123 					struct smk_net4addr, list);
1124 		if (new->smk_masks > m_next->smk_masks) {
1125 			list_add_rcu(&new->list, &m->list);
1126 			return;
1127 		}
1128 	}
1129 }
1130 
1131 
1132 /**
1133  * smk_write_net4addr - write() for /smack/netlabel
1134  * @file: file pointer, not actually used
1135  * @buf: where to get the data from
1136  * @count: bytes sent
1137  * @ppos: where to start
1138  *
1139  * Accepts only one net4addr per write call.
1140  * Returns number of bytes written or error code, as appropriate
1141  */
1142 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
1143 				size_t count, loff_t *ppos)
1144 {
1145 	struct smk_net4addr *snp;
1146 	struct sockaddr_in newname;
1147 	char *smack;
1148 	struct smack_known *skp = NULL;
1149 	char *data;
1150 	char *host = (char *)&newname.sin_addr.s_addr;
1151 	int rc;
1152 	struct netlbl_audit audit_info;
1153 	struct in_addr mask;
1154 	unsigned int m;
1155 	unsigned int masks;
1156 	int found;
1157 	u32 mask_bits = (1<<31);
1158 	__be32 nsa;
1159 	u32 temp_mask;
1160 
1161 	/*
1162 	 * Must have privilege.
1163 	 * No partial writes.
1164 	 * Enough data must be present.
1165 	 * "<addr/mask, as a.b.c.d/e><space><label>"
1166 	 * "<addr, as a.b.c.d><space><label>"
1167 	 */
1168 	if (!smack_privileged(CAP_MAC_ADMIN))
1169 		return -EPERM;
1170 	if (*ppos != 0)
1171 		return -EINVAL;
1172 	if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1173 		return -EINVAL;
1174 
1175 	data = memdup_user_nul(buf, count);
1176 	if (IS_ERR(data))
1177 		return PTR_ERR(data);
1178 
1179 	smack = kzalloc(count + 1, GFP_KERNEL);
1180 	if (smack == NULL) {
1181 		rc = -ENOMEM;
1182 		goto free_data_out;
1183 	}
1184 
1185 	rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
1186 		&host[0], &host[1], &host[2], &host[3], &masks, smack);
1187 	if (rc != 6) {
1188 		rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1189 			&host[0], &host[1], &host[2], &host[3], smack);
1190 		if (rc != 5) {
1191 			rc = -EINVAL;
1192 			goto free_out;
1193 		}
1194 		m = BEBITS;
1195 		masks = 32;
1196 	}
1197 	if (masks > BEBITS) {
1198 		rc = -EINVAL;
1199 		goto free_out;
1200 	}
1201 
1202 	/*
1203 	 * If smack begins with '-', it is an option, don't import it
1204 	 */
1205 	if (smack[0] != '-') {
1206 		skp = smk_import_entry(smack, 0);
1207 		if (IS_ERR(skp)) {
1208 			rc = PTR_ERR(skp);
1209 			goto free_out;
1210 		}
1211 	} else {
1212 		/*
1213 		 * Only the -CIPSO option is supported for IPv4
1214 		 */
1215 		if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) {
1216 			rc = -EINVAL;
1217 			goto free_out;
1218 		}
1219 	}
1220 
1221 	for (m = masks, temp_mask = 0; m > 0; m--) {
1222 		temp_mask |= mask_bits;
1223 		mask_bits >>= 1;
1224 	}
1225 	mask.s_addr = cpu_to_be32(temp_mask);
1226 
1227 	newname.sin_addr.s_addr &= mask.s_addr;
1228 	/*
1229 	 * Only allow one writer at a time. Writes should be
1230 	 * quite rare and small in any case.
1231 	 */
1232 	mutex_lock(&smk_net4addr_lock);
1233 
1234 	nsa = newname.sin_addr.s_addr;
1235 	/* try to find if the prefix is already in the list */
1236 	found = 0;
1237 	list_for_each_entry_rcu(snp, &smk_net4addr_list, list) {
1238 		if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) {
1239 			found = 1;
1240 			break;
1241 		}
1242 	}
1243 	smk_netlabel_audit_set(&audit_info);
1244 
1245 	if (found == 0) {
1246 		snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1247 		if (snp == NULL)
1248 			rc = -ENOMEM;
1249 		else {
1250 			rc = 0;
1251 			snp->smk_host.s_addr = newname.sin_addr.s_addr;
1252 			snp->smk_mask.s_addr = mask.s_addr;
1253 			snp->smk_label = skp;
1254 			snp->smk_masks = masks;
1255 			smk_net4addr_insert(snp);
1256 		}
1257 	} else {
1258 		/*
1259 		 * Delete the unlabeled entry, only if the previous label
1260 		 * wasn't the special CIPSO option
1261 		 */
1262 		if (snp->smk_label != NULL)
1263 			rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1264 					&snp->smk_host, &snp->smk_mask,
1265 					PF_INET, &audit_info);
1266 		else
1267 			rc = 0;
1268 		snp->smk_label = skp;
1269 	}
1270 
1271 	/*
1272 	 * Now tell netlabel about the single label nature of
1273 	 * this host so that incoming packets get labeled.
1274 	 * but only if we didn't get the special CIPSO option
1275 	 */
1276 	if (rc == 0 && skp != NULL)
1277 		rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1278 			&snp->smk_host, &snp->smk_mask, PF_INET,
1279 			snp->smk_label->smk_secid, &audit_info);
1280 
1281 	if (rc == 0)
1282 		rc = count;
1283 
1284 	mutex_unlock(&smk_net4addr_lock);
1285 
1286 free_out:
1287 	kfree(smack);
1288 free_data_out:
1289 	kfree(data);
1290 
1291 	return rc;
1292 }
1293 
1294 static const struct file_operations smk_net4addr_ops = {
1295 	.open           = smk_open_net4addr,
1296 	.read		= seq_read,
1297 	.llseek         = seq_lseek,
1298 	.write		= smk_write_net4addr,
1299 	.release        = seq_release,
1300 };
1301 
1302 #if IS_ENABLED(CONFIG_IPV6)
1303 /*
1304  * Seq_file read operations for /smack/netlabel6
1305  */
1306 
1307 static void *net6addr_seq_start(struct seq_file *s, loff_t *pos)
1308 {
1309 	return smk_seq_start(s, pos, &smk_net6addr_list);
1310 }
1311 
1312 static void *net6addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1313 {
1314 	return smk_seq_next(s, v, pos, &smk_net6addr_list);
1315 }
1316 
1317 /*
1318  * Print host/label pairs
1319  */
1320 static int net6addr_seq_show(struct seq_file *s, void *v)
1321 {
1322 	struct list_head *list = v;
1323 	struct smk_net6addr *skp =
1324 			 list_entry(list, struct smk_net6addr, list);
1325 
1326 	if (skp->smk_label != NULL)
1327 		seq_printf(s, "%pI6/%d %s\n", &skp->smk_host, skp->smk_masks,
1328 				skp->smk_label->smk_known);
1329 
1330 	return 0;
1331 }
1332 
1333 static const struct seq_operations net6addr_seq_ops = {
1334 	.start = net6addr_seq_start,
1335 	.next  = net6addr_seq_next,
1336 	.show  = net6addr_seq_show,
1337 	.stop  = smk_seq_stop,
1338 };
1339 
1340 /**
1341  * smk_open_net6addr - open() for /smack/netlabel
1342  * @inode: inode structure representing file
1343  * @file: "netlabel" file pointer
1344  *
1345  * Connect our net6addr_seq_* operations with /smack/netlabel
1346  * file_operations
1347  */
1348 static int smk_open_net6addr(struct inode *inode, struct file *file)
1349 {
1350 	return seq_open(file, &net6addr_seq_ops);
1351 }
1352 
1353 /**
1354  * smk_net6addr_insert
1355  * @new : entry to insert
1356  *
1357  * This inserts an entry in the smack_net6addrs list
1358  * sorted by netmask length (longest to smallest)
1359  * locked by &smk_net6addr_lock in smk_write_net6addr
1360  *
1361  */
1362 static void smk_net6addr_insert(struct smk_net6addr *new)
1363 {
1364 	struct smk_net6addr *m_next;
1365 	struct smk_net6addr *m;
1366 
1367 	if (list_empty(&smk_net6addr_list)) {
1368 		list_add_rcu(&new->list, &smk_net6addr_list);
1369 		return;
1370 	}
1371 
1372 	m = list_entry_rcu(smk_net6addr_list.next,
1373 			   struct smk_net6addr, list);
1374 
1375 	if (new->smk_masks > m->smk_masks) {
1376 		list_add_rcu(&new->list, &smk_net6addr_list);
1377 		return;
1378 	}
1379 
1380 	list_for_each_entry_rcu(m, &smk_net6addr_list, list) {
1381 		if (list_is_last(&m->list, &smk_net6addr_list)) {
1382 			list_add_rcu(&new->list, &m->list);
1383 			return;
1384 		}
1385 		m_next = list_entry_rcu(m->list.next,
1386 					struct smk_net6addr, list);
1387 		if (new->smk_masks > m_next->smk_masks) {
1388 			list_add_rcu(&new->list, &m->list);
1389 			return;
1390 		}
1391 	}
1392 }
1393 
1394 
1395 /**
1396  * smk_write_net6addr - write() for /smack/netlabel
1397  * @file: file pointer, not actually used
1398  * @buf: where to get the data from
1399  * @count: bytes sent
1400  * @ppos: where to start
1401  *
1402  * Accepts only one net6addr per write call.
1403  * Returns number of bytes written or error code, as appropriate
1404  */
1405 static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
1406 				size_t count, loff_t *ppos)
1407 {
1408 	struct smk_net6addr *snp;
1409 	struct in6_addr newname;
1410 	struct in6_addr fullmask;
1411 	struct smack_known *skp = NULL;
1412 	char *smack;
1413 	char *data;
1414 	int rc = 0;
1415 	int found = 0;
1416 	int i;
1417 	unsigned int scanned[8];
1418 	unsigned int m;
1419 	unsigned int mask = 128;
1420 
1421 	/*
1422 	 * Must have privilege.
1423 	 * No partial writes.
1424 	 * Enough data must be present.
1425 	 * "<addr/mask, as a:b:c:d:e:f:g:h/e><space><label>"
1426 	 * "<addr, as a:b:c:d:e:f:g:h><space><label>"
1427 	 */
1428 	if (!smack_privileged(CAP_MAC_ADMIN))
1429 		return -EPERM;
1430 	if (*ppos != 0)
1431 		return -EINVAL;
1432 	if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
1433 		return -EINVAL;
1434 
1435 	data = memdup_user_nul(buf, count);
1436 	if (IS_ERR(data))
1437 		return PTR_ERR(data);
1438 
1439 	smack = kzalloc(count + 1, GFP_KERNEL);
1440 	if (smack == NULL) {
1441 		rc = -ENOMEM;
1442 		goto free_data_out;
1443 	}
1444 
1445 	i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
1446 			&scanned[0], &scanned[1], &scanned[2], &scanned[3],
1447 			&scanned[4], &scanned[5], &scanned[6], &scanned[7],
1448 			&mask, smack);
1449 	if (i != 10) {
1450 		i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
1451 				&scanned[0], &scanned[1], &scanned[2],
1452 				&scanned[3], &scanned[4], &scanned[5],
1453 				&scanned[6], &scanned[7], smack);
1454 		if (i != 9) {
1455 			rc = -EINVAL;
1456 			goto free_out;
1457 		}
1458 	}
1459 	if (mask > 128) {
1460 		rc = -EINVAL;
1461 		goto free_out;
1462 	}
1463 	for (i = 0; i < 8; i++) {
1464 		if (scanned[i] > 0xffff) {
1465 			rc = -EINVAL;
1466 			goto free_out;
1467 		}
1468 		newname.s6_addr16[i] = htons(scanned[i]);
1469 	}
1470 
1471 	/*
1472 	 * If smack begins with '-', it is an option, don't import it
1473 	 */
1474 	if (smack[0] != '-') {
1475 		skp = smk_import_entry(smack, 0);
1476 		if (IS_ERR(skp)) {
1477 			rc = PTR_ERR(skp);
1478 			goto free_out;
1479 		}
1480 	} else {
1481 		/*
1482 		 * Only -DELETE is supported for IPv6
1483 		 */
1484 		if (strcmp(smack, SMACK_DELETE_OPTION) != 0) {
1485 			rc = -EINVAL;
1486 			goto free_out;
1487 		}
1488 	}
1489 
1490 	for (i = 0, m = mask; i < 8; i++) {
1491 		if (m >= 16) {
1492 			fullmask.s6_addr16[i] = 0xffff;
1493 			m -= 16;
1494 		} else if (m > 0) {
1495 			fullmask.s6_addr16[i] = (1 << m) - 1;
1496 			m = 0;
1497 		} else
1498 			fullmask.s6_addr16[i] = 0;
1499 		newname.s6_addr16[i] &= fullmask.s6_addr16[i];
1500 	}
1501 
1502 	/*
1503 	 * Only allow one writer at a time. Writes should be
1504 	 * quite rare and small in any case.
1505 	 */
1506 	mutex_lock(&smk_net6addr_lock);
1507 	/*
1508 	 * Try to find the prefix in the list
1509 	 */
1510 	list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
1511 		if (mask != snp->smk_masks)
1512 			continue;
1513 		for (found = 1, i = 0; i < 8; i++) {
1514 			if (newname.s6_addr16[i] !=
1515 			    snp->smk_host.s6_addr16[i]) {
1516 				found = 0;
1517 				break;
1518 			}
1519 		}
1520 		if (found == 1)
1521 			break;
1522 	}
1523 	if (found == 0) {
1524 		snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1525 		if (snp == NULL)
1526 			rc = -ENOMEM;
1527 		else {
1528 			snp->smk_host = newname;
1529 			snp->smk_mask = fullmask;
1530 			snp->smk_masks = mask;
1531 			snp->smk_label = skp;
1532 			smk_net6addr_insert(snp);
1533 		}
1534 	} else {
1535 		snp->smk_label = skp;
1536 	}
1537 
1538 	if (rc == 0)
1539 		rc = count;
1540 
1541 	mutex_unlock(&smk_net6addr_lock);
1542 
1543 free_out:
1544 	kfree(smack);
1545 free_data_out:
1546 	kfree(data);
1547 
1548 	return rc;
1549 }
1550 
1551 static const struct file_operations smk_net6addr_ops = {
1552 	.open           = smk_open_net6addr,
1553 	.read		= seq_read,
1554 	.llseek         = seq_lseek,
1555 	.write		= smk_write_net6addr,
1556 	.release        = seq_release,
1557 };
1558 #endif /* CONFIG_IPV6 */
1559 
1560 /**
1561  * smk_read_doi - read() for /smack/doi
1562  * @filp: file pointer, not actually used
1563  * @buf: where to put the result
1564  * @count: maximum to send along
1565  * @ppos: where to start
1566  *
1567  * Returns number of bytes read or error code, as appropriate
1568  */
1569 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1570 			    size_t count, loff_t *ppos)
1571 {
1572 	char temp[80];
1573 	ssize_t rc;
1574 
1575 	if (*ppos != 0)
1576 		return 0;
1577 
1578 	sprintf(temp, "%d", smk_cipso_doi_value);
1579 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1580 
1581 	return rc;
1582 }
1583 
1584 /**
1585  * smk_write_doi - write() for /smack/doi
1586  * @file: file pointer, not actually used
1587  * @buf: where to get the data from
1588  * @count: bytes sent
1589  * @ppos: where to start
1590  *
1591  * Returns number of bytes written or error code, as appropriate
1592  */
1593 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1594 			     size_t count, loff_t *ppos)
1595 {
1596 	char temp[80];
1597 	int i;
1598 
1599 	if (!smack_privileged(CAP_MAC_ADMIN))
1600 		return -EPERM;
1601 
1602 	if (count >= sizeof(temp) || count == 0)
1603 		return -EINVAL;
1604 
1605 	if (copy_from_user(temp, buf, count) != 0)
1606 		return -EFAULT;
1607 
1608 	temp[count] = '\0';
1609 
1610 	if (sscanf(temp, "%d", &i) != 1)
1611 		return -EINVAL;
1612 
1613 	smk_cipso_doi_value = i;
1614 
1615 	smk_cipso_doi();
1616 
1617 	return count;
1618 }
1619 
1620 static const struct file_operations smk_doi_ops = {
1621 	.read		= smk_read_doi,
1622 	.write		= smk_write_doi,
1623 	.llseek		= default_llseek,
1624 };
1625 
1626 /**
1627  * smk_read_direct - read() for /smack/direct
1628  * @filp: file pointer, not actually used
1629  * @buf: where to put the result
1630  * @count: maximum to send along
1631  * @ppos: where to start
1632  *
1633  * Returns number of bytes read or error code, as appropriate
1634  */
1635 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1636 			       size_t count, loff_t *ppos)
1637 {
1638 	char temp[80];
1639 	ssize_t rc;
1640 
1641 	if (*ppos != 0)
1642 		return 0;
1643 
1644 	sprintf(temp, "%d", smack_cipso_direct);
1645 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1646 
1647 	return rc;
1648 }
1649 
1650 /**
1651  * smk_write_direct - write() for /smack/direct
1652  * @file: file pointer, not actually used
1653  * @buf: where to get the data from
1654  * @count: bytes sent
1655  * @ppos: where to start
1656  *
1657  * Returns number of bytes written or error code, as appropriate
1658  */
1659 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1660 				size_t count, loff_t *ppos)
1661 {
1662 	struct smack_known *skp;
1663 	char temp[80];
1664 	int i;
1665 
1666 	if (!smack_privileged(CAP_MAC_ADMIN))
1667 		return -EPERM;
1668 
1669 	if (count >= sizeof(temp) || count == 0)
1670 		return -EINVAL;
1671 
1672 	if (copy_from_user(temp, buf, count) != 0)
1673 		return -EFAULT;
1674 
1675 	temp[count] = '\0';
1676 
1677 	if (sscanf(temp, "%d", &i) != 1)
1678 		return -EINVAL;
1679 
1680 	/*
1681 	 * Don't do anything if the value hasn't actually changed.
1682 	 * If it is changing reset the level on entries that were
1683 	 * set up to be direct when they were created.
1684 	 */
1685 	if (smack_cipso_direct != i) {
1686 		mutex_lock(&smack_known_lock);
1687 		list_for_each_entry_rcu(skp, &smack_known_list, list)
1688 			if (skp->smk_netlabel.attr.mls.lvl ==
1689 			    smack_cipso_direct)
1690 				skp->smk_netlabel.attr.mls.lvl = i;
1691 		smack_cipso_direct = i;
1692 		mutex_unlock(&smack_known_lock);
1693 	}
1694 
1695 	return count;
1696 }
1697 
1698 static const struct file_operations smk_direct_ops = {
1699 	.read		= smk_read_direct,
1700 	.write		= smk_write_direct,
1701 	.llseek		= default_llseek,
1702 };
1703 
1704 /**
1705  * smk_read_mapped - read() for /smack/mapped
1706  * @filp: file pointer, not actually used
1707  * @buf: where to put the result
1708  * @count: maximum to send along
1709  * @ppos: where to start
1710  *
1711  * Returns number of bytes read or error code, as appropriate
1712  */
1713 static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1714 			       size_t count, loff_t *ppos)
1715 {
1716 	char temp[80];
1717 	ssize_t rc;
1718 
1719 	if (*ppos != 0)
1720 		return 0;
1721 
1722 	sprintf(temp, "%d", smack_cipso_mapped);
1723 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1724 
1725 	return rc;
1726 }
1727 
1728 /**
1729  * smk_write_mapped - write() for /smack/mapped
1730  * @file: file pointer, not actually used
1731  * @buf: where to get the data from
1732  * @count: bytes sent
1733  * @ppos: where to start
1734  *
1735  * Returns number of bytes written or error code, as appropriate
1736  */
1737 static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1738 				size_t count, loff_t *ppos)
1739 {
1740 	struct smack_known *skp;
1741 	char temp[80];
1742 	int i;
1743 
1744 	if (!smack_privileged(CAP_MAC_ADMIN))
1745 		return -EPERM;
1746 
1747 	if (count >= sizeof(temp) || count == 0)
1748 		return -EINVAL;
1749 
1750 	if (copy_from_user(temp, buf, count) != 0)
1751 		return -EFAULT;
1752 
1753 	temp[count] = '\0';
1754 
1755 	if (sscanf(temp, "%d", &i) != 1)
1756 		return -EINVAL;
1757 
1758 	/*
1759 	 * Don't do anything if the value hasn't actually changed.
1760 	 * If it is changing reset the level on entries that were
1761 	 * set up to be mapped when they were created.
1762 	 */
1763 	if (smack_cipso_mapped != i) {
1764 		mutex_lock(&smack_known_lock);
1765 		list_for_each_entry_rcu(skp, &smack_known_list, list)
1766 			if (skp->smk_netlabel.attr.mls.lvl ==
1767 			    smack_cipso_mapped)
1768 				skp->smk_netlabel.attr.mls.lvl = i;
1769 		smack_cipso_mapped = i;
1770 		mutex_unlock(&smack_known_lock);
1771 	}
1772 
1773 	return count;
1774 }
1775 
1776 static const struct file_operations smk_mapped_ops = {
1777 	.read		= smk_read_mapped,
1778 	.write		= smk_write_mapped,
1779 	.llseek		= default_llseek,
1780 };
1781 
1782 /**
1783  * smk_read_ambient - read() for /smack/ambient
1784  * @filp: file pointer, not actually used
1785  * @buf: where to put the result
1786  * @cn: maximum to send along
1787  * @ppos: where to start
1788  *
1789  * Returns number of bytes read or error code, as appropriate
1790  */
1791 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1792 				size_t cn, loff_t *ppos)
1793 {
1794 	ssize_t rc;
1795 	int asize;
1796 
1797 	if (*ppos != 0)
1798 		return 0;
1799 	/*
1800 	 * Being careful to avoid a problem in the case where
1801 	 * smack_net_ambient gets changed in midstream.
1802 	 */
1803 	mutex_lock(&smack_ambient_lock);
1804 
1805 	asize = strlen(smack_net_ambient->smk_known) + 1;
1806 
1807 	if (cn >= asize)
1808 		rc = simple_read_from_buffer(buf, cn, ppos,
1809 					     smack_net_ambient->smk_known,
1810 					     asize);
1811 	else
1812 		rc = -EINVAL;
1813 
1814 	mutex_unlock(&smack_ambient_lock);
1815 
1816 	return rc;
1817 }
1818 
1819 /**
1820  * smk_write_ambient - write() for /smack/ambient
1821  * @file: file pointer, not actually used
1822  * @buf: where to get the data from
1823  * @count: bytes sent
1824  * @ppos: where to start
1825  *
1826  * Returns number of bytes written or error code, as appropriate
1827  */
1828 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1829 				 size_t count, loff_t *ppos)
1830 {
1831 	struct smack_known *skp;
1832 	char *oldambient;
1833 	char *data;
1834 	int rc = count;
1835 
1836 	if (!smack_privileged(CAP_MAC_ADMIN))
1837 		return -EPERM;
1838 
1839 	/* Enough data must be present */
1840 	if (count == 0 || count > PAGE_SIZE)
1841 		return -EINVAL;
1842 
1843 	data = memdup_user_nul(buf, count);
1844 	if (IS_ERR(data))
1845 		return PTR_ERR(data);
1846 
1847 	skp = smk_import_entry(data, count);
1848 	if (IS_ERR(skp)) {
1849 		rc = PTR_ERR(skp);
1850 		goto out;
1851 	}
1852 
1853 	mutex_lock(&smack_ambient_lock);
1854 
1855 	oldambient = smack_net_ambient->smk_known;
1856 	smack_net_ambient = skp;
1857 	smk_unlbl_ambient(oldambient);
1858 
1859 	mutex_unlock(&smack_ambient_lock);
1860 
1861 out:
1862 	kfree(data);
1863 	return rc;
1864 }
1865 
1866 static const struct file_operations smk_ambient_ops = {
1867 	.read		= smk_read_ambient,
1868 	.write		= smk_write_ambient,
1869 	.llseek		= default_llseek,
1870 };
1871 
1872 /*
1873  * Seq_file operations for /smack/onlycap
1874  */
1875 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
1876 {
1877 	return smk_seq_start(s, pos, &smack_onlycap_list);
1878 }
1879 
1880 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
1881 {
1882 	return smk_seq_next(s, v, pos, &smack_onlycap_list);
1883 }
1884 
1885 static int onlycap_seq_show(struct seq_file *s, void *v)
1886 {
1887 	struct list_head *list = v;
1888 	struct smack_known_list_elem *sklep =
1889 		list_entry_rcu(list, struct smack_known_list_elem, list);
1890 
1891 	seq_puts(s, sklep->smk_label->smk_known);
1892 	seq_putc(s, ' ');
1893 
1894 	return 0;
1895 }
1896 
1897 static const struct seq_operations onlycap_seq_ops = {
1898 	.start = onlycap_seq_start,
1899 	.next  = onlycap_seq_next,
1900 	.show  = onlycap_seq_show,
1901 	.stop  = smk_seq_stop,
1902 };
1903 
1904 static int smk_open_onlycap(struct inode *inode, struct file *file)
1905 {
1906 	return seq_open(file, &onlycap_seq_ops);
1907 }
1908 
1909 /**
1910  * smk_list_swap_rcu - swap public list with a private one in RCU-safe way
1911  * The caller must hold appropriate mutex to prevent concurrent modifications
1912  * to the public list.
1913  * Private list is assumed to be not accessible to other threads yet.
1914  *
1915  * @public: public list
1916  * @private: private list
1917  */
1918 static void smk_list_swap_rcu(struct list_head *public,
1919 			      struct list_head *private)
1920 {
1921 	struct list_head *first, *last;
1922 
1923 	if (list_empty(public)) {
1924 		list_splice_init_rcu(private, public, synchronize_rcu);
1925 	} else {
1926 		/* Remember public list before replacing it */
1927 		first = public->next;
1928 		last = public->prev;
1929 
1930 		/* Publish private list in place of public in RCU-safe way */
1931 		private->prev->next = public;
1932 		private->next->prev = public;
1933 		rcu_assign_pointer(public->next, private->next);
1934 		public->prev = private->prev;
1935 
1936 		synchronize_rcu();
1937 
1938 		/* When all readers are done with the old public list,
1939 		 * attach it in place of private */
1940 		private->next = first;
1941 		private->prev = last;
1942 		first->prev = private;
1943 		last->next = private;
1944 	}
1945 }
1946 
1947 /**
1948  * smk_parse_label_list - parse list of Smack labels, separated by spaces
1949  *
1950  * @data: the string to parse
1951  * @list: destination list
1952  *
1953  * Returns zero on success or error code, as appropriate
1954  */
1955 static int smk_parse_label_list(char *data, struct list_head *list)
1956 {
1957 	char *tok;
1958 	struct smack_known *skp;
1959 	struct smack_known_list_elem *sklep;
1960 
1961 	while ((tok = strsep(&data, " ")) != NULL) {
1962 		if (!*tok)
1963 			continue;
1964 
1965 		skp = smk_import_entry(tok, 0);
1966 		if (IS_ERR(skp))
1967 			return PTR_ERR(skp);
1968 
1969 		sklep = kzalloc(sizeof(*sklep), GFP_KERNEL);
1970 		if (sklep == NULL)
1971 			return -ENOMEM;
1972 
1973 		sklep->smk_label = skp;
1974 		list_add(&sklep->list, list);
1975 	}
1976 
1977 	return 0;
1978 }
1979 
1980 /**
1981  * smk_destroy_label_list - destroy a list of smack_known_list_elem
1982  * @list: header pointer of the list to destroy
1983  */
1984 void smk_destroy_label_list(struct list_head *list)
1985 {
1986 	struct smack_known_list_elem *sklep;
1987 	struct smack_known_list_elem *sklep2;
1988 
1989 	list_for_each_entry_safe(sklep, sklep2, list, list)
1990 		kfree(sklep);
1991 
1992 	INIT_LIST_HEAD(list);
1993 }
1994 
1995 /**
1996  * smk_write_onlycap - write() for smackfs/onlycap
1997  * @file: file pointer, not actually used
1998  * @buf: where to get the data from
1999  * @count: bytes sent
2000  * @ppos: where to start
2001  *
2002  * Returns number of bytes written or error code, as appropriate
2003  */
2004 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
2005 				 size_t count, loff_t *ppos)
2006 {
2007 	char *data;
2008 	LIST_HEAD(list_tmp);
2009 	int rc;
2010 
2011 	if (!smack_privileged(CAP_MAC_ADMIN))
2012 		return -EPERM;
2013 
2014 	if (count > PAGE_SIZE)
2015 		return -EINVAL;
2016 
2017 	data = memdup_user_nul(buf, count);
2018 	if (IS_ERR(data))
2019 		return PTR_ERR(data);
2020 
2021 	rc = smk_parse_label_list(data, &list_tmp);
2022 	kfree(data);
2023 
2024 	/*
2025 	 * Clear the smack_onlycap on invalid label errors. This means
2026 	 * that we can pass a null string to unset the onlycap value.
2027 	 *
2028 	 * Importing will also reject a label beginning with '-',
2029 	 * so "-usecapabilities" will also work.
2030 	 *
2031 	 * But do so only on invalid label, not on system errors.
2032 	 * The invalid label must be first to count as clearing attempt.
2033 	 */
2034 	if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2035 		mutex_lock(&smack_onlycap_lock);
2036 		smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
2037 		mutex_unlock(&smack_onlycap_lock);
2038 		rc = count;
2039 	}
2040 
2041 	smk_destroy_label_list(&list_tmp);
2042 
2043 	return rc;
2044 }
2045 
2046 static const struct file_operations smk_onlycap_ops = {
2047 	.open		= smk_open_onlycap,
2048 	.read		= seq_read,
2049 	.write		= smk_write_onlycap,
2050 	.llseek		= seq_lseek,
2051 	.release	= seq_release,
2052 };
2053 
2054 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2055 /**
2056  * smk_read_unconfined - read() for smackfs/unconfined
2057  * @filp: file pointer, not actually used
2058  * @buf: where to put the result
2059  * @cn: maximum to send along
2060  * @ppos: where to start
2061  *
2062  * Returns number of bytes read or error code, as appropriate
2063  */
2064 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
2065 					size_t cn, loff_t *ppos)
2066 {
2067 	char *smack = "";
2068 	ssize_t rc = -EINVAL;
2069 	int asize;
2070 
2071 	if (*ppos != 0)
2072 		return 0;
2073 
2074 	if (smack_unconfined != NULL)
2075 		smack = smack_unconfined->smk_known;
2076 
2077 	asize = strlen(smack) + 1;
2078 
2079 	if (cn >= asize)
2080 		rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
2081 
2082 	return rc;
2083 }
2084 
2085 /**
2086  * smk_write_unconfined - write() for smackfs/unconfined
2087  * @file: file pointer, not actually used
2088  * @buf: where to get the data from
2089  * @count: bytes sent
2090  * @ppos: where to start
2091  *
2092  * Returns number of bytes written or error code, as appropriate
2093  */
2094 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
2095 					size_t count, loff_t *ppos)
2096 {
2097 	char *data;
2098 	struct smack_known *skp;
2099 	int rc = count;
2100 
2101 	if (!smack_privileged(CAP_MAC_ADMIN))
2102 		return -EPERM;
2103 
2104 	if (count > PAGE_SIZE)
2105 		return -EINVAL;
2106 
2107 	data = memdup_user_nul(buf, count);
2108 	if (IS_ERR(data))
2109 		return PTR_ERR(data);
2110 
2111 	/*
2112 	 * Clear the smack_unconfined on invalid label errors. This means
2113 	 * that we can pass a null string to unset the unconfined value.
2114 	 *
2115 	 * Importing will also reject a label beginning with '-',
2116 	 * so "-confine" will also work.
2117 	 *
2118 	 * But do so only on invalid label, not on system errors.
2119 	 */
2120 	skp = smk_import_entry(data, count);
2121 	if (PTR_ERR(skp) == -EINVAL)
2122 		skp = NULL;
2123 	else if (IS_ERR(skp)) {
2124 		rc = PTR_ERR(skp);
2125 		goto freeout;
2126 	}
2127 
2128 	smack_unconfined = skp;
2129 
2130 freeout:
2131 	kfree(data);
2132 	return rc;
2133 }
2134 
2135 static const struct file_operations smk_unconfined_ops = {
2136 	.read		= smk_read_unconfined,
2137 	.write		= smk_write_unconfined,
2138 	.llseek		= default_llseek,
2139 };
2140 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */
2141 
2142 /**
2143  * smk_read_logging - read() for /smack/logging
2144  * @filp: file pointer, not actually used
2145  * @buf: where to put the result
2146  * @count: maximum to send along
2147  * @ppos: where to start
2148  *
2149  * Returns number of bytes read or error code, as appropriate
2150  */
2151 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
2152 				size_t count, loff_t *ppos)
2153 {
2154 	char temp[32];
2155 	ssize_t rc;
2156 
2157 	if (*ppos != 0)
2158 		return 0;
2159 
2160 	sprintf(temp, "%d\n", log_policy);
2161 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2162 	return rc;
2163 }
2164 
2165 /**
2166  * smk_write_logging - write() for /smack/logging
2167  * @file: file pointer, not actually used
2168  * @buf: where to get the data from
2169  * @count: bytes sent
2170  * @ppos: where to start
2171  *
2172  * Returns number of bytes written or error code, as appropriate
2173  */
2174 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
2175 				size_t count, loff_t *ppos)
2176 {
2177 	char temp[32];
2178 	int i;
2179 
2180 	if (!smack_privileged(CAP_MAC_ADMIN))
2181 		return -EPERM;
2182 
2183 	if (count >= sizeof(temp) || count == 0)
2184 		return -EINVAL;
2185 
2186 	if (copy_from_user(temp, buf, count) != 0)
2187 		return -EFAULT;
2188 
2189 	temp[count] = '\0';
2190 
2191 	if (sscanf(temp, "%d", &i) != 1)
2192 		return -EINVAL;
2193 	if (i < 0 || i > 3)
2194 		return -EINVAL;
2195 	log_policy = i;
2196 	return count;
2197 }
2198 
2199 
2200 
2201 static const struct file_operations smk_logging_ops = {
2202 	.read		= smk_read_logging,
2203 	.write		= smk_write_logging,
2204 	.llseek		= default_llseek,
2205 };
2206 
2207 /*
2208  * Seq_file read operations for /smack/load-self
2209  */
2210 
2211 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
2212 {
2213 	struct task_smack *tsp = smack_cred(current_cred());
2214 
2215 	return smk_seq_start(s, pos, &tsp->smk_rules);
2216 }
2217 
2218 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2219 {
2220 	struct task_smack *tsp = smack_cred(current_cred());
2221 
2222 	return smk_seq_next(s, v, pos, &tsp->smk_rules);
2223 }
2224 
2225 static int load_self_seq_show(struct seq_file *s, void *v)
2226 {
2227 	struct list_head *list = v;
2228 	struct smack_rule *srp =
2229 		list_entry_rcu(list, struct smack_rule, list);
2230 
2231 	smk_rule_show(s, srp, SMK_LABELLEN);
2232 
2233 	return 0;
2234 }
2235 
2236 static const struct seq_operations load_self_seq_ops = {
2237 	.start = load_self_seq_start,
2238 	.next  = load_self_seq_next,
2239 	.show  = load_self_seq_show,
2240 	.stop  = smk_seq_stop,
2241 };
2242 
2243 
2244 /**
2245  * smk_open_load_self - open() for /smack/load-self2
2246  * @inode: inode structure representing file
2247  * @file: "load" file pointer
2248  *
2249  * For reading, use load_seq_* seq_file reading operations.
2250  */
2251 static int smk_open_load_self(struct inode *inode, struct file *file)
2252 {
2253 	return seq_open(file, &load_self_seq_ops);
2254 }
2255 
2256 /**
2257  * smk_write_load_self - write() for /smack/load-self
2258  * @file: file pointer, not actually used
2259  * @buf: where to get the data from
2260  * @count: bytes sent
2261  * @ppos: where to start - must be 0
2262  *
2263  */
2264 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
2265 			      size_t count, loff_t *ppos)
2266 {
2267 	struct task_smack *tsp = smack_cred(current_cred());
2268 
2269 	return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2270 				    &tsp->smk_rules_lock, SMK_FIXED24_FMT);
2271 }
2272 
2273 static const struct file_operations smk_load_self_ops = {
2274 	.open           = smk_open_load_self,
2275 	.read		= seq_read,
2276 	.llseek         = seq_lseek,
2277 	.write		= smk_write_load_self,
2278 	.release        = seq_release,
2279 };
2280 
2281 /**
2282  * smk_user_access - handle access check transaction
2283  * @file: file pointer
2284  * @buf: data from user space
2285  * @count: bytes sent
2286  * @ppos: where to start - must be 0
2287  * @format: /smack/load or /smack/load2 or /smack/change-rule format.
2288  */
2289 static ssize_t smk_user_access(struct file *file, const char __user *buf,
2290 				size_t count, loff_t *ppos, int format)
2291 {
2292 	struct smack_parsed_rule rule;
2293 	char *data;
2294 	int res;
2295 
2296 	data = simple_transaction_get(file, buf, count);
2297 	if (IS_ERR(data))
2298 		return PTR_ERR(data);
2299 
2300 	if (format == SMK_FIXED24_FMT) {
2301 		if (count < SMK_LOADLEN)
2302 			return -EINVAL;
2303 		res = smk_parse_rule(data, &rule, 0);
2304 	} else {
2305 		/*
2306 		 * simple_transaction_get() returns null-terminated data
2307 		 */
2308 		res = smk_parse_long_rule(data, &rule, 0, 3);
2309 	}
2310 
2311 	if (res >= 0)
2312 		res = smk_access(rule.smk_subject, rule.smk_object,
2313 				 rule.smk_access1, NULL);
2314 	else if (res != -ENOENT)
2315 		return res;
2316 
2317 	/*
2318 	 * smk_access() can return a value > 0 in the "bringup" case.
2319 	 */
2320 	data[0] = res >= 0 ? '1' : '0';
2321 	data[1] = '\0';
2322 
2323 	simple_transaction_set(file, 2);
2324 
2325 	if (format == SMK_FIXED24_FMT)
2326 		return SMK_LOADLEN;
2327 	return count;
2328 }
2329 
2330 /**
2331  * smk_write_access - handle access check transaction
2332  * @file: file pointer
2333  * @buf: data from user space
2334  * @count: bytes sent
2335  * @ppos: where to start - must be 0
2336  */
2337 static ssize_t smk_write_access(struct file *file, const char __user *buf,
2338 				size_t count, loff_t *ppos)
2339 {
2340 	return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
2341 }
2342 
2343 static const struct file_operations smk_access_ops = {
2344 	.write		= smk_write_access,
2345 	.read		= simple_transaction_read,
2346 	.release	= simple_transaction_release,
2347 	.llseek		= generic_file_llseek,
2348 };
2349 
2350 
2351 /*
2352  * Seq_file read operations for /smack/load2
2353  */
2354 
2355 static int load2_seq_show(struct seq_file *s, void *v)
2356 {
2357 	struct list_head *list = v;
2358 	struct smack_rule *srp;
2359 	struct smack_known *skp =
2360 		list_entry_rcu(list, struct smack_known, list);
2361 
2362 	list_for_each_entry_rcu(srp, &skp->smk_rules, list)
2363 		smk_rule_show(s, srp, SMK_LONGLABEL);
2364 
2365 	return 0;
2366 }
2367 
2368 static const struct seq_operations load2_seq_ops = {
2369 	.start = load2_seq_start,
2370 	.next  = load2_seq_next,
2371 	.show  = load2_seq_show,
2372 	.stop  = smk_seq_stop,
2373 };
2374 
2375 /**
2376  * smk_open_load2 - open() for /smack/load2
2377  * @inode: inode structure representing file
2378  * @file: "load2" file pointer
2379  *
2380  * For reading, use load2_seq_* seq_file reading operations.
2381  */
2382 static int smk_open_load2(struct inode *inode, struct file *file)
2383 {
2384 	return seq_open(file, &load2_seq_ops);
2385 }
2386 
2387 /**
2388  * smk_write_load2 - write() for /smack/load2
2389  * @file: file pointer, not actually used
2390  * @buf: where to get the data from
2391  * @count: bytes sent
2392  * @ppos: where to start - must be 0
2393  *
2394  */
2395 static ssize_t smk_write_load2(struct file *file, const char __user *buf,
2396 				size_t count, loff_t *ppos)
2397 {
2398 	/*
2399 	 * Must have privilege.
2400 	 */
2401 	if (!smack_privileged(CAP_MAC_ADMIN))
2402 		return -EPERM;
2403 
2404 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2405 				    SMK_LONG_FMT);
2406 }
2407 
2408 static const struct file_operations smk_load2_ops = {
2409 	.open           = smk_open_load2,
2410 	.read		= seq_read,
2411 	.llseek         = seq_lseek,
2412 	.write		= smk_write_load2,
2413 	.release        = seq_release,
2414 };
2415 
2416 /*
2417  * Seq_file read operations for /smack/load-self2
2418  */
2419 
2420 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
2421 {
2422 	struct task_smack *tsp = smack_cred(current_cred());
2423 
2424 	return smk_seq_start(s, pos, &tsp->smk_rules);
2425 }
2426 
2427 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
2428 {
2429 	struct task_smack *tsp = smack_cred(current_cred());
2430 
2431 	return smk_seq_next(s, v, pos, &tsp->smk_rules);
2432 }
2433 
2434 static int load_self2_seq_show(struct seq_file *s, void *v)
2435 {
2436 	struct list_head *list = v;
2437 	struct smack_rule *srp =
2438 		list_entry_rcu(list, struct smack_rule, list);
2439 
2440 	smk_rule_show(s, srp, SMK_LONGLABEL);
2441 
2442 	return 0;
2443 }
2444 
2445 static const struct seq_operations load_self2_seq_ops = {
2446 	.start = load_self2_seq_start,
2447 	.next  = load_self2_seq_next,
2448 	.show  = load_self2_seq_show,
2449 	.stop  = smk_seq_stop,
2450 };
2451 
2452 /**
2453  * smk_open_load_self2 - open() for /smack/load-self2
2454  * @inode: inode structure representing file
2455  * @file: "load" file pointer
2456  *
2457  * For reading, use load_seq_* seq_file reading operations.
2458  */
2459 static int smk_open_load_self2(struct inode *inode, struct file *file)
2460 {
2461 	return seq_open(file, &load_self2_seq_ops);
2462 }
2463 
2464 /**
2465  * smk_write_load_self2 - write() for /smack/load-self2
2466  * @file: file pointer, not actually used
2467  * @buf: where to get the data from
2468  * @count: bytes sent
2469  * @ppos: where to start - must be 0
2470  *
2471  */
2472 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
2473 			      size_t count, loff_t *ppos)
2474 {
2475 	struct task_smack *tsp = smack_cred(current_cred());
2476 
2477 	return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2478 				    &tsp->smk_rules_lock, SMK_LONG_FMT);
2479 }
2480 
2481 static const struct file_operations smk_load_self2_ops = {
2482 	.open           = smk_open_load_self2,
2483 	.read		= seq_read,
2484 	.llseek         = seq_lseek,
2485 	.write		= smk_write_load_self2,
2486 	.release        = seq_release,
2487 };
2488 
2489 /**
2490  * smk_write_access2 - handle access check transaction
2491  * @file: file pointer
2492  * @buf: data from user space
2493  * @count: bytes sent
2494  * @ppos: where to start - must be 0
2495  */
2496 static ssize_t smk_write_access2(struct file *file, const char __user *buf,
2497 					size_t count, loff_t *ppos)
2498 {
2499 	return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
2500 }
2501 
2502 static const struct file_operations smk_access2_ops = {
2503 	.write		= smk_write_access2,
2504 	.read		= simple_transaction_read,
2505 	.release	= simple_transaction_release,
2506 	.llseek		= generic_file_llseek,
2507 };
2508 
2509 /**
2510  * smk_write_revoke_subj - write() for /smack/revoke-subject
2511  * @file: file pointer
2512  * @buf: data from user space
2513  * @count: bytes sent
2514  * @ppos: where to start - must be 0
2515  */
2516 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
2517 				size_t count, loff_t *ppos)
2518 {
2519 	char *data;
2520 	const char *cp;
2521 	struct smack_known *skp;
2522 	struct smack_rule *sp;
2523 	struct list_head *rule_list;
2524 	struct mutex *rule_lock;
2525 	int rc = count;
2526 
2527 	if (*ppos != 0)
2528 		return -EINVAL;
2529 
2530 	if (!smack_privileged(CAP_MAC_ADMIN))
2531 		return -EPERM;
2532 
2533 	if (count == 0 || count > SMK_LONGLABEL)
2534 		return -EINVAL;
2535 
2536 	data = memdup_user(buf, count);
2537 	if (IS_ERR(data))
2538 		return PTR_ERR(data);
2539 
2540 	cp = smk_parse_smack(data, count);
2541 	if (IS_ERR(cp)) {
2542 		rc = PTR_ERR(cp);
2543 		goto out_data;
2544 	}
2545 
2546 	skp = smk_find_entry(cp);
2547 	if (skp == NULL)
2548 		goto out_cp;
2549 
2550 	rule_list = &skp->smk_rules;
2551 	rule_lock = &skp->smk_rules_lock;
2552 
2553 	mutex_lock(rule_lock);
2554 
2555 	list_for_each_entry_rcu(sp, rule_list, list)
2556 		sp->smk_access = 0;
2557 
2558 	mutex_unlock(rule_lock);
2559 
2560 out_cp:
2561 	kfree(cp);
2562 out_data:
2563 	kfree(data);
2564 
2565 	return rc;
2566 }
2567 
2568 static const struct file_operations smk_revoke_subj_ops = {
2569 	.write		= smk_write_revoke_subj,
2570 	.read		= simple_transaction_read,
2571 	.release	= simple_transaction_release,
2572 	.llseek		= generic_file_llseek,
2573 };
2574 
2575 /**
2576  * smk_init_sysfs - initialize /sys/fs/smackfs
2577  *
2578  */
2579 static int smk_init_sysfs(void)
2580 {
2581 	return sysfs_create_mount_point(fs_kobj, "smackfs");
2582 }
2583 
2584 /**
2585  * smk_write_change_rule - write() for /smack/change-rule
2586  * @file: file pointer
2587  * @buf: data from user space
2588  * @count: bytes sent
2589  * @ppos: where to start - must be 0
2590  */
2591 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
2592 				size_t count, loff_t *ppos)
2593 {
2594 	/*
2595 	 * Must have privilege.
2596 	 */
2597 	if (!smack_privileged(CAP_MAC_ADMIN))
2598 		return -EPERM;
2599 
2600 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2601 				    SMK_CHANGE_FMT);
2602 }
2603 
2604 static const struct file_operations smk_change_rule_ops = {
2605 	.write		= smk_write_change_rule,
2606 	.read		= simple_transaction_read,
2607 	.release	= simple_transaction_release,
2608 	.llseek		= generic_file_llseek,
2609 };
2610 
2611 /**
2612  * smk_read_syslog - read() for smackfs/syslog
2613  * @filp: file pointer, not actually used
2614  * @buf: where to put the result
2615  * @cn: maximum to send along
2616  * @ppos: where to start
2617  *
2618  * Returns number of bytes read or error code, as appropriate
2619  */
2620 static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
2621 				size_t cn, loff_t *ppos)
2622 {
2623 	struct smack_known *skp;
2624 	ssize_t rc = -EINVAL;
2625 	int asize;
2626 
2627 	if (*ppos != 0)
2628 		return 0;
2629 
2630 	if (smack_syslog_label == NULL)
2631 		skp = &smack_known_star;
2632 	else
2633 		skp = smack_syslog_label;
2634 
2635 	asize = strlen(skp->smk_known) + 1;
2636 
2637 	if (cn >= asize)
2638 		rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
2639 						asize);
2640 
2641 	return rc;
2642 }
2643 
2644 /**
2645  * smk_write_syslog - write() for smackfs/syslog
2646  * @file: file pointer, not actually used
2647  * @buf: where to get the data from
2648  * @count: bytes sent
2649  * @ppos: where to start
2650  *
2651  * Returns number of bytes written or error code, as appropriate
2652  */
2653 static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
2654 				size_t count, loff_t *ppos)
2655 {
2656 	char *data;
2657 	struct smack_known *skp;
2658 	int rc = count;
2659 
2660 	if (!smack_privileged(CAP_MAC_ADMIN))
2661 		return -EPERM;
2662 
2663 	/* Enough data must be present */
2664 	if (count == 0 || count > PAGE_SIZE)
2665 		return -EINVAL;
2666 
2667 	data = memdup_user_nul(buf, count);
2668 	if (IS_ERR(data))
2669 		return PTR_ERR(data);
2670 
2671 	skp = smk_import_entry(data, count);
2672 	if (IS_ERR(skp))
2673 		rc = PTR_ERR(skp);
2674 	else
2675 		smack_syslog_label = skp;
2676 
2677 	kfree(data);
2678 	return rc;
2679 }
2680 
2681 static const struct file_operations smk_syslog_ops = {
2682 	.read		= smk_read_syslog,
2683 	.write		= smk_write_syslog,
2684 	.llseek		= default_llseek,
2685 };
2686 
2687 /*
2688  * Seq_file read operations for /smack/relabel-self
2689  */
2690 
2691 static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos)
2692 {
2693 	struct task_smack *tsp = smack_cred(current_cred());
2694 
2695 	return smk_seq_start(s, pos, &tsp->smk_relabel);
2696 }
2697 
2698 static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2699 {
2700 	struct task_smack *tsp = smack_cred(current_cred());
2701 
2702 	return smk_seq_next(s, v, pos, &tsp->smk_relabel);
2703 }
2704 
2705 static int relabel_self_seq_show(struct seq_file *s, void *v)
2706 {
2707 	struct list_head *list = v;
2708 	struct smack_known_list_elem *sklep =
2709 		list_entry(list, struct smack_known_list_elem, list);
2710 
2711 	seq_puts(s, sklep->smk_label->smk_known);
2712 	seq_putc(s, ' ');
2713 
2714 	return 0;
2715 }
2716 
2717 static const struct seq_operations relabel_self_seq_ops = {
2718 	.start = relabel_self_seq_start,
2719 	.next  = relabel_self_seq_next,
2720 	.show  = relabel_self_seq_show,
2721 	.stop  = smk_seq_stop,
2722 };
2723 
2724 /**
2725  * smk_open_relabel_self - open() for /smack/relabel-self
2726  * @inode: inode structure representing file
2727  * @file: "relabel-self" file pointer
2728  *
2729  * Connect our relabel_self_seq_* operations with /smack/relabel-self
2730  * file_operations
2731  */
2732 static int smk_open_relabel_self(struct inode *inode, struct file *file)
2733 {
2734 	return seq_open(file, &relabel_self_seq_ops);
2735 }
2736 
2737 /**
2738  * smk_write_relabel_self - write() for /smack/relabel-self
2739  * @file: file pointer, not actually used
2740  * @buf: where to get the data from
2741  * @count: bytes sent
2742  * @ppos: where to start - must be 0
2743  *
2744  */
2745 static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
2746 				size_t count, loff_t *ppos)
2747 {
2748 	char *data;
2749 	int rc;
2750 	LIST_HEAD(list_tmp);
2751 
2752 	/*
2753 	 * Must have privilege.
2754 	 */
2755 	if (!smack_privileged(CAP_MAC_ADMIN))
2756 		return -EPERM;
2757 
2758 	/*
2759 	 * No partial write.
2760 	 * Enough data must be present.
2761 	 */
2762 	if (*ppos != 0)
2763 		return -EINVAL;
2764 	if (count == 0 || count > PAGE_SIZE)
2765 		return -EINVAL;
2766 
2767 	data = memdup_user_nul(buf, count);
2768 	if (IS_ERR(data))
2769 		return PTR_ERR(data);
2770 
2771 	rc = smk_parse_label_list(data, &list_tmp);
2772 	kfree(data);
2773 
2774 	if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2775 		struct cred *new;
2776 		struct task_smack *tsp;
2777 
2778 		new = prepare_creds();
2779 		if (!new) {
2780 			rc = -ENOMEM;
2781 			goto out;
2782 		}
2783 		tsp = smack_cred(new);
2784 		smk_destroy_label_list(&tsp->smk_relabel);
2785 		list_splice(&list_tmp, &tsp->smk_relabel);
2786 		commit_creds(new);
2787 		return count;
2788 	}
2789 out:
2790 	smk_destroy_label_list(&list_tmp);
2791 	return rc;
2792 }
2793 
2794 static const struct file_operations smk_relabel_self_ops = {
2795 	.open		= smk_open_relabel_self,
2796 	.read		= seq_read,
2797 	.llseek		= seq_lseek,
2798 	.write		= smk_write_relabel_self,
2799 	.release	= seq_release,
2800 };
2801 
2802 /**
2803  * smk_read_ptrace - read() for /smack/ptrace
2804  * @filp: file pointer, not actually used
2805  * @buf: where to put the result
2806  * @count: maximum to send along
2807  * @ppos: where to start
2808  *
2809  * Returns number of bytes read or error code, as appropriate
2810  */
2811 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf,
2812 			       size_t count, loff_t *ppos)
2813 {
2814 	char temp[32];
2815 	ssize_t rc;
2816 
2817 	if (*ppos != 0)
2818 		return 0;
2819 
2820 	sprintf(temp, "%d\n", smack_ptrace_rule);
2821 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2822 	return rc;
2823 }
2824 
2825 /**
2826  * smk_write_ptrace - write() for /smack/ptrace
2827  * @file: file pointer
2828  * @buf: data from user space
2829  * @count: bytes sent
2830  * @ppos: where to start - must be 0
2831  */
2832 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf,
2833 				size_t count, loff_t *ppos)
2834 {
2835 	char temp[32];
2836 	int i;
2837 
2838 	if (!smack_privileged(CAP_MAC_ADMIN))
2839 		return -EPERM;
2840 
2841 	if (*ppos != 0 || count >= sizeof(temp) || count == 0)
2842 		return -EINVAL;
2843 
2844 	if (copy_from_user(temp, buf, count) != 0)
2845 		return -EFAULT;
2846 
2847 	temp[count] = '\0';
2848 
2849 	if (sscanf(temp, "%d", &i) != 1)
2850 		return -EINVAL;
2851 	if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX)
2852 		return -EINVAL;
2853 	smack_ptrace_rule = i;
2854 
2855 	return count;
2856 }
2857 
2858 static const struct file_operations smk_ptrace_ops = {
2859 	.write		= smk_write_ptrace,
2860 	.read		= smk_read_ptrace,
2861 	.llseek		= default_llseek,
2862 };
2863 
2864 /**
2865  * smk_fill_super - fill the smackfs superblock
2866  * @sb: the empty superblock
2867  * @fc: unused
2868  *
2869  * Fill in the well known entries for the smack filesystem
2870  *
2871  * Returns 0 on success, an error code on failure
2872  */
2873 static int smk_fill_super(struct super_block *sb, struct fs_context *fc)
2874 {
2875 	int rc;
2876 
2877 	static const struct tree_descr smack_files[] = {
2878 		[SMK_LOAD] = {
2879 			"load", &smk_load_ops, S_IRUGO|S_IWUSR},
2880 		[SMK_CIPSO] = {
2881 			"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2882 		[SMK_DOI] = {
2883 			"doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2884 		[SMK_DIRECT] = {
2885 			"direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2886 		[SMK_AMBIENT] = {
2887 			"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2888 		[SMK_NET4ADDR] = {
2889 			"netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR},
2890 		[SMK_ONLYCAP] = {
2891 			"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2892 		[SMK_LOGGING] = {
2893 			"logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2894 		[SMK_LOAD_SELF] = {
2895 			"load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2896 		[SMK_ACCESSES] = {
2897 			"access", &smk_access_ops, S_IRUGO|S_IWUGO},
2898 		[SMK_MAPPED] = {
2899 			"mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2900 		[SMK_LOAD2] = {
2901 			"load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2902 		[SMK_LOAD_SELF2] = {
2903 			"load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2904 		[SMK_ACCESS2] = {
2905 			"access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2906 		[SMK_CIPSO2] = {
2907 			"cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2908 		[SMK_REVOKE_SUBJ] = {
2909 			"revoke-subject", &smk_revoke_subj_ops,
2910 			S_IRUGO|S_IWUSR},
2911 		[SMK_CHANGE_RULE] = {
2912 			"change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
2913 		[SMK_SYSLOG] = {
2914 			"syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
2915 		[SMK_PTRACE] = {
2916 			"ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
2917 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2918 		[SMK_UNCONFINED] = {
2919 			"unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
2920 #endif
2921 #if IS_ENABLED(CONFIG_IPV6)
2922 		[SMK_NET6ADDR] = {
2923 			"ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR},
2924 #endif /* CONFIG_IPV6 */
2925 		[SMK_RELABEL_SELF] = {
2926 			"relabel-self", &smk_relabel_self_ops,
2927 				S_IRUGO|S_IWUGO},
2928 		/* last one */
2929 			{""}
2930 	};
2931 
2932 	rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2933 	if (rc != 0) {
2934 		printk(KERN_ERR "%s failed %d while creating inodes\n",
2935 			__func__, rc);
2936 		return rc;
2937 	}
2938 
2939 	return 0;
2940 }
2941 
2942 /**
2943  * smk_get_tree - get the smackfs superblock
2944  * @fc: The mount context, including any options
2945  *
2946  * Just passes everything along.
2947  *
2948  * Returns what the lower level code does.
2949  */
2950 static int smk_get_tree(struct fs_context *fc)
2951 {
2952 	return get_tree_single(fc, smk_fill_super);
2953 }
2954 
2955 static const struct fs_context_operations smk_context_ops = {
2956 	.get_tree	= smk_get_tree,
2957 };
2958 
2959 /**
2960  * smk_init_fs_context - Initialise a filesystem context for smackfs
2961  * @fc: The blank mount context
2962  */
2963 static int smk_init_fs_context(struct fs_context *fc)
2964 {
2965 	fc->ops = &smk_context_ops;
2966 	return 0;
2967 }
2968 
2969 static struct file_system_type smk_fs_type = {
2970 	.name		= "smackfs",
2971 	.init_fs_context = smk_init_fs_context,
2972 	.kill_sb	= kill_litter_super,
2973 };
2974 
2975 static struct vfsmount *smackfs_mount;
2976 
2977 /**
2978  * init_smk_fs - get the smackfs superblock
2979  *
2980  * register the smackfs
2981  *
2982  * Do not register smackfs if Smack wasn't enabled
2983  * on boot. We can not put this method normally under the
2984  * smack_init() code path since the security subsystem get
2985  * initialized before the vfs caches.
2986  *
2987  * Returns true if we were not chosen on boot or if
2988  * we were chosen and filesystem registration succeeded.
2989  */
2990 static int __init init_smk_fs(void)
2991 {
2992 	int err;
2993 	int rc;
2994 
2995 	if (smack_enabled == 0)
2996 		return 0;
2997 
2998 	err = smk_init_sysfs();
2999 	if (err)
3000 		printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
3001 
3002 	err = register_filesystem(&smk_fs_type);
3003 	if (!err) {
3004 		smackfs_mount = kern_mount(&smk_fs_type);
3005 		if (IS_ERR(smackfs_mount)) {
3006 			printk(KERN_ERR "smackfs:  could not mount!\n");
3007 			err = PTR_ERR(smackfs_mount);
3008 			smackfs_mount = NULL;
3009 		}
3010 	}
3011 
3012 	smk_cipso_doi();
3013 	smk_unlbl_ambient(NULL);
3014 
3015 	rc = smack_populate_secattr(&smack_known_floor);
3016 	if (err == 0 && rc < 0)
3017 		err = rc;
3018 	rc = smack_populate_secattr(&smack_known_hat);
3019 	if (err == 0 && rc < 0)
3020 		err = rc;
3021 	rc = smack_populate_secattr(&smack_known_huh);
3022 	if (err == 0 && rc < 0)
3023 		err = rc;
3024 	rc = smack_populate_secattr(&smack_known_star);
3025 	if (err == 0 && rc < 0)
3026 		err = rc;
3027 	rc = smack_populate_secattr(&smack_known_web);
3028 	if (err == 0 && rc < 0)
3029 		err = rc;
3030 
3031 	return err;
3032 }
3033 
3034 __initcall(init_smk_fs);
3035