xref: /openbmc/linux/security/smack/smackfs.c (revision aac5987a)
1 /*
2  * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3  *
4  *	This program is free software; you can redistribute it and/or modify
5  *  	it under the terms of the GNU General Public License as published by
6  *	the Free Software Foundation, version 2.
7  *
8  * Authors:
9  * 	Casey Schaufler <casey@schaufler-ca.com>
10  * 	Ahmed S. Darwish <darwish.07@gmail.com>
11  *
12  * Special thanks to the authors of selinuxfs.
13  *
14  *	Karl MacMillan <kmacmillan@tresys.com>
15  *	James Morris <jmorris@redhat.com>
16  *
17  */
18 
19 #include <linux/kernel.h>
20 #include <linux/vmalloc.h>
21 #include <linux/security.h>
22 #include <linux/mutex.h>
23 #include <linux/slab.h>
24 #include <net/net_namespace.h>
25 #include <net/cipso_ipv4.h>
26 #include <linux/seq_file.h>
27 #include <linux/ctype.h>
28 #include <linux/audit.h>
29 #include <linux/magic.h>
30 #include "smack.h"
31 
32 #define BEBITS	(sizeof(__be32) * 8)
33 /*
34  * smackfs pseudo filesystem.
35  */
36 
37 enum smk_inos {
38 	SMK_ROOT_INO	= 2,
39 	SMK_LOAD	= 3,	/* load policy */
40 	SMK_CIPSO	= 4,	/* load label -> CIPSO mapping */
41 	SMK_DOI		= 5,	/* CIPSO DOI */
42 	SMK_DIRECT	= 6,	/* CIPSO level indicating direct label */
43 	SMK_AMBIENT	= 7,	/* internet ambient label */
44 	SMK_NET4ADDR	= 8,	/* single label hosts */
45 	SMK_ONLYCAP	= 9,	/* the only "capable" label */
46 	SMK_LOGGING	= 10,	/* logging */
47 	SMK_LOAD_SELF	= 11,	/* task specific rules */
48 	SMK_ACCESSES	= 12,	/* access policy */
49 	SMK_MAPPED	= 13,	/* CIPSO level indicating mapped label */
50 	SMK_LOAD2	= 14,	/* load policy with long labels */
51 	SMK_LOAD_SELF2	= 15,	/* load task specific rules with long labels */
52 	SMK_ACCESS2	= 16,	/* make an access check with long labels */
53 	SMK_CIPSO2	= 17,	/* load long label -> CIPSO mapping */
54 	SMK_REVOKE_SUBJ	= 18,	/* set rules with subject label to '-' */
55 	SMK_CHANGE_RULE	= 19,	/* change or add rules (long labels) */
56 	SMK_SYSLOG	= 20,	/* change syslog label) */
57 	SMK_PTRACE	= 21,	/* set ptrace rule */
58 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
59 	SMK_UNCONFINED	= 22,	/* define an unconfined label */
60 #endif
61 #if IS_ENABLED(CONFIG_IPV6)
62 	SMK_NET6ADDR	= 23,	/* single label IPv6 hosts */
63 #endif /* CONFIG_IPV6 */
64 	SMK_RELABEL_SELF = 24, /* relabel possible without CAP_MAC_ADMIN */
65 };
66 
67 /*
68  * List locks
69  */
70 static DEFINE_MUTEX(smack_master_list_lock);
71 static DEFINE_MUTEX(smack_cipso_lock);
72 static DEFINE_MUTEX(smack_ambient_lock);
73 static DEFINE_MUTEX(smk_net4addr_lock);
74 #if IS_ENABLED(CONFIG_IPV6)
75 static DEFINE_MUTEX(smk_net6addr_lock);
76 #endif /* CONFIG_IPV6 */
77 
78 /*
79  * This is the "ambient" label for network traffic.
80  * If it isn't somehow marked, use this.
81  * It can be reset via smackfs/ambient
82  */
83 struct smack_known *smack_net_ambient;
84 
85 /*
86  * This is the level in a CIPSO header that indicates a
87  * smack label is contained directly in the category set.
88  * It can be reset via smackfs/direct
89  */
90 int smack_cipso_direct = SMACK_CIPSO_DIRECT_DEFAULT;
91 
92 /*
93  * This is the level in a CIPSO header that indicates a
94  * secid is contained directly in the category set.
95  * It can be reset via smackfs/mapped
96  */
97 int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT;
98 
99 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
100 /*
101  * Allow one label to be unconfined. This is for
102  * debugging and application bring-up purposes only.
103  * It is bad and wrong, but everyone seems to expect
104  * to have it.
105  */
106 struct smack_known *smack_unconfined;
107 #endif
108 
109 /*
110  * If this value is set restrict syslog use to the label specified.
111  * It can be reset via smackfs/syslog
112  */
113 struct smack_known *smack_syslog_label;
114 
115 /*
116  * Ptrace current rule
117  * SMACK_PTRACE_DEFAULT    regular smack ptrace rules (/proc based)
118  * SMACK_PTRACE_EXACT      labels must match, but can be overriden with
119  *			   CAP_SYS_PTRACE
120  * SMACK_PTRACE_DRACONIAN  lables must match, CAP_SYS_PTRACE has no effect
121  */
122 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
123 
124 /*
125  * Certain IP addresses may be designated as single label hosts.
126  * Packets are sent there unlabeled, but only from tasks that
127  * can write to the specified label.
128  */
129 
130 LIST_HEAD(smk_net4addr_list);
131 #if IS_ENABLED(CONFIG_IPV6)
132 LIST_HEAD(smk_net6addr_list);
133 #endif /* CONFIG_IPV6 */
134 
135 /*
136  * Rule lists are maintained for each label.
137  * This master list is just for reading /smack/load and /smack/load2.
138  */
139 struct smack_master_list {
140 	struct list_head	list;
141 	struct smack_rule	*smk_rule;
142 };
143 
144 static LIST_HEAD(smack_rule_list);
145 
146 struct smack_parsed_rule {
147 	struct smack_known	*smk_subject;
148 	struct smack_known	*smk_object;
149 	int			smk_access1;
150 	int			smk_access2;
151 };
152 
153 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
154 
155 /*
156  * Values for parsing cipso rules
157  * SMK_DIGITLEN: Length of a digit field in a rule.
158  * SMK_CIPSOMIN: Minimum possible cipso rule length.
159  * SMK_CIPSOMAX: Maximum possible cipso rule length.
160  */
161 #define SMK_DIGITLEN 4
162 #define SMK_CIPSOMIN (SMK_LABELLEN + 2 * SMK_DIGITLEN)
163 #define SMK_CIPSOMAX (SMK_CIPSOMIN + SMACK_CIPSO_MAXCATNUM * SMK_DIGITLEN)
164 
165 /*
166  * Values for parsing MAC rules
167  * SMK_ACCESS: Maximum possible combination of access permissions
168  * SMK_ACCESSLEN: Maximum length for a rule access field
169  * SMK_LOADLEN: Smack rule length
170  */
171 #define SMK_OACCESS	"rwxa"
172 #define SMK_ACCESS	"rwxatl"
173 #define SMK_OACCESSLEN	(sizeof(SMK_OACCESS) - 1)
174 #define SMK_ACCESSLEN	(sizeof(SMK_ACCESS) - 1)
175 #define SMK_OLOADLEN	(SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
176 #define SMK_LOADLEN	(SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
177 
178 /*
179  * Stricly for CIPSO level manipulation.
180  * Set the category bit number in a smack label sized buffer.
181  */
182 static inline void smack_catset_bit(unsigned int cat, char *catsetp)
183 {
184 	if (cat == 0 || cat > (SMK_CIPSOLEN * 8))
185 		return;
186 
187 	catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
188 }
189 
190 /**
191  * smk_netlabel_audit_set - fill a netlbl_audit struct
192  * @nap: structure to fill
193  */
194 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
195 {
196 	struct smack_known *skp = smk_of_current();
197 
198 	nap->loginuid = audit_get_loginuid(current);
199 	nap->sessionid = audit_get_sessionid(current);
200 	nap->secid = skp->smk_secid;
201 }
202 
203 /*
204  * Value for parsing single label host rules
205  * "1.2.3.4 X"
206  */
207 #define SMK_NETLBLADDRMIN	9
208 
209 /**
210  * smk_set_access - add a rule to the rule list or replace an old rule
211  * @srp: the rule to add or replace
212  * @rule_list: the list of rules
213  * @rule_lock: the rule list lock
214  * @global: if non-zero, indicates a global rule
215  *
216  * Looks through the current subject/object/access list for
217  * the subject/object pair and replaces the access that was
218  * there. If the pair isn't found add it with the specified
219  * access.
220  *
221  * Returns 0 if nothing goes wrong or -ENOMEM if it fails
222  * during the allocation of the new pair to add.
223  */
224 static int smk_set_access(struct smack_parsed_rule *srp,
225 				struct list_head *rule_list,
226 				struct mutex *rule_lock, int global)
227 {
228 	struct smack_rule *sp;
229 	struct smack_master_list *smlp;
230 	int found = 0;
231 	int rc = 0;
232 
233 	mutex_lock(rule_lock);
234 
235 	/*
236 	 * Because the object label is less likely to match
237 	 * than the subject label check it first
238 	 */
239 	list_for_each_entry_rcu(sp, rule_list, list) {
240 		if (sp->smk_object == srp->smk_object &&
241 		    sp->smk_subject == srp->smk_subject) {
242 			found = 1;
243 			sp->smk_access |= srp->smk_access1;
244 			sp->smk_access &= ~srp->smk_access2;
245 			break;
246 		}
247 	}
248 
249 	if (found == 0) {
250 		sp = kzalloc(sizeof(*sp), GFP_KERNEL);
251 		if (sp == NULL) {
252 			rc = -ENOMEM;
253 			goto out;
254 		}
255 
256 		sp->smk_subject = srp->smk_subject;
257 		sp->smk_object = srp->smk_object;
258 		sp->smk_access = srp->smk_access1 & ~srp->smk_access2;
259 
260 		list_add_rcu(&sp->list, rule_list);
261 		/*
262 		 * If this is a global as opposed to self and a new rule
263 		 * it needs to get added for reporting.
264 		 */
265 		if (global) {
266 			mutex_unlock(rule_lock);
267 			smlp = kzalloc(sizeof(*smlp), GFP_KERNEL);
268 			if (smlp != NULL) {
269 				smlp->smk_rule = sp;
270 				mutex_lock(&smack_master_list_lock);
271 				list_add_rcu(&smlp->list, &smack_rule_list);
272 				mutex_unlock(&smack_master_list_lock);
273 			} else
274 				rc = -ENOMEM;
275 			return rc;
276 		}
277 	}
278 
279 out:
280 	mutex_unlock(rule_lock);
281 	return rc;
282 }
283 
284 /**
285  * smk_perm_from_str - parse smack accesses from a text string
286  * @string: a text string that contains a Smack accesses code
287  *
288  * Returns an integer with respective bits set for specified accesses.
289  */
290 static int smk_perm_from_str(const char *string)
291 {
292 	int perm = 0;
293 	const char *cp;
294 
295 	for (cp = string; ; cp++)
296 		switch (*cp) {
297 		case '-':
298 			break;
299 		case 'r':
300 		case 'R':
301 			perm |= MAY_READ;
302 			break;
303 		case 'w':
304 		case 'W':
305 			perm |= MAY_WRITE;
306 			break;
307 		case 'x':
308 		case 'X':
309 			perm |= MAY_EXEC;
310 			break;
311 		case 'a':
312 		case 'A':
313 			perm |= MAY_APPEND;
314 			break;
315 		case 't':
316 		case 'T':
317 			perm |= MAY_TRANSMUTE;
318 			break;
319 		case 'l':
320 		case 'L':
321 			perm |= MAY_LOCK;
322 			break;
323 		case 'b':
324 		case 'B':
325 			perm |= MAY_BRINGUP;
326 			break;
327 		default:
328 			return perm;
329 		}
330 }
331 
332 /**
333  * smk_fill_rule - Fill Smack rule from strings
334  * @subject: subject label string
335  * @object: object label string
336  * @access1: access string
337  * @access2: string with permissions to be removed
338  * @rule: Smack rule
339  * @import: if non-zero, import labels
340  * @len: label length limit
341  *
342  * Returns 0 on success, appropriate error code on failure.
343  */
344 static int smk_fill_rule(const char *subject, const char *object,
345 				const char *access1, const char *access2,
346 				struct smack_parsed_rule *rule, int import,
347 				int len)
348 {
349 	const char *cp;
350 	struct smack_known *skp;
351 
352 	if (import) {
353 		rule->smk_subject = smk_import_entry(subject, len);
354 		if (IS_ERR(rule->smk_subject))
355 			return PTR_ERR(rule->smk_subject);
356 
357 		rule->smk_object = smk_import_entry(object, len);
358 		if (IS_ERR(rule->smk_object))
359 			return PTR_ERR(rule->smk_object);
360 	} else {
361 		cp = smk_parse_smack(subject, len);
362 		if (IS_ERR(cp))
363 			return PTR_ERR(cp);
364 		skp = smk_find_entry(cp);
365 		kfree(cp);
366 		if (skp == NULL)
367 			return -ENOENT;
368 		rule->smk_subject = skp;
369 
370 		cp = smk_parse_smack(object, len);
371 		if (IS_ERR(cp))
372 			return PTR_ERR(cp);
373 		skp = smk_find_entry(cp);
374 		kfree(cp);
375 		if (skp == NULL)
376 			return -ENOENT;
377 		rule->smk_object = skp;
378 	}
379 
380 	rule->smk_access1 = smk_perm_from_str(access1);
381 	if (access2)
382 		rule->smk_access2 = smk_perm_from_str(access2);
383 	else
384 		rule->smk_access2 = ~rule->smk_access1;
385 
386 	return 0;
387 }
388 
389 /**
390  * smk_parse_rule - parse Smack rule from load string
391  * @data: string to be parsed whose size is SMK_LOADLEN
392  * @rule: Smack rule
393  * @import: if non-zero, import labels
394  *
395  * Returns 0 on success, -1 on errors.
396  */
397 static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
398 				int import)
399 {
400 	int rc;
401 
402 	rc = smk_fill_rule(data, data + SMK_LABELLEN,
403 			   data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule,
404 			   import, SMK_LABELLEN);
405 	return rc;
406 }
407 
408 /**
409  * smk_parse_long_rule - parse Smack rule from rule string
410  * @data: string to be parsed, null terminated
411  * @rule: Will be filled with Smack parsed rule
412  * @import: if non-zero, import labels
413  * @tokens: numer of substrings expected in data
414  *
415  * Returns number of processed bytes on success, -ERRNO on failure.
416  */
417 static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
418 				int import, int tokens)
419 {
420 	ssize_t cnt = 0;
421 	char *tok[4];
422 	int rc;
423 	int i;
424 
425 	/*
426 	 * Parsing the rule in-place, filling all white-spaces with '\0'
427 	 */
428 	for (i = 0; i < tokens; ++i) {
429 		while (isspace(data[cnt]))
430 			data[cnt++] = '\0';
431 
432 		if (data[cnt] == '\0')
433 			/* Unexpected end of data */
434 			return -EINVAL;
435 
436 		tok[i] = data + cnt;
437 
438 		while (data[cnt] && !isspace(data[cnt]))
439 			++cnt;
440 	}
441 	while (isspace(data[cnt]))
442 		data[cnt++] = '\0';
443 
444 	while (i < 4)
445 		tok[i++] = NULL;
446 
447 	rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
448 	return rc == 0 ? cnt : rc;
449 }
450 
451 #define SMK_FIXED24_FMT	0	/* Fixed 24byte label format */
452 #define SMK_LONG_FMT	1	/* Variable long label format */
453 #define SMK_CHANGE_FMT	2	/* Rule modification format */
454 /**
455  * smk_write_rules_list - write() for any /smack rule file
456  * @file: file pointer, not actually used
457  * @buf: where to get the data from
458  * @count: bytes sent
459  * @ppos: where to start - must be 0
460  * @rule_list: the list of rules to write to
461  * @rule_lock: lock for the rule list
462  * @format: /smack/load or /smack/load2 or /smack/change-rule format.
463  *
464  * Get one smack access rule from above.
465  * The format for SMK_LONG_FMT is:
466  *	"subject<whitespace>object<whitespace>access[<whitespace>...]"
467  * The format for SMK_FIXED24_FMT is exactly:
468  *	"subject                 object                  rwxat"
469  * The format for SMK_CHANGE_FMT is:
470  *	"subject<whitespace>object<whitespace>
471  *	 acc_enable<whitespace>acc_disable[<whitespace>...]"
472  */
473 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
474 					size_t count, loff_t *ppos,
475 					struct list_head *rule_list,
476 					struct mutex *rule_lock, int format)
477 {
478 	struct smack_parsed_rule rule;
479 	char *data;
480 	int rc;
481 	int trunc = 0;
482 	int tokens;
483 	ssize_t cnt = 0;
484 
485 	/*
486 	 * No partial writes.
487 	 * Enough data must be present.
488 	 */
489 	if (*ppos != 0)
490 		return -EINVAL;
491 
492 	if (format == SMK_FIXED24_FMT) {
493 		/*
494 		 * Minor hack for backward compatibility
495 		 */
496 		if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
497 			return -EINVAL;
498 	} else {
499 		if (count >= PAGE_SIZE) {
500 			count = PAGE_SIZE - 1;
501 			trunc = 1;
502 		}
503 	}
504 
505 	data = memdup_user_nul(buf, count);
506 	if (IS_ERR(data))
507 		return PTR_ERR(data);
508 
509 	/*
510 	 * In case of parsing only part of user buf,
511 	 * avoid having partial rule at the data buffer
512 	 */
513 	if (trunc) {
514 		while (count > 0 && (data[count - 1] != '\n'))
515 			--count;
516 		if (count == 0) {
517 			rc = -EINVAL;
518 			goto out;
519 		}
520 	}
521 
522 	data[count] = '\0';
523 	tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
524 	while (cnt < count) {
525 		if (format == SMK_FIXED24_FMT) {
526 			rc = smk_parse_rule(data, &rule, 1);
527 			if (rc < 0)
528 				goto out;
529 			cnt = count;
530 		} else {
531 			rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
532 			if (rc < 0)
533 				goto out;
534 			if (rc == 0) {
535 				rc = -EINVAL;
536 				goto out;
537 			}
538 			cnt += rc;
539 		}
540 
541 		if (rule_list == NULL)
542 			rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
543 				&rule.smk_subject->smk_rules_lock, 1);
544 		else
545 			rc = smk_set_access(&rule, rule_list, rule_lock, 0);
546 
547 		if (rc)
548 			goto out;
549 	}
550 
551 	rc = cnt;
552 out:
553 	kfree(data);
554 	return rc;
555 }
556 
557 /*
558  * Core logic for smackfs seq list operations.
559  */
560 
561 static void *smk_seq_start(struct seq_file *s, loff_t *pos,
562 				struct list_head *head)
563 {
564 	struct list_head *list;
565 	int i = *pos;
566 
567 	rcu_read_lock();
568 	for (list = rcu_dereference(list_next_rcu(head));
569 		list != head;
570 		list = rcu_dereference(list_next_rcu(list))) {
571 		if (i-- == 0)
572 			return list;
573 	}
574 
575 	return NULL;
576 }
577 
578 static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
579 				struct list_head *head)
580 {
581 	struct list_head *list = v;
582 
583 	++*pos;
584 	list = rcu_dereference(list_next_rcu(list));
585 
586 	return (list == head) ? NULL : list;
587 }
588 
589 static void smk_seq_stop(struct seq_file *s, void *v)
590 {
591 	rcu_read_unlock();
592 }
593 
594 static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
595 {
596 	/*
597 	 * Don't show any rules with label names too long for
598 	 * interface file (/smack/load or /smack/load2)
599 	 * because you should expect to be able to write
600 	 * anything you read back.
601 	 */
602 	if (strlen(srp->smk_subject->smk_known) >= max ||
603 	    strlen(srp->smk_object->smk_known) >= max)
604 		return;
605 
606 	if (srp->smk_access == 0)
607 		return;
608 
609 	seq_printf(s, "%s %s",
610 		   srp->smk_subject->smk_known,
611 		   srp->smk_object->smk_known);
612 
613 	seq_putc(s, ' ');
614 
615 	if (srp->smk_access & MAY_READ)
616 		seq_putc(s, 'r');
617 	if (srp->smk_access & MAY_WRITE)
618 		seq_putc(s, 'w');
619 	if (srp->smk_access & MAY_EXEC)
620 		seq_putc(s, 'x');
621 	if (srp->smk_access & MAY_APPEND)
622 		seq_putc(s, 'a');
623 	if (srp->smk_access & MAY_TRANSMUTE)
624 		seq_putc(s, 't');
625 	if (srp->smk_access & MAY_LOCK)
626 		seq_putc(s, 'l');
627 	if (srp->smk_access & MAY_BRINGUP)
628 		seq_putc(s, 'b');
629 
630 	seq_putc(s, '\n');
631 }
632 
633 /*
634  * Seq_file read operations for /smack/load
635  */
636 
637 static void *load2_seq_start(struct seq_file *s, loff_t *pos)
638 {
639 	return smk_seq_start(s, pos, &smack_rule_list);
640 }
641 
642 static void *load2_seq_next(struct seq_file *s, void *v, loff_t *pos)
643 {
644 	return smk_seq_next(s, v, pos, &smack_rule_list);
645 }
646 
647 static int load_seq_show(struct seq_file *s, void *v)
648 {
649 	struct list_head *list = v;
650 	struct smack_master_list *smlp =
651 		list_entry_rcu(list, struct smack_master_list, list);
652 
653 	smk_rule_show(s, smlp->smk_rule, SMK_LABELLEN);
654 
655 	return 0;
656 }
657 
658 static const struct seq_operations load_seq_ops = {
659 	.start = load2_seq_start,
660 	.next  = load2_seq_next,
661 	.show  = load_seq_show,
662 	.stop  = smk_seq_stop,
663 };
664 
665 /**
666  * smk_open_load - open() for /smack/load
667  * @inode: inode structure representing file
668  * @file: "load" file pointer
669  *
670  * For reading, use load_seq_* seq_file reading operations.
671  */
672 static int smk_open_load(struct inode *inode, struct file *file)
673 {
674 	return seq_open(file, &load_seq_ops);
675 }
676 
677 /**
678  * smk_write_load - write() for /smack/load
679  * @file: file pointer, not actually used
680  * @buf: where to get the data from
681  * @count: bytes sent
682  * @ppos: where to start - must be 0
683  *
684  */
685 static ssize_t smk_write_load(struct file *file, const char __user *buf,
686 			      size_t count, loff_t *ppos)
687 {
688 	/*
689 	 * Must have privilege.
690 	 * No partial writes.
691 	 * Enough data must be present.
692 	 */
693 	if (!smack_privileged(CAP_MAC_ADMIN))
694 		return -EPERM;
695 
696 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
697 				    SMK_FIXED24_FMT);
698 }
699 
700 static const struct file_operations smk_load_ops = {
701 	.open           = smk_open_load,
702 	.read		= seq_read,
703 	.llseek         = seq_lseek,
704 	.write		= smk_write_load,
705 	.release        = seq_release,
706 };
707 
708 /**
709  * smk_cipso_doi - initialize the CIPSO domain
710  */
711 static void smk_cipso_doi(void)
712 {
713 	int rc;
714 	struct cipso_v4_doi *doip;
715 	struct netlbl_audit nai;
716 
717 	smk_netlabel_audit_set(&nai);
718 
719 	rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
720 	if (rc != 0)
721 		printk(KERN_WARNING "%s:%d remove rc = %d\n",
722 		       __func__, __LINE__, rc);
723 
724 	doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
725 	if (doip == NULL)
726 		panic("smack:  Failed to initialize cipso DOI.\n");
727 	doip->map.std = NULL;
728 	doip->doi = smk_cipso_doi_value;
729 	doip->type = CIPSO_V4_MAP_PASS;
730 	doip->tags[0] = CIPSO_V4_TAG_RBITMAP;
731 	for (rc = 1; rc < CIPSO_V4_TAG_MAXCNT; rc++)
732 		doip->tags[rc] = CIPSO_V4_TAG_INVALID;
733 
734 	rc = netlbl_cfg_cipsov4_add(doip, &nai);
735 	if (rc != 0) {
736 		printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
737 		       __func__, __LINE__, rc);
738 		kfree(doip);
739 		return;
740 	}
741 	rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
742 	if (rc != 0) {
743 		printk(KERN_WARNING "%s:%d map add rc = %d\n",
744 		       __func__, __LINE__, rc);
745 		kfree(doip);
746 		return;
747 	}
748 }
749 
750 /**
751  * smk_unlbl_ambient - initialize the unlabeled domain
752  * @oldambient: previous domain string
753  */
754 static void smk_unlbl_ambient(char *oldambient)
755 {
756 	int rc;
757 	struct netlbl_audit nai;
758 
759 	smk_netlabel_audit_set(&nai);
760 
761 	if (oldambient != NULL) {
762 		rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
763 		if (rc != 0)
764 			printk(KERN_WARNING "%s:%d remove rc = %d\n",
765 			       __func__, __LINE__, rc);
766 	}
767 	if (smack_net_ambient == NULL)
768 		smack_net_ambient = &smack_known_floor;
769 
770 	rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
771 				      NULL, NULL, &nai);
772 	if (rc != 0)
773 		printk(KERN_WARNING "%s:%d add rc = %d\n",
774 		       __func__, __LINE__, rc);
775 }
776 
777 /*
778  * Seq_file read operations for /smack/cipso
779  */
780 
781 static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
782 {
783 	return smk_seq_start(s, pos, &smack_known_list);
784 }
785 
786 static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
787 {
788 	return smk_seq_next(s, v, pos, &smack_known_list);
789 }
790 
791 /*
792  * Print cipso labels in format:
793  * label level[/cat[,cat]]
794  */
795 static int cipso_seq_show(struct seq_file *s, void *v)
796 {
797 	struct list_head  *list = v;
798 	struct smack_known *skp =
799 		list_entry_rcu(list, struct smack_known, list);
800 	struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
801 	char sep = '/';
802 	int i;
803 
804 	/*
805 	 * Don't show a label that could not have been set using
806 	 * /smack/cipso. This is in support of the notion that
807 	 * anything read from /smack/cipso ought to be writeable
808 	 * to /smack/cipso.
809 	 *
810 	 * /smack/cipso2 should be used instead.
811 	 */
812 	if (strlen(skp->smk_known) >= SMK_LABELLEN)
813 		return 0;
814 
815 	seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
816 
817 	for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
818 	     i = netlbl_catmap_walk(cmp, i + 1)) {
819 		seq_printf(s, "%c%d", sep, i);
820 		sep = ',';
821 	}
822 
823 	seq_putc(s, '\n');
824 
825 	return 0;
826 }
827 
828 static const struct seq_operations cipso_seq_ops = {
829 	.start = cipso_seq_start,
830 	.next  = cipso_seq_next,
831 	.show  = cipso_seq_show,
832 	.stop  = smk_seq_stop,
833 };
834 
835 /**
836  * smk_open_cipso - open() for /smack/cipso
837  * @inode: inode structure representing file
838  * @file: "cipso" file pointer
839  *
840  * Connect our cipso_seq_* operations with /smack/cipso
841  * file_operations
842  */
843 static int smk_open_cipso(struct inode *inode, struct file *file)
844 {
845 	return seq_open(file, &cipso_seq_ops);
846 }
847 
848 /**
849  * smk_set_cipso - do the work for write() for cipso and cipso2
850  * @file: file pointer, not actually used
851  * @buf: where to get the data from
852  * @count: bytes sent
853  * @ppos: where to start
854  * @format: /smack/cipso or /smack/cipso2
855  *
856  * Accepts only one cipso rule per write call.
857  * Returns number of bytes written or error code, as appropriate
858  */
859 static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
860 				size_t count, loff_t *ppos, int format)
861 {
862 	struct smack_known *skp;
863 	struct netlbl_lsm_secattr ncats;
864 	char mapcatset[SMK_CIPSOLEN];
865 	int maplevel;
866 	unsigned int cat;
867 	int catlen;
868 	ssize_t rc = -EINVAL;
869 	char *data = NULL;
870 	char *rule;
871 	int ret;
872 	int i;
873 
874 	/*
875 	 * Must have privilege.
876 	 * No partial writes.
877 	 * Enough data must be present.
878 	 */
879 	if (!smack_privileged(CAP_MAC_ADMIN))
880 		return -EPERM;
881 	if (*ppos != 0)
882 		return -EINVAL;
883 	if (format == SMK_FIXED24_FMT &&
884 	    (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
885 		return -EINVAL;
886 
887 	data = memdup_user_nul(buf, count);
888 	if (IS_ERR(data))
889 		return PTR_ERR(data);
890 
891 	rule = data;
892 	/*
893 	 * Only allow one writer at a time. Writes should be
894 	 * quite rare and small in any case.
895 	 */
896 	mutex_lock(&smack_cipso_lock);
897 
898 	skp = smk_import_entry(rule, 0);
899 	if (IS_ERR(skp)) {
900 		rc = PTR_ERR(skp);
901 		goto out;
902 	}
903 
904 	if (format == SMK_FIXED24_FMT)
905 		rule += SMK_LABELLEN;
906 	else
907 		rule += strlen(skp->smk_known) + 1;
908 
909 	ret = sscanf(rule, "%d", &maplevel);
910 	if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
911 		goto out;
912 
913 	rule += SMK_DIGITLEN;
914 	ret = sscanf(rule, "%d", &catlen);
915 	if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
916 		goto out;
917 
918 	if (format == SMK_FIXED24_FMT &&
919 	    count != (SMK_CIPSOMIN + catlen * SMK_DIGITLEN))
920 		goto out;
921 
922 	memset(mapcatset, 0, sizeof(mapcatset));
923 
924 	for (i = 0; i < catlen; i++) {
925 		rule += SMK_DIGITLEN;
926 		ret = sscanf(rule, "%u", &cat);
927 		if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
928 			goto out;
929 
930 		smack_catset_bit(cat, mapcatset);
931 	}
932 
933 	rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN);
934 	if (rc >= 0) {
935 		netlbl_catmap_free(skp->smk_netlabel.attr.mls.cat);
936 		skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat;
937 		skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
938 		rc = count;
939 	}
940 
941 out:
942 	mutex_unlock(&smack_cipso_lock);
943 	kfree(data);
944 	return rc;
945 }
946 
947 /**
948  * smk_write_cipso - write() for /smack/cipso
949  * @file: file pointer, not actually used
950  * @buf: where to get the data from
951  * @count: bytes sent
952  * @ppos: where to start
953  *
954  * Accepts only one cipso rule per write call.
955  * Returns number of bytes written or error code, as appropriate
956  */
957 static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
958 			       size_t count, loff_t *ppos)
959 {
960 	return smk_set_cipso(file, buf, count, ppos, SMK_FIXED24_FMT);
961 }
962 
963 static const struct file_operations smk_cipso_ops = {
964 	.open           = smk_open_cipso,
965 	.read		= seq_read,
966 	.llseek         = seq_lseek,
967 	.write		= smk_write_cipso,
968 	.release        = seq_release,
969 };
970 
971 /*
972  * Seq_file read operations for /smack/cipso2
973  */
974 
975 /*
976  * Print cipso labels in format:
977  * label level[/cat[,cat]]
978  */
979 static int cipso2_seq_show(struct seq_file *s, void *v)
980 {
981 	struct list_head  *list = v;
982 	struct smack_known *skp =
983 		list_entry_rcu(list, struct smack_known, list);
984 	struct netlbl_lsm_catmap *cmp = skp->smk_netlabel.attr.mls.cat;
985 	char sep = '/';
986 	int i;
987 
988 	seq_printf(s, "%s %3d", skp->smk_known, skp->smk_netlabel.attr.mls.lvl);
989 
990 	for (i = netlbl_catmap_walk(cmp, 0); i >= 0;
991 	     i = netlbl_catmap_walk(cmp, i + 1)) {
992 		seq_printf(s, "%c%d", sep, i);
993 		sep = ',';
994 	}
995 
996 	seq_putc(s, '\n');
997 
998 	return 0;
999 }
1000 
1001 static const struct seq_operations cipso2_seq_ops = {
1002 	.start = cipso_seq_start,
1003 	.next  = cipso_seq_next,
1004 	.show  = cipso2_seq_show,
1005 	.stop  = smk_seq_stop,
1006 };
1007 
1008 /**
1009  * smk_open_cipso2 - open() for /smack/cipso2
1010  * @inode: inode structure representing file
1011  * @file: "cipso2" file pointer
1012  *
1013  * Connect our cipso_seq_* operations with /smack/cipso2
1014  * file_operations
1015  */
1016 static int smk_open_cipso2(struct inode *inode, struct file *file)
1017 {
1018 	return seq_open(file, &cipso2_seq_ops);
1019 }
1020 
1021 /**
1022  * smk_write_cipso2 - write() for /smack/cipso2
1023  * @file: file pointer, not actually used
1024  * @buf: where to get the data from
1025  * @count: bytes sent
1026  * @ppos: where to start
1027  *
1028  * Accepts only one cipso rule per write call.
1029  * Returns number of bytes written or error code, as appropriate
1030  */
1031 static ssize_t smk_write_cipso2(struct file *file, const char __user *buf,
1032 			      size_t count, loff_t *ppos)
1033 {
1034 	return smk_set_cipso(file, buf, count, ppos, SMK_LONG_FMT);
1035 }
1036 
1037 static const struct file_operations smk_cipso2_ops = {
1038 	.open           = smk_open_cipso2,
1039 	.read		= seq_read,
1040 	.llseek         = seq_lseek,
1041 	.write		= smk_write_cipso2,
1042 	.release        = seq_release,
1043 };
1044 
1045 /*
1046  * Seq_file read operations for /smack/netlabel
1047  */
1048 
1049 static void *net4addr_seq_start(struct seq_file *s, loff_t *pos)
1050 {
1051 	return smk_seq_start(s, pos, &smk_net4addr_list);
1052 }
1053 
1054 static void *net4addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1055 {
1056 	return smk_seq_next(s, v, pos, &smk_net4addr_list);
1057 }
1058 
1059 /*
1060  * Print host/label pairs
1061  */
1062 static int net4addr_seq_show(struct seq_file *s, void *v)
1063 {
1064 	struct list_head *list = v;
1065 	struct smk_net4addr *skp =
1066 			list_entry_rcu(list, struct smk_net4addr, list);
1067 	char *kp = SMACK_CIPSO_OPTION;
1068 
1069 	if (skp->smk_label != NULL)
1070 		kp = skp->smk_label->smk_known;
1071 	seq_printf(s, "%pI4/%d %s\n", &skp->smk_host.s_addr,
1072 			skp->smk_masks, kp);
1073 
1074 	return 0;
1075 }
1076 
1077 static const struct seq_operations net4addr_seq_ops = {
1078 	.start = net4addr_seq_start,
1079 	.next  = net4addr_seq_next,
1080 	.show  = net4addr_seq_show,
1081 	.stop  = smk_seq_stop,
1082 };
1083 
1084 /**
1085  * smk_open_net4addr - open() for /smack/netlabel
1086  * @inode: inode structure representing file
1087  * @file: "netlabel" file pointer
1088  *
1089  * Connect our net4addr_seq_* operations with /smack/netlabel
1090  * file_operations
1091  */
1092 static int smk_open_net4addr(struct inode *inode, struct file *file)
1093 {
1094 	return seq_open(file, &net4addr_seq_ops);
1095 }
1096 
1097 /**
1098  * smk_net4addr_insert
1099  * @new : netlabel to insert
1100  *
1101  * This helper insert netlabel in the smack_net4addrs list
1102  * sorted by netmask length (longest to smallest)
1103  * locked by &smk_net4addr_lock in smk_write_net4addr
1104  *
1105  */
1106 static void smk_net4addr_insert(struct smk_net4addr *new)
1107 {
1108 	struct smk_net4addr *m;
1109 	struct smk_net4addr *m_next;
1110 
1111 	if (list_empty(&smk_net4addr_list)) {
1112 		list_add_rcu(&new->list, &smk_net4addr_list);
1113 		return;
1114 	}
1115 
1116 	m = list_entry_rcu(smk_net4addr_list.next,
1117 			   struct smk_net4addr, list);
1118 
1119 	/* the comparison '>' is a bit hacky, but works */
1120 	if (new->smk_masks > m->smk_masks) {
1121 		list_add_rcu(&new->list, &smk_net4addr_list);
1122 		return;
1123 	}
1124 
1125 	list_for_each_entry_rcu(m, &smk_net4addr_list, list) {
1126 		if (list_is_last(&m->list, &smk_net4addr_list)) {
1127 			list_add_rcu(&new->list, &m->list);
1128 			return;
1129 		}
1130 		m_next = list_entry_rcu(m->list.next,
1131 					struct smk_net4addr, list);
1132 		if (new->smk_masks > m_next->smk_masks) {
1133 			list_add_rcu(&new->list, &m->list);
1134 			return;
1135 		}
1136 	}
1137 }
1138 
1139 
1140 /**
1141  * smk_write_net4addr - write() for /smack/netlabel
1142  * @file: file pointer, not actually used
1143  * @buf: where to get the data from
1144  * @count: bytes sent
1145  * @ppos: where to start
1146  *
1147  * Accepts only one net4addr per write call.
1148  * Returns number of bytes written or error code, as appropriate
1149  */
1150 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
1151 				size_t count, loff_t *ppos)
1152 {
1153 	struct smk_net4addr *snp;
1154 	struct sockaddr_in newname;
1155 	char *smack;
1156 	struct smack_known *skp = NULL;
1157 	char *data;
1158 	char *host = (char *)&newname.sin_addr.s_addr;
1159 	int rc;
1160 	struct netlbl_audit audit_info;
1161 	struct in_addr mask;
1162 	unsigned int m;
1163 	unsigned int masks;
1164 	int found;
1165 	u32 mask_bits = (1<<31);
1166 	__be32 nsa;
1167 	u32 temp_mask;
1168 
1169 	/*
1170 	 * Must have privilege.
1171 	 * No partial writes.
1172 	 * Enough data must be present.
1173 	 * "<addr/mask, as a.b.c.d/e><space><label>"
1174 	 * "<addr, as a.b.c.d><space><label>"
1175 	 */
1176 	if (!smack_privileged(CAP_MAC_ADMIN))
1177 		return -EPERM;
1178 	if (*ppos != 0)
1179 		return -EINVAL;
1180 	if (count < SMK_NETLBLADDRMIN)
1181 		return -EINVAL;
1182 
1183 	data = memdup_user_nul(buf, count);
1184 	if (IS_ERR(data))
1185 		return PTR_ERR(data);
1186 
1187 	smack = kzalloc(count + 1, GFP_KERNEL);
1188 	if (smack == NULL) {
1189 		rc = -ENOMEM;
1190 		goto free_data_out;
1191 	}
1192 
1193 	rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
1194 		&host[0], &host[1], &host[2], &host[3], &masks, smack);
1195 	if (rc != 6) {
1196 		rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
1197 			&host[0], &host[1], &host[2], &host[3], smack);
1198 		if (rc != 5) {
1199 			rc = -EINVAL;
1200 			goto free_out;
1201 		}
1202 		m = BEBITS;
1203 		masks = 32;
1204 	}
1205 	if (masks > BEBITS) {
1206 		rc = -EINVAL;
1207 		goto free_out;
1208 	}
1209 
1210 	/*
1211 	 * If smack begins with '-', it is an option, don't import it
1212 	 */
1213 	if (smack[0] != '-') {
1214 		skp = smk_import_entry(smack, 0);
1215 		if (IS_ERR(skp)) {
1216 			rc = PTR_ERR(skp);
1217 			goto free_out;
1218 		}
1219 	} else {
1220 		/*
1221 		 * Only the -CIPSO option is supported for IPv4
1222 		 */
1223 		if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) {
1224 			rc = -EINVAL;
1225 			goto free_out;
1226 		}
1227 	}
1228 
1229 	for (m = masks, temp_mask = 0; m > 0; m--) {
1230 		temp_mask |= mask_bits;
1231 		mask_bits >>= 1;
1232 	}
1233 	mask.s_addr = cpu_to_be32(temp_mask);
1234 
1235 	newname.sin_addr.s_addr &= mask.s_addr;
1236 	/*
1237 	 * Only allow one writer at a time. Writes should be
1238 	 * quite rare and small in any case.
1239 	 */
1240 	mutex_lock(&smk_net4addr_lock);
1241 
1242 	nsa = newname.sin_addr.s_addr;
1243 	/* try to find if the prefix is already in the list */
1244 	found = 0;
1245 	list_for_each_entry_rcu(snp, &smk_net4addr_list, list) {
1246 		if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) {
1247 			found = 1;
1248 			break;
1249 		}
1250 	}
1251 	smk_netlabel_audit_set(&audit_info);
1252 
1253 	if (found == 0) {
1254 		snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1255 		if (snp == NULL)
1256 			rc = -ENOMEM;
1257 		else {
1258 			rc = 0;
1259 			snp->smk_host.s_addr = newname.sin_addr.s_addr;
1260 			snp->smk_mask.s_addr = mask.s_addr;
1261 			snp->smk_label = skp;
1262 			snp->smk_masks = masks;
1263 			smk_net4addr_insert(snp);
1264 		}
1265 	} else {
1266 		/*
1267 		 * Delete the unlabeled entry, only if the previous label
1268 		 * wasn't the special CIPSO option
1269 		 */
1270 		if (snp->smk_label != NULL)
1271 			rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
1272 					&snp->smk_host, &snp->smk_mask,
1273 					PF_INET, &audit_info);
1274 		else
1275 			rc = 0;
1276 		snp->smk_label = skp;
1277 	}
1278 
1279 	/*
1280 	 * Now tell netlabel about the single label nature of
1281 	 * this host so that incoming packets get labeled.
1282 	 * but only if we didn't get the special CIPSO option
1283 	 */
1284 	if (rc == 0 && skp != NULL)
1285 		rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
1286 			&snp->smk_host, &snp->smk_mask, PF_INET,
1287 			snp->smk_label->smk_secid, &audit_info);
1288 
1289 	if (rc == 0)
1290 		rc = count;
1291 
1292 	mutex_unlock(&smk_net4addr_lock);
1293 
1294 free_out:
1295 	kfree(smack);
1296 free_data_out:
1297 	kfree(data);
1298 
1299 	return rc;
1300 }
1301 
1302 static const struct file_operations smk_net4addr_ops = {
1303 	.open           = smk_open_net4addr,
1304 	.read		= seq_read,
1305 	.llseek         = seq_lseek,
1306 	.write		= smk_write_net4addr,
1307 	.release        = seq_release,
1308 };
1309 
1310 #if IS_ENABLED(CONFIG_IPV6)
1311 /*
1312  * Seq_file read operations for /smack/netlabel6
1313  */
1314 
1315 static void *net6addr_seq_start(struct seq_file *s, loff_t *pos)
1316 {
1317 	return smk_seq_start(s, pos, &smk_net6addr_list);
1318 }
1319 
1320 static void *net6addr_seq_next(struct seq_file *s, void *v, loff_t *pos)
1321 {
1322 	return smk_seq_next(s, v, pos, &smk_net6addr_list);
1323 }
1324 
1325 /*
1326  * Print host/label pairs
1327  */
1328 static int net6addr_seq_show(struct seq_file *s, void *v)
1329 {
1330 	struct list_head *list = v;
1331 	struct smk_net6addr *skp =
1332 			 list_entry(list, struct smk_net6addr, list);
1333 
1334 	if (skp->smk_label != NULL)
1335 		seq_printf(s, "%pI6/%d %s\n", &skp->smk_host, skp->smk_masks,
1336 				skp->smk_label->smk_known);
1337 
1338 	return 0;
1339 }
1340 
1341 static const struct seq_operations net6addr_seq_ops = {
1342 	.start = net6addr_seq_start,
1343 	.next  = net6addr_seq_next,
1344 	.show  = net6addr_seq_show,
1345 	.stop  = smk_seq_stop,
1346 };
1347 
1348 /**
1349  * smk_open_net6addr - open() for /smack/netlabel
1350  * @inode: inode structure representing file
1351  * @file: "netlabel" file pointer
1352  *
1353  * Connect our net6addr_seq_* operations with /smack/netlabel
1354  * file_operations
1355  */
1356 static int smk_open_net6addr(struct inode *inode, struct file *file)
1357 {
1358 	return seq_open(file, &net6addr_seq_ops);
1359 }
1360 
1361 /**
1362  * smk_net6addr_insert
1363  * @new : entry to insert
1364  *
1365  * This inserts an entry in the smack_net6addrs list
1366  * sorted by netmask length (longest to smallest)
1367  * locked by &smk_net6addr_lock in smk_write_net6addr
1368  *
1369  */
1370 static void smk_net6addr_insert(struct smk_net6addr *new)
1371 {
1372 	struct smk_net6addr *m_next;
1373 	struct smk_net6addr *m;
1374 
1375 	if (list_empty(&smk_net6addr_list)) {
1376 		list_add_rcu(&new->list, &smk_net6addr_list);
1377 		return;
1378 	}
1379 
1380 	m = list_entry_rcu(smk_net6addr_list.next,
1381 			   struct smk_net6addr, list);
1382 
1383 	if (new->smk_masks > m->smk_masks) {
1384 		list_add_rcu(&new->list, &smk_net6addr_list);
1385 		return;
1386 	}
1387 
1388 	list_for_each_entry_rcu(m, &smk_net6addr_list, list) {
1389 		if (list_is_last(&m->list, &smk_net6addr_list)) {
1390 			list_add_rcu(&new->list, &m->list);
1391 			return;
1392 		}
1393 		m_next = list_entry_rcu(m->list.next,
1394 					struct smk_net6addr, list);
1395 		if (new->smk_masks > m_next->smk_masks) {
1396 			list_add_rcu(&new->list, &m->list);
1397 			return;
1398 		}
1399 	}
1400 }
1401 
1402 
1403 /**
1404  * smk_write_net6addr - write() for /smack/netlabel
1405  * @file: file pointer, not actually used
1406  * @buf: where to get the data from
1407  * @count: bytes sent
1408  * @ppos: where to start
1409  *
1410  * Accepts only one net6addr per write call.
1411  * Returns number of bytes written or error code, as appropriate
1412  */
1413 static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
1414 				size_t count, loff_t *ppos)
1415 {
1416 	struct smk_net6addr *snp;
1417 	struct in6_addr newname;
1418 	struct in6_addr fullmask;
1419 	struct smack_known *skp = NULL;
1420 	char *smack;
1421 	char *data;
1422 	int rc = 0;
1423 	int found = 0;
1424 	int i;
1425 	unsigned int scanned[8];
1426 	unsigned int m;
1427 	unsigned int mask = 128;
1428 
1429 	/*
1430 	 * Must have privilege.
1431 	 * No partial writes.
1432 	 * Enough data must be present.
1433 	 * "<addr/mask, as a:b:c:d:e:f:g:h/e><space><label>"
1434 	 * "<addr, as a:b:c:d:e:f:g:h><space><label>"
1435 	 */
1436 	if (!smack_privileged(CAP_MAC_ADMIN))
1437 		return -EPERM;
1438 	if (*ppos != 0)
1439 		return -EINVAL;
1440 	if (count < SMK_NETLBLADDRMIN)
1441 		return -EINVAL;
1442 
1443 	data = memdup_user_nul(buf, count);
1444 	if (IS_ERR(data))
1445 		return PTR_ERR(data);
1446 
1447 	smack = kzalloc(count + 1, GFP_KERNEL);
1448 	if (smack == NULL) {
1449 		rc = -ENOMEM;
1450 		goto free_data_out;
1451 	}
1452 
1453 	i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
1454 			&scanned[0], &scanned[1], &scanned[2], &scanned[3],
1455 			&scanned[4], &scanned[5], &scanned[6], &scanned[7],
1456 			&mask, smack);
1457 	if (i != 10) {
1458 		i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
1459 				&scanned[0], &scanned[1], &scanned[2],
1460 				&scanned[3], &scanned[4], &scanned[5],
1461 				&scanned[6], &scanned[7], smack);
1462 		if (i != 9) {
1463 			rc = -EINVAL;
1464 			goto free_out;
1465 		}
1466 	}
1467 	if (mask > 128) {
1468 		rc = -EINVAL;
1469 		goto free_out;
1470 	}
1471 	for (i = 0; i < 8; i++) {
1472 		if (scanned[i] > 0xffff) {
1473 			rc = -EINVAL;
1474 			goto free_out;
1475 		}
1476 		newname.s6_addr16[i] = htons(scanned[i]);
1477 	}
1478 
1479 	/*
1480 	 * If smack begins with '-', it is an option, don't import it
1481 	 */
1482 	if (smack[0] != '-') {
1483 		skp = smk_import_entry(smack, 0);
1484 		if (IS_ERR(skp)) {
1485 			rc = PTR_ERR(skp);
1486 			goto free_out;
1487 		}
1488 	} else {
1489 		/*
1490 		 * Only -DELETE is supported for IPv6
1491 		 */
1492 		if (strcmp(smack, SMACK_DELETE_OPTION) != 0) {
1493 			rc = -EINVAL;
1494 			goto free_out;
1495 		}
1496 	}
1497 
1498 	for (i = 0, m = mask; i < 8; i++) {
1499 		if (m >= 16) {
1500 			fullmask.s6_addr16[i] = 0xffff;
1501 			m -= 16;
1502 		} else if (m > 0) {
1503 			fullmask.s6_addr16[i] = (1 << m) - 1;
1504 			m = 0;
1505 		} else
1506 			fullmask.s6_addr16[i] = 0;
1507 		newname.s6_addr16[i] &= fullmask.s6_addr16[i];
1508 	}
1509 
1510 	/*
1511 	 * Only allow one writer at a time. Writes should be
1512 	 * quite rare and small in any case.
1513 	 */
1514 	mutex_lock(&smk_net6addr_lock);
1515 	/*
1516 	 * Try to find the prefix in the list
1517 	 */
1518 	list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
1519 		if (mask != snp->smk_masks)
1520 			continue;
1521 		for (found = 1, i = 0; i < 8; i++) {
1522 			if (newname.s6_addr16[i] !=
1523 			    snp->smk_host.s6_addr16[i]) {
1524 				found = 0;
1525 				break;
1526 			}
1527 		}
1528 		if (found == 1)
1529 			break;
1530 	}
1531 	if (found == 0) {
1532 		snp = kzalloc(sizeof(*snp), GFP_KERNEL);
1533 		if (snp == NULL)
1534 			rc = -ENOMEM;
1535 		else {
1536 			snp->smk_host = newname;
1537 			snp->smk_mask = fullmask;
1538 			snp->smk_masks = mask;
1539 			snp->smk_label = skp;
1540 			smk_net6addr_insert(snp);
1541 		}
1542 	} else {
1543 		snp->smk_label = skp;
1544 	}
1545 
1546 	if (rc == 0)
1547 		rc = count;
1548 
1549 	mutex_unlock(&smk_net6addr_lock);
1550 
1551 free_out:
1552 	kfree(smack);
1553 free_data_out:
1554 	kfree(data);
1555 
1556 	return rc;
1557 }
1558 
1559 static const struct file_operations smk_net6addr_ops = {
1560 	.open           = smk_open_net6addr,
1561 	.read		= seq_read,
1562 	.llseek         = seq_lseek,
1563 	.write		= smk_write_net6addr,
1564 	.release        = seq_release,
1565 };
1566 #endif /* CONFIG_IPV6 */
1567 
1568 /**
1569  * smk_read_doi - read() for /smack/doi
1570  * @filp: file pointer, not actually used
1571  * @buf: where to put the result
1572  * @count: maximum to send along
1573  * @ppos: where to start
1574  *
1575  * Returns number of bytes read or error code, as appropriate
1576  */
1577 static ssize_t smk_read_doi(struct file *filp, char __user *buf,
1578 			    size_t count, loff_t *ppos)
1579 {
1580 	char temp[80];
1581 	ssize_t rc;
1582 
1583 	if (*ppos != 0)
1584 		return 0;
1585 
1586 	sprintf(temp, "%d", smk_cipso_doi_value);
1587 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1588 
1589 	return rc;
1590 }
1591 
1592 /**
1593  * smk_write_doi - write() for /smack/doi
1594  * @file: file pointer, not actually used
1595  * @buf: where to get the data from
1596  * @count: bytes sent
1597  * @ppos: where to start
1598  *
1599  * Returns number of bytes written or error code, as appropriate
1600  */
1601 static ssize_t smk_write_doi(struct file *file, const char __user *buf,
1602 			     size_t count, loff_t *ppos)
1603 {
1604 	char temp[80];
1605 	int i;
1606 
1607 	if (!smack_privileged(CAP_MAC_ADMIN))
1608 		return -EPERM;
1609 
1610 	if (count >= sizeof(temp) || count == 0)
1611 		return -EINVAL;
1612 
1613 	if (copy_from_user(temp, buf, count) != 0)
1614 		return -EFAULT;
1615 
1616 	temp[count] = '\0';
1617 
1618 	if (sscanf(temp, "%d", &i) != 1)
1619 		return -EINVAL;
1620 
1621 	smk_cipso_doi_value = i;
1622 
1623 	smk_cipso_doi();
1624 
1625 	return count;
1626 }
1627 
1628 static const struct file_operations smk_doi_ops = {
1629 	.read		= smk_read_doi,
1630 	.write		= smk_write_doi,
1631 	.llseek		= default_llseek,
1632 };
1633 
1634 /**
1635  * smk_read_direct - read() for /smack/direct
1636  * @filp: file pointer, not actually used
1637  * @buf: where to put the result
1638  * @count: maximum to send along
1639  * @ppos: where to start
1640  *
1641  * Returns number of bytes read or error code, as appropriate
1642  */
1643 static ssize_t smk_read_direct(struct file *filp, char __user *buf,
1644 			       size_t count, loff_t *ppos)
1645 {
1646 	char temp[80];
1647 	ssize_t rc;
1648 
1649 	if (*ppos != 0)
1650 		return 0;
1651 
1652 	sprintf(temp, "%d", smack_cipso_direct);
1653 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1654 
1655 	return rc;
1656 }
1657 
1658 /**
1659  * smk_write_direct - write() for /smack/direct
1660  * @file: file pointer, not actually used
1661  * @buf: where to get the data from
1662  * @count: bytes sent
1663  * @ppos: where to start
1664  *
1665  * Returns number of bytes written or error code, as appropriate
1666  */
1667 static ssize_t smk_write_direct(struct file *file, const char __user *buf,
1668 				size_t count, loff_t *ppos)
1669 {
1670 	struct smack_known *skp;
1671 	char temp[80];
1672 	int i;
1673 
1674 	if (!smack_privileged(CAP_MAC_ADMIN))
1675 		return -EPERM;
1676 
1677 	if (count >= sizeof(temp) || count == 0)
1678 		return -EINVAL;
1679 
1680 	if (copy_from_user(temp, buf, count) != 0)
1681 		return -EFAULT;
1682 
1683 	temp[count] = '\0';
1684 
1685 	if (sscanf(temp, "%d", &i) != 1)
1686 		return -EINVAL;
1687 
1688 	/*
1689 	 * Don't do anything if the value hasn't actually changed.
1690 	 * If it is changing reset the level on entries that were
1691 	 * set up to be direct when they were created.
1692 	 */
1693 	if (smack_cipso_direct != i) {
1694 		mutex_lock(&smack_known_lock);
1695 		list_for_each_entry_rcu(skp, &smack_known_list, list)
1696 			if (skp->smk_netlabel.attr.mls.lvl ==
1697 			    smack_cipso_direct)
1698 				skp->smk_netlabel.attr.mls.lvl = i;
1699 		smack_cipso_direct = i;
1700 		mutex_unlock(&smack_known_lock);
1701 	}
1702 
1703 	return count;
1704 }
1705 
1706 static const struct file_operations smk_direct_ops = {
1707 	.read		= smk_read_direct,
1708 	.write		= smk_write_direct,
1709 	.llseek		= default_llseek,
1710 };
1711 
1712 /**
1713  * smk_read_mapped - read() for /smack/mapped
1714  * @filp: file pointer, not actually used
1715  * @buf: where to put the result
1716  * @count: maximum to send along
1717  * @ppos: where to start
1718  *
1719  * Returns number of bytes read or error code, as appropriate
1720  */
1721 static ssize_t smk_read_mapped(struct file *filp, char __user *buf,
1722 			       size_t count, loff_t *ppos)
1723 {
1724 	char temp[80];
1725 	ssize_t rc;
1726 
1727 	if (*ppos != 0)
1728 		return 0;
1729 
1730 	sprintf(temp, "%d", smack_cipso_mapped);
1731 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
1732 
1733 	return rc;
1734 }
1735 
1736 /**
1737  * smk_write_mapped - write() for /smack/mapped
1738  * @file: file pointer, not actually used
1739  * @buf: where to get the data from
1740  * @count: bytes sent
1741  * @ppos: where to start
1742  *
1743  * Returns number of bytes written or error code, as appropriate
1744  */
1745 static ssize_t smk_write_mapped(struct file *file, const char __user *buf,
1746 				size_t count, loff_t *ppos)
1747 {
1748 	struct smack_known *skp;
1749 	char temp[80];
1750 	int i;
1751 
1752 	if (!smack_privileged(CAP_MAC_ADMIN))
1753 		return -EPERM;
1754 
1755 	if (count >= sizeof(temp) || count == 0)
1756 		return -EINVAL;
1757 
1758 	if (copy_from_user(temp, buf, count) != 0)
1759 		return -EFAULT;
1760 
1761 	temp[count] = '\0';
1762 
1763 	if (sscanf(temp, "%d", &i) != 1)
1764 		return -EINVAL;
1765 
1766 	/*
1767 	 * Don't do anything if the value hasn't actually changed.
1768 	 * If it is changing reset the level on entries that were
1769 	 * set up to be mapped when they were created.
1770 	 */
1771 	if (smack_cipso_mapped != i) {
1772 		mutex_lock(&smack_known_lock);
1773 		list_for_each_entry_rcu(skp, &smack_known_list, list)
1774 			if (skp->smk_netlabel.attr.mls.lvl ==
1775 			    smack_cipso_mapped)
1776 				skp->smk_netlabel.attr.mls.lvl = i;
1777 		smack_cipso_mapped = i;
1778 		mutex_unlock(&smack_known_lock);
1779 	}
1780 
1781 	return count;
1782 }
1783 
1784 static const struct file_operations smk_mapped_ops = {
1785 	.read		= smk_read_mapped,
1786 	.write		= smk_write_mapped,
1787 	.llseek		= default_llseek,
1788 };
1789 
1790 /**
1791  * smk_read_ambient - read() for /smack/ambient
1792  * @filp: file pointer, not actually used
1793  * @buf: where to put the result
1794  * @cn: maximum to send along
1795  * @ppos: where to start
1796  *
1797  * Returns number of bytes read or error code, as appropriate
1798  */
1799 static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
1800 				size_t cn, loff_t *ppos)
1801 {
1802 	ssize_t rc;
1803 	int asize;
1804 
1805 	if (*ppos != 0)
1806 		return 0;
1807 	/*
1808 	 * Being careful to avoid a problem in the case where
1809 	 * smack_net_ambient gets changed in midstream.
1810 	 */
1811 	mutex_lock(&smack_ambient_lock);
1812 
1813 	asize = strlen(smack_net_ambient->smk_known) + 1;
1814 
1815 	if (cn >= asize)
1816 		rc = simple_read_from_buffer(buf, cn, ppos,
1817 					     smack_net_ambient->smk_known,
1818 					     asize);
1819 	else
1820 		rc = -EINVAL;
1821 
1822 	mutex_unlock(&smack_ambient_lock);
1823 
1824 	return rc;
1825 }
1826 
1827 /**
1828  * smk_write_ambient - write() for /smack/ambient
1829  * @file: file pointer, not actually used
1830  * @buf: where to get the data from
1831  * @count: bytes sent
1832  * @ppos: where to start
1833  *
1834  * Returns number of bytes written or error code, as appropriate
1835  */
1836 static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
1837 				 size_t count, loff_t *ppos)
1838 {
1839 	struct smack_known *skp;
1840 	char *oldambient;
1841 	char *data;
1842 	int rc = count;
1843 
1844 	if (!smack_privileged(CAP_MAC_ADMIN))
1845 		return -EPERM;
1846 
1847 	data = memdup_user_nul(buf, count);
1848 	if (IS_ERR(data))
1849 		return PTR_ERR(data);
1850 
1851 	skp = smk_import_entry(data, count);
1852 	if (IS_ERR(skp)) {
1853 		rc = PTR_ERR(skp);
1854 		goto out;
1855 	}
1856 
1857 	mutex_lock(&smack_ambient_lock);
1858 
1859 	oldambient = smack_net_ambient->smk_known;
1860 	smack_net_ambient = skp;
1861 	smk_unlbl_ambient(oldambient);
1862 
1863 	mutex_unlock(&smack_ambient_lock);
1864 
1865 out:
1866 	kfree(data);
1867 	return rc;
1868 }
1869 
1870 static const struct file_operations smk_ambient_ops = {
1871 	.read		= smk_read_ambient,
1872 	.write		= smk_write_ambient,
1873 	.llseek		= default_llseek,
1874 };
1875 
1876 /*
1877  * Seq_file operations for /smack/onlycap
1878  */
1879 static void *onlycap_seq_start(struct seq_file *s, loff_t *pos)
1880 {
1881 	return smk_seq_start(s, pos, &smack_onlycap_list);
1882 }
1883 
1884 static void *onlycap_seq_next(struct seq_file *s, void *v, loff_t *pos)
1885 {
1886 	return smk_seq_next(s, v, pos, &smack_onlycap_list);
1887 }
1888 
1889 static int onlycap_seq_show(struct seq_file *s, void *v)
1890 {
1891 	struct list_head *list = v;
1892 	struct smack_known_list_elem *sklep =
1893 		list_entry_rcu(list, struct smack_known_list_elem, list);
1894 
1895 	seq_puts(s, sklep->smk_label->smk_known);
1896 	seq_putc(s, ' ');
1897 
1898 	return 0;
1899 }
1900 
1901 static const struct seq_operations onlycap_seq_ops = {
1902 	.start = onlycap_seq_start,
1903 	.next  = onlycap_seq_next,
1904 	.show  = onlycap_seq_show,
1905 	.stop  = smk_seq_stop,
1906 };
1907 
1908 static int smk_open_onlycap(struct inode *inode, struct file *file)
1909 {
1910 	return seq_open(file, &onlycap_seq_ops);
1911 }
1912 
1913 /**
1914  * smk_list_swap_rcu - swap public list with a private one in RCU-safe way
1915  * The caller must hold appropriate mutex to prevent concurrent modifications
1916  * to the public list.
1917  * Private list is assumed to be not accessible to other threads yet.
1918  *
1919  * @public: public list
1920  * @private: private list
1921  */
1922 static void smk_list_swap_rcu(struct list_head *public,
1923 			      struct list_head *private)
1924 {
1925 	struct list_head *first, *last;
1926 
1927 	if (list_empty(public)) {
1928 		list_splice_init_rcu(private, public, synchronize_rcu);
1929 	} else {
1930 		/* Remember public list before replacing it */
1931 		first = public->next;
1932 		last = public->prev;
1933 
1934 		/* Publish private list in place of public in RCU-safe way */
1935 		private->prev->next = public;
1936 		private->next->prev = public;
1937 		rcu_assign_pointer(public->next, private->next);
1938 		public->prev = private->prev;
1939 
1940 		synchronize_rcu();
1941 
1942 		/* When all readers are done with the old public list,
1943 		 * attach it in place of private */
1944 		private->next = first;
1945 		private->prev = last;
1946 		first->prev = private;
1947 		last->next = private;
1948 	}
1949 }
1950 
1951 /**
1952  * smk_parse_label_list - parse list of Smack labels, separated by spaces
1953  *
1954  * @data: the string to parse
1955  * @private: destination list
1956  *
1957  * Returns zero on success or error code, as appropriate
1958  */
1959 static int smk_parse_label_list(char *data, struct list_head *list)
1960 {
1961 	char *tok;
1962 	struct smack_known *skp;
1963 	struct smack_known_list_elem *sklep;
1964 
1965 	while ((tok = strsep(&data, " ")) != NULL) {
1966 		if (!*tok)
1967 			continue;
1968 
1969 		skp = smk_import_entry(tok, 0);
1970 		if (IS_ERR(skp))
1971 			return PTR_ERR(skp);
1972 
1973 		sklep = kzalloc(sizeof(*sklep), GFP_KERNEL);
1974 		if (sklep == NULL)
1975 			return -ENOMEM;
1976 
1977 		sklep->smk_label = skp;
1978 		list_add(&sklep->list, list);
1979 	}
1980 
1981 	return 0;
1982 }
1983 
1984 /**
1985  * smk_destroy_label_list - destroy a list of smack_known_list_elem
1986  * @head: header pointer of the list to destroy
1987  */
1988 void smk_destroy_label_list(struct list_head *list)
1989 {
1990 	struct smack_known_list_elem *sklep;
1991 	struct smack_known_list_elem *sklep2;
1992 
1993 	list_for_each_entry_safe(sklep, sklep2, list, list)
1994 		kfree(sklep);
1995 
1996 	INIT_LIST_HEAD(list);
1997 }
1998 
1999 /**
2000  * smk_write_onlycap - write() for smackfs/onlycap
2001  * @file: file pointer, not actually used
2002  * @buf: where to get the data from
2003  * @count: bytes sent
2004  * @ppos: where to start
2005  *
2006  * Returns number of bytes written or error code, as appropriate
2007  */
2008 static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
2009 				 size_t count, loff_t *ppos)
2010 {
2011 	char *data;
2012 	LIST_HEAD(list_tmp);
2013 	int rc;
2014 
2015 	if (!smack_privileged(CAP_MAC_ADMIN))
2016 		return -EPERM;
2017 
2018 	data = memdup_user_nul(buf, count);
2019 	if (IS_ERR(data))
2020 		return PTR_ERR(data);
2021 
2022 	rc = smk_parse_label_list(data, &list_tmp);
2023 	kfree(data);
2024 
2025 	/*
2026 	 * Clear the smack_onlycap on invalid label errors. This means
2027 	 * that we can pass a null string to unset the onlycap value.
2028 	 *
2029 	 * Importing will also reject a label beginning with '-',
2030 	 * so "-usecapabilities" will also work.
2031 	 *
2032 	 * But do so only on invalid label, not on system errors.
2033 	 * The invalid label must be first to count as clearing attempt.
2034 	 */
2035 	if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2036 		mutex_lock(&smack_onlycap_lock);
2037 		smk_list_swap_rcu(&smack_onlycap_list, &list_tmp);
2038 		mutex_unlock(&smack_onlycap_lock);
2039 		rc = count;
2040 	}
2041 
2042 	smk_destroy_label_list(&list_tmp);
2043 
2044 	return rc;
2045 }
2046 
2047 static const struct file_operations smk_onlycap_ops = {
2048 	.open		= smk_open_onlycap,
2049 	.read		= seq_read,
2050 	.write		= smk_write_onlycap,
2051 	.llseek		= seq_lseek,
2052 	.release	= seq_release,
2053 };
2054 
2055 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2056 /**
2057  * smk_read_unconfined - read() for smackfs/unconfined
2058  * @filp: file pointer, not actually used
2059  * @buf: where to put the result
2060  * @cn: maximum to send along
2061  * @ppos: where to start
2062  *
2063  * Returns number of bytes read or error code, as appropriate
2064  */
2065 static ssize_t smk_read_unconfined(struct file *filp, char __user *buf,
2066 					size_t cn, loff_t *ppos)
2067 {
2068 	char *smack = "";
2069 	ssize_t rc = -EINVAL;
2070 	int asize;
2071 
2072 	if (*ppos != 0)
2073 		return 0;
2074 
2075 	if (smack_unconfined != NULL)
2076 		smack = smack_unconfined->smk_known;
2077 
2078 	asize = strlen(smack) + 1;
2079 
2080 	if (cn >= asize)
2081 		rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
2082 
2083 	return rc;
2084 }
2085 
2086 /**
2087  * smk_write_unconfined - write() for smackfs/unconfined
2088  * @file: file pointer, not actually used
2089  * @buf: where to get the data from
2090  * @count: bytes sent
2091  * @ppos: where to start
2092  *
2093  * Returns number of bytes written or error code, as appropriate
2094  */
2095 static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
2096 					size_t count, loff_t *ppos)
2097 {
2098 	char *data;
2099 	struct smack_known *skp;
2100 	int rc = count;
2101 
2102 	if (!smack_privileged(CAP_MAC_ADMIN))
2103 		return -EPERM;
2104 
2105 	data = memdup_user_nul(buf, count);
2106 	if (IS_ERR(data))
2107 		return PTR_ERR(data);
2108 
2109 	/*
2110 	 * Clear the smack_unconfined on invalid label errors. This means
2111 	 * that we can pass a null string to unset the unconfined value.
2112 	 *
2113 	 * Importing will also reject a label beginning with '-',
2114 	 * so "-confine" will also work.
2115 	 *
2116 	 * But do so only on invalid label, not on system errors.
2117 	 */
2118 	skp = smk_import_entry(data, count);
2119 	if (PTR_ERR(skp) == -EINVAL)
2120 		skp = NULL;
2121 	else if (IS_ERR(skp)) {
2122 		rc = PTR_ERR(skp);
2123 		goto freeout;
2124 	}
2125 
2126 	smack_unconfined = skp;
2127 
2128 freeout:
2129 	kfree(data);
2130 	return rc;
2131 }
2132 
2133 static const struct file_operations smk_unconfined_ops = {
2134 	.read		= smk_read_unconfined,
2135 	.write		= smk_write_unconfined,
2136 	.llseek		= default_llseek,
2137 };
2138 #endif /* CONFIG_SECURITY_SMACK_BRINGUP */
2139 
2140 /**
2141  * smk_read_logging - read() for /smack/logging
2142  * @filp: file pointer, not actually used
2143  * @buf: where to put the result
2144  * @cn: maximum to send along
2145  * @ppos: where to start
2146  *
2147  * Returns number of bytes read or error code, as appropriate
2148  */
2149 static ssize_t smk_read_logging(struct file *filp, char __user *buf,
2150 				size_t count, loff_t *ppos)
2151 {
2152 	char temp[32];
2153 	ssize_t rc;
2154 
2155 	if (*ppos != 0)
2156 		return 0;
2157 
2158 	sprintf(temp, "%d\n", log_policy);
2159 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2160 	return rc;
2161 }
2162 
2163 /**
2164  * smk_write_logging - write() for /smack/logging
2165  * @file: file pointer, not actually used
2166  * @buf: where to get the data from
2167  * @count: bytes sent
2168  * @ppos: where to start
2169  *
2170  * Returns number of bytes written or error code, as appropriate
2171  */
2172 static ssize_t smk_write_logging(struct file *file, const char __user *buf,
2173 				size_t count, loff_t *ppos)
2174 {
2175 	char temp[32];
2176 	int i;
2177 
2178 	if (!smack_privileged(CAP_MAC_ADMIN))
2179 		return -EPERM;
2180 
2181 	if (count >= sizeof(temp) || count == 0)
2182 		return -EINVAL;
2183 
2184 	if (copy_from_user(temp, buf, count) != 0)
2185 		return -EFAULT;
2186 
2187 	temp[count] = '\0';
2188 
2189 	if (sscanf(temp, "%d", &i) != 1)
2190 		return -EINVAL;
2191 	if (i < 0 || i > 3)
2192 		return -EINVAL;
2193 	log_policy = i;
2194 	return count;
2195 }
2196 
2197 
2198 
2199 static const struct file_operations smk_logging_ops = {
2200 	.read		= smk_read_logging,
2201 	.write		= smk_write_logging,
2202 	.llseek		= default_llseek,
2203 };
2204 
2205 /*
2206  * Seq_file read operations for /smack/load-self
2207  */
2208 
2209 static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
2210 {
2211 	struct task_smack *tsp = current_security();
2212 
2213 	return smk_seq_start(s, pos, &tsp->smk_rules);
2214 }
2215 
2216 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2217 {
2218 	struct task_smack *tsp = current_security();
2219 
2220 	return smk_seq_next(s, v, pos, &tsp->smk_rules);
2221 }
2222 
2223 static int load_self_seq_show(struct seq_file *s, void *v)
2224 {
2225 	struct list_head *list = v;
2226 	struct smack_rule *srp =
2227 		list_entry_rcu(list, struct smack_rule, list);
2228 
2229 	smk_rule_show(s, srp, SMK_LABELLEN);
2230 
2231 	return 0;
2232 }
2233 
2234 static const struct seq_operations load_self_seq_ops = {
2235 	.start = load_self_seq_start,
2236 	.next  = load_self_seq_next,
2237 	.show  = load_self_seq_show,
2238 	.stop  = smk_seq_stop,
2239 };
2240 
2241 
2242 /**
2243  * smk_open_load_self - open() for /smack/load-self2
2244  * @inode: inode structure representing file
2245  * @file: "load" file pointer
2246  *
2247  * For reading, use load_seq_* seq_file reading operations.
2248  */
2249 static int smk_open_load_self(struct inode *inode, struct file *file)
2250 {
2251 	return seq_open(file, &load_self_seq_ops);
2252 }
2253 
2254 /**
2255  * smk_write_load_self - write() for /smack/load-self
2256  * @file: file pointer, not actually used
2257  * @buf: where to get the data from
2258  * @count: bytes sent
2259  * @ppos: where to start - must be 0
2260  *
2261  */
2262 static ssize_t smk_write_load_self(struct file *file, const char __user *buf,
2263 			      size_t count, loff_t *ppos)
2264 {
2265 	struct task_smack *tsp = current_security();
2266 
2267 	return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2268 				    &tsp->smk_rules_lock, SMK_FIXED24_FMT);
2269 }
2270 
2271 static const struct file_operations smk_load_self_ops = {
2272 	.open           = smk_open_load_self,
2273 	.read		= seq_read,
2274 	.llseek         = seq_lseek,
2275 	.write		= smk_write_load_self,
2276 	.release        = seq_release,
2277 };
2278 
2279 /**
2280  * smk_user_access - handle access check transaction
2281  * @file: file pointer
2282  * @buf: data from user space
2283  * @count: bytes sent
2284  * @ppos: where to start - must be 0
2285  */
2286 static ssize_t smk_user_access(struct file *file, const char __user *buf,
2287 				size_t count, loff_t *ppos, int format)
2288 {
2289 	struct smack_parsed_rule rule;
2290 	char *data;
2291 	int res;
2292 
2293 	data = simple_transaction_get(file, buf, count);
2294 	if (IS_ERR(data))
2295 		return PTR_ERR(data);
2296 
2297 	if (format == SMK_FIXED24_FMT) {
2298 		if (count < SMK_LOADLEN)
2299 			return -EINVAL;
2300 		res = smk_parse_rule(data, &rule, 0);
2301 	} else {
2302 		/*
2303 		 * simple_transaction_get() returns null-terminated data
2304 		 */
2305 		res = smk_parse_long_rule(data, &rule, 0, 3);
2306 	}
2307 
2308 	if (res >= 0)
2309 		res = smk_access(rule.smk_subject, rule.smk_object,
2310 				 rule.smk_access1, NULL);
2311 	else if (res != -ENOENT)
2312 		return res;
2313 
2314 	/*
2315 	 * smk_access() can return a value > 0 in the "bringup" case.
2316 	 */
2317 	data[0] = res >= 0 ? '1' : '0';
2318 	data[1] = '\0';
2319 
2320 	simple_transaction_set(file, 2);
2321 
2322 	if (format == SMK_FIXED24_FMT)
2323 		return SMK_LOADLEN;
2324 	return count;
2325 }
2326 
2327 /**
2328  * smk_write_access - handle access check transaction
2329  * @file: file pointer
2330  * @buf: data from user space
2331  * @count: bytes sent
2332  * @ppos: where to start - must be 0
2333  */
2334 static ssize_t smk_write_access(struct file *file, const char __user *buf,
2335 				size_t count, loff_t *ppos)
2336 {
2337 	return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
2338 }
2339 
2340 static const struct file_operations smk_access_ops = {
2341 	.write		= smk_write_access,
2342 	.read		= simple_transaction_read,
2343 	.release	= simple_transaction_release,
2344 	.llseek		= generic_file_llseek,
2345 };
2346 
2347 
2348 /*
2349  * Seq_file read operations for /smack/load2
2350  */
2351 
2352 static int load2_seq_show(struct seq_file *s, void *v)
2353 {
2354 	struct list_head *list = v;
2355 	struct smack_master_list *smlp =
2356 		list_entry_rcu(list, struct smack_master_list, list);
2357 
2358 	smk_rule_show(s, smlp->smk_rule, SMK_LONGLABEL);
2359 
2360 	return 0;
2361 }
2362 
2363 static const struct seq_operations load2_seq_ops = {
2364 	.start = load2_seq_start,
2365 	.next  = load2_seq_next,
2366 	.show  = load2_seq_show,
2367 	.stop  = smk_seq_stop,
2368 };
2369 
2370 /**
2371  * smk_open_load2 - open() for /smack/load2
2372  * @inode: inode structure representing file
2373  * @file: "load2" file pointer
2374  *
2375  * For reading, use load2_seq_* seq_file reading operations.
2376  */
2377 static int smk_open_load2(struct inode *inode, struct file *file)
2378 {
2379 	return seq_open(file, &load2_seq_ops);
2380 }
2381 
2382 /**
2383  * smk_write_load2 - write() for /smack/load2
2384  * @file: file pointer, not actually used
2385  * @buf: where to get the data from
2386  * @count: bytes sent
2387  * @ppos: where to start - must be 0
2388  *
2389  */
2390 static ssize_t smk_write_load2(struct file *file, const char __user *buf,
2391 				size_t count, loff_t *ppos)
2392 {
2393 	/*
2394 	 * Must have privilege.
2395 	 */
2396 	if (!smack_privileged(CAP_MAC_ADMIN))
2397 		return -EPERM;
2398 
2399 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2400 				    SMK_LONG_FMT);
2401 }
2402 
2403 static const struct file_operations smk_load2_ops = {
2404 	.open           = smk_open_load2,
2405 	.read		= seq_read,
2406 	.llseek         = seq_lseek,
2407 	.write		= smk_write_load2,
2408 	.release        = seq_release,
2409 };
2410 
2411 /*
2412  * Seq_file read operations for /smack/load-self2
2413  */
2414 
2415 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos)
2416 {
2417 	struct task_smack *tsp = current_security();
2418 
2419 	return smk_seq_start(s, pos, &tsp->smk_rules);
2420 }
2421 
2422 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos)
2423 {
2424 	struct task_smack *tsp = current_security();
2425 
2426 	return smk_seq_next(s, v, pos, &tsp->smk_rules);
2427 }
2428 
2429 static int load_self2_seq_show(struct seq_file *s, void *v)
2430 {
2431 	struct list_head *list = v;
2432 	struct smack_rule *srp =
2433 		list_entry_rcu(list, struct smack_rule, list);
2434 
2435 	smk_rule_show(s, srp, SMK_LONGLABEL);
2436 
2437 	return 0;
2438 }
2439 
2440 static const struct seq_operations load_self2_seq_ops = {
2441 	.start = load_self2_seq_start,
2442 	.next  = load_self2_seq_next,
2443 	.show  = load_self2_seq_show,
2444 	.stop  = smk_seq_stop,
2445 };
2446 
2447 /**
2448  * smk_open_load_self2 - open() for /smack/load-self2
2449  * @inode: inode structure representing file
2450  * @file: "load" file pointer
2451  *
2452  * For reading, use load_seq_* seq_file reading operations.
2453  */
2454 static int smk_open_load_self2(struct inode *inode, struct file *file)
2455 {
2456 	return seq_open(file, &load_self2_seq_ops);
2457 }
2458 
2459 /**
2460  * smk_write_load_self2 - write() for /smack/load-self2
2461  * @file: file pointer, not actually used
2462  * @buf: where to get the data from
2463  * @count: bytes sent
2464  * @ppos: where to start - must be 0
2465  *
2466  */
2467 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf,
2468 			      size_t count, loff_t *ppos)
2469 {
2470 	struct task_smack *tsp = current_security();
2471 
2472 	return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules,
2473 				    &tsp->smk_rules_lock, SMK_LONG_FMT);
2474 }
2475 
2476 static const struct file_operations smk_load_self2_ops = {
2477 	.open           = smk_open_load_self2,
2478 	.read		= seq_read,
2479 	.llseek         = seq_lseek,
2480 	.write		= smk_write_load_self2,
2481 	.release        = seq_release,
2482 };
2483 
2484 /**
2485  * smk_write_access2 - handle access check transaction
2486  * @file: file pointer
2487  * @buf: data from user space
2488  * @count: bytes sent
2489  * @ppos: where to start - must be 0
2490  */
2491 static ssize_t smk_write_access2(struct file *file, const char __user *buf,
2492 					size_t count, loff_t *ppos)
2493 {
2494 	return smk_user_access(file, buf, count, ppos, SMK_LONG_FMT);
2495 }
2496 
2497 static const struct file_operations smk_access2_ops = {
2498 	.write		= smk_write_access2,
2499 	.read		= simple_transaction_read,
2500 	.release	= simple_transaction_release,
2501 	.llseek		= generic_file_llseek,
2502 };
2503 
2504 /**
2505  * smk_write_revoke_subj - write() for /smack/revoke-subject
2506  * @file: file pointer
2507  * @buf: data from user space
2508  * @count: bytes sent
2509  * @ppos: where to start - must be 0
2510  */
2511 static ssize_t smk_write_revoke_subj(struct file *file, const char __user *buf,
2512 				size_t count, loff_t *ppos)
2513 {
2514 	char *data;
2515 	const char *cp;
2516 	struct smack_known *skp;
2517 	struct smack_rule *sp;
2518 	struct list_head *rule_list;
2519 	struct mutex *rule_lock;
2520 	int rc = count;
2521 
2522 	if (*ppos != 0)
2523 		return -EINVAL;
2524 
2525 	if (!smack_privileged(CAP_MAC_ADMIN))
2526 		return -EPERM;
2527 
2528 	if (count == 0 || count > SMK_LONGLABEL)
2529 		return -EINVAL;
2530 
2531 	data = memdup_user(buf, count);
2532 	if (IS_ERR(data))
2533 		return PTR_ERR(data);
2534 
2535 	cp = smk_parse_smack(data, count);
2536 	if (IS_ERR(cp)) {
2537 		rc = PTR_ERR(cp);
2538 		goto out_data;
2539 	}
2540 
2541 	skp = smk_find_entry(cp);
2542 	if (skp == NULL)
2543 		goto out_cp;
2544 
2545 	rule_list = &skp->smk_rules;
2546 	rule_lock = &skp->smk_rules_lock;
2547 
2548 	mutex_lock(rule_lock);
2549 
2550 	list_for_each_entry_rcu(sp, rule_list, list)
2551 		sp->smk_access = 0;
2552 
2553 	mutex_unlock(rule_lock);
2554 
2555 out_cp:
2556 	kfree(cp);
2557 out_data:
2558 	kfree(data);
2559 
2560 	return rc;
2561 }
2562 
2563 static const struct file_operations smk_revoke_subj_ops = {
2564 	.write		= smk_write_revoke_subj,
2565 	.read		= simple_transaction_read,
2566 	.release	= simple_transaction_release,
2567 	.llseek		= generic_file_llseek,
2568 };
2569 
2570 /**
2571  * smk_init_sysfs - initialize /sys/fs/smackfs
2572  *
2573  */
2574 static int smk_init_sysfs(void)
2575 {
2576 	return sysfs_create_mount_point(fs_kobj, "smackfs");
2577 }
2578 
2579 /**
2580  * smk_write_change_rule - write() for /smack/change-rule
2581  * @file: file pointer
2582  * @buf: data from user space
2583  * @count: bytes sent
2584  * @ppos: where to start - must be 0
2585  */
2586 static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
2587 				size_t count, loff_t *ppos)
2588 {
2589 	/*
2590 	 * Must have privilege.
2591 	 */
2592 	if (!smack_privileged(CAP_MAC_ADMIN))
2593 		return -EPERM;
2594 
2595 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
2596 				    SMK_CHANGE_FMT);
2597 }
2598 
2599 static const struct file_operations smk_change_rule_ops = {
2600 	.write		= smk_write_change_rule,
2601 	.read		= simple_transaction_read,
2602 	.release	= simple_transaction_release,
2603 	.llseek		= generic_file_llseek,
2604 };
2605 
2606 /**
2607  * smk_read_syslog - read() for smackfs/syslog
2608  * @filp: file pointer, not actually used
2609  * @buf: where to put the result
2610  * @cn: maximum to send along
2611  * @ppos: where to start
2612  *
2613  * Returns number of bytes read or error code, as appropriate
2614  */
2615 static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
2616 				size_t cn, loff_t *ppos)
2617 {
2618 	struct smack_known *skp;
2619 	ssize_t rc = -EINVAL;
2620 	int asize;
2621 
2622 	if (*ppos != 0)
2623 		return 0;
2624 
2625 	if (smack_syslog_label == NULL)
2626 		skp = &smack_known_star;
2627 	else
2628 		skp = smack_syslog_label;
2629 
2630 	asize = strlen(skp->smk_known) + 1;
2631 
2632 	if (cn >= asize)
2633 		rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
2634 						asize);
2635 
2636 	return rc;
2637 }
2638 
2639 /**
2640  * smk_write_syslog - write() for smackfs/syslog
2641  * @file: file pointer, not actually used
2642  * @buf: where to get the data from
2643  * @count: bytes sent
2644  * @ppos: where to start
2645  *
2646  * Returns number of bytes written or error code, as appropriate
2647  */
2648 static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
2649 				size_t count, loff_t *ppos)
2650 {
2651 	char *data;
2652 	struct smack_known *skp;
2653 	int rc = count;
2654 
2655 	if (!smack_privileged(CAP_MAC_ADMIN))
2656 		return -EPERM;
2657 
2658 	data = memdup_user_nul(buf, count);
2659 	if (IS_ERR(data))
2660 		return PTR_ERR(data);
2661 
2662 	skp = smk_import_entry(data, count);
2663 	if (IS_ERR(skp))
2664 		rc = PTR_ERR(skp);
2665 	else
2666 		smack_syslog_label = skp;
2667 
2668 	kfree(data);
2669 	return rc;
2670 }
2671 
2672 static const struct file_operations smk_syslog_ops = {
2673 	.read		= smk_read_syslog,
2674 	.write		= smk_write_syslog,
2675 	.llseek		= default_llseek,
2676 };
2677 
2678 /*
2679  * Seq_file read operations for /smack/relabel-self
2680  */
2681 
2682 static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos)
2683 {
2684 	struct task_smack *tsp = current_security();
2685 
2686 	return smk_seq_start(s, pos, &tsp->smk_relabel);
2687 }
2688 
2689 static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
2690 {
2691 	struct task_smack *tsp = current_security();
2692 
2693 	return smk_seq_next(s, v, pos, &tsp->smk_relabel);
2694 }
2695 
2696 static int relabel_self_seq_show(struct seq_file *s, void *v)
2697 {
2698 	struct list_head *list = v;
2699 	struct smack_known_list_elem *sklep =
2700 		list_entry(list, struct smack_known_list_elem, list);
2701 
2702 	seq_puts(s, sklep->smk_label->smk_known);
2703 	seq_putc(s, ' ');
2704 
2705 	return 0;
2706 }
2707 
2708 static const struct seq_operations relabel_self_seq_ops = {
2709 	.start = relabel_self_seq_start,
2710 	.next  = relabel_self_seq_next,
2711 	.show  = relabel_self_seq_show,
2712 	.stop  = smk_seq_stop,
2713 };
2714 
2715 /**
2716  * smk_open_relabel_self - open() for /smack/relabel-self
2717  * @inode: inode structure representing file
2718  * @file: "relabel-self" file pointer
2719  *
2720  * Connect our relabel_self_seq_* operations with /smack/relabel-self
2721  * file_operations
2722  */
2723 static int smk_open_relabel_self(struct inode *inode, struct file *file)
2724 {
2725 	return seq_open(file, &relabel_self_seq_ops);
2726 }
2727 
2728 /**
2729  * smk_write_relabel_self - write() for /smack/relabel-self
2730  * @file: file pointer, not actually used
2731  * @buf: where to get the data from
2732  * @count: bytes sent
2733  * @ppos: where to start - must be 0
2734  *
2735  */
2736 static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
2737 				size_t count, loff_t *ppos)
2738 {
2739 	struct task_smack *tsp = current_security();
2740 	char *data;
2741 	int rc;
2742 	LIST_HEAD(list_tmp);
2743 
2744 	/*
2745 	 * Must have privilege.
2746 	 */
2747 	if (!smack_privileged(CAP_MAC_ADMIN))
2748 		return -EPERM;
2749 
2750 	/*
2751 	 * Enough data must be present.
2752 	 */
2753 	if (*ppos != 0)
2754 		return -EINVAL;
2755 
2756 	data = memdup_user_nul(buf, count);
2757 	if (IS_ERR(data))
2758 		return PTR_ERR(data);
2759 
2760 	rc = smk_parse_label_list(data, &list_tmp);
2761 	kfree(data);
2762 
2763 	if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
2764 		smk_destroy_label_list(&tsp->smk_relabel);
2765 		list_splice(&list_tmp, &tsp->smk_relabel);
2766 		return count;
2767 	}
2768 
2769 	smk_destroy_label_list(&list_tmp);
2770 	return rc;
2771 }
2772 
2773 static const struct file_operations smk_relabel_self_ops = {
2774 	.open		= smk_open_relabel_self,
2775 	.read		= seq_read,
2776 	.llseek		= seq_lseek,
2777 	.write		= smk_write_relabel_self,
2778 	.release	= seq_release,
2779 };
2780 
2781 /**
2782  * smk_read_ptrace - read() for /smack/ptrace
2783  * @filp: file pointer, not actually used
2784  * @buf: where to put the result
2785  * @count: maximum to send along
2786  * @ppos: where to start
2787  *
2788  * Returns number of bytes read or error code, as appropriate
2789  */
2790 static ssize_t smk_read_ptrace(struct file *filp, char __user *buf,
2791 			       size_t count, loff_t *ppos)
2792 {
2793 	char temp[32];
2794 	ssize_t rc;
2795 
2796 	if (*ppos != 0)
2797 		return 0;
2798 
2799 	sprintf(temp, "%d\n", smack_ptrace_rule);
2800 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
2801 	return rc;
2802 }
2803 
2804 /**
2805  * smk_write_ptrace - write() for /smack/ptrace
2806  * @file: file pointer
2807  * @buf: data from user space
2808  * @count: bytes sent
2809  * @ppos: where to start - must be 0
2810  */
2811 static ssize_t smk_write_ptrace(struct file *file, const char __user *buf,
2812 				size_t count, loff_t *ppos)
2813 {
2814 	char temp[32];
2815 	int i;
2816 
2817 	if (!smack_privileged(CAP_MAC_ADMIN))
2818 		return -EPERM;
2819 
2820 	if (*ppos != 0 || count >= sizeof(temp) || count == 0)
2821 		return -EINVAL;
2822 
2823 	if (copy_from_user(temp, buf, count) != 0)
2824 		return -EFAULT;
2825 
2826 	temp[count] = '\0';
2827 
2828 	if (sscanf(temp, "%d", &i) != 1)
2829 		return -EINVAL;
2830 	if (i < SMACK_PTRACE_DEFAULT || i > SMACK_PTRACE_MAX)
2831 		return -EINVAL;
2832 	smack_ptrace_rule = i;
2833 
2834 	return count;
2835 }
2836 
2837 static const struct file_operations smk_ptrace_ops = {
2838 	.write		= smk_write_ptrace,
2839 	.read		= smk_read_ptrace,
2840 	.llseek		= default_llseek,
2841 };
2842 
2843 /**
2844  * smk_fill_super - fill the smackfs superblock
2845  * @sb: the empty superblock
2846  * @data: unused
2847  * @silent: unused
2848  *
2849  * Fill in the well known entries for the smack filesystem
2850  *
2851  * Returns 0 on success, an error code on failure
2852  */
2853 static int smk_fill_super(struct super_block *sb, void *data, int silent)
2854 {
2855 	int rc;
2856 	struct inode *root_inode;
2857 
2858 	static struct tree_descr smack_files[] = {
2859 		[SMK_LOAD] = {
2860 			"load", &smk_load_ops, S_IRUGO|S_IWUSR},
2861 		[SMK_CIPSO] = {
2862 			"cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR},
2863 		[SMK_DOI] = {
2864 			"doi", &smk_doi_ops, S_IRUGO|S_IWUSR},
2865 		[SMK_DIRECT] = {
2866 			"direct", &smk_direct_ops, S_IRUGO|S_IWUSR},
2867 		[SMK_AMBIENT] = {
2868 			"ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR},
2869 		[SMK_NET4ADDR] = {
2870 			"netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR},
2871 		[SMK_ONLYCAP] = {
2872 			"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
2873 		[SMK_LOGGING] = {
2874 			"logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
2875 		[SMK_LOAD_SELF] = {
2876 			"load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO},
2877 		[SMK_ACCESSES] = {
2878 			"access", &smk_access_ops, S_IRUGO|S_IWUGO},
2879 		[SMK_MAPPED] = {
2880 			"mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR},
2881 		[SMK_LOAD2] = {
2882 			"load2", &smk_load2_ops, S_IRUGO|S_IWUSR},
2883 		[SMK_LOAD_SELF2] = {
2884 			"load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO},
2885 		[SMK_ACCESS2] = {
2886 			"access2", &smk_access2_ops, S_IRUGO|S_IWUGO},
2887 		[SMK_CIPSO2] = {
2888 			"cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR},
2889 		[SMK_REVOKE_SUBJ] = {
2890 			"revoke-subject", &smk_revoke_subj_ops,
2891 			S_IRUGO|S_IWUSR},
2892 		[SMK_CHANGE_RULE] = {
2893 			"change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
2894 		[SMK_SYSLOG] = {
2895 			"syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
2896 		[SMK_PTRACE] = {
2897 			"ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR},
2898 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
2899 		[SMK_UNCONFINED] = {
2900 			"unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR},
2901 #endif
2902 #if IS_ENABLED(CONFIG_IPV6)
2903 		[SMK_NET6ADDR] = {
2904 			"ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR},
2905 #endif /* CONFIG_IPV6 */
2906 		[SMK_RELABEL_SELF] = {
2907 			"relabel-self", &smk_relabel_self_ops,
2908 				S_IRUGO|S_IWUGO},
2909 		/* last one */
2910 			{""}
2911 	};
2912 
2913 	rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
2914 	if (rc != 0) {
2915 		printk(KERN_ERR "%s failed %d while creating inodes\n",
2916 			__func__, rc);
2917 		return rc;
2918 	}
2919 
2920 	root_inode = d_inode(sb->s_root);
2921 
2922 	return 0;
2923 }
2924 
2925 /**
2926  * smk_mount - get the smackfs superblock
2927  * @fs_type: passed along without comment
2928  * @flags: passed along without comment
2929  * @dev_name: passed along without comment
2930  * @data: passed along without comment
2931  *
2932  * Just passes everything along.
2933  *
2934  * Returns what the lower level code does.
2935  */
2936 static struct dentry *smk_mount(struct file_system_type *fs_type,
2937 		      int flags, const char *dev_name, void *data)
2938 {
2939 	return mount_single(fs_type, flags, data, smk_fill_super);
2940 }
2941 
2942 static struct file_system_type smk_fs_type = {
2943 	.name		= "smackfs",
2944 	.mount		= smk_mount,
2945 	.kill_sb	= kill_litter_super,
2946 };
2947 
2948 static struct vfsmount *smackfs_mount;
2949 
2950 static int __init smk_preset_netlabel(struct smack_known *skp)
2951 {
2952 	skp->smk_netlabel.domain = skp->smk_known;
2953 	skp->smk_netlabel.flags =
2954 		NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
2955 	return smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
2956 				&skp->smk_netlabel, strlen(skp->smk_known));
2957 }
2958 
2959 /**
2960  * init_smk_fs - get the smackfs superblock
2961  *
2962  * register the smackfs
2963  *
2964  * Do not register smackfs if Smack wasn't enabled
2965  * on boot. We can not put this method normally under the
2966  * smack_init() code path since the security subsystem get
2967  * initialized before the vfs caches.
2968  *
2969  * Returns true if we were not chosen on boot or if
2970  * we were chosen and filesystem registration succeeded.
2971  */
2972 static int __init init_smk_fs(void)
2973 {
2974 	int err;
2975 	int rc;
2976 
2977 	if (smack_enabled == 0)
2978 		return 0;
2979 
2980 	err = smk_init_sysfs();
2981 	if (err)
2982 		printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
2983 
2984 	err = register_filesystem(&smk_fs_type);
2985 	if (!err) {
2986 		smackfs_mount = kern_mount(&smk_fs_type);
2987 		if (IS_ERR(smackfs_mount)) {
2988 			printk(KERN_ERR "smackfs:  could not mount!\n");
2989 			err = PTR_ERR(smackfs_mount);
2990 			smackfs_mount = NULL;
2991 		}
2992 	}
2993 
2994 	smk_cipso_doi();
2995 	smk_unlbl_ambient(NULL);
2996 
2997 	rc = smk_preset_netlabel(&smack_known_floor);
2998 	if (err == 0 && rc < 0)
2999 		err = rc;
3000 	rc = smk_preset_netlabel(&smack_known_hat);
3001 	if (err == 0 && rc < 0)
3002 		err = rc;
3003 	rc = smk_preset_netlabel(&smack_known_huh);
3004 	if (err == 0 && rc < 0)
3005 		err = rc;
3006 	rc = smk_preset_netlabel(&smack_known_star);
3007 	if (err == 0 && rc < 0)
3008 		err = rc;
3009 	rc = smk_preset_netlabel(&smack_known_web);
3010 	if (err == 0 && rc < 0)
3011 		err = rc;
3012 
3013 	return err;
3014 }
3015 
3016 __initcall(init_smk_fs);
3017