linux/security/smack/smack_lsm.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 *  Simplified MAC Kernel (smack) security module
   4 *
   5 *  This file contains the smack hook function implementations.
   6 *
   7 *  Authors:
   8 *      Casey Schaufler <casey@schaufler-ca.com>
   9 *      Jarkko Sakkinen <jarkko.sakkinen@intel.com>
  10 *
  11 *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
  12 *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
  13 *                Paul Moore <paul@paul-moore.com>
  14 *  Copyright (C) 2010 Nokia Corporation
  15 *  Copyright (C) 2011 Intel Corporation.
  16 */
  17
  18#include <linux/xattr.h>
  19#include <linux/pagemap.h>
  20#include <linux/mount.h>
  21#include <linux/stat.h>
  22#include <linux/kd.h>
  23#include <asm/ioctls.h>
  24#include <linux/ip.h>
  25#include <linux/tcp.h>
  26#include <linux/udp.h>
  27#include <linux/dccp.h>
  28#include <linux/icmpv6.h>
  29#include <linux/slab.h>
  30#include <linux/mutex.h>
  31#include <net/cipso_ipv4.h>
  32#include <net/ip.h>
  33#include <net/ipv6.h>
  34#include <linux/audit.h>
  35#include <linux/magic.h>
  36#include <linux/dcache.h>
  37#include <linux/personality.h>
  38#include <linux/msg.h>
  39#include <linux/shm.h>
  40#include <linux/binfmts.h>
  41#include <linux/parser.h>
  42#include <linux/fs_context.h>
  43#include <linux/fs_parser.h>
  44#include <linux/watch_queue.h>
  45#include "smack.h"
  46
  47#define TRANS_TRUE      "TRUE"
  48#define TRANS_TRUE_SIZE 4
  49
  50#define SMK_CONNECTING  0
  51#define SMK_RECEIVING   1
  52#define SMK_SENDING     2
  53
  54static DEFINE_MUTEX(smack_ipv6_lock);
  55static LIST_HEAD(smk_ipv6_port_list);
  56struct kmem_cache *smack_rule_cache;
  57int smack_enabled;
  58
  59#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
  60static struct {
  61        const char *name;
  62        int len;
  63        int opt;
  64} smk_mount_opts[] = {
  65        {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
  66        A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
  67};
  68#undef A
  69
  70static int match_opt_prefix(char *s, int l, char **arg)
  71{
  72        int i;
  73
  74        for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
  75                size_t len = smk_mount_opts[i].len;
  76                if (len > l || memcmp(s, smk_mount_opts[i].name, len))
  77                        continue;
  78                if (len == l || s[len] != '=')
  79                        continue;
  80                *arg = s + len + 1;
  81                return smk_mount_opts[i].opt;
  82        }
  83        return Opt_error;
  84}
  85
  86#ifdef CONFIG_SECURITY_SMACK_BRINGUP
  87static char *smk_bu_mess[] = {
  88        "Bringup Error",        /* Unused */
  89        "Bringup",              /* SMACK_BRINGUP_ALLOW */
  90        "Unconfined Subject",   /* SMACK_UNCONFINED_SUBJECT */
  91        "Unconfined Object",    /* SMACK_UNCONFINED_OBJECT */
  92};
  93
  94static void smk_bu_mode(int mode, char *s)
  95{
  96        int i = 0;
  97
  98        if (mode & MAY_READ)
  99                s[i++] = 'r';
 100        if (mode & MAY_WRITE)
 101                s[i++] = 'w';
 102        if (mode & MAY_EXEC)
 103                s[i++] = 'x';
 104        if (mode & MAY_APPEND)
 105                s[i++] = 'a';
 106        if (mode & MAY_TRANSMUTE)
 107                s[i++] = 't';
 108        if (mode & MAY_LOCK)
 109                s[i++] = 'l';
 110        if (i == 0)
 111                s[i++] = '-';
 112        s[i] = '\0';
 113}
 114#endif
 115
 116#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 117static int smk_bu_note(char *note, struct smack_known *sskp,
 118                       struct smack_known *oskp, int mode, int rc)
 119{
 120        char acc[SMK_NUM_ACCESS_TYPE + 1];
 121
 122        if (rc <= 0)
 123                return rc;
 124        if (rc > SMACK_UNCONFINED_OBJECT)
 125                rc = 0;
 126
 127        smk_bu_mode(mode, acc);
 128        pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
 129                sskp->smk_known, oskp->smk_known, acc, note);
 130        return 0;
 131}
 132#else
 133#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
 134#endif
 135
 136#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 137static int smk_bu_current(char *note, struct smack_known *oskp,
 138                          int mode, int rc)
 139{
 140        struct task_smack *tsp = smack_cred(current_cred());
 141        char acc[SMK_NUM_ACCESS_TYPE + 1];
 142
 143        if (rc <= 0)
 144                return rc;
 145        if (rc > SMACK_UNCONFINED_OBJECT)
 146                rc = 0;
 147
 148        smk_bu_mode(mode, acc);
 149        pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
 150                tsp->smk_task->smk_known, oskp->smk_known,
 151                acc, current->comm, note);
 152        return 0;
 153}
 154#else
 155#define smk_bu_current(note, oskp, mode, RC) (RC)
 156#endif
 157
 158#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 159static int smk_bu_task(struct task_struct *otp, int mode, int rc)
 160{
 161        struct task_smack *tsp = smack_cred(current_cred());
 162        struct smack_known *smk_task = smk_of_task_struct_obj(otp);
 163        char acc[SMK_NUM_ACCESS_TYPE + 1];
 164
 165        if (rc <= 0)
 166                return rc;
 167        if (rc > SMACK_UNCONFINED_OBJECT)
 168                rc = 0;
 169
 170        smk_bu_mode(mode, acc);
 171        pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
 172                tsp->smk_task->smk_known, smk_task->smk_known, acc,
 173                current->comm, otp->comm);
 174        return 0;
 175}
 176#else
 177#define smk_bu_task(otp, mode, RC) (RC)
 178#endif
 179
 180#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 181static int smk_bu_inode(struct inode *inode, int mode, int rc)
 182{
 183        struct task_smack *tsp = smack_cred(current_cred());
 184        struct inode_smack *isp = smack_inode(inode);
 185        char acc[SMK_NUM_ACCESS_TYPE + 1];
 186
 187        if (isp->smk_flags & SMK_INODE_IMPURE)
 188                pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
 189                        inode->i_sb->s_id, inode->i_ino, current->comm);
 190
 191        if (rc <= 0)
 192                return rc;
 193        if (rc > SMACK_UNCONFINED_OBJECT)
 194                rc = 0;
 195        if (rc == SMACK_UNCONFINED_SUBJECT &&
 196            (mode & (MAY_WRITE | MAY_APPEND)))
 197                isp->smk_flags |= SMK_INODE_IMPURE;
 198
 199        smk_bu_mode(mode, acc);
 200
 201        pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
 202                tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
 203                inode->i_sb->s_id, inode->i_ino, current->comm);
 204        return 0;
 205}
 206#else
 207#define smk_bu_inode(inode, mode, RC) (RC)
 208#endif
 209
 210#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 211static int smk_bu_file(struct file *file, int mode, int rc)
 212{
 213        struct task_smack *tsp = smack_cred(current_cred());
 214        struct smack_known *sskp = tsp->smk_task;
 215        struct inode *inode = file_inode(file);
 216        struct inode_smack *isp = smack_inode(inode);
 217        char acc[SMK_NUM_ACCESS_TYPE + 1];
 218
 219        if (isp->smk_flags & SMK_INODE_IMPURE)
 220                pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
 221                        inode->i_sb->s_id, inode->i_ino, current->comm);
 222
 223        if (rc <= 0)
 224                return rc;
 225        if (rc > SMACK_UNCONFINED_OBJECT)
 226                rc = 0;
 227
 228        smk_bu_mode(mode, acc);
 229        pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
 230                sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
 231                inode->i_sb->s_id, inode->i_ino, file,
 232                current->comm);
 233        return 0;
 234}
 235#else
 236#define smk_bu_file(file, mode, RC) (RC)
 237#endif
 238
 239#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 240static int smk_bu_credfile(const struct cred *cred, struct file *file,
 241                                int mode, int rc)
 242{
 243        struct task_smack *tsp = smack_cred(cred);
 244        struct smack_known *sskp = tsp->smk_task;
 245        struct inode *inode = file_inode(file);
 246        struct inode_smack *isp = smack_inode(inode);
 247        char acc[SMK_NUM_ACCESS_TYPE + 1];
 248
 249        if (isp->smk_flags & SMK_INODE_IMPURE)
 250                pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
 251                        inode->i_sb->s_id, inode->i_ino, current->comm);
 252
 253        if (rc <= 0)
 254                return rc;
 255        if (rc > SMACK_UNCONFINED_OBJECT)
 256                rc = 0;
 257
 258        smk_bu_mode(mode, acc);
 259        pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
 260                sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
 261                inode->i_sb->s_id, inode->i_ino, file,
 262                current->comm);
 263        return 0;
 264}
 265#else
 266#define smk_bu_credfile(cred, file, mode, RC) (RC)
 267#endif
 268
 269/**
 270 * smk_fetch - Fetch the smack label from a file.
 271 * @name: type of the label (attribute)
 272 * @ip: a pointer to the inode
 273 * @dp: a pointer to the dentry
 274 *
 275 * Returns a pointer to the master list entry for the Smack label,
 276 * NULL if there was no label to fetch, or an error code.
 277 */
 278static struct smack_known *smk_fetch(const char *name, struct inode *ip,
 279                                        struct dentry *dp)
 280{
 281        int rc;
 282        char *buffer;
 283        struct smack_known *skp = NULL;
 284
 285        if (!(ip->i_opflags & IOP_XATTR))
 286                return ERR_PTR(-EOPNOTSUPP);
 287
 288        buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
 289        if (buffer == NULL)
 290                return ERR_PTR(-ENOMEM);
 291
 292        rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
 293        if (rc < 0)
 294                skp = ERR_PTR(rc);
 295        else if (rc == 0)
 296                skp = NULL;
 297        else
 298                skp = smk_import_entry(buffer, rc);
 299
 300        kfree(buffer);
 301
 302        return skp;
 303}
 304
 305/**
 306 * init_inode_smack - initialize an inode security blob
 307 * @inode: inode to extract the info from
 308 * @skp: a pointer to the Smack label entry to use in the blob
 309 *
 310 */
 311static void init_inode_smack(struct inode *inode, struct smack_known *skp)
 312{
 313        struct inode_smack *isp = smack_inode(inode);
 314
 315        isp->smk_inode = skp;
 316        isp->smk_flags = 0;
 317}
 318
 319/**
 320 * init_task_smack - initialize a task security blob
 321 * @tsp: blob to initialize
 322 * @task: a pointer to the Smack label for the running task
 323 * @forked: a pointer to the Smack label for the forked task
 324 *
 325 */
 326static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
 327                                        struct smack_known *forked)
 328{
 329        tsp->smk_task = task;
 330        tsp->smk_forked = forked;
 331        INIT_LIST_HEAD(&tsp->smk_rules);
 332        INIT_LIST_HEAD(&tsp->smk_relabel);
 333        mutex_init(&tsp->smk_rules_lock);
 334}
 335
 336/**
 337 * smk_copy_rules - copy a rule set
 338 * @nhead: new rules header pointer
 339 * @ohead: old rules header pointer
 340 * @gfp: type of the memory for the allocation
 341 *
 342 * Returns 0 on success, -ENOMEM on error
 343 */
 344static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
 345                                gfp_t gfp)
 346{
 347        struct smack_rule *nrp;
 348        struct smack_rule *orp;
 349        int rc = 0;
 350
 351        list_for_each_entry_rcu(orp, ohead, list) {
 352                nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
 353                if (nrp == NULL) {
 354                        rc = -ENOMEM;
 355                        break;
 356                }
 357                *nrp = *orp;
 358                list_add_rcu(&nrp->list, nhead);
 359        }
 360        return rc;
 361}
 362
 363/**
 364 * smk_copy_relabel - copy smk_relabel labels list
 365 * @nhead: new rules header pointer
 366 * @ohead: old rules header pointer
 367 * @gfp: type of the memory for the allocation
 368 *
 369 * Returns 0 on success, -ENOMEM on error
 370 */
 371static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
 372                                gfp_t gfp)
 373{
 374        struct smack_known_list_elem *nklep;
 375        struct smack_known_list_elem *oklep;
 376
 377        list_for_each_entry(oklep, ohead, list) {
 378                nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
 379                if (nklep == NULL) {
 380                        smk_destroy_label_list(nhead);
 381                        return -ENOMEM;
 382                }
 383                nklep->smk_label = oklep->smk_label;
 384                list_add(&nklep->list, nhead);
 385        }
 386
 387        return 0;
 388}
 389
 390/**
 391 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
 392 * @mode - input mode in form of PTRACE_MODE_*
 393 *
 394 * Returns a converted MAY_* mode usable by smack rules
 395 */
 396static inline unsigned int smk_ptrace_mode(unsigned int mode)
 397{
 398        if (mode & PTRACE_MODE_ATTACH)
 399                return MAY_READWRITE;
 400        if (mode & PTRACE_MODE_READ)
 401                return MAY_READ;
 402
 403        return 0;
 404}
 405
 406/**
 407 * smk_ptrace_rule_check - helper for ptrace access
 408 * @tracer: tracer process
 409 * @tracee_known: label entry of the process that's about to be traced
 410 * @mode: ptrace attachment mode (PTRACE_MODE_*)
 411 * @func: name of the function that called us, used for audit
 412 *
 413 * Returns 0 on access granted, -error on error
 414 */
 415static int smk_ptrace_rule_check(struct task_struct *tracer,
 416                                 struct smack_known *tracee_known,
 417                                 unsigned int mode, const char *func)
 418{
 419        int rc;
 420        struct smk_audit_info ad, *saip = NULL;
 421        struct task_smack *tsp;
 422        struct smack_known *tracer_known;
 423        const struct cred *tracercred;
 424
 425        if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
 426                smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
 427                smk_ad_setfield_u_tsk(&ad, tracer);
 428                saip = &ad;
 429        }
 430
 431        rcu_read_lock();
 432        tracercred = __task_cred(tracer);
 433        tsp = smack_cred(tracercred);
 434        tracer_known = smk_of_task(tsp);
 435
 436        if ((mode & PTRACE_MODE_ATTACH) &&
 437            (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
 438             smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
 439                if (tracer_known->smk_known == tracee_known->smk_known)
 440                        rc = 0;
 441                else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
 442                        rc = -EACCES;
 443                else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
 444                        rc = 0;
 445                else
 446                        rc = -EACCES;
 447
 448                if (saip)
 449                        smack_log(tracer_known->smk_known,
 450                                  tracee_known->smk_known,
 451                                  0, rc, saip);
 452
 453                rcu_read_unlock();
 454                return rc;
 455        }
 456
 457        /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
 458        rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
 459
 460        rcu_read_unlock();
 461        return rc;
 462}
 463
 464/*
 465 * LSM hooks.
 466 * We he, that is fun!
 467 */
 468
 469/**
 470 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
 471 * @ctp: child task pointer
 472 * @mode: ptrace attachment mode (PTRACE_MODE_*)
 473 *
 474 * Returns 0 if access is OK, an error code otherwise
 475 *
 476 * Do the capability checks.
 477 */
 478static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
 479{
 480        struct smack_known *skp;
 481
 482        skp = smk_of_task_struct_obj(ctp);
 483
 484        return smk_ptrace_rule_check(current, skp, mode, __func__);
 485}
 486
 487/**
 488 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
 489 * @ptp: parent task pointer
 490 *
 491 * Returns 0 if access is OK, an error code otherwise
 492 *
 493 * Do the capability checks, and require PTRACE_MODE_ATTACH.
 494 */
 495static int smack_ptrace_traceme(struct task_struct *ptp)
 496{
 497        int rc;
 498        struct smack_known *skp;
 499
 500        skp = smk_of_task(smack_cred(current_cred()));
 501
 502        rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
 503        return rc;
 504}
 505
 506/**
 507 * smack_syslog - Smack approval on syslog
 508 * @typefrom_file: unused
 509 *
 510 * Returns 0 on success, error code otherwise.
 511 */
 512static int smack_syslog(int typefrom_file)
 513{
 514        int rc = 0;
 515        struct smack_known *skp = smk_of_current();
 516
 517        if (smack_privileged(CAP_MAC_OVERRIDE))
 518                return 0;
 519
 520        if (smack_syslog_label != NULL && smack_syslog_label != skp)
 521                rc = -EACCES;
 522
 523        return rc;
 524}
 525
 526/*
 527 * Superblock Hooks.
 528 */
 529
 530/**
 531 * smack_sb_alloc_security - allocate a superblock blob
 532 * @sb: the superblock getting the blob
 533 *
 534 * Returns 0 on success or -ENOMEM on error.
 535 */
 536static int smack_sb_alloc_security(struct super_block *sb)
 537{
 538        struct superblock_smack *sbsp = smack_superblock(sb);
 539
 540        sbsp->smk_root = &smack_known_floor;
 541        sbsp->smk_default = &smack_known_floor;
 542        sbsp->smk_floor = &smack_known_floor;
 543        sbsp->smk_hat = &smack_known_hat;
 544        /*
 545         * SMK_SB_INITIALIZED will be zero from kzalloc.
 546         */
 547
 548        return 0;
 549}
 550
 551struct smack_mnt_opts {
 552        const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
 553};
 554
 555static void smack_free_mnt_opts(void *mnt_opts)
 556{
 557        struct smack_mnt_opts *opts = mnt_opts;
 558        kfree(opts->fsdefault);
 559        kfree(opts->fsfloor);
 560        kfree(opts->fshat);
 561        kfree(opts->fsroot);
 562        kfree(opts->fstransmute);
 563        kfree(opts);
 564}
 565
 566static int smack_add_opt(int token, const char *s, void **mnt_opts)
 567{
 568        struct smack_mnt_opts *opts = *mnt_opts;
 569
 570        if (!opts) {
 571                opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
 572                if (!opts)
 573                        return -ENOMEM;
 574                *mnt_opts = opts;
 575        }
 576        if (!s)
 577                return -ENOMEM;
 578
 579        switch (token) {
 580        case Opt_fsdefault:
 581                if (opts->fsdefault)
 582                        goto out_opt_err;
 583                opts->fsdefault = s;
 584                break;
 585        case Opt_fsfloor:
 586                if (opts->fsfloor)
 587                        goto out_opt_err;
 588                opts->fsfloor = s;
 589                break;
 590        case Opt_fshat:
 591                if (opts->fshat)
 592                        goto out_opt_err;
 593                opts->fshat = s;
 594                break;
 595        case Opt_fsroot:
 596                if (opts->fsroot)
 597                        goto out_opt_err;
 598                opts->fsroot = s;
 599                break;
 600        case Opt_fstransmute:
 601                if (opts->fstransmute)
 602                        goto out_opt_err;
 603                opts->fstransmute = s;
 604                break;
 605        }
 606        return 0;
 607
 608out_opt_err:
 609        pr_warn("Smack: duplicate mount options\n");
 610        return -EINVAL;
 611}
 612
 613/**
 614 * smack_fs_context_dup - Duplicate the security data on fs_context duplication
 615 * @fc: The new filesystem context.
 616 * @src_fc: The source filesystem context being duplicated.
 617 *
 618 * Returns 0 on success or -ENOMEM on error.
 619 */
 620static int smack_fs_context_dup(struct fs_context *fc,
 621                                struct fs_context *src_fc)
 622{
 623        struct smack_mnt_opts *dst, *src = src_fc->security;
 624
 625        if (!src)
 626                return 0;
 627
 628        fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
 629        if (!fc->security)
 630                return -ENOMEM;
 631        dst = fc->security;
 632
 633        if (src->fsdefault) {
 634                dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
 635                if (!dst->fsdefault)
 636                        return -ENOMEM;
 637        }
 638        if (src->fsfloor) {
 639                dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
 640                if (!dst->fsfloor)
 641                        return -ENOMEM;
 642        }
 643        if (src->fshat) {
 644                dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
 645                if (!dst->fshat)
 646                        return -ENOMEM;
 647        }
 648        if (src->fsroot) {
 649                dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
 650                if (!dst->fsroot)
 651                        return -ENOMEM;
 652        }
 653        if (src->fstransmute) {
 654                dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
 655                if (!dst->fstransmute)
 656                        return -ENOMEM;
 657        }
 658        return 0;
 659}
 660
 661static const struct fs_parameter_spec smack_fs_parameters[] = {
 662        fsparam_string("smackfsdef",            Opt_fsdefault),
 663        fsparam_string("smackfsdefault",        Opt_fsdefault),
 664        fsparam_string("smackfsfloor",          Opt_fsfloor),
 665        fsparam_string("smackfshat",            Opt_fshat),
 666        fsparam_string("smackfsroot",           Opt_fsroot),
 667        fsparam_string("smackfstransmute",      Opt_fstransmute),
 668        {}
 669};
 670
 671/**
 672 * smack_fs_context_parse_param - Parse a single mount parameter
 673 * @fc: The new filesystem context being constructed.
 674 * @param: The parameter.
 675 *
 676 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
 677 * error.
 678 */
 679static int smack_fs_context_parse_param(struct fs_context *fc,
 680                                        struct fs_parameter *param)
 681{
 682        struct fs_parse_result result;
 683        int opt, rc;
 684
 685        opt = fs_parse(fc, smack_fs_parameters, param, &result);
 686        if (opt < 0)
 687                return opt;
 688
 689        rc = smack_add_opt(opt, param->string, &fc->security);
 690        if (!rc)
 691                param->string = NULL;
 692        return rc;
 693}
 694
 695static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
 696{
 697        char *from = options, *to = options;
 698        bool first = true;
 699
 700        while (1) {
 701                char *next = strchr(from, ',');
 702                int token, len, rc;
 703                char *arg = NULL;
 704
 705                if (next)
 706                        len = next - from;
 707                else
 708                        len = strlen(from);
 709
 710                token = match_opt_prefix(from, len, &arg);
 711                if (token != Opt_error) {
 712                        arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
 713                        rc = smack_add_opt(token, arg, mnt_opts);
 714                        if (unlikely(rc)) {
 715                                kfree(arg);
 716                                if (*mnt_opts)
 717                                        smack_free_mnt_opts(*mnt_opts);
 718                                *mnt_opts = NULL;
 719                                return rc;
 720                        }
 721                } else {
 722                        if (!first) {   // copy with preceding comma
 723                                from--;
 724                                len++;
 725                        }
 726                        if (to != from)
 727                                memmove(to, from, len);
 728                        to += len;
 729                        first = false;
 730                }
 731                if (!from[len])
 732                        break;
 733                from += len + 1;
 734        }
 735        *to = '\0';
 736        return 0;
 737}
 738
 739/**
 740 * smack_set_mnt_opts - set Smack specific mount options
 741 * @sb: the file system superblock
 742 * @mnt_opts: Smack mount options
 743 * @kern_flags: mount option from kernel space or user space
 744 * @set_kern_flags: where to store converted mount opts
 745 *
 746 * Returns 0 on success, an error code on failure
 747 *
 748 * Allow filesystems with binary mount data to explicitly set Smack mount
 749 * labels.
 750 */
 751static int smack_set_mnt_opts(struct super_block *sb,
 752                void *mnt_opts,
 753                unsigned long kern_flags,
 754                unsigned long *set_kern_flags)
 755{
 756        struct dentry *root = sb->s_root;
 757        struct inode *inode = d_backing_inode(root);
 758        struct superblock_smack *sp = smack_superblock(sb);
 759        struct inode_smack *isp;
 760        struct smack_known *skp;
 761        struct smack_mnt_opts *opts = mnt_opts;
 762        bool transmute = false;
 763
 764        if (sp->smk_flags & SMK_SB_INITIALIZED)
 765                return 0;
 766
 767        if (inode->i_security == NULL) {
 768                int rc = lsm_inode_alloc(inode);
 769
 770                if (rc)
 771                        return rc;
 772        }
 773
 774        if (!smack_privileged(CAP_MAC_ADMIN)) {
 775                /*
 776                 * Unprivileged mounts don't get to specify Smack values.
 777                 */
 778                if (opts)
 779                        return -EPERM;
 780                /*
 781                 * Unprivileged mounts get root and default from the caller.
 782                 */
 783                skp = smk_of_current();
 784                sp->smk_root = skp;
 785                sp->smk_default = skp;
 786                /*
 787                 * For a handful of fs types with no user-controlled
 788                 * backing store it's okay to trust security labels
 789                 * in the filesystem. The rest are untrusted.
 790                 */
 791                if (sb->s_user_ns != &init_user_ns &&
 792                    sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
 793                    sb->s_magic != RAMFS_MAGIC) {
 794                        transmute = true;
 795                        sp->smk_flags |= SMK_SB_UNTRUSTED;
 796                }
 797        }
 798
 799        sp->smk_flags |= SMK_SB_INITIALIZED;
 800
 801        if (opts) {
 802                if (opts->fsdefault) {
 803                        skp = smk_import_entry(opts->fsdefault, 0);
 804                        if (IS_ERR(skp))
 805                                return PTR_ERR(skp);
 806                        sp->smk_default = skp;
 807                }
 808                if (opts->fsfloor) {
 809                        skp = smk_import_entry(opts->fsfloor, 0);
 810                        if (IS_ERR(skp))
 811                                return PTR_ERR(skp);
 812                        sp->smk_floor = skp;
 813                }
 814                if (opts->fshat) {
 815                        skp = smk_import_entry(opts->fshat, 0);
 816                        if (IS_ERR(skp))
 817                                return PTR_ERR(skp);
 818                        sp->smk_hat = skp;
 819                }
 820                if (opts->fsroot) {
 821                        skp = smk_import_entry(opts->fsroot, 0);
 822                        if (IS_ERR(skp))
 823                                return PTR_ERR(skp);
 824                        sp->smk_root = skp;
 825                }
 826                if (opts->fstransmute) {
 827                        skp = smk_import_entry(opts->fstransmute, 0);
 828                        if (IS_ERR(skp))
 829                                return PTR_ERR(skp);
 830                        sp->smk_root = skp;
 831                        transmute = true;
 832                }
 833        }
 834
 835        /*
 836         * Initialize the root inode.
 837         */
 838        init_inode_smack(inode, sp->smk_root);
 839
 840        if (transmute) {
 841                isp = smack_inode(inode);
 842                isp->smk_flags |= SMK_INODE_TRANSMUTE;
 843        }
 844
 845        return 0;
 846}
 847
 848/**
 849 * smack_sb_statfs - Smack check on statfs
 850 * @dentry: identifies the file system in question
 851 *
 852 * Returns 0 if current can read the floor of the filesystem,
 853 * and error code otherwise
 854 */
 855static int smack_sb_statfs(struct dentry *dentry)
 856{
 857        struct superblock_smack *sbp = smack_superblock(dentry->d_sb);
 858        int rc;
 859        struct smk_audit_info ad;
 860
 861        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 862        smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 863
 864        rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
 865        rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
 866        return rc;
 867}
 868
 869/*
 870 * BPRM hooks
 871 */
 872
 873/**
 874 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec
 875 * @bprm: the exec information
 876 *
 877 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
 878 */
 879static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)
 880{
 881        struct inode *inode = file_inode(bprm->file);
 882        struct task_smack *bsp = smack_cred(bprm->cred);
 883        struct inode_smack *isp;
 884        struct superblock_smack *sbsp;
 885        int rc;
 886
 887        isp = smack_inode(inode);
 888        if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
 889                return 0;
 890
 891        sbsp = smack_superblock(inode->i_sb);
 892        if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
 893            isp->smk_task != sbsp->smk_root)
 894                return 0;
 895
 896        if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
 897                struct task_struct *tracer;
 898                rc = 0;
 899
 900                rcu_read_lock();
 901                tracer = ptrace_parent(current);
 902                if (likely(tracer != NULL))
 903                        rc = smk_ptrace_rule_check(tracer,
 904                                                   isp->smk_task,
 905                                                   PTRACE_MODE_ATTACH,
 906                                                   __func__);
 907                rcu_read_unlock();
 908
 909                if (rc != 0)
 910                        return rc;
 911        }
 912        if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
 913                return -EPERM;
 914
 915        bsp->smk_task = isp->smk_task;
 916        bprm->per_clear |= PER_CLEAR_ON_SETID;
 917
 918        /* Decide if this is a secure exec. */
 919        if (bsp->smk_task != bsp->smk_forked)
 920                bprm->secureexec = 1;
 921
 922        return 0;
 923}
 924
 925/*
 926 * Inode hooks
 927 */
 928
 929/**
 930 * smack_inode_alloc_security - allocate an inode blob
 931 * @inode: the inode in need of a blob
 932 *
 933 * Returns 0
 934 */
 935static int smack_inode_alloc_security(struct inode *inode)
 936{
 937        struct smack_known *skp = smk_of_current();
 938
 939        init_inode_smack(inode, skp);
 940        return 0;
 941}
 942
 943/**
 944 * smack_inode_init_security - copy out the smack from an inode
 945 * @inode: the newly created inode
 946 * @dir: containing directory object
 947 * @qstr: unused
 948 * @name: where to put the attribute name
 949 * @value: where to put the attribute value
 950 * @len: where to put the length of the attribute
 951 *
 952 * Returns 0 if it all works out, -ENOMEM if there's no memory
 953 */
 954static int smack_inode_init_security(struct inode *inode, struct inode *dir,
 955                                     const struct qstr *qstr, const char **name,
 956                                     void **value, size_t *len)
 957{
 958        struct inode_smack *issp = smack_inode(inode);
 959        struct smack_known *skp = smk_of_current();
 960        struct smack_known *isp = smk_of_inode(inode);
 961        struct smack_known *dsp = smk_of_inode(dir);
 962        int may;
 963
 964        if (name)
 965                *name = XATTR_SMACK_SUFFIX;
 966
 967        if (value && len) {
 968                rcu_read_lock();
 969                may = smk_access_entry(skp->smk_known, dsp->smk_known,
 970                                       &skp->smk_rules);
 971                rcu_read_unlock();
 972
 973                /*
 974                 * If the access rule allows transmutation and
 975                 * the directory requests transmutation then
 976                 * by all means transmute.
 977                 * Mark the inode as changed.
 978                 */
 979                if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
 980                    smk_inode_transmutable(dir)) {
 981                        isp = dsp;
 982                        issp->smk_flags |= SMK_INODE_CHANGED;
 983                }
 984
 985                *value = kstrdup(isp->smk_known, GFP_NOFS);
 986                if (*value == NULL)
 987                        return -ENOMEM;
 988
 989                *len = strlen(isp->smk_known);
 990        }
 991
 992        return 0;
 993}
 994
 995/**
 996 * smack_inode_link - Smack check on link
 997 * @old_dentry: the existing object
 998 * @dir: unused
 999 * @new_dentry: the new object
1000 *
1001 * Returns 0 if access is permitted, an error code otherwise
1002 */
1003static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1004                            struct dentry *new_dentry)
1005{
1006        struct smack_known *isp;
1007        struct smk_audit_info ad;
1008        int rc;
1009
1010        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1011        smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1012
1013        isp = smk_of_inode(d_backing_inode(old_dentry));
1014        rc = smk_curacc(isp, MAY_WRITE, &ad);
1015        rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1016
1017        if (rc == 0 && d_is_positive(new_dentry)) {
1018                isp = smk_of_inode(d_backing_inode(new_dentry));
1019                smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1020                rc = smk_curacc(isp, MAY_WRITE, &ad);
1021                rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1022        }
1023
1024        return rc;
1025}
1026
1027/**
1028 * smack_inode_unlink - Smack check on inode deletion
1029 * @dir: containing directory object
1030 * @dentry: file to unlink
1031 *
1032 * Returns 0 if current can write the containing directory
1033 * and the object, error code otherwise
1034 */
1035static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1036{
1037        struct inode *ip = d_backing_inode(dentry);
1038        struct smk_audit_info ad;
1039        int rc;
1040
1041        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1042        smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1043
1044        /*
1045         * You need write access to the thing you're unlinking
1046         */
1047        rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1048        rc = smk_bu_inode(ip, MAY_WRITE, rc);
1049        if (rc == 0) {
1050                /*
1051                 * You also need write access to the containing directory
1052                 */
1053                smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1054                smk_ad_setfield_u_fs_inode(&ad, dir);
1055                rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1056                rc = smk_bu_inode(dir, MAY_WRITE, rc);
1057        }
1058        return rc;
1059}
1060
1061/**
1062 * smack_inode_rmdir - Smack check on directory deletion
1063 * @dir: containing directory object
1064 * @dentry: directory to unlink
1065 *
1066 * Returns 0 if current can write the containing directory
1067 * and the directory, error code otherwise
1068 */
1069static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1070{
1071        struct smk_audit_info ad;
1072        int rc;
1073
1074        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1075        smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1076
1077        /*
1078         * You need write access to the thing you're removing
1079         */
1080        rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1081        rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1082        if (rc == 0) {
1083                /*
1084                 * You also need write access to the containing directory
1085                 */
1086                smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1087                smk_ad_setfield_u_fs_inode(&ad, dir);
1088                rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1089                rc = smk_bu_inode(dir, MAY_WRITE, rc);
1090        }
1091
1092        return rc;
1093}
1094
1095/**
1096 * smack_inode_rename - Smack check on rename
1097 * @old_inode: unused
1098 * @old_dentry: the old object
1099 * @new_inode: unused
1100 * @new_dentry: the new object
1101 *
1102 * Read and write access is required on both the old and
1103 * new directories.
1104 *
1105 * Returns 0 if access is permitted, an error code otherwise
1106 */
1107static int smack_inode_rename(struct inode *old_inode,
1108                              struct dentry *old_dentry,
1109                              struct inode *new_inode,
1110                              struct dentry *new_dentry)
1111{
1112        int rc;
1113        struct smack_known *isp;
1114        struct smk_audit_info ad;
1115
1116        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1117        smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1118
1119        isp = smk_of_inode(d_backing_inode(old_dentry));
1120        rc = smk_curacc(isp, MAY_READWRITE, &ad);
1121        rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1122
1123        if (rc == 0 && d_is_positive(new_dentry)) {
1124                isp = smk_of_inode(d_backing_inode(new_dentry));
1125                smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1126                rc = smk_curacc(isp, MAY_READWRITE, &ad);
1127                rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1128        }
1129        return rc;
1130}
1131
1132/**
1133 * smack_inode_permission - Smack version of permission()
1134 * @inode: the inode in question
1135 * @mask: the access requested
1136 *
1137 * This is the important Smack hook.
1138 *
1139 * Returns 0 if access is permitted, an error code otherwise
1140 */
1141static int smack_inode_permission(struct inode *inode, int mask)
1142{
1143        struct superblock_smack *sbsp = smack_superblock(inode->i_sb);
1144        struct smk_audit_info ad;
1145        int no_block = mask & MAY_NOT_BLOCK;
1146        int rc;
1147
1148        mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1149        /*
1150         * No permission to check. Existence test. Yup, it's there.
1151         */
1152        if (mask == 0)
1153                return 0;
1154
1155        if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1156                if (smk_of_inode(inode) != sbsp->smk_root)
1157                        return -EACCES;
1158        }
1159
1160        /* May be droppable after audit */
1161        if (no_block)
1162                return -ECHILD;
1163        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1164        smk_ad_setfield_u_fs_inode(&ad, inode);
1165        rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1166        rc = smk_bu_inode(inode, mask, rc);
1167        return rc;
1168}
1169
1170/**
1171 * smack_inode_setattr - Smack check for setting attributes
1172 * @dentry: the object
1173 * @iattr: for the force flag
1174 *
1175 * Returns 0 if access is permitted, an error code otherwise
1176 */
1177static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1178{
1179        struct smk_audit_info ad;
1180        int rc;
1181
1182        /*
1183         * Need to allow for clearing the setuid bit.
1184         */
1185        if (iattr->ia_valid & ATTR_FORCE)
1186                return 0;
1187        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1188        smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1189
1190        rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1191        rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1192        return rc;
1193}
1194
1195/**
1196 * smack_inode_getattr - Smack check for getting attributes
1197 * @path: path to extract the info from
1198 *
1199 * Returns 0 if access is permitted, an error code otherwise
1200 */
1201static int smack_inode_getattr(const struct path *path)
1202{
1203        struct smk_audit_info ad;
1204        struct inode *inode = d_backing_inode(path->dentry);
1205        int rc;
1206
1207        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1208        smk_ad_setfield_u_fs_path(&ad, *path);
1209        rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1210        rc = smk_bu_inode(inode, MAY_READ, rc);
1211        return rc;
1212}
1213
1214/**
1215 * smack_inode_setxattr - Smack check for setting xattrs
1216 * @dentry: the object
1217 * @name: name of the attribute
1218 * @value: value of the attribute
1219 * @size: size of the value
1220 * @flags: unused
1221 *
1222 * This protects the Smack attribute explicitly.
1223 *
1224 * Returns 0 if access is permitted, an error code otherwise
1225 */
1226static int smack_inode_setxattr(struct user_namespace *mnt_userns,
1227                                struct dentry *dentry, const char *name,
1228                                const void *value, size_t size, int flags)
1229{
1230        struct smk_audit_info ad;
1231        struct smack_known *skp;
1232        int check_priv = 0;
1233        int check_import = 0;
1234        int check_star = 0;
1235        int rc = 0;
1236
1237        /*
1238         * Check label validity here so import won't fail in post_setxattr
1239         */
1240        if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1241            strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1242            strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1243                check_priv = 1;
1244                check_import = 1;
1245        } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1246                   strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1247                check_priv = 1;
1248                check_import = 1;
1249                check_star = 1;
1250        } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1251                check_priv = 1;
1252                if (size != TRANS_TRUE_SIZE ||
1253                    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1254                        rc = -EINVAL;
1255        } else
1256                rc = cap_inode_setxattr(dentry, name, value, size, flags);
1257
1258        if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1259                rc = -EPERM;
1260
1261        if (rc == 0 && check_import) {
1262                skp = size ? smk_import_entry(value, size) : NULL;
1263                if (IS_ERR(skp))
1264                        rc = PTR_ERR(skp);
1265                else if (skp == NULL || (check_star &&
1266                    (skp == &smack_known_star || skp == &smack_known_web)))
1267                        rc = -EINVAL;
1268        }
1269
1270        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1271        smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1272
1273        if (rc == 0) {
1274                rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1275                rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1276        }
1277
1278        return rc;
1279}
1280
1281/**
1282 * smack_inode_post_setxattr - Apply the Smack update approved above
1283 * @dentry: object
1284 * @name: attribute name
1285 * @value: attribute value
1286 * @size: attribute size
1287 * @flags: unused
1288 *
1289 * Set the pointer in the inode blob to the entry found
1290 * in the master label list.
1291 */
1292static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1293                                      const void *value, size_t size, int flags)
1294{
1295        struct smack_known *skp;
1296        struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
1297
1298        if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1299                isp->smk_flags |= SMK_INODE_TRANSMUTE;
1300                return;
1301        }
1302
1303        if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1304                skp = smk_import_entry(value, size);
1305                if (!IS_ERR(skp))
1306                        isp->smk_inode = skp;
1307        } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1308                skp = smk_import_entry(value, size);
1309                if (!IS_ERR(skp))
1310                        isp->smk_task = skp;
1311        } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1312                skp = smk_import_entry(value, size);
1313                if (!IS_ERR(skp))
1314                        isp->smk_mmap = skp;
1315        }
1316
1317        return;
1318}
1319
1320/**
1321 * smack_inode_getxattr - Smack check on getxattr
1322 * @dentry: the object
1323 * @name: unused
1324 *
1325 * Returns 0 if access is permitted, an error code otherwise
1326 */
1327static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1328{
1329        struct smk_audit_info ad;
1330        int rc;
1331
1332        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1333        smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1334
1335        rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1336        rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1337        return rc;
1338}
1339
1340/**
1341 * smack_inode_removexattr - Smack check on removexattr
1342 * @dentry: the object
1343 * @name: name of the attribute
1344 *
1345 * Removing the Smack attribute requires CAP_MAC_ADMIN
1346 *
1347 * Returns 0 if access is permitted, an error code otherwise
1348 */
1349static int smack_inode_removexattr(struct user_namespace *mnt_userns,
1350                                   struct dentry *dentry, const char *name)
1351{
1352        struct inode_smack *isp;
1353        struct smk_audit_info ad;
1354        int rc = 0;
1355
1356        if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1357            strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1358            strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1359            strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1360            strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1361            strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1362                if (!smack_privileged(CAP_MAC_ADMIN))
1363                        rc = -EPERM;
1364        } else
1365                rc = cap_inode_removexattr(mnt_userns, dentry, name);
1366
1367        if (rc != 0)
1368                return rc;
1369
1370        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1371        smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1372
1373        rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1374        rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1375        if (rc != 0)
1376                return rc;
1377
1378        isp = smack_inode(d_backing_inode(dentry));
1379        /*
1380         * Don't do anything special for these.
1381         *      XATTR_NAME_SMACKIPIN
1382         *      XATTR_NAME_SMACKIPOUT
1383         */
1384        if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1385                struct super_block *sbp = dentry->d_sb;
1386                struct superblock_smack *sbsp = smack_superblock(sbp);
1387
1388                isp->smk_inode = sbsp->smk_default;
1389        } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1390                isp->smk_task = NULL;
1391        else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1392                isp->smk_mmap = NULL;
1393        else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1394                isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1395
1396        return 0;
1397}
1398
1399/**
1400 * smack_inode_getsecurity - get smack xattrs
1401 * @inode: the object
1402 * @name: attribute name
1403 * @buffer: where to put the result
1404 * @alloc: duplicate memory
1405 *
1406 * Returns the size of the attribute or an error code
1407 */
1408static int smack_inode_getsecurity(struct user_namespace *mnt_userns,
1409                                   struct inode *inode, const char *name,
1410                                   void **buffer, bool alloc)
1411{
1412        struct socket_smack *ssp;
1413        struct socket *sock;
1414        struct super_block *sbp;
1415        struct inode *ip = (struct inode *)inode;
1416        struct smack_known *isp;
1417
1418        if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
1419                isp = smk_of_inode(inode);
1420        else {
1421                /*
1422                 * The rest of the Smack xattrs are only on sockets.
1423                 */
1424                sbp = ip->i_sb;
1425                if (sbp->s_magic != SOCKFS_MAGIC)
1426                        return -EOPNOTSUPP;
1427
1428                sock = SOCKET_I(ip);
1429                if (sock == NULL || sock->sk == NULL)
1430                        return -EOPNOTSUPP;
1431
1432                ssp = sock->sk->sk_security;
1433
1434                if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1435                        isp = ssp->smk_in;
1436                else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1437                        isp = ssp->smk_out;
1438                else
1439                        return -EOPNOTSUPP;
1440        }
1441
1442        if (alloc) {
1443                *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1444                if (*buffer == NULL)
1445                        return -ENOMEM;
1446        }
1447
1448        return strlen(isp->smk_known);
1449}
1450
1451
1452/**
1453 * smack_inode_listsecurity - list the Smack attributes
1454 * @inode: the object
1455 * @buffer: where they go
1456 * @buffer_size: size of buffer
1457 */
1458static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1459                                    size_t buffer_size)
1460{
1461        int len = sizeof(XATTR_NAME_SMACK);
1462
1463        if (buffer != NULL && len <= buffer_size)
1464                memcpy(buffer, XATTR_NAME_SMACK, len);
1465
1466        return len;
1467}
1468
1469/**
1470 * smack_inode_getsecid - Extract inode's security id
1471 * @inode: inode to extract the info from
1472 * @secid: where result will be saved
1473 */
1474static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1475{
1476        struct smack_known *skp = smk_of_inode(inode);
1477
1478        *secid = skp->smk_secid;
1479}
1480
1481/*
1482 * File Hooks
1483 */
1484
1485/*
1486 * There is no smack_file_permission hook
1487 *
1488 * Should access checks be done on each read or write?
1489 * UNICOS and SELinux say yes.
1490 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1491 *
1492 * I'll say no for now. Smack does not do the frequent
1493 * label changing that SELinux does.
1494 */
1495
1496/**
1497 * smack_file_alloc_security - assign a file security blob
1498 * @file: the object
1499 *
1500 * The security blob for a file is a pointer to the master
1501 * label list, so no allocation is done.
1502 *
1503 * f_security is the owner security information. It
1504 * isn't used on file access checks, it's for send_sigio.
1505 *
1506 * Returns 0
1507 */
1508static int smack_file_alloc_security(struct file *file)
1509{
1510        struct smack_known **blob = smack_file(file);
1511
1512        *blob = smk_of_current();
1513        return 0;
1514}
1515
1516/**
1517 * smack_file_ioctl - Smack check on ioctls
1518 * @file: the object
1519 * @cmd: what to do
1520 * @arg: unused
1521 *
1522 * Relies heavily on the correct use of the ioctl command conventions.
1523 *
1524 * Returns 0 if allowed, error code otherwise
1525 */
1526static int smack_file_ioctl(struct file *file, unsigned int cmd,
1527                            unsigned long arg)
1528{
1529        int rc = 0;
1530        struct smk_audit_info ad;
1531        struct inode *inode = file_inode(file);
1532
1533        if (unlikely(IS_PRIVATE(inode)))
1534                return 0;
1535
1536        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1537        smk_ad_setfield_u_fs_path(&ad, file->f_path);
1538
1539        if (_IOC_DIR(cmd) & _IOC_WRITE) {
1540                rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1541                rc = smk_bu_file(file, MAY_WRITE, rc);
1542        }
1543
1544        if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1545                rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1546                rc = smk_bu_file(file, MAY_READ, rc);
1547        }
1548
1549        return rc;
1550}
1551
1552/**
1553 * smack_file_lock - Smack check on file locking
1554 * @file: the object
1555 * @cmd: unused
1556 *
1557 * Returns 0 if current has lock access, error code otherwise
1558 */
1559static int smack_file_lock(struct file *file, unsigned int cmd)
1560{
1561        struct smk_audit_info ad;
1562        int rc;
1563        struct inode *inode = file_inode(file);
1564
1565        if (unlikely(IS_PRIVATE(inode)))
1566                return 0;
1567
1568        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1569        smk_ad_setfield_u_fs_path(&ad, file->f_path);
1570        rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1571        rc = smk_bu_file(file, MAY_LOCK, rc);
1572        return rc;
1573}
1574
1575/**
1576 * smack_file_fcntl - Smack check on fcntl
1577 * @file: the object
1578 * @cmd: what action to check
1579 * @arg: unused
1580 *
1581 * Generally these operations are harmless.
1582 * File locking operations present an obvious mechanism
1583 * for passing information, so they require write access.
1584 *
1585 * Returns 0 if current has access, error code otherwise
1586 */
1587static int smack_file_fcntl(struct file *file, unsigned int cmd,
1588                            unsigned long arg)
1589{
1590        struct smk_audit_info ad;
1591        int rc = 0;
1592        struct inode *inode = file_inode(file);
1593
1594        if (unlikely(IS_PRIVATE(inode)))
1595                return 0;
1596
1597        switch (cmd) {
1598        case F_GETLK:
1599                break;
1600        case F_SETLK:
1601        case F_SETLKW:
1602                smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1603                smk_ad_setfield_u_fs_path(&ad, file->f_path);
1604                rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1605                rc = smk_bu_file(file, MAY_LOCK, rc);
1606                break;
1607        case F_SETOWN:
1608        case F_SETSIG:
1609                smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1610                smk_ad_setfield_u_fs_path(&ad, file->f_path);
1611                rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1612                rc = smk_bu_file(file, MAY_WRITE, rc);
1613                break;
1614        default:
1615                break;
1616        }
1617
1618        return rc;
1619}
1620
1621/**
1622 * smack_mmap_file :
1623 * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1624 * if mapping anonymous memory.
1625 * @file contains the file structure for file to map (may be NULL).
1626 * @reqprot contains the protection requested by the application.
1627 * @prot contains the protection that will be applied by the kernel.
1628 * @flags contains the operational flags.
1629 * Return 0 if permission is granted.
1630 */
1631static int smack_mmap_file(struct file *file,
1632                           unsigned long reqprot, unsigned long prot,
1633                           unsigned long flags)
1634{
1635        struct smack_known *skp;
1636        struct smack_known *mkp;
1637        struct smack_rule *srp;
1638        struct task_smack *tsp;
1639        struct smack_known *okp;
1640        struct inode_smack *isp;
1641        struct superblock_smack *sbsp;
1642        int may;
1643        int mmay;
1644        int tmay;
1645        int rc;
1646
1647        if (file == NULL)
1648                return 0;
1649
1650        if (unlikely(IS_PRIVATE(file_inode(file))))
1651                return 0;
1652
1653        isp = smack_inode(file_inode(file));
1654        if (isp->smk_mmap == NULL)
1655                return 0;
1656        sbsp = smack_superblock(file_inode(file)->i_sb);
1657        if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1658            isp->smk_mmap != sbsp->smk_root)
1659                return -EACCES;
1660        mkp = isp->smk_mmap;
1661
1662        tsp = smack_cred(current_cred());
1663        skp = smk_of_current();
1664        rc = 0;
1665
1666        rcu_read_lock();
1667        /*
1668         * For each Smack rule associated with the subject
1669         * label verify that the SMACK64MMAP also has access
1670         * to that rule's object label.
1671         */
1672        list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1673                okp = srp->smk_object;
1674                /*
1675                 * Matching labels always allows access.
1676                 */
1677                if (mkp->smk_known == okp->smk_known)
1678                        continue;
1679                /*
1680                 * If there is a matching local rule take
1681                 * that into account as well.
1682                 */
1683                may = smk_access_entry(srp->smk_subject->smk_known,
1684                                       okp->smk_known,
1685                                       &tsp->smk_rules);
1686                if (may == -ENOENT)
1687                        may = srp->smk_access;
1688                else
1689                        may &= srp->smk_access;
1690                /*
1691                 * If may is zero the SMACK64MMAP subject can't
1692                 * possibly have less access.
1693                 */
1694                if (may == 0)
1695                        continue;
1696
1697                /*
1698                 * Fetch the global list entry.
1699                 * If there isn't one a SMACK64MMAP subject
1700                 * can't have as much access as current.
1701                 */
1702                mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1703                                        &mkp->smk_rules);
1704                if (mmay == -ENOENT) {
1705                        rc = -EACCES;
1706                        break;
1707                }
1708                /*
1709                 * If there is a local entry it modifies the
1710                 * potential access, too.
1711                 */
1712                tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1713                                        &tsp->smk_rules);
1714                if (tmay != -ENOENT)
1715                        mmay &= tmay;
1716
1717                /*
1718                 * If there is any access available to current that is
1719                 * not available to a SMACK64MMAP subject
1720                 * deny access.
1721                 */
1722                if ((may | mmay) != mmay) {
1723                        rc = -EACCES;
1724                        break;
1725                }
1726        }
1727
1728        rcu_read_unlock();
1729
1730        return rc;
1731}
1732
1733/**
1734 * smack_file_set_fowner - set the file security blob value
1735 * @file: object in question
1736 *
1737 */
1738static void smack_file_set_fowner(struct file *file)
1739{
1740        struct smack_known **blob = smack_file(file);
1741
1742        *blob = smk_of_current();
1743}
1744
1745/**
1746 * smack_file_send_sigiotask - Smack on sigio
1747 * @tsk: The target task
1748 * @fown: the object the signal come from
1749 * @signum: unused
1750 *
1751 * Allow a privileged task to get signals even if it shouldn't
1752 *
1753 * Returns 0 if a subject with the object's smack could
1754 * write to the task, an error code otherwise.
1755 */
1756static int smack_file_send_sigiotask(struct task_struct *tsk,
1757                                     struct fown_struct *fown, int signum)
1758{
1759        struct smack_known **blob;
1760        struct smack_known *skp;
1761        struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
1762        const struct cred *tcred;
1763        struct file *file;
1764        int rc;
1765        struct smk_audit_info ad;
1766
1767        /*
1768         * struct fown_struct is never outside the context of a struct file
1769         */
1770        file = container_of(fown, struct file, f_owner);
1771
1772        /* we don't log here as rc can be overriden */
1773        blob = smack_file(file);
1774        skp = *blob;
1775        rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1776        rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1777
1778        rcu_read_lock();
1779        tcred = __task_cred(tsk);
1780        if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
1781                rc = 0;
1782        rcu_read_unlock();
1783
1784        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1785        smk_ad_setfield_u_tsk(&ad, tsk);
1786        smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1787        return rc;
1788}
1789
1790/**
1791 * smack_file_receive - Smack file receive check
1792 * @file: the object
1793 *
1794 * Returns 0 if current has access, error code otherwise
1795 */
1796static int smack_file_receive(struct file *file)
1797{
1798        int rc;
1799        int may = 0;
1800        struct smk_audit_info ad;
1801        struct inode *inode = file_inode(file);
1802        struct socket *sock;
1803        struct task_smack *tsp;
1804        struct socket_smack *ssp;
1805
1806        if (unlikely(IS_PRIVATE(inode)))
1807                return 0;
1808
1809        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1810        smk_ad_setfield_u_fs_path(&ad, file->f_path);
1811
1812        if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1813                sock = SOCKET_I(inode);
1814                ssp = sock->sk->sk_security;
1815                tsp = smack_cred(current_cred());
1816                /*
1817                 * If the receiving process can't write to the
1818                 * passed socket or if the passed socket can't
1819                 * write to the receiving process don't accept
1820                 * the passed socket.
1821                 */
1822                rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1823                rc = smk_bu_file(file, may, rc);
1824                if (rc < 0)
1825                        return rc;
1826                rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1827                rc = smk_bu_file(file, may, rc);
1828                return rc;
1829        }
1830        /*
1831         * This code relies on bitmasks.
1832         */
1833        if (file->f_mode & FMODE_READ)
1834                may = MAY_READ;
1835        if (file->f_mode & FMODE_WRITE)
1836                may |= MAY_WRITE;
1837
1838        rc = smk_curacc(smk_of_inode(inode), may, &ad);
1839        rc = smk_bu_file(file, may, rc);
1840        return rc;
1841}
1842
1843/**
1844 * smack_file_open - Smack dentry open processing
1845 * @file: the object
1846 *
1847 * Set the security blob in the file structure.
1848 * Allow the open only if the task has read access. There are
1849 * many read operations (e.g. fstat) that you can do with an
1850 * fd even if you have the file open write-only.
1851 *
1852 * Returns 0 if current has access, error code otherwise
1853 */
1854static int smack_file_open(struct file *file)
1855{
1856        struct task_smack *tsp = smack_cred(file->f_cred);
1857        struct inode *inode = file_inode(file);
1858        struct smk_audit_info ad;
1859        int rc;
1860
1861        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1862        smk_ad_setfield_u_fs_path(&ad, file->f_path);
1863        rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1864        rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
1865
1866        return rc;
1867}
1868
1869/*
1870 * Task hooks
1871 */
1872
1873/**
1874 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1875 * @cred: the new credentials
1876 * @gfp: the atomicity of any memory allocations
1877 *
1878 * Prepare a blank set of credentials for modification.  This must allocate all
1879 * the memory the LSM module might require such that cred_transfer() can
1880 * complete without error.
1881 */
1882static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1883{
1884        init_task_smack(smack_cred(cred), NULL, NULL);
1885        return 0;
1886}
1887
1888
1889/**
1890 * smack_cred_free - "free" task-level security credentials
1891 * @cred: the credentials in question
1892 *
1893 */
1894static void smack_cred_free(struct cred *cred)
1895{
1896        struct task_smack *tsp = smack_cred(cred);
1897        struct smack_rule *rp;
1898        struct list_head *l;
1899        struct list_head *n;
1900
1901        smk_destroy_label_list(&tsp->smk_relabel);
1902
1903        list_for_each_safe(l, n, &tsp->smk_rules) {
1904                rp = list_entry(l, struct smack_rule, list);
1905                list_del(&rp->list);
1906                kmem_cache_free(smack_rule_cache, rp);
1907        }
1908}
1909
1910/**
1911 * smack_cred_prepare - prepare new set of credentials for modification
1912 * @new: the new credentials
1913 * @old: the original credentials
1914 * @gfp: the atomicity of any memory allocations
1915 *
1916 * Prepare a new set of credentials for modification.
1917 */
1918static int smack_cred_prepare(struct cred *new, const struct cred *old,
1919                              gfp_t gfp)
1920{
1921        struct task_smack *old_tsp = smack_cred(old);
1922        struct task_smack *new_tsp = smack_cred(new);
1923        int rc;
1924
1925        init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
1926
1927        rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1928        if (rc != 0)
1929                return rc;
1930
1931        rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
1932                                gfp);
1933        return rc;
1934}
1935
1936/**
1937 * smack_cred_transfer - Transfer the old credentials to the new credentials
1938 * @new: the new credentials
1939 * @old: the original credentials
1940 *
1941 * Fill in a set of blank credentials from another set of credentials.
1942 */
1943static void smack_cred_transfer(struct cred *new, const struct cred *old)
1944{
1945        struct task_smack *old_tsp = smack_cred(old);
1946        struct task_smack *new_tsp = smack_cred(new);
1947
1948        new_tsp->smk_task = old_tsp->smk_task;
1949        new_tsp->smk_forked = old_tsp->smk_task;
1950        mutex_init(&new_tsp->smk_rules_lock);
1951        INIT_LIST_HEAD(&new_tsp->smk_rules);
1952
1953        /* cbs copy rule list */
1954}
1955
1956/**
1957 * smack_cred_getsecid - get the secid corresponding to a creds structure
1958 * @cred: the object creds
1959 * @secid: where to put the result
1960 *
1961 * Sets the secid to contain a u32 version of the smack label.
1962 */
1963static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
1964{
1965        struct smack_known *skp;
1966
1967        rcu_read_lock();
1968        skp = smk_of_task(smack_cred(cred));
1969        *secid = skp->smk_secid;
1970        rcu_read_unlock();
1971}
1972
1973/**
1974 * smack_kernel_act_as - Set the subjective context in a set of credentials
1975 * @new: points to the set of credentials to be modified.
1976 * @secid: specifies the security ID to be set
1977 *
1978 * Set the security data for a kernel service.
1979 */
1980static int smack_kernel_act_as(struct cred *new, u32 secid)
1981{
1982        struct task_smack *new_tsp = smack_cred(new);
1983
1984        new_tsp->smk_task = smack_from_secid(secid);
1985        return 0;
1986}
1987
1988/**
1989 * smack_kernel_create_files_as - Set the file creation label in a set of creds
1990 * @new: points to the set of credentials to be modified
1991 * @inode: points to the inode to use as a reference
1992 *
1993 * Set the file creation context in a set of credentials to the same
1994 * as the objective context of the specified inode
1995 */
1996static int smack_kernel_create_files_as(struct cred *new,
1997                                        struct inode *inode)
1998{
1999        struct inode_smack *isp = smack_inode(inode);
2000        struct task_smack *tsp = smack_cred(new);
2001
2002        tsp->smk_forked = isp->smk_inode;
2003        tsp->smk_task = tsp->smk_forked;
2004        return 0;
2005}
2006
2007/**
2008 * smk_curacc_on_task - helper to log task related access
2009 * @p: the task object
2010 * @access: the access requested
2011 * @caller: name of the calling function for audit
2012 *
2013 * Return 0 if access is permitted
2014 */
2015static int smk_curacc_on_task(struct task_struct *p, int access,
2016                                const char *caller)
2017{
2018        struct smk_audit_info ad;
2019        struct smack_known *skp = smk_of_task_struct_subj(p);
2020        int rc;
2021
2022        smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2023        smk_ad_setfield_u_tsk(&ad, p);
2024        rc = smk_curacc(skp, access, &ad);
2025        rc = smk_bu_task(p, access, rc);
2026        return rc;
2027}
2028
2029/**
2030 * smack_task_setpgid - Smack check on setting pgid
2031 * @p: the task object
2032 * @pgid: unused
2033 *
2034 * Return 0 if write access is permitted
2035 */
2036static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2037{
2038        return smk_curacc_on_task(p, MAY_WRITE, __func__);
2039}
2040
2041/**
2042 * smack_task_getpgid - Smack access check for getpgid
2043 * @p: the object task
2044 *
2045 * Returns 0 if current can read the object task, error code otherwise
2046 */
2047static int smack_task_getpgid(struct task_struct *p)
2048{
2049        return smk_curacc_on_task(p, MAY_READ, __func__);
2050}
2051
2052/**
2053 * smack_task_getsid - Smack access check for getsid
2054 * @p: the object task
2055 *
2056 * Returns 0 if current can read the object task, error code otherwise
2057 */
2058static int smack_task_getsid(struct task_struct *p)
2059{
2060        return smk_curacc_on_task(p, MAY_READ, __func__);
2061}
2062
2063/**
2064 * smack_task_getsecid_subj - get the subjective secid of the task
2065 * @p: the task
2066 * @secid: where to put the result
2067 *
2068 * Sets the secid to contain a u32 version of the task's subjective smack label.
2069 */
2070static void smack_task_getsecid_subj(struct task_struct *p, u32 *secid)
2071{
2072        struct smack_known *skp = smk_of_task_struct_subj(p);
2073
2074        *secid = skp->smk_secid;
2075}
2076
2077/**
2078 * smack_task_getsecid_obj - get the objective secid of the task
2079 * @p: the task
2080 * @secid: where to put the result
2081 *
2082 * Sets the secid to contain a u32 version of the task's objective smack label.
2083 */
2084static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid)
2085{
2086        struct smack_known *skp = smk_of_task_struct_obj(p);
2087
2088        *secid = skp->smk_secid;
2089}
2090
2091/**
2092 * smack_task_setnice - Smack check on setting nice
2093 * @p: the task object
2094 * @nice: unused
2095 *
2096 * Return 0 if write access is permitted
2097 */
2098static int smack_task_setnice(struct task_struct *p, int nice)
2099{
2100        return smk_curacc_on_task(p, MAY_WRITE, __func__);
2101}
2102
2103/**
2104 * smack_task_setioprio - Smack check on setting ioprio
2105 * @p: the task object
2106 * @ioprio: unused
2107 *
2108 * Return 0 if write access is permitted
2109 */
2110static int smack_task_setioprio(struct task_struct *p, int ioprio)
2111{
2112        return smk_curacc_on_task(p, MAY_WRITE, __func__);
2113}
2114
2115/**
2116 * smack_task_getioprio - Smack check on reading ioprio
2117 * @p: the task object
2118 *
2119 * Return 0 if read access is permitted
2120 */
2121static int smack_task_getioprio(struct task_struct *p)
2122{
2123        return smk_curacc_on_task(p, MAY_READ, __func__);
2124}
2125
2126/**
2127 * smack_task_setscheduler - Smack check on setting scheduler
2128 * @p: the task object
2129 *
2130 * Return 0 if read access is permitted
2131 */
2132static int smack_task_setscheduler(struct task_struct *p)
2133{
2134        return smk_curacc_on_task(p, MAY_WRITE, __func__);
2135}
2136
2137/**
2138 * smack_task_getscheduler - Smack check on reading scheduler
2139 * @p: the task object
2140 *
2141 * Return 0 if read access is permitted
2142 */
2143static int smack_task_getscheduler(struct task_struct *p)
2144{
2145        return smk_curacc_on_task(p, MAY_READ, __func__);
2146}
2147
2148/**
2149 * smack_task_movememory - Smack check on moving memory
2150 * @p: the task object
2151 *
2152 * Return 0 if write access is permitted
2153 */
2154static int smack_task_movememory(struct task_struct *p)
2155{
2156        return smk_curacc_on_task(p, MAY_WRITE, __func__);
2157}
2158
2159/**
2160 * smack_task_kill - Smack check on signal delivery
2161 * @p: the task object
2162 * @info: unused
2163 * @sig: unused
2164 * @cred: identifies the cred to use in lieu of current's
2165 *
2166 * Return 0 if write access is permitted
2167 *
2168 */
2169static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
2170                           int sig, const struct cred *cred)
2171{
2172        struct smk_audit_info ad;
2173        struct smack_known *skp;
2174        struct smack_known *tkp = smk_of_task_struct_obj(p);
2175        int rc;
2176
2177        if (!sig)
2178                return 0; /* null signal; existence test */
2179
2180        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2181        smk_ad_setfield_u_tsk(&ad, p);
2182        /*
2183         * Sending a signal requires that the sender
2184         * can write the receiver.
2185         */
2186        if (cred == NULL) {
2187                rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2188                rc = smk_bu_task(p, MAY_DELIVER, rc);
2189                return rc;
2190        }
2191        /*
2192         * If the cred isn't NULL we're dealing with some USB IO
2193         * specific behavior. This is not clean. For one thing
2194         * we can't take privilege into account.
2195         */
2196        skp = smk_of_task(smack_cred(cred));
2197        rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2198        rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2199        return rc;
2200}
2201
2202/**
2203 * smack_task_to_inode - copy task smack into the inode blob
2204 * @p: task to copy from
2205 * @inode: inode to copy to
2206 *
2207 * Sets the smack pointer in the inode security blob
2208 */
2209static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2210{
2211        struct inode_smack *isp = smack_inode(inode);
2212        struct smack_known *skp = smk_of_task_struct_obj(p);
2213
2214        isp->smk_inode = skp;
2215        isp->smk_flags |= SMK_INODE_INSTANT;
2216}
2217
2218/*
2219 * Socket hooks.
2220 */
2221
2222/**
2223 * smack_sk_alloc_security - Allocate a socket blob
2224 * @sk: the socket
2225 * @family: unused
2226 * @gfp_flags: memory allocation flags
2227 *
2228 * Assign Smack pointers to current
2229 *
2230 * Returns 0 on success, -ENOMEM is there's no memory
2231 */
2232static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2233{
2234        struct smack_known *skp = smk_of_current();
2235        struct socket_smack *ssp;
2236
2237        ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2238        if (ssp == NULL)
2239                return -ENOMEM;
2240
2241        /*
2242         * Sockets created by kernel threads receive web label.
2243         */
2244        if (unlikely(current->flags & PF_KTHREAD)) {
2245                ssp->smk_in = &smack_known_web;
2246                ssp->smk_out = &smack_known_web;
2247        } else {
2248                ssp->smk_in = skp;
2249                ssp->smk_out = skp;
2250        }
2251        ssp->smk_packet = NULL;
2252
2253        sk->sk_security = ssp;
2254
2255        return 0;
2256}
2257
2258/**
2259 * smack_sk_free_security - Free a socket blob
2260 * @sk: the socket
2261 *
2262 * Clears the blob pointer
2263 */
2264static void smack_sk_free_security(struct sock *sk)
2265{
2266#ifdef SMACK_IPV6_PORT_LABELING
2267        struct smk_port_label *spp;
2268
2269        if (sk->sk_family == PF_INET6) {
2270                rcu_read_lock();
2271                list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2272                        if (spp->smk_sock != sk)
2273                                continue;
2274                        spp->smk_can_reuse = 1;
2275                        break;
2276                }
2277                rcu_read_unlock();
2278        }
2279#endif
2280        kfree(sk->sk_security);
2281}
2282
2283/**
2284* smack_ipv4host_label - check host based restrictions
2285* @sip: the object end
2286*
2287* looks for host based access restrictions
2288*
2289* This version will only be appropriate for really small sets of single label
2290* hosts.  The caller is responsible for ensuring that the RCU read lock is
2291* taken before calling this function.
2292*
2293* Returns the label of the far end or NULL if it's not special.
2294*/
2295static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2296{
2297        struct smk_net4addr *snp;
2298        struct in_addr *siap = &sip->sin_addr;
2299
2300        if (siap->s_addr == 0)
2301                return NULL;
2302
2303        list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2304                /*
2305                 * we break after finding the first match because
2306                 * the list is sorted from longest to shortest mask
2307                 * so we have found the most specific match
2308                 */
2309                if (snp->smk_host.s_addr ==
2310                    (siap->s_addr & snp->smk_mask.s_addr))
2311                        return snp->smk_label;
2312
2313        return NULL;
2314}
2315
2316/*
2317 * smk_ipv6_localhost - Check for local ipv6 host address
2318 * @sip: the address
2319 *
2320 * Returns boolean true if this is the localhost address
2321 */
2322static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2323{
2324        __be16 *be16p = (__be16 *)&sip->sin6_addr;
2325        __be32 *be32p = (__be32 *)&sip->sin6_addr;
2326
2327        if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2328            ntohs(be16p[7]) == 1)
2329                return true;
2330        return false;
2331}
2332
2333/**
2334* smack_ipv6host_label - check host based restrictions
2335* @sip: the object end
2336*
2337* looks for host based access restrictions
2338*
2339* This version will only be appropriate for really small sets of single label
2340* hosts.  The caller is responsible for ensuring that the RCU read lock is
2341* taken before calling this function.
2342*
2343* Returns the label of the far end or NULL if it's not special.
2344*/
2345static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2346{
2347        struct smk_net6addr *snp;
2348        struct in6_addr *sap = &sip->sin6_addr;
2349        int i;
2350        int found = 0;
2351
2352        /*
2353         * It's local. Don't look for a host label.
2354         */
2355        if (smk_ipv6_localhost(sip))
2356                return NULL;
2357
2358        list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2359                /*
2360                 * If the label is NULL the entry has
2361                 * been renounced. Ignore it.
2362                 */
2363                if (snp->smk_label == NULL)
2364                        continue;
2365                /*
2366                * we break after finding the first match because
2367                * the list is sorted from longest to shortest mask
2368                * so we have found the most specific match
2369                */
2370                for (found = 1, i = 0; i < 8; i++) {
2371                        if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2372                            snp->smk_host.s6_addr16[i]) {
2373                                found = 0;
2374                                break;
2375                        }
2376                }
2377                if (found)
2378                        return snp->smk_label;
2379        }
2380
2381        return NULL;
2382}
2383
2384/**
2385 * smack_netlbl_add - Set the secattr on a socket
2386 * @sk: the socket
2387 *
2388 * Attach the outbound smack value (smk_out) to the socket.
2389 *
2390 * Returns 0 on success or an error code
2391 */
2392static int smack_netlbl_add(struct sock *sk)
2393{
2394        struct socket_smack *ssp = sk->sk_security;
2395        struct smack_known *skp = ssp->smk_out;
2396        int rc;
2397
2398        local_bh_disable();
2399        bh_lock_sock_nested(sk);
2400
2401        rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2402        switch (rc) {
2403        case 0:
2404                ssp->smk_state = SMK_NETLBL_LABELED;
2405                break;
2406        case -EDESTADDRREQ:
2407                ssp->smk_state = SMK_NETLBL_REQSKB;
2408                rc = 0;
2409                break;
2410        }
2411
2412        bh_unlock_sock(sk);
2413        local_bh_enable();
2414
2415        return rc;
2416}
2417
2418/**
2419 * smack_netlbl_delete - Remove the secattr from a socket
2420 * @sk: the socket
2421 *
2422 * Remove the outbound smack value from a socket
2423 */
2424static void smack_netlbl_delete(struct sock *sk)
2425{
2426        struct socket_smack *ssp = sk->sk_security;
2427
2428        /*
2429         * Take the label off the socket if one is set.
2430         */
2431        if (ssp->smk_state != SMK_NETLBL_LABELED)
2432                return;
2433
2434        local_bh_disable();
2435        bh_lock_sock_nested(sk);
2436        netlbl_sock_delattr(sk);
2437        bh_unlock_sock(sk);
2438        local_bh_enable();
2439        ssp->smk_state = SMK_NETLBL_UNLABELED;
2440}
2441
2442/**
2443 * smk_ipv4_check - Perform IPv4 host access checks
2444 * @sk: the socket
2445 * @sap: the destination address
2446 *
2447 * Set the correct secattr for the given socket based on the destination
2448 * address and perform any outbound access checks needed.
2449 *
2450 * Returns 0 on success or an error code.
2451 *
2452 */
2453static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
2454{
2455        struct smack_known *skp;
2456        int rc = 0;
2457        struct smack_known *hkp;
2458        struct socket_smack *ssp = sk->sk_security;
2459        struct smk_audit_info ad;
2460
2461        rcu_read_lock();
2462        hkp = smack_ipv4host_label(sap);
2463        if (hkp != NULL) {
2464#ifdef CONFIG_AUDIT
2465                struct lsm_network_audit net;
2466
2467                smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2468                ad.a.u.net->family = sap->sin_family;
2469                ad.a.u.net->dport = sap->sin_port;
2470                ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2471#endif
2472                skp = ssp->smk_out;
2473                rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2474                rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2475                /*
2476                 * Clear the socket netlabel if it's set.
2477                 */
2478                if (!rc)
2479                        smack_netlbl_delete(sk);
2480        }
2481        rcu_read_unlock();
2482
2483        return rc;
2484}
2485
2486/**
2487 * smk_ipv6_check - check Smack access
2488 * @subject: subject Smack label
2489 * @object: object Smack label
2490 * @address: address
2491 * @act: the action being taken
2492 *
2493 * Check an IPv6 access
2494 */
2495static int smk_ipv6_check(struct smack_known *subject,
2496                                struct smack_known *object,
2497                                struct sockaddr_in6 *address, int act)
2498{
2499#ifdef CONFIG_AUDIT
2500        struct lsm_network_audit net;
2501#endif
2502        struct smk_audit_info ad;
2503        int rc;
2504
2505#ifdef CONFIG_AUDIT
2506        smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2507        ad.a.u.net->family = PF_INET6;
2508        ad.a.u.net->dport = ntohs(address->sin6_port);
2509        if (act == SMK_RECEIVING)
2510                ad.a.u.net->v6info.saddr = address->sin6_addr;
2511        else
2512                ad.a.u.net->v6info.daddr = address->sin6_addr;
2513#endif
2514        rc = smk_access(subject, object, MAY_WRITE, &ad);
2515        rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2516        return rc;
2517}
2518
2519#ifdef SMACK_IPV6_PORT_LABELING
2520/**
2521 * smk_ipv6_port_label - Smack port access table management
2522 * @sock: socket
2523 * @address: address
2524 *
2525 * Create or update the port list entry
2526 */
2527static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2528{
2529        struct sock *sk = sock->sk;
2530        struct sockaddr_in6 *addr6;
2531        struct socket_smack *ssp = sock->sk->sk_security;
2532        struct smk_port_label *spp;
2533        unsigned short port = 0;
2534
2535        if (address == NULL) {
2536                /*
2537                 * This operation is changing the Smack information
2538                 * on the bound socket. Take the changes to the port
2539                 * as well.
2540                 */
2541                rcu_read_lock();
2542                list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2543                        if (sk != spp->smk_sock)
2544                                continue;
2545                        spp->smk_in = ssp->smk_in;
2546                        spp->smk_out = ssp->smk_out;
2547                        rcu_read_unlock();
2548                        return;
2549                }
2550                /*
2551                 * A NULL address is only used for updating existing
2552                 * bound entries. If there isn't one, it's OK.
2553                 */
2554                rcu_read_unlock();
2555                return;
2556        }
2557
2558        addr6 = (struct sockaddr_in6 *)address;
2559        port = ntohs(addr6->sin6_port);
2560        /*
2561         * This is a special case that is safely ignored.
2562         */
2563        if (port == 0)
2564                return;
2565
2566        /*
2567         * Look for an existing port list entry.
2568         * This is an indication that a port is getting reused.
2569         */
2570        rcu_read_lock();
2571        list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2572                if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2573                        continue;
2574                if (spp->smk_can_reuse != 1) {
2575                        rcu_read_unlock();
2576                        return;
2577                }
2578                spp->smk_port = port;
2579                spp->smk_sock = sk;
2580                spp->smk_in = ssp->smk_in;
2581                spp->smk_out = ssp->smk_out;
2582                spp->smk_can_reuse = 0;
2583                rcu_read_unlock();
2584                return;
2585        }
2586        rcu_read_unlock();
2587        /*
2588         * A new port entry is required.
2589         */
2590        spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2591        if (spp == NULL)
2592                return;
2593
2594        spp->smk_port = port;
2595        spp->smk_sock = sk;
2596        spp->smk_in = ssp->smk_in;
2597        spp->smk_out = ssp->smk_out;
2598        spp->smk_sock_type = sock->type;
2599        spp->smk_can_reuse = 0;
2600
2601        mutex_lock(&smack_ipv6_lock);
2602        list_add_rcu(&spp->list, &smk_ipv6_port_list);
2603        mutex_unlock(&smack_ipv6_lock);
2604        return;
2605}
2606#endif
2607
2608/**
2609 * smk_ipv6_port_check - check Smack port access
2610 * @sk: socket
2611 * @address: address
2612 * @act: the action being taken
2613 *
2614 * Create or update the port list entry
2615 */
2616static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2617                                int act)
2618{
2619        struct smk_port_label *spp;
2620        struct socket_smack *ssp = sk->sk_security;
2621        struct smack_known *skp = NULL;
2622        unsigned short port;
2623        struct smack_known *object;
2624
2625        if (act == SMK_RECEIVING) {
2626                skp = smack_ipv6host_label(address);
2627                object = ssp->smk_in;
2628        } else {
2629                skp = ssp->smk_out;
2630                object = smack_ipv6host_label(address);
2631        }
2632
2633        /*
2634         * The other end is a single label host.
2635         */
2636        if (skp != NULL && object != NULL)
2637                return smk_ipv6_check(skp, object, address, act);
2638        if (skp == NULL)
2639                skp = smack_net_ambient;
2640        if (object == NULL)
2641                object = smack_net_ambient;
2642
2643        /*
2644         * It's remote, so port lookup does no good.
2645         */
2646        if (!smk_ipv6_localhost(address))
2647                return smk_ipv6_check(skp, object, address, act);
2648
2649        /*
2650         * It's local so the send check has to have passed.
2651         */
2652        if (act == SMK_RECEIVING)
2653                return 0;
2654
2655        port = ntohs(address->sin6_port);
2656        rcu_read_lock();
2657        list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2658                if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2659                        continue;
2660                object = spp->smk_in;
2661                if (act == SMK_CONNECTING)
2662                        ssp->smk_packet = spp->smk_out;
2663                break;
2664        }
2665        rcu_read_unlock();
2666
2667        return smk_ipv6_check(skp, object, address, act);
2668}
2669
2670/**
2671 * smack_inode_setsecurity - set smack xattrs
2672 * @inode: the object
2673 * @name: attribute name
2674 * @value: attribute value
2675 * @size: size of the attribute
2676 * @flags: unused
2677 *
2678 * Sets the named attribute in the appropriate blob
2679 *
2680 * Returns 0 on success, or an error code
2681 */
2682static int smack_inode_setsecurity(struct inode *inode, const char *name,
2683                                   const void *value, size_t size, int flags)
2684{
2685        struct smack_known *skp;
2686        struct inode_smack *nsp = smack_inode(inode);
2687        struct socket_smack *ssp;
2688        struct socket *sock;
2689        int rc = 0;
2690
2691        if (value == NULL || size > SMK_LONGLABEL || size == 0)
2692                return -EINVAL;
2693
2694        skp = smk_import_entry(value, size);
2695        if (IS_ERR(skp))
2696                return PTR_ERR(skp);
2697
2698        if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2699                nsp->smk_inode = skp;
2700                nsp->smk_flags |= SMK_INODE_INSTANT;
2701                return 0;
2702        }
2703        /*
2704         * The rest of the Smack xattrs are only on sockets.
2705         */
2706        if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2707                return -EOPNOTSUPP;
2708
2709        sock = SOCKET_I(inode);
2710        if (sock == NULL || sock->sk == NULL)
2711                return -EOPNOTSUPP;
2712
2713        ssp = sock->sk->sk_security;
2714
2715        if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2716                ssp->smk_in = skp;
2717        else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2718                ssp->smk_out = skp;
2719                if (sock->sk->sk_family == PF_INET) {
2720                        rc = smack_netlbl_add(sock->sk);
2721                        if (rc != 0)
2722                                printk(KERN_WARNING
2723                                        "Smack: \"%s\" netlbl error %d.\n",
2724                                        __func__, -rc);
2725                }
2726        } else
2727                return -EOPNOTSUPP;
2728
2729#ifdef SMACK_IPV6_PORT_LABELING
2730        if (sock->sk->sk_family == PF_INET6)
2731                smk_ipv6_port_label(sock, NULL);
2732#endif
2733
2734        return 0;
2735}
2736
2737/**
2738 * smack_socket_post_create - finish socket setup
2739 * @sock: the socket
2740 * @family: protocol family
2741 * @type: unused
2742 * @protocol: unused
2743 * @kern: unused
2744 *
2745 * Sets the netlabel information on the socket
2746 *
2747 * Returns 0 on success, and error code otherwise
2748 */
2749static int smack_socket_post_create(struct socket *sock, int family,
2750                                    int type, int protocol, int kern)
2751{
2752        struct socket_smack *ssp;
2753
2754        if (sock->sk == NULL)
2755                return 0;
2756
2757        /*
2758         * Sockets created by kernel threads receive web label.
2759         */
2760        if (unlikely(current->flags & PF_KTHREAD)) {
2761                ssp = sock->sk->sk_security;
2762                ssp->smk_in = &smack_known_web;
2763                ssp->smk_out = &smack_known_web;
2764        }
2765
2766        if (family != PF_INET)
2767                return 0;
2768        /*
2769         * Set the outbound netlbl.
2770         */
2771        return smack_netlbl_add(sock->sk);
2772}
2773
2774/**
2775 * smack_socket_socketpair - create socket pair
2776 * @socka: one socket
2777 * @sockb: another socket
2778 *
2779 * Cross reference the peer labels for SO_PEERSEC
2780 *
2781 * Returns 0
2782 */
2783static int smack_socket_socketpair(struct socket *socka,
2784                                   struct socket *sockb)
2785{
2786        struct socket_smack *asp = socka->sk->sk_security;
2787        struct socket_smack *bsp = sockb->sk->sk_security;
2788
2789        asp->smk_packet = bsp->smk_out;
2790        bsp->smk_packet = asp->smk_out;
2791
2792        return 0;
2793}
2794
2795#ifdef SMACK_IPV6_PORT_LABELING
2796/**
2797 * smack_socket_bind - record port binding information.
2798 * @sock: the socket
2799 * @address: the port address
2800 * @addrlen: size of the address
2801 *
2802 * Records the label bound to a port.
2803 *
2804 * Returns 0 on success, and error code otherwise
2805 */
2806static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2807                                int addrlen)
2808{
2809        if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
2810                if (addrlen < SIN6_LEN_RFC2133 ||
2811                    address->sa_family != AF_INET6)
2812                        return -EINVAL;
2813                smk_ipv6_port_label(sock, address);
2814        }
2815        return 0;
2816}
2817#endif /* SMACK_IPV6_PORT_LABELING */
2818
2819/**
2820 * smack_socket_connect - connect access check
2821 * @sock: the socket
2822 * @sap: the other end
2823 * @addrlen: size of sap
2824 *
2825 * Verifies that a connection may be possible
2826 *
2827 * Returns 0 on success, and error code otherwise
2828 */
2829static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2830                                int addrlen)
2831{
2832        int rc = 0;
2833
2834        if (sock->sk == NULL)
2835                return 0;
2836        if (sock->sk->sk_family != PF_INET &&
2837            (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
2838                return 0;
2839        if (addrlen < offsetofend(struct sockaddr, sa_family))
2840                return 0;
2841        if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
2842                struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2843                struct smack_known *rsp = NULL;
2844
2845                if (addrlen < SIN6_LEN_RFC2133)
2846                        return 0;
2847                if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
2848                        rsp = smack_ipv6host_label(sip);
2849                if (rsp != NULL) {
2850                        struct socket_smack *ssp = sock->sk->sk_security;
2851
2852                        rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2853                                            SMK_CONNECTING);
2854                }
2855                if (__is_defined(SMACK_IPV6_PORT_LABELING))
2856                        rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2857
2858                return rc;
2859        }
2860        if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
2861                return 0;
2862        rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap);
2863        return rc;
2864}
2865
2866/**
2867 * smack_flags_to_may - convert S_ to MAY_ values
2868 * @flags: the S_ value
2869 *
2870 * Returns the equivalent MAY_ value
2871 */
2872static int smack_flags_to_may(int flags)
2873{
2874        int may = 0;
2875
2876        if (flags & S_IRUGO)
2877                may |= MAY_READ;
2878        if (flags & S_IWUGO)
2879                may |= MAY_WRITE;
2880        if (flags & S_IXUGO)
2881                may |= MAY_EXEC;
2882
2883        return may;
2884}
2885
2886/**
2887 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2888 * @msg: the object
2889 *
2890 * Returns 0
2891 */
2892static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2893{
2894        struct smack_known **blob = smack_msg_msg(msg);
2895
2896        *blob = smk_of_current();
2897        return 0;
2898}
2899
2900/**
2901 * smack_of_ipc - the smack pointer for the ipc
2902 * @isp: the object
2903 *
2904 * Returns a pointer to the smack value
2905 */
2906static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
2907{
2908        struct smack_known **blob = smack_ipc(isp);
2909
2910        return *blob;
2911}
2912
2913/**
2914 * smack_ipc_alloc_security - Set the security blob for ipc
2915 * @isp: the object
2916 *
2917 * Returns 0
2918 */
2919static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
2920{
2921        struct smack_known **blob = smack_ipc(isp);
2922
2923        *blob = smk_of_current();
2924        return 0;
2925}
2926
2927/**
2928 * smk_curacc_shm : check if current has access on shm
2929 * @isp : the object
2930 * @access : access requested
2931 *
2932 * Returns 0 if current has the requested access, error code otherwise
2933 */
2934static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
2935{
2936        struct smack_known *ssp = smack_of_ipc(isp);
2937        struct smk_audit_info ad;
2938        int rc;
2939
2940#ifdef CONFIG_AUDIT
2941        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2942        ad.a.u.ipc_id = isp->id;
2943#endif
2944        rc = smk_curacc(ssp, access, &ad);
2945        rc = smk_bu_current("shm", ssp, access, rc);
2946        return rc;
2947}
2948
2949/**
2950 * smack_shm_associate - Smack access check for shm
2951 * @isp: the object
2952 * @shmflg: access requested
2953 *
2954 * Returns 0 if current has the requested access, error code otherwise
2955 */
2956static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
2957{
2958        int may;
2959
2960        may = smack_flags_to_may(shmflg);
2961        return smk_curacc_shm(isp, may);
2962}
2963
2964/**
2965 * smack_shm_shmctl - Smack access check for shm
2966 * @isp: the object
2967 * @cmd: what it wants to do
2968 *
2969 * Returns 0 if current has the requested access, error code otherwise
2970 */
2971static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
2972{
2973        int may;
2974
2975        switch (cmd) {
2976        case IPC_STAT:
2977        case SHM_STAT:
2978        case SHM_STAT_ANY:
2979                may = MAY_READ;
2980                break;
2981        case IPC_SET:
2982        case SHM_LOCK:
2983        case SHM_UNLOCK:
2984        case IPC_RMID:
2985                may = MAY_READWRITE;
2986                break;
2987        case IPC_INFO:
2988        case SHM_INFO:
2989                /*
2990                 * System level information.
2991                 */
2992                return 0;
2993        default:
2994                return -EINVAL;
2995        }
2996        return smk_curacc_shm(isp, may);
2997}
2998
2999/**
3000 * smack_shm_shmat - Smack access for shmat
3001 * @isp: the object
3002 * @shmaddr: unused
3003 * @shmflg: access requested
3004 *
3005 * Returns 0 if current has the requested access, error code otherwise
3006 */
3007static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
3008                           int shmflg)
3009{
3010        int may;
3011
3012        may = smack_flags_to_may(shmflg);
3013        return smk_curacc_shm(isp, may);
3014}
3015
3016/**
3017 * smk_curacc_sem : check if current has access on sem
3018 * @isp : the object
3019 * @access : access requested
3020 *
3021 * Returns 0 if current has the requested access, error code otherwise
3022 */
3023static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3024{
3025        struct smack_known *ssp = smack_of_ipc(isp);
3026        struct smk_audit_info ad;
3027        int rc;
3028
3029#ifdef CONFIG_AUDIT
3030        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3031        ad.a.u.ipc_id = isp->id;
3032#endif
3033        rc = smk_curacc(ssp, access, &ad);
3034        rc = smk_bu_current("sem", ssp, access, rc);
3035        return rc;
3036}
3037
3038/**
3039 * smack_sem_associate - Smack access check for sem
3040 * @isp: the object
3041 * @semflg: access requested
3042 *
3043 * Returns 0 if current has the requested access, error code otherwise
3044 */
3045static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3046{
3047        int may;
3048
3049        may = smack_flags_to_may(semflg);
3050        return smk_curacc_sem(isp, may);
3051}
3052
3053/**
3054 * smack_sem_shmctl - Smack access check for sem
3055 * @isp: the object
3056 * @cmd: what it wants to do
3057 *
3058 * Returns 0 if current has the requested access, error code otherwise
3059 */
3060static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3061{
3062        int may;
3063
3064        switch (cmd) {
3065        case GETPID:
3066        case GETNCNT:
3067        case GETZCNT:
3068        case GETVAL:
3069        case GETALL:
3070        case IPC_STAT:
3071        case SEM_STAT:
3072        case SEM_STAT_ANY:
3073                may = MAY_READ;
3074                break;
3075        case SETVAL:
3076        case SETALL:
3077        case IPC_RMID:
3078        case IPC_SET:
3079                may = MAY_READWRITE;
3080                break;
3081        case IPC_INFO:
3082        case SEM_INFO:
3083                /*
3084                 * System level information
3085                 */
3086                return 0;
3087        default:
3088                return -EINVAL;
3089        }
3090
3091        return smk_curacc_sem(isp, may);
3092}
3093
3094/**
3095 * smack_sem_semop - Smack checks of semaphore operations
3096 * @isp: the object
3097 * @sops: unused
3098 * @nsops: unused
3099 * @alter: unused
3100 *
3101 * Treated as read and write in all cases.
3102 *
3103 * Returns 0 if access is allowed, error code otherwise
3104 */
3105static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3106                           unsigned nsops, int alter)
3107{
3108        return smk_curacc_sem(isp, MAY_READWRITE);
3109}
3110
3111/**
3112 * smk_curacc_msq : helper to check if current has access on msq
3113 * @isp : the msq
3114 * @access : access requested
3115 *
3116 * return 0 if current has access, error otherwise
3117 */
3118static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3119{
3120        struct smack_known *msp = smack_of_ipc(isp);
3121        struct smk_audit_info ad;
3122        int rc;
3123
3124#ifdef CONFIG_AUDIT
3125        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3126        ad.a.u.ipc_id = isp->id;
3127#endif
3128        rc = smk_curacc(msp, access, &ad);
3129        rc = smk_bu_current("msq", msp, access, rc);
3130        return rc;
3131}
3132
3133/**
3134 * smack_msg_queue_associate - Smack access check for msg_queue
3135 * @isp: the object
3136 * @msqflg: access requested
3137 *
3138 * Returns 0 if current has the requested access, error code otherwise
3139 */
3140static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3141{
3142        int may;
3143
3144        may = smack_flags_to_may(msqflg);
3145        return smk_curacc_msq(isp, may);
3146}
3147
3148/**
3149 * smack_msg_queue_msgctl - Smack access check for msg_queue
3150 * @isp: the object
3151 * @cmd: what it wants to do
3152 *
3153 * Returns 0 if current has the requested access, error code otherwise
3154 */
3155static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3156{
3157        int may;
3158
3159        switch (cmd) {
3160        case IPC_STAT:
3161        case MSG_STAT:
3162        case MSG_STAT_ANY:
3163                may = MAY_READ;
3164                break;
3165        case IPC_SET:
3166        case IPC_RMID:
3167                may = MAY_READWRITE;
3168                break;
3169        case IPC_INFO:
3170        case MSG_INFO:
3171                /*
3172                 * System level information
3173                 */
3174                return 0;
3175        default:
3176                return -EINVAL;
3177        }
3178
3179        return smk_curacc_msq(isp, may);
3180}
3181
3182/**
3183 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3184 * @isp: the object
3185 * @msg: unused
3186 * @msqflg: access requested
3187 *
3188 * Returns 0 if current has the requested access, error code otherwise
3189 */
3190static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3191                                  int msqflg)
3192{
3193        int may;
3194
3195        may = smack_flags_to_may(msqflg);
3196        return smk_curacc_msq(isp, may);
3197}
3198
3199/**
3200 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3201 * @isp: the object
3202 * @msg: unused
3203 * @target: unused
3204 * @type: unused
3205 * @mode: unused
3206 *
3207 * Returns 0 if current has read and write access, error code otherwise
3208 */
3209static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
3210                        struct task_struct *target, long type, int mode)
3211{
3212        return smk_curacc_msq(isp, MAY_READWRITE);
3213}
3214
3215/**
3216 * smack_ipc_permission - Smack access for ipc_permission()
3217 * @ipp: the object permissions
3218 * @flag: access requested
3219 *
3220 * Returns 0 if current has read and write access, error code otherwise
3221 */
3222static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3223{
3224        struct smack_known **blob = smack_ipc(ipp);
3225        struct smack_known *iskp = *blob;
3226        int may = smack_flags_to_may(flag);
3227        struct smk_audit_info ad;
3228        int rc;
3229
3230#ifdef CONFIG_AUDIT
3231        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3232        ad.a.u.ipc_id = ipp->id;
3233#endif
3234        rc = smk_curacc(iskp, may, &ad);
3235        rc = smk_bu_current("svipc", iskp, may, rc);
3236        return rc;
3237}
3238
3239/**
3240 * smack_ipc_getsecid - Extract smack security id
3241 * @ipp: the object permissions
3242 * @secid: where result will be saved
3243 */
3244static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3245{
3246        struct smack_known **blob = smack_ipc(ipp);
3247        struct smack_known *iskp = *blob;
3248
3249        *secid = iskp->smk_secid;
3250}
3251
3252/**
3253 * smack_d_instantiate - Make sure the blob is correct on an inode
3254 * @opt_dentry: dentry where inode will be attached
3255 * @inode: the object
3256 *
3257 * Set the inode's security blob if it hasn't been done already.
3258 */
3259static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3260{
3261        struct super_block *sbp;
3262        struct superblock_smack *sbsp;
3263        struct inode_smack *isp;
3264        struct smack_known *skp;
3265        struct smack_known *ckp = smk_of_current();
3266        struct smack_known *final;
3267        char trattr[TRANS_TRUE_SIZE];
3268        int transflag = 0;
3269        int rc;
3270        struct dentry *dp;
3271
3272        if (inode == NULL)
3273                return;
3274
3275        isp = smack_inode(inode);
3276
3277        /*
3278         * If the inode is already instantiated
3279         * take the quick way out
3280         */
3281        if (isp->smk_flags & SMK_INODE_INSTANT)
3282                return;
3283
3284        sbp = inode->i_sb;
3285        sbsp = smack_superblock(sbp);
3286        /*
3287         * We're going to use the superblock default label
3288         * if there's no label on the file.
3289         */
3290        final = sbsp->smk_default;
3291
3292        /*
3293         * If this is the root inode the superblock
3294         * may be in the process of initialization.
3295         * If that is the case use the root value out
3296         * of the superblock.
3297         */
3298        if (opt_dentry->d_parent == opt_dentry) {
3299                switch (sbp->s_magic) {
3300                case CGROUP_SUPER_MAGIC:
3301                case CGROUP2_SUPER_MAGIC:
3302                        /*
3303                         * The cgroup filesystem is never mounted,
3304                         * so there's no opportunity to set the mount
3305                         * options.
3306                         */
3307                        sbsp->smk_root = &smack_known_star;
3308                        sbsp->smk_default = &smack_known_star;
3309                        isp->smk_inode = sbsp->smk_root;
3310                        break;
3311                case TMPFS_MAGIC:
3312                        /*
3313                         * What about shmem/tmpfs anonymous files with dentry
3314                         * obtained from d_alloc_pseudo()?
3315                         */
3316                        isp->smk_inode = smk_of_current();
3317                        break;
3318                case PIPEFS_MAGIC:
3319                        isp->smk_inode = smk_of_current();
3320                        break;
3321                case SOCKFS_MAGIC:
3322                        /*
3323                         * Socket access is controlled by the socket
3324                         * structures associated with the task involved.
3325                         */
3326                        isp->smk_inode = &smack_known_star;
3327                        break;
3328                default:
3329                        isp->smk_inode = sbsp->smk_root;
3330                        break;
3331                }
3332                isp->smk_flags |= SMK_INODE_INSTANT;
3333                return;
3334        }
3335
3336        /*
3337         * This is pretty hackish.
3338         * Casey says that we shouldn't have to do
3339         * file system specific code, but it does help
3340         * with keeping it simple.
3341         */
3342        switch (sbp->s_magic) {
3343        case SMACK_MAGIC:
3344        case CGROUP_SUPER_MAGIC:
3345        case CGROUP2_SUPER_MAGIC:
3346                /*
3347                 * Casey says that it's a little embarrassing
3348                 * that the smack file system doesn't do
3349                 * extended attributes.
3350                 *
3351                 * Cgroupfs is special
3352                 */
3353                final = &smack_known_star;
3354                break;
3355        case DEVPTS_SUPER_MAGIC:
3356                /*
3357                 * devpts seems content with the label of the task.
3358                 * Programs that change smack have to treat the
3359                 * pty with respect.
3360                 */
3361                final = ckp;
3362                break;
3363        case PROC_SUPER_MAGIC:
3364                /*
3365                 * Casey says procfs appears not to care.
3366                 * The superblock default suffices.
3367                 */
3368                break;
3369        case TMPFS_MAGIC:
3370                /*
3371                 * Device labels should come from the filesystem,
3372                 * but watch out, because they're volitile,
3373                 * getting recreated on every reboot.
3374                 */
3375                final = &smack_known_star;
3376                /*
3377                 * If a smack value has been set we want to use it,
3378                 * but since tmpfs isn't giving us the opportunity
3379                 * to set mount options simulate setting the
3380                 * superblock default.
3381                 */
3382                fallthrough;
3383        default:
3384                /*
3385                 * This isn't an understood special case.
3386                 * Get the value from the xattr.
3387                 */
3388
3389                /*
3390                 * UNIX domain sockets use lower level socket data.
3391                 */
3392                if (S_ISSOCK(inode->i_mode)) {
3393                        final = &smack_known_star;
3394                        break;
3395                }
3396                /*
3397                 * No xattr support means, alas, no SMACK label.
3398                 * Use the aforeapplied default.
3399                 * It would be curious if the label of the task
3400                 * does not match that assigned.
3401                 */
3402                if (!(inode->i_opflags & IOP_XATTR))
3403                        break;
3404                /*
3405                 * Get the dentry for xattr.
3406                 */
3407                dp = dget(opt_dentry);
3408                skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3409                if (!IS_ERR_OR_NULL(skp))
3410                        final = skp;
3411
3412                /*
3413                 * Transmuting directory
3414                 */
3415                if (S_ISDIR(inode->i_mode)) {
3416                        /*
3417                         * If this is a new directory and the label was
3418                         * transmuted when the inode was initialized
3419                         * set the transmute attribute on the directory
3420                         * and mark the inode.
3421                         *
3422                         * If there is a transmute attribute on the
3423                         * directory mark the inode.
3424                         */
3425                        if (isp->smk_flags & SMK_INODE_CHANGED) {
3426                                isp->smk_flags &= ~SMK_INODE_CHANGED;
3427                                rc = __vfs_setxattr(&init_user_ns, dp, inode,
3428                                        XATTR_NAME_SMACKTRANSMUTE,
3429                                        TRANS_TRUE, TRANS_TRUE_SIZE,
3430                                        0);
3431                        } else {
3432                                rc = __vfs_getxattr(dp, inode,
3433                                        XATTR_NAME_SMACKTRANSMUTE, trattr,
3434                                        TRANS_TRUE_SIZE);
3435                                if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3436                                                       TRANS_TRUE_SIZE) != 0)
3437                                        rc = -EINVAL;
3438                        }
3439                        if (rc >= 0)
3440                                transflag = SMK_INODE_TRANSMUTE;
3441                }
3442                /*
3443                 * Don't let the exec or mmap label be "*" or "@".
3444                 */
3445                skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3446                if (IS_ERR(skp) || skp == &smack_known_star ||
3447                    skp == &smack_known_web)
3448                        skp = NULL;
3449                isp->smk_task = skp;
3450
3451                skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3452                if (IS_ERR(skp) || skp == &smack_known_star ||
3453                    skp == &smack_known_web)
3454                        skp = NULL;
3455                isp->smk_mmap = skp;
3456
3457                dput(dp);
3458                break;
3459        }
3460
3461        if (final == NULL)
3462                isp->smk_inode = ckp;
3463        else
3464                isp->smk_inode = final;
3465
3466        isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3467
3468        return;
3469}
3470
3471/**
3472 * smack_getprocattr - Smack process attribute access
3473 * @p: the object task
3474 * @name: the name of the attribute in /proc/.../attr
3475 * @value: where to put the result
3476 *
3477 * Places a copy of the task Smack into value
3478 *
3479 * Returns the length of the smack label or an error code
3480 */
3481static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3482{
3483        struct smack_known *skp = smk_of_task_struct_subj(p);
3484        char *cp;
3485        int slen;
3486
3487        if (strcmp(name, "current") != 0)
3488                return -EINVAL;
3489
3490        cp = kstrdup(skp->smk_known, GFP_KERNEL);
3491        if (cp == NULL)
3492                return -ENOMEM;
3493
3494        slen = strlen(cp);
3495        *value = cp;
3496        return slen;
3497}
3498
3499/**
3500 * smack_setprocattr - Smack process attribute setting
3501 * @name: the name of the attribute in /proc/.../attr
3502 * @value: the value to set
3503 * @size: the size of the value
3504 *
3505 * Sets the Smack value of the task. Only setting self
3506 * is permitted and only with privilege
3507 *
3508 * Returns the length of the smack label or an error code
3509 */
3510static int smack_setprocattr(const char *name, void *value, size_t size)
3511{
3512        struct task_smack *tsp = smack_cred(current_cred());
3513        struct cred *new;
3514        struct smack_known *skp;
3515        struct smack_known_list_elem *sklep;
3516        int rc;
3517
3518        if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3519                return -EPERM;
3520
3521        if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3522                return -EINVAL;
3523
3524        if (strcmp(name, "current") != 0)
3525                return -EINVAL;
3526
3527        skp = smk_import_entry(value, size);
3528        if (IS_ERR(skp))
3529                return PTR_ERR(skp);
3530
3531        /*
3532         * No process is ever allowed the web ("@") label
3533         * and the star ("*") label.
3534         */
3535        if (skp == &smack_known_web || skp == &smack_known_star)
3536                return -EINVAL;
3537
3538        if (!smack_privileged(CAP_MAC_ADMIN)) {
3539                rc = -EPERM;
3540                list_for_each_entry(sklep, &tsp->smk_relabel, list)
3541                        if (sklep->smk_label == skp) {
3542                                rc = 0;
3543                                break;
3544                        }
3545                if (rc)
3546                        return rc;
3547        }
3548
3549        new = prepare_creds();
3550        if (new == NULL)
3551                return -ENOMEM;
3552
3553        tsp = smack_cred(new);
3554        tsp->smk_task = skp;
3555        /*
3556         * process can change its label only once
3557         */
3558        smk_destroy_label_list(&tsp->smk_relabel);
3559
3560        commit_creds(new);
3561        return size;
3562}
3563
3564/**
3565 * smack_unix_stream_connect - Smack access on UDS
3566 * @sock: one sock
3567 * @other: the other sock
3568 * @newsk: unused
3569 *
3570 * Return 0 if a subject with the smack of sock could access
3571 * an object with the smack of other, otherwise an error code
3572 */
3573static int smack_unix_stream_connect(struct sock *sock,
3574                                     struct sock *other, struct sock *newsk)
3575{
3576        struct smack_known *skp;
3577        struct smack_known *okp;
3578        struct socket_smack *ssp = sock->sk_security;
3579        struct socket_smack *osp = other->sk_security;
3580        struct socket_smack *nsp = newsk->sk_security;
3581        struct smk_audit_info ad;
3582        int rc = 0;
3583#ifdef CONFIG_AUDIT
3584        struct lsm_network_audit net;
3585#endif
3586
3587        if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3588                skp = ssp->smk_out;
3589                okp = osp->smk_in;
3590#ifdef CONFIG_AUDIT
3591                smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3592                smk_ad_setfield_u_net_sk(&ad, other);
3593#endif
3594                rc = smk_access(skp, okp, MAY_WRITE, &ad);
3595                rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3596                if (rc == 0) {
3597                        okp = osp->smk_out;
3598                        skp = ssp->smk_in;
3599                        rc = smk_access(okp, skp, MAY_WRITE, &ad);
3600                        rc = smk_bu_note("UDS connect", okp, skp,
3601                                                MAY_WRITE, rc);
3602                }
3603        }
3604
3605        /*
3606         * Cross reference the peer labels for SO_PEERSEC.
3607         */
3608        if (rc == 0) {
3609                nsp->smk_packet = ssp->smk_out;
3610                ssp->smk_packet = osp->smk_out;
3611        }
3612
3613        return rc;
3614}
3615
3616/**
3617 * smack_unix_may_send - Smack access on UDS
3618 * @sock: one socket
3619 * @other: the other socket
3620 *
3621 * Return 0 if a subject with the smack of sock could access
3622 * an object with the smack of other, otherwise an error code
3623 */
3624static int smack_unix_may_send(struct socket *sock, struct socket *other)
3625{
3626        struct socket_smack *ssp = sock->sk->sk_security;
3627        struct socket_smack *osp = other->sk->sk_security;
3628        struct smk_audit_info ad;
3629        int rc;
3630
3631#ifdef CONFIG_AUDIT
3632        struct lsm_network_audit net;
3633
3634        smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3635        smk_ad_setfield_u_net_sk(&ad, other->sk);
3636#endif
3637
3638        if (smack_privileged(CAP_MAC_OVERRIDE))
3639                return 0;
3640
3641        rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3642        rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3643        return rc;
3644}
3645
3646/**
3647 * smack_socket_sendmsg - Smack check based on destination host
3648 * @sock: the socket
3649 * @msg: the message
3650 * @size: the size of the message
3651 *
3652 * Return 0 if the current subject can write to the destination host.
3653 * For IPv4 this is only a question if the destination is a single label host.
3654 * For IPv6 this is a check against the label of the port.
3655 */
3656static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3657                                int size)
3658{
3659        struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3660#if IS_ENABLED(CONFIG_IPV6)
3661        struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3662#endif
3663#ifdef SMACK_IPV6_SECMARK_LABELING
3664        struct socket_smack *ssp = sock->sk->sk_security;
3665        struct smack_known *rsp;
3666#endif
3667        int rc = 0;
3668
3669        /*
3670         * Perfectly reasonable for this to be NULL
3671         */
3672        if (sip == NULL)
3673                return 0;
3674
3675        switch (sock->sk->sk_family) {
3676        case AF_INET:
3677                if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3678                    sip->sin_family != AF_INET)
3679                        return -EINVAL;
3680                rc = smk_ipv4_check(sock->sk, sip);
3681                break;
3682#if IS_ENABLED(CONFIG_IPV6)
3683        case AF_INET6:
3684                if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3685                    sap->sin6_family != AF_INET6)
3686                        return -EINVAL;
3687#ifdef SMACK_IPV6_SECMARK_LABELING
3688                rsp = smack_ipv6host_label(sap);
3689                if (rsp != NULL)
3690                        rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3691                                                SMK_CONNECTING);
3692#endif
3693#ifdef SMACK_IPV6_PORT_LABELING
3694                rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3695#endif
3696#endif /* IS_ENABLED(CONFIG_IPV6) */
3697                break;
3698        }
3699        return rc;
3700}
3701
3702/**
3703 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3704 * @sap: netlabel secattr
3705 * @ssp: socket security information
3706 *
3707 * Returns a pointer to a Smack label entry found on the label list.
3708 */
3709static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3710                                                struct socket_smack *ssp)
3711{
3712        struct smack_known *skp;
3713        int found = 0;
3714        int acat;
3715        int kcat;
3716
3717        /*
3718         * Netlabel found it in the cache.
3719         */
3720        if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
3721                return (struct smack_known *)sap->cache->data;
3722
3723        if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3724                /*
3725                 * Looks like a fallback, which gives us a secid.
3726                 */
3727                return smack_from_secid(sap->attr.secid);
3728
3729        if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3730                /*
3731                 * Looks like a CIPSO packet.
3732                 * If there are flags but no level netlabel isn't
3733                 * behaving the way we expect it to.
3734                 *
3735                 * Look it up in the label table
3736                 * Without guidance regarding the smack value
3737                 * for the packet fall back on the network
3738                 * ambient value.
3739                 */
3740                rcu_read_lock();
3741                list_for_each_entry_rcu(skp, &smack_known_list, list) {
3742                        if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3743                                continue;
3744                        /*
3745                         * Compare the catsets. Use the netlbl APIs.
3746                         */
3747                        if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3748                                if ((skp->smk_netlabel.flags &
3749                                     NETLBL_SECATTR_MLS_CAT) == 0)
3750                                        found = 1;
3751                                break;
3752                        }
3753                        for (acat = -1, kcat = -1; acat == kcat; ) {
3754                                acat = netlbl_catmap_walk(sap->attr.mls.cat,
3755                                                          acat + 1);
3756                                kcat = netlbl_catmap_walk(
3757                                        skp->smk_netlabel.attr.mls.cat,
3758                                        kcat + 1);
3759                                if (acat < 0 || kcat < 0)
3760                                        break;
3761                        }
3762                        if (acat == kcat) {
3763                                found = 1;
3764                                break;
3765                        }
3766                }
3767                rcu_read_unlock();
3768
3769                if (found)
3770                        return skp;
3771
3772                if (ssp != NULL && ssp->smk_in == &smack_known_star)
3773                        return &smack_known_web;
3774                return &smack_known_star;
3775        }
3776        /*
3777         * Without guidance regarding the smack value
3778         * for the packet fall back on the network
3779         * ambient value.
3780         */
3781        return smack_net_ambient;
3782}
3783
3784#if IS_ENABLED(CONFIG_IPV6)
3785static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3786{
3787        u8 nexthdr;
3788        int offset;
3789        int proto = -EINVAL;
3790        struct ipv6hdr _ipv6h;
3791        struct ipv6hdr *ip6;
3792        __be16 frag_off;
3793        struct tcphdr _tcph, *th;
3794        struct udphdr _udph, *uh;
3795        struct dccp_hdr _dccph, *dh;
3796
3797        sip->sin6_port = 0;
3798
3799        offset = skb_network_offset(skb);
3800        ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3801        if (ip6 == NULL)
3802                return -EINVAL;
3803        sip->sin6_addr = ip6->saddr;
3804
3805        nexthdr = ip6->nexthdr;
3806        offset += sizeof(_ipv6h);
3807        offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3808        if (offset < 0)
3809                return -EINVAL;
3810
3811        proto = nexthdr;
3812        switch (proto) {
3813        case IPPROTO_TCP:
3814                th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3815                if (th != NULL)
3816                        sip->sin6_port = th->source;
3817                break;
3818        case IPPROTO_UDP:
3819        case IPPROTO_UDPLITE:
3820                uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3821                if (uh != NULL)
3822                        sip->sin6_port = uh->source;
3823                break;
3824        case IPPROTO_DCCP:
3825                dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3826                if (dh != NULL)
3827                        sip->sin6_port = dh->dccph_sport;
3828                break;
3829        }
3830        return proto;
3831}
3832#endif /* CONFIG_IPV6 */
3833
3834/**
3835 * smack_from_skb - Smack data from the secmark in an skb
3836 * @skb: packet
3837 *
3838 * Returns smack_known of the secmark or NULL if that won't work.
3839 */
3840#ifdef CONFIG_NETWORK_SECMARK
3841static struct smack_known *smack_from_skb(struct sk_buff *skb)
3842{
3843        if (skb == NULL || skb->secmark == 0)
3844                return NULL;
3845
3846        return smack_from_secid(skb->secmark);
3847}
3848#else
3849static inline struct smack_known *smack_from_skb(struct sk_buff *skb)
3850{
3851        return NULL;
3852}
3853#endif
3854
3855/**
3856 * smack_from_netlbl - Smack data from the IP options in an skb
3857 * @sk: socket data came in on
3858 * @family: address family
3859 * @skb: packet
3860 *
3861 * Find the Smack label in the IP options. If it hasn't been
3862 * added to the netlabel cache, add it here.
3863 *
3864 * Returns smack_known of the IP options or NULL if that won't work.
3865 */
3866static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
3867                                             struct sk_buff *skb)
3868{
3869        struct netlbl_lsm_secattr secattr;
3870        struct socket_smack *ssp = NULL;
3871        struct smack_known *skp = NULL;
3872
3873        netlbl_secattr_init(&secattr);
3874
3875        if (sk)
3876                ssp = sk->sk_security;
3877
3878        if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
3879                skp = smack_from_secattr(&secattr, ssp);
3880                if (secattr.flags & NETLBL_SECATTR_CACHEABLE)
3881                        netlbl_cache_add(skb, family, &skp->smk_netlabel);
3882        }
3883
3884        netlbl_secattr_destroy(&secattr);
3885
3886        return skp;
3887}
3888
3889/**
3890 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3891 * @sk: socket
3892 * @skb: packet
3893 *
3894 * Returns 0 if the packet should be delivered, an error code otherwise
3895 */
3896static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3897{
3898        struct socket_smack *ssp = sk->sk_security;
3899        struct smack_known *skp = NULL;
3900        int rc = 0;
3901        struct smk_audit_info ad;
3902        u16 family = sk->sk_family;
3903#ifdef CONFIG_AUDIT
3904        struct lsm_network_audit net;
3905#endif
3906#if IS_ENABLED(CONFIG_IPV6)
3907        struct sockaddr_in6 sadd;
3908        int proto;
3909
3910        if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3911                family = PF_INET;
3912#endif /* CONFIG_IPV6 */
3913
3914        switch (family) {
3915        case PF_INET:
3916                /*
3917                 * If there is a secmark use it rather than the CIPSO label.
3918                 * If there is no secmark fall back to CIPSO.
3919                 * The secmark is assumed to reflect policy better.
3920                 */
3921                skp = smack_from_skb(skb);
3922                if (skp == NULL) {
3923                        skp = smack_from_netlbl(sk, family, skb);
3924                        if (skp == NULL)
3925                                skp = smack_net_ambient;
3926                }
3927
3928#ifdef CONFIG_AUDIT
3929                smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3930                ad.a.u.net->family = family;
3931                ad.a.u.net->netif = skb->skb_iif;
3932                ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3933#endif
3934                /*
3935                 * Receiving a packet requires that the other end
3936                 * be able to write here. Read access is not required.
3937                 * This is the simplist possible security model
3938                 * for networking.
3939                 */
3940                rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3941                rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3942                                        MAY_WRITE, rc);
3943                if (rc != 0)
3944                        netlbl_skbuff_err(skb, family, rc, 0);
3945                break;
3946#if IS_ENABLED(CONFIG_IPV6)
3947        case PF_INET6:
3948                proto = smk_skb_to_addr_ipv6(skb, &sadd);
3949                if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3950                    proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
3951                        break;
3952#ifdef SMACK_IPV6_SECMARK_LABELING
3953                skp = smack_from_skb(skb);
3954                if (skp == NULL) {
3955                        if (smk_ipv6_localhost(&sadd))
3956                                break;
3957                        skp = smack_ipv6host_label(&sadd);
3958                        if (skp == NULL)
3959                                skp = smack_net_ambient;
3960                }
3961#ifdef CONFIG_AUDIT
3962                smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3963                ad.a.u.net->family = family;
3964                ad.a.u.net->netif = skb->skb_iif;
3965                ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3966#endif /* CONFIG_AUDIT */
3967                rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3968                rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3969                                        MAY_WRITE, rc);
3970#endif /* SMACK_IPV6_SECMARK_LABELING */
3971#ifdef SMACK_IPV6_PORT_LABELING
3972                rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3973#endif /* SMACK_IPV6_PORT_LABELING */
3974                if (rc != 0)
3975                        icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3976                                        ICMPV6_ADM_PROHIBITED, 0);
3977                break;
3978#endif /* CONFIG_IPV6 */
3979        }
3980
3981        return rc;
3982}
3983
3984/**
3985 * smack_socket_getpeersec_stream - pull in packet label
3986 * @sock: the socket
3987 * @optval: user's destination
3988 * @optlen: size thereof
3989 * @len: max thereof
3990 *
3991 * returns zero on success, an error code otherwise
3992 */
3993static int smack_socket_getpeersec_stream(struct socket *sock,
3994                                          char __user *optval,
3995                                          int __user *optlen, unsigned len)
3996{
3997        struct socket_smack *ssp;
3998        char *rcp = "";
3999        int slen = 1;
4000        int rc = 0;
4001
4002        ssp = sock->sk->sk_security;
4003        if (ssp->smk_packet != NULL) {
4004                rcp = ssp->smk_packet->smk_known;
4005                slen = strlen(rcp) + 1;
4006        }
4007
4008        if (slen > len)
4009                rc = -ERANGE;
4010        else if (copy_to_user(optval, rcp, slen) != 0)
4011                rc = -EFAULT;
4012
4013        if (put_user(slen, optlen) != 0)
4014                rc = -EFAULT;
4015
4016        return rc;
4017}
4018
4019
4020/**
4021 * smack_socket_getpeersec_dgram - pull in packet label
4022 * @sock: the peer socket
4023 * @skb: packet data
4024 * @secid: pointer to where to put the secid of the packet
4025 *
4026 * Sets the netlabel socket state on sk from parent
4027 */
4028static int smack_socket_getpeersec_dgram(struct socket *sock,
4029                                         struct sk_buff *skb, u32 *secid)
4030
4031{
4032        struct socket_smack *ssp = NULL;
4033        struct smack_known *skp;
4034        struct sock *sk = NULL;
4035        int family = PF_UNSPEC;
4036        u32 s = 0;      /* 0 is the invalid secid */
4037
4038        if (skb != NULL) {
4039                if (skb->protocol == htons(ETH_P_IP))
4040                        family = PF_INET;
4041#if IS_ENABLED(CONFIG_IPV6)
4042                else if (skb->protocol == htons(ETH_P_IPV6))
4043                        family = PF_INET6;
4044#endif /* CONFIG_IPV6 */
4045        }
4046        if (family == PF_UNSPEC && sock != NULL)
4047                family = sock->sk->sk_family;
4048
4049        switch (family) {
4050        case PF_UNIX:
4051                ssp = sock->sk->sk_security;
4052                s = ssp->smk_out->smk_secid;
4053                break;
4054        case PF_INET:
4055                skp = smack_from_skb(skb);
4056                if (skp) {
4057                        s = skp->smk_secid;
4058                        break;
4059                }
4060                /*
4061                 * Translate what netlabel gave us.
4062                 */
4063                if (sock != NULL)
4064                        sk = sock->sk;
4065                skp = smack_from_netlbl(sk, family, skb);
4066                if (skp != NULL)
4067                        s = skp->smk_secid;
4068                break;
4069        case PF_INET6:
4070#ifdef SMACK_IPV6_SECMARK_LABELING
4071                skp = smack_from_skb(skb);
4072                if (skp)
4073                        s = skp->smk_secid;
4074#endif
4075                break;
4076        }
4077        *secid = s;
4078        if (s == 0)
4079                return -EINVAL;
4080        return 0;
4081}
4082
4083/**
4084 * smack_sock_graft - Initialize a newly created socket with an existing sock
4085 * @sk: child sock
4086 * @parent: parent socket
4087 *
4088 * Set the smk_{in,out} state of an existing sock based on the process that
4089 * is creating the new socket.
4090 */
4091static void smack_sock_graft(struct sock *sk, struct socket *parent)
4092{
4093        struct socket_smack *ssp;
4094        struct smack_known *skp = smk_of_current();
4095
4096        if (sk == NULL ||
4097            (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4098                return;
4099
4100        ssp = sk->sk_security;
4101        ssp->smk_in = skp;
4102        ssp->smk_out = skp;
4103        /* cssp->smk_packet is already set in smack_inet_csk_clone() */
4104}
4105
4106/**
4107 * smack_inet_conn_request - Smack access check on connect
4108 * @sk: socket involved
4109 * @skb: packet
4110 * @req: unused
4111 *
4112 * Returns 0 if a task with the packet label could write to
4113 * the socket, otherwise an error code
4114 */
4115static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
4116                                   struct request_sock *req)
4117{
4118        u16 family = sk->sk_family;
4119        struct smack_known *skp;
4120        struct socket_smack *ssp = sk->sk_security;
4121        struct sockaddr_in addr;
4122        struct iphdr *hdr;
4123        struct smack_known *hskp;
4124        int rc;
4125        struct smk_audit_info ad;
4126#ifdef CONFIG_AUDIT
4127        struct lsm_network_audit net;
4128#endif
4129
4130#if IS_ENABLED(CONFIG_IPV6)
4131        if (family == PF_INET6) {
4132                /*
4133                 * Handle mapped IPv4 packets arriving
4134                 * via IPv6 sockets. Don't set up netlabel
4135                 * processing on IPv6.
4136                 */
4137                if (skb->protocol == htons(ETH_P_IP))
4138                        family = PF_INET;
4139                else
4140                        return 0;
4141        }
4142#endif /* CONFIG_IPV6 */
4143
4144        /*
4145         * If there is a secmark use it rather than the CIPSO label.
4146         * If there is no secmark fall back to CIPSO.
4147         * The secmark is assumed to reflect policy better.
4148         */
4149        skp = smack_from_skb(skb);
4150        if (skp == NULL) {
4151                skp = smack_from_netlbl(sk, family, skb);
4152                if (skp == NULL)
4153                        skp = &smack_known_huh;
4154        }
4155
4156#ifdef CONFIG_AUDIT
4157        smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4158        ad.a.u.net->family = family;
4159        ad.a.u.net->netif = skb->skb_iif;
4160        ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4161#endif
4162        /*
4163         * Receiving a packet requires that the other end be able to write
4164         * here. Read access is not required.
4165         */
4166        rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4167        rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4168        if (rc != 0)
4169                return rc;
4170
4171        /*
4172         * Save the peer's label in the request_sock so we can later setup
4173         * smk_packet in the child socket so that SO_PEERCRED can report it.
4174         */
4175        req->peer_secid = skp->smk_secid;
4176
4177        /*
4178         * We need to decide if we want to label the incoming connection here
4179         * if we do we only need to label the request_sock and the stack will
4180         * propagate the wire-label to the sock when it is created.
4181         */
4182        hdr = ip_hdr(skb);
4183        addr.sin_addr.s_addr = hdr->saddr;
4184        rcu_read_lock();
4185        hskp = smack_ipv4host_label(&addr);
4186        rcu_read_unlock();
4187
4188        if (hskp == NULL)
4189                rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4190        else
4191                netlbl_req_delattr(req);
4192
4193        return rc;
4194}
4195
4196/**
4197 * smack_inet_csk_clone - Copy the connection information to the new socket
4198 * @sk: the new socket
4199 * @req: the connection's request_sock
4200 *
4201 * Transfer the connection's peer label to the newly created socket.
4202 */
4203static void smack_inet_csk_clone(struct sock *sk,
4204                                 const struct request_sock *req)
4205{
4206        struct socket_smack *ssp = sk->sk_security;
4207        struct smack_known *skp;
4208
4209        if (req->peer_secid != 0) {
4210                skp = smack_from_secid(req->peer_secid);
4211                ssp->smk_packet = skp;
4212        } else
4213                ssp->smk_packet = NULL;
4214}
4215
4216/*
4217 * Key management security hooks
4218 *
4219 * Casey has not tested key support very heavily.
4220 * The permission check is most likely too restrictive.
4221 * If you care about keys please have a look.
4222 */
4223#ifdef CONFIG_KEYS
4224
4225/**
4226 * smack_key_alloc - Set the key security blob
4227 * @key: object
4228 * @cred: the credentials to use
4229 * @flags: unused
4230 *
4231 * No allocation required
4232 *
4233 * Returns 0
4234 */
4235static int smack_key_alloc(struct key *key, const struct cred *cred,
4236                           unsigned long flags)
4237{
4238        struct smack_known *skp = smk_of_task(smack_cred(cred));
4239
4240        key->security = skp;
4241        return 0;
4242}
4243
4244/**
4245 * smack_key_free - Clear the key security blob
4246 * @key: the object
4247 *
4248 * Clear the blob pointer
4249 */
4250static void smack_key_free(struct key *key)
4251{
4252        key->security = NULL;
4253}
4254
4255/**
4256 * smack_key_permission - Smack access on a key
4257 * @key_ref: gets to the object
4258 * @cred: the credentials to use
4259 * @need_perm: requested key permission
4260 *
4261 * Return 0 if the task has read and write to the object,
4262 * an error code otherwise
4263 */
4264static int smack_key_permission(key_ref_t key_ref,
4265                                const struct cred *cred,
4266                                enum key_need_perm need_perm)
4267{
4268        struct key *keyp;
4269        struct smk_audit_info ad;
4270        struct smack_known *tkp = smk_of_task(smack_cred(cred));
4271        int request = 0;
4272        int rc;
4273
4274        /*
4275         * Validate requested permissions
4276         */
4277        switch (need_perm) {
4278        case KEY_NEED_READ:
4279        case KEY_NEED_SEARCH:
4280        case KEY_NEED_VIEW:
4281                request |= MAY_READ;
4282                break;
4283        case KEY_NEED_WRITE:
4284        case KEY_NEED_LINK:
4285        case KEY_NEED_SETATTR:
4286                request |= MAY_WRITE;
4287                break;
4288        case KEY_NEED_UNSPECIFIED:
4289        case KEY_NEED_UNLINK:
4290        case KEY_SYSADMIN_OVERRIDE:
4291        case KEY_AUTHTOKEN_OVERRIDE:
4292        case KEY_DEFER_PERM_CHECK:
4293                return 0;
4294        default:
4295                return -EINVAL;
4296        }
4297
4298        keyp = key_ref_to_ptr(key_ref);
4299        if (keyp == NULL)
4300                return -EINVAL;
4301        /*
4302         * If the key hasn't been initialized give it access so that
4303         * it may do so.
4304         */
4305        if (keyp->security == NULL)
4306                return 0;
4307        /*
4308         * This should not occur
4309         */
4310        if (tkp == NULL)
4311                return -EACCES;
4312
4313        if (smack_privileged(CAP_MAC_OVERRIDE))
4314                return 0;
4315
4316#ifdef CONFIG_AUDIT
4317        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4318        ad.a.u.key_struct.key = keyp->serial;
4319        ad.a.u.key_struct.key_desc = keyp->description;
4320#endif
4321        rc = smk_access(tkp, keyp->security, request, &ad);
4322        rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4323        return rc;
4324}
4325
4326/*
4327 * smack_key_getsecurity - Smack label tagging the key
4328 * @key points to the key to be queried
4329 * @_buffer points to a pointer that should be set to point to the
4330 * resulting string (if no label or an error occurs).
4331 * Return the length of the string (including terminating NUL) or -ve if
4332 * an error.
4333 * May also return 0 (and a NULL buffer pointer) if there is no label.
4334 */
4335static int smack_key_getsecurity(struct key *key, char **_buffer)
4336{
4337        struct smack_known *skp = key->security;
4338        size_t length;
4339        char *copy;
4340
4341        if (key->security == NULL) {
4342                *_buffer = NULL;
4343                return 0;
4344        }
4345
4346        copy = kstrdup(skp->smk_known, GFP_KERNEL);
4347        if (copy == NULL)
4348                return -ENOMEM;
4349        length = strlen(copy) + 1;
4350
4351        *_buffer = copy;
4352        return length;
4353}
4354
4355
4356#ifdef CONFIG_KEY_NOTIFICATIONS
4357/**
4358 * smack_watch_key - Smack access to watch a key for notifications.
4359 * @key: The key to be watched
4360 *
4361 * Return 0 if the @watch->cred has permission to read from the key object and
4362 * an error otherwise.
4363 */
4364static int smack_watch_key(struct key *key)
4365{
4366        struct smk_audit_info ad;
4367        struct smack_known *tkp = smk_of_current();
4368        int rc;
4369
4370        if (key == NULL)
4371                return -EINVAL;
4372        /*
4373         * If the key hasn't been initialized give it access so that
4374         * it may do so.
4375         */
4376        if (key->security == NULL)
4377                return 0;
4378        /*
4379         * This should not occur
4380         */
4381        if (tkp == NULL)
4382                return -EACCES;
4383
4384        if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4385                return 0;
4386
4387#ifdef CONFIG_AUDIT
4388        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4389        ad.a.u.key_struct.key = key->serial;
4390        ad.a.u.key_struct.key_desc = key->description;
4391#endif
4392        rc = smk_access(tkp, key->security, MAY_READ, &ad);
4393        rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc);
4394        return rc;
4395}
4396#endif /* CONFIG_KEY_NOTIFICATIONS */
4397#endif /* CONFIG_KEYS */
4398
4399#ifdef CONFIG_WATCH_QUEUE
4400/**
4401 * smack_post_notification - Smack access to post a notification to a queue
4402 * @w_cred: The credentials of the watcher.
4403 * @cred: The credentials of the event source (may be NULL).
4404 * @n: The notification message to be posted.
4405 */
4406static int smack_post_notification(const struct cred *w_cred,
4407                                   const struct cred *cred,
4408                                   struct watch_notification *n)
4409{
4410        struct smk_audit_info ad;
4411        struct smack_known *subj, *obj;
4412        int rc;
4413
4414        /* Always let maintenance notifications through. */
4415        if (n->type == WATCH_TYPE_META)
4416                return 0;
4417
4418        if (!cred)
4419                return 0;
4420        subj = smk_of_task(smack_cred(cred));
4421        obj = smk_of_task(smack_cred(w_cred));
4422
4423        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION);
4424        rc = smk_access(subj, obj, MAY_WRITE, &ad);
4425        rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc);
4426        return rc;
4427}
4428#endif /* CONFIG_WATCH_QUEUE */
4429
4430/*
4431 * Smack Audit hooks
4432 *
4433 * Audit requires a unique representation of each Smack specific
4434 * rule. This unique representation is used to distinguish the
4435 * object to be audited from remaining kernel objects and also
4436 * works as a glue between the audit hooks.
4437 *
4438 * Since repository entries are added but never deleted, we'll use
4439 * the smack_known label address related to the given audit rule as
4440 * the needed unique representation. This also better fits the smack
4441 * model where nearly everything is a label.
4442 */
4443#ifdef CONFIG_AUDIT
4444
4445/**
4446 * smack_audit_rule_init - Initialize a smack audit rule
4447 * @field: audit rule fields given from user-space (audit.h)
4448 * @op: required testing operator (=, !=, >, <, ...)
4449 * @rulestr: smack label to be audited
4450 * @vrule: pointer to save our own audit rule representation
4451 *
4452 * Prepare to audit cases where (@field @op @rulestr) is true.
4453 * The label to be audited is created if necessay.
4454 */
4455static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4456{
4457        struct smack_known *skp;
4458        char **rule = (char **)vrule;
4459        *rule = NULL;
4460
4461        if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4462                return -EINVAL;
4463
4464        if (op != Audit_equal && op != Audit_not_equal)
4465                return -EINVAL;
4466
4467        skp = smk_import_entry(rulestr, 0);
4468        if (IS_ERR(skp))
4469                return PTR_ERR(skp);
4470
4471        *rule = skp->smk_known;
4472
4473        return 0;
4474}
4475
4476/**
4477 * smack_audit_rule_known - Distinguish Smack audit rules
4478 * @krule: rule of interest, in Audit kernel representation format
4479 *
4480 * This is used to filter Smack rules from remaining Audit ones.
4481 * If it's proved that this rule belongs to us, the
4482 * audit_rule_match hook will be called to do the final judgement.
4483 */
4484static int smack_audit_rule_known(struct audit_krule *krule)
4485{
4486        struct audit_field *f;
4487        int i;
4488
4489        for (i = 0; i < krule->field_count; i++) {
4490                f = &krule->fields[i];
4491
4492                if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4493                        return 1;
4494        }
4495
4496        return 0;
4497}
4498
4499/**
4500 * smack_audit_rule_match - Audit given object ?
4501 * @secid: security id for identifying the object to test
4502 * @field: audit rule flags given from user-space
4503 * @op: required testing operator
4504 * @vrule: smack internal rule presentation
4505 *
4506 * The core Audit hook. It's used to take the decision of
4507 * whether to audit or not to audit a given object.
4508 */
4509static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
4510{
4511        struct smack_known *skp;
4512        char *rule = vrule;
4513
4514        if (unlikely(!rule)) {
4515                WARN_ONCE(1, "Smack: missing rule\n");
4516                return -ENOENT;
4517        }
4518
4519        if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4520                return 0;
4521
4522        skp = smack_from_secid(secid);
4523
4524        /*
4525         * No need to do string comparisons. If a match occurs,
4526         * both pointers will point to the same smack_known
4527         * label.
4528         */
4529        if (op == Audit_equal)
4530                return (rule == skp->smk_known);
4531        if (op == Audit_not_equal)
4532                return (rule != skp->smk_known);
4533
4534        return 0;
4535}
4536
4537/*
4538 * There is no need for a smack_audit_rule_free hook.
4539 * No memory was allocated.
4540 */
4541
4542#endif /* CONFIG_AUDIT */
4543
4544/**
4545 * smack_ismaclabel - check if xattr @name references a smack MAC label
4546 * @name: Full xattr name to check.
4547 */
4548static int smack_ismaclabel(const char *name)
4549{
4550        return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4551}
4552
4553
4554/**
4555 * smack_secid_to_secctx - return the smack label for a secid
4556 * @secid: incoming integer
4557 * @secdata: destination
4558 * @seclen: how long it is
4559 *
4560 * Exists for networking code.
4561 */
4562static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4563{
4564        struct smack_known *skp = smack_from_secid(secid);
4565
4566        if (secdata)
4567                *secdata = skp->smk_known;
4568        *seclen = strlen(skp->smk_known);
4569        return 0;
4570}
4571
4572/**
4573 * smack_secctx_to_secid - return the secid for a smack label
4574 * @secdata: smack label
4575 * @seclen: how long result is
4576 * @secid: outgoing integer
4577 *
4578 * Exists for audit and networking code.
4579 */
4580static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4581{
4582        struct smack_known *skp = smk_find_entry(secdata);
4583
4584        if (skp)
4585                *secid = skp->smk_secid;
4586        else
4587                *secid = 0;
4588        return 0;
4589}
4590
4591/*
4592 * There used to be a smack_release_secctx hook
4593 * that did nothing back when hooks were in a vector.
4594 * Now that there's a list such a hook adds cost.
4595 */
4596
4597static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4598{
4599        return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx,
4600                                       ctxlen, 0);
4601}
4602
4603static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4604{
4605        return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK,
4606                                     ctx, ctxlen, 0);
4607}
4608
4609static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4610{
4611        struct smack_known *skp = smk_of_inode(inode);
4612
4613        *ctx = skp->smk_known;
4614        *ctxlen = strlen(skp->smk_known);
4615        return 0;
4616}
4617
4618static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4619{
4620
4621        struct task_smack *tsp;
4622        struct smack_known *skp;
4623        struct inode_smack *isp;
4624        struct cred *new_creds = *new;
4625
4626        if (new_creds == NULL) {
4627                new_creds = prepare_creds();
4628                if (new_creds == NULL)
4629                        return -ENOMEM;
4630        }
4631
4632        tsp = smack_cred(new_creds);
4633
4634        /*
4635         * Get label from overlay inode and set it in create_sid
4636         */
4637        isp = smack_inode(d_inode(dentry->d_parent));
4638        skp = isp->smk_inode;
4639        tsp->smk_task = skp;
4640        *new = new_creds;
4641        return 0;
4642}
4643
4644static int smack_inode_copy_up_xattr(const char *name)
4645{
4646        /*
4647         * Return 1 if this is the smack access Smack attribute.
4648         */
4649        if (strcmp(name, XATTR_NAME_SMACK) == 0)
4650                return 1;
4651
4652        return -EOPNOTSUPP;
4653}
4654
4655static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4656                                        struct qstr *name,
4657                                        const struct cred *old,
4658                                        struct cred *new)
4659{
4660        struct task_smack *otsp = smack_cred(old);
4661        struct task_smack *ntsp = smack_cred(new);
4662        struct inode_smack *isp;
4663        int may;
4664
4665        /*
4666         * Use the process credential unless all of
4667         * the transmuting criteria are met
4668         */
4669        ntsp->smk_task = otsp->smk_task;
4670
4671        /*
4672         * the attribute of the containing directory
4673         */
4674        isp = smack_inode(d_inode(dentry->d_parent));
4675
4676        if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4677                rcu_read_lock();
4678                may = smk_access_entry(otsp->smk_task->smk_known,
4679                                       isp->smk_inode->smk_known,
4680                                       &otsp->smk_task->smk_rules);
4681                rcu_read_unlock();
4682
4683                /*
4684                 * If the directory is transmuting and the rule
4685                 * providing access is transmuting use the containing
4686                 * directory label instead of the process label.
4687                 */
4688                if (may > 0 && (may & MAY_TRANSMUTE))
4689                        ntsp->smk_task = isp->smk_inode;
4690        }
4691        return 0;
4692}
4693
4694struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
4695        .lbs_cred = sizeof(struct task_smack),
4696        .lbs_file = sizeof(struct smack_known *),
4697        .lbs_inode = sizeof(struct inode_smack),
4698        .lbs_ipc = sizeof(struct smack_known *),
4699        .lbs_msg_msg = sizeof(struct smack_known *),
4700        .lbs_superblock = sizeof(struct superblock_smack),
4701};
4702
4703static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
4704        LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4705        LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4706        LSM_HOOK_INIT(syslog, smack_syslog),
4707
4708        LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
4709        LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4710
4711        LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4712        LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
4713        LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
4714        LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4715        LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4716
4717        LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),
4718
4719        LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4720        LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4721        LSM_HOOK_INIT(inode_link, smack_inode_link),
4722        LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4723        LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4724        LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4725        LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4726        LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4727        LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4728        LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4729        LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4730        LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4731        LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4732        LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4733        LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4734        LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),